aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Manison <amanison@anselsystems.com>2010-04-15 20:33:31 +0000
committerAndrew Manison <amanison@anselsystems.com>2010-04-15 20:33:31 +0000
commit73790bcc09efb8d3862e18f303771108edfbf2a3 (patch)
tree29d78f0ede67abf258fc0f57178f43a5f7338f2a
parent5defbaf8db62164a1a5a36fc9607695468562d54 (diff)
parent818bbac51d0b1ea9ffca39f48dd0db8b3a531271 (diff)
downloadalpine_aports-73790bcc09efb8d3862e18f303771108edfbf2a3.tar.bz2
alpine_aports-73790bcc09efb8d3862e18f303771108edfbf2a3.tar.xz
alpine_aports-73790bcc09efb8d3862e18f303771108edfbf2a3.zip
Merge remote branch 'alpine/master'
Diffstat
-rw-r--r--main/acf-opennhrp/APKBUILD4
-rw-r--r--main/acf-tinydns/APKBUILD4
-rw-r--r--main/bash/APKBUILD7
-rw-r--r--main/dhcpcd/APKBUILD4
-rw-r--r--main/feh/APKBUILD14
-rw-r--r--main/fetchmail/APKBUILD4
-rw-r--r--main/gettext/APKBUILD20
-rw-r--r--main/ghostscript/APKBUILD9
-rw-r--r--main/git/APKBUILD4
-rw-r--r--main/linux-grsec/0001-grsec-revert-conflicting-flow-cache-changes.patch43
-rw-r--r--main/linux-grsec/0002-gre-fix-hard-header-destination-address-checking.patch44
-rw-r--r--main/linux-grsec/0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch39
-rw-r--r--main/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch29
-rw-r--r--main/linux-grsec/0005-r8169-fix-broken-register-writes.patch (renamed from main/linux-grsec/net-git-78f1cd-r8169-fix-broken-register-writes.patch)17
-rw-r--r--main/linux-grsec/0006-r8169-offical-fix-for-CVE-2009-4537-overlength-frame.patch (renamed from main/linux-grsec/net-git-c0cd88-r8169-offical-fix-for-CVE-2009-4537-overlength-frame-DMAs.patch)17
-rw-r--r--main/linux-grsec/0007-r8169-Fix-rtl8169_rx_interrupt.patch89
-rw-r--r--main/linux-grsec/0008-r8169-clean-up-my-printk-uglyness.patch36
-rw-r--r--main/linux-grsec/0009-ipsec-Fix-bogus-bundle-flowi.patch110
-rw-r--r--main/linux-grsec/0010-xfrm-Remove-xfrm_state_genid.patch54
-rw-r--r--main/linux-grsec/0011-xfrm_user-verify-policy-direction-at-XFRM_MSG_POLEXP.patch35
-rw-r--r--main/linux-grsec/0012-xfrm-remove-policy-lock-when-accessing-policy-walk.d.patch105
-rw-r--r--main/linux-grsec/0013-flow-structurize-flow-cache.patch395
-rw-r--r--main/linux-grsec/0014-flow-virtualize-flow-cache-entry-methods.patch513
-rw-r--r--main/linux-grsec/0015-xfrm-cache-bundles-instead-of-policies-for-outgoing-.patch1068
-rw-r--r--main/linux-grsec/0016-xfrm-remove-policy-garbage-collection.patch91
-rw-r--r--main/linux-grsec/0017-flow-delayed-deletion-of-flow-cache-entries.patch231
-rw-r--r--main/linux-grsec/0018-xfrm-Fix-crashes-in-xfrm_lookup.patch46
-rw-r--r--main/linux-grsec/APKBUILD57
-rw-r--r--main/linux-grsec/arp.patch14
-rw-r--r--main/linux-grsec/grsecurity-2.1.14-2.6.32.11-201004071936.patch (renamed from main/linux-grsec/grsecurity-2.1.14-2.6.32.11-201004042103.patch)282
-rw-r--r--main/linux-grsec/ip_gre.patch15
-rw-r--r--main/linux-grsec/ip_gre2.patch17
-rw-r--r--main/make/APKBUILD14
-rw-r--r--main/ucarp/APKBUILD2
-rw-r--r--testing/linux-grsec/0001-xfrm-introduce-basic-mark-infrastructure.patch102
-rw-r--r--testing/linux-grsec/0002-xfrm-SA-lookups-signature-with-mark.patch621
-rw-r--r--testing/linux-grsec/0003-xfrm-SA-lookups-with-mark.patch100
-rw-r--r--testing/linux-grsec/0004-xfrm-SP-lookups-signature-with-mark.patch129
-rw-r--r--testing/linux-grsec/0005-xfrm-SP-lookups-with-mark.patch81
-rw-r--r--testing/linux-grsec/0006-xfrm-Allow-user-space-config-of-SAD-mark.patch284
-rw-r--r--testing/linux-grsec/0007-xfrm-Allow-user-space-manipulation-of-SPD-mark.patch165
-rw-r--r--testing/linux-grsec/APKBUILD138
-rw-r--r--testing/linux-grsec/grsecurity-2.1.14-2.6.32.8-201002132204.patch52817
-rw-r--r--testing/linux-grsec/kernelconfig.x864606
44 files changed, 3204 insertions, 59272 deletions
diff --git a/main/acf-opennhrp/APKBUILD b/main/acf-opennhrp/APKBUILD
index 000db6a97c..d8055582fd 100644
--- a/main/acf-opennhrp/APKBUILD
+++ b/main/acf-opennhrp/APKBUILD
@@ -1,6 +1,6 @@
1# Maintainer: Natanael Copa <ncopa@alpinelinux.org> 1# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2pkgname=acf-opennhrp 2pkgname=acf-opennhrp
3pkgver=0.5.1 3pkgver=0.6.0
4pkgrel=0 4pkgrel=0
5pkgdesc="A web-based system administration interface for opennhrp" 5pkgdesc="A web-based system administration interface for opennhrp"
6url="http://git.alpinelinux.org/cgit/acf-opennhrp" 6url="http://git.alpinelinux.org/cgit/acf-opennhrp"
@@ -12,4 +12,4 @@ build() {
12 cd "$srcdir/$pkgname-$pkgver" 12 cd "$srcdir/$pkgname-$pkgver"
13 make DESTDIR="$pkgdir" install 13 make DESTDIR="$pkgdir" install
14} 14}
15md5sums="203d3e13215ef9ce4fdf8527089518a0 acf-opennhrp-0.5.1.tar.bz2" 15md5sums="09e06a2d9f767811dc9334bc6ca59b4c acf-opennhrp-0.6.0.tar.bz2"
diff --git a/main/acf-tinydns/APKBUILD b/main/acf-tinydns/APKBUILD
index 82b9ceb243..75f4766b80 100644
--- a/main/acf-tinydns/APKBUILD
+++ b/main/acf-tinydns/APKBUILD
@@ -1,6 +1,6 @@
1# Maintainer: Natanael Copa <ncopa@alpinelinux.org> 1# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2pkgname=acf-tinydns 2pkgname=acf-tinydns
3pkgver=0.5.3 3pkgver=0.5.4
4pkgrel=0 4pkgrel=0
5pkgdesc="A web-based system administration interface for tinydns" 5pkgdesc="A web-based system administration interface for tinydns"
6url="http://git.alpinelinux.org/cgit/acf-tinydns" 6url="http://git.alpinelinux.org/cgit/acf-tinydns"
@@ -12,4 +12,4 @@ build() {
12 cd "$srcdir/$pkgname-$pkgver" 12 cd "$srcdir/$pkgname-$pkgver"
13 make DESTDIR="$pkgdir" install 13 make DESTDIR="$pkgdir" install
14} 14}
15md5sums="0fec252d8cef53ffe226b3adf2acb9c3 acf-tinydns-0.5.3.tar.bz2" 15md5sums="6074fa480d044958878985c25e41b6a5 acf-tinydns-0.5.4.tar.bz2"
diff --git a/main/bash/APKBUILD b/main/bash/APKBUILD
index d6efe92b00..421c936cc1 100644
--- a/main/bash/APKBUILD
+++ b/main/bash/APKBUILD
@@ -1,7 +1,7 @@
1# Maintainer: Natanael Copa <ncopa@alpinelinux.org> 1# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2 2
3pkgname=bash 3pkgname=bash
4pkgver=4.1.002 4pkgver=4.1.005
5_patchlevel=${pkgver##*.} 5_patchlevel=${pkgver##*.}
6_myver=${pkgver%.*} 6_myver=${pkgver%.*}
7_patchbase=${_myver%.*}${_myver#*.} 7_patchbase=${_myver%.*}${_myver#*.}
@@ -67,4 +67,7 @@ package() {
67md5sums="9800d8724815fd84994d9be65ab5e7b8 bash-4.1.tar.gz 67md5sums="9800d8724815fd84994d9be65ab5e7b8 bash-4.1.tar.gz
6880fec5f3d60a63756a4999c877e31a8e bash-noinfo.patch 6880fec5f3d60a63756a4999c877e31a8e bash-noinfo.patch
69582dea5671b557f783e18629c2f77b68 bash41-001 69582dea5671b557f783e18629c2f77b68 bash41-001
70118d465095d4a4706eb1d34696a2666a bash41-002" 70118d465095d4a4706eb1d34696a2666a bash41-002
71120f7cf039a40d35fe375e59d6f17adc bash41-003
72336ee037fc2cc1e2350b05097fbdc87c bash41-004
739471e666797f0b03eb2175ed752a9550 bash41-005"
diff --git a/main/dhcpcd/APKBUILD b/main/dhcpcd/APKBUILD
index 01d421d9e0..cfc7a77c8e 100644
--- a/main/dhcpcd/APKBUILD
+++ b/main/dhcpcd/APKBUILD
@@ -1,7 +1,7 @@
1# Contributor: Michael Mason <ms13sp@gmail.com> 1# Contributor: Michael Mason <ms13sp@gmail.com>
2# Maintainer: Natanael Copa <ncopa@alpinelinux.org> 2# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
3pkgname=dhcpcd 3pkgname=dhcpcd
4pkgver=5.2.1 4pkgver=5.2.2
5pkgrel=0 5pkgrel=0
6pkgdesc="RFC2131 compliant DHCP client" 6pkgdesc="RFC2131 compliant DHCP client"
7url="http://roy.marples.name/projects/dhcpcd/" 7url="http://roy.marples.name/projects/dhcpcd/"
@@ -25,4 +25,4 @@ package() {
25 make DESTDIR="$pkgdir" install 25 make DESTDIR="$pkgdir" install
26} 26}
27 27
28md5sums="e3bf901c54553673c376b7bcc63b2ff3 dhcpcd-5.2.1.tar.bz2" 28md5sums="30a161c93bd4548a28d97041329bf335 dhcpcd-5.2.2.tar.bz2"
diff --git a/main/feh/APKBUILD b/main/feh/APKBUILD
index 4895f40320..aeefeb3d69 100644
--- a/main/feh/APKBUILD
+++ b/main/feh/APKBUILD
@@ -1,20 +1,20 @@
1# Maintainer: Natanael Copa <ncopa@alpinelinux.org> 1# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2pkgname=feh 2pkgname=feh
3pkgver=1.3.4 3pkgver=1.4.2
4pkgrel=2 4pkgrel=0
5pkgdesc="feh is a fast, lightweight image viewer which uses imlib2" 5pkgdesc="feh is a fast, lightweight image viewer which uses imlib2"
6url="http://www.linuxbrit.co.uk/feh/" 6url="http://www.linuxbrit.co.uk/feh/"
7license="MIT" 7license="MIT"
8subpackages="$pkgname-doc" 8subpackages="$pkgname-doc"
9depends= 9depends=
10makedepends="libxt-dev libpng-dev giblib-dev imlib2-dev jpeg-dev" 10makedepends="libxt-dev libpng-dev giblib-dev imlib2-dev jpeg-dev
11source="http://linuxbrit.co.uk/downloads/$pkgname-$pkgver.tar.gz" 11 libxinerama-dev wget"
12source="https://derf.homelinux.org/~derf/projects/${pkgname}/${pkgname}-${pkgver}.tar.bz2"
12 13
13_builddir="$srcdir"/$pkgname-$pkgver 14_builddir="$srcdir"/$pkgname-$pkgver
14build() { 15build() {
15 cd "$_builddir" 16 cd "$_builddir"
16 ./configure --prefix=/usr \ 17 sed -i -e "s:/usr/local:/usr:g" config.mk
17 --mandir=/usr/share/man || return 1
18 make || return 1 18 make || return 1
19} 19}
20 20
@@ -23,4 +23,4 @@ package() {
23 make DESTDIR=$pkgdir docsdir=/usr/share/doc/feh install || return 1 23 make DESTDIR=$pkgdir docsdir=/usr/share/doc/feh install || return 1
24 install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/LICENSE 24 install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
25} 25}
26md5sums="3d35ba3d2f0693b019800787f1103891 feh-1.3.4.tar.gz" 26md5sums="19906a6e319e99e0d98856f64324fed8 feh-1.4.2.tar.bz2"
diff --git a/main/fetchmail/APKBUILD b/main/fetchmail/APKBUILD
index a15e71d03f..779ab8b916 100644
--- a/main/fetchmail/APKBUILD
+++ b/main/fetchmail/APKBUILD
@@ -1,7 +1,7 @@
1# Contributor: Michael Mason <ms13sp@gmail.com> 1# Contributor: Michael Mason <ms13sp@gmail.com>
2# Maintainer: Natanael Copa <ncopa@alpinelinux.org> 2# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
3pkgname=fetchmail 3pkgname=fetchmail
4pkgver=6.3.15 4pkgver=6.3.16
5pkgrel=0 5pkgrel=0
6pkgdesc="A remote-mail retrieval and forwarding utility" 6pkgdesc="A remote-mail retrieval and forwarding utility"
7url="http://fetchmail.berlios.de/" 7url="http://fetchmail.berlios.de/"
@@ -41,5 +41,5 @@ fetchmailconf() {
41 mv usr/lib "$subpkgdir"/usr/ 41 mv usr/lib "$subpkgdir"/usr/
42} 42}
43 43
44md5sums="53de0a1ff9dda5a6b99adf04ed0132cb fetchmail-6.3.15.tar.bz2 44md5sums="1a40acb371376c7d54fe468c99dfc216 fetchmail-6.3.16.tar.bz2
45b27fe01a7c25534d62d175c8ba22fc48 fetchmail.initd" 45b27fe01a7c25534d62d175c8ba22fc48 fetchmail.initd"
diff --git a/main/gettext/APKBUILD b/main/gettext/APKBUILD
index b96a8a99cc..5bb26daaba 100644
--- a/main/gettext/APKBUILD
+++ b/main/gettext/APKBUILD
@@ -1,7 +1,7 @@
1# Maintainer: Carlo Landmeter <clandmeter at gmail.com> 1# Maintainer: Carlo Landmeter <clandmeter at gmail.com>
2pkgname=gettext 2pkgname=gettext
3pkgver=0.17 3pkgver=0.17
4pkgrel=2 4pkgrel=3
5pkgdesc="GNU locale utilities" 5pkgdesc="GNU locale utilities"
6url="http://www.gnu.org/software/gettext/gettext.html" 6url="http://www.gnu.org/software/gettext/gettext.html"
7license='GPL' 7license='GPL'
@@ -14,24 +14,30 @@ source="ftp://ftp.mirror.nl/pub/mirror/gnu/gettext/gettext-0.17.tar.gz
14 " 14 "
15subpackages="$pkgname-doc $pkgname-dev" 15subpackages="$pkgname-doc $pkgname-dev"
16 16
17build() { 17_builddir="$srcdir/$pkgname-$pkgver"
18 cd "$srcdir/$pkgname-$pkgver" 18
19prepare() {
20 cd "$_builddir"
19 for i in ../*.patch; do 21 for i in ../*.patch; do
20 msg "Applying $i..." 22 msg "Applying $i..."
21 patch -p1 < $i || return 1 23 patch -p1 < $i || return 1
22 done 24 done
25}
23 26
24 export CXX=${CXX_UC:-g++-uc} 27build() {
25 28 cd "$_builddir"
26 # http://bugs.gentoo.org/show_bug.cgi?id=81628 29 # http://bugs.gentoo.org/show_bug.cgi?id=81628
27 export CPPFLAGS="$CPPFLAGS -I/usr/include/libxml2" 30 export CPPFLAGS="$CPPFLAGS -I/usr/include/libxml2"
28 31
29 ./configure --prefix=/usr \ 32 ./configure --prefix=/usr \
30 --mandir=/usr/share/man \ 33 --mandir=/usr/share/man \
31 --disable-static 34 --disable-static
32 unset MAKEFLAGS
33 make || return 1 35 make || return 1
34 make DESTDIR="$pkgdir/" install 36}
37
38package() {
39 cd "$_builddir"
40 make -j1 DESTDIR="$pkgdir/" install
35} 41}
36 42
37md5sums="58a2bc6d39c0ba57823034d55d65d606 gettext-0.17.tar.gz 43md5sums="58a2bc6d39c0ba57823034d55d65d606 gettext-0.17.tar.gz
diff --git a/main/ghostscript/APKBUILD b/main/ghostscript/APKBUILD
index ad414e5832..adc8756ad6 100644
--- a/main/ghostscript/APKBUILD
+++ b/main/ghostscript/APKBUILD
@@ -2,7 +2,7 @@
2# Maintainer: Cameron Banta <cbanta@gmail.com> 2# Maintainer: Cameron Banta <cbanta@gmail.com>
3pkgname=ghostscript 3pkgname=ghostscript
4pkgver=8.71 4pkgver=8.71
5pkgrel=0 5pkgrel=1
6pkgdesc="An interpreter for the PostScript language and for PDF" 6pkgdesc="An interpreter for the PostScript language and for PDF"
7url="http://ghostscript.com/" 7url="http://ghostscript.com/"
8license="GPL" 8license="GPL"
@@ -22,6 +22,11 @@ prepare() {
22 22
23 # fix build with systems jasper 23 # fix build with systems jasper
24 patch -Np1 -i "${srcdir}"/ghostscript-system-jasper.patch || return 1 24 patch -Np1 -i "${srcdir}"/ghostscript-system-jasper.patch || return 1
25
26 # fix parallel builds
27 sed -i -e 's/ECHO_XE/ECHOGS_XE/g' \
28 -e 's/^\($(GLOBJ)md5.$(OBJ) :.*\)/\1 $(ECHOGS_XE)/' \
29 base/lib.mak || return 1
25 30
26 ./autogen.sh \ 31 ./autogen.sh \
27 --prefix=/usr \ 32 --prefix=/usr \
@@ -42,7 +47,7 @@ prepare() {
42 47
43build(){ 48build(){
44 cd "$srcdir/$pkgname-$pkgver" 49 cd "$srcdir/$pkgname-$pkgver"
45 make || return 1 50 make so all || return 1
46} 51}
47 52
48package() { 53package() {
diff --git a/main/git/APKBUILD b/main/git/APKBUILD
index f27bf24727..ca396675d7 100644
--- a/main/git/APKBUILD
+++ b/main/git/APKBUILD
@@ -1,6 +1,6 @@
1# Maintainer: Natanael Copa <ncopa@alpinelinux.org> 1# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2pkgname=git 2pkgname=git
3pkgver=1.7.0.4 3pkgver=1.7.0.5
4pkgrel=0 4pkgrel=0
5pkgdesc="GIT - the stupid content tracker" 5pkgdesc="GIT - the stupid content tracker"
6url="http://git.or.cz/" 6url="http://git.or.cz/"
@@ -42,5 +42,5 @@ perl() {
42} 42}
43 43
44 44
45md5sums="1cc8b2aea57e5e999ccac18ae355f760 git-1.7.0.4.tar.bz2 45md5sums="77d50f41ef282752dc69d9a47765f5c7 git-1.7.0.5.tar.bz2
46e63a201556c4f089de790805c09a2e5b bb-tar.patch" 46e63a201556c4f089de790805c09a2e5b bb-tar.patch"
diff --git a/main/linux-grsec/0001-grsec-revert-conflicting-flow-cache-changes.patch b/main/linux-grsec/0001-grsec-revert-conflicting-flow-cache-changes.patch
new file mode 100644
index 0000000000..99571657b1
--- /dev/null
+++ b/main/linux-grsec/0001-grsec-revert-conflicting-flow-cache-changes.patch
@@ -0,0 +1,43 @@
1From 5ea3677e1f26dd343ed139d2bdad23ae2f1393db Mon Sep 17 00:00:00 2001
2From: Timo Teras <timo.teras@iki.fi>
3Date: Mon, 12 Apr 2010 13:43:01 +0000
4Subject: [PATCH 01/18] grsec: revert conflicting flow cache changes
5
6---
7 net/core/flow.c | 6 +++---
8 1 files changed, 3 insertions(+), 3 deletions(-)
9
10diff --git a/net/core/flow.c b/net/core/flow.c
11index 5b27992..9601587 100644
12--- a/net/core/flow.c
13+++ b/net/core/flow.c
14@@ -39,7 +39,7 @@ atomic_t flow_cache_genid = ATOMIC_INIT(0);
15
16 static u32 flow_hash_shift;
17 #define flow_hash_size (1 << flow_hash_shift)
18-static DEFINE_PER_CPU(struct flow_cache_entry **, flow_tables);
19+static DEFINE_PER_CPU(struct flow_cache_entry **, flow_tables) = { NULL };
20
21 #define flow_table(cpu) (per_cpu(flow_tables, cpu))
22
23@@ -52,7 +52,7 @@ struct flow_percpu_info {
24 u32 hash_rnd;
25 int count;
26 };
27-static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info);
28+static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info) = { 0 };
29
30 #define flow_hash_rnd_recalc(cpu) \
31 (per_cpu(flow_hash_info, cpu).hash_rnd_recalc)
32@@ -69,7 +69,7 @@ struct flow_flush_info {
33 atomic_t cpuleft;
34 struct completion completion;
35 };
36-static DEFINE_PER_CPU(struct tasklet_struct, flow_flush_tasklets);
37+static DEFINE_PER_CPU(struct tasklet_struct, flow_flush_tasklets) = { NULL };
38
39 #define flow_flush_tasklet(cpu) (&per_cpu(flow_flush_tasklets, cpu))
40
41--
421.7.0.2
43
diff --git a/main/linux-grsec/0002-gre-fix-hard-header-destination-address-checking.patch b/main/linux-grsec/0002-gre-fix-hard-header-destination-address-checking.patch
new file mode 100644
index 0000000000..36a0ae449a
--- /dev/null
+++ b/main/linux-grsec/0002-gre-fix-hard-header-destination-address-checking.patch
@@ -0,0 +1,44 @@
1From 9082391046940c410eac3bad065c8701998b5cab Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
3Date: Wed, 3 Mar 2010 04:01:13 +0000
4Subject: [PATCH 02/18] gre: fix hard header destination address checking
5
6ipgre_header() can be called with zero daddr when the gre device is
7configured as multipoint tunnel and still has the NOARP flag set (which is
8typically cleared by the userspace arp daemon). If the NOARP packets are
9not dropped, ipgre_tunnel_xmit() will take rt->rt_gateway (= NBMA IP) and
10use that for route look up (and may lead to bogus xfrm acquires).
11
12The multicast address check is removed as sending to multicast group should
13be ok. In fact, if gre device has a multicast address as destination
14ipgre_header is always called with multicast address.
15
16Signed-off-by: Timo Teras <timo.teras@iki.fi>
17Signed-off-by: David S. Miller <davem@davemloft.net>
18(cherry picked from commit 6d55cb91a0020ac0d78edcad61efd6c8cf5785a3)
19---
20 net/ipv4/ip_gre.c | 7 ++-----
21 1 files changed, 2 insertions(+), 5 deletions(-)
22
23diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
24index 1433338..ac88ce5 100644
25--- a/net/ipv4/ip_gre.c
26+++ b/net/ipv4/ip_gre.c
27@@ -1137,12 +1137,9 @@ static int ipgre_header(struct sk_buff *skb, struct net_device *dev,
28
29 if (saddr)
30 memcpy(&iph->saddr, saddr, 4);
31-
32- if (daddr) {
33+ if (daddr)
34 memcpy(&iph->daddr, daddr, 4);
35- return t->hlen;
36- }
37- if (iph->daddr && !ipv4_is_multicast(iph->daddr))
38+ if (iph->daddr)
39 return t->hlen;
40
41 return -t->hlen;
42--
431.7.0.2
44
diff --git a/main/linux-grsec/0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch b/main/linux-grsec/0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
new file mode 100644
index 0000000000..61d7c9a6c1
--- /dev/null
+++ b/main/linux-grsec/0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
@@ -0,0 +1,39 @@
1From cd0e9d08480e1e0648e17d099ecf50f6fd8714e5 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
3Date: Sat, 20 Mar 2010 02:27:58 +0000
4Subject: [PATCH 03/18] ip_gre: include route header_len in max_headroom calculation
5
6Taking route's header_len into account, and updating gre device
7needed_headroom will give better hints on upper bound of required
8headroom. This is useful if the gre traffic is xfrm'ed.
9
10Signed-off-by: Timo Teras <timo.teras@iki.fi>
11Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
12Signed-off-by: David S. Miller <davem@davemloft.net>
13(cherry picked from commit 243aad830e8a4cdda261626fbaeddde16b08d04a)
14---
15 net/ipv4/ip_gre.c | 4 +++-
16 1 files changed, 3 insertions(+), 1 deletions(-)
17
18diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
19index ac88ce5..7f1ff73 100644
20--- a/net/ipv4/ip_gre.c
21+++ b/net/ipv4/ip_gre.c
22@@ -803,11 +803,13 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
23 tunnel->err_count = 0;
24 }
25
26- max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen;
27+ max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen + rt->u.dst.header_len;
28
29 if (skb_headroom(skb) < max_headroom || skb_shared(skb)||
30 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
31 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
32+ if (max_headroom > dev->needed_headroom)
33+ dev->needed_headroom = max_headroom;
34 if (!new_skb) {
35 ip_rt_put(rt);
36 stats->tx_dropped++;
37--
381.7.0.2
39
diff --git a/main/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch b/main/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch
new file mode 100644
index 0000000000..85161ea3a3
--- /dev/null
+++ b/main/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch
@@ -0,0 +1,29 @@
1From 8a0e3ea4924059a7268446177d6869e3399adbb2 Mon Sep 17 00:00:00 2001
2From: Timo Teras <timo.teras@iki.fi>
3Date: Mon, 12 Apr 2010 13:46:45 +0000
4Subject: [PATCH 04/18] arp: flush arp cache on device change
5
6If IFF_NOARP is changed, we must flush the arp cache.
7
8Signed-off-by: Timo Teras <timo.teras@iki.fi>
9---
10 net/ipv4/arp.c | 3 +++
11 1 files changed, 3 insertions(+), 0 deletions(-)
12
13diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
14index 4e80f33..580bfc3 100644
15--- a/net/ipv4/arp.c
16+++ b/net/ipv4/arp.c
17@@ -1200,6 +1200,9 @@ static int arp_netdev_event(struct notifier_block *this, unsigned long event, vo
18 neigh_changeaddr(&arp_tbl, dev);
19 rt_cache_flush(dev_net(dev), 0);
20 break;
21+ case NETDEV_CHANGE:
22+ neigh_changeaddr(&arp_tbl, dev);
23+ break;
24 default:
25 break;
26 }
27--
281.7.0.2
29
diff --git a/main/linux-grsec/net-git-78f1cd-r8169-fix-broken-register-writes.patch b/main/linux-grsec/0005-r8169-fix-broken-register-writes.patch
index f5f72acc4b..bfa8df2900 100644
--- a/main/linux-grsec/net-git-78f1cd-r8169-fix-broken-register-writes.patch
+++ b/main/linux-grsec/0005-r8169-fix-broken-register-writes.patch
@@ -1,9 +1,9 @@
1From 78f1cd02457252e1ffbc6caa44a17424a45286b8 Mon Sep 17 00:00:00 2001 1From 89f350c4ec426b4c1db6ef269546940365d918e1 Mon Sep 17 00:00:00 2001
2From: Francois Romieu <romieu@fr.zoreil.com> 2From: Francois Romieu <romieu@fr.zoreil.com>
3Date: Sat, 27 Mar 2010 19:35:46 -0700 3Date: Sat, 27 Mar 2010 19:35:46 -0700
4Subject: [PATCH] r8169: fix broken register writes 4Subject: [PATCH 05/18] r8169: fix broken register writes
5MIME-Version: 1.0 5MIME-Version: 1.0
6Content-Type: text/plain; charset=utf8 6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit 7Content-Transfer-Encoding: 8bit
8 8
9This is quite similar to b39fe41f481d20c201012e4483e76c203802dda7 9This is quite similar to b39fe41f481d20c201012e4483e76c203802dda7
@@ -14,19 +14,20 @@ level before being merged into a 64 bit logical entity.
14 14
15Credits go to Ben Hutchings <ben@decadent.org.uk> for the MAR 15Credits go to Ben Hutchings <ben@decadent.org.uk> for the MAR
16registers (aka "multicast is broken for ages on ARM) and to 16registers (aka "multicast is broken for ages on ARM) and to
17Timo Teräs <timo.teras@iki.fi> for the MAC registers. 17Timo Teräs <timo.teras@iki.fi> for the MAC registers.
18 18
19Signed-off-by: Francois Romieu <romieu@fr.zoreil.com> 19Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
20Signed-off-by: David S. Miller <davem@davemloft.net> 20Signed-off-by: David S. Miller <davem@davemloft.net>
21(cherry picked from commit 78f1cd02457252e1ffbc6caa44a17424a45286b8)
21--- 22---
22 drivers/net/r8169.c | 4 ++-- 23 drivers/net/r8169.c | 4 ++--
23 1 files changed, 2 insertions(+), 2 deletions(-) 24 1 files changed, 2 insertions(+), 2 deletions(-)
24 25
25diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c 26diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c
26index b93fd23..7193afc 100644 27index 0fe2fc9..24599b5 100644
27--- a/drivers/net/r8169.c 28--- a/drivers/net/r8169.c
28+++ b/drivers/net/r8169.c 29+++ b/drivers/net/r8169.c
29@@ -2820,8 +2820,8 @@ static void rtl_rar_set(struct rtl8169_private *tp, u8 *addr) 30@@ -2827,8 +2827,8 @@ static void rtl_rar_set(struct rtl8169_private *tp, u8 *addr)
30 spin_lock_irq(&tp->lock); 31 spin_lock_irq(&tp->lock);
31 32
32 RTL_W8(Cfg9346, Cfg9346_Unlock); 33 RTL_W8(Cfg9346, Cfg9346_Unlock);
@@ -36,7 +37,7 @@ index b93fd23..7193afc 100644
36 RTL_W8(Cfg9346, Cfg9346_Lock); 37 RTL_W8(Cfg9346, Cfg9346_Lock);
37 38
38 spin_unlock_irq(&tp->lock); 39 spin_unlock_irq(&tp->lock);
39@@ -4747,8 +4747,8 @@ static void rtl_set_rx_mode(struct net_device *dev) 40@@ -4795,8 +4795,8 @@ static void rtl_set_rx_mode(struct net_device *dev)
40 mc_filter[1] = swab32(data); 41 mc_filter[1] = swab32(data);
41 } 42 }
42 43
@@ -47,5 +48,5 @@ index b93fd23..7193afc 100644
47 RTL_W32(RxConfig, tmp); 48 RTL_W32(RxConfig, tmp);
48 49
49-- 50--
501.7.0.3 511.7.0.2
51 52
diff --git a/main/linux-grsec/net-git-c0cd88-r8169-offical-fix-for-CVE-2009-4537-overlength-frame-DMAs.patch b/main/linux-grsec/0006-r8169-offical-fix-for-CVE-2009-4537-overlength-frame.patch
index 250c85d678..03ea13fa1e 100644
--- a/main/linux-grsec/net-git-c0cd88-r8169-offical-fix-for-CVE-2009-4537-overlength-frame-DMAs.patch
+++ b/main/linux-grsec/0006-r8169-offical-fix-for-CVE-2009-4537-overlength-frame.patch
@@ -1,7 +1,7 @@
1From c0cd884af045338476b8e69a61fceb3f34ff22f1 Mon Sep 17 00:00:00 2001 1From a60cfaf3df9cd0cddbc24695434ed5bfa917d505 Mon Sep 17 00:00:00 2001
2From: Neil Horman <nhorman@redhat.com> 2From: Neil Horman <nhorman@redhat.com>
3Date: Mon, 29 Mar 2010 13:16:02 -0700 3Date: Mon, 29 Mar 2010 13:16:02 -0700
4Subject: [PATCH] r8169: offical fix for CVE-2009-4537 (overlength frame DMAs) 4Subject: [PATCH 06/18] r8169: offical fix for CVE-2009-4537 (overlength frame DMAs)
5 5
6Official patch to fix the r8169 frame length check error. 6Official patch to fix the r8169 frame length check error.
7 7
@@ -48,15 +48,16 @@ such that performance is restored easily.
48 48
49Signed-off-by: Neil Horman <nhorman@redhat.com> 49Signed-off-by: Neil Horman <nhorman@redhat.com>
50Signed-off-by: David S. Miller <davem@davemloft.net> 50Signed-off-by: David S. Miller <davem@davemloft.net>
51(cherry picked from commit c0cd884af045338476b8e69a61fceb3f34ff22f1)
51--- 52---
52 drivers/net/r8169.c | 29 ++++++++++++++++++++++++----- 53 drivers/net/r8169.c | 29 ++++++++++++++++++++++++-----
53 1 files changed, 24 insertions(+), 5 deletions(-) 54 1 files changed, 24 insertions(+), 5 deletions(-)
54 55
55diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c 56diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c
56index 7193afc..9674005 100644 57index 24599b5..1484528 100644
57--- a/drivers/net/r8169.c 58--- a/drivers/net/r8169.c
58+++ b/drivers/net/r8169.c 59+++ b/drivers/net/r8169.c
59@@ -186,7 +186,12 @@ static DEFINE_PCI_DEVICE_TABLE(rtl8169_pci_tbl) = { 60@@ -186,7 +186,12 @@ static struct pci_device_id rtl8169_pci_tbl[] = {
60 61
61 MODULE_DEVICE_TABLE(pci, rtl8169_pci_tbl); 62 MODULE_DEVICE_TABLE(pci, rtl8169_pci_tbl);
62 63
@@ -70,7 +71,7 @@ index 7193afc..9674005 100644
70 static int use_dac; 71 static int use_dac;
71 static struct { 72 static struct {
72 u32 msg_enable; 73 u32 msg_enable;
73@@ -3217,9 +3222,13 @@ static void __devexit rtl8169_remove_one(struct pci_dev *pdev) 74@@ -3245,9 +3250,13 @@ static void __devexit rtl8169_remove_one(struct pci_dev *pdev)
74 } 75 }
75 76
76 static void rtl8169_set_rxbufsize(struct rtl8169_private *tp, 77 static void rtl8169_set_rxbufsize(struct rtl8169_private *tp,
@@ -86,7 +87,7 @@ index 7193afc..9674005 100644
86 87
87 tp->rx_buf_sz = (max_frame > RX_BUF_SIZE) ? max_frame : RX_BUF_SIZE; 88 tp->rx_buf_sz = (max_frame > RX_BUF_SIZE) ? max_frame : RX_BUF_SIZE;
88 } 89 }
89@@ -3231,7 +3240,17 @@ static int rtl8169_open(struct net_device *dev) 90@@ -3259,7 +3268,17 @@ static int rtl8169_open(struct net_device *dev)
90 int retval = -ENOMEM; 91 int retval = -ENOMEM;
91 92
92 93
@@ -105,7 +106,7 @@ index 7193afc..9674005 100644
105 106
106 /* 107 /*
107 * Rx and Tx desscriptors needs 256 bytes alignment. 108 * Rx and Tx desscriptors needs 256 bytes alignment.
108@@ -3884,7 +3903,7 @@ static int rtl8169_change_mtu(struct net_device *dev, int new_mtu) 109@@ -3912,7 +3931,7 @@ static int rtl8169_change_mtu(struct net_device *dev, int new_mtu)
109 110
110 rtl8169_down(dev); 111 rtl8169_down(dev);
111 112
@@ -115,5 +116,5 @@ index 7193afc..9674005 100644
115 ret = rtl8169_init_ring(dev); 116 ret = rtl8169_init_ring(dev);
116 if (ret < 0) 117 if (ret < 0)
117-- 118--
1181.7.0.3 1191.7.0.2
119 120
diff --git a/main/linux-grsec/0007-r8169-Fix-rtl8169_rx_interrupt.patch b/main/linux-grsec/0007-r8169-Fix-rtl8169_rx_interrupt.patch
new file mode 100644
index 0000000000..fad2723284
--- /dev/null
+++ b/main/linux-grsec/0007-r8169-Fix-rtl8169_rx_interrupt.patch
@@ -0,0 +1,89 @@
1From 26654a966adb674afc30d285f7e79535d03c2492 Mon Sep 17 00:00:00 2001
2From: Eric Dumazet <eric.dumazet@gmail.com>
3Date: Wed, 31 Mar 2010 02:08:31 +0000
4Subject: [PATCH 07/18] r8169: Fix rtl8169_rx_interrupt()
5
6In case a reset is performed, rtl8169_rx_interrupt() is called from
7process context instead of softirq context. Special care must be taken
8to call appropriate network core services (netif_rx() instead of
9netif_receive_skb()). VLAN handling also corrected.
10
11Reported-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
12Tested-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
13Diagnosed-by: Oleg Nesterov <oleg@redhat.com>
14Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
15Signed-off-by: David S. Miller <davem@davemloft.net>
16(cherry picked from commit 630b943c182d1aed69f244405131902fbcba7ec6)
17---
18 drivers/net/r8169.c | 22 +++++++++++++++++-----
19 1 files changed, 17 insertions(+), 5 deletions(-)
20
21diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c
22index 1484528..bed1d47 100644
23--- a/drivers/net/r8169.c
24+++ b/drivers/net/r8169.c
25@@ -1047,14 +1047,14 @@ static void rtl8169_vlan_rx_register(struct net_device *dev,
26 }
27
28 static int rtl8169_rx_vlan_skb(struct rtl8169_private *tp, struct RxDesc *desc,
29- struct sk_buff *skb)
30+ struct sk_buff *skb, int polling)
31 {
32 u32 opts2 = le32_to_cpu(desc->opts2);
33 struct vlan_group *vlgrp = tp->vlgrp;
34 int ret;
35
36 if (vlgrp && (opts2 & RxVlanTag)) {
37- vlan_hwaccel_receive_skb(skb, vlgrp, swab16(opts2 & 0xffff));
38+ __vlan_hwaccel_rx(skb, vlgrp, swab16(opts2 & 0xffff), polling);
39 ret = 0;
40 } else
41 ret = -1;
42@@ -1071,7 +1071,7 @@ static inline u32 rtl8169_tx_vlan_tag(struct rtl8169_private *tp,
43 }
44
45 static int rtl8169_rx_vlan_skb(struct rtl8169_private *tp, struct RxDesc *desc,
46- struct sk_buff *skb)
47+ struct sk_buff *skb, int polling)
48 {
49 return -1;
50 }
51@@ -4480,12 +4480,20 @@ out:
52 return done;
53 }
54
55+/*
56+ * Warning : rtl8169_rx_interrupt() might be called :
57+ * 1) from NAPI (softirq) context
58+ * (polling = 1 : we should call netif_receive_skb())
59+ * 2) from process context (rtl8169_reset_task())
60+ * (polling = 0 : we must call netif_rx() instead)
61+ */
62 static int rtl8169_rx_interrupt(struct net_device *dev,
63 struct rtl8169_private *tp,
64 void __iomem *ioaddr, u32 budget)
65 {
66 unsigned int cur_rx, rx_left;
67 unsigned int delta, count;
68+ int polling = (budget != ~(u32)0) ? 1 : 0;
69
70 cur_rx = tp->cur_rx;
71 rx_left = NUM_RX_DESC + tp->dirty_rx - cur_rx;
72@@ -4550,8 +4558,12 @@ static int rtl8169_rx_interrupt(struct net_device *dev,
73 skb_put(skb, pkt_size);
74 skb->protocol = eth_type_trans(skb, dev);
75
76- if (rtl8169_rx_vlan_skb(tp, desc, skb) < 0)
77- netif_receive_skb(skb);
78+ if (rtl8169_rx_vlan_skb(tp, desc, skb, polling) < 0) {
79+ if (likely(polling))
80+ netif_receive_skb(skb);
81+ else
82+ netif_rx(skb);
83+ }
84
85 dev->stats.rx_bytes += pkt_size;
86 dev->stats.rx_packets++;
87--
881.7.0.2
89
diff --git a/main/linux-grsec/0008-r8169-clean-up-my-printk-uglyness.patch b/main/linux-grsec/0008-r8169-clean-up-my-printk-uglyness.patch
new file mode 100644
index 0000000000..dff3fd2112
--- /dev/null
+++ b/main/linux-grsec/0008-r8169-clean-up-my-printk-uglyness.patch
@@ -0,0 +1,36 @@
1From d1c9ac562923fa0b1738fceb4c7bafac3ab936ba Mon Sep 17 00:00:00 2001
2From: Neil Horman <nhorman@tuxdriver.com>
3Date: Thu, 1 Apr 2010 07:30:07 +0000
4Subject: [PATCH 08/18] r8169: clean up my printk uglyness
5
6Fix formatting on r8169 printk
7
8Brandon Philips noted that I had a spacing issue in my printk for the
9last r8169 patch that made it quite ugly. Fix that up and add the PFX
10macro to it as well so it looks like the other r8169 printks
11
12Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
13Signed-off-by: David S. Miller <davem@davemloft.net>
14(cherry picked from commit 93f4d91d879acfcb0ba9c2725e3133fcff2dfd1e)
15---
16 drivers/net/r8169.c | 4 ++--
17 1 files changed, 2 insertions(+), 2 deletions(-)
18
19diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c
20index bed1d47..790555e 100644
21--- a/drivers/net/r8169.c
22+++ b/drivers/net/r8169.c
23@@ -3255,8 +3255,8 @@ static void rtl8169_set_rxbufsize(struct rtl8169_private *tp,
24 unsigned int max_frame = mtu + VLAN_ETH_HLEN + ETH_FCS_LEN;
25
26 if (max_frame != 16383)
27- printk(KERN_WARNING "WARNING! Changing of MTU on this NIC"
28- "May lead to frame reception errors!\n");
29+ printk(KERN_WARNING PFX "WARNING! Changing of MTU on this "
30+ "NIC may lead to frame reception errors!\n");
31
32 tp->rx_buf_sz = (max_frame > RX_BUF_SIZE) ? max_frame : RX_BUF_SIZE;
33 }
34--
351.7.0.2
36
diff --git a/main/linux-grsec/0009-ipsec-Fix-bogus-bundle-flowi.patch b/main/linux-grsec/0009-ipsec-Fix-bogus-bundle-flowi.patch
new file mode 100644
index 0000000000..d4de0e1d58
--- /dev/null
+++ b/main/linux-grsec/0009-ipsec-Fix-bogus-bundle-flowi.patch
@@ -0,0 +1,110 @@
1From 21ee14f92ef1b6d4ca965c9b59135f3462919631 Mon Sep 17 00:00:00 2001
2From: Herbert Xu <herbert@gondor.apana.org.au>
3Date: Tue, 2 Mar 2010 02:51:56 +0000
4Subject: [PATCH 09/18] ipsec: Fix bogus bundle flowi
5
6When I merged the bundle creation code, I introduced a bogus
7flowi value in the bundle. Instead of getting from the caller,
8it was instead set to the flow in the route object, which is
9totally different.
10
11The end result is that the bundles we created never match, and
12we instead end up with an ever growing bundle list.
13
14Thanks to Jamal for find this problem.
15
16Reported-by: Jamal Hadi Salim <hadi@cyberus.ca>
17Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
18Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
19Acked-by: Jamal Hadi Salim <hadi@cyberus.ca>
20Signed-off-by: David S. Miller <davem@davemloft.net>
21(cherry picked from commit 87c1e12b5eeb7b30b4b41291bef8e0b41fc3dde9)
22---
23 include/net/xfrm.h | 3 ++-
24 net/ipv4/xfrm4_policy.c | 5 +++--
25 net/ipv6/xfrm6_policy.c | 3 ++-
26 net/xfrm/xfrm_policy.c | 7 ++++---
27 4 files changed, 11 insertions(+), 7 deletions(-)
28
29diff --git a/include/net/xfrm.h b/include/net/xfrm.h
30index 223e90a..6960be2 100644
31--- a/include/net/xfrm.h
32+++ b/include/net/xfrm.h
33@@ -273,7 +273,8 @@ struct xfrm_policy_afinfo {
34 struct dst_entry *dst,
35 int nfheader_len);
36 int (*fill_dst)(struct xfrm_dst *xdst,
37- struct net_device *dev);
38+ struct net_device *dev,
39+ struct flowi *fl);
40 };
41
42 extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
43diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
44index 74fb2eb..7009886 100644
45--- a/net/ipv4/xfrm4_policy.c
46+++ b/net/ipv4/xfrm4_policy.c
47@@ -92,11 +92,12 @@ static int xfrm4_init_path(struct xfrm_dst *path, struct dst_entry *dst,
48 return 0;
49 }
50
51-static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev)
52+static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
53+ struct flowi *fl)
54 {
55 struct rtable *rt = (struct rtable *)xdst->route;
56
57- xdst->u.rt.fl = rt->fl;
58+ xdst->u.rt.fl = *fl;
59
60 xdst->u.dst.dev = dev;
61 dev_hold(dev);
62diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
63index 8ec3d45..3f89ab7 100644
64--- a/net/ipv6/xfrm6_policy.c
65+++ b/net/ipv6/xfrm6_policy.c
66@@ -117,7 +117,8 @@ static int xfrm6_init_path(struct xfrm_dst *path, struct dst_entry *dst,
67 return 0;
68 }
69
70-static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev)
71+static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
72+ struct flowi *fl)
73 {
74 struct rt6_info *rt = (struct rt6_info*)xdst->route;
75
76diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
77index cb81ca3..d75047c 100644
78--- a/net/xfrm/xfrm_policy.c
79+++ b/net/xfrm/xfrm_policy.c
80@@ -1341,7 +1341,8 @@ static inline int xfrm_init_path(struct xfrm_dst *path, struct dst_entry *dst,
81 return err;
82 }
83
84-static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev)
85+static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
86+ struct flowi *fl)
87 {
88 struct xfrm_policy_afinfo *afinfo =
89 xfrm_policy_get_afinfo(xdst->u.dst.ops->family);
90@@ -1350,7 +1351,7 @@ static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev)
91 if (!afinfo)
92 return -EINVAL;
93
94- err = afinfo->fill_dst(xdst, dev);
95+ err = afinfo->fill_dst(xdst, dev, fl);
96
97 xfrm_policy_put_afinfo(afinfo);
98
99@@ -1454,7 +1455,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
100 for (dst_prev = dst0; dst_prev != dst; dst_prev = dst_prev->child) {
101 struct xfrm_dst *xdst = (struct xfrm_dst *)dst_prev;
102
103- err = xfrm_fill_dst(xdst, dev);
104+ err = xfrm_fill_dst(xdst, dev, fl);
105 if (err)
106 goto free_dst;
107
108--
1091.7.0.2
110
diff --git a/main/linux-grsec/0010-xfrm-Remove-xfrm_state_genid.patch b/main/linux-grsec/0010-xfrm-Remove-xfrm_state_genid.patch
new file mode 100644
index 0000000000..8cfffd7398
--- /dev/null
+++ b/main/linux-grsec/0010-xfrm-Remove-xfrm_state_genid.patch
@@ -0,0 +1,54 @@
1From f2c59932757a06851bb740dc757ce2ba1961fc08 Mon Sep 17 00:00:00 2001
2From: Herbert Xu <herbert@gondor.apana.org.au>
3Date: Wed, 31 Mar 2010 01:19:49 +0000
4Subject: [PATCH 10/18] xfrm: Remove xfrm_state_genid
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9The xfrm state genid only needs to be matched against the copy
10saved in xfrm_dst. So we don't need a global genid at all. In
11fact, we don't even need to initialise it.
12
13Based on observation by Timo Teräs.
14
15Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
16Signed-off-by: David S. Miller <davem@davemloft.net>
17(cherry picked from commit 34996cb91dd72f0b0456d8fd3fef4aaee62232f2)
18---
19 net/xfrm/xfrm_state.c | 5 +----
20 1 files changed, 1 insertions(+), 4 deletions(-)
21
22diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
23index f2f7c63..8ee733f 100644
24--- a/net/xfrm/xfrm_state.c
25+++ b/net/xfrm/xfrm_state.c
26@@ -34,7 +34,6 @@
27 static DEFINE_SPINLOCK(xfrm_state_lock);
28
29 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
30-static unsigned int xfrm_state_genid;
31
32 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
33 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
34@@ -903,8 +902,6 @@ static void __xfrm_state_insert(struct xfrm_state *x)
35 struct net *net = xs_net(x);
36 unsigned int h;
37
38- x->genid = ++xfrm_state_genid;
39-
40 list_add(&x->km.all, &net->xfrm.state_all);
41
42 h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr,
43@@ -948,7 +945,7 @@ static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
44 x->props.reqid == reqid &&
45 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
46 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
47- x->genid = xfrm_state_genid;
48+ x->genid++;
49 }
50 }
51
52--
531.7.0.2
54
diff --git a/main/linux-grsec/0011-xfrm_user-verify-policy-direction-at-XFRM_MSG_POLEXP.patch b/main/linux-grsec/0011-xfrm_user-verify-policy-direction-at-XFRM_MSG_POLEXP.patch
new file mode 100644
index 0000000000..ae2a0f9100
--- /dev/null
+++ b/main/linux-grsec/0011-xfrm_user-verify-policy-direction-at-XFRM_MSG_POLEXP.patch
@@ -0,0 +1,35 @@
1From 5b3e87bccb0e48f2f8b78695e949c015a3695f8e Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
3Date: Wed, 31 Mar 2010 00:17:04 +0000
4Subject: [PATCH 11/18] xfrm_user: verify policy direction at XFRM_MSG_POLEXPIRE handler
5
6Add missing check for policy direction verification. This is
7especially important since without this xfrm_user may end up
8deleting per-socket policy which is not allowed.
9
10Signed-off-by: Timo Teras <timo.teras@iki.fi>
11Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
12Signed-off-by: David S. Miller <davem@davemloft.net>
13(cherry picked from commit c8bf4d04f970fafb3430d332533e1cf103f2a018)
14---
15 net/xfrm/xfrm_user.c | 4 ++++
16 1 files changed, 4 insertions(+), 0 deletions(-)
17
18diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
19index b95a2d6..d1e9ee3 100644
20--- a/net/xfrm/xfrm_user.c
21+++ b/net/xfrm/xfrm_user.c
22@@ -1589,6 +1589,10 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
23 if (err)
24 return err;
25
26+ err = verify_policy_dir(p->dir);
27+ if (err)
28+ return err;
29+
30 if (p->index)
31 xp = xfrm_policy_byid(net, type, p->dir, p->index, 0, &err);
32 else {
33--
341.7.0.2
35
diff --git a/main/linux-grsec/0012-xfrm-remove-policy-lock-when-accessing-policy-walk.d.patch b/main/linux-grsec/0012-xfrm-remove-policy-lock-when-accessing-policy-walk.d.patch
new file mode 100644
index 0000000000..222caaddfd
--- /dev/null
+++ b/main/linux-grsec/0012-xfrm-remove-policy-lock-when-accessing-policy-walk.d.patch
@@ -0,0 +1,105 @@
1From 7a400eb025dd53883c3560d0fdb069542f7ad3db Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
3Date: Wed, 31 Mar 2010 00:17:05 +0000
4Subject: [PATCH 12/18] xfrm: remove policy lock when accessing policy->walk.dead
5
6All of the code considers ->dead as a hint that the cached policy
7needs to get refreshed. The read side can just drop the read lock
8without any side effects.
9
10The write side needs to make sure that it's written only exactly
11once. Only possible race is at xfrm_policy_kill(). This is fixed
12by checking result of __xfrm_policy_unlink() when needed. It will
13always succeed if the policy object is looked up from the hash
14list (so some checks are removed), but it needs to be checked if
15we are trying to unlink policy via a reference (appropriate
16checks added).
17
18Since policy->walk.dead is written exactly once, it no longer
19needs to be protected with a write lock.
20
21Signed-off-by: Timo Teras <timo.teras@iki.fi>
22Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
23Signed-off-by: David S. Miller <davem@davemloft.net>
24(backported from commit ea2dea9dacc256fe927857feb423872051642ae7)
25---
26 net/xfrm/xfrm_policy.c | 20 +++++---------------
27 net/xfrm/xfrm_user.c | 6 +-----
28 2 files changed, 6 insertions(+), 20 deletions(-)
29
30diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
31index d75047c..110184f 100644
32--- a/net/xfrm/xfrm_policy.c
33+++ b/net/xfrm/xfrm_policy.c
34@@ -156,7 +156,7 @@ static void xfrm_policy_timer(unsigned long data)
35
36 read_lock(&xp->lock);
37
38- if (xp->walk.dead)
39+ if (unlikely(xp->walk.dead))
40 goto out;
41
42 dir = xfrm_policy_id2dir(xp->index);
43@@ -297,17 +297,7 @@ static DECLARE_WORK(xfrm_policy_gc_work, xfrm_policy_gc_task);
44
45 static void xfrm_policy_kill(struct xfrm_policy *policy)
46 {
47- int dead;
48-
49- write_lock_bh(&policy->lock);
50- dead = policy->walk.dead;
51 policy->walk.dead = 1;
52- write_unlock_bh(&policy->lock);
53-
54- if (unlikely(dead)) {
55- WARN_ON(1);
56- return;
57- }
58
59 spin_lock_bh(&xfrm_policy_gc_lock);
60 hlist_add_head(&policy->bydst, &xfrm_policy_gc_list);
61@@ -1115,6 +1105,9 @@ int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol)
62 __xfrm_policy_link(pol, XFRM_POLICY_MAX+dir);
63 }
64 if (old_pol)
65+ /* Unlinking succeeds always. This is the only function
66+ * allowed to delete or replace socket policy.
67+ */
68 __xfrm_policy_unlink(old_pol, XFRM_POLICY_MAX+dir);
69 write_unlock_bh(&xfrm_policy_lock);
70
71@@ -1705,11 +1698,8 @@ restart:
72 goto error;
73 }
74
75- for (pi = 0; pi < npols; pi++) {
76- read_lock_bh(&pols[pi]->lock);
77+ for (pi = 0; pi < npols; pi++)
78 pol_dead |= pols[pi]->walk.dead;
79- read_unlock_bh(&pols[pi]->lock);
80- }
81
82 write_lock_bh(&policy->lock);
83 if (unlikely(pol_dead || stale_bundle(dst))) {
84diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
85index d1e9ee3..f9c56e9 100644
86--- a/net/xfrm/xfrm_user.c
87+++ b/net/xfrm/xfrm_user.c
88@@ -1617,13 +1617,9 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
89 if (xp == NULL)
90 return -ENOENT;
91
92- read_lock(&xp->lock);
93- if (xp->walk.dead) {
94- read_unlock(&xp->lock);
95+ if (unlikely(xp->walk.dead))
96 goto out;
97- }
98
99- read_unlock(&xp->lock);
100 err = 0;
101 if (up->hard) {
102 uid_t loginuid = NETLINK_CB(skb).loginuid;
103--
1041.7.0.2
105
diff --git a/main/linux-grsec/0013-flow-structurize-flow-cache.patch b/main/linux-grsec/0013-flow-structurize-flow-cache.patch
new file mode 100644
index 0000000000..68fa753a2c
--- /dev/null
+++ b/main/linux-grsec/0013-flow-structurize-flow-cache.patch
@@ -0,0 +1,395 @@
1From 884f6e44f0b405c06bd234b14cc228482291bb38 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
3Date: Wed, 31 Mar 2010 00:17:06 +0000
4Subject: [PATCH 13/18] flow: structurize flow cache
5
6Group all per-cpu data to one structure instead of having many
7globals. Also prepare the internals so that we can have multiple
8instances of the flow cache if needed.
9
10Only the kmem_cache is left as a global as all flow caches share
11the same element size, and benefit from using a common cache.
12
13Signed-off-by: Timo Teras <timo.teras@iki.fi>
14Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
15Signed-off-by: David S. Miller <davem@davemloft.net>
16(cherry picked from commit d7997fe1f4584da12e9c29fb682c18e9bdc13b73)
17---
18 net/core/flow.c | 223 +++++++++++++++++++++++++++++--------------------------
19 1 files changed, 119 insertions(+), 104 deletions(-)
20
21diff --git a/net/core/flow.c b/net/core/flow.c
22index 9601587..1d27ca6 100644
23--- a/net/core/flow.c
24+++ b/net/core/flow.c
25@@ -35,104 +35,105 @@ struct flow_cache_entry {
26 atomic_t *object_ref;
27 };
28
29-atomic_t flow_cache_genid = ATOMIC_INIT(0);
30-
31-static u32 flow_hash_shift;
32-#define flow_hash_size (1 << flow_hash_shift)
33-static DEFINE_PER_CPU(struct flow_cache_entry **, flow_tables) = { NULL };
34-
35-#define flow_table(cpu) (per_cpu(flow_tables, cpu))
36-
37-static struct kmem_cache *flow_cachep __read_mostly;
38-
39-static int flow_lwm, flow_hwm;
40-
41-struct flow_percpu_info {
42- int hash_rnd_recalc;
43- u32 hash_rnd;
44- int count;
45+struct flow_cache_percpu {
46+ struct flow_cache_entry ** hash_table;
47+ int hash_count;
48+ u32 hash_rnd;
49+ int hash_rnd_recalc;
50+ struct tasklet_struct flush_tasklet;
51 };
52-static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info) = { 0 };
53-
54-#define flow_hash_rnd_recalc(cpu) \
55- (per_cpu(flow_hash_info, cpu).hash_rnd_recalc)
56-#define flow_hash_rnd(cpu) \
57- (per_cpu(flow_hash_info, cpu).hash_rnd)
58-#define flow_count(cpu) \
59- (per_cpu(flow_hash_info, cpu).count)
60-
61-static struct timer_list flow_hash_rnd_timer;
62-
63-#define FLOW_HASH_RND_PERIOD (10 * 60 * HZ)
64
65 struct flow_flush_info {
66- atomic_t cpuleft;
67- struct completion completion;
68+ struct flow_cache * cache;
69+ atomic_t cpuleft;
70+ struct completion completion;
71 };
72-static DEFINE_PER_CPU(struct tasklet_struct, flow_flush_tasklets) = { NULL };
73
74-#define flow_flush_tasklet(cpu) (&per_cpu(flow_flush_tasklets, cpu))
75+struct flow_cache {
76+ u32 hash_shift;
77+ unsigned long order;
78+ struct flow_cache_percpu * percpu;
79+ struct notifier_block hotcpu_notifier;
80+ int low_watermark;
81+ int high_watermark;
82+ struct timer_list rnd_timer;
83+};
84+
85+atomic_t flow_cache_genid = ATOMIC_INIT(0);
86+static struct flow_cache flow_cache_global;
87+static struct kmem_cache *flow_cachep;
88+
89+#define flow_cache_hash_size(cache) (1 << (cache)->hash_shift)
90+#define FLOW_HASH_RND_PERIOD (10 * 60 * HZ)
91
92 static void flow_cache_new_hashrnd(unsigned long arg)
93 {
94+ struct flow_cache *fc = (void *) arg;
95 int i;
96
97 for_each_possible_cpu(i)
98- flow_hash_rnd_recalc(i) = 1;
99+ per_cpu_ptr(fc->percpu, i)->hash_rnd_recalc = 1;
100
101- flow_hash_rnd_timer.expires = jiffies + FLOW_HASH_RND_PERIOD;
102- add_timer(&flow_hash_rnd_timer);
103+ fc->rnd_timer.expires = jiffies + FLOW_HASH_RND_PERIOD;
104+ add_timer(&fc->rnd_timer);
105 }
106
107-static void flow_entry_kill(int cpu, struct flow_cache_entry *fle)
108+static void flow_entry_kill(struct flow_cache *fc,
109+ struct flow_cache_percpu *fcp,
110+ struct flow_cache_entry *fle)
111 {
112 if (fle->object)
113 atomic_dec(fle->object_ref);
114 kmem_cache_free(flow_cachep, fle);
115- flow_count(cpu)--;
116+ fcp->hash_count--;
117 }
118
119-static void __flow_cache_shrink(int cpu, int shrink_to)
120+static void __flow_cache_shrink(struct flow_cache *fc,
121+ struct flow_cache_percpu *fcp,
122+ int shrink_to)
123 {
124 struct flow_cache_entry *fle, **flp;
125 int i;
126
127- for (i = 0; i < flow_hash_size; i++) {
128+ for (i = 0; i < flow_cache_hash_size(fc); i++) {
129 int k = 0;
130
131- flp = &flow_table(cpu)[i];
132+ flp = &fcp->hash_table[i];
133 while ((fle = *flp) != NULL && k < shrink_to) {
134 k++;
135 flp = &fle->next;
136 }
137 while ((fle = *flp) != NULL) {
138 *flp = fle->next;
139- flow_entry_kill(cpu, fle);
140+ flow_entry_kill(fc, fcp, fle);
141 }
142 }
143 }
144
145-static void flow_cache_shrink(int cpu)
146+static void flow_cache_shrink(struct flow_cache *fc,
147+ struct flow_cache_percpu *fcp)
148 {
149- int shrink_to = flow_lwm / flow_hash_size;
150+ int shrink_to = fc->low_watermark / flow_cache_hash_size(fc);
151
152- __flow_cache_shrink(cpu, shrink_to);
153+ __flow_cache_shrink(fc, fcp, shrink_to);
154 }
155
156-static void flow_new_hash_rnd(int cpu)
157+static void flow_new_hash_rnd(struct flow_cache *fc,
158+ struct flow_cache_percpu *fcp)
159 {
160- get_random_bytes(&flow_hash_rnd(cpu), sizeof(u32));
161- flow_hash_rnd_recalc(cpu) = 0;
162-
163- __flow_cache_shrink(cpu, 0);
164+ get_random_bytes(&fcp->hash_rnd, sizeof(u32));
165+ fcp->hash_rnd_recalc = 0;
166+ __flow_cache_shrink(fc, fcp, 0);
167 }
168
169-static u32 flow_hash_code(struct flowi *key, int cpu)
170+static u32 flow_hash_code(struct flow_cache *fc,
171+ struct flow_cache_percpu *fcp,
172+ struct flowi *key)
173 {
174 u32 *k = (u32 *) key;
175
176- return (jhash2(k, (sizeof(*key) / sizeof(u32)), flow_hash_rnd(cpu)) &
177- (flow_hash_size - 1));
178+ return (jhash2(k, (sizeof(*key) / sizeof(u32)), fcp->hash_rnd)
179+ & (flow_cache_hash_size(fc) - 1));
180 }
181
182 #if (BITS_PER_LONG == 64)
183@@ -168,24 +169,25 @@ static int flow_key_compare(struct flowi *key1, struct flowi *key2)
184 void *flow_cache_lookup(struct net *net, struct flowi *key, u16 family, u8 dir,
185 flow_resolve_t resolver)
186 {
187+ struct flow_cache *fc = &flow_cache_global;
188+ struct flow_cache_percpu *fcp;
189 struct flow_cache_entry *fle, **head;
190 unsigned int hash;
191- int cpu;
192
193 local_bh_disable();
194- cpu = smp_processor_id();
195+ fcp = per_cpu_ptr(fc->percpu, smp_processor_id());
196
197 fle = NULL;
198 /* Packet really early in init? Making flow_cache_init a
199 * pre-smp initcall would solve this. --RR */
200- if (!flow_table(cpu))
201+ if (!fcp->hash_table)
202 goto nocache;
203
204- if (flow_hash_rnd_recalc(cpu))
205- flow_new_hash_rnd(cpu);
206- hash = flow_hash_code(key, cpu);
207+ if (fcp->hash_rnd_recalc)
208+ flow_new_hash_rnd(fc, fcp);
209+ hash = flow_hash_code(fc, fcp, key);
210
211- head = &flow_table(cpu)[hash];
212+ head = &fcp->hash_table[hash];
213 for (fle = *head; fle; fle = fle->next) {
214 if (fle->family == family &&
215 fle->dir == dir &&
216@@ -204,8 +206,8 @@ void *flow_cache_lookup(struct net *net, struct flowi *key, u16 family, u8 dir,
217 }
218
219 if (!fle) {
220- if (flow_count(cpu) > flow_hwm)
221- flow_cache_shrink(cpu);
222+ if (fcp->hash_count > fc->high_watermark)
223+ flow_cache_shrink(fc, fcp);
224
225 fle = kmem_cache_alloc(flow_cachep, GFP_ATOMIC);
226 if (fle) {
227@@ -215,7 +217,7 @@ void *flow_cache_lookup(struct net *net, struct flowi *key, u16 family, u8 dir,
228 fle->dir = dir;
229 memcpy(&fle->key, key, sizeof(*key));
230 fle->object = NULL;
231- flow_count(cpu)++;
232+ fcp->hash_count++;
233 }
234 }
235
236@@ -249,14 +251,15 @@ nocache:
237 static void flow_cache_flush_tasklet(unsigned long data)
238 {
239 struct flow_flush_info *info = (void *)data;
240+ struct flow_cache *fc = info->cache;
241+ struct flow_cache_percpu *fcp;
242 int i;
243- int cpu;
244
245- cpu = smp_processor_id();
246- for (i = 0; i < flow_hash_size; i++) {
247+ fcp = per_cpu_ptr(fc->percpu, smp_processor_id());
248+ for (i = 0; i < flow_cache_hash_size(fc); i++) {
249 struct flow_cache_entry *fle;
250
251- fle = flow_table(cpu)[i];
252+ fle = fcp->hash_table[i];
253 for (; fle; fle = fle->next) {
254 unsigned genid = atomic_read(&flow_cache_genid);
255
256@@ -272,7 +275,6 @@ static void flow_cache_flush_tasklet(unsigned long data)
257 complete(&info->completion);
258 }
259
260-static void flow_cache_flush_per_cpu(void *) __attribute__((__unused__));
261 static void flow_cache_flush_per_cpu(void *data)
262 {
263 struct flow_flush_info *info = data;
264@@ -280,8 +282,7 @@ static void flow_cache_flush_per_cpu(void *data)
265 struct tasklet_struct *tasklet;
266
267 cpu = smp_processor_id();
268-
269- tasklet = flow_flush_tasklet(cpu);
270+ tasklet = &per_cpu_ptr(info->cache->percpu, cpu)->flush_tasklet;
271 tasklet->data = (unsigned long)info;
272 tasklet_schedule(tasklet);
273 }
274@@ -294,6 +295,7 @@ void flow_cache_flush(void)
275 /* Don't want cpus going down or up during this. */
276 get_online_cpus();
277 mutex_lock(&flow_flush_sem);
278+ info.cache = &flow_cache_global;
279 atomic_set(&info.cpuleft, num_online_cpus());
280 init_completion(&info.completion);
281
282@@ -307,62 +309,75 @@ void flow_cache_flush(void)
283 put_online_cpus();
284 }
285
286-static void __init flow_cache_cpu_prepare(int cpu)
287+static void __init flow_cache_cpu_prepare(struct flow_cache *fc,
288+ struct flow_cache_percpu *fcp)
289 {
290- struct tasklet_struct *tasklet;
291- unsigned long order;
292-
293- for (order = 0;
294- (PAGE_SIZE << order) <
295- (sizeof(struct flow_cache_entry *)*flow_hash_size);
296- order++)
297- /* NOTHING */;
298-
299- flow_table(cpu) = (struct flow_cache_entry **)
300- __get_free_pages(GFP_KERNEL|__GFP_ZERO, order);
301- if (!flow_table(cpu))
302- panic("NET: failed to allocate flow cache order %lu\n", order);
303-
304- flow_hash_rnd_recalc(cpu) = 1;
305- flow_count(cpu) = 0;
306-
307- tasklet = flow_flush_tasklet(cpu);
308- tasklet_init(tasklet, flow_cache_flush_tasklet, 0);
309+ fcp->hash_table = (struct flow_cache_entry **)
310+ __get_free_pages(GFP_KERNEL|__GFP_ZERO, fc->order);
311+ if (!fcp->hash_table)
312+ panic("NET: failed to allocate flow cache order %lu\n", fc->order);
313+
314+ fcp->hash_rnd_recalc = 1;
315+ fcp->hash_count = 0;
316+ tasklet_init(&fcp->flush_tasklet, flow_cache_flush_tasklet, 0);
317 }
318
319 static int flow_cache_cpu(struct notifier_block *nfb,
320 unsigned long action,
321 void *hcpu)
322 {
323+ struct flow_cache *fc = container_of(nfb, struct flow_cache, hotcpu_notifier);
324+ int cpu = (unsigned long) hcpu;
325+ struct flow_cache_percpu *fcp = per_cpu_ptr(fc->percpu, cpu);
326+
327 if (action == CPU_DEAD || action == CPU_DEAD_FROZEN)
328- __flow_cache_shrink((unsigned long)hcpu, 0);
329+ __flow_cache_shrink(fc, fcp, 0);
330 return NOTIFY_OK;
331 }
332
333-static int __init flow_cache_init(void)
334+static int flow_cache_init(struct flow_cache *fc)
335 {
336+ unsigned long order;
337 int i;
338
339- flow_cachep = kmem_cache_create("flow_cache",
340- sizeof(struct flow_cache_entry),
341- 0, SLAB_PANIC,
342- NULL);
343- flow_hash_shift = 10;
344- flow_lwm = 2 * flow_hash_size;
345- flow_hwm = 4 * flow_hash_size;
346+ fc->hash_shift = 10;
347+ fc->low_watermark = 2 * flow_cache_hash_size(fc);
348+ fc->high_watermark = 4 * flow_cache_hash_size(fc);
349+
350+ for (order = 0;
351+ (PAGE_SIZE << order) <
352+ (sizeof(struct flow_cache_entry *)*flow_cache_hash_size(fc));
353+ order++)
354+ /* NOTHING */;
355+ fc->order = order;
356+ fc->percpu = alloc_percpu(struct flow_cache_percpu);
357
358- setup_timer(&flow_hash_rnd_timer, flow_cache_new_hashrnd, 0);
359- flow_hash_rnd_timer.expires = jiffies + FLOW_HASH_RND_PERIOD;
360- add_timer(&flow_hash_rnd_timer);
361+ setup_timer(&fc->rnd_timer, flow_cache_new_hashrnd,
362+ (unsigned long) fc);
363+ fc->rnd_timer.expires = jiffies + FLOW_HASH_RND_PERIOD;
364+ add_timer(&fc->rnd_timer);
365
366 for_each_possible_cpu(i)
367- flow_cache_cpu_prepare(i);
368+ flow_cache_cpu_prepare(fc, per_cpu_ptr(fc->percpu, i));
369+
370+ fc->hotcpu_notifier = (struct notifier_block){
371+ .notifier_call = flow_cache_cpu,
372+ };
373+ register_hotcpu_notifier(&fc->hotcpu_notifier);
374
375- hotcpu_notifier(flow_cache_cpu, 0);
376 return 0;
377 }
378
379-module_init(flow_cache_init);
380+static int __init flow_cache_init_global(void)
381+{
382+ flow_cachep = kmem_cache_create("flow_cache",
383+ sizeof(struct flow_cache_entry),
384+ 0, SLAB_PANIC, NULL);
385+
386+ return flow_cache_init(&flow_cache_global);
387+}
388+
389+module_init(flow_cache_init_global);
390
391 EXPORT_SYMBOL(flow_cache_genid);
392 EXPORT_SYMBOL(flow_cache_lookup);
393--
3941.7.0.2
395
diff --git a/main/linux-grsec/0014-flow-virtualize-flow-cache-entry-methods.patch b/main/linux-grsec/0014-flow-virtualize-flow-cache-entry-methods.patch
new file mode 100644
index 0000000000..5c4a9ea594
--- /dev/null
+++ b/main/linux-grsec/0014-flow-virtualize-flow-cache-entry-methods.patch
@@ -0,0 +1,513 @@
1From d56cd1c538e5448fe43acc69991aa842f382a622 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
3Date: Wed, 7 Apr 2010 00:30:04 +0000
4Subject: [PATCH 14/18] flow: virtualize flow cache entry methods
5
6This allows to validate the cached object before returning it.
7It also allows to destruct object properly, if the last reference
8was held in flow cache. This is also a prepartion for caching
9bundles in the flow cache.
10
11In return for virtualizing the methods, we save on:
12- not having to regenerate the whole flow cache on policy removal:
13 each flow matching a killed policy gets refreshed as the getter
14 function notices it smartly.
15- we do not have to call flow_cache_flush from policy gc, since the
16 flow cache now properly deletes the object if it had any references
17
18Signed-off-by: Timo Teras <timo.teras@iki.fi>
19Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
20Signed-off-by: David S. Miller <davem@davemloft.net>
21(backported from commit fe1a5f031e76bd8761a7803d75b95ee96e84a574)
22---
23 include/net/flow.h | 23 +++++++--
24 include/net/xfrm.h | 3 +
25 net/core/flow.c | 128 +++++++++++++++++++++++++----------------------
26 net/xfrm/xfrm_policy.c | 111 ++++++++++++++++++++++++++++--------------
27 4 files changed, 164 insertions(+), 101 deletions(-)
28
29diff --git a/include/net/flow.h b/include/net/flow.h
30index 809970b..bb08692 100644
31--- a/include/net/flow.h
32+++ b/include/net/flow.h
33@@ -86,11 +86,26 @@ struct flowi {
34
35 struct net;
36 struct sock;
37-typedef int (*flow_resolve_t)(struct net *net, struct flowi *key, u16 family,
38- u8 dir, void **objp, atomic_t **obj_refp);
39+struct flow_cache_ops;
40+
41+struct flow_cache_object {
42+ const struct flow_cache_ops *ops;
43+};
44+
45+struct flow_cache_ops {
46+ struct flow_cache_object *(*get)(struct flow_cache_object *);
47+ int (*check)(struct flow_cache_object *);
48+ void (*delete)(struct flow_cache_object *);
49+};
50+
51+typedef struct flow_cache_object *(*flow_resolve_t)(
52+ struct net *net, struct flowi *key, u16 family,
53+ u8 dir, struct flow_cache_object *oldobj, void *ctx);
54+
55+extern struct flow_cache_object *flow_cache_lookup(
56+ struct net *net, struct flowi *key, u16 family,
57+ u8 dir, flow_resolve_t resolver, void *ctx);
58
59-extern void *flow_cache_lookup(struct net *net, struct flowi *key, u16 family,
60- u8 dir, flow_resolve_t resolver);
61 extern void flow_cache_flush(void);
62 extern atomic_t flow_cache_genid;
63
64diff --git a/include/net/xfrm.h b/include/net/xfrm.h
65index 6960be2..6023a48 100644
66--- a/include/net/xfrm.h
67+++ b/include/net/xfrm.h
68@@ -19,6 +19,8 @@
69 #include <net/route.h>
70 #include <net/ipv6.h>
71 #include <net/ip6_fib.h>
72+#include <net/flow.h>
73+
74 #ifdef CONFIG_XFRM_STATISTICS
75 #include <net/snmp.h>
76 #endif
77@@ -482,6 +484,7 @@ struct xfrm_policy
78 atomic_t refcnt;
79 struct timer_list timer;
80
81+ struct flow_cache_object flo;
82 u32 priority;
83 u32 index;
84 struct xfrm_selector selector;
85diff --git a/net/core/flow.c b/net/core/flow.c
86index 1d27ca6..521df52 100644
87--- a/net/core/flow.c
88+++ b/net/core/flow.c
89@@ -26,17 +26,16 @@
90 #include <linux/security.h>
91
92 struct flow_cache_entry {
93- struct flow_cache_entry *next;
94- u16 family;
95- u8 dir;
96- u32 genid;
97- struct flowi key;
98- void *object;
99- atomic_t *object_ref;
100+ struct flow_cache_entry *next;
101+ u16 family;
102+ u8 dir;
103+ u32 genid;
104+ struct flowi key;
105+ struct flow_cache_object *object;
106 };
107
108 struct flow_cache_percpu {
109- struct flow_cache_entry ** hash_table;
110+ struct flow_cache_entry **hash_table;
111 int hash_count;
112 u32 hash_rnd;
113 int hash_rnd_recalc;
114@@ -44,7 +43,7 @@ struct flow_cache_percpu {
115 };
116
117 struct flow_flush_info {
118- struct flow_cache * cache;
119+ struct flow_cache *cache;
120 atomic_t cpuleft;
121 struct completion completion;
122 };
123@@ -52,7 +51,7 @@ struct flow_flush_info {
124 struct flow_cache {
125 u32 hash_shift;
126 unsigned long order;
127- struct flow_cache_percpu * percpu;
128+ struct flow_cache_percpu *percpu;
129 struct notifier_block hotcpu_notifier;
130 int low_watermark;
131 int high_watermark;
132@@ -78,12 +77,21 @@ static void flow_cache_new_hashrnd(unsigned long arg)
133 add_timer(&fc->rnd_timer);
134 }
135
136+static int flow_entry_valid(struct flow_cache_entry *fle)
137+{
138+ if (atomic_read(&flow_cache_genid) != fle->genid)
139+ return 0;
140+ if (fle->object && !fle->object->ops->check(fle->object))
141+ return 0;
142+ return 1;
143+}
144+
145 static void flow_entry_kill(struct flow_cache *fc,
146 struct flow_cache_percpu *fcp,
147 struct flow_cache_entry *fle)
148 {
149 if (fle->object)
150- atomic_dec(fle->object_ref);
151+ fle->object->ops->delete(fle->object);
152 kmem_cache_free(flow_cachep, fle);
153 fcp->hash_count--;
154 }
155@@ -96,16 +104,18 @@ static void __flow_cache_shrink(struct flow_cache *fc,
156 int i;
157
158 for (i = 0; i < flow_cache_hash_size(fc); i++) {
159- int k = 0;
160+ int saved = 0;
161
162 flp = &fcp->hash_table[i];
163- while ((fle = *flp) != NULL && k < shrink_to) {
164- k++;
165- flp = &fle->next;
166- }
167 while ((fle = *flp) != NULL) {
168- *flp = fle->next;
169- flow_entry_kill(fc, fcp, fle);
170+ if (saved < shrink_to &&
171+ flow_entry_valid(fle)) {
172+ saved++;
173+ flp = &fle->next;
174+ } else {
175+ *flp = fle->next;
176+ flow_entry_kill(fc, fcp, fle);
177+ }
178 }
179 }
180 }
181@@ -166,18 +176,21 @@ static int flow_key_compare(struct flowi *key1, struct flowi *key2)
182 return 0;
183 }
184
185-void *flow_cache_lookup(struct net *net, struct flowi *key, u16 family, u8 dir,
186- flow_resolve_t resolver)
187+struct flow_cache_object *
188+flow_cache_lookup(struct net *net, struct flowi *key, u16 family, u8 dir,
189+ flow_resolve_t resolver, void *ctx)
190 {
191 struct flow_cache *fc = &flow_cache_global;
192 struct flow_cache_percpu *fcp;
193 struct flow_cache_entry *fle, **head;
194+ struct flow_cache_object *flo;
195 unsigned int hash;
196
197 local_bh_disable();
198 fcp = per_cpu_ptr(fc->percpu, smp_processor_id());
199
200 fle = NULL;
201+ flo = NULL;
202 /* Packet really early in init? Making flow_cache_init a
203 * pre-smp initcall would solve this. --RR */
204 if (!fcp->hash_table)
205@@ -185,27 +198,17 @@ void *flow_cache_lookup(struct net *net, struct flowi *key, u16 family, u8 dir,
206
207 if (fcp->hash_rnd_recalc)
208 flow_new_hash_rnd(fc, fcp);
209- hash = flow_hash_code(fc, fcp, key);
210
211+ hash = flow_hash_code(fc, fcp, key);
212 head = &fcp->hash_table[hash];
213 for (fle = *head; fle; fle = fle->next) {
214 if (fle->family == family &&
215 fle->dir == dir &&
216- flow_key_compare(key, &fle->key) == 0) {
217- if (fle->genid == atomic_read(&flow_cache_genid)) {
218- void *ret = fle->object;
219-
220- if (ret)
221- atomic_inc(fle->object_ref);
222- local_bh_enable();
223-
224- return ret;
225- }
226+ flow_key_compare(key, &fle->key) == 0)
227 break;
228- }
229 }
230
231- if (!fle) {
232+ if (unlikely(!fle)) {
233 if (fcp->hash_count > fc->high_watermark)
234 flow_cache_shrink(fc, fcp);
235
236@@ -219,33 +222,39 @@ void *flow_cache_lookup(struct net *net, struct flowi *key, u16 family, u8 dir,
237 fle->object = NULL;
238 fcp->hash_count++;
239 }
240+ } else if (likely(fle->genid == atomic_read(&flow_cache_genid))) {
241+ flo = fle->object;
242+ if (!flo)
243+ goto ret_object;
244+ flo = flo->ops->get(flo);
245+ if (flo)
246+ goto ret_object;
247+ } else if (fle->object) {
248+ flo = fle->object;
249+ flo->ops->delete(flo);
250+ fle->object = NULL;
251 }
252
253 nocache:
254- {
255- int err;
256- void *obj;
257- atomic_t *obj_ref;
258-
259- err = resolver(net, key, family, dir, &obj, &obj_ref);
260-
261- if (fle && !err) {
262- fle->genid = atomic_read(&flow_cache_genid);
263-
264- if (fle->object)
265- atomic_dec(fle->object_ref);
266-
267- fle->object = obj;
268- fle->object_ref = obj_ref;
269- if (obj)
270- atomic_inc(fle->object_ref);
271- }
272- local_bh_enable();
273-
274- if (err)
275- obj = ERR_PTR(err);
276- return obj;
277+ flo = NULL;
278+ if (fle) {
279+ flo = fle->object;
280+ fle->object = NULL;
281+ }
282+ flo = resolver(net, key, family, dir, flo, ctx);
283+ if (fle) {
284+ fle->genid = atomic_read(&flow_cache_genid);
285+ if (!IS_ERR(flo))
286+ fle->object = flo;
287+ else
288+ fle->genid--;
289+ } else {
290+ if (flo && !IS_ERR(flo))
291+ flo->ops->delete(flo);
292 }
293+ret_object:
294+ local_bh_enable();
295+ return flo;
296 }
297
298 static void flow_cache_flush_tasklet(unsigned long data)
299@@ -261,13 +270,12 @@ static void flow_cache_flush_tasklet(unsigned long data)
300
301 fle = fcp->hash_table[i];
302 for (; fle; fle = fle->next) {
303- unsigned genid = atomic_read(&flow_cache_genid);
304-
305- if (!fle->object || fle->genid == genid)
306+ if (flow_entry_valid(fle))
307 continue;
308
309+ if (fle->object)
310+ fle->object->ops->delete(fle->object);
311 fle->object = NULL;
312- atomic_dec(fle->object_ref);
313 }
314 }
315
316diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
317index 110184f..d1eb2b5 100644
318--- a/net/xfrm/xfrm_policy.c
319+++ b/net/xfrm/xfrm_policy.c
320@@ -216,6 +216,35 @@ expired:
321 xfrm_pol_put(xp);
322 }
323
324+static struct flow_cache_object *xfrm_policy_flo_get(struct flow_cache_object *flo)
325+{
326+ struct xfrm_policy *pol = container_of(flo, struct xfrm_policy, flo);
327+
328+ if (unlikely(pol->walk.dead))
329+ flo = NULL;
330+ else
331+ xfrm_pol_hold(pol);
332+
333+ return flo;
334+}
335+
336+static int xfrm_policy_flo_check(struct flow_cache_object *flo)
337+{
338+ struct xfrm_policy *pol = container_of(flo, struct xfrm_policy, flo);
339+
340+ return !pol->walk.dead;
341+}
342+
343+static void xfrm_policy_flo_delete(struct flow_cache_object *flo)
344+{
345+ xfrm_pol_put(container_of(flo, struct xfrm_policy, flo));
346+}
347+
348+static const struct flow_cache_ops xfrm_policy_fc_ops = {
349+ .get = xfrm_policy_flo_get,
350+ .check = xfrm_policy_flo_check,
351+ .delete = xfrm_policy_flo_delete,
352+};
353
354 /* Allocate xfrm_policy. Not used here, it is supposed to be used by pfkeyv2
355 * SPD calls.
356@@ -236,6 +265,7 @@ struct xfrm_policy *xfrm_policy_alloc(struct net *net, gfp_t gfp)
357 atomic_set(&policy->refcnt, 1);
358 setup_timer(&policy->timer, xfrm_policy_timer,
359 (unsigned long)policy);
360+ policy->flo.ops = &xfrm_policy_fc_ops;
361 }
362 return policy;
363 }
364@@ -269,9 +299,6 @@ static void xfrm_policy_gc_kill(struct xfrm_policy *policy)
365 if (del_timer(&policy->timer))
366 atomic_dec(&policy->refcnt);
367
368- if (atomic_read(&policy->refcnt) > 1)
369- flow_cache_flush();
370-
371 xfrm_pol_put(policy);
372 }
373
374@@ -658,10 +685,8 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u8 type, int dir,
375 }
376 write_unlock_bh(&xfrm_policy_lock);
377
378- if (ret && delete) {
379- atomic_inc(&flow_cache_genid);
380+ if (ret && delete)
381 xfrm_policy_kill(ret);
382- }
383 return ret;
384 }
385 EXPORT_SYMBOL(xfrm_policy_bysel_ctx);
386@@ -699,10 +724,8 @@ struct xfrm_policy *xfrm_policy_byid(struct net *net, u8 type, int dir, u32 id,
387 }
388 write_unlock_bh(&xfrm_policy_lock);
389
390- if (ret && delete) {
391- atomic_inc(&flow_cache_genid);
392+ if (ret && delete)
393 xfrm_policy_kill(ret);
394- }
395 return ret;
396 }
397 EXPORT_SYMBOL(xfrm_policy_byid);
398@@ -967,32 +990,35 @@ fail:
399 return ret;
400 }
401
402-static int xfrm_policy_lookup(struct net *net, struct flowi *fl, u16 family,
403- u8 dir, void **objp, atomic_t **obj_refp)
404+static struct flow_cache_object *
405+xfrm_policy_lookup(struct net *net, struct flowi *fl, u16 family,
406+ u8 dir, struct flow_cache_object *old_obj, void *ctx)
407 {
408 struct xfrm_policy *pol;
409- int err = 0;
410+
411+ if (old_obj)
412+ xfrm_pol_put(container_of(old_obj, struct xfrm_policy, flo));
413
414 #ifdef CONFIG_XFRM_SUB_POLICY
415 pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_SUB, fl, family, dir);
416- if (IS_ERR(pol)) {
417- err = PTR_ERR(pol);
418- pol = NULL;
419- }
420- if (pol || err)
421- goto end;
422+ if (IS_ERR(pol))
423+ return ERR_CAST(pol);
424+ if (pol)
425+ goto found;
426 #endif
427 pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN, fl, family, dir);
428- if (IS_ERR(pol)) {
429- err = PTR_ERR(pol);
430- pol = NULL;
431- }
432-#ifdef CONFIG_XFRM_SUB_POLICY
433-end:
434-#endif
435- if ((*objp = (void *) pol) != NULL)
436- *obj_refp = &pol->refcnt;
437- return err;
438+ if (IS_ERR(pol))
439+ return ERR_CAST(pol);
440+ if (pol)
441+ goto found;
442+ return NULL;
443+
444+found:
445+ /* Resolver returns two references:
446+ * one for cache and one for caller of flow_cache_lookup() */
447+ xfrm_pol_hold(pol);
448+
449+ return &pol->flo;
450 }
451
452 static inline int policy_to_flow_dir(int dir)
453@@ -1077,8 +1103,6 @@ int xfrm_policy_delete(struct xfrm_policy *pol, int dir)
454 pol = __xfrm_policy_unlink(pol, dir);
455 write_unlock_bh(&xfrm_policy_lock);
456 if (pol) {
457- if (dir < XFRM_POLICY_MAX)
458- atomic_inc(&flow_cache_genid);
459 xfrm_policy_kill(pol);
460 return 0;
461 }
462@@ -1549,18 +1573,24 @@ restart:
463 }
464
465 if (!policy) {
466+ struct flow_cache_object *flo;
467+
468 /* To accelerate a bit... */
469 if ((dst_orig->flags & DST_NOXFRM) ||
470 !net->xfrm.policy_count[XFRM_POLICY_OUT])
471 goto nopol;
472
473- policy = flow_cache_lookup(net, fl, dst_orig->ops->family,
474- dir, xfrm_policy_lookup);
475- err = PTR_ERR(policy);
476- if (IS_ERR(policy)) {
477+ flo = flow_cache_lookup(net, fl, dst_orig->ops->family,
478+ dir, xfrm_policy_lookup, NULL);
479+ err = PTR_ERR(flo);
480+ if (IS_ERR(flo)) {
481 XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR);
482 goto dropdst;
483 }
484+ if (flo)
485+ policy = container_of(flo, struct xfrm_policy, flo);
486+ else
487+ policy = NULL;
488 }
489
490 if (!policy)
491@@ -1910,9 +1940,16 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
492 }
493 }
494
495- if (!pol)
496- pol = flow_cache_lookup(net, &fl, family, fl_dir,
497- xfrm_policy_lookup);
498+ if (!pol) {
499+ struct flow_cache_object *flo;
500+
501+ flo = flow_cache_lookup(net, &fl, family, fl_dir,
502+ xfrm_policy_lookup, NULL);
503+ if (flo == NULL || IS_ERR(flo))
504+ pol = ERR_CAST(flo);
505+ else
506+ pol = container_of(flo, struct xfrm_policy, flo);
507+ }
508
509 if (IS_ERR(pol)) {
510 XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR);
511--
5121.7.0.2
513
diff --git a/main/linux-grsec/0015-xfrm-cache-bundles-instead-of-policies-for-outgoing-.patch b/main/linux-grsec/0015-xfrm-cache-bundles-instead-of-policies-for-outgoing-.patch
new file mode 100644
index 0000000000..0d066c84d9
--- /dev/null
+++ b/main/linux-grsec/0015-xfrm-cache-bundles-instead-of-policies-for-outgoing-.patch
@@ -0,0 +1,1068 @@
1From f89d21648e6dc06db2aeabc8926c270894c41446 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
3Date: Wed, 7 Apr 2010 00:30:05 +0000
4Subject: [PATCH 15/18] xfrm: cache bundles instead of policies for outgoing flows
5
6__xfrm_lookup() is called for each packet transmitted out of
7system. The xfrm_find_bundle() does a linear search which can
8kill system performance depending on how many bundles are
9required per policy.
10
11This modifies __xfrm_lookup() to store bundles directly in
12the flow cache. If we did not get a hit, we just create a new
13bundle instead of doing slow search. This means that we can now
14get multiple xfrm_dst's for same flow (on per-cpu basis).
15
16Signed-off-by: Timo Teras <timo.teras@iki.fi>
17Signed-off-by: David S. Miller <davem@davemloft.net>
18(backported from commit 80c802f3073e84c956846e921e8a0b02dfa3755f)
19---
20 include/net/xfrm.h | 10 +-
21 net/ipv4/xfrm4_policy.c | 22 --
22 net/ipv6/xfrm6_policy.c | 31 --
23 net/xfrm/xfrm_policy.c | 710 +++++++++++++++++++++++++----------------------
24 4 files changed, 383 insertions(+), 390 deletions(-)
25
26diff --git a/include/net/xfrm.h b/include/net/xfrm.h
27index 6023a48..d51ef61 100644
28--- a/include/net/xfrm.h
29+++ b/include/net/xfrm.h
30@@ -266,7 +266,6 @@ struct xfrm_policy_afinfo {
31 xfrm_address_t *saddr,
32 xfrm_address_t *daddr);
33 int (*get_saddr)(struct net *net, xfrm_address_t *saddr, xfrm_address_t *daddr);
34- struct dst_entry *(*find_bundle)(struct flowi *fl, struct xfrm_policy *policy);
35 void (*decode_session)(struct sk_buff *skb,
36 struct flowi *fl,
37 int reverse);
38@@ -485,12 +484,12 @@ struct xfrm_policy
39 struct timer_list timer;
40
41 struct flow_cache_object flo;
42+ atomic_t genid;
43 u32 priority;
44 u32 index;
45 struct xfrm_selector selector;
46 struct xfrm_lifetime_cfg lft;
47 struct xfrm_lifetime_cur curlft;
48- struct dst_entry *bundles;
49 struct xfrm_policy_walk_entry walk;
50 u8 type;
51 u8 action;
52@@ -883,11 +882,15 @@ struct xfrm_dst
53 struct rt6_info rt6;
54 } u;
55 struct dst_entry *route;
56+ struct flow_cache_object flo;
57+ struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
58+ int num_pols, num_xfrms;
59 #ifdef CONFIG_XFRM_SUB_POLICY
60 struct flowi *origin;
61 struct xfrm_selector *partner;
62 #endif
63- u32 genid;
64+ u32 xfrm_genid;
65+ u32 policy_genid;
66 u32 route_mtu_cached;
67 u32 child_mtu_cached;
68 u32 route_cookie;
69@@ -897,6 +900,7 @@ struct xfrm_dst
70 #ifdef CONFIG_XFRM
71 static inline void xfrm_dst_destroy(struct xfrm_dst *xdst)
72 {
73+ xfrm_pols_put(xdst->pols, xdst->num_pols);
74 dst_release(xdst->route);
75 if (likely(xdst->u.dst.xfrm))
76 xfrm_state_put(xdst->u.dst.xfrm);
77diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
78index 7009886..651a3e7 100644
79--- a/net/ipv4/xfrm4_policy.c
80+++ b/net/ipv4/xfrm4_policy.c
81@@ -60,27 +60,6 @@ static int xfrm4_get_saddr(struct net *net,
82 return 0;
83 }
84
85-static struct dst_entry *
86-__xfrm4_find_bundle(struct flowi *fl, struct xfrm_policy *policy)
87-{
88- struct dst_entry *dst;
89-
90- read_lock_bh(&policy->lock);
91- for (dst = policy->bundles; dst; dst = dst->next) {
92- struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
93- if (xdst->u.rt.fl.oif == fl->oif && /*XXX*/
94- xdst->u.rt.fl.fl4_dst == fl->fl4_dst &&
95- xdst->u.rt.fl.fl4_src == fl->fl4_src &&
96- xdst->u.rt.fl.fl4_tos == fl->fl4_tos &&
97- xfrm_bundle_ok(policy, xdst, fl, AF_INET, 0)) {
98- dst_clone(dst);
99- break;
100- }
101- }
102- read_unlock_bh(&policy->lock);
103- return dst;
104-}
105-
106 static int xfrm4_get_tos(struct flowi *fl)
107 {
108 return fl->fl4_tos;
109@@ -258,7 +237,6 @@ static struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
110 .dst_ops = &xfrm4_dst_ops,
111 .dst_lookup = xfrm4_dst_lookup,
112 .get_saddr = xfrm4_get_saddr,
113- .find_bundle = __xfrm4_find_bundle,
114 .decode_session = _decode_session4,
115 .get_tos = xfrm4_get_tos,
116 .init_path = xfrm4_init_path,
117diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
118index 3f89ab7..fb2a5b7 100644
119--- a/net/ipv6/xfrm6_policy.c
120+++ b/net/ipv6/xfrm6_policy.c
121@@ -68,36 +68,6 @@ static int xfrm6_get_saddr(struct net *net,
122 return 0;
123 }
124
125-static struct dst_entry *
126-__xfrm6_find_bundle(struct flowi *fl, struct xfrm_policy *policy)
127-{
128- struct dst_entry *dst;
129-
130- /* Still not clear if we should set fl->fl6_{src,dst}... */
131- read_lock_bh(&policy->lock);
132- for (dst = policy->bundles; dst; dst = dst->next) {
133- struct xfrm_dst *xdst = (struct xfrm_dst*)dst;
134- struct in6_addr fl_dst_prefix, fl_src_prefix;
135-
136- ipv6_addr_prefix(&fl_dst_prefix,
137- &fl->fl6_dst,
138- xdst->u.rt6.rt6i_dst.plen);
139- ipv6_addr_prefix(&fl_src_prefix,
140- &fl->fl6_src,
141- xdst->u.rt6.rt6i_src.plen);
142- if (ipv6_addr_equal(&xdst->u.rt6.rt6i_dst.addr, &fl_dst_prefix) &&
143- ipv6_addr_equal(&xdst->u.rt6.rt6i_src.addr, &fl_src_prefix) &&
144- xfrm_bundle_ok(policy, xdst, fl, AF_INET6,
145- (xdst->u.rt6.rt6i_dst.plen != 128 ||
146- xdst->u.rt6.rt6i_src.plen != 128))) {
147- dst_clone(dst);
148- break;
149- }
150- }
151- read_unlock_bh(&policy->lock);
152- return dst;
153-}
154-
155 static int xfrm6_get_tos(struct flowi *fl)
156 {
157 return 0;
158@@ -290,7 +260,6 @@ static struct xfrm_policy_afinfo xfrm6_policy_afinfo = {
159 .dst_ops = &xfrm6_dst_ops,
160 .dst_lookup = xfrm6_dst_lookup,
161 .get_saddr = xfrm6_get_saddr,
162- .find_bundle = __xfrm6_find_bundle,
163 .decode_session = _decode_session6,
164 .get_tos = xfrm6_get_tos,
165 .init_path = xfrm6_init_path,
166diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
167index d1eb2b5..0379d82 100644
168--- a/net/xfrm/xfrm_policy.c
169+++ b/net/xfrm/xfrm_policy.c
170@@ -37,6 +37,8 @@
171 DEFINE_MUTEX(xfrm_cfg_mutex);
172 EXPORT_SYMBOL(xfrm_cfg_mutex);
173
174+static DEFINE_SPINLOCK(xfrm_policy_sk_bundle_lock);
175+static struct dst_entry *xfrm_policy_sk_bundles;
176 static DEFINE_RWLOCK(xfrm_policy_lock);
177
178 static DEFINE_RWLOCK(xfrm_policy_afinfo_lock);
179@@ -50,6 +52,7 @@ static DEFINE_SPINLOCK(xfrm_policy_gc_lock);
180 static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family);
181 static void xfrm_policy_put_afinfo(struct xfrm_policy_afinfo *afinfo);
182 static void xfrm_init_pmtu(struct dst_entry *dst);
183+static int stale_bundle(struct dst_entry *dst);
184
185 static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol,
186 int dir);
187@@ -277,8 +280,6 @@ void xfrm_policy_destroy(struct xfrm_policy *policy)
188 {
189 BUG_ON(!policy->walk.dead);
190
191- BUG_ON(policy->bundles);
192-
193 if (del_timer(&policy->timer))
194 BUG();
195
196@@ -289,12 +290,7 @@ EXPORT_SYMBOL(xfrm_policy_destroy);
197
198 static void xfrm_policy_gc_kill(struct xfrm_policy *policy)
199 {
200- struct dst_entry *dst;
201-
202- while ((dst = policy->bundles) != NULL) {
203- policy->bundles = dst->next;
204- dst_free(dst);
205- }
206+ atomic_inc(&policy->genid);
207
208 if (del_timer(&policy->timer))
209 atomic_dec(&policy->refcnt);
210@@ -572,7 +568,6 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
211 struct xfrm_policy *delpol;
212 struct hlist_head *chain;
213 struct hlist_node *entry, *newpos;
214- struct dst_entry *gc_list;
215
216 write_lock_bh(&xfrm_policy_lock);
217 chain = policy_hash_bysel(net, &policy->selector, policy->family, dir);
218@@ -620,34 +615,6 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
219 else if (xfrm_bydst_should_resize(net, dir, NULL))
220 schedule_work(&net->xfrm.policy_hash_work);
221
222- read_lock_bh(&xfrm_policy_lock);
223- gc_list = NULL;
224- entry = &policy->bydst;
225- hlist_for_each_entry_continue(policy, entry, bydst) {
226- struct dst_entry *dst;
227-
228- write_lock(&policy->lock);
229- dst = policy->bundles;
230- if (dst) {
231- struct dst_entry *tail = dst;
232- while (tail->next)
233- tail = tail->next;
234- tail->next = gc_list;
235- gc_list = dst;
236-
237- policy->bundles = NULL;
238- }
239- write_unlock(&policy->lock);
240- }
241- read_unlock_bh(&xfrm_policy_lock);
242-
243- while (gc_list) {
244- struct dst_entry *dst = gc_list;
245-
246- gc_list = dst->next;
247- dst_free(dst);
248- }
249-
250 return 0;
251 }
252 EXPORT_SYMBOL(xfrm_policy_insert);
253@@ -990,6 +957,19 @@ fail:
254 return ret;
255 }
256
257+static struct xfrm_policy *
258+__xfrm_policy_lookup(struct net *net, struct flowi *fl, u16 family, u8 dir)
259+{
260+#ifdef CONFIG_XFRM_SUB_POLICY
261+ struct xfrm_policy *pol;
262+
263+ pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_SUB, fl, family, dir);
264+ if (pol != NULL)
265+ return pol;
266+#endif
267+ return xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN, fl, family, dir);
268+}
269+
270 static struct flow_cache_object *
271 xfrm_policy_lookup(struct net *net, struct flowi *fl, u16 family,
272 u8 dir, struct flow_cache_object *old_obj, void *ctx)
273@@ -999,21 +979,10 @@ xfrm_policy_lookup(struct net *net, struct flowi *fl, u16 family,
274 if (old_obj)
275 xfrm_pol_put(container_of(old_obj, struct xfrm_policy, flo));
276
277-#ifdef CONFIG_XFRM_SUB_POLICY
278- pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_SUB, fl, family, dir);
279- if (IS_ERR(pol))
280+ pol = __xfrm_policy_lookup(net, fl, family, dir);
281+ if (pol == NULL || IS_ERR(pol))
282 return ERR_CAST(pol);
283- if (pol)
284- goto found;
285-#endif
286- pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN, fl, family, dir);
287- if (IS_ERR(pol))
288- return ERR_CAST(pol);
289- if (pol)
290- goto found;
291- return NULL;
292
293-found:
294 /* Resolver returns two references:
295 * one for cache and one for caller of flow_cache_lookup() */
296 xfrm_pol_hold(pol);
297@@ -1299,18 +1268,6 @@ xfrm_tmpl_resolve(struct xfrm_policy **pols, int npols, struct flowi *fl,
298 * still valid.
299 */
300
301-static struct dst_entry *
302-xfrm_find_bundle(struct flowi *fl, struct xfrm_policy *policy, unsigned short family)
303-{
304- struct dst_entry *x;
305- struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
306- if (unlikely(afinfo == NULL))
307- return ERR_PTR(-EINVAL);
308- x = afinfo->find_bundle(fl, policy);
309- xfrm_policy_put_afinfo(afinfo);
310- return x;
311-}
312-
313 static inline int xfrm_get_tos(struct flowi *fl, int family)
314 {
315 struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
316@@ -1326,6 +1283,54 @@ static inline int xfrm_get_tos(struct flowi *fl, int family)
317 return tos;
318 }
319
320+static struct flow_cache_object *xfrm_bundle_flo_get(struct flow_cache_object *flo)
321+{
322+ struct xfrm_dst *xdst = container_of(flo, struct xfrm_dst, flo);
323+ struct dst_entry *dst = &xdst->u.dst;
324+
325+ if (xdst->route == NULL) {
326+ /* Dummy bundle - if it has xfrms we were not
327+ * able to build bundle as template resolution failed.
328+ * It means we need to try again resolving. */
329+ if (xdst->num_xfrms > 0)
330+ return NULL;
331+ } else {
332+ /* Real bundle */
333+ if (stale_bundle(dst))
334+ return NULL;
335+ }
336+
337+ dst_hold(dst);
338+ return flo;
339+}
340+
341+static int xfrm_bundle_flo_check(struct flow_cache_object *flo)
342+{
343+ struct xfrm_dst *xdst = container_of(flo, struct xfrm_dst, flo);
344+ struct dst_entry *dst = &xdst->u.dst;
345+
346+ if (!xdst->route)
347+ return 0;
348+ if (stale_bundle(dst))
349+ return 0;
350+
351+ return 1;
352+}
353+
354+static void xfrm_bundle_flo_delete(struct flow_cache_object *flo)
355+{
356+ struct xfrm_dst *xdst = container_of(flo, struct xfrm_dst, flo);
357+ struct dst_entry *dst = &xdst->u.dst;
358+
359+ dst_free(dst);
360+}
361+
362+static const struct flow_cache_ops xfrm_bundle_fc_ops = {
363+ .get = xfrm_bundle_flo_get,
364+ .check = xfrm_bundle_flo_check,
365+ .delete = xfrm_bundle_flo_delete,
366+};
367+
368 static inline struct xfrm_dst *xfrm_alloc_dst(int family)
369 {
370 struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
371@@ -1338,6 +1343,8 @@ static inline struct xfrm_dst *xfrm_alloc_dst(int family)
372
373 xfrm_policy_put_afinfo(afinfo);
374
375+ xdst->flo.ops = &xfrm_bundle_fc_ops;
376+
377 return xdst;
378 }
379
380@@ -1375,6 +1382,7 @@ static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
381 return err;
382 }
383
384+
385 /* Allocate chain of dst_entry's, attach known xfrm's, calculate
386 * all the metrics... Shortly, bundle a bundle.
387 */
388@@ -1437,7 +1445,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
389 dst_hold(dst);
390
391 dst1->xfrm = xfrm[i];
392- xdst->genid = xfrm[i]->genid;
393+ xdst->xfrm_genid = xfrm[i]->genid;
394
395 dst1->obsolete = -1;
396 dst1->flags |= DST_HOST;
397@@ -1530,7 +1538,186 @@ xfrm_dst_update_origin(struct dst_entry *dst, struct flowi *fl)
398 #endif
399 }
400
401-static int stale_bundle(struct dst_entry *dst);
402+static int xfrm_expand_policies(struct flowi *fl, u16 family,
403+ struct xfrm_policy **pols,
404+ int *num_pols, int *num_xfrms)
405+{
406+ int i;
407+
408+ if (*num_pols == 0 || !pols[0]) {
409+ *num_pols = 0;
410+ *num_xfrms = 0;
411+ return 0;
412+ }
413+ if (IS_ERR(pols[0]))
414+ return PTR_ERR(pols[0]);
415+
416+ *num_xfrms = pols[0]->xfrm_nr;
417+
418+#ifdef CONFIG_XFRM_SUB_POLICY
419+ if (pols[0] && pols[0]->action == XFRM_POLICY_ALLOW &&
420+ pols[0]->type != XFRM_POLICY_TYPE_MAIN) {
421+ pols[1] = xfrm_policy_lookup_bytype(xp_net(pols[0]),
422+ XFRM_POLICY_TYPE_MAIN,
423+ fl, family,
424+ XFRM_POLICY_OUT);
425+ if (pols[1]) {
426+ if (IS_ERR(pols[1])) {
427+ xfrm_pols_put(pols, *num_pols);
428+ return PTR_ERR(pols[1]);
429+ }
430+ (*num_pols) ++;
431+ (*num_xfrms) += pols[1]->xfrm_nr;
432+ }
433+ }
434+#endif
435+ for (i = 0; i < *num_pols; i++) {
436+ if (pols[i]->action != XFRM_POLICY_ALLOW) {
437+ *num_xfrms = -1;
438+ break;
439+ }
440+ }
441+
442+ return 0;
443+
444+}
445+
446+static struct xfrm_dst *
447+xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols,
448+ struct flowi *fl, u16 family,
449+ struct dst_entry *dst_orig)
450+{
451+ struct net *net = xp_net(pols[0]);
452+ struct xfrm_state *xfrm[XFRM_MAX_DEPTH];
453+ struct dst_entry *dst;
454+ struct xfrm_dst *xdst;
455+ int err;
456+
457+ /* Try to instantiate a bundle */
458+ err = xfrm_tmpl_resolve(pols, num_pols, fl, xfrm, family);
459+ if (err < 0) {
460+ if (err != -EAGAIN)
461+ XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR);
462+ return ERR_PTR(err);
463+ }
464+
465+ dst = xfrm_bundle_create(pols[0], xfrm, err, fl, dst_orig);
466+ if (IS_ERR(dst)) {
467+ XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTBUNDLEGENERROR);
468+ return ERR_CAST(dst);
469+ }
470+
471+ xdst = (struct xfrm_dst *)dst;
472+ xdst->num_xfrms = err;
473+ if (num_pols > 1)
474+ err = xfrm_dst_update_parent(dst, &pols[1]->selector);
475+ else
476+ err = xfrm_dst_update_origin(dst, fl);
477+ if (unlikely(err)) {
478+ dst_free(dst);
479+ XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTBUNDLECHECKERROR);
480+ return ERR_PTR(err);
481+ }
482+
483+ xdst->num_pols = num_pols;
484+ memcpy(xdst->pols, pols, sizeof(struct xfrm_policy*) * num_pols);
485+ xdst->policy_genid = atomic_read(&pols[0]->genid);
486+
487+ return xdst;
488+}
489+
490+static struct flow_cache_object *
491+xfrm_bundle_lookup(struct net *net, struct flowi *fl, u16 family, u8 dir,
492+ struct flow_cache_object *oldflo, void *ctx)
493+{
494+ struct dst_entry *dst_orig = (struct dst_entry *)ctx;
495+ struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
496+ struct xfrm_dst *xdst, *new_xdst;
497+ int num_pols = 0, num_xfrms = 0, i, err, pol_dead;
498+
499+ /* Check if the policies from old bundle are usable */
500+ xdst = NULL;
501+ if (oldflo) {
502+ xdst = container_of(oldflo, struct xfrm_dst, flo);
503+ num_pols = xdst->num_pols;
504+ num_xfrms = xdst->num_xfrms;
505+ pol_dead = 0;
506+ for (i = 0; i < num_pols; i++) {
507+ pols[i] = xdst->pols[i];
508+ pol_dead |= pols[i]->walk.dead;
509+ }
510+ if (pol_dead) {
511+ dst_free(&xdst->u.dst);
512+ xdst = NULL;
513+ num_pols = 0;
514+ num_xfrms = 0;
515+ oldflo = NULL;
516+ }
517+ }
518+
519+ /* Resolve policies to use if we couldn't get them from
520+ * previous cache entry */
521+ if (xdst == NULL) {
522+ num_pols = 1;
523+ pols[0] = __xfrm_policy_lookup(net, fl, family, dir);
524+ err = xfrm_expand_policies(fl, family, pols,
525+ &num_pols, &num_xfrms);
526+ if (err < 0)
527+ goto inc_error;
528+ if (num_pols == 0)
529+ return NULL;
530+ if (num_xfrms <= 0)
531+ goto make_dummy_bundle;
532+ }
533+
534+ new_xdst = xfrm_resolve_and_create_bundle(pols, num_pols, fl, family, dst_orig);
535+ if (IS_ERR(new_xdst)) {
536+ err = PTR_ERR(new_xdst);
537+ if (err != -EAGAIN)
538+ goto error;
539+ if (oldflo == NULL)
540+ goto make_dummy_bundle;
541+ dst_hold(&xdst->u.dst);
542+ return oldflo;
543+ }
544+
545+ /* Kill the previous bundle */
546+ if (xdst) {
547+ /* The policies were stolen for newly generated bundle */
548+ xdst->num_pols = 0;
549+ dst_free(&xdst->u.dst);
550+ }
551+
552+ /* Flow cache does not have reference, it dst_free()'s,
553+ * but we do need to return one reference for original caller */
554+ dst_hold(&new_xdst->u.dst);
555+ return &new_xdst->flo;
556+
557+make_dummy_bundle:
558+ /* We found policies, but there's no bundles to instantiate:
559+ * either because the policy blocks, has no transformations or
560+ * we could not build template (no xfrm_states).*/
561+ xdst = xfrm_alloc_dst(family);
562+ if (IS_ERR(xdst)) {
563+ xfrm_pols_put(pols, num_pols);
564+ return ERR_CAST(xdst);
565+ }
566+ xdst->num_pols = num_pols;
567+ xdst->num_xfrms = num_xfrms;
568+ memcpy(xdst->pols, pols, sizeof(struct xfrm_policy*) * num_pols);
569+
570+ dst_hold(&xdst->u.dst);
571+ return &xdst->flo;
572+
573+inc_error:
574+ XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR);
575+error:
576+ if (xdst != NULL)
577+ dst_free(&xdst->u.dst);
578+ else
579+ xfrm_pols_put(pols, num_pols);
580+ return ERR_PTR(err);
581+}
582
583 /* Main function: finds/creates a bundle for given flow.
584 *
585@@ -1540,248 +1727,152 @@ static int stale_bundle(struct dst_entry *dst);
586 int __xfrm_lookup(struct net *net, struct dst_entry **dst_p, struct flowi *fl,
587 struct sock *sk, int flags)
588 {
589- struct xfrm_policy *policy;
590 struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
591- int npols;
592- int pol_dead;
593- int xfrm_nr;
594- int pi;
595- struct xfrm_state *xfrm[XFRM_MAX_DEPTH];
596- struct dst_entry *dst, *dst_orig = *dst_p;
597- int nx = 0;
598- int err;
599- u32 genid;
600- u16 family;
601+ struct flow_cache_object *flo;
602+ struct xfrm_dst *xdst;
603+ struct dst_entry *dst, *dst_orig = *dst_p, *route;
604+ u16 family = dst_orig->ops->family;
605 u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT);
606+ int i, err, num_pols, num_xfrms, drop_pols = 0;
607
608 restart:
609- genid = atomic_read(&flow_cache_genid);
610- policy = NULL;
611- for (pi = 0; pi < ARRAY_SIZE(pols); pi++)
612- pols[pi] = NULL;
613- npols = 0;
614- pol_dead = 0;
615- xfrm_nr = 0;
616+ dst = NULL;
617+ xdst = NULL;
618+ route = NULL;
619
620 if (sk && sk->sk_policy[XFRM_POLICY_OUT]) {
621- policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
622- err = PTR_ERR(policy);
623- if (IS_ERR(policy)) {
624- XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR);
625+ num_pols = 1;
626+ pols[0] = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
627+ err = xfrm_expand_policies(fl, family, pols,
628+ &num_pols, &num_xfrms);
629+ if (err < 0)
630 goto dropdst;
631+
632+ if (num_pols) {
633+ if (num_xfrms <= 0) {
634+ drop_pols = num_pols;
635+ goto no_transform;
636+ }
637+
638+ xdst = xfrm_resolve_and_create_bundle(
639+ pols, num_pols, fl,
640+ family, dst_orig);
641+ if (IS_ERR(xdst)) {
642+ xfrm_pols_put(pols, num_pols);
643+ err = PTR_ERR(xdst);
644+ goto dropdst;
645+ }
646+
647+ spin_lock_bh(&xfrm_policy_sk_bundle_lock);
648+ xdst->u.dst.next = xfrm_policy_sk_bundles;
649+ xfrm_policy_sk_bundles = &xdst->u.dst;
650+ spin_unlock_bh(&xfrm_policy_sk_bundle_lock);
651+
652+ route = xdst->route;
653 }
654 }
655
656- if (!policy) {
657- struct flow_cache_object *flo;
658-
659+ if (xdst == NULL) {
660 /* To accelerate a bit... */
661 if ((dst_orig->flags & DST_NOXFRM) ||
662 !net->xfrm.policy_count[XFRM_POLICY_OUT])
663 goto nopol;
664
665- flo = flow_cache_lookup(net, fl, dst_orig->ops->family,
666- dir, xfrm_policy_lookup, NULL);
667- err = PTR_ERR(flo);
668+ flo = flow_cache_lookup(net, fl, family, dir,
669+ xfrm_bundle_lookup, dst_orig);
670+ if (flo == NULL)
671+ goto nopol;
672 if (IS_ERR(flo)) {
673- XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR);
674+ err = PTR_ERR(flo);
675 goto dropdst;
676 }
677- if (flo)
678- policy = container_of(flo, struct xfrm_policy, flo);
679- else
680- policy = NULL;
681+ xdst = container_of(flo, struct xfrm_dst, flo);
682+
683+ num_pols = xdst->num_pols;
684+ num_xfrms = xdst->num_xfrms;
685+ memcpy(pols, xdst->pols, sizeof(struct xfrm_policy*) * num_pols);
686+ route = xdst->route;
687+ }
688+
689+ dst = &xdst->u.dst;
690+ if (route == NULL && num_xfrms > 0) {
691+ /* The only case when xfrm_bundle_lookup() returns a
692+ * bundle with null route, is when the template could
693+ * not be resolved. It means policies are there, but
694+ * bundle could not be created, since we don't yet
695+ * have the xfrm_state's. We need to wait for KM to
696+ * negotiate new SA's or bail out with error.*/
697+ if (net->xfrm.sysctl_larval_drop) {
698+ /* EREMOTE tells the caller to generate
699+ * a one-shot blackhole route. */
700+ dst_release(dst);
701+ xfrm_pols_put(pols, num_pols);
702+ XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES);
703+ return -EREMOTE;
704+ }
705+ if (flags & XFRM_LOOKUP_WAIT) {
706+ DECLARE_WAITQUEUE(wait, current);
707+
708+ add_wait_queue(&net->xfrm.km_waitq, &wait);
709+ set_current_state(TASK_INTERRUPTIBLE);
710+ schedule();
711+ set_current_state(TASK_RUNNING);
712+ remove_wait_queue(&net->xfrm.km_waitq, &wait);
713+
714+ if (!signal_pending(current)) {
715+ dst_release(dst);
716+ goto restart;
717+ }
718+
719+ err = -ERESTART;
720+ } else
721+ err = -EAGAIN;
722+
723+ XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES);
724+ goto error;
725 }
726
727- if (!policy)
728+no_transform:
729+ if (num_pols == 0)
730 goto nopol;
731
732- family = dst_orig->ops->family;
733- pols[0] = policy;
734- npols ++;
735- xfrm_nr += pols[0]->xfrm_nr;
736-
737- err = -ENOENT;
738- if ((flags & XFRM_LOOKUP_ICMP) && !(policy->flags & XFRM_POLICY_ICMP))
739+ if ((flags & XFRM_LOOKUP_ICMP) &&
740+ !(pols[0]->flags & XFRM_POLICY_ICMP)) {
741+ err = -ENOENT;
742 goto error;
743+ }
744
745- policy->curlft.use_time = get_seconds();
746+ for (i = 0; i < num_pols; i++)
747+ pols[i]->curlft.use_time = get_seconds();
748
749- switch (policy->action) {
750- default:
751- case XFRM_POLICY_BLOCK:
752+ if (num_xfrms < 0) {
753 /* Prohibit the flow */
754 XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLBLOCK);
755 err = -EPERM;
756 goto error;
757-
758- case XFRM_POLICY_ALLOW:
759-#ifndef CONFIG_XFRM_SUB_POLICY
760- if (policy->xfrm_nr == 0) {
761- /* Flow passes not transformed. */
762- xfrm_pol_put(policy);
763- return 0;
764- }
765-#endif
766-
767- /* Try to find matching bundle.
768- *
769- * LATER: help from flow cache. It is optional, this
770- * is required only for output policy.
771- */
772- dst = xfrm_find_bundle(fl, policy, family);
773- if (IS_ERR(dst)) {
774- XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTBUNDLECHECKERROR);
775- err = PTR_ERR(dst);
776- goto error;
777- }
778-
779- if (dst)
780- break;
781-
782-#ifdef CONFIG_XFRM_SUB_POLICY
783- if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) {
784- pols[1] = xfrm_policy_lookup_bytype(net,
785- XFRM_POLICY_TYPE_MAIN,
786- fl, family,
787- XFRM_POLICY_OUT);
788- if (pols[1]) {
789- if (IS_ERR(pols[1])) {
790- XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR);
791- err = PTR_ERR(pols[1]);
792- goto error;
793- }
794- if (pols[1]->action == XFRM_POLICY_BLOCK) {
795- XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLBLOCK);
796- err = -EPERM;
797- goto error;
798- }
799- npols ++;
800- xfrm_nr += pols[1]->xfrm_nr;
801- }
802- }
803-
804- /*
805- * Because neither flowi nor bundle information knows about
806- * transformation template size. On more than one policy usage
807- * we can realize whether all of them is bypass or not after
808- * they are searched. See above not-transformed bypass
809- * is surrounded by non-sub policy configuration, too.
810- */
811- if (xfrm_nr == 0) {
812- /* Flow passes not transformed. */
813- xfrm_pols_put(pols, npols);
814- return 0;
815- }
816-
817-#endif
818- nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family);
819-
820- if (unlikely(nx<0)) {
821- err = nx;
822- if (err == -EAGAIN && net->xfrm.sysctl_larval_drop) {
823- /* EREMOTE tells the caller to generate
824- * a one-shot blackhole route.
825- */
826- XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES);
827- xfrm_pol_put(policy);
828- return -EREMOTE;
829- }
830- if (err == -EAGAIN && (flags & XFRM_LOOKUP_WAIT)) {
831- DECLARE_WAITQUEUE(wait, current);
832-
833- add_wait_queue(&net->xfrm.km_waitq, &wait);
834- set_current_state(TASK_INTERRUPTIBLE);
835- schedule();
836- set_current_state(TASK_RUNNING);
837- remove_wait_queue(&net->xfrm.km_waitq, &wait);
838-
839- nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family);
840-
841- if (nx == -EAGAIN && signal_pending(current)) {
842- XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES);
843- err = -ERESTART;
844- goto error;
845- }
846- if (nx == -EAGAIN ||
847- genid != atomic_read(&flow_cache_genid)) {
848- xfrm_pols_put(pols, npols);
849- goto restart;
850- }
851- err = nx;
852- }
853- if (err < 0) {
854- XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES);
855- goto error;
856- }
857- }
858- if (nx == 0) {
859- /* Flow passes not transformed. */
860- xfrm_pols_put(pols, npols);
861- return 0;
862- }
863-
864- dst = xfrm_bundle_create(policy, xfrm, nx, fl, dst_orig);
865- err = PTR_ERR(dst);
866- if (IS_ERR(dst)) {
867- XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTBUNDLEGENERROR);
868- goto error;
869- }
870-
871- for (pi = 0; pi < npols; pi++)
872- pol_dead |= pols[pi]->walk.dead;
873-
874- write_lock_bh(&policy->lock);
875- if (unlikely(pol_dead || stale_bundle(dst))) {
876- /* Wow! While we worked on resolving, this
877- * policy has gone. Retry. It is not paranoia,
878- * we just cannot enlist new bundle to dead object.
879- * We can't enlist stable bundles either.
880- */
881- write_unlock_bh(&policy->lock);
882- dst_free(dst);
883-
884- if (pol_dead)
885- XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLDEAD);
886- else
887- XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTBUNDLECHECKERROR);
888- err = -EHOSTUNREACH;
889- goto error;
890- }
891-
892- if (npols > 1)
893- err = xfrm_dst_update_parent(dst, &pols[1]->selector);
894- else
895- err = xfrm_dst_update_origin(dst, fl);
896- if (unlikely(err)) {
897- write_unlock_bh(&policy->lock);
898- dst_free(dst);
899- XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTBUNDLECHECKERROR);
900- goto error;
901- }
902-
903- dst->next = policy->bundles;
904- policy->bundles = dst;
905- dst_hold(dst);
906- write_unlock_bh(&policy->lock);
907+ } else if (num_xfrms > 0) {
908+ /* Flow transformed */
909+ *dst_p = dst;
910+ dst_release(dst_orig);
911+ } else {
912+ /* Flow passes untransformed */
913+ dst_release(dst);
914 }
915- *dst_p = dst;
916- dst_release(dst_orig);
917- xfrm_pols_put(pols, npols);
918+ok:
919+ xfrm_pols_put(pols, drop_pols);
920 return 0;
921
922+nopol:
923+ if (!(flags & XFRM_LOOKUP_ICMP))
924+ goto ok;
925+ err = -ENOENT;
926 error:
927- xfrm_pols_put(pols, npols);
928+ dst_release(dst);
929 dropdst:
930 dst_release(dst_orig);
931 *dst_p = NULL;
932+ xfrm_pols_put(pols, drop_pols);
933 return err;
934-
935-nopol:
936- err = -ENOENT;
937- if (flags & XFRM_LOOKUP_ICMP)
938- goto dropdst;
939- return 0;
940 }
941 EXPORT_SYMBOL(__xfrm_lookup);
942
943@@ -2134,71 +2225,24 @@ static struct dst_entry *xfrm_negative_advice(struct dst_entry *dst)
944 return dst;
945 }
946
947-static void prune_one_bundle(struct xfrm_policy *pol, int (*func)(struct dst_entry *), struct dst_entry **gc_list_p)
948-{
949- struct dst_entry *dst, **dstp;
950-
951- write_lock(&pol->lock);
952- dstp = &pol->bundles;
953- while ((dst=*dstp) != NULL) {
954- if (func(dst)) {
955- *dstp = dst->next;
956- dst->next = *gc_list_p;
957- *gc_list_p = dst;
958- } else {
959- dstp = &dst->next;
960- }
961- }
962- write_unlock(&pol->lock);
963-}
964-
965-static void xfrm_prune_bundles(struct net *net, int (*func)(struct dst_entry *))
966+static void __xfrm_garbage_collect(struct net *net)
967 {
968- struct dst_entry *gc_list = NULL;
969- int dir;
970+ struct dst_entry *head, *next;
971
972- read_lock_bh(&xfrm_policy_lock);
973- for (dir = 0; dir < XFRM_POLICY_MAX * 2; dir++) {
974- struct xfrm_policy *pol;
975- struct hlist_node *entry;
976- struct hlist_head *table;
977- int i;
978+ flow_cache_flush();
979
980- hlist_for_each_entry(pol, entry,
981- &net->xfrm.policy_inexact[dir], bydst)
982- prune_one_bundle(pol, func, &gc_list);
983+ spin_lock_bh(&xfrm_policy_sk_bundle_lock);
984+ head = xfrm_policy_sk_bundles;
985+ xfrm_policy_sk_bundles = NULL;
986+ spin_unlock_bh(&xfrm_policy_sk_bundle_lock);
987
988- table = net->xfrm.policy_bydst[dir].table;
989- for (i = net->xfrm.policy_bydst[dir].hmask; i >= 0; i--) {
990- hlist_for_each_entry(pol, entry, table + i, bydst)
991- prune_one_bundle(pol, func, &gc_list);
992- }
993- }
994- read_unlock_bh(&xfrm_policy_lock);
995-
996- while (gc_list) {
997- struct dst_entry *dst = gc_list;
998- gc_list = dst->next;
999- dst_free(dst);
1000+ while (head) {
1001+ next = head->next;
1002+ dst_free(head);
1003+ head = next;
1004 }
1005 }
1006
1007-static int unused_bundle(struct dst_entry *dst)
1008-{
1009- return !atomic_read(&dst->__refcnt);
1010-}
1011-
1012-static void __xfrm_garbage_collect(struct net *net)
1013-{
1014- xfrm_prune_bundles(net, unused_bundle);
1015-}
1016-
1017-static int xfrm_flush_bundles(struct net *net)
1018-{
1019- xfrm_prune_bundles(net, stale_bundle);
1020- return 0;
1021-}
1022-
1023 static void xfrm_init_pmtu(struct dst_entry *dst)
1024 {
1025 do {
1026@@ -2256,7 +2300,9 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
1027 return 0;
1028 if (dst->xfrm->km.state != XFRM_STATE_VALID)
1029 return 0;
1030- if (xdst->genid != dst->xfrm->genid)
1031+ if (xdst->xfrm_genid != dst->xfrm->genid)
1032+ return 0;
1033+ if (xdst->policy_genid != atomic_read(&xdst->pols[0]->genid))
1034 return 0;
1035
1036 if (strict && fl &&
1037@@ -2383,7 +2429,7 @@ static int xfrm_dev_event(struct notifier_block *this, unsigned long event, void
1038
1039 switch (event) {
1040 case NETDEV_DOWN:
1041- xfrm_flush_bundles(dev_net(dev));
1042+ __xfrm_garbage_collect(dev_net(dev));
1043 }
1044 return NOTIFY_DONE;
1045 }
1046@@ -2714,7 +2760,6 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol,
1047 struct xfrm_migrate *m, int num_migrate)
1048 {
1049 struct xfrm_migrate *mp;
1050- struct dst_entry *dst;
1051 int i, j, n = 0;
1052
1053 write_lock_bh(&pol->lock);
1054@@ -2739,10 +2784,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol,
1055 sizeof(pol->xfrm_vec[i].saddr));
1056 pol->xfrm_vec[i].encap_family = mp->new_family;
1057 /* flush bundles */
1058- while ((dst = pol->bundles) != NULL) {
1059- pol->bundles = dst->next;
1060- dst_free(dst);
1061- }
1062+ atomic_inc(&pol->genid);
1063 }
1064 }
1065
1066--
10671.7.0.2
1068
diff --git a/main/linux-grsec/0016-xfrm-remove-policy-garbage-collection.patch b/main/linux-grsec/0016-xfrm-remove-policy-garbage-collection.patch
new file mode 100644
index 0000000000..4a45c7f40d
--- /dev/null
+++ b/main/linux-grsec/0016-xfrm-remove-policy-garbage-collection.patch
@@ -0,0 +1,91 @@
1From 4c53c9239069f48ec9a86f8e596c163b72e8bc4d Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
3Date: Wed, 7 Apr 2010 00:30:06 +0000
4Subject: [PATCH 16/18] xfrm: remove policy garbage collection
5
6Policies are now properly reference counted and destroyed from
7all code paths. The delayed gc is just an overhead now and can
8be removed.
9
10Signed-off-by: Timo Teras <timo.teras@iki.fi>
11Signed-off-by: David S. Miller <davem@davemloft.net>
12(cherry picked from commit 285ead175c5dd5075cab5b6c94f35a3e6c0a3ae6)
13---
14 net/xfrm/xfrm_policy.c | 39 +++++----------------------------------
15 1 files changed, 5 insertions(+), 34 deletions(-)
16
17diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
18index 0379d82..5606841 100644
19--- a/net/xfrm/xfrm_policy.c
20+++ b/net/xfrm/xfrm_policy.c
21@@ -46,9 +46,6 @@ static struct xfrm_policy_afinfo *xfrm_policy_afinfo[NPROTO];
22
23 static struct kmem_cache *xfrm_dst_cache __read_mostly;
24
25-static HLIST_HEAD(xfrm_policy_gc_list);
26-static DEFINE_SPINLOCK(xfrm_policy_gc_lock);
27-
28 static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family);
29 static void xfrm_policy_put_afinfo(struct xfrm_policy_afinfo *afinfo);
30 static void xfrm_init_pmtu(struct dst_entry *dst);
31@@ -288,32 +285,6 @@ void xfrm_policy_destroy(struct xfrm_policy *policy)
32 }
33 EXPORT_SYMBOL(xfrm_policy_destroy);
34
35-static void xfrm_policy_gc_kill(struct xfrm_policy *policy)
36-{
37- atomic_inc(&policy->genid);
38-
39- if (del_timer(&policy->timer))
40- atomic_dec(&policy->refcnt);
41-
42- xfrm_pol_put(policy);
43-}
44-
45-static void xfrm_policy_gc_task(struct work_struct *work)
46-{
47- struct xfrm_policy *policy;
48- struct hlist_node *entry, *tmp;
49- struct hlist_head gc_list;
50-
51- spin_lock_bh(&xfrm_policy_gc_lock);
52- gc_list.first = xfrm_policy_gc_list.first;
53- INIT_HLIST_HEAD(&xfrm_policy_gc_list);
54- spin_unlock_bh(&xfrm_policy_gc_lock);
55-
56- hlist_for_each_entry_safe(policy, entry, tmp, &gc_list, bydst)
57- xfrm_policy_gc_kill(policy);
58-}
59-static DECLARE_WORK(xfrm_policy_gc_work, xfrm_policy_gc_task);
60-
61 /* Rule must be locked. Release descentant resources, announce
62 * entry dead. The rule must be unlinked from lists to the moment.
63 */
64@@ -322,11 +293,12 @@ static void xfrm_policy_kill(struct xfrm_policy *policy)
65 {
66 policy->walk.dead = 1;
67
68- spin_lock_bh(&xfrm_policy_gc_lock);
69- hlist_add_head(&policy->bydst, &xfrm_policy_gc_list);
70- spin_unlock_bh(&xfrm_policy_gc_lock);
71+ atomic_inc(&policy->genid);
72
73- schedule_work(&xfrm_policy_gc_work);
74+ if (del_timer(&policy->timer))
75+ xfrm_pol_put(policy);
76+
77+ xfrm_pol_put(policy);
78 }
79
80 static unsigned int xfrm_policy_hashmax __read_mostly = 1 * 1024 * 1024;
81@@ -2535,7 +2507,6 @@ static void xfrm_policy_fini(struct net *net)
82 audit_info.sessionid = -1;
83 audit_info.secid = 0;
84 xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
85- flush_work(&xfrm_policy_gc_work);
86
87 WARN_ON(!list_empty(&net->xfrm.policy_all));
88
89--
901.7.0.2
91
diff --git a/main/linux-grsec/0017-flow-delayed-deletion-of-flow-cache-entries.patch b/main/linux-grsec/0017-flow-delayed-deletion-of-flow-cache-entries.patch
new file mode 100644
index 0000000000..7d17d41aed
--- /dev/null
+++ b/main/linux-grsec/0017-flow-delayed-deletion-of-flow-cache-entries.patch
@@ -0,0 +1,231 @@
1From fede05e99e2d860e97bc877b8b77fb9e63f55cc8 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
3Date: Wed, 7 Apr 2010 00:30:07 +0000
4Subject: [PATCH 17/18] flow: delayed deletion of flow cache entries
5
6Speed up lookups by freeing flow cache entries later. After
7virtualizing flow cache entry operations, the flow cache may now
8end up calling policy or bundle destructor which can be slowish.
9
10As gc_list is more effective with double linked list, the flow cache
11is converted to use common hlist and list macroes where appropriate.
12
13Signed-off-by: Timo Teras <timo.teras@iki.fi>
14Signed-off-by: David S. Miller <davem@davemloft.net>
15(cherry picked from commit 8e4795605d1e1b39113818ad7c147b8a867a1f6a)
16---
17 net/core/flow.c | 100 ++++++++++++++++++++++++++++++++++++++-----------------
18 1 files changed, 69 insertions(+), 31 deletions(-)
19
20diff --git a/net/core/flow.c b/net/core/flow.c
21index 521df52..1619006 100644
22--- a/net/core/flow.c
23+++ b/net/core/flow.c
24@@ -26,7 +26,10 @@
25 #include <linux/security.h>
26
27 struct flow_cache_entry {
28- struct flow_cache_entry *next;
29+ union {
30+ struct hlist_node hlist;
31+ struct list_head gc_list;
32+ } u;
33 u16 family;
34 u8 dir;
35 u32 genid;
36@@ -35,7 +38,7 @@ struct flow_cache_entry {
37 };
38
39 struct flow_cache_percpu {
40- struct flow_cache_entry **hash_table;
41+ struct hlist_head *hash_table;
42 int hash_count;
43 u32 hash_rnd;
44 int hash_rnd_recalc;
45@@ -62,6 +65,9 @@ atomic_t flow_cache_genid = ATOMIC_INIT(0);
46 static struct flow_cache flow_cache_global;
47 static struct kmem_cache *flow_cachep;
48
49+static DEFINE_SPINLOCK(flow_cache_gc_lock);
50+static LIST_HEAD(flow_cache_gc_list);
51+
52 #define flow_cache_hash_size(cache) (1 << (cache)->hash_shift)
53 #define FLOW_HASH_RND_PERIOD (10 * 60 * HZ)
54
55@@ -86,38 +92,66 @@ static int flow_entry_valid(struct flow_cache_entry *fle)
56 return 1;
57 }
58
59-static void flow_entry_kill(struct flow_cache *fc,
60- struct flow_cache_percpu *fcp,
61- struct flow_cache_entry *fle)
62+static void flow_entry_kill(struct flow_cache_entry *fle)
63 {
64 if (fle->object)
65 fle->object->ops->delete(fle->object);
66 kmem_cache_free(flow_cachep, fle);
67- fcp->hash_count--;
68+}
69+
70+static void flow_cache_gc_task(struct work_struct *work)
71+{
72+ struct list_head gc_list;
73+ struct flow_cache_entry *fce, *n;
74+
75+ INIT_LIST_HEAD(&gc_list);
76+ spin_lock_bh(&flow_cache_gc_lock);
77+ list_splice_tail_init(&flow_cache_gc_list, &gc_list);
78+ spin_unlock_bh(&flow_cache_gc_lock);
79+
80+ list_for_each_entry_safe(fce, n, &gc_list, u.gc_list)
81+ flow_entry_kill(fce);
82+}
83+static DECLARE_WORK(flow_cache_gc_work, flow_cache_gc_task);
84+
85+static void flow_cache_queue_garbage(struct flow_cache_percpu *fcp,
86+ int deleted, struct list_head *gc_list)
87+{
88+ if (deleted) {
89+ fcp->hash_count -= deleted;
90+ spin_lock_bh(&flow_cache_gc_lock);
91+ list_splice_tail(gc_list, &flow_cache_gc_list);
92+ spin_unlock_bh(&flow_cache_gc_lock);
93+ schedule_work(&flow_cache_gc_work);
94+ }
95 }
96
97 static void __flow_cache_shrink(struct flow_cache *fc,
98 struct flow_cache_percpu *fcp,
99 int shrink_to)
100 {
101- struct flow_cache_entry *fle, **flp;
102- int i;
103+ struct flow_cache_entry *fle;
104+ struct hlist_node *entry, *tmp;
105+ LIST_HEAD(gc_list);
106+ int i, deleted = 0;
107
108 for (i = 0; i < flow_cache_hash_size(fc); i++) {
109 int saved = 0;
110
111- flp = &fcp->hash_table[i];
112- while ((fle = *flp) != NULL) {
113+ hlist_for_each_entry_safe(fle, entry, tmp,
114+ &fcp->hash_table[i], u.hlist) {
115 if (saved < shrink_to &&
116 flow_entry_valid(fle)) {
117 saved++;
118- flp = &fle->next;
119 } else {
120- *flp = fle->next;
121- flow_entry_kill(fc, fcp, fle);
122+ deleted++;
123+ hlist_del(&fle->u.hlist);
124+ list_add_tail(&fle->u.gc_list, &gc_list);
125 }
126 }
127 }
128+
129+ flow_cache_queue_garbage(fcp, deleted, &gc_list);
130 }
131
132 static void flow_cache_shrink(struct flow_cache *fc,
133@@ -182,7 +216,8 @@ flow_cache_lookup(struct net *net, struct flowi *key, u16 family, u8 dir,
134 {
135 struct flow_cache *fc = &flow_cache_global;
136 struct flow_cache_percpu *fcp;
137- struct flow_cache_entry *fle, **head;
138+ struct flow_cache_entry *fle, *tfle;
139+ struct hlist_node *entry;
140 struct flow_cache_object *flo;
141 unsigned int hash;
142
143@@ -200,12 +235,13 @@ flow_cache_lookup(struct net *net, struct flowi *key, u16 family, u8 dir,
144 flow_new_hash_rnd(fc, fcp);
145
146 hash = flow_hash_code(fc, fcp, key);
147- head = &fcp->hash_table[hash];
148- for (fle = *head; fle; fle = fle->next) {
149- if (fle->family == family &&
150- fle->dir == dir &&
151- flow_key_compare(key, &fle->key) == 0)
152+ hlist_for_each_entry(tfle, entry, &fcp->hash_table[hash], u.hlist) {
153+ if (tfle->family == family &&
154+ tfle->dir == dir &&
155+ flow_key_compare(key, &tfle->key) == 0) {
156+ fle = tfle;
157 break;
158+ }
159 }
160
161 if (unlikely(!fle)) {
162@@ -214,12 +250,11 @@ flow_cache_lookup(struct net *net, struct flowi *key, u16 family, u8 dir,
163
164 fle = kmem_cache_alloc(flow_cachep, GFP_ATOMIC);
165 if (fle) {
166- fle->next = *head;
167- *head = fle;
168 fle->family = family;
169 fle->dir = dir;
170 memcpy(&fle->key, key, sizeof(*key));
171 fle->object = NULL;
172+ hlist_add_head(&fle->u.hlist, &fcp->hash_table[hash]);
173 fcp->hash_count++;
174 }
175 } else if (likely(fle->genid == atomic_read(&flow_cache_genid))) {
176@@ -262,23 +297,26 @@ static void flow_cache_flush_tasklet(unsigned long data)
177 struct flow_flush_info *info = (void *)data;
178 struct flow_cache *fc = info->cache;
179 struct flow_cache_percpu *fcp;
180- int i;
181+ struct flow_cache_entry *fle;
182+ struct hlist_node *entry, *tmp;
183+ LIST_HEAD(gc_list);
184+ int i, deleted = 0;
185
186 fcp = per_cpu_ptr(fc->percpu, smp_processor_id());
187 for (i = 0; i < flow_cache_hash_size(fc); i++) {
188- struct flow_cache_entry *fle;
189-
190- fle = fcp->hash_table[i];
191- for (; fle; fle = fle->next) {
192+ hlist_for_each_entry_safe(fle, entry, tmp,
193+ &fcp->hash_table[i], u.hlist) {
194 if (flow_entry_valid(fle))
195 continue;
196
197- if (fle->object)
198- fle->object->ops->delete(fle->object);
199- fle->object = NULL;
200+ deleted++;
201+ hlist_del(&fle->u.hlist);
202+ list_add_tail(&fle->u.gc_list, &gc_list);
203 }
204 }
205
206+ flow_cache_queue_garbage(fcp, deleted, &gc_list);
207+
208 if (atomic_dec_and_test(&info->cpuleft))
209 complete(&info->completion);
210 }
211@@ -320,7 +358,7 @@ void flow_cache_flush(void)
212 static void __init flow_cache_cpu_prepare(struct flow_cache *fc,
213 struct flow_cache_percpu *fcp)
214 {
215- fcp->hash_table = (struct flow_cache_entry **)
216+ fcp->hash_table = (struct hlist_head *)
217 __get_free_pages(GFP_KERNEL|__GFP_ZERO, fc->order);
218 if (!fcp->hash_table)
219 panic("NET: failed to allocate flow cache order %lu\n", fc->order);
220@@ -354,7 +392,7 @@ static int flow_cache_init(struct flow_cache *fc)
221
222 for (order = 0;
223 (PAGE_SIZE << order) <
224- (sizeof(struct flow_cache_entry *)*flow_cache_hash_size(fc));
225+ (sizeof(struct hlist_head)*flow_cache_hash_size(fc));
226 order++)
227 /* NOTHING */;
228 fc->order = order;
229--
2301.7.0.2
231
diff --git a/main/linux-grsec/0018-xfrm-Fix-crashes-in-xfrm_lookup.patch b/main/linux-grsec/0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
new file mode 100644
index 0000000000..6f0dc91286
--- /dev/null
+++ b/main/linux-grsec/0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
@@ -0,0 +1,46 @@
1From e0c0800740cdf64fe7b121c2ef235c01f1957af0 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
3Date: Thu, 8 Apr 2010 11:27:42 -0700
4Subject: [PATCH 18/18] xfrm: Fix crashes in xfrm_lookup()
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9From: Timo Teräs <timo.teras@iki.fi>
10
11Happens because CONFIG_XFRM_SUB_POLICY is not enabled, and one of
12the helper functions I used did unexpected things in that case.
13
14Signed-off-by: David S. Miller <davem@davemloft.net>
15(cherry picked from commit e4077e018b5ead3de9951fc01d8bf12eeeeeefed)
16---
17 include/net/xfrm.h | 7 -------
18 1 files changed, 0 insertions(+), 7 deletions(-)
19
20diff --git a/include/net/xfrm.h b/include/net/xfrm.h
21index d51ef61..280f46f 100644
22--- a/include/net/xfrm.h
23+++ b/include/net/xfrm.h
24@@ -738,19 +738,12 @@ static inline void xfrm_pol_put(struct xfrm_policy *policy)
25 xfrm_policy_destroy(policy);
26 }
27
28-#ifdef CONFIG_XFRM_SUB_POLICY
29 static inline void xfrm_pols_put(struct xfrm_policy **pols, int npols)
30 {
31 int i;
32 for (i = npols - 1; i >= 0; --i)
33 xfrm_pol_put(pols[i]);
34 }
35-#else
36-static inline void xfrm_pols_put(struct xfrm_policy **pols, int npols)
37-{
38- xfrm_pol_put(pols[0]);
39-}
40-#endif
41
42 extern void __xfrm_state_destroy(struct xfrm_state *);
43
44--
451.7.0.2
46
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 0e93993e87..b514a1a5d7 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
4pkgname=linux-${_flavor} 4pkgname=linux-${_flavor}
5pkgver=2.6.32.11 5pkgver=2.6.32.11
6_kernver=2.6.32 6_kernver=2.6.32
7pkgrel=0 7pkgrel=2
8pkgdesc="Linux kernel with grsecurity" 8pkgdesc="Linux kernel with grsecurity"
9url=http://grsecurity.net 9url=http://grsecurity.net
10depends="mkinitfs linux-firmware" 10depends="mkinitfs linux-firmware"
@@ -14,13 +14,25 @@ _config=${config:-kernelconfig.${CARCH:-x86}}
14install= 14install=
15source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 15source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
16 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 16 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
17 grsecurity-2.1.14-2.6.32.11-201004042103.patch 17 grsecurity-2.1.14-2.6.32.11-201004071936.patch
18 ip_gre.patch 18 0001-grsec-revert-conflicting-flow-cache-changes.patch
19 ip_gre2.patch 19 0002-gre-fix-hard-header-destination-address-checking.patch
20 arp.patch 20 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
21 xfrm-cache-size-revert.patch 21 0004-arp-flush-arp-cache-on-device-change.patch
22 net-git-78f1cd-r8169-fix-broken-register-writes.patch 22 0005-r8169-fix-broken-register-writes.patch
23 net-git-c0cd88-r8169-offical-fix-for-CVE-2009-4537-overlength-frame-DMAs.patch 23 0006-r8169-offical-fix-for-CVE-2009-4537-overlength-frame.patch
24 0007-r8169-Fix-rtl8169_rx_interrupt.patch
25 0008-r8169-clean-up-my-printk-uglyness.patch
26 0009-ipsec-Fix-bogus-bundle-flowi.patch
27 0010-xfrm-Remove-xfrm_state_genid.patch
28 0011-xfrm_user-verify-policy-direction-at-XFRM_MSG_POLEXP.patch
29 0012-xfrm-remove-policy-lock-when-accessing-policy-walk.d.patch
30 0013-flow-structurize-flow-cache.patch
31 0014-flow-virtualize-flow-cache-entry-methods.patch
32 0015-xfrm-cache-bundles-instead-of-policies-for-outgoing-.patch
33 0016-xfrm-remove-policy-garbage-collection.patch
34 0017-flow-delayed-deletion-of-flow-cache-entries.patch
35 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
24 kernelconfig.x86 36 kernelconfig.x86
25 " 37 "
26subpackages="$pkgname-dev linux-firmware:firmware" 38subpackages="$pkgname-dev linux-firmware:firmware"
@@ -34,7 +46,8 @@ prepare() {
34 bunzip2 -c < ../patch-$pkgver.bz2 | patch -p1 -N || return 1 46 bunzip2 -c < ../patch-$pkgver.bz2 | patch -p1 -N || return 1
35 fi 47 fi
36 48
37 for i in ../*.diff ../*.patch; do 49 # first apply the grsecurity patch and then the rest
50 for i in "$srcdir"/grsecurity*.patch "$srcdir"/0[0-9]*.patch; do
38 [ -f $i ] || continue 51 [ -f $i ] || continue
39 msg "Applying $i..." 52 msg "Applying $i..."
40 patch -s -p1 -N < $i || return 1 53 patch -s -p1 -N < $i || return 1
@@ -126,11 +139,23 @@ firmware() {
126 139
127md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2 140md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2
128855c248334a71ef5ca3d8cb89d51334f patch-2.6.32.11.bz2 141855c248334a71ef5ca3d8cb89d51334f patch-2.6.32.11.bz2
12986fc90c3b2821a5dc0df726893c63297 grsecurity-2.1.14-2.6.32.11-201004042103.patch 1426eabb0c08a988a97a823b5462d1c5018 grsecurity-2.1.14-2.6.32.11-201004071936.patch
1303ef822f3a2723b9a80c3f12954457225 ip_gre.patch 1431d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch
13113ca9e91700e459da269c957062bbea7 ip_gre2.patch 144437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch
1324c39a161d918e7f274292ecfd168b891 arp.patch 145151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
133329fcab881425e001d3243caa4648478 xfrm-cache-size-revert.patch 146776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
13421ed38773d846097b7315e1e0801d87a net-git-78f1cd-r8169-fix-broken-register-writes.patch 147afa06334c81f21c20571286a83d3d928 0005-r8169-fix-broken-register-writes.patch
135962a6dd7c639612fc8bdaeb836388b0b net-git-c0cd88-r8169-offical-fix-for-CVE-2009-4537-overlength-frame-DMAs.patch 148c538c0f735d79fd71b47dde02bf1f790 0006-r8169-offical-fix-for-CVE-2009-4537-overlength-frame.patch
1495f8b9a76d95319c5b1aa26b54a42e6b5 0007-r8169-Fix-rtl8169_rx_interrupt.patch
150f878c802700e3babd03be3505119c5c2 0008-r8169-clean-up-my-printk-uglyness.patch
151cf168620efa63479a6e03da78906e32f 0009-ipsec-Fix-bogus-bundle-flowi.patch
1523af4b5ae1afae3278b0070f585b874e3 0010-xfrm-Remove-xfrm_state_genid.patch
1539f284c3fd5ab38cef4544efc1f50c6ba 0011-xfrm_user-verify-policy-direction-at-XFRM_MSG_POLEXP.patch
154b035114e893883cf67530350678e00f5 0012-xfrm-remove-policy-lock-when-accessing-policy-walk.d.patch
1559dea03ec19aaf9a384e4f56f57009257 0013-flow-structurize-flow-cache.patch
156fc9ab26abbfec0d3f20000b5e695620b 0014-flow-virtualize-flow-cache-entry-methods.patch
157c09b82b89a49ba2a3836a0bc3a3312f4 0015-xfrm-cache-bundles-instead-of-policies-for-outgoing-.patch
15841618efb65ab9ddacfb59a1cde9b4edd 0016-xfrm-remove-policy-garbage-collection.patch
1593b83f0972ab715819d1119b120a987e7 0017-flow-delayed-deletion-of-flow-cache-entries.patch
16045a676c7a1759fec60b724d557b4e295 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
1367f442049b29ab749180e54ff8f20f1d0 kernelconfig.x86" 1617f442049b29ab749180e54ff8f20f1d0 kernelconfig.x86"
diff --git a/main/linux-grsec/arp.patch b/main/linux-grsec/arp.patch
deleted file mode 100644
index d2682690f5..0000000000
--- a/main/linux-grsec/arp.patch
+++ /dev/null
@@ -1,14 +0,0 @@
1diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
2index c95cd93..71ab56f 100644
3--- a/net/ipv4/arp.c
4+++ b/net/ipv4/arp.c
5@@ -1200,6 +1200,9 @@ static int arp_netdev_event(struct notifier_block *this, unsigned long event, vo
6 neigh_changeaddr(&arp_tbl, dev);
7 rt_cache_flush(dev_net(dev), 0);
8 break;
9+ case NETDEV_CHANGE:
10+ neigh_changeaddr(&arp_tbl, dev);
11+ break;
12 default:
13 break;
14 }
diff --git a/main/linux-grsec/grsecurity-2.1.14-2.6.32.11-201004042103.patch b/main/linux-grsec/grsecurity-2.1.14-2.6.32.11-201004071936.patch
index 77ce387829..62c446bc3e 100644
--- a/main/linux-grsec/grsecurity-2.1.14-2.6.32.11-201004042103.patch
+++ b/main/linux-grsec/grsecurity-2.1.14-2.6.32.11-201004071936.patch
@@ -6908,6 +6908,21 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/iommu.h linux-2.6.32.11/arch/x86
6908 extern int force_iommu, no_iommu; 6908 extern int force_iommu, no_iommu;
6909 extern int iommu_detected; 6909 extern int iommu_detected;
6910 extern int iommu_pass_through; 6910 extern int iommu_pass_through;
6911diff -urNp linux-2.6.32.11/arch/x86/include/asm/irqflags.h linux-2.6.32.11/arch/x86/include/asm/irqflags.h
6912--- linux-2.6.32.11/arch/x86/include/asm/irqflags.h 2010-03-15 11:52:04.000000000 -0400
6913+++ linux-2.6.32.11/arch/x86/include/asm/irqflags.h 2010-04-07 19:33:06.601891934 -0400
6914@@ -142,6 +142,11 @@ static inline unsigned long __raw_local_
6915 sti; \
6916 sysexit
6917
6918+#define GET_CR0_INTO_RDI mov %cr0, %rdi
6919+#define SET_RDI_INTO_CR0 mov %rdi, %cr0
6920+#define GET_CR3_INTO_RDI mov %cr3, %rdi
6921+#define SET_RDI_INTO_CR3 mov %rdi, %cr3
6922+
6923 #else
6924 #define INTERRUPT_RETURN iret
6925 #define ENABLE_INTERRUPTS_SYSEXIT sti; sysexit
6911diff -urNp linux-2.6.32.11/arch/x86/include/asm/kvm_host.h linux-2.6.32.11/arch/x86/include/asm/kvm_host.h 6926diff -urNp linux-2.6.32.11/arch/x86/include/asm/kvm_host.h linux-2.6.32.11/arch/x86/include/asm/kvm_host.h
6912--- linux-2.6.32.11/arch/x86/include/asm/kvm_host.h 2010-03-15 11:52:04.000000000 -0400 6927--- linux-2.6.32.11/arch/x86/include/asm/kvm_host.h 2010-03-15 11:52:04.000000000 -0400
6913+++ linux-2.6.32.11/arch/x86/include/asm/kvm_host.h 2010-04-04 20:46:41.500459645 -0400 6928+++ linux-2.6.32.11/arch/x86/include/asm/kvm_host.h 2010-04-04 20:46:41.500459645 -0400
@@ -7210,8 +7225,8 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/mman.h linux-2.6.32.11/arch/x86/
7210 #endif /* _ASM_X86_MMAN_H */ 7225 #endif /* _ASM_X86_MMAN_H */
7211diff -urNp linux-2.6.32.11/arch/x86/include/asm/mmu_context.h linux-2.6.32.11/arch/x86/include/asm/mmu_context.h 7226diff -urNp linux-2.6.32.11/arch/x86/include/asm/mmu_context.h linux-2.6.32.11/arch/x86/include/asm/mmu_context.h
7212--- linux-2.6.32.11/arch/x86/include/asm/mmu_context.h 2010-03-15 11:52:04.000000000 -0400 7227--- linux-2.6.32.11/arch/x86/include/asm/mmu_context.h 2010-03-15 11:52:04.000000000 -0400
7213+++ linux-2.6.32.11/arch/x86/include/asm/mmu_context.h 2010-04-04 20:58:33.220592413 -0400 7228+++ linux-2.6.32.11/arch/x86/include/asm/mmu_context.h 2010-04-06 22:21:53.692294722 -0400
7214@@ -24,6 +24,22 @@ void destroy_context(struct mm_struct *m 7229@@ -24,6 +24,21 @@ void destroy_context(struct mm_struct *m
7215 7230
7216 static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk) 7231 static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk)
7217 { 7232 {
@@ -7223,18 +7238,17 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/mmu_context.h linux-2.6.32.11/ar
7223+ pax_open_kernel(); 7238+ pax_open_kernel();
7224+ pgd = get_cpu_pgd(smp_processor_id()); 7239+ pgd = get_cpu_pgd(smp_processor_id());
7225+ for (i = USER_PGD_PTRS; i < 2 * USER_PGD_PTRS; ++i) 7240+ for (i = USER_PGD_PTRS; i < 2 * USER_PGD_PTRS; ++i)
7226+#ifdef CONFIG_PARAVIRT 7241+ if (paravirt_enabled())
7227+ set_pgd(pgd+i, native_make_pgd(0)); 7242+ set_pgd(pgd+i, native_make_pgd(0));
7228+#else 7243+ else
7229+ pgd[i] = native_make_pgd(0); 7244+ pgd[i] = native_make_pgd(0);
7230+#endif
7231+ pax_close_kernel(); 7245+ pax_close_kernel();
7232+#endif 7246+#endif
7233+ 7247+
7234 #ifdef CONFIG_SMP 7248 #ifdef CONFIG_SMP
7235 if (percpu_read(cpu_tlbstate.state) == TLBSTATE_OK) 7249 if (percpu_read(cpu_tlbstate.state) == TLBSTATE_OK)
7236 percpu_write(cpu_tlbstate.state, TLBSTATE_LAZY); 7250 percpu_write(cpu_tlbstate.state, TLBSTATE_LAZY);
7237@@ -34,37 +50,96 @@ static inline void switch_mm(struct mm_s 7251@@ -34,37 +49,96 @@ static inline void switch_mm(struct mm_s
7238 struct task_struct *tsk) 7252 struct task_struct *tsk)
7239 { 7253 {
7240 unsigned cpu = smp_processor_id(); 7254 unsigned cpu = smp_processor_id();
@@ -7425,7 +7439,7 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/page_64_types.h linux-2.6.32.11/
7425 #define __VIRTUAL_MASK_SHIFT 47 7439 #define __VIRTUAL_MASK_SHIFT 47
7426diff -urNp linux-2.6.32.11/arch/x86/include/asm/paravirt.h linux-2.6.32.11/arch/x86/include/asm/paravirt.h 7440diff -urNp linux-2.6.32.11/arch/x86/include/asm/paravirt.h linux-2.6.32.11/arch/x86/include/asm/paravirt.h
7427--- linux-2.6.32.11/arch/x86/include/asm/paravirt.h 2010-03-15 11:52:04.000000000 -0400 7441--- linux-2.6.32.11/arch/x86/include/asm/paravirt.h 2010-03-15 11:52:04.000000000 -0400
7428+++ linux-2.6.32.11/arch/x86/include/asm/paravirt.h 2010-04-04 20:47:28.952733264 -0400 7442+++ linux-2.6.32.11/arch/x86/include/asm/paravirt.h 2010-04-07 16:58:23.343008831 -0400
7429@@ -729,6 +729,21 @@ static inline void __set_fixmap(unsigned 7443@@ -729,6 +729,21 @@ static inline void __set_fixmap(unsigned
7430 pv_mmu_ops.set_fixmap(idx, phys, flags); 7444 pv_mmu_ops.set_fixmap(idx, phys, flags);
7431 } 7445 }
@@ -7457,6 +7471,28 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/paravirt.h linux-2.6.32.11/arch/
7457 #endif 7471 #endif
7458 7472
7459 #define INTERRUPT_RETURN \ 7473 #define INTERRUPT_RETURN \
7474@@ -1022,6 +1037,21 @@ extern void default_banner(void);
7475 PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_irq_enable_sysexit), \
7476 CLBR_NONE, \
7477 jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_irq_enable_sysexit))
7478+
7479+#define GET_CR0_INTO_RDI \
7480+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \
7481+ mov %rax,%rdi
7482+
7483+#define SET_RDI_INTO_CR0 \
7484+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0)
7485+
7486+#define GET_CR3_INTO_RDI \
7487+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr3); \
7488+ mov %rax,%rdi
7489+
7490+#define SET_RDI_INTO_CR3 \
7491+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_write_cr3)
7492+
7493 #endif /* CONFIG_X86_32 */
7494
7495 #endif /* __ASSEMBLY__ */
7460diff -urNp linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h 7496diff -urNp linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h
7461--- linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h 2010-03-15 11:52:04.000000000 -0400 7497--- linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h 2010-03-15 11:52:04.000000000 -0400
7462+++ linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h 2010-04-04 20:46:41.505526780 -0400 7498+++ linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h 2010-04-04 20:46:41.505526780 -0400
@@ -10641,7 +10677,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_32.S linux-2.6.32.11/arch/x86/k
10641 CFI_ADJUST_CFA_OFFSET -24 10677 CFI_ADJUST_CFA_OFFSET -24
10642diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/kernel/entry_64.S 10678diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/kernel/entry_64.S
10643--- linux-2.6.32.11/arch/x86/kernel/entry_64.S 2010-03-15 11:52:04.000000000 -0400 10679--- linux-2.6.32.11/arch/x86/kernel/entry_64.S 2010-03-15 11:52:04.000000000 -0400
10644+++ linux-2.6.32.11/arch/x86/kernel/entry_64.S 2010-04-04 20:58:33.220592413 -0400 10680+++ linux-2.6.32.11/arch/x86/kernel/entry_64.S 2010-04-07 16:58:23.343008831 -0400
10645@@ -53,6 +53,7 @@ 10681@@ -53,6 +53,7 @@
10646 #include <asm/paravirt.h> 10682 #include <asm/paravirt.h>
10647 #include <asm/ftrace.h> 10683 #include <asm/ftrace.h>
@@ -10650,7 +10686,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
10650 10686
10651 /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ 10687 /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
10652 #include <linux/elf-em.h> 10688 #include <linux/elf-em.h>
10653@@ -174,6 +175,200 @@ ENTRY(native_usergs_sysret64) 10689@@ -174,6 +175,189 @@ ENTRY(native_usergs_sysret64)
10654 ENDPROC(native_usergs_sysret64) 10690 ENDPROC(native_usergs_sysret64)
10655 #endif /* CONFIG_PARAVIRT */ 10691 #endif /* CONFIG_PARAVIRT */
10656 10692
@@ -10671,16 +10707,13 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
10671+ENTRY(pax_enter_kernel) 10707+ENTRY(pax_enter_kernel)
10672+ 10708+
10673+#ifdef CONFIG_PAX_KERNEXEC 10709+#ifdef CONFIG_PAX_KERNEXEC
10674+ push %rax
10675+ push %rdi 10710+ push %rdi
10676+ 10711+
10677+#ifdef CONFIG_PARAVIRT 10712+#ifdef CONFIG_PARAVIRT
10678+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) 10713+ PV_SAVE_REGS(CLBR_RDI)
10679+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0)
10680+ mov %rax,%rdi
10681+#else
10682+ mov %cr0,%rdi
10683+#endif 10714+#endif
10715+
10716+ GET_CR0_INTO_RDI
10684+ bts $16,%rdi 10717+ bts $16,%rdi
10685+ jnc 1f 10718+ jnc 1f
10686+ mov %cs,%edi 10719+ mov %cs,%edi
@@ -10688,17 +10721,14 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
10688+ jz 3f 10721+ jz 3f
10689+ ljmpq __KERNEL_CS,3f 10722+ ljmpq __KERNEL_CS,3f
10690+1: ljmpq __KERNEXEC_KERNEL_CS,2f 10723+1: ljmpq __KERNEXEC_KERNEL_CS,2f
10691+2: 10724+2: SET_RDI_INTO_CR0
10692+#ifdef CONFIG_PARAVIRT
10693+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0)
10694+3: PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
10695+#else
10696+ mov %rdi,%cr0
10697+3: 10725+3:
10726+
10727+#ifdef CONFIG_PARAVIRT
10728+ PV_RESTORE_REGS(CLBR_RDI)
10698+#endif 10729+#endif
10699+ 10730+
10700+ pop %rdi 10731+ pop %rdi
10701+ pop %rax
10702+#endif 10732+#endif
10703+ 10733+
10704+ retq 10734+ retq
@@ -10707,34 +10737,26 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
10707+ENTRY(pax_exit_kernel) 10737+ENTRY(pax_exit_kernel)
10708+ 10738+
10709+#ifdef CONFIG_PAX_KERNEXEC 10739+#ifdef CONFIG_PAX_KERNEXEC
10710+ push %rax
10711+ push %rdi 10740+ push %rdi
10712+ 10741+
10713+#ifdef CONFIG_PARAVIRT 10742+#ifdef CONFIG_PARAVIRT
10714+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) 10743+ PV_SAVE_REGS(CLBR_RDI)
10715+#endif 10744+#endif
10745+
10716+ mov %cs,%rdi 10746+ mov %cs,%rdi
10717+ cmp $__KERNEXEC_KERNEL_CS,%edi 10747+ cmp $__KERNEXEC_KERNEL_CS,%edi
10718+ jnz 2f 10748+ jnz 2f
10719+#ifdef CONFIG_PARAVIRT 10749+ GET_CR0_INTO_RDI
10720+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0)
10721+ mov %rax,%rdi
10722+#else
10723+ mov %cr0,%rdi
10724+#endif
10725+ btr $16,%rdi 10750+ btr $16,%rdi
10726+ ljmpq __KERNEL_CS,1f 10751+ ljmpq __KERNEL_CS,1f
10727+1: 10752+1: SET_RDI_INTO_CR0
10728+#ifdef CONFIG_PARAVIRT
10729+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0)
10730+2: PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI);
10731+#else
10732+ mov %rdi,%cr0
10733+2: 10753+2:
10754+
10755+#ifdef CONFIG_PARAVIRT
10756+ PV_RESTORE_REGS(CLBR_RDI);
10734+#endif 10757+#endif
10735+ 10758+
10736+ pop %rdi 10759+ pop %rdi
10737+ pop %rax
10738+#endif 10760+#endif
10739+ 10761+
10740+ retq 10762+ retq
@@ -10743,115 +10765,118 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
10743+ENTRY(pax_enter_kernel_user) 10765+ENTRY(pax_enter_kernel_user)
10744+ 10766+
10745+#ifdef CONFIG_PAX_MEMORY_UDEREF 10767+#ifdef CONFIG_PAX_MEMORY_UDEREF
10746+ push %rax
10747+ push %rdi 10768+ push %rdi
10769+ push %rbx
10748+ 10770+
10749+#ifdef CONFIG_PARAVIRT 10771+#ifdef CONFIG_PARAVIRT
10750+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) 10772+ PV_SAVE_REGS(CLBR_RDI)
10751+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr3)
10752+#else
10753+ mov %cr3,%rax
10754+#endif 10773+#endif
10755+ 10774+
10756+ mov %rax,%rdi 10775+ GET_CR3_INTO_RDI
10757+ add $__START_KERNEL_map,%rax 10776+ mov %rdi,%rbx
10758+ sub phys_base(%rip),%rax 10777+ add $__START_KERNEL_map,%rbx
10778+ sub phys_base(%rip),%rbx
10759+ 10779+
10780+#ifdef CONFIG_PARAVIRT
10781+ push %rdi
10782+ cmpl $0, pv_info+PARAVIRT_enabled
10783+ jz 1f
10760+ i = 0 10784+ i = 0
10761+ .rept USER_PGD_PTRS 10785+ .rept USER_PGD_PTRS
10762+#ifdef CONFIG_PARAVIRT 10786+ mov i*8(%rbx),%rsi
10763+ mov i*8(%rax),%rsi 10787+ mov $0,%sil
10764+ mov $0,$sil 10788+ lea i*8(%rbx),%rdi
10765+ lea i*8(%rax),%rdi 10789+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd)
10766+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set+pgd) 10790+ i = i + 1
10767+#else 10791+ .endr
10768+ movb $0,i*8(%rax) 10792+ jmp 2f
10793+1:
10769+#endif 10794+#endif
10795+
10796+ i = 0
10797+ .rept USER_PGD_PTRS
10798+ movb $0,i*8(%rbx)
10770+ i = i + 1 10799+ i = i + 1
10771+ .endr 10800+ .endr
10772+ 10801+
10773+#ifdef CONFIG_PARAVIRT 10802+#ifdef CONFIG_PARAVIRT
10774+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_write_cr3) 10803+2: pop %rdi
10775+ PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
10776+#else
10777+ mov %rdi,%cr3
10778+#endif 10804+#endif
10805+ SET_RDI_INTO_CR3
10779+ 10806+
10780+#ifdef CONFIG_PAX_KERNEXEC 10807+#ifdef CONFIG_PAX_KERNEXEC
10781+#ifdef CONFIG_PARAVIRT 10808+ GET_CR0_INTO_RDI
10782+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
10783+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0)
10784+ mov %rax,%rdi
10785+#else
10786+ mov %cr0,%rdi
10787+#endif
10788+ bts $16,%rdi 10809+ bts $16,%rdi
10789+#ifdef CONFIG_PARAVIRT 10810+ SET_RDI_INTO_CR0
10790+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0)
10791+ PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
10792+#else
10793+ mov %rdi,%cr0
10794+#endif 10811+#endif
10812+
10813+#ifdef CONFIG_PARAVIRT
10814+ PV_RESTORE_REGS(CLBR_RDI)
10795+#endif 10815+#endif
10796+ 10816+
10817+ pop %rbx
10797+ pop %rdi 10818+ pop %rdi
10798+ pop %rax
10799+#endif 10819+#endif
10800+ 10820+
10801+ retq 10821+ retq
10802+ENDPROC(pax_enter_kernel_user) 10822+ENDPROC(pax_enter_kernel_user)
10803+ 10823+
10804+ENTRY(pax_exit_kernel_user) 10824+ENTRY(pax_exit_kernel_user)
10805+ push %rax 10825+
10826+#ifdef CONFIG_PAX_MEMORY_UDEREF
10806+ push %rdi 10827+ push %rdi
10807+ 10828+
10808+#ifdef CONFIG_PAX_KERNEXEC
10809+#ifdef CONFIG_PARAVIRT 10829+#ifdef CONFIG_PARAVIRT
10810+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) 10830+ push %rbx
10811+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0) 10831+ PV_SAVE_REGS(CLBR_RDI)
10812+ mov %rax,%rdi
10813+#else
10814+ mov %cr0,%rdi
10815+#endif 10832+#endif
10833+
10834+#ifdef CONFIG_PAX_KERNEXEC
10835+ GET_CR0_INTO_RDI
10816+ btr $16,%rdi 10836+ btr $16,%rdi
10817+#ifdef CONFIG_PARAVIRT 10837+ SET_RDI_INTO_CR0
10818+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0)
10819+ PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
10820+#else
10821+ mov %rdi,%cr0
10822+#endif
10823+#endif 10838+#endif
10824+ 10839+
10840+ GET_CR3_INTO_RDI
10841+ add $__START_KERNEL_map,%rdi
10842+ sub phys_base(%rip),%rdi
10843+
10825+#ifdef CONFIG_PARAVIRT 10844+#ifdef CONFIG_PARAVIRT
10826+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) 10845+ cmpl $0, pv_info+PARAVIRT_enabled
10827+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr3) 10846+ jz 1f
10828+#else 10847+ mov %rdi,%rbx
10829+ mov %cr3,%rax 10848+ i = 0
10849+ .rept USER_PGD_PTRS
10850+ mov i*8(%rbx),%rsi
10851+ mov $0x67,%sil
10852+ lea i*8(%rbx),%rdi
10853+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd)
10854+ i = i + 1
10855+ .endr
10856+ jmp 2f
10857+1:
10830+#endif 10858+#endif
10831+ add $__START_KERNEL_map,%rax
10832+ sub phys_base(%rip),%rax
10833+ 10859+
10834+ i = 0 10860+ i = 0
10835+ .rept USER_PGD_PTRS 10861+ .rept USER_PGD_PTRS
10836+#ifdef CONFIG_PARAVIRT 10862+ movb $0x67,i*8(%rdi)
10837+ mov i*8(%rax),%rsi
10838+ mov $0x67,$sil
10839+ lea i*8(%rax),%rdi
10840+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set+pgd)
10841+#else
10842+ movb $0x67,i*8(%rax)
10843+#endif
10844+ i = i + 1 10863+ i = i + 1
10845+ .endr 10864+ .endr
10846+ 10865+
10866+#ifdef CONFIG_PARAVIRT
10867+2: PV_RESTORE_REGS(CLBR_RDI)
10868+ pop %rbx
10869+#endif
10870+
10847+ pop %rdi 10871+ pop %rdi
10848+ pop %rax 10872+#endif
10873+
10849+ retq 10874+ retq
10850+ENDPROC(pax_exit_kernel_user) 10875+ENDPROC(pax_exit_kernel_user)
10851 10876
10852 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET 10877 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET
10853 #ifdef CONFIG_TRACE_IRQFLAGS 10878 #ifdef CONFIG_TRACE_IRQFLAGS
10854@@ -468,6 +663,11 @@ ENTRY(system_call_after_swapgs) 10879@@ -468,6 +652,11 @@ ENTRY(system_call_after_swapgs)
10855 10880
10856 movq %rsp,PER_CPU_VAR(old_rsp) 10881 movq %rsp,PER_CPU_VAR(old_rsp)
10857 movq PER_CPU_VAR(kernel_stack),%rsp 10882 movq PER_CPU_VAR(kernel_stack),%rsp
@@ -10863,7 +10888,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
10863 /* 10888 /*
10864 * No need to follow this irqs off/on section - it's straight 10889 * No need to follow this irqs off/on section - it's straight
10865 * and short: 10890 * and short:
10866@@ -502,6 +702,11 @@ sysret_check: 10891@@ -502,6 +691,11 @@ sysret_check:
10867 andl %edi,%edx 10892 andl %edi,%edx
10868 jnz sysret_careful 10893 jnz sysret_careful
10869 CFI_REMEMBER_STATE 10894 CFI_REMEMBER_STATE
@@ -10875,7 +10900,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
10875 /* 10900 /*
10876 * sysretq will re-enable interrupts: 10901 * sysretq will re-enable interrupts:
10877 */ 10902 */
10878@@ -800,7 +1005,16 @@ END(interrupt) 10903@@ -800,7 +994,16 @@ END(interrupt)
10879 CFI_ADJUST_CFA_OFFSET 10*8 10904 CFI_ADJUST_CFA_OFFSET 10*8
10880 call save_args 10905 call save_args
10881 PARTIAL_FRAME 0 10906 PARTIAL_FRAME 0
@@ -10893,7 +10918,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
10893 .endm 10918 .endm
10894 10919
10895 /* 10920 /*
10896@@ -844,12 +1058,18 @@ retint_swapgs: /* return to user-space 10921@@ -844,12 +1047,18 @@ retint_swapgs: /* return to user-space
10897 * The iretq could re-enable interrupts: 10922 * The iretq could re-enable interrupts:
10898 */ 10923 */
10899 DISABLE_INTERRUPTS(CLBR_ANY) 10924 DISABLE_INTERRUPTS(CLBR_ANY)
@@ -10912,7 +10937,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
10912 /* 10937 /*
10913 * The iretq could re-enable interrupts: 10938 * The iretq could re-enable interrupts:
10914 */ 10939 */
10915@@ -1032,7 +1252,16 @@ ENTRY(\sym) 10940@@ -1032,7 +1241,16 @@ ENTRY(\sym)
10916 CFI_ADJUST_CFA_OFFSET 15*8 10941 CFI_ADJUST_CFA_OFFSET 15*8
10917 call error_entry 10942 call error_entry
10918 DEFAULT_FRAME 0 10943 DEFAULT_FRAME 0
@@ -10930,7 +10955,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
10930 xorl %esi,%esi /* no error code */ 10955 xorl %esi,%esi /* no error code */
10931 call \do_sym 10956 call \do_sym
10932 jmp error_exit /* %ebx: no swapgs flag */ 10957 jmp error_exit /* %ebx: no swapgs flag */
10933@@ -1049,7 +1278,16 @@ ENTRY(\sym) 10958@@ -1049,7 +1267,16 @@ ENTRY(\sym)
10934 subq $15*8, %rsp 10959 subq $15*8, %rsp
10935 call save_paranoid 10960 call save_paranoid
10936 TRACE_IRQS_OFF 10961 TRACE_IRQS_OFF
@@ -10948,7 +10973,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
10948 xorl %esi,%esi /* no error code */ 10973 xorl %esi,%esi /* no error code */
10949 call \do_sym 10974 call \do_sym
10950 jmp paranoid_exit /* %ebx: no swapgs flag */ 10975 jmp paranoid_exit /* %ebx: no swapgs flag */
10951@@ -1066,9 +1304,23 @@ ENTRY(\sym) 10976@@ -1066,9 +1293,23 @@ ENTRY(\sym)
10952 subq $15*8, %rsp 10977 subq $15*8, %rsp
10953 call save_paranoid 10978 call save_paranoid
10954 TRACE_IRQS_OFF 10979 TRACE_IRQS_OFF
@@ -10974,7 +10999,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
10974 subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp) 10999 subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
10975 call \do_sym 11000 call \do_sym
10976 addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp) 11001 addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
10977@@ -1085,7 +1337,16 @@ ENTRY(\sym) 11002@@ -1085,7 +1326,16 @@ ENTRY(\sym)
10978 CFI_ADJUST_CFA_OFFSET 15*8 11003 CFI_ADJUST_CFA_OFFSET 15*8
10979 call error_entry 11004 call error_entry
10980 DEFAULT_FRAME 0 11005 DEFAULT_FRAME 0
@@ -10992,7 +11017,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
10992 movq ORIG_RAX(%rsp),%rsi /* get error code */ 11017 movq ORIG_RAX(%rsp),%rsi /* get error code */
10993 movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ 11018 movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
10994 call \do_sym 11019 call \do_sym
10995@@ -1104,7 +1365,16 @@ ENTRY(\sym) 11020@@ -1104,7 +1354,16 @@ ENTRY(\sym)
10996 call save_paranoid 11021 call save_paranoid
10997 DEFAULT_FRAME 0 11022 DEFAULT_FRAME 0
10998 TRACE_IRQS_OFF 11023 TRACE_IRQS_OFF
@@ -11010,7 +11035,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
11010 movq ORIG_RAX(%rsp),%rsi /* get error code */ 11035 movq ORIG_RAX(%rsp),%rsi /* get error code */
11011 movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ 11036 movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
11012 call \do_sym 11037 call \do_sym
11013@@ -1408,11 +1678,13 @@ ENTRY(paranoid_exit) 11038@@ -1408,11 +1667,13 @@ ENTRY(paranoid_exit)
11014 testl $3,CS(%rsp) 11039 testl $3,CS(%rsp)
11015 jnz paranoid_userspace 11040 jnz paranoid_userspace
11016 paranoid_swapgs: 11041 paranoid_swapgs:
@@ -11024,7 +11049,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
11024 TRACE_IRQS_IRETQ 0 11049 TRACE_IRQS_IRETQ 0
11025 RESTORE_ALL 8 11050 RESTORE_ALL 8
11026 jmp irq_return 11051 jmp irq_return
11027@@ -1529,6 +1801,16 @@ ENTRY(nmi) 11052@@ -1529,6 +1790,16 @@ ENTRY(nmi)
11028 CFI_ADJUST_CFA_OFFSET 15*8 11053 CFI_ADJUST_CFA_OFFSET 15*8
11029 call save_paranoid 11054 call save_paranoid
11030 DEFAULT_FRAME 0 11055 DEFAULT_FRAME 0
@@ -11041,7 +11066,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
11041 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ 11066 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
11042 movq %rsp,%rdi 11067 movq %rsp,%rdi
11043 movq $-1,%rsi 11068 movq $-1,%rsi
11044@@ -1544,6 +1826,7 @@ ENTRY(nmi) 11069@@ -1544,6 +1815,7 @@ ENTRY(nmi)
11045 nmi_swapgs: 11070 nmi_swapgs:
11046 SWAPGS_UNSAFE_STACK 11071 SWAPGS_UNSAFE_STACK
11047 nmi_restore: 11072 nmi_restore:
@@ -30825,6 +30850,18 @@ diff -urNp linux-2.6.32.11/fs/hfsplus/inode.c linux-2.6.32.11/fs/hfsplus/inode.c
30825 hfs_bnode_read(fd.bnode, &entry, fd.entryoffset, 30850 hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
30826 sizeof(struct hfsplus_cat_file)); 30851 sizeof(struct hfsplus_cat_file));
30827 hfsplus_inode_write_fork(inode, &file->data_fork); 30852 hfsplus_inode_write_fork(inode, &file->data_fork);
30853diff -urNp linux-2.6.32.11/fs/hugetlbfs/inode.c linux-2.6.32.11/fs/hugetlbfs/inode.c
30854--- linux-2.6.32.11/fs/hugetlbfs/inode.c 2010-03-15 11:52:04.000000000 -0400
30855+++ linux-2.6.32.11/fs/hugetlbfs/inode.c 2010-04-06 22:13:08.677504702 -0400
30856@@ -909,7 +909,7 @@ static struct file_system_type hugetlbfs
30857 .kill_sb = kill_litter_super,
30858 };
30859
30860-static struct vfsmount *hugetlbfs_vfsmount;
30861+struct vfsmount *hugetlbfs_vfsmount;
30862
30863 static int can_do_hugetlb_shm(void)
30864 {
30828diff -urNp linux-2.6.32.11/fs/ioctl.c linux-2.6.32.11/fs/ioctl.c 30865diff -urNp linux-2.6.32.11/fs/ioctl.c linux-2.6.32.11/fs/ioctl.c
30829--- linux-2.6.32.11/fs/ioctl.c 2010-03-15 11:52:04.000000000 -0400 30866--- linux-2.6.32.11/fs/ioctl.c 2010-03-15 11:52:04.000000000 -0400
30830+++ linux-2.6.32.11/fs/ioctl.c 2010-04-04 20:46:41.653544810 -0400 30867+++ linux-2.6.32.11/fs/ioctl.c 2010-04-04 20:46:41.653544810 -0400
@@ -33684,8 +33721,8 @@ diff -urNp linux-2.6.32.11/grsecurity/gracl_alloc.c linux-2.6.32.11/grsecurity/g
33684+} 33721+}
33685diff -urNp linux-2.6.32.11/grsecurity/gracl.c linux-2.6.32.11/grsecurity/gracl.c 33722diff -urNp linux-2.6.32.11/grsecurity/gracl.c linux-2.6.32.11/grsecurity/gracl.c
33686--- linux-2.6.32.11/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500 33723--- linux-2.6.32.11/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
33687+++ linux-2.6.32.11/grsecurity/gracl.c 2010-04-04 20:46:41.668784531 -0400 33724+++ linux-2.6.32.11/grsecurity/gracl.c 2010-04-06 22:16:21.600343588 -0400
33688@@ -0,0 +1,3917 @@ 33725@@ -0,0 +1,3924 @@
33689+#include <linux/kernel.h> 33726+#include <linux/kernel.h>
33690+#include <linux/module.h> 33727+#include <linux/module.h>
33691+#include <linux/sched.h> 33728+#include <linux/sched.h>
@@ -33764,6 +33801,10 @@ diff -urNp linux-2.6.32.11/grsecurity/gracl.c linux-2.6.32.11/grsecurity/gracl.c
33764+extern struct vfsmount *sock_mnt; 33801+extern struct vfsmount *sock_mnt;
33765+extern struct vfsmount *pipe_mnt; 33802+extern struct vfsmount *pipe_mnt;
33766+extern struct vfsmount *shm_mnt; 33803+extern struct vfsmount *shm_mnt;
33804+#ifdef CONFIG_HUGETLBFS
33805+extern struct vfsmount *hugetlbfs_vfsmount;
33806+#endif
33807+
33767+static struct acl_object_label *fakefs_obj; 33808+static struct acl_object_label *fakefs_obj;
33768+ 33809+
33769+extern int gr_init_uidset(void); 33810+extern int gr_init_uidset(void);
@@ -35479,6 +35520,9 @@ diff -urNp linux-2.6.32.11/grsecurity/gracl.c linux-2.6.32.11/grsecurity/gracl.c
35479+ spin_lock(&dcache_lock); 35520+ spin_lock(&dcache_lock);
35480+ 35521+
35481+ if (unlikely(mnt == shm_mnt || mnt == pipe_mnt || mnt == sock_mnt || 35522+ if (unlikely(mnt == shm_mnt || mnt == pipe_mnt || mnt == sock_mnt ||
35523+#ifdef CONFIG_HUGETLBFS
35524+ mnt == hugetlbfs_vfsmount ||
35525+#endif
35482+ /* ignore Eric Biederman */ 35526+ /* ignore Eric Biederman */
35483+ IS_PRIVATE(l_dentry->d_inode))) { 35527+ IS_PRIVATE(l_dentry->d_inode))) {
35484+ retval = fakefs_obj; 35528+ retval = fakefs_obj;
@@ -47655,7 +47699,7 @@ diff -urNp linux-2.6.32.11/kernel/hrtimer.c linux-2.6.32.11/kernel/hrtimer.c
47655 } 47699 }
47656diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c 47700diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c
47657--- linux-2.6.32.11/kernel/kallsyms.c 2010-03-15 11:52:04.000000000 -0400 47701--- linux-2.6.32.11/kernel/kallsyms.c 2010-03-15 11:52:04.000000000 -0400
47658+++ linux-2.6.32.11/kernel/kallsyms.c 2010-04-04 20:46:41.693491350 -0400 47702+++ linux-2.6.32.11/kernel/kallsyms.c 2010-04-06 22:21:53.692294722 -0400
47659@@ -11,6 +11,9 @@ 47703@@ -11,6 +11,9 @@
47660 * Changed the compression method from stem compression to "table lookup" 47704 * Changed the compression method from stem compression to "table lookup"
47661 * compression (see scripts/kallsyms.c for a more complete description) 47705 * compression (see scripts/kallsyms.c for a more complete description)
@@ -47676,7 +47720,7 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c
47676 if (addr >= (unsigned long)_sinittext 47720 if (addr >= (unsigned long)_sinittext
47677 && addr <= (unsigned long)_einittext) 47721 && addr <= (unsigned long)_einittext)
47678 return 1; 47722 return 1;
47679@@ -67,6 +73,24 @@ static inline int is_kernel_text(unsigne 47723@@ -67,6 +73,26 @@ static inline int is_kernel_text(unsigne
47680 47724
47681 static inline int is_kernel(unsigned long addr) 47725 static inline int is_kernel(unsigned long addr)
47682 { 47726 {
@@ -47684,8 +47728,10 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c
47684+ return 1; 47728+ return 1;
47685+ 47729+
47686+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) 47730+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
47731+#ifdef CONFIG_MODULES
47687+ if ((unsigned long)MODULES_EXEC_VADDR <= ktla_ktva(addr) && ktla_ktva(addr) <= (unsigned long)MODULES_EXEC_END) 47732+ if ((unsigned long)MODULES_EXEC_VADDR <= ktla_ktva(addr) && ktla_ktva(addr) <= (unsigned long)MODULES_EXEC_END)
47688+ return 0; 47733+ return 0;
47734+#endif
47689+ 47735+
47690+ if (is_kernel_text(addr)) 47736+ if (is_kernel_text(addr))
47691+ return 1; 47737+ return 1;
@@ -47701,7 +47747,7 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c
47701 if (addr >= (unsigned long)_stext && addr <= (unsigned long)_end) 47747 if (addr >= (unsigned long)_stext && addr <= (unsigned long)_end)
47702 return 1; 47748 return 1;
47703 return in_gate_area_no_task(addr); 47749 return in_gate_area_no_task(addr);
47704@@ -413,7 +437,6 @@ static unsigned long get_ksymbol_core(st 47750@@ -413,7 +439,6 @@ static unsigned long get_ksymbol_core(st
47705 47751
47706 static void reset_iter(struct kallsym_iter *iter, loff_t new_pos) 47752 static void reset_iter(struct kallsym_iter *iter, loff_t new_pos)
47707 { 47753 {
@@ -47709,7 +47755,7 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c
47709 iter->nameoff = get_symbol_offset(new_pos); 47755 iter->nameoff = get_symbol_offset(new_pos);
47710 iter->pos = new_pos; 47756 iter->pos = new_pos;
47711 } 47757 }
47712@@ -461,6 +484,11 @@ static int s_show(struct seq_file *m, vo 47758@@ -461,6 +486,11 @@ static int s_show(struct seq_file *m, vo
47713 { 47759 {
47714 struct kallsym_iter *iter = m->private; 47760 struct kallsym_iter *iter = m->private;
47715 47761
@@ -47721,7 +47767,7 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c
47721 /* Some debugging symbols have no name. Ignore them. */ 47767 /* Some debugging symbols have no name. Ignore them. */
47722 if (!iter->name[0]) 47768 if (!iter->name[0])
47723 return 0; 47769 return 0;
47724@@ -501,7 +529,7 @@ static int kallsyms_open(struct inode *i 47770@@ -501,7 +531,7 @@ static int kallsyms_open(struct inode *i
47725 struct kallsym_iter *iter; 47771 struct kallsym_iter *iter;
47726 int ret; 47772 int ret;
47727 47773
diff --git a/main/linux-grsec/ip_gre.patch b/main/linux-grsec/ip_gre.patch
deleted file mode 100644
index ba5f19b300..0000000000
--- a/main/linux-grsec/ip_gre.patch
+++ /dev/null
@@ -1,15 +0,0 @@
1--- a/net/ipv4/ip_gre.c.orig
2+++ b/net/ipv4/ip_gre.c
3@@ -1137,11 +1137,8 @@
4
5 if (saddr)
6 memcpy(&iph->saddr, saddr, 4);
7-
8- if (daddr) {
9+ if (daddr)
10 memcpy(&iph->daddr, daddr, 4);
11- return t->hlen;
12- }
13 if (iph->daddr && !ipv4_is_multicast(iph->daddr))
14 return t->hlen;
15
diff --git a/main/linux-grsec/ip_gre2.patch b/main/linux-grsec/ip_gre2.patch
deleted file mode 100644
index 52c44076d2..0000000000
--- a/main/linux-grsec/ip_gre2.patch
+++ /dev/null
@@ -1,17 +0,0 @@
1--- linux-2.6.32/net/ipv4/ip_gre.c.orig
2+++ linux-2.6.32/net/ipv4/ip_gre.c
3@@ -803,11 +803,13 @@
4 tunnel->err_count = 0;
5 }
6
7- max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen;
8+ max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen + rt->u.dst.header_len;
9
10 if (skb_headroom(skb) < max_headroom || skb_shared(skb)||
11 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
12 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
13+ if (max_headroom > dev->needed_headroom)
14+ dev->needed_headroom = max_headroom;
15 if (!new_skb) {
16 ip_rt_put(rt);
17 stats->tx_dropped++;
diff --git a/main/make/APKBUILD b/main/make/APKBUILD
index 5d2141402d..5b0137cc88 100644
--- a/main/make/APKBUILD
+++ b/main/make/APKBUILD
@@ -1,20 +1,26 @@
1# Maintainer: Natanael Copa <ncopa@alpinelinux.org> 1# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2pkgname=make 2pkgname=make
3pkgver=3.81 3pkgver=3.81
4pkgrel=1 4pkgrel=2
5pkgdesc="GNU make utility to maintain groups of programs" 5pkgdesc="GNU make utility to maintain groups of programs"
6url="http://www.gnu.org/software/make" 6url="http://www.gnu.org/software/make"
7license=GPL 7license=GPL
8depends=uclibc 8depends=
9subpackages="$pkgname-doc" 9subpackages="$pkgname-doc"
10source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz" 10source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
11 11
12_builddir="$srcdir"/$pkgname-$pkgver
12build() { 13build() {
13 cd $startdir/src/$pkgname-$pkgver 14 cd "$_builddir"
14 ./configure --prefix=/usr \ 15 ./configure --prefix=/usr \
15 --mandir=/usr/share/man \ 16 --mandir=/usr/share/man \
16 --infodir=/usr/share/info 17 --infodir=/usr/share/info \
18 --disable-nls
17 make || return 1 19 make || return 1
20}
21
22package() {
23 cd "$_builddir"
18 make DESTDIR="$pkgdir" install 24 make DESTDIR="$pkgdir" install
19} 25}
20 26
diff --git a/main/ucarp/APKBUILD b/main/ucarp/APKBUILD
index 3032e89de2..a40d99f279 100644
--- a/main/ucarp/APKBUILD
+++ b/main/ucarp/APKBUILD
@@ -33,5 +33,5 @@ package() {
33} 33}
34 34
35md5sums="e3caa733316a32c09e5d3817617e9145 ucarp-1.5.2.tar.gz 35md5sums="e3caa733316a32c09e5d3817617e9145 ucarp-1.5.2.tar.gz
3644df7855b8733cb4dcea2e830a738c72 ucarp.initd 36f73f9da77f874a3cd6b4e48ba6094363 ucarp.initd
37bf914f6ce4fe4fea33a45d4d5b2c1fff ucarp.confd" 37bf914f6ce4fe4fea33a45d4d5b2c1fff ucarp.confd"
diff --git a/testing/linux-grsec/0001-xfrm-introduce-basic-mark-infrastructure.patch b/testing/linux-grsec/0001-xfrm-introduce-basic-mark-infrastructure.patch
deleted file mode 100644
index 363a34b38f..0000000000
--- a/testing/linux-grsec/0001-xfrm-introduce-basic-mark-infrastructure.patch
+++ /dev/null
@@ -1,102 +0,0 @@
1From 1b02e31d0a236e36378ccf5ecf0738d7d91c2508 Mon Sep 17 00:00:00 2001
2From: Jamal Hadi Salim <hadi@cyberus.ca>
3Date: Mon, 22 Feb 2010 11:32:54 +0000
4Subject: [PATCH 1/7] xfrm: introduce basic mark infrastructure
5
6Add basic structuring and accessors for xfrm mark
7
8Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
9Signed-off-by: David S. Miller <davem@davemloft.net>
10---
11 include/linux/xfrm.h | 13 ++++++++++---
12 include/net/xfrm.h | 22 ++++++++++++++++++++++
13 2 files changed, 32 insertions(+), 3 deletions(-)
14
15diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
16index 2d4ec15..3eabe30 100644
17--- a/include/linux/xfrm.h
18+++ b/include/linux/xfrm.h
19@@ -269,8 +269,8 @@ enum xfrm_attr_type_t {
20 XFRMA_ALG_COMP, /* struct xfrm_algo */
21 XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */
22 XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */
23- XFRMA_SA,
24- XFRMA_POLICY,
25+ XFRMA_SA, /* struct xfrm_usersa_info */
26+ XFRMA_POLICY, /*struct xfrm_userpolicy_info */
27 XFRMA_SEC_CTX, /* struct xfrm_sec_ctx */
28 XFRMA_LTIME_VAL,
29 XFRMA_REPLAY_VAL,
30@@ -278,16 +278,23 @@ enum xfrm_attr_type_t {
31 XFRMA_ETIMER_THRESH,
32 XFRMA_SRCADDR, /* xfrm_address_t */
33 XFRMA_COADDR, /* xfrm_address_t */
34- XFRMA_LASTUSED,
35+ XFRMA_LASTUSED, /* unsigned long */
36 XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */
37 XFRMA_MIGRATE,
38 XFRMA_ALG_AEAD, /* struct xfrm_algo_aead */
39 XFRMA_KMADDRESS, /* struct xfrm_user_kmaddress */
40+ XFRMA_ALG_AUTH_TRUNC_PLACE_HOLDER,
41+ XFRMA_MARK, /* struct xfrm_mark */
42 __XFRMA_MAX
43
44 #define XFRMA_MAX (__XFRMA_MAX - 1)
45 };
46
47+struct xfrm_mark {
48+ __u32 v; /* value */
49+ __u32 m; /* mask */
50+};
51+
52 enum xfrm_sadattr_type_t {
53 XFRMA_SAD_UNSPEC,
54 XFRMA_SAD_CNT,
55diff --git a/include/net/xfrm.h b/include/net/xfrm.h
56index 223e90a..ba8d34f 100644
57--- a/include/net/xfrm.h
58+++ b/include/net/xfrm.h
59@@ -138,6 +138,7 @@ struct xfrm_state
60
61 struct xfrm_id id;
62 struct xfrm_selector sel;
63+ struct xfrm_mark mark;
64
65 u32 genid;
66
67@@ -483,6 +484,7 @@ struct xfrm_policy
68
69 u32 priority;
70 u32 index;
71+ struct xfrm_mark mark;
72 struct xfrm_selector selector;
73 struct xfrm_lifetime_cfg lft;
74 struct xfrm_lifetime_cur curlft;
75@@ -1569,4 +1571,24 @@ static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb)
76 }
77 #endif
78
79+static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m)
80+{
81+ if (attrs[XFRMA_MARK])
82+ memcpy(m, nla_data(attrs[XFRMA_MARK]), sizeof(m));
83+ else
84+ m->v = m->m = 0;
85+
86+ return m->v & m->m;
87+}
88+
89+static inline int xfrm_mark_put(struct sk_buff *skb, struct xfrm_mark *m)
90+{
91+ if (m->m | m->v)
92+ NLA_PUT(skb, XFRMA_MARK, sizeof(struct xfrm_mark), m);
93+ return 0;
94+
95+nla_put_failure:
96+ return -1;
97+}
98+
99 #endif /* _NET_XFRM_H */
100--
1011.6.3.3
102
diff --git a/testing/linux-grsec/0002-xfrm-SA-lookups-signature-with-mark.patch b/testing/linux-grsec/0002-xfrm-SA-lookups-signature-with-mark.patch
deleted file mode 100644
index 72bc5c14d5..0000000000
--- a/testing/linux-grsec/0002-xfrm-SA-lookups-signature-with-mark.patch
+++ /dev/null
@@ -1,621 +0,0 @@
1From bd3d7132b9ac62a093610cf0b9360356e4898f13 Mon Sep 17 00:00:00 2001
2From: Jamal Hadi Salim <hadi@cyberus.ca>
3Date: Mon, 22 Feb 2010 16:20:22 -0800
4Subject: [PATCH 2/7] xfrm: SA lookups signature with mark
5
6pass mark to all SA lookups to prepare them for when we add code
7to have them search.
8
9Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
10Signed-off-by: David S. Miller <davem@davemloft.net>
11---
12 include/net/xfrm.h | 23 +++++++++++++-----
13 net/core/pktgen.c | 3 +-
14 net/ipv4/ah4.c | 2 +-
15 net/ipv4/esp4.c | 2 +-
16 net/ipv4/ipcomp.c | 6 +++-
17 net/ipv6/ah6.c | 2 +-
18 net/ipv6/esp6.c | 2 +-
19 net/ipv6/ipcomp6.c | 6 +++-
20 net/ipv6/xfrm6_input.c | 2 +-
21 net/key/af_key.c | 14 ++++++-----
22 net/xfrm/xfrm_input.c | 2 +-
23 net/xfrm/xfrm_state.c | 58 ++++++++++++++++++++++++++++-------------------
24 net/xfrm/xfrm_user.c | 17 ++++++++-----
25 13 files changed, 84 insertions(+), 55 deletions(-)
26
27diff --git a/include/net/xfrm.h b/include/net/xfrm.h
28index ba8d34f..0f3c0f4 100644
29--- a/include/net/xfrm.h
30+++ b/include/net/xfrm.h
31@@ -1325,7 +1325,7 @@ extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t
32 struct flowi *fl, struct xfrm_tmpl *tmpl,
33 struct xfrm_policy *pol, int *err,
34 unsigned short family);
35-extern struct xfrm_state * xfrm_stateonly_find(struct net *net,
36+extern struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark,
37 xfrm_address_t *daddr,
38 xfrm_address_t *saddr,
39 unsigned short family,
40@@ -1334,8 +1334,14 @@ extern int xfrm_state_check_expire(struct xfrm_state *x);
41 extern void xfrm_state_insert(struct xfrm_state *x);
42 extern int xfrm_state_add(struct xfrm_state *x);
43 extern int xfrm_state_update(struct xfrm_state *x);
44-extern struct xfrm_state *xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family);
45-extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family);
46+extern struct xfrm_state *xfrm_state_lookup(struct net *net, u32 mark,
47+ xfrm_address_t *daddr, __be32 spi,
48+ u8 proto, unsigned short family);
49+extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark,
50+ xfrm_address_t *daddr,
51+ xfrm_address_t *saddr,
52+ u8 proto,
53+ unsigned short family);
54 #ifdef CONFIG_XFRM_SUB_POLICY
55 extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
56 int n, unsigned short family);
57@@ -1372,7 +1378,8 @@ struct xfrmk_spdinfo {
58 u32 spdhmcnt;
59 };
60
61-extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 seq);
62+extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark,
63+ u32 seq);
64 extern int xfrm_state_delete(struct xfrm_state *x);
65 extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info);
66 extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si);
67@@ -1457,9 +1464,11 @@ struct xfrm_policy *xfrm_policy_byid(struct net *net, u8, int dir, u32 id, int d
68 int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);
69 u32 xfrm_get_acqseq(void);
70 extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
71-struct xfrm_state * xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto,
72- xfrm_address_t *daddr, xfrm_address_t *saddr,
73- int create, unsigned short family);
74+struct xfrm_state *xfrm_find_acq(struct net *net, struct xfrm_mark *mark,
75+ u8 mode, u32 reqid, u8 proto,
76+ xfrm_address_t *daddr,
77+ xfrm_address_t *saddr, int create,
78+ unsigned short family);
79 extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
80 extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst,
81 struct flowi *fl, int family, int strict);
82diff --git a/net/core/pktgen.c b/net/core/pktgen.c
83index 6e79e96..6b811e1 100644
84--- a/net/core/pktgen.c
85+++ b/net/core/pktgen.c
86@@ -2189,12 +2189,13 @@ static inline int f_pick(struct pktgen_dev *pkt_dev)
87 /* If there was already an IPSEC SA, we keep it as is, else
88 * we go look for it ...
89 */
90+#define DUMMY_MARK 0
91 static void get_ipsec_sa(struct pktgen_dev *pkt_dev, int flow)
92 {
93 struct xfrm_state *x = pkt_dev->flows[flow].x;
94 if (!x) {
95 /*slow path: we dont already have xfrm_state*/
96- x = xfrm_stateonly_find(&init_net,
97+ x = xfrm_stateonly_find(&init_net, DUMMY_MARK,
98 (xfrm_address_t *)&pkt_dev->cur_daddr,
99 (xfrm_address_t *)&pkt_dev->cur_saddr,
100 AF_INET,
101diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
102index 5c66270..b4f1d57 100644
103--- a/net/ipv4/ah4.c
104+++ b/net/ipv4/ah4.c
105@@ -210,7 +210,7 @@ static void ah4_err(struct sk_buff *skb, u32 info)
106 icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
107 return;
108
109- x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET);
110+ x = xfrm_state_lookup(net, skb->mark, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET);
111 if (!x)
112 return;
113 printk(KERN_DEBUG "pmtu discovery on SA AH/%08x/%08x\n",
114diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
115index 12f7287..dad2c8f 100644
116--- a/net/ipv4/esp4.c
117+++ b/net/ipv4/esp4.c
118@@ -422,7 +422,7 @@ static void esp4_err(struct sk_buff *skb, u32 info)
119 icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
120 return;
121
122- x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET);
123+ x = xfrm_state_lookup(net, skb->mark, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET);
124 if (!x)
125 return;
126 NETDEBUG(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%08x\n",
127diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
128index 38fbf04..28e8000 100644
129--- a/net/ipv4/ipcomp.c
130+++ b/net/ipv4/ipcomp.c
131@@ -35,7 +35,7 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info)
132 return;
133
134 spi = htonl(ntohs(ipch->cpi));
135- x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr,
136+ x = xfrm_state_lookup(&init_net, skb->mark, (xfrm_address_t *)&iph->daddr,
137 spi, IPPROTO_COMP, AF_INET);
138 if (!x)
139 return;
140@@ -61,6 +61,7 @@ static struct xfrm_state *ipcomp_tunnel_create(struct xfrm_state *x)
141 t->props.mode = x->props.mode;
142 t->props.saddr.a4 = x->props.saddr.a4;
143 t->props.flags = x->props.flags;
144+ memcpy(&t->mark, &x->mark, sizeof(t->mark));
145
146 if (xfrm_init_state(t))
147 goto error;
148@@ -84,8 +85,9 @@ static int ipcomp_tunnel_attach(struct xfrm_state *x)
149 {
150 int err = 0;
151 struct xfrm_state *t;
152+ u32 mark = x->mark.v & x->mark.m;
153
154- t = xfrm_state_lookup(&init_net, (xfrm_address_t *)&x->id.daddr.a4,
155+ t = xfrm_state_lookup(&init_net, mark, (xfrm_address_t *)&x->id.daddr.a4,
156 x->props.saddr.a4, IPPROTO_IPIP, AF_INET);
157 if (!t) {
158 t = ipcomp_tunnel_create(x);
159diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
160index c1589e2..2ab5b2f 100644
161--- a/net/ipv6/ah6.c
162+++ b/net/ipv6/ah6.c
163@@ -416,7 +416,7 @@ static void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
164 type != ICMPV6_PKT_TOOBIG)
165 return;
166
167- x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET6);
168+ x = xfrm_state_lookup(net, skb->mark, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET6);
169 if (!x)
170 return;
171
172diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
173index af597c7..de0a856 100644
174--- a/net/ipv6/esp6.c
175+++ b/net/ipv6/esp6.c
176@@ -365,7 +365,7 @@ static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
177 type != ICMPV6_PKT_TOOBIG)
178 return;
179
180- x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET6);
181+ x = xfrm_state_lookup(net, skb->mark, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET6);
182 if (!x)
183 return;
184 printk(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%pI6\n",
185diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
186index 2f2a5ca..d74bb3d 100644
187--- a/net/ipv6/ipcomp6.c
188+++ b/net/ipv6/ipcomp6.c
189@@ -63,7 +63,7 @@ static void ipcomp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
190 return;
191
192 spi = htonl(ntohs(ipcomph->cpi));
193- x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, spi, IPPROTO_COMP, AF_INET6);
194+ x = xfrm_state_lookup(&init_net, skb->mark, (xfrm_address_t *)&iph->daddr, spi, IPPROTO_COMP, AF_INET6);
195 if (!x)
196 return;
197
198@@ -90,6 +90,7 @@ static struct xfrm_state *ipcomp6_tunnel_create(struct xfrm_state *x)
199 t->props.family = AF_INET6;
200 t->props.mode = x->props.mode;
201 memcpy(t->props.saddr.a6, x->props.saddr.a6, sizeof(struct in6_addr));
202+ memcpy(&t->mark, &x->mark, sizeof(t->mark));
203
204 if (xfrm_init_state(t))
205 goto error;
206@@ -111,10 +112,11 @@ static int ipcomp6_tunnel_attach(struct xfrm_state *x)
207 int err = 0;
208 struct xfrm_state *t = NULL;
209 __be32 spi;
210+ u32 mark = x->mark.m & x->mark.v;
211
212 spi = xfrm6_tunnel_spi_lookup((xfrm_address_t *)&x->props.saddr);
213 if (spi)
214- t = xfrm_state_lookup(&init_net, (xfrm_address_t *)&x->id.daddr,
215+ t = xfrm_state_lookup(&init_net, mark, (xfrm_address_t *)&x->id.daddr,
216 spi, IPPROTO_IPV6, AF_INET6);
217 if (!t) {
218 t = ipcomp6_tunnel_create(x);
219diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c
220index 9084582..2bc98ed 100644
221--- a/net/ipv6/xfrm6_input.c
222+++ b/net/ipv6/xfrm6_input.c
223@@ -101,7 +101,7 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
224 break;
225 }
226
227- x = xfrm_state_lookup_byaddr(net, dst, src, proto, AF_INET6);
228+ x = xfrm_state_lookup_byaddr(net, skb->mark, dst, src, proto, AF_INET6);
229 if (!x)
230 continue;
231
232diff --git a/net/key/af_key.c b/net/key/af_key.c
233index 4e98193..bcb9ecf 100644
234--- a/net/key/af_key.c
235+++ b/net/key/af_key.c
236@@ -45,6 +45,8 @@ static DECLARE_WAIT_QUEUE_HEAD(pfkey_table_wait);
237 static DEFINE_RWLOCK(pfkey_table_lock);
238 static atomic_t pfkey_table_users = ATOMIC_INIT(0);
239
240+#define DUMMY_MARK 0
241+static struct xfrm_mark dummy_mark = {0, 0};
242 struct pfkey_sock {
243 /* struct sock must be the first member of struct pfkey_sock */
244 struct sock sk;
245@@ -690,7 +692,7 @@ static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, struct sadb_
246 if (!xaddr)
247 return NULL;
248
249- return xfrm_state_lookup(net, xaddr, sa->sadb_sa_spi, proto, family);
250+ return xfrm_state_lookup(net, DUMMY_MARK, xaddr, sa->sadb_sa_spi, proto, family);
251 }
252
253 #define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
254@@ -1358,7 +1360,7 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
255 }
256
257 if (hdr->sadb_msg_seq) {
258- x = xfrm_find_acq_byseq(net, hdr->sadb_msg_seq);
259+ x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
260 if (x && xfrm_addr_cmp(&x->id.daddr, xdaddr, family)) {
261 xfrm_state_put(x);
262 x = NULL;
263@@ -1366,7 +1368,7 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
264 }
265
266 if (!x)
267- x = xfrm_find_acq(net, mode, reqid, proto, xdaddr, xsaddr, 1, family);
268+ x = xfrm_find_acq(net, &dummy_mark, mode, reqid, proto, xdaddr, xsaddr, 1, family);
269
270 if (x == NULL)
271 return -ENOENT;
272@@ -1415,7 +1417,7 @@ static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, struct sadb_msg *
273 if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0)
274 return 0;
275
276- x = xfrm_find_acq_byseq(net, hdr->sadb_msg_seq);
277+ x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
278 if (x == NULL)
279 return 0;
280
281@@ -2592,8 +2594,8 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
282 return -EINVAL;
283
284 delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
285- xp = xfrm_policy_byid(net, XFRM_POLICY_TYPE_MAIN, dir,
286- pol->sadb_x_policy_id, delete, &err);
287+ xp = xfrm_policy_byid(net, XFRM_POLICY_TYPE_MAIN,
288+ dir, pol->sadb_x_policy_id, delete, &err);
289 if (xp == NULL)
290 return -ENOENT;
291
292diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
293index e0009c1..45f1c98 100644
294--- a/net/xfrm/xfrm_input.c
295+++ b/net/xfrm/xfrm_input.c
296@@ -152,7 +152,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
297 goto drop;
298 }
299
300- x = xfrm_state_lookup(net, daddr, spi, nexthdr, family);
301+ x = xfrm_state_lookup(net, skb->mark, daddr, spi, nexthdr, family);
302 if (x == NULL) {
303 XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOSTATES);
304 xfrm_audit_state_notfound(skb, family, spi, seq);
305diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
306index f2f7c63..ff7d83e 100644
307--- a/net/xfrm/xfrm_state.c
308+++ b/net/xfrm/xfrm_state.c
309@@ -659,7 +659,7 @@ xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
310 return 0;
311 }
312
313-static struct xfrm_state *__xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
314+static struct xfrm_state *__xfrm_state_lookup(struct net *net, u32 mark, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
315 {
316 unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family);
317 struct xfrm_state *x;
318@@ -679,7 +679,7 @@ static struct xfrm_state *__xfrm_state_lookup(struct net *net, xfrm_address_t *d
319 return NULL;
320 }
321
322-static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
323+static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, u32 mark, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
324 {
325 unsigned int h = xfrm_src_hash(net, daddr, saddr, family);
326 struct xfrm_state *x;
327@@ -703,12 +703,14 @@ static inline struct xfrm_state *
328 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
329 {
330 struct net *net = xs_net(x);
331+ u32 mark = x->mark.v & x->mark.m;
332
333 if (use_spi)
334- return __xfrm_state_lookup(net, &x->id.daddr, x->id.spi,
335- x->id.proto, family);
336+ return __xfrm_state_lookup(net, mark, &x->id.daddr,
337+ x->id.spi, x->id.proto, family);
338 else
339- return __xfrm_state_lookup_byaddr(net, &x->id.daddr,
340+ return __xfrm_state_lookup_byaddr(net, mark,
341+ &x->id.daddr,
342 &x->props.saddr,
343 x->id.proto, family);
344 }
345@@ -773,6 +775,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
346 int acquire_in_progress = 0;
347 int error = 0;
348 struct xfrm_state *best = NULL;
349+ u32 mark = pol->mark.v & pol->mark.m;
350
351 to_put = NULL;
352
353@@ -809,7 +812,7 @@ found:
354 x = best;
355 if (!x && !error && !acquire_in_progress) {
356 if (tmpl->id.spi &&
357- (x0 = __xfrm_state_lookup(net, daddr, tmpl->id.spi,
358+ (x0 = __xfrm_state_lookup(net, mark, daddr, tmpl->id.spi,
359 tmpl->id.proto, family)) != NULL) {
360 to_put = x0;
361 error = -EEXIST;
362@@ -823,6 +826,7 @@ found:
363 /* Initialize temporary selector matching only
364 * to current session. */
365 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
366+ memcpy(&x->mark, &pol->mark, sizeof(x->mark));
367
368 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
369 if (error) {
370@@ -866,7 +870,7 @@ out:
371 }
372
373 struct xfrm_state *
374-xfrm_stateonly_find(struct net *net,
375+xfrm_stateonly_find(struct net *net, u32 mark,
376 xfrm_address_t *daddr, xfrm_address_t *saddr,
377 unsigned short family, u8 mode, u8 proto, u32 reqid)
378 {
379@@ -962,7 +966,7 @@ void xfrm_state_insert(struct xfrm_state *x)
380 EXPORT_SYMBOL(xfrm_state_insert);
381
382 /* xfrm_state_lock is held */
383-static struct xfrm_state *__find_acq_core(struct net *net, unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
384+static struct xfrm_state *__find_acq_core(struct net *net, struct xfrm_mark *m, unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
385 {
386 unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
387 struct hlist_node *entry;
388@@ -1017,6 +1021,8 @@ static struct xfrm_state *__find_acq_core(struct net *net, unsigned short family
389 x->props.family = family;
390 x->props.mode = mode;
391 x->props.reqid = reqid;
392+ x->mark.v = m->v;
393+ x->mark.m = m->m;
394 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
395 xfrm_state_hold(x);
396 x->timer.expires = jiffies + net->xfrm.sysctl_acq_expires*HZ;
397@@ -1034,7 +1040,7 @@ static struct xfrm_state *__find_acq_core(struct net *net, unsigned short family
398 return x;
399 }
400
401-static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 seq);
402+static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq);
403
404 int xfrm_state_add(struct xfrm_state *x)
405 {
406@@ -1042,6 +1048,7 @@ int xfrm_state_add(struct xfrm_state *x)
407 struct xfrm_state *x1, *to_put;
408 int family;
409 int err;
410+ u32 mark = x->mark.v & x->mark.m;
411 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
412
413 family = x->props.family;
414@@ -1059,7 +1066,7 @@ int xfrm_state_add(struct xfrm_state *x)
415 }
416
417 if (use_spi && x->km.seq) {
418- x1 = __xfrm_find_acq_byseq(net, x->km.seq);
419+ x1 = __xfrm_find_acq_byseq(net, mark, x->km.seq);
420 if (x1 && ((x1->id.proto != x->id.proto) ||
421 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
422 to_put = x1;
423@@ -1068,8 +1075,8 @@ int xfrm_state_add(struct xfrm_state *x)
424 }
425
426 if (use_spi && !x1)
427- x1 = __find_acq_core(net, family, x->props.mode, x->props.reqid,
428- x->id.proto,
429+ x1 = __find_acq_core(net, &x->mark, family, x->props.mode,
430+ x->props.reqid, x->id.proto,
431 &x->id.daddr, &x->props.saddr, 0);
432
433 __xfrm_state_bump_genids(x);
434@@ -1143,6 +1150,8 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
435 goto error;
436 }
437
438+ memcpy(&x->mark, &orig->mark, sizeof(x->mark));
439+
440 err = xfrm_init_state(x);
441 if (err)
442 goto error;
443@@ -1340,41 +1349,41 @@ int xfrm_state_check_expire(struct xfrm_state *x)
444 EXPORT_SYMBOL(xfrm_state_check_expire);
445
446 struct xfrm_state *
447-xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto,
448- unsigned short family)
449+xfrm_state_lookup(struct net *net, u32 mark, xfrm_address_t *daddr, __be32 spi,
450+ u8 proto, unsigned short family)
451 {
452 struct xfrm_state *x;
453
454 spin_lock_bh(&xfrm_state_lock);
455- x = __xfrm_state_lookup(net, daddr, spi, proto, family);
456+ x = __xfrm_state_lookup(net, mark, daddr, spi, proto, family);
457 spin_unlock_bh(&xfrm_state_lock);
458 return x;
459 }
460 EXPORT_SYMBOL(xfrm_state_lookup);
461
462 struct xfrm_state *
463-xfrm_state_lookup_byaddr(struct net *net,
464+xfrm_state_lookup_byaddr(struct net *net, u32 mark,
465 xfrm_address_t *daddr, xfrm_address_t *saddr,
466 u8 proto, unsigned short family)
467 {
468 struct xfrm_state *x;
469
470 spin_lock_bh(&xfrm_state_lock);
471- x = __xfrm_state_lookup_byaddr(net, daddr, saddr, proto, family);
472+ x = __xfrm_state_lookup_byaddr(net, mark, daddr, saddr, proto, family);
473 spin_unlock_bh(&xfrm_state_lock);
474 return x;
475 }
476 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
477
478 struct xfrm_state *
479-xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto,
480+xfrm_find_acq(struct net *net, struct xfrm_mark *mark, u8 mode, u32 reqid, u8 proto,
481 xfrm_address_t *daddr, xfrm_address_t *saddr,
482 int create, unsigned short family)
483 {
484 struct xfrm_state *x;
485
486 spin_lock_bh(&xfrm_state_lock);
487- x = __find_acq_core(net, family, mode, reqid, proto, daddr, saddr, create);
488+ x = __find_acq_core(net, mark, family, mode, reqid, proto, daddr, saddr, create);
489 spin_unlock_bh(&xfrm_state_lock);
490
491 return x;
492@@ -1421,7 +1430,7 @@ EXPORT_SYMBOL(xfrm_state_sort);
493
494 /* Silly enough, but I'm lazy to build resolution list */
495
496-static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 seq)
497+static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq)
498 {
499 int i;
500
501@@ -1440,12 +1449,12 @@ static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 seq)
502 return NULL;
503 }
504
505-struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 seq)
506+struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq)
507 {
508 struct xfrm_state *x;
509
510 spin_lock_bh(&xfrm_state_lock);
511- x = __xfrm_find_acq_byseq(net, seq);
512+ x = __xfrm_find_acq_byseq(net, mark, seq);
513 spin_unlock_bh(&xfrm_state_lock);
514 return x;
515 }
516@@ -1472,6 +1481,7 @@ int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
517 int err = -ENOENT;
518 __be32 minspi = htonl(low);
519 __be32 maxspi = htonl(high);
520+ u32 mark = x->mark.v & x->mark.m;
521
522 spin_lock_bh(&x->lock);
523 if (x->km.state == XFRM_STATE_DEAD)
524@@ -1484,7 +1494,7 @@ int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
525 err = -ENOENT;
526
527 if (minspi == maxspi) {
528- x0 = xfrm_state_lookup(net, &x->id.daddr, minspi, x->id.proto, x->props.family);
529+ x0 = xfrm_state_lookup(net, mark, &x->id.daddr, minspi, x->id.proto, x->props.family);
530 if (x0) {
531 xfrm_state_put(x0);
532 goto unlock;
533@@ -1494,7 +1504,7 @@ int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
534 u32 spi = 0;
535 for (h=0; h<high-low+1; h++) {
536 spi = low + net_random()%(high-low+1);
537- x0 = xfrm_state_lookup(net, &x->id.daddr, htonl(spi), x->id.proto, x->props.family);
538+ x0 = xfrm_state_lookup(net, mark, &x->id.daddr, htonl(spi), x->id.proto, x->props.family);
539 if (x0 == NULL) {
540 x->id.spi = htonl(spi);
541 break;
542diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
543index b95a2d6..dec2e0d 100644
544--- a/net/xfrm/xfrm_user.c
545+++ b/net/xfrm/xfrm_user.c
546@@ -31,6 +31,9 @@
547 #include <linux/in6.h>
548 #endif
549
550+#define DUMMY_MARK 0
551+static struct xfrm_mark dummy_mark = {0, 0};
552+
553 static inline int aead_len(struct xfrm_algo_aead *alg)
554 {
555 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
556@@ -443,7 +446,7 @@ static struct xfrm_state *xfrm_user_state_lookup(struct net *net,
557
558 if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) {
559 err = -ESRCH;
560- x = xfrm_state_lookup(net, &p->daddr, p->spi, p->proto, p->family);
561+ x = xfrm_state_lookup(net, DUMMY_MARK, &p->daddr, p->spi, p->proto, p->family);
562 } else {
563 xfrm_address_t *saddr = NULL;
564
565@@ -454,7 +457,7 @@ static struct xfrm_state *xfrm_user_state_lookup(struct net *net,
566 }
567
568 err = -ESRCH;
569- x = xfrm_state_lookup_byaddr(net, &p->daddr, saddr,
570+ x = xfrm_state_lookup_byaddr(net, DUMMY_MARK, &p->daddr, saddr,
571 p->proto, p->family);
572 }
573
574@@ -846,7 +849,7 @@ static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
575
576 x = NULL;
577 if (p->info.seq) {
578- x = xfrm_find_acq_byseq(net, p->info.seq);
579+ x = xfrm_find_acq_byseq(net, DUMMY_MARK, p->info.seq);
580 if (x && xfrm_addr_cmp(&x->id.daddr, daddr, family)) {
581 xfrm_state_put(x);
582 x = NULL;
583@@ -854,7 +857,7 @@ static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
584 }
585
586 if (!x)
587- x = xfrm_find_acq(net, p->info.mode, p->info.reqid,
588+ x = xfrm_find_acq(net, &dummy_mark, p->info.mode, p->info.reqid,
589 p->info.id.proto, daddr,
590 &p->info.saddr, 1,
591 family);
592@@ -1483,7 +1486,7 @@ static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
593 if (r_skb == NULL)
594 return -ENOMEM;
595
596- x = xfrm_state_lookup(net, &id->daddr, id->spi, id->proto, id->family);
597+ x = xfrm_state_lookup(net, DUMMY_MARK, &id->daddr, id->spi, id->proto, id->family);
598 if (x == NULL) {
599 kfree_skb(r_skb);
600 return -ESRCH;
601@@ -1525,7 +1528,7 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
602 if (!(nlh->nlmsg_flags&NLM_F_REPLACE))
603 return err;
604
605- x = xfrm_state_lookup(net, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family);
606+ x = xfrm_state_lookup(net, DUMMY_MARK, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family);
607 if (x == NULL)
608 return -ESRCH;
609
610@@ -1648,7 +1651,7 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
611 struct xfrm_user_expire *ue = nlmsg_data(nlh);
612 struct xfrm_usersa_info *p = &ue->state;
613
614- x = xfrm_state_lookup(net, &p->id.daddr, p->id.spi, p->id.proto, p->family);
615+ x = xfrm_state_lookup(net, DUMMY_MARK, &p->id.daddr, p->id.spi, p->id.proto, p->family);
616
617 err = -ENOENT;
618 if (x == NULL)
619--
6201.6.3.3
621
diff --git a/testing/linux-grsec/0003-xfrm-SA-lookups-with-mark.patch b/testing/linux-grsec/0003-xfrm-SA-lookups-with-mark.patch
deleted file mode 100644
index e3bf90bf9b..0000000000
--- a/testing/linux-grsec/0003-xfrm-SA-lookups-with-mark.patch
+++ /dev/null
@@ -1,100 +0,0 @@
1From 7940065d02766d7732a7cda5c2c889beb21ca089 Mon Sep 17 00:00:00 2001
2From: Jamal Hadi Salim <hadi@cyberus.ca>
3Date: Mon, 22 Feb 2010 11:32:56 +0000
4Subject: [PATCH 3/7] xfrm: SA lookups with mark
5
6Allow mark to be added to the SA lookup
7
8Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
9Signed-off-by: David S. Miller <davem@davemloft.net>
10---
11 net/xfrm/xfrm_state.c | 12 ++++++++++++
12 1 files changed, 12 insertions(+), 0 deletions(-)
13
14diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
15index ff7d83e..56abfd5 100644
16--- a/net/xfrm/xfrm_state.c
17+++ b/net/xfrm/xfrm_state.c
18@@ -672,6 +672,8 @@ static struct xfrm_state *__xfrm_state_lookup(struct net *net, u32 mark, xfrm_ad
19 xfrm_addr_cmp(&x->id.daddr, daddr, family))
20 continue;
21
22+ if ((mark & x->mark.m) != x->mark.v)
23+ continue;
24 xfrm_state_hold(x);
25 return x;
26 }
27@@ -692,6 +694,8 @@ static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, u32 mark,
28 xfrm_addr_cmp(&x->props.saddr, saddr, family))
29 continue;
30
31+ if ((mark & x->mark.m) != x->mark.v)
32+ continue;
33 xfrm_state_hold(x);
34 return x;
35 }
36@@ -784,6 +788,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
37 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
38 if (x->props.family == family &&
39 x->props.reqid == tmpl->reqid &&
40+ (mark & x->mark.m) == x->mark.v &&
41 !(x->props.flags & XFRM_STATE_WILDRECV) &&
42 xfrm_state_addr_check(x, daddr, saddr, family) &&
43 tmpl->mode == x->props.mode &&
44@@ -799,6 +804,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
45 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h_wildcard, bydst) {
46 if (x->props.family == family &&
47 x->props.reqid == tmpl->reqid &&
48+ (mark & x->mark.m) == x->mark.v &&
49 !(x->props.flags & XFRM_STATE_WILDRECV) &&
50 xfrm_state_addr_check(x, daddr, saddr, family) &&
51 tmpl->mode == x->props.mode &&
52@@ -883,6 +889,7 @@ xfrm_stateonly_find(struct net *net, u32 mark,
53 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
54 if (x->props.family == family &&
55 x->props.reqid == reqid &&
56+ (mark & x->mark.m) == x->mark.v &&
57 !(x->props.flags & XFRM_STATE_WILDRECV) &&
58 xfrm_state_addr_check(x, daddr, saddr, family) &&
59 mode == x->props.mode &&
60@@ -945,11 +952,13 @@ static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
61 struct xfrm_state *x;
62 struct hlist_node *entry;
63 unsigned int h;
64+ u32 mark = xnew->mark.v & xnew->mark.m;
65
66 h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family);
67 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
68 if (x->props.family == family &&
69 x->props.reqid == reqid &&
70+ (mark & x->mark.m) == x->mark.v &&
71 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
72 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
73 x->genid = xfrm_state_genid;
74@@ -971,6 +980,7 @@ static struct xfrm_state *__find_acq_core(struct net *net, struct xfrm_mark *m,
75 unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
76 struct hlist_node *entry;
77 struct xfrm_state *x;
78+ u32 mark = m->v & m->m;
79
80 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
81 if (x->props.reqid != reqid ||
82@@ -979,6 +989,7 @@ static struct xfrm_state *__find_acq_core(struct net *net, struct xfrm_mark *m,
83 x->km.state != XFRM_STATE_ACQ ||
84 x->id.spi != 0 ||
85 x->id.proto != proto ||
86+ (mark & x->mark.m) != x->mark.v ||
87 xfrm_addr_cmp(&x->id.daddr, daddr, family) ||
88 xfrm_addr_cmp(&x->props.saddr, saddr, family))
89 continue;
90@@ -1440,6 +1451,7 @@ static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 s
91
92 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
93 if (x->km.seq == seq &&
94+ (mark & x->mark.m) == x->mark.v &&
95 x->km.state == XFRM_STATE_ACQ) {
96 xfrm_state_hold(x);
97 return x;
98--
991.6.3.3
100
diff --git a/testing/linux-grsec/0004-xfrm-SP-lookups-signature-with-mark.patch b/testing/linux-grsec/0004-xfrm-SP-lookups-signature-with-mark.patch
deleted file mode 100644
index 6e0f14b21f..0000000000
--- a/testing/linux-grsec/0004-xfrm-SP-lookups-signature-with-mark.patch
+++ /dev/null
@@ -1,129 +0,0 @@
1From 252611e7ea95985941df9897c1082504b14c698f Mon Sep 17 00:00:00 2001
2From: Jamal Hadi Salim <hadi@cyberus.ca>
3Date: Mon, 22 Feb 2010 11:32:57 +0000
4Subject: [PATCH 4/7] xfrm: SP lookups signature with mark
5
6pass mark to all SP lookups to prepare them for when we add code
7to have them search.
8
9Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
10Signed-off-by: David S. Miller <davem@davemloft.net>
11---
12 include/net/xfrm.h | 5 +++--
13 net/key/af_key.c | 4 ++--
14 net/xfrm/xfrm_policy.c | 8 ++++----
15 net/xfrm/xfrm_user.c | 10 +++++-----
16 4 files changed, 14 insertions(+), 13 deletions(-)
17
18diff --git a/include/net/xfrm.h b/include/net/xfrm.h
19index 0f3c0f4..e2bdd19 100644
20--- a/include/net/xfrm.h
21+++ b/include/net/xfrm.h
22@@ -1456,11 +1456,12 @@ extern int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk,
23 int (*func)(struct xfrm_policy *, int, int, void*), void *);
24 extern void xfrm_policy_walk_done(struct xfrm_policy_walk *walk);
25 int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
26-struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u8 type, int dir,
27+struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark,
28+ u8 type, int dir,
29 struct xfrm_selector *sel,
30 struct xfrm_sec_ctx *ctx, int delete,
31 int *err);
32-struct xfrm_policy *xfrm_policy_byid(struct net *net, u8, int dir, u32 id, int delete, int *err);
33+struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir, u32 id, int delete, int *err);
34 int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);
35 u32 xfrm_get_acqseq(void);
36 extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
37diff --git a/net/key/af_key.c b/net/key/af_key.c
38index bcb9ecf..fa0fab6 100644
39--- a/net/key/af_key.c
40+++ b/net/key/af_key.c
41@@ -2346,7 +2346,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
42 return err;
43 }
44
45- xp = xfrm_policy_bysel_ctx(net, XFRM_POLICY_TYPE_MAIN,
46+ xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,
47 pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
48 1, &err);
49 security_xfrm_policy_free(pol_ctx);
50@@ -2594,7 +2594,7 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
51 return -EINVAL;
52
53 delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
54- xp = xfrm_policy_byid(net, XFRM_POLICY_TYPE_MAIN,
55+ xp = xfrm_policy_byid(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,
56 dir, pol->sadb_x_policy_id, delete, &err);
57 if (xp == NULL)
58 return -ENOENT;
59diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
60index cb81ca3..8376d55 100644
61--- a/net/xfrm/xfrm_policy.c
62+++ b/net/xfrm/xfrm_policy.c
63@@ -635,8 +635,8 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
64 }
65 EXPORT_SYMBOL(xfrm_policy_insert);
66
67-struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u8 type, int dir,
68- struct xfrm_selector *sel,
69+struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u8 type,
70+ int dir, struct xfrm_selector *sel,
71 struct xfrm_sec_ctx *ctx, int delete,
72 int *err)
73 {
74@@ -676,8 +676,8 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u8 type, int dir,
75 }
76 EXPORT_SYMBOL(xfrm_policy_bysel_ctx);
77
78-struct xfrm_policy *xfrm_policy_byid(struct net *net, u8 type, int dir, u32 id,
79- int delete, int *err)
80+struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8 type,
81+ int dir, u32 id, int delete, int *err)
82 {
83 struct xfrm_policy *pol, *ret;
84 struct hlist_head *chain;
85diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
86index dec2e0d..837bc09 100644
87--- a/net/xfrm/xfrm_user.c
88+++ b/net/xfrm/xfrm_user.c
89@@ -1345,7 +1345,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
90 return err;
91
92 if (p->index)
93- xp = xfrm_policy_byid(net, type, p->dir, p->index, delete, &err);
94+ xp = xfrm_policy_byid(net, DUMMY_MARK, type, p->dir, p->index, delete, &err);
95 else {
96 struct nlattr *rt = attrs[XFRMA_SEC_CTX];
97 struct xfrm_sec_ctx *ctx;
98@@ -1362,8 +1362,8 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
99 if (err)
100 return err;
101 }
102- xp = xfrm_policy_bysel_ctx(net, type, p->dir, &p->sel, ctx,
103- delete, &err);
104+ xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, type, p->dir,
105+ &p->sel, ctx, delete, &err);
106 security_xfrm_policy_free(ctx);
107 }
108 if (xp == NULL)
109@@ -1593,7 +1593,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
110 return err;
111
112 if (p->index)
113- xp = xfrm_policy_byid(net, type, p->dir, p->index, 0, &err);
114+ xp = xfrm_policy_byid(net, DUMMY_MARK, type, p->dir, p->index, 0, &err);
115 else {
116 struct nlattr *rt = attrs[XFRMA_SEC_CTX];
117 struct xfrm_sec_ctx *ctx;
118@@ -1610,7 +1610,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
119 if (err)
120 return err;
121 }
122- xp = xfrm_policy_bysel_ctx(net, type, p->dir, &p->sel, ctx, 0, &err);
123+ xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, type, p->dir, &p->sel, ctx, 0, &err);
124 security_xfrm_policy_free(ctx);
125 }
126 if (xp == NULL)
127--
1281.6.3.3
129
diff --git a/testing/linux-grsec/0005-xfrm-SP-lookups-with-mark.patch b/testing/linux-grsec/0005-xfrm-SP-lookups-with-mark.patch
deleted file mode 100644
index 9793ba245b..0000000000
--- a/testing/linux-grsec/0005-xfrm-SP-lookups-with-mark.patch
+++ /dev/null
@@ -1,81 +0,0 @@
1From 57fbea87dccb6eee5c5b588c518fd4b265496016 Mon Sep 17 00:00:00 2001
2From: Jamal Hadi Salim <hadi@cyberus.ca>
3Date: Mon, 22 Feb 2010 11:32:58 +0000
4Subject: [PATCH 5/7] xfrm: SP lookups with mark
5
6Allow mark to be used when doing SP lookup
7
8Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
9Signed-off-by: David S. Miller <davem@davemloft.net>
10---
11 net/xfrm/xfrm_policy.c | 12 +++++++++++-
12 1 files changed, 11 insertions(+), 1 deletions(-)
13
14diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
15index 8376d55..3de990f 100644
16--- a/net/xfrm/xfrm_policy.c
17+++ b/net/xfrm/xfrm_policy.c
18@@ -556,6 +556,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
19 struct hlist_head *chain;
20 struct hlist_node *entry, *newpos;
21 struct dst_entry *gc_list;
22+ u32 mark = policy->mark.v & policy->mark.m;
23
24 write_lock_bh(&xfrm_policy_lock);
25 chain = policy_hash_bysel(net, &policy->selector, policy->family, dir);
26@@ -564,6 +565,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
27 hlist_for_each_entry(pol, entry, chain, bydst) {
28 if (pol->type == policy->type &&
29 !selector_cmp(&pol->selector, &policy->selector) &&
30+ (mark & pol->mark.m) == pol->mark.v &&
31 xfrm_sec_ctx_match(pol->security, policy->security) &&
32 !WARN_ON(delpol)) {
33 if (excl) {
34@@ -650,6 +652,7 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u8 type,
35 ret = NULL;
36 hlist_for_each_entry(pol, entry, chain, bydst) {
37 if (pol->type == type &&
38+ (mark & pol->mark.m) == pol->mark.v &&
39 !selector_cmp(sel, &pol->selector) &&
40 xfrm_sec_ctx_match(ctx, pol->security)) {
41 xfrm_pol_hold(pol);
42@@ -692,7 +695,8 @@ struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8 type,
43 chain = net->xfrm.policy_byidx + idx_hash(net, id);
44 ret = NULL;
45 hlist_for_each_entry(pol, entry, chain, byidx) {
46- if (pol->type == type && pol->index == id) {
47+ if (pol->type == type && pol->index == id &&
48+ (mark & pol->mark.m) == pol->mark.v) {
49 xfrm_pol_hold(pol);
50 if (delete) {
51 *err = security_xfrm_policy_delete(
52@@ -909,6 +913,7 @@ static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl,
53 int match, ret = -ESRCH;
54
55 if (pol->family != family ||
56+ (fl->mark & pol->mark.m) != pol->mark.v ||
57 pol->type != type)
58 return ret;
59
60@@ -1033,6 +1038,10 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struc
61 int err = 0;
62
63 if (match) {
64+ if ((sk->sk_mark & pol->mark.m) != pol->mark.v) {
65+ pol = NULL;
66+ goto out;
67+ }
68 err = security_xfrm_policy_lookup(pol->security,
69 fl->secid,
70 policy_to_flow_dir(dir));
71@@ -1045,6 +1054,7 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struc
72 } else
73 pol = NULL;
74 }
75+out:
76 read_unlock_bh(&xfrm_policy_lock);
77 return pol;
78 }
79--
801.6.3.3
81
diff --git a/testing/linux-grsec/0006-xfrm-Allow-user-space-config-of-SAD-mark.patch b/testing/linux-grsec/0006-xfrm-Allow-user-space-config-of-SAD-mark.patch
deleted file mode 100644
index 3afeb97b2e..0000000000
--- a/testing/linux-grsec/0006-xfrm-Allow-user-space-config-of-SAD-mark.patch
+++ /dev/null
@@ -1,284 +0,0 @@
1From 74ae2962f2250e63494a8c0bcda88609cc016184 Mon Sep 17 00:00:00 2001
2From: Jamal Hadi Salim <hadi@cyberus.ca>
3Date: Mon, 22 Feb 2010 11:32:59 +0000
4Subject: [PATCH 6/7] xfrm: Allow user space config of SAD mark
5
6Add ability for netlink userspace to manipulate the SAD
7and manipulate the mark, retrieve it and get events with a defined
8mark.
9MIGRATE may be added later.
10
11Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
12Signed-off-by: David S. Miller <davem@davemloft.net>
13---
14 net/xfrm/xfrm_user.c | 72 +++++++++++++++++++++++++++++++++++++++----------
15 1 files changed, 57 insertions(+), 15 deletions(-)
16
17diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
18index 837bc09..17252b4 100644
19--- a/net/xfrm/xfrm_user.c
20+++ b/net/xfrm/xfrm_user.c
21@@ -32,7 +32,6 @@
22 #endif
23
24 #define DUMMY_MARK 0
25-static struct xfrm_mark dummy_mark = {0, 0};
26
27 static inline int aead_len(struct xfrm_algo_aead *alg)
28 {
29@@ -362,6 +361,8 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
30 goto error;
31 }
32
33+ xfrm_mark_get(attrs, &x->mark);
34+
35 err = xfrm_init_state(x);
36 if (err)
37 goto error;
38@@ -442,11 +443,13 @@ static struct xfrm_state *xfrm_user_state_lookup(struct net *net,
39 int *errp)
40 {
41 struct xfrm_state *x = NULL;
42+ struct xfrm_mark m;
43 int err;
44+ u32 mark = xfrm_mark_get(attrs, &m);
45
46 if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) {
47 err = -ESRCH;
48- x = xfrm_state_lookup(net, DUMMY_MARK, &p->daddr, p->spi, p->proto, p->family);
49+ x = xfrm_state_lookup(net, mark, &p->daddr, p->spi, p->proto, p->family);
50 } else {
51 xfrm_address_t *saddr = NULL;
52
53@@ -457,7 +460,8 @@ static struct xfrm_state *xfrm_user_state_lookup(struct net *net,
54 }
55
56 err = -ESRCH;
57- x = xfrm_state_lookup_byaddr(net, DUMMY_MARK, &p->daddr, saddr,
58+ x = xfrm_state_lookup_byaddr(net, mark,
59+ &p->daddr, saddr,
60 p->proto, p->family);
61 }
62
63@@ -576,6 +580,9 @@ static int copy_to_user_state_extra(struct xfrm_state *x,
64 if (x->encap)
65 NLA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap);
66
67+ if (xfrm_mark_put(skb, &x->mark))
68+ goto nla_put_failure;
69+
70 if (x->security && copy_sec_ctx(x->security, skb) < 0)
71 goto nla_put_failure;
72
73@@ -838,6 +845,8 @@ static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
74 xfrm_address_t *daddr;
75 int family;
76 int err;
77+ u32 mark;
78+ struct xfrm_mark m;
79
80 p = nlmsg_data(nlh);
81 err = verify_userspi_info(p);
82@@ -848,8 +857,10 @@ static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
83 daddr = &p->info.id.daddr;
84
85 x = NULL;
86+
87+ mark = xfrm_mark_get(attrs, &m);
88 if (p->info.seq) {
89- x = xfrm_find_acq_byseq(net, DUMMY_MARK, p->info.seq);
90+ x = xfrm_find_acq_byseq(net, mark, p->info.seq);
91 if (x && xfrm_addr_cmp(&x->id.daddr, daddr, family)) {
92 xfrm_state_put(x);
93 x = NULL;
94@@ -857,7 +868,7 @@ static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
95 }
96
97 if (!x)
98- x = xfrm_find_acq(net, &dummy_mark, p->info.mode, p->info.reqid,
99+ x = xfrm_find_acq(net, &m, p->info.mode, p->info.reqid,
100 p->info.id.proto, daddr,
101 &p->info.saddr, 1,
102 family);
103@@ -1362,8 +1373,8 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
104 if (err)
105 return err;
106 }
107- xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, type, p->dir,
108- &p->sel, ctx, delete, &err);
109+ xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, type, p->dir, &p->sel,
110+ ctx, delete, &err);
111 security_xfrm_policy_free(ctx);
112 }
113 if (xp == NULL)
114@@ -1432,6 +1443,7 @@ static inline size_t xfrm_aevent_msgsize(void)
115 return NLMSG_ALIGN(sizeof(struct xfrm_aevent_id))
116 + nla_total_size(sizeof(struct xfrm_replay_state))
117 + nla_total_size(sizeof(struct xfrm_lifetime_cur))
118+ + nla_total_size(sizeof(struct xfrm_mark))
119 + nla_total_size(4) /* XFRM_AE_RTHR */
120 + nla_total_size(4); /* XFRM_AE_ETHR */
121 }
122@@ -1464,6 +1476,9 @@ static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, struct km_eve
123 NLA_PUT_U32(skb, XFRMA_ETIMER_THRESH,
124 x->replay_maxage * 10 / HZ);
125
126+ if (xfrm_mark_put(skb, &x->mark))
127+ goto nla_put_failure;
128+
129 return nlmsg_end(skb, nlh);
130
131 nla_put_failure:
132@@ -1479,6 +1494,8 @@ static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
133 struct sk_buff *r_skb;
134 int err;
135 struct km_event c;
136+ u32 mark;
137+ struct xfrm_mark m;
138 struct xfrm_aevent_id *p = nlmsg_data(nlh);
139 struct xfrm_usersa_id *id = &p->sa_id;
140
141@@ -1486,7 +1503,9 @@ static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
142 if (r_skb == NULL)
143 return -ENOMEM;
144
145- x = xfrm_state_lookup(net, DUMMY_MARK, &id->daddr, id->spi, id->proto, id->family);
146+ mark = xfrm_mark_get(attrs, &m);
147+
148+ x = xfrm_state_lookup(net, mark, &id->daddr, id->spi, id->proto, id->family);
149 if (x == NULL) {
150 kfree_skb(r_skb);
151 return -ESRCH;
152@@ -1517,6 +1536,8 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
153 struct xfrm_state *x;
154 struct km_event c;
155 int err = - EINVAL;
156+ u32 mark = 0;
157+ struct xfrm_mark m;
158 struct xfrm_aevent_id *p = nlmsg_data(nlh);
159 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL];
160 struct nlattr *lt = attrs[XFRMA_LTIME_VAL];
161@@ -1528,7 +1549,9 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
162 if (!(nlh->nlmsg_flags&NLM_F_REPLACE))
163 return err;
164
165- x = xfrm_state_lookup(net, DUMMY_MARK, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family);
166+ mark = xfrm_mark_get(attrs, &m);
167+
168+ x = xfrm_state_lookup(net, mark, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family);
169 if (x == NULL)
170 return -ESRCH;
171
172@@ -1610,7 +1633,8 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
173 if (err)
174 return err;
175 }
176- xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, type, p->dir, &p->sel, ctx, 0, &err);
177+ xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, type, p->dir,
178+ &p->sel, ctx, 0, &err);
179 security_xfrm_policy_free(ctx);
180 }
181 if (xp == NULL)
182@@ -1650,8 +1674,10 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
183 int err;
184 struct xfrm_user_expire *ue = nlmsg_data(nlh);
185 struct xfrm_usersa_info *p = &ue->state;
186+ struct xfrm_mark m;
187+ u32 mark = xfrm_mark_get(attrs, &m);;
188
189- x = xfrm_state_lookup(net, DUMMY_MARK, &p->id.daddr, p->id.spi, p->id.proto, p->family);
190+ x = xfrm_state_lookup(net, mark, &p->id.daddr, p->id.spi, p->id.proto, p->family);
191
192 err = -ENOENT;
193 if (x == NULL)
194@@ -1685,6 +1711,7 @@ static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh,
195 struct xfrm_user_tmpl *ut;
196 int i;
197 struct nlattr *rt = attrs[XFRMA_TMPL];
198+ struct xfrm_mark mark;
199
200 struct xfrm_user_acquire *ua = nlmsg_data(nlh);
201 struct xfrm_state *x = xfrm_state_alloc(net);
202@@ -1693,6 +1720,8 @@ static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh,
203 if (!x)
204 goto nomem;
205
206+ xfrm_mark_get(attrs, &mark);
207+
208 err = verify_newpolicy_info(&ua->policy);
209 if (err)
210 goto bad_policy;
211@@ -1705,7 +1734,8 @@ static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh,
212 memcpy(&x->id, &ua->id, sizeof(ua->id));
213 memcpy(&x->props.saddr, &ua->saddr, sizeof(ua->saddr));
214 memcpy(&x->sel, &ua->sel, sizeof(ua->sel));
215-
216+ xp->mark.m = x->mark.m = mark.m;
217+ xp->mark.v = x->mark.v = mark.v;
218 ut = nla_data(rt);
219 /* extract the templates and for each call km_key */
220 for (i = 0; i < xp->xfrm_nr; i++, ut++) {
221@@ -1961,6 +1991,7 @@ static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = {
222 [XFRMA_POLICY_TYPE] = { .len = sizeof(struct xfrm_userpolicy_type)},
223 [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) },
224 [XFRMA_KMADDRESS] = { .len = sizeof(struct xfrm_user_kmaddress) },
225+ [XFRMA_MARK] = { .len = sizeof(struct xfrm_mark) },
226 };
227
228 static struct xfrm_link {
229@@ -2040,7 +2071,8 @@ static void xfrm_netlink_rcv(struct sk_buff *skb)
230
231 static inline size_t xfrm_expire_msgsize(void)
232 {
233- return NLMSG_ALIGN(sizeof(struct xfrm_user_expire));
234+ return NLMSG_ALIGN(sizeof(struct xfrm_user_expire))
235+ + nla_total_size(sizeof(struct xfrm_mark));
236 }
237
238 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c)
239@@ -2056,7 +2088,13 @@ static int build_expire(struct sk_buff *skb, struct xfrm_state *x, struct km_eve
240 copy_to_user_state(x, &ue->state);
241 ue->hard = (c->data.hard != 0) ? 1 : 0;
242
243+ if (xfrm_mark_put(skb, &x->mark))
244+ goto nla_put_failure;
245+
246 return nlmsg_end(skb, nlh);
247+
248+nla_put_failure:
249+ return -EMSGSIZE;
250 }
251
252 static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c)
253@@ -2068,8 +2106,10 @@ static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c)
254 if (skb == NULL)
255 return -ENOMEM;
256
257- if (build_expire(skb, x, c) < 0)
258- BUG();
259+ if (build_expire(skb, x, c) < 0) {
260+ kfree_skb(skb);
261+ return -EMSGSIZE;
262+ }
263
264 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC);
265 }
266@@ -2154,6 +2194,7 @@ static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c)
267 if (c->event == XFRM_MSG_DELSA) {
268 len += nla_total_size(headlen);
269 headlen = sizeof(*id);
270+ len += nla_total_size(sizeof(struct xfrm_mark));
271 }
272 len += NLMSG_ALIGN(headlen);
273
274@@ -2224,6 +2265,7 @@ static inline size_t xfrm_acquire_msgsize(struct xfrm_state *x,
275 {
276 return NLMSG_ALIGN(sizeof(struct xfrm_user_acquire))
277 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr)
278+ + nla_total_size(sizeof(struct xfrm_mark))
279 + nla_total_size(xfrm_user_sec_ctx_size(x->security))
280 + userpolicy_type_attrsize();
281 }
282--
2831.6.3.3
284
diff --git a/testing/linux-grsec/0007-xfrm-Allow-user-space-manipulation-of-SPD-mark.patch b/testing/linux-grsec/0007-xfrm-Allow-user-space-manipulation-of-SPD-mark.patch
deleted file mode 100644
index b1cd1a50d5..0000000000
--- a/testing/linux-grsec/0007-xfrm-Allow-user-space-manipulation-of-SPD-mark.patch
+++ /dev/null
@@ -1,165 +0,0 @@
1From 40ee52ad2b96e7f5a558fe3aefd71df54411429a Mon Sep 17 00:00:00 2001
2From: Jamal Hadi Salim <hadi@cyberus.ca>
3Date: Mon, 22 Feb 2010 11:33:00 +0000
4Subject: [PATCH 7/7] xfrm: Allow user space manipulation of SPD mark
5
6Add ability for netlink userspace to manipulate the SPD
7and manipulate the mark, retrieve it and get events with a defined
8mark, etc.
9
10Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
11Signed-off-by: David S. Miller <davem@davemloft.net>
12---
13 net/xfrm/xfrm_user.c | 31 +++++++++++++++++++++++++------
14 1 files changed, 25 insertions(+), 6 deletions(-)
15
16diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
17index 17252b4..da22919 100644
18--- a/net/xfrm/xfrm_user.c
19+++ b/net/xfrm/xfrm_user.c
20@@ -31,8 +31,6 @@
21 #include <linux/in6.h>
22 #endif
23
24-#define DUMMY_MARK 0
25-
26 static inline int aead_len(struct xfrm_algo_aead *alg)
27 {
28 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
29@@ -1122,6 +1120,8 @@ static struct xfrm_policy *xfrm_policy_construct(struct net *net, struct xfrm_us
30 if (err)
31 goto error;
32
33+ xfrm_mark_get(attrs, &xp->mark);
34+
35 return xp;
36 error:
37 *errp = err;
38@@ -1268,10 +1268,13 @@ static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr
39 goto nlmsg_failure;
40 if (copy_to_user_policy_type(xp->type, skb) < 0)
41 goto nlmsg_failure;
42+ if (xfrm_mark_put(skb, &xp->mark))
43+ goto nla_put_failure;
44
45 nlmsg_end(skb, nlh);
46 return 0;
47
48+nla_put_failure:
49 nlmsg_failure:
50 nlmsg_cancel(skb, nlh);
51 return -EMSGSIZE;
52@@ -1343,6 +1346,8 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
53 int err;
54 struct km_event c;
55 int delete;
56+ struct xfrm_mark m;
57+ u32 mark = xfrm_mark_get(attrs, &m);
58
59 p = nlmsg_data(nlh);
60 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY;
61@@ -1356,7 +1361,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
62 return err;
63
64 if (p->index)
65- xp = xfrm_policy_byid(net, DUMMY_MARK, type, p->dir, p->index, delete, &err);
66+ xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, delete, &err);
67 else {
68 struct nlattr *rt = attrs[XFRMA_SEC_CTX];
69 struct xfrm_sec_ctx *ctx;
70@@ -1373,7 +1378,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
71 if (err)
72 return err;
73 }
74- xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, type, p->dir, &p->sel,
75+ xp = xfrm_policy_bysel_ctx(net, mark, type, p->dir, &p->sel,
76 ctx, delete, &err);
77 security_xfrm_policy_free(ctx);
78 }
79@@ -1610,13 +1615,15 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
80 struct xfrm_userpolicy_info *p = &up->pol;
81 u8 type = XFRM_POLICY_TYPE_MAIN;
82 int err = -ENOENT;
83+ struct xfrm_mark m;
84+ u32 mark = xfrm_mark_get(attrs, &m);
85
86 err = copy_from_user_policy_type(&type, attrs);
87 if (err)
88 return err;
89
90 if (p->index)
91- xp = xfrm_policy_byid(net, DUMMY_MARK, type, p->dir, p->index, 0, &err);
92+ xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, 0, &err);
93 else {
94 struct nlattr *rt = attrs[XFRMA_SEC_CTX];
95 struct xfrm_sec_ctx *ctx;
96@@ -1633,7 +1640,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
97 if (err)
98 return err;
99 }
100- xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, type, p->dir,
101+ xp = xfrm_policy_bysel_ctx(net, mark, type, p->dir,
102 &p->sel, ctx, 0, &err);
103 security_xfrm_policy_free(ctx);
104 }
105@@ -2298,9 +2305,12 @@ static int build_acquire(struct sk_buff *skb, struct xfrm_state *x,
106 goto nlmsg_failure;
107 if (copy_to_user_policy_type(xp->type, skb) < 0)
108 goto nlmsg_failure;
109+ if (xfrm_mark_put(skb, &xp->mark))
110+ goto nla_put_failure;
111
112 return nlmsg_end(skb, nlh);
113
114+nla_put_failure:
115 nlmsg_failure:
116 nlmsg_cancel(skb, nlh);
117 return -EMSGSIZE;
118@@ -2387,6 +2397,7 @@ static inline size_t xfrm_polexpire_msgsize(struct xfrm_policy *xp)
119 return NLMSG_ALIGN(sizeof(struct xfrm_user_polexpire))
120 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr)
121 + nla_total_size(xfrm_user_sec_ctx_size(xp->security))
122+ + nla_total_size(sizeof(struct xfrm_mark))
123 + userpolicy_type_attrsize();
124 }
125
126@@ -2409,10 +2420,13 @@ static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp,
127 goto nlmsg_failure;
128 if (copy_to_user_policy_type(xp->type, skb) < 0)
129 goto nlmsg_failure;
130+ if (xfrm_mark_put(skb, &xp->mark))
131+ goto nla_put_failure;
132 upe->hard = !!hard;
133
134 return nlmsg_end(skb, nlh);
135
136+nla_put_failure:
137 nlmsg_failure:
138 nlmsg_cancel(skb, nlh);
139 return -EMSGSIZE;
140@@ -2449,6 +2463,7 @@ static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *
141 headlen = sizeof(*id);
142 }
143 len += userpolicy_type_attrsize();
144+ len += nla_total_size(sizeof(struct xfrm_mark));
145 len += NLMSG_ALIGN(headlen);
146
147 skb = nlmsg_new(len, GFP_ATOMIC);
148@@ -2484,10 +2499,14 @@ static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *
149 if (copy_to_user_policy_type(xp->type, skb) < 0)
150 goto nlmsg_failure;
151
152+ if (xfrm_mark_put(skb, &xp->mark))
153+ goto nla_put_failure;
154+
155 nlmsg_end(skb, nlh);
156
157 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC);
158
159+nla_put_failure:
160 nlmsg_failure:
161 kfree_skb(skb);
162 return -1;
163--
1641.6.3.3
165
diff --git a/testing/linux-grsec/APKBUILD b/testing/linux-grsec/APKBUILD
deleted file mode 100644
index 356594fb84..0000000000
--- a/testing/linux-grsec/APKBUILD
+++ /dev/null
@@ -1,138 +0,0 @@
1# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2
3_flavor=grsec
4pkgname=linux-${_flavor}
5pkgver=2.6.32.8
6_kernver=2.6.32
7pkgrel=2
8pkgdesc="Linux kernel with grsecurity"
9url=http://grsecurity.net
10depends="mkinitfs linux-firmware"
11makedepends="perl installkernel"
12options="!strip"
13_config=${config:-kernelconfig.${CARCH:-x86}}
14install=
15source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
16 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
17 grsecurity-2.1.14-2.6.32.8-201002132204.patch
18 0001-xfrm-introduce-basic-mark-infrastructure.patch
19 0002-xfrm-SA-lookups-signature-with-mark.patch
20 0003-xfrm-SA-lookups-with-mark.patch
21 0004-xfrm-SP-lookups-signature-with-mark.patch
22 0005-xfrm-SP-lookups-with-mark.patch
23 0006-xfrm-Allow-user-space-config-of-SAD-mark.patch
24 0007-xfrm-Allow-user-space-manipulation-of-SPD-mark.patch
25 kernelconfig.x86
26 "
27subpackages="$pkgname-dev linux-firmware:firmware"
28license="GPL-2"
29
30_abi_release=${pkgver}-${_flavor}
31
32prepare() {
33 cd "$srcdir"/linux-$_kernver
34 if [ "$_kernver" != "$pkgver" ]; then
35 bunzip2 -c < ../patch-$pkgver.bz2 | patch -p1 -N || return 1
36 fi
37
38 for i in ../*.diff ../*.patch; do
39 [ -f $i ] || continue
40 msg "Applying $i..."
41 patch -s -p1 -N < $i || return 1
42 done
43
44 mkdir -p "$srcdir"/build
45 cp "$srcdir"/$_config "$srcdir"/build/.config
46 make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="$CC" \
47 silentoldconfig
48}
49
50# this is so we can do: 'abuild menuconfig' to reconfigure kernel
51menuconfig() {
52 cd "$srcdir"/build || return 1
53 make menuconfig
54 cp .config "$startdir"/$_config
55}
56
57build() {
58 cd "$srcdir"/build
59 make CC="$CC" || return 1
60}
61
62package() {
63 cd "$srcdir"/build
64 mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
65 make modules_install install \
66 INSTALL_MOD_PATH="$pkgdir" \
67 INSTALL_PATH="$pkgdir"/boot
68
69 rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
70 "$pkgdir"/lib/modules/${_abi_release}/source
71 install -D include/config/kernel.release \
72 "$pkgdir"/usr/share/kernel/$_flavor/kernel.release
73}
74
75dev() {
76 # copy the only the parts that we really need for build 3rd party
77 # kernel modules and install those as /usr/src/linux-headers,
78 # simlar to what ubuntu does
79 #
80 # this way you dont need to install the 300-400 kernel sources to
81 # build a tiny kernel module
82 #
83 pkgdesc="Headers and script for third party modules for grsec kernel"
84 local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
85
86 # first we import config, run prepare to set up for building
87 # external modules, and create the scripts
88 mkdir -p "$dir"
89 cp "$srcdir"/$_config "$dir"/.config
90 make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="$CC" \
91 silentoldconfig prepare scripts
92
93 # remove the stuff that poits to real sources. we want 3rd party
94 # modules to believe this is the soruces
95 rm "$dir"/Makefile "$dir"/source
96
97 # copy the needed stuff from real sources
98 #
99 # this is taken from ubuntu kernel build script
100 # http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
101 cd "$srcdir"/linux-$_kernver
102 find . -path './include/*' -prune -o -path './scripts/*' -prune \
103 -o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
104 -o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
105 -o -name '*.lds' \) | cpio -pdm "$dir"
106 cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
107 cp -a drivers/media/video/*.h "$dir"/drivers/media/video
108 cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
109 cp -a scripts include "$dir"
110 find $(find arch -name include -type d -print) -type f \
111 | cpio -pdm "$dir"
112
113 install -Dm644 "$srcdir"/build/Module.symvers \
114 "$dir"/Module.symvers
115
116 mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
117 ln -sf /usr/src/linux-headers-${_abi_release} \
118 "$subpkgdir"/lib/modules/${_abi_release}/build
119}
120
121firmware() {
122 pkgdesc="Firmware for linux kernel"
123 replaces="linux-grsec linux-vserver"
124 mkdir -p "$subpkgdir"/lib
125 mv "$pkgdir"/lib/firmware "$subpkgdir"/lib/
126}
127
128md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2
129eabf01da4c72f7ea5b4e4bf8e8535e5f patch-2.6.32.8.bz2
130005313c701b97f37bb3f49977ec0d596 grsecurity-2.1.14-2.6.32.8-201002132204.patch
131daffc009bd7807f85c695d3eeaf8e09a 0001-xfrm-introduce-basic-mark-infrastructure.patch
1325d9d8d414e81194e3b05d7ef49d78ce3 0002-xfrm-SA-lookups-signature-with-mark.patch
1335767e1fd8648b03be5c03a47ee56fd2f 0003-xfrm-SA-lookups-with-mark.patch
134173b93331ac458bf0aa7a132bc39d8b6 0004-xfrm-SP-lookups-signature-with-mark.patch
135b5c7438b2d876e78a5d9e7a8971cba55 0005-xfrm-SP-lookups-with-mark.patch
1360f8857454aee0eac2ac1024ac4d2ee3b 0006-xfrm-Allow-user-space-config-of-SAD-mark.patch
137facba45fbfedc07ebb7f67cd275e351c 0007-xfrm-Allow-user-space-manipulation-of-SPD-mark.patch
138281d56ac34b2903456df769fd42d81f2 kernelconfig.x86"
diff --git a/testing/linux-grsec/grsecurity-2.1.14-2.6.32.8-201002132204.patch b/testing/linux-grsec/grsecurity-2.1.14-2.6.32.8-201002132204.patch
deleted file mode 100644
index 89ad85ae09..0000000000
--- a/testing/linux-grsec/grsecurity-2.1.14-2.6.32.8-201002132204.patch
+++ /dev/null
@@ -1,52817 +0,0 @@
1diff -urNp linux-2.6.32.8/arch/alpha/include/asm/elf.h linux-2.6.32.8/arch/alpha/include/asm/elf.h
2--- linux-2.6.32.8/arch/alpha/include/asm/elf.h 2010-02-09 07:57:19.000000000 -0500
3+++ linux-2.6.32.8/arch/alpha/include/asm/elf.h 2010-02-13 21:45:09.811766877 -0500
4@@ -91,6 +91,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
5
6 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000)
7
8+#ifdef CONFIG_PAX_ASLR
9+#define PAX_ELF_ET_DYN_BASE (current->personality & ADDR_LIMIT_32BIT ? 0x10000 : 0x120000000UL)
10+
11+#define PAX_DELTA_MMAP_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 28)
12+#define PAX_DELTA_STACK_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 19)
13+#endif
14+
15 /* $0 is set by ld.so to a pointer to a function which might be
16 registered using atexit. This provides a mean for the dynamic
17 linker to call DT_FINI functions for shared libraries that have
18diff -urNp linux-2.6.32.8/arch/alpha/include/asm/pgtable.h linux-2.6.32.8/arch/alpha/include/asm/pgtable.h
19--- linux-2.6.32.8/arch/alpha/include/asm/pgtable.h 2010-02-09 07:57:19.000000000 -0500
20+++ linux-2.6.32.8/arch/alpha/include/asm/pgtable.h 2010-02-13 21:45:09.811766877 -0500
21@@ -101,6 +101,17 @@ struct vm_area_struct;
22 #define PAGE_SHARED __pgprot(_PAGE_VALID | __ACCESS_BITS)
23 #define PAGE_COPY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
24 #define PAGE_READONLY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
25+
26+#ifdef CONFIG_PAX_PAGEEXEC
27+# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOE)
28+# define PAGE_COPY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
29+# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
30+#else
31+# define PAGE_SHARED_NOEXEC PAGE_SHARED
32+# define PAGE_COPY_NOEXEC PAGE_COPY
33+# define PAGE_READONLY_NOEXEC PAGE_READONLY
34+#endif
35+
36 #define PAGE_KERNEL __pgprot(_PAGE_VALID | _PAGE_ASM | _PAGE_KRE | _PAGE_KWE)
37
38 #define _PAGE_NORMAL(x) __pgprot(_PAGE_VALID | __ACCESS_BITS | (x))
39diff -urNp linux-2.6.32.8/arch/alpha/kernel/module.c linux-2.6.32.8/arch/alpha/kernel/module.c
40--- linux-2.6.32.8/arch/alpha/kernel/module.c 2010-02-09 07:57:19.000000000 -0500
41+++ linux-2.6.32.8/arch/alpha/kernel/module.c 2010-02-13 21:45:09.812704357 -0500
42@@ -182,7 +182,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs,
43
44 /* The small sections were sorted to the end of the segment.
45 The following should definitely cover them. */
46- gp = (u64)me->module_core + me->core_size - 0x8000;
47+ gp = (u64)me->module_core_rw + me->core_size_rw - 0x8000;
48 got = sechdrs[me->arch.gotsecindex].sh_addr;
49
50 for (i = 0; i < n; i++) {
51diff -urNp linux-2.6.32.8/arch/alpha/kernel/osf_sys.c linux-2.6.32.8/arch/alpha/kernel/osf_sys.c
52--- linux-2.6.32.8/arch/alpha/kernel/osf_sys.c 2010-02-09 07:57:19.000000000 -0500
53+++ linux-2.6.32.8/arch/alpha/kernel/osf_sys.c 2010-02-13 21:45:09.812704357 -0500
54@@ -1205,6 +1205,10 @@ arch_get_unmapped_area(struct file *filp
55 merely specific addresses, but regions of memory -- perhaps
56 this feature should be incorporated into all ports? */
57
58+#ifdef CONFIG_PAX_RANDMMAP
59+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
60+#endif
61+
62 if (addr) {
63 addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
64 if (addr != (unsigned long) -ENOMEM)
65@@ -1212,8 +1216,8 @@ arch_get_unmapped_area(struct file *filp
66 }
67
68 /* Next, try allocating at TASK_UNMAPPED_BASE. */
69- addr = arch_get_unmapped_area_1 (PAGE_ALIGN(TASK_UNMAPPED_BASE),
70- len, limit);
71+ addr = arch_get_unmapped_area_1 (PAGE_ALIGN(current->mm->mmap_base), len, limit);
72+
73 if (addr != (unsigned long) -ENOMEM)
74 return addr;
75
76diff -urNp linux-2.6.32.8/arch/alpha/mm/fault.c linux-2.6.32.8/arch/alpha/mm/fault.c
77--- linux-2.6.32.8/arch/alpha/mm/fault.c 2010-02-09 07:57:19.000000000 -0500
78+++ linux-2.6.32.8/arch/alpha/mm/fault.c 2010-02-13 21:45:09.812704357 -0500
79@@ -54,6 +54,124 @@ __load_new_mm_context(struct mm_struct *
80 __reload_thread(pcb);
81 }
82
83+#ifdef CONFIG_PAX_PAGEEXEC
84+/*
85+ * PaX: decide what to do with offenders (regs->pc = fault address)
86+ *
87+ * returns 1 when task should be killed
88+ * 2 when patched PLT trampoline was detected
89+ * 3 when unpatched PLT trampoline was detected
90+ */
91+static int pax_handle_fetch_fault(struct pt_regs *regs)
92+{
93+
94+#ifdef CONFIG_PAX_EMUPLT
95+ int err;
96+
97+ do { /* PaX: patched PLT emulation #1 */
98+ unsigned int ldah, ldq, jmp;
99+
100+ err = get_user(ldah, (unsigned int *)regs->pc);
101+ err |= get_user(ldq, (unsigned int *)(regs->pc+4));
102+ err |= get_user(jmp, (unsigned int *)(regs->pc+8));
103+
104+ if (err)
105+ break;
106+
107+ if ((ldah & 0xFFFF0000U) == 0x277B0000U &&
108+ (ldq & 0xFFFF0000U) == 0xA77B0000U &&
109+ jmp == 0x6BFB0000U)
110+ {
111+ unsigned long r27, addr;
112+ unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
113+ unsigned long addrl = ldq | 0xFFFFFFFFFFFF0000UL;
114+
115+ addr = regs->r27 + ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
116+ err = get_user(r27, (unsigned long *)addr);
117+ if (err)
118+ break;
119+
120+ regs->r27 = r27;
121+ regs->pc = r27;
122+ return 2;
123+ }
124+ } while (0);
125+
126+ do { /* PaX: patched PLT emulation #2 */
127+ unsigned int ldah, lda, br;
128+
129+ err = get_user(ldah, (unsigned int *)regs->pc);
130+ err |= get_user(lda, (unsigned int *)(regs->pc+4));
131+ err |= get_user(br, (unsigned int *)(regs->pc+8));
132+
133+ if (err)
134+ break;
135+
136+ if ((ldah & 0xFFFF0000U) == 0x277B0000U &&
137+ (lda & 0xFFFF0000U) == 0xA77B0000U &&
138+ (br & 0xFFE00000U) == 0xC3E00000U)
139+ {
140+ unsigned long addr = br | 0xFFFFFFFFFFE00000UL;
141+ unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
142+ unsigned long addrl = lda | 0xFFFFFFFFFFFF0000UL;
143+
144+ regs->r27 += ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
145+ regs->pc += 12 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
146+ return 2;
147+ }
148+ } while (0);
149+
150+ do { /* PaX: unpatched PLT emulation */
151+ unsigned int br;
152+
153+ err = get_user(br, (unsigned int *)regs->pc);
154+
155+ if (!err && (br & 0xFFE00000U) == 0xC3800000U) {
156+ unsigned int br2, ldq, nop, jmp;
157+ unsigned long addr = br | 0xFFFFFFFFFFE00000UL, resolver;
158+
159+ addr = regs->pc + 4 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
160+ err = get_user(br2, (unsigned int *)addr);
161+ err |= get_user(ldq, (unsigned int *)(addr+4));
162+ err |= get_user(nop, (unsigned int *)(addr+8));
163+ err |= get_user(jmp, (unsigned int *)(addr+12));
164+ err |= get_user(resolver, (unsigned long *)(addr+16));
165+
166+ if (err)
167+ break;
168+
169+ if (br2 == 0xC3600000U &&
170+ ldq == 0xA77B000CU &&
171+ nop == 0x47FF041FU &&
172+ jmp == 0x6B7B0000U)
173+ {
174+ regs->r28 = regs->pc+4;
175+ regs->r27 = addr+16;
176+ regs->pc = resolver;
177+ return 3;
178+ }
179+ }
180+ } while (0);
181+#endif
182+
183+ return 1;
184+}
185+
186+void pax_report_insns(void *pc, void *sp)
187+{
188+ unsigned long i;
189+
190+ printk(KERN_ERR "PAX: bytes at PC: ");
191+ for (i = 0; i < 5; i++) {
192+ unsigned int c;
193+ if (get_user(c, (unsigned int *)pc+i))
194+ printk(KERN_CONT "???????? ");
195+ else
196+ printk(KERN_CONT "%08x ", c);
197+ }
198+ printk("\n");
199+}
200+#endif
201
202 /*
203 * This routine handles page faults. It determines the address,
204@@ -131,8 +249,29 @@ do_page_fault(unsigned long address, uns
205 good_area:
206 si_code = SEGV_ACCERR;
207 if (cause < 0) {
208- if (!(vma->vm_flags & VM_EXEC))
209+ if (!(vma->vm_flags & VM_EXEC)) {
210+
211+#ifdef CONFIG_PAX_PAGEEXEC
212+ if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->pc)
213+ goto bad_area;
214+
215+ up_read(&mm->mmap_sem);
216+ switch (pax_handle_fetch_fault(regs)) {
217+
218+#ifdef CONFIG_PAX_EMUPLT
219+ case 2:
220+ case 3:
221+ return;
222+#endif
223+
224+ }
225+ pax_report_fault(regs, (void *)regs->pc, (void *)rdusp());
226+ do_group_exit(SIGKILL);
227+#else
228 goto bad_area;
229+#endif
230+
231+ }
232 } else if (!cause) {
233 /* Allow reads even for write-only mappings */
234 if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
235diff -urNp linux-2.6.32.8/arch/arm/include/asm/elf.h linux-2.6.32.8/arch/arm/include/asm/elf.h
236--- linux-2.6.32.8/arch/arm/include/asm/elf.h 2010-02-09 07:57:19.000000000 -0500
237+++ linux-2.6.32.8/arch/arm/include/asm/elf.h 2010-02-13 21:45:09.813814150 -0500
238@@ -109,7 +109,14 @@ int dump_task_regs(struct task_struct *t
239 the loader. We need to make sure that it is out of the way of the program
240 that it will "exec", and that there is sufficient room for the brk. */
241
242-#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
243+#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
244+
245+#ifdef CONFIG_PAX_ASLR
246+#define PAX_ELF_ET_DYN_BASE 0x00008000UL
247+
248+#define PAX_DELTA_MMAP_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10)
249+#define PAX_DELTA_STACK_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10)
250+#endif
251
252 /* When the program starts, a1 contains a pointer to a function to be
253 registered with atexit, as per the SVR4 ABI. A value of 0 means we
254diff -urNp linux-2.6.32.8/arch/arm/include/asm/kmap_types.h linux-2.6.32.8/arch/arm/include/asm/kmap_types.h
255--- linux-2.6.32.8/arch/arm/include/asm/kmap_types.h 2010-02-09 07:57:19.000000000 -0500
256+++ linux-2.6.32.8/arch/arm/include/asm/kmap_types.h 2010-02-13 21:45:09.813814150 -0500
257@@ -19,6 +19,7 @@ enum km_type {
258 KM_SOFTIRQ0,
259 KM_SOFTIRQ1,
260 KM_L2_CACHE,
261+ KM_CLEARPAGE,
262 KM_TYPE_NR
263 };
264
265diff -urNp linux-2.6.32.8/arch/arm/include/asm/uaccess.h linux-2.6.32.8/arch/arm/include/asm/uaccess.h
266--- linux-2.6.32.8/arch/arm/include/asm/uaccess.h 2010-02-09 07:57:19.000000000 -0500
267+++ linux-2.6.32.8/arch/arm/include/asm/uaccess.h 2010-02-13 21:45:09.813814150 -0500
268@@ -403,6 +403,9 @@ extern unsigned long __must_check __strn
269
270 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
271 {
272+ if ((long)n < 0)
273+ return n;
274+
275 if (access_ok(VERIFY_READ, from, n))
276 n = __copy_from_user(to, from, n);
277 else /* security hole - plug it */
278@@ -412,6 +415,9 @@ static inline unsigned long __must_check
279
280 static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
281 {
282+ if ((long)n < 0)
283+ return n;
284+
285 if (access_ok(VERIFY_WRITE, to, n))
286 n = __copy_to_user(to, from, n);
287 return n;
288diff -urNp linux-2.6.32.8/arch/arm/kernel/kgdb.c linux-2.6.32.8/arch/arm/kernel/kgdb.c
289--- linux-2.6.32.8/arch/arm/kernel/kgdb.c 2010-02-09 07:57:19.000000000 -0500
290+++ linux-2.6.32.8/arch/arm/kernel/kgdb.c 2010-02-13 21:45:09.813814150 -0500
291@@ -190,7 +190,7 @@ void kgdb_arch_exit(void)
292 * and we handle the normal undef case within the do_undefinstr
293 * handler.
294 */
295-struct kgdb_arch arch_kgdb_ops = {
296+const struct kgdb_arch arch_kgdb_ops = {
297 #ifndef __ARMEB__
298 .gdb_bpt_instr = {0xfe, 0xde, 0xff, 0xe7}
299 #else /* ! __ARMEB__ */
300diff -urNp linux-2.6.32.8/arch/arm/mach-at91/pm.c linux-2.6.32.8/arch/arm/mach-at91/pm.c
301--- linux-2.6.32.8/arch/arm/mach-at91/pm.c 2010-02-09 07:57:19.000000000 -0500
302+++ linux-2.6.32.8/arch/arm/mach-at91/pm.c 2010-02-13 21:45:09.813814150 -0500
303@@ -348,7 +348,7 @@ static void at91_pm_end(void)
304 }
305
306
307-static struct platform_suspend_ops at91_pm_ops ={
308+static const struct platform_suspend_ops at91_pm_ops ={
309 .valid = at91_pm_valid_state,
310 .begin = at91_pm_begin,
311 .enter = at91_pm_enter,
312diff -urNp linux-2.6.32.8/arch/arm/mach-omap1/pm.c linux-2.6.32.8/arch/arm/mach-omap1/pm.c
313--- linux-2.6.32.8/arch/arm/mach-omap1/pm.c 2010-02-09 07:57:19.000000000 -0500
314+++ linux-2.6.32.8/arch/arm/mach-omap1/pm.c 2010-02-13 21:45:09.814898798 -0500
315@@ -647,7 +647,7 @@ static struct irqaction omap_wakeup_irq
316
317
318
319-static struct platform_suspend_ops omap_pm_ops ={
320+static const struct platform_suspend_ops omap_pm_ops ={
321 .prepare = omap_pm_prepare,
322 .enter = omap_pm_enter,
323 .finish = omap_pm_finish,
324diff -urNp linux-2.6.32.8/arch/arm/mach-omap2/pm24xx.c linux-2.6.32.8/arch/arm/mach-omap2/pm24xx.c
325--- linux-2.6.32.8/arch/arm/mach-omap2/pm24xx.c 2010-02-09 07:57:19.000000000 -0500
326+++ linux-2.6.32.8/arch/arm/mach-omap2/pm24xx.c 2010-02-13 21:45:09.814898798 -0500
327@@ -326,7 +326,7 @@ static void omap2_pm_finish(void)
328 enable_hlt();
329 }
330
331-static struct platform_suspend_ops omap_pm_ops = {
332+static const struct platform_suspend_ops omap_pm_ops = {
333 .prepare = omap2_pm_prepare,
334 .enter = omap2_pm_enter,
335 .finish = omap2_pm_finish,
336diff -urNp linux-2.6.32.8/arch/arm/mach-omap2/pm34xx.c linux-2.6.32.8/arch/arm/mach-omap2/pm34xx.c
337--- linux-2.6.32.8/arch/arm/mach-omap2/pm34xx.c 2010-02-09 07:57:19.000000000 -0500
338+++ linux-2.6.32.8/arch/arm/mach-omap2/pm34xx.c 2010-02-13 21:45:09.814898798 -0500
339@@ -401,7 +401,7 @@ static void omap3_pm_end(void)
340 return;
341 }
342
343-static struct platform_suspend_ops omap_pm_ops = {
344+static const struct platform_suspend_ops omap_pm_ops = {
345 .begin = omap3_pm_begin,
346 .end = omap3_pm_end,
347 .prepare = omap3_pm_prepare,
348diff -urNp linux-2.6.32.8/arch/arm/mach-pnx4008/pm.c linux-2.6.32.8/arch/arm/mach-pnx4008/pm.c
349--- linux-2.6.32.8/arch/arm/mach-pnx4008/pm.c 2010-02-09 07:57:19.000000000 -0500
350+++ linux-2.6.32.8/arch/arm/mach-pnx4008/pm.c 2010-02-13 21:45:09.814898798 -0500
351@@ -116,7 +116,7 @@ static int pnx4008_pm_valid(suspend_stat
352 (state == PM_SUSPEND_MEM);
353 }
354
355-static struct platform_suspend_ops pnx4008_pm_ops = {
356+static const struct platform_suspend_ops pnx4008_pm_ops = {
357 .enter = pnx4008_pm_enter,
358 .valid = pnx4008_pm_valid,
359 };
360diff -urNp linux-2.6.32.8/arch/arm/mach-pxa/pm.c linux-2.6.32.8/arch/arm/mach-pxa/pm.c
361--- linux-2.6.32.8/arch/arm/mach-pxa/pm.c 2010-02-09 07:57:19.000000000 -0500
362+++ linux-2.6.32.8/arch/arm/mach-pxa/pm.c 2010-02-13 21:45:09.814898798 -0500
363@@ -95,7 +95,7 @@ void pxa_pm_finish(void)
364 pxa_cpu_pm_fns->finish();
365 }
366
367-static struct platform_suspend_ops pxa_pm_ops = {
368+static const struct platform_suspend_ops pxa_pm_ops = {
369 .valid = pxa_pm_valid,
370 .enter = pxa_pm_enter,
371 .prepare = pxa_pm_prepare,
372diff -urNp linux-2.6.32.8/arch/arm/mach-pxa/sharpsl_pm.c linux-2.6.32.8/arch/arm/mach-pxa/sharpsl_pm.c
373--- linux-2.6.32.8/arch/arm/mach-pxa/sharpsl_pm.c 2010-02-09 07:57:19.000000000 -0500
374+++ linux-2.6.32.8/arch/arm/mach-pxa/sharpsl_pm.c 2010-02-13 21:45:09.815898883 -0500
375@@ -891,7 +891,7 @@ static void sharpsl_apm_get_power_status
376 }
377
378 #ifdef CONFIG_PM
379-static struct platform_suspend_ops sharpsl_pm_ops = {
380+static const struct platform_suspend_ops sharpsl_pm_ops = {
381 .prepare = pxa_pm_prepare,
382 .finish = pxa_pm_finish,
383 .enter = corgi_pxa_pm_enter,
384diff -urNp linux-2.6.32.8/arch/arm/mach-sa1100/pm.c linux-2.6.32.8/arch/arm/mach-sa1100/pm.c
385--- linux-2.6.32.8/arch/arm/mach-sa1100/pm.c 2010-02-09 07:57:19.000000000 -0500
386+++ linux-2.6.32.8/arch/arm/mach-sa1100/pm.c 2010-02-13 21:45:09.815898883 -0500
387@@ -120,7 +120,7 @@ unsigned long sleep_phys_sp(void *sp)
388 return virt_to_phys(sp);
389 }
390
391-static struct platform_suspend_ops sa11x0_pm_ops = {
392+static const struct platform_suspend_ops sa11x0_pm_ops = {
393 .enter = sa11x0_pm_enter,
394 .valid = suspend_valid_only_mem,
395 };
396diff -urNp linux-2.6.32.8/arch/arm/mm/fault.c linux-2.6.32.8/arch/arm/mm/fault.c
397--- linux-2.6.32.8/arch/arm/mm/fault.c 2010-02-09 07:57:19.000000000 -0500
398+++ linux-2.6.32.8/arch/arm/mm/fault.c 2010-02-13 21:45:09.815898883 -0500
399@@ -166,6 +166,13 @@ __do_user_fault(struct task_struct *tsk,
400 }
401 #endif
402
403+#ifdef CONFIG_PAX_PAGEEXEC
404+ if (fsr & FSR_LNX_PF) {
405+ pax_report_fault(regs, (void *)regs->ARM_pc, (void *)regs->ARM_sp);
406+ do_group_exit(SIGKILL);
407+ }
408+#endif
409+
410 tsk->thread.address = addr;
411 tsk->thread.error_code = fsr;
412 tsk->thread.trap_no = 14;
413@@ -357,6 +364,33 @@ do_page_fault(unsigned long addr, unsign
414 }
415 #endif /* CONFIG_MMU */
416
417+#ifdef CONFIG_PAX_PAGEEXEC
418+void pax_report_insns(void *pc, void *sp)
419+{
420+ long i;
421+
422+ printk(KERN_ERR "PAX: bytes at PC: ");
423+ for (i = 0; i < 20; i++) {
424+ unsigned char c;
425+ if (get_user(c, (__force unsigned char __user *)pc+i))
426+ printk(KERN_CONT "?? ");
427+ else
428+ printk(KERN_CONT "%02x ", c);
429+ }
430+ printk("\n");
431+
432+ printk(KERN_ERR "PAX: bytes at SP-4: ");
433+ for (i = -1; i < 20; i++) {
434+ unsigned long c;
435+ if (get_user(c, (__force unsigned long __user *)sp+i))
436+ printk(KERN_CONT "???????? ");
437+ else
438+ printk(KERN_CONT "%08lx ", c);
439+ }
440+ printk("\n");
441+}
442+#endif
443+
444 /*
445 * First Level Translation Fault Handler
446 *
447diff -urNp linux-2.6.32.8/arch/arm/mm/mmap.c linux-2.6.32.8/arch/arm/mm/mmap.c
448--- linux-2.6.32.8/arch/arm/mm/mmap.c 2010-02-09 07:57:19.000000000 -0500
449+++ linux-2.6.32.8/arch/arm/mm/mmap.c 2010-02-13 21:45:09.821722719 -0500
450@@ -63,6 +63,10 @@ arch_get_unmapped_area(struct file *filp
451 if (len > TASK_SIZE)
452 return -ENOMEM;
453
454+#ifdef CONFIG_PAX_RANDMMAP
455+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
456+#endif
457+
458 if (addr) {
459 if (do_align)
460 addr = COLOUR_ALIGN(addr, pgoff);
461@@ -75,10 +79,10 @@ arch_get_unmapped_area(struct file *filp
462 return addr;
463 }
464 if (len > mm->cached_hole_size) {
465- start_addr = addr = mm->free_area_cache;
466+ start_addr = addr = mm->free_area_cache;
467 } else {
468- start_addr = addr = TASK_UNMAPPED_BASE;
469- mm->cached_hole_size = 0;
470+ start_addr = addr = mm->mmap_base;
471+ mm->cached_hole_size = 0;
472 }
473
474 full_search:
475@@ -94,8 +98,8 @@ full_search:
476 * Start a new search - just in case we missed
477 * some holes.
478 */
479- if (start_addr != TASK_UNMAPPED_BASE) {
480- start_addr = addr = TASK_UNMAPPED_BASE;
481+ if (start_addr != mm->mmap_base) {
482+ start_addr = addr = mm->mmap_base;
483 mm->cached_hole_size = 0;
484 goto full_search;
485 }
486diff -urNp linux-2.6.32.8/arch/arm/plat-s3c/pm.c linux-2.6.32.8/arch/arm/plat-s3c/pm.c
487--- linux-2.6.32.8/arch/arm/plat-s3c/pm.c 2010-02-09 07:57:19.000000000 -0500
488+++ linux-2.6.32.8/arch/arm/plat-s3c/pm.c 2010-02-13 21:45:09.821722719 -0500
489@@ -355,7 +355,7 @@ static void s3c_pm_finish(void)
490 s3c_pm_check_cleanup();
491 }
492
493-static struct platform_suspend_ops s3c_pm_ops = {
494+static const struct platform_suspend_ops s3c_pm_ops = {
495 .enter = s3c_pm_enter,
496 .prepare = s3c_pm_prepare,
497 .finish = s3c_pm_finish,
498diff -urNp linux-2.6.32.8/arch/avr32/include/asm/elf.h linux-2.6.32.8/arch/avr32/include/asm/elf.h
499--- linux-2.6.32.8/arch/avr32/include/asm/elf.h 2010-02-09 07:57:19.000000000 -0500
500+++ linux-2.6.32.8/arch/avr32/include/asm/elf.h 2010-02-13 21:45:09.821722719 -0500
501@@ -85,8 +85,14 @@ typedef struct user_fpu_struct elf_fpreg
502 the loader. We need to make sure that it is out of the way of the program
503 that it will "exec", and that there is sufficient room for the brk. */
504
505-#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
506+#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
507
508+#ifdef CONFIG_PAX_ASLR
509+#define PAX_ELF_ET_DYN_BASE 0x00001000UL
510+
511+#define PAX_DELTA_MMAP_LEN 15
512+#define PAX_DELTA_STACK_LEN 15
513+#endif
514
515 /* This yields a mask that user programs can use to figure out what
516 instruction set this CPU supports. This could be done in user space,
517diff -urNp linux-2.6.32.8/arch/avr32/include/asm/kmap_types.h linux-2.6.32.8/arch/avr32/include/asm/kmap_types.h
518--- linux-2.6.32.8/arch/avr32/include/asm/kmap_types.h 2010-02-09 07:57:19.000000000 -0500
519+++ linux-2.6.32.8/arch/avr32/include/asm/kmap_types.h 2010-02-13 21:45:09.821722719 -0500
520@@ -22,7 +22,8 @@ D(10) KM_IRQ0,
521 D(11) KM_IRQ1,
522 D(12) KM_SOFTIRQ0,
523 D(13) KM_SOFTIRQ1,
524-D(14) KM_TYPE_NR
525+D(14) KM_CLEARPAGE,
526+D(15) KM_TYPE_NR
527 };
528
529 #undef D
530diff -urNp linux-2.6.32.8/arch/avr32/mach-at32ap/pm.c linux-2.6.32.8/arch/avr32/mach-at32ap/pm.c
531--- linux-2.6.32.8/arch/avr32/mach-at32ap/pm.c 2010-02-09 07:57:19.000000000 -0500
532+++ linux-2.6.32.8/arch/avr32/mach-at32ap/pm.c 2010-02-13 21:45:09.821722719 -0500
533@@ -176,7 +176,7 @@ out:
534 return 0;
535 }
536
537-static struct platform_suspend_ops avr32_pm_ops = {
538+static const struct platform_suspend_ops avr32_pm_ops = {
539 .valid = avr32_pm_valid_state,
540 .enter = avr32_pm_enter,
541 };
542diff -urNp linux-2.6.32.8/arch/avr32/mm/fault.c linux-2.6.32.8/arch/avr32/mm/fault.c
543--- linux-2.6.32.8/arch/avr32/mm/fault.c 2010-02-09 07:57:19.000000000 -0500
544+++ linux-2.6.32.8/arch/avr32/mm/fault.c 2010-02-13 21:45:09.821722719 -0500
545@@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
546
547 int exception_trace = 1;
548
549+#ifdef CONFIG_PAX_PAGEEXEC
550+void pax_report_insns(void *pc, void *sp)
551+{
552+ unsigned long i;
553+
554+ printk(KERN_ERR "PAX: bytes at PC: ");
555+ for (i = 0; i < 20; i++) {
556+ unsigned char c;
557+ if (get_user(c, (unsigned char *)pc+i))
558+ printk(KERN_CONT "???????? ");
559+ else
560+ printk(KERN_CONT "%02x ", c);
561+ }
562+ printk("\n");
563+}
564+#endif
565+
566 /*
567 * This routine handles page faults. It determines the address and the
568 * problem, and then passes it off to one of the appropriate routines.
569@@ -157,6 +174,16 @@ bad_area:
570 up_read(&mm->mmap_sem);
571
572 if (user_mode(regs)) {
573+
574+#ifdef CONFIG_PAX_PAGEEXEC
575+ if (mm->pax_flags & MF_PAX_PAGEEXEC) {
576+ if (ecr == ECR_PROTECTION_X || ecr == ECR_TLB_MISS_X) {
577+ pax_report_fault(regs, (void *)regs->pc, (void *)regs->sp);
578+ do_group_exit(SIGKILL);
579+ }
580+ }
581+#endif
582+
583 if (exception_trace && printk_ratelimit())
584 printk("%s%s[%d]: segfault at %08lx pc %08lx "
585 "sp %08lx ecr %lu\n",
586diff -urNp linux-2.6.32.8/arch/blackfin/kernel/kgdb.c linux-2.6.32.8/arch/blackfin/kernel/kgdb.c
587--- linux-2.6.32.8/arch/blackfin/kernel/kgdb.c 2010-02-09 07:57:19.000000000 -0500
588+++ linux-2.6.32.8/arch/blackfin/kernel/kgdb.c 2010-02-13 21:45:09.823650214 -0500
589@@ -428,7 +428,7 @@ int kgdb_arch_handle_exception(int vecto
590 return -1; /* this means that we do not want to exit from the handler */
591 }
592
593-struct kgdb_arch arch_kgdb_ops = {
594+const struct kgdb_arch arch_kgdb_ops = {
595 .gdb_bpt_instr = {0xa1},
596 #ifdef CONFIG_SMP
597 .flags = KGDB_HW_BREAKPOINT|KGDB_THR_PROC_SWAP,
598diff -urNp linux-2.6.32.8/arch/blackfin/mach-common/pm.c linux-2.6.32.8/arch/blackfin/mach-common/pm.c
599--- linux-2.6.32.8/arch/blackfin/mach-common/pm.c 2010-02-09 07:57:19.000000000 -0500
600+++ linux-2.6.32.8/arch/blackfin/mach-common/pm.c 2010-02-13 21:45:09.823650214 -0500
601@@ -255,7 +255,7 @@ static int bfin_pm_enter(suspend_state_t
602 return 0;
603 }
604
605-struct platform_suspend_ops bfin_pm_ops = {
606+const struct platform_suspend_ops bfin_pm_ops = {
607 .enter = bfin_pm_enter,
608 .valid = bfin_pm_valid,
609 };
610diff -urNp linux-2.6.32.8/arch/frv/include/asm/kmap_types.h linux-2.6.32.8/arch/frv/include/asm/kmap_types.h
611--- linux-2.6.32.8/arch/frv/include/asm/kmap_types.h 2010-02-09 07:57:19.000000000 -0500
612+++ linux-2.6.32.8/arch/frv/include/asm/kmap_types.h 2010-02-13 21:45:09.823650214 -0500
613@@ -23,6 +23,7 @@ enum km_type {
614 KM_IRQ1,
615 KM_SOFTIRQ0,
616 KM_SOFTIRQ1,
617+ KM_CLEARPAGE,
618 KM_TYPE_NR
619 };
620
621diff -urNp linux-2.6.32.8/arch/ia64/hp/common/hwsw_iommu.c linux-2.6.32.8/arch/ia64/hp/common/hwsw_iommu.c
622--- linux-2.6.32.8/arch/ia64/hp/common/hwsw_iommu.c 2010-02-09 07:57:19.000000000 -0500
623+++ linux-2.6.32.8/arch/ia64/hp/common/hwsw_iommu.c 2010-02-13 21:45:09.823650214 -0500
624@@ -17,7 +17,7 @@
625 #include <linux/swiotlb.h>
626 #include <asm/machvec.h>
627
628-extern struct dma_map_ops sba_dma_ops, swiotlb_dma_ops;
629+extern const struct dma_map_ops sba_dma_ops, swiotlb_dma_ops;
630
631 /* swiotlb declarations & definitions: */
632 extern int swiotlb_late_init_with_default_size (size_t size);
633@@ -33,7 +33,7 @@ static inline int use_swiotlb(struct dev
634 !sba_dma_ops.dma_supported(dev, *dev->dma_mask);
635 }
636
637-struct dma_map_ops *hwsw_dma_get_ops(struct device *dev)
638+const struct dma_map_ops *hwsw_dma_get_ops(struct device *dev)
639 {
640 if (use_swiotlb(dev))
641 return &swiotlb_dma_ops;
642diff -urNp linux-2.6.32.8/arch/ia64/hp/common/sba_iommu.c linux-2.6.32.8/arch/ia64/hp/common/sba_iommu.c
643--- linux-2.6.32.8/arch/ia64/hp/common/sba_iommu.c 2010-02-09 07:57:19.000000000 -0500
644+++ linux-2.6.32.8/arch/ia64/hp/common/sba_iommu.c 2010-02-13 21:45:09.823650214 -0500
645@@ -2077,7 +2077,7 @@ static struct acpi_driver acpi_sba_ioc_d
646 },
647 };
648
649-extern struct dma_map_ops swiotlb_dma_ops;
650+extern const struct dma_map_ops swiotlb_dma_ops;
651
652 static int __init
653 sba_init(void)
654@@ -2191,7 +2191,7 @@ sba_page_override(char *str)
655
656 __setup("sbapagesize=",sba_page_override);
657
658-struct dma_map_ops sba_dma_ops = {
659+const struct dma_map_ops sba_dma_ops = {
660 .alloc_coherent = sba_alloc_coherent,
661 .free_coherent = sba_free_coherent,
662 .map_page = sba_map_page,
663diff -urNp linux-2.6.32.8/arch/ia64/ia32/binfmt_elf32.c linux-2.6.32.8/arch/ia64/ia32/binfmt_elf32.c
664--- linux-2.6.32.8/arch/ia64/ia32/binfmt_elf32.c 2010-02-09 07:57:19.000000000 -0500
665+++ linux-2.6.32.8/arch/ia64/ia32/binfmt_elf32.c 2010-02-13 21:45:09.824898259 -0500
666@@ -45,6 +45,13 @@ randomize_stack_top(unsigned long stack_
667
668 #define elf_read_implies_exec(ex, have_pt_gnu_stack) (!(have_pt_gnu_stack))
669
670+#ifdef CONFIG_PAX_ASLR
671+#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
672+
673+#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
674+#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
675+#endif
676+
677 /* Ugly but avoids duplication */
678 #include "../../../fs/binfmt_elf.c"
679
680diff -urNp linux-2.6.32.8/arch/ia64/ia32/ia32priv.h linux-2.6.32.8/arch/ia64/ia32/ia32priv.h
681--- linux-2.6.32.8/arch/ia64/ia32/ia32priv.h 2010-02-09 07:57:19.000000000 -0500
682+++ linux-2.6.32.8/arch/ia64/ia32/ia32priv.h 2010-02-13 21:45:09.824898259 -0500
683@@ -296,7 +296,14 @@ typedef struct compat_siginfo {
684 #define ELF_DATA ELFDATA2LSB
685 #define ELF_ARCH EM_386
686
687-#define IA32_STACK_TOP IA32_PAGE_OFFSET
688+#ifdef CONFIG_PAX_RANDUSTACK
689+#define __IA32_DELTA_STACK (current->mm->delta_stack)
690+#else
691+#define __IA32_DELTA_STACK 0UL
692+#endif
693+
694+#define IA32_STACK_TOP (IA32_PAGE_OFFSET - __IA32_DELTA_STACK)
695+
696 #define IA32_GATE_OFFSET IA32_PAGE_OFFSET
697 #define IA32_GATE_END IA32_PAGE_OFFSET + PAGE_SIZE
698
699diff -urNp linux-2.6.32.8/arch/ia64/include/asm/dma-mapping.h linux-2.6.32.8/arch/ia64/include/asm/dma-mapping.h
700--- linux-2.6.32.8/arch/ia64/include/asm/dma-mapping.h 2010-02-09 07:57:19.000000000 -0500
701+++ linux-2.6.32.8/arch/ia64/include/asm/dma-mapping.h 2010-02-13 21:45:09.824898259 -0500
702@@ -12,7 +12,7 @@
703
704 #define ARCH_HAS_DMA_GET_REQUIRED_MASK
705
706-extern struct dma_map_ops *dma_ops;
707+extern const struct dma_map_ops *dma_ops;
708 extern struct ia64_machine_vector ia64_mv;
709 extern void set_iommu_machvec(void);
710
711@@ -24,7 +24,7 @@ extern void machvec_dma_sync_sg(struct d
712 static inline void *dma_alloc_coherent(struct device *dev, size_t size,
713 dma_addr_t *daddr, gfp_t gfp)
714 {
715- struct dma_map_ops *ops = platform_dma_get_ops(dev);
716+ const struct dma_map_ops *ops = platform_dma_get_ops(dev);
717 void *caddr;
718
719 caddr = ops->alloc_coherent(dev, size, daddr, gfp);
720@@ -35,7 +35,7 @@ static inline void *dma_alloc_coherent(s
721 static inline void dma_free_coherent(struct device *dev, size_t size,
722 void *caddr, dma_addr_t daddr)
723 {
724- struct dma_map_ops *ops = platform_dma_get_ops(dev);
725+ const struct dma_map_ops *ops = platform_dma_get_ops(dev);
726 debug_dma_free_coherent(dev, size, caddr, daddr);
727 ops->free_coherent(dev, size, caddr, daddr);
728 }
729@@ -49,13 +49,13 @@ static inline void dma_free_coherent(str
730
731 static inline int dma_mapping_error(struct device *dev, dma_addr_t daddr)
732 {
733- struct dma_map_ops *ops = platform_dma_get_ops(dev);
734+ const struct dma_map_ops *ops = platform_dma_get_ops(dev);
735 return ops->mapping_error(dev, daddr);
736 }
737
738 static inline int dma_supported(struct device *dev, u64 mask)
739 {
740- struct dma_map_ops *ops = platform_dma_get_ops(dev);
741+ const struct dma_map_ops *ops = platform_dma_get_ops(dev);
742 return ops->dma_supported(dev, mask);
743 }
744
745diff -urNp linux-2.6.32.8/arch/ia64/include/asm/elf.h linux-2.6.32.8/arch/ia64/include/asm/elf.h
746--- linux-2.6.32.8/arch/ia64/include/asm/elf.h 2010-02-09 07:57:19.000000000 -0500
747+++ linux-2.6.32.8/arch/ia64/include/asm/elf.h 2010-02-13 21:45:09.824898259 -0500
748@@ -43,6 +43,13 @@
749 */
750 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x800000000UL)
751
752+#ifdef CONFIG_PAX_ASLR
753+#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
754+
755+#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
756+#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
757+#endif
758+
759 #define PT_IA_64_UNWIND 0x70000001
760
761 /* IA-64 relocations: */
762diff -urNp linux-2.6.32.8/arch/ia64/include/asm/machvec.h linux-2.6.32.8/arch/ia64/include/asm/machvec.h
763--- linux-2.6.32.8/arch/ia64/include/asm/machvec.h 2010-02-09 07:57:19.000000000 -0500
764+++ linux-2.6.32.8/arch/ia64/include/asm/machvec.h 2010-02-13 21:45:09.824898259 -0500
765@@ -45,7 +45,7 @@ typedef void ia64_mv_kernel_launch_event
766 /* DMA-mapping interface: */
767 typedef void ia64_mv_dma_init (void);
768 typedef u64 ia64_mv_dma_get_required_mask (struct device *);
769-typedef struct dma_map_ops *ia64_mv_dma_get_ops(struct device *);
770+typedef const struct dma_map_ops *ia64_mv_dma_get_ops(struct device *);
771
772 /*
773 * WARNING: The legacy I/O space is _architected_. Platforms are
774@@ -251,7 +251,7 @@ extern void machvec_init_from_cmdline(co
775 # endif /* CONFIG_IA64_GENERIC */
776
777 extern void swiotlb_dma_init(void);
778-extern struct dma_map_ops *dma_get_ops(struct device *);
779+extern const struct dma_map_ops *dma_get_ops(struct device *);
780
781 /*
782 * Define default versions so we can extend machvec for new platforms without having
783diff -urNp linux-2.6.32.8/arch/ia64/include/asm/pgtable.h linux-2.6.32.8/arch/ia64/include/asm/pgtable.h
784--- linux-2.6.32.8/arch/ia64/include/asm/pgtable.h 2010-02-09 07:57:19.000000000 -0500
785+++ linux-2.6.32.8/arch/ia64/include/asm/pgtable.h 2010-02-13 21:45:09.824898259 -0500
786@@ -143,6 +143,17 @@
787 #define PAGE_READONLY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
788 #define PAGE_COPY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
789 #define PAGE_COPY_EXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RX)
790+
791+#ifdef CONFIG_PAX_PAGEEXEC
792+# define PAGE_SHARED_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RW)
793+# define PAGE_READONLY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
794+# define PAGE_COPY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
795+#else
796+# define PAGE_SHARED_NOEXEC PAGE_SHARED
797+# define PAGE_READONLY_NOEXEC PAGE_READONLY
798+# define PAGE_COPY_NOEXEC PAGE_COPY
799+#endif
800+
801 #define PAGE_GATE __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX)
802 #define PAGE_KERNEL __pgprot(__DIRTY_BITS | _PAGE_PL_0 | _PAGE_AR_RWX)
803 #define PAGE_KERNELRX __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX)
804diff -urNp linux-2.6.32.8/arch/ia64/include/asm/uaccess.h linux-2.6.32.8/arch/ia64/include/asm/uaccess.h
805--- linux-2.6.32.8/arch/ia64/include/asm/uaccess.h 2010-02-09 07:57:19.000000000 -0500
806+++ linux-2.6.32.8/arch/ia64/include/asm/uaccess.h 2010-02-13 21:45:09.825895338 -0500
807@@ -257,7 +257,7 @@ __copy_from_user (void *to, const void _
808 const void *__cu_from = (from); \
809 long __cu_len = (n); \
810 \
811- if (__access_ok(__cu_to, __cu_len, get_fs())) \
812+ if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_to, __cu_len, get_fs())) \
813 __cu_len = __copy_user(__cu_to, (__force void __user *) __cu_from, __cu_len); \
814 __cu_len; \
815 })
816@@ -269,7 +269,7 @@ __copy_from_user (void *to, const void _
817 long __cu_len = (n); \
818 \
819 __chk_user_ptr(__cu_from); \
820- if (__access_ok(__cu_from, __cu_len, get_fs())) \
821+ if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_from, __cu_len, get_fs())) \
822 __cu_len = __copy_user((__force void __user *) __cu_to, __cu_from, __cu_len); \
823 __cu_len; \
824 })
825diff -urNp linux-2.6.32.8/arch/ia64/kernel/dma-mapping.c linux-2.6.32.8/arch/ia64/kernel/dma-mapping.c
826--- linux-2.6.32.8/arch/ia64/kernel/dma-mapping.c 2010-02-09 07:57:19.000000000 -0500
827+++ linux-2.6.32.8/arch/ia64/kernel/dma-mapping.c 2010-02-13 21:45:09.825895338 -0500
828@@ -3,7 +3,7 @@
829 /* Set this to 1 if there is a HW IOMMU in the system */
830 int iommu_detected __read_mostly;
831
832-struct dma_map_ops *dma_ops;
833+const struct dma_map_ops *dma_ops;
834 EXPORT_SYMBOL(dma_ops);
835
836 #define PREALLOC_DMA_DEBUG_ENTRIES (1 << 16)
837@@ -16,7 +16,7 @@ static int __init dma_init(void)
838 }
839 fs_initcall(dma_init);
840
841-struct dma_map_ops *dma_get_ops(struct device *dev)
842+const struct dma_map_ops *dma_get_ops(struct device *dev)
843 {
844 return dma_ops;
845 }
846diff -urNp linux-2.6.32.8/arch/ia64/kernel/module.c linux-2.6.32.8/arch/ia64/kernel/module.c
847--- linux-2.6.32.8/arch/ia64/kernel/module.c 2010-02-09 07:57:19.000000000 -0500
848+++ linux-2.6.32.8/arch/ia64/kernel/module.c 2010-02-13 21:45:09.826722735 -0500
849@@ -315,8 +315,7 @@ module_alloc (unsigned long size)
850 void
851 module_free (struct module *mod, void *module_region)
852 {
853- if (mod && mod->arch.init_unw_table &&
854- module_region == mod->module_init) {
855+ if (mod && mod->arch.init_unw_table && module_region == mod->module_init_rx) {
856 unw_remove_unwind_table(mod->arch.init_unw_table);
857 mod->arch.init_unw_table = NULL;
858 }
859@@ -502,15 +501,39 @@ module_frob_arch_sections (Elf_Ehdr *ehd
860 }
861
862 static inline int
863+in_init_rx (const struct module *mod, uint64_t addr)
864+{
865+ return addr - (uint64_t) mod->module_init_rx < mod->init_size_rx;
866+}
867+
868+static inline int
869+in_init_rw (const struct module *mod, uint64_t addr)
870+{
871+ return addr - (uint64_t) mod->module_init_rw < mod->init_size_rw;
872+}
873+
874+static inline int
875 in_init (const struct module *mod, uint64_t addr)
876 {
877- return addr - (uint64_t) mod->module_init < mod->init_size;
878+ return in_init_rx(mod, addr) || in_init_rw(mod, addr);
879+}
880+
881+static inline int
882+in_core_rx (const struct module *mod, uint64_t addr)
883+{
884+ return addr - (uint64_t) mod->module_core_rx < mod->core_size_rx;
885+}
886+
887+static inline int
888+in_core_rw (const struct module *mod, uint64_t addr)
889+{
890+ return addr - (uint64_t) mod->module_core_rw < mod->core_size_rw;
891 }
892
893 static inline int
894 in_core (const struct module *mod, uint64_t addr)
895 {
896- return addr - (uint64_t) mod->module_core < mod->core_size;
897+ return in_core_rx(mod, addr) || in_core_rw(mod, addr);
898 }
899
900 static inline int
901@@ -693,7 +716,14 @@ do_reloc (struct module *mod, uint8_t r_
902 break;
903
904 case RV_BDREL:
905- val -= (uint64_t) (in_init(mod, val) ? mod->module_init : mod->module_core);
906+ if (in_init_rx(mod, val))
907+ val -= (uint64_t) mod->module_init_rx;
908+ else if (in_init_rw(mod, val))
909+ val -= (uint64_t) mod->module_init_rw;
910+ else if (in_core_rx(mod, val))
911+ val -= (uint64_t) mod->module_core_rx;
912+ else if (in_core_rw(mod, val))
913+ val -= (uint64_t) mod->module_core_rw;
914 break;
915
916 case RV_LTV:
917@@ -828,15 +858,15 @@ apply_relocate_add (Elf64_Shdr *sechdrs,
918 * addresses have been selected...
919 */
920 uint64_t gp;
921- if (mod->core_size > MAX_LTOFF)
922+ if (mod->core_size_rx + mod->core_size_rw > MAX_LTOFF)
923 /*
924 * This takes advantage of fact that SHF_ARCH_SMALL gets allocated
925 * at the end of the module.
926 */
927- gp = mod->core_size - MAX_LTOFF / 2;
928+ gp = mod->core_size_rx + mod->core_size_rw - MAX_LTOFF / 2;
929 else
930- gp = mod->core_size / 2;
931- gp = (uint64_t) mod->module_core + ((gp + 7) & -8);
932+ gp = (mod->core_size_rx + mod->core_size_rw) / 2;
933+ gp = (uint64_t) mod->module_core_rx + ((gp + 7) & -8);
934 mod->arch.gp = gp;
935 DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp);
936 }
937diff -urNp linux-2.6.32.8/arch/ia64/kernel/pci-dma.c linux-2.6.32.8/arch/ia64/kernel/pci-dma.c
938--- linux-2.6.32.8/arch/ia64/kernel/pci-dma.c 2010-02-09 07:57:19.000000000 -0500
939+++ linux-2.6.32.8/arch/ia64/kernel/pci-dma.c 2010-02-13 21:45:09.826722735 -0500
940@@ -43,7 +43,7 @@ struct device fallback_dev = {
941 .dma_mask = &fallback_dev.coherent_dma_mask,
942 };
943
944-extern struct dma_map_ops intel_dma_ops;
945+extern const struct dma_map_ops intel_dma_ops;
946
947 static int __init pci_iommu_init(void)
948 {
949diff -urNp linux-2.6.32.8/arch/ia64/kernel/pci-swiotlb.c linux-2.6.32.8/arch/ia64/kernel/pci-swiotlb.c
950--- linux-2.6.32.8/arch/ia64/kernel/pci-swiotlb.c 2010-02-09 07:57:19.000000000 -0500
951+++ linux-2.6.32.8/arch/ia64/kernel/pci-swiotlb.c 2010-02-13 21:45:09.826722735 -0500
952@@ -21,7 +21,7 @@ static void *ia64_swiotlb_alloc_coherent
953 return swiotlb_alloc_coherent(dev, size, dma_handle, gfp);
954 }
955
956-struct dma_map_ops swiotlb_dma_ops = {
957+const struct dma_map_ops swiotlb_dma_ops = {
958 .alloc_coherent = ia64_swiotlb_alloc_coherent,
959 .free_coherent = swiotlb_free_coherent,
960 .map_page = swiotlb_map_page,
961diff -urNp linux-2.6.32.8/arch/ia64/kernel/sys_ia64.c linux-2.6.32.8/arch/ia64/kernel/sys_ia64.c
962--- linux-2.6.32.8/arch/ia64/kernel/sys_ia64.c 2010-02-09 07:57:19.000000000 -0500
963+++ linux-2.6.32.8/arch/ia64/kernel/sys_ia64.c 2010-02-13 21:45:09.826722735 -0500
964@@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil
965 if (REGION_NUMBER(addr) == RGN_HPAGE)
966 addr = 0;
967 #endif
968+
969+#ifdef CONFIG_PAX_RANDMMAP
970+ if (mm->pax_flags & MF_PAX_RANDMMAP)
971+ addr = mm->free_area_cache;
972+ else
973+#endif
974+
975 if (!addr)
976 addr = mm->free_area_cache;
977
978@@ -61,9 +68,9 @@ arch_get_unmapped_area (struct file *fil
979 for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
980 /* At this point: (!vma || addr < vma->vm_end). */
981 if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) {
982- if (start_addr != TASK_UNMAPPED_BASE) {
983+ if (start_addr != mm->mmap_base) {
984 /* Start a new search --- just in case we missed some holes. */
985- addr = TASK_UNMAPPED_BASE;
986+ addr = mm->mmap_base;
987 goto full_search;
988 }
989 return -ENOMEM;
990diff -urNp linux-2.6.32.8/arch/ia64/kernel/topology.c linux-2.6.32.8/arch/ia64/kernel/topology.c
991--- linux-2.6.32.8/arch/ia64/kernel/topology.c 2010-02-09 07:57:19.000000000 -0500
992+++ linux-2.6.32.8/arch/ia64/kernel/topology.c 2010-02-13 21:45:09.826722735 -0500
993@@ -282,7 +282,7 @@ static ssize_t cache_show(struct kobject
994 return ret;
995 }
996
997-static struct sysfs_ops cache_sysfs_ops = {
998+static const struct sysfs_ops cache_sysfs_ops = {
999 .show = cache_show
1000 };
1001
1002diff -urNp linux-2.6.32.8/arch/ia64/kernel/vmlinux.lds.S linux-2.6.32.8/arch/ia64/kernel/vmlinux.lds.S
1003--- linux-2.6.32.8/arch/ia64/kernel/vmlinux.lds.S 2010-02-09 07:57:19.000000000 -0500
1004+++ linux-2.6.32.8/arch/ia64/kernel/vmlinux.lds.S 2010-02-13 21:45:09.826722735 -0500
1005@@ -190,7 +190,7 @@ SECTIONS
1006 /* Per-cpu data: */
1007 . = ALIGN(PERCPU_PAGE_SIZE);
1008 PERCPU_VADDR(PERCPU_ADDR, :percpu)
1009- __phys_per_cpu_start = __per_cpu_load;
1010+ __phys_per_cpu_start = per_cpu_load;
1011 . = __phys_per_cpu_start + PERCPU_PAGE_SIZE; /* ensure percpu data fits
1012 * into percpu page size
1013 */
1014diff -urNp linux-2.6.32.8/arch/ia64/mm/fault.c linux-2.6.32.8/arch/ia64/mm/fault.c
1015--- linux-2.6.32.8/arch/ia64/mm/fault.c 2010-02-09 07:57:19.000000000 -0500
1016+++ linux-2.6.32.8/arch/ia64/mm/fault.c 2010-02-13 21:45:09.827899663 -0500
1017@@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned
1018 return pte_present(pte);
1019 }
1020
1021+#ifdef CONFIG_PAX_PAGEEXEC
1022+void pax_report_insns(void *pc, void *sp)
1023+{
1024+ unsigned long i;
1025+
1026+ printk(KERN_ERR "PAX: bytes at PC: ");
1027+ for (i = 0; i < 8; i++) {
1028+ unsigned int c;
1029+ if (get_user(c, (unsigned int *)pc+i))
1030+ printk(KERN_CONT "???????? ");
1031+ else
1032+ printk(KERN_CONT "%08x ", c);
1033+ }
1034+ printk("\n");
1035+}
1036+#endif
1037+
1038 void __kprobes
1039 ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *regs)
1040 {
1041@@ -145,9 +162,23 @@ ia64_do_page_fault (unsigned long addres
1042 mask = ( (((isr >> IA64_ISR_X_BIT) & 1UL) << VM_EXEC_BIT)
1043 | (((isr >> IA64_ISR_W_BIT) & 1UL) << VM_WRITE_BIT));
1044
1045- if ((vma->vm_flags & mask) != mask)
1046+ if ((vma->vm_flags & mask) != mask) {
1047+
1048+#ifdef CONFIG_PAX_PAGEEXEC
1049+ if (!(vma->vm_flags & VM_EXEC) && (mask & VM_EXEC)) {
1050+ if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->cr_iip)
1051+ goto bad_area;
1052+
1053+ up_read(&mm->mmap_sem);
1054+ pax_report_fault(regs, (void *)regs->cr_iip, (void *)regs->r12);
1055+ do_group_exit(SIGKILL);
1056+ }
1057+#endif
1058+
1059 goto bad_area;
1060
1061+ }
1062+
1063 survive:
1064 /*
1065 * If for any reason at all we couldn't handle the fault, make
1066diff -urNp linux-2.6.32.8/arch/ia64/mm/init.c linux-2.6.32.8/arch/ia64/mm/init.c
1067--- linux-2.6.32.8/arch/ia64/mm/init.c 2010-02-09 07:57:19.000000000 -0500
1068+++ linux-2.6.32.8/arch/ia64/mm/init.c 2010-02-13 21:45:09.827899663 -0500
1069@@ -122,6 +122,19 @@ ia64_init_addr_space (void)
1070 vma->vm_start = current->thread.rbs_bot & PAGE_MASK;
1071 vma->vm_end = vma->vm_start + PAGE_SIZE;
1072 vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT;
1073+
1074+#ifdef CONFIG_PAX_PAGEEXEC
1075+ if (current->mm->pax_flags & MF_PAX_PAGEEXEC) {
1076+ vma->vm_flags &= ~VM_EXEC;
1077+
1078+#ifdef CONFIG_PAX_MPROTECT
1079+ if (current->mm->pax_flags & MF_PAX_MPROTECT)
1080+ vma->vm_flags &= ~VM_MAYEXEC;
1081+#endif
1082+
1083+ }
1084+#endif
1085+
1086 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
1087 down_write(&current->mm->mmap_sem);
1088 if (insert_vm_struct(current->mm, vma)) {
1089diff -urNp linux-2.6.32.8/arch/ia64/sn/pci/pci_dma.c linux-2.6.32.8/arch/ia64/sn/pci/pci_dma.c
1090--- linux-2.6.32.8/arch/ia64/sn/pci/pci_dma.c 2010-02-09 07:57:19.000000000 -0500
1091+++ linux-2.6.32.8/arch/ia64/sn/pci/pci_dma.c 2010-02-13 21:45:09.827899663 -0500
1092@@ -464,7 +464,7 @@ int sn_pci_legacy_write(struct pci_bus *
1093 return ret;
1094 }
1095
1096-static struct dma_map_ops sn_dma_ops = {
1097+static const struct dma_map_ops sn_dma_ops = {
1098 .alloc_coherent = sn_dma_alloc_coherent,
1099 .free_coherent = sn_dma_free_coherent,
1100 .map_page = sn_dma_map_page,
1101diff -urNp linux-2.6.32.8/arch/m32r/lib/usercopy.c linux-2.6.32.8/arch/m32r/lib/usercopy.c
1102--- linux-2.6.32.8/arch/m32r/lib/usercopy.c 2010-02-09 07:57:19.000000000 -0500
1103+++ linux-2.6.32.8/arch/m32r/lib/usercopy.c 2010-02-13 21:45:09.827899663 -0500
1104@@ -14,6 +14,9 @@
1105 unsigned long
1106 __generic_copy_to_user(void __user *to, const void *from, unsigned long n)
1107 {
1108+ if ((long)n < 0)
1109+ return n;
1110+
1111 prefetch(from);
1112 if (access_ok(VERIFY_WRITE, to, n))
1113 __copy_user(to,from,n);
1114@@ -23,6 +26,9 @@ __generic_copy_to_user(void __user *to,
1115 unsigned long
1116 __generic_copy_from_user(void *to, const void __user *from, unsigned long n)
1117 {
1118+ if ((long)n < 0)
1119+ return n;
1120+
1121 prefetchw(to);
1122 if (access_ok(VERIFY_READ, from, n))
1123 __copy_user_zeroing(to,from,n);
1124diff -urNp linux-2.6.32.8/arch/mips/alchemy/devboards/pm.c linux-2.6.32.8/arch/mips/alchemy/devboards/pm.c
1125--- linux-2.6.32.8/arch/mips/alchemy/devboards/pm.c 2010-02-09 07:57:19.000000000 -0500
1126+++ linux-2.6.32.8/arch/mips/alchemy/devboards/pm.c 2010-02-13 21:45:09.827899663 -0500
1127@@ -78,7 +78,7 @@ static void db1x_pm_end(void)
1128
1129 }
1130
1131-static struct platform_suspend_ops db1x_pm_ops = {
1132+static const struct platform_suspend_ops db1x_pm_ops = {
1133 .valid = suspend_valid_only_mem,
1134 .begin = db1x_pm_begin,
1135 .enter = db1x_pm_enter,
1136diff -urNp linux-2.6.32.8/arch/mips/include/asm/elf.h linux-2.6.32.8/arch/mips/include/asm/elf.h
1137--- linux-2.6.32.8/arch/mips/include/asm/elf.h 2010-02-09 07:57:19.000000000 -0500
1138+++ linux-2.6.32.8/arch/mips/include/asm/elf.h 2010-02-13 21:45:09.828845559 -0500
1139@@ -368,4 +368,11 @@ extern int dump_task_fpu(struct task_str
1140 #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
1141 #endif
1142
1143+#ifdef CONFIG_PAX_ASLR
1144+#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
1145+
1146+#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1147+#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1148+#endif
1149+
1150 #endif /* _ASM_ELF_H */
1151diff -urNp linux-2.6.32.8/arch/mips/include/asm/page.h linux-2.6.32.8/arch/mips/include/asm/page.h
1152--- linux-2.6.32.8/arch/mips/include/asm/page.h 2010-02-09 07:57:19.000000000 -0500
1153+++ linux-2.6.32.8/arch/mips/include/asm/page.h 2010-02-13 21:45:09.828845559 -0500
1154@@ -93,7 +93,7 @@ extern void copy_user_highpage(struct pa
1155 #ifdef CONFIG_CPU_MIPS32
1156 typedef struct { unsigned long pte_low, pte_high; } pte_t;
1157 #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32))
1158- #define __pte(x) ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; })
1159+ #define __pte(x) ({ pte_t __pte = {(x), (x) >> 32}; __pte; })
1160 #else
1161 typedef struct { unsigned long long pte; } pte_t;
1162 #define pte_val(x) ((x).pte)
1163diff -urNp linux-2.6.32.8/arch/mips/include/asm/system.h linux-2.6.32.8/arch/mips/include/asm/system.h
1164--- linux-2.6.32.8/arch/mips/include/asm/system.h 2010-02-09 07:57:19.000000000 -0500
1165+++ linux-2.6.32.8/arch/mips/include/asm/system.h 2010-02-13 21:45:09.828845559 -0500
1166@@ -230,6 +230,6 @@ extern void per_cpu_trap_init(void);
1167 */
1168 #define __ARCH_WANT_UNLOCKED_CTXSW
1169
1170-extern unsigned long arch_align_stack(unsigned long sp);
1171+#define arch_align_stack(x) ((x) & ALMASK)
1172
1173 #endif /* _ASM_SYSTEM_H */
1174diff -urNp linux-2.6.32.8/arch/mips/kernel/binfmt_elfn32.c linux-2.6.32.8/arch/mips/kernel/binfmt_elfn32.c
1175--- linux-2.6.32.8/arch/mips/kernel/binfmt_elfn32.c 2010-02-09 07:57:19.000000000 -0500
1176+++ linux-2.6.32.8/arch/mips/kernel/binfmt_elfn32.c 2010-02-13 21:45:09.828845559 -0500
1177@@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
1178 #undef ELF_ET_DYN_BASE
1179 #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
1180
1181+#ifdef CONFIG_PAX_ASLR
1182+#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
1183+
1184+#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1185+#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1186+#endif
1187+
1188 #include <asm/processor.h>
1189 #include <linux/module.h>
1190 #include <linux/elfcore.h>
1191diff -urNp linux-2.6.32.8/arch/mips/kernel/binfmt_elfo32.c linux-2.6.32.8/arch/mips/kernel/binfmt_elfo32.c
1192--- linux-2.6.32.8/arch/mips/kernel/binfmt_elfo32.c 2010-02-09 07:57:19.000000000 -0500
1193+++ linux-2.6.32.8/arch/mips/kernel/binfmt_elfo32.c 2010-02-13 21:45:09.828845559 -0500
1194@@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
1195 #undef ELF_ET_DYN_BASE
1196 #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
1197
1198+#ifdef CONFIG_PAX_ASLR
1199+#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
1200+
1201+#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1202+#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1203+#endif
1204+
1205 #include <asm/processor.h>
1206
1207 /*
1208diff -urNp linux-2.6.32.8/arch/mips/kernel/kgdb.c linux-2.6.32.8/arch/mips/kernel/kgdb.c
1209--- linux-2.6.32.8/arch/mips/kernel/kgdb.c 2010-02-09 07:57:19.000000000 -0500
1210+++ linux-2.6.32.8/arch/mips/kernel/kgdb.c 2010-02-13 21:45:09.828845559 -0500
1211@@ -245,6 +245,7 @@ int kgdb_arch_handle_exception(int vecto
1212 return -1;
1213 }
1214
1215+/* cannot be const */
1216 struct kgdb_arch arch_kgdb_ops;
1217
1218 /*
1219diff -urNp linux-2.6.32.8/arch/mips/kernel/process.c linux-2.6.32.8/arch/mips/kernel/process.c
1220--- linux-2.6.32.8/arch/mips/kernel/process.c 2010-02-09 07:57:19.000000000 -0500
1221+++ linux-2.6.32.8/arch/mips/kernel/process.c 2010-02-13 21:45:09.829920333 -0500
1222@@ -470,15 +470,3 @@ unsigned long get_wchan(struct task_stru
1223 out:
1224 return pc;
1225 }
1226-
1227-/*
1228- * Don't forget that the stack pointer must be aligned on a 8 bytes
1229- * boundary for 32-bits ABI and 16 bytes for 64-bits ABI.
1230- */
1231-unsigned long arch_align_stack(unsigned long sp)
1232-{
1233- if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
1234- sp -= get_random_int() & ~PAGE_MASK;
1235-
1236- return sp & ALMASK;
1237-}
1238diff -urNp linux-2.6.32.8/arch/mips/kernel/syscall.c linux-2.6.32.8/arch/mips/kernel/syscall.c
1239--- linux-2.6.32.8/arch/mips/kernel/syscall.c 2010-02-09 07:57:19.000000000 -0500
1240+++ linux-2.6.32.8/arch/mips/kernel/syscall.c 2010-02-13 21:45:09.829920333 -0500
1241@@ -102,6 +102,11 @@ unsigned long arch_get_unmapped_area(str
1242 do_color_align = 0;
1243 if (filp || (flags & MAP_SHARED))
1244 do_color_align = 1;
1245+
1246+#ifdef CONFIG_PAX_RANDMMAP
1247+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
1248+#endif
1249+
1250 if (addr) {
1251 if (do_color_align)
1252 addr = COLOUR_ALIGN(addr, pgoff);
1253@@ -112,7 +117,7 @@ unsigned long arch_get_unmapped_area(str
1254 (!vmm || addr + len <= vmm->vm_start))
1255 return addr;
1256 }
1257- addr = TASK_UNMAPPED_BASE;
1258+ addr = current->mm->mmap_base;
1259 if (do_color_align)
1260 addr = COLOUR_ALIGN(addr, pgoff);
1261 else
1262diff -urNp linux-2.6.32.8/arch/mips/mm/fault.c linux-2.6.32.8/arch/mips/mm/fault.c
1263--- linux-2.6.32.8/arch/mips/mm/fault.c 2010-02-09 07:57:19.000000000 -0500
1264+++ linux-2.6.32.8/arch/mips/mm/fault.c 2010-02-13 21:45:09.829920333 -0500
1265@@ -26,6 +26,23 @@
1266 #include <asm/ptrace.h>
1267 #include <asm/highmem.h> /* For VMALLOC_END */
1268
1269+#ifdef CONFIG_PAX_PAGEEXEC
1270+void pax_report_insns(void *pc)
1271+{
1272+ unsigned long i;
1273+
1274+ printk(KERN_ERR "PAX: bytes at PC: ");
1275+ for (i = 0; i < 5; i++) {
1276+ unsigned int c;
1277+ if (get_user(c, (unsigned int *)pc+i))
1278+ printk(KERN_CONT "???????? ");
1279+ else
1280+ printk(KERN_CONT "%08x ", c);
1281+ }
1282+ printk("\n");
1283+}
1284+#endif
1285+
1286 /*
1287 * This routine handles page faults. It determines the address,
1288 * and the problem, and then passes it off to one of the appropriate
1289diff -urNp linux-2.6.32.8/arch/parisc/include/asm/elf.h linux-2.6.32.8/arch/parisc/include/asm/elf.h
1290--- linux-2.6.32.8/arch/parisc/include/asm/elf.h 2010-02-09 07:57:19.000000000 -0500
1291+++ linux-2.6.32.8/arch/parisc/include/asm/elf.h 2010-02-13 21:45:09.829920333 -0500
1292@@ -343,6 +343,13 @@ struct pt_regs; /* forward declaration..
1293
1294 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x01000000)
1295
1296+#ifdef CONFIG_PAX_ASLR
1297+#define PAX_ELF_ET_DYN_BASE 0x10000UL
1298+
1299+#define PAX_DELTA_MMAP_LEN 16
1300+#define PAX_DELTA_STACK_LEN 16
1301+#endif
1302+
1303 /* This yields a mask that user programs can use to figure out what
1304 instruction set this CPU supports. This could be done in user space,
1305 but it's not easy, and we've already done it here. */
1306diff -urNp linux-2.6.32.8/arch/parisc/include/asm/pgtable.h linux-2.6.32.8/arch/parisc/include/asm/pgtable.h
1307--- linux-2.6.32.8/arch/parisc/include/asm/pgtable.h 2010-02-09 07:57:19.000000000 -0500
1308+++ linux-2.6.32.8/arch/parisc/include/asm/pgtable.h 2010-02-13 21:45:09.830901823 -0500
1309@@ -207,6 +207,17 @@
1310 #define PAGE_EXECREAD __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_EXEC |_PAGE_ACCESSED)
1311 #define PAGE_COPY PAGE_EXECREAD
1312 #define PAGE_RWX __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_EXEC |_PAGE_ACCESSED)
1313+
1314+#ifdef CONFIG_PAX_PAGEEXEC
1315+# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_ACCESSED)
1316+# define PAGE_COPY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
1317+# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
1318+#else
1319+# define PAGE_SHARED_NOEXEC PAGE_SHARED
1320+# define PAGE_COPY_NOEXEC PAGE_COPY
1321+# define PAGE_READONLY_NOEXEC PAGE_READONLY
1322+#endif
1323+
1324 #define PAGE_KERNEL __pgprot(_PAGE_KERNEL)
1325 #define PAGE_KERNEL_RO __pgprot(_PAGE_KERNEL & ~_PAGE_WRITE)
1326 #define PAGE_KERNEL_UNC __pgprot(_PAGE_KERNEL | _PAGE_NO_CACHE)
1327diff -urNp linux-2.6.32.8/arch/parisc/kernel/module.c linux-2.6.32.8/arch/parisc/kernel/module.c
1328--- linux-2.6.32.8/arch/parisc/kernel/module.c 2010-02-09 07:57:19.000000000 -0500
1329+++ linux-2.6.32.8/arch/parisc/kernel/module.c 2010-02-13 21:45:09.831900516 -0500
1330@@ -95,16 +95,38 @@
1331
1332 /* three functions to determine where in the module core
1333 * or init pieces the location is */
1334+static inline int in_init_rx(struct module *me, void *loc)
1335+{
1336+ return (loc >= me->module_init_rx &&
1337+ loc < (me->module_init_rx + me->init_size_rx));
1338+}
1339+
1340+static inline int in_init_rw(struct module *me, void *loc)
1341+{
1342+ return (loc >= me->module_init_rw &&
1343+ loc < (me->module_init_rw + me->init_size_rw));
1344+}
1345+
1346 static inline int in_init(struct module *me, void *loc)
1347 {
1348- return (loc >= me->module_init &&
1349- loc <= (me->module_init + me->init_size));
1350+ return in_init_rx(me, loc) || in_init_rw(me, loc);
1351+}
1352+
1353+static inline int in_core_rx(struct module *me, void *loc)
1354+{
1355+ return (loc >= me->module_core_rx &&
1356+ loc < (me->module_core_rx + me->core_size_rx));
1357+}
1358+
1359+static inline int in_core_rw(struct module *me, void *loc)
1360+{
1361+ return (loc >= me->module_core_rw &&
1362+ loc < (me->module_core_rw + me->core_size_rw));
1363 }
1364
1365 static inline int in_core(struct module *me, void *loc)
1366 {
1367- return (loc >= me->module_core &&
1368- loc <= (me->module_core + me->core_size));
1369+ return in_core_rx(me, loc) || in_core_rw(me, loc);
1370 }
1371
1372 static inline int in_local(struct module *me, void *loc)
1373@@ -364,13 +386,13 @@ int module_frob_arch_sections(CONST Elf_
1374 }
1375
1376 /* align things a bit */
1377- me->core_size = ALIGN(me->core_size, 16);
1378- me->arch.got_offset = me->core_size;
1379- me->core_size += gots * sizeof(struct got_entry);
1380-
1381- me->core_size = ALIGN(me->core_size, 16);
1382- me->arch.fdesc_offset = me->core_size;
1383- me->core_size += fdescs * sizeof(Elf_Fdesc);
1384+ me->core_size_rw = ALIGN(me->core_size_rw, 16);
1385+ me->arch.got_offset = me->core_size_rw;
1386+ me->core_size_rw += gots * sizeof(struct got_entry);
1387+
1388+ me->core_size_rw = ALIGN(me->core_size_rw, 16);
1389+ me->arch.fdesc_offset = me->core_size_rw;
1390+ me->core_size_rw += fdescs * sizeof(Elf_Fdesc);
1391
1392 me->arch.got_max = gots;
1393 me->arch.fdesc_max = fdescs;
1394@@ -388,7 +410,7 @@ static Elf64_Word get_got(struct module
1395
1396 BUG_ON(value == 0);
1397
1398- got = me->module_core + me->arch.got_offset;
1399+ got = me->module_core_rw + me->arch.got_offset;
1400 for (i = 0; got[i].addr; i++)
1401 if (got[i].addr == value)
1402 goto out;
1403@@ -406,7 +428,7 @@ static Elf64_Word get_got(struct module
1404 #ifdef CONFIG_64BIT
1405 static Elf_Addr get_fdesc(struct module *me, unsigned long value)
1406 {
1407- Elf_Fdesc *fdesc = me->module_core + me->arch.fdesc_offset;
1408+ Elf_Fdesc *fdesc = me->module_core_rw + me->arch.fdesc_offset;
1409
1410 if (!value) {
1411 printk(KERN_ERR "%s: zero OPD requested!\n", me->name);
1412@@ -424,7 +446,7 @@ static Elf_Addr get_fdesc(struct module
1413
1414 /* Create new one */
1415 fdesc->addr = value;
1416- fdesc->gp = (Elf_Addr)me->module_core + me->arch.got_offset;
1417+ fdesc->gp = (Elf_Addr)me->module_core_rw + me->arch.got_offset;
1418 return (Elf_Addr)fdesc;
1419 }
1420 #endif /* CONFIG_64BIT */
1421@@ -848,7 +870,7 @@ register_unwind_table(struct module *me,
1422
1423 table = (unsigned char *)sechdrs[me->arch.unwind_section].sh_addr;
1424 end = table + sechdrs[me->arch.unwind_section].sh_size;
1425- gp = (Elf_Addr)me->module_core + me->arch.got_offset;
1426+ gp = (Elf_Addr)me->module_core_rw + me->arch.got_offset;
1427
1428 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
1429 me->arch.unwind_section, table, end, gp);
1430diff -urNp linux-2.6.32.8/arch/parisc/kernel/sys_parisc.c linux-2.6.32.8/arch/parisc/kernel/sys_parisc.c
1431--- linux-2.6.32.8/arch/parisc/kernel/sys_parisc.c 2010-02-09 07:57:19.000000000 -0500
1432+++ linux-2.6.32.8/arch/parisc/kernel/sys_parisc.c 2010-02-13 21:45:09.831900516 -0500
1433@@ -98,7 +98,7 @@ unsigned long arch_get_unmapped_area(str
1434 if (flags & MAP_FIXED)
1435 return addr;
1436 if (!addr)
1437- addr = TASK_UNMAPPED_BASE;
1438+ addr = current->mm->mmap_base;
1439
1440 if (filp) {
1441 addr = get_shared_area(filp->f_mapping, addr, len, pgoff);
1442diff -urNp linux-2.6.32.8/arch/parisc/kernel/traps.c linux-2.6.32.8/arch/parisc/kernel/traps.c
1443--- linux-2.6.32.8/arch/parisc/kernel/traps.c 2010-02-09 07:57:19.000000000 -0500
1444+++ linux-2.6.32.8/arch/parisc/kernel/traps.c 2010-02-13 21:45:09.831900516 -0500
1445@@ -733,9 +733,7 @@ void notrace handle_interruption(int cod
1446
1447 down_read(&current->mm->mmap_sem);
1448 vma = find_vma(current->mm,regs->iaoq[0]);
1449- if (vma && (regs->iaoq[0] >= vma->vm_start)
1450- && (vma->vm_flags & VM_EXEC)) {
1451-
1452+ if (vma && (regs->iaoq[0] >= vma->vm_start)) {
1453 fault_address = regs->iaoq[0];
1454 fault_space = regs->iasq[0];
1455
1456diff -urNp linux-2.6.32.8/arch/parisc/mm/fault.c linux-2.6.32.8/arch/parisc/mm/fault.c
1457--- linux-2.6.32.8/arch/parisc/mm/fault.c 2010-02-09 07:57:19.000000000 -0500
1458+++ linux-2.6.32.8/arch/parisc/mm/fault.c 2010-02-13 21:45:09.831900516 -0500
1459@@ -15,6 +15,7 @@
1460 #include <linux/sched.h>
1461 #include <linux/interrupt.h>
1462 #include <linux/module.h>
1463+#include <linux/unistd.h>
1464
1465 #include <asm/uaccess.h>
1466 #include <asm/traps.h>
1467@@ -52,7 +53,7 @@ DEFINE_PER_CPU(struct exception_data, ex
1468 static unsigned long
1469 parisc_acctyp(unsigned long code, unsigned int inst)
1470 {
1471- if (code == 6 || code == 16)
1472+ if (code == 6 || code == 7 || code == 16)
1473 return VM_EXEC;
1474
1475 switch (inst & 0xf0000000) {
1476@@ -138,6 +139,116 @@ parisc_acctyp(unsigned long code, unsign
1477 }
1478 #endif
1479
1480+#ifdef CONFIG_PAX_PAGEEXEC
1481+/*
1482+ * PaX: decide what to do with offenders (instruction_pointer(regs) = fault address)
1483+ *
1484+ * returns 1 when task should be killed
1485+ * 2 when rt_sigreturn trampoline was detected
1486+ * 3 when unpatched PLT trampoline was detected
1487+ */
1488+static int pax_handle_fetch_fault(struct pt_regs *regs)
1489+{
1490+
1491+#ifdef CONFIG_PAX_EMUPLT
1492+ int err;
1493+
1494+ do { /* PaX: unpatched PLT emulation */
1495+ unsigned int bl, depwi;
1496+
1497+ err = get_user(bl, (unsigned int *)instruction_pointer(regs));
1498+ err |= get_user(depwi, (unsigned int *)(instruction_pointer(regs)+4));
1499+
1500+ if (err)
1501+ break;
1502+
1503+ if (bl == 0xEA9F1FDDU && depwi == 0xD6801C1EU) {
1504+ unsigned int ldw, bv, ldw2, addr = instruction_pointer(regs)-12;
1505+
1506+ err = get_user(ldw, (unsigned int *)addr);
1507+ err |= get_user(bv, (unsigned int *)(addr+4));
1508+ err |= get_user(ldw2, (unsigned int *)(addr+8));
1509+
1510+ if (err)
1511+ break;
1512+
1513+ if (ldw == 0x0E801096U &&
1514+ bv == 0xEAC0C000U &&
1515+ ldw2 == 0x0E881095U)
1516+ {
1517+ unsigned int resolver, map;
1518+
1519+ err = get_user(resolver, (unsigned int *)(instruction_pointer(regs)+8));
1520+ err |= get_user(map, (unsigned int *)(instruction_pointer(regs)+12));
1521+ if (err)
1522+ break;
1523+
1524+ regs->gr[20] = instruction_pointer(regs)+8;
1525+ regs->gr[21] = map;
1526+ regs->gr[22] = resolver;
1527+ regs->iaoq[0] = resolver | 3UL;
1528+ regs->iaoq[1] = regs->iaoq[0] + 4;
1529+ return 3;
1530+ }
1531+ }
1532+ } while (0);
1533+#endif
1534+
1535+#ifdef CONFIG_PAX_EMUTRAMP
1536+
1537+#ifndef CONFIG_PAX_EMUSIGRT
1538+ if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
1539+ return 1;
1540+#endif
1541+
1542+ do { /* PaX: rt_sigreturn emulation */
1543+ unsigned int ldi1, ldi2, bel, nop;
1544+
1545+ err = get_user(ldi1, (unsigned int *)instruction_pointer(regs));
1546+ err |= get_user(ldi2, (unsigned int *)(instruction_pointer(regs)+4));
1547+ err |= get_user(bel, (unsigned int *)(instruction_pointer(regs)+8));
1548+ err |= get_user(nop, (unsigned int *)(instruction_pointer(regs)+12));
1549+
1550+ if (err)
1551+ break;
1552+
1553+ if ((ldi1 == 0x34190000U || ldi1 == 0x34190002U) &&
1554+ ldi2 == 0x3414015AU &&
1555+ bel == 0xE4008200U &&
1556+ nop == 0x08000240U)
1557+ {
1558+ regs->gr[25] = (ldi1 & 2) >> 1;
1559+ regs->gr[20] = __NR_rt_sigreturn;
1560+ regs->gr[31] = regs->iaoq[1] + 16;
1561+ regs->sr[0] = regs->iasq[1];
1562+ regs->iaoq[0] = 0x100UL;
1563+ regs->iaoq[1] = regs->iaoq[0] + 4;
1564+ regs->iasq[0] = regs->sr[2];
1565+ regs->iasq[1] = regs->sr[2];
1566+ return 2;
1567+ }
1568+ } while (0);
1569+#endif
1570+
1571+ return 1;
1572+}
1573+
1574+void pax_report_insns(void *pc, void *sp)
1575+{
1576+ unsigned long i;
1577+
1578+ printk(KERN_ERR "PAX: bytes at PC: ");
1579+ for (i = 0; i < 5; i++) {
1580+ unsigned int c;
1581+ if (get_user(c, (unsigned int *)pc+i))
1582+ printk(KERN_CONT "???????? ");
1583+ else
1584+ printk(KERN_CONT "%08x ", c);
1585+ }
1586+ printk("\n");
1587+}
1588+#endif
1589+
1590 int fixup_exception(struct pt_regs *regs)
1591 {
1592 const struct exception_table_entry *fix;
1593@@ -192,8 +303,33 @@ good_area:
1594
1595 acc_type = parisc_acctyp(code,regs->iir);
1596
1597- if ((vma->vm_flags & acc_type) != acc_type)
1598+ if ((vma->vm_flags & acc_type) != acc_type) {
1599+
1600+#ifdef CONFIG_PAX_PAGEEXEC
1601+ if ((mm->pax_flags & MF_PAX_PAGEEXEC) && (acc_type & VM_EXEC) &&
1602+ (address & ~3UL) == instruction_pointer(regs))
1603+ {
1604+ up_read(&mm->mmap_sem);
1605+ switch (pax_handle_fetch_fault(regs)) {
1606+
1607+#ifdef CONFIG_PAX_EMUPLT
1608+ case 3:
1609+ return;
1610+#endif
1611+
1612+#ifdef CONFIG_PAX_EMUTRAMP
1613+ case 2:
1614+ return;
1615+#endif
1616+
1617+ }
1618+ pax_report_fault(regs, (void *)instruction_pointer(regs), (void *)regs->gr[30]);
1619+ do_group_exit(SIGKILL);
1620+ }
1621+#endif
1622+
1623 goto bad_area;
1624+ }
1625
1626 /*
1627 * If for any reason at all we couldn't handle the fault, make
1628diff -urNp linux-2.6.32.8/arch/powerpc/include/asm/device.h linux-2.6.32.8/arch/powerpc/include/asm/device.h
1629--- linux-2.6.32.8/arch/powerpc/include/asm/device.h 2010-02-09 07:57:19.000000000 -0500
1630+++ linux-2.6.32.8/arch/powerpc/include/asm/device.h 2010-02-13 21:45:09.831900516 -0500
1631@@ -14,7 +14,7 @@ struct dev_archdata {
1632 struct device_node *of_node;
1633
1634 /* DMA operations on that device */
1635- struct dma_map_ops *dma_ops;
1636+ const struct dma_map_ops *dma_ops;
1637
1638 /*
1639 * When an iommu is in use, dma_data is used as a ptr to the base of the
1640diff -urNp linux-2.6.32.8/arch/powerpc/include/asm/dma-mapping.h linux-2.6.32.8/arch/powerpc/include/asm/dma-mapping.h
1641--- linux-2.6.32.8/arch/powerpc/include/asm/dma-mapping.h 2010-02-09 07:57:19.000000000 -0500
1642+++ linux-2.6.32.8/arch/powerpc/include/asm/dma-mapping.h 2010-02-13 21:45:09.832900799 -0500
1643@@ -67,11 +67,11 @@ static inline unsigned long device_to_ma
1644 * Available generic sets of operations
1645 */
1646 #ifdef CONFIG_PPC64
1647-extern struct dma_map_ops dma_iommu_ops;
1648+extern const struct dma_map_ops dma_iommu_ops;
1649 #endif
1650-extern struct dma_map_ops dma_direct_ops;
1651+extern const struct dma_map_ops dma_direct_ops;
1652
1653-static inline struct dma_map_ops *get_dma_ops(struct device *dev)
1654+static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
1655 {
1656 /* We don't handle the NULL dev case for ISA for now. We could
1657 * do it via an out of line call but it is not needed for now. The
1658@@ -84,7 +84,7 @@ static inline struct dma_map_ops *get_dm
1659 return dev->archdata.dma_ops;
1660 }
1661
1662-static inline void set_dma_ops(struct device *dev, struct dma_map_ops *ops)
1663+static inline void set_dma_ops(struct device *dev, const struct dma_map_ops *ops)
1664 {
1665 dev->archdata.dma_ops = ops;
1666 }
1667@@ -118,7 +118,7 @@ static inline void set_dma_offset(struct
1668
1669 static inline int dma_supported(struct device *dev, u64 mask)
1670 {
1671- struct dma_map_ops *dma_ops = get_dma_ops(dev);
1672+ const struct dma_map_ops *dma_ops = get_dma_ops(dev);
1673
1674 if (unlikely(dma_ops == NULL))
1675 return 0;
1676@@ -132,7 +132,7 @@ static inline int dma_supported(struct d
1677
1678 static inline int dma_set_mask(struct device *dev, u64 dma_mask)
1679 {
1680- struct dma_map_ops *dma_ops = get_dma_ops(dev);
1681+ const struct dma_map_ops *dma_ops = get_dma_ops(dev);
1682
1683 if (unlikely(dma_ops == NULL))
1684 return -EIO;
1685@@ -147,7 +147,7 @@ static inline int dma_set_mask(struct de
1686 static inline void *dma_alloc_coherent(struct device *dev, size_t size,
1687 dma_addr_t *dma_handle, gfp_t flag)
1688 {
1689- struct dma_map_ops *dma_ops = get_dma_ops(dev);
1690+ const struct dma_map_ops *dma_ops = get_dma_ops(dev);
1691 void *cpu_addr;
1692
1693 BUG_ON(!dma_ops);
1694@@ -162,7 +162,7 @@ static inline void *dma_alloc_coherent(s
1695 static inline void dma_free_coherent(struct device *dev, size_t size,
1696 void *cpu_addr, dma_addr_t dma_handle)
1697 {
1698- struct dma_map_ops *dma_ops = get_dma_ops(dev);
1699+ const struct dma_map_ops *dma_ops = get_dma_ops(dev);
1700
1701 BUG_ON(!dma_ops);
1702
1703@@ -173,7 +173,7 @@ static inline void dma_free_coherent(str
1704
1705 static inline int dma_mapping_error(struct device *dev, dma_addr_t dma_addr)
1706 {
1707- struct dma_map_ops *dma_ops = get_dma_ops(dev);
1708+ const struct dma_map_ops *dma_ops = get_dma_ops(dev);
1709
1710 if (dma_ops->mapping_error)
1711 return dma_ops->mapping_error(dev, dma_addr);
1712diff -urNp linux-2.6.32.8/arch/powerpc/include/asm/elf.h linux-2.6.32.8/arch/powerpc/include/asm/elf.h
1713--- linux-2.6.32.8/arch/powerpc/include/asm/elf.h 2010-02-09 07:57:19.000000000 -0500
1714+++ linux-2.6.32.8/arch/powerpc/include/asm/elf.h 2010-02-13 21:45:09.832900799 -0500
1715@@ -179,8 +179,19 @@ typedef elf_fpreg_t elf_vsrreghalf_t32[E
1716 the loader. We need to make sure that it is out of the way of the program
1717 that it will "exec", and that there is sufficient room for the brk. */
1718
1719-extern unsigned long randomize_et_dyn(unsigned long base);
1720-#define ELF_ET_DYN_BASE (randomize_et_dyn(0x20000000))
1721+#define ELF_ET_DYN_BASE (0x20000000)
1722+
1723+#ifdef CONFIG_PAX_ASLR
1724+#define PAX_ELF_ET_DYN_BASE (0x10000000UL)
1725+
1726+#ifdef __powerpc64__
1727+#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT) ? 16 : 28)
1728+#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT) ? 16 : 28)
1729+#else
1730+#define PAX_DELTA_MMAP_LEN 15
1731+#define PAX_DELTA_STACK_LEN 15
1732+#endif
1733+#endif
1734
1735 /*
1736 * Our registers are always unsigned longs, whether we're a 32 bit
1737@@ -275,9 +286,6 @@ extern int arch_setup_additional_pages(s
1738 (0x7ff >> (PAGE_SHIFT - 12)) : \
1739 (0x3ffff >> (PAGE_SHIFT - 12)))
1740
1741-extern unsigned long arch_randomize_brk(struct mm_struct *mm);
1742-#define arch_randomize_brk arch_randomize_brk
1743-
1744 #endif /* __KERNEL__ */
1745
1746 /*
1747diff -urNp linux-2.6.32.8/arch/powerpc/include/asm/iommu.h linux-2.6.32.8/arch/powerpc/include/asm/iommu.h
1748--- linux-2.6.32.8/arch/powerpc/include/asm/iommu.h 2010-02-09 07:57:19.000000000 -0500
1749+++ linux-2.6.32.8/arch/powerpc/include/asm/iommu.h 2010-02-13 21:45:09.832900799 -0500
1750@@ -116,6 +116,9 @@ extern void iommu_init_early_iSeries(voi
1751 extern void iommu_init_early_dart(void);
1752 extern void iommu_init_early_pasemi(void);
1753
1754+/* dma-iommu.c */
1755+extern int dma_iommu_dma_supported(struct device *dev, u64 mask);
1756+
1757 #ifdef CONFIG_PCI
1758 extern void pci_iommu_init(void);
1759 extern void pci_direct_iommu_init(void);
1760diff -urNp linux-2.6.32.8/arch/powerpc/include/asm/kmap_types.h linux-2.6.32.8/arch/powerpc/include/asm/kmap_types.h
1761--- linux-2.6.32.8/arch/powerpc/include/asm/kmap_types.h 2010-02-09 07:57:19.000000000 -0500
1762+++ linux-2.6.32.8/arch/powerpc/include/asm/kmap_types.h 2010-02-13 21:45:09.832900799 -0500
1763@@ -26,6 +26,7 @@ enum km_type {
1764 KM_SOFTIRQ1,
1765 KM_PPC_SYNC_PAGE,
1766 KM_PPC_SYNC_ICACHE,
1767+ KM_CLEARPAGE,
1768 KM_TYPE_NR
1769 };
1770
1771diff -urNp linux-2.6.32.8/arch/powerpc/include/asm/page_64.h linux-2.6.32.8/arch/powerpc/include/asm/page_64.h
1772--- linux-2.6.32.8/arch/powerpc/include/asm/page_64.h 2010-02-09 07:57:19.000000000 -0500
1773+++ linux-2.6.32.8/arch/powerpc/include/asm/page_64.h 2010-02-13 21:45:09.833587787 -0500
1774@@ -180,15 +180,18 @@ do { \
1775 * stack by default, so in the absense of a PT_GNU_STACK program header
1776 * we turn execute permission off.
1777 */
1778-#define VM_STACK_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \
1779- VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
1780+#define VM_STACK_DEFAULT_FLAGS32 \
1781+ (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
1782+ VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
1783
1784 #define VM_STACK_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
1785 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
1786
1787+#ifndef CONFIG_PAX_PAGEEXEC
1788 #define VM_STACK_DEFAULT_FLAGS \
1789 (test_thread_flag(TIF_32BIT) ? \
1790 VM_STACK_DEFAULT_FLAGS32 : VM_STACK_DEFAULT_FLAGS64)
1791+#endif
1792
1793 #include <asm-generic/getorder.h>
1794
1795diff -urNp linux-2.6.32.8/arch/powerpc/include/asm/page.h linux-2.6.32.8/arch/powerpc/include/asm/page.h
1796--- linux-2.6.32.8/arch/powerpc/include/asm/page.h 2010-02-09 07:57:19.000000000 -0500
1797+++ linux-2.6.32.8/arch/powerpc/include/asm/page.h 2010-02-13 21:45:09.833587787 -0500
1798@@ -116,8 +116,9 @@ extern phys_addr_t kernstart_addr;
1799 * and needs to be executable. This means the whole heap ends
1800 * up being executable.
1801 */
1802-#define VM_DATA_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \
1803- VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
1804+#define VM_DATA_DEFAULT_FLAGS32 \
1805+ (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
1806+ VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
1807
1808 #define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
1809 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
1810diff -urNp linux-2.6.32.8/arch/powerpc/include/asm/pci.h linux-2.6.32.8/arch/powerpc/include/asm/pci.h
1811--- linux-2.6.32.8/arch/powerpc/include/asm/pci.h 2010-02-09 07:57:19.000000000 -0500
1812+++ linux-2.6.32.8/arch/powerpc/include/asm/pci.h 2010-02-13 21:45:09.833587787 -0500
1813@@ -65,8 +65,8 @@ static inline int pci_get_legacy_ide_irq
1814 }
1815
1816 #ifdef CONFIG_PCI
1817-extern void set_pci_dma_ops(struct dma_map_ops *dma_ops);
1818-extern struct dma_map_ops *get_pci_dma_ops(void);
1819+extern void set_pci_dma_ops(const struct dma_map_ops *dma_ops);
1820+extern const struct dma_map_ops *get_pci_dma_ops(void);
1821 #else /* CONFIG_PCI */
1822 #define set_pci_dma_ops(d)
1823 #define get_pci_dma_ops() NULL
1824diff -urNp linux-2.6.32.8/arch/powerpc/include/asm/pte-common.h linux-2.6.32.8/arch/powerpc/include/asm/pte-common.h
1825--- linux-2.6.32.8/arch/powerpc/include/asm/pte-common.h 2010-02-09 07:57:19.000000000 -0500
1826+++ linux-2.6.32.8/arch/powerpc/include/asm/pte-common.h 2010-02-13 21:45:09.833587787 -0500
1827@@ -123,11 +123,11 @@ extern unsigned long bad_call_to_PMD_PAG
1828 */
1829 #define PAGE_NONE __pgprot(_PAGE_BASE)
1830 #define PAGE_SHARED __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW)
1831-#define PAGE_SHARED_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | _PAGE_EXEC)
1832+#define PAGE_SHARED_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | _PAGE_EXEC | _PAGE_HWEXEC)
1833 #define PAGE_COPY __pgprot(_PAGE_BASE | _PAGE_USER)
1834-#define PAGE_COPY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC)
1835+#define PAGE_COPY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC | _PAGE_HWEXEC)
1836 #define PAGE_READONLY __pgprot(_PAGE_BASE | _PAGE_USER)
1837-#define PAGE_READONLY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC)
1838+#define PAGE_READONLY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC | _PAGE_HWEXEC)
1839
1840 #define __P000 PAGE_NONE
1841 #define __P001 PAGE_READONLY
1842diff -urNp linux-2.6.32.8/arch/powerpc/include/asm/pte-hash32.h linux-2.6.32.8/arch/powerpc/include/asm/pte-hash32.h
1843--- linux-2.6.32.8/arch/powerpc/include/asm/pte-hash32.h 2010-02-09 07:57:19.000000000 -0500
1844+++ linux-2.6.32.8/arch/powerpc/include/asm/pte-hash32.h 2010-02-13 21:45:09.833587787 -0500
1845@@ -21,6 +21,7 @@
1846 #define _PAGE_FILE 0x004 /* when !present: nonlinear file mapping */
1847 #define _PAGE_USER 0x004 /* usermode access allowed */
1848 #define _PAGE_GUARDED 0x008 /* G: prohibit speculative access */
1849+#define _PAGE_HWEXEC _PAGE_GUARDED
1850 #define _PAGE_COHERENT 0x010 /* M: enforce memory coherence (SMP systems) */
1851 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
1852 #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
1853diff -urNp linux-2.6.32.8/arch/powerpc/include/asm/reg.h linux-2.6.32.8/arch/powerpc/include/asm/reg.h
1854--- linux-2.6.32.8/arch/powerpc/include/asm/reg.h 2010-02-09 07:57:19.000000000 -0500
1855+++ linux-2.6.32.8/arch/powerpc/include/asm/reg.h 2010-02-13 21:45:09.834899255 -0500
1856@@ -191,6 +191,7 @@
1857 #define SPRN_DBCR 0x136 /* e300 Data Breakpoint Control Reg */
1858 #define SPRN_DSISR 0x012 /* Data Storage Interrupt Status Register */
1859 #define DSISR_NOHPTE 0x40000000 /* no translation found */
1860+#define DSISR_GUARDED 0x10000000 /* fetch from guarded storage */
1861 #define DSISR_PROTFAULT 0x08000000 /* protection fault */
1862 #define DSISR_ISSTORE 0x02000000 /* access was a store */
1863 #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */
1864diff -urNp linux-2.6.32.8/arch/powerpc/include/asm/swiotlb.h linux-2.6.32.8/arch/powerpc/include/asm/swiotlb.h
1865--- linux-2.6.32.8/arch/powerpc/include/asm/swiotlb.h 2010-02-09 07:57:19.000000000 -0500
1866+++ linux-2.6.32.8/arch/powerpc/include/asm/swiotlb.h 2010-02-13 21:45:09.834899255 -0500
1867@@ -13,7 +13,7 @@
1868
1869 #include <linux/swiotlb.h>
1870
1871-extern struct dma_map_ops swiotlb_dma_ops;
1872+extern const struct dma_map_ops swiotlb_dma_ops;
1873
1874 static inline void dma_mark_clean(void *addr, size_t size) {}
1875
1876diff -urNp linux-2.6.32.8/arch/powerpc/include/asm/uaccess.h linux-2.6.32.8/arch/powerpc/include/asm/uaccess.h
1877--- linux-2.6.32.8/arch/powerpc/include/asm/uaccess.h 2010-02-09 07:57:19.000000000 -0500
1878+++ linux-2.6.32.8/arch/powerpc/include/asm/uaccess.h 2010-02-13 21:45:09.834899255 -0500
1879@@ -327,52 +327,6 @@ do { \
1880 extern unsigned long __copy_tofrom_user(void __user *to,
1881 const void __user *from, unsigned long size);
1882
1883-#ifndef __powerpc64__
1884-
1885-static inline unsigned long copy_from_user(void *to,
1886- const void __user *from, unsigned long n)
1887-{
1888- unsigned long over;
1889-
1890- if (access_ok(VERIFY_READ, from, n))
1891- return __copy_tofrom_user((__force void __user *)to, from, n);
1892- if ((unsigned long)from < TASK_SIZE) {
1893- over = (unsigned long)from + n - TASK_SIZE;
1894- return __copy_tofrom_user((__force void __user *)to, from,
1895- n - over) + over;
1896- }
1897- return n;
1898-}
1899-
1900-static inline unsigned long copy_to_user(void __user *to,
1901- const void *from, unsigned long n)
1902-{
1903- unsigned long over;
1904-
1905- if (access_ok(VERIFY_WRITE, to, n))
1906- return __copy_tofrom_user(to, (__force void __user *)from, n);
1907- if ((unsigned long)to < TASK_SIZE) {
1908- over = (unsigned long)to + n - TASK_SIZE;
1909- return __copy_tofrom_user(to, (__force void __user *)from,
1910- n - over) + over;
1911- }
1912- return n;
1913-}
1914-
1915-#else /* __powerpc64__ */
1916-
1917-#define __copy_in_user(to, from, size) \
1918- __copy_tofrom_user((to), (from), (size))
1919-
1920-extern unsigned long copy_from_user(void *to, const void __user *from,
1921- unsigned long n);
1922-extern unsigned long copy_to_user(void __user *to, const void *from,
1923- unsigned long n);
1924-extern unsigned long copy_in_user(void __user *to, const void __user *from,
1925- unsigned long n);
1926-
1927-#endif /* __powerpc64__ */
1928-
1929 static inline unsigned long __copy_from_user_inatomic(void *to,
1930 const void __user *from, unsigned long n)
1931 {
1932@@ -396,6 +350,10 @@ static inline unsigned long __copy_from_
1933 if (ret == 0)
1934 return 0;
1935 }
1936+
1937+ if (!__builtin_constant_p(n))
1938+ check_object_size(to, n, false);
1939+
1940 return __copy_tofrom_user((__force void __user *)to, from, n);
1941 }
1942
1943@@ -422,6 +380,10 @@ static inline unsigned long __copy_to_us
1944 if (ret == 0)
1945 return 0;
1946 }
1947+
1948+ if (!__builtin_constant_p(n))
1949+ check_object_size(from, n, true);
1950+
1951 return __copy_tofrom_user(to, (__force const void __user *)from, n);
1952 }
1953
1954@@ -439,6 +401,92 @@ static inline unsigned long __copy_to_us
1955 return __copy_to_user_inatomic(to, from, size);
1956 }
1957
1958+#ifndef __powerpc64__
1959+
1960+static inline unsigned long __must_check copy_from_user(void *to,
1961+ const void __user *from, unsigned long n)
1962+{
1963+ unsigned long over;
1964+
1965+ if ((long)n < 0)
1966+ return n;
1967+
1968+ if (access_ok(VERIFY_READ, from, n)) {
1969+ if (!__builtin_constant_p(n))
1970+ check_object_size(to, n, false);
1971+ return __copy_tofrom_user((__force void __user *)to, from, n);
1972+ }
1973+ if ((unsigned long)from < TASK_SIZE) {
1974+ over = (unsigned long)from + n - TASK_SIZE;
1975+ if (!__builtin_constant_p(n - over))
1976+ check_object_size(to, n - over, false);
1977+ return __copy_tofrom_user((__force void __user *)to, from,
1978+ n - over) + over;
1979+ }
1980+ return n;
1981+}
1982+
1983+static inline unsigned long __must_check copy_to_user(void __user *to,
1984+ const void *from, unsigned long n)
1985+{
1986+ unsigned long over;
1987+
1988+ if ((long)n < 0)
1989+ return n;
1990+
1991+ if (access_ok(VERIFY_WRITE, to, n)) {
1992+ if (!__builtin_constant_p(n))
1993+ check_object_size(from, n, true);
1994+ return __copy_tofrom_user(to, (__force void __user *)from, n);
1995+ }
1996+ if ((unsigned long)to < TASK_SIZE) {
1997+ over = (unsigned long)to + n - TASK_SIZE;
1998+ if (!__builtin_constant_p(n))
1999+ check_object_size(from, n - over, true);
2000+ return __copy_tofrom_user(to, (__force void __user *)from,
2001+ n - over) + over;
2002+ }
2003+ return n;
2004+}
2005+
2006+#else /* __powerpc64__ */
2007+
2008+#define __copy_in_user(to, from, size) \
2009+ __copy_tofrom_user((to), (from), (size))
2010+
2011+static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
2012+{
2013+ if ((long)n < 0 || n > INT_MAX)
2014+ return n;
2015+
2016+ if (!__builtin_constant_p(n))
2017+ check_object_size(to, n, false);
2018+
2019+ if (likely(access_ok(VERIFY_READ, from, n)))
2020+ n = __copy_from_user(to, from, n);
2021+ else
2022+ memset(to, 0, n);
2023+ return n;
2024+}
2025+
2026+static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
2027+{
2028+ if ((long)n < 0 || n > INT_MAX)
2029+ return n;
2030+
2031+ if (likely(access_ok(VERIFY_WRITE, to, n))) {
2032+ if (!__builtin_constant_p(n))
2033+ check_object_size(from, n, true);
2034+ n = __copy_to_user(to, from, n);
2035+ }
2036+ return n;
2037+}
2038+
2039+extern unsigned long copy_in_user(void __user *to, const void __user *from,
2040+ unsigned long n);
2041+
2042+#endif /* __powerpc64__ */
2043+
2044 extern unsigned long __clear_user(void __user *addr, unsigned long size);
2045
2046 static inline unsigned long clear_user(void __user *addr, unsigned long size)
2047diff -urNp linux-2.6.32.8/arch/powerpc/kernel/cacheinfo.c linux-2.6.32.8/arch/powerpc/kernel/cacheinfo.c
2048--- linux-2.6.32.8/arch/powerpc/kernel/cacheinfo.c 2010-02-09 07:57:19.000000000 -0500
2049+++ linux-2.6.32.8/arch/powerpc/kernel/cacheinfo.c 2010-02-13 21:45:09.834899255 -0500
2050@@ -642,7 +642,7 @@ static struct kobj_attribute *cache_inde
2051 &cache_assoc_attr,
2052 };
2053
2054-static struct sysfs_ops cache_index_ops = {
2055+static const struct sysfs_ops cache_index_ops = {
2056 .show = cache_index_show,
2057 };
2058
2059diff -urNp linux-2.6.32.8/arch/powerpc/kernel/dma.c linux-2.6.32.8/arch/powerpc/kernel/dma.c
2060--- linux-2.6.32.8/arch/powerpc/kernel/dma.c 2010-02-09 07:57:19.000000000 -0500
2061+++ linux-2.6.32.8/arch/powerpc/kernel/dma.c 2010-02-13 21:45:09.835915802 -0500
2062@@ -134,7 +134,7 @@ static inline void dma_direct_sync_singl
2063 }
2064 #endif
2065
2066-struct dma_map_ops dma_direct_ops = {
2067+const struct dma_map_ops dma_direct_ops = {
2068 .alloc_coherent = dma_direct_alloc_coherent,
2069 .free_coherent = dma_direct_free_coherent,
2070 .map_sg = dma_direct_map_sg,
2071diff -urNp linux-2.6.32.8/arch/powerpc/kernel/dma-iommu.c linux-2.6.32.8/arch/powerpc/kernel/dma-iommu.c
2072--- linux-2.6.32.8/arch/powerpc/kernel/dma-iommu.c 2010-02-09 07:57:19.000000000 -0500
2073+++ linux-2.6.32.8/arch/powerpc/kernel/dma-iommu.c 2010-02-13 21:45:09.835915802 -0500
2074@@ -70,7 +70,7 @@ static void dma_iommu_unmap_sg(struct de
2075 }
2076
2077 /* We support DMA to/from any memory page via the iommu */
2078-static int dma_iommu_dma_supported(struct device *dev, u64 mask)
2079+int dma_iommu_dma_supported(struct device *dev, u64 mask)
2080 {
2081 struct iommu_table *tbl = get_iommu_table_base(dev);
2082
2083@@ -89,7 +89,7 @@ static int dma_iommu_dma_supported(struc
2084 return 1;
2085 }
2086
2087-struct dma_map_ops dma_iommu_ops = {
2088+const struct dma_map_ops dma_iommu_ops = {
2089 .alloc_coherent = dma_iommu_alloc_coherent,
2090 .free_coherent = dma_iommu_free_coherent,
2091 .map_sg = dma_iommu_map_sg,
2092diff -urNp linux-2.6.32.8/arch/powerpc/kernel/dma-swiotlb.c linux-2.6.32.8/arch/powerpc/kernel/dma-swiotlb.c
2093--- linux-2.6.32.8/arch/powerpc/kernel/dma-swiotlb.c 2010-02-09 07:57:19.000000000 -0500
2094+++ linux-2.6.32.8/arch/powerpc/kernel/dma-swiotlb.c 2010-02-13 21:45:09.835915802 -0500
2095@@ -31,7 +31,7 @@ unsigned int ppc_swiotlb_enable;
2096 * map_page, and unmap_page on highmem, use normal dma_ops
2097 * for everything else.
2098 */
2099-struct dma_map_ops swiotlb_dma_ops = {
2100+const struct dma_map_ops swiotlb_dma_ops = {
2101 .alloc_coherent = dma_direct_alloc_coherent,
2102 .free_coherent = dma_direct_free_coherent,
2103 .map_sg = swiotlb_map_sg_attrs,
2104diff -urNp linux-2.6.32.8/arch/powerpc/kernel/ibmebus.c linux-2.6.32.8/arch/powerpc/kernel/ibmebus.c
2105--- linux-2.6.32.8/arch/powerpc/kernel/ibmebus.c 2010-02-09 07:57:19.000000000 -0500
2106+++ linux-2.6.32.8/arch/powerpc/kernel/ibmebus.c 2010-02-13 21:45:09.835915802 -0500
2107@@ -127,7 +127,7 @@ static int ibmebus_dma_supported(struct
2108 return 1;
2109 }
2110
2111-static struct dma_map_ops ibmebus_dma_ops = {
2112+static const struct dma_map_ops ibmebus_dma_ops = {
2113 .alloc_coherent = ibmebus_alloc_coherent,
2114 .free_coherent = ibmebus_free_coherent,
2115 .map_sg = ibmebus_map_sg,
2116diff -urNp linux-2.6.32.8/arch/powerpc/kernel/kgdb.c linux-2.6.32.8/arch/powerpc/kernel/kgdb.c
2117--- linux-2.6.32.8/arch/powerpc/kernel/kgdb.c 2010-02-09 07:57:19.000000000 -0500
2118+++ linux-2.6.32.8/arch/powerpc/kernel/kgdb.c 2010-02-13 21:45:09.835915802 -0500
2119@@ -126,7 +126,7 @@ static int kgdb_handle_breakpoint(struct
2120 if (kgdb_handle_exception(0, SIGTRAP, 0, regs) != 0)
2121 return 0;
2122
2123- if (*(u32 *) (regs->nip) == *(u32 *) (&arch_kgdb_ops.gdb_bpt_instr))
2124+ if (*(u32 *) (regs->nip) == *(const u32 *) (&arch_kgdb_ops.gdb_bpt_instr))
2125 regs->nip += 4;
2126
2127 return 1;
2128@@ -353,7 +353,7 @@ int kgdb_arch_handle_exception(int vecto
2129 /*
2130 * Global data
2131 */
2132-struct kgdb_arch arch_kgdb_ops = {
2133+const struct kgdb_arch arch_kgdb_ops = {
2134 .gdb_bpt_instr = {0x7d, 0x82, 0x10, 0x08},
2135 };
2136
2137diff -urNp linux-2.6.32.8/arch/powerpc/kernel/module_32.c linux-2.6.32.8/arch/powerpc/kernel/module_32.c
2138--- linux-2.6.32.8/arch/powerpc/kernel/module_32.c 2010-02-09 07:57:19.000000000 -0500
2139+++ linux-2.6.32.8/arch/powerpc/kernel/module_32.c 2010-02-13 21:45:09.835915802 -0500
2140@@ -162,7 +162,7 @@ int module_frob_arch_sections(Elf32_Ehdr
2141 me->arch.core_plt_section = i;
2142 }
2143 if (!me->arch.core_plt_section || !me->arch.init_plt_section) {
2144- printk("Module doesn't contain .plt or .init.plt sections.\n");
2145+ printk("Module %s doesn't contain .plt or .init.plt sections.\n", me->name);
2146 return -ENOEXEC;
2147 }
2148
2149@@ -203,11 +203,16 @@ static uint32_t do_plt_call(void *locati
2150
2151 DEBUGP("Doing plt for call to 0x%x at 0x%x\n", val, (unsigned int)location);
2152 /* Init, or core PLT? */
2153- if (location >= mod->module_core
2154- && location < mod->module_core + mod->core_size)
2155+ if ((location >= mod->module_core_rx && location < mod->module_core_rx + mod->core_size_rx) ||
2156+ (location >= mod->module_core_rw && location < mod->module_core_rw + mod->core_size_rw))
2157 entry = (void *)sechdrs[mod->arch.core_plt_section].sh_addr;
2158- else
2159+ else if ((location >= mod->module_init_rx && location < mod->module_init_rx + mod->init_size_rx) ||
2160+ (location >= mod->module_init_rw && location < mod->module_init_rw + mod->init_size_rw))
2161 entry = (void *)sechdrs[mod->arch.init_plt_section].sh_addr;
2162+ else {
2163+ printk(KERN_ERR "%s: invalid R_PPC_REL24 entry found\n", mod->name);
2164+ return ~0UL;
2165+ }
2166
2167 /* Find this entry, or if that fails, the next avail. entry */
2168 while (entry->jump[0]) {
2169diff -urNp linux-2.6.32.8/arch/powerpc/kernel/pci-common.c linux-2.6.32.8/arch/powerpc/kernel/pci-common.c
2170--- linux-2.6.32.8/arch/powerpc/kernel/pci-common.c 2010-02-09 07:57:19.000000000 -0500
2171+++ linux-2.6.32.8/arch/powerpc/kernel/pci-common.c 2010-02-13 21:45:09.836904472 -0500
2172@@ -50,14 +50,14 @@ resource_size_t isa_mem_base;
2173 unsigned int ppc_pci_flags = 0;
2174
2175
2176-static struct dma_map_ops *pci_dma_ops = &dma_direct_ops;
2177+static const struct dma_map_ops *pci_dma_ops = &dma_direct_ops;
2178
2179-void set_pci_dma_ops(struct dma_map_ops *dma_ops)
2180+void set_pci_dma_ops(const struct dma_map_ops *dma_ops)
2181 {
2182 pci_dma_ops = dma_ops;
2183 }
2184
2185-struct dma_map_ops *get_pci_dma_ops(void)
2186+const struct dma_map_ops *get_pci_dma_ops(void)
2187 {
2188 return pci_dma_ops;
2189 }
2190diff -urNp linux-2.6.32.8/arch/powerpc/kernel/process.c linux-2.6.32.8/arch/powerpc/kernel/process.c
2191--- linux-2.6.32.8/arch/powerpc/kernel/process.c 2010-02-09 07:57:19.000000000 -0500
2192+++ linux-2.6.32.8/arch/powerpc/kernel/process.c 2010-02-13 21:45:09.836904472 -0500
2193@@ -1141,51 +1141,3 @@ unsigned long arch_align_stack(unsigned
2194 sp -= get_random_int() & ~PAGE_MASK;
2195 return sp & ~0xf;
2196 }
2197-
2198-static inline unsigned long brk_rnd(void)
2199-{
2200- unsigned long rnd = 0;
2201-
2202- /* 8MB for 32bit, 1GB for 64bit */
2203- if (is_32bit_task())
2204- rnd = (long)(get_random_int() % (1<<(23-PAGE_SHIFT)));
2205- else
2206- rnd = (long)(get_random_int() % (1<<(30-PAGE_SHIFT)));
2207-
2208- return rnd << PAGE_SHIFT;
2209-}
2210-
2211-unsigned long arch_randomize_brk(struct mm_struct *mm)
2212-{
2213- unsigned long base = mm->brk;
2214- unsigned long ret;
2215-
2216-#ifdef CONFIG_PPC_STD_MMU_64
2217- /*
2218- * If we are using 1TB segments and we are allowed to randomise
2219- * the heap, we can put it above 1TB so it is backed by a 1TB
2220- * segment. Otherwise the heap will be in the bottom 1TB
2221- * which always uses 256MB segments and this may result in a
2222- * performance penalty.
2223- */
2224- if (!is_32bit_task() && (mmu_highuser_ssize == MMU_SEGSIZE_1T))
2225- base = max_t(unsigned long, mm->brk, 1UL << SID_SHIFT_1T);
2226-#endif
2227-
2228- ret = PAGE_ALIGN(base + brk_rnd());
2229-
2230- if (ret < mm->brk)
2231- return mm->brk;
2232-
2233- return ret;
2234-}
2235-
2236-unsigned long randomize_et_dyn(unsigned long base)
2237-{
2238- unsigned long ret = PAGE_ALIGN(base + brk_rnd());
2239-
2240- if (ret < base)
2241- return base;
2242-
2243- return ret;
2244-}
2245diff -urNp linux-2.6.32.8/arch/powerpc/kernel/signal_32.c linux-2.6.32.8/arch/powerpc/kernel/signal_32.c
2246--- linux-2.6.32.8/arch/powerpc/kernel/signal_32.c 2010-02-09 07:57:19.000000000 -0500
2247+++ linux-2.6.32.8/arch/powerpc/kernel/signal_32.c 2010-02-13 21:45:09.837900642 -0500
2248@@ -857,7 +857,7 @@ int handle_rt_signal32(unsigned long sig
2249 /* Save user registers on the stack */
2250 frame = &rt_sf->uc.uc_mcontext;
2251 addr = frame;
2252- if (vdso32_rt_sigtramp && current->mm->context.vdso_base) {
2253+ if (vdso32_rt_sigtramp && current->mm->context.vdso_base != ~0UL) {
2254 if (save_user_regs(regs, frame, 0, 1))
2255 goto badframe;
2256 regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp;
2257diff -urNp linux-2.6.32.8/arch/powerpc/kernel/signal_64.c linux-2.6.32.8/arch/powerpc/kernel/signal_64.c
2258--- linux-2.6.32.8/arch/powerpc/kernel/signal_64.c 2010-02-09 07:57:19.000000000 -0500
2259+++ linux-2.6.32.8/arch/powerpc/kernel/signal_64.c 2010-02-13 21:45:09.837900642 -0500
2260@@ -429,7 +429,7 @@ int handle_rt_signal64(int signr, struct
2261 current->thread.fpscr.val = 0;
2262
2263 /* Set up to return from userspace. */
2264- if (vdso64_rt_sigtramp && current->mm->context.vdso_base) {
2265+ if (vdso64_rt_sigtramp && current->mm->context.vdso_base != ~0UL) {
2266 regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp;
2267 } else {
2268 err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
2269diff -urNp linux-2.6.32.8/arch/powerpc/kernel/sys_ppc32.c linux-2.6.32.8/arch/powerpc/kernel/sys_ppc32.c
2270--- linux-2.6.32.8/arch/powerpc/kernel/sys_ppc32.c 2010-02-09 07:57:19.000000000 -0500
2271+++ linux-2.6.32.8/arch/powerpc/kernel/sys_ppc32.c 2010-02-13 21:45:09.838557679 -0500
2272@@ -563,10 +563,10 @@ asmlinkage long compat_sys_sysctl(struct
2273 if (oldlenp) {
2274 if (!error) {
2275 if (get_user(oldlen, oldlenp) ||
2276- put_user(oldlen, (compat_size_t __user *)compat_ptr(tmp.oldlenp)))
2277+ put_user(oldlen, (compat_size_t __user *)compat_ptr(tmp.oldlenp)) ||
2278+ copy_to_user(args->__unused, tmp.__unused, sizeof(tmp.__unused)))
2279 error = -EFAULT;
2280 }
2281- copy_to_user(args->__unused, tmp.__unused, sizeof(tmp.__unused));
2282 }
2283 return error;
2284 }
2285diff -urNp linux-2.6.32.8/arch/powerpc/kernel/vdso.c linux-2.6.32.8/arch/powerpc/kernel/vdso.c
2286--- linux-2.6.32.8/arch/powerpc/kernel/vdso.c 2010-02-09 07:57:19.000000000 -0500
2287+++ linux-2.6.32.8/arch/powerpc/kernel/vdso.c 2010-02-13 21:45:09.838557679 -0500
2288@@ -36,6 +36,7 @@
2289 #include <asm/firmware.h>
2290 #include <asm/vdso.h>
2291 #include <asm/vdso_datapage.h>
2292+#include <asm/mman.h>
2293
2294 #include "setup.h"
2295
2296@@ -220,7 +221,7 @@ int arch_setup_additional_pages(struct l
2297 vdso_base = VDSO32_MBASE;
2298 #endif
2299
2300- current->mm->context.vdso_base = 0;
2301+ current->mm->context.vdso_base = ~0UL;
2302
2303 /* vDSO has a problem and was disabled, just don't "enable" it for the
2304 * process
2305@@ -240,7 +241,7 @@ int arch_setup_additional_pages(struct l
2306 vdso_base = get_unmapped_area(NULL, vdso_base,
2307 (vdso_pages << PAGE_SHIFT) +
2308 ((VDSO_ALIGNMENT - 1) & PAGE_MASK),
2309- 0, 0);
2310+ 0, MAP_PRIVATE | MAP_EXECUTABLE);
2311 if (IS_ERR_VALUE(vdso_base)) {
2312 rc = vdso_base;
2313 goto fail_mmapsem;
2314diff -urNp linux-2.6.32.8/arch/powerpc/kernel/vio.c linux-2.6.32.8/arch/powerpc/kernel/vio.c
2315--- linux-2.6.32.8/arch/powerpc/kernel/vio.c 2010-02-09 07:57:19.000000000 -0500
2316+++ linux-2.6.32.8/arch/powerpc/kernel/vio.c 2010-02-13 21:45:09.838557679 -0500
2317@@ -601,11 +601,12 @@ static void vio_dma_iommu_unmap_sg(struc
2318 vio_cmo_dealloc(viodev, alloc_size);
2319 }
2320
2321-struct dma_map_ops vio_dma_mapping_ops = {
2322+static const struct dma_map_ops vio_dma_mapping_ops = {
2323 .alloc_coherent = vio_dma_iommu_alloc_coherent,
2324 .free_coherent = vio_dma_iommu_free_coherent,
2325 .map_sg = vio_dma_iommu_map_sg,
2326 .unmap_sg = vio_dma_iommu_unmap_sg,
2327+ .dma_supported = dma_iommu_dma_supported,
2328 .map_page = vio_dma_iommu_map_page,
2329 .unmap_page = vio_dma_iommu_unmap_page,
2330
2331@@ -857,7 +858,6 @@ static void vio_cmo_bus_remove(struct vi
2332
2333 static void vio_cmo_set_dma_ops(struct vio_dev *viodev)
2334 {
2335- vio_dma_mapping_ops.dma_supported = dma_iommu_ops.dma_supported;
2336 viodev->dev.archdata.dma_ops = &vio_dma_mapping_ops;
2337 }
2338
2339diff -urNp linux-2.6.32.8/arch/powerpc/lib/usercopy_64.c linux-2.6.32.8/arch/powerpc/lib/usercopy_64.c
2340--- linux-2.6.32.8/arch/powerpc/lib/usercopy_64.c 2010-02-09 07:57:19.000000000 -0500
2341+++ linux-2.6.32.8/arch/powerpc/lib/usercopy_64.c 2010-02-13 21:45:09.838557679 -0500
2342@@ -9,22 +9,6 @@
2343 #include <linux/module.h>
2344 #include <asm/uaccess.h>
2345
2346-unsigned long copy_from_user(void *to, const void __user *from, unsigned long n)
2347-{
2348- if (likely(access_ok(VERIFY_READ, from, n)))
2349- n = __copy_from_user(to, from, n);
2350- else
2351- memset(to, 0, n);
2352- return n;
2353-}
2354-
2355-unsigned long copy_to_user(void __user *to, const void *from, unsigned long n)
2356-{
2357- if (likely(access_ok(VERIFY_WRITE, to, n)))
2358- n = __copy_to_user(to, from, n);
2359- return n;
2360-}
2361-
2362 unsigned long copy_in_user(void __user *to, const void __user *from,
2363 unsigned long n)
2364 {
2365@@ -35,7 +19,5 @@ unsigned long copy_in_user(void __user *
2366 return n;
2367 }
2368
2369-EXPORT_SYMBOL(copy_from_user);
2370-EXPORT_SYMBOL(copy_to_user);
2371 EXPORT_SYMBOL(copy_in_user);
2372
2373diff -urNp linux-2.6.32.8/arch/powerpc/mm/fault.c linux-2.6.32.8/arch/powerpc/mm/fault.c
2374--- linux-2.6.32.8/arch/powerpc/mm/fault.c 2010-02-09 07:57:19.000000000 -0500
2375+++ linux-2.6.32.8/arch/powerpc/mm/fault.c 2010-02-13 21:45:09.839726452 -0500
2376@@ -30,6 +30,10 @@
2377 #include <linux/kprobes.h>
2378 #include <linux/kdebug.h>
2379 #include <linux/perf_event.h>
2380+#include <linux/slab.h>
2381+#include <linux/pagemap.h>
2382+#include <linux/compiler.h>
2383+#include <linux/unistd.h>
2384
2385 #include <asm/firmware.h>
2386 #include <asm/page.h>
2387@@ -40,6 +44,7 @@
2388 #include <asm/uaccess.h>
2389 #include <asm/tlbflush.h>
2390 #include <asm/siginfo.h>
2391+#include <asm/ptrace.h>
2392
2393
2394 #ifdef CONFIG_KPROBES
2395@@ -64,6 +69,33 @@ static inline int notify_page_fault(stru
2396 }
2397 #endif
2398
2399+#ifdef CONFIG_PAX_PAGEEXEC
2400+/*
2401+ * PaX: decide what to do with offenders (regs->nip = fault address)
2402+ *
2403+ * returns 1 when task should be killed
2404+ */
2405+static int pax_handle_fetch_fault(struct pt_regs *regs)
2406+{
2407+ return 1;
2408+}
2409+
2410+void pax_report_insns(void *pc, void *sp)
2411+{
2412+ unsigned long i;
2413+
2414+ printk(KERN_ERR "PAX: bytes at PC: ");
2415+ for (i = 0; i < 5; i++) {
2416+ unsigned int c;
2417+ if (get_user(c, (unsigned int *)pc+i))
2418+ printk(KERN_CONT "???????? ");
2419+ else
2420+ printk(KERN_CONT "%08x ", c);
2421+ }
2422+ printk("\n");
2423+}
2424+#endif
2425+
2426 /*
2427 * Check whether the instruction at regs->nip is a store using
2428 * an update addressing form which will update r1.
2429@@ -134,7 +166,7 @@ int __kprobes do_page_fault(struct pt_re
2430 * indicate errors in DSISR but can validly be set in SRR1.
2431 */
2432 if (trap == 0x400)
2433- error_code &= 0x48200000;
2434+ error_code &= 0x58200000;
2435 else
2436 is_write = error_code & DSISR_ISSTORE;
2437 #else
2438@@ -250,7 +282,7 @@ good_area:
2439 * "undefined". Of those that can be set, this is the only
2440 * one which seems bad.
2441 */
2442- if (error_code & 0x10000000)
2443+ if (error_code & DSISR_GUARDED)
2444 /* Guarded storage error. */
2445 goto bad_area;
2446 #endif /* CONFIG_8xx */
2447@@ -265,7 +297,7 @@ good_area:
2448 * processors use the same I/D cache coherency mechanism
2449 * as embedded.
2450 */
2451- if (error_code & DSISR_PROTFAULT)
2452+ if (error_code & (DSISR_PROTFAULT | DSISR_GUARDED))
2453 goto bad_area;
2454 #endif /* CONFIG_PPC_STD_MMU */
2455
2456@@ -335,6 +367,23 @@ bad_area:
2457 bad_area_nosemaphore:
2458 /* User mode accesses cause a SIGSEGV */
2459 if (user_mode(regs)) {
2460+
2461+#ifdef CONFIG_PAX_PAGEEXEC
2462+ if (mm->pax_flags & MF_PAX_PAGEEXEC) {
2463+#ifdef CONFIG_PPC_STD_MMU
2464+ if (is_exec && (error_code & (DSISR_PROTFAULT | DSISR_GUARDED))) {
2465+#else
2466+ if (is_exec && regs->nip == address) {
2467+#endif
2468+ switch (pax_handle_fetch_fault(regs)) {
2469+ }
2470+
2471+ pax_report_fault(regs, (void *)regs->nip, (void *)regs->gpr[PT_R1]);
2472+ do_group_exit(SIGKILL);
2473+ }
2474+ }
2475+#endif
2476+
2477 _exception(SIGSEGV, regs, code, address);
2478 return 0;
2479 }
2480diff -urNp linux-2.6.32.8/arch/powerpc/mm/mmap_64.c linux-2.6.32.8/arch/powerpc/mm/mmap_64.c
2481--- linux-2.6.32.8/arch/powerpc/mm/mmap_64.c 2010-02-09 07:57:19.000000000 -0500
2482+++ linux-2.6.32.8/arch/powerpc/mm/mmap_64.c 2010-02-13 21:45:09.839726452 -0500
2483@@ -99,10 +99,22 @@ void arch_pick_mmap_layout(struct mm_str
2484 */
2485 if (mmap_is_legacy()) {
2486 mm->mmap_base = TASK_UNMAPPED_BASE;
2487+
2488+#ifdef CONFIG_PAX_RANDMMAP
2489+ if (mm->pax_flags & MF_PAX_RANDMMAP)
2490+ mm->mmap_base += mm->delta_mmap;
2491+#endif
2492+
2493 mm->get_unmapped_area = arch_get_unmapped_area;
2494 mm->unmap_area = arch_unmap_area;
2495 } else {
2496 mm->mmap_base = mmap_base();
2497+
2498+#ifdef CONFIG_PAX_RANDMMAP
2499+ if (mm->pax_flags & MF_PAX_RANDMMAP)
2500+ mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
2501+#endif
2502+
2503 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
2504 mm->unmap_area = arch_unmap_area_topdown;
2505 }
2506diff -urNp linux-2.6.32.8/arch/powerpc/mm/slice.c linux-2.6.32.8/arch/powerpc/mm/slice.c
2507--- linux-2.6.32.8/arch/powerpc/mm/slice.c 2010-02-09 07:57:19.000000000 -0500
2508+++ linux-2.6.32.8/arch/powerpc/mm/slice.c 2010-02-13 21:45:09.839726452 -0500
2509@@ -426,6 +426,11 @@ unsigned long slice_get_unmapped_area(un
2510 if (fixed && addr > (mm->task_size - len))
2511 return -EINVAL;
2512
2513+#ifdef CONFIG_PAX_RANDMMAP
2514+ if (!fixed && (mm->pax_flags & MF_PAX_RANDMMAP))
2515+ addr = 0;
2516+#endif
2517+
2518 /* If hint, make sure it matches our alignment restrictions */
2519 if (!fixed && addr) {
2520 addr = _ALIGN_UP(addr, 1ul << pshift);
2521diff -urNp linux-2.6.32.8/arch/powerpc/platforms/52xx/lite5200_pm.c linux-2.6.32.8/arch/powerpc/platforms/52xx/lite5200_pm.c
2522--- linux-2.6.32.8/arch/powerpc/platforms/52xx/lite5200_pm.c 2010-02-09 07:57:19.000000000 -0500
2523+++ linux-2.6.32.8/arch/powerpc/platforms/52xx/lite5200_pm.c 2010-02-13 21:45:09.839726452 -0500
2524@@ -235,7 +235,7 @@ static void lite5200_pm_end(void)
2525 lite5200_pm_target_state = PM_SUSPEND_ON;
2526 }
2527
2528-static struct platform_suspend_ops lite5200_pm_ops = {
2529+static const struct platform_suspend_ops lite5200_pm_ops = {
2530 .valid = lite5200_pm_valid,
2531 .begin = lite5200_pm_begin,
2532 .prepare = lite5200_pm_prepare,
2533diff -urNp linux-2.6.32.8/arch/powerpc/platforms/52xx/mpc52xx_pm.c linux-2.6.32.8/arch/powerpc/platforms/52xx/mpc52xx_pm.c
2534--- linux-2.6.32.8/arch/powerpc/platforms/52xx/mpc52xx_pm.c 2010-02-09 07:57:19.000000000 -0500
2535+++ linux-2.6.32.8/arch/powerpc/platforms/52xx/mpc52xx_pm.c 2010-02-13 21:45:09.839726452 -0500
2536@@ -180,7 +180,7 @@ void mpc52xx_pm_finish(void)
2537 iounmap(mbar);
2538 }
2539
2540-static struct platform_suspend_ops mpc52xx_pm_ops = {
2541+static const struct platform_suspend_ops mpc52xx_pm_ops = {
2542 .valid = mpc52xx_pm_valid,
2543 .prepare = mpc52xx_pm_prepare,
2544 .enter = mpc52xx_pm_enter,
2545diff -urNp linux-2.6.32.8/arch/powerpc/platforms/83xx/suspend.c linux-2.6.32.8/arch/powerpc/platforms/83xx/suspend.c
2546--- linux-2.6.32.8/arch/powerpc/platforms/83xx/suspend.c 2010-02-09 07:57:19.000000000 -0500
2547+++ linux-2.6.32.8/arch/powerpc/platforms/83xx/suspend.c 2010-02-13 21:45:09.839726452 -0500
2548@@ -273,7 +273,7 @@ static int mpc83xx_is_pci_agent(void)
2549 return ret;
2550 }
2551
2552-static struct platform_suspend_ops mpc83xx_suspend_ops = {
2553+static const struct platform_suspend_ops mpc83xx_suspend_ops = {
2554 .valid = mpc83xx_suspend_valid,
2555 .begin = mpc83xx_suspend_begin,
2556 .enter = mpc83xx_suspend_enter,
2557diff -urNp linux-2.6.32.8/arch/powerpc/platforms/cell/iommu.c linux-2.6.32.8/arch/powerpc/platforms/cell/iommu.c
2558--- linux-2.6.32.8/arch/powerpc/platforms/cell/iommu.c 2010-02-09 07:57:19.000000000 -0500
2559+++ linux-2.6.32.8/arch/powerpc/platforms/cell/iommu.c 2010-02-13 21:45:09.840902449 -0500
2560@@ -642,7 +642,7 @@ static int dma_fixed_dma_supported(struc
2561
2562 static int dma_set_mask_and_switch(struct device *dev, u64 dma_mask);
2563
2564-struct dma_map_ops dma_iommu_fixed_ops = {
2565+const struct dma_map_ops dma_iommu_fixed_ops = {
2566 .alloc_coherent = dma_fixed_alloc_coherent,
2567 .free_coherent = dma_fixed_free_coherent,
2568 .map_sg = dma_fixed_map_sg,
2569diff -urNp linux-2.6.32.8/arch/powerpc/platforms/ps3/system-bus.c linux-2.6.32.8/arch/powerpc/platforms/ps3/system-bus.c
2570--- linux-2.6.32.8/arch/powerpc/platforms/ps3/system-bus.c 2010-02-09 07:57:19.000000000 -0500
2571+++ linux-2.6.32.8/arch/powerpc/platforms/ps3/system-bus.c 2010-02-13 21:45:09.840902449 -0500
2572@@ -694,7 +694,7 @@ static int ps3_dma_supported(struct devi
2573 return mask >= DMA_BIT_MASK(32);
2574 }
2575
2576-static struct dma_map_ops ps3_sb_dma_ops = {
2577+static const struct dma_map_ops ps3_sb_dma_ops = {
2578 .alloc_coherent = ps3_alloc_coherent,
2579 .free_coherent = ps3_free_coherent,
2580 .map_sg = ps3_sb_map_sg,
2581@@ -704,7 +704,7 @@ static struct dma_map_ops ps3_sb_dma_ops
2582 .unmap_page = ps3_unmap_page,
2583 };
2584
2585-static struct dma_map_ops ps3_ioc0_dma_ops = {
2586+static const struct dma_map_ops ps3_ioc0_dma_ops = {
2587 .alloc_coherent = ps3_alloc_coherent,
2588 .free_coherent = ps3_free_coherent,
2589 .map_sg = ps3_ioc0_map_sg,
2590diff -urNp linux-2.6.32.8/arch/s390/include/asm/uaccess.h linux-2.6.32.8/arch/s390/include/asm/uaccess.h
2591--- linux-2.6.32.8/arch/s390/include/asm/uaccess.h 2010-02-09 07:57:19.000000000 -0500
2592+++ linux-2.6.32.8/arch/s390/include/asm/uaccess.h 2010-02-13 21:45:09.840902449 -0500
2593@@ -232,6 +232,10 @@ static inline unsigned long __must_check
2594 copy_to_user(void __user *to, const void *from, unsigned long n)
2595 {
2596 might_fault();
2597+
2598+ if ((long)n < 0)
2599+ return n;
2600+
2601 if (access_ok(VERIFY_WRITE, to, n))
2602 n = __copy_to_user(to, from, n);
2603 return n;
2604@@ -257,6 +261,9 @@ copy_to_user(void __user *to, const void
2605 static inline unsigned long __must_check
2606 __copy_from_user(void *to, const void __user *from, unsigned long n)
2607 {
2608+ if ((long)n < 0)
2609+ return n;
2610+
2611 if (__builtin_constant_p(n) && (n <= 256))
2612 return uaccess.copy_from_user_small(n, from, to);
2613 else
2614@@ -283,6 +290,10 @@ static inline unsigned long __must_check
2615 copy_from_user(void *to, const void __user *from, unsigned long n)
2616 {
2617 might_fault();
2618+
2619+ if ((long)n < 0)
2620+ return n;
2621+
2622 if (access_ok(VERIFY_READ, from, n))
2623 n = __copy_from_user(to, from, n);
2624 else
2625diff -urNp linux-2.6.32.8/arch/s390/kernel/module.c linux-2.6.32.8/arch/s390/kernel/module.c
2626--- linux-2.6.32.8/arch/s390/kernel/module.c 2010-02-09 07:57:19.000000000 -0500
2627+++ linux-2.6.32.8/arch/s390/kernel/module.c 2010-02-13 21:45:09.840902449 -0500
2628@@ -166,11 +166,11 @@ module_frob_arch_sections(Elf_Ehdr *hdr,
2629
2630 /* Increase core size by size of got & plt and set start
2631 offsets for got and plt. */
2632- me->core_size = ALIGN(me->core_size, 4);
2633- me->arch.got_offset = me->core_size;
2634- me->core_size += me->arch.got_size;
2635- me->arch.plt_offset = me->core_size;
2636- me->core_size += me->arch.plt_size;
2637+ me->core_size_rw = ALIGN(me->core_size_rw, 4);
2638+ me->arch.got_offset = me->core_size_rw;
2639+ me->core_size_rw += me->arch.got_size;
2640+ me->arch.plt_offset = me->core_size_rx;
2641+ me->core_size_rx += me->arch.plt_size;
2642 return 0;
2643 }
2644
2645@@ -256,7 +256,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
2646 if (info->got_initialized == 0) {
2647 Elf_Addr *gotent;
2648
2649- gotent = me->module_core + me->arch.got_offset +
2650+ gotent = me->module_core_rw + me->arch.got_offset +
2651 info->got_offset;
2652 *gotent = val;
2653 info->got_initialized = 1;
2654@@ -280,7 +280,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
2655 else if (r_type == R_390_GOTENT ||
2656 r_type == R_390_GOTPLTENT)
2657 *(unsigned int *) loc =
2658- (val + (Elf_Addr) me->module_core - loc) >> 1;
2659+ (val + (Elf_Addr) me->module_core_rw - loc) >> 1;
2660 else if (r_type == R_390_GOT64 ||
2661 r_type == R_390_GOTPLT64)
2662 *(unsigned long *) loc = val;
2663@@ -294,7 +294,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
2664 case R_390_PLTOFF64: /* 16 bit offset from GOT to PLT. */
2665 if (info->plt_initialized == 0) {
2666 unsigned int *ip;
2667- ip = me->module_core + me->arch.plt_offset +
2668+ ip = me->module_core_rx + me->arch.plt_offset +
2669 info->plt_offset;
2670 #ifndef CONFIG_64BIT
2671 ip[0] = 0x0d105810; /* basr 1,0; l 1,6(1); br 1 */
2672@@ -319,7 +319,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
2673 val - loc + 0xffffUL < 0x1ffffeUL) ||
2674 (r_type == R_390_PLT32DBL &&
2675 val - loc + 0xffffffffULL < 0x1fffffffeULL)))
2676- val = (Elf_Addr) me->module_core +
2677+ val = (Elf_Addr) me->module_core_rx +
2678 me->arch.plt_offset +
2679 info->plt_offset;
2680 val += rela->r_addend - loc;
2681@@ -341,7 +341,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
2682 case R_390_GOTOFF32: /* 32 bit offset to GOT. */
2683 case R_390_GOTOFF64: /* 64 bit offset to GOT. */
2684 val = val + rela->r_addend -
2685- ((Elf_Addr) me->module_core + me->arch.got_offset);
2686+ ((Elf_Addr) me->module_core_rw + me->arch.got_offset);
2687 if (r_type == R_390_GOTOFF16)
2688 *(unsigned short *) loc = val;
2689 else if (r_type == R_390_GOTOFF32)
2690@@ -351,7 +351,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
2691 break;
2692 case R_390_GOTPC: /* 32 bit PC relative offset to GOT. */
2693 case R_390_GOTPCDBL: /* 32 bit PC rel. off. to GOT shifted by 1. */
2694- val = (Elf_Addr) me->module_core + me->arch.got_offset +
2695+ val = (Elf_Addr) me->module_core_rw + me->arch.got_offset +
2696 rela->r_addend - loc;
2697 if (r_type == R_390_GOTPC)
2698 *(unsigned int *) loc = val;
2699diff -urNp linux-2.6.32.8/arch/sh/boards/mach-hp6xx/pm.c linux-2.6.32.8/arch/sh/boards/mach-hp6xx/pm.c
2700--- linux-2.6.32.8/arch/sh/boards/mach-hp6xx/pm.c 2010-02-09 07:57:19.000000000 -0500
2701+++ linux-2.6.32.8/arch/sh/boards/mach-hp6xx/pm.c 2010-02-13 21:45:09.841903398 -0500
2702@@ -143,7 +143,7 @@ static int hp6x0_pm_enter(suspend_state_
2703 return 0;
2704 }
2705
2706-static struct platform_suspend_ops hp6x0_pm_ops = {
2707+static const struct platform_suspend_ops hp6x0_pm_ops = {
2708 .enter = hp6x0_pm_enter,
2709 .valid = suspend_valid_only_mem,
2710 };
2711diff -urNp linux-2.6.32.8/arch/sh/kernel/cpu/sh4/sq.c linux-2.6.32.8/arch/sh/kernel/cpu/sh4/sq.c
2712--- linux-2.6.32.8/arch/sh/kernel/cpu/sh4/sq.c 2010-02-09 07:57:19.000000000 -0500
2713+++ linux-2.6.32.8/arch/sh/kernel/cpu/sh4/sq.c 2010-02-13 21:45:09.841903398 -0500
2714@@ -327,7 +327,7 @@ static struct attribute *sq_sysfs_attrs[
2715 NULL,
2716 };
2717
2718-static struct sysfs_ops sq_sysfs_ops = {
2719+static const struct sysfs_ops sq_sysfs_ops = {
2720 .show = sq_sysfs_show,
2721 .store = sq_sysfs_store,
2722 };
2723diff -urNp linux-2.6.32.8/arch/sh/kernel/cpu/shmobile/pm.c linux-2.6.32.8/arch/sh/kernel/cpu/shmobile/pm.c
2724--- linux-2.6.32.8/arch/sh/kernel/cpu/shmobile/pm.c 2010-02-09 07:57:19.000000000 -0500
2725+++ linux-2.6.32.8/arch/sh/kernel/cpu/shmobile/pm.c 2010-02-13 21:45:09.841903398 -0500
2726@@ -58,7 +58,7 @@ static int sh_pm_enter(suspend_state_t s
2727 return 0;
2728 }
2729
2730-static struct platform_suspend_ops sh_pm_ops = {
2731+static const struct platform_suspend_ops sh_pm_ops = {
2732 .enter = sh_pm_enter,
2733 .valid = suspend_valid_only_mem,
2734 };
2735diff -urNp linux-2.6.32.8/arch/sh/kernel/kgdb.c linux-2.6.32.8/arch/sh/kernel/kgdb.c
2736--- linux-2.6.32.8/arch/sh/kernel/kgdb.c 2010-02-09 07:57:19.000000000 -0500
2737+++ linux-2.6.32.8/arch/sh/kernel/kgdb.c 2010-02-13 21:45:09.841903398 -0500
2738@@ -271,7 +271,7 @@ void kgdb_arch_exit(void)
2739 {
2740 }
2741
2742-struct kgdb_arch arch_kgdb_ops = {
2743+const struct kgdb_arch arch_kgdb_ops = {
2744 /* Breakpoint instruction: trapa #0x3c */
2745 #ifdef CONFIG_CPU_LITTLE_ENDIAN
2746 .gdb_bpt_instr = { 0x3c, 0xc3 },
2747diff -urNp linux-2.6.32.8/arch/sparc/include/asm/atomic_64.h linux-2.6.32.8/arch/sparc/include/asm/atomic_64.h
2748--- linux-2.6.32.8/arch/sparc/include/asm/atomic_64.h 2010-02-09 07:57:19.000000000 -0500
2749+++ linux-2.6.32.8/arch/sparc/include/asm/atomic_64.h 2010-02-13 21:45:09.841903398 -0500
2750@@ -14,18 +14,26 @@
2751 #define ATOMIC64_INIT(i) { (i) }
2752
2753 #define atomic_read(v) ((v)->counter)
2754+#define atomic_read_unchecked(v) ((v)->counter)
2755 #define atomic64_read(v) ((v)->counter)
2756+#define atomic64_read_unchecked(v) ((v)->counter)
2757
2758 #define atomic_set(v, i) (((v)->counter) = i)
2759+#define atomic_set_unchecked(v, i) (((v)->counter) = i)
2760 #define atomic64_set(v, i) (((v)->counter) = i)
2761+#define atomic64_set_unchecked(v, i) (((v)->counter) = i)
2762
2763 extern void atomic_add(int, atomic_t *);
2764+extern void atomic_add_unchecked(int, atomic_unchecked_t *);
2765 extern void atomic64_add(int, atomic64_t *);
2766+extern void atomic64_add_unchecked(int, atomic64_unchecked_t *);
2767 extern void atomic_sub(int, atomic_t *);
2768+extern void atomic_sub_unchecked(int, atomic_unchecked_t *);
2769 extern void atomic64_sub(int, atomic64_t *);
2770
2771 extern int atomic_add_ret(int, atomic_t *);
2772 extern int atomic64_add_ret(int, atomic64_t *);
2773+extern int atomic64_add_ret_unchecked(int, atomic64_unchecked_t *);
2774 extern int atomic_sub_ret(int, atomic_t *);
2775 extern int atomic64_sub_ret(int, atomic64_t *);
2776
2777@@ -34,6 +42,7 @@ extern int atomic64_sub_ret(int, atomic6
2778
2779 #define atomic_inc_return(v) atomic_add_ret(1, v)
2780 #define atomic64_inc_return(v) atomic64_add_ret(1, v)
2781+#define atomic64_inc_return_unchecked(v) atomic64_add_ret_unchecked(1, v)
2782
2783 #define atomic_sub_return(i, v) atomic_sub_ret(i, v)
2784 #define atomic64_sub_return(i, v) atomic64_sub_ret(i, v)
2785@@ -59,7 +68,9 @@ extern int atomic64_sub_ret(int, atomic6
2786 #define atomic64_dec_and_test(v) (atomic64_sub_ret(1, v) == 0)
2787
2788 #define atomic_inc(v) atomic_add(1, v)
2789+#define atomic_inc_unchecked(v) atomic_add_unchecked(1, v)
2790 #define atomic64_inc(v) atomic64_add(1, v)
2791+#define atomic64_inc_unchecked(v) atomic64_add_unchecked(1, v)
2792
2793 #define atomic_dec(v) atomic_sub(1, v)
2794 #define atomic64_dec(v) atomic64_sub(1, v)
2795@@ -72,17 +83,28 @@ extern int atomic64_sub_ret(int, atomic6
2796
2797 static inline int atomic_add_unless(atomic_t *v, int a, int u)
2798 {
2799- int c, old;
2800+ int c, old, new;
2801 c = atomic_read(v);
2802 for (;;) {
2803- if (unlikely(c == (u)))
2804+ if (unlikely(c == u))
2805 break;
2806- old = atomic_cmpxchg((v), c, c + (a));
2807+
2808+ asm volatile("addcc %2, %0, %0\n"
2809+
2810+#ifdef CONFIG_PAX_REFCOUNT
2811+ "tvs %%icc, 6\n"
2812+#endif
2813+
2814+ : "=r" (new)
2815+ : "0" (c), "ir" (a)
2816+ : "cc");
2817+
2818+ old = atomic_cmpxchg(v, c, new);
2819 if (likely(old == c))
2820 break;
2821 c = old;
2822 }
2823- return c != (u);
2824+ return c != u;
2825 }
2826
2827 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
2828@@ -93,17 +115,28 @@ static inline int atomic_add_unless(atom
2829
2830 static inline int atomic64_add_unless(atomic64_t *v, long a, long u)
2831 {
2832- long c, old;
2833+ long c, old, new;
2834 c = atomic64_read(v);
2835 for (;;) {
2836- if (unlikely(c == (u)))
2837+ if (unlikely(c == u))
2838 break;
2839- old = atomic64_cmpxchg((v), c, c + (a));
2840+
2841+ asm volatile("addcc %2, %0, %0\n"
2842+
2843+#ifdef CONFIG_PAX_REFCOUNT
2844+ "tvs %%xcc, 6\n"
2845+#endif
2846+
2847+ : "=r" (new)
2848+ : "0" (c), "ir" (a)
2849+ : "cc");
2850+
2851+ old = atomic64_cmpxchg(v, c, new);
2852 if (likely(old == c))
2853 break;
2854 c = old;
2855 }
2856- return c != (u);
2857+ return c != u;
2858 }
2859
2860 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
2861diff -urNp linux-2.6.32.8/arch/sparc/include/asm/dma-mapping.h linux-2.6.32.8/arch/sparc/include/asm/dma-mapping.h
2862--- linux-2.6.32.8/arch/sparc/include/asm/dma-mapping.h 2010-02-09 07:57:19.000000000 -0500
2863+++ linux-2.6.32.8/arch/sparc/include/asm/dma-mapping.h 2010-02-13 21:45:09.841903398 -0500
2864@@ -14,10 +14,10 @@ extern int dma_set_mask(struct device *d
2865 #define dma_free_noncoherent(d, s, v, h) dma_free_coherent(d, s, v, h)
2866 #define dma_is_consistent(d, h) (1)
2867
2868-extern struct dma_map_ops *dma_ops, pci32_dma_ops;
2869+extern const struct dma_map_ops *dma_ops, pci32_dma_ops;
2870 extern struct bus_type pci_bus_type;
2871
2872-static inline struct dma_map_ops *get_dma_ops(struct device *dev)
2873+static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
2874 {
2875 #if defined(CONFIG_SPARC32) && defined(CONFIG_PCI)
2876 if (dev->bus == &pci_bus_type)
2877@@ -31,7 +31,7 @@ static inline struct dma_map_ops *get_dm
2878 static inline void *dma_alloc_coherent(struct device *dev, size_t size,
2879 dma_addr_t *dma_handle, gfp_t flag)
2880 {
2881- struct dma_map_ops *ops = get_dma_ops(dev);
2882+ const struct dma_map_ops *ops = get_dma_ops(dev);
2883 void *cpu_addr;
2884
2885 cpu_addr = ops->alloc_coherent(dev, size, dma_handle, flag);
2886@@ -42,7 +42,7 @@ static inline void *dma_alloc_coherent(s
2887 static inline void dma_free_coherent(struct device *dev, size_t size,
2888 void *cpu_addr, dma_addr_t dma_handle)
2889 {
2890- struct dma_map_ops *ops = get_dma_ops(dev);
2891+ const struct dma_map_ops *ops = get_dma_ops(dev);
2892
2893 debug_dma_free_coherent(dev, size, cpu_addr, dma_handle);
2894 ops->free_coherent(dev, size, cpu_addr, dma_handle);
2895diff -urNp linux-2.6.32.8/arch/sparc/include/asm/elf_32.h linux-2.6.32.8/arch/sparc/include/asm/elf_32.h
2896--- linux-2.6.32.8/arch/sparc/include/asm/elf_32.h 2010-02-09 07:57:19.000000000 -0500
2897+++ linux-2.6.32.8/arch/sparc/include/asm/elf_32.h 2010-02-13 21:45:09.842907991 -0500
2898@@ -116,6 +116,13 @@ typedef struct {
2899
2900 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE)
2901
2902+#ifdef CONFIG_PAX_ASLR
2903+#define PAX_ELF_ET_DYN_BASE 0x10000UL
2904+
2905+#define PAX_DELTA_MMAP_LEN 16
2906+#define PAX_DELTA_STACK_LEN 16
2907+#endif
2908+
2909 /* This yields a mask that user programs can use to figure out what
2910 instruction set this cpu supports. This can NOT be done in userspace
2911 on Sparc. */
2912diff -urNp linux-2.6.32.8/arch/sparc/include/asm/elf_64.h linux-2.6.32.8/arch/sparc/include/asm/elf_64.h
2913--- linux-2.6.32.8/arch/sparc/include/asm/elf_64.h 2010-02-09 07:57:19.000000000 -0500
2914+++ linux-2.6.32.8/arch/sparc/include/asm/elf_64.h 2010-02-13 21:45:09.842907991 -0500
2915@@ -163,6 +163,12 @@ typedef struct {
2916 #define ELF_ET_DYN_BASE 0x0000010000000000UL
2917 #define COMPAT_ELF_ET_DYN_BASE 0x0000000070000000UL
2918
2919+#ifdef CONFIG_PAX_ASLR
2920+#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT) ? 0x10000UL : 0x100000UL)
2921+
2922+#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT) ? 14 : 28 )
2923+#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT) ? 15 : 29 )
2924+#endif
2925
2926 /* This yields a mask that user programs can use to figure out what
2927 instruction set this cpu supports. */
2928diff -urNp linux-2.6.32.8/arch/sparc/include/asm/pgtable_32.h linux-2.6.32.8/arch/sparc/include/asm/pgtable_32.h
2929--- linux-2.6.32.8/arch/sparc/include/asm/pgtable_32.h 2010-02-09 07:57:19.000000000 -0500
2930+++ linux-2.6.32.8/arch/sparc/include/asm/pgtable_32.h 2010-02-13 21:45:09.842907991 -0500
2931@@ -43,6 +43,13 @@ BTFIXUPDEF_SIMM13(user_ptrs_per_pgd)
2932 BTFIXUPDEF_INT(page_none)
2933 BTFIXUPDEF_INT(page_copy)
2934 BTFIXUPDEF_INT(page_readonly)
2935+
2936+#ifdef CONFIG_PAX_PAGEEXEC
2937+BTFIXUPDEF_INT(page_shared_noexec)
2938+BTFIXUPDEF_INT(page_copy_noexec)
2939+BTFIXUPDEF_INT(page_readonly_noexec)
2940+#endif
2941+
2942 BTFIXUPDEF_INT(page_kernel)
2943
2944 #define PMD_SHIFT SUN4C_PMD_SHIFT
2945@@ -64,6 +71,16 @@ extern pgprot_t PAGE_SHARED;
2946 #define PAGE_COPY __pgprot(BTFIXUP_INT(page_copy))
2947 #define PAGE_READONLY __pgprot(BTFIXUP_INT(page_readonly))
2948
2949+#ifdef CONFIG_PAX_PAGEEXEC
2950+extern pgprot_t PAGE_SHARED_NOEXEC;
2951+# define PAGE_COPY_NOEXEC __pgprot(BTFIXUP_INT(page_copy_noexec))
2952+# define PAGE_READONLY_NOEXEC __pgprot(BTFIXUP_INT(page_readonly_noexec))
2953+#else
2954+# define PAGE_SHARED_NOEXEC PAGE_SHARED
2955+# define PAGE_COPY_NOEXEC PAGE_COPY
2956+# define PAGE_READONLY_NOEXEC PAGE_READONLY
2957+#endif
2958+
2959 extern unsigned long page_kernel;
2960
2961 #ifdef MODULE
2962diff -urNp linux-2.6.32.8/arch/sparc/include/asm/pgtsrmmu.h linux-2.6.32.8/arch/sparc/include/asm/pgtsrmmu.h
2963--- linux-2.6.32.8/arch/sparc/include/asm/pgtsrmmu.h 2010-02-09 07:57:19.000000000 -0500
2964+++ linux-2.6.32.8/arch/sparc/include/asm/pgtsrmmu.h 2010-02-13 21:45:09.842907991 -0500
2965@@ -115,6 +115,13 @@
2966 SRMMU_EXEC | SRMMU_REF)
2967 #define SRMMU_PAGE_RDONLY __pgprot(SRMMU_VALID | SRMMU_CACHE | \
2968 SRMMU_EXEC | SRMMU_REF)
2969+
2970+#ifdef CONFIG_PAX_PAGEEXEC
2971+#define SRMMU_PAGE_SHARED_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_WRITE | SRMMU_REF)
2972+#define SRMMU_PAGE_COPY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF)
2973+#define SRMMU_PAGE_RDONLY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF)
2974+#endif
2975+
2976 #define SRMMU_PAGE_KERNEL __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_PRIV | \
2977 SRMMU_DIRTY | SRMMU_REF)
2978
2979diff -urNp linux-2.6.32.8/arch/sparc/include/asm/spinlock_64.h linux-2.6.32.8/arch/sparc/include/asm/spinlock_64.h
2980--- linux-2.6.32.8/arch/sparc/include/asm/spinlock_64.h 2010-02-09 07:57:19.000000000 -0500
2981+++ linux-2.6.32.8/arch/sparc/include/asm/spinlock_64.h 2010-02-13 21:45:09.843906297 -0500
2982@@ -99,7 +99,12 @@ static void inline arch_read_lock(raw_rw
2983 __asm__ __volatile__ (
2984 "1: ldsw [%2], %0\n"
2985 " brlz,pn %0, 2f\n"
2986-"4: add %0, 1, %1\n"
2987+"4: addcc %0, 1, %1\n"
2988+
2989+#ifdef CONFIG_PAX_REFCOUNT
2990+" tvs %%icc, 6\n"
2991+#endif
2992+
2993 " cas [%2], %0, %1\n"
2994 " cmp %0, %1\n"
2995 " bne,pn %%icc, 1b\n"
2996@@ -112,7 +117,7 @@ static void inline arch_read_lock(raw_rw
2997 " .previous"
2998 : "=&r" (tmp1), "=&r" (tmp2)
2999 : "r" (lock)
3000- : "memory");
3001+ : "memory", "cc");
3002 }
3003
3004 static int inline arch_read_trylock(raw_rwlock_t *lock)
3005@@ -123,7 +128,12 @@ static int inline arch_read_trylock(raw_
3006 "1: ldsw [%2], %0\n"
3007 " brlz,a,pn %0, 2f\n"
3008 " mov 0, %0\n"
3009-" add %0, 1, %1\n"
3010+" addcc %0, 1, %1\n"
3011+
3012+#ifdef CONFIG_PAX_REFCOUNT
3013+" tvs %%icc, 6\n"
3014+#endif
3015+
3016 " cas [%2], %0, %1\n"
3017 " cmp %0, %1\n"
3018 " bne,pn %%icc, 1b\n"
3019@@ -142,7 +152,12 @@ static void inline arch_read_unlock(raw_
3020
3021 __asm__ __volatile__(
3022 "1: lduw [%2], %0\n"
3023-" sub %0, 1, %1\n"
3024+" subcc %0, 1, %1\n"
3025+
3026+#ifdef CONFIG_PAX_REFCOUNT
3027+" tvs %%icc, 6\n"
3028+#endif
3029+
3030 " cas [%2], %0, %1\n"
3031 " cmp %0, %1\n"
3032 " bne,pn %%xcc, 1b\n"
3033diff -urNp linux-2.6.32.8/arch/sparc/include/asm/uaccess_32.h linux-2.6.32.8/arch/sparc/include/asm/uaccess_32.h
3034--- linux-2.6.32.8/arch/sparc/include/asm/uaccess_32.h 2010-02-09 07:57:19.000000000 -0500
3035+++ linux-2.6.32.8/arch/sparc/include/asm/uaccess_32.h 2010-02-13 21:45:09.843906297 -0500
3036@@ -249,27 +249,46 @@ extern unsigned long __copy_user(void __
3037
3038 static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n)
3039 {
3040- if (n && __access_ok((unsigned long) to, n))
3041+ if ((long)n < 0)
3042+ return n;
3043+
3044+ if (n && __access_ok((unsigned long) to, n)) {
3045+ if (!__builtin_constant_p(n))
3046+ check_object_size(from, n, true);
3047 return __copy_user(to, (__force void __user *) from, n);
3048- else
3049+ } else
3050 return n;
3051 }
3052
3053 static inline unsigned long __copy_to_user(void __user *to, const void *from, unsigned long n)
3054 {
3055+ if ((long)n < 0)
3056+ return n;
3057+
3058+ if (!__builtin_constant_p(n))
3059+ check_object_size(from, n, true);
3060+
3061 return __copy_user(to, (__force void __user *) from, n);
3062 }
3063
3064 static inline unsigned long copy_from_user(void *to, const void __user *from, unsigned long n)
3065 {
3066- if (n && __access_ok((unsigned long) from, n))
3067+ if ((long)n < 0)
3068+ return n;
3069+
3070+ if (n && __access_ok((unsigned long) from, n)) {
3071+ if (!__builtin_constant_p(n))
3072+ check_object_size(to, n, false);
3073 return __copy_user((__force void __user *) to, from, n);
3074- else
3075+ } else
3076 return n;
3077 }
3078
3079 static inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n)
3080 {
3081+ if ((long)n < 0)
3082+ return n;
3083+
3084 return __copy_user((__force void __user *) to, from, n);
3085 }
3086
3087diff -urNp linux-2.6.32.8/arch/sparc/include/asm/uaccess_64.h linux-2.6.32.8/arch/sparc/include/asm/uaccess_64.h
3088--- linux-2.6.32.8/arch/sparc/include/asm/uaccess_64.h 2010-02-09 07:57:19.000000000 -0500
3089+++ linux-2.6.32.8/arch/sparc/include/asm/uaccess_64.h 2010-02-13 21:45:09.843906297 -0500
3090@@ -9,6 +9,7 @@
3091 #include <linux/compiler.h>
3092 #include <linux/string.h>
3093 #include <linux/thread_info.h>
3094+#include <linux/kernel.h>
3095 #include <asm/asi.h>
3096 #include <asm/system.h>
3097 #include <asm/spitfire.h>
3098@@ -203,6 +204,7 @@ __asm__ __volatile__( \
3099 : "=r" (x) : "r" (__m(addr)), "i" (retval))
3100
3101 extern int __get_user_bad(void);
3102+extern void check_object_size(const void *ptr, unsigned long n, bool to);
3103
3104 extern unsigned long __must_check ___copy_from_user(void *to,
3105 const void __user *from,
3106@@ -212,8 +214,15 @@ extern unsigned long copy_from_user_fixu
3107 static inline unsigned long __must_check
3108 copy_from_user(void *to, const void __user *from, unsigned long size)
3109 {
3110- unsigned long ret = ___copy_from_user(to, from, size);
3111+ unsigned long ret;
3112
3113+ if ((long)size < 0 || size > INT_MAX)
3114+ return size;
3115+
3116+ if (!__builtin_constant_p(size))
3117+ check_object_size(to, size, false);
3118+
3119+ ret = ___copy_from_user(to, from, size);
3120 if (unlikely(ret))
3121 ret = copy_from_user_fixup(to, from, size);
3122 return ret;
3123@@ -228,8 +237,15 @@ extern unsigned long copy_to_user_fixup(
3124 static inline unsigned long __must_check
3125 copy_to_user(void __user *to, const void *from, unsigned long size)
3126 {
3127- unsigned long ret = ___copy_to_user(to, from, size);
3128+ unsigned long ret;
3129+
3130+ if ((long)size < 0 || size > INT_MAX)
3131+ return size;
3132+
3133+ if (!__builtin_constant_p(size))
3134+ check_object_size(from, size, true);
3135
3136+ ret = ___copy_to_user(to, from, size);
3137 if (unlikely(ret))
3138 ret = copy_to_user_fixup(to, from, size);
3139 return ret;
3140diff -urNp linux-2.6.32.8/arch/sparc/kernel/iommu.c linux-2.6.32.8/arch/sparc/kernel/iommu.c
3141--- linux-2.6.32.8/arch/sparc/kernel/iommu.c 2010-02-09 07:57:19.000000000 -0500
3142+++ linux-2.6.32.8/arch/sparc/kernel/iommu.c 2010-02-13 21:45:09.844854516 -0500
3143@@ -826,7 +826,7 @@ static void dma_4u_sync_sg_for_cpu(struc
3144 spin_unlock_irqrestore(&iommu->lock, flags);
3145 }
3146
3147-static struct dma_map_ops sun4u_dma_ops = {
3148+static const struct dma_map_ops sun4u_dma_ops = {
3149 .alloc_coherent = dma_4u_alloc_coherent,
3150 .free_coherent = dma_4u_free_coherent,
3151 .map_page = dma_4u_map_page,
3152@@ -837,7 +837,7 @@ static struct dma_map_ops sun4u_dma_ops
3153 .sync_sg_for_cpu = dma_4u_sync_sg_for_cpu,
3154 };
3155
3156-struct dma_map_ops *dma_ops = &sun4u_dma_ops;
3157+const struct dma_map_ops *dma_ops = &sun4u_dma_ops;
3158 EXPORT_SYMBOL(dma_ops);
3159
3160 extern int pci64_dma_supported(struct pci_dev *pdev, u64 device_mask);
3161diff -urNp linux-2.6.32.8/arch/sparc/kernel/ioport.c linux-2.6.32.8/arch/sparc/kernel/ioport.c
3162--- linux-2.6.32.8/arch/sparc/kernel/ioport.c 2010-02-09 07:57:19.000000000 -0500
3163+++ linux-2.6.32.8/arch/sparc/kernel/ioport.c 2010-02-13 21:45:09.844854516 -0500
3164@@ -392,7 +392,7 @@ static void sbus_sync_sg_for_device(stru
3165 BUG();
3166 }
3167
3168-struct dma_map_ops sbus_dma_ops = {
3169+const struct dma_map_ops sbus_dma_ops = {
3170 .alloc_coherent = sbus_alloc_coherent,
3171 .free_coherent = sbus_free_coherent,
3172 .map_page = sbus_map_page,
3173@@ -403,7 +403,7 @@ struct dma_map_ops sbus_dma_ops = {
3174 .sync_sg_for_device = sbus_sync_sg_for_device,
3175 };
3176
3177-struct dma_map_ops *dma_ops = &sbus_dma_ops;
3178+const struct dma_map_ops *dma_ops = &sbus_dma_ops;
3179 EXPORT_SYMBOL(dma_ops);
3180
3181 static int __init sparc_register_ioport(void)
3182@@ -640,7 +640,7 @@ static void pci32_sync_sg_for_device(str
3183 }
3184 }
3185
3186-struct dma_map_ops pci32_dma_ops = {
3187+const struct dma_map_ops pci32_dma_ops = {
3188 .alloc_coherent = pci32_alloc_coherent,
3189 .free_coherent = pci32_free_coherent,
3190 .map_page = pci32_map_page,
3191diff -urNp linux-2.6.32.8/arch/sparc/kernel/kgdb_32.c linux-2.6.32.8/arch/sparc/kernel/kgdb_32.c
3192--- linux-2.6.32.8/arch/sparc/kernel/kgdb_32.c 2010-02-09 07:57:19.000000000 -0500
3193+++ linux-2.6.32.8/arch/sparc/kernel/kgdb_32.c 2010-02-13 21:45:09.844854516 -0500
3194@@ -158,7 +158,7 @@ void kgdb_arch_exit(void)
3195 {
3196 }
3197
3198-struct kgdb_arch arch_kgdb_ops = {
3199+const struct kgdb_arch arch_kgdb_ops = {
3200 /* Breakpoint instruction: ta 0x7d */
3201 .gdb_bpt_instr = { 0x91, 0xd0, 0x20, 0x7d },
3202 };
3203diff -urNp linux-2.6.32.8/arch/sparc/kernel/kgdb_64.c linux-2.6.32.8/arch/sparc/kernel/kgdb_64.c
3204--- linux-2.6.32.8/arch/sparc/kernel/kgdb_64.c 2010-02-09 07:57:19.000000000 -0500
3205+++ linux-2.6.32.8/arch/sparc/kernel/kgdb_64.c 2010-02-13 21:45:09.845656514 -0500
3206@@ -180,7 +180,7 @@ void kgdb_arch_exit(void)
3207 {
3208 }
3209
3210-struct kgdb_arch arch_kgdb_ops = {
3211+const struct kgdb_arch arch_kgdb_ops = {
3212 /* Breakpoint instruction: ta 0x72 */
3213 .gdb_bpt_instr = { 0x91, 0xd0, 0x20, 0x72 },
3214 };
3215diff -urNp linux-2.6.32.8/arch/sparc/kernel/Makefile linux-2.6.32.8/arch/sparc/kernel/Makefile
3216--- linux-2.6.32.8/arch/sparc/kernel/Makefile 2010-02-09 07:57:19.000000000 -0500
3217+++ linux-2.6.32.8/arch/sparc/kernel/Makefile 2010-02-13 21:45:09.845656514 -0500
3218@@ -3,7 +3,7 @@
3219 #
3220
3221 asflags-y := -ansi
3222-ccflags-y := -Werror
3223+#ccflags-y := -Werror
3224
3225 extra-y := head_$(BITS).o
3226 extra-y += init_task.o
3227diff -urNp linux-2.6.32.8/arch/sparc/kernel/pci_sun4v.c linux-2.6.32.8/arch/sparc/kernel/pci_sun4v.c
3228--- linux-2.6.32.8/arch/sparc/kernel/pci_sun4v.c 2010-02-09 07:57:19.000000000 -0500
3229+++ linux-2.6.32.8/arch/sparc/kernel/pci_sun4v.c 2010-02-13 21:45:09.845656514 -0500
3230@@ -525,7 +525,7 @@ static void dma_4v_unmap_sg(struct devic
3231 spin_unlock_irqrestore(&iommu->lock, flags);
3232 }
3233
3234-static struct dma_map_ops sun4v_dma_ops = {
3235+static const struct dma_map_ops sun4v_dma_ops = {
3236 .alloc_coherent = dma_4v_alloc_coherent,
3237 .free_coherent = dma_4v_free_coherent,
3238 .map_page = dma_4v_map_page,
3239diff -urNp linux-2.6.32.8/arch/sparc/kernel/sys_sparc_32.c linux-2.6.32.8/arch/sparc/kernel/sys_sparc_32.c
3240--- linux-2.6.32.8/arch/sparc/kernel/sys_sparc_32.c 2010-02-09 07:57:19.000000000 -0500
3241+++ linux-2.6.32.8/arch/sparc/kernel/sys_sparc_32.c 2010-02-13 21:45:09.845656514 -0500
3242@@ -57,7 +57,7 @@ unsigned long arch_get_unmapped_area(str
3243 if (ARCH_SUN4C && len > 0x20000000)
3244 return -ENOMEM;
3245 if (!addr)
3246- addr = TASK_UNMAPPED_BASE;
3247+ addr = current->mm->mmap_base;
3248
3249 if (flags & MAP_SHARED)
3250 addr = COLOUR_ALIGN(addr);
3251diff -urNp linux-2.6.32.8/arch/sparc/kernel/sys_sparc_64.c linux-2.6.32.8/arch/sparc/kernel/sys_sparc_64.c
3252--- linux-2.6.32.8/arch/sparc/kernel/sys_sparc_64.c 2010-02-09 07:57:19.000000000 -0500
3253+++ linux-2.6.32.8/arch/sparc/kernel/sys_sparc_64.c 2010-02-13 21:45:09.845656514 -0500
3254@@ -125,7 +125,7 @@ unsigned long arch_get_unmapped_area(str
3255 /* We do not accept a shared mapping if it would violate
3256 * cache aliasing constraints.
3257 */
3258- if ((flags & MAP_SHARED) &&
3259+ if ((filp || (flags & MAP_SHARED)) &&
3260 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
3261 return -EINVAL;
3262 return addr;
3263@@ -140,6 +140,10 @@ unsigned long arch_get_unmapped_area(str
3264 if (filp || (flags & MAP_SHARED))
3265 do_color_align = 1;
3266
3267+#ifdef CONFIG_PAX_RANDMMAP
3268+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
3269+#endif
3270+
3271 if (addr) {
3272 if (do_color_align)
3273 addr = COLOUR_ALIGN(addr, pgoff);
3274@@ -153,9 +157,9 @@ unsigned long arch_get_unmapped_area(str
3275 }
3276
3277 if (len > mm->cached_hole_size) {
3278- start_addr = addr = mm->free_area_cache;
3279+ start_addr = addr = mm->free_area_cache;
3280 } else {
3281- start_addr = addr = TASK_UNMAPPED_BASE;
3282+ start_addr = addr = mm->mmap_base;
3283 mm->cached_hole_size = 0;
3284 }
3285
3286@@ -175,8 +179,8 @@ full_search:
3287 vma = find_vma(mm, VA_EXCLUDE_END);
3288 }
3289 if (unlikely(task_size < addr)) {
3290- if (start_addr != TASK_UNMAPPED_BASE) {
3291- start_addr = addr = TASK_UNMAPPED_BASE;
3292+ if (start_addr != mm->mmap_base) {
3293+ start_addr = addr = mm->mmap_base;
3294 mm->cached_hole_size = 0;
3295 goto full_search;
3296 }
3297@@ -216,7 +220,7 @@ arch_get_unmapped_area_topdown(struct fi
3298 /* We do not accept a shared mapping if it would violate
3299 * cache aliasing constraints.
3300 */
3301- if ((flags & MAP_SHARED) &&
3302+ if ((filp || (flags & MAP_SHARED)) &&
3303 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
3304 return -EINVAL;
3305 return addr;
3306@@ -384,6 +388,12 @@ void arch_pick_mmap_layout(struct mm_str
3307 current->signal->rlim[RLIMIT_STACK].rlim_cur == RLIM_INFINITY ||
3308 sysctl_legacy_va_layout) {
3309 mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
3310+
3311+#ifdef CONFIG_PAX_RANDMMAP
3312+ if (mm->pax_flags & MF_PAX_RANDMMAP)
3313+ mm->mmap_base += mm->delta_mmap;
3314+#endif
3315+
3316 mm->get_unmapped_area = arch_get_unmapped_area;
3317 mm->unmap_area = arch_unmap_area;
3318 } else {
3319@@ -398,6 +408,12 @@ void arch_pick_mmap_layout(struct mm_str
3320 gap = (task_size / 6 * 5);
3321
3322 mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor);
3323+
3324+#ifdef CONFIG_PAX_RANDMMAP
3325+ if (mm->pax_flags & MF_PAX_RANDMMAP)
3326+ mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
3327+#endif
3328+
3329 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
3330 mm->unmap_area = arch_unmap_area_topdown;
3331 }
3332diff -urNp linux-2.6.32.8/arch/sparc/kernel/traps_64.c linux-2.6.32.8/arch/sparc/kernel/traps_64.c
3333--- linux-2.6.32.8/arch/sparc/kernel/traps_64.c 2010-02-09 07:57:19.000000000 -0500
3334+++ linux-2.6.32.8/arch/sparc/kernel/traps_64.c 2010-02-13 21:45:09.846727737 -0500
3335@@ -93,6 +93,12 @@ void bad_trap(struct pt_regs *regs, long
3336
3337 lvl -= 0x100;
3338 if (regs->tstate & TSTATE_PRIV) {
3339+
3340+#ifdef CONFIG_PAX_REFCOUNT
3341+ if (lvl == 6)
3342+ pax_report_refcount_overflow(regs);
3343+#endif
3344+
3345 sprintf(buffer, "Kernel bad sw trap %lx", lvl);
3346 die_if_kernel(buffer, regs);
3347 }
3348@@ -111,11 +117,16 @@ void bad_trap(struct pt_regs *regs, long
3349 void bad_trap_tl1(struct pt_regs *regs, long lvl)
3350 {
3351 char buffer[32];
3352-
3353+
3354 if (notify_die(DIE_TRAP_TL1, "bad trap tl1", regs,
3355 0, lvl, SIGTRAP) == NOTIFY_STOP)
3356 return;
3357
3358+#ifdef CONFIG_PAX_REFCOUNT
3359+ if (lvl == 6)
3360+ pax_report_refcount_overflow(regs);
3361+#endif
3362+
3363 dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
3364
3365 sprintf (buffer, "Bad trap %lx at tl>0", lvl);
3366diff -urNp linux-2.6.32.8/arch/sparc/lib/atomic_64.S linux-2.6.32.8/arch/sparc/lib/atomic_64.S
3367--- linux-2.6.32.8/arch/sparc/lib/atomic_64.S 2010-02-09 07:57:19.000000000 -0500
3368+++ linux-2.6.32.8/arch/sparc/lib/atomic_64.S 2010-02-13 21:45:09.846727737 -0500
3369@@ -18,7 +18,12 @@
3370 atomic_add: /* %o0 = increment, %o1 = atomic_ptr */
3371 BACKOFF_SETUP(%o2)
3372 1: lduw [%o1], %g1
3373- add %g1, %o0, %g7
3374+ addcc %g1, %o0, %g7
3375+
3376+#ifdef CONFIG_PAX_REFCOUNT
3377+ tvs %icc, 6
3378+#endif
3379+
3380 cas [%o1], %g1, %g7
3381 cmp %g1, %g7
3382 bne,pn %icc, 2f
3383@@ -28,12 +33,32 @@ atomic_add: /* %o0 = increment, %o1 = at
3384 2: BACKOFF_SPIN(%o2, %o3, 1b)
3385 .size atomic_add, .-atomic_add
3386
3387+ .globl atomic_add_unchecked
3388+ .type atomic_add_unchecked,#function
3389+atomic_add_unchecked: /* %o0 = increment, %o1 = atomic_ptr */
3390+ BACKOFF_SETUP(%o2)
3391+1: lduw [%o1], %g1
3392+ add %g1, %o0, %g7
3393+ cas [%o1], %g1, %g7
3394+ cmp %g1, %g7
3395+ bne,pn %icc, 2f
3396+ nop
3397+ retl
3398+ nop
3399+2: BACKOFF_SPIN(%o2, %o3, 1b)
3400+ .size atomic_add_unchecked, .-atomic_add_unchecked
3401+
3402 .globl atomic_sub
3403 .type atomic_sub,#function
3404 atomic_sub: /* %o0 = decrement, %o1 = atomic_ptr */
3405 BACKOFF_SETUP(%o2)
3406 1: lduw [%o1], %g1
3407- sub %g1, %o0, %g7
3408+ subcc %g1, %o0, %g7
3409+
3410+#ifdef CONFIG_PAX_REFCOUNT
3411+ tvs %icc, 6
3412+#endif
3413+
3414 cas [%o1], %g1, %g7
3415 cmp %g1, %g7
3416 bne,pn %icc, 2f
3417@@ -43,12 +68,32 @@ atomic_sub: /* %o0 = decrement, %o1 = at
3418 2: BACKOFF_SPIN(%o2, %o3, 1b)
3419 .size atomic_sub, .-atomic_sub
3420
3421+ .globl atomic_sub_unchecked
3422+ .type atomic_sub_unchecked,#function
3423+atomic_sub_unchecked: /* %o0 = decrement, %o1 = atomic_ptr */
3424+ BACKOFF_SETUP(%o2)
3425+1: lduw [%o1], %g1
3426+ sub %g1, %o0, %g7
3427+ cas [%o1], %g1, %g7
3428+ cmp %g1, %g7
3429+ bne,pn %icc, 2f
3430+ nop
3431+ retl
3432+ nop
3433+2: BACKOFF_SPIN(%o2, %o3, 1b)
3434+ .size atomic_sub_unchecked, .-atomic_sub_unchecked
3435+
3436 .globl atomic_add_ret
3437 .type atomic_add_ret,#function
3438 atomic_add_ret: /* %o0 = increment, %o1 = atomic_ptr */
3439 BACKOFF_SETUP(%o2)
3440 1: lduw [%o1], %g1
3441- add %g1, %o0, %g7
3442+ addcc %g1, %o0, %g7
3443+
3444+#ifdef CONFIG_PAX_REFCOUNT
3445+ tvs %icc, 6
3446+#endif
3447+
3448 cas [%o1], %g1, %g7
3449 cmp %g1, %g7
3450 bne,pn %icc, 2f
3451@@ -64,7 +109,12 @@ atomic_add_ret: /* %o0 = increment, %o1
3452 atomic_sub_ret: /* %o0 = decrement, %o1 = atomic_ptr */
3453 BACKOFF_SETUP(%o2)
3454 1: lduw [%o1], %g1
3455- sub %g1, %o0, %g7
3456+ subcc %g1, %o0, %g7
3457+
3458+#ifdef CONFIG_PAX_REFCOUNT
3459+ tvs %icc, 6
3460+#endif
3461+
3462 cas [%o1], %g1, %g7
3463 cmp %g1, %g7
3464 bne,pn %icc, 2f
3465@@ -80,7 +130,12 @@ atomic_sub_ret: /* %o0 = decrement, %o1
3466 atomic64_add: /* %o0 = increment, %o1 = atomic_ptr */
3467 BACKOFF_SETUP(%o2)
3468 1: ldx [%o1], %g1
3469- add %g1, %o0, %g7
3470+ addcc %g1, %o0, %g7
3471+
3472+#ifdef CONFIG_PAX_REFCOUNT
3473+ tvs %xcc, 6
3474+#endif
3475+
3476 casx [%o1], %g1, %g7
3477 cmp %g1, %g7
3478 bne,pn %xcc, 2f
3479@@ -90,12 +145,32 @@ atomic64_add: /* %o0 = increment, %o1 =
3480 2: BACKOFF_SPIN(%o2, %o3, 1b)
3481 .size atomic64_add, .-atomic64_add
3482
3483+ .globl atomic64_add_unchecked
3484+ .type atomic64_add_unchecked,#function
3485+atomic64_add_unchecked: /* %o0 = increment, %o1 = atomic_ptr */
3486+ BACKOFF_SETUP(%o2)
3487+1: ldx [%o1], %g1
3488+ addcc %g1, %o0, %g7
3489+ casx [%o1], %g1, %g7
3490+ cmp %g1, %g7
3491+ bne,pn %xcc, 2f
3492+ nop
3493+ retl
3494+ nop
3495+2: BACKOFF_SPIN(%o2, %o3, 1b)
3496+ .size atomic64_add_unchecked, .-atomic64_add_unchecked
3497+
3498 .globl atomic64_sub
3499 .type atomic64_sub,#function
3500 atomic64_sub: /* %o0 = decrement, %o1 = atomic_ptr */
3501 BACKOFF_SETUP(%o2)
3502 1: ldx [%o1], %g1
3503- sub %g1, %o0, %g7
3504+ subcc %g1, %o0, %g7
3505+
3506+#ifdef CONFIG_PAX_REFCOUNT
3507+ tvs %xcc, 6
3508+#endif
3509+
3510 casx [%o1], %g1, %g7
3511 cmp %g1, %g7
3512 bne,pn %xcc, 2f
3513@@ -110,7 +185,12 @@ atomic64_sub: /* %o0 = decrement, %o1 =
3514 atomic64_add_ret: /* %o0 = increment, %o1 = atomic_ptr */
3515 BACKOFF_SETUP(%o2)
3516 1: ldx [%o1], %g1
3517- add %g1, %o0, %g7
3518+ addcc %g1, %o0, %g7
3519+
3520+#ifdef CONFIG_PAX_REFCOUNT
3521+ tvs %xcc, 6
3522+#endif
3523+
3524 casx [%o1], %g1, %g7
3525 cmp %g1, %g7
3526 bne,pn %xcc, 2f
3527@@ -121,12 +201,33 @@ atomic64_add_ret: /* %o0 = increment, %o
3528 2: BACKOFF_SPIN(%o2, %o3, 1b)
3529 .size atomic64_add_ret, .-atomic64_add_ret
3530
3531+ .globl atomic64_add_ret_unchecked
3532+ .type atomic64_add_ret_unchecked,#function
3533+atomic64_add_ret_unchecked: /* %o0 = increment, %o1 = atomic_ptr */
3534+ BACKOFF_SETUP(%o2)
3535+1: ldx [%o1], %g1
3536+ addcc %g1, %o0, %g7
3537+ casx [%o1], %g1, %g7
3538+ cmp %g1, %g7
3539+ bne,pn %xcc, 2f
3540+ add %g7, %o0, %g7
3541+ mov %g7, %o0
3542+ retl
3543+ nop
3544+2: BACKOFF_SPIN(%o2, %o3, 1b)
3545+ .size atomic64_add_ret_unchecked, .-atomic64_add_ret_unchecked
3546+
3547 .globl atomic64_sub_ret
3548 .type atomic64_sub_ret,#function
3549 atomic64_sub_ret: /* %o0 = decrement, %o1 = atomic_ptr */
3550 BACKOFF_SETUP(%o2)
3551 1: ldx [%o1], %g1
3552- sub %g1, %o0, %g7
3553+ subcc %g1, %o0, %g7
3554+
3555+#ifdef CONFIG_PAX_REFCOUNT
3556+ tvs %xcc, 6
3557+#endif
3558+
3559 casx [%o1], %g1, %g7
3560 cmp %g1, %g7
3561 bne,pn %xcc, 2f
3562diff -urNp linux-2.6.32.8/arch/sparc/lib/ksyms.c linux-2.6.32.8/arch/sparc/lib/ksyms.c
3563--- linux-2.6.32.8/arch/sparc/lib/ksyms.c 2010-02-09 07:57:19.000000000 -0500
3564+++ linux-2.6.32.8/arch/sparc/lib/ksyms.c 2010-02-13 21:45:09.867638822 -0500
3565@@ -144,8 +144,10 @@ EXPORT_SYMBOL(__downgrade_write);
3566
3567 /* Atomic counter implementation. */
3568 EXPORT_SYMBOL(atomic_add);
3569+EXPORT_SYMBOL(atomic_add_unchecked);
3570 EXPORT_SYMBOL(atomic_add_ret);
3571 EXPORT_SYMBOL(atomic_sub);
3572+EXPORT_SYMBOL(atomic_sub_unchecked);
3573 EXPORT_SYMBOL(atomic_sub_ret);
3574 EXPORT_SYMBOL(atomic64_add);
3575 EXPORT_SYMBOL(atomic64_add_ret);
3576diff -urNp linux-2.6.32.8/arch/sparc/lib/rwsem_64.S linux-2.6.32.8/arch/sparc/lib/rwsem_64.S
3577--- linux-2.6.32.8/arch/sparc/lib/rwsem_64.S 2010-02-09 07:57:19.000000000 -0500
3578+++ linux-2.6.32.8/arch/sparc/lib/rwsem_64.S 2010-02-13 21:45:09.867638822 -0500
3579@@ -11,7 +11,12 @@
3580 .globl __down_read
3581 __down_read:
3582 1: lduw [%o0], %g1
3583- add %g1, 1, %g7
3584+ addcc %g1, 1, %g7
3585+
3586+#ifdef CONFIG_PAX_REFCOUNT
3587+ tvs %icc, 6
3588+#endif
3589+
3590 cas [%o0], %g1, %g7
3591 cmp %g1, %g7
3592 bne,pn %icc, 1b
3593@@ -33,7 +38,12 @@ __down_read:
3594 .globl __down_read_trylock
3595 __down_read_trylock:
3596 1: lduw [%o0], %g1
3597- add %g1, 1, %g7
3598+ addcc %g1, 1, %g7
3599+
3600+#ifdef CONFIG_PAX_REFCOUNT
3601+ tvs %icc, 6
3602+#endif
3603+
3604 cmp %g7, 0
3605 bl,pn %icc, 2f
3606 mov 0, %o1
3607@@ -51,7 +61,12 @@ __down_write:
3608 or %g1, %lo(RWSEM_ACTIVE_WRITE_BIAS), %g1
3609 1:
3610 lduw [%o0], %g3
3611- add %g3, %g1, %g7
3612+ addcc %g3, %g1, %g7
3613+
3614+#ifdef CONFIG_PAX_REFCOUNT
3615+ tvs %icc, 6
3616+#endif
3617+
3618 cas [%o0], %g3, %g7
3619 cmp %g3, %g7
3620 bne,pn %icc, 1b
3621@@ -77,7 +92,12 @@ __down_write_trylock:
3622 cmp %g3, 0
3623 bne,pn %icc, 2f
3624 mov 0, %o1
3625- add %g3, %g1, %g7
3626+ addcc %g3, %g1, %g7
3627+
3628+#ifdef CONFIG_PAX_REFCOUNT
3629+ tvs %icc, 6
3630+#endif
3631+
3632 cas [%o0], %g3, %g7
3633 cmp %g3, %g7
3634 bne,pn %icc, 1b
3635@@ -90,7 +110,12 @@ __down_write_trylock:
3636 __up_read:
3637 1:
3638 lduw [%o0], %g1
3639- sub %g1, 1, %g7
3640+ subcc %g1, 1, %g7
3641+
3642+#ifdef CONFIG_PAX_REFCOUNT
3643+ tvs %icc, 6
3644+#endif
3645+
3646 cas [%o0], %g1, %g7
3647 cmp %g1, %g7
3648 bne,pn %icc, 1b
3649@@ -118,7 +143,12 @@ __up_write:
3650 or %g1, %lo(RWSEM_ACTIVE_WRITE_BIAS), %g1
3651 1:
3652 lduw [%o0], %g3
3653- sub %g3, %g1, %g7
3654+ subcc %g3, %g1, %g7
3655+
3656+#ifdef CONFIG_PAX_REFCOUNT
3657+ tvs %icc, 6
3658+#endif
3659+
3660 cas [%o0], %g3, %g7
3661 cmp %g3, %g7
3662 bne,pn %icc, 1b
3663@@ -143,7 +173,12 @@ __downgrade_write:
3664 or %g1, %lo(RWSEM_WAITING_BIAS), %g1
3665 1:
3666 lduw [%o0], %g3
3667- sub %g3, %g1, %g7
3668+ subcc %g3, %g1, %g7
3669+
3670+#ifdef CONFIG_PAX_REFCOUNT
3671+ tvs %icc, 6
3672+#endif
3673+
3674 cas [%o0], %g3, %g7
3675 cmp %g3, %g7
3676 bne,pn %icc, 1b
3677diff -urNp linux-2.6.32.8/arch/sparc/Makefile linux-2.6.32.8/arch/sparc/Makefile
3678--- linux-2.6.32.8/arch/sparc/Makefile 2010-02-09 07:57:19.000000000 -0500
3679+++ linux-2.6.32.8/arch/sparc/Makefile 2010-02-13 21:45:09.867638822 -0500
3680@@ -75,7 +75,7 @@ drivers-$(CONFIG_OPROFILE) += arch/sparc
3681 # Export what is needed by arch/sparc/boot/Makefile
3682 export VMLINUX_INIT VMLINUX_MAIN
3683 VMLINUX_INIT := $(head-y) $(init-y)
3684-VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/
3685+VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
3686 VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y)
3687 VMLINUX_MAIN += $(drivers-y) $(net-y)
3688
3689diff -urNp linux-2.6.32.8/arch/sparc/mm/fault_32.c linux-2.6.32.8/arch/sparc/mm/fault_32.c
3690--- linux-2.6.32.8/arch/sparc/mm/fault_32.c 2010-02-09 07:57:19.000000000 -0500
3691+++ linux-2.6.32.8/arch/sparc/mm/fault_32.c 2010-02-13 21:45:09.868766986 -0500
3692@@ -21,6 +21,9 @@
3693 #include <linux/interrupt.h>
3694 #include <linux/module.h>
3695 #include <linux/kdebug.h>
3696+#include <linux/slab.h>
3697+#include <linux/pagemap.h>
3698+#include <linux/compiler.h>
3699
3700 #include <asm/system.h>
3701 #include <asm/page.h>
3702@@ -167,6 +170,267 @@ static unsigned long compute_si_addr(str
3703 return safe_compute_effective_address(regs, insn);
3704 }
3705
3706+#ifdef CONFIG_PAX_PAGEEXEC
3707+#ifdef CONFIG_PAX_DLRESOLVE
3708+static void pax_emuplt_close(struct vm_area_struct *vma)
3709+{
3710+ vma->vm_mm->call_dl_resolve = 0UL;
3711+}
3712+
3713+static int pax_emuplt_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
3714+{
3715+ unsigned int *kaddr;
3716+
3717+ vmf->page = alloc_page(GFP_HIGHUSER);
3718+ if (!vmf->page)
3719+ return VM_FAULT_OOM;
3720+
3721+ kaddr = kmap(vmf->page);
3722+ memset(kaddr, 0, PAGE_SIZE);
3723+ kaddr[0] = 0x9DE3BFA8U; /* save */
3724+ flush_dcache_page(vmf->page);
3725+ kunmap(vmf->page);
3726+ return VM_FAULT_MAJOR;
3727+}
3728+
3729+static const struct vm_operations_struct pax_vm_ops = {
3730+ .close = pax_emuplt_close,
3731+ .fault = pax_emuplt_fault
3732+};
3733+
3734+static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
3735+{
3736+ int ret;
3737+
3738+ vma->vm_mm = current->mm;
3739+ vma->vm_start = addr;
3740+ vma->vm_end = addr + PAGE_SIZE;
3741+ vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
3742+ vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
3743+ vma->vm_ops = &pax_vm_ops;
3744+
3745+ ret = insert_vm_struct(current->mm, vma);
3746+ if (ret)
3747+ return ret;
3748+
3749+ ++current->mm->total_vm;
3750+ return 0;
3751+}
3752+#endif
3753+
3754+/*
3755+ * PaX: decide what to do with offenders (regs->pc = fault address)
3756+ *
3757+ * returns 1 when task should be killed
3758+ * 2 when patched PLT trampoline was detected
3759+ * 3 when unpatched PLT trampoline was detected
3760+ */
3761+static int pax_handle_fetch_fault(struct pt_regs *regs)
3762+{
3763+
3764+#ifdef CONFIG_PAX_EMUPLT
3765+ int err;
3766+
3767+ do { /* PaX: patched PLT emulation #1 */
3768+ unsigned int sethi1, sethi2, jmpl;
3769+
3770+ err = get_user(sethi1, (unsigned int *)regs->pc);
3771+ err |= get_user(sethi2, (unsigned int *)(regs->pc+4));
3772+ err |= get_user(jmpl, (unsigned int *)(regs->pc+8));
3773+
3774+ if (err)
3775+ break;
3776+
3777+ if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
3778+ (sethi2 & 0xFFC00000U) == 0x03000000U &&
3779+ (jmpl & 0xFFFFE000U) == 0x81C06000U)
3780+ {
3781+ unsigned int addr;
3782+
3783+ regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10;
3784+ addr = regs->u_regs[UREG_G1];
3785+ addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
3786+ regs->pc = addr;
3787+ regs->npc = addr+4;
3788+ return 2;
3789+ }
3790+ } while (0);
3791+
3792+ { /* PaX: patched PLT emulation #2 */
3793+ unsigned int ba;
3794+
3795+ err = get_user(ba, (unsigned int *)regs->pc);
3796+
3797+ if (!err && (ba & 0xFFC00000U) == 0x30800000U) {
3798+ unsigned int addr;
3799+
3800+ addr = regs->pc + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2);
3801+ regs->pc = addr;
3802+ regs->npc = addr+4;
3803+ return 2;
3804+ }
3805+ }
3806+
3807+ do { /* PaX: patched PLT emulation #3 */
3808+ unsigned int sethi, jmpl, nop;
3809+
3810+ err = get_user(sethi, (unsigned int *)regs->pc);
3811+ err |= get_user(jmpl, (unsigned int *)(regs->pc+4));
3812+ err |= get_user(nop, (unsigned int *)(regs->pc+8));
3813+
3814+ if (err)
3815+ break;
3816+
3817+ if ((sethi & 0xFFC00000U) == 0x03000000U &&
3818+ (jmpl & 0xFFFFE000U) == 0x81C06000U &&
3819+ nop == 0x01000000U)
3820+ {
3821+ unsigned int addr;
3822+
3823+ addr = (sethi & 0x003FFFFFU) << 10;
3824+ regs->u_regs[UREG_G1] = addr;
3825+ addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
3826+ regs->pc = addr;
3827+ regs->npc = addr+4;
3828+ return 2;
3829+ }
3830+ } while (0);
3831+
3832+ do { /* PaX: unpatched PLT emulation step 1 */
3833+ unsigned int sethi, ba, nop;
3834+
3835+ err = get_user(sethi, (unsigned int *)regs->pc);
3836+ err |= get_user(ba, (unsigned int *)(regs->pc+4));
3837+ err |= get_user(nop, (unsigned int *)(regs->pc+8));
3838+
3839+ if (err)
3840+ break;
3841+
3842+ if ((sethi & 0xFFC00000U) == 0x03000000U &&
3843+ ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) &&
3844+ nop == 0x01000000U)
3845+ {
3846+ unsigned int addr, save, call;
3847+
3848+ if ((ba & 0xFFC00000U) == 0x30800000U)
3849+ addr = regs->pc + 4 + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2);
3850+ else
3851+ addr = regs->pc + 4 + ((((ba | 0xFFF80000U) ^ 0x00040000U) + 0x00040000U) << 2);
3852+
3853+ err = get_user(save, (unsigned int *)addr);
3854+ err |= get_user(call, (unsigned int *)(addr+4));
3855+ err |= get_user(nop, (unsigned int *)(addr+8));
3856+ if (err)
3857+ break;
3858+
3859+#ifdef CONFIG_PAX_DLRESOLVE
3860+ if (save == 0x9DE3BFA8U &&
3861+ (call & 0xC0000000U) == 0x40000000U &&
3862+ nop == 0x01000000U)
3863+ {
3864+ struct vm_area_struct *vma;
3865+ unsigned long call_dl_resolve;
3866+
3867+ down_read(&current->mm->mmap_sem);
3868+ call_dl_resolve = current->mm->call_dl_resolve;
3869+ up_read(&current->mm->mmap_sem);
3870+ if (likely(call_dl_resolve))
3871+ goto emulate;
3872+
3873+ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
3874+
3875+ down_write(&current->mm->mmap_sem);
3876+ if (current->mm->call_dl_resolve) {
3877+ call_dl_resolve = current->mm->call_dl_resolve;
3878+ up_write(&current->mm->mmap_sem);
3879+ if (vma)
3880+ kmem_cache_free(vm_area_cachep, vma);
3881+ goto emulate;
3882+ }
3883+
3884+ call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
3885+ if (!vma || (call_dl_resolve & ~PAGE_MASK)) {
3886+ up_write(&current->mm->mmap_sem);
3887+ if (vma)
3888+ kmem_cache_free(vm_area_cachep, vma);
3889+ return 1;
3890+ }
3891+
3892+ if (pax_insert_vma(vma, call_dl_resolve)) {
3893+ up_write(&current->mm->mmap_sem);
3894+ kmem_cache_free(vm_area_cachep, vma);
3895+ return 1;
3896+ }
3897+
3898+ current->mm->call_dl_resolve = call_dl_resolve;
3899+ up_write(&current->mm->mmap_sem);
3900+
3901+emulate:
3902+ regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
3903+ regs->pc = call_dl_resolve;
3904+ regs->npc = addr+4;
3905+ return 3;
3906+ }
3907+#endif
3908+
3909+ /* PaX: glibc 2.4+ generates sethi/jmpl instead of save/call */
3910+ if ((save & 0xFFC00000U) == 0x05000000U &&
3911+ (call & 0xFFFFE000U) == 0x85C0A000U &&
3912+ nop == 0x01000000U)
3913+ {
3914+ regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
3915+ regs->u_regs[UREG_G2] = addr + 4;
3916+ addr = (save & 0x003FFFFFU) << 10;
3917+ addr += (((call | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
3918+ regs->pc = addr;
3919+ regs->npc = addr+4;
3920+ return 3;
3921+ }
3922+ }
3923+ } while (0);
3924+
3925+ do { /* PaX: unpatched PLT emulation step 2 */
3926+ unsigned int save, call, nop;
3927+
3928+ err = get_user(save, (unsigned int *)(regs->pc-4));
3929+ err |= get_user(call, (unsigned int *)regs->pc);
3930+ err |= get_user(nop, (unsigned int *)(regs->pc+4));
3931+ if (err)
3932+ break;
3933+
3934+ if (save == 0x9DE3BFA8U &&
3935+ (call & 0xC0000000U) == 0x40000000U &&
3936+ nop == 0x01000000U)
3937+ {
3938+ unsigned int dl_resolve = regs->pc + ((((call | 0xC0000000U) ^ 0x20000000U) + 0x20000000U) << 2);
3939+
3940+ regs->u_regs[UREG_RETPC] = regs->pc;
3941+ regs->pc = dl_resolve;
3942+ regs->npc = dl_resolve+4;
3943+ return 3;
3944+ }
3945+ } while (0);
3946+#endif
3947+
3948+ return 1;
3949+}
3950+
3951+void pax_report_insns(void *pc, void *sp)
3952+{
3953+ unsigned long i;
3954+
3955+ printk(KERN_ERR "PAX: bytes at PC: ");
3956+ for (i = 0; i < 5; i++) {
3957+ unsigned int c;
3958+ if (get_user(c, (unsigned int *)pc+i))
3959+ printk(KERN_CONT "???????? ");
3960+ else
3961+ printk(KERN_CONT "%08x ", c);
3962+ }
3963+ printk("\n");
3964+}
3965+#endif
3966+
3967 asmlinkage void do_sparc_fault(struct pt_regs *regs, int text_fault, int write,
3968 unsigned long address)
3969 {
3970@@ -231,6 +495,24 @@ good_area:
3971 if(!(vma->vm_flags & VM_WRITE))
3972 goto bad_area;
3973 } else {
3974+
3975+#ifdef CONFIG_PAX_PAGEEXEC
3976+ if ((mm->pax_flags & MF_PAX_PAGEEXEC) && text_fault && !(vma->vm_flags & VM_EXEC)) {
3977+ up_read(&mm->mmap_sem);
3978+ switch (pax_handle_fetch_fault(regs)) {
3979+
3980+#ifdef CONFIG_PAX_EMUPLT
3981+ case 2:
3982+ case 3:
3983+ return;
3984+#endif
3985+
3986+ }
3987+ pax_report_fault(regs, (void *)regs->pc, (void *)regs->u_regs[UREG_FP]);
3988+ do_group_exit(SIGKILL);
3989+ }
3990+#endif
3991+
3992 /* Allow reads even for write-only mappings */
3993 if(!(vma->vm_flags & (VM_READ | VM_EXEC)))
3994 goto bad_area;
3995diff -urNp linux-2.6.32.8/arch/sparc/mm/fault_64.c linux-2.6.32.8/arch/sparc/mm/fault_64.c
3996--- linux-2.6.32.8/arch/sparc/mm/fault_64.c 2010-02-09 07:57:19.000000000 -0500
3997+++ linux-2.6.32.8/arch/sparc/mm/fault_64.c 2010-02-13 21:45:09.868766986 -0500
3998@@ -20,6 +20,9 @@
3999 #include <linux/kprobes.h>
4000 #include <linux/kdebug.h>
4001 #include <linux/percpu.h>
4002+#include <linux/slab.h>
4003+#include <linux/pagemap.h>
4004+#include <linux/compiler.h>
4005
4006 #include <asm/page.h>
4007 #include <asm/pgtable.h>
4008@@ -249,6 +252,416 @@ static void noinline bogus_32bit_fault_a
4009 show_regs(regs);
4010 }
4011
4012+#ifdef CONFIG_PAX_PAGEEXEC
4013+#ifdef CONFIG_PAX_DLRESOLVE
4014+static void pax_emuplt_close(struct vm_area_struct *vma)
4015+{
4016+ vma->vm_mm->call_dl_resolve = 0UL;
4017+}
4018+
4019+static int pax_emuplt_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
4020+{
4021+ unsigned int *kaddr;
4022+
4023+ vmf->page = alloc_page(GFP_HIGHUSER);
4024+ if (!vmf->page)
4025+ return VM_FAULT_OOM;
4026+
4027+ kaddr = kmap(vmf->page);
4028+ memset(kaddr, 0, PAGE_SIZE);
4029+ kaddr[0] = 0x9DE3BFA8U; /* save */
4030+ flush_dcache_page(vmf->page);
4031+ kunmap(vmf->page);
4032+ return VM_FAULT_MAJOR;
4033+}
4034+
4035+static const struct vm_operations_struct pax_vm_ops = {
4036+ .close = pax_emuplt_close,
4037+ .fault = pax_emuplt_fault
4038+};
4039+
4040+static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
4041+{
4042+ int ret;
4043+
4044+ vma->vm_mm = current->mm;
4045+ vma->vm_start = addr;
4046+ vma->vm_end = addr + PAGE_SIZE;
4047+ vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
4048+ vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
4049+ vma->vm_ops = &pax_vm_ops;
4050+
4051+ ret = insert_vm_struct(current->mm, vma);
4052+ if (ret)
4053+ return ret;
4054+
4055+ ++current->mm->total_vm;
4056+ return 0;
4057+}
4058+#endif
4059+
4060+/*
4061+ * PaX: decide what to do with offenders (regs->tpc = fault address)
4062+ *
4063+ * returns 1 when task should be killed
4064+ * 2 when patched PLT trampoline was detected
4065+ * 3 when unpatched PLT trampoline was detected
4066+ */
4067+static int pax_handle_fetch_fault(struct pt_regs *regs)
4068+{
4069+
4070+#ifdef CONFIG_PAX_EMUPLT
4071+ int err;
4072+
4073+ do { /* PaX: patched PLT emulation #1 */
4074+ unsigned int sethi1, sethi2, jmpl;
4075+
4076+ err = get_user(sethi1, (unsigned int *)regs->tpc);
4077+ err |= get_user(sethi2, (unsigned int *)(regs->tpc+4));
4078+ err |= get_user(jmpl, (unsigned int *)(regs->tpc+8));
4079+
4080+ if (err)
4081+ break;
4082+
4083+ if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
4084+ (sethi2 & 0xFFC00000U) == 0x03000000U &&
4085+ (jmpl & 0xFFFFE000U) == 0x81C06000U)
4086+ {
4087+ unsigned long addr;
4088+
4089+ regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10;
4090+ addr = regs->u_regs[UREG_G1];
4091+ addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
4092+
4093+ if (test_thread_flag(TIF_32BIT))
4094+ addr &= 0xFFFFFFFFUL;
4095+
4096+ regs->tpc = addr;
4097+ regs->tnpc = addr+4;
4098+ return 2;
4099+ }
4100+ } while (0);
4101+
4102+ { /* PaX: patched PLT emulation #2 */
4103+ unsigned int ba;
4104+
4105+ err = get_user(ba, (unsigned int *)regs->tpc);
4106+
4107+ if (!err && (ba & 0xFFC00000U) == 0x30800000U) {
4108+ unsigned long addr;
4109+
4110+ addr = regs->tpc + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2);
4111+
4112+ if (test_thread_flag(TIF_32BIT))
4113+ addr &= 0xFFFFFFFFUL;
4114+
4115+ regs->tpc = addr;
4116+ regs->tnpc = addr+4;
4117+ return 2;
4118+ }
4119+ }
4120+
4121+ do { /* PaX: patched PLT emulation #3 */
4122+ unsigned int sethi, jmpl, nop;
4123+
4124+ err = get_user(sethi, (unsigned int *)regs->tpc);
4125+ err |= get_user(jmpl, (unsigned int *)(regs->tpc+4));
4126+ err |= get_user(nop, (unsigned int *)(regs->tpc+8));
4127+
4128+ if (err)
4129+ break;
4130+
4131+ if ((sethi & 0xFFC00000U) == 0x03000000U &&
4132+ (jmpl & 0xFFFFE000U) == 0x81C06000U &&
4133+ nop == 0x01000000U)
4134+ {
4135+ unsigned long addr;
4136+
4137+ addr = (sethi & 0x003FFFFFU) << 10;
4138+ regs->u_regs[UREG_G1] = addr;
4139+ addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
4140+
4141+ if (test_thread_flag(TIF_32BIT))
4142+ addr &= 0xFFFFFFFFUL;
4143+
4144+ regs->tpc = addr;
4145+ regs->tnpc = addr+4;
4146+ return 2;
4147+ }
4148+ } while (0);
4149+
4150+ do { /* PaX: patched PLT emulation #4 */
4151+ unsigned int mov1, call, mov2;
4152+
4153+ err = get_user(mov1, (unsigned int *)regs->tpc);
4154+ err |= get_user(call, (unsigned int *)(regs->tpc+4));
4155+ err |= get_user(mov2, (unsigned int *)(regs->tpc+8));
4156+
4157+ if (err)
4158+ break;
4159+
4160+ if (mov1 == 0x8210000FU &&
4161+ (call & 0xC0000000U) == 0x40000000U &&
4162+ mov2 == 0x9E100001U)
4163+ {
4164+ unsigned long addr;
4165+
4166+ regs->u_regs[UREG_G1] = regs->u_regs[UREG_RETPC];
4167+ addr = regs->tpc + 4 + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2);
4168+
4169+ if (test_thread_flag(TIF_32BIT))
4170+ addr &= 0xFFFFFFFFUL;
4171+
4172+ regs->tpc = addr;
4173+ regs->tnpc = addr+4;
4174+ return 2;
4175+ }
4176+ } while (0);
4177+
4178+ do { /* PaX: patched PLT emulation #5 */
4179+ unsigned int sethi1, sethi2, or1, or2, sllx, jmpl, nop;
4180+
4181+ err = get_user(sethi1, (unsigned int *)regs->tpc);
4182+ err |= get_user(sethi2, (unsigned int *)(regs->tpc+4));
4183+ err |= get_user(or1, (unsigned int *)(regs->tpc+8));
4184+ err |= get_user(or2, (unsigned int *)(regs->tpc+12));
4185+ err |= get_user(sllx, (unsigned int *)(regs->tpc+16));
4186+ err |= get_user(jmpl, (unsigned int *)(regs->tpc+20));
4187+ err |= get_user(nop, (unsigned int *)(regs->tpc+24));
4188+
4189+ if (err)
4190+ break;
4191+
4192+ if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
4193+ (sethi2 & 0xFFC00000U) == 0x0B000000U &&
4194+ (or1 & 0xFFFFE000U) == 0x82106000U &&
4195+ (or2 & 0xFFFFE000U) == 0x8A116000U &&
4196+ sllx == 0x83287020 &&
4197+ jmpl == 0x81C04005U &&
4198+ nop == 0x01000000U)
4199+ {
4200+ unsigned long addr;
4201+
4202+ regs->u_regs[UREG_G1] = ((sethi1 & 0x003FFFFFU) << 10) | (or1 & 0x000003FFU);
4203+ regs->u_regs[UREG_G1] <<= 32;
4204+ regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or2 & 0x000003FFU);
4205+ addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5];
4206+ regs->tpc = addr;
4207+ regs->tnpc = addr+4;
4208+ return 2;
4209+ }
4210+ } while (0);
4211+
4212+ do { /* PaX: patched PLT emulation #6 */
4213+ unsigned int sethi1, sethi2, sllx, or, jmpl, nop;
4214+
4215+ err = get_user(sethi1, (unsigned int *)regs->tpc);
4216+ err |= get_user(sethi2, (unsigned int *)(regs->tpc+4));
4217+ err |= get_user(sllx, (unsigned int *)(regs->tpc+8));
4218+ err |= get_user(or, (unsigned int *)(regs->tpc+12));
4219+ err |= get_user(jmpl, (unsigned int *)(regs->tpc+16));
4220+ err |= get_user(nop, (unsigned int *)(regs->tpc+20));
4221+
4222+ if (err)
4223+ break;
4224+
4225+ if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
4226+ (sethi2 & 0xFFC00000U) == 0x0B000000U &&
4227+ sllx == 0x83287020 &&
4228+ (or & 0xFFFFE000U) == 0x8A116000U &&
4229+ jmpl == 0x81C04005U &&
4230+ nop == 0x01000000U)
4231+ {
4232+ unsigned long addr;
4233+
4234+ regs->u_regs[UREG_G1] = (sethi1 & 0x003FFFFFU) << 10;
4235+ regs->u_regs[UREG_G1] <<= 32;
4236+ regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or & 0x3FFU);
4237+ addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5];
4238+ regs->tpc = addr;
4239+ regs->tnpc = addr+4;
4240+ return 2;
4241+ }
4242+ } while (0);
4243+
4244+ do { /* PaX: unpatched PLT emulation step 1 */
4245+ unsigned int sethi, ba, nop;
4246+
4247+ err = get_user(sethi, (unsigned int *)regs->tpc);
4248+ err |= get_user(ba, (unsigned int *)(regs->tpc+4));
4249+ err |= get_user(nop, (unsigned int *)(regs->tpc+8));
4250+
4251+ if (err)
4252+ break;
4253+
4254+ if ((sethi & 0xFFC00000U) == 0x03000000U &&
4255+ ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) &&
4256+ nop == 0x01000000U)
4257+ {
4258+ unsigned long addr;
4259+ unsigned int save, call;
4260+
4261+ if ((ba & 0xFFC00000U) == 0x30800000U)
4262+ addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2);
4263+ else
4264+ addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
4265+
4266+ if (test_thread_flag(TIF_32BIT))
4267+ addr &= 0xFFFFFFFFUL;
4268+
4269+ err = get_user(save, (unsigned int *)addr);
4270+ err |= get_user(call, (unsigned int *)(addr+4));
4271+ err |= get_user(nop, (unsigned int *)(addr+8));
4272+ if (err)
4273+ break;
4274+
4275+#ifdef CONFIG_PAX_DLRESOLVE
4276+ if (save == 0x9DE3BFA8U &&
4277+ (call & 0xC0000000U) == 0x40000000U &&
4278+ nop == 0x01000000U)
4279+ {
4280+ struct vm_area_struct *vma;
4281+ unsigned long call_dl_resolve;
4282+
4283+ down_read(&current->mm->mmap_sem);
4284+ call_dl_resolve = current->mm->call_dl_resolve;
4285+ up_read(&current->mm->mmap_sem);
4286+ if (likely(call_dl_resolve))
4287+ goto emulate;
4288+
4289+ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
4290+
4291+ down_write(&current->mm->mmap_sem);
4292+ if (current->mm->call_dl_resolve) {
4293+ call_dl_resolve = current->mm->call_dl_resolve;
4294+ up_write(&current->mm->mmap_sem);
4295+ if (vma)
4296+ kmem_cache_free(vm_area_cachep, vma);
4297+ goto emulate;
4298+ }
4299+
4300+ call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
4301+ if (!vma || (call_dl_resolve & ~PAGE_MASK)) {
4302+ up_write(&current->mm->mmap_sem);
4303+ if (vma)
4304+ kmem_cache_free(vm_area_cachep, vma);
4305+ return 1;
4306+ }
4307+
4308+ if (pax_insert_vma(vma, call_dl_resolve)) {
4309+ up_write(&current->mm->mmap_sem);
4310+ kmem_cache_free(vm_area_cachep, vma);
4311+ return 1;
4312+ }
4313+
4314+ current->mm->call_dl_resolve = call_dl_resolve;
4315+ up_write(&current->mm->mmap_sem);
4316+
4317+emulate:
4318+ regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
4319+ regs->tpc = call_dl_resolve;
4320+ regs->tnpc = addr+4;
4321+ return 3;
4322+ }
4323+#endif
4324+
4325+ /* PaX: glibc 2.4+ generates sethi/jmpl instead of save/call */
4326+ if ((save & 0xFFC00000U) == 0x05000000U &&
4327+ (call & 0xFFFFE000U) == 0x85C0A000U &&
4328+ nop == 0x01000000U)
4329+ {
4330+ regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
4331+ regs->u_regs[UREG_G2] = addr + 4;
4332+ addr = (save & 0x003FFFFFU) << 10;
4333+ addr += (((call | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
4334+
4335+ if (test_thread_flag(TIF_32BIT))
4336+ addr &= 0xFFFFFFFFUL;
4337+
4338+ regs->tpc = addr;
4339+ regs->tnpc = addr+4;
4340+ return 3;
4341+ }
4342+ }
4343+ } while (0);
4344+
4345+#ifdef CONFIG_PAX_DLRESOLVE
4346+ do { /* PaX: unpatched PLT emulation step 2 */
4347+ unsigned int save, call, nop;
4348+
4349+ err = get_user(save, (unsigned int *)(regs->tpc-4));
4350+ err |= get_user(call, (unsigned int *)regs->tpc);
4351+ err |= get_user(nop, (unsigned int *)(regs->tpc+4));
4352+ if (err)
4353+ break;
4354+
4355+ if (save == 0x9DE3BFA8U &&
4356+ (call & 0xC0000000U) == 0x40000000U &&
4357+ nop == 0x01000000U)
4358+ {
4359+ unsigned long dl_resolve = regs->tpc + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2);
4360+
4361+ if (test_thread_flag(TIF_32BIT))
4362+ dl_resolve &= 0xFFFFFFFFUL;
4363+
4364+ regs->u_regs[UREG_RETPC] = regs->tpc;
4365+ regs->tpc = dl_resolve;
4366+ regs->tnpc = dl_resolve+4;
4367+ return 3;
4368+ }
4369+ } while (0);
4370+#endif
4371+
4372+ do { /* PaX: patched PLT emulation #7, must be AFTER the unpatched PLT emulation */
4373+ unsigned int sethi, ba, nop;
4374+
4375+ err = get_user(sethi, (unsigned int *)regs->tpc);
4376+ err |= get_user(ba, (unsigned int *)(regs->tpc+4));
4377+ err |= get_user(nop, (unsigned int *)(regs->tpc+8));
4378+
4379+ if (err)
4380+ break;
4381+
4382+ if ((sethi & 0xFFC00000U) == 0x03000000U &&
4383+ (ba & 0xFFF00000U) == 0x30600000U &&
4384+ nop == 0x01000000U)
4385+ {
4386+ unsigned long addr;
4387+
4388+ addr = (sethi & 0x003FFFFFU) << 10;
4389+ regs->u_regs[UREG_G1] = addr;
4390+ addr = regs->tpc + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
4391+
4392+ if (test_thread_flag(TIF_32BIT))
4393+ addr &= 0xFFFFFFFFUL;
4394+
4395+ regs->tpc = addr;
4396+ regs->tnpc = addr+4;
4397+ return 2;
4398+ }
4399+ } while (0);
4400+
4401+#endif
4402+
4403+ return 1;
4404+}
4405+
4406+void pax_report_insns(void *pc, void *sp)
4407+{
4408+ unsigned long i;
4409+
4410+ printk(KERN_ERR "PAX: bytes at PC: ");
4411+ for (i = 0; i < 5; i++) {
4412+ unsigned int c;
4413+ if (get_user(c, (unsigned int *)pc+i))
4414+ printk(KERN_CONT "???????? ");
4415+ else
4416+ printk(KERN_CONT "%08x ", c);
4417+ }
4418+ printk("\n");
4419+}
4420+#endif
4421+
4422 asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
4423 {
4424 struct mm_struct *mm = current->mm;
4425@@ -315,6 +728,29 @@ asmlinkage void __kprobes do_sparc64_fau
4426 if (!vma)
4427 goto bad_area;
4428
4429+#ifdef CONFIG_PAX_PAGEEXEC
4430+ /* PaX: detect ITLB misses on non-exec pages */
4431+ if ((mm->pax_flags & MF_PAX_PAGEEXEC) && vma->vm_start <= address &&
4432+ !(vma->vm_flags & VM_EXEC) && (fault_code & FAULT_CODE_ITLB))
4433+ {
4434+ if (address != regs->tpc)
4435+ goto good_area;
4436+
4437+ up_read(&mm->mmap_sem);
4438+ switch (pax_handle_fetch_fault(regs)) {
4439+
4440+#ifdef CONFIG_PAX_EMUPLT
4441+ case 2:
4442+ case 3:
4443+ return;
4444+#endif
4445+
4446+ }
4447+ pax_report_fault(regs, (void *)regs->tpc, (void *)(regs->u_regs[UREG_FP] + STACK_BIAS));
4448+ do_group_exit(SIGKILL);
4449+ }
4450+#endif
4451+
4452 /* Pure DTLB misses do not tell us whether the fault causing
4453 * load/store/atomic was a write or not, it only says that there
4454 * was no match. So in such a case we (carefully) read the
4455diff -urNp linux-2.6.32.8/arch/sparc/mm/init_32.c linux-2.6.32.8/arch/sparc/mm/init_32.c
4456--- linux-2.6.32.8/arch/sparc/mm/init_32.c 2010-02-09 07:57:19.000000000 -0500
4457+++ linux-2.6.32.8/arch/sparc/mm/init_32.c 2010-02-13 21:45:09.868766986 -0500
4458@@ -317,6 +317,9 @@ extern void device_scan(void);
4459 pgprot_t PAGE_SHARED __read_mostly;
4460 EXPORT_SYMBOL(PAGE_SHARED);
4461
4462+pgprot_t PAGE_SHARED_NOEXEC __read_mostly;
4463+EXPORT_SYMBOL(PAGE_SHARED_NOEXEC);
4464+
4465 void __init paging_init(void)
4466 {
4467 switch(sparc_cpu_model) {
4468@@ -345,17 +348,17 @@ void __init paging_init(void)
4469
4470 /* Initialize the protection map with non-constant, MMU dependent values. */
4471 protection_map[0] = PAGE_NONE;
4472- protection_map[1] = PAGE_READONLY;
4473- protection_map[2] = PAGE_COPY;
4474- protection_map[3] = PAGE_COPY;
4475+ protection_map[1] = PAGE_READONLY_NOEXEC;
4476+ protection_map[2] = PAGE_COPY_NOEXEC;
4477+ protection_map[3] = PAGE_COPY_NOEXEC;
4478 protection_map[4] = PAGE_READONLY;
4479 protection_map[5] = PAGE_READONLY;
4480 protection_map[6] = PAGE_COPY;
4481 protection_map[7] = PAGE_COPY;
4482 protection_map[8] = PAGE_NONE;
4483- protection_map[9] = PAGE_READONLY;
4484- protection_map[10] = PAGE_SHARED;
4485- protection_map[11] = PAGE_SHARED;
4486+ protection_map[9] = PAGE_READONLY_NOEXEC;
4487+ protection_map[10] = PAGE_SHARED_NOEXEC;
4488+ protection_map[11] = PAGE_SHARED_NOEXEC;
4489 protection_map[12] = PAGE_READONLY;
4490 protection_map[13] = PAGE_READONLY;
4491 protection_map[14] = PAGE_SHARED;
4492diff -urNp linux-2.6.32.8/arch/sparc/mm/Makefile linux-2.6.32.8/arch/sparc/mm/Makefile
4493--- linux-2.6.32.8/arch/sparc/mm/Makefile 2010-02-09 07:57:19.000000000 -0500
4494+++ linux-2.6.32.8/arch/sparc/mm/Makefile 2010-02-13 21:45:09.869909278 -0500
4495@@ -2,7 +2,7 @@
4496 #
4497
4498 asflags-y := -ansi
4499-ccflags-y := -Werror
4500+#ccflags-y := -Werror
4501
4502 obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o
4503 obj-y += fault_$(BITS).o
4504diff -urNp linux-2.6.32.8/arch/sparc/mm/srmmu.c linux-2.6.32.8/arch/sparc/mm/srmmu.c
4505--- linux-2.6.32.8/arch/sparc/mm/srmmu.c 2010-02-09 07:57:19.000000000 -0500
4506+++ linux-2.6.32.8/arch/sparc/mm/srmmu.c 2010-02-13 21:45:09.869909278 -0500
4507@@ -2200,6 +2200,13 @@ void __init ld_mmu_srmmu(void)
4508 PAGE_SHARED = pgprot_val(SRMMU_PAGE_SHARED);
4509 BTFIXUPSET_INT(page_copy, pgprot_val(SRMMU_PAGE_COPY));
4510 BTFIXUPSET_INT(page_readonly, pgprot_val(SRMMU_PAGE_RDONLY));
4511+
4512+#ifdef CONFIG_PAX_PAGEEXEC
4513+ PAGE_SHARED_NOEXEC = pgprot_val(SRMMU_PAGE_SHARED_NOEXEC);
4514+ BTFIXUPSET_INT(page_copy_noexec, pgprot_val(SRMMU_PAGE_COPY_NOEXEC));
4515+ BTFIXUPSET_INT(page_readonly_noexec, pgprot_val(SRMMU_PAGE_RDONLY_NOEXEC));
4516+#endif
4517+
4518 BTFIXUPSET_INT(page_kernel, pgprot_val(SRMMU_PAGE_KERNEL));
4519 page_kernel = pgprot_val(SRMMU_PAGE_KERNEL);
4520
4521diff -urNp linux-2.6.32.8/arch/um/include/asm/kmap_types.h linux-2.6.32.8/arch/um/include/asm/kmap_types.h
4522--- linux-2.6.32.8/arch/um/include/asm/kmap_types.h 2010-02-09 07:57:19.000000000 -0500
4523+++ linux-2.6.32.8/arch/um/include/asm/kmap_types.h 2010-02-13 21:45:09.870806418 -0500
4524@@ -23,6 +23,7 @@ enum km_type {
4525 KM_IRQ1,
4526 KM_SOFTIRQ0,
4527 KM_SOFTIRQ1,
4528+ KM_CLEARPAGE,
4529 KM_TYPE_NR
4530 };
4531
4532diff -urNp linux-2.6.32.8/arch/um/include/asm/page.h linux-2.6.32.8/arch/um/include/asm/page.h
4533--- linux-2.6.32.8/arch/um/include/asm/page.h 2010-02-09 07:57:19.000000000 -0500
4534+++ linux-2.6.32.8/arch/um/include/asm/page.h 2010-02-13 21:45:09.870806418 -0500
4535@@ -14,6 +14,9 @@
4536 #define PAGE_SIZE (_AC(1, UL) << PAGE_SHIFT)
4537 #define PAGE_MASK (~(PAGE_SIZE-1))
4538
4539+#define ktla_ktva(addr) (addr)
4540+#define ktva_ktla(addr) (addr)
4541+
4542 #ifndef __ASSEMBLY__
4543
4544 struct page;
4545diff -urNp linux-2.6.32.8/arch/um/sys-i386/syscalls.c linux-2.6.32.8/arch/um/sys-i386/syscalls.c
4546--- linux-2.6.32.8/arch/um/sys-i386/syscalls.c 2010-02-09 07:57:19.000000000 -0500
4547+++ linux-2.6.32.8/arch/um/sys-i386/syscalls.c 2010-02-13 21:45:09.871908799 -0500
4548@@ -11,6 +11,21 @@
4549 #include "asm/uaccess.h"
4550 #include "asm/unistd.h"
4551
4552+int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags)
4553+{
4554+ unsigned long pax_task_size = TASK_SIZE;
4555+
4556+#ifdef CONFIG_PAX_SEGMEXEC
4557+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
4558+ pax_task_size = SEGMEXEC_TASK_SIZE;
4559+#endif
4560+
4561+ if (len > pax_task_size || addr > pax_task_size - len)
4562+ return -EINVAL;
4563+
4564+ return 0;
4565+}
4566+
4567 /*
4568 * Perform the select(nd, in, out, ex, tv) and mmap() system
4569 * calls. Linux/i386 didn't use to be able to handle more than
4570diff -urNp linux-2.6.32.8/arch/x86/boot/bitops.h linux-2.6.32.8/arch/x86/boot/bitops.h
4571--- linux-2.6.32.8/arch/x86/boot/bitops.h 2010-02-09 07:57:19.000000000 -0500
4572+++ linux-2.6.32.8/arch/x86/boot/bitops.h 2010-02-13 21:45:09.871908799 -0500
4573@@ -26,7 +26,7 @@ static inline int variable_test_bit(int
4574 u8 v;
4575 const u32 *p = (const u32 *)addr;
4576
4577- asm("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
4578+ asm volatile("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
4579 return v;
4580 }
4581
4582@@ -37,7 +37,7 @@ static inline int variable_test_bit(int
4583
4584 static inline void set_bit(int nr, void *addr)
4585 {
4586- asm("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
4587+ asm volatile("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
4588 }
4589
4590 #endif /* BOOT_BITOPS_H */
4591diff -urNp linux-2.6.32.8/arch/x86/boot/boot.h linux-2.6.32.8/arch/x86/boot/boot.h
4592--- linux-2.6.32.8/arch/x86/boot/boot.h 2010-02-09 07:57:19.000000000 -0500
4593+++ linux-2.6.32.8/arch/x86/boot/boot.h 2010-02-13 21:45:09.871908799 -0500
4594@@ -82,7 +82,7 @@ static inline void io_delay(void)
4595 static inline u16 ds(void)
4596 {
4597 u16 seg;
4598- asm("movw %%ds,%0" : "=rm" (seg));
4599+ asm volatile("movw %%ds,%0" : "=rm" (seg));
4600 return seg;
4601 }
4602
4603@@ -178,7 +178,7 @@ static inline void wrgs32(u32 v, addr_t
4604 static inline int memcmp(const void *s1, const void *s2, size_t len)
4605 {
4606 u8 diff;
4607- asm("repe; cmpsb; setnz %0"
4608+ asm volatile("repe; cmpsb; setnz %0"
4609 : "=qm" (diff), "+D" (s1), "+S" (s2), "+c" (len));
4610 return diff;
4611 }
4612diff -urNp linux-2.6.32.8/arch/x86/boot/compressed/head_32.S linux-2.6.32.8/arch/x86/boot/compressed/head_32.S
4613--- linux-2.6.32.8/arch/x86/boot/compressed/head_32.S 2010-02-09 07:57:19.000000000 -0500
4614+++ linux-2.6.32.8/arch/x86/boot/compressed/head_32.S 2010-02-13 21:45:09.871908799 -0500
4615@@ -76,7 +76,7 @@ ENTRY(startup_32)
4616 notl %eax
4617 andl %eax, %ebx
4618 #else
4619- movl $LOAD_PHYSICAL_ADDR, %ebx
4620+ movl $____LOAD_PHYSICAL_ADDR, %ebx
4621 #endif
4622
4623 /* Target address to relocate to for decompression */
4624@@ -149,7 +149,7 @@ relocated:
4625 * and where it was actually loaded.
4626 */
4627 movl %ebp, %ebx
4628- subl $LOAD_PHYSICAL_ADDR, %ebx
4629+ subl $____LOAD_PHYSICAL_ADDR, %ebx
4630 jz 2f /* Nothing to be done if loaded at compiled addr. */
4631 /*
4632 * Process relocations.
4633@@ -157,8 +157,7 @@ relocated:
4634
4635 1: subl $4, %edi
4636 movl (%edi), %ecx
4637- testl %ecx, %ecx
4638- jz 2f
4639+ jecxz 2f
4640 addl %ebx, -__PAGE_OFFSET(%ebx, %ecx)
4641 jmp 1b
4642 2:
4643diff -urNp linux-2.6.32.8/arch/x86/boot/compressed/head_64.S linux-2.6.32.8/arch/x86/boot/compressed/head_64.S
4644--- linux-2.6.32.8/arch/x86/boot/compressed/head_64.S 2010-02-09 07:57:19.000000000 -0500
4645+++ linux-2.6.32.8/arch/x86/boot/compressed/head_64.S 2010-02-13 21:45:09.871908799 -0500
4646@@ -91,7 +91,7 @@ ENTRY(startup_32)
4647 notl %eax
4648 andl %eax, %ebx
4649 #else
4650- movl $LOAD_PHYSICAL_ADDR, %ebx
4651+ movl $____LOAD_PHYSICAL_ADDR, %ebx
4652 #endif
4653
4654 /* Target address to relocate to for decompression */
4655@@ -234,7 +234,7 @@ ENTRY(startup_64)
4656 notq %rax
4657 andq %rax, %rbp
4658 #else
4659- movq $LOAD_PHYSICAL_ADDR, %rbp
4660+ movq $____LOAD_PHYSICAL_ADDR, %rbp
4661 #endif
4662
4663 /* Target address to relocate to for decompression */
4664diff -urNp linux-2.6.32.8/arch/x86/boot/compressed/misc.c linux-2.6.32.8/arch/x86/boot/compressed/misc.c
4665--- linux-2.6.32.8/arch/x86/boot/compressed/misc.c 2010-02-09 07:57:19.000000000 -0500
4666+++ linux-2.6.32.8/arch/x86/boot/compressed/misc.c 2010-02-13 21:45:09.871908799 -0500
4667@@ -288,7 +288,7 @@ static void parse_elf(void *output)
4668 case PT_LOAD:
4669 #ifdef CONFIG_RELOCATABLE
4670 dest = output;
4671- dest += (phdr->p_paddr - LOAD_PHYSICAL_ADDR);
4672+ dest += (phdr->p_paddr - ____LOAD_PHYSICAL_ADDR);
4673 #else
4674 dest = (void *)(phdr->p_paddr);
4675 #endif
4676@@ -335,7 +335,7 @@ asmlinkage void decompress_kernel(void *
4677 error("Destination address too large");
4678 #endif
4679 #ifndef CONFIG_RELOCATABLE
4680- if ((unsigned long)output != LOAD_PHYSICAL_ADDR)
4681+ if ((unsigned long)output != ____LOAD_PHYSICAL_ADDR)
4682 error("Wrong destination address");
4683 #endif
4684
4685diff -urNp linux-2.6.32.8/arch/x86/boot/compressed/mkpiggy.c linux-2.6.32.8/arch/x86/boot/compressed/mkpiggy.c
4686--- linux-2.6.32.8/arch/x86/boot/compressed/mkpiggy.c 2010-02-09 07:57:19.000000000 -0500
4687+++ linux-2.6.32.8/arch/x86/boot/compressed/mkpiggy.c 2010-02-13 21:45:09.872920514 -0500
4688@@ -74,7 +74,7 @@ int main(int argc, char *argv[])
4689
4690 offs = (olen > ilen) ? olen - ilen : 0;
4691 offs += olen >> 12; /* Add 8 bytes for each 32K block */
4692- offs += 32*1024 + 18; /* Add 32K + 18 bytes slack */
4693+ offs += 64*1024; /* Add 64K bytes slack */
4694 offs = (offs+4095) & ~4095; /* Round to a 4K boundary */
4695
4696 printf(".section \".rodata.compressed\",\"a\",@progbits\n");
4697diff -urNp linux-2.6.32.8/arch/x86/boot/compressed/relocs.c linux-2.6.32.8/arch/x86/boot/compressed/relocs.c
4698--- linux-2.6.32.8/arch/x86/boot/compressed/relocs.c 2010-02-09 07:57:19.000000000 -0500
4699+++ linux-2.6.32.8/arch/x86/boot/compressed/relocs.c 2010-02-13 21:45:09.872920514 -0500
4700@@ -10,8 +10,11 @@
4701 #define USE_BSD
4702 #include <endian.h>
4703
4704+#include "../../../../include/linux/autoconf.h"
4705+
4706 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
4707 static Elf32_Ehdr ehdr;
4708+static Elf32_Phdr *phdr;
4709 static unsigned long reloc_count, reloc_idx;
4710 static unsigned long *relocs;
4711
4712@@ -37,7 +40,7 @@ static const char* safe_abs_relocs[] = {
4713
4714 static int is_safe_abs_reloc(const char* sym_name)
4715 {
4716- int i;
4717+ unsigned int i;
4718
4719 for (i = 0; i < ARRAY_SIZE(safe_abs_relocs); i++) {
4720 if (!strcmp(sym_name, safe_abs_relocs[i]))
4721@@ -245,9 +248,39 @@ static void read_ehdr(FILE *fp)
4722 }
4723 }
4724
4725+static void read_phdrs(FILE *fp)
4726+{
4727+ unsigned int i;
4728+
4729+ phdr = calloc(ehdr.e_phnum, sizeof(Elf32_Phdr));
4730+ if (!phdr) {
4731+ die("Unable to allocate %d program headers\n",
4732+ ehdr.e_phnum);
4733+ }
4734+ if (fseek(fp, ehdr.e_phoff, SEEK_SET) < 0) {
4735+ die("Seek to %d failed: %s\n",
4736+ ehdr.e_phoff, strerror(errno));
4737+ }
4738+ if (fread(phdr, sizeof(*phdr), ehdr.e_phnum, fp) != ehdr.e_phnum) {
4739+ die("Cannot read ELF program headers: %s\n",
4740+ strerror(errno));
4741+ }
4742+ for(i = 0; i < ehdr.e_phnum; i++) {
4743+ phdr[i].p_type = elf32_to_cpu(phdr[i].p_type);
4744+ phdr[i].p_offset = elf32_to_cpu(phdr[i].p_offset);
4745+ phdr[i].p_vaddr = elf32_to_cpu(phdr[i].p_vaddr);
4746+ phdr[i].p_paddr = elf32_to_cpu(phdr[i].p_paddr);
4747+ phdr[i].p_filesz = elf32_to_cpu(phdr[i].p_filesz);
4748+ phdr[i].p_memsz = elf32_to_cpu(phdr[i].p_memsz);
4749+ phdr[i].p_flags = elf32_to_cpu(phdr[i].p_flags);
4750+ phdr[i].p_align = elf32_to_cpu(phdr[i].p_align);
4751+ }
4752+
4753+}
4754+
4755 static void read_shdrs(FILE *fp)
4756 {
4757- int i;
4758+ unsigned int i;
4759 Elf32_Shdr shdr;
4760
4761 secs = calloc(ehdr.e_shnum, sizeof(struct section));
4762@@ -282,7 +315,7 @@ static void read_shdrs(FILE *fp)
4763
4764 static void read_strtabs(FILE *fp)
4765 {
4766- int i;
4767+ unsigned int i;
4768 for (i = 0; i < ehdr.e_shnum; i++) {
4769 struct section *sec = &secs[i];
4770 if (sec->shdr.sh_type != SHT_STRTAB) {
4771@@ -307,7 +340,7 @@ static void read_strtabs(FILE *fp)
4772
4773 static void read_symtabs(FILE *fp)
4774 {
4775- int i,j;
4776+ unsigned int i,j;
4777 for (i = 0; i < ehdr.e_shnum; i++) {
4778 struct section *sec = &secs[i];
4779 if (sec->shdr.sh_type != SHT_SYMTAB) {
4780@@ -340,7 +373,9 @@ static void read_symtabs(FILE *fp)
4781
4782 static void read_relocs(FILE *fp)
4783 {
4784- int i,j;
4785+ unsigned int i,j;
4786+ uint32_t base;
4787+
4788 for (i = 0; i < ehdr.e_shnum; i++) {
4789 struct section *sec = &secs[i];
4790 if (sec->shdr.sh_type != SHT_REL) {
4791@@ -360,9 +395,18 @@ static void read_relocs(FILE *fp)
4792 die("Cannot read symbol table: %s\n",
4793 strerror(errno));
4794 }
4795+ base = 0;
4796+ for (j = 0; j < ehdr.e_phnum; j++) {
4797+ if (phdr[j].p_type != PT_LOAD )
4798+ continue;
4799+ if (secs[sec->shdr.sh_info].shdr.sh_offset < phdr[j].p_offset || secs[sec->shdr.sh_info].shdr.sh_offset >= phdr[j].p_offset + phdr[j].p_filesz)
4800+ continue;
4801+ base = CONFIG_PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr;
4802+ break;
4803+ }
4804 for (j = 0; j < sec->shdr.sh_size/sizeof(Elf32_Rel); j++) {
4805 Elf32_Rel *rel = &sec->reltab[j];
4806- rel->r_offset = elf32_to_cpu(rel->r_offset);
4807+ rel->r_offset = elf32_to_cpu(rel->r_offset) + base;
4808 rel->r_info = elf32_to_cpu(rel->r_info);
4809 }
4810 }
4811@@ -371,14 +415,14 @@ static void read_relocs(FILE *fp)
4812
4813 static void print_absolute_symbols(void)
4814 {
4815- int i;
4816+ unsigned int i;
4817 printf("Absolute symbols\n");
4818 printf(" Num: Value Size Type Bind Visibility Name\n");
4819 for (i = 0; i < ehdr.e_shnum; i++) {
4820 struct section *sec = &secs[i];
4821 char *sym_strtab;
4822 Elf32_Sym *sh_symtab;
4823- int j;
4824+ unsigned int j;
4825
4826 if (sec->shdr.sh_type != SHT_SYMTAB) {
4827 continue;
4828@@ -406,14 +450,14 @@ static void print_absolute_symbols(void)
4829
4830 static void print_absolute_relocs(void)
4831 {
4832- int i, printed = 0;
4833+ unsigned int i, printed = 0;
4834
4835 for (i = 0; i < ehdr.e_shnum; i++) {
4836 struct section *sec = &secs[i];
4837 struct section *sec_applies, *sec_symtab;
4838 char *sym_strtab;
4839 Elf32_Sym *sh_symtab;
4840- int j;
4841+ unsigned int j;
4842 if (sec->shdr.sh_type != SHT_REL) {
4843 continue;
4844 }
4845@@ -474,13 +518,13 @@ static void print_absolute_relocs(void)
4846
4847 static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym))
4848 {
4849- int i;
4850+ unsigned int i;
4851 /* Walk through the relocations */
4852 for (i = 0; i < ehdr.e_shnum; i++) {
4853 char *sym_strtab;
4854 Elf32_Sym *sh_symtab;
4855 struct section *sec_applies, *sec_symtab;
4856- int j;
4857+ unsigned int j;
4858 struct section *sec = &secs[i];
4859
4860 if (sec->shdr.sh_type != SHT_REL) {
4861@@ -504,6 +548,21 @@ static void walk_relocs(void (*visit)(El
4862 if (sym->st_shndx == SHN_ABS) {
4863 continue;
4864 }
4865+ /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */
4866+ if (!strcmp(sec_name(sym->st_shndx), ".data.percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load"))
4867+ continue;
4868+
4869+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32)
4870+ /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */
4871+ if (!strcmp(sec_name(sym->st_shndx), ".data") && !strcmp(sym_name(sym_strtab, sym), "_etext"))
4872+ continue;
4873+ if (!strcmp(sec_name(sym->st_shndx), ".init.text"))
4874+ continue;
4875+ if (!strcmp(sec_name(sym->st_shndx), ".exit.text"))
4876+ continue;
4877+ if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR"))
4878+ continue;
4879+#endif
4880 if (r_type == R_386_NONE || r_type == R_386_PC32) {
4881 /*
4882 * NONE can be ignored and and PC relative
4883@@ -541,7 +600,7 @@ static int cmp_relocs(const void *va, co
4884
4885 static void emit_relocs(int as_text)
4886 {
4887- int i;
4888+ unsigned int i;
4889 /* Count how many relocations I have and allocate space for them. */
4890 reloc_count = 0;
4891 walk_relocs(count_reloc);
4892@@ -634,6 +693,7 @@ int main(int argc, char **argv)
4893 fname, strerror(errno));
4894 }
4895 read_ehdr(fp);
4896+ read_phdrs(fp);
4897 read_shdrs(fp);
4898 read_strtabs(fp);
4899 read_symtabs(fp);
4900diff -urNp linux-2.6.32.8/arch/x86/boot/cpucheck.c linux-2.6.32.8/arch/x86/boot/cpucheck.c
4901--- linux-2.6.32.8/arch/x86/boot/cpucheck.c 2010-02-09 07:57:19.000000000 -0500
4902+++ linux-2.6.32.8/arch/x86/boot/cpucheck.c 2010-02-13 21:45:09.873557512 -0500
4903@@ -74,7 +74,7 @@ static int has_fpu(void)
4904 u16 fcw = -1, fsw = -1;
4905 u32 cr0;
4906
4907- asm("movl %%cr0,%0" : "=r" (cr0));
4908+ asm volatile("movl %%cr0,%0" : "=r" (cr0));
4909 if (cr0 & (X86_CR0_EM|X86_CR0_TS)) {
4910 cr0 &= ~(X86_CR0_EM|X86_CR0_TS);
4911 asm volatile("movl %0,%%cr0" : : "r" (cr0));
4912@@ -90,7 +90,7 @@ static int has_eflag(u32 mask)
4913 {
4914 u32 f0, f1;
4915
4916- asm("pushfl ; "
4917+ asm volatile("pushfl ; "
4918 "pushfl ; "
4919 "popl %0 ; "
4920 "movl %0,%1 ; "
4921@@ -115,7 +115,7 @@ static void get_flags(void)
4922 set_bit(X86_FEATURE_FPU, cpu.flags);
4923
4924 if (has_eflag(X86_EFLAGS_ID)) {
4925- asm("cpuid"
4926+ asm volatile("cpuid"
4927 : "=a" (max_intel_level),
4928 "=b" (cpu_vendor[0]),
4929 "=d" (cpu_vendor[1]),
4930@@ -124,7 +124,7 @@ static void get_flags(void)
4931
4932 if (max_intel_level >= 0x00000001 &&
4933 max_intel_level <= 0x0000ffff) {
4934- asm("cpuid"
4935+ asm volatile("cpuid"
4936 : "=a" (tfms),
4937 "=c" (cpu.flags[4]),
4938 "=d" (cpu.flags[0])
4939@@ -136,7 +136,7 @@ static void get_flags(void)
4940 cpu.model += ((tfms >> 16) & 0xf) << 4;
4941 }
4942
4943- asm("cpuid"
4944+ asm volatile("cpuid"
4945 : "=a" (max_amd_level)
4946 : "a" (0x80000000)
4947 : "ebx", "ecx", "edx");
4948@@ -144,7 +144,7 @@ static void get_flags(void)
4949 if (max_amd_level >= 0x80000001 &&
4950 max_amd_level <= 0x8000ffff) {
4951 u32 eax = 0x80000001;
4952- asm("cpuid"
4953+ asm volatile("cpuid"
4954 : "+a" (eax),
4955 "=c" (cpu.flags[6]),
4956 "=d" (cpu.flags[1])
4957@@ -203,9 +203,9 @@ int check_cpu(int *cpu_level_ptr, int *r
4958 u32 ecx = MSR_K7_HWCR;
4959 u32 eax, edx;
4960
4961- asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
4962+ asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
4963 eax &= ~(1 << 15);
4964- asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
4965+ asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
4966
4967 get_flags(); /* Make sure it really did something */
4968 err = check_flags();
4969@@ -218,9 +218,9 @@ int check_cpu(int *cpu_level_ptr, int *r
4970 u32 ecx = MSR_VIA_FCR;
4971 u32 eax, edx;
4972
4973- asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
4974+ asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
4975 eax |= (1<<1)|(1<<7);
4976- asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
4977+ asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
4978
4979 set_bit(X86_FEATURE_CX8, cpu.flags);
4980 err = check_flags();
4981@@ -231,12 +231,12 @@ int check_cpu(int *cpu_level_ptr, int *r
4982 u32 eax, edx;
4983 u32 level = 1;
4984
4985- asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
4986- asm("wrmsr" : : "a" (~0), "d" (edx), "c" (ecx));
4987- asm("cpuid"
4988+ asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
4989+ asm volatile("wrmsr" : : "a" (~0), "d" (edx), "c" (ecx));
4990+ asm volatile("cpuid"
4991 : "+a" (level), "=d" (cpu.flags[0])
4992 : : "ecx", "ebx");
4993- asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
4994+ asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
4995
4996 err = check_flags();
4997 }
4998diff -urNp linux-2.6.32.8/arch/x86/boot/header.S linux-2.6.32.8/arch/x86/boot/header.S
4999--- linux-2.6.32.8/arch/x86/boot/header.S 2010-02-09 07:57:19.000000000 -0500
5000+++ linux-2.6.32.8/arch/x86/boot/header.S 2010-02-13 21:45:09.873557512 -0500
5001@@ -224,7 +224,7 @@ setup_data: .quad 0 # 64-bit physical
5002 # single linked list of
5003 # struct setup_data
5004
5005-pref_address: .quad LOAD_PHYSICAL_ADDR # preferred load addr
5006+pref_address: .quad ____LOAD_PHYSICAL_ADDR # preferred load addr
5007
5008 #define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_extract_offset)
5009 #define VO_INIT_SIZE (VO__end - VO__text)
5010diff -urNp linux-2.6.32.8/arch/x86/boot/video-vesa.c linux-2.6.32.8/arch/x86/boot/video-vesa.c
5011--- linux-2.6.32.8/arch/x86/boot/video-vesa.c 2010-02-09 07:57:19.000000000 -0500
5012+++ linux-2.6.32.8/arch/x86/boot/video-vesa.c 2010-02-13 21:45:09.873557512 -0500
5013@@ -200,6 +200,7 @@ static void vesa_store_pm_info(void)
5014
5015 boot_params.screen_info.vesapm_seg = oreg.es;
5016 boot_params.screen_info.vesapm_off = oreg.di;
5017+ boot_params.screen_info.vesapm_size = oreg.cx;
5018 }
5019
5020 /*
5021diff -urNp linux-2.6.32.8/arch/x86/ia32/ia32_signal.c linux-2.6.32.8/arch/x86/ia32/ia32_signal.c
5022--- linux-2.6.32.8/arch/x86/ia32/ia32_signal.c 2010-02-09 07:57:19.000000000 -0500
5023+++ linux-2.6.32.8/arch/x86/ia32/ia32_signal.c 2010-02-13 21:45:09.873557512 -0500
5024@@ -403,7 +403,7 @@ static void __user *get_sigframe(struct
5025 sp -= frame_size;
5026 /* Align the stack pointer according to the i386 ABI,
5027 * i.e. so that on function entry ((sp + 4) & 15) == 0. */
5028- sp = ((sp + 4) & -16ul) - 4;
5029+ sp = ((sp - 12) & -16ul) - 4;
5030 return (void __user *) sp;
5031 }
5032
5033@@ -503,7 +503,7 @@ int ia32_setup_rt_frame(int sig, struct
5034 0xb8,
5035 __NR_ia32_rt_sigreturn,
5036 0x80cd,
5037- 0,
5038+ 0
5039 };
5040
5041 frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate);
5042diff -urNp linux-2.6.32.8/arch/x86/include/asm/alternative.h linux-2.6.32.8/arch/x86/include/asm/alternative.h
5043--- linux-2.6.32.8/arch/x86/include/asm/alternative.h 2010-02-09 07:57:19.000000000 -0500
5044+++ linux-2.6.32.8/arch/x86/include/asm/alternative.h 2010-02-13 21:45:09.873557512 -0500
5045@@ -85,7 +85,7 @@ static inline void alternatives_smp_swit
5046 " .byte 662b-661b\n" /* sourcelen */ \
5047 " .byte 664f-663f\n" /* replacementlen */ \
5048 ".previous\n" \
5049- ".section .altinstr_replacement, \"ax\"\n" \
5050+ ".section .altinstr_replacement, \"a\"\n" \
5051 "663:\n\t" newinstr "\n664:\n" /* replacement */ \
5052 ".previous"
5053
5054diff -urNp linux-2.6.32.8/arch/x86/include/asm/apm.h linux-2.6.32.8/arch/x86/include/asm/apm.h
5055--- linux-2.6.32.8/arch/x86/include/asm/apm.h 2010-02-09 07:57:19.000000000 -0500
5056+++ linux-2.6.32.8/arch/x86/include/asm/apm.h 2010-02-13 21:45:09.873557512 -0500
5057@@ -34,7 +34,7 @@ static inline void apm_bios_call_asm(u32
5058 __asm__ __volatile__(APM_DO_ZERO_SEGS
5059 "pushl %%edi\n\t"
5060 "pushl %%ebp\n\t"
5061- "lcall *%%cs:apm_bios_entry\n\t"
5062+ "lcall *%%ss:apm_bios_entry\n\t"
5063 "setc %%al\n\t"
5064 "popl %%ebp\n\t"
5065 "popl %%edi\n\t"
5066@@ -58,7 +58,7 @@ static inline u8 apm_bios_call_simple_as
5067 __asm__ __volatile__(APM_DO_ZERO_SEGS
5068 "pushl %%edi\n\t"
5069 "pushl %%ebp\n\t"
5070- "lcall *%%cs:apm_bios_entry\n\t"
5071+ "lcall *%%ss:apm_bios_entry\n\t"
5072 "setc %%bl\n\t"
5073 "popl %%ebp\n\t"
5074 "popl %%edi\n\t"
5075diff -urNp linux-2.6.32.8/arch/x86/include/asm/atomic_32.h linux-2.6.32.8/arch/x86/include/asm/atomic_32.h
5076--- linux-2.6.32.8/arch/x86/include/asm/atomic_32.h 2010-02-09 07:57:19.000000000 -0500
5077+++ linux-2.6.32.8/arch/x86/include/asm/atomic_32.h 2010-02-13 21:45:09.874879408 -0500
5078@@ -25,6 +25,17 @@ static inline int atomic_read(const atom
5079 }
5080
5081 /**
5082+ * atomic_read_unchecked - read atomic variable
5083+ * @v: pointer of type atomic_unchecked_t
5084+ *
5085+ * Atomically reads the value of @v.
5086+ */
5087+static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
5088+{
5089+ return v->counter;
5090+}
5091+
5092+/**
5093 * atomic_set - set atomic variable
5094 * @v: pointer of type atomic_t
5095 * @i: required value
5096@@ -37,6 +48,18 @@ static inline void atomic_set(atomic_t *
5097 }
5098
5099 /**
5100+ * atomic_set_unchecked - set atomic variable
5101+ * @v: pointer of type atomic_unchecked_t
5102+ * @i: required value
5103+ *
5104+ * Atomically sets the value of @v to @i.
5105+ */
5106+static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
5107+{
5108+ v->counter = i;
5109+}
5110+
5111+/**
5112 * atomic_add - add integer to atomic variable
5113 * @i: integer value to add
5114 * @v: pointer of type atomic_t
5115@@ -45,7 +68,29 @@ static inline void atomic_set(atomic_t *
5116 */
5117 static inline void atomic_add(int i, atomic_t *v)
5118 {
5119- asm volatile(LOCK_PREFIX "addl %1,%0"
5120+ asm volatile(LOCK_PREFIX "addl %1,%0\n"
5121+
5122+#ifdef CONFIG_PAX_REFCOUNT
5123+ "jno 0f\n"
5124+ LOCK_PREFIX "subl %1,%0\n"
5125+ "into\n0:\n"
5126+ _ASM_EXTABLE(0b, 0b)
5127+#endif
5128+
5129+ : "+m" (v->counter)
5130+ : "ir" (i));
5131+}
5132+
5133+/**
5134+ * atomic_add_unchecked - add integer to atomic variable
5135+ * @i: integer value to add
5136+ * @v: pointer of type atomic_unchecked_t
5137+ *
5138+ * Atomically adds @i to @v.
5139+ */
5140+static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
5141+{
5142+ asm volatile(LOCK_PREFIX "addl %1,%0\n"
5143 : "+m" (v->counter)
5144 : "ir" (i));
5145 }
5146@@ -59,7 +104,29 @@ static inline void atomic_add(int i, ato
5147 */
5148 static inline void atomic_sub(int i, atomic_t *v)
5149 {
5150- asm volatile(LOCK_PREFIX "subl %1,%0"
5151+ asm volatile(LOCK_PREFIX "subl %1,%0\n"
5152+
5153+#ifdef CONFIG_PAX_REFCOUNT
5154+ "jno 0f\n"
5155+ LOCK_PREFIX "addl %1,%0\n"
5156+ "into\n0:\n"
5157+ _ASM_EXTABLE(0b, 0b)
5158+#endif
5159+
5160+ : "+m" (v->counter)
5161+ : "ir" (i));
5162+}
5163+
5164+/**
5165+ * atomic_sub_unchecked - subtract integer from atomic variable
5166+ * @i: integer value to subtract
5167+ * @v: pointer of type atomic_t
5168+ *
5169+ * Atomically subtracts @i from @v.
5170+ */
5171+static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
5172+{
5173+ asm volatile(LOCK_PREFIX "subl %1,%0\n"
5174 : "+m" (v->counter)
5175 : "ir" (i));
5176 }
5177@@ -77,7 +144,16 @@ static inline int atomic_sub_and_test(in
5178 {
5179 unsigned char c;
5180
5181- asm volatile(LOCK_PREFIX "subl %2,%0; sete %1"
5182+ asm volatile(LOCK_PREFIX "subl %2,%0\n"
5183+
5184+#ifdef CONFIG_PAX_REFCOUNT
5185+ "jno 0f\n"
5186+ LOCK_PREFIX "addl %2,%0\n"
5187+ "into\n0:\n"
5188+ _ASM_EXTABLE(0b, 0b)
5189+#endif
5190+
5191+ "sete %1\n"
5192 : "+m" (v->counter), "=qm" (c)
5193 : "ir" (i) : "memory");
5194 return c;
5195@@ -91,7 +167,30 @@ static inline int atomic_sub_and_test(in
5196 */
5197 static inline void atomic_inc(atomic_t *v)
5198 {
5199- asm volatile(LOCK_PREFIX "incl %0"
5200+ asm volatile(LOCK_PREFIX "incl %0\n"
5201+
5202+#ifdef CONFIG_PAX_REFCOUNT
5203+ "into\n0:\n"
5204+ ".pushsection .fixup,\"ax\"\n"
5205+ "1:\n"
5206+ LOCK_PREFIX "decl %0\n"
5207+ "jmp 0b\n"
5208+ ".popsection\n"
5209+ _ASM_EXTABLE(0b, 1b)
5210+#endif
5211+
5212+ : "+m" (v->counter));
5213+}
5214+
5215+/**
5216+ * atomic_inc_unchecked - increment atomic variable
5217+ * @v: pointer of type atomic_unchecked_t
5218+ *
5219+ * Atomically increments @v by 1.
5220+ */
5221+static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
5222+{
5223+ asm volatile(LOCK_PREFIX "incl %0\n"
5224 : "+m" (v->counter));
5225 }
5226
5227@@ -103,7 +202,18 @@ static inline void atomic_inc(atomic_t *
5228 */
5229 static inline void atomic_dec(atomic_t *v)
5230 {
5231- asm volatile(LOCK_PREFIX "decl %0"
5232+ asm volatile(LOCK_PREFIX "decl %0\n"
5233+
5234+#ifdef CONFIG_PAX_REFCOUNT
5235+ "into\n0:\n"
5236+ ".pushsection .fixup,\"ax\"\n"
5237+ "1: \n"
5238+ LOCK_PREFIX "incl %0\n"
5239+ "jmp 0b\n"
5240+ ".popsection\n"
5241+ _ASM_EXTABLE(0b, 1b)
5242+#endif
5243+
5244 : "+m" (v->counter));
5245 }
5246
5247@@ -119,7 +229,19 @@ static inline int atomic_dec_and_test(at
5248 {
5249 unsigned char c;
5250
5251- asm volatile(LOCK_PREFIX "decl %0; sete %1"
5252+ asm volatile(LOCK_PREFIX "decl %0\n"
5253+
5254+#ifdef CONFIG_PAX_REFCOUNT
5255+ "into\n0:\n"
5256+ ".pushsection .fixup,\"ax\"\n"
5257+ "1: \n"
5258+ LOCK_PREFIX "incl %0\n"
5259+ "jmp 0b\n"
5260+ ".popsection\n"
5261+ _ASM_EXTABLE(0b, 1b)
5262+#endif
5263+
5264+ "sete %1\n"
5265 : "+m" (v->counter), "=qm" (c)
5266 : : "memory");
5267 return c != 0;
5268@@ -137,7 +259,19 @@ static inline int atomic_inc_and_test(at
5269 {
5270 unsigned char c;
5271
5272- asm volatile(LOCK_PREFIX "incl %0; sete %1"
5273+ asm volatile(LOCK_PREFIX "incl %0\n"
5274+
5275+#ifdef CONFIG_PAX_REFCOUNT
5276+ "into\n0:\n"
5277+ ".pushsection .fixup,\"ax\"\n"
5278+ "1: \n"
5279+ LOCK_PREFIX "decl %0\n"
5280+ "jmp 0b\n"
5281+ ".popsection\n"
5282+ _ASM_EXTABLE(0b, 1b)
5283+#endif
5284+
5285+ "sete %1\n"
5286 : "+m" (v->counter), "=qm" (c)
5287 : : "memory");
5288 return c != 0;
5289@@ -156,7 +290,16 @@ static inline int atomic_add_negative(in
5290 {
5291 unsigned char c;
5292
5293- asm volatile(LOCK_PREFIX "addl %2,%0; sets %1"
5294+ asm volatile(LOCK_PREFIX "addl %2,%0\n"
5295+
5296+#ifdef CONFIG_PAX_REFCOUNT
5297+ "jno 0f\n"
5298+ LOCK_PREFIX "subl %2,%0\n"
5299+ "into\n0:\n"
5300+ _ASM_EXTABLE(0b, 0b)
5301+#endif
5302+
5303+ "sets %1\n"
5304 : "+m" (v->counter), "=qm" (c)
5305 : "ir" (i) : "memory");
5306 return c;
5307@@ -179,6 +322,46 @@ static inline int atomic_add_return(int
5308 #endif
5309 /* Modern 486+ processor */
5310 __i = i;
5311+ asm volatile(LOCK_PREFIX "xaddl %0, %1\n"
5312+
5313+#ifdef CONFIG_PAX_REFCOUNT
5314+ "jno 0f\n"
5315+ "movl %0, %1\n"
5316+ "into\n0:\n"
5317+ _ASM_EXTABLE(0b, 0b)
5318+#endif
5319+
5320+ : "+r" (i), "+m" (v->counter)
5321+ : : "memory");
5322+ return i + __i;
5323+
5324+#ifdef CONFIG_M386
5325+no_xadd: /* Legacy 386 processor */
5326+ local_irq_save(flags);
5327+ __i = atomic_read(v);
5328+ atomic_set(v, i + __i);
5329+ local_irq_restore(flags);
5330+ return i + __i;
5331+#endif
5332+}
5333+
5334+/**
5335+ * atomic_add_return_unchecked - add integer and return
5336+ * @v: pointer of type atomic_unchecked_t
5337+ * @i: integer value to add
5338+ *
5339+ * Atomically adds @i to @v and returns @i + @v
5340+ */
5341+static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v)
5342+{
5343+ int __i;
5344+#ifdef CONFIG_M386
5345+ unsigned long flags;
5346+ if (unlikely(boot_cpu_data.x86 <= 3))
5347+ goto no_xadd;
5348+#endif
5349+ /* Modern 486+ processor */
5350+ __i = i;
5351 asm volatile(LOCK_PREFIX "xaddl %0, %1"
5352 : "+r" (i), "+m" (v->counter)
5353 : : "memory");
5354@@ -227,22 +410,34 @@ static inline int atomic_xchg(atomic_t *
5355 */
5356 static inline int atomic_add_unless(atomic_t *v, int a, int u)
5357 {
5358- int c, old;
5359+ int c, old, new;
5360 c = atomic_read(v);
5361 for (;;) {
5362- if (unlikely(c == (u)))
5363+ if (unlikely(c == u))
5364 break;
5365- old = atomic_cmpxchg((v), c, c + (a));
5366+
5367+ asm volatile("addl %2,%0\n"
5368+
5369+#ifdef CONFIG_PAX_REFCOUNT
5370+ "into\n0:\n"
5371+ _ASM_EXTABLE(0b, 0b)
5372+#endif
5373+
5374+ : "=r" (new)
5375+ : "0" (c), "ir" (a));
5376+
5377+ old = atomic_cmpxchg(v, c, new);
5378 if (likely(old == c))
5379 break;
5380 c = old;
5381 }
5382- return c != (u);
5383+ return c != u;
5384 }
5385
5386 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
5387
5388 #define atomic_inc_return(v) (atomic_add_return(1, v))
5389+#define atomic_inc_return_unchecked(v) (atomic_add_return_unchecked(1, v))
5390 #define atomic_dec_return(v) (atomic_sub_return(1, v))
5391
5392 /* These are x86-specific, used by some header files */
5393@@ -266,6 +461,14 @@ typedef struct {
5394 u64 __aligned(8) counter;
5395 } atomic64_t;
5396
5397+#ifdef CONFIG_PAX_REFCOUNT
5398+typedef struct {
5399+ u64 __aligned(8) counter;
5400+} atomic64_unchecked_t;
5401+#else
5402+typedef atomic64_t atomic64_unchecked_t;
5403+#endif
5404+
5405 #define ATOMIC64_INIT(val) { (val) }
5406
5407 extern u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old_val, u64 new_val);
5408diff -urNp linux-2.6.32.8/arch/x86/include/asm/atomic_64.h linux-2.6.32.8/arch/x86/include/asm/atomic_64.h
5409--- linux-2.6.32.8/arch/x86/include/asm/atomic_64.h 2010-02-09 07:57:19.000000000 -0500
5410+++ linux-2.6.32.8/arch/x86/include/asm/atomic_64.h 2010-02-13 21:45:09.875659651 -0500
5411@@ -24,6 +24,17 @@ static inline int atomic_read(const atom
5412 }
5413
5414 /**
5415+ * atomic_read_unchecked - read atomic variable
5416+ * @v: pointer of type atomic_unchecked_t
5417+ *
5418+ * Atomically reads the value of @v.
5419+ */
5420+static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
5421+{
5422+ return v->counter;
5423+}
5424+
5425+/**
5426 * atomic_set - set atomic variable
5427 * @v: pointer of type atomic_t
5428 * @i: required value
5429@@ -36,6 +47,18 @@ static inline void atomic_set(atomic_t *
5430 }
5431
5432 /**
5433+ * atomic_set_unchecked - set atomic variable
5434+ * @v: pointer of type atomic_unchecked_t
5435+ * @i: required value
5436+ *
5437+ * Atomically sets the value of @v to @i.
5438+ */
5439+static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
5440+{
5441+ v->counter = i;
5442+}
5443+
5444+/**
5445 * atomic_add - add integer to atomic variable
5446 * @i: integer value to add
5447 * @v: pointer of type atomic_t
5448@@ -44,7 +67,29 @@ static inline void atomic_set(atomic_t *
5449 */
5450 static inline void atomic_add(int i, atomic_t *v)
5451 {
5452- asm volatile(LOCK_PREFIX "addl %1,%0"
5453+ asm volatile(LOCK_PREFIX "addl %1,%0\n"
5454+
5455+#ifdef CONFIG_PAX_REFCOUNT
5456+ "jno 0f\n"
5457+ LOCK_PREFIX "subl %1,%0\n"
5458+ "int $4\n0:\n"
5459+ _ASM_EXTABLE(0b, 0b)
5460+#endif
5461+
5462+ : "=m" (v->counter)
5463+ : "ir" (i), "m" (v->counter));
5464+}
5465+
5466+/**
5467+ * atomic_add_unchecked - add integer to atomic variable
5468+ * @i: integer value to add
5469+ * @v: pointer of type atomic_unchecked_t
5470+ *
5471+ * Atomically adds @i to @v.
5472+ */
5473+static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
5474+{
5475+ asm volatile(LOCK_PREFIX "addl %1,%0\n"
5476 : "=m" (v->counter)
5477 : "ir" (i), "m" (v->counter));
5478 }
5479@@ -58,7 +103,29 @@ static inline void atomic_add(int i, ato
5480 */
5481 static inline void atomic_sub(int i, atomic_t *v)
5482 {
5483- asm volatile(LOCK_PREFIX "subl %1,%0"
5484+ asm volatile(LOCK_PREFIX "subl %1,%0\n"
5485+
5486+#ifdef CONFIG_PAX_REFCOUNT
5487+ "jno 0f\n"
5488+ LOCK_PREFIX "addl %1,%0\n"
5489+ "int $4\n0:\n"
5490+ _ASM_EXTABLE(0b, 0b)
5491+#endif
5492+
5493+ : "=m" (v->counter)
5494+ : "ir" (i), "m" (v->counter));
5495+}
5496+
5497+/**
5498+ * atomic_sub_unchecked - subtract the atomic variable
5499+ * @i: integer value to subtract
5500+ * @v: pointer of type atomic_unchecked_t
5501+ *
5502+ * Atomically subtracts @i from @v.
5503+ */
5504+static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
5505+{
5506+ asm volatile(LOCK_PREFIX "subl %1,%0\n"
5507 : "=m" (v->counter)
5508 : "ir" (i), "m" (v->counter));
5509 }
5510@@ -76,7 +143,16 @@ static inline int atomic_sub_and_test(in
5511 {
5512 unsigned char c;
5513
5514- asm volatile(LOCK_PREFIX "subl %2,%0; sete %1"
5515+ asm volatile(LOCK_PREFIX "subl %2,%0\n"
5516+
5517+#ifdef CONFIG_PAX_REFCOUNT
5518+ "jno 0f\n"
5519+ LOCK_PREFIX "addl %2,%0\n"
5520+ "int $4\n0:\n"
5521+ _ASM_EXTABLE(0b, 0b)
5522+#endif
5523+
5524+ "sete %1\n"
5525 : "=m" (v->counter), "=qm" (c)
5526 : "ir" (i), "m" (v->counter) : "memory");
5527 return c;
5528@@ -90,7 +166,32 @@ static inline int atomic_sub_and_test(in
5529 */
5530 static inline void atomic_inc(atomic_t *v)
5531 {
5532- asm volatile(LOCK_PREFIX "incl %0"
5533+ asm volatile(LOCK_PREFIX "incl %0\n"
5534+
5535+#ifdef CONFIG_PAX_REFCOUNT
5536+ "jno 0f\n"
5537+ "int $4\n0:\n"
5538+ ".pushsection .fixup,\"ax\"\n"
5539+ "1:\n"
5540+ LOCK_PREFIX "decl %0\n"
5541+ "jmp 0b\n"
5542+ ".popsection\n"
5543+ _ASM_EXTABLE(0b, 1b)
5544+#endif
5545+
5546+ : "=m" (v->counter)
5547+ : "m" (v->counter));
5548+}
5549+
5550+/**
5551+ * atomic_inc_unchecked - increment atomic variable
5552+ * @v: pointer of type atomic_unchecked_t
5553+ *
5554+ * Atomically increments @v by 1.
5555+ */
5556+static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
5557+{
5558+ asm volatile(LOCK_PREFIX "incl %0\n"
5559 : "=m" (v->counter)
5560 : "m" (v->counter));
5561 }
5562@@ -103,7 +204,19 @@ static inline void atomic_inc(atomic_t *
5563 */
5564 static inline void atomic_dec(atomic_t *v)
5565 {
5566- asm volatile(LOCK_PREFIX "decl %0"
5567+ asm volatile(LOCK_PREFIX "decl %0\n"
5568+
5569+#ifdef CONFIG_PAX_REFCOUNT
5570+ "jno 0f\n"
5571+ "int $4\n0:\n"
5572+ ".pushsection .fixup,\"ax\"\n"
5573+ "1: \n"
5574+ LOCK_PREFIX "incl %0\n"
5575+ "jmp 0b\n"
5576+ ".popsection\n"
5577+ _ASM_EXTABLE(0b, 1b)
5578+#endif
5579+
5580 : "=m" (v->counter)
5581 : "m" (v->counter));
5582 }
5583@@ -120,7 +233,20 @@ static inline int atomic_dec_and_test(at
5584 {
5585 unsigned char c;
5586
5587- asm volatile(LOCK_PREFIX "decl %0; sete %1"
5588+ asm volatile(LOCK_PREFIX "decl %0\n"
5589+
5590+#ifdef CONFIG_PAX_REFCOUNT
5591+ "jno 0f\n"
5592+ "int $4\n0:\n"
5593+ ".pushsection .fixup,\"ax\"\n"
5594+ "1: \n"
5595+ LOCK_PREFIX "incl %0\n"
5596+ "jmp 0b\n"
5597+ ".popsection\n"
5598+ _ASM_EXTABLE(0b, 1b)
5599+#endif
5600+
5601+ "sete %1\n"
5602 : "=m" (v->counter), "=qm" (c)
5603 : "m" (v->counter) : "memory");
5604 return c != 0;
5605@@ -138,7 +264,20 @@ static inline int atomic_inc_and_test(at
5606 {
5607 unsigned char c;
5608
5609- asm volatile(LOCK_PREFIX "incl %0; sete %1"
5610+ asm volatile(LOCK_PREFIX "incl %0\n"
5611+
5612+#ifdef CONFIG_PAX_REFCOUNT
5613+ "jno 0f\n"
5614+ "int $4\n0:\n"
5615+ ".pushsection .fixup,\"ax\"\n"
5616+ "1: \n"
5617+ LOCK_PREFIX "decl %0\n"
5618+ "jmp 0b\n"
5619+ ".popsection\n"
5620+ _ASM_EXTABLE(0b, 1b)
5621+#endif
5622+
5623+ "sete %1\n"
5624 : "=m" (v->counter), "=qm" (c)
5625 : "m" (v->counter) : "memory");
5626 return c != 0;
5627@@ -157,7 +296,16 @@ static inline int atomic_add_negative(in
5628 {
5629 unsigned char c;
5630
5631- asm volatile(LOCK_PREFIX "addl %2,%0; sets %1"
5632+ asm volatile(LOCK_PREFIX "addl %2,%0\n"
5633+
5634+#ifdef CONFIG_PAX_REFCOUNT
5635+ "jno 0f\n"
5636+ LOCK_PREFIX "subl %2,%0\n"
5637+ "int $4\n0:\n"
5638+ _ASM_EXTABLE(0b, 0b)
5639+#endif
5640+
5641+ "sets %1\n"
5642 : "=m" (v->counter), "=qm" (c)
5643 : "ir" (i), "m" (v->counter) : "memory");
5644 return c;
5645@@ -173,7 +321,15 @@ static inline int atomic_add_negative(in
5646 static inline int atomic_add_return(int i, atomic_t *v)
5647 {
5648 int __i = i;
5649- asm volatile(LOCK_PREFIX "xaddl %0, %1"
5650+ asm volatile(LOCK_PREFIX "xaddl %0, %1\n"
5651+
5652+#ifdef CONFIG_PAX_REFCOUNT
5653+ "jno 0f\n"
5654+ "movl %0, %1\n"
5655+ "int $4\n0:\n"
5656+ _ASM_EXTABLE(0b, 0b)
5657+#endif
5658+
5659 : "+r" (i), "+m" (v->counter)
5660 : : "memory");
5661 return i + __i;
5662@@ -204,6 +360,18 @@ static inline long atomic64_read(const a
5663 }
5664
5665 /**
5666+ * atomic64_read_unchecked - read atomic64 variable
5667+ * @v: pointer of type atomic64_unchecked_t
5668+ *
5669+ * Atomically reads the value of @v.
5670+ * Doesn't imply a read memory barrier.
5671+ */
5672+static inline long atomic64_read_unchecked(const atomic64_unchecked_t *v)
5673+{
5674+ return v->counter;
5675+}
5676+
5677+/**
5678 * atomic64_set - set atomic64 variable
5679 * @v: pointer to type atomic64_t
5680 * @i: required value
5681@@ -216,6 +384,18 @@ static inline void atomic64_set(atomic64
5682 }
5683
5684 /**
5685+ * atomic64_set_unchecked - set atomic64 variable
5686+ * @v: pointer to type atomic64_unchecked_t
5687+ * @i: required value
5688+ *
5689+ * Atomically sets the value of @v to @i.
5690+ */
5691+static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long i)
5692+{
5693+ v->counter = i;
5694+}
5695+
5696+/**
5697 * atomic64_add - add integer to atomic64 variable
5698 * @i: integer value to add
5699 * @v: pointer to type atomic64_t
5700@@ -224,6 +404,28 @@ static inline void atomic64_set(atomic64
5701 */
5702 static inline void atomic64_add(long i, atomic64_t *v)
5703 {
5704+ asm volatile(LOCK_PREFIX "addq %1,%0\n"
5705+
5706+#ifdef CONFIG_PAX_REFCOUNT
5707+ "jno 0f\n"
5708+ LOCK_PREFIX "subq %1,%0\n"
5709+ "int $4\n0:\n"
5710+ _ASM_EXTABLE(0b, 0b)
5711+#endif
5712+
5713+ : "=m" (v->counter)
5714+ : "er" (i), "m" (v->counter));
5715+}
5716+
5717+/**
5718+ * atomic64_add_unchecked - add integer to atomic64 variable
5719+ * @i: integer value to add
5720+ * @v: pointer to type atomic64_unchecked_t
5721+ *
5722+ * Atomically adds @i to @v.
5723+ */
5724+static inline void atomic64_add_unchecked(long i, atomic64_unchecked_t *v)
5725+{
5726 asm volatile(LOCK_PREFIX "addq %1,%0"
5727 : "=m" (v->counter)
5728 : "er" (i), "m" (v->counter));
5729@@ -238,7 +440,15 @@ static inline void atomic64_add(long i,
5730 */
5731 static inline void atomic64_sub(long i, atomic64_t *v)
5732 {
5733- asm volatile(LOCK_PREFIX "subq %1,%0"
5734+ asm volatile(LOCK_PREFIX "subq %1,%0\n"
5735+
5736+#ifdef CONFIG_PAX_REFCOUNT
5737+ "jno 0f\n"
5738+ LOCK_PREFIX "addq %1,%0\n"
5739+ "int $4\n0:\n"
5740+ _ASM_EXTABLE(0b, 0b)
5741+#endif
5742+
5743 : "=m" (v->counter)
5744 : "er" (i), "m" (v->counter));
5745 }
5746@@ -256,7 +466,16 @@ static inline int atomic64_sub_and_test(
5747 {
5748 unsigned char c;
5749
5750- asm volatile(LOCK_PREFIX "subq %2,%0; sete %1"
5751+ asm volatile(LOCK_PREFIX "subq %2,%0\n"
5752+
5753+#ifdef CONFIG_PAX_REFCOUNT
5754+ "jno 0f\n"
5755+ LOCK_PREFIX "addq %2,%0\n"
5756+ "int $4\n0:\n"
5757+ _ASM_EXTABLE(0b, 0b)
5758+#endif
5759+
5760+ "sete %1\n"
5761 : "=m" (v->counter), "=qm" (c)
5762 : "er" (i), "m" (v->counter) : "memory");
5763 return c;
5764@@ -270,6 +489,31 @@ static inline int atomic64_sub_and_test(
5765 */
5766 static inline void atomic64_inc(atomic64_t *v)
5767 {
5768+ asm volatile(LOCK_PREFIX "incq %0\n"
5769+
5770+#ifdef CONFIG_PAX_REFCOUNT
5771+ "jno 0f\n"
5772+ "int $4\n0:\n"
5773+ ".pushsection .fixup,\"ax\"\n"
5774+ "1:\n"
5775+ LOCK_PREFIX "decq %0\n"
5776+ "jmp 0b\n"
5777+ ".popsection\n"
5778+ _ASM_EXTABLE(0b, 1b)
5779+#endif
5780+
5781+ : "=m" (v->counter)
5782+ : "m" (v->counter));
5783+}
5784+
5785+/**
5786+ * atomic64_inc_unchecked - increment atomic64 variable
5787+ * @v: pointer to type atomic64_unchecked_t
5788+ *
5789+ * Atomically increments @v by 1.
5790+ */
5791+static inline void atomic64_inc_unchecked(atomic64_unchecked_t *v)
5792+{
5793 asm volatile(LOCK_PREFIX "incq %0"
5794 : "=m" (v->counter)
5795 : "m" (v->counter));
5796@@ -283,7 +527,19 @@ static inline void atomic64_inc(atomic64
5797 */
5798 static inline void atomic64_dec(atomic64_t *v)
5799 {
5800- asm volatile(LOCK_PREFIX "decq %0"
5801+ asm volatile(LOCK_PREFIX "decq %0\n"
5802+
5803+#ifdef CONFIG_PAX_REFCOUNT
5804+ "jno 0f\n"
5805+ "int $4\n0:\n"
5806+ ".pushsection .fixup,\"ax\"\n"
5807+ "1: \n"
5808+ LOCK_PREFIX "incq %0\n"
5809+ "jmp 0b\n"
5810+ ".popsection\n"
5811+ _ASM_EXTABLE(0b, 1b)
5812+#endif
5813+
5814 : "=m" (v->counter)
5815 : "m" (v->counter));
5816 }
5817@@ -300,7 +556,20 @@ static inline int atomic64_dec_and_test(
5818 {
5819 unsigned char c;
5820
5821- asm volatile(LOCK_PREFIX "decq %0; sete %1"
5822+ asm volatile(LOCK_PREFIX "decq %0\n"
5823+
5824+#ifdef CONFIG_PAX_REFCOUNT
5825+ "jno 0f\n"
5826+ "int $4\n0:\n"
5827+ ".pushsection .fixup,\"ax\"\n"
5828+ "1: \n"
5829+ LOCK_PREFIX "incq %0\n"
5830+ "jmp 0b\n"
5831+ ".popsection\n"
5832+ _ASM_EXTABLE(0b, 1b)
5833+#endif
5834+
5835+ "sete %1\n"
5836 : "=m" (v->counter), "=qm" (c)
5837 : "m" (v->counter) : "memory");
5838 return c != 0;
5839@@ -318,7 +587,20 @@ static inline int atomic64_inc_and_test(
5840 {
5841 unsigned char c;
5842
5843- asm volatile(LOCK_PREFIX "incq %0; sete %1"
5844+ asm volatile(LOCK_PREFIX "incq %0\n"
5845+
5846+#ifdef CONFIG_PAX_REFCOUNT
5847+ "jno 0f\n"
5848+ "int $4\n0:\n"
5849+ ".pushsection .fixup,\"ax\"\n"
5850+ "1: \n"
5851+ LOCK_PREFIX "decq %0\n"
5852+ "jmp 0b\n"
5853+ ".popsection\n"
5854+ _ASM_EXTABLE(0b, 1b)
5855+#endif
5856+
5857+ "sete %1\n"
5858 : "=m" (v->counter), "=qm" (c)
5859 : "m" (v->counter) : "memory");
5860 return c != 0;
5861@@ -337,7 +619,16 @@ static inline int atomic64_add_negative(
5862 {
5863 unsigned char c;
5864
5865- asm volatile(LOCK_PREFIX "addq %2,%0; sets %1"
5866+ asm volatile(LOCK_PREFIX "addq %2,%0\n"
5867+
5868+#ifdef CONFIG_PAX_REFCOUNT
5869+ "jno 0f\n"
5870+ LOCK_PREFIX "subq %2,%0\n"
5871+ "int $4\n0:\n"
5872+ _ASM_EXTABLE(0b, 0b)
5873+#endif
5874+
5875+ "sets %1\n"
5876 : "=m" (v->counter), "=qm" (c)
5877 : "er" (i), "m" (v->counter) : "memory");
5878 return c;
5879@@ -353,7 +644,31 @@ static inline int atomic64_add_negative(
5880 static inline long atomic64_add_return(long i, atomic64_t *v)
5881 {
5882 long __i = i;
5883- asm volatile(LOCK_PREFIX "xaddq %0, %1;"
5884+ asm volatile(LOCK_PREFIX "xaddq %0, %1\n"
5885+
5886+#ifdef CONFIG_PAX_REFCOUNT
5887+ "jno 0f\n"
5888+ "movq %0, %1\n"
5889+ "int $4\n0:\n"
5890+ _ASM_EXTABLE(0b, 0b)
5891+#endif
5892+
5893+ : "+r" (i), "+m" (v->counter)
5894+ : : "memory");
5895+ return i + __i;
5896+}
5897+
5898+/**
5899+ * atomic64_add_return_unchecked - add and return
5900+ * @i: integer value to add
5901+ * @v: pointer to type atomic64_unchecked_t
5902+ *
5903+ * Atomically adds @i to @v and returns @i + @v
5904+ */
5905+static inline long atomic64_add_return_unchecked(long i, atomic64_unchecked_t *v)
5906+{
5907+ long __i = i;
5908+ asm volatile(LOCK_PREFIX "xaddq %0, %1"
5909 : "+r" (i), "+m" (v->counter)
5910 : : "memory");
5911 return i + __i;
5912@@ -365,6 +680,7 @@ static inline long atomic64_sub_return(l
5913 }
5914
5915 #define atomic64_inc_return(v) (atomic64_add_return(1, (v)))
5916+#define atomic64_inc_return_unchecked(v) (atomic64_add_return_unchecked(1, (v)))
5917 #define atomic64_dec_return(v) (atomic64_sub_return(1, (v)))
5918
5919 static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new)
5920@@ -398,17 +714,29 @@ static inline long atomic_xchg(atomic_t
5921 */
5922 static inline int atomic_add_unless(atomic_t *v, int a, int u)
5923 {
5924- int c, old;
5925+ int c, old, new;
5926 c = atomic_read(v);
5927 for (;;) {
5928- if (unlikely(c == (u)))
5929+ if (unlikely(c == u))
5930 break;
5931- old = atomic_cmpxchg((v), c, c + (a));
5932+
5933+ asm volatile("addl %2,%0\n"
5934+
5935+#ifdef CONFIG_PAX_REFCOUNT
5936+ "jno 0f\n"
5937+ "int $4\n0:\n"
5938+ _ASM_EXTABLE(0b, 0b)
5939+#endif
5940+
5941+ : "=r" (new)
5942+ : "0" (c), "ir" (a));
5943+
5944+ old = atomic_cmpxchg(v, c, new);
5945 if (likely(old == c))
5946 break;
5947 c = old;
5948 }
5949- return c != (u);
5950+ return c != u;
5951 }
5952
5953 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
5954@@ -424,17 +752,29 @@ static inline int atomic_add_unless(atom
5955 */
5956 static inline int atomic64_add_unless(atomic64_t *v, long a, long u)
5957 {
5958- long c, old;
5959+ long c, old, new;
5960 c = atomic64_read(v);
5961 for (;;) {
5962- if (unlikely(c == (u)))
5963+ if (unlikely(c == u))
5964 break;
5965- old = atomic64_cmpxchg((v), c, c + (a));
5966+
5967+ asm volatile("addq %2,%0\n"
5968+
5969+#ifdef CONFIG_PAX_REFCOUNT
5970+ "jno 0f\n"
5971+ "int $4\n0:\n"
5972+ _ASM_EXTABLE(0b, 0b)
5973+#endif
5974+
5975+ : "=r" (new)
5976+ : "0" (c), "er" (a));
5977+
5978+ old = atomic64_cmpxchg((v), c, new);
5979 if (likely(old == c))
5980 break;
5981 c = old;
5982 }
5983- return c != (u);
5984+ return c != u;
5985 }
5986
5987 /**
5988diff -urNp linux-2.6.32.8/arch/x86/include/asm/boot.h linux-2.6.32.8/arch/x86/include/asm/boot.h
5989--- linux-2.6.32.8/arch/x86/include/asm/boot.h 2010-02-09 07:57:19.000000000 -0500
5990+++ linux-2.6.32.8/arch/x86/include/asm/boot.h 2010-02-13 21:45:09.875659651 -0500
5991@@ -11,10 +11,15 @@
5992 #include <asm/pgtable_types.h>
5993
5994 /* Physical address where kernel should be loaded. */
5995-#define LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
5996+#define ____LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
5997 + (CONFIG_PHYSICAL_ALIGN - 1)) \
5998 & ~(CONFIG_PHYSICAL_ALIGN - 1))
5999
6000+#ifndef __ASSEMBLY__
6001+extern unsigned char __LOAD_PHYSICAL_ADDR[];
6002+#define LOAD_PHYSICAL_ADDR ((unsigned long)__LOAD_PHYSICAL_ADDR)
6003+#endif
6004+
6005 /* Minimum kernel alignment, as a power of two */
6006 #ifdef CONFIG_X86_64
6007 #define MIN_KERNEL_ALIGN_LG2 PMD_SHIFT
6008diff -urNp linux-2.6.32.8/arch/x86/include/asm/cache.h linux-2.6.32.8/arch/x86/include/asm/cache.h
6009--- linux-2.6.32.8/arch/x86/include/asm/cache.h 2010-02-09 07:57:19.000000000 -0500
6010+++ linux-2.6.32.8/arch/x86/include/asm/cache.h 2010-02-13 21:45:09.875659651 -0500
6011@@ -8,6 +8,7 @@
6012 #define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
6013
6014 #define __read_mostly __attribute__((__section__(".data.read_mostly")))
6015+#define __read_only __attribute__((__section__(".data.read_only")))
6016
6017 #ifdef CONFIG_X86_VSMP
6018 /* vSMP Internode cacheline shift */
6019diff -urNp linux-2.6.32.8/arch/x86/include/asm/checksum_32.h linux-2.6.32.8/arch/x86/include/asm/checksum_32.h
6020--- linux-2.6.32.8/arch/x86/include/asm/checksum_32.h 2010-02-09 07:57:19.000000000 -0500
6021+++ linux-2.6.32.8/arch/x86/include/asm/checksum_32.h 2010-02-13 21:45:09.875659651 -0500
6022@@ -31,6 +31,14 @@ asmlinkage __wsum csum_partial_copy_gene
6023 int len, __wsum sum,
6024 int *src_err_ptr, int *dst_err_ptr);
6025
6026+asmlinkage __wsum csum_partial_copy_generic_to_user(const void *src, void *dst,
6027+ int len, __wsum sum,
6028+ int *src_err_ptr, int *dst_err_ptr);
6029+
6030+asmlinkage __wsum csum_partial_copy_generic_from_user(const void *src, void *dst,
6031+ int len, __wsum sum,
6032+ int *src_err_ptr, int *dst_err_ptr);
6033+
6034 /*
6035 * Note: when you get a NULL pointer exception here this means someone
6036 * passed in an incorrect kernel address to one of these functions.
6037@@ -50,7 +58,7 @@ static inline __wsum csum_partial_copy_f
6038 int *err_ptr)
6039 {
6040 might_sleep();
6041- return csum_partial_copy_generic((__force void *)src, dst,
6042+ return csum_partial_copy_generic_from_user((__force void *)src, dst,
6043 len, sum, err_ptr, NULL);
6044 }
6045
6046@@ -178,7 +186,7 @@ static inline __wsum csum_and_copy_to_us
6047 {
6048 might_sleep();
6049 if (access_ok(VERIFY_WRITE, dst, len))
6050- return csum_partial_copy_generic(src, (__force void *)dst,
6051+ return csum_partial_copy_generic_to_user(src, (__force void *)dst,
6052 len, sum, NULL, err_ptr);
6053
6054 if (len)
6055diff -urNp linux-2.6.32.8/arch/x86/include/asm/desc.h linux-2.6.32.8/arch/x86/include/asm/desc.h
6056--- linux-2.6.32.8/arch/x86/include/asm/desc.h 2010-02-09 07:57:19.000000000 -0500
6057+++ linux-2.6.32.8/arch/x86/include/asm/desc.h 2010-02-13 21:45:09.875659651 -0500
6058@@ -4,6 +4,7 @@
6059 #include <asm/desc_defs.h>
6060 #include <asm/ldt.h>
6061 #include <asm/mmu.h>
6062+#include <asm/pgtable.h>
6063 #include <linux/smp.h>
6064
6065 static inline void fill_ldt(struct desc_struct *desc,
6066@@ -15,6 +16,7 @@ static inline void fill_ldt(struct desc_
6067 desc->base1 = (info->base_addr & 0x00ff0000) >> 16;
6068 desc->type = (info->read_exec_only ^ 1) << 1;
6069 desc->type |= info->contents << 2;
6070+ desc->type |= info->seg_not_present ^ 1;
6071 desc->s = 1;
6072 desc->dpl = 0x3;
6073 desc->p = info->seg_not_present ^ 1;
6074@@ -31,16 +33,12 @@ static inline void fill_ldt(struct desc_
6075 }
6076
6077 extern struct desc_ptr idt_descr;
6078-extern gate_desc idt_table[];
6079-
6080-struct gdt_page {
6081- struct desc_struct gdt[GDT_ENTRIES];
6082-} __attribute__((aligned(PAGE_SIZE)));
6083-DECLARE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page);
6084+extern gate_desc idt_table[256];
6085
6086+extern struct desc_struct cpu_gdt_table[NR_CPUS][PAGE_SIZE / sizeof(struct desc_struct)];
6087 static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu)
6088 {
6089- return per_cpu(gdt_page, cpu).gdt;
6090+ return cpu_gdt_table[cpu];
6091 }
6092
6093 #ifdef CONFIG_X86_64
6094@@ -115,19 +113,24 @@ static inline void paravirt_free_ldt(str
6095 static inline void native_write_idt_entry(gate_desc *idt, int entry,
6096 const gate_desc *gate)
6097 {
6098+ pax_open_kernel();
6099 memcpy(&idt[entry], gate, sizeof(*gate));
6100+ pax_close_kernel();
6101 }
6102
6103 static inline void native_write_ldt_entry(struct desc_struct *ldt, int entry,
6104 const void *desc)
6105 {
6106+ pax_open_kernel();
6107 memcpy(&ldt[entry], desc, 8);
6108+ pax_close_kernel();
6109 }
6110
6111 static inline void native_write_gdt_entry(struct desc_struct *gdt, int entry,
6112 const void *desc, int type)
6113 {
6114 unsigned int size;
6115+
6116 switch (type) {
6117 case DESC_TSS:
6118 size = sizeof(tss_desc);
6119@@ -139,7 +142,10 @@ static inline void native_write_gdt_entr
6120 size = sizeof(struct desc_struct);
6121 break;
6122 }
6123+
6124+ pax_open_kernel();
6125 memcpy(&gdt[entry], desc, size);
6126+ pax_close_kernel();
6127 }
6128
6129 static inline void pack_descriptor(struct desc_struct *desc, unsigned long base,
6130@@ -211,7 +217,9 @@ static inline void native_set_ldt(const
6131
6132 static inline void native_load_tr_desc(void)
6133 {
6134+ pax_open_kernel();
6135 asm volatile("ltr %w0"::"q" (GDT_ENTRY_TSS*8));
6136+ pax_close_kernel();
6137 }
6138
6139 static inline void native_load_gdt(const struct desc_ptr *dtr)
6140@@ -246,8 +254,10 @@ static inline void native_load_tls(struc
6141 unsigned int i;
6142 struct desc_struct *gdt = get_cpu_gdt_table(cpu);
6143
6144+ pax_open_kernel();
6145 for (i = 0; i < GDT_ENTRY_TLS_ENTRIES; i++)
6146 gdt[GDT_ENTRY_TLS_MIN + i] = t->tls_array[i];
6147+ pax_close_kernel();
6148 }
6149
6150 #define _LDT_empty(info) \
6151@@ -392,4 +402,16 @@ static inline void set_system_intr_gate_
6152 _set_gate(n, GATE_INTERRUPT, addr, 0x3, ist, __KERNEL_CS);
6153 }
6154
6155+#ifdef CONFIG_X86_32
6156+static inline void set_user_cs(unsigned long base, unsigned long limit, int cpu)
6157+{
6158+ struct desc_struct d;
6159+
6160+ if (likely(limit))
6161+ limit = (limit - 1UL) >> PAGE_SHIFT;
6162+ pack_descriptor(&d, base, limit, 0xFB, 0xC);
6163+ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_CS, &d, DESCTYPE_S);
6164+}
6165+#endif
6166+
6167 #endif /* _ASM_X86_DESC_H */
6168diff -urNp linux-2.6.32.8/arch/x86/include/asm/device.h linux-2.6.32.8/arch/x86/include/asm/device.h
6169--- linux-2.6.32.8/arch/x86/include/asm/device.h 2010-02-09 07:57:19.000000000 -0500
6170+++ linux-2.6.32.8/arch/x86/include/asm/device.h 2010-02-13 21:45:09.876706383 -0500
6171@@ -6,7 +6,7 @@ struct dev_archdata {
6172 void *acpi_handle;
6173 #endif
6174 #ifdef CONFIG_X86_64
6175-struct dma_map_ops *dma_ops;
6176+ const struct dma_map_ops *dma_ops;
6177 #endif
6178 #ifdef CONFIG_DMAR
6179 void *iommu; /* hook for IOMMU specific extension */
6180diff -urNp linux-2.6.32.8/arch/x86/include/asm/dma-mapping.h linux-2.6.32.8/arch/x86/include/asm/dma-mapping.h
6181--- linux-2.6.32.8/arch/x86/include/asm/dma-mapping.h 2010-02-09 07:57:19.000000000 -0500
6182+++ linux-2.6.32.8/arch/x86/include/asm/dma-mapping.h 2010-02-13 21:45:09.876706383 -0500
6183@@ -25,9 +25,9 @@ extern int iommu_merge;
6184 extern struct device x86_dma_fallback_dev;
6185 extern int panic_on_overflow;
6186
6187-extern struct dma_map_ops *dma_ops;
6188+extern const struct dma_map_ops *dma_ops;
6189
6190-static inline struct dma_map_ops *get_dma_ops(struct device *dev)
6191+static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
6192 {
6193 #ifdef CONFIG_X86_32
6194 return dma_ops;
6195@@ -44,7 +44,7 @@ static inline struct dma_map_ops *get_dm
6196 /* Make sure we keep the same behaviour */
6197 static inline int dma_mapping_error(struct device *dev, dma_addr_t dma_addr)
6198 {
6199- struct dma_map_ops *ops = get_dma_ops(dev);
6200+ const struct dma_map_ops *ops = get_dma_ops(dev);
6201 if (ops->mapping_error)
6202 return ops->mapping_error(dev, dma_addr);
6203
6204@@ -122,7 +122,7 @@ static inline void *
6205 dma_alloc_coherent(struct device *dev, size_t size, dma_addr_t *dma_handle,
6206 gfp_t gfp)
6207 {
6208- struct dma_map_ops *ops = get_dma_ops(dev);
6209+ const struct dma_map_ops *ops = get_dma_ops(dev);
6210 void *memory;
6211
6212 gfp &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
6213@@ -149,7 +149,7 @@ dma_alloc_coherent(struct device *dev, s
6214 static inline void dma_free_coherent(struct device *dev, size_t size,
6215 void *vaddr, dma_addr_t bus)
6216 {
6217- struct dma_map_ops *ops = get_dma_ops(dev);
6218+ const struct dma_map_ops *ops = get_dma_ops(dev);
6219
6220 WARN_ON(irqs_disabled()); /* for portability */
6221
6222diff -urNp linux-2.6.32.8/arch/x86/include/asm/e820.h linux-2.6.32.8/arch/x86/include/asm/e820.h
6223--- linux-2.6.32.8/arch/x86/include/asm/e820.h 2010-02-09 07:57:19.000000000 -0500
6224+++ linux-2.6.32.8/arch/x86/include/asm/e820.h 2010-02-13 21:45:09.876706383 -0500
6225@@ -133,7 +133,7 @@ extern char *default_machine_specific_me
6226 #define ISA_END_ADDRESS 0x100000
6227 #define is_ISA_range(s, e) ((s) >= ISA_START_ADDRESS && (e) < ISA_END_ADDRESS)
6228
6229-#define BIOS_BEGIN 0x000a0000
6230+#define BIOS_BEGIN 0x000c0000
6231 #define BIOS_END 0x00100000
6232
6233 #ifdef __KERNEL__
6234diff -urNp linux-2.6.32.8/arch/x86/include/asm/elf.h linux-2.6.32.8/arch/x86/include/asm/elf.h
6235--- linux-2.6.32.8/arch/x86/include/asm/elf.h 2010-02-09 07:57:19.000000000 -0500
6236+++ linux-2.6.32.8/arch/x86/include/asm/elf.h 2010-02-13 21:45:09.876706383 -0500
6237@@ -257,7 +257,25 @@ extern int force_personality32;
6238 the loader. We need to make sure that it is out of the way of the program
6239 that it will "exec", and that there is sufficient room for the brk. */
6240
6241+#ifdef CONFIG_PAX_SEGMEXEC
6242+#define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3*2 : TASK_SIZE/3*2)
6243+#else
6244 #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
6245+#endif
6246+
6247+#ifdef CONFIG_PAX_ASLR
6248+#ifdef CONFIG_X86_32
6249+#define PAX_ELF_ET_DYN_BASE 0x10000000UL
6250+
6251+#define PAX_DELTA_MMAP_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
6252+#define PAX_DELTA_STACK_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
6253+#else
6254+#define PAX_ELF_ET_DYN_BASE 0x400000UL
6255+
6256+#define PAX_DELTA_MMAP_LEN ((test_thread_flag(TIF_IA32)) ? 16 : 32)
6257+#define PAX_DELTA_STACK_LEN ((test_thread_flag(TIF_IA32)) ? 16 : 32)
6258+#endif
6259+#endif
6260
6261 /* This yields a mask that user programs can use to figure out what
6262 instruction set this CPU supports. This could be done in user space,
6263@@ -311,8 +329,7 @@ do { \
6264 #define ARCH_DLINFO \
6265 do { \
6266 if (vdso_enabled) \
6267- NEW_AUX_ENT(AT_SYSINFO_EHDR, \
6268- (unsigned long)current->mm->context.vdso); \
6269+ NEW_AUX_ENT(AT_SYSINFO_EHDR, current->mm->context.vdso);\
6270 } while (0)
6271
6272 #define AT_SYSINFO 32
6273@@ -323,7 +340,7 @@ do { \
6274
6275 #endif /* !CONFIG_X86_32 */
6276
6277-#define VDSO_CURRENT_BASE ((unsigned long)current->mm->context.vdso)
6278+#define VDSO_CURRENT_BASE (current->mm->context.vdso)
6279
6280 #define VDSO_ENTRY \
6281 ((unsigned long)VDSO32_SYMBOL(VDSO_CURRENT_BASE, vsyscall))
6282@@ -337,7 +354,4 @@ extern int arch_setup_additional_pages(s
6283 extern int syscall32_setup_pages(struct linux_binprm *, int exstack);
6284 #define compat_arch_setup_additional_pages syscall32_setup_pages
6285
6286-extern unsigned long arch_randomize_brk(struct mm_struct *mm);
6287-#define arch_randomize_brk arch_randomize_brk
6288-
6289 #endif /* _ASM_X86_ELF_H */
6290diff -urNp linux-2.6.32.8/arch/x86/include/asm/futex.h linux-2.6.32.8/arch/x86/include/asm/futex.h
6291--- linux-2.6.32.8/arch/x86/include/asm/futex.h 2010-02-09 07:57:19.000000000 -0500
6292+++ linux-2.6.32.8/arch/x86/include/asm/futex.h 2010-02-13 21:45:09.876706383 -0500
6293@@ -11,6 +11,40 @@
6294 #include <asm/processor.h>
6295 #include <asm/system.h>
6296
6297+#ifdef CONFIG_X86_32
6298+#define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg) \
6299+ asm volatile( \
6300+ "movw\t%w6, %%ds\n" \
6301+ "1:\t" insn "\n" \
6302+ "2:\tpushl\t%%ss\n" \
6303+ "\tpopl\t%%ds\n" \
6304+ "\t.section .fixup,\"ax\"\n" \
6305+ "3:\tmov\t%3, %1\n" \
6306+ "\tjmp\t2b\n" \
6307+ "\t.previous\n" \
6308+ _ASM_EXTABLE(1b, 3b) \
6309+ : "=r" (oldval), "=r" (ret), "+m" (*uaddr) \
6310+ : "i" (-EFAULT), "0" (oparg), "1" (0), "r" (__USER_DS))
6311+
6312+#define __futex_atomic_op2(insn, ret, oldval, uaddr, oparg) \
6313+ asm volatile("movw\t%w7, %%es\n" \
6314+ "1:\tmovl\t%%es:%2, %0\n" \
6315+ "\tmovl\t%0, %3\n" \
6316+ "\t" insn "\n" \
6317+ "2:\t" LOCK_PREFIX "cmpxchgl %3, %%es:%2\n"\
6318+ "\tjnz\t1b\n" \
6319+ "3:\tpushl\t%%ss\n" \
6320+ "\tpopl\t%%es\n" \
6321+ "\t.section .fixup,\"ax\"\n" \
6322+ "4:\tmov\t%5, %1\n" \
6323+ "\tjmp\t3b\n" \
6324+ "\t.previous\n" \
6325+ _ASM_EXTABLE(1b, 4b) \
6326+ _ASM_EXTABLE(2b, 4b) \
6327+ : "=&a" (oldval), "=&r" (ret), \
6328+ "+m" (*uaddr), "=&r" (tem) \
6329+ : "r" (oparg), "i" (-EFAULT), "1" (0), "r" (__USER_DS))
6330+#else
6331 #define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg) \
6332 asm volatile("1:\t" insn "\n" \
6333 "2:\t.section .fixup,\"ax\"\n" \
6334@@ -36,8 +70,9 @@
6335 : "=&a" (oldval), "=&r" (ret), \
6336 "+m" (*uaddr), "=&r" (tem) \
6337 : "r" (oparg), "i" (-EFAULT), "1" (0))
6338+#endif
6339
6340-static inline int futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
6341+static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
6342 {
6343 int op = (encoded_op >> 28) & 7;
6344 int cmp = (encoded_op >> 24) & 15;
6345@@ -61,11 +96,20 @@ static inline int futex_atomic_op_inuser
6346
6347 switch (op) {
6348 case FUTEX_OP_SET:
6349+#ifdef CONFIG_X86_32
6350+ __futex_atomic_op1("xchgl %0, %%ds:%2", ret, oldval, uaddr, oparg);
6351+#else
6352 __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg);
6353+#endif
6354 break;
6355 case FUTEX_OP_ADD:
6356+#ifdef CONFIG_X86_32
6357+ __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %%ds:%2", ret, oldval,
6358+ uaddr, oparg);
6359+#else
6360 __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, oldval,
6361 uaddr, oparg);
6362+#endif
6363 break;
6364 case FUTEX_OP_OR:
6365 __futex_atomic_op2("orl %4, %3", ret, oldval, uaddr, oparg);
6366@@ -109,7 +153,7 @@ static inline int futex_atomic_op_inuser
6367 return ret;
6368 }
6369
6370-static inline int futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval,
6371+static inline int futex_atomic_cmpxchg_inatomic(u32 __user *uaddr, int oldval,
6372 int newval)
6373 {
6374
6375@@ -122,14 +166,27 @@ static inline int futex_atomic_cmpxchg_i
6376 if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
6377 return -EFAULT;
6378
6379- asm volatile("1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n"
6380+ asm volatile(
6381+#ifdef CONFIG_X86_32
6382+ "\tmovw %w5, %%ds\n"
6383+ "1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n"
6384+ "2:\tpushl %%ss\n"
6385+ "\tpopl %%ds\n"
6386+ "\t.section .fixup, \"ax\"\n"
6387+#else
6388+ "1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n"
6389 "2:\t.section .fixup, \"ax\"\n"
6390+#endif
6391 "3:\tmov %2, %0\n"
6392 "\tjmp 2b\n"
6393 "\t.previous\n"
6394 _ASM_EXTABLE(1b, 3b)
6395 : "=a" (oldval), "+m" (*uaddr)
6396+#ifdef CONFIG_X86_32
6397+ : "i" (-EFAULT), "r" (newval), "0" (oldval), "r" (__USER_DS)
6398+#else
6399 : "i" (-EFAULT), "r" (newval), "0" (oldval)
6400+#endif
6401 : "memory"
6402 );
6403
6404diff -urNp linux-2.6.32.8/arch/x86/include/asm/i387.h linux-2.6.32.8/arch/x86/include/asm/i387.h
6405--- linux-2.6.32.8/arch/x86/include/asm/i387.h 2010-02-09 07:57:19.000000000 -0500
6406+++ linux-2.6.32.8/arch/x86/include/asm/i387.h 2010-02-13 21:45:09.877907600 -0500
6407@@ -195,13 +195,8 @@ static inline int fxrstor_checking(struc
6408 }
6409
6410 /* We need a safe address that is cheap to find and that is already
6411- in L1 during context switch. The best choices are unfortunately
6412- different for UP and SMP */
6413-#ifdef CONFIG_SMP
6414-#define safe_address (__per_cpu_offset[0])
6415-#else
6416-#define safe_address (kstat_cpu(0).cpustat.user)
6417-#endif
6418+ in L1 during context switch. */
6419+#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0)
6420
6421 /*
6422 * These must be called with preempt disabled
6423diff -urNp linux-2.6.32.8/arch/x86/include/asm/io_64.h linux-2.6.32.8/arch/x86/include/asm/io_64.h
6424--- linux-2.6.32.8/arch/x86/include/asm/io_64.h 2010-02-09 07:57:19.000000000 -0500
6425+++ linux-2.6.32.8/arch/x86/include/asm/io_64.h 2010-02-13 21:45:09.877907600 -0500
6426@@ -140,6 +140,17 @@ __OUTS(l)
6427
6428 #include <linux/vmalloc.h>
6429
6430+#define ARCH_HAS_VALID_PHYS_ADDR_RANGE
6431+static inline int valid_phys_addr_range(unsigned long addr, size_t count)
6432+{
6433+ return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
6434+}
6435+
6436+static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t count)
6437+{
6438+ return (pfn + (count >> PAGE_SHIFT)) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
6439+}
6440+
6441 #include <asm-generic/iomap.h>
6442
6443 void __memcpy_fromio(void *, unsigned long, unsigned);
6444diff -urNp linux-2.6.32.8/arch/x86/include/asm/iommu.h linux-2.6.32.8/arch/x86/include/asm/iommu.h
6445--- linux-2.6.32.8/arch/x86/include/asm/iommu.h 2010-02-09 07:57:19.000000000 -0500
6446+++ linux-2.6.32.8/arch/x86/include/asm/iommu.h 2010-02-13 21:45:09.877907600 -0500
6447@@ -3,7 +3,7 @@
6448
6449 extern void pci_iommu_shutdown(void);
6450 extern void no_iommu_init(void);
6451-extern struct dma_map_ops nommu_dma_ops;
6452+extern const struct dma_map_ops nommu_dma_ops;
6453 extern int force_iommu, no_iommu;
6454 extern int iommu_detected;
6455 extern int iommu_pass_through;
6456diff -urNp linux-2.6.32.8/arch/x86/include/asm/irqflags.h linux-2.6.32.8/arch/x86/include/asm/irqflags.h
6457--- linux-2.6.32.8/arch/x86/include/asm/irqflags.h 2010-02-09 07:57:19.000000000 -0500
6458+++ linux-2.6.32.8/arch/x86/include/asm/irqflags.h 2010-02-13 21:45:09.877907600 -0500
6459@@ -146,6 +146,27 @@ static inline unsigned long __raw_local_
6460 #define INTERRUPT_RETURN iret
6461 #define ENABLE_INTERRUPTS_SYSEXIT sti; sysexit
6462 #define GET_CR0_INTO_EAX movl %cr0, %eax
6463+
6464+/* PaX: special register usage in entry_32.S, beware */
6465+#ifdef CONFIG_PAX_KERNEXEC
6466+#define PAX_EXIT_KERNEL \
6467+ bt $16, %esi; \
6468+ jc 1f; \
6469+ movl %esi, %cr0; \
6470+1:
6471+
6472+#define PAX_ENTER_KERNEL \
6473+ movl %cr0, %esi; \
6474+ movl %esi, %edx; \
6475+ bts $16, %edx; \
6476+ jc 1f; \
6477+ movl %edx, %cr0; \
6478+1:
6479+#else
6480+#define PAX_EXIT_KERNEL
6481+#define PAX_ENTER_KERNEL
6482+#endif
6483+
6484 #endif
6485
6486
6487diff -urNp linux-2.6.32.8/arch/x86/include/asm/kvm_host.h linux-2.6.32.8/arch/x86/include/asm/kvm_host.h
6488--- linux-2.6.32.8/arch/x86/include/asm/kvm_host.h 2010-02-09 07:57:19.000000000 -0500
6489+++ linux-2.6.32.8/arch/x86/include/asm/kvm_host.h 2010-02-13 21:45:09.878752773 -0500
6490@@ -531,7 +531,7 @@ struct kvm_x86_ops {
6491 const struct trace_print_flags *exit_reasons_str;
6492 };
6493
6494-extern struct kvm_x86_ops *kvm_x86_ops;
6495+extern const struct kvm_x86_ops *kvm_x86_ops;
6496
6497 int kvm_mmu_module_init(void);
6498 void kvm_mmu_module_exit(void);
6499diff -urNp linux-2.6.32.8/arch/x86/include/asm/local.h linux-2.6.32.8/arch/x86/include/asm/local.h
6500--- linux-2.6.32.8/arch/x86/include/asm/local.h 2010-02-09 07:57:19.000000000 -0500
6501+++ linux-2.6.32.8/arch/x86/include/asm/local.h 2010-02-13 21:45:09.878752773 -0500
6502@@ -18,26 +18,90 @@ typedef struct {
6503
6504 static inline void local_inc(local_t *l)
6505 {
6506- asm volatile(_ASM_INC "%0"
6507+ asm volatile(_ASM_INC "%0\n"
6508+
6509+#ifdef CONFIG_PAX_REFCOUNT
6510+#ifdef CONFIG_X86_32
6511+ "into\n0:\n"
6512+#else
6513+ "jno 0f\n"
6514+ "int $4\n0:\n"
6515+#endif
6516+ ".pushsection .fixup,\"ax\"\n"
6517+ "1:\n"
6518+ _ASM_DEC "%0\n"
6519+ "jmp 0b\n"
6520+ ".popsection\n"
6521+ _ASM_EXTABLE(0b, 1b)
6522+#endif
6523+
6524 : "+m" (l->a.counter));
6525 }
6526
6527 static inline void local_dec(local_t *l)
6528 {
6529- asm volatile(_ASM_DEC "%0"
6530+ asm volatile(_ASM_DEC "%0\n"
6531+
6532+#ifdef CONFIG_PAX_REFCOUNT
6533+#ifdef CONFIG_X86_32
6534+ "into\n0:\n"
6535+#else
6536+ "jno 0f\n"
6537+ "int $4\n0:\n"
6538+#endif
6539+ ".pushsection .fixup,\"ax\"\n"
6540+ "1:\n"
6541+ _ASM_INC "%0\n"
6542+ "jmp 0b\n"
6543+ ".popsection\n"
6544+ _ASM_EXTABLE(0b, 1b)
6545+#endif
6546+
6547 : "+m" (l->a.counter));
6548 }
6549
6550 static inline void local_add(long i, local_t *l)
6551 {
6552- asm volatile(_ASM_ADD "%1,%0"
6553+ asm volatile(_ASM_ADD "%1,%0\n"
6554+
6555+#ifdef CONFIG_PAX_REFCOUNT
6556+#ifdef CONFIG_X86_32
6557+ "into\n0:\n"
6558+#else
6559+ "jno 0f\n"
6560+ "int $4\n0:\n"
6561+#endif
6562+ ".pushsection .fixup,\"ax\"\n"
6563+ "1:\n"
6564+ _ASM_SUB "%1,%0\n"
6565+ "jmp 0b\n"
6566+ ".popsection\n"
6567+ _ASM_EXTABLE(0b, 1b)
6568+#endif
6569+
6570 : "+m" (l->a.counter)
6571 : "ir" (i));
6572 }
6573
6574 static inline void local_sub(long i, local_t *l)
6575 {
6576- asm volatile(_ASM_SUB "%1,%0"
6577+ asm volatile(_ASM_SUB "%1,%0\n"
6578+
6579+#ifdef CONFIG_PAX_REFCOUNT
6580+#ifdef CONFIG_X86_32
6581+ "into\n0:\n"
6582+#else
6583+ "jno 0f\n"
6584+ "int $4\n0:\n"
6585+#endif
6586+ ".pushsection .fixup,\"ax\"\n"
6587+ "1:\n"
6588+ _ASM_ADD "%1,%0\n"
6589+ "jmp 0b\n"
6590+ ".popsection\n"
6591+ _ASM_EXTABLE(0b, 1b)
6592+#endif
6593+
6594 : "+m" (l->a.counter)
6595 : "ir" (i));
6596 }
6597@@ -55,7 +119,24 @@ static inline int local_sub_and_test(lon
6598 {
6599 unsigned char c;
6600
6601- asm volatile(_ASM_SUB "%2,%0; sete %1"
6602+ asm volatile(_ASM_SUB "%2,%0\n"
6603+
6604+#ifdef CONFIG_PAX_REFCOUNT
6605+#ifdef CONFIG_X86_32
6606+ "into\n0:\n"
6607+#else
6608+ "jno 0f\n"
6609+ "int $4\n0:\n"
6610+#endif
6611+ ".pushsection .fixup,\"ax\"\n"
6612+ "1:\n"
6613+ _ASM_ADD "%2,%0\n"
6614+ "jmp 0b\n"
6615+ ".popsection\n"
6616+ _ASM_EXTABLE(0b, 1b)
6617+#endif
6618+
6619+ "sete %1\n"
6620 : "+m" (l->a.counter), "=qm" (c)
6621 : "ir" (i) : "memory");
6622 return c;
6623@@ -73,7 +154,24 @@ static inline int local_dec_and_test(loc
6624 {
6625 unsigned char c;
6626
6627- asm volatile(_ASM_DEC "%0; sete %1"
6628+ asm volatile(_ASM_DEC "%0\n"
6629+
6630+#ifdef CONFIG_PAX_REFCOUNT
6631+#ifdef CONFIG_X86_32
6632+ "into\n0:\n"
6633+#else
6634+ "jno 0f\n"
6635+ "int $4\n0:\n"
6636+#endif
6637+ ".pushsection .fixup,\"ax\"\n"
6638+ "1:\n"
6639+ _ASM_INC "%0\n"
6640+ "jmp 0b\n"
6641+ ".popsection\n"
6642+ _ASM_EXTABLE(0b, 1b)
6643+#endif
6644+
6645+ "sete %1\n"
6646 : "+m" (l->a.counter), "=qm" (c)
6647 : : "memory");
6648 return c != 0;
6649@@ -91,7 +189,24 @@ static inline int local_inc_and_test(loc
6650 {
6651 unsigned char c;
6652
6653- asm volatile(_ASM_INC "%0; sete %1"
6654+ asm volatile(_ASM_INC "%0\n"
6655+
6656+#ifdef CONFIG_PAX_REFCOUNT
6657+#ifdef CONFIG_X86_32
6658+ "into\n0:\n"
6659+#else
6660+ "jno 0f\n"
6661+ "int $4\n0:\n"
6662+#endif
6663+ ".pushsection .fixup,\"ax\"\n"
6664+ "1:\n"
6665+ _ASM_DEC "%0\n"
6666+ "jmp 0b\n"
6667+ ".popsection\n"
6668+ _ASM_EXTABLE(0b, 1b)
6669+#endif
6670+
6671+ "sete %1\n"
6672 : "+m" (l->a.counter), "=qm" (c)
6673 : : "memory");
6674 return c != 0;
6675@@ -110,7 +225,24 @@ static inline int local_add_negative(lon
6676 {
6677 unsigned char c;
6678
6679- asm volatile(_ASM_ADD "%2,%0; sets %1"
6680+ asm volatile(_ASM_ADD "%2,%0\n"
6681+
6682+#ifdef CONFIG_PAX_REFCOUNT
6683+#ifdef CONFIG_X86_32
6684+ "into\n0:\n"
6685+#else
6686+ "jno 0f\n"
6687+ "int $4\n0:\n"
6688+#endif
6689+ ".pushsection .fixup,\"ax\"\n"
6690+ "1:\n"
6691+ _ASM_SUB "%2,%0\n"
6692+ "jmp 0b\n"
6693+ ".popsection\n"
6694+ _ASM_EXTABLE(0b, 1b)
6695+#endif
6696+
6697+ "sets %1\n"
6698 : "+m" (l->a.counter), "=qm" (c)
6699 : "ir" (i) : "memory");
6700 return c;
6701@@ -133,7 +265,23 @@ static inline long local_add_return(long
6702 #endif
6703 /* Modern 486+ processor */
6704 __i = i;
6705- asm volatile(_ASM_XADD "%0, %1;"
6706+ asm volatile(_ASM_XADD "%0, %1\n"
6707+
6708+#ifdef CONFIG_PAX_REFCOUNT
6709+#ifdef CONFIG_X86_32
6710+ "into\n0:\n"
6711+#else
6712+ "jno 0f\n"
6713+ "int $4\n0:\n"
6714+#endif
6715+ ".pushsection .fixup,\"ax\"\n"
6716+ "1:\n"
6717+ _ASM_MOV "%0,%1\n"
6718+ "jmp 0b\n"
6719+ ".popsection\n"
6720+ _ASM_EXTABLE(0b, 1b)
6721+#endif
6722+
6723 : "+r" (i), "+m" (l->a.counter)
6724 : : "memory");
6725 return i + __i;
6726diff -urNp linux-2.6.32.8/arch/x86/include/asm/microcode.h linux-2.6.32.8/arch/x86/include/asm/microcode.h
6727--- linux-2.6.32.8/arch/x86/include/asm/microcode.h 2010-02-09 07:57:19.000000000 -0500
6728+++ linux-2.6.32.8/arch/x86/include/asm/microcode.h 2010-02-13 21:45:09.878752773 -0500
6729@@ -12,13 +12,13 @@ struct device;
6730 enum ucode_state { UCODE_ERROR, UCODE_OK, UCODE_NFOUND };
6731
6732 struct microcode_ops {
6733- enum ucode_state (*request_microcode_user) (int cpu,
6734+ enum ucode_state (* const request_microcode_user) (int cpu,
6735 const void __user *buf, size_t size);
6736
6737- enum ucode_state (*request_microcode_fw) (int cpu,
6738+ enum ucode_state (* const request_microcode_fw) (int cpu,
6739 struct device *device);
6740
6741- void (*microcode_fini_cpu) (int cpu);
6742+ void (* const microcode_fini_cpu) (int cpu);
6743
6744 /*
6745 * The generic 'microcode_core' part guarantees that
6746@@ -38,18 +38,18 @@ struct ucode_cpu_info {
6747 extern struct ucode_cpu_info ucode_cpu_info[];
6748
6749 #ifdef CONFIG_MICROCODE_INTEL
6750-extern struct microcode_ops * __init init_intel_microcode(void);
6751+extern const struct microcode_ops * __init init_intel_microcode(void);
6752 #else
6753-static inline struct microcode_ops * __init init_intel_microcode(void)
6754+static inline const struct microcode_ops * __init init_intel_microcode(void)
6755 {
6756 return NULL;
6757 }
6758 #endif /* CONFIG_MICROCODE_INTEL */
6759
6760 #ifdef CONFIG_MICROCODE_AMD
6761-extern struct microcode_ops * __init init_amd_microcode(void);
6762+extern const struct microcode_ops * __init init_amd_microcode(void);
6763 #else
6764-static inline struct microcode_ops * __init init_amd_microcode(void)
6765+static inline const struct microcode_ops * __init init_amd_microcode(void)
6766 {
6767 return NULL;
6768 }
6769diff -urNp linux-2.6.32.8/arch/x86/include/asm/mman.h linux-2.6.32.8/arch/x86/include/asm/mman.h
6770--- linux-2.6.32.8/arch/x86/include/asm/mman.h 2010-02-09 07:57:19.000000000 -0500
6771+++ linux-2.6.32.8/arch/x86/include/asm/mman.h 2010-02-13 21:45:09.878752773 -0500
6772@@ -5,4 +5,14 @@
6773
6774 #include <asm-generic/mman.h>
6775
6776+#ifdef __KERNEL__
6777+#ifndef __ASSEMBLY__
6778+#ifdef CONFIG_X86_32
6779+#define arch_mmap_check i386_mmap_check
6780+int i386_mmap_check(unsigned long addr, unsigned long len,
6781+ unsigned long flags);
6782+#endif
6783+#endif
6784+#endif
6785+
6786 #endif /* _ASM_X86_MMAN_H */
6787diff -urNp linux-2.6.32.8/arch/x86/include/asm/mmu_context.h linux-2.6.32.8/arch/x86/include/asm/mmu_context.h
6788--- linux-2.6.32.8/arch/x86/include/asm/mmu_context.h 2010-02-09 07:57:19.000000000 -0500
6789+++ linux-2.6.32.8/arch/x86/include/asm/mmu_context.h 2010-02-13 21:45:09.878752773 -0500
6790@@ -34,11 +34,17 @@ static inline void switch_mm(struct mm_s
6791 struct task_struct *tsk)
6792 {
6793 unsigned cpu = smp_processor_id();
6794+#if defined(CONFIG_X86_32) && defined(CONFIG_SMP)
6795+ int tlbstate = TLBSTATE_OK;
6796+#endif
6797
6798 if (likely(prev != next)) {
6799 /* stop flush ipis for the previous mm */
6800 cpumask_clear_cpu(cpu, mm_cpumask(prev));
6801 #ifdef CONFIG_SMP
6802+#ifdef CONFIG_X86_32
6803+ tlbstate = percpu_read(cpu_tlbstate.state);
6804+#endif
6805 percpu_write(cpu_tlbstate.state, TLBSTATE_OK);
6806 percpu_write(cpu_tlbstate.active_mm, next);
6807 #endif
6808@@ -52,6 +58,26 @@ static inline void switch_mm(struct mm_s
6809 */
6810 if (unlikely(prev->context.ldt != next->context.ldt))
6811 load_LDT_nolock(&next->context);
6812+
6813+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
6814+ if (!nx_enabled) {
6815+ smp_mb__before_clear_bit();
6816+ cpu_clear(cpu, prev->context.cpu_user_cs_mask);
6817+ smp_mb__after_clear_bit();
6818+ cpu_set(cpu, next->context.cpu_user_cs_mask);
6819+ }
6820+#endif
6821+
6822+#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
6823+ if (unlikely(prev->context.user_cs_base != next->context.user_cs_base ||
6824+ prev->context.user_cs_limit != next->context.user_cs_limit))
6825+ set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
6826+#ifdef CONFIG_SMP
6827+ else if (unlikely(tlbstate != TLBSTATE_OK))
6828+ set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
6829+#endif
6830+#endif
6831+
6832 }
6833 #ifdef CONFIG_SMP
6834 else {
6835@@ -65,6 +91,19 @@ static inline void switch_mm(struct mm_s
6836 */
6837 load_cr3(next->pgd);
6838 load_LDT_nolock(&next->context);
6839+
6840+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
6841+ if (!nx_enabled)
6842+ cpu_set(cpu, next->context.cpu_user_cs_mask);
6843+#endif
6844+
6845+#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
6846+#ifdef CONFIG_PAX_PAGEEXEC
6847+ if (!((next->pax_flags & MF_PAX_PAGEEXEC) && nx_enabled))
6848+#endif
6849+ set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
6850+#endif
6851+
6852 }
6853 }
6854 #endif
6855diff -urNp linux-2.6.32.8/arch/x86/include/asm/mmu.h linux-2.6.32.8/arch/x86/include/asm/mmu.h
6856--- linux-2.6.32.8/arch/x86/include/asm/mmu.h 2010-02-09 07:57:19.000000000 -0500
6857+++ linux-2.6.32.8/arch/x86/include/asm/mmu.h 2010-02-13 21:45:09.878752773 -0500
6858@@ -9,10 +9,23 @@
6859 * we put the segment information here.
6860 */
6861 typedef struct {
6862- void *ldt;
6863+ struct desc_struct *ldt;
6864 int size;
6865 struct mutex lock;
6866- void *vdso;
6867+ unsigned long vdso;
6868+
6869+#ifdef CONFIG_X86_32
6870+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
6871+ unsigned long user_cs_base;
6872+ unsigned long user_cs_limit;
6873+
6874+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
6875+ cpumask_t cpu_user_cs_mask;
6876+#endif
6877+
6878+#endif
6879+#endif
6880+
6881 } mm_context_t;
6882
6883 #ifdef CONFIG_SMP
6884diff -urNp linux-2.6.32.8/arch/x86/include/asm/module.h linux-2.6.32.8/arch/x86/include/asm/module.h
6885--- linux-2.6.32.8/arch/x86/include/asm/module.h 2010-02-09 07:57:19.000000000 -0500
6886+++ linux-2.6.32.8/arch/x86/include/asm/module.h 2010-02-13 21:45:09.879916919 -0500
6887@@ -65,7 +65,12 @@
6888 # else
6889 # define MODULE_STACKSIZE ""
6890 # endif
6891-# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE
6892+# ifdef CONFIG_GRKERNSEC
6893+# define MODULE_GRSEC "GRSECURITY "
6894+# else
6895+# define MODULE_GRSEC ""
6896+# endif
6897+# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE MODULE_GRSEC
6898 #endif
6899
6900 #endif /* _ASM_X86_MODULE_H */
6901diff -urNp linux-2.6.32.8/arch/x86/include/asm/page_32_types.h linux-2.6.32.8/arch/x86/include/asm/page_32_types.h
6902--- linux-2.6.32.8/arch/x86/include/asm/page_32_types.h 2010-02-09 07:57:19.000000000 -0500
6903+++ linux-2.6.32.8/arch/x86/include/asm/page_32_types.h 2010-02-13 21:45:09.879916919 -0500
6904@@ -15,6 +15,10 @@
6905 */
6906 #define __PAGE_OFFSET _AC(CONFIG_PAGE_OFFSET, UL)
6907
6908+#ifdef CONFIG_PAX_PAGEEXEC
6909+#define CONFIG_ARCH_TRACK_EXEC_LIMIT 1
6910+#endif
6911+
6912 #ifdef CONFIG_4KSTACKS
6913 #define THREAD_ORDER 0
6914 #else
6915diff -urNp linux-2.6.32.8/arch/x86/include/asm/page_64_types.h linux-2.6.32.8/arch/x86/include/asm/page_64_types.h
6916--- linux-2.6.32.8/arch/x86/include/asm/page_64_types.h 2010-02-09 07:57:19.000000000 -0500
6917+++ linux-2.6.32.8/arch/x86/include/asm/page_64_types.h 2010-02-13 21:45:09.879916919 -0500
6918@@ -39,6 +39,9 @@
6919 #define __START_KERNEL (__START_KERNEL_map + __PHYSICAL_START)
6920 #define __START_KERNEL_map _AC(0xffffffff80000000, UL)
6921
6922+#define ktla_ktva(addr) (addr)
6923+#define ktva_ktla(addr) (addr)
6924+
6925 /* See Documentation/x86/x86_64/mm.txt for a description of the memory map. */
6926 #define __PHYSICAL_MASK_SHIFT 46
6927 #define __VIRTUAL_MASK_SHIFT 47
6928diff -urNp linux-2.6.32.8/arch/x86/include/asm/paravirt.h linux-2.6.32.8/arch/x86/include/asm/paravirt.h
6929--- linux-2.6.32.8/arch/x86/include/asm/paravirt.h 2010-02-09 07:57:19.000000000 -0500
6930+++ linux-2.6.32.8/arch/x86/include/asm/paravirt.h 2010-02-13 21:45:09.880585024 -0500
6931@@ -729,6 +729,21 @@ static inline void __set_fixmap(unsigned
6932 pv_mmu_ops.set_fixmap(idx, phys, flags);
6933 }
6934
6935+#ifdef CONFIG_PAX_KERNEXEC
6936+static inline unsigned long pax_open_kernel(void)
6937+{
6938+ return pv_mmu_ops.pax_open_kernel();
6939+}
6940+
6941+static inline unsigned long pax_close_kernel(void)
6942+{
6943+ return pv_mmu_ops.pax_close_kernel();
6944+}
6945+#else
6946+static inline unsigned long pax_open_kernel(void) { return 0; }
6947+static inline unsigned long pax_close_kernel(void) { return 0; }
6948+#endif
6949+
6950 #if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS)
6951
6952 static inline int __raw_spin_is_locked(struct raw_spinlock *lock)
6953@@ -845,7 +860,7 @@ static inline unsigned long __raw_local_
6954
6955 static inline void raw_local_irq_restore(unsigned long f)
6956 {
6957- PVOP_VCALLEE1(pv_irq_ops.restore_fl, f);
6958+ return PVOP_VCALLEE1(pv_irq_ops.restore_fl, f);
6959 }
6960
6961 static inline void raw_local_irq_disable(void)
6962@@ -945,7 +960,7 @@ extern void default_banner(void);
6963
6964 #define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4)
6965 #define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4)
6966-#define PARA_INDIRECT(addr) *%cs:addr
6967+#define PARA_INDIRECT(addr) *%ss:addr
6968 #endif
6969
6970 #define INTERRUPT_RETURN \
6971@@ -970,6 +985,31 @@ extern void default_banner(void);
6972 jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_usergs_sysret32))
6973
6974 #ifdef CONFIG_X86_32
6975+
6976+#ifdef CONFIG_PAX_KERNEXEC
6977+#define PAX_EXIT_KERNEL \
6978+ bt $16, %esi; \
6979+ jc 1f; \
6980+ push %eax; push %ecx; \
6981+ movl %esi, %eax; \
6982+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0);\
6983+ pop %ecx; pop %eax; \
6984+1:
6985+
6986+#define PAX_ENTER_KERNEL \
6987+ push %eax; push %ecx; \
6988+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \
6989+ movl %eax, %esi; \
6990+ bts $16, %eax; \
6991+ jc 1f; \
6992+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0);\
6993+1: \
6994+ pop %ecx; pop %eax;
6995+#else
6996+#define PAX_EXIT_KERNEL
6997+#define PAX_ENTER_KERNEL
6998+#endif
6999+
7000 #define GET_CR0_INTO_EAX \
7001 push %ecx; push %edx; \
7002 call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \
7003diff -urNp linux-2.6.32.8/arch/x86/include/asm/paravirt_types.h linux-2.6.32.8/arch/x86/include/asm/paravirt_types.h
7004--- linux-2.6.32.8/arch/x86/include/asm/paravirt_types.h 2010-02-09 07:57:19.000000000 -0500
7005+++ linux-2.6.32.8/arch/x86/include/asm/paravirt_types.h 2010-02-13 21:45:09.880585024 -0500
7006@@ -316,6 +316,12 @@ struct pv_mmu_ops {
7007 an mfn. We can tell which is which from the index. */
7008 void (*set_fixmap)(unsigned /* enum fixed_addresses */ idx,
7009 phys_addr_t phys, pgprot_t flags);
7010+
7011+#ifdef CONFIG_PAX_KERNEXEC
7012+ unsigned long (*pax_open_kernel)(void);
7013+ unsigned long (*pax_close_kernel)(void);
7014+#endif
7015+
7016 };
7017
7018 struct raw_spinlock;
7019diff -urNp linux-2.6.32.8/arch/x86/include/asm/pci_x86.h linux-2.6.32.8/arch/x86/include/asm/pci_x86.h
7020--- linux-2.6.32.8/arch/x86/include/asm/pci_x86.h 2010-02-09 07:57:19.000000000 -0500
7021+++ linux-2.6.32.8/arch/x86/include/asm/pci_x86.h 2010-02-13 21:45:09.880585024 -0500
7022@@ -89,16 +89,16 @@ extern int (*pcibios_enable_irq)(struct
7023 extern void (*pcibios_disable_irq)(struct pci_dev *dev);
7024
7025 struct pci_raw_ops {
7026- int (*read)(unsigned int domain, unsigned int bus, unsigned int devfn,
7027+ int (* const read)(unsigned int domain, unsigned int bus, unsigned int devfn,
7028 int reg, int len, u32 *val);
7029- int (*write)(unsigned int domain, unsigned int bus, unsigned int devfn,
7030+ int (* const write)(unsigned int domain, unsigned int bus, unsigned int devfn,
7031 int reg, int len, u32 val);
7032 };
7033
7034-extern struct pci_raw_ops *raw_pci_ops;
7035-extern struct pci_raw_ops *raw_pci_ext_ops;
7036+extern const struct pci_raw_ops *raw_pci_ops;
7037+extern const struct pci_raw_ops *raw_pci_ext_ops;
7038
7039-extern struct pci_raw_ops pci_direct_conf1;
7040+extern const struct pci_raw_ops pci_direct_conf1;
7041 extern bool port_cf9_safe;
7042
7043 /* arch_initcall level */
7044diff -urNp linux-2.6.32.8/arch/x86/include/asm/pgalloc.h linux-2.6.32.8/arch/x86/include/asm/pgalloc.h
7045--- linux-2.6.32.8/arch/x86/include/asm/pgalloc.h 2010-02-09 07:57:19.000000000 -0500
7046+++ linux-2.6.32.8/arch/x86/include/asm/pgalloc.h 2010-02-13 21:45:09.880585024 -0500
7047@@ -58,6 +58,13 @@ static inline void pmd_populate_kernel(s
7048 pmd_t *pmd, pte_t *pte)
7049 {
7050 paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
7051+ set_pmd(pmd, __pmd(__pa(pte) | _KERNPG_TABLE));
7052+}
7053+
7054+static inline void pmd_populate_user(struct mm_struct *mm,
7055+ pmd_t *pmd, pte_t *pte)
7056+{
7057+ paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
7058 set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE));
7059 }
7060
7061diff -urNp linux-2.6.32.8/arch/x86/include/asm/pgtable-2level.h linux-2.6.32.8/arch/x86/include/asm/pgtable-2level.h
7062--- linux-2.6.32.8/arch/x86/include/asm/pgtable-2level.h 2010-02-09 07:57:19.000000000 -0500
7063+++ linux-2.6.32.8/arch/x86/include/asm/pgtable-2level.h 2010-02-13 21:45:09.881750536 -0500
7064@@ -18,7 +18,9 @@ static inline void native_set_pte(pte_t
7065
7066 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
7067 {
7068+ pax_open_kernel();
7069 *pmdp = pmd;
7070+ pax_close_kernel();
7071 }
7072
7073 static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
7074diff -urNp linux-2.6.32.8/arch/x86/include/asm/pgtable_32.h linux-2.6.32.8/arch/x86/include/asm/pgtable_32.h
7075--- linux-2.6.32.8/arch/x86/include/asm/pgtable_32.h 2010-02-09 07:57:19.000000000 -0500
7076+++ linux-2.6.32.8/arch/x86/include/asm/pgtable_32.h 2010-02-13 21:45:09.881750536 -0500
7077@@ -26,8 +26,6 @@
7078 struct mm_struct;
7079 struct vm_area_struct;
7080
7081-extern pgd_t swapper_pg_dir[1024];
7082-
7083 static inline void pgtable_cache_init(void) { }
7084 static inline void check_pgt_cache(void) { }
7085 void paging_init(void);
7086@@ -48,6 +46,11 @@ extern void set_pmd_pfn(unsigned long, u
7087 # include <asm/pgtable-2level.h>
7088 #endif
7089
7090+extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
7091+#ifdef CONFIG_X86_PAE
7092+extern pmd_t swapper_pm_dir[PTRS_PER_PGD][PTRS_PER_PMD];
7093+#endif
7094+
7095 #if defined(CONFIG_HIGHPTE)
7096 #define __KM_PTE \
7097 (in_nmi() ? KM_NMI_PTE : \
7098@@ -72,7 +75,9 @@ extern void set_pmd_pfn(unsigned long, u
7099 /* Clear a kernel PTE and flush it from the TLB */
7100 #define kpte_clear_flush(ptep, vaddr) \
7101 do { \
7102+ pax_open_kernel(); \
7103 pte_clear(&init_mm, (vaddr), (ptep)); \
7104+ pax_close_kernel(); \
7105 __flush_tlb_one((vaddr)); \
7106 } while (0)
7107
7108@@ -84,6 +89,9 @@ do { \
7109
7110 #endif /* !__ASSEMBLY__ */
7111
7112+#define HAVE_ARCH_UNMAPPED_AREA
7113+#define HAVE_ARCH_UNMAPPED_AREA_TOPDOWN
7114+
7115 /*
7116 * kern_addr_valid() is (1) for FLATMEM and (0) for
7117 * SPARSEMEM and DISCONTIGMEM
7118diff -urNp linux-2.6.32.8/arch/x86/include/asm/pgtable_32_types.h linux-2.6.32.8/arch/x86/include/asm/pgtable_32_types.h
7119--- linux-2.6.32.8/arch/x86/include/asm/pgtable_32_types.h 2010-02-09 07:57:19.000000000 -0500
7120+++ linux-2.6.32.8/arch/x86/include/asm/pgtable_32_types.h 2010-02-13 21:45:09.881750536 -0500
7121@@ -8,7 +8,7 @@
7122 */
7123 #ifdef CONFIG_X86_PAE
7124 # include <asm/pgtable-3level_types.h>
7125-# define PMD_SIZE (1UL << PMD_SHIFT)
7126+# define PMD_SIZE (_AC(1, UL) << PMD_SHIFT)
7127 # define PMD_MASK (~(PMD_SIZE - 1))
7128 #else
7129 # include <asm/pgtable-2level_types.h>
7130@@ -46,6 +46,19 @@ extern bool __vmalloc_start_set; /* set
7131 # define VMALLOC_END (FIXADDR_START - 2 * PAGE_SIZE)
7132 #endif
7133
7134+#ifdef CONFIG_PAX_KERNEXEC
7135+#ifndef __ASSEMBLY__
7136+extern unsigned char MODULES_EXEC_VADDR[];
7137+extern unsigned char MODULES_EXEC_END[];
7138+#endif
7139+#include <asm/boot.h>
7140+#define ktla_ktva(addr) (addr + LOAD_PHYSICAL_ADDR + PAGE_OFFSET)
7141+#define ktva_ktla(addr) (addr - LOAD_PHYSICAL_ADDR - PAGE_OFFSET)
7142+#else
7143+#define ktla_ktva(addr) (addr)
7144+#define ktva_ktla(addr) (addr)
7145+#endif
7146+
7147 #define MODULES_VADDR VMALLOC_START
7148 #define MODULES_END VMALLOC_END
7149 #define MODULES_LEN (MODULES_VADDR - MODULES_END)
7150diff -urNp linux-2.6.32.8/arch/x86/include/asm/pgtable-3level.h linux-2.6.32.8/arch/x86/include/asm/pgtable-3level.h
7151--- linux-2.6.32.8/arch/x86/include/asm/pgtable-3level.h 2010-02-09 07:57:19.000000000 -0500
7152+++ linux-2.6.32.8/arch/x86/include/asm/pgtable-3level.h 2010-02-13 21:45:09.881750536 -0500
7153@@ -38,12 +38,16 @@ static inline void native_set_pte_atomic
7154
7155 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
7156 {
7157+ pax_open_kernel();
7158 set_64bit((unsigned long long *)(pmdp), native_pmd_val(pmd));
7159+ pax_close_kernel();
7160 }
7161
7162 static inline void native_set_pud(pud_t *pudp, pud_t pud)
7163 {
7164+ pax_open_kernel();
7165 set_64bit((unsigned long long *)(pudp), native_pud_val(pud));
7166+ pax_close_kernel();
7167 }
7168
7169 /*
7170diff -urNp linux-2.6.32.8/arch/x86/include/asm/pgtable_64.h linux-2.6.32.8/arch/x86/include/asm/pgtable_64.h
7171--- linux-2.6.32.8/arch/x86/include/asm/pgtable_64.h 2010-02-09 07:57:19.000000000 -0500
7172+++ linux-2.6.32.8/arch/x86/include/asm/pgtable_64.h 2010-02-13 21:45:09.881750536 -0500
7173@@ -16,9 +16,12 @@
7174
7175 extern pud_t level3_kernel_pgt[512];
7176 extern pud_t level3_ident_pgt[512];
7177+extern pud_t level3_vmalloc_pgt[512];
7178+extern pud_t level3_vmemmap_pgt[512];
7179+extern pud_t level2_vmemmap_pgt[512];
7180 extern pmd_t level2_kernel_pgt[512];
7181 extern pmd_t level2_fixmap_pgt[512];
7182-extern pmd_t level2_ident_pgt[512];
7183+extern pmd_t level2_ident_pgt[512*2];
7184 extern pgd_t init_level4_pgt[];
7185
7186 #define swapper_pg_dir init_level4_pgt
7187@@ -74,7 +77,9 @@ static inline pte_t native_ptep_get_and_
7188
7189 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
7190 {
7191+ pax_open_kernel();
7192 *pmdp = pmd;
7193+ pax_close_kernel();
7194 }
7195
7196 static inline void native_pmd_clear(pmd_t *pmd)
7197@@ -94,7 +99,9 @@ static inline void native_pud_clear(pud_
7198
7199 static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
7200 {
7201+ pax_open_kernel();
7202 *pgdp = pgd;
7203+ pax_close_kernel();
7204 }
7205
7206 static inline void native_pgd_clear(pgd_t *pgd)
7207diff -urNp linux-2.6.32.8/arch/x86/include/asm/pgtable.h linux-2.6.32.8/arch/x86/include/asm/pgtable.h
7208--- linux-2.6.32.8/arch/x86/include/asm/pgtable.h 2010-02-09 07:57:19.000000000 -0500
7209+++ linux-2.6.32.8/arch/x86/include/asm/pgtable.h 2010-02-13 21:45:09.881750536 -0500
7210@@ -74,12 +74,51 @@ extern struct list_head pgd_list;
7211
7212 #define arch_end_context_switch(prev) do {} while(0)
7213
7214+#define pax_open_kernel() native_pax_open_kernel()
7215+#define pax_close_kernel() native_pax_close_kernel()
7216 #endif /* CONFIG_PARAVIRT */
7217
7218+#define __HAVE_ARCH_PAX_OPEN_KERNEL
7219+#define __HAVE_ARCH_PAX_CLOSE_KERNEL
7220+
7221+#ifdef CONFIG_PAX_KERNEXEC
7222+static inline unsigned long native_pax_open_kernel(void)
7223+{
7224+ unsigned long cr0;
7225+
7226+ preempt_disable();
7227+ barrier();
7228+ cr0 = read_cr0();
7229+ BUG_ON(unlikely(!(cr0 & X86_CR0_WP)));
7230+ write_cr0(cr0 & ~X86_CR0_WP);
7231+ return cr0;
7232+}
7233+
7234+static inline unsigned long native_pax_close_kernel(void)
7235+{
7236+ unsigned long cr0;
7237+
7238+ cr0 = read_cr0();
7239+ BUG_ON(unlikely(cr0 & X86_CR0_WP));
7240+ write_cr0(cr0 | X86_CR0_WP);
7241+ barrier();
7242+ preempt_enable_no_resched();
7243+ return cr0;
7244+}
7245+#else
7246+static inline unsigned long native_pax_open_kernel(void) { return 0; }
7247+static inline unsigned long native_pax_close_kernel(void) { return 0; }
7248+#endif
7249+
7250 /*
7251 * The following only work if pte_present() is true.
7252 * Undefined behaviour if not..
7253 */
7254+static inline int pte_user(pte_t pte)
7255+{
7256+ return pte_val(pte) & _PAGE_USER;
7257+}
7258+
7259 static inline int pte_dirty(pte_t pte)
7260 {
7261 return pte_flags(pte) & _PAGE_DIRTY;
7262@@ -167,9 +206,29 @@ static inline pte_t pte_wrprotect(pte_t
7263 return pte_clear_flags(pte, _PAGE_RW);
7264 }
7265
7266+static inline pte_t pte_mkread(pte_t pte)
7267+{
7268+ return __pte(pte_val(pte) | _PAGE_USER);
7269+}
7270+
7271 static inline pte_t pte_mkexec(pte_t pte)
7272 {
7273- return pte_clear_flags(pte, _PAGE_NX);
7274+#ifdef CONFIG_X86_PAE
7275+ if (__supported_pte_mask & _PAGE_NX)
7276+ return pte_clear_flags(pte, _PAGE_NX);
7277+ else
7278+#endif
7279+ return pte_set_flags(pte, _PAGE_USER);
7280+}
7281+
7282+static inline pte_t pte_exprotect(pte_t pte)
7283+{
7284+#ifdef CONFIG_X86_PAE
7285+ if (__supported_pte_mask & _PAGE_NX)
7286+ return pte_set_flags(pte, _PAGE_NX);
7287+ else
7288+#endif
7289+ return pte_clear_flags(pte, _PAGE_USER);
7290 }
7291
7292 static inline pte_t pte_mkdirty(pte_t pte)
7293@@ -472,7 +531,7 @@ static inline pud_t *pud_offset(pgd_t *p
7294
7295 static inline int pgd_bad(pgd_t pgd)
7296 {
7297- return (pgd_flags(pgd) & ~_PAGE_USER) != _KERNPG_TABLE;
7298+ return (pgd_flags(pgd) & ~(_PAGE_USER | _PAGE_NX)) != _KERNPG_TABLE;
7299 }
7300
7301 static inline int pgd_none(pgd_t pgd)
7302@@ -613,7 +672,9 @@ static inline void ptep_set_wrprotect(st
7303 */
7304 static inline void clone_pgd_range(pgd_t *dst, pgd_t *src, int count)
7305 {
7306- memcpy(dst, src, count * sizeof(pgd_t));
7307+ pax_open_kernel();
7308+ memcpy(dst, src, count * sizeof(pgd_t));
7309+ pax_close_kernel();
7310 }
7311
7312
7313diff -urNp linux-2.6.32.8/arch/x86/include/asm/pgtable_types.h linux-2.6.32.8/arch/x86/include/asm/pgtable_types.h
7314--- linux-2.6.32.8/arch/x86/include/asm/pgtable_types.h 2010-02-09 07:57:19.000000000 -0500
7315+++ linux-2.6.32.8/arch/x86/include/asm/pgtable_types.h 2010-02-13 21:45:09.882907109 -0500
7316@@ -16,12 +16,11 @@
7317 #define _PAGE_BIT_PSE 7 /* 4 MB (or 2MB) page */
7318 #define _PAGE_BIT_PAT 7 /* on 4KB pages */
7319 #define _PAGE_BIT_GLOBAL 8 /* Global TLB entry PPro+ */
7320-#define _PAGE_BIT_UNUSED1 9 /* available for programmer */
7321+#define _PAGE_BIT_SPECIAL 9 /* special mappings, no associated struct page */
7322 #define _PAGE_BIT_IOMAP 10 /* flag used to indicate IO mapping */
7323 #define _PAGE_BIT_HIDDEN 11 /* hidden by kmemcheck */
7324 #define _PAGE_BIT_PAT_LARGE 12 /* On 2MB or 1GB pages */
7325-#define _PAGE_BIT_SPECIAL _PAGE_BIT_UNUSED1
7326-#define _PAGE_BIT_CPA_TEST _PAGE_BIT_UNUSED1
7327+#define _PAGE_BIT_CPA_TEST _PAGE_BIT_SPECIAL
7328 #define _PAGE_BIT_NX 63 /* No execute: only valid after cpuid check */
7329
7330 /* If _PAGE_BIT_PRESENT is clear, we use these: */
7331@@ -39,7 +38,6 @@
7332 #define _PAGE_DIRTY (_AT(pteval_t, 1) << _PAGE_BIT_DIRTY)
7333 #define _PAGE_PSE (_AT(pteval_t, 1) << _PAGE_BIT_PSE)
7334 #define _PAGE_GLOBAL (_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL)
7335-#define _PAGE_UNUSED1 (_AT(pteval_t, 1) << _PAGE_BIT_UNUSED1)
7336 #define _PAGE_IOMAP (_AT(pteval_t, 1) << _PAGE_BIT_IOMAP)
7337 #define _PAGE_PAT (_AT(pteval_t, 1) << _PAGE_BIT_PAT)
7338 #define _PAGE_PAT_LARGE (_AT(pteval_t, 1) << _PAGE_BIT_PAT_LARGE)
7339@@ -55,8 +53,10 @@
7340
7341 #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
7342 #define _PAGE_NX (_AT(pteval_t, 1) << _PAGE_BIT_NX)
7343-#else
7344+#elif defined(CONFIG_KMEMCHECK)
7345 #define _PAGE_NX (_AT(pteval_t, 0))
7346+#else
7347+#define _PAGE_NX (_AT(pteval_t, 1) << _PAGE_BIT_HIDDEN)
7348 #endif
7349
7350 #define _PAGE_FILE (_AT(pteval_t, 1) << _PAGE_BIT_FILE)
7351@@ -93,6 +93,9 @@
7352 #define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | \
7353 _PAGE_ACCESSED)
7354
7355+#define PAGE_READONLY_NOEXEC PAGE_READONLY
7356+#define PAGE_SHARED_NOEXEC PAGE_SHARED
7357+
7358 #define __PAGE_KERNEL_EXEC \
7359 (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_GLOBAL)
7360 #define __PAGE_KERNEL (__PAGE_KERNEL_EXEC | _PAGE_NX)
7361@@ -103,8 +106,8 @@
7362 #define __PAGE_KERNEL_WC (__PAGE_KERNEL | _PAGE_CACHE_WC)
7363 #define __PAGE_KERNEL_NOCACHE (__PAGE_KERNEL | _PAGE_PCD | _PAGE_PWT)
7364 #define __PAGE_KERNEL_UC_MINUS (__PAGE_KERNEL | _PAGE_PCD)
7365-#define __PAGE_KERNEL_VSYSCALL (__PAGE_KERNEL_RX | _PAGE_USER)
7366-#define __PAGE_KERNEL_VSYSCALL_NOCACHE (__PAGE_KERNEL_VSYSCALL | _PAGE_PCD | _PAGE_PWT)
7367+#define __PAGE_KERNEL_VSYSCALL (__PAGE_KERNEL_RO | _PAGE_USER)
7368+#define __PAGE_KERNEL_VSYSCALL_NOCACHE (__PAGE_KERNEL_RO | _PAGE_PCD | _PAGE_PWT | _PAGE_USER)
7369 #define __PAGE_KERNEL_LARGE (__PAGE_KERNEL | _PAGE_PSE)
7370 #define __PAGE_KERNEL_LARGE_NOCACHE (__PAGE_KERNEL | _PAGE_CACHE_UC | _PAGE_PSE)
7371 #define __PAGE_KERNEL_LARGE_EXEC (__PAGE_KERNEL_EXEC | _PAGE_PSE)
7372@@ -163,8 +166,8 @@
7373 * bits are combined, this will alow user to access the high address mapped
7374 * VDSO in the presence of CONFIG_COMPAT_VDSO
7375 */
7376-#define PTE_IDENT_ATTR 0x003 /* PRESENT+RW */
7377-#define PDE_IDENT_ATTR 0x067 /* PRESENT+RW+USER+DIRTY+ACCESSED */
7378+#define PTE_IDENT_ATTR 0x063 /* PRESENT+RW+DIRTY+ACCESSED */
7379+#define PDE_IDENT_ATTR 0x063 /* PRESENT+RW+DIRTY+ACCESSED */
7380 #define PGD_IDENT_ATTR 0x001 /* PRESENT (no other attributes) */
7381 #endif
7382
7383@@ -278,7 +281,16 @@ typedef struct page *pgtable_t;
7384
7385 extern pteval_t __supported_pte_mask;
7386 extern void set_nx(void);
7387+
7388+#ifdef CONFIG_X86_32
7389+#ifdef CONFIG_X86_PAE
7390 extern int nx_enabled;
7391+#else
7392+#define nx_enabled (0)
7393+#endif
7394+#else
7395+#define nx_enabled (1)
7396+#endif
7397
7398 #define pgprot_writecombine pgprot_writecombine
7399 extern pgprot_t pgprot_writecombine(pgprot_t prot);
7400diff -urNp linux-2.6.32.8/arch/x86/include/asm/processor.h linux-2.6.32.8/arch/x86/include/asm/processor.h
7401--- linux-2.6.32.8/arch/x86/include/asm/processor.h 2010-02-09 07:57:19.000000000 -0500
7402+++ linux-2.6.32.8/arch/x86/include/asm/processor.h 2010-02-13 21:45:09.883637641 -0500
7403@@ -272,7 +272,7 @@ struct tss_struct {
7404
7405 } ____cacheline_aligned;
7406
7407-DECLARE_PER_CPU_SHARED_ALIGNED(struct tss_struct, init_tss);
7408+extern struct tss_struct init_tss[NR_CPUS];
7409
7410 /*
7411 * Save the original ist values for checking stack pointers during debugging
7412@@ -911,8 +911,17 @@ static inline void spin_lock_prefetch(co
7413 */
7414 #define TASK_SIZE PAGE_OFFSET
7415 #define TASK_SIZE_MAX TASK_SIZE
7416+
7417+#ifdef CONFIG_PAX_SEGMEXEC
7418+#define SEGMEXEC_TASK_SIZE (TASK_SIZE / 2)
7419+#endif
7420+
7421+#ifdef CONFIG_PAX_SEGMEXEC
7422+#define STACK_TOP ((current->mm->pax_flags & MF_PAX_SEGMEXEC)?SEGMEXEC_TASK_SIZE:TASK_SIZE)
7423+#else
7424 #define STACK_TOP TASK_SIZE
7425-#define STACK_TOP_MAX STACK_TOP
7426+#endif
7427+#define STACK_TOP_MAX TASK_SIZE
7428
7429 #define INIT_THREAD { \
7430 .sp0 = sizeof(init_stack) + (long)&init_stack, \
7431@@ -929,7 +938,7 @@ static inline void spin_lock_prefetch(co
7432 */
7433 #define INIT_TSS { \
7434 .x86_tss = { \
7435- .sp0 = sizeof(init_stack) + (long)&init_stack, \
7436+ .sp0 = sizeof(init_stack) + (long)&init_stack - 8, \
7437 .ss0 = __KERNEL_DS, \
7438 .ss1 = __KERNEL_CS, \
7439 .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \
7440@@ -940,11 +949,7 @@ static inline void spin_lock_prefetch(co
7441 extern unsigned long thread_saved_pc(struct task_struct *tsk);
7442
7443 #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long))
7444-#define KSTK_TOP(info) \
7445-({ \
7446- unsigned long *__ptr = (unsigned long *)(info); \
7447- (unsigned long)(&__ptr[THREAD_SIZE_LONGS]); \
7448-})
7449+#define KSTK_TOP(info) ((info)->task.thread.sp0)
7450
7451 /*
7452 * The below -8 is to reserve 8 bytes on top of the ring0 stack.
7453@@ -959,7 +964,7 @@ extern unsigned long thread_saved_pc(str
7454 #define task_pt_regs(task) \
7455 ({ \
7456 struct pt_regs *__regs__; \
7457- __regs__ = (struct pt_regs *)(KSTK_TOP(task_stack_page(task))-8); \
7458+ __regs__ = (struct pt_regs *)((task)->thread.sp0); \
7459 __regs__ - 1; \
7460 })
7461
7462@@ -975,7 +980,7 @@ extern unsigned long thread_saved_pc(str
7463 * space during mmap's.
7464 */
7465 #define IA32_PAGE_OFFSET ((current->personality & ADDR_LIMIT_3GB) ? \
7466- 0xc0000000 : 0xFFFFe000)
7467+ 0xc0000000 : 0xFFFFf000)
7468
7469 #define TASK_SIZE (test_thread_flag(TIF_IA32) ? \
7470 IA32_PAGE_OFFSET : TASK_SIZE_MAX)
7471@@ -1012,6 +1017,10 @@ extern void start_thread(struct pt_regs
7472 */
7473 #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3))
7474
7475+#ifdef CONFIG_PAX_SEGMEXEC
7476+#define SEGMEXEC_TASK_UNMAPPED_BASE (PAGE_ALIGN(SEGMEXEC_TASK_SIZE / 3))
7477+#endif
7478+
7479 #define KSTK_EIP(task) (task_pt_regs(task)->ip)
7480
7481 /* Get/set a process' ability to use the timestamp counter instruction */
7482diff -urNp linux-2.6.32.8/arch/x86/include/asm/ptrace.h linux-2.6.32.8/arch/x86/include/asm/ptrace.h
7483--- linux-2.6.32.8/arch/x86/include/asm/ptrace.h 2010-02-09 07:57:19.000000000 -0500
7484+++ linux-2.6.32.8/arch/x86/include/asm/ptrace.h 2010-02-13 21:45:09.883637641 -0500
7485@@ -151,28 +151,29 @@ static inline unsigned long regs_return_
7486 }
7487
7488 /*
7489- * user_mode_vm(regs) determines whether a register set came from user mode.
7490+ * user_mode(regs) determines whether a register set came from user mode.
7491 * This is true if V8086 mode was enabled OR if the register set was from
7492 * protected mode with RPL-3 CS value. This tricky test checks that with
7493 * one comparison. Many places in the kernel can bypass this full check
7494- * if they have already ruled out V8086 mode, so user_mode(regs) can be used.
7495+ * if they have already ruled out V8086 mode, so user_mode_novm(regs) can
7496+ * be used.
7497 */
7498-static inline int user_mode(struct pt_regs *regs)
7499+static inline int user_mode_novm(struct pt_regs *regs)
7500 {
7501 #ifdef CONFIG_X86_32
7502 return (regs->cs & SEGMENT_RPL_MASK) == USER_RPL;
7503 #else
7504- return !!(regs->cs & 3);
7505+ return !!(regs->cs & SEGMENT_RPL_MASK);
7506 #endif
7507 }
7508
7509-static inline int user_mode_vm(struct pt_regs *regs)
7510+static inline int user_mode(struct pt_regs *regs)
7511 {
7512 #ifdef CONFIG_X86_32
7513 return ((regs->cs & SEGMENT_RPL_MASK) | (regs->flags & X86_VM_MASK)) >=
7514 USER_RPL;
7515 #else
7516- return user_mode(regs);
7517+ return user_mode_novm(regs);
7518 #endif
7519 }
7520
7521diff -urNp linux-2.6.32.8/arch/x86/include/asm/reboot.h linux-2.6.32.8/arch/x86/include/asm/reboot.h
7522--- linux-2.6.32.8/arch/x86/include/asm/reboot.h 2010-02-09 07:57:19.000000000 -0500
7523+++ linux-2.6.32.8/arch/x86/include/asm/reboot.h 2010-02-13 21:45:09.883637641 -0500
7524@@ -18,7 +18,7 @@ extern struct machine_ops machine_ops;
7525
7526 void native_machine_crash_shutdown(struct pt_regs *regs);
7527 void native_machine_shutdown(void);
7528-void machine_real_restart(const unsigned char *code, int length);
7529+void machine_real_restart(const unsigned char *code, unsigned int length);
7530
7531 typedef void (*nmi_shootdown_cb)(int, struct die_args*);
7532 void nmi_shootdown_cpus(nmi_shootdown_cb callback);
7533diff -urNp linux-2.6.32.8/arch/x86/include/asm/rwsem.h linux-2.6.32.8/arch/x86/include/asm/rwsem.h
7534--- linux-2.6.32.8/arch/x86/include/asm/rwsem.h 2010-02-09 07:57:19.000000000 -0500
7535+++ linux-2.6.32.8/arch/x86/include/asm/rwsem.h 2010-02-13 21:45:09.883637641 -0500
7536@@ -106,10 +106,26 @@ static inline void __down_read(struct rw
7537 {
7538 asm volatile("# beginning down_read\n\t"
7539 LOCK_PREFIX " incl (%%eax)\n\t"
7540+
7541+#ifdef CONFIG_PAX_REFCOUNT
7542+#ifdef CONFIG_X86_32
7543+ "into\n0:\n"
7544+#else
7545+ "jno 0f\n"
7546+ "int $4\n0:\n"
7547+#endif
7548+ ".pushsection .fixup,\"ax\"\n"
7549+ "1:\n"
7550+ LOCK_PREFIX "decl (%%eax)\n"
7551+ "jmp 0b\n"
7552+ ".popsection\n"
7553+ _ASM_EXTABLE(0b, 1b)
7554+#endif
7555+
7556 /* adds 0x00000001, returns the old value */
7557- " jns 1f\n"
7558+ " jns 2f\n"
7559 " call call_rwsem_down_read_failed\n"
7560- "1:\n\t"
7561+ "2:\n\t"
7562 "# ending down_read\n\t"
7563 : "+m" (sem->count)
7564 : "a" (sem)
7565@@ -124,13 +140,29 @@ static inline int __down_read_trylock(st
7566 __s32 result, tmp;
7567 asm volatile("# beginning __down_read_trylock\n\t"
7568 " movl %0,%1\n\t"
7569- "1:\n\t"
7570+ "2:\n\t"
7571 " movl %1,%2\n\t"
7572 " addl %3,%2\n\t"
7573- " jle 2f\n\t"
7574+
7575+#ifdef CONFIG_PAX_REFCOUNT
7576+#ifdef CONFIG_X86_32
7577+ "into\n0:\n"
7578+#else
7579+ "jno 0f\n"
7580+ "int $4\n0:\n"
7581+#endif
7582+ ".pushsection .fixup,\"ax\"\n"
7583+ "1:\n"
7584+ "subl %3,%2\n"
7585+ "jmp 0b\n"
7586+ ".popsection\n"
7587+ _ASM_EXTABLE(0b, 1b)
7588+#endif
7589+
7590+ " jle 3f\n\t"
7591 LOCK_PREFIX " cmpxchgl %2,%0\n\t"
7592- " jnz 1b\n\t"
7593- "2:\n\t"
7594+ " jnz 2b\n\t"
7595+ "3:\n\t"
7596 "# ending __down_read_trylock\n\t"
7597 : "+m" (sem->count), "=&a" (result), "=&r" (tmp)
7598 : "i" (RWSEM_ACTIVE_READ_BIAS)
7599@@ -148,12 +180,28 @@ static inline void __down_write_nested(s
7600 tmp = RWSEM_ACTIVE_WRITE_BIAS;
7601 asm volatile("# beginning down_write\n\t"
7602 LOCK_PREFIX " xadd %%edx,(%%eax)\n\t"
7603+
7604+#ifdef CONFIG_PAX_REFCOUNT
7605+#ifdef CONFIG_X86_32
7606+ "into\n0:\n"
7607+#else
7608+ "jno 0f\n"
7609+ "int $4\n0:\n"
7610+#endif
7611+ ".pushsection .fixup,\"ax\"\n"
7612+ "1:\n"
7613+ "movl %%edx,(%%eax)\n"
7614+ "jmp 0b\n"
7615+ ".popsection\n"
7616+ _ASM_EXTABLE(0b, 1b)
7617+#endif
7618+
7619 /* subtract 0x0000ffff, returns the old value */
7620 " testl %%edx,%%edx\n\t"
7621 /* was the count 0 before? */
7622- " jz 1f\n"
7623+ " jz 2f\n"
7624 " call call_rwsem_down_write_failed\n"
7625- "1:\n"
7626+ "2:\n"
7627 "# ending down_write"
7628 : "+m" (sem->count), "=d" (tmp)
7629 : "a" (sem), "1" (tmp)
7630@@ -186,10 +234,26 @@ static inline void __up_read(struct rw_s
7631 __s32 tmp = -RWSEM_ACTIVE_READ_BIAS;
7632 asm volatile("# beginning __up_read\n\t"
7633 LOCK_PREFIX " xadd %%edx,(%%eax)\n\t"
7634+
7635+#ifdef CONFIG_PAX_REFCOUNT
7636+#ifdef CONFIG_X86_32
7637+ "into\n0:\n"
7638+#else
7639+ "jno 0f\n"
7640+ "int $4\n0:\n"
7641+#endif
7642+ ".pushsection .fixup,\"ax\"\n"
7643+ "1:\n"
7644+ "movl %%edx,(%%eax)\n"
7645+ "jmp 0b\n"
7646+ ".popsection\n"
7647+ _ASM_EXTABLE(0b, 1b)
7648+#endif
7649+
7650 /* subtracts 1, returns the old value */
7651- " jns 1f\n\t"
7652+ " jns 2f\n\t"
7653 " call call_rwsem_wake\n"
7654- "1:\n"
7655+ "2:\n"
7656 "# ending __up_read\n"
7657 : "+m" (sem->count), "=d" (tmp)
7658 : "a" (sem), "1" (tmp)
7659@@ -204,11 +268,27 @@ static inline void __up_write(struct rw_
7660 asm volatile("# beginning __up_write\n\t"
7661 " movl %2,%%edx\n\t"
7662 LOCK_PREFIX " xaddl %%edx,(%%eax)\n\t"
7663+
7664+#ifdef CONFIG_PAX_REFCOUNT
7665+#ifdef CONFIG_X86_32
7666+ "into\n0:\n"
7667+#else
7668+ "jno 0f\n"
7669+ "int $4\n0:\n"
7670+#endif
7671+ ".pushsection .fixup,\"ax\"\n"
7672+ "1:\n"
7673+ "movl %%edx,(%%eax)\n"
7674+ "jmp 0b\n"
7675+ ".popsection\n"
7676+ _ASM_EXTABLE(0b, 1b)
7677+#endif
7678+
7679 /* tries to transition
7680 0xffff0001 -> 0x00000000 */
7681- " jz 1f\n"
7682+ " jz 2f\n"
7683 " call call_rwsem_wake\n"
7684- "1:\n\t"
7685+ "2:\n\t"
7686 "# ending __up_write\n"
7687 : "+m" (sem->count)
7688 : "a" (sem), "i" (-RWSEM_ACTIVE_WRITE_BIAS)
7689@@ -222,10 +302,26 @@ static inline void __downgrade_write(str
7690 {
7691 asm volatile("# beginning __downgrade_write\n\t"
7692 LOCK_PREFIX " addl %2,(%%eax)\n\t"
7693+
7694+#ifdef CONFIG_PAX_REFCOUNT
7695+#ifdef CONFIG_X86_32
7696+ "into\n0:\n"
7697+#else
7698+ "jno 0f\n"
7699+ "int $4\n0:\n"
7700+#endif
7701+ ".pushsection .fixup,\"ax\"\n"
7702+ "1:\n"
7703+ LOCK_PREFIX "subl %2,(%%eax)\n"
7704+ "jmp 0b\n"
7705+ ".popsection\n"
7706+ _ASM_EXTABLE(0b, 1b)
7707+#endif
7708+
7709 /* transitions 0xZZZZ0001 -> 0xYYYY0001 */
7710- " jns 1f\n\t"
7711+ " jns 2f\n\t"
7712 " call call_rwsem_downgrade_wake\n"
7713- "1:\n\t"
7714+ "2:\n\t"
7715 "# ending __downgrade_write\n"
7716 : "+m" (sem->count)
7717 : "a" (sem), "i" (-RWSEM_WAITING_BIAS)
7718@@ -237,7 +333,23 @@ static inline void __downgrade_write(str
7719 */
7720 static inline void rwsem_atomic_add(int delta, struct rw_semaphore *sem)
7721 {
7722- asm volatile(LOCK_PREFIX "addl %1,%0"
7723+ asm volatile(LOCK_PREFIX "addl %1,%0\n"
7724+
7725+#ifdef CONFIG_PAX_REFCOUNT
7726+#ifdef CONFIG_X86_32
7727+ "into\n0:\n"
7728+#else
7729+ "jno 0f\n"
7730+ "int $4\n0:\n"
7731+#endif
7732+ ".pushsection .fixup,\"ax\"\n"
7733+ "1:\n"
7734+ LOCK_PREFIX "subl %1,%0\n"
7735+ "jmp 0b\n"
7736+ ".popsection\n"
7737+ _ASM_EXTABLE(0b, 1b)
7738+#endif
7739+
7740 : "+m" (sem->count)
7741 : "ir" (delta));
7742 }
7743@@ -249,7 +361,23 @@ static inline int rwsem_atomic_update(in
7744 {
7745 int tmp = delta;
7746
7747- asm volatile(LOCK_PREFIX "xadd %0,%1"
7748+ asm volatile(LOCK_PREFIX "xadd %0,%1\n"
7749+
7750+#ifdef CONFIG_PAX_REFCOUNT
7751+#ifdef CONFIG_X86_32
7752+ "into\n0:\n"
7753+#else
7754+ "jno 0f\n"
7755+ "int $4\n0:\n"
7756+#endif
7757+ ".pushsection .fixup,\"ax\"\n"
7758+ "1:\n"
7759+ "movl %0,%1\n"
7760+ "jmp 0b\n"
7761+ ".popsection\n"
7762+ _ASM_EXTABLE(0b, 1b)
7763+#endif
7764+
7765 : "+r" (tmp), "+m" (sem->count)
7766 : : "memory");
7767
7768diff -urNp linux-2.6.32.8/arch/x86/include/asm/segment.h linux-2.6.32.8/arch/x86/include/asm/segment.h
7769--- linux-2.6.32.8/arch/x86/include/asm/segment.h 2010-02-09 07:57:19.000000000 -0500
7770+++ linux-2.6.32.8/arch/x86/include/asm/segment.h 2010-02-13 21:45:09.910684727 -0500
7771@@ -88,7 +88,7 @@
7772 #define GDT_ENTRY_ESPFIX_SS (GDT_ENTRY_KERNEL_BASE + 14)
7773 #define __ESPFIX_SS (GDT_ENTRY_ESPFIX_SS * 8)
7774
7775-#define GDT_ENTRY_PERCPU (GDT_ENTRY_KERNEL_BASE + 15)
7776+#define GDT_ENTRY_PERCPU (GDT_ENTRY_KERNEL_BASE + 15)
7777 #ifdef CONFIG_SMP
7778 #define __KERNEL_PERCPU (GDT_ENTRY_PERCPU * 8)
7779 #else
7780@@ -102,6 +102,12 @@
7781 #define __KERNEL_STACK_CANARY 0
7782 #endif
7783
7784+#define GDT_ENTRY_PCIBIOS_CS (GDT_ENTRY_KERNEL_BASE + 17)
7785+#define __PCIBIOS_CS (GDT_ENTRY_PCIBIOS_CS * 8)
7786+
7787+#define GDT_ENTRY_PCIBIOS_DS (GDT_ENTRY_KERNEL_BASE + 18)
7788+#define __PCIBIOS_DS (GDT_ENTRY_PCIBIOS_DS * 8)
7789+
7790 #define GDT_ENTRY_DOUBLEFAULT_TSS 31
7791
7792 /*
7793@@ -139,7 +145,7 @@
7794 */
7795
7796 /* Matches PNP_CS32 and PNP_CS16 (they must be consecutive) */
7797-#define SEGMENT_IS_PNP_CODE(x) (((x) & 0xf4) == GDT_ENTRY_PNPBIOS_BASE * 8)
7798+#define SEGMENT_IS_PNP_CODE(x) (((x) & 0xFFFCU) == PNP_CS32 || ((x) & 0xFFFCU) == PNP_CS16)
7799
7800
7801 #else
7802diff -urNp linux-2.6.32.8/arch/x86/include/asm/spinlock.h linux-2.6.32.8/arch/x86/include/asm/spinlock.h
7803--- linux-2.6.32.8/arch/x86/include/asm/spinlock.h 2010-02-09 07:57:19.000000000 -0500
7804+++ linux-2.6.32.8/arch/x86/include/asm/spinlock.h 2010-02-13 21:45:09.910684727 -0500
7805@@ -249,18 +249,50 @@ static inline int __raw_write_can_lock(r
7806 static inline void __raw_read_lock(raw_rwlock_t *rw)
7807 {
7808 asm volatile(LOCK_PREFIX " subl $1,(%0)\n\t"
7809- "jns 1f\n"
7810- "call __read_lock_failed\n\t"
7811+
7812+#ifdef CONFIG_PAX_REFCOUNT
7813+#ifdef CONFIG_X86_32
7814+ "into\n0:\n"
7815+#else
7816+ "jno 0f\n"
7817+ "int $4\n0:\n"
7818+#endif
7819+ ".pushsection .fixup,\"ax\"\n"
7820 "1:\n"
7821+ LOCK_PREFIX " addl $1,(%0)\n"
7822+ "jmp 0b\n"
7823+ ".popsection\n"
7824+ _ASM_EXTABLE(0b, 1b)
7825+#endif
7826+
7827+ "jns 2f\n"
7828+ "call __read_lock_failed\n\t"
7829+ "2:\n"
7830 ::LOCK_PTR_REG (rw) : "memory");
7831 }
7832
7833 static inline void __raw_write_lock(raw_rwlock_t *rw)
7834 {
7835 asm volatile(LOCK_PREFIX " subl %1,(%0)\n\t"
7836- "jz 1f\n"
7837- "call __write_lock_failed\n\t"
7838+
7839+#ifdef CONFIG_PAX_REFCOUNT
7840+#ifdef CONFIG_X86_32
7841+ "into\n0:\n"
7842+#else
7843+ "jno 0f\n"
7844+ "int $4\n0:\n"
7845+#endif
7846+ ".pushsection .fixup,\"ax\"\n"
7847 "1:\n"
7848+ LOCK_PREFIX " addl %1,(%0)\n"
7849+ "jmp 0b\n"
7850+ ".popsection\n"
7851+ _ASM_EXTABLE(0b, 1b)
7852+#endif
7853+
7854+ "jz 2f\n"
7855+ "call __write_lock_failed\n\t"
7856+ "2:\n"
7857 ::LOCK_PTR_REG (rw), "i" (RW_LOCK_BIAS) : "memory");
7858 }
7859
7860@@ -286,12 +318,45 @@ static inline int __raw_write_trylock(ra
7861
7862 static inline void __raw_read_unlock(raw_rwlock_t *rw)
7863 {
7864- asm volatile(LOCK_PREFIX "incl %0" :"+m" (rw->lock) : : "memory");
7865+ asm volatile(LOCK_PREFIX "incl %0\n"
7866+
7867+#ifdef CONFIG_PAX_REFCOUNT
7868+#ifdef CONFIG_X86_32
7869+ "into\n0:\n"
7870+#else
7871+ "jno 0f\n"
7872+ "int $4\n0:\n"
7873+#endif
7874+ ".pushsection .fixup,\"ax\"\n"
7875+ "1:\n"
7876+ LOCK_PREFIX "decl %0\n"
7877+ "jmp 0b\n"
7878+ ".popsection\n"
7879+ _ASM_EXTABLE(0b, 1b)
7880+#endif
7881+
7882+ :"+m" (rw->lock) : : "memory");
7883 }
7884
7885 static inline void __raw_write_unlock(raw_rwlock_t *rw)
7886 {
7887- asm volatile(LOCK_PREFIX "addl %1, %0"
7888+ asm volatile(LOCK_PREFIX "addl %1, %0\n"
7889+
7890+#ifdef CONFIG_PAX_REFCOUNT
7891+#ifdef CONFIG_X86_32
7892+ "into\n0:\n"
7893+#else
7894+ "jno 0f\n"
7895+ "int $4\n0:\n"
7896+#endif
7897+ ".pushsection .fixup,\"ax\"\n"
7898+ "1:\n"
7899+ LOCK_PREFIX "subl %1,%0\n"
7900+ "jmp 0b\n"
7901+ ".popsection\n"
7902+ _ASM_EXTABLE(0b, 1b)
7903+#endif
7904+
7905 : "+m" (rw->lock) : "i" (RW_LOCK_BIAS) : "memory");
7906 }
7907
7908diff -urNp linux-2.6.32.8/arch/x86/include/asm/system.h linux-2.6.32.8/arch/x86/include/asm/system.h
7909--- linux-2.6.32.8/arch/x86/include/asm/system.h 2010-02-09 07:57:19.000000000 -0500
7910+++ linux-2.6.32.8/arch/x86/include/asm/system.h 2010-02-13 21:45:09.910684727 -0500
7911@@ -200,7 +200,7 @@ static inline unsigned long get_limit(un
7912 {
7913 unsigned long __limit;
7914 asm("lsll %1,%0" : "=r" (__limit) : "r" (segment));
7915- return __limit + 1;
7916+ return __limit;
7917 }
7918
7919 static inline void native_clts(void)
7920@@ -340,7 +340,7 @@ void enable_hlt(void);
7921
7922 void cpu_idle_wait(void);
7923
7924-extern unsigned long arch_align_stack(unsigned long sp);
7925+#define arch_align_stack(x) ((x) & ~0xfUL)
7926 extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
7927
7928 void default_idle(void);
7929diff -urNp linux-2.6.32.8/arch/x86/include/asm/uaccess_32.h linux-2.6.32.8/arch/x86/include/asm/uaccess_32.h
7930--- linux-2.6.32.8/arch/x86/include/asm/uaccess_32.h 2010-02-09 07:57:19.000000000 -0500
7931+++ linux-2.6.32.8/arch/x86/include/asm/uaccess_32.h 2010-02-13 21:45:09.910684727 -0500
7932@@ -44,6 +44,9 @@ unsigned long __must_check __copy_from_u
7933 static __always_inline unsigned long __must_check
7934 __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
7935 {
7936+ if ((long)n < 0)
7937+ return n;
7938+
7939 if (__builtin_constant_p(n)) {
7940 unsigned long ret;
7941
7942@@ -62,6 +65,8 @@ __copy_to_user_inatomic(void __user *to,
7943 return ret;
7944 }
7945 }
7946+ if (!__builtin_constant_p(n))
7947+ check_object_size(from, n, true);
7948 return __copy_to_user_ll(to, from, n);
7949 }
7950
7951@@ -89,6 +94,9 @@ __copy_to_user(void __user *to, const vo
7952 static __always_inline unsigned long
7953 __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
7954 {
7955+ if ((long)n < 0)
7956+ return n;
7957+
7958 /* Avoid zeroing the tail if the copy fails..
7959 * If 'n' is constant and 1, 2, or 4, we do still zero on a failure,
7960 * but as the zeroing behaviour is only significant when n is not
7961@@ -138,6 +146,10 @@ static __always_inline unsigned long
7962 __copy_from_user(void *to, const void __user *from, unsigned long n)
7963 {
7964 might_fault();
7965+
7966+ if ((long)n < 0)
7967+ return n;
7968+
7969 if (__builtin_constant_p(n)) {
7970 unsigned long ret;
7971
7972@@ -153,6 +165,8 @@ __copy_from_user(void *to, const void __
7973 return ret;
7974 }
7975 }
7976+ if (!__builtin_constant_p(n))
7977+ check_object_size(to, n, false);
7978 return __copy_from_user_ll(to, from, n);
7979 }
7980
7981@@ -160,6 +174,10 @@ static __always_inline unsigned long __c
7982 const void __user *from, unsigned long n)
7983 {
7984 might_fault();
7985+
7986+ if ((long)n < 0)
7987+ return n;
7988+
7989 if (__builtin_constant_p(n)) {
7990 unsigned long ret;
7991
7992@@ -182,14 +200,62 @@ static __always_inline unsigned long
7993 __copy_from_user_inatomic_nocache(void *to, const void __user *from,
7994 unsigned long n)
7995 {
7996- return __copy_from_user_ll_nocache_nozero(to, from, n);
7997+ if ((long)n < 0)
7998+ return n;
7999+
8000+ return __copy_from_user_ll_nocache_nozero(to, from, n);
8001+}
8002+
8003+/**
8004+ * copy_to_user: - Copy a block of data into user space.
8005+ * @to: Destination address, in user space.
8006+ * @from: Source address, in kernel space.
8007+ * @n: Number of bytes to copy.
8008+ *
8009+ * Context: User context only. This function may sleep.
8010+ *
8011+ * Copy data from kernel space to user space.
8012+ *
8013+ * Returns number of bytes that could not be copied.
8014+ * On success, this will be zero.
8015+ */
8016+static __always_inline unsigned long __must_check
8017+copy_to_user(void __user *to, const void *from, unsigned long n)
8018+{
8019+ if (access_ok(VERIFY_WRITE, to, n))
8020+ n = __copy_to_user(to, from, n);
8021+ return n;
8022+}
8023+
8024+/**
8025+ * copy_from_user: - Copy a block of data from user space.
8026+ * @to: Destination address, in kernel space.
8027+ * @from: Source address, in user space.
8028+ * @n: Number of bytes to copy.
8029+ *
8030+ * Context: User context only. This function may sleep.
8031+ *
8032+ * Copy data from user space to kernel space.
8033+ *
8034+ * Returns number of bytes that could not be copied.
8035+ * On success, this will be zero.
8036+ *
8037+ * If some data could not be copied, this function will pad the copied
8038+ * data to the requested size using zero bytes.
8039+ */
8040+static __always_inline unsigned long __must_check
8041+copy_from_user(void *to, const void __user *from, unsigned long n)
8042+{
8043+ if (access_ok(VERIFY_READ, from, n))
8044+ n = __copy_from_user(to, from, n);
8045+ else if ((long)n > 0) {
8046+ if (!__builtin_constant_p(n))
8047+ check_object_size(to, n, false);
8048+ memset(to, 0, n);
8049+ }
8050+ return n;
8051 }
8052
8053-unsigned long __must_check copy_to_user(void __user *to,
8054- const void *from, unsigned long n);
8055-unsigned long __must_check copy_from_user(void *to,
8056- const void __user *from,
8057- unsigned long n);
8058 long __must_check strncpy_from_user(char *dst, const char __user *src,
8059 long count);
8060 long __must_check __strncpy_from_user(char *dst,
8061diff -urNp linux-2.6.32.8/arch/x86/include/asm/uaccess_64.h linux-2.6.32.8/arch/x86/include/asm/uaccess_64.h
8062--- linux-2.6.32.8/arch/x86/include/asm/uaccess_64.h 2010-02-09 07:57:19.000000000 -0500
8063+++ linux-2.6.32.8/arch/x86/include/asm/uaccess_64.h 2010-02-13 21:45:09.910684727 -0500
8064@@ -10,6 +10,8 @@
8065 #include <linux/lockdep.h>
8066 #include <asm/page.h>
8067
8068+#define set_fs(x) (current_thread_info()->addr_limit = (x))
8069+
8070 /*
8071 * Copy To/From Userspace
8072 */
8073@@ -19,20 +21,22 @@ __must_check unsigned long
8074 copy_user_generic(void *to, const void *from, unsigned len);
8075
8076 __must_check unsigned long
8077-copy_to_user(void __user *to, const void *from, unsigned len);
8078-__must_check unsigned long
8079-copy_from_user(void *to, const void __user *from, unsigned len);
8080-__must_check unsigned long
8081 copy_in_user(void __user *to, const void __user *from, unsigned len);
8082
8083 static __always_inline __must_check
8084-int __copy_from_user(void *dst, const void __user *src, unsigned size)
8085+unsigned long __copy_from_user(void *dst, const void __user *src, unsigned size)
8086 {
8087- int ret = 0;
8088+ unsigned ret = 0;
8089
8090 might_fault();
8091- if (!__builtin_constant_p(size))
8092+
8093+ if ((int)size < 0)
8094+ return size;
8095+
8096+ if (!__builtin_constant_p(size)) {
8097+ check_object_size(dst, size, false);
8098 return copy_user_generic(dst, (__force void *)src, size);
8099+ }
8100 switch (size) {
8101 case 1:__get_user_asm(*(u8 *)dst, (u8 __user *)src,
8102 ret, "b", "b", "=q", 1);
8103@@ -70,13 +74,19 @@ int __copy_from_user(void *dst, const vo
8104 }
8105
8106 static __always_inline __must_check
8107-int __copy_to_user(void __user *dst, const void *src, unsigned size)
8108+unsigned long __copy_to_user(void __user *dst, const void *src, unsigned size)
8109 {
8110- int ret = 0;
8111+ unsigned ret = 0;
8112
8113 might_fault();
8114- if (!__builtin_constant_p(size))
8115+
8116+ if ((int)size < 0)
8117+ return size;
8118+
8119+ if (!__builtin_constant_p(size)) {
8120+ check_object_size(src, size, true);
8121 return copy_user_generic((__force void *)dst, src, size);
8122+ }
8123 switch (size) {
8124 case 1:__put_user_asm(*(u8 *)src, (u8 __user *)dst,
8125 ret, "b", "b", "iq", 1);
8126@@ -114,11 +124,39 @@ int __copy_to_user(void __user *dst, con
8127 }
8128
8129 static __always_inline __must_check
8130-int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
8131+unsigned long copy_to_user(void __user *to, const void *from, unsigned len)
8132 {
8133- int ret = 0;
8134+ if (access_ok(VERIFY_WRITE, to, len))
8135+ len = __copy_to_user(to, from, len);
8136+ return len;
8137+}
8138+
8139+static __always_inline __must_check
8140+unsigned long copy_from_user(void *to, const void __user *from, unsigned len)
8141+{
8142+ if ((int)len < 0)
8143+ return len;
8144+
8145+ if (access_ok(VERIFY_READ, from, len))
8146+ len = __copy_from_user(to, from, len);
8147+ else if ((int)len > 0) {
8148+ if (!__builtin_constant_p(len))
8149+ check_object_size(to, len, false);
8150+ memset(to, 0, len);
8151+ }
8152+ return len;
8153+}
8154+
8155+static __always_inline __must_check
8156+unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned size)
8157+{
8158+ unsigned ret = 0;
8159
8160 might_fault();
8161+
8162+ if ((int)size < 0)
8163+ return size;
8164+
8165 if (!__builtin_constant_p(size))
8166 return copy_user_generic((__force void *)dst,
8167 (__force void *)src, size);
8168@@ -179,30 +217,38 @@ __must_check unsigned long __clear_user(
8169 __must_check long __copy_from_user_inatomic(void *dst, const void __user *src,
8170 unsigned size);
8171
8172-static __must_check __always_inline int
8173+static __must_check __always_inline unsigned long
8174 __copy_to_user_inatomic(void __user *dst, const void *src, unsigned size)
8175 {
8176+ if ((int)size < 0)
8177+ return size;
8178+
8179 return copy_user_generic((__force void *)dst, src, size);
8180 }
8181
8182-extern long __copy_user_nocache(void *dst, const void __user *src,
8183+extern unsigned long __copy_user_nocache(void *dst, const void __user *src,
8184 unsigned size, int zerorest);
8185
8186-static inline int
8187-__copy_from_user_nocache(void *dst, const void __user *src, unsigned size)
8188+static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned size)
8189 {
8190 might_sleep();
8191+
8192+ if ((int)size < 0)
8193+ return size;
8194+
8195 return __copy_user_nocache(dst, src, size, 1);
8196 }
8197
8198-static inline int
8199-__copy_from_user_inatomic_nocache(void *dst, const void __user *src,
8200+static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src,
8201 unsigned size)
8202 {
8203+ if ((int)size < 0)
8204+ return size;
8205+
8206 return __copy_user_nocache(dst, src, size, 0);
8207 }
8208
8209-unsigned long
8210+extern unsigned long
8211 copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest);
8212
8213 #endif /* _ASM_X86_UACCESS_64_H */
8214diff -urNp linux-2.6.32.8/arch/x86/include/asm/uaccess.h linux-2.6.32.8/arch/x86/include/asm/uaccess.h
8215--- linux-2.6.32.8/arch/x86/include/asm/uaccess.h 2010-02-09 07:57:19.000000000 -0500
8216+++ linux-2.6.32.8/arch/x86/include/asm/uaccess.h 2010-02-13 21:45:09.911906943 -0500
8217@@ -8,8 +8,11 @@
8218 #include <linux/thread_info.h>
8219 #include <linux/prefetch.h>
8220 #include <linux/string.h>
8221+#include <linux/sched.h>
8222+#include <linux/slab.h>
8223 #include <asm/asm.h>
8224 #include <asm/page.h>
8225+#include <asm/segment.h>
8226
8227 #define VERIFY_READ 0
8228 #define VERIFY_WRITE 1
8229@@ -29,7 +32,12 @@
8230
8231 #define get_ds() (KERNEL_DS)
8232 #define get_fs() (current_thread_info()->addr_limit)
8233+#ifdef CONFIG_X86_32
8234+void __set_fs(mm_segment_t x, int cpu);
8235+void set_fs(mm_segment_t x);
8236+#else
8237 #define set_fs(x) (current_thread_info()->addr_limit = (x))
8238+#endif
8239
8240 #define segment_eq(a, b) ((a).seg == (b).seg)
8241
8242@@ -77,7 +85,29 @@
8243 * checks that the pointer is in the user space range - after calling
8244 * this function, memory access functions may still return -EFAULT.
8245 */
8246-#define access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
8247+#define __access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
8248+#define access_ok(type, addr, size) \
8249+({ \
8250+ long __size = size; \
8251+ unsigned long __addr = (unsigned long)addr; \
8252+ unsigned long __addr_ao = __addr & PAGE_MASK; \
8253+ unsigned long __end_ao = __addr + __size - 1; \
8254+ bool __ret_ao = __range_not_ok(__addr, __size) == 0; \
8255+ if (__ret_ao && unlikely((__end_ao ^ __addr_ao) & PAGE_MASK)) { \
8256+ for (; __addr_ao <= __end_ao; __addr_ao += PAGE_SIZE) { \
8257+ char __c_ao; \
8258+ if (__size > PAGE_SIZE) \
8259+ cond_resched(); \
8260+ if (__get_user(__c_ao, (char __user *)__addr_ao))\
8261+ break; \
8262+ if (type != VERIFY_WRITE) \
8263+ continue; \
8264+ if (__put_user(__c_ao, (char __user *)__addr_ao))\
8265+ break; \
8266+ } \
8267+ } \
8268+ __ret_ao; \
8269+})
8270
8271 /*
8272 * The exception table consists of pairs of addresses: the first is the
8273@@ -183,13 +213,21 @@ extern int __get_user_bad(void);
8274 asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
8275 : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
8276
8277-
8278+#ifdef CONFIG_X86_32
8279+#define _ASM_LOAD_USER_DS(ds) "movw %w" #ds ",%%ds\n"
8280+#define _ASM_LOAD_KERNEL_DS "pushl %%ss; popl %%ds\n"
8281+#else
8282+#define _ASM_LOAD_USER_DS(ds)
8283+#define _ASM_LOAD_KERNEL_DS
8284+#endif
8285
8286 #ifdef CONFIG_X86_32
8287 #define __put_user_asm_u64(x, addr, err, errret) \
8288- asm volatile("1: movl %%eax,0(%2)\n" \
8289- "2: movl %%edx,4(%2)\n" \
8290+ asm volatile(_ASM_LOAD_USER_DS(5) \
8291+ "1: movl %%eax,%%ds:0(%2)\n" \
8292+ "2: movl %%edx,%%ds:4(%2)\n" \
8293 "3:\n" \
8294+ _ASM_LOAD_KERNEL_DS \
8295 ".section .fixup,\"ax\"\n" \
8296 "4: movl %3,%0\n" \
8297 " jmp 3b\n" \
8298@@ -197,15 +235,18 @@ extern int __get_user_bad(void);
8299 _ASM_EXTABLE(1b, 4b) \
8300 _ASM_EXTABLE(2b, 4b) \
8301 : "=r" (err) \
8302- : "A" (x), "r" (addr), "i" (errret), "0" (err))
8303+ : "A" (x), "r" (addr), "i" (errret), "0" (err), \
8304+ "r"(__USER_DS))
8305
8306 #define __put_user_asm_ex_u64(x, addr) \
8307- asm volatile("1: movl %%eax,0(%1)\n" \
8308- "2: movl %%edx,4(%1)\n" \
8309+ asm volatile(_ASM_LOAD_USER_DS(2) \
8310+ "1: movl %%eax,%%ds:0(%1)\n" \
8311+ "2: movl %%edx,%%ds:4(%1)\n" \
8312 "3:\n" \
8313+ _ASM_LOAD_KERNEL_DS \
8314 _ASM_EXTABLE(1b, 2b - 1b) \
8315 _ASM_EXTABLE(2b, 3b - 2b) \
8316- : : "A" (x), "r" (addr))
8317+ : : "A" (x), "r" (addr), "r"(__USER_DS))
8318
8319 #define __put_user_x8(x, ptr, __ret_pu) \
8320 asm volatile("call __put_user_8" : "=a" (__ret_pu) \
8321@@ -374,16 +415,18 @@ do { \
8322 } while (0)
8323
8324 #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
8325- asm volatile("1: mov"itype" %2,%"rtype"1\n" \
8326+ asm volatile(_ASM_LOAD_USER_DS(5) \
8327+ "1: mov"itype" %%ds:%2,%"rtype"1\n" \
8328 "2:\n" \
8329+ _ASM_LOAD_KERNEL_DS \
8330 ".section .fixup,\"ax\"\n" \
8331 "3: mov %3,%0\n" \
8332 " xor"itype" %"rtype"1,%"rtype"1\n" \
8333 " jmp 2b\n" \
8334 ".previous\n" \
8335 _ASM_EXTABLE(1b, 3b) \
8336- : "=r" (err), ltype(x) \
8337- : "m" (__m(addr)), "i" (errret), "0" (err))
8338+ : "=r" (err), ltype (x) \
8339+ : "m" (__m(addr)), "i" (errret), "0" (err), "r"(__USER_DS))
8340
8341 #define __get_user_size_ex(x, ptr, size) \
8342 do { \
8343@@ -407,10 +450,12 @@ do { \
8344 } while (0)
8345
8346 #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
8347- asm volatile("1: mov"itype" %1,%"rtype"0\n" \
8348+ asm volatile(_ASM_LOAD_USER_DS(2) \
8349+ "1: mov"itype" %%ds:%1,%"rtype"0\n" \
8350 "2:\n" \
8351+ _ASM_LOAD_KERNEL_DS \
8352 _ASM_EXTABLE(1b, 2b - 1b) \
8353- : ltype(x) : "m" (__m(addr)))
8354+ : ltype(x) : "m" (__m(addr)), "r"(__USER_DS))
8355
8356 #define __put_user_nocheck(x, ptr, size) \
8357 ({ \
8358@@ -424,7 +469,7 @@ do { \
8359 int __gu_err; \
8360 unsigned long __gu_val; \
8361 __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
8362- (x) = (__force __typeof__(*(ptr)))__gu_val; \
8363+ (x) = (__typeof__(*(ptr)))__gu_val; \
8364 __gu_err; \
8365 })
8366
8367@@ -438,21 +483,26 @@ struct __large_struct { unsigned long bu
8368 * aliasing issues.
8369 */
8370 #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
8371- asm volatile("1: mov"itype" %"rtype"1,%2\n" \
8372+ asm volatile(_ASM_LOAD_USER_DS(5) \
8373+ "1: mov"itype" %"rtype"1,%%ds:%2\n" \
8374 "2:\n" \
8375+ _ASM_LOAD_KERNEL_DS \
8376 ".section .fixup,\"ax\"\n" \
8377 "3: mov %3,%0\n" \
8378 " jmp 2b\n" \
8379 ".previous\n" \
8380 _ASM_EXTABLE(1b, 3b) \
8381 : "=r"(err) \
8382- : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err))
8383+ : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err),\
8384+ "r"(__USER_DS))
8385
8386 #define __put_user_asm_ex(x, addr, itype, rtype, ltype) \
8387- asm volatile("1: mov"itype" %"rtype"0,%1\n" \
8388+ asm volatile(_ASM_LOAD_USER_DS(2) \
8389+ "1: mov"itype" %"rtype"0,%%ds:%1\n" \
8390 "2:\n" \
8391+ _ASM_LOAD_KERNEL_DS \
8392 _ASM_EXTABLE(1b, 2b - 1b) \
8393- : : ltype(x), "m" (__m(addr)))
8394+ : : ltype(x), "m" (__m(addr)), "r"(__USER_DS))
8395
8396 /*
8397 * uaccess_try and catch
8398@@ -530,7 +580,7 @@ struct __large_struct { unsigned long bu
8399 #define get_user_ex(x, ptr) do { \
8400 unsigned long __gue_val; \
8401 __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
8402- (x) = (__force __typeof__(*(ptr)))__gue_val; \
8403+ (x) = (__typeof__(*(ptr)))__gue_val; \
8404 } while (0)
8405
8406 #ifdef CONFIG_X86_WP_WORKS_OK
8407@@ -567,6 +617,7 @@ extern struct movsl_mask {
8408
8409 #define ARCH_HAS_NOCACHE_UACCESS 1
8410
8411+#define ARCH_HAS_SORT_EXTABLE
8412 #ifdef CONFIG_X86_32
8413 # include "uaccess_32.h"
8414 #else
8415diff -urNp linux-2.6.32.8/arch/x86/include/asm/vgtod.h linux-2.6.32.8/arch/x86/include/asm/vgtod.h
8416--- linux-2.6.32.8/arch/x86/include/asm/vgtod.h 2010-02-09 07:57:19.000000000 -0500
8417+++ linux-2.6.32.8/arch/x86/include/asm/vgtod.h 2010-02-13 21:45:09.911906943 -0500
8418@@ -14,6 +14,7 @@ struct vsyscall_gtod_data {
8419 int sysctl_enabled;
8420 struct timezone sys_tz;
8421 struct { /* extract of a clocksource struct */
8422+ char name[8];
8423 cycle_t (*vread)(void);
8424 cycle_t cycle_last;
8425 cycle_t mask;
8426diff -urNp linux-2.6.32.8/arch/x86/include/asm/vmi.h linux-2.6.32.8/arch/x86/include/asm/vmi.h
8427--- linux-2.6.32.8/arch/x86/include/asm/vmi.h 2010-02-09 07:57:19.000000000 -0500
8428+++ linux-2.6.32.8/arch/x86/include/asm/vmi.h 2010-02-13 21:45:09.911906943 -0500
8429@@ -191,6 +191,7 @@ struct vrom_header {
8430 u8 reserved[96]; /* Reserved for headers */
8431 char vmi_init[8]; /* VMI_Init jump point */
8432 char get_reloc[8]; /* VMI_GetRelocationInfo jump point */
8433+ char rom_data[8048]; /* rest of the option ROM */
8434 } __attribute__((packed));
8435
8436 struct pnp_header {
8437diff -urNp linux-2.6.32.8/arch/x86/include/asm/vsyscall.h linux-2.6.32.8/arch/x86/include/asm/vsyscall.h
8438--- linux-2.6.32.8/arch/x86/include/asm/vsyscall.h 2010-02-09 07:57:19.000000000 -0500
8439+++ linux-2.6.32.8/arch/x86/include/asm/vsyscall.h 2010-02-13 21:45:09.911906943 -0500
8440@@ -15,9 +15,10 @@ enum vsyscall_num {
8441
8442 #ifdef __KERNEL__
8443 #include <linux/seqlock.h>
8444+#include <linux/getcpu.h>
8445+#include <linux/time.h>
8446
8447 #define __section_vgetcpu_mode __attribute__ ((unused, __section__ (".vgetcpu_mode"), aligned(16)))
8448-#define __section_jiffies __attribute__ ((unused, __section__ (".jiffies"), aligned(16)))
8449
8450 /* Definitions for CONFIG_GENERIC_TIME definitions */
8451 #define __section_vsyscall_gtod_data __attribute__ \
8452@@ -31,7 +32,6 @@ enum vsyscall_num {
8453 #define VGETCPU_LSL 2
8454
8455 extern int __vgetcpu_mode;
8456-extern volatile unsigned long __jiffies;
8457
8458 /* kernel space (writeable) */
8459 extern int vgetcpu_mode;
8460@@ -39,6 +39,9 @@ extern struct timezone sys_tz;
8461
8462 extern void map_vsyscall(void);
8463
8464+extern int vgettimeofday(struct timeval * tv, struct timezone * tz);
8465+extern time_t vtime(time_t *t);
8466+extern long vgetcpu(unsigned *cpu, unsigned *node, struct getcpu_cache *tcache);
8467 #endif /* __KERNEL__ */
8468
8469 #endif /* _ASM_X86_VSYSCALL_H */
8470diff -urNp linux-2.6.32.8/arch/x86/Kconfig linux-2.6.32.8/arch/x86/Kconfig
8471--- linux-2.6.32.8/arch/x86/Kconfig 2010-02-09 07:57:19.000000000 -0500
8472+++ linux-2.6.32.8/arch/x86/Kconfig 2010-02-13 21:45:09.912905886 -0500
8473@@ -1083,7 +1083,7 @@ config PAGE_OFFSET
8474 hex
8475 default 0xB0000000 if VMSPLIT_3G_OPT
8476 default 0x80000000 if VMSPLIT_2G
8477- default 0x78000000 if VMSPLIT_2G_OPT
8478+ default 0x70000000 if VMSPLIT_2G_OPT
8479 default 0x40000000 if VMSPLIT_1G
8480 default 0xC0000000
8481 depends on X86_32
8482@@ -1409,7 +1409,7 @@ config ARCH_USES_PG_UNCACHED
8483
8484 config EFI
8485 bool "EFI runtime service support"
8486- depends on ACPI
8487+ depends on ACPI && !PAX_KERNEXEC
8488 ---help---
8489 This enables the kernel to use EFI runtime services that are
8490 available (such as the EFI variable services).
8491@@ -1496,6 +1496,7 @@ config KEXEC_JUMP
8492 config PHYSICAL_START
8493 hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP)
8494 default "0x1000000"
8495+ range 0x400000 0x40000000
8496 ---help---
8497 This gives the physical address where the kernel is loaded.
8498
8499@@ -1560,6 +1561,7 @@ config PHYSICAL_ALIGN
8500 hex
8501 prompt "Alignment value to which kernel should be aligned" if X86_32
8502 default "0x1000000"
8503+ range 0x400000 0x1000000 if PAX_KERNEXEC
8504 range 0x2000 0x1000000
8505 ---help---
8506 This value puts the alignment restrictions on physical address
8507@@ -1591,9 +1593,10 @@ config HOTPLUG_CPU
8508 Say N if you want to disable CPU hotplug.
8509
8510 config COMPAT_VDSO
8511- def_bool y
8512+ def_bool n
8513 prompt "Compat VDSO support"
8514 depends on X86_32 || IA32_EMULATION
8515+ depends on !PAX_NOEXEC && !PAX_MEMORY_UDEREF
8516 ---help---
8517 Map the 32-bit VDSO to the predictable old-style address too.
8518 ---help---
8519diff -urNp linux-2.6.32.8/arch/x86/Kconfig.cpu linux-2.6.32.8/arch/x86/Kconfig.cpu
8520--- linux-2.6.32.8/arch/x86/Kconfig.cpu 2010-02-09 07:57:19.000000000 -0500
8521+++ linux-2.6.32.8/arch/x86/Kconfig.cpu 2010-02-13 21:45:09.912905886 -0500
8522@@ -340,7 +340,7 @@ config X86_PPRO_FENCE
8523
8524 config X86_F00F_BUG
8525 def_bool y
8526- depends on M586MMX || M586TSC || M586 || M486 || M386
8527+ depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC
8528
8529 config X86_WP_WORKS_OK
8530 def_bool y
8531@@ -360,7 +360,7 @@ config X86_POPAD_OK
8532
8533 config X86_ALIGNMENT_16
8534 def_bool y
8535- depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
8536+ depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK8 || MK7 || MK6 || MCORE2 || MPENTIUM4 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
8537
8538 config X86_INTEL_USERCOPY
8539 def_bool y
8540@@ -406,7 +406,7 @@ config X86_CMPXCHG64
8541 # generates cmov.
8542 config X86_CMOV
8543 def_bool y
8544- depends on (MK8 || MK7 || MCORE2 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM)
8545+ depends on (MK8 || MK7 || MCORE2 || MPSC || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM)
8546
8547 config X86_MINIMUM_CPU_FAMILY
8548 int
8549diff -urNp linux-2.6.32.8/arch/x86/Kconfig.debug linux-2.6.32.8/arch/x86/Kconfig.debug
8550--- linux-2.6.32.8/arch/x86/Kconfig.debug 2010-02-09 07:57:19.000000000 -0500
8551+++ linux-2.6.32.8/arch/x86/Kconfig.debug 2010-02-13 21:45:09.912905886 -0500
8552@@ -99,7 +99,7 @@ config X86_PTDUMP
8553 config DEBUG_RODATA
8554 bool "Write protect kernel read-only data structures"
8555 default y
8556- depends on DEBUG_KERNEL
8557+ depends on DEBUG_KERNEL && BROKEN
8558 ---help---
8559 Mark the kernel read-only data as write-protected in the pagetables,
8560 in order to catch accidental (and incorrect) writes to such const
8561diff -urNp linux-2.6.32.8/arch/x86/kernel/acpi/boot.c linux-2.6.32.8/arch/x86/kernel/acpi/boot.c
8562--- linux-2.6.32.8/arch/x86/kernel/acpi/boot.c 2010-02-09 07:57:19.000000000 -0500
8563+++ linux-2.6.32.8/arch/x86/kernel/acpi/boot.c 2010-02-13 21:45:09.913909174 -0500
8564@@ -1508,7 +1508,7 @@ static struct dmi_system_id __initdata a
8565 DMI_MATCH(DMI_PRODUCT_NAME, "HP Compaq 6715b"),
8566 },
8567 },
8568- {}
8569+ { NULL, NULL, {{0, {0}}}, NULL}
8570 };
8571
8572 /*
8573diff -urNp linux-2.6.32.8/arch/x86/kernel/acpi/realmode/wakeup.S linux-2.6.32.8/arch/x86/kernel/acpi/realmode/wakeup.S
8574--- linux-2.6.32.8/arch/x86/kernel/acpi/realmode/wakeup.S 2010-02-09 07:57:19.000000000 -0500
8575+++ linux-2.6.32.8/arch/x86/kernel/acpi/realmode/wakeup.S 2010-02-13 21:45:09.913909174 -0500
8576@@ -104,7 +104,7 @@ _start:
8577 movl %eax, %ecx
8578 orl %edx, %ecx
8579 jz 1f
8580- movl $0xc0000080, %ecx
8581+ mov $MSR_EFER, %ecx
8582 wrmsr
8583 1:
8584
8585diff -urNp linux-2.6.32.8/arch/x86/kernel/acpi/sleep.c linux-2.6.32.8/arch/x86/kernel/acpi/sleep.c
8586--- linux-2.6.32.8/arch/x86/kernel/acpi/sleep.c 2010-02-09 07:57:19.000000000 -0500
8587+++ linux-2.6.32.8/arch/x86/kernel/acpi/sleep.c 2010-02-13 21:45:09.913909174 -0500
8588@@ -11,11 +11,12 @@
8589 #include <linux/cpumask.h>
8590 #include <asm/segment.h>
8591 #include <asm/desc.h>
8592+#include <asm/e820.h>
8593
8594 #include "realmode/wakeup.h"
8595 #include "sleep.h"
8596
8597-unsigned long acpi_wakeup_address;
8598+unsigned long acpi_wakeup_address = 0x2000;
8599 unsigned long acpi_realmode_flags;
8600
8601 /* address in low memory of the wakeup routine. */
8602@@ -99,8 +100,12 @@ int acpi_save_state_mem(void)
8603 header->trampoline_segment = setup_trampoline() >> 4;
8604 #ifdef CONFIG_SMP
8605 stack_start.sp = temp_stack + sizeof(temp_stack);
8606+
8607+ pax_open_kernel();
8608 early_gdt_descr.address =
8609 (unsigned long)get_cpu_gdt_table(smp_processor_id());
8610+ pax_close_kernel();
8611+
8612 initial_gs = per_cpu_offset(smp_processor_id());
8613 #endif
8614 initial_code = (unsigned long)wakeup_long64;
8615@@ -134,14 +139,8 @@ void __init acpi_reserve_bootmem(void)
8616 return;
8617 }
8618
8619- acpi_realmode = (unsigned long)alloc_bootmem_low(WAKEUP_SIZE);
8620-
8621- if (!acpi_realmode) {
8622- printk(KERN_ERR "ACPI: Cannot allocate lowmem, S3 disabled.\n");
8623- return;
8624- }
8625-
8626- acpi_wakeup_address = virt_to_phys((void *)acpi_realmode);
8627+ reserve_early(acpi_wakeup_address, acpi_wakeup_address + WAKEUP_SIZE, "ACPI Wakeup Code");
8628+ acpi_realmode = (unsigned long)__va(acpi_wakeup_address);;
8629 }
8630
8631
8632diff -urNp linux-2.6.32.8/arch/x86/kernel/acpi/wakeup_32.S linux-2.6.32.8/arch/x86/kernel/acpi/wakeup_32.S
8633--- linux-2.6.32.8/arch/x86/kernel/acpi/wakeup_32.S 2010-02-09 07:57:19.000000000 -0500
8634+++ linux-2.6.32.8/arch/x86/kernel/acpi/wakeup_32.S 2010-02-13 21:45:09.913909174 -0500
8635@@ -30,13 +30,11 @@ wakeup_pmode_return:
8636 # and restore the stack ... but you need gdt for this to work
8637 movl saved_context_esp, %esp
8638
8639- movl %cs:saved_magic, %eax
8640- cmpl $0x12345678, %eax
8641+ cmpl $0x12345678, saved_magic
8642 jne bogus_magic
8643
8644 # jump to place where we left off
8645- movl saved_eip, %eax
8646- jmp *%eax
8647+ jmp *(saved_eip)
8648
8649 bogus_magic:
8650 jmp bogus_magic
8651diff -urNp linux-2.6.32.8/arch/x86/kernel/alternative.c linux-2.6.32.8/arch/x86/kernel/alternative.c
8652--- linux-2.6.32.8/arch/x86/kernel/alternative.c 2010-02-09 07:57:19.000000000 -0500
8653+++ linux-2.6.32.8/arch/x86/kernel/alternative.c 2010-02-13 21:45:09.913909174 -0500
8654@@ -407,7 +407,7 @@ void __init_or_module apply_paravirt(str
8655
8656 BUG_ON(p->len > MAX_PATCH_LEN);
8657 /* prep the buffer with the original instructions */
8658- memcpy(insnbuf, p->instr, p->len);
8659+ memcpy(insnbuf, ktla_ktva(p->instr), p->len);
8660 used = pv_init_ops.patch(p->instrtype, p->clobbers, insnbuf,
8661 (unsigned long)p->instr, p->len);
8662
8663@@ -492,12 +492,16 @@ void __init alternative_instructions(voi
8664 * instructions. And on the local CPU you need to be protected again NMI or MCE
8665 * handlers seeing an inconsistent instruction while you patch.
8666 */
8667-static void *__init_or_module text_poke_early(void *addr, const void *opcode,
8668+static void *__kprobes text_poke_early(void *addr, const void *opcode,
8669 size_t len)
8670 {
8671 unsigned long flags;
8672 local_irq_save(flags);
8673- memcpy(addr, opcode, len);
8674+
8675+ pax_open_kernel();
8676+ memcpy(ktla_ktva(addr), opcode, len);
8677+ pax_close_kernel();
8678+
8679 sync_core();
8680 local_irq_restore(flags);
8681 /* Could also do a CLFLUSH here to speed up CPU recovery; but
8682@@ -520,35 +524,21 @@ static void *__init_or_module text_poke_
8683 */
8684 void *__kprobes text_poke(void *addr, const void *opcode, size_t len)
8685 {
8686- unsigned long flags;
8687- char *vaddr;
8688+ unsigned char *vaddr = ktla_ktva(addr);
8689 struct page *pages[2];
8690- int i;
8691+ size_t i;
8692
8693 if (!core_kernel_text((unsigned long)addr)) {
8694- pages[0] = vmalloc_to_page(addr);
8695- pages[1] = vmalloc_to_page(addr + PAGE_SIZE);
8696+ pages[0] = vmalloc_to_page(vaddr);
8697+ pages[1] = vmalloc_to_page(vaddr + PAGE_SIZE);
8698 } else {
8699- pages[0] = virt_to_page(addr);
8700+ pages[0] = virt_to_page(vaddr);
8701 WARN_ON(!PageReserved(pages[0]));
8702- pages[1] = virt_to_page(addr + PAGE_SIZE);
8703+ pages[1] = virt_to_page(vaddr + PAGE_SIZE);
8704 }
8705 BUG_ON(!pages[0]);
8706- local_irq_save(flags);
8707- set_fixmap(FIX_TEXT_POKE0, page_to_phys(pages[0]));
8708- if (pages[1])
8709- set_fixmap(FIX_TEXT_POKE1, page_to_phys(pages[1]));
8710- vaddr = (char *)fix_to_virt(FIX_TEXT_POKE0);
8711- memcpy(&vaddr[(unsigned long)addr & ~PAGE_MASK], opcode, len);
8712- clear_fixmap(FIX_TEXT_POKE0);
8713- if (pages[1])
8714- clear_fixmap(FIX_TEXT_POKE1);
8715- local_flush_tlb();
8716- sync_core();
8717- /* Could also do a CLFLUSH here to speed up CPU recovery; but
8718- that causes hangs on some VIA CPUs. */
8719+ text_poke_early(addr, opcode, len);
8720 for (i = 0; i < len; i++)
8721- BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
8722- local_irq_restore(flags);
8723+ BUG_ON(((char *)vaddr)[i] != ((char *)opcode)[i]);
8724 return addr;
8725 }
8726diff -urNp linux-2.6.32.8/arch/x86/kernel/amd_iommu.c linux-2.6.32.8/arch/x86/kernel/amd_iommu.c
8727--- linux-2.6.32.8/arch/x86/kernel/amd_iommu.c 2010-02-09 07:57:19.000000000 -0500
8728+++ linux-2.6.32.8/arch/x86/kernel/amd_iommu.c 2010-02-13 21:45:09.914908941 -0500
8729@@ -2073,7 +2073,7 @@ static void prealloc_protection_domains(
8730 }
8731 }
8732
8733-static struct dma_map_ops amd_iommu_dma_ops = {
8734+static const struct dma_map_ops amd_iommu_dma_ops = {
8735 .alloc_coherent = alloc_coherent,
8736 .free_coherent = free_coherent,
8737 .map_page = map_page,
8738diff -urNp linux-2.6.32.8/arch/x86/kernel/apic/io_apic.c linux-2.6.32.8/arch/x86/kernel/apic/io_apic.c
8739--- linux-2.6.32.8/arch/x86/kernel/apic/io_apic.c 2010-02-09 07:57:19.000000000 -0500
8740+++ linux-2.6.32.8/arch/x86/kernel/apic/io_apic.c 2010-02-13 21:45:09.914908941 -0500
8741@@ -711,7 +711,7 @@ struct IO_APIC_route_entry **alloc_ioapi
8742 ioapic_entries = kzalloc(sizeof(*ioapic_entries) * nr_ioapics,
8743 GFP_ATOMIC);
8744 if (!ioapic_entries)
8745- return 0;
8746+ return NULL;
8747
8748 for (apic = 0; apic < nr_ioapics; apic++) {
8749 ioapic_entries[apic] =
8750@@ -728,7 +728,7 @@ nomem:
8751 kfree(ioapic_entries[apic]);
8752 kfree(ioapic_entries);
8753
8754- return 0;
8755+ return NULL;
8756 }
8757
8758 /*
8759@@ -1145,7 +1145,7 @@ int IO_APIC_get_PCI_irq_vector(int bus,
8760 }
8761 EXPORT_SYMBOL(IO_APIC_get_PCI_irq_vector);
8762
8763-void lock_vector_lock(void)
8764+void lock_vector_lock(void) __acquires(vector_lock)
8765 {
8766 /* Used to the online set of cpus does not change
8767 * during assign_irq_vector.
8768@@ -1153,7 +1153,7 @@ void lock_vector_lock(void)
8769 spin_lock(&vector_lock);
8770 }
8771
8772-void unlock_vector_lock(void)
8773+void unlock_vector_lock(void) __releases(vector_lock)
8774 {
8775 spin_unlock(&vector_lock);
8776 }
8777diff -urNp linux-2.6.32.8/arch/x86/kernel/apm_32.c linux-2.6.32.8/arch/x86/kernel/apm_32.c
8778--- linux-2.6.32.8/arch/x86/kernel/apm_32.c 2010-02-09 07:57:19.000000000 -0500
8779+++ linux-2.6.32.8/arch/x86/kernel/apm_32.c 2010-02-13 21:45:09.915910546 -0500
8780@@ -410,7 +410,7 @@ static DEFINE_SPINLOCK(user_list_lock);
8781 * This is for buggy BIOS's that refer to (real mode) segment 0x40
8782 * even though they are called in protected mode.
8783 */
8784-static struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4092,
8785+static const struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4093,
8786 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1);
8787
8788 static const char driver_version[] = "1.16ac"; /* no spaces */
8789@@ -588,7 +588,10 @@ static long __apm_bios_call(void *_call)
8790 BUG_ON(cpu != 0);
8791 gdt = get_cpu_gdt_table(cpu);
8792 save_desc_40 = gdt[0x40 / 8];
8793+
8794+ pax_open_kernel();
8795 gdt[0x40 / 8] = bad_bios_desc;
8796+ pax_close_kernel();
8797
8798 apm_irq_save(flags);
8799 APM_DO_SAVE_SEGS;
8800@@ -597,7 +600,11 @@ static long __apm_bios_call(void *_call)
8801 &call->esi);
8802 APM_DO_RESTORE_SEGS;
8803 apm_irq_restore(flags);
8804+
8805+ pax_open_kernel();
8806 gdt[0x40 / 8] = save_desc_40;
8807+ pax_close_kernel();
8808+
8809 put_cpu();
8810
8811 return call->eax & 0xff;
8812@@ -664,7 +671,10 @@ static long __apm_bios_call_simple(void
8813 BUG_ON(cpu != 0);
8814 gdt = get_cpu_gdt_table(cpu);
8815 save_desc_40 = gdt[0x40 / 8];
8816+
8817+ pax_open_kernel();
8818 gdt[0x40 / 8] = bad_bios_desc;
8819+ pax_close_kernel();
8820
8821 apm_irq_save(flags);
8822 APM_DO_SAVE_SEGS;
8823@@ -672,7 +682,11 @@ static long __apm_bios_call_simple(void
8824 &call->eax);
8825 APM_DO_RESTORE_SEGS;
8826 apm_irq_restore(flags);
8827+
8828+ pax_open_kernel();
8829 gdt[0x40 / 8] = save_desc_40;
8830+ pax_close_kernel();
8831+
8832 put_cpu();
8833 return error;
8834 }
8835@@ -975,7 +989,7 @@ recalc:
8836
8837 static void apm_power_off(void)
8838 {
8839- unsigned char po_bios_call[] = {
8840+ const unsigned char po_bios_call[] = {
8841 0xb8, 0x00, 0x10, /* movw $0x1000,ax */
8842 0x8e, 0xd0, /* movw ax,ss */
8843 0xbc, 0x00, 0xf0, /* movw $0xf000,sp */
8844@@ -1933,7 +1947,10 @@ static const struct file_operations apm_
8845 static struct miscdevice apm_device = {
8846 APM_MINOR_DEV,
8847 "apm_bios",
8848- &apm_bios_fops
8849+ &apm_bios_fops,
8850+ {NULL, NULL},
8851+ NULL,
8852+ NULL
8853 };
8854
8855
8856@@ -2254,7 +2271,7 @@ static struct dmi_system_id __initdata a
8857 { DMI_MATCH(DMI_SYS_VENDOR, "IBM"), },
8858 },
8859
8860- { }
8861+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
8862 };
8863
8864 /*
8865@@ -2357,12 +2374,15 @@ static int __init apm_init(void)
8866 * code to that CPU.
8867 */
8868 gdt = get_cpu_gdt_table(0);
8869+
8870+ pax_open_kernel();
8871 set_desc_base(&gdt[APM_CS >> 3],
8872 (unsigned long)__va((unsigned long)apm_info.bios.cseg << 4));
8873 set_desc_base(&gdt[APM_CS_16 >> 3],
8874 (unsigned long)__va((unsigned long)apm_info.bios.cseg_16 << 4));
8875 set_desc_base(&gdt[APM_DS >> 3],
8876 (unsigned long)__va((unsigned long)apm_info.bios.dseg << 4));
8877+ pax_close_kernel();
8878
8879 proc_create("apm", 0, NULL, &apm_file_ops);
8880
8881diff -urNp linux-2.6.32.8/arch/x86/kernel/asm-offsets_32.c linux-2.6.32.8/arch/x86/kernel/asm-offsets_32.c
8882--- linux-2.6.32.8/arch/x86/kernel/asm-offsets_32.c 2010-02-09 07:57:19.000000000 -0500
8883+++ linux-2.6.32.8/arch/x86/kernel/asm-offsets_32.c 2010-02-13 21:45:09.915910546 -0500
8884@@ -115,6 +115,11 @@ void foo(void)
8885 OFFSET(PV_CPU_iret, pv_cpu_ops, iret);
8886 OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit);
8887 OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0);
8888+
8889+#ifdef CONFIG_PAX_KERNEXEC
8890+ OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0);
8891+#endif
8892+
8893 #endif
8894
8895 #ifdef CONFIG_XEN
8896diff -urNp linux-2.6.32.8/arch/x86/kernel/asm-offsets_64.c linux-2.6.32.8/arch/x86/kernel/asm-offsets_64.c
8897--- linux-2.6.32.8/arch/x86/kernel/asm-offsets_64.c 2010-02-09 07:57:19.000000000 -0500
8898+++ linux-2.6.32.8/arch/x86/kernel/asm-offsets_64.c 2010-02-13 21:45:09.915910546 -0500
8899@@ -115,6 +115,7 @@ int main(void)
8900 ENTRY(cr8);
8901 BLANK();
8902 #undef ENTRY
8903+ DEFINE(TSS_size, sizeof(struct tss_struct));
8904 DEFINE(TSS_ist, offsetof(struct tss_struct, x86_tss.ist));
8905 BLANK();
8906 DEFINE(crypto_tfm_ctx_offset, offsetof(struct crypto_tfm, __crt_ctx));
8907diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/common.c linux-2.6.32.8/arch/x86/kernel/cpu/common.c
8908--- linux-2.6.32.8/arch/x86/kernel/cpu/common.c 2010-02-09 07:57:19.000000000 -0500
8909+++ linux-2.6.32.8/arch/x86/kernel/cpu/common.c 2010-02-13 21:45:09.916905622 -0500
8910@@ -83,60 +83,6 @@ static const struct cpu_dev __cpuinitcon
8911
8912 static const struct cpu_dev *this_cpu __cpuinitdata = &default_cpu;
8913
8914-DEFINE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page) = { .gdt = {
8915-#ifdef CONFIG_X86_64
8916- /*
8917- * We need valid kernel segments for data and code in long mode too
8918- * IRET will check the segment types kkeil 2000/10/28
8919- * Also sysret mandates a special GDT layout
8920- *
8921- * TLS descriptors are currently at a different place compared to i386.
8922- * Hopefully nobody expects them at a fixed place (Wine?)
8923- */
8924- [GDT_ENTRY_KERNEL32_CS] = GDT_ENTRY_INIT(0xc09b, 0, 0xfffff),
8925- [GDT_ENTRY_KERNEL_CS] = GDT_ENTRY_INIT(0xa09b, 0, 0xfffff),
8926- [GDT_ENTRY_KERNEL_DS] = GDT_ENTRY_INIT(0xc093, 0, 0xfffff),
8927- [GDT_ENTRY_DEFAULT_USER32_CS] = GDT_ENTRY_INIT(0xc0fb, 0, 0xfffff),
8928- [GDT_ENTRY_DEFAULT_USER_DS] = GDT_ENTRY_INIT(0xc0f3, 0, 0xfffff),
8929- [GDT_ENTRY_DEFAULT_USER_CS] = GDT_ENTRY_INIT(0xa0fb, 0, 0xfffff),
8930-#else
8931- [GDT_ENTRY_KERNEL_CS] = GDT_ENTRY_INIT(0xc09a, 0, 0xfffff),
8932- [GDT_ENTRY_KERNEL_DS] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
8933- [GDT_ENTRY_DEFAULT_USER_CS] = GDT_ENTRY_INIT(0xc0fa, 0, 0xfffff),
8934- [GDT_ENTRY_DEFAULT_USER_DS] = GDT_ENTRY_INIT(0xc0f2, 0, 0xfffff),
8935- /*
8936- * Segments used for calling PnP BIOS have byte granularity.
8937- * They code segments and data segments have fixed 64k limits,
8938- * the transfer segment sizes are set at run time.
8939- */
8940- /* 32-bit code */
8941- [GDT_ENTRY_PNPBIOS_CS32] = GDT_ENTRY_INIT(0x409a, 0, 0xffff),
8942- /* 16-bit code */
8943- [GDT_ENTRY_PNPBIOS_CS16] = GDT_ENTRY_INIT(0x009a, 0, 0xffff),
8944- /* 16-bit data */
8945- [GDT_ENTRY_PNPBIOS_DS] = GDT_ENTRY_INIT(0x0092, 0, 0xffff),
8946- /* 16-bit data */
8947- [GDT_ENTRY_PNPBIOS_TS1] = GDT_ENTRY_INIT(0x0092, 0, 0),
8948- /* 16-bit data */
8949- [GDT_ENTRY_PNPBIOS_TS2] = GDT_ENTRY_INIT(0x0092, 0, 0),
8950- /*
8951- * The APM segments have byte granularity and their bases
8952- * are set at run time. All have 64k limits.
8953- */
8954- /* 32-bit code */
8955- [GDT_ENTRY_APMBIOS_BASE] = GDT_ENTRY_INIT(0x409a, 0, 0xffff),
8956- /* 16-bit code */
8957- [GDT_ENTRY_APMBIOS_BASE+1] = GDT_ENTRY_INIT(0x009a, 0, 0xffff),
8958- /* data */
8959- [GDT_ENTRY_APMBIOS_BASE+2] = GDT_ENTRY_INIT(0x4092, 0, 0xffff),
8960-
8961- [GDT_ENTRY_ESPFIX_SS] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
8962- [GDT_ENTRY_PERCPU] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
8963- GDT_STACK_CANARY_INIT
8964-#endif
8965-} };
8966-EXPORT_PER_CPU_SYMBOL_GPL(gdt_page);
8967-
8968 static int __init x86_xsave_setup(char *s)
8969 {
8970 setup_clear_cpu_cap(X86_FEATURE_XSAVE);
8971@@ -344,7 +290,7 @@ void switch_to_new_gdt(int cpu)
8972 {
8973 struct desc_ptr gdt_descr;
8974
8975- gdt_descr.address = (long)get_cpu_gdt_table(cpu);
8976+ gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu);
8977 gdt_descr.size = GDT_SIZE - 1;
8978 load_gdt(&gdt_descr);
8979 /* Reload the per-cpu base */
8980@@ -798,6 +744,10 @@ static void __cpuinit identify_cpu(struc
8981 /* Filter out anything that depends on CPUID levels we don't have */
8982 filter_cpuid_features(c, true);
8983
8984+#if defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || (defined(CONFIG_PAX_MEMORY_UDEREF) && defined(CONFIG_X86_32))
8985+ setup_clear_cpu_cap(X86_FEATURE_SEP);
8986+#endif
8987+
8988 /* If the model name is still unset, do table lookup. */
8989 if (!c->x86_model_id[0]) {
8990 const char *p;
8991@@ -1101,7 +1051,7 @@ void __cpuinit cpu_init(void)
8992 int i;
8993
8994 cpu = stack_smp_processor_id();
8995- t = &per_cpu(init_tss, cpu);
8996+ t = init_tss + cpu;
8997 orig_ist = &per_cpu(orig_ist, cpu);
8998
8999 #ifdef CONFIG_NUMA
9000@@ -1199,7 +1149,7 @@ void __cpuinit cpu_init(void)
9001 {
9002 int cpu = smp_processor_id();
9003 struct task_struct *curr = current;
9004- struct tss_struct *t = &per_cpu(init_tss, cpu);
9005+ struct tss_struct *t = init_tss + cpu;
9006 struct thread_struct *thread = &curr->thread;
9007
9008 if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) {
9009diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c linux-2.6.32.8/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
9010--- linux-2.6.32.8/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c 2010-02-09 07:57:19.000000000 -0500
9011+++ linux-2.6.32.8/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c 2010-02-13 21:45:09.916905622 -0500
9012@@ -521,7 +521,7 @@ static const struct dmi_system_id sw_any
9013 DMI_MATCH(DMI_PRODUCT_NAME, "X6DLP"),
9014 },
9015 },
9016- { }
9017+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
9018 };
9019
9020 static int acpi_cpufreq_blacklist(struct cpuinfo_x86 *c)
9021diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c linux-2.6.32.8/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c
9022--- linux-2.6.32.8/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c 2010-02-09 07:57:19.000000000 -0500
9023+++ linux-2.6.32.8/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c 2010-02-13 21:45:09.916905622 -0500
9024@@ -225,7 +225,7 @@ static struct cpu_model models[] =
9025 { &cpu_ids[CPU_MP4HT_D0], NULL, 0, NULL },
9026 { &cpu_ids[CPU_MP4HT_E0], NULL, 0, NULL },
9027
9028- { NULL, }
9029+ { NULL, NULL, 0, NULL}
9030 };
9031 #undef _BANIAS
9032 #undef BANIAS
9033diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/intel.c linux-2.6.32.8/arch/x86/kernel/cpu/intel.c
9034--- linux-2.6.32.8/arch/x86/kernel/cpu/intel.c 2010-02-09 07:57:19.000000000 -0500
9035+++ linux-2.6.32.8/arch/x86/kernel/cpu/intel.c 2010-02-13 21:45:09.931803413 -0500
9036@@ -139,7 +139,7 @@ static void __cpuinit trap_init_f00f_bug
9037 * Update the IDT descriptor and reload the IDT so that
9038 * it uses the read-only mapped virtual address.
9039 */
9040- idt_descr.address = fix_to_virt(FIX_F00F_IDT);
9041+ idt_descr.address = (struct desc_struct *)fix_to_virt(FIX_F00F_IDT);
9042 load_idt(&idt_descr);
9043 }
9044 #endif
9045diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/intel_cacheinfo.c linux-2.6.32.8/arch/x86/kernel/cpu/intel_cacheinfo.c
9046--- linux-2.6.32.8/arch/x86/kernel/cpu/intel_cacheinfo.c 2010-02-09 07:57:19.000000000 -0500
9047+++ linux-2.6.32.8/arch/x86/kernel/cpu/intel_cacheinfo.c 2010-02-13 21:45:09.931803413 -0500
9048@@ -863,7 +863,7 @@ static ssize_t store(struct kobject *kob
9049 return ret;
9050 }
9051
9052-static struct sysfs_ops sysfs_ops = {
9053+static const struct sysfs_ops sysfs_ops = {
9054 .show = show,
9055 .store = store,
9056 };
9057diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/Makefile linux-2.6.32.8/arch/x86/kernel/cpu/Makefile
9058--- linux-2.6.32.8/arch/x86/kernel/cpu/Makefile 2010-02-09 07:57:19.000000000 -0500
9059+++ linux-2.6.32.8/arch/x86/kernel/cpu/Makefile 2010-02-13 21:45:09.931803413 -0500
9060@@ -7,10 +7,6 @@ ifdef CONFIG_FUNCTION_TRACER
9061 CFLAGS_REMOVE_common.o = -pg
9062 endif
9063
9064-# Make sure load_percpu_segment has no stackprotector
9065-nostackp := $(call cc-option, -fno-stack-protector)
9066-CFLAGS_common.o := $(nostackp)
9067-
9068 obj-y := intel_cacheinfo.o addon_cpuid_features.o
9069 obj-y += proc.o capflags.o powerflags.o common.o
9070 obj-y += vmware.o hypervisor.o sched.o
9071diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/mcheck/mce_amd.c linux-2.6.32.8/arch/x86/kernel/cpu/mcheck/mce_amd.c
9072--- linux-2.6.32.8/arch/x86/kernel/cpu/mcheck/mce_amd.c 2010-02-09 07:57:19.000000000 -0500
9073+++ linux-2.6.32.8/arch/x86/kernel/cpu/mcheck/mce_amd.c 2010-02-13 21:45:09.932921573 -0500
9074@@ -388,7 +388,7 @@ static ssize_t store(struct kobject *kob
9075 return ret;
9076 }
9077
9078-static struct sysfs_ops threshold_ops = {
9079+static const struct sysfs_ops threshold_ops = {
9080 .show = show,
9081 .store = store,
9082 };
9083diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/mcheck/mce.c linux-2.6.32.8/arch/x86/kernel/cpu/mcheck/mce.c
9084--- linux-2.6.32.8/arch/x86/kernel/cpu/mcheck/mce.c 2010-02-09 07:57:19.000000000 -0500
9085+++ linux-2.6.32.8/arch/x86/kernel/cpu/mcheck/mce.c 2010-02-13 21:45:09.932921573 -0500
9086@@ -1429,14 +1429,14 @@ void __cpuinit mcheck_init(struct cpuinf
9087 */
9088
9089 static DEFINE_SPINLOCK(mce_state_lock);
9090-static int open_count; /* #times opened */
9091+static atomic_t open_count; /* #times opened */
9092 static int open_exclu; /* already open exclusive? */
9093
9094 static int mce_open(struct inode *inode, struct file *file)
9095 {
9096 spin_lock(&mce_state_lock);
9097
9098- if (open_exclu || (open_count && (file->f_flags & O_EXCL))) {
9099+ if (open_exclu || (atomic_read(&open_count) && (file->f_flags & O_EXCL))) {
9100 spin_unlock(&mce_state_lock);
9101
9102 return -EBUSY;
9103@@ -1444,7 +1444,7 @@ static int mce_open(struct inode *inode,
9104
9105 if (file->f_flags & O_EXCL)
9106 open_exclu = 1;
9107- open_count++;
9108+ atomic_inc(&open_count);
9109
9110 spin_unlock(&mce_state_lock);
9111
9112@@ -1455,7 +1455,7 @@ static int mce_release(struct inode *ino
9113 {
9114 spin_lock(&mce_state_lock);
9115
9116- open_count--;
9117+ atomic_dec(&open_count);
9118 open_exclu = 0;
9119
9120 spin_unlock(&mce_state_lock);
9121@@ -1595,6 +1595,7 @@ static struct miscdevice mce_log_device
9122 MISC_MCELOG_MINOR,
9123 "mcelog",
9124 &mce_chrdev_ops,
9125+ {NULL, NULL}, NULL, NULL
9126 };
9127
9128 /*
9129diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/amd.c linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/amd.c
9130--- linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/amd.c 2010-02-09 07:57:19.000000000 -0500
9131+++ linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/amd.c 2010-02-13 21:45:09.932921573 -0500
9132@@ -108,7 +108,7 @@ amd_validate_add_page(unsigned long base
9133 return 0;
9134 }
9135
9136-static struct mtrr_ops amd_mtrr_ops = {
9137+static const struct mtrr_ops amd_mtrr_ops = {
9138 .vendor = X86_VENDOR_AMD,
9139 .set = amd_set_mtrr,
9140 .get = amd_get_mtrr,
9141diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/centaur.c linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/centaur.c
9142--- linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/centaur.c 2010-02-09 07:57:19.000000000 -0500
9143+++ linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/centaur.c 2010-02-13 21:45:09.933919306 -0500
9144@@ -110,7 +110,7 @@ centaur_validate_add_page(unsigned long
9145 return 0;
9146 }
9147
9148-static struct mtrr_ops centaur_mtrr_ops = {
9149+static const struct mtrr_ops centaur_mtrr_ops = {
9150 .vendor = X86_VENDOR_CENTAUR,
9151 .set = centaur_set_mcr,
9152 .get = centaur_get_mcr,
9153diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/cyrix.c linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/cyrix.c
9154--- linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/cyrix.c 2010-02-09 07:57:19.000000000 -0500
9155+++ linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/cyrix.c 2010-02-13 21:45:09.933919306 -0500
9156@@ -265,7 +265,7 @@ static void cyrix_set_all(void)
9157 post_set();
9158 }
9159
9160-static struct mtrr_ops cyrix_mtrr_ops = {
9161+static const struct mtrr_ops cyrix_mtrr_ops = {
9162 .vendor = X86_VENDOR_CYRIX,
9163 .set_all = cyrix_set_all,
9164 .set = cyrix_set_arr,
9165diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/generic.c linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/generic.c
9166--- linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/generic.c 2010-02-09 07:57:19.000000000 -0500
9167+++ linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/generic.c 2010-02-13 21:45:09.933919306 -0500
9168@@ -29,7 +29,7 @@ static struct fixed_range_block fixed_ra
9169 { MSR_MTRRfix64K_00000, 1 }, /* one 64k MTRR */
9170 { MSR_MTRRfix16K_80000, 2 }, /* two 16k MTRRs */
9171 { MSR_MTRRfix4K_C0000, 8 }, /* eight 4k MTRRs */
9172- {}
9173+ { 0, 0 }
9174 };
9175
9176 static unsigned long smp_changes_mask;
9177@@ -752,7 +752,7 @@ int positive_have_wrcomb(void)
9178 /*
9179 * Generic structure...
9180 */
9181-struct mtrr_ops generic_mtrr_ops = {
9182+const struct mtrr_ops generic_mtrr_ops = {
9183 .use_intel_if = 1,
9184 .set_all = generic_set_all,
9185 .get = generic_get_mtrr,
9186diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/main.c linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/main.c
9187--- linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/main.c 2010-02-09 07:57:19.000000000 -0500
9188+++ linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/main.c 2010-02-13 21:45:09.933919306 -0500
9189@@ -60,14 +60,14 @@ static DEFINE_MUTEX(mtrr_mutex);
9190 u64 size_or_mask, size_and_mask;
9191 static bool mtrr_aps_delayed_init;
9192
9193-static struct mtrr_ops *mtrr_ops[X86_VENDOR_NUM];
9194+static const struct mtrr_ops *mtrr_ops[X86_VENDOR_NUM] __read_only;
9195
9196-struct mtrr_ops *mtrr_if;
9197+const struct mtrr_ops *mtrr_if;
9198
9199 static void set_mtrr(unsigned int reg, unsigned long base,
9200 unsigned long size, mtrr_type type);
9201
9202-void set_mtrr_ops(struct mtrr_ops *ops)
9203+void set_mtrr_ops(const struct mtrr_ops *ops)
9204 {
9205 if (ops->vendor && ops->vendor < X86_VENDOR_NUM)
9206 mtrr_ops[ops->vendor] = ops;
9207diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/mtrr.h linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/mtrr.h
9208--- linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/mtrr.h 2010-02-09 07:57:19.000000000 -0500
9209+++ linux-2.6.32.8/arch/x86/kernel/cpu/mtrr/mtrr.h 2010-02-13 21:45:09.933919306 -0500
9210@@ -12,19 +12,19 @@
9211 extern unsigned int mtrr_usage_table[MTRR_MAX_VAR_RANGES];
9212
9213 struct mtrr_ops {
9214- u32 vendor;
9215- u32 use_intel_if;
9216- void (*set)(unsigned int reg, unsigned long base,
9217+ const u32 vendor;
9218+ const u32 use_intel_if;
9219+ void (* const set)(unsigned int reg, unsigned long base,
9220 unsigned long size, mtrr_type type);
9221- void (*set_all)(void);
9222+ void (* const set_all)(void);
9223
9224- void (*get)(unsigned int reg, unsigned long *base,
9225+ void (* const get)(unsigned int reg, unsigned long *base,
9226 unsigned long *size, mtrr_type *type);
9227- int (*get_free_region)(unsigned long base, unsigned long size,
9228+ int (* const get_free_region)(unsigned long base, unsigned long size,
9229 int replace_reg);
9230- int (*validate_add_page)(unsigned long base, unsigned long size,
9231+ int (* const validate_add_page)(unsigned long base, unsigned long size,
9232 unsigned int type);
9233- int (*have_wrcomb)(void);
9234+ int (* const have_wrcomb)(void);
9235 };
9236
9237 extern int generic_get_free_region(unsigned long base, unsigned long size,
9238@@ -32,7 +32,7 @@ extern int generic_get_free_region(unsig
9239 extern int generic_validate_add_page(unsigned long base, unsigned long size,
9240 unsigned int type);
9241
9242-extern struct mtrr_ops generic_mtrr_ops;
9243+extern const struct mtrr_ops generic_mtrr_ops;
9244
9245 extern int positive_have_wrcomb(void);
9246
9247@@ -53,10 +53,10 @@ void fill_mtrr_var_range(unsigned int in
9248 u32 base_lo, u32 base_hi, u32 mask_lo, u32 mask_hi);
9249 void get_mtrr_state(void);
9250
9251-extern void set_mtrr_ops(struct mtrr_ops *ops);
9252+extern void set_mtrr_ops(const struct mtrr_ops *ops);
9253
9254 extern u64 size_or_mask, size_and_mask;
9255-extern struct mtrr_ops *mtrr_if;
9256+extern const struct mtrr_ops *mtrr_if;
9257
9258 #define is_cpu(vnd) (mtrr_if && mtrr_if->vendor == X86_VENDOR_##vnd)
9259 #define use_intel() (mtrr_if && mtrr_if->use_intel_if == 1)
9260diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/perfctr-watchdog.c linux-2.6.32.8/arch/x86/kernel/cpu/perfctr-watchdog.c
9261--- linux-2.6.32.8/arch/x86/kernel/cpu/perfctr-watchdog.c 2010-02-09 07:57:19.000000000 -0500
9262+++ linux-2.6.32.8/arch/x86/kernel/cpu/perfctr-watchdog.c 2010-02-13 21:45:09.934923901 -0500
9263@@ -30,11 +30,11 @@ struct nmi_watchdog_ctlblk {
9264
9265 /* Interface defining a CPU specific perfctr watchdog */
9266 struct wd_ops {
9267- int (*reserve)(void);
9268- void (*unreserve)(void);
9269- int (*setup)(unsigned nmi_hz);
9270- void (*rearm)(struct nmi_watchdog_ctlblk *wd, unsigned nmi_hz);
9271- void (*stop)(void);
9272+ int (* const reserve)(void);
9273+ void (* const unreserve)(void);
9274+ int (* const setup)(unsigned nmi_hz);
9275+ void (* const rearm)(struct nmi_watchdog_ctlblk *wd, unsigned nmi_hz);
9276+ void (* const stop)(void);
9277 unsigned perfctr;
9278 unsigned evntsel;
9279 u64 checkbit;
9280@@ -645,6 +645,7 @@ static const struct wd_ops p4_wd_ops = {
9281 #define ARCH_PERFMON_NMI_EVENT_SEL ARCH_PERFMON_UNHALTED_CORE_CYCLES_SEL
9282 #define ARCH_PERFMON_NMI_EVENT_UMASK ARCH_PERFMON_UNHALTED_CORE_CYCLES_UMASK
9283
9284+/* cannot be const */
9285 static struct wd_ops intel_arch_wd_ops;
9286
9287 static int setup_intel_arch_watchdog(unsigned nmi_hz)
9288@@ -697,6 +698,7 @@ static int setup_intel_arch_watchdog(uns
9289 return 1;
9290 }
9291
9292+/* cannot be const */
9293 static struct wd_ops intel_arch_wd_ops __read_mostly = {
9294 .reserve = single_msr_reserve,
9295 .unreserve = single_msr_unreserve,
9296diff -urNp linux-2.6.32.8/arch/x86/kernel/cpu/perf_event.c linux-2.6.32.8/arch/x86/kernel/cpu/perf_event.c
9297--- linux-2.6.32.8/arch/x86/kernel/cpu/perf_event.c 2010-02-09 07:57:19.000000000 -0500
9298+++ linux-2.6.32.8/arch/x86/kernel/cpu/perf_event.c 2010-02-13 21:45:09.934923901 -0500
9299@@ -2252,7 +2252,7 @@ perf_callchain_user(struct pt_regs *regs
9300 break;
9301
9302 callchain_store(entry, frame.return_address);
9303- fp = frame.next_frame;
9304+ fp = (__force const void __user *)frame.next_frame;
9305 }
9306 }
9307
9308diff -urNp linux-2.6.32.8/arch/x86/kernel/crash.c linux-2.6.32.8/arch/x86/kernel/crash.c
9309--- linux-2.6.32.8/arch/x86/kernel/crash.c 2010-02-09 07:57:19.000000000 -0500
9310+++ linux-2.6.32.8/arch/x86/kernel/crash.c 2010-02-13 21:45:09.934923901 -0500
9311@@ -42,7 +42,7 @@ static void kdump_nmi_callback(int cpu,
9312 regs = args->regs;
9313
9314 #ifdef CONFIG_X86_32
9315- if (!user_mode_vm(regs)) {
9316+ if (!user_mode(regs)) {
9317 crash_fixup_ss_esp(&fixed_regs, regs);
9318 regs = &fixed_regs;
9319 }
9320diff -urNp linux-2.6.32.8/arch/x86/kernel/doublefault_32.c linux-2.6.32.8/arch/x86/kernel/doublefault_32.c
9321--- linux-2.6.32.8/arch/x86/kernel/doublefault_32.c 2010-02-09 07:57:19.000000000 -0500
9322+++ linux-2.6.32.8/arch/x86/kernel/doublefault_32.c 2010-02-13 21:45:09.935911670 -0500
9323@@ -11,7 +11,7 @@
9324
9325 #define DOUBLEFAULT_STACKSIZE (1024)
9326 static unsigned long doublefault_stack[DOUBLEFAULT_STACKSIZE];
9327-#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE)
9328+#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE-2)
9329
9330 #define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + MAXMEM)
9331
9332@@ -21,7 +21,7 @@ static void doublefault_fn(void)
9333 unsigned long gdt, tss;
9334
9335 store_gdt(&gdt_desc);
9336- gdt = gdt_desc.address;
9337+ gdt = (unsigned long)gdt_desc.address;
9338
9339 printk(KERN_EMERG "PANIC: double fault, gdt at %08lx [%d bytes]\n", gdt, gdt_desc.size);
9340
9341@@ -58,10 +58,10 @@ struct tss_struct doublefault_tss __cach
9342 /* 0x2 bit is always set */
9343 .flags = X86_EFLAGS_SF | 0x2,
9344 .sp = STACK_START,
9345- .es = __USER_DS,
9346+ .es = __KERNEL_DS,
9347 .cs = __KERNEL_CS,
9348 .ss = __KERNEL_DS,
9349- .ds = __USER_DS,
9350+ .ds = __KERNEL_DS,
9351 .fs = __KERNEL_PERCPU,
9352
9353 .__cr3 = __pa_nodebug(swapper_pg_dir),
9354diff -urNp linux-2.6.32.8/arch/x86/kernel/dumpstack_32.c linux-2.6.32.8/arch/x86/kernel/dumpstack_32.c
9355--- linux-2.6.32.8/arch/x86/kernel/dumpstack_32.c 2010-02-09 07:57:19.000000000 -0500
9356+++ linux-2.6.32.8/arch/x86/kernel/dumpstack_32.c 2010-02-13 21:45:09.935911670 -0500
9357@@ -112,11 +112,12 @@ void show_registers(struct pt_regs *regs
9358 * When in-kernel, we also print out the stack and code at the
9359 * time of the fault..
9360 */
9361- if (!user_mode_vm(regs)) {
9362+ if (!user_mode(regs)) {
9363 unsigned int code_prologue = code_bytes * 43 / 64;
9364 unsigned int code_len = code_bytes;
9365 unsigned char c;
9366 u8 *ip;
9367+ unsigned long cs_base = get_desc_base(&get_cpu_gdt_table(smp_processor_id())[(0xffff & regs->cs) >> 3]);
9368
9369 printk(KERN_EMERG "Stack:\n");
9370 show_stack_log_lvl(NULL, regs, &regs->sp,
9371@@ -124,10 +125,10 @@ void show_registers(struct pt_regs *regs
9372
9373 printk(KERN_EMERG "Code: ");
9374
9375- ip = (u8 *)regs->ip - code_prologue;
9376+ ip = (u8 *)regs->ip - code_prologue + cs_base;
9377 if (ip < (u8 *)PAGE_OFFSET || probe_kernel_address(ip, c)) {
9378 /* try starting at IP */
9379- ip = (u8 *)regs->ip;
9380+ ip = (u8 *)regs->ip + cs_base;
9381 code_len = code_len - code_prologue + 1;
9382 }
9383 for (i = 0; i < code_len; i++, ip++) {
9384@@ -136,7 +137,7 @@ void show_registers(struct pt_regs *regs
9385 printk(" Bad EIP value.");
9386 break;
9387 }
9388- if (ip == (u8 *)regs->ip)
9389+ if (ip == (u8 *)regs->ip + cs_base)
9390 printk("<%02x> ", c);
9391 else
9392 printk("%02x ", c);
9393@@ -149,6 +150,7 @@ int is_valid_bugaddr(unsigned long ip)
9394 {
9395 unsigned short ud2;
9396
9397+ ip = ktla_ktva(ip);
9398 if (ip < PAGE_OFFSET)
9399 return 0;
9400 if (probe_kernel_address((unsigned short *)ip, ud2))
9401diff -urNp linux-2.6.32.8/arch/x86/kernel/dumpstack.c linux-2.6.32.8/arch/x86/kernel/dumpstack.c
9402--- linux-2.6.32.8/arch/x86/kernel/dumpstack.c 2010-02-09 07:57:19.000000000 -0500
9403+++ linux-2.6.32.8/arch/x86/kernel/dumpstack.c 2010-02-13 21:45:09.935911670 -0500
9404@@ -180,7 +180,7 @@ void dump_stack(void)
9405 #endif
9406
9407 printk("Pid: %d, comm: %.20s %s %s %.*s\n",
9408- current->pid, current->comm, print_tainted(),
9409+ task_pid_nr(current), current->comm, print_tainted(),
9410 init_utsname()->release,
9411 (int)strcspn(init_utsname()->version, " "),
9412 init_utsname()->version);
9413@@ -241,7 +241,7 @@ void __kprobes oops_end(unsigned long fl
9414 panic("Fatal exception in interrupt");
9415 if (panic_on_oops)
9416 panic("Fatal exception");
9417- do_exit(signr);
9418+ do_group_exit(signr);
9419 }
9420
9421 int __kprobes __die(const char *str, struct pt_regs *regs, long err)
9422@@ -295,7 +295,7 @@ void die(const char *str, struct pt_regs
9423 unsigned long flags = oops_begin();
9424 int sig = SIGSEGV;
9425
9426- if (!user_mode_vm(regs))
9427+ if (!user_mode(regs))
9428 report_bug(regs->ip, regs);
9429
9430 if (__die(str, regs, err))
9431diff -urNp linux-2.6.32.8/arch/x86/kernel/e820.c linux-2.6.32.8/arch/x86/kernel/e820.c
9432--- linux-2.6.32.8/arch/x86/kernel/e820.c 2010-02-09 07:57:19.000000000 -0500
9433+++ linux-2.6.32.8/arch/x86/kernel/e820.c 2010-02-13 21:45:09.935911670 -0500
9434@@ -733,7 +733,10 @@ struct early_res {
9435 };
9436 static struct early_res early_res[MAX_EARLY_RES] __initdata = {
9437 { 0, PAGE_SIZE, "BIOS data page" }, /* BIOS data page */
9438- {}
9439+#ifdef CONFIG_VM86
9440+ { PAGE_SIZE, ISA_START_ADDRESS, "V86 mode memory", 1 },
9441+#endif
9442+ { 0, 0, {0}, 0 }
9443 };
9444
9445 static int __init find_overlapped_early(u64 start, u64 end)
9446diff -urNp linux-2.6.32.8/arch/x86/kernel/efi_32.c linux-2.6.32.8/arch/x86/kernel/efi_32.c
9447--- linux-2.6.32.8/arch/x86/kernel/efi_32.c 2010-02-09 07:57:19.000000000 -0500
9448+++ linux-2.6.32.8/arch/x86/kernel/efi_32.c 2010-02-13 21:45:09.935911670 -0500
9449@@ -38,70 +38,38 @@
9450 */
9451
9452 static unsigned long efi_rt_eflags;
9453-static pgd_t efi_bak_pg_dir_pointer[2];
9454+static pgd_t __initdata efi_bak_pg_dir_pointer[KERNEL_PGD_PTRS];
9455
9456-void efi_call_phys_prelog(void)
9457+void __init efi_call_phys_prelog(void)
9458 {
9459- unsigned long cr4;
9460- unsigned long temp;
9461 struct desc_ptr gdt_descr;
9462
9463 local_irq_save(efi_rt_eflags);
9464
9465- /*
9466- * If I don't have PAE, I should just duplicate two entries in page
9467- * directory. If I have PAE, I just need to duplicate one entry in
9468- * page directory.
9469- */
9470- cr4 = read_cr4_safe();
9471
9472- if (cr4 & X86_CR4_PAE) {
9473- efi_bak_pg_dir_pointer[0].pgd =
9474- swapper_pg_dir[pgd_index(0)].pgd;
9475- swapper_pg_dir[0].pgd =
9476- swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd;
9477- } else {
9478- efi_bak_pg_dir_pointer[0].pgd =
9479- swapper_pg_dir[pgd_index(0)].pgd;
9480- efi_bak_pg_dir_pointer[1].pgd =
9481- swapper_pg_dir[pgd_index(0x400000)].pgd;
9482- swapper_pg_dir[pgd_index(0)].pgd =
9483- swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd;
9484- temp = PAGE_OFFSET + 0x400000;
9485- swapper_pg_dir[pgd_index(0x400000)].pgd =
9486- swapper_pg_dir[pgd_index(temp)].pgd;
9487- }
9488+ clone_pgd_range(efi_bak_pg_dir_pointer, swapper_pg_dir, KERNEL_PGD_PTRS);
9489+ clone_pgd_range(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY,
9490+ min_t(unsigned long, KERNEL_PGD_PTRS, KERNEL_PGD_BOUNDARY));
9491
9492 /*
9493 * After the lock is released, the original page table is restored.
9494 */
9495 __flush_tlb_all();
9496
9497- gdt_descr.address = __pa(get_cpu_gdt_table(0));
9498+ gdt_descr.address = (struct desc_struct *)__pa(get_cpu_gdt_table(0));
9499 gdt_descr.size = GDT_SIZE - 1;
9500 load_gdt(&gdt_descr);
9501 }
9502
9503-void efi_call_phys_epilog(void)
9504+void __init efi_call_phys_epilog(void)
9505 {
9506- unsigned long cr4;
9507 struct desc_ptr gdt_descr;
9508
9509- gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
9510+ gdt_descr.address = get_cpu_gdt_table(0);
9511 gdt_descr.size = GDT_SIZE - 1;
9512 load_gdt(&gdt_descr);
9513
9514- cr4 = read_cr4_safe();
9515-
9516- if (cr4 & X86_CR4_PAE) {
9517- swapper_pg_dir[pgd_index(0)].pgd =
9518- efi_bak_pg_dir_pointer[0].pgd;
9519- } else {
9520- swapper_pg_dir[pgd_index(0)].pgd =
9521- efi_bak_pg_dir_pointer[0].pgd;
9522- swapper_pg_dir[pgd_index(0x400000)].pgd =
9523- efi_bak_pg_dir_pointer[1].pgd;
9524- }
9525+ clone_pgd_range(swapper_pg_dir, efi_bak_pg_dir_pointer, KERNEL_PGD_PTRS);
9526
9527 /*
9528 * After the lock is released, the original page table is restored.
9529diff -urNp linux-2.6.32.8/arch/x86/kernel/efi_stub_32.S linux-2.6.32.8/arch/x86/kernel/efi_stub_32.S
9530--- linux-2.6.32.8/arch/x86/kernel/efi_stub_32.S 2010-02-09 07:57:19.000000000 -0500
9531+++ linux-2.6.32.8/arch/x86/kernel/efi_stub_32.S 2010-02-13 21:45:09.936909632 -0500
9532@@ -6,6 +6,7 @@
9533 */
9534
9535 #include <linux/linkage.h>
9536+#include <linux/init.h>
9537 #include <asm/page_types.h>
9538
9539 /*
9540@@ -20,7 +21,7 @@
9541 * service functions will comply with gcc calling convention, too.
9542 */
9543
9544-.text
9545+__INIT
9546 ENTRY(efi_call_phys)
9547 /*
9548 * 0. The function can only be called in Linux kernel. So CS has been
9549@@ -36,9 +37,7 @@ ENTRY(efi_call_phys)
9550 * The mapping of lower virtual memory has been created in prelog and
9551 * epilog.
9552 */
9553- movl $1f, %edx
9554- subl $__PAGE_OFFSET, %edx
9555- jmp *%edx
9556+ jmp 1f-__PAGE_OFFSET
9557 1:
9558
9559 /*
9560@@ -47,14 +46,8 @@ ENTRY(efi_call_phys)
9561 * parameter 2, ..., param n. To make things easy, we save the return
9562 * address of efi_call_phys in a global variable.
9563 */
9564- popl %edx
9565- movl %edx, saved_return_addr
9566- /* get the function pointer into ECX*/
9567- popl %ecx
9568- movl %ecx, efi_rt_function_ptr
9569- movl $2f, %edx
9570- subl $__PAGE_OFFSET, %edx
9571- pushl %edx
9572+ popl (saved_return_addr)
9573+ popl (efi_rt_function_ptr)
9574
9575 /*
9576 * 3. Clear PG bit in %CR0.
9577@@ -73,9 +66,8 @@ ENTRY(efi_call_phys)
9578 /*
9579 * 5. Call the physical function.
9580 */
9581- jmp *%ecx
9582+ call *(efi_rt_function_ptr-__PAGE_OFFSET)
9583
9584-2:
9585 /*
9586 * 6. After EFI runtime service returns, control will return to
9587 * following instruction. We'd better readjust stack pointer first.
9588@@ -88,35 +80,28 @@ ENTRY(efi_call_phys)
9589 movl %cr0, %edx
9590 orl $0x80000000, %edx
9591 movl %edx, %cr0
9592- jmp 1f
9593-1:
9594+
9595 /*
9596 * 8. Now restore the virtual mode from flat mode by
9597 * adding EIP with PAGE_OFFSET.
9598 */
9599- movl $1f, %edx
9600- jmp *%edx
9601+ jmp 1f+__PAGE_OFFSET
9602 1:
9603
9604 /*
9605 * 9. Balance the stack. And because EAX contain the return value,
9606 * we'd better not clobber it.
9607 */
9608- leal efi_rt_function_ptr, %edx
9609- movl (%edx), %ecx
9610- pushl %ecx
9611+ pushl (efi_rt_function_ptr)
9612
9613 /*
9614- * 10. Push the saved return address onto the stack and return.
9615+ * 10. Return to the saved return address.
9616 */
9617- leal saved_return_addr, %edx
9618- movl (%edx), %ecx
9619- pushl %ecx
9620- ret
9621+ jmpl *(saved_return_addr)
9622 ENDPROC(efi_call_phys)
9623 .previous
9624
9625-.data
9626+__INITDATA
9627 saved_return_addr:
9628 .long 0
9629 efi_rt_function_ptr:
9630diff -urNp linux-2.6.32.8/arch/x86/kernel/entry_32.S linux-2.6.32.8/arch/x86/kernel/entry_32.S
9631--- linux-2.6.32.8/arch/x86/kernel/entry_32.S 2010-02-09 07:57:19.000000000 -0500
9632+++ linux-2.6.32.8/arch/x86/kernel/entry_32.S 2010-02-13 21:45:09.936909632 -0500
9633@@ -191,7 +191,7 @@
9634
9635 #endif /* CONFIG_X86_32_LAZY_GS */
9636
9637-.macro SAVE_ALL
9638+.macro __SAVE_ALL _DS
9639 cld
9640 PUSH_GS
9641 pushl %fs
9642@@ -224,7 +224,7 @@
9643 pushl %ebx
9644 CFI_ADJUST_CFA_OFFSET 4
9645 CFI_REL_OFFSET ebx, 0
9646- movl $(__USER_DS), %edx
9647+ movl $\_DS, %edx
9648 movl %edx, %ds
9649 movl %edx, %es
9650 movl $(__KERNEL_PERCPU), %edx
9651@@ -232,6 +232,15 @@
9652 SET_KERNEL_GS %edx
9653 .endm
9654
9655+.macro SAVE_ALL
9656+#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
9657+ __SAVE_ALL __KERNEL_DS
9658+ PAX_ENTER_KERNEL
9659+#else
9660+ __SAVE_ALL __USER_DS
9661+#endif
9662+.endm
9663+
9664 .macro RESTORE_INT_REGS
9665 popl %ebx
9666 CFI_ADJUST_CFA_OFFSET -4
9667@@ -352,7 +361,15 @@ check_userspace:
9668 movb PT_CS(%esp), %al
9669 andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax
9670 cmpl $USER_RPL, %eax
9671+
9672+#ifdef CONFIG_PAX_KERNEXEC
9673+ jae resume_userspace
9674+
9675+ PAX_EXIT_KERNEL
9676+ jmp resume_kernel
9677+#else
9678 jb resume_kernel # not returning to v8086 or userspace
9679+#endif
9680
9681 ENTRY(resume_userspace)
9682 LOCKDEP_SYS_EXIT
9683@@ -414,10 +431,9 @@ sysenter_past_esp:
9684 /*CFI_REL_OFFSET cs, 0*/
9685 /*
9686 * Push current_thread_info()->sysenter_return to the stack.
9687- * A tiny bit of offset fixup is necessary - 4*4 means the 4 words
9688- * pushed above; +8 corresponds to copy_thread's esp0 setting.
9689 */
9690- pushl (TI_sysenter_return-THREAD_SIZE+8+4*4)(%esp)
9691+ GET_THREAD_INFO(%ebp)
9692+ pushl TI_sysenter_return(%ebp)
9693 CFI_ADJUST_CFA_OFFSET 4
9694 CFI_REL_OFFSET eip, 0
9695
9696@@ -430,9 +446,19 @@ sysenter_past_esp:
9697 * Load the potential sixth argument from user stack.
9698 * Careful about security.
9699 */
9700+ movl PT_OLDESP(%esp),%ebp
9701+
9702+#ifdef CONFIG_PAX_MEMORY_UDEREF
9703+ mov PT_OLDSS(%esp),%ds
9704+1: movl %ds:(%ebp),%ebp
9705+ push %ss
9706+ pop %ds
9707+#else
9708 cmpl $__PAGE_OFFSET-3,%ebp
9709 jae syscall_fault
9710 1: movl (%ebp),%ebp
9711+#endif
9712+
9713 movl %ebp,PT_EBP(%esp)
9714 .section __ex_table,"a"
9715 .align 4
9716@@ -455,12 +481,23 @@ sysenter_do_call:
9717 testl $_TIF_ALLWORK_MASK, %ecx
9718 jne sysexit_audit
9719 sysenter_exit:
9720+
9721+#ifdef CONFIG_PAX_RANDKSTACK
9722+ pushl %eax
9723+ CFI_ADJUST_CFA_OFFSET 4
9724+ call pax_randomize_kstack
9725+ popl %eax
9726+ CFI_ADJUST_CFA_OFFSET -4
9727+#endif
9728+
9729 /* if something modifies registers it must also disable sysexit */
9730 movl PT_EIP(%esp), %edx
9731 movl PT_OLDESP(%esp), %ecx
9732 xorl %ebp,%ebp
9733 TRACE_IRQS_ON
9734 1: mov PT_FS(%esp), %fs
9735+2: mov PT_DS(%esp), %ds
9736+3: mov PT_ES(%esp), %es
9737 PTGS_TO_GS
9738 ENABLE_INTERRUPTS_SYSEXIT
9739
9740@@ -504,11 +541,17 @@ sysexit_audit:
9741
9742 CFI_ENDPROC
9743 .pushsection .fixup,"ax"
9744-2: movl $0,PT_FS(%esp)
9745+4: movl $0,PT_FS(%esp)
9746+ jmp 1b
9747+5: movl $0,PT_DS(%esp)
9748+ jmp 1b
9749+6: movl $0,PT_ES(%esp)
9750 jmp 1b
9751 .section __ex_table,"a"
9752 .align 4
9753- .long 1b,2b
9754+ .long 1b,4b
9755+ .long 2b,5b
9756+ .long 3b,6b
9757 .popsection
9758 PTGS_TO_GS_EX
9759 ENDPROC(ia32_sysenter_target)
9760@@ -538,6 +581,10 @@ syscall_exit:
9761 testl $_TIF_ALLWORK_MASK, %ecx # current->work
9762 jne syscall_exit_work
9763
9764+#ifdef CONFIG_PAX_RANDKSTACK
9765+ call pax_randomize_kstack
9766+#endif
9767+
9768 restore_all:
9769 TRACE_IRQS_IRET
9770 restore_all_notrace:
9771@@ -602,7 +649,13 @@ ldt_ss:
9772 mov PT_OLDESP(%esp), %eax /* load userspace esp */
9773 mov %dx, %ax /* eax: new kernel esp */
9774 sub %eax, %edx /* offset (low word is 0) */
9775- PER_CPU(gdt_page, %ebx)
9776+#ifdef CONFIG_SMP
9777+ movl PER_CPU_VAR(cpu_number), %ebx
9778+ shll $PAGE_SHIFT_asm, %ebx
9779+ addl $cpu_gdt_table, %ebx
9780+#else
9781+ movl $cpu_gdt_table, %ebx
9782+#endif
9783 shr $16, %edx
9784 mov %dl, GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx) /* bits 16..23 */
9785 mov %dh, GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx) /* bits 24..31 */
9786@@ -642,25 +695,19 @@ work_resched:
9787
9788 work_notifysig: # deal with pending signals and
9789 # notify-resume requests
9790+ movl %esp, %eax
9791 #ifdef CONFIG_VM86
9792 testl $X86_EFLAGS_VM, PT_EFLAGS(%esp)
9793- movl %esp, %eax
9794- jne work_notifysig_v86 # returning to kernel-space or
9795+ jz 1f # returning to kernel-space or
9796 # vm86-space
9797- xorl %edx, %edx
9798- call do_notify_resume
9799- jmp resume_userspace_sig
9800
9801- ALIGN
9802-work_notifysig_v86:
9803 pushl %ecx # save ti_flags for do_notify_resume
9804 CFI_ADJUST_CFA_OFFSET 4
9805 call save_v86_state # %eax contains pt_regs pointer
9806 popl %ecx
9807 CFI_ADJUST_CFA_OFFSET -4
9808 movl %eax, %esp
9809-#else
9810- movl %esp, %eax
9811+1:
9812 #endif
9813 xorl %edx, %edx
9814 call do_notify_resume
9815@@ -695,6 +742,10 @@ END(syscall_exit_work)
9816
9817 RING0_INT_FRAME # can't unwind into user space anyway
9818 syscall_fault:
9819+#ifdef CONFIG_PAX_MEMORY_UDEREF
9820+ push %ss
9821+ pop %ds
9822+#endif
9823 GET_THREAD_INFO(%ebp)
9824 movl $-EFAULT,PT_EAX(%esp)
9825 jmp resume_userspace
9826@@ -735,7 +786,13 @@ PTREGSCALL(vm86old)
9827 * normal stack and adjusts ESP with the matching offset.
9828 */
9829 /* fixup the stack */
9830- PER_CPU(gdt_page, %ebx)
9831+#ifdef CONFIG_SMP
9832+ movl PER_CPU_VAR(cpu_number), %ebx
9833+ shll $PAGE_SHIFT_asm, %ebx
9834+ addl $cpu_gdt_table, %ebx
9835+#else
9836+ movl $cpu_gdt_table, %ebx
9837+#endif
9838 mov GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx), %al /* bits 16..23 */
9839 mov GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx), %ah /* bits 24..31 */
9840 shl $16, %eax
9841@@ -1198,7 +1255,6 @@ return_to_handler:
9842 ret
9843 #endif
9844
9845-.section .rodata,"a"
9846 #include "syscall_table_32.S"
9847
9848 syscall_table_size=(.-sys_call_table)
9849@@ -1250,12 +1306,15 @@ error_code:
9850 movl %ecx, %fs
9851 UNWIND_ESPFIX_STACK
9852 GS_TO_REG %ecx
9853+
9854+ PAX_ENTER_KERNEL
9855+
9856 movl PT_GS(%esp), %edi # get the function address
9857 movl PT_ORIG_EAX(%esp), %edx # get the error code
9858 movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
9859 REG_TO_PTGS %ecx
9860 SET_KERNEL_GS %ecx
9861- movl $(__USER_DS), %ecx
9862+ movl $(__KERNEL_DS), %ecx
9863 movl %ecx, %ds
9864 movl %ecx, %es
9865 TRACE_IRQS_OFF
9866@@ -1351,6 +1410,9 @@ nmi_stack_correct:
9867 xorl %edx,%edx # zero error code
9868 movl %esp,%eax # pt_regs pointer
9869 call do_nmi
9870+
9871+ PAX_EXIT_KERNEL
9872+
9873 jmp restore_all_notrace
9874 CFI_ENDPROC
9875
9876@@ -1391,6 +1453,9 @@ nmi_espfix_stack:
9877 FIXUP_ESPFIX_STACK # %eax == %esp
9878 xorl %edx,%edx # zero error code
9879 call do_nmi
9880+
9881+ PAX_EXIT_KERNEL
9882+
9883 RESTORE_REGS
9884 lss 12+4(%esp), %esp # back to espfix stack
9885 CFI_ADJUST_CFA_OFFSET -24
9886diff -urNp linux-2.6.32.8/arch/x86/kernel/entry_64.S linux-2.6.32.8/arch/x86/kernel/entry_64.S
9887--- linux-2.6.32.8/arch/x86/kernel/entry_64.S 2010-02-09 07:57:19.000000000 -0500
9888+++ linux-2.6.32.8/arch/x86/kernel/entry_64.S 2010-02-13 21:45:09.936909632 -0500
9889@@ -1068,7 +1068,12 @@ ENTRY(\sym)
9890 TRACE_IRQS_OFF
9891 movq %rsp,%rdi /* pt_regs pointer */
9892 xorl %esi,%esi /* no error code */
9893- PER_CPU(init_tss, %rbp)
9894+#ifdef CONFIG_SMP
9895+ imul $TSS_size, PER_CPU_VAR(cpu_number), %ebp
9896+ lea init_tss(%rbp), %rbp
9897+#else
9898+ lea init_tss(%rip), %rbp
9899+#endif
9900 subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
9901 call \do_sym
9902 addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
9903diff -urNp linux-2.6.32.8/arch/x86/kernel/ftrace.c linux-2.6.32.8/arch/x86/kernel/ftrace.c
9904--- linux-2.6.32.8/arch/x86/kernel/ftrace.c 2010-02-09 07:57:19.000000000 -0500
9905+++ linux-2.6.32.8/arch/x86/kernel/ftrace.c 2010-02-13 21:45:09.937911582 -0500
9906@@ -149,7 +149,9 @@ void ftrace_nmi_enter(void)
9907 {
9908 if (atomic_inc_return(&nmi_running) & MOD_CODE_WRITE_FLAG) {
9909 smp_rmb();
9910+ pax_open_kernel();
9911 ftrace_mod_code();
9912+ pax_close_kernel();
9913 atomic_inc(&nmi_update_count);
9914 }
9915 /* Must have previous changes seen before executions */
9916@@ -215,7 +217,7 @@ do_ftrace_mod_code(unsigned long ip, voi
9917
9918
9919
9920-static unsigned char ftrace_nop[MCOUNT_INSN_SIZE];
9921+static unsigned char ftrace_nop[MCOUNT_INSN_SIZE] __read_only;
9922
9923 static unsigned char *ftrace_nop_replace(void)
9924 {
9925@@ -228,6 +230,8 @@ ftrace_modify_code(unsigned long ip, uns
9926 {
9927 unsigned char replaced[MCOUNT_INSN_SIZE];
9928
9929+ ip = ktla_ktva(ip);
9930+
9931 /*
9932 * Note: Due to modules and __init, code can
9933 * disappear and change, we need to protect against faulting
9934@@ -284,7 +288,7 @@ int ftrace_update_ftrace_func(ftrace_fun
9935 unsigned char old[MCOUNT_INSN_SIZE], *new;
9936 int ret;
9937
9938- memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE);
9939+ memcpy(old, (void *)ktla_ktva((unsigned long)ftrace_call), MCOUNT_INSN_SIZE);
9940 new = ftrace_call_replace(ip, (unsigned long)func);
9941 ret = ftrace_modify_code(ip, old, new);
9942
9943@@ -337,15 +341,15 @@ int __init ftrace_dyn_arch_init(void *da
9944 switch (faulted) {
9945 case 0:
9946 pr_info("ftrace: converting mcount calls to 0f 1f 44 00 00\n");
9947- memcpy(ftrace_nop, ftrace_test_p6nop, MCOUNT_INSN_SIZE);
9948+ memcpy(ftrace_nop, ktla_ktva(ftrace_test_p6nop), MCOUNT_INSN_SIZE);
9949 break;
9950 case 1:
9951 pr_info("ftrace: converting mcount calls to 66 66 66 66 90\n");
9952- memcpy(ftrace_nop, ftrace_test_nop5, MCOUNT_INSN_SIZE);
9953+ memcpy(ftrace_nop, ktla_ktva(ftrace_test_nop5), MCOUNT_INSN_SIZE);
9954 break;
9955 case 2:
9956 pr_info("ftrace: converting mcount calls to jmp . + 5\n");
9957- memcpy(ftrace_nop, ftrace_test_jmp, MCOUNT_INSN_SIZE);
9958+ memcpy(ftrace_nop, ktla_ktva(ftrace_test_jmp), MCOUNT_INSN_SIZE);
9959 break;
9960 }
9961
9962@@ -366,6 +370,8 @@ static int ftrace_mod_jmp(unsigned long
9963 {
9964 unsigned char code[MCOUNT_INSN_SIZE];
9965
9966+ ip = ktla_ktva(ip);
9967+
9968 if (probe_kernel_read(code, (void *)ip, MCOUNT_INSN_SIZE))
9969 return -EFAULT;
9970
9971diff -urNp linux-2.6.32.8/arch/x86/kernel/head32.c linux-2.6.32.8/arch/x86/kernel/head32.c
9972--- linux-2.6.32.8/arch/x86/kernel/head32.c 2010-02-09 07:57:19.000000000 -0500
9973+++ linux-2.6.32.8/arch/x86/kernel/head32.c 2010-02-13 21:45:09.937911582 -0500
9974@@ -16,6 +16,7 @@
9975 #include <asm/apic.h>
9976 #include <asm/io_apic.h>
9977 #include <asm/bios_ebda.h>
9978+#include <asm/boot.h>
9979
9980 static void __init i386_default_early_setup(void)
9981 {
9982@@ -31,7 +32,7 @@ void __init i386_start_kernel(void)
9983 {
9984 reserve_trampoline_memory();
9985
9986- reserve_early(__pa_symbol(&_text), __pa_symbol(&__bss_stop), "TEXT DATA BSS");
9987+ reserve_early(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop), "TEXT DATA BSS");
9988
9989 #ifdef CONFIG_BLK_DEV_INITRD
9990 /* Reserve INITRD */
9991diff -urNp linux-2.6.32.8/arch/x86/kernel/head_32.S linux-2.6.32.8/arch/x86/kernel/head_32.S
9992--- linux-2.6.32.8/arch/x86/kernel/head_32.S 2010-02-09 07:57:19.000000000 -0500
9993+++ linux-2.6.32.8/arch/x86/kernel/head_32.S 2010-02-13 21:45:09.937911582 -0500
9994@@ -19,10 +19,17 @@
9995 #include <asm/setup.h>
9996 #include <asm/processor-flags.h>
9997 #include <asm/percpu.h>
9998+#include <asm/msr-index.h>
9999
10000 /* Physical address */
10001 #define pa(X) ((X) - __PAGE_OFFSET)
10002
10003+#ifdef CONFIG_PAX_KERNEXEC
10004+#define ta(X) (X)
10005+#else
10006+#define ta(X) ((X) - __PAGE_OFFSET)
10007+#endif
10008+
10009 /*
10010 * References to members of the new_cpu_data structure.
10011 */
10012@@ -52,11 +59,7 @@
10013 * and small than max_low_pfn, otherwise will waste some page table entries
10014 */
10015
10016-#if PTRS_PER_PMD > 1
10017-#define PAGE_TABLE_SIZE(pages) (((pages) / PTRS_PER_PMD) + PTRS_PER_PGD)
10018-#else
10019-#define PAGE_TABLE_SIZE(pages) ((pages) / PTRS_PER_PGD)
10020-#endif
10021+#define PAGE_TABLE_SIZE(pages) ((pages) / PTRS_PER_PTE)
10022
10023 /* Enough space to fit pagetables for the low memory linear map */
10024 MAPPING_BEYOND_END = \
10025@@ -73,6 +76,12 @@ INIT_MAP_SIZE = PAGE_TABLE_SIZE(KERNEL_P
10026 RESERVE_BRK(pagetables, INIT_MAP_SIZE)
10027
10028 /*
10029+ * Real beginning of normal "text" segment
10030+ */
10031+ENTRY(stext)
10032+ENTRY(_stext)
10033+
10034+/*
10035 * 32-bit kernel entrypoint; only used by the boot CPU. On entry,
10036 * %esi points to the real-mode code as a 32-bit pointer.
10037 * CS and DS must be 4 GB flat segments, but we don't depend on
10038@@ -80,6 +89,13 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE)
10039 * can.
10040 */
10041 __HEAD
10042+
10043+#ifdef CONFIG_PAX_KERNEXEC
10044+ jmp startup_32
10045+/* PaX: fill first page in .text with int3 to catch NULL derefs in kernel mode */
10046+.fill PAGE_SIZE-5,1,0xcc
10047+#endif
10048+
10049 ENTRY(startup_32)
10050 /* test KEEP_SEGMENTS flag to see if the bootloader is asking
10051 us to not reload segments */
10052@@ -97,6 +113,52 @@ ENTRY(startup_32)
10053 movl %eax,%gs
10054 2:
10055
10056+#ifdef CONFIG_SMP
10057+ movl $pa(cpu_gdt_table),%edi
10058+ movl $__per_cpu_load,%eax
10059+ movw %ax,__KERNEL_PERCPU + 2(%edi)
10060+ rorl $16,%eax
10061+ movb %al,__KERNEL_PERCPU + 4(%edi)
10062+ movb %ah,__KERNEL_PERCPU + 7(%edi)
10063+ movl $__per_cpu_end - 1,%eax
10064+ subl $__per_cpu_start,%eax
10065+ movw %ax,__KERNEL_PERCPU + 0(%edi)
10066+#endif
10067+
10068+#ifdef CONFIG_PAX_MEMORY_UDEREF
10069+ movl $NR_CPUS,%ecx
10070+ movl $pa(cpu_gdt_table),%edi
10071+1:
10072+ movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c09700),GDT_ENTRY_KERNEL_DS * 8 + 4(%edi)
10073+ addl $PAGE_SIZE_asm,%edi
10074+ loop 1b
10075+#endif
10076+
10077+#ifdef CONFIG_PAX_KERNEXEC
10078+ movl $pa(boot_gdt),%edi
10079+ movl $__LOAD_PHYSICAL_ADDR,%eax
10080+ movw %ax,__BOOT_CS + 2(%edi)
10081+ rorl $16,%eax
10082+ movb %al,__BOOT_CS + 4(%edi)
10083+ movb %ah,__BOOT_CS + 7(%edi)
10084+ rorl $16,%eax
10085+
10086+ ljmp $(__BOOT_CS),$1f
10087+1:
10088+
10089+ movl $NR_CPUS,%ecx
10090+ movl $pa(cpu_gdt_table),%edi
10091+ addl $__PAGE_OFFSET,%eax
10092+1:
10093+ movw %ax,__KERNEL_CS + 2(%edi)
10094+ rorl $16,%eax
10095+ movb %al,__KERNEL_CS + 4(%edi)
10096+ movb %ah,__KERNEL_CS + 7(%edi)
10097+ rorl $16,%eax
10098+ addl $PAGE_SIZE_asm,%edi
10099+ loop 1b
10100+#endif
10101+
10102 /*
10103 * Clear BSS first so that there are no surprises...
10104 */
10105@@ -140,9 +202,7 @@ ENTRY(startup_32)
10106 cmpl $num_subarch_entries, %eax
10107 jae bad_subarch
10108
10109- movl pa(subarch_entries)(,%eax,4), %eax
10110- subl $__PAGE_OFFSET, %eax
10111- jmp *%eax
10112+ jmp *pa(subarch_entries)(,%eax,4)
10113
10114 bad_subarch:
10115 WEAK(lguest_entry)
10116@@ -154,10 +214,10 @@ WEAK(xen_entry)
10117 __INITDATA
10118
10119 subarch_entries:
10120- .long default_entry /* normal x86/PC */
10121- .long lguest_entry /* lguest hypervisor */
10122- .long xen_entry /* Xen hypervisor */
10123- .long default_entry /* Moorestown MID */
10124+ .long ta(default_entry) /* normal x86/PC */
10125+ .long ta(lguest_entry) /* lguest hypervisor */
10126+ .long ta(xen_entry) /* Xen hypervisor */
10127+ .long ta(default_entry) /* Moorestown MID */
10128 num_subarch_entries = (. - subarch_entries) / 4
10129 .previous
10130 #endif /* CONFIG_PARAVIRT */
10131@@ -218,8 +278,11 @@ default_entry:
10132 movl %eax, pa(max_pfn_mapped)
10133
10134 /* Do early initialization of the fixmap area */
10135- movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax
10136- movl %eax,pa(swapper_pg_pmd+0x1000*KPMDS-8)
10137+#ifdef CONFIG_COMPAT_VDSO
10138+ movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_pmd+0x1000*KPMDS-8)
10139+#else
10140+ movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-8)
10141+#endif
10142 #else /* Not PAE */
10143
10144 page_pde_offset = (__PAGE_OFFSET >> 20);
10145@@ -249,8 +312,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
10146 movl %eax, pa(max_pfn_mapped)
10147
10148 /* Do early initialization of the fixmap area */
10149- movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax
10150- movl %eax,pa(swapper_pg_dir+0xffc)
10151+#ifdef CONFIG_COMPAT_VDSO
10152+ movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_dir+0xffc)
10153+#else
10154+ movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xffc)
10155+#endif
10156 #endif
10157 jmp 3f
10158 /*
10159@@ -297,6 +363,7 @@ ENTRY(startup_32_smp)
10160 orl %edx,%eax
10161 movl %eax,%cr4
10162
10163+#ifdef CONFIG_X86_PAE
10164 btl $5, %eax # check if PAE is enabled
10165 jnc 6f
10166
10167@@ -312,13 +379,17 @@ ENTRY(startup_32_smp)
10168 jnc 6f
10169
10170 /* Setup EFER (Extended Feature Enable Register) */
10171- movl $0xc0000080, %ecx
10172+ movl $MSR_EFER, %ecx
10173 rdmsr
10174
10175 btsl $11, %eax
10176 /* Make changes effective */
10177 wrmsr
10178
10179+ btsl $_PAGE_BIT_NX-32,pa(__supported_pte_mask+4)
10180+ movl $1,pa(nx_enabled)
10181+#endif
10182+
10183 6:
10184
10185 /*
10186@@ -344,9 +415,7 @@ ENTRY(startup_32_smp)
10187
10188 #ifdef CONFIG_SMP
10189 cmpb $0, ready
10190- jz 1f /* Initial CPU cleans BSS */
10191- jmp checkCPUtype
10192-1:
10193+ jnz checkCPUtype /* Initial CPU cleans BSS */
10194 #endif /* CONFIG_SMP */
10195
10196 /*
10197@@ -424,7 +493,7 @@ is386: movl $2,%ecx # set MP
10198 1: movl $(__KERNEL_DS),%eax # reload all the segment registers
10199 movl %eax,%ss # after changing gdt.
10200
10201- movl $(__USER_DS),%eax # DS/ES contains default USER segment
10202+# movl $(__KERNEL_DS),%eax # DS/ES contains default KERNEL segment
10203 movl %eax,%ds
10204 movl %eax,%es
10205
10206@@ -438,8 +507,11 @@ is386: movl $2,%ecx # set MP
10207 */
10208 cmpb $0,ready
10209 jne 1f
10210- movl $per_cpu__gdt_page,%eax
10211+ movl $cpu_gdt_table,%eax
10212 movl $per_cpu__stack_canary,%ecx
10213+#ifdef CONFIG_SMP
10214+ addl $__per_cpu_load,%ecx
10215+#endif
10216 movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
10217 shrl $16, %ecx
10218 movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax)
10219@@ -457,10 +529,6 @@ is386: movl $2,%ecx # set MP
10220 #ifdef CONFIG_SMP
10221 movb ready, %cl
10222 movb $1, ready
10223- cmpb $0,%cl # the first CPU calls start_kernel
10224- je 1f
10225- movl (stack_start), %esp
10226-1:
10227 #endif /* CONFIG_SMP */
10228 jmp *(initial_code)
10229
10230@@ -546,22 +614,22 @@ early_page_fault:
10231 jmp early_fault
10232
10233 early_fault:
10234- cld
10235 #ifdef CONFIG_PRINTK
10236+ cmpl $1,%ss:early_recursion_flag
10237+ je hlt_loop
10238+ incl %ss:early_recursion_flag
10239+ cld
10240 pusha
10241 movl $(__KERNEL_DS),%eax
10242 movl %eax,%ds
10243 movl %eax,%es
10244- cmpl $2,early_recursion_flag
10245- je hlt_loop
10246- incl early_recursion_flag
10247 movl %cr2,%eax
10248 pushl %eax
10249 pushl %edx /* trapno */
10250 pushl $fault_msg
10251 call printk
10252+; call dump_stack
10253 #endif
10254- call dump_stack
10255 hlt_loop:
10256 hlt
10257 jmp hlt_loop
10258@@ -569,8 +637,11 @@ hlt_loop:
10259 /* This is the default interrupt "handler" :-) */
10260 ALIGN
10261 ignore_int:
10262- cld
10263 #ifdef CONFIG_PRINTK
10264+ cmpl $2,%ss:early_recursion_flag
10265+ je hlt_loop
10266+ incl %ss:early_recursion_flag
10267+ cld
10268 pushl %eax
10269 pushl %ecx
10270 pushl %edx
10271@@ -579,9 +650,6 @@ ignore_int:
10272 movl $(__KERNEL_DS),%eax
10273 movl %eax,%ds
10274 movl %eax,%es
10275- cmpl $2,early_recursion_flag
10276- je hlt_loop
10277- incl early_recursion_flag
10278 pushl 16(%esp)
10279 pushl 24(%esp)
10280 pushl 32(%esp)
10281@@ -608,27 +676,37 @@ ENTRY(initial_code)
10282 /*
10283 * BSS section
10284 */
10285-__PAGE_ALIGNED_BSS
10286- .align PAGE_SIZE_asm
10287 #ifdef CONFIG_X86_PAE
10288+.section .swapper_pg_pmd,"a",@progbits
10289 swapper_pg_pmd:
10290 .fill 1024*KPMDS,4,0
10291 #else
10292+.section .swapper_pg_dir,"a",@progbits
10293 ENTRY(swapper_pg_dir)
10294 .fill 1024,4,0
10295 #endif
10296+
10297 swapper_pg_fixmap:
10298 .fill 1024,4,0
10299+
10300+.section .empty_zero_page,"a",@progbits
10301 ENTRY(empty_zero_page)
10302 .fill 4096,1,0
10303
10304 /*
10305+ * The IDT has to be page-aligned to simplify the Pentium
10306+ * F0 0F bug workaround.. We have a special link segment
10307+ * for this.
10308+ */
10309+.section .idt,"a",@progbits
10310+ENTRY(idt_table)
10311+ .fill 256,8,0
10312+
10313+/*
10314 * This starts the data section.
10315 */
10316 #ifdef CONFIG_X86_PAE
10317-__PAGE_ALIGNED_DATA
10318- /* Page-aligned for the benefit of paravirt? */
10319- .align PAGE_SIZE_asm
10320+.section .swapper_pg_dir,"a",@progbits
10321 ENTRY(swapper_pg_dir)
10322 .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
10323 # if KPMDS == 3
10324@@ -651,11 +729,12 @@ ENTRY(swapper_pg_dir)
10325
10326 .data
10327 ENTRY(stack_start)
10328- .long init_thread_union+THREAD_SIZE
10329+ .long init_thread_union+THREAD_SIZE-8
10330 .long __BOOT_DS
10331
10332 ready: .byte 0
10333
10334+.section .rodata,"a",@progbits
10335 early_recursion_flag:
10336 .long 0
10337
10338@@ -691,7 +770,7 @@ fault_msg:
10339 .word 0 # 32 bit align gdt_desc.address
10340 boot_gdt_descr:
10341 .word __BOOT_DS+7
10342- .long boot_gdt - __PAGE_OFFSET
10343+ .long pa(boot_gdt)
10344
10345 .word 0 # 32-bit align idt_desc.address
10346 idt_descr:
10347@@ -702,7 +781,7 @@ idt_descr:
10348 .word 0 # 32 bit align gdt_desc.address
10349 ENTRY(early_gdt_descr)
10350 .word GDT_ENTRIES*8-1
10351- .long per_cpu__gdt_page /* Overwritten for secondary CPUs */
10352+ .long cpu_gdt_table /* Overwritten for secondary CPUs */
10353
10354 /*
10355 * The boot_gdt must mirror the equivalent in setup.S and is
10356@@ -711,5 +790,59 @@ ENTRY(early_gdt_descr)
10357 .align L1_CACHE_BYTES
10358 ENTRY(boot_gdt)
10359 .fill GDT_ENTRY_BOOT_CS,8,0
10360- .quad 0x00cf9a000000ffff /* kernel 4GB code at 0x00000000 */
10361- .quad 0x00cf92000000ffff /* kernel 4GB data at 0x00000000 */
10362+ .quad 0x00cf9b000000ffff /* kernel 4GB code at 0x00000000 */
10363+ .quad 0x00cf93000000ffff /* kernel 4GB data at 0x00000000 */
10364+
10365+ .align PAGE_SIZE_asm
10366+ENTRY(cpu_gdt_table)
10367+ .rept NR_CPUS
10368+ .quad 0x0000000000000000 /* NULL descriptor */
10369+ .quad 0x0000000000000000 /* 0x0b reserved */
10370+ .quad 0x0000000000000000 /* 0x13 reserved */
10371+ .quad 0x0000000000000000 /* 0x1b reserved */
10372+ .quad 0x0000000000000000 /* 0x20 unused */
10373+ .quad 0x0000000000000000 /* 0x28 unused */
10374+ .quad 0x0000000000000000 /* 0x33 TLS entry 1 */
10375+ .quad 0x0000000000000000 /* 0x3b TLS entry 2 */
10376+ .quad 0x0000000000000000 /* 0x43 TLS entry 3 */
10377+ .quad 0x0000000000000000 /* 0x4b reserved */
10378+ .quad 0x0000000000000000 /* 0x53 reserved */
10379+ .quad 0x0000000000000000 /* 0x5b reserved */
10380+
10381+ .quad 0x00cf9b000000ffff /* 0x60 kernel 4GB code at 0x00000000 */
10382+ .quad 0x00cf93000000ffff /* 0x68 kernel 4GB data at 0x00000000 */
10383+ .quad 0x00cffb000000ffff /* 0x73 user 4GB code at 0x00000000 */
10384+ .quad 0x00cff3000000ffff /* 0x7b user 4GB data at 0x00000000 */
10385+
10386+ .quad 0x0000000000000000 /* 0x80 TSS descriptor */
10387+ .quad 0x0000000000000000 /* 0x88 LDT descriptor */
10388+
10389+ /*
10390+ * Segments used for calling PnP BIOS have byte granularity.
10391+ * The code segments and data segments have fixed 64k limits,
10392+ * the transfer segment sizes are set at run time.
10393+ */
10394+ .quad 0x00409b000000ffff /* 0x90 32-bit code */
10395+ .quad 0x00009b000000ffff /* 0x98 16-bit code */
10396+ .quad 0x000093000000ffff /* 0xa0 16-bit data */
10397+ .quad 0x0000930000000000 /* 0xa8 16-bit data */
10398+ .quad 0x0000930000000000 /* 0xb0 16-bit data */
10399+
10400+ /*
10401+ * The APM segments have byte granularity and their bases
10402+ * are set at run time. All have 64k limits.
10403+ */
10404+ .quad 0x00409b000000ffff /* 0xb8 APM CS code */
10405+ .quad 0x00009b000000ffff /* 0xc0 APM CS 16 code (16 bit) */
10406+ .quad 0x004093000000ffff /* 0xc8 APM DS data */
10407+
10408+ .quad 0x00c0930000000000 /* 0xd0 - ESPFIX SS */
10409+ .quad 0x0040930000000000 /* 0xd8 - PERCPU */
10410+ .quad 0x0040930000000018 /* 0xe0 - STACK_CANARY */
10411+ .quad 0x0000000000000000 /* 0xe8 - PCIBIOS_CS */
10412+ .quad 0x0000000000000000 /* 0xf0 - PCIBIOS_DS */
10413+ .quad 0x0000000000000000 /* 0xf8 - GDT entry 31: double-fault TSS */
10414+
10415+ /* Be sure this is zeroed to avoid false validations in Xen */
10416+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
10417+ .endr
10418diff -urNp linux-2.6.32.8/arch/x86/kernel/head_64.S linux-2.6.32.8/arch/x86/kernel/head_64.S
10419--- linux-2.6.32.8/arch/x86/kernel/head_64.S 2010-02-09 07:57:19.000000000 -0500
10420+++ linux-2.6.32.8/arch/x86/kernel/head_64.S 2010-02-13 21:45:09.938915283 -0500
10421@@ -38,6 +38,10 @@ L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET
10422 L3_PAGE_OFFSET = pud_index(__PAGE_OFFSET)
10423 L4_START_KERNEL = pgd_index(__START_KERNEL_map)
10424 L3_START_KERNEL = pud_index(__START_KERNEL_map)
10425+L4_VMALLOC_START = pgd_index(VMALLOC_START)
10426+L3_VMALLOC_START = pud_index(VMALLOC_START)
10427+L4_VMEMMAP_START = pgd_index(VMEMMAP_START)
10428+L3_VMEMMAP_START = pud_index(VMEMMAP_START)
10429
10430 .text
10431 __HEAD
10432@@ -85,35 +89,22 @@ startup_64:
10433 */
10434 addq %rbp, init_level4_pgt + 0(%rip)
10435 addq %rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip)
10436+ addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip)
10437+ addq %rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip)
10438 addq %rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip)
10439
10440 addq %rbp, level3_ident_pgt + 0(%rip)
10441+#ifndef CONFIG_XEN
10442+ addq %rbp, level3_ident_pgt + 8(%rip)
10443+#endif
10444
10445- addq %rbp, level3_kernel_pgt + (510*8)(%rip)
10446- addq %rbp, level3_kernel_pgt + (511*8)(%rip)
10447+ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip)
10448
10449- addq %rbp, level2_fixmap_pgt + (506*8)(%rip)
10450+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip)
10451+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip)
10452
10453- /* Add an Identity mapping if I am above 1G */
10454- leaq _text(%rip), %rdi
10455- andq $PMD_PAGE_MASK, %rdi
10456-
10457- movq %rdi, %rax
10458- shrq $PUD_SHIFT, %rax
10459- andq $(PTRS_PER_PUD - 1), %rax
10460- jz ident_complete
10461-
10462- leaq (level2_spare_pgt - __START_KERNEL_map + _KERNPG_TABLE)(%rbp), %rdx
10463- leaq level3_ident_pgt(%rip), %rbx
10464- movq %rdx, 0(%rbx, %rax, 8)
10465-
10466- movq %rdi, %rax
10467- shrq $PMD_SHIFT, %rax
10468- andq $(PTRS_PER_PMD - 1), %rax
10469- leaq __PAGE_KERNEL_IDENT_LARGE_EXEC(%rdi), %rdx
10470- leaq level2_spare_pgt(%rip), %rbx
10471- movq %rdx, 0(%rbx, %rax, 8)
10472-ident_complete:
10473+ addq %rbp, level2_fixmap_pgt + (506*8)(%rip)
10474+ addq %rbp, level2_fixmap_pgt + (507*8)(%rip)
10475
10476 /*
10477 * Fixup the kernel text+data virtual addresses. Note that
10478@@ -187,6 +178,10 @@ ENTRY(secondary_startup_64)
10479 btl $20,%edi /* No Execute supported? */
10480 jnc 1f
10481 btsl $_EFER_NX, %eax
10482+ leaq init_level4_pgt(%rip), %rdi
10483+ btsq $_PAGE_BIT_NX, 8*L4_PAGE_OFFSET(%rdi)
10484+ btsq $_PAGE_BIT_NX, 8*L4_VMALLOC_START(%rdi)
10485+ btsq $_PAGE_BIT_NX, 8*L4_VMEMMAP_START(%rdi)
10486 1: wrmsr /* Make changes effective */
10487
10488 /* Setup cr0 */
10489@@ -262,16 +257,16 @@ ENTRY(secondary_startup_64)
10490 .quad x86_64_start_kernel
10491 ENTRY(initial_gs)
10492 .quad INIT_PER_CPU_VAR(irq_stack_union)
10493- __FINITDATA
10494
10495 ENTRY(stack_start)
10496 .quad init_thread_union+THREAD_SIZE-8
10497 .word 0
10498+ __FINITDATA
10499
10500 bad_address:
10501 jmp bad_address
10502
10503- .section ".init.text","ax"
10504+ __INIT
10505 #ifdef CONFIG_EARLY_PRINTK
10506 .globl early_idt_handlers
10507 early_idt_handlers:
10508@@ -316,18 +311,23 @@ ENTRY(early_idt_handler)
10509 #endif /* EARLY_PRINTK */
10510 1: hlt
10511 jmp 1b
10512+ .previous
10513
10514 #ifdef CONFIG_EARLY_PRINTK
10515+ __INITDATA
10516 early_recursion_flag:
10517 .long 0
10518+ .previous
10519
10520+ .section .rodata,"a",@progbits
10521 early_idt_msg:
10522 .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
10523 early_idt_ripmsg:
10524 .asciz "RIP %s\n"
10525-#endif /* CONFIG_EARLY_PRINTK */
10526 .previous
10527+#endif /* CONFIG_EARLY_PRINTK */
10528
10529+ .section .rodata,"a",@progbits
10530 #define NEXT_PAGE(name) \
10531 .balign PAGE_SIZE; \
10532 ENTRY(name)
10533@@ -350,13 +350,35 @@ NEXT_PAGE(init_level4_pgt)
10534 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
10535 .org init_level4_pgt + L4_PAGE_OFFSET*8, 0
10536 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
10537+ .org init_level4_pgt + L4_VMALLOC_START*8, 0
10538+ .quad level3_vmalloc_pgt - __START_KERNEL_map + _KERNPG_TABLE
10539+ .org init_level4_pgt + L4_VMEMMAP_START*8, 0
10540+ .quad level3_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
10541 .org init_level4_pgt + L4_START_KERNEL*8, 0
10542 /* (2^48-(2*1024*1024*1024))/(2^39) = 511 */
10543 .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE
10544
10545+#ifdef CONFIG_PAX_MEMORY_UDEREF
10546+ .rept NR_CPUS - 1
10547+ .fill 512,8,0
10548+ .endr
10549+#endif
10550+
10551 NEXT_PAGE(level3_ident_pgt)
10552 .quad level2_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
10553+#ifdef CONFIG_XEN
10554 .fill 511,8,0
10555+#else
10556+ .quad level2_ident_pgt + PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE
10557+ .fill 510,8,0
10558+#endif
10559+
10560+NEXT_PAGE(level3_vmalloc_pgt)
10561+ .fill 512,8,0
10562+
10563+NEXT_PAGE(level3_vmemmap_pgt)
10564+ .fill L3_VMEMMAP_START,8,0
10565+ .quad level2_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
10566
10567 NEXT_PAGE(level3_kernel_pgt)
10568 .fill L3_START_KERNEL,8,0
10569@@ -364,20 +386,23 @@ NEXT_PAGE(level3_kernel_pgt)
10570 .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
10571 .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
10572
10573+NEXT_PAGE(level2_vmemmap_pgt)
10574+ .fill 512,8,0
10575+
10576 NEXT_PAGE(level2_fixmap_pgt)
10577- .fill 506,8,0
10578- .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
10579- /* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */
10580- .fill 5,8,0
10581+ .fill 507,8,0
10582+ .quad level1_vsyscall_pgt - __START_KERNEL_map + _PAGE_TABLE
10583+ /* 6MB reserved for vsyscalls + a 2MB hole = 3 + 1 entries */
10584+ .fill 4,8,0
10585
10586-NEXT_PAGE(level1_fixmap_pgt)
10587+NEXT_PAGE(level1_vsyscall_pgt)
10588 .fill 512,8,0
10589
10590-NEXT_PAGE(level2_ident_pgt)
10591- /* Since I easily can, map the first 1G.
10592+ /* Since I easily can, map the first 2G.
10593 * Don't set NX because code runs from these pages.
10594 */
10595- PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, PTRS_PER_PMD)
10596+NEXT_PAGE(level2_ident_pgt)
10597+ PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, 2*PTRS_PER_PMD)
10598
10599 NEXT_PAGE(level2_kernel_pgt)
10600 /*
10601@@ -390,33 +415,49 @@ NEXT_PAGE(level2_kernel_pgt)
10602 * If you want to increase this then increase MODULES_VADDR
10603 * too.)
10604 */
10605- PMDS(0, __PAGE_KERNEL_LARGE_EXEC,
10606- KERNEL_IMAGE_SIZE/PMD_SIZE)
10607-
10608-NEXT_PAGE(level2_spare_pgt)
10609- .fill 512, 8, 0
10610+ PMDS(0, __PAGE_KERNEL_LARGE_EXEC, KERNEL_IMAGE_SIZE/PMD_SIZE)
10611
10612 #undef PMDS
10613 #undef NEXT_PAGE
10614
10615- .data
10616+ .align PAGE_SIZE
10617+ENTRY(cpu_gdt_table)
10618+ .rept NR_CPUS
10619+ .quad 0x0000000000000000 /* NULL descriptor */
10620+ .quad 0x00cf9b000000ffff /* __KERNEL32_CS */
10621+ .quad 0x00af9b000000ffff /* __KERNEL_CS */
10622+ .quad 0x00cf93000000ffff /* __KERNEL_DS */
10623+ .quad 0x00cffb000000ffff /* __USER32_CS */
10624+ .quad 0x00cff3000000ffff /* __USER_DS, __USER32_DS */
10625+ .quad 0x00affb000000ffff /* __USER_CS */
10626+ .quad 0x0 /* unused */
10627+ .quad 0,0 /* TSS */
10628+ .quad 0,0 /* LDT */
10629+ .quad 0,0,0 /* three TLS descriptors */
10630+ .quad 0x0000f40000000000 /* node/CPU stored in limit */
10631+ /* asm/segment.h:GDT_ENTRIES must match this */
10632+
10633+ /* zero the remaining page */
10634+ .fill PAGE_SIZE / 8 - GDT_ENTRIES,8,0
10635+ .endr
10636+
10637 .align 16
10638 .globl early_gdt_descr
10639 early_gdt_descr:
10640 .word GDT_ENTRIES*8-1
10641 early_gdt_descr_base:
10642- .quad INIT_PER_CPU_VAR(gdt_page)
10643+ .quad cpu_gdt_table
10644
10645 ENTRY(phys_base)
10646 /* This must match the first entry in level2_kernel_pgt */
10647 .quad 0x0000000000000000
10648
10649 #include "../../x86/xen/xen-head.S"
10650-
10651- .section .bss, "aw", @nobits
10652+
10653+ .section .rodata,"a",@progbits
10654 .align L1_CACHE_BYTES
10655 ENTRY(idt_table)
10656- .skip IDT_ENTRIES * 16
10657+ .fill 512,8,0
10658
10659 __PAGE_ALIGNED_BSS
10660 .align PAGE_SIZE
10661diff -urNp linux-2.6.32.8/arch/x86/kernel/i386_ksyms_32.c linux-2.6.32.8/arch/x86/kernel/i386_ksyms_32.c
10662--- linux-2.6.32.8/arch/x86/kernel/i386_ksyms_32.c 2010-02-09 07:57:19.000000000 -0500
10663+++ linux-2.6.32.8/arch/x86/kernel/i386_ksyms_32.c 2010-02-13 21:45:09.938915283 -0500
10664@@ -20,8 +20,12 @@ extern void cmpxchg8b_emu(void);
10665 EXPORT_SYMBOL(cmpxchg8b_emu);
10666 #endif
10667
10668+EXPORT_SYMBOL_GPL(cpu_gdt_table);
10669+
10670 /* Networking helper routines. */
10671 EXPORT_SYMBOL(csum_partial_copy_generic);
10672+EXPORT_SYMBOL(csum_partial_copy_generic_to_user);
10673+EXPORT_SYMBOL(csum_partial_copy_generic_from_user);
10674
10675 EXPORT_SYMBOL(__get_user_1);
10676 EXPORT_SYMBOL(__get_user_2);
10677@@ -36,3 +40,7 @@ EXPORT_SYMBOL(strstr);
10678
10679 EXPORT_SYMBOL(csum_partial);
10680 EXPORT_SYMBOL(empty_zero_page);
10681+
10682+#ifdef CONFIG_PAX_KERNEXEC
10683+EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
10684+#endif
10685diff -urNp linux-2.6.32.8/arch/x86/kernel/init_task.c linux-2.6.32.8/arch/x86/kernel/init_task.c
10686--- linux-2.6.32.8/arch/x86/kernel/init_task.c 2010-02-09 07:57:19.000000000 -0500
10687+++ linux-2.6.32.8/arch/x86/kernel/init_task.c 2010-02-13 21:45:09.938915283 -0500
10688@@ -38,5 +38,5 @@ EXPORT_SYMBOL(init_task);
10689 * section. Since TSS's are completely CPU-local, we want them
10690 * on exact cacheline boundaries, to eliminate cacheline ping-pong.
10691 */
10692-DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, init_tss) = INIT_TSS;
10693-
10694+struct tss_struct init_tss[NR_CPUS] ____cacheline_internodealigned_in_smp = { [0 ... NR_CPUS-1] = INIT_TSS };
10695+EXPORT_SYMBOL(init_tss);
10696diff -urNp linux-2.6.32.8/arch/x86/kernel/ioport.c linux-2.6.32.8/arch/x86/kernel/ioport.c
10697--- linux-2.6.32.8/arch/x86/kernel/ioport.c 2010-02-09 07:57:19.000000000 -0500
10698+++ linux-2.6.32.8/arch/x86/kernel/ioport.c 2010-02-13 21:45:09.938915283 -0500
10699@@ -6,6 +6,7 @@
10700 #include <linux/sched.h>
10701 #include <linux/kernel.h>
10702 #include <linux/capability.h>
10703+#include <linux/security.h>
10704 #include <linux/errno.h>
10705 #include <linux/types.h>
10706 #include <linux/ioport.h>
10707@@ -41,6 +42,12 @@ asmlinkage long sys_ioperm(unsigned long
10708
10709 if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
10710 return -EINVAL;
10711+#ifdef CONFIG_GRKERNSEC_IO
10712+ if (turn_on) {
10713+ gr_handle_ioperm();
10714+ return -EPERM;
10715+ }
10716+#endif
10717 if (turn_on && !capable(CAP_SYS_RAWIO))
10718 return -EPERM;
10719
10720@@ -67,7 +74,7 @@ asmlinkage long sys_ioperm(unsigned long
10721 * because the ->io_bitmap_max value must match the bitmap
10722 * contents:
10723 */
10724- tss = &per_cpu(init_tss, get_cpu());
10725+ tss = init_tss + get_cpu();
10726
10727 set_bitmap(t->io_bitmap_ptr, from, num, !turn_on);
10728
10729@@ -111,8 +118,13 @@ static int do_iopl(unsigned int level, s
10730 return -EINVAL;
10731 /* Trying to gain more privileges? */
10732 if (level > old) {
10733+#ifdef CONFIG_GRKERNSEC_IO
10734+ gr_handle_iopl();
10735+ return -EPERM;
10736+#else
10737 if (!capable(CAP_SYS_RAWIO))
10738 return -EPERM;
10739+#endif
10740 }
10741 regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
10742
10743diff -urNp linux-2.6.32.8/arch/x86/kernel/irq_32.c linux-2.6.32.8/arch/x86/kernel/irq_32.c
10744--- linux-2.6.32.8/arch/x86/kernel/irq_32.c 2010-02-09 07:57:19.000000000 -0500
10745+++ linux-2.6.32.8/arch/x86/kernel/irq_32.c 2010-02-13 21:45:09.938915283 -0500
10746@@ -94,7 +94,7 @@ execute_on_irq_stack(int overflow, struc
10747 return 0;
10748
10749 /* build the stack frame on the IRQ stack */
10750- isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
10751+ isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
10752 irqctx->tinfo.task = curctx->tinfo.task;
10753 irqctx->tinfo.previous_esp = current_stack_pointer;
10754
10755@@ -175,7 +175,7 @@ asmlinkage void do_softirq(void)
10756 irqctx->tinfo.previous_esp = current_stack_pointer;
10757
10758 /* build the stack frame on the softirq stack */
10759- isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
10760+ isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
10761
10762 call_on_stack(__do_softirq, isp);
10763 /*
10764diff -urNp linux-2.6.32.8/arch/x86/kernel/kgdb.c linux-2.6.32.8/arch/x86/kernel/kgdb.c
10765--- linux-2.6.32.8/arch/x86/kernel/kgdb.c 2010-02-09 07:57:19.000000000 -0500
10766+++ linux-2.6.32.8/arch/x86/kernel/kgdb.c 2010-02-13 21:45:09.938915283 -0500
10767@@ -573,7 +573,7 @@ unsigned long kgdb_arch_pc(int exception
10768 return instruction_pointer(regs);
10769 }
10770
10771-struct kgdb_arch arch_kgdb_ops = {
10772+const struct kgdb_arch arch_kgdb_ops = {
10773 /* Breakpoint instruction: */
10774 .gdb_bpt_instr = { 0xcc },
10775 .flags = KGDB_HW_BREAKPOINT,
10776diff -urNp linux-2.6.32.8/arch/x86/kernel/kprobes.c linux-2.6.32.8/arch/x86/kernel/kprobes.c
10777--- linux-2.6.32.8/arch/x86/kernel/kprobes.c 2010-02-09 07:57:19.000000000 -0500
10778+++ linux-2.6.32.8/arch/x86/kernel/kprobes.c 2010-02-13 21:45:09.939914630 -0500
10779@@ -166,9 +166,13 @@ static void __kprobes set_jmp_op(void *f
10780 char op;
10781 s32 raddr;
10782 } __attribute__((packed)) * jop;
10783- jop = (struct __arch_jmp_op *)from;
10784+
10785+ jop = (struct __arch_jmp_op *)(ktla_ktva(from));
10786+
10787+ pax_open_kernel();
10788 jop->raddr = (s32)((long)(to) - ((long)(from) + 5));
10789 jop->op = RELATIVEJUMP_INSTRUCTION;
10790+ pax_close_kernel();
10791 }
10792
10793 /*
10794@@ -345,16 +349,18 @@ static void __kprobes fix_riprel(struct
10795
10796 static void __kprobes arch_copy_kprobe(struct kprobe *p)
10797 {
10798- memcpy(p->ainsn.insn, p->addr, MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
10799+ pax_open_kernel();
10800+ memcpy(p->ainsn.insn, ktla_ktva(p->addr), MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
10801+ pax_close_kernel();
10802
10803 fix_riprel(p);
10804
10805- if (can_boost(p->addr))
10806+ if (can_boost(ktla_ktva(p->addr)))
10807 p->ainsn.boostable = 0;
10808 else
10809 p->ainsn.boostable = -1;
10810
10811- p->opcode = *p->addr;
10812+ p->opcode = *(ktla_ktva(p->addr));
10813 }
10814
10815 int __kprobes arch_prepare_kprobe(struct kprobe *p)
10816@@ -432,7 +438,7 @@ static void __kprobes prepare_singlestep
10817 if (p->opcode == BREAKPOINT_INSTRUCTION)
10818 regs->ip = (unsigned long)p->addr;
10819 else
10820- regs->ip = (unsigned long)p->ainsn.insn;
10821+ regs->ip = ktva_ktla((unsigned long)p->ainsn.insn);
10822 }
10823
10824 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
10825@@ -453,7 +459,7 @@ static void __kprobes setup_singlestep(s
10826 if (p->ainsn.boostable == 1 && !p->post_handler) {
10827 /* Boost up -- we can execute copied instructions directly */
10828 reset_current_kprobe();
10829- regs->ip = (unsigned long)p->ainsn.insn;
10830+ regs->ip = ktva_ktla((unsigned long)p->ainsn.insn);
10831 preempt_enable_no_resched();
10832 return;
10833 }
10834@@ -523,7 +529,7 @@ static int __kprobes kprobe_handler(stru
10835 struct kprobe_ctlblk *kcb;
10836
10837 addr = (kprobe_opcode_t *)(regs->ip - sizeof(kprobe_opcode_t));
10838- if (*addr != BREAKPOINT_INSTRUCTION) {
10839+ if (*(kprobe_opcode_t *)ktla_ktva((unsigned long)addr) != BREAKPOINT_INSTRUCTION) {
10840 /*
10841 * The breakpoint instruction was removed right
10842 * after we hit it. Another cpu has removed
10843@@ -775,7 +781,7 @@ static void __kprobes resume_execution(s
10844 struct pt_regs *regs, struct kprobe_ctlblk *kcb)
10845 {
10846 unsigned long *tos = stack_addr(regs);
10847- unsigned long copy_ip = (unsigned long)p->ainsn.insn;
10848+ unsigned long copy_ip = ktva_ktla((unsigned long)p->ainsn.insn);
10849 unsigned long orig_ip = (unsigned long)p->addr;
10850 kprobe_opcode_t *insn = p->ainsn.insn;
10851
10852@@ -958,7 +964,7 @@ int __kprobes kprobe_exceptions_notify(s
10853 struct die_args *args = data;
10854 int ret = NOTIFY_DONE;
10855
10856- if (args->regs && user_mode_vm(args->regs))
10857+ if (args->regs && user_mode(args->regs))
10858 return ret;
10859
10860 switch (val) {
10861diff -urNp linux-2.6.32.8/arch/x86/kernel/ldt.c linux-2.6.32.8/arch/x86/kernel/ldt.c
10862--- linux-2.6.32.8/arch/x86/kernel/ldt.c 2010-02-09 07:57:19.000000000 -0500
10863+++ linux-2.6.32.8/arch/x86/kernel/ldt.c 2010-02-13 21:45:09.939914630 -0500
10864@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, i
10865 if (reload) {
10866 #ifdef CONFIG_SMP
10867 preempt_disable();
10868- load_LDT(pc);
10869+ load_LDT_nolock(pc);
10870 if (!cpumask_equal(mm_cpumask(current->mm),
10871 cpumask_of(smp_processor_id())))
10872 smp_call_function(flush_ldt, current->mm, 1);
10873 preempt_enable();
10874 #else
10875- load_LDT(pc);
10876+ load_LDT_nolock(pc);
10877 #endif
10878 }
10879 if (oldsize) {
10880@@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t
10881 return err;
10882
10883 for (i = 0; i < old->size; i++)
10884- write_ldt_entry(new->ldt, i, old->ldt + i * LDT_ENTRY_SIZE);
10885+ write_ldt_entry(new->ldt, i, old->ldt + i);
10886 return 0;
10887 }
10888
10889@@ -115,6 +115,24 @@ int init_new_context(struct task_struct
10890 retval = copy_ldt(&mm->context, &old_mm->context);
10891 mutex_unlock(&old_mm->context.lock);
10892 }
10893+
10894+ if (tsk == current) {
10895+ mm->context.vdso = ~0UL;
10896+
10897+#ifdef CONFIG_X86_32
10898+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
10899+ mm->context.user_cs_base = 0UL;
10900+ mm->context.user_cs_limit = ~0UL;
10901+
10902+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
10903+ cpus_clear(mm->context.cpu_user_cs_mask);
10904+#endif
10905+
10906+#endif
10907+#endif
10908+
10909+ }
10910+
10911 return retval;
10912 }
10913
10914@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, u
10915 }
10916 }
10917
10918+#ifdef CONFIG_PAX_SEGMEXEC
10919+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (ldt_info.contents & MODIFY_LDT_CONTENTS_CODE)) {
10920+ error = -EINVAL;
10921+ goto out_unlock;
10922+ }
10923+#endif
10924+
10925 fill_ldt(&ldt, &ldt_info);
10926 if (oldmode)
10927 ldt.avl = 0;
10928diff -urNp linux-2.6.32.8/arch/x86/kernel/machine_kexec_32.c linux-2.6.32.8/arch/x86/kernel/machine_kexec_32.c
10929--- linux-2.6.32.8/arch/x86/kernel/machine_kexec_32.c 2010-02-09 07:57:19.000000000 -0500
10930+++ linux-2.6.32.8/arch/x86/kernel/machine_kexec_32.c 2010-02-13 21:45:09.939914630 -0500
10931@@ -26,7 +26,7 @@
10932 #include <asm/system.h>
10933 #include <asm/cacheflush.h>
10934
10935-static void set_idt(void *newidt, __u16 limit)
10936+static void set_idt(struct desc_struct *newidt, __u16 limit)
10937 {
10938 struct desc_ptr curidt;
10939
10940@@ -38,7 +38,7 @@ static void set_idt(void *newidt, __u16
10941 }
10942
10943
10944-static void set_gdt(void *newgdt, __u16 limit)
10945+static void set_gdt(struct desc_struct *newgdt, __u16 limit)
10946 {
10947 struct desc_ptr curgdt;
10948
10949@@ -217,7 +217,7 @@ void machine_kexec(struct kimage *image)
10950 }
10951
10952 control_page = page_address(image->control_code_page);
10953- memcpy(control_page, relocate_kernel, KEXEC_CONTROL_CODE_MAX_SIZE);
10954+ memcpy(control_page, (void *)ktla_ktva((unsigned long)relocate_kernel), KEXEC_CONTROL_CODE_MAX_SIZE);
10955
10956 relocate_kernel_ptr = control_page;
10957 page_list[PA_CONTROL_PAGE] = __pa(control_page);
10958diff -urNp linux-2.6.32.8/arch/x86/kernel/microcode_amd.c linux-2.6.32.8/arch/x86/kernel/microcode_amd.c
10959--- linux-2.6.32.8/arch/x86/kernel/microcode_amd.c 2010-02-09 07:57:19.000000000 -0500
10960+++ linux-2.6.32.8/arch/x86/kernel/microcode_amd.c 2010-02-13 21:45:09.939914630 -0500
10961@@ -346,7 +346,7 @@ static void microcode_fini_cpu_amd(int c
10962 uci->mc = NULL;
10963 }
10964
10965-static struct microcode_ops microcode_amd_ops = {
10966+static const struct microcode_ops microcode_amd_ops = {
10967 .request_microcode_user = request_microcode_user,
10968 .request_microcode_fw = request_microcode_fw,
10969 .collect_cpu_info = collect_cpu_info_amd,
10970@@ -354,7 +354,7 @@ static struct microcode_ops microcode_am
10971 .microcode_fini_cpu = microcode_fini_cpu_amd,
10972 };
10973
10974-struct microcode_ops * __init init_amd_microcode(void)
10975+const struct microcode_ops * __init init_amd_microcode(void)
10976 {
10977 return &microcode_amd_ops;
10978 }
10979diff -urNp linux-2.6.32.8/arch/x86/kernel/microcode_core.c linux-2.6.32.8/arch/x86/kernel/microcode_core.c
10980--- linux-2.6.32.8/arch/x86/kernel/microcode_core.c 2010-02-09 07:57:19.000000000 -0500
10981+++ linux-2.6.32.8/arch/x86/kernel/microcode_core.c 2010-02-13 21:45:09.939914630 -0500
10982@@ -90,7 +90,7 @@ MODULE_LICENSE("GPL");
10983
10984 #define MICROCODE_VERSION "2.00"
10985
10986-static struct microcode_ops *microcode_ops;
10987+static const struct microcode_ops *microcode_ops;
10988
10989 /*
10990 * Synchronization.
10991diff -urNp linux-2.6.32.8/arch/x86/kernel/microcode_intel.c linux-2.6.32.8/arch/x86/kernel/microcode_intel.c
10992--- linux-2.6.32.8/arch/x86/kernel/microcode_intel.c 2010-02-09 07:57:19.000000000 -0500
10993+++ linux-2.6.32.8/arch/x86/kernel/microcode_intel.c 2010-02-13 21:45:09.940916339 -0500
10994@@ -443,13 +443,13 @@ static enum ucode_state request_microcod
10995
10996 static int get_ucode_user(void *to, const void *from, size_t n)
10997 {
10998- return copy_from_user(to, from, n);
10999+ return copy_from_user(to, (__force const void __user *)from, n);
11000 }
11001
11002 static enum ucode_state
11003 request_microcode_user(int cpu, const void __user *buf, size_t size)
11004 {
11005- return generic_load_microcode(cpu, (void *)buf, size, &get_ucode_user);
11006+ return generic_load_microcode(cpu, (__force void *)buf, size, &get_ucode_user);
11007 }
11008
11009 static void microcode_fini_cpu(int cpu)
11010@@ -460,7 +460,7 @@ static void microcode_fini_cpu(int cpu)
11011 uci->mc = NULL;
11012 }
11013
11014-static struct microcode_ops microcode_intel_ops = {
11015+static const struct microcode_ops microcode_intel_ops = {
11016 .request_microcode_user = request_microcode_user,
11017 .request_microcode_fw = request_microcode_fw,
11018 .collect_cpu_info = collect_cpu_info,
11019@@ -468,7 +468,7 @@ static struct microcode_ops microcode_in
11020 .microcode_fini_cpu = microcode_fini_cpu,
11021 };
11022
11023-struct microcode_ops * __init init_intel_microcode(void)
11024+const struct microcode_ops * __init init_intel_microcode(void)
11025 {
11026 return &microcode_intel_ops;
11027 }
11028diff -urNp linux-2.6.32.8/arch/x86/kernel/module.c linux-2.6.32.8/arch/x86/kernel/module.c
11029--- linux-2.6.32.8/arch/x86/kernel/module.c 2010-02-09 07:57:19.000000000 -0500
11030+++ linux-2.6.32.8/arch/x86/kernel/module.c 2010-02-13 21:45:09.940916339 -0500
11031@@ -34,7 +34,7 @@
11032 #define DEBUGP(fmt...)
11033 #endif
11034
11035-void *module_alloc(unsigned long size)
11036+static void *__module_alloc(unsigned long size, pgprot_t prot)
11037 {
11038 struct vm_struct *area;
11039
11040@@ -48,9 +48,90 @@ void *module_alloc(unsigned long size)
11041 if (!area)
11042 return NULL;
11043
11044- return __vmalloc_area(area, GFP_KERNEL | __GFP_HIGHMEM,
11045- PAGE_KERNEL_EXEC);
11046+ return __vmalloc_area(area, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, prot);
11047+}
11048+
11049+#ifdef CONFIG_PAX_KERNEXEC
11050+#ifdef CONFIG_X86_32
11051+void *module_alloc(unsigned long size)
11052+{
11053+ return __module_alloc(size, PAGE_KERNEL);
11054+}
11055+
11056+void *module_alloc_exec(unsigned long size)
11057+{
11058+ struct vm_struct *area;
11059+
11060+ if (size == 0)
11061+ return NULL;
11062+
11063+ area = __get_vm_area(size, VM_ALLOC, (unsigned long)&MODULES_EXEC_VADDR, (unsigned long)&MODULES_EXEC_END);
11064+ if (area)
11065+ return area->addr;
11066+
11067+ return NULL;
11068+}
11069+EXPORT_SYMBOL(module_alloc_exec);
11070+
11071+void module_free_exec(struct module *mod, void *module_region)
11072+{
11073+ struct vm_struct **p, *tmp;
11074+
11075+ if (!module_region)
11076+ return;
11077+
11078+ if ((PAGE_SIZE-1) & (unsigned long)module_region) {
11079+ printk(KERN_ERR "Trying to module_free_exec() bad address (%p)\n", module_region);
11080+ WARN_ON(1);
11081+ return;
11082+ }
11083+
11084+ write_lock(&vmlist_lock);
11085+ for (p = &vmlist; (tmp = *p) != NULL; p = &tmp->next)
11086+ if (tmp->addr == module_region)
11087+ break;
11088+
11089+ if (tmp) {
11090+ pax_open_kernel();
11091+ memset(tmp->addr, 0xCC, tmp->size);
11092+ pax_close_kernel();
11093+
11094+ *p = tmp->next;
11095+ kfree(tmp);
11096+ }
11097+ write_unlock(&vmlist_lock);
11098+
11099+ if (!tmp) {
11100+ printk(KERN_ERR "Trying to module_free_exec() nonexistent vm area (%p)\n",
11101+ module_region);
11102+ WARN_ON(1);
11103+ }
11104+}
11105+EXPORT_SYMBOL(module_free_exec);
11106+#else
11107+void *module_alloc(unsigned long size)
11108+{
11109+ return __module_alloc(size, PAGE_KERNEL);
11110+}
11111+
11112+void module_free_exec(struct module *mod, void *module_region)
11113+{
11114+ module_free(mod, module_region);
11115 }
11116+EXPORT_SYMBOL(module_free_exec);
11117+
11118+void *module_alloc_exec(unsigned long size)
11119+{
11120+ return __module_alloc(size, PAGE_KERNEL_RX);
11121+}
11122+EXPORT_SYMBOL(module_alloc_exec);
11123+#endif
11124+#else
11125+void *module_alloc(unsigned long size)
11126+{
11127+ return __module_alloc(size, PAGE_KERNEL_EXEC);
11128+}
11129+#endif
11130
11131 /* Free memory returned from module_alloc */
11132 void module_free(struct module *mod, void *module_region)
11133@@ -77,14 +158,16 @@ int apply_relocate(Elf32_Shdr *sechdrs,
11134 unsigned int i;
11135 Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr;
11136 Elf32_Sym *sym;
11137- uint32_t *location;
11138+ uint32_t *plocation, location;
11139
11140 DEBUGP("Applying relocate section %u to %u\n", relsec,
11141 sechdrs[relsec].sh_info);
11142 for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) {
11143 /* This is where to make the change */
11144- location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr
11145- + rel[i].r_offset;
11146+ plocation = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr + rel[i].r_offset;
11147+ location = (uint32_t)plocation;
11148+ if (sechdrs[sechdrs[relsec].sh_info].sh_flags & SHF_EXECINSTR)
11149+ plocation = ktla_ktva((void *)plocation);
11150 /* This is the symbol it is referring to. Note that all
11151 undefined symbols have been resolved. */
11152 sym = (Elf32_Sym *)sechdrs[symindex].sh_addr
11153@@ -93,11 +176,15 @@ int apply_relocate(Elf32_Shdr *sechdrs,
11154 switch (ELF32_R_TYPE(rel[i].r_info)) {
11155 case R_386_32:
11156 /* We add the value into the location given */
11157- *location += sym->st_value;
11158+ pax_open_kernel();
11159+ *plocation += sym->st_value;
11160+ pax_close_kernel();
11161 break;
11162 case R_386_PC32:
11163 /* Add the value, subtract its postition */
11164- *location += sym->st_value - (uint32_t)location;
11165+ pax_open_kernel();
11166+ *plocation += sym->st_value - location;
11167+ pax_close_kernel();
11168 break;
11169 default:
11170 printk(KERN_ERR "module %s: Unknown relocation: %u\n",
11171@@ -153,21 +240,30 @@ int apply_relocate_add(Elf64_Shdr *sechd
11172 case R_X86_64_NONE:
11173 break;
11174 case R_X86_64_64:
11175+ pax_open_kernel();
11176 *(u64 *)loc = val;
11177+ pax_close_kernel();
11178 break;
11179 case R_X86_64_32:
11180+ pax_open_kernel();
11181 *(u32 *)loc = val;
11182+ pax_close_kernel();
11183 if (val != *(u32 *)loc)
11184 goto overflow;
11185 break;
11186 case R_X86_64_32S:
11187+ pax_open_kernel();
11188 *(s32 *)loc = val;
11189+ pax_close_kernel();
11190 if ((s64)val != *(s32 *)loc)
11191 goto overflow;
11192 break;
11193 case R_X86_64_PC32:
11194 val -= (u64)loc;
11195+ pax_open_kernel();
11196 *(u32 *)loc = val;
11197+ pax_close_kernel();
11198+
11199 #if 0
11200 if ((s64)val != *(s32 *)loc)
11201 goto overflow;
11202diff -urNp linux-2.6.32.8/arch/x86/kernel/paravirt.c linux-2.6.32.8/arch/x86/kernel/paravirt.c
11203--- linux-2.6.32.8/arch/x86/kernel/paravirt.c 2010-02-09 07:57:19.000000000 -0500
11204+++ linux-2.6.32.8/arch/x86/kernel/paravirt.c 2010-02-13 21:45:09.940916339 -0500
11205@@ -120,9 +120,9 @@ unsigned paravirt_patch_jmp(void *insnbu
11206
11207 /* Neat trick to map patch type back to the call within the
11208 * corresponding structure. */
11209-static void *get_call_destination(u8 type)
11210+static const void *get_call_destination(u8 type)
11211 {
11212- struct paravirt_patch_template tmpl = {
11213+ const struct paravirt_patch_template tmpl = {
11214 .pv_init_ops = pv_init_ops,
11215 .pv_time_ops = pv_time_ops,
11216 .pv_cpu_ops = pv_cpu_ops,
11217@@ -133,13 +133,13 @@ static void *get_call_destination(u8 typ
11218 .pv_lock_ops = pv_lock_ops,
11219 #endif
11220 };
11221- return *((void **)&tmpl + type);
11222+ return *((const void **)&tmpl + type);
11223 }
11224
11225 unsigned paravirt_patch_default(u8 type, u16 clobbers, void *insnbuf,
11226 unsigned long addr, unsigned len)
11227 {
11228- void *opfunc = get_call_destination(type);
11229+ const void *opfunc = get_call_destination(type);
11230 unsigned ret;
11231
11232 if (opfunc == NULL)
11233@@ -178,7 +178,7 @@ unsigned paravirt_patch_insns(void *insn
11234 if (insn_len > len || start == NULL)
11235 insn_len = len;
11236 else
11237- memcpy(insnbuf, start, insn_len);
11238+ memcpy(insnbuf, ktla_ktva(start), insn_len);
11239
11240 return insn_len;
11241 }
11242@@ -294,22 +294,22 @@ void arch_flush_lazy_mmu_mode(void)
11243 preempt_enable();
11244 }
11245
11246-struct pv_info pv_info = {
11247+struct pv_info pv_info __read_only = {
11248 .name = "bare hardware",
11249 .paravirt_enabled = 0,
11250 .kernel_rpl = 0,
11251 .shared_kernel_pmd = 1, /* Only used when CONFIG_X86_PAE is set */
11252 };
11253
11254-struct pv_init_ops pv_init_ops = {
11255+struct pv_init_ops pv_init_ops __read_only = {
11256 .patch = native_patch,
11257 };
11258
11259-struct pv_time_ops pv_time_ops = {
11260+struct pv_time_ops pv_time_ops __read_only = {
11261 .sched_clock = native_sched_clock,
11262 };
11263
11264-struct pv_irq_ops pv_irq_ops = {
11265+struct pv_irq_ops pv_irq_ops __read_only = {
11266 .save_fl = __PV_IS_CALLEE_SAVE(native_save_fl),
11267 .restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl),
11268 .irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable),
11269@@ -321,7 +321,7 @@ struct pv_irq_ops pv_irq_ops = {
11270 #endif
11271 };
11272
11273-struct pv_cpu_ops pv_cpu_ops = {
11274+struct pv_cpu_ops pv_cpu_ops __read_only = {
11275 .cpuid = native_cpuid,
11276 .get_debugreg = native_get_debugreg,
11277 .set_debugreg = native_set_debugreg,
11278@@ -382,7 +382,7 @@ struct pv_cpu_ops pv_cpu_ops = {
11279 .end_context_switch = paravirt_nop,
11280 };
11281
11282-struct pv_apic_ops pv_apic_ops = {
11283+struct pv_apic_ops pv_apic_ops __read_only = {
11284 #ifdef CONFIG_X86_LOCAL_APIC
11285 .startup_ipi_hook = paravirt_nop,
11286 #endif
11287@@ -396,7 +396,7 @@ struct pv_apic_ops pv_apic_ops = {
11288 #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_64)
11289 #endif
11290
11291-struct pv_mmu_ops pv_mmu_ops = {
11292+struct pv_mmu_ops pv_mmu_ops __read_only = {
11293
11294 .read_cr2 = native_read_cr2,
11295 .write_cr2 = native_write_cr2,
11296@@ -467,6 +467,12 @@ struct pv_mmu_ops pv_mmu_ops = {
11297 },
11298
11299 .set_fixmap = native_set_fixmap,
11300+
11301+#ifdef CONFIG_PAX_KERNEXEC
11302+ .pax_open_kernel = native_pax_open_kernel,
11303+ .pax_close_kernel = native_pax_close_kernel,
11304+#endif
11305+
11306 };
11307
11308 EXPORT_SYMBOL_GPL(pv_time_ops);
11309diff -urNp linux-2.6.32.8/arch/x86/kernel/paravirt-spinlocks.c linux-2.6.32.8/arch/x86/kernel/paravirt-spinlocks.c
11310--- linux-2.6.32.8/arch/x86/kernel/paravirt-spinlocks.c 2010-02-09 07:57:19.000000000 -0500
11311+++ linux-2.6.32.8/arch/x86/kernel/paravirt-spinlocks.c 2010-02-13 21:45:09.940916339 -0500
11312@@ -13,7 +13,7 @@ default_spin_lock_flags(raw_spinlock_t *
11313 __raw_spin_lock(lock);
11314 }
11315
11316-struct pv_lock_ops pv_lock_ops = {
11317+struct pv_lock_ops pv_lock_ops __read_only = {
11318 #ifdef CONFIG_SMP
11319 .spin_is_locked = __ticket_spin_is_locked,
11320 .spin_is_contended = __ticket_spin_is_contended,
11321diff -urNp linux-2.6.32.8/arch/x86/kernel/pci-calgary_64.c linux-2.6.32.8/arch/x86/kernel/pci-calgary_64.c
11322--- linux-2.6.32.8/arch/x86/kernel/pci-calgary_64.c 2010-02-09 07:57:19.000000000 -0500
11323+++ linux-2.6.32.8/arch/x86/kernel/pci-calgary_64.c 2010-02-13 21:45:09.941934459 -0500
11324@@ -472,7 +472,7 @@ static void calgary_free_coherent(struct
11325 free_pages((unsigned long)vaddr, get_order(size));
11326 }
11327
11328-static struct dma_map_ops calgary_dma_ops = {
11329+static const struct dma_map_ops calgary_dma_ops = {
11330 .alloc_coherent = calgary_alloc_coherent,
11331 .free_coherent = calgary_free_coherent,
11332 .map_sg = calgary_map_sg,
11333diff -urNp linux-2.6.32.8/arch/x86/kernel/pci-dma.c linux-2.6.32.8/arch/x86/kernel/pci-dma.c
11334--- linux-2.6.32.8/arch/x86/kernel/pci-dma.c 2010-02-09 07:57:19.000000000 -0500
11335+++ linux-2.6.32.8/arch/x86/kernel/pci-dma.c 2010-02-13 21:45:09.941934459 -0500
11336@@ -14,7 +14,7 @@
11337
11338 static int forbid_dac __read_mostly;
11339
11340-struct dma_map_ops *dma_ops;
11341+const struct dma_map_ops *dma_ops;
11342 EXPORT_SYMBOL(dma_ops);
11343
11344 static int iommu_sac_force __read_mostly;
11345@@ -243,7 +243,7 @@ early_param("iommu", iommu_setup);
11346
11347 int dma_supported(struct device *dev, u64 mask)
11348 {
11349- struct dma_map_ops *ops = get_dma_ops(dev);
11350+ const struct dma_map_ops *ops = get_dma_ops(dev);
11351
11352 #ifdef CONFIG_PCI
11353 if (mask > 0xffffffff && forbid_dac > 0) {
11354diff -urNp linux-2.6.32.8/arch/x86/kernel/pci-gart_64.c linux-2.6.32.8/arch/x86/kernel/pci-gart_64.c
11355--- linux-2.6.32.8/arch/x86/kernel/pci-gart_64.c 2010-02-09 07:57:19.000000000 -0500
11356+++ linux-2.6.32.8/arch/x86/kernel/pci-gart_64.c 2010-02-13 21:45:09.941934459 -0500
11357@@ -679,7 +679,7 @@ static __init int init_k8_gatt(struct ag
11358 return -1;
11359 }
11360
11361-static struct dma_map_ops gart_dma_ops = {
11362+static const struct dma_map_ops gart_dma_ops = {
11363 .map_sg = gart_map_sg,
11364 .unmap_sg = gart_unmap_sg,
11365 .map_page = gart_map_page,
11366diff -urNp linux-2.6.32.8/arch/x86/kernel/pci-nommu.c linux-2.6.32.8/arch/x86/kernel/pci-nommu.c
11367--- linux-2.6.32.8/arch/x86/kernel/pci-nommu.c 2010-02-09 07:57:19.000000000 -0500
11368+++ linux-2.6.32.8/arch/x86/kernel/pci-nommu.c 2010-02-13 21:45:09.941934459 -0500
11369@@ -94,7 +94,7 @@ static void nommu_sync_sg_for_device(str
11370 flush_write_buffers();
11371 }
11372
11373-struct dma_map_ops nommu_dma_ops = {
11374+const struct dma_map_ops nommu_dma_ops = {
11375 .alloc_coherent = dma_generic_alloc_coherent,
11376 .free_coherent = nommu_free_coherent,
11377 .map_sg = nommu_map_sg,
11378diff -urNp linux-2.6.32.8/arch/x86/kernel/pci-swiotlb.c linux-2.6.32.8/arch/x86/kernel/pci-swiotlb.c
11379--- linux-2.6.32.8/arch/x86/kernel/pci-swiotlb.c 2010-02-09 07:57:19.000000000 -0500
11380+++ linux-2.6.32.8/arch/x86/kernel/pci-swiotlb.c 2010-02-13 21:45:09.942909175 -0500
11381@@ -25,7 +25,7 @@ static void *x86_swiotlb_alloc_coherent(
11382 return swiotlb_alloc_coherent(hwdev, size, dma_handle, flags);
11383 }
11384
11385-static struct dma_map_ops swiotlb_dma_ops = {
11386+static const struct dma_map_ops swiotlb_dma_ops = {
11387 .mapping_error = swiotlb_dma_mapping_error,
11388 .alloc_coherent = x86_swiotlb_alloc_coherent,
11389 .free_coherent = swiotlb_free_coherent,
11390diff -urNp linux-2.6.32.8/arch/x86/kernel/process_32.c linux-2.6.32.8/arch/x86/kernel/process_32.c
11391--- linux-2.6.32.8/arch/x86/kernel/process_32.c 2010-02-09 07:57:19.000000000 -0500
11392+++ linux-2.6.32.8/arch/x86/kernel/process_32.c 2010-02-13 21:45:09.942909175 -0500
11393@@ -67,6 +67,7 @@ asmlinkage void ret_from_fork(void) __as
11394 unsigned long thread_saved_pc(struct task_struct *tsk)
11395 {
11396 return ((unsigned long *)tsk->thread.sp)[3];
11397+//XXX return tsk->thread.eip;
11398 }
11399
11400 #ifndef CONFIG_SMP
11401@@ -129,7 +130,7 @@ void __show_regs(struct pt_regs *regs, i
11402 unsigned short ss, gs;
11403 const char *board;
11404
11405- if (user_mode_vm(regs)) {
11406+ if (user_mode(regs)) {
11407 sp = regs->sp;
11408 ss = regs->ss & 0xffff;
11409 gs = get_user_gs(regs);
11410@@ -210,8 +211,8 @@ int kernel_thread(int (*fn)(void *), voi
11411 regs.bx = (unsigned long) fn;
11412 regs.dx = (unsigned long) arg;
11413
11414- regs.ds = __USER_DS;
11415- regs.es = __USER_DS;
11416+ regs.ds = __KERNEL_DS;
11417+ regs.es = __KERNEL_DS;
11418 regs.fs = __KERNEL_PERCPU;
11419 regs.gs = __KERNEL_STACK_CANARY;
11420 regs.orig_ax = -1;
11421@@ -247,7 +248,7 @@ int copy_thread(unsigned long clone_flag
11422 struct task_struct *tsk;
11423 int err;
11424
11425- childregs = task_pt_regs(p);
11426+ childregs = task_stack_page(p) + THREAD_SIZE - sizeof(struct pt_regs) - 8;
11427 *childregs = *regs;
11428 childregs->ax = 0;
11429 childregs->sp = sp;
11430@@ -276,6 +277,7 @@ int copy_thread(unsigned long clone_flag
11431 * Set a new TLS for the child thread?
11432 */
11433 if (clone_flags & CLONE_SETTLS)
11434+//XXX needs set_fs()?
11435 err = do_set_thread_area(p, -1,
11436 (struct user_desc __user *)childregs->si, 0);
11437
11438@@ -346,7 +348,7 @@ __switch_to(struct task_struct *prev_p,
11439 struct thread_struct *prev = &prev_p->thread,
11440 *next = &next_p->thread;
11441 int cpu = smp_processor_id();
11442- struct tss_struct *tss = &per_cpu(init_tss, cpu);
11443+ struct tss_struct *tss = init_tss + cpu;
11444 bool preload_fpu;
11445
11446 /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */
11447@@ -381,6 +383,11 @@ __switch_to(struct task_struct *prev_p,
11448 */
11449 lazy_save_gs(prev->gs);
11450
11451+#ifdef CONFIG_PAX_MEMORY_UDEREF
11452+ if (!segment_eq(task_thread_info(prev_p)->addr_limit, task_thread_info(next_p)->addr_limit))
11453+ __set_fs(task_thread_info(next_p)->addr_limit, cpu);
11454+#endif
11455+
11456 /*
11457 * Load the per-thread Thread-Local Storage descriptor.
11458 */
11459@@ -497,3 +504,27 @@ unsigned long get_wchan(struct task_stru
11460 return 0;
11461 }
11462
11463+#ifdef CONFIG_PAX_RANDKSTACK
11464+asmlinkage void pax_randomize_kstack(void)
11465+{
11466+ struct thread_struct *thread = &current->thread;
11467+ unsigned long time;
11468+
11469+ if (!randomize_va_space)
11470+ return;
11471+
11472+ rdtscl(time);
11473+
11474+ /* P4 seems to return a 0 LSB, ignore it */
11475+#ifdef CONFIG_MPENTIUM4
11476+ time &= 0x1EUL;
11477+ time <<= 2;
11478+#else
11479+ time &= 0xFUL;
11480+ time <<= 3;
11481+#endif
11482+
11483+ thread->sp0 ^= time;
11484+ load_sp0(init_tss + smp_processor_id(), thread);
11485+}
11486+#endif
11487diff -urNp linux-2.6.32.8/arch/x86/kernel/process_64.c linux-2.6.32.8/arch/x86/kernel/process_64.c
11488--- linux-2.6.32.8/arch/x86/kernel/process_64.c 2010-02-09 07:57:19.000000000 -0500
11489+++ linux-2.6.32.8/arch/x86/kernel/process_64.c 2010-02-13 21:45:09.943634227 -0500
11490@@ -91,7 +91,7 @@ static void __exit_idle(void)
11491 void exit_idle(void)
11492 {
11493 /* idle loop has pid 0 */
11494- if (current->pid)
11495+ if (task_pid_nr(current))
11496 return;
11497 __exit_idle();
11498 }
11499@@ -170,7 +170,7 @@ void __show_regs(struct pt_regs *regs, i
11500 if (!board)
11501 board = "";
11502 printk(KERN_INFO "Pid: %d, comm: %.20s %s %s %.*s %s\n",
11503- current->pid, current->comm, print_tainted(),
11504+ task_pid_nr(current), current->comm, print_tainted(),
11505 init_utsname()->release,
11506 (int)strcspn(init_utsname()->version, " "),
11507 init_utsname()->version, board);
11508@@ -381,7 +381,7 @@ __switch_to(struct task_struct *prev_p,
11509 struct thread_struct *prev = &prev_p->thread;
11510 struct thread_struct *next = &next_p->thread;
11511 int cpu = smp_processor_id();
11512- struct tss_struct *tss = &per_cpu(init_tss, cpu);
11513+ struct tss_struct *tss = init_tss + cpu;
11514 unsigned fsindex, gsindex;
11515 bool preload_fpu;
11516
11517@@ -560,12 +560,11 @@ unsigned long get_wchan(struct task_stru
11518 if (!p || p == current || p->state == TASK_RUNNING)
11519 return 0;
11520 stack = (unsigned long)task_stack_page(p);
11521- if (p->thread.sp < stack || p->thread.sp >= stack+THREAD_SIZE)
11522+ if (p->thread.sp < stack || p->thread.sp > stack+THREAD_SIZE-8-sizeof(u64))
11523 return 0;
11524 fp = *(u64 *)(p->thread.sp);
11525 do {
11526- if (fp < (unsigned long)stack ||
11527- fp >= (unsigned long)stack+THREAD_SIZE)
11528+ if (fp < stack || fp > stack+THREAD_SIZE-8-sizeof(u64))
11529 return 0;
11530 ip = *(u64 *)(fp+8);
11531 if (!in_sched_functions(ip))
11532diff -urNp linux-2.6.32.8/arch/x86/kernel/process.c linux-2.6.32.8/arch/x86/kernel/process.c
11533--- linux-2.6.32.8/arch/x86/kernel/process.c 2010-02-09 07:57:19.000000000 -0500
11534+++ linux-2.6.32.8/arch/x86/kernel/process.c 2010-02-13 21:45:09.943634227 -0500
11535@@ -73,7 +73,7 @@ void exit_thread(void)
11536 unsigned long *bp = t->io_bitmap_ptr;
11537
11538 if (bp) {
11539- struct tss_struct *tss = &per_cpu(init_tss, get_cpu());
11540+ struct tss_struct *tss = init_tss + get_cpu();
11541
11542 t->io_bitmap_ptr = NULL;
11543 clear_thread_flag(TIF_IO_BITMAP);
11544@@ -93,6 +93,9 @@ void flush_thread(void)
11545
11546 clear_tsk_thread_flag(tsk, TIF_DEBUG);
11547
11548+#if defined(CONFIG_X86_32) && !defined(CONFIG_CC_STACKPROTECTOR)
11549+ loadsegment(gs, 0);
11550+#endif
11551 tsk->thread.debugreg0 = 0;
11552 tsk->thread.debugreg1 = 0;
11553 tsk->thread.debugreg2 = 0;
11554@@ -584,17 +587,3 @@ static int __init idle_setup(char *str)
11555 return 0;
11556 }
11557 early_param("idle", idle_setup);
11558-
11559-unsigned long arch_align_stack(unsigned long sp)
11560-{
11561- if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
11562- sp -= get_random_int() % 8192;
11563- return sp & ~0xf;
11564-}
11565-
11566-unsigned long arch_randomize_brk(struct mm_struct *mm)
11567-{
11568- unsigned long range_end = mm->brk + 0x02000000;
11569- return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
11570-}
11571-
11572diff -urNp linux-2.6.32.8/arch/x86/kernel/ptrace.c linux-2.6.32.8/arch/x86/kernel/ptrace.c
11573--- linux-2.6.32.8/arch/x86/kernel/ptrace.c 2010-02-09 07:57:19.000000000 -0500
11574+++ linux-2.6.32.8/arch/x86/kernel/ptrace.c 2010-02-13 21:45:09.943634227 -0500
11575@@ -925,7 +925,7 @@ static const struct user_regset_view use
11576 long arch_ptrace(struct task_struct *child, long request, long addr, long data)
11577 {
11578 int ret;
11579- unsigned long __user *datap = (unsigned long __user *)data;
11580+ unsigned long __user *datap = (__force unsigned long __user *)data;
11581
11582 switch (request) {
11583 /* read the word at location addr in the USER area. */
11584@@ -1012,14 +1012,14 @@ long arch_ptrace(struct task_struct *chi
11585 if (addr < 0)
11586 return -EIO;
11587 ret = do_get_thread_area(child, addr,
11588- (struct user_desc __user *) data);
11589+ (__force struct user_desc __user *) data);
11590 break;
11591
11592 case PTRACE_SET_THREAD_AREA:
11593 if (addr < 0)
11594 return -EIO;
11595 ret = do_set_thread_area(child, addr,
11596- (struct user_desc __user *) data, 0);
11597+ (__force struct user_desc __user *) data, 0);
11598 break;
11599 #endif
11600
11601@@ -1038,12 +1038,12 @@ long arch_ptrace(struct task_struct *chi
11602 #ifdef CONFIG_X86_PTRACE_BTS
11603 case PTRACE_BTS_CONFIG:
11604 ret = ptrace_bts_config
11605- (child, data, (struct ptrace_bts_config __user *)addr);
11606+ (child, data, (__force struct ptrace_bts_config __user *)addr);
11607 break;
11608
11609 case PTRACE_BTS_STATUS:
11610 ret = ptrace_bts_status
11611- (child, data, (struct ptrace_bts_config __user *)addr);
11612+ (child, data, (__force struct ptrace_bts_config __user *)addr);
11613 break;
11614
11615 case PTRACE_BTS_SIZE:
11616@@ -1052,7 +1052,7 @@ long arch_ptrace(struct task_struct *chi
11617
11618 case PTRACE_BTS_GET:
11619 ret = ptrace_bts_read_record
11620- (child, data, (struct bts_struct __user *) addr);
11621+ (child, data, (__force struct bts_struct __user *) addr);
11622 break;
11623
11624 case PTRACE_BTS_CLEAR:
11625@@ -1061,7 +1061,7 @@ long arch_ptrace(struct task_struct *chi
11626
11627 case PTRACE_BTS_DRAIN:
11628 ret = ptrace_bts_drain
11629- (child, data, (struct bts_struct __user *) addr);
11630+ (child, data, (__force struct bts_struct __user *) addr);
11631 break;
11632 #endif /* CONFIG_X86_PTRACE_BTS */
11633
11634@@ -1450,7 +1450,7 @@ void send_sigtrap(struct task_struct *ts
11635 info.si_code = si_code;
11636
11637 /* User-mode ip? */
11638- info.si_addr = user_mode_vm(regs) ? (void __user *) regs->ip : NULL;
11639+ info.si_addr = user_mode(regs) ? (__force void __user *) regs->ip : NULL;
11640
11641 /* Send us the fake SIGTRAP */
11642 force_sig_info(SIGTRAP, &info, tsk);
11643diff -urNp linux-2.6.32.8/arch/x86/kernel/reboot.c linux-2.6.32.8/arch/x86/kernel/reboot.c
11644--- linux-2.6.32.8/arch/x86/kernel/reboot.c 2010-02-09 07:57:19.000000000 -0500
11645+++ linux-2.6.32.8/arch/x86/kernel/reboot.c 2010-02-13 21:45:09.943634227 -0500
11646@@ -33,7 +33,7 @@ void (*pm_power_off)(void);
11647 EXPORT_SYMBOL(pm_power_off);
11648
11649 static const struct desc_ptr no_idt = {};
11650-static int reboot_mode;
11651+static unsigned short reboot_mode;
11652 enum reboot_type reboot_type = BOOT_KBD;
11653 int reboot_force;
11654
11655@@ -276,7 +276,7 @@ static struct dmi_system_id __initdata r
11656 DMI_MATCH(DMI_BOARD_NAME, "P4S800"),
11657 },
11658 },
11659- { }
11660+ { NULL, NULL, {{0, {0}}}, NULL}
11661 };
11662
11663 static int __init reboot_init(void)
11664@@ -292,12 +292,12 @@ core_initcall(reboot_init);
11665 controller to pulse the CPU reset line, which is more thorough, but
11666 doesn't work with at least one type of 486 motherboard. It is easy
11667 to stop this code working; hence the copious comments. */
11668-static const unsigned long long
11669-real_mode_gdt_entries [3] =
11670+static struct desc_struct
11671+real_mode_gdt_entries [3] __read_only =
11672 {
11673- 0x0000000000000000ULL, /* Null descriptor */
11674- 0x00009b000000ffffULL, /* 16-bit real-mode 64k code at 0x00000000 */
11675- 0x000093000100ffffULL /* 16-bit real-mode 64k data at 0x00000100 */
11676+ GDT_ENTRY_INIT(0, 0, 0), /* Null descriptor */
11677+ GDT_ENTRY_INIT(0x9b, 0, 0xffff), /* 16-bit real-mode 64k code at 0x00000000 */
11678+ GDT_ENTRY_INIT(0x93, 0x100, 0xffff) /* 16-bit real-mode 64k data at 0x00000100 */
11679 };
11680
11681 static const struct desc_ptr
11682@@ -346,7 +346,7 @@ static const unsigned char jump_to_bios
11683 * specified by the code and length parameters.
11684 * We assume that length will aways be less that 100!
11685 */
11686-void machine_real_restart(const unsigned char *code, int length)
11687+void machine_real_restart(const unsigned char *code, unsigned int length)
11688 {
11689 local_irq_disable();
11690
11691@@ -366,8 +366,8 @@ void machine_real_restart(const unsigned
11692 /* Remap the kernel at virtual address zero, as well as offset zero
11693 from the kernel segment. This assumes the kernel segment starts at
11694 virtual address PAGE_OFFSET. */
11695- memcpy(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY,
11696- sizeof(swapper_pg_dir [0]) * KERNEL_PGD_PTRS);
11697+ clone_pgd_range(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY,
11698+ min_t(unsigned long, KERNEL_PGD_PTRS, KERNEL_PGD_BOUNDARY));
11699
11700 /*
11701 * Use `swapper_pg_dir' as our page directory.
11702@@ -379,16 +379,15 @@ void machine_real_restart(const unsigned
11703 boot)". This seems like a fairly standard thing that gets set by
11704 REBOOT.COM programs, and the previous reset routine did this
11705 too. */
11706- *((unsigned short *)0x472) = reboot_mode;
11707+ *(unsigned short *)(__va(0x472)) = reboot_mode;
11708
11709 /* For the switch to real mode, copy some code to low memory. It has
11710 to be in the first 64k because it is running in 16-bit mode, and it
11711 has to have the same physical and virtual address, because it turns
11712 off paging. Copy it near the end of the first page, out of the way
11713 of BIOS variables. */
11714- memcpy((void *)(0x1000 - sizeof(real_mode_switch) - 100),
11715- real_mode_switch, sizeof (real_mode_switch));
11716- memcpy((void *)(0x1000 - 100), code, length);
11717+ memcpy(__va(0x1000 - sizeof (real_mode_switch) - 100), real_mode_switch, sizeof (real_mode_switch));
11718+ memcpy(__va(0x1000 - 100), code, length);
11719
11720 /* Set up the IDT for real mode. */
11721 load_idt(&real_mode_idt);
11722diff -urNp linux-2.6.32.8/arch/x86/kernel/setup.c linux-2.6.32.8/arch/x86/kernel/setup.c
11723--- linux-2.6.32.8/arch/x86/kernel/setup.c 2010-02-09 07:57:19.000000000 -0500
11724+++ linux-2.6.32.8/arch/x86/kernel/setup.c 2010-02-13 21:45:09.944914539 -0500
11725@@ -771,14 +771,14 @@ void __init setup_arch(char **cmdline_p)
11726
11727 if (!boot_params.hdr.root_flags)
11728 root_mountflags &= ~MS_RDONLY;
11729- init_mm.start_code = (unsigned long) _text;
11730- init_mm.end_code = (unsigned long) _etext;
11731+ init_mm.start_code = ktla_ktva((unsigned long) _text);
11732+ init_mm.end_code = ktla_ktva((unsigned long) _etext);
11733 init_mm.end_data = (unsigned long) _edata;
11734 init_mm.brk = _brk_end;
11735
11736- code_resource.start = virt_to_phys(_text);
11737- code_resource.end = virt_to_phys(_etext)-1;
11738- data_resource.start = virt_to_phys(_etext);
11739+ code_resource.start = virt_to_phys(ktla_ktva(_text));
11740+ code_resource.end = virt_to_phys(ktla_ktva(_etext))-1;
11741+ data_resource.start = virt_to_phys(_sdata);
11742 data_resource.end = virt_to_phys(_edata)-1;
11743 bss_resource.start = virt_to_phys(&__bss_start);
11744 bss_resource.end = virt_to_phys(&__bss_stop)-1;
11745diff -urNp linux-2.6.32.8/arch/x86/kernel/setup_percpu.c linux-2.6.32.8/arch/x86/kernel/setup_percpu.c
11746--- linux-2.6.32.8/arch/x86/kernel/setup_percpu.c 2010-02-09 07:57:19.000000000 -0500
11747+++ linux-2.6.32.8/arch/x86/kernel/setup_percpu.c 2010-02-13 21:45:09.944914539 -0500
11748@@ -25,19 +25,17 @@
11749 # define DBG(x...)
11750 #endif
11751
11752+#ifdef CONFIG_SMP
11753 DEFINE_PER_CPU(int, cpu_number);
11754 EXPORT_PER_CPU_SYMBOL(cpu_number);
11755+#endif
11756
11757-#ifdef CONFIG_X86_64
11758 #define BOOT_PERCPU_OFFSET ((unsigned long)__per_cpu_load)
11759-#else
11760-#define BOOT_PERCPU_OFFSET 0
11761-#endif
11762
11763 DEFINE_PER_CPU(unsigned long, this_cpu_off) = BOOT_PERCPU_OFFSET;
11764 EXPORT_PER_CPU_SYMBOL(this_cpu_off);
11765
11766-unsigned long __per_cpu_offset[NR_CPUS] __read_mostly = {
11767+unsigned long __per_cpu_offset[NR_CPUS] __read_only = {
11768 [0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET,
11769 };
11770 EXPORT_SYMBOL(__per_cpu_offset);
11771@@ -158,13 +156,15 @@ static void __init pcpup_populate_pte(un
11772 static inline void setup_percpu_segment(int cpu)
11773 {
11774 #ifdef CONFIG_X86_32
11775- struct desc_struct gdt;
11776+ struct desc_struct d, *gdt = get_cpu_gdt_table(cpu);
11777+ unsigned long base = per_cpu_offset(cpu);
11778+ const unsigned long limit = VMALLOC_END - base - 1;
11779
11780- pack_descriptor(&gdt, per_cpu_offset(cpu), 0xFFFFF,
11781- 0x2 | DESCTYPE_S, 0x8);
11782- gdt.s = 1;
11783- write_gdt_entry(get_cpu_gdt_table(cpu),
11784- GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S);
11785+ if (limit < 64*1024)
11786+ pack_descriptor(&d, base, limit, 0x80 | DESCTYPE_S | 0x3, 0x4);
11787+ else
11788+ pack_descriptor(&d, base, limit >> PAGE_SHIFT, 0x80 | DESCTYPE_S | 0x3, 0xC);
11789+ write_gdt_entry(gdt, GDT_ENTRY_PERCPU, &d, DESCTYPE_S);
11790 #endif
11791 }
11792
11793@@ -212,6 +212,11 @@ void __init setup_per_cpu_areas(void)
11794 /* alrighty, percpu areas up and running */
11795 delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start;
11796 for_each_possible_cpu(cpu) {
11797+#ifdef CONFIG_CC_STACKPROTECTOR
11798+#ifdef CONFIG_x86_32
11799+ unsigned long canary = per_cpu(stack_canary, cpu);
11800+#endif
11801+#endif
11802 per_cpu_offset(cpu) = delta + pcpu_unit_offsets[cpu];
11803 per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu);
11804 per_cpu(cpu_number, cpu) = cpu;
11805@@ -239,6 +244,12 @@ void __init setup_per_cpu_areas(void)
11806 early_per_cpu_map(x86_cpu_to_node_map, cpu);
11807 #endif
11808 #endif
11809+#ifdef CONFIG_CC_STACKPROTECTOR
11810+#ifdef CONFIG_x86_32
11811+ if (cpu == boot_cpu_id)
11812+ per_cpu(stack_canary, cpu) = canary;
11813+#endif
11814+#endif
11815 /*
11816 * Up to this point, the boot CPU has been using .data.init
11817 * area. Reload any changed state for the boot CPU.
11818diff -urNp linux-2.6.32.8/arch/x86/kernel/signal.c linux-2.6.32.8/arch/x86/kernel/signal.c
11819--- linux-2.6.32.8/arch/x86/kernel/signal.c 2010-02-09 07:57:19.000000000 -0500
11820+++ linux-2.6.32.8/arch/x86/kernel/signal.c 2010-02-13 21:45:09.944914539 -0500
11821@@ -197,7 +197,7 @@ static unsigned long align_sigframe(unsi
11822 * Align the stack pointer according to the i386 ABI,
11823 * i.e. so that on function entry ((sp + 4) & 15) == 0.
11824 */
11825- sp = ((sp + 4) & -16ul) - 4;
11826+ sp = ((sp - 12) & -16ul) - 4;
11827 #else /* !CONFIG_X86_32 */
11828 sp = round_down(sp, 16) - 8;
11829 #endif
11830@@ -248,11 +248,11 @@ get_sigframe(struct k_sigaction *ka, str
11831 * Return an always-bogus address instead so we will die with SIGSEGV.
11832 */
11833 if (onsigstack && !likely(on_sig_stack(sp)))
11834- return (void __user *)-1L;
11835+ return (__force void __user *)-1L;
11836
11837 /* save i387 state */
11838 if (used_math() && save_i387_xstate(*fpstate) < 0)
11839- return (void __user *)-1L;
11840+ return (__force void __user *)-1L;
11841
11842 return (void __user *)sp;
11843 }
11844@@ -307,9 +307,9 @@ __setup_frame(int sig, struct k_sigactio
11845 }
11846
11847 if (current->mm->context.vdso)
11848- restorer = VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
11849+ restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
11850 else
11851- restorer = &frame->retcode;
11852+ restorer = (void __user *)&frame->retcode;
11853 if (ka->sa.sa_flags & SA_RESTORER)
11854 restorer = ka->sa.sa_restorer;
11855
11856@@ -323,7 +323,7 @@ __setup_frame(int sig, struct k_sigactio
11857 * reasons and because gdb uses it as a signature to notice
11858 * signal handler stack frames.
11859 */
11860- err |= __put_user(*((u64 *)&retcode), (u64 *)frame->retcode);
11861+ err |= __put_user(*((u64 *)&retcode), (u64 __user *)frame->retcode);
11862
11863 if (err)
11864 return -EFAULT;
11865@@ -377,7 +377,7 @@ static int __setup_rt_frame(int sig, str
11866 err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set));
11867
11868 /* Set up to return from userspace. */
11869- restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
11870+ restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
11871 if (ka->sa.sa_flags & SA_RESTORER)
11872 restorer = ka->sa.sa_restorer;
11873 put_user_ex(restorer, &frame->pretcode);
11874@@ -389,7 +389,7 @@ static int __setup_rt_frame(int sig, str
11875 * reasons and because gdb uses it as a signature to notice
11876 * signal handler stack frames.
11877 */
11878- put_user_ex(*((u64 *)&rt_retcode), (u64 *)frame->retcode);
11879+ put_user_ex(*((u64 *)&rt_retcode), (u64 __user *)frame->retcode);
11880 } put_user_catch(err);
11881
11882 if (err)
11883@@ -789,7 +789,7 @@ static void do_signal(struct pt_regs *re
11884 * X86_32: vm86 regs switched out by assembly code before reaching
11885 * here, so testing against kernel CS suffices.
11886 */
11887- if (!user_mode(regs))
11888+ if (!user_mode_novm(regs))
11889 return;
11890
11891 if (current_thread_info()->status & TS_RESTORE_SIGMASK)
11892diff -urNp linux-2.6.32.8/arch/x86/kernel/smpboot.c linux-2.6.32.8/arch/x86/kernel/smpboot.c
11893--- linux-2.6.32.8/arch/x86/kernel/smpboot.c 2010-02-09 07:57:19.000000000 -0500
11894+++ linux-2.6.32.8/arch/x86/kernel/smpboot.c 2010-02-13 21:45:09.944914539 -0500
11895@@ -729,7 +729,11 @@ do_rest:
11896 (unsigned long)task_stack_page(c_idle.idle) -
11897 KERNEL_STACK_OFFSET + THREAD_SIZE;
11898 #endif
11899+
11900+ pax_open_kernel();
11901 early_gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu);
11902+ pax_close_kernel();
11903+
11904 initial_code = (unsigned long)start_secondary;
11905 stack_start.sp = (void *) c_idle.idle->thread.sp;
11906
11907diff -urNp linux-2.6.32.8/arch/x86/kernel/step.c linux-2.6.32.8/arch/x86/kernel/step.c
11908--- linux-2.6.32.8/arch/x86/kernel/step.c 2010-02-09 07:57:19.000000000 -0500
11909+++ linux-2.6.32.8/arch/x86/kernel/step.c 2010-02-13 21:45:09.945907876 -0500
11910@@ -27,10 +27,10 @@ unsigned long convert_ip_to_linear(struc
11911 struct desc_struct *desc;
11912 unsigned long base;
11913
11914- seg &= ~7UL;
11915+ seg >>= 3;
11916
11917 mutex_lock(&child->mm->context.lock);
11918- if (unlikely((seg >> 3) >= child->mm->context.size))
11919+ if (unlikely(seg >= child->mm->context.size))
11920 addr = -1L; /* bogus selector, access would fault */
11921 else {
11922 desc = child->mm->context.ldt + seg;
11923@@ -53,6 +53,9 @@ static int is_setting_trap_flag(struct t
11924 unsigned char opcode[15];
11925 unsigned long addr = convert_ip_to_linear(child, regs);
11926
11927+ if (addr == -EINVAL)
11928+ return 0;
11929+
11930 copied = access_process_vm(child, addr, opcode, sizeof(opcode), 0);
11931 for (i = 0; i < copied; i++) {
11932 switch (opcode[i]) {
11933@@ -74,7 +77,7 @@ static int is_setting_trap_flag(struct t
11934
11935 #ifdef CONFIG_X86_64
11936 case 0x40 ... 0x4f:
11937- if (regs->cs != __USER_CS)
11938+ if ((regs->cs & 0xffff) != __USER_CS)
11939 /* 32-bit mode: register increment */
11940 return 0;
11941 /* 64-bit mode: REX prefix */
11942diff -urNp linux-2.6.32.8/arch/x86/kernel/syscall_table_32.S linux-2.6.32.8/arch/x86/kernel/syscall_table_32.S
11943--- linux-2.6.32.8/arch/x86/kernel/syscall_table_32.S 2010-02-09 07:57:19.000000000 -0500
11944+++ linux-2.6.32.8/arch/x86/kernel/syscall_table_32.S 2010-02-13 21:45:09.945907876 -0500
11945@@ -1,3 +1,4 @@
11946+.section .rodata,"a",@progbits
11947 ENTRY(sys_call_table)
11948 .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */
11949 .long sys_exit
11950diff -urNp linux-2.6.32.8/arch/x86/kernel/sys_i386_32.c linux-2.6.32.8/arch/x86/kernel/sys_i386_32.c
11951--- linux-2.6.32.8/arch/x86/kernel/sys_i386_32.c 2010-02-09 07:57:19.000000000 -0500
11952+++ linux-2.6.32.8/arch/x86/kernel/sys_i386_32.c 2010-02-13 21:45:09.945907876 -0500
11953@@ -24,6 +24,21 @@
11954
11955 #include <asm/syscalls.h>
11956
11957+int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags)
11958+{
11959+ unsigned long pax_task_size = TASK_SIZE;
11960+
11961+#ifdef CONFIG_PAX_SEGMEXEC
11962+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
11963+ pax_task_size = SEGMEXEC_TASK_SIZE;
11964+#endif
11965+
11966+ if (len > pax_task_size || addr > pax_task_size - len)
11967+ return -EINVAL;
11968+
11969+ return 0;
11970+}
11971+
11972 /*
11973 * Perform the select(nd, in, out, ex, tv) and mmap() system
11974 * calls. Linux/i386 didn't use to be able to handle more than
11975@@ -58,6 +73,205 @@ out:
11976 return err;
11977 }
11978
11979+unsigned long
11980+arch_get_unmapped_area(struct file *filp, unsigned long addr,
11981+ unsigned long len, unsigned long pgoff, unsigned long flags)
11982+{
11983+ struct mm_struct *mm = current->mm;
11984+ struct vm_area_struct *vma;
11985+ unsigned long start_addr, pax_task_size = TASK_SIZE;
11986+
11987+#ifdef CONFIG_PAX_SEGMEXEC
11988+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
11989+ pax_task_size = SEGMEXEC_TASK_SIZE;
11990+#endif
11991+
11992+ if (len > pax_task_size)
11993+ return -ENOMEM;
11994+
11995+ if (flags & MAP_FIXED)
11996+ return addr;
11997+
11998+#ifdef CONFIG_PAX_RANDMMAP
11999+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
12000+#endif
12001+
12002+ if (addr) {
12003+ addr = PAGE_ALIGN(addr);
12004+ vma = find_vma(mm, addr);
12005+ if (pax_task_size - len >= addr &&
12006+ (!vma || addr + len <= vma->vm_start))
12007+ return addr;
12008+ }
12009+ if (len > mm->cached_hole_size) {
12010+ start_addr = addr = mm->free_area_cache;
12011+ } else {
12012+ start_addr = addr = mm->mmap_base;
12013+ mm->cached_hole_size = 0;
12014+ }
12015+
12016+#ifdef CONFIG_PAX_PAGEEXEC
12017+ if (!nx_enabled && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE) && start_addr >= mm->mmap_base) {
12018+ start_addr = 0x00110000UL;
12019+
12020+#ifdef CONFIG_PAX_RANDMMAP
12021+ if (mm->pax_flags & MF_PAX_RANDMMAP)
12022+ start_addr += mm->delta_mmap & 0x03FFF000UL;
12023+#endif
12024+
12025+ if (mm->start_brk <= start_addr && start_addr < mm->mmap_base)
12026+ start_addr = addr = mm->mmap_base;
12027+ else
12028+ addr = start_addr;
12029+ }
12030+#endif
12031+
12032+full_search:
12033+ for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
12034+ /* At this point: (!vma || addr < vma->vm_end). */
12035+ if (pax_task_size - len < addr) {
12036+ /*
12037+ * Start a new search - just in case we missed
12038+ * some holes.
12039+ */
12040+ if (start_addr != mm->mmap_base) {
12041+ start_addr = addr = mm->mmap_base;
12042+ mm->cached_hole_size = 0;
12043+ goto full_search;
12044+ }
12045+ return -ENOMEM;
12046+ }
12047+ if (!vma || addr + len <= vma->vm_start) {
12048+ /*
12049+ * Remember the place where we stopped the search:
12050+ */
12051+ mm->free_area_cache = addr + len;
12052+ return addr;
12053+ }
12054+ if (addr + mm->cached_hole_size < vma->vm_start)
12055+ mm->cached_hole_size = vma->vm_start - addr;
12056+ addr = vma->vm_end;
12057+ if (mm->start_brk <= addr && addr < mm->mmap_base) {
12058+ start_addr = addr = mm->mmap_base;
12059+ mm->cached_hole_size = 0;
12060+ goto full_search;
12061+ }
12062+ }
12063+}
12064+
12065+unsigned long
12066+arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
12067+ const unsigned long len, const unsigned long pgoff,
12068+ const unsigned long flags)
12069+{
12070+ struct vm_area_struct *vma;
12071+ struct mm_struct *mm = current->mm;
12072+ unsigned long base = mm->mmap_base, addr = addr0, pax_task_size = TASK_SIZE;
12073+
12074+#ifdef CONFIG_PAX_SEGMEXEC
12075+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
12076+ pax_task_size = SEGMEXEC_TASK_SIZE;
12077+#endif
12078+
12079+ /* requested length too big for entire address space */
12080+ if (len > pax_task_size)
12081+ return -ENOMEM;
12082+
12083+ if (flags & MAP_FIXED)
12084+ return addr;
12085+
12086+#ifdef CONFIG_PAX_PAGEEXEC
12087+ if (!nx_enabled && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE))
12088+ goto bottomup;
12089+#endif
12090+
12091+#ifdef CONFIG_PAX_RANDMMAP
12092+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
12093+#endif
12094+
12095+ /* requesting a specific address */
12096+ if (addr) {
12097+ addr = PAGE_ALIGN(addr);
12098+ vma = find_vma(mm, addr);
12099+ if (pax_task_size - len >= addr &&
12100+ (!vma || addr + len <= vma->vm_start))
12101+ return addr;
12102+ }
12103+
12104+ /* check if free_area_cache is useful for us */
12105+ if (len <= mm->cached_hole_size) {
12106+ mm->cached_hole_size = 0;
12107+ mm->free_area_cache = mm->mmap_base;
12108+ }
12109+
12110+ /* either no address requested or can't fit in requested address hole */
12111+ addr = mm->free_area_cache;
12112+
12113+ /* make sure it can fit in the remaining address space */
12114+ if (addr > len) {
12115+ vma = find_vma(mm, addr-len);
12116+ if (!vma || addr <= vma->vm_start)
12117+ /* remember the address as a hint for next time */
12118+ return (mm->free_area_cache = addr-len);
12119+ }
12120+
12121+ if (mm->mmap_base < len)
12122+ goto bottomup;
12123+
12124+ addr = mm->mmap_base-len;
12125+
12126+ do {
12127+ /*
12128+ * Lookup failure means no vma is above this address,
12129+ * else if new region fits below vma->vm_start,
12130+ * return with success:
12131+ */
12132+ vma = find_vma(mm, addr);
12133+ if (!vma || addr+len <= vma->vm_start)
12134+ /* remember the address as a hint for next time */
12135+ return (mm->free_area_cache = addr);
12136+
12137+ /* remember the largest hole we saw so far */
12138+ if (addr + mm->cached_hole_size < vma->vm_start)
12139+ mm->cached_hole_size = vma->vm_start - addr;
12140+
12141+ /* try just below the current vma->vm_start */
12142+ addr = vma->vm_start-len;
12143+ } while (len < vma->vm_start);
12144+
12145+bottomup:
12146+ /*
12147+ * A failed mmap() very likely causes application failure,
12148+ * so fall back to the bottom-up function here. This scenario
12149+ * can happen with large stack limits and large mmap()
12150+ * allocations.
12151+ */
12152+
12153+#ifdef CONFIG_PAX_SEGMEXEC
12154+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
12155+ mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE;
12156+ else
12157+#endif
12158+
12159+ mm->mmap_base = TASK_UNMAPPED_BASE;
12160+
12161+#ifdef CONFIG_PAX_RANDMMAP
12162+ if (mm->pax_flags & MF_PAX_RANDMMAP)
12163+ mm->mmap_base += mm->delta_mmap;
12164+#endif
12165+
12166+ mm->free_area_cache = mm->mmap_base;
12167+ mm->cached_hole_size = ~0UL;
12168+ addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
12169+ /*
12170+ * Restore the topdown base:
12171+ */
12172+ mm->mmap_base = base;
12173+ mm->free_area_cache = base;
12174+ mm->cached_hole_size = ~0UL;
12175+
12176+ return addr;
12177+}
12178
12179 struct sel_arg_struct {
12180 unsigned long n;
12181@@ -93,7 +307,7 @@ asmlinkage int sys_ipc(uint call, int fi
12182 return sys_semtimedop(first, (struct sembuf __user *)ptr, second, NULL);
12183 case SEMTIMEDOP:
12184 return sys_semtimedop(first, (struct sembuf __user *)ptr, second,
12185- (const struct timespec __user *)fifth);
12186+ (__force const struct timespec __user *)fifth);
12187
12188 case SEMGET:
12189 return sys_semget(first, second, third);
12190@@ -140,7 +354,7 @@ asmlinkage int sys_ipc(uint call, int fi
12191 ret = do_shmat(first, (char __user *) ptr, second, &raddr);
12192 if (ret)
12193 return ret;
12194- return put_user(raddr, (ulong __user *) third);
12195+ return put_user(raddr, (__force ulong __user *) third);
12196 }
12197 case 1: /* iBCS2 emulator entry point */
12198 if (!segment_eq(get_fs(), get_ds()))
12199diff -urNp linux-2.6.32.8/arch/x86/kernel/sys_x86_64.c linux-2.6.32.8/arch/x86/kernel/sys_x86_64.c
12200--- linux-2.6.32.8/arch/x86/kernel/sys_x86_64.c 2010-02-09 07:57:19.000000000 -0500
12201+++ linux-2.6.32.8/arch/x86/kernel/sys_x86_64.c 2010-02-13 21:45:09.945907876 -0500
12202@@ -32,8 +32,8 @@ out:
12203 return error;
12204 }
12205
12206-static void find_start_end(unsigned long flags, unsigned long *begin,
12207- unsigned long *end)
12208+static void find_start_end(struct mm_struct *mm, unsigned long flags,
12209+ unsigned long *begin, unsigned long *end)
12210 {
12211 if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) {
12212 unsigned long new_begin;
12213@@ -52,7 +52,7 @@ static void find_start_end(unsigned long
12214 *begin = new_begin;
12215 }
12216 } else {
12217- *begin = TASK_UNMAPPED_BASE;
12218+ *begin = mm->mmap_base;
12219 *end = TASK_SIZE;
12220 }
12221 }
12222@@ -69,11 +69,15 @@ arch_get_unmapped_area(struct file *filp
12223 if (flags & MAP_FIXED)
12224 return addr;
12225
12226- find_start_end(flags, &begin, &end);
12227+ find_start_end(mm, flags, &begin, &end);
12228
12229 if (len > end)
12230 return -ENOMEM;
12231
12232+#ifdef CONFIG_PAX_RANDMMAP
12233+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
12234+#endif
12235+
12236 if (addr) {
12237 addr = PAGE_ALIGN(addr);
12238 vma = find_vma(mm, addr);
12239@@ -128,7 +132,7 @@ arch_get_unmapped_area_topdown(struct fi
12240 {
12241 struct vm_area_struct *vma;
12242 struct mm_struct *mm = current->mm;
12243- unsigned long addr = addr0;
12244+ unsigned long base = mm->mmap_base, addr = addr0;
12245
12246 /* requested length too big for entire address space */
12247 if (len > TASK_SIZE)
12248@@ -141,6 +145,10 @@ arch_get_unmapped_area_topdown(struct fi
12249 if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT))
12250 goto bottomup;
12251
12252+#ifdef CONFIG_PAX_RANDMMAP
12253+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
12254+#endif
12255+
12256 /* requesting a specific address */
12257 if (addr) {
12258 addr = PAGE_ALIGN(addr);
12259@@ -198,13 +206,21 @@ bottomup:
12260 * can happen with large stack limits and large mmap()
12261 * allocations.
12262 */
12263+ mm->mmap_base = TASK_UNMAPPED_BASE;
12264+
12265+#ifdef CONFIG_PAX_RANDMMAP
12266+ if (mm->pax_flags & MF_PAX_RANDMMAP)
12267+ mm->mmap_base += mm->delta_mmap;
12268+#endif
12269+
12270+ mm->free_area_cache = mm->mmap_base;
12271 mm->cached_hole_size = ~0UL;
12272- mm->free_area_cache = TASK_UNMAPPED_BASE;
12273 addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
12274 /*
12275 * Restore the topdown base:
12276 */
12277- mm->free_area_cache = mm->mmap_base;
12278+ mm->mmap_base = base;
12279+ mm->free_area_cache = base;
12280 mm->cached_hole_size = ~0UL;
12281
12282 return addr;
12283diff -urNp linux-2.6.32.8/arch/x86/kernel/time.c linux-2.6.32.8/arch/x86/kernel/time.c
12284--- linux-2.6.32.8/arch/x86/kernel/time.c 2010-02-09 07:57:19.000000000 -0500
12285+++ linux-2.6.32.8/arch/x86/kernel/time.c 2010-02-13 21:45:09.946861743 -0500
12286@@ -26,17 +26,13 @@
12287 int timer_ack;
12288 #endif
12289
12290-#ifdef CONFIG_X86_64
12291-volatile unsigned long __jiffies __section_jiffies = INITIAL_JIFFIES;
12292-#endif
12293-
12294 unsigned long profile_pc(struct pt_regs *regs)
12295 {
12296 unsigned long pc = instruction_pointer(regs);
12297
12298- if (!user_mode_vm(regs) && in_lock_functions(pc)) {
12299+ if (!user_mode(regs) && in_lock_functions(pc)) {
12300 #ifdef CONFIG_FRAME_POINTER
12301- return *(unsigned long *)(regs->bp + sizeof(long));
12302+ return ktla_ktva(*(unsigned long *)(regs->bp + sizeof(long)));
12303 #else
12304 unsigned long *sp =
12305 (unsigned long *)kernel_stack_pointer(regs);
12306@@ -45,11 +41,17 @@ unsigned long profile_pc(struct pt_regs
12307 * or above a saved flags. Eflags has bits 22-31 zero,
12308 * kernel addresses don't.
12309 */
12310+
12311+#ifdef CONFIG_PAX_KERNEXEC
12312+ return ktla_ktva(sp[0]);
12313+#else
12314 if (sp[0] >> 22)
12315 return sp[0];
12316 if (sp[1] >> 22)
12317 return sp[1];
12318 #endif
12319+
12320+#endif
12321 }
12322 return pc;
12323 }
12324diff -urNp linux-2.6.32.8/arch/x86/kernel/tls.c linux-2.6.32.8/arch/x86/kernel/tls.c
12325--- linux-2.6.32.8/arch/x86/kernel/tls.c 2010-02-09 07:57:19.000000000 -0500
12326+++ linux-2.6.32.8/arch/x86/kernel/tls.c 2010-02-13 21:45:09.946861743 -0500
12327@@ -85,6 +85,11 @@ int do_set_thread_area(struct task_struc
12328 if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
12329 return -EINVAL;
12330
12331+#ifdef CONFIG_PAX_SEGMEXEC
12332+ if ((p->mm->pax_flags & MF_PAX_SEGMEXEC) && (info.contents & MODIFY_LDT_CONTENTS_CODE))
12333+ return -EINVAL;
12334+#endif
12335+
12336 set_tls_desc(p, idx, &info, 1);
12337
12338 return 0;
12339diff -urNp linux-2.6.32.8/arch/x86/kernel/trampoline_32.S linux-2.6.32.8/arch/x86/kernel/trampoline_32.S
12340--- linux-2.6.32.8/arch/x86/kernel/trampoline_32.S 2010-02-09 07:57:19.000000000 -0500
12341+++ linux-2.6.32.8/arch/x86/kernel/trampoline_32.S 2010-02-13 21:45:09.946861743 -0500
12342@@ -32,6 +32,12 @@
12343 #include <asm/segment.h>
12344 #include <asm/page_types.h>
12345
12346+#ifdef CONFIG_PAX_KERNEXEC
12347+#define ta(X) (X)
12348+#else
12349+#define ta(X) ((X) - __PAGE_OFFSET)
12350+#endif
12351+
12352 /* We can free up trampoline after bootup if cpu hotplug is not supported. */
12353 __CPUINITRODATA
12354 .code16
12355@@ -60,7 +66,7 @@ r_base = .
12356 inc %ax # protected mode (PE) bit
12357 lmsw %ax # into protected mode
12358 # flush prefetch and jump to startup_32_smp in arch/i386/kernel/head.S
12359- ljmpl $__BOOT_CS, $(startup_32_smp-__PAGE_OFFSET)
12360+ ljmpl $__BOOT_CS, $ta(startup_32_smp)
12361
12362 # These need to be in the same 64K segment as the above;
12363 # hence we don't use the boot_gdt_descr defined in head.S
12364diff -urNp linux-2.6.32.8/arch/x86/kernel/traps.c linux-2.6.32.8/arch/x86/kernel/traps.c
12365--- linux-2.6.32.8/arch/x86/kernel/traps.c 2010-02-09 07:57:19.000000000 -0500
12366+++ linux-2.6.32.8/arch/x86/kernel/traps.c 2010-02-13 21:45:09.946861743 -0500
12367@@ -69,12 +69,6 @@ asmlinkage int system_call(void);
12368
12369 /* Do we ignore FPU interrupts ? */
12370 char ignore_fpu_irq;
12371-
12372-/*
12373- * The IDT has to be page-aligned to simplify the Pentium
12374- * F0 0F bug workaround.
12375- */
12376-gate_desc idt_table[NR_VECTORS] __page_aligned_data = { { { { 0, 0 } } }, };
12377 #endif
12378
12379 DECLARE_BITMAP(used_vectors, NR_VECTORS);
12380@@ -112,19 +106,19 @@ static inline void preempt_conditional_c
12381 static inline void
12382 die_if_kernel(const char *str, struct pt_regs *regs, long err)
12383 {
12384- if (!user_mode_vm(regs))
12385+ if (!user_mode(regs))
12386 die(str, regs, err);
12387 }
12388 #endif
12389
12390 static void __kprobes
12391-do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
12392+do_trap(int trapnr, int signr, const char *str, struct pt_regs *regs,
12393 long error_code, siginfo_t *info)
12394 {
12395 struct task_struct *tsk = current;
12396
12397 #ifdef CONFIG_X86_32
12398- if (regs->flags & X86_VM_MASK) {
12399+ if (v8086_mode(regs)) {
12400 /*
12401 * traps 0, 1, 3, 4, and 5 should be forwarded to vm86.
12402 * On nmi (interrupt 2), do_trap should not be called.
12403@@ -135,7 +129,7 @@ do_trap(int trapnr, int signr, char *str
12404 }
12405 #endif
12406
12407- if (!user_mode(regs))
12408+ if (!user_mode_novm(regs))
12409 goto kernel_trap;
12410
12411 #ifdef CONFIG_X86_32
12412@@ -158,7 +152,7 @@ trap_signal:
12413 printk_ratelimit()) {
12414 printk(KERN_INFO
12415 "%s[%d] trap %s ip:%lx sp:%lx error:%lx",
12416- tsk->comm, tsk->pid, str,
12417+ tsk->comm, task_pid_nr(tsk), str,
12418 regs->ip, regs->sp, error_code);
12419 print_vma_addr(" in ", regs->ip);
12420 printk("\n");
12421@@ -175,8 +169,20 @@ kernel_trap:
12422 if (!fixup_exception(regs)) {
12423 tsk->thread.error_code = error_code;
12424 tsk->thread.trap_no = trapnr;
12425+
12426+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
12427+ if (trapnr == 12 && (regs->cs & 0xFFFF) == __KERNEL_CS)
12428+ str = "PAX: suspicious stack segment fault";
12429+#endif
12430+
12431 die(str, regs, error_code);
12432 }
12433+
12434+#ifdef CONFIG_PAX_REFCOUNT
12435+ if (trapnr == 4)
12436+ pax_report_refcount_overflow(regs);
12437+#endif
12438+
12439 return;
12440
12441 #ifdef CONFIG_X86_32
12442@@ -265,14 +271,30 @@ do_general_protection(struct pt_regs *re
12443 conditional_sti(regs);
12444
12445 #ifdef CONFIG_X86_32
12446- if (regs->flags & X86_VM_MASK)
12447+ if (v8086_mode(regs))
12448 goto gp_in_vm86;
12449 #endif
12450
12451 tsk = current;
12452- if (!user_mode(regs))
12453+ if (!user_mode_novm(regs))
12454 goto gp_in_kernel;
12455
12456+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
12457+ if (!nx_enabled && tsk->mm && (tsk->mm->pax_flags & MF_PAX_PAGEEXEC)) {
12458+ struct mm_struct *mm = tsk->mm;
12459+ unsigned long limit;
12460+
12461+ down_write(&mm->mmap_sem);
12462+ limit = mm->context.user_cs_limit;
12463+ if (limit < TASK_SIZE) {
12464+ track_exec_limit(mm, limit, TASK_SIZE, VM_EXEC);
12465+ up_write(&mm->mmap_sem);
12466+ return;
12467+ }
12468+ up_write(&mm->mmap_sem);
12469+ }
12470+#endif
12471+
12472 tsk->thread.error_code = error_code;
12473 tsk->thread.trap_no = 13;
12474
12475@@ -305,6 +327,13 @@ gp_in_kernel:
12476 if (notify_die(DIE_GPF, "general protection fault", regs,
12477 error_code, 13, SIGSEGV) == NOTIFY_STOP)
12478 return;
12479+
12480+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
12481+ if ((regs->cs & 0xFFFF) == __KERNEL_CS)
12482+ die("PAX: suspicious general protection fault", regs, error_code);
12483+ else
12484+#endif
12485+
12486 die("general protection fault", regs, error_code);
12487 }
12488
12489@@ -558,7 +587,7 @@ dotraplinkage void __kprobes do_debug(st
12490 }
12491
12492 #ifdef CONFIG_X86_32
12493- if (regs->flags & X86_VM_MASK)
12494+ if (v8086_mode(regs))
12495 goto debug_vm86;
12496 #endif
12497
12498@@ -570,7 +599,7 @@ dotraplinkage void __kprobes do_debug(st
12499 * kernel space (but re-enable TF when returning to user mode).
12500 */
12501 if (condition & DR_STEP) {
12502- if (!user_mode(regs))
12503+ if (!user_mode_novm(regs))
12504 goto clear_TF_reenable;
12505 }
12506
12507@@ -757,7 +786,7 @@ do_simd_coprocessor_error(struct pt_regs
12508 * Handle strange cache flush from user space exception
12509 * in all other cases. This is undocumented behaviour.
12510 */
12511- if (regs->flags & X86_VM_MASK) {
12512+ if (v8086_mode(regs)) {
12513 handle_vm86_fault((struct kernel_vm86_regs *)regs, error_code);
12514 return;
12515 }
12516diff -urNp linux-2.6.32.8/arch/x86/kernel/tsc.c linux-2.6.32.8/arch/x86/kernel/tsc.c
12517--- linux-2.6.32.8/arch/x86/kernel/tsc.c 2010-02-09 07:57:19.000000000 -0500
12518+++ linux-2.6.32.8/arch/x86/kernel/tsc.c 2010-02-13 21:45:09.947770893 -0500
12519@@ -795,7 +795,7 @@ static struct dmi_system_id __initdata b
12520 DMI_MATCH(DMI_BOARD_NAME, "2635FA0"),
12521 },
12522 },
12523- {}
12524+ { NULL, NULL, {{0, {0}}}, NULL}
12525 };
12526
12527 static void __init check_system_tsc_reliable(void)
12528diff -urNp linux-2.6.32.8/arch/x86/kernel/vm86_32.c linux-2.6.32.8/arch/x86/kernel/vm86_32.c
12529--- linux-2.6.32.8/arch/x86/kernel/vm86_32.c 2010-02-09 07:57:19.000000000 -0500
12530+++ linux-2.6.32.8/arch/x86/kernel/vm86_32.c 2010-02-13 21:45:09.947770893 -0500
12531@@ -41,6 +41,7 @@
12532 #include <linux/ptrace.h>
12533 #include <linux/audit.h>
12534 #include <linux/stddef.h>
12535+#include <linux/grsecurity.h>
12536
12537 #include <asm/uaccess.h>
12538 #include <asm/io.h>
12539@@ -148,7 +149,7 @@ struct pt_regs *save_v86_state(struct ke
12540 do_exit(SIGSEGV);
12541 }
12542
12543- tss = &per_cpu(init_tss, get_cpu());
12544+ tss = init_tss + get_cpu();
12545 current->thread.sp0 = current->thread.saved_sp0;
12546 current->thread.sysenter_cs = __KERNEL_CS;
12547 load_sp0(tss, &current->thread);
12548@@ -208,6 +209,13 @@ int sys_vm86old(struct pt_regs *regs)
12549 struct task_struct *tsk;
12550 int tmp, ret = -EPERM;
12551
12552+#ifdef CONFIG_GRKERNSEC_VM86
12553+ if (!capable(CAP_SYS_RAWIO)) {
12554+ gr_handle_vm86();
12555+ goto out;
12556+ }
12557+#endif
12558+
12559 tsk = current;
12560 if (tsk->thread.saved_sp0)
12561 goto out;
12562@@ -238,6 +246,14 @@ int sys_vm86(struct pt_regs *regs)
12563 int tmp, ret;
12564 struct vm86plus_struct __user *v86;
12565
12566+#ifdef CONFIG_GRKERNSEC_VM86
12567+ if (!capable(CAP_SYS_RAWIO)) {
12568+ gr_handle_vm86();
12569+ ret = -EPERM;
12570+ goto out;
12571+ }
12572+#endif
12573+
12574 tsk = current;
12575 switch (regs->bx) {
12576 case VM86_REQUEST_IRQ:
12577@@ -324,7 +340,7 @@ static void do_sys_vm86(struct kernel_vm
12578 tsk->thread.saved_fs = info->regs32->fs;
12579 tsk->thread.saved_gs = get_user_gs(info->regs32);
12580
12581- tss = &per_cpu(init_tss, get_cpu());
12582+ tss = init_tss + get_cpu();
12583 tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0;
12584 if (cpu_has_sep)
12585 tsk->thread.sysenter_cs = 0;
12586@@ -529,7 +545,7 @@ static void do_int(struct kernel_vm86_re
12587 goto cannot_handle;
12588 if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored))
12589 goto cannot_handle;
12590- intr_ptr = (unsigned long __user *) (i << 2);
12591+ intr_ptr = (__force unsigned long __user *) (i << 2);
12592 if (get_user(segoffs, intr_ptr))
12593 goto cannot_handle;
12594 if ((segoffs >> 16) == BIOSSEG)
12595diff -urNp linux-2.6.32.8/arch/x86/kernel/vmi_32.c linux-2.6.32.8/arch/x86/kernel/vmi_32.c
12596--- linux-2.6.32.8/arch/x86/kernel/vmi_32.c 2010-02-09 07:57:19.000000000 -0500
12597+++ linux-2.6.32.8/arch/x86/kernel/vmi_32.c 2010-02-13 21:45:09.947770893 -0500
12598@@ -44,12 +44,17 @@ typedef u32 __attribute__((regparm(1)))
12599 typedef u64 __attribute__((regparm(2))) (VROMLONGFUNC)(int);
12600
12601 #define call_vrom_func(rom,func) \
12602- (((VROMFUNC *)(rom->func))())
12603+ (((VROMFUNC *)(ktva_ktla(rom.func)))())
12604
12605 #define call_vrom_long_func(rom,func,arg) \
12606- (((VROMLONGFUNC *)(rom->func)) (arg))
12607+({\
12608+ u64 __reloc = ((VROMLONGFUNC *)(ktva_ktla(rom.func))) (arg);\
12609+ struct vmi_relocation_info *const __rel = (struct vmi_relocation_info *)&__reloc;\
12610+ __rel->eip = (unsigned char *)ktva_ktla((unsigned long)__rel->eip);\
12611+ __reloc;\
12612+})
12613
12614-static struct vrom_header *vmi_rom;
12615+static struct vrom_header vmi_rom __attribute((__section__(".vmi.rom"), __aligned__(PAGE_SIZE)));
12616 static int disable_pge;
12617 static int disable_pse;
12618 static int disable_sep;
12619@@ -76,10 +81,10 @@ static struct {
12620 void (*set_initial_ap_state)(int, int);
12621 void (*halt)(void);
12622 void (*set_lazy_mode)(int mode);
12623-} vmi_ops;
12624+} vmi_ops __read_only;
12625
12626 /* Cached VMI operations */
12627-struct vmi_timer_ops vmi_timer_ops;
12628+struct vmi_timer_ops vmi_timer_ops __read_only;
12629
12630 /*
12631 * VMI patching routines.
12632@@ -94,7 +99,7 @@ struct vmi_timer_ops vmi_timer_ops;
12633 static inline void patch_offset(void *insnbuf,
12634 unsigned long ip, unsigned long dest)
12635 {
12636- *(unsigned long *)(insnbuf+1) = dest-ip-5;
12637+ *(unsigned long *)(insnbuf+1) = dest-ip-5;
12638 }
12639
12640 static unsigned patch_internal(int call, unsigned len, void *insnbuf,
12641@@ -102,6 +107,7 @@ static unsigned patch_internal(int call,
12642 {
12643 u64 reloc;
12644 struct vmi_relocation_info *const rel = (struct vmi_relocation_info *)&reloc;
12645+
12646 reloc = call_vrom_long_func(vmi_rom, get_reloc, call);
12647 switch(rel->type) {
12648 case VMI_RELOCATION_CALL_REL:
12649@@ -404,13 +410,13 @@ static void vmi_set_pud(pud_t *pudp, pud
12650
12651 static void vmi_pte_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep)
12652 {
12653- const pte_t pte = { .pte = 0 };
12654+ const pte_t pte = __pte(0ULL);
12655 vmi_ops.set_pte(pte, ptep, vmi_flags_addr(mm, addr, VMI_PAGE_PT, 0));
12656 }
12657
12658 static void vmi_pmd_clear(pmd_t *pmd)
12659 {
12660- const pte_t pte = { .pte = 0 };
12661+ const pte_t pte = __pte(0ULL);
12662 vmi_ops.set_pte(pte, (pte_t *)pmd, VMI_PAGE_PD);
12663 }
12664 #endif
12665@@ -438,8 +444,8 @@ vmi_startup_ipi_hook(int phys_apicid, un
12666 ap.ss = __KERNEL_DS;
12667 ap.esp = (unsigned long) start_esp;
12668
12669- ap.ds = __USER_DS;
12670- ap.es = __USER_DS;
12671+ ap.ds = __KERNEL_DS;
12672+ ap.es = __KERNEL_DS;
12673 ap.fs = __KERNEL_PERCPU;
12674 ap.gs = __KERNEL_STACK_CANARY;
12675
12676@@ -486,6 +492,18 @@ static void vmi_leave_lazy_mmu(void)
12677 paravirt_leave_lazy_mmu();
12678 }
12679
12680+#ifdef CONFIG_PAX_KERNEXEC
12681+static unsigned long vmi_pax_open_kernel(void)
12682+{
12683+ return 0;
12684+}
12685+
12686+static unsigned long vmi_pax_close_kernel(void)
12687+{
12688+ return 0;
12689+}
12690+#endif
12691+
12692 static inline int __init check_vmi_rom(struct vrom_header *rom)
12693 {
12694 struct pci_header *pci;
12695@@ -498,6 +516,10 @@ static inline int __init check_vmi_rom(s
12696 return 0;
12697 if (rom->vrom_signature != VMI_SIGNATURE)
12698 return 0;
12699+ if (rom->rom_length * 512 > sizeof(*rom)) {
12700+ printk(KERN_WARNING "PAX: VMI: ROM size too big: %x\n", rom->rom_length * 512);
12701+ return 0;
12702+ }
12703 if (rom->api_version_maj != VMI_API_REV_MAJOR ||
12704 rom->api_version_min+1 < VMI_API_REV_MINOR+1) {
12705 printk(KERN_WARNING "VMI: Found mismatched rom version %d.%d\n",
12706@@ -562,7 +584,7 @@ static inline int __init probe_vmi_rom(v
12707 struct vrom_header *romstart;
12708 romstart = (struct vrom_header *)isa_bus_to_virt(base);
12709 if (check_vmi_rom(romstart)) {
12710- vmi_rom = romstart;
12711+ vmi_rom = *romstart;
12712 return 1;
12713 }
12714 }
12715@@ -836,6 +858,11 @@ static inline int __init activate_vmi(vo
12716
12717 para_fill(pv_irq_ops.safe_halt, Halt);
12718
12719+#ifdef CONFIG_PAX_KERNEXEC
12720+ pv_mmu_ops.pax_open_kernel = vmi_pax_open_kernel;
12721+ pv_mmu_ops.pax_close_kernel = vmi_pax_close_kernel;
12722+#endif
12723+
12724 /*
12725 * Alternative instruction rewriting doesn't happen soon enough
12726 * to convert VMI_IRET to a call instead of a jump; so we have
12727@@ -853,16 +880,16 @@ static inline int __init activate_vmi(vo
12728
12729 void __init vmi_init(void)
12730 {
12731- if (!vmi_rom)
12732+ if (!vmi_rom.rom_signature)
12733 probe_vmi_rom();
12734 else
12735- check_vmi_rom(vmi_rom);
12736+ check_vmi_rom(&vmi_rom);
12737
12738 /* In case probing for or validating the ROM failed, basil */
12739- if (!vmi_rom)
12740+ if (!vmi_rom.rom_signature)
12741 return;
12742
12743- reserve_top_address(-vmi_rom->virtual_top);
12744+ reserve_top_address(-vmi_rom.virtual_top);
12745
12746 #ifdef CONFIG_X86_IO_APIC
12747 /* This is virtual hardware; timer routing is wired correctly */
12748@@ -874,7 +901,7 @@ void __init vmi_activate(void)
12749 {
12750 unsigned long flags;
12751
12752- if (!vmi_rom)
12753+ if (!vmi_rom.rom_signature)
12754 return;
12755
12756 local_irq_save(flags);
12757diff -urNp linux-2.6.32.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.8/arch/x86/kernel/vmlinux.lds.S
12758--- linux-2.6.32.8/arch/x86/kernel/vmlinux.lds.S 2010-02-09 07:57:19.000000000 -0500
12759+++ linux-2.6.32.8/arch/x86/kernel/vmlinux.lds.S 2010-02-13 21:45:09.948909328 -0500
12760@@ -26,6 +26,22 @@
12761 #include <asm/page_types.h>
12762 #include <asm/cache.h>
12763 #include <asm/boot.h>
12764+#include <asm/segment.h>
12765+
12766+#undef PMD_SIZE
12767+#undef PMD_SHIFT
12768+#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
12769+#define PMD_SHIFT 21
12770+#else
12771+#define PMD_SHIFT 22
12772+#endif
12773+#define PMD_SIZE (1 << PMD_SHIFT)
12774+
12775+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
12776+#define __KERNEL_TEXT_OFFSET (LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR)
12777+#else
12778+#define __KERNEL_TEXT_OFFSET 0
12779+#endif
12780
12781 #undef i386 /* in case the preprocessor is a 32bit one */
12782
12783@@ -34,40 +50,55 @@ OUTPUT_FORMAT(CONFIG_OUTPUT_FORMAT, CONF
12784 #ifdef CONFIG_X86_32
12785 OUTPUT_ARCH(i386)
12786 ENTRY(phys_startup_32)
12787-jiffies = jiffies_64;
12788 #else
12789 OUTPUT_ARCH(i386:x86-64)
12790 ENTRY(phys_startup_64)
12791-jiffies_64 = jiffies;
12792 #endif
12793
12794+jiffies = jiffies_64;
12795+
12796 PHDRS {
12797 text PT_LOAD FLAGS(5); /* R_E */
12798- data PT_LOAD FLAGS(7); /* RWE */
12799+#ifdef CONFIG_XEN
12800+ rodata PT_LOAD FLAGS(5); /* R_E */
12801+#else
12802+ rodata PT_LOAD FLAGS(4); /* R__ */
12803+#endif
12804+#ifdef CONFIG_X86_32
12805+ module PT_LOAD FLAGS(5); /* R_E */
12806+#endif
12807+ data PT_LOAD FLAGS(6); /* RW_ */
12808 #ifdef CONFIG_X86_64
12809 user PT_LOAD FLAGS(5); /* R_E */
12810+#endif
12811+ init.begin PT_LOAD FLAGS(6); /* RW_ */
12812 #ifdef CONFIG_SMP
12813 percpu PT_LOAD FLAGS(6); /* RW_ */
12814 #endif
12815+ text.init PT_LOAD FLAGS(5); /* R_E */
12816+ text.exit PT_LOAD FLAGS(5); /* R_E */
12817 init PT_LOAD FLAGS(7); /* RWE */
12818-#endif
12819 note PT_NOTE FLAGS(0); /* ___ */
12820 }
12821
12822 SECTIONS
12823 {
12824 #ifdef CONFIG_X86_32
12825- . = LOAD_OFFSET + LOAD_PHYSICAL_ADDR;
12826- phys_startup_32 = startup_32 - LOAD_OFFSET;
12827+ . = LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR;
12828 #else
12829- . = __START_KERNEL;
12830- phys_startup_64 = startup_64 - LOAD_OFFSET;
12831+ . = __START_KERNEL;
12832 #endif
12833
12834 /* Text and read-only data */
12835- .text : AT(ADDR(.text) - LOAD_OFFSET) {
12836- _text = .;
12837+ .text (. - __KERNEL_TEXT_OFFSET): AT(ADDR(.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
12838 /* bootstrapping code */
12839+#ifdef CONFIG_X86_32
12840+ phys_startup_32 = startup_32 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
12841+#else
12842+ phys_startup_64 = startup_64 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
12843+#endif
12844+ __LOAD_PHYSICAL_ADDR = . - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
12845+ _text = .;
12846 HEAD_TEXT
12847 #ifdef CONFIG_X86_32
12848 . = ALIGN(PAGE_SIZE);
12849@@ -82,28 +113,64 @@ SECTIONS
12850 IRQENTRY_TEXT
12851 *(.fixup)
12852 *(.gnu.warning)
12853- /* End of text section */
12854- _etext = .;
12855 } :text = 0x9090
12856
12857- NOTES :text :note
12858+ . += __KERNEL_TEXT_OFFSET;
12859+
12860+ . = ALIGN(PAGE_SIZE);
12861+ NOTES :rodata :note
12862
12863- EXCEPTION_TABLE(16) :text = 0x9090
12864+ EXCEPTION_TABLE(16) :rodata
12865
12866 RO_DATA(PAGE_SIZE)
12867
12868+#ifdef CONFIG_X86_32
12869+ . = ALIGN(PAGE_SIZE);
12870+ .rodata.page_aligned : AT(ADDR(.rodata.page_aligned) - LOAD_OFFSET) {
12871+ *(.idt)
12872+ . = ALIGN(PAGE_SIZE);
12873+ *(.empty_zero_page)
12874+ *(.swapper_pg_pmd)
12875+ *(.swapper_pg_dir)
12876+ }
12877+
12878+ . = ALIGN(PAGE_SIZE);
12879+ .vmi.rom : AT(ADDR(.vmi.rom) - LOAD_OFFSET) {
12880+ *(.vmi.rom)
12881+ } :module
12882+
12883+ . = ALIGN(PAGE_SIZE);
12884+ .module.text : AT(ADDR(.module.text) - LOAD_OFFSET) {
12885+
12886+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_MODULES)
12887+ MODULES_EXEC_VADDR = .;
12888+ BYTE(0)
12889+ . += (8 * 1024 * 1024);
12890+ . = ALIGN(PMD_SIZE);
12891+ MODULES_EXEC_END = . - 1;
12892+#endif
12893+
12894+ } :module
12895+#endif
12896+
12897 /* Data */
12898 .data : AT(ADDR(.data) - LOAD_OFFSET) {
12899+ /* End of text section */
12900+ _etext = . - __KERNEL_TEXT_OFFSET;
12901+
12902+#ifdef CONFIG_PAX_KERNEXEC
12903+ . = ALIGN(PMD_SIZE);
12904+#else
12905+ . = ALIGN(PAGE_SIZE);
12906+#endif
12907+
12908 /* Start of data section */
12909 _sdata = .;
12910
12911 /* init_task */
12912 INIT_TASK_DATA(THREAD_SIZE)
12913
12914-#ifdef CONFIG_X86_32
12915- /* 32 bit has nosave before _edata */
12916 NOSAVE_DATA
12917-#endif
12918
12919 PAGE_ALIGNED_DATA(PAGE_SIZE)
12920
12921@@ -166,12 +233,6 @@ SECTIONS
12922 }
12923 vgetcpu_mode = VVIRT(.vgetcpu_mode);
12924
12925- . = ALIGN(CONFIG_X86_L1_CACHE_BYTES);
12926- .jiffies : AT(VLOAD(.jiffies)) {
12927- *(.jiffies)
12928- }
12929- jiffies = VVIRT(.jiffies);
12930-
12931 .vsyscall_3 ADDR(.vsyscall_0) + 3072: AT(VLOAD(.vsyscall_3)) {
12932 *(.vsyscall_3)
12933 }
12934@@ -187,12 +248,19 @@ SECTIONS
12935 #endif /* CONFIG_X86_64 */
12936
12937 /* Init code and data - will be freed after init */
12938- . = ALIGN(PAGE_SIZE);
12939 .init.begin : AT(ADDR(.init.begin) - LOAD_OFFSET) {
12940+ BYTE(0)
12941+
12942+#ifdef CONFIG_PAX_KERNEXEC
12943+ . = ALIGN(PMD_SIZE);
12944+#else
12945+ . = ALIGN(PAGE_SIZE);
12946+#endif
12947+
12948 __init_begin = .; /* paired with __init_end */
12949- }
12950+ } :init.begin
12951
12952-#if defined(CONFIG_X86_64) && defined(CONFIG_SMP)
12953+#ifdef CONFIG_SMP
12954 /*
12955 * percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the
12956 * output PHDR, so the next output section - .init.text - should
12957@@ -201,12 +269,27 @@ SECTIONS
12958 PERCPU_VADDR(0, :percpu)
12959 #endif
12960
12961- INIT_TEXT_SECTION(PAGE_SIZE)
12962-#ifdef CONFIG_X86_64
12963- :init
12964-#endif
12965+ . = ALIGN(PAGE_SIZE);
12966+ init_begin = .;
12967+ .init.text (. - __KERNEL_TEXT_OFFSET): AT(init_begin - LOAD_OFFSET) {
12968+ VMLINUX_SYMBOL(_sinittext) = .;
12969+ INIT_TEXT
12970+ VMLINUX_SYMBOL(_einittext) = .;
12971+ . = ALIGN(PAGE_SIZE);
12972+ } :text.init
12973+
12974+ /*
12975+ * .exit.text is discard at runtime, not link time, to deal with
12976+ * references from .altinstructions and .eh_frame
12977+ */
12978+ .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) {
12979+ EXIT_TEXT
12980+ . = ALIGN(16);
12981+ } :text.exit
12982+ . = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text);
12983
12984- INIT_DATA_SECTION(16)
12985+ . = ALIGN(PAGE_SIZE);
12986+ INIT_DATA_SECTION(16) :init
12987
12988 .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
12989 __x86_cpu_dev_start = .;
12990@@ -232,19 +315,11 @@ SECTIONS
12991 *(.altinstr_replacement)
12992 }
12993
12994- /*
12995- * .exit.text is discard at runtime, not link time, to deal with
12996- * references from .altinstructions and .eh_frame
12997- */
12998- .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) {
12999- EXIT_TEXT
13000- }
13001-
13002 .exit.data : AT(ADDR(.exit.data) - LOAD_OFFSET) {
13003 EXIT_DATA
13004 }
13005
13006-#if !defined(CONFIG_X86_64) || !defined(CONFIG_SMP)
13007+#ifndef CONFIG_SMP
13008 PERCPU(PAGE_SIZE)
13009 #endif
13010
13011@@ -267,12 +342,6 @@ SECTIONS
13012 . = ALIGN(PAGE_SIZE);
13013 }
13014
13015-#ifdef CONFIG_X86_64
13016- .data_nosave : AT(ADDR(.data_nosave) - LOAD_OFFSET) {
13017- NOSAVE_DATA
13018- }
13019-#endif
13020-
13021 /* BSS */
13022 . = ALIGN(PAGE_SIZE);
13023 .bss : AT(ADDR(.bss) - LOAD_OFFSET) {
13024@@ -288,6 +357,7 @@ SECTIONS
13025 __brk_base = .;
13026 . += 64 * 1024; /* 64k alignment slop space */
13027 *(.brk_reservation) /* areas brk users have reserved */
13028+ . = ALIGN(PMD_SIZE);
13029 __brk_limit = .;
13030 }
13031
13032@@ -316,13 +386,12 @@ SECTIONS
13033 * for the boot processor.
13034 */
13035 #define INIT_PER_CPU(x) init_per_cpu__##x = per_cpu__##x + __per_cpu_load
13036-INIT_PER_CPU(gdt_page);
13037 INIT_PER_CPU(irq_stack_union);
13038
13039 /*
13040 * Build-time check on the image size:
13041 */
13042-. = ASSERT((_end - _text <= KERNEL_IMAGE_SIZE),
13043+. = ASSERT((_end - _text - __KERNEL_TEXT_OFFSET <= KERNEL_IMAGE_SIZE),
13044 "kernel image bigger than KERNEL_IMAGE_SIZE");
13045
13046 #ifdef CONFIG_SMP
13047diff -urNp linux-2.6.32.8/arch/x86/kernel/vsyscall_64.c linux-2.6.32.8/arch/x86/kernel/vsyscall_64.c
13048--- linux-2.6.32.8/arch/x86/kernel/vsyscall_64.c 2010-02-09 07:57:19.000000000 -0500
13049+++ linux-2.6.32.8/arch/x86/kernel/vsyscall_64.c 2010-02-13 21:45:09.948909328 -0500
13050@@ -79,6 +79,7 @@ void update_vsyscall(struct timespec *wa
13051
13052 write_seqlock_irqsave(&vsyscall_gtod_data.lock, flags);
13053 /* copy vsyscall data */
13054+ strlcpy(vsyscall_gtod_data.clock.name, clock->name, sizeof vsyscall_gtod_data.clock.name);
13055 vsyscall_gtod_data.clock.vread = clock->vread;
13056 vsyscall_gtod_data.clock.cycle_last = clock->cycle_last;
13057 vsyscall_gtod_data.clock.mask = clock->mask;
13058@@ -202,7 +203,7 @@ vgetcpu(unsigned *cpu, unsigned *node, s
13059 We do this here because otherwise user space would do it on
13060 its own in a likely inferior way (no access to jiffies).
13061 If you don't like it pass NULL. */
13062- if (tcache && tcache->blob[0] == (j = __jiffies)) {
13063+ if (tcache && tcache->blob[0] == (j = jiffies)) {
13064 p = tcache->blob[1];
13065 } else if (__vgetcpu_mode == VGETCPU_RDTSCP) {
13066 /* Load per CPU data from RDTSCP */
13067@@ -233,13 +234,13 @@ static ctl_table kernel_table2[] = {
13068 .data = &vsyscall_gtod_data.sysctl_enabled, .maxlen = sizeof(int),
13069 .mode = 0644,
13070 .proc_handler = proc_dointvec },
13071- {}
13072+ { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
13073 };
13074
13075 static ctl_table kernel_root_table2[] = {
13076 { .ctl_name = CTL_KERN, .procname = "kernel", .mode = 0555,
13077 .child = kernel_table2 },
13078- {}
13079+ { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
13080 };
13081 #endif
13082
13083diff -urNp linux-2.6.32.8/arch/x86/kernel/x8664_ksyms_64.c linux-2.6.32.8/arch/x86/kernel/x8664_ksyms_64.c
13084--- linux-2.6.32.8/arch/x86/kernel/x8664_ksyms_64.c 2010-02-09 07:57:19.000000000 -0500
13085+++ linux-2.6.32.8/arch/x86/kernel/x8664_ksyms_64.c 2010-02-13 21:45:09.948909328 -0500
13086@@ -30,8 +30,6 @@ EXPORT_SYMBOL(__put_user_8);
13087
13088 EXPORT_SYMBOL(copy_user_generic);
13089 EXPORT_SYMBOL(__copy_user_nocache);
13090-EXPORT_SYMBOL(copy_from_user);
13091-EXPORT_SYMBOL(copy_to_user);
13092 EXPORT_SYMBOL(__copy_from_user_inatomic);
13093
13094 EXPORT_SYMBOL(copy_page);
13095diff -urNp linux-2.6.32.8/arch/x86/kernel/xsave.c linux-2.6.32.8/arch/x86/kernel/xsave.c
13096--- linux-2.6.32.8/arch/x86/kernel/xsave.c 2010-02-09 07:57:19.000000000 -0500
13097+++ linux-2.6.32.8/arch/x86/kernel/xsave.c 2010-02-13 21:45:09.948909328 -0500
13098@@ -54,7 +54,7 @@ int check_for_xstate(struct i387_fxsave_
13099 fx_sw_user->xstate_size > fx_sw_user->extended_size)
13100 return -1;
13101
13102- err = __get_user(magic2, (__u32 *) (((void *)fpstate) +
13103+ err = __get_user(magic2, (__u32 __user *) (((void __user *)fpstate) +
13104 fx_sw_user->extended_size -
13105 FP_XSTATE_MAGIC2_SIZE));
13106 /*
13107@@ -196,7 +196,7 @@ fx_only:
13108 * the other extended state.
13109 */
13110 xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE);
13111- return fxrstor_checking((__force struct i387_fxsave_struct *)buf);
13112+ return fxrstor_checking((struct i387_fxsave_struct __user *)buf);
13113 }
13114
13115 /*
13116@@ -228,7 +228,7 @@ int restore_i387_xstate(void __user *buf
13117 if (task_thread_info(tsk)->status & TS_XSAVE)
13118 err = restore_user_xstate(buf);
13119 else
13120- err = fxrstor_checking((__force struct i387_fxsave_struct *)
13121+ err = fxrstor_checking((struct i387_fxsave_struct __user *)
13122 buf);
13123 if (unlikely(err)) {
13124 /*
13125diff -urNp linux-2.6.32.8/arch/x86/kvm/emulate.c linux-2.6.32.8/arch/x86/kvm/emulate.c
13126--- linux-2.6.32.8/arch/x86/kvm/emulate.c 2010-02-09 07:57:19.000000000 -0500
13127+++ linux-2.6.32.8/arch/x86/kvm/emulate.c 2010-02-13 21:45:09.949559591 -0500
13128@@ -389,6 +389,7 @@ static u32 group2_table[] = {
13129
13130 #define ____emulate_2op(_op, _src, _dst, _eflags, _x, _y, _suffix) \
13131 do { \
13132+ unsigned long _tmp; \
13133 __asm__ __volatile__ ( \
13134 _PRE_EFLAGS("0", "4", "2") \
13135 _op _suffix " %"_x"3,%1; " \
13136@@ -402,8 +403,6 @@ static u32 group2_table[] = {
13137 /* Raw emulation: instruction has two explicit operands. */
13138 #define __emulate_2op_nobyte(_op,_src,_dst,_eflags,_wx,_wy,_lx,_ly,_qx,_qy) \
13139 do { \
13140- unsigned long _tmp; \
13141- \
13142 switch ((_dst).bytes) { \
13143 case 2: \
13144 ____emulate_2op(_op,_src,_dst,_eflags,_wx,_wy,"w"); \
13145@@ -419,7 +418,6 @@ static u32 group2_table[] = {
13146
13147 #define __emulate_2op(_op,_src,_dst,_eflags,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \
13148 do { \
13149- unsigned long _tmp; \
13150 switch ((_dst).bytes) { \
13151 case 1: \
13152 ____emulate_2op(_op,_src,_dst,_eflags,_bx,_by,"b"); \
13153diff -urNp linux-2.6.32.8/arch/x86/kvm/svm.c linux-2.6.32.8/arch/x86/kvm/svm.c
13154--- linux-2.6.32.8/arch/x86/kvm/svm.c 2010-02-09 07:57:19.000000000 -0500
13155+++ linux-2.6.32.8/arch/x86/kvm/svm.c 2010-02-13 21:45:09.949559591 -0500
13156@@ -2389,9 +2389,12 @@ static int handle_exit(struct kvm_run *k
13157 static void reload_tss(struct kvm_vcpu *vcpu)
13158 {
13159 int cpu = raw_smp_processor_id();
13160-
13161 struct svm_cpu_data *svm_data = per_cpu(svm_data, cpu);
13162+
13163+ pax_open_kernel();
13164 svm_data->tss_desc->type = 9; /* available 32/64-bit TSS */
13165+ pax_close_kernel();
13166+
13167 load_TR_desc();
13168 }
13169
13170@@ -2839,7 +2842,7 @@ static bool svm_gb_page_enable(void)
13171 return true;
13172 }
13173
13174-static struct kvm_x86_ops svm_x86_ops = {
13175+static const struct kvm_x86_ops svm_x86_ops = {
13176 .cpu_has_kvm_support = has_svm,
13177 .disabled_by_bios = is_disabled,
13178 .hardware_setup = svm_hardware_setup,
13179diff -urNp linux-2.6.32.8/arch/x86/kvm/vmx.c linux-2.6.32.8/arch/x86/kvm/vmx.c
13180--- linux-2.6.32.8/arch/x86/kvm/vmx.c 2010-02-09 07:57:19.000000000 -0500
13181+++ linux-2.6.32.8/arch/x86/kvm/vmx.c 2010-02-13 21:45:09.950839132 -0500
13182@@ -566,7 +566,11 @@ static void reload_tss(void)
13183
13184 kvm_get_gdt(&gdt);
13185 descs = (void *)gdt.base;
13186+
13187+ pax_open_kernel();
13188 descs[GDT_ENTRY_TSS].type = 9; /* available TSS */
13189+ pax_close_kernel();
13190+
13191 load_TR_desc();
13192 }
13193
13194@@ -1388,8 +1392,11 @@ static __init int hardware_setup(void)
13195 if (!cpu_has_vmx_flexpriority())
13196 flexpriority_enabled = 0;
13197
13198- if (!cpu_has_vmx_tpr_shadow())
13199- kvm_x86_ops->update_cr8_intercept = NULL;
13200+ if (!cpu_has_vmx_tpr_shadow()) {
13201+ pax_open_kernel();
13202+ *(void **)&kvm_x86_ops->update_cr8_intercept = NULL;
13203+ pax_close_kernel();
13204+ }
13205
13206 if (enable_ept && !cpu_has_vmx_ept_2m_page())
13207 kvm_disable_largepages();
13208@@ -2339,7 +2346,7 @@ static int vmx_vcpu_setup(struct vcpu_vm
13209 vmcs_writel(HOST_IDTR_BASE, dt.base); /* 22.2.4 */
13210
13211 asm("mov $.Lkvm_vmx_return, %0" : "=r"(kvm_vmx_return));
13212- vmcs_writel(HOST_RIP, kvm_vmx_return); /* 22.2.5 */
13213+ vmcs_writel(HOST_RIP, ktla_ktva(kvm_vmx_return)); /* 22.2.5 */
13214 vmcs_write32(VM_EXIT_MSR_STORE_COUNT, 0);
13215 vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, 0);
13216 vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, 0);
13217@@ -3682,6 +3689,12 @@ static void vmx_vcpu_run(struct kvm_vcpu
13218 "jmp .Lkvm_vmx_return \n\t"
13219 ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t"
13220 ".Lkvm_vmx_return: "
13221+
13222+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
13223+ "ljmp %[cs],$.Lkvm_vmx_return2\n\t"
13224+ ".Lkvm_vmx_return2: "
13225+#endif
13226+
13227 /* Save guest registers, load host registers, keep flags */
13228 "xchg %0, (%%"R"sp) \n\t"
13229 "mov %%"R"ax, %c[rax](%0) \n\t"
13230@@ -3728,6 +3741,11 @@ static void vmx_vcpu_run(struct kvm_vcpu
13231 [r15]"i"(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R15])),
13232 #endif
13233 [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2))
13234+
13235+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
13236+ ,[cs]"i"(__KERNEL_CS)
13237+#endif
13238+
13239 : "cc", "memory"
13240 , R"bx", R"di", R"si"
13241 #ifdef CONFIG_X86_64
13242@@ -3746,7 +3764,7 @@ static void vmx_vcpu_run(struct kvm_vcpu
13243 if (vmx->rmode.irq.pending)
13244 fixup_rmode_irq(vmx);
13245
13246- asm("mov %0, %%ds; mov %0, %%es" : : "r"(__USER_DS));
13247+ asm("mov %0, %%ds; mov %0, %%es" : : "r"(__KERNEL_DS));
13248 vmx->launched = 1;
13249
13250 vmx_complete_interrupts(vmx);
13251@@ -3921,7 +3939,7 @@ static bool vmx_gb_page_enable(void)
13252 return false;
13253 }
13254
13255-static struct kvm_x86_ops vmx_x86_ops = {
13256+static const struct kvm_x86_ops vmx_x86_ops = {
13257 .cpu_has_kvm_support = cpu_has_kvm_support,
13258 .disabled_by_bios = vmx_disabled_by_bios,
13259 .hardware_setup = hardware_setup,
13260diff -urNp linux-2.6.32.8/arch/x86/kvm/x86.c linux-2.6.32.8/arch/x86/kvm/x86.c
13261--- linux-2.6.32.8/arch/x86/kvm/x86.c 2010-02-09 07:57:19.000000000 -0500
13262+++ linux-2.6.32.8/arch/x86/kvm/x86.c 2010-02-13 21:45:09.951822983 -0500
13263@@ -81,45 +81,45 @@ static void update_cr8_intercept(struct
13264 static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid,
13265 struct kvm_cpuid_entry2 __user *entries);
13266
13267-struct kvm_x86_ops *kvm_x86_ops;
13268+const struct kvm_x86_ops *kvm_x86_ops;
13269 EXPORT_SYMBOL_GPL(kvm_x86_ops);
13270
13271 int ignore_msrs = 0;
13272 module_param_named(ignore_msrs, ignore_msrs, bool, S_IRUGO | S_IWUSR);
13273
13274 struct kvm_stats_debugfs_item debugfs_entries[] = {
13275- { "pf_fixed", VCPU_STAT(pf_fixed) },
13276- { "pf_guest", VCPU_STAT(pf_guest) },
13277- { "tlb_flush", VCPU_STAT(tlb_flush) },
13278- { "invlpg", VCPU_STAT(invlpg) },
13279- { "exits", VCPU_STAT(exits) },
13280- { "io_exits", VCPU_STAT(io_exits) },
13281- { "mmio_exits", VCPU_STAT(mmio_exits) },
13282- { "signal_exits", VCPU_STAT(signal_exits) },
13283- { "irq_window", VCPU_STAT(irq_window_exits) },
13284- { "nmi_window", VCPU_STAT(nmi_window_exits) },
13285- { "halt_exits", VCPU_STAT(halt_exits) },
13286- { "halt_wakeup", VCPU_STAT(halt_wakeup) },
13287- { "hypercalls", VCPU_STAT(hypercalls) },
13288- { "request_irq", VCPU_STAT(request_irq_exits) },
13289- { "irq_exits", VCPU_STAT(irq_exits) },
13290- { "host_state_reload", VCPU_STAT(host_state_reload) },
13291- { "efer_reload", VCPU_STAT(efer_reload) },
13292- { "fpu_reload", VCPU_STAT(fpu_reload) },
13293- { "insn_emulation", VCPU_STAT(insn_emulation) },
13294- { "insn_emulation_fail", VCPU_STAT(insn_emulation_fail) },
13295- { "irq_injections", VCPU_STAT(irq_injections) },
13296- { "nmi_injections", VCPU_STAT(nmi_injections) },
13297- { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped) },
13298- { "mmu_pte_write", VM_STAT(mmu_pte_write) },
13299- { "mmu_pte_updated", VM_STAT(mmu_pte_updated) },
13300- { "mmu_pde_zapped", VM_STAT(mmu_pde_zapped) },
13301- { "mmu_flooded", VM_STAT(mmu_flooded) },
13302- { "mmu_recycled", VM_STAT(mmu_recycled) },
13303- { "mmu_cache_miss", VM_STAT(mmu_cache_miss) },
13304- { "mmu_unsync", VM_STAT(mmu_unsync) },
13305- { "remote_tlb_flush", VM_STAT(remote_tlb_flush) },
13306- { "largepages", VM_STAT(lpages) },
13307+ { "pf_fixed", VCPU_STAT(pf_fixed), NULL },
13308+ { "pf_guest", VCPU_STAT(pf_guest), NULL },
13309+ { "tlb_flush", VCPU_STAT(tlb_flush), NULL },
13310+ { "invlpg", VCPU_STAT(invlpg), NULL },
13311+ { "exits", VCPU_STAT(exits), NULL },
13312+ { "io_exits", VCPU_STAT(io_exits), NULL },
13313+ { "mmio_exits", VCPU_STAT(mmio_exits), NULL },
13314+ { "signal_exits", VCPU_STAT(signal_exits), NULL },
13315+ { "irq_window", VCPU_STAT(irq_window_exits), NULL },
13316+ { "nmi_window", VCPU_STAT(nmi_window_exits), NULL },
13317+ { "halt_exits", VCPU_STAT(halt_exits), NULL },
13318+ { "halt_wakeup", VCPU_STAT(halt_wakeup), NULL },
13319+ { "hypercalls", VCPU_STAT(hypercalls), NULL },
13320+ { "request_irq", VCPU_STAT(request_irq_exits), NULL },
13321+ { "irq_exits", VCPU_STAT(irq_exits), NULL },
13322+ { "host_state_reload", VCPU_STAT(host_state_reload), NULL },
13323+ { "efer_reload", VCPU_STAT(efer_reload), NULL },
13324+ { "fpu_reload", VCPU_STAT(fpu_reload), NULL },
13325+ { "insn_emulation", VCPU_STAT(insn_emulation), NULL },
13326+ { "insn_emulation_fail", VCPU_STAT(insn_emulation_fail), NULL },
13327+ { "irq_injections", VCPU_STAT(irq_injections), NULL },
13328+ { "nmi_injections", VCPU_STAT(nmi_injections), NULL },
13329+ { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped), NULL },
13330+ { "mmu_pte_write", VM_STAT(mmu_pte_write), NULL },
13331+ { "mmu_pte_updated", VM_STAT(mmu_pte_updated), NULL },
13332+ { "mmu_pde_zapped", VM_STAT(mmu_pde_zapped), NULL },
13333+ { "mmu_flooded", VM_STAT(mmu_flooded), NULL },
13334+ { "mmu_recycled", VM_STAT(mmu_recycled), NULL },
13335+ { "mmu_cache_miss", VM_STAT(mmu_cache_miss), NULL },
13336+ { "mmu_unsync", VM_STAT(mmu_unsync), NULL },
13337+ { "remote_tlb_flush", VM_STAT(remote_tlb_flush), NULL },
13338+ { "largepages", VM_STAT(lpages), NULL },
13339 { NULL }
13340 };
13341
13342@@ -1659,7 +1659,7 @@ static int kvm_vcpu_ioctl_set_lapic(stru
13343 static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
13344 struct kvm_interrupt *irq)
13345 {
13346- if (irq->irq < 0 || irq->irq >= 256)
13347+ if (irq->irq >= 256)
13348 return -EINVAL;
13349 if (irqchip_in_kernel(vcpu->kvm))
13350 return -ENXIO;
13351@@ -3171,10 +3171,10 @@ static struct notifier_block kvmclock_cp
13352 .notifier_call = kvmclock_cpufreq_notifier
13353 };
13354
13355-int kvm_arch_init(void *opaque)
13356+int kvm_arch_init(const void *opaque)
13357 {
13358 int r, cpu;
13359- struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque;
13360+ const struct kvm_x86_ops *ops = (const struct kvm_x86_ops *)opaque;
13361
13362 if (kvm_x86_ops) {
13363 printk(KERN_ERR "kvm: already loaded the other module\n");
13364diff -urNp linux-2.6.32.8/arch/x86/lib/checksum_32.S linux-2.6.32.8/arch/x86/lib/checksum_32.S
13365--- linux-2.6.32.8/arch/x86/lib/checksum_32.S 2010-02-09 07:57:19.000000000 -0500
13366+++ linux-2.6.32.8/arch/x86/lib/checksum_32.S 2010-02-13 21:45:09.952704205 -0500
13367@@ -28,7 +28,8 @@
13368 #include <linux/linkage.h>
13369 #include <asm/dwarf2.h>
13370 #include <asm/errno.h>
13371-
13372+#include <asm/segment.h>
13373+
13374 /*
13375 * computes a partial checksum, e.g. for TCP/UDP fragments
13376 */
13377@@ -304,9 +305,22 @@ unsigned int csum_partial_copy_generic (
13378
13379 #define ARGBASE 16
13380 #define FP 12
13381-
13382-ENTRY(csum_partial_copy_generic)
13383+
13384+ENTRY(csum_partial_copy_generic_to_user)
13385 CFI_STARTPROC
13386+ pushl $(__USER_DS)
13387+ CFI_ADJUST_CFA_OFFSET 4
13388+ popl %es
13389+ CFI_ADJUST_CFA_OFFSET -4
13390+ jmp csum_partial_copy_generic
13391+
13392+ENTRY(csum_partial_copy_generic_from_user)
13393+ pushl $(__USER_DS)
13394+ CFI_ADJUST_CFA_OFFSET 4
13395+ popl %ds
13396+ CFI_ADJUST_CFA_OFFSET -4
13397+
13398+ENTRY(csum_partial_copy_generic)
13399 subl $4,%esp
13400 CFI_ADJUST_CFA_OFFSET 4
13401 pushl %edi
13402@@ -331,7 +345,7 @@ ENTRY(csum_partial_copy_generic)
13403 jmp 4f
13404 SRC(1: movw (%esi), %bx )
13405 addl $2, %esi
13406-DST( movw %bx, (%edi) )
13407+DST( movw %bx, %es:(%edi) )
13408 addl $2, %edi
13409 addw %bx, %ax
13410 adcl $0, %eax
13411@@ -343,30 +357,30 @@ DST( movw %bx, (%edi) )
13412 SRC(1: movl (%esi), %ebx )
13413 SRC( movl 4(%esi), %edx )
13414 adcl %ebx, %eax
13415-DST( movl %ebx, (%edi) )
13416+DST( movl %ebx, %es:(%edi) )
13417 adcl %edx, %eax
13418-DST( movl %edx, 4(%edi) )
13419+DST( movl %edx, %es:4(%edi) )
13420
13421 SRC( movl 8(%esi), %ebx )
13422 SRC( movl 12(%esi), %edx )
13423 adcl %ebx, %eax
13424-DST( movl %ebx, 8(%edi) )
13425+DST( movl %ebx, %es:8(%edi) )
13426 adcl %edx, %eax
13427-DST( movl %edx, 12(%edi) )
13428+DST( movl %edx, %es:12(%edi) )
13429
13430 SRC( movl 16(%esi), %ebx )
13431 SRC( movl 20(%esi), %edx )
13432 adcl %ebx, %eax
13433-DST( movl %ebx, 16(%edi) )
13434+DST( movl %ebx, %es:16(%edi) )
13435 adcl %edx, %eax
13436-DST( movl %edx, 20(%edi) )
13437+DST( movl %edx, %es:20(%edi) )
13438
13439 SRC( movl 24(%esi), %ebx )
13440 SRC( movl 28(%esi), %edx )
13441 adcl %ebx, %eax
13442-DST( movl %ebx, 24(%edi) )
13443+DST( movl %ebx, %es:24(%edi) )
13444 adcl %edx, %eax
13445-DST( movl %edx, 28(%edi) )
13446+DST( movl %edx, %es:28(%edi) )
13447
13448 lea 32(%esi), %esi
13449 lea 32(%edi), %edi
13450@@ -380,7 +394,7 @@ DST( movl %edx, 28(%edi) )
13451 shrl $2, %edx # This clears CF
13452 SRC(3: movl (%esi), %ebx )
13453 adcl %ebx, %eax
13454-DST( movl %ebx, (%edi) )
13455+DST( movl %ebx, %es:(%edi) )
13456 lea 4(%esi), %esi
13457 lea 4(%edi), %edi
13458 dec %edx
13459@@ -392,12 +406,12 @@ DST( movl %ebx, (%edi) )
13460 jb 5f
13461 SRC( movw (%esi), %cx )
13462 leal 2(%esi), %esi
13463-DST( movw %cx, (%edi) )
13464+DST( movw %cx, %es:(%edi) )
13465 leal 2(%edi), %edi
13466 je 6f
13467 shll $16,%ecx
13468 SRC(5: movb (%esi), %cl )
13469-DST( movb %cl, (%edi) )
13470+DST( movb %cl, %es:(%edi) )
13471 6: addl %ecx, %eax
13472 adcl $0, %eax
13473 7:
13474@@ -408,7 +422,7 @@ DST( movb %cl, (%edi) )
13475
13476 6001:
13477 movl ARGBASE+20(%esp), %ebx # src_err_ptr
13478- movl $-EFAULT, (%ebx)
13479+ movl $-EFAULT, %ss:(%ebx)
13480
13481 # zero the complete destination - computing the rest
13482 # is too much work
13483@@ -421,11 +435,19 @@ DST( movb %cl, (%edi) )
13484
13485 6002:
13486 movl ARGBASE+24(%esp), %ebx # dst_err_ptr
13487- movl $-EFAULT,(%ebx)
13488+ movl $-EFAULT,%ss:(%ebx)
13489 jmp 5000b
13490
13491 .previous
13492
13493+ pushl %ss
13494+ CFI_ADJUST_CFA_OFFSET 4
13495+ popl %ds
13496+ CFI_ADJUST_CFA_OFFSET -4
13497+ pushl %ss
13498+ CFI_ADJUST_CFA_OFFSET 4
13499+ popl %es
13500+ CFI_ADJUST_CFA_OFFSET -4
13501 popl %ebx
13502 CFI_ADJUST_CFA_OFFSET -4
13503 CFI_RESTORE ebx
13504@@ -439,26 +461,41 @@ DST( movb %cl, (%edi) )
13505 CFI_ADJUST_CFA_OFFSET -4
13506 ret
13507 CFI_ENDPROC
13508-ENDPROC(csum_partial_copy_generic)
13509+ENDPROC(csum_partial_copy_generic_to_user)
13510
13511 #else
13512
13513 /* Version for PentiumII/PPro */
13514
13515 #define ROUND1(x) \
13516+ nop; nop; nop; \
13517 SRC(movl x(%esi), %ebx ) ; \
13518 addl %ebx, %eax ; \
13519- DST(movl %ebx, x(%edi) ) ;
13520+ DST(movl %ebx, %es:x(%edi)) ;
13521
13522 #define ROUND(x) \
13523+ nop; nop; nop; \
13524 SRC(movl x(%esi), %ebx ) ; \
13525 adcl %ebx, %eax ; \
13526- DST(movl %ebx, x(%edi) ) ;
13527+ DST(movl %ebx, %es:x(%edi)) ;
13528
13529 #define ARGBASE 12
13530-
13531-ENTRY(csum_partial_copy_generic)
13532+
13533+ENTRY(csum_partial_copy_generic_to_user)
13534 CFI_STARTPROC
13535+ pushl $(__USER_DS)
13536+ CFI_ADJUST_CFA_OFFSET 4
13537+ popl %es
13538+ CFI_ADJUST_CFA_OFFSET -4
13539+ jmp csum_partial_copy_generic
13540+
13541+ENTRY(csum_partial_copy_generic_from_user)
13542+ pushl $(__USER_DS)
13543+ CFI_ADJUST_CFA_OFFSET 4
13544+ popl %ds
13545+ CFI_ADJUST_CFA_OFFSET -4
13546+
13547+ENTRY(csum_partial_copy_generic)
13548 pushl %ebx
13549 CFI_ADJUST_CFA_OFFSET 4
13550 CFI_REL_OFFSET ebx, 0
13551@@ -482,7 +519,7 @@ ENTRY(csum_partial_copy_generic)
13552 subl %ebx, %edi
13553 lea -1(%esi),%edx
13554 andl $-32,%edx
13555- lea 3f(%ebx,%ebx), %ebx
13556+ lea 3f(%ebx,%ebx,2), %ebx
13557 testl %esi, %esi
13558 jmp *%ebx
13559 1: addl $64,%esi
13560@@ -503,19 +540,19 @@ ENTRY(csum_partial_copy_generic)
13561 jb 5f
13562 SRC( movw (%esi), %dx )
13563 leal 2(%esi), %esi
13564-DST( movw %dx, (%edi) )
13565+DST( movw %dx, %es:(%edi) )
13566 leal 2(%edi), %edi
13567 je 6f
13568 shll $16,%edx
13569 5:
13570 SRC( movb (%esi), %dl )
13571-DST( movb %dl, (%edi) )
13572+DST( movb %dl, %es:(%edi) )
13573 6: addl %edx, %eax
13574 adcl $0, %eax
13575 7:
13576 .section .fixup, "ax"
13577 6001: movl ARGBASE+20(%esp), %ebx # src_err_ptr
13578- movl $-EFAULT, (%ebx)
13579+ movl $-EFAULT, %ss:(%ebx)
13580 # zero the complete destination (computing the rest is too much work)
13581 movl ARGBASE+8(%esp),%edi # dst
13582 movl ARGBASE+12(%esp),%ecx # len
13583@@ -523,10 +560,18 @@ DST( movb %dl, (%edi) )
13584 rep; stosb
13585 jmp 7b
13586 6002: movl ARGBASE+24(%esp), %ebx # dst_err_ptr
13587- movl $-EFAULT, (%ebx)
13588+ movl $-EFAULT, %ss:(%ebx)
13589 jmp 7b
13590 .previous
13591
13592+ pushl %ss
13593+ CFI_ADJUST_CFA_OFFSET 4
13594+ popl %ds
13595+ CFI_ADJUST_CFA_OFFSET -4
13596+ pushl %ss
13597+ CFI_ADJUST_CFA_OFFSET 4
13598+ popl %es
13599+ CFI_ADJUST_CFA_OFFSET -4
13600 popl %esi
13601 CFI_ADJUST_CFA_OFFSET -4
13602 CFI_RESTORE esi
13603@@ -538,7 +583,7 @@ DST( movb %dl, (%edi) )
13604 CFI_RESTORE ebx
13605 ret
13606 CFI_ENDPROC
13607-ENDPROC(csum_partial_copy_generic)
13608+ENDPROC(csum_partial_copy_generic_to_user)
13609
13610 #undef ROUND
13611 #undef ROUND1
13612diff -urNp linux-2.6.32.8/arch/x86/lib/clear_page_64.S linux-2.6.32.8/arch/x86/lib/clear_page_64.S
13613--- linux-2.6.32.8/arch/x86/lib/clear_page_64.S 2010-02-09 07:57:19.000000000 -0500
13614+++ linux-2.6.32.8/arch/x86/lib/clear_page_64.S 2010-02-13 21:45:09.952704205 -0500
13615@@ -43,7 +43,7 @@ ENDPROC(clear_page)
13616
13617 #include <asm/cpufeature.h>
13618
13619- .section .altinstr_replacement,"ax"
13620+ .section .altinstr_replacement,"a"
13621 1: .byte 0xeb /* jmp <disp8> */
13622 .byte (clear_page_c - clear_page) - (2f - 1b) /* offset */
13623 2:
13624diff -urNp linux-2.6.32.8/arch/x86/lib/copy_page_64.S linux-2.6.32.8/arch/x86/lib/copy_page_64.S
13625--- linux-2.6.32.8/arch/x86/lib/copy_page_64.S 2010-02-09 07:57:19.000000000 -0500
13626+++ linux-2.6.32.8/arch/x86/lib/copy_page_64.S 2010-02-13 21:45:09.952704205 -0500
13627@@ -104,7 +104,7 @@ ENDPROC(copy_page)
13628
13629 #include <asm/cpufeature.h>
13630
13631- .section .altinstr_replacement,"ax"
13632+ .section .altinstr_replacement,"a"
13633 1: .byte 0xeb /* jmp <disp8> */
13634 .byte (copy_page_c - copy_page) - (2f - 1b) /* offset */
13635 2:
13636diff -urNp linux-2.6.32.8/arch/x86/lib/copy_user_64.S linux-2.6.32.8/arch/x86/lib/copy_user_64.S
13637--- linux-2.6.32.8/arch/x86/lib/copy_user_64.S 2010-02-09 07:57:19.000000000 -0500
13638+++ linux-2.6.32.8/arch/x86/lib/copy_user_64.S 2010-02-13 21:45:09.952704205 -0500
13639@@ -21,7 +21,7 @@
13640 .byte 0xe9 /* 32bit jump */
13641 .long \orig-1f /* by default jump to orig */
13642 1:
13643- .section .altinstr_replacement,"ax"
13644+ .section .altinstr_replacement,"a"
13645 2: .byte 0xe9 /* near jump with 32bit immediate */
13646 .long \alt-1b /* offset */ /* or alternatively to alt */
13647 .previous
13648@@ -64,32 +64,6 @@
13649 #endif
13650 .endm
13651
13652-/* Standard copy_to_user with segment limit checking */
13653-ENTRY(copy_to_user)
13654- CFI_STARTPROC
13655- GET_THREAD_INFO(%rax)
13656- movq %rdi,%rcx
13657- addq %rdx,%rcx
13658- jc bad_to_user
13659- cmpq TI_addr_limit(%rax),%rcx
13660- jae bad_to_user
13661- ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
13662- CFI_ENDPROC
13663-ENDPROC(copy_to_user)
13664-
13665-/* Standard copy_from_user with segment limit checking */
13666-ENTRY(copy_from_user)
13667- CFI_STARTPROC
13668- GET_THREAD_INFO(%rax)
13669- movq %rsi,%rcx
13670- addq %rdx,%rcx
13671- jc bad_from_user
13672- cmpq TI_addr_limit(%rax),%rcx
13673- jae bad_from_user
13674- ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
13675- CFI_ENDPROC
13676-ENDPROC(copy_from_user)
13677-
13678 ENTRY(copy_user_generic)
13679 CFI_STARTPROC
13680 ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
13681@@ -107,6 +81,8 @@ ENDPROC(__copy_from_user_inatomic)
13682 ENTRY(bad_from_user)
13683 bad_from_user:
13684 CFI_STARTPROC
13685+ testl %edx,%edx
13686+ js bad_to_user
13687 movl %edx,%ecx
13688 xorl %eax,%eax
13689 rep
13690diff -urNp linux-2.6.32.8/arch/x86/lib/getuser.S linux-2.6.32.8/arch/x86/lib/getuser.S
13691--- linux-2.6.32.8/arch/x86/lib/getuser.S 2010-02-09 07:57:19.000000000 -0500
13692+++ linux-2.6.32.8/arch/x86/lib/getuser.S 2010-02-13 21:45:09.952704205 -0500
13693@@ -33,14 +33,28 @@
13694 #include <asm/asm-offsets.h>
13695 #include <asm/thread_info.h>
13696 #include <asm/asm.h>
13697+#include <asm/segment.h>
13698
13699 .text
13700 ENTRY(__get_user_1)
13701 CFI_STARTPROC
13702+
13703+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
13704+ pushl $(__USER_DS)
13705+ popl %ds
13706+#else
13707 GET_THREAD_INFO(%_ASM_DX)
13708 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
13709 jae bad_get_user
13710+#endif
13711+
13712 1: movzb (%_ASM_AX),%edx
13713+
13714+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
13715+ pushl %ss
13716+ pop %ds
13717+#endif
13718+
13719 xor %eax,%eax
13720 ret
13721 CFI_ENDPROC
13722@@ -49,11 +63,24 @@ ENDPROC(__get_user_1)
13723 ENTRY(__get_user_2)
13724 CFI_STARTPROC
13725 add $1,%_ASM_AX
13726+
13727+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
13728+ pushl $(__USER_DS)
13729+ popl %ds
13730+#else
13731 jc bad_get_user
13732 GET_THREAD_INFO(%_ASM_DX)
13733 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
13734 jae bad_get_user
13735+#endif
13736+
13737 2: movzwl -1(%_ASM_AX),%edx
13738+
13739+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
13740+ pushl %ss
13741+ pop %ds
13742+#endif
13743+
13744 xor %eax,%eax
13745 ret
13746 CFI_ENDPROC
13747@@ -62,11 +89,24 @@ ENDPROC(__get_user_2)
13748 ENTRY(__get_user_4)
13749 CFI_STARTPROC
13750 add $3,%_ASM_AX
13751+
13752+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
13753+ pushl $(__USER_DS)
13754+ popl %ds
13755+#else
13756 jc bad_get_user
13757 GET_THREAD_INFO(%_ASM_DX)
13758 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
13759 jae bad_get_user
13760+#endif
13761+
13762 3: mov -3(%_ASM_AX),%edx
13763+
13764+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
13765+ pushl %ss
13766+ pop %ds
13767+#endif
13768+
13769 xor %eax,%eax
13770 ret
13771 CFI_ENDPROC
13772@@ -89,6 +129,12 @@ ENDPROC(__get_user_8)
13773
13774 bad_get_user:
13775 CFI_STARTPROC
13776+
13777+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
13778+ pushl %ss
13779+ pop %ds
13780+#endif
13781+
13782 xor %edx,%edx
13783 mov $(-EFAULT),%_ASM_AX
13784 ret
13785diff -urNp linux-2.6.32.8/arch/x86/lib/memcpy_64.S linux-2.6.32.8/arch/x86/lib/memcpy_64.S
13786--- linux-2.6.32.8/arch/x86/lib/memcpy_64.S 2010-02-09 07:57:19.000000000 -0500
13787+++ linux-2.6.32.8/arch/x86/lib/memcpy_64.S 2010-02-13 21:45:09.952704205 -0500
13788@@ -128,7 +128,7 @@ ENDPROC(__memcpy)
13789 * It is also a lot simpler. Use this when possible:
13790 */
13791
13792- .section .altinstr_replacement, "ax"
13793+ .section .altinstr_replacement, "a"
13794 1: .byte 0xeb /* jmp <disp8> */
13795 .byte (memcpy_c - memcpy) - (2f - 1b) /* offset */
13796 2:
13797diff -urNp linux-2.6.32.8/arch/x86/lib/memset_64.S linux-2.6.32.8/arch/x86/lib/memset_64.S
13798--- linux-2.6.32.8/arch/x86/lib/memset_64.S 2010-02-09 07:57:19.000000000 -0500
13799+++ linux-2.6.32.8/arch/x86/lib/memset_64.S 2010-02-13 21:45:09.952704205 -0500
13800@@ -118,7 +118,7 @@ ENDPROC(__memset)
13801
13802 #include <asm/cpufeature.h>
13803
13804- .section .altinstr_replacement,"ax"
13805+ .section .altinstr_replacement,"a"
13806 1: .byte 0xeb /* jmp <disp8> */
13807 .byte (memset_c - memset) - (2f - 1b) /* offset */
13808 2:
13809diff -urNp linux-2.6.32.8/arch/x86/lib/mmx_32.c linux-2.6.32.8/arch/x86/lib/mmx_32.c
13810--- linux-2.6.32.8/arch/x86/lib/mmx_32.c 2010-02-09 07:57:19.000000000 -0500
13811+++ linux-2.6.32.8/arch/x86/lib/mmx_32.c 2010-02-13 21:45:09.953906564 -0500
13812@@ -29,6 +29,7 @@ void *_mmx_memcpy(void *to, const void *
13813 {
13814 void *p;
13815 int i;
13816+ unsigned long cr0;
13817
13818 if (unlikely(in_interrupt()))
13819 return __memcpy(to, from, len);
13820@@ -39,44 +40,72 @@ void *_mmx_memcpy(void *to, const void *
13821 kernel_fpu_begin();
13822
13823 __asm__ __volatile__ (
13824- "1: prefetch (%0)\n" /* This set is 28 bytes */
13825- " prefetch 64(%0)\n"
13826- " prefetch 128(%0)\n"
13827- " prefetch 192(%0)\n"
13828- " prefetch 256(%0)\n"
13829+ "1: prefetch (%1)\n" /* This set is 28 bytes */
13830+ " prefetch 64(%1)\n"
13831+ " prefetch 128(%1)\n"
13832+ " prefetch 192(%1)\n"
13833+ " prefetch 256(%1)\n"
13834 "2: \n"
13835 ".section .fixup, \"ax\"\n"
13836- "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
13837+ "3: \n"
13838+
13839+#ifdef CONFIG_PAX_KERNEXEC
13840+ " movl %%cr0, %0\n"
13841+ " movl %0, %%eax\n"
13842+ " andl $0xFFFEFFFF, %%eax\n"
13843+ " movl %%eax, %%cr0\n"
13844+#endif
13845+
13846+ " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
13847+
13848+#ifdef CONFIG_PAX_KERNEXEC
13849+ " movl %0, %%cr0\n"
13850+#endif
13851+
13852 " jmp 2b\n"
13853 ".previous\n"
13854 _ASM_EXTABLE(1b, 3b)
13855- : : "r" (from));
13856+ : "=&r" (cr0) : "r" (from) : "ax");
13857
13858 for ( ; i > 5; i--) {
13859 __asm__ __volatile__ (
13860- "1: prefetch 320(%0)\n"
13861- "2: movq (%0), %%mm0\n"
13862- " movq 8(%0), %%mm1\n"
13863- " movq 16(%0), %%mm2\n"
13864- " movq 24(%0), %%mm3\n"
13865- " movq %%mm0, (%1)\n"
13866- " movq %%mm1, 8(%1)\n"
13867- " movq %%mm2, 16(%1)\n"
13868- " movq %%mm3, 24(%1)\n"
13869- " movq 32(%0), %%mm0\n"
13870- " movq 40(%0), %%mm1\n"
13871- " movq 48(%0), %%mm2\n"
13872- " movq 56(%0), %%mm3\n"
13873- " movq %%mm0, 32(%1)\n"
13874- " movq %%mm1, 40(%1)\n"
13875- " movq %%mm2, 48(%1)\n"
13876- " movq %%mm3, 56(%1)\n"
13877+ "1: prefetch 320(%1)\n"
13878+ "2: movq (%1), %%mm0\n"
13879+ " movq 8(%1), %%mm1\n"
13880+ " movq 16(%1), %%mm2\n"
13881+ " movq 24(%1), %%mm3\n"
13882+ " movq %%mm0, (%2)\n"
13883+ " movq %%mm1, 8(%2)\n"
13884+ " movq %%mm2, 16(%2)\n"
13885+ " movq %%mm3, 24(%2)\n"
13886+ " movq 32(%1), %%mm0\n"
13887+ " movq 40(%1), %%mm1\n"
13888+ " movq 48(%1), %%mm2\n"
13889+ " movq 56(%1), %%mm3\n"
13890+ " movq %%mm0, 32(%2)\n"
13891+ " movq %%mm1, 40(%2)\n"
13892+ " movq %%mm2, 48(%2)\n"
13893+ " movq %%mm3, 56(%2)\n"
13894 ".section .fixup, \"ax\"\n"
13895- "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
13896+ "3:\n"
13897+
13898+#ifdef CONFIG_PAX_KERNEXEC
13899+ " movl %%cr0, %0\n"
13900+ " movl %0, %%eax\n"
13901+ " andl $0xFFFEFFFF, %%eax\n"
13902+ " movl %%eax, %%cr0\n"
13903+#endif
13904+
13905+ " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
13906+
13907+#ifdef CONFIG_PAX_KERNEXEC
13908+ " movl %0, %%cr0\n"
13909+#endif
13910+
13911 " jmp 2b\n"
13912 ".previous\n"
13913 _ASM_EXTABLE(1b, 3b)
13914- : : "r" (from), "r" (to) : "memory");
13915+ : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
13916
13917 from += 64;
13918 to += 64;
13919@@ -158,6 +187,7 @@ static void fast_clear_page(void *page)
13920 static void fast_copy_page(void *to, void *from)
13921 {
13922 int i;
13923+ unsigned long cr0;
13924
13925 kernel_fpu_begin();
13926
13927@@ -166,42 +196,70 @@ static void fast_copy_page(void *to, voi
13928 * but that is for later. -AV
13929 */
13930 __asm__ __volatile__(
13931- "1: prefetch (%0)\n"
13932- " prefetch 64(%0)\n"
13933- " prefetch 128(%0)\n"
13934- " prefetch 192(%0)\n"
13935- " prefetch 256(%0)\n"
13936+ "1: prefetch (%1)\n"
13937+ " prefetch 64(%1)\n"
13938+ " prefetch 128(%1)\n"
13939+ " prefetch 192(%1)\n"
13940+ " prefetch 256(%1)\n"
13941 "2: \n"
13942 ".section .fixup, \"ax\"\n"
13943- "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
13944+ "3: \n"
13945+
13946+#ifdef CONFIG_PAX_KERNEXEC
13947+ " movl %%cr0, %0\n"
13948+ " movl %0, %%eax\n"
13949+ " andl $0xFFFEFFFF, %%eax\n"
13950+ " movl %%eax, %%cr0\n"
13951+#endif
13952+
13953+ " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
13954+
13955+#ifdef CONFIG_PAX_KERNEXEC
13956+ " movl %0, %%cr0\n"
13957+#endif
13958+
13959 " jmp 2b\n"
13960 ".previous\n"
13961- _ASM_EXTABLE(1b, 3b) : : "r" (from));
13962+ _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from) : "ax");
13963
13964 for (i = 0; i < (4096-320)/64; i++) {
13965 __asm__ __volatile__ (
13966- "1: prefetch 320(%0)\n"
13967- "2: movq (%0), %%mm0\n"
13968- " movntq %%mm0, (%1)\n"
13969- " movq 8(%0), %%mm1\n"
13970- " movntq %%mm1, 8(%1)\n"
13971- " movq 16(%0), %%mm2\n"
13972- " movntq %%mm2, 16(%1)\n"
13973- " movq 24(%0), %%mm3\n"
13974- " movntq %%mm3, 24(%1)\n"
13975- " movq 32(%0), %%mm4\n"
13976- " movntq %%mm4, 32(%1)\n"
13977- " movq 40(%0), %%mm5\n"
13978- " movntq %%mm5, 40(%1)\n"
13979- " movq 48(%0), %%mm6\n"
13980- " movntq %%mm6, 48(%1)\n"
13981- " movq 56(%0), %%mm7\n"
13982- " movntq %%mm7, 56(%1)\n"
13983+ "1: prefetch 320(%1)\n"
13984+ "2: movq (%1), %%mm0\n"
13985+ " movntq %%mm0, (%2)\n"
13986+ " movq 8(%1), %%mm1\n"
13987+ " movntq %%mm1, 8(%2)\n"
13988+ " movq 16(%1), %%mm2\n"
13989+ " movntq %%mm2, 16(%2)\n"
13990+ " movq 24(%1), %%mm3\n"
13991+ " movntq %%mm3, 24(%2)\n"
13992+ " movq 32(%1), %%mm4\n"
13993+ " movntq %%mm4, 32(%2)\n"
13994+ " movq 40(%1), %%mm5\n"
13995+ " movntq %%mm5, 40(%2)\n"
13996+ " movq 48(%1), %%mm6\n"
13997+ " movntq %%mm6, 48(%2)\n"
13998+ " movq 56(%1), %%mm7\n"
13999+ " movntq %%mm7, 56(%2)\n"
14000 ".section .fixup, \"ax\"\n"
14001- "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14002+ "3:\n"
14003+
14004+#ifdef CONFIG_PAX_KERNEXEC
14005+ " movl %%cr0, %0\n"
14006+ " movl %0, %%eax\n"
14007+ " andl $0xFFFEFFFF, %%eax\n"
14008+ " movl %%eax, %%cr0\n"
14009+#endif
14010+
14011+ " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14012+
14013+#ifdef CONFIG_PAX_KERNEXEC
14014+ " movl %0, %%cr0\n"
14015+#endif
14016+
14017 " jmp 2b\n"
14018 ".previous\n"
14019- _ASM_EXTABLE(1b, 3b) : : "r" (from), "r" (to) : "memory");
14020+ _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
14021
14022 from += 64;
14023 to += 64;
14024@@ -280,47 +338,76 @@ static void fast_clear_page(void *page)
14025 static void fast_copy_page(void *to, void *from)
14026 {
14027 int i;
14028+ unsigned long cr0;
14029
14030 kernel_fpu_begin();
14031
14032 __asm__ __volatile__ (
14033- "1: prefetch (%0)\n"
14034- " prefetch 64(%0)\n"
14035- " prefetch 128(%0)\n"
14036- " prefetch 192(%0)\n"
14037- " prefetch 256(%0)\n"
14038+ "1: prefetch (%1)\n"
14039+ " prefetch 64(%1)\n"
14040+ " prefetch 128(%1)\n"
14041+ " prefetch 192(%1)\n"
14042+ " prefetch 256(%1)\n"
14043 "2: \n"
14044 ".section .fixup, \"ax\"\n"
14045- "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
14046+ "3: \n"
14047+
14048+#ifdef CONFIG_PAX_KERNEXEC
14049+ " movl %%cr0, %0\n"
14050+ " movl %0, %%eax\n"
14051+ " andl $0xFFFEFFFF, %%eax\n"
14052+ " movl %%eax, %%cr0\n"
14053+#endif
14054+
14055+ " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
14056+
14057+#ifdef CONFIG_PAX_KERNEXEC
14058+ " movl %0, %%cr0\n"
14059+#endif
14060+
14061 " jmp 2b\n"
14062 ".previous\n"
14063- _ASM_EXTABLE(1b, 3b) : : "r" (from));
14064+ _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from) : "ax");
14065
14066 for (i = 0; i < 4096/64; i++) {
14067 __asm__ __volatile__ (
14068- "1: prefetch 320(%0)\n"
14069- "2: movq (%0), %%mm0\n"
14070- " movq 8(%0), %%mm1\n"
14071- " movq 16(%0), %%mm2\n"
14072- " movq 24(%0), %%mm3\n"
14073- " movq %%mm0, (%1)\n"
14074- " movq %%mm1, 8(%1)\n"
14075- " movq %%mm2, 16(%1)\n"
14076- " movq %%mm3, 24(%1)\n"
14077- " movq 32(%0), %%mm0\n"
14078- " movq 40(%0), %%mm1\n"
14079- " movq 48(%0), %%mm2\n"
14080- " movq 56(%0), %%mm3\n"
14081- " movq %%mm0, 32(%1)\n"
14082- " movq %%mm1, 40(%1)\n"
14083- " movq %%mm2, 48(%1)\n"
14084- " movq %%mm3, 56(%1)\n"
14085+ "1: prefetch 320(%1)\n"
14086+ "2: movq (%1), %%mm0\n"
14087+ " movq 8(%1), %%mm1\n"
14088+ " movq 16(%1), %%mm2\n"
14089+ " movq 24(%1), %%mm3\n"
14090+ " movq %%mm0, (%2)\n"
14091+ " movq %%mm1, 8(%2)\n"
14092+ " movq %%mm2, 16(%2)\n"
14093+ " movq %%mm3, 24(%2)\n"
14094+ " movq 32(%1), %%mm0\n"
14095+ " movq 40(%1), %%mm1\n"
14096+ " movq 48(%1), %%mm2\n"
14097+ " movq 56(%1), %%mm3\n"
14098+ " movq %%mm0, 32(%2)\n"
14099+ " movq %%mm1, 40(%2)\n"
14100+ " movq %%mm2, 48(%2)\n"
14101+ " movq %%mm3, 56(%2)\n"
14102 ".section .fixup, \"ax\"\n"
14103- "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14104+ "3:\n"
14105+
14106+#ifdef CONFIG_PAX_KERNEXEC
14107+ " movl %%cr0, %0\n"
14108+ " movl %0, %%eax\n"
14109+ " andl $0xFFFEFFFF, %%eax\n"
14110+ " movl %%eax, %%cr0\n"
14111+#endif
14112+
14113+ " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14114+
14115+#ifdef CONFIG_PAX_KERNEXEC
14116+ " movl %0, %%cr0\n"
14117+#endif
14118+
14119 " jmp 2b\n"
14120 ".previous\n"
14121 _ASM_EXTABLE(1b, 3b)
14122- : : "r" (from), "r" (to) : "memory");
14123+ : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
14124
14125 from += 64;
14126 to += 64;
14127diff -urNp linux-2.6.32.8/arch/x86/lib/putuser.S linux-2.6.32.8/arch/x86/lib/putuser.S
14128--- linux-2.6.32.8/arch/x86/lib/putuser.S 2010-02-09 07:57:19.000000000 -0500
14129+++ linux-2.6.32.8/arch/x86/lib/putuser.S 2010-02-13 21:45:09.953906564 -0500
14130@@ -15,6 +15,7 @@
14131 #include <asm/thread_info.h>
14132 #include <asm/errno.h>
14133 #include <asm/asm.h>
14134+#include <asm/segment.h>
14135
14136
14137 /*
14138@@ -39,7 +40,19 @@ ENTRY(__put_user_1)
14139 ENTER
14140 cmp TI_addr_limit(%_ASM_BX),%_ASM_CX
14141 jae bad_put_user
14142+
14143+#ifdef CONFIG_X86_32
14144+ pushl $(__USER_DS)
14145+ popl %ds
14146+#endif
14147+
14148 1: movb %al,(%_ASM_CX)
14149+
14150+#ifdef CONFIG_X86_32
14151+ pushl %ss
14152+ popl %ds
14153+#endif
14154+
14155 xor %eax,%eax
14156 EXIT
14157 ENDPROC(__put_user_1)
14158@@ -50,7 +63,19 @@ ENTRY(__put_user_2)
14159 sub $1,%_ASM_BX
14160 cmp %_ASM_BX,%_ASM_CX
14161 jae bad_put_user
14162+
14163+#ifdef CONFIG_X86_32
14164+ pushl $(__USER_DS)
14165+ popl %ds
14166+#endif
14167+
14168 2: movw %ax,(%_ASM_CX)
14169+
14170+#ifdef CONFIG_X86_32
14171+ pushl %ss
14172+ popl %ds
14173+#endif
14174+
14175 xor %eax,%eax
14176 EXIT
14177 ENDPROC(__put_user_2)
14178@@ -61,7 +86,19 @@ ENTRY(__put_user_4)
14179 sub $3,%_ASM_BX
14180 cmp %_ASM_BX,%_ASM_CX
14181 jae bad_put_user
14182+
14183+#ifdef CONFIG_X86_32
14184+ pushl $(__USER_DS)
14185+ popl %ds
14186+#endif
14187+
14188 3: movl %eax,(%_ASM_CX)
14189+
14190+#ifdef CONFIG_X86_32
14191+ pushl %ss
14192+ popl %ds
14193+#endif
14194+
14195 xor %eax,%eax
14196 EXIT
14197 ENDPROC(__put_user_4)
14198@@ -72,16 +109,34 @@ ENTRY(__put_user_8)
14199 sub $7,%_ASM_BX
14200 cmp %_ASM_BX,%_ASM_CX
14201 jae bad_put_user
14202+
14203+#ifdef CONFIG_X86_32
14204+ pushl $(__USER_DS)
14205+ popl %ds
14206+#endif
14207+
14208 4: mov %_ASM_AX,(%_ASM_CX)
14209 #ifdef CONFIG_X86_32
14210 5: movl %edx,4(%_ASM_CX)
14211 #endif
14212+
14213+#ifdef CONFIG_X86_32
14214+ pushl %ss
14215+ popl %ds
14216+#endif
14217+
14218 xor %eax,%eax
14219 EXIT
14220 ENDPROC(__put_user_8)
14221
14222 bad_put_user:
14223 CFI_STARTPROC
14224+
14225+#ifdef CONFIG_X86_32
14226+ pushl %ss
14227+ popl %ds
14228+#endif
14229+
14230 movl $-EFAULT,%eax
14231 EXIT
14232 END(bad_put_user)
14233diff -urNp linux-2.6.32.8/arch/x86/lib/usercopy_32.c linux-2.6.32.8/arch/x86/lib/usercopy_32.c
14234--- linux-2.6.32.8/arch/x86/lib/usercopy_32.c 2010-02-09 07:57:19.000000000 -0500
14235+++ linux-2.6.32.8/arch/x86/lib/usercopy_32.c 2010-02-13 21:45:09.954603773 -0500
14236@@ -36,31 +36,38 @@ static inline int __movsl_is_ok(unsigned
14237 * Copy a null terminated string from userspace.
14238 */
14239
14240-#define __do_strncpy_from_user(dst, src, count, res) \
14241-do { \
14242- int __d0, __d1, __d2; \
14243- might_fault(); \
14244- __asm__ __volatile__( \
14245- " testl %1,%1\n" \
14246- " jz 2f\n" \
14247- "0: lodsb\n" \
14248- " stosb\n" \
14249- " testb %%al,%%al\n" \
14250- " jz 1f\n" \
14251- " decl %1\n" \
14252- " jnz 0b\n" \
14253- "1: subl %1,%0\n" \
14254- "2:\n" \
14255- ".section .fixup,\"ax\"\n" \
14256- "3: movl %5,%0\n" \
14257- " jmp 2b\n" \
14258- ".previous\n" \
14259- _ASM_EXTABLE(0b,3b) \
14260- : "=&d"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1), \
14261- "=&D" (__d2) \
14262- : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst) \
14263- : "memory"); \
14264-} while (0)
14265+static long __do_strncpy_from_user(char *dst, const char __user *src, long count)
14266+{
14267+ int __d0, __d1, __d2;
14268+ long res = -EFAULT;
14269+
14270+ might_fault();
14271+ __asm__ __volatile__(
14272+ " movw %w10,%%ds\n"
14273+ " testl %1,%1\n"
14274+ " jz 2f\n"
14275+ "0: lodsb\n"
14276+ " stosb\n"
14277+ " testb %%al,%%al\n"
14278+ " jz 1f\n"
14279+ " decl %1\n"
14280+ " jnz 0b\n"
14281+ "1: subl %1,%0\n"
14282+ "2:\n"
14283+ " pushl %%ss\n"
14284+ " popl %%ds\n"
14285+ ".section .fixup,\"ax\"\n"
14286+ "3: movl %5,%0\n"
14287+ " jmp 2b\n"
14288+ ".previous\n"
14289+ _ASM_EXTABLE(0b,3b)
14290+ : "=&d"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1),
14291+ "=&D" (__d2)
14292+ : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst),
14293+ "r"(__USER_DS)
14294+ : "memory");
14295+ return res;
14296+}
14297
14298 /**
14299 * __strncpy_from_user: - Copy a NUL terminated string from userspace, with less checking.
14300@@ -85,9 +92,7 @@ do { \
14301 long
14302 __strncpy_from_user(char *dst, const char __user *src, long count)
14303 {
14304- long res;
14305- __do_strncpy_from_user(dst, src, count, res);
14306- return res;
14307+ return __do_strncpy_from_user(dst, src, count);
14308 }
14309 EXPORT_SYMBOL(__strncpy_from_user);
14310
14311@@ -114,7 +119,7 @@ strncpy_from_user(char *dst, const char
14312 {
14313 long res = -EFAULT;
14314 if (access_ok(VERIFY_READ, src, 1))
14315- __do_strncpy_from_user(dst, src, count, res);
14316+ res = __do_strncpy_from_user(dst, src, count);
14317 return res;
14318 }
14319 EXPORT_SYMBOL(strncpy_from_user);
14320@@ -123,24 +128,30 @@ EXPORT_SYMBOL(strncpy_from_user);
14321 * Zero Userspace
14322 */
14323
14324-#define __do_clear_user(addr,size) \
14325-do { \
14326- int __d0; \
14327- might_fault(); \
14328- __asm__ __volatile__( \
14329- "0: rep; stosl\n" \
14330- " movl %2,%0\n" \
14331- "1: rep; stosb\n" \
14332- "2:\n" \
14333- ".section .fixup,\"ax\"\n" \
14334- "3: lea 0(%2,%0,4),%0\n" \
14335- " jmp 2b\n" \
14336- ".previous\n" \
14337- _ASM_EXTABLE(0b,3b) \
14338- _ASM_EXTABLE(1b,2b) \
14339- : "=&c"(size), "=&D" (__d0) \
14340- : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0)); \
14341-} while (0)
14342+static unsigned long __do_clear_user(void __user *addr, unsigned long size)
14343+{
14344+ int __d0;
14345+
14346+ might_fault();
14347+ __asm__ __volatile__(
14348+ " movw %w6,%%es\n"
14349+ "0: rep; stosl\n"
14350+ " movl %2,%0\n"
14351+ "1: rep; stosb\n"
14352+ "2:\n"
14353+ " pushl %%ss\n"
14354+ " popl %%es\n"
14355+ ".section .fixup,\"ax\"\n"
14356+ "3: lea 0(%2,%0,4),%0\n"
14357+ " jmp 2b\n"
14358+ ".previous\n"
14359+ _ASM_EXTABLE(0b,3b)
14360+ _ASM_EXTABLE(1b,2b)
14361+ : "=&c"(size), "=&D" (__d0)
14362+ : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0),
14363+ "r"(__USER_DS));
14364+ return size;
14365+}
14366
14367 /**
14368 * clear_user: - Zero a block of memory in user space.
14369@@ -157,7 +168,7 @@ clear_user(void __user *to, unsigned lon
14370 {
14371 might_fault();
14372 if (access_ok(VERIFY_WRITE, to, n))
14373- __do_clear_user(to, n);
14374+ n = __do_clear_user(to, n);
14375 return n;
14376 }
14377 EXPORT_SYMBOL(clear_user);
14378@@ -176,8 +187,7 @@ EXPORT_SYMBOL(clear_user);
14379 unsigned long
14380 __clear_user(void __user *to, unsigned long n)
14381 {
14382- __do_clear_user(to, n);
14383- return n;
14384+ return __do_clear_user(to, n);
14385 }
14386 EXPORT_SYMBOL(__clear_user);
14387
14388@@ -200,14 +210,17 @@ long strnlen_user(const char __user *s,
14389 might_fault();
14390
14391 __asm__ __volatile__(
14392+ " movw %w8,%%es\n"
14393 " testl %0, %0\n"
14394 " jz 3f\n"
14395- " andl %0,%%ecx\n"
14396+ " movl %0,%%ecx\n"
14397 "0: repne; scasb\n"
14398 " setne %%al\n"
14399 " subl %%ecx,%0\n"
14400 " addl %0,%%eax\n"
14401 "1:\n"
14402+ " pushl %%ss\n"
14403+ " popl %%es\n"
14404 ".section .fixup,\"ax\"\n"
14405 "2: xorl %%eax,%%eax\n"
14406 " jmp 1b\n"
14407@@ -219,7 +232,7 @@ long strnlen_user(const char __user *s,
14408 " .long 0b,2b\n"
14409 ".previous"
14410 :"=&r" (n), "=&D" (s), "=&a" (res), "=&c" (tmp)
14411- :"0" (n), "1" (s), "2" (0), "3" (mask)
14412+ :"0" (n), "1" (s), "2" (0), "3" (mask), "r" (__USER_DS)
14413 :"cc");
14414 return res & mask;
14415 }
14416@@ -227,10 +240,11 @@ EXPORT_SYMBOL(strnlen_user);
14417
14418 #ifdef CONFIG_X86_INTEL_USERCOPY
14419 static unsigned long
14420-__copy_user_intel(void __user *to, const void *from, unsigned long size)
14421+__generic_copy_to_user_intel(void __user *to, const void *from, unsigned long size)
14422 {
14423 int d0, d1;
14424 __asm__ __volatile__(
14425+ " movw %w6, %%es\n"
14426 " .align 2,0x90\n"
14427 "1: movl 32(%4), %%eax\n"
14428 " cmpl $67, %0\n"
14429@@ -239,36 +253,36 @@ __copy_user_intel(void __user *to, const
14430 " .align 2,0x90\n"
14431 "3: movl 0(%4), %%eax\n"
14432 "4: movl 4(%4), %%edx\n"
14433- "5: movl %%eax, 0(%3)\n"
14434- "6: movl %%edx, 4(%3)\n"
14435+ "5: movl %%eax, %%es:0(%3)\n"
14436+ "6: movl %%edx, %%es:4(%3)\n"
14437 "7: movl 8(%4), %%eax\n"
14438 "8: movl 12(%4),%%edx\n"
14439- "9: movl %%eax, 8(%3)\n"
14440- "10: movl %%edx, 12(%3)\n"
14441+ "9: movl %%eax, %%es:8(%3)\n"
14442+ "10: movl %%edx, %%es:12(%3)\n"
14443 "11: movl 16(%4), %%eax\n"
14444 "12: movl 20(%4), %%edx\n"
14445- "13: movl %%eax, 16(%3)\n"
14446- "14: movl %%edx, 20(%3)\n"
14447+ "13: movl %%eax, %%es:16(%3)\n"
14448+ "14: movl %%edx, %%es:20(%3)\n"
14449 "15: movl 24(%4), %%eax\n"
14450 "16: movl 28(%4), %%edx\n"
14451- "17: movl %%eax, 24(%3)\n"
14452- "18: movl %%edx, 28(%3)\n"
14453+ "17: movl %%eax, %%es:24(%3)\n"
14454+ "18: movl %%edx, %%es:28(%3)\n"
14455 "19: movl 32(%4), %%eax\n"
14456 "20: movl 36(%4), %%edx\n"
14457- "21: movl %%eax, 32(%3)\n"
14458- "22: movl %%edx, 36(%3)\n"
14459+ "21: movl %%eax, %%es:32(%3)\n"
14460+ "22: movl %%edx, %%es:36(%3)\n"
14461 "23: movl 40(%4), %%eax\n"
14462 "24: movl 44(%4), %%edx\n"
14463- "25: movl %%eax, 40(%3)\n"
14464- "26: movl %%edx, 44(%3)\n"
14465+ "25: movl %%eax, %%es:40(%3)\n"
14466+ "26: movl %%edx, %%es:44(%3)\n"
14467 "27: movl 48(%4), %%eax\n"
14468 "28: movl 52(%4), %%edx\n"
14469- "29: movl %%eax, 48(%3)\n"
14470- "30: movl %%edx, 52(%3)\n"
14471+ "29: movl %%eax, %%es:48(%3)\n"
14472+ "30: movl %%edx, %%es:52(%3)\n"
14473 "31: movl 56(%4), %%eax\n"
14474 "32: movl 60(%4), %%edx\n"
14475- "33: movl %%eax, 56(%3)\n"
14476- "34: movl %%edx, 60(%3)\n"
14477+ "33: movl %%eax, %%es:56(%3)\n"
14478+ "34: movl %%edx, %%es:60(%3)\n"
14479 " addl $-64, %0\n"
14480 " addl $64, %4\n"
14481 " addl $64, %3\n"
14482@@ -282,6 +296,8 @@ __copy_user_intel(void __user *to, const
14483 "36: movl %%eax, %0\n"
14484 "37: rep; movsb\n"
14485 "100:\n"
14486+ " pushl %%ss\n"
14487+ " popl %%es\n"
14488 ".section .fixup,\"ax\"\n"
14489 "101: lea 0(%%eax,%0,4),%0\n"
14490 " jmp 100b\n"
14491@@ -328,7 +344,117 @@ __copy_user_intel(void __user *to, const
14492 " .long 99b,101b\n"
14493 ".previous"
14494 : "=&c"(size), "=&D" (d0), "=&S" (d1)
14495- : "1"(to), "2"(from), "0"(size)
14496+ : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
14497+ : "eax", "edx", "memory");
14498+ return size;
14499+}
14500+
14501+static unsigned long
14502+__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size)
14503+{
14504+ int d0, d1;
14505+ __asm__ __volatile__(
14506+ " movw %w6, %%ds\n"
14507+ " .align 2,0x90\n"
14508+ "1: movl 32(%4), %%eax\n"
14509+ " cmpl $67, %0\n"
14510+ " jbe 3f\n"
14511+ "2: movl 64(%4), %%eax\n"
14512+ " .align 2,0x90\n"
14513+ "3: movl 0(%4), %%eax\n"
14514+ "4: movl 4(%4), %%edx\n"
14515+ "5: movl %%eax, %%es:0(%3)\n"
14516+ "6: movl %%edx, %%es:4(%3)\n"
14517+ "7: movl 8(%4), %%eax\n"
14518+ "8: movl 12(%4),%%edx\n"
14519+ "9: movl %%eax, %%es:8(%3)\n"
14520+ "10: movl %%edx, %%es:12(%3)\n"
14521+ "11: movl 16(%4), %%eax\n"
14522+ "12: movl 20(%4), %%edx\n"
14523+ "13: movl %%eax, %%es:16(%3)\n"
14524+ "14: movl %%edx, %%es:20(%3)\n"
14525+ "15: movl 24(%4), %%eax\n"
14526+ "16: movl 28(%4), %%edx\n"
14527+ "17: movl %%eax, %%es:24(%3)\n"
14528+ "18: movl %%edx, %%es:28(%3)\n"
14529+ "19: movl 32(%4), %%eax\n"
14530+ "20: movl 36(%4), %%edx\n"
14531+ "21: movl %%eax, %%es:32(%3)\n"
14532+ "22: movl %%edx, %%es:36(%3)\n"
14533+ "23: movl 40(%4), %%eax\n"
14534+ "24: movl 44(%4), %%edx\n"
14535+ "25: movl %%eax, %%es:40(%3)\n"
14536+ "26: movl %%edx, %%es:44(%3)\n"
14537+ "27: movl 48(%4), %%eax\n"
14538+ "28: movl 52(%4), %%edx\n"
14539+ "29: movl %%eax, %%es:48(%3)\n"
14540+ "30: movl %%edx, %%es:52(%3)\n"
14541+ "31: movl 56(%4), %%eax\n"
14542+ "32: movl 60(%4), %%edx\n"
14543+ "33: movl %%eax, %%es:56(%3)\n"
14544+ "34: movl %%edx, %%es:60(%3)\n"
14545+ " addl $-64, %0\n"
14546+ " addl $64, %4\n"
14547+ " addl $64, %3\n"
14548+ " cmpl $63, %0\n"
14549+ " ja 1b\n"
14550+ "35: movl %0, %%eax\n"
14551+ " shrl $2, %0\n"
14552+ " andl $3, %%eax\n"
14553+ " cld\n"
14554+ "99: rep; movsl\n"
14555+ "36: movl %%eax, %0\n"
14556+ "37: rep; movsb\n"
14557+ "100:\n"
14558+ " pushl %%ss\n"
14559+ " popl %%ds\n"
14560+ ".section .fixup,\"ax\"\n"
14561+ "101: lea 0(%%eax,%0,4),%0\n"
14562+ " jmp 100b\n"
14563+ ".previous\n"
14564+ ".section __ex_table,\"a\"\n"
14565+ " .align 4\n"
14566+ " .long 1b,100b\n"
14567+ " .long 2b,100b\n"
14568+ " .long 3b,100b\n"
14569+ " .long 4b,100b\n"
14570+ " .long 5b,100b\n"
14571+ " .long 6b,100b\n"
14572+ " .long 7b,100b\n"
14573+ " .long 8b,100b\n"
14574+ " .long 9b,100b\n"
14575+ " .long 10b,100b\n"
14576+ " .long 11b,100b\n"
14577+ " .long 12b,100b\n"
14578+ " .long 13b,100b\n"
14579+ " .long 14b,100b\n"
14580+ " .long 15b,100b\n"
14581+ " .long 16b,100b\n"
14582+ " .long 17b,100b\n"
14583+ " .long 18b,100b\n"
14584+ " .long 19b,100b\n"
14585+ " .long 20b,100b\n"
14586+ " .long 21b,100b\n"
14587+ " .long 22b,100b\n"
14588+ " .long 23b,100b\n"
14589+ " .long 24b,100b\n"
14590+ " .long 25b,100b\n"
14591+ " .long 26b,100b\n"
14592+ " .long 27b,100b\n"
14593+ " .long 28b,100b\n"
14594+ " .long 29b,100b\n"
14595+ " .long 30b,100b\n"
14596+ " .long 31b,100b\n"
14597+ " .long 32b,100b\n"
14598+ " .long 33b,100b\n"
14599+ " .long 34b,100b\n"
14600+ " .long 35b,100b\n"
14601+ " .long 36b,100b\n"
14602+ " .long 37b,100b\n"
14603+ " .long 99b,101b\n"
14604+ ".previous"
14605+ : "=&c"(size), "=&D" (d0), "=&S" (d1)
14606+ : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
14607 : "eax", "edx", "memory");
14608 return size;
14609 }
14610@@ -338,6 +464,7 @@ __copy_user_zeroing_intel(void *to, cons
14611 {
14612 int d0, d1;
14613 __asm__ __volatile__(
14614+ " movw %w6, %%ds\n"
14615 " .align 2,0x90\n"
14616 "0: movl 32(%4), %%eax\n"
14617 " cmpl $67, %0\n"
14618@@ -346,36 +473,36 @@ __copy_user_zeroing_intel(void *to, cons
14619 " .align 2,0x90\n"
14620 "2: movl 0(%4), %%eax\n"
14621 "21: movl 4(%4), %%edx\n"
14622- " movl %%eax, 0(%3)\n"
14623- " movl %%edx, 4(%3)\n"
14624+ " movl %%eax, %%es:0(%3)\n"
14625+ " movl %%edx, %%es:4(%3)\n"
14626 "3: movl 8(%4), %%eax\n"
14627 "31: movl 12(%4),%%edx\n"
14628- " movl %%eax, 8(%3)\n"
14629- " movl %%edx, 12(%3)\n"
14630+ " movl %%eax, %%es:8(%3)\n"
14631+ " movl %%edx, %%es:12(%3)\n"
14632 "4: movl 16(%4), %%eax\n"
14633 "41: movl 20(%4), %%edx\n"
14634- " movl %%eax, 16(%3)\n"
14635- " movl %%edx, 20(%3)\n"
14636+ " movl %%eax, %%es:16(%3)\n"
14637+ " movl %%edx, %%es:20(%3)\n"
14638 "10: movl 24(%4), %%eax\n"
14639 "51: movl 28(%4), %%edx\n"
14640- " movl %%eax, 24(%3)\n"
14641- " movl %%edx, 28(%3)\n"
14642+ " movl %%eax, %%es:24(%3)\n"
14643+ " movl %%edx, %%es:28(%3)\n"
14644 "11: movl 32(%4), %%eax\n"
14645 "61: movl 36(%4), %%edx\n"
14646- " movl %%eax, 32(%3)\n"
14647- " movl %%edx, 36(%3)\n"
14648+ " movl %%eax, %%es:32(%3)\n"
14649+ " movl %%edx, %%es:36(%3)\n"
14650 "12: movl 40(%4), %%eax\n"
14651 "71: movl 44(%4), %%edx\n"
14652- " movl %%eax, 40(%3)\n"
14653- " movl %%edx, 44(%3)\n"
14654+ " movl %%eax, %%es:40(%3)\n"
14655+ " movl %%edx, %%es:44(%3)\n"
14656 "13: movl 48(%4), %%eax\n"
14657 "81: movl 52(%4), %%edx\n"
14658- " movl %%eax, 48(%3)\n"
14659- " movl %%edx, 52(%3)\n"
14660+ " movl %%eax, %%es:48(%3)\n"
14661+ " movl %%edx, %%es:52(%3)\n"
14662 "14: movl 56(%4), %%eax\n"
14663 "91: movl 60(%4), %%edx\n"
14664- " movl %%eax, 56(%3)\n"
14665- " movl %%edx, 60(%3)\n"
14666+ " movl %%eax, %%es:56(%3)\n"
14667+ " movl %%edx, %%es:60(%3)\n"
14668 " addl $-64, %0\n"
14669 " addl $64, %4\n"
14670 " addl $64, %3\n"
14671@@ -389,6 +516,8 @@ __copy_user_zeroing_intel(void *to, cons
14672 " movl %%eax,%0\n"
14673 "7: rep; movsb\n"
14674 "8:\n"
14675+ " pushl %%ss\n"
14676+ " popl %%ds\n"
14677 ".section .fixup,\"ax\"\n"
14678 "9: lea 0(%%eax,%0,4),%0\n"
14679 "16: pushl %0\n"
14680@@ -423,7 +552,7 @@ __copy_user_zeroing_intel(void *to, cons
14681 " .long 7b,16b\n"
14682 ".previous"
14683 : "=&c"(size), "=&D" (d0), "=&S" (d1)
14684- : "1"(to), "2"(from), "0"(size)
14685+ : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
14686 : "eax", "edx", "memory");
14687 return size;
14688 }
14689@@ -439,6 +568,7 @@ static unsigned long __copy_user_zeroing
14690 int d0, d1;
14691
14692 __asm__ __volatile__(
14693+ " movw %w6, %%ds\n"
14694 " .align 2,0x90\n"
14695 "0: movl 32(%4), %%eax\n"
14696 " cmpl $67, %0\n"
14697@@ -447,36 +577,36 @@ static unsigned long __copy_user_zeroing
14698 " .align 2,0x90\n"
14699 "2: movl 0(%4), %%eax\n"
14700 "21: movl 4(%4), %%edx\n"
14701- " movnti %%eax, 0(%3)\n"
14702- " movnti %%edx, 4(%3)\n"
14703+ " movnti %%eax, %%es:0(%3)\n"
14704+ " movnti %%edx, %%es:4(%3)\n"
14705 "3: movl 8(%4), %%eax\n"
14706 "31: movl 12(%4),%%edx\n"
14707- " movnti %%eax, 8(%3)\n"
14708- " movnti %%edx, 12(%3)\n"
14709+ " movnti %%eax, %%es:8(%3)\n"
14710+ " movnti %%edx, %%es:12(%3)\n"
14711 "4: movl 16(%4), %%eax\n"
14712 "41: movl 20(%4), %%edx\n"
14713- " movnti %%eax, 16(%3)\n"
14714- " movnti %%edx, 20(%3)\n"
14715+ " movnti %%eax, %%es:16(%3)\n"
14716+ " movnti %%edx, %%es:20(%3)\n"
14717 "10: movl 24(%4), %%eax\n"
14718 "51: movl 28(%4), %%edx\n"
14719- " movnti %%eax, 24(%3)\n"
14720- " movnti %%edx, 28(%3)\n"
14721+ " movnti %%eax, %%es:24(%3)\n"
14722+ " movnti %%edx, %%es:28(%3)\n"
14723 "11: movl 32(%4), %%eax\n"
14724 "61: movl 36(%4), %%edx\n"
14725- " movnti %%eax, 32(%3)\n"
14726- " movnti %%edx, 36(%3)\n"
14727+ " movnti %%eax, %%es:32(%3)\n"
14728+ " movnti %%edx, %%es:36(%3)\n"
14729 "12: movl 40(%4), %%eax\n"
14730 "71: movl 44(%4), %%edx\n"
14731- " movnti %%eax, 40(%3)\n"
14732- " movnti %%edx, 44(%3)\n"
14733+ " movnti %%eax, %%es:40(%3)\n"
14734+ " movnti %%edx, %%es:44(%3)\n"
14735 "13: movl 48(%4), %%eax\n"
14736 "81: movl 52(%4), %%edx\n"
14737- " movnti %%eax, 48(%3)\n"
14738- " movnti %%edx, 52(%3)\n"
14739+ " movnti %%eax, %%es:48(%3)\n"
14740+ " movnti %%edx, %%es:52(%3)\n"
14741 "14: movl 56(%4), %%eax\n"
14742 "91: movl 60(%4), %%edx\n"
14743- " movnti %%eax, 56(%3)\n"
14744- " movnti %%edx, 60(%3)\n"
14745+ " movnti %%eax, %%es:56(%3)\n"
14746+ " movnti %%edx, %%es:60(%3)\n"
14747 " addl $-64, %0\n"
14748 " addl $64, %4\n"
14749 " addl $64, %3\n"
14750@@ -491,6 +621,8 @@ static unsigned long __copy_user_zeroing
14751 " movl %%eax,%0\n"
14752 "7: rep; movsb\n"
14753 "8:\n"
14754+ " pushl %%ss\n"
14755+ " popl %%ds\n"
14756 ".section .fixup,\"ax\"\n"
14757 "9: lea 0(%%eax,%0,4),%0\n"
14758 "16: pushl %0\n"
14759@@ -525,7 +657,7 @@ static unsigned long __copy_user_zeroing
14760 " .long 7b,16b\n"
14761 ".previous"
14762 : "=&c"(size), "=&D" (d0), "=&S" (d1)
14763- : "1"(to), "2"(from), "0"(size)
14764+ : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
14765 : "eax", "edx", "memory");
14766 return size;
14767 }
14768@@ -536,6 +668,7 @@ static unsigned long __copy_user_intel_n
14769 int d0, d1;
14770
14771 __asm__ __volatile__(
14772+ " movw %w6, %%ds\n"
14773 " .align 2,0x90\n"
14774 "0: movl 32(%4), %%eax\n"
14775 " cmpl $67, %0\n"
14776@@ -544,36 +677,36 @@ static unsigned long __copy_user_intel_n
14777 " .align 2,0x90\n"
14778 "2: movl 0(%4), %%eax\n"
14779 "21: movl 4(%4), %%edx\n"
14780- " movnti %%eax, 0(%3)\n"
14781- " movnti %%edx, 4(%3)\n"
14782+ " movnti %%eax, %%es:0(%3)\n"
14783+ " movnti %%edx, %%es:4(%3)\n"
14784 "3: movl 8(%4), %%eax\n"
14785 "31: movl 12(%4),%%edx\n"
14786- " movnti %%eax, 8(%3)\n"
14787- " movnti %%edx, 12(%3)\n"
14788+ " movnti %%eax, %%es:8(%3)\n"
14789+ " movnti %%edx, %%es:12(%3)\n"
14790 "4: movl 16(%4), %%eax\n"
14791 "41: movl 20(%4), %%edx\n"
14792- " movnti %%eax, 16(%3)\n"
14793- " movnti %%edx, 20(%3)\n"
14794+ " movnti %%eax, %%es:16(%3)\n"
14795+ " movnti %%edx, %%es:20(%3)\n"
14796 "10: movl 24(%4), %%eax\n"
14797 "51: movl 28(%4), %%edx\n"
14798- " movnti %%eax, 24(%3)\n"
14799- " movnti %%edx, 28(%3)\n"
14800+ " movnti %%eax, %%es:24(%3)\n"
14801+ " movnti %%edx, %%es:28(%3)\n"
14802 "11: movl 32(%4), %%eax\n"
14803 "61: movl 36(%4), %%edx\n"
14804- " movnti %%eax, 32(%3)\n"
14805- " movnti %%edx, 36(%3)\n"
14806+ " movnti %%eax, %%es:32(%3)\n"
14807+ " movnti %%edx, %%es:36(%3)\n"
14808 "12: movl 40(%4), %%eax\n"
14809 "71: movl 44(%4), %%edx\n"
14810- " movnti %%eax, 40(%3)\n"
14811- " movnti %%edx, 44(%3)\n"
14812+ " movnti %%eax, %%es:40(%3)\n"
14813+ " movnti %%edx, %%es:44(%3)\n"
14814 "13: movl 48(%4), %%eax\n"
14815 "81: movl 52(%4), %%edx\n"
14816- " movnti %%eax, 48(%3)\n"
14817- " movnti %%edx, 52(%3)\n"
14818+ " movnti %%eax, %%es:48(%3)\n"
14819+ " movnti %%edx, %%es:52(%3)\n"
14820 "14: movl 56(%4), %%eax\n"
14821 "91: movl 60(%4), %%edx\n"
14822- " movnti %%eax, 56(%3)\n"
14823- " movnti %%edx, 60(%3)\n"
14824+ " movnti %%eax, %%es:56(%3)\n"
14825+ " movnti %%edx, %%es:60(%3)\n"
14826 " addl $-64, %0\n"
14827 " addl $64, %4\n"
14828 " addl $64, %3\n"
14829@@ -588,6 +721,8 @@ static unsigned long __copy_user_intel_n
14830 " movl %%eax,%0\n"
14831 "7: rep; movsb\n"
14832 "8:\n"
14833+ " pushl %%ss\n"
14834+ " popl %%ds\n"
14835 ".section .fixup,\"ax\"\n"
14836 "9: lea 0(%%eax,%0,4),%0\n"
14837 "16: jmp 8b\n"
14838@@ -616,7 +751,7 @@ static unsigned long __copy_user_intel_n
14839 " .long 7b,16b\n"
14840 ".previous"
14841 : "=&c"(size), "=&D" (d0), "=&S" (d1)
14842- : "1"(to), "2"(from), "0"(size)
14843+ : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
14844 : "eax", "edx", "memory");
14845 return size;
14846 }
14847@@ -629,90 +764,146 @@ static unsigned long __copy_user_intel_n
14848 */
14849 unsigned long __copy_user_zeroing_intel(void *to, const void __user *from,
14850 unsigned long size);
14851-unsigned long __copy_user_intel(void __user *to, const void *from,
14852+unsigned long __generic_copy_to_user_intel(void __user *to, const void *from,
14853+ unsigned long size);
14854+unsigned long __generic_copy_from_user_intel(void *to, const void __user *from,
14855 unsigned long size);
14856 unsigned long __copy_user_zeroing_intel_nocache(void *to,
14857 const void __user *from, unsigned long size);
14858 #endif /* CONFIG_X86_INTEL_USERCOPY */
14859
14860 /* Generic arbitrary sized copy. */
14861-#define __copy_user(to, from, size) \
14862-do { \
14863- int __d0, __d1, __d2; \
14864- __asm__ __volatile__( \
14865- " cmp $7,%0\n" \
14866- " jbe 1f\n" \
14867- " movl %1,%0\n" \
14868- " negl %0\n" \
14869- " andl $7,%0\n" \
14870- " subl %0,%3\n" \
14871- "4: rep; movsb\n" \
14872- " movl %3,%0\n" \
14873- " shrl $2,%0\n" \
14874- " andl $3,%3\n" \
14875- " .align 2,0x90\n" \
14876- "0: rep; movsl\n" \
14877- " movl %3,%0\n" \
14878- "1: rep; movsb\n" \
14879- "2:\n" \
14880- ".section .fixup,\"ax\"\n" \
14881- "5: addl %3,%0\n" \
14882- " jmp 2b\n" \
14883- "3: lea 0(%3,%0,4),%0\n" \
14884- " jmp 2b\n" \
14885- ".previous\n" \
14886- ".section __ex_table,\"a\"\n" \
14887- " .align 4\n" \
14888- " .long 4b,5b\n" \
14889- " .long 0b,3b\n" \
14890- " .long 1b,2b\n" \
14891- ".previous" \
14892- : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) \
14893- : "3"(size), "0"(size), "1"(to), "2"(from) \
14894- : "memory"); \
14895-} while (0)
14896-
14897-#define __copy_user_zeroing(to, from, size) \
14898-do { \
14899- int __d0, __d1, __d2; \
14900- __asm__ __volatile__( \
14901- " cmp $7,%0\n" \
14902- " jbe 1f\n" \
14903- " movl %1,%0\n" \
14904- " negl %0\n" \
14905- " andl $7,%0\n" \
14906- " subl %0,%3\n" \
14907- "4: rep; movsb\n" \
14908- " movl %3,%0\n" \
14909- " shrl $2,%0\n" \
14910- " andl $3,%3\n" \
14911- " .align 2,0x90\n" \
14912- "0: rep; movsl\n" \
14913- " movl %3,%0\n" \
14914- "1: rep; movsb\n" \
14915- "2:\n" \
14916- ".section .fixup,\"ax\"\n" \
14917- "5: addl %3,%0\n" \
14918- " jmp 6f\n" \
14919- "3: lea 0(%3,%0,4),%0\n" \
14920- "6: pushl %0\n" \
14921- " pushl %%eax\n" \
14922- " xorl %%eax,%%eax\n" \
14923- " rep; stosb\n" \
14924- " popl %%eax\n" \
14925- " popl %0\n" \
14926- " jmp 2b\n" \
14927- ".previous\n" \
14928- ".section __ex_table,\"a\"\n" \
14929- " .align 4\n" \
14930- " .long 4b,5b\n" \
14931- " .long 0b,3b\n" \
14932- " .long 1b,6b\n" \
14933- ".previous" \
14934- : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) \
14935- : "3"(size), "0"(size), "1"(to), "2"(from) \
14936- : "memory"); \
14937-} while (0)
14938+static unsigned long
14939+__generic_copy_to_user(void __user *to, const void *from, unsigned long size)
14940+{
14941+ int __d0, __d1, __d2;
14942+
14943+ __asm__ __volatile__(
14944+ " movw %w8,%%es\n"
14945+ " cmp $7,%0\n"
14946+ " jbe 1f\n"
14947+ " movl %1,%0\n"
14948+ " negl %0\n"
14949+ " andl $7,%0\n"
14950+ " subl %0,%3\n"
14951+ "4: rep; movsb\n"
14952+ " movl %3,%0\n"
14953+ " shrl $2,%0\n"
14954+ " andl $3,%3\n"
14955+ " .align 2,0x90\n"
14956+ "0: rep; movsl\n"
14957+ " movl %3,%0\n"
14958+ "1: rep; movsb\n"
14959+ "2:\n"
14960+ " pushl %%ss\n"
14961+ " popl %%es\n"
14962+ ".section .fixup,\"ax\"\n"
14963+ "5: addl %3,%0\n"
14964+ " jmp 2b\n"
14965+ "3: lea 0(%3,%0,4),%0\n"
14966+ " jmp 2b\n"
14967+ ".previous\n"
14968+ ".section __ex_table,\"a\"\n"
14969+ " .align 4\n"
14970+ " .long 4b,5b\n"
14971+ " .long 0b,3b\n"
14972+ " .long 1b,2b\n"
14973+ ".previous"
14974+ : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2)
14975+ : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS)
14976+ : "memory");
14977+ return size;
14978+}
14979+
14980+static unsigned long
14981+__generic_copy_from_user(void *to, const void __user *from, unsigned long size)
14982+{
14983+ int __d0, __d1, __d2;
14984+
14985+ __asm__ __volatile__(
14986+ " movw %w8,%%ds\n"
14987+ " cmp $7,%0\n"
14988+ " jbe 1f\n"
14989+ " movl %1,%0\n"
14990+ " negl %0\n"
14991+ " andl $7,%0\n"
14992+ " subl %0,%3\n"
14993+ "4: rep; movsb\n"
14994+ " movl %3,%0\n"
14995+ " shrl $2,%0\n"
14996+ " andl $3,%3\n"
14997+ " .align 2,0x90\n"
14998+ "0: rep; movsl\n"
14999+ " movl %3,%0\n"
15000+ "1: rep; movsb\n"
15001+ "2:\n"
15002+ " pushl %%ss\n"
15003+ " popl %%ds\n"
15004+ ".section .fixup,\"ax\"\n"
15005+ "5: addl %3,%0\n"
15006+ " jmp 2b\n"
15007+ "3: lea 0(%3,%0,4),%0\n"
15008+ " jmp 2b\n"
15009+ ".previous\n"
15010+ ".section __ex_table,\"a\"\n"
15011+ " .align 4\n"
15012+ " .long 4b,5b\n"
15013+ " .long 0b,3b\n"
15014+ " .long 1b,2b\n"
15015+ ".previous"
15016+ : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2)
15017+ : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS)
15018+ : "memory");
15019+ return size;
15020+}
15021+
15022+static unsigned long
15023+__copy_user_zeroing(void *to, const void __user *from, unsigned long size)
15024+{
15025+ int __d0, __d1, __d2;
15026+
15027+ __asm__ __volatile__(
15028+ " movw %w8,%%ds\n"
15029+ " cmp $7,%0\n"
15030+ " jbe 1f\n"
15031+ " movl %1,%0\n"
15032+ " negl %0\n"
15033+ " andl $7,%0\n"
15034+ " subl %0,%3\n"
15035+ "4: rep; movsb\n"
15036+ " movl %3,%0\n"
15037+ " shrl $2,%0\n"
15038+ " andl $3,%3\n"
15039+ " .align 2,0x90\n"
15040+ "0: rep; movsl\n"
15041+ " movl %3,%0\n"
15042+ "1: rep; movsb\n"
15043+ "2:\n"
15044+ " pushl %%ss\n"
15045+ " popl %%ds\n"
15046+ ".section .fixup,\"ax\"\n"
15047+ "5: addl %3,%0\n"
15048+ " jmp 6f\n"
15049+ "3: lea 0(%3,%0,4),%0\n"
15050+ "6: pushl %0\n"
15051+ " pushl %%eax\n"
15052+ " xorl %%eax,%%eax\n"
15053+ " rep; stosb\n"
15054+ " popl %%eax\n"
15055+ " popl %0\n"
15056+ " jmp 2b\n"
15057+ ".previous\n"
15058+ ".section __ex_table,\"a\"\n"
15059+ " .align 4\n"
15060+ " .long 4b,5b\n"
15061+ " .long 0b,3b\n"
15062+ " .long 1b,6b\n"
15063+ ".previous"
15064+ : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2)
15065+ : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS)
15066+ : "memory");
15067+ return size;
15068+}
15069
15070 unsigned long __copy_to_user_ll(void __user *to, const void *from,
15071 unsigned long n)
15072@@ -775,9 +966,9 @@ survive:
15073 }
15074 #endif
15075 if (movsl_is_ok(to, from, n))
15076- __copy_user(to, from, n);
15077+ n = __generic_copy_to_user(to, from, n);
15078 else
15079- n = __copy_user_intel(to, from, n);
15080+ n = __generic_copy_to_user_intel(to, from, n);
15081 return n;
15082 }
15083 EXPORT_SYMBOL(__copy_to_user_ll);
15084@@ -786,7 +977,7 @@ unsigned long __copy_from_user_ll(void *
15085 unsigned long n)
15086 {
15087 if (movsl_is_ok(to, from, n))
15088- __copy_user_zeroing(to, from, n);
15089+ n = __copy_user_zeroing(to, from, n);
15090 else
15091 n = __copy_user_zeroing_intel(to, from, n);
15092 return n;
15093@@ -797,10 +988,9 @@ unsigned long __copy_from_user_ll_nozero
15094 unsigned long n)
15095 {
15096 if (movsl_is_ok(to, from, n))
15097- __copy_user(to, from, n);
15098+ n = __generic_copy_from_user(to, from, n);
15099 else
15100- n = __copy_user_intel((void __user *)to,
15101- (const void *)from, n);
15102+ n = __generic_copy_from_user_intel(to, from, n);
15103 return n;
15104 }
15105 EXPORT_SYMBOL(__copy_from_user_ll_nozero);
15106@@ -812,9 +1002,9 @@ unsigned long __copy_from_user_ll_nocach
15107 if (n > 64 && cpu_has_xmm2)
15108 n = __copy_user_zeroing_intel_nocache(to, from, n);
15109 else
15110- __copy_user_zeroing(to, from, n);
15111+ n = __copy_user_zeroing(to, from, n);
15112 #else
15113- __copy_user_zeroing(to, from, n);
15114+ n = __copy_user_zeroing(to, from, n);
15115 #endif
15116 return n;
15117 }
15118@@ -827,59 +1017,40 @@ unsigned long __copy_from_user_ll_nocach
15119 if (n > 64 && cpu_has_xmm2)
15120 n = __copy_user_intel_nocache(to, from, n);
15121 else
15122- __copy_user(to, from, n);
15123+ n = __generic_copy_from_user(to, from, n);
15124 #else
15125- __copy_user(to, from, n);
15126+ n = __generic_copy_from_user(to, from, n);
15127 #endif
15128 return n;
15129 }
15130 EXPORT_SYMBOL(__copy_from_user_ll_nocache_nozero);
15131
15132-/**
15133- * copy_to_user: - Copy a block of data into user space.
15134- * @to: Destination address, in user space.
15135- * @from: Source address, in kernel space.
15136- * @n: Number of bytes to copy.
15137- *
15138- * Context: User context only. This function may sleep.
15139- *
15140- * Copy data from kernel space to user space.
15141- *
15142- * Returns number of bytes that could not be copied.
15143- * On success, this will be zero.
15144- */
15145-unsigned long
15146-copy_to_user(void __user *to, const void *from, unsigned long n)
15147+#ifdef CONFIG_PAX_MEMORY_UDEREF
15148+void __set_fs(mm_segment_t x, int cpu)
15149 {
15150- if (access_ok(VERIFY_WRITE, to, n))
15151- n = __copy_to_user(to, from, n);
15152- return n;
15153+ unsigned long limit = x.seg;
15154+ struct desc_struct d;
15155+
15156+ current_thread_info()->addr_limit = x;
15157+ if (unlikely(paravirt_enabled()))
15158+ return;
15159+
15160+ if (likely(limit))
15161+ limit = (limit - 1UL) >> PAGE_SHIFT;
15162+ pack_descriptor(&d, 0UL, limit, 0xF3, 0xC);
15163+ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_DS, &d, DESCTYPE_S);
15164 }
15165-EXPORT_SYMBOL(copy_to_user);
15166
15167-/**
15168- * copy_from_user: - Copy a block of data from user space.
15169- * @to: Destination address, in kernel space.
15170- * @from: Source address, in user space.
15171- * @n: Number of bytes to copy.
15172- *
15173- * Context: User context only. This function may sleep.
15174- *
15175- * Copy data from user space to kernel space.
15176- *
15177- * Returns number of bytes that could not be copied.
15178- * On success, this will be zero.
15179- *
15180- * If some data could not be copied, this function will pad the copied
15181- * data to the requested size using zero bytes.
15182- */
15183-unsigned long
15184-copy_from_user(void *to, const void __user *from, unsigned long n)
15185+void set_fs(mm_segment_t x)
15186 {
15187- if (access_ok(VERIFY_READ, from, n))
15188- n = __copy_from_user(to, from, n);
15189- else
15190- memset(to, 0, n);
15191- return n;
15192+ __set_fs(x, get_cpu());
15193+ put_cpu();
15194 }
15195-EXPORT_SYMBOL(copy_from_user);
15196+#else
15197+void set_fs(mm_segment_t x)
15198+{
15199+ current_thread_info()->addr_limit = x;
15200+}
15201+#endif
15202+
15203+EXPORT_SYMBOL(set_fs);
15204diff -urNp linux-2.6.32.8/arch/x86/Makefile linux-2.6.32.8/arch/x86/Makefile
15205--- linux-2.6.32.8/arch/x86/Makefile 2010-02-09 07:57:19.000000000 -0500
15206+++ linux-2.6.32.8/arch/x86/Makefile 2010-02-13 21:45:09.954603773 -0500
15207@@ -189,3 +189,12 @@ define archhelp
15208 echo ' FDARGS="..." arguments for the booted kernel'
15209 echo ' FDINITRD=file initrd for the booted kernel'
15210 endef
15211+
15212+define OLD_LD
15213+
15214+*** ${VERSION}.${PATCHLEVEL} PaX kernels no longer build correctly with old versions of binutils.
15215+*** Please upgrade your binutils to 2.18 or newer
15216+endef
15217+
15218+archprepare:
15219+ $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD)))
15220diff -urNp linux-2.6.32.8/arch/x86/mm/extable.c linux-2.6.32.8/arch/x86/mm/extable.c
15221--- linux-2.6.32.8/arch/x86/mm/extable.c 2010-02-09 07:57:19.000000000 -0500
15222+++ linux-2.6.32.8/arch/x86/mm/extable.c 2010-02-13 21:45:09.954603773 -0500
15223@@ -1,14 +1,71 @@
15224 #include <linux/module.h>
15225 #include <linux/spinlock.h>
15226+#include <linux/sort.h>
15227 #include <asm/uaccess.h>
15228+#include <asm/pgtable.h>
15229
15230+/*
15231+ * The exception table needs to be sorted so that the binary
15232+ * search that we use to find entries in it works properly.
15233+ * This is used both for the kernel exception table and for
15234+ * the exception tables of modules that get loaded.
15235+ */
15236+static int cmp_ex(const void *a, const void *b)
15237+{
15238+ const struct exception_table_entry *x = a, *y = b;
15239+
15240+ /* avoid overflow */
15241+ if (x->insn > y->insn)
15242+ return 1;
15243+ if (x->insn < y->insn)
15244+ return -1;
15245+ return 0;
15246+}
15247+
15248+static void swap_ex(void *a, void *b, int size)
15249+{
15250+ struct exception_table_entry t, *x = a, *y = b;
15251+
15252+ t = *x;
15253+
15254+ pax_open_kernel();
15255+ *x = *y;
15256+ *y = t;
15257+ pax_close_kernel();
15258+}
15259+
15260+void sort_extable(struct exception_table_entry *start,
15261+ struct exception_table_entry *finish)
15262+{
15263+ sort(start, finish - start, sizeof(struct exception_table_entry),
15264+ cmp_ex, swap_ex);
15265+}
15266+
15267+#ifdef CONFIG_MODULES
15268+/*
15269+ * If the exception table is sorted, any referring to the module init
15270+ * will be at the beginning or the end.
15271+ */
15272+void trim_init_extable(struct module *m)
15273+{
15274+ /*trim the beginning*/
15275+ while (m->num_exentries && within_module_init(m->extable[0].insn, m)) {
15276+ m->extable++;
15277+ m->num_exentries--;
15278+ }
15279+ /*trim the end*/
15280+ while (m->num_exentries &&
15281+ within_module_init(m->extable[m->num_exentries-1].insn, m))
15282+ m->num_exentries--;
15283+}
15284+#endif /* CONFIG_MODULES */
15285
15286 int fixup_exception(struct pt_regs *regs)
15287 {
15288 const struct exception_table_entry *fixup;
15289
15290 #ifdef CONFIG_PNPBIOS
15291- if (unlikely(SEGMENT_IS_PNP_CODE(regs->cs))) {
15292+ if (unlikely(!v8086_mode(regs) && SEGMENT_IS_PNP_CODE(regs->cs))) {
15293 extern u32 pnp_bios_fault_eip, pnp_bios_fault_esp;
15294 extern u32 pnp_bios_is_utter_crap;
15295 pnp_bios_is_utter_crap = 1;
15296diff -urNp linux-2.6.32.8/arch/x86/mm/fault.c linux-2.6.32.8/arch/x86/mm/fault.c
15297--- linux-2.6.32.8/arch/x86/mm/fault.c 2010-02-09 07:57:19.000000000 -0500
15298+++ linux-2.6.32.8/arch/x86/mm/fault.c 2010-02-13 21:45:09.955769141 -0500
15299@@ -11,10 +11,14 @@
15300 #include <linux/kprobes.h> /* __kprobes, ... */
15301 #include <linux/mmiotrace.h> /* kmmio_handler, ... */
15302 #include <linux/perf_event.h> /* perf_sw_event */
15303+#include <linux/unistd.h>
15304+#include <linux/compiler.h>
15305
15306 #include <asm/traps.h> /* dotraplinkage, ... */
15307 #include <asm/pgalloc.h> /* pgd_*(), ... */
15308 #include <asm/kmemcheck.h> /* kmemcheck_*(), ... */
15309+#include <asm/vsyscall.h>
15310+#include <asm/tlbflush.h>
15311
15312 /*
15313 * Page fault error code bits:
15314@@ -51,7 +55,7 @@ static inline int notify_page_fault(stru
15315 int ret = 0;
15316
15317 /* kprobe_running() needs smp_processor_id() */
15318- if (kprobes_built_in() && !user_mode_vm(regs)) {
15319+ if (kprobes_built_in() && !user_mode(regs)) {
15320 preempt_disable();
15321 if (kprobe_running() && kprobe_fault_handler(regs, 14))
15322 ret = 1;
15323@@ -172,6 +176,30 @@ force_sig_info_fault(int si_signo, int s
15324 force_sig_info(si_signo, &info, tsk);
15325 }
15326
15327+#ifdef CONFIG_PAX_EMUTRAMP
15328+static int pax_handle_fetch_fault(struct pt_regs *regs);
15329+#endif
15330+
15331+#ifdef CONFIG_PAX_PAGEEXEC
15332+static inline pmd_t * pax_get_pmd(struct mm_struct *mm, unsigned long address)
15333+{
15334+ pgd_t *pgd;
15335+ pud_t *pud;
15336+ pmd_t *pmd;
15337+
15338+ pgd = pgd_offset(mm, address);
15339+ if (!pgd_present(*pgd))
15340+ return NULL;
15341+ pud = pud_offset(pgd, address);
15342+ if (!pud_present(*pud))
15343+ return NULL;
15344+ pmd = pmd_offset(pud, address);
15345+ if (!pmd_present(*pmd))
15346+ return NULL;
15347+ return pmd;
15348+}
15349+#endif
15350+
15351 DEFINE_SPINLOCK(pgd_lock);
15352 LIST_HEAD(pgd_list);
15353
15354@@ -535,7 +563,7 @@ static int is_errata93(struct pt_regs *r
15355 static int is_errata100(struct pt_regs *regs, unsigned long address)
15356 {
15357 #ifdef CONFIG_X86_64
15358- if ((regs->cs == __USER32_CS || (regs->cs & (1<<2))) && (address >> 32))
15359+ if ((regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT)) && (address >> 32))
15360 return 1;
15361 #endif
15362 return 0;
15363@@ -562,7 +590,7 @@ static int is_f00f_bug(struct pt_regs *r
15364 }
15365
15366 static const char nx_warning[] = KERN_CRIT
15367-"kernel tried to execute NX-protected page - exploit attempt? (uid: %d)\n";
15368+"kernel tried to execute NX-protected page - exploit attempt? (uid: %d, task: %s, pid: %d)\n";
15369
15370 static void
15371 show_fault_oops(struct pt_regs *regs, unsigned long error_code,
15372@@ -571,15 +599,26 @@ show_fault_oops(struct pt_regs *regs, un
15373 if (!oops_may_print())
15374 return;
15375
15376- if (error_code & PF_INSTR) {
15377+ if (nx_enabled && (error_code & PF_INSTR)) {
15378 unsigned int level;
15379
15380 pte_t *pte = lookup_address(address, &level);
15381
15382 if (pte && pte_present(*pte) && !pte_exec(*pte))
15383- printk(nx_warning, current_uid());
15384+ printk(nx_warning, current_uid(), current->comm, task_pid_nr(current));
15385 }
15386
15387+#ifdef CONFIG_PAX_KERNEXEC
15388+ if (init_mm.start_code <= address && address < init_mm.end_code) {
15389+ if (current->signal->curr_ip)
15390+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
15391+ &current->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
15392+ else
15393+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
15394+ current->comm, task_pid_nr(current), current_uid(), current_euid());
15395+ }
15396+#endif
15397+
15398 printk(KERN_ALERT "BUG: unable to handle kernel ");
15399 if (address < PAGE_SIZE)
15400 printk(KERN_CONT "NULL pointer dereference");
15401@@ -704,6 +743,68 @@ __bad_area_nosemaphore(struct pt_regs *r
15402 unsigned long address, int si_code)
15403 {
15404 struct task_struct *tsk = current;
15405+ struct mm_struct *mm = tsk->mm;
15406+
15407+#ifdef CONFIG_X86_64
15408+ if (mm && (error_code & PF_INSTR)) {
15409+ if (regs->ip == (unsigned long)vgettimeofday) {
15410+ regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, fallback_gettimeofday);
15411+ return;
15412+ } else if (regs->ip == (unsigned long)vtime) {
15413+ regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, fallback_time);
15414+ return;
15415+ } else if (regs->ip == (unsigned long)vgetcpu) {
15416+ regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, getcpu);
15417+ return;
15418+ }
15419+ }
15420+#endif
15421+
15422+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
15423+ if (mm && (error_code & PF_USER)) {
15424+ unsigned long ip = regs->ip;
15425+
15426+ if (v8086_mode(regs))
15427+ ip = ((regs->cs & 0xffff) << 4) + (regs->ip & 0xffff);
15428+
15429+ /*
15430+ * It's possible to have interrupts off here:
15431+ */
15432+ local_irq_enable();
15433+
15434+#ifdef CONFIG_PAX_PAGEEXEC
15435+ if ((mm->pax_flags & MF_PAX_PAGEEXEC) &&
15436+ ((nx_enabled && (error_code & PF_INSTR)) || (!(error_code & (PF_PROT | PF_WRITE)) && regs->ip == address))) {
15437+
15438+#ifdef CONFIG_PAX_EMUTRAMP
15439+ switch (pax_handle_fetch_fault(regs)) {
15440+ case 2:
15441+ return;
15442+ }
15443+#endif
15444+
15445+ pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
15446+ do_group_exit(SIGKILL);
15447+ }
15448+#endif
15449+
15450+#ifdef CONFIG_PAX_SEGMEXEC
15451+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && !(error_code & (PF_PROT | PF_WRITE)) && (regs->ip + SEGMEXEC_TASK_SIZE == address)) {
15452+
15453+#ifdef CONFIG_PAX_EMUTRAMP
15454+ switch (pax_handle_fetch_fault(regs)) {
15455+ case 2:
15456+ return;
15457+ }
15458+#endif
15459+
15460+ pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
15461+ do_group_exit(SIGKILL);
15462+ }
15463+#endif
15464+
15465+ }
15466+#endif
15467
15468 /* User mode accesses just cause a SIGSEGV */
15469 if (error_code & PF_USER) {
15470@@ -848,6 +949,106 @@ static int spurious_fault_check(unsigned
15471 return 1;
15472 }
15473
15474+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
15475+static int pax_handle_pageexec_fault(struct pt_regs *regs, struct mm_struct *mm, unsigned long address, unsigned long error_code)
15476+{
15477+ pte_t *pte;
15478+ pmd_t *pmd;
15479+ spinlock_t *ptl;
15480+ unsigned char pte_mask;
15481+
15482+ if (nx_enabled || (error_code & (PF_PROT|PF_USER)) != (PF_PROT|PF_USER) || v8086_mode(regs) ||
15483+ !(mm->pax_flags & MF_PAX_PAGEEXEC))
15484+ return 0;
15485+
15486+ /* PaX: it's our fault, let's handle it if we can */
15487+
15488+ /* PaX: take a look at read faults before acquiring any locks */
15489+ if (unlikely(!(error_code & PF_WRITE) && (regs->ip == address))) {
15490+ /* instruction fetch attempt from a protected page in user mode */
15491+ up_read(&mm->mmap_sem);
15492+
15493+#ifdef CONFIG_PAX_EMUTRAMP
15494+ switch (pax_handle_fetch_fault(regs)) {
15495+ case 2:
15496+ return 1;
15497+ }
15498+#endif
15499+
15500+ pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
15501+ do_group_exit(SIGKILL);
15502+ }
15503+
15504+ pmd = pax_get_pmd(mm, address);
15505+ if (unlikely(!pmd))
15506+ return 0;
15507+
15508+ pte = pte_offset_map_lock(mm, pmd, address, &ptl);
15509+ if (unlikely(!(pte_val(*pte) & _PAGE_PRESENT) || pte_user(*pte))) {
15510+ pte_unmap_unlock(pte, ptl);
15511+ return 0;
15512+ }
15513+
15514+ if (unlikely((error_code & PF_WRITE) && !pte_write(*pte))) {
15515+ /* write attempt to a protected page in user mode */
15516+ pte_unmap_unlock(pte, ptl);
15517+ return 0;
15518+ }
15519+
15520+#ifdef CONFIG_SMP
15521+ if (likely(address > get_limit(regs->cs) && cpu_isset(smp_processor_id(), mm->context.cpu_user_cs_mask)))
15522+#else
15523+ if (likely(address > get_limit(regs->cs)))
15524+#endif
15525+ {
15526+ set_pte(pte, pte_mkread(*pte));
15527+ __flush_tlb_one(address);
15528+ pte_unmap_unlock(pte, ptl);
15529+ up_read(&mm->mmap_sem);
15530+ return 1;
15531+ }
15532+
15533+ pte_mask = _PAGE_ACCESSED | _PAGE_USER | ((error_code & PF_WRITE) << (_PAGE_BIT_DIRTY-1));
15534+
15535+ /*
15536+ * PaX: fill DTLB with user rights and retry
15537+ */
15538+ __asm__ __volatile__ (
15539+#ifdef CONFIG_PAX_MEMORY_UDEREF
15540+ "movw %w4,%%es\n"
15541+#endif
15542+ "orb %2,(%1)\n"
15543+#if defined(CONFIG_M586) || defined(CONFIG_M586TSC)
15544+/*
15545+ * PaX: let this uncommented 'invlpg' remind us on the behaviour of Intel's
15546+ * (and AMD's) TLBs. namely, they do not cache PTEs that would raise *any*
15547+ * page fault when examined during a TLB load attempt. this is true not only
15548+ * for PTEs holding a non-present entry but also present entries that will
15549+ * raise a page fault (such as those set up by PaX, or the copy-on-write
15550+ * mechanism). in effect it means that we do *not* need to flush the TLBs
15551+ * for our target pages since their PTEs are simply not in the TLBs at all.
15552+
15553+ * the best thing in omitting it is that we gain around 15-20% speed in the
15554+ * fast path of the page fault handler and can get rid of tracing since we
15555+ * can no longer flush unintended entries.
15556+ */
15557+ "invlpg (%0)\n"
15558+#endif
15559+ "testb $0,%%es:(%0)\n"
15560+ "xorb %3,(%1)\n"
15561+#ifdef CONFIG_PAX_MEMORY_UDEREF
15562+ "pushl %%ss\n"
15563+ "popl %%es\n"
15564+#endif
15565+ :
15566+ : "r" (address), "r" (pte), "q" (pte_mask), "i" (_PAGE_USER), "r" (__USER_DS)
15567+ : "memory", "cc");
15568+ pte_unmap_unlock(pte, ptl);
15569+ up_read(&mm->mmap_sem);
15570+ return 1;
15571+}
15572+#endif
15573+
15574 /*
15575 * Handle a spurious fault caused by a stale TLB entry.
15576 *
15577@@ -914,6 +1115,9 @@ int show_unhandled_signals = 1;
15578 static inline int
15579 access_error(unsigned long error_code, int write, struct vm_area_struct *vma)
15580 {
15581+ if (nx_enabled && (error_code & PF_INSTR) && !(vma->vm_flags & VM_EXEC))
15582+ return 1;
15583+
15584 if (write) {
15585 /* write, present and write, not present: */
15586 if (unlikely(!(vma->vm_flags & VM_WRITE)))
15587@@ -947,17 +1151,16 @@ do_page_fault(struct pt_regs *regs, unsi
15588 {
15589 struct vm_area_struct *vma;
15590 struct task_struct *tsk;
15591- unsigned long address;
15592 struct mm_struct *mm;
15593 int write;
15594 int fault;
15595
15596+ /* Get the faulting address: */
15597+ const unsigned long address = read_cr2();
15598+
15599 tsk = current;
15600 mm = tsk->mm;
15601
15602- /* Get the faulting address: */
15603- address = read_cr2();
15604-
15605 /*
15606 * Detect and handle instructions that would cause a page fault for
15607 * both a tracked kernel page and a userspace page.
15608@@ -1017,7 +1220,7 @@ do_page_fault(struct pt_regs *regs, unsi
15609 * User-mode registers count as a user access even for any
15610 * potential system fault or CPU buglet:
15611 */
15612- if (user_mode_vm(regs)) {
15613+ if (user_mode(regs)) {
15614 local_irq_enable();
15615 error_code |= PF_USER;
15616 } else {
15617@@ -1071,6 +1274,11 @@ do_page_fault(struct pt_regs *regs, unsi
15618 might_sleep();
15619 }
15620
15621+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
15622+ if (pax_handle_pageexec_fault(regs, mm, address, error_code))
15623+ return;
15624+#endif
15625+
15626 vma = find_vma(mm, address);
15627 if (unlikely(!vma)) {
15628 bad_area(regs, error_code, address);
15629@@ -1082,18 +1290,24 @@ do_page_fault(struct pt_regs *regs, unsi
15630 bad_area(regs, error_code, address);
15631 return;
15632 }
15633- if (error_code & PF_USER) {
15634- /*
15635- * Accessing the stack below %sp is always a bug.
15636- * The large cushion allows instructions like enter
15637- * and pusha to work. ("enter $65535, $31" pushes
15638- * 32 pointers and then decrements %sp by 65535.)
15639- */
15640- if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) {
15641- bad_area(regs, error_code, address);
15642- return;
15643- }
15644+ /*
15645+ * Accessing the stack below %sp is always a bug.
15646+ * The large cushion allows instructions like enter
15647+ * and pusha to work. ("enter $65535, $31" pushes
15648+ * 32 pointers and then decrements %sp by 65535.)
15649+ */
15650+ if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < task_pt_regs(tsk)->sp)) {
15651+ bad_area(regs, error_code, address);
15652+ return;
15653+ }
15654+
15655+#ifdef CONFIG_PAX_SEGMEXEC
15656+ if (unlikely((mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < address - SEGMEXEC_TASK_SIZE - 1)) {
15657+ bad_area(regs, error_code, address);
15658+ return;
15659 }
15660+#endif
15661+
15662 if (unlikely(expand_stack(vma, address))) {
15663 bad_area(regs, error_code, address);
15664 return;
15665@@ -1137,3 +1351,199 @@ good_area:
15666
15667 up_read(&mm->mmap_sem);
15668 }
15669+
15670+#ifdef CONFIG_PAX_EMUTRAMP
15671+static int pax_handle_fetch_fault_32(struct pt_regs *regs)
15672+{
15673+ int err;
15674+
15675+ do { /* PaX: gcc trampoline emulation #1 */
15676+ unsigned char mov1, mov2;
15677+ unsigned short jmp;
15678+ unsigned int addr1, addr2;
15679+
15680+#ifdef CONFIG_X86_64
15681+ if ((regs->ip + 11) >> 32)
15682+ break;
15683+#endif
15684+
15685+ err = get_user(mov1, (unsigned char __user *)regs->ip);
15686+ err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
15687+ err |= get_user(mov2, (unsigned char __user *)(regs->ip + 5));
15688+ err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
15689+ err |= get_user(jmp, (unsigned short __user *)(regs->ip + 10));
15690+
15691+ if (err)
15692+ break;
15693+
15694+ if (mov1 == 0xB9 && mov2 == 0xB8 && jmp == 0xE0FF) {
15695+ regs->cx = addr1;
15696+ regs->ax = addr2;
15697+ regs->ip = addr2;
15698+ return 2;
15699+ }
15700+ } while (0);
15701+
15702+ do { /* PaX: gcc trampoline emulation #2 */
15703+ unsigned char mov, jmp;
15704+ unsigned int addr1, addr2;
15705+
15706+#ifdef CONFIG_X86_64
15707+ if ((regs->ip + 9) >> 32)
15708+ break;
15709+#endif
15710+
15711+ err = get_user(mov, (unsigned char __user *)regs->ip);
15712+ err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
15713+ err |= get_user(jmp, (unsigned char __user *)(regs->ip + 5));
15714+ err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
15715+
15716+ if (err)
15717+ break;
15718+
15719+ if (mov == 0xB9 && jmp == 0xE9) {
15720+ regs->cx = addr1;
15721+ regs->ip = (unsigned int)(regs->ip + addr2 + 10);
15722+ return 2;
15723+ }
15724+ } while (0);
15725+
15726+ return 1; /* PaX in action */
15727+}
15728+
15729+#ifdef CONFIG_X86_64
15730+static int pax_handle_fetch_fault_64(struct pt_regs *regs)
15731+{
15732+ int err;
15733+
15734+ do { /* PaX: gcc trampoline emulation #1 */
15735+ unsigned short mov1, mov2, jmp1;
15736+ unsigned char jmp2;
15737+ unsigned int addr1;
15738+ unsigned long addr2;
15739+
15740+ err = get_user(mov1, (unsigned short __user *)regs->ip);
15741+ err |= get_user(addr1, (unsigned int __user *)(regs->ip + 2));
15742+ err |= get_user(mov2, (unsigned short __user *)(regs->ip + 6));
15743+ err |= get_user(addr2, (unsigned long __user *)(regs->ip + 8));
15744+ err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 16));
15745+ err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 18));
15746+
15747+ if (err)
15748+ break;
15749+
15750+ if (mov1 == 0xBB41 && mov2 == 0xBA49 && jmp1 == 0xFF49 && jmp2 == 0xE3) {
15751+ regs->r11 = addr1;
15752+ regs->r10 = addr2;
15753+ regs->ip = addr1;
15754+ return 2;
15755+ }
15756+ } while (0);
15757+
15758+ do { /* PaX: gcc trampoline emulation #2 */
15759+ unsigned short mov1, mov2, jmp1;
15760+ unsigned char jmp2;
15761+ unsigned long addr1, addr2;
15762+
15763+ err = get_user(mov1, (unsigned short __user *)regs->ip);
15764+ err |= get_user(addr1, (unsigned long __user *)(regs->ip + 2));
15765+ err |= get_user(mov2, (unsigned short __user *)(regs->ip + 10));
15766+ err |= get_user(addr2, (unsigned long __user *)(regs->ip + 12));
15767+ err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 20));
15768+ err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 22));
15769+
15770+ if (err)
15771+ break;
15772+
15773+ if (mov1 == 0xBB49 && mov2 == 0xBA49 && jmp1 == 0xFF49 && jmp2 == 0xE3) {
15774+ regs->r11 = addr1;
15775+ regs->r10 = addr2;
15776+ regs->ip = addr1;
15777+ return 2;
15778+ }
15779+ } while (0);
15780+
15781+ return 1; /* PaX in action */
15782+}
15783+#endif
15784+
15785+/*
15786+ * PaX: decide what to do with offenders (regs->ip = fault address)
15787+ *
15788+ * returns 1 when task should be killed
15789+ * 2 when gcc trampoline was detected
15790+ */
15791+static int pax_handle_fetch_fault(struct pt_regs *regs)
15792+{
15793+ if (v8086_mode(regs))
15794+ return 1;
15795+
15796+ if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
15797+ return 1;
15798+
15799+#ifdef CONFIG_X86_32
15800+ return pax_handle_fetch_fault_32(regs);
15801+#else
15802+ if (regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT))
15803+ return pax_handle_fetch_fault_32(regs);
15804+ else
15805+ return pax_handle_fetch_fault_64(regs);
15806+#endif
15807+}
15808+#endif
15809+
15810+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
15811+void pax_report_insns(void *pc, void *sp)
15812+{
15813+ long i;
15814+
15815+ printk(KERN_ERR "PAX: bytes at PC: ");
15816+ for (i = 0; i < 20; i++) {
15817+ unsigned char c;
15818+ if (get_user(c, (__force unsigned char __user *)pc+i))
15819+ printk(KERN_CONT "?? ");
15820+ else
15821+ printk(KERN_CONT "%02x ", c);
15822+ }
15823+ printk("\n");
15824+
15825+ printk(KERN_ERR "PAX: bytes at SP-%lu: ", (unsigned long)sizeof(long));
15826+ for (i = -1; i < 80 / (long)sizeof(long); i++) {
15827+ unsigned long c;
15828+ if (get_user(c, (__force unsigned long __user *)sp+i))
15829+#ifdef CONFIG_X86_32
15830+ printk(KERN_CONT "???????? ");
15831+#else
15832+ printk(KERN_CONT "???????????????? ");
15833+#endif
15834+ else
15835+ printk(KERN_CONT "%0*lx ", 2 * (int)sizeof(long), c);
15836+ }
15837+ printk("\n");
15838+}
15839+#endif
15840+
15841+/**
15842+ * probe_kernel_write(): safely attempt to write to a location
15843+ * @dst: address to write to
15844+ * @src: pointer to the data that shall be written
15845+ * @size: size of the data chunk
15846+ *
15847+ * Safely write to address @dst from the buffer at @src. If a kernel fault
15848+ * happens, handle that and return -EFAULT.
15849+ */
15850+long notrace probe_kernel_write(void *dst, const void *src, size_t size)
15851+{
15852+ long ret;
15853+ mm_segment_t old_fs = get_fs();
15854+
15855+ set_fs(KERNEL_DS);
15856+ pagefault_disable();
15857+ pax_open_kernel();
15858+ ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
15859+ pax_close_kernel();
15860+ pagefault_enable();
15861+ set_fs(old_fs);
15862+
15863+ return ret ? -EFAULT : 0;
15864+}
15865diff -urNp linux-2.6.32.8/arch/x86/mm/gup.c linux-2.6.32.8/arch/x86/mm/gup.c
15866--- linux-2.6.32.8/arch/x86/mm/gup.c 2010-02-09 07:57:19.000000000 -0500
15867+++ linux-2.6.32.8/arch/x86/mm/gup.c 2010-02-13 21:45:09.955769141 -0500
15868@@ -237,7 +237,7 @@ int __get_user_pages_fast(unsigned long
15869 addr = start;
15870 len = (unsigned long) nr_pages << PAGE_SHIFT;
15871 end = start + len;
15872- if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
15873+ if (unlikely(!__access_ok(write ? VERIFY_WRITE : VERIFY_READ,
15874 (void __user *)start, len)))
15875 return 0;
15876
15877diff -urNp linux-2.6.32.8/arch/x86/mm/highmem_32.c linux-2.6.32.8/arch/x86/mm/highmem_32.c
15878--- linux-2.6.32.8/arch/x86/mm/highmem_32.c 2010-02-09 07:57:19.000000000 -0500
15879+++ linux-2.6.32.8/arch/x86/mm/highmem_32.c 2010-02-13 21:45:09.955769141 -0500
15880@@ -43,7 +43,10 @@ void *kmap_atomic_prot(struct page *page
15881 idx = type + KM_TYPE_NR*smp_processor_id();
15882 vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx);
15883 BUG_ON(!pte_none(*(kmap_pte-idx)));
15884+
15885+ pax_open_kernel();
15886 set_pte(kmap_pte-idx, mk_pte(page, prot));
15887+ pax_close_kernel();
15888
15889 return (void *)vaddr;
15890 }
15891diff -urNp linux-2.6.32.8/arch/x86/mm/hugetlbpage.c linux-2.6.32.8/arch/x86/mm/hugetlbpage.c
15892--- linux-2.6.32.8/arch/x86/mm/hugetlbpage.c 2010-02-09 07:57:19.000000000 -0500
15893+++ linux-2.6.32.8/arch/x86/mm/hugetlbpage.c 2010-02-13 21:45:09.956759932 -0500
15894@@ -267,13 +267,18 @@ static unsigned long hugetlb_get_unmappe
15895 struct hstate *h = hstate_file(file);
15896 struct mm_struct *mm = current->mm;
15897 struct vm_area_struct *vma;
15898- unsigned long start_addr;
15899+ unsigned long start_addr, pax_task_size = TASK_SIZE;
15900+
15901+#ifdef CONFIG_PAX_SEGMEXEC
15902+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
15903+ pax_task_size = SEGMEXEC_TASK_SIZE;
15904+#endif
15905
15906 if (len > mm->cached_hole_size) {
15907- start_addr = mm->free_area_cache;
15908+ start_addr = mm->free_area_cache;
15909 } else {
15910- start_addr = TASK_UNMAPPED_BASE;
15911- mm->cached_hole_size = 0;
15912+ start_addr = mm->mmap_base;
15913+ mm->cached_hole_size = 0;
15914 }
15915
15916 full_search:
15917@@ -281,13 +286,13 @@ full_search:
15918
15919 for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
15920 /* At this point: (!vma || addr < vma->vm_end). */
15921- if (TASK_SIZE - len < addr) {
15922+ if (pax_task_size - len < addr) {
15923 /*
15924 * Start a new search - just in case we missed
15925 * some holes.
15926 */
15927- if (start_addr != TASK_UNMAPPED_BASE) {
15928- start_addr = TASK_UNMAPPED_BASE;
15929+ if (start_addr != mm->mmap_base) {
15930+ start_addr = mm->mmap_base;
15931 mm->cached_hole_size = 0;
15932 goto full_search;
15933 }
15934@@ -310,9 +315,8 @@ static unsigned long hugetlb_get_unmappe
15935 struct hstate *h = hstate_file(file);
15936 struct mm_struct *mm = current->mm;
15937 struct vm_area_struct *vma, *prev_vma;
15938- unsigned long base = mm->mmap_base, addr = addr0;
15939+ unsigned long base = mm->mmap_base, addr;
15940 unsigned long largest_hole = mm->cached_hole_size;
15941- int first_time = 1;
15942
15943 /* don't allow allocations above current base */
15944 if (mm->free_area_cache > base)
15945@@ -322,7 +326,7 @@ static unsigned long hugetlb_get_unmappe
15946 largest_hole = 0;
15947 mm->free_area_cache = base;
15948 }
15949-try_again:
15950+
15951 /* make sure it can fit in the remaining address space */
15952 if (mm->free_area_cache < len)
15953 goto fail;
15954@@ -364,22 +368,26 @@ try_again:
15955
15956 fail:
15957 /*
15958- * if hint left us with no space for the requested
15959- * mapping then try again:
15960- */
15961- if (first_time) {
15962- mm->free_area_cache = base;
15963- largest_hole = 0;
15964- first_time = 0;
15965- goto try_again;
15966- }
15967- /*
15968 * A failed mmap() very likely causes application failure,
15969 * so fall back to the bottom-up function here. This scenario
15970 * can happen with large stack limits and large mmap()
15971 * allocations.
15972 */
15973- mm->free_area_cache = TASK_UNMAPPED_BASE;
15974+
15975+#ifdef CONFIG_PAX_SEGMEXEC
15976+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
15977+ mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE;
15978+ else
15979+#endif
15980+
15981+ mm->mmap_base = TASK_UNMAPPED_BASE;
15982+
15983+#ifdef CONFIG_PAX_RANDMMAP
15984+ if (mm->pax_flags & MF_PAX_RANDMMAP)
15985+ mm->mmap_base += mm->delta_mmap;
15986+#endif
15987+
15988+ mm->free_area_cache = mm->mmap_base;
15989 mm->cached_hole_size = ~0UL;
15990 addr = hugetlb_get_unmapped_area_bottomup(file, addr0,
15991 len, pgoff, flags);
15992@@ -387,6 +395,7 @@ fail:
15993 /*
15994 * Restore the topdown base:
15995 */
15996+ mm->mmap_base = base;
15997 mm->free_area_cache = base;
15998 mm->cached_hole_size = ~0UL;
15999
16000@@ -400,10 +409,17 @@ hugetlb_get_unmapped_area(struct file *f
16001 struct hstate *h = hstate_file(file);
16002 struct mm_struct *mm = current->mm;
16003 struct vm_area_struct *vma;
16004+ unsigned long pax_task_size = TASK_SIZE;
16005
16006 if (len & ~huge_page_mask(h))
16007 return -EINVAL;
16008- if (len > TASK_SIZE)
16009+
16010+#ifdef CONFIG_PAX_SEGMEXEC
16011+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
16012+ pax_task_size = SEGMEXEC_TASK_SIZE;
16013+#endif
16014+
16015+ if (len > pax_task_size)
16016 return -ENOMEM;
16017
16018 if (flags & MAP_FIXED) {
16019@@ -415,7 +431,7 @@ hugetlb_get_unmapped_area(struct file *f
16020 if (addr) {
16021 addr = ALIGN(addr, huge_page_size(h));
16022 vma = find_vma(mm, addr);
16023- if (TASK_SIZE - len >= addr &&
16024+ if (pax_task_size - len >= addr &&
16025 (!vma || addr + len <= vma->vm_start))
16026 return addr;
16027 }
16028diff -urNp linux-2.6.32.8/arch/x86/mm/init_32.c linux-2.6.32.8/arch/x86/mm/init_32.c
16029--- linux-2.6.32.8/arch/x86/mm/init_32.c 2010-02-09 07:57:19.000000000 -0500
16030+++ linux-2.6.32.8/arch/x86/mm/init_32.c 2010-02-13 21:45:09.956759932 -0500
16031@@ -72,36 +72,6 @@ static __init void *alloc_low_page(void)
16032 }
16033
16034 /*
16035- * Creates a middle page table and puts a pointer to it in the
16036- * given global directory entry. This only returns the gd entry
16037- * in non-PAE compilation mode, since the middle layer is folded.
16038- */
16039-static pmd_t * __init one_md_table_init(pgd_t *pgd)
16040-{
16041- pud_t *pud;
16042- pmd_t *pmd_table;
16043-
16044-#ifdef CONFIG_X86_PAE
16045- if (!(pgd_val(*pgd) & _PAGE_PRESENT)) {
16046- if (after_bootmem)
16047- pmd_table = (pmd_t *)alloc_bootmem_pages(PAGE_SIZE);
16048- else
16049- pmd_table = (pmd_t *)alloc_low_page();
16050- paravirt_alloc_pmd(&init_mm, __pa(pmd_table) >> PAGE_SHIFT);
16051- set_pgd(pgd, __pgd(__pa(pmd_table) | _PAGE_PRESENT));
16052- pud = pud_offset(pgd, 0);
16053- BUG_ON(pmd_table != pmd_offset(pud, 0));
16054-
16055- return pmd_table;
16056- }
16057-#endif
16058- pud = pud_offset(pgd, 0);
16059- pmd_table = pmd_offset(pud, 0);
16060-
16061- return pmd_table;
16062-}
16063-
16064-/*
16065 * Create a page table and place a pointer to it in a middle page
16066 * directory entry:
16067 */
16068@@ -121,13 +91,28 @@ static pte_t * __init one_page_table_ini
16069 page_table = (pte_t *)alloc_low_page();
16070
16071 paravirt_alloc_pte(&init_mm, __pa(page_table) >> PAGE_SHIFT);
16072+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
16073+ set_pmd(pmd, __pmd(__pa(page_table) | _KERNPG_TABLE));
16074+#else
16075 set_pmd(pmd, __pmd(__pa(page_table) | _PAGE_TABLE));
16076+#endif
16077 BUG_ON(page_table != pte_offset_kernel(pmd, 0));
16078 }
16079
16080 return pte_offset_kernel(pmd, 0);
16081 }
16082
16083+static pmd_t * __init one_md_table_init(pgd_t *pgd)
16084+{
16085+ pud_t *pud;
16086+ pmd_t *pmd_table;
16087+
16088+ pud = pud_offset(pgd, 0);
16089+ pmd_table = pmd_offset(pud, 0);
16090+
16091+ return pmd_table;
16092+}
16093+
16094 pmd_t * __init populate_extra_pmd(unsigned long vaddr)
16095 {
16096 int pgd_idx = pgd_index(vaddr);
16097@@ -201,6 +186,7 @@ page_table_range_init(unsigned long star
16098 int pgd_idx, pmd_idx;
16099 unsigned long vaddr;
16100 pgd_t *pgd;
16101+ pud_t *pud;
16102 pmd_t *pmd;
16103 pte_t *pte = NULL;
16104
16105@@ -210,8 +196,13 @@ page_table_range_init(unsigned long star
16106 pgd = pgd_base + pgd_idx;
16107
16108 for ( ; (pgd_idx < PTRS_PER_PGD) && (vaddr != end); pgd++, pgd_idx++) {
16109- pmd = one_md_table_init(pgd);
16110- pmd = pmd + pmd_index(vaddr);
16111+ pud = pud_offset(pgd, vaddr);
16112+ pmd = pmd_offset(pud, vaddr);
16113+
16114+#ifdef CONFIG_X86_PAE
16115+ paravirt_alloc_pmd(&init_mm, __pa(pmd) >> PAGE_SHIFT);
16116+#endif
16117+
16118 for (; (pmd_idx < PTRS_PER_PMD) && (vaddr != end);
16119 pmd++, pmd_idx++) {
16120 pte = page_table_kmap_check(one_page_table_init(pmd),
16121@@ -223,11 +214,20 @@ page_table_range_init(unsigned long star
16122 }
16123 }
16124
16125-static inline int is_kernel_text(unsigned long addr)
16126+static inline int is_kernel_text(unsigned long start, unsigned long end)
16127 {
16128- if (addr >= PAGE_OFFSET && addr <= (unsigned long)__init_end)
16129- return 1;
16130- return 0;
16131+ if ((start > ktla_ktva((unsigned long)_etext) ||
16132+ end <= ktla_ktva((unsigned long)_stext)) &&
16133+ (start > ktla_ktva((unsigned long)_einittext) ||
16134+ end <= ktla_ktva((unsigned long)_sinittext)) &&
16135+
16136+#ifdef CONFIG_ACPI_SLEEP
16137+ (start > (unsigned long)__va(acpi_wakeup_address) + 0x4000 || end <= (unsigned long)__va(acpi_wakeup_address)) &&
16138+#endif
16139+
16140+ (start > (unsigned long)__va(0xfffff) || end <= (unsigned long)__va(0xc0000)))
16141+ return 0;
16142+ return 1;
16143 }
16144
16145 /*
16146@@ -243,9 +243,10 @@ kernel_physical_mapping_init(unsigned lo
16147 int use_pse = page_size_mask == (1<<PG_LEVEL_2M);
16148 unsigned long start_pfn, end_pfn;
16149 pgd_t *pgd_base = swapper_pg_dir;
16150- int pgd_idx, pmd_idx, pte_ofs;
16151+ unsigned int pgd_idx, pmd_idx, pte_ofs;
16152 unsigned long pfn;
16153 pgd_t *pgd;
16154+ pud_t *pud;
16155 pmd_t *pmd;
16156 pte_t *pte;
16157 unsigned pages_2m, pages_4k;
16158@@ -278,8 +279,13 @@ repeat:
16159 pfn = start_pfn;
16160 pgd_idx = pgd_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
16161 pgd = pgd_base + pgd_idx;
16162- for (; pgd_idx < PTRS_PER_PGD; pgd++, pgd_idx++) {
16163- pmd = one_md_table_init(pgd);
16164+ for (; pgd_idx < PTRS_PER_PGD && pfn < max_low_pfn; pgd++, pgd_idx++) {
16165+ pud = pud_offset(pgd, 0);
16166+ pmd = pmd_offset(pud, 0);
16167+
16168+#ifdef CONFIG_X86_PAE
16169+ paravirt_alloc_pmd(&init_mm, __pa(pmd) >> PAGE_SHIFT);
16170+#endif
16171
16172 if (pfn >= end_pfn)
16173 continue;
16174@@ -291,14 +297,13 @@ repeat:
16175 #endif
16176 for (; pmd_idx < PTRS_PER_PMD && pfn < end_pfn;
16177 pmd++, pmd_idx++) {
16178- unsigned int addr = pfn * PAGE_SIZE + PAGE_OFFSET;
16179+ unsigned long address = pfn * PAGE_SIZE + PAGE_OFFSET;
16180
16181 /*
16182 * Map with big pages if possible, otherwise
16183 * create normal page tables:
16184 */
16185 if (use_pse) {
16186- unsigned int addr2;
16187 pgprot_t prot = PAGE_KERNEL_LARGE;
16188 /*
16189 * first pass will use the same initial
16190@@ -308,11 +313,7 @@ repeat:
16191 __pgprot(PTE_IDENT_ATTR |
16192 _PAGE_PSE);
16193
16194- addr2 = (pfn + PTRS_PER_PTE-1) * PAGE_SIZE +
16195- PAGE_OFFSET + PAGE_SIZE-1;
16196-
16197- if (is_kernel_text(addr) ||
16198- is_kernel_text(addr2))
16199+ if (is_kernel_text(address, address + PMD_SIZE))
16200 prot = PAGE_KERNEL_LARGE_EXEC;
16201
16202 pages_2m++;
16203@@ -329,7 +330,7 @@ repeat:
16204 pte_ofs = pte_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
16205 pte += pte_ofs;
16206 for (; pte_ofs < PTRS_PER_PTE && pfn < end_pfn;
16207- pte++, pfn++, pte_ofs++, addr += PAGE_SIZE) {
16208+ pte++, pfn++, pte_ofs++, address += PAGE_SIZE) {
16209 pgprot_t prot = PAGE_KERNEL;
16210 /*
16211 * first pass will use the same initial
16212@@ -337,7 +338,7 @@ repeat:
16213 */
16214 pgprot_t init_prot = __pgprot(PTE_IDENT_ATTR);
16215
16216- if (is_kernel_text(addr))
16217+ if (is_kernel_text(address, address + PAGE_SIZE))
16218 prot = PAGE_KERNEL_EXEC;
16219
16220 pages_4k++;
16221@@ -489,7 +490,7 @@ void __init native_pagetable_setup_start
16222
16223 pud = pud_offset(pgd, va);
16224 pmd = pmd_offset(pud, va);
16225- if (!pmd_present(*pmd))
16226+ if (!pmd_present(*pmd) || pmd_huge(*pmd))
16227 break;
16228
16229 pte = pte_offset_kernel(pmd, va);
16230@@ -541,9 +542,7 @@ void __init early_ioremap_page_table_ran
16231
16232 static void __init pagetable_init(void)
16233 {
16234- pgd_t *pgd_base = swapper_pg_dir;
16235-
16236- permanent_kmaps_init(pgd_base);
16237+ permanent_kmaps_init(swapper_pg_dir);
16238 }
16239
16240 #ifdef CONFIG_ACPI_SLEEP
16241@@ -551,12 +550,12 @@ static void __init pagetable_init(void)
16242 * ACPI suspend needs this for resume, because things like the intel-agp
16243 * driver might have split up a kernel 4MB mapping.
16244 */
16245-char swsusp_pg_dir[PAGE_SIZE]
16246+pgd_t swsusp_pg_dir[PTRS_PER_PGD]
16247 __attribute__ ((aligned(PAGE_SIZE)));
16248
16249 static inline void save_pg_dir(void)
16250 {
16251- memcpy(swsusp_pg_dir, swapper_pg_dir, PAGE_SIZE);
16252+ clone_pgd_range(swsusp_pg_dir, swapper_pg_dir, PTRS_PER_PGD);
16253 }
16254 #else /* !CONFIG_ACPI_SLEEP */
16255 static inline void save_pg_dir(void)
16256@@ -588,7 +587,7 @@ void zap_low_mappings(bool early)
16257 flush_tlb_all();
16258 }
16259
16260-pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL | _PAGE_IOMAP);
16261+pteval_t __supported_pte_mask __read_only = ~(_PAGE_NX | _PAGE_GLOBAL | _PAGE_IOMAP);
16262 EXPORT_SYMBOL_GPL(__supported_pte_mask);
16263
16264 /* user-defined highmem size */
16265@@ -881,7 +880,7 @@ void __init mem_init(void)
16266 set_highmem_pages_init();
16267
16268 codesize = (unsigned long) &_etext - (unsigned long) &_text;
16269- datasize = (unsigned long) &_edata - (unsigned long) &_etext;
16270+ datasize = (unsigned long) &_edata - (unsigned long) &_sdata;
16271 initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin;
16272
16273 printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, "
16274@@ -923,10 +922,10 @@ void __init mem_init(void)
16275 ((unsigned long)&__init_end -
16276 (unsigned long)&__init_begin) >> 10,
16277
16278- (unsigned long)&_etext, (unsigned long)&_edata,
16279- ((unsigned long)&_edata - (unsigned long)&_etext) >> 10,
16280+ (unsigned long)&_sdata, (unsigned long)&_edata,
16281+ ((unsigned long)&_edata - (unsigned long)&_sdata) >> 10,
16282
16283- (unsigned long)&_text, (unsigned long)&_etext,
16284+ ktla_ktva((unsigned long)&_text), ktla_ktva((unsigned long)&_etext),
16285 ((unsigned long)&_etext - (unsigned long)&_text) >> 10);
16286
16287 /*
16288@@ -1007,6 +1006,7 @@ void set_kernel_text_rw(void)
16289 if (!kernel_set_to_readonly)
16290 return;
16291
16292+ start = ktla_ktva(start);
16293 pr_debug("Set kernel text: %lx - %lx for read write\n",
16294 start, start+size);
16295
16296@@ -1021,6 +1021,7 @@ void set_kernel_text_ro(void)
16297 if (!kernel_set_to_readonly)
16298 return;
16299
16300+ start = ktla_ktva(start);
16301 pr_debug("Set kernel text: %lx - %lx for read only\n",
16302 start, start+size);
16303
16304@@ -1032,6 +1033,7 @@ void mark_rodata_ro(void)
16305 unsigned long start = PFN_ALIGN(_text);
16306 unsigned long size = PFN_ALIGN(_etext) - start;
16307
16308+ start = ktla_ktva(start);
16309 set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
16310 printk(KERN_INFO "Write protecting the kernel text: %luk\n",
16311 size >> 10);
16312diff -urNp linux-2.6.32.8/arch/x86/mm/init_64.c linux-2.6.32.8/arch/x86/mm/init_64.c
16313--- linux-2.6.32.8/arch/x86/mm/init_64.c 2010-02-09 07:57:19.000000000 -0500
16314+++ linux-2.6.32.8/arch/x86/mm/init_64.c 2010-02-13 21:45:09.956759932 -0500
16315@@ -163,7 +163,9 @@ void set_pte_vaddr_pud(pud_t *pud_page,
16316 pmd = fill_pmd(pud, vaddr);
16317 pte = fill_pte(pmd, vaddr);
16318
16319+ pax_open_kernel();
16320 set_pte(pte, new_pte);
16321+ pax_close_kernel();
16322
16323 /*
16324 * It's enough to flush this one mapping.
16325@@ -222,14 +224,12 @@ static void __init __init_extra_mapping(
16326 pgd = pgd_offset_k((unsigned long)__va(phys));
16327 if (pgd_none(*pgd)) {
16328 pud = (pud_t *) spp_getpage();
16329- set_pgd(pgd, __pgd(__pa(pud) | _KERNPG_TABLE |
16330- _PAGE_USER));
16331+ set_pgd(pgd, __pgd(__pa(pud) | _PAGE_TABLE));
16332 }
16333 pud = pud_offset(pgd, (unsigned long)__va(phys));
16334 if (pud_none(*pud)) {
16335 pmd = (pmd_t *) spp_getpage();
16336- set_pud(pud, __pud(__pa(pmd) | _KERNPG_TABLE |
16337- _PAGE_USER));
16338+ set_pud(pud, __pud(__pa(pmd) | _PAGE_TABLE));
16339 }
16340 pmd = pmd_offset(pud, phys);
16341 BUG_ON(!pmd_none(*pmd));
16342@@ -842,8 +842,8 @@ int kern_addr_valid(unsigned long addr)
16343 static struct vm_area_struct gate_vma = {
16344 .vm_start = VSYSCALL_START,
16345 .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE),
16346- .vm_page_prot = PAGE_READONLY_EXEC,
16347- .vm_flags = VM_READ | VM_EXEC
16348+ .vm_page_prot = PAGE_READONLY,
16349+ .vm_flags = VM_READ
16350 };
16351
16352 struct vm_area_struct *get_gate_vma(struct task_struct *tsk)
16353@@ -877,7 +877,7 @@ int in_gate_area_no_task(unsigned long a
16354
16355 const char *arch_vma_name(struct vm_area_struct *vma)
16356 {
16357- if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso)
16358+ if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso)
16359 return "[vdso]";
16360 if (vma == &gate_vma)
16361 return "[vsyscall]";
16362diff -urNp linux-2.6.32.8/arch/x86/mm/init.c linux-2.6.32.8/arch/x86/mm/init.c
16363--- linux-2.6.32.8/arch/x86/mm/init.c 2010-02-09 07:57:19.000000000 -0500
16364+++ linux-2.6.32.8/arch/x86/mm/init.c 2010-02-13 21:45:09.956759932 -0500
16365@@ -331,7 +331,13 @@ unsigned long __init_refok init_memory_m
16366 */
16367 int devmem_is_allowed(unsigned long pagenr)
16368 {
16369- if (pagenr <= 256)
16370+ if (!pagenr)
16371+ return 1;
16372+#ifdef CONFIG_VM86
16373+ if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT))
16374+ return 1;
16375+#endif
16376+ if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
16377 return 1;
16378 if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
16379 return 0;
16380@@ -379,6 +385,83 @@ void free_init_pages(char *what, unsigne
16381
16382 void free_initmem(void)
16383 {
16384+
16385+#ifdef CONFIG_PAX_KERNEXEC
16386+ pgd_t *pgd;
16387+ pud_t *pud;
16388+ pmd_t *pmd;
16389+
16390+#ifdef CONFIG_X86_32
16391+ /* PaX: limit KERNEL_CS to actual size */
16392+ unsigned long addr, limit;
16393+ struct desc_struct d;
16394+ int cpu;
16395+
16396+ limit = paravirt_enabled() ? ktva_ktla(0xffffffff) : (unsigned long)&_etext;
16397+ limit = (limit - 1UL) >> PAGE_SHIFT;
16398+
16399+ memset(__LOAD_PHYSICAL_ADDR + PAGE_OFFSET, POISON_FREE_INITMEM, PAGE_SIZE);
16400+ for (cpu = 0; cpu < NR_CPUS; cpu++) {
16401+ pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
16402+ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
16403+ }
16404+
16405+ /* PaX: make KERNEL_CS read-only */
16406+ addr = PFN_ALIGN(ktla_ktva((unsigned long)&_text));
16407+ if (!paravirt_enabled())
16408+ set_memory_ro(addr, (PFN_ALIGN(_sdata) - addr) >> PAGE_SHIFT);
16409+/*
16410+ for (addr = ktla_ktva((unsigned long)&_text); addr < (unsigned long)&_sdata; addr += PMD_SIZE) {
16411+ pgd = pgd_offset_k(addr);
16412+ pud = pud_offset(pgd, addr);
16413+ pmd = pmd_offset(pud, addr);
16414+ set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
16415+ }
16416+*/
16417+#ifdef CONFIG_X86_PAE
16418+ set_memory_nx(PFN_ALIGN(__init_begin), (PFN_ALIGN(__init_end) - PFN_ALIGN(__init_begin)) >> PAGE_SHIFT);
16419+ for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) {
16420+ pgd = pgd_offset_k(addr);
16421+ pud = pud_offset(pgd, addr);
16422+ pmd = pmd_offset(pud, addr);
16423+ set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
16424+ }
16425+#endif
16426+
16427+#ifdef CONFIG_MODULES
16428+ set_memory_4k((unsigned long)MODULES_EXEC_VADDR, (MODULES_EXEC_END - MODULES_EXEC_VADDR) >> PAGE_SHIFT);
16429+#endif
16430+
16431+#else
16432+ unsigned long addr, end;
16433+
16434+ /* PaX: make kernel code/rodata read-only, rest non-executable */
16435+ for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
16436+ pgd = pgd_offset_k(addr);
16437+ pud = pud_offset(pgd, addr);
16438+ pmd = pmd_offset(pud, addr);
16439+ if ((unsigned long)_text <= addr && addr < (unsigned long)_sdata)
16440+ set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
16441+ else
16442+ set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
16443+ }
16444+
16445+ addr = (unsigned long)__va(__pa(__START_KERNEL_map));
16446+ end = addr + KERNEL_IMAGE_SIZE;
16447+ for (; addr < end; addr += PMD_SIZE) {
16448+ pgd = pgd_offset_k(addr);
16449+ pud = pud_offset(pgd, addr);
16450+ pmd = pmd_offset(pud, addr);
16451+ if ((unsigned long)__va(__pa(_text)) <= addr && addr < (unsigned long)__va(__pa(_sdata)))
16452+ set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
16453+ else
16454+ set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
16455+ }
16456+#endif
16457+
16458+ flush_tlb_all();
16459+#endif
16460+
16461 free_init_pages("unused kernel memory",
16462 (unsigned long)(&__init_begin),
16463 (unsigned long)(&__init_end));
16464diff -urNp linux-2.6.32.8/arch/x86/mm/iomap_32.c linux-2.6.32.8/arch/x86/mm/iomap_32.c
16465--- linux-2.6.32.8/arch/x86/mm/iomap_32.c 2010-02-09 07:57:19.000000000 -0500
16466+++ linux-2.6.32.8/arch/x86/mm/iomap_32.c 2010-02-13 21:45:09.957914582 -0500
16467@@ -65,7 +65,11 @@ void *kmap_atomic_prot_pfn(unsigned long
16468 debug_kmap_atomic(type);
16469 idx = type + KM_TYPE_NR * smp_processor_id();
16470 vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx);
16471+
16472+ pax_open_kernel();
16473 set_pte(kmap_pte - idx, pfn_pte(pfn, prot));
16474+ pax_close_kernel();
16475+
16476 arch_flush_lazy_mmu_mode();
16477
16478 return (void *)vaddr;
16479diff -urNp linux-2.6.32.8/arch/x86/mm/ioremap.c linux-2.6.32.8/arch/x86/mm/ioremap.c
16480--- linux-2.6.32.8/arch/x86/mm/ioremap.c 2010-02-09 07:57:19.000000000 -0500
16481+++ linux-2.6.32.8/arch/x86/mm/ioremap.c 2010-02-13 21:45:09.957914582 -0500
16482@@ -41,8 +41,8 @@ int page_is_ram(unsigned long pagenr)
16483 * Second special case: Some BIOSen report the PC BIOS
16484 * area (640->1Mb) as ram even though it is not.
16485 */
16486- if (pagenr >= (BIOS_BEGIN >> PAGE_SHIFT) &&
16487- pagenr < (BIOS_END >> PAGE_SHIFT))
16488+ if (pagenr >= (ISA_START_ADDRESS >> PAGE_SHIFT) &&
16489+ pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
16490 return 0;
16491
16492 for (i = 0; i < e820.nr_map; i++) {
16493@@ -137,10 +137,7 @@ static void __iomem *__ioremap_caller(re
16494 /*
16495 * Don't allow anybody to remap normal RAM that we're using..
16496 */
16497- for (pfn = phys_addr >> PAGE_SHIFT;
16498- (pfn << PAGE_SHIFT) < (last_addr & PAGE_MASK);
16499- pfn++) {
16500-
16501+ for (pfn = phys_addr >> PAGE_SHIFT; ((resource_size_t)pfn << PAGE_SHIFT) < (last_addr & PAGE_MASK); pfn++) {
16502 int is_ram = page_is_ram(pfn);
16503
16504 if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn)))
16505@@ -407,7 +404,7 @@ static int __init early_ioremap_debug_se
16506 early_param("early_ioremap_debug", early_ioremap_debug_setup);
16507
16508 static __initdata int after_paging_init;
16509-static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __page_aligned_bss;
16510+static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __read_only __aligned(PAGE_SIZE);
16511
16512 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
16513 {
16514@@ -439,8 +436,7 @@ void __init early_ioremap_init(void)
16515 slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i);
16516
16517 pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
16518- memset(bm_pte, 0, sizeof(bm_pte));
16519- pmd_populate_kernel(&init_mm, pmd, bm_pte);
16520+ pmd_populate_user(&init_mm, pmd, bm_pte);
16521
16522 /*
16523 * The boot-ioremap range spans multiple pmds, for which
16524diff -urNp linux-2.6.32.8/arch/x86/mm/mmap.c linux-2.6.32.8/arch/x86/mm/mmap.c
16525--- linux-2.6.32.8/arch/x86/mm/mmap.c 2010-02-09 07:57:19.000000000 -0500
16526+++ linux-2.6.32.8/arch/x86/mm/mmap.c 2010-02-13 21:45:09.957914582 -0500
16527@@ -49,7 +49,7 @@ static unsigned int stack_maxrandom_size
16528 * Leave an at least ~128 MB hole with possible stack randomization.
16529 */
16530 #define MIN_GAP (128*1024*1024UL + stack_maxrandom_size())
16531-#define MAX_GAP (TASK_SIZE/6*5)
16532+#define MAX_GAP (pax_task_size/6*5)
16533
16534 /*
16535 * True on X86_32 or when emulating IA32 on X86_64
16536@@ -94,27 +94,40 @@ static unsigned long mmap_rnd(void)
16537 return rnd << PAGE_SHIFT;
16538 }
16539
16540-static unsigned long mmap_base(void)
16541+static unsigned long mmap_base(struct mm_struct *mm)
16542 {
16543 unsigned long gap = current->signal->rlim[RLIMIT_STACK].rlim_cur;
16544+ unsigned long pax_task_size = TASK_SIZE;
16545+
16546+#ifdef CONFIG_PAX_SEGMEXEC
16547+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
16548+ pax_task_size = SEGMEXEC_TASK_SIZE;
16549+#endif
16550
16551 if (gap < MIN_GAP)
16552 gap = MIN_GAP;
16553 else if (gap > MAX_GAP)
16554 gap = MAX_GAP;
16555
16556- return PAGE_ALIGN(TASK_SIZE - gap - mmap_rnd());
16557+ return PAGE_ALIGN(pax_task_size - gap - mmap_rnd());
16558 }
16559
16560 /*
16561 * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64
16562 * does, but not when emulating X86_32
16563 */
16564-static unsigned long mmap_legacy_base(void)
16565+static unsigned long mmap_legacy_base(struct mm_struct *mm)
16566 {
16567- if (mmap_is_ia32())
16568+ if (mmap_is_ia32()) {
16569+
16570+#ifdef CONFIG_PAX_SEGMEXEC
16571+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
16572+ return SEGMEXEC_TASK_UNMAPPED_BASE;
16573+ else
16574+#endif
16575+
16576 return TASK_UNMAPPED_BASE;
16577- else
16578+ } else
16579 return TASK_UNMAPPED_BASE + mmap_rnd();
16580 }
16581
16582@@ -125,11 +138,23 @@ static unsigned long mmap_legacy_base(vo
16583 void arch_pick_mmap_layout(struct mm_struct *mm)
16584 {
16585 if (mmap_is_legacy()) {
16586- mm->mmap_base = mmap_legacy_base();
16587+ mm->mmap_base = mmap_legacy_base(mm);
16588+
16589+#ifdef CONFIG_PAX_RANDMMAP
16590+ if (mm->pax_flags & MF_PAX_RANDMMAP)
16591+ mm->mmap_base += mm->delta_mmap;
16592+#endif
16593+
16594 mm->get_unmapped_area = arch_get_unmapped_area;
16595 mm->unmap_area = arch_unmap_area;
16596 } else {
16597- mm->mmap_base = mmap_base();
16598+ mm->mmap_base = mmap_base(mm);
16599+
16600+#ifdef CONFIG_PAX_RANDMMAP
16601+ if (mm->pax_flags & MF_PAX_RANDMMAP)
16602+ mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
16603+#endif
16604+
16605 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
16606 mm->unmap_area = arch_unmap_area_topdown;
16607 }
16608diff -urNp linux-2.6.32.8/arch/x86/mm/numa_32.c linux-2.6.32.8/arch/x86/mm/numa_32.c
16609--- linux-2.6.32.8/arch/x86/mm/numa_32.c 2010-02-09 07:57:19.000000000 -0500
16610+++ linux-2.6.32.8/arch/x86/mm/numa_32.c 2010-02-13 21:45:09.957914582 -0500
16611@@ -98,7 +98,6 @@ unsigned long node_memmap_size_bytes(int
16612 }
16613 #endif
16614
16615-extern unsigned long find_max_low_pfn(void);
16616 extern unsigned long highend_pfn, highstart_pfn;
16617
16618 #define LARGE_PAGE_BYTES (PTRS_PER_PTE * PAGE_SIZE)
16619diff -urNp linux-2.6.32.8/arch/x86/mm/pageattr.c linux-2.6.32.8/arch/x86/mm/pageattr.c
16620--- linux-2.6.32.8/arch/x86/mm/pageattr.c 2010-02-09 07:57:19.000000000 -0500
16621+++ linux-2.6.32.8/arch/x86/mm/pageattr.c 2010-02-13 21:45:09.957914582 -0500
16622@@ -268,9 +268,10 @@ static inline pgprot_t static_protection
16623 * Does not cover __inittext since that is gone later on. On
16624 * 64bit we do not enforce !NX on the low mapping
16625 */
16626- if (within(address, (unsigned long)_text, (unsigned long)_etext))
16627+ if (within(address, ktla_ktva((unsigned long)_text), ktla_ktva((unsigned long)_etext)))
16628 pgprot_val(forbidden) |= _PAGE_NX;
16629
16630+#ifdef CONFIG_DEBUG_RODATA
16631 /*
16632 * The .rodata section needs to be read-only. Using the pfn
16633 * catches all aliases.
16634@@ -278,6 +279,7 @@ static inline pgprot_t static_protection
16635 if (within(pfn, __pa((unsigned long)__start_rodata) >> PAGE_SHIFT,
16636 __pa((unsigned long)__end_rodata) >> PAGE_SHIFT))
16637 pgprot_val(forbidden) |= _PAGE_RW;
16638+#endif
16639
16640 prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden));
16641
16642@@ -331,7 +333,10 @@ EXPORT_SYMBOL_GPL(lookup_address);
16643 static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte)
16644 {
16645 /* change init_mm */
16646+ pax_open_kernel();
16647 set_pte_atomic(kpte, pte);
16648+ pax_close_kernel();
16649+
16650 #ifdef CONFIG_X86_32
16651 if (!SHARED_KERNEL_PMD) {
16652 struct page *page;
16653diff -urNp linux-2.6.32.8/arch/x86/mm/pageattr-test.c linux-2.6.32.8/arch/x86/mm/pageattr-test.c
16654--- linux-2.6.32.8/arch/x86/mm/pageattr-test.c 2010-02-09 07:57:19.000000000 -0500
16655+++ linux-2.6.32.8/arch/x86/mm/pageattr-test.c 2010-02-13 21:45:09.958914748 -0500
16656@@ -36,7 +36,7 @@ enum {
16657
16658 static int pte_testbit(pte_t pte)
16659 {
16660- return pte_flags(pte) & _PAGE_UNUSED1;
16661+ return pte_flags(pte) & _PAGE_CPA_TEST;
16662 }
16663
16664 struct split_state {
16665diff -urNp linux-2.6.32.8/arch/x86/mm/pat.c linux-2.6.32.8/arch/x86/mm/pat.c
16666--- linux-2.6.32.8/arch/x86/mm/pat.c 2010-02-09 07:57:19.000000000 -0500
16667+++ linux-2.6.32.8/arch/x86/mm/pat.c 2010-02-13 21:45:09.958914748 -0500
16668@@ -258,7 +258,7 @@ chk_conflict(struct memtype *new, struct
16669
16670 conflict:
16671 printk(KERN_INFO "%s:%d conflicting memory types "
16672- "%Lx-%Lx %s<->%s\n", current->comm, current->pid, new->start,
16673+ "%Lx-%Lx %s<->%s\n", current->comm, task_pid_nr(current), new->start,
16674 new->end, cattr_name(new->type), cattr_name(entry->type));
16675 return -EBUSY;
16676 }
16677@@ -559,7 +559,7 @@ unlock_ret:
16678
16679 if (err) {
16680 printk(KERN_INFO "%s:%d freeing invalid memtype %Lx-%Lx\n",
16681- current->comm, current->pid, start, end);
16682+ current->comm, task_pid_nr(current), start, end);
16683 }
16684
16685 dprintk("free_memtype request 0x%Lx-0x%Lx\n", start, end);
16686@@ -755,7 +755,7 @@ int kernel_map_sync_memtype(u64 base, un
16687 printk(KERN_INFO
16688 "%s:%d ioremap_change_attr failed %s "
16689 "for %Lx-%Lx\n",
16690- current->comm, current->pid,
16691+ current->comm, task_pid_nr(current),
16692 cattr_name(flags),
16693 base, (unsigned long long)(base + size));
16694 return -EINVAL;
16695@@ -813,7 +813,7 @@ static int reserve_pfn_range(u64 paddr,
16696 free_memtype(paddr, paddr + size);
16697 printk(KERN_ERR "%s:%d map pfn expected mapping type %s"
16698 " for %Lx-%Lx, got %s\n",
16699- current->comm, current->pid,
16700+ current->comm, task_pid_nr(current),
16701 cattr_name(want_flags),
16702 (unsigned long long)paddr,
16703 (unsigned long long)(paddr + size),
16704diff -urNp linux-2.6.32.8/arch/x86/mm/pgtable_32.c linux-2.6.32.8/arch/x86/mm/pgtable_32.c
16705--- linux-2.6.32.8/arch/x86/mm/pgtable_32.c 2010-02-09 07:57:19.000000000 -0500
16706+++ linux-2.6.32.8/arch/x86/mm/pgtable_32.c 2010-02-13 21:45:09.958914748 -0500
16707@@ -49,10 +49,13 @@ void set_pte_vaddr(unsigned long vaddr,
16708 return;
16709 }
16710 pte = pte_offset_kernel(pmd, vaddr);
16711+
16712+ pax_open_kernel();
16713 if (pte_val(pteval))
16714 set_pte_at(&init_mm, vaddr, pte, pteval);
16715 else
16716 pte_clear(&init_mm, vaddr, pte);
16717+ pax_close_kernel();
16718
16719 /*
16720 * It's enough to flush this one mapping.
16721diff -urNp linux-2.6.32.8/arch/x86/mm/setup_nx.c linux-2.6.32.8/arch/x86/mm/setup_nx.c
16722--- linux-2.6.32.8/arch/x86/mm/setup_nx.c 2010-02-09 07:57:19.000000000 -0500
16723+++ linux-2.6.32.8/arch/x86/mm/setup_nx.c 2010-02-13 21:45:09.958914748 -0500
16724@@ -4,11 +4,10 @@
16725
16726 #include <asm/pgtable.h>
16727
16728+#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE)
16729 int nx_enabled;
16730
16731-#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
16732-static int disable_nx __cpuinitdata;
16733-
16734+#ifndef CONFIG_PAX_PAGEEXEC
16735 /*
16736 * noexec = on|off
16737 *
16738@@ -22,32 +21,26 @@ static int __init noexec_setup(char *str
16739 if (!str)
16740 return -EINVAL;
16741 if (!strncmp(str, "on", 2)) {
16742- __supported_pte_mask |= _PAGE_NX;
16743- disable_nx = 0;
16744+ nx_enabled = 1;
16745 } else if (!strncmp(str, "off", 3)) {
16746- disable_nx = 1;
16747- __supported_pte_mask &= ~_PAGE_NX;
16748+ nx_enabled = 0;
16749 }
16750 return 0;
16751 }
16752 early_param("noexec", noexec_setup);
16753 #endif
16754+#endif
16755
16756 #ifdef CONFIG_X86_PAE
16757 void __init set_nx(void)
16758 {
16759- unsigned int v[4], l, h;
16760+ if (!nx_enabled && cpu_has_nx) {
16761+ unsigned l, h;
16762
16763- if (cpu_has_pae && (cpuid_eax(0x80000000) > 0x80000001)) {
16764- cpuid(0x80000001, &v[0], &v[1], &v[2], &v[3]);
16765-
16766- if ((v[3] & (1 << 20)) && !disable_nx) {
16767- rdmsr(MSR_EFER, l, h);
16768- l |= EFER_NX;
16769- wrmsr(MSR_EFER, l, h);
16770- nx_enabled = 1;
16771- __supported_pte_mask |= _PAGE_NX;
16772- }
16773+ __supported_pte_mask &= ~_PAGE_NX;
16774+ rdmsr(MSR_EFER, l, h);
16775+ l &= ~EFER_NX;
16776+ wrmsr(MSR_EFER, l, h);
16777 }
16778 }
16779 #else
16780@@ -62,7 +55,7 @@ void __cpuinit check_efer(void)
16781 unsigned long efer;
16782
16783 rdmsrl(MSR_EFER, efer);
16784- if (!(efer & EFER_NX) || disable_nx)
16785+ if (!(efer & EFER_NX) || !nx_enabled)
16786 __supported_pte_mask &= ~_PAGE_NX;
16787 }
16788 #endif
16789diff -urNp linux-2.6.32.8/arch/x86/mm/tlb.c linux-2.6.32.8/arch/x86/mm/tlb.c
16790--- linux-2.6.32.8/arch/x86/mm/tlb.c 2010-02-09 07:57:19.000000000 -0500
16791+++ linux-2.6.32.8/arch/x86/mm/tlb.c 2010-02-13 21:45:09.958914748 -0500
16792@@ -12,7 +12,7 @@
16793 #include <asm/uv/uv.h>
16794
16795 DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate)
16796- = { &init_mm, 0, };
16797+ = { &init_mm, 0 };
16798
16799 /*
16800 * Smarter SMP flushing macros.
16801diff -urNp linux-2.6.32.8/arch/x86/oprofile/backtrace.c linux-2.6.32.8/arch/x86/oprofile/backtrace.c
16802--- linux-2.6.32.8/arch/x86/oprofile/backtrace.c 2010-02-09 07:57:19.000000000 -0500
16803+++ linux-2.6.32.8/arch/x86/oprofile/backtrace.c 2010-02-13 21:45:09.958914748 -0500
16804@@ -37,7 +37,7 @@ static void backtrace_address(void *data
16805 unsigned int *depth = data;
16806
16807 if ((*depth)--)
16808- oprofile_add_trace(addr);
16809+ oprofile_add_trace(ktla_ktva(addr));
16810 }
16811
16812 static struct stacktrace_ops backtrace_ops = {
16813@@ -57,7 +57,7 @@ static struct frame_head *dump_user_back
16814 struct frame_head bufhead[2];
16815
16816 /* Also check accessibility of one struct frame_head beyond */
16817- if (!access_ok(VERIFY_READ, head, sizeof(bufhead)))
16818+ if (!__access_ok(VERIFY_READ, head, sizeof(bufhead)))
16819 return NULL;
16820 if (__copy_from_user_inatomic(bufhead, head, sizeof(bufhead)))
16821 return NULL;
16822@@ -77,7 +77,7 @@ x86_backtrace(struct pt_regs * const reg
16823 {
16824 struct frame_head *head = (struct frame_head *)frame_pointer(regs);
16825
16826- if (!user_mode_vm(regs)) {
16827+ if (!user_mode(regs)) {
16828 unsigned long stack = kernel_stack_pointer(regs);
16829 if (depth)
16830 dump_trace(NULL, regs, (unsigned long *)stack, 0,
16831diff -urNp linux-2.6.32.8/arch/x86/oprofile/op_model_p4.c linux-2.6.32.8/arch/x86/oprofile/op_model_p4.c
16832--- linux-2.6.32.8/arch/x86/oprofile/op_model_p4.c 2010-02-09 07:57:19.000000000 -0500
16833+++ linux-2.6.32.8/arch/x86/oprofile/op_model_p4.c 2010-02-13 21:45:09.959928454 -0500
16834@@ -50,7 +50,7 @@ static inline void setup_num_counters(vo
16835 #endif
16836 }
16837
16838-static int inline addr_increment(void)
16839+static inline int addr_increment(void)
16840 {
16841 #ifdef CONFIG_SMP
16842 return smp_num_siblings == 2 ? 2 : 1;
16843diff -urNp linux-2.6.32.8/arch/x86/pci/common.c linux-2.6.32.8/arch/x86/pci/common.c
16844--- linux-2.6.32.8/arch/x86/pci/common.c 2010-02-09 07:57:19.000000000 -0500
16845+++ linux-2.6.32.8/arch/x86/pci/common.c 2010-02-13 21:45:09.959928454 -0500
16846@@ -31,8 +31,8 @@ int noioapicreroute = 1;
16847 int pcibios_last_bus = -1;
16848 unsigned long pirq_table_addr;
16849 struct pci_bus *pci_root_bus;
16850-struct pci_raw_ops *raw_pci_ops;
16851-struct pci_raw_ops *raw_pci_ext_ops;
16852+const struct pci_raw_ops *raw_pci_ops;
16853+const struct pci_raw_ops *raw_pci_ext_ops;
16854
16855 int raw_pci_read(unsigned int domain, unsigned int bus, unsigned int devfn,
16856 int reg, int len, u32 *val)
16857@@ -370,7 +370,7 @@ static const struct dmi_system_id __devi
16858 DMI_MATCH(DMI_PRODUCT_NAME, "ProLiant DL585 G2"),
16859 },
16860 },
16861- {}
16862+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
16863 };
16864
16865 void __init dmi_check_pciprobe(void)
16866diff -urNp linux-2.6.32.8/arch/x86/pci/direct.c linux-2.6.32.8/arch/x86/pci/direct.c
16867--- linux-2.6.32.8/arch/x86/pci/direct.c 2010-02-09 07:57:19.000000000 -0500
16868+++ linux-2.6.32.8/arch/x86/pci/direct.c 2010-02-13 21:45:09.959928454 -0500
16869@@ -79,7 +79,7 @@ static int pci_conf1_write(unsigned int
16870
16871 #undef PCI_CONF1_ADDRESS
16872
16873-struct pci_raw_ops pci_direct_conf1 = {
16874+const struct pci_raw_ops pci_direct_conf1 = {
16875 .read = pci_conf1_read,
16876 .write = pci_conf1_write,
16877 };
16878@@ -173,7 +173,7 @@ static int pci_conf2_write(unsigned int
16879
16880 #undef PCI_CONF2_ADDRESS
16881
16882-struct pci_raw_ops pci_direct_conf2 = {
16883+const struct pci_raw_ops pci_direct_conf2 = {
16884 .read = pci_conf2_read,
16885 .write = pci_conf2_write,
16886 };
16887@@ -189,7 +189,7 @@ struct pci_raw_ops pci_direct_conf2 = {
16888 * This should be close to trivial, but it isn't, because there are buggy
16889 * chipsets (yes, you guessed it, by Intel and Compaq) that have no class ID.
16890 */
16891-static int __init pci_sanity_check(struct pci_raw_ops *o)
16892+static int __init pci_sanity_check(const struct pci_raw_ops *o)
16893 {
16894 u32 x = 0;
16895 int year, devfn;
16896diff -urNp linux-2.6.32.8/arch/x86/pci/fixup.c linux-2.6.32.8/arch/x86/pci/fixup.c
16897--- linux-2.6.32.8/arch/x86/pci/fixup.c 2010-02-09 07:57:19.000000000 -0500
16898+++ linux-2.6.32.8/arch/x86/pci/fixup.c 2010-02-13 21:45:09.959928454 -0500
16899@@ -364,7 +364,7 @@ static const struct dmi_system_id __devi
16900 DMI_MATCH(DMI_PRODUCT_NAME, "MS-6702E"),
16901 },
16902 },
16903- {}
16904+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
16905 };
16906
16907 /*
16908@@ -435,7 +435,7 @@ static const struct dmi_system_id __devi
16909 DMI_MATCH(DMI_PRODUCT_VERSION, "PSA40U"),
16910 },
16911 },
16912- { }
16913+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
16914 };
16915
16916 static void __devinit pci_pre_fixup_toshiba_ohci1394(struct pci_dev *dev)
16917diff -urNp linux-2.6.32.8/arch/x86/pci/irq.c linux-2.6.32.8/arch/x86/pci/irq.c
16918--- linux-2.6.32.8/arch/x86/pci/irq.c 2010-02-09 07:57:19.000000000 -0500
16919+++ linux-2.6.32.8/arch/x86/pci/irq.c 2010-02-13 21:45:09.960963118 -0500
16920@@ -543,7 +543,7 @@ static __init int intel_router_probe(str
16921 static struct pci_device_id __initdata pirq_440gx[] = {
16922 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443GX_0) },
16923 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443GX_2) },
16924- { },
16925+ { PCI_DEVICE(0, 0) }
16926 };
16927
16928 /* 440GX has a proprietary PIRQ router -- don't use it */
16929@@ -1107,7 +1107,7 @@ static struct dmi_system_id __initdata p
16930 DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"),
16931 },
16932 },
16933- { }
16934+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
16935 };
16936
16937 int __init pcibios_irq_init(void)
16938diff -urNp linux-2.6.32.8/arch/x86/pci/mmconfig_32.c linux-2.6.32.8/arch/x86/pci/mmconfig_32.c
16939--- linux-2.6.32.8/arch/x86/pci/mmconfig_32.c 2010-02-09 07:57:19.000000000 -0500
16940+++ linux-2.6.32.8/arch/x86/pci/mmconfig_32.c 2010-02-13 21:45:09.960963118 -0500
16941@@ -125,7 +125,7 @@ static int pci_mmcfg_write(unsigned int
16942 return 0;
16943 }
16944
16945-static struct pci_raw_ops pci_mmcfg = {
16946+static const struct pci_raw_ops pci_mmcfg = {
16947 .read = pci_mmcfg_read,
16948 .write = pci_mmcfg_write,
16949 };
16950diff -urNp linux-2.6.32.8/arch/x86/pci/mmconfig_64.c linux-2.6.32.8/arch/x86/pci/mmconfig_64.c
16951--- linux-2.6.32.8/arch/x86/pci/mmconfig_64.c 2010-02-09 07:57:19.000000000 -0500
16952+++ linux-2.6.32.8/arch/x86/pci/mmconfig_64.c 2010-02-13 21:45:09.960963118 -0500
16953@@ -104,7 +104,7 @@ static int pci_mmcfg_write(unsigned int
16954 return 0;
16955 }
16956
16957-static struct pci_raw_ops pci_mmcfg = {
16958+static const struct pci_raw_ops pci_mmcfg = {
16959 .read = pci_mmcfg_read,
16960 .write = pci_mmcfg_write,
16961 };
16962diff -urNp linux-2.6.32.8/arch/x86/pci/numaq_32.c linux-2.6.32.8/arch/x86/pci/numaq_32.c
16963--- linux-2.6.32.8/arch/x86/pci/numaq_32.c 2010-02-09 07:57:19.000000000 -0500
16964+++ linux-2.6.32.8/arch/x86/pci/numaq_32.c 2010-02-13 21:45:09.960963118 -0500
16965@@ -112,7 +112,7 @@ static int pci_conf1_mq_write(unsigned i
16966
16967 #undef PCI_CONF1_MQ_ADDRESS
16968
16969-static struct pci_raw_ops pci_direct_conf1_mq = {
16970+static const struct pci_raw_ops pci_direct_conf1_mq = {
16971 .read = pci_conf1_mq_read,
16972 .write = pci_conf1_mq_write
16973 };
16974diff -urNp linux-2.6.32.8/arch/x86/pci/olpc.c linux-2.6.32.8/arch/x86/pci/olpc.c
16975--- linux-2.6.32.8/arch/x86/pci/olpc.c 2010-02-09 07:57:19.000000000 -0500
16976+++ linux-2.6.32.8/arch/x86/pci/olpc.c 2010-02-13 21:45:09.960963118 -0500
16977@@ -297,7 +297,7 @@ static int pci_olpc_write(unsigned int s
16978 return 0;
16979 }
16980
16981-static struct pci_raw_ops pci_olpc_conf = {
16982+static const struct pci_raw_ops pci_olpc_conf = {
16983 .read = pci_olpc_read,
16984 .write = pci_olpc_write,
16985 };
16986diff -urNp linux-2.6.32.8/arch/x86/pci/pcbios.c linux-2.6.32.8/arch/x86/pci/pcbios.c
16987--- linux-2.6.32.8/arch/x86/pci/pcbios.c 2010-02-09 07:57:19.000000000 -0500
16988+++ linux-2.6.32.8/arch/x86/pci/pcbios.c 2010-02-13 21:45:09.961955603 -0500
16989@@ -56,50 +56,93 @@ union bios32 {
16990 static struct {
16991 unsigned long address;
16992 unsigned short segment;
16993-} bios32_indirect = { 0, __KERNEL_CS };
16994+} bios32_indirect __read_only = { 0, __PCIBIOS_CS };
16995
16996 /*
16997 * Returns the entry point for the given service, NULL on error
16998 */
16999
17000-static unsigned long bios32_service(unsigned long service)
17001+static unsigned long __devinit bios32_service(unsigned long service)
17002 {
17003 unsigned char return_code; /* %al */
17004 unsigned long address; /* %ebx */
17005 unsigned long length; /* %ecx */
17006 unsigned long entry; /* %edx */
17007 unsigned long flags;
17008+ struct desc_struct d, *gdt;
17009
17010 local_irq_save(flags);
17011- __asm__("lcall *(%%edi); cld"
17012+
17013+ gdt = get_cpu_gdt_table(smp_processor_id());
17014+
17015+ pack_descriptor(&d, 0UL, 0xFFFFFUL, 0x9B, 0xC);
17016+ write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_CS, &d, DESCTYPE_S);
17017+ pack_descriptor(&d, 0UL, 0xFFFFFUL, 0x93, 0xC);
17018+ write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_DS, &d, DESCTYPE_S);
17019+
17020+ __asm__("movw %w7, %%ds; lcall *(%%edi); push %%ss; pop %%ds; cld"
17021 : "=a" (return_code),
17022 "=b" (address),
17023 "=c" (length),
17024 "=d" (entry)
17025 : "0" (service),
17026 "1" (0),
17027- "D" (&bios32_indirect));
17028+ "D" (&bios32_indirect),
17029+ "r"(__PCIBIOS_DS)
17030+ : "memory");
17031+
17032+ pax_open_kernel();
17033+ gdt[GDT_ENTRY_PCIBIOS_CS].a = 0;
17034+ gdt[GDT_ENTRY_PCIBIOS_CS].b = 0;
17035+ gdt[GDT_ENTRY_PCIBIOS_DS].a = 0;
17036+ gdt[GDT_ENTRY_PCIBIOS_DS].b = 0;
17037+ pax_close_kernel();
17038+
17039 local_irq_restore(flags);
17040
17041 switch (return_code) {
17042- case 0:
17043- return address + entry;
17044- case 0x80: /* Not present */
17045- printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service);
17046- return 0;
17047- default: /* Shouldn't happen */
17048- printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n",
17049- service, return_code);
17050+ case 0: {
17051+ int cpu;
17052+ unsigned char flags;
17053+
17054+ printk(KERN_INFO "bios32_service: base:%08lx length:%08lx entry:%08lx\n", address, length, entry);
17055+ if (address >= 0xFFFF0 || length > 0x100000 - address || length <= entry) {
17056+ printk(KERN_WARNING "bios32_service: not valid\n");
17057 return 0;
17058+ }
17059+ address = address + PAGE_OFFSET;
17060+ length += 16UL; /* some BIOSs underreport this... */
17061+ flags = 4;
17062+ if (length >= 64*1024*1024) {
17063+ length >>= PAGE_SHIFT;
17064+ flags |= 8;
17065+ }
17066+
17067+ for (cpu = 0; cpu < NR_CPUS; cpu++) {
17068+ gdt = get_cpu_gdt_table(cpu);
17069+ pack_descriptor(&d, address, length, 0x9b, flags);
17070+ write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_CS, &d, DESCTYPE_S);
17071+ pack_descriptor(&d, address, length, 0x93, flags);
17072+ write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_DS, &d, DESCTYPE_S);
17073+ }
17074+ return entry;
17075+ }
17076+ case 0x80: /* Not present */
17077+ printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service);
17078+ return 0;
17079+ default: /* Shouldn't happen */
17080+ printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n",
17081+ service, return_code);
17082+ return 0;
17083 }
17084 }
17085
17086 static struct {
17087 unsigned long address;
17088 unsigned short segment;
17089-} pci_indirect = { 0, __KERNEL_CS };
17090+} pci_indirect __read_only = { 0, __PCIBIOS_CS };
17091
17092-static int pci_bios_present;
17093+static int pci_bios_present __read_only;
17094
17095 static int __devinit check_pcibios(void)
17096 {
17097@@ -108,11 +151,13 @@ static int __devinit check_pcibios(void)
17098 unsigned long flags, pcibios_entry;
17099
17100 if ((pcibios_entry = bios32_service(PCI_SERVICE))) {
17101- pci_indirect.address = pcibios_entry + PAGE_OFFSET;
17102+ pci_indirect.address = pcibios_entry;
17103
17104 local_irq_save(flags);
17105- __asm__(
17106- "lcall *(%%edi); cld\n\t"
17107+ __asm__("movw %w6, %%ds\n\t"
17108+ "lcall *%%ss:(%%edi); cld\n\t"
17109+ "push %%ss\n\t"
17110+ "pop %%ds\n\t"
17111 "jc 1f\n\t"
17112 "xor %%ah, %%ah\n"
17113 "1:"
17114@@ -121,7 +166,8 @@ static int __devinit check_pcibios(void)
17115 "=b" (ebx),
17116 "=c" (ecx)
17117 : "1" (PCIBIOS_PCI_BIOS_PRESENT),
17118- "D" (&pci_indirect)
17119+ "D" (&pci_indirect),
17120+ "r" (__PCIBIOS_DS)
17121 : "memory");
17122 local_irq_restore(flags);
17123
17124@@ -165,7 +211,10 @@ static int pci_bios_read(unsigned int se
17125
17126 switch (len) {
17127 case 1:
17128- __asm__("lcall *(%%esi); cld\n\t"
17129+ __asm__("movw %w6, %%ds\n\t"
17130+ "lcall *%%ss:(%%esi); cld\n\t"
17131+ "push %%ss\n\t"
17132+ "pop %%ds\n\t"
17133 "jc 1f\n\t"
17134 "xor %%ah, %%ah\n"
17135 "1:"
17136@@ -174,7 +223,8 @@ static int pci_bios_read(unsigned int se
17137 : "1" (PCIBIOS_READ_CONFIG_BYTE),
17138 "b" (bx),
17139 "D" ((long)reg),
17140- "S" (&pci_indirect));
17141+ "S" (&pci_indirect),
17142+ "r" (__PCIBIOS_DS));
17143 /*
17144 * Zero-extend the result beyond 8 bits, do not trust the
17145 * BIOS having done it:
17146@@ -182,7 +232,10 @@ static int pci_bios_read(unsigned int se
17147 *value &= 0xff;
17148 break;
17149 case 2:
17150- __asm__("lcall *(%%esi); cld\n\t"
17151+ __asm__("movw %w6, %%ds\n\t"
17152+ "lcall *%%ss:(%%esi); cld\n\t"
17153+ "push %%ss\n\t"
17154+ "pop %%ds\n\t"
17155 "jc 1f\n\t"
17156 "xor %%ah, %%ah\n"
17157 "1:"
17158@@ -191,7 +244,8 @@ static int pci_bios_read(unsigned int se
17159 : "1" (PCIBIOS_READ_CONFIG_WORD),
17160 "b" (bx),
17161 "D" ((long)reg),
17162- "S" (&pci_indirect));
17163+ "S" (&pci_indirect),
17164+ "r" (__PCIBIOS_DS));
17165 /*
17166 * Zero-extend the result beyond 16 bits, do not trust the
17167 * BIOS having done it:
17168@@ -199,7 +253,10 @@ static int pci_bios_read(unsigned int se
17169 *value &= 0xffff;
17170 break;
17171 case 4:
17172- __asm__("lcall *(%%esi); cld\n\t"
17173+ __asm__("movw %w6, %%ds\n\t"
17174+ "lcall *%%ss:(%%esi); cld\n\t"
17175+ "push %%ss\n\t"
17176+ "pop %%ds\n\t"
17177 "jc 1f\n\t"
17178 "xor %%ah, %%ah\n"
17179 "1:"
17180@@ -208,7 +265,8 @@ static int pci_bios_read(unsigned int se
17181 : "1" (PCIBIOS_READ_CONFIG_DWORD),
17182 "b" (bx),
17183 "D" ((long)reg),
17184- "S" (&pci_indirect));
17185+ "S" (&pci_indirect),
17186+ "r" (__PCIBIOS_DS));
17187 break;
17188 }
17189
17190@@ -231,7 +289,10 @@ static int pci_bios_write(unsigned int s
17191
17192 switch (len) {
17193 case 1:
17194- __asm__("lcall *(%%esi); cld\n\t"
17195+ __asm__("movw %w6, %%ds\n\t"
17196+ "lcall *%%ss:(%%esi); cld\n\t"
17197+ "push %%ss\n\t"
17198+ "pop %%ds\n\t"
17199 "jc 1f\n\t"
17200 "xor %%ah, %%ah\n"
17201 "1:"
17202@@ -240,10 +301,14 @@ static int pci_bios_write(unsigned int s
17203 "c" (value),
17204 "b" (bx),
17205 "D" ((long)reg),
17206- "S" (&pci_indirect));
17207+ "S" (&pci_indirect),
17208+ "r" (__PCIBIOS_DS));
17209 break;
17210 case 2:
17211- __asm__("lcall *(%%esi); cld\n\t"
17212+ __asm__("movw %w6, %%ds\n\t"
17213+ "lcall *%%ss:(%%esi); cld\n\t"
17214+ "push %%ss\n\t"
17215+ "pop %%ds\n\t"
17216 "jc 1f\n\t"
17217 "xor %%ah, %%ah\n"
17218 "1:"
17219@@ -252,10 +317,14 @@ static int pci_bios_write(unsigned int s
17220 "c" (value),
17221 "b" (bx),
17222 "D" ((long)reg),
17223- "S" (&pci_indirect));
17224+ "S" (&pci_indirect),
17225+ "r" (__PCIBIOS_DS));
17226 break;
17227 case 4:
17228- __asm__("lcall *(%%esi); cld\n\t"
17229+ __asm__("movw %w6, %%ds\n\t"
17230+ "lcall *%%ss:(%%esi); cld\n\t"
17231+ "push %%ss\n\t"
17232+ "pop %%ds\n\t"
17233 "jc 1f\n\t"
17234 "xor %%ah, %%ah\n"
17235 "1:"
17236@@ -264,7 +333,8 @@ static int pci_bios_write(unsigned int s
17237 "c" (value),
17238 "b" (bx),
17239 "D" ((long)reg),
17240- "S" (&pci_indirect));
17241+ "S" (&pci_indirect),
17242+ "r" (__PCIBIOS_DS));
17243 break;
17244 }
17245
17246@@ -278,7 +348,7 @@ static int pci_bios_write(unsigned int s
17247 * Function table for BIOS32 access
17248 */
17249
17250-static struct pci_raw_ops pci_bios_access = {
17251+static const struct pci_raw_ops pci_bios_access = {
17252 .read = pci_bios_read,
17253 .write = pci_bios_write
17254 };
17255@@ -287,7 +357,7 @@ static struct pci_raw_ops pci_bios_acces
17256 * Try to find PCI BIOS.
17257 */
17258
17259-static struct pci_raw_ops * __devinit pci_find_bios(void)
17260+static const struct pci_raw_ops * __devinit pci_find_bios(void)
17261 {
17262 union bios32 *check;
17263 unsigned char sum;
17264@@ -368,10 +438,13 @@ struct irq_routing_table * pcibios_get_i
17265
17266 DBG("PCI: Fetching IRQ routing table... ");
17267 __asm__("push %%es\n\t"
17268+ "movw %w8, %%ds\n\t"
17269 "push %%ds\n\t"
17270 "pop %%es\n\t"
17271- "lcall *(%%esi); cld\n\t"
17272+ "lcall *%%ss:(%%esi); cld\n\t"
17273 "pop %%es\n\t"
17274+ "push %%ss\n\t"
17275+ "pop %%ds\n"
17276 "jc 1f\n\t"
17277 "xor %%ah, %%ah\n"
17278 "1:"
17279@@ -382,7 +455,8 @@ struct irq_routing_table * pcibios_get_i
17280 "1" (0),
17281 "D" ((long) &opt),
17282 "S" (&pci_indirect),
17283- "m" (opt)
17284+ "m" (opt),
17285+ "r" (__PCIBIOS_DS)
17286 : "memory");
17287 DBG("OK ret=%d, size=%d, map=%x\n", ret, opt.size, map);
17288 if (ret & 0xff00)
17289@@ -406,7 +480,10 @@ int pcibios_set_irq_routing(struct pci_d
17290 {
17291 int ret;
17292
17293- __asm__("lcall *(%%esi); cld\n\t"
17294+ __asm__("movw %w5, %%ds\n\t"
17295+ "lcall *%%ss:(%%esi); cld\n\t"
17296+ "push %%ss\n\t"
17297+ "pop %%ds\n"
17298 "jc 1f\n\t"
17299 "xor %%ah, %%ah\n"
17300 "1:"
17301@@ -414,7 +491,8 @@ int pcibios_set_irq_routing(struct pci_d
17302 : "0" (PCIBIOS_SET_PCI_HW_INT),
17303 "b" ((dev->bus->number << 8) | dev->devfn),
17304 "c" ((irq << 8) | (pin + 10)),
17305- "S" (&pci_indirect));
17306+ "S" (&pci_indirect),
17307+ "r" (__PCIBIOS_DS));
17308 return !(ret & 0xff00);
17309 }
17310 EXPORT_SYMBOL(pcibios_set_irq_routing);
17311diff -urNp linux-2.6.32.8/arch/x86/power/cpu.c linux-2.6.32.8/arch/x86/power/cpu.c
17312--- linux-2.6.32.8/arch/x86/power/cpu.c 2010-02-09 07:57:19.000000000 -0500
17313+++ linux-2.6.32.8/arch/x86/power/cpu.c 2010-02-13 21:45:09.961955603 -0500
17314@@ -126,7 +126,7 @@ static void do_fpu_end(void)
17315 static void fix_processor_context(void)
17316 {
17317 int cpu = smp_processor_id();
17318- struct tss_struct *t = &per_cpu(init_tss, cpu);
17319+ struct tss_struct *t = init_tss + cpu;
17320
17321 set_tss_desc(cpu, t); /*
17322 * This just modifies memory; should not be
17323@@ -136,7 +136,9 @@ static void fix_processor_context(void)
17324 */
17325
17326 #ifdef CONFIG_X86_64
17327+ pax_open_kernel();
17328 get_cpu_gdt_table(cpu)[GDT_ENTRY_TSS].type = 9;
17329+ pax_close_kernel();
17330
17331 syscall_init(); /* This sets MSR_*STAR and related */
17332 #endif
17333diff -urNp linux-2.6.32.8/arch/x86/vdso/Makefile linux-2.6.32.8/arch/x86/vdso/Makefile
17334--- linux-2.6.32.8/arch/x86/vdso/Makefile 2010-02-09 07:57:19.000000000 -0500
17335+++ linux-2.6.32.8/arch/x86/vdso/Makefile 2010-02-13 21:45:09.961955603 -0500
17336@@ -122,7 +122,7 @@ quiet_cmd_vdso = VDSO $@
17337 $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \
17338 -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^)
17339
17340-VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv)
17341+VDSO_LDFLAGS = -fPIC -shared --no-undefined $(call cc-ldoption, -Wl$(comma)--hash-style=sysv)
17342 GCOV_PROFILE := n
17343
17344 #
17345diff -urNp linux-2.6.32.8/arch/x86/vdso/vclock_gettime.c linux-2.6.32.8/arch/x86/vdso/vclock_gettime.c
17346--- linux-2.6.32.8/arch/x86/vdso/vclock_gettime.c 2010-02-09 07:57:19.000000000 -0500
17347+++ linux-2.6.32.8/arch/x86/vdso/vclock_gettime.c 2010-02-13 21:45:09.961955603 -0500
17348@@ -22,24 +22,48 @@
17349 #include <asm/hpet.h>
17350 #include <asm/unistd.h>
17351 #include <asm/io.h>
17352+#include <asm/fixmap.h>
17353 #include "vextern.h"
17354
17355 #define gtod vdso_vsyscall_gtod_data
17356
17357+notrace noinline long __vdso_fallback_time(long *t)
17358+{
17359+ long secs;
17360+ asm volatile("syscall"
17361+ : "=a" (secs)
17362+ : "0" (__NR_time),"D" (t) : "r11", "cx", "memory");
17363+ return secs;
17364+}
17365+
17366 notrace static long vdso_fallback_gettime(long clock, struct timespec *ts)
17367 {
17368 long ret;
17369 asm("syscall" : "=a" (ret) :
17370- "0" (__NR_clock_gettime),"D" (clock), "S" (ts) : "memory");
17371+ "0" (__NR_clock_gettime),"D" (clock), "S" (ts) : "r11", "cx", "memory");
17372 return ret;
17373 }
17374
17375+notrace static inline cycle_t __vdso_vread_hpet(void)
17376+{
17377+ return readl((const void __iomem *)fix_to_virt(VSYSCALL_HPET) + 0xf0);
17378+}
17379+
17380+notrace static inline cycle_t __vdso_vread_tsc(void)
17381+{
17382+ cycle_t ret = (cycle_t)vget_cycles();
17383+
17384+ return ret >= gtod->clock.cycle_last ? ret : gtod->clock.cycle_last;
17385+}
17386+
17387 notrace static inline long vgetns(void)
17388 {
17389 long v;
17390- cycles_t (*vread)(void);
17391- vread = gtod->clock.vread;
17392- v = (vread() - gtod->clock.cycle_last) & gtod->clock.mask;
17393+ if (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3])
17394+ v = __vdso_vread_tsc();
17395+ else
17396+ v = __vdso_vread_hpet();
17397+ v = (v - gtod->clock.cycle_last) & gtod->clock.mask;
17398 return (v * gtod->clock.mult) >> gtod->clock.shift;
17399 }
17400
17401@@ -113,7 +137,9 @@ notrace static noinline int do_monotonic
17402
17403 notrace int __vdso_clock_gettime(clockid_t clock, struct timespec *ts)
17404 {
17405- if (likely(gtod->sysctl_enabled))
17406+ if (likely(gtod->sysctl_enabled &&
17407+ ((gtod->clock.name[0] == 'h' && gtod->clock.name[1] == 'p' && gtod->clock.name[2] == 'e' && gtod->clock.name[3] == 't' && !gtod->clock.name[4]) ||
17408+ (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3]))))
17409 switch (clock) {
17410 case CLOCK_REALTIME:
17411 if (likely(gtod->clock.vread))
17412@@ -133,10 +159,20 @@ notrace int __vdso_clock_gettime(clockid
17413 int clock_gettime(clockid_t, struct timespec *)
17414 __attribute__((weak, alias("__vdso_clock_gettime")));
17415
17416-notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz)
17417+notrace noinline int __vdso_fallback_gettimeofday(struct timeval *tv, struct timezone *tz)
17418 {
17419 long ret;
17420- if (likely(gtod->sysctl_enabled && gtod->clock.vread)) {
17421+ asm("syscall" : "=a" (ret) :
17422+ "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "r11", "cx", "memory");
17423+ return ret;
17424+}
17425+
17426+notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz)
17427+{
17428+ if (likely(gtod->sysctl_enabled &&
17429+ ((gtod->clock.name[0] == 'h' && gtod->clock.name[1] == 'p' && gtod->clock.name[2] == 'e' && gtod->clock.name[3] == 't' && !gtod->clock.name[4]) ||
17430+ (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3]))))
17431+ {
17432 if (likely(tv != NULL)) {
17433 BUILD_BUG_ON(offsetof(struct timeval, tv_usec) !=
17434 offsetof(struct timespec, tv_nsec) ||
17435@@ -151,9 +187,7 @@ notrace int __vdso_gettimeofday(struct t
17436 }
17437 return 0;
17438 }
17439- asm("syscall" : "=a" (ret) :
17440- "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "memory");
17441- return ret;
17442+ return __vdso_fallback_gettimeofday(tv, tz);
17443 }
17444 int gettimeofday(struct timeval *, struct timezone *)
17445 __attribute__((weak, alias("__vdso_gettimeofday")));
17446diff -urNp linux-2.6.32.8/arch/x86/vdso/vdso32-setup.c linux-2.6.32.8/arch/x86/vdso/vdso32-setup.c
17447--- linux-2.6.32.8/arch/x86/vdso/vdso32-setup.c 2010-02-09 07:57:19.000000000 -0500
17448+++ linux-2.6.32.8/arch/x86/vdso/vdso32-setup.c 2010-02-13 21:45:09.962950495 -0500
17449@@ -25,6 +25,7 @@
17450 #include <asm/tlbflush.h>
17451 #include <asm/vdso.h>
17452 #include <asm/proto.h>
17453+#include <asm/mman.h>
17454
17455 enum {
17456 VDSO_DISABLED = 0,
17457@@ -226,7 +227,7 @@ static inline void map_compat_vdso(int m
17458 void enable_sep_cpu(void)
17459 {
17460 int cpu = get_cpu();
17461- struct tss_struct *tss = &per_cpu(init_tss, cpu);
17462+ struct tss_struct *tss = init_tss + cpu;
17463
17464 if (!boot_cpu_has(X86_FEATURE_SEP)) {
17465 put_cpu();
17466@@ -249,7 +250,7 @@ static int __init gate_vma_init(void)
17467 gate_vma.vm_start = FIXADDR_USER_START;
17468 gate_vma.vm_end = FIXADDR_USER_END;
17469 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
17470- gate_vma.vm_page_prot = __P101;
17471+ gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
17472 /*
17473 * Make sure the vDSO gets into every core dump.
17474 * Dumping its contents makes post-mortem fully interpretable later
17475@@ -331,14 +332,14 @@ int arch_setup_additional_pages(struct l
17476 if (compat)
17477 addr = VDSO_HIGH_BASE;
17478 else {
17479- addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0);
17480+ addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, MAP_EXECUTABLE);
17481 if (IS_ERR_VALUE(addr)) {
17482 ret = addr;
17483 goto up_fail;
17484 }
17485 }
17486
17487- current->mm->context.vdso = (void *)addr;
17488+ current->mm->context.vdso = addr;
17489
17490 if (compat_uses_vma || !compat) {
17491 /*
17492@@ -361,11 +362,11 @@ int arch_setup_additional_pages(struct l
17493 }
17494
17495 current_thread_info()->sysenter_return =
17496- VDSO32_SYMBOL(addr, SYSENTER_RETURN);
17497+ (__force void __user *)VDSO32_SYMBOL(addr, SYSENTER_RETURN);
17498
17499 up_fail:
17500 if (ret)
17501- current->mm->context.vdso = NULL;
17502+ current->mm->context.vdso = 0;
17503
17504 up_write(&mm->mmap_sem);
17505
17506@@ -388,7 +389,7 @@ static ctl_table abi_table2[] = {
17507 .mode = 0644,
17508 .proc_handler = proc_dointvec
17509 },
17510- {}
17511+ { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
17512 };
17513
17514 static ctl_table abi_root_table2[] = {
17515@@ -398,7 +399,7 @@ static ctl_table abi_root_table2[] = {
17516 .mode = 0555,
17517 .child = abi_table2
17518 },
17519- {}
17520+ { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
17521 };
17522
17523 static __init int ia32_binfmt_init(void)
17524@@ -413,8 +414,14 @@ __initcall(ia32_binfmt_init);
17525
17526 const char *arch_vma_name(struct vm_area_struct *vma)
17527 {
17528- if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso)
17529+ if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso)
17530 return "[vdso]";
17531+
17532+#ifdef CONFIG_PAX_SEGMEXEC
17533+ if (vma->vm_mm && vma->vm_mirror && vma->vm_mirror->vm_start == vma->vm_mm->context.vdso)
17534+ return "[vdso]";
17535+#endif
17536+
17537 return NULL;
17538 }
17539
17540@@ -423,7 +430,7 @@ struct vm_area_struct *get_gate_vma(stru
17541 struct mm_struct *mm = tsk->mm;
17542
17543 /* Check to see if this task was created in compat vdso mode */
17544- if (mm && mm->context.vdso == (void *)VDSO_HIGH_BASE)
17545+ if (mm && mm->context.vdso == VDSO_HIGH_BASE)
17546 return &gate_vma;
17547 return NULL;
17548 }
17549diff -urNp linux-2.6.32.8/arch/x86/vdso/vdso.lds.S linux-2.6.32.8/arch/x86/vdso/vdso.lds.S
17550--- linux-2.6.32.8/arch/x86/vdso/vdso.lds.S 2010-02-09 07:57:19.000000000 -0500
17551+++ linux-2.6.32.8/arch/x86/vdso/vdso.lds.S 2010-02-13 21:45:09.962950495 -0500
17552@@ -35,3 +35,9 @@ VDSO64_PRELINK = VDSO_PRELINK;
17553 #define VEXTERN(x) VDSO64_ ## x = vdso_ ## x;
17554 #include "vextern.h"
17555 #undef VEXTERN
17556+
17557+#define VEXTERN(x) VDSO64_ ## x = __vdso_ ## x;
17558+VEXTERN(fallback_gettimeofday)
17559+VEXTERN(fallback_time)
17560+VEXTERN(getcpu)
17561+#undef VEXTERN
17562diff -urNp linux-2.6.32.8/arch/x86/vdso/vextern.h linux-2.6.32.8/arch/x86/vdso/vextern.h
17563--- linux-2.6.32.8/arch/x86/vdso/vextern.h 2010-02-09 07:57:19.000000000 -0500
17564+++ linux-2.6.32.8/arch/x86/vdso/vextern.h 2010-02-13 21:45:09.962950495 -0500
17565@@ -11,6 +11,5 @@
17566 put into vextern.h and be referenced as a pointer with vdso prefix.
17567 The main kernel later fills in the values. */
17568
17569-VEXTERN(jiffies)
17570 VEXTERN(vgetcpu_mode)
17571 VEXTERN(vsyscall_gtod_data)
17572diff -urNp linux-2.6.32.8/arch/x86/vdso/vma.c linux-2.6.32.8/arch/x86/vdso/vma.c
17573--- linux-2.6.32.8/arch/x86/vdso/vma.c 2010-02-09 07:57:19.000000000 -0500
17574+++ linux-2.6.32.8/arch/x86/vdso/vma.c 2010-02-13 21:45:09.962950495 -0500
17575@@ -57,7 +57,7 @@ static int __init init_vdso_vars(void)
17576 if (!vbase)
17577 goto oom;
17578
17579- if (memcmp(vbase, "\177ELF", 4)) {
17580+ if (memcmp(vbase, ELFMAG, SELFMAG)) {
17581 printk("VDSO: I'm broken; not ELF\n");
17582 vdso_enabled = 0;
17583 }
17584@@ -66,6 +66,7 @@ static int __init init_vdso_vars(void)
17585 *(typeof(__ ## x) **) var_ref(VDSO64_SYMBOL(vbase, x), #x) = &__ ## x;
17586 #include "vextern.h"
17587 #undef VEXTERN
17588+ vunmap(vbase);
17589 return 0;
17590
17591 oom:
17592@@ -116,7 +117,7 @@ int arch_setup_additional_pages(struct l
17593 goto up_fail;
17594 }
17595
17596- current->mm->context.vdso = (void *)addr;
17597+ current->mm->context.vdso = addr;
17598
17599 ret = install_special_mapping(mm, addr, vdso_size,
17600 VM_READ|VM_EXEC|
17601@@ -124,7 +125,7 @@ int arch_setup_additional_pages(struct l
17602 VM_ALWAYSDUMP,
17603 vdso_pages);
17604 if (ret) {
17605- current->mm->context.vdso = NULL;
17606+ current->mm->context.vdso = 0;
17607 goto up_fail;
17608 }
17609
17610@@ -132,10 +133,3 @@ up_fail:
17611 up_write(&mm->mmap_sem);
17612 return ret;
17613 }
17614-
17615-static __init int vdso_setup(char *s)
17616-{
17617- vdso_enabled = simple_strtoul(s, NULL, 0);
17618- return 0;
17619-}
17620-__setup("vdso=", vdso_setup);
17621diff -urNp linux-2.6.32.8/arch/x86/xen/enlighten.c linux-2.6.32.8/arch/x86/xen/enlighten.c
17622--- linux-2.6.32.8/arch/x86/xen/enlighten.c 2010-02-09 07:57:19.000000000 -0500
17623+++ linux-2.6.32.8/arch/x86/xen/enlighten.c 2010-02-13 21:45:09.963763375 -0500
17624@@ -70,8 +70,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
17625
17626 struct shared_info xen_dummy_shared_info;
17627
17628-void *xen_initial_gdt;
17629-
17630 /*
17631 * Point at some empty memory to start with. We map the real shared_info
17632 * page as soon as fixmap is up and running.
17633@@ -547,7 +545,7 @@ static void xen_write_idt_entry(gate_des
17634
17635 preempt_disable();
17636
17637- start = __get_cpu_var(idt_desc).address;
17638+ start = (unsigned long)__get_cpu_var(idt_desc).address;
17639 end = start + __get_cpu_var(idt_desc).size + 1;
17640
17641 xen_mc_flush();
17642@@ -1126,13 +1124,6 @@ asmlinkage void __init xen_start_kernel(
17643
17644 machine_ops = xen_machine_ops;
17645
17646- /*
17647- * The only reliable way to retain the initial address of the
17648- * percpu gdt_page is to remember it here, so we can go and
17649- * mark it RW later, when the initial percpu area is freed.
17650- */
17651- xen_initial_gdt = &per_cpu(gdt_page, 0);
17652-
17653 xen_smp_init();
17654
17655 pgd = (pgd_t *)xen_start_info->pt_base;
17656diff -urNp linux-2.6.32.8/arch/x86/xen/mmu.c linux-2.6.32.8/arch/x86/xen/mmu.c
17657--- linux-2.6.32.8/arch/x86/xen/mmu.c 2010-02-09 07:57:19.000000000 -0500
17658+++ linux-2.6.32.8/arch/x86/xen/mmu.c 2010-02-13 21:45:09.963763375 -0500
17659@@ -1710,6 +1710,8 @@ __init pgd_t *xen_setup_kernel_pagetable
17660 convert_pfn_mfn(init_level4_pgt);
17661 convert_pfn_mfn(level3_ident_pgt);
17662 convert_pfn_mfn(level3_kernel_pgt);
17663+ convert_pfn_mfn(level3_vmalloc_pgt);
17664+ convert_pfn_mfn(level3_vmemmap_pgt);
17665
17666 l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd);
17667 l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud);
17668@@ -1728,7 +1730,10 @@ __init pgd_t *xen_setup_kernel_pagetable
17669 set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
17670 set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
17671 set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
17672+ set_page_prot(level3_vmalloc_pgt, PAGE_KERNEL_RO);
17673+ set_page_prot(level3_vmemmap_pgt, PAGE_KERNEL_RO);
17674 set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO);
17675+ set_page_prot(level2_vmemmap_pgt, PAGE_KERNEL_RO);
17676 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
17677 set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
17678
17679diff -urNp linux-2.6.32.8/arch/x86/xen/smp.c linux-2.6.32.8/arch/x86/xen/smp.c
17680--- linux-2.6.32.8/arch/x86/xen/smp.c 2010-02-09 07:57:19.000000000 -0500
17681+++ linux-2.6.32.8/arch/x86/xen/smp.c 2010-02-13 21:45:09.963763375 -0500
17682@@ -167,11 +167,6 @@ static void __init xen_smp_prepare_boot_
17683 {
17684 BUG_ON(smp_processor_id() != 0);
17685 native_smp_prepare_boot_cpu();
17686-
17687- /* We've switched to the "real" per-cpu gdt, so make sure the
17688- old memory can be recycled */
17689- make_lowmem_page_readwrite(xen_initial_gdt);
17690-
17691 xen_setup_vcpu_info_placement();
17692 }
17693
17694@@ -231,8 +226,8 @@ cpu_initialize_context(unsigned int cpu,
17695 gdt = get_cpu_gdt_table(cpu);
17696
17697 ctxt->flags = VGCF_IN_KERNEL;
17698- ctxt->user_regs.ds = __USER_DS;
17699- ctxt->user_regs.es = __USER_DS;
17700+ ctxt->user_regs.ds = __KERNEL_DS;
17701+ ctxt->user_regs.es = __KERNEL_DS;
17702 ctxt->user_regs.ss = __KERNEL_DS;
17703 #ifdef CONFIG_X86_32
17704 ctxt->user_regs.fs = __KERNEL_PERCPU;
17705diff -urNp linux-2.6.32.8/arch/x86/xen/xen-ops.h linux-2.6.32.8/arch/x86/xen/xen-ops.h
17706--- linux-2.6.32.8/arch/x86/xen/xen-ops.h 2010-02-09 07:57:19.000000000 -0500
17707+++ linux-2.6.32.8/arch/x86/xen/xen-ops.h 2010-02-13 21:45:09.963763375 -0500
17708@@ -10,8 +10,6 @@
17709 extern const char xen_hypervisor_callback[];
17710 extern const char xen_failsafe_callback[];
17711
17712-extern void *xen_initial_gdt;
17713-
17714 struct trap_info;
17715 void xen_copy_trap_info(struct trap_info *traps);
17716
17717diff -urNp linux-2.6.32.8/block/blk-integrity.c linux-2.6.32.8/block/blk-integrity.c
17718--- linux-2.6.32.8/block/blk-integrity.c 2010-02-09 07:57:19.000000000 -0500
17719+++ linux-2.6.32.8/block/blk-integrity.c 2010-02-13 21:45:09.964626281 -0500
17720@@ -278,7 +278,7 @@ static struct attribute *integrity_attrs
17721 NULL,
17722 };
17723
17724-static struct sysfs_ops integrity_ops = {
17725+static const struct sysfs_ops integrity_ops = {
17726 .show = &integrity_attr_show,
17727 .store = &integrity_attr_store,
17728 };
17729diff -urNp linux-2.6.32.8/block/blk-map.c linux-2.6.32.8/block/blk-map.c
17730--- linux-2.6.32.8/block/blk-map.c 2010-02-09 07:57:19.000000000 -0500
17731+++ linux-2.6.32.8/block/blk-map.c 2010-02-13 21:45:09.964626281 -0500
17732@@ -54,7 +54,7 @@ static int __blk_rq_map_user(struct requ
17733 * direct dma. else, set up kernel bounce buffers
17734 */
17735 uaddr = (unsigned long) ubuf;
17736- if (blk_rq_aligned(q, ubuf, len) && !map_data)
17737+ if (blk_rq_aligned(q, (__force void *)ubuf, len) && !map_data)
17738 bio = bio_map_user(q, NULL, uaddr, len, reading, gfp_mask);
17739 else
17740 bio = bio_copy_user(q, map_data, uaddr, len, reading, gfp_mask);
17741@@ -297,7 +297,7 @@ int blk_rq_map_kern(struct request_queue
17742 if (!len || !kbuf)
17743 return -EINVAL;
17744
17745- do_copy = !blk_rq_aligned(q, kbuf, len) || object_is_on_stack(kbuf);
17746+ do_copy = !blk_rq_aligned(q, kbuf, len) || object_starts_on_stack(kbuf);
17747 if (do_copy)
17748 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading);
17749 else
17750diff -urNp linux-2.6.32.8/block/blk-sysfs.c linux-2.6.32.8/block/blk-sysfs.c
17751--- linux-2.6.32.8/block/blk-sysfs.c 2010-02-09 07:57:19.000000000 -0500
17752+++ linux-2.6.32.8/block/blk-sysfs.c 2010-02-13 21:45:09.964626281 -0500
17753@@ -414,7 +414,7 @@ static void blk_release_queue(struct kob
17754 kmem_cache_free(blk_requestq_cachep, q);
17755 }
17756
17757-static struct sysfs_ops queue_sysfs_ops = {
17758+static const struct sysfs_ops queue_sysfs_ops = {
17759 .show = queue_attr_show,
17760 .store = queue_attr_store,
17761 };
17762diff -urNp linux-2.6.32.8/block/elevator.c linux-2.6.32.8/block/elevator.c
17763--- linux-2.6.32.8/block/elevator.c 2010-02-09 07:57:19.000000000 -0500
17764+++ linux-2.6.32.8/block/elevator.c 2010-02-13 21:45:09.964626281 -0500
17765@@ -889,7 +889,7 @@ elv_attr_store(struct kobject *kobj, str
17766 return error;
17767 }
17768
17769-static struct sysfs_ops elv_sysfs_ops = {
17770+static const struct sysfs_ops elv_sysfs_ops = {
17771 .show = elv_attr_show,
17772 .store = elv_attr_store,
17773 };
17774diff -urNp linux-2.6.32.8/crypto/lrw.c linux-2.6.32.8/crypto/lrw.c
17775--- linux-2.6.32.8/crypto/lrw.c 2010-02-09 07:57:19.000000000 -0500
17776+++ linux-2.6.32.8/crypto/lrw.c 2010-02-13 21:45:09.964626281 -0500
17777@@ -60,7 +60,7 @@ static int setkey(struct crypto_tfm *par
17778 struct priv *ctx = crypto_tfm_ctx(parent);
17779 struct crypto_cipher *child = ctx->child;
17780 int err, i;
17781- be128 tmp = { 0 };
17782+ be128 tmp = { 0, 0 };
17783 int bsize = crypto_cipher_blocksize(child);
17784
17785 crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
17786diff -urNp linux-2.6.32.8/Documentation/dontdiff linux-2.6.32.8/Documentation/dontdiff
17787--- linux-2.6.32.8/Documentation/dontdiff 2010-02-09 07:57:19.000000000 -0500
17788+++ linux-2.6.32.8/Documentation/dontdiff 2010-02-13 21:45:09.964626281 -0500
17789@@ -3,6 +3,7 @@
17790 *.bin
17791 *.cpio
17792 *.csp
17793+*.dbg
17794 *.dsp
17795 *.dvi
17796 *.elf
17797@@ -40,6 +41,7 @@
17798 *.ver
17799 *.xml
17800 *_MODULES
17801+*_reg_safe.h
17802 *_vga16.c
17803 *~
17804 *.9
17805@@ -49,11 +51,16 @@
17806 53c700_d.h
17807 CVS
17808 ChangeSet
17809+GPATH
17810+GRTAGS
17811+GSYMS
17812+GTAGS
17813 Image
17814 Kerntypes
17815 Module.markers
17816 Module.symvers
17817 PENDING
17818+PERF*
17819 SCCS
17820 System.map*
17821 TAGS
17822@@ -76,7 +83,9 @@ btfixupprep
17823 build
17824 bvmlinux
17825 bzImage*
17826+capflags.c
17827 classlist.h*
17828+common-cmds.h
17829 comp*.log
17830 compile.h*
17831 conf
17832@@ -103,13 +112,14 @@ gen_crc32table
17833 gen_init_cpio
17834 genksyms
17835 *_gray256.c
17836+hash
17837 ihex2fw
17838 ikconfig.h*
17839 initramfs_data.cpio
17840+initramfs_data.cpio.bz2
17841 initramfs_data.cpio.gz
17842 initramfs_list
17843 kallsyms
17844-kconfig
17845 keywords.c
17846 ksym.c*
17847 ksym.h*
17848@@ -133,7 +143,9 @@ mkboot
17849 mkbugboot
17850 mkcpustr
17851 mkdep
17852+mkpiggy
17853 mkprep
17854+mkregtable
17855 mktables
17856 mktree
17857 modpost
17858@@ -149,6 +161,7 @@ patches*
17859 pca200e.bin
17860 pca200e_ecd.bin2
17861 piggy.gz
17862+piggy.S
17863 piggyback
17864 pnmtologo
17865 ppc_defs.h*
17866@@ -163,6 +176,7 @@ setup
17867 setup.bin
17868 setup.elf
17869 sImage
17870+slabinfo
17871 sm_tbl*
17872 split-include
17873 syscalltab.h
17874@@ -186,14 +200,20 @@ version.h*
17875 vmlinux
17876 vmlinux-*
17877 vmlinux.aout
17878+vmlinux.bin.all
17879+vmlinux.bin.bz2
17880 vmlinux.lds
17881+vmlinux.relocs
17882+voffset.h
17883 vsyscall.lds
17884 vsyscall_32.lds
17885 wanxlfw.inc
17886 uImage
17887 unifdef
17888+utsrelease.h
17889 wakeup.bin
17890 wakeup.elf
17891 wakeup.lds
17892 zImage*
17893 zconf.hash.c
17894+zoffset.h
17895diff -urNp linux-2.6.32.8/Documentation/kernel-parameters.txt linux-2.6.32.8/Documentation/kernel-parameters.txt
17896--- linux-2.6.32.8/Documentation/kernel-parameters.txt 2010-02-09 07:57:19.000000000 -0500
17897+++ linux-2.6.32.8/Documentation/kernel-parameters.txt 2010-02-13 21:45:09.965912024 -0500
17898@@ -1833,6 +1833,12 @@ and is between 256 and 4096 characters.
17899 the specified number of seconds. This is to be used if
17900 your oopses keep scrolling off the screen.
17901
17902+ pax_nouderef [X86-32] disables UDEREF. Most likely needed under certain
17903+ virtualization environments that don't cope well with the
17904+ expand down segment used by UDEREF on X86-32.
17905+
17906+ pax_softmode= [X86-32] 0/1 to disable/enable PaX softmode on boot already.
17907+
17908 pcbit= [HW,ISDN]
17909
17910 pcd. [PARIDE]
17911diff -urNp linux-2.6.32.8/drivers/acpi/battery.c linux-2.6.32.8/drivers/acpi/battery.c
17912--- linux-2.6.32.8/drivers/acpi/battery.c 2010-02-09 07:57:19.000000000 -0500
17913+++ linux-2.6.32.8/drivers/acpi/battery.c 2010-02-13 21:45:09.965912024 -0500
17914@@ -763,7 +763,7 @@ DECLARE_FILE_FUNCTIONS(alarm);
17915 }
17916
17917 static struct battery_file {
17918- struct file_operations ops;
17919+ const struct file_operations ops;
17920 mode_t mode;
17921 const char *name;
17922 } acpi_battery_file[] = {
17923diff -urNp linux-2.6.32.8/drivers/acpi/blacklist.c linux-2.6.32.8/drivers/acpi/blacklist.c
17924--- linux-2.6.32.8/drivers/acpi/blacklist.c 2010-02-09 07:57:19.000000000 -0500
17925+++ linux-2.6.32.8/drivers/acpi/blacklist.c 2010-02-13 21:45:09.966914395 -0500
17926@@ -73,7 +73,7 @@ static struct acpi_blacklist_item acpi_b
17927 {"IBM ", "TP600E ", 0x00000105, ACPI_SIG_DSDT, less_than_or_equal,
17928 "Incorrect _ADR", 1},
17929
17930- {""}
17931+ {"", "", 0, NULL, all_versions, NULL, 0}
17932 };
17933
17934 #if CONFIG_ACPI_BLACKLIST_YEAR
17935diff -urNp linux-2.6.32.8/drivers/acpi/dock.c linux-2.6.32.8/drivers/acpi/dock.c
17936--- linux-2.6.32.8/drivers/acpi/dock.c 2010-02-09 07:57:19.000000000 -0500
17937+++ linux-2.6.32.8/drivers/acpi/dock.c 2010-02-13 21:45:09.966914395 -0500
17938@@ -77,7 +77,7 @@ struct dock_dependent_device {
17939 struct list_head list;
17940 struct list_head hotplug_list;
17941 acpi_handle handle;
17942- struct acpi_dock_ops *ops;
17943+ const struct acpi_dock_ops *ops;
17944 void *context;
17945 };
17946
17947@@ -605,7 +605,7 @@ EXPORT_SYMBOL_GPL(unregister_dock_notifi
17948 * the dock driver after _DCK is executed.
17949 */
17950 int
17951-register_hotplug_dock_device(acpi_handle handle, struct acpi_dock_ops *ops,
17952+register_hotplug_dock_device(acpi_handle handle, const struct acpi_dock_ops *ops,
17953 void *context)
17954 {
17955 struct dock_dependent_device *dd;
17956diff -urNp linux-2.6.32.8/drivers/acpi/osl.c linux-2.6.32.8/drivers/acpi/osl.c
17957--- linux-2.6.32.8/drivers/acpi/osl.c 2010-02-09 07:57:19.000000000 -0500
17958+++ linux-2.6.32.8/drivers/acpi/osl.c 2010-02-13 21:45:09.966914395 -0500
17959@@ -523,6 +523,8 @@ acpi_os_read_memory(acpi_physical_addres
17960 void __iomem *virt_addr;
17961
17962 virt_addr = ioremap(phys_addr, width);
17963+ if (!virt_addr)
17964+ return AE_NO_MEMORY;
17965 if (!value)
17966 value = &dummy;
17967
17968@@ -551,6 +553,8 @@ acpi_os_write_memory(acpi_physical_addre
17969 void __iomem *virt_addr;
17970
17971 virt_addr = ioremap(phys_addr, width);
17972+ if (!virt_addr)
17973+ return AE_NO_MEMORY;
17974
17975 switch (width) {
17976 case 8:
17977diff -urNp linux-2.6.32.8/drivers/acpi/processor_core.c linux-2.6.32.8/drivers/acpi/processor_core.c
17978--- linux-2.6.32.8/drivers/acpi/processor_core.c 2010-02-09 07:57:19.000000000 -0500
17979+++ linux-2.6.32.8/drivers/acpi/processor_core.c 2010-02-13 21:45:09.967911024 -0500
17980@@ -796,7 +796,7 @@ static int __cpuinit acpi_processor_add(
17981 return 0;
17982 }
17983
17984- BUG_ON((pr->id >= nr_cpu_ids) || (pr->id < 0));
17985+ BUG_ON(pr->id >= nr_cpu_ids);
17986
17987 /*
17988 * Buggy BIOS check
17989diff -urNp linux-2.6.32.8/drivers/acpi/processor_idle.c linux-2.6.32.8/drivers/acpi/processor_idle.c
17990--- linux-2.6.32.8/drivers/acpi/processor_idle.c 2010-02-09 07:57:19.000000000 -0500
17991+++ linux-2.6.32.8/drivers/acpi/processor_idle.c 2010-02-13 21:45:09.967911024 -0500
17992@@ -110,7 +110,7 @@ static struct dmi_system_id __cpuinitdat
17993 DMI_MATCH(DMI_BIOS_VENDOR,"Phoenix Technologies LTD"),
17994 DMI_MATCH(DMI_BIOS_VERSION,"SHE845M0.86C.0013.D.0302131307")},
17995 (void *)2},
17996- {},
17997+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL},
17998 };
17999
18000
18001diff -urNp linux-2.6.32.8/drivers/acpi/sleep.c linux-2.6.32.8/drivers/acpi/sleep.c
18002--- linux-2.6.32.8/drivers/acpi/sleep.c 2010-02-09 07:57:19.000000000 -0500
18003+++ linux-2.6.32.8/drivers/acpi/sleep.c 2010-02-13 21:45:09.968667670 -0500
18004@@ -297,7 +297,7 @@ static int acpi_suspend_state_valid(susp
18005 }
18006 }
18007
18008-static struct platform_suspend_ops acpi_suspend_ops = {
18009+static const struct platform_suspend_ops acpi_suspend_ops = {
18010 .valid = acpi_suspend_state_valid,
18011 .begin = acpi_suspend_begin,
18012 .prepare_late = acpi_pm_prepare,
18013@@ -325,7 +325,7 @@ static int acpi_suspend_begin_old(suspen
18014 * The following callbacks are used if the pre-ACPI 2.0 suspend ordering has
18015 * been requested.
18016 */
18017-static struct platform_suspend_ops acpi_suspend_ops_old = {
18018+static const struct platform_suspend_ops acpi_suspend_ops_old = {
18019 .valid = acpi_suspend_state_valid,
18020 .begin = acpi_suspend_begin_old,
18021 .prepare_late = acpi_pm_disable_gpes,
18022@@ -552,7 +552,7 @@ static void acpi_pm_enable_gpes(void)
18023 acpi_enable_all_runtime_gpes();
18024 }
18025
18026-static struct platform_hibernation_ops acpi_hibernation_ops = {
18027+static const struct platform_hibernation_ops acpi_hibernation_ops = {
18028 .begin = acpi_hibernation_begin,
18029 .end = acpi_pm_end,
18030 .pre_snapshot = acpi_hibernation_pre_snapshot,
18031@@ -605,7 +605,7 @@ static int acpi_hibernation_pre_snapshot
18032 * The following callbacks are used if the pre-ACPI 2.0 suspend ordering has
18033 * been requested.
18034 */
18035-static struct platform_hibernation_ops acpi_hibernation_ops_old = {
18036+static const struct platform_hibernation_ops acpi_hibernation_ops_old = {
18037 .begin = acpi_hibernation_begin_old,
18038 .end = acpi_pm_end,
18039 .pre_snapshot = acpi_hibernation_pre_snapshot_old,
18040diff -urNp linux-2.6.32.8/drivers/acpi/video.c linux-2.6.32.8/drivers/acpi/video.c
18041--- linux-2.6.32.8/drivers/acpi/video.c 2010-02-09 07:57:19.000000000 -0500
18042+++ linux-2.6.32.8/drivers/acpi/video.c 2010-02-13 21:45:09.968667670 -0500
18043@@ -359,7 +359,7 @@ static int acpi_video_set_brightness(str
18044 vd->brightness->levels[request_level]);
18045 }
18046
18047-static struct backlight_ops acpi_backlight_ops = {
18048+static const struct backlight_ops acpi_backlight_ops = {
18049 .get_brightness = acpi_video_get_brightness,
18050 .update_status = acpi_video_set_brightness,
18051 };
18052diff -urNp linux-2.6.32.8/drivers/ata/ahci.c linux-2.6.32.8/drivers/ata/ahci.c
18053--- linux-2.6.32.8/drivers/ata/ahci.c 2010-02-09 07:57:19.000000000 -0500
18054+++ linux-2.6.32.8/drivers/ata/ahci.c 2010-02-13 21:45:09.968667670 -0500
18055@@ -387,7 +387,7 @@ static struct scsi_host_template ahci_sh
18056 .sdev_attrs = ahci_sdev_attrs,
18057 };
18058
18059-static struct ata_port_operations ahci_ops = {
18060+static const struct ata_port_operations ahci_ops = {
18061 .inherits = &sata_pmp_port_ops,
18062
18063 .qc_defer = sata_pmp_qc_defer_cmd_switch,
18064@@ -424,17 +424,17 @@ static struct ata_port_operations ahci_o
18065 .port_stop = ahci_port_stop,
18066 };
18067
18068-static struct ata_port_operations ahci_vt8251_ops = {
18069+static const struct ata_port_operations ahci_vt8251_ops = {
18070 .inherits = &ahci_ops,
18071 .hardreset = ahci_vt8251_hardreset,
18072 };
18073
18074-static struct ata_port_operations ahci_p5wdh_ops = {
18075+static const struct ata_port_operations ahci_p5wdh_ops = {
18076 .inherits = &ahci_ops,
18077 .hardreset = ahci_p5wdh_hardreset,
18078 };
18079
18080-static struct ata_port_operations ahci_sb600_ops = {
18081+static const struct ata_port_operations ahci_sb600_ops = {
18082 .inherits = &ahci_ops,
18083 .softreset = ahci_sb600_softreset,
18084 .pmp_softreset = ahci_sb600_softreset,
18085@@ -681,7 +681,7 @@ static const struct pci_device_id ahci_p
18086 { PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID,
18087 PCI_CLASS_STORAGE_SATA_AHCI, 0xffffff, board_ahci },
18088
18089- { } /* terminate list */
18090+ { 0, 0, 0, 0, 0, 0, 0 } /* terminate list */
18091 };
18092
18093
18094diff -urNp linux-2.6.32.8/drivers/ata/ata_generic.c linux-2.6.32.8/drivers/ata/ata_generic.c
18095--- linux-2.6.32.8/drivers/ata/ata_generic.c 2010-02-09 07:57:19.000000000 -0500
18096+++ linux-2.6.32.8/drivers/ata/ata_generic.c 2010-02-13 21:45:09.969913365 -0500
18097@@ -95,7 +95,7 @@ static struct scsi_host_template generic
18098 ATA_BMDMA_SHT(DRV_NAME),
18099 };
18100
18101-static struct ata_port_operations generic_port_ops = {
18102+static const struct ata_port_operations generic_port_ops = {
18103 .inherits = &ata_bmdma_port_ops,
18104 .cable_detect = ata_cable_unknown,
18105 .set_mode = generic_set_mode,
18106diff -urNp linux-2.6.32.8/drivers/ata/ata_piix.c linux-2.6.32.8/drivers/ata/ata_piix.c
18107--- linux-2.6.32.8/drivers/ata/ata_piix.c 2010-02-09 07:57:19.000000000 -0500
18108+++ linux-2.6.32.8/drivers/ata/ata_piix.c 2010-02-13 21:45:09.969913365 -0500
18109@@ -291,7 +291,7 @@ static const struct pci_device_id piix_p
18110 { 0x8086, 0x3b2d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata },
18111 /* SATA Controller IDE (PCH) */
18112 { 0x8086, 0x3b2e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata },
18113- { } /* terminate list */
18114+ { 0, 0, 0, 0, 0, 0, 0 } /* terminate list */
18115 };
18116
18117 static struct pci_driver piix_pci_driver = {
18118@@ -309,7 +309,7 @@ static struct scsi_host_template piix_sh
18119 ATA_BMDMA_SHT(DRV_NAME),
18120 };
18121
18122-static struct ata_port_operations piix_pata_ops = {
18123+static const struct ata_port_operations piix_pata_ops = {
18124 .inherits = &ata_bmdma32_port_ops,
18125 .cable_detect = ata_cable_40wire,
18126 .set_piomode = piix_set_piomode,
18127@@ -317,22 +317,22 @@ static struct ata_port_operations piix_p
18128 .prereset = piix_pata_prereset,
18129 };
18130
18131-static struct ata_port_operations piix_vmw_ops = {
18132+static const struct ata_port_operations piix_vmw_ops = {
18133 .inherits = &piix_pata_ops,
18134 .bmdma_status = piix_vmw_bmdma_status,
18135 };
18136
18137-static struct ata_port_operations ich_pata_ops = {
18138+static const struct ata_port_operations ich_pata_ops = {
18139 .inherits = &piix_pata_ops,
18140 .cable_detect = ich_pata_cable_detect,
18141 .set_dmamode = ich_set_dmamode,
18142 };
18143
18144-static struct ata_port_operations piix_sata_ops = {
18145+static const struct ata_port_operations piix_sata_ops = {
18146 .inherits = &ata_bmdma_port_ops,
18147 };
18148
18149-static struct ata_port_operations piix_sidpr_sata_ops = {
18150+static const struct ata_port_operations piix_sidpr_sata_ops = {
18151 .inherits = &piix_sata_ops,
18152 .hardreset = sata_std_hardreset,
18153 .scr_read = piix_sidpr_scr_read,
18154@@ -608,7 +608,7 @@ static const struct ich_laptop ich_lapto
18155 { 0x2653, 0x1043, 0x82D8 }, /* ICH6M on Asus Eee 701 */
18156 { 0x27df, 0x104d, 0x900e }, /* ICH7 on Sony TZ-90 */
18157 /* end marker */
18158- { 0, }
18159+ { 0, 0, 0 }
18160 };
18161
18162 /**
18163@@ -1086,7 +1086,7 @@ static int piix_broken_suspend(void)
18164 },
18165 },
18166
18167- { } /* terminate list */
18168+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } /* terminate list */
18169 };
18170 static const char *oemstrs[] = {
18171 "Tecra M3,",
18172diff -urNp linux-2.6.32.8/drivers/ata/libata-acpi.c linux-2.6.32.8/drivers/ata/libata-acpi.c
18173--- linux-2.6.32.8/drivers/ata/libata-acpi.c 2010-02-09 07:57:19.000000000 -0500
18174+++ linux-2.6.32.8/drivers/ata/libata-acpi.c 2010-02-13 21:45:09.970607464 -0500
18175@@ -223,12 +223,12 @@ static void ata_acpi_dev_uevent(acpi_han
18176 ata_acpi_uevent(dev->link->ap, dev, event);
18177 }
18178
18179-static struct acpi_dock_ops ata_acpi_dev_dock_ops = {
18180+static const struct acpi_dock_ops ata_acpi_dev_dock_ops = {
18181 .handler = ata_acpi_dev_notify_dock,
18182 .uevent = ata_acpi_dev_uevent,
18183 };
18184
18185-static struct acpi_dock_ops ata_acpi_ap_dock_ops = {
18186+static const struct acpi_dock_ops ata_acpi_ap_dock_ops = {
18187 .handler = ata_acpi_ap_notify_dock,
18188 .uevent = ata_acpi_ap_uevent,
18189 };
18190diff -urNp linux-2.6.32.8/drivers/ata/libata-core.c linux-2.6.32.8/drivers/ata/libata-core.c
18191--- linux-2.6.32.8/drivers/ata/libata-core.c 2010-02-09 07:57:19.000000000 -0500
18192+++ linux-2.6.32.8/drivers/ata/libata-core.c 2010-02-13 21:45:09.971561414 -0500
18193@@ -896,7 +896,7 @@ static const struct ata_xfer_ent {
18194 { ATA_SHIFT_PIO, ATA_NR_PIO_MODES, XFER_PIO_0 },
18195 { ATA_SHIFT_MWDMA, ATA_NR_MWDMA_MODES, XFER_MW_DMA_0 },
18196 { ATA_SHIFT_UDMA, ATA_NR_UDMA_MODES, XFER_UDMA_0 },
18197- { -1, },
18198+ { -1, 0, 0 }
18199 };
18200
18201 /**
18202@@ -3163,7 +3163,7 @@ static const struct ata_timing ata_timin
18203 { XFER_UDMA_5, 0, 0, 0, 0, 0, 0, 0, 0, 20 },
18204 { XFER_UDMA_6, 0, 0, 0, 0, 0, 0, 0, 0, 15 },
18205
18206- { 0xFF }
18207+ { 0xFF, 0, 0, 0, 0, 0, 0, 0, 0 }
18208 };
18209
18210 #define ENOUGH(v, unit) (((v)-1)/(unit)+1)
18211@@ -4385,7 +4385,7 @@ static const struct ata_blacklist_entry
18212 { "PIONEER DVD-RW DVRTD08", "1.00", ATA_HORKAGE_NOSETXFER },
18213
18214 /* End Marker */
18215- { }
18216+ { NULL, NULL, 0 }
18217 };
18218
18219 static int strn_pattern_cmp(const char *patt, const char *name, int wildchar)
18220@@ -5961,7 +5961,7 @@ static void ata_host_stop(struct device
18221 * LOCKING:
18222 * None.
18223 */
18224-static void ata_finalize_port_ops(struct ata_port_operations *ops)
18225+static void ata_finalize_port_ops(const struct ata_port_operations *ops)
18226 {
18227 static DEFINE_SPINLOCK(lock);
18228 const struct ata_port_operations *cur;
18229@@ -5973,6 +5973,7 @@ static void ata_finalize_port_ops(struct
18230 return;
18231
18232 spin_lock(&lock);
18233+ pax_open_kernel();
18234
18235 for (cur = ops->inherits; cur; cur = cur->inherits) {
18236 void **inherit = (void **)cur;
18237@@ -5986,8 +5987,9 @@ static void ata_finalize_port_ops(struct
18238 if (IS_ERR(*pp))
18239 *pp = NULL;
18240
18241- ops->inherits = NULL;
18242+ ((struct ata_port_operations *)ops)->inherits = NULL;
18243
18244+ pax_close_kernel();
18245 spin_unlock(&lock);
18246 }
18247
18248@@ -6084,7 +6086,7 @@ int ata_host_start(struct ata_host *host
18249 */
18250 /* KILLME - the only user left is ipr */
18251 void ata_host_init(struct ata_host *host, struct device *dev,
18252- unsigned long flags, struct ata_port_operations *ops)
18253+ unsigned long flags, const struct ata_port_operations *ops)
18254 {
18255 spin_lock_init(&host->lock);
18256 host->dev = dev;
18257@@ -6747,7 +6749,7 @@ static void ata_dummy_error_handler(stru
18258 /* truly dummy */
18259 }
18260
18261-struct ata_port_operations ata_dummy_port_ops = {
18262+const struct ata_port_operations ata_dummy_port_ops = {
18263 .qc_prep = ata_noop_qc_prep,
18264 .qc_issue = ata_dummy_qc_issue,
18265 .error_handler = ata_dummy_error_handler,
18266diff -urNp linux-2.6.32.8/drivers/ata/libata-eh.c linux-2.6.32.8/drivers/ata/libata-eh.c
18267--- linux-2.6.32.8/drivers/ata/libata-eh.c 2010-02-09 07:57:19.000000000 -0500
18268+++ linux-2.6.32.8/drivers/ata/libata-eh.c 2010-02-13 21:45:09.972566875 -0500
18269@@ -3581,7 +3581,7 @@ void ata_do_eh(struct ata_port *ap, ata_
18270 */
18271 void ata_std_error_handler(struct ata_port *ap)
18272 {
18273- struct ata_port_operations *ops = ap->ops;
18274+ const struct ata_port_operations *ops = ap->ops;
18275 ata_reset_fn_t hardreset = ops->hardreset;
18276
18277 /* ignore built-in hardreset if SCR access is not available */
18278diff -urNp linux-2.6.32.8/drivers/ata/libata-pmp.c linux-2.6.32.8/drivers/ata/libata-pmp.c
18279--- linux-2.6.32.8/drivers/ata/libata-pmp.c 2010-02-09 07:57:19.000000000 -0500
18280+++ linux-2.6.32.8/drivers/ata/libata-pmp.c 2010-02-13 21:45:09.972566875 -0500
18281@@ -841,7 +841,7 @@ static int sata_pmp_handle_link_fail(str
18282 */
18283 static int sata_pmp_eh_recover(struct ata_port *ap)
18284 {
18285- struct ata_port_operations *ops = ap->ops;
18286+ const struct ata_port_operations *ops = ap->ops;
18287 int pmp_tries, link_tries[SATA_PMP_MAX_PORTS];
18288 struct ata_link *pmp_link = &ap->link;
18289 struct ata_device *pmp_dev = pmp_link->device;
18290diff -urNp linux-2.6.32.8/drivers/ata/pata_acpi.c linux-2.6.32.8/drivers/ata/pata_acpi.c
18291--- linux-2.6.32.8/drivers/ata/pata_acpi.c 2010-02-09 07:57:19.000000000 -0500
18292+++ linux-2.6.32.8/drivers/ata/pata_acpi.c 2010-02-13 21:45:09.972566875 -0500
18293@@ -215,7 +215,7 @@ static struct scsi_host_template pacpi_s
18294 ATA_BMDMA_SHT(DRV_NAME),
18295 };
18296
18297-static struct ata_port_operations pacpi_ops = {
18298+static const struct ata_port_operations pacpi_ops = {
18299 .inherits = &ata_bmdma_port_ops,
18300 .qc_issue = pacpi_qc_issue,
18301 .cable_detect = pacpi_cable_detect,
18302diff -urNp linux-2.6.32.8/drivers/ata/pata_ali.c linux-2.6.32.8/drivers/ata/pata_ali.c
18303--- linux-2.6.32.8/drivers/ata/pata_ali.c 2010-02-09 07:57:19.000000000 -0500
18304+++ linux-2.6.32.8/drivers/ata/pata_ali.c 2010-02-13 21:45:09.972566875 -0500
18305@@ -365,7 +365,7 @@ static struct scsi_host_template ali_sht
18306 * Port operations for PIO only ALi
18307 */
18308
18309-static struct ata_port_operations ali_early_port_ops = {
18310+static const struct ata_port_operations ali_early_port_ops = {
18311 .inherits = &ata_sff_port_ops,
18312 .cable_detect = ata_cable_40wire,
18313 .set_piomode = ali_set_piomode,
18314@@ -382,7 +382,7 @@ static const struct ata_port_operations
18315 * Port operations for DMA capable ALi without cable
18316 * detect
18317 */
18318-static struct ata_port_operations ali_20_port_ops = {
18319+static const struct ata_port_operations ali_20_port_ops = {
18320 .inherits = &ali_dma_base_ops,
18321 .cable_detect = ata_cable_40wire,
18322 .mode_filter = ali_20_filter,
18323@@ -393,7 +393,7 @@ static struct ata_port_operations ali_20
18324 /*
18325 * Port operations for DMA capable ALi with cable detect
18326 */
18327-static struct ata_port_operations ali_c2_port_ops = {
18328+static const struct ata_port_operations ali_c2_port_ops = {
18329 .inherits = &ali_dma_base_ops,
18330 .check_atapi_dma = ali_check_atapi_dma,
18331 .cable_detect = ali_c2_cable_detect,
18332@@ -404,7 +404,7 @@ static struct ata_port_operations ali_c2
18333 /*
18334 * Port operations for DMA capable ALi with cable detect
18335 */
18336-static struct ata_port_operations ali_c4_port_ops = {
18337+static const struct ata_port_operations ali_c4_port_ops = {
18338 .inherits = &ali_dma_base_ops,
18339 .check_atapi_dma = ali_check_atapi_dma,
18340 .cable_detect = ali_c2_cable_detect,
18341@@ -414,7 +414,7 @@ static struct ata_port_operations ali_c4
18342 /*
18343 * Port operations for DMA capable ALi with cable detect and LBA48
18344 */
18345-static struct ata_port_operations ali_c5_port_ops = {
18346+static const struct ata_port_operations ali_c5_port_ops = {
18347 .inherits = &ali_dma_base_ops,
18348 .check_atapi_dma = ali_check_atapi_dma,
18349 .dev_config = ali_warn_atapi_dma,
18350diff -urNp linux-2.6.32.8/drivers/ata/pata_amd.c linux-2.6.32.8/drivers/ata/pata_amd.c
18351--- linux-2.6.32.8/drivers/ata/pata_amd.c 2010-02-09 07:57:19.000000000 -0500
18352+++ linux-2.6.32.8/drivers/ata/pata_amd.c 2010-02-13 21:45:09.973742262 -0500
18353@@ -397,28 +397,28 @@ static const struct ata_port_operations
18354 .prereset = amd_pre_reset,
18355 };
18356
18357-static struct ata_port_operations amd33_port_ops = {
18358+static const struct ata_port_operations amd33_port_ops = {
18359 .inherits = &amd_base_port_ops,
18360 .cable_detect = ata_cable_40wire,
18361 .set_piomode = amd33_set_piomode,
18362 .set_dmamode = amd33_set_dmamode,
18363 };
18364
18365-static struct ata_port_operations amd66_port_ops = {
18366+static const struct ata_port_operations amd66_port_ops = {
18367 .inherits = &amd_base_port_ops,
18368 .cable_detect = ata_cable_unknown,
18369 .set_piomode = amd66_set_piomode,
18370 .set_dmamode = amd66_set_dmamode,
18371 };
18372
18373-static struct ata_port_operations amd100_port_ops = {
18374+static const struct ata_port_operations amd100_port_ops = {
18375 .inherits = &amd_base_port_ops,
18376 .cable_detect = ata_cable_unknown,
18377 .set_piomode = amd100_set_piomode,
18378 .set_dmamode = amd100_set_dmamode,
18379 };
18380
18381-static struct ata_port_operations amd133_port_ops = {
18382+static const struct ata_port_operations amd133_port_ops = {
18383 .inherits = &amd_base_port_ops,
18384 .cable_detect = amd_cable_detect,
18385 .set_piomode = amd133_set_piomode,
18386@@ -433,13 +433,13 @@ static const struct ata_port_operations
18387 .host_stop = nv_host_stop,
18388 };
18389
18390-static struct ata_port_operations nv100_port_ops = {
18391+static const struct ata_port_operations nv100_port_ops = {
18392 .inherits = &nv_base_port_ops,
18393 .set_piomode = nv100_set_piomode,
18394 .set_dmamode = nv100_set_dmamode,
18395 };
18396
18397-static struct ata_port_operations nv133_port_ops = {
18398+static const struct ata_port_operations nv133_port_ops = {
18399 .inherits = &nv_base_port_ops,
18400 .set_piomode = nv133_set_piomode,
18401 .set_dmamode = nv133_set_dmamode,
18402diff -urNp linux-2.6.32.8/drivers/ata/pata_artop.c linux-2.6.32.8/drivers/ata/pata_artop.c
18403--- linux-2.6.32.8/drivers/ata/pata_artop.c 2010-02-09 07:57:19.000000000 -0500
18404+++ linux-2.6.32.8/drivers/ata/pata_artop.c 2010-02-13 21:45:09.973742262 -0500
18405@@ -311,7 +311,7 @@ static struct scsi_host_template artop_s
18406 ATA_BMDMA_SHT(DRV_NAME),
18407 };
18408
18409-static struct ata_port_operations artop6210_ops = {
18410+static const struct ata_port_operations artop6210_ops = {
18411 .inherits = &ata_bmdma_port_ops,
18412 .cable_detect = ata_cable_40wire,
18413 .set_piomode = artop6210_set_piomode,
18414@@ -320,7 +320,7 @@ static struct ata_port_operations artop6
18415 .qc_defer = artop6210_qc_defer,
18416 };
18417
18418-static struct ata_port_operations artop6260_ops = {
18419+static const struct ata_port_operations artop6260_ops = {
18420 .inherits = &ata_bmdma_port_ops,
18421 .cable_detect = artop6260_cable_detect,
18422 .set_piomode = artop6260_set_piomode,
18423diff -urNp linux-2.6.32.8/drivers/ata/pata_at32.c linux-2.6.32.8/drivers/ata/pata_at32.c
18424--- linux-2.6.32.8/drivers/ata/pata_at32.c 2010-02-09 07:57:19.000000000 -0500
18425+++ linux-2.6.32.8/drivers/ata/pata_at32.c 2010-02-13 21:45:09.973742262 -0500
18426@@ -172,7 +172,7 @@ static struct scsi_host_template at32_sh
18427 ATA_PIO_SHT(DRV_NAME),
18428 };
18429
18430-static struct ata_port_operations at32_port_ops = {
18431+static const struct ata_port_operations at32_port_ops = {
18432 .inherits = &ata_sff_port_ops,
18433 .cable_detect = ata_cable_40wire,
18434 .set_piomode = pata_at32_set_piomode,
18435diff -urNp linux-2.6.32.8/drivers/ata/pata_at91.c linux-2.6.32.8/drivers/ata/pata_at91.c
18436--- linux-2.6.32.8/drivers/ata/pata_at91.c 2010-02-09 07:57:19.000000000 -0500
18437+++ linux-2.6.32.8/drivers/ata/pata_at91.c 2010-02-13 21:45:09.973742262 -0500
18438@@ -195,7 +195,7 @@ static struct scsi_host_template pata_at
18439 ATA_PIO_SHT(DRV_NAME),
18440 };
18441
18442-static struct ata_port_operations pata_at91_port_ops = {
18443+static const struct ata_port_operations pata_at91_port_ops = {
18444 .inherits = &ata_sff_port_ops,
18445
18446 .sff_data_xfer = pata_at91_data_xfer_noirq,
18447diff -urNp linux-2.6.32.8/drivers/ata/pata_atiixp.c linux-2.6.32.8/drivers/ata/pata_atiixp.c
18448--- linux-2.6.32.8/drivers/ata/pata_atiixp.c 2010-02-09 07:57:19.000000000 -0500
18449+++ linux-2.6.32.8/drivers/ata/pata_atiixp.c 2010-02-13 21:45:09.973742262 -0500
18450@@ -205,7 +205,7 @@ static struct scsi_host_template atiixp_
18451 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
18452 };
18453
18454-static struct ata_port_operations atiixp_port_ops = {
18455+static const struct ata_port_operations atiixp_port_ops = {
18456 .inherits = &ata_bmdma_port_ops,
18457
18458 .qc_prep = ata_sff_dumb_qc_prep,
18459diff -urNp linux-2.6.32.8/drivers/ata/pata_atp867x.c linux-2.6.32.8/drivers/ata/pata_atp867x.c
18460--- linux-2.6.32.8/drivers/ata/pata_atp867x.c 2010-02-09 07:57:19.000000000 -0500
18461+++ linux-2.6.32.8/drivers/ata/pata_atp867x.c 2010-02-13 21:45:09.973742262 -0500
18462@@ -274,7 +274,7 @@ static struct scsi_host_template atp867x
18463 ATA_BMDMA_SHT(DRV_NAME),
18464 };
18465
18466-static struct ata_port_operations atp867x_ops = {
18467+static const struct ata_port_operations atp867x_ops = {
18468 .inherits = &ata_bmdma_port_ops,
18469 .cable_detect = atp867x_cable_detect,
18470 .set_piomode = atp867x_set_piomode,
18471diff -urNp linux-2.6.32.8/drivers/ata/pata_bf54x.c linux-2.6.32.8/drivers/ata/pata_bf54x.c
18472--- linux-2.6.32.8/drivers/ata/pata_bf54x.c 2010-02-09 07:57:19.000000000 -0500
18473+++ linux-2.6.32.8/drivers/ata/pata_bf54x.c 2010-02-13 21:45:09.974924005 -0500
18474@@ -1464,7 +1464,7 @@ static struct scsi_host_template bfin_sh
18475 .dma_boundary = ATA_DMA_BOUNDARY,
18476 };
18477
18478-static struct ata_port_operations bfin_pata_ops = {
18479+static const struct ata_port_operations bfin_pata_ops = {
18480 .inherits = &ata_sff_port_ops,
18481
18482 .set_piomode = bfin_set_piomode,
18483diff -urNp linux-2.6.32.8/drivers/ata/pata_cmd640.c linux-2.6.32.8/drivers/ata/pata_cmd640.c
18484--- linux-2.6.32.8/drivers/ata/pata_cmd640.c 2010-02-09 07:57:19.000000000 -0500
18485+++ linux-2.6.32.8/drivers/ata/pata_cmd640.c 2010-02-13 21:45:09.974924005 -0500
18486@@ -168,7 +168,7 @@ static struct scsi_host_template cmd640_
18487 ATA_BMDMA_SHT(DRV_NAME),
18488 };
18489
18490-static struct ata_port_operations cmd640_port_ops = {
18491+static const struct ata_port_operations cmd640_port_ops = {
18492 .inherits = &ata_bmdma_port_ops,
18493 /* In theory xfer_noirq is not needed once we kill the prefetcher */
18494 .sff_data_xfer = ata_sff_data_xfer_noirq,
18495diff -urNp linux-2.6.32.8/drivers/ata/pata_cmd64x.c linux-2.6.32.8/drivers/ata/pata_cmd64x.c
18496--- linux-2.6.32.8/drivers/ata/pata_cmd64x.c 2010-02-09 07:57:19.000000000 -0500
18497+++ linux-2.6.32.8/drivers/ata/pata_cmd64x.c 2010-02-13 21:45:09.974924005 -0500
18498@@ -275,18 +275,18 @@ static const struct ata_port_operations
18499 .set_dmamode = cmd64x_set_dmamode,
18500 };
18501
18502-static struct ata_port_operations cmd64x_port_ops = {
18503+static const struct ata_port_operations cmd64x_port_ops = {
18504 .inherits = &cmd64x_base_ops,
18505 .cable_detect = ata_cable_40wire,
18506 };
18507
18508-static struct ata_port_operations cmd646r1_port_ops = {
18509+static const struct ata_port_operations cmd646r1_port_ops = {
18510 .inherits = &cmd64x_base_ops,
18511 .bmdma_stop = cmd646r1_bmdma_stop,
18512 .cable_detect = ata_cable_40wire,
18513 };
18514
18515-static struct ata_port_operations cmd648_port_ops = {
18516+static const struct ata_port_operations cmd648_port_ops = {
18517 .inherits = &cmd64x_base_ops,
18518 .bmdma_stop = cmd648_bmdma_stop,
18519 .cable_detect = cmd648_cable_detect,
18520diff -urNp linux-2.6.32.8/drivers/ata/pata_cs5520.c linux-2.6.32.8/drivers/ata/pata_cs5520.c
18521--- linux-2.6.32.8/drivers/ata/pata_cs5520.c 2010-02-09 07:57:19.000000000 -0500
18522+++ linux-2.6.32.8/drivers/ata/pata_cs5520.c 2010-02-13 21:45:09.974924005 -0500
18523@@ -144,7 +144,7 @@ static struct scsi_host_template cs5520_
18524 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
18525 };
18526
18527-static struct ata_port_operations cs5520_port_ops = {
18528+static const struct ata_port_operations cs5520_port_ops = {
18529 .inherits = &ata_bmdma_port_ops,
18530 .qc_prep = ata_sff_dumb_qc_prep,
18531 .cable_detect = ata_cable_40wire,
18532diff -urNp linux-2.6.32.8/drivers/ata/pata_cs5530.c linux-2.6.32.8/drivers/ata/pata_cs5530.c
18533--- linux-2.6.32.8/drivers/ata/pata_cs5530.c 2010-02-09 07:57:19.000000000 -0500
18534+++ linux-2.6.32.8/drivers/ata/pata_cs5530.c 2010-02-13 21:45:09.974924005 -0500
18535@@ -164,7 +164,7 @@ static struct scsi_host_template cs5530_
18536 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
18537 };
18538
18539-static struct ata_port_operations cs5530_port_ops = {
18540+static const struct ata_port_operations cs5530_port_ops = {
18541 .inherits = &ata_bmdma_port_ops,
18542
18543 .qc_prep = ata_sff_dumb_qc_prep,
18544diff -urNp linux-2.6.32.8/drivers/ata/pata_cs5535.c linux-2.6.32.8/drivers/ata/pata_cs5535.c
18545--- linux-2.6.32.8/drivers/ata/pata_cs5535.c 2010-02-09 07:57:19.000000000 -0500
18546+++ linux-2.6.32.8/drivers/ata/pata_cs5535.c 2010-02-13 21:45:09.975874127 -0500
18547@@ -160,7 +160,7 @@ static struct scsi_host_template cs5535_
18548 ATA_BMDMA_SHT(DRV_NAME),
18549 };
18550
18551-static struct ata_port_operations cs5535_port_ops = {
18552+static const struct ata_port_operations cs5535_port_ops = {
18553 .inherits = &ata_bmdma_port_ops,
18554 .cable_detect = cs5535_cable_detect,
18555 .set_piomode = cs5535_set_piomode,
18556diff -urNp linux-2.6.32.8/drivers/ata/pata_cs5536.c linux-2.6.32.8/drivers/ata/pata_cs5536.c
18557--- linux-2.6.32.8/drivers/ata/pata_cs5536.c 2010-02-09 07:57:19.000000000 -0500
18558+++ linux-2.6.32.8/drivers/ata/pata_cs5536.c 2010-02-13 21:45:09.975874127 -0500
18559@@ -223,7 +223,7 @@ static struct scsi_host_template cs5536_
18560 ATA_BMDMA_SHT(DRV_NAME),
18561 };
18562
18563-static struct ata_port_operations cs5536_port_ops = {
18564+static const struct ata_port_operations cs5536_port_ops = {
18565 .inherits = &ata_bmdma_port_ops,
18566 .cable_detect = cs5536_cable_detect,
18567 .set_piomode = cs5536_set_piomode,
18568diff -urNp linux-2.6.32.8/drivers/ata/pata_cypress.c linux-2.6.32.8/drivers/ata/pata_cypress.c
18569--- linux-2.6.32.8/drivers/ata/pata_cypress.c 2010-02-09 07:57:19.000000000 -0500
18570+++ linux-2.6.32.8/drivers/ata/pata_cypress.c 2010-02-13 21:45:09.975874127 -0500
18571@@ -113,7 +113,7 @@ static struct scsi_host_template cy82c69
18572 ATA_BMDMA_SHT(DRV_NAME),
18573 };
18574
18575-static struct ata_port_operations cy82c693_port_ops = {
18576+static const struct ata_port_operations cy82c693_port_ops = {
18577 .inherits = &ata_bmdma_port_ops,
18578 .cable_detect = ata_cable_40wire,
18579 .set_piomode = cy82c693_set_piomode,
18580diff -urNp linux-2.6.32.8/drivers/ata/pata_efar.c linux-2.6.32.8/drivers/ata/pata_efar.c
18581--- linux-2.6.32.8/drivers/ata/pata_efar.c 2010-02-09 07:57:19.000000000 -0500
18582+++ linux-2.6.32.8/drivers/ata/pata_efar.c 2010-02-13 21:45:09.975874127 -0500
18583@@ -222,7 +222,7 @@ static struct scsi_host_template efar_sh
18584 ATA_BMDMA_SHT(DRV_NAME),
18585 };
18586
18587-static struct ata_port_operations efar_ops = {
18588+static const struct ata_port_operations efar_ops = {
18589 .inherits = &ata_bmdma_port_ops,
18590 .cable_detect = efar_cable_detect,
18591 .set_piomode = efar_set_piomode,
18592diff -urNp linux-2.6.32.8/drivers/ata/pata_hpt366.c linux-2.6.32.8/drivers/ata/pata_hpt366.c
18593--- linux-2.6.32.8/drivers/ata/pata_hpt366.c 2010-02-09 07:57:19.000000000 -0500
18594+++ linux-2.6.32.8/drivers/ata/pata_hpt366.c 2010-02-13 21:45:09.975874127 -0500
18595@@ -282,7 +282,7 @@ static struct scsi_host_template hpt36x_
18596 * Configuration for HPT366/68
18597 */
18598
18599-static struct ata_port_operations hpt366_port_ops = {
18600+static const struct ata_port_operations hpt366_port_ops = {
18601 .inherits = &ata_bmdma_port_ops,
18602 .cable_detect = hpt36x_cable_detect,
18603 .mode_filter = hpt366_filter,
18604diff -urNp linux-2.6.32.8/drivers/ata/pata_hpt37x.c linux-2.6.32.8/drivers/ata/pata_hpt37x.c
18605--- linux-2.6.32.8/drivers/ata/pata_hpt37x.c 2010-02-09 07:57:19.000000000 -0500
18606+++ linux-2.6.32.8/drivers/ata/pata_hpt37x.c 2010-02-13 21:45:09.976718792 -0500
18607@@ -576,7 +576,7 @@ static struct scsi_host_template hpt37x_
18608 * Configuration for HPT370
18609 */
18610
18611-static struct ata_port_operations hpt370_port_ops = {
18612+static const struct ata_port_operations hpt370_port_ops = {
18613 .inherits = &ata_bmdma_port_ops,
18614
18615 .bmdma_stop = hpt370_bmdma_stop,
18616@@ -591,7 +591,7 @@ static struct ata_port_operations hpt370
18617 * Configuration for HPT370A. Close to 370 but less filters
18618 */
18619
18620-static struct ata_port_operations hpt370a_port_ops = {
18621+static const struct ata_port_operations hpt370a_port_ops = {
18622 .inherits = &hpt370_port_ops,
18623 .mode_filter = hpt370a_filter,
18624 };
18625@@ -601,7 +601,7 @@ static struct ata_port_operations hpt370
18626 * and DMA mode setting functionality.
18627 */
18628
18629-static struct ata_port_operations hpt372_port_ops = {
18630+static const struct ata_port_operations hpt372_port_ops = {
18631 .inherits = &ata_bmdma_port_ops,
18632
18633 .bmdma_stop = hpt37x_bmdma_stop,
18634@@ -616,7 +616,7 @@ static struct ata_port_operations hpt372
18635 * but we have a different cable detection procedure for function 1.
18636 */
18637
18638-static struct ata_port_operations hpt374_fn1_port_ops = {
18639+static const struct ata_port_operations hpt374_fn1_port_ops = {
18640 .inherits = &hpt372_port_ops,
18641 .prereset = hpt374_fn1_pre_reset,
18642 };
18643diff -urNp linux-2.6.32.8/drivers/ata/pata_hpt3x2n.c linux-2.6.32.8/drivers/ata/pata_hpt3x2n.c
18644--- linux-2.6.32.8/drivers/ata/pata_hpt3x2n.c 2010-02-09 07:57:19.000000000 -0500
18645+++ linux-2.6.32.8/drivers/ata/pata_hpt3x2n.c 2010-02-13 21:45:09.976718792 -0500
18646@@ -337,7 +337,7 @@ static struct scsi_host_template hpt3x2n
18647 * Configuration for HPT3x2n.
18648 */
18649
18650-static struct ata_port_operations hpt3x2n_port_ops = {
18651+static const struct ata_port_operations hpt3x2n_port_ops = {
18652 .inherits = &ata_bmdma_port_ops,
18653
18654 .bmdma_stop = hpt3x2n_bmdma_stop,
18655diff -urNp linux-2.6.32.8/drivers/ata/pata_hpt3x3.c linux-2.6.32.8/drivers/ata/pata_hpt3x3.c
18656--- linux-2.6.32.8/drivers/ata/pata_hpt3x3.c 2010-02-09 07:57:19.000000000 -0500
18657+++ linux-2.6.32.8/drivers/ata/pata_hpt3x3.c 2010-02-13 21:45:09.976718792 -0500
18658@@ -141,7 +141,7 @@ static struct scsi_host_template hpt3x3_
18659 ATA_BMDMA_SHT(DRV_NAME),
18660 };
18661
18662-static struct ata_port_operations hpt3x3_port_ops = {
18663+static const struct ata_port_operations hpt3x3_port_ops = {
18664 .inherits = &ata_bmdma_port_ops,
18665 .cable_detect = ata_cable_40wire,
18666 .set_piomode = hpt3x3_set_piomode,
18667diff -urNp linux-2.6.32.8/drivers/ata/pata_icside.c linux-2.6.32.8/drivers/ata/pata_icside.c
18668--- linux-2.6.32.8/drivers/ata/pata_icside.c 2010-02-09 07:57:19.000000000 -0500
18669+++ linux-2.6.32.8/drivers/ata/pata_icside.c 2010-02-13 21:45:09.976718792 -0500
18670@@ -319,7 +319,7 @@ static void pata_icside_postreset(struct
18671 }
18672 }
18673
18674-static struct ata_port_operations pata_icside_port_ops = {
18675+static const struct ata_port_operations pata_icside_port_ops = {
18676 .inherits = &ata_sff_port_ops,
18677 /* no need to build any PRD tables for DMA */
18678 .qc_prep = ata_noop_qc_prep,
18679diff -urNp linux-2.6.32.8/drivers/ata/pata_isapnp.c linux-2.6.32.8/drivers/ata/pata_isapnp.c
18680--- linux-2.6.32.8/drivers/ata/pata_isapnp.c 2010-02-09 07:57:19.000000000 -0500
18681+++ linux-2.6.32.8/drivers/ata/pata_isapnp.c 2010-02-13 21:45:09.976718792 -0500
18682@@ -23,12 +23,12 @@ static struct scsi_host_template isapnp_
18683 ATA_PIO_SHT(DRV_NAME),
18684 };
18685
18686-static struct ata_port_operations isapnp_port_ops = {
18687+static const struct ata_port_operations isapnp_port_ops = {
18688 .inherits = &ata_sff_port_ops,
18689 .cable_detect = ata_cable_40wire,
18690 };
18691
18692-static struct ata_port_operations isapnp_noalt_port_ops = {
18693+static const struct ata_port_operations isapnp_noalt_port_ops = {
18694 .inherits = &ata_sff_port_ops,
18695 .cable_detect = ata_cable_40wire,
18696 /* No altstatus so we don't want to use the lost interrupt poll */
18697diff -urNp linux-2.6.32.8/drivers/ata/pata_it8213.c linux-2.6.32.8/drivers/ata/pata_it8213.c
18698--- linux-2.6.32.8/drivers/ata/pata_it8213.c 2010-02-09 07:57:19.000000000 -0500
18699+++ linux-2.6.32.8/drivers/ata/pata_it8213.c 2010-02-13 21:45:09.977915761 -0500
18700@@ -234,7 +234,7 @@ static struct scsi_host_template it8213_
18701 };
18702
18703
18704-static struct ata_port_operations it8213_ops = {
18705+static const struct ata_port_operations it8213_ops = {
18706 .inherits = &ata_bmdma_port_ops,
18707 .cable_detect = it8213_cable_detect,
18708 .set_piomode = it8213_set_piomode,
18709diff -urNp linux-2.6.32.8/drivers/ata/pata_it821x.c linux-2.6.32.8/drivers/ata/pata_it821x.c
18710--- linux-2.6.32.8/drivers/ata/pata_it821x.c 2010-02-09 07:57:19.000000000 -0500
18711+++ linux-2.6.32.8/drivers/ata/pata_it821x.c 2010-02-13 21:45:09.977915761 -0500
18712@@ -800,7 +800,7 @@ static struct scsi_host_template it821x_
18713 ATA_BMDMA_SHT(DRV_NAME),
18714 };
18715
18716-static struct ata_port_operations it821x_smart_port_ops = {
18717+static const struct ata_port_operations it821x_smart_port_ops = {
18718 .inherits = &ata_bmdma_port_ops,
18719
18720 .check_atapi_dma= it821x_check_atapi_dma,
18721@@ -814,7 +814,7 @@ static struct ata_port_operations it821x
18722 .port_start = it821x_port_start,
18723 };
18724
18725-static struct ata_port_operations it821x_passthru_port_ops = {
18726+static const struct ata_port_operations it821x_passthru_port_ops = {
18727 .inherits = &ata_bmdma_port_ops,
18728
18729 .check_atapi_dma= it821x_check_atapi_dma,
18730@@ -830,7 +830,7 @@ static struct ata_port_operations it821x
18731 .port_start = it821x_port_start,
18732 };
18733
18734-static struct ata_port_operations it821x_rdc_port_ops = {
18735+static const struct ata_port_operations it821x_rdc_port_ops = {
18736 .inherits = &ata_bmdma_port_ops,
18737
18738 .check_atapi_dma= it821x_check_atapi_dma,
18739diff -urNp linux-2.6.32.8/drivers/ata/pata_ixp4xx_cf.c linux-2.6.32.8/drivers/ata/pata_ixp4xx_cf.c
18740--- linux-2.6.32.8/drivers/ata/pata_ixp4xx_cf.c 2010-02-09 07:57:19.000000000 -0500
18741+++ linux-2.6.32.8/drivers/ata/pata_ixp4xx_cf.c 2010-02-13 21:45:09.977915761 -0500
18742@@ -89,7 +89,7 @@ static struct scsi_host_template ixp4xx_
18743 ATA_PIO_SHT(DRV_NAME),
18744 };
18745
18746-static struct ata_port_operations ixp4xx_port_ops = {
18747+static const struct ata_port_operations ixp4xx_port_ops = {
18748 .inherits = &ata_sff_port_ops,
18749 .sff_data_xfer = ixp4xx_mmio_data_xfer,
18750 .cable_detect = ata_cable_40wire,
18751diff -urNp linux-2.6.32.8/drivers/ata/pata_jmicron.c linux-2.6.32.8/drivers/ata/pata_jmicron.c
18752--- linux-2.6.32.8/drivers/ata/pata_jmicron.c 2010-02-09 07:57:19.000000000 -0500
18753+++ linux-2.6.32.8/drivers/ata/pata_jmicron.c 2010-02-13 21:45:09.977915761 -0500
18754@@ -111,7 +111,7 @@ static struct scsi_host_template jmicron
18755 ATA_BMDMA_SHT(DRV_NAME),
18756 };
18757
18758-static struct ata_port_operations jmicron_ops = {
18759+static const struct ata_port_operations jmicron_ops = {
18760 .inherits = &ata_bmdma_port_ops,
18761 .prereset = jmicron_pre_reset,
18762 };
18763diff -urNp linux-2.6.32.8/drivers/ata/pata_legacy.c linux-2.6.32.8/drivers/ata/pata_legacy.c
18764--- linux-2.6.32.8/drivers/ata/pata_legacy.c 2010-02-09 07:57:19.000000000 -0500
18765+++ linux-2.6.32.8/drivers/ata/pata_legacy.c 2010-02-13 21:45:09.978723801 -0500
18766@@ -106,7 +106,7 @@ struct legacy_probe {
18767
18768 struct legacy_controller {
18769 const char *name;
18770- struct ata_port_operations *ops;
18771+ const struct ata_port_operations *ops;
18772 unsigned int pio_mask;
18773 unsigned int flags;
18774 unsigned int pflags;
18775@@ -223,12 +223,12 @@ static const struct ata_port_operations
18776 * pio_mask as well.
18777 */
18778
18779-static struct ata_port_operations simple_port_ops = {
18780+static const struct ata_port_operations simple_port_ops = {
18781 .inherits = &legacy_base_port_ops,
18782 .sff_data_xfer = ata_sff_data_xfer_noirq,
18783 };
18784
18785-static struct ata_port_operations legacy_port_ops = {
18786+static const struct ata_port_operations legacy_port_ops = {
18787 .inherits = &legacy_base_port_ops,
18788 .sff_data_xfer = ata_sff_data_xfer_noirq,
18789 .set_mode = legacy_set_mode,
18790@@ -324,7 +324,7 @@ static unsigned int pdc_data_xfer_vlb(st
18791 return buflen;
18792 }
18793
18794-static struct ata_port_operations pdc20230_port_ops = {
18795+static const struct ata_port_operations pdc20230_port_ops = {
18796 .inherits = &legacy_base_port_ops,
18797 .set_piomode = pdc20230_set_piomode,
18798 .sff_data_xfer = pdc_data_xfer_vlb,
18799@@ -357,7 +357,7 @@ static void ht6560a_set_piomode(struct a
18800 ioread8(ap->ioaddr.status_addr);
18801 }
18802
18803-static struct ata_port_operations ht6560a_port_ops = {
18804+static const struct ata_port_operations ht6560a_port_ops = {
18805 .inherits = &legacy_base_port_ops,
18806 .set_piomode = ht6560a_set_piomode,
18807 };
18808@@ -400,7 +400,7 @@ static void ht6560b_set_piomode(struct a
18809 ioread8(ap->ioaddr.status_addr);
18810 }
18811
18812-static struct ata_port_operations ht6560b_port_ops = {
18813+static const struct ata_port_operations ht6560b_port_ops = {
18814 .inherits = &legacy_base_port_ops,
18815 .set_piomode = ht6560b_set_piomode,
18816 };
18817@@ -499,7 +499,7 @@ static void opti82c611a_set_piomode(stru
18818 }
18819
18820
18821-static struct ata_port_operations opti82c611a_port_ops = {
18822+static const struct ata_port_operations opti82c611a_port_ops = {
18823 .inherits = &legacy_base_port_ops,
18824 .set_piomode = opti82c611a_set_piomode,
18825 };
18826@@ -609,7 +609,7 @@ static unsigned int opti82c46x_qc_issue(
18827 return ata_sff_qc_issue(qc);
18828 }
18829
18830-static struct ata_port_operations opti82c46x_port_ops = {
18831+static const struct ata_port_operations opti82c46x_port_ops = {
18832 .inherits = &legacy_base_port_ops,
18833 .set_piomode = opti82c46x_set_piomode,
18834 .qc_issue = opti82c46x_qc_issue,
18835@@ -771,20 +771,20 @@ static int qdi_port(struct platform_devi
18836 return 0;
18837 }
18838
18839-static struct ata_port_operations qdi6500_port_ops = {
18840+static const struct ata_port_operations qdi6500_port_ops = {
18841 .inherits = &legacy_base_port_ops,
18842 .set_piomode = qdi6500_set_piomode,
18843 .qc_issue = qdi_qc_issue,
18844 .sff_data_xfer = vlb32_data_xfer,
18845 };
18846
18847-static struct ata_port_operations qdi6580_port_ops = {
18848+static const struct ata_port_operations qdi6580_port_ops = {
18849 .inherits = &legacy_base_port_ops,
18850 .set_piomode = qdi6580_set_piomode,
18851 .sff_data_xfer = vlb32_data_xfer,
18852 };
18853
18854-static struct ata_port_operations qdi6580dp_port_ops = {
18855+static const struct ata_port_operations qdi6580dp_port_ops = {
18856 .inherits = &legacy_base_port_ops,
18857 .set_piomode = qdi6580dp_set_piomode,
18858 .sff_data_xfer = vlb32_data_xfer,
18859@@ -855,7 +855,7 @@ static int winbond_port(struct platform_
18860 return 0;
18861 }
18862
18863-static struct ata_port_operations winbond_port_ops = {
18864+static const struct ata_port_operations winbond_port_ops = {
18865 .inherits = &legacy_base_port_ops,
18866 .set_piomode = winbond_set_piomode,
18867 .sff_data_xfer = vlb32_data_xfer,
18868@@ -978,7 +978,7 @@ static __init int legacy_init_one(struct
18869 int pio_modes = controller->pio_mask;
18870 unsigned long io = probe->port;
18871 u32 mask = (1 << probe->slot);
18872- struct ata_port_operations *ops = controller->ops;
18873+ const struct ata_port_operations *ops = controller->ops;
18874 struct legacy_data *ld = &legacy_data[probe->slot];
18875 struct ata_host *host = NULL;
18876 struct ata_port *ap;
18877diff -urNp linux-2.6.32.8/drivers/ata/pata_marvell.c linux-2.6.32.8/drivers/ata/pata_marvell.c
18878--- linux-2.6.32.8/drivers/ata/pata_marvell.c 2010-02-09 07:57:19.000000000 -0500
18879+++ linux-2.6.32.8/drivers/ata/pata_marvell.c 2010-02-13 21:45:09.978723801 -0500
18880@@ -100,7 +100,7 @@ static struct scsi_host_template marvell
18881 ATA_BMDMA_SHT(DRV_NAME),
18882 };
18883
18884-static struct ata_port_operations marvell_ops = {
18885+static const struct ata_port_operations marvell_ops = {
18886 .inherits = &ata_bmdma_port_ops,
18887 .cable_detect = marvell_cable_detect,
18888 .prereset = marvell_pre_reset,
18889diff -urNp linux-2.6.32.8/drivers/ata/pata_mpc52xx.c linux-2.6.32.8/drivers/ata/pata_mpc52xx.c
18890--- linux-2.6.32.8/drivers/ata/pata_mpc52xx.c 2010-02-09 07:57:19.000000000 -0500
18891+++ linux-2.6.32.8/drivers/ata/pata_mpc52xx.c 2010-02-13 21:45:09.978723801 -0500
18892@@ -609,7 +609,7 @@ static struct scsi_host_template mpc52xx
18893 ATA_PIO_SHT(DRV_NAME),
18894 };
18895
18896-static struct ata_port_operations mpc52xx_ata_port_ops = {
18897+static const struct ata_port_operations mpc52xx_ata_port_ops = {
18898 .inherits = &ata_sff_port_ops,
18899 .sff_dev_select = mpc52xx_ata_dev_select,
18900 .set_piomode = mpc52xx_ata_set_piomode,
18901diff -urNp linux-2.6.32.8/drivers/ata/pata_mpiix.c linux-2.6.32.8/drivers/ata/pata_mpiix.c
18902--- linux-2.6.32.8/drivers/ata/pata_mpiix.c 2010-02-09 07:57:19.000000000 -0500
18903+++ linux-2.6.32.8/drivers/ata/pata_mpiix.c 2010-02-13 21:45:09.978723801 -0500
18904@@ -140,7 +140,7 @@ static struct scsi_host_template mpiix_s
18905 ATA_PIO_SHT(DRV_NAME),
18906 };
18907
18908-static struct ata_port_operations mpiix_port_ops = {
18909+static const struct ata_port_operations mpiix_port_ops = {
18910 .inherits = &ata_sff_port_ops,
18911 .qc_issue = mpiix_qc_issue,
18912 .cable_detect = ata_cable_40wire,
18913diff -urNp linux-2.6.32.8/drivers/ata/pata_netcell.c linux-2.6.32.8/drivers/ata/pata_netcell.c
18914--- linux-2.6.32.8/drivers/ata/pata_netcell.c 2010-02-09 07:57:19.000000000 -0500
18915+++ linux-2.6.32.8/drivers/ata/pata_netcell.c 2010-02-13 21:45:09.978723801 -0500
18916@@ -34,7 +34,7 @@ static struct scsi_host_template netcell
18917 ATA_BMDMA_SHT(DRV_NAME),
18918 };
18919
18920-static struct ata_port_operations netcell_ops = {
18921+static const struct ata_port_operations netcell_ops = {
18922 .inherits = &ata_bmdma_port_ops,
18923 .cable_detect = ata_cable_80wire,
18924 .read_id = netcell_read_id,
18925diff -urNp linux-2.6.32.8/drivers/ata/pata_ninja32.c linux-2.6.32.8/drivers/ata/pata_ninja32.c
18926--- linux-2.6.32.8/drivers/ata/pata_ninja32.c 2010-02-09 07:57:19.000000000 -0500
18927+++ linux-2.6.32.8/drivers/ata/pata_ninja32.c 2010-02-13 21:45:09.978723801 -0500
18928@@ -81,7 +81,7 @@ static struct scsi_host_template ninja32
18929 ATA_BMDMA_SHT(DRV_NAME),
18930 };
18931
18932-static struct ata_port_operations ninja32_port_ops = {
18933+static const struct ata_port_operations ninja32_port_ops = {
18934 .inherits = &ata_bmdma_port_ops,
18935 .sff_dev_select = ninja32_dev_select,
18936 .cable_detect = ata_cable_40wire,
18937diff -urNp linux-2.6.32.8/drivers/ata/pata_ns87410.c linux-2.6.32.8/drivers/ata/pata_ns87410.c
18938--- linux-2.6.32.8/drivers/ata/pata_ns87410.c 2010-02-09 07:57:19.000000000 -0500
18939+++ linux-2.6.32.8/drivers/ata/pata_ns87410.c 2010-02-13 21:45:09.979916980 -0500
18940@@ -132,7 +132,7 @@ static struct scsi_host_template ns87410
18941 ATA_PIO_SHT(DRV_NAME),
18942 };
18943
18944-static struct ata_port_operations ns87410_port_ops = {
18945+static const struct ata_port_operations ns87410_port_ops = {
18946 .inherits = &ata_sff_port_ops,
18947 .qc_issue = ns87410_qc_issue,
18948 .cable_detect = ata_cable_40wire,
18949diff -urNp linux-2.6.32.8/drivers/ata/pata_ns87415.c linux-2.6.32.8/drivers/ata/pata_ns87415.c
18950--- linux-2.6.32.8/drivers/ata/pata_ns87415.c 2010-02-09 07:57:19.000000000 -0500
18951+++ linux-2.6.32.8/drivers/ata/pata_ns87415.c 2010-02-13 21:45:09.979916980 -0500
18952@@ -299,7 +299,7 @@ static u8 ns87560_bmdma_status(struct at
18953 }
18954 #endif /* 87560 SuperIO Support */
18955
18956-static struct ata_port_operations ns87415_pata_ops = {
18957+static const struct ata_port_operations ns87415_pata_ops = {
18958 .inherits = &ata_bmdma_port_ops,
18959
18960 .check_atapi_dma = ns87415_check_atapi_dma,
18961@@ -313,7 +313,7 @@ static struct ata_port_operations ns8741
18962 };
18963
18964 #if defined(CONFIG_SUPERIO)
18965-static struct ata_port_operations ns87560_pata_ops = {
18966+static const struct ata_port_operations ns87560_pata_ops = {
18967 .inherits = &ns87415_pata_ops,
18968 .sff_tf_read = ns87560_tf_read,
18969 .sff_check_status = ns87560_check_status,
18970diff -urNp linux-2.6.32.8/drivers/ata/pata_octeon_cf.c linux-2.6.32.8/drivers/ata/pata_octeon_cf.c
18971--- linux-2.6.32.8/drivers/ata/pata_octeon_cf.c 2010-02-09 07:57:19.000000000 -0500
18972+++ linux-2.6.32.8/drivers/ata/pata_octeon_cf.c 2010-02-13 21:45:09.980545710 -0500
18973@@ -801,6 +801,7 @@ static unsigned int octeon_cf_qc_issue(s
18974 return 0;
18975 }
18976
18977+/* cannot be const */
18978 static struct ata_port_operations octeon_cf_ops = {
18979 .inherits = &ata_sff_port_ops,
18980 .check_atapi_dma = octeon_cf_check_atapi_dma,
18981diff -urNp linux-2.6.32.8/drivers/ata/pata_oldpiix.c linux-2.6.32.8/drivers/ata/pata_oldpiix.c
18982--- linux-2.6.32.8/drivers/ata/pata_oldpiix.c 2010-02-09 07:57:19.000000000 -0500
18983+++ linux-2.6.32.8/drivers/ata/pata_oldpiix.c 2010-02-13 21:45:09.980545710 -0500
18984@@ -208,7 +208,7 @@ static struct scsi_host_template oldpiix
18985 ATA_BMDMA_SHT(DRV_NAME),
18986 };
18987
18988-static struct ata_port_operations oldpiix_pata_ops = {
18989+static const struct ata_port_operations oldpiix_pata_ops = {
18990 .inherits = &ata_bmdma_port_ops,
18991 .qc_issue = oldpiix_qc_issue,
18992 .cable_detect = ata_cable_40wire,
18993diff -urNp linux-2.6.32.8/drivers/ata/pata_opti.c linux-2.6.32.8/drivers/ata/pata_opti.c
18994--- linux-2.6.32.8/drivers/ata/pata_opti.c 2010-02-09 07:57:19.000000000 -0500
18995+++ linux-2.6.32.8/drivers/ata/pata_opti.c 2010-02-13 21:45:09.980545710 -0500
18996@@ -152,7 +152,7 @@ static struct scsi_host_template opti_sh
18997 ATA_PIO_SHT(DRV_NAME),
18998 };
18999
19000-static struct ata_port_operations opti_port_ops = {
19001+static const struct ata_port_operations opti_port_ops = {
19002 .inherits = &ata_sff_port_ops,
19003 .cable_detect = ata_cable_40wire,
19004 .set_piomode = opti_set_piomode,
19005diff -urNp linux-2.6.32.8/drivers/ata/pata_optidma.c linux-2.6.32.8/drivers/ata/pata_optidma.c
19006--- linux-2.6.32.8/drivers/ata/pata_optidma.c 2010-02-09 07:57:19.000000000 -0500
19007+++ linux-2.6.32.8/drivers/ata/pata_optidma.c 2010-02-13 21:45:09.980545710 -0500
19008@@ -337,7 +337,7 @@ static struct scsi_host_template optidma
19009 ATA_BMDMA_SHT(DRV_NAME),
19010 };
19011
19012-static struct ata_port_operations optidma_port_ops = {
19013+static const struct ata_port_operations optidma_port_ops = {
19014 .inherits = &ata_bmdma_port_ops,
19015 .cable_detect = ata_cable_40wire,
19016 .set_piomode = optidma_set_pio_mode,
19017@@ -346,7 +346,7 @@ static struct ata_port_operations optidm
19018 .prereset = optidma_pre_reset,
19019 };
19020
19021-static struct ata_port_operations optiplus_port_ops = {
19022+static const struct ata_port_operations optiplus_port_ops = {
19023 .inherits = &optidma_port_ops,
19024 .set_piomode = optiplus_set_pio_mode,
19025 .set_dmamode = optiplus_set_dma_mode,
19026diff -urNp linux-2.6.32.8/drivers/ata/pata_palmld.c linux-2.6.32.8/drivers/ata/pata_palmld.c
19027--- linux-2.6.32.8/drivers/ata/pata_palmld.c 2010-02-09 07:57:19.000000000 -0500
19028+++ linux-2.6.32.8/drivers/ata/pata_palmld.c 2010-02-13 21:45:09.980545710 -0500
19029@@ -37,7 +37,7 @@ static struct scsi_host_template palmld_
19030 ATA_PIO_SHT(DRV_NAME),
19031 };
19032
19033-static struct ata_port_operations palmld_port_ops = {
19034+static const struct ata_port_operations palmld_port_ops = {
19035 .inherits = &ata_sff_port_ops,
19036 .sff_data_xfer = ata_sff_data_xfer_noirq,
19037 .cable_detect = ata_cable_40wire,
19038diff -urNp linux-2.6.32.8/drivers/ata/pata_pcmcia.c linux-2.6.32.8/drivers/ata/pata_pcmcia.c
19039--- linux-2.6.32.8/drivers/ata/pata_pcmcia.c 2010-02-09 07:57:19.000000000 -0500
19040+++ linux-2.6.32.8/drivers/ata/pata_pcmcia.c 2010-02-13 21:45:09.980545710 -0500
19041@@ -162,14 +162,14 @@ static struct scsi_host_template pcmcia_
19042 ATA_PIO_SHT(DRV_NAME),
19043 };
19044
19045-static struct ata_port_operations pcmcia_port_ops = {
19046+static const struct ata_port_operations pcmcia_port_ops = {
19047 .inherits = &ata_sff_port_ops,
19048 .sff_data_xfer = ata_sff_data_xfer_noirq,
19049 .cable_detect = ata_cable_40wire,
19050 .set_mode = pcmcia_set_mode,
19051 };
19052
19053-static struct ata_port_operations pcmcia_8bit_port_ops = {
19054+static const struct ata_port_operations pcmcia_8bit_port_ops = {
19055 .inherits = &ata_sff_port_ops,
19056 .sff_data_xfer = ata_data_xfer_8bit,
19057 .cable_detect = ata_cable_40wire,
19058@@ -256,7 +256,7 @@ static int pcmcia_init_one(struct pcmcia
19059 unsigned long io_base, ctl_base;
19060 void __iomem *io_addr, *ctl_addr;
19061 int n_ports = 1;
19062- struct ata_port_operations *ops = &pcmcia_port_ops;
19063+ const struct ata_port_operations *ops = &pcmcia_port_ops;
19064
19065 info = kzalloc(sizeof(*info), GFP_KERNEL);
19066 if (info == NULL)
19067diff -urNp linux-2.6.32.8/drivers/ata/pata_pdc2027x.c linux-2.6.32.8/drivers/ata/pata_pdc2027x.c
19068--- linux-2.6.32.8/drivers/ata/pata_pdc2027x.c 2010-02-09 07:57:19.000000000 -0500
19069+++ linux-2.6.32.8/drivers/ata/pata_pdc2027x.c 2010-02-13 21:45:09.981697006 -0500
19070@@ -132,14 +132,14 @@ static struct scsi_host_template pdc2027
19071 ATA_BMDMA_SHT(DRV_NAME),
19072 };
19073
19074-static struct ata_port_operations pdc2027x_pata100_ops = {
19075+static const struct ata_port_operations pdc2027x_pata100_ops = {
19076 .inherits = &ata_bmdma_port_ops,
19077 .check_atapi_dma = pdc2027x_check_atapi_dma,
19078 .cable_detect = pdc2027x_cable_detect,
19079 .prereset = pdc2027x_prereset,
19080 };
19081
19082-static struct ata_port_operations pdc2027x_pata133_ops = {
19083+static const struct ata_port_operations pdc2027x_pata133_ops = {
19084 .inherits = &pdc2027x_pata100_ops,
19085 .mode_filter = pdc2027x_mode_filter,
19086 .set_piomode = pdc2027x_set_piomode,
19087diff -urNp linux-2.6.32.8/drivers/ata/pata_pdc202xx_old.c linux-2.6.32.8/drivers/ata/pata_pdc202xx_old.c
19088--- linux-2.6.32.8/drivers/ata/pata_pdc202xx_old.c 2010-02-09 07:57:19.000000000 -0500
19089+++ linux-2.6.32.8/drivers/ata/pata_pdc202xx_old.c 2010-02-13 21:45:09.981697006 -0500
19090@@ -265,7 +265,7 @@ static struct scsi_host_template pdc202x
19091 ATA_BMDMA_SHT(DRV_NAME),
19092 };
19093
19094-static struct ata_port_operations pdc2024x_port_ops = {
19095+static const struct ata_port_operations pdc2024x_port_ops = {
19096 .inherits = &ata_bmdma_port_ops,
19097
19098 .cable_detect = ata_cable_40wire,
19099@@ -273,7 +273,7 @@ static struct ata_port_operations pdc202
19100 .set_dmamode = pdc202xx_set_dmamode,
19101 };
19102
19103-static struct ata_port_operations pdc2026x_port_ops = {
19104+static const struct ata_port_operations pdc2026x_port_ops = {
19105 .inherits = &pdc2024x_port_ops,
19106
19107 .check_atapi_dma = pdc2026x_check_atapi_dma,
19108diff -urNp linux-2.6.32.8/drivers/ata/pata_platform.c linux-2.6.32.8/drivers/ata/pata_platform.c
19109--- linux-2.6.32.8/drivers/ata/pata_platform.c 2010-02-09 07:57:19.000000000 -0500
19110+++ linux-2.6.32.8/drivers/ata/pata_platform.c 2010-02-13 21:45:09.981697006 -0500
19111@@ -48,7 +48,7 @@ static struct scsi_host_template pata_pl
19112 ATA_PIO_SHT(DRV_NAME),
19113 };
19114
19115-static struct ata_port_operations pata_platform_port_ops = {
19116+static const struct ata_port_operations pata_platform_port_ops = {
19117 .inherits = &ata_sff_port_ops,
19118 .sff_data_xfer = ata_sff_data_xfer_noirq,
19119 .cable_detect = ata_cable_unknown,
19120diff -urNp linux-2.6.32.8/drivers/ata/pata_qdi.c linux-2.6.32.8/drivers/ata/pata_qdi.c
19121--- linux-2.6.32.8/drivers/ata/pata_qdi.c 2010-02-09 07:57:19.000000000 -0500
19122+++ linux-2.6.32.8/drivers/ata/pata_qdi.c 2010-02-13 21:45:09.981697006 -0500
19123@@ -157,7 +157,7 @@ static struct scsi_host_template qdi_sht
19124 ATA_PIO_SHT(DRV_NAME),
19125 };
19126
19127-static struct ata_port_operations qdi6500_port_ops = {
19128+static const struct ata_port_operations qdi6500_port_ops = {
19129 .inherits = &ata_sff_port_ops,
19130 .qc_issue = qdi_qc_issue,
19131 .sff_data_xfer = qdi_data_xfer,
19132@@ -165,7 +165,7 @@ static struct ata_port_operations qdi650
19133 .set_piomode = qdi6500_set_piomode,
19134 };
19135
19136-static struct ata_port_operations qdi6580_port_ops = {
19137+static const struct ata_port_operations qdi6580_port_ops = {
19138 .inherits = &qdi6500_port_ops,
19139 .set_piomode = qdi6580_set_piomode,
19140 };
19141diff -urNp linux-2.6.32.8/drivers/ata/pata_radisys.c linux-2.6.32.8/drivers/ata/pata_radisys.c
19142--- linux-2.6.32.8/drivers/ata/pata_radisys.c 2010-02-09 07:57:19.000000000 -0500
19143+++ linux-2.6.32.8/drivers/ata/pata_radisys.c 2010-02-13 21:45:09.981697006 -0500
19144@@ -187,7 +187,7 @@ static struct scsi_host_template radisys
19145 ATA_BMDMA_SHT(DRV_NAME),
19146 };
19147
19148-static struct ata_port_operations radisys_pata_ops = {
19149+static const struct ata_port_operations radisys_pata_ops = {
19150 .inherits = &ata_bmdma_port_ops,
19151 .qc_issue = radisys_qc_issue,
19152 .cable_detect = ata_cable_unknown,
19153diff -urNp linux-2.6.32.8/drivers/ata/pata_rb532_cf.c linux-2.6.32.8/drivers/ata/pata_rb532_cf.c
19154--- linux-2.6.32.8/drivers/ata/pata_rb532_cf.c 2010-02-09 07:57:19.000000000 -0500
19155+++ linux-2.6.32.8/drivers/ata/pata_rb532_cf.c 2010-02-13 21:45:09.982529657 -0500
19156@@ -68,7 +68,7 @@ static irqreturn_t rb532_pata_irq_handle
19157 return IRQ_HANDLED;
19158 }
19159
19160-static struct ata_port_operations rb532_pata_port_ops = {
19161+static const struct ata_port_operations rb532_pata_port_ops = {
19162 .inherits = &ata_sff_port_ops,
19163 .sff_data_xfer = ata_sff_data_xfer32,
19164 };
19165diff -urNp linux-2.6.32.8/drivers/ata/pata_rdc.c linux-2.6.32.8/drivers/ata/pata_rdc.c
19166--- linux-2.6.32.8/drivers/ata/pata_rdc.c 2010-02-09 07:57:19.000000000 -0500
19167+++ linux-2.6.32.8/drivers/ata/pata_rdc.c 2010-02-13 21:45:09.982529657 -0500
19168@@ -272,7 +272,7 @@ static void rdc_set_dmamode(struct ata_p
19169 pci_write_config_byte(dev, 0x48, udma_enable);
19170 }
19171
19172-static struct ata_port_operations rdc_pata_ops = {
19173+static const struct ata_port_operations rdc_pata_ops = {
19174 .inherits = &ata_bmdma32_port_ops,
19175 .cable_detect = rdc_pata_cable_detect,
19176 .set_piomode = rdc_set_piomode,
19177diff -urNp linux-2.6.32.8/drivers/ata/pata_rz1000.c linux-2.6.32.8/drivers/ata/pata_rz1000.c
19178--- linux-2.6.32.8/drivers/ata/pata_rz1000.c 2010-02-09 07:57:19.000000000 -0500
19179+++ linux-2.6.32.8/drivers/ata/pata_rz1000.c 2010-02-13 21:45:09.982529657 -0500
19180@@ -54,7 +54,7 @@ static struct scsi_host_template rz1000_
19181 ATA_PIO_SHT(DRV_NAME),
19182 };
19183
19184-static struct ata_port_operations rz1000_port_ops = {
19185+static const struct ata_port_operations rz1000_port_ops = {
19186 .inherits = &ata_sff_port_ops,
19187 .cable_detect = ata_cable_40wire,
19188 .set_mode = rz1000_set_mode,
19189diff -urNp linux-2.6.32.8/drivers/ata/pata_sc1200.c linux-2.6.32.8/drivers/ata/pata_sc1200.c
19190--- linux-2.6.32.8/drivers/ata/pata_sc1200.c 2010-02-09 07:57:19.000000000 -0500
19191+++ linux-2.6.32.8/drivers/ata/pata_sc1200.c 2010-02-13 21:45:09.982529657 -0500
19192@@ -207,7 +207,7 @@ static struct scsi_host_template sc1200_
19193 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
19194 };
19195
19196-static struct ata_port_operations sc1200_port_ops = {
19197+static const struct ata_port_operations sc1200_port_ops = {
19198 .inherits = &ata_bmdma_port_ops,
19199 .qc_prep = ata_sff_dumb_qc_prep,
19200 .qc_issue = sc1200_qc_issue,
19201diff -urNp linux-2.6.32.8/drivers/ata/pata_scc.c linux-2.6.32.8/drivers/ata/pata_scc.c
19202--- linux-2.6.32.8/drivers/ata/pata_scc.c 2010-02-09 07:57:19.000000000 -0500
19203+++ linux-2.6.32.8/drivers/ata/pata_scc.c 2010-02-13 21:45:09.982529657 -0500
19204@@ -965,7 +965,7 @@ static struct scsi_host_template scc_sht
19205 ATA_BMDMA_SHT(DRV_NAME),
19206 };
19207
19208-static struct ata_port_operations scc_pata_ops = {
19209+static const struct ata_port_operations scc_pata_ops = {
19210 .inherits = &ata_bmdma_port_ops,
19211
19212 .set_piomode = scc_set_piomode,
19213diff -urNp linux-2.6.32.8/drivers/ata/pata_sch.c linux-2.6.32.8/drivers/ata/pata_sch.c
19214--- linux-2.6.32.8/drivers/ata/pata_sch.c 2010-02-09 07:57:19.000000000 -0500
19215+++ linux-2.6.32.8/drivers/ata/pata_sch.c 2010-02-13 21:45:09.982529657 -0500
19216@@ -75,7 +75,7 @@ static struct scsi_host_template sch_sht
19217 ATA_BMDMA_SHT(DRV_NAME),
19218 };
19219
19220-static struct ata_port_operations sch_pata_ops = {
19221+static const struct ata_port_operations sch_pata_ops = {
19222 .inherits = &ata_bmdma_port_ops,
19223 .cable_detect = ata_cable_unknown,
19224 .set_piomode = sch_set_piomode,
19225diff -urNp linux-2.6.32.8/drivers/ata/pata_serverworks.c linux-2.6.32.8/drivers/ata/pata_serverworks.c
19226--- linux-2.6.32.8/drivers/ata/pata_serverworks.c 2010-02-09 07:57:19.000000000 -0500
19227+++ linux-2.6.32.8/drivers/ata/pata_serverworks.c 2010-02-13 21:45:09.983718354 -0500
19228@@ -299,7 +299,7 @@ static struct scsi_host_template serverw
19229 ATA_BMDMA_SHT(DRV_NAME),
19230 };
19231
19232-static struct ata_port_operations serverworks_osb4_port_ops = {
19233+static const struct ata_port_operations serverworks_osb4_port_ops = {
19234 .inherits = &ata_bmdma_port_ops,
19235 .cable_detect = serverworks_cable_detect,
19236 .mode_filter = serverworks_osb4_filter,
19237@@ -307,7 +307,7 @@ static struct ata_port_operations server
19238 .set_dmamode = serverworks_set_dmamode,
19239 };
19240
19241-static struct ata_port_operations serverworks_csb_port_ops = {
19242+static const struct ata_port_operations serverworks_csb_port_ops = {
19243 .inherits = &serverworks_osb4_port_ops,
19244 .mode_filter = serverworks_csb_filter,
19245 };
19246diff -urNp linux-2.6.32.8/drivers/ata/pata_sil680.c linux-2.6.32.8/drivers/ata/pata_sil680.c
19247--- linux-2.6.32.8/drivers/ata/pata_sil680.c 2010-02-09 07:57:19.000000000 -0500
19248+++ linux-2.6.32.8/drivers/ata/pata_sil680.c 2010-02-13 21:45:09.983718354 -0500
19249@@ -194,7 +194,7 @@ static struct scsi_host_template sil680_
19250 ATA_BMDMA_SHT(DRV_NAME),
19251 };
19252
19253-static struct ata_port_operations sil680_port_ops = {
19254+static const struct ata_port_operations sil680_port_ops = {
19255 .inherits = &ata_bmdma32_port_ops,
19256 .cable_detect = sil680_cable_detect,
19257 .set_piomode = sil680_set_piomode,
19258diff -urNp linux-2.6.32.8/drivers/ata/pata_sis.c linux-2.6.32.8/drivers/ata/pata_sis.c
19259--- linux-2.6.32.8/drivers/ata/pata_sis.c 2010-02-09 07:57:19.000000000 -0500
19260+++ linux-2.6.32.8/drivers/ata/pata_sis.c 2010-02-13 21:45:09.983718354 -0500
19261@@ -503,47 +503,47 @@ static struct scsi_host_template sis_sht
19262 ATA_BMDMA_SHT(DRV_NAME),
19263 };
19264
19265-static struct ata_port_operations sis_133_for_sata_ops = {
19266+static const struct ata_port_operations sis_133_for_sata_ops = {
19267 .inherits = &ata_bmdma_port_ops,
19268 .set_piomode = sis_133_set_piomode,
19269 .set_dmamode = sis_133_set_dmamode,
19270 .cable_detect = sis_133_cable_detect,
19271 };
19272
19273-static struct ata_port_operations sis_base_ops = {
19274+static const struct ata_port_operations sis_base_ops = {
19275 .inherits = &ata_bmdma_port_ops,
19276 .prereset = sis_pre_reset,
19277 };
19278
19279-static struct ata_port_operations sis_133_ops = {
19280+static const struct ata_port_operations sis_133_ops = {
19281 .inherits = &sis_base_ops,
19282 .set_piomode = sis_133_set_piomode,
19283 .set_dmamode = sis_133_set_dmamode,
19284 .cable_detect = sis_133_cable_detect,
19285 };
19286
19287-static struct ata_port_operations sis_133_early_ops = {
19288+static const struct ata_port_operations sis_133_early_ops = {
19289 .inherits = &sis_base_ops,
19290 .set_piomode = sis_100_set_piomode,
19291 .set_dmamode = sis_133_early_set_dmamode,
19292 .cable_detect = sis_66_cable_detect,
19293 };
19294
19295-static struct ata_port_operations sis_100_ops = {
19296+static const struct ata_port_operations sis_100_ops = {
19297 .inherits = &sis_base_ops,
19298 .set_piomode = sis_100_set_piomode,
19299 .set_dmamode = sis_100_set_dmamode,
19300 .cable_detect = sis_66_cable_detect,
19301 };
19302
19303-static struct ata_port_operations sis_66_ops = {
19304+static const struct ata_port_operations sis_66_ops = {
19305 .inherits = &sis_base_ops,
19306 .set_piomode = sis_old_set_piomode,
19307 .set_dmamode = sis_66_set_dmamode,
19308 .cable_detect = sis_66_cable_detect,
19309 };
19310
19311-static struct ata_port_operations sis_old_ops = {
19312+static const struct ata_port_operations sis_old_ops = {
19313 .inherits = &sis_base_ops,
19314 .set_piomode = sis_old_set_piomode,
19315 .set_dmamode = sis_old_set_dmamode,
19316diff -urNp linux-2.6.32.8/drivers/ata/pata_sl82c105.c linux-2.6.32.8/drivers/ata/pata_sl82c105.c
19317--- linux-2.6.32.8/drivers/ata/pata_sl82c105.c 2010-02-09 07:57:19.000000000 -0500
19318+++ linux-2.6.32.8/drivers/ata/pata_sl82c105.c 2010-02-13 21:45:09.983718354 -0500
19319@@ -231,7 +231,7 @@ static struct scsi_host_template sl82c10
19320 ATA_BMDMA_SHT(DRV_NAME),
19321 };
19322
19323-static struct ata_port_operations sl82c105_port_ops = {
19324+static const struct ata_port_operations sl82c105_port_ops = {
19325 .inherits = &ata_bmdma_port_ops,
19326 .qc_defer = sl82c105_qc_defer,
19327 .bmdma_start = sl82c105_bmdma_start,
19328diff -urNp linux-2.6.32.8/drivers/ata/pata_triflex.c linux-2.6.32.8/drivers/ata/pata_triflex.c
19329--- linux-2.6.32.8/drivers/ata/pata_triflex.c 2010-02-09 07:57:19.000000000 -0500
19330+++ linux-2.6.32.8/drivers/ata/pata_triflex.c 2010-02-13 21:45:09.984613969 -0500
19331@@ -178,7 +178,7 @@ static struct scsi_host_template triflex
19332 ATA_BMDMA_SHT(DRV_NAME),
19333 };
19334
19335-static struct ata_port_operations triflex_port_ops = {
19336+static const struct ata_port_operations triflex_port_ops = {
19337 .inherits = &ata_bmdma_port_ops,
19338 .bmdma_start = triflex_bmdma_start,
19339 .bmdma_stop = triflex_bmdma_stop,
19340diff -urNp linux-2.6.32.8/drivers/ata/pata_via.c linux-2.6.32.8/drivers/ata/pata_via.c
19341--- linux-2.6.32.8/drivers/ata/pata_via.c 2010-02-09 07:57:19.000000000 -0500
19342+++ linux-2.6.32.8/drivers/ata/pata_via.c 2010-02-13 21:45:09.984613969 -0500
19343@@ -419,7 +419,7 @@ static struct scsi_host_template via_sht
19344 ATA_BMDMA_SHT(DRV_NAME),
19345 };
19346
19347-static struct ata_port_operations via_port_ops = {
19348+static const struct ata_port_operations via_port_ops = {
19349 .inherits = &ata_bmdma_port_ops,
19350 .cable_detect = via_cable_detect,
19351 .set_piomode = via_set_piomode,
19352@@ -429,7 +429,7 @@ static struct ata_port_operations via_po
19353 .port_start = via_port_start,
19354 };
19355
19356-static struct ata_port_operations via_port_ops_noirq = {
19357+static const struct ata_port_operations via_port_ops_noirq = {
19358 .inherits = &via_port_ops,
19359 .sff_data_xfer = ata_sff_data_xfer_noirq,
19360 };
19361diff -urNp linux-2.6.32.8/drivers/ata/pata_winbond.c linux-2.6.32.8/drivers/ata/pata_winbond.c
19362--- linux-2.6.32.8/drivers/ata/pata_winbond.c 2010-02-09 07:57:19.000000000 -0500
19363+++ linux-2.6.32.8/drivers/ata/pata_winbond.c 2010-02-13 21:45:09.984613969 -0500
19364@@ -125,7 +125,7 @@ static struct scsi_host_template winbond
19365 ATA_PIO_SHT(DRV_NAME),
19366 };
19367
19368-static struct ata_port_operations winbond_port_ops = {
19369+static const struct ata_port_operations winbond_port_ops = {
19370 .inherits = &ata_sff_port_ops,
19371 .sff_data_xfer = winbond_data_xfer,
19372 .cable_detect = ata_cable_40wire,
19373diff -urNp linux-2.6.32.8/drivers/ata/pdc_adma.c linux-2.6.32.8/drivers/ata/pdc_adma.c
19374--- linux-2.6.32.8/drivers/ata/pdc_adma.c 2010-02-09 07:57:19.000000000 -0500
19375+++ linux-2.6.32.8/drivers/ata/pdc_adma.c 2010-02-13 21:45:09.984613969 -0500
19376@@ -145,7 +145,7 @@ static struct scsi_host_template adma_at
19377 .dma_boundary = ADMA_DMA_BOUNDARY,
19378 };
19379
19380-static struct ata_port_operations adma_ata_ops = {
19381+static const struct ata_port_operations adma_ata_ops = {
19382 .inherits = &ata_sff_port_ops,
19383
19384 .lost_interrupt = ATA_OP_NULL,
19385diff -urNp linux-2.6.32.8/drivers/ata/sata_fsl.c linux-2.6.32.8/drivers/ata/sata_fsl.c
19386--- linux-2.6.32.8/drivers/ata/sata_fsl.c 2010-02-09 07:57:19.000000000 -0500
19387+++ linux-2.6.32.8/drivers/ata/sata_fsl.c 2010-02-13 21:45:09.984613969 -0500
19388@@ -1258,7 +1258,7 @@ static struct scsi_host_template sata_fs
19389 .dma_boundary = ATA_DMA_BOUNDARY,
19390 };
19391
19392-static struct ata_port_operations sata_fsl_ops = {
19393+static const struct ata_port_operations sata_fsl_ops = {
19394 .inherits = &sata_pmp_port_ops,
19395
19396 .qc_defer = ata_std_qc_defer,
19397diff -urNp linux-2.6.32.8/drivers/ata/sata_inic162x.c linux-2.6.32.8/drivers/ata/sata_inic162x.c
19398--- linux-2.6.32.8/drivers/ata/sata_inic162x.c 2010-02-09 07:57:19.000000000 -0500
19399+++ linux-2.6.32.8/drivers/ata/sata_inic162x.c 2010-02-13 21:45:09.984613969 -0500
19400@@ -721,7 +721,7 @@ static int inic_port_start(struct ata_po
19401 return 0;
19402 }
19403
19404-static struct ata_port_operations inic_port_ops = {
19405+static const struct ata_port_operations inic_port_ops = {
19406 .inherits = &sata_port_ops,
19407
19408 .check_atapi_dma = inic_check_atapi_dma,
19409diff -urNp linux-2.6.32.8/drivers/ata/sata_mv.c linux-2.6.32.8/drivers/ata/sata_mv.c
19410--- linux-2.6.32.8/drivers/ata/sata_mv.c 2010-02-09 07:57:19.000000000 -0500
19411+++ linux-2.6.32.8/drivers/ata/sata_mv.c 2010-02-13 21:45:09.985913173 -0500
19412@@ -656,7 +656,7 @@ static struct scsi_host_template mv6_sht
19413 .dma_boundary = MV_DMA_BOUNDARY,
19414 };
19415
19416-static struct ata_port_operations mv5_ops = {
19417+static const struct ata_port_operations mv5_ops = {
19418 .inherits = &ata_sff_port_ops,
19419
19420 .lost_interrupt = ATA_OP_NULL,
19421@@ -678,7 +678,7 @@ static struct ata_port_operations mv5_op
19422 .port_stop = mv_port_stop,
19423 };
19424
19425-static struct ata_port_operations mv6_ops = {
19426+static const struct ata_port_operations mv6_ops = {
19427 .inherits = &mv5_ops,
19428 .dev_config = mv6_dev_config,
19429 .scr_read = mv_scr_read,
19430@@ -698,7 +698,7 @@ static struct ata_port_operations mv6_op
19431 .bmdma_status = mv_bmdma_status,
19432 };
19433
19434-static struct ata_port_operations mv_iie_ops = {
19435+static const struct ata_port_operations mv_iie_ops = {
19436 .inherits = &mv6_ops,
19437 .dev_config = ATA_OP_NULL,
19438 .qc_prep = mv_qc_prep_iie,
19439diff -urNp linux-2.6.32.8/drivers/ata/sata_nv.c linux-2.6.32.8/drivers/ata/sata_nv.c
19440--- linux-2.6.32.8/drivers/ata/sata_nv.c 2010-02-09 07:57:19.000000000 -0500
19441+++ linux-2.6.32.8/drivers/ata/sata_nv.c 2010-02-13 21:45:09.986912953 -0500
19442@@ -464,7 +464,7 @@ static struct scsi_host_template nv_swnc
19443 * cases. Define nv_hardreset() which only kicks in for post-boot
19444 * probing and use it for all variants.
19445 */
19446-static struct ata_port_operations nv_generic_ops = {
19447+static const struct ata_port_operations nv_generic_ops = {
19448 .inherits = &ata_bmdma_port_ops,
19449 .lost_interrupt = ATA_OP_NULL,
19450 .scr_read = nv_scr_read,
19451@@ -472,20 +472,20 @@ static struct ata_port_operations nv_gen
19452 .hardreset = nv_hardreset,
19453 };
19454
19455-static struct ata_port_operations nv_nf2_ops = {
19456+static const struct ata_port_operations nv_nf2_ops = {
19457 .inherits = &nv_generic_ops,
19458 .freeze = nv_nf2_freeze,
19459 .thaw = nv_nf2_thaw,
19460 };
19461
19462-static struct ata_port_operations nv_ck804_ops = {
19463+static const struct ata_port_operations nv_ck804_ops = {
19464 .inherits = &nv_generic_ops,
19465 .freeze = nv_ck804_freeze,
19466 .thaw = nv_ck804_thaw,
19467 .host_stop = nv_ck804_host_stop,
19468 };
19469
19470-static struct ata_port_operations nv_adma_ops = {
19471+static const struct ata_port_operations nv_adma_ops = {
19472 .inherits = &nv_ck804_ops,
19473
19474 .check_atapi_dma = nv_adma_check_atapi_dma,
19475@@ -509,7 +509,7 @@ static struct ata_port_operations nv_adm
19476 .host_stop = nv_adma_host_stop,
19477 };
19478
19479-static struct ata_port_operations nv_swncq_ops = {
19480+static const struct ata_port_operations nv_swncq_ops = {
19481 .inherits = &nv_generic_ops,
19482
19483 .qc_defer = ata_std_qc_defer,
19484diff -urNp linux-2.6.32.8/drivers/ata/sata_promise.c linux-2.6.32.8/drivers/ata/sata_promise.c
19485--- linux-2.6.32.8/drivers/ata/sata_promise.c 2010-02-09 07:57:19.000000000 -0500
19486+++ linux-2.6.32.8/drivers/ata/sata_promise.c 2010-02-13 21:45:09.987528022 -0500
19487@@ -195,7 +195,7 @@ static const struct ata_port_operations
19488 .error_handler = pdc_error_handler,
19489 };
19490
19491-static struct ata_port_operations pdc_sata_ops = {
19492+static const struct ata_port_operations pdc_sata_ops = {
19493 .inherits = &pdc_common_ops,
19494 .cable_detect = pdc_sata_cable_detect,
19495 .freeze = pdc_sata_freeze,
19496@@ -208,14 +208,14 @@ static struct ata_port_operations pdc_sa
19497
19498 /* First-generation chips need a more restrictive ->check_atapi_dma op,
19499 and ->freeze/thaw that ignore the hotplug controls. */
19500-static struct ata_port_operations pdc_old_sata_ops = {
19501+static const struct ata_port_operations pdc_old_sata_ops = {
19502 .inherits = &pdc_sata_ops,
19503 .freeze = pdc_freeze,
19504 .thaw = pdc_thaw,
19505 .check_atapi_dma = pdc_old_sata_check_atapi_dma,
19506 };
19507
19508-static struct ata_port_operations pdc_pata_ops = {
19509+static const struct ata_port_operations pdc_pata_ops = {
19510 .inherits = &pdc_common_ops,
19511 .cable_detect = pdc_pata_cable_detect,
19512 .freeze = pdc_freeze,
19513diff -urNp linux-2.6.32.8/drivers/ata/sata_qstor.c linux-2.6.32.8/drivers/ata/sata_qstor.c
19514--- linux-2.6.32.8/drivers/ata/sata_qstor.c 2010-02-09 07:57:19.000000000 -0500
19515+++ linux-2.6.32.8/drivers/ata/sata_qstor.c 2010-02-13 21:45:09.987528022 -0500
19516@@ -132,7 +132,7 @@ static struct scsi_host_template qs_ata_
19517 .dma_boundary = QS_DMA_BOUNDARY,
19518 };
19519
19520-static struct ata_port_operations qs_ata_ops = {
19521+static const struct ata_port_operations qs_ata_ops = {
19522 .inherits = &ata_sff_port_ops,
19523
19524 .check_atapi_dma = qs_check_atapi_dma,
19525diff -urNp linux-2.6.32.8/drivers/ata/sata_sil24.c linux-2.6.32.8/drivers/ata/sata_sil24.c
19526--- linux-2.6.32.8/drivers/ata/sata_sil24.c 2010-02-09 07:57:19.000000000 -0500
19527+++ linux-2.6.32.8/drivers/ata/sata_sil24.c 2010-02-13 21:45:09.987528022 -0500
19528@@ -388,7 +388,7 @@ static struct scsi_host_template sil24_s
19529 .dma_boundary = ATA_DMA_BOUNDARY,
19530 };
19531
19532-static struct ata_port_operations sil24_ops = {
19533+static const struct ata_port_operations sil24_ops = {
19534 .inherits = &sata_pmp_port_ops,
19535
19536 .qc_defer = sil24_qc_defer,
19537diff -urNp linux-2.6.32.8/drivers/ata/sata_sil.c linux-2.6.32.8/drivers/ata/sata_sil.c
19538--- linux-2.6.32.8/drivers/ata/sata_sil.c 2010-02-09 07:57:19.000000000 -0500
19539+++ linux-2.6.32.8/drivers/ata/sata_sil.c 2010-02-13 21:45:09.987528022 -0500
19540@@ -182,7 +182,7 @@ static struct scsi_host_template sil_sht
19541 .sg_tablesize = ATA_MAX_PRD
19542 };
19543
19544-static struct ata_port_operations sil_ops = {
19545+static const struct ata_port_operations sil_ops = {
19546 .inherits = &ata_bmdma32_port_ops,
19547 .dev_config = sil_dev_config,
19548 .set_mode = sil_set_mode,
19549diff -urNp linux-2.6.32.8/drivers/ata/sata_sis.c linux-2.6.32.8/drivers/ata/sata_sis.c
19550--- linux-2.6.32.8/drivers/ata/sata_sis.c 2010-02-09 07:57:19.000000000 -0500
19551+++ linux-2.6.32.8/drivers/ata/sata_sis.c 2010-02-13 21:45:09.988599653 -0500
19552@@ -89,7 +89,7 @@ static struct scsi_host_template sis_sht
19553 ATA_BMDMA_SHT(DRV_NAME),
19554 };
19555
19556-static struct ata_port_operations sis_ops = {
19557+static const struct ata_port_operations sis_ops = {
19558 .inherits = &ata_bmdma_port_ops,
19559 .scr_read = sis_scr_read,
19560 .scr_write = sis_scr_write,
19561diff -urNp linux-2.6.32.8/drivers/ata/sata_svw.c linux-2.6.32.8/drivers/ata/sata_svw.c
19562--- linux-2.6.32.8/drivers/ata/sata_svw.c 2010-02-09 07:57:19.000000000 -0500
19563+++ linux-2.6.32.8/drivers/ata/sata_svw.c 2010-02-13 21:45:09.988599653 -0500
19564@@ -344,7 +344,7 @@ static struct scsi_host_template k2_sata
19565 };
19566
19567
19568-static struct ata_port_operations k2_sata_ops = {
19569+static const struct ata_port_operations k2_sata_ops = {
19570 .inherits = &ata_bmdma_port_ops,
19571 .sff_tf_load = k2_sata_tf_load,
19572 .sff_tf_read = k2_sata_tf_read,
19573diff -urNp linux-2.6.32.8/drivers/ata/sata_sx4.c linux-2.6.32.8/drivers/ata/sata_sx4.c
19574--- linux-2.6.32.8/drivers/ata/sata_sx4.c 2010-02-09 07:57:19.000000000 -0500
19575+++ linux-2.6.32.8/drivers/ata/sata_sx4.c 2010-02-13 21:45:09.988599653 -0500
19576@@ -248,7 +248,7 @@ static struct scsi_host_template pdc_sat
19577 };
19578
19579 /* TODO: inherit from base port_ops after converting to new EH */
19580-static struct ata_port_operations pdc_20621_ops = {
19581+static const struct ata_port_operations pdc_20621_ops = {
19582 .inherits = &ata_sff_port_ops,
19583
19584 .check_atapi_dma = pdc_check_atapi_dma,
19585diff -urNp linux-2.6.32.8/drivers/ata/sata_uli.c linux-2.6.32.8/drivers/ata/sata_uli.c
19586--- linux-2.6.32.8/drivers/ata/sata_uli.c 2010-02-09 07:57:19.000000000 -0500
19587+++ linux-2.6.32.8/drivers/ata/sata_uli.c 2010-02-13 21:45:09.988599653 -0500
19588@@ -79,7 +79,7 @@ static struct scsi_host_template uli_sht
19589 ATA_BMDMA_SHT(DRV_NAME),
19590 };
19591
19592-static struct ata_port_operations uli_ops = {
19593+static const struct ata_port_operations uli_ops = {
19594 .inherits = &ata_bmdma_port_ops,
19595 .scr_read = uli_scr_read,
19596 .scr_write = uli_scr_write,
19597diff -urNp linux-2.6.32.8/drivers/ata/sata_via.c linux-2.6.32.8/drivers/ata/sata_via.c
19598--- linux-2.6.32.8/drivers/ata/sata_via.c 2010-02-09 07:57:19.000000000 -0500
19599+++ linux-2.6.32.8/drivers/ata/sata_via.c 2010-02-13 21:45:09.988599653 -0500
19600@@ -112,31 +112,31 @@ static struct scsi_host_template svia_sh
19601 ATA_BMDMA_SHT(DRV_NAME),
19602 };
19603
19604-static struct ata_port_operations svia_base_ops = {
19605+static const struct ata_port_operations svia_base_ops = {
19606 .inherits = &ata_bmdma_port_ops,
19607 .sff_tf_load = svia_tf_load,
19608 };
19609
19610-static struct ata_port_operations vt6420_sata_ops = {
19611+static const struct ata_port_operations vt6420_sata_ops = {
19612 .inherits = &svia_base_ops,
19613 .freeze = svia_noop_freeze,
19614 .prereset = vt6420_prereset,
19615 };
19616
19617-static struct ata_port_operations vt6421_pata_ops = {
19618+static const struct ata_port_operations vt6421_pata_ops = {
19619 .inherits = &svia_base_ops,
19620 .cable_detect = vt6421_pata_cable_detect,
19621 .set_piomode = vt6421_set_pio_mode,
19622 .set_dmamode = vt6421_set_dma_mode,
19623 };
19624
19625-static struct ata_port_operations vt6421_sata_ops = {
19626+static const struct ata_port_operations vt6421_sata_ops = {
19627 .inherits = &svia_base_ops,
19628 .scr_read = svia_scr_read,
19629 .scr_write = svia_scr_write,
19630 };
19631
19632-static struct ata_port_operations vt8251_ops = {
19633+static const struct ata_port_operations vt8251_ops = {
19634 .inherits = &svia_base_ops,
19635 .hardreset = sata_std_hardreset,
19636 .scr_read = vt8251_scr_read,
19637diff -urNp linux-2.6.32.8/drivers/ata/sata_vsc.c linux-2.6.32.8/drivers/ata/sata_vsc.c
19638--- linux-2.6.32.8/drivers/ata/sata_vsc.c 2010-02-09 07:57:19.000000000 -0500
19639+++ linux-2.6.32.8/drivers/ata/sata_vsc.c 2010-02-13 21:45:09.989745888 -0500
19640@@ -306,7 +306,7 @@ static struct scsi_host_template vsc_sat
19641 };
19642
19643
19644-static struct ata_port_operations vsc_sata_ops = {
19645+static const struct ata_port_operations vsc_sata_ops = {
19646 .inherits = &ata_bmdma_port_ops,
19647 /* The IRQ handling is not quite standard SFF behaviour so we
19648 cannot use the default lost interrupt handler */
19649diff -urNp linux-2.6.32.8/drivers/atm/adummy.c linux-2.6.32.8/drivers/atm/adummy.c
19650--- linux-2.6.32.8/drivers/atm/adummy.c 2010-02-09 07:57:19.000000000 -0500
19651+++ linux-2.6.32.8/drivers/atm/adummy.c 2010-02-13 21:45:09.989745888 -0500
19652@@ -77,7 +77,7 @@ adummy_send(struct atm_vcc *vcc, struct
19653 vcc->pop(vcc, skb);
19654 else
19655 dev_kfree_skb_any(skb);
19656- atomic_inc(&vcc->stats->tx);
19657+ atomic_inc_unchecked(&vcc->stats->tx);
19658
19659 return 0;
19660 }
19661diff -urNp linux-2.6.32.8/drivers/atm/ambassador.c linux-2.6.32.8/drivers/atm/ambassador.c
19662--- linux-2.6.32.8/drivers/atm/ambassador.c 2010-02-09 07:57:19.000000000 -0500
19663+++ linux-2.6.32.8/drivers/atm/ambassador.c 2010-02-13 21:45:09.989745888 -0500
19664@@ -453,7 +453,7 @@ static void tx_complete (amb_dev * dev,
19665 PRINTD (DBG_FLOW|DBG_TX, "tx_complete %p %p", dev, tx);
19666
19667 // VC layer stats
19668- atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
19669+ atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
19670
19671 // free the descriptor
19672 kfree (tx_descr);
19673@@ -494,7 +494,7 @@ static void rx_complete (amb_dev * dev,
19674 dump_skb ("<<<", vc, skb);
19675
19676 // VC layer stats
19677- atomic_inc(&atm_vcc->stats->rx);
19678+ atomic_inc_unchecked(&atm_vcc->stats->rx);
19679 __net_timestamp(skb);
19680 // end of our responsability
19681 atm_vcc->push (atm_vcc, skb);
19682@@ -509,7 +509,7 @@ static void rx_complete (amb_dev * dev,
19683 } else {
19684 PRINTK (KERN_INFO, "dropped over-size frame");
19685 // should we count this?
19686- atomic_inc(&atm_vcc->stats->rx_drop);
19687+ atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
19688 }
19689
19690 } else {
19691@@ -1341,7 +1341,7 @@ static int amb_send (struct atm_vcc * at
19692 }
19693
19694 if (check_area (skb->data, skb->len)) {
19695- atomic_inc(&atm_vcc->stats->tx_err);
19696+ atomic_inc_unchecked(&atm_vcc->stats->tx_err);
19697 return -ENOMEM; // ?
19698 }
19699
19700diff -urNp linux-2.6.32.8/drivers/atm/atmtcp.c linux-2.6.32.8/drivers/atm/atmtcp.c
19701--- linux-2.6.32.8/drivers/atm/atmtcp.c 2010-02-09 07:57:19.000000000 -0500
19702+++ linux-2.6.32.8/drivers/atm/atmtcp.c 2010-02-13 21:45:09.989745888 -0500
19703@@ -206,7 +206,7 @@ static int atmtcp_v_send(struct atm_vcc
19704 if (vcc->pop) vcc->pop(vcc,skb);
19705 else dev_kfree_skb(skb);
19706 if (dev_data) return 0;
19707- atomic_inc(&vcc->stats->tx_err);
19708+ atomic_inc_unchecked(&vcc->stats->tx_err);
19709 return -ENOLINK;
19710 }
19711 size = skb->len+sizeof(struct atmtcp_hdr);
19712@@ -214,7 +214,7 @@ static int atmtcp_v_send(struct atm_vcc
19713 if (!new_skb) {
19714 if (vcc->pop) vcc->pop(vcc,skb);
19715 else dev_kfree_skb(skb);
19716- atomic_inc(&vcc->stats->tx_err);
19717+ atomic_inc_unchecked(&vcc->stats->tx_err);
19718 return -ENOBUFS;
19719 }
19720 hdr = (void *) skb_put(new_skb,sizeof(struct atmtcp_hdr));
19721@@ -225,8 +225,8 @@ static int atmtcp_v_send(struct atm_vcc
19722 if (vcc->pop) vcc->pop(vcc,skb);
19723 else dev_kfree_skb(skb);
19724 out_vcc->push(out_vcc,new_skb);
19725- atomic_inc(&vcc->stats->tx);
19726- atomic_inc(&out_vcc->stats->rx);
19727+ atomic_inc_unchecked(&vcc->stats->tx);
19728+ atomic_inc_unchecked(&out_vcc->stats->rx);
19729 return 0;
19730 }
19731
19732@@ -300,7 +300,7 @@ static int atmtcp_c_send(struct atm_vcc
19733 out_vcc = find_vcc(dev, ntohs(hdr->vpi), ntohs(hdr->vci));
19734 read_unlock(&vcc_sklist_lock);
19735 if (!out_vcc) {
19736- atomic_inc(&vcc->stats->tx_err);
19737+ atomic_inc_unchecked(&vcc->stats->tx_err);
19738 goto done;
19739 }
19740 skb_pull(skb,sizeof(struct atmtcp_hdr));
19741@@ -312,8 +312,8 @@ static int atmtcp_c_send(struct atm_vcc
19742 __net_timestamp(new_skb);
19743 skb_copy_from_linear_data(skb, skb_put(new_skb, skb->len), skb->len);
19744 out_vcc->push(out_vcc,new_skb);
19745- atomic_inc(&vcc->stats->tx);
19746- atomic_inc(&out_vcc->stats->rx);
19747+ atomic_inc_unchecked(&vcc->stats->tx);
19748+ atomic_inc_unchecked(&out_vcc->stats->rx);
19749 done:
19750 if (vcc->pop) vcc->pop(vcc,skb);
19751 else dev_kfree_skb(skb);
19752diff -urNp linux-2.6.32.8/drivers/atm/eni.c linux-2.6.32.8/drivers/atm/eni.c
19753--- linux-2.6.32.8/drivers/atm/eni.c 2010-02-09 07:57:19.000000000 -0500
19754+++ linux-2.6.32.8/drivers/atm/eni.c 2010-02-13 21:45:09.990789947 -0500
19755@@ -525,7 +525,7 @@ static int rx_aal0(struct atm_vcc *vcc)
19756 DPRINTK(DEV_LABEL "(itf %d): trashing empty cell\n",
19757 vcc->dev->number);
19758 length = 0;
19759- atomic_inc(&vcc->stats->rx_err);
19760+ atomic_inc_unchecked(&vcc->stats->rx_err);
19761 }
19762 else {
19763 length = ATM_CELL_SIZE-1; /* no HEC */
19764@@ -580,7 +580,7 @@ static int rx_aal5(struct atm_vcc *vcc)
19765 size);
19766 }
19767 eff = length = 0;
19768- atomic_inc(&vcc->stats->rx_err);
19769+ atomic_inc_unchecked(&vcc->stats->rx_err);
19770 }
19771 else {
19772 size = (descr & MID_RED_COUNT)*(ATM_CELL_PAYLOAD >> 2);
19773@@ -597,7 +597,7 @@ static int rx_aal5(struct atm_vcc *vcc)
19774 "(VCI=%d,length=%ld,size=%ld (descr 0x%lx))\n",
19775 vcc->dev->number,vcc->vci,length,size << 2,descr);
19776 length = eff = 0;
19777- atomic_inc(&vcc->stats->rx_err);
19778+ atomic_inc_unchecked(&vcc->stats->rx_err);
19779 }
19780 }
19781 skb = eff ? atm_alloc_charge(vcc,eff << 2,GFP_ATOMIC) : NULL;
19782@@ -770,7 +770,7 @@ rx_dequeued++;
19783 vcc->push(vcc,skb);
19784 pushed++;
19785 }
19786- atomic_inc(&vcc->stats->rx);
19787+ atomic_inc_unchecked(&vcc->stats->rx);
19788 }
19789 wake_up(&eni_dev->rx_wait);
19790 }
19791@@ -1227,7 +1227,7 @@ static void dequeue_tx(struct atm_dev *d
19792 PCI_DMA_TODEVICE);
19793 if (vcc->pop) vcc->pop(vcc,skb);
19794 else dev_kfree_skb_irq(skb);
19795- atomic_inc(&vcc->stats->tx);
19796+ atomic_inc_unchecked(&vcc->stats->tx);
19797 wake_up(&eni_dev->tx_wait);
19798 dma_complete++;
19799 }
19800diff -urNp linux-2.6.32.8/drivers/atm/firestream.c linux-2.6.32.8/drivers/atm/firestream.c
19801--- linux-2.6.32.8/drivers/atm/firestream.c 2010-02-09 07:57:19.000000000 -0500
19802+++ linux-2.6.32.8/drivers/atm/firestream.c 2010-02-13 21:45:09.990789947 -0500
19803@@ -748,7 +748,7 @@ static void process_txdone_queue (struct
19804 }
19805 }
19806
19807- atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
19808+ atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
19809
19810 fs_dprintk (FS_DEBUG_TXMEM, "i");
19811 fs_dprintk (FS_DEBUG_ALLOC, "Free t-skb: %p\n", skb);
19812@@ -815,7 +815,7 @@ static void process_incoming (struct fs_
19813 #endif
19814 skb_put (skb, qe->p1 & 0xffff);
19815 ATM_SKB(skb)->vcc = atm_vcc;
19816- atomic_inc(&atm_vcc->stats->rx);
19817+ atomic_inc_unchecked(&atm_vcc->stats->rx);
19818 __net_timestamp(skb);
19819 fs_dprintk (FS_DEBUG_ALLOC, "Free rec-skb: %p (pushed)\n", skb);
19820 atm_vcc->push (atm_vcc, skb);
19821@@ -836,12 +836,12 @@ static void process_incoming (struct fs_
19822 kfree (pe);
19823 }
19824 if (atm_vcc)
19825- atomic_inc(&atm_vcc->stats->rx_drop);
19826+ atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
19827 break;
19828 case 0x1f: /* Reassembly abort: no buffers. */
19829 /* Silently increment error counter. */
19830 if (atm_vcc)
19831- atomic_inc(&atm_vcc->stats->rx_drop);
19832+ atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
19833 break;
19834 default: /* Hmm. Haven't written the code to handle the others yet... -- REW */
19835 printk (KERN_WARNING "Don't know what to do with RX status %x: %s.\n",
19836diff -urNp linux-2.6.32.8/drivers/atm/fore200e.c linux-2.6.32.8/drivers/atm/fore200e.c
19837--- linux-2.6.32.8/drivers/atm/fore200e.c 2010-02-09 07:57:19.000000000 -0500
19838+++ linux-2.6.32.8/drivers/atm/fore200e.c 2010-02-13 21:45:09.991878639 -0500
19839@@ -931,9 +931,9 @@ fore200e_tx_irq(struct fore200e* fore200
19840 #endif
19841 /* check error condition */
19842 if (*entry->status & STATUS_ERROR)
19843- atomic_inc(&vcc->stats->tx_err);
19844+ atomic_inc_unchecked(&vcc->stats->tx_err);
19845 else
19846- atomic_inc(&vcc->stats->tx);
19847+ atomic_inc_unchecked(&vcc->stats->tx);
19848 }
19849 }
19850
19851@@ -1082,7 +1082,7 @@ fore200e_push_rpd(struct fore200e* fore2
19852 if (skb == NULL) {
19853 DPRINTK(2, "unable to alloc new skb, rx PDU length = %d\n", pdu_len);
19854
19855- atomic_inc(&vcc->stats->rx_drop);
19856+ atomic_inc_unchecked(&vcc->stats->rx_drop);
19857 return -ENOMEM;
19858 }
19859
19860@@ -1125,14 +1125,14 @@ fore200e_push_rpd(struct fore200e* fore2
19861
19862 dev_kfree_skb_any(skb);
19863
19864- atomic_inc(&vcc->stats->rx_drop);
19865+ atomic_inc_unchecked(&vcc->stats->rx_drop);
19866 return -ENOMEM;
19867 }
19868
19869 ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0);
19870
19871 vcc->push(vcc, skb);
19872- atomic_inc(&vcc->stats->rx);
19873+ atomic_inc_unchecked(&vcc->stats->rx);
19874
19875 ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0);
19876
19877@@ -1210,7 +1210,7 @@ fore200e_rx_irq(struct fore200e* fore200
19878 DPRINTK(2, "damaged PDU on %d.%d.%d\n",
19879 fore200e->atm_dev->number,
19880 entry->rpd->atm_header.vpi, entry->rpd->atm_header.vci);
19881- atomic_inc(&vcc->stats->rx_err);
19882+ atomic_inc_unchecked(&vcc->stats->rx_err);
19883 }
19884 }
19885
19886@@ -1655,7 +1655,7 @@ fore200e_send(struct atm_vcc *vcc, struc
19887 goto retry_here;
19888 }
19889
19890- atomic_inc(&vcc->stats->tx_err);
19891+ atomic_inc_unchecked(&vcc->stats->tx_err);
19892
19893 fore200e->tx_sat++;
19894 DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n",
19895diff -urNp linux-2.6.32.8/drivers/atm/he.c linux-2.6.32.8/drivers/atm/he.c
19896--- linux-2.6.32.8/drivers/atm/he.c 2010-02-09 07:57:19.000000000 -0500
19897+++ linux-2.6.32.8/drivers/atm/he.c 2010-02-13 21:45:09.992913799 -0500
19898@@ -1769,7 +1769,7 @@ he_service_rbrq(struct he_dev *he_dev, i
19899
19900 if (RBRQ_HBUF_ERR(he_dev->rbrq_head)) {
19901 hprintk("HBUF_ERR! (cid 0x%x)\n", cid);
19902- atomic_inc(&vcc->stats->rx_drop);
19903+ atomic_inc_unchecked(&vcc->stats->rx_drop);
19904 goto return_host_buffers;
19905 }
19906
19907@@ -1802,7 +1802,7 @@ he_service_rbrq(struct he_dev *he_dev, i
19908 RBRQ_LEN_ERR(he_dev->rbrq_head)
19909 ? "LEN_ERR" : "",
19910 vcc->vpi, vcc->vci);
19911- atomic_inc(&vcc->stats->rx_err);
19912+ atomic_inc_unchecked(&vcc->stats->rx_err);
19913 goto return_host_buffers;
19914 }
19915
19916@@ -1861,7 +1861,7 @@ he_service_rbrq(struct he_dev *he_dev, i
19917 vcc->push(vcc, skb);
19918 spin_lock(&he_dev->global_lock);
19919
19920- atomic_inc(&vcc->stats->rx);
19921+ atomic_inc_unchecked(&vcc->stats->rx);
19922
19923 return_host_buffers:
19924 ++pdus_assembled;
19925@@ -2206,7 +2206,7 @@ __enqueue_tpd(struct he_dev *he_dev, str
19926 tpd->vcc->pop(tpd->vcc, tpd->skb);
19927 else
19928 dev_kfree_skb_any(tpd->skb);
19929- atomic_inc(&tpd->vcc->stats->tx_err);
19930+ atomic_inc_unchecked(&tpd->vcc->stats->tx_err);
19931 }
19932 pci_pool_free(he_dev->tpd_pool, tpd, TPD_ADDR(tpd->status));
19933 return;
19934@@ -2618,7 +2618,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
19935 vcc->pop(vcc, skb);
19936 else
19937 dev_kfree_skb_any(skb);
19938- atomic_inc(&vcc->stats->tx_err);
19939+ atomic_inc_unchecked(&vcc->stats->tx_err);
19940 return -EINVAL;
19941 }
19942
19943@@ -2629,7 +2629,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
19944 vcc->pop(vcc, skb);
19945 else
19946 dev_kfree_skb_any(skb);
19947- atomic_inc(&vcc->stats->tx_err);
19948+ atomic_inc_unchecked(&vcc->stats->tx_err);
19949 return -EINVAL;
19950 }
19951 #endif
19952@@ -2641,7 +2641,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
19953 vcc->pop(vcc, skb);
19954 else
19955 dev_kfree_skb_any(skb);
19956- atomic_inc(&vcc->stats->tx_err);
19957+ atomic_inc_unchecked(&vcc->stats->tx_err);
19958 spin_unlock_irqrestore(&he_dev->global_lock, flags);
19959 return -ENOMEM;
19960 }
19961@@ -2683,7 +2683,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
19962 vcc->pop(vcc, skb);
19963 else
19964 dev_kfree_skb_any(skb);
19965- atomic_inc(&vcc->stats->tx_err);
19966+ atomic_inc_unchecked(&vcc->stats->tx_err);
19967 spin_unlock_irqrestore(&he_dev->global_lock, flags);
19968 return -ENOMEM;
19969 }
19970@@ -2714,7 +2714,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
19971 __enqueue_tpd(he_dev, tpd, cid);
19972 spin_unlock_irqrestore(&he_dev->global_lock, flags);
19973
19974- atomic_inc(&vcc->stats->tx);
19975+ atomic_inc_unchecked(&vcc->stats->tx);
19976
19977 return 0;
19978 }
19979diff -urNp linux-2.6.32.8/drivers/atm/horizon.c linux-2.6.32.8/drivers/atm/horizon.c
19980--- linux-2.6.32.8/drivers/atm/horizon.c 2010-02-09 07:57:19.000000000 -0500
19981+++ linux-2.6.32.8/drivers/atm/horizon.c 2010-02-13 21:45:09.992913799 -0500
19982@@ -1033,7 +1033,7 @@ static void rx_schedule (hrz_dev * dev,
19983 {
19984 struct atm_vcc * vcc = ATM_SKB(skb)->vcc;
19985 // VC layer stats
19986- atomic_inc(&vcc->stats->rx);
19987+ atomic_inc_unchecked(&vcc->stats->rx);
19988 __net_timestamp(skb);
19989 // end of our responsability
19990 vcc->push (vcc, skb);
19991@@ -1185,7 +1185,7 @@ static void tx_schedule (hrz_dev * const
19992 dev->tx_iovec = NULL;
19993
19994 // VC layer stats
19995- atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
19996+ atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
19997
19998 // free the skb
19999 hrz_kfree_skb (skb);
20000diff -urNp linux-2.6.32.8/drivers/atm/idt77252.c linux-2.6.32.8/drivers/atm/idt77252.c
20001--- linux-2.6.32.8/drivers/atm/idt77252.c 2010-02-09 07:57:19.000000000 -0500
20002+++ linux-2.6.32.8/drivers/atm/idt77252.c 2010-02-13 21:45:09.993916768 -0500
20003@@ -810,7 +810,7 @@ drain_scq(struct idt77252_dev *card, str
20004 else
20005 dev_kfree_skb(skb);
20006
20007- atomic_inc(&vcc->stats->tx);
20008+ atomic_inc_unchecked(&vcc->stats->tx);
20009 }
20010
20011 atomic_dec(&scq->used);
20012@@ -1073,13 +1073,13 @@ dequeue_rx(struct idt77252_dev *card, st
20013 if ((sb = dev_alloc_skb(64)) == NULL) {
20014 printk("%s: Can't allocate buffers for aal0.\n",
20015 card->name);
20016- atomic_add(i, &vcc->stats->rx_drop);
20017+ atomic_add_unchecked(i, &vcc->stats->rx_drop);
20018 break;
20019 }
20020 if (!atm_charge(vcc, sb->truesize)) {
20021 RXPRINTK("%s: atm_charge() dropped aal0 packets.\n",
20022 card->name);
20023- atomic_add(i - 1, &vcc->stats->rx_drop);
20024+ atomic_add_unchecked(i - 1, &vcc->stats->rx_drop);
20025 dev_kfree_skb(sb);
20026 break;
20027 }
20028@@ -1096,7 +1096,7 @@ dequeue_rx(struct idt77252_dev *card, st
20029 ATM_SKB(sb)->vcc = vcc;
20030 __net_timestamp(sb);
20031 vcc->push(vcc, sb);
20032- atomic_inc(&vcc->stats->rx);
20033+ atomic_inc_unchecked(&vcc->stats->rx);
20034
20035 cell += ATM_CELL_PAYLOAD;
20036 }
20037@@ -1133,13 +1133,13 @@ dequeue_rx(struct idt77252_dev *card, st
20038 "(CDC: %08x)\n",
20039 card->name, len, rpp->len, readl(SAR_REG_CDC));
20040 recycle_rx_pool_skb(card, rpp);
20041- atomic_inc(&vcc->stats->rx_err);
20042+ atomic_inc_unchecked(&vcc->stats->rx_err);
20043 return;
20044 }
20045 if (stat & SAR_RSQE_CRC) {
20046 RXPRINTK("%s: AAL5 CRC error.\n", card->name);
20047 recycle_rx_pool_skb(card, rpp);
20048- atomic_inc(&vcc->stats->rx_err);
20049+ atomic_inc_unchecked(&vcc->stats->rx_err);
20050 return;
20051 }
20052 if (skb_queue_len(&rpp->queue) > 1) {
20053@@ -1150,7 +1150,7 @@ dequeue_rx(struct idt77252_dev *card, st
20054 RXPRINTK("%s: Can't alloc RX skb.\n",
20055 card->name);
20056 recycle_rx_pool_skb(card, rpp);
20057- atomic_inc(&vcc->stats->rx_err);
20058+ atomic_inc_unchecked(&vcc->stats->rx_err);
20059 return;
20060 }
20061 if (!atm_charge(vcc, skb->truesize)) {
20062@@ -1169,7 +1169,7 @@ dequeue_rx(struct idt77252_dev *card, st
20063 __net_timestamp(skb);
20064
20065 vcc->push(vcc, skb);
20066- atomic_inc(&vcc->stats->rx);
20067+ atomic_inc_unchecked(&vcc->stats->rx);
20068
20069 return;
20070 }
20071@@ -1191,7 +1191,7 @@ dequeue_rx(struct idt77252_dev *card, st
20072 __net_timestamp(skb);
20073
20074 vcc->push(vcc, skb);
20075- atomic_inc(&vcc->stats->rx);
20076+ atomic_inc_unchecked(&vcc->stats->rx);
20077
20078 if (skb->truesize > SAR_FB_SIZE_3)
20079 add_rx_skb(card, 3, SAR_FB_SIZE_3, 1);
20080@@ -1303,14 +1303,14 @@ idt77252_rx_raw(struct idt77252_dev *car
20081 if (vcc->qos.aal != ATM_AAL0) {
20082 RPRINTK("%s: raw cell for non AAL0 vc %u.%u\n",
20083 card->name, vpi, vci);
20084- atomic_inc(&vcc->stats->rx_drop);
20085+ atomic_inc_unchecked(&vcc->stats->rx_drop);
20086 goto drop;
20087 }
20088
20089 if ((sb = dev_alloc_skb(64)) == NULL) {
20090 printk("%s: Can't allocate buffers for AAL0.\n",
20091 card->name);
20092- atomic_inc(&vcc->stats->rx_err);
20093+ atomic_inc_unchecked(&vcc->stats->rx_err);
20094 goto drop;
20095 }
20096
20097@@ -1329,7 +1329,7 @@ idt77252_rx_raw(struct idt77252_dev *car
20098 ATM_SKB(sb)->vcc = vcc;
20099 __net_timestamp(sb);
20100 vcc->push(vcc, sb);
20101- atomic_inc(&vcc->stats->rx);
20102+ atomic_inc_unchecked(&vcc->stats->rx);
20103
20104 drop:
20105 skb_pull(queue, 64);
20106@@ -1954,13 +1954,13 @@ idt77252_send_skb(struct atm_vcc *vcc, s
20107
20108 if (vc == NULL) {
20109 printk("%s: NULL connection in send().\n", card->name);
20110- atomic_inc(&vcc->stats->tx_err);
20111+ atomic_inc_unchecked(&vcc->stats->tx_err);
20112 dev_kfree_skb(skb);
20113 return -EINVAL;
20114 }
20115 if (!test_bit(VCF_TX, &vc->flags)) {
20116 printk("%s: Trying to transmit on a non-tx VC.\n", card->name);
20117- atomic_inc(&vcc->stats->tx_err);
20118+ atomic_inc_unchecked(&vcc->stats->tx_err);
20119 dev_kfree_skb(skb);
20120 return -EINVAL;
20121 }
20122@@ -1972,14 +1972,14 @@ idt77252_send_skb(struct atm_vcc *vcc, s
20123 break;
20124 default:
20125 printk("%s: Unsupported AAL: %d\n", card->name, vcc->qos.aal);
20126- atomic_inc(&vcc->stats->tx_err);
20127+ atomic_inc_unchecked(&vcc->stats->tx_err);
20128 dev_kfree_skb(skb);
20129 return -EINVAL;
20130 }
20131
20132 if (skb_shinfo(skb)->nr_frags != 0) {
20133 printk("%s: No scatter-gather yet.\n", card->name);
20134- atomic_inc(&vcc->stats->tx_err);
20135+ atomic_inc_unchecked(&vcc->stats->tx_err);
20136 dev_kfree_skb(skb);
20137 return -EINVAL;
20138 }
20139@@ -1987,7 +1987,7 @@ idt77252_send_skb(struct atm_vcc *vcc, s
20140
20141 err = queue_skb(card, vc, skb, oam);
20142 if (err) {
20143- atomic_inc(&vcc->stats->tx_err);
20144+ atomic_inc_unchecked(&vcc->stats->tx_err);
20145 dev_kfree_skb(skb);
20146 return err;
20147 }
20148@@ -2010,7 +2010,7 @@ idt77252_send_oam(struct atm_vcc *vcc, v
20149 skb = dev_alloc_skb(64);
20150 if (!skb) {
20151 printk("%s: Out of memory in send_oam().\n", card->name);
20152- atomic_inc(&vcc->stats->tx_err);
20153+ atomic_inc_unchecked(&vcc->stats->tx_err);
20154 return -ENOMEM;
20155 }
20156 atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
20157diff -urNp linux-2.6.32.8/drivers/atm/iphase.c linux-2.6.32.8/drivers/atm/iphase.c
20158--- linux-2.6.32.8/drivers/atm/iphase.c 2010-02-09 07:57:19.000000000 -0500
20159+++ linux-2.6.32.8/drivers/atm/iphase.c 2010-02-13 21:45:09.994917324 -0500
20160@@ -1123,7 +1123,7 @@ static int rx_pkt(struct atm_dev *dev)
20161 status = (u_short) (buf_desc_ptr->desc_mode);
20162 if (status & (RX_CER | RX_PTE | RX_OFL))
20163 {
20164- atomic_inc(&vcc->stats->rx_err);
20165+ atomic_inc_unchecked(&vcc->stats->rx_err);
20166 IF_ERR(printk("IA: bad packet, dropping it");)
20167 if (status & RX_CER) {
20168 IF_ERR(printk(" cause: packet CRC error\n");)
20169@@ -1146,7 +1146,7 @@ static int rx_pkt(struct atm_dev *dev)
20170 len = dma_addr - buf_addr;
20171 if (len > iadev->rx_buf_sz) {
20172 printk("Over %d bytes sdu received, dropped!!!\n", iadev->rx_buf_sz);
20173- atomic_inc(&vcc->stats->rx_err);
20174+ atomic_inc_unchecked(&vcc->stats->rx_err);
20175 goto out_free_desc;
20176 }
20177
20178@@ -1296,7 +1296,7 @@ static void rx_dle_intr(struct atm_dev *
20179 ia_vcc = INPH_IA_VCC(vcc);
20180 if (ia_vcc == NULL)
20181 {
20182- atomic_inc(&vcc->stats->rx_err);
20183+ atomic_inc_unchecked(&vcc->stats->rx_err);
20184 dev_kfree_skb_any(skb);
20185 atm_return(vcc, atm_guess_pdu2truesize(len));
20186 goto INCR_DLE;
20187@@ -1308,7 +1308,7 @@ static void rx_dle_intr(struct atm_dev *
20188 if ((length > iadev->rx_buf_sz) || (length >
20189 (skb->len - sizeof(struct cpcs_trailer))))
20190 {
20191- atomic_inc(&vcc->stats->rx_err);
20192+ atomic_inc_unchecked(&vcc->stats->rx_err);
20193 IF_ERR(printk("rx_dle_intr: Bad AAL5 trailer %d (skb len %d)",
20194 length, skb->len);)
20195 dev_kfree_skb_any(skb);
20196@@ -1324,7 +1324,7 @@ static void rx_dle_intr(struct atm_dev *
20197
20198 IF_RX(printk("rx_dle_intr: skb push");)
20199 vcc->push(vcc,skb);
20200- atomic_inc(&vcc->stats->rx);
20201+ atomic_inc_unchecked(&vcc->stats->rx);
20202 iadev->rx_pkt_cnt++;
20203 }
20204 INCR_DLE:
20205@@ -2806,15 +2806,15 @@ static int ia_ioctl(struct atm_dev *dev,
20206 {
20207 struct k_sonet_stats *stats;
20208 stats = &PRIV(_ia_dev[board])->sonet_stats;
20209- printk("section_bip: %d\n", atomic_read(&stats->section_bip));
20210- printk("line_bip : %d\n", atomic_read(&stats->line_bip));
20211- printk("path_bip : %d\n", atomic_read(&stats->path_bip));
20212- printk("line_febe : %d\n", atomic_read(&stats->line_febe));
20213- printk("path_febe : %d\n", atomic_read(&stats->path_febe));
20214- printk("corr_hcs : %d\n", atomic_read(&stats->corr_hcs));
20215- printk("uncorr_hcs : %d\n", atomic_read(&stats->uncorr_hcs));
20216- printk("tx_cells : %d\n", atomic_read(&stats->tx_cells));
20217- printk("rx_cells : %d\n", atomic_read(&stats->rx_cells));
20218+ printk("section_bip: %d\n", atomic_read_unchecked(&stats->section_bip));
20219+ printk("line_bip : %d\n", atomic_read_unchecked(&stats->line_bip));
20220+ printk("path_bip : %d\n", atomic_read_unchecked(&stats->path_bip));
20221+ printk("line_febe : %d\n", atomic_read_unchecked(&stats->line_febe));
20222+ printk("path_febe : %d\n", atomic_read_unchecked(&stats->path_febe));
20223+ printk("corr_hcs : %d\n", atomic_read_unchecked(&stats->corr_hcs));
20224+ printk("uncorr_hcs : %d\n", atomic_read_unchecked(&stats->uncorr_hcs));
20225+ printk("tx_cells : %d\n", atomic_read_unchecked(&stats->tx_cells));
20226+ printk("rx_cells : %d\n", atomic_read_unchecked(&stats->rx_cells));
20227 }
20228 ia_cmds.status = 0;
20229 break;
20230@@ -2919,7 +2919,7 @@ static int ia_pkt_tx (struct atm_vcc *vc
20231 if ((desc == 0) || (desc > iadev->num_tx_desc))
20232 {
20233 IF_ERR(printk(DEV_LABEL "invalid desc for send: %d\n", desc);)
20234- atomic_inc(&vcc->stats->tx);
20235+ atomic_inc_unchecked(&vcc->stats->tx);
20236 if (vcc->pop)
20237 vcc->pop(vcc, skb);
20238 else
20239@@ -3024,14 +3024,14 @@ static int ia_pkt_tx (struct atm_vcc *vc
20240 ATM_DESC(skb) = vcc->vci;
20241 skb_queue_tail(&iadev->tx_dma_q, skb);
20242
20243- atomic_inc(&vcc->stats->tx);
20244+ atomic_inc_unchecked(&vcc->stats->tx);
20245 iadev->tx_pkt_cnt++;
20246 /* Increment transaction counter */
20247 writel(2, iadev->dma+IPHASE5575_TX_COUNTER);
20248
20249 #if 0
20250 /* add flow control logic */
20251- if (atomic_read(&vcc->stats->tx) % 20 == 0) {
20252+ if (atomic_read_unchecked(&vcc->stats->tx) % 20 == 0) {
20253 if (iavcc->vc_desc_cnt > 10) {
20254 vcc->tx_quota = vcc->tx_quota * 3 / 4;
20255 printk("Tx1: vcc->tx_quota = %d \n", (u32)vcc->tx_quota );
20256diff -urNp linux-2.6.32.8/drivers/atm/lanai.c linux-2.6.32.8/drivers/atm/lanai.c
20257--- linux-2.6.32.8/drivers/atm/lanai.c 2010-02-09 07:57:19.000000000 -0500
20258+++ linux-2.6.32.8/drivers/atm/lanai.c 2010-02-13 21:45:09.995625472 -0500
20259@@ -1305,7 +1305,7 @@ static void lanai_send_one_aal5(struct l
20260 vcc_tx_add_aal5_trailer(lvcc, skb->len, 0, 0);
20261 lanai_endtx(lanai, lvcc);
20262 lanai_free_skb(lvcc->tx.atmvcc, skb);
20263- atomic_inc(&lvcc->tx.atmvcc->stats->tx);
20264+ atomic_inc_unchecked(&lvcc->tx.atmvcc->stats->tx);
20265 }
20266
20267 /* Try to fill the buffer - don't call unless there is backlog */
20268@@ -1428,7 +1428,7 @@ static void vcc_rx_aal5(struct lanai_vcc
20269 ATM_SKB(skb)->vcc = lvcc->rx.atmvcc;
20270 __net_timestamp(skb);
20271 lvcc->rx.atmvcc->push(lvcc->rx.atmvcc, skb);
20272- atomic_inc(&lvcc->rx.atmvcc->stats->rx);
20273+ atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx);
20274 out:
20275 lvcc->rx.buf.ptr = end;
20276 cardvcc_write(lvcc, endptr, vcc_rxreadptr);
20277@@ -1670,7 +1670,7 @@ static int handle_service(struct lanai_d
20278 DPRINTK("(itf %d) got RX service entry 0x%X for non-AAL5 "
20279 "vcc %d\n", lanai->number, (unsigned int) s, vci);
20280 lanai->stats.service_rxnotaal5++;
20281- atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
20282+ atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
20283 return 0;
20284 }
20285 if (likely(!(s & (SERVICE_TRASH | SERVICE_STREAM | SERVICE_CRCERR)))) {
20286@@ -1682,7 +1682,7 @@ static int handle_service(struct lanai_d
20287 int bytes;
20288 read_unlock(&vcc_sklist_lock);
20289 DPRINTK("got trashed rx pdu on vci %d\n", vci);
20290- atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
20291+ atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
20292 lvcc->stats.x.aal5.service_trash++;
20293 bytes = (SERVICE_GET_END(s) * 16) -
20294 (((unsigned long) lvcc->rx.buf.ptr) -
20295@@ -1694,7 +1694,7 @@ static int handle_service(struct lanai_d
20296 }
20297 if (s & SERVICE_STREAM) {
20298 read_unlock(&vcc_sklist_lock);
20299- atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
20300+ atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
20301 lvcc->stats.x.aal5.service_stream++;
20302 printk(KERN_ERR DEV_LABEL "(itf %d): Got AAL5 stream "
20303 "PDU on VCI %d!\n", lanai->number, vci);
20304@@ -1702,7 +1702,7 @@ static int handle_service(struct lanai_d
20305 return 0;
20306 }
20307 DPRINTK("got rx crc error on vci %d\n", vci);
20308- atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
20309+ atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
20310 lvcc->stats.x.aal5.service_rxcrc++;
20311 lvcc->rx.buf.ptr = &lvcc->rx.buf.start[SERVICE_GET_END(s) * 4];
20312 cardvcc_write(lvcc, SERVICE_GET_END(s), vcc_rxreadptr);
20313diff -urNp linux-2.6.32.8/drivers/atm/nicstar.c linux-2.6.32.8/drivers/atm/nicstar.c
20314--- linux-2.6.32.8/drivers/atm/nicstar.c 2010-02-09 07:57:19.000000000 -0500
20315+++ linux-2.6.32.8/drivers/atm/nicstar.c 2010-02-13 21:45:09.996835361 -0500
20316@@ -1723,7 +1723,7 @@ static int ns_send(struct atm_vcc *vcc,
20317 if ((vc = (vc_map *) vcc->dev_data) == NULL)
20318 {
20319 printk("nicstar%d: vcc->dev_data == NULL on ns_send().\n", card->index);
20320- atomic_inc(&vcc->stats->tx_err);
20321+ atomic_inc_unchecked(&vcc->stats->tx_err);
20322 dev_kfree_skb_any(skb);
20323 return -EINVAL;
20324 }
20325@@ -1731,7 +1731,7 @@ static int ns_send(struct atm_vcc *vcc,
20326 if (!vc->tx)
20327 {
20328 printk("nicstar%d: Trying to transmit on a non-tx VC.\n", card->index);
20329- atomic_inc(&vcc->stats->tx_err);
20330+ atomic_inc_unchecked(&vcc->stats->tx_err);
20331 dev_kfree_skb_any(skb);
20332 return -EINVAL;
20333 }
20334@@ -1739,7 +1739,7 @@ static int ns_send(struct atm_vcc *vcc,
20335 if (vcc->qos.aal != ATM_AAL5 && vcc->qos.aal != ATM_AAL0)
20336 {
20337 printk("nicstar%d: Only AAL0 and AAL5 are supported.\n", card->index);
20338- atomic_inc(&vcc->stats->tx_err);
20339+ atomic_inc_unchecked(&vcc->stats->tx_err);
20340 dev_kfree_skb_any(skb);
20341 return -EINVAL;
20342 }
20343@@ -1747,7 +1747,7 @@ static int ns_send(struct atm_vcc *vcc,
20344 if (skb_shinfo(skb)->nr_frags != 0)
20345 {
20346 printk("nicstar%d: No scatter-gather yet.\n", card->index);
20347- atomic_inc(&vcc->stats->tx_err);
20348+ atomic_inc_unchecked(&vcc->stats->tx_err);
20349 dev_kfree_skb_any(skb);
20350 return -EINVAL;
20351 }
20352@@ -1792,11 +1792,11 @@ static int ns_send(struct atm_vcc *vcc,
20353
20354 if (push_scqe(card, vc, scq, &scqe, skb) != 0)
20355 {
20356- atomic_inc(&vcc->stats->tx_err);
20357+ atomic_inc_unchecked(&vcc->stats->tx_err);
20358 dev_kfree_skb_any(skb);
20359 return -EIO;
20360 }
20361- atomic_inc(&vcc->stats->tx);
20362+ atomic_inc_unchecked(&vcc->stats->tx);
20363
20364 return 0;
20365 }
20366@@ -2111,14 +2111,14 @@ static void dequeue_rx(ns_dev *card, ns_
20367 {
20368 printk("nicstar%d: Can't allocate buffers for aal0.\n",
20369 card->index);
20370- atomic_add(i,&vcc->stats->rx_drop);
20371+ atomic_add_unchecked(i,&vcc->stats->rx_drop);
20372 break;
20373 }
20374 if (!atm_charge(vcc, sb->truesize))
20375 {
20376 RXPRINTK("nicstar%d: atm_charge() dropped aal0 packets.\n",
20377 card->index);
20378- atomic_add(i-1,&vcc->stats->rx_drop); /* already increased by 1 */
20379+ atomic_add_unchecked(i-1,&vcc->stats->rx_drop); /* already increased by 1 */
20380 dev_kfree_skb_any(sb);
20381 break;
20382 }
20383@@ -2133,7 +2133,7 @@ static void dequeue_rx(ns_dev *card, ns_
20384 ATM_SKB(sb)->vcc = vcc;
20385 __net_timestamp(sb);
20386 vcc->push(vcc, sb);
20387- atomic_inc(&vcc->stats->rx);
20388+ atomic_inc_unchecked(&vcc->stats->rx);
20389 cell += ATM_CELL_PAYLOAD;
20390 }
20391
20392@@ -2152,7 +2152,7 @@ static void dequeue_rx(ns_dev *card, ns_
20393 if (iovb == NULL)
20394 {
20395 printk("nicstar%d: Out of iovec buffers.\n", card->index);
20396- atomic_inc(&vcc->stats->rx_drop);
20397+ atomic_inc_unchecked(&vcc->stats->rx_drop);
20398 recycle_rx_buf(card, skb);
20399 return;
20400 }
20401@@ -2182,7 +2182,7 @@ static void dequeue_rx(ns_dev *card, ns_
20402 else if (NS_SKB(iovb)->iovcnt >= NS_MAX_IOVECS)
20403 {
20404 printk("nicstar%d: received too big AAL5 SDU.\n", card->index);
20405- atomic_inc(&vcc->stats->rx_err);
20406+ atomic_inc_unchecked(&vcc->stats->rx_err);
20407 recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data, NS_MAX_IOVECS);
20408 NS_SKB(iovb)->iovcnt = 0;
20409 iovb->len = 0;
20410@@ -2202,7 +2202,7 @@ static void dequeue_rx(ns_dev *card, ns_
20411 printk("nicstar%d: Expected a small buffer, and this is not one.\n",
20412 card->index);
20413 which_list(card, skb);
20414- atomic_inc(&vcc->stats->rx_err);
20415+ atomic_inc_unchecked(&vcc->stats->rx_err);
20416 recycle_rx_buf(card, skb);
20417 vc->rx_iov = NULL;
20418 recycle_iov_buf(card, iovb);
20419@@ -2216,7 +2216,7 @@ static void dequeue_rx(ns_dev *card, ns_
20420 printk("nicstar%d: Expected a large buffer, and this is not one.\n",
20421 card->index);
20422 which_list(card, skb);
20423- atomic_inc(&vcc->stats->rx_err);
20424+ atomic_inc_unchecked(&vcc->stats->rx_err);
20425 recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data,
20426 NS_SKB(iovb)->iovcnt);
20427 vc->rx_iov = NULL;
20428@@ -2240,7 +2240,7 @@ static void dequeue_rx(ns_dev *card, ns_
20429 printk(" - PDU size mismatch.\n");
20430 else
20431 printk(".\n");
20432- atomic_inc(&vcc->stats->rx_err);
20433+ atomic_inc_unchecked(&vcc->stats->rx_err);
20434 recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data,
20435 NS_SKB(iovb)->iovcnt);
20436 vc->rx_iov = NULL;
20437@@ -2256,7 +2256,7 @@ static void dequeue_rx(ns_dev *card, ns_
20438 if (!atm_charge(vcc, skb->truesize))
20439 {
20440 push_rxbufs(card, skb);
20441- atomic_inc(&vcc->stats->rx_drop);
20442+ atomic_inc_unchecked(&vcc->stats->rx_drop);
20443 }
20444 else
20445 {
20446@@ -2268,7 +2268,7 @@ static void dequeue_rx(ns_dev *card, ns_
20447 ATM_SKB(skb)->vcc = vcc;
20448 __net_timestamp(skb);
20449 vcc->push(vcc, skb);
20450- atomic_inc(&vcc->stats->rx);
20451+ atomic_inc_unchecked(&vcc->stats->rx);
20452 }
20453 }
20454 else if (NS_SKB(iovb)->iovcnt == 2) /* One small plus one large buffer */
20455@@ -2283,7 +2283,7 @@ static void dequeue_rx(ns_dev *card, ns_
20456 if (!atm_charge(vcc, sb->truesize))
20457 {
20458 push_rxbufs(card, sb);
20459- atomic_inc(&vcc->stats->rx_drop);
20460+ atomic_inc_unchecked(&vcc->stats->rx_drop);
20461 }
20462 else
20463 {
20464@@ -2295,7 +2295,7 @@ static void dequeue_rx(ns_dev *card, ns_
20465 ATM_SKB(sb)->vcc = vcc;
20466 __net_timestamp(sb);
20467 vcc->push(vcc, sb);
20468- atomic_inc(&vcc->stats->rx);
20469+ atomic_inc_unchecked(&vcc->stats->rx);
20470 }
20471
20472 push_rxbufs(card, skb);
20473@@ -2306,7 +2306,7 @@ static void dequeue_rx(ns_dev *card, ns_
20474 if (!atm_charge(vcc, skb->truesize))
20475 {
20476 push_rxbufs(card, skb);
20477- atomic_inc(&vcc->stats->rx_drop);
20478+ atomic_inc_unchecked(&vcc->stats->rx_drop);
20479 }
20480 else
20481 {
20482@@ -2320,7 +2320,7 @@ static void dequeue_rx(ns_dev *card, ns_
20483 ATM_SKB(skb)->vcc = vcc;
20484 __net_timestamp(skb);
20485 vcc->push(vcc, skb);
20486- atomic_inc(&vcc->stats->rx);
20487+ atomic_inc_unchecked(&vcc->stats->rx);
20488 }
20489
20490 push_rxbufs(card, sb);
20491@@ -2342,7 +2342,7 @@ static void dequeue_rx(ns_dev *card, ns_
20492 if (hb == NULL)
20493 {
20494 printk("nicstar%d: Out of huge buffers.\n", card->index);
20495- atomic_inc(&vcc->stats->rx_drop);
20496+ atomic_inc_unchecked(&vcc->stats->rx_drop);
20497 recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data,
20498 NS_SKB(iovb)->iovcnt);
20499 vc->rx_iov = NULL;
20500@@ -2393,7 +2393,7 @@ static void dequeue_rx(ns_dev *card, ns_
20501 }
20502 else
20503 dev_kfree_skb_any(hb);
20504- atomic_inc(&vcc->stats->rx_drop);
20505+ atomic_inc_unchecked(&vcc->stats->rx_drop);
20506 }
20507 else
20508 {
20509@@ -2427,7 +2427,7 @@ static void dequeue_rx(ns_dev *card, ns_
20510 #endif /* NS_USE_DESTRUCTORS */
20511 __net_timestamp(hb);
20512 vcc->push(vcc, hb);
20513- atomic_inc(&vcc->stats->rx);
20514+ atomic_inc_unchecked(&vcc->stats->rx);
20515 }
20516 }
20517
20518diff -urNp linux-2.6.32.8/drivers/atm/solos-pci.c linux-2.6.32.8/drivers/atm/solos-pci.c
20519--- linux-2.6.32.8/drivers/atm/solos-pci.c 2010-02-09 07:57:19.000000000 -0500
20520+++ linux-2.6.32.8/drivers/atm/solos-pci.c 2010-02-13 21:45:09.996835361 -0500
20521@@ -708,7 +708,7 @@ void solos_bh(unsigned long card_arg)
20522 }
20523 atm_charge(vcc, skb->truesize);
20524 vcc->push(vcc, skb);
20525- atomic_inc(&vcc->stats->rx);
20526+ atomic_inc_unchecked(&vcc->stats->rx);
20527 break;
20528
20529 case PKT_STATUS:
20530@@ -1011,7 +1011,7 @@ static uint32_t fpga_tx(struct solos_car
20531 vcc = SKB_CB(oldskb)->vcc;
20532
20533 if (vcc) {
20534- atomic_inc(&vcc->stats->tx);
20535+ atomic_inc_unchecked(&vcc->stats->tx);
20536 solos_pop(vcc, oldskb);
20537 } else
20538 dev_kfree_skb_irq(oldskb);
20539diff -urNp linux-2.6.32.8/drivers/atm/suni.c linux-2.6.32.8/drivers/atm/suni.c
20540--- linux-2.6.32.8/drivers/atm/suni.c 2010-02-09 07:57:19.000000000 -0500
20541+++ linux-2.6.32.8/drivers/atm/suni.c 2010-02-13 21:45:09.997543003 -0500
20542@@ -49,8 +49,8 @@ static DEFINE_SPINLOCK(sunis_lock);
20543
20544
20545 #define ADD_LIMITED(s,v) \
20546- atomic_add((v),&stats->s); \
20547- if (atomic_read(&stats->s) < 0) atomic_set(&stats->s,INT_MAX);
20548+ atomic_add_unchecked((v),&stats->s); \
20549+ if (atomic_read_unchecked(&stats->s) < 0) atomic_set_unchecked(&stats->s,INT_MAX);
20550
20551
20552 static void suni_hz(unsigned long from_timer)
20553diff -urNp linux-2.6.32.8/drivers/atm/uPD98402.c linux-2.6.32.8/drivers/atm/uPD98402.c
20554--- linux-2.6.32.8/drivers/atm/uPD98402.c 2010-02-09 07:57:19.000000000 -0500
20555+++ linux-2.6.32.8/drivers/atm/uPD98402.c 2010-02-13 21:45:09.997543003 -0500
20556@@ -41,7 +41,7 @@ static int fetch_stats(struct atm_dev *d
20557 struct sonet_stats tmp;
20558 int error = 0;
20559
20560- atomic_add(GET(HECCT),&PRIV(dev)->sonet_stats.uncorr_hcs);
20561+ atomic_add_unchecked(GET(HECCT),&PRIV(dev)->sonet_stats.uncorr_hcs);
20562 sonet_copy_stats(&PRIV(dev)->sonet_stats,&tmp);
20563 if (arg) error = copy_to_user(arg,&tmp,sizeof(tmp));
20564 if (zero && !error) {
20565@@ -160,9 +160,9 @@ static int uPD98402_ioctl(struct atm_dev
20566
20567
20568 #define ADD_LIMITED(s,v) \
20569- { atomic_add(GET(v),&PRIV(dev)->sonet_stats.s); \
20570- if (atomic_read(&PRIV(dev)->sonet_stats.s) < 0) \
20571- atomic_set(&PRIV(dev)->sonet_stats.s,INT_MAX); }
20572+ { atomic_add_unchecked(GET(v),&PRIV(dev)->sonet_stats.s); \
20573+ if (atomic_read_unchecked(&PRIV(dev)->sonet_stats.s) < 0) \
20574+ atomic_set_unchecked(&PRIV(dev)->sonet_stats.s,INT_MAX); }
20575
20576
20577 static void stat_event(struct atm_dev *dev)
20578@@ -193,7 +193,7 @@ static void uPD98402_int(struct atm_dev
20579 if (reason & uPD98402_INT_PFM) stat_event(dev);
20580 if (reason & uPD98402_INT_PCO) {
20581 (void) GET(PCOCR); /* clear interrupt cause */
20582- atomic_add(GET(HECCT),
20583+ atomic_add_unchecked(GET(HECCT),
20584 &PRIV(dev)->sonet_stats.uncorr_hcs);
20585 }
20586 if ((reason & uPD98402_INT_RFO) &&
20587@@ -221,9 +221,9 @@ static int uPD98402_start(struct atm_dev
20588 PUT(~(uPD98402_INT_PFM | uPD98402_INT_ALM | uPD98402_INT_RFO |
20589 uPD98402_INT_LOS),PIMR); /* enable them */
20590 (void) fetch_stats(dev,NULL,1); /* clear kernel counters */
20591- atomic_set(&PRIV(dev)->sonet_stats.corr_hcs,-1);
20592- atomic_set(&PRIV(dev)->sonet_stats.tx_cells,-1);
20593- atomic_set(&PRIV(dev)->sonet_stats.rx_cells,-1);
20594+ atomic_set_unchecked(&PRIV(dev)->sonet_stats.corr_hcs,-1);
20595+ atomic_set_unchecked(&PRIV(dev)->sonet_stats.tx_cells,-1);
20596+ atomic_set_unchecked(&PRIV(dev)->sonet_stats.rx_cells,-1);
20597 return 0;
20598 }
20599
20600diff -urNp linux-2.6.32.8/drivers/atm/zatm.c linux-2.6.32.8/drivers/atm/zatm.c
20601--- linux-2.6.32.8/drivers/atm/zatm.c 2010-02-09 07:57:19.000000000 -0500
20602+++ linux-2.6.32.8/drivers/atm/zatm.c 2010-02-13 21:45:09.997543003 -0500
20603@@ -458,7 +458,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy
20604 }
20605 if (!size) {
20606 dev_kfree_skb_irq(skb);
20607- if (vcc) atomic_inc(&vcc->stats->rx_err);
20608+ if (vcc) atomic_inc_unchecked(&vcc->stats->rx_err);
20609 continue;
20610 }
20611 if (!atm_charge(vcc,skb->truesize)) {
20612@@ -468,7 +468,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy
20613 skb->len = size;
20614 ATM_SKB(skb)->vcc = vcc;
20615 vcc->push(vcc,skb);
20616- atomic_inc(&vcc->stats->rx);
20617+ atomic_inc_unchecked(&vcc->stats->rx);
20618 }
20619 zout(pos & 0xffff,MTA(mbx));
20620 #if 0 /* probably a stupid idea */
20621@@ -732,7 +732,7 @@ if (*ZATM_PRV_DSC(skb) != (uPD98401_TXPD
20622 skb_queue_head(&zatm_vcc->backlog,skb);
20623 break;
20624 }
20625- atomic_inc(&vcc->stats->tx);
20626+ atomic_inc_unchecked(&vcc->stats->tx);
20627 wake_up(&zatm_vcc->tx_wait);
20628 }
20629
20630diff -urNp linux-2.6.32.8/drivers/base/bus.c linux-2.6.32.8/drivers/base/bus.c
20631--- linux-2.6.32.8/drivers/base/bus.c 2010-02-09 07:57:19.000000000 -0500
20632+++ linux-2.6.32.8/drivers/base/bus.c 2010-02-13 21:45:09.997543003 -0500
20633@@ -70,7 +70,7 @@ static ssize_t drv_attr_store(struct kob
20634 return ret;
20635 }
20636
20637-static struct sysfs_ops driver_sysfs_ops = {
20638+static const struct sysfs_ops driver_sysfs_ops = {
20639 .show = drv_attr_show,
20640 .store = drv_attr_store,
20641 };
20642@@ -115,7 +115,7 @@ static ssize_t bus_attr_store(struct kob
20643 return ret;
20644 }
20645
20646-static struct sysfs_ops bus_sysfs_ops = {
20647+static const struct sysfs_ops bus_sysfs_ops = {
20648 .show = bus_attr_show,
20649 .store = bus_attr_store,
20650 };
20651@@ -154,7 +154,7 @@ static int bus_uevent_filter(struct kset
20652 return 0;
20653 }
20654
20655-static struct kset_uevent_ops bus_uevent_ops = {
20656+static const struct kset_uevent_ops bus_uevent_ops = {
20657 .filter = bus_uevent_filter,
20658 };
20659
20660diff -urNp linux-2.6.32.8/drivers/base/class.c linux-2.6.32.8/drivers/base/class.c
20661--- linux-2.6.32.8/drivers/base/class.c 2010-02-09 07:57:19.000000000 -0500
20662+++ linux-2.6.32.8/drivers/base/class.c 2010-02-13 21:45:09.997543003 -0500
20663@@ -61,7 +61,7 @@ static void class_release(struct kobject
20664 "be careful\n", class->name);
20665 }
20666
20667-static struct sysfs_ops class_sysfs_ops = {
20668+static const struct sysfs_ops class_sysfs_ops = {
20669 .show = class_attr_show,
20670 .store = class_attr_store,
20671 };
20672diff -urNp linux-2.6.32.8/drivers/base/core.c linux-2.6.32.8/drivers/base/core.c
20673--- linux-2.6.32.8/drivers/base/core.c 2010-02-09 07:57:19.000000000 -0500
20674+++ linux-2.6.32.8/drivers/base/core.c 2010-02-13 21:45:09.998872688 -0500
20675@@ -100,7 +100,7 @@ static ssize_t dev_attr_store(struct kob
20676 return ret;
20677 }
20678
20679-static struct sysfs_ops dev_sysfs_ops = {
20680+static const struct sysfs_ops dev_sysfs_ops = {
20681 .show = dev_attr_show,
20682 .store = dev_attr_store,
20683 };
20684@@ -252,7 +252,7 @@ static int dev_uevent(struct kset *kset,
20685 return retval;
20686 }
20687
20688-static struct kset_uevent_ops device_uevent_ops = {
20689+static const struct kset_uevent_ops device_uevent_ops = {
20690 .filter = dev_uevent_filter,
20691 .name = dev_uevent_name,
20692 .uevent = dev_uevent,
20693diff -urNp linux-2.6.32.8/drivers/base/memory.c linux-2.6.32.8/drivers/base/memory.c
20694--- linux-2.6.32.8/drivers/base/memory.c 2010-02-09 07:57:19.000000000 -0500
20695+++ linux-2.6.32.8/drivers/base/memory.c 2010-02-13 21:45:09.998872688 -0500
20696@@ -44,7 +44,7 @@ static int memory_uevent(struct kset *ks
20697 return retval;
20698 }
20699
20700-static struct kset_uevent_ops memory_uevent_ops = {
20701+static const struct kset_uevent_ops memory_uevent_ops = {
20702 .name = memory_uevent_name,
20703 .uevent = memory_uevent,
20704 };
20705diff -urNp linux-2.6.32.8/drivers/base/sys.c linux-2.6.32.8/drivers/base/sys.c
20706--- linux-2.6.32.8/drivers/base/sys.c 2010-02-09 07:57:19.000000000 -0500
20707+++ linux-2.6.32.8/drivers/base/sys.c 2010-02-13 21:45:09.998872688 -0500
20708@@ -54,7 +54,7 @@ sysdev_store(struct kobject *kobj, struc
20709 return -EIO;
20710 }
20711
20712-static struct sysfs_ops sysfs_ops = {
20713+static const struct sysfs_ops sysfs_ops = {
20714 .show = sysdev_show,
20715 .store = sysdev_store,
20716 };
20717@@ -104,7 +104,7 @@ static ssize_t sysdev_class_store(struct
20718 return -EIO;
20719 }
20720
20721-static struct sysfs_ops sysfs_class_ops = {
20722+static const struct sysfs_ops sysfs_class_ops = {
20723 .show = sysdev_class_show,
20724 .store = sysdev_class_store,
20725 };
20726diff -urNp linux-2.6.32.8/drivers/block/pktcdvd.c linux-2.6.32.8/drivers/block/pktcdvd.c
20727--- linux-2.6.32.8/drivers/block/pktcdvd.c 2010-02-09 07:57:19.000000000 -0500
20728+++ linux-2.6.32.8/drivers/block/pktcdvd.c 2010-02-13 21:45:09.999912339 -0500
20729@@ -284,7 +284,7 @@ static ssize_t kobj_pkt_store(struct kob
20730 return len;
20731 }
20732
20733-static struct sysfs_ops kobj_pkt_ops = {
20734+static const struct sysfs_ops kobj_pkt_ops = {
20735 .show = kobj_pkt_show,
20736 .store = kobj_pkt_store
20737 };
20738diff -urNp linux-2.6.32.8/drivers/char/agp/frontend.c linux-2.6.32.8/drivers/char/agp/frontend.c
20739--- linux-2.6.32.8/drivers/char/agp/frontend.c 2010-02-09 07:57:19.000000000 -0500
20740+++ linux-2.6.32.8/drivers/char/agp/frontend.c 2010-02-13 21:45:09.999912339 -0500
20741@@ -824,7 +824,7 @@ static int agpioc_reserve_wrap(struct ag
20742 if (copy_from_user(&reserve, arg, sizeof(struct agp_region)))
20743 return -EFAULT;
20744
20745- if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment))
20746+ if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment_priv))
20747 return -EFAULT;
20748
20749 client = agp_find_client_by_pid(reserve.pid);
20750diff -urNp linux-2.6.32.8/drivers/char/agp/intel-agp.c linux-2.6.32.8/drivers/char/agp/intel-agp.c
20751--- linux-2.6.32.8/drivers/char/agp/intel-agp.c 2010-02-09 07:57:19.000000000 -0500
20752+++ linux-2.6.32.8/drivers/char/agp/intel-agp.c 2010-02-13 21:45:09.999912339 -0500
20753@@ -2571,7 +2571,7 @@ static struct pci_device_id agp_intel_pc
20754 ID(PCI_DEVICE_ID_INTEL_IGDNG_M_HB),
20755 ID(PCI_DEVICE_ID_INTEL_IGDNG_MA_HB),
20756 ID(PCI_DEVICE_ID_INTEL_IGDNG_MC2_HB),
20757- { }
20758+ { 0, 0, 0, 0, 0, 0, 0 }
20759 };
20760
20761 MODULE_DEVICE_TABLE(pci, agp_intel_pci_table);
20762diff -urNp linux-2.6.32.8/drivers/char/hpet.c linux-2.6.32.8/drivers/char/hpet.c
20763--- linux-2.6.32.8/drivers/char/hpet.c 2010-02-09 07:57:19.000000000 -0500
20764+++ linux-2.6.32.8/drivers/char/hpet.c 2010-02-13 21:45:10.000894801 -0500
20765@@ -998,7 +998,7 @@ static struct acpi_driver hpet_acpi_driv
20766 },
20767 };
20768
20769-static struct miscdevice hpet_misc = { HPET_MINOR, "hpet", &hpet_fops };
20770+static struct miscdevice hpet_misc = { HPET_MINOR, "hpet", &hpet_fops, {NULL, NULL}, NULL, NULL };
20771
20772 static int __init hpet_init(void)
20773 {
20774diff -urNp linux-2.6.32.8/drivers/char/hvc_beat.c linux-2.6.32.8/drivers/char/hvc_beat.c
20775--- linux-2.6.32.8/drivers/char/hvc_beat.c 2010-02-09 07:57:19.000000000 -0500
20776+++ linux-2.6.32.8/drivers/char/hvc_beat.c 2010-02-13 21:45:10.000894801 -0500
20777@@ -84,7 +84,7 @@ static int hvc_beat_put_chars(uint32_t v
20778 return cnt;
20779 }
20780
20781-static struct hv_ops hvc_beat_get_put_ops = {
20782+static const struct hv_ops hvc_beat_get_put_ops = {
20783 .get_chars = hvc_beat_get_chars,
20784 .put_chars = hvc_beat_put_chars,
20785 };
20786diff -urNp linux-2.6.32.8/drivers/char/hvc_console.c linux-2.6.32.8/drivers/char/hvc_console.c
20787--- linux-2.6.32.8/drivers/char/hvc_console.c 2010-02-09 07:57:19.000000000 -0500
20788+++ linux-2.6.32.8/drivers/char/hvc_console.c 2010-02-13 21:45:10.000894801 -0500
20789@@ -125,7 +125,7 @@ static struct hvc_struct *hvc_get_by_ind
20790 * console interfaces but can still be used as a tty device. This has to be
20791 * static because kmalloc will not work during early console init.
20792 */
20793-static struct hv_ops *cons_ops[MAX_NR_HVC_CONSOLES];
20794+static const struct hv_ops *cons_ops[MAX_NR_HVC_CONSOLES];
20795 static uint32_t vtermnos[MAX_NR_HVC_CONSOLES] =
20796 {[0 ... MAX_NR_HVC_CONSOLES - 1] = -1};
20797
20798@@ -247,7 +247,7 @@ static void destroy_hvc_struct(struct kr
20799 * vty adapters do NOT get an hvc_instantiate() callback since they
20800 * appear after early console init.
20801 */
20802-int hvc_instantiate(uint32_t vtermno, int index, struct hv_ops *ops)
20803+int hvc_instantiate(uint32_t vtermno, int index, const struct hv_ops *ops)
20804 {
20805 struct hvc_struct *hp;
20806
20807@@ -749,7 +749,7 @@ static const struct tty_operations hvc_o
20808 };
20809
20810 struct hvc_struct __devinit *hvc_alloc(uint32_t vtermno, int data,
20811- struct hv_ops *ops, int outbuf_size)
20812+ const struct hv_ops *ops, int outbuf_size)
20813 {
20814 struct hvc_struct *hp;
20815 int i;
20816diff -urNp linux-2.6.32.8/drivers/char/hvc_console.h linux-2.6.32.8/drivers/char/hvc_console.h
20817--- linux-2.6.32.8/drivers/char/hvc_console.h 2010-02-09 07:57:19.000000000 -0500
20818+++ linux-2.6.32.8/drivers/char/hvc_console.h 2010-02-13 21:45:10.000894801 -0500
20819@@ -55,7 +55,7 @@ struct hvc_struct {
20820 int outbuf_size;
20821 int n_outbuf;
20822 uint32_t vtermno;
20823- struct hv_ops *ops;
20824+ const struct hv_ops *ops;
20825 int irq_requested;
20826 int data;
20827 struct winsize ws;
20828@@ -76,11 +76,11 @@ struct hv_ops {
20829 };
20830
20831 /* Register a vterm and a slot index for use as a console (console_init) */
20832-extern int hvc_instantiate(uint32_t vtermno, int index, struct hv_ops *ops);
20833+extern int hvc_instantiate(uint32_t vtermno, int index, const struct hv_ops *ops);
20834
20835 /* register a vterm for hvc tty operation (module_init or hotplug add) */
20836 extern struct hvc_struct * __devinit hvc_alloc(uint32_t vtermno, int data,
20837- struct hv_ops *ops, int outbuf_size);
20838+ const struct hv_ops *ops, int outbuf_size);
20839 /* remove a vterm from hvc tty operation (module_exit or hotplug remove) */
20840 extern int hvc_remove(struct hvc_struct *hp);
20841
20842diff -urNp linux-2.6.32.8/drivers/char/hvc_iseries.c linux-2.6.32.8/drivers/char/hvc_iseries.c
20843--- linux-2.6.32.8/drivers/char/hvc_iseries.c 2010-02-09 07:57:19.000000000 -0500
20844+++ linux-2.6.32.8/drivers/char/hvc_iseries.c 2010-02-13 21:45:10.001795492 -0500
20845@@ -197,7 +197,7 @@ done:
20846 return sent;
20847 }
20848
20849-static struct hv_ops hvc_get_put_ops = {
20850+static const struct hv_ops hvc_get_put_ops = {
20851 .get_chars = get_chars,
20852 .put_chars = put_chars,
20853 .notifier_add = notifier_add_irq,
20854diff -urNp linux-2.6.32.8/drivers/char/hvc_iucv.c linux-2.6.32.8/drivers/char/hvc_iucv.c
20855--- linux-2.6.32.8/drivers/char/hvc_iucv.c 2010-02-09 07:57:19.000000000 -0500
20856+++ linux-2.6.32.8/drivers/char/hvc_iucv.c 2010-02-13 21:45:10.001795492 -0500
20857@@ -922,7 +922,7 @@ static int hvc_iucv_pm_restore_thaw(stru
20858
20859
20860 /* HVC operations */
20861-static struct hv_ops hvc_iucv_ops = {
20862+static const struct hv_ops hvc_iucv_ops = {
20863 .get_chars = hvc_iucv_get_chars,
20864 .put_chars = hvc_iucv_put_chars,
20865 .notifier_add = hvc_iucv_notifier_add,
20866diff -urNp linux-2.6.32.8/drivers/char/hvc_rtas.c linux-2.6.32.8/drivers/char/hvc_rtas.c
20867--- linux-2.6.32.8/drivers/char/hvc_rtas.c 2010-02-09 07:57:19.000000000 -0500
20868+++ linux-2.6.32.8/drivers/char/hvc_rtas.c 2010-02-13 21:45:10.001795492 -0500
20869@@ -71,7 +71,7 @@ static int hvc_rtas_read_console(uint32_
20870 return i;
20871 }
20872
20873-static struct hv_ops hvc_rtas_get_put_ops = {
20874+static const struct hv_ops hvc_rtas_get_put_ops = {
20875 .get_chars = hvc_rtas_read_console,
20876 .put_chars = hvc_rtas_write_console,
20877 };
20878diff -urNp linux-2.6.32.8/drivers/char/hvcs.c linux-2.6.32.8/drivers/char/hvcs.c
20879--- linux-2.6.32.8/drivers/char/hvcs.c 2010-02-09 07:57:19.000000000 -0500
20880+++ linux-2.6.32.8/drivers/char/hvcs.c 2010-02-13 21:45:10.002636361 -0500
20881@@ -269,7 +269,7 @@ struct hvcs_struct {
20882 unsigned int index;
20883
20884 struct tty_struct *tty;
20885- int open_count;
20886+ atomic_t open_count;
20887
20888 /*
20889 * Used to tell the driver kernel_thread what operations need to take
20890@@ -419,7 +419,7 @@ static ssize_t hvcs_vterm_state_store(st
20891
20892 spin_lock_irqsave(&hvcsd->lock, flags);
20893
20894- if (hvcsd->open_count > 0) {
20895+ if (atomic_read(&hvcsd->open_count) > 0) {
20896 spin_unlock_irqrestore(&hvcsd->lock, flags);
20897 printk(KERN_INFO "HVCS: vterm state unchanged. "
20898 "The hvcs device node is still in use.\n");
20899@@ -1135,7 +1135,7 @@ static int hvcs_open(struct tty_struct *
20900 if ((retval = hvcs_partner_connect(hvcsd)))
20901 goto error_release;
20902
20903- hvcsd->open_count = 1;
20904+ atomic_set(&hvcsd->open_count, 1);
20905 hvcsd->tty = tty;
20906 tty->driver_data = hvcsd;
20907
20908@@ -1169,7 +1169,7 @@ fast_open:
20909
20910 spin_lock_irqsave(&hvcsd->lock, flags);
20911 kref_get(&hvcsd->kref);
20912- hvcsd->open_count++;
20913+ atomic_inc(&hvcsd->open_count);
20914 hvcsd->todo_mask |= HVCS_SCHED_READ;
20915 spin_unlock_irqrestore(&hvcsd->lock, flags);
20916
20917@@ -1213,7 +1213,7 @@ static void hvcs_close(struct tty_struct
20918 hvcsd = tty->driver_data;
20919
20920 spin_lock_irqsave(&hvcsd->lock, flags);
20921- if (--hvcsd->open_count == 0) {
20922+ if (atomic_dec_and_test(&hvcsd->open_count)) {
20923
20924 vio_disable_interrupts(hvcsd->vdev);
20925
20926@@ -1239,10 +1239,10 @@ static void hvcs_close(struct tty_struct
20927 free_irq(irq, hvcsd);
20928 kref_put(&hvcsd->kref, destroy_hvcs_struct);
20929 return;
20930- } else if (hvcsd->open_count < 0) {
20931+ } else if (atomic_read(&hvcsd->open_count) < 0) {
20932 printk(KERN_ERR "HVCS: vty-server@%X open_count: %d"
20933 " is missmanaged.\n",
20934- hvcsd->vdev->unit_address, hvcsd->open_count);
20935+ hvcsd->vdev->unit_address, atomic_read(&hvcsd->open_count));
20936 }
20937
20938 spin_unlock_irqrestore(&hvcsd->lock, flags);
20939@@ -1258,7 +1258,7 @@ static void hvcs_hangup(struct tty_struc
20940
20941 spin_lock_irqsave(&hvcsd->lock, flags);
20942 /* Preserve this so that we know how many kref refs to put */
20943- temp_open_count = hvcsd->open_count;
20944+ temp_open_count = atomic_read(&hvcsd->open_count);
20945
20946 /*
20947 * Don't kref put inside the spinlock because the destruction
20948@@ -1273,7 +1273,7 @@ static void hvcs_hangup(struct tty_struc
20949 hvcsd->tty->driver_data = NULL;
20950 hvcsd->tty = NULL;
20951
20952- hvcsd->open_count = 0;
20953+ atomic_set(&hvcsd->open_count, 0);
20954
20955 /* This will drop any buffered data on the floor which is OK in a hangup
20956 * scenario. */
20957@@ -1344,7 +1344,7 @@ static int hvcs_write(struct tty_struct
20958 * the middle of a write operation? This is a crummy place to do this
20959 * but we want to keep it all in the spinlock.
20960 */
20961- if (hvcsd->open_count <= 0) {
20962+ if (atomic_read(&hvcsd->open_count) <= 0) {
20963 spin_unlock_irqrestore(&hvcsd->lock, flags);
20964 return -ENODEV;
20965 }
20966@@ -1418,7 +1418,7 @@ static int hvcs_write_room(struct tty_st
20967 {
20968 struct hvcs_struct *hvcsd = tty->driver_data;
20969
20970- if (!hvcsd || hvcsd->open_count <= 0)
20971+ if (!hvcsd || atomic_read(&hvcsd->open_count) <= 0)
20972 return 0;
20973
20974 return HVCS_BUFF_LEN - hvcsd->chars_in_buffer;
20975diff -urNp linux-2.6.32.8/drivers/char/hvc_udbg.c linux-2.6.32.8/drivers/char/hvc_udbg.c
20976--- linux-2.6.32.8/drivers/char/hvc_udbg.c 2010-02-09 07:57:19.000000000 -0500
20977+++ linux-2.6.32.8/drivers/char/hvc_udbg.c 2010-02-13 21:45:10.002636361 -0500
20978@@ -58,7 +58,7 @@ static int hvc_udbg_get(uint32_t vtermno
20979 return i;
20980 }
20981
20982-static struct hv_ops hvc_udbg_ops = {
20983+static const struct hv_ops hvc_udbg_ops = {
20984 .get_chars = hvc_udbg_get,
20985 .put_chars = hvc_udbg_put,
20986 };
20987diff -urNp linux-2.6.32.8/drivers/char/hvc_vio.c linux-2.6.32.8/drivers/char/hvc_vio.c
20988--- linux-2.6.32.8/drivers/char/hvc_vio.c 2010-02-09 07:57:19.000000000 -0500
20989+++ linux-2.6.32.8/drivers/char/hvc_vio.c 2010-02-13 21:45:10.002636361 -0500
20990@@ -77,7 +77,7 @@ static int filtered_get_chars(uint32_t v
20991 return got;
20992 }
20993
20994-static struct hv_ops hvc_get_put_ops = {
20995+static const struct hv_ops hvc_get_put_ops = {
20996 .get_chars = filtered_get_chars,
20997 .put_chars = hvc_put_chars,
20998 .notifier_add = notifier_add_irq,
20999diff -urNp linux-2.6.32.8/drivers/char/hvc_xen.c linux-2.6.32.8/drivers/char/hvc_xen.c
21000--- linux-2.6.32.8/drivers/char/hvc_xen.c 2010-02-09 07:57:19.000000000 -0500
21001+++ linux-2.6.32.8/drivers/char/hvc_xen.c 2010-02-13 21:45:10.002636361 -0500
21002@@ -120,7 +120,7 @@ static int read_console(uint32_t vtermno
21003 return recv;
21004 }
21005
21006-static struct hv_ops hvc_ops = {
21007+static const struct hv_ops hvc_ops = {
21008 .get_chars = read_console,
21009 .put_chars = write_console,
21010 .notifier_add = notifier_add_irq,
21011diff -urNp linux-2.6.32.8/drivers/char/ipmi/ipmi_msghandler.c linux-2.6.32.8/drivers/char/ipmi/ipmi_msghandler.c
21012--- linux-2.6.32.8/drivers/char/ipmi/ipmi_msghandler.c 2010-02-09 07:57:19.000000000 -0500
21013+++ linux-2.6.32.8/drivers/char/ipmi/ipmi_msghandler.c 2010-02-13 21:45:10.003914851 -0500
21014@@ -414,7 +414,7 @@ struct ipmi_smi {
21015 struct proc_dir_entry *proc_dir;
21016 char proc_dir_name[10];
21017
21018- atomic_t stats[IPMI_NUM_STATS];
21019+ atomic_unchecked_t stats[IPMI_NUM_STATS];
21020
21021 /*
21022 * run_to_completion duplicate of smb_info, smi_info
21023@@ -447,9 +447,9 @@ static DEFINE_MUTEX(smi_watchers_mutex);
21024
21025
21026 #define ipmi_inc_stat(intf, stat) \
21027- atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat])
21028+ atomic_inc_unchecked(&(intf)->stats[IPMI_STAT_ ## stat])
21029 #define ipmi_get_stat(intf, stat) \
21030- ((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat]))
21031+ ((unsigned int) atomic_read_unchecked(&(intf)->stats[IPMI_STAT_ ## stat]))
21032
21033 static int is_lan_addr(struct ipmi_addr *addr)
21034 {
21035@@ -2808,7 +2808,7 @@ int ipmi_register_smi(struct ipmi_smi_ha
21036 INIT_LIST_HEAD(&intf->cmd_rcvrs);
21037 init_waitqueue_head(&intf->waitq);
21038 for (i = 0; i < IPMI_NUM_STATS; i++)
21039- atomic_set(&intf->stats[i], 0);
21040+ atomic_set_unchecked(&intf->stats[i], 0);
21041
21042 intf->proc_dir = NULL;
21043
21044diff -urNp linux-2.6.32.8/drivers/char/ipmi/ipmi_si_intf.c linux-2.6.32.8/drivers/char/ipmi/ipmi_si_intf.c
21045--- linux-2.6.32.8/drivers/char/ipmi/ipmi_si_intf.c 2010-02-09 07:57:19.000000000 -0500
21046+++ linux-2.6.32.8/drivers/char/ipmi/ipmi_si_intf.c 2010-02-13 21:45:10.004609991 -0500
21047@@ -277,7 +277,7 @@ struct smi_info {
21048 unsigned char slave_addr;
21049
21050 /* Counters and things for the proc filesystem. */
21051- atomic_t stats[SI_NUM_STATS];
21052+ atomic_unchecked_t stats[SI_NUM_STATS];
21053
21054 struct task_struct *thread;
21055
21056@@ -285,9 +285,9 @@ struct smi_info {
21057 };
21058
21059 #define smi_inc_stat(smi, stat) \
21060- atomic_inc(&(smi)->stats[SI_STAT_ ## stat])
21061+ atomic_inc_unchecked(&(smi)->stats[SI_STAT_ ## stat])
21062 #define smi_get_stat(smi, stat) \
21063- ((unsigned int) atomic_read(&(smi)->stats[SI_STAT_ ## stat]))
21064+ ((unsigned int) atomic_read_unchecked(&(smi)->stats[SI_STAT_ ## stat]))
21065
21066 #define SI_MAX_PARMS 4
21067
21068@@ -2926,7 +2926,7 @@ static int try_smi_init(struct smi_info
21069 atomic_set(&new_smi->req_events, 0);
21070 new_smi->run_to_completion = 0;
21071 for (i = 0; i < SI_NUM_STATS; i++)
21072- atomic_set(&new_smi->stats[i], 0);
21073+ atomic_set_unchecked(&new_smi->stats[i], 0);
21074
21075 new_smi->interrupt_disabled = 0;
21076 atomic_set(&new_smi->stop_operation, 0);
21077diff -urNp linux-2.6.32.8/drivers/char/keyboard.c linux-2.6.32.8/drivers/char/keyboard.c
21078--- linux-2.6.32.8/drivers/char/keyboard.c 2010-02-09 07:57:19.000000000 -0500
21079+++ linux-2.6.32.8/drivers/char/keyboard.c 2010-02-13 21:45:10.005543380 -0500
21080@@ -635,6 +635,16 @@ static void k_spec(struct vc_data *vc, u
21081 kbd->kbdmode == VC_MEDIUMRAW) &&
21082 value != KVAL(K_SAK))
21083 return; /* SAK is allowed even in raw mode */
21084+
21085+#if defined(CONFIG_GRKERNSEC_PROC) || defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
21086+ {
21087+ void *func = fn_handler[value];
21088+ if (func == fn_show_state || func == fn_show_ptregs ||
21089+ func == fn_show_mem)
21090+ return;
21091+ }
21092+#endif
21093+
21094 fn_handler[value](vc);
21095 }
21096
21097@@ -1386,7 +1396,7 @@ static const struct input_device_id kbd_
21098 .evbit = { BIT_MASK(EV_SND) },
21099 },
21100
21101- { }, /* Terminating entry */
21102+ { 0 }, /* Terminating entry */
21103 };
21104
21105 MODULE_DEVICE_TABLE(input, kbd_ids);
21106diff -urNp linux-2.6.32.8/drivers/char/mem.c linux-2.6.32.8/drivers/char/mem.c
21107--- linux-2.6.32.8/drivers/char/mem.c 2010-02-09 07:57:19.000000000 -0500
21108+++ linux-2.6.32.8/drivers/char/mem.c 2010-02-13 21:45:10.005543380 -0500
21109@@ -18,6 +18,7 @@
21110 #include <linux/raw.h>
21111 #include <linux/tty.h>
21112 #include <linux/capability.h>
21113+#include <linux/security.h>
21114 #include <linux/ptrace.h>
21115 #include <linux/device.h>
21116 #include <linux/highmem.h>
21117@@ -35,6 +36,10 @@
21118 # include <linux/efi.h>
21119 #endif
21120
21121+#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
21122+extern struct file_operations grsec_fops;
21123+#endif
21124+
21125 /*
21126 * Architectures vary in how they handle caching for addresses
21127 * outside of main memory.
21128@@ -192,6 +197,11 @@ static ssize_t write_mem(struct file * f
21129 if (!valid_phys_addr_range(p, count))
21130 return -EFAULT;
21131
21132+#ifdef CONFIG_GRKERNSEC_KMEM
21133+ gr_handle_mem_write();
21134+ return -EPERM;
21135+#endif
21136+
21137 written = 0;
21138
21139 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
21140@@ -324,6 +334,11 @@ static int mmap_mem(struct file * file,
21141 &vma->vm_page_prot))
21142 return -EINVAL;
21143
21144+#ifdef CONFIG_GRKERNSEC_KMEM
21145+ if (gr_handle_mem_mmap(vma->vm_pgoff << PAGE_SHIFT, vma))
21146+ return -EPERM;
21147+#endif
21148+
21149 vma->vm_page_prot = phys_mem_access_prot(file, vma->vm_pgoff,
21150 size,
21151 vma->vm_page_prot);
21152@@ -558,6 +573,11 @@ static ssize_t write_kmem(struct file *
21153 ssize_t written;
21154 char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
21155
21156+#ifdef CONFIG_GRKERNSEC_KMEM
21157+ gr_handle_kmem_write();
21158+ return -EPERM;
21159+#endif
21160+
21161 if (p < (unsigned long) high_memory) {
21162
21163 wrote = count;
21164@@ -763,6 +783,16 @@ static loff_t memory_lseek(struct file *
21165
21166 static int open_port(struct inode * inode, struct file * filp)
21167 {
21168+#ifdef CONFIG_GRKERNSEC_KMEM
21169+ gr_handle_open_port();
21170+ return -EPERM;
21171+#endif
21172+
21173+ return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
21174+}
21175+
21176+static int open_mem(struct inode * inode, struct file * filp)
21177+{
21178 return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
21179 }
21180
21181@@ -770,7 +800,6 @@ static int open_port(struct inode * inod
21182 #define full_lseek null_lseek
21183 #define write_zero write_null
21184 #define read_full read_zero
21185-#define open_mem open_port
21186 #define open_kmem open_mem
21187 #define open_oldmem open_mem
21188
21189@@ -886,6 +915,9 @@ static const struct memdev {
21190 #ifdef CONFIG_CRASH_DUMP
21191 [12] = { "oldmem", 0, &oldmem_fops, NULL },
21192 #endif
21193+#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
21194+ [13] = { "grsec",S_IRUSR | S_IWUGO, &grsec_fops, NULL },
21195+#endif
21196 };
21197
21198 static int memory_open(struct inode *inode, struct file *filp)
21199diff -urNp linux-2.6.32.8/drivers/char/nvram.c linux-2.6.32.8/drivers/char/nvram.c
21200--- linux-2.6.32.8/drivers/char/nvram.c 2010-02-09 07:57:19.000000000 -0500
21201+++ linux-2.6.32.8/drivers/char/nvram.c 2010-02-13 21:45:10.005543380 -0500
21202@@ -429,7 +429,10 @@ static const struct file_operations nvra
21203 static struct miscdevice nvram_dev = {
21204 NVRAM_MINOR,
21205 "nvram",
21206- &nvram_fops
21207+ &nvram_fops,
21208+ {NULL, NULL},
21209+ NULL,
21210+ NULL
21211 };
21212
21213 static int __init nvram_init(void)
21214diff -urNp linux-2.6.32.8/drivers/char/pcmcia/ipwireless/tty.c linux-2.6.32.8/drivers/char/pcmcia/ipwireless/tty.c
21215--- linux-2.6.32.8/drivers/char/pcmcia/ipwireless/tty.c 2010-02-09 07:57:19.000000000 -0500
21216+++ linux-2.6.32.8/drivers/char/pcmcia/ipwireless/tty.c 2010-02-13 21:45:10.005543380 -0500
21217@@ -51,7 +51,7 @@ struct ipw_tty {
21218 int tty_type;
21219 struct ipw_network *network;
21220 struct tty_struct *linux_tty;
21221- int open_count;
21222+ atomic_t open_count;
21223 unsigned int control_lines;
21224 struct mutex ipw_tty_mutex;
21225 int tx_bytes_queued;
21226@@ -127,10 +127,10 @@ static int ipw_open(struct tty_struct *l
21227 mutex_unlock(&tty->ipw_tty_mutex);
21228 return -ENODEV;
21229 }
21230- if (tty->open_count == 0)
21231+ if (atomic_read(&tty->open_count) == 0)
21232 tty->tx_bytes_queued = 0;
21233
21234- tty->open_count++;
21235+ atomic_inc(&tty->open_count);
21236
21237 tty->linux_tty = linux_tty;
21238 linux_tty->driver_data = tty;
21239@@ -146,9 +146,7 @@ static int ipw_open(struct tty_struct *l
21240
21241 static void do_ipw_close(struct ipw_tty *tty)
21242 {
21243- tty->open_count--;
21244-
21245- if (tty->open_count == 0) {
21246+ if (atomic_dec_return(&tty->open_count) == 0) {
21247 struct tty_struct *linux_tty = tty->linux_tty;
21248
21249 if (linux_tty != NULL) {
21250@@ -169,7 +167,7 @@ static void ipw_hangup(struct tty_struct
21251 return;
21252
21253 mutex_lock(&tty->ipw_tty_mutex);
21254- if (tty->open_count == 0) {
21255+ if (atomic_read(&tty->open_count) == 0) {
21256 mutex_unlock(&tty->ipw_tty_mutex);
21257 return;
21258 }
21259@@ -198,7 +196,7 @@ void ipwireless_tty_received(struct ipw_
21260 return;
21261 }
21262
21263- if (!tty->open_count) {
21264+ if (!atomic_read(&tty->open_count)) {
21265 mutex_unlock(&tty->ipw_tty_mutex);
21266 return;
21267 }
21268@@ -240,7 +238,7 @@ static int ipw_write(struct tty_struct *
21269 return -ENODEV;
21270
21271 mutex_lock(&tty->ipw_tty_mutex);
21272- if (!tty->open_count) {
21273+ if (!atomic_read(&tty->open_count)) {
21274 mutex_unlock(&tty->ipw_tty_mutex);
21275 return -EINVAL;
21276 }
21277@@ -280,7 +278,7 @@ static int ipw_write_room(struct tty_str
21278 if (!tty)
21279 return -ENODEV;
21280
21281- if (!tty->open_count)
21282+ if (!atomic_read(&tty->open_count))
21283 return -EINVAL;
21284
21285 room = IPWIRELESS_TX_QUEUE_SIZE - tty->tx_bytes_queued;
21286@@ -322,7 +320,7 @@ static int ipw_chars_in_buffer(struct tt
21287 if (!tty)
21288 return 0;
21289
21290- if (!tty->open_count)
21291+ if (!atomic_read(&tty->open_count))
21292 return 0;
21293
21294 return tty->tx_bytes_queued;
21295@@ -403,7 +401,7 @@ static int ipw_tiocmget(struct tty_struc
21296 if (!tty)
21297 return -ENODEV;
21298
21299- if (!tty->open_count)
21300+ if (!atomic_read(&tty->open_count))
21301 return -EINVAL;
21302
21303 return get_control_lines(tty);
21304@@ -419,7 +417,7 @@ ipw_tiocmset(struct tty_struct *linux_tt
21305 if (!tty)
21306 return -ENODEV;
21307
21308- if (!tty->open_count)
21309+ if (!atomic_read(&tty->open_count))
21310 return -EINVAL;
21311
21312 return set_control_lines(tty, set, clear);
21313@@ -433,7 +431,7 @@ static int ipw_ioctl(struct tty_struct *
21314 if (!tty)
21315 return -ENODEV;
21316
21317- if (!tty->open_count)
21318+ if (!atomic_read(&tty->open_count))
21319 return -EINVAL;
21320
21321 /* FIXME: Exactly how is the tty object locked here .. */
21322@@ -591,7 +589,7 @@ void ipwireless_tty_free(struct ipw_tty
21323 against a parallel ioctl etc */
21324 mutex_lock(&ttyj->ipw_tty_mutex);
21325 }
21326- while (ttyj->open_count)
21327+ while (atomic_read(&ttyj->open_count))
21328 do_ipw_close(ttyj);
21329 ipwireless_disassociate_network_ttys(network,
21330 ttyj->channel_idx);
21331diff -urNp linux-2.6.32.8/drivers/char/pty.c linux-2.6.32.8/drivers/char/pty.c
21332--- linux-2.6.32.8/drivers/char/pty.c 2010-02-09 07:57:19.000000000 -0500
21333+++ linux-2.6.32.8/drivers/char/pty.c 2010-02-13 21:45:10.006915632 -0500
21334@@ -682,7 +682,18 @@ static int ptmx_open(struct inode *inode
21335 return ret;
21336 }
21337
21338-static struct file_operations ptmx_fops;
21339+static const struct file_operations ptmx_fops = {
21340+ .llseek = no_llseek,
21341+ .read = tty_read,
21342+ .write = tty_write,
21343+ .poll = tty_poll,
21344+ .unlocked_ioctl = tty_ioctl,
21345+ .compat_ioctl = tty_compat_ioctl,
21346+ .open = ptmx_open,
21347+ .release = tty_release,
21348+ .fasync = tty_fasync,
21349+};
21350+
21351
21352 static void __init unix98_pty_init(void)
21353 {
21354@@ -736,9 +747,6 @@ static void __init unix98_pty_init(void)
21355 register_sysctl_table(pty_root_table);
21356
21357 /* Now create the /dev/ptmx special device */
21358- tty_default_fops(&ptmx_fops);
21359- ptmx_fops.open = ptmx_open;
21360-
21361 cdev_init(&ptmx_cdev, &ptmx_fops);
21362 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
21363 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
21364diff -urNp linux-2.6.32.8/drivers/char/random.c linux-2.6.32.8/drivers/char/random.c
21365--- linux-2.6.32.8/drivers/char/random.c 2010-02-09 07:57:19.000000000 -0500
21366+++ linux-2.6.32.8/drivers/char/random.c 2010-02-13 21:45:10.006915632 -0500
21367@@ -254,8 +254,13 @@
21368 /*
21369 * Configuration information
21370 */
21371+#ifdef CONFIG_GRKERNSEC_RANDNET
21372+#define INPUT_POOL_WORDS 512
21373+#define OUTPUT_POOL_WORDS 128
21374+#else
21375 #define INPUT_POOL_WORDS 128
21376 #define OUTPUT_POOL_WORDS 32
21377+#endif
21378 #define SEC_XFER_SIZE 512
21379
21380 /*
21381@@ -292,10 +297,17 @@ static struct poolinfo {
21382 int poolwords;
21383 int tap1, tap2, tap3, tap4, tap5;
21384 } poolinfo_table[] = {
21385+#ifdef CONFIG_GRKERNSEC_RANDNET
21386+ /* x^512 + x^411 + x^308 + x^208 +x^104 + x + 1 -- 225 */
21387+ { 512, 411, 308, 208, 104, 1 },
21388+ /* x^128 + x^103 + x^76 + x^51 + x^25 + x + 1 -- 105 */
21389+ { 128, 103, 76, 51, 25, 1 },
21390+#else
21391 /* x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 -- 105 */
21392 { 128, 103, 76, 51, 25, 1 },
21393 /* x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 -- 15 */
21394 { 32, 26, 20, 14, 7, 1 },
21395+#endif
21396 #if 0
21397 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
21398 { 2048, 1638, 1231, 819, 411, 1 },
21399@@ -1209,7 +1221,7 @@ EXPORT_SYMBOL(generate_random_uuid);
21400 #include <linux/sysctl.h>
21401
21402 static int min_read_thresh = 8, min_write_thresh;
21403-static int max_read_thresh = INPUT_POOL_WORDS * 32;
21404+static int max_read_thresh = OUTPUT_POOL_WORDS * 32;
21405 static int max_write_thresh = INPUT_POOL_WORDS * 32;
21406 static char sysctl_bootid[16];
21407
21408diff -urNp linux-2.6.32.8/drivers/char/sonypi.c linux-2.6.32.8/drivers/char/sonypi.c
21409--- linux-2.6.32.8/drivers/char/sonypi.c 2010-02-09 07:57:19.000000000 -0500
21410+++ linux-2.6.32.8/drivers/char/sonypi.c 2010-02-13 21:45:10.007915557 -0500
21411@@ -491,7 +491,7 @@ static struct sonypi_device {
21412 spinlock_t fifo_lock;
21413 wait_queue_head_t fifo_proc_list;
21414 struct fasync_struct *fifo_async;
21415- int open_count;
21416+ atomic_t open_count;
21417 int model;
21418 struct input_dev *input_jog_dev;
21419 struct input_dev *input_key_dev;
21420@@ -895,7 +895,7 @@ static int sonypi_misc_fasync(int fd, st
21421 static int sonypi_misc_release(struct inode *inode, struct file *file)
21422 {
21423 mutex_lock(&sonypi_device.lock);
21424- sonypi_device.open_count--;
21425+ atomic_dec(&sonypi_device.open_count);
21426 mutex_unlock(&sonypi_device.lock);
21427 return 0;
21428 }
21429@@ -905,9 +905,9 @@ static int sonypi_misc_open(struct inode
21430 lock_kernel();
21431 mutex_lock(&sonypi_device.lock);
21432 /* Flush input queue on first open */
21433- if (!sonypi_device.open_count)
21434+ if (!atomic_read(&sonypi_device.open_count))
21435 kfifo_reset(sonypi_device.fifo);
21436- sonypi_device.open_count++;
21437+ atomic_inc(&sonypi_device.open_count);
21438 mutex_unlock(&sonypi_device.lock);
21439 unlock_kernel();
21440 return 0;
21441diff -urNp linux-2.6.32.8/drivers/char/tpm/tpm_bios.c linux-2.6.32.8/drivers/char/tpm/tpm_bios.c
21442--- linux-2.6.32.8/drivers/char/tpm/tpm_bios.c 2010-02-09 07:57:19.000000000 -0500
21443+++ linux-2.6.32.8/drivers/char/tpm/tpm_bios.c 2010-02-13 21:45:10.007915557 -0500
21444@@ -172,7 +172,7 @@ static void *tpm_bios_measurements_start
21445 event = addr;
21446
21447 if ((event->event_type == 0 && event->event_size == 0) ||
21448- ((addr + sizeof(struct tcpa_event) + event->event_size) >= limit))
21449+ (event->event_size >= limit - addr - sizeof(struct tcpa_event)))
21450 return NULL;
21451
21452 return addr;
21453@@ -197,7 +197,7 @@ static void *tpm_bios_measurements_next(
21454 return NULL;
21455
21456 if ((event->event_type == 0 && event->event_size == 0) ||
21457- ((v + sizeof(struct tcpa_event) + event->event_size) >= limit))
21458+ (event->event_size >= limit - v - sizeof(struct tcpa_event)))
21459 return NULL;
21460
21461 (*pos)++;
21462@@ -290,7 +290,8 @@ static int tpm_binary_bios_measurements_
21463 int i;
21464
21465 for (i = 0; i < sizeof(struct tcpa_event) + event->event_size; i++)
21466- seq_putc(m, data[i]);
21467+ if (!seq_putc(m, data[i]))
21468+ return -EFAULT;
21469
21470 return 0;
21471 }
21472@@ -409,6 +410,11 @@ static int read_log(struct tpm_bios_log
21473 log->bios_event_log_end = log->bios_event_log + len;
21474
21475 virt = acpi_os_map_memory(start, len);
21476+ if (!virt) {
21477+ kfree(log->bios_event_log);
21478+ log->bios_event_log = NULL;
21479+ return -EFAULT;
21480+ }
21481
21482 memcpy(log->bios_event_log, virt, len);
21483
21484diff -urNp linux-2.6.32.8/drivers/char/tty_io.c linux-2.6.32.8/drivers/char/tty_io.c
21485--- linux-2.6.32.8/drivers/char/tty_io.c 2010-02-09 07:57:19.000000000 -0500
21486+++ linux-2.6.32.8/drivers/char/tty_io.c 2010-02-13 21:45:10.008914507 -0500
21487@@ -136,21 +136,10 @@ LIST_HEAD(tty_drivers); /* linked list
21488 DEFINE_MUTEX(tty_mutex);
21489 EXPORT_SYMBOL(tty_mutex);
21490
21491-static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
21492-static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
21493 ssize_t redirected_tty_write(struct file *, const char __user *,
21494 size_t, loff_t *);
21495-static unsigned int tty_poll(struct file *, poll_table *);
21496 static int tty_open(struct inode *, struct file *);
21497-static int tty_release(struct inode *, struct file *);
21498 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
21499-#ifdef CONFIG_COMPAT
21500-static long tty_compat_ioctl(struct file *file, unsigned int cmd,
21501- unsigned long arg);
21502-#else
21503-#define tty_compat_ioctl NULL
21504-#endif
21505-static int tty_fasync(int fd, struct file *filp, int on);
21506 static void release_tty(struct tty_struct *tty, int idx);
21507 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
21508 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
21509@@ -870,7 +859,7 @@ EXPORT_SYMBOL(start_tty);
21510 * read calls may be outstanding in parallel.
21511 */
21512
21513-static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
21514+ssize_t tty_read(struct file *file, char __user *buf, size_t count,
21515 loff_t *ppos)
21516 {
21517 int i;
21518@@ -898,6 +887,8 @@ static ssize_t tty_read(struct file *fil
21519 return i;
21520 }
21521
21522+EXPORT_SYMBOL(tty_read);
21523+
21524 void tty_write_unlock(struct tty_struct *tty)
21525 {
21526 mutex_unlock(&tty->atomic_write_lock);
21527@@ -1045,7 +1036,7 @@ void tty_write_message(struct tty_struct
21528 * write method will not be invoked in parallel for each device.
21529 */
21530
21531-static ssize_t tty_write(struct file *file, const char __user *buf,
21532+ssize_t tty_write(struct file *file, const char __user *buf,
21533 size_t count, loff_t *ppos)
21534 {
21535 struct tty_struct *tty;
21536@@ -1072,6 +1063,8 @@ static ssize_t tty_write(struct file *fi
21537 return ret;
21538 }
21539
21540+EXPORT_SYMBOL(tty_write);
21541+
21542 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
21543 size_t count, loff_t *ppos)
21544 {
21545@@ -1865,7 +1858,7 @@ static int tty_open(struct inode *inode,
21546 * Takes bkl. See tty_release_dev
21547 */
21548
21549-static int tty_release(struct inode *inode, struct file *filp)
21550+int tty_release(struct inode *inode, struct file *filp)
21551 {
21552 lock_kernel();
21553 tty_release_dev(filp);
21554@@ -1873,6 +1866,8 @@ static int tty_release(struct inode *ino
21555 return 0;
21556 }
21557
21558+EXPORT_SYMBOL(tty_release);
21559+
21560 /**
21561 * tty_poll - check tty status
21562 * @filp: file being polled
21563@@ -1885,7 +1880,7 @@ static int tty_release(struct inode *ino
21564 * may be re-entered freely by other callers.
21565 */
21566
21567-static unsigned int tty_poll(struct file *filp, poll_table *wait)
21568+unsigned int tty_poll(struct file *filp, poll_table *wait)
21569 {
21570 struct tty_struct *tty;
21571 struct tty_ldisc *ld;
21572@@ -1902,7 +1897,9 @@ static unsigned int tty_poll(struct file
21573 return ret;
21574 }
21575
21576-static int tty_fasync(int fd, struct file *filp, int on)
21577+EXPORT_SYMBOL(tty_poll);
21578+
21579+int tty_fasync(int fd, struct file *filp, int on)
21580 {
21581 struct tty_struct *tty;
21582 unsigned long flags;
21583@@ -1944,6 +1941,8 @@ out:
21584 return retval;
21585 }
21586
21587+EXPORT_SYMBOL(tty_fasync);
21588+
21589 /**
21590 * tiocsti - fake input character
21591 * @tty: tty to fake input into
21592@@ -2578,8 +2577,10 @@ long tty_ioctl(struct file *file, unsign
21593 return retval;
21594 }
21595
21596+EXPORT_SYMBOL(tty_ioctl);
21597+
21598 #ifdef CONFIG_COMPAT
21599-static long tty_compat_ioctl(struct file *file, unsigned int cmd,
21600+long tty_compat_ioctl(struct file *file, unsigned int cmd,
21601 unsigned long arg)
21602 {
21603 struct inode *inode = file->f_dentry->d_inode;
21604@@ -2603,6 +2604,8 @@ static long tty_compat_ioctl(struct file
21605
21606 return retval;
21607 }
21608+
21609+EXPORT_SYMBOL(tty_compat_ioctl);
21610 #endif
21611
21612 /*
21613@@ -3046,11 +3049,6 @@ struct tty_struct *get_current_tty(void)
21614 }
21615 EXPORT_SYMBOL_GPL(get_current_tty);
21616
21617-void tty_default_fops(struct file_operations *fops)
21618-{
21619- *fops = tty_fops;
21620-}
21621-
21622 /*
21623 * Initialize the console device. This is called *early*, so
21624 * we can't necessarily depend on lots of kernel help here.
21625diff -urNp linux-2.6.32.8/drivers/char/tty_ldisc.c linux-2.6.32.8/drivers/char/tty_ldisc.c
21626--- linux-2.6.32.8/drivers/char/tty_ldisc.c 2010-02-09 07:57:19.000000000 -0500
21627+++ linux-2.6.32.8/drivers/char/tty_ldisc.c 2010-02-13 21:45:10.008914507 -0500
21628@@ -73,7 +73,7 @@ static void put_ldisc(struct tty_ldisc *
21629 if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) {
21630 struct tty_ldisc_ops *ldo = ld->ops;
21631
21632- ldo->refcount--;
21633+ atomic_dec(&ldo->refcount);
21634 module_put(ldo->owner);
21635 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
21636
21637@@ -107,7 +107,7 @@ int tty_register_ldisc(int disc, struct
21638 spin_lock_irqsave(&tty_ldisc_lock, flags);
21639 tty_ldiscs[disc] = new_ldisc;
21640 new_ldisc->num = disc;
21641- new_ldisc->refcount = 0;
21642+ atomic_set(&new_ldisc->refcount, 0);
21643 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
21644
21645 return ret;
21646@@ -135,7 +135,7 @@ int tty_unregister_ldisc(int disc)
21647 return -EINVAL;
21648
21649 spin_lock_irqsave(&tty_ldisc_lock, flags);
21650- if (tty_ldiscs[disc]->refcount)
21651+ if (atomic_read(&tty_ldiscs[disc]->refcount))
21652 ret = -EBUSY;
21653 else
21654 tty_ldiscs[disc] = NULL;
21655@@ -156,7 +156,7 @@ static struct tty_ldisc_ops *get_ldops(i
21656 if (ldops) {
21657 ret = ERR_PTR(-EAGAIN);
21658 if (try_module_get(ldops->owner)) {
21659- ldops->refcount++;
21660+ atomic_inc(&ldops->refcount);
21661 ret = ldops;
21662 }
21663 }
21664@@ -169,7 +169,7 @@ static void put_ldops(struct tty_ldisc_o
21665 unsigned long flags;
21666
21667 spin_lock_irqsave(&tty_ldisc_lock, flags);
21668- ldops->refcount--;
21669+ atomic_dec(&ldops->refcount);
21670 module_put(ldops->owner);
21671 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
21672 }
21673diff -urNp linux-2.6.32.8/drivers/char/virtio_console.c linux-2.6.32.8/drivers/char/virtio_console.c
21674--- linux-2.6.32.8/drivers/char/virtio_console.c 2010-02-09 07:57:19.000000000 -0500
21675+++ linux-2.6.32.8/drivers/char/virtio_console.c 2010-02-13 21:45:10.008914507 -0500
21676@@ -44,6 +44,7 @@ static unsigned int in_len;
21677 static char *in, *inbuf;
21678
21679 /* The operations for our console. */
21680+/* cannot be const */
21681 static struct hv_ops virtio_cons;
21682
21683 /* The hvc device */
21684diff -urNp linux-2.6.32.8/drivers/char/vt_ioctl.c linux-2.6.32.8/drivers/char/vt_ioctl.c
21685--- linux-2.6.32.8/drivers/char/vt_ioctl.c 2010-02-09 07:57:19.000000000 -0500
21686+++ linux-2.6.32.8/drivers/char/vt_ioctl.c 2010-02-13 21:45:10.009931341 -0500
21687@@ -226,6 +226,12 @@ do_kdsk_ioctl(int cmd, struct kbentry __
21688 case KDSKBENT:
21689 if (!perm)
21690 return -EPERM;
21691+
21692+#ifdef CONFIG_GRKERNSEC
21693+ if (!capable(CAP_SYS_TTY_CONFIG))
21694+ return -EPERM;
21695+#endif
21696+
21697 if (!i && v == K_NOSUCHMAP) {
21698 /* deallocate map */
21699 key_map = key_maps[s];
21700@@ -366,6 +372,13 @@ do_kdgkb_ioctl(int cmd, struct kbsentry
21701 goto reterr;
21702 }
21703
21704+#ifdef CONFIG_GRKERNSEC
21705+ if (!capable(CAP_SYS_TTY_CONFIG)) {
21706+ ret = -EPERM;
21707+ goto reterr;
21708+ }
21709+#endif
21710+
21711 q = func_table[i];
21712 first_free = funcbufptr + (funcbufsize - funcbufleft);
21713 for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++)
21714diff -urNp linux-2.6.32.8/drivers/cpufreq/cpufreq.c linux-2.6.32.8/drivers/cpufreq/cpufreq.c
21715--- linux-2.6.32.8/drivers/cpufreq/cpufreq.c 2010-02-09 07:57:19.000000000 -0500
21716+++ linux-2.6.32.8/drivers/cpufreq/cpufreq.c 2010-02-13 21:45:10.009931341 -0500
21717@@ -750,7 +750,7 @@ static void cpufreq_sysfs_release(struct
21718 complete(&policy->kobj_unregister);
21719 }
21720
21721-static struct sysfs_ops sysfs_ops = {
21722+static const struct sysfs_ops sysfs_ops = {
21723 .show = show,
21724 .store = store,
21725 };
21726diff -urNp linux-2.6.32.8/drivers/cpuidle/sysfs.c linux-2.6.32.8/drivers/cpuidle/sysfs.c
21727--- linux-2.6.32.8/drivers/cpuidle/sysfs.c 2010-02-09 07:57:19.000000000 -0500
21728+++ linux-2.6.32.8/drivers/cpuidle/sysfs.c 2010-02-13 21:45:10.010916781 -0500
21729@@ -191,7 +191,7 @@ static ssize_t cpuidle_store(struct kobj
21730 return ret;
21731 }
21732
21733-static struct sysfs_ops cpuidle_sysfs_ops = {
21734+static const struct sysfs_ops cpuidle_sysfs_ops = {
21735 .show = cpuidle_show,
21736 .store = cpuidle_store,
21737 };
21738@@ -277,7 +277,7 @@ static ssize_t cpuidle_state_show(struct
21739 return ret;
21740 }
21741
21742-static struct sysfs_ops cpuidle_state_sysfs_ops = {
21743+static const struct sysfs_ops cpuidle_state_sysfs_ops = {
21744 .show = cpuidle_state_show,
21745 };
21746
21747diff -urNp linux-2.6.32.8/drivers/dma/ioat/dma.c linux-2.6.32.8/drivers/dma/ioat/dma.c
21748--- linux-2.6.32.8/drivers/dma/ioat/dma.c 2010-02-09 07:57:19.000000000 -0500
21749+++ linux-2.6.32.8/drivers/dma/ioat/dma.c 2010-02-13 21:45:10.010916781 -0500
21750@@ -1146,7 +1146,7 @@ ioat_attr_show(struct kobject *kobj, str
21751 return entry->show(&chan->common, page);
21752 }
21753
21754-struct sysfs_ops ioat_sysfs_ops = {
21755+const struct sysfs_ops ioat_sysfs_ops = {
21756 .show = ioat_attr_show,
21757 };
21758
21759diff -urNp linux-2.6.32.8/drivers/dma/ioat/dma.h linux-2.6.32.8/drivers/dma/ioat/dma.h
21760--- linux-2.6.32.8/drivers/dma/ioat/dma.h 2010-02-09 07:57:19.000000000 -0500
21761+++ linux-2.6.32.8/drivers/dma/ioat/dma.h 2010-02-13 21:45:10.010916781 -0500
21762@@ -347,7 +347,7 @@ bool ioat_cleanup_preamble(struct ioat_c
21763 unsigned long *phys_complete);
21764 void ioat_kobject_add(struct ioatdma_device *device, struct kobj_type *type);
21765 void ioat_kobject_del(struct ioatdma_device *device);
21766-extern struct sysfs_ops ioat_sysfs_ops;
21767+extern const struct sysfs_ops ioat_sysfs_ops;
21768 extern struct ioat_sysfs_entry ioat_version_attr;
21769 extern struct ioat_sysfs_entry ioat_cap_attr;
21770 #endif /* IOATDMA_H */
21771diff -urNp linux-2.6.32.8/drivers/edac/edac_core.h linux-2.6.32.8/drivers/edac/edac_core.h
21772--- linux-2.6.32.8/drivers/edac/edac_core.h 2010-02-09 07:57:19.000000000 -0500
21773+++ linux-2.6.32.8/drivers/edac/edac_core.h 2010-02-13 21:45:10.011663466 -0500
21774@@ -99,11 +99,11 @@ extern int edac_debug_level;
21775
21776 #else /* !CONFIG_EDAC_DEBUG */
21777
21778-#define debugf0( ... )
21779-#define debugf1( ... )
21780-#define debugf2( ... )
21781-#define debugf3( ... )
21782-#define debugf4( ... )
21783+#define debugf0( ... ) do {} while (0)
21784+#define debugf1( ... ) do {} while (0)
21785+#define debugf2( ... ) do {} while (0)
21786+#define debugf3( ... ) do {} while (0)
21787+#define debugf4( ... ) do {} while (0)
21788
21789 #endif /* !CONFIG_EDAC_DEBUG */
21790
21791diff -urNp linux-2.6.32.8/drivers/edac/edac_device_sysfs.c linux-2.6.32.8/drivers/edac/edac_device_sysfs.c
21792--- linux-2.6.32.8/drivers/edac/edac_device_sysfs.c 2010-02-09 07:57:19.000000000 -0500
21793+++ linux-2.6.32.8/drivers/edac/edac_device_sysfs.c 2010-02-13 21:45:10.011663466 -0500
21794@@ -137,7 +137,7 @@ static ssize_t edac_dev_ctl_info_store(s
21795 }
21796
21797 /* edac_dev file operations for an 'ctl_info' */
21798-static struct sysfs_ops device_ctl_info_ops = {
21799+static const struct sysfs_ops device_ctl_info_ops = {
21800 .show = edac_dev_ctl_info_show,
21801 .store = edac_dev_ctl_info_store
21802 };
21803@@ -373,7 +373,7 @@ static ssize_t edac_dev_instance_store(s
21804 }
21805
21806 /* edac_dev file operations for an 'instance' */
21807-static struct sysfs_ops device_instance_ops = {
21808+static const struct sysfs_ops device_instance_ops = {
21809 .show = edac_dev_instance_show,
21810 .store = edac_dev_instance_store
21811 };
21812@@ -476,7 +476,7 @@ static ssize_t edac_dev_block_store(stru
21813 }
21814
21815 /* edac_dev file operations for a 'block' */
21816-static struct sysfs_ops device_block_ops = {
21817+static const struct sysfs_ops device_block_ops = {
21818 .show = edac_dev_block_show,
21819 .store = edac_dev_block_store
21820 };
21821diff -urNp linux-2.6.32.8/drivers/edac/edac_mc_sysfs.c linux-2.6.32.8/drivers/edac/edac_mc_sysfs.c
21822--- linux-2.6.32.8/drivers/edac/edac_mc_sysfs.c 2010-02-09 07:57:19.000000000 -0500
21823+++ linux-2.6.32.8/drivers/edac/edac_mc_sysfs.c 2010-02-13 21:45:10.011663466 -0500
21824@@ -245,7 +245,7 @@ static ssize_t csrowdev_store(struct kob
21825 return -EIO;
21826 }
21827
21828-static struct sysfs_ops csrowfs_ops = {
21829+static const struct sysfs_ops csrowfs_ops = {
21830 .show = csrowdev_show,
21831 .store = csrowdev_store
21832 };
21833@@ -575,7 +575,7 @@ static ssize_t mcidev_store(struct kobje
21834 }
21835
21836 /* Intermediate show/store table */
21837-static struct sysfs_ops mci_ops = {
21838+static const struct sysfs_ops mci_ops = {
21839 .show = mcidev_show,
21840 .store = mcidev_store
21841 };
21842diff -urNp linux-2.6.32.8/drivers/edac/edac_pci_sysfs.c linux-2.6.32.8/drivers/edac/edac_pci_sysfs.c
21843--- linux-2.6.32.8/drivers/edac/edac_pci_sysfs.c 2010-02-09 07:57:19.000000000 -0500
21844+++ linux-2.6.32.8/drivers/edac/edac_pci_sysfs.c 2010-02-13 21:45:10.012688081 -0500
21845@@ -121,7 +121,7 @@ static ssize_t edac_pci_instance_store(s
21846 }
21847
21848 /* fs_ops table */
21849-static struct sysfs_ops pci_instance_ops = {
21850+static const struct sysfs_ops pci_instance_ops = {
21851 .show = edac_pci_instance_show,
21852 .store = edac_pci_instance_store
21853 };
21854@@ -261,7 +261,7 @@ static ssize_t edac_pci_dev_store(struct
21855 return -EIO;
21856 }
21857
21858-static struct sysfs_ops edac_pci_sysfs_ops = {
21859+static const struct sysfs_ops edac_pci_sysfs_ops = {
21860 .show = edac_pci_dev_show,
21861 .store = edac_pci_dev_store
21862 };
21863diff -urNp linux-2.6.32.8/drivers/firmware/dmi_scan.c linux-2.6.32.8/drivers/firmware/dmi_scan.c
21864--- linux-2.6.32.8/drivers/firmware/dmi_scan.c 2010-02-09 07:57:19.000000000 -0500
21865+++ linux-2.6.32.8/drivers/firmware/dmi_scan.c 2010-02-13 21:45:10.012688081 -0500
21866@@ -391,11 +391,6 @@ void __init dmi_scan_machine(void)
21867 }
21868 }
21869 else {
21870- /*
21871- * no iounmap() for that ioremap(); it would be a no-op, but
21872- * it's so early in setup that sucker gets confused into doing
21873- * what it shouldn't if we actually call it.
21874- */
21875 p = dmi_ioremap(0xF0000, 0x10000);
21876 if (p == NULL)
21877 goto error;
21878diff -urNp linux-2.6.32.8/drivers/firmware/edd.c linux-2.6.32.8/drivers/firmware/edd.c
21879--- linux-2.6.32.8/drivers/firmware/edd.c 2010-02-09 07:57:19.000000000 -0500
21880+++ linux-2.6.32.8/drivers/firmware/edd.c 2010-02-13 21:45:10.012688081 -0500
21881@@ -122,7 +122,7 @@ edd_attr_show(struct kobject * kobj, str
21882 return ret;
21883 }
21884
21885-static struct sysfs_ops edd_attr_ops = {
21886+static const struct sysfs_ops edd_attr_ops = {
21887 .show = edd_attr_show,
21888 };
21889
21890diff -urNp linux-2.6.32.8/drivers/firmware/efivars.c linux-2.6.32.8/drivers/firmware/efivars.c
21891--- linux-2.6.32.8/drivers/firmware/efivars.c 2010-02-09 07:57:19.000000000 -0500
21892+++ linux-2.6.32.8/drivers/firmware/efivars.c 2010-02-13 21:45:10.012688081 -0500
21893@@ -362,7 +362,7 @@ static ssize_t efivar_attr_store(struct
21894 return ret;
21895 }
21896
21897-static struct sysfs_ops efivar_attr_ops = {
21898+static const struct sysfs_ops efivar_attr_ops = {
21899 .show = efivar_attr_show,
21900 .store = efivar_attr_store,
21901 };
21902diff -urNp linux-2.6.32.8/drivers/firmware/iscsi_ibft.c linux-2.6.32.8/drivers/firmware/iscsi_ibft.c
21903--- linux-2.6.32.8/drivers/firmware/iscsi_ibft.c 2010-02-09 07:57:19.000000000 -0500
21904+++ linux-2.6.32.8/drivers/firmware/iscsi_ibft.c 2010-02-13 21:45:10.013915471 -0500
21905@@ -525,7 +525,7 @@ static ssize_t ibft_show_attribute(struc
21906 return ret;
21907 }
21908
21909-static struct sysfs_ops ibft_attr_ops = {
21910+static const struct sysfs_ops ibft_attr_ops = {
21911 .show = ibft_show_attribute,
21912 };
21913
21914diff -urNp linux-2.6.32.8/drivers/firmware/memmap.c linux-2.6.32.8/drivers/firmware/memmap.c
21915--- linux-2.6.32.8/drivers/firmware/memmap.c 2010-02-09 07:57:19.000000000 -0500
21916+++ linux-2.6.32.8/drivers/firmware/memmap.c 2010-02-13 21:45:10.013915471 -0500
21917@@ -74,7 +74,7 @@ static struct attribute *def_attrs[] = {
21918 NULL
21919 };
21920
21921-static struct sysfs_ops memmap_attr_ops = {
21922+static const struct sysfs_ops memmap_attr_ops = {
21923 .show = memmap_attr_show,
21924 };
21925
21926diff -urNp linux-2.6.32.8/drivers/gpu/drm/drm_drv.c linux-2.6.32.8/drivers/gpu/drm/drm_drv.c
21927--- linux-2.6.32.8/drivers/gpu/drm/drm_drv.c 2010-02-09 07:57:19.000000000 -0500
21928+++ linux-2.6.32.8/drivers/gpu/drm/drm_drv.c 2010-02-13 21:45:10.013915471 -0500
21929@@ -417,7 +417,7 @@ int drm_ioctl(struct inode *inode, struc
21930 char *kdata = NULL;
21931
21932 atomic_inc(&dev->ioctl_count);
21933- atomic_inc(&dev->counts[_DRM_STAT_IOCTLS]);
21934+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_IOCTLS]);
21935 ++file_priv->ioctl_count;
21936
21937 DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
21938diff -urNp linux-2.6.32.8/drivers/gpu/drm/drm_fops.c linux-2.6.32.8/drivers/gpu/drm/drm_fops.c
21939--- linux-2.6.32.8/drivers/gpu/drm/drm_fops.c 2010-02-09 07:57:19.000000000 -0500
21940+++ linux-2.6.32.8/drivers/gpu/drm/drm_fops.c 2010-02-13 21:45:10.014681849 -0500
21941@@ -66,7 +66,7 @@ static int drm_setup(struct drm_device *
21942 }
21943
21944 for (i = 0; i < ARRAY_SIZE(dev->counts); i++)
21945- atomic_set(&dev->counts[i], 0);
21946+ atomic_set_unchecked(&dev->counts[i], 0);
21947
21948 dev->sigdata.lock = NULL;
21949
21950@@ -130,9 +130,9 @@ int drm_open(struct inode *inode, struct
21951
21952 retcode = drm_open_helper(inode, filp, dev);
21953 if (!retcode) {
21954- atomic_inc(&dev->counts[_DRM_STAT_OPENS]);
21955+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_OPENS]);
21956 spin_lock(&dev->count_lock);
21957- if (!dev->open_count++) {
21958+ if (atomic_inc_return(&dev->open_count) == 1) {
21959 spin_unlock(&dev->count_lock);
21960 retcode = drm_setup(dev);
21961 goto out;
21962@@ -433,7 +433,7 @@ int drm_release(struct inode *inode, str
21963
21964 lock_kernel();
21965
21966- DRM_DEBUG("open_count = %d\n", dev->open_count);
21967+ DRM_DEBUG("open_count = %d\n", atomic_read(&dev->open_count));
21968
21969 if (dev->driver->preclose)
21970 dev->driver->preclose(dev, file_priv);
21971@@ -445,7 +445,7 @@ int drm_release(struct inode *inode, str
21972 DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n",
21973 task_pid_nr(current),
21974 (long)old_encode_dev(file_priv->minor->device),
21975- dev->open_count);
21976+ atomic_read(&dev->open_count));
21977
21978 /* if the master has gone away we can't do anything with the lock */
21979 if (file_priv->minor->master)
21980@@ -522,9 +522,9 @@ int drm_release(struct inode *inode, str
21981 * End inline drm_release
21982 */
21983
21984- atomic_inc(&dev->counts[_DRM_STAT_CLOSES]);
21985+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_CLOSES]);
21986 spin_lock(&dev->count_lock);
21987- if (!--dev->open_count) {
21988+ if (atomic_dec_and_test(&dev->open_count)) {
21989 if (atomic_read(&dev->ioctl_count)) {
21990 DRM_ERROR("Device busy: %d\n",
21991 atomic_read(&dev->ioctl_count));
21992diff -urNp linux-2.6.32.8/drivers/gpu/drm/drm_ioctl.c linux-2.6.32.8/drivers/gpu/drm/drm_ioctl.c
21993--- linux-2.6.32.8/drivers/gpu/drm/drm_ioctl.c 2010-02-09 07:57:19.000000000 -0500
21994+++ linux-2.6.32.8/drivers/gpu/drm/drm_ioctl.c 2010-02-13 21:45:10.014681849 -0500
21995@@ -283,7 +283,7 @@ int drm_getstats(struct drm_device *dev,
21996 stats->data[i].value =
21997 (file_priv->master->lock.hw_lock ? file_priv->master->lock.hw_lock->lock : 0);
21998 else
21999- stats->data[i].value = atomic_read(&dev->counts[i]);
22000+ stats->data[i].value = atomic_read_unchecked(&dev->counts[i]);
22001 stats->data[i].type = dev->types[i];
22002 }
22003
22004diff -urNp linux-2.6.32.8/drivers/gpu/drm/drm_lock.c linux-2.6.32.8/drivers/gpu/drm/drm_lock.c
22005--- linux-2.6.32.8/drivers/gpu/drm/drm_lock.c 2010-02-09 07:57:19.000000000 -0500
22006+++ linux-2.6.32.8/drivers/gpu/drm/drm_lock.c 2010-02-13 21:45:10.014681849 -0500
22007@@ -87,7 +87,7 @@ int drm_lock(struct drm_device *dev, voi
22008 if (drm_lock_take(&master->lock, lock->context)) {
22009 master->lock.file_priv = file_priv;
22010 master->lock.lock_time = jiffies;
22011- atomic_inc(&dev->counts[_DRM_STAT_LOCKS]);
22012+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_LOCKS]);
22013 break; /* Got lock */
22014 }
22015
22016@@ -165,7 +165,7 @@ int drm_unlock(struct drm_device *dev, v
22017 return -EINVAL;
22018 }
22019
22020- atomic_inc(&dev->counts[_DRM_STAT_UNLOCKS]);
22021+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_UNLOCKS]);
22022
22023 /* kernel_context_switch isn't used by any of the x86 drm
22024 * modules but is required by the Sparc driver.
22025diff -urNp linux-2.6.32.8/drivers/gpu/drm/i810/i810_dma.c linux-2.6.32.8/drivers/gpu/drm/i810/i810_dma.c
22026--- linux-2.6.32.8/drivers/gpu/drm/i810/i810_dma.c 2010-02-09 07:57:19.000000000 -0500
22027+++ linux-2.6.32.8/drivers/gpu/drm/i810/i810_dma.c 2010-02-13 21:45:10.014681849 -0500
22028@@ -952,8 +952,8 @@ static int i810_dma_vertex(struct drm_de
22029 dma->buflist[vertex->idx],
22030 vertex->discard, vertex->used);
22031
22032- atomic_add(vertex->used, &dev->counts[_DRM_STAT_SECONDARY]);
22033- atomic_inc(&dev->counts[_DRM_STAT_DMA]);
22034+ atomic_add_unchecked(vertex->used, &dev->counts[_DRM_STAT_SECONDARY]);
22035+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_DMA]);
22036 sarea_priv->last_enqueue = dev_priv->counter - 1;
22037 sarea_priv->last_dispatch = (int)hw_status[5];
22038
22039@@ -1115,8 +1115,8 @@ static int i810_dma_mc(struct drm_device
22040 i810_dma_dispatch_mc(dev, dma->buflist[mc->idx], mc->used,
22041 mc->last_render);
22042
22043- atomic_add(mc->used, &dev->counts[_DRM_STAT_SECONDARY]);
22044- atomic_inc(&dev->counts[_DRM_STAT_DMA]);
22045+ atomic_add_unchecked(mc->used, &dev->counts[_DRM_STAT_SECONDARY]);
22046+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_DMA]);
22047 sarea_priv->last_enqueue = dev_priv->counter - 1;
22048 sarea_priv->last_dispatch = (int)hw_status[5];
22049
22050diff -urNp linux-2.6.32.8/drivers/gpu/drm/i915/dvo_ch7017.c linux-2.6.32.8/drivers/gpu/drm/i915/dvo_ch7017.c
22051--- linux-2.6.32.8/drivers/gpu/drm/i915/dvo_ch7017.c 2010-02-09 07:57:19.000000000 -0500
22052+++ linux-2.6.32.8/drivers/gpu/drm/i915/dvo_ch7017.c 2010-02-13 21:45:10.015720619 -0500
22053@@ -443,7 +443,7 @@ static void ch7017_destroy(struct intel_
22054 }
22055 }
22056
22057-struct intel_dvo_dev_ops ch7017_ops = {
22058+const struct intel_dvo_dev_ops ch7017_ops = {
22059 .init = ch7017_init,
22060 .detect = ch7017_detect,
22061 .mode_valid = ch7017_mode_valid,
22062diff -urNp linux-2.6.32.8/drivers/gpu/drm/i915/dvo_ch7xxx.c linux-2.6.32.8/drivers/gpu/drm/i915/dvo_ch7xxx.c
22063--- linux-2.6.32.8/drivers/gpu/drm/i915/dvo_ch7xxx.c 2010-02-09 07:57:19.000000000 -0500
22064+++ linux-2.6.32.8/drivers/gpu/drm/i915/dvo_ch7xxx.c 2010-02-13 21:45:10.015720619 -0500
22065@@ -356,7 +356,7 @@ static void ch7xxx_destroy(struct intel_
22066 }
22067 }
22068
22069-struct intel_dvo_dev_ops ch7xxx_ops = {
22070+const struct intel_dvo_dev_ops ch7xxx_ops = {
22071 .init = ch7xxx_init,
22072 .detect = ch7xxx_detect,
22073 .mode_valid = ch7xxx_mode_valid,
22074diff -urNp linux-2.6.32.8/drivers/gpu/drm/i915/dvo.h linux-2.6.32.8/drivers/gpu/drm/i915/dvo.h
22075--- linux-2.6.32.8/drivers/gpu/drm/i915/dvo.h 2010-02-09 07:57:19.000000000 -0500
22076+++ linux-2.6.32.8/drivers/gpu/drm/i915/dvo.h 2010-02-13 21:45:10.015720619 -0500
22077@@ -135,23 +135,23 @@ struct intel_dvo_dev_ops {
22078 *
22079 * \return singly-linked list of modes or NULL if no modes found.
22080 */
22081- struct drm_display_mode *(*get_modes)(struct intel_dvo_device *dvo);
22082+ struct drm_display_mode *(* const get_modes)(struct intel_dvo_device *dvo);
22083
22084 /**
22085 * Clean up driver-specific bits of the output
22086 */
22087- void (*destroy) (struct intel_dvo_device *dvo);
22088+ void (* const destroy) (struct intel_dvo_device *dvo);
22089
22090 /**
22091 * Debugging hook to dump device registers to log file
22092 */
22093- void (*dump_regs)(struct intel_dvo_device *dvo);
22094+ void (* const dump_regs)(struct intel_dvo_device *dvo);
22095 };
22096
22097-extern struct intel_dvo_dev_ops sil164_ops;
22098-extern struct intel_dvo_dev_ops ch7xxx_ops;
22099-extern struct intel_dvo_dev_ops ivch_ops;
22100-extern struct intel_dvo_dev_ops tfp410_ops;
22101-extern struct intel_dvo_dev_ops ch7017_ops;
22102+extern const struct intel_dvo_dev_ops sil164_ops;
22103+extern const struct intel_dvo_dev_ops ch7xxx_ops;
22104+extern const struct intel_dvo_dev_ops ivch_ops;
22105+extern const struct intel_dvo_dev_ops tfp410_ops;
22106+extern const struct intel_dvo_dev_ops ch7017_ops;
22107
22108 #endif /* _INTEL_DVO_H */
22109diff -urNp linux-2.6.32.8/drivers/gpu/drm/i915/dvo_ivch.c linux-2.6.32.8/drivers/gpu/drm/i915/dvo_ivch.c
22110--- linux-2.6.32.8/drivers/gpu/drm/i915/dvo_ivch.c 2010-02-09 07:57:19.000000000 -0500
22111+++ linux-2.6.32.8/drivers/gpu/drm/i915/dvo_ivch.c 2010-02-13 21:45:10.015720619 -0500
22112@@ -430,7 +430,7 @@ static void ivch_destroy(struct intel_dv
22113 }
22114 }
22115
22116-struct intel_dvo_dev_ops ivch_ops= {
22117+const struct intel_dvo_dev_ops ivch_ops= {
22118 .init = ivch_init,
22119 .dpms = ivch_dpms,
22120 .save = ivch_save,
22121diff -urNp linux-2.6.32.8/drivers/gpu/drm/i915/dvo_sil164.c linux-2.6.32.8/drivers/gpu/drm/i915/dvo_sil164.c
22122--- linux-2.6.32.8/drivers/gpu/drm/i915/dvo_sil164.c 2010-02-09 07:57:19.000000000 -0500
22123+++ linux-2.6.32.8/drivers/gpu/drm/i915/dvo_sil164.c 2010-02-13 21:45:10.015720619 -0500
22124@@ -290,7 +290,7 @@ static void sil164_destroy(struct intel_
22125 }
22126 }
22127
22128-struct intel_dvo_dev_ops sil164_ops = {
22129+const struct intel_dvo_dev_ops sil164_ops = {
22130 .init = sil164_init,
22131 .detect = sil164_detect,
22132 .mode_valid = sil164_mode_valid,
22133diff -urNp linux-2.6.32.8/drivers/gpu/drm/i915/dvo_tfp410.c linux-2.6.32.8/drivers/gpu/drm/i915/dvo_tfp410.c
22134--- linux-2.6.32.8/drivers/gpu/drm/i915/dvo_tfp410.c 2010-02-09 07:57:19.000000000 -0500
22135+++ linux-2.6.32.8/drivers/gpu/drm/i915/dvo_tfp410.c 2010-02-13 21:45:10.016934380 -0500
22136@@ -323,7 +323,7 @@ static void tfp410_destroy(struct intel_
22137 }
22138 }
22139
22140-struct intel_dvo_dev_ops tfp410_ops = {
22141+const struct intel_dvo_dev_ops tfp410_ops = {
22142 .init = tfp410_init,
22143 .detect = tfp410_detect,
22144 .mode_valid = tfp410_mode_valid,
22145diff -urNp linux-2.6.32.8/drivers/gpu/drm/i915/i915_drv.c linux-2.6.32.8/drivers/gpu/drm/i915/i915_drv.c
22146--- linux-2.6.32.8/drivers/gpu/drm/i915/i915_drv.c 2010-02-09 07:57:19.000000000 -0500
22147+++ linux-2.6.32.8/drivers/gpu/drm/i915/i915_drv.c 2010-02-13 21:45:10.016934380 -0500
22148@@ -284,7 +284,7 @@ i915_pci_resume(struct pci_dev *pdev)
22149 return i915_resume(dev);
22150 }
22151
22152-static struct vm_operations_struct i915_gem_vm_ops = {
22153+static const struct vm_operations_struct i915_gem_vm_ops = {
22154 .fault = i915_gem_fault,
22155 .open = drm_gem_vm_open,
22156 .close = drm_gem_vm_close,
22157diff -urNp linux-2.6.32.8/drivers/gpu/drm/radeon/mkregtable.c linux-2.6.32.8/drivers/gpu/drm/radeon/mkregtable.c
22158--- linux-2.6.32.8/drivers/gpu/drm/radeon/mkregtable.c 2010-02-09 07:57:19.000000000 -0500
22159+++ linux-2.6.32.8/drivers/gpu/drm/radeon/mkregtable.c 2010-02-13 21:45:10.016934380 -0500
22160@@ -637,14 +637,14 @@ static int parser_auth(struct table *t,
22161 regex_t mask_rex;
22162 regmatch_t match[4];
22163 char buf[1024];
22164- size_t end;
22165+ long end;
22166 int len;
22167 int done = 0;
22168 int r;
22169 unsigned o;
22170 struct offset *offset;
22171 char last_reg_s[10];
22172- int last_reg;
22173+ unsigned long last_reg;
22174
22175 if (regcomp
22176 (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
22177diff -urNp linux-2.6.32.8/drivers/gpu/drm/radeon/radeon_atombios.c linux-2.6.32.8/drivers/gpu/drm/radeon/radeon_atombios.c
22178--- linux-2.6.32.8/drivers/gpu/drm/radeon/radeon_atombios.c 2010-02-09 07:57:19.000000000 -0500
22179+++ linux-2.6.32.8/drivers/gpu/drm/radeon/radeon_atombios.c 2010-02-13 21:45:10.017571167 -0500
22180@@ -504,13 +504,13 @@ static uint16_t atombios_get_connector_o
22181 }
22182 }
22183
22184-struct bios_connector {
22185+static struct bios_connector {
22186 bool valid;
22187 uint16_t line_mux;
22188 uint16_t devices;
22189 int connector_type;
22190 struct radeon_i2c_bus_rec ddc_bus;
22191-};
22192+} bios_connectors[ATOM_MAX_SUPPORTED_DEVICE];
22193
22194 bool radeon_get_atom_connector_info_from_supported_devices_table(struct
22195 drm_device
22196@@ -526,7 +526,6 @@ bool radeon_get_atom_connector_info_from
22197 uint8_t dac;
22198 union atom_supported_devices *supported_devices;
22199 int i, j;
22200- struct bios_connector bios_connectors[ATOM_MAX_SUPPORTED_DEVICE];
22201
22202 atom_parse_data_header(ctx, index, &size, &frev, &crev, &data_offset);
22203
22204diff -urNp linux-2.6.32.8/drivers/gpu/drm/radeon/radeon_state.c linux-2.6.32.8/drivers/gpu/drm/radeon/radeon_state.c
22205--- linux-2.6.32.8/drivers/gpu/drm/radeon/radeon_state.c 2010-02-09 07:57:19.000000000 -0500
22206+++ linux-2.6.32.8/drivers/gpu/drm/radeon/radeon_state.c 2010-02-13 21:45:10.017571167 -0500
22207@@ -3014,7 +3014,7 @@ static int radeon_cp_getparam(struct drm
22208 {
22209 drm_radeon_private_t *dev_priv = dev->dev_private;
22210 drm_radeon_getparam_t *param = data;
22211- int value;
22212+ int value = 0;
22213
22214 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID);
22215
22216diff -urNp linux-2.6.32.8/drivers/gpu/drm/radeon/radeon_ttm.c linux-2.6.32.8/drivers/gpu/drm/radeon/radeon_ttm.c
22217--- linux-2.6.32.8/drivers/gpu/drm/radeon/radeon_ttm.c 2010-02-09 07:57:19.000000000 -0500
22218+++ linux-2.6.32.8/drivers/gpu/drm/radeon/radeon_ttm.c 2010-02-13 21:45:10.017571167 -0500
22219@@ -535,27 +535,10 @@ void radeon_ttm_fini(struct radeon_devic
22220 DRM_INFO("radeon: ttm finalized\n");
22221 }
22222
22223-static struct vm_operations_struct radeon_ttm_vm_ops;
22224-static const struct vm_operations_struct *ttm_vm_ops = NULL;
22225-
22226-static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
22227-{
22228- struct ttm_buffer_object *bo;
22229- int r;
22230-
22231- bo = (struct ttm_buffer_object *)vma->vm_private_data;
22232- if (bo == NULL) {
22233- return VM_FAULT_NOPAGE;
22234- }
22235- r = ttm_vm_ops->fault(vma, vmf);
22236- return r;
22237-}
22238-
22239 int radeon_mmap(struct file *filp, struct vm_area_struct *vma)
22240 {
22241 struct drm_file *file_priv;
22242 struct radeon_device *rdev;
22243- int r;
22244
22245 if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) {
22246 return drm_mmap(filp, vma);
22247@@ -563,20 +546,9 @@ int radeon_mmap(struct file *filp, struc
22248
22249 file_priv = (struct drm_file *)filp->private_data;
22250 rdev = file_priv->minor->dev->dev_private;
22251- if (rdev == NULL) {
22252+ if (!rdev)
22253 return -EINVAL;
22254- }
22255- r = ttm_bo_mmap(filp, vma, &rdev->mman.bdev);
22256- if (unlikely(r != 0)) {
22257- return r;
22258- }
22259- if (unlikely(ttm_vm_ops == NULL)) {
22260- ttm_vm_ops = vma->vm_ops;
22261- radeon_ttm_vm_ops = *ttm_vm_ops;
22262- radeon_ttm_vm_ops.fault = &radeon_ttm_fault;
22263- }
22264- vma->vm_ops = &radeon_ttm_vm_ops;
22265- return 0;
22266+ return ttm_bo_mmap(filp, vma, &rdev->mman.bdev);
22267 }
22268
22269
22270diff -urNp linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_bo.c linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_bo.c
22271--- linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_bo.c 2010-02-09 07:57:19.000000000 -0500
22272+++ linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_bo.c 2010-02-13 21:45:10.018931040 -0500
22273@@ -67,7 +67,7 @@ static struct attribute *ttm_bo_global_a
22274 NULL
22275 };
22276
22277-static struct sysfs_ops ttm_bo_global_ops = {
22278+static const struct sysfs_ops ttm_bo_global_ops = {
22279 .show = &ttm_bo_global_show
22280 };
22281
22282diff -urNp linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_bo_vm.c linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_bo_vm.c
22283--- linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_bo_vm.c 2010-02-09 07:57:19.000000000 -0500
22284+++ linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_bo_vm.c 2010-02-13 21:45:10.018931040 -0500
22285@@ -73,7 +73,7 @@ static int ttm_bo_vm_fault(struct vm_are
22286 {
22287 struct ttm_buffer_object *bo = (struct ttm_buffer_object *)
22288 vma->vm_private_data;
22289- struct ttm_bo_device *bdev = bo->bdev;
22290+ struct ttm_bo_device *bdev;
22291 unsigned long bus_base;
22292 unsigned long bus_offset;
22293 unsigned long bus_size;
22294@@ -88,6 +88,10 @@ static int ttm_bo_vm_fault(struct vm_are
22295 unsigned long address = (unsigned long)vmf->virtual_address;
22296 int retval = VM_FAULT_NOPAGE;
22297
22298+ if (!bo)
22299+ return VM_FAULT_NOPAGE;
22300+ bdev = bo->bdev;
22301+
22302 /*
22303 * Work around locking order reversal in fault / nopfn
22304 * between mmap_sem and bo_reserve: Perform a trylock operation
22305diff -urNp linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_global.c linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_global.c
22306--- linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_global.c 2010-02-09 07:57:19.000000000 -0500
22307+++ linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_global.c 2010-02-13 21:45:10.018931040 -0500
22308@@ -36,7 +36,7 @@
22309 struct ttm_global_item {
22310 struct mutex mutex;
22311 void *object;
22312- int refcount;
22313+ atomic_t refcount;
22314 };
22315
22316 static struct ttm_global_item glob[TTM_GLOBAL_NUM];
22317@@ -49,7 +49,7 @@ void ttm_global_init(void)
22318 struct ttm_global_item *item = &glob[i];
22319 mutex_init(&item->mutex);
22320 item->object = NULL;
22321- item->refcount = 0;
22322+ atomic_set(&item->refcount, 0);
22323 }
22324 }
22325
22326@@ -59,7 +59,7 @@ void ttm_global_release(void)
22327 for (i = 0; i < TTM_GLOBAL_NUM; ++i) {
22328 struct ttm_global_item *item = &glob[i];
22329 BUG_ON(item->object != NULL);
22330- BUG_ON(item->refcount != 0);
22331+ BUG_ON(atomic_read(&item->refcount) != 0);
22332 }
22333 }
22334
22335@@ -70,7 +70,7 @@ int ttm_global_item_ref(struct ttm_globa
22336 void *object;
22337
22338 mutex_lock(&item->mutex);
22339- if (item->refcount == 0) {
22340+ if (atomic_read(&item->refcount) == 0) {
22341 item->object = kzalloc(ref->size, GFP_KERNEL);
22342 if (unlikely(item->object == NULL)) {
22343 ret = -ENOMEM;
22344@@ -83,7 +83,7 @@ int ttm_global_item_ref(struct ttm_globa
22345 goto out_err;
22346
22347 }
22348- ++item->refcount;
22349+ atomic_inc(&item->refcount);
22350 ref->object = item->object;
22351 object = item->object;
22352 mutex_unlock(&item->mutex);
22353@@ -100,9 +100,9 @@ void ttm_global_item_unref(struct ttm_gl
22354 struct ttm_global_item *item = &glob[ref->global_type];
22355
22356 mutex_lock(&item->mutex);
22357- BUG_ON(item->refcount == 0);
22358+ BUG_ON(atomic_read(&item->refcount) == 0);
22359 BUG_ON(ref->object != item->object);
22360- if (--item->refcount == 0) {
22361+ if (atomic_dec_and_test(&item->refcount)) {
22362 ref->release(ref);
22363 item->object = NULL;
22364 }
22365diff -urNp linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_memory.c linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_memory.c
22366--- linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_memory.c 2010-02-09 07:57:19.000000000 -0500
22367+++ linux-2.6.32.8/drivers/gpu/drm/ttm/ttm_memory.c 2010-02-13 21:45:10.018931040 -0500
22368@@ -152,7 +152,7 @@ static struct attribute *ttm_mem_zone_at
22369 NULL
22370 };
22371
22372-static struct sysfs_ops ttm_mem_zone_ops = {
22373+static const struct sysfs_ops ttm_mem_zone_ops = {
22374 .show = &ttm_mem_zone_show,
22375 .store = &ttm_mem_zone_store
22376 };
22377diff -urNp linux-2.6.32.8/drivers/gpu/vga/vgaarb.c linux-2.6.32.8/drivers/gpu/vga/vgaarb.c
22378--- linux-2.6.32.8/drivers/gpu/vga/vgaarb.c 2010-02-09 07:57:19.000000000 -0500
22379+++ linux-2.6.32.8/drivers/gpu/vga/vgaarb.c 2010-02-13 21:45:10.019921006 -0500
22380@@ -961,7 +961,7 @@ static ssize_t vga_arb_write(struct file
22381 remaining -= 7;
22382 pr_devel("client 0x%p called 'target'\n", priv);
22383 /* if target is default */
22384- if (!strncmp(buf, "default", 7))
22385+ if (!strncmp(curr_pos, "default", 7))
22386 pdev = pci_dev_get(vga_default_device());
22387 else {
22388 if (!vga_pci_str_to_vars(curr_pos, remaining,
22389diff -urNp linux-2.6.32.8/drivers/hwmon/k8temp.c linux-2.6.32.8/drivers/hwmon/k8temp.c
22390--- linux-2.6.32.8/drivers/hwmon/k8temp.c 2010-02-09 07:57:19.000000000 -0500
22391+++ linux-2.6.32.8/drivers/hwmon/k8temp.c 2010-02-13 21:45:10.032681336 -0500
22392@@ -138,7 +138,7 @@ static DEVICE_ATTR(name, S_IRUGO, show_n
22393
22394 static struct pci_device_id k8temp_ids[] = {
22395 { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_K8_NB_MISC) },
22396- { 0 },
22397+ { 0, 0, 0, 0, 0, 0, 0 },
22398 };
22399
22400 MODULE_DEVICE_TABLE(pci, k8temp_ids);
22401diff -urNp linux-2.6.32.8/drivers/hwmon/sis5595.c linux-2.6.32.8/drivers/hwmon/sis5595.c
22402--- linux-2.6.32.8/drivers/hwmon/sis5595.c 2010-02-09 07:57:19.000000000 -0500
22403+++ linux-2.6.32.8/drivers/hwmon/sis5595.c 2010-02-13 21:45:10.039746836 -0500
22404@@ -699,7 +699,7 @@ static struct sis5595_data *sis5595_upda
22405
22406 static struct pci_device_id sis5595_pci_ids[] = {
22407 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_503) },
22408- { 0, }
22409+ { 0, 0, 0, 0, 0, 0, 0 }
22410 };
22411
22412 MODULE_DEVICE_TABLE(pci, sis5595_pci_ids);
22413diff -urNp linux-2.6.32.8/drivers/hwmon/via686a.c linux-2.6.32.8/drivers/hwmon/via686a.c
22414--- linux-2.6.32.8/drivers/hwmon/via686a.c 2010-02-09 07:57:19.000000000 -0500
22415+++ linux-2.6.32.8/drivers/hwmon/via686a.c 2010-02-13 21:45:10.040778396 -0500
22416@@ -769,7 +769,7 @@ static struct via686a_data *via686a_upda
22417
22418 static struct pci_device_id via686a_pci_ids[] = {
22419 { PCI_DEVICE(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_82C686_4) },
22420- { 0, }
22421+ { 0, 0, 0, 0, 0, 0, 0 }
22422 };
22423
22424 MODULE_DEVICE_TABLE(pci, via686a_pci_ids);
22425diff -urNp linux-2.6.32.8/drivers/hwmon/vt8231.c linux-2.6.32.8/drivers/hwmon/vt8231.c
22426--- linux-2.6.32.8/drivers/hwmon/vt8231.c 2010-02-09 07:57:19.000000000 -0500
22427+++ linux-2.6.32.8/drivers/hwmon/vt8231.c 2010-02-13 21:45:10.047624370 -0500
22428@@ -699,7 +699,7 @@ static struct platform_driver vt8231_dri
22429
22430 static struct pci_device_id vt8231_pci_ids[] = {
22431 { PCI_DEVICE(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_8231_4) },
22432- { 0, }
22433+ { 0, 0, 0, 0, 0, 0, 0 }
22434 };
22435
22436 MODULE_DEVICE_TABLE(pci, vt8231_pci_ids);
22437diff -urNp linux-2.6.32.8/drivers/hwmon/w83791d.c linux-2.6.32.8/drivers/hwmon/w83791d.c
22438--- linux-2.6.32.8/drivers/hwmon/w83791d.c 2010-02-09 07:57:19.000000000 -0500
22439+++ linux-2.6.32.8/drivers/hwmon/w83791d.c 2010-02-13 21:45:10.061571155 -0500
22440@@ -330,8 +330,8 @@ static int w83791d_detect(struct i2c_cli
22441 struct i2c_board_info *info);
22442 static int w83791d_remove(struct i2c_client *client);
22443
22444-static int w83791d_read(struct i2c_client *client, u8 register);
22445-static int w83791d_write(struct i2c_client *client, u8 register, u8 value);
22446+static int w83791d_read(struct i2c_client *client, u8 reg);
22447+static int w83791d_write(struct i2c_client *client, u8 reg, u8 value);
22448 static struct w83791d_data *w83791d_update_device(struct device *dev);
22449
22450 #ifdef DEBUG
22451diff -urNp linux-2.6.32.8/drivers/i2c/busses/i2c-i801.c linux-2.6.32.8/drivers/i2c/busses/i2c-i801.c
22452--- linux-2.6.32.8/drivers/i2c/busses/i2c-i801.c 2010-02-09 07:57:19.000000000 -0500
22453+++ linux-2.6.32.8/drivers/i2c/busses/i2c-i801.c 2010-02-13 21:45:10.061571155 -0500
22454@@ -578,7 +578,7 @@ static struct pci_device_id i801_ids[] =
22455 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH10_4) },
22456 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH10_5) },
22457 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_PCH_SMBUS) },
22458- { 0, }
22459+ { 0, 0, 0, 0, 0, 0, 0 }
22460 };
22461
22462 MODULE_DEVICE_TABLE (pci, i801_ids);
22463diff -urNp linux-2.6.32.8/drivers/i2c/busses/i2c-piix4.c linux-2.6.32.8/drivers/i2c/busses/i2c-piix4.c
22464--- linux-2.6.32.8/drivers/i2c/busses/i2c-piix4.c 2010-02-09 07:57:19.000000000 -0500
22465+++ linux-2.6.32.8/drivers/i2c/busses/i2c-piix4.c 2010-02-13 21:45:10.062687264 -0500
22466@@ -124,7 +124,7 @@ static struct dmi_system_id __devinitdat
22467 .ident = "IBM",
22468 .matches = { DMI_MATCH(DMI_SYS_VENDOR, "IBM"), },
22469 },
22470- { },
22471+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
22472 };
22473
22474 static int __devinit piix4_setup(struct pci_dev *PIIX4_dev,
22475@@ -491,7 +491,7 @@ static struct pci_device_id piix4_ids[]
22476 PCI_DEVICE_ID_SERVERWORKS_HT1000SB) },
22477 { PCI_DEVICE(PCI_VENDOR_ID_SERVERWORKS,
22478 PCI_DEVICE_ID_SERVERWORKS_HT1100LD) },
22479- { 0, }
22480+ { 0, 0, 0, 0, 0, 0, 0 }
22481 };
22482
22483 MODULE_DEVICE_TABLE (pci, piix4_ids);
22484diff -urNp linux-2.6.32.8/drivers/i2c/busses/i2c-sis630.c linux-2.6.32.8/drivers/i2c/busses/i2c-sis630.c
22485--- linux-2.6.32.8/drivers/i2c/busses/i2c-sis630.c 2010-02-09 07:57:19.000000000 -0500
22486+++ linux-2.6.32.8/drivers/i2c/busses/i2c-sis630.c 2010-02-13 21:45:10.062687264 -0500
22487@@ -471,7 +471,7 @@ static struct i2c_adapter sis630_adapter
22488 static struct pci_device_id sis630_ids[] __devinitdata = {
22489 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_503) },
22490 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_LPC) },
22491- { 0, }
22492+ { 0, 0, 0, 0, 0, 0, 0 }
22493 };
22494
22495 MODULE_DEVICE_TABLE (pci, sis630_ids);
22496diff -urNp linux-2.6.32.8/drivers/i2c/busses/i2c-sis96x.c linux-2.6.32.8/drivers/i2c/busses/i2c-sis96x.c
22497--- linux-2.6.32.8/drivers/i2c/busses/i2c-sis96x.c 2010-02-09 07:57:19.000000000 -0500
22498+++ linux-2.6.32.8/drivers/i2c/busses/i2c-sis96x.c 2010-02-13 21:45:10.062687264 -0500
22499@@ -247,7 +247,7 @@ static struct i2c_adapter sis96x_adapter
22500
22501 static struct pci_device_id sis96x_ids[] = {
22502 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_SMBUS) },
22503- { 0, }
22504+ { 0, 0, 0, 0, 0, 0, 0 }
22505 };
22506
22507 MODULE_DEVICE_TABLE (pci, sis96x_ids);
22508diff -urNp linux-2.6.32.8/drivers/ide/ide-cd.c linux-2.6.32.8/drivers/ide/ide-cd.c
22509--- linux-2.6.32.8/drivers/ide/ide-cd.c 2010-02-09 07:57:19.000000000 -0500
22510+++ linux-2.6.32.8/drivers/ide/ide-cd.c 2010-02-13 21:45:10.062687264 -0500
22511@@ -766,7 +766,7 @@ static void cdrom_do_block_pc(ide_drive_
22512 alignment = queue_dma_alignment(q) | q->dma_pad_mask;
22513 if ((unsigned long)buf & alignment
22514 || blk_rq_bytes(rq) & q->dma_pad_mask
22515- || object_is_on_stack(buf))
22516+ || object_starts_on_stack(buf))
22517 drive->dma = 0;
22518 }
22519 }
22520diff -urNp linux-2.6.32.8/drivers/ieee1394/dv1394.c linux-2.6.32.8/drivers/ieee1394/dv1394.c
22521--- linux-2.6.32.8/drivers/ieee1394/dv1394.c 2010-02-09 07:57:19.000000000 -0500
22522+++ linux-2.6.32.8/drivers/ieee1394/dv1394.c 2010-02-13 21:45:10.063917726 -0500
22523@@ -739,7 +739,7 @@ static void frame_prepare(struct video_c
22524 based upon DIF section and sequence
22525 */
22526
22527-static void inline
22528+static inline void
22529 frame_put_packet (struct frame *f, struct packet *p)
22530 {
22531 int section_type = p->data[0] >> 5; /* section type is in bits 5 - 7 */
22532@@ -2178,7 +2178,7 @@ static const struct ieee1394_device_id d
22533 .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
22534 .version = AVC_SW_VERSION_ENTRY & 0xffffff
22535 },
22536- { }
22537+ { 0, 0, 0, 0, 0, 0 }
22538 };
22539
22540 MODULE_DEVICE_TABLE(ieee1394, dv1394_id_table);
22541diff -urNp linux-2.6.32.8/drivers/ieee1394/eth1394.c linux-2.6.32.8/drivers/ieee1394/eth1394.c
22542--- linux-2.6.32.8/drivers/ieee1394/eth1394.c 2010-02-09 07:57:19.000000000 -0500
22543+++ linux-2.6.32.8/drivers/ieee1394/eth1394.c 2010-02-13 21:45:10.063917726 -0500
22544@@ -446,7 +446,7 @@ static const struct ieee1394_device_id e
22545 .specifier_id = ETHER1394_GASP_SPECIFIER_ID,
22546 .version = ETHER1394_GASP_VERSION,
22547 },
22548- {}
22549+ { 0, 0, 0, 0, 0, 0 }
22550 };
22551
22552 MODULE_DEVICE_TABLE(ieee1394, eth1394_id_table);
22553diff -urNp linux-2.6.32.8/drivers/ieee1394/hosts.c linux-2.6.32.8/drivers/ieee1394/hosts.c
22554--- linux-2.6.32.8/drivers/ieee1394/hosts.c 2010-02-09 07:57:19.000000000 -0500
22555+++ linux-2.6.32.8/drivers/ieee1394/hosts.c 2010-02-13 21:45:10.063917726 -0500
22556@@ -78,6 +78,7 @@ static int dummy_isoctl(struct hpsb_iso
22557 }
22558
22559 static struct hpsb_host_driver dummy_driver = {
22560+ .name = "dummy",
22561 .transmit_packet = dummy_transmit_packet,
22562 .devctl = dummy_devctl,
22563 .isoctl = dummy_isoctl
22564diff -urNp linux-2.6.32.8/drivers/ieee1394/ohci1394.c linux-2.6.32.8/drivers/ieee1394/ohci1394.c
22565--- linux-2.6.32.8/drivers/ieee1394/ohci1394.c 2010-02-09 07:57:19.000000000 -0500
22566+++ linux-2.6.32.8/drivers/ieee1394/ohci1394.c 2010-02-13 21:45:10.064919809 -0500
22567@@ -147,9 +147,9 @@ printk(level "%s: " fmt "\n" , OHCI1394_
22568 printk(level "%s: fw-host%d: " fmt "\n" , OHCI1394_DRIVER_NAME, ohci->host->id , ## args)
22569
22570 /* Module Parameters */
22571-static int phys_dma = 1;
22572+static int phys_dma;
22573 module_param(phys_dma, int, 0444);
22574-MODULE_PARM_DESC(phys_dma, "Enable physical DMA (default = 1).");
22575+MODULE_PARM_DESC(phys_dma, "Enable physical DMA (default = 0).");
22576
22577 static void dma_trm_tasklet(unsigned long data);
22578 static void dma_trm_reset(struct dma_trm_ctx *d);
22579@@ -3449,7 +3449,7 @@ static struct pci_device_id ohci1394_pci
22580 .subvendor = PCI_ANY_ID,
22581 .subdevice = PCI_ANY_ID,
22582 },
22583- { 0, },
22584+ { 0, 0, 0, 0, 0, 0, 0 },
22585 };
22586
22587 MODULE_DEVICE_TABLE(pci, ohci1394_pci_tbl);
22588diff -urNp linux-2.6.32.8/drivers/ieee1394/raw1394.c linux-2.6.32.8/drivers/ieee1394/raw1394.c
22589--- linux-2.6.32.8/drivers/ieee1394/raw1394.c 2010-02-09 07:57:19.000000000 -0500
22590+++ linux-2.6.32.8/drivers/ieee1394/raw1394.c 2010-02-13 21:45:10.065926079 -0500
22591@@ -3002,7 +3002,7 @@ static const struct ieee1394_device_id r
22592 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
22593 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
22594 .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
22595- {}
22596+ { 0, 0, 0, 0, 0, 0 }
22597 };
22598
22599 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
22600diff -urNp linux-2.6.32.8/drivers/ieee1394/sbp2.c linux-2.6.32.8/drivers/ieee1394/sbp2.c
22601--- linux-2.6.32.8/drivers/ieee1394/sbp2.c 2010-02-09 07:57:19.000000000 -0500
22602+++ linux-2.6.32.8/drivers/ieee1394/sbp2.c 2010-02-13 21:45:10.065926079 -0500
22603@@ -290,7 +290,7 @@ static const struct ieee1394_device_id s
22604 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
22605 .specifier_id = SBP2_UNIT_SPEC_ID_ENTRY & 0xffffff,
22606 .version = SBP2_SW_VERSION_ENTRY & 0xffffff},
22607- {}
22608+ { 0, 0, 0, 0, 0, 0 }
22609 };
22610 MODULE_DEVICE_TABLE(ieee1394, sbp2_id_table);
22611
22612@@ -2111,7 +2111,7 @@ MODULE_DESCRIPTION("IEEE-1394 SBP-2 prot
22613 MODULE_SUPPORTED_DEVICE(SBP2_DEVICE_NAME);
22614 MODULE_LICENSE("GPL");
22615
22616-static int sbp2_module_init(void)
22617+static int __init sbp2_module_init(void)
22618 {
22619 int ret;
22620
22621diff -urNp linux-2.6.32.8/drivers/ieee1394/video1394.c linux-2.6.32.8/drivers/ieee1394/video1394.c
22622--- linux-2.6.32.8/drivers/ieee1394/video1394.c 2010-02-09 07:57:19.000000000 -0500
22623+++ linux-2.6.32.8/drivers/ieee1394/video1394.c 2010-02-13 21:45:10.066804756 -0500
22624@@ -1311,7 +1311,7 @@ static const struct ieee1394_device_id v
22625 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
22626 .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff
22627 },
22628- { }
22629+ { 0, 0, 0, 0, 0, 0 }
22630 };
22631
22632 MODULE_DEVICE_TABLE(ieee1394, video1394_id_table);
22633diff -urNp linux-2.6.32.8/drivers/infiniband/core/cm.c linux-2.6.32.8/drivers/infiniband/core/cm.c
22634--- linux-2.6.32.8/drivers/infiniband/core/cm.c 2010-02-09 07:57:19.000000000 -0500
22635+++ linux-2.6.32.8/drivers/infiniband/core/cm.c 2010-02-13 21:45:10.067784303 -0500
22636@@ -112,7 +112,7 @@ static char const counter_group_names[CM
22637
22638 struct cm_counter_group {
22639 struct kobject obj;
22640- atomic_long_t counter[CM_ATTR_COUNT];
22641+ atomic_long_unchecked_t counter[CM_ATTR_COUNT];
22642 };
22643
22644 struct cm_counter_attribute {
22645@@ -1386,7 +1386,7 @@ static void cm_dup_req_handler(struct cm
22646 struct ib_mad_send_buf *msg = NULL;
22647 int ret;
22648
22649- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
22650+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
22651 counter[CM_REQ_COUNTER]);
22652
22653 /* Quick state check to discard duplicate REQs. */
22654@@ -1764,7 +1764,7 @@ static void cm_dup_rep_handler(struct cm
22655 if (!cm_id_priv)
22656 return;
22657
22658- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
22659+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
22660 counter[CM_REP_COUNTER]);
22661 ret = cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg);
22662 if (ret)
22663@@ -1931,7 +1931,7 @@ static int cm_rtu_handler(struct cm_work
22664 if (cm_id_priv->id.state != IB_CM_REP_SENT &&
22665 cm_id_priv->id.state != IB_CM_MRA_REP_RCVD) {
22666 spin_unlock_irq(&cm_id_priv->lock);
22667- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
22668+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
22669 counter[CM_RTU_COUNTER]);
22670 goto out;
22671 }
22672@@ -2110,7 +2110,7 @@ static int cm_dreq_handler(struct cm_wor
22673 cm_id_priv = cm_acquire_id(dreq_msg->remote_comm_id,
22674 dreq_msg->local_comm_id);
22675 if (!cm_id_priv) {
22676- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
22677+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
22678 counter[CM_DREQ_COUNTER]);
22679 cm_issue_drep(work->port, work->mad_recv_wc);
22680 return -EINVAL;
22681@@ -2131,7 +2131,7 @@ static int cm_dreq_handler(struct cm_wor
22682 case IB_CM_MRA_REP_RCVD:
22683 break;
22684 case IB_CM_TIMEWAIT:
22685- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
22686+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
22687 counter[CM_DREQ_COUNTER]);
22688 if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg))
22689 goto unlock;
22690@@ -2145,7 +2145,7 @@ static int cm_dreq_handler(struct cm_wor
22691 cm_free_msg(msg);
22692 goto deref;
22693 case IB_CM_DREQ_RCVD:
22694- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
22695+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
22696 counter[CM_DREQ_COUNTER]);
22697 goto unlock;
22698 default:
22699@@ -2501,7 +2501,7 @@ static int cm_mra_handler(struct cm_work
22700 ib_modify_mad(cm_id_priv->av.port->mad_agent,
22701 cm_id_priv->msg, timeout)) {
22702 if (cm_id_priv->id.lap_state == IB_CM_MRA_LAP_RCVD)
22703- atomic_long_inc(&work->port->
22704+ atomic_long_inc_unchecked(&work->port->
22705 counter_group[CM_RECV_DUPLICATES].
22706 counter[CM_MRA_COUNTER]);
22707 goto out;
22708@@ -2510,7 +2510,7 @@ static int cm_mra_handler(struct cm_work
22709 break;
22710 case IB_CM_MRA_REQ_RCVD:
22711 case IB_CM_MRA_REP_RCVD:
22712- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
22713+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
22714 counter[CM_MRA_COUNTER]);
22715 /* fall through */
22716 default:
22717@@ -2672,7 +2672,7 @@ static int cm_lap_handler(struct cm_work
22718 case IB_CM_LAP_IDLE:
22719 break;
22720 case IB_CM_MRA_LAP_SENT:
22721- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
22722+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
22723 counter[CM_LAP_COUNTER]);
22724 if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg))
22725 goto unlock;
22726@@ -2688,7 +2688,7 @@ static int cm_lap_handler(struct cm_work
22727 cm_free_msg(msg);
22728 goto deref;
22729 case IB_CM_LAP_RCVD:
22730- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
22731+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
22732 counter[CM_LAP_COUNTER]);
22733 goto unlock;
22734 default:
22735@@ -2972,7 +2972,7 @@ static int cm_sidr_req_handler(struct cm
22736 cur_cm_id_priv = cm_insert_remote_sidr(cm_id_priv);
22737 if (cur_cm_id_priv) {
22738 spin_unlock_irq(&cm.lock);
22739- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
22740+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
22741 counter[CM_SIDR_REQ_COUNTER]);
22742 goto out; /* Duplicate message. */
22743 }
22744@@ -3183,10 +3183,10 @@ static void cm_send_handler(struct ib_ma
22745 if (!msg->context[0] && (attr_index != CM_REJ_COUNTER))
22746 msg->retries = 1;
22747
22748- atomic_long_add(1 + msg->retries,
22749+ atomic_long_add_unchecked(1 + msg->retries,
22750 &port->counter_group[CM_XMIT].counter[attr_index]);
22751 if (msg->retries)
22752- atomic_long_add(msg->retries,
22753+ atomic_long_add_unchecked(msg->retries,
22754 &port->counter_group[CM_XMIT_RETRIES].
22755 counter[attr_index]);
22756
22757@@ -3396,7 +3396,7 @@ static void cm_recv_handler(struct ib_ma
22758 }
22759
22760 attr_id = be16_to_cpu(mad_recv_wc->recv_buf.mad->mad_hdr.attr_id);
22761- atomic_long_inc(&port->counter_group[CM_RECV].
22762+ atomic_long_inc_unchecked(&port->counter_group[CM_RECV].
22763 counter[attr_id - CM_ATTR_ID_OFFSET]);
22764
22765 work = kmalloc(sizeof *work + sizeof(struct ib_sa_path_rec) * paths,
22766@@ -3594,10 +3594,10 @@ static ssize_t cm_show_counter(struct ko
22767 cm_attr = container_of(attr, struct cm_counter_attribute, attr);
22768
22769 return sprintf(buf, "%ld\n",
22770- atomic_long_read(&group->counter[cm_attr->index]));
22771+ atomic_long_read_unchecked(&group->counter[cm_attr->index]));
22772 }
22773
22774-static struct sysfs_ops cm_counter_ops = {
22775+static const struct sysfs_ops cm_counter_ops = {
22776 .show = cm_show_counter
22777 };
22778
22779diff -urNp linux-2.6.32.8/drivers/infiniband/core/sysfs.c linux-2.6.32.8/drivers/infiniband/core/sysfs.c
22780--- linux-2.6.32.8/drivers/infiniband/core/sysfs.c 2010-02-09 07:57:19.000000000 -0500
22781+++ linux-2.6.32.8/drivers/infiniband/core/sysfs.c 2010-02-13 21:45:10.067784303 -0500
22782@@ -79,7 +79,7 @@ static ssize_t port_attr_show(struct kob
22783 return port_attr->show(p, port_attr, buf);
22784 }
22785
22786-static struct sysfs_ops port_sysfs_ops = {
22787+static const struct sysfs_ops port_sysfs_ops = {
22788 .show = port_attr_show
22789 };
22790
22791diff -urNp linux-2.6.32.8/drivers/input/keyboard/atkbd.c linux-2.6.32.8/drivers/input/keyboard/atkbd.c
22792--- linux-2.6.32.8/drivers/input/keyboard/atkbd.c 2010-02-09 07:57:19.000000000 -0500
22793+++ linux-2.6.32.8/drivers/input/keyboard/atkbd.c 2010-02-13 21:45:10.067784303 -0500
22794@@ -1212,7 +1212,7 @@ static struct serio_device_id atkbd_seri
22795 .id = SERIO_ANY,
22796 .extra = SERIO_ANY,
22797 },
22798- { 0 }
22799+ { 0, 0, 0, 0 }
22800 };
22801
22802 MODULE_DEVICE_TABLE(serio, atkbd_serio_ids);
22803diff -urNp linux-2.6.32.8/drivers/input/mouse/lifebook.c linux-2.6.32.8/drivers/input/mouse/lifebook.c
22804--- linux-2.6.32.8/drivers/input/mouse/lifebook.c 2010-02-09 07:57:19.000000000 -0500
22805+++ linux-2.6.32.8/drivers/input/mouse/lifebook.c 2010-02-13 21:45:10.068726317 -0500
22806@@ -115,7 +115,7 @@ static const struct dmi_system_id lifebo
22807 DMI_MATCH(DMI_PRODUCT_NAME, "LifeBook B142"),
22808 },
22809 },
22810- { }
22811+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
22812 };
22813
22814 static psmouse_ret_t lifebook_process_byte(struct psmouse *psmouse)
22815diff -urNp linux-2.6.32.8/drivers/input/mouse/psmouse-base.c linux-2.6.32.8/drivers/input/mouse/psmouse-base.c
22816--- linux-2.6.32.8/drivers/input/mouse/psmouse-base.c 2010-02-09 07:57:19.000000000 -0500
22817+++ linux-2.6.32.8/drivers/input/mouse/psmouse-base.c 2010-02-13 21:45:10.068726317 -0500
22818@@ -1409,7 +1409,7 @@ static struct serio_device_id psmouse_se
22819 .id = SERIO_ANY,
22820 .extra = SERIO_ANY,
22821 },
22822- { 0 }
22823+ { 0, 0, 0, 0 }
22824 };
22825
22826 MODULE_DEVICE_TABLE(serio, psmouse_serio_ids);
22827diff -urNp linux-2.6.32.8/drivers/input/mouse/synaptics.c linux-2.6.32.8/drivers/input/mouse/synaptics.c
22828--- linux-2.6.32.8/drivers/input/mouse/synaptics.c 2010-02-09 07:57:19.000000000 -0500
22829+++ linux-2.6.32.8/drivers/input/mouse/synaptics.c 2010-02-13 21:45:10.068726317 -0500
22830@@ -437,7 +437,7 @@ static void synaptics_process_packet(str
22831 break;
22832 case 2:
22833 if (SYN_MODEL_PEN(priv->model_id))
22834- ; /* Nothing, treat a pen as a single finger */
22835+ break; /* Nothing, treat a pen as a single finger */
22836 break;
22837 case 4 ... 15:
22838 if (SYN_CAP_PALMDETECT(priv->capabilities))
22839@@ -652,7 +652,6 @@ static const struct dmi_system_id toshib
22840 DMI_MATCH(DMI_SYS_VENDOR, "TOSHIBA"),
22841 DMI_MATCH(DMI_PRODUCT_NAME, "PORTEGE M300"),
22842 },
22843-
22844 },
22845 {
22846 .ident = "Toshiba Portege M300",
22847@@ -661,9 +660,8 @@ static const struct dmi_system_id toshib
22848 DMI_MATCH(DMI_PRODUCT_NAME, "Portable PC"),
22849 DMI_MATCH(DMI_PRODUCT_VERSION, "Version 1.0"),
22850 },
22851-
22852 },
22853- { }
22854+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
22855 };
22856 #endif
22857
22858diff -urNp linux-2.6.32.8/drivers/input/mousedev.c linux-2.6.32.8/drivers/input/mousedev.c
22859--- linux-2.6.32.8/drivers/input/mousedev.c 2010-02-09 07:57:19.000000000 -0500
22860+++ linux-2.6.32.8/drivers/input/mousedev.c 2010-02-13 21:45:10.068726317 -0500
22861@@ -1057,7 +1057,7 @@ static struct input_handler mousedev_han
22862
22863 #ifdef CONFIG_INPUT_MOUSEDEV_PSAUX
22864 static struct miscdevice psaux_mouse = {
22865- PSMOUSE_MINOR, "psaux", &mousedev_fops
22866+ PSMOUSE_MINOR, "psaux", &mousedev_fops, {NULL, NULL}, NULL, NULL
22867 };
22868 static int psaux_registered;
22869 #endif
22870diff -urNp linux-2.6.32.8/drivers/input/serio/i8042-x86ia64io.h linux-2.6.32.8/drivers/input/serio/i8042-x86ia64io.h
22871--- linux-2.6.32.8/drivers/input/serio/i8042-x86ia64io.h 2010-02-09 07:57:19.000000000 -0500
22872+++ linux-2.6.32.8/drivers/input/serio/i8042-x86ia64io.h 2010-02-13 21:45:10.069838999 -0500
22873@@ -172,7 +172,7 @@ static const struct dmi_system_id __init
22874 DMI_MATCH(DMI_PRODUCT_VERSION, "Rev 1"),
22875 },
22876 },
22877- { }
22878+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
22879 };
22880
22881 /*
22882@@ -402,7 +402,7 @@ static const struct dmi_system_id __init
22883 DMI_MATCH(DMI_PRODUCT_VERSION, "0100"),
22884 },
22885 },
22886- { }
22887+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
22888 };
22889
22890 static const struct dmi_system_id __initconst i8042_dmi_reset_table[] = {
22891@@ -469,7 +469,7 @@ static const struct dmi_system_id __init
22892 DMI_MATCH(DMI_PRODUCT_NAME, "Vostro 1720"),
22893 },
22894 },
22895- { }
22896+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
22897 };
22898
22899 #ifdef CONFIG_PNP
22900@@ -488,7 +488,7 @@ static const struct dmi_system_id __init
22901 DMI_MATCH(DMI_BOARD_VENDOR, "MICRO-STAR INTERNATIONAL CO., LTD"),
22902 },
22903 },
22904- { }
22905+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
22906 };
22907
22908 static const struct dmi_system_id __initconst i8042_dmi_laptop_table[] = {
22909@@ -512,7 +512,7 @@ static const struct dmi_system_id __init
22910 DMI_MATCH(DMI_CHASSIS_TYPE, "14"), /* Sub-Notebook */
22911 },
22912 },
22913- { }
22914+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
22915 };
22916 #endif
22917
22918@@ -586,7 +586,7 @@ static const struct dmi_system_id __init
22919 DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 4280"),
22920 },
22921 },
22922- { }
22923+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
22924 };
22925
22926 #endif /* CONFIG_X86 */
22927diff -urNp linux-2.6.32.8/drivers/input/serio/serio_raw.c linux-2.6.32.8/drivers/input/serio/serio_raw.c
22928--- linux-2.6.32.8/drivers/input/serio/serio_raw.c 2010-02-09 07:57:19.000000000 -0500
22929+++ linux-2.6.32.8/drivers/input/serio/serio_raw.c 2010-02-13 21:45:10.069838999 -0500
22930@@ -377,7 +377,7 @@ static struct serio_device_id serio_raw_
22931 .id = SERIO_ANY,
22932 .extra = SERIO_ANY,
22933 },
22934- { 0 }
22935+ { 0, 0, 0, 0 }
22936 };
22937
22938 MODULE_DEVICE_TABLE(serio, serio_raw_serio_ids);
22939diff -urNp linux-2.6.32.8/drivers/isdn/gigaset/common.c linux-2.6.32.8/drivers/isdn/gigaset/common.c
22940--- linux-2.6.32.8/drivers/isdn/gigaset/common.c 2010-02-09 07:57:19.000000000 -0500
22941+++ linux-2.6.32.8/drivers/isdn/gigaset/common.c 2010-02-13 21:45:10.073803057 -0500
22942@@ -712,7 +712,7 @@ struct cardstate *gigaset_initcs(struct
22943 cs->commands_pending = 0;
22944 cs->cur_at_seq = 0;
22945 cs->gotfwver = -1;
22946- cs->open_count = 0;
22947+ atomic_set(&cs->open_count, 0);
22948 cs->dev = NULL;
22949 cs->tty = NULL;
22950 cs->tty_dev = NULL;
22951diff -urNp linux-2.6.32.8/drivers/isdn/gigaset/gigaset.h linux-2.6.32.8/drivers/isdn/gigaset/gigaset.h
22952--- linux-2.6.32.8/drivers/isdn/gigaset/gigaset.h 2010-02-09 07:57:19.000000000 -0500
22953+++ linux-2.6.32.8/drivers/isdn/gigaset/gigaset.h 2010-02-13 21:45:10.093233277 -0500
22954@@ -446,7 +446,7 @@ struct cardstate {
22955 spinlock_t cmdlock;
22956 unsigned curlen, cmdbytes;
22957
22958- unsigned open_count;
22959+ atomic_t open_count;
22960 struct tty_struct *tty;
22961 struct tasklet_struct if_wake_tasklet;
22962 unsigned control_state;
22963diff -urNp linux-2.6.32.8/drivers/isdn/gigaset/interface.c linux-2.6.32.8/drivers/isdn/gigaset/interface.c
22964--- linux-2.6.32.8/drivers/isdn/gigaset/interface.c 2010-02-09 07:57:19.000000000 -0500
22965+++ linux-2.6.32.8/drivers/isdn/gigaset/interface.c 2010-02-13 21:45:10.130654965 -0500
22966@@ -165,9 +165,7 @@ static int if_open(struct tty_struct *tt
22967 return -ERESTARTSYS; // FIXME -EINTR?
22968 tty->driver_data = cs;
22969
22970- ++cs->open_count;
22971-
22972- if (cs->open_count == 1) {
22973+ if (atomic_inc_return(&cs->open_count) == 1) {
22974 spin_lock_irqsave(&cs->lock, flags);
22975 cs->tty = tty;
22976 spin_unlock_irqrestore(&cs->lock, flags);
22977@@ -195,10 +193,10 @@ static void if_close(struct tty_struct *
22978
22979 if (!cs->connected)
22980 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
22981- else if (!cs->open_count)
22982+ else if (!atomic_read(&cs->open_count))
22983 dev_warn(cs->dev, "%s: device not opened\n", __func__);
22984 else {
22985- if (!--cs->open_count) {
22986+ if (!atomic_dec_return(&cs->open_count)) {
22987 spin_lock_irqsave(&cs->lock, flags);
22988 cs->tty = NULL;
22989 spin_unlock_irqrestore(&cs->lock, flags);
22990@@ -233,7 +231,7 @@ static int if_ioctl(struct tty_struct *t
22991 if (!cs->connected) {
22992 gig_dbg(DEBUG_IF, "not connected");
22993 retval = -ENODEV;
22994- } else if (!cs->open_count)
22995+ } else if (!atomic_read(&cs->open_count))
22996 dev_warn(cs->dev, "%s: device not opened\n", __func__);
22997 else {
22998 retval = 0;
22999@@ -361,7 +359,7 @@ static int if_write(struct tty_struct *t
23000 if (!cs->connected) {
23001 gig_dbg(DEBUG_IF, "not connected");
23002 retval = -ENODEV;
23003- } else if (!cs->open_count)
23004+ } else if (!atomic_read(&cs->open_count))
23005 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23006 else if (cs->mstate != MS_LOCKED) {
23007 dev_warn(cs->dev, "can't write to unlocked device\n");
23008@@ -395,7 +393,7 @@ static int if_write_room(struct tty_stru
23009 if (!cs->connected) {
23010 gig_dbg(DEBUG_IF, "not connected");
23011 retval = -ENODEV;
23012- } else if (!cs->open_count)
23013+ } else if (!atomic_read(&cs->open_count))
23014 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23015 else if (cs->mstate != MS_LOCKED) {
23016 dev_warn(cs->dev, "can't write to unlocked device\n");
23017@@ -425,7 +423,7 @@ static int if_chars_in_buffer(struct tty
23018
23019 if (!cs->connected)
23020 gig_dbg(DEBUG_IF, "not connected");
23021- else if (!cs->open_count)
23022+ else if (!atomic_read(&cs->open_count))
23023 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23024 else if (cs->mstate != MS_LOCKED)
23025 dev_warn(cs->dev, "can't write to unlocked device\n");
23026@@ -453,7 +451,7 @@ static void if_throttle(struct tty_struc
23027
23028 if (!cs->connected)
23029 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
23030- else if (!cs->open_count)
23031+ else if (!atomic_read(&cs->open_count))
23032 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23033 else {
23034 //FIXME
23035@@ -478,7 +476,7 @@ static void if_unthrottle(struct tty_str
23036
23037 if (!cs->connected)
23038 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
23039- else if (!cs->open_count)
23040+ else if (!atomic_read(&cs->open_count))
23041 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23042 else {
23043 //FIXME
23044@@ -510,7 +508,7 @@ static void if_set_termios(struct tty_st
23045 goto out;
23046 }
23047
23048- if (!cs->open_count) {
23049+ if (!atomic_read(&cs->open_count)) {
23050 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23051 goto out;
23052 }
23053diff -urNp linux-2.6.32.8/drivers/lguest/core.c linux-2.6.32.8/drivers/lguest/core.c
23054--- linux-2.6.32.8/drivers/lguest/core.c 2010-02-09 07:57:19.000000000 -0500
23055+++ linux-2.6.32.8/drivers/lguest/core.c 2010-02-13 21:45:10.132604395 -0500
23056@@ -91,9 +91,17 @@ static __init int map_switcher(void)
23057 * it's worked so far. The end address needs +1 because __get_vm_area
23058 * allocates an extra guard page, so we need space for that.
23059 */
23060+
23061+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
23062+ switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE,
23063+ VM_ALLOC | VM_KERNEXEC, SWITCHER_ADDR, SWITCHER_ADDR
23064+ + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE);
23065+#else
23066 switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE,
23067 VM_ALLOC, SWITCHER_ADDR, SWITCHER_ADDR
23068 + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE);
23069+#endif
23070+
23071 if (!switcher_vma) {
23072 err = -ENOMEM;
23073 printk("lguest: could not map switcher pages high\n");
23074diff -urNp linux-2.6.32.8/drivers/macintosh/via-pmu-backlight.c linux-2.6.32.8/drivers/macintosh/via-pmu-backlight.c
23075--- linux-2.6.32.8/drivers/macintosh/via-pmu-backlight.c 2010-02-09 07:57:19.000000000 -0500
23076+++ linux-2.6.32.8/drivers/macintosh/via-pmu-backlight.c 2010-02-13 21:45:10.138763534 -0500
23077@@ -15,7 +15,7 @@
23078
23079 #define MAX_PMU_LEVEL 0xFF
23080
23081-static struct backlight_ops pmu_backlight_data;
23082+static const struct backlight_ops pmu_backlight_data;
23083 static DEFINE_SPINLOCK(pmu_backlight_lock);
23084 static int sleeping, uses_pmu_bl;
23085 static u8 bl_curve[FB_BACKLIGHT_LEVELS];
23086@@ -115,7 +115,7 @@ static int pmu_backlight_get_brightness(
23087 return bd->props.brightness;
23088 }
23089
23090-static struct backlight_ops pmu_backlight_data = {
23091+static const struct backlight_ops pmu_backlight_data = {
23092 .get_brightness = pmu_backlight_get_brightness,
23093 .update_status = pmu_backlight_update_status,
23094
23095diff -urNp linux-2.6.32.8/drivers/macintosh/via-pmu.c linux-2.6.32.8/drivers/macintosh/via-pmu.c
23096--- linux-2.6.32.8/drivers/macintosh/via-pmu.c 2010-02-09 07:57:19.000000000 -0500
23097+++ linux-2.6.32.8/drivers/macintosh/via-pmu.c 2010-02-13 21:45:10.138763534 -0500
23098@@ -2232,7 +2232,7 @@ static int pmu_sleep_valid(suspend_state
23099 && (pmac_call_feature(PMAC_FTR_SLEEP_STATE, NULL, 0, -1) >= 0);
23100 }
23101
23102-static struct platform_suspend_ops pmu_pm_ops = {
23103+static const struct platform_suspend_ops pmu_pm_ops = {
23104 .enter = powerbook_sleep,
23105 .valid = pmu_sleep_valid,
23106 };
23107diff -urNp linux-2.6.32.8/drivers/md/bitmap.c linux-2.6.32.8/drivers/md/bitmap.c
23108--- linux-2.6.32.8/drivers/md/bitmap.c 2010-02-09 07:57:19.000000000 -0500
23109+++ linux-2.6.32.8/drivers/md/bitmap.c 2010-02-13 21:45:10.139938162 -0500
23110@@ -58,7 +58,7 @@
23111 # if DEBUG > 0
23112 # define PRINTK(x...) printk(KERN_DEBUG x)
23113 # else
23114-# define PRINTK(x...)
23115+# define PRINTK(x...) do {} while (0)
23116 # endif
23117 #endif
23118
23119diff -urNp linux-2.6.32.8/drivers/md/dm-sysfs.c linux-2.6.32.8/drivers/md/dm-sysfs.c
23120--- linux-2.6.32.8/drivers/md/dm-sysfs.c 2010-02-09 07:57:19.000000000 -0500
23121+++ linux-2.6.32.8/drivers/md/dm-sysfs.c 2010-02-13 21:45:10.139938162 -0500
23122@@ -75,7 +75,7 @@ static struct attribute *dm_attrs[] = {
23123 NULL,
23124 };
23125
23126-static struct sysfs_ops dm_sysfs_ops = {
23127+static const struct sysfs_ops dm_sysfs_ops = {
23128 .show = dm_attr_show,
23129 };
23130
23131diff -urNp linux-2.6.32.8/drivers/md/dm-table.c linux-2.6.32.8/drivers/md/dm-table.c
23132--- linux-2.6.32.8/drivers/md/dm-table.c 2010-02-09 07:57:19.000000000 -0500
23133+++ linux-2.6.32.8/drivers/md/dm-table.c 2010-02-13 21:45:10.139938162 -0500
23134@@ -359,7 +359,7 @@ static int device_area_is_invalid(struct
23135 if (!dev_size)
23136 return 0;
23137
23138- if ((start >= dev_size) || (start + len > dev_size)) {
23139+ if ((start >= dev_size) || (len > dev_size - start)) {
23140 DMWARN("%s: %s too small for target: "
23141 "start=%llu, len=%llu, dev_size=%llu",
23142 dm_device_name(ti->table->md), bdevname(bdev, b),
23143diff -urNp linux-2.6.32.8/drivers/md/md.c linux-2.6.32.8/drivers/md/md.c
23144--- linux-2.6.32.8/drivers/md/md.c 2010-02-09 07:57:19.000000000 -0500
23145+++ linux-2.6.32.8/drivers/md/md.c 2010-02-13 21:45:10.140934310 -0500
23146@@ -2508,7 +2508,7 @@ static void rdev_free(struct kobject *ko
23147 mdk_rdev_t *rdev = container_of(ko, mdk_rdev_t, kobj);
23148 kfree(rdev);
23149 }
23150-static struct sysfs_ops rdev_sysfs_ops = {
23151+static const struct sysfs_ops rdev_sysfs_ops = {
23152 .show = rdev_attr_show,
23153 .store = rdev_attr_store,
23154 };
23155@@ -3878,7 +3878,7 @@ static void md_free(struct kobject *ko)
23156 kfree(mddev);
23157 }
23158
23159-static struct sysfs_ops md_sysfs_ops = {
23160+static const struct sysfs_ops md_sysfs_ops = {
23161 .show = md_attr_show,
23162 .store = md_attr_store,
23163 };
23164@@ -6004,7 +6004,7 @@ static int md_seq_show(struct seq_file *
23165 chunk_kb ? "KB" : "B");
23166 if (bitmap->file) {
23167 seq_printf(seq, ", file: ");
23168- seq_path(seq, &bitmap->file->f_path, " \t\n");
23169+ seq_path(seq, &bitmap->file->f_path, " \t\n\\");
23170 }
23171
23172 seq_printf(seq, "\n");
23173@@ -6098,7 +6098,7 @@ static int is_mddev_idle(mddev_t *mddev,
23174 struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
23175 curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
23176 (int)part_stat_read(&disk->part0, sectors[1]) -
23177- atomic_read(&disk->sync_io);
23178+ atomic_read_unchecked(&disk->sync_io);
23179 /* sync IO will cause sync_io to increase before the disk_stats
23180 * as sync_io is counted when a request starts, and
23181 * disk_stats is counted when it completes.
23182diff -urNp linux-2.6.32.8/drivers/md/md.h linux-2.6.32.8/drivers/md/md.h
23183--- linux-2.6.32.8/drivers/md/md.h 2010-02-09 07:57:19.000000000 -0500
23184+++ linux-2.6.32.8/drivers/md/md.h 2010-02-13 21:45:10.141934021 -0500
23185@@ -304,7 +304,7 @@ static inline void rdev_dec_pending(mdk_
23186
23187 static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors)
23188 {
23189- atomic_add(nr_sectors, &bdev->bd_contains->bd_disk->sync_io);
23190+ atomic_add_unchecked(nr_sectors, &bdev->bd_contains->bd_disk->sync_io);
23191 }
23192
23193 struct mdk_personality
23194diff -urNp linux-2.6.32.8/drivers/media/dvb/dvb-core/dvbdev.c linux-2.6.32.8/drivers/media/dvb/dvb-core/dvbdev.c
23195--- linux-2.6.32.8/drivers/media/dvb/dvb-core/dvbdev.c 2010-02-09 07:57:19.000000000 -0500
23196+++ linux-2.6.32.8/drivers/media/dvb/dvb-core/dvbdev.c 2010-02-13 21:45:10.141934021 -0500
23197@@ -191,6 +191,7 @@ int dvb_register_device(struct dvb_adapt
23198 const struct dvb_device *template, void *priv, int type)
23199 {
23200 struct dvb_device *dvbdev;
23201+ /* cannot be const */
23202 struct file_operations *dvbdevfops;
23203 struct device *clsdev;
23204 int minor;
23205diff -urNp linux-2.6.32.8/drivers/media/video/usbvideo/konicawc.c linux-2.6.32.8/drivers/media/video/usbvideo/konicawc.c
23206--- linux-2.6.32.8/drivers/media/video/usbvideo/konicawc.c 2010-02-09 07:57:19.000000000 -0500
23207+++ linux-2.6.32.8/drivers/media/video/usbvideo/konicawc.c 2010-02-13 21:45:10.141934021 -0500
23208@@ -225,7 +225,7 @@ static void konicawc_register_input(stru
23209 int error;
23210
23211 usb_make_path(dev, cam->input_physname, sizeof(cam->input_physname));
23212- strncat(cam->input_physname, "/input0", sizeof(cam->input_physname));
23213+ strlcat(cam->input_physname, "/input0", sizeof(cam->input_physname));
23214
23215 cam->input = input_dev = input_allocate_device();
23216 if (!input_dev) {
23217diff -urNp linux-2.6.32.8/drivers/media/video/usbvideo/quickcam_messenger.c linux-2.6.32.8/drivers/media/video/usbvideo/quickcam_messenger.c
23218--- linux-2.6.32.8/drivers/media/video/usbvideo/quickcam_messenger.c 2010-02-09 07:57:19.000000000 -0500
23219+++ linux-2.6.32.8/drivers/media/video/usbvideo/quickcam_messenger.c 2010-02-13 21:45:10.141934021 -0500
23220@@ -89,7 +89,7 @@ static void qcm_register_input(struct qc
23221 int error;
23222
23223 usb_make_path(dev, cam->input_physname, sizeof(cam->input_physname));
23224- strncat(cam->input_physname, "/input0", sizeof(cam->input_physname));
23225+ strlcat(cam->input_physname, "/input0", sizeof(cam->input_physname));
23226
23227 cam->input = input_dev = input_allocate_device();
23228 if (!input_dev) {
23229diff -urNp linux-2.6.32.8/drivers/message/i2o/i2o_proc.c linux-2.6.32.8/drivers/message/i2o/i2o_proc.c
23230--- linux-2.6.32.8/drivers/message/i2o/i2o_proc.c 2010-02-09 07:57:19.000000000 -0500
23231+++ linux-2.6.32.8/drivers/message/i2o/i2o_proc.c 2010-02-13 21:45:10.142934900 -0500
23232@@ -259,13 +259,6 @@ static char *scsi_devices[] = {
23233 "Array Controller Device"
23234 };
23235
23236-static char *chtostr(u8 * chars, int n)
23237-{
23238- char tmp[256];
23239- tmp[0] = 0;
23240- return strncat(tmp, (char *)chars, n);
23241-}
23242-
23243 static int i2o_report_query_status(struct seq_file *seq, int block_status,
23244 char *group)
23245 {
23246@@ -842,8 +835,7 @@ static int i2o_seq_show_ddm_table(struct
23247
23248 seq_printf(seq, "%-#7x", ddm_table.i2o_vendor_id);
23249 seq_printf(seq, "%-#8x", ddm_table.module_id);
23250- seq_printf(seq, "%-29s",
23251- chtostr(ddm_table.module_name_version, 28));
23252+ seq_printf(seq, "%-.28s", ddm_table.module_name_version);
23253 seq_printf(seq, "%9d ", ddm_table.data_size);
23254 seq_printf(seq, "%8d", ddm_table.code_size);
23255
23256@@ -944,8 +936,8 @@ static int i2o_seq_show_drivers_stored(s
23257
23258 seq_printf(seq, "%-#7x", dst->i2o_vendor_id);
23259 seq_printf(seq, "%-#8x", dst->module_id);
23260- seq_printf(seq, "%-29s", chtostr(dst->module_name_version, 28));
23261- seq_printf(seq, "%-9s", chtostr(dst->date, 8));
23262+ seq_printf(seq, "%-.28s", dst->module_name_version);
23263+ seq_printf(seq, "%-.8s", dst->date);
23264 seq_printf(seq, "%8d ", dst->module_size);
23265 seq_printf(seq, "%8d ", dst->mpb_size);
23266 seq_printf(seq, "0x%04x", dst->module_flags);
23267@@ -1276,14 +1268,10 @@ static int i2o_seq_show_dev_identity(str
23268 seq_printf(seq, "Device Class : %s\n", i2o_get_class_name(work16[0]));
23269 seq_printf(seq, "Owner TID : %0#5x\n", work16[2]);
23270 seq_printf(seq, "Parent TID : %0#5x\n", work16[3]);
23271- seq_printf(seq, "Vendor info : %s\n",
23272- chtostr((u8 *) (work32 + 2), 16));
23273- seq_printf(seq, "Product info : %s\n",
23274- chtostr((u8 *) (work32 + 6), 16));
23275- seq_printf(seq, "Description : %s\n",
23276- chtostr((u8 *) (work32 + 10), 16));
23277- seq_printf(seq, "Product rev. : %s\n",
23278- chtostr((u8 *) (work32 + 14), 8));
23279+ seq_printf(seq, "Vendor info : %.16s\n", (u8 *) (work32 + 2));
23280+ seq_printf(seq, "Product info : %.16s\n", (u8 *) (work32 + 6));
23281+ seq_printf(seq, "Description : %.16s\n", (u8 *) (work32 + 10));
23282+ seq_printf(seq, "Product rev. : %.8s\n", (u8 *) (work32 + 14));
23283
23284 seq_printf(seq, "Serial number : ");
23285 print_serial_number(seq, (u8 *) (work32 + 16),
23286@@ -1328,10 +1316,8 @@ static int i2o_seq_show_ddm_identity(str
23287 }
23288
23289 seq_printf(seq, "Registering DDM TID : 0x%03x\n", result.ddm_tid);
23290- seq_printf(seq, "Module name : %s\n",
23291- chtostr(result.module_name, 24));
23292- seq_printf(seq, "Module revision : %s\n",
23293- chtostr(result.module_rev, 8));
23294+ seq_printf(seq, "Module name : %.24s\n", result.module_name);
23295+ seq_printf(seq, "Module revision : %.8s\n", result.module_rev);
23296
23297 seq_printf(seq, "Serial number : ");
23298 print_serial_number(seq, result.serial_number, sizeof(result) - 36);
23299@@ -1362,14 +1348,10 @@ static int i2o_seq_show_uinfo(struct seq
23300 return 0;
23301 }
23302
23303- seq_printf(seq, "Device name : %s\n",
23304- chtostr(result.device_name, 64));
23305- seq_printf(seq, "Service name : %s\n",
23306- chtostr(result.service_name, 64));
23307- seq_printf(seq, "Physical name : %s\n",
23308- chtostr(result.physical_location, 64));
23309- seq_printf(seq, "Instance number : %s\n",
23310- chtostr(result.instance_number, 4));
23311+ seq_printf(seq, "Device name : %.64s\n", result.device_name);
23312+ seq_printf(seq, "Service name : %.64s\n", result.service_name);
23313+ seq_printf(seq, "Physical name : %.64s\n", result.physical_location);
23314+ seq_printf(seq, "Instance number : %.4s\n", result.instance_number);
23315
23316 return 0;
23317 }
23318diff -urNp linux-2.6.32.8/drivers/misc/kgdbts.c linux-2.6.32.8/drivers/misc/kgdbts.c
23319--- linux-2.6.32.8/drivers/misc/kgdbts.c 2010-02-09 07:57:19.000000000 -0500
23320+++ linux-2.6.32.8/drivers/misc/kgdbts.c 2010-02-13 21:45:10.142934900 -0500
23321@@ -118,7 +118,7 @@
23322 } while (0)
23323 #define MAX_CONFIG_LEN 40
23324
23325-static struct kgdb_io kgdbts_io_ops;
23326+static const struct kgdb_io kgdbts_io_ops;
23327 static char get_buf[BUFMAX];
23328 static int get_buf_cnt;
23329 static char put_buf[BUFMAX];
23330@@ -1102,7 +1102,7 @@ static void kgdbts_post_exp_handler(void
23331 module_put(THIS_MODULE);
23332 }
23333
23334-static struct kgdb_io kgdbts_io_ops = {
23335+static const struct kgdb_io kgdbts_io_ops = {
23336 .name = "kgdbts",
23337 .read_char = kgdbts_get_char,
23338 .write_char = kgdbts_put_char,
23339diff -urNp linux-2.6.32.8/drivers/misc/sgi-gru/gruhandles.c linux-2.6.32.8/drivers/misc/sgi-gru/gruhandles.c
23340--- linux-2.6.32.8/drivers/misc/sgi-gru/gruhandles.c 2010-02-09 07:57:19.000000000 -0500
23341+++ linux-2.6.32.8/drivers/misc/sgi-gru/gruhandles.c 2010-02-13 21:45:10.142934900 -0500
23342@@ -39,8 +39,8 @@ struct mcs_op_statistic mcs_op_statistic
23343
23344 static void update_mcs_stats(enum mcs_op op, unsigned long clks)
23345 {
23346- atomic_long_inc(&mcs_op_statistics[op].count);
23347- atomic_long_add(clks, &mcs_op_statistics[op].total);
23348+ atomic_long_inc_unchecked(&mcs_op_statistics[op].count);
23349+ atomic_long_add_unchecked(clks, &mcs_op_statistics[op].total);
23350 if (mcs_op_statistics[op].max < clks)
23351 mcs_op_statistics[op].max = clks;
23352 }
23353diff -urNp linux-2.6.32.8/drivers/misc/sgi-gru/gruprocfs.c linux-2.6.32.8/drivers/misc/sgi-gru/gruprocfs.c
23354--- linux-2.6.32.8/drivers/misc/sgi-gru/gruprocfs.c 2010-02-09 07:57:19.000000000 -0500
23355+++ linux-2.6.32.8/drivers/misc/sgi-gru/gruprocfs.c 2010-02-13 21:45:10.143934106 -0500
23356@@ -32,9 +32,9 @@
23357
23358 #define printstat(s, f) printstat_val(s, &gru_stats.f, #f)
23359
23360-static void printstat_val(struct seq_file *s, atomic_long_t *v, char *id)
23361+static void printstat_val(struct seq_file *s, atomic_long_unchecked_t *v, char *id)
23362 {
23363- unsigned long val = atomic_long_read(v);
23364+ unsigned long val = atomic_long_read_unchecked(v);
23365
23366 if (val)
23367 seq_printf(s, "%16lu %s\n", val, id);
23368@@ -136,8 +136,8 @@ static int mcs_statistics_show(struct se
23369 "cch_interrupt_sync", "cch_deallocate", "tgh_invalidate"};
23370
23371 for (op = 0; op < mcsop_last; op++) {
23372- count = atomic_long_read(&mcs_op_statistics[op].count);
23373- total = atomic_long_read(&mcs_op_statistics[op].total);
23374+ count = atomic_long_read_unchecked(&mcs_op_statistics[op].count);
23375+ total = atomic_long_read_unchecked(&mcs_op_statistics[op].total);
23376 max = mcs_op_statistics[op].max;
23377 seq_printf(s, "%-20s%12ld%12ld%12ld\n", id[op], count,
23378 count ? total / count : 0, max);
23379diff -urNp linux-2.6.32.8/drivers/misc/sgi-gru/grutables.h linux-2.6.32.8/drivers/misc/sgi-gru/grutables.h
23380--- linux-2.6.32.8/drivers/misc/sgi-gru/grutables.h 2010-02-09 07:57:19.000000000 -0500
23381+++ linux-2.6.32.8/drivers/misc/sgi-gru/grutables.h 2010-02-13 21:45:10.143934106 -0500
23382@@ -167,84 +167,84 @@ extern unsigned int gru_max_gids;
23383 * GRU statistics.
23384 */
23385 struct gru_stats_s {
23386- atomic_long_t vdata_alloc;
23387- atomic_long_t vdata_free;
23388- atomic_long_t gts_alloc;
23389- atomic_long_t gts_free;
23390- atomic_long_t vdata_double_alloc;
23391- atomic_long_t gts_double_allocate;
23392- atomic_long_t assign_context;
23393- atomic_long_t assign_context_failed;
23394- atomic_long_t free_context;
23395- atomic_long_t load_user_context;
23396- atomic_long_t load_kernel_context;
23397- atomic_long_t lock_kernel_context;
23398- atomic_long_t unlock_kernel_context;
23399- atomic_long_t steal_user_context;
23400- atomic_long_t steal_kernel_context;
23401- atomic_long_t steal_context_failed;
23402- atomic_long_t nopfn;
23403- atomic_long_t break_cow;
23404- atomic_long_t asid_new;
23405- atomic_long_t asid_next;
23406- atomic_long_t asid_wrap;
23407- atomic_long_t asid_reuse;
23408- atomic_long_t intr;
23409- atomic_long_t intr_mm_lock_failed;
23410- atomic_long_t call_os;
23411- atomic_long_t call_os_offnode_reference;
23412- atomic_long_t call_os_check_for_bug;
23413- atomic_long_t call_os_wait_queue;
23414- atomic_long_t user_flush_tlb;
23415- atomic_long_t user_unload_context;
23416- atomic_long_t user_exception;
23417- atomic_long_t set_context_option;
23418- atomic_long_t migrate_check;
23419- atomic_long_t migrated_retarget;
23420- atomic_long_t migrated_unload;
23421- atomic_long_t migrated_unload_delay;
23422- atomic_long_t migrated_nopfn_retarget;
23423- atomic_long_t migrated_nopfn_unload;
23424- atomic_long_t tlb_dropin;
23425- atomic_long_t tlb_dropin_fail_no_asid;
23426- atomic_long_t tlb_dropin_fail_upm;
23427- atomic_long_t tlb_dropin_fail_invalid;
23428- atomic_long_t tlb_dropin_fail_range_active;
23429- atomic_long_t tlb_dropin_fail_idle;
23430- atomic_long_t tlb_dropin_fail_fmm;
23431- atomic_long_t tlb_dropin_fail_no_exception;
23432- atomic_long_t tlb_dropin_fail_no_exception_war;
23433- atomic_long_t tfh_stale_on_fault;
23434- atomic_long_t mmu_invalidate_range;
23435- atomic_long_t mmu_invalidate_page;
23436- atomic_long_t mmu_clear_flush_young;
23437- atomic_long_t flush_tlb;
23438- atomic_long_t flush_tlb_gru;
23439- atomic_long_t flush_tlb_gru_tgh;
23440- atomic_long_t flush_tlb_gru_zero_asid;
23441-
23442- atomic_long_t copy_gpa;
23443-
23444- atomic_long_t mesq_receive;
23445- atomic_long_t mesq_receive_none;
23446- atomic_long_t mesq_send;
23447- atomic_long_t mesq_send_failed;
23448- atomic_long_t mesq_noop;
23449- atomic_long_t mesq_send_unexpected_error;
23450- atomic_long_t mesq_send_lb_overflow;
23451- atomic_long_t mesq_send_qlimit_reached;
23452- atomic_long_t mesq_send_amo_nacked;
23453- atomic_long_t mesq_send_put_nacked;
23454- atomic_long_t mesq_qf_not_full;
23455- atomic_long_t mesq_qf_locked;
23456- atomic_long_t mesq_qf_noop_not_full;
23457- atomic_long_t mesq_qf_switch_head_failed;
23458- atomic_long_t mesq_qf_unexpected_error;
23459- atomic_long_t mesq_noop_unexpected_error;
23460- atomic_long_t mesq_noop_lb_overflow;
23461- atomic_long_t mesq_noop_qlimit_reached;
23462- atomic_long_t mesq_noop_amo_nacked;
23463- atomic_long_t mesq_noop_put_nacked;
23464+ atomic_long_unchecked_t vdata_alloc;
23465+ atomic_long_unchecked_t vdata_free;
23466+ atomic_long_unchecked_t gts_alloc;
23467+ atomic_long_unchecked_t gts_free;
23468+ atomic_long_unchecked_t vdata_double_alloc;
23469+ atomic_long_unchecked_t gts_double_allocate;
23470+ atomic_long_unchecked_t assign_context;
23471+ atomic_long_unchecked_t assign_context_failed;
23472+ atomic_long_unchecked_t free_context;
23473+ atomic_long_unchecked_t load_user_context;
23474+ atomic_long_unchecked_t load_kernel_context;
23475+ atomic_long_unchecked_t lock_kernel_context;
23476+ atomic_long_unchecked_t unlock_kernel_context;
23477+ atomic_long_unchecked_t steal_user_context;
23478+ atomic_long_unchecked_t steal_kernel_context;
23479+ atomic_long_unchecked_t steal_context_failed;
23480+ atomic_long_unchecked_t nopfn;
23481+ atomic_long_unchecked_t break_cow;
23482+ atomic_long_unchecked_t asid_new;
23483+ atomic_long_unchecked_t asid_next;
23484+ atomic_long_unchecked_t asid_wrap;
23485+ atomic_long_unchecked_t asid_reuse;
23486+ atomic_long_unchecked_t intr;
23487+ atomic_long_unchecked_t intr_mm_lock_failed;
23488+ atomic_long_unchecked_t call_os;
23489+ atomic_long_unchecked_t call_os_offnode_reference;
23490+ atomic_long_unchecked_t call_os_check_for_bug;
23491+ atomic_long_unchecked_t call_os_wait_queue;
23492+ atomic_long_unchecked_t user_flush_tlb;
23493+ atomic_long_unchecked_t user_unload_context;
23494+ atomic_long_unchecked_t user_exception;
23495+ atomic_long_unchecked_t set_context_option;
23496+ atomic_long_unchecked_t migrate_check;
23497+ atomic_long_unchecked_t migrated_retarget;
23498+ atomic_long_unchecked_t migrated_unload;
23499+ atomic_long_unchecked_t migrated_unload_delay;
23500+ atomic_long_unchecked_t migrated_nopfn_retarget;
23501+ atomic_long_unchecked_t migrated_nopfn_unload;
23502+ atomic_long_unchecked_t tlb_dropin;
23503+ atomic_long_unchecked_t tlb_dropin_fail_no_asid;
23504+ atomic_long_unchecked_t tlb_dropin_fail_upm;
23505+ atomic_long_unchecked_t tlb_dropin_fail_invalid;
23506+ atomic_long_unchecked_t tlb_dropin_fail_range_active;
23507+ atomic_long_unchecked_t tlb_dropin_fail_idle;
23508+ atomic_long_unchecked_t tlb_dropin_fail_fmm;
23509+ atomic_long_unchecked_t tlb_dropin_fail_no_exception;
23510+ atomic_long_unchecked_t tlb_dropin_fail_no_exception_war;
23511+ atomic_long_unchecked_t tfh_stale_on_fault;
23512+ atomic_long_unchecked_t mmu_invalidate_range;
23513+ atomic_long_unchecked_t mmu_invalidate_page;
23514+ atomic_long_unchecked_t mmu_clear_flush_young;
23515+ atomic_long_unchecked_t flush_tlb;
23516+ atomic_long_unchecked_t flush_tlb_gru;
23517+ atomic_long_unchecked_t flush_tlb_gru_tgh;
23518+ atomic_long_unchecked_t flush_tlb_gru_zero_asid;
23519+
23520+ atomic_long_unchecked_t copy_gpa;
23521+
23522+ atomic_long_unchecked_t mesq_receive;
23523+ atomic_long_unchecked_t mesq_receive_none;
23524+ atomic_long_unchecked_t mesq_send;
23525+ atomic_long_unchecked_t mesq_send_failed;
23526+ atomic_long_unchecked_t mesq_noop;
23527+ atomic_long_unchecked_t mesq_send_unexpected_error;
23528+ atomic_long_unchecked_t mesq_send_lb_overflow;
23529+ atomic_long_unchecked_t mesq_send_qlimit_reached;
23530+ atomic_long_unchecked_t mesq_send_amo_nacked;
23531+ atomic_long_unchecked_t mesq_send_put_nacked;
23532+ atomic_long_unchecked_t mesq_qf_not_full;
23533+ atomic_long_unchecked_t mesq_qf_locked;
23534+ atomic_long_unchecked_t mesq_qf_noop_not_full;
23535+ atomic_long_unchecked_t mesq_qf_switch_head_failed;
23536+ atomic_long_unchecked_t mesq_qf_unexpected_error;
23537+ atomic_long_unchecked_t mesq_noop_unexpected_error;
23538+ atomic_long_unchecked_t mesq_noop_lb_overflow;
23539+ atomic_long_unchecked_t mesq_noop_qlimit_reached;
23540+ atomic_long_unchecked_t mesq_noop_amo_nacked;
23541+ atomic_long_unchecked_t mesq_noop_put_nacked;
23542
23543 };
23544
23545@@ -252,8 +252,8 @@ enum mcs_op {cchop_allocate, cchop_start
23546 cchop_deallocate, tghop_invalidate, mcsop_last};
23547
23548 struct mcs_op_statistic {
23549- atomic_long_t count;
23550- atomic_long_t total;
23551+ atomic_long_unchecked_t count;
23552+ atomic_long_unchecked_t total;
23553 unsigned long max;
23554 };
23555
23556@@ -276,7 +276,7 @@ extern struct mcs_op_statistic mcs_op_st
23557
23558 #define STAT(id) do { \
23559 if (gru_options & OPT_STATS) \
23560- atomic_long_inc(&gru_stats.id); \
23561+ atomic_long_inc_unchecked(&gru_stats.id); \
23562 } while (0)
23563
23564 #ifdef CONFIG_SGI_GRU_DEBUG
23565diff -urNp linux-2.6.32.8/drivers/mtd/devices/doc2000.c linux-2.6.32.8/drivers/mtd/devices/doc2000.c
23566--- linux-2.6.32.8/drivers/mtd/devices/doc2000.c 2010-02-09 07:57:19.000000000 -0500
23567+++ linux-2.6.32.8/drivers/mtd/devices/doc2000.c 2010-02-13 21:45:10.143934106 -0500
23568@@ -776,7 +776,7 @@ static int doc_write(struct mtd_info *mt
23569
23570 /* The ECC will not be calculated correctly if less than 512 is written */
23571 /* DBB-
23572- if (len != 0x200 && eccbuf)
23573+ if (len != 0x200)
23574 printk(KERN_WARNING
23575 "ECC needs a full sector write (adr: %lx size %lx)\n",
23576 (long) to, (long) len);
23577diff -urNp linux-2.6.32.8/drivers/mtd/devices/doc2001.c linux-2.6.32.8/drivers/mtd/devices/doc2001.c
23578--- linux-2.6.32.8/drivers/mtd/devices/doc2001.c 2010-02-09 07:57:19.000000000 -0500
23579+++ linux-2.6.32.8/drivers/mtd/devices/doc2001.c 2010-02-13 21:45:10.143934106 -0500
23580@@ -395,6 +395,8 @@ static int doc_read (struct mtd_info *mt
23581 /* Don't allow read past end of device */
23582 if (from >= this->totlen)
23583 return -EINVAL;
23584+ if (!len)
23585+ return -EINVAL;
23586
23587 /* Don't allow a single read to cross a 512-byte block boundary */
23588 if (from + len > ((from | 0x1ff) + 1))
23589diff -urNp linux-2.6.32.8/drivers/mtd/ubi/build.c linux-2.6.32.8/drivers/mtd/ubi/build.c
23590--- linux-2.6.32.8/drivers/mtd/ubi/build.c 2010-02-09 07:57:19.000000000 -0500
23591+++ linux-2.6.32.8/drivers/mtd/ubi/build.c 2010-02-13 21:45:10.144934657 -0500
23592@@ -1255,7 +1255,7 @@ module_exit(ubi_exit);
23593 static int __init bytes_str_to_int(const char *str)
23594 {
23595 char *endp;
23596- unsigned long result;
23597+ unsigned long result, scale = 1;
23598
23599 result = simple_strtoul(str, &endp, 0);
23600 if (str == endp || result >= INT_MAX) {
23601@@ -1266,11 +1266,11 @@ static int __init bytes_str_to_int(const
23602
23603 switch (*endp) {
23604 case 'G':
23605- result *= 1024;
23606+ scale *= 1024;
23607 case 'M':
23608- result *= 1024;
23609+ scale *= 1024;
23610 case 'K':
23611- result *= 1024;
23612+ scale *= 1024;
23613 if (endp[1] == 'i' && endp[2] == 'B')
23614 endp += 2;
23615 case '\0':
23616@@ -1281,7 +1281,13 @@ static int __init bytes_str_to_int(const
23617 return -EINVAL;
23618 }
23619
23620- return result;
23621+ if ((intoverflow_t)result*scale >= INT_MAX) {
23622+ printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n",
23623+ str);
23624+ return -EINVAL;
23625+ }
23626+
23627+ return result*scale;
23628 }
23629
23630 /**
23631diff -urNp linux-2.6.32.8/drivers/net/e1000e/82571.c linux-2.6.32.8/drivers/net/e1000e/82571.c
23632--- linux-2.6.32.8/drivers/net/e1000e/82571.c 2010-02-09 07:57:19.000000000 -0500
23633+++ linux-2.6.32.8/drivers/net/e1000e/82571.c 2010-02-13 21:45:10.160609386 -0500
23634@@ -212,6 +212,7 @@ static s32 e1000_init_mac_params_82571(s
23635 {
23636 struct e1000_hw *hw = &adapter->hw;
23637 struct e1000_mac_info *mac = &hw->mac;
23638+ /* cannot be const */
23639 struct e1000_mac_operations *func = &mac->ops;
23640 u32 swsm = 0;
23641 u32 swsm2 = 0;
23642@@ -1656,7 +1657,7 @@ static void e1000_clear_hw_cntrs_82571(s
23643 temp = er32(ICRXDMTC);
23644 }
23645
23646-static struct e1000_mac_operations e82571_mac_ops = {
23647+static const struct e1000_mac_operations e82571_mac_ops = {
23648 /* .check_mng_mode: mac type dependent */
23649 /* .check_for_link: media type dependent */
23650 .id_led_init = e1000e_id_led_init,
23651@@ -1674,7 +1675,7 @@ static struct e1000_mac_operations e8257
23652 .setup_led = e1000e_setup_led_generic,
23653 };
23654
23655-static struct e1000_phy_operations e82_phy_ops_igp = {
23656+static const struct e1000_phy_operations e82_phy_ops_igp = {
23657 .acquire_phy = e1000_get_hw_semaphore_82571,
23658 .check_reset_block = e1000e_check_reset_block_generic,
23659 .commit_phy = NULL,
23660@@ -1691,7 +1692,7 @@ static struct e1000_phy_operations e82_p
23661 .cfg_on_link_up = NULL,
23662 };
23663
23664-static struct e1000_phy_operations e82_phy_ops_m88 = {
23665+static const struct e1000_phy_operations e82_phy_ops_m88 = {
23666 .acquire_phy = e1000_get_hw_semaphore_82571,
23667 .check_reset_block = e1000e_check_reset_block_generic,
23668 .commit_phy = e1000e_phy_sw_reset,
23669@@ -1708,7 +1709,7 @@ static struct e1000_phy_operations e82_p
23670 .cfg_on_link_up = NULL,
23671 };
23672
23673-static struct e1000_phy_operations e82_phy_ops_bm = {
23674+static const struct e1000_phy_operations e82_phy_ops_bm = {
23675 .acquire_phy = e1000_get_hw_semaphore_82571,
23676 .check_reset_block = e1000e_check_reset_block_generic,
23677 .commit_phy = e1000e_phy_sw_reset,
23678@@ -1725,7 +1726,7 @@ static struct e1000_phy_operations e82_p
23679 .cfg_on_link_up = NULL,
23680 };
23681
23682-static struct e1000_nvm_operations e82571_nvm_ops = {
23683+static const struct e1000_nvm_operations e82571_nvm_ops = {
23684 .acquire_nvm = e1000_acquire_nvm_82571,
23685 .read_nvm = e1000e_read_nvm_eerd,
23686 .release_nvm = e1000_release_nvm_82571,
23687diff -urNp linux-2.6.32.8/drivers/net/e1000e/e1000.h linux-2.6.32.8/drivers/net/e1000e/e1000.h
23688--- linux-2.6.32.8/drivers/net/e1000e/e1000.h 2010-02-09 07:57:19.000000000 -0500
23689+++ linux-2.6.32.8/drivers/net/e1000e/e1000.h 2010-02-13 21:45:10.170595267 -0500
23690@@ -375,9 +375,9 @@ struct e1000_info {
23691 u32 pba;
23692 u32 max_hw_frame_size;
23693 s32 (*get_variants)(struct e1000_adapter *);
23694- struct e1000_mac_operations *mac_ops;
23695- struct e1000_phy_operations *phy_ops;
23696- struct e1000_nvm_operations *nvm_ops;
23697+ const struct e1000_mac_operations *mac_ops;
23698+ const struct e1000_phy_operations *phy_ops;
23699+ const struct e1000_nvm_operations *nvm_ops;
23700 };
23701
23702 /* hardware capability, feature, and workaround flags */
23703diff -urNp linux-2.6.32.8/drivers/net/e1000e/es2lan.c linux-2.6.32.8/drivers/net/e1000e/es2lan.c
23704--- linux-2.6.32.8/drivers/net/e1000e/es2lan.c 2010-02-09 07:57:19.000000000 -0500
23705+++ linux-2.6.32.8/drivers/net/e1000e/es2lan.c 2010-02-13 21:45:10.179919462 -0500
23706@@ -207,6 +207,7 @@ static s32 e1000_init_mac_params_80003es
23707 {
23708 struct e1000_hw *hw = &adapter->hw;
23709 struct e1000_mac_info *mac = &hw->mac;
23710+ /* cannot be const */
23711 struct e1000_mac_operations *func = &mac->ops;
23712
23713 /* Set media type */
23714@@ -1365,7 +1366,7 @@ static void e1000_clear_hw_cntrs_80003es
23715 temp = er32(ICRXDMTC);
23716 }
23717
23718-static struct e1000_mac_operations es2_mac_ops = {
23719+static const struct e1000_mac_operations es2_mac_ops = {
23720 .id_led_init = e1000e_id_led_init,
23721 .check_mng_mode = e1000e_check_mng_mode_generic,
23722 /* check_for_link dependent on media type */
23723@@ -1383,7 +1384,7 @@ static struct e1000_mac_operations es2_m
23724 .setup_led = e1000e_setup_led_generic,
23725 };
23726
23727-static struct e1000_phy_operations es2_phy_ops = {
23728+static const struct e1000_phy_operations es2_phy_ops = {
23729 .acquire_phy = e1000_acquire_phy_80003es2lan,
23730 .check_reset_block = e1000e_check_reset_block_generic,
23731 .commit_phy = e1000e_phy_sw_reset,
23732@@ -1400,7 +1401,7 @@ static struct e1000_phy_operations es2_p
23733 .cfg_on_link_up = e1000_cfg_on_link_up_80003es2lan,
23734 };
23735
23736-static struct e1000_nvm_operations es2_nvm_ops = {
23737+static const struct e1000_nvm_operations es2_nvm_ops = {
23738 .acquire_nvm = e1000_acquire_nvm_80003es2lan,
23739 .read_nvm = e1000e_read_nvm_eerd,
23740 .release_nvm = e1000_release_nvm_80003es2lan,
23741diff -urNp linux-2.6.32.8/drivers/net/e1000e/hw.h linux-2.6.32.8/drivers/net/e1000e/hw.h
23742--- linux-2.6.32.8/drivers/net/e1000e/hw.h 2010-02-09 07:57:19.000000000 -0500
23743+++ linux-2.6.32.8/drivers/net/e1000e/hw.h 2010-02-13 21:45:10.186947543 -0500
23744@@ -755,34 +755,34 @@ struct e1000_mac_operations {
23745
23746 /* Function pointers for the PHY. */
23747 struct e1000_phy_operations {
23748- s32 (*acquire_phy)(struct e1000_hw *);
23749- s32 (*check_polarity)(struct e1000_hw *);
23750- s32 (*check_reset_block)(struct e1000_hw *);
23751- s32 (*commit_phy)(struct e1000_hw *);
23752- s32 (*force_speed_duplex)(struct e1000_hw *);
23753- s32 (*get_cfg_done)(struct e1000_hw *hw);
23754- s32 (*get_cable_length)(struct e1000_hw *);
23755- s32 (*get_phy_info)(struct e1000_hw *);
23756- s32 (*read_phy_reg)(struct e1000_hw *, u32, u16 *);
23757- s32 (*read_phy_reg_locked)(struct e1000_hw *, u32, u16 *);
23758- void (*release_phy)(struct e1000_hw *);
23759- s32 (*reset_phy)(struct e1000_hw *);
23760- s32 (*set_d0_lplu_state)(struct e1000_hw *, bool);
23761- s32 (*set_d3_lplu_state)(struct e1000_hw *, bool);
23762- s32 (*write_phy_reg)(struct e1000_hw *, u32, u16);
23763- s32 (*write_phy_reg_locked)(struct e1000_hw *, u32, u16);
23764- s32 (*cfg_on_link_up)(struct e1000_hw *);
23765+ s32 (* acquire_phy)(struct e1000_hw *);
23766+ s32 (* check_polarity)(struct e1000_hw *);
23767+ s32 (* check_reset_block)(struct e1000_hw *);
23768+ s32 (* commit_phy)(struct e1000_hw *);
23769+ s32 (* force_speed_duplex)(struct e1000_hw *);
23770+ s32 (* get_cfg_done)(struct e1000_hw *hw);
23771+ s32 (* get_cable_length)(struct e1000_hw *);
23772+ s32 (* get_phy_info)(struct e1000_hw *);
23773+ s32 (* read_phy_reg)(struct e1000_hw *, u32, u16 *);
23774+ s32 (* read_phy_reg_locked)(struct e1000_hw *, u32, u16 *);
23775+ void (* release_phy)(struct e1000_hw *);
23776+ s32 (* reset_phy)(struct e1000_hw *);
23777+ s32 (* set_d0_lplu_state)(struct e1000_hw *, bool);
23778+ s32 (* set_d3_lplu_state)(struct e1000_hw *, bool);
23779+ s32 (* write_phy_reg)(struct e1000_hw *, u32, u16);
23780+ s32 (* write_phy_reg_locked)(struct e1000_hw *, u32, u16);
23781+ s32 (* cfg_on_link_up)(struct e1000_hw *);
23782 };
23783
23784 /* Function pointers for the NVM. */
23785 struct e1000_nvm_operations {
23786- s32 (*acquire_nvm)(struct e1000_hw *);
23787- s32 (*read_nvm)(struct e1000_hw *, u16, u16, u16 *);
23788- void (*release_nvm)(struct e1000_hw *);
23789- s32 (*update_nvm)(struct e1000_hw *);
23790- s32 (*valid_led_default)(struct e1000_hw *, u16 *);
23791- s32 (*validate_nvm)(struct e1000_hw *);
23792- s32 (*write_nvm)(struct e1000_hw *, u16, u16, u16 *);
23793+ s32 (* const acquire_nvm)(struct e1000_hw *);
23794+ s32 (* const read_nvm)(struct e1000_hw *, u16, u16, u16 *);
23795+ void (* const release_nvm)(struct e1000_hw *);
23796+ s32 (* const update_nvm)(struct e1000_hw *);
23797+ s32 (* const valid_led_default)(struct e1000_hw *, u16 *);
23798+ s32 (* const validate_nvm)(struct e1000_hw *);
23799+ s32 (* const write_nvm)(struct e1000_hw *, u16, u16, u16 *);
23800 };
23801
23802 struct e1000_mac_info {
23803diff -urNp linux-2.6.32.8/drivers/net/e1000e/ich8lan.c linux-2.6.32.8/drivers/net/e1000e/ich8lan.c
23804--- linux-2.6.32.8/drivers/net/e1000e/ich8lan.c 2010-02-09 07:57:19.000000000 -0500
23805+++ linux-2.6.32.8/drivers/net/e1000e/ich8lan.c 2010-02-13 21:45:10.205066189 -0500
23806@@ -3451,7 +3451,7 @@ static void e1000_clear_hw_cntrs_ich8lan
23807 }
23808 }
23809
23810-static struct e1000_mac_operations ich8_mac_ops = {
23811+static const struct e1000_mac_operations ich8_mac_ops = {
23812 .id_led_init = e1000e_id_led_init,
23813 .check_mng_mode = e1000_check_mng_mode_ich8lan,
23814 .check_for_link = e1000_check_for_copper_link_ich8lan,
23815@@ -3469,7 +3469,7 @@ static struct e1000_mac_operations ich8_
23816 /* id_led_init dependent on mac type */
23817 };
23818
23819-static struct e1000_phy_operations ich8_phy_ops = {
23820+static const struct e1000_phy_operations ich8_phy_ops = {
23821 .acquire_phy = e1000_acquire_swflag_ich8lan,
23822 .check_reset_block = e1000_check_reset_block_ich8lan,
23823 .commit_phy = NULL,
23824@@ -3485,7 +3485,7 @@ static struct e1000_phy_operations ich8_
23825 .write_phy_reg = e1000e_write_phy_reg_igp,
23826 };
23827
23828-static struct e1000_nvm_operations ich8_nvm_ops = {
23829+static const struct e1000_nvm_operations ich8_nvm_ops = {
23830 .acquire_nvm = e1000_acquire_nvm_ich8lan,
23831 .read_nvm = e1000_read_nvm_ich8lan,
23832 .release_nvm = e1000_release_nvm_ich8lan,
23833diff -urNp linux-2.6.32.8/drivers/net/ibmveth.c linux-2.6.32.8/drivers/net/ibmveth.c
23834--- linux-2.6.32.8/drivers/net/ibmveth.c 2010-02-09 07:57:19.000000000 -0500
23835+++ linux-2.6.32.8/drivers/net/ibmveth.c 2010-02-13 21:45:10.217838624 -0500
23836@@ -1577,7 +1577,7 @@ static struct attribute * veth_pool_attr
23837 NULL,
23838 };
23839
23840-static struct sysfs_ops veth_pool_ops = {
23841+static const struct sysfs_ops veth_pool_ops = {
23842 .show = veth_pool_show,
23843 .store = veth_pool_store,
23844 };
23845diff -urNp linux-2.6.32.8/drivers/net/igb/e1000_82575.c linux-2.6.32.8/drivers/net/igb/e1000_82575.c
23846--- linux-2.6.32.8/drivers/net/igb/e1000_82575.c 2010-02-09 07:57:19.000000000 -0500
23847+++ linux-2.6.32.8/drivers/net/igb/e1000_82575.c 2010-02-13 21:45:10.217838624 -0500
23848@@ -1400,7 +1400,7 @@ void igb_vmdq_set_replication_pf(struct
23849 wr32(E1000_VT_CTL, vt_ctl);
23850 }
23851
23852-static struct e1000_mac_operations e1000_mac_ops_82575 = {
23853+static const struct e1000_mac_operations e1000_mac_ops_82575 = {
23854 .reset_hw = igb_reset_hw_82575,
23855 .init_hw = igb_init_hw_82575,
23856 .check_for_link = igb_check_for_link_82575,
23857@@ -1409,13 +1409,13 @@ static struct e1000_mac_operations e1000
23858 .get_speed_and_duplex = igb_get_speed_and_duplex_copper,
23859 };
23860
23861-static struct e1000_phy_operations e1000_phy_ops_82575 = {
23862+static const struct e1000_phy_operations e1000_phy_ops_82575 = {
23863 .acquire = igb_acquire_phy_82575,
23864 .get_cfg_done = igb_get_cfg_done_82575,
23865 .release = igb_release_phy_82575,
23866 };
23867
23868-static struct e1000_nvm_operations e1000_nvm_ops_82575 = {
23869+static const struct e1000_nvm_operations e1000_nvm_ops_82575 = {
23870 .acquire = igb_acquire_nvm_82575,
23871 .read = igb_read_nvm_eerd,
23872 .release = igb_release_nvm_82575,
23873diff -urNp linux-2.6.32.8/drivers/net/igb/e1000_hw.h linux-2.6.32.8/drivers/net/igb/e1000_hw.h
23874--- linux-2.6.32.8/drivers/net/igb/e1000_hw.h 2010-02-09 07:57:19.000000000 -0500
23875+++ linux-2.6.32.8/drivers/net/igb/e1000_hw.h 2010-02-13 21:45:10.217838624 -0500
23876@@ -302,17 +302,17 @@ struct e1000_phy_operations {
23877 };
23878
23879 struct e1000_nvm_operations {
23880- s32 (*acquire)(struct e1000_hw *);
23881- s32 (*read)(struct e1000_hw *, u16, u16, u16 *);
23882- void (*release)(struct e1000_hw *);
23883- s32 (*write)(struct e1000_hw *, u16, u16, u16 *);
23884+ s32 (* const acquire)(struct e1000_hw *);
23885+ s32 (* const read)(struct e1000_hw *, u16, u16, u16 *);
23886+ void (* const release)(struct e1000_hw *);
23887+ s32 (* const write)(struct e1000_hw *, u16, u16, u16 *);
23888 };
23889
23890 struct e1000_info {
23891 s32 (*get_invariants)(struct e1000_hw *);
23892- struct e1000_mac_operations *mac_ops;
23893- struct e1000_phy_operations *phy_ops;
23894- struct e1000_nvm_operations *nvm_ops;
23895+ const struct e1000_mac_operations *mac_ops;
23896+ const struct e1000_phy_operations *phy_ops;
23897+ const struct e1000_nvm_operations *nvm_ops;
23898 };
23899
23900 extern const struct e1000_info e1000_82575_info;
23901diff -urNp linux-2.6.32.8/drivers/net/irda/vlsi_ir.c linux-2.6.32.8/drivers/net/irda/vlsi_ir.c
23902--- linux-2.6.32.8/drivers/net/irda/vlsi_ir.c 2010-02-09 07:57:19.000000000 -0500
23903+++ linux-2.6.32.8/drivers/net/irda/vlsi_ir.c 2010-02-13 21:45:10.219890998 -0500
23904@@ -907,13 +907,12 @@ static netdev_tx_t vlsi_hard_start_xmit(
23905 /* no race - tx-ring already empty */
23906 vlsi_set_baud(idev, iobase);
23907 netif_wake_queue(ndev);
23908- }
23909- else
23910- ;
23911+ } else {
23912 /* keep the speed change pending like it would
23913 * for any len>0 packet. tx completion interrupt
23914 * will apply it when the tx ring becomes empty.
23915 */
23916+ }
23917 spin_unlock_irqrestore(&idev->lock, flags);
23918 dev_kfree_skb_any(skb);
23919 return NETDEV_TX_OK;
23920diff -urNp linux-2.6.32.8/drivers/net/iseries_veth.c linux-2.6.32.8/drivers/net/iseries_veth.c
23921--- linux-2.6.32.8/drivers/net/iseries_veth.c 2010-02-09 07:57:19.000000000 -0500
23922+++ linux-2.6.32.8/drivers/net/iseries_veth.c 2010-02-13 21:45:10.219890998 -0500
23923@@ -384,7 +384,7 @@ static struct attribute *veth_cnx_defaul
23924 NULL
23925 };
23926
23927-static struct sysfs_ops veth_cnx_sysfs_ops = {
23928+static const struct sysfs_ops veth_cnx_sysfs_ops = {
23929 .show = veth_cnx_attribute_show
23930 };
23931
23932@@ -441,7 +441,7 @@ static struct attribute *veth_port_defau
23933 NULL
23934 };
23935
23936-static struct sysfs_ops veth_port_sysfs_ops = {
23937+static const struct sysfs_ops veth_port_sysfs_ops = {
23938 .show = veth_port_attribute_show
23939 };
23940
23941diff -urNp linux-2.6.32.8/drivers/net/pcnet32.c linux-2.6.32.8/drivers/net/pcnet32.c
23942--- linux-2.6.32.8/drivers/net/pcnet32.c 2010-02-09 07:57:19.000000000 -0500
23943+++ linux-2.6.32.8/drivers/net/pcnet32.c 2010-02-13 21:45:10.229817912 -0500
23944@@ -79,7 +79,7 @@ static int cards_found;
23945 /*
23946 * VLB I/O addresses
23947 */
23948-static unsigned int pcnet32_portlist[] __initdata =
23949+static unsigned int pcnet32_portlist[] __devinitdata =
23950 { 0x300, 0x320, 0x340, 0x360, 0 };
23951
23952 static int pcnet32_debug = 0;
23953diff -urNp linux-2.6.32.8/drivers/net/tg3.h linux-2.6.32.8/drivers/net/tg3.h
23954--- linux-2.6.32.8/drivers/net/tg3.h 2010-02-09 07:57:19.000000000 -0500
23955+++ linux-2.6.32.8/drivers/net/tg3.h 2010-02-13 21:45:10.248017589 -0500
23956@@ -95,6 +95,7 @@
23957 #define CHIPREV_ID_5750_A0 0x4000
23958 #define CHIPREV_ID_5750_A1 0x4001
23959 #define CHIPREV_ID_5750_A3 0x4003
23960+#define CHIPREV_ID_5750_C1 0x4201
23961 #define CHIPREV_ID_5750_C2 0x4202
23962 #define CHIPREV_ID_5752_A0_HW 0x5000
23963 #define CHIPREV_ID_5752_A0 0x6000
23964diff -urNp linux-2.6.32.8/drivers/net/usb/hso.c linux-2.6.32.8/drivers/net/usb/hso.c
23965--- linux-2.6.32.8/drivers/net/usb/hso.c 2010-02-09 07:57:19.000000000 -0500
23966+++ linux-2.6.32.8/drivers/net/usb/hso.c 2010-02-13 21:45:10.264948656 -0500
23967@@ -258,7 +258,7 @@ struct hso_serial {
23968
23969 /* from usb_serial_port */
23970 struct tty_struct *tty;
23971- int open_count;
23972+ atomic_t open_count;
23973 spinlock_t serial_lock;
23974
23975 int (*write_data) (struct hso_serial *serial);
23976@@ -1180,7 +1180,7 @@ static void put_rxbuf_data_and_resubmit_
23977 struct urb *urb;
23978
23979 urb = serial->rx_urb[0];
23980- if (serial->open_count > 0) {
23981+ if (atomic_read(&serial->open_count) > 0) {
23982 count = put_rxbuf_data(urb, serial);
23983 if (count == -1)
23984 return;
23985@@ -1216,7 +1216,7 @@ static void hso_std_serial_read_bulk_cal
23986 DUMP1(urb->transfer_buffer, urb->actual_length);
23987
23988 /* Anyone listening? */
23989- if (serial->open_count == 0)
23990+ if (atomic_read(&serial->open_count) == 0)
23991 return;
23992
23993 if (status == 0) {
23994@@ -1311,8 +1311,7 @@ static int hso_serial_open(struct tty_st
23995 spin_unlock_irq(&serial->serial_lock);
23996
23997 /* check for port already opened, if not set the termios */
23998- serial->open_count++;
23999- if (serial->open_count == 1) {
24000+ if (atomic_inc_return(&serial->open_count) == 1) {
24001 tty->low_latency = 1;
24002 serial->rx_state = RX_IDLE;
24003 /* Force default termio settings */
24004@@ -1325,7 +1324,7 @@ static int hso_serial_open(struct tty_st
24005 result = hso_start_serial_device(serial->parent, GFP_KERNEL);
24006 if (result) {
24007 hso_stop_serial_device(serial->parent);
24008- serial->open_count--;
24009+ atomic_dec(&serial->open_count);
24010 kref_put(&serial->parent->ref, hso_serial_ref_free);
24011 }
24012 } else {
24013@@ -1362,10 +1361,10 @@ static void hso_serial_close(struct tty_
24014
24015 /* reset the rts and dtr */
24016 /* do the actual close */
24017- serial->open_count--;
24018+ atomic_dec(&serial->open_count);
24019
24020- if (serial->open_count <= 0) {
24021- serial->open_count = 0;
24022+ if (atomic_read(&serial->open_count) <= 0) {
24023+ atomic_set(&serial->open_count, 0);
24024 spin_lock_irq(&serial->serial_lock);
24025 if (serial->tty == tty) {
24026 serial->tty->driver_data = NULL;
24027@@ -1447,7 +1446,7 @@ static void hso_serial_set_termios(struc
24028
24029 /* the actual setup */
24030 spin_lock_irqsave(&serial->serial_lock, flags);
24031- if (serial->open_count)
24032+ if (atomic_read(&serial->open_count))
24033 _hso_serial_set_termios(tty, old);
24034 else
24035 tty->termios = old;
24036@@ -3095,7 +3094,7 @@ static int hso_resume(struct usb_interfa
24037 /* Start all serial ports */
24038 for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) {
24039 if (serial_table[i] && (serial_table[i]->interface == iface)) {
24040- if (dev2ser(serial_table[i])->open_count) {
24041+ if (atomic_read(&dev2ser(serial_table[i])->open_count)) {
24042 result =
24043 hso_start_serial_device(serial_table[i], GFP_NOIO);
24044 hso_kick_transmit(dev2ser(serial_table[i]));
24045diff -urNp linux-2.6.32.8/drivers/net/wireless/b43/debugfs.c linux-2.6.32.8/drivers/net/wireless/b43/debugfs.c
24046--- linux-2.6.32.8/drivers/net/wireless/b43/debugfs.c 2010-02-09 07:57:19.000000000 -0500
24047+++ linux-2.6.32.8/drivers/net/wireless/b43/debugfs.c 2010-02-13 21:45:10.287952126 -0500
24048@@ -43,7 +43,7 @@ static struct dentry *rootdir;
24049 struct b43_debugfs_fops {
24050 ssize_t (*read)(struct b43_wldev *dev, char *buf, size_t bufsize);
24051 int (*write)(struct b43_wldev *dev, const char *buf, size_t count);
24052- struct file_operations fops;
24053+ const struct file_operations fops;
24054 /* Offset of struct b43_dfs_file in struct b43_dfsentry */
24055 size_t file_struct_offset;
24056 };
24057diff -urNp linux-2.6.32.8/drivers/net/wireless/b43legacy/debugfs.c linux-2.6.32.8/drivers/net/wireless/b43legacy/debugfs.c
24058--- linux-2.6.32.8/drivers/net/wireless/b43legacy/debugfs.c 2010-02-09 07:57:19.000000000 -0500
24059+++ linux-2.6.32.8/drivers/net/wireless/b43legacy/debugfs.c 2010-02-13 21:45:10.296619802 -0500
24060@@ -44,7 +44,7 @@ static struct dentry *rootdir;
24061 struct b43legacy_debugfs_fops {
24062 ssize_t (*read)(struct b43legacy_wldev *dev, char *buf, size_t bufsize);
24063 int (*write)(struct b43legacy_wldev *dev, const char *buf, size_t count);
24064- struct file_operations fops;
24065+ const struct file_operations fops;
24066 /* Offset of struct b43legacy_dfs_file in struct b43legacy_dfsentry */
24067 size_t file_struct_offset;
24068 /* Take wl->irq_lock before calling read/write? */
24069diff -urNp linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-1000.c linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-1000.c
24070--- linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-1000.c 2010-02-09 07:57:19.000000000 -0500
24071+++ linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-1000.c 2010-02-13 21:45:10.303949683 -0500
24072@@ -137,7 +137,7 @@ static struct iwl_lib_ops iwl1000_lib =
24073 },
24074 };
24075
24076-static struct iwl_ops iwl1000_ops = {
24077+static const struct iwl_ops iwl1000_ops = {
24078 .ucode = &iwl5000_ucode,
24079 .lib = &iwl1000_lib,
24080 .hcmd = &iwl5000_hcmd,
24081diff -urNp linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-3945.c linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-3945.c
24082--- linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-3945.c 2010-02-09 07:57:19.000000000 -0500
24083+++ linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-3945.c 2010-02-13 21:45:10.305603791 -0500
24084@@ -2876,7 +2876,7 @@ static struct iwl_hcmd_utils_ops iwl3945
24085 .build_addsta_hcmd = iwl3945_build_addsta_hcmd,
24086 };
24087
24088-static struct iwl_ops iwl3945_ops = {
24089+static const struct iwl_ops iwl3945_ops = {
24090 .ucode = &iwl3945_ucode,
24091 .lib = &iwl3945_lib,
24092 .hcmd = &iwl3945_hcmd,
24093diff -urNp linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-4965.c linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-4965.c
24094--- linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-4965.c 2010-02-09 07:57:19.000000000 -0500
24095+++ linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-4965.c 2010-02-13 21:45:10.307959764 -0500
24096@@ -2335,7 +2335,7 @@ static struct iwl_lib_ops iwl4965_lib =
24097 },
24098 };
24099
24100-static struct iwl_ops iwl4965_ops = {
24101+static const struct iwl_ops iwl4965_ops = {
24102 .ucode = &iwl4965_ucode,
24103 .lib = &iwl4965_lib,
24104 .hcmd = &iwl4965_hcmd,
24105diff -urNp linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-5000.c linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-5000.c
24106--- linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-5000.c 2010-02-09 07:57:19.000000000 -0500
24107+++ linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-5000.c 2010-02-13 21:45:10.316138607 -0500
24108@@ -1628,14 +1628,14 @@ static struct iwl_lib_ops iwl5150_lib =
24109 },
24110 };
24111
24112-struct iwl_ops iwl5000_ops = {
24113+const struct iwl_ops iwl5000_ops = {
24114 .ucode = &iwl5000_ucode,
24115 .lib = &iwl5000_lib,
24116 .hcmd = &iwl5000_hcmd,
24117 .utils = &iwl5000_hcmd_utils,
24118 };
24119
24120-static struct iwl_ops iwl5150_ops = {
24121+static const struct iwl_ops iwl5150_ops = {
24122 .ucode = &iwl5000_ucode,
24123 .lib = &iwl5150_lib,
24124 .hcmd = &iwl5000_hcmd,
24125diff -urNp linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-6000.c linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-6000.c
24126--- linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-6000.c 2010-02-09 07:57:19.000000000 -0500
24127+++ linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-6000.c 2010-02-13 21:45:10.316788245 -0500
24128@@ -146,7 +146,7 @@ static struct iwl_hcmd_utils_ops iwl6000
24129 .calc_rssi = iwl5000_calc_rssi,
24130 };
24131
24132-static struct iwl_ops iwl6000_ops = {
24133+static const struct iwl_ops iwl6000_ops = {
24134 .ucode = &iwl5000_ucode,
24135 .lib = &iwl6000_lib,
24136 .hcmd = &iwl5000_hcmd,
24137diff -urNp linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-dev.h linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-dev.h
24138--- linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-dev.h 2010-02-09 07:57:19.000000000 -0500
24139+++ linux-2.6.32.8/drivers/net/wireless/iwlwifi/iwl-dev.h 2010-02-13 21:45:10.317687263 -0500
24140@@ -67,7 +67,7 @@ struct iwl_tx_queue;
24141
24142 /* shared structures from iwl-5000.c */
24143 extern struct iwl_mod_params iwl50_mod_params;
24144-extern struct iwl_ops iwl5000_ops;
24145+extern const struct iwl_ops iwl5000_ops;
24146 extern struct iwl_ucode_ops iwl5000_ucode;
24147 extern struct iwl_lib_ops iwl5000_lib;
24148 extern struct iwl_hcmd_ops iwl5000_hcmd;
24149diff -urNp linux-2.6.32.8/drivers/net/wireless/libertas/debugfs.c linux-2.6.32.8/drivers/net/wireless/libertas/debugfs.c
24150--- linux-2.6.32.8/drivers/net/wireless/libertas/debugfs.c 2010-02-09 07:57:19.000000000 -0500
24151+++ linux-2.6.32.8/drivers/net/wireless/libertas/debugfs.c 2010-02-13 21:45:10.325943460 -0500
24152@@ -708,7 +708,7 @@ out_unlock:
24153 struct lbs_debugfs_files {
24154 const char *name;
24155 int perm;
24156- struct file_operations fops;
24157+ const struct file_operations fops;
24158 };
24159
24160 static const struct lbs_debugfs_files debugfs_files[] = {
24161diff -urNp linux-2.6.32.8/drivers/oprofile/buffer_sync.c linux-2.6.32.8/drivers/oprofile/buffer_sync.c
24162--- linux-2.6.32.8/drivers/oprofile/buffer_sync.c 2010-02-09 07:57:19.000000000 -0500
24163+++ linux-2.6.32.8/drivers/oprofile/buffer_sync.c 2010-02-13 21:45:10.325943460 -0500
24164@@ -340,7 +340,7 @@ static void add_data(struct op_entry *en
24165 if (cookie == NO_COOKIE)
24166 offset = pc;
24167 if (cookie == INVALID_COOKIE) {
24168- atomic_inc(&oprofile_stats.sample_lost_no_mapping);
24169+ atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mapping);
24170 offset = pc;
24171 }
24172 if (cookie != last_cookie) {
24173@@ -384,14 +384,14 @@ add_sample(struct mm_struct *mm, struct
24174 /* add userspace sample */
24175
24176 if (!mm) {
24177- atomic_inc(&oprofile_stats.sample_lost_no_mm);
24178+ atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mm);
24179 return 0;
24180 }
24181
24182 cookie = lookup_dcookie(mm, s->eip, &offset);
24183
24184 if (cookie == INVALID_COOKIE) {
24185- atomic_inc(&oprofile_stats.sample_lost_no_mapping);
24186+ atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mapping);
24187 return 0;
24188 }
24189
24190@@ -560,7 +560,7 @@ void sync_buffer(int cpu)
24191 /* ignore backtraces if failed to add a sample */
24192 if (state == sb_bt_start) {
24193 state = sb_bt_ignore;
24194- atomic_inc(&oprofile_stats.bt_lost_no_mapping);
24195+ atomic_inc_unchecked(&oprofile_stats.bt_lost_no_mapping);
24196 }
24197 }
24198 release_mm(mm);
24199diff -urNp linux-2.6.32.8/drivers/oprofile/event_buffer.c linux-2.6.32.8/drivers/oprofile/event_buffer.c
24200--- linux-2.6.32.8/drivers/oprofile/event_buffer.c 2010-02-09 07:57:19.000000000 -0500
24201+++ linux-2.6.32.8/drivers/oprofile/event_buffer.c 2010-02-13 21:45:10.325943460 -0500
24202@@ -53,7 +53,7 @@ void add_event_entry(unsigned long value
24203 }
24204
24205 if (buffer_pos == buffer_size) {
24206- atomic_inc(&oprofile_stats.event_lost_overflow);
24207+ atomic_inc_unchecked(&oprofile_stats.event_lost_overflow);
24208 return;
24209 }
24210
24211diff -urNp linux-2.6.32.8/drivers/oprofile/oprof.c linux-2.6.32.8/drivers/oprofile/oprof.c
24212--- linux-2.6.32.8/drivers/oprofile/oprof.c 2010-02-09 07:57:19.000000000 -0500
24213+++ linux-2.6.32.8/drivers/oprofile/oprof.c 2010-02-13 21:45:10.325943460 -0500
24214@@ -110,7 +110,7 @@ static void switch_worker(struct work_st
24215 if (oprofile_ops.switch_events())
24216 return;
24217
24218- atomic_inc(&oprofile_stats.multiplex_counter);
24219+ atomic_inc_unchecked(&oprofile_stats.multiplex_counter);
24220 start_switch_worker();
24221 }
24222
24223diff -urNp linux-2.6.32.8/drivers/oprofile/oprofilefs.c linux-2.6.32.8/drivers/oprofile/oprofilefs.c
24224--- linux-2.6.32.8/drivers/oprofile/oprofilefs.c 2010-02-09 07:57:19.000000000 -0500
24225+++ linux-2.6.32.8/drivers/oprofile/oprofilefs.c 2010-02-13 21:45:10.326952614 -0500
24226@@ -187,7 +187,7 @@ static const struct file_operations atom
24227
24228
24229 int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root,
24230- char const *name, atomic_t *val)
24231+ char const *name, atomic_unchecked_t *val)
24232 {
24233 struct dentry *d = __oprofilefs_create_file(sb, root, name,
24234 &atomic_ro_fops, 0444);
24235diff -urNp linux-2.6.32.8/drivers/oprofile/oprofile_stats.c linux-2.6.32.8/drivers/oprofile/oprofile_stats.c
24236--- linux-2.6.32.8/drivers/oprofile/oprofile_stats.c 2010-02-09 07:57:19.000000000 -0500
24237+++ linux-2.6.32.8/drivers/oprofile/oprofile_stats.c 2010-02-13 21:45:10.326952614 -0500
24238@@ -30,11 +30,11 @@ void oprofile_reset_stats(void)
24239 cpu_buf->sample_invalid_eip = 0;
24240 }
24241
24242- atomic_set(&oprofile_stats.sample_lost_no_mm, 0);
24243- atomic_set(&oprofile_stats.sample_lost_no_mapping, 0);
24244- atomic_set(&oprofile_stats.event_lost_overflow, 0);
24245- atomic_set(&oprofile_stats.bt_lost_no_mapping, 0);
24246- atomic_set(&oprofile_stats.multiplex_counter, 0);
24247+ atomic_set_unchecked(&oprofile_stats.sample_lost_no_mm, 0);
24248+ atomic_set_unchecked(&oprofile_stats.sample_lost_no_mapping, 0);
24249+ atomic_set_unchecked(&oprofile_stats.event_lost_overflow, 0);
24250+ atomic_set_unchecked(&oprofile_stats.bt_lost_no_mapping, 0);
24251+ atomic_set_unchecked(&oprofile_stats.multiplex_counter, 0);
24252 }
24253
24254
24255diff -urNp linux-2.6.32.8/drivers/oprofile/oprofile_stats.h linux-2.6.32.8/drivers/oprofile/oprofile_stats.h
24256--- linux-2.6.32.8/drivers/oprofile/oprofile_stats.h 2010-02-09 07:57:19.000000000 -0500
24257+++ linux-2.6.32.8/drivers/oprofile/oprofile_stats.h 2010-02-13 21:45:10.326952614 -0500
24258@@ -13,11 +13,11 @@
24259 #include <asm/atomic.h>
24260
24261 struct oprofile_stat_struct {
24262- atomic_t sample_lost_no_mm;
24263- atomic_t sample_lost_no_mapping;
24264- atomic_t bt_lost_no_mapping;
24265- atomic_t event_lost_overflow;
24266- atomic_t multiplex_counter;
24267+ atomic_unchecked_t sample_lost_no_mm;
24268+ atomic_unchecked_t sample_lost_no_mapping;
24269+ atomic_unchecked_t bt_lost_no_mapping;
24270+ atomic_unchecked_t event_lost_overflow;
24271+ atomic_unchecked_t multiplex_counter;
24272 };
24273
24274 extern struct oprofile_stat_struct oprofile_stats;
24275diff -urNp linux-2.6.32.8/drivers/parisc/pdc_stable.c linux-2.6.32.8/drivers/parisc/pdc_stable.c
24276--- linux-2.6.32.8/drivers/parisc/pdc_stable.c 2010-02-09 07:57:19.000000000 -0500
24277+++ linux-2.6.32.8/drivers/parisc/pdc_stable.c 2010-02-13 21:45:10.326952614 -0500
24278@@ -481,7 +481,7 @@ pdcspath_attr_store(struct kobject *kobj
24279 return ret;
24280 }
24281
24282-static struct sysfs_ops pdcspath_attr_ops = {
24283+static const struct sysfs_ops pdcspath_attr_ops = {
24284 .show = pdcspath_attr_show,
24285 .store = pdcspath_attr_store,
24286 };
24287diff -urNp linux-2.6.32.8/drivers/pci/hotplug/acpiphp_glue.c linux-2.6.32.8/drivers/pci/hotplug/acpiphp_glue.c
24288--- linux-2.6.32.8/drivers/pci/hotplug/acpiphp_glue.c 2010-02-09 07:57:19.000000000 -0500
24289+++ linux-2.6.32.8/drivers/pci/hotplug/acpiphp_glue.c 2010-02-13 21:45:10.327955058 -0500
24290@@ -111,7 +111,7 @@ static int post_dock_fixups(struct notif
24291 }
24292
24293
24294-static struct acpi_dock_ops acpiphp_dock_ops = {
24295+static const struct acpi_dock_ops acpiphp_dock_ops = {
24296 .handler = handle_hotplug_event_func,
24297 };
24298
24299diff -urNp linux-2.6.32.8/drivers/pci/hotplug/cpqphp_nvram.c linux-2.6.32.8/drivers/pci/hotplug/cpqphp_nvram.c
24300--- linux-2.6.32.8/drivers/pci/hotplug/cpqphp_nvram.c 2010-02-09 07:57:19.000000000 -0500
24301+++ linux-2.6.32.8/drivers/pci/hotplug/cpqphp_nvram.c 2010-02-13 21:45:10.327955058 -0500
24302@@ -428,9 +428,13 @@ static u32 store_HRT (void __iomem *rom_
24303
24304 void compaq_nvram_init (void __iomem *rom_start)
24305 {
24306+
24307+#ifndef CONFIG_PAX_KERNEXEC
24308 if (rom_start) {
24309 compaq_int15_entry_point = (rom_start + ROM_INT15_PHY_ADDR - ROM_PHY_ADDR);
24310 }
24311+#endif
24312+
24313 dbg("int15 entry = %p\n", compaq_int15_entry_point);
24314
24315 /* initialize our int15 lock */
24316diff -urNp linux-2.6.32.8/drivers/pci/hotplug/fakephp.c linux-2.6.32.8/drivers/pci/hotplug/fakephp.c
24317--- linux-2.6.32.8/drivers/pci/hotplug/fakephp.c 2010-02-09 07:57:19.000000000 -0500
24318+++ linux-2.6.32.8/drivers/pci/hotplug/fakephp.c 2010-02-13 21:45:10.328531374 -0500
24319@@ -73,7 +73,7 @@ static void legacy_release(struct kobjec
24320 }
24321
24322 static struct kobj_type legacy_ktype = {
24323- .sysfs_ops = &(struct sysfs_ops){
24324+ .sysfs_ops = &(const struct sysfs_ops){
24325 .store = legacy_store, .show = legacy_show
24326 },
24327 .release = &legacy_release,
24328diff -urNp linux-2.6.32.8/drivers/pci/intel-iommu.c linux-2.6.32.8/drivers/pci/intel-iommu.c
24329--- linux-2.6.32.8/drivers/pci/intel-iommu.c 2010-02-09 07:57:19.000000000 -0500
24330+++ linux-2.6.32.8/drivers/pci/intel-iommu.c 2010-02-13 21:45:10.328531374 -0500
24331@@ -2950,7 +2950,7 @@ static int intel_mapping_error(struct de
24332 return !dma_addr;
24333 }
24334
24335-struct dma_map_ops intel_dma_ops = {
24336+const struct dma_map_ops intel_dma_ops = {
24337 .alloc_coherent = intel_alloc_coherent,
24338 .free_coherent = intel_free_coherent,
24339 .map_sg = intel_map_sg,
24340diff -urNp linux-2.6.32.8/drivers/pci/pcie/portdrv_pci.c linux-2.6.32.8/drivers/pci/pcie/portdrv_pci.c
24341--- linux-2.6.32.8/drivers/pci/pcie/portdrv_pci.c 2010-02-09 07:57:19.000000000 -0500
24342+++ linux-2.6.32.8/drivers/pci/pcie/portdrv_pci.c 2010-02-13 21:45:10.328531374 -0500
24343@@ -249,7 +249,7 @@ static void pcie_portdrv_err_resume(stru
24344 static const struct pci_device_id port_pci_ids[] = { {
24345 /* handle any PCI-Express port */
24346 PCI_DEVICE_CLASS(((PCI_CLASS_BRIDGE_PCI << 8) | 0x00), ~0),
24347- }, { /* end: all zeroes */ }
24348+ }, { 0, 0, 0, 0, 0, 0, 0 }
24349 };
24350 MODULE_DEVICE_TABLE(pci, port_pci_ids);
24351
24352diff -urNp linux-2.6.32.8/drivers/pci/proc.c linux-2.6.32.8/drivers/pci/proc.c
24353--- linux-2.6.32.8/drivers/pci/proc.c 2010-02-09 07:57:19.000000000 -0500
24354+++ linux-2.6.32.8/drivers/pci/proc.c 2010-02-13 21:45:10.328531374 -0500
24355@@ -480,7 +480,16 @@ static const struct file_operations proc
24356 static int __init pci_proc_init(void)
24357 {
24358 struct pci_dev *dev = NULL;
24359+
24360+#ifdef CONFIG_GRKERNSEC_PROC_ADD
24361+#ifdef CONFIG_GRKERNSEC_PROC_USER
24362+ proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR, NULL);
24363+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
24364+ proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
24365+#endif
24366+#else
24367 proc_bus_pci_dir = proc_mkdir("bus/pci", NULL);
24368+#endif
24369 proc_create("devices", 0, proc_bus_pci_dir,
24370 &proc_bus_pci_dev_operations);
24371 proc_initialized = 1;
24372diff -urNp linux-2.6.32.8/drivers/pci/slot.c linux-2.6.32.8/drivers/pci/slot.c
24373--- linux-2.6.32.8/drivers/pci/slot.c 2010-02-09 07:57:19.000000000 -0500
24374+++ linux-2.6.32.8/drivers/pci/slot.c 2010-02-13 21:45:10.328531374 -0500
24375@@ -29,7 +29,7 @@ static ssize_t pci_slot_attr_store(struc
24376 return attribute->store ? attribute->store(slot, buf, len) : -EIO;
24377 }
24378
24379-static struct sysfs_ops pci_slot_sysfs_ops = {
24380+static const struct sysfs_ops pci_slot_sysfs_ops = {
24381 .show = pci_slot_attr_show,
24382 .store = pci_slot_attr_store,
24383 };
24384diff -urNp linux-2.6.32.8/drivers/pcmcia/ti113x.h linux-2.6.32.8/drivers/pcmcia/ti113x.h
24385--- linux-2.6.32.8/drivers/pcmcia/ti113x.h 2010-02-09 07:57:19.000000000 -0500
24386+++ linux-2.6.32.8/drivers/pcmcia/ti113x.h 2010-02-13 21:45:10.329952331 -0500
24387@@ -903,7 +903,7 @@ static struct pci_device_id ene_tune_tbl
24388 DEVID(PCI_VENDOR_ID_MOTOROLA, 0x3410, 0xECC0, PCI_ANY_ID,
24389 ENE_TEST_C9_TLTENABLE | ENE_TEST_C9_PFENABLE, ENE_TEST_C9_TLTENABLE),
24390
24391- {}
24392+ { 0, 0, 0, 0, 0, 0, 0 }
24393 };
24394
24395 static void ene_tune_bridge(struct pcmcia_socket *sock, struct pci_bus *bus)
24396diff -urNp linux-2.6.32.8/drivers/pcmcia/yenta_socket.c linux-2.6.32.8/drivers/pcmcia/yenta_socket.c
24397--- linux-2.6.32.8/drivers/pcmcia/yenta_socket.c 2010-02-09 07:57:19.000000000 -0500
24398+++ linux-2.6.32.8/drivers/pcmcia/yenta_socket.c 2010-02-13 21:45:10.329952331 -0500
24399@@ -1387,7 +1387,7 @@ static struct pci_device_id yenta_table
24400
24401 /* match any cardbus bridge */
24402 CB_ID(PCI_ANY_ID, PCI_ANY_ID, DEFAULT),
24403- { /* all zeroes */ }
24404+ { 0, 0, 0, 0, 0, 0, 0 }
24405 };
24406 MODULE_DEVICE_TABLE(pci, yenta_table);
24407
24408diff -urNp linux-2.6.32.8/drivers/platform/x86/acer-wmi.c linux-2.6.32.8/drivers/platform/x86/acer-wmi.c
24409--- linux-2.6.32.8/drivers/platform/x86/acer-wmi.c 2010-02-09 07:57:19.000000000 -0500
24410+++ linux-2.6.32.8/drivers/platform/x86/acer-wmi.c 2010-02-13 21:45:10.330810874 -0500
24411@@ -918,7 +918,7 @@ static int update_bl_status(struct backl
24412 return 0;
24413 }
24414
24415-static struct backlight_ops acer_bl_ops = {
24416+static const struct backlight_ops acer_bl_ops = {
24417 .get_brightness = read_brightness,
24418 .update_status = update_bl_status,
24419 };
24420diff -urNp linux-2.6.32.8/drivers/platform/x86/asus_acpi.c linux-2.6.32.8/drivers/platform/x86/asus_acpi.c
24421--- linux-2.6.32.8/drivers/platform/x86/asus_acpi.c 2010-02-09 07:57:19.000000000 -0500
24422+++ linux-2.6.32.8/drivers/platform/x86/asus_acpi.c 2010-02-13 21:45:10.330810874 -0500
24423@@ -1402,7 +1402,7 @@ static int asus_hotk_remove(struct acpi_
24424 return 0;
24425 }
24426
24427-static struct backlight_ops asus_backlight_data = {
24428+static const struct backlight_ops asus_backlight_data = {
24429 .get_brightness = read_brightness,
24430 .update_status = set_brightness_status,
24431 };
24432diff -urNp linux-2.6.32.8/drivers/platform/x86/asus-laptop.c linux-2.6.32.8/drivers/platform/x86/asus-laptop.c
24433--- linux-2.6.32.8/drivers/platform/x86/asus-laptop.c 2010-02-09 07:57:19.000000000 -0500
24434+++ linux-2.6.32.8/drivers/platform/x86/asus-laptop.c 2010-02-13 21:45:10.331560373 -0500
24435@@ -250,7 +250,7 @@ static struct backlight_device *asus_bac
24436 */
24437 static int read_brightness(struct backlight_device *bd);
24438 static int update_bl_status(struct backlight_device *bd);
24439-static struct backlight_ops asusbl_ops = {
24440+static const struct backlight_ops asusbl_ops = {
24441 .get_brightness = read_brightness,
24442 .update_status = update_bl_status,
24443 };
24444diff -urNp linux-2.6.32.8/drivers/platform/x86/compal-laptop.c linux-2.6.32.8/drivers/platform/x86/compal-laptop.c
24445--- linux-2.6.32.8/drivers/platform/x86/compal-laptop.c 2010-02-09 07:57:19.000000000 -0500
24446+++ linux-2.6.32.8/drivers/platform/x86/compal-laptop.c 2010-02-13 21:45:10.331560373 -0500
24447@@ -163,7 +163,7 @@ static int bl_update_status(struct backl
24448 return set_lcd_level(b->props.brightness);
24449 }
24450
24451-static struct backlight_ops compalbl_ops = {
24452+static const struct backlight_ops compalbl_ops = {
24453 .get_brightness = bl_get_brightness,
24454 .update_status = bl_update_status,
24455 };
24456diff -urNp linux-2.6.32.8/drivers/platform/x86/dell-laptop.c linux-2.6.32.8/drivers/platform/x86/dell-laptop.c
24457--- linux-2.6.32.8/drivers/platform/x86/dell-laptop.c 2010-02-09 07:57:19.000000000 -0500
24458+++ linux-2.6.32.8/drivers/platform/x86/dell-laptop.c 2010-02-13 21:45:10.331560373 -0500
24459@@ -305,7 +305,7 @@ static int dell_get_intensity(struct bac
24460 return buffer.output[1];
24461 }
24462
24463-static struct backlight_ops dell_ops = {
24464+static const struct backlight_ops dell_ops = {
24465 .get_brightness = dell_get_intensity,
24466 .update_status = dell_send_intensity,
24467 };
24468diff -urNp linux-2.6.32.8/drivers/platform/x86/eeepc-laptop.c linux-2.6.32.8/drivers/platform/x86/eeepc-laptop.c
24469--- linux-2.6.32.8/drivers/platform/x86/eeepc-laptop.c 2010-02-09 07:57:19.000000000 -0500
24470+++ linux-2.6.32.8/drivers/platform/x86/eeepc-laptop.c 2010-02-13 21:45:10.331560373 -0500
24471@@ -242,7 +242,7 @@ static struct device *eeepc_hwmon_device
24472 */
24473 static int read_brightness(struct backlight_device *bd);
24474 static int update_bl_status(struct backlight_device *bd);
24475-static struct backlight_ops eeepcbl_ops = {
24476+static const struct backlight_ops eeepcbl_ops = {
24477 .get_brightness = read_brightness,
24478 .update_status = update_bl_status,
24479 };
24480diff -urNp linux-2.6.32.8/drivers/platform/x86/fujitsu-laptop.c linux-2.6.32.8/drivers/platform/x86/fujitsu-laptop.c
24481--- linux-2.6.32.8/drivers/platform/x86/fujitsu-laptop.c 2010-02-09 07:57:19.000000000 -0500
24482+++ linux-2.6.32.8/drivers/platform/x86/fujitsu-laptop.c 2010-02-13 21:45:10.331560373 -0500
24483@@ -436,7 +436,7 @@ static int bl_update_status(struct backl
24484 return ret;
24485 }
24486
24487-static struct backlight_ops fujitsubl_ops = {
24488+static const struct backlight_ops fujitsubl_ops = {
24489 .get_brightness = bl_get_brightness,
24490 .update_status = bl_update_status,
24491 };
24492diff -urNp linux-2.6.32.8/drivers/platform/x86/msi-laptop.c linux-2.6.32.8/drivers/platform/x86/msi-laptop.c
24493--- linux-2.6.32.8/drivers/platform/x86/msi-laptop.c 2010-02-09 07:57:19.000000000 -0500
24494+++ linux-2.6.32.8/drivers/platform/x86/msi-laptop.c 2010-02-13 21:45:10.331560373 -0500
24495@@ -161,7 +161,7 @@ static int bl_update_status(struct backl
24496 return set_lcd_level(b->props.brightness);
24497 }
24498
24499-static struct backlight_ops msibl_ops = {
24500+static const struct backlight_ops msibl_ops = {
24501 .get_brightness = bl_get_brightness,
24502 .update_status = bl_update_status,
24503 };
24504diff -urNp linux-2.6.32.8/drivers/platform/x86/panasonic-laptop.c linux-2.6.32.8/drivers/platform/x86/panasonic-laptop.c
24505--- linux-2.6.32.8/drivers/platform/x86/panasonic-laptop.c 2010-02-09 07:57:19.000000000 -0500
24506+++ linux-2.6.32.8/drivers/platform/x86/panasonic-laptop.c 2010-02-13 21:45:10.332951292 -0500
24507@@ -352,7 +352,7 @@ static int bl_set_status(struct backligh
24508 return acpi_pcc_write_sset(pcc, SINF_DC_CUR_BRIGHT, bright);
24509 }
24510
24511-static struct backlight_ops pcc_backlight_ops = {
24512+static const struct backlight_ops pcc_backlight_ops = {
24513 .get_brightness = bl_get,
24514 .update_status = bl_set_status,
24515 };
24516diff -urNp linux-2.6.32.8/drivers/platform/x86/sony-laptop.c linux-2.6.32.8/drivers/platform/x86/sony-laptop.c
24517--- linux-2.6.32.8/drivers/platform/x86/sony-laptop.c 2010-02-09 07:57:19.000000000 -0500
24518+++ linux-2.6.32.8/drivers/platform/x86/sony-laptop.c 2010-02-13 21:45:10.333721156 -0500
24519@@ -850,7 +850,7 @@ static int sony_backlight_get_brightness
24520 }
24521
24522 static struct backlight_device *sony_backlight_device;
24523-static struct backlight_ops sony_backlight_ops = {
24524+static const struct backlight_ops sony_backlight_ops = {
24525 .update_status = sony_backlight_update_status,
24526 .get_brightness = sony_backlight_get_brightness,
24527 };
24528diff -urNp linux-2.6.32.8/drivers/platform/x86/thinkpad_acpi.c linux-2.6.32.8/drivers/platform/x86/thinkpad_acpi.c
24529--- linux-2.6.32.8/drivers/platform/x86/thinkpad_acpi.c 2010-02-09 07:57:19.000000000 -0500
24530+++ linux-2.6.32.8/drivers/platform/x86/thinkpad_acpi.c 2010-02-13 21:45:10.334955247 -0500
24531@@ -6073,7 +6073,7 @@ static int brightness_get(struct backlig
24532 return status & TP_EC_BACKLIGHT_LVLMSK;
24533 }
24534
24535-static struct backlight_ops ibm_backlight_data = {
24536+static const struct backlight_ops ibm_backlight_data = {
24537 .get_brightness = brightness_get,
24538 .update_status = brightness_update_status,
24539 };
24540diff -urNp linux-2.6.32.8/drivers/platform/x86/toshiba_acpi.c linux-2.6.32.8/drivers/platform/x86/toshiba_acpi.c
24541--- linux-2.6.32.8/drivers/platform/x86/toshiba_acpi.c 2010-02-09 07:57:19.000000000 -0500
24542+++ linux-2.6.32.8/drivers/platform/x86/toshiba_acpi.c 2010-02-13 21:45:10.335648314 -0500
24543@@ -671,7 +671,7 @@ static acpi_status remove_device(void)
24544 return AE_OK;
24545 }
24546
24547-static struct backlight_ops toshiba_backlight_data = {
24548+static const struct backlight_ops toshiba_backlight_data = {
24549 .get_brightness = get_lcd,
24550 .update_status = set_lcd_status,
24551 };
24552diff -urNp linux-2.6.32.8/drivers/pnp/pnpbios/bioscalls.c linux-2.6.32.8/drivers/pnp/pnpbios/bioscalls.c
24553--- linux-2.6.32.8/drivers/pnp/pnpbios/bioscalls.c 2010-02-09 07:57:19.000000000 -0500
24554+++ linux-2.6.32.8/drivers/pnp/pnpbios/bioscalls.c 2010-02-13 21:45:10.335648314 -0500
24555@@ -60,7 +60,7 @@ do { \
24556 set_desc_limit(&gdt[(selname) >> 3], (size) - 1); \
24557 } while(0)
24558
24559-static struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4092,
24560+static const struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4093,
24561 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1);
24562
24563 /*
24564@@ -97,7 +97,10 @@ static inline u16 call_pnp_bios(u16 func
24565
24566 cpu = get_cpu();
24567 save_desc_40 = get_cpu_gdt_table(cpu)[0x40 / 8];
24568+
24569+ pax_open_kernel();
24570 get_cpu_gdt_table(cpu)[0x40 / 8] = bad_bios_desc;
24571+ pax_close_kernel();
24572
24573 /* On some boxes IRQ's during PnP BIOS calls are deadly. */
24574 spin_lock_irqsave(&pnp_bios_lock, flags);
24575@@ -135,7 +138,10 @@ static inline u16 call_pnp_bios(u16 func
24576 :"memory");
24577 spin_unlock_irqrestore(&pnp_bios_lock, flags);
24578
24579+ pax_open_kernel();
24580 get_cpu_gdt_table(cpu)[0x40 / 8] = save_desc_40;
24581+ pax_close_kernel();
24582+
24583 put_cpu();
24584
24585 /* If we get here and this is set then the PnP BIOS faulted on us. */
24586@@ -469,7 +475,7 @@ int pnp_bios_read_escd(char *data, u32 n
24587 return status;
24588 }
24589
24590-void pnpbios_calls_init(union pnp_bios_install_struct *header)
24591+void __init pnpbios_calls_init(union pnp_bios_install_struct *header)
24592 {
24593 int i;
24594
24595@@ -477,6 +483,8 @@ void pnpbios_calls_init(union pnp_bios_i
24596 pnp_bios_callpoint.offset = header->fields.pm16offset;
24597 pnp_bios_callpoint.segment = PNP_CS16;
24598
24599+ pax_open_kernel();
24600+
24601 for_each_possible_cpu(i) {
24602 struct desc_struct *gdt = get_cpu_gdt_table(i);
24603 if (!gdt)
24604@@ -488,4 +496,6 @@ void pnpbios_calls_init(union pnp_bios_i
24605 set_desc_base(&gdt[GDT_ENTRY_PNPBIOS_DS],
24606 (unsigned long)__va(header->fields.pm16dseg));
24607 }
24608+
24609+ pax_close_kernel();
24610 }
24611diff -urNp linux-2.6.32.8/drivers/pnp/quirks.c linux-2.6.32.8/drivers/pnp/quirks.c
24612--- linux-2.6.32.8/drivers/pnp/quirks.c 2010-02-09 07:57:19.000000000 -0500
24613+++ linux-2.6.32.8/drivers/pnp/quirks.c 2010-02-13 21:45:10.335648314 -0500
24614@@ -327,7 +327,7 @@ static struct pnp_fixup pnp_fixups[] = {
24615 /* PnP resources that might overlap PCI BARs */
24616 {"PNP0c01", quirk_system_pci_resources},
24617 {"PNP0c02", quirk_system_pci_resources},
24618- {""}
24619+ {"", NULL}
24620 };
24621
24622 void pnp_fixup_device(struct pnp_dev *dev)
24623diff -urNp linux-2.6.32.8/drivers/pnp/resource.c linux-2.6.32.8/drivers/pnp/resource.c
24624--- linux-2.6.32.8/drivers/pnp/resource.c 2010-02-09 07:57:19.000000000 -0500
24625+++ linux-2.6.32.8/drivers/pnp/resource.c 2010-02-13 21:45:10.335648314 -0500
24626@@ -355,7 +355,7 @@ int pnp_check_irq(struct pnp_dev *dev, s
24627 return 1;
24628
24629 /* check if the resource is valid */
24630- if (*irq < 0 || *irq > 15)
24631+ if (*irq > 15)
24632 return 0;
24633
24634 /* check if the resource is reserved */
24635@@ -419,7 +419,7 @@ int pnp_check_dma(struct pnp_dev *dev, s
24636 return 1;
24637
24638 /* check if the resource is valid */
24639- if (*dma < 0 || *dma == 4 || *dma > 7)
24640+ if (*dma == 4 || *dma > 7)
24641 return 0;
24642
24643 /* check if the resource is reserved */
24644diff -urNp linux-2.6.32.8/drivers/s390/cio/qdio_perf.c linux-2.6.32.8/drivers/s390/cio/qdio_perf.c
24645--- linux-2.6.32.8/drivers/s390/cio/qdio_perf.c 2010-02-09 07:57:19.000000000 -0500
24646+++ linux-2.6.32.8/drivers/s390/cio/qdio_perf.c 2010-02-13 21:45:10.335648314 -0500
24647@@ -31,51 +31,51 @@ static struct proc_dir_entry *qdio_perf_
24648 static int qdio_perf_proc_show(struct seq_file *m, void *v)
24649 {
24650 seq_printf(m, "Number of qdio interrupts\t\t\t: %li\n",
24651- (long)atomic_long_read(&perf_stats.qdio_int));
24652+ (long)atomic_long_read_unchecked(&perf_stats.qdio_int));
24653 seq_printf(m, "Number of PCI interrupts\t\t\t: %li\n",
24654- (long)atomic_long_read(&perf_stats.pci_int));
24655+ (long)atomic_long_read_unchecked(&perf_stats.pci_int));
24656 seq_printf(m, "Number of adapter interrupts\t\t\t: %li\n",
24657- (long)atomic_long_read(&perf_stats.thin_int));
24658+ (long)atomic_long_read_unchecked(&perf_stats.thin_int));
24659 seq_printf(m, "\n");
24660 seq_printf(m, "Inbound tasklet runs\t\t\t\t: %li\n",
24661- (long)atomic_long_read(&perf_stats.tasklet_inbound));
24662+ (long)atomic_long_read_unchecked(&perf_stats.tasklet_inbound));
24663 seq_printf(m, "Outbound tasklet runs\t\t\t\t: %li\n",
24664- (long)atomic_long_read(&perf_stats.tasklet_outbound));
24665+ (long)atomic_long_read_unchecked(&perf_stats.tasklet_outbound));
24666 seq_printf(m, "Adapter interrupt tasklet runs/loops\t\t: %li/%li\n",
24667- (long)atomic_long_read(&perf_stats.tasklet_thinint),
24668- (long)atomic_long_read(&perf_stats.tasklet_thinint_loop));
24669+ (long)atomic_long_read_unchecked(&perf_stats.tasklet_thinint),
24670+ (long)atomic_long_read_unchecked(&perf_stats.tasklet_thinint_loop));
24671 seq_printf(m, "Adapter interrupt inbound tasklet runs/loops\t: %li/%li\n",
24672- (long)atomic_long_read(&perf_stats.thinint_inbound),
24673- (long)atomic_long_read(&perf_stats.thinint_inbound_loop));
24674+ (long)atomic_long_read_unchecked(&perf_stats.thinint_inbound),
24675+ (long)atomic_long_read_unchecked(&perf_stats.thinint_inbound_loop));
24676 seq_printf(m, "\n");
24677 seq_printf(m, "Number of SIGA In issued\t\t\t: %li\n",
24678- (long)atomic_long_read(&perf_stats.siga_in));
24679+ (long)atomic_long_read_unchecked(&perf_stats.siga_in));
24680 seq_printf(m, "Number of SIGA Out issued\t\t\t: %li\n",
24681- (long)atomic_long_read(&perf_stats.siga_out));
24682+ (long)atomic_long_read_unchecked(&perf_stats.siga_out));
24683 seq_printf(m, "Number of SIGA Sync issued\t\t\t: %li\n",
24684- (long)atomic_long_read(&perf_stats.siga_sync));
24685+ (long)atomic_long_read_unchecked(&perf_stats.siga_sync));
24686 seq_printf(m, "\n");
24687 seq_printf(m, "Number of inbound transfers\t\t\t: %li\n",
24688- (long)atomic_long_read(&perf_stats.inbound_handler));
24689+ (long)atomic_long_read_unchecked(&perf_stats.inbound_handler));
24690 seq_printf(m, "Number of outbound transfers\t\t\t: %li\n",
24691- (long)atomic_long_read(&perf_stats.outbound_handler));
24692+ (long)atomic_long_read_unchecked(&perf_stats.outbound_handler));
24693 seq_printf(m, "\n");
24694 seq_printf(m, "Number of fast requeues (outg. SBAL w/o SIGA)\t: %li\n",
24695- (long)atomic_long_read(&perf_stats.fast_requeue));
24696+ (long)atomic_long_read_unchecked(&perf_stats.fast_requeue));
24697 seq_printf(m, "Number of outbound target full condition\t: %li\n",
24698- (long)atomic_long_read(&perf_stats.outbound_target_full));
24699+ (long)atomic_long_read_unchecked(&perf_stats.outbound_target_full));
24700 seq_printf(m, "Number of outbound tasklet mod_timer calls\t: %li\n",
24701- (long)atomic_long_read(&perf_stats.debug_tl_out_timer));
24702+ (long)atomic_long_read_unchecked(&perf_stats.debug_tl_out_timer));
24703 seq_printf(m, "Number of stop polling calls\t\t\t: %li\n",
24704- (long)atomic_long_read(&perf_stats.debug_stop_polling));
24705+ (long)atomic_long_read_unchecked(&perf_stats.debug_stop_polling));
24706 seq_printf(m, "AI inbound tasklet loops after stop polling\t: %li\n",
24707- (long)atomic_long_read(&perf_stats.thinint_inbound_loop2));
24708+ (long)atomic_long_read_unchecked(&perf_stats.thinint_inbound_loop2));
24709 seq_printf(m, "QEBSM EQBS total/incomplete\t\t\t: %li/%li\n",
24710- (long)atomic_long_read(&perf_stats.debug_eqbs_all),
24711- (long)atomic_long_read(&perf_stats.debug_eqbs_incomplete));
24712+ (long)atomic_long_read_unchecked(&perf_stats.debug_eqbs_all),
24713+ (long)atomic_long_read_unchecked(&perf_stats.debug_eqbs_incomplete));
24714 seq_printf(m, "QEBSM SQBS total/incomplete\t\t\t: %li/%li\n",
24715- (long)atomic_long_read(&perf_stats.debug_sqbs_all),
24716- (long)atomic_long_read(&perf_stats.debug_sqbs_incomplete));
24717+ (long)atomic_long_read_unchecked(&perf_stats.debug_sqbs_all),
24718+ (long)atomic_long_read_unchecked(&perf_stats.debug_sqbs_incomplete));
24719 seq_printf(m, "\n");
24720 return 0;
24721 }
24722diff -urNp linux-2.6.32.8/drivers/s390/cio/qdio_perf.h linux-2.6.32.8/drivers/s390/cio/qdio_perf.h
24723--- linux-2.6.32.8/drivers/s390/cio/qdio_perf.h 2010-02-09 07:57:19.000000000 -0500
24724+++ linux-2.6.32.8/drivers/s390/cio/qdio_perf.h 2010-02-13 21:45:10.336669798 -0500
24725@@ -13,46 +13,46 @@
24726
24727 struct qdio_perf_stats {
24728 /* interrupt handler calls */
24729- atomic_long_t qdio_int;
24730- atomic_long_t pci_int;
24731- atomic_long_t thin_int;
24732+ atomic_long_unchecked_t qdio_int;
24733+ atomic_long_unchecked_t pci_int;
24734+ atomic_long_unchecked_t thin_int;
24735
24736 /* tasklet runs */
24737- atomic_long_t tasklet_inbound;
24738- atomic_long_t tasklet_outbound;
24739- atomic_long_t tasklet_thinint;
24740- atomic_long_t tasklet_thinint_loop;
24741- atomic_long_t thinint_inbound;
24742- atomic_long_t thinint_inbound_loop;
24743- atomic_long_t thinint_inbound_loop2;
24744+ atomic_long_unchecked_t tasklet_inbound;
24745+ atomic_long_unchecked_t tasklet_outbound;
24746+ atomic_long_unchecked_t tasklet_thinint;
24747+ atomic_long_unchecked_t tasklet_thinint_loop;
24748+ atomic_long_unchecked_t thinint_inbound;
24749+ atomic_long_unchecked_t thinint_inbound_loop;
24750+ atomic_long_unchecked_t thinint_inbound_loop2;
24751
24752 /* signal adapter calls */
24753- atomic_long_t siga_out;
24754- atomic_long_t siga_in;
24755- atomic_long_t siga_sync;
24756+ atomic_long_unchecked_t siga_out;
24757+ atomic_long_unchecked_t siga_in;
24758+ atomic_long_unchecked_t siga_sync;
24759
24760 /* misc */
24761- atomic_long_t inbound_handler;
24762- atomic_long_t outbound_handler;
24763- atomic_long_t fast_requeue;
24764- atomic_long_t outbound_target_full;
24765+ atomic_long_unchecked_t inbound_handler;
24766+ atomic_long_unchecked_t outbound_handler;
24767+ atomic_long_unchecked_t fast_requeue;
24768+ atomic_long_unchecked_t outbound_target_full;
24769
24770 /* for debugging */
24771- atomic_long_t debug_tl_out_timer;
24772- atomic_long_t debug_stop_polling;
24773- atomic_long_t debug_eqbs_all;
24774- atomic_long_t debug_eqbs_incomplete;
24775- atomic_long_t debug_sqbs_all;
24776- atomic_long_t debug_sqbs_incomplete;
24777+ atomic_long_unchecked_t debug_tl_out_timer;
24778+ atomic_long_unchecked_t debug_stop_polling;
24779+ atomic_long_unchecked_t debug_eqbs_all;
24780+ atomic_long_unchecked_t debug_eqbs_incomplete;
24781+ atomic_long_unchecked_t debug_sqbs_all;
24782+ atomic_long_unchecked_t debug_sqbs_incomplete;
24783 };
24784
24785 extern struct qdio_perf_stats perf_stats;
24786 extern int qdio_performance_stats;
24787
24788-static inline void qdio_perf_stat_inc(atomic_long_t *count)
24789+static inline void qdio_perf_stat_inc(atomic_long_unchecked_t *count)
24790 {
24791 if (qdio_performance_stats)
24792- atomic_long_inc(count);
24793+ atomic_long_inc_unchecked(count);
24794 }
24795
24796 int qdio_setup_perf_stats(void);
24797diff -urNp linux-2.6.32.8/drivers/scsi/ipr.c linux-2.6.32.8/drivers/scsi/ipr.c
24798--- linux-2.6.32.8/drivers/scsi/ipr.c 2010-02-09 07:57:19.000000000 -0500
24799+++ linux-2.6.32.8/drivers/scsi/ipr.c 2010-02-13 21:45:10.370958126 -0500
24800@@ -5286,7 +5286,7 @@ static bool ipr_qc_fill_rtf(struct ata_q
24801 return true;
24802 }
24803
24804-static struct ata_port_operations ipr_sata_ops = {
24805+static const struct ata_port_operations ipr_sata_ops = {
24806 .phy_reset = ipr_ata_phy_reset,
24807 .hardreset = ipr_sata_reset,
24808 .post_internal_cmd = ipr_ata_post_internal,
24809diff -urNp linux-2.6.32.8/drivers/scsi/libfc/fc_exch.c linux-2.6.32.8/drivers/scsi/libfc/fc_exch.c
24810--- linux-2.6.32.8/drivers/scsi/libfc/fc_exch.c 2010-02-09 07:57:19.000000000 -0500
24811+++ linux-2.6.32.8/drivers/scsi/libfc/fc_exch.c 2010-02-13 21:45:10.441707501 -0500
24812@@ -86,12 +86,12 @@ struct fc_exch_mgr {
24813 * all together if not used XXX
24814 */
24815 struct {
24816- atomic_t no_free_exch;
24817- atomic_t no_free_exch_xid;
24818- atomic_t xid_not_found;
24819- atomic_t xid_busy;
24820- atomic_t seq_not_found;
24821- atomic_t non_bls_resp;
24822+ atomic_unchecked_t no_free_exch;
24823+ atomic_unchecked_t no_free_exch_xid;
24824+ atomic_unchecked_t xid_not_found;
24825+ atomic_unchecked_t xid_busy;
24826+ atomic_unchecked_t seq_not_found;
24827+ atomic_unchecked_t non_bls_resp;
24828 } stats;
24829 };
24830 #define fc_seq_exch(sp) container_of(sp, struct fc_exch, seq)
24831@@ -510,7 +510,7 @@ static struct fc_exch *fc_exch_em_alloc(
24832 /* allocate memory for exchange */
24833 ep = mempool_alloc(mp->ep_pool, GFP_ATOMIC);
24834 if (!ep) {
24835- atomic_inc(&mp->stats.no_free_exch);
24836+ atomic_inc_unchecked(&mp->stats.no_free_exch);
24837 goto out;
24838 }
24839 memset(ep, 0, sizeof(*ep));
24840@@ -557,7 +557,7 @@ out:
24841 return ep;
24842 err:
24843 spin_unlock_bh(&pool->lock);
24844- atomic_inc(&mp->stats.no_free_exch_xid);
24845+ atomic_inc_unchecked(&mp->stats.no_free_exch_xid);
24846 mempool_free(ep, mp->ep_pool);
24847 return NULL;
24848 }
24849@@ -690,7 +690,7 @@ static enum fc_pf_rjt_reason fc_seq_look
24850 xid = ntohs(fh->fh_ox_id); /* we originated exch */
24851 ep = fc_exch_find(mp, xid);
24852 if (!ep) {
24853- atomic_inc(&mp->stats.xid_not_found);
24854+ atomic_inc_unchecked(&mp->stats.xid_not_found);
24855 reject = FC_RJT_OX_ID;
24856 goto out;
24857 }
24858@@ -720,7 +720,7 @@ static enum fc_pf_rjt_reason fc_seq_look
24859 ep = fc_exch_find(mp, xid);
24860 if ((f_ctl & FC_FC_FIRST_SEQ) && fc_sof_is_init(fr_sof(fp))) {
24861 if (ep) {
24862- atomic_inc(&mp->stats.xid_busy);
24863+ atomic_inc_unchecked(&mp->stats.xid_busy);
24864 reject = FC_RJT_RX_ID;
24865 goto rel;
24866 }
24867@@ -731,7 +731,7 @@ static enum fc_pf_rjt_reason fc_seq_look
24868 }
24869 xid = ep->xid; /* get our XID */
24870 } else if (!ep) {
24871- atomic_inc(&mp->stats.xid_not_found);
24872+ atomic_inc_unchecked(&mp->stats.xid_not_found);
24873 reject = FC_RJT_RX_ID; /* XID not found */
24874 goto out;
24875 }
24876@@ -752,7 +752,7 @@ static enum fc_pf_rjt_reason fc_seq_look
24877 } else {
24878 sp = &ep->seq;
24879 if (sp->id != fh->fh_seq_id) {
24880- atomic_inc(&mp->stats.seq_not_found);
24881+ atomic_inc_unchecked(&mp->stats.seq_not_found);
24882 reject = FC_RJT_SEQ_ID; /* sequence/exch should exist */
24883 goto rel;
24884 }
24885@@ -1163,22 +1163,22 @@ static void fc_exch_recv_seq_resp(struct
24886
24887 ep = fc_exch_find(mp, ntohs(fh->fh_ox_id));
24888 if (!ep) {
24889- atomic_inc(&mp->stats.xid_not_found);
24890+ atomic_inc_unchecked(&mp->stats.xid_not_found);
24891 goto out;
24892 }
24893 if (ep->esb_stat & ESB_ST_COMPLETE) {
24894- atomic_inc(&mp->stats.xid_not_found);
24895+ atomic_inc_unchecked(&mp->stats.xid_not_found);
24896 goto out;
24897 }
24898 if (ep->rxid == FC_XID_UNKNOWN)
24899 ep->rxid = ntohs(fh->fh_rx_id);
24900 if (ep->sid != 0 && ep->sid != ntoh24(fh->fh_d_id)) {
24901- atomic_inc(&mp->stats.xid_not_found);
24902+ atomic_inc_unchecked(&mp->stats.xid_not_found);
24903 goto rel;
24904 }
24905 if (ep->did != ntoh24(fh->fh_s_id) &&
24906 ep->did != FC_FID_FLOGI) {
24907- atomic_inc(&mp->stats.xid_not_found);
24908+ atomic_inc_unchecked(&mp->stats.xid_not_found);
24909 goto rel;
24910 }
24911 sof = fr_sof(fp);
24912@@ -1189,7 +1189,7 @@ static void fc_exch_recv_seq_resp(struct
24913 } else {
24914 sp = &ep->seq;
24915 if (sp->id != fh->fh_seq_id) {
24916- atomic_inc(&mp->stats.seq_not_found);
24917+ atomic_inc_unchecked(&mp->stats.seq_not_found);
24918 goto rel;
24919 }
24920 }
24921@@ -1249,9 +1249,9 @@ static void fc_exch_recv_resp(struct fc_
24922 sp = fc_seq_lookup_orig(mp, fp); /* doesn't hold sequence */
24923
24924 if (!sp)
24925- atomic_inc(&mp->stats.xid_not_found);
24926+ atomic_inc_unchecked(&mp->stats.xid_not_found);
24927 else
24928- atomic_inc(&mp->stats.non_bls_resp);
24929+ atomic_inc_unchecked(&mp->stats.non_bls_resp);
24930
24931 fc_frame_free(fp);
24932 }
24933diff -urNp linux-2.6.32.8/drivers/scsi/libsas/sas_ata.c linux-2.6.32.8/drivers/scsi/libsas/sas_ata.c
24934--- linux-2.6.32.8/drivers/scsi/libsas/sas_ata.c 2010-02-09 07:57:19.000000000 -0500
24935+++ linux-2.6.32.8/drivers/scsi/libsas/sas_ata.c 2010-02-13 21:45:10.458739896 -0500
24936@@ -343,7 +343,7 @@ static int sas_ata_scr_read(struct ata_l
24937 }
24938 }
24939
24940-static struct ata_port_operations sas_sata_ops = {
24941+static const struct ata_port_operations sas_sata_ops = {
24942 .phy_reset = sas_ata_phy_reset,
24943 .post_internal_cmd = sas_ata_post_internal,
24944 .qc_prep = ata_noop_qc_prep,
24945diff -urNp linux-2.6.32.8/drivers/scsi/scsi_logging.h linux-2.6.32.8/drivers/scsi/scsi_logging.h
24946--- linux-2.6.32.8/drivers/scsi/scsi_logging.h 2010-02-09 07:57:19.000000000 -0500
24947+++ linux-2.6.32.8/drivers/scsi/scsi_logging.h 2010-02-13 21:45:10.464989461 -0500
24948@@ -51,7 +51,7 @@ do { \
24949 } while (0); \
24950 } while (0)
24951 #else
24952-#define SCSI_CHECK_LOGGING(SHIFT, BITS, LEVEL, CMD)
24953+#define SCSI_CHECK_LOGGING(SHIFT, BITS, LEVEL, CMD) do {} while (0)
24954 #endif /* CONFIG_SCSI_LOGGING */
24955
24956 /*
24957diff -urNp linux-2.6.32.8/drivers/scsi/sg.c linux-2.6.32.8/drivers/scsi/sg.c
24958--- linux-2.6.32.8/drivers/scsi/sg.c 2010-02-09 07:57:19.000000000 -0500
24959+++ linux-2.6.32.8/drivers/scsi/sg.c 2010-02-13 21:45:10.480707047 -0500
24960@@ -2292,7 +2292,7 @@ struct sg_proc_leaf {
24961 const struct file_operations * fops;
24962 };
24963
24964-static struct sg_proc_leaf sg_proc_leaf_arr[] = {
24965+static const struct sg_proc_leaf sg_proc_leaf_arr[] = {
24966 {"allow_dio", &adio_fops},
24967 {"debug", &debug_fops},
24968 {"def_reserved_size", &dressz_fops},
24969@@ -2307,7 +2307,7 @@ sg_proc_init(void)
24970 {
24971 int k, mask;
24972 int num_leaves = ARRAY_SIZE(sg_proc_leaf_arr);
24973- struct sg_proc_leaf * leaf;
24974+ const struct sg_proc_leaf * leaf;
24975
24976 sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL);
24977 if (!sg_proc_sgp)
24978diff -urNp linux-2.6.32.8/drivers/serial/8250_pci.c linux-2.6.32.8/drivers/serial/8250_pci.c
24979--- linux-2.6.32.8/drivers/serial/8250_pci.c 2010-02-09 07:57:19.000000000 -0500
24980+++ linux-2.6.32.8/drivers/serial/8250_pci.c 2010-02-13 21:45:10.481540388 -0500
24981@@ -3664,7 +3664,7 @@ static struct pci_device_id serial_pci_t
24982 PCI_ANY_ID, PCI_ANY_ID,
24983 PCI_CLASS_COMMUNICATION_MULTISERIAL << 8,
24984 0xffff00, pbn_default },
24985- { 0, }
24986+ { 0, 0, 0, 0, 0, 0, 0 }
24987 };
24988
24989 static struct pci_driver serial_pci_driver = {
24990diff -urNp linux-2.6.32.8/drivers/serial/kgdboc.c linux-2.6.32.8/drivers/serial/kgdboc.c
24991--- linux-2.6.32.8/drivers/serial/kgdboc.c 2010-02-09 07:57:19.000000000 -0500
24992+++ linux-2.6.32.8/drivers/serial/kgdboc.c 2010-02-13 21:45:10.481540388 -0500
24993@@ -18,7 +18,7 @@
24994
24995 #define MAX_CONFIG_LEN 40
24996
24997-static struct kgdb_io kgdboc_io_ops;
24998+static const struct kgdb_io kgdboc_io_ops;
24999
25000 /* -1 = init not run yet, 0 = unconfigured, 1 = configured. */
25001 static int configured = -1;
25002@@ -154,7 +154,7 @@ static void kgdboc_post_exp_handler(void
25003 module_put(THIS_MODULE);
25004 }
25005
25006-static struct kgdb_io kgdboc_io_ops = {
25007+static const struct kgdb_io kgdboc_io_ops = {
25008 .name = "kgdboc",
25009 .read_char = kgdboc_get_char,
25010 .write_char = kgdboc_put_char,
25011diff -urNp linux-2.6.32.8/drivers/staging/android/binder.c linux-2.6.32.8/drivers/staging/android/binder.c
25012--- linux-2.6.32.8/drivers/staging/android/binder.c 2010-02-09 07:57:19.000000000 -0500
25013+++ linux-2.6.32.8/drivers/staging/android/binder.c 2010-02-13 21:45:10.481540388 -0500
25014@@ -2756,7 +2756,7 @@ static void binder_vma_close(struct vm_a
25015 binder_defer_work(proc, BINDER_DEFERRED_PUT_FILES);
25016 }
25017
25018-static struct vm_operations_struct binder_vm_ops = {
25019+static const struct vm_operations_struct binder_vm_ops = {
25020 .open = binder_vma_open,
25021 .close = binder_vma_close,
25022 };
25023diff -urNp linux-2.6.32.8/drivers/staging/b3dfg/b3dfg.c linux-2.6.32.8/drivers/staging/b3dfg/b3dfg.c
25024--- linux-2.6.32.8/drivers/staging/b3dfg/b3dfg.c 2010-02-09 07:57:19.000000000 -0500
25025+++ linux-2.6.32.8/drivers/staging/b3dfg/b3dfg.c 2010-02-13 21:45:10.482757658 -0500
25026@@ -455,7 +455,7 @@ static int b3dfg_vma_fault(struct vm_are
25027 return VM_FAULT_NOPAGE;
25028 }
25029
25030-static struct vm_operations_struct b3dfg_vm_ops = {
25031+static const struct vm_operations_struct b3dfg_vm_ops = {
25032 .fault = b3dfg_vma_fault,
25033 };
25034
25035@@ -848,7 +848,7 @@ static int b3dfg_mmap(struct file *filp,
25036 return r;
25037 }
25038
25039-static struct file_operations b3dfg_fops = {
25040+static const struct file_operations b3dfg_fops = {
25041 .owner = THIS_MODULE,
25042 .open = b3dfg_open,
25043 .release = b3dfg_release,
25044diff -urNp linux-2.6.32.8/drivers/staging/comedi/comedi_fops.c linux-2.6.32.8/drivers/staging/comedi/comedi_fops.c
25045--- linux-2.6.32.8/drivers/staging/comedi/comedi_fops.c 2010-02-09 07:57:19.000000000 -0500
25046+++ linux-2.6.32.8/drivers/staging/comedi/comedi_fops.c 2010-02-13 21:45:10.482757658 -0500
25047@@ -1389,7 +1389,7 @@ void comedi_unmap(struct vm_area_struct
25048 mutex_unlock(&dev->mutex);
25049 }
25050
25051-static struct vm_operations_struct comedi_vm_ops = {
25052+static const struct vm_operations_struct comedi_vm_ops = {
25053 .close = comedi_unmap,
25054 };
25055
25056diff -urNp linux-2.6.32.8/drivers/staging/dream/qdsp5/adsp_driver.c linux-2.6.32.8/drivers/staging/dream/qdsp5/adsp_driver.c
25057--- linux-2.6.32.8/drivers/staging/dream/qdsp5/adsp_driver.c 2010-02-09 07:57:19.000000000 -0500
25058+++ linux-2.6.32.8/drivers/staging/dream/qdsp5/adsp_driver.c 2010-02-13 21:45:10.483595617 -0500
25059@@ -576,7 +576,7 @@ static struct adsp_device *inode_to_devi
25060 static dev_t adsp_devno;
25061 static struct class *adsp_class;
25062
25063-static struct file_operations adsp_fops = {
25064+static const struct file_operations adsp_fops = {
25065 .owner = THIS_MODULE,
25066 .open = adsp_open,
25067 .unlocked_ioctl = adsp_ioctl,
25068diff -urNp linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_aac.c linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_aac.c
25069--- linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_aac.c 2010-02-09 07:57:19.000000000 -0500
25070+++ linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_aac.c 2010-02-13 21:45:10.483595617 -0500
25071@@ -1022,7 +1022,7 @@ done:
25072 return rc;
25073 }
25074
25075-static struct file_operations audio_aac_fops = {
25076+static const struct file_operations audio_aac_fops = {
25077 .owner = THIS_MODULE,
25078 .open = audio_open,
25079 .release = audio_release,
25080diff -urNp linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_amrnb.c linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_amrnb.c
25081--- linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_amrnb.c 2010-02-09 07:57:19.000000000 -0500
25082+++ linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_amrnb.c 2010-02-13 21:45:10.483595617 -0500
25083@@ -833,7 +833,7 @@ done:
25084 return rc;
25085 }
25086
25087-static struct file_operations audio_amrnb_fops = {
25088+static const struct file_operations audio_amrnb_fops = {
25089 .owner = THIS_MODULE,
25090 .open = audamrnb_open,
25091 .release = audamrnb_release,
25092diff -urNp linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_evrc.c linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_evrc.c
25093--- linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_evrc.c 2010-02-09 07:57:19.000000000 -0500
25094+++ linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_evrc.c 2010-02-13 21:45:10.483595617 -0500
25095@@ -805,7 +805,7 @@ dma_fail:
25096 return rc;
25097 }
25098
25099-static struct file_operations audio_evrc_fops = {
25100+static const struct file_operations audio_evrc_fops = {
25101 .owner = THIS_MODULE,
25102 .open = audevrc_open,
25103 .release = audevrc_release,
25104diff -urNp linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_in.c linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_in.c
25105--- linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_in.c 2010-02-09 07:57:19.000000000 -0500
25106+++ linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_in.c 2010-02-13 21:45:10.484594348 -0500
25107@@ -913,7 +913,7 @@ static int audpre_open(struct inode *ino
25108 return 0;
25109 }
25110
25111-static struct file_operations audio_fops = {
25112+static const struct file_operations audio_fops = {
25113 .owner = THIS_MODULE,
25114 .open = audio_in_open,
25115 .release = audio_in_release,
25116@@ -922,7 +922,7 @@ static struct file_operations audio_fops
25117 .unlocked_ioctl = audio_in_ioctl,
25118 };
25119
25120-static struct file_operations audpre_fops = {
25121+static const struct file_operations audpre_fops = {
25122 .owner = THIS_MODULE,
25123 .open = audpre_open,
25124 .unlocked_ioctl = audpre_ioctl,
25125diff -urNp linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_mp3.c linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_mp3.c
25126--- linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_mp3.c 2010-02-09 07:57:19.000000000 -0500
25127+++ linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_mp3.c 2010-02-13 21:45:10.484594348 -0500
25128@@ -941,7 +941,7 @@ done:
25129 return rc;
25130 }
25131
25132-static struct file_operations audio_mp3_fops = {
25133+static const struct file_operations audio_mp3_fops = {
25134 .owner = THIS_MODULE,
25135 .open = audio_open,
25136 .release = audio_release,
25137diff -urNp linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_out.c linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_out.c
25138--- linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_out.c 2010-02-09 07:57:19.000000000 -0500
25139+++ linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_out.c 2010-02-13 21:45:10.484594348 -0500
25140@@ -810,7 +810,7 @@ static int audpp_open(struct inode *inod
25141 return 0;
25142 }
25143
25144-static struct file_operations audio_fops = {
25145+static const struct file_operations audio_fops = {
25146 .owner = THIS_MODULE,
25147 .open = audio_open,
25148 .release = audio_release,
25149@@ -819,7 +819,7 @@ static struct file_operations audio_fops
25150 .unlocked_ioctl = audio_ioctl,
25151 };
25152
25153-static struct file_operations audpp_fops = {
25154+static const struct file_operations audpp_fops = {
25155 .owner = THIS_MODULE,
25156 .open = audpp_open,
25157 .unlocked_ioctl = audpp_ioctl,
25158diff -urNp linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_qcelp.c linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_qcelp.c
25159--- linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_qcelp.c 2010-02-09 07:57:19.000000000 -0500
25160+++ linux-2.6.32.8/drivers/staging/dream/qdsp5/audio_qcelp.c 2010-02-13 21:45:10.485557746 -0500
25161@@ -816,7 +816,7 @@ err:
25162 return rc;
25163 }
25164
25165-static struct file_operations audio_qcelp_fops = {
25166+static const struct file_operations audio_qcelp_fops = {
25167 .owner = THIS_MODULE,
25168 .open = audqcelp_open,
25169 .release = audqcelp_release,
25170diff -urNp linux-2.6.32.8/drivers/staging/dream/qdsp5/snd.c linux-2.6.32.8/drivers/staging/dream/qdsp5/snd.c
25171--- linux-2.6.32.8/drivers/staging/dream/qdsp5/snd.c 2010-02-09 07:57:19.000000000 -0500
25172+++ linux-2.6.32.8/drivers/staging/dream/qdsp5/snd.c 2010-02-13 21:45:10.485557746 -0500
25173@@ -242,7 +242,7 @@ err:
25174 return rc;
25175 }
25176
25177-static struct file_operations snd_fops = {
25178+static const struct file_operations snd_fops = {
25179 .owner = THIS_MODULE,
25180 .open = snd_open,
25181 .release = snd_release,
25182diff -urNp linux-2.6.32.8/drivers/staging/dream/smd/smd_qmi.c linux-2.6.32.8/drivers/staging/dream/smd/smd_qmi.c
25183--- linux-2.6.32.8/drivers/staging/dream/smd/smd_qmi.c 2010-02-09 07:57:19.000000000 -0500
25184+++ linux-2.6.32.8/drivers/staging/dream/smd/smd_qmi.c 2010-02-13 21:45:10.485557746 -0500
25185@@ -793,7 +793,7 @@ static int qmi_release(struct inode *ip,
25186 return 0;
25187 }
25188
25189-static struct file_operations qmi_fops = {
25190+static const struct file_operations qmi_fops = {
25191 .owner = THIS_MODULE,
25192 .read = qmi_read,
25193 .write = qmi_write,
25194diff -urNp linux-2.6.32.8/drivers/staging/dream/smd/smd_rpcrouter_device.c linux-2.6.32.8/drivers/staging/dream/smd/smd_rpcrouter_device.c
25195--- linux-2.6.32.8/drivers/staging/dream/smd/smd_rpcrouter_device.c 2010-02-09 07:57:19.000000000 -0500
25196+++ linux-2.6.32.8/drivers/staging/dream/smd/smd_rpcrouter_device.c 2010-02-13 21:45:10.485557746 -0500
25197@@ -214,7 +214,7 @@ static long rpcrouter_ioctl(struct file
25198 return rc;
25199 }
25200
25201-static struct file_operations rpcrouter_server_fops = {
25202+static const struct file_operations rpcrouter_server_fops = {
25203 .owner = THIS_MODULE,
25204 .open = rpcrouter_open,
25205 .release = rpcrouter_release,
25206@@ -224,7 +224,7 @@ static struct file_operations rpcrouter_
25207 .unlocked_ioctl = rpcrouter_ioctl,
25208 };
25209
25210-static struct file_operations rpcrouter_router_fops = {
25211+static const struct file_operations rpcrouter_router_fops = {
25212 .owner = THIS_MODULE,
25213 .open = rpcrouter_open,
25214 .release = rpcrouter_release,
25215diff -urNp linux-2.6.32.8/drivers/staging/dst/dcore.c linux-2.6.32.8/drivers/staging/dst/dcore.c
25216--- linux-2.6.32.8/drivers/staging/dst/dcore.c 2010-02-09 07:57:19.000000000 -0500
25217+++ linux-2.6.32.8/drivers/staging/dst/dcore.c 2010-02-13 21:45:10.486568692 -0500
25218@@ -149,7 +149,7 @@ static int dst_bdev_release(struct gendi
25219 return 0;
25220 }
25221
25222-static struct block_device_operations dst_blk_ops = {
25223+static const struct block_device_operations dst_blk_ops = {
25224 .open = dst_bdev_open,
25225 .release = dst_bdev_release,
25226 .owner = THIS_MODULE,
25227@@ -588,7 +588,7 @@ static struct dst_node *dst_alloc_node(s
25228 n->size = ctl->size;
25229
25230 atomic_set(&n->refcnt, 1);
25231- atomic_long_set(&n->gen, 0);
25232+ atomic_long_set_unchecked(&n->gen, 0);
25233 snprintf(n->name, sizeof(n->name), "%s", ctl->name);
25234
25235 err = dst_node_sysfs_init(n);
25236diff -urNp linux-2.6.32.8/drivers/staging/dst/trans.c linux-2.6.32.8/drivers/staging/dst/trans.c
25237--- linux-2.6.32.8/drivers/staging/dst/trans.c 2010-02-09 07:57:19.000000000 -0500
25238+++ linux-2.6.32.8/drivers/staging/dst/trans.c 2010-02-13 21:45:10.486568692 -0500
25239@@ -169,7 +169,7 @@ int dst_process_bio(struct dst_node *n,
25240 t->error = 0;
25241 t->retries = 0;
25242 atomic_set(&t->refcnt, 1);
25243- t->gen = atomic_long_inc_return(&n->gen);
25244+ t->gen = atomic_long_inc_return_unchecked(&n->gen);
25245
25246 t->enc = bio_data_dir(bio);
25247 dst_bio_to_cmd(bio, &t->cmd, DST_IO, t->gen);
25248diff -urNp linux-2.6.32.8/drivers/staging/go7007/go7007-v4l2.c linux-2.6.32.8/drivers/staging/go7007/go7007-v4l2.c
25249--- linux-2.6.32.8/drivers/staging/go7007/go7007-v4l2.c 2010-02-09 07:57:19.000000000 -0500
25250+++ linux-2.6.32.8/drivers/staging/go7007/go7007-v4l2.c 2010-02-13 21:45:10.486568692 -0500
25251@@ -1700,7 +1700,7 @@ static int go7007_vm_fault(struct vm_are
25252 return 0;
25253 }
25254
25255-static struct vm_operations_struct go7007_vm_ops = {
25256+static const struct vm_operations_struct go7007_vm_ops = {
25257 .open = go7007_vm_open,
25258 .close = go7007_vm_close,
25259 .fault = go7007_vm_fault,
25260diff -urNp linux-2.6.32.8/drivers/staging/hv/blkvsc_drv.c linux-2.6.32.8/drivers/staging/hv/blkvsc_drv.c
25261--- linux-2.6.32.8/drivers/staging/hv/blkvsc_drv.c 2010-02-09 07:57:19.000000000 -0500
25262+++ linux-2.6.32.8/drivers/staging/hv/blkvsc_drv.c 2010-02-13 21:45:10.486568692 -0500
25263@@ -153,7 +153,7 @@ static int blkvsc_ringbuffer_size = BLKV
25264 /* The one and only one */
25265 static struct blkvsc_driver_context g_blkvsc_drv;
25266
25267-static struct block_device_operations block_ops = {
25268+static const struct block_device_operations block_ops = {
25269 .owner = THIS_MODULE,
25270 .open = blkvsc_open,
25271 .release = blkvsc_release,
25272diff -urNp linux-2.6.32.8/drivers/staging/panel/panel.c linux-2.6.32.8/drivers/staging/panel/panel.c
25273--- linux-2.6.32.8/drivers/staging/panel/panel.c 2010-02-09 07:57:19.000000000 -0500
25274+++ linux-2.6.32.8/drivers/staging/panel/panel.c 2010-02-13 21:45:10.487839826 -0500
25275@@ -1305,7 +1305,7 @@ static int lcd_release(struct inode *ino
25276 return 0;
25277 }
25278
25279-static struct file_operations lcd_fops = {
25280+static const struct file_operations lcd_fops = {
25281 .write = lcd_write,
25282 .open = lcd_open,
25283 .release = lcd_release,
25284@@ -1565,7 +1565,7 @@ static int keypad_release(struct inode *
25285 return 0;
25286 }
25287
25288-static struct file_operations keypad_fops = {
25289+static const struct file_operations keypad_fops = {
25290 .read = keypad_read, /* read */
25291 .open = keypad_open, /* open */
25292 .release = keypad_release, /* close */
25293diff -urNp linux-2.6.32.8/drivers/staging/phison/phison.c linux-2.6.32.8/drivers/staging/phison/phison.c
25294--- linux-2.6.32.8/drivers/staging/phison/phison.c 2010-02-09 07:57:19.000000000 -0500
25295+++ linux-2.6.32.8/drivers/staging/phison/phison.c 2010-02-13 21:45:10.487839826 -0500
25296@@ -43,7 +43,7 @@ static struct scsi_host_template phison_
25297 ATA_BMDMA_SHT(DRV_NAME),
25298 };
25299
25300-static struct ata_port_operations phison_ops = {
25301+static const struct ata_port_operations phison_ops = {
25302 .inherits = &ata_bmdma_port_ops,
25303 .prereset = phison_pre_reset,
25304 };
25305diff -urNp linux-2.6.32.8/drivers/staging/poch/poch.c linux-2.6.32.8/drivers/staging/poch/poch.c
25306--- linux-2.6.32.8/drivers/staging/poch/poch.c 2010-02-09 07:57:19.000000000 -0500
25307+++ linux-2.6.32.8/drivers/staging/poch/poch.c 2010-02-13 21:45:10.488526629 -0500
25308@@ -1057,7 +1057,7 @@ static int poch_ioctl(struct inode *inod
25309 return 0;
25310 }
25311
25312-static struct file_operations poch_fops = {
25313+static const struct file_operations poch_fops = {
25314 .owner = THIS_MODULE,
25315 .open = poch_open,
25316 .release = poch_release,
25317diff -urNp linux-2.6.32.8/drivers/staging/pohmelfs/inode.c linux-2.6.32.8/drivers/staging/pohmelfs/inode.c
25318--- linux-2.6.32.8/drivers/staging/pohmelfs/inode.c 2010-02-09 07:57:19.000000000 -0500
25319+++ linux-2.6.32.8/drivers/staging/pohmelfs/inode.c 2010-02-13 21:45:10.488526629 -0500
25320@@ -1850,7 +1850,7 @@ static int pohmelfs_fill_super(struct su
25321 mutex_init(&psb->mcache_lock);
25322 psb->mcache_root = RB_ROOT;
25323 psb->mcache_timeout = msecs_to_jiffies(5000);
25324- atomic_long_set(&psb->mcache_gen, 0);
25325+ atomic_long_set_unchecked(&psb->mcache_gen, 0);
25326
25327 psb->trans_max_pages = 100;
25328
25329diff -urNp linux-2.6.32.8/drivers/staging/pohmelfs/mcache.c linux-2.6.32.8/drivers/staging/pohmelfs/mcache.c
25330--- linux-2.6.32.8/drivers/staging/pohmelfs/mcache.c 2010-02-09 07:57:19.000000000 -0500
25331+++ linux-2.6.32.8/drivers/staging/pohmelfs/mcache.c 2010-02-13 21:45:10.488526629 -0500
25332@@ -121,7 +121,7 @@ struct pohmelfs_mcache *pohmelfs_mcache_
25333 m->data = data;
25334 m->start = start;
25335 m->size = size;
25336- m->gen = atomic_long_inc_return(&psb->mcache_gen);
25337+ m->gen = atomic_long_inc_return_unchecked(&psb->mcache_gen);
25338
25339 mutex_lock(&psb->mcache_lock);
25340 err = pohmelfs_mcache_insert(psb, m);
25341diff -urNp linux-2.6.32.8/drivers/staging/pohmelfs/netfs.h linux-2.6.32.8/drivers/staging/pohmelfs/netfs.h
25342--- linux-2.6.32.8/drivers/staging/pohmelfs/netfs.h 2010-02-09 07:57:19.000000000 -0500
25343+++ linux-2.6.32.8/drivers/staging/pohmelfs/netfs.h 2010-02-13 21:45:10.489553191 -0500
25344@@ -570,7 +570,7 @@ struct pohmelfs_config;
25345 struct pohmelfs_sb {
25346 struct rb_root mcache_root;
25347 struct mutex mcache_lock;
25348- atomic_long_t mcache_gen;
25349+ atomic_long_unchecked_t mcache_gen;
25350 unsigned long mcache_timeout;
25351
25352 unsigned int idx;
25353diff -urNp linux-2.6.32.8/drivers/staging/sep/sep_driver.c linux-2.6.32.8/drivers/staging/sep/sep_driver.c
25354--- linux-2.6.32.8/drivers/staging/sep/sep_driver.c 2010-02-09 07:57:19.000000000 -0500
25355+++ linux-2.6.32.8/drivers/staging/sep/sep_driver.c 2010-02-13 21:45:10.489553191 -0500
25356@@ -2603,7 +2603,7 @@ static struct pci_driver sep_pci_driver
25357 static dev_t sep_devno;
25358
25359 /* the files operations structure of the driver */
25360-static struct file_operations sep_file_operations = {
25361+static const struct file_operations sep_file_operations = {
25362 .owner = THIS_MODULE,
25363 .ioctl = sep_ioctl,
25364 .poll = sep_poll,
25365diff -urNp linux-2.6.32.8/drivers/staging/vme/devices/vme_user.c linux-2.6.32.8/drivers/staging/vme/devices/vme_user.c
25366--- linux-2.6.32.8/drivers/staging/vme/devices/vme_user.c 2010-02-09 07:57:19.000000000 -0500
25367+++ linux-2.6.32.8/drivers/staging/vme/devices/vme_user.c 2010-02-13 21:45:10.490650005 -0500
25368@@ -136,7 +136,7 @@ static int vme_user_ioctl(struct inode *
25369 static int __init vme_user_probe(struct device *, int, int);
25370 static int __exit vme_user_remove(struct device *, int, int);
25371
25372-static struct file_operations vme_user_fops = {
25373+static const struct file_operations vme_user_fops = {
25374 .open = vme_user_open,
25375 .release = vme_user_release,
25376 .read = vme_user_read,
25377diff -urNp linux-2.6.32.8/drivers/uio/uio.c linux-2.6.32.8/drivers/uio/uio.c
25378--- linux-2.6.32.8/drivers/uio/uio.c 2010-02-09 07:57:19.000000000 -0500
25379+++ linux-2.6.32.8/drivers/uio/uio.c 2010-02-13 21:45:10.490650005 -0500
25380@@ -129,7 +129,7 @@ static ssize_t map_type_show(struct kobj
25381 return entry->show(mem, buf);
25382 }
25383
25384-static struct sysfs_ops map_sysfs_ops = {
25385+static const struct sysfs_ops map_sysfs_ops = {
25386 .show = map_type_show,
25387 };
25388
25389@@ -217,7 +217,7 @@ static ssize_t portio_type_show(struct k
25390 return entry->show(port, buf);
25391 }
25392
25393-static struct sysfs_ops portio_sysfs_ops = {
25394+static const struct sysfs_ops portio_sysfs_ops = {
25395 .show = portio_type_show,
25396 };
25397
25398diff -urNp linux-2.6.32.8/drivers/usb/atm/usbatm.c linux-2.6.32.8/drivers/usb/atm/usbatm.c
25399--- linux-2.6.32.8/drivers/usb/atm/usbatm.c 2010-02-09 07:57:19.000000000 -0500
25400+++ linux-2.6.32.8/drivers/usb/atm/usbatm.c 2010-02-13 21:45:10.509100500 -0500
25401@@ -333,7 +333,7 @@ static void usbatm_extract_one_cell(stru
25402 if (printk_ratelimit())
25403 atm_warn(instance, "%s: OAM not supported (vpi %d, vci %d)!\n",
25404 __func__, vpi, vci);
25405- atomic_inc(&vcc->stats->rx_err);
25406+ atomic_inc_unchecked(&vcc->stats->rx_err);
25407 return;
25408 }
25409
25410@@ -361,7 +361,7 @@ static void usbatm_extract_one_cell(stru
25411 if (length > ATM_MAX_AAL5_PDU) {
25412 atm_rldbg(instance, "%s: bogus length %u (vcc: 0x%p)!\n",
25413 __func__, length, vcc);
25414- atomic_inc(&vcc->stats->rx_err);
25415+ atomic_inc_unchecked(&vcc->stats->rx_err);
25416 goto out;
25417 }
25418
25419@@ -370,14 +370,14 @@ static void usbatm_extract_one_cell(stru
25420 if (sarb->len < pdu_length) {
25421 atm_rldbg(instance, "%s: bogus pdu_length %u (sarb->len: %u, vcc: 0x%p)!\n",
25422 __func__, pdu_length, sarb->len, vcc);
25423- atomic_inc(&vcc->stats->rx_err);
25424+ atomic_inc_unchecked(&vcc->stats->rx_err);
25425 goto out;
25426 }
25427
25428 if (crc32_be(~0, skb_tail_pointer(sarb) - pdu_length, pdu_length) != 0xc704dd7b) {
25429 atm_rldbg(instance, "%s: packet failed crc check (vcc: 0x%p)!\n",
25430 __func__, vcc);
25431- atomic_inc(&vcc->stats->rx_err);
25432+ atomic_inc_unchecked(&vcc->stats->rx_err);
25433 goto out;
25434 }
25435
25436@@ -387,7 +387,7 @@ static void usbatm_extract_one_cell(stru
25437 if (printk_ratelimit())
25438 atm_err(instance, "%s: no memory for skb (length: %u)!\n",
25439 __func__, length);
25440- atomic_inc(&vcc->stats->rx_drop);
25441+ atomic_inc_unchecked(&vcc->stats->rx_drop);
25442 goto out;
25443 }
25444
25445@@ -412,7 +412,7 @@ static void usbatm_extract_one_cell(stru
25446
25447 vcc->push(vcc, skb);
25448
25449- atomic_inc(&vcc->stats->rx);
25450+ atomic_inc_unchecked(&vcc->stats->rx);
25451 out:
25452 skb_trim(sarb, 0);
25453 }
25454@@ -616,7 +616,7 @@ static void usbatm_tx_process(unsigned l
25455 struct atm_vcc *vcc = UDSL_SKB(skb)->atm.vcc;
25456
25457 usbatm_pop(vcc, skb);
25458- atomic_inc(&vcc->stats->tx);
25459+ atomic_inc_unchecked(&vcc->stats->tx);
25460
25461 skb = skb_dequeue(&instance->sndqueue);
25462 }
25463@@ -775,11 +775,11 @@ static int usbatm_atm_proc_read(struct a
25464 if (!left--)
25465 return sprintf(page,
25466 "AAL5: tx %d ( %d err ), rx %d ( %d err, %d drop )\n",
25467- atomic_read(&atm_dev->stats.aal5.tx),
25468- atomic_read(&atm_dev->stats.aal5.tx_err),
25469- atomic_read(&atm_dev->stats.aal5.rx),
25470- atomic_read(&atm_dev->stats.aal5.rx_err),
25471- atomic_read(&atm_dev->stats.aal5.rx_drop));
25472+ atomic_read_unchecked(&atm_dev->stats.aal5.tx),
25473+ atomic_read_unchecked(&atm_dev->stats.aal5.tx_err),
25474+ atomic_read_unchecked(&atm_dev->stats.aal5.rx),
25475+ atomic_read_unchecked(&atm_dev->stats.aal5.rx_err),
25476+ atomic_read_unchecked(&atm_dev->stats.aal5.rx_drop));
25477
25478 if (!left--) {
25479 if (instance->disconnected)
25480diff -urNp linux-2.6.32.8/drivers/usb/class/cdc-acm.c linux-2.6.32.8/drivers/usb/class/cdc-acm.c
25481--- linux-2.6.32.8/drivers/usb/class/cdc-acm.c 2010-02-09 07:57:19.000000000 -0500
25482+++ linux-2.6.32.8/drivers/usb/class/cdc-acm.c 2010-02-13 21:45:10.521578125 -0500
25483@@ -1534,7 +1534,7 @@ static struct usb_device_id acm_ids[] =
25484 USB_CDC_ACM_PROTO_AT_CDMA) },
25485
25486 /* NOTE: COMM/ACM/0xff is likely MSFT RNDIS ... NOT a modem!! */
25487- { }
25488+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
25489 };
25490
25491 MODULE_DEVICE_TABLE(usb, acm_ids);
25492diff -urNp linux-2.6.32.8/drivers/usb/class/usblp.c linux-2.6.32.8/drivers/usb/class/usblp.c
25493--- linux-2.6.32.8/drivers/usb/class/usblp.c 2010-02-09 07:57:19.000000000 -0500
25494+++ linux-2.6.32.8/drivers/usb/class/usblp.c 2010-02-13 21:45:10.524983430 -0500
25495@@ -228,7 +228,7 @@ static const struct quirk_printer_struct
25496 { 0x0482, 0x0010, USBLP_QUIRK_BIDIR }, /* Kyocera Mita FS 820, by zut <kernel@zut.de> */
25497 { 0x04f9, 0x000d, USBLP_QUIRK_BIDIR }, /* Brother Industries, Ltd HL-1440 Laser Printer */
25498 { 0x04b8, 0x0202, USBLP_QUIRK_BAD_CLASS }, /* Seiko Epson Receipt Printer M129C */
25499- { 0, 0 }
25500+ { 0, 0, 0 }
25501 };
25502
25503 static int usblp_wwait(struct usblp *usblp, int nonblock);
25504@@ -1412,7 +1412,7 @@ static struct usb_device_id usblp_ids []
25505 { USB_INTERFACE_INFO(7, 1, 2) },
25506 { USB_INTERFACE_INFO(7, 1, 3) },
25507 { USB_DEVICE(0x04b8, 0x0202) }, /* Seiko Epson Receipt Printer M129C */
25508- { } /* Terminating entry */
25509+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */
25510 };
25511
25512 MODULE_DEVICE_TABLE (usb, usblp_ids);
25513diff -urNp linux-2.6.32.8/drivers/usb/core/hcd.c linux-2.6.32.8/drivers/usb/core/hcd.c
25514--- linux-2.6.32.8/drivers/usb/core/hcd.c 2010-02-09 07:57:19.000000000 -0500
25515+++ linux-2.6.32.8/drivers/usb/core/hcd.c 2010-02-13 21:45:10.542592706 -0500
25516@@ -2216,7 +2216,7 @@ EXPORT_SYMBOL_GPL(usb_hcd_platform_shutd
25517
25518 #if defined(CONFIG_USB_MON) || defined(CONFIG_USB_MON_MODULE)
25519
25520-struct usb_mon_operations *mon_ops;
25521+const struct usb_mon_operations *mon_ops;
25522
25523 /*
25524 * The registration is unlocked.
25525@@ -2226,7 +2226,7 @@ struct usb_mon_operations *mon_ops;
25526 * symbols from usbcore, usbcore gets referenced and cannot be unloaded first.
25527 */
25528
25529-int usb_mon_register (struct usb_mon_operations *ops)
25530+int usb_mon_register (const struct usb_mon_operations *ops)
25531 {
25532
25533 if (mon_ops)
25534diff -urNp linux-2.6.32.8/drivers/usb/core/hcd.h linux-2.6.32.8/drivers/usb/core/hcd.h
25535--- linux-2.6.32.8/drivers/usb/core/hcd.h 2010-02-09 07:57:19.000000000 -0500
25536+++ linux-2.6.32.8/drivers/usb/core/hcd.h 2010-02-13 21:45:10.543870491 -0500
25537@@ -486,13 +486,13 @@ static inline void usbfs_cleanup(void) {
25538 #if defined(CONFIG_USB_MON) || defined(CONFIG_USB_MON_MODULE)
25539
25540 struct usb_mon_operations {
25541- void (*urb_submit)(struct usb_bus *bus, struct urb *urb);
25542- void (*urb_submit_error)(struct usb_bus *bus, struct urb *urb, int err);
25543- void (*urb_complete)(struct usb_bus *bus, struct urb *urb, int status);
25544+ void (* const urb_submit)(struct usb_bus *bus, struct urb *urb);
25545+ void (* const urb_submit_error)(struct usb_bus *bus, struct urb *urb, int err);
25546+ void (* const urb_complete)(struct usb_bus *bus, struct urb *urb, int status);
25547 /* void (*urb_unlink)(struct usb_bus *bus, struct urb *urb); */
25548 };
25549
25550-extern struct usb_mon_operations *mon_ops;
25551+extern const struct usb_mon_operations *mon_ops;
25552
25553 static inline void usbmon_urb_submit(struct usb_bus *bus, struct urb *urb)
25554 {
25555@@ -514,7 +514,7 @@ static inline void usbmon_urb_complete(s
25556 (*mon_ops->urb_complete)(bus, urb, status);
25557 }
25558
25559-int usb_mon_register(struct usb_mon_operations *ops);
25560+int usb_mon_register(const struct usb_mon_operations *ops);
25561 void usb_mon_deregister(void);
25562
25563 #else
25564diff -urNp linux-2.6.32.8/drivers/usb/core/hub.c linux-2.6.32.8/drivers/usb/core/hub.c
25565--- linux-2.6.32.8/drivers/usb/core/hub.c 2010-02-09 07:57:19.000000000 -0500
25566+++ linux-2.6.32.8/drivers/usb/core/hub.c 2010-02-13 21:45:10.561963072 -0500
25567@@ -3385,7 +3385,7 @@ static struct usb_device_id hub_id_table
25568 .bDeviceClass = USB_CLASS_HUB},
25569 { .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS,
25570 .bInterfaceClass = USB_CLASS_HUB},
25571- { } /* Terminating entry */
25572+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */
25573 };
25574
25575 MODULE_DEVICE_TABLE (usb, hub_id_table);
25576diff -urNp linux-2.6.32.8/drivers/usb/core/message.c linux-2.6.32.8/drivers/usb/core/message.c
25577--- linux-2.6.32.8/drivers/usb/core/message.c 2010-02-09 07:57:19.000000000 -0500
25578+++ linux-2.6.32.8/drivers/usb/core/message.c 2010-02-13 21:45:10.582813809 -0500
25579@@ -914,8 +914,8 @@ char *usb_cache_string(struct usb_device
25580 buf = kmalloc(MAX_USB_STRING_SIZE, GFP_NOIO);
25581 if (buf) {
25582 len = usb_string(udev, index, buf, MAX_USB_STRING_SIZE);
25583- if (len > 0) {
25584- smallbuf = kmalloc(++len, GFP_NOIO);
25585+ if (len++ > 0) {
25586+ smallbuf = kmalloc(len, GFP_NOIO);
25587 if (!smallbuf)
25588 return buf;
25589 memcpy(smallbuf, buf, len);
25590diff -urNp linux-2.6.32.8/drivers/usb/host/ehci-pci.c linux-2.6.32.8/drivers/usb/host/ehci-pci.c
25591--- linux-2.6.32.8/drivers/usb/host/ehci-pci.c 2010-02-09 07:57:19.000000000 -0500
25592+++ linux-2.6.32.8/drivers/usb/host/ehci-pci.c 2010-02-13 21:45:10.595921524 -0500
25593@@ -422,7 +422,7 @@ static const struct pci_device_id pci_id
25594 PCI_DEVICE_CLASS(PCI_CLASS_SERIAL_USB_EHCI, ~0),
25595 .driver_data = (unsigned long) &ehci_pci_hc_driver,
25596 },
25597- { /* end: all zeroes */ }
25598+ { 0, 0, 0, 0, 0, 0, 0 }
25599 };
25600 MODULE_DEVICE_TABLE(pci, pci_ids);
25601
25602diff -urNp linux-2.6.32.8/drivers/usb/host/uhci-hcd.c linux-2.6.32.8/drivers/usb/host/uhci-hcd.c
25603--- linux-2.6.32.8/drivers/usb/host/uhci-hcd.c 2010-02-09 07:57:19.000000000 -0500
25604+++ linux-2.6.32.8/drivers/usb/host/uhci-hcd.c 2010-02-13 21:45:10.619990345 -0500
25605@@ -940,7 +940,7 @@ static const struct pci_device_id uhci_p
25606 /* handle any USB UHCI controller */
25607 PCI_DEVICE_CLASS(PCI_CLASS_SERIAL_USB_UHCI, ~0),
25608 .driver_data = (unsigned long) &uhci_driver,
25609- }, { /* end: all zeroes */ }
25610+ }, { 0, 0, 0, 0, 0, 0, 0 }
25611 };
25612
25613 MODULE_DEVICE_TABLE(pci, uhci_pci_ids);
25614diff -urNp linux-2.6.32.8/drivers/usb/misc/appledisplay.c linux-2.6.32.8/drivers/usb/misc/appledisplay.c
25615--- linux-2.6.32.8/drivers/usb/misc/appledisplay.c 2010-02-09 07:57:19.000000000 -0500
25616+++ linux-2.6.32.8/drivers/usb/misc/appledisplay.c 2010-02-13 21:45:10.623984076 -0500
25617@@ -178,7 +178,7 @@ static int appledisplay_bl_get_brightnes
25618 return pdata->msgdata[1];
25619 }
25620
25621-static struct backlight_ops appledisplay_bl_data = {
25622+static const struct backlight_ops appledisplay_bl_data = {
25623 .get_brightness = appledisplay_bl_get_brightness,
25624 .update_status = appledisplay_bl_update_status,
25625 };
25626diff -urNp linux-2.6.32.8/drivers/usb/mon/mon_main.c linux-2.6.32.8/drivers/usb/mon/mon_main.c
25627--- linux-2.6.32.8/drivers/usb/mon/mon_main.c 2010-02-09 07:57:19.000000000 -0500
25628+++ linux-2.6.32.8/drivers/usb/mon/mon_main.c 2010-02-13 21:45:10.624642702 -0500
25629@@ -238,7 +238,7 @@ static struct notifier_block mon_nb = {
25630 /*
25631 * Ops
25632 */
25633-static struct usb_mon_operations mon_ops_0 = {
25634+static const struct usb_mon_operations mon_ops_0 = {
25635 .urb_submit = mon_submit,
25636 .urb_submit_error = mon_submit_error,
25637 .urb_complete = mon_complete,
25638diff -urNp linux-2.6.32.8/drivers/usb/storage/debug.h linux-2.6.32.8/drivers/usb/storage/debug.h
25639--- linux-2.6.32.8/drivers/usb/storage/debug.h 2010-02-09 07:57:19.000000000 -0500
25640+++ linux-2.6.32.8/drivers/usb/storage/debug.h 2010-02-13 21:45:10.624642702 -0500
25641@@ -54,9 +54,9 @@ void usb_stor_show_sense( unsigned char
25642 #define US_DEBUGPX(x...) printk( x )
25643 #define US_DEBUG(x) x
25644 #else
25645-#define US_DEBUGP(x...)
25646-#define US_DEBUGPX(x...)
25647-#define US_DEBUG(x)
25648+#define US_DEBUGP(x...) do {} while (0)
25649+#define US_DEBUGPX(x...) do {} while (0)
25650+#define US_DEBUG(x) do {} while (0)
25651 #endif
25652
25653 #endif
25654diff -urNp linux-2.6.32.8/drivers/usb/storage/usb.c linux-2.6.32.8/drivers/usb/storage/usb.c
25655--- linux-2.6.32.8/drivers/usb/storage/usb.c 2010-02-09 07:57:19.000000000 -0500
25656+++ linux-2.6.32.8/drivers/usb/storage/usb.c 2010-02-13 21:45:10.625583095 -0500
25657@@ -118,7 +118,7 @@ MODULE_PARM_DESC(quirks, "supplemental l
25658
25659 static struct us_unusual_dev us_unusual_dev_list[] = {
25660 # include "unusual_devs.h"
25661- { } /* Terminating entry */
25662+ { NULL, NULL, 0, 0, NULL } /* Terminating entry */
25663 };
25664
25665 #undef UNUSUAL_DEV
25666diff -urNp linux-2.6.32.8/drivers/usb/storage/usual-tables.c linux-2.6.32.8/drivers/usb/storage/usual-tables.c
25667--- linux-2.6.32.8/drivers/usb/storage/usual-tables.c 2010-02-09 07:57:19.000000000 -0500
25668+++ linux-2.6.32.8/drivers/usb/storage/usual-tables.c 2010-02-13 21:45:10.626656310 -0500
25669@@ -48,7 +48,7 @@
25670
25671 struct usb_device_id usb_storage_usb_ids[] = {
25672 # include "unusual_devs.h"
25673- { } /* Terminating entry */
25674+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */
25675 };
25676 EXPORT_SYMBOL_GPL(usb_storage_usb_ids);
25677
25678diff -urNp linux-2.6.32.8/drivers/uwb/wlp/messages.c linux-2.6.32.8/drivers/uwb/wlp/messages.c
25679--- linux-2.6.32.8/drivers/uwb/wlp/messages.c 2010-02-09 07:57:19.000000000 -0500
25680+++ linux-2.6.32.8/drivers/uwb/wlp/messages.c 2010-02-13 21:45:10.626656310 -0500
25681@@ -903,7 +903,7 @@ int wlp_parse_f0(struct wlp *wlp, struct
25682 size_t len = skb->len;
25683 size_t used;
25684 ssize_t result;
25685- struct wlp_nonce enonce, rnonce;
25686+ struct wlp_nonce enonce = {{0}}, rnonce = {{0}};
25687 enum wlp_assc_error assc_err;
25688 char enonce_buf[WLP_WSS_NONCE_STRSIZE];
25689 char rnonce_buf[WLP_WSS_NONCE_STRSIZE];
25690diff -urNp linux-2.6.32.8/drivers/uwb/wlp/sysfs.c linux-2.6.32.8/drivers/uwb/wlp/sysfs.c
25691--- linux-2.6.32.8/drivers/uwb/wlp/sysfs.c 2010-02-09 07:57:19.000000000 -0500
25692+++ linux-2.6.32.8/drivers/uwb/wlp/sysfs.c 2010-02-13 21:45:10.626656310 -0500
25693@@ -615,8 +615,7 @@ ssize_t wlp_wss_attr_store(struct kobjec
25694 return ret;
25695 }
25696
25697-static
25698-struct sysfs_ops wss_sysfs_ops = {
25699+static const struct sysfs_ops wss_sysfs_ops = {
25700 .show = wlp_wss_attr_show,
25701 .store = wlp_wss_attr_store,
25702 };
25703diff -urNp linux-2.6.32.8/drivers/video/atmel_lcdfb.c linux-2.6.32.8/drivers/video/atmel_lcdfb.c
25704--- linux-2.6.32.8/drivers/video/atmel_lcdfb.c 2010-02-09 07:57:19.000000000 -0500
25705+++ linux-2.6.32.8/drivers/video/atmel_lcdfb.c 2010-02-13 21:45:10.626656310 -0500
25706@@ -110,7 +110,7 @@ static int atmel_bl_get_brightness(struc
25707 return lcdc_readl(sinfo, ATMEL_LCDC_CONTRAST_VAL);
25708 }
25709
25710-static struct backlight_ops atmel_lcdc_bl_ops = {
25711+static const struct backlight_ops atmel_lcdc_bl_ops = {
25712 .update_status = atmel_bl_update_status,
25713 .get_brightness = atmel_bl_get_brightness,
25714 };
25715diff -urNp linux-2.6.32.8/drivers/video/aty/aty128fb.c linux-2.6.32.8/drivers/video/aty/aty128fb.c
25716--- linux-2.6.32.8/drivers/video/aty/aty128fb.c 2010-02-09 07:57:19.000000000 -0500
25717+++ linux-2.6.32.8/drivers/video/aty/aty128fb.c 2010-02-13 21:45:10.627987902 -0500
25718@@ -1787,7 +1787,7 @@ static int aty128_bl_get_brightness(stru
25719 return bd->props.brightness;
25720 }
25721
25722-static struct backlight_ops aty128_bl_data = {
25723+static const struct backlight_ops aty128_bl_data = {
25724 .get_brightness = aty128_bl_get_brightness,
25725 .update_status = aty128_bl_update_status,
25726 };
25727diff -urNp linux-2.6.32.8/drivers/video/aty/atyfb_base.c linux-2.6.32.8/drivers/video/aty/atyfb_base.c
25728--- linux-2.6.32.8/drivers/video/aty/atyfb_base.c 2010-02-09 07:57:19.000000000 -0500
25729+++ linux-2.6.32.8/drivers/video/aty/atyfb_base.c 2010-02-13 21:45:10.628618696 -0500
25730@@ -2225,7 +2225,7 @@ static int aty_bl_get_brightness(struct
25731 return bd->props.brightness;
25732 }
25733
25734-static struct backlight_ops aty_bl_data = {
25735+static const struct backlight_ops aty_bl_data = {
25736 .get_brightness = aty_bl_get_brightness,
25737 .update_status = aty_bl_update_status,
25738 };
25739diff -urNp linux-2.6.32.8/drivers/video/aty/radeon_backlight.c linux-2.6.32.8/drivers/video/aty/radeon_backlight.c
25740--- linux-2.6.32.8/drivers/video/aty/radeon_backlight.c 2010-02-09 07:57:19.000000000 -0500
25741+++ linux-2.6.32.8/drivers/video/aty/radeon_backlight.c 2010-02-13 21:45:10.628618696 -0500
25742@@ -127,7 +127,7 @@ static int radeon_bl_get_brightness(stru
25743 return bd->props.brightness;
25744 }
25745
25746-static struct backlight_ops radeon_bl_data = {
25747+static const struct backlight_ops radeon_bl_data = {
25748 .get_brightness = radeon_bl_get_brightness,
25749 .update_status = radeon_bl_update_status,
25750 };
25751diff -urNp linux-2.6.32.8/drivers/video/backlight/adp5520_bl.c linux-2.6.32.8/drivers/video/backlight/adp5520_bl.c
25752--- linux-2.6.32.8/drivers/video/backlight/adp5520_bl.c 2010-02-09 07:57:19.000000000 -0500
25753+++ linux-2.6.32.8/drivers/video/backlight/adp5520_bl.c 2010-02-13 21:45:10.628618696 -0500
25754@@ -84,7 +84,7 @@ static int adp5520_bl_get_brightness(str
25755 return error ? data->current_brightness : reg_val;
25756 }
25757
25758-static struct backlight_ops adp5520_bl_ops = {
25759+static const struct backlight_ops adp5520_bl_ops = {
25760 .update_status = adp5520_bl_update_status,
25761 .get_brightness = adp5520_bl_get_brightness,
25762 };
25763diff -urNp linux-2.6.32.8/drivers/video/backlight/adx_bl.c linux-2.6.32.8/drivers/video/backlight/adx_bl.c
25764--- linux-2.6.32.8/drivers/video/backlight/adx_bl.c 2010-02-09 07:57:19.000000000 -0500
25765+++ linux-2.6.32.8/drivers/video/backlight/adx_bl.c 2010-02-13 21:45:10.628618696 -0500
25766@@ -61,7 +61,7 @@ static int adx_backlight_check_fb(struct
25767 return 1;
25768 }
25769
25770-static struct backlight_ops adx_backlight_ops = {
25771+static const struct backlight_ops adx_backlight_ops = {
25772 .options = 0,
25773 .update_status = adx_backlight_update_status,
25774 .get_brightness = adx_backlight_get_brightness,
25775diff -urNp linux-2.6.32.8/drivers/video/backlight/atmel-pwm-bl.c linux-2.6.32.8/drivers/video/backlight/atmel-pwm-bl.c
25776--- linux-2.6.32.8/drivers/video/backlight/atmel-pwm-bl.c 2010-02-09 07:57:19.000000000 -0500
25777+++ linux-2.6.32.8/drivers/video/backlight/atmel-pwm-bl.c 2010-02-13 21:45:10.629575593 -0500
25778@@ -113,7 +113,7 @@ static int atmel_pwm_bl_init_pwm(struct
25779 return pwm_channel_enable(&pwmbl->pwmc);
25780 }
25781
25782-static struct backlight_ops atmel_pwm_bl_ops = {
25783+static const struct backlight_ops atmel_pwm_bl_ops = {
25784 .get_brightness = atmel_pwm_bl_get_intensity,
25785 .update_status = atmel_pwm_bl_set_intensity,
25786 };
25787diff -urNp linux-2.6.32.8/drivers/video/backlight/backlight.c linux-2.6.32.8/drivers/video/backlight/backlight.c
25788--- linux-2.6.32.8/drivers/video/backlight/backlight.c 2010-02-09 07:57:19.000000000 -0500
25789+++ linux-2.6.32.8/drivers/video/backlight/backlight.c 2010-02-13 21:45:10.629575593 -0500
25790@@ -269,7 +269,7 @@ EXPORT_SYMBOL(backlight_force_update);
25791 * ERR_PTR() or a pointer to the newly allocated device.
25792 */
25793 struct backlight_device *backlight_device_register(const char *name,
25794- struct device *parent, void *devdata, struct backlight_ops *ops)
25795+ struct device *parent, void *devdata, const struct backlight_ops *ops)
25796 {
25797 struct backlight_device *new_bd;
25798 int rc;
25799diff -urNp linux-2.6.32.8/drivers/video/backlight/corgi_lcd.c linux-2.6.32.8/drivers/video/backlight/corgi_lcd.c
25800--- linux-2.6.32.8/drivers/video/backlight/corgi_lcd.c 2010-02-09 07:57:19.000000000 -0500
25801+++ linux-2.6.32.8/drivers/video/backlight/corgi_lcd.c 2010-02-13 21:45:10.629575593 -0500
25802@@ -451,7 +451,7 @@ void corgi_lcd_limit_intensity(int limit
25803 }
25804 EXPORT_SYMBOL(corgi_lcd_limit_intensity);
25805
25806-static struct backlight_ops corgi_bl_ops = {
25807+static const struct backlight_ops corgi_bl_ops = {
25808 .get_brightness = corgi_bl_get_intensity,
25809 .update_status = corgi_bl_update_status,
25810 };
25811diff -urNp linux-2.6.32.8/drivers/video/backlight/cr_bllcd.c linux-2.6.32.8/drivers/video/backlight/cr_bllcd.c
25812--- linux-2.6.32.8/drivers/video/backlight/cr_bllcd.c 2010-02-09 07:57:19.000000000 -0500
25813+++ linux-2.6.32.8/drivers/video/backlight/cr_bllcd.c 2010-02-13 21:45:10.629575593 -0500
25814@@ -108,7 +108,7 @@ static int cr_backlight_get_intensity(st
25815 return intensity;
25816 }
25817
25818-static struct backlight_ops cr_backlight_ops = {
25819+static const struct backlight_ops cr_backlight_ops = {
25820 .get_brightness = cr_backlight_get_intensity,
25821 .update_status = cr_backlight_set_intensity,
25822 };
25823diff -urNp linux-2.6.32.8/drivers/video/backlight/da903x_bl.c linux-2.6.32.8/drivers/video/backlight/da903x_bl.c
25824--- linux-2.6.32.8/drivers/video/backlight/da903x_bl.c 2010-02-09 07:57:19.000000000 -0500
25825+++ linux-2.6.32.8/drivers/video/backlight/da903x_bl.c 2010-02-13 21:45:10.629575593 -0500
25826@@ -94,7 +94,7 @@ static int da903x_backlight_get_brightne
25827 return data->current_brightness;
25828 }
25829
25830-static struct backlight_ops da903x_backlight_ops = {
25831+static const struct backlight_ops da903x_backlight_ops = {
25832 .update_status = da903x_backlight_update_status,
25833 .get_brightness = da903x_backlight_get_brightness,
25834 };
25835diff -urNp linux-2.6.32.8/drivers/video/backlight/generic_bl.c linux-2.6.32.8/drivers/video/backlight/generic_bl.c
25836--- linux-2.6.32.8/drivers/video/backlight/generic_bl.c 2010-02-09 07:57:19.000000000 -0500
25837+++ linux-2.6.32.8/drivers/video/backlight/generic_bl.c 2010-02-13 21:45:10.630567678 -0500
25838@@ -70,7 +70,7 @@ void corgibl_limit_intensity(int limit)
25839 }
25840 EXPORT_SYMBOL(corgibl_limit_intensity);
25841
25842-static struct backlight_ops genericbl_ops = {
25843+static const struct backlight_ops genericbl_ops = {
25844 .options = BL_CORE_SUSPENDRESUME,
25845 .get_brightness = genericbl_get_intensity,
25846 .update_status = genericbl_send_intensity,
25847diff -urNp linux-2.6.32.8/drivers/video/backlight/hp680_bl.c linux-2.6.32.8/drivers/video/backlight/hp680_bl.c
25848--- linux-2.6.32.8/drivers/video/backlight/hp680_bl.c 2010-02-09 07:57:19.000000000 -0500
25849+++ linux-2.6.32.8/drivers/video/backlight/hp680_bl.c 2010-02-13 21:45:10.630567678 -0500
25850@@ -98,7 +98,7 @@ static int hp680bl_get_intensity(struct
25851 return current_intensity;
25852 }
25853
25854-static struct backlight_ops hp680bl_ops = {
25855+static const struct backlight_ops hp680bl_ops = {
25856 .get_brightness = hp680bl_get_intensity,
25857 .update_status = hp680bl_set_intensity,
25858 };
25859diff -urNp linux-2.6.32.8/drivers/video/backlight/jornada720_bl.c linux-2.6.32.8/drivers/video/backlight/jornada720_bl.c
25860--- linux-2.6.32.8/drivers/video/backlight/jornada720_bl.c 2010-02-09 07:57:19.000000000 -0500
25861+++ linux-2.6.32.8/drivers/video/backlight/jornada720_bl.c 2010-02-13 21:45:10.630567678 -0500
25862@@ -93,7 +93,7 @@ out:
25863 return ret;
25864 }
25865
25866-static struct backlight_ops jornada_bl_ops = {
25867+static const struct backlight_ops jornada_bl_ops = {
25868 .get_brightness = jornada_bl_get_brightness,
25869 .update_status = jornada_bl_update_status,
25870 .options = BL_CORE_SUSPENDRESUME,
25871diff -urNp linux-2.6.32.8/drivers/video/backlight/kb3886_bl.c linux-2.6.32.8/drivers/video/backlight/kb3886_bl.c
25872--- linux-2.6.32.8/drivers/video/backlight/kb3886_bl.c 2010-02-09 07:57:19.000000000 -0500
25873+++ linux-2.6.32.8/drivers/video/backlight/kb3886_bl.c 2010-02-13 21:45:10.630567678 -0500
25874@@ -134,7 +134,7 @@ static int kb3886bl_get_intensity(struct
25875 return kb3886bl_intensity;
25876 }
25877
25878-static struct backlight_ops kb3886bl_ops = {
25879+static const struct backlight_ops kb3886bl_ops = {
25880 .get_brightness = kb3886bl_get_intensity,
25881 .update_status = kb3886bl_send_intensity,
25882 };
25883diff -urNp linux-2.6.32.8/drivers/video/backlight/locomolcd.c linux-2.6.32.8/drivers/video/backlight/locomolcd.c
25884--- linux-2.6.32.8/drivers/video/backlight/locomolcd.c 2010-02-09 07:57:19.000000000 -0500
25885+++ linux-2.6.32.8/drivers/video/backlight/locomolcd.c 2010-02-13 21:45:10.630567678 -0500
25886@@ -141,7 +141,7 @@ static int locomolcd_get_intensity(struc
25887 return current_intensity;
25888 }
25889
25890-static struct backlight_ops locomobl_data = {
25891+static const struct backlight_ops locomobl_data = {
25892 .get_brightness = locomolcd_get_intensity,
25893 .update_status = locomolcd_set_intensity,
25894 };
25895diff -urNp linux-2.6.32.8/drivers/video/backlight/mbp_nvidia_bl.c linux-2.6.32.8/drivers/video/backlight/mbp_nvidia_bl.c
25896--- linux-2.6.32.8/drivers/video/backlight/mbp_nvidia_bl.c 2010-02-09 07:57:19.000000000 -0500
25897+++ linux-2.6.32.8/drivers/video/backlight/mbp_nvidia_bl.c 2010-02-13 21:45:10.630567678 -0500
25898@@ -33,7 +33,7 @@ struct dmi_match_data {
25899 unsigned long iostart;
25900 unsigned long iolen;
25901 /* Backlight operations structure. */
25902- struct backlight_ops backlight_ops;
25903+ const struct backlight_ops backlight_ops;
25904 };
25905
25906 /* Module parameters. */
25907diff -urNp linux-2.6.32.8/drivers/video/backlight/omap1_bl.c linux-2.6.32.8/drivers/video/backlight/omap1_bl.c
25908--- linux-2.6.32.8/drivers/video/backlight/omap1_bl.c 2010-02-09 07:57:19.000000000 -0500
25909+++ linux-2.6.32.8/drivers/video/backlight/omap1_bl.c 2010-02-13 21:45:10.631602484 -0500
25910@@ -125,7 +125,7 @@ static int omapbl_get_intensity(struct b
25911 return bl->current_intensity;
25912 }
25913
25914-static struct backlight_ops omapbl_ops = {
25915+static const struct backlight_ops omapbl_ops = {
25916 .get_brightness = omapbl_get_intensity,
25917 .update_status = omapbl_update_status,
25918 };
25919diff -urNp linux-2.6.32.8/drivers/video/backlight/progear_bl.c linux-2.6.32.8/drivers/video/backlight/progear_bl.c
25920--- linux-2.6.32.8/drivers/video/backlight/progear_bl.c 2010-02-09 07:57:19.000000000 -0500
25921+++ linux-2.6.32.8/drivers/video/backlight/progear_bl.c 2010-02-13 21:45:10.631602484 -0500
25922@@ -54,7 +54,7 @@ static int progearbl_get_intensity(struc
25923 return intensity - HW_LEVEL_MIN;
25924 }
25925
25926-static struct backlight_ops progearbl_ops = {
25927+static const struct backlight_ops progearbl_ops = {
25928 .get_brightness = progearbl_get_intensity,
25929 .update_status = progearbl_set_intensity,
25930 };
25931diff -urNp linux-2.6.32.8/drivers/video/backlight/pwm_bl.c linux-2.6.32.8/drivers/video/backlight/pwm_bl.c
25932--- linux-2.6.32.8/drivers/video/backlight/pwm_bl.c 2010-02-09 07:57:19.000000000 -0500
25933+++ linux-2.6.32.8/drivers/video/backlight/pwm_bl.c 2010-02-13 21:45:10.631602484 -0500
25934@@ -56,7 +56,7 @@ static int pwm_backlight_get_brightness(
25935 return bl->props.brightness;
25936 }
25937
25938-static struct backlight_ops pwm_backlight_ops = {
25939+static const struct backlight_ops pwm_backlight_ops = {
25940 .update_status = pwm_backlight_update_status,
25941 .get_brightness = pwm_backlight_get_brightness,
25942 };
25943diff -urNp linux-2.6.32.8/drivers/video/backlight/tosa_bl.c linux-2.6.32.8/drivers/video/backlight/tosa_bl.c
25944--- linux-2.6.32.8/drivers/video/backlight/tosa_bl.c 2010-02-09 07:57:19.000000000 -0500
25945+++ linux-2.6.32.8/drivers/video/backlight/tosa_bl.c 2010-02-13 21:45:10.631602484 -0500
25946@@ -72,7 +72,7 @@ static int tosa_bl_get_brightness(struct
25947 return props->brightness;
25948 }
25949
25950-static struct backlight_ops bl_ops = {
25951+static const struct backlight_ops bl_ops = {
25952 .get_brightness = tosa_bl_get_brightness,
25953 .update_status = tosa_bl_update_status,
25954 };
25955diff -urNp linux-2.6.32.8/drivers/video/backlight/wm831x_bl.c linux-2.6.32.8/drivers/video/backlight/wm831x_bl.c
25956--- linux-2.6.32.8/drivers/video/backlight/wm831x_bl.c 2010-02-09 07:57:19.000000000 -0500
25957+++ linux-2.6.32.8/drivers/video/backlight/wm831x_bl.c 2010-02-13 21:45:10.631602484 -0500
25958@@ -112,7 +112,7 @@ static int wm831x_backlight_get_brightne
25959 return data->current_brightness;
25960 }
25961
25962-static struct backlight_ops wm831x_backlight_ops = {
25963+static const struct backlight_ops wm831x_backlight_ops = {
25964 .options = BL_CORE_SUSPENDRESUME,
25965 .update_status = wm831x_backlight_update_status,
25966 .get_brightness = wm831x_backlight_get_brightness,
25967diff -urNp linux-2.6.32.8/drivers/video/bf54x-lq043fb.c linux-2.6.32.8/drivers/video/bf54x-lq043fb.c
25968--- linux-2.6.32.8/drivers/video/bf54x-lq043fb.c 2010-02-09 07:57:19.000000000 -0500
25969+++ linux-2.6.32.8/drivers/video/bf54x-lq043fb.c 2010-02-13 21:45:10.631602484 -0500
25970@@ -463,7 +463,7 @@ static int bl_get_brightness(struct back
25971 return 0;
25972 }
25973
25974-static struct backlight_ops bfin_lq043fb_bl_ops = {
25975+static const struct backlight_ops bfin_lq043fb_bl_ops = {
25976 .get_brightness = bl_get_brightness,
25977 };
25978
25979diff -urNp linux-2.6.32.8/drivers/video/bfin-t350mcqb-fb.c linux-2.6.32.8/drivers/video/bfin-t350mcqb-fb.c
25980--- linux-2.6.32.8/drivers/video/bfin-t350mcqb-fb.c 2010-02-09 07:57:19.000000000 -0500
25981+++ linux-2.6.32.8/drivers/video/bfin-t350mcqb-fb.c 2010-02-13 21:45:10.631602484 -0500
25982@@ -381,7 +381,7 @@ static int bl_get_brightness(struct back
25983 return 0;
25984 }
25985
25986-static struct backlight_ops bfin_lq043fb_bl_ops = {
25987+static const struct backlight_ops bfin_lq043fb_bl_ops = {
25988 .get_brightness = bl_get_brightness,
25989 };
25990
25991diff -urNp linux-2.6.32.8/drivers/video/fbmem.c linux-2.6.32.8/drivers/video/fbmem.c
25992--- linux-2.6.32.8/drivers/video/fbmem.c 2010-02-09 07:57:19.000000000 -0500
25993+++ linux-2.6.32.8/drivers/video/fbmem.c 2010-02-13 21:45:10.632994619 -0500
25994@@ -403,7 +403,7 @@ static void fb_do_show_logo(struct fb_in
25995 image->dx += image->width + 8;
25996 }
25997 } else if (rotate == FB_ROTATE_UD) {
25998- for (x = 0; x < num && image->dx >= 0; x++) {
25999+ for (x = 0; x < num && (__s32)image->dx >= 0; x++) {
26000 info->fbops->fb_imageblit(info, image);
26001 image->dx -= image->width + 8;
26002 }
26003@@ -415,7 +415,7 @@ static void fb_do_show_logo(struct fb_in
26004 image->dy += image->height + 8;
26005 }
26006 } else if (rotate == FB_ROTATE_CCW) {
26007- for (x = 0; x < num && image->dy >= 0; x++) {
26008+ for (x = 0; x < num && (__s32)image->dy >= 0; x++) {
26009 info->fbops->fb_imageblit(info, image);
26010 image->dy -= image->height + 8;
26011 }
26012@@ -1119,7 +1119,7 @@ static long do_fb_ioctl(struct fb_info *
26013 return -EFAULT;
26014 if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES)
26015 return -EINVAL;
26016- if (con2fb.framebuffer < 0 || con2fb.framebuffer >= FB_MAX)
26017+ if (con2fb.framebuffer >= FB_MAX)
26018 return -EINVAL;
26019 if (!registered_fb[con2fb.framebuffer])
26020 request_module("fb%d", con2fb.framebuffer);
26021diff -urNp linux-2.6.32.8/drivers/video/fbmon.c linux-2.6.32.8/drivers/video/fbmon.c
26022--- linux-2.6.32.8/drivers/video/fbmon.c 2010-02-09 07:57:19.000000000 -0500
26023+++ linux-2.6.32.8/drivers/video/fbmon.c 2010-02-13 21:45:10.633534805 -0500
26024@@ -45,7 +45,7 @@
26025 #ifdef DEBUG
26026 #define DPRINTK(fmt, args...) printk(fmt,## args)
26027 #else
26028-#define DPRINTK(fmt, args...)
26029+#define DPRINTK(fmt, args...) do {} while (0)
26030 #endif
26031
26032 #define FBMON_FIX_HEADER 1
26033diff -urNp linux-2.6.32.8/drivers/video/i810/i810_accel.c linux-2.6.32.8/drivers/video/i810/i810_accel.c
26034--- linux-2.6.32.8/drivers/video/i810/i810_accel.c 2010-02-09 07:57:19.000000000 -0500
26035+++ linux-2.6.32.8/drivers/video/i810/i810_accel.c 2010-02-13 21:45:10.633534805 -0500
26036@@ -73,6 +73,7 @@ static inline int wait_for_space(struct
26037 }
26038 }
26039 printk("ringbuffer lockup!!!\n");
26040+ printk("head:%u tail:%u iring.size:%u space:%u\n", head, tail, par->iring.size, space);
26041 i810_report_error(mmio);
26042 par->dev_flags |= LOCKUP;
26043 info->pixmap.scan_align = 1;
26044diff -urNp linux-2.6.32.8/drivers/video/i810/i810_main.c linux-2.6.32.8/drivers/video/i810/i810_main.c
26045--- linux-2.6.32.8/drivers/video/i810/i810_main.c 2010-02-09 07:57:19.000000000 -0500
26046+++ linux-2.6.32.8/drivers/video/i810/i810_main.c 2010-02-13 21:45:10.633534805 -0500
26047@@ -120,7 +120,7 @@ static struct pci_device_id i810fb_pci_t
26048 PCI_ANY_ID, PCI_ANY_ID, 0, 0, 4 },
26049 { PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82815_CGC,
26050 PCI_ANY_ID, PCI_ANY_ID, 0, 0, 5 },
26051- { 0 },
26052+ { 0, 0, 0, 0, 0, 0, 0 },
26053 };
26054
26055 static struct pci_driver i810fb_driver = {
26056diff -urNp linux-2.6.32.8/drivers/video/modedb.c linux-2.6.32.8/drivers/video/modedb.c
26057--- linux-2.6.32.8/drivers/video/modedb.c 2010-02-09 07:57:19.000000000 -0500
26058+++ linux-2.6.32.8/drivers/video/modedb.c 2010-02-13 21:45:10.634599709 -0500
26059@@ -38,240 +38,240 @@ static const struct fb_videomode modedb[
26060 {
26061 /* 640x400 @ 70 Hz, 31.5 kHz hsync */
26062 NULL, 70, 640, 400, 39721, 40, 24, 39, 9, 96, 2,
26063- 0, FB_VMODE_NONINTERLACED
26064+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26065 }, {
26066 /* 640x480 @ 60 Hz, 31.5 kHz hsync */
26067 NULL, 60, 640, 480, 39721, 40, 24, 32, 11, 96, 2,
26068- 0, FB_VMODE_NONINTERLACED
26069+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26070 }, {
26071 /* 800x600 @ 56 Hz, 35.15 kHz hsync */
26072 NULL, 56, 800, 600, 27777, 128, 24, 22, 1, 72, 2,
26073- 0, FB_VMODE_NONINTERLACED
26074+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26075 }, {
26076 /* 1024x768 @ 87 Hz interlaced, 35.5 kHz hsync */
26077 NULL, 87, 1024, 768, 22271, 56, 24, 33, 8, 160, 8,
26078- 0, FB_VMODE_INTERLACED
26079+ 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26080 }, {
26081 /* 640x400 @ 85 Hz, 37.86 kHz hsync */
26082 NULL, 85, 640, 400, 31746, 96, 32, 41, 1, 64, 3,
26083- FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26084+ FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26085 }, {
26086 /* 640x480 @ 72 Hz, 36.5 kHz hsync */
26087 NULL, 72, 640, 480, 31746, 144, 40, 30, 8, 40, 3,
26088- 0, FB_VMODE_NONINTERLACED
26089+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26090 }, {
26091 /* 640x480 @ 75 Hz, 37.50 kHz hsync */
26092 NULL, 75, 640, 480, 31746, 120, 16, 16, 1, 64, 3,
26093- 0, FB_VMODE_NONINTERLACED
26094+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26095 }, {
26096 /* 800x600 @ 60 Hz, 37.8 kHz hsync */
26097 NULL, 60, 800, 600, 25000, 88, 40, 23, 1, 128, 4,
26098- FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26099+ FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26100 }, {
26101 /* 640x480 @ 85 Hz, 43.27 kHz hsync */
26102 NULL, 85, 640, 480, 27777, 80, 56, 25, 1, 56, 3,
26103- 0, FB_VMODE_NONINTERLACED
26104+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26105 }, {
26106 /* 1152x864 @ 89 Hz interlaced, 44 kHz hsync */
26107 NULL, 89, 1152, 864, 15384, 96, 16, 110, 1, 216, 10,
26108- 0, FB_VMODE_INTERLACED
26109+ 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26110 }, {
26111 /* 800x600 @ 72 Hz, 48.0 kHz hsync */
26112 NULL, 72, 800, 600, 20000, 64, 56, 23, 37, 120, 6,
26113- FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26114+ FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26115 }, {
26116 /* 1024x768 @ 60 Hz, 48.4 kHz hsync */
26117 NULL, 60, 1024, 768, 15384, 168, 8, 29, 3, 144, 6,
26118- 0, FB_VMODE_NONINTERLACED
26119+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26120 }, {
26121 /* 640x480 @ 100 Hz, 53.01 kHz hsync */
26122 NULL, 100, 640, 480, 21834, 96, 32, 36, 8, 96, 6,
26123- 0, FB_VMODE_NONINTERLACED
26124+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26125 }, {
26126 /* 1152x864 @ 60 Hz, 53.5 kHz hsync */
26127 NULL, 60, 1152, 864, 11123, 208, 64, 16, 4, 256, 8,
26128- 0, FB_VMODE_NONINTERLACED
26129+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26130 }, {
26131 /* 800x600 @ 85 Hz, 55.84 kHz hsync */
26132 NULL, 85, 800, 600, 16460, 160, 64, 36, 16, 64, 5,
26133- 0, FB_VMODE_NONINTERLACED
26134+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26135 }, {
26136 /* 1024x768 @ 70 Hz, 56.5 kHz hsync */
26137 NULL, 70, 1024, 768, 13333, 144, 24, 29, 3, 136, 6,
26138- 0, FB_VMODE_NONINTERLACED
26139+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26140 }, {
26141 /* 1280x1024 @ 87 Hz interlaced, 51 kHz hsync */
26142 NULL, 87, 1280, 1024, 12500, 56, 16, 128, 1, 216, 12,
26143- 0, FB_VMODE_INTERLACED
26144+ 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26145 }, {
26146 /* 800x600 @ 100 Hz, 64.02 kHz hsync */
26147 NULL, 100, 800, 600, 14357, 160, 64, 30, 4, 64, 6,
26148- 0, FB_VMODE_NONINTERLACED
26149+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26150 }, {
26151 /* 1024x768 @ 76 Hz, 62.5 kHz hsync */
26152 NULL, 76, 1024, 768, 11764, 208, 8, 36, 16, 120, 3,
26153- 0, FB_VMODE_NONINTERLACED
26154+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26155 }, {
26156 /* 1152x864 @ 70 Hz, 62.4 kHz hsync */
26157 NULL, 70, 1152, 864, 10869, 106, 56, 20, 1, 160, 10,
26158- 0, FB_VMODE_NONINTERLACED
26159+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26160 }, {
26161 /* 1280x1024 @ 61 Hz, 64.2 kHz hsync */
26162 NULL, 61, 1280, 1024, 9090, 200, 48, 26, 1, 184, 3,
26163- 0, FB_VMODE_NONINTERLACED
26164+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26165 }, {
26166 /* 1400x1050 @ 60Hz, 63.9 kHz hsync */
26167 NULL, 60, 1400, 1050, 9259, 136, 40, 13, 1, 112, 3,
26168- 0, FB_VMODE_NONINTERLACED
26169+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26170 }, {
26171 /* 1400x1050 @ 75,107 Hz, 82,392 kHz +hsync +vsync*/
26172 NULL, 75, 1400, 1050, 7190, 120, 56, 23, 10, 112, 13,
26173- FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26174+ FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26175 }, {
26176 /* 1400x1050 @ 60 Hz, ? kHz +hsync +vsync*/
26177 NULL, 60, 1400, 1050, 9259, 128, 40, 12, 0, 112, 3,
26178- FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26179+ FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26180 }, {
26181 /* 1024x768 @ 85 Hz, 70.24 kHz hsync */
26182 NULL, 85, 1024, 768, 10111, 192, 32, 34, 14, 160, 6,
26183- 0, FB_VMODE_NONINTERLACED
26184+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26185 }, {
26186 /* 1152x864 @ 78 Hz, 70.8 kHz hsync */
26187 NULL, 78, 1152, 864, 9090, 228, 88, 32, 0, 84, 12,
26188- 0, FB_VMODE_NONINTERLACED
26189+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26190 }, {
26191 /* 1280x1024 @ 70 Hz, 74.59 kHz hsync */
26192 NULL, 70, 1280, 1024, 7905, 224, 32, 28, 8, 160, 8,
26193- 0, FB_VMODE_NONINTERLACED
26194+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26195 }, {
26196 /* 1600x1200 @ 60Hz, 75.00 kHz hsync */
26197 NULL, 60, 1600, 1200, 6172, 304, 64, 46, 1, 192, 3,
26198- FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26199+ FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26200 }, {
26201 /* 1152x864 @ 84 Hz, 76.0 kHz hsync */
26202 NULL, 84, 1152, 864, 7407, 184, 312, 32, 0, 128, 12,
26203- 0, FB_VMODE_NONINTERLACED
26204+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26205 }, {
26206 /* 1280x1024 @ 74 Hz, 78.85 kHz hsync */
26207 NULL, 74, 1280, 1024, 7407, 256, 32, 34, 3, 144, 3,
26208- 0, FB_VMODE_NONINTERLACED
26209+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26210 }, {
26211 /* 1024x768 @ 100Hz, 80.21 kHz hsync */
26212 NULL, 100, 1024, 768, 8658, 192, 32, 21, 3, 192, 10,
26213- 0, FB_VMODE_NONINTERLACED
26214+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26215 }, {
26216 /* 1280x1024 @ 76 Hz, 81.13 kHz hsync */
26217 NULL, 76, 1280, 1024, 7407, 248, 32, 34, 3, 104, 3,
26218- 0, FB_VMODE_NONINTERLACED
26219+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26220 }, {
26221 /* 1600x1200 @ 70 Hz, 87.50 kHz hsync */
26222 NULL, 70, 1600, 1200, 5291, 304, 64, 46, 1, 192, 3,
26223- 0, FB_VMODE_NONINTERLACED
26224+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26225 }, {
26226 /* 1152x864 @ 100 Hz, 89.62 kHz hsync */
26227 NULL, 100, 1152, 864, 7264, 224, 32, 17, 2, 128, 19,
26228- 0, FB_VMODE_NONINTERLACED
26229+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26230 }, {
26231 /* 1280x1024 @ 85 Hz, 91.15 kHz hsync */
26232 NULL, 85, 1280, 1024, 6349, 224, 64, 44, 1, 160, 3,
26233- FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26234+ FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26235 }, {
26236 /* 1600x1200 @ 75 Hz, 93.75 kHz hsync */
26237 NULL, 75, 1600, 1200, 4938, 304, 64, 46, 1, 192, 3,
26238- FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26239+ FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26240 }, {
26241 /* 1680x1050 @ 60 Hz, 65.191 kHz hsync */
26242 NULL, 60, 1680, 1050, 6848, 280, 104, 30, 3, 176, 6,
26243- FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26244+ FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26245 }, {
26246 /* 1600x1200 @ 85 Hz, 105.77 kHz hsync */
26247 NULL, 85, 1600, 1200, 4545, 272, 16, 37, 4, 192, 3,
26248- FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26249+ FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26250 }, {
26251 /* 1280x1024 @ 100 Hz, 107.16 kHz hsync */
26252 NULL, 100, 1280, 1024, 5502, 256, 32, 26, 7, 128, 15,
26253- 0, FB_VMODE_NONINTERLACED
26254+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26255 }, {
26256 /* 1800x1440 @ 64Hz, 96.15 kHz hsync */
26257 NULL, 64, 1800, 1440, 4347, 304, 96, 46, 1, 192, 3,
26258- FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26259+ FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26260 }, {
26261 /* 1800x1440 @ 70Hz, 104.52 kHz hsync */
26262 NULL, 70, 1800, 1440, 4000, 304, 96, 46, 1, 192, 3,
26263- FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26264+ FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26265 }, {
26266 /* 512x384 @ 78 Hz, 31.50 kHz hsync */
26267 NULL, 78, 512, 384, 49603, 48, 16, 16, 1, 64, 3,
26268- 0, FB_VMODE_NONINTERLACED
26269+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26270 }, {
26271 /* 512x384 @ 85 Hz, 34.38 kHz hsync */
26272 NULL, 85, 512, 384, 45454, 48, 16, 16, 1, 64, 3,
26273- 0, FB_VMODE_NONINTERLACED
26274+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26275 }, {
26276 /* 320x200 @ 70 Hz, 31.5 kHz hsync, 8:5 aspect ratio */
26277 NULL, 70, 320, 200, 79440, 16, 16, 20, 4, 48, 1,
26278- 0, FB_VMODE_DOUBLE
26279+ 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26280 }, {
26281 /* 320x240 @ 60 Hz, 31.5 kHz hsync, 4:3 aspect ratio */
26282 NULL, 60, 320, 240, 79440, 16, 16, 16, 5, 48, 1,
26283- 0, FB_VMODE_DOUBLE
26284+ 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26285 }, {
26286 /* 320x240 @ 72 Hz, 36.5 kHz hsync */
26287 NULL, 72, 320, 240, 63492, 16, 16, 16, 4, 48, 2,
26288- 0, FB_VMODE_DOUBLE
26289+ 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26290 }, {
26291 /* 400x300 @ 56 Hz, 35.2 kHz hsync, 4:3 aspect ratio */
26292 NULL, 56, 400, 300, 55555, 64, 16, 10, 1, 32, 1,
26293- 0, FB_VMODE_DOUBLE
26294+ 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26295 }, {
26296 /* 400x300 @ 60 Hz, 37.8 kHz hsync */
26297 NULL, 60, 400, 300, 50000, 48, 16, 11, 1, 64, 2,
26298- 0, FB_VMODE_DOUBLE
26299+ 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26300 }, {
26301 /* 400x300 @ 72 Hz, 48.0 kHz hsync */
26302 NULL, 72, 400, 300, 40000, 32, 24, 11, 19, 64, 3,
26303- 0, FB_VMODE_DOUBLE
26304+ 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26305 }, {
26306 /* 480x300 @ 56 Hz, 35.2 kHz hsync, 8:5 aspect ratio */
26307 NULL, 56, 480, 300, 46176, 80, 16, 10, 1, 40, 1,
26308- 0, FB_VMODE_DOUBLE
26309+ 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26310 }, {
26311 /* 480x300 @ 60 Hz, 37.8 kHz hsync */
26312 NULL, 60, 480, 300, 41858, 56, 16, 11, 1, 80, 2,
26313- 0, FB_VMODE_DOUBLE
26314+ 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26315 }, {
26316 /* 480x300 @ 63 Hz, 39.6 kHz hsync */
26317 NULL, 63, 480, 300, 40000, 56, 16, 11, 1, 80, 2,
26318- 0, FB_VMODE_DOUBLE
26319+ 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26320 }, {
26321 /* 480x300 @ 72 Hz, 48.0 kHz hsync */
26322 NULL, 72, 480, 300, 33386, 40, 24, 11, 19, 80, 3,
26323- 0, FB_VMODE_DOUBLE
26324+ 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26325 }, {
26326 /* 1920x1200 @ 60 Hz, 74.5 Khz hsync */
26327 NULL, 60, 1920, 1200, 5177, 128, 336, 1, 38, 208, 3,
26328 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
26329- FB_VMODE_NONINTERLACED
26330+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26331 }, {
26332 /* 1152x768, 60 Hz, PowerBook G4 Titanium I and II */
26333 NULL, 60, 1152, 768, 14047, 158, 26, 29, 3, 136, 6,
26334- FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26335+ FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26336 }, {
26337 /* 1366x768, 60 Hz, 47.403 kHz hsync, WXGA 16:9 aspect ratio */
26338 NULL, 60, 1366, 768, 13806, 120, 10, 14, 3, 32, 5,
26339- 0, FB_VMODE_NONINTERLACED
26340+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26341 }, {
26342 /* 1280x800, 60 Hz, 47.403 kHz hsync, WXGA 16:10 aspect ratio */
26343 NULL, 60, 1280, 800, 12048, 200, 64, 24, 1, 136, 3,
26344- 0, FB_VMODE_NONINTERLACED
26345+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26346 }, {
26347 /* 720x576i @ 50 Hz, 15.625 kHz hsync (PAL RGB) */
26348 NULL, 50, 720, 576, 74074, 64, 16, 39, 5, 64, 5,
26349- 0, FB_VMODE_INTERLACED
26350+ 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26351 }, {
26352 /* 800x520i @ 50 Hz, 15.625 kHz hsync (PAL RGB) */
26353 NULL, 50, 800, 520, 58823, 144, 64, 72, 28, 80, 5,
26354- 0, FB_VMODE_INTERLACED
26355+ 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26356 },
26357 };
26358
26359diff -urNp linux-2.6.32.8/drivers/video/nvidia/nv_backlight.c linux-2.6.32.8/drivers/video/nvidia/nv_backlight.c
26360--- linux-2.6.32.8/drivers/video/nvidia/nv_backlight.c 2010-02-09 07:57:19.000000000 -0500
26361+++ linux-2.6.32.8/drivers/video/nvidia/nv_backlight.c 2010-02-13 21:45:10.634599709 -0500
26362@@ -87,7 +87,7 @@ static int nvidia_bl_get_brightness(stru
26363 return bd->props.brightness;
26364 }
26365
26366-static struct backlight_ops nvidia_bl_ops = {
26367+static const struct backlight_ops nvidia_bl_ops = {
26368 .get_brightness = nvidia_bl_get_brightness,
26369 .update_status = nvidia_bl_update_status,
26370 };
26371diff -urNp linux-2.6.32.8/drivers/video/riva/fbdev.c linux-2.6.32.8/drivers/video/riva/fbdev.c
26372--- linux-2.6.32.8/drivers/video/riva/fbdev.c 2010-02-09 07:57:19.000000000 -0500
26373+++ linux-2.6.32.8/drivers/video/riva/fbdev.c 2010-02-13 21:45:10.635686555 -0500
26374@@ -331,7 +331,7 @@ static int riva_bl_get_brightness(struct
26375 return bd->props.brightness;
26376 }
26377
26378-static struct backlight_ops riva_bl_ops = {
26379+static const struct backlight_ops riva_bl_ops = {
26380 .get_brightness = riva_bl_get_brightness,
26381 .update_status = riva_bl_update_status,
26382 };
26383diff -urNp linux-2.6.32.8/drivers/video/uvesafb.c linux-2.6.32.8/drivers/video/uvesafb.c
26384--- linux-2.6.32.8/drivers/video/uvesafb.c 2010-02-09 07:57:19.000000000 -0500
26385+++ linux-2.6.32.8/drivers/video/uvesafb.c 2010-02-13 21:45:10.635686555 -0500
26386@@ -18,6 +18,7 @@
26387 #include <linux/fb.h>
26388 #include <linux/io.h>
26389 #include <linux/mutex.h>
26390+#include <linux/moduleloader.h>
26391 #include <video/edid.h>
26392 #include <video/uvesafb.h>
26393 #ifdef CONFIG_X86
26394@@ -120,7 +121,7 @@ static int uvesafb_helper_start(void)
26395 NULL,
26396 };
26397
26398- return call_usermodehelper(v86d_path, argv, envp, 1);
26399+ return call_usermodehelper(v86d_path, argv, envp, UMH_WAIT_PROC);
26400 }
26401
26402 /*
26403@@ -568,10 +569,32 @@ static int __devinit uvesafb_vbe_getpmi(
26404 if ((task->t.regs.eax & 0xffff) != 0x4f || task->t.regs.es < 0xc000) {
26405 par->pmi_setpal = par->ypan = 0;
26406 } else {
26407+
26408+#ifdef CONFIG_PAX_KERNEXEC
26409+#ifdef CONFIG_MODULES
26410+ par->pmi_code = module_alloc_exec((u16)task->t.regs.ecx);
26411+#endif
26412+ if (!par->pmi_code) {
26413+ par->pmi_setpal = par->ypan = 0;
26414+ return 0;
26415+ }
26416+#endif
26417+
26418 par->pmi_base = (u16 *)phys_to_virt(((u32)task->t.regs.es << 4)
26419 + task->t.regs.edi);
26420+
26421+#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26422+ pax_open_kernel();
26423+ memcpy(par->pmi_code, par->pmi_base, (u16)task->t.regs.ecx);
26424+ pax_close_kernel();
26425+
26426+ par->pmi_start = ktva_ktla(par->pmi_code + par->pmi_base[1]);
26427+ par->pmi_pal = ktva_ktla(par->pmi_code + par->pmi_base[2]);
26428+#else
26429 par->pmi_start = (u8 *)par->pmi_base + par->pmi_base[1];
26430 par->pmi_pal = (u8 *)par->pmi_base + par->pmi_base[2];
26431+#endif
26432+
26433 printk(KERN_INFO "uvesafb: protected mode interface info at "
26434 "%04x:%04x\n",
26435 (u16)task->t.regs.es, (u16)task->t.regs.edi);
26436@@ -1799,6 +1822,11 @@ out:
26437 if (par->vbe_modes)
26438 kfree(par->vbe_modes);
26439
26440+#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26441+ if (par->pmi_code)
26442+ module_free_exec(NULL, par->pmi_code);
26443+#endif
26444+
26445 framebuffer_release(info);
26446 return err;
26447 }
26448@@ -1825,6 +1853,12 @@ static int uvesafb_remove(struct platfor
26449 kfree(par->vbe_state_orig);
26450 if (par->vbe_state_saved)
26451 kfree(par->vbe_state_saved);
26452+
26453+#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26454+ if (par->pmi_code)
26455+ module_free_exec(NULL, par->pmi_code);
26456+#endif
26457+
26458 }
26459
26460 framebuffer_release(info);
26461diff -urNp linux-2.6.32.8/drivers/video/vesafb.c linux-2.6.32.8/drivers/video/vesafb.c
26462--- linux-2.6.32.8/drivers/video/vesafb.c 2010-02-09 07:57:19.000000000 -0500
26463+++ linux-2.6.32.8/drivers/video/vesafb.c 2010-02-13 21:45:10.635686555 -0500
26464@@ -9,6 +9,7 @@
26465 */
26466
26467 #include <linux/module.h>
26468+#include <linux/moduleloader.h>
26469 #include <linux/kernel.h>
26470 #include <linux/errno.h>
26471 #include <linux/string.h>
26472@@ -53,8 +54,8 @@ static int vram_remap __initdata; /*
26473 static int vram_total __initdata; /* Set total amount of memory */
26474 static int pmi_setpal __read_mostly = 1; /* pmi for palette changes ??? */
26475 static int ypan __read_mostly; /* 0..nothing, 1..ypan, 2..ywrap */
26476-static void (*pmi_start)(void) __read_mostly;
26477-static void (*pmi_pal) (void) __read_mostly;
26478+static void (*pmi_start)(void) __read_only;
26479+static void (*pmi_pal) (void) __read_only;
26480 static int depth __read_mostly;
26481 static int vga_compat __read_mostly;
26482 /* --------------------------------------------------------------------- */
26483@@ -233,6 +234,7 @@ static int __init vesafb_probe(struct pl
26484 unsigned int size_vmode;
26485 unsigned int size_remap;
26486 unsigned int size_total;
26487+ void *pmi_code = NULL;
26488
26489 if (screen_info.orig_video_isVGA != VIDEO_TYPE_VLFB)
26490 return -ENODEV;
26491@@ -275,10 +277,6 @@ static int __init vesafb_probe(struct pl
26492 size_remap = size_total;
26493 vesafb_fix.smem_len = size_remap;
26494
26495-#ifndef __i386__
26496- screen_info.vesapm_seg = 0;
26497-#endif
26498-
26499 if (!request_mem_region(vesafb_fix.smem_start, size_total, "vesafb")) {
26500 printk(KERN_WARNING
26501 "vesafb: cannot reserve video memory at 0x%lx\n",
26502@@ -315,9 +313,21 @@ static int __init vesafb_probe(struct pl
26503 printk(KERN_INFO "vesafb: mode is %dx%dx%d, linelength=%d, pages=%d\n",
26504 vesafb_defined.xres, vesafb_defined.yres, vesafb_defined.bits_per_pixel, vesafb_fix.line_length, screen_info.pages);
26505
26506+#ifdef __i386__
26507+
26508+#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26509+ pmi_code = module_alloc_exec(screen_info.vesapm_size);
26510+ if (!pmi_code)
26511+#elif !defined(CONFIG_PAX_KERNEXEC)
26512+ if (0)
26513+#endif
26514+
26515+#endif
26516+ screen_info.vesapm_seg = 0;
26517+
26518 if (screen_info.vesapm_seg) {
26519- printk(KERN_INFO "vesafb: protected mode interface info at %04x:%04x\n",
26520- screen_info.vesapm_seg,screen_info.vesapm_off);
26521+ printk(KERN_INFO "vesafb: protected mode interface info at %04x:%04x %04x bytes\n",
26522+ screen_info.vesapm_seg,screen_info.vesapm_off,screen_info.vesapm_size);
26523 }
26524
26525 if (screen_info.vesapm_seg < 0xc000)
26526@@ -325,9 +335,25 @@ static int __init vesafb_probe(struct pl
26527
26528 if (ypan || pmi_setpal) {
26529 unsigned short *pmi_base;
26530- pmi_base = (unsigned short*)phys_to_virt(((unsigned long)screen_info.vesapm_seg << 4) + screen_info.vesapm_off);
26531- pmi_start = (void*)((char*)pmi_base + pmi_base[1]);
26532- pmi_pal = (void*)((char*)pmi_base + pmi_base[2]);
26533+
26534+ pmi_base = (unsigned short*)phys_to_virt(((unsigned long)screen_info.vesapm_seg << 4) + screen_info.vesapm_off);
26535+
26536+#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26537+ pax_open_kernel();
26538+ memcpy(pmi_code, pmi_base, screen_info.vesapm_size);
26539+#else
26540+ pmi_code = pmi_base;
26541+#endif
26542+
26543+ pmi_start = (void*)((char*)pmi_code + pmi_base[1]);
26544+ pmi_pal = (void*)((char*)pmi_code + pmi_base[2]);
26545+
26546+#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26547+ pmi_start = ktva_ktla(pmi_start);
26548+ pmi_pal = ktva_ktla(pmi_pal);
26549+ pax_close_kernel();
26550+#endif
26551+
26552 printk(KERN_INFO "vesafb: pmi: set display start = %p, set palette = %p\n",pmi_start,pmi_pal);
26553 if (pmi_base[3]) {
26554 printk(KERN_INFO "vesafb: pmi: ports = ");
26555@@ -469,6 +495,11 @@ static int __init vesafb_probe(struct pl
26556 info->node, info->fix.id);
26557 return 0;
26558 err:
26559+
26560+#if defined(__i386__) && defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26561+ module_free_exec(NULL, pmi_code);
26562+#endif
26563+
26564 if (info->screen_base)
26565 iounmap(info->screen_base);
26566 framebuffer_release(info);
26567diff -urNp linux-2.6.32.8/drivers/xen/sys-hypervisor.c linux-2.6.32.8/drivers/xen/sys-hypervisor.c
26568--- linux-2.6.32.8/drivers/xen/sys-hypervisor.c 2010-02-09 07:57:19.000000000 -0500
26569+++ linux-2.6.32.8/drivers/xen/sys-hypervisor.c 2010-02-13 21:45:10.635686555 -0500
26570@@ -425,7 +425,7 @@ static ssize_t hyp_sysfs_store(struct ko
26571 return 0;
26572 }
26573
26574-static struct sysfs_ops hyp_sysfs_ops = {
26575+static const struct sysfs_ops hyp_sysfs_ops = {
26576 .show = hyp_sysfs_show,
26577 .store = hyp_sysfs_store,
26578 };
26579diff -urNp linux-2.6.32.8/fs/9p/vfs_inode.c linux-2.6.32.8/fs/9p/vfs_inode.c
26580--- linux-2.6.32.8/fs/9p/vfs_inode.c 2010-02-09 07:57:19.000000000 -0500
26581+++ linux-2.6.32.8/fs/9p/vfs_inode.c 2010-02-13 21:45:10.635686555 -0500
26582@@ -1079,7 +1079,7 @@ static void *v9fs_vfs_follow_link(struct
26583 static void
26584 v9fs_vfs_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
26585 {
26586- char *s = nd_get_link(nd);
26587+ const char *s = nd_get_link(nd);
26588
26589 P9_DPRINTK(P9_DEBUG_VFS, " %s %s\n", dentry->d_name.name,
26590 IS_ERR(s) ? "<error>" : s);
26591diff -urNp linux-2.6.32.8/fs/aio.c linux-2.6.32.8/fs/aio.c
26592--- linux-2.6.32.8/fs/aio.c 2010-02-09 07:57:19.000000000 -0500
26593+++ linux-2.6.32.8/fs/aio.c 2010-02-13 21:45:10.636989162 -0500
26594@@ -115,7 +115,7 @@ static int aio_setup_ring(struct kioctx
26595 size += sizeof(struct io_event) * nr_events;
26596 nr_pages = (size + PAGE_SIZE-1) >> PAGE_SHIFT;
26597
26598- if (nr_pages < 0)
26599+ if (nr_pages <= 0)
26600 return -EINVAL;
26601
26602 nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event);
26603diff -urNp linux-2.6.32.8/fs/attr.c linux-2.6.32.8/fs/attr.c
26604--- linux-2.6.32.8/fs/attr.c 2010-02-09 07:57:19.000000000 -0500
26605+++ linux-2.6.32.8/fs/attr.c 2010-02-13 21:45:10.636989162 -0500
26606@@ -83,6 +83,7 @@ int inode_newsize_ok(const struct inode
26607 unsigned long limit;
26608
26609 limit = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
26610+ gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long)offset, 1);
26611 if (limit != RLIM_INFINITY && offset > limit)
26612 goto out_sig;
26613 if (offset > inode->i_sb->s_maxbytes)
26614diff -urNp linux-2.6.32.8/fs/autofs/root.c linux-2.6.32.8/fs/autofs/root.c
26615--- linux-2.6.32.8/fs/autofs/root.c 2010-02-09 07:57:19.000000000 -0500
26616+++ linux-2.6.32.8/fs/autofs/root.c 2010-02-13 21:45:10.636989162 -0500
26617@@ -299,7 +299,8 @@ static int autofs_root_symlink(struct in
26618 set_bit(n,sbi->symlink_bitmap);
26619 sl = &sbi->symlink[n];
26620 sl->len = strlen(symname);
26621- sl->data = kmalloc(slsize = sl->len+1, GFP_KERNEL);
26622+ slsize = sl->len+1;
26623+ sl->data = kmalloc(slsize, GFP_KERNEL);
26624 if (!sl->data) {
26625 clear_bit(n,sbi->symlink_bitmap);
26626 unlock_kernel();
26627diff -urNp linux-2.6.32.8/fs/autofs4/symlink.c linux-2.6.32.8/fs/autofs4/symlink.c
26628--- linux-2.6.32.8/fs/autofs4/symlink.c 2010-02-09 07:57:19.000000000 -0500
26629+++ linux-2.6.32.8/fs/autofs4/symlink.c 2010-02-13 21:45:10.636989162 -0500
26630@@ -15,7 +15,7 @@
26631 static void *autofs4_follow_link(struct dentry *dentry, struct nameidata *nd)
26632 {
26633 struct autofs_info *ino = autofs4_dentry_ino(dentry);
26634- nd_set_link(nd, (char *)ino->u.symlink);
26635+ nd_set_link(nd, ino->u.symlink);
26636 return NULL;
26637 }
26638
26639diff -urNp linux-2.6.32.8/fs/befs/linuxvfs.c linux-2.6.32.8/fs/befs/linuxvfs.c
26640--- linux-2.6.32.8/fs/befs/linuxvfs.c 2010-02-09 07:57:19.000000000 -0500
26641+++ linux-2.6.32.8/fs/befs/linuxvfs.c 2010-02-13 21:45:10.637988657 -0500
26642@@ -493,7 +493,7 @@ static void befs_put_link(struct dentry
26643 {
26644 befs_inode_info *befs_ino = BEFS_I(dentry->d_inode);
26645 if (befs_ino->i_flags & BEFS_LONG_SYMLINK) {
26646- char *link = nd_get_link(nd);
26647+ const char *link = nd_get_link(nd);
26648 if (!IS_ERR(link))
26649 kfree(link);
26650 }
26651diff -urNp linux-2.6.32.8/fs/binfmt_aout.c linux-2.6.32.8/fs/binfmt_aout.c
26652--- linux-2.6.32.8/fs/binfmt_aout.c 2010-02-09 07:57:19.000000000 -0500
26653+++ linux-2.6.32.8/fs/binfmt_aout.c 2010-02-13 21:45:10.637988657 -0500
26654@@ -16,6 +16,7 @@
26655 #include <linux/string.h>
26656 #include <linux/fs.h>
26657 #include <linux/file.h>
26658+#include <linux/security.h>
26659 #include <linux/stat.h>
26660 #include <linux/fcntl.h>
26661 #include <linux/ptrace.h>
26662@@ -113,10 +114,12 @@ static int aout_core_dump(long signr, st
26663
26664 /* If the size of the dump file exceeds the rlimit, then see what would happen
26665 if we wrote the stack, but not the data area. */
26666+ gr_learn_resource(current, RLIMIT_CORE, (dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE, 1);
26667 if ((dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE > limit)
26668 dump.u_dsize = 0;
26669
26670 /* Make sure we have enough room to write the stack and data areas. */
26671+ gr_learn_resource(current, RLIMIT_CORE, (dump.u_ssize + 1) * PAGE_SIZE, 1);
26672 if ((dump.u_ssize + 1) * PAGE_SIZE > limit)
26673 dump.u_ssize = 0;
26674
26675@@ -249,6 +252,8 @@ static int load_aout_binary(struct linux
26676 rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
26677 if (rlim >= RLIM_INFINITY)
26678 rlim = ~0;
26679+
26680+ gr_learn_resource(current, RLIMIT_DATA, ex.a_data + ex.a_bss, 1);
26681 if (ex.a_data + ex.a_bss > rlim)
26682 return -ENOMEM;
26683
26684@@ -277,6 +282,27 @@ static int load_aout_binary(struct linux
26685 install_exec_creds(bprm);
26686 current->flags &= ~PF_FORKNOEXEC;
26687
26688+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
26689+ current->mm->pax_flags = 0UL;
26690+#endif
26691+
26692+#ifdef CONFIG_PAX_PAGEEXEC
26693+ if (!(N_FLAGS(ex) & F_PAX_PAGEEXEC)) {
26694+ current->mm->pax_flags |= MF_PAX_PAGEEXEC;
26695+
26696+#ifdef CONFIG_PAX_EMUTRAMP
26697+ if (N_FLAGS(ex) & F_PAX_EMUTRAMP)
26698+ current->mm->pax_flags |= MF_PAX_EMUTRAMP;
26699+#endif
26700+
26701+#ifdef CONFIG_PAX_MPROTECT
26702+ if (!(N_FLAGS(ex) & F_PAX_MPROTECT))
26703+ current->mm->pax_flags |= MF_PAX_MPROTECT;
26704+#endif
26705+
26706+ }
26707+#endif
26708+
26709 if (N_MAGIC(ex) == OMAGIC) {
26710 unsigned long text_addr, map_size;
26711 loff_t pos;
26712@@ -349,7 +375,7 @@ static int load_aout_binary(struct linux
26713
26714 down_write(&current->mm->mmap_sem);
26715 error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
26716- PROT_READ | PROT_WRITE | PROT_EXEC,
26717+ PROT_READ | PROT_WRITE,
26718 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
26719 fd_offset + ex.a_text);
26720 up_write(&current->mm->mmap_sem);
26721diff -urNp linux-2.6.32.8/fs/binfmt_elf.c linux-2.6.32.8/fs/binfmt_elf.c
26722--- linux-2.6.32.8/fs/binfmt_elf.c 2010-02-09 07:57:19.000000000 -0500
26723+++ linux-2.6.32.8/fs/binfmt_elf.c 2010-02-13 21:45:10.638995106 -0500
26724@@ -50,6 +50,10 @@ static int elf_core_dump(long signr, str
26725 #define elf_core_dump NULL
26726 #endif
26727
26728+#ifdef CONFIG_PAX_MPROTECT
26729+static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags);
26730+#endif
26731+
26732 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
26733 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
26734 #else
26735@@ -69,6 +73,11 @@ static struct linux_binfmt elf_format =
26736 .load_binary = load_elf_binary,
26737 .load_shlib = load_elf_library,
26738 .core_dump = elf_core_dump,
26739+
26740+#ifdef CONFIG_PAX_MPROTECT
26741+ .handle_mprotect= elf_handle_mprotect,
26742+#endif
26743+
26744 .min_coredump = ELF_EXEC_PAGESIZE,
26745 .hasvdso = 1
26746 };
26747@@ -77,6 +86,8 @@ static struct linux_binfmt elf_format =
26748
26749 static int set_brk(unsigned long start, unsigned long end)
26750 {
26751+ unsigned long e = end;
26752+
26753 start = ELF_PAGEALIGN(start);
26754 end = ELF_PAGEALIGN(end);
26755 if (end > start) {
26756@@ -87,7 +98,7 @@ static int set_brk(unsigned long start,
26757 if (BAD_ADDR(addr))
26758 return addr;
26759 }
26760- current->mm->start_brk = current->mm->brk = end;
26761+ current->mm->start_brk = current->mm->brk = e;
26762 return 0;
26763 }
26764
26765@@ -148,7 +159,7 @@ create_elf_tables(struct linux_binprm *b
26766 elf_addr_t __user *u_rand_bytes;
26767 const char *k_platform = ELF_PLATFORM;
26768 const char *k_base_platform = ELF_BASE_PLATFORM;
26769- unsigned char k_rand_bytes[16];
26770+ u32 k_rand_bytes[4];
26771 int items;
26772 elf_addr_t *elf_info;
26773 int ei_index = 0;
26774@@ -195,6 +206,10 @@ create_elf_tables(struct linux_binprm *b
26775 * Generate 16 random bytes for userspace PRNG seeding.
26776 */
26777 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
26778+ srandom32(k_rand_bytes[0] ^ random32());
26779+ srandom32(k_rand_bytes[1] ^ random32());
26780+ srandom32(k_rand_bytes[2] ^ random32());
26781+ srandom32(k_rand_bytes[3] ^ random32());
26782 u_rand_bytes = (elf_addr_t __user *)
26783 STACK_ALLOC(p, sizeof(k_rand_bytes));
26784 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
26785@@ -385,10 +400,10 @@ static unsigned long load_elf_interp(str
26786 {
26787 struct elf_phdr *elf_phdata;
26788 struct elf_phdr *eppnt;
26789- unsigned long load_addr = 0;
26790+ unsigned long load_addr = 0, pax_task_size = TASK_SIZE;
26791 int load_addr_set = 0;
26792 unsigned long last_bss = 0, elf_bss = 0;
26793- unsigned long error = ~0UL;
26794+ unsigned long error = -EINVAL;
26795 unsigned long total_size;
26796 int retval, i, size;
26797
26798@@ -434,6 +449,11 @@ static unsigned long load_elf_interp(str
26799 goto out_close;
26800 }
26801
26802+#ifdef CONFIG_PAX_SEGMEXEC
26803+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
26804+ pax_task_size = SEGMEXEC_TASK_SIZE;
26805+#endif
26806+
26807 eppnt = elf_phdata;
26808 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
26809 if (eppnt->p_type == PT_LOAD) {
26810@@ -477,8 +497,8 @@ static unsigned long load_elf_interp(str
26811 k = load_addr + eppnt->p_vaddr;
26812 if (BAD_ADDR(k) ||
26813 eppnt->p_filesz > eppnt->p_memsz ||
26814- eppnt->p_memsz > TASK_SIZE ||
26815- TASK_SIZE - eppnt->p_memsz < k) {
26816+ eppnt->p_memsz > pax_task_size ||
26817+ pax_task_size - eppnt->p_memsz < k) {
26818 error = -ENOMEM;
26819 goto out_close;
26820 }
26821@@ -532,6 +552,177 @@ out:
26822 return error;
26823 }
26824
26825+#if (defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)) && defined(CONFIG_PAX_SOFTMODE)
26826+static unsigned long pax_parse_softmode(const struct elf_phdr * const elf_phdata)
26827+{
26828+ unsigned long pax_flags = 0UL;
26829+
26830+#ifdef CONFIG_PAX_PAGEEXEC
26831+ if (elf_phdata->p_flags & PF_PAGEEXEC)
26832+ pax_flags |= MF_PAX_PAGEEXEC;
26833+#endif
26834+
26835+#ifdef CONFIG_PAX_SEGMEXEC
26836+ if (elf_phdata->p_flags & PF_SEGMEXEC)
26837+ pax_flags |= MF_PAX_SEGMEXEC;
26838+#endif
26839+
26840+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
26841+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
26842+ if (nx_enabled)
26843+ pax_flags &= ~MF_PAX_SEGMEXEC;
26844+ else
26845+ pax_flags &= ~MF_PAX_PAGEEXEC;
26846+ }
26847+#endif
26848+
26849+#ifdef CONFIG_PAX_EMUTRAMP
26850+ if (elf_phdata->p_flags & PF_EMUTRAMP)
26851+ pax_flags |= MF_PAX_EMUTRAMP;
26852+#endif
26853+
26854+#ifdef CONFIG_PAX_MPROTECT
26855+ if (elf_phdata->p_flags & PF_MPROTECT)
26856+ pax_flags |= MF_PAX_MPROTECT;
26857+#endif
26858+
26859+#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
26860+ if (randomize_va_space && (elf_phdata->p_flags & PF_RANDMMAP))
26861+ pax_flags |= MF_PAX_RANDMMAP;
26862+#endif
26863+
26864+ return pax_flags;
26865+}
26866+#endif
26867+
26868+#ifdef CONFIG_PAX_PT_PAX_FLAGS
26869+static unsigned long pax_parse_hardmode(const struct elf_phdr * const elf_phdata)
26870+{
26871+ unsigned long pax_flags = 0UL;
26872+
26873+#ifdef CONFIG_PAX_PAGEEXEC
26874+ if (!(elf_phdata->p_flags & PF_NOPAGEEXEC))
26875+ pax_flags |= MF_PAX_PAGEEXEC;
26876+#endif
26877+
26878+#ifdef CONFIG_PAX_SEGMEXEC
26879+ if (!(elf_phdata->p_flags & PF_NOSEGMEXEC))
26880+ pax_flags |= MF_PAX_SEGMEXEC;
26881+#endif
26882+
26883+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
26884+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
26885+ if (nx_enabled)
26886+ pax_flags &= ~MF_PAX_SEGMEXEC;
26887+ else
26888+ pax_flags &= ~MF_PAX_PAGEEXEC;
26889+ }
26890+#endif
26891+
26892+#ifdef CONFIG_PAX_EMUTRAMP
26893+ if (!(elf_phdata->p_flags & PF_NOEMUTRAMP))
26894+ pax_flags |= MF_PAX_EMUTRAMP;
26895+#endif
26896+
26897+#ifdef CONFIG_PAX_MPROTECT
26898+ if (!(elf_phdata->p_flags & PF_NOMPROTECT))
26899+ pax_flags |= MF_PAX_MPROTECT;
26900+#endif
26901+
26902+#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
26903+ if (randomize_va_space && !(elf_phdata->p_flags & PF_NORANDMMAP))
26904+ pax_flags |= MF_PAX_RANDMMAP;
26905+#endif
26906+
26907+ return pax_flags;
26908+}
26909+#endif
26910+
26911+#ifdef CONFIG_PAX_EI_PAX
26912+static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex)
26913+{
26914+ unsigned long pax_flags = 0UL;
26915+
26916+#ifdef CONFIG_PAX_PAGEEXEC
26917+ if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC))
26918+ pax_flags |= MF_PAX_PAGEEXEC;
26919+#endif
26920+
26921+#ifdef CONFIG_PAX_SEGMEXEC
26922+ if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_SEGMEXEC))
26923+ pax_flags |= MF_PAX_SEGMEXEC;
26924+#endif
26925+
26926+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
26927+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
26928+ if (nx_enabled)
26929+ pax_flags &= ~MF_PAX_SEGMEXEC;
26930+ else
26931+ pax_flags &= ~MF_PAX_PAGEEXEC;
26932+ }
26933+#endif
26934+
26935+#ifdef CONFIG_PAX_EMUTRAMP
26936+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && (elf_ex->e_ident[EI_PAX] & EF_PAX_EMUTRAMP))
26937+ pax_flags |= MF_PAX_EMUTRAMP;
26938+#endif
26939+
26940+#ifdef CONFIG_PAX_MPROTECT
26941+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && !(elf_ex->e_ident[EI_PAX] & EF_PAX_MPROTECT))
26942+ pax_flags |= MF_PAX_MPROTECT;
26943+#endif
26944+
26945+#ifdef CONFIG_PAX_ASLR
26946+ if (randomize_va_space && !(elf_ex->e_ident[EI_PAX] & EF_PAX_RANDMMAP))
26947+ pax_flags |= MF_PAX_RANDMMAP;
26948+#endif
26949+
26950+ return pax_flags;
26951+}
26952+#endif
26953+
26954+#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)
26955+static long pax_parse_elf_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata)
26956+{
26957+ unsigned long pax_flags = 0UL;
26958+
26959+#ifdef CONFIG_PAX_PT_PAX_FLAGS
26960+ unsigned long i;
26961+#endif
26962+
26963+#ifdef CONFIG_PAX_EI_PAX
26964+ pax_flags = pax_parse_ei_pax(elf_ex);
26965+#endif
26966+
26967+#ifdef CONFIG_PAX_PT_PAX_FLAGS
26968+ for (i = 0UL; i < elf_ex->e_phnum; i++)
26969+ if (elf_phdata[i].p_type == PT_PAX_FLAGS) {
26970+ if (((elf_phdata[i].p_flags & PF_PAGEEXEC) && (elf_phdata[i].p_flags & PF_NOPAGEEXEC)) ||
26971+ ((elf_phdata[i].p_flags & PF_SEGMEXEC) && (elf_phdata[i].p_flags & PF_NOSEGMEXEC)) ||
26972+ ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) ||
26973+ ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) ||
26974+ ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP)))
26975+ return -EINVAL;
26976+
26977+#ifdef CONFIG_PAX_SOFTMODE
26978+ if (pax_softmode)
26979+ pax_flags = pax_parse_softmode(&elf_phdata[i]);
26980+ else
26981+#endif
26982+
26983+ pax_flags = pax_parse_hardmode(&elf_phdata[i]);
26984+ break;
26985+ }
26986+#endif
26987+
26988+ if (0 > pax_check_flags(&pax_flags))
26989+ return -EINVAL;
26990+
26991+ current->mm->pax_flags = pax_flags;
26992+ return 0;
26993+}
26994+#endif
26995+
26996 /*
26997 * These are the functions used to load ELF style executables and shared
26998 * libraries. There is no binary dependent code anywhere else.
26999@@ -548,6 +739,11 @@ static unsigned long randomize_stack_top
27000 {
27001 unsigned int random_variable = 0;
27002
27003+#ifdef CONFIG_PAX_RANDUSTACK
27004+ if (randomize_va_space)
27005+ return stack_top - current->mm->delta_stack;
27006+#endif
27007+
27008 if ((current->flags & PF_RANDOMIZE) &&
27009 !(current->personality & ADDR_NO_RANDOMIZE)) {
27010 random_variable = get_random_int() & STACK_RND_MASK;
27011@@ -566,7 +762,7 @@ static int load_elf_binary(struct linux_
27012 unsigned long load_addr = 0, load_bias = 0;
27013 int load_addr_set = 0;
27014 char * elf_interpreter = NULL;
27015- unsigned long error;
27016+ unsigned long error = 0;
27017 struct elf_phdr *elf_ppnt, *elf_phdata;
27018 unsigned long elf_bss, elf_brk;
27019 int retval, i;
27020@@ -576,11 +772,11 @@ static int load_elf_binary(struct linux_
27021 unsigned long start_code, end_code, start_data, end_data;
27022 unsigned long reloc_func_desc = 0;
27023 int executable_stack = EXSTACK_DEFAULT;
27024- unsigned long def_flags = 0;
27025 struct {
27026 struct elfhdr elf_ex;
27027 struct elfhdr interp_elf_ex;
27028 } *loc;
27029+ unsigned long pax_task_size = TASK_SIZE;
27030
27031 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
27032 if (!loc) {
27033@@ -718,11 +914,80 @@ static int load_elf_binary(struct linux_
27034
27035 /* OK, This is the point of no return */
27036 current->flags &= ~PF_FORKNOEXEC;
27037- current->mm->def_flags = def_flags;
27038+
27039+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
27040+ current->mm->pax_flags = 0UL;
27041+#endif
27042+
27043+#ifdef CONFIG_PAX_DLRESOLVE
27044+ current->mm->call_dl_resolve = 0UL;
27045+#endif
27046+
27047+#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT)
27048+ current->mm->call_syscall = 0UL;
27049+#endif
27050+
27051+#ifdef CONFIG_PAX_ASLR
27052+ current->mm->delta_mmap = 0UL;
27053+ current->mm->delta_stack = 0UL;
27054+#endif
27055+
27056+ current->mm->def_flags = 0;
27057+
27058+#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)
27059+ if (0 > pax_parse_elf_flags(&loc->elf_ex, elf_phdata)) {
27060+ send_sig(SIGKILL, current, 0);
27061+ goto out_free_dentry;
27062+ }
27063+#endif
27064+
27065+#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
27066+ pax_set_initial_flags(bprm);
27067+#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS)
27068+ if (pax_set_initial_flags_func)
27069+ (pax_set_initial_flags_func)(bprm);
27070+#endif
27071+
27072+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
27073+ if ((current->mm->pax_flags & MF_PAX_PAGEEXEC) && !nx_enabled) {
27074+ current->mm->context.user_cs_limit = PAGE_SIZE;
27075+ current->mm->def_flags |= VM_PAGEEXEC;
27076+ }
27077+#endif
27078+
27079+#ifdef CONFIG_PAX_SEGMEXEC
27080+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
27081+ current->mm->context.user_cs_base = SEGMEXEC_TASK_SIZE;
27082+ current->mm->context.user_cs_limit = TASK_SIZE-SEGMEXEC_TASK_SIZE;
27083+ pax_task_size = SEGMEXEC_TASK_SIZE;
27084+ }
27085+#endif
27086+
27087+#if defined(CONFIG_ARCH_TRACK_EXEC_LIMIT) || defined(CONFIG_PAX_SEGMEXEC)
27088+ if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
27089+ set_user_cs(current->mm->context.user_cs_base, current->mm->context.user_cs_limit, get_cpu());
27090+ put_cpu();
27091+ }
27092+#endif
27093+
27094+#ifdef CONFIG_PAX_ASLR
27095+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
27096+ current->mm->delta_mmap = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN)-1)) << PAGE_SHIFT;
27097+ current->mm->delta_stack = (pax_get_random_long() & ((1UL << PAX_DELTA_STACK_LEN)-1)) << PAGE_SHIFT;
27098+ }
27099+#endif
27100
27101 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
27102 may depend on the personality. */
27103 SET_PERSONALITY(loc->elf_ex);
27104+
27105+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
27106+ if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
27107+ executable_stack = EXSTACK_DISABLE_X;
27108+ current->personality &= ~READ_IMPLIES_EXEC;
27109+ } else
27110+#endif
27111+
27112 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
27113 current->personality |= READ_IMPLIES_EXEC;
27114
27115@@ -804,6 +1069,20 @@ static int load_elf_binary(struct linux_
27116 #else
27117 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
27118 #endif
27119+
27120+#ifdef CONFIG_PAX_RANDMMAP
27121+ /* PaX: randomize base address at the default exe base if requested */
27122+ if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && elf_interpreter) {
27123+#ifdef CONFIG_SPARC64
27124+ load_bias = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << (PAGE_SHIFT+1);
27125+#else
27126+ load_bias = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << PAGE_SHIFT;
27127+#endif
27128+ load_bias = ELF_PAGESTART(PAX_ELF_ET_DYN_BASE - vaddr + load_bias);
27129+ elf_flags |= MAP_FIXED;
27130+ }
27131+#endif
27132+
27133 }
27134
27135 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
27136@@ -836,9 +1115,9 @@ static int load_elf_binary(struct linux_
27137 * allowed task size. Note that p_filesz must always be
27138 * <= p_memsz so it is only necessary to check p_memsz.
27139 */
27140- if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
27141- elf_ppnt->p_memsz > TASK_SIZE ||
27142- TASK_SIZE - elf_ppnt->p_memsz < k) {
27143+ if (k >= pax_task_size || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
27144+ elf_ppnt->p_memsz > pax_task_size ||
27145+ pax_task_size - elf_ppnt->p_memsz < k) {
27146 /* set_brk can never work. Avoid overflows. */
27147 send_sig(SIGKILL, current, 0);
27148 retval = -EINVAL;
27149@@ -866,6 +1145,11 @@ static int load_elf_binary(struct linux_
27150 start_data += load_bias;
27151 end_data += load_bias;
27152
27153+#ifdef CONFIG_PAX_RANDMMAP
27154+ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
27155+ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ~PAGE_MASK) << 4);
27156+#endif
27157+
27158 /* Calling set_brk effectively mmaps the pages that we need
27159 * for the bss and break sections. We must do this before
27160 * mapping in the interpreter, to make sure it doesn't wind
27161@@ -877,9 +1161,11 @@ static int load_elf_binary(struct linux_
27162 goto out_free_dentry;
27163 }
27164 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
27165- send_sig(SIGSEGV, current, 0);
27166- retval = -EFAULT; /* Nobody gets to see this, but.. */
27167- goto out_free_dentry;
27168+ /*
27169+ * This bss-zeroing can fail if the ELF
27170+ * file specifies odd protections. So
27171+ * we don't check the return value
27172+ */
27173 }
27174
27175 if (elf_interpreter) {
27176@@ -1112,8 +1398,10 @@ static int dump_seek(struct file *file,
27177 unsigned long n = off;
27178 if (n > PAGE_SIZE)
27179 n = PAGE_SIZE;
27180- if (!dump_write(file, buf, n))
27181+ if (!dump_write(file, buf, n)) {
27182+ free_page((unsigned long)buf);
27183 return 0;
27184+ }
27185 off -= n;
27186 }
27187 free_page((unsigned long)buf);
27188@@ -1125,7 +1413,7 @@ static int dump_seek(struct file *file,
27189 * Decide what to dump of a segment, part, all or none.
27190 */
27191 static unsigned long vma_dump_size(struct vm_area_struct *vma,
27192- unsigned long mm_flags)
27193+ unsigned long mm_flags, long signr)
27194 {
27195 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
27196
27197@@ -1159,7 +1447,7 @@ static unsigned long vma_dump_size(struc
27198 if (vma->vm_file == NULL)
27199 return 0;
27200
27201- if (FILTER(MAPPED_PRIVATE))
27202+ if (signr == SIGKILL || FILTER(MAPPED_PRIVATE))
27203 goto whole;
27204
27205 /*
27206@@ -1255,8 +1543,11 @@ static int writenote(struct memelfnote *
27207 #undef DUMP_WRITE
27208
27209 #define DUMP_WRITE(addr, nr) \
27210+ do { \
27211+ gr_learn_resource(current, RLIMIT_CORE, size + (nr), 1); \
27212 if ((size += (nr)) > limit || !dump_write(file, (addr), (nr))) \
27213- goto end_coredump;
27214+ goto end_coredump; \
27215+ } while (0);
27216
27217 static void fill_elf_header(struct elfhdr *elf, int segs,
27218 u16 machine, u32 flags, u8 osabi)
27219@@ -1385,9 +1676,9 @@ static void fill_auxv_note(struct memelf
27220 {
27221 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
27222 int i = 0;
27223- do
27224+ do {
27225 i += 2;
27226- while (auxv[i - 2] != AT_NULL);
27227+ } while (auxv[i - 2] != AT_NULL);
27228 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
27229 }
27230
27231@@ -1973,7 +2264,7 @@ static int elf_core_dump(long signr, str
27232 phdr.p_offset = offset;
27233 phdr.p_vaddr = vma->vm_start;
27234 phdr.p_paddr = 0;
27235- phdr.p_filesz = vma_dump_size(vma, mm_flags);
27236+ phdr.p_filesz = vma_dump_size(vma, mm_flags, signr);
27237 phdr.p_memsz = vma->vm_end - vma->vm_start;
27238 offset += phdr.p_filesz;
27239 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
27240@@ -2006,7 +2297,7 @@ static int elf_core_dump(long signr, str
27241 unsigned long addr;
27242 unsigned long end;
27243
27244- end = vma->vm_start + vma_dump_size(vma, mm_flags);
27245+ end = vma->vm_start + vma_dump_size(vma, mm_flags, signr);
27246
27247 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
27248 struct page *page;
27249@@ -2015,6 +2306,7 @@ static int elf_core_dump(long signr, str
27250 page = get_dump_page(addr);
27251 if (page) {
27252 void *kaddr = kmap(page);
27253+ gr_learn_resource(current, RLIMIT_CORE, size + PAGE_SIZE, 1);
27254 stop = ((size += PAGE_SIZE) > limit) ||
27255 !dump_write(file, kaddr, PAGE_SIZE);
27256 kunmap(page);
27257@@ -2042,6 +2334,97 @@ out:
27258
27259 #endif /* USE_ELF_CORE_DUMP */
27260
27261+#ifdef CONFIG_PAX_MPROTECT
27262+/* PaX: non-PIC ELF libraries need relocations on their executable segments
27263+ * therefore we'll grant them VM_MAYWRITE once during their life. Similarly
27264+ * we'll remove VM_MAYWRITE for good on RELRO segments.
27265+ *
27266+ * The checks favour ld-linux.so behaviour which operates on a per ELF segment
27267+ * basis because we want to allow the common case and not the special ones.
27268+ */
27269+static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags)
27270+{
27271+ struct elfhdr elf_h;
27272+ struct elf_phdr elf_p;
27273+ unsigned long i;
27274+ unsigned long oldflags;
27275+ bool is_textrel_rw, is_textrel_rx, is_relro;
27276+
27277+ if (!(vma->vm_mm->pax_flags & MF_PAX_MPROTECT))
27278+ return;
27279+
27280+ oldflags = vma->vm_flags & (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ);
27281+ newflags &= VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ;
27282+
27283+#ifdef CONFIG_PAX_NOELFRELOCS
27284+ is_textrel_rw = false;
27285+ is_textrel_rx = false;
27286+#else
27287+ /* possible TEXTREL */
27288+ is_textrel_rw = vma->vm_file && !vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYREAD | VM_EXEC | VM_READ) && newflags == (VM_WRITE | VM_READ);
27289+ is_textrel_rx = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_WRITE | VM_READ) && newflags == (VM_EXEC | VM_READ);
27290+#endif
27291+
27292+ /* possible RELRO */
27293+ is_relro = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ) && newflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ);
27294+
27295+ if (!is_textrel_rw && !is_textrel_rx && !is_relro)
27296+ return;
27297+
27298+ if (sizeof(elf_h) != kernel_read(vma->vm_file, 0UL, (char *)&elf_h, sizeof(elf_h)) ||
27299+ memcmp(elf_h.e_ident, ELFMAG, SELFMAG) ||
27300+
27301+#ifdef CONFIG_PAX_ETEXECRELOCS
27302+ ((is_textrel_rw || is_textrel_rx) && (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC)) ||
27303+#else
27304+ ((is_textrel_rw || is_textrel_rx) && elf_h.e_type != ET_DYN) ||
27305+#endif
27306+
27307+ (is_relro && (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC)) ||
27308+ !elf_check_arch(&elf_h) ||
27309+ elf_h.e_phentsize != sizeof(struct elf_phdr) ||
27310+ elf_h.e_phnum > 65536UL / sizeof(struct elf_phdr))
27311+ return;
27312+
27313+ for (i = 0UL; i < elf_h.e_phnum; i++) {
27314+ if (sizeof(elf_p) != kernel_read(vma->vm_file, elf_h.e_phoff + i*sizeof(elf_p), (char *)&elf_p, sizeof(elf_p)))
27315+ return;
27316+ switch (elf_p.p_type) {
27317+ case PT_DYNAMIC:
27318+ if (!is_textrel_rw && !is_textrel_rx)
27319+ continue;
27320+ i = 0UL;
27321+ while ((i+1) * sizeof(elf_dyn) <= elf_p.p_filesz) {
27322+ elf_dyn dyn;
27323+
27324+ if (sizeof(dyn) != kernel_read(vma->vm_file, elf_p.p_offset + i*sizeof(dyn), (char *)&dyn, sizeof(dyn)))
27325+ return;
27326+ if (dyn.d_tag == DT_NULL)
27327+ return;
27328+ if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) {
27329+ gr_log_textrel(vma);
27330+ if (is_textrel_rw)
27331+ vma->vm_flags |= VM_MAYWRITE;
27332+ else
27333+ /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */
27334+ vma->vm_flags &= ~VM_MAYWRITE;
27335+ return;
27336+ }
27337+ i++;
27338+ }
27339+ return;
27340+
27341+ case PT_GNU_RELRO:
27342+ if (!is_relro)
27343+ continue;
27344+ if ((elf_p.p_offset >> PAGE_SHIFT) == vma->vm_pgoff && ELF_PAGEALIGN(elf_p.p_memsz) == vma->vm_end - vma->vm_start)
27345+ vma->vm_flags &= ~VM_MAYWRITE;
27346+ return;
27347+ }
27348+ }
27349+}
27350+#endif
27351+
27352 static int __init init_elf_binfmt(void)
27353 {
27354 return register_binfmt(&elf_format);
27355diff -urNp linux-2.6.32.8/fs/binfmt_flat.c linux-2.6.32.8/fs/binfmt_flat.c
27356--- linux-2.6.32.8/fs/binfmt_flat.c 2010-02-09 07:57:19.000000000 -0500
27357+++ linux-2.6.32.8/fs/binfmt_flat.c 2010-02-13 21:45:10.638995106 -0500
27358@@ -564,7 +564,9 @@ static int load_flat_file(struct linux_b
27359 realdatastart = (unsigned long) -ENOMEM;
27360 printk("Unable to allocate RAM for process data, errno %d\n",
27361 (int)-realdatastart);
27362+ down_write(&current->mm->mmap_sem);
27363 do_munmap(current->mm, textpos, text_len);
27364+ up_write(&current->mm->mmap_sem);
27365 ret = realdatastart;
27366 goto err;
27367 }
27368@@ -588,8 +590,10 @@ static int load_flat_file(struct linux_b
27369 }
27370 if (IS_ERR_VALUE(result)) {
27371 printk("Unable to read data+bss, errno %d\n", (int)-result);
27372+ down_write(&current->mm->mmap_sem);
27373 do_munmap(current->mm, textpos, text_len);
27374 do_munmap(current->mm, realdatastart, data_len + extra);
27375+ up_write(&current->mm->mmap_sem);
27376 ret = result;
27377 goto err;
27378 }
27379@@ -658,8 +662,10 @@ static int load_flat_file(struct linux_b
27380 }
27381 if (IS_ERR_VALUE(result)) {
27382 printk("Unable to read code+data+bss, errno %d\n",(int)-result);
27383+ down_write(&current->mm->mmap_sem);
27384 do_munmap(current->mm, textpos, text_len + data_len + extra +
27385 MAX_SHARED_LIBS * sizeof(unsigned long));
27386+ up_write(&current->mm->mmap_sem);
27387 ret = result;
27388 goto err;
27389 }
27390diff -urNp linux-2.6.32.8/fs/binfmt_misc.c linux-2.6.32.8/fs/binfmt_misc.c
27391--- linux-2.6.32.8/fs/binfmt_misc.c 2010-02-09 07:57:19.000000000 -0500
27392+++ linux-2.6.32.8/fs/binfmt_misc.c 2010-02-13 21:45:10.638995106 -0500
27393@@ -693,7 +693,7 @@ static int bm_fill_super(struct super_bl
27394 static struct tree_descr bm_files[] = {
27395 [2] = {"status", &bm_status_operations, S_IWUSR|S_IRUGO},
27396 [3] = {"register", &bm_register_operations, S_IWUSR},
27397- /* last one */ {""}
27398+ /* last one */ {"", NULL, 0}
27399 };
27400 int err = simple_fill_super(sb, 0x42494e4d, bm_files);
27401 if (!err)
27402diff -urNp linux-2.6.32.8/fs/bio.c linux-2.6.32.8/fs/bio.c
27403--- linux-2.6.32.8/fs/bio.c 2010-02-09 07:57:19.000000000 -0500
27404+++ linux-2.6.32.8/fs/bio.c 2010-02-13 21:45:10.639989586 -0500
27405@@ -78,7 +78,7 @@ static struct kmem_cache *bio_find_or_cr
27406
27407 i = 0;
27408 while (i < bio_slab_nr) {
27409- struct bio_slab *bslab = &bio_slabs[i];
27410+ bslab = &bio_slabs[i];
27411
27412 if (!bslab->slab && entry == -1)
27413 entry = i;
27414@@ -1217,7 +1217,7 @@ static void bio_copy_kern_endio(struct b
27415 const int read = bio_data_dir(bio) == READ;
27416 struct bio_map_data *bmd = bio->bi_private;
27417 int i;
27418- char *p = bmd->sgvecs[0].iov_base;
27419+ char *p = (__force char *)bmd->sgvecs[0].iov_base;
27420
27421 __bio_for_each_segment(bvec, bio, i, 0) {
27422 char *addr = page_address(bvec->bv_page);
27423diff -urNp linux-2.6.32.8/fs/btrfs/ctree.c linux-2.6.32.8/fs/btrfs/ctree.c
27424--- linux-2.6.32.8/fs/btrfs/ctree.c 2010-02-09 07:57:19.000000000 -0500
27425+++ linux-2.6.32.8/fs/btrfs/ctree.c 2010-02-13 21:45:10.639989586 -0500
27426@@ -3568,7 +3568,6 @@ setup_items_for_insert(struct btrfs_tran
27427
27428 ret = 0;
27429 if (slot == 0) {
27430- struct btrfs_disk_key disk_key;
27431 btrfs_cpu_key_to_disk(&disk_key, cpu_key);
27432 ret = fixup_low_keys(trans, root, path, &disk_key, 1);
27433 }
27434diff -urNp linux-2.6.32.8/fs/btrfs/disk-io.c linux-2.6.32.8/fs/btrfs/disk-io.c
27435--- linux-2.6.32.8/fs/btrfs/disk-io.c 2010-02-09 07:57:19.000000000 -0500
27436+++ linux-2.6.32.8/fs/btrfs/disk-io.c 2010-02-13 21:45:10.640989847 -0500
27437@@ -39,7 +39,7 @@
27438 #include "tree-log.h"
27439 #include "free-space-cache.h"
27440
27441-static struct extent_io_ops btree_extent_io_ops;
27442+static const struct extent_io_ops btree_extent_io_ops;
27443 static void end_workqueue_fn(struct btrfs_work *work);
27444 static void free_fs_root(struct btrfs_root *root);
27445
27446@@ -2585,7 +2585,7 @@ out:
27447 return 0;
27448 }
27449
27450-static struct extent_io_ops btree_extent_io_ops = {
27451+static const struct extent_io_ops btree_extent_io_ops = {
27452 .write_cache_pages_lock_hook = btree_lock_page_hook,
27453 .readpage_end_io_hook = btree_readpage_end_io_hook,
27454 .submit_bio_hook = btree_submit_bio_hook,
27455diff -urNp linux-2.6.32.8/fs/btrfs/extent_io.h linux-2.6.32.8/fs/btrfs/extent_io.h
27456--- linux-2.6.32.8/fs/btrfs/extent_io.h 2010-02-09 07:57:19.000000000 -0500
27457+++ linux-2.6.32.8/fs/btrfs/extent_io.h 2010-02-13 21:45:10.640989847 -0500
27458@@ -49,36 +49,36 @@ typedef int (extent_submit_bio_hook_t)(s
27459 struct bio *bio, int mirror_num,
27460 unsigned long bio_flags);
27461 struct extent_io_ops {
27462- int (*fill_delalloc)(struct inode *inode, struct page *locked_page,
27463+ int (* const fill_delalloc)(struct inode *inode, struct page *locked_page,
27464 u64 start, u64 end, int *page_started,
27465 unsigned long *nr_written);
27466- int (*writepage_start_hook)(struct page *page, u64 start, u64 end);
27467- int (*writepage_io_hook)(struct page *page, u64 start, u64 end);
27468+ int (* const writepage_start_hook)(struct page *page, u64 start, u64 end);
27469+ int (* const writepage_io_hook)(struct page *page, u64 start, u64 end);
27470 extent_submit_bio_hook_t *submit_bio_hook;
27471- int (*merge_bio_hook)(struct page *page, unsigned long offset,
27472+ int (* const merge_bio_hook)(struct page *page, unsigned long offset,
27473 size_t size, struct bio *bio,
27474 unsigned long bio_flags);
27475- int (*readpage_io_hook)(struct page *page, u64 start, u64 end);
27476- int (*readpage_io_failed_hook)(struct bio *bio, struct page *page,
27477+ int (* const readpage_io_hook)(struct page *page, u64 start, u64 end);
27478+ int (* const readpage_io_failed_hook)(struct bio *bio, struct page *page,
27479 u64 start, u64 end,
27480 struct extent_state *state);
27481- int (*writepage_io_failed_hook)(struct bio *bio, struct page *page,
27482+ int (* const writepage_io_failed_hook)(struct bio *bio, struct page *page,
27483 u64 start, u64 end,
27484 struct extent_state *state);
27485- int (*readpage_end_io_hook)(struct page *page, u64 start, u64 end,
27486+ int (* const readpage_end_io_hook)(struct page *page, u64 start, u64 end,
27487 struct extent_state *state);
27488- int (*writepage_end_io_hook)(struct page *page, u64 start, u64 end,
27489+ int (* const writepage_end_io_hook)(struct page *page, u64 start, u64 end,
27490 struct extent_state *state, int uptodate);
27491- int (*set_bit_hook)(struct inode *inode, u64 start, u64 end,
27492+ int (* const set_bit_hook)(struct inode *inode, u64 start, u64 end,
27493 unsigned long old, unsigned long bits);
27494- int (*clear_bit_hook)(struct inode *inode, struct extent_state *state,
27495+ int (* const clear_bit_hook)(struct inode *inode, struct extent_state *state,
27496 unsigned long bits);
27497- int (*merge_extent_hook)(struct inode *inode,
27498+ int (* const merge_extent_hook)(struct inode *inode,
27499 struct extent_state *new,
27500 struct extent_state *other);
27501- int (*split_extent_hook)(struct inode *inode,
27502+ int (* const split_extent_hook)(struct inode *inode,
27503 struct extent_state *orig, u64 split);
27504- int (*write_cache_pages_lock_hook)(struct page *page);
27505+ int (* const write_cache_pages_lock_hook)(struct page *page);
27506 };
27507
27508 struct extent_io_tree {
27509@@ -88,7 +88,7 @@ struct extent_io_tree {
27510 u64 dirty_bytes;
27511 spinlock_t lock;
27512 spinlock_t buffer_lock;
27513- struct extent_io_ops *ops;
27514+ const struct extent_io_ops *ops;
27515 };
27516
27517 struct extent_state {
27518diff -urNp linux-2.6.32.8/fs/btrfs/free-space-cache.c linux-2.6.32.8/fs/btrfs/free-space-cache.c
27519--- linux-2.6.32.8/fs/btrfs/free-space-cache.c 2010-02-09 07:57:19.000000000 -0500
27520+++ linux-2.6.32.8/fs/btrfs/free-space-cache.c 2010-02-13 21:45:10.641726018 -0500
27521@@ -1074,8 +1074,6 @@ u64 btrfs_alloc_from_cluster(struct btrf
27522
27523 while(1) {
27524 if (entry->bytes < bytes || entry->offset < min_start) {
27525- struct rb_node *node;
27526-
27527 node = rb_next(&entry->offset_index);
27528 if (!node)
27529 break;
27530@@ -1226,7 +1224,7 @@ again:
27531 */
27532 while (entry->bitmap || found_bitmap ||
27533 (!entry->bitmap && entry->bytes < min_bytes)) {
27534- struct rb_node *node = rb_next(&entry->offset_index);
27535+ node = rb_next(&entry->offset_index);
27536
27537 if (entry->bitmap && entry->bytes > bytes + empty_size) {
27538 ret = btrfs_bitmap_cluster(block_group, entry, cluster,
27539diff -urNp linux-2.6.32.8/fs/btrfs/inode.c linux-2.6.32.8/fs/btrfs/inode.c
27540--- linux-2.6.32.8/fs/btrfs/inode.c 2010-02-09 07:57:19.000000000 -0500
27541+++ linux-2.6.32.8/fs/btrfs/inode.c 2010-02-13 21:45:10.641726018 -0500
27542@@ -63,7 +63,7 @@ static const struct inode_operations btr
27543 static const struct address_space_operations btrfs_aops;
27544 static const struct address_space_operations btrfs_symlink_aops;
27545 static const struct file_operations btrfs_dir_file_operations;
27546-static struct extent_io_ops btrfs_extent_io_ops;
27547+static const struct extent_io_ops btrfs_extent_io_ops;
27548
27549 static struct kmem_cache *btrfs_inode_cachep;
27550 struct kmem_cache *btrfs_trans_handle_cachep;
27551@@ -5854,7 +5854,7 @@ static const struct file_operations btrf
27552 .fsync = btrfs_sync_file,
27553 };
27554
27555-static struct extent_io_ops btrfs_extent_io_ops = {
27556+static const struct extent_io_ops btrfs_extent_io_ops = {
27557 .fill_delalloc = run_delalloc_range,
27558 .submit_bio_hook = btrfs_submit_bio_hook,
27559 .merge_bio_hook = btrfs_merge_bio_hook,
27560diff -urNp linux-2.6.32.8/fs/btrfs/sysfs.c linux-2.6.32.8/fs/btrfs/sysfs.c
27561--- linux-2.6.32.8/fs/btrfs/sysfs.c 2010-02-09 07:57:19.000000000 -0500
27562+++ linux-2.6.32.8/fs/btrfs/sysfs.c 2010-02-13 21:45:10.642985738 -0500
27563@@ -164,12 +164,12 @@ static void btrfs_root_release(struct ko
27564 complete(&root->kobj_unregister);
27565 }
27566
27567-static struct sysfs_ops btrfs_super_attr_ops = {
27568+static const struct sysfs_ops btrfs_super_attr_ops = {
27569 .show = btrfs_super_attr_show,
27570 .store = btrfs_super_attr_store,
27571 };
27572
27573-static struct sysfs_ops btrfs_root_attr_ops = {
27574+static const struct sysfs_ops btrfs_root_attr_ops = {
27575 .show = btrfs_root_attr_show,
27576 .store = btrfs_root_attr_store,
27577 };
27578diff -urNp linux-2.6.32.8/fs/buffer.c linux-2.6.32.8/fs/buffer.c
27579--- linux-2.6.32.8/fs/buffer.c 2010-02-09 07:57:19.000000000 -0500
27580+++ linux-2.6.32.8/fs/buffer.c 2010-02-13 21:45:10.642985738 -0500
27581@@ -25,6 +25,7 @@
27582 #include <linux/percpu.h>
27583 #include <linux/slab.h>
27584 #include <linux/capability.h>
27585+#include <linux/security.h>
27586 #include <linux/blkdev.h>
27587 #include <linux/file.h>
27588 #include <linux/quotaops.h>
27589diff -urNp linux-2.6.32.8/fs/cachefiles/rdwr.c linux-2.6.32.8/fs/cachefiles/rdwr.c
27590--- linux-2.6.32.8/fs/cachefiles/rdwr.c 2010-02-09 07:57:19.000000000 -0500
27591+++ linux-2.6.32.8/fs/cachefiles/rdwr.c 2010-02-13 21:45:10.643871834 -0500
27592@@ -946,7 +946,7 @@ int cachefiles_write_page(struct fscache
27593 old_fs = get_fs();
27594 set_fs(KERNEL_DS);
27595 ret = file->f_op->write(
27596- file, (const void __user *) data, len, &pos);
27597+ file, (__force const void __user *) data, len, &pos);
27598 set_fs(old_fs);
27599 kunmap(page);
27600 if (ret != len)
27601diff -urNp linux-2.6.32.8/fs/cifs/cifs_uniupr.h linux-2.6.32.8/fs/cifs/cifs_uniupr.h
27602--- linux-2.6.32.8/fs/cifs/cifs_uniupr.h 2010-02-09 07:57:19.000000000 -0500
27603+++ linux-2.6.32.8/fs/cifs/cifs_uniupr.h 2010-02-13 21:45:10.643871834 -0500
27604@@ -132,7 +132,7 @@ const struct UniCaseRange CifsUniUpperRa
27605 {0x0490, 0x04cc, UniCaseRangeU0490},
27606 {0x1e00, 0x1ffc, UniCaseRangeU1e00},
27607 {0xff40, 0xff5a, UniCaseRangeUff40},
27608- {0}
27609+ {0, 0, NULL}
27610 };
27611 #endif
27612
27613diff -urNp linux-2.6.32.8/fs/cifs/link.c linux-2.6.32.8/fs/cifs/link.c
27614--- linux-2.6.32.8/fs/cifs/link.c 2010-02-09 07:57:19.000000000 -0500
27615+++ linux-2.6.32.8/fs/cifs/link.c 2010-02-13 21:45:10.643871834 -0500
27616@@ -215,7 +215,7 @@ cifs_symlink(struct inode *inode, struct
27617
27618 void cifs_put_link(struct dentry *direntry, struct nameidata *nd, void *cookie)
27619 {
27620- char *p = nd_get_link(nd);
27621+ const char *p = nd_get_link(nd);
27622 if (!IS_ERR(p))
27623 kfree(p);
27624 }
27625diff -urNp linux-2.6.32.8/fs/compat_binfmt_elf.c linux-2.6.32.8/fs/compat_binfmt_elf.c
27626--- linux-2.6.32.8/fs/compat_binfmt_elf.c 2010-02-09 07:57:19.000000000 -0500
27627+++ linux-2.6.32.8/fs/compat_binfmt_elf.c 2010-02-13 21:45:10.644552131 -0500
27628@@ -29,10 +29,12 @@
27629 #undef elfhdr
27630 #undef elf_phdr
27631 #undef elf_note
27632+#undef elf_dyn
27633 #undef elf_addr_t
27634 #define elfhdr elf32_hdr
27635 #define elf_phdr elf32_phdr
27636 #define elf_note elf32_note
27637+#define elf_dyn Elf32_Dyn
27638 #define elf_addr_t Elf32_Addr
27639
27640 /*
27641diff -urNp linux-2.6.32.8/fs/compat.c linux-2.6.32.8/fs/compat.c
27642--- linux-2.6.32.8/fs/compat.c 2010-02-09 07:57:19.000000000 -0500
27643+++ linux-2.6.32.8/fs/compat.c 2010-02-13 21:45:10.644552131 -0500
27644@@ -1410,14 +1410,12 @@ static int compat_copy_strings(int argc,
27645 if (!kmapped_page || kpos != (pos & PAGE_MASK)) {
27646 struct page *page;
27647
27648-#ifdef CONFIG_STACK_GROWSUP
27649 ret = expand_stack_downwards(bprm->vma, pos);
27650 if (ret < 0) {
27651 /* We've exceed the stack rlimit. */
27652 ret = -E2BIG;
27653 goto out;
27654 }
27655-#endif
27656 ret = get_user_pages(current, bprm->mm, pos,
27657 1, 1, 1, &page, NULL);
27658 if (ret <= 0) {
27659@@ -1463,6 +1461,11 @@ int compat_do_execve(char * filename,
27660 compat_uptr_t __user *envp,
27661 struct pt_regs * regs)
27662 {
27663+#ifdef CONFIG_GRKERNSEC
27664+ struct file *old_exec_file;
27665+ struct acl_subject_label *old_acl;
27666+ struct rlimit old_rlim[RLIM_NLIMITS];
27667+#endif
27668 struct linux_binprm *bprm;
27669 struct file *file;
27670 struct files_struct *displaced;
27671@@ -1499,6 +1502,14 @@ int compat_do_execve(char * filename,
27672 bprm->filename = filename;
27673 bprm->interp = filename;
27674
27675+ gr_learn_resource(current, RLIMIT_NPROC, atomic_read(&current->cred->user->processes), 1);
27676+ retval = -EAGAIN;
27677+ if (gr_handle_nproc())
27678+ goto out_file;
27679+ retval = -EACCES;
27680+ if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt))
27681+ goto out_file;
27682+
27683 retval = bprm_mm_init(bprm);
27684 if (retval)
27685 goto out_file;
27686@@ -1528,9 +1539,40 @@ int compat_do_execve(char * filename,
27687 if (retval < 0)
27688 goto out;
27689
27690+ if (!gr_tpe_allow(file)) {
27691+ retval = -EACCES;
27692+ goto out;
27693+ }
27694+
27695+ if (gr_check_crash_exec(file)) {
27696+ retval = -EACCES;
27697+ goto out;
27698+ }
27699+
27700+ gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
27701+
27702+ gr_handle_exec_args(bprm, (char __user * __user *)argv);
27703+
27704+#ifdef CONFIG_GRKERNSEC
27705+ old_acl = current->acl;
27706+ memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim));
27707+ old_exec_file = current->exec_file;
27708+ get_file(file);
27709+ current->exec_file = file;
27710+#endif
27711+
27712+ retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt,
27713+ bprm->unsafe & LSM_UNSAFE_SHARE);
27714+ if (retval < 0)
27715+ goto out_fail;
27716+
27717 retval = search_binary_handler(bprm, regs);
27718 if (retval < 0)
27719- goto out;
27720+ goto out_fail;
27721+#ifdef CONFIG_GRKERNSEC
27722+ if (old_exec_file)
27723+ fput(old_exec_file);
27724+#endif
27725
27726 current->stack_start = current->mm->start_stack;
27727
27728@@ -1543,6 +1585,14 @@ int compat_do_execve(char * filename,
27729 put_files_struct(displaced);
27730 return retval;
27731
27732+out_fail:
27733+#ifdef CONFIG_GRKERNSEC
27734+ current->acl = old_acl;
27735+ memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim));
27736+ fput(current->exec_file);
27737+ current->exec_file = old_exec_file;
27738+#endif
27739+
27740 out:
27741 if (bprm->mm)
27742 mmput(bprm->mm);
27743diff -urNp linux-2.6.32.8/fs/compat_ioctl.c linux-2.6.32.8/fs/compat_ioctl.c
27744--- linux-2.6.32.8/fs/compat_ioctl.c 2010-02-09 07:57:19.000000000 -0500
27745+++ linux-2.6.32.8/fs/compat_ioctl.c 2010-02-13 21:45:10.645620829 -0500
27746@@ -1827,15 +1827,15 @@ struct ioctl_trans {
27747 };
27748
27749 #define HANDLE_IOCTL(cmd,handler) \
27750- { (cmd), (ioctl_trans_handler_t)(handler) },
27751+ { (cmd), (ioctl_trans_handler_t)(handler), NULL },
27752
27753 /* pointer to compatible structure or no argument */
27754 #define COMPATIBLE_IOCTL(cmd) \
27755- { (cmd), do_ioctl32_pointer },
27756+ { (cmd), do_ioctl32_pointer, NULL },
27757
27758 /* argument is an unsigned long integer, not a pointer */
27759 #define ULONG_IOCTL(cmd) \
27760- { (cmd), (ioctl_trans_handler_t)sys_ioctl },
27761+ { (cmd), (ioctl_trans_handler_t)sys_ioctl, NULL },
27762
27763 /* ioctl should not be warned about even if it's not implemented.
27764 Valid reasons to use this:
27765diff -urNp linux-2.6.32.8/fs/debugfs/inode.c linux-2.6.32.8/fs/debugfs/inode.c
27766--- linux-2.6.32.8/fs/debugfs/inode.c 2010-02-09 07:57:19.000000000 -0500
27767+++ linux-2.6.32.8/fs/debugfs/inode.c 2010-02-13 21:45:10.645620829 -0500
27768@@ -128,7 +128,7 @@ static inline int debugfs_positive(struc
27769
27770 static int debug_fill_super(struct super_block *sb, void *data, int silent)
27771 {
27772- static struct tree_descr debug_files[] = {{""}};
27773+ static struct tree_descr debug_files[] = {{"", NULL, 0}};
27774
27775 return simple_fill_super(sb, DEBUGFS_MAGIC, debug_files);
27776 }
27777diff -urNp linux-2.6.32.8/fs/dlm/lockspace.c linux-2.6.32.8/fs/dlm/lockspace.c
27778--- linux-2.6.32.8/fs/dlm/lockspace.c 2010-02-09 07:57:19.000000000 -0500
27779+++ linux-2.6.32.8/fs/dlm/lockspace.c 2010-02-13 21:45:10.645620829 -0500
27780@@ -148,7 +148,7 @@ static void lockspace_kobj_release(struc
27781 kfree(ls);
27782 }
27783
27784-static struct sysfs_ops dlm_attr_ops = {
27785+static const struct sysfs_ops dlm_attr_ops = {
27786 .show = dlm_attr_show,
27787 .store = dlm_attr_store,
27788 };
27789diff -urNp linux-2.6.32.8/fs/ecryptfs/inode.c linux-2.6.32.8/fs/ecryptfs/inode.c
27790--- linux-2.6.32.8/fs/ecryptfs/inode.c 2010-02-09 07:57:19.000000000 -0500
27791+++ linux-2.6.32.8/fs/ecryptfs/inode.c 2010-02-13 21:45:10.645620829 -0500
27792@@ -676,7 +676,7 @@ ecryptfs_readlink(struct dentry *dentry,
27793 old_fs = get_fs();
27794 set_fs(get_ds());
27795 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
27796- (char __user *)lower_buf,
27797+ (__force char __user *)lower_buf,
27798 lower_bufsiz);
27799 set_fs(old_fs);
27800 if (rc >= 0) {
27801@@ -720,7 +720,7 @@ static void *ecryptfs_follow_link(struct
27802 }
27803 old_fs = get_fs();
27804 set_fs(get_ds());
27805- rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
27806+ rc = dentry->d_inode->i_op->readlink(dentry, (__force char __user *)buf, len);
27807 set_fs(old_fs);
27808 if (rc < 0)
27809 goto out_free;
27810diff -urNp linux-2.6.32.8/fs/exec.c linux-2.6.32.8/fs/exec.c
27811--- linux-2.6.32.8/fs/exec.c 2010-02-09 07:57:19.000000000 -0500
27812+++ linux-2.6.32.8/fs/exec.c 2010-02-13 21:45:10.668537553 -0500
27813@@ -56,12 +56,24 @@
27814 #include <linux/fsnotify.h>
27815 #include <linux/fs_struct.h>
27816 #include <linux/pipe_fs_i.h>
27817+#include <linux/random.h>
27818+#include <linux/seq_file.h>
27819+
27820+#ifdef CONFIG_PAX_REFCOUNT
27821+#include <linux/kallsyms.h>
27822+#include <linux/kdebug.h>
27823+#endif
27824
27825 #include <asm/uaccess.h>
27826 #include <asm/mmu_context.h>
27827 #include <asm/tlb.h>
27828 #include "internal.h"
27829
27830+#ifdef CONFIG_PAX_HOOK_ACL_FLAGS
27831+void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
27832+EXPORT_SYMBOL(pax_set_initial_flags_func);
27833+#endif
27834+
27835 int core_uses_pid;
27836 char core_pattern[CORENAME_MAX_SIZE] = "core";
27837 unsigned int core_pipe_limit;
27838@@ -115,7 +127,7 @@ SYSCALL_DEFINE1(uselib, const char __use
27839 goto out;
27840
27841 file = do_filp_open(AT_FDCWD, tmp,
27842- O_LARGEFILE | O_RDONLY | FMODE_EXEC, 0,
27843+ O_LARGEFILE | O_RDONLY | FMODE_EXEC | FMODE_GREXEC, 0,
27844 MAY_READ | MAY_EXEC | MAY_OPEN);
27845 putname(tmp);
27846 error = PTR_ERR(file);
27847@@ -163,18 +175,10 @@ static struct page *get_arg_page(struct
27848 int write)
27849 {
27850 struct page *page;
27851- int ret;
27852
27853-#ifdef CONFIG_STACK_GROWSUP
27854- if (write) {
27855- ret = expand_stack_downwards(bprm->vma, pos);
27856- if (ret < 0)
27857- return NULL;
27858- }
27859-#endif
27860- ret = get_user_pages(current, bprm->mm, pos,
27861- 1, write, 1, &page, NULL);
27862- if (ret <= 0)
27863+ if (0 > expand_stack_downwards(bprm->vma, pos))
27864+ return NULL;
27865+ if (0 >= get_user_pages(current, bprm->mm, pos, 1, write, 1, &page, NULL))
27866 return NULL;
27867
27868 if (write) {
27869@@ -246,6 +250,11 @@ static int __bprm_mm_init(struct linux_b
27870 vma->vm_end = STACK_TOP_MAX;
27871 vma->vm_start = vma->vm_end - PAGE_SIZE;
27872 vma->vm_flags = VM_STACK_FLAGS;
27873+
27874+#ifdef CONFIG_PAX_SEGMEXEC
27875+ vma->vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
27876+#endif
27877+
27878 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
27879 err = insert_vm_struct(mm, vma);
27880 if (err)
27881@@ -254,6 +263,12 @@ static int __bprm_mm_init(struct linux_b
27882 mm->stack_vm = mm->total_vm = 1;
27883 up_write(&mm->mmap_sem);
27884 bprm->p = vma->vm_end - sizeof(void *);
27885+
27886+#ifdef CONFIG_PAX_RANDUSTACK
27887+ if (randomize_va_space)
27888+ bprm->p ^= (pax_get_random_long() & ~15) & ~PAGE_MASK;
27889+#endif
27890+
27891 return 0;
27892 err:
27893 up_write(&mm->mmap_sem);
27894@@ -475,7 +490,7 @@ int copy_strings_kernel(int argc,char **
27895 int r;
27896 mm_segment_t oldfs = get_fs();
27897 set_fs(KERNEL_DS);
27898- r = copy_strings(argc, (char __user * __user *)argv, bprm);
27899+ r = copy_strings(argc, (__force char __user * __user *)argv, bprm);
27900 set_fs(oldfs);
27901 return r;
27902 }
27903@@ -505,7 +520,8 @@ static int shift_arg_pages(struct vm_are
27904 unsigned long new_end = old_end - shift;
27905 struct mmu_gather *tlb;
27906
27907- BUG_ON(new_start > new_end);
27908+ if (new_start >= new_end || new_start < mmap_min_addr)
27909+ return -EFAULT;
27910
27911 /*
27912 * ensure there are no vmas between where we want to go
27913@@ -514,6 +530,10 @@ static int shift_arg_pages(struct vm_are
27914 if (vma != find_vma(mm, new_start))
27915 return -EFAULT;
27916
27917+#ifdef CONFIG_PAX_SEGMEXEC
27918+ BUG_ON(pax_find_mirror_vma(vma));
27919+#endif
27920+
27921 /*
27922 * cover the whole range: [new_start, old_end)
27923 */
27924@@ -602,6 +622,14 @@ int setup_arg_pages(struct linux_binprm
27925 bprm->exec -= stack_shift;
27926
27927 down_write(&mm->mmap_sem);
27928+
27929+ /* Move stack pages down in memory. */
27930+ if (stack_shift) {
27931+ ret = shift_arg_pages(vma, stack_shift);
27932+ if (ret)
27933+ goto out_unlock;
27934+ }
27935+
27936 vm_flags = VM_STACK_FLAGS;
27937
27938 /*
27939@@ -615,19 +643,24 @@ int setup_arg_pages(struct linux_binprm
27940 vm_flags &= ~VM_EXEC;
27941 vm_flags |= mm->def_flags;
27942
27943+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
27944+ if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
27945+ vm_flags &= ~VM_EXEC;
27946+
27947+#ifdef CONFIG_PAX_MPROTECT
27948+ if (mm->pax_flags & MF_PAX_MPROTECT)
27949+ vm_flags &= ~VM_MAYEXEC;
27950+#endif
27951+
27952+ }
27953+#endif
27954+
27955 ret = mprotect_fixup(vma, &prev, vma->vm_start, vma->vm_end,
27956 vm_flags);
27957 if (ret)
27958 goto out_unlock;
27959 BUG_ON(prev != vma);
27960
27961- /* Move stack pages down in memory. */
27962- if (stack_shift) {
27963- ret = shift_arg_pages(vma, stack_shift);
27964- if (ret)
27965- goto out_unlock;
27966- }
27967-
27968 #ifdef CONFIG_STACK_GROWSUP
27969 stack_base = vma->vm_end + EXTRA_STACK_VM_PAGES * PAGE_SIZE;
27970 #else
27971@@ -651,7 +684,7 @@ struct file *open_exec(const char *name)
27972 int err;
27973
27974 file = do_filp_open(AT_FDCWD, name,
27975- O_LARGEFILE | O_RDONLY | FMODE_EXEC, 0,
27976+ O_LARGEFILE | O_RDONLY | FMODE_EXEC | FMODE_GREXEC, 0,
27977 MAY_EXEC | MAY_OPEN);
27978 if (IS_ERR(file))
27979 goto out;
27980@@ -688,7 +721,7 @@ int kernel_read(struct file *file, loff_
27981 old_fs = get_fs();
27982 set_fs(get_ds());
27983 /* The cast to a user pointer is valid due to the set_fs() */
27984- result = vfs_read(file, (void __user *)addr, count, &pos);
27985+ result = vfs_read(file, (__force void __user *)addr, count, &pos);
27986 set_fs(old_fs);
27987 return result;
27988 }
27989@@ -1094,7 +1127,7 @@ int check_unsafe_exec(struct linux_binpr
27990 }
27991 rcu_read_unlock();
27992
27993- if (p->fs->users > n_fs) {
27994+ if (atomic_read(&p->fs->users) > n_fs) {
27995 bprm->unsafe |= LSM_UNSAFE_SHARE;
27996 } else {
27997 res = -EAGAIN;
27998@@ -1293,6 +1326,11 @@ int do_execve(char * filename,
27999 char __user *__user *envp,
28000 struct pt_regs * regs)
28001 {
28002+#ifdef CONFIG_GRKERNSEC
28003+ struct file *old_exec_file;
28004+ struct acl_subject_label *old_acl;
28005+ struct rlimit old_rlim[RLIM_NLIMITS];
28006+#endif
28007 struct linux_binprm *bprm;
28008 struct file *file;
28009 struct files_struct *displaced;
28010@@ -1329,6 +1367,18 @@ int do_execve(char * filename,
28011 bprm->filename = filename;
28012 bprm->interp = filename;
28013
28014+ gr_learn_resource(current, RLIMIT_NPROC, atomic_read(&current->cred->user->processes), 1);
28015+
28016+ if (gr_handle_nproc()) {
28017+ retval = -EAGAIN;
28018+ goto out_file;
28019+ }
28020+
28021+ if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
28022+ retval = -EACCES;
28023+ goto out_file;
28024+ }
28025+
28026 retval = bprm_mm_init(bprm);
28027 if (retval)
28028 goto out_file;
28029@@ -1358,10 +1408,41 @@ int do_execve(char * filename,
28030 if (retval < 0)
28031 goto out;
28032
28033+ if (!gr_tpe_allow(file)) {
28034+ retval = -EACCES;
28035+ goto out;
28036+ }
28037+
28038+ if (gr_check_crash_exec(file)) {
28039+ retval = -EACCES;
28040+ goto out;
28041+ }
28042+
28043+ gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
28044+
28045+ gr_handle_exec_args(bprm, argv);
28046+
28047+#ifdef CONFIG_GRKERNSEC
28048+ old_acl = current->acl;
28049+ memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim));
28050+ old_exec_file = current->exec_file;
28051+ get_file(file);
28052+ current->exec_file = file;
28053+#endif
28054+
28055+ retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt,
28056+ bprm->unsafe & LSM_UNSAFE_SHARE);
28057+ if (retval < 0)
28058+ goto out_fail;
28059+
28060 current->flags &= ~PF_KTHREAD;
28061 retval = search_binary_handler(bprm,regs);
28062 if (retval < 0)
28063- goto out;
28064+ goto out_fail;
28065+#ifdef CONFIG_GRKERNSEC
28066+ if (old_exec_file)
28067+ fput(old_exec_file);
28068+#endif
28069
28070 current->stack_start = current->mm->start_stack;
28071
28072@@ -1374,6 +1455,14 @@ int do_execve(char * filename,
28073 put_files_struct(displaced);
28074 return retval;
28075
28076+out_fail:
28077+#ifdef CONFIG_GRKERNSEC
28078+ current->acl = old_acl;
28079+ memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim));
28080+ fput(current->exec_file);
28081+ current->exec_file = old_exec_file;
28082+#endif
28083+
28084 out:
28085 if (bprm->mm)
28086 mmput (bprm->mm);
28087@@ -1537,6 +1626,169 @@ out:
28088 return ispipe;
28089 }
28090
28091+int pax_check_flags(unsigned long *flags)
28092+{
28093+ int retval = 0;
28094+
28095+#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_SEGMEXEC)
28096+ if (*flags & MF_PAX_SEGMEXEC)
28097+ {
28098+ *flags &= ~MF_PAX_SEGMEXEC;
28099+ retval = -EINVAL;
28100+ }
28101+#endif
28102+
28103+ if ((*flags & MF_PAX_PAGEEXEC)
28104+
28105+#ifdef CONFIG_PAX_PAGEEXEC
28106+ && (*flags & MF_PAX_SEGMEXEC)
28107+#endif
28108+
28109+ )
28110+ {
28111+ *flags &= ~MF_PAX_PAGEEXEC;
28112+ retval = -EINVAL;
28113+ }
28114+
28115+ if ((*flags & MF_PAX_MPROTECT)
28116+
28117+#ifdef CONFIG_PAX_MPROTECT
28118+ && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))
28119+#endif
28120+
28121+ )
28122+ {
28123+ *flags &= ~MF_PAX_MPROTECT;
28124+ retval = -EINVAL;
28125+ }
28126+
28127+ if ((*flags & MF_PAX_EMUTRAMP)
28128+
28129+#ifdef CONFIG_PAX_EMUTRAMP
28130+ && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))
28131+#endif
28132+
28133+ )
28134+ {
28135+ *flags &= ~MF_PAX_EMUTRAMP;
28136+ retval = -EINVAL;
28137+ }
28138+
28139+ return retval;
28140+}
28141+
28142+EXPORT_SYMBOL(pax_check_flags);
28143+
28144+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
28145+void pax_report_fault(struct pt_regs *regs, void *pc, void *sp)
28146+{
28147+ struct task_struct *tsk = current;
28148+ struct mm_struct *mm = current->mm;
28149+ char *buffer_exec = (char *)__get_free_page(GFP_KERNEL);
28150+ char *buffer_fault = (char *)__get_free_page(GFP_KERNEL);
28151+ char *path_exec = NULL;
28152+ char *path_fault = NULL;
28153+ unsigned long start = 0UL, end = 0UL, offset = 0UL;
28154+
28155+ if (buffer_exec && buffer_fault) {
28156+ struct vm_area_struct *vma, *vma_exec = NULL, *vma_fault = NULL;
28157+
28158+ down_read(&mm->mmap_sem);
28159+ vma = mm->mmap;
28160+ while (vma && (!vma_exec || !vma_fault)) {
28161+ if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file)
28162+ vma_exec = vma;
28163+ if (vma->vm_start <= (unsigned long)pc && (unsigned long)pc < vma->vm_end)
28164+ vma_fault = vma;
28165+ vma = vma->vm_next;
28166+ }
28167+ if (vma_exec) {
28168+ path_exec = d_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE);
28169+ if (IS_ERR(path_exec))
28170+ path_exec = "<path too long>";
28171+ else {
28172+ path_exec = mangle_path(buffer_exec, path_exec, "\t\n\\");
28173+ if (path_exec) {
28174+ *path_exec = 0;
28175+ path_exec = buffer_exec;
28176+ } else
28177+ path_exec = "<path too long>";
28178+ }
28179+ }
28180+ if (vma_fault) {
28181+ start = vma_fault->vm_start;
28182+ end = vma_fault->vm_end;
28183+ offset = vma_fault->vm_pgoff << PAGE_SHIFT;
28184+ if (vma_fault->vm_file) {
28185+ path_fault = d_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE);
28186+ if (IS_ERR(path_fault))
28187+ path_fault = "<path too long>";
28188+ else {
28189+ path_fault = mangle_path(buffer_fault, path_fault, "\t\n\\");
28190+ if (path_fault) {
28191+ *path_fault = 0;
28192+ path_fault = buffer_fault;
28193+ } else
28194+ path_fault = "<path too long>";
28195+ }
28196+ } else
28197+ path_fault = "<anonymous mapping>";
28198+ }
28199+ up_read(&mm->mmap_sem);
28200+ }
28201+ if (tsk->signal->curr_ip)
28202+ printk(KERN_ERR "PAX: From %pI4: execution attempt in: %s, %08lx-%08lx %08lx\n", &tsk->signal->curr_ip, path_fault, start, end, offset);
28203+ else
28204+ printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset);
28205+ printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, "
28206+ "PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk),
28207+ task_uid(tsk), task_euid(tsk), pc, sp);
28208+ free_page((unsigned long)buffer_exec);
28209+ free_page((unsigned long)buffer_fault);
28210+ pax_report_insns(pc, sp);
28211+ do_coredump(SIGKILL, SIGKILL, regs);
28212+}
28213+#endif
28214+
28215+#ifdef CONFIG_PAX_REFCOUNT
28216+void pax_report_refcount_overflow(struct pt_regs *regs)
28217+{
28218+ if (current->signal->curr_ip)
28219+ printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
28220+ &current->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
28221+ else
28222+ printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
28223+ current->comm, task_pid_nr(current), current_uid(), current_euid());
28224+ print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
28225+ show_regs(regs);
28226+ force_sig_specific(SIGKILL, current);
28227+}
28228+#endif
28229+
28230+#ifdef CONFIG_PAX_USERCOPY
28231+void pax_report_leak_to_user(const void *ptr, unsigned long len)
28232+{
28233+ if (current->signal->curr_ip)
28234+ printk(KERN_ERR "PAX: From %pI4: kernel memory leak attempt detected from %p (%lu bytes)\n",
28235+ &current->signal->curr_ip, ptr, len);
28236+ else
28237+ printk(KERN_ERR "PAX: kernel memory leak attempt detected from %p (%lu bytes)\n", ptr, len);
28238+ dump_stack();
28239+ do_group_exit(SIGKILL);
28240+}
28241+
28242+void pax_report_overflow_from_user(const void *ptr, unsigned long len)
28243+{
28244+ if (current->signal->curr_ip)
28245+ printk(KERN_ERR "PAX: From %pI4: kernel memory overflow attempt detected to %p (%lu bytes)\n",
28246+ &current->signal->curr_ip, ptr, len);
28247+ else
28248+ printk(KERN_ERR "PAX: kernel memory overflow attempt detected to %p (%lu bytes)\n", ptr, len);
28249+ dump_stack();
28250+ do_group_exit(SIGKILL);
28251+}
28252+#endif
28253+
28254 static int zap_process(struct task_struct *start)
28255 {
28256 struct task_struct *t;
28257@@ -1739,17 +1991,17 @@ static void wait_for_dump_helpers(struct
28258 pipe = file->f_path.dentry->d_inode->i_pipe;
28259
28260 pipe_lock(pipe);
28261- pipe->readers++;
28262- pipe->writers--;
28263+ atomic_inc(&pipe->readers);
28264+ atomic_dec(&pipe->writers);
28265
28266- while ((pipe->readers > 1) && (!signal_pending(current))) {
28267+ while ((atomic_read(&pipe->readers) > 1) && (!signal_pending(current))) {
28268 wake_up_interruptible_sync(&pipe->wait);
28269 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
28270 pipe_wait(pipe);
28271 }
28272
28273- pipe->readers--;
28274- pipe->writers++;
28275+ atomic_dec(&pipe->readers);
28276+ atomic_inc(&pipe->writers);
28277 pipe_unlock(pipe);
28278
28279 }
28280@@ -1820,6 +2072,10 @@ void do_coredump(long signr, int exit_co
28281 */
28282 clear_thread_flag(TIF_SIGPENDING);
28283
28284+ if (signr == SIGKILL || signr == SIGILL)
28285+ gr_handle_brute_attach(current);
28286+ gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1);
28287+
28288 /*
28289 * lock_kernel() because format_corename() is controlled by sysctl, which
28290 * uses lock_kernel()
28291diff -urNp linux-2.6.32.8/fs/ext2/balloc.c linux-2.6.32.8/fs/ext2/balloc.c
28292--- linux-2.6.32.8/fs/ext2/balloc.c 2010-02-09 07:57:19.000000000 -0500
28293+++ linux-2.6.32.8/fs/ext2/balloc.c 2010-02-13 21:45:10.669604037 -0500
28294@@ -1192,7 +1192,7 @@ static int ext2_has_free_blocks(struct e
28295
28296 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
28297 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
28298- if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
28299+ if (free_blocks < root_blocks + 1 && !capable_nolog(CAP_SYS_RESOURCE) &&
28300 sbi->s_resuid != current_fsuid() &&
28301 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
28302 return 0;
28303diff -urNp linux-2.6.32.8/fs/ext3/balloc.c linux-2.6.32.8/fs/ext3/balloc.c
28304--- linux-2.6.32.8/fs/ext3/balloc.c 2010-02-09 07:57:19.000000000 -0500
28305+++ linux-2.6.32.8/fs/ext3/balloc.c 2010-02-13 21:45:10.669604037 -0500
28306@@ -1421,7 +1421,7 @@ static int ext3_has_free_blocks(struct e
28307
28308 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
28309 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
28310- if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
28311+ if (free_blocks < root_blocks + 1 && !capable_nolog(CAP_SYS_RESOURCE) &&
28312 sbi->s_resuid != current_fsuid() &&
28313 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
28314 return 0;
28315diff -urNp linux-2.6.32.8/fs/ext3/namei.c linux-2.6.32.8/fs/ext3/namei.c
28316--- linux-2.6.32.8/fs/ext3/namei.c 2010-02-09 07:57:19.000000000 -0500
28317+++ linux-2.6.32.8/fs/ext3/namei.c 2010-02-13 21:45:10.670656699 -0500
28318@@ -1168,7 +1168,7 @@ static struct ext3_dir_entry_2 *do_split
28319 char *data1 = (*bh)->b_data, *data2;
28320 unsigned split, move, size;
28321 struct ext3_dir_entry_2 *de = NULL, *de2;
28322- int err = 0, i;
28323+ int i, err = 0;
28324
28325 bh2 = ext3_append (handle, dir, &newblock, &err);
28326 if (!(bh2)) {
28327diff -urNp linux-2.6.32.8/fs/ext3/xattr.c linux-2.6.32.8/fs/ext3/xattr.c
28328--- linux-2.6.32.8/fs/ext3/xattr.c 2010-02-09 07:57:19.000000000 -0500
28329+++ linux-2.6.32.8/fs/ext3/xattr.c 2010-02-13 21:45:10.670656699 -0500
28330@@ -89,8 +89,8 @@
28331 printk("\n"); \
28332 } while (0)
28333 #else
28334-# define ea_idebug(f...)
28335-# define ea_bdebug(f...)
28336+# define ea_idebug(f...) do {} while (0)
28337+# define ea_bdebug(f...) do {} while (0)
28338 #endif
28339
28340 static void ext3_xattr_cache_insert(struct buffer_head *);
28341diff -urNp linux-2.6.32.8/fs/ext4/balloc.c linux-2.6.32.8/fs/ext4/balloc.c
28342--- linux-2.6.32.8/fs/ext4/balloc.c 2010-02-09 07:57:19.000000000 -0500
28343+++ linux-2.6.32.8/fs/ext4/balloc.c 2010-02-13 21:45:10.670656699 -0500
28344@@ -573,7 +573,7 @@ int ext4_has_free_blocks(struct ext4_sb_
28345 /* Hm, nope. Are (enough) root reserved blocks available? */
28346 if (sbi->s_resuid == current_fsuid() ||
28347 ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) ||
28348- capable(CAP_SYS_RESOURCE)) {
28349+ capable_nolog(CAP_SYS_RESOURCE)) {
28350 if (free_blocks >= (nblocks + dirty_blocks))
28351 return 1;
28352 }
28353diff -urNp linux-2.6.32.8/fs/ext4/ioctl.c linux-2.6.32.8/fs/ext4/ioctl.c
28354--- linux-2.6.32.8/fs/ext4/ioctl.c 2010-02-09 07:57:19.000000000 -0500
28355+++ linux-2.6.32.8/fs/ext4/ioctl.c 2010-02-13 21:45:10.670656699 -0500
28356@@ -221,6 +221,9 @@ setversion_out:
28357 struct file *donor_filp;
28358 int err;
28359
28360+ /* temporary workaround for bugs in here */
28361+ return -EOPNOTSUPP;
28362+
28363 if (!(filp->f_mode & FMODE_READ) ||
28364 !(filp->f_mode & FMODE_WRITE))
28365 return -EBADF;
28366diff -urNp linux-2.6.32.8/fs/ext4/namei.c linux-2.6.32.8/fs/ext4/namei.c
28367--- linux-2.6.32.8/fs/ext4/namei.c 2010-02-09 07:57:19.000000000 -0500
28368+++ linux-2.6.32.8/fs/ext4/namei.c 2010-02-13 21:45:10.671989622 -0500
28369@@ -1203,7 +1203,7 @@ static struct ext4_dir_entry_2 *do_split
28370 char *data1 = (*bh)->b_data, *data2;
28371 unsigned split, move, size;
28372 struct ext4_dir_entry_2 *de = NULL, *de2;
28373- int err = 0, i;
28374+ int i, err = 0;
28375
28376 bh2 = ext4_append (handle, dir, &newblock, &err);
28377 if (!(bh2)) {
28378diff -urNp linux-2.6.32.8/fs/ext4/super.c linux-2.6.32.8/fs/ext4/super.c
28379--- linux-2.6.32.8/fs/ext4/super.c 2010-02-09 07:57:19.000000000 -0500
28380+++ linux-2.6.32.8/fs/ext4/super.c 2010-02-13 21:45:10.672576567 -0500
28381@@ -2276,7 +2276,7 @@ static void ext4_sb_release(struct kobje
28382 }
28383
28384
28385-static struct sysfs_ops ext4_attr_ops = {
28386+static const struct sysfs_ops ext4_attr_ops = {
28387 .show = ext4_attr_show,
28388 .store = ext4_attr_store,
28389 };
28390diff -urNp linux-2.6.32.8/fs/fcntl.c linux-2.6.32.8/fs/fcntl.c
28391--- linux-2.6.32.8/fs/fcntl.c 2010-02-09 07:57:19.000000000 -0500
28392+++ linux-2.6.32.8/fs/fcntl.c 2010-02-13 21:45:10.672576567 -0500
28393@@ -346,6 +346,7 @@ static long do_fcntl(int fd, unsigned in
28394 switch (cmd) {
28395 case F_DUPFD:
28396 case F_DUPFD_CLOEXEC:
28397+ gr_learn_resource(current, RLIMIT_NOFILE, arg, 0);
28398 if (arg >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
28399 break;
28400 err = alloc_fd(arg, cmd == F_DUPFD_CLOEXEC ? O_CLOEXEC : 0);
28401@@ -502,7 +503,8 @@ static inline int sigio_perm(struct task
28402 ret = ((fown->euid == 0 ||
28403 fown->euid == cred->suid || fown->euid == cred->uid ||
28404 fown->uid == cred->suid || fown->uid == cred->uid) &&
28405- !security_file_send_sigiotask(p, fown, sig));
28406+ !security_file_send_sigiotask(p, fown, sig) &&
28407+ !gr_check_protected_task(p) && !gr_pid_is_chrooted(p));
28408 rcu_read_unlock();
28409 return ret;
28410 }
28411diff -urNp linux-2.6.32.8/fs/fifo.c linux-2.6.32.8/fs/fifo.c
28412--- linux-2.6.32.8/fs/fifo.c 2010-02-09 07:57:19.000000000 -0500
28413+++ linux-2.6.32.8/fs/fifo.c 2010-02-13 21:45:10.673575968 -0500
28414@@ -59,10 +59,10 @@ static int fifo_open(struct inode *inode
28415 */
28416 filp->f_op = &read_pipefifo_fops;
28417 pipe->r_counter++;
28418- if (pipe->readers++ == 0)
28419+ if (atomic_inc_return(&pipe->readers) == 1)
28420 wake_up_partner(inode);
28421
28422- if (!pipe->writers) {
28423+ if (!atomic_read(&pipe->writers)) {
28424 if ((filp->f_flags & O_NONBLOCK)) {
28425 /* suppress POLLHUP until we have
28426 * seen a writer */
28427@@ -83,15 +83,15 @@ static int fifo_open(struct inode *inode
28428 * errno=ENXIO when there is no process reading the FIFO.
28429 */
28430 ret = -ENXIO;
28431- if ((filp->f_flags & O_NONBLOCK) && !pipe->readers)
28432+ if ((filp->f_flags & O_NONBLOCK) && !atomic_read(&pipe->readers))
28433 goto err;
28434
28435 filp->f_op = &write_pipefifo_fops;
28436 pipe->w_counter++;
28437- if (!pipe->writers++)
28438+ if (atomic_inc_return(&pipe->writers) == 1)
28439 wake_up_partner(inode);
28440
28441- if (!pipe->readers) {
28442+ if (!atomic_read(&pipe->readers)) {
28443 wait_for_partner(inode, &pipe->r_counter);
28444 if (signal_pending(current))
28445 goto err_wr;
28446@@ -107,11 +107,11 @@ static int fifo_open(struct inode *inode
28447 */
28448 filp->f_op = &rdwr_pipefifo_fops;
28449
28450- pipe->readers++;
28451- pipe->writers++;
28452+ atomic_inc(&pipe->readers);
28453+ atomic_inc(&pipe->writers);
28454 pipe->r_counter++;
28455 pipe->w_counter++;
28456- if (pipe->readers == 1 || pipe->writers == 1)
28457+ if (atomic_read(&pipe->readers) == 1 || atomic_read(&pipe->writers) == 1)
28458 wake_up_partner(inode);
28459 break;
28460
28461@@ -125,19 +125,19 @@ static int fifo_open(struct inode *inode
28462 return 0;
28463
28464 err_rd:
28465- if (!--pipe->readers)
28466+ if (atomic_dec_and_test(&pipe->readers))
28467 wake_up_interruptible(&pipe->wait);
28468 ret = -ERESTARTSYS;
28469 goto err;
28470
28471 err_wr:
28472- if (!--pipe->writers)
28473+ if (atomic_dec_and_test(&pipe->writers))
28474 wake_up_interruptible(&pipe->wait);
28475 ret = -ERESTARTSYS;
28476 goto err;
28477
28478 err:
28479- if (!pipe->readers && !pipe->writers)
28480+ if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers))
28481 free_pipe_info(inode);
28482
28483 err_nocleanup:
28484diff -urNp linux-2.6.32.8/fs/file.c linux-2.6.32.8/fs/file.c
28485--- linux-2.6.32.8/fs/file.c 2010-02-09 07:57:19.000000000 -0500
28486+++ linux-2.6.32.8/fs/file.c 2010-02-13 21:45:10.673575968 -0500
28487@@ -14,6 +14,7 @@
28488 #include <linux/slab.h>
28489 #include <linux/vmalloc.h>
28490 #include <linux/file.h>
28491+#include <linux/security.h>
28492 #include <linux/fdtable.h>
28493 #include <linux/bitops.h>
28494 #include <linux/interrupt.h>
28495@@ -257,6 +258,8 @@ int expand_files(struct files_struct *fi
28496 * N.B. For clone tasks sharing a files structure, this test
28497 * will limit the total number of files that can be opened.
28498 */
28499+
28500+ gr_learn_resource(current, RLIMIT_NOFILE, nr, 0);
28501 if (nr >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
28502 return -EMFILE;
28503
28504diff -urNp linux-2.6.32.8/fs/fs_struct.c linux-2.6.32.8/fs/fs_struct.c
28505--- linux-2.6.32.8/fs/fs_struct.c 2010-02-09 07:57:19.000000000 -0500
28506+++ linux-2.6.32.8/fs/fs_struct.c 2010-02-13 21:45:10.673575968 -0500
28507@@ -45,10 +45,12 @@ void chroot_fs_refs(struct path *old_roo
28508 struct task_struct *g, *p;
28509 struct fs_struct *fs;
28510 int count = 0;
28511+ unsigned long flags;
28512
28513 read_lock(&tasklist_lock);
28514 do_each_thread(g, p) {
28515 task_lock(p);
28516+ gr_fs_write_lock_irqsave(p, flags);
28517 fs = p->fs;
28518 if (fs) {
28519 write_lock(&fs->lock);
28520@@ -66,6 +68,7 @@ void chroot_fs_refs(struct path *old_roo
28521 }
28522 write_unlock(&fs->lock);
28523 }
28524+ gr_fs_write_unlock_irqrestore(p, flags);
28525 task_unlock(p);
28526 } while_each_thread(g, p);
28527 read_unlock(&tasklist_lock);
28528@@ -83,14 +86,17 @@ void free_fs_struct(struct fs_struct *fs
28529 void exit_fs(struct task_struct *tsk)
28530 {
28531 struct fs_struct *fs = tsk->fs;
28532+ unsigned long flags;
28533
28534 if (fs) {
28535 int kill;
28536 task_lock(tsk);
28537+ gr_fs_write_lock_irqsave(tsk, flags);
28538 write_lock(&fs->lock);
28539 tsk->fs = NULL;
28540- kill = !--fs->users;
28541+ kill = !atomic_dec_return(&fs->users);
28542 write_unlock(&fs->lock);
28543+ gr_fs_write_unlock_irqrestore(tsk, flags);
28544 task_unlock(tsk);
28545 if (kill)
28546 free_fs_struct(fs);
28547@@ -102,7 +108,7 @@ struct fs_struct *copy_fs_struct(struct
28548 struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL);
28549 /* We don't need to lock fs - think why ;-) */
28550 if (fs) {
28551- fs->users = 1;
28552+ atomic_set(&fs->users, 1);
28553 fs->in_exec = 0;
28554 rwlock_init(&fs->lock);
28555 fs->umask = old->umask;
28556@@ -121,15 +127,18 @@ int unshare_fs_struct(void)
28557 struct fs_struct *fs = current->fs;
28558 struct fs_struct *new_fs = copy_fs_struct(fs);
28559 int kill;
28560+ unsigned long flags;
28561
28562 if (!new_fs)
28563 return -ENOMEM;
28564
28565 task_lock(current);
28566+ gr_fs_write_lock_irqsave(current, flags);
28567 write_lock(&fs->lock);
28568- kill = !--fs->users;
28569+ kill = !atomic_dec_return(&fs->users);
28570 current->fs = new_fs;
28571 write_unlock(&fs->lock);
28572+ gr_fs_write_unlock_irqrestore(current, flags);
28573 task_unlock(current);
28574
28575 if (kill)
28576@@ -147,7 +156,7 @@ EXPORT_SYMBOL(current_umask);
28577
28578 /* to be mentioned only in INIT_TASK */
28579 struct fs_struct init_fs = {
28580- .users = 1,
28581+ .users = ATOMIC_INIT(1),
28582 .lock = __RW_LOCK_UNLOCKED(init_fs.lock),
28583 .umask = 0022,
28584 };
28585@@ -155,6 +164,7 @@ struct fs_struct init_fs = {
28586 void daemonize_fs_struct(void)
28587 {
28588 struct fs_struct *fs = current->fs;
28589+ unsigned long flags;
28590
28591 if (fs) {
28592 int kill;
28593@@ -162,13 +172,15 @@ void daemonize_fs_struct(void)
28594 task_lock(current);
28595
28596 write_lock(&init_fs.lock);
28597- init_fs.users++;
28598+ atomic_inc(&init_fs.users);
28599 write_unlock(&init_fs.lock);
28600
28601+ gr_fs_write_lock_irqsave(current, flags);
28602 write_lock(&fs->lock);
28603 current->fs = &init_fs;
28604- kill = !--fs->users;
28605+ kill = !atomic_dec_return(&fs->users);
28606 write_unlock(&fs->lock);
28607+ gr_fs_write_unlock_irqrestore(current, flags);
28608
28609 task_unlock(current);
28610 if (kill)
28611diff -urNp linux-2.6.32.8/fs/fuse/control.c linux-2.6.32.8/fs/fuse/control.c
28612--- linux-2.6.32.8/fs/fuse/control.c 2010-02-09 07:57:19.000000000 -0500
28613+++ linux-2.6.32.8/fs/fuse/control.c 2010-02-13 21:45:10.673575968 -0500
28614@@ -293,7 +293,7 @@ void fuse_ctl_remove_conn(struct fuse_co
28615
28616 static int fuse_ctl_fill_super(struct super_block *sb, void *data, int silent)
28617 {
28618- struct tree_descr empty_descr = {""};
28619+ struct tree_descr empty_descr = {"", NULL, 0};
28620 struct fuse_conn *fc;
28621 int err;
28622
28623diff -urNp linux-2.6.32.8/fs/fuse/cuse.c linux-2.6.32.8/fs/fuse/cuse.c
28624--- linux-2.6.32.8/fs/fuse/cuse.c 2010-02-09 07:57:19.000000000 -0500
28625+++ linux-2.6.32.8/fs/fuse/cuse.c 2010-02-13 21:45:10.674581526 -0500
28626@@ -528,8 +528,18 @@ static int cuse_channel_release(struct i
28627 return rc;
28628 }
28629
28630-static struct file_operations cuse_channel_fops; /* initialized during init */
28631-
28632+static const struct file_operations cuse_channel_fops = { /* initialized during init */
28633+ .owner = THIS_MODULE,
28634+ .llseek = no_llseek,
28635+ .read = do_sync_read,
28636+ .aio_read = fuse_dev_read,
28637+ .write = do_sync_write,
28638+ .aio_write = fuse_dev_write,
28639+ .poll = fuse_dev_poll,
28640+ .open = cuse_channel_open,
28641+ .release = cuse_channel_release,
28642+ .fasync = fuse_dev_fasync,
28643+};
28644
28645 /**************************************************************************
28646 * Misc stuff and module initializatiion
28647@@ -575,12 +585,6 @@ static int __init cuse_init(void)
28648 for (i = 0; i < CUSE_CONNTBL_LEN; i++)
28649 INIT_LIST_HEAD(&cuse_conntbl[i]);
28650
28651- /* inherit and extend fuse_dev_operations */
28652- cuse_channel_fops = fuse_dev_operations;
28653- cuse_channel_fops.owner = THIS_MODULE;
28654- cuse_channel_fops.open = cuse_channel_open;
28655- cuse_channel_fops.release = cuse_channel_release;
28656-
28657 cuse_class = class_create(THIS_MODULE, "cuse");
28658 if (IS_ERR(cuse_class))
28659 return PTR_ERR(cuse_class);
28660diff -urNp linux-2.6.32.8/fs/fuse/dev.c linux-2.6.32.8/fs/fuse/dev.c
28661--- linux-2.6.32.8/fs/fuse/dev.c 2010-02-09 07:57:19.000000000 -0500
28662+++ linux-2.6.32.8/fs/fuse/dev.c 2010-02-13 21:45:10.674581526 -0500
28663@@ -745,7 +745,7 @@ __releases(&fc->lock)
28664 * request_end(). Otherwise add it to the processing list, and set
28665 * the 'sent' flag.
28666 */
28667-static ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov,
28668+ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov,
28669 unsigned long nr_segs, loff_t pos)
28670 {
28671 int err;
28672@@ -827,6 +827,7 @@ static ssize_t fuse_dev_read(struct kioc
28673 spin_unlock(&fc->lock);
28674 return err;
28675 }
28676+EXPORT_SYMBOL_GPL(fuse_dev_read);
28677
28678 static int fuse_notify_poll(struct fuse_conn *fc, unsigned int size,
28679 struct fuse_copy_state *cs)
28680@@ -885,7 +886,7 @@ static int fuse_notify_inval_entry(struc
28681 {
28682 struct fuse_notify_inval_entry_out outarg;
28683 int err = -EINVAL;
28684- char buf[FUSE_NAME_MAX+1];
28685+ char *buf = NULL;
28686 struct qstr name;
28687
28688 if (size < sizeof(outarg))
28689@@ -899,6 +900,11 @@ static int fuse_notify_inval_entry(struc
28690 if (outarg.namelen > FUSE_NAME_MAX)
28691 goto err;
28692
28693+ err = -ENOMEM;
28694+ buf = kmalloc(FUSE_NAME_MAX+1, GFP_KERNEL);
28695+ if (!buf)
28696+ goto err;
28697+
28698 name.name = buf;
28699 name.len = outarg.namelen;
28700 err = fuse_copy_one(cs, buf, outarg.namelen + 1);
28701@@ -910,17 +916,15 @@ static int fuse_notify_inval_entry(struc
28702
28703 down_read(&fc->killsb);
28704 err = -ENOENT;
28705- if (!fc->sb)
28706- goto err_unlock;
28707-
28708- err = fuse_reverse_inval_entry(fc->sb, outarg.parent, &name);
28709-
28710-err_unlock:
28711+ if (fc->sb)
28712+ err = fuse_reverse_inval_entry(fc->sb, outarg.parent, &name);
28713 up_read(&fc->killsb);
28714+ kfree(buf);
28715 return err;
28716
28717 err:
28718 fuse_copy_finish(cs);
28719+ kfree(buf);
28720 return err;
28721 }
28722
28723@@ -987,7 +991,7 @@ static int copy_out_args(struct fuse_cop
28724 * it from the list and copy the rest of the buffer to the request.
28725 * The request is finished by calling request_end()
28726 */
28727-static ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
28728+ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
28729 unsigned long nr_segs, loff_t pos)
28730 {
28731 int err;
28732@@ -1083,8 +1087,9 @@ static ssize_t fuse_dev_write(struct kio
28733 fuse_copy_finish(&cs);
28734 return err;
28735 }
28736+EXPORT_SYMBOL_GPL(fuse_dev_write);
28737
28738-static unsigned fuse_dev_poll(struct file *file, poll_table *wait)
28739+unsigned fuse_dev_poll(struct file *file, poll_table *wait)
28740 {
28741 unsigned mask = POLLOUT | POLLWRNORM;
28742 struct fuse_conn *fc = fuse_get_conn(file);
28743@@ -1102,6 +1107,7 @@ static unsigned fuse_dev_poll(struct fil
28744
28745 return mask;
28746 }
28747+EXPORT_SYMBOL_GPL(fuse_dev_poll);
28748
28749 /*
28750 * Abort all requests on the given list (pending or processing)
28751@@ -1210,7 +1216,7 @@ int fuse_dev_release(struct inode *inode
28752 }
28753 EXPORT_SYMBOL_GPL(fuse_dev_release);
28754
28755-static int fuse_dev_fasync(int fd, struct file *file, int on)
28756+int fuse_dev_fasync(int fd, struct file *file, int on)
28757 {
28758 struct fuse_conn *fc = fuse_get_conn(file);
28759 if (!fc)
28760@@ -1219,6 +1225,7 @@ static int fuse_dev_fasync(int fd, struc
28761 /* No locking - fasync_helper does its own locking */
28762 return fasync_helper(fd, file, on, &fc->fasync);
28763 }
28764+EXPORT_SYMBOL_GPL(fuse_dev_fasync);
28765
28766 const struct file_operations fuse_dev_operations = {
28767 .owner = THIS_MODULE,
28768diff -urNp linux-2.6.32.8/fs/fuse/dir.c linux-2.6.32.8/fs/fuse/dir.c
28769--- linux-2.6.32.8/fs/fuse/dir.c 2010-02-09 07:57:19.000000000 -0500
28770+++ linux-2.6.32.8/fs/fuse/dir.c 2010-02-13 21:45:10.674581526 -0500
28771@@ -1127,7 +1127,7 @@ static char *read_link(struct dentry *de
28772 return link;
28773 }
28774
28775-static void free_link(char *link)
28776+static void free_link(const char *link)
28777 {
28778 if (!IS_ERR(link))
28779 free_page((unsigned long) link);
28780diff -urNp linux-2.6.32.8/fs/fuse/fuse_i.h linux-2.6.32.8/fs/fuse/fuse_i.h
28781--- linux-2.6.32.8/fs/fuse/fuse_i.h 2010-02-09 07:57:19.000000000 -0500
28782+++ linux-2.6.32.8/fs/fuse/fuse_i.h 2010-02-13 21:45:10.676633973 -0500
28783@@ -521,6 +521,16 @@ extern const struct file_operations fuse
28784
28785 extern const struct dentry_operations fuse_dentry_operations;
28786
28787+extern ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov,
28788+ unsigned long nr_segs, loff_t pos);
28789+
28790+extern ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
28791+ unsigned long nr_segs, loff_t pos);
28792+
28793+extern unsigned fuse_dev_poll(struct file *file, poll_table *wait);
28794+
28795+extern int fuse_dev_fasync(int fd, struct file *file, int on);
28796+
28797 /**
28798 * Inode to nodeid comparison.
28799 */
28800diff -urNp linux-2.6.32.8/fs/gfs2/sys.c linux-2.6.32.8/fs/gfs2/sys.c
28801--- linux-2.6.32.8/fs/gfs2/sys.c 2010-02-09 07:57:19.000000000 -0500
28802+++ linux-2.6.32.8/fs/gfs2/sys.c 2010-02-13 21:45:10.676633973 -0500
28803@@ -49,7 +49,7 @@ static ssize_t gfs2_attr_store(struct ko
28804 return a->store ? a->store(sdp, buf, len) : len;
28805 }
28806
28807-static struct sysfs_ops gfs2_attr_ops = {
28808+static const struct sysfs_ops gfs2_attr_ops = {
28809 .show = gfs2_attr_show,
28810 .store = gfs2_attr_store,
28811 };
28812@@ -584,7 +584,7 @@ static int gfs2_uevent(struct kset *kset
28813 return 0;
28814 }
28815
28816-static struct kset_uevent_ops gfs2_uevent_ops = {
28817+static const struct kset_uevent_ops gfs2_uevent_ops = {
28818 .uevent = gfs2_uevent,
28819 };
28820
28821diff -urNp linux-2.6.32.8/fs/hfs/inode.c linux-2.6.32.8/fs/hfs/inode.c
28822--- linux-2.6.32.8/fs/hfs/inode.c 2010-02-09 07:57:19.000000000 -0500
28823+++ linux-2.6.32.8/fs/hfs/inode.c 2010-02-13 21:45:10.676633973 -0500
28824@@ -423,7 +423,7 @@ int hfs_write_inode(struct inode *inode,
28825
28826 if (S_ISDIR(main_inode->i_mode)) {
28827 if (fd.entrylength < sizeof(struct hfs_cat_dir))
28828- /* panic? */;
28829+ {/* panic? */}
28830 hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
28831 sizeof(struct hfs_cat_dir));
28832 if (rec.type != HFS_CDR_DIR ||
28833@@ -444,7 +444,7 @@ int hfs_write_inode(struct inode *inode,
28834 sizeof(struct hfs_cat_file));
28835 } else {
28836 if (fd.entrylength < sizeof(struct hfs_cat_file))
28837- /* panic? */;
28838+ {/* panic? */}
28839 hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
28840 sizeof(struct hfs_cat_file));
28841 if (rec.type != HFS_CDR_FIL ||
28842diff -urNp linux-2.6.32.8/fs/hfsplus/inode.c linux-2.6.32.8/fs/hfsplus/inode.c
28843--- linux-2.6.32.8/fs/hfsplus/inode.c 2010-02-09 07:57:19.000000000 -0500
28844+++ linux-2.6.32.8/fs/hfsplus/inode.c 2010-02-13 21:45:10.676633973 -0500
28845@@ -406,7 +406,7 @@ int hfsplus_cat_read_inode(struct inode
28846 struct hfsplus_cat_folder *folder = &entry.folder;
28847
28848 if (fd->entrylength < sizeof(struct hfsplus_cat_folder))
28849- /* panic? */;
28850+ {/* panic? */}
28851 hfs_bnode_read(fd->bnode, &entry, fd->entryoffset,
28852 sizeof(struct hfsplus_cat_folder));
28853 hfsplus_get_perms(inode, &folder->permissions, 1);
28854@@ -423,7 +423,7 @@ int hfsplus_cat_read_inode(struct inode
28855 struct hfsplus_cat_file *file = &entry.file;
28856
28857 if (fd->entrylength < sizeof(struct hfsplus_cat_file))
28858- /* panic? */;
28859+ {/* panic? */}
28860 hfs_bnode_read(fd->bnode, &entry, fd->entryoffset,
28861 sizeof(struct hfsplus_cat_file));
28862
28863@@ -479,7 +479,7 @@ int hfsplus_cat_write_inode(struct inode
28864 struct hfsplus_cat_folder *folder = &entry.folder;
28865
28866 if (fd.entrylength < sizeof(struct hfsplus_cat_folder))
28867- /* panic? */;
28868+ {/* panic? */}
28869 hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
28870 sizeof(struct hfsplus_cat_folder));
28871 /* simple node checks? */
28872@@ -501,7 +501,7 @@ int hfsplus_cat_write_inode(struct inode
28873 struct hfsplus_cat_file *file = &entry.file;
28874
28875 if (fd.entrylength < sizeof(struct hfsplus_cat_file))
28876- /* panic? */;
28877+ {/* panic? */}
28878 hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
28879 sizeof(struct hfsplus_cat_file));
28880 hfsplus_inode_write_fork(inode, &file->data_fork);
28881diff -urNp linux-2.6.32.8/fs/ioctl.c linux-2.6.32.8/fs/ioctl.c
28882--- linux-2.6.32.8/fs/ioctl.c 2010-02-09 07:57:19.000000000 -0500
28883+++ linux-2.6.32.8/fs/ioctl.c 2010-02-13 21:45:10.677706610 -0500
28884@@ -97,7 +97,7 @@ int fiemap_fill_next_extent(struct fiema
28885 u64 phys, u64 len, u32 flags)
28886 {
28887 struct fiemap_extent extent;
28888- struct fiemap_extent *dest = fieinfo->fi_extents_start;
28889+ struct fiemap_extent __user *dest = fieinfo->fi_extents_start;
28890
28891 /* only count the extents */
28892 if (fieinfo->fi_extents_max == 0) {
28893@@ -207,7 +207,7 @@ static int ioctl_fiemap(struct file *fil
28894
28895 fieinfo.fi_flags = fiemap.fm_flags;
28896 fieinfo.fi_extents_max = fiemap.fm_extent_count;
28897- fieinfo.fi_extents_start = (struct fiemap_extent *)(arg + sizeof(fiemap));
28898+ fieinfo.fi_extents_start = (struct fiemap_extent __user *)(arg + sizeof(fiemap));
28899
28900 if (fiemap.fm_extent_count != 0 &&
28901 !access_ok(VERIFY_WRITE, fieinfo.fi_extents_start,
28902@@ -220,7 +220,7 @@ static int ioctl_fiemap(struct file *fil
28903 error = inode->i_op->fiemap(inode, &fieinfo, fiemap.fm_start, len);
28904 fiemap.fm_flags = fieinfo.fi_flags;
28905 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
28906- if (copy_to_user((char *)arg, &fiemap, sizeof(fiemap)))
28907+ if (copy_to_user((__force char __user *)arg, &fiemap, sizeof(fiemap)))
28908 error = -EFAULT;
28909
28910 return error;
28911diff -urNp linux-2.6.32.8/fs/jffs2/debug.h linux-2.6.32.8/fs/jffs2/debug.h
28912--- linux-2.6.32.8/fs/jffs2/debug.h 2010-02-09 07:57:19.000000000 -0500
28913+++ linux-2.6.32.8/fs/jffs2/debug.h 2010-02-13 21:45:10.677706610 -0500
28914@@ -52,13 +52,13 @@
28915 #if CONFIG_JFFS2_FS_DEBUG > 0
28916 #define D1(x) x
28917 #else
28918-#define D1(x)
28919+#define D1(x) do {} while (0);
28920 #endif
28921
28922 #if CONFIG_JFFS2_FS_DEBUG > 1
28923 #define D2(x) x
28924 #else
28925-#define D2(x)
28926+#define D2(x) do {} while (0);
28927 #endif
28928
28929 /* The prefixes of JFFS2 messages */
28930@@ -114,73 +114,73 @@
28931 #ifdef JFFS2_DBG_READINODE_MESSAGES
28932 #define dbg_readinode(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28933 #else
28934-#define dbg_readinode(fmt, ...)
28935+#define dbg_readinode(fmt, ...) do {} while (0)
28936 #endif
28937 #ifdef JFFS2_DBG_READINODE2_MESSAGES
28938 #define dbg_readinode2(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28939 #else
28940-#define dbg_readinode2(fmt, ...)
28941+#define dbg_readinode2(fmt, ...) do {} while (0)
28942 #endif
28943
28944 /* Fragtree build debugging messages */
28945 #ifdef JFFS2_DBG_FRAGTREE_MESSAGES
28946 #define dbg_fragtree(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28947 #else
28948-#define dbg_fragtree(fmt, ...)
28949+#define dbg_fragtree(fmt, ...) do {} while (0)
28950 #endif
28951 #ifdef JFFS2_DBG_FRAGTREE2_MESSAGES
28952 #define dbg_fragtree2(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28953 #else
28954-#define dbg_fragtree2(fmt, ...)
28955+#define dbg_fragtree2(fmt, ...) do {} while (0)
28956 #endif
28957
28958 /* Directory entry list manilulation debugging messages */
28959 #ifdef JFFS2_DBG_DENTLIST_MESSAGES
28960 #define dbg_dentlist(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28961 #else
28962-#define dbg_dentlist(fmt, ...)
28963+#define dbg_dentlist(fmt, ...) do {} while (0)
28964 #endif
28965
28966 /* Print the messages about manipulating node_refs */
28967 #ifdef JFFS2_DBG_NODEREF_MESSAGES
28968 #define dbg_noderef(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28969 #else
28970-#define dbg_noderef(fmt, ...)
28971+#define dbg_noderef(fmt, ...) do {} while (0)
28972 #endif
28973
28974 /* Manipulations with the list of inodes (JFFS2 inocache) */
28975 #ifdef JFFS2_DBG_INOCACHE_MESSAGES
28976 #define dbg_inocache(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28977 #else
28978-#define dbg_inocache(fmt, ...)
28979+#define dbg_inocache(fmt, ...) do {} while (0)
28980 #endif
28981
28982 /* Summary debugging messages */
28983 #ifdef JFFS2_DBG_SUMMARY_MESSAGES
28984 #define dbg_summary(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28985 #else
28986-#define dbg_summary(fmt, ...)
28987+#define dbg_summary(fmt, ...) do {} while (0)
28988 #endif
28989
28990 /* File system build messages */
28991 #ifdef JFFS2_DBG_FSBUILD_MESSAGES
28992 #define dbg_fsbuild(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28993 #else
28994-#define dbg_fsbuild(fmt, ...)
28995+#define dbg_fsbuild(fmt, ...) do {} while (0)
28996 #endif
28997
28998 /* Watch the object allocations */
28999 #ifdef JFFS2_DBG_MEMALLOC_MESSAGES
29000 #define dbg_memalloc(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
29001 #else
29002-#define dbg_memalloc(fmt, ...)
29003+#define dbg_memalloc(fmt, ...) do {} while (0)
29004 #endif
29005
29006 /* Watch the XATTR subsystem */
29007 #ifdef JFFS2_DBG_XATTR_MESSAGES
29008 #define dbg_xattr(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
29009 #else
29010-#define dbg_xattr(fmt, ...)
29011+#define dbg_xattr(fmt, ...) do {} while (0)
29012 #endif
29013
29014 /* "Sanity" checks */
29015diff -urNp linux-2.6.32.8/fs/jffs2/erase.c linux-2.6.32.8/fs/jffs2/erase.c
29016--- linux-2.6.32.8/fs/jffs2/erase.c 2010-02-09 07:57:19.000000000 -0500
29017+++ linux-2.6.32.8/fs/jffs2/erase.c 2010-02-13 21:45:10.677706610 -0500
29018@@ -434,7 +434,8 @@ static void jffs2_mark_erased_block(stru
29019 struct jffs2_unknown_node marker = {
29020 .magic = cpu_to_je16(JFFS2_MAGIC_BITMASK),
29021 .nodetype = cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
29022- .totlen = cpu_to_je32(c->cleanmarker_size)
29023+ .totlen = cpu_to_je32(c->cleanmarker_size),
29024+ .hdr_crc = cpu_to_je32(0)
29025 };
29026
29027 jffs2_prealloc_raw_node_refs(c, jeb, 1);
29028diff -urNp linux-2.6.32.8/fs/jffs2/summary.h linux-2.6.32.8/fs/jffs2/summary.h
29029--- linux-2.6.32.8/fs/jffs2/summary.h 2010-02-09 07:57:19.000000000 -0500
29030+++ linux-2.6.32.8/fs/jffs2/summary.h 2010-02-13 21:45:10.677706610 -0500
29031@@ -194,18 +194,18 @@ int jffs2_sum_scan_sumnode(struct jffs2_
29032
29033 #define jffs2_sum_active() (0)
29034 #define jffs2_sum_init(a) (0)
29035-#define jffs2_sum_exit(a)
29036-#define jffs2_sum_disable_collecting(a)
29037+#define jffs2_sum_exit(a) do {} while (0)
29038+#define jffs2_sum_disable_collecting(a) do {} while (0)
29039 #define jffs2_sum_is_disabled(a) (0)
29040-#define jffs2_sum_reset_collected(a)
29041+#define jffs2_sum_reset_collected(a) do {} while (0)
29042 #define jffs2_sum_add_kvec(a,b,c,d) (0)
29043-#define jffs2_sum_move_collected(a,b)
29044+#define jffs2_sum_move_collected(a,b) do {} while (0)
29045 #define jffs2_sum_write_sumnode(a) (0)
29046-#define jffs2_sum_add_padding_mem(a,b)
29047-#define jffs2_sum_add_inode_mem(a,b,c)
29048-#define jffs2_sum_add_dirent_mem(a,b,c)
29049-#define jffs2_sum_add_xattr_mem(a,b,c)
29050-#define jffs2_sum_add_xref_mem(a,b,c)
29051+#define jffs2_sum_add_padding_mem(a,b) do {} while (0)
29052+#define jffs2_sum_add_inode_mem(a,b,c) do {} while (0)
29053+#define jffs2_sum_add_dirent_mem(a,b,c) do {} while (0)
29054+#define jffs2_sum_add_xattr_mem(a,b,c) do {} while (0)
29055+#define jffs2_sum_add_xref_mem(a,b,c) do {} while (0)
29056 #define jffs2_sum_scan_sumnode(a,b,c,d,e) (0)
29057
29058 #endif /* CONFIG_JFFS2_SUMMARY */
29059diff -urNp linux-2.6.32.8/fs/jffs2/wbuf.c linux-2.6.32.8/fs/jffs2/wbuf.c
29060--- linux-2.6.32.8/fs/jffs2/wbuf.c 2010-02-09 07:57:19.000000000 -0500
29061+++ linux-2.6.32.8/fs/jffs2/wbuf.c 2010-02-13 21:45:10.678610654 -0500
29062@@ -1012,7 +1012,8 @@ static const struct jffs2_unknown_node o
29063 {
29064 .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
29065 .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
29066- .totlen = constant_cpu_to_je32(8)
29067+ .totlen = constant_cpu_to_je32(8),
29068+ .hdr_crc = constant_cpu_to_je32(0)
29069 };
29070
29071 /*
29072diff -urNp linux-2.6.32.8/fs/lockd/svc.c linux-2.6.32.8/fs/lockd/svc.c
29073--- linux-2.6.32.8/fs/lockd/svc.c 2010-02-09 07:57:19.000000000 -0500
29074+++ linux-2.6.32.8/fs/lockd/svc.c 2010-02-13 21:45:10.678610654 -0500
29075@@ -43,7 +43,7 @@
29076
29077 static struct svc_program nlmsvc_program;
29078
29079-struct nlmsvc_binding * nlmsvc_ops;
29080+const struct nlmsvc_binding * nlmsvc_ops;
29081 EXPORT_SYMBOL_GPL(nlmsvc_ops);
29082
29083 static DEFINE_MUTEX(nlmsvc_mutex);
29084diff -urNp linux-2.6.32.8/fs/locks.c linux-2.6.32.8/fs/locks.c
29085--- linux-2.6.32.8/fs/locks.c 2010-02-09 07:57:19.000000000 -0500
29086+++ linux-2.6.32.8/fs/locks.c 2010-02-13 21:45:10.678610654 -0500
29087@@ -2007,16 +2007,16 @@ void locks_remove_flock(struct file *fil
29088 return;
29089
29090 if (filp->f_op && filp->f_op->flock) {
29091- struct file_lock fl = {
29092+ struct file_lock flock = {
29093 .fl_pid = current->tgid,
29094 .fl_file = filp,
29095 .fl_flags = FL_FLOCK,
29096 .fl_type = F_UNLCK,
29097 .fl_end = OFFSET_MAX,
29098 };
29099- filp->f_op->flock(filp, F_SETLKW, &fl);
29100- if (fl.fl_ops && fl.fl_ops->fl_release_private)
29101- fl.fl_ops->fl_release_private(&fl);
29102+ filp->f_op->flock(filp, F_SETLKW, &flock);
29103+ if (flock.fl_ops && flock.fl_ops->fl_release_private)
29104+ flock.fl_ops->fl_release_private(&flock);
29105 }
29106
29107 lock_kernel();
29108diff -urNp linux-2.6.32.8/fs/namei.c linux-2.6.32.8/fs/namei.c
29109--- linux-2.6.32.8/fs/namei.c 2010-02-09 07:57:19.000000000 -0500
29110+++ linux-2.6.32.8/fs/namei.c 2010-02-13 21:45:10.679768509 -0500
29111@@ -638,7 +638,7 @@ static __always_inline int __do_follow_l
29112 cookie = dentry->d_inode->i_op->follow_link(dentry, nd);
29113 error = PTR_ERR(cookie);
29114 if (!IS_ERR(cookie)) {
29115- char *s = nd_get_link(nd);
29116+ const char *s = nd_get_link(nd);
29117 error = 0;
29118 if (s)
29119 error = __vfs_follow_link(nd, s);
29120@@ -669,6 +669,13 @@ static inline int do_follow_link(struct
29121 err = security_inode_follow_link(path->dentry, nd);
29122 if (err)
29123 goto loop;
29124+
29125+ if (gr_handle_follow_link(path->dentry->d_parent->d_inode,
29126+ path->dentry->d_inode, path->dentry, nd->path.mnt)) {
29127+ err = -EACCES;
29128+ goto loop;
29129+ }
29130+
29131 current->link_count++;
29132 current->total_link_count++;
29133 nd->depth++;
29134@@ -1006,11 +1013,18 @@ return_reval:
29135 break;
29136 }
29137 return_base:
29138+ if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) {
29139+ path_put(&nd->path);
29140+ return -ENOENT;
29141+ }
29142 return 0;
29143 out_dput:
29144 path_put_conditional(&next, nd);
29145 break;
29146 }
29147+ if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt))
29148+ err = -ENOENT;
29149+
29150 path_put(&nd->path);
29151 return_err:
29152 return err;
29153@@ -1611,12 +1625,19 @@ static int __open_namei_create(struct na
29154 int error;
29155 struct dentry *dir = nd->path.dentry;
29156
29157+ if (!gr_acl_handle_creat(path->dentry, nd->path.dentry, nd->path.mnt, flag, mode)) {
29158+ error = -EACCES;
29159+ goto out_unlock;
29160+ }
29161+
29162 if (!IS_POSIXACL(dir->d_inode))
29163 mode &= ~current_umask();
29164 error = security_path_mknod(&nd->path, path->dentry, mode, 0);
29165 if (error)
29166 goto out_unlock;
29167 error = vfs_create(dir->d_inode, path->dentry, mode, nd);
29168+ if (!error)
29169+ gr_handle_create(path->dentry, nd->path.mnt);
29170 out_unlock:
29171 mutex_unlock(&dir->d_inode->i_mutex);
29172 dput(nd->path.dentry);
29173@@ -1699,6 +1720,22 @@ struct file *do_filp_open(int dfd, const
29174 &nd, flag);
29175 if (error)
29176 return ERR_PTR(error);
29177+
29178+ if (gr_handle_rofs_blockwrite(nd.path.dentry, nd.path.mnt, acc_mode)) {
29179+ error = -EPERM;
29180+ goto exit;
29181+ }
29182+
29183+ if (gr_handle_rawio(nd.path.dentry->d_inode)) {
29184+ error = -EPERM;
29185+ goto exit;
29186+ }
29187+
29188+ if (!gr_acl_handle_open(nd.path.dentry, nd.path.mnt, flag)) {
29189+ error = -EACCES;
29190+ goto exit;
29191+ }
29192+
29193 goto ok;
29194 }
29195
29196@@ -1785,6 +1822,24 @@ do_last:
29197 /*
29198 * It already exists.
29199 */
29200+
29201+ if (gr_handle_rofs_blockwrite(path.dentry, nd.path.mnt, acc_mode)) {
29202+ error = -EPERM;
29203+ goto exit_mutex_unlock;
29204+ }
29205+ if (gr_handle_rawio(path.dentry->d_inode)) {
29206+ error = -EPERM;
29207+ goto exit_mutex_unlock;
29208+ }
29209+ if (!gr_acl_handle_open(path.dentry, nd.path.mnt, flag)) {
29210+ error = -EACCES;
29211+ goto exit_mutex_unlock;
29212+ }
29213+ if (gr_handle_fifo(path.dentry, nd.path.mnt, dir, flag, acc_mode)) {
29214+ error = -EACCES;
29215+ goto exit_mutex_unlock;
29216+ }
29217+
29218 mutex_unlock(&dir->d_inode->i_mutex);
29219 audit_inode(pathname, path.dentry);
29220
29221@@ -1877,6 +1932,13 @@ do_link:
29222 error = security_inode_follow_link(path.dentry, &nd);
29223 if (error)
29224 goto exit_dput;
29225+
29226+ if (gr_handle_follow_link(path.dentry->d_parent->d_inode, path.dentry->d_inode,
29227+ path.dentry, nd.path.mnt)) {
29228+ error = -EACCES;
29229+ goto exit_dput;
29230+ }
29231+
29232 error = __do_follow_link(&path, &nd);
29233 if (error) {
29234 /* Does someone understand code flow here? Or it is only
29235@@ -2051,6 +2113,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
29236 error = may_mknod(mode);
29237 if (error)
29238 goto out_dput;
29239+
29240+ if (gr_handle_chroot_mknod(dentry, nd.path.mnt, mode)) {
29241+ error = -EPERM;
29242+ goto out_dput;
29243+ }
29244+
29245+ if (!gr_acl_handle_mknod(dentry, nd.path.dentry, nd.path.mnt, mode)) {
29246+ error = -EACCES;
29247+ goto out_dput;
29248+ }
29249+
29250 error = mnt_want_write(nd.path.mnt);
29251 if (error)
29252 goto out_dput;
29253@@ -2071,6 +2144,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
29254 }
29255 out_drop_write:
29256 mnt_drop_write(nd.path.mnt);
29257+
29258+ if (!error)
29259+ gr_handle_create(dentry, nd.path.mnt);
29260 out_dput:
29261 dput(dentry);
29262 out_unlock:
29263@@ -2124,6 +2200,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
29264 if (IS_ERR(dentry))
29265 goto out_unlock;
29266
29267+ if (!gr_acl_handle_mkdir(dentry, nd.path.dentry, nd.path.mnt)) {
29268+ error = -EACCES;
29269+ goto out_dput;
29270+ }
29271+
29272 if (!IS_POSIXACL(nd.path.dentry->d_inode))
29273 mode &= ~current_umask();
29274 error = mnt_want_write(nd.path.mnt);
29275@@ -2135,6 +2216,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
29276 error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
29277 out_drop_write:
29278 mnt_drop_write(nd.path.mnt);
29279+
29280+ if (!error)
29281+ gr_handle_create(dentry, nd.path.mnt);
29282+
29283 out_dput:
29284 dput(dentry);
29285 out_unlock:
29286@@ -2216,6 +2301,8 @@ static long do_rmdir(int dfd, const char
29287 char * name;
29288 struct dentry *dentry;
29289 struct nameidata nd;
29290+ ino_t saved_ino = 0;
29291+ dev_t saved_dev = 0;
29292
29293 error = user_path_parent(dfd, pathname, &nd, &name);
29294 if (error)
29295@@ -2240,6 +2327,19 @@ static long do_rmdir(int dfd, const char
29296 error = PTR_ERR(dentry);
29297 if (IS_ERR(dentry))
29298 goto exit2;
29299+
29300+ if (dentry->d_inode != NULL) {
29301+ if (dentry->d_inode->i_nlink <= 1) {
29302+ saved_ino = dentry->d_inode->i_ino;
29303+ saved_dev = dentry->d_inode->i_sb->s_dev;
29304+ }
29305+
29306+ if (!gr_acl_handle_rmdir(dentry, nd.path.mnt)) {
29307+ error = -EACCES;
29308+ goto exit3;
29309+ }
29310+ }
29311+
29312 error = mnt_want_write(nd.path.mnt);
29313 if (error)
29314 goto exit3;
29315@@ -2247,6 +2347,8 @@ static long do_rmdir(int dfd, const char
29316 if (error)
29317 goto exit4;
29318 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
29319+ if (!error && (saved_dev || saved_ino))
29320+ gr_handle_delete(saved_ino, saved_dev);
29321 exit4:
29322 mnt_drop_write(nd.path.mnt);
29323 exit3:
29324@@ -2308,6 +2410,8 @@ static long do_unlinkat(int dfd, const c
29325 struct dentry *dentry;
29326 struct nameidata nd;
29327 struct inode *inode = NULL;
29328+ ino_t saved_ino = 0;
29329+ dev_t saved_dev = 0;
29330
29331 error = user_path_parent(dfd, pathname, &nd, &name);
29332 if (error)
29333@@ -2327,8 +2431,19 @@ static long do_unlinkat(int dfd, const c
29334 if (nd.last.name[nd.last.len])
29335 goto slashes;
29336 inode = dentry->d_inode;
29337- if (inode)
29338+ if (inode) {
29339+ if (inode->i_nlink <= 1) {
29340+ saved_ino = inode->i_ino;
29341+ saved_dev = inode->i_sb->s_dev;
29342+ }
29343+
29344 atomic_inc(&inode->i_count);
29345+
29346+ if (!gr_acl_handle_unlink(dentry, nd.path.mnt)) {
29347+ error = -EACCES;
29348+ goto exit2;
29349+ }
29350+ }
29351 error = mnt_want_write(nd.path.mnt);
29352 if (error)
29353 goto exit2;
29354@@ -2336,6 +2451,8 @@ static long do_unlinkat(int dfd, const c
29355 if (error)
29356 goto exit3;
29357 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
29358+ if (!error && (saved_ino || saved_dev))
29359+ gr_handle_delete(saved_ino, saved_dev);
29360 exit3:
29361 mnt_drop_write(nd.path.mnt);
29362 exit2:
29363@@ -2414,6 +2531,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
29364 if (IS_ERR(dentry))
29365 goto out_unlock;
29366
29367+ if (!gr_acl_handle_symlink(dentry, nd.path.dentry, nd.path.mnt, from)) {
29368+ error = -EACCES;
29369+ goto out_dput;
29370+ }
29371+
29372 error = mnt_want_write(nd.path.mnt);
29373 if (error)
29374 goto out_dput;
29375@@ -2421,6 +2543,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
29376 if (error)
29377 goto out_drop_write;
29378 error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
29379+ if (!error)
29380+ gr_handle_create(dentry, nd.path.mnt);
29381 out_drop_write:
29382 mnt_drop_write(nd.path.mnt);
29383 out_dput:
29384@@ -2514,6 +2638,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
29385 error = PTR_ERR(new_dentry);
29386 if (IS_ERR(new_dentry))
29387 goto out_unlock;
29388+
29389+ if (gr_handle_hardlink(old_path.dentry, old_path.mnt,
29390+ old_path.dentry->d_inode,
29391+ old_path.dentry->d_inode->i_mode, to)) {
29392+ error = -EACCES;
29393+ goto out_dput;
29394+ }
29395+
29396+ if (!gr_acl_handle_link(new_dentry, nd.path.dentry, nd.path.mnt,
29397+ old_path.dentry, old_path.mnt, to)) {
29398+ error = -EACCES;
29399+ goto out_dput;
29400+ }
29401+
29402 error = mnt_want_write(nd.path.mnt);
29403 if (error)
29404 goto out_dput;
29405@@ -2521,6 +2659,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
29406 if (error)
29407 goto out_drop_write;
29408 error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
29409+ if (!error)
29410+ gr_handle_create(new_dentry, nd.path.mnt);
29411 out_drop_write:
29412 mnt_drop_write(nd.path.mnt);
29413 out_dput:
29414@@ -2754,6 +2894,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
29415 if (new_dentry == trap)
29416 goto exit5;
29417
29418+ error = gr_acl_handle_rename(new_dentry, new_dir, newnd.path.mnt,
29419+ old_dentry, old_dir->d_inode, oldnd.path.mnt,
29420+ to);
29421+ if (error)
29422+ goto exit5;
29423+
29424 error = mnt_want_write(oldnd.path.mnt);
29425 if (error)
29426 goto exit5;
29427@@ -2763,6 +2909,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
29428 goto exit6;
29429 error = vfs_rename(old_dir->d_inode, old_dentry,
29430 new_dir->d_inode, new_dentry);
29431+ if (!error)
29432+ gr_handle_rename(old_dir->d_inode, new_dir->d_inode, old_dentry,
29433+ new_dentry, oldnd.path.mnt, new_dentry->d_inode ? 1 : 0);
29434 exit6:
29435 mnt_drop_write(oldnd.path.mnt);
29436 exit5:
29437diff -urNp linux-2.6.32.8/fs/namespace.c linux-2.6.32.8/fs/namespace.c
29438--- linux-2.6.32.8/fs/namespace.c 2010-02-09 07:57:19.000000000 -0500
29439+++ linux-2.6.32.8/fs/namespace.c 2010-02-13 21:45:10.680637387 -0500
29440@@ -1083,6 +1083,9 @@ static int do_umount(struct vfsmount *mn
29441 if (!(sb->s_flags & MS_RDONLY))
29442 retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
29443 up_write(&sb->s_umount);
29444+
29445+ gr_log_remount(mnt->mnt_devname, retval);
29446+
29447 return retval;
29448 }
29449
29450@@ -1104,6 +1107,9 @@ static int do_umount(struct vfsmount *mn
29451 security_sb_umount_busy(mnt);
29452 up_write(&namespace_sem);
29453 release_mounts(&umount_list);
29454+
29455+ gr_log_unmount(mnt->mnt_devname, retval);
29456+
29457 return retval;
29458 }
29459
29460@@ -1955,6 +1961,16 @@ long do_mount(char *dev_name, char *dir_
29461 if (retval)
29462 goto dput_out;
29463
29464+ if (gr_handle_rofs_mount(path.dentry, path.mnt, mnt_flags)) {
29465+ retval = -EPERM;
29466+ goto dput_out;
29467+ }
29468+
29469+ if (gr_handle_chroot_mount(path.dentry, path.mnt, dev_name)) {
29470+ retval = -EPERM;
29471+ goto dput_out;
29472+ }
29473+
29474 if (flags & MS_REMOUNT)
29475 retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
29476 data_page);
29477@@ -1969,6 +1985,9 @@ long do_mount(char *dev_name, char *dir_
29478 dev_name, data_page);
29479 dput_out:
29480 path_put(&path);
29481+
29482+ gr_log_mount(dev_name, dir_name, retval);
29483+
29484 return retval;
29485 }
29486
29487@@ -2175,6 +2194,12 @@ SYSCALL_DEFINE2(pivot_root, const char _
29488 goto out1;
29489 }
29490
29491+ if (gr_handle_chroot_pivot()) {
29492+ error = -EPERM;
29493+ path_put(&old);
29494+ goto out1;
29495+ }
29496+
29497 read_lock(&current->fs->lock);
29498 root = current->fs->root;
29499 path_get(&current->fs->root);
29500diff -urNp linux-2.6.32.8/fs/nfs/inode.c linux-2.6.32.8/fs/nfs/inode.c
29501--- linux-2.6.32.8/fs/nfs/inode.c 2010-02-09 07:57:19.000000000 -0500
29502+++ linux-2.6.32.8/fs/nfs/inode.c 2010-02-13 21:45:10.680637387 -0500
29503@@ -965,16 +965,16 @@ static int nfs_size_need_update(const st
29504 return nfs_size_to_loff_t(fattr->size) > i_size_read(inode);
29505 }
29506
29507-static atomic_long_t nfs_attr_generation_counter;
29508+static atomic_long_unchecked_t nfs_attr_generation_counter;
29509
29510 static unsigned long nfs_read_attr_generation_counter(void)
29511 {
29512- return atomic_long_read(&nfs_attr_generation_counter);
29513+ return atomic_long_read_unchecked(&nfs_attr_generation_counter);
29514 }
29515
29516 unsigned long nfs_inc_attr_generation_counter(void)
29517 {
29518- return atomic_long_inc_return(&nfs_attr_generation_counter);
29519+ return atomic_long_inc_return_unchecked(&nfs_attr_generation_counter);
29520 }
29521
29522 void nfs_fattr_init(struct nfs_fattr *fattr)
29523diff -urNp linux-2.6.32.8/fs/nfs/nfs4proc.c linux-2.6.32.8/fs/nfs/nfs4proc.c
29524--- linux-2.6.32.8/fs/nfs/nfs4proc.c 2010-02-09 07:57:19.000000000 -0500
29525+++ linux-2.6.32.8/fs/nfs/nfs4proc.c 2010-02-13 21:45:10.682015439 -0500
29526@@ -1131,7 +1131,7 @@ static int _nfs4_do_open_reclaim(struct
29527 static int nfs4_do_open_reclaim(struct nfs_open_context *ctx, struct nfs4_state *state)
29528 {
29529 struct nfs_server *server = NFS_SERVER(state->inode);
29530- struct nfs4_exception exception = { };
29531+ struct nfs4_exception exception = {0, 0};
29532 int err;
29533 do {
29534 err = _nfs4_do_open_reclaim(ctx, state);
29535@@ -1173,7 +1173,7 @@ static int _nfs4_open_delegation_recall(
29536
29537 int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid)
29538 {
29539- struct nfs4_exception exception = { };
29540+ struct nfs4_exception exception = {0, 0};
29541 struct nfs_server *server = NFS_SERVER(state->inode);
29542 int err;
29543 do {
29544@@ -1491,7 +1491,7 @@ static int _nfs4_open_expired(struct nfs
29545 static inline int nfs4_do_open_expired(struct nfs_open_context *ctx, struct nfs4_state *state)
29546 {
29547 struct nfs_server *server = NFS_SERVER(state->inode);
29548- struct nfs4_exception exception = { };
29549+ struct nfs4_exception exception = {0, 0};
29550 int err;
29551
29552 do {
29553@@ -1589,7 +1589,7 @@ out_err:
29554
29555 static struct nfs4_state *nfs4_do_open(struct inode *dir, struct path *path, fmode_t fmode, int flags, struct iattr *sattr, struct rpc_cred *cred)
29556 {
29557- struct nfs4_exception exception = { };
29558+ struct nfs4_exception exception = {0, 0};
29559 struct nfs4_state *res;
29560 int status;
29561
29562@@ -1680,7 +1680,7 @@ static int nfs4_do_setattr(struct inode
29563 struct nfs4_state *state)
29564 {
29565 struct nfs_server *server = NFS_SERVER(inode);
29566- struct nfs4_exception exception = { };
29567+ struct nfs4_exception exception = {0, 0};
29568 int err;
29569 do {
29570 err = nfs4_handle_exception(server,
29571@@ -2046,7 +2046,7 @@ static int _nfs4_server_capabilities(str
29572
29573 int nfs4_server_capabilities(struct nfs_server *server, struct nfs_fh *fhandle)
29574 {
29575- struct nfs4_exception exception = { };
29576+ struct nfs4_exception exception = {0, 0};
29577 int err;
29578 do {
29579 err = nfs4_handle_exception(server,
29580@@ -2080,7 +2080,7 @@ static int _nfs4_lookup_root(struct nfs_
29581 static int nfs4_lookup_root(struct nfs_server *server, struct nfs_fh *fhandle,
29582 struct nfs_fsinfo *info)
29583 {
29584- struct nfs4_exception exception = { };
29585+ struct nfs4_exception exception = {0, 0};
29586 int err;
29587 do {
29588 err = nfs4_handle_exception(server,
29589@@ -2169,7 +2169,7 @@ static int _nfs4_proc_getattr(struct nfs
29590
29591 static int nfs4_proc_getattr(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fattr *fattr)
29592 {
29593- struct nfs4_exception exception = { };
29594+ struct nfs4_exception exception = {0, 0};
29595 int err;
29596 do {
29597 err = nfs4_handle_exception(server,
29598@@ -2257,7 +2257,7 @@ static int nfs4_proc_lookupfh(struct nfs
29599 struct qstr *name, struct nfs_fh *fhandle,
29600 struct nfs_fattr *fattr)
29601 {
29602- struct nfs4_exception exception = { };
29603+ struct nfs4_exception exception = {0, 0};
29604 int err;
29605 do {
29606 err = _nfs4_proc_lookupfh(server, dirfh, name, fhandle, fattr);
29607@@ -2286,7 +2286,7 @@ static int _nfs4_proc_lookup(struct inod
29608
29609 static int nfs4_proc_lookup(struct inode *dir, struct qstr *name, struct nfs_fh *fhandle, struct nfs_fattr *fattr)
29610 {
29611- struct nfs4_exception exception = { };
29612+ struct nfs4_exception exception = {0, 0};
29613 int err;
29614 do {
29615 err = nfs4_handle_exception(NFS_SERVER(dir),
29616@@ -2350,7 +2350,7 @@ static int _nfs4_proc_access(struct inod
29617
29618 static int nfs4_proc_access(struct inode *inode, struct nfs_access_entry *entry)
29619 {
29620- struct nfs4_exception exception = { };
29621+ struct nfs4_exception exception = {0, 0};
29622 int err;
29623 do {
29624 err = nfs4_handle_exception(NFS_SERVER(inode),
29625@@ -2406,7 +2406,7 @@ static int _nfs4_proc_readlink(struct in
29626 static int nfs4_proc_readlink(struct inode *inode, struct page *page,
29627 unsigned int pgbase, unsigned int pglen)
29628 {
29629- struct nfs4_exception exception = { };
29630+ struct nfs4_exception exception = {0, 0};
29631 int err;
29632 do {
29633 err = nfs4_handle_exception(NFS_SERVER(inode),
29634@@ -2504,7 +2504,7 @@ static int _nfs4_proc_remove(struct inod
29635
29636 static int nfs4_proc_remove(struct inode *dir, struct qstr *name)
29637 {
29638- struct nfs4_exception exception = { };
29639+ struct nfs4_exception exception = {0, 0};
29640 int err;
29641 do {
29642 err = nfs4_handle_exception(NFS_SERVER(dir),
29643@@ -2578,7 +2578,7 @@ static int _nfs4_proc_rename(struct inod
29644 static int nfs4_proc_rename(struct inode *old_dir, struct qstr *old_name,
29645 struct inode *new_dir, struct qstr *new_name)
29646 {
29647- struct nfs4_exception exception = { };
29648+ struct nfs4_exception exception = {0, 0};
29649 int err;
29650 do {
29651 err = nfs4_handle_exception(NFS_SERVER(old_dir),
29652@@ -2625,7 +2625,7 @@ static int _nfs4_proc_link(struct inode
29653
29654 static int nfs4_proc_link(struct inode *inode, struct inode *dir, struct qstr *name)
29655 {
29656- struct nfs4_exception exception = { };
29657+ struct nfs4_exception exception = {0, 0};
29658 int err;
29659 do {
29660 err = nfs4_handle_exception(NFS_SERVER(inode),
29661@@ -2717,7 +2717,7 @@ out:
29662 static int nfs4_proc_symlink(struct inode *dir, struct dentry *dentry,
29663 struct page *page, unsigned int len, struct iattr *sattr)
29664 {
29665- struct nfs4_exception exception = { };
29666+ struct nfs4_exception exception = {0, 0};
29667 int err;
29668 do {
29669 err = nfs4_handle_exception(NFS_SERVER(dir),
29670@@ -2748,7 +2748,7 @@ out:
29671 static int nfs4_proc_mkdir(struct inode *dir, struct dentry *dentry,
29672 struct iattr *sattr)
29673 {
29674- struct nfs4_exception exception = { };
29675+ struct nfs4_exception exception = {0, 0};
29676 int err;
29677 do {
29678 err = nfs4_handle_exception(NFS_SERVER(dir),
29679@@ -2797,7 +2797,7 @@ static int _nfs4_proc_readdir(struct den
29680 static int nfs4_proc_readdir(struct dentry *dentry, struct rpc_cred *cred,
29681 u64 cookie, struct page *page, unsigned int count, int plus)
29682 {
29683- struct nfs4_exception exception = { };
29684+ struct nfs4_exception exception = {0, 0};
29685 int err;
29686 do {
29687 err = nfs4_handle_exception(NFS_SERVER(dentry->d_inode),
29688@@ -2845,7 +2845,7 @@ out:
29689 static int nfs4_proc_mknod(struct inode *dir, struct dentry *dentry,
29690 struct iattr *sattr, dev_t rdev)
29691 {
29692- struct nfs4_exception exception = { };
29693+ struct nfs4_exception exception = {0, 0};
29694 int err;
29695 do {
29696 err = nfs4_handle_exception(NFS_SERVER(dir),
29697@@ -2877,7 +2877,7 @@ static int _nfs4_proc_statfs(struct nfs_
29698
29699 static int nfs4_proc_statfs(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fsstat *fsstat)
29700 {
29701- struct nfs4_exception exception = { };
29702+ struct nfs4_exception exception = {0, 0};
29703 int err;
29704 do {
29705 err = nfs4_handle_exception(server,
29706@@ -2908,7 +2908,7 @@ static int _nfs4_do_fsinfo(struct nfs_se
29707
29708 static int nfs4_do_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fsinfo *fsinfo)
29709 {
29710- struct nfs4_exception exception = { };
29711+ struct nfs4_exception exception = {0, 0};
29712 int err;
29713
29714 do {
29715@@ -2954,7 +2954,7 @@ static int _nfs4_proc_pathconf(struct nf
29716 static int nfs4_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle,
29717 struct nfs_pathconf *pathconf)
29718 {
29719- struct nfs4_exception exception = { };
29720+ struct nfs4_exception exception = {0, 0};
29721 int err;
29722
29723 do {
29724@@ -3253,7 +3253,7 @@ out_free:
29725
29726 static ssize_t nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen)
29727 {
29728- struct nfs4_exception exception = { };
29729+ struct nfs4_exception exception = {0, 0};
29730 ssize_t ret;
29731 do {
29732 ret = __nfs4_get_acl_uncached(inode, buf, buflen);
29733@@ -3309,7 +3309,7 @@ static int __nfs4_proc_set_acl(struct in
29734
29735 static int nfs4_proc_set_acl(struct inode *inode, const void *buf, size_t buflen)
29736 {
29737- struct nfs4_exception exception = { };
29738+ struct nfs4_exception exception = {0, 0};
29739 int err;
29740 do {
29741 err = nfs4_handle_exception(NFS_SERVER(inode),
29742@@ -3574,7 +3574,7 @@ out:
29743 int nfs4_proc_delegreturn(struct inode *inode, struct rpc_cred *cred, const nfs4_stateid *stateid, int issync)
29744 {
29745 struct nfs_server *server = NFS_SERVER(inode);
29746- struct nfs4_exception exception = { };
29747+ struct nfs4_exception exception = {0, 0};
29748 int err;
29749 do {
29750 err = _nfs4_proc_delegreturn(inode, cred, stateid, issync);
29751@@ -3647,7 +3647,7 @@ out:
29752
29753 static int nfs4_proc_getlk(struct nfs4_state *state, int cmd, struct file_lock *request)
29754 {
29755- struct nfs4_exception exception = { };
29756+ struct nfs4_exception exception = {0, 0};
29757 int err;
29758
29759 do {
29760@@ -4021,7 +4021,7 @@ static int _nfs4_do_setlk(struct nfs4_st
29761 static int nfs4_lock_reclaim(struct nfs4_state *state, struct file_lock *request)
29762 {
29763 struct nfs_server *server = NFS_SERVER(state->inode);
29764- struct nfs4_exception exception = { };
29765+ struct nfs4_exception exception = {0, 0};
29766 int err;
29767
29768 do {
29769@@ -4039,7 +4039,7 @@ static int nfs4_lock_reclaim(struct nfs4
29770 static int nfs4_lock_expired(struct nfs4_state *state, struct file_lock *request)
29771 {
29772 struct nfs_server *server = NFS_SERVER(state->inode);
29773- struct nfs4_exception exception = { };
29774+ struct nfs4_exception exception = {0, 0};
29775 int err;
29776
29777 err = nfs4_set_lock_state(state, request);
29778@@ -4094,7 +4094,7 @@ out:
29779
29780 static int nfs4_proc_setlk(struct nfs4_state *state, int cmd, struct file_lock *request)
29781 {
29782- struct nfs4_exception exception = { };
29783+ struct nfs4_exception exception = {0, 0};
29784 int err;
29785
29786 do {
29787@@ -4154,7 +4154,7 @@ nfs4_proc_lock(struct file *filp, int cm
29788 int nfs4_lock_delegation_recall(struct nfs4_state *state, struct file_lock *fl)
29789 {
29790 struct nfs_server *server = NFS_SERVER(state->inode);
29791- struct nfs4_exception exception = { };
29792+ struct nfs4_exception exception = {0, 0};
29793 int err;
29794
29795 err = nfs4_set_lock_state(state, fl);
29796diff -urNp linux-2.6.32.8/fs/nfsd/lockd.c linux-2.6.32.8/fs/nfsd/lockd.c
29797--- linux-2.6.32.8/fs/nfsd/lockd.c 2010-02-09 07:57:19.000000000 -0500
29798+++ linux-2.6.32.8/fs/nfsd/lockd.c 2010-02-13 21:45:10.682015439 -0500
29799@@ -67,7 +67,7 @@ nlm_fclose(struct file *filp)
29800 fput(filp);
29801 }
29802
29803-static struct nlmsvc_binding nfsd_nlm_ops = {
29804+static const struct nlmsvc_binding nfsd_nlm_ops = {
29805 .fopen = nlm_fopen, /* open file for locking */
29806 .fclose = nlm_fclose, /* close file */
29807 };
29808diff -urNp linux-2.6.32.8/fs/nfsd/vfs.c linux-2.6.32.8/fs/nfsd/vfs.c
29809--- linux-2.6.32.8/fs/nfsd/vfs.c 2010-02-09 07:57:19.000000000 -0500
29810+++ linux-2.6.32.8/fs/nfsd/vfs.c 2010-02-13 21:45:10.682559458 -0500
29811@@ -937,7 +937,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, st
29812 } else {
29813 oldfs = get_fs();
29814 set_fs(KERNEL_DS);
29815- host_err = vfs_readv(file, (struct iovec __user *)vec, vlen, &offset);
29816+ host_err = vfs_readv(file, (__force struct iovec __user *)vec, vlen, &offset);
29817 set_fs(oldfs);
29818 }
29819
29820@@ -1060,7 +1060,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, s
29821
29822 /* Write the data. */
29823 oldfs = get_fs(); set_fs(KERNEL_DS);
29824- host_err = vfs_writev(file, (struct iovec __user *)vec, vlen, &offset);
29825+ host_err = vfs_writev(file, (__force struct iovec __user *)vec, vlen, &offset);
29826 set_fs(oldfs);
29827 if (host_err < 0)
29828 goto out_nfserr;
29829@@ -1535,7 +1535,7 @@ nfsd_readlink(struct svc_rqst *rqstp, st
29830 */
29831
29832 oldfs = get_fs(); set_fs(KERNEL_DS);
29833- host_err = inode->i_op->readlink(dentry, buf, *lenp);
29834+ host_err = inode->i_op->readlink(dentry, (__force char __user *)buf, *lenp);
29835 set_fs(oldfs);
29836
29837 if (host_err < 0)
29838diff -urNp linux-2.6.32.8/fs/nls/nls_base.c linux-2.6.32.8/fs/nls/nls_base.c
29839--- linux-2.6.32.8/fs/nls/nls_base.c 2010-02-09 07:57:19.000000000 -0500
29840+++ linux-2.6.32.8/fs/nls/nls_base.c 2010-02-13 21:45:10.682559458 -0500
29841@@ -41,7 +41,7 @@ static const struct utf8_table utf8_tabl
29842 {0xF8, 0xF0, 3*6, 0x1FFFFF, 0x10000, /* 4 byte sequence */},
29843 {0xFC, 0xF8, 4*6, 0x3FFFFFF, 0x200000, /* 5 byte sequence */},
29844 {0xFE, 0xFC, 5*6, 0x7FFFFFFF, 0x4000000, /* 6 byte sequence */},
29845- {0, /* end of table */}
29846+ {0, 0, 0, 0, 0, /* end of table */}
29847 };
29848
29849 #define UNICODE_MAX 0x0010ffff
29850diff -urNp linux-2.6.32.8/fs/ntfs/file.c linux-2.6.32.8/fs/ntfs/file.c
29851--- linux-2.6.32.8/fs/ntfs/file.c 2010-02-09 07:57:19.000000000 -0500
29852+++ linux-2.6.32.8/fs/ntfs/file.c 2010-02-13 21:45:10.682559458 -0500
29853@@ -2243,6 +2243,6 @@ const struct inode_operations ntfs_file_
29854 #endif /* NTFS_RW */
29855 };
29856
29857-const struct file_operations ntfs_empty_file_ops = {};
29858+const struct file_operations ntfs_empty_file_ops __read_only;
29859
29860-const struct inode_operations ntfs_empty_inode_ops = {};
29861+const struct inode_operations ntfs_empty_inode_ops __read_only;
29862diff -urNp linux-2.6.32.8/fs/ocfs2/cluster/masklog.c linux-2.6.32.8/fs/ocfs2/cluster/masklog.c
29863--- linux-2.6.32.8/fs/ocfs2/cluster/masklog.c 2010-02-09 07:57:19.000000000 -0500
29864+++ linux-2.6.32.8/fs/ocfs2/cluster/masklog.c 2010-02-13 21:45:10.683847796 -0500
29865@@ -135,7 +135,7 @@ static ssize_t mlog_store(struct kobject
29866 return mlog_mask_store(mlog_attr->mask, buf, count);
29867 }
29868
29869-static struct sysfs_ops mlog_attr_ops = {
29870+static const struct sysfs_ops mlog_attr_ops = {
29871 .show = mlog_show,
29872 .store = mlog_store,
29873 };
29874diff -urNp linux-2.6.32.8/fs/ocfs2/localalloc.c linux-2.6.32.8/fs/ocfs2/localalloc.c
29875--- linux-2.6.32.8/fs/ocfs2/localalloc.c 2010-02-09 07:57:19.000000000 -0500
29876+++ linux-2.6.32.8/fs/ocfs2/localalloc.c 2010-02-13 21:45:10.683847796 -0500
29877@@ -1188,7 +1188,7 @@ static int ocfs2_local_alloc_slide_windo
29878 goto bail;
29879 }
29880
29881- atomic_inc(&osb->alloc_stats.moves);
29882+ atomic_inc_unchecked(&osb->alloc_stats.moves);
29883
29884 status = 0;
29885 bail:
29886diff -urNp linux-2.6.32.8/fs/ocfs2/ocfs2.h linux-2.6.32.8/fs/ocfs2/ocfs2.h
29887--- linux-2.6.32.8/fs/ocfs2/ocfs2.h 2010-02-09 07:57:19.000000000 -0500
29888+++ linux-2.6.32.8/fs/ocfs2/ocfs2.h 2010-02-13 21:45:10.683847796 -0500
29889@@ -217,11 +217,11 @@ enum ocfs2_vol_state
29890
29891 struct ocfs2_alloc_stats
29892 {
29893- atomic_t moves;
29894- atomic_t local_data;
29895- atomic_t bitmap_data;
29896- atomic_t bg_allocs;
29897- atomic_t bg_extends;
29898+ atomic_unchecked_t moves;
29899+ atomic_unchecked_t local_data;
29900+ atomic_unchecked_t bitmap_data;
29901+ atomic_unchecked_t bg_allocs;
29902+ atomic_unchecked_t bg_extends;
29903 };
29904
29905 enum ocfs2_local_alloc_state
29906diff -urNp linux-2.6.32.8/fs/ocfs2/suballoc.c linux-2.6.32.8/fs/ocfs2/suballoc.c
29907--- linux-2.6.32.8/fs/ocfs2/suballoc.c 2010-02-09 07:57:19.000000000 -0500
29908+++ linux-2.6.32.8/fs/ocfs2/suballoc.c 2010-02-13 21:45:10.684768778 -0500
29909@@ -620,7 +620,7 @@ static int ocfs2_reserve_suballoc_bits(s
29910 mlog_errno(status);
29911 goto bail;
29912 }
29913- atomic_inc(&osb->alloc_stats.bg_extends);
29914+ atomic_inc_unchecked(&osb->alloc_stats.bg_extends);
29915
29916 /* You should never ask for this much metadata */
29917 BUG_ON(bits_wanted >
29918@@ -1651,7 +1651,7 @@ int ocfs2_claim_metadata(struct ocfs2_su
29919 mlog_errno(status);
29920 goto bail;
29921 }
29922- atomic_inc(&osb->alloc_stats.bg_allocs);
29923+ atomic_inc_unchecked(&osb->alloc_stats.bg_allocs);
29924
29925 *blkno_start = bg_blkno + (u64) *suballoc_bit_start;
29926 ac->ac_bits_given += (*num_bits);
29927@@ -1725,7 +1725,7 @@ int ocfs2_claim_new_inode(struct ocfs2_s
29928 mlog_errno(status);
29929 goto bail;
29930 }
29931- atomic_inc(&osb->alloc_stats.bg_allocs);
29932+ atomic_inc_unchecked(&osb->alloc_stats.bg_allocs);
29933
29934 BUG_ON(num_bits != 1);
29935
29936@@ -1827,7 +1827,7 @@ int __ocfs2_claim_clusters(struct ocfs2_
29937 cluster_start,
29938 num_clusters);
29939 if (!status)
29940- atomic_inc(&osb->alloc_stats.local_data);
29941+ atomic_inc_unchecked(&osb->alloc_stats.local_data);
29942 } else {
29943 if (min_clusters > (osb->bitmap_cpg - 1)) {
29944 /* The only paths asking for contiguousness
29945@@ -1855,7 +1855,7 @@ int __ocfs2_claim_clusters(struct ocfs2_
29946 ocfs2_desc_bitmap_to_cluster_off(ac->ac_inode,
29947 bg_blkno,
29948 bg_bit_off);
29949- atomic_inc(&osb->alloc_stats.bitmap_data);
29950+ atomic_inc_unchecked(&osb->alloc_stats.bitmap_data);
29951 }
29952 }
29953 if (status < 0) {
29954diff -urNp linux-2.6.32.8/fs/ocfs2/super.c linux-2.6.32.8/fs/ocfs2/super.c
29955--- linux-2.6.32.8/fs/ocfs2/super.c 2010-02-09 07:57:19.000000000 -0500
29956+++ linux-2.6.32.8/fs/ocfs2/super.c 2010-02-13 21:45:10.685631253 -0500
29957@@ -284,11 +284,11 @@ static int ocfs2_osb_dump(struct ocfs2_s
29958 "%10s => GlobalAllocs: %d LocalAllocs: %d "
29959 "SubAllocs: %d LAWinMoves: %d SAExtends: %d\n",
29960 "Stats",
29961- atomic_read(&osb->alloc_stats.bitmap_data),
29962- atomic_read(&osb->alloc_stats.local_data),
29963- atomic_read(&osb->alloc_stats.bg_allocs),
29964- atomic_read(&osb->alloc_stats.moves),
29965- atomic_read(&osb->alloc_stats.bg_extends));
29966+ atomic_read_unchecked(&osb->alloc_stats.bitmap_data),
29967+ atomic_read_unchecked(&osb->alloc_stats.local_data),
29968+ atomic_read_unchecked(&osb->alloc_stats.bg_allocs),
29969+ atomic_read_unchecked(&osb->alloc_stats.moves),
29970+ atomic_read_unchecked(&osb->alloc_stats.bg_extends));
29971
29972 out += snprintf(buf + out, len - out,
29973 "%10s => State: %u Descriptor: %llu Size: %u bits "
29974@@ -1998,11 +1998,11 @@ static int ocfs2_initialize_super(struct
29975 spin_lock_init(&osb->osb_xattr_lock);
29976 ocfs2_init_inode_steal_slot(osb);
29977
29978- atomic_set(&osb->alloc_stats.moves, 0);
29979- atomic_set(&osb->alloc_stats.local_data, 0);
29980- atomic_set(&osb->alloc_stats.bitmap_data, 0);
29981- atomic_set(&osb->alloc_stats.bg_allocs, 0);
29982- atomic_set(&osb->alloc_stats.bg_extends, 0);
29983+ atomic_set_unchecked(&osb->alloc_stats.moves, 0);
29984+ atomic_set_unchecked(&osb->alloc_stats.local_data, 0);
29985+ atomic_set_unchecked(&osb->alloc_stats.bitmap_data, 0);
29986+ atomic_set_unchecked(&osb->alloc_stats.bg_allocs, 0);
29987+ atomic_set_unchecked(&osb->alloc_stats.bg_extends, 0);
29988
29989 /* Copy the blockcheck stats from the superblock probe */
29990 osb->osb_ecc_stats = *stats;
29991diff -urNp linux-2.6.32.8/fs/open.c linux-2.6.32.8/fs/open.c
29992--- linux-2.6.32.8/fs/open.c 2010-02-09 07:57:19.000000000 -0500
29993+++ linux-2.6.32.8/fs/open.c 2010-02-13 21:45:10.685631253 -0500
29994@@ -206,6 +206,9 @@ int do_truncate(struct dentry *dentry, l
29995 if (length < 0)
29996 return -EINVAL;
29997
29998+ if (filp && !gr_acl_handle_truncate(dentry, filp->f_path.mnt))
29999+ return -EACCES;
30000+
30001 newattrs.ia_size = length;
30002 newattrs.ia_valid = ATTR_SIZE | time_attrs;
30003 if (filp) {
30004@@ -511,6 +514,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, con
30005 if (__mnt_is_readonly(path.mnt))
30006 res = -EROFS;
30007
30008+ if (!res && !gr_acl_handle_access(path.dentry, path.mnt, mode))
30009+ res = -EACCES;
30010+
30011 out_path_release:
30012 path_put(&path);
30013 out:
30014@@ -537,6 +543,8 @@ SYSCALL_DEFINE1(chdir, const char __user
30015 if (error)
30016 goto dput_and_out;
30017
30018+ gr_log_chdir(path.dentry, path.mnt);
30019+
30020 set_fs_pwd(current->fs, &path);
30021
30022 dput_and_out:
30023@@ -563,6 +571,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd
30024 goto out_putf;
30025
30026 error = inode_permission(inode, MAY_EXEC | MAY_ACCESS);
30027+
30028+ if (!error && !gr_chroot_fchdir(file->f_path.dentry, file->f_path.mnt))
30029+ error = -EPERM;
30030+
30031+ if (!error)
30032+ gr_log_chdir(file->f_path.dentry, file->f_path.mnt);
30033+
30034 if (!error)
30035 set_fs_pwd(current->fs, &file->f_path);
30036 out_putf:
30037@@ -588,7 +603,18 @@ SYSCALL_DEFINE1(chroot, const char __use
30038 if (!capable(CAP_SYS_CHROOT))
30039 goto dput_and_out;
30040
30041+ if (gr_handle_chroot_chroot(path.dentry, path.mnt))
30042+ goto dput_and_out;
30043+
30044+ if (gr_handle_chroot_caps(&path)) {
30045+ error = -ENOMEM;
30046+ goto dput_and_out;
30047+ }
30048+
30049 set_fs_root(current->fs, &path);
30050+
30051+ gr_handle_chroot_chdir(&path);
30052+
30053 error = 0;
30054 dput_and_out:
30055 path_put(&path);
30056@@ -616,13 +642,28 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
30057 err = mnt_want_write_file(file);
30058 if (err)
30059 goto out_putf;
30060+
30061+ if (!gr_acl_handle_fchmod(dentry, file->f_path.mnt, mode)) {
30062+ err = -EACCES;
30063+ goto out_drop_write;
30064+ }
30065+
30066 mutex_lock(&inode->i_mutex);
30067 if (mode == (mode_t) -1)
30068 mode = inode->i_mode;
30069+
30070+ if (gr_handle_chroot_chmod(dentry, file->f_path.mnt, mode)) {
30071+ err = -EPERM;
30072+ mutex_unlock(&inode->i_mutex);
30073+ goto out_drop_write;
30074+ }
30075+
30076 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
30077 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
30078 err = notify_change(dentry, &newattrs);
30079 mutex_unlock(&inode->i_mutex);
30080+
30081+out_drop_write:
30082 mnt_drop_write(file->f_path.mnt);
30083 out_putf:
30084 fput(file);
30085@@ -645,13 +686,28 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
30086 error = mnt_want_write(path.mnt);
30087 if (error)
30088 goto dput_and_out;
30089+
30090+ if (!gr_acl_handle_chmod(path.dentry, path.mnt, mode)) {
30091+ error = -EACCES;
30092+ goto out_drop_write;
30093+ }
30094+
30095 mutex_lock(&inode->i_mutex);
30096 if (mode == (mode_t) -1)
30097 mode = inode->i_mode;
30098+
30099+ if (gr_handle_chroot_chmod(path.dentry, path.mnt, mode)) {
30100+ error = -EACCES;
30101+ mutex_unlock(&inode->i_mutex);
30102+ goto out_drop_write;
30103+ }
30104+
30105 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
30106 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
30107 error = notify_change(path.dentry, &newattrs);
30108 mutex_unlock(&inode->i_mutex);
30109+
30110+out_drop_write:
30111 mnt_drop_write(path.mnt);
30112 dput_and_out:
30113 path_put(&path);
30114@@ -664,12 +720,15 @@ SYSCALL_DEFINE2(chmod, const char __user
30115 return sys_fchmodat(AT_FDCWD, filename, mode);
30116 }
30117
30118-static int chown_common(struct dentry * dentry, uid_t user, gid_t group)
30119+static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt)
30120 {
30121 struct inode *inode = dentry->d_inode;
30122 int error;
30123 struct iattr newattrs;
30124
30125+ if (!gr_acl_handle_chown(dentry, mnt))
30126+ return -EACCES;
30127+
30128 newattrs.ia_valid = ATTR_CTIME;
30129 if (user != (uid_t) -1) {
30130 newattrs.ia_valid |= ATTR_UID;
30131@@ -700,7 +759,7 @@ SYSCALL_DEFINE3(chown, const char __user
30132 error = mnt_want_write(path.mnt);
30133 if (error)
30134 goto out_release;
30135- error = chown_common(path.dentry, user, group);
30136+ error = chown_common(path.dentry, user, group, path.mnt);
30137 mnt_drop_write(path.mnt);
30138 out_release:
30139 path_put(&path);
30140@@ -725,7 +784,7 @@ SYSCALL_DEFINE5(fchownat, int, dfd, cons
30141 error = mnt_want_write(path.mnt);
30142 if (error)
30143 goto out_release;
30144- error = chown_common(path.dentry, user, group);
30145+ error = chown_common(path.dentry, user, group, path.mnt);
30146 mnt_drop_write(path.mnt);
30147 out_release:
30148 path_put(&path);
30149@@ -744,7 +803,7 @@ SYSCALL_DEFINE3(lchown, const char __use
30150 error = mnt_want_write(path.mnt);
30151 if (error)
30152 goto out_release;
30153- error = chown_common(path.dentry, user, group);
30154+ error = chown_common(path.dentry, user, group, path.mnt);
30155 mnt_drop_write(path.mnt);
30156 out_release:
30157 path_put(&path);
30158@@ -767,7 +826,7 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd
30159 goto out_fput;
30160 dentry = file->f_path.dentry;
30161 audit_inode(NULL, dentry);
30162- error = chown_common(dentry, user, group);
30163+ error = chown_common(dentry, user, group, file->f_path.mnt);
30164 mnt_drop_write(file->f_path.mnt);
30165 out_fput:
30166 fput(file);
30167diff -urNp linux-2.6.32.8/fs/pipe.c linux-2.6.32.8/fs/pipe.c
30168--- linux-2.6.32.8/fs/pipe.c 2010-02-09 07:57:19.000000000 -0500
30169+++ linux-2.6.32.8/fs/pipe.c 2010-02-13 21:45:10.685631253 -0500
30170@@ -401,9 +401,9 @@ redo:
30171 }
30172 if (bufs) /* More to do? */
30173 continue;
30174- if (!pipe->writers)
30175+ if (!atomic_read(&pipe->writers))
30176 break;
30177- if (!pipe->waiting_writers) {
30178+ if (!atomic_read(&pipe->waiting_writers)) {
30179 /* syscall merging: Usually we must not sleep
30180 * if O_NONBLOCK is set, or if we got some data.
30181 * But if a writer sleeps in kernel space, then
30182@@ -462,7 +462,7 @@ pipe_write(struct kiocb *iocb, const str
30183 mutex_lock(&inode->i_mutex);
30184 pipe = inode->i_pipe;
30185
30186- if (!pipe->readers) {
30187+ if (!atomic_read(&pipe->readers)) {
30188 send_sig(SIGPIPE, current, 0);
30189 ret = -EPIPE;
30190 goto out;
30191@@ -511,7 +511,7 @@ redo1:
30192 for (;;) {
30193 int bufs;
30194
30195- if (!pipe->readers) {
30196+ if (!atomic_read(&pipe->readers)) {
30197 send_sig(SIGPIPE, current, 0);
30198 if (!ret)
30199 ret = -EPIPE;
30200@@ -597,9 +597,9 @@ redo2:
30201 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
30202 do_wakeup = 0;
30203 }
30204- pipe->waiting_writers++;
30205+ atomic_inc(&pipe->waiting_writers);
30206 pipe_wait(pipe);
30207- pipe->waiting_writers--;
30208+ atomic_dec(&pipe->waiting_writers);
30209 }
30210 out:
30211 mutex_unlock(&inode->i_mutex);
30212@@ -666,7 +666,7 @@ pipe_poll(struct file *filp, poll_table
30213 mask = 0;
30214 if (filp->f_mode & FMODE_READ) {
30215 mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0;
30216- if (!pipe->writers && filp->f_version != pipe->w_counter)
30217+ if (!atomic_read(&pipe->writers) && filp->f_version != pipe->w_counter)
30218 mask |= POLLHUP;
30219 }
30220
30221@@ -676,7 +676,7 @@ pipe_poll(struct file *filp, poll_table
30222 * Most Unices do not set POLLERR for FIFOs but on Linux they
30223 * behave exactly like pipes for poll().
30224 */
30225- if (!pipe->readers)
30226+ if (!atomic_read(&pipe->readers))
30227 mask |= POLLERR;
30228 }
30229
30230@@ -690,10 +690,10 @@ pipe_release(struct inode *inode, int de
30231
30232 mutex_lock(&inode->i_mutex);
30233 pipe = inode->i_pipe;
30234- pipe->readers -= decr;
30235- pipe->writers -= decw;
30236+ atomic_sub(decr, &pipe->readers);
30237+ atomic_sub(decw, &pipe->writers);
30238
30239- if (!pipe->readers && !pipe->writers) {
30240+ if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) {
30241 free_pipe_info(inode);
30242 } else {
30243 wake_up_interruptible_sync(&pipe->wait);
30244@@ -783,7 +783,7 @@ pipe_read_open(struct inode *inode, stru
30245
30246 if (inode->i_pipe) {
30247 ret = 0;
30248- inode->i_pipe->readers++;
30249+ atomic_inc(&inode->i_pipe->readers);
30250 }
30251
30252 mutex_unlock(&inode->i_mutex);
30253@@ -800,7 +800,7 @@ pipe_write_open(struct inode *inode, str
30254
30255 if (inode->i_pipe) {
30256 ret = 0;
30257- inode->i_pipe->writers++;
30258+ atomic_inc(&inode->i_pipe->writers);
30259 }
30260
30261 mutex_unlock(&inode->i_mutex);
30262@@ -818,9 +818,9 @@ pipe_rdwr_open(struct inode *inode, stru
30263 if (inode->i_pipe) {
30264 ret = 0;
30265 if (filp->f_mode & FMODE_READ)
30266- inode->i_pipe->readers++;
30267+ atomic_inc(&inode->i_pipe->readers);
30268 if (filp->f_mode & FMODE_WRITE)
30269- inode->i_pipe->writers++;
30270+ atomic_inc(&inode->i_pipe->writers);
30271 }
30272
30273 mutex_unlock(&inode->i_mutex);
30274@@ -905,7 +905,7 @@ void free_pipe_info(struct inode *inode)
30275 inode->i_pipe = NULL;
30276 }
30277
30278-static struct vfsmount *pipe_mnt __read_mostly;
30279+struct vfsmount *pipe_mnt __read_mostly;
30280 static int pipefs_delete_dentry(struct dentry *dentry)
30281 {
30282 /*
30283@@ -945,7 +945,8 @@ static struct inode * get_pipe_inode(voi
30284 goto fail_iput;
30285 inode->i_pipe = pipe;
30286
30287- pipe->readers = pipe->writers = 1;
30288+ atomic_set(&pipe->readers, 1);
30289+ atomic_set(&pipe->writers, 1);
30290 inode->i_fop = &rdwr_pipefifo_fops;
30291
30292 /*
30293diff -urNp linux-2.6.32.8/fs/proc/array.c linux-2.6.32.8/fs/proc/array.c
30294--- linux-2.6.32.8/fs/proc/array.c 2010-02-09 07:57:19.000000000 -0500
30295+++ linux-2.6.32.8/fs/proc/array.c 2010-02-13 21:45:10.685631253 -0500
30296@@ -410,6 +410,21 @@ static void task_show_stack_usage(struct
30297 }
30298 #endif /* CONFIG_MMU */
30299
30300+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
30301+static inline void task_pax(struct seq_file *m, struct task_struct *p)
30302+{
30303+ if (p->mm)
30304+ seq_printf(m, "PaX:\t%c%c%c%c%c\n",
30305+ p->mm->pax_flags & MF_PAX_PAGEEXEC ? 'P' : 'p',
30306+ p->mm->pax_flags & MF_PAX_EMUTRAMP ? 'E' : 'e',
30307+ p->mm->pax_flags & MF_PAX_MPROTECT ? 'M' : 'm',
30308+ p->mm->pax_flags & MF_PAX_RANDMMAP ? 'R' : 'r',
30309+ p->mm->pax_flags & MF_PAX_SEGMEXEC ? 'S' : 's');
30310+ else
30311+ seq_printf(m, "PaX:\t-----\n");
30312+}
30313+#endif
30314+
30315 int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
30316 struct pid *pid, struct task_struct *task)
30317 {
30318@@ -430,9 +445,20 @@ int proc_pid_status(struct seq_file *m,
30319 #endif
30320 task_context_switch_counts(m, task);
30321 task_show_stack_usage(m, task);
30322+
30323+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
30324+ task_pax(m, task);
30325+#endif
30326+
30327 return 0;
30328 }
30329
30330+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30331+#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
30332+ (_mm->pax_flags & MF_PAX_RANDMMAP || \
30333+ _mm->pax_flags & MF_PAX_SEGMEXEC))
30334+#endif
30335+
30336 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
30337 struct pid *pid, struct task_struct *task, int whole)
30338 {
30339@@ -529,6 +555,19 @@ static int do_task_stat(struct seq_file
30340 gtime = task_gtime(task);
30341 }
30342
30343+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30344+ if (PAX_RAND_FLAGS(mm)) {
30345+ eip = 0;
30346+ esp = 0;
30347+ wchan = 0;
30348+ }
30349+#endif
30350+#ifdef CONFIG_GRKERNSEC_HIDESYM
30351+ wchan = 0;
30352+ eip =0;
30353+ esp =0;
30354+#endif
30355+
30356 /* scale priority and nice values from timeslices to -20..20 */
30357 /* to make it look like a "normal" Unix priority/nice value */
30358 priority = task_prio(task);
30359@@ -569,9 +608,15 @@ static int do_task_stat(struct seq_file
30360 vsize,
30361 mm ? get_mm_rss(mm) : 0,
30362 rsslim,
30363+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30364+ PAX_RAND_FLAGS(mm) ? 1 : (mm ? mm->start_code : 0),
30365+ PAX_RAND_FLAGS(mm) ? 1 : (mm ? mm->end_code : 0),
30366+ PAX_RAND_FLAGS(mm) ? 0 : ((permitted && mm) ? task->stack_start : 0),
30367+#else
30368 mm ? mm->start_code : 0,
30369 mm ? mm->end_code : 0,
30370 (permitted && mm) ? task->stack_start : 0,
30371+#endif
30372 esp,
30373 eip,
30374 /* The signal information here is obsolete.
30375@@ -624,3 +669,10 @@ int proc_pid_statm(struct seq_file *m, s
30376
30377 return 0;
30378 }
30379+
30380+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
30381+int proc_pid_ipaddr(struct task_struct *task, char *buffer)
30382+{
30383+ return sprintf(buffer, "%pI4\n", &task->signal->curr_ip);
30384+}
30385+#endif
30386diff -urNp linux-2.6.32.8/fs/proc/base.c linux-2.6.32.8/fs/proc/base.c
30387--- linux-2.6.32.8/fs/proc/base.c 2010-02-09 07:57:19.000000000 -0500
30388+++ linux-2.6.32.8/fs/proc/base.c 2010-02-13 21:45:10.687007868 -0500
30389@@ -102,6 +102,22 @@ struct pid_entry {
30390 union proc_op op;
30391 };
30392
30393+struct getdents_callback {
30394+ struct linux_dirent __user * current_dir;
30395+ struct linux_dirent __user * previous;
30396+ struct file * file;
30397+ int count;
30398+ int error;
30399+};
30400+
30401+static int gr_fake_filldir(void * __buf, const char *name, int namlen,
30402+ loff_t offset, u64 ino, unsigned int d_type)
30403+{
30404+ struct getdents_callback * buf = (struct getdents_callback *) __buf;
30405+ buf->error = -EINVAL;
30406+ return 0;
30407+}
30408+
30409 #define NOD(NAME, MODE, IOP, FOP, OP) { \
30410 .name = (NAME), \
30411 .len = sizeof(NAME) - 1, \
30412@@ -213,6 +229,9 @@ static int check_mem_permission(struct t
30413 if (task == current)
30414 return 0;
30415
30416+ if (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))
30417+ return -EPERM;
30418+
30419 /*
30420 * If current is actively ptrace'ing, and would also be
30421 * permitted to freshly attach with ptrace now, permit it.
30422@@ -260,6 +279,9 @@ static int proc_pid_cmdline(struct task_
30423 if (!mm->arg_end)
30424 goto out_mm; /* Shh! No looking before we're done */
30425
30426+ if (gr_acl_handle_procpidmem(task))
30427+ goto out_mm;
30428+
30429 len = mm->arg_end - mm->arg_start;
30430
30431 if (len > PAGE_SIZE)
30432@@ -287,12 +309,26 @@ out:
30433 return res;
30434 }
30435
30436+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30437+#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
30438+ (_mm->pax_flags & MF_PAX_RANDMMAP || \
30439+ _mm->pax_flags & MF_PAX_SEGMEXEC))
30440+#endif
30441+
30442 static int proc_pid_auxv(struct task_struct *task, char *buffer)
30443 {
30444 int res = 0;
30445 struct mm_struct *mm = get_task_mm(task);
30446 if (mm) {
30447 unsigned int nwords = 0;
30448+
30449+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30450+ if (PAX_RAND_FLAGS(mm)) {
30451+ mmput(mm);
30452+ return res;
30453+ }
30454+#endif
30455+
30456 do {
30457 nwords += 2;
30458 } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */
30459@@ -328,7 +364,7 @@ static int proc_pid_wchan(struct task_st
30460 }
30461 #endif /* CONFIG_KALLSYMS */
30462
30463-#ifdef CONFIG_STACKTRACE
30464+#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
30465
30466 #define MAX_STACK_TRACE_DEPTH 64
30467
30468@@ -521,7 +557,7 @@ static int proc_pid_limits(struct task_s
30469 return count;
30470 }
30471
30472-#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
30473+#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
30474 static int proc_pid_syscall(struct task_struct *task, char *buffer)
30475 {
30476 long nr;
30477@@ -935,6 +971,9 @@ static ssize_t environ_read(struct file
30478 if (!task)
30479 goto out_no_task;
30480
30481+ if (gr_acl_handle_procpidmem(task))
30482+ goto out;
30483+
30484 if (!ptrace_may_access(task, PTRACE_MODE_READ))
30485 goto out;
30486
30487@@ -1455,7 +1494,11 @@ static struct inode *proc_pid_make_inode
30488 rcu_read_lock();
30489 cred = __task_cred(task);
30490 inode->i_uid = cred->euid;
30491+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30492+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
30493+#else
30494 inode->i_gid = cred->egid;
30495+#endif
30496 rcu_read_unlock();
30497 }
30498 security_task_to_inode(task, inode);
30499@@ -1473,6 +1516,9 @@ static int pid_getattr(struct vfsmount *
30500 struct inode *inode = dentry->d_inode;
30501 struct task_struct *task;
30502 const struct cred *cred;
30503+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30504+ const struct cred *tmpcred = current_cred();
30505+#endif
30506
30507 generic_fillattr(inode, stat);
30508
30509@@ -1480,12 +1526,34 @@ static int pid_getattr(struct vfsmount *
30510 stat->uid = 0;
30511 stat->gid = 0;
30512 task = pid_task(proc_pid(inode), PIDTYPE_PID);
30513+
30514+ if (task && (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))) {
30515+ rcu_read_unlock();
30516+ return -ENOENT;
30517+ }
30518+
30519 if (task) {
30520+ cred = __task_cred(task);
30521+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30522+ if (!tmpcred->uid || (tmpcred->uid == cred->uid)
30523+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30524+ || in_group_p(CONFIG_GRKERNSEC_PROC_GID)
30525+#endif
30526+ )
30527+#endif
30528 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
30529+#ifdef CONFIG_GRKERNSEC_PROC_USER
30530+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
30531+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30532+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
30533+#endif
30534 task_dumpable(task)) {
30535- cred = __task_cred(task);
30536 stat->uid = cred->euid;
30537+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30538+ stat->gid = CONFIG_GRKERNSEC_PROC_GID;
30539+#else
30540 stat->gid = cred->egid;
30541+#endif
30542 }
30543 }
30544 rcu_read_unlock();
30545@@ -1517,11 +1585,20 @@ static int pid_revalidate(struct dentry
30546
30547 if (task) {
30548 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
30549+#ifdef CONFIG_GRKERNSEC_PROC_USER
30550+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
30551+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30552+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
30553+#endif
30554 task_dumpable(task)) {
30555 rcu_read_lock();
30556 cred = __task_cred(task);
30557 inode->i_uid = cred->euid;
30558+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30559+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
30560+#else
30561 inode->i_gid = cred->egid;
30562+#endif
30563 rcu_read_unlock();
30564 } else {
30565 inode->i_uid = 0;
30566@@ -1642,7 +1719,8 @@ static int proc_fd_info(struct inode *in
30567 int fd = proc_fd(inode);
30568
30569 if (task) {
30570- files = get_files_struct(task);
30571+ if (!gr_acl_handle_procpidmem(task))
30572+ files = get_files_struct(task);
30573 put_task_struct(task);
30574 }
30575 if (files) {
30576@@ -1894,12 +1972,22 @@ static const struct file_operations proc
30577 static int proc_fd_permission(struct inode *inode, int mask)
30578 {
30579 int rv;
30580+ struct task_struct *task;
30581
30582 rv = generic_permission(inode, mask, NULL);
30583- if (rv == 0)
30584- return 0;
30585+
30586 if (task_pid(current) == proc_pid(inode))
30587 rv = 0;
30588+
30589+ task = get_proc_task(inode);
30590+ if (task == NULL)
30591+ return rv;
30592+
30593+ if (gr_acl_handle_procpidmem(task))
30594+ rv = -EACCES;
30595+
30596+ put_task_struct(task);
30597+
30598 return rv;
30599 }
30600
30601@@ -2008,6 +2096,9 @@ static struct dentry *proc_pident_lookup
30602 if (!task)
30603 goto out_no_task;
30604
30605+ if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
30606+ goto out;
30607+
30608 /*
30609 * Yes, it does not scale. And it should not. Don't add
30610 * new entries into /proc/<tgid>/ without very good reasons.
30611@@ -2052,6 +2143,9 @@ static int proc_pident_readdir(struct fi
30612 if (!task)
30613 goto out_no_task;
30614
30615+ if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
30616+ goto out;
30617+
30618 ret = 0;
30619 i = filp->f_pos;
30620 switch (i) {
30621@@ -2418,6 +2512,9 @@ static struct dentry *proc_base_lookup(s
30622 if (p > last)
30623 goto out;
30624
30625+ if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
30626+ goto out;
30627+
30628 error = proc_base_instantiate(dir, dentry, task, p);
30629
30630 out:
30631@@ -2504,7 +2601,7 @@ static const struct pid_entry tgid_base_
30632 #ifdef CONFIG_SCHED_DEBUG
30633 REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
30634 #endif
30635-#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
30636+#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
30637 INF("syscall", S_IRUSR, proc_pid_syscall),
30638 #endif
30639 INF("cmdline", S_IRUGO, proc_pid_cmdline),
30640@@ -2532,7 +2629,7 @@ static const struct pid_entry tgid_base_
30641 #ifdef CONFIG_KALLSYMS
30642 INF("wchan", S_IRUGO, proc_pid_wchan),
30643 #endif
30644-#ifdef CONFIG_STACKTRACE
30645+#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
30646 ONE("stack", S_IRUSR, proc_pid_stack),
30647 #endif
30648 #ifdef CONFIG_SCHEDSTATS
30649@@ -2562,6 +2659,9 @@ static const struct pid_entry tgid_base_
30650 #ifdef CONFIG_TASK_IO_ACCOUNTING
30651 INF("io", S_IRUGO, proc_tgid_io_accounting),
30652 #endif
30653+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
30654+ INF("ipaddr", S_IRUSR, proc_pid_ipaddr),
30655+#endif
30656 };
30657
30658 static int proc_tgid_base_readdir(struct file * filp,
30659@@ -2686,7 +2786,14 @@ static struct dentry *proc_pid_instantia
30660 if (!inode)
30661 goto out;
30662
30663+#ifdef CONFIG_GRKERNSEC_PROC_USER
30664+ inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
30665+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30666+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
30667+ inode->i_mode = S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP;
30668+#else
30669 inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
30670+#endif
30671 inode->i_op = &proc_tgid_base_inode_operations;
30672 inode->i_fop = &proc_tgid_base_operations;
30673 inode->i_flags|=S_IMMUTABLE;
30674@@ -2728,7 +2835,11 @@ struct dentry *proc_pid_lookup(struct in
30675 if (!task)
30676 goto out;
30677
30678+ if (gr_check_hidden_task(task))
30679+ goto out_put_task;
30680+
30681 result = proc_pid_instantiate(dir, dentry, task, NULL);
30682+out_put_task:
30683 put_task_struct(task);
30684 out:
30685 return result;
30686@@ -2793,6 +2904,11 @@ int proc_pid_readdir(struct file * filp,
30687 {
30688 unsigned int nr = filp->f_pos - FIRST_PROCESS_ENTRY;
30689 struct task_struct *reaper = get_proc_task(filp->f_path.dentry->d_inode);
30690+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30691+ const struct cred *tmpcred = current_cred();
30692+ const struct cred *itercred;
30693+#endif
30694+ filldir_t __filldir = filldir;
30695 struct tgid_iter iter;
30696 struct pid_namespace *ns;
30697
30698@@ -2811,8 +2927,27 @@ int proc_pid_readdir(struct file * filp,
30699 for (iter = next_tgid(ns, iter);
30700 iter.task;
30701 iter.tgid += 1, iter = next_tgid(ns, iter)) {
30702+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30703+ rcu_read_lock();
30704+ itercred = __task_cred(iter.task);
30705+#endif
30706+ if (gr_pid_is_chrooted(iter.task) || gr_check_hidden_task(iter.task)
30707+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30708+ || (tmpcred->uid && (itercred->uid != tmpcred->uid)
30709+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30710+ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
30711+#endif
30712+ )
30713+#endif
30714+ )
30715+ __filldir = &gr_fake_filldir;
30716+ else
30717+ __filldir = filldir;
30718+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30719+ rcu_read_unlock();
30720+#endif
30721 filp->f_pos = iter.tgid + TGID_OFFSET;
30722- if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) {
30723+ if (proc_pid_fill_cache(filp, dirent, __filldir, iter) < 0) {
30724 put_task_struct(iter.task);
30725 goto out;
30726 }
30727@@ -2838,7 +2973,7 @@ static const struct pid_entry tid_base_s
30728 #ifdef CONFIG_SCHED_DEBUG
30729 REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
30730 #endif
30731-#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
30732+#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
30733 INF("syscall", S_IRUSR, proc_pid_syscall),
30734 #endif
30735 INF("cmdline", S_IRUGO, proc_pid_cmdline),
30736@@ -2865,7 +3000,7 @@ static const struct pid_entry tid_base_s
30737 #ifdef CONFIG_KALLSYMS
30738 INF("wchan", S_IRUGO, proc_pid_wchan),
30739 #endif
30740-#ifdef CONFIG_STACKTRACE
30741+#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
30742 ONE("stack", S_IRUSR, proc_pid_stack),
30743 #endif
30744 #ifdef CONFIG_SCHEDSTATS
30745diff -urNp linux-2.6.32.8/fs/proc/cmdline.c linux-2.6.32.8/fs/proc/cmdline.c
30746--- linux-2.6.32.8/fs/proc/cmdline.c 2010-02-09 07:57:19.000000000 -0500
30747+++ linux-2.6.32.8/fs/proc/cmdline.c 2010-02-13 21:45:10.687007868 -0500
30748@@ -23,7 +23,11 @@ static const struct file_operations cmdl
30749
30750 static int __init proc_cmdline_init(void)
30751 {
30752+#ifdef CONFIG_GRKERNSEC_PROC_ADD
30753+ proc_create_grsec("cmdline", 0, NULL, &cmdline_proc_fops);
30754+#else
30755 proc_create("cmdline", 0, NULL, &cmdline_proc_fops);
30756+#endif
30757 return 0;
30758 }
30759 module_init(proc_cmdline_init);
30760diff -urNp linux-2.6.32.8/fs/proc/devices.c linux-2.6.32.8/fs/proc/devices.c
30761--- linux-2.6.32.8/fs/proc/devices.c 2010-02-09 07:57:19.000000000 -0500
30762+++ linux-2.6.32.8/fs/proc/devices.c 2010-02-13 21:45:10.687007868 -0500
30763@@ -64,7 +64,11 @@ static const struct file_operations proc
30764
30765 static int __init proc_devices_init(void)
30766 {
30767+#ifdef CONFIG_GRKERNSEC_PROC_ADD
30768+ proc_create_grsec("devices", 0, NULL, &proc_devinfo_operations);
30769+#else
30770 proc_create("devices", 0, NULL, &proc_devinfo_operations);
30771+#endif
30772 return 0;
30773 }
30774 module_init(proc_devices_init);
30775diff -urNp linux-2.6.32.8/fs/proc/inode.c linux-2.6.32.8/fs/proc/inode.c
30776--- linux-2.6.32.8/fs/proc/inode.c 2010-02-09 07:57:19.000000000 -0500
30777+++ linux-2.6.32.8/fs/proc/inode.c 2010-02-13 21:45:10.687007868 -0500
30778@@ -457,7 +457,11 @@ struct inode *proc_get_inode(struct supe
30779 if (de->mode) {
30780 inode->i_mode = de->mode;
30781 inode->i_uid = de->uid;
30782+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30783+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
30784+#else
30785 inode->i_gid = de->gid;
30786+#endif
30787 }
30788 if (de->size)
30789 inode->i_size = de->size;
30790diff -urNp linux-2.6.32.8/fs/proc/internal.h linux-2.6.32.8/fs/proc/internal.h
30791--- linux-2.6.32.8/fs/proc/internal.h 2010-02-09 07:57:19.000000000 -0500
30792+++ linux-2.6.32.8/fs/proc/internal.h 2010-02-13 21:45:10.729725690 -0500
30793@@ -51,6 +51,9 @@ extern int proc_pid_status(struct seq_fi
30794 struct pid *pid, struct task_struct *task);
30795 extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
30796 struct pid *pid, struct task_struct *task);
30797+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
30798+extern int proc_pid_ipaddr(struct task_struct *task, char *buffer);
30799+#endif
30800 extern loff_t mem_lseek(struct file *file, loff_t offset, int orig);
30801
30802 extern const struct file_operations proc_maps_operations;
30803diff -urNp linux-2.6.32.8/fs/proc/Kconfig linux-2.6.32.8/fs/proc/Kconfig
30804--- linux-2.6.32.8/fs/proc/Kconfig 2010-02-09 07:57:19.000000000 -0500
30805+++ linux-2.6.32.8/fs/proc/Kconfig 2010-02-13 21:45:10.729725690 -0500
30806@@ -30,12 +30,12 @@ config PROC_FS
30807
30808 config PROC_KCORE
30809 bool "/proc/kcore support" if !ARM
30810- depends on PROC_FS && MMU
30811+ depends on PROC_FS && MMU && !GRKERNSEC_PROC_ADD
30812
30813 config PROC_VMCORE
30814 bool "/proc/vmcore support (EXPERIMENTAL)"
30815- depends on PROC_FS && CRASH_DUMP
30816- default y
30817+ depends on PROC_FS && CRASH_DUMP && !GRKERNSEC
30818+ default n
30819 help
30820 Exports the dump image of crashed kernel in ELF format.
30821
30822@@ -59,8 +59,8 @@ config PROC_SYSCTL
30823 limited in memory.
30824
30825 config PROC_PAGE_MONITOR
30826- default y
30827- depends on PROC_FS && MMU
30828+ default n
30829+ depends on PROC_FS && MMU && !GRKERNSEC
30830 bool "Enable /proc page monitoring" if EMBEDDED
30831 help
30832 Various /proc files exist to monitor process memory utilization:
30833diff -urNp linux-2.6.32.8/fs/proc/kcore.c linux-2.6.32.8/fs/proc/kcore.c
30834--- linux-2.6.32.8/fs/proc/kcore.c 2010-02-09 07:57:19.000000000 -0500
30835+++ linux-2.6.32.8/fs/proc/kcore.c 2010-02-13 21:45:10.729725690 -0500
30836@@ -541,6 +541,9 @@ read_kcore(struct file *file, char __use
30837
30838 static int open_kcore(struct inode *inode, struct file *filp)
30839 {
30840+#if defined(CONFIG_GRKERNSEC_PROC_ADD) || defined(CONFIG_GRKERNSEC_HIDESYM)
30841+ return -EPERM;
30842+#endif
30843 if (!capable(CAP_SYS_RAWIO))
30844 return -EPERM;
30845 if (kcore_need_update)
30846diff -urNp linux-2.6.32.8/fs/proc/meminfo.c linux-2.6.32.8/fs/proc/meminfo.c
30847--- linux-2.6.32.8/fs/proc/meminfo.c 2010-02-09 07:57:19.000000000 -0500
30848+++ linux-2.6.32.8/fs/proc/meminfo.c 2010-02-13 21:45:10.729725690 -0500
30849@@ -149,7 +149,7 @@ static int meminfo_proc_show(struct seq_
30850 vmi.used >> 10,
30851 vmi.largest_chunk >> 10
30852 #ifdef CONFIG_MEMORY_FAILURE
30853- ,atomic_long_read(&mce_bad_pages) << (PAGE_SHIFT - 10)
30854+ ,atomic_long_read_unchecked(&mce_bad_pages) << (PAGE_SHIFT - 10)
30855 #endif
30856 );
30857
30858diff -urNp linux-2.6.32.8/fs/proc/nommu.c linux-2.6.32.8/fs/proc/nommu.c
30859--- linux-2.6.32.8/fs/proc/nommu.c 2010-02-09 07:57:19.000000000 -0500
30860+++ linux-2.6.32.8/fs/proc/nommu.c 2010-02-13 21:45:10.729725690 -0500
30861@@ -67,7 +67,7 @@ static int nommu_region_show(struct seq_
30862 if (len < 1)
30863 len = 1;
30864 seq_printf(m, "%*c", len, ' ');
30865- seq_path(m, &file->f_path, "");
30866+ seq_path(m, &file->f_path, "\n\\");
30867 }
30868
30869 seq_putc(m, '\n');
30870diff -urNp linux-2.6.32.8/fs/proc/proc_net.c linux-2.6.32.8/fs/proc/proc_net.c
30871--- linux-2.6.32.8/fs/proc/proc_net.c 2010-02-09 07:57:19.000000000 -0500
30872+++ linux-2.6.32.8/fs/proc/proc_net.c 2010-02-13 21:45:10.729725690 -0500
30873@@ -104,6 +104,17 @@ static struct net *get_proc_task_net(str
30874 struct task_struct *task;
30875 struct nsproxy *ns;
30876 struct net *net = NULL;
30877+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30878+ const struct cred *cred = current_cred();
30879+#endif
30880+
30881+#ifdef CONFIG_GRKERNSEC_PROC_USER
30882+ if (cred->fsuid)
30883+ return net;
30884+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30885+ if (cred->fsuid && !in_group_p(CONFIG_GRKERNSEC_PROC_GID))
30886+ return net;
30887+#endif
30888
30889 rcu_read_lock();
30890 task = pid_task(proc_pid(dir), PIDTYPE_PID);
30891diff -urNp linux-2.6.32.8/fs/proc/proc_sysctl.c linux-2.6.32.8/fs/proc/proc_sysctl.c
30892--- linux-2.6.32.8/fs/proc/proc_sysctl.c 2010-02-09 07:57:19.000000000 -0500
30893+++ linux-2.6.32.8/fs/proc/proc_sysctl.c 2010-02-13 21:45:10.730996248 -0500
30894@@ -7,6 +7,8 @@
30895 #include <linux/security.h>
30896 #include "internal.h"
30897
30898+extern __u32 gr_handle_sysctl(const struct ctl_table *table, const int op);
30899+
30900 static const struct dentry_operations proc_sys_dentry_operations;
30901 static const struct file_operations proc_sys_file_operations;
30902 static const struct inode_operations proc_sys_inode_operations;
30903@@ -109,6 +111,9 @@ static struct dentry *proc_sys_lookup(st
30904 if (!p)
30905 goto out;
30906
30907+ if (gr_handle_sysctl(p, MAY_EXEC))
30908+ goto out;
30909+
30910 err = ERR_PTR(-ENOMEM);
30911 inode = proc_sys_make_inode(dir->i_sb, h ? h : head, p);
30912 if (h)
30913@@ -228,6 +233,9 @@ static int scan(struct ctl_table_header
30914 if (*pos < file->f_pos)
30915 continue;
30916
30917+ if (gr_handle_sysctl(table, 0))
30918+ continue;
30919+
30920 res = proc_sys_fill_cache(file, dirent, filldir, head, table);
30921 if (res)
30922 return res;
30923@@ -344,6 +352,9 @@ static int proc_sys_getattr(struct vfsmo
30924 if (IS_ERR(head))
30925 return PTR_ERR(head);
30926
30927+ if (table && gr_handle_sysctl(table, MAY_EXEC))
30928+ return -ENOENT;
30929+
30930 generic_fillattr(inode, stat);
30931 if (table)
30932 stat->mode = (stat->mode & S_IFMT) | table->mode;
30933diff -urNp linux-2.6.32.8/fs/proc/root.c linux-2.6.32.8/fs/proc/root.c
30934--- linux-2.6.32.8/fs/proc/root.c 2010-02-09 07:57:19.000000000 -0500
30935+++ linux-2.6.32.8/fs/proc/root.c 2010-02-13 21:45:10.730996248 -0500
30936@@ -134,7 +134,15 @@ void __init proc_root_init(void)
30937 #ifdef CONFIG_PROC_DEVICETREE
30938 proc_device_tree_init();
30939 #endif
30940+#ifdef CONFIG_GRKERNSEC_PROC_ADD
30941+#ifdef CONFIG_GRKERNSEC_PROC_USER
30942+ proc_mkdir_mode("bus", S_IRUSR | S_IXUSR, NULL);
30943+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30944+ proc_mkdir_mode("bus", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
30945+#endif
30946+#else
30947 proc_mkdir("bus", NULL);
30948+#endif
30949 proc_sys_init();
30950 }
30951
30952diff -urNp linux-2.6.32.8/fs/proc/task_mmu.c linux-2.6.32.8/fs/proc/task_mmu.c
30953--- linux-2.6.32.8/fs/proc/task_mmu.c 2010-02-09 07:57:19.000000000 -0500
30954+++ linux-2.6.32.8/fs/proc/task_mmu.c 2010-02-13 21:45:10.730996248 -0500
30955@@ -46,15 +46,26 @@ void task_mem(struct seq_file *m, struct
30956 "VmStk:\t%8lu kB\n"
30957 "VmExe:\t%8lu kB\n"
30958 "VmLib:\t%8lu kB\n"
30959- "VmPTE:\t%8lu kB\n",
30960- hiwater_vm << (PAGE_SHIFT-10),
30961+ "VmPTE:\t%8lu kB\n"
30962+
30963+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
30964+ "CsBase:\t%8lx\nCsLim:\t%8lx\n"
30965+#endif
30966+
30967+ ,hiwater_vm << (PAGE_SHIFT-10),
30968 (total_vm - mm->reserved_vm) << (PAGE_SHIFT-10),
30969 mm->locked_vm << (PAGE_SHIFT-10),
30970 hiwater_rss << (PAGE_SHIFT-10),
30971 total_rss << (PAGE_SHIFT-10),
30972 data << (PAGE_SHIFT-10),
30973 mm->stack_vm << (PAGE_SHIFT-10), text, lib,
30974- (PTRS_PER_PTE*sizeof(pte_t)*mm->nr_ptes) >> 10);
30975+ (PTRS_PER_PTE*sizeof(pte_t)*mm->nr_ptes) >> 10
30976+
30977+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
30978+ , mm->context.user_cs_base, mm->context.user_cs_limit
30979+#endif
30980+
30981+ );
30982 }
30983
30984 unsigned long task_vsize(struct mm_struct *mm)
30985@@ -199,6 +210,12 @@ static int do_maps_open(struct inode *in
30986 return ret;
30987 }
30988
30989+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30990+#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
30991+ (_mm->pax_flags & MF_PAX_RANDMMAP || \
30992+ _mm->pax_flags & MF_PAX_SEGMEXEC))
30993+#endif
30994+
30995 static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma)
30996 {
30997 struct mm_struct *mm = vma->vm_mm;
30998@@ -217,13 +234,22 @@ static void show_map_vma(struct seq_file
30999 }
31000
31001 seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu %n",
31002+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
31003+ PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_start,
31004+ PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_end,
31005+#else
31006 vma->vm_start,
31007 vma->vm_end,
31008+#endif
31009 flags & VM_READ ? 'r' : '-',
31010 flags & VM_WRITE ? 'w' : '-',
31011 flags & VM_EXEC ? 'x' : '-',
31012 flags & VM_MAYSHARE ? 's' : 'p',
31013+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
31014+ PAX_RAND_FLAGS(mm) ? 0UL : pgoff,
31015+#else
31016 pgoff,
31017+#endif
31018 MAJOR(dev), MINOR(dev), ino, &len);
31019
31020 /*
31021@@ -232,16 +258,16 @@ static void show_map_vma(struct seq_file
31022 */
31023 if (file) {
31024 pad_len_spaces(m, len);
31025- seq_path(m, &file->f_path, "\n");
31026+ seq_path(m, &file->f_path, "\n\\");
31027 } else {
31028 const char *name = arch_vma_name(vma);
31029 if (!name) {
31030 if (mm) {
31031- if (vma->vm_start <= mm->start_brk &&
31032- vma->vm_end >= mm->brk) {
31033+ if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) {
31034 name = "[heap]";
31035- } else if (vma->vm_start <= mm->start_stack &&
31036- vma->vm_end >= mm->start_stack) {
31037+ } else if ((vma->vm_flags & (VM_GROWSDOWN | VM_GROWSUP)) ||
31038+ (vma->vm_start <= mm->start_stack &&
31039+ vma->vm_end >= mm->start_stack)) {
31040 name = "[stack]";
31041 } else {
31042 unsigned long stack_start;
31043@@ -403,9 +429,16 @@ static int show_smap(struct seq_file *m,
31044 };
31045
31046 memset(&mss, 0, sizeof mss);
31047- mss.vma = vma;
31048- if (vma->vm_mm && !is_vm_hugetlb_page(vma))
31049- walk_page_range(vma->vm_start, vma->vm_end, &smaps_walk);
31050+
31051+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
31052+ if (!PAX_RAND_FLAGS(vma->vm_mm)) {
31053+#endif
31054+ mss.vma = vma;
31055+ if (vma->vm_mm && !is_vm_hugetlb_page(vma))
31056+ walk_page_range(vma->vm_start, vma->vm_end, &smaps_walk);
31057+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
31058+ }
31059+#endif
31060
31061 show_map_vma(m, vma);
31062
31063@@ -421,7 +454,11 @@ static int show_smap(struct seq_file *m,
31064 "Swap: %8lu kB\n"
31065 "KernelPageSize: %8lu kB\n"
31066 "MMUPageSize: %8lu kB\n",
31067+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
31068+ PAX_RAND_FLAGS(vma->vm_mm) ? 0UL : (vma->vm_end - vma->vm_start) >> 10,
31069+#else
31070 (vma->vm_end - vma->vm_start) >> 10,
31071+#endif
31072 mss.resident >> 10,
31073 (unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
31074 mss.shared_clean >> 10,
31075diff -urNp linux-2.6.32.8/fs/proc/task_nommu.c linux-2.6.32.8/fs/proc/task_nommu.c
31076--- linux-2.6.32.8/fs/proc/task_nommu.c 2010-02-09 07:57:19.000000000 -0500
31077+++ linux-2.6.32.8/fs/proc/task_nommu.c 2010-02-13 21:45:10.731753900 -0500
31078@@ -50,7 +50,7 @@ void task_mem(struct seq_file *m, struct
31079 else
31080 bytes += kobjsize(mm);
31081
31082- if (current->fs && current->fs->users > 1)
31083+ if (current->fs && atomic_read(&current->fs->users) > 1)
31084 sbytes += kobjsize(current->fs);
31085 else
31086 bytes += kobjsize(current->fs);
31087@@ -154,7 +154,7 @@ static int nommu_vma_show(struct seq_fil
31088 if (len < 1)
31089 len = 1;
31090 seq_printf(m, "%*c", len, ' ');
31091- seq_path(m, &file->f_path, "");
31092+ seq_path(m, &file->f_path, "\n\\");
31093 }
31094
31095 seq_putc(m, '\n');
31096diff -urNp linux-2.6.32.8/fs/readdir.c linux-2.6.32.8/fs/readdir.c
31097--- linux-2.6.32.8/fs/readdir.c 2010-02-09 07:57:19.000000000 -0500
31098+++ linux-2.6.32.8/fs/readdir.c 2010-02-13 21:45:10.731753900 -0500
31099@@ -16,6 +16,7 @@
31100 #include <linux/security.h>
31101 #include <linux/syscalls.h>
31102 #include <linux/unistd.h>
31103+#include <linux/namei.h>
31104
31105 #include <asm/uaccess.h>
31106
31107@@ -67,6 +68,7 @@ struct old_linux_dirent {
31108
31109 struct readdir_callback {
31110 struct old_linux_dirent __user * dirent;
31111+ struct file * file;
31112 int result;
31113 };
31114
31115@@ -84,6 +86,10 @@ static int fillonedir(void * __buf, cons
31116 buf->result = -EOVERFLOW;
31117 return -EOVERFLOW;
31118 }
31119+
31120+ if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
31121+ return 0;
31122+
31123 buf->result++;
31124 dirent = buf->dirent;
31125 if (!access_ok(VERIFY_WRITE, dirent,
31126@@ -116,6 +122,7 @@ SYSCALL_DEFINE3(old_readdir, unsigned in
31127
31128 buf.result = 0;
31129 buf.dirent = dirent;
31130+ buf.file = file;
31131
31132 error = vfs_readdir(file, fillonedir, &buf);
31133 if (buf.result)
31134@@ -142,6 +149,7 @@ struct linux_dirent {
31135 struct getdents_callback {
31136 struct linux_dirent __user * current_dir;
31137 struct linux_dirent __user * previous;
31138+ struct file * file;
31139 int count;
31140 int error;
31141 };
31142@@ -162,6 +170,10 @@ static int filldir(void * __buf, const c
31143 buf->error = -EOVERFLOW;
31144 return -EOVERFLOW;
31145 }
31146+
31147+ if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
31148+ return 0;
31149+
31150 dirent = buf->previous;
31151 if (dirent) {
31152 if (__put_user(offset, &dirent->d_off))
31153@@ -209,6 +221,7 @@ SYSCALL_DEFINE3(getdents, unsigned int,
31154 buf.previous = NULL;
31155 buf.count = count;
31156 buf.error = 0;
31157+ buf.file = file;
31158
31159 error = vfs_readdir(file, filldir, &buf);
31160 if (error >= 0)
31161@@ -228,6 +241,7 @@ out:
31162 struct getdents_callback64 {
31163 struct linux_dirent64 __user * current_dir;
31164 struct linux_dirent64 __user * previous;
31165+ struct file *file;
31166 int count;
31167 int error;
31168 };
31169@@ -242,6 +256,10 @@ static int filldir64(void * __buf, const
31170 buf->error = -EINVAL; /* only used if we fail.. */
31171 if (reclen > buf->count)
31172 return -EINVAL;
31173+
31174+ if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
31175+ return 0;
31176+
31177 dirent = buf->previous;
31178 if (dirent) {
31179 if (__put_user(offset, &dirent->d_off))
31180@@ -289,6 +307,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int
31181
31182 buf.current_dir = dirent;
31183 buf.previous = NULL;
31184+ buf.file = file;
31185 buf.count = count;
31186 buf.error = 0;
31187
31188diff -urNp linux-2.6.32.8/fs/reiserfs/do_balan.c linux-2.6.32.8/fs/reiserfs/do_balan.c
31189--- linux-2.6.32.8/fs/reiserfs/do_balan.c 2010-02-09 07:57:19.000000000 -0500
31190+++ linux-2.6.32.8/fs/reiserfs/do_balan.c 2010-02-13 21:45:10.731753900 -0500
31191@@ -2058,7 +2058,7 @@ void do_balance(struct tree_balance *tb,
31192 return;
31193 }
31194
31195- atomic_inc(&(fs_generation(tb->tb_sb)));
31196+ atomic_inc_unchecked(&(fs_generation(tb->tb_sb)));
31197 do_balance_starts(tb);
31198
31199 /* balance leaf returns 0 except if combining L R and S into
31200diff -urNp linux-2.6.32.8/fs/reiserfs/item_ops.c linux-2.6.32.8/fs/reiserfs/item_ops.c
31201--- linux-2.6.32.8/fs/reiserfs/item_ops.c 2010-02-09 07:57:19.000000000 -0500
31202+++ linux-2.6.32.8/fs/reiserfs/item_ops.c 2010-02-13 21:45:10.732792506 -0500
31203@@ -102,7 +102,7 @@ static void sd_print_vi(struct virtual_i
31204 vi->vi_index, vi->vi_type, vi->vi_ih);
31205 }
31206
31207-static struct item_operations stat_data_ops = {
31208+static const struct item_operations stat_data_ops = {
31209 .bytes_number = sd_bytes_number,
31210 .decrement_key = sd_decrement_key,
31211 .is_left_mergeable = sd_is_left_mergeable,
31212@@ -196,7 +196,7 @@ static void direct_print_vi(struct virtu
31213 vi->vi_index, vi->vi_type, vi->vi_ih);
31214 }
31215
31216-static struct item_operations direct_ops = {
31217+static const struct item_operations direct_ops = {
31218 .bytes_number = direct_bytes_number,
31219 .decrement_key = direct_decrement_key,
31220 .is_left_mergeable = direct_is_left_mergeable,
31221@@ -341,7 +341,7 @@ static void indirect_print_vi(struct vir
31222 vi->vi_index, vi->vi_type, vi->vi_ih);
31223 }
31224
31225-static struct item_operations indirect_ops = {
31226+static const struct item_operations indirect_ops = {
31227 .bytes_number = indirect_bytes_number,
31228 .decrement_key = indirect_decrement_key,
31229 .is_left_mergeable = indirect_is_left_mergeable,
31230@@ -628,7 +628,7 @@ static void direntry_print_vi(struct vir
31231 printk("\n");
31232 }
31233
31234-static struct item_operations direntry_ops = {
31235+static const struct item_operations direntry_ops = {
31236 .bytes_number = direntry_bytes_number,
31237 .decrement_key = direntry_decrement_key,
31238 .is_left_mergeable = direntry_is_left_mergeable,
31239@@ -724,7 +724,7 @@ static void errcatch_print_vi(struct vir
31240 "Invalid item type observed, run fsck ASAP");
31241 }
31242
31243-static struct item_operations errcatch_ops = {
31244+static const struct item_operations errcatch_ops = {
31245 errcatch_bytes_number,
31246 errcatch_decrement_key,
31247 errcatch_is_left_mergeable,
31248@@ -746,7 +746,7 @@ static struct item_operations errcatch_o
31249 #error Item types must use disk-format assigned values.
31250 #endif
31251
31252-struct item_operations *item_ops[TYPE_ANY + 1] = {
31253+const struct item_operations * const item_ops[TYPE_ANY + 1] = {
31254 &stat_data_ops,
31255 &indirect_ops,
31256 &direct_ops,
31257diff -urNp linux-2.6.32.8/fs/reiserfs/procfs.c linux-2.6.32.8/fs/reiserfs/procfs.c
31258--- linux-2.6.32.8/fs/reiserfs/procfs.c 2010-02-09 07:57:19.000000000 -0500
31259+++ linux-2.6.32.8/fs/reiserfs/procfs.c 2010-02-13 21:45:10.732792506 -0500
31260@@ -123,7 +123,7 @@ static int show_super(struct seq_file *m
31261 "SMALL_TAILS " : "NO_TAILS ",
31262 replay_only(sb) ? "REPLAY_ONLY " : "",
31263 convert_reiserfs(sb) ? "CONV " : "",
31264- atomic_read(&r->s_generation_counter),
31265+ atomic_read_unchecked(&r->s_generation_counter),
31266 SF(s_disk_reads), SF(s_disk_writes), SF(s_fix_nodes),
31267 SF(s_do_balance), SF(s_unneeded_left_neighbor),
31268 SF(s_good_search_by_key_reada), SF(s_bmaps),
31269diff -urNp linux-2.6.32.8/fs/select.c linux-2.6.32.8/fs/select.c
31270--- linux-2.6.32.8/fs/select.c 2010-02-09 07:57:19.000000000 -0500
31271+++ linux-2.6.32.8/fs/select.c 2010-02-13 21:45:10.732792506 -0500
31272@@ -20,6 +20,7 @@
31273 #include <linux/module.h>
31274 #include <linux/slab.h>
31275 #include <linux/poll.h>
31276+#include <linux/security.h>
31277 #include <linux/personality.h> /* for STICKY_TIMEOUTS */
31278 #include <linux/file.h>
31279 #include <linux/fdtable.h>
31280@@ -821,6 +822,7 @@ int do_sys_poll(struct pollfd __user *uf
31281 struct poll_list *walk = head;
31282 unsigned long todo = nfds;
31283
31284+ gr_learn_resource(current, RLIMIT_NOFILE, nfds, 1);
31285 if (nfds > current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
31286 return -EINVAL;
31287
31288diff -urNp linux-2.6.32.8/fs/seq_file.c linux-2.6.32.8/fs/seq_file.c
31289--- linux-2.6.32.8/fs/seq_file.c 2010-02-09 07:57:19.000000000 -0500
31290+++ linux-2.6.32.8/fs/seq_file.c 2010-02-13 21:45:10.732792506 -0500
31291@@ -76,7 +76,8 @@ static int traverse(struct seq_file *m,
31292 return 0;
31293 }
31294 if (!m->buf) {
31295- m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
31296+ m->size = PAGE_SIZE;
31297+ m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
31298 if (!m->buf)
31299 return -ENOMEM;
31300 }
31301@@ -116,7 +117,8 @@ static int traverse(struct seq_file *m,
31302 Eoverflow:
31303 m->op->stop(m, p);
31304 kfree(m->buf);
31305- m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
31306+ m->size <<= 1;
31307+ m->buf = kmalloc(m->size, GFP_KERNEL);
31308 return !m->buf ? -ENOMEM : -EAGAIN;
31309 }
31310
31311@@ -169,7 +171,8 @@ ssize_t seq_read(struct file *file, char
31312 m->version = file->f_version;
31313 /* grab buffer if we didn't have one */
31314 if (!m->buf) {
31315- m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
31316+ m->size = PAGE_SIZE;
31317+ m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
31318 if (!m->buf)
31319 goto Enomem;
31320 }
31321@@ -210,7 +213,8 @@ ssize_t seq_read(struct file *file, char
31322 goto Fill;
31323 m->op->stop(m, p);
31324 kfree(m->buf);
31325- m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
31326+ m->size <<= 1;
31327+ m->buf = kmalloc(m->size, GFP_KERNEL);
31328 if (!m->buf)
31329 goto Enomem;
31330 m->count = 0;
31331diff -urNp linux-2.6.32.8/fs/smbfs/symlink.c linux-2.6.32.8/fs/smbfs/symlink.c
31332--- linux-2.6.32.8/fs/smbfs/symlink.c 2010-02-09 07:57:19.000000000 -0500
31333+++ linux-2.6.32.8/fs/smbfs/symlink.c 2010-02-13 21:45:10.734003722 -0500
31334@@ -55,7 +55,7 @@ static void *smb_follow_link(struct dent
31335
31336 static void smb_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
31337 {
31338- char *s = nd_get_link(nd);
31339+ const char *s = nd_get_link(nd);
31340 if (!IS_ERR(s))
31341 __putname(s);
31342 }
31343diff -urNp linux-2.6.32.8/fs/splice.c linux-2.6.32.8/fs/splice.c
31344--- linux-2.6.32.8/fs/splice.c 2010-02-09 07:57:19.000000000 -0500
31345+++ linux-2.6.32.8/fs/splice.c 2010-02-13 21:45:10.734003722 -0500
31346@@ -185,7 +185,7 @@ ssize_t splice_to_pipe(struct pipe_inode
31347 pipe_lock(pipe);
31348
31349 for (;;) {
31350- if (!pipe->readers) {
31351+ if (!atomic_read(&pipe->readers)) {
31352 send_sig(SIGPIPE, current, 0);
31353 if (!ret)
31354 ret = -EPIPE;
31355@@ -239,9 +239,9 @@ ssize_t splice_to_pipe(struct pipe_inode
31356 do_wakeup = 0;
31357 }
31358
31359- pipe->waiting_writers++;
31360+ atomic_inc(&pipe->waiting_writers);
31361 pipe_wait(pipe);
31362- pipe->waiting_writers--;
31363+ atomic_dec(&pipe->waiting_writers);
31364 }
31365
31366 pipe_unlock(pipe);
31367@@ -531,7 +531,7 @@ static ssize_t kernel_readv(struct file
31368 old_fs = get_fs();
31369 set_fs(get_ds());
31370 /* The cast to a user pointer is valid due to the set_fs() */
31371- res = vfs_readv(file, (const struct iovec __user *)vec, vlen, &pos);
31372+ res = vfs_readv(file, (__force const struct iovec __user *)vec, vlen, &pos);
31373 set_fs(old_fs);
31374
31375 return res;
31376@@ -546,7 +546,7 @@ static ssize_t kernel_write(struct file
31377 old_fs = get_fs();
31378 set_fs(get_ds());
31379 /* The cast to a user pointer is valid due to the set_fs() */
31380- res = vfs_write(file, (const char __user *)buf, count, &pos);
31381+ res = vfs_write(file, (__force const char __user *)buf, count, &pos);
31382 set_fs(old_fs);
31383
31384 return res;
31385@@ -588,7 +588,7 @@ ssize_t default_file_splice_read(struct
31386 goto err;
31387
31388 this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset);
31389- vec[i].iov_base = (void __user *) page_address(page);
31390+ vec[i].iov_base = (__force void __user *) page_address(page);
31391 vec[i].iov_len = this_len;
31392 pages[i] = page;
31393 spd.nr_pages++;
31394@@ -808,10 +808,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
31395 int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
31396 {
31397 while (!pipe->nrbufs) {
31398- if (!pipe->writers)
31399+ if (!atomic_read(&pipe->writers))
31400 return 0;
31401
31402- if (!pipe->waiting_writers && sd->num_spliced)
31403+ if (!atomic_read(&pipe->waiting_writers) && sd->num_spliced)
31404 return 0;
31405
31406 if (sd->flags & SPLICE_F_NONBLOCK)
31407@@ -1146,7 +1146,7 @@ ssize_t splice_direct_to_actor(struct fi
31408 * out of the pipe right after the splice_to_pipe(). So set
31409 * PIPE_READERS appropriately.
31410 */
31411- pipe->readers = 1;
31412+ atomic_set(&pipe->readers, 1);
31413
31414 current->splice_pipe = pipe;
31415 }
31416@@ -1704,9 +1704,9 @@ static int ipipe_prep(struct pipe_inode_
31417 ret = -ERESTARTSYS;
31418 break;
31419 }
31420- if (!pipe->writers)
31421+ if (!atomic_read(&pipe->writers))
31422 break;
31423- if (!pipe->waiting_writers) {
31424+ if (!atomic_read(&pipe->waiting_writers)) {
31425 if (flags & SPLICE_F_NONBLOCK) {
31426 ret = -EAGAIN;
31427 break;
31428@@ -1738,7 +1738,7 @@ static int opipe_prep(struct pipe_inode_
31429 pipe_lock(pipe);
31430
31431 while (pipe->nrbufs >= PIPE_BUFFERS) {
31432- if (!pipe->readers) {
31433+ if (!atomic_read(&pipe->readers)) {
31434 send_sig(SIGPIPE, current, 0);
31435 ret = -EPIPE;
31436 break;
31437@@ -1751,9 +1751,9 @@ static int opipe_prep(struct pipe_inode_
31438 ret = -ERESTARTSYS;
31439 break;
31440 }
31441- pipe->waiting_writers++;
31442+ atomic_inc(&pipe->waiting_writers);
31443 pipe_wait(pipe);
31444- pipe->waiting_writers--;
31445+ atomic_dec(&pipe->waiting_writers);
31446 }
31447
31448 pipe_unlock(pipe);
31449@@ -1789,14 +1789,14 @@ retry:
31450 pipe_double_lock(ipipe, opipe);
31451
31452 do {
31453- if (!opipe->readers) {
31454+ if (!atomic_read(&opipe->readers)) {
31455 send_sig(SIGPIPE, current, 0);
31456 if (!ret)
31457 ret = -EPIPE;
31458 break;
31459 }
31460
31461- if (!ipipe->nrbufs && !ipipe->writers)
31462+ if (!ipipe->nrbufs && !atomic_read(&ipipe->writers))
31463 break;
31464
31465 /*
31466@@ -1896,7 +1896,7 @@ static int link_pipe(struct pipe_inode_i
31467 pipe_double_lock(ipipe, opipe);
31468
31469 do {
31470- if (!opipe->readers) {
31471+ if (!atomic_read(&opipe->readers)) {
31472 send_sig(SIGPIPE, current, 0);
31473 if (!ret)
31474 ret = -EPIPE;
31475@@ -1941,7 +1941,7 @@ static int link_pipe(struct pipe_inode_i
31476 * return EAGAIN if we have the potential of some data in the
31477 * future, otherwise just return 0
31478 */
31479- if (!ret && ipipe->waiting_writers && (flags & SPLICE_F_NONBLOCK))
31480+ if (!ret && atomic_read(&ipipe->waiting_writers) && (flags & SPLICE_F_NONBLOCK))
31481 ret = -EAGAIN;
31482
31483 pipe_unlock(ipipe);
31484diff -urNp linux-2.6.32.8/fs/sysfs/file.c linux-2.6.32.8/fs/sysfs/file.c
31485--- linux-2.6.32.8/fs/sysfs/file.c 2010-02-09 07:57:19.000000000 -0500
31486+++ linux-2.6.32.8/fs/sysfs/file.c 2010-02-13 21:45:10.734003722 -0500
31487@@ -53,7 +53,7 @@ struct sysfs_buffer {
31488 size_t count;
31489 loff_t pos;
31490 char * page;
31491- struct sysfs_ops * ops;
31492+ const struct sysfs_ops * ops;
31493 struct mutex mutex;
31494 int needs_read_fill;
31495 int event;
31496@@ -75,7 +75,7 @@ static int fill_read_buffer(struct dentr
31497 {
31498 struct sysfs_dirent *attr_sd = dentry->d_fsdata;
31499 struct kobject *kobj = attr_sd->s_parent->s_dir.kobj;
31500- struct sysfs_ops * ops = buffer->ops;
31501+ const struct sysfs_ops * ops = buffer->ops;
31502 int ret = 0;
31503 ssize_t count;
31504
31505@@ -199,7 +199,7 @@ flush_write_buffer(struct dentry * dentr
31506 {
31507 struct sysfs_dirent *attr_sd = dentry->d_fsdata;
31508 struct kobject *kobj = attr_sd->s_parent->s_dir.kobj;
31509- struct sysfs_ops * ops = buffer->ops;
31510+ const struct sysfs_ops * ops = buffer->ops;
31511 int rc;
31512
31513 /* need attr_sd for attr and ops, its parent for kobj */
31514@@ -335,7 +335,7 @@ static int sysfs_open_file(struct inode
31515 struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata;
31516 struct kobject *kobj = attr_sd->s_parent->s_dir.kobj;
31517 struct sysfs_buffer *buffer;
31518- struct sysfs_ops *ops;
31519+ const struct sysfs_ops *ops;
31520 int error = -EACCES;
31521 char *p;
31522
31523diff -urNp linux-2.6.32.8/fs/sysfs/symlink.c linux-2.6.32.8/fs/sysfs/symlink.c
31524--- linux-2.6.32.8/fs/sysfs/symlink.c 2010-02-09 07:57:19.000000000 -0500
31525+++ linux-2.6.32.8/fs/sysfs/symlink.c 2010-02-13 21:45:10.734995279 -0500
31526@@ -204,7 +204,7 @@ static void *sysfs_follow_link(struct de
31527
31528 static void sysfs_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
31529 {
31530- char *page = nd_get_link(nd);
31531+ const char *page = nd_get_link(nd);
31532 if (!IS_ERR(page))
31533 free_page((unsigned long)page);
31534 }
31535diff -urNp linux-2.6.32.8/fs/udf/balloc.c linux-2.6.32.8/fs/udf/balloc.c
31536--- linux-2.6.32.8/fs/udf/balloc.c 2010-02-09 07:57:19.000000000 -0500
31537+++ linux-2.6.32.8/fs/udf/balloc.c 2010-02-13 21:45:10.734995279 -0500
31538@@ -172,9 +172,7 @@ static void udf_bitmap_free_blocks(struc
31539
31540 mutex_lock(&sbi->s_alloc_mutex);
31541 partmap = &sbi->s_partmaps[bloc->partitionReferenceNum];
31542- if (bloc->logicalBlockNum < 0 ||
31543- (bloc->logicalBlockNum + count) >
31544- partmap->s_partition_len) {
31545+ if ((bloc->logicalBlockNum + count) > partmap->s_partition_len) {
31546 udf_debug("%d < %d || %d + %d > %d\n",
31547 bloc->logicalBlockNum, 0, bloc->logicalBlockNum,
31548 count, partmap->s_partition_len);
31549@@ -436,9 +434,7 @@ static void udf_table_free_blocks(struct
31550
31551 mutex_lock(&sbi->s_alloc_mutex);
31552 partmap = &sbi->s_partmaps[bloc->partitionReferenceNum];
31553- if (bloc->logicalBlockNum < 0 ||
31554- (bloc->logicalBlockNum + count) >
31555- partmap->s_partition_len) {
31556+ if ((bloc->logicalBlockNum + count) > partmap->s_partition_len) {
31557 udf_debug("%d < %d || %d + %d > %d\n",
31558 bloc.logicalBlockNum, 0, bloc.logicalBlockNum, count,
31559 partmap->s_partition_len);
31560diff -urNp linux-2.6.32.8/fs/utimes.c linux-2.6.32.8/fs/utimes.c
31561--- linux-2.6.32.8/fs/utimes.c 2010-02-09 07:57:19.000000000 -0500
31562+++ linux-2.6.32.8/fs/utimes.c 2010-02-13 21:45:10.734995279 -0500
31563@@ -1,6 +1,7 @@
31564 #include <linux/compiler.h>
31565 #include <linux/file.h>
31566 #include <linux/fs.h>
31567+#include <linux/security.h>
31568 #include <linux/linkage.h>
31569 #include <linux/mount.h>
31570 #include <linux/namei.h>
31571@@ -101,6 +102,12 @@ static int utimes_common(struct path *pa
31572 goto mnt_drop_write_and_out;
31573 }
31574 }
31575+
31576+ if (!gr_acl_handle_utime(path->dentry, path->mnt)) {
31577+ error = -EACCES;
31578+ goto mnt_drop_write_and_out;
31579+ }
31580+
31581 mutex_lock(&inode->i_mutex);
31582 error = notify_change(path->dentry, &newattrs);
31583 mutex_unlock(&inode->i_mutex);
31584diff -urNp linux-2.6.32.8/fs/xfs/linux-2.6/xfs_iops.c linux-2.6.32.8/fs/xfs/linux-2.6/xfs_iops.c
31585--- linux-2.6.32.8/fs/xfs/linux-2.6/xfs_iops.c 2010-02-09 07:57:19.000000000 -0500
31586+++ linux-2.6.32.8/fs/xfs/linux-2.6/xfs_iops.c 2010-02-13 21:45:10.734995279 -0500
31587@@ -468,7 +468,7 @@ xfs_vn_put_link(
31588 struct nameidata *nd,
31589 void *p)
31590 {
31591- char *s = nd_get_link(nd);
31592+ const char *s = nd_get_link(nd);
31593
31594 if (!IS_ERR(s))
31595 kfree(s);
31596diff -urNp linux-2.6.32.8/fs/xfs/xfs_bmap.c linux-2.6.32.8/fs/xfs/xfs_bmap.c
31597--- linux-2.6.32.8/fs/xfs/xfs_bmap.c 2010-02-09 07:57:19.000000000 -0500
31598+++ linux-2.6.32.8/fs/xfs/xfs_bmap.c 2010-02-13 21:45:10.736823823 -0500
31599@@ -360,7 +360,7 @@ xfs_bmap_validate_ret(
31600 int nmap,
31601 int ret_nmap);
31602 #else
31603-#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap)
31604+#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) do {} while (0)
31605 #endif /* DEBUG */
31606
31607 #if defined(XFS_RW_TRACE)
31608diff -urNp linux-2.6.32.8/grsecurity/gracl_alloc.c linux-2.6.32.8/grsecurity/gracl_alloc.c
31609--- linux-2.6.32.8/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500
31610+++ linux-2.6.32.8/grsecurity/gracl_alloc.c 2010-02-13 21:45:10.736823823 -0500
31611@@ -0,0 +1,105 @@
31612+#include <linux/kernel.h>
31613+#include <linux/mm.h>
31614+#include <linux/slab.h>
31615+#include <linux/vmalloc.h>
31616+#include <linux/gracl.h>
31617+#include <linux/grsecurity.h>
31618+
31619+static unsigned long alloc_stack_next = 1;
31620+static unsigned long alloc_stack_size = 1;
31621+static void **alloc_stack;
31622+
31623+static __inline__ int
31624+alloc_pop(void)
31625+{
31626+ if (alloc_stack_next == 1)
31627+ return 0;
31628+
31629+ kfree(alloc_stack[alloc_stack_next - 2]);
31630+
31631+ alloc_stack_next--;
31632+
31633+ return 1;
31634+}
31635+
31636+static __inline__ int
31637+alloc_push(void *buf)
31638+{
31639+ if (alloc_stack_next >= alloc_stack_size)
31640+ return 1;
31641+
31642+ alloc_stack[alloc_stack_next - 1] = buf;
31643+
31644+ alloc_stack_next++;
31645+
31646+ return 0;
31647+}
31648+
31649+void *
31650+acl_alloc(unsigned long len)
31651+{
31652+ void *ret = NULL;
31653+
31654+ if (!len || len > PAGE_SIZE)
31655+ goto out;
31656+
31657+ ret = kmalloc(len, GFP_KERNEL);
31658+
31659+ if (ret) {
31660+ if (alloc_push(ret)) {
31661+ kfree(ret);
31662+ ret = NULL;
31663+ }
31664+ }
31665+
31666+out:
31667+ return ret;
31668+}
31669+
31670+void *
31671+acl_alloc_num(unsigned long num, unsigned long len)
31672+{
31673+ if (!len || (num > (PAGE_SIZE / len)))
31674+ return NULL;
31675+
31676+ return acl_alloc(num * len);
31677+}
31678+
31679+void
31680+acl_free_all(void)
31681+{
31682+ if (gr_acl_is_enabled() || !alloc_stack)
31683+ return;
31684+
31685+ while (alloc_pop()) ;
31686+
31687+ if (alloc_stack) {
31688+ if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
31689+ kfree(alloc_stack);
31690+ else
31691+ vfree(alloc_stack);
31692+ }
31693+
31694+ alloc_stack = NULL;
31695+ alloc_stack_size = 1;
31696+ alloc_stack_next = 1;
31697+
31698+ return;
31699+}
31700+
31701+int
31702+acl_alloc_stack_init(unsigned long size)
31703+{
31704+ if ((size * sizeof (void *)) <= PAGE_SIZE)
31705+ alloc_stack =
31706+ (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
31707+ else
31708+ alloc_stack = (void **) vmalloc(size * sizeof (void *));
31709+
31710+ alloc_stack_size = size;
31711+
31712+ if (!alloc_stack)
31713+ return 0;
31714+ else
31715+ return 1;
31716+}
31717diff -urNp linux-2.6.32.8/grsecurity/gracl.c linux-2.6.32.8/grsecurity/gracl.c
31718--- linux-2.6.32.8/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
31719+++ linux-2.6.32.8/grsecurity/gracl.c 2010-02-13 21:45:10.738840239 -0500
31720@@ -0,0 +1,3918 @@
31721+#include <linux/kernel.h>
31722+#include <linux/module.h>
31723+#include <linux/sched.h>
31724+#include <linux/mm.h>
31725+#include <linux/file.h>
31726+#include <linux/fs.h>
31727+#include <linux/namei.h>
31728+#include <linux/mount.h>
31729+#include <linux/tty.h>
31730+#include <linux/proc_fs.h>
31731+#include <linux/smp_lock.h>
31732+#include <linux/slab.h>
31733+#include <linux/vmalloc.h>
31734+#include <linux/types.h>
31735+#include <linux/sysctl.h>
31736+#include <linux/netdevice.h>
31737+#include <linux/ptrace.h>
31738+#include <linux/gracl.h>
31739+#include <linux/gralloc.h>
31740+#include <linux/grsecurity.h>
31741+#include <linux/grinternal.h>
31742+#include <linux/pid_namespace.h>
31743+#include <linux/fdtable.h>
31744+#include <linux/percpu.h>
31745+
31746+#include <asm/uaccess.h>
31747+#include <asm/errno.h>
31748+#include <asm/mman.h>
31749+
31750+static struct acl_role_db acl_role_set;
31751+static struct name_db name_set;
31752+static struct inodev_db inodev_set;
31753+
31754+/* for keeping track of userspace pointers used for subjects, so we
31755+ can share references in the kernel as well
31756+*/
31757+
31758+static struct dentry *real_root;
31759+static struct vfsmount *real_root_mnt;
31760+
31761+static struct acl_subj_map_db subj_map_set;
31762+
31763+static struct acl_role_label *default_role;
31764+
31765+static struct acl_role_label *role_list;
31766+
31767+static u16 acl_sp_role_value;
31768+
31769+extern char *gr_shared_page[4];
31770+static DECLARE_MUTEX(gr_dev_sem);
31771+DEFINE_RWLOCK(gr_inode_lock);
31772+
31773+struct gr_arg *gr_usermode;
31774+
31775+static unsigned int gr_status __read_only = GR_STATUS_INIT;
31776+
31777+extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
31778+extern void gr_clear_learn_entries(void);
31779+
31780+#ifdef CONFIG_GRKERNSEC_RESLOG
31781+extern void gr_log_resource(const struct task_struct *task,
31782+ const int res, const unsigned long wanted, const int gt);
31783+#endif
31784+
31785+unsigned char *gr_system_salt;
31786+unsigned char *gr_system_sum;
31787+
31788+static struct sprole_pw **acl_special_roles = NULL;
31789+static __u16 num_sprole_pws = 0;
31790+
31791+static struct acl_role_label *kernel_role = NULL;
31792+
31793+static unsigned int gr_auth_attempts = 0;
31794+static unsigned long gr_auth_expires = 0UL;
31795+
31796+extern struct vfsmount *sock_mnt;
31797+extern struct vfsmount *pipe_mnt;
31798+extern struct vfsmount *shm_mnt;
31799+static struct acl_object_label *fakefs_obj;
31800+
31801+extern int gr_init_uidset(void);
31802+extern void gr_free_uidset(void);
31803+extern void gr_remove_uid(uid_t uid);
31804+extern int gr_find_uid(uid_t uid);
31805+
31806+__inline__ int
31807+gr_acl_is_enabled(void)
31808+{
31809+ return (gr_status & GR_READY);
31810+}
31811+
31812+char gr_roletype_to_char(void)
31813+{
31814+ switch (current->role->roletype &
31815+ (GR_ROLE_DEFAULT | GR_ROLE_USER | GR_ROLE_GROUP |
31816+ GR_ROLE_SPECIAL)) {
31817+ case GR_ROLE_DEFAULT:
31818+ return 'D';
31819+ case GR_ROLE_USER:
31820+ return 'U';
31821+ case GR_ROLE_GROUP:
31822+ return 'G';
31823+ case GR_ROLE_SPECIAL:
31824+ return 'S';
31825+ }
31826+
31827+ return 'X';
31828+}
31829+
31830+__inline__ int
31831+gr_acl_tpe_check(void)
31832+{
31833+ if (unlikely(!(gr_status & GR_READY)))
31834+ return 0;
31835+ if (current->role->roletype & GR_ROLE_TPE)
31836+ return 1;
31837+ else
31838+ return 0;
31839+}
31840+
31841+int
31842+gr_handle_rawio(const struct inode *inode)
31843+{
31844+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
31845+ if (inode && S_ISBLK(inode->i_mode) &&
31846+ grsec_enable_chroot_caps && proc_is_chrooted(current) &&
31847+ !capable(CAP_SYS_RAWIO))
31848+ return 1;
31849+#endif
31850+ return 0;
31851+}
31852+
31853+static int
31854+gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb)
31855+{
31856+ int i;
31857+ unsigned long *l1;
31858+ unsigned long *l2;
31859+ unsigned char *c1;
31860+ unsigned char *c2;
31861+ int num_longs;
31862+
31863+ if (likely(lena != lenb))
31864+ return 0;
31865+
31866+ l1 = (unsigned long *)a;
31867+ l2 = (unsigned long *)b;
31868+
31869+ num_longs = lena / sizeof(unsigned long);
31870+
31871+ for (i = num_longs; i--; l1++, l2++) {
31872+ if (unlikely(*l1 != *l2))
31873+ return 0;
31874+ }
31875+
31876+ c1 = (unsigned char *) l1;
31877+ c2 = (unsigned char *) l2;
31878+
31879+ i = lena - (num_longs * sizeof(unsigned long));
31880+
31881+ for (; i--; c1++, c2++) {
31882+ if (unlikely(*c1 != *c2))
31883+ return 0;
31884+ }
31885+
31886+ return 1;
31887+}
31888+
31889+static char * __our_d_path(struct dentry *dentry, struct vfsmount *vfsmnt,
31890+ struct dentry *root, struct vfsmount *rootmnt,
31891+ char *buffer, int buflen)
31892+{
31893+ char * end = buffer+buflen;
31894+ char * retval;
31895+ int namelen;
31896+
31897+ *--end = '\0';
31898+ buflen--;
31899+
31900+ if (buflen < 1)
31901+ goto Elong;
31902+ /* Get '/' right */
31903+ retval = end-1;
31904+ *retval = '/';
31905+
31906+ for (;;) {
31907+ struct dentry * parent;
31908+
31909+ if (dentry == root && vfsmnt == rootmnt)
31910+ break;
31911+ if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
31912+ /* Global root? */
31913+ spin_lock(&vfsmount_lock);
31914+ if (vfsmnt->mnt_parent == vfsmnt) {
31915+ spin_unlock(&vfsmount_lock);
31916+ goto global_root;
31917+ }
31918+ dentry = vfsmnt->mnt_mountpoint;
31919+ vfsmnt = vfsmnt->mnt_parent;
31920+ spin_unlock(&vfsmount_lock);
31921+ continue;
31922+ }
31923+ parent = dentry->d_parent;
31924+ prefetch(parent);
31925+ namelen = dentry->d_name.len;
31926+ buflen -= namelen + 1;
31927+ if (buflen < 0)
31928+ goto Elong;
31929+ end -= namelen;
31930+ memcpy(end, dentry->d_name.name, namelen);
31931+ *--end = '/';
31932+ retval = end;
31933+ dentry = parent;
31934+ }
31935+
31936+ return retval;
31937+
31938+global_root:
31939+ namelen = dentry->d_name.len;
31940+ buflen -= namelen;
31941+ if (buflen < 0)
31942+ goto Elong;
31943+ retval -= namelen-1; /* hit the slash */
31944+ memcpy(retval, dentry->d_name.name, namelen);
31945+ return retval;
31946+Elong:
31947+ return ERR_PTR(-ENAMETOOLONG);
31948+}
31949+
31950+static char *
31951+gen_full_path(struct dentry *dentry, struct vfsmount *vfsmnt,
31952+ struct dentry *root, struct vfsmount *rootmnt, char *buf, int buflen)
31953+{
31954+ char *retval;
31955+
31956+ retval = __our_d_path(dentry, vfsmnt, root, rootmnt, buf, buflen);
31957+ if (unlikely(IS_ERR(retval)))
31958+ retval = strcpy(buf, "<path too long>");
31959+ else if (unlikely(retval[1] == '/' && retval[2] == '\0'))
31960+ retval[1] = '\0';
31961+
31962+ return retval;
31963+}
31964+
31965+static char *
31966+__d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
31967+ char *buf, int buflen)
31968+{
31969+ char *res;
31970+
31971+ /* we can use real_root, real_root_mnt, because this is only called
31972+ by the RBAC system */
31973+ res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, real_root, real_root_mnt, buf, buflen);
31974+
31975+ return res;
31976+}
31977+
31978+static char *
31979+d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
31980+ char *buf, int buflen)
31981+{
31982+ char *res;
31983+ struct dentry *root;
31984+ struct vfsmount *rootmnt;
31985+ struct task_struct *reaper = &init_task;
31986+
31987+ /* we can't use real_root, real_root_mnt, because they belong only to the RBAC system */
31988+ read_lock(&reaper->fs->lock);
31989+ root = dget(reaper->fs->root.dentry);
31990+ rootmnt = mntget(reaper->fs->root.mnt);
31991+ read_unlock(&reaper->fs->lock);
31992+
31993+ spin_lock(&dcache_lock);
31994+ res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, root, rootmnt, buf, buflen);
31995+ spin_unlock(&dcache_lock);
31996+
31997+ dput(root);
31998+ mntput(rootmnt);
31999+ return res;
32000+}
32001+
32002+static char *
32003+gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt)
32004+{
32005+ char *ret;
32006+ spin_lock(&dcache_lock);
32007+ ret = __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
32008+ PAGE_SIZE);
32009+ spin_unlock(&dcache_lock);
32010+ return ret;
32011+}
32012+
32013+char *
32014+gr_to_filename_nolock(const struct dentry *dentry, const struct vfsmount *mnt)
32015+{
32016+ return __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
32017+ PAGE_SIZE);
32018+}
32019+
32020+char *
32021+gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt)
32022+{
32023+ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
32024+ PAGE_SIZE);
32025+}
32026+
32027+char *
32028+gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt)
32029+{
32030+ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[1], smp_processor_id()),
32031+ PAGE_SIZE);
32032+}
32033+
32034+char *
32035+gr_to_filename2(const struct dentry *dentry, const struct vfsmount *mnt)
32036+{
32037+ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[2], smp_processor_id()),
32038+ PAGE_SIZE);
32039+}
32040+
32041+char *
32042+gr_to_filename3(const struct dentry *dentry, const struct vfsmount *mnt)
32043+{
32044+ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[3], smp_processor_id()),
32045+ PAGE_SIZE);
32046+}
32047+
32048+__inline__ __u32
32049+to_gr_audit(const __u32 reqmode)
32050+{
32051+ /* masks off auditable permission flags, then shifts them to create
32052+ auditing flags, and adds the special case of append auditing if
32053+ we're requesting write */
32054+ return (((reqmode & ~GR_AUDITS) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0));
32055+}
32056+
32057+struct acl_subject_label *
32058+lookup_subject_map(const struct acl_subject_label *userp)
32059+{
32060+ unsigned int index = shash(userp, subj_map_set.s_size);
32061+ struct subject_map *match;
32062+
32063+ match = subj_map_set.s_hash[index];
32064+
32065+ while (match && match->user != userp)
32066+ match = match->next;
32067+
32068+ if (match != NULL)
32069+ return match->kernel;
32070+ else
32071+ return NULL;
32072+}
32073+
32074+static void
32075+insert_subj_map_entry(struct subject_map *subjmap)
32076+{
32077+ unsigned int index = shash(subjmap->user, subj_map_set.s_size);
32078+ struct subject_map **curr;
32079+
32080+ subjmap->prev = NULL;
32081+
32082+ curr = &subj_map_set.s_hash[index];
32083+ if (*curr != NULL)
32084+ (*curr)->prev = subjmap;
32085+
32086+ subjmap->next = *curr;
32087+ *curr = subjmap;
32088+
32089+ return;
32090+}
32091+
32092+static struct acl_role_label *
32093+lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
32094+ const gid_t gid)
32095+{
32096+ unsigned int index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
32097+ struct acl_role_label *match;
32098+ struct role_allowed_ip *ipp;
32099+ unsigned int x;
32100+
32101+ match = acl_role_set.r_hash[index];
32102+
32103+ while (match) {
32104+ if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_USER)) == (GR_ROLE_DOMAIN | GR_ROLE_USER)) {
32105+ for (x = 0; x < match->domain_child_num; x++) {
32106+ if (match->domain_children[x] == uid)
32107+ goto found;
32108+ }
32109+ } else if (match->uidgid == uid && match->roletype & GR_ROLE_USER)
32110+ break;
32111+ match = match->next;
32112+ }
32113+found:
32114+ if (match == NULL) {
32115+ try_group:
32116+ index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
32117+ match = acl_role_set.r_hash[index];
32118+
32119+ while (match) {
32120+ if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) == (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) {
32121+ for (x = 0; x < match->domain_child_num; x++) {
32122+ if (match->domain_children[x] == gid)
32123+ goto found2;
32124+ }
32125+ } else if (match->uidgid == gid && match->roletype & GR_ROLE_GROUP)
32126+ break;
32127+ match = match->next;
32128+ }
32129+found2:
32130+ if (match == NULL)
32131+ match = default_role;
32132+ if (match->allowed_ips == NULL)
32133+ return match;
32134+ else {
32135+ for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
32136+ if (likely
32137+ ((ntohl(task->signal->curr_ip) & ipp->netmask) ==
32138+ (ntohl(ipp->addr) & ipp->netmask)))
32139+ return match;
32140+ }
32141+ match = default_role;
32142+ }
32143+ } else if (match->allowed_ips == NULL) {
32144+ return match;
32145+ } else {
32146+ for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
32147+ if (likely
32148+ ((ntohl(task->signal->curr_ip) & ipp->netmask) ==
32149+ (ntohl(ipp->addr) & ipp->netmask)))
32150+ return match;
32151+ }
32152+ goto try_group;
32153+ }
32154+
32155+ return match;
32156+}
32157+
32158+struct acl_subject_label *
32159+lookup_acl_subj_label(const ino_t ino, const dev_t dev,
32160+ const struct acl_role_label *role)
32161+{
32162+ unsigned int index = fhash(ino, dev, role->subj_hash_size);
32163+ struct acl_subject_label *match;
32164+
32165+ match = role->subj_hash[index];
32166+
32167+ while (match && (match->inode != ino || match->device != dev ||
32168+ (match->mode & GR_DELETED))) {
32169+ match = match->next;
32170+ }
32171+
32172+ if (match && !(match->mode & GR_DELETED))
32173+ return match;
32174+ else
32175+ return NULL;
32176+}
32177+
32178+struct acl_subject_label *
32179+lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev,
32180+ const struct acl_role_label *role)
32181+{
32182+ unsigned int index = fhash(ino, dev, role->subj_hash_size);
32183+ struct acl_subject_label *match;
32184+
32185+ match = role->subj_hash[index];
32186+
32187+ while (match && (match->inode != ino || match->device != dev ||
32188+ !(match->mode & GR_DELETED))) {
32189+ match = match->next;
32190+ }
32191+
32192+ if (match && (match->mode & GR_DELETED))
32193+ return match;
32194+ else
32195+ return NULL;
32196+}
32197+
32198+static struct acl_object_label *
32199+lookup_acl_obj_label(const ino_t ino, const dev_t dev,
32200+ const struct acl_subject_label *subj)
32201+{
32202+ unsigned int index = fhash(ino, dev, subj->obj_hash_size);
32203+ struct acl_object_label *match;
32204+
32205+ match = subj->obj_hash[index];
32206+
32207+ while (match && (match->inode != ino || match->device != dev ||
32208+ (match->mode & GR_DELETED))) {
32209+ match = match->next;
32210+ }
32211+
32212+ if (match && !(match->mode & GR_DELETED))
32213+ return match;
32214+ else
32215+ return NULL;
32216+}
32217+
32218+static struct acl_object_label *
32219+lookup_acl_obj_label_create(const ino_t ino, const dev_t dev,
32220+ const struct acl_subject_label *subj)
32221+{
32222+ unsigned int index = fhash(ino, dev, subj->obj_hash_size);
32223+ struct acl_object_label *match;
32224+
32225+ match = subj->obj_hash[index];
32226+
32227+ while (match && (match->inode != ino || match->device != dev ||
32228+ !(match->mode & GR_DELETED))) {
32229+ match = match->next;
32230+ }
32231+
32232+ if (match && (match->mode & GR_DELETED))
32233+ return match;
32234+
32235+ match = subj->obj_hash[index];
32236+
32237+ while (match && (match->inode != ino || match->device != dev ||
32238+ (match->mode & GR_DELETED))) {
32239+ match = match->next;
32240+ }
32241+
32242+ if (match && !(match->mode & GR_DELETED))
32243+ return match;
32244+ else
32245+ return NULL;
32246+}
32247+
32248+static struct name_entry *
32249+lookup_name_entry(const char *name)
32250+{
32251+ unsigned int len = strlen(name);
32252+ unsigned int key = full_name_hash(name, len);
32253+ unsigned int index = key % name_set.n_size;
32254+ struct name_entry *match;
32255+
32256+ match = name_set.n_hash[index];
32257+
32258+ while (match && (match->key != key || !gr_streq(match->name, name, match->len, len)))
32259+ match = match->next;
32260+
32261+ return match;
32262+}
32263+
32264+static struct name_entry *
32265+lookup_name_entry_create(const char *name)
32266+{
32267+ unsigned int len = strlen(name);
32268+ unsigned int key = full_name_hash(name, len);
32269+ unsigned int index = key % name_set.n_size;
32270+ struct name_entry *match;
32271+
32272+ match = name_set.n_hash[index];
32273+
32274+ while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
32275+ !match->deleted))
32276+ match = match->next;
32277+
32278+ if (match && match->deleted)
32279+ return match;
32280+
32281+ match = name_set.n_hash[index];
32282+
32283+ while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
32284+ match->deleted))
32285+ match = match->next;
32286+
32287+ if (match && !match->deleted)
32288+ return match;
32289+ else
32290+ return NULL;
32291+}
32292+
32293+static struct inodev_entry *
32294+lookup_inodev_entry(const ino_t ino, const dev_t dev)
32295+{
32296+ unsigned int index = fhash(ino, dev, inodev_set.i_size);
32297+ struct inodev_entry *match;
32298+
32299+ match = inodev_set.i_hash[index];
32300+
32301+ while (match && (match->nentry->inode != ino || match->nentry->device != dev))
32302+ match = match->next;
32303+
32304+ return match;
32305+}
32306+
32307+static void
32308+insert_inodev_entry(struct inodev_entry *entry)
32309+{
32310+ unsigned int index = fhash(entry->nentry->inode, entry->nentry->device,
32311+ inodev_set.i_size);
32312+ struct inodev_entry **curr;
32313+
32314+ entry->prev = NULL;
32315+
32316+ curr = &inodev_set.i_hash[index];
32317+ if (*curr != NULL)
32318+ (*curr)->prev = entry;
32319+
32320+ entry->next = *curr;
32321+ *curr = entry;
32322+
32323+ return;
32324+}
32325+
32326+static void
32327+__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
32328+{
32329+ unsigned int index =
32330+ rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
32331+ struct acl_role_label **curr;
32332+ struct acl_role_label *tmp;
32333+
32334+ curr = &acl_role_set.r_hash[index];
32335+
32336+ /* if role was already inserted due to domains and already has
32337+ a role in the same bucket as it attached, then we need to
32338+ combine these two buckets
32339+ */
32340+ if (role->next) {
32341+ tmp = role->next;
32342+ while (tmp->next)
32343+ tmp = tmp->next;
32344+ tmp->next = *curr;
32345+ } else
32346+ role->next = *curr;
32347+ *curr = role;
32348+
32349+ return;
32350+}
32351+
32352+static void
32353+insert_acl_role_label(struct acl_role_label *role)
32354+{
32355+ int i;
32356+
32357+ if (role_list == NULL) {
32358+ role_list = role;
32359+ role->prev = NULL;
32360+ } else {
32361+ role->prev = role_list;
32362+ role_list = role;
32363+ }
32364+
32365+ /* used for hash chains */
32366+ role->next = NULL;
32367+
32368+ if (role->roletype & GR_ROLE_DOMAIN) {
32369+ for (i = 0; i < role->domain_child_num; i++)
32370+ __insert_acl_role_label(role, role->domain_children[i]);
32371+ } else
32372+ __insert_acl_role_label(role, role->uidgid);
32373+}
32374+
32375+static int
32376+insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted)
32377+{
32378+ struct name_entry **curr, *nentry;
32379+ struct inodev_entry *ientry;
32380+ unsigned int len = strlen(name);
32381+ unsigned int key = full_name_hash(name, len);
32382+ unsigned int index = key % name_set.n_size;
32383+
32384+ curr = &name_set.n_hash[index];
32385+
32386+ while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len)))
32387+ curr = &((*curr)->next);
32388+
32389+ if (*curr != NULL)
32390+ return 1;
32391+
32392+ nentry = acl_alloc(sizeof (struct name_entry));
32393+ if (nentry == NULL)
32394+ return 0;
32395+ ientry = acl_alloc(sizeof (struct inodev_entry));
32396+ if (ientry == NULL)
32397+ return 0;
32398+ ientry->nentry = nentry;
32399+
32400+ nentry->key = key;
32401+ nentry->name = name;
32402+ nentry->inode = inode;
32403+ nentry->device = device;
32404+ nentry->len = len;
32405+ nentry->deleted = deleted;
32406+
32407+ nentry->prev = NULL;
32408+ curr = &name_set.n_hash[index];
32409+ if (*curr != NULL)
32410+ (*curr)->prev = nentry;
32411+ nentry->next = *curr;
32412+ *curr = nentry;
32413+
32414+ /* insert us into the table searchable by inode/dev */
32415+ insert_inodev_entry(ientry);
32416+
32417+ return 1;
32418+}
32419+
32420+static void
32421+insert_acl_obj_label(struct acl_object_label *obj,
32422+ struct acl_subject_label *subj)
32423+{
32424+ unsigned int index =
32425+ fhash(obj->inode, obj->device, subj->obj_hash_size);
32426+ struct acl_object_label **curr;
32427+
32428+
32429+ obj->prev = NULL;
32430+
32431+ curr = &subj->obj_hash[index];
32432+ if (*curr != NULL)
32433+ (*curr)->prev = obj;
32434+
32435+ obj->next = *curr;
32436+ *curr = obj;
32437+
32438+ return;
32439+}
32440+
32441+static void
32442+insert_acl_subj_label(struct acl_subject_label *obj,
32443+ struct acl_role_label *role)
32444+{
32445+ unsigned int index = fhash(obj->inode, obj->device, role->subj_hash_size);
32446+ struct acl_subject_label **curr;
32447+
32448+ obj->prev = NULL;
32449+
32450+ curr = &role->subj_hash[index];
32451+ if (*curr != NULL)
32452+ (*curr)->prev = obj;
32453+
32454+ obj->next = *curr;
32455+ *curr = obj;
32456+
32457+ return;
32458+}
32459+
32460+/* allocating chained hash tables, so optimal size is where lambda ~ 1 */
32461+
32462+static void *
32463+create_table(__u32 * len, int elementsize)
32464+{
32465+ unsigned int table_sizes[] = {
32466+ 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
32467+ 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
32468+ 4194301, 8388593, 16777213, 33554393, 67108859
32469+ };
32470+ void *newtable = NULL;
32471+ unsigned int pwr = 0;
32472+
32473+ while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
32474+ table_sizes[pwr] <= *len)
32475+ pwr++;
32476+
32477+ if (table_sizes[pwr] <= *len || (table_sizes[pwr] > ULONG_MAX / elementsize))
32478+ return newtable;
32479+
32480+ if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE)
32481+ newtable =
32482+ kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL);
32483+ else
32484+ newtable = vmalloc(table_sizes[pwr] * elementsize);
32485+
32486+ *len = table_sizes[pwr];
32487+
32488+ return newtable;
32489+}
32490+
32491+static int
32492+init_variables(const struct gr_arg *arg)
32493+{
32494+ struct task_struct *reaper = &init_task;
32495+ unsigned int stacksize;
32496+
32497+ subj_map_set.s_size = arg->role_db.num_subjects;
32498+ acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children;
32499+ name_set.n_size = arg->role_db.num_objects;
32500+ inodev_set.i_size = arg->role_db.num_objects;
32501+
32502+ if (!subj_map_set.s_size || !acl_role_set.r_size ||
32503+ !name_set.n_size || !inodev_set.i_size)
32504+ return 1;
32505+
32506+ if (!gr_init_uidset())
32507+ return 1;
32508+
32509+ /* set up the stack that holds allocation info */
32510+
32511+ stacksize = arg->role_db.num_pointers + 5;
32512+
32513+ if (!acl_alloc_stack_init(stacksize))
32514+ return 1;
32515+
32516+ /* grab reference for the real root dentry and vfsmount */
32517+ read_lock(&reaper->fs->lock);
32518+ real_root_mnt = mntget(reaper->fs->root.mnt);
32519+ real_root = dget(reaper->fs->root.dentry);
32520+ read_unlock(&reaper->fs->lock);
32521+
32522+ fakefs_obj = acl_alloc(sizeof(struct acl_object_label));
32523+ if (fakefs_obj == NULL)
32524+ return 1;
32525+ fakefs_obj->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC;
32526+
32527+ subj_map_set.s_hash =
32528+ (struct subject_map **) create_table(&subj_map_set.s_size, sizeof(void *));
32529+ acl_role_set.r_hash =
32530+ (struct acl_role_label **) create_table(&acl_role_set.r_size, sizeof(void *));
32531+ name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size, sizeof(void *));
32532+ inodev_set.i_hash =
32533+ (struct inodev_entry **) create_table(&inodev_set.i_size, sizeof(void *));
32534+
32535+ if (!subj_map_set.s_hash || !acl_role_set.r_hash ||
32536+ !name_set.n_hash || !inodev_set.i_hash)
32537+ return 1;
32538+
32539+ memset(subj_map_set.s_hash, 0,
32540+ sizeof(struct subject_map *) * subj_map_set.s_size);
32541+ memset(acl_role_set.r_hash, 0,
32542+ sizeof (struct acl_role_label *) * acl_role_set.r_size);
32543+ memset(name_set.n_hash, 0,
32544+ sizeof (struct name_entry *) * name_set.n_size);
32545+ memset(inodev_set.i_hash, 0,
32546+ sizeof (struct inodev_entry *) * inodev_set.i_size);
32547+
32548+ return 0;
32549+}
32550+
32551+/* free information not needed after startup
32552+ currently contains user->kernel pointer mappings for subjects
32553+*/
32554+
32555+static void
32556+free_init_variables(void)
32557+{
32558+ __u32 i;
32559+
32560+ if (subj_map_set.s_hash) {
32561+ for (i = 0; i < subj_map_set.s_size; i++) {
32562+ if (subj_map_set.s_hash[i]) {
32563+ kfree(subj_map_set.s_hash[i]);
32564+ subj_map_set.s_hash[i] = NULL;
32565+ }
32566+ }
32567+
32568+ if ((subj_map_set.s_size * sizeof (struct subject_map *)) <=
32569+ PAGE_SIZE)
32570+ kfree(subj_map_set.s_hash);
32571+ else
32572+ vfree(subj_map_set.s_hash);
32573+ }
32574+
32575+ return;
32576+}
32577+
32578+static void
32579+free_variables(void)
32580+{
32581+ struct acl_subject_label *s;
32582+ struct acl_role_label *r;
32583+ struct task_struct *task, *task2;
32584+ unsigned int x;
32585+
32586+ gr_clear_learn_entries();
32587+
32588+ read_lock(&tasklist_lock);
32589+ do_each_thread(task2, task) {
32590+ task->acl_sp_role = 0;
32591+ task->acl_role_id = 0;
32592+ task->acl = NULL;
32593+ task->role = NULL;
32594+ } while_each_thread(task2, task);
32595+ read_unlock(&tasklist_lock);
32596+
32597+ /* release the reference to the real root dentry and vfsmount */
32598+ if (real_root)
32599+ dput(real_root);
32600+ real_root = NULL;
32601+ if (real_root_mnt)
32602+ mntput(real_root_mnt);
32603+ real_root_mnt = NULL;
32604+
32605+ /* free all object hash tables */
32606+
32607+ FOR_EACH_ROLE_START(r)
32608+ if (r->subj_hash == NULL)
32609+ goto next_role;
32610+ FOR_EACH_SUBJECT_START(r, s, x)
32611+ if (s->obj_hash == NULL)
32612+ break;
32613+ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
32614+ kfree(s->obj_hash);
32615+ else
32616+ vfree(s->obj_hash);
32617+ FOR_EACH_SUBJECT_END(s, x)
32618+ FOR_EACH_NESTED_SUBJECT_START(r, s)
32619+ if (s->obj_hash == NULL)
32620+ break;
32621+ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
32622+ kfree(s->obj_hash);
32623+ else
32624+ vfree(s->obj_hash);
32625+ FOR_EACH_NESTED_SUBJECT_END(s)
32626+ if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
32627+ kfree(r->subj_hash);
32628+ else
32629+ vfree(r->subj_hash);
32630+ r->subj_hash = NULL;
32631+next_role:
32632+ FOR_EACH_ROLE_END(r)
32633+
32634+ acl_free_all();
32635+
32636+ if (acl_role_set.r_hash) {
32637+ if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
32638+ PAGE_SIZE)
32639+ kfree(acl_role_set.r_hash);
32640+ else
32641+ vfree(acl_role_set.r_hash);
32642+ }
32643+ if (name_set.n_hash) {
32644+ if ((name_set.n_size * sizeof (struct name_entry *)) <=
32645+ PAGE_SIZE)
32646+ kfree(name_set.n_hash);
32647+ else
32648+ vfree(name_set.n_hash);
32649+ }
32650+
32651+ if (inodev_set.i_hash) {
32652+ if ((inodev_set.i_size * sizeof (struct inodev_entry *)) <=
32653+ PAGE_SIZE)
32654+ kfree(inodev_set.i_hash);
32655+ else
32656+ vfree(inodev_set.i_hash);
32657+ }
32658+
32659+ gr_free_uidset();
32660+
32661+ memset(&name_set, 0, sizeof (struct name_db));
32662+ memset(&inodev_set, 0, sizeof (struct inodev_db));
32663+ memset(&acl_role_set, 0, sizeof (struct acl_role_db));
32664+ memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db));
32665+
32666+ default_role = NULL;
32667+ role_list = NULL;
32668+
32669+ return;
32670+}
32671+
32672+static __u32
32673+count_user_objs(struct acl_object_label *userp)
32674+{
32675+ struct acl_object_label o_tmp;
32676+ __u32 num = 0;
32677+
32678+ while (userp) {
32679+ if (copy_from_user(&o_tmp, userp,
32680+ sizeof (struct acl_object_label)))
32681+ break;
32682+
32683+ userp = o_tmp.prev;
32684+ num++;
32685+ }
32686+
32687+ return num;
32688+}
32689+
32690+static struct acl_subject_label *
32691+do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role);
32692+
32693+static int
32694+copy_user_glob(struct acl_object_label *obj)
32695+{
32696+ struct acl_object_label *g_tmp, **guser;
32697+ unsigned int len;
32698+ char *tmp;
32699+
32700+ if (obj->globbed == NULL)
32701+ return 0;
32702+
32703+ guser = &obj->globbed;
32704+ while (*guser) {
32705+ g_tmp = (struct acl_object_label *)
32706+ acl_alloc(sizeof (struct acl_object_label));
32707+ if (g_tmp == NULL)
32708+ return -ENOMEM;
32709+
32710+ if (copy_from_user(g_tmp, *guser,
32711+ sizeof (struct acl_object_label)))
32712+ return -EFAULT;
32713+
32714+ len = strnlen_user(g_tmp->filename, PATH_MAX);
32715+
32716+ if (!len || len >= PATH_MAX)
32717+ return -EINVAL;
32718+
32719+ if ((tmp = (char *) acl_alloc(len)) == NULL)
32720+ return -ENOMEM;
32721+
32722+ if (copy_from_user(tmp, g_tmp->filename, len))
32723+ return -EFAULT;
32724+ tmp[len-1] = '\0';
32725+ g_tmp->filename = tmp;
32726+
32727+ *guser = g_tmp;
32728+ guser = &(g_tmp->next);
32729+ }
32730+
32731+ return 0;
32732+}
32733+
32734+static int
32735+copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
32736+ struct acl_role_label *role)
32737+{
32738+ struct acl_object_label *o_tmp;
32739+ unsigned int len;
32740+ int ret;
32741+ char *tmp;
32742+
32743+ while (userp) {
32744+ if ((o_tmp = (struct acl_object_label *)
32745+ acl_alloc(sizeof (struct acl_object_label))) == NULL)
32746+ return -ENOMEM;
32747+
32748+ if (copy_from_user(o_tmp, userp,
32749+ sizeof (struct acl_object_label)))
32750+ return -EFAULT;
32751+
32752+ userp = o_tmp->prev;
32753+
32754+ len = strnlen_user(o_tmp->filename, PATH_MAX);
32755+
32756+ if (!len || len >= PATH_MAX)
32757+ return -EINVAL;
32758+
32759+ if ((tmp = (char *) acl_alloc(len)) == NULL)
32760+ return -ENOMEM;
32761+
32762+ if (copy_from_user(tmp, o_tmp->filename, len))
32763+ return -EFAULT;
32764+ tmp[len-1] = '\0';
32765+ o_tmp->filename = tmp;
32766+
32767+ insert_acl_obj_label(o_tmp, subj);
32768+ if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
32769+ o_tmp->device, (o_tmp->mode & GR_DELETED) ? 1 : 0))
32770+ return -ENOMEM;
32771+
32772+ ret = copy_user_glob(o_tmp);
32773+ if (ret)
32774+ return ret;
32775+
32776+ if (o_tmp->nested) {
32777+ o_tmp->nested = do_copy_user_subj(o_tmp->nested, role);
32778+ if (IS_ERR(o_tmp->nested))
32779+ return PTR_ERR(o_tmp->nested);
32780+
32781+ /* insert into nested subject list */
32782+ o_tmp->nested->next = role->hash->first;
32783+ role->hash->first = o_tmp->nested;
32784+ }
32785+ }
32786+
32787+ return 0;
32788+}
32789+
32790+static __u32
32791+count_user_subjs(struct acl_subject_label *userp)
32792+{
32793+ struct acl_subject_label s_tmp;
32794+ __u32 num = 0;
32795+
32796+ while (userp) {
32797+ if (copy_from_user(&s_tmp, userp,
32798+ sizeof (struct acl_subject_label)))
32799+ break;
32800+
32801+ userp = s_tmp.prev;
32802+ /* do not count nested subjects against this count, since
32803+ they are not included in the hash table, but are
32804+ attached to objects. We have already counted
32805+ the subjects in userspace for the allocation
32806+ stack
32807+ */
32808+ if (!(s_tmp.mode & GR_NESTED))
32809+ num++;
32810+ }
32811+
32812+ return num;
32813+}
32814+
32815+static int
32816+copy_user_allowedips(struct acl_role_label *rolep)
32817+{
32818+ struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast;
32819+
32820+ ruserip = rolep->allowed_ips;
32821+
32822+ while (ruserip) {
32823+ rlast = rtmp;
32824+
32825+ if ((rtmp = (struct role_allowed_ip *)
32826+ acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
32827+ return -ENOMEM;
32828+
32829+ if (copy_from_user(rtmp, ruserip,
32830+ sizeof (struct role_allowed_ip)))
32831+ return -EFAULT;
32832+
32833+ ruserip = rtmp->prev;
32834+
32835+ if (!rlast) {
32836+ rtmp->prev = NULL;
32837+ rolep->allowed_ips = rtmp;
32838+ } else {
32839+ rlast->next = rtmp;
32840+ rtmp->prev = rlast;
32841+ }
32842+
32843+ if (!ruserip)
32844+ rtmp->next = NULL;
32845+ }
32846+
32847+ return 0;
32848+}
32849+
32850+static int
32851+copy_user_transitions(struct acl_role_label *rolep)
32852+{
32853+ struct role_transition *rusertp, *rtmp = NULL, *rlast;
32854+
32855+ unsigned int len;
32856+ char *tmp;
32857+
32858+ rusertp = rolep->transitions;
32859+
32860+ while (rusertp) {
32861+ rlast = rtmp;
32862+
32863+ if ((rtmp = (struct role_transition *)
32864+ acl_alloc(sizeof (struct role_transition))) == NULL)
32865+ return -ENOMEM;
32866+
32867+ if (copy_from_user(rtmp, rusertp,
32868+ sizeof (struct role_transition)))
32869+ return -EFAULT;
32870+
32871+ rusertp = rtmp->prev;
32872+
32873+ len = strnlen_user(rtmp->rolename, GR_SPROLE_LEN);
32874+
32875+ if (!len || len >= GR_SPROLE_LEN)
32876+ return -EINVAL;
32877+
32878+ if ((tmp = (char *) acl_alloc(len)) == NULL)
32879+ return -ENOMEM;
32880+
32881+ if (copy_from_user(tmp, rtmp->rolename, len))
32882+ return -EFAULT;
32883+ tmp[len-1] = '\0';
32884+ rtmp->rolename = tmp;
32885+
32886+ if (!rlast) {
32887+ rtmp->prev = NULL;
32888+ rolep->transitions = rtmp;
32889+ } else {
32890+ rlast->next = rtmp;
32891+ rtmp->prev = rlast;
32892+ }
32893+
32894+ if (!rusertp)
32895+ rtmp->next = NULL;
32896+ }
32897+
32898+ return 0;
32899+}
32900+
32901+static struct acl_subject_label *
32902+do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role)
32903+{
32904+ struct acl_subject_label *s_tmp = NULL, *s_tmp2;
32905+ unsigned int len;
32906+ char *tmp;
32907+ __u32 num_objs;
32908+ struct acl_ip_label **i_tmp, *i_utmp2;
32909+ struct gr_hash_struct ghash;
32910+ struct subject_map *subjmap;
32911+ unsigned int i_num;
32912+ int err;
32913+
32914+ s_tmp = lookup_subject_map(userp);
32915+
32916+ /* we've already copied this subject into the kernel, just return
32917+ the reference to it, and don't copy it over again
32918+ */
32919+ if (s_tmp)
32920+ return(s_tmp);
32921+
32922+ if ((s_tmp = (struct acl_subject_label *)
32923+ acl_alloc(sizeof (struct acl_subject_label))) == NULL)
32924+ return ERR_PTR(-ENOMEM);
32925+
32926+ subjmap = (struct subject_map *)kmalloc(sizeof (struct subject_map), GFP_KERNEL);
32927+ if (subjmap == NULL)
32928+ return ERR_PTR(-ENOMEM);
32929+
32930+ subjmap->user = userp;
32931+ subjmap->kernel = s_tmp;
32932+ insert_subj_map_entry(subjmap);
32933+
32934+ if (copy_from_user(s_tmp, userp,
32935+ sizeof (struct acl_subject_label)))
32936+ return ERR_PTR(-EFAULT);
32937+
32938+ len = strnlen_user(s_tmp->filename, PATH_MAX);
32939+
32940+ if (!len || len >= PATH_MAX)
32941+ return ERR_PTR(-EINVAL);
32942+
32943+ if ((tmp = (char *) acl_alloc(len)) == NULL)
32944+ return ERR_PTR(-ENOMEM);
32945+
32946+ if (copy_from_user(tmp, s_tmp->filename, len))
32947+ return ERR_PTR(-EFAULT);
32948+ tmp[len-1] = '\0';
32949+ s_tmp->filename = tmp;
32950+
32951+ if (!strcmp(s_tmp->filename, "/"))
32952+ role->root_label = s_tmp;
32953+
32954+ if (copy_from_user(&ghash, s_tmp->hash, sizeof(struct gr_hash_struct)))
32955+ return ERR_PTR(-EFAULT);
32956+
32957+ /* copy user and group transition tables */
32958+
32959+ if (s_tmp->user_trans_num) {
32960+ uid_t *uidlist;
32961+
32962+ uidlist = (uid_t *)acl_alloc_num(s_tmp->user_trans_num, sizeof(uid_t));
32963+ if (uidlist == NULL)
32964+ return ERR_PTR(-ENOMEM);
32965+ if (copy_from_user(uidlist, s_tmp->user_transitions, s_tmp->user_trans_num * sizeof(uid_t)))
32966+ return ERR_PTR(-EFAULT);
32967+
32968+ s_tmp->user_transitions = uidlist;
32969+ }
32970+
32971+ if (s_tmp->group_trans_num) {
32972+ gid_t *gidlist;
32973+
32974+ gidlist = (gid_t *)acl_alloc_num(s_tmp->group_trans_num, sizeof(gid_t));
32975+ if (gidlist == NULL)
32976+ return ERR_PTR(-ENOMEM);
32977+ if (copy_from_user(gidlist, s_tmp->group_transitions, s_tmp->group_trans_num * sizeof(gid_t)))
32978+ return ERR_PTR(-EFAULT);
32979+
32980+ s_tmp->group_transitions = gidlist;
32981+ }
32982+
32983+ /* set up object hash table */
32984+ num_objs = count_user_objs(ghash.first);
32985+
32986+ s_tmp->obj_hash_size = num_objs;
32987+ s_tmp->obj_hash =
32988+ (struct acl_object_label **)
32989+ create_table(&(s_tmp->obj_hash_size), sizeof(void *));
32990+
32991+ if (!s_tmp->obj_hash)
32992+ return ERR_PTR(-ENOMEM);
32993+
32994+ memset(s_tmp->obj_hash, 0,
32995+ s_tmp->obj_hash_size *
32996+ sizeof (struct acl_object_label *));
32997+
32998+ /* add in objects */
32999+ err = copy_user_objs(ghash.first, s_tmp, role);
33000+
33001+ if (err)
33002+ return ERR_PTR(err);
33003+
33004+ /* set pointer for parent subject */
33005+ if (s_tmp->parent_subject) {
33006+ s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role);
33007+
33008+ if (IS_ERR(s_tmp2))
33009+ return s_tmp2;
33010+
33011+ s_tmp->parent_subject = s_tmp2;
33012+ }
33013+
33014+ /* add in ip acls */
33015+
33016+ if (!s_tmp->ip_num) {
33017+ s_tmp->ips = NULL;
33018+ goto insert;
33019+ }
33020+
33021+ i_tmp =
33022+ (struct acl_ip_label **) acl_alloc_num(s_tmp->ip_num,
33023+ sizeof (struct acl_ip_label *));
33024+
33025+ if (!i_tmp)
33026+ return ERR_PTR(-ENOMEM);
33027+
33028+ for (i_num = 0; i_num < s_tmp->ip_num; i_num++) {
33029+ *(i_tmp + i_num) =
33030+ (struct acl_ip_label *)
33031+ acl_alloc(sizeof (struct acl_ip_label));
33032+ if (!*(i_tmp + i_num))
33033+ return ERR_PTR(-ENOMEM);
33034+
33035+ if (copy_from_user
33036+ (&i_utmp2, s_tmp->ips + i_num,
33037+ sizeof (struct acl_ip_label *)))
33038+ return ERR_PTR(-EFAULT);
33039+
33040+ if (copy_from_user
33041+ (*(i_tmp + i_num), i_utmp2,
33042+ sizeof (struct acl_ip_label)))
33043+ return ERR_PTR(-EFAULT);
33044+
33045+ if ((*(i_tmp + i_num))->iface == NULL)
33046+ continue;
33047+
33048+ len = strnlen_user((*(i_tmp + i_num))->iface, IFNAMSIZ);
33049+ if (!len || len >= IFNAMSIZ)
33050+ return ERR_PTR(-EINVAL);
33051+ tmp = acl_alloc(len);
33052+ if (tmp == NULL)
33053+ return ERR_PTR(-ENOMEM);
33054+ if (copy_from_user(tmp, (*(i_tmp + i_num))->iface, len))
33055+ return ERR_PTR(-EFAULT);
33056+ (*(i_tmp + i_num))->iface = tmp;
33057+ }
33058+
33059+ s_tmp->ips = i_tmp;
33060+
33061+insert:
33062+ if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
33063+ s_tmp->device, (s_tmp->mode & GR_DELETED) ? 1 : 0))
33064+ return ERR_PTR(-ENOMEM);
33065+
33066+ return s_tmp;
33067+}
33068+
33069+static int
33070+copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role)
33071+{
33072+ struct acl_subject_label s_pre;
33073+ struct acl_subject_label * ret;
33074+ int err;
33075+
33076+ while (userp) {
33077+ if (copy_from_user(&s_pre, userp,
33078+ sizeof (struct acl_subject_label)))
33079+ return -EFAULT;
33080+
33081+ /* do not add nested subjects here, add
33082+ while parsing objects
33083+ */
33084+
33085+ if (s_pre.mode & GR_NESTED) {
33086+ userp = s_pre.prev;
33087+ continue;
33088+ }
33089+
33090+ ret = do_copy_user_subj(userp, role);
33091+
33092+ err = PTR_ERR(ret);
33093+ if (IS_ERR(ret))
33094+ return err;
33095+
33096+ insert_acl_subj_label(ret, role);
33097+
33098+ userp = s_pre.prev;
33099+ }
33100+
33101+ return 0;
33102+}
33103+
33104+static int
33105+copy_user_acl(struct gr_arg *arg)
33106+{
33107+ struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2;
33108+ struct sprole_pw *sptmp;
33109+ struct gr_hash_struct *ghash;
33110+ uid_t *domainlist;
33111+ unsigned int r_num;
33112+ unsigned int len;
33113+ char *tmp;
33114+ int err = 0;
33115+ __u16 i;
33116+ __u32 num_subjs;
33117+
33118+ /* we need a default and kernel role */
33119+ if (arg->role_db.num_roles < 2)
33120+ return -EINVAL;
33121+
33122+ /* copy special role authentication info from userspace */
33123+
33124+ num_sprole_pws = arg->num_sprole_pws;
33125+ acl_special_roles = (struct sprole_pw **) acl_alloc_num(num_sprole_pws, sizeof(struct sprole_pw *));
33126+
33127+ if (!acl_special_roles) {
33128+ err = -ENOMEM;
33129+ goto cleanup;
33130+ }
33131+
33132+ for (i = 0; i < num_sprole_pws; i++) {
33133+ sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
33134+ if (!sptmp) {
33135+ err = -ENOMEM;
33136+ goto cleanup;
33137+ }
33138+ if (copy_from_user(sptmp, arg->sprole_pws + i,
33139+ sizeof (struct sprole_pw))) {
33140+ err = -EFAULT;
33141+ goto cleanup;
33142+ }
33143+
33144+ len =
33145+ strnlen_user(sptmp->rolename, GR_SPROLE_LEN);
33146+
33147+ if (!len || len >= GR_SPROLE_LEN) {
33148+ err = -EINVAL;
33149+ goto cleanup;
33150+ }
33151+
33152+ if ((tmp = (char *) acl_alloc(len)) == NULL) {
33153+ err = -ENOMEM;
33154+ goto cleanup;
33155+ }
33156+
33157+ if (copy_from_user(tmp, sptmp->rolename, len)) {
33158+ err = -EFAULT;
33159+ goto cleanup;
33160+ }
33161+ tmp[len-1] = '\0';
33162+#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
33163+ printk(KERN_ALERT "Copying special role %s\n", tmp);
33164+#endif
33165+ sptmp->rolename = tmp;
33166+ acl_special_roles[i] = sptmp;
33167+ }
33168+
33169+ r_utmp = (struct acl_role_label **) arg->role_db.r_table;
33170+
33171+ for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) {
33172+ r_tmp = acl_alloc(sizeof (struct acl_role_label));
33173+
33174+ if (!r_tmp) {
33175+ err = -ENOMEM;
33176+ goto cleanup;
33177+ }
33178+
33179+ if (copy_from_user(&r_utmp2, r_utmp + r_num,
33180+ sizeof (struct acl_role_label *))) {
33181+ err = -EFAULT;
33182+ goto cleanup;
33183+ }
33184+
33185+ if (copy_from_user(r_tmp, r_utmp2,
33186+ sizeof (struct acl_role_label))) {
33187+ err = -EFAULT;
33188+ goto cleanup;
33189+ }
33190+
33191+ len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN);
33192+
33193+ if (!len || len >= PATH_MAX) {
33194+ err = -EINVAL;
33195+ goto cleanup;
33196+ }
33197+
33198+ if ((tmp = (char *) acl_alloc(len)) == NULL) {
33199+ err = -ENOMEM;
33200+ goto cleanup;
33201+ }
33202+ if (copy_from_user(tmp, r_tmp->rolename, len)) {
33203+ err = -EFAULT;
33204+ goto cleanup;
33205+ }
33206+ tmp[len-1] = '\0';
33207+ r_tmp->rolename = tmp;
33208+
33209+ if (!strcmp(r_tmp->rolename, "default")
33210+ && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
33211+ default_role = r_tmp;
33212+ } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) {
33213+ kernel_role = r_tmp;
33214+ }
33215+
33216+ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) {
33217+ err = -ENOMEM;
33218+ goto cleanup;
33219+ }
33220+ if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) {
33221+ err = -EFAULT;
33222+ goto cleanup;
33223+ }
33224+
33225+ r_tmp->hash = ghash;
33226+
33227+ num_subjs = count_user_subjs(r_tmp->hash->first);
33228+
33229+ r_tmp->subj_hash_size = num_subjs;
33230+ r_tmp->subj_hash =
33231+ (struct acl_subject_label **)
33232+ create_table(&(r_tmp->subj_hash_size), sizeof(void *));
33233+
33234+ if (!r_tmp->subj_hash) {
33235+ err = -ENOMEM;
33236+ goto cleanup;
33237+ }
33238+
33239+ err = copy_user_allowedips(r_tmp);
33240+ if (err)
33241+ goto cleanup;
33242+
33243+ /* copy domain info */
33244+ if (r_tmp->domain_children != NULL) {
33245+ domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t));
33246+ if (domainlist == NULL) {
33247+ err = -ENOMEM;
33248+ goto cleanup;
33249+ }
33250+ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) {
33251+ err = -EFAULT;
33252+ goto cleanup;
33253+ }
33254+ r_tmp->domain_children = domainlist;
33255+ }
33256+
33257+ err = copy_user_transitions(r_tmp);
33258+ if (err)
33259+ goto cleanup;
33260+
33261+ memset(r_tmp->subj_hash, 0,
33262+ r_tmp->subj_hash_size *
33263+ sizeof (struct acl_subject_label *));
33264+
33265+ err = copy_user_subjs(r_tmp->hash->first, r_tmp);
33266+
33267+ if (err)
33268+ goto cleanup;
33269+
33270+ /* set nested subject list to null */
33271+ r_tmp->hash->first = NULL;
33272+
33273+ insert_acl_role_label(r_tmp);
33274+ }
33275+
33276+ goto return_err;
33277+ cleanup:
33278+ free_variables();
33279+ return_err:
33280+ return err;
33281+
33282+}
33283+
33284+static int
33285+gracl_init(struct gr_arg *args)
33286+{
33287+ int error = 0;
33288+
33289+ memcpy(gr_system_salt, args->salt, GR_SALT_LEN);
33290+ memcpy(gr_system_sum, args->sum, GR_SHA_LEN);
33291+
33292+ if (init_variables(args)) {
33293+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
33294+ error = -ENOMEM;
33295+ free_variables();
33296+ goto out;
33297+ }
33298+
33299+ error = copy_user_acl(args);
33300+ free_init_variables();
33301+ if (error) {
33302+ free_variables();
33303+ goto out;
33304+ }
33305+
33306+ if ((error = gr_set_acls(0))) {
33307+ free_variables();
33308+ goto out;
33309+ }
33310+
33311+ pax_open_kernel();
33312+ gr_status |= GR_READY;
33313+ pax_close_kernel();
33314+
33315+ out:
33316+ return error;
33317+}
33318+
33319+/* derived from glibc fnmatch() 0: match, 1: no match*/
33320+
33321+static int
33322+glob_match(const char *p, const char *n)
33323+{
33324+ char c;
33325+
33326+ while ((c = *p++) != '\0') {
33327+ switch (c) {
33328+ case '?':
33329+ if (*n == '\0')
33330+ return 1;
33331+ else if (*n == '/')
33332+ return 1;
33333+ break;
33334+ case '\\':
33335+ if (*n != c)
33336+ return 1;
33337+ break;
33338+ case '*':
33339+ for (c = *p++; c == '?' || c == '*'; c = *p++) {
33340+ if (*n == '/')
33341+ return 1;
33342+ else if (c == '?') {
33343+ if (*n == '\0')
33344+ return 1;
33345+ else
33346+ ++n;
33347+ }
33348+ }
33349+ if (c == '\0') {
33350+ return 0;
33351+ } else {
33352+ const char *endp;
33353+
33354+ if ((endp = strchr(n, '/')) == NULL)
33355+ endp = n + strlen(n);
33356+
33357+ if (c == '[') {
33358+ for (--p; n < endp; ++n)
33359+ if (!glob_match(p, n))
33360+ return 0;
33361+ } else if (c == '/') {
33362+ while (*n != '\0' && *n != '/')
33363+ ++n;
33364+ if (*n == '/' && !glob_match(p, n + 1))
33365+ return 0;
33366+ } else {
33367+ for (--p; n < endp; ++n)
33368+ if (*n == c && !glob_match(p, n))
33369+ return 0;
33370+ }
33371+
33372+ return 1;
33373+ }
33374+ case '[':
33375+ {
33376+ int not;
33377+ char cold;
33378+
33379+ if (*n == '\0' || *n == '/')
33380+ return 1;
33381+
33382+ not = (*p == '!' || *p == '^');
33383+ if (not)
33384+ ++p;
33385+
33386+ c = *p++;
33387+ for (;;) {
33388+ unsigned char fn = (unsigned char)*n;
33389+
33390+ if (c == '\0')
33391+ return 1;
33392+ else {
33393+ if (c == fn)
33394+ goto matched;
33395+ cold = c;
33396+ c = *p++;
33397+
33398+ if (c == '-' && *p != ']') {
33399+ unsigned char cend = *p++;
33400+
33401+ if (cend == '\0')
33402+ return 1;
33403+
33404+ if (cold <= fn && fn <= cend)
33405+ goto matched;
33406+
33407+ c = *p++;
33408+ }
33409+ }
33410+
33411+ if (c == ']')
33412+ break;
33413+ }
33414+ if (!not)
33415+ return 1;
33416+ break;
33417+ matched:
33418+ while (c != ']') {
33419+ if (c == '\0')
33420+ return 1;
33421+
33422+ c = *p++;
33423+ }
33424+ if (not)
33425+ return 1;
33426+ }
33427+ break;
33428+ default:
33429+ if (c != *n)
33430+ return 1;
33431+ }
33432+
33433+ ++n;
33434+ }
33435+
33436+ if (*n == '\0')
33437+ return 0;
33438+
33439+ if (*n == '/')
33440+ return 0;
33441+
33442+ return 1;
33443+}
33444+
33445+static struct acl_object_label *
33446+chk_glob_label(struct acl_object_label *globbed,
33447+ struct dentry *dentry, struct vfsmount *mnt, char **path)
33448+{
33449+ struct acl_object_label *tmp;
33450+
33451+ if (*path == NULL)
33452+ *path = gr_to_filename_nolock(dentry, mnt);
33453+
33454+ tmp = globbed;
33455+
33456+ while (tmp) {
33457+ if (!glob_match(tmp->filename, *path))
33458+ return tmp;
33459+ tmp = tmp->next;
33460+ }
33461+
33462+ return NULL;
33463+}
33464+
33465+static struct acl_object_label *
33466+__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
33467+ const ino_t curr_ino, const dev_t curr_dev,
33468+ const struct acl_subject_label *subj, char **path, const int checkglob)
33469+{
33470+ struct acl_subject_label *tmpsubj;
33471+ struct acl_object_label *retval;
33472+ struct acl_object_label *retval2;
33473+
33474+ tmpsubj = (struct acl_subject_label *) subj;
33475+ read_lock(&gr_inode_lock);
33476+ do {
33477+ retval = lookup_acl_obj_label(curr_ino, curr_dev, tmpsubj);
33478+ if (retval) {
33479+ if (checkglob && retval->globbed) {
33480+ retval2 = chk_glob_label(retval->globbed, (struct dentry *)orig_dentry,
33481+ (struct vfsmount *)orig_mnt, path);
33482+ if (retval2)
33483+ retval = retval2;
33484+ }
33485+ break;
33486+ }
33487+ } while ((tmpsubj = tmpsubj->parent_subject));
33488+ read_unlock(&gr_inode_lock);
33489+
33490+ return retval;
33491+}
33492+
33493+static __inline__ struct acl_object_label *
33494+full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
33495+ const struct dentry *curr_dentry,
33496+ const struct acl_subject_label *subj, char **path, const int checkglob)
33497+{
33498+ return __full_lookup(orig_dentry, orig_mnt,
33499+ curr_dentry->d_inode->i_ino,
33500+ curr_dentry->d_inode->i_sb->s_dev, subj, path, checkglob);
33501+}
33502+
33503+static struct acl_object_label *
33504+__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33505+ const struct acl_subject_label *subj, char *path, const int checkglob)
33506+{
33507+ struct dentry *dentry = (struct dentry *) l_dentry;
33508+ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
33509+ struct acl_object_label *retval;
33510+
33511+ spin_lock(&dcache_lock);
33512+
33513+ if (unlikely(mnt == shm_mnt || mnt == pipe_mnt || mnt == sock_mnt ||
33514+ /* ignore Eric Biederman */
33515+ IS_PRIVATE(l_dentry->d_inode))) {
33516+ retval = fakefs_obj;
33517+ goto out;
33518+ }
33519+
33520+ for (;;) {
33521+ if (dentry == real_root && mnt == real_root_mnt)
33522+ break;
33523+
33524+ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
33525+ if (mnt->mnt_parent == mnt)
33526+ break;
33527+
33528+ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
33529+ if (retval != NULL)
33530+ goto out;
33531+
33532+ dentry = mnt->mnt_mountpoint;
33533+ mnt = mnt->mnt_parent;
33534+ continue;
33535+ }
33536+
33537+ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
33538+ if (retval != NULL)
33539+ goto out;
33540+
33541+ dentry = dentry->d_parent;
33542+ }
33543+
33544+ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
33545+
33546+ if (retval == NULL)
33547+ retval = full_lookup(l_dentry, l_mnt, real_root, subj, &path, checkglob);
33548+out:
33549+ spin_unlock(&dcache_lock);
33550+ return retval;
33551+}
33552+
33553+static __inline__ struct acl_object_label *
33554+chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33555+ const struct acl_subject_label *subj)
33556+{
33557+ char *path = NULL;
33558+ return __chk_obj_label(l_dentry, l_mnt, subj, path, 1);
33559+}
33560+
33561+static __inline__ struct acl_object_label *
33562+chk_obj_label_noglob(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33563+ const struct acl_subject_label *subj)
33564+{
33565+ char *path = NULL;
33566+ return __chk_obj_label(l_dentry, l_mnt, subj, path, 0);
33567+}
33568+
33569+static __inline__ struct acl_object_label *
33570+chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33571+ const struct acl_subject_label *subj, char *path)
33572+{
33573+ return __chk_obj_label(l_dentry, l_mnt, subj, path, 1);
33574+}
33575+
33576+static struct acl_subject_label *
33577+chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33578+ const struct acl_role_label *role)
33579+{
33580+ struct dentry *dentry = (struct dentry *) l_dentry;
33581+ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
33582+ struct acl_subject_label *retval;
33583+
33584+ spin_lock(&dcache_lock);
33585+
33586+ for (;;) {
33587+ if (dentry == real_root && mnt == real_root_mnt)
33588+ break;
33589+ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
33590+ if (mnt->mnt_parent == mnt)
33591+ break;
33592+
33593+ read_lock(&gr_inode_lock);
33594+ retval =
33595+ lookup_acl_subj_label(dentry->d_inode->i_ino,
33596+ dentry->d_inode->i_sb->s_dev, role);
33597+ read_unlock(&gr_inode_lock);
33598+ if (retval != NULL)
33599+ goto out;
33600+
33601+ dentry = mnt->mnt_mountpoint;
33602+ mnt = mnt->mnt_parent;
33603+ continue;
33604+ }
33605+
33606+ read_lock(&gr_inode_lock);
33607+ retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
33608+ dentry->d_inode->i_sb->s_dev, role);
33609+ read_unlock(&gr_inode_lock);
33610+ if (retval != NULL)
33611+ goto out;
33612+
33613+ dentry = dentry->d_parent;
33614+ }
33615+
33616+ read_lock(&gr_inode_lock);
33617+ retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
33618+ dentry->d_inode->i_sb->s_dev, role);
33619+ read_unlock(&gr_inode_lock);
33620+
33621+ if (unlikely(retval == NULL)) {
33622+ read_lock(&gr_inode_lock);
33623+ retval = lookup_acl_subj_label(real_root->d_inode->i_ino,
33624+ real_root->d_inode->i_sb->s_dev, role);
33625+ read_unlock(&gr_inode_lock);
33626+ }
33627+out:
33628+ spin_unlock(&dcache_lock);
33629+
33630+ return retval;
33631+}
33632+
33633+static void
33634+gr_log_learn(const struct dentry *dentry, const struct vfsmount *mnt, const __u32 mode)
33635+{
33636+ struct task_struct *task = current;
33637+ const struct cred *cred = current_cred();
33638+
33639+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
33640+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
33641+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
33642+ 1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, &task->signal->curr_ip);
33643+
33644+ return;
33645+}
33646+
33647+static void
33648+gr_log_learn_sysctl(const char *path, const __u32 mode)
33649+{
33650+ struct task_struct *task = current;
33651+ const struct cred *cred = current_cred();
33652+
33653+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
33654+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
33655+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
33656+ 1UL, 1UL, path, (unsigned long) mode, &task->signal->curr_ip);
33657+
33658+ return;
33659+}
33660+
33661+static void
33662+gr_log_learn_id_change(const char type, const unsigned int real,
33663+ const unsigned int effective, const unsigned int fs)
33664+{
33665+ struct task_struct *task = current;
33666+ const struct cred *cred = current_cred();
33667+
33668+ security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
33669+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
33670+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
33671+ type, real, effective, fs, &task->signal->curr_ip);
33672+
33673+ return;
33674+}
33675+
33676+__u32
33677+gr_check_link(const struct dentry * new_dentry,
33678+ const struct dentry * parent_dentry,
33679+ const struct vfsmount * parent_mnt,
33680+ const struct dentry * old_dentry, const struct vfsmount * old_mnt)
33681+{
33682+ struct acl_object_label *obj;
33683+ __u32 oldmode, newmode;
33684+ __u32 needmode;
33685+
33686+ if (unlikely(!(gr_status & GR_READY)))
33687+ return (GR_CREATE | GR_LINK);
33688+
33689+ obj = chk_obj_label(old_dentry, old_mnt, current->acl);
33690+ oldmode = obj->mode;
33691+
33692+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
33693+ oldmode |= (GR_CREATE | GR_LINK);
33694+
33695+ needmode = GR_CREATE | GR_AUDIT_CREATE | GR_SUPPRESS;
33696+ if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID))
33697+ needmode |= GR_SETID | GR_AUDIT_SETID;
33698+
33699+ newmode =
33700+ gr_check_create(new_dentry, parent_dentry, parent_mnt,
33701+ oldmode | needmode);
33702+
33703+ needmode = newmode & (GR_FIND | GR_APPEND | GR_WRITE | GR_EXEC |
33704+ GR_SETID | GR_READ | GR_FIND | GR_DELETE |
33705+ GR_INHERIT | GR_AUDIT_INHERIT);
33706+
33707+ if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID) && !(newmode & GR_SETID))
33708+ goto bad;
33709+
33710+ if ((oldmode & needmode) != needmode)
33711+ goto bad;
33712+
33713+ needmode = oldmode & (GR_NOPTRACE | GR_PTRACERD | GR_INHERIT | GR_AUDITS);
33714+ if ((newmode & needmode) != needmode)
33715+ goto bad;
33716+
33717+ if ((newmode & (GR_CREATE | GR_LINK)) == (GR_CREATE | GR_LINK))
33718+ return newmode;
33719+bad:
33720+ needmode = oldmode;
33721+ if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID))
33722+ needmode |= GR_SETID;
33723+
33724+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) {
33725+ gr_log_learn(old_dentry, old_mnt, needmode);
33726+ return (GR_CREATE | GR_LINK);
33727+ } else if (newmode & GR_SUPPRESS)
33728+ return GR_SUPPRESS;
33729+ else
33730+ return 0;
33731+}
33732+
33733+__u32
33734+gr_search_file(const struct dentry * dentry, const __u32 mode,
33735+ const struct vfsmount * mnt)
33736+{
33737+ __u32 retval = mode;
33738+ struct acl_subject_label *curracl;
33739+ struct acl_object_label *currobj;
33740+
33741+ if (unlikely(!(gr_status & GR_READY)))
33742+ return (mode & ~GR_AUDITS);
33743+
33744+ curracl = current->acl;
33745+
33746+ currobj = chk_obj_label(dentry, mnt, curracl);
33747+ retval = currobj->mode & mode;
33748+
33749+ if (unlikely
33750+ ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) && !(mode & GR_NOPTRACE)
33751+ && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) {
33752+ __u32 new_mode = mode;
33753+
33754+ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
33755+
33756+ retval = new_mode;
33757+
33758+ if (new_mode & GR_EXEC && curracl->mode & GR_INHERITLEARN)
33759+ new_mode |= GR_INHERIT;
33760+
33761+ if (!(mode & GR_NOLEARN))
33762+ gr_log_learn(dentry, mnt, new_mode);
33763+ }
33764+
33765+ return retval;
33766+}
33767+
33768+__u32
33769+gr_check_create(const struct dentry * new_dentry, const struct dentry * parent,
33770+ const struct vfsmount * mnt, const __u32 mode)
33771+{
33772+ struct name_entry *match;
33773+ struct acl_object_label *matchpo;
33774+ struct acl_subject_label *curracl;
33775+ char *path;
33776+ __u32 retval;
33777+
33778+ if (unlikely(!(gr_status & GR_READY)))
33779+ return (mode & ~GR_AUDITS);
33780+
33781+ preempt_disable();
33782+ path = gr_to_filename_rbac(new_dentry, mnt);
33783+ match = lookup_name_entry_create(path);
33784+
33785+ if (!match)
33786+ goto check_parent;
33787+
33788+ curracl = current->acl;
33789+
33790+ read_lock(&gr_inode_lock);
33791+ matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl);
33792+ read_unlock(&gr_inode_lock);
33793+
33794+ if (matchpo) {
33795+ if ((matchpo->mode & mode) !=
33796+ (mode & ~(GR_AUDITS | GR_SUPPRESS))
33797+ && curracl->mode & (GR_LEARN | GR_INHERITLEARN)) {
33798+ __u32 new_mode = mode;
33799+
33800+ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
33801+
33802+ gr_log_learn(new_dentry, mnt, new_mode);
33803+
33804+ preempt_enable();
33805+ return new_mode;
33806+ }
33807+ preempt_enable();
33808+ return (matchpo->mode & mode);
33809+ }
33810+
33811+ check_parent:
33812+ curracl = current->acl;
33813+
33814+ matchpo = chk_obj_create_label(parent, mnt, curracl, path);
33815+ retval = matchpo->mode & mode;
33816+
33817+ if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS)))
33818+ && (curracl->mode & (GR_LEARN | GR_INHERITLEARN))) {
33819+ __u32 new_mode = mode;
33820+
33821+ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
33822+
33823+ gr_log_learn(new_dentry, mnt, new_mode);
33824+ preempt_enable();
33825+ return new_mode;
33826+ }
33827+
33828+ preempt_enable();
33829+ return retval;
33830+}
33831+
33832+int
33833+gr_check_hidden_task(const struct task_struct *task)
33834+{
33835+ if (unlikely(!(gr_status & GR_READY)))
33836+ return 0;
33837+
33838+ if (!(task->acl->mode & GR_PROCFIND) && !(current->acl->mode & GR_VIEW))
33839+ return 1;
33840+
33841+ return 0;
33842+}
33843+
33844+int
33845+gr_check_protected_task(const struct task_struct *task)
33846+{
33847+ if (unlikely(!(gr_status & GR_READY) || !task))
33848+ return 0;
33849+
33850+ if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
33851+ task->acl != current->acl)
33852+ return 1;
33853+
33854+ return 0;
33855+}
33856+
33857+void
33858+gr_copy_label(struct task_struct *tsk)
33859+{
33860+ tsk->signal->used_accept = 0;
33861+ tsk->acl_sp_role = 0;
33862+ tsk->acl_role_id = current->acl_role_id;
33863+ tsk->acl = current->acl;
33864+ tsk->role = current->role;
33865+ tsk->signal->curr_ip = current->signal->curr_ip;
33866+ if (current->exec_file)
33867+ get_file(current->exec_file);
33868+ tsk->exec_file = current->exec_file;
33869+ tsk->is_writable = current->is_writable;
33870+ if (unlikely(current->signal->used_accept))
33871+ current->signal->curr_ip = 0;
33872+
33873+ return;
33874+}
33875+
33876+static void
33877+gr_set_proc_res(struct task_struct *task)
33878+{
33879+ struct acl_subject_label *proc;
33880+ unsigned short i;
33881+
33882+ proc = task->acl;
33883+
33884+ if (proc->mode & (GR_LEARN | GR_INHERITLEARN))
33885+ return;
33886+
33887+ for (i = 0; i < RLIM_NLIMITS; i++) {
33888+ if (!(proc->resmask & (1 << i)))
33889+ continue;
33890+
33891+ task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur;
33892+ task->signal->rlim[i].rlim_max = proc->res[i].rlim_max;
33893+ }
33894+
33895+ return;
33896+}
33897+
33898+int
33899+gr_check_user_change(int real, int effective, int fs)
33900+{
33901+ unsigned int i;
33902+ __u16 num;
33903+ uid_t *uidlist;
33904+ int curuid;
33905+ int realok = 0;
33906+ int effectiveok = 0;
33907+ int fsok = 0;
33908+
33909+ if (unlikely(!(gr_status & GR_READY)))
33910+ return 0;
33911+
33912+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
33913+ gr_log_learn_id_change('u', real, effective, fs);
33914+
33915+ num = current->acl->user_trans_num;
33916+ uidlist = current->acl->user_transitions;
33917+
33918+ if (uidlist == NULL)
33919+ return 0;
33920+
33921+ if (real == -1)
33922+ realok = 1;
33923+ if (effective == -1)
33924+ effectiveok = 1;
33925+ if (fs == -1)
33926+ fsok = 1;
33927+
33928+ if (current->acl->user_trans_type & GR_ID_ALLOW) {
33929+ for (i = 0; i < num; i++) {
33930+ curuid = (int)uidlist[i];
33931+ if (real == curuid)
33932+ realok = 1;
33933+ if (effective == curuid)
33934+ effectiveok = 1;
33935+ if (fs == curuid)
33936+ fsok = 1;
33937+ }
33938+ } else if (current->acl->user_trans_type & GR_ID_DENY) {
33939+ for (i = 0; i < num; i++) {
33940+ curuid = (int)uidlist[i];
33941+ if (real == curuid)
33942+ break;
33943+ if (effective == curuid)
33944+ break;
33945+ if (fs == curuid)
33946+ break;
33947+ }
33948+ /* not in deny list */
33949+ if (i == num) {
33950+ realok = 1;
33951+ effectiveok = 1;
33952+ fsok = 1;
33953+ }
33954+ }
33955+
33956+ if (realok && effectiveok && fsok)
33957+ return 0;
33958+ else {
33959+ gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
33960+ return 1;
33961+ }
33962+}
33963+
33964+int
33965+gr_check_group_change(int real, int effective, int fs)
33966+{
33967+ unsigned int i;
33968+ __u16 num;
33969+ gid_t *gidlist;
33970+ int curgid;
33971+ int realok = 0;
33972+ int effectiveok = 0;
33973+ int fsok = 0;
33974+
33975+ if (unlikely(!(gr_status & GR_READY)))
33976+ return 0;
33977+
33978+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
33979+ gr_log_learn_id_change('g', real, effective, fs);
33980+
33981+ num = current->acl->group_trans_num;
33982+ gidlist = current->acl->group_transitions;
33983+
33984+ if (gidlist == NULL)
33985+ return 0;
33986+
33987+ if (real == -1)
33988+ realok = 1;
33989+ if (effective == -1)
33990+ effectiveok = 1;
33991+ if (fs == -1)
33992+ fsok = 1;
33993+
33994+ if (current->acl->group_trans_type & GR_ID_ALLOW) {
33995+ for (i = 0; i < num; i++) {
33996+ curgid = (int)gidlist[i];
33997+ if (real == curgid)
33998+ realok = 1;
33999+ if (effective == curgid)
34000+ effectiveok = 1;
34001+ if (fs == curgid)
34002+ fsok = 1;
34003+ }
34004+ } else if (current->acl->group_trans_type & GR_ID_DENY) {
34005+ for (i = 0; i < num; i++) {
34006+ curgid = (int)gidlist[i];
34007+ if (real == curgid)
34008+ break;
34009+ if (effective == curgid)
34010+ break;
34011+ if (fs == curgid)
34012+ break;
34013+ }
34014+ /* not in deny list */
34015+ if (i == num) {
34016+ realok = 1;
34017+ effectiveok = 1;
34018+ fsok = 1;
34019+ }
34020+ }
34021+
34022+ if (realok && effectiveok && fsok)
34023+ return 0;
34024+ else {
34025+ gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
34026+ return 1;
34027+ }
34028+}
34029+
34030+void
34031+gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid)
34032+{
34033+ struct acl_role_label *role = task->role;
34034+ struct acl_subject_label *subj = NULL;
34035+ struct acl_object_label *obj;
34036+ struct file *filp;
34037+
34038+ if (unlikely(!(gr_status & GR_READY)))
34039+ return;
34040+
34041+ filp = task->exec_file;
34042+
34043+ /* kernel process, we'll give them the kernel role */
34044+ if (unlikely(!filp)) {
34045+ task->role = kernel_role;
34046+ task->acl = kernel_role->root_label;
34047+ return;
34048+ } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL))
34049+ role = lookup_acl_role_label(task, uid, gid);
34050+
34051+ /* perform subject lookup in possibly new role
34052+ we can use this result below in the case where role == task->role
34053+ */
34054+ subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role);
34055+
34056+ /* if we changed uid/gid, but result in the same role
34057+ and are using inheritance, don't lose the inherited subject
34058+ if current subject is other than what normal lookup
34059+ would result in, we arrived via inheritance, don't
34060+ lose subject
34061+ */
34062+ if (role != task->role || (!(task->acl->mode & GR_INHERITLEARN) &&
34063+ (subj == task->acl)))
34064+ task->acl = subj;
34065+
34066+ task->role = role;
34067+
34068+ task->is_writable = 0;
34069+
34070+ /* ignore additional mmap checks for processes that are writable
34071+ by the default ACL */
34072+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
34073+ if (unlikely(obj->mode & GR_WRITE))
34074+ task->is_writable = 1;
34075+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
34076+ if (unlikely(obj->mode & GR_WRITE))
34077+ task->is_writable = 1;
34078+
34079+#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
34080+ printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
34081+#endif
34082+
34083+ gr_set_proc_res(task);
34084+
34085+ return;
34086+}
34087+
34088+int
34089+gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
34090+ const int unsafe_share)
34091+{
34092+ struct task_struct *task = current;
34093+ struct acl_subject_label *newacl;
34094+ struct acl_object_label *obj;
34095+ __u32 retmode;
34096+
34097+ if (unlikely(!(gr_status & GR_READY)))
34098+ return 0;
34099+
34100+ newacl = chk_subj_label(dentry, mnt, task->role);
34101+
34102+ task_lock(task);
34103+ if ((((task->ptrace & PT_PTRACED) || unsafe_share) &&
34104+ !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) &&
34105+ !(task->role->roletype & GR_ROLE_GOD) &&
34106+ !gr_search_file(dentry, GR_PTRACERD, mnt) &&
34107+ !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN)))) {
34108+ task_unlock(task);
34109+ if (unsafe_share)
34110+ gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt);
34111+ else
34112+ gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt);
34113+ return -EACCES;
34114+ }
34115+ task_unlock(task);
34116+
34117+ obj = chk_obj_label(dentry, mnt, task->acl);
34118+ retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
34119+
34120+ if (!(task->acl->mode & GR_INHERITLEARN) &&
34121+ ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT))) {
34122+ if (obj->nested)
34123+ task->acl = obj->nested;
34124+ else
34125+ task->acl = newacl;
34126+ } else if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT)
34127+ gr_log_str_fs(GR_DO_AUDIT, GR_INHERIT_ACL_MSG, task->acl->filename, dentry, mnt);
34128+
34129+ task->is_writable = 0;
34130+
34131+ /* ignore additional mmap checks for processes that are writable
34132+ by the default ACL */
34133+ obj = chk_obj_label(dentry, mnt, default_role->root_label);
34134+ if (unlikely(obj->mode & GR_WRITE))
34135+ task->is_writable = 1;
34136+ obj = chk_obj_label(dentry, mnt, task->role->root_label);
34137+ if (unlikely(obj->mode & GR_WRITE))
34138+ task->is_writable = 1;
34139+
34140+ gr_set_proc_res(task);
34141+
34142+#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
34143+ printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
34144+#endif
34145+ return 0;
34146+}
34147+
34148+/* always called with valid inodev ptr */
34149+static void
34150+do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev)
34151+{
34152+ struct acl_object_label *matchpo;
34153+ struct acl_subject_label *matchps;
34154+ struct acl_subject_label *subj;
34155+ struct acl_role_label *role;
34156+ unsigned int x;
34157+
34158+ FOR_EACH_ROLE_START(role)
34159+ FOR_EACH_SUBJECT_START(role, subj, x)
34160+ if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
34161+ matchpo->mode |= GR_DELETED;
34162+ FOR_EACH_SUBJECT_END(subj,x)
34163+ FOR_EACH_NESTED_SUBJECT_START(role, subj)
34164+ if (subj->inode == ino && subj->device == dev)
34165+ subj->mode |= GR_DELETED;
34166+ FOR_EACH_NESTED_SUBJECT_END(subj)
34167+ if ((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL)
34168+ matchps->mode |= GR_DELETED;
34169+ FOR_EACH_ROLE_END(role)
34170+
34171+ inodev->nentry->deleted = 1;
34172+
34173+ return;
34174+}
34175+
34176+void
34177+gr_handle_delete(const ino_t ino, const dev_t dev)
34178+{
34179+ struct inodev_entry *inodev;
34180+
34181+ if (unlikely(!(gr_status & GR_READY)))
34182+ return;
34183+
34184+ write_lock(&gr_inode_lock);
34185+ inodev = lookup_inodev_entry(ino, dev);
34186+ if (inodev != NULL)
34187+ do_handle_delete(inodev, ino, dev);
34188+ write_unlock(&gr_inode_lock);
34189+
34190+ return;
34191+}
34192+
34193+static void
34194+update_acl_obj_label(const ino_t oldinode, const dev_t olddevice,
34195+ const ino_t newinode, const dev_t newdevice,
34196+ struct acl_subject_label *subj)
34197+{
34198+ unsigned int index = fhash(oldinode, olddevice, subj->obj_hash_size);
34199+ struct acl_object_label *match;
34200+
34201+ match = subj->obj_hash[index];
34202+
34203+ while (match && (match->inode != oldinode ||
34204+ match->device != olddevice ||
34205+ !(match->mode & GR_DELETED)))
34206+ match = match->next;
34207+
34208+ if (match && (match->inode == oldinode)
34209+ && (match->device == olddevice)
34210+ && (match->mode & GR_DELETED)) {
34211+ if (match->prev == NULL) {
34212+ subj->obj_hash[index] = match->next;
34213+ if (match->next != NULL)
34214+ match->next->prev = NULL;
34215+ } else {
34216+ match->prev->next = match->next;
34217+ if (match->next != NULL)
34218+ match->next->prev = match->prev;
34219+ }
34220+ match->prev = NULL;
34221+ match->next = NULL;
34222+ match->inode = newinode;
34223+ match->device = newdevice;
34224+ match->mode &= ~GR_DELETED;
34225+
34226+ insert_acl_obj_label(match, subj);
34227+ }
34228+
34229+ return;
34230+}
34231+
34232+static void
34233+update_acl_subj_label(const ino_t oldinode, const dev_t olddevice,
34234+ const ino_t newinode, const dev_t newdevice,
34235+ struct acl_role_label *role)
34236+{
34237+ unsigned int index = fhash(oldinode, olddevice, role->subj_hash_size);
34238+ struct acl_subject_label *match;
34239+
34240+ match = role->subj_hash[index];
34241+
34242+ while (match && (match->inode != oldinode ||
34243+ match->device != olddevice ||
34244+ !(match->mode & GR_DELETED)))
34245+ match = match->next;
34246+
34247+ if (match && (match->inode == oldinode)
34248+ && (match->device == olddevice)
34249+ && (match->mode & GR_DELETED)) {
34250+ if (match->prev == NULL) {
34251+ role->subj_hash[index] = match->next;
34252+ if (match->next != NULL)
34253+ match->next->prev = NULL;
34254+ } else {
34255+ match->prev->next = match->next;
34256+ if (match->next != NULL)
34257+ match->next->prev = match->prev;
34258+ }
34259+ match->prev = NULL;
34260+ match->next = NULL;
34261+ match->inode = newinode;
34262+ match->device = newdevice;
34263+ match->mode &= ~GR_DELETED;
34264+
34265+ insert_acl_subj_label(match, role);
34266+ }
34267+
34268+ return;
34269+}
34270+
34271+static void
34272+update_inodev_entry(const ino_t oldinode, const dev_t olddevice,
34273+ const ino_t newinode, const dev_t newdevice)
34274+{
34275+ unsigned int index = fhash(oldinode, olddevice, inodev_set.i_size);
34276+ struct inodev_entry *match;
34277+
34278+ match = inodev_set.i_hash[index];
34279+
34280+ while (match && (match->nentry->inode != oldinode ||
34281+ match->nentry->device != olddevice || !match->nentry->deleted))
34282+ match = match->next;
34283+
34284+ if (match && (match->nentry->inode == oldinode)
34285+ && (match->nentry->device == olddevice) &&
34286+ match->nentry->deleted) {
34287+ if (match->prev == NULL) {
34288+ inodev_set.i_hash[index] = match->next;
34289+ if (match->next != NULL)
34290+ match->next->prev = NULL;
34291+ } else {
34292+ match->prev->next = match->next;
34293+ if (match->next != NULL)
34294+ match->next->prev = match->prev;
34295+ }
34296+ match->prev = NULL;
34297+ match->next = NULL;
34298+ match->nentry->inode = newinode;
34299+ match->nentry->device = newdevice;
34300+ match->nentry->deleted = 0;
34301+
34302+ insert_inodev_entry(match);
34303+ }
34304+
34305+ return;
34306+}
34307+
34308+static void
34309+do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
34310+ const struct vfsmount *mnt)
34311+{
34312+ struct acl_subject_label *subj;
34313+ struct acl_role_label *role;
34314+ unsigned int x;
34315+
34316+ FOR_EACH_ROLE_START(role)
34317+ update_acl_subj_label(matchn->inode, matchn->device,
34318+ dentry->d_inode->i_ino,
34319+ dentry->d_inode->i_sb->s_dev, role);
34320+
34321+ FOR_EACH_NESTED_SUBJECT_START(role, subj)
34322+ if ((subj->inode == dentry->d_inode->i_ino) &&
34323+ (subj->device == dentry->d_inode->i_sb->s_dev)) {
34324+ subj->inode = dentry->d_inode->i_ino;
34325+ subj->device = dentry->d_inode->i_sb->s_dev;
34326+ }
34327+ FOR_EACH_NESTED_SUBJECT_END(subj)
34328+ FOR_EACH_SUBJECT_START(role, subj, x)
34329+ update_acl_obj_label(matchn->inode, matchn->device,
34330+ dentry->d_inode->i_ino,
34331+ dentry->d_inode->i_sb->s_dev, subj);
34332+ FOR_EACH_SUBJECT_END(subj,x)
34333+ FOR_EACH_ROLE_END(role)
34334+
34335+ update_inodev_entry(matchn->inode, matchn->device,
34336+ dentry->d_inode->i_ino, dentry->d_inode->i_sb->s_dev);
34337+
34338+ return;
34339+}
34340+
34341+void
34342+gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
34343+{
34344+ struct name_entry *matchn;
34345+
34346+ if (unlikely(!(gr_status & GR_READY)))
34347+ return;
34348+
34349+ preempt_disable();
34350+ matchn = lookup_name_entry(gr_to_filename_rbac(dentry, mnt));
34351+
34352+ if (unlikely((unsigned long)matchn)) {
34353+ write_lock(&gr_inode_lock);
34354+ do_handle_create(matchn, dentry, mnt);
34355+ write_unlock(&gr_inode_lock);
34356+ }
34357+ preempt_enable();
34358+
34359+ return;
34360+}
34361+
34362+void
34363+gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
34364+ struct dentry *old_dentry,
34365+ struct dentry *new_dentry,
34366+ struct vfsmount *mnt, const __u8 replace)
34367+{
34368+ struct name_entry *matchn;
34369+ struct inodev_entry *inodev;
34370+
34371+ /* vfs_rename swaps the name and parent link for old_dentry and
34372+ new_dentry
34373+ at this point, old_dentry has the new name, parent link, and inode
34374+ for the renamed file
34375+ if a file is being replaced by a rename, new_dentry has the inode
34376+ and name for the replaced file
34377+ */
34378+
34379+ if (unlikely(!(gr_status & GR_READY)))
34380+ return;
34381+
34382+ preempt_disable();
34383+ matchn = lookup_name_entry(gr_to_filename_rbac(old_dentry, mnt));
34384+
34385+ /* we wouldn't have to check d_inode if it weren't for
34386+ NFS silly-renaming
34387+ */
34388+
34389+ write_lock(&gr_inode_lock);
34390+ if (unlikely(replace && new_dentry->d_inode)) {
34391+ inodev = lookup_inodev_entry(new_dentry->d_inode->i_ino,
34392+ new_dentry->d_inode->i_sb->s_dev);
34393+ if (inodev != NULL && (new_dentry->d_inode->i_nlink <= 1))
34394+ do_handle_delete(inodev, new_dentry->d_inode->i_ino,
34395+ new_dentry->d_inode->i_sb->s_dev);
34396+ }
34397+
34398+ inodev = lookup_inodev_entry(old_dentry->d_inode->i_ino,
34399+ old_dentry->d_inode->i_sb->s_dev);
34400+ if (inodev != NULL && (old_dentry->d_inode->i_nlink <= 1))
34401+ do_handle_delete(inodev, old_dentry->d_inode->i_ino,
34402+ old_dentry->d_inode->i_sb->s_dev);
34403+
34404+ if (unlikely((unsigned long)matchn))
34405+ do_handle_create(matchn, old_dentry, mnt);
34406+
34407+ write_unlock(&gr_inode_lock);
34408+ preempt_enable();
34409+
34410+ return;
34411+}
34412+
34413+static int
34414+lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt,
34415+ unsigned char **sum)
34416+{
34417+ struct acl_role_label *r;
34418+ struct role_allowed_ip *ipp;
34419+ struct role_transition *trans;
34420+ unsigned int i;
34421+ int found = 0;
34422+
34423+ /* check transition table */
34424+
34425+ for (trans = current->role->transitions; trans; trans = trans->next) {
34426+ if (!strcmp(rolename, trans->rolename)) {
34427+ found = 1;
34428+ break;
34429+ }
34430+ }
34431+
34432+ if (!found)
34433+ return 0;
34434+
34435+ /* handle special roles that do not require authentication
34436+ and check ip */
34437+
34438+ FOR_EACH_ROLE_START(r)
34439+ if (!strcmp(rolename, r->rolename) &&
34440+ (r->roletype & GR_ROLE_SPECIAL)) {
34441+ found = 0;
34442+ if (r->allowed_ips != NULL) {
34443+ for (ipp = r->allowed_ips; ipp; ipp = ipp->next) {
34444+ if ((ntohl(current->signal->curr_ip) & ipp->netmask) ==
34445+ (ntohl(ipp->addr) & ipp->netmask))
34446+ found = 1;
34447+ }
34448+ } else
34449+ found = 2;
34450+ if (!found)
34451+ return 0;
34452+
34453+ if (((mode == GR_SPROLE) && (r->roletype & GR_ROLE_NOPW)) ||
34454+ ((mode == GR_SPROLEPAM) && (r->roletype & GR_ROLE_PAM))) {
34455+ *salt = NULL;
34456+ *sum = NULL;
34457+ return 1;
34458+ }
34459+ }
34460+ FOR_EACH_ROLE_END(r)
34461+
34462+ for (i = 0; i < num_sprole_pws; i++) {
34463+ if (!strcmp(rolename, acl_special_roles[i]->rolename)) {
34464+ *salt = acl_special_roles[i]->salt;
34465+ *sum = acl_special_roles[i]->sum;
34466+ return 1;
34467+ }
34468+ }
34469+
34470+ return 0;
34471+}
34472+
34473+static void
34474+assign_special_role(char *rolename)
34475+{
34476+ struct acl_object_label *obj;
34477+ struct acl_role_label *r;
34478+ struct acl_role_label *assigned = NULL;
34479+ struct task_struct *tsk;
34480+ struct file *filp;
34481+
34482+ FOR_EACH_ROLE_START(r)
34483+ if (!strcmp(rolename, r->rolename) &&
34484+ (r->roletype & GR_ROLE_SPECIAL)) {
34485+ assigned = r;
34486+ break;
34487+ }
34488+ FOR_EACH_ROLE_END(r)
34489+
34490+ if (!assigned)
34491+ return;
34492+
34493+ read_lock(&tasklist_lock);
34494+ read_lock(&grsec_exec_file_lock);
34495+
34496+ tsk = current->parent;
34497+ if (tsk == NULL)
34498+ goto out_unlock;
34499+
34500+ filp = tsk->exec_file;
34501+ if (filp == NULL)
34502+ goto out_unlock;
34503+
34504+ tsk->is_writable = 0;
34505+
34506+ tsk->acl_sp_role = 1;
34507+ tsk->acl_role_id = ++acl_sp_role_value;
34508+ tsk->role = assigned;
34509+ tsk->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role);
34510+
34511+ /* ignore additional mmap checks for processes that are writable
34512+ by the default ACL */
34513+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
34514+ if (unlikely(obj->mode & GR_WRITE))
34515+ tsk->is_writable = 1;
34516+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role->root_label);
34517+ if (unlikely(obj->mode & GR_WRITE))
34518+ tsk->is_writable = 1;
34519+
34520+#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
34521+ printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid);
34522+#endif
34523+
34524+out_unlock:
34525+ read_unlock(&grsec_exec_file_lock);
34526+ read_unlock(&tasklist_lock);
34527+ return;
34528+}
34529+
34530+int gr_check_secure_terminal(struct task_struct *task)
34531+{
34532+ struct task_struct *p, *p2, *p3;
34533+ struct files_struct *files;
34534+ struct fdtable *fdt;
34535+ struct file *our_file = NULL, *file;
34536+ int i;
34537+
34538+ if (task->signal->tty == NULL)
34539+ return 1;
34540+
34541+ files = get_files_struct(task);
34542+ if (files != NULL) {
34543+ rcu_read_lock();
34544+ fdt = files_fdtable(files);
34545+ for (i=0; i < fdt->max_fds; i++) {
34546+ file = fcheck_files(files, i);
34547+ if (file && (our_file == NULL) && (file->private_data == task->signal->tty)) {
34548+ get_file(file);
34549+ our_file = file;
34550+ }
34551+ }
34552+ rcu_read_unlock();
34553+ put_files_struct(files);
34554+ }
34555+
34556+ if (our_file == NULL)
34557+ return 1;
34558+
34559+ read_lock(&tasklist_lock);
34560+ do_each_thread(p2, p) {
34561+ files = get_files_struct(p);
34562+ if (files == NULL ||
34563+ (p->signal && p->signal->tty == task->signal->tty)) {
34564+ if (files != NULL)
34565+ put_files_struct(files);
34566+ continue;
34567+ }
34568+ rcu_read_lock();
34569+ fdt = files_fdtable(files);
34570+ for (i=0; i < fdt->max_fds; i++) {
34571+ file = fcheck_files(files, i);
34572+ if (file && S_ISCHR(file->f_path.dentry->d_inode->i_mode) &&
34573+ file->f_path.dentry->d_inode->i_rdev == our_file->f_path.dentry->d_inode->i_rdev) {
34574+ p3 = task;
34575+ while (p3->pid > 0) {
34576+ if (p3 == p)
34577+ break;
34578+ p3 = p3->parent;
34579+ }
34580+ if (p3 == p)
34581+ break;
34582+ gr_log_ttysniff(GR_DONT_AUDIT_GOOD, GR_TTYSNIFF_ACL_MSG, p);
34583+ gr_handle_alertkill(p);
34584+ rcu_read_unlock();
34585+ put_files_struct(files);
34586+ read_unlock(&tasklist_lock);
34587+ fput(our_file);
34588+ return 0;
34589+ }
34590+ }
34591+ rcu_read_unlock();
34592+ put_files_struct(files);
34593+ } while_each_thread(p2, p);
34594+ read_unlock(&tasklist_lock);
34595+
34596+ fput(our_file);
34597+ return 1;
34598+}
34599+
34600+ssize_t
34601+write_grsec_handler(struct file *file, const char * buf, size_t count, loff_t *ppos)
34602+{
34603+ struct gr_arg_wrapper uwrap;
34604+ unsigned char *sprole_salt = NULL;
34605+ unsigned char *sprole_sum = NULL;
34606+ int error = sizeof (struct gr_arg_wrapper);
34607+ int error2 = 0;
34608+
34609+ down(&gr_dev_sem);
34610+
34611+ if ((gr_status & GR_READY) && !(current->acl->mode & GR_KERNELAUTH)) {
34612+ error = -EPERM;
34613+ goto out;
34614+ }
34615+
34616+ if (count != sizeof (struct gr_arg_wrapper)) {
34617+ gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)sizeof(struct gr_arg_wrapper));
34618+ error = -EINVAL;
34619+ goto out;
34620+ }
34621+
34622+
34623+ if (gr_auth_expires && time_after_eq(get_seconds(), gr_auth_expires)) {
34624+ gr_auth_expires = 0;
34625+ gr_auth_attempts = 0;
34626+ }
34627+
34628+ if (copy_from_user(&uwrap, buf, sizeof (struct gr_arg_wrapper))) {
34629+ error = -EFAULT;
34630+ goto out;
34631+ }
34632+
34633+ if ((uwrap.version != GRSECURITY_VERSION) || (uwrap.size != sizeof(struct gr_arg))) {
34634+ error = -EINVAL;
34635+ goto out;
34636+ }
34637+
34638+ if (copy_from_user(gr_usermode, uwrap.arg, sizeof (struct gr_arg))) {
34639+ error = -EFAULT;
34640+ goto out;
34641+ }
34642+
34643+ if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_SPROLEPAM &&
34644+ gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
34645+ time_after(gr_auth_expires, get_seconds())) {
34646+ error = -EBUSY;
34647+ goto out;
34648+ }
34649+
34650+ /* if non-root trying to do anything other than use a special role,
34651+ do not attempt authentication, do not count towards authentication
34652+ locking
34653+ */
34654+
34655+ if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS &&
34656+ gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM &&
34657+ current_uid()) {
34658+ error = -EPERM;
34659+ goto out;
34660+ }
34661+
34662+ /* ensure pw and special role name are null terminated */
34663+
34664+ gr_usermode->pw[GR_PW_LEN - 1] = '\0';
34665+ gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0';
34666+
34667+ /* Okay.
34668+ * We have our enough of the argument structure..(we have yet
34669+ * to copy_from_user the tables themselves) . Copy the tables
34670+ * only if we need them, i.e. for loading operations. */
34671+
34672+ switch (gr_usermode->mode) {
34673+ case GR_STATUS:
34674+ if (gr_status & GR_READY) {
34675+ error = 1;
34676+ if (!gr_check_secure_terminal(current))
34677+ error = 3;
34678+ } else
34679+ error = 2;
34680+ goto out;
34681+ case GR_SHUTDOWN:
34682+ if ((gr_status & GR_READY)
34683+ && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
34684+ pax_open_kernel();
34685+ gr_status &= ~GR_READY;
34686+ pax_close_kernel();
34687+
34688+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG);
34689+ free_variables();
34690+ memset(gr_usermode, 0, sizeof (struct gr_arg));
34691+ memset(gr_system_salt, 0, GR_SALT_LEN);
34692+ memset(gr_system_sum, 0, GR_SHA_LEN);
34693+ } else if (gr_status & GR_READY) {
34694+ gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG);
34695+ error = -EPERM;
34696+ } else {
34697+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTI_ACL_MSG);
34698+ error = -EAGAIN;
34699+ }
34700+ break;
34701+ case GR_ENABLE:
34702+ if (!(gr_status & GR_READY) && !(error2 = gracl_init(gr_usermode)))
34703+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION);
34704+ else {
34705+ if (gr_status & GR_READY)
34706+ error = -EAGAIN;
34707+ else
34708+ error = error2;
34709+ gr_log_str(GR_DONT_AUDIT, GR_ENABLEF_ACL_MSG, GR_VERSION);
34710+ }
34711+ break;
34712+ case GR_RELOAD:
34713+ if (!(gr_status & GR_READY)) {
34714+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION);
34715+ error = -EAGAIN;
34716+ } else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
34717+ lock_kernel();
34718+
34719+ pax_open_kernel();
34720+ gr_status &= ~GR_READY;
34721+ pax_close_kernel();
34722+
34723+ free_variables();
34724+ if (!(error2 = gracl_init(gr_usermode))) {
34725+ unlock_kernel();
34726+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION);
34727+ } else {
34728+ unlock_kernel();
34729+ error = error2;
34730+ gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
34731+ }
34732+ } else {
34733+ gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
34734+ error = -EPERM;
34735+ }
34736+ break;
34737+ case GR_SEGVMOD:
34738+ if (unlikely(!(gr_status & GR_READY))) {
34739+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODI_ACL_MSG);
34740+ error = -EAGAIN;
34741+ break;
34742+ }
34743+
34744+ if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
34745+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG);
34746+ if (gr_usermode->segv_device && gr_usermode->segv_inode) {
34747+ struct acl_subject_label *segvacl;
34748+ segvacl =
34749+ lookup_acl_subj_label(gr_usermode->segv_inode,
34750+ gr_usermode->segv_device,
34751+ current->role);
34752+ if (segvacl) {
34753+ segvacl->crashes = 0;
34754+ segvacl->expires = 0;
34755+ }
34756+ } else if (gr_find_uid(gr_usermode->segv_uid) >= 0) {
34757+ gr_remove_uid(gr_usermode->segv_uid);
34758+ }
34759+ } else {
34760+ gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG);
34761+ error = -EPERM;
34762+ }
34763+ break;
34764+ case GR_SPROLE:
34765+ case GR_SPROLEPAM:
34766+ if (unlikely(!(gr_status & GR_READY))) {
34767+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SPROLEI_ACL_MSG);
34768+ error = -EAGAIN;
34769+ break;
34770+ }
34771+
34772+ if (current->role->expires && time_after_eq(get_seconds(), current->role->expires)) {
34773+ current->role->expires = 0;
34774+ current->role->auth_attempts = 0;
34775+ }
34776+
34777+ if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
34778+ time_after(current->role->expires, get_seconds())) {
34779+ error = -EBUSY;
34780+ goto out;
34781+ }
34782+
34783+ if (lookup_special_role_auth
34784+ (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum)
34785+ && ((!sprole_salt && !sprole_sum)
34786+ || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
34787+ char *p = "";
34788+ assign_special_role(gr_usermode->sp_role);
34789+ read_lock(&tasklist_lock);
34790+ if (current->parent)
34791+ p = current->parent->role->rolename;
34792+ read_unlock(&tasklist_lock);
34793+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG,
34794+ p, acl_sp_role_value);
34795+ } else {
34796+ gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode->sp_role);
34797+ error = -EPERM;
34798+ if(!(current->role->auth_attempts++))
34799+ current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
34800+
34801+ goto out;
34802+ }
34803+ break;
34804+ case GR_UNSPROLE:
34805+ if (unlikely(!(gr_status & GR_READY))) {
34806+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_UNSPROLEI_ACL_MSG);
34807+ error = -EAGAIN;
34808+ break;
34809+ }
34810+
34811+ if (current->role->roletype & GR_ROLE_SPECIAL) {
34812+ char *p = "";
34813+ int i = 0;
34814+
34815+ read_lock(&tasklist_lock);
34816+ if (current->parent) {
34817+ p = current->parent->role->rolename;
34818+ i = current->parent->acl_role_id;
34819+ }
34820+ read_unlock(&tasklist_lock);
34821+
34822+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_UNSPROLES_ACL_MSG, p, i);
34823+ gr_set_acls(1);
34824+ } else {
34825+ gr_log_str(GR_DONT_AUDIT, GR_UNSPROLEF_ACL_MSG, current->role->rolename);
34826+ error = -EPERM;
34827+ goto out;
34828+ }
34829+ break;
34830+ default:
34831+ gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode->mode);
34832+ error = -EINVAL;
34833+ break;
34834+ }
34835+
34836+ if (error != -EPERM)
34837+ goto out;
34838+
34839+ if(!(gr_auth_attempts++))
34840+ gr_auth_expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
34841+
34842+ out:
34843+ up(&gr_dev_sem);
34844+ return error;
34845+}
34846+
34847+int
34848+gr_set_acls(const int type)
34849+{
34850+ struct acl_object_label *obj;
34851+ struct task_struct *task, *task2;
34852+ struct file *filp;
34853+ struct acl_role_label *role = current->role;
34854+ __u16 acl_role_id = current->acl_role_id;
34855+ const struct cred *cred;
34856+ char *tmpname;
34857+ struct name_entry *nmatch;
34858+ struct acl_subject_label *tmpsubj;
34859+
34860+ rcu_read_lock();
34861+ read_lock(&tasklist_lock);
34862+ read_lock(&grsec_exec_file_lock);
34863+ do_each_thread(task2, task) {
34864+ /* check to see if we're called from the exit handler,
34865+ if so, only replace ACLs that have inherited the admin
34866+ ACL */
34867+
34868+ if (type && (task->role != role ||
34869+ task->acl_role_id != acl_role_id))
34870+ continue;
34871+
34872+ task->acl_role_id = 0;
34873+ task->acl_sp_role = 0;
34874+
34875+ if ((filp = task->exec_file)) {
34876+ cred = __task_cred(task);
34877+ task->role = lookup_acl_role_label(task, cred->uid, cred->gid);
34878+
34879+ /* the following is to apply the correct subject
34880+ on binaries running when the RBAC system
34881+ is enabled, when the binaries have been
34882+ replaced or deleted since their execution
34883+ -----
34884+ when the RBAC system starts, the inode/dev
34885+ from exec_file will be one the RBAC system
34886+ is unaware of. It only knows the inode/dev
34887+ of the present file on disk, or the absence
34888+ of it.
34889+ */
34890+ preempt_disable();
34891+ tmpname = gr_to_filename_rbac(filp->f_path.dentry, filp->f_path.mnt);
34892+
34893+ nmatch = lookup_name_entry(tmpname);
34894+ preempt_enable();
34895+ tmpsubj = NULL;
34896+ if (nmatch) {
34897+ if (nmatch->deleted)
34898+ tmpsubj = lookup_acl_subj_label_deleted(nmatch->inode, nmatch->device, task->role);
34899+ else
34900+ tmpsubj = lookup_acl_subj_label(nmatch->inode, nmatch->device, task->role);
34901+ if (tmpsubj != NULL)
34902+ task->acl = tmpsubj;
34903+ }
34904+ if (tmpsubj == NULL)
34905+ task->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt,
34906+ task->role);
34907+ if (task->acl) {
34908+ struct acl_subject_label *curr;
34909+ curr = task->acl;
34910+
34911+ task->is_writable = 0;
34912+ /* ignore additional mmap checks for processes that are writable
34913+ by the default ACL */
34914+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
34915+ if (unlikely(obj->mode & GR_WRITE))
34916+ task->is_writable = 1;
34917+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
34918+ if (unlikely(obj->mode & GR_WRITE))
34919+ task->is_writable = 1;
34920+
34921+ gr_set_proc_res(task);
34922+
34923+#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
34924+ printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
34925+#endif
34926+ } else {
34927+ read_unlock(&grsec_exec_file_lock);
34928+ read_unlock(&tasklist_lock);
34929+ rcu_read_unlock();
34930+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task->pid);
34931+ return 1;
34932+ }
34933+ } else {
34934+ // it's a kernel process
34935+ task->role = kernel_role;
34936+ task->acl = kernel_role->root_label;
34937+#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
34938+ task->acl->mode &= ~GR_PROCFIND;
34939+#endif
34940+ }
34941+ } while_each_thread(task2, task);
34942+ read_unlock(&grsec_exec_file_lock);
34943+ read_unlock(&tasklist_lock);
34944+ rcu_read_unlock();
34945+
34946+ return 0;
34947+}
34948+
34949+void
34950+gr_learn_resource(const struct task_struct *task,
34951+ const int res, const unsigned long wanted, const int gt)
34952+{
34953+ struct acl_subject_label *acl;
34954+ const struct cred *cred;
34955+
34956+ if (unlikely((gr_status & GR_READY) &&
34957+ task->acl && (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))))
34958+ goto skip_reslog;
34959+
34960+#ifdef CONFIG_GRKERNSEC_RESLOG
34961+ gr_log_resource(task, res, wanted, gt);
34962+#endif
34963+ skip_reslog:
34964+
34965+ if (unlikely(!(gr_status & GR_READY) || !wanted || res >= GR_NLIMITS))
34966+ return;
34967+
34968+ acl = task->acl;
34969+
34970+ if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) ||
34971+ !(acl->resmask & (1 << (unsigned short) res))))
34972+ return;
34973+
34974+ if (wanted >= acl->res[res].rlim_cur) {
34975+ unsigned long res_add;
34976+
34977+ res_add = wanted;
34978+ switch (res) {
34979+ case RLIMIT_CPU:
34980+ res_add += GR_RLIM_CPU_BUMP;
34981+ break;
34982+ case RLIMIT_FSIZE:
34983+ res_add += GR_RLIM_FSIZE_BUMP;
34984+ break;
34985+ case RLIMIT_DATA:
34986+ res_add += GR_RLIM_DATA_BUMP;
34987+ break;
34988+ case RLIMIT_STACK:
34989+ res_add += GR_RLIM_STACK_BUMP;
34990+ break;
34991+ case RLIMIT_CORE:
34992+ res_add += GR_RLIM_CORE_BUMP;
34993+ break;
34994+ case RLIMIT_RSS:
34995+ res_add += GR_RLIM_RSS_BUMP;
34996+ break;
34997+ case RLIMIT_NPROC:
34998+ res_add += GR_RLIM_NPROC_BUMP;
34999+ break;
35000+ case RLIMIT_NOFILE:
35001+ res_add += GR_RLIM_NOFILE_BUMP;
35002+ break;
35003+ case RLIMIT_MEMLOCK:
35004+ res_add += GR_RLIM_MEMLOCK_BUMP;
35005+ break;
35006+ case RLIMIT_AS:
35007+ res_add += GR_RLIM_AS_BUMP;
35008+ break;
35009+ case RLIMIT_LOCKS:
35010+ res_add += GR_RLIM_LOCKS_BUMP;
35011+ break;
35012+ case RLIMIT_SIGPENDING:
35013+ res_add += GR_RLIM_SIGPENDING_BUMP;
35014+ break;
35015+ case RLIMIT_MSGQUEUE:
35016+ res_add += GR_RLIM_MSGQUEUE_BUMP;
35017+ break;
35018+ case RLIMIT_NICE:
35019+ res_add += GR_RLIM_NICE_BUMP;
35020+ break;
35021+ case RLIMIT_RTPRIO:
35022+ res_add += GR_RLIM_RTPRIO_BUMP;
35023+ break;
35024+ case RLIMIT_RTTIME:
35025+ res_add += GR_RLIM_RTTIME_BUMP;
35026+ break;
35027+ }
35028+
35029+ acl->res[res].rlim_cur = res_add;
35030+
35031+ if (wanted > acl->res[res].rlim_max)
35032+ acl->res[res].rlim_max = res_add;
35033+
35034+ /* only log the subject filename, since resource logging is supported for
35035+ single-subject learning only */
35036+ rcu_read_lock();
35037+ cred = __task_cred(task);
35038+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
35039+ task->role->roletype, cred->uid, cred->gid, acl->filename,
35040+ acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max,
35041+ "", (unsigned long) res, &task->signal->curr_ip);
35042+ rcu_read_unlock();
35043+ }
35044+
35045+ return;
35046+}
35047+
35048+#if defined(CONFIG_PAX_HAVE_ACL_FLAGS) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
35049+void
35050+pax_set_initial_flags(struct linux_binprm *bprm)
35051+{
35052+ struct task_struct *task = current;
35053+ struct acl_subject_label *proc;
35054+ unsigned long flags;
35055+
35056+ if (unlikely(!(gr_status & GR_READY)))
35057+ return;
35058+
35059+ flags = pax_get_flags(task);
35060+
35061+ proc = task->acl;
35062+
35063+ if (proc->pax_flags & GR_PAX_DISABLE_PAGEEXEC)
35064+ flags &= ~MF_PAX_PAGEEXEC;
35065+ if (proc->pax_flags & GR_PAX_DISABLE_SEGMEXEC)
35066+ flags &= ~MF_PAX_SEGMEXEC;
35067+ if (proc->pax_flags & GR_PAX_DISABLE_RANDMMAP)
35068+ flags &= ~MF_PAX_RANDMMAP;
35069+ if (proc->pax_flags & GR_PAX_DISABLE_EMUTRAMP)
35070+ flags &= ~MF_PAX_EMUTRAMP;
35071+ if (proc->pax_flags & GR_PAX_DISABLE_MPROTECT)
35072+ flags &= ~MF_PAX_MPROTECT;
35073+
35074+ if (proc->pax_flags & GR_PAX_ENABLE_PAGEEXEC)
35075+ flags |= MF_PAX_PAGEEXEC;
35076+ if (proc->pax_flags & GR_PAX_ENABLE_SEGMEXEC)
35077+ flags |= MF_PAX_SEGMEXEC;
35078+ if (proc->pax_flags & GR_PAX_ENABLE_RANDMMAP)
35079+ flags |= MF_PAX_RANDMMAP;
35080+ if (proc->pax_flags & GR_PAX_ENABLE_EMUTRAMP)
35081+ flags |= MF_PAX_EMUTRAMP;
35082+ if (proc->pax_flags & GR_PAX_ENABLE_MPROTECT)
35083+ flags |= MF_PAX_MPROTECT;
35084+
35085+ pax_set_flags(task, flags);
35086+
35087+ return;
35088+}
35089+#endif
35090+
35091+#ifdef CONFIG_SYSCTL
35092+/* Eric Biederman likes breaking userland ABI and every inode-based security
35093+ system to save 35kb of memory */
35094+
35095+/* we modify the passed in filename, but adjust it back before returning */
35096+static struct acl_object_label *gr_lookup_by_name(char *name, unsigned int len)
35097+{
35098+ struct name_entry *nmatch;
35099+ char *p, *lastp = NULL;
35100+ struct acl_object_label *obj = NULL, *tmp;
35101+ struct acl_subject_label *tmpsubj;
35102+ char c = '\0';
35103+
35104+ read_lock(&gr_inode_lock);
35105+
35106+ p = name + len - 1;
35107+ do {
35108+ nmatch = lookup_name_entry(name);
35109+ if (lastp != NULL)
35110+ *lastp = c;
35111+
35112+ if (nmatch == NULL)
35113+ goto next_component;
35114+ tmpsubj = current->acl;
35115+ do {
35116+ obj = lookup_acl_obj_label(nmatch->inode, nmatch->device, tmpsubj);
35117+ if (obj != NULL) {
35118+ tmp = obj->globbed;
35119+ while (tmp) {
35120+ if (!glob_match(tmp->filename, name)) {
35121+ obj = tmp;
35122+ goto found_obj;
35123+ }
35124+ tmp = tmp->next;
35125+ }
35126+ goto found_obj;
35127+ }
35128+ } while ((tmpsubj = tmpsubj->parent_subject));
35129+next_component:
35130+ /* end case */
35131+ if (p == name)
35132+ break;
35133+
35134+ while (*p != '/')
35135+ p--;
35136+ if (p == name)
35137+ lastp = p + 1;
35138+ else {
35139+ lastp = p;
35140+ p--;
35141+ }
35142+ c = *lastp;
35143+ *lastp = '\0';
35144+ } while (1);
35145+found_obj:
35146+ read_unlock(&gr_inode_lock);
35147+ /* obj returned will always be non-null */
35148+ return obj;
35149+}
35150+
35151+/* returns 0 when allowing, non-zero on error
35152+ op of 0 is used for readdir, so we don't log the names of hidden files
35153+*/
35154+__u32
35155+gr_handle_sysctl(const struct ctl_table *table, const int op)
35156+{
35157+ ctl_table *tmp;
35158+ const char *proc_sys = "/proc/sys";
35159+ char *path;
35160+ struct acl_object_label *obj;
35161+ unsigned short len = 0, pos = 0, depth = 0, i;
35162+ __u32 err = 0;
35163+ __u32 mode = 0;
35164+
35165+ if (unlikely(!(gr_status & GR_READY)))
35166+ return 0;
35167+
35168+ /* for now, ignore operations on non-sysctl entries if it's not a
35169+ readdir*/
35170+ if (table->child != NULL && op != 0)
35171+ return 0;
35172+
35173+ mode |= GR_FIND;
35174+ /* it's only a read if it's an entry, read on dirs is for readdir */
35175+ if (op & MAY_READ)
35176+ mode |= GR_READ;
35177+ if (op & MAY_WRITE)
35178+ mode |= GR_WRITE;
35179+
35180+ preempt_disable();
35181+
35182+ path = per_cpu_ptr(gr_shared_page[0], smp_processor_id());
35183+
35184+ /* it's only a read/write if it's an actual entry, not a dir
35185+ (which are opened for readdir)
35186+ */
35187+
35188+ /* convert the requested sysctl entry into a pathname */
35189+
35190+ for (tmp = (ctl_table *)table; tmp != NULL; tmp = tmp->parent) {
35191+ len += strlen(tmp->procname);
35192+ len++;
35193+ depth++;
35194+ }
35195+
35196+ if ((len + depth + strlen(proc_sys) + 1) > PAGE_SIZE) {
35197+ /* deny */
35198+ goto out;
35199+ }
35200+
35201+ memset(path, 0, PAGE_SIZE);
35202+
35203+ memcpy(path, proc_sys, strlen(proc_sys));
35204+
35205+ pos += strlen(proc_sys);
35206+
35207+ for (; depth > 0; depth--) {
35208+ path[pos] = '/';
35209+ pos++;
35210+ for (i = 1, tmp = (ctl_table *)table; tmp != NULL; tmp = tmp->parent) {
35211+ if (depth == i) {
35212+ memcpy(path + pos, tmp->procname,
35213+ strlen(tmp->procname));
35214+ pos += strlen(tmp->procname);
35215+ }
35216+ i++;
35217+ }
35218+ }
35219+
35220+ obj = gr_lookup_by_name(path, pos);
35221+ err = obj->mode & (mode | to_gr_audit(mode) | GR_SUPPRESS);
35222+
35223+ if (unlikely((current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) &&
35224+ ((err & mode) != mode))) {
35225+ __u32 new_mode = mode;
35226+
35227+ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
35228+
35229+ err = 0;
35230+ gr_log_learn_sysctl(path, new_mode);
35231+ } else if (!(err & GR_FIND) && !(err & GR_SUPPRESS) && op != 0) {
35232+ gr_log_hidden_sysctl(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, path);
35233+ err = -ENOENT;
35234+ } else if (!(err & GR_FIND)) {
35235+ err = -ENOENT;
35236+ } else if (((err & mode) & ~GR_FIND) != (mode & ~GR_FIND) && !(err & GR_SUPPRESS)) {
35237+ gr_log_str4(GR_DONT_AUDIT, GR_SYSCTL_ACL_MSG, "denied",
35238+ path, (mode & GR_READ) ? " reading" : "",
35239+ (mode & GR_WRITE) ? " writing" : "");
35240+ err = -EACCES;
35241+ } else if ((err & mode) != mode) {
35242+ err = -EACCES;
35243+ } else if ((((err & mode) & ~GR_FIND) == (mode & ~GR_FIND)) && (err & GR_AUDITS)) {
35244+ gr_log_str4(GR_DO_AUDIT, GR_SYSCTL_ACL_MSG, "successful",
35245+ path, (mode & GR_READ) ? " reading" : "",
35246+ (mode & GR_WRITE) ? " writing" : "");
35247+ err = 0;
35248+ } else
35249+ err = 0;
35250+
35251+ out:
35252+ preempt_enable();
35253+
35254+ return err;
35255+}
35256+#endif
35257+
35258+int
35259+gr_handle_proc_ptrace(struct task_struct *task)
35260+{
35261+ struct file *filp;
35262+ struct task_struct *tmp = task;
35263+ struct task_struct *curtemp = current;
35264+ __u32 retmode;
35265+
35266+#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
35267+ if (unlikely(!(gr_status & GR_READY)))
35268+ return 0;
35269+#endif
35270+
35271+ read_lock(&tasklist_lock);
35272+ read_lock(&grsec_exec_file_lock);
35273+ filp = task->exec_file;
35274+
35275+ while (tmp->pid > 0) {
35276+ if (tmp == curtemp)
35277+ break;
35278+ tmp = tmp->parent;
35279+ }
35280+
35281+ if (!filp || (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) ||
35282+ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE))))) {
35283+ read_unlock(&grsec_exec_file_lock);
35284+ read_unlock(&tasklist_lock);
35285+ return 1;
35286+ }
35287+
35288+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
35289+ if (!(gr_status & GR_READY)) {
35290+ read_unlock(&grsec_exec_file_lock);
35291+ read_unlock(&tasklist_lock);
35292+ return 0;
35293+ }
35294+#endif
35295+
35296+ retmode = gr_search_file(filp->f_path.dentry, GR_NOPTRACE, filp->f_path.mnt);
35297+ read_unlock(&grsec_exec_file_lock);
35298+ read_unlock(&tasklist_lock);
35299+
35300+ if (retmode & GR_NOPTRACE)
35301+ return 1;
35302+
35303+ if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD)
35304+ && (current->acl != task->acl || (current->acl != current->role->root_label
35305+ && current->pid != task->pid)))
35306+ return 1;
35307+
35308+ return 0;
35309+}
35310+
35311+int
35312+gr_handle_ptrace(struct task_struct *task, const long request)
35313+{
35314+ struct task_struct *tmp = task;
35315+ struct task_struct *curtemp = current;
35316+ __u32 retmode;
35317+
35318+#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
35319+ if (unlikely(!(gr_status & GR_READY)))
35320+ return 0;
35321+#endif
35322+
35323+ read_lock(&tasklist_lock);
35324+ while (tmp->pid > 0) {
35325+ if (tmp == curtemp)
35326+ break;
35327+ tmp = tmp->parent;
35328+ }
35329+
35330+ if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) ||
35331+ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) {
35332+ read_unlock(&tasklist_lock);
35333+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
35334+ return 1;
35335+ }
35336+ read_unlock(&tasklist_lock);
35337+
35338+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
35339+ if (!(gr_status & GR_READY))
35340+ return 0;
35341+#endif
35342+
35343+ read_lock(&grsec_exec_file_lock);
35344+ if (unlikely(!task->exec_file)) {
35345+ read_unlock(&grsec_exec_file_lock);
35346+ return 0;
35347+ }
35348+
35349+ retmode = gr_search_file(task->exec_file->f_path.dentry, GR_PTRACERD | GR_NOPTRACE, task->exec_file->f_path.mnt);
35350+ read_unlock(&grsec_exec_file_lock);
35351+
35352+ if (retmode & GR_NOPTRACE) {
35353+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
35354+ return 1;
35355+ }
35356+
35357+ if (retmode & GR_PTRACERD) {
35358+ switch (request) {
35359+ case PTRACE_POKETEXT:
35360+ case PTRACE_POKEDATA:
35361+ case PTRACE_POKEUSR:
35362+#if !defined(CONFIG_PPC32) && !defined(CONFIG_PPC64) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA) && !defined(CONFIG_IA64)
35363+ case PTRACE_SETREGS:
35364+ case PTRACE_SETFPREGS:
35365+#endif
35366+#ifdef CONFIG_X86
35367+ case PTRACE_SETFPXREGS:
35368+#endif
35369+#ifdef CONFIG_ALTIVEC
35370+ case PTRACE_SETVRREGS:
35371+#endif
35372+ return 1;
35373+ default:
35374+ return 0;
35375+ }
35376+ } else if (!(current->acl->mode & GR_POVERRIDE) &&
35377+ !(current->role->roletype & GR_ROLE_GOD) &&
35378+ (current->acl != task->acl)) {
35379+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
35380+ return 1;
35381+ }
35382+
35383+ return 0;
35384+}
35385+
35386+static int is_writable_mmap(const struct file *filp)
35387+{
35388+ struct task_struct *task = current;
35389+ struct acl_object_label *obj, *obj2;
35390+
35391+ if (gr_status & GR_READY && !(task->acl->mode & GR_OVERRIDE) &&
35392+ !task->is_writable && S_ISREG(filp->f_path.dentry->d_inode->i_mode)) {
35393+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
35394+ obj2 = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt,
35395+ task->role->root_label);
35396+ if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) {
35397+ gr_log_fs_generic(GR_DONT_AUDIT, GR_WRITLIB_ACL_MSG, filp->f_path.dentry, filp->f_path.mnt);
35398+ return 1;
35399+ }
35400+ }
35401+ return 0;
35402+}
35403+
35404+int
35405+gr_acl_handle_mmap(const struct file *file, const unsigned long prot)
35406+{
35407+ __u32 mode;
35408+
35409+ if (unlikely(!file || !(prot & PROT_EXEC)))
35410+ return 1;
35411+
35412+ if (is_writable_mmap(file))
35413+ return 0;
35414+
35415+ mode =
35416+ gr_search_file(file->f_path.dentry,
35417+ GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
35418+ file->f_path.mnt);
35419+
35420+ if (!gr_tpe_allow(file))
35421+ return 0;
35422+
35423+ if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
35424+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
35425+ return 0;
35426+ } else if (unlikely(!(mode & GR_EXEC))) {
35427+ return 0;
35428+ } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
35429+ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
35430+ return 1;
35431+ }
35432+
35433+ return 1;
35434+}
35435+
35436+int
35437+gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
35438+{
35439+ __u32 mode;
35440+
35441+ if (unlikely(!file || !(prot & PROT_EXEC)))
35442+ return 1;
35443+
35444+ if (is_writable_mmap(file))
35445+ return 0;
35446+
35447+ mode =
35448+ gr_search_file(file->f_path.dentry,
35449+ GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
35450+ file->f_path.mnt);
35451+
35452+ if (!gr_tpe_allow(file))
35453+ return 0;
35454+
35455+ if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
35456+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
35457+ return 0;
35458+ } else if (unlikely(!(mode & GR_EXEC))) {
35459+ return 0;
35460+ } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
35461+ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
35462+ return 1;
35463+ }
35464+
35465+ return 1;
35466+}
35467+
35468+void
35469+gr_acl_handle_psacct(struct task_struct *task, const long code)
35470+{
35471+ unsigned long runtime;
35472+ unsigned long cputime;
35473+ unsigned int wday, cday;
35474+ __u8 whr, chr;
35475+ __u8 wmin, cmin;
35476+ __u8 wsec, csec;
35477+ struct timespec timeval;
35478+
35479+ if (unlikely(!(gr_status & GR_READY) || !task->acl ||
35480+ !(task->acl->mode & GR_PROCACCT)))
35481+ return;
35482+
35483+ do_posix_clock_monotonic_gettime(&timeval);
35484+ runtime = timeval.tv_sec - task->start_time.tv_sec;
35485+ wday = runtime / (3600 * 24);
35486+ runtime -= wday * (3600 * 24);
35487+ whr = runtime / 3600;
35488+ runtime -= whr * 3600;
35489+ wmin = runtime / 60;
35490+ runtime -= wmin * 60;
35491+ wsec = runtime;
35492+
35493+ cputime = (task->utime + task->stime) / HZ;
35494+ cday = cputime / (3600 * 24);
35495+ cputime -= cday * (3600 * 24);
35496+ chr = cputime / 3600;
35497+ cputime -= chr * 3600;
35498+ cmin = cputime / 60;
35499+ cputime -= cmin * 60;
35500+ csec = cputime;
35501+
35502+ gr_log_procacct(GR_DO_AUDIT, GR_ACL_PROCACCT_MSG, task, wday, whr, wmin, wsec, cday, chr, cmin, csec, code);
35503+
35504+ return;
35505+}
35506+
35507+void gr_set_kernel_label(struct task_struct *task)
35508+{
35509+ if (gr_status & GR_READY) {
35510+ task->role = kernel_role;
35511+ task->acl = kernel_role->root_label;
35512+ }
35513+ return;
35514+}
35515+
35516+#ifdef CONFIG_TASKSTATS
35517+int gr_is_taskstats_denied(int pid)
35518+{
35519+ struct task_struct *task;
35520+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
35521+ const struct cred *cred;
35522+#endif
35523+ int ret = 0;
35524+
35525+ /* restrict taskstats viewing to un-chrooted root users
35526+ who have the 'view' subject flag if the RBAC system is enabled
35527+ */
35528+
35529+ read_lock(&tasklist_lock);
35530+ task = find_task_by_vpid(pid);
35531+ if (task) {
35532+ gr_fs_read_lock(task);
35533+#ifdef CONFIG_GRKERNSEC_CHROOT
35534+ if (proc_is_chrooted(task))
35535+ ret = -EACCES;
35536+#endif
35537+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
35538+ cred = __task_cred(task);
35539+#ifdef CONFIG_GRKERNSEC_PROC_USER
35540+ if (cred->uid != 0)
35541+ ret = -EACCES;
35542+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
35543+ if (cred->uid != 0 && !groups_search(cred->group_info, CONFIG_GRKERNSEC_PROC_GID))
35544+ ret = -EACCES;
35545+#endif
35546+#endif
35547+ if (gr_status & GR_READY) {
35548+ if (!(task->acl->mode & GR_VIEW))
35549+ ret = -EACCES;
35550+ }
35551+
35552+ gr_fs_read_unlock(task);
35553+ } else
35554+ ret = -ENOENT;
35555+
35556+ read_unlock(&tasklist_lock);
35557+
35558+ return ret;
35559+}
35560+#endif
35561+
35562+int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino)
35563+{
35564+ struct task_struct *task = current;
35565+ struct dentry *dentry = file->f_path.dentry;
35566+ struct vfsmount *mnt = file->f_path.mnt;
35567+ struct acl_object_label *obj, *tmp;
35568+ struct acl_subject_label *subj;
35569+ unsigned int bufsize;
35570+ int is_not_root;
35571+ char *path;
35572+
35573+ if (unlikely(!(gr_status & GR_READY)))
35574+ return 1;
35575+
35576+ if (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))
35577+ return 1;
35578+
35579+ /* ignore Eric Biederman */
35580+ if (IS_PRIVATE(dentry->d_inode))
35581+ return 1;
35582+
35583+ subj = task->acl;
35584+ do {
35585+ obj = lookup_acl_obj_label(ino, dentry->d_inode->i_sb->s_dev, subj);
35586+ if (obj != NULL)
35587+ return (obj->mode & GR_FIND) ? 1 : 0;
35588+ } while ((subj = subj->parent_subject));
35589+
35590+ /* this is purely an optimization since we're looking for an object
35591+ for the directory we're doing a readdir on
35592+ if it's possible for any globbed object to match the entry we're
35593+ filling into the directory, then the object we find here will be
35594+ an anchor point with attached globbed objects
35595+ */
35596+ obj = chk_obj_label_noglob(dentry, mnt, task->acl);
35597+ if (obj->globbed == NULL)
35598+ return (obj->mode & GR_FIND) ? 1 : 0;
35599+
35600+ is_not_root = ((obj->filename[0] == '/') &&
35601+ (obj->filename[1] == '\0')) ? 0 : 1;
35602+ bufsize = PAGE_SIZE - namelen - is_not_root;
35603+
35604+ /* check bufsize > PAGE_SIZE || bufsize == 0 */
35605+ if (unlikely((bufsize - 1) > (PAGE_SIZE - 1)))
35606+ return 1;
35607+
35608+ preempt_disable();
35609+ path = d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
35610+ bufsize);
35611+
35612+ bufsize = strlen(path);
35613+
35614+ /* if base is "/", don't append an additional slash */
35615+ if (is_not_root)
35616+ *(path + bufsize) = '/';
35617+ memcpy(path + bufsize + is_not_root, name, namelen);
35618+ *(path + bufsize + namelen + is_not_root) = '\0';
35619+
35620+ tmp = obj->globbed;
35621+ while (tmp) {
35622+ if (!glob_match(tmp->filename, path)) {
35623+ preempt_enable();
35624+ return (tmp->mode & GR_FIND) ? 1 : 0;
35625+ }
35626+ tmp = tmp->next;
35627+ }
35628+ preempt_enable();
35629+ return (obj->mode & GR_FIND) ? 1 : 0;
35630+}
35631+
35632+EXPORT_SYMBOL(gr_learn_resource);
35633+EXPORT_SYMBOL(gr_set_kernel_label);
35634+#ifdef CONFIG_SECURITY
35635+EXPORT_SYMBOL(gr_check_user_change);
35636+EXPORT_SYMBOL(gr_check_group_change);
35637+#endif
35638+
35639diff -urNp linux-2.6.32.8/grsecurity/gracl_cap.c linux-2.6.32.8/grsecurity/gracl_cap.c
35640--- linux-2.6.32.8/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500
35641+++ linux-2.6.32.8/grsecurity/gracl_cap.c 2010-02-13 21:45:10.738840239 -0500
35642@@ -0,0 +1,131 @@
35643+#include <linux/kernel.h>
35644+#include <linux/module.h>
35645+#include <linux/sched.h>
35646+#include <linux/gracl.h>
35647+#include <linux/grsecurity.h>
35648+#include <linux/grinternal.h>
35649+
35650+static const char *captab_log[] = {
35651+ "CAP_CHOWN",
35652+ "CAP_DAC_OVERRIDE",
35653+ "CAP_DAC_READ_SEARCH",
35654+ "CAP_FOWNER",
35655+ "CAP_FSETID",
35656+ "CAP_KILL",
35657+ "CAP_SETGID",
35658+ "CAP_SETUID",
35659+ "CAP_SETPCAP",
35660+ "CAP_LINUX_IMMUTABLE",
35661+ "CAP_NET_BIND_SERVICE",
35662+ "CAP_NET_BROADCAST",
35663+ "CAP_NET_ADMIN",
35664+ "CAP_NET_RAW",
35665+ "CAP_IPC_LOCK",
35666+ "CAP_IPC_OWNER",
35667+ "CAP_SYS_MODULE",
35668+ "CAP_SYS_RAWIO",
35669+ "CAP_SYS_CHROOT",
35670+ "CAP_SYS_PTRACE",
35671+ "CAP_SYS_PACCT",
35672+ "CAP_SYS_ADMIN",
35673+ "CAP_SYS_BOOT",
35674+ "CAP_SYS_NICE",
35675+ "CAP_SYS_RESOURCE",
35676+ "CAP_SYS_TIME",
35677+ "CAP_SYS_TTY_CONFIG",
35678+ "CAP_MKNOD",
35679+ "CAP_LEASE",
35680+ "CAP_AUDIT_WRITE",
35681+ "CAP_AUDIT_CONTROL",
35682+ "CAP_SETFCAP",
35683+ "CAP_MAC_OVERRIDE",
35684+ "CAP_MAC_ADMIN"
35685+};
35686+
35687+EXPORT_SYMBOL(gr_is_capable);
35688+EXPORT_SYMBOL(gr_is_capable_nolog);
35689+
35690+int
35691+gr_is_capable(const int cap)
35692+{
35693+ struct task_struct *task = current;
35694+ const struct cred *cred = current_cred();
35695+ struct acl_subject_label *curracl;
35696+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
35697+
35698+ if (!gr_acl_is_enabled())
35699+ return 1;
35700+
35701+ curracl = task->acl;
35702+
35703+ cap_drop = curracl->cap_lower;
35704+ cap_mask = curracl->cap_mask;
35705+
35706+ while ((curracl = curracl->parent_subject)) {
35707+ /* if the cap isn't specified in the current computed mask but is specified in the
35708+ current level subject, and is lowered in the current level subject, then add
35709+ it to the set of dropped capabilities
35710+ otherwise, add the current level subject's mask to the current computed mask
35711+ */
35712+ if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
35713+ cap_raise(cap_mask, cap);
35714+ if (cap_raised(curracl->cap_lower, cap))
35715+ cap_raise(cap_drop, cap);
35716+ }
35717+ }
35718+
35719+ if (!cap_raised(cap_drop, cap))
35720+ return 1;
35721+
35722+ curracl = task->acl;
35723+
35724+ if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN))
35725+ && cap_raised(cred->cap_effective, cap)) {
35726+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
35727+ task->role->roletype, cred->uid,
35728+ cred->gid, task->exec_file ?
35729+ gr_to_filename(task->exec_file->f_path.dentry,
35730+ task->exec_file->f_path.mnt) : curracl->filename,
35731+ curracl->filename, 0UL,
35732+ 0UL, "", (unsigned long) cap, &task->signal->curr_ip);
35733+ return 1;
35734+ }
35735+
35736+ if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap))
35737+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
35738+ return 0;
35739+}
35740+
35741+int
35742+gr_is_capable_nolog(const int cap)
35743+{
35744+ struct acl_subject_label *curracl;
35745+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
35746+
35747+ if (!gr_acl_is_enabled())
35748+ return 1;
35749+
35750+ curracl = current->acl;
35751+
35752+ cap_drop = curracl->cap_lower;
35753+ cap_mask = curracl->cap_mask;
35754+
35755+ while ((curracl = curracl->parent_subject)) {
35756+ /* if the cap isn't specified in the current computed mask but is specified in the
35757+ current level subject, and is lowered in the current level subject, then add
35758+ it to the set of dropped capabilities
35759+ otherwise, add the current level subject's mask to the current computed mask
35760+ */
35761+ if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
35762+ cap_raise(cap_mask, cap);
35763+ if (cap_raised(curracl->cap_lower, cap))
35764+ cap_raise(cap_drop, cap);
35765+ }
35766+ }
35767+
35768+ if (!cap_raised(cap_drop, cap))
35769+ return 1;
35770+
35771+ return 0;
35772+}
35773+
35774diff -urNp linux-2.6.32.8/grsecurity/gracl_fs.c linux-2.6.32.8/grsecurity/gracl_fs.c
35775--- linux-2.6.32.8/grsecurity/gracl_fs.c 1969-12-31 19:00:00.000000000 -0500
35776+++ linux-2.6.32.8/grsecurity/gracl_fs.c 2010-02-13 21:45:10.738840239 -0500
35777@@ -0,0 +1,424 @@
35778+#include <linux/kernel.h>
35779+#include <linux/sched.h>
35780+#include <linux/types.h>
35781+#include <linux/fs.h>
35782+#include <linux/file.h>
35783+#include <linux/stat.h>
35784+#include <linux/grsecurity.h>
35785+#include <linux/grinternal.h>
35786+#include <linux/gracl.h>
35787+
35788+__u32
35789+gr_acl_handle_hidden_file(const struct dentry * dentry,
35790+ const struct vfsmount * mnt)
35791+{
35792+ __u32 mode;
35793+
35794+ if (unlikely(!dentry->d_inode))
35795+ return GR_FIND;
35796+
35797+ mode =
35798+ gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt);
35799+
35800+ if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) {
35801+ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
35802+ return mode;
35803+ } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) {
35804+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
35805+ return 0;
35806+ } else if (unlikely(!(mode & GR_FIND)))
35807+ return 0;
35808+
35809+ return GR_FIND;
35810+}
35811+
35812+__u32
35813+gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
35814+ const int fmode)
35815+{
35816+ __u32 reqmode = GR_FIND;
35817+ __u32 mode;
35818+
35819+ if (unlikely(!dentry->d_inode))
35820+ return reqmode;
35821+
35822+ if (unlikely(fmode & O_APPEND))
35823+ reqmode |= GR_APPEND;
35824+ else if (unlikely(fmode & FMODE_WRITE))
35825+ reqmode |= GR_WRITE;
35826+ if (likely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
35827+ reqmode |= GR_READ;
35828+ if ((fmode & FMODE_GREXEC) && (fmode & FMODE_EXEC))
35829+ reqmode &= ~GR_READ;
35830+ mode =
35831+ gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
35832+ mnt);
35833+
35834+ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
35835+ gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
35836+ reqmode & GR_READ ? " reading" : "",
35837+ reqmode & GR_WRITE ? " writing" : reqmode &
35838+ GR_APPEND ? " appending" : "");
35839+ return reqmode;
35840+ } else
35841+ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
35842+ {
35843+ gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
35844+ reqmode & GR_READ ? " reading" : "",
35845+ reqmode & GR_WRITE ? " writing" : reqmode &
35846+ GR_APPEND ? " appending" : "");
35847+ return 0;
35848+ } else if (unlikely((mode & reqmode) != reqmode))
35849+ return 0;
35850+
35851+ return reqmode;
35852+}
35853+
35854+__u32
35855+gr_acl_handle_creat(const struct dentry * dentry,
35856+ const struct dentry * p_dentry,
35857+ const struct vfsmount * p_mnt, const int fmode,
35858+ const int imode)
35859+{
35860+ __u32 reqmode = GR_WRITE | GR_CREATE;
35861+ __u32 mode;
35862+
35863+ if (unlikely(fmode & O_APPEND))
35864+ reqmode |= GR_APPEND;
35865+ if (unlikely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
35866+ reqmode |= GR_READ;
35867+ if (unlikely((fmode & O_CREAT) && (imode & (S_ISUID | S_ISGID))))
35868+ reqmode |= GR_SETID;
35869+
35870+ mode =
35871+ gr_check_create(dentry, p_dentry, p_mnt,
35872+ reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
35873+
35874+ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
35875+ gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
35876+ reqmode & GR_READ ? " reading" : "",
35877+ reqmode & GR_WRITE ? " writing" : reqmode &
35878+ GR_APPEND ? " appending" : "");
35879+ return reqmode;
35880+ } else
35881+ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
35882+ {
35883+ gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
35884+ reqmode & GR_READ ? " reading" : "",
35885+ reqmode & GR_WRITE ? " writing" : reqmode &
35886+ GR_APPEND ? " appending" : "");
35887+ return 0;
35888+ } else if (unlikely((mode & reqmode) != reqmode))
35889+ return 0;
35890+
35891+ return reqmode;
35892+}
35893+
35894+__u32
35895+gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
35896+ const int fmode)
35897+{
35898+ __u32 mode, reqmode = GR_FIND;
35899+
35900+ if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode))
35901+ reqmode |= GR_EXEC;
35902+ if (fmode & S_IWOTH)
35903+ reqmode |= GR_WRITE;
35904+ if (fmode & S_IROTH)
35905+ reqmode |= GR_READ;
35906+
35907+ mode =
35908+ gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
35909+ mnt);
35910+
35911+ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
35912+ gr_log_fs_rbac_mode3(GR_DO_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
35913+ reqmode & GR_READ ? " reading" : "",
35914+ reqmode & GR_WRITE ? " writing" : "",
35915+ reqmode & GR_EXEC ? " executing" : "");
35916+ return reqmode;
35917+ } else
35918+ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
35919+ {
35920+ gr_log_fs_rbac_mode3(GR_DONT_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
35921+ reqmode & GR_READ ? " reading" : "",
35922+ reqmode & GR_WRITE ? " writing" : "",
35923+ reqmode & GR_EXEC ? " executing" : "");
35924+ return 0;
35925+ } else if (unlikely((mode & reqmode) != reqmode))
35926+ return 0;
35927+
35928+ return reqmode;
35929+}
35930+
35931+static __u32 generic_fs_handler(const struct dentry *dentry, const struct vfsmount *mnt, __u32 reqmode, const char *fmt)
35932+{
35933+ __u32 mode;
35934+
35935+ mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt);
35936+
35937+ if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
35938+ gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, dentry, mnt);
35939+ return mode;
35940+ } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
35941+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, dentry, mnt);
35942+ return 0;
35943+ } else if (unlikely((mode & (reqmode)) != (reqmode)))
35944+ return 0;
35945+
35946+ return (reqmode);
35947+}
35948+
35949+__u32
35950+gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
35951+{
35952+ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG);
35953+}
35954+
35955+__u32
35956+gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt)
35957+{
35958+ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG);
35959+}
35960+
35961+__u32
35962+gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt)
35963+{
35964+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG);
35965+}
35966+
35967+__u32
35968+gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt)
35969+{
35970+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG);
35971+}
35972+
35973+__u32
35974+gr_acl_handle_fchmod(const struct dentry *dentry, const struct vfsmount *mnt,
35975+ mode_t mode)
35976+{
35977+ if (unlikely(dentry->d_inode && S_ISSOCK(dentry->d_inode->i_mode)))
35978+ return 1;
35979+
35980+ if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
35981+ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
35982+ GR_FCHMOD_ACL_MSG);
35983+ } else {
35984+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_FCHMOD_ACL_MSG);
35985+ }
35986+}
35987+
35988+__u32
35989+gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt,
35990+ mode_t mode)
35991+{
35992+ if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
35993+ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
35994+ GR_CHMOD_ACL_MSG);
35995+ } else {
35996+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG);
35997+ }
35998+}
35999+
36000+__u32
36001+gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt)
36002+{
36003+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG);
36004+}
36005+
36006+__u32
36007+gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
36008+{
36009+ return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
36010+}
36011+
36012+__u32
36013+gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt)
36014+{
36015+ return generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE,
36016+ GR_UNIXCONNECT_ACL_MSG);
36017+}
36018+
36019+/* hardlinks require at minimum create permission,
36020+ any additional privilege required is based on the
36021+ privilege of the file being linked to
36022+*/
36023+__u32
36024+gr_acl_handle_link(const struct dentry * new_dentry,
36025+ const struct dentry * parent_dentry,
36026+ const struct vfsmount * parent_mnt,
36027+ const struct dentry * old_dentry,
36028+ const struct vfsmount * old_mnt, const char *to)
36029+{
36030+ __u32 mode;
36031+ __u32 needmode = GR_CREATE | GR_LINK;
36032+ __u32 needaudit = GR_AUDIT_CREATE | GR_AUDIT_LINK;
36033+
36034+ mode =
36035+ gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry,
36036+ old_mnt);
36037+
36038+ if (unlikely(((mode & needmode) == needmode) && (mode & needaudit))) {
36039+ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
36040+ return mode;
36041+ } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
36042+ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
36043+ return 0;
36044+ } else if (unlikely((mode & needmode) != needmode))
36045+ return 0;
36046+
36047+ return 1;
36048+}
36049+
36050+__u32
36051+gr_acl_handle_symlink(const struct dentry * new_dentry,
36052+ const struct dentry * parent_dentry,
36053+ const struct vfsmount * parent_mnt, const char *from)
36054+{
36055+ __u32 needmode = GR_WRITE | GR_CREATE;
36056+ __u32 mode;
36057+
36058+ mode =
36059+ gr_check_create(new_dentry, parent_dentry, parent_mnt,
36060+ GR_CREATE | GR_AUDIT_CREATE |
36061+ GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS);
36062+
36063+ if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) {
36064+ gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
36065+ return mode;
36066+ } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
36067+ gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
36068+ return 0;
36069+ } else if (unlikely((mode & needmode) != needmode))
36070+ return 0;
36071+
36072+ return (GR_WRITE | GR_CREATE);
36073+}
36074+
36075+static __u32 generic_fs_create_handler(const struct dentry *new_dentry, const struct dentry *parent_dentry, const struct vfsmount *parent_mnt, __u32 reqmode, const char *fmt)
36076+{
36077+ __u32 mode;
36078+
36079+ mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
36080+
36081+ if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
36082+ gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, new_dentry, parent_mnt);
36083+ return mode;
36084+ } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
36085+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, new_dentry, parent_mnt);
36086+ return 0;
36087+ } else if (unlikely((mode & (reqmode)) != (reqmode)))
36088+ return 0;
36089+
36090+ return (reqmode);
36091+}
36092+
36093+__u32
36094+gr_acl_handle_mknod(const struct dentry * new_dentry,
36095+ const struct dentry * parent_dentry,
36096+ const struct vfsmount * parent_mnt,
36097+ const int mode)
36098+{
36099+ __u32 reqmode = GR_WRITE | GR_CREATE;
36100+ if (unlikely(mode & (S_ISUID | S_ISGID)))
36101+ reqmode |= GR_SETID;
36102+
36103+ return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
36104+ reqmode, GR_MKNOD_ACL_MSG);
36105+}
36106+
36107+__u32
36108+gr_acl_handle_mkdir(const struct dentry *new_dentry,
36109+ const struct dentry *parent_dentry,
36110+ const struct vfsmount *parent_mnt)
36111+{
36112+ return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
36113+ GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG);
36114+}
36115+
36116+#define RENAME_CHECK_SUCCESS(old, new) \
36117+ (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \
36118+ ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)))
36119+
36120+int
36121+gr_acl_handle_rename(struct dentry *new_dentry,
36122+ struct dentry *parent_dentry,
36123+ const struct vfsmount *parent_mnt,
36124+ struct dentry *old_dentry,
36125+ struct inode *old_parent_inode,
36126+ struct vfsmount *old_mnt, const char *newname)
36127+{
36128+ __u32 comp1, comp2;
36129+ int error = 0;
36130+
36131+ if (unlikely(!gr_acl_is_enabled()))
36132+ return 0;
36133+
36134+ if (!new_dentry->d_inode) {
36135+ comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt,
36136+ GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ |
36137+ GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS);
36138+ comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE |
36139+ GR_DELETE | GR_AUDIT_DELETE |
36140+ GR_AUDIT_READ | GR_AUDIT_WRITE |
36141+ GR_SUPPRESS, old_mnt);
36142+ } else {
36143+ comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
36144+ GR_CREATE | GR_DELETE |
36145+ GR_AUDIT_CREATE | GR_AUDIT_DELETE |
36146+ GR_AUDIT_READ | GR_AUDIT_WRITE |
36147+ GR_SUPPRESS, parent_mnt);
36148+ comp2 =
36149+ gr_search_file(old_dentry,
36150+ GR_READ | GR_WRITE | GR_AUDIT_READ |
36151+ GR_DELETE | GR_AUDIT_DELETE |
36152+ GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
36153+ }
36154+
36155+ if (RENAME_CHECK_SUCCESS(comp1, comp2) &&
36156+ ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS)))
36157+ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
36158+ else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS)
36159+ && !(comp2 & GR_SUPPRESS)) {
36160+ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
36161+ error = -EACCES;
36162+ } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2)))
36163+ error = -EACCES;
36164+
36165+ return error;
36166+}
36167+
36168+void
36169+gr_acl_handle_exit(void)
36170+{
36171+ u16 id;
36172+ char *rolename;
36173+ struct file *exec_file;
36174+
36175+ if (unlikely(current->acl_sp_role && gr_acl_is_enabled())) {
36176+ id = current->acl_role_id;
36177+ rolename = current->role->rolename;
36178+ gr_set_acls(1);
36179+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id);
36180+ }
36181+
36182+ write_lock(&grsec_exec_file_lock);
36183+ exec_file = current->exec_file;
36184+ current->exec_file = NULL;
36185+ write_unlock(&grsec_exec_file_lock);
36186+
36187+ if (exec_file)
36188+ fput(exec_file);
36189+}
36190+
36191+int
36192+gr_acl_handle_procpidmem(const struct task_struct *task)
36193+{
36194+ if (unlikely(!gr_acl_is_enabled()))
36195+ return 0;
36196+
36197+ if (task != current && task->acl->mode & GR_PROTPROCFD)
36198+ return -EACCES;
36199+
36200+ return 0;
36201+}
36202diff -urNp linux-2.6.32.8/grsecurity/gracl_ip.c linux-2.6.32.8/grsecurity/gracl_ip.c
36203--- linux-2.6.32.8/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500
36204+++ linux-2.6.32.8/grsecurity/gracl_ip.c 2010-02-13 21:45:10.739890317 -0500
36205@@ -0,0 +1,339 @@
36206+#include <linux/kernel.h>
36207+#include <asm/uaccess.h>
36208+#include <asm/errno.h>
36209+#include <net/sock.h>
36210+#include <linux/file.h>
36211+#include <linux/fs.h>
36212+#include <linux/net.h>
36213+#include <linux/in.h>
36214+#include <linux/skbuff.h>
36215+#include <linux/ip.h>
36216+#include <linux/udp.h>
36217+#include <linux/smp_lock.h>
36218+#include <linux/types.h>
36219+#include <linux/sched.h>
36220+#include <linux/netdevice.h>
36221+#include <linux/inetdevice.h>
36222+#include <linux/gracl.h>
36223+#include <linux/grsecurity.h>
36224+#include <linux/grinternal.h>
36225+
36226+#define GR_BIND 0x01
36227+#define GR_CONNECT 0x02
36228+#define GR_INVERT 0x04
36229+#define GR_BINDOVERRIDE 0x08
36230+#define GR_CONNECTOVERRIDE 0x10
36231+
36232+static const char * gr_protocols[256] = {
36233+ "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt",
36234+ "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet",
36235+ "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1",
36236+ "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp",
36237+ "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++",
36238+ "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre",
36239+ "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile",
36240+ "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63",
36241+ "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv",
36242+ "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak",
36243+ "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf",
36244+ "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp",
36245+ "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim",
36246+ "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip",
36247+ "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp",
36248+ "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup",
36249+ "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135",
36250+ "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143",
36251+ "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151",
36252+ "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159",
36253+ "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167",
36254+ "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175",
36255+ "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183",
36256+ "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191",
36257+ "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199",
36258+ "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207",
36259+ "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215",
36260+ "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223",
36261+ "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231",
36262+ "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239",
36263+ "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247",
36264+ "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255",
36265+ };
36266+
36267+static const char * gr_socktypes[11] = {
36268+ "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6",
36269+ "unknown:7", "unknown:8", "unknown:9", "packet"
36270+ };
36271+
36272+const char *
36273+gr_proto_to_name(unsigned char proto)
36274+{
36275+ return gr_protocols[proto];
36276+}
36277+
36278+const char *
36279+gr_socktype_to_name(unsigned char type)
36280+{
36281+ return gr_socktypes[type];
36282+}
36283+
36284+int
36285+gr_search_socket(const int domain, const int type, const int protocol)
36286+{
36287+ struct acl_subject_label *curr;
36288+ const struct cred *cred = current_cred();
36289+
36290+ if (unlikely(!gr_acl_is_enabled()))
36291+ goto exit;
36292+
36293+ if ((domain < 0) || (type < 0) || (protocol < 0) || (domain != PF_INET)
36294+ || (domain >= NPROTO) || (type >= SOCK_MAX) || (protocol > 255))
36295+ goto exit; // let the kernel handle it
36296+
36297+ curr = current->acl;
36298+
36299+ if (!curr->ips)
36300+ goto exit;
36301+
36302+ if ((curr->ip_type & (1 << type)) &&
36303+ (curr->ip_proto[protocol / 32] & (1 << (protocol % 32))))
36304+ goto exit;
36305+
36306+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
36307+ /* we don't place acls on raw sockets , and sometimes
36308+ dgram/ip sockets are opened for ioctl and not
36309+ bind/connect, so we'll fake a bind learn log */
36310+ if (type == SOCK_RAW || type == SOCK_PACKET) {
36311+ __u32 fakeip = 0;
36312+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
36313+ current->role->roletype, cred->uid,
36314+ cred->gid, current->exec_file ?
36315+ gr_to_filename(current->exec_file->f_path.dentry,
36316+ current->exec_file->f_path.mnt) :
36317+ curr->filename, curr->filename,
36318+ &fakeip, 0, type,
36319+ protocol, GR_CONNECT, &current->signal->curr_ip);
36320+ } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
36321+ __u32 fakeip = 0;
36322+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
36323+ current->role->roletype, cred->uid,
36324+ cred->gid, current->exec_file ?
36325+ gr_to_filename(current->exec_file->f_path.dentry,
36326+ current->exec_file->f_path.mnt) :
36327+ curr->filename, curr->filename,
36328+ &fakeip, 0, type,
36329+ protocol, GR_BIND, &current->signal->curr_ip);
36330+ }
36331+ /* we'll log when they use connect or bind */
36332+ goto exit;
36333+ }
36334+
36335+ gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, "inet",
36336+ gr_socktype_to_name(type), gr_proto_to_name(protocol));
36337+
36338+ return 0;
36339+ exit:
36340+ return 1;
36341+}
36342+
36343+int check_ip_policy(struct acl_ip_label *ip, __u32 ip_addr, __u16 ip_port, __u8 protocol, const int mode, const int type, __u32 our_addr, __u32 our_netmask)
36344+{
36345+ if ((ip->mode & mode) &&
36346+ (ip_port >= ip->low) &&
36347+ (ip_port <= ip->high) &&
36348+ ((ntohl(ip_addr) & our_netmask) ==
36349+ (ntohl(our_addr) & our_netmask))
36350+ && (ip->proto[protocol / 32] & (1 << (protocol % 32)))
36351+ && (ip->type & (1 << type))) {
36352+ if (ip->mode & GR_INVERT)
36353+ return 2; // specifically denied
36354+ else
36355+ return 1; // allowed
36356+ }
36357+
36358+ return 0; // not specifically allowed, may continue parsing
36359+}
36360+
36361+static int
36362+gr_search_connectbind(const int full_mode, struct sock *sk,
36363+ struct sockaddr_in *addr, const int type)
36364+{
36365+ char iface[IFNAMSIZ] = {0};
36366+ struct acl_subject_label *curr;
36367+ struct acl_ip_label *ip;
36368+ struct inet_sock *isk;
36369+ struct net_device *dev;
36370+ struct in_device *idev;
36371+ unsigned long i;
36372+ int ret;
36373+ int mode = full_mode & (GR_BIND | GR_CONNECT);
36374+ __u32 ip_addr = 0;
36375+ __u32 our_addr;
36376+ __u32 our_netmask;
36377+ char *p;
36378+ __u16 ip_port = 0;
36379+ const struct cred *cred = current_cred();
36380+
36381+ if (unlikely(!gr_acl_is_enabled() || sk->sk_family != PF_INET))
36382+ return 0;
36383+
36384+ curr = current->acl;
36385+ isk = inet_sk(sk);
36386+
36387+ /* INADDR_ANY overriding for binds, inaddr_any_override is already in network order */
36388+ if ((full_mode & GR_BINDOVERRIDE) && addr->sin_addr.s_addr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0)
36389+ addr->sin_addr.s_addr = curr->inaddr_any_override;
36390+ if ((full_mode & GR_CONNECT) && isk->saddr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0) {
36391+ struct sockaddr_in saddr;
36392+ int err;
36393+
36394+ saddr.sin_family = AF_INET;
36395+ saddr.sin_addr.s_addr = curr->inaddr_any_override;
36396+ saddr.sin_port = isk->sport;
36397+
36398+ err = security_socket_bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
36399+ if (err)
36400+ return err;
36401+
36402+ err = sk->sk_socket->ops->bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
36403+ if (err)
36404+ return err;
36405+ }
36406+
36407+ if (!curr->ips)
36408+ return 0;
36409+
36410+ ip_addr = addr->sin_addr.s_addr;
36411+ ip_port = ntohs(addr->sin_port);
36412+
36413+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
36414+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
36415+ current->role->roletype, cred->uid,
36416+ cred->gid, current->exec_file ?
36417+ gr_to_filename(current->exec_file->f_path.dentry,
36418+ current->exec_file->f_path.mnt) :
36419+ curr->filename, curr->filename,
36420+ &ip_addr, ip_port, type,
36421+ sk->sk_protocol, mode, &current->signal->curr_ip);
36422+ return 0;
36423+ }
36424+
36425+ for (i = 0; i < curr->ip_num; i++) {
36426+ ip = *(curr->ips + i);
36427+ if (ip->iface != NULL) {
36428+ strncpy(iface, ip->iface, IFNAMSIZ - 1);
36429+ p = strchr(iface, ':');
36430+ if (p != NULL)
36431+ *p = '\0';
36432+ dev = dev_get_by_name(sock_net(sk), iface);
36433+ if (dev == NULL)
36434+ continue;
36435+ idev = in_dev_get(dev);
36436+ if (idev == NULL) {
36437+ dev_put(dev);
36438+ continue;
36439+ }
36440+ rcu_read_lock();
36441+ for_ifa(idev) {
36442+ if (!strcmp(ip->iface, ifa->ifa_label)) {
36443+ our_addr = ifa->ifa_address;
36444+ our_netmask = 0xffffffff;
36445+ ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
36446+ if (ret == 1) {
36447+ rcu_read_unlock();
36448+ in_dev_put(idev);
36449+ dev_put(dev);
36450+ return 0;
36451+ } else if (ret == 2) {
36452+ rcu_read_unlock();
36453+ in_dev_put(idev);
36454+ dev_put(dev);
36455+ goto denied;
36456+ }
36457+ }
36458+ } endfor_ifa(idev);
36459+ rcu_read_unlock();
36460+ in_dev_put(idev);
36461+ dev_put(dev);
36462+ } else {
36463+ our_addr = ip->addr;
36464+ our_netmask = ip->netmask;
36465+ ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
36466+ if (ret == 1)
36467+ return 0;
36468+ else if (ret == 2)
36469+ goto denied;
36470+ }
36471+ }
36472+
36473+denied:
36474+ if (mode == GR_BIND)
36475+ gr_log_int5_str2(GR_DONT_AUDIT, GR_BIND_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
36476+ else if (mode == GR_CONNECT)
36477+ gr_log_int5_str2(GR_DONT_AUDIT, GR_CONNECT_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
36478+
36479+ return -EACCES;
36480+}
36481+
36482+int
36483+gr_search_connect(struct socket *sock, struct sockaddr_in *addr)
36484+{
36485+ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type);
36486+}
36487+
36488+int
36489+gr_search_bind(struct socket *sock, struct sockaddr_in *addr)
36490+{
36491+ return gr_search_connectbind(GR_BIND | GR_BINDOVERRIDE, sock->sk, addr, sock->type);
36492+}
36493+
36494+int gr_search_listen(struct socket *sock)
36495+{
36496+ struct sock *sk = sock->sk;
36497+ struct sockaddr_in addr;
36498+
36499+ addr.sin_addr.s_addr = inet_sk(sk)->saddr;
36500+ addr.sin_port = inet_sk(sk)->sport;
36501+
36502+ return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
36503+}
36504+
36505+int gr_search_accept(struct socket *sock)
36506+{
36507+ struct sock *sk = sock->sk;
36508+ struct sockaddr_in addr;
36509+
36510+ addr.sin_addr.s_addr = inet_sk(sk)->saddr;
36511+ addr.sin_port = inet_sk(sk)->sport;
36512+
36513+ return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
36514+}
36515+
36516+int
36517+gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr)
36518+{
36519+ if (addr)
36520+ return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM);
36521+ else {
36522+ struct sockaddr_in sin;
36523+ const struct inet_sock *inet = inet_sk(sk);
36524+
36525+ sin.sin_addr.s_addr = inet->daddr;
36526+ sin.sin_port = inet->dport;
36527+
36528+ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
36529+ }
36530+}
36531+
36532+int
36533+gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb)
36534+{
36535+ struct sockaddr_in sin;
36536+
36537+ if (unlikely(skb->len < sizeof (struct udphdr)))
36538+ return 0; // skip this packet
36539+
36540+ sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
36541+ sin.sin_port = udp_hdr(skb)->source;
36542+
36543+ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
36544+}
36545diff -urNp linux-2.6.32.8/grsecurity/gracl_learn.c linux-2.6.32.8/grsecurity/gracl_learn.c
36546--- linux-2.6.32.8/grsecurity/gracl_learn.c 1969-12-31 19:00:00.000000000 -0500
36547+++ linux-2.6.32.8/grsecurity/gracl_learn.c 2010-02-13 21:45:10.739890317 -0500
36548@@ -0,0 +1,211 @@
36549+#include <linux/kernel.h>
36550+#include <linux/mm.h>
36551+#include <linux/sched.h>
36552+#include <linux/poll.h>
36553+#include <linux/smp_lock.h>
36554+#include <linux/string.h>
36555+#include <linux/file.h>
36556+#include <linux/types.h>
36557+#include <linux/vmalloc.h>
36558+#include <linux/grinternal.h>
36559+
36560+extern ssize_t write_grsec_handler(struct file * file, const char __user * buf,
36561+ size_t count, loff_t *ppos);
36562+extern int gr_acl_is_enabled(void);
36563+
36564+static DECLARE_WAIT_QUEUE_HEAD(learn_wait);
36565+static int gr_learn_attached;
36566+
36567+/* use a 512k buffer */
36568+#define LEARN_BUFFER_SIZE (512 * 1024)
36569+
36570+static DEFINE_SPINLOCK(gr_learn_lock);
36571+static DECLARE_MUTEX(gr_learn_user_sem);
36572+
36573+/* we need to maintain two buffers, so that the kernel context of grlearn
36574+ uses a semaphore around the userspace copying, and the other kernel contexts
36575+ use a spinlock when copying into the buffer, since they cannot sleep
36576+*/
36577+static char *learn_buffer;
36578+static char *learn_buffer_user;
36579+static int learn_buffer_len;
36580+static int learn_buffer_user_len;
36581+
36582+static ssize_t
36583+read_learn(struct file *file, char __user * buf, size_t count, loff_t * ppos)
36584+{
36585+ DECLARE_WAITQUEUE(wait, current);
36586+ ssize_t retval = 0;
36587+
36588+ add_wait_queue(&learn_wait, &wait);
36589+ set_current_state(TASK_INTERRUPTIBLE);
36590+ do {
36591+ down(&gr_learn_user_sem);
36592+ spin_lock(&gr_learn_lock);
36593+ if (learn_buffer_len)
36594+ break;
36595+ spin_unlock(&gr_learn_lock);
36596+ up(&gr_learn_user_sem);
36597+ if (file->f_flags & O_NONBLOCK) {
36598+ retval = -EAGAIN;
36599+ goto out;
36600+ }
36601+ if (signal_pending(current)) {
36602+ retval = -ERESTARTSYS;
36603+ goto out;
36604+ }
36605+
36606+ schedule();
36607+ } while (1);
36608+
36609+ memcpy(learn_buffer_user, learn_buffer, learn_buffer_len);
36610+ learn_buffer_user_len = learn_buffer_len;
36611+ retval = learn_buffer_len;
36612+ learn_buffer_len = 0;
36613+
36614+ spin_unlock(&gr_learn_lock);
36615+
36616+ if (copy_to_user(buf, learn_buffer_user, learn_buffer_user_len))
36617+ retval = -EFAULT;
36618+
36619+ up(&gr_learn_user_sem);
36620+out:
36621+ set_current_state(TASK_RUNNING);
36622+ remove_wait_queue(&learn_wait, &wait);
36623+ return retval;
36624+}
36625+
36626+static unsigned int
36627+poll_learn(struct file * file, poll_table * wait)
36628+{
36629+ poll_wait(file, &learn_wait, wait);
36630+
36631+ if (learn_buffer_len)
36632+ return (POLLIN | POLLRDNORM);
36633+
36634+ return 0;
36635+}
36636+
36637+void
36638+gr_clear_learn_entries(void)
36639+{
36640+ char *tmp;
36641+
36642+ down(&gr_learn_user_sem);
36643+ if (learn_buffer != NULL) {
36644+ spin_lock(&gr_learn_lock);
36645+ tmp = learn_buffer;
36646+ learn_buffer = NULL;
36647+ spin_unlock(&gr_learn_lock);
36648+ vfree(learn_buffer);
36649+ }
36650+ if (learn_buffer_user != NULL) {
36651+ vfree(learn_buffer_user);
36652+ learn_buffer_user = NULL;
36653+ }
36654+ learn_buffer_len = 0;
36655+ up(&gr_learn_user_sem);
36656+
36657+ return;
36658+}
36659+
36660+void
36661+gr_add_learn_entry(const char *fmt, ...)
36662+{
36663+ va_list args;
36664+ unsigned int len;
36665+
36666+ if (!gr_learn_attached)
36667+ return;
36668+
36669+ spin_lock(&gr_learn_lock);
36670+
36671+ /* leave a gap at the end so we know when it's "full" but don't have to
36672+ compute the exact length of the string we're trying to append
36673+ */
36674+ if (learn_buffer_len > LEARN_BUFFER_SIZE - 16384) {
36675+ spin_unlock(&gr_learn_lock);
36676+ wake_up_interruptible(&learn_wait);
36677+ return;
36678+ }
36679+ if (learn_buffer == NULL) {
36680+ spin_unlock(&gr_learn_lock);
36681+ return;
36682+ }
36683+
36684+ va_start(args, fmt);
36685+ len = vsnprintf(learn_buffer + learn_buffer_len, LEARN_BUFFER_SIZE - learn_buffer_len, fmt, args);
36686+ va_end(args);
36687+
36688+ learn_buffer_len += len + 1;
36689+
36690+ spin_unlock(&gr_learn_lock);
36691+ wake_up_interruptible(&learn_wait);
36692+
36693+ return;
36694+}
36695+
36696+static int
36697+open_learn(struct inode *inode, struct file *file)
36698+{
36699+ if (file->f_mode & FMODE_READ && gr_learn_attached)
36700+ return -EBUSY;
36701+ if (file->f_mode & FMODE_READ) {
36702+ int retval = 0;
36703+ down(&gr_learn_user_sem);
36704+ if (learn_buffer == NULL)
36705+ learn_buffer = vmalloc(LEARN_BUFFER_SIZE);
36706+ if (learn_buffer_user == NULL)
36707+ learn_buffer_user = vmalloc(LEARN_BUFFER_SIZE);
36708+ if (learn_buffer == NULL) {
36709+ retval = -ENOMEM;
36710+ goto out_error;
36711+ }
36712+ if (learn_buffer_user == NULL) {
36713+ retval = -ENOMEM;
36714+ goto out_error;
36715+ }
36716+ learn_buffer_len = 0;
36717+ learn_buffer_user_len = 0;
36718+ gr_learn_attached = 1;
36719+out_error:
36720+ up(&gr_learn_user_sem);
36721+ return retval;
36722+ }
36723+ return 0;
36724+}
36725+
36726+static int
36727+close_learn(struct inode *inode, struct file *file)
36728+{
36729+ char *tmp;
36730+
36731+ if (file->f_mode & FMODE_READ) {
36732+ down(&gr_learn_user_sem);
36733+ if (learn_buffer != NULL) {
36734+ spin_lock(&gr_learn_lock);
36735+ tmp = learn_buffer;
36736+ learn_buffer = NULL;
36737+ spin_unlock(&gr_learn_lock);
36738+ vfree(tmp);
36739+ }
36740+ if (learn_buffer_user != NULL) {
36741+ vfree(learn_buffer_user);
36742+ learn_buffer_user = NULL;
36743+ }
36744+ learn_buffer_len = 0;
36745+ learn_buffer_user_len = 0;
36746+ gr_learn_attached = 0;
36747+ up(&gr_learn_user_sem);
36748+ }
36749+
36750+ return 0;
36751+}
36752+
36753+const struct file_operations grsec_fops = {
36754+ .read = read_learn,
36755+ .write = write_grsec_handler,
36756+ .open = open_learn,
36757+ .release = close_learn,
36758+ .poll = poll_learn,
36759+};
36760diff -urNp linux-2.6.32.8/grsecurity/gracl_res.c linux-2.6.32.8/grsecurity/gracl_res.c
36761--- linux-2.6.32.8/grsecurity/gracl_res.c 1969-12-31 19:00:00.000000000 -0500
36762+++ linux-2.6.32.8/grsecurity/gracl_res.c 2010-02-13 21:45:10.739890317 -0500
36763@@ -0,0 +1,65 @@
36764+#include <linux/kernel.h>
36765+#include <linux/sched.h>
36766+#include <linux/gracl.h>
36767+#include <linux/grinternal.h>
36768+
36769+static const char *restab_log[] = {
36770+ [RLIMIT_CPU] = "RLIMIT_CPU",
36771+ [RLIMIT_FSIZE] = "RLIMIT_FSIZE",
36772+ [RLIMIT_DATA] = "RLIMIT_DATA",
36773+ [RLIMIT_STACK] = "RLIMIT_STACK",
36774+ [RLIMIT_CORE] = "RLIMIT_CORE",
36775+ [RLIMIT_RSS] = "RLIMIT_RSS",
36776+ [RLIMIT_NPROC] = "RLIMIT_NPROC",
36777+ [RLIMIT_NOFILE] = "RLIMIT_NOFILE",
36778+ [RLIMIT_MEMLOCK] = "RLIMIT_MEMLOCK",
36779+ [RLIMIT_AS] = "RLIMIT_AS",
36780+ [RLIMIT_LOCKS] = "RLIMIT_LOCKS",
36781+ [RLIMIT_SIGPENDING] = "RLIMIT_SIGPENDING",
36782+ [RLIMIT_MSGQUEUE] = "RLIMIT_MSGQUEUE",
36783+ [RLIMIT_NICE] = "RLIMIT_NICE",
36784+ [RLIMIT_RTPRIO] = "RLIMIT_RTPRIO",
36785+ [RLIMIT_RTTIME] = "RLIMIT_RTTIME",
36786+ [GR_CRASH_RES] = "RLIMIT_CRASH"
36787+};
36788+
36789+void
36790+gr_log_resource(const struct task_struct *task,
36791+ const int res, const unsigned long wanted, const int gt)
36792+{
36793+ const struct cred *cred;
36794+
36795+ if (!gr_acl_is_enabled() && !grsec_resource_logging)
36796+ return;
36797+
36798+ // not yet supported resource
36799+ if (!restab_log[res])
36800+ return;
36801+
36802+ rcu_read_lock();
36803+ cred = __task_cred(task);
36804+
36805+ if (res == RLIMIT_NPROC &&
36806+ (cap_raised(cred->cap_effective, CAP_SYS_ADMIN) ||
36807+ cap_raised(cred->cap_effective, CAP_SYS_RESOURCE)))
36808+ goto out_rcu_unlock;
36809+ else if (res == RLIMIT_MEMLOCK &&
36810+ cap_raised(cred->cap_effective, CAP_IPC_LOCK))
36811+ goto out_rcu_unlock;
36812+ else if (res == RLIMIT_NICE && cap_raised(cred->cap_effective, CAP_SYS_NICE))
36813+ goto out_rcu_unlock;
36814+ rcu_read_unlock();
36815+
36816+ preempt_disable();
36817+
36818+ if (unlikely(((gt && wanted > task->signal->rlim[res].rlim_cur) ||
36819+ (!gt && wanted >= task->signal->rlim[res].rlim_cur)) &&
36820+ task->signal->rlim[res].rlim_cur != RLIM_INFINITY))
36821+ gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], task->signal->rlim[res].rlim_cur);
36822+ preempt_enable_no_resched();
36823+
36824+ return;
36825+out_rcu_unlock:
36826+ rcu_read_unlock();
36827+ return;
36828+}
36829diff -urNp linux-2.6.32.8/grsecurity/gracl_segv.c linux-2.6.32.8/grsecurity/gracl_segv.c
36830--- linux-2.6.32.8/grsecurity/gracl_segv.c 1969-12-31 19:00:00.000000000 -0500
36831+++ linux-2.6.32.8/grsecurity/gracl_segv.c 2010-02-13 21:45:10.739890317 -0500
36832@@ -0,0 +1,310 @@
36833+#include <linux/kernel.h>
36834+#include <linux/mm.h>
36835+#include <asm/uaccess.h>
36836+#include <asm/errno.h>
36837+#include <asm/mman.h>
36838+#include <net/sock.h>
36839+#include <linux/file.h>
36840+#include <linux/fs.h>
36841+#include <linux/net.h>
36842+#include <linux/in.h>
36843+#include <linux/smp_lock.h>
36844+#include <linux/slab.h>
36845+#include <linux/types.h>
36846+#include <linux/sched.h>
36847+#include <linux/timer.h>
36848+#include <linux/gracl.h>
36849+#include <linux/grsecurity.h>
36850+#include <linux/grinternal.h>
36851+
36852+static struct crash_uid *uid_set;
36853+static unsigned short uid_used;
36854+static DEFINE_SPINLOCK(gr_uid_lock);
36855+extern rwlock_t gr_inode_lock;
36856+extern struct acl_subject_label *
36857+ lookup_acl_subj_label(const ino_t inode, const dev_t dev,
36858+ struct acl_role_label *role);
36859+extern int specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t);
36860+
36861+int
36862+gr_init_uidset(void)
36863+{
36864+ uid_set =
36865+ kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL);
36866+ uid_used = 0;
36867+
36868+ return uid_set ? 1 : 0;
36869+}
36870+
36871+void
36872+gr_free_uidset(void)
36873+{
36874+ if (uid_set)
36875+ kfree(uid_set);
36876+
36877+ return;
36878+}
36879+
36880+int
36881+gr_find_uid(const uid_t uid)
36882+{
36883+ struct crash_uid *tmp = uid_set;
36884+ uid_t buid;
36885+ int low = 0, high = uid_used - 1, mid;
36886+
36887+ while (high >= low) {
36888+ mid = (low + high) >> 1;
36889+ buid = tmp[mid].uid;
36890+ if (buid == uid)
36891+ return mid;
36892+ if (buid > uid)
36893+ high = mid - 1;
36894+ if (buid < uid)
36895+ low = mid + 1;
36896+ }
36897+
36898+ return -1;
36899+}
36900+
36901+static __inline__ void
36902+gr_insertsort(void)
36903+{
36904+ unsigned short i, j;
36905+ struct crash_uid index;
36906+
36907+ for (i = 1; i < uid_used; i++) {
36908+ index = uid_set[i];
36909+ j = i;
36910+ while ((j > 0) && uid_set[j - 1].uid > index.uid) {
36911+ uid_set[j] = uid_set[j - 1];
36912+ j--;
36913+ }
36914+ uid_set[j] = index;
36915+ }
36916+
36917+ return;
36918+}
36919+
36920+static __inline__ void
36921+gr_insert_uid(const uid_t uid, const unsigned long expires)
36922+{
36923+ int loc;
36924+
36925+ if (uid_used == GR_UIDTABLE_MAX)
36926+ return;
36927+
36928+ loc = gr_find_uid(uid);
36929+
36930+ if (loc >= 0) {
36931+ uid_set[loc].expires = expires;
36932+ return;
36933+ }
36934+
36935+ uid_set[uid_used].uid = uid;
36936+ uid_set[uid_used].expires = expires;
36937+ uid_used++;
36938+
36939+ gr_insertsort();
36940+
36941+ return;
36942+}
36943+
36944+void
36945+gr_remove_uid(const unsigned short loc)
36946+{
36947+ unsigned short i;
36948+
36949+ for (i = loc + 1; i < uid_used; i++)
36950+ uid_set[i - 1] = uid_set[i];
36951+
36952+ uid_used--;
36953+
36954+ return;
36955+}
36956+
36957+int
36958+gr_check_crash_uid(const uid_t uid)
36959+{
36960+ int loc;
36961+ int ret = 0;
36962+
36963+ if (unlikely(!gr_acl_is_enabled()))
36964+ return 0;
36965+
36966+ spin_lock(&gr_uid_lock);
36967+ loc = gr_find_uid(uid);
36968+
36969+ if (loc < 0)
36970+ goto out_unlock;
36971+
36972+ if (time_before_eq(uid_set[loc].expires, get_seconds()))
36973+ gr_remove_uid(loc);
36974+ else
36975+ ret = 1;
36976+
36977+out_unlock:
36978+ spin_unlock(&gr_uid_lock);
36979+ return ret;
36980+}
36981+
36982+static __inline__ int
36983+proc_is_setxid(const struct cred *cred)
36984+{
36985+ if (cred->uid != cred->euid || cred->uid != cred->suid ||
36986+ cred->uid != cred->fsuid)
36987+ return 1;
36988+ if (cred->gid != cred->egid || cred->gid != cred->sgid ||
36989+ cred->gid != cred->fsgid)
36990+ return 1;
36991+
36992+ return 0;
36993+}
36994+static __inline__ int
36995+gr_fake_force_sig(int sig, struct task_struct *t)
36996+{
36997+ unsigned long int flags;
36998+ int ret, blocked, ignored;
36999+ struct k_sigaction *action;
37000+
37001+ spin_lock_irqsave(&t->sighand->siglock, flags);
37002+ action = &t->sighand->action[sig-1];
37003+ ignored = action->sa.sa_handler == SIG_IGN;
37004+ blocked = sigismember(&t->blocked, sig);
37005+ if (blocked || ignored) {
37006+ action->sa.sa_handler = SIG_DFL;
37007+ if (blocked) {
37008+ sigdelset(&t->blocked, sig);
37009+ recalc_sigpending_and_wake(t);
37010+ }
37011+ }
37012+ if (action->sa.sa_handler == SIG_DFL)
37013+ t->signal->flags &= ~SIGNAL_UNKILLABLE;
37014+ ret = specific_send_sig_info(sig, SEND_SIG_PRIV, t);
37015+
37016+ spin_unlock_irqrestore(&t->sighand->siglock, flags);
37017+
37018+ return ret;
37019+}
37020+
37021+void
37022+gr_handle_crash(struct task_struct *task, const int sig)
37023+{
37024+ struct acl_subject_label *curr;
37025+ struct acl_subject_label *curr2;
37026+ struct task_struct *tsk, *tsk2;
37027+ const struct cred *cred;
37028+ const struct cred *cred2;
37029+
37030+ if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL)
37031+ return;
37032+
37033+ if (unlikely(!gr_acl_is_enabled()))
37034+ return;
37035+
37036+ curr = task->acl;
37037+
37038+ if (!(curr->resmask & (1 << GR_CRASH_RES)))
37039+ return;
37040+
37041+ if (time_before_eq(curr->expires, get_seconds())) {
37042+ curr->expires = 0;
37043+ curr->crashes = 0;
37044+ }
37045+
37046+ curr->crashes++;
37047+
37048+ if (!curr->expires)
37049+ curr->expires = get_seconds() + curr->res[GR_CRASH_RES].rlim_max;
37050+
37051+ if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
37052+ time_after(curr->expires, get_seconds())) {
37053+ rcu_read_lock();
37054+ cred = __task_cred(task);
37055+ if (cred->uid && proc_is_setxid(cred)) {
37056+ gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
37057+ spin_lock(&gr_uid_lock);
37058+ gr_insert_uid(cred->uid, curr->expires);
37059+ spin_unlock(&gr_uid_lock);
37060+ curr->expires = 0;
37061+ curr->crashes = 0;
37062+ read_lock(&tasklist_lock);
37063+ do_each_thread(tsk2, tsk) {
37064+ cred2 = __task_cred(tsk);
37065+ if (tsk != task && cred2->uid == cred->uid)
37066+ gr_fake_force_sig(SIGKILL, tsk);
37067+ } while_each_thread(tsk2, tsk);
37068+ read_unlock(&tasklist_lock);
37069+ } else {
37070+ gr_log_crash2(GR_DONT_AUDIT, GR_SEGVNOSUID_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
37071+ read_lock(&tasklist_lock);
37072+ do_each_thread(tsk2, tsk) {
37073+ if (likely(tsk != task)) {
37074+ curr2 = tsk->acl;
37075+
37076+ if (curr2->device == curr->device &&
37077+ curr2->inode == curr->inode)
37078+ gr_fake_force_sig(SIGKILL, tsk);
37079+ }
37080+ } while_each_thread(tsk2, tsk);
37081+ read_unlock(&tasklist_lock);
37082+ }
37083+ rcu_read_unlock();
37084+ }
37085+
37086+ return;
37087+}
37088+
37089+int
37090+gr_check_crash_exec(const struct file *filp)
37091+{
37092+ struct acl_subject_label *curr;
37093+
37094+ if (unlikely(!gr_acl_is_enabled()))
37095+ return 0;
37096+
37097+ read_lock(&gr_inode_lock);
37098+ curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino,
37099+ filp->f_path.dentry->d_inode->i_sb->s_dev,
37100+ current->role);
37101+ read_unlock(&gr_inode_lock);
37102+
37103+ if (!curr || !(curr->resmask & (1 << GR_CRASH_RES)) ||
37104+ (!curr->crashes && !curr->expires))
37105+ return 0;
37106+
37107+ if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
37108+ time_after(curr->expires, get_seconds()))
37109+ return 1;
37110+ else if (time_before_eq(curr->expires, get_seconds())) {
37111+ curr->crashes = 0;
37112+ curr->expires = 0;
37113+ }
37114+
37115+ return 0;
37116+}
37117+
37118+void
37119+gr_handle_alertkill(struct task_struct *task)
37120+{
37121+ struct acl_subject_label *curracl;
37122+ __u32 curr_ip;
37123+ struct task_struct *p, *p2;
37124+
37125+ if (unlikely(!gr_acl_is_enabled()))
37126+ return;
37127+
37128+ curracl = task->acl;
37129+ curr_ip = task->signal->curr_ip;
37130+
37131+ if ((curracl->mode & GR_KILLIPPROC) && curr_ip) {
37132+ read_lock(&tasklist_lock);
37133+ do_each_thread(p2, p) {
37134+ if (p->signal->curr_ip == curr_ip)
37135+ gr_fake_force_sig(SIGKILL, p);
37136+ } while_each_thread(p2, p);
37137+ read_unlock(&tasklist_lock);
37138+ } else if (curracl->mode & GR_KILLPROC)
37139+ gr_fake_force_sig(SIGKILL, task);
37140+
37141+ return;
37142+}
37143diff -urNp linux-2.6.32.8/grsecurity/gracl_shm.c linux-2.6.32.8/grsecurity/gracl_shm.c
37144--- linux-2.6.32.8/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500
37145+++ linux-2.6.32.8/grsecurity/gracl_shm.c 2010-02-13 21:45:10.739890317 -0500
37146@@ -0,0 +1,37 @@
37147+#include <linux/kernel.h>
37148+#include <linux/mm.h>
37149+#include <linux/sched.h>
37150+#include <linux/file.h>
37151+#include <linux/ipc.h>
37152+#include <linux/gracl.h>
37153+#include <linux/grsecurity.h>
37154+#include <linux/grinternal.h>
37155+
37156+int
37157+gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
37158+ const time_t shm_createtime, const uid_t cuid, const int shmid)
37159+{
37160+ struct task_struct *task;
37161+
37162+ if (!gr_acl_is_enabled())
37163+ return 1;
37164+
37165+ read_lock(&tasklist_lock);
37166+
37167+ task = find_task_by_vpid(shm_cprid);
37168+
37169+ if (unlikely(!task))
37170+ task = find_task_by_vpid(shm_lapid);
37171+
37172+ if (unlikely(task && (time_before_eq((unsigned long)task->start_time.tv_sec, (unsigned long)shm_createtime) ||
37173+ (task->pid == shm_lapid)) &&
37174+ (task->acl->mode & GR_PROTSHM) &&
37175+ (task->acl != current->acl))) {
37176+ read_unlock(&tasklist_lock);
37177+ gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid);
37178+ return 0;
37179+ }
37180+ read_unlock(&tasklist_lock);
37181+
37182+ return 1;
37183+}
37184diff -urNp linux-2.6.32.8/grsecurity/grsec_chdir.c linux-2.6.32.8/grsecurity/grsec_chdir.c
37185--- linux-2.6.32.8/grsecurity/grsec_chdir.c 1969-12-31 19:00:00.000000000 -0500
37186+++ linux-2.6.32.8/grsecurity/grsec_chdir.c 2010-02-13 21:45:10.739890317 -0500
37187@@ -0,0 +1,19 @@
37188+#include <linux/kernel.h>
37189+#include <linux/sched.h>
37190+#include <linux/fs.h>
37191+#include <linux/file.h>
37192+#include <linux/grsecurity.h>
37193+#include <linux/grinternal.h>
37194+
37195+void
37196+gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt)
37197+{
37198+#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
37199+ if ((grsec_enable_chdir && grsec_enable_group &&
37200+ in_group_p(grsec_audit_gid)) || (grsec_enable_chdir &&
37201+ !grsec_enable_group)) {
37202+ gr_log_fs_generic(GR_DO_AUDIT, GR_CHDIR_AUDIT_MSG, dentry, mnt);
37203+ }
37204+#endif
37205+ return;
37206+}
37207diff -urNp linux-2.6.32.8/grsecurity/grsec_chroot.c linux-2.6.32.8/grsecurity/grsec_chroot.c
37208--- linux-2.6.32.8/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
37209+++ linux-2.6.32.8/grsecurity/grsec_chroot.c 2010-02-13 21:45:10.739890317 -0500
37210@@ -0,0 +1,348 @@
37211+#include <linux/kernel.h>
37212+#include <linux/module.h>
37213+#include <linux/sched.h>
37214+#include <linux/file.h>
37215+#include <linux/fs.h>
37216+#include <linux/mount.h>
37217+#include <linux/types.h>
37218+#include <linux/pid_namespace.h>
37219+#include <linux/grsecurity.h>
37220+#include <linux/grinternal.h>
37221+
37222+int
37223+gr_handle_chroot_unix(const pid_t pid)
37224+{
37225+#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
37226+ struct pid *spid = NULL;
37227+
37228+ if (unlikely(!grsec_enable_chroot_unix))
37229+ return 1;
37230+
37231+ if (likely(!proc_is_chrooted(current)))
37232+ return 1;
37233+
37234+ read_lock(&tasklist_lock);
37235+
37236+ spid = find_vpid(pid);
37237+ if (spid) {
37238+ struct task_struct *p;
37239+ p = pid_task(spid, PIDTYPE_PID);
37240+ gr_fs_read_lock(p);
37241+ if (unlikely(!have_same_root(current, p))) {
37242+ gr_fs_read_unlock(p);
37243+ read_unlock(&tasklist_lock);
37244+ gr_log_noargs(GR_DONT_AUDIT, GR_UNIX_CHROOT_MSG);
37245+ return 0;
37246+ }
37247+ gr_fs_read_unlock(p);
37248+ }
37249+ read_unlock(&tasklist_lock);
37250+#endif
37251+ return 1;
37252+}
37253+
37254+int
37255+gr_handle_chroot_nice(void)
37256+{
37257+#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
37258+ if (grsec_enable_chroot_nice && proc_is_chrooted(current)) {
37259+ gr_log_noargs(GR_DONT_AUDIT, GR_NICE_CHROOT_MSG);
37260+ return -EPERM;
37261+ }
37262+#endif
37263+ return 0;
37264+}
37265+
37266+int
37267+gr_handle_chroot_setpriority(struct task_struct *p, const int niceval)
37268+{
37269+#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
37270+ if (grsec_enable_chroot_nice && (niceval < task_nice(p))
37271+ && proc_is_chrooted(current)) {
37272+ gr_log_str_int(GR_DONT_AUDIT, GR_PRIORITY_CHROOT_MSG, p->comm, p->pid);
37273+ return -EACCES;
37274+ }
37275+#endif
37276+ return 0;
37277+}
37278+
37279+int
37280+gr_handle_chroot_rawio(const struct inode *inode)
37281+{
37282+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
37283+ if (grsec_enable_chroot_caps && proc_is_chrooted(current) &&
37284+ inode && S_ISBLK(inode->i_mode) && !capable(CAP_SYS_RAWIO))
37285+ return 1;
37286+#endif
37287+ return 0;
37288+}
37289+
37290+int
37291+gr_pid_is_chrooted(struct task_struct *p)
37292+{
37293+#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
37294+ if (!grsec_enable_chroot_findtask || !proc_is_chrooted(current) || p == NULL)
37295+ return 0;
37296+
37297+ gr_fs_read_lock(p);
37298+ if ((p->exit_state & (EXIT_ZOMBIE | EXIT_DEAD)) ||
37299+ !have_same_root(current, p)) {
37300+ gr_fs_read_unlock(p);
37301+ return 1;
37302+ }
37303+ gr_fs_read_unlock(p);
37304+#endif
37305+ return 0;
37306+}
37307+
37308+EXPORT_SYMBOL(gr_pid_is_chrooted);
37309+
37310+#if defined(CONFIG_GRKERNSEC_CHROOT_DOUBLE) || defined(CONFIG_GRKERNSEC_CHROOT_FCHDIR)
37311+int gr_is_outside_chroot(const struct dentry *u_dentry, const struct vfsmount *u_mnt)
37312+{
37313+ struct dentry *dentry = (struct dentry *)u_dentry;
37314+ struct vfsmount *mnt = (struct vfsmount *)u_mnt;
37315+ struct dentry *realroot;
37316+ struct vfsmount *realrootmnt;
37317+ struct dentry *currentroot;
37318+ struct vfsmount *currentmnt;
37319+ struct task_struct *reaper = &init_task;
37320+ int ret = 1;
37321+
37322+ read_lock(&reaper->fs->lock);
37323+ realrootmnt = mntget(reaper->fs->root.mnt);
37324+ realroot = dget(reaper->fs->root.dentry);
37325+ read_unlock(&reaper->fs->lock);
37326+
37327+ read_lock(&current->fs->lock);
37328+ currentmnt = mntget(current->fs->root.mnt);
37329+ currentroot = dget(current->fs->root.dentry);
37330+ read_unlock(&current->fs->lock);
37331+
37332+ spin_lock(&dcache_lock);
37333+ for (;;) {
37334+ if (unlikely((dentry == realroot && mnt == realrootmnt)
37335+ || (dentry == currentroot && mnt == currentmnt)))
37336+ break;
37337+ if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) {
37338+ if (mnt->mnt_parent == mnt)
37339+ break;
37340+ dentry = mnt->mnt_mountpoint;
37341+ mnt = mnt->mnt_parent;
37342+ continue;
37343+ }
37344+ dentry = dentry->d_parent;
37345+ }
37346+ spin_unlock(&dcache_lock);
37347+
37348+ dput(currentroot);
37349+ mntput(currentmnt);
37350+
37351+ /* access is outside of chroot */
37352+ if (dentry == realroot && mnt == realrootmnt)
37353+ ret = 0;
37354+
37355+ dput(realroot);
37356+ mntput(realrootmnt);
37357+ return ret;
37358+}
37359+#endif
37360+
37361+int
37362+gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt)
37363+{
37364+#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
37365+ if (!grsec_enable_chroot_fchdir)
37366+ return 1;
37367+
37368+ if (!proc_is_chrooted(current))
37369+ return 1;
37370+ else if (!gr_is_outside_chroot(u_dentry, u_mnt)) {
37371+ gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_FCHDIR_MSG, u_dentry, u_mnt);
37372+ return 0;
37373+ }
37374+#endif
37375+ return 1;
37376+}
37377+
37378+int
37379+gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
37380+ const time_t shm_createtime)
37381+{
37382+#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
37383+ struct pid *pid = NULL;
37384+ time_t starttime;
37385+
37386+ if (unlikely(!grsec_enable_chroot_shmat))
37387+ return 1;
37388+
37389+ if (likely(!proc_is_chrooted(current)))
37390+ return 1;
37391+
37392+ read_lock(&tasklist_lock);
37393+
37394+ pid = find_vpid(shm_cprid);
37395+ if (pid) {
37396+ struct task_struct *p;
37397+ p = pid_task(pid, PIDTYPE_PID);
37398+ gr_fs_read_lock(p);
37399+ starttime = p->start_time.tv_sec;
37400+ if (unlikely(!have_same_root(current, p) &&
37401+ time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime))) {
37402+ gr_fs_read_unlock(p);
37403+ read_unlock(&tasklist_lock);
37404+ gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
37405+ return 0;
37406+ }
37407+ gr_fs_read_unlock(p);
37408+ } else {
37409+ pid = find_vpid(shm_lapid);
37410+ if (pid) {
37411+ struct task_struct *p;
37412+ p = pid_task(pid, PIDTYPE_PID);
37413+ gr_fs_read_lock(p);
37414+ if (unlikely(!have_same_root(current, p))) {
37415+ gr_fs_read_unlock(p);
37416+ read_unlock(&tasklist_lock);
37417+ gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
37418+ return 0;
37419+ }
37420+ gr_fs_read_unlock(p);
37421+ }
37422+ }
37423+
37424+ read_unlock(&tasklist_lock);
37425+#endif
37426+ return 1;
37427+}
37428+
37429+void
37430+gr_log_chroot_exec(const struct dentry *dentry, const struct vfsmount *mnt)
37431+{
37432+#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
37433+ if (grsec_enable_chroot_execlog && proc_is_chrooted(current))
37434+ gr_log_fs_generic(GR_DO_AUDIT, GR_EXEC_CHROOT_MSG, dentry, mnt);
37435+#endif
37436+ return;
37437+}
37438+
37439+int
37440+gr_handle_chroot_mknod(const struct dentry *dentry,
37441+ const struct vfsmount *mnt, const int mode)
37442+{
37443+#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
37444+ if (grsec_enable_chroot_mknod && !S_ISFIFO(mode) && !S_ISREG(mode) &&
37445+ proc_is_chrooted(current)) {
37446+ gr_log_fs_generic(GR_DONT_AUDIT, GR_MKNOD_CHROOT_MSG, dentry, mnt);
37447+ return -EPERM;
37448+ }
37449+#endif
37450+ return 0;
37451+}
37452+
37453+int
37454+gr_handle_chroot_mount(const struct dentry *dentry,
37455+ const struct vfsmount *mnt, const char *dev_name)
37456+{
37457+#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
37458+ if (grsec_enable_chroot_mount && proc_is_chrooted(current)) {
37459+ gr_log_str_fs(GR_DONT_AUDIT, GR_MOUNT_CHROOT_MSG, dev_name, dentry, mnt);
37460+ return -EPERM;
37461+ }
37462+#endif
37463+ return 0;
37464+}
37465+
37466+int
37467+gr_handle_chroot_pivot(void)
37468+{
37469+#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
37470+ if (grsec_enable_chroot_pivot && proc_is_chrooted(current)) {
37471+ gr_log_noargs(GR_DONT_AUDIT, GR_PIVOT_CHROOT_MSG);
37472+ return -EPERM;
37473+ }
37474+#endif
37475+ return 0;
37476+}
37477+
37478+int
37479+gr_handle_chroot_chroot(const struct dentry *dentry, const struct vfsmount *mnt)
37480+{
37481+#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
37482+ if (grsec_enable_chroot_double && proc_is_chrooted(current) &&
37483+ !gr_is_outside_chroot(dentry, mnt)) {
37484+ gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_CHROOT_MSG, dentry, mnt);
37485+ return -EPERM;
37486+ }
37487+#endif
37488+ return 0;
37489+}
37490+
37491+int
37492+gr_handle_chroot_caps(struct path *path)
37493+{
37494+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
37495+ if (grsec_enable_chroot_caps && current->pid > 1 && current->fs != NULL &&
37496+ (init_task.fs->root.dentry != path->dentry) &&
37497+ (current->nsproxy->mnt_ns->root->mnt_root != path->dentry)) {
37498+
37499+ kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
37500+ const struct cred *old = current_cred();
37501+ struct cred *new = prepare_creds();
37502+ if (new == NULL)
37503+ return 1;
37504+
37505+ new->cap_permitted = cap_drop(old->cap_permitted,
37506+ chroot_caps);
37507+ new->cap_inheritable = cap_drop(old->cap_inheritable,
37508+ chroot_caps);
37509+ new->cap_effective = cap_drop(old->cap_effective,
37510+ chroot_caps);
37511+
37512+ commit_creds(new);
37513+
37514+ return 0;
37515+ }
37516+#endif
37517+ return 0;
37518+}
37519+
37520+int
37521+gr_handle_chroot_sysctl(const int op)
37522+{
37523+#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
37524+ if (grsec_enable_chroot_sysctl && proc_is_chrooted(current)
37525+ && (op & MAY_WRITE))
37526+ return -EACCES;
37527+#endif
37528+ return 0;
37529+}
37530+
37531+void
37532+gr_handle_chroot_chdir(struct path *path)
37533+{
37534+#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
37535+ if (grsec_enable_chroot_chdir)
37536+ set_fs_pwd(current->fs, path);
37537+#endif
37538+ return;
37539+}
37540+
37541+int
37542+gr_handle_chroot_chmod(const struct dentry *dentry,
37543+ const struct vfsmount *mnt, const int mode)
37544+{
37545+#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
37546+ if (grsec_enable_chroot_chmod &&
37547+ ((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))) &&
37548+ proc_is_chrooted(current)) {
37549+ gr_log_fs_generic(GR_DONT_AUDIT, GR_CHMOD_CHROOT_MSG, dentry, mnt);
37550+ return -EPERM;
37551+ }
37552+#endif
37553+ return 0;
37554+}
37555+
37556+#ifdef CONFIG_SECURITY
37557+EXPORT_SYMBOL(gr_handle_chroot_caps);
37558+#endif
37559diff -urNp linux-2.6.32.8/grsecurity/grsec_disabled.c linux-2.6.32.8/grsecurity/grsec_disabled.c
37560--- linux-2.6.32.8/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
37561+++ linux-2.6.32.8/grsecurity/grsec_disabled.c 2010-02-13 21:45:10.741002819 -0500
37562@@ -0,0 +1,426 @@
37563+#include <linux/kernel.h>
37564+#include <linux/module.h>
37565+#include <linux/sched.h>
37566+#include <linux/file.h>
37567+#include <linux/fs.h>
37568+#include <linux/kdev_t.h>
37569+#include <linux/net.h>
37570+#include <linux/in.h>
37571+#include <linux/ip.h>
37572+#include <linux/skbuff.h>
37573+#include <linux/sysctl.h>
37574+
37575+#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
37576+void
37577+pax_set_initial_flags(struct linux_binprm *bprm)
37578+{
37579+ return;
37580+}
37581+#endif
37582+
37583+#ifdef CONFIG_SYSCTL
37584+__u32
37585+gr_handle_sysctl(const struct ctl_table * table, const int op)
37586+{
37587+ return 0;
37588+}
37589+#endif
37590+
37591+#ifdef CONFIG_TASKSTATS
37592+int gr_is_taskstats_denied(int pid)
37593+{
37594+ return 0;
37595+}
37596+#endif
37597+
37598+int
37599+gr_acl_is_enabled(void)
37600+{
37601+ return 0;
37602+}
37603+
37604+int
37605+gr_handle_rawio(const struct inode *inode)
37606+{
37607+ return 0;
37608+}
37609+
37610+void
37611+gr_acl_handle_psacct(struct task_struct *task, const long code)
37612+{
37613+ return;
37614+}
37615+
37616+int
37617+gr_handle_ptrace(struct task_struct *task, const long request)
37618+{
37619+ return 0;
37620+}
37621+
37622+int
37623+gr_handle_proc_ptrace(struct task_struct *task)
37624+{
37625+ return 0;
37626+}
37627+
37628+void
37629+gr_learn_resource(const struct task_struct *task,
37630+ const int res, const unsigned long wanted, const int gt)
37631+{
37632+ return;
37633+}
37634+
37635+int
37636+gr_set_acls(const int type)
37637+{
37638+ return 0;
37639+}
37640+
37641+int
37642+gr_check_hidden_task(const struct task_struct *tsk)
37643+{
37644+ return 0;
37645+}
37646+
37647+int
37648+gr_check_protected_task(const struct task_struct *task)
37649+{
37650+ return 0;
37651+}
37652+
37653+void
37654+gr_copy_label(struct task_struct *tsk)
37655+{
37656+ return;
37657+}
37658+
37659+void
37660+gr_set_pax_flags(struct task_struct *task)
37661+{
37662+ return;
37663+}
37664+
37665+int
37666+gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
37667+ const int unsafe_share)
37668+{
37669+ return 0;
37670+}
37671+
37672+void
37673+gr_handle_delete(const ino_t ino, const dev_t dev)
37674+{
37675+ return;
37676+}
37677+
37678+void
37679+gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
37680+{
37681+ return;
37682+}
37683+
37684+void
37685+gr_handle_crash(struct task_struct *task, const int sig)
37686+{
37687+ return;
37688+}
37689+
37690+int
37691+gr_check_crash_exec(const struct file *filp)
37692+{
37693+ return 0;
37694+}
37695+
37696+int
37697+gr_check_crash_uid(const uid_t uid)
37698+{
37699+ return 0;
37700+}
37701+
37702+void
37703+gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
37704+ struct dentry *old_dentry,
37705+ struct dentry *new_dentry,
37706+ struct vfsmount *mnt, const __u8 replace)
37707+{
37708+ return;
37709+}
37710+
37711+int
37712+gr_search_socket(const int family, const int type, const int protocol)
37713+{
37714+ return 1;
37715+}
37716+
37717+int
37718+gr_search_connectbind(const int mode, const struct socket *sock,
37719+ const struct sockaddr_in *addr)
37720+{
37721+ return 0;
37722+}
37723+
37724+int
37725+gr_is_capable(const int cap)
37726+{
37727+ return 1;
37728+}
37729+
37730+int
37731+gr_is_capable_nolog(const int cap)
37732+{
37733+ return 1;
37734+}
37735+
37736+void
37737+gr_handle_alertkill(struct task_struct *task)
37738+{
37739+ return;
37740+}
37741+
37742+__u32
37743+gr_acl_handle_execve(const struct dentry * dentry, const struct vfsmount * mnt)
37744+{
37745+ return 1;
37746+}
37747+
37748+__u32
37749+gr_acl_handle_hidden_file(const struct dentry * dentry,
37750+ const struct vfsmount * mnt)
37751+{
37752+ return 1;
37753+}
37754+
37755+__u32
37756+gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
37757+ const int fmode)
37758+{
37759+ return 1;
37760+}
37761+
37762+__u32
37763+gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
37764+{
37765+ return 1;
37766+}
37767+
37768+__u32
37769+gr_acl_handle_unlink(const struct dentry * dentry, const struct vfsmount * mnt)
37770+{
37771+ return 1;
37772+}
37773+
37774+int
37775+gr_acl_handle_mmap(const struct file *file, const unsigned long prot,
37776+ unsigned int *vm_flags)
37777+{
37778+ return 1;
37779+}
37780+
37781+__u32
37782+gr_acl_handle_truncate(const struct dentry * dentry,
37783+ const struct vfsmount * mnt)
37784+{
37785+ return 1;
37786+}
37787+
37788+__u32
37789+gr_acl_handle_utime(const struct dentry * dentry, const struct vfsmount * mnt)
37790+{
37791+ return 1;
37792+}
37793+
37794+__u32
37795+gr_acl_handle_access(const struct dentry * dentry,
37796+ const struct vfsmount * mnt, const int fmode)
37797+{
37798+ return 1;
37799+}
37800+
37801+__u32
37802+gr_acl_handle_fchmod(const struct dentry * dentry, const struct vfsmount * mnt,
37803+ mode_t mode)
37804+{
37805+ return 1;
37806+}
37807+
37808+__u32
37809+gr_acl_handle_chmod(const struct dentry * dentry, const struct vfsmount * mnt,
37810+ mode_t mode)
37811+{
37812+ return 1;
37813+}
37814+
37815+__u32
37816+gr_acl_handle_chown(const struct dentry * dentry, const struct vfsmount * mnt)
37817+{
37818+ return 1;
37819+}
37820+
37821+void
37822+grsecurity_init(void)
37823+{
37824+ return;
37825+}
37826+
37827+__u32
37828+gr_acl_handle_mknod(const struct dentry * new_dentry,
37829+ const struct dentry * parent_dentry,
37830+ const struct vfsmount * parent_mnt,
37831+ const int mode)
37832+{
37833+ return 1;
37834+}
37835+
37836+__u32
37837+gr_acl_handle_mkdir(const struct dentry * new_dentry,
37838+ const struct dentry * parent_dentry,
37839+ const struct vfsmount * parent_mnt)
37840+{
37841+ return 1;
37842+}
37843+
37844+__u32
37845+gr_acl_handle_symlink(const struct dentry * new_dentry,
37846+ const struct dentry * parent_dentry,
37847+ const struct vfsmount * parent_mnt, const char *from)
37848+{
37849+ return 1;
37850+}
37851+
37852+__u32
37853+gr_acl_handle_link(const struct dentry * new_dentry,
37854+ const struct dentry * parent_dentry,
37855+ const struct vfsmount * parent_mnt,
37856+ const struct dentry * old_dentry,
37857+ const struct vfsmount * old_mnt, const char *to)
37858+{
37859+ return 1;
37860+}
37861+
37862+int
37863+gr_acl_handle_rename(const struct dentry *new_dentry,
37864+ const struct dentry *parent_dentry,
37865+ const struct vfsmount *parent_mnt,
37866+ const struct dentry *old_dentry,
37867+ const struct inode *old_parent_inode,
37868+ const struct vfsmount *old_mnt, const char *newname)
37869+{
37870+ return 0;
37871+}
37872+
37873+int
37874+gr_acl_handle_filldir(const struct file *file, const char *name,
37875+ const int namelen, const ino_t ino)
37876+{
37877+ return 1;
37878+}
37879+
37880+int
37881+gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
37882+ const time_t shm_createtime, const uid_t cuid, const int shmid)
37883+{
37884+ return 1;
37885+}
37886+
37887+int
37888+gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr)
37889+{
37890+ return 0;
37891+}
37892+
37893+int
37894+gr_search_accept(const struct socket *sock)
37895+{
37896+ return 0;
37897+}
37898+
37899+int
37900+gr_search_listen(const struct socket *sock)
37901+{
37902+ return 0;
37903+}
37904+
37905+int
37906+gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr)
37907+{
37908+ return 0;
37909+}
37910+
37911+__u32
37912+gr_acl_handle_unix(const struct dentry * dentry, const struct vfsmount * mnt)
37913+{
37914+ return 1;
37915+}
37916+
37917+__u32
37918+gr_acl_handle_creat(const struct dentry * dentry,
37919+ const struct dentry * p_dentry,
37920+ const struct vfsmount * p_mnt, const int fmode,
37921+ const int imode)
37922+{
37923+ return 1;
37924+}
37925+
37926+void
37927+gr_acl_handle_exit(void)
37928+{
37929+ return;
37930+}
37931+
37932+int
37933+gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
37934+{
37935+ return 1;
37936+}
37937+
37938+void
37939+gr_set_role_label(const uid_t uid, const gid_t gid)
37940+{
37941+ return;
37942+}
37943+
37944+int
37945+gr_acl_handle_procpidmem(const struct task_struct *task)
37946+{
37947+ return 0;
37948+}
37949+
37950+int
37951+gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb)
37952+{
37953+ return 0;
37954+}
37955+
37956+int
37957+gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr)
37958+{
37959+ return 0;
37960+}
37961+
37962+void
37963+gr_set_kernel_label(struct task_struct *task)
37964+{
37965+ return;
37966+}
37967+
37968+int
37969+gr_check_user_change(int real, int effective, int fs)
37970+{
37971+ return 0;
37972+}
37973+
37974+int
37975+gr_check_group_change(int real, int effective, int fs)
37976+{
37977+ return 0;
37978+}
37979+
37980+
37981+EXPORT_SYMBOL(gr_is_capable);
37982+EXPORT_SYMBOL(gr_is_capable_nolog);
37983+EXPORT_SYMBOL(gr_learn_resource);
37984+EXPORT_SYMBOL(gr_set_kernel_label);
37985+#ifdef CONFIG_SECURITY
37986+EXPORT_SYMBOL(gr_check_user_change);
37987+EXPORT_SYMBOL(gr_check_group_change);
37988+#endif
37989diff -urNp linux-2.6.32.8/grsecurity/grsec_exec.c linux-2.6.32.8/grsecurity/grsec_exec.c
37990--- linux-2.6.32.8/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500
37991+++ linux-2.6.32.8/grsecurity/grsec_exec.c 2010-02-13 21:45:10.741002819 -0500
37992@@ -0,0 +1,89 @@
37993+#include <linux/kernel.h>
37994+#include <linux/sched.h>
37995+#include <linux/file.h>
37996+#include <linux/binfmts.h>
37997+#include <linux/smp_lock.h>
37998+#include <linux/fs.h>
37999+#include <linux/types.h>
38000+#include <linux/grdefs.h>
38001+#include <linux/grinternal.h>
38002+#include <linux/capability.h>
38003+
38004+#include <asm/uaccess.h>
38005+
38006+#ifdef CONFIG_GRKERNSEC_EXECLOG
38007+static char gr_exec_arg_buf[132];
38008+static DECLARE_MUTEX(gr_exec_arg_sem);
38009+#endif
38010+
38011+int
38012+gr_handle_nproc(void)
38013+{
38014+#ifdef CONFIG_GRKERNSEC_EXECVE
38015+ const struct cred *cred = current_cred();
38016+ if (grsec_enable_execve && cred->user &&
38017+ (atomic_read(&cred->user->processes) >
38018+ current->signal->rlim[RLIMIT_NPROC].rlim_cur) &&
38019+ !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
38020+ gr_log_noargs(GR_DONT_AUDIT, GR_NPROC_MSG);
38021+ return -EAGAIN;
38022+ }
38023+#endif
38024+ return 0;
38025+}
38026+
38027+void
38028+gr_handle_exec_args(struct linux_binprm *bprm, const char __user *__user *argv)
38029+{
38030+#ifdef CONFIG_GRKERNSEC_EXECLOG
38031+ char *grarg = gr_exec_arg_buf;
38032+ unsigned int i, x, execlen = 0;
38033+ char c;
38034+
38035+ if (!((grsec_enable_execlog && grsec_enable_group &&
38036+ in_group_p(grsec_audit_gid))
38037+ || (grsec_enable_execlog && !grsec_enable_group)))
38038+ return;
38039+
38040+ down(&gr_exec_arg_sem);
38041+ memset(grarg, 0, sizeof(gr_exec_arg_buf));
38042+
38043+ if (unlikely(argv == NULL))
38044+ goto log;
38045+
38046+ for (i = 0; i < bprm->argc && execlen < 128; i++) {
38047+ const char __user *p;
38048+ unsigned int len;
38049+
38050+ if (copy_from_user(&p, argv + i, sizeof(p)))
38051+ goto log;
38052+ if (!p)
38053+ goto log;
38054+ len = strnlen_user(p, 128 - execlen);
38055+ if (len > 128 - execlen)
38056+ len = 128 - execlen;
38057+ else if (len > 0)
38058+ len--;
38059+ if (copy_from_user(grarg + execlen, p, len))
38060+ goto log;
38061+
38062+ /* rewrite unprintable characters */
38063+ for (x = 0; x < len; x++) {
38064+ c = *(grarg + execlen + x);
38065+ if (c < 32 || c > 126)
38066+ *(grarg + execlen + x) = ' ';
38067+ }
38068+
38069+ execlen += len;
38070+ *(grarg + execlen) = ' ';
38071+ *(grarg + execlen + 1) = '\0';
38072+ execlen++;
38073+ }
38074+
38075+ log:
38076+ gr_log_fs_str(GR_DO_AUDIT, GR_EXEC_AUDIT_MSG, bprm->file->f_path.dentry,
38077+ bprm->file->f_path.mnt, grarg);
38078+ up(&gr_exec_arg_sem);
38079+#endif
38080+ return;
38081+}
38082diff -urNp linux-2.6.32.8/grsecurity/grsec_fifo.c linux-2.6.32.8/grsecurity/grsec_fifo.c
38083--- linux-2.6.32.8/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000 -0500
38084+++ linux-2.6.32.8/grsecurity/grsec_fifo.c 2010-02-13 21:45:10.741002819 -0500
38085@@ -0,0 +1,24 @@
38086+#include <linux/kernel.h>
38087+#include <linux/sched.h>
38088+#include <linux/fs.h>
38089+#include <linux/file.h>
38090+#include <linux/grinternal.h>
38091+
38092+int
38093+gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt,
38094+ const struct dentry *dir, const int flag, const int acc_mode)
38095+{
38096+#ifdef CONFIG_GRKERNSEC_FIFO
38097+ const struct cred *cred = current_cred();
38098+
38099+ if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) &&
38100+ !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) &&
38101+ (dentry->d_inode->i_uid != dir->d_inode->i_uid) &&
38102+ (cred->fsuid != dentry->d_inode->i_uid)) {
38103+ if (!generic_permission(dentry->d_inode, acc_mode, NULL))
38104+ gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, dentry->d_inode->i_uid, dentry->d_inode->i_gid);
38105+ return -EACCES;
38106+ }
38107+#endif
38108+ return 0;
38109+}
38110diff -urNp linux-2.6.32.8/grsecurity/grsec_fork.c linux-2.6.32.8/grsecurity/grsec_fork.c
38111--- linux-2.6.32.8/grsecurity/grsec_fork.c 1969-12-31 19:00:00.000000000 -0500
38112+++ linux-2.6.32.8/grsecurity/grsec_fork.c 2010-02-13 21:45:10.741002819 -0500
38113@@ -0,0 +1,15 @@
38114+#include <linux/kernel.h>
38115+#include <linux/sched.h>
38116+#include <linux/grsecurity.h>
38117+#include <linux/grinternal.h>
38118+#include <linux/errno.h>
38119+
38120+void
38121+gr_log_forkfail(const int retval)
38122+{
38123+#ifdef CONFIG_GRKERNSEC_FORKFAIL
38124+ if (grsec_enable_forkfail && retval != -ERESTARTNOINTR)
38125+ gr_log_int(GR_DONT_AUDIT, GR_FAILFORK_MSG, retval);
38126+#endif
38127+ return;
38128+}
38129diff -urNp linux-2.6.32.8/grsecurity/grsec_init.c linux-2.6.32.8/grsecurity/grsec_init.c
38130--- linux-2.6.32.8/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
38131+++ linux-2.6.32.8/grsecurity/grsec_init.c 2010-02-13 21:45:10.741002819 -0500
38132@@ -0,0 +1,231 @@
38133+#include <linux/kernel.h>
38134+#include <linux/sched.h>
38135+#include <linux/mm.h>
38136+#include <linux/smp_lock.h>
38137+#include <linux/gracl.h>
38138+#include <linux/slab.h>
38139+#include <linux/vmalloc.h>
38140+#include <linux/percpu.h>
38141+
38142+int grsec_enable_link;
38143+int grsec_enable_dmesg;
38144+int grsec_enable_harden_ptrace;
38145+int grsec_enable_fifo;
38146+int grsec_enable_execve;
38147+int grsec_enable_execlog;
38148+int grsec_enable_signal;
38149+int grsec_enable_forkfail;
38150+int grsec_enable_time;
38151+int grsec_enable_audit_textrel;
38152+int grsec_enable_group;
38153+int grsec_audit_gid;
38154+int grsec_enable_chdir;
38155+int grsec_enable_mount;
38156+int grsec_enable_rofs;
38157+int grsec_enable_chroot_findtask;
38158+int grsec_enable_chroot_mount;
38159+int grsec_enable_chroot_shmat;
38160+int grsec_enable_chroot_fchdir;
38161+int grsec_enable_chroot_double;
38162+int grsec_enable_chroot_pivot;
38163+int grsec_enable_chroot_chdir;
38164+int grsec_enable_chroot_chmod;
38165+int grsec_enable_chroot_mknod;
38166+int grsec_enable_chroot_nice;
38167+int grsec_enable_chroot_execlog;
38168+int grsec_enable_chroot_caps;
38169+int grsec_enable_chroot_sysctl;
38170+int grsec_enable_chroot_unix;
38171+int grsec_enable_tpe;
38172+int grsec_tpe_gid;
38173+int grsec_enable_tpe_all;
38174+int grsec_enable_socket_all;
38175+int grsec_socket_all_gid;
38176+int grsec_enable_socket_client;
38177+int grsec_socket_client_gid;
38178+int grsec_enable_socket_server;
38179+int grsec_socket_server_gid;
38180+int grsec_resource_logging;
38181+int grsec_lock;
38182+
38183+DEFINE_SPINLOCK(grsec_alert_lock);
38184+unsigned long grsec_alert_wtime = 0;
38185+unsigned long grsec_alert_fyet = 0;
38186+
38187+DEFINE_SPINLOCK(grsec_audit_lock);
38188+
38189+DEFINE_RWLOCK(grsec_exec_file_lock);
38190+
38191+char *gr_shared_page[4];
38192+
38193+char *gr_alert_log_fmt;
38194+char *gr_audit_log_fmt;
38195+char *gr_alert_log_buf;
38196+char *gr_audit_log_buf;
38197+
38198+extern struct gr_arg *gr_usermode;
38199+extern unsigned char *gr_system_salt;
38200+extern unsigned char *gr_system_sum;
38201+
38202+void __init
38203+grsecurity_init(void)
38204+{
38205+ int j;
38206+ /* create the per-cpu shared pages */
38207+
38208+#ifdef CONFIG_X86
38209+ memset((char *)(0x41a + PAGE_OFFSET), 0, 36);
38210+#endif
38211+
38212+ for (j = 0; j < 4; j++) {
38213+ gr_shared_page[j] = (char *)__alloc_percpu(PAGE_SIZE, __alignof__(unsigned long long));
38214+ if (gr_shared_page[j] == NULL) {
38215+ panic("Unable to allocate grsecurity shared page");
38216+ return;
38217+ }
38218+ }
38219+
38220+ /* allocate log buffers */
38221+ gr_alert_log_fmt = kmalloc(512, GFP_KERNEL);
38222+ if (!gr_alert_log_fmt) {
38223+ panic("Unable to allocate grsecurity alert log format buffer");
38224+ return;
38225+ }
38226+ gr_audit_log_fmt = kmalloc(512, GFP_KERNEL);
38227+ if (!gr_audit_log_fmt) {
38228+ panic("Unable to allocate grsecurity audit log format buffer");
38229+ return;
38230+ }
38231+ gr_alert_log_buf = (char *) get_zeroed_page(GFP_KERNEL);
38232+ if (!gr_alert_log_buf) {
38233+ panic("Unable to allocate grsecurity alert log buffer");
38234+ return;
38235+ }
38236+ gr_audit_log_buf = (char *) get_zeroed_page(GFP_KERNEL);
38237+ if (!gr_audit_log_buf) {
38238+ panic("Unable to allocate grsecurity audit log buffer");
38239+ return;
38240+ }
38241+
38242+ /* allocate memory for authentication structure */
38243+ gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL);
38244+ gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL);
38245+ gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL);
38246+
38247+ if (!gr_usermode || !gr_system_salt || !gr_system_sum) {
38248+ panic("Unable to allocate grsecurity authentication structure");
38249+ return;
38250+ }
38251+
38252+#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON)
38253+#ifndef CONFIG_GRKERNSEC_SYSCTL
38254+ grsec_lock = 1;
38255+#endif
38256+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
38257+ grsec_enable_audit_textrel = 1;
38258+#endif
38259+#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
38260+ grsec_enable_group = 1;
38261+ grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID;
38262+#endif
38263+#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
38264+ grsec_enable_chdir = 1;
38265+#endif
38266+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
38267+ grsec_enable_harden_ptrace = 1;
38268+#endif
38269+#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
38270+ grsec_enable_mount = 1;
38271+#endif
38272+#ifdef CONFIG_GRKERNSEC_LINK
38273+ grsec_enable_link = 1;
38274+#endif
38275+#ifdef CONFIG_GRKERNSEC_DMESG
38276+ grsec_enable_dmesg = 1;
38277+#endif
38278+#ifdef CONFIG_GRKERNSEC_FIFO
38279+ grsec_enable_fifo = 1;
38280+#endif
38281+#ifdef CONFIG_GRKERNSEC_EXECVE
38282+ grsec_enable_execve = 1;
38283+#endif
38284+#ifdef CONFIG_GRKERNSEC_EXECLOG
38285+ grsec_enable_execlog = 1;
38286+#endif
38287+#ifdef CONFIG_GRKERNSEC_SIGNAL
38288+ grsec_enable_signal = 1;
38289+#endif
38290+#ifdef CONFIG_GRKERNSEC_FORKFAIL
38291+ grsec_enable_forkfail = 1;
38292+#endif
38293+#ifdef CONFIG_GRKERNSEC_TIME
38294+ grsec_enable_time = 1;
38295+#endif
38296+#ifdef CONFIG_GRKERNSEC_RESLOG
38297+ grsec_resource_logging = 1;
38298+#endif
38299+#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
38300+ grsec_enable_chroot_findtask = 1;
38301+#endif
38302+#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
38303+ grsec_enable_chroot_unix = 1;
38304+#endif
38305+#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
38306+ grsec_enable_chroot_mount = 1;
38307+#endif
38308+#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
38309+ grsec_enable_chroot_fchdir = 1;
38310+#endif
38311+#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
38312+ grsec_enable_chroot_shmat = 1;
38313+#endif
38314+#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
38315+ grsec_enable_chroot_double = 1;
38316+#endif
38317+#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
38318+ grsec_enable_chroot_pivot = 1;
38319+#endif
38320+#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
38321+ grsec_enable_chroot_chdir = 1;
38322+#endif
38323+#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
38324+ grsec_enable_chroot_chmod = 1;
38325+#endif
38326+#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
38327+ grsec_enable_chroot_mknod = 1;
38328+#endif
38329+#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
38330+ grsec_enable_chroot_nice = 1;
38331+#endif
38332+#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
38333+ grsec_enable_chroot_execlog = 1;
38334+#endif
38335+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
38336+ grsec_enable_chroot_caps = 1;
38337+#endif
38338+#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
38339+ grsec_enable_chroot_sysctl = 1;
38340+#endif
38341+#ifdef CONFIG_GRKERNSEC_TPE
38342+ grsec_enable_tpe = 1;
38343+ grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID;
38344+#ifdef CONFIG_GRKERNSEC_TPE_ALL
38345+ grsec_enable_tpe_all = 1;
38346+#endif
38347+#endif
38348+#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
38349+ grsec_enable_socket_all = 1;
38350+ grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID;
38351+#endif
38352+#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
38353+ grsec_enable_socket_client = 1;
38354+ grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID;
38355+#endif
38356+#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
38357+ grsec_enable_socket_server = 1;
38358+ grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
38359+#endif
38360+#endif
38361+
38362+ return;
38363+}
38364diff -urNp linux-2.6.32.8/grsecurity/grsec_link.c linux-2.6.32.8/grsecurity/grsec_link.c
38365--- linux-2.6.32.8/grsecurity/grsec_link.c 1969-12-31 19:00:00.000000000 -0500
38366+++ linux-2.6.32.8/grsecurity/grsec_link.c 2010-02-13 21:45:10.741002819 -0500
38367@@ -0,0 +1,43 @@
38368+#include <linux/kernel.h>
38369+#include <linux/sched.h>
38370+#include <linux/fs.h>
38371+#include <linux/file.h>
38372+#include <linux/grinternal.h>
38373+
38374+int
38375+gr_handle_follow_link(const struct inode *parent,
38376+ const struct inode *inode,
38377+ const struct dentry *dentry, const struct vfsmount *mnt)
38378+{
38379+#ifdef CONFIG_GRKERNSEC_LINK
38380+ const struct cred *cred = current_cred();
38381+
38382+ if (grsec_enable_link && S_ISLNK(inode->i_mode) &&
38383+ (parent->i_mode & S_ISVTX) && (parent->i_uid != inode->i_uid) &&
38384+ (parent->i_mode & S_IWOTH) && (cred->fsuid != inode->i_uid)) {
38385+ gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid);
38386+ return -EACCES;
38387+ }
38388+#endif
38389+ return 0;
38390+}
38391+
38392+int
38393+gr_handle_hardlink(const struct dentry *dentry,
38394+ const struct vfsmount *mnt,
38395+ struct inode *inode, const int mode, const char *to)
38396+{
38397+#ifdef CONFIG_GRKERNSEC_LINK
38398+ const struct cred *cred = current_cred();
38399+
38400+ if (grsec_enable_link && cred->fsuid != inode->i_uid &&
38401+ (!S_ISREG(mode) || (mode & S_ISUID) ||
38402+ ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ||
38403+ (generic_permission(inode, MAY_READ | MAY_WRITE, NULL))) &&
38404+ !capable(CAP_FOWNER) && cred->uid) {
38405+ gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid, to);
38406+ return -EPERM;
38407+ }
38408+#endif
38409+ return 0;
38410+}
38411diff -urNp linux-2.6.32.8/grsecurity/grsec_log.c linux-2.6.32.8/grsecurity/grsec_log.c
38412--- linux-2.6.32.8/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500
38413+++ linux-2.6.32.8/grsecurity/grsec_log.c 2010-02-13 21:45:10.741997676 -0500
38414@@ -0,0 +1,296 @@
38415+#include <linux/kernel.h>
38416+#include <linux/sched.h>
38417+#include <linux/file.h>
38418+#include <linux/tty.h>
38419+#include <linux/fs.h>
38420+#include <linux/grinternal.h>
38421+
38422+#define BEGIN_LOCKS(x) \
38423+ rcu_read_lock(); \
38424+ read_lock(&tasklist_lock); \
38425+ read_lock(&grsec_exec_file_lock); \
38426+ if (x != GR_DO_AUDIT) \
38427+ spin_lock(&grsec_alert_lock); \
38428+ else \
38429+ spin_lock(&grsec_audit_lock)
38430+
38431+#define END_LOCKS(x) \
38432+ if (x != GR_DO_AUDIT) \
38433+ spin_unlock(&grsec_alert_lock); \
38434+ else \
38435+ spin_unlock(&grsec_audit_lock); \
38436+ read_unlock(&grsec_exec_file_lock); \
38437+ read_unlock(&tasklist_lock); \
38438+ rcu_read_unlock(); \
38439+ if (x == GR_DONT_AUDIT) \
38440+ gr_handle_alertkill(current)
38441+
38442+enum {
38443+ FLOODING,
38444+ NO_FLOODING
38445+};
38446+
38447+extern char *gr_alert_log_fmt;
38448+extern char *gr_audit_log_fmt;
38449+extern char *gr_alert_log_buf;
38450+extern char *gr_audit_log_buf;
38451+
38452+static int gr_log_start(int audit)
38453+{
38454+ char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
38455+ char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
38456+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
38457+
38458+ if (audit == GR_DO_AUDIT)
38459+ goto set_fmt;
38460+
38461+ if (!grsec_alert_wtime || jiffies - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) {
38462+ grsec_alert_wtime = jiffies;
38463+ grsec_alert_fyet = 0;
38464+ } else if ((jiffies - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
38465+ grsec_alert_fyet++;
38466+ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
38467+ grsec_alert_wtime = jiffies;
38468+ grsec_alert_fyet++;
38469+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
38470+ return FLOODING;
38471+ } else return FLOODING;
38472+
38473+set_fmt:
38474+ memset(buf, 0, PAGE_SIZE);
38475+ if (current->signal->curr_ip && gr_acl_is_enabled()) {
38476+ sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) ");
38477+ snprintf(buf, PAGE_SIZE - 1, fmt, &current->signal->curr_ip, current->role->rolename, gr_roletype_to_char(), current->acl->filename);
38478+ } else if (current->signal->curr_ip) {
38479+ sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: ");
38480+ snprintf(buf, PAGE_SIZE - 1, fmt, &current->signal->curr_ip);
38481+ } else if (gr_acl_is_enabled()) {
38482+ sprintf(fmt, "%s%s", loglevel, "grsec: (%.64s:%c:%.950s) ");
38483+ snprintf(buf, PAGE_SIZE - 1, fmt, current->role->rolename, gr_roletype_to_char(), current->acl->filename);
38484+ } else {
38485+ sprintf(fmt, "%s%s", loglevel, "grsec: ");
38486+ strcpy(buf, fmt);
38487+ }
38488+
38489+ return NO_FLOODING;
38490+}
38491+
38492+static void gr_log_middle(int audit, const char *msg, va_list ap)
38493+ __attribute__ ((format (printf, 2, 0)));
38494+
38495+static void gr_log_middle(int audit, const char *msg, va_list ap)
38496+{
38497+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
38498+ unsigned int len = strlen(buf);
38499+
38500+ vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap);
38501+
38502+ return;
38503+}
38504+
38505+static void gr_log_middle_varargs(int audit, const char *msg, ...)
38506+ __attribute__ ((format (printf, 2, 3)));
38507+
38508+static void gr_log_middle_varargs(int audit, const char *msg, ...)
38509+{
38510+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
38511+ unsigned int len = strlen(buf);
38512+ va_list ap;
38513+
38514+ va_start(ap, msg);
38515+ vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap);
38516+ va_end(ap);
38517+
38518+ return;
38519+}
38520+
38521+static void gr_log_end(int audit)
38522+{
38523+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
38524+ unsigned int len = strlen(buf);
38525+
38526+ snprintf(buf + len, PAGE_SIZE - len - 1, DEFAULTSECMSG, DEFAULTSECARGS(current, current_cred(), __task_cred(current->parent)));
38527+ printk("%s\n", buf);
38528+
38529+ return;
38530+}
38531+
38532+void gr_log_varargs(int audit, const char *msg, int argtypes, ...)
38533+{
38534+ int logtype;
38535+ char *result = (audit == GR_DO_AUDIT) ? "successful" : "denied";
38536+ char *str1, *str2, *str3;
38537+ void *voidptr;
38538+ int num1, num2;
38539+ unsigned long ulong1, ulong2;
38540+ struct dentry *dentry;
38541+ struct vfsmount *mnt;
38542+ struct file *file;
38543+ struct task_struct *task;
38544+ const struct cred *cred, *pcred;
38545+ va_list ap;
38546+
38547+ BEGIN_LOCKS(audit);
38548+ logtype = gr_log_start(audit);
38549+ if (logtype == FLOODING) {
38550+ END_LOCKS(audit);
38551+ return;
38552+ }
38553+ va_start(ap, argtypes);
38554+ switch (argtypes) {
38555+ case GR_TTYSNIFF:
38556+ task = va_arg(ap, struct task_struct *);
38557+ gr_log_middle_varargs(audit, msg, &task->signal->curr_ip, gr_task_fullpath0(task), task->comm, task->pid, gr_parent_task_fullpath0(task), task->parent->comm, task->parent->pid);
38558+ break;
38559+ case GR_SYSCTL_HIDDEN:
38560+ str1 = va_arg(ap, char *);
38561+ gr_log_middle_varargs(audit, msg, result, str1);
38562+ break;
38563+ case GR_RBAC:
38564+ dentry = va_arg(ap, struct dentry *);
38565+ mnt = va_arg(ap, struct vfsmount *);
38566+ gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt));
38567+ break;
38568+ case GR_RBAC_STR:
38569+ dentry = va_arg(ap, struct dentry *);
38570+ mnt = va_arg(ap, struct vfsmount *);
38571+ str1 = va_arg(ap, char *);
38572+ gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1);
38573+ break;
38574+ case GR_STR_RBAC:
38575+ str1 = va_arg(ap, char *);
38576+ dentry = va_arg(ap, struct dentry *);
38577+ mnt = va_arg(ap, struct vfsmount *);
38578+ gr_log_middle_varargs(audit, msg, result, str1, gr_to_filename(dentry, mnt));
38579+ break;
38580+ case GR_RBAC_MODE2:
38581+ dentry = va_arg(ap, struct dentry *);
38582+ mnt = va_arg(ap, struct vfsmount *);
38583+ str1 = va_arg(ap, char *);
38584+ str2 = va_arg(ap, char *);
38585+ gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2);
38586+ break;
38587+ case GR_RBAC_MODE3:
38588+ dentry = va_arg(ap, struct dentry *);
38589+ mnt = va_arg(ap, struct vfsmount *);
38590+ str1 = va_arg(ap, char *);
38591+ str2 = va_arg(ap, char *);
38592+ str3 = va_arg(ap, char *);
38593+ gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2, str3);
38594+ break;
38595+ case GR_FILENAME:
38596+ dentry = va_arg(ap, struct dentry *);
38597+ mnt = va_arg(ap, struct vfsmount *);
38598+ gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt));
38599+ break;
38600+ case GR_STR_FILENAME:
38601+ str1 = va_arg(ap, char *);
38602+ dentry = va_arg(ap, struct dentry *);
38603+ mnt = va_arg(ap, struct vfsmount *);
38604+ gr_log_middle_varargs(audit, msg, str1, gr_to_filename(dentry, mnt));
38605+ break;
38606+ case GR_FILENAME_STR:
38607+ dentry = va_arg(ap, struct dentry *);
38608+ mnt = va_arg(ap, struct vfsmount *);
38609+ str1 = va_arg(ap, char *);
38610+ gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), str1);
38611+ break;
38612+ case GR_FILENAME_TWO_INT:
38613+ dentry = va_arg(ap, struct dentry *);
38614+ mnt = va_arg(ap, struct vfsmount *);
38615+ num1 = va_arg(ap, int);
38616+ num2 = va_arg(ap, int);
38617+ gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2);
38618+ break;
38619+ case GR_FILENAME_TWO_INT_STR:
38620+ dentry = va_arg(ap, struct dentry *);
38621+ mnt = va_arg(ap, struct vfsmount *);
38622+ num1 = va_arg(ap, int);
38623+ num2 = va_arg(ap, int);
38624+ str1 = va_arg(ap, char *);
38625+ gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2, str1);
38626+ break;
38627+ case GR_TEXTREL:
38628+ file = va_arg(ap, struct file *);
38629+ ulong1 = va_arg(ap, unsigned long);
38630+ ulong2 = va_arg(ap, unsigned long);
38631+ gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2);
38632+ break;
38633+ case GR_PTRACE:
38634+ task = va_arg(ap, struct task_struct *);
38635+ gr_log_middle_varargs(audit, msg, task->exec_file ? gr_to_filename(task->exec_file->f_path.dentry, task->exec_file->f_path.mnt) : "(none)", task->comm, task->pid);
38636+ break;
38637+ case GR_RESOURCE:
38638+ task = va_arg(ap, struct task_struct *);
38639+ cred = __task_cred(task);
38640+ pcred = __task_cred(task->parent);
38641+ ulong1 = va_arg(ap, unsigned long);
38642+ str1 = va_arg(ap, char *);
38643+ ulong2 = va_arg(ap, unsigned long);
38644+ gr_log_middle_varargs(audit, msg, ulong1, str1, ulong2, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
38645+ break;
38646+ case GR_CAP:
38647+ task = va_arg(ap, struct task_struct *);
38648+ cred = __task_cred(task);
38649+ pcred = __task_cred(task->parent);
38650+ str1 = va_arg(ap, char *);
38651+ gr_log_middle_varargs(audit, msg, str1, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
38652+ break;
38653+ case GR_SIG:
38654+ str1 = va_arg(ap, char *);
38655+ voidptr = va_arg(ap, void *);
38656+ gr_log_middle_varargs(audit, msg, str1, voidptr);
38657+ break;
38658+ case GR_SIG2:
38659+ task = va_arg(ap, struct task_struct *);
38660+ cred = __task_cred(task);
38661+ pcred = __task_cred(task->parent);
38662+ num1 = va_arg(ap, int);
38663+ gr_log_middle_varargs(audit, msg, num1, gr_task_fullpath0(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath0(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
38664+ break;
38665+ case GR_CRASH1:
38666+ task = va_arg(ap, struct task_struct *);
38667+ cred = __task_cred(task);
38668+ pcred = __task_cred(task->parent);
38669+ ulong1 = va_arg(ap, unsigned long);
38670+ gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, cred->uid, ulong1);
38671+ break;
38672+ case GR_CRASH2:
38673+ task = va_arg(ap, struct task_struct *);
38674+ cred = __task_cred(task);
38675+ pcred = __task_cred(task->parent);
38676+ ulong1 = va_arg(ap, unsigned long);
38677+ gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, ulong1);
38678+ break;
38679+ case GR_PSACCT:
38680+ {
38681+ unsigned int wday, cday;
38682+ __u8 whr, chr;
38683+ __u8 wmin, cmin;
38684+ __u8 wsec, csec;
38685+ char cur_tty[64] = { 0 };
38686+ char parent_tty[64] = { 0 };
38687+
38688+ task = va_arg(ap, struct task_struct *);
38689+ wday = va_arg(ap, unsigned int);
38690+ cday = va_arg(ap, unsigned int);
38691+ whr = va_arg(ap, int);
38692+ chr = va_arg(ap, int);
38693+ wmin = va_arg(ap, int);
38694+ cmin = va_arg(ap, int);
38695+ wsec = va_arg(ap, int);
38696+ csec = va_arg(ap, int);
38697+ ulong1 = va_arg(ap, unsigned long);
38698+ cred = __task_cred(task);
38699+ pcred = __task_cred(task->parent);
38700+
38701+ gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, &task->signal->curr_ip, tty_name(task->signal->tty, cur_tty), cred->uid, cred->euid, cred->gid, cred->egid, wday, whr, wmin, wsec, cday, chr, cmin, csec, (task->flags & PF_SIGNALED) ? "killed by signal" : "exited", ulong1, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, &task->parent->signal->curr_ip, tty_name(task->parent->signal->tty, parent_tty), pcred->uid, pcred->euid, pcred->gid, pcred->egid);
38702+ }
38703+ break;
38704+ default:
38705+ gr_log_middle(audit, msg, ap);
38706+ }
38707+ va_end(ap);
38708+ gr_log_end(audit);
38709+ END_LOCKS(audit);
38710+}
38711diff -urNp linux-2.6.32.8/grsecurity/grsec_mem.c linux-2.6.32.8/grsecurity/grsec_mem.c
38712--- linux-2.6.32.8/grsecurity/grsec_mem.c 1969-12-31 19:00:00.000000000 -0500
38713+++ linux-2.6.32.8/grsecurity/grsec_mem.c 2010-02-13 21:45:10.741997676 -0500
38714@@ -0,0 +1,85 @@
38715+#include <linux/kernel.h>
38716+#include <linux/sched.h>
38717+#include <linux/mm.h>
38718+#include <linux/mman.h>
38719+#include <linux/grinternal.h>
38720+
38721+void
38722+gr_handle_ioperm(void)
38723+{
38724+ gr_log_noargs(GR_DONT_AUDIT, GR_IOPERM_MSG);
38725+ return;
38726+}
38727+
38728+void
38729+gr_handle_iopl(void)
38730+{
38731+ gr_log_noargs(GR_DONT_AUDIT, GR_IOPL_MSG);
38732+ return;
38733+}
38734+
38735+void
38736+gr_handle_mem_write(void)
38737+{
38738+ gr_log_noargs(GR_DONT_AUDIT, GR_MEM_WRITE_MSG);
38739+ return;
38740+}
38741+
38742+void
38743+gr_handle_kmem_write(void)
38744+{
38745+ gr_log_noargs(GR_DONT_AUDIT, GR_KMEM_MSG);
38746+ return;
38747+}
38748+
38749+void
38750+gr_handle_open_port(void)
38751+{
38752+ gr_log_noargs(GR_DONT_AUDIT, GR_PORT_OPEN_MSG);
38753+ return;
38754+}
38755+
38756+int
38757+gr_handle_mem_mmap(const unsigned long offset, struct vm_area_struct *vma)
38758+{
38759+ unsigned long start, end;
38760+
38761+ start = offset;
38762+ end = start + vma->vm_end - vma->vm_start;
38763+
38764+ if (start > end) {
38765+ gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG);
38766+ return -EPERM;
38767+ }
38768+
38769+ /* allowed ranges : ISA I/O BIOS */
38770+ if ((start >= __pa(high_memory))
38771+#if defined(CONFIG_X86) || defined(CONFIG_PPC)
38772+ || (start >= 0x000a0000 && end <= 0x00100000)
38773+ || (start >= 0x00000000 && end <= 0x00001000)
38774+#endif
38775+ )
38776+ return 0;
38777+
38778+ if (vma->vm_flags & VM_WRITE) {
38779+ gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG);
38780+ return -EPERM;
38781+ } else
38782+ vma->vm_flags &= ~VM_MAYWRITE;
38783+
38784+ return 0;
38785+}
38786+
38787+void
38788+gr_log_nonroot_mod_load(const char *modname)
38789+{
38790+ gr_log_str(GR_DONT_AUDIT, GR_NONROOT_MODLOAD_MSG, modname);
38791+ return;
38792+}
38793+
38794+void
38795+gr_handle_vm86(void)
38796+{
38797+ gr_log_noargs(GR_DONT_AUDIT, GR_VM86_MSG);
38798+ return;
38799+}
38800diff -urNp linux-2.6.32.8/grsecurity/grsec_mount.c linux-2.6.32.8/grsecurity/grsec_mount.c
38801--- linux-2.6.32.8/grsecurity/grsec_mount.c 1969-12-31 19:00:00.000000000 -0500
38802+++ linux-2.6.32.8/grsecurity/grsec_mount.c 2010-02-13 21:45:10.741997676 -0500
38803@@ -0,0 +1,62 @@
38804+#include <linux/kernel.h>
38805+#include <linux/sched.h>
38806+#include <linux/mount.h>
38807+#include <linux/grsecurity.h>
38808+#include <linux/grinternal.h>
38809+
38810+void
38811+gr_log_remount(const char *devname, const int retval)
38812+{
38813+#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
38814+ if (grsec_enable_mount && (retval >= 0))
38815+ gr_log_str(GR_DO_AUDIT, GR_REMOUNT_AUDIT_MSG, devname ? devname : "none");
38816+#endif
38817+ return;
38818+}
38819+
38820+void
38821+gr_log_unmount(const char *devname, const int retval)
38822+{
38823+#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
38824+ if (grsec_enable_mount && (retval >= 0))
38825+ gr_log_str(GR_DO_AUDIT, GR_UNMOUNT_AUDIT_MSG, devname ? devname : "none");
38826+#endif
38827+ return;
38828+}
38829+
38830+void
38831+gr_log_mount(const char *from, const char *to, const int retval)
38832+{
38833+#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
38834+ if (grsec_enable_mount && (retval >= 0))
38835+ gr_log_str_str(GR_DO_AUDIT, GR_MOUNT_AUDIT_MSG, from, to);
38836+#endif
38837+ return;
38838+}
38839+
38840+int
38841+gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags)
38842+{
38843+#ifdef CONFIG_GRKERNSEC_ROFS
38844+ if (grsec_enable_rofs && !(mnt_flags & MNT_READONLY)) {
38845+ gr_log_fs_generic(GR_DO_AUDIT, GR_ROFS_MOUNT_MSG, dentry, mnt);
38846+ return -EPERM;
38847+ } else
38848+ return 0;
38849+#endif
38850+ return 0;
38851+}
38852+
38853+int
38854+gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode)
38855+{
38856+#ifdef CONFIG_GRKERNSEC_ROFS
38857+ if (grsec_enable_rofs && (acc_mode & MAY_WRITE) &&
38858+ dentry->d_inode && S_ISBLK(dentry->d_inode->i_mode)) {
38859+ gr_log_fs_generic(GR_DO_AUDIT, GR_ROFS_BLOCKWRITE_MSG, dentry, mnt);
38860+ return -EPERM;
38861+ } else
38862+ return 0;
38863+#endif
38864+ return 0;
38865+}
38866diff -urNp linux-2.6.32.8/grsecurity/grsec_sig.c linux-2.6.32.8/grsecurity/grsec_sig.c
38867--- linux-2.6.32.8/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000 -0500
38868+++ linux-2.6.32.8/grsecurity/grsec_sig.c 2010-02-13 21:45:10.741997676 -0500
38869@@ -0,0 +1,65 @@
38870+#include <linux/kernel.h>
38871+#include <linux/sched.h>
38872+#include <linux/delay.h>
38873+#include <linux/grsecurity.h>
38874+#include <linux/grinternal.h>
38875+
38876+char *signames[] = {
38877+ [SIGSEGV] = "Segmentation fault",
38878+ [SIGILL] = "Illegal instruction",
38879+ [SIGABRT] = "Abort",
38880+ [SIGBUS] = "Invalid alignment/Bus error"
38881+};
38882+
38883+void
38884+gr_log_signal(const int sig, const void *addr, const struct task_struct *t)
38885+{
38886+#ifdef CONFIG_GRKERNSEC_SIGNAL
38887+ if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) ||
38888+ (sig == SIGABRT) || (sig == SIGBUS))) {
38889+ if (t->pid == current->pid) {
38890+ gr_log_sig_addr(GR_DONT_AUDIT_GOOD, GR_UNISIGLOG_MSG, signames[sig], addr);
38891+ } else {
38892+ gr_log_sig_task(GR_DONT_AUDIT_GOOD, GR_DUALSIGLOG_MSG, t, sig);
38893+ }
38894+ }
38895+#endif
38896+ return;
38897+}
38898+
38899+int
38900+gr_handle_signal(const struct task_struct *p, const int sig)
38901+{
38902+#ifdef CONFIG_GRKERNSEC
38903+ if (current->pid > 1 && gr_check_protected_task(p)) {
38904+ gr_log_sig_task(GR_DONT_AUDIT, GR_SIG_ACL_MSG, p, sig);
38905+ return -EPERM;
38906+ } else if (gr_pid_is_chrooted((struct task_struct *)p)) {
38907+ return -EPERM;
38908+ }
38909+#endif
38910+ return 0;
38911+}
38912+
38913+void gr_handle_brute_attach(struct task_struct *p)
38914+{
38915+#ifdef CONFIG_GRKERNSEC_BRUTE
38916+ read_lock(&tasklist_lock);
38917+ read_lock(&grsec_exec_file_lock);
38918+ if (p->parent && p->parent->exec_file == p->exec_file)
38919+ p->parent->brute = 1;
38920+ read_unlock(&grsec_exec_file_lock);
38921+ read_unlock(&tasklist_lock);
38922+#endif
38923+ return;
38924+}
38925+
38926+void gr_handle_brute_check(void)
38927+{
38928+#ifdef CONFIG_GRKERNSEC_BRUTE
38929+ if (current->brute)
38930+ msleep(30 * 1000);
38931+#endif
38932+ return;
38933+}
38934+
38935diff -urNp linux-2.6.32.8/grsecurity/grsec_sock.c linux-2.6.32.8/grsecurity/grsec_sock.c
38936--- linux-2.6.32.8/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000 -0500
38937+++ linux-2.6.32.8/grsecurity/grsec_sock.c 2010-02-13 21:45:10.741997676 -0500
38938@@ -0,0 +1,271 @@
38939+#include <linux/kernel.h>
38940+#include <linux/module.h>
38941+#include <linux/sched.h>
38942+#include <linux/file.h>
38943+#include <linux/net.h>
38944+#include <linux/in.h>
38945+#include <linux/ip.h>
38946+#include <net/sock.h>
38947+#include <net/inet_sock.h>
38948+#include <linux/grsecurity.h>
38949+#include <linux/grinternal.h>
38950+#include <linux/gracl.h>
38951+
38952+kernel_cap_t gr_cap_rtnetlink(struct sock *sock);
38953+EXPORT_SYMBOL(gr_cap_rtnetlink);
38954+
38955+extern int gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb);
38956+extern int gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr);
38957+
38958+EXPORT_SYMBOL(gr_search_udp_recvmsg);
38959+EXPORT_SYMBOL(gr_search_udp_sendmsg);
38960+
38961+#ifdef CONFIG_UNIX_MODULE
38962+EXPORT_SYMBOL(gr_acl_handle_unix);
38963+EXPORT_SYMBOL(gr_acl_handle_mknod);
38964+EXPORT_SYMBOL(gr_handle_chroot_unix);
38965+EXPORT_SYMBOL(gr_handle_create);
38966+#endif
38967+
38968+#ifdef CONFIG_GRKERNSEC
38969+#define gr_conn_table_size 32749
38970+struct conn_table_entry {
38971+ struct conn_table_entry *next;
38972+ struct signal_struct *sig;
38973+};
38974+
38975+struct conn_table_entry *gr_conn_table[gr_conn_table_size];
38976+DEFINE_SPINLOCK(gr_conn_table_lock);
38977+
38978+extern const char * gr_socktype_to_name(unsigned char type);
38979+extern const char * gr_proto_to_name(unsigned char proto);
38980+
38981+static __inline__ int
38982+conn_hash(__u32 saddr, __u32 daddr, __u16 sport, __u16 dport, unsigned int size)
38983+{
38984+ return ((daddr + saddr + (sport << 8) + (dport << 16)) % size);
38985+}
38986+
38987+static __inline__ int
38988+conn_match(const struct signal_struct *sig, __u32 saddr, __u32 daddr,
38989+ __u16 sport, __u16 dport)
38990+{
38991+ if (unlikely(sig->gr_saddr == saddr && sig->gr_daddr == daddr &&
38992+ sig->gr_sport == sport && sig->gr_dport == dport))
38993+ return 1;
38994+ else
38995+ return 0;
38996+}
38997+
38998+static void gr_add_to_task_ip_table_nolock(struct signal_struct *sig, struct conn_table_entry *newent)
38999+{
39000+ struct conn_table_entry **match;
39001+ unsigned int index;
39002+
39003+ index = conn_hash(sig->gr_saddr, sig->gr_daddr,
39004+ sig->gr_sport, sig->gr_dport,
39005+ gr_conn_table_size);
39006+
39007+ newent->sig = sig;
39008+
39009+ match = &gr_conn_table[index];
39010+ newent->next = *match;
39011+ *match = newent;
39012+
39013+ return;
39014+}
39015+
39016+static void gr_del_task_from_ip_table_nolock(struct signal_struct *sig)
39017+{
39018+ struct conn_table_entry *match, *last = NULL;
39019+ unsigned int index;
39020+
39021+ index = conn_hash(sig->gr_saddr, sig->gr_daddr,
39022+ sig->gr_sport, sig->gr_dport,
39023+ gr_conn_table_size);
39024+
39025+ match = gr_conn_table[index];
39026+ while (match && !conn_match(match->sig,
39027+ sig->gr_saddr, sig->gr_daddr, sig->gr_sport,
39028+ sig->gr_dport)) {
39029+ last = match;
39030+ match = match->next;
39031+ }
39032+
39033+ if (match) {
39034+ if (last)
39035+ last->next = match->next;
39036+ else
39037+ gr_conn_table[index] = NULL;
39038+ kfree(match);
39039+ }
39040+
39041+ return;
39042+}
39043+
39044+static struct signal_struct * gr_lookup_task_ip_table(__u32 saddr, __u32 daddr,
39045+ __u16 sport, __u16 dport)
39046+{
39047+ struct conn_table_entry *match;
39048+ unsigned int index;
39049+
39050+ index = conn_hash(saddr, daddr, sport, dport, gr_conn_table_size);
39051+
39052+ match = gr_conn_table[index];
39053+ while (match && !conn_match(match->sig, saddr, daddr, sport, dport))
39054+ match = match->next;
39055+
39056+ if (match)
39057+ return match->sig;
39058+ else
39059+ return NULL;
39060+}
39061+
39062+#endif
39063+
39064+void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet)
39065+{
39066+#ifdef CONFIG_GRKERNSEC
39067+ struct signal_struct *sig = task->signal;
39068+ struct conn_table_entry *newent;
39069+
39070+ newent = kmalloc(sizeof(struct conn_table_entry), GFP_ATOMIC);
39071+ if (newent == NULL)
39072+ return;
39073+ /* no bh lock needed since we are called with bh disabled */
39074+ spin_lock(&gr_conn_table_lock);
39075+ gr_del_task_from_ip_table_nolock(sig);
39076+ sig->gr_saddr = inet->rcv_saddr;
39077+ sig->gr_daddr = inet->daddr;
39078+ sig->gr_sport = inet->sport;
39079+ sig->gr_dport = inet->dport;
39080+ gr_add_to_task_ip_table_nolock(sig, newent);
39081+ spin_unlock(&gr_conn_table_lock);
39082+#endif
39083+ return;
39084+}
39085+
39086+void gr_del_task_from_ip_table(struct task_struct *task)
39087+{
39088+#ifdef CONFIG_GRKERNSEC
39089+ spin_lock_bh(&gr_conn_table_lock);
39090+ gr_del_task_from_ip_table_nolock(task->signal);
39091+ spin_unlock_bh(&gr_conn_table_lock);
39092+#endif
39093+ return;
39094+}
39095+
39096+void
39097+gr_attach_curr_ip(const struct sock *sk)
39098+{
39099+#ifdef CONFIG_GRKERNSEC
39100+ struct signal_struct *p, *set;
39101+ const struct inet_sock *inet = inet_sk(sk);
39102+
39103+ if (unlikely(sk->sk_protocol != IPPROTO_TCP))
39104+ return;
39105+
39106+ set = current->signal;
39107+
39108+ spin_lock_bh(&gr_conn_table_lock);
39109+ p = gr_lookup_task_ip_table(inet->daddr, inet->rcv_saddr,
39110+ inet->dport, inet->sport);
39111+ if (unlikely(p != NULL)) {
39112+ set->curr_ip = p->curr_ip;
39113+ set->used_accept = 1;
39114+ gr_del_task_from_ip_table_nolock(p);
39115+ spin_unlock_bh(&gr_conn_table_lock);
39116+ return;
39117+ }
39118+ spin_unlock_bh(&gr_conn_table_lock);
39119+
39120+ set->curr_ip = inet->daddr;
39121+ set->used_accept = 1;
39122+#endif
39123+ return;
39124+}
39125+
39126+int
39127+gr_handle_sock_all(const int family, const int type, const int protocol)
39128+{
39129+#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
39130+ if (grsec_enable_socket_all && in_group_p(grsec_socket_all_gid) &&
39131+ (family != AF_UNIX) && (family != AF_LOCAL)) {
39132+ gr_log_int_str2(GR_DONT_AUDIT, GR_SOCK2_MSG, family, gr_socktype_to_name(type), gr_proto_to_name(protocol));
39133+ return -EACCES;
39134+ }
39135+#endif
39136+ return 0;
39137+}
39138+
39139+int
39140+gr_handle_sock_server(const struct sockaddr *sck)
39141+{
39142+#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
39143+ if (grsec_enable_socket_server &&
39144+ in_group_p(grsec_socket_server_gid) &&
39145+ sck && (sck->sa_family != AF_UNIX) &&
39146+ (sck->sa_family != AF_LOCAL)) {
39147+ gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG);
39148+ return -EACCES;
39149+ }
39150+#endif
39151+ return 0;
39152+}
39153+
39154+int
39155+gr_handle_sock_server_other(const struct sock *sck)
39156+{
39157+#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
39158+ if (grsec_enable_socket_server &&
39159+ in_group_p(grsec_socket_server_gid) &&
39160+ sck && (sck->sk_family != AF_UNIX) &&
39161+ (sck->sk_family != AF_LOCAL)) {
39162+ gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG);
39163+ return -EACCES;
39164+ }
39165+#endif
39166+ return 0;
39167+}
39168+
39169+int
39170+gr_handle_sock_client(const struct sockaddr *sck)
39171+{
39172+#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
39173+ if (grsec_enable_socket_client && in_group_p(grsec_socket_client_gid) &&
39174+ sck && (sck->sa_family != AF_UNIX) &&
39175+ (sck->sa_family != AF_LOCAL)) {
39176+ gr_log_noargs(GR_DONT_AUDIT, GR_CONNECT_MSG);
39177+ return -EACCES;
39178+ }
39179+#endif
39180+ return 0;
39181+}
39182+
39183+kernel_cap_t
39184+gr_cap_rtnetlink(struct sock *sock)
39185+{
39186+#ifdef CONFIG_GRKERNSEC
39187+ if (!gr_acl_is_enabled())
39188+ return current_cap();
39189+ else if (sock->sk_protocol == NETLINK_ISCSI &&
39190+ cap_raised(current_cap(), CAP_SYS_ADMIN) &&
39191+ gr_is_capable(CAP_SYS_ADMIN))
39192+ return current_cap();
39193+ else if (sock->sk_protocol == NETLINK_AUDIT &&
39194+ cap_raised(current_cap(), CAP_AUDIT_WRITE) &&
39195+ gr_is_capable(CAP_AUDIT_WRITE) &&
39196+ cap_raised(current_cap(), CAP_AUDIT_CONTROL) &&
39197+ gr_is_capable(CAP_AUDIT_CONTROL))
39198+ return current_cap();
39199+ else if (cap_raised(current_cap(), CAP_NET_ADMIN) &&
39200+ ((sock->sk_protocol == NETLINK_ROUTE) ?
39201+ gr_is_capable_nolog(CAP_NET_ADMIN) :
39202+ gr_is_capable(CAP_NET_ADMIN)))
39203+ return current_cap();
39204+ else
39205+ return __cap_empty_set;
39206+#else
39207+ return current_cap();
39208+#endif
39209+}
39210diff -urNp linux-2.6.32.8/grsecurity/grsec_sysctl.c linux-2.6.32.8/grsecurity/grsec_sysctl.c
39211--- linux-2.6.32.8/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
39212+++ linux-2.6.32.8/grsecurity/grsec_sysctl.c 2010-02-13 21:45:10.742887999 -0500
39213@@ -0,0 +1,419 @@
39214+#include <linux/kernel.h>
39215+#include <linux/sched.h>
39216+#include <linux/sysctl.h>
39217+#include <linux/grsecurity.h>
39218+#include <linux/grinternal.h>
39219+
39220+int
39221+gr_handle_sysctl_mod(const char *dirname, const char *name, const int op)
39222+{
39223+#ifdef CONFIG_GRKERNSEC_SYSCTL
39224+ if (!strcmp(dirname, "grsecurity") && grsec_lock && (op & MAY_WRITE)) {
39225+ gr_log_str(GR_DONT_AUDIT, GR_SYSCTL_MSG, name);
39226+ return -EACCES;
39227+ }
39228+#endif
39229+ return 0;
39230+}
39231+
39232+#ifdef CONFIG_GRKERNSEC_ROFS
39233+static int __maybe_unused one = 1;
39234+#endif
39235+
39236+#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS)
39237+ctl_table grsecurity_table[] = {
39238+#ifdef CONFIG_GRKERNSEC_SYSCTL
39239+#ifdef CONFIG_GRKERNSEC_LINK
39240+ {
39241+ .ctl_name = CTL_UNNUMBERED,
39242+ .procname = "linking_restrictions",
39243+ .data = &grsec_enable_link,
39244+ .maxlen = sizeof(int),
39245+ .mode = 0600,
39246+ .proc_handler = &proc_dointvec,
39247+ },
39248+#endif
39249+#ifdef CONFIG_GRKERNSEC_FIFO
39250+ {
39251+ .ctl_name = CTL_UNNUMBERED,
39252+ .procname = "fifo_restrictions",
39253+ .data = &grsec_enable_fifo,
39254+ .maxlen = sizeof(int),
39255+ .mode = 0600,
39256+ .proc_handler = &proc_dointvec,
39257+ },
39258+#endif
39259+#ifdef CONFIG_GRKERNSEC_EXECVE
39260+ {
39261+ .ctl_name = CTL_UNNUMBERED,
39262+ .procname = "execve_limiting",
39263+ .data = &grsec_enable_execve,
39264+ .maxlen = sizeof(int),
39265+ .mode = 0600,
39266+ .proc_handler = &proc_dointvec,
39267+ },
39268+#endif
39269+#ifdef CONFIG_GRKERNSEC_EXECLOG
39270+ {
39271+ .ctl_name = CTL_UNNUMBERED,
39272+ .procname = "exec_logging",
39273+ .data = &grsec_enable_execlog,
39274+ .maxlen = sizeof(int),
39275+ .mode = 0600,
39276+ .proc_handler = &proc_dointvec,
39277+ },
39278+#endif
39279+#ifdef CONFIG_GRKERNSEC_SIGNAL
39280+ {
39281+ .ctl_name = CTL_UNNUMBERED,
39282+ .procname = "signal_logging",
39283+ .data = &grsec_enable_signal,
39284+ .maxlen = sizeof(int),
39285+ .mode = 0600,
39286+ .proc_handler = &proc_dointvec,
39287+ },
39288+#endif
39289+#ifdef CONFIG_GRKERNSEC_FORKFAIL
39290+ {
39291+ .ctl_name = CTL_UNNUMBERED,
39292+ .procname = "forkfail_logging",
39293+ .data = &grsec_enable_forkfail,
39294+ .maxlen = sizeof(int),
39295+ .mode = 0600,
39296+ .proc_handler = &proc_dointvec,
39297+ },
39298+#endif
39299+#ifdef CONFIG_GRKERNSEC_TIME
39300+ {
39301+ .ctl_name = CTL_UNNUMBERED,
39302+ .procname = "timechange_logging",
39303+ .data = &grsec_enable_time,
39304+ .maxlen = sizeof(int),
39305+ .mode = 0600,
39306+ .proc_handler = &proc_dointvec,
39307+ },
39308+#endif
39309+#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
39310+ {
39311+ .ctl_name = CTL_UNNUMBERED,
39312+ .procname = "chroot_deny_shmat",
39313+ .data = &grsec_enable_chroot_shmat,
39314+ .maxlen = sizeof(int),
39315+ .mode = 0600,
39316+ .proc_handler = &proc_dointvec,
39317+ },
39318+#endif
39319+#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
39320+ {
39321+ .ctl_name = CTL_UNNUMBERED,
39322+ .procname = "chroot_deny_unix",
39323+ .data = &grsec_enable_chroot_unix,
39324+ .maxlen = sizeof(int),
39325+ .mode = 0600,
39326+ .proc_handler = &proc_dointvec,
39327+ },
39328+#endif
39329+#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
39330+ {
39331+ .ctl_name = CTL_UNNUMBERED,
39332+ .procname = "chroot_deny_mount",
39333+ .data = &grsec_enable_chroot_mount,
39334+ .maxlen = sizeof(int),
39335+ .mode = 0600,
39336+ .proc_handler = &proc_dointvec,
39337+ },
39338+#endif
39339+#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
39340+ {
39341+ .ctl_name = CTL_UNNUMBERED,
39342+ .procname = "chroot_deny_fchdir",
39343+ .data = &grsec_enable_chroot_fchdir,
39344+ .maxlen = sizeof(int),
39345+ .mode = 0600,
39346+ .proc_handler = &proc_dointvec,
39347+ },
39348+#endif
39349+#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
39350+ {
39351+ .ctl_name = CTL_UNNUMBERED,
39352+ .procname = "chroot_deny_chroot",
39353+ .data = &grsec_enable_chroot_double,
39354+ .maxlen = sizeof(int),
39355+ .mode = 0600,
39356+ .proc_handler = &proc_dointvec,
39357+ },
39358+#endif
39359+#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
39360+ {
39361+ .ctl_name = CTL_UNNUMBERED,
39362+ .procname = "chroot_deny_pivot",
39363+ .data = &grsec_enable_chroot_pivot,
39364+ .maxlen = sizeof(int),
39365+ .mode = 0600,
39366+ .proc_handler = &proc_dointvec,
39367+ },
39368+#endif
39369+#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
39370+ {
39371+ .ctl_name = CTL_UNNUMBERED,
39372+ .procname = "chroot_enforce_chdir",
39373+ .data = &grsec_enable_chroot_chdir,
39374+ .maxlen = sizeof(int),
39375+ .mode = 0600,
39376+ .proc_handler = &proc_dointvec,
39377+ },
39378+#endif
39379+#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
39380+ {
39381+ .ctl_name = CTL_UNNUMBERED,
39382+ .procname = "chroot_deny_chmod",
39383+ .data = &grsec_enable_chroot_chmod,
39384+ .maxlen = sizeof(int),
39385+ .mode = 0600,
39386+ .proc_handler = &proc_dointvec,
39387+ },
39388+#endif
39389+#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
39390+ {
39391+ .ctl_name = CTL_UNNUMBERED,
39392+ .procname = "chroot_deny_mknod",
39393+ .data = &grsec_enable_chroot_mknod,
39394+ .maxlen = sizeof(int),
39395+ .mode = 0600,
39396+ .proc_handler = &proc_dointvec,
39397+ },
39398+#endif
39399+#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
39400+ {
39401+ .ctl_name = CTL_UNNUMBERED,
39402+ .procname = "chroot_restrict_nice",
39403+ .data = &grsec_enable_chroot_nice,
39404+ .maxlen = sizeof(int),
39405+ .mode = 0600,
39406+ .proc_handler = &proc_dointvec,
39407+ },
39408+#endif
39409+#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
39410+ {
39411+ .ctl_name = CTL_UNNUMBERED,
39412+ .procname = "chroot_execlog",
39413+ .data = &grsec_enable_chroot_execlog,
39414+ .maxlen = sizeof(int),
39415+ .mode = 0600,
39416+ .proc_handler = &proc_dointvec,
39417+ },
39418+#endif
39419+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
39420+ {
39421+ .ctl_name = CTL_UNNUMBERED,
39422+ .procname = "chroot_caps",
39423+ .data = &grsec_enable_chroot_caps,
39424+ .maxlen = sizeof(int),
39425+ .mode = 0600,
39426+ .proc_handler = &proc_dointvec,
39427+ },
39428+#endif
39429+#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
39430+ {
39431+ .ctl_name = CTL_UNNUMBERED,
39432+ .procname = "chroot_deny_sysctl",
39433+ .data = &grsec_enable_chroot_sysctl,
39434+ .maxlen = sizeof(int),
39435+ .mode = 0600,
39436+ .proc_handler = &proc_dointvec,
39437+ },
39438+#endif
39439+#ifdef CONFIG_GRKERNSEC_TPE
39440+ {
39441+ .ctl_name = CTL_UNNUMBERED,
39442+ .procname = "tpe",
39443+ .data = &grsec_enable_tpe,
39444+ .maxlen = sizeof(int),
39445+ .mode = 0600,
39446+ .proc_handler = &proc_dointvec,
39447+ },
39448+ {
39449+ .ctl_name = CTL_UNNUMBERED,
39450+ .procname = "tpe_gid",
39451+ .data = &grsec_tpe_gid,
39452+ .maxlen = sizeof(int),
39453+ .mode = 0600,
39454+ .proc_handler = &proc_dointvec,
39455+ },
39456+#endif
39457+#ifdef CONFIG_GRKERNSEC_TPE_ALL
39458+ {
39459+ .ctl_name = CTL_UNNUMBERED,
39460+ .procname = "tpe_restrict_all",
39461+ .data = &grsec_enable_tpe_all,
39462+ .maxlen = sizeof(int),
39463+ .mode = 0600,
39464+ .proc_handler = &proc_dointvec,
39465+ },
39466+#endif
39467+#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
39468+ {
39469+ .ctl_name = CTL_UNNUMBERED,
39470+ .procname = "socket_all",
39471+ .data = &grsec_enable_socket_all,
39472+ .maxlen = sizeof(int),
39473+ .mode = 0600,
39474+ .proc_handler = &proc_dointvec,
39475+ },
39476+ {
39477+ .ctl_name = CTL_UNNUMBERED,
39478+ .procname = "socket_all_gid",
39479+ .data = &grsec_socket_all_gid,
39480+ .maxlen = sizeof(int),
39481+ .mode = 0600,
39482+ .proc_handler = &proc_dointvec,
39483+ },
39484+#endif
39485+#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
39486+ {
39487+ .ctl_name = CTL_UNNUMBERED,
39488+ .procname = "socket_client",
39489+ .data = &grsec_enable_socket_client,
39490+ .maxlen = sizeof(int),
39491+ .mode = 0600,
39492+ .proc_handler = &proc_dointvec,
39493+ },
39494+ {
39495+ .ctl_name = CTL_UNNUMBERED,
39496+ .procname = "socket_client_gid",
39497+ .data = &grsec_socket_client_gid,
39498+ .maxlen = sizeof(int),
39499+ .mode = 0600,
39500+ .proc_handler = &proc_dointvec,
39501+ },
39502+#endif
39503+#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
39504+ {
39505+ .ctl_name = CTL_UNNUMBERED,
39506+ .procname = "socket_server",
39507+ .data = &grsec_enable_socket_server,
39508+ .maxlen = sizeof(int),
39509+ .mode = 0600,
39510+ .proc_handler = &proc_dointvec,
39511+ },
39512+ {
39513+ .ctl_name = CTL_UNNUMBERED,
39514+ .procname = "socket_server_gid",
39515+ .data = &grsec_socket_server_gid,
39516+ .maxlen = sizeof(int),
39517+ .mode = 0600,
39518+ .proc_handler = &proc_dointvec,
39519+ },
39520+#endif
39521+#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
39522+ {
39523+ .ctl_name = CTL_UNNUMBERED,
39524+ .procname = "audit_group",
39525+ .data = &grsec_enable_group,
39526+ .maxlen = sizeof(int),
39527+ .mode = 0600,
39528+ .proc_handler = &proc_dointvec,
39529+ },
39530+ {
39531+ .ctl_name = CTL_UNNUMBERED,
39532+ .procname = "audit_gid",
39533+ .data = &grsec_audit_gid,
39534+ .maxlen = sizeof(int),
39535+ .mode = 0600,
39536+ .proc_handler = &proc_dointvec,
39537+ },
39538+#endif
39539+#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
39540+ {
39541+ .ctl_name = CTL_UNNUMBERED,
39542+ .procname = "audit_chdir",
39543+ .data = &grsec_enable_chdir,
39544+ .maxlen = sizeof(int),
39545+ .mode = 0600,
39546+ .proc_handler = &proc_dointvec,
39547+ },
39548+#endif
39549+#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
39550+ {
39551+ .ctl_name = CTL_UNNUMBERED,
39552+ .procname = "audit_mount",
39553+ .data = &grsec_enable_mount,
39554+ .maxlen = sizeof(int),
39555+ .mode = 0600,
39556+ .proc_handler = &proc_dointvec,
39557+ },
39558+#endif
39559+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
39560+ {
39561+ .ctl_name = CTL_UNNUMBERED,
39562+ .procname = "audit_textrel",
39563+ .data = &grsec_enable_audit_textrel,
39564+ .maxlen = sizeof(int),
39565+ .mode = 0600,
39566+ .proc_handler = &proc_dointvec,
39567+ },
39568+#endif
39569+#ifdef CONFIG_GRKERNSEC_DMESG
39570+ {
39571+ .ctl_name = CTL_UNNUMBERED,
39572+ .procname = "dmesg",
39573+ .data = &grsec_enable_dmesg,
39574+ .maxlen = sizeof(int),
39575+ .mode = 0600,
39576+ .proc_handler = &proc_dointvec,
39577+ },
39578+#endif
39579+#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
39580+ {
39581+ .ctl_name = CTL_UNNUMBERED,
39582+ .procname = "chroot_findtask",
39583+ .data = &grsec_enable_chroot_findtask,
39584+ .maxlen = sizeof(int),
39585+ .mode = 0600,
39586+ .proc_handler = &proc_dointvec,
39587+ },
39588+#endif
39589+#ifdef CONFIG_GRKERNSEC_RESLOG
39590+ {
39591+ .ctl_name = CTL_UNNUMBERED,
39592+ .procname = "resource_logging",
39593+ .data = &grsec_resource_logging,
39594+ .maxlen = sizeof(int),
39595+ .mode = 0600,
39596+ .proc_handler = &proc_dointvec,
39597+ },
39598+#endif
39599+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
39600+ {
39601+ .ctl_name = CTL_UNNUMBERED,
39602+ .procname = "harden_ptrace",
39603+ .data = &grsec_enable_harden_ptrace,
39604+ .maxlen = sizeof(int),
39605+ .mode = 0600,
39606+ .proc_handler = &proc_dointvec,
39607+ },
39608+#endif
39609+ {
39610+ .ctl_name = CTL_UNNUMBERED,
39611+ .procname = "grsec_lock",
39612+ .data = &grsec_lock,
39613+ .maxlen = sizeof(int),
39614+ .mode = 0600,
39615+ .proc_handler = &proc_dointvec,
39616+ },
39617+#endif
39618+#ifdef CONFIG_GRKERNSEC_ROFS
39619+ {
39620+ .ctl_name = CTL_UNNUMBERED,
39621+ .procname = "romount_protect",
39622+ .data = &grsec_enable_rofs,
39623+ .maxlen = sizeof(int),
39624+ .mode = 0600,
39625+ .proc_handler = &proc_dointvec_minmax,
39626+ .extra1 = &one,
39627+ .extra2 = &one,
39628+ },
39629+#endif
39630+ { .ctl_name = 0 }
39631+};
39632+#endif
39633diff -urNp linux-2.6.32.8/grsecurity/grsec_textrel.c linux-2.6.32.8/grsecurity/grsec_textrel.c
39634--- linux-2.6.32.8/grsecurity/grsec_textrel.c 1969-12-31 19:00:00.000000000 -0500
39635+++ linux-2.6.32.8/grsecurity/grsec_textrel.c 2010-02-13 21:45:10.742887999 -0500
39636@@ -0,0 +1,16 @@
39637+#include <linux/kernel.h>
39638+#include <linux/sched.h>
39639+#include <linux/mm.h>
39640+#include <linux/file.h>
39641+#include <linux/grinternal.h>
39642+#include <linux/grsecurity.h>
39643+
39644+void
39645+gr_log_textrel(struct vm_area_struct * vma)
39646+{
39647+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
39648+ if (grsec_enable_audit_textrel)
39649+ gr_log_textrel_ulong_ulong(GR_DO_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff);
39650+#endif
39651+ return;
39652+}
39653diff -urNp linux-2.6.32.8/grsecurity/grsec_time.c linux-2.6.32.8/grsecurity/grsec_time.c
39654--- linux-2.6.32.8/grsecurity/grsec_time.c 1969-12-31 19:00:00.000000000 -0500
39655+++ linux-2.6.32.8/grsecurity/grsec_time.c 2010-02-13 21:45:10.742887999 -0500
39656@@ -0,0 +1,13 @@
39657+#include <linux/kernel.h>
39658+#include <linux/sched.h>
39659+#include <linux/grinternal.h>
39660+
39661+void
39662+gr_log_timechange(void)
39663+{
39664+#ifdef CONFIG_GRKERNSEC_TIME
39665+ if (grsec_enable_time)
39666+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_TIME_MSG);
39667+#endif
39668+ return;
39669+}
39670diff -urNp linux-2.6.32.8/grsecurity/grsec_tpe.c linux-2.6.32.8/grsecurity/grsec_tpe.c
39671--- linux-2.6.32.8/grsecurity/grsec_tpe.c 1969-12-31 19:00:00.000000000 -0500
39672+++ linux-2.6.32.8/grsecurity/grsec_tpe.c 2010-02-13 21:45:10.742887999 -0500
39673@@ -0,0 +1,38 @@
39674+#include <linux/kernel.h>
39675+#include <linux/sched.h>
39676+#include <linux/file.h>
39677+#include <linux/fs.h>
39678+#include <linux/grinternal.h>
39679+
39680+extern int gr_acl_tpe_check(void);
39681+
39682+int
39683+gr_tpe_allow(const struct file *file)
39684+{
39685+#ifdef CONFIG_GRKERNSEC
39686+ struct inode *inode = file->f_path.dentry->d_parent->d_inode;
39687+ const struct cred *cred = current_cred();
39688+
39689+ if (cred->uid && ((grsec_enable_tpe &&
39690+#ifdef CONFIG_GRKERNSEC_TPE_INVERT
39691+ !in_group_p(grsec_tpe_gid)
39692+#else
39693+ in_group_p(grsec_tpe_gid)
39694+#endif
39695+ ) || gr_acl_tpe_check()) &&
39696+ (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) ||
39697+ (inode->i_mode & S_IWOTH))))) {
39698+ gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
39699+ return 0;
39700+ }
39701+#ifdef CONFIG_GRKERNSEC_TPE_ALL
39702+ if (cred->uid && grsec_enable_tpe && grsec_enable_tpe_all &&
39703+ ((inode->i_uid && (inode->i_uid != cred->uid)) ||
39704+ (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) {
39705+ gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
39706+ return 0;
39707+ }
39708+#endif
39709+#endif
39710+ return 1;
39711+}
39712diff -urNp linux-2.6.32.8/grsecurity/grsum.c linux-2.6.32.8/grsecurity/grsum.c
39713--- linux-2.6.32.8/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500
39714+++ linux-2.6.32.8/grsecurity/grsum.c 2010-02-13 21:45:10.742887999 -0500
39715@@ -0,0 +1,59 @@
39716+#include <linux/err.h>
39717+#include <linux/kernel.h>
39718+#include <linux/sched.h>
39719+#include <linux/mm.h>
39720+#include <linux/scatterlist.h>
39721+#include <linux/crypto.h>
39722+#include <linux/gracl.h>
39723+
39724+
39725+#if !defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE) || !defined(CONFIG_CRYPTO_SHA256) || defined(CONFIG_CRYPTO_SHA256_MODULE)
39726+#error "crypto and sha256 must be built into the kernel"
39727+#endif
39728+
39729+int
39730+chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
39731+{
39732+ char *p;
39733+ struct crypto_hash *tfm;
39734+ struct hash_desc desc;
39735+ struct scatterlist sg;
39736+ unsigned char temp_sum[GR_SHA_LEN];
39737+ volatile int retval = 0;
39738+ volatile int dummy = 0;
39739+ unsigned int i;
39740+
39741+ tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC);
39742+ if (IS_ERR(tfm)) {
39743+ /* should never happen, since sha256 should be built in */
39744+ return 1;
39745+ }
39746+
39747+ desc.tfm = tfm;
39748+ desc.flags = 0;
39749+
39750+ crypto_hash_init(&desc);
39751+
39752+ p = salt;
39753+ sg_set_buf(&sg, p, GR_SALT_LEN);
39754+ crypto_hash_update(&desc, &sg, sg.length);
39755+
39756+ p = entry->pw;
39757+ sg_set_buf(&sg, p, strlen(p));
39758+
39759+ crypto_hash_update(&desc, &sg, sg.length);
39760+
39761+ crypto_hash_final(&desc, temp_sum);
39762+
39763+ memset(entry->pw, 0, GR_PW_LEN);
39764+
39765+ for (i = 0; i < GR_SHA_LEN; i++)
39766+ if (sum[i] != temp_sum[i])
39767+ retval = 1;
39768+ else
39769+ dummy = 1; // waste a cycle
39770+
39771+ crypto_free_hash(tfm);
39772+
39773+ return retval;
39774+}
39775diff -urNp linux-2.6.32.8/grsecurity/Kconfig linux-2.6.32.8/grsecurity/Kconfig
39776--- linux-2.6.32.8/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
39777+++ linux-2.6.32.8/grsecurity/Kconfig 2010-02-13 21:45:10.743995742 -0500
39778@@ -0,0 +1,937 @@
39779+#
39780+# grecurity configuration
39781+#
39782+
39783+menu "Grsecurity"
39784+
39785+config GRKERNSEC
39786+ bool "Grsecurity"
39787+ select CRYPTO
39788+ select CRYPTO_SHA256
39789+ help
39790+ If you say Y here, you will be able to configure many features
39791+ that will enhance the security of your system. It is highly
39792+ recommended that you say Y here and read through the help
39793+ for each option so that you fully understand the features and
39794+ can evaluate their usefulness for your machine.
39795+
39796+choice
39797+ prompt "Security Level"
39798+ depends on GRKERNSEC
39799+ default GRKERNSEC_CUSTOM
39800+
39801+config GRKERNSEC_LOW
39802+ bool "Low"
39803+ select GRKERNSEC_LINK
39804+ select GRKERNSEC_FIFO
39805+ select GRKERNSEC_EXECVE
39806+ select GRKERNSEC_RANDNET
39807+ select GRKERNSEC_DMESG
39808+ select GRKERNSEC_CHROOT
39809+ select GRKERNSEC_CHROOT_CHDIR
39810+
39811+ help
39812+ If you choose this option, several of the grsecurity options will
39813+ be enabled that will give you greater protection against a number
39814+ of attacks, while assuring that none of your software will have any
39815+ conflicts with the additional security measures. If you run a lot
39816+ of unusual software, or you are having problems with the higher
39817+ security levels, you should say Y here. With this option, the
39818+ following features are enabled:
39819+
39820+ - Linking restrictions
39821+ - FIFO restrictions
39822+ - Enforcing RLIMIT_NPROC on execve
39823+ - Restricted dmesg
39824+ - Enforced chdir("/") on chroot
39825+ - Runtime module disabling
39826+
39827+config GRKERNSEC_MEDIUM
39828+ bool "Medium"
39829+ select PAX
39830+ select PAX_EI_PAX
39831+ select PAX_PT_PAX_FLAGS
39832+ select PAX_HAVE_ACL_FLAGS
39833+ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
39834+ select GRKERNSEC_CHROOT
39835+ select GRKERNSEC_CHROOT_SYSCTL
39836+ select GRKERNSEC_LINK
39837+ select GRKERNSEC_FIFO
39838+ select GRKERNSEC_EXECVE
39839+ select GRKERNSEC_DMESG
39840+ select GRKERNSEC_RANDNET
39841+ select GRKERNSEC_FORKFAIL
39842+ select GRKERNSEC_TIME
39843+ select GRKERNSEC_SIGNAL
39844+ select GRKERNSEC_CHROOT
39845+ select GRKERNSEC_CHROOT_UNIX
39846+ select GRKERNSEC_CHROOT_MOUNT
39847+ select GRKERNSEC_CHROOT_PIVOT
39848+ select GRKERNSEC_CHROOT_DOUBLE
39849+ select GRKERNSEC_CHROOT_CHDIR
39850+ select GRKERNSEC_CHROOT_MKNOD
39851+ select GRKERNSEC_PROC
39852+ select GRKERNSEC_PROC_USERGROUP
39853+ select PAX_RANDUSTACK
39854+ select PAX_ASLR
39855+ select PAX_RANDMMAP
39856+ select PAX_REFCOUNT if (X86 || SPARC64)
39857+ select PAX_USERCOPY if ((X86 || SPARC32 || SPARC64 || PPC32 || PPC64) && (SLAB || SLUB || SLOB))
39858+
39859+ help
39860+ If you say Y here, several features in addition to those included
39861+ in the low additional security level will be enabled. These
39862+ features provide even more security to your system, though in rare
39863+ cases they may be incompatible with very old or poorly written
39864+ software. If you enable this option, make sure that your auth
39865+ service (identd) is running as gid 1001. With this option,
39866+ the following features (in addition to those provided in the
39867+ low additional security level) will be enabled:
39868+
39869+ - Failed fork logging
39870+ - Time change logging
39871+ - Signal logging
39872+ - Deny mounts in chroot
39873+ - Deny double chrooting
39874+ - Deny sysctl writes in chroot
39875+ - Deny mknod in chroot
39876+ - Deny access to abstract AF_UNIX sockets out of chroot
39877+ - Deny pivot_root in chroot
39878+ - Denied writes of /dev/kmem, /dev/mem, and /dev/port
39879+ - /proc restrictions with special GID set to 10 (usually wheel)
39880+ - Address Space Layout Randomization (ASLR)
39881+ - Prevent exploitation of most refcount overflows
39882+ - Bounds checking of copying between the kernel and userland
39883+
39884+config GRKERNSEC_HIGH
39885+ bool "High"
39886+ select GRKERNSEC_LINK
39887+ select GRKERNSEC_FIFO
39888+ select GRKERNSEC_EXECVE
39889+ select GRKERNSEC_DMESG
39890+ select GRKERNSEC_FORKFAIL
39891+ select GRKERNSEC_TIME
39892+ select GRKERNSEC_SIGNAL
39893+ select GRKERNSEC_CHROOT
39894+ select GRKERNSEC_CHROOT_SHMAT
39895+ select GRKERNSEC_CHROOT_UNIX
39896+ select GRKERNSEC_CHROOT_MOUNT
39897+ select GRKERNSEC_CHROOT_FCHDIR
39898+ select GRKERNSEC_CHROOT_PIVOT
39899+ select GRKERNSEC_CHROOT_DOUBLE
39900+ select GRKERNSEC_CHROOT_CHDIR
39901+ select GRKERNSEC_CHROOT_MKNOD
39902+ select GRKERNSEC_CHROOT_CAPS
39903+ select GRKERNSEC_CHROOT_SYSCTL
39904+ select GRKERNSEC_CHROOT_FINDTASK
39905+ select GRKERNSEC_PROC
39906+ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
39907+ select GRKERNSEC_HIDESYM
39908+ select GRKERNSEC_BRUTE
39909+ select GRKERNSEC_PROC_USERGROUP
39910+ select GRKERNSEC_KMEM
39911+ select GRKERNSEC_RESLOG
39912+ select GRKERNSEC_RANDNET
39913+ select GRKERNSEC_PROC_ADD
39914+ select GRKERNSEC_CHROOT_CHMOD
39915+ select GRKERNSEC_CHROOT_NICE
39916+ select GRKERNSEC_AUDIT_MOUNT
39917+ select GRKERNSEC_MODHARDEN if (MODULES)
39918+ select GRKERNSEC_HARDEN_PTRACE
39919+ select GRKERNSEC_VM86 if (X86_32)
39920+ select PAX
39921+ select PAX_RANDUSTACK
39922+ select PAX_ASLR
39923+ select PAX_RANDMMAP
39924+ select PAX_NOEXEC
39925+ select PAX_MPROTECT
39926+ select PAX_EI_PAX
39927+ select PAX_PT_PAX_FLAGS
39928+ select PAX_HAVE_ACL_FLAGS
39929+ select PAX_KERNEXEC if (X86 && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
39930+ select PAX_MEMORY_UDEREF if (X86_32 && !XEN)
39931+ select PAX_RANDKSTACK if (X86_TSC && !X86_64)
39932+ select PAX_SEGMEXEC if (X86_32)
39933+ select PAX_PAGEEXEC
39934+ select PAX_EMUPLT if (ALPHA || PARISC || SPARC32 || SPARC64)
39935+ select PAX_EMUTRAMP if (PARISC)
39936+ select PAX_EMUSIGRT if (PARISC)
39937+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
39938+ select PAX_REFCOUNT if (X86 || SPARC64)
39939+ select PAX_USERCOPY if ((X86 || PPC32 || PPC64 || SPARC32 || SPARC64) && (SLAB || SLUB || SLOB))
39940+ help
39941+ If you say Y here, many of the features of grsecurity will be
39942+ enabled, which will protect you against many kinds of attacks
39943+ against your system. The heightened security comes at a cost
39944+ of an increased chance of incompatibilities with rare software
39945+ on your machine. Since this security level enables PaX, you should
39946+ view <http://pax.grsecurity.net> and read about the PaX
39947+ project. While you are there, download chpax and run it on
39948+ binaries that cause problems with PaX. Also remember that
39949+ since the /proc restrictions are enabled, you must run your
39950+ identd as gid 1001. This security level enables the following
39951+ features in addition to those listed in the low and medium
39952+ security levels:
39953+
39954+ - Additional /proc restrictions
39955+ - Chmod restrictions in chroot
39956+ - No signals, ptrace, or viewing of processes outside of chroot
39957+ - Capability restrictions in chroot
39958+ - Deny fchdir out of chroot
39959+ - Priority restrictions in chroot
39960+ - Segmentation-based implementation of PaX
39961+ - Mprotect restrictions
39962+ - Removal of addresses from /proc/<pid>/[smaps|maps|stat]
39963+ - Kernel stack randomization
39964+ - Mount/unmount/remount logging
39965+ - Kernel symbol hiding
39966+ - Prevention of memory exhaustion-based exploits
39967+ - Hardening of module auto-loading
39968+ - Ptrace restrictions
39969+ - Restricted vm86 mode
39970+
39971+config GRKERNSEC_CUSTOM
39972+ bool "Custom"
39973+ help
39974+ If you say Y here, you will be able to configure every grsecurity
39975+ option, which allows you to enable many more features that aren't
39976+ covered in the basic security levels. These additional features
39977+ include TPE, socket restrictions, and the sysctl system for
39978+ grsecurity. It is advised that you read through the help for
39979+ each option to determine its usefulness in your situation.
39980+
39981+endchoice
39982+
39983+menu "Address Space Protection"
39984+depends on GRKERNSEC
39985+
39986+config GRKERNSEC_KMEM
39987+ bool "Deny writing to /dev/kmem, /dev/mem, and /dev/port"
39988+ help
39989+ If you say Y here, /dev/kmem and /dev/mem won't be allowed to
39990+ be written to via mmap or otherwise to modify the running kernel.
39991+ /dev/port will also not be allowed to be opened. If you have module
39992+ support disabled, enabling this will close up four ways that are
39993+ currently used to insert malicious code into the running kernel.
39994+ Even with all these features enabled, we still highly recommend that
39995+ you use the RBAC system, as it is still possible for an attacker to
39996+ modify the running kernel through privileged I/O granted by ioperm/iopl.
39997+ If you are not using XFree86, you may be able to stop this additional
39998+ case by enabling the 'Disable privileged I/O' option. Though nothing
39999+ legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem,
40000+ but only to video memory, which is the only writing we allow in this
40001+ case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will
40002+ not be allowed to mprotect it with PROT_WRITE later.
40003+ It is highly recommended that you say Y here if you meet all the
40004+ conditions above.
40005+
40006+config GRKERNSEC_VM86
40007+ bool "Restrict VM86 mode"
40008+ depends on X86_32
40009+
40010+ help
40011+ If you say Y here, only processes with CAP_SYS_RAWIO will be able to
40012+ make use of a special execution mode on 32bit x86 processors called
40013+ Virtual 8086 (VM86) mode. XFree86 may need vm86 mode for certain
40014+ video cards and will still work with this option enabled. The purpose
40015+ of the option is to prevent exploitation of emulation errors in
40016+ virtualization of vm86 mode like the one discovered in VMWare in 2009.
40017+ Nearly all users should be able to enable this option.
40018+
40019+config GRKERNSEC_IO
40020+ bool "Disable privileged I/O"
40021+ depends on X86
40022+ select RTC_CLASS
40023+ select RTC_INTF_DEV
40024+ select RTC_DRV_CMOS
40025+
40026+ help
40027+ If you say Y here, all ioperm and iopl calls will return an error.
40028+ Ioperm and iopl can be used to modify the running kernel.
40029+ Unfortunately, some programs need this access to operate properly,
40030+ the most notable of which are XFree86 and hwclock. hwclock can be
40031+ remedied by having RTC support in the kernel, so real-time
40032+ clock support is enabled if this option is enabled, to ensure
40033+ that hwclock operates correctly. XFree86 still will not
40034+ operate correctly with this option enabled, so DO NOT CHOOSE Y
40035+ IF YOU USE XFree86. If you use XFree86 and you still want to
40036+ protect your kernel against modification, use the RBAC system.
40037+
40038+config GRKERNSEC_PROC_MEMMAP
40039+ bool "Remove addresses from /proc/<pid>/[smaps|maps|stat]"
40040+ default y if (PAX_NOEXEC || PAX_ASLR)
40041+ depends on PAX_NOEXEC || PAX_ASLR
40042+ help
40043+ If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will
40044+ give no information about the addresses of its mappings if
40045+ PaX features that rely on random addresses are enabled on the task.
40046+ If you use PaX it is greatly recommended that you say Y here as it
40047+ closes up a hole that makes the full ASLR useless for suid
40048+ binaries.
40049+
40050+config GRKERNSEC_BRUTE
40051+ bool "Deter exploit bruteforcing"
40052+ help
40053+ If you say Y here, attempts to bruteforce exploits against forking
40054+ daemons such as apache or sshd will be deterred. When a child of a
40055+ forking daemon is killed by PaX or crashes due to an illegal
40056+ instruction, the parent process will be delayed 30 seconds upon every
40057+ subsequent fork until the administrator is able to assess the
40058+ situation and restart the daemon. It is recommended that you also
40059+ enable signal logging in the auditing section so that logs are
40060+ generated when a process performs an illegal instruction.
40061+
40062+config GRKERNSEC_MODHARDEN
40063+ bool "Harden module auto-loading"
40064+ depends on MODULES
40065+ help
40066+ If you say Y here, module auto-loading in response to use of some
40067+ feature implemented by an unloaded module will be restricted to
40068+ root users. Enabling this option helps defend against attacks
40069+ by unprivileged users who abuse the auto-loading behavior to
40070+ cause a vulnerable module to load that is then exploited.
40071+
40072+ If this option prevents a legitimate use of auto-loading for a
40073+ non-root user, the administrator can execute modprobe manually
40074+ with the exact name of the module mentioned in the alert log.
40075+ Alternatively, the administrator can add the module to the list
40076+ of modules loaded at boot by modifying init scripts.
40077+
40078+ Modification of init scripts will most likely be needed on
40079+ Ubuntu servers with encrypted home directory support enabled,
40080+ as the first non-root user logging in will cause the ecb(aes),
40081+ ecb(aes)-all, cbc(aes), and cbc(aes)-all modules to be loaded.
40082+
40083+config GRKERNSEC_HIDESYM
40084+ bool "Hide kernel symbols"
40085+ help
40086+ If you say Y here, getting information on loaded modules, and
40087+ displaying all kernel symbols through a syscall will be restricted
40088+ to users with CAP_SYS_MODULE. For software compatibility reasons,
40089+ /proc/kallsyms will be restricted to the root user. The RBAC
40090+ system can hide that entry even from root. Note that this option
40091+ is only effective provided the following conditions are met:
40092+ 1) The kernel using grsecurity is not precompiled by some distribution
40093+ 2) You are using the RBAC system and hiding other files such as your
40094+ kernel image and System.map. Alternatively, enabling this option
40095+ causes the permissions on /boot, /lib/modules, and the kernel
40096+ source directory to change at compile time to prevent
40097+ reading by non-root users.
40098+ If the above conditions are met, this option will aid in providing a
40099+ useful protection against local kernel exploitation of overflows
40100+ and arbitrary read/write vulnerabilities.
40101+
40102+endmenu
40103+menu "Role Based Access Control Options"
40104+depends on GRKERNSEC
40105+
40106+config GRKERNSEC_NO_RBAC
40107+ bool "Disable RBAC system"
40108+ help
40109+ If you say Y here, the /dev/grsec device will be removed from the kernel,
40110+ preventing the RBAC system from being enabled. You should only say Y
40111+ here if you have no intention of using the RBAC system, so as to prevent
40112+ an attacker with root access from misusing the RBAC system to hide files
40113+ and processes when loadable module support and /dev/[k]mem have been
40114+ locked down.
40115+
40116+config GRKERNSEC_ACL_HIDEKERN
40117+ bool "Hide kernel processes"
40118+ help
40119+ If you say Y here, all kernel threads will be hidden to all
40120+ processes but those whose subject has the "view hidden processes"
40121+ flag.
40122+
40123+config GRKERNSEC_ACL_MAXTRIES
40124+ int "Maximum tries before password lockout"
40125+ default 3
40126+ help
40127+ This option enforces the maximum number of times a user can attempt
40128+ to authorize themselves with the grsecurity RBAC system before being
40129+ denied the ability to attempt authorization again for a specified time.
40130+ The lower the number, the harder it will be to brute-force a password.
40131+
40132+config GRKERNSEC_ACL_TIMEOUT
40133+ int "Time to wait after max password tries, in seconds"
40134+ default 30
40135+ help
40136+ This option specifies the time the user must wait after attempting to
40137+ authorize to the RBAC system with the maximum number of invalid
40138+ passwords. The higher the number, the harder it will be to brute-force
40139+ a password.
40140+
40141+endmenu
40142+menu "Filesystem Protections"
40143+depends on GRKERNSEC
40144+
40145+config GRKERNSEC_PROC
40146+ bool "Proc restrictions"
40147+ help
40148+ If you say Y here, the permissions of the /proc filesystem
40149+ will be altered to enhance system security and privacy. You MUST
40150+ choose either a user only restriction or a user and group restriction.
40151+ Depending upon the option you choose, you can either restrict users to
40152+ see only the processes they themselves run, or choose a group that can
40153+ view all processes and files normally restricted to root if you choose
40154+ the "restrict to user only" option. NOTE: If you're running identd as
40155+ a non-root user, you will have to run it as the group you specify here.
40156+
40157+config GRKERNSEC_PROC_USER
40158+ bool "Restrict /proc to user only"
40159+ depends on GRKERNSEC_PROC
40160+ help
40161+ If you say Y here, non-root users will only be able to view their own
40162+ processes, and restricts them from viewing network-related information,
40163+ and viewing kernel symbol and module information.
40164+
40165+config GRKERNSEC_PROC_USERGROUP
40166+ bool "Allow special group"
40167+ depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
40168+ help
40169+ If you say Y here, you will be able to select a group that will be
40170+ able to view all processes, network-related information, and
40171+ kernel and symbol information. This option is useful if you want
40172+ to run identd as a non-root user.
40173+
40174+config GRKERNSEC_PROC_GID
40175+ int "GID for special group"
40176+ depends on GRKERNSEC_PROC_USERGROUP
40177+ default 1001
40178+
40179+config GRKERNSEC_PROC_ADD
40180+ bool "Additional restrictions"
40181+ depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP
40182+ help
40183+ If you say Y here, additional restrictions will be placed on
40184+ /proc that keep normal users from viewing device information and
40185+ slabinfo information that could be useful for exploits.
40186+
40187+config GRKERNSEC_LINK
40188+ bool "Linking restrictions"
40189+ help
40190+ If you say Y here, /tmp race exploits will be prevented, since users
40191+ will no longer be able to follow symlinks owned by other users in
40192+ world-writable +t directories (i.e. /tmp), unless the owner of the
40193+ symlink is the owner of the directory. users will also not be
40194+ able to hardlink to files they do not own. If the sysctl option is
40195+ enabled, a sysctl option with name "linking_restrictions" is created.
40196+
40197+config GRKERNSEC_FIFO
40198+ bool "FIFO restrictions"
40199+ help
40200+ If you say Y here, users will not be able to write to FIFOs they don't
40201+ own in world-writable +t directories (i.e. /tmp), unless the owner of
40202+ the FIFO is the same owner of the directory it's held in. If the sysctl
40203+ option is enabled, a sysctl option with name "fifo_restrictions" is
40204+ created.
40205+
40206+config GRKERNSEC_ROFS
40207+ bool "Runtime read-only mount protection"
40208+ help
40209+ If you say Y here, a sysctl option with name "romount_protect" will
40210+ be created. By setting this option to 1 at runtime, filesystems
40211+ will be protected in the following ways:
40212+ * No new writable mounts will be allowed
40213+ * Existing read-only mounts won't be able to be remounted read/write
40214+ * Write operations will be denied on all block devices
40215+ This option acts independently of grsec_lock: once it is set to 1,
40216+ it cannot be turned off. Therefore, please be mindful of the resulting
40217+ behavior if this option is enabled in an init script on a read-only
40218+ filesystem. This feature is mainly intended for secure embedded systems.
40219+
40220+config GRKERNSEC_CHROOT
40221+ bool "Chroot jail restrictions"
40222+ help
40223+ If you say Y here, you will be able to choose several options that will
40224+ make breaking out of a chrooted jail much more difficult. If you
40225+ encounter no software incompatibilities with the following options, it
40226+ is recommended that you enable each one.
40227+
40228+config GRKERNSEC_CHROOT_MOUNT
40229+ bool "Deny mounts"
40230+ depends on GRKERNSEC_CHROOT
40231+ help
40232+ If you say Y here, processes inside a chroot will not be able to
40233+ mount or remount filesystems. If the sysctl option is enabled, a
40234+ sysctl option with name "chroot_deny_mount" is created.
40235+
40236+config GRKERNSEC_CHROOT_DOUBLE
40237+ bool "Deny double-chroots"
40238+ depends on GRKERNSEC_CHROOT
40239+ help
40240+ If you say Y here, processes inside a chroot will not be able to chroot
40241+ again outside the chroot. This is a widely used method of breaking
40242+ out of a chroot jail and should not be allowed. If the sysctl
40243+ option is enabled, a sysctl option with name
40244+ "chroot_deny_chroot" is created.
40245+
40246+config GRKERNSEC_CHROOT_PIVOT
40247+ bool "Deny pivot_root in chroot"
40248+ depends on GRKERNSEC_CHROOT
40249+ help
40250+ If you say Y here, processes inside a chroot will not be able to use
40251+ a function called pivot_root() that was introduced in Linux 2.3.41. It
40252+ works similar to chroot in that it changes the root filesystem. This
40253+ function could be misused in a chrooted process to attempt to break out
40254+ of the chroot, and therefore should not be allowed. If the sysctl
40255+ option is enabled, a sysctl option with name "chroot_deny_pivot" is
40256+ created.
40257+
40258+config GRKERNSEC_CHROOT_CHDIR
40259+ bool "Enforce chdir(\"/\") on all chroots"
40260+ depends on GRKERNSEC_CHROOT
40261+ help
40262+ If you say Y here, the current working directory of all newly-chrooted
40263+ applications will be set to the the root directory of the chroot.
40264+ The man page on chroot(2) states:
40265+ Note that this call does not change the current working
40266+ directory, so that `.' can be outside the tree rooted at
40267+ `/'. In particular, the super-user can escape from a
40268+ `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
40269+
40270+ It is recommended that you say Y here, since it's not known to break
40271+ any software. If the sysctl option is enabled, a sysctl option with
40272+ name "chroot_enforce_chdir" is created.
40273+
40274+config GRKERNSEC_CHROOT_CHMOD
40275+ bool "Deny (f)chmod +s"
40276+ depends on GRKERNSEC_CHROOT
40277+ help
40278+ If you say Y here, processes inside a chroot will not be able to chmod
40279+ or fchmod files to make them have suid or sgid bits. This protects
40280+ against another published method of breaking a chroot. If the sysctl
40281+ option is enabled, a sysctl option with name "chroot_deny_chmod" is
40282+ created.
40283+
40284+config GRKERNSEC_CHROOT_FCHDIR
40285+ bool "Deny fchdir out of chroot"
40286+ depends on GRKERNSEC_CHROOT
40287+ help
40288+ If you say Y here, a well-known method of breaking chroots by fchdir'ing
40289+ to a file descriptor of the chrooting process that points to a directory
40290+ outside the filesystem will be stopped. If the sysctl option
40291+ is enabled, a sysctl option with name "chroot_deny_fchdir" is created.
40292+
40293+config GRKERNSEC_CHROOT_MKNOD
40294+ bool "Deny mknod"
40295+ depends on GRKERNSEC_CHROOT
40296+ help
40297+ If you say Y here, processes inside a chroot will not be allowed to
40298+ mknod. The problem with using mknod inside a chroot is that it
40299+ would allow an attacker to create a device entry that is the same
40300+ as one on the physical root of your system, which could range from
40301+ anything from the console device to a device for your harddrive (which
40302+ they could then use to wipe the drive or steal data). It is recommended
40303+ that you say Y here, unless you run into software incompatibilities.
40304+ If the sysctl option is enabled, a sysctl option with name
40305+ "chroot_deny_mknod" is created.
40306+
40307+config GRKERNSEC_CHROOT_SHMAT
40308+ bool "Deny shmat() out of chroot"
40309+ depends on GRKERNSEC_CHROOT
40310+ help
40311+ If you say Y here, processes inside a chroot will not be able to attach
40312+ to shared memory segments that were created outside of the chroot jail.
40313+ It is recommended that you say Y here. If the sysctl option is enabled,
40314+ a sysctl option with name "chroot_deny_shmat" is created.
40315+
40316+config GRKERNSEC_CHROOT_UNIX
40317+ bool "Deny access to abstract AF_UNIX sockets out of chroot"
40318+ depends on GRKERNSEC_CHROOT
40319+ help
40320+ If you say Y here, processes inside a chroot will not be able to
40321+ connect to abstract (meaning not belonging to a filesystem) Unix
40322+ domain sockets that were bound outside of a chroot. It is recommended
40323+ that you say Y here. If the sysctl option is enabled, a sysctl option
40324+ with name "chroot_deny_unix" is created.
40325+
40326+config GRKERNSEC_CHROOT_FINDTASK
40327+ bool "Protect outside processes"
40328+ depends on GRKERNSEC_CHROOT
40329+ help
40330+ If you say Y here, processes inside a chroot will not be able to
40331+ kill, send signals with fcntl, ptrace, capget, getpgid, setpgid,
40332+ getsid, or view any process outside of the chroot. If the sysctl
40333+ option is enabled, a sysctl option with name "chroot_findtask" is
40334+ created.
40335+
40336+config GRKERNSEC_CHROOT_NICE
40337+ bool "Restrict priority changes"
40338+ depends on GRKERNSEC_CHROOT
40339+ help
40340+ If you say Y here, processes inside a chroot will not be able to raise
40341+ the priority of processes in the chroot, or alter the priority of
40342+ processes outside the chroot. This provides more security than simply
40343+ removing CAP_SYS_NICE from the process' capability set. If the
40344+ sysctl option is enabled, a sysctl option with name "chroot_restrict_nice"
40345+ is created.
40346+
40347+config GRKERNSEC_CHROOT_SYSCTL
40348+ bool "Deny sysctl writes"
40349+ depends on GRKERNSEC_CHROOT
40350+ help
40351+ If you say Y here, an attacker in a chroot will not be able to
40352+ write to sysctl entries, either by sysctl(2) or through a /proc
40353+ interface. It is strongly recommended that you say Y here. If the
40354+ sysctl option is enabled, a sysctl option with name
40355+ "chroot_deny_sysctl" is created.
40356+
40357+config GRKERNSEC_CHROOT_CAPS
40358+ bool "Capability restrictions"
40359+ depends on GRKERNSEC_CHROOT
40360+ help
40361+ If you say Y here, the capabilities on all root processes within a
40362+ chroot jail will be lowered to stop module insertion, raw i/o,
40363+ system and net admin tasks, rebooting the system, modifying immutable
40364+ files, modifying IPC owned by another, and changing the system time.
40365+ This is left an option because it can break some apps. Disable this
40366+ if your chrooted apps are having problems performing those kinds of
40367+ tasks. If the sysctl option is enabled, a sysctl option with
40368+ name "chroot_caps" is created.
40369+
40370+endmenu
40371+menu "Kernel Auditing"
40372+depends on GRKERNSEC
40373+
40374+config GRKERNSEC_AUDIT_GROUP
40375+ bool "Single group for auditing"
40376+ help
40377+ If you say Y here, the exec, chdir, and (un)mount logging features
40378+ will only operate on a group you specify. This option is recommended
40379+ if you only want to watch certain users instead of having a large
40380+ amount of logs from the entire system. If the sysctl option is enabled,
40381+ a sysctl option with name "audit_group" is created.
40382+
40383+config GRKERNSEC_AUDIT_GID
40384+ int "GID for auditing"
40385+ depends on GRKERNSEC_AUDIT_GROUP
40386+ default 1007
40387+
40388+config GRKERNSEC_EXECLOG
40389+ bool "Exec logging"
40390+ help
40391+ If you say Y here, all execve() calls will be logged (since the
40392+ other exec*() calls are frontends to execve(), all execution
40393+ will be logged). Useful for shell-servers that like to keep track
40394+ of their users. If the sysctl option is enabled, a sysctl option with
40395+ name "exec_logging" is created.
40396+ WARNING: This option when enabled will produce a LOT of logs, especially
40397+ on an active system.
40398+
40399+config GRKERNSEC_RESLOG
40400+ bool "Resource logging"
40401+ help
40402+ If you say Y here, all attempts to overstep resource limits will
40403+ be logged with the resource name, the requested size, and the current
40404+ limit. It is highly recommended that you say Y here. If the sysctl
40405+ option is enabled, a sysctl option with name "resource_logging" is
40406+ created. If the RBAC system is enabled, the sysctl value is ignored.
40407+
40408+config GRKERNSEC_CHROOT_EXECLOG
40409+ bool "Log execs within chroot"
40410+ help
40411+ If you say Y here, all executions inside a chroot jail will be logged
40412+ to syslog. This can cause a large amount of logs if certain
40413+ applications (eg. djb's daemontools) are installed on the system, and
40414+ is therefore left as an option. If the sysctl option is enabled, a
40415+ sysctl option with name "chroot_execlog" is created.
40416+
40417+config GRKERNSEC_AUDIT_CHDIR
40418+ bool "Chdir logging"
40419+ help
40420+ If you say Y here, all chdir() calls will be logged. If the sysctl
40421+ option is enabled, a sysctl option with name "audit_chdir" is created.
40422+
40423+config GRKERNSEC_AUDIT_MOUNT
40424+ bool "(Un)Mount logging"
40425+ help
40426+ If you say Y here, all mounts and unmounts will be logged. If the
40427+ sysctl option is enabled, a sysctl option with name "audit_mount" is
40428+ created.
40429+
40430+config GRKERNSEC_SIGNAL
40431+ bool "Signal logging"
40432+ help
40433+ If you say Y here, certain important signals will be logged, such as
40434+ SIGSEGV, which will as a result inform you of when a error in a program
40435+ occurred, which in some cases could mean a possible exploit attempt.
40436+ If the sysctl option is enabled, a sysctl option with name
40437+ "signal_logging" is created.
40438+
40439+config GRKERNSEC_FORKFAIL
40440+ bool "Fork failure logging"
40441+ help
40442+ If you say Y here, all failed fork() attempts will be logged.
40443+ This could suggest a fork bomb, or someone attempting to overstep
40444+ their process limit. If the sysctl option is enabled, a sysctl option
40445+ with name "forkfail_logging" is created.
40446+
40447+config GRKERNSEC_TIME
40448+ bool "Time change logging"
40449+ help
40450+ If you say Y here, any changes of the system clock will be logged.
40451+ If the sysctl option is enabled, a sysctl option with name
40452+ "timechange_logging" is created.
40453+
40454+config GRKERNSEC_PROC_IPADDR
40455+ bool "/proc/<pid>/ipaddr support"
40456+ help
40457+ If you say Y here, a new entry will be added to each /proc/<pid>
40458+ directory that contains the IP address of the person using the task.
40459+ The IP is carried across local TCP and AF_UNIX stream sockets.
40460+ This information can be useful for IDS/IPSes to perform remote response
40461+ to a local attack. The entry is readable by only the owner of the
40462+ process (and root if he has CAP_DAC_OVERRIDE, which can be removed via
40463+ the RBAC system), and thus does not create privacy concerns.
40464+
40465+config GRKERNSEC_AUDIT_TEXTREL
40466+ bool 'ELF text relocations logging (READ HELP)'
40467+ depends on PAX_MPROTECT
40468+ help
40469+ If you say Y here, text relocations will be logged with the filename
40470+ of the offending library or binary. The purpose of the feature is
40471+ to help Linux distribution developers get rid of libraries and
40472+ binaries that need text relocations which hinder the future progress
40473+ of PaX. Only Linux distribution developers should say Y here, and
40474+ never on a production machine, as this option creates an information
40475+ leak that could aid an attacker in defeating the randomization of
40476+ a single memory region. If the sysctl option is enabled, a sysctl
40477+ option with name "audit_textrel" is created.
40478+
40479+endmenu
40480+
40481+menu "Executable Protections"
40482+depends on GRKERNSEC
40483+
40484+config GRKERNSEC_EXECVE
40485+ bool "Enforce RLIMIT_NPROC on execs"
40486+ help
40487+ If you say Y here, users with a resource limit on processes will
40488+ have the value checked during execve() calls. The current system
40489+ only checks the system limit during fork() calls. If the sysctl option
40490+ is enabled, a sysctl option with name "execve_limiting" is created.
40491+
40492+config GRKERNSEC_DMESG
40493+ bool "Dmesg(8) restriction"
40494+ help
40495+ If you say Y here, non-root users will not be able to use dmesg(8)
40496+ to view up to the last 4kb of messages in the kernel's log buffer.
40497+ If the sysctl option is enabled, a sysctl option with name "dmesg" is
40498+ created.
40499+
40500+config GRKERNSEC_HARDEN_PTRACE
40501+ bool "Deter ptrace-based process snooping"
40502+ help
40503+ If you say Y here, TTY sniffers and other malicious monitoring
40504+ programs implemented through ptrace will be defeated. If you
40505+ have been using the RBAC system, this option has already been
40506+ enabled for several years for all users, with the ability to make
40507+ fine-grained exceptions.
40508+
40509+ This option only affects the ability of non-root users to ptrace
40510+ processes that are not a descendent of the ptracing process.
40511+ This means that strace ./binary and gdb ./binary will still work,
40512+ but attaching to arbitrary processes will not. If the sysctl
40513+ option is enabled, a sysctl option with name "harden_ptrace" is
40514+ created.
40515+
40516+config GRKERNSEC_TPE
40517+ bool "Trusted Path Execution (TPE)"
40518+ help
40519+ If you say Y here, you will be able to choose a gid to add to the
40520+ supplementary groups of users you want to mark as "untrusted."
40521+ These users will not be able to execute any files that are not in
40522+ root-owned directories writable only by root. If the sysctl option
40523+ is enabled, a sysctl option with name "tpe" is created.
40524+
40525+config GRKERNSEC_TPE_ALL
40526+ bool "Partially restrict non-root users"
40527+ depends on GRKERNSEC_TPE
40528+ help
40529+ If you say Y here, All non-root users other than the ones in the
40530+ group specified in the main TPE option will only be allowed to
40531+ execute files in directories they own that are not group or
40532+ world-writable, or in directories owned by root and writable only by
40533+ root. If the sysctl option is enabled, a sysctl option with name
40534+ "tpe_restrict_all" is created.
40535+
40536+config GRKERNSEC_TPE_INVERT
40537+ bool "Invert GID option"
40538+ depends on GRKERNSEC_TPE
40539+ help
40540+ If you say Y here, the group you specify in the TPE configuration will
40541+ decide what group TPE restrictions will be *disabled* for. This
40542+ option is useful if you want TPE restrictions to be applied to most
40543+ users on the system.
40544+
40545+config GRKERNSEC_TPE_GID
40546+ int "GID for untrusted users"
40547+ depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
40548+ default 1005
40549+ help
40550+ If you have selected the "Invert GID option" above, setting this
40551+ GID determines what group TPE restrictions will be *disabled* for.
40552+ If you have not selected the "Invert GID option" above, setting this
40553+ GID determines what group TPE restrictions will be *enabled* for.
40554+ If the sysctl option is enabled, a sysctl option with name "tpe_gid"
40555+ is created.
40556+
40557+config GRKERNSEC_TPE_GID
40558+ int "GID for trusted users"
40559+ depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
40560+ default 1005
40561+ help
40562+ If you have selected the "Invert GID option" above, setting this
40563+ GID determines what group TPE restrictions will be *disabled* for.
40564+ If you have not selected the "Invert GID option" above, setting this
40565+ GID determines what group TPE restrictions will be *enabled* for.
40566+ If the sysctl option is enabled, a sysctl option with name "tpe_gid"
40567+ is created.
40568+
40569+endmenu
40570+menu "Network Protections"
40571+depends on GRKERNSEC
40572+
40573+config GRKERNSEC_RANDNET
40574+ bool "Larger entropy pools"
40575+ help
40576+ If you say Y here, the entropy pools used for many features of Linux
40577+ and grsecurity will be doubled in size. Since several grsecurity
40578+ features use additional randomness, it is recommended that you say Y
40579+ here. Saying Y here has a similar effect as modifying
40580+ /proc/sys/kernel/random/poolsize.
40581+
40582+config GRKERNSEC_BLACKHOLE
40583+ bool "TCP/UDP blackhole"
40584+ help
40585+ If you say Y here, neither TCP resets nor ICMP
40586+ destination-unreachable packets will be sent in response to packets
40587+ send to ports for which no associated listening process exists.
40588+ This feature supports both IPV4 and IPV6 and exempts the
40589+ loopback interface from blackholing. Enabling this feature
40590+ makes a host more resilient to DoS attacks and reduces network
40591+ visibility against scanners.
40592+
40593+config GRKERNSEC_SOCKET
40594+ bool "Socket restrictions"
40595+ help
40596+ If you say Y here, you will be able to choose from several options.
40597+ If you assign a GID on your system and add it to the supplementary
40598+ groups of users you want to restrict socket access to, this patch
40599+ will perform up to three things, based on the option(s) you choose.
40600+
40601+config GRKERNSEC_SOCKET_ALL
40602+ bool "Deny any sockets to group"
40603+ depends on GRKERNSEC_SOCKET
40604+ help
40605+ If you say Y here, you will be able to choose a GID of whose users will
40606+ be unable to connect to other hosts from your machine or run server
40607+ applications from your machine. If the sysctl option is enabled, a
40608+ sysctl option with name "socket_all" is created.
40609+
40610+config GRKERNSEC_SOCKET_ALL_GID
40611+ int "GID to deny all sockets for"
40612+ depends on GRKERNSEC_SOCKET_ALL
40613+ default 1004
40614+ help
40615+ Here you can choose the GID to disable socket access for. Remember to
40616+ add the users you want socket access disabled for to the GID
40617+ specified here. If the sysctl option is enabled, a sysctl option
40618+ with name "socket_all_gid" is created.
40619+
40620+config GRKERNSEC_SOCKET_CLIENT
40621+ bool "Deny client sockets to group"
40622+ depends on GRKERNSEC_SOCKET
40623+ help
40624+ If you say Y here, you will be able to choose a GID of whose users will
40625+ be unable to connect to other hosts from your machine, but will be
40626+ able to run servers. If this option is enabled, all users in the group
40627+ you specify will have to use passive mode when initiating ftp transfers
40628+ from the shell on your machine. If the sysctl option is enabled, a
40629+ sysctl option with name "socket_client" is created.
40630+
40631+config GRKERNSEC_SOCKET_CLIENT_GID
40632+ int "GID to deny client sockets for"
40633+ depends on GRKERNSEC_SOCKET_CLIENT
40634+ default 1003
40635+ help
40636+ Here you can choose the GID to disable client socket access for.
40637+ Remember to add the users you want client socket access disabled for to
40638+ the GID specified here. If the sysctl option is enabled, a sysctl
40639+ option with name "socket_client_gid" is created.
40640+
40641+config GRKERNSEC_SOCKET_SERVER
40642+ bool "Deny server sockets to group"
40643+ depends on GRKERNSEC_SOCKET
40644+ help
40645+ If you say Y here, you will be able to choose a GID of whose users will
40646+ be unable to run server applications from your machine. If the sysctl
40647+ option is enabled, a sysctl option with name "socket_server" is created.
40648+
40649+config GRKERNSEC_SOCKET_SERVER_GID
40650+ int "GID to deny server sockets for"
40651+ depends on GRKERNSEC_SOCKET_SERVER
40652+ default 1002
40653+ help
40654+ Here you can choose the GID to disable server socket access for.
40655+ Remember to add the users you want server socket access disabled for to
40656+ the GID specified here. If the sysctl option is enabled, a sysctl
40657+ option with name "socket_server_gid" is created.
40658+
40659+endmenu
40660+menu "Sysctl support"
40661+depends on GRKERNSEC && SYSCTL
40662+
40663+config GRKERNSEC_SYSCTL
40664+ bool "Sysctl support"
40665+ help
40666+ If you say Y here, you will be able to change the options that
40667+ grsecurity runs with at bootup, without having to recompile your
40668+ kernel. You can echo values to files in /proc/sys/kernel/grsecurity
40669+ to enable (1) or disable (0) various features. All the sysctl entries
40670+ are mutable until the "grsec_lock" entry is set to a non-zero value.
40671+ All features enabled in the kernel configuration are disabled at boot
40672+ if you do not say Y to the "Turn on features by default" option.
40673+ All options should be set at startup, and the grsec_lock entry should
40674+ be set to a non-zero value after all the options are set.
40675+ *THIS IS EXTREMELY IMPORTANT*
40676+
40677+config GRKERNSEC_SYSCTL_ON
40678+ bool "Turn on features by default"
40679+ depends on GRKERNSEC_SYSCTL
40680+ help
40681+ If you say Y here, instead of having all features enabled in the
40682+ kernel configuration disabled at boot time, the features will be
40683+ enabled at boot time. It is recommended you say Y here unless
40684+ there is some reason you would want all sysctl-tunable features to
40685+ be disabled by default. As mentioned elsewhere, it is important
40686+ to enable the grsec_lock entry once you have finished modifying
40687+ the sysctl entries.
40688+
40689+endmenu
40690+menu "Logging Options"
40691+depends on GRKERNSEC
40692+
40693+config GRKERNSEC_FLOODTIME
40694+ int "Seconds in between log messages (minimum)"
40695+ default 10
40696+ help
40697+ This option allows you to enforce the number of seconds between
40698+ grsecurity log messages. The default should be suitable for most
40699+ people, however, if you choose to change it, choose a value small enough
40700+ to allow informative logs to be produced, but large enough to
40701+ prevent flooding.
40702+
40703+config GRKERNSEC_FLOODBURST
40704+ int "Number of messages in a burst (maximum)"
40705+ default 4
40706+ help
40707+ This option allows you to choose the maximum number of messages allowed
40708+ within the flood time interval you chose in a separate option. The
40709+ default should be suitable for most people, however if you find that
40710+ many of your logs are being interpreted as flooding, you may want to
40711+ raise this value.
40712+
40713+endmenu
40714+
40715+endmenu
40716diff -urNp linux-2.6.32.8/grsecurity/Makefile linux-2.6.32.8/grsecurity/Makefile
40717--- linux-2.6.32.8/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
40718+++ linux-2.6.32.8/grsecurity/Makefile 2010-02-13 21:45:10.743995742 -0500
40719@@ -0,0 +1,29 @@
40720+# grsecurity's ACL system was originally written in 2001 by Michael Dalton
40721+# during 2001-2009 it has been completely redesigned by Brad Spengler
40722+# into an RBAC system
40723+#
40724+# All code in this directory and various hooks inserted throughout the kernel
40725+# are copyright Brad Spengler - Open Source Security, Inc., and released
40726+# under the GPL v2 or higher
40727+
40728+obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \
40729+ grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \
40730+ grsec_time.o grsec_tpe.o grsec_link.o grsec_textrel.o
40731+
40732+obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \
40733+ gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
40734+ gracl_learn.o grsec_log.o
40735+obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
40736+
40737+ifndef CONFIG_GRKERNSEC
40738+obj-y += grsec_disabled.o
40739+endif
40740+
40741+ifdef CONFIG_GRKERNSEC_HIDESYM
40742+extra-y := grsec_hidesym.o
40743+$(obj)/grsec_hidesym.o:
40744+ @-chmod -f 500 /boot
40745+ @-chmod -f 500 /lib/modules
40746+ @-chmod -f 700 .
40747+ @echo ' grsec: protected kernel image paths'
40748+endif
40749diff -urNp linux-2.6.32.8/include/acpi/acpi_drivers.h linux-2.6.32.8/include/acpi/acpi_drivers.h
40750--- linux-2.6.32.8/include/acpi/acpi_drivers.h 2010-02-09 07:57:19.000000000 -0500
40751+++ linux-2.6.32.8/include/acpi/acpi_drivers.h 2010-02-13 21:45:10.743995742 -0500
40752@@ -119,8 +119,8 @@ int acpi_processor_set_thermal_limit(acp
40753 Dock Station
40754 -------------------------------------------------------------------------- */
40755 struct acpi_dock_ops {
40756- acpi_notify_handler handler;
40757- acpi_notify_handler uevent;
40758+ const acpi_notify_handler handler;
40759+ const acpi_notify_handler uevent;
40760 };
40761
40762 #if defined(CONFIG_ACPI_DOCK) || defined(CONFIG_ACPI_DOCK_MODULE)
40763@@ -128,7 +128,7 @@ extern int is_dock_device(acpi_handle ha
40764 extern int register_dock_notifier(struct notifier_block *nb);
40765 extern void unregister_dock_notifier(struct notifier_block *nb);
40766 extern int register_hotplug_dock_device(acpi_handle handle,
40767- struct acpi_dock_ops *ops,
40768+ const struct acpi_dock_ops *ops,
40769 void *context);
40770 extern void unregister_hotplug_dock_device(acpi_handle handle);
40771 #else
40772@@ -144,7 +144,7 @@ static inline void unregister_dock_notif
40773 {
40774 }
40775 static inline int register_hotplug_dock_device(acpi_handle handle,
40776- struct acpi_dock_ops *ops,
40777+ const struct acpi_dock_ops *ops,
40778 void *context)
40779 {
40780 return -ENODEV;
40781diff -urNp linux-2.6.32.8/include/asm-generic/atomic-long.h linux-2.6.32.8/include/asm-generic/atomic-long.h
40782--- linux-2.6.32.8/include/asm-generic/atomic-long.h 2010-02-09 07:57:19.000000000 -0500
40783+++ linux-2.6.32.8/include/asm-generic/atomic-long.h 2010-02-13 21:45:10.743995742 -0500
40784@@ -22,6 +22,12 @@
40785
40786 typedef atomic64_t atomic_long_t;
40787
40788+#ifdef CONFIG_PAX_REFCOUNT
40789+typedef atomic64_unchecked_t atomic_long_unchecked_t;
40790+#else
40791+typedef atomic64_t atomic_long_unchecked_t;
40792+#endif
40793+
40794 #define ATOMIC_LONG_INIT(i) ATOMIC64_INIT(i)
40795
40796 static inline long atomic_long_read(atomic_long_t *l)
40797@@ -31,6 +37,15 @@ static inline long atomic_long_read(atom
40798 return (long)atomic64_read(v);
40799 }
40800
40801+#ifdef CONFIG_PAX_REFCOUNT
40802+static inline long atomic_long_read_unchecked(atomic_long_unchecked_t *l)
40803+{
40804+ atomic64_unchecked_t *v = (atomic64_unchecked_t *)l;
40805+
40806+ return (long)atomic64_read_unchecked(v);
40807+}
40808+#endif
40809+
40810 static inline void atomic_long_set(atomic_long_t *l, long i)
40811 {
40812 atomic64_t *v = (atomic64_t *)l;
40813@@ -38,6 +53,15 @@ static inline void atomic_long_set(atomi
40814 atomic64_set(v, i);
40815 }
40816
40817+#ifdef CONFIG_PAX_REFCOUNT
40818+static inline void atomic_long_set_unchecked(atomic_long_unchecked_t *l, long i)
40819+{
40820+ atomic64_unchecked_t *v = (atomic64_unchecked_t *)l;
40821+
40822+ atomic64_set_unchecked(v, i);
40823+}
40824+#endif
40825+
40826 static inline void atomic_long_inc(atomic_long_t *l)
40827 {
40828 atomic64_t *v = (atomic64_t *)l;
40829@@ -45,6 +69,15 @@ static inline void atomic_long_inc(atomi
40830 atomic64_inc(v);
40831 }
40832
40833+#ifdef CONFIG_PAX_REFCOUNT
40834+static inline void atomic_long_inc_unchecked(atomic_long_unchecked_t *l)
40835+{
40836+ atomic64_unchecked_t *v = (atomic64_unchecked_t *)l;
40837+
40838+ atomic64_inc_unchecked(v);
40839+}
40840+#endif
40841+
40842 static inline void atomic_long_dec(atomic_long_t *l)
40843 {
40844 atomic64_t *v = (atomic64_t *)l;
40845@@ -59,6 +92,15 @@ static inline void atomic_long_add(long
40846 atomic64_add(i, v);
40847 }
40848
40849+#ifdef CONFIG_PAX_REFCOUNT
40850+static inline void atomic_long_add_unchecked(long i, atomic_long_unchecked_t *l)
40851+{
40852+ atomic64_unchecked_t *v = (atomic64_unchecked_t *)l;
40853+
40854+ atomic64_add_unchecked(i, v);
40855+}
40856+#endif
40857+
40858 static inline void atomic_long_sub(long i, atomic_long_t *l)
40859 {
40860 atomic64_t *v = (atomic64_t *)l;
40861@@ -115,6 +157,15 @@ static inline long atomic_long_inc_retur
40862 return (long)atomic64_inc_return(v);
40863 }
40864
40865+#ifdef CONFIG_PAX_REFCOUNT
40866+static inline long atomic_long_inc_return_unchecked(atomic_long_unchecked_t *l)
40867+{
40868+ atomic64_unchecked_t *v = (atomic64_unchecked_t *)l;
40869+
40870+ return (long)atomic64_inc_return_unchecked(v);
40871+}
40872+#endif
40873+
40874 static inline long atomic_long_dec_return(atomic_long_t *l)
40875 {
40876 atomic64_t *v = (atomic64_t *)l;
40877@@ -140,6 +191,12 @@ static inline long atomic_long_add_unles
40878
40879 typedef atomic_t atomic_long_t;
40880
40881+#ifdef CONFIG_PAX_REFCOUNT
40882+typedef atomic_unchecked_t atomic_long_unchecked_t;
40883+#else
40884+typedef atomic_t atomic_long_unchecked_t;
40885+#endif
40886+
40887 #define ATOMIC_LONG_INIT(i) ATOMIC_INIT(i)
40888 static inline long atomic_long_read(atomic_long_t *l)
40889 {
40890@@ -148,6 +205,15 @@ static inline long atomic_long_read(atom
40891 return (long)atomic_read(v);
40892 }
40893
40894+#ifdef CONFIG_PAX_REFCOUNT
40895+static inline long atomic_long_read_unchecked(atomic_long_unchecked_t *l)
40896+{
40897+ atomic_unchecked_t *v = (atomic_unchecked_t *)l;
40898+
40899+ return (long)atomic_read_unchecked(v);
40900+}
40901+#endif
40902+
40903 static inline void atomic_long_set(atomic_long_t *l, long i)
40904 {
40905 atomic_t *v = (atomic_t *)l;
40906@@ -155,6 +221,15 @@ static inline void atomic_long_set(atomi
40907 atomic_set(v, i);
40908 }
40909
40910+#ifdef CONFIG_PAX_REFCOUNT
40911+static inline void atomic_long_set_unchecked(atomic_long_unchecked_t *l, long i)
40912+{
40913+ atomic_unchecked_t *v = (atomic_unchecked_t *)l;
40914+
40915+ atomic_set_unchecked(v, i);
40916+}
40917+#endif
40918+
40919 static inline void atomic_long_inc(atomic_long_t *l)
40920 {
40921 atomic_t *v = (atomic_t *)l;
40922@@ -162,6 +237,15 @@ static inline void atomic_long_inc(atomi
40923 atomic_inc(v);
40924 }
40925
40926+#ifdef CONFIG_PAX_REFCOUNT
40927+static inline void atomic_long_inc_unchecked(atomic_long_unchecked_t *l)
40928+{
40929+ atomic_unchecked_t *v = (atomic_unchecked_t *)l;
40930+
40931+ atomic_inc_unchecked(v);
40932+}
40933+#endif
40934+
40935 static inline void atomic_long_dec(atomic_long_t *l)
40936 {
40937 atomic_t *v = (atomic_t *)l;
40938@@ -176,6 +260,15 @@ static inline void atomic_long_add(long
40939 atomic_add(i, v);
40940 }
40941
40942+#ifdef CONFIG_PAX_REFCOUNT
40943+static inline void atomic_long_add_unchecked(long i, atomic_long_unchecked_t *l)
40944+{
40945+ atomic_unchecked_t *v = (atomic_unchecked_t *)l;
40946+
40947+ atomic_add_unchecked(i, v);
40948+}
40949+#endif
40950+
40951 static inline void atomic_long_sub(long i, atomic_long_t *l)
40952 {
40953 atomic_t *v = (atomic_t *)l;
40954@@ -232,6 +325,15 @@ static inline long atomic_long_inc_retur
40955 return (long)atomic_inc_return(v);
40956 }
40957
40958+#ifdef CONFIG_PAX_REFCOUNT
40959+static inline long atomic_long_inc_return_unchecked(atomic_long_unchecked_t *l)
40960+{
40961+ atomic_unchecked_t *v = (atomic_unchecked_t *)l;
40962+
40963+ return (long)atomic_inc_return_unchecked(v);
40964+}
40965+#endif
40966+
40967 static inline long atomic_long_dec_return(atomic_long_t *l)
40968 {
40969 atomic_t *v = (atomic_t *)l;
40970@@ -255,4 +357,33 @@ static inline long atomic_long_add_unles
40971
40972 #endif /* BITS_PER_LONG == 64 */
40973
40974+#ifdef CONFIG_PAX_REFCOUNT
40975+static inline void pax_refcount_needs_these_functions(void)
40976+{
40977+ atomic_read_unchecked((atomic_unchecked_t *)NULL);
40978+ atomic_set_unchecked((atomic_unchecked_t *)NULL, 0);
40979+ atomic_add_unchecked(0, (atomic_unchecked_t *)NULL);
40980+ atomic_sub_unchecked(0, (atomic_unchecked_t *)NULL);
40981+ atomic_inc_unchecked((atomic_unchecked_t *)NULL);
40982+
40983+ atomic_long_read_unchecked((atomic_long_unchecked_t *)NULL);
40984+ atomic_long_set_unchecked((atomic_long_unchecked_t *)NULL, 0);
40985+ atomic_long_add_unchecked(0, (atomic_long_unchecked_t *)NULL);
40986+ atomic_long_inc_unchecked((atomic_long_unchecked_t *)NULL);
40987+ atomic_long_inc_return_unchecked((atomic_long_unchecked_t *)NULL);
40988+}
40989+#else
40990+#define atomic_read_unchecked(v) atomic_read(v)
40991+#define atomic_set_unchecked(v, i) atomic_set((v), (i))
40992+#define atomic_add_unchecked(i, v) atomic_add((i), (v))
40993+#define atomic_sub_unchecked(i, v) atomic_sub((i), (v))
40994+#define atomic_inc_unchecked(v) atomic_inc(v)
40995+
40996+#define atomic_long_read_unchecked(v) atomic_long_read(v)
40997+#define atomic_long_set_unchecked(v, i) atomic_long_set((v), (i))
40998+#define atomic_long_add_unchecked(i, v) atomic_long_add((i), (v))
40999+#define atomic_long_inc_unchecked(v) atomic_long_inc(v)
41000+#define atomic_long_inc_return_unchecked(v) atomic_long_inc_return(v)
41001+#endif
41002+
41003 #endif /* _ASM_GENERIC_ATOMIC_LONG_H */
41004diff -urNp linux-2.6.32.8/include/asm-generic/dma-mapping-common.h linux-2.6.32.8/include/asm-generic/dma-mapping-common.h
41005--- linux-2.6.32.8/include/asm-generic/dma-mapping-common.h 2010-02-09 07:57:19.000000000 -0500
41006+++ linux-2.6.32.8/include/asm-generic/dma-mapping-common.h 2010-02-13 21:45:10.744996520 -0500
41007@@ -11,7 +11,7 @@ static inline dma_addr_t dma_map_single_
41008 enum dma_data_direction dir,
41009 struct dma_attrs *attrs)
41010 {
41011- struct dma_map_ops *ops = get_dma_ops(dev);
41012+ const struct dma_map_ops *ops = get_dma_ops(dev);
41013 dma_addr_t addr;
41014
41015 kmemcheck_mark_initialized(ptr, size);
41016@@ -30,7 +30,7 @@ static inline void dma_unmap_single_attr
41017 enum dma_data_direction dir,
41018 struct dma_attrs *attrs)
41019 {
41020- struct dma_map_ops *ops = get_dma_ops(dev);
41021+ const struct dma_map_ops *ops = get_dma_ops(dev);
41022
41023 BUG_ON(!valid_dma_direction(dir));
41024 if (ops->unmap_page)
41025@@ -42,7 +42,7 @@ static inline int dma_map_sg_attrs(struc
41026 int nents, enum dma_data_direction dir,
41027 struct dma_attrs *attrs)
41028 {
41029- struct dma_map_ops *ops = get_dma_ops(dev);
41030+ const struct dma_map_ops *ops = get_dma_ops(dev);
41031 int i, ents;
41032 struct scatterlist *s;
41033
41034@@ -59,7 +59,7 @@ static inline void dma_unmap_sg_attrs(st
41035 int nents, enum dma_data_direction dir,
41036 struct dma_attrs *attrs)
41037 {
41038- struct dma_map_ops *ops = get_dma_ops(dev);
41039+ const struct dma_map_ops *ops = get_dma_ops(dev);
41040
41041 BUG_ON(!valid_dma_direction(dir));
41042 debug_dma_unmap_sg(dev, sg, nents, dir);
41043@@ -71,7 +71,7 @@ static inline dma_addr_t dma_map_page(st
41044 size_t offset, size_t size,
41045 enum dma_data_direction dir)
41046 {
41047- struct dma_map_ops *ops = get_dma_ops(dev);
41048+ const struct dma_map_ops *ops = get_dma_ops(dev);
41049 dma_addr_t addr;
41050
41051 kmemcheck_mark_initialized(page_address(page) + offset, size);
41052@@ -85,7 +85,7 @@ static inline dma_addr_t dma_map_page(st
41053 static inline void dma_unmap_page(struct device *dev, dma_addr_t addr,
41054 size_t size, enum dma_data_direction dir)
41055 {
41056- struct dma_map_ops *ops = get_dma_ops(dev);
41057+ const struct dma_map_ops *ops = get_dma_ops(dev);
41058
41059 BUG_ON(!valid_dma_direction(dir));
41060 if (ops->unmap_page)
41061@@ -97,7 +97,7 @@ static inline void dma_sync_single_for_c
41062 size_t size,
41063 enum dma_data_direction dir)
41064 {
41065- struct dma_map_ops *ops = get_dma_ops(dev);
41066+ const struct dma_map_ops *ops = get_dma_ops(dev);
41067
41068 BUG_ON(!valid_dma_direction(dir));
41069 if (ops->sync_single_for_cpu)
41070@@ -109,7 +109,7 @@ static inline void dma_sync_single_for_d
41071 dma_addr_t addr, size_t size,
41072 enum dma_data_direction dir)
41073 {
41074- struct dma_map_ops *ops = get_dma_ops(dev);
41075+ const struct dma_map_ops *ops = get_dma_ops(dev);
41076
41077 BUG_ON(!valid_dma_direction(dir));
41078 if (ops->sync_single_for_device)
41079@@ -123,7 +123,7 @@ static inline void dma_sync_single_range
41080 size_t size,
41081 enum dma_data_direction dir)
41082 {
41083- struct dma_map_ops *ops = get_dma_ops(dev);
41084+ const struct dma_map_ops *ops = get_dma_ops(dev);
41085
41086 BUG_ON(!valid_dma_direction(dir));
41087 if (ops->sync_single_range_for_cpu) {
41088@@ -140,7 +140,7 @@ static inline void dma_sync_single_range
41089 size_t size,
41090 enum dma_data_direction dir)
41091 {
41092- struct dma_map_ops *ops = get_dma_ops(dev);
41093+ const struct dma_map_ops *ops = get_dma_ops(dev);
41094
41095 BUG_ON(!valid_dma_direction(dir));
41096 if (ops->sync_single_range_for_device) {
41097@@ -155,7 +155,7 @@ static inline void
41098 dma_sync_sg_for_cpu(struct device *dev, struct scatterlist *sg,
41099 int nelems, enum dma_data_direction dir)
41100 {
41101- struct dma_map_ops *ops = get_dma_ops(dev);
41102+ const struct dma_map_ops *ops = get_dma_ops(dev);
41103
41104 BUG_ON(!valid_dma_direction(dir));
41105 if (ops->sync_sg_for_cpu)
41106@@ -167,7 +167,7 @@ static inline void
41107 dma_sync_sg_for_device(struct device *dev, struct scatterlist *sg,
41108 int nelems, enum dma_data_direction dir)
41109 {
41110- struct dma_map_ops *ops = get_dma_ops(dev);
41111+ const struct dma_map_ops *ops = get_dma_ops(dev);
41112
41113 BUG_ON(!valid_dma_direction(dir));
41114 if (ops->sync_sg_for_device)
41115diff -urNp linux-2.6.32.8/include/asm-generic/futex.h linux-2.6.32.8/include/asm-generic/futex.h
41116--- linux-2.6.32.8/include/asm-generic/futex.h 2010-02-09 07:57:19.000000000 -0500
41117+++ linux-2.6.32.8/include/asm-generic/futex.h 2010-02-13 21:45:10.744996520 -0500
41118@@ -6,7 +6,7 @@
41119 #include <asm/errno.h>
41120
41121 static inline int
41122-futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
41123+futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
41124 {
41125 int op = (encoded_op >> 28) & 7;
41126 int cmp = (encoded_op >> 24) & 15;
41127@@ -48,7 +48,7 @@ futex_atomic_op_inuser (int encoded_op,
41128 }
41129
41130 static inline int
41131-futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, int newval)
41132+futex_atomic_cmpxchg_inatomic(u32 __user *uaddr, int oldval, int newval)
41133 {
41134 return -ENOSYS;
41135 }
41136diff -urNp linux-2.6.32.8/include/asm-generic/int-l64.h linux-2.6.32.8/include/asm-generic/int-l64.h
41137--- linux-2.6.32.8/include/asm-generic/int-l64.h 2010-02-09 07:57:19.000000000 -0500
41138+++ linux-2.6.32.8/include/asm-generic/int-l64.h 2010-02-13 21:45:10.744996520 -0500
41139@@ -46,6 +46,8 @@ typedef unsigned int u32;
41140 typedef signed long s64;
41141 typedef unsigned long u64;
41142
41143+typedef unsigned int intoverflow_t __attribute__ ((mode(TI)));
41144+
41145 #define S8_C(x) x
41146 #define U8_C(x) x ## U
41147 #define S16_C(x) x
41148diff -urNp linux-2.6.32.8/include/asm-generic/int-ll64.h linux-2.6.32.8/include/asm-generic/int-ll64.h
41149--- linux-2.6.32.8/include/asm-generic/int-ll64.h 2010-02-09 07:57:19.000000000 -0500
41150+++ linux-2.6.32.8/include/asm-generic/int-ll64.h 2010-02-13 21:45:10.744996520 -0500
41151@@ -51,6 +51,8 @@ typedef unsigned int u32;
41152 typedef signed long long s64;
41153 typedef unsigned long long u64;
41154
41155+typedef unsigned long long intoverflow_t;
41156+
41157 #define S8_C(x) x
41158 #define U8_C(x) x ## U
41159 #define S16_C(x) x
41160diff -urNp linux-2.6.32.8/include/asm-generic/kmap_types.h linux-2.6.32.8/include/asm-generic/kmap_types.h
41161--- linux-2.6.32.8/include/asm-generic/kmap_types.h 2010-02-09 07:57:19.000000000 -0500
41162+++ linux-2.6.32.8/include/asm-generic/kmap_types.h 2010-02-13 21:45:10.744996520 -0500
41163@@ -28,7 +28,8 @@ KMAP_D(15) KM_UML_USERCOPY,
41164 KMAP_D(16) KM_IRQ_PTE,
41165 KMAP_D(17) KM_NMI,
41166 KMAP_D(18) KM_NMI_PTE,
41167-KMAP_D(19) KM_TYPE_NR
41168+KMAP_D(19) KM_CLEARPAGE,
41169+KMAP_D(20) KM_TYPE_NR
41170 };
41171
41172 #undef KMAP_D
41173diff -urNp linux-2.6.32.8/include/asm-generic/pgtable.h linux-2.6.32.8/include/asm-generic/pgtable.h
41174--- linux-2.6.32.8/include/asm-generic/pgtable.h 2010-02-09 07:57:19.000000000 -0500
41175+++ linux-2.6.32.8/include/asm-generic/pgtable.h 2010-02-13 21:45:10.744996520 -0500
41176@@ -344,6 +344,14 @@ extern void untrack_pfn_vma(struct vm_ar
41177 unsigned long size);
41178 #endif
41179
41180+#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL
41181+static inline unsigned long pax_open_kernel(void) { return 0; }
41182+#endif
41183+
41184+#ifndef __HAVE_ARCH_PAX_CLOSE_KERNEL
41185+static inline unsigned long pax_close_kernel(void) { return 0; }
41186+#endif
41187+
41188 #endif /* !__ASSEMBLY__ */
41189
41190 #endif /* _ASM_GENERIC_PGTABLE_H */
41191diff -urNp linux-2.6.32.8/include/asm-generic/vmlinux.lds.h linux-2.6.32.8/include/asm-generic/vmlinux.lds.h
41192--- linux-2.6.32.8/include/asm-generic/vmlinux.lds.h 2010-02-09 07:57:19.000000000 -0500
41193+++ linux-2.6.32.8/include/asm-generic/vmlinux.lds.h 2010-02-13 21:45:10.745996414 -0500
41194@@ -199,6 +199,7 @@
41195 .rodata : AT(ADDR(.rodata) - LOAD_OFFSET) { \
41196 VMLINUX_SYMBOL(__start_rodata) = .; \
41197 *(.rodata) *(.rodata.*) \
41198+ *(.data.read_only) \
41199 *(__vermagic) /* Kernel version magic */ \
41200 *(__markers_strings) /* Markers: strings */ \
41201 *(__tracepoints_strings)/* Tracepoints: strings */ \
41202@@ -656,22 +657,24 @@
41203 * section in the linker script will go there too. @phdr should have
41204 * a leading colon.
41205 *
41206- * Note that this macros defines __per_cpu_load as an absolute symbol.
41207+ * Note that this macros defines per_cpu_load as an absolute symbol.
41208 * If there is no need to put the percpu section at a predetermined
41209 * address, use PERCPU().
41210 */
41211 #define PERCPU_VADDR(vaddr, phdr) \
41212- VMLINUX_SYMBOL(__per_cpu_load) = .; \
41213- .data.percpu vaddr : AT(VMLINUX_SYMBOL(__per_cpu_load) \
41214+ per_cpu_load = .; \
41215+ .data.percpu vaddr : AT(VMLINUX_SYMBOL(per_cpu_load) \
41216 - LOAD_OFFSET) { \
41217+ VMLINUX_SYMBOL(__per_cpu_load) = . + per_cpu_load; \
41218 VMLINUX_SYMBOL(__per_cpu_start) = .; \
41219 *(.data.percpu.first) \
41220- *(.data.percpu.page_aligned) \
41221 *(.data.percpu) \
41222+ . = ALIGN(PAGE_SIZE); \
41223+ *(.data.percpu.page_aligned) \
41224 *(.data.percpu.shared_aligned) \
41225 VMLINUX_SYMBOL(__per_cpu_end) = .; \
41226 } phdr \
41227- . = VMLINUX_SYMBOL(__per_cpu_load) + SIZEOF(.data.percpu);
41228+ . = VMLINUX_SYMBOL(per_cpu_load) + SIZEOF(.data.percpu);
41229
41230 /**
41231 * PERCPU - define output section for percpu area, simple version
41232diff -urNp linux-2.6.32.8/include/drm/drm_pciids.h linux-2.6.32.8/include/drm/drm_pciids.h
41233--- linux-2.6.32.8/include/drm/drm_pciids.h 2010-02-09 07:57:19.000000000 -0500
41234+++ linux-2.6.32.8/include/drm/drm_pciids.h 2010-02-13 21:45:10.745996414 -0500
41235@@ -375,7 +375,7 @@
41236 {0x1002, 0x9712, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS880|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \
41237 {0x1002, 0x9713, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS880|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \
41238 {0x1002, 0x9714, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS880|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \
41239- {0, 0, 0}
41240+ {0, 0, 0, 0, 0, 0}
41241
41242 #define r128_PCI_IDS \
41243 {0x1002, 0x4c45, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41244@@ -415,14 +415,14 @@
41245 {0x1002, 0x5446, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41246 {0x1002, 0x544C, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41247 {0x1002, 0x5452, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41248- {0, 0, 0}
41249+ {0, 0, 0, 0, 0, 0}
41250
41251 #define mga_PCI_IDS \
41252 {0x102b, 0x0520, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G200}, \
41253 {0x102b, 0x0521, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G200}, \
41254 {0x102b, 0x0525, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G400}, \
41255 {0x102b, 0x2527, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G550}, \
41256- {0, 0, 0}
41257+ {0, 0, 0, 0, 0, 0}
41258
41259 #define mach64_PCI_IDS \
41260 {0x1002, 0x4749, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41261@@ -445,7 +445,7 @@
41262 {0x1002, 0x4c53, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41263 {0x1002, 0x4c4d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41264 {0x1002, 0x4c4e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41265- {0, 0, 0}
41266+ {0, 0, 0, 0, 0, 0}
41267
41268 #define sisdrv_PCI_IDS \
41269 {0x1039, 0x0300, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41270@@ -456,7 +456,7 @@
41271 {0x1039, 0x7300, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41272 {0x18CA, 0x0040, PCI_ANY_ID, PCI_ANY_ID, 0, 0, SIS_CHIP_315}, \
41273 {0x18CA, 0x0042, PCI_ANY_ID, PCI_ANY_ID, 0, 0, SIS_CHIP_315}, \
41274- {0, 0, 0}
41275+ {0, 0, 0, 0, 0, 0}
41276
41277 #define tdfx_PCI_IDS \
41278 {0x121a, 0x0003, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41279@@ -465,7 +465,7 @@
41280 {0x121a, 0x0007, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41281 {0x121a, 0x0009, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41282 {0x121a, 0x000b, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41283- {0, 0, 0}
41284+ {0, 0, 0, 0, 0, 0}
41285
41286 #define viadrv_PCI_IDS \
41287 {0x1106, 0x3022, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41288@@ -477,14 +477,14 @@
41289 {0x1106, 0x3343, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41290 {0x1106, 0x3230, PCI_ANY_ID, PCI_ANY_ID, 0, 0, VIA_DX9_0}, \
41291 {0x1106, 0x3157, PCI_ANY_ID, PCI_ANY_ID, 0, 0, VIA_PRO_GROUP_A}, \
41292- {0, 0, 0}
41293+ {0, 0, 0, 0, 0, 0}
41294
41295 #define i810_PCI_IDS \
41296 {0x8086, 0x7121, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41297 {0x8086, 0x7123, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41298 {0x8086, 0x7125, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41299 {0x8086, 0x1132, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41300- {0, 0, 0}
41301+ {0, 0, 0, 0, 0, 0}
41302
41303 #define i830_PCI_IDS \
41304 {0x8086, 0x3577, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41305@@ -492,11 +492,11 @@
41306 {0x8086, 0x3582, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41307 {0x8086, 0x2572, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41308 {0x8086, 0x358e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41309- {0, 0, 0}
41310+ {0, 0, 0, 0, 0, 0}
41311
41312 #define gamma_PCI_IDS \
41313 {0x3d3d, 0x0008, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41314- {0, 0, 0}
41315+ {0, 0, 0, 0, 0, 0}
41316
41317 #define savage_PCI_IDS \
41318 {0x5333, 0x8a20, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_SAVAGE3D}, \
41319@@ -522,10 +522,10 @@
41320 {0x5333, 0x8d02, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_TWISTER}, \
41321 {0x5333, 0x8d03, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_PROSAVAGEDDR}, \
41322 {0x5333, 0x8d04, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_PROSAVAGEDDR}, \
41323- {0, 0, 0}
41324+ {0, 0, 0, 0, 0, 0}
41325
41326 #define ffb_PCI_IDS \
41327- {0, 0, 0}
41328+ {0, 0, 0, 0, 0, 0}
41329
41330 #define i915_PCI_IDS \
41331 {0x8086, 0x3577, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
41332@@ -558,4 +558,4 @@
41333 {0x8086, 0x35e8, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
41334 {0x8086, 0x0042, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
41335 {0x8086, 0x0046, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
41336- {0, 0, 0}
41337+ {0, 0, 0, 0, 0, 0}
41338diff -urNp linux-2.6.32.8/include/drm/drmP.h linux-2.6.32.8/include/drm/drmP.h
41339--- linux-2.6.32.8/include/drm/drmP.h 2010-02-09 07:57:19.000000000 -0500
41340+++ linux-2.6.32.8/include/drm/drmP.h 2010-02-13 21:45:10.746929114 -0500
41341@@ -814,7 +814,7 @@ struct drm_driver {
41342 void (*vgaarb_irq)(struct drm_device *dev, bool state);
41343
41344 /* Driver private ops for this object */
41345- struct vm_operations_struct *gem_vm_ops;
41346+ const struct vm_operations_struct *gem_vm_ops;
41347
41348 int major;
41349 int minor;
41350@@ -917,7 +917,7 @@ struct drm_device {
41351
41352 /** \name Usage Counters */
41353 /*@{ */
41354- int open_count; /**< Outstanding files open */
41355+ atomic_t open_count; /**< Outstanding files open */
41356 atomic_t ioctl_count; /**< Outstanding IOCTLs pending */
41357 atomic_t vma_count; /**< Outstanding vma areas open */
41358 int buf_use; /**< Buffers in use -- cannot alloc */
41359@@ -928,7 +928,7 @@ struct drm_device {
41360 /*@{ */
41361 unsigned long counters;
41362 enum drm_stat_type types[15];
41363- atomic_t counts[15];
41364+ atomic_unchecked_t counts[15];
41365 /*@} */
41366
41367 struct list_head filelist;
41368diff -urNp linux-2.6.32.8/include/linux/a.out.h linux-2.6.32.8/include/linux/a.out.h
41369--- linux-2.6.32.8/include/linux/a.out.h 2010-02-09 07:57:19.000000000 -0500
41370+++ linux-2.6.32.8/include/linux/a.out.h 2010-02-13 21:45:10.746929114 -0500
41371@@ -39,6 +39,14 @@ enum machine_type {
41372 M_MIPS2 = 152 /* MIPS R6000/R4000 binary */
41373 };
41374
41375+/* Constants for the N_FLAGS field */
41376+#define F_PAX_PAGEEXEC 1 /* Paging based non-executable pages */
41377+#define F_PAX_EMUTRAMP 2 /* Emulate trampolines */
41378+#define F_PAX_MPROTECT 4 /* Restrict mprotect() */
41379+#define F_PAX_RANDMMAP 8 /* Randomize mmap() base */
41380+/*#define F_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */
41381+#define F_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */
41382+
41383 #if !defined (N_MAGIC)
41384 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
41385 #endif
41386diff -urNp linux-2.6.32.8/include/linux/atmdev.h linux-2.6.32.8/include/linux/atmdev.h
41387--- linux-2.6.32.8/include/linux/atmdev.h 2010-02-09 07:57:19.000000000 -0500
41388+++ linux-2.6.32.8/include/linux/atmdev.h 2010-02-13 21:45:10.746929114 -0500
41389@@ -237,7 +237,7 @@ struct compat_atm_iobuf {
41390 #endif
41391
41392 struct k_atm_aal_stats {
41393-#define __HANDLE_ITEM(i) atomic_t i
41394+#define __HANDLE_ITEM(i) atomic_unchecked_t i
41395 __AAL_STAT_ITEMS
41396 #undef __HANDLE_ITEM
41397 };
41398diff -urNp linux-2.6.32.8/include/linux/backlight.h linux-2.6.32.8/include/linux/backlight.h
41399--- linux-2.6.32.8/include/linux/backlight.h 2010-02-09 07:57:19.000000000 -0500
41400+++ linux-2.6.32.8/include/linux/backlight.h 2010-02-13 21:45:10.746929114 -0500
41401@@ -36,18 +36,18 @@ struct backlight_device;
41402 struct fb_info;
41403
41404 struct backlight_ops {
41405- unsigned int options;
41406+ const unsigned int options;
41407
41408 #define BL_CORE_SUSPENDRESUME (1 << 0)
41409
41410 /* Notify the backlight driver some property has changed */
41411- int (*update_status)(struct backlight_device *);
41412+ int (* const update_status)(struct backlight_device *);
41413 /* Return the current backlight brightness (accounting for power,
41414 fb_blank etc.) */
41415- int (*get_brightness)(struct backlight_device *);
41416+ int (* const get_brightness)(struct backlight_device *);
41417 /* Check if given framebuffer device is the one bound to this backlight;
41418 return 0 if not, !=0 if it is. If NULL, backlight always matches the fb. */
41419- int (*check_fb)(struct fb_info *);
41420+ int (* const check_fb)(struct fb_info *);
41421 };
41422
41423 /* This structure defines all the properties of a backlight */
41424@@ -86,7 +86,7 @@ struct backlight_device {
41425 registered this device has been unloaded, and if class_get_devdata()
41426 points to something in the body of that driver, it is also invalid. */
41427 struct mutex ops_lock;
41428- struct backlight_ops *ops;
41429+ const struct backlight_ops *ops;
41430
41431 /* The framebuffer notifier block */
41432 struct notifier_block fb_notif;
41433@@ -103,7 +103,7 @@ static inline void backlight_update_stat
41434 }
41435
41436 extern struct backlight_device *backlight_device_register(const char *name,
41437- struct device *dev, void *devdata, struct backlight_ops *ops);
41438+ struct device *dev, void *devdata, const struct backlight_ops *ops);
41439 extern void backlight_device_unregister(struct backlight_device *bd);
41440 extern void backlight_force_update(struct backlight_device *bd,
41441 enum backlight_update_reason reason);
41442diff -urNp linux-2.6.32.8/include/linux/binfmts.h linux-2.6.32.8/include/linux/binfmts.h
41443--- linux-2.6.32.8/include/linux/binfmts.h 2010-02-09 07:57:19.000000000 -0500
41444+++ linux-2.6.32.8/include/linux/binfmts.h 2010-02-13 21:45:10.746929114 -0500
41445@@ -78,6 +78,7 @@ struct linux_binfmt {
41446 int (*load_binary)(struct linux_binprm *, struct pt_regs * regs);
41447 int (*load_shlib)(struct file *);
41448 int (*core_dump)(long signr, struct pt_regs *regs, struct file *file, unsigned long limit);
41449+ void (*handle_mprotect)(struct vm_area_struct *vma, unsigned long newflags);
41450 unsigned long min_coredump; /* minimal dump size */
41451 int hasvdso;
41452 };
41453diff -urNp linux-2.6.32.8/include/linux/blkdev.h linux-2.6.32.8/include/linux/blkdev.h
41454--- linux-2.6.32.8/include/linux/blkdev.h 2010-02-09 07:57:19.000000000 -0500
41455+++ linux-2.6.32.8/include/linux/blkdev.h 2010-02-13 21:45:10.748000653 -0500
41456@@ -1262,19 +1262,19 @@ static inline int blk_integrity_rq(struc
41457 #endif /* CONFIG_BLK_DEV_INTEGRITY */
41458
41459 struct block_device_operations {
41460- int (*open) (struct block_device *, fmode_t);
41461- int (*release) (struct gendisk *, fmode_t);
41462- int (*locked_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41463- int (*ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41464- int (*compat_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41465- int (*direct_access) (struct block_device *, sector_t,
41466+ int (* const open) (struct block_device *, fmode_t);
41467+ int (* const release) (struct gendisk *, fmode_t);
41468+ int (* const locked_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41469+ int (* const ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41470+ int (* const compat_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41471+ int (* const direct_access) (struct block_device *, sector_t,
41472 void **, unsigned long *);
41473- int (*media_changed) (struct gendisk *);
41474- unsigned long long (*set_capacity) (struct gendisk *,
41475+ int (* const media_changed) (struct gendisk *);
41476+ unsigned long long (* const set_capacity) (struct gendisk *,
41477 unsigned long long);
41478- int (*revalidate_disk) (struct gendisk *);
41479- int (*getgeo)(struct block_device *, struct hd_geometry *);
41480- struct module *owner;
41481+ int (* const revalidate_disk) (struct gendisk *);
41482+ int (*const getgeo)(struct block_device *, struct hd_geometry *);
41483+ struct module * const owner;
41484 };
41485
41486 extern int __blkdev_driver_ioctl(struct block_device *, fmode_t, unsigned int,
41487diff -urNp linux-2.6.32.8/include/linux/cache.h linux-2.6.32.8/include/linux/cache.h
41488--- linux-2.6.32.8/include/linux/cache.h 2010-02-09 07:57:19.000000000 -0500
41489+++ linux-2.6.32.8/include/linux/cache.h 2010-02-13 21:45:10.748000653 -0500
41490@@ -16,6 +16,10 @@
41491 #define __read_mostly
41492 #endif
41493
41494+#ifndef __read_only
41495+#define __read_only __read_mostly
41496+#endif
41497+
41498 #ifndef ____cacheline_aligned
41499 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES)))
41500 #endif
41501diff -urNp linux-2.6.32.8/include/linux/capability.h linux-2.6.32.8/include/linux/capability.h
41502--- linux-2.6.32.8/include/linux/capability.h 2010-02-09 07:57:19.000000000 -0500
41503+++ linux-2.6.32.8/include/linux/capability.h 2010-02-13 21:45:10.748000653 -0500
41504@@ -563,6 +563,7 @@ extern const kernel_cap_t __cap_init_eff
41505 (security_real_capable_noaudit((t), (cap)) == 0)
41506
41507 extern int capable(int cap);
41508+int capable_nolog(int cap);
41509
41510 /* audit system wants to get cap info from files as well */
41511 struct dentry;
41512diff -urNp linux-2.6.32.8/include/linux/compiler-gcc4.h linux-2.6.32.8/include/linux/compiler-gcc4.h
41513--- linux-2.6.32.8/include/linux/compiler-gcc4.h 2010-02-09 07:57:19.000000000 -0500
41514+++ linux-2.6.32.8/include/linux/compiler-gcc4.h 2010-02-13 21:45:10.748000653 -0500
41515@@ -36,4 +36,8 @@
41516 the kernel context */
41517 #define __cold __attribute__((__cold__))
41518
41519+#define __alloc_size(...) __attribute((alloc_size(__VA_ARGS__)))
41520+#define __bos(ptr, arg) __builtin_object_size((ptr), (arg))
41521+#define __bos0(ptr) __bos((ptr), 0)
41522+#define __bos1(ptr) __bos((ptr), 1)
41523 #endif
41524diff -urNp linux-2.6.32.8/include/linux/compiler.h linux-2.6.32.8/include/linux/compiler.h
41525--- linux-2.6.32.8/include/linux/compiler.h 2010-02-09 07:57:19.000000000 -0500
41526+++ linux-2.6.32.8/include/linux/compiler.h 2010-02-13 21:45:10.748000653 -0500
41527@@ -256,6 +256,22 @@ void ftrace_likely_update(struct ftrace_
41528 #define __cold
41529 #endif
41530
41531+#ifndef __alloc_size
41532+#define __alloc_size
41533+#endif
41534+
41535+#ifndef __bos
41536+#define __bos
41537+#endif
41538+
41539+#ifndef __bos0
41540+#define __bos0
41541+#endif
41542+
41543+#ifndef __bos1
41544+#define __bos1
41545+#endif
41546+
41547 /* Simple shorthand for a section definition */
41548 #ifndef __section
41549 # define __section(S) __attribute__ ((__section__(#S)))
41550diff -urNp linux-2.6.32.8/include/linux/decompress/mm.h linux-2.6.32.8/include/linux/decompress/mm.h
41551--- linux-2.6.32.8/include/linux/decompress/mm.h 2010-02-09 07:57:19.000000000 -0500
41552+++ linux-2.6.32.8/include/linux/decompress/mm.h 2010-02-13 21:45:10.749010298 -0500
41553@@ -68,7 +68,7 @@ static void free(void *where)
41554 * warnings when not needed (indeed large_malloc / large_free are not
41555 * needed by inflate */
41556
41557-#define malloc(a) kmalloc(a, GFP_KERNEL)
41558+#define malloc(a) kmalloc((a), GFP_KERNEL)
41559 #define free(a) kfree(a)
41560
41561 #define large_malloc(a) vmalloc(a)
41562diff -urNp linux-2.6.32.8/include/linux/dma-mapping.h linux-2.6.32.8/include/linux/dma-mapping.h
41563--- linux-2.6.32.8/include/linux/dma-mapping.h 2010-02-09 07:57:19.000000000 -0500
41564+++ linux-2.6.32.8/include/linux/dma-mapping.h 2010-02-13 21:45:10.749010298 -0500
41565@@ -16,50 +16,50 @@ enum dma_data_direction {
41566 };
41567
41568 struct dma_map_ops {
41569- void* (*alloc_coherent)(struct device *dev, size_t size,
41570+ void* (* const alloc_coherent)(struct device *dev, size_t size,
41571 dma_addr_t *dma_handle, gfp_t gfp);
41572- void (*free_coherent)(struct device *dev, size_t size,
41573+ void (* const free_coherent)(struct device *dev, size_t size,
41574 void *vaddr, dma_addr_t dma_handle);
41575- dma_addr_t (*map_page)(struct device *dev, struct page *page,
41576+ dma_addr_t (* const map_page)(struct device *dev, struct page *page,
41577 unsigned long offset, size_t size,
41578 enum dma_data_direction dir,
41579 struct dma_attrs *attrs);
41580- void (*unmap_page)(struct device *dev, dma_addr_t dma_handle,
41581+ void (* const unmap_page)(struct device *dev, dma_addr_t dma_handle,
41582 size_t size, enum dma_data_direction dir,
41583 struct dma_attrs *attrs);
41584- int (*map_sg)(struct device *dev, struct scatterlist *sg,
41585+ int (* const map_sg)(struct device *dev, struct scatterlist *sg,
41586 int nents, enum dma_data_direction dir,
41587 struct dma_attrs *attrs);
41588- void (*unmap_sg)(struct device *dev,
41589+ void (* const unmap_sg)(struct device *dev,
41590 struct scatterlist *sg, int nents,
41591 enum dma_data_direction dir,
41592 struct dma_attrs *attrs);
41593- void (*sync_single_for_cpu)(struct device *dev,
41594+ void (* const sync_single_for_cpu)(struct device *dev,
41595 dma_addr_t dma_handle, size_t size,
41596 enum dma_data_direction dir);
41597- void (*sync_single_for_device)(struct device *dev,
41598+ void (* const sync_single_for_device)(struct device *dev,
41599 dma_addr_t dma_handle, size_t size,
41600 enum dma_data_direction dir);
41601- void (*sync_single_range_for_cpu)(struct device *dev,
41602+ void (* const sync_single_range_for_cpu)(struct device *dev,
41603 dma_addr_t dma_handle,
41604 unsigned long offset,
41605 size_t size,
41606 enum dma_data_direction dir);
41607- void (*sync_single_range_for_device)(struct device *dev,
41608+ void (* const sync_single_range_for_device)(struct device *dev,
41609 dma_addr_t dma_handle,
41610 unsigned long offset,
41611 size_t size,
41612 enum dma_data_direction dir);
41613- void (*sync_sg_for_cpu)(struct device *dev,
41614+ void (* const sync_sg_for_cpu)(struct device *dev,
41615 struct scatterlist *sg, int nents,
41616 enum dma_data_direction dir);
41617- void (*sync_sg_for_device)(struct device *dev,
41618+ void (* const sync_sg_for_device)(struct device *dev,
41619 struct scatterlist *sg, int nents,
41620 enum dma_data_direction dir);
41621- int (*mapping_error)(struct device *dev, dma_addr_t dma_addr);
41622- int (*dma_supported)(struct device *dev, u64 mask);
41623- int (*set_dma_mask)(struct device *dev, u64 mask);
41624- int is_phys;
41625+ int (* const mapping_error)(struct device *dev, dma_addr_t dma_addr);
41626+ int (* const dma_supported)(struct device *dev, u64 mask);
41627+ int (* const set_dma_mask)(struct device *dev, u64 mask);
41628+ const int is_phys;
41629 };
41630
41631 #define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1))
41632diff -urNp linux-2.6.32.8/include/linux/dst.h linux-2.6.32.8/include/linux/dst.h
41633--- linux-2.6.32.8/include/linux/dst.h 2010-02-09 07:57:19.000000000 -0500
41634+++ linux-2.6.32.8/include/linux/dst.h 2010-02-13 21:45:10.749010298 -0500
41635@@ -380,7 +380,7 @@ struct dst_node
41636 struct thread_pool *pool;
41637
41638 /* Transaction IDs live here */
41639- atomic_long_t gen;
41640+ atomic_long_unchecked_t gen;
41641
41642 /*
41643 * How frequently and how many times transaction
41644diff -urNp linux-2.6.32.8/include/linux/elf.h linux-2.6.32.8/include/linux/elf.h
41645--- linux-2.6.32.8/include/linux/elf.h 2010-02-09 07:57:19.000000000 -0500
41646+++ linux-2.6.32.8/include/linux/elf.h 2010-02-13 21:45:10.749010298 -0500
41647@@ -49,6 +49,17 @@ typedef __s64 Elf64_Sxword;
41648 #define PT_GNU_EH_FRAME 0x6474e550
41649
41650 #define PT_GNU_STACK (PT_LOOS + 0x474e551)
41651+#define PT_GNU_RELRO (PT_LOOS + 0x474e552)
41652+
41653+#define PT_PAX_FLAGS (PT_LOOS + 0x5041580)
41654+
41655+/* Constants for the e_flags field */
41656+#define EF_PAX_PAGEEXEC 1 /* Paging based non-executable pages */
41657+#define EF_PAX_EMUTRAMP 2 /* Emulate trampolines */
41658+#define EF_PAX_MPROTECT 4 /* Restrict mprotect() */
41659+#define EF_PAX_RANDMMAP 8 /* Randomize mmap() base */
41660+/*#define EF_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */
41661+#define EF_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */
41662
41663 /* These constants define the different elf file types */
41664 #define ET_NONE 0
41665@@ -84,6 +95,8 @@ typedef __s64 Elf64_Sxword;
41666 #define DT_DEBUG 21
41667 #define DT_TEXTREL 22
41668 #define DT_JMPREL 23
41669+#define DT_FLAGS 30
41670+ #define DF_TEXTREL 0x00000004
41671 #define DT_ENCODING 32
41672 #define OLD_DT_LOOS 0x60000000
41673 #define DT_LOOS 0x6000000d
41674@@ -230,6 +243,19 @@ typedef struct elf64_hdr {
41675 #define PF_W 0x2
41676 #define PF_X 0x1
41677
41678+#define PF_PAGEEXEC (1U << 4) /* Enable PAGEEXEC */
41679+#define PF_NOPAGEEXEC (1U << 5) /* Disable PAGEEXEC */
41680+#define PF_SEGMEXEC (1U << 6) /* Enable SEGMEXEC */
41681+#define PF_NOSEGMEXEC (1U << 7) /* Disable SEGMEXEC */
41682+#define PF_MPROTECT (1U << 8) /* Enable MPROTECT */
41683+#define PF_NOMPROTECT (1U << 9) /* Disable MPROTECT */
41684+/*#define PF_RANDEXEC (1U << 10)*/ /* Enable RANDEXEC */
41685+/*#define PF_NORANDEXEC (1U << 11)*/ /* Disable RANDEXEC */
41686+#define PF_EMUTRAMP (1U << 12) /* Enable EMUTRAMP */
41687+#define PF_NOEMUTRAMP (1U << 13) /* Disable EMUTRAMP */
41688+#define PF_RANDMMAP (1U << 14) /* Enable RANDMMAP */
41689+#define PF_NORANDMMAP (1U << 15) /* Disable RANDMMAP */
41690+
41691 typedef struct elf32_phdr{
41692 Elf32_Word p_type;
41693 Elf32_Off p_offset;
41694@@ -322,6 +348,8 @@ typedef struct elf64_shdr {
41695 #define EI_OSABI 7
41696 #define EI_PAD 8
41697
41698+#define EI_PAX 14
41699+
41700 #define ELFMAG0 0x7f /* EI_MAG */
41701 #define ELFMAG1 'E'
41702 #define ELFMAG2 'L'
41703@@ -386,6 +414,7 @@ extern Elf32_Dyn _DYNAMIC [];
41704 #define elf_phdr elf32_phdr
41705 #define elf_note elf32_note
41706 #define elf_addr_t Elf32_Off
41707+#define elf_dyn Elf32_Dyn
41708
41709 #else
41710
41711@@ -394,6 +423,7 @@ extern Elf64_Dyn _DYNAMIC [];
41712 #define elf_phdr elf64_phdr
41713 #define elf_note elf64_note
41714 #define elf_addr_t Elf64_Off
41715+#define elf_dyn Elf64_Dyn
41716
41717 #endif
41718
41719diff -urNp linux-2.6.32.8/include/linux/fs.h linux-2.6.32.8/include/linux/fs.h
41720--- linux-2.6.32.8/include/linux/fs.h 2010-02-09 07:57:19.000000000 -0500
41721+++ linux-2.6.32.8/include/linux/fs.h 2010-02-13 21:45:10.749996132 -0500
41722@@ -87,6 +87,10 @@ struct inodes_stat_t {
41723 */
41724 #define FMODE_NOCMTIME ((__force fmode_t)2048)
41725
41726+/* Hack for grsec so as not to require read permission simply to execute
41727+ a binary */
41728+#define FMODE_GREXEC ((__force fmode_t)8192)
41729+
41730 /*
41731 * The below are the various read and write types that we support. Some of
41732 * them include behavioral modifiers that send information down to the
41733@@ -565,41 +569,41 @@ typedef int (*read_actor_t)(read_descrip
41734 unsigned long, unsigned long);
41735
41736 struct address_space_operations {
41737- int (*writepage)(struct page *page, struct writeback_control *wbc);
41738- int (*readpage)(struct file *, struct page *);
41739- void (*sync_page)(struct page *);
41740+ int (* const writepage)(struct page *page, struct writeback_control *wbc);
41741+ int (* const readpage)(struct file *, struct page *);
41742+ void (* const sync_page)(struct page *);
41743
41744 /* Write back some dirty pages from this mapping. */
41745- int (*writepages)(struct address_space *, struct writeback_control *);
41746+ int (* const writepages)(struct address_space *, struct writeback_control *);
41747
41748 /* Set a page dirty. Return true if this dirtied it */
41749- int (*set_page_dirty)(struct page *page);
41750+ int (* const set_page_dirty)(struct page *page);
41751
41752- int (*readpages)(struct file *filp, struct address_space *mapping,
41753+ int (* const readpages)(struct file *filp, struct address_space *mapping,
41754 struct list_head *pages, unsigned nr_pages);
41755
41756- int (*write_begin)(struct file *, struct address_space *mapping,
41757+ int (* const write_begin)(struct file *, struct address_space *mapping,
41758 loff_t pos, unsigned len, unsigned flags,
41759 struct page **pagep, void **fsdata);
41760- int (*write_end)(struct file *, struct address_space *mapping,
41761+ int (* const write_end)(struct file *, struct address_space *mapping,
41762 loff_t pos, unsigned len, unsigned copied,
41763 struct page *page, void *fsdata);
41764
41765 /* Unfortunately this kludge is needed for FIBMAP. Don't use it */
41766- sector_t (*bmap)(struct address_space *, sector_t);
41767- void (*invalidatepage) (struct page *, unsigned long);
41768- int (*releasepage) (struct page *, gfp_t);
41769- ssize_t (*direct_IO)(int, struct kiocb *, const struct iovec *iov,
41770+ sector_t (* const bmap)(struct address_space *, sector_t);
41771+ void (* const invalidatepage) (struct page *, unsigned long);
41772+ int (* const releasepage) (struct page *, gfp_t);
41773+ ssize_t (* const direct_IO)(int, struct kiocb *, const struct iovec *iov,
41774 loff_t offset, unsigned long nr_segs);
41775- int (*get_xip_mem)(struct address_space *, pgoff_t, int,
41776+ int (* const get_xip_mem)(struct address_space *, pgoff_t, int,
41777 void **, unsigned long *);
41778 /* migrate the contents of a page to the specified target */
41779- int (*migratepage) (struct address_space *,
41780+ int (* const migratepage) (struct address_space *,
41781 struct page *, struct page *);
41782- int (*launder_page) (struct page *);
41783- int (*is_partially_uptodate) (struct page *, read_descriptor_t *,
41784+ int (* const launder_page) (struct page *);
41785+ int (* const is_partially_uptodate) (struct page *, read_descriptor_t *,
41786 unsigned long);
41787- int (*error_remove_page)(struct address_space *, struct page *);
41788+ int (* const error_remove_page)(struct address_space *, struct page *);
41789 };
41790
41791 /*
41792@@ -1027,19 +1031,19 @@ static inline int file_check_writeable(s
41793 typedef struct files_struct *fl_owner_t;
41794
41795 struct file_lock_operations {
41796- void (*fl_copy_lock)(struct file_lock *, struct file_lock *);
41797- void (*fl_release_private)(struct file_lock *);
41798+ void (* const fl_copy_lock)(struct file_lock *, struct file_lock *);
41799+ void (* const fl_release_private)(struct file_lock *);
41800 };
41801
41802 struct lock_manager_operations {
41803- int (*fl_compare_owner)(struct file_lock *, struct file_lock *);
41804- void (*fl_notify)(struct file_lock *); /* unblock callback */
41805- int (*fl_grant)(struct file_lock *, struct file_lock *, int);
41806- void (*fl_copy_lock)(struct file_lock *, struct file_lock *);
41807- void (*fl_release_private)(struct file_lock *);
41808- void (*fl_break)(struct file_lock *);
41809- int (*fl_mylease)(struct file_lock *, struct file_lock *);
41810- int (*fl_change)(struct file_lock **, int);
41811+ int (* const fl_compare_owner)(struct file_lock *, struct file_lock *);
41812+ void (* const fl_notify)(struct file_lock *); /* unblock callback */
41813+ int (* const fl_grant)(struct file_lock *, struct file_lock *, int);
41814+ void (* const fl_copy_lock)(struct file_lock *, struct file_lock *);
41815+ void (* const fl_release_private)(struct file_lock *);
41816+ void (* const fl_break)(struct file_lock *);
41817+ int (* const fl_mylease)(struct file_lock *, struct file_lock *);
41818+ int (* const fl_change)(struct file_lock **, int);
41819 };
41820
41821 struct lock_manager {
41822@@ -1436,7 +1440,7 @@ struct fiemap_extent_info {
41823 unsigned int fi_flags; /* Flags as passed from user */
41824 unsigned int fi_extents_mapped; /* Number of mapped extents */
41825 unsigned int fi_extents_max; /* Size of fiemap_extent array */
41826- struct fiemap_extent *fi_extents_start; /* Start of fiemap_extent
41827+ struct fiemap_extent __user *fi_extents_start; /* Start of fiemap_extent
41828 * array */
41829 };
41830 int fiemap_fill_next_extent(struct fiemap_extent_info *info, u64 logical,
41831@@ -1553,30 +1557,30 @@ extern ssize_t vfs_writev(struct file *,
41832 unsigned long, loff_t *);
41833
41834 struct super_operations {
41835- struct inode *(*alloc_inode)(struct super_block *sb);
41836- void (*destroy_inode)(struct inode *);
41837+ struct inode *(* const alloc_inode)(struct super_block *sb);
41838+ void (* const destroy_inode)(struct inode *);
41839
41840- void (*dirty_inode) (struct inode *);
41841- int (*write_inode) (struct inode *, int);
41842- void (*drop_inode) (struct inode *);
41843- void (*delete_inode) (struct inode *);
41844- void (*put_super) (struct super_block *);
41845- void (*write_super) (struct super_block *);
41846- int (*sync_fs)(struct super_block *sb, int wait);
41847- int (*freeze_fs) (struct super_block *);
41848- int (*unfreeze_fs) (struct super_block *);
41849- int (*statfs) (struct dentry *, struct kstatfs *);
41850- int (*remount_fs) (struct super_block *, int *, char *);
41851- void (*clear_inode) (struct inode *);
41852- void (*umount_begin) (struct super_block *);
41853+ void (* const dirty_inode) (struct inode *);
41854+ int (* const write_inode) (struct inode *, int);
41855+ void (* const drop_inode) (struct inode *);
41856+ void (* const delete_inode) (struct inode *);
41857+ void (* const put_super) (struct super_block *);
41858+ void (* const write_super) (struct super_block *);
41859+ int (* const sync_fs)(struct super_block *sb, int wait);
41860+ int (* const freeze_fs) (struct super_block *);
41861+ int (* const unfreeze_fs) (struct super_block *);
41862+ int (* const statfs) (struct dentry *, struct kstatfs *);
41863+ int (* const remount_fs) (struct super_block *, int *, char *);
41864+ void (* const clear_inode) (struct inode *);
41865+ void (* const umount_begin) (struct super_block *);
41866
41867- int (*show_options)(struct seq_file *, struct vfsmount *);
41868- int (*show_stats)(struct seq_file *, struct vfsmount *);
41869+ int (* const show_options)(struct seq_file *, struct vfsmount *);
41870+ int (* const show_stats)(struct seq_file *, struct vfsmount *);
41871 #ifdef CONFIG_QUOTA
41872- ssize_t (*quota_read)(struct super_block *, int, char *, size_t, loff_t);
41873- ssize_t (*quota_write)(struct super_block *, int, const char *, size_t, loff_t);
41874+ ssize_t (* const quota_read)(struct super_block *, int, char *, size_t, loff_t);
41875+ ssize_t (* const quota_write)(struct super_block *, int, const char *, size_t, loff_t);
41876 #endif
41877- int (*bdev_try_to_free_page)(struct super_block*, struct page*, gfp_t);
41878+ int (* const bdev_try_to_free_page)(struct super_block*, struct page*, gfp_t);
41879 };
41880
41881 /*
41882diff -urNp linux-2.6.32.8/include/linux/fs_struct.h linux-2.6.32.8/include/linux/fs_struct.h
41883--- linux-2.6.32.8/include/linux/fs_struct.h 2010-02-09 07:57:19.000000000 -0500
41884+++ linux-2.6.32.8/include/linux/fs_struct.h 2010-02-13 21:45:10.751807127 -0500
41885@@ -4,7 +4,7 @@
41886 #include <linux/path.h>
41887
41888 struct fs_struct {
41889- int users;
41890+ atomic_t users;
41891 rwlock_t lock;
41892 int umask;
41893 int in_exec;
41894diff -urNp linux-2.6.32.8/include/linux/genhd.h linux-2.6.32.8/include/linux/genhd.h
41895--- linux-2.6.32.8/include/linux/genhd.h 2010-02-09 07:57:19.000000000 -0500
41896+++ linux-2.6.32.8/include/linux/genhd.h 2010-02-13 21:45:10.751807127 -0500
41897@@ -161,7 +161,7 @@ struct gendisk {
41898
41899 struct timer_rand_state *random;
41900
41901- atomic_t sync_io; /* RAID */
41902+ atomic_unchecked_t sync_io; /* RAID */
41903 struct work_struct async_notify;
41904 #ifdef CONFIG_BLK_DEV_INTEGRITY
41905 struct blk_integrity *integrity;
41906diff -urNp linux-2.6.32.8/include/linux/gracl.h linux-2.6.32.8/include/linux/gracl.h
41907--- linux-2.6.32.8/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500
41908+++ linux-2.6.32.8/include/linux/gracl.h 2010-02-13 21:45:10.752856831 -0500
41909@@ -0,0 +1,309 @@
41910+#ifndef GR_ACL_H
41911+#define GR_ACL_H
41912+
41913+#include <linux/grdefs.h>
41914+#include <linux/resource.h>
41915+#include <linux/capability.h>
41916+#include <linux/dcache.h>
41917+#include <asm/resource.h>
41918+
41919+/* Major status information */
41920+
41921+#define GR_VERSION "grsecurity 2.1.14"
41922+#define GRSECURITY_VERSION 0x2114
41923+
41924+enum {
41925+ GR_SHUTDOWN = 0,
41926+ GR_ENABLE = 1,
41927+ GR_SPROLE = 2,
41928+ GR_RELOAD = 3,
41929+ GR_SEGVMOD = 4,
41930+ GR_STATUS = 5,
41931+ GR_UNSPROLE = 6,
41932+ GR_PASSSET = 7,
41933+ GR_SPROLEPAM = 8,
41934+};
41935+
41936+/* Password setup definitions
41937+ * kernel/grhash.c */
41938+enum {
41939+ GR_PW_LEN = 128,
41940+ GR_SALT_LEN = 16,
41941+ GR_SHA_LEN = 32,
41942+};
41943+
41944+enum {
41945+ GR_SPROLE_LEN = 64,
41946+};
41947+
41948+#define GR_NLIMITS 32
41949+
41950+/* Begin Data Structures */
41951+
41952+struct sprole_pw {
41953+ unsigned char *rolename;
41954+ unsigned char salt[GR_SALT_LEN];
41955+ unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */
41956+};
41957+
41958+struct name_entry {
41959+ __u32 key;
41960+ ino_t inode;
41961+ dev_t device;
41962+ char *name;
41963+ __u16 len;
41964+ __u8 deleted;
41965+ struct name_entry *prev;
41966+ struct name_entry *next;
41967+};
41968+
41969+struct inodev_entry {
41970+ struct name_entry *nentry;
41971+ struct inodev_entry *prev;
41972+ struct inodev_entry *next;
41973+};
41974+
41975+struct acl_role_db {
41976+ struct acl_role_label **r_hash;
41977+ __u32 r_size;
41978+};
41979+
41980+struct inodev_db {
41981+ struct inodev_entry **i_hash;
41982+ __u32 i_size;
41983+};
41984+
41985+struct name_db {
41986+ struct name_entry **n_hash;
41987+ __u32 n_size;
41988+};
41989+
41990+struct crash_uid {
41991+ uid_t uid;
41992+ unsigned long expires;
41993+};
41994+
41995+struct gr_hash_struct {
41996+ void **table;
41997+ void **nametable;
41998+ void *first;
41999+ __u32 table_size;
42000+ __u32 used_size;
42001+ int type;
42002+};
42003+
42004+/* Userspace Grsecurity ACL data structures */
42005+
42006+struct acl_subject_label {
42007+ char *filename;
42008+ ino_t inode;
42009+ dev_t device;
42010+ __u32 mode;
42011+ kernel_cap_t cap_mask;
42012+ kernel_cap_t cap_lower;
42013+
42014+ struct rlimit res[GR_NLIMITS];
42015+ __u32 resmask;
42016+
42017+ __u8 user_trans_type;
42018+ __u8 group_trans_type;
42019+ uid_t *user_transitions;
42020+ gid_t *group_transitions;
42021+ __u16 user_trans_num;
42022+ __u16 group_trans_num;
42023+
42024+ __u32 ip_proto[8];
42025+ __u32 ip_type;
42026+ struct acl_ip_label **ips;
42027+ __u32 ip_num;
42028+ __u32 inaddr_any_override;
42029+
42030+ __u32 crashes;
42031+ unsigned long expires;
42032+
42033+ struct acl_subject_label *parent_subject;
42034+ struct gr_hash_struct *hash;
42035+ struct acl_subject_label *prev;
42036+ struct acl_subject_label *next;
42037+
42038+ struct acl_object_label **obj_hash;
42039+ __u32 obj_hash_size;
42040+ __u16 pax_flags;
42041+};
42042+
42043+struct role_allowed_ip {
42044+ __u32 addr;
42045+ __u32 netmask;
42046+
42047+ struct role_allowed_ip *prev;
42048+ struct role_allowed_ip *next;
42049+};
42050+
42051+struct role_transition {
42052+ char *rolename;
42053+
42054+ struct role_transition *prev;
42055+ struct role_transition *next;
42056+};
42057+
42058+struct acl_role_label {
42059+ char *rolename;
42060+ uid_t uidgid;
42061+ __u16 roletype;
42062+
42063+ __u16 auth_attempts;
42064+ unsigned long expires;
42065+
42066+ struct acl_subject_label *root_label;
42067+ struct gr_hash_struct *hash;
42068+
42069+ struct acl_role_label *prev;
42070+ struct acl_role_label *next;
42071+
42072+ struct role_transition *transitions;
42073+ struct role_allowed_ip *allowed_ips;
42074+ uid_t *domain_children;
42075+ __u16 domain_child_num;
42076+
42077+ struct acl_subject_label **subj_hash;
42078+ __u32 subj_hash_size;
42079+};
42080+
42081+struct user_acl_role_db {
42082+ struct acl_role_label **r_table;
42083+ __u32 num_pointers; /* Number of allocations to track */
42084+ __u32 num_roles; /* Number of roles */
42085+ __u32 num_domain_children; /* Number of domain children */
42086+ __u32 num_subjects; /* Number of subjects */
42087+ __u32 num_objects; /* Number of objects */
42088+};
42089+
42090+struct acl_object_label {
42091+ char *filename;
42092+ ino_t inode;
42093+ dev_t device;
42094+ __u32 mode;
42095+
42096+ struct acl_subject_label *nested;
42097+ struct acl_object_label *globbed;
42098+
42099+ /* next two structures not used */
42100+
42101+ struct acl_object_label *prev;
42102+ struct acl_object_label *next;
42103+};
42104+
42105+struct acl_ip_label {
42106+ char *iface;
42107+ __u32 addr;
42108+ __u32 netmask;
42109+ __u16 low, high;
42110+ __u8 mode;
42111+ __u32 type;
42112+ __u32 proto[8];
42113+
42114+ /* next two structures not used */
42115+
42116+ struct acl_ip_label *prev;
42117+ struct acl_ip_label *next;
42118+};
42119+
42120+struct gr_arg {
42121+ struct user_acl_role_db role_db;
42122+ unsigned char pw[GR_PW_LEN];
42123+ unsigned char salt[GR_SALT_LEN];
42124+ unsigned char sum[GR_SHA_LEN];
42125+ unsigned char sp_role[GR_SPROLE_LEN];
42126+ struct sprole_pw *sprole_pws;
42127+ dev_t segv_device;
42128+ ino_t segv_inode;
42129+ uid_t segv_uid;
42130+ __u16 num_sprole_pws;
42131+ __u16 mode;
42132+};
42133+
42134+struct gr_arg_wrapper {
42135+ struct gr_arg *arg;
42136+ __u32 version;
42137+ __u32 size;
42138+};
42139+
42140+struct subject_map {
42141+ struct acl_subject_label *user;
42142+ struct acl_subject_label *kernel;
42143+ struct subject_map *prev;
42144+ struct subject_map *next;
42145+};
42146+
42147+struct acl_subj_map_db {
42148+ struct subject_map **s_hash;
42149+ __u32 s_size;
42150+};
42151+
42152+/* End Data Structures Section */
42153+
42154+/* Hash functions generated by empirical testing by Brad Spengler
42155+ Makes good use of the low bits of the inode. Generally 0-1 times
42156+ in loop for successful match. 0-3 for unsuccessful match.
42157+ Shift/add algorithm with modulus of table size and an XOR*/
42158+
42159+static __inline__ unsigned int
42160+rhash(const uid_t uid, const __u16 type, const unsigned int sz)
42161+{
42162+ return ((((uid + type) << (16 + type)) ^ uid) % sz);
42163+}
42164+
42165+ static __inline__ unsigned int
42166+shash(const struct acl_subject_label *userp, const unsigned int sz)
42167+{
42168+ return ((const unsigned long)userp % sz);
42169+}
42170+
42171+static __inline__ unsigned int
42172+fhash(const ino_t ino, const dev_t dev, const unsigned int sz)
42173+{
42174+ return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
42175+}
42176+
42177+static __inline__ unsigned int
42178+nhash(const char *name, const __u16 len, const unsigned int sz)
42179+{
42180+ return full_name_hash((const unsigned char *)name, len) % sz;
42181+}
42182+
42183+#define FOR_EACH_ROLE_START(role) \
42184+ role = role_list; \
42185+ while (role) {
42186+
42187+#define FOR_EACH_ROLE_END(role) \
42188+ role = role->prev; \
42189+ }
42190+
42191+#define FOR_EACH_SUBJECT_START(role,subj,iter) \
42192+ subj = NULL; \
42193+ iter = 0; \
42194+ while (iter < role->subj_hash_size) { \
42195+ if (subj == NULL) \
42196+ subj = role->subj_hash[iter]; \
42197+ if (subj == NULL) { \
42198+ iter++; \
42199+ continue; \
42200+ }
42201+
42202+#define FOR_EACH_SUBJECT_END(subj,iter) \
42203+ subj = subj->next; \
42204+ if (subj == NULL) \
42205+ iter++; \
42206+ }
42207+
42208+
42209+#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \
42210+ subj = role->hash->first; \
42211+ while (subj != NULL) {
42212+
42213+#define FOR_EACH_NESTED_SUBJECT_END(subj) \
42214+ subj = subj->next; \
42215+ }
42216+
42217+#endif
42218+
42219diff -urNp linux-2.6.32.8/include/linux/gralloc.h linux-2.6.32.8/include/linux/gralloc.h
42220--- linux-2.6.32.8/include/linux/gralloc.h 1969-12-31 19:00:00.000000000 -0500
42221+++ linux-2.6.32.8/include/linux/gralloc.h 2010-02-13 21:45:10.752856831 -0500
42222@@ -0,0 +1,9 @@
42223+#ifndef __GRALLOC_H
42224+#define __GRALLOC_H
42225+
42226+void acl_free_all(void);
42227+int acl_alloc_stack_init(unsigned long size);
42228+void *acl_alloc(unsigned long len);
42229+void *acl_alloc_num(unsigned long num, unsigned long len);
42230+
42231+#endif
42232diff -urNp linux-2.6.32.8/include/linux/grdefs.h linux-2.6.32.8/include/linux/grdefs.h
42233--- linux-2.6.32.8/include/linux/grdefs.h 1969-12-31 19:00:00.000000000 -0500
42234+++ linux-2.6.32.8/include/linux/grdefs.h 2010-02-13 21:45:10.752856831 -0500
42235@@ -0,0 +1,136 @@
42236+#ifndef GRDEFS_H
42237+#define GRDEFS_H
42238+
42239+/* Begin grsecurity status declarations */
42240+
42241+enum {
42242+ GR_READY = 0x01,
42243+ GR_STATUS_INIT = 0x00 // disabled state
42244+};
42245+
42246+/* Begin ACL declarations */
42247+
42248+/* Role flags */
42249+
42250+enum {
42251+ GR_ROLE_USER = 0x0001,
42252+ GR_ROLE_GROUP = 0x0002,
42253+ GR_ROLE_DEFAULT = 0x0004,
42254+ GR_ROLE_SPECIAL = 0x0008,
42255+ GR_ROLE_AUTH = 0x0010,
42256+ GR_ROLE_NOPW = 0x0020,
42257+ GR_ROLE_GOD = 0x0040,
42258+ GR_ROLE_LEARN = 0x0080,
42259+ GR_ROLE_TPE = 0x0100,
42260+ GR_ROLE_DOMAIN = 0x0200,
42261+ GR_ROLE_PAM = 0x0400
42262+};
42263+
42264+/* ACL Subject and Object mode flags */
42265+enum {
42266+ GR_DELETED = 0x80000000
42267+};
42268+
42269+/* ACL Object-only mode flags */
42270+enum {
42271+ GR_READ = 0x00000001,
42272+ GR_APPEND = 0x00000002,
42273+ GR_WRITE = 0x00000004,
42274+ GR_EXEC = 0x00000008,
42275+ GR_FIND = 0x00000010,
42276+ GR_INHERIT = 0x00000020,
42277+ GR_SETID = 0x00000040,
42278+ GR_CREATE = 0x00000080,
42279+ GR_DELETE = 0x00000100,
42280+ GR_LINK = 0x00000200,
42281+ GR_AUDIT_READ = 0x00000400,
42282+ GR_AUDIT_APPEND = 0x00000800,
42283+ GR_AUDIT_WRITE = 0x00001000,
42284+ GR_AUDIT_EXEC = 0x00002000,
42285+ GR_AUDIT_FIND = 0x00004000,
42286+ GR_AUDIT_INHERIT= 0x00008000,
42287+ GR_AUDIT_SETID = 0x00010000,
42288+ GR_AUDIT_CREATE = 0x00020000,
42289+ GR_AUDIT_DELETE = 0x00040000,
42290+ GR_AUDIT_LINK = 0x00080000,
42291+ GR_PTRACERD = 0x00100000,
42292+ GR_NOPTRACE = 0x00200000,
42293+ GR_SUPPRESS = 0x00400000,
42294+ GR_NOLEARN = 0x00800000
42295+};
42296+
42297+#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
42298+ GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
42299+ GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK)
42300+
42301+/* ACL subject-only mode flags */
42302+enum {
42303+ GR_KILL = 0x00000001,
42304+ GR_VIEW = 0x00000002,
42305+ GR_PROTECTED = 0x00000004,
42306+ GR_LEARN = 0x00000008,
42307+ GR_OVERRIDE = 0x00000010,
42308+ /* just a placeholder, this mode is only used in userspace */
42309+ GR_DUMMY = 0x00000020,
42310+ GR_PROTSHM = 0x00000040,
42311+ GR_KILLPROC = 0x00000080,
42312+ GR_KILLIPPROC = 0x00000100,
42313+ /* just a placeholder, this mode is only used in userspace */
42314+ GR_NOTROJAN = 0x00000200,
42315+ GR_PROTPROCFD = 0x00000400,
42316+ GR_PROCACCT = 0x00000800,
42317+ GR_RELAXPTRACE = 0x00001000,
42318+ GR_NESTED = 0x00002000,
42319+ GR_INHERITLEARN = 0x00004000,
42320+ GR_PROCFIND = 0x00008000,
42321+ GR_POVERRIDE = 0x00010000,
42322+ GR_KERNELAUTH = 0x00020000,
42323+};
42324+
42325+enum {
42326+ GR_PAX_ENABLE_SEGMEXEC = 0x0001,
42327+ GR_PAX_ENABLE_PAGEEXEC = 0x0002,
42328+ GR_PAX_ENABLE_MPROTECT = 0x0004,
42329+ GR_PAX_ENABLE_RANDMMAP = 0x0008,
42330+ GR_PAX_ENABLE_EMUTRAMP = 0x0010,
42331+ GR_PAX_DISABLE_SEGMEXEC = 0x0100,
42332+ GR_PAX_DISABLE_PAGEEXEC = 0x0200,
42333+ GR_PAX_DISABLE_MPROTECT = 0x0400,
42334+ GR_PAX_DISABLE_RANDMMAP = 0x0800,
42335+ GR_PAX_DISABLE_EMUTRAMP = 0x1000,
42336+};
42337+
42338+enum {
42339+ GR_ID_USER = 0x01,
42340+ GR_ID_GROUP = 0x02,
42341+};
42342+
42343+enum {
42344+ GR_ID_ALLOW = 0x01,
42345+ GR_ID_DENY = 0x02,
42346+};
42347+
42348+#define GR_CRASH_RES 31
42349+#define GR_UIDTABLE_MAX 500
42350+
42351+/* begin resource learning section */
42352+enum {
42353+ GR_RLIM_CPU_BUMP = 60,
42354+ GR_RLIM_FSIZE_BUMP = 50000,
42355+ GR_RLIM_DATA_BUMP = 10000,
42356+ GR_RLIM_STACK_BUMP = 1000,
42357+ GR_RLIM_CORE_BUMP = 10000,
42358+ GR_RLIM_RSS_BUMP = 500000,
42359+ GR_RLIM_NPROC_BUMP = 1,
42360+ GR_RLIM_NOFILE_BUMP = 5,
42361+ GR_RLIM_MEMLOCK_BUMP = 50000,
42362+ GR_RLIM_AS_BUMP = 500000,
42363+ GR_RLIM_LOCKS_BUMP = 2,
42364+ GR_RLIM_SIGPENDING_BUMP = 5,
42365+ GR_RLIM_MSGQUEUE_BUMP = 10000,
42366+ GR_RLIM_NICE_BUMP = 1,
42367+ GR_RLIM_RTPRIO_BUMP = 1,
42368+ GR_RLIM_RTTIME_BUMP = 1000000
42369+};
42370+
42371+#endif
42372diff -urNp linux-2.6.32.8/include/linux/grinternal.h linux-2.6.32.8/include/linux/grinternal.h
42373--- linux-2.6.32.8/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
42374+++ linux-2.6.32.8/include/linux/grinternal.h 2010-02-13 21:45:10.752856831 -0500
42375@@ -0,0 +1,212 @@
42376+#ifndef __GRINTERNAL_H
42377+#define __GRINTERNAL_H
42378+
42379+#ifdef CONFIG_GRKERNSEC
42380+
42381+#include <linux/fs.h>
42382+#include <linux/mnt_namespace.h>
42383+#include <linux/nsproxy.h>
42384+#include <linux/gracl.h>
42385+#include <linux/grdefs.h>
42386+#include <linux/grmsg.h>
42387+
42388+void gr_add_learn_entry(const char *fmt, ...)
42389+ __attribute__ ((format (printf, 1, 2)));
42390+__u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
42391+ const struct vfsmount *mnt);
42392+__u32 gr_check_create(const struct dentry *new_dentry,
42393+ const struct dentry *parent,
42394+ const struct vfsmount *mnt, const __u32 mode);
42395+int gr_check_protected_task(const struct task_struct *task);
42396+__u32 to_gr_audit(const __u32 reqmode);
42397+int gr_set_acls(const int type);
42398+
42399+int gr_acl_is_enabled(void);
42400+char gr_roletype_to_char(void);
42401+
42402+void gr_handle_alertkill(struct task_struct *task);
42403+char *gr_to_filename(const struct dentry *dentry,
42404+ const struct vfsmount *mnt);
42405+char *gr_to_filename1(const struct dentry *dentry,
42406+ const struct vfsmount *mnt);
42407+char *gr_to_filename2(const struct dentry *dentry,
42408+ const struct vfsmount *mnt);
42409+char *gr_to_filename3(const struct dentry *dentry,
42410+ const struct vfsmount *mnt);
42411+
42412+extern int grsec_enable_harden_ptrace;
42413+extern int grsec_enable_link;
42414+extern int grsec_enable_fifo;
42415+extern int grsec_enable_execve;
42416+extern int grsec_enable_shm;
42417+extern int grsec_enable_execlog;
42418+extern int grsec_enable_signal;
42419+extern int grsec_enable_forkfail;
42420+extern int grsec_enable_time;
42421+extern int grsec_enable_rofs;
42422+extern int grsec_enable_chroot_shmat;
42423+extern int grsec_enable_chroot_findtask;
42424+extern int grsec_enable_chroot_mount;
42425+extern int grsec_enable_chroot_double;
42426+extern int grsec_enable_chroot_pivot;
42427+extern int grsec_enable_chroot_chdir;
42428+extern int grsec_enable_chroot_chmod;
42429+extern int grsec_enable_chroot_mknod;
42430+extern int grsec_enable_chroot_fchdir;
42431+extern int grsec_enable_chroot_nice;
42432+extern int grsec_enable_chroot_execlog;
42433+extern int grsec_enable_chroot_caps;
42434+extern int grsec_enable_chroot_sysctl;
42435+extern int grsec_enable_chroot_unix;
42436+extern int grsec_enable_tpe;
42437+extern int grsec_tpe_gid;
42438+extern int grsec_enable_tpe_all;
42439+extern int grsec_enable_sidcaps;
42440+extern int grsec_enable_socket_all;
42441+extern int grsec_socket_all_gid;
42442+extern int grsec_enable_socket_client;
42443+extern int grsec_socket_client_gid;
42444+extern int grsec_enable_socket_server;
42445+extern int grsec_socket_server_gid;
42446+extern int grsec_audit_gid;
42447+extern int grsec_enable_group;
42448+extern int grsec_enable_audit_textrel;
42449+extern int grsec_enable_mount;
42450+extern int grsec_enable_chdir;
42451+extern int grsec_resource_logging;
42452+extern int grsec_lock;
42453+
42454+extern spinlock_t grsec_alert_lock;
42455+extern unsigned long grsec_alert_wtime;
42456+extern unsigned long grsec_alert_fyet;
42457+
42458+extern spinlock_t grsec_audit_lock;
42459+
42460+extern rwlock_t grsec_exec_file_lock;
42461+
42462+#define gr_task_fullpath(tsk) (tsk->exec_file ? \
42463+ gr_to_filename2(tsk->exec_file->f_path.dentry, \
42464+ tsk->exec_file->f_vfsmnt) : "/")
42465+
42466+#define gr_parent_task_fullpath(tsk) (tsk->parent->exec_file ? \
42467+ gr_to_filename3(tsk->parent->exec_file->f_path.dentry, \
42468+ tsk->parent->exec_file->f_vfsmnt) : "/")
42469+
42470+#define gr_task_fullpath0(tsk) (tsk->exec_file ? \
42471+ gr_to_filename(tsk->exec_file->f_path.dentry, \
42472+ tsk->exec_file->f_vfsmnt) : "/")
42473+
42474+#define gr_parent_task_fullpath0(tsk) (tsk->parent->exec_file ? \
42475+ gr_to_filename1(tsk->parent->exec_file->f_path.dentry, \
42476+ tsk->parent->exec_file->f_vfsmnt) : "/")
42477+
42478+#define proc_is_chrooted(tsk_a) ((tsk_a->pid > 1) && (tsk_a->fs != NULL) && \
42479+ ((init_task.fs->root.dentry != tsk_a->fs->root.dentry) && \
42480+ (tsk_a->nsproxy->mnt_ns->root->mnt_root != \
42481+ tsk_a->fs->root.dentry)))
42482+
42483+#define have_same_root(tsk_a,tsk_b) ((tsk_a->fs != NULL) && (tsk_b->fs != NULL) && \
42484+ (tsk_a->fs->root.dentry == tsk_b->fs->root.dentry))
42485+
42486+#define DEFAULTSECARGS(task, cred, pcred) gr_task_fullpath(task), task->comm, \
42487+ task->pid, cred->uid, \
42488+ cred->euid, cred->gid, cred->egid, \
42489+ gr_parent_task_fullpath(task), \
42490+ task->parent->comm, task->parent->pid, \
42491+ pcred->uid, pcred->euid, \
42492+ pcred->gid, pcred->egid
42493+
42494+#define GR_CHROOT_CAPS {{ \
42495+ CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
42496+ CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
42497+ CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
42498+ CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
42499+ CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
42500+ CAP_TO_MASK(CAP_IPC_OWNER) , 0 }}
42501+
42502+#define security_learn(normal_msg,args...) \
42503+({ \
42504+ read_lock(&grsec_exec_file_lock); \
42505+ gr_add_learn_entry(normal_msg "\n", ## args); \
42506+ read_unlock(&grsec_exec_file_lock); \
42507+})
42508+
42509+enum {
42510+ GR_DO_AUDIT,
42511+ GR_DONT_AUDIT,
42512+ GR_DONT_AUDIT_GOOD
42513+};
42514+
42515+enum {
42516+ GR_TTYSNIFF,
42517+ GR_RBAC,
42518+ GR_RBAC_STR,
42519+ GR_STR_RBAC,
42520+ GR_RBAC_MODE2,
42521+ GR_RBAC_MODE3,
42522+ GR_FILENAME,
42523+ GR_SYSCTL_HIDDEN,
42524+ GR_NOARGS,
42525+ GR_ONE_INT,
42526+ GR_ONE_INT_TWO_STR,
42527+ GR_ONE_STR,
42528+ GR_STR_INT,
42529+ GR_TWO_INT,
42530+ GR_THREE_INT,
42531+ GR_FIVE_INT_TWO_STR,
42532+ GR_TWO_STR,
42533+ GR_THREE_STR,
42534+ GR_FOUR_STR,
42535+ GR_STR_FILENAME,
42536+ GR_FILENAME_STR,
42537+ GR_FILENAME_TWO_INT,
42538+ GR_FILENAME_TWO_INT_STR,
42539+ GR_TEXTREL,
42540+ GR_PTRACE,
42541+ GR_RESOURCE,
42542+ GR_CAP,
42543+ GR_SIG,
42544+ GR_SIG2,
42545+ GR_CRASH1,
42546+ GR_CRASH2,
42547+ GR_PSACCT
42548+};
42549+
42550+#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str)
42551+#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task)
42552+#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt)
42553+#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str)
42554+#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt)
42555+#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2)
42556+#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3)
42557+#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt)
42558+#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS)
42559+#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num)
42560+#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2)
42561+#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str)
42562+#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num)
42563+#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2)
42564+#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3)
42565+#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2)
42566+#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2)
42567+#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3)
42568+#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4)
42569+#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt)
42570+#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)
42571+#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)
42572+#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)
42573+#define gr_log_textrel_ulong_ulong(audit, msg, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, file, ulong1, ulong2)
42574+#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)
42575+#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)
42576+#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)
42577+#define gr_log_sig_addr(audit, msg, str, addr) gr_log_varargs(audit, msg, GR_SIG, str, addr)
42578+#define gr_log_sig_task(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG2, task, num)
42579+#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong)
42580+#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1)
42581+#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9)
42582+
42583+void gr_log_varargs(int audit, const char *msg, int argtypes, ...);
42584+
42585+#endif
42586+
42587+#endif
42588diff -urNp linux-2.6.32.8/include/linux/grmsg.h linux-2.6.32.8/include/linux/grmsg.h
42589--- linux-2.6.32.8/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500
42590+++ linux-2.6.32.8/include/linux/grmsg.h 2010-02-13 21:45:10.752856831 -0500
42591@@ -0,0 +1,107 @@
42592+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
42593+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
42594+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
42595+#define GR_STOPMOD_MSG "denied modification of module state by "
42596+#define GR_ROFS_BLOCKWRITE_MSG "denied write to block device %.950s by "
42597+#define GR_ROFS_MOUNT_MSG "denied writable mount of %.950s by "
42598+#define GR_IOPERM_MSG "denied use of ioperm() by "
42599+#define GR_IOPL_MSG "denied use of iopl() by "
42600+#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by "
42601+#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by "
42602+#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by "
42603+#define GR_KMEM_MSG "denied write of /dev/kmem by "
42604+#define GR_PORT_OPEN_MSG "denied open of /dev/port by "
42605+#define GR_MEM_WRITE_MSG "denied write of /dev/mem by "
42606+#define GR_MEM_MMAP_MSG "denied mmap write of /dev/[k]mem by "
42607+#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by "
42608+#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%pI4"
42609+#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%pI4"
42610+#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by "
42611+#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by "
42612+#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by "
42613+#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by "
42614+#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by "
42615+#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by "
42616+#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by "
42617+#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%pI4 %.480s[%.16s:%d], parent %.480s[%.16s:%d] against "
42618+#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by "
42619+#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by "
42620+#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by "
42621+#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by "
42622+#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for "
42623+#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by "
42624+#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by "
42625+#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by "
42626+#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by "
42627+#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
42628+#define GR_NPROC_MSG "denied overstep of process limit by "
42629+#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
42630+#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by "
42631+#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
42632+#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds"
42633+#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by "
42634+#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by "
42635+#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by "
42636+#define GR_ATIME_ACL_MSG "%s access time change of %.950s by "
42637+#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by "
42638+#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by "
42639+#define GR_FCHMOD_ACL_MSG "%s fchmod of %.950s by "
42640+#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
42641+#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
42642+#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
42643+#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
42644+#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by "
42645+#define GR_INITF_ACL_MSG "init_variables() failed %s by "
42646+#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
42647+#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbaged by "
42648+#define GR_SHUTS_ACL_MSG "shutdown auth success for "
42649+#define GR_SHUTF_ACL_MSG "shutdown auth failure for "
42650+#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for "
42651+#define GR_SEGVMODS_ACL_MSG "segvmod auth success for "
42652+#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for "
42653+#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for "
42654+#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by "
42655+#define GR_ENABLEF_ACL_MSG "unable to load %s for "
42656+#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system"
42657+#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by "
42658+#define GR_RELOADF_ACL_MSG "failed reload of %s for "
42659+#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for "
42660+#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by "
42661+#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by "
42662+#define GR_SPROLEF_ACL_MSG "special role %s failure for "
42663+#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for "
42664+#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by "
42665+#define GR_UNSPROLEF_ACL_MSG "special role unauth of %s failure for "
42666+#define GR_INVMODE_ACL_MSG "invalid mode %d by "
42667+#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by "
42668+#define GR_FAILFORK_MSG "failed fork with errno %d by "
42669+#define GR_NICE_CHROOT_MSG "denied priority change by "
42670+#define GR_UNISIGLOG_MSG "%.32s occurred at %p in "
42671+#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by "
42672+#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by "
42673+#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by "
42674+#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by "
42675+#define GR_TIME_MSG "time set by "
42676+#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by "
42677+#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by "
42678+#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by "
42679+#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by "
42680+#define GR_SOCK2_MSG "denied socket(%d,%.16s,%.16s) by "
42681+#define GR_BIND_MSG "denied bind() by "
42682+#define GR_CONNECT_MSG "denied connect() by "
42683+#define GR_BIND_ACL_MSG "denied bind() to %pI4 port %u sock type %.16s protocol %.16s by "
42684+#define GR_CONNECT_ACL_MSG "denied connect() to %pI4 port %u sock type %.16s protocol %.16s by "
42685+#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4"
42686+#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
42687+#define GR_CAP_ACL_MSG "use of %s denied for "
42688+#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
42689+#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
42690+#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by "
42691+#define GR_UNMOUNT_AUDIT_MSG "unmount of %.256s by "
42692+#define GR_MOUNT_AUDIT_MSG "mount of %.256s to %.256s by "
42693+#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by "
42694+#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by "
42695+#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
42696+#define GR_TEXTREL_AUDIT_MSG "text relocation in %s, VMA:0x%08lx 0x%08lx by "
42697+#define GR_NONROOT_MODLOAD_MSG "denied kernel module auto-load of %.64s by "
42698+#define GR_VM86_MSG "denied use of vm86 by "
42699diff -urNp linux-2.6.32.8/include/linux/grsecurity.h linux-2.6.32.8/include/linux/grsecurity.h
42700--- linux-2.6.32.8/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
42701+++ linux-2.6.32.8/include/linux/grsecurity.h 2010-02-13 21:45:10.753997066 -0500
42702@@ -0,0 +1,200 @@
42703+#ifndef GR_SECURITY_H
42704+#define GR_SECURITY_H
42705+#include <linux/fs.h>
42706+#include <linux/fs_struct.h>
42707+#include <linux/binfmts.h>
42708+#include <linux/gracl.h>
42709+
42710+/* notify of brain-dead configs */
42711+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
42712+#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
42713+#endif
42714+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
42715+#error "CONFIG_PAX_NOEXEC enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
42716+#endif
42717+#if defined(CONFIG_PAX_ASLR) && (defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
42718+#error "CONFIG_PAX_ASLR enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
42719+#endif
42720+#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
42721+#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
42722+#endif
42723+#if defined(CONFIG_PAX) && !defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_ASLR)
42724+#error "CONFIG_PAX enabled, but no PaX options are enabled."
42725+#endif
42726+
42727+void gr_handle_brute_attach(struct task_struct *p);
42728+void gr_handle_brute_check(void);
42729+
42730+char gr_roletype_to_char(void);
42731+
42732+int gr_check_user_change(int real, int effective, int fs);
42733+int gr_check_group_change(int real, int effective, int fs);
42734+
42735+void gr_del_task_from_ip_table(struct task_struct *p);
42736+
42737+int gr_pid_is_chrooted(struct task_struct *p);
42738+int gr_handle_chroot_nice(void);
42739+int gr_handle_chroot_sysctl(const int op);
42740+int gr_handle_chroot_setpriority(struct task_struct *p,
42741+ const int niceval);
42742+int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
42743+int gr_handle_chroot_chroot(const struct dentry *dentry,
42744+ const struct vfsmount *mnt);
42745+int gr_handle_chroot_caps(struct path *path);
42746+void gr_handle_chroot_chdir(struct path *path);
42747+int gr_handle_chroot_chmod(const struct dentry *dentry,
42748+ const struct vfsmount *mnt, const int mode);
42749+int gr_handle_chroot_mknod(const struct dentry *dentry,
42750+ const struct vfsmount *mnt, const int mode);
42751+int gr_handle_chroot_mount(const struct dentry *dentry,
42752+ const struct vfsmount *mnt,
42753+ const char *dev_name);
42754+int gr_handle_chroot_pivot(void);
42755+int gr_handle_chroot_unix(const pid_t pid);
42756+
42757+int gr_handle_rawio(const struct inode *inode);
42758+int gr_handle_nproc(void);
42759+
42760+void gr_handle_ioperm(void);
42761+void gr_handle_iopl(void);
42762+
42763+int gr_tpe_allow(const struct file *file);
42764+
42765+int gr_random_pid(void);
42766+
42767+void gr_log_forkfail(const int retval);
42768+void gr_log_timechange(void);
42769+void gr_log_signal(const int sig, const void *addr, const struct task_struct *t);
42770+void gr_log_chdir(const struct dentry *dentry,
42771+ const struct vfsmount *mnt);
42772+void gr_log_chroot_exec(const struct dentry *dentry,
42773+ const struct vfsmount *mnt);
42774+void gr_handle_exec_args(struct linux_binprm *bprm, char **argv);
42775+void gr_log_remount(const char *devname, const int retval);
42776+void gr_log_unmount(const char *devname, const int retval);
42777+void gr_log_mount(const char *from, const char *to, const int retval);
42778+void gr_log_textrel(struct vm_area_struct *vma);
42779+
42780+int gr_handle_follow_link(const struct inode *parent,
42781+ const struct inode *inode,
42782+ const struct dentry *dentry,
42783+ const struct vfsmount *mnt);
42784+int gr_handle_fifo(const struct dentry *dentry,
42785+ const struct vfsmount *mnt,
42786+ const struct dentry *dir, const int flag,
42787+ const int acc_mode);
42788+int gr_handle_hardlink(const struct dentry *dentry,
42789+ const struct vfsmount *mnt,
42790+ struct inode *inode,
42791+ const int mode, const char *to);
42792+
42793+int gr_is_capable(const int cap);
42794+int gr_is_capable_nolog(const int cap);
42795+void gr_learn_resource(const struct task_struct *task, const int limit,
42796+ const unsigned long wanted, const int gt);
42797+void gr_copy_label(struct task_struct *tsk);
42798+void gr_handle_crash(struct task_struct *task, const int sig);
42799+int gr_handle_signal(const struct task_struct *p, const int sig);
42800+int gr_check_crash_uid(const uid_t uid);
42801+int gr_check_protected_task(const struct task_struct *task);
42802+int gr_acl_handle_mmap(const struct file *file,
42803+ const unsigned long prot);
42804+int gr_acl_handle_mprotect(const struct file *file,
42805+ const unsigned long prot);
42806+int gr_check_hidden_task(const struct task_struct *tsk);
42807+__u32 gr_acl_handle_truncate(const struct dentry *dentry,
42808+ const struct vfsmount *mnt);
42809+__u32 gr_acl_handle_utime(const struct dentry *dentry,
42810+ const struct vfsmount *mnt);
42811+__u32 gr_acl_handle_access(const struct dentry *dentry,
42812+ const struct vfsmount *mnt, const int fmode);
42813+__u32 gr_acl_handle_fchmod(const struct dentry *dentry,
42814+ const struct vfsmount *mnt, mode_t mode);
42815+__u32 gr_acl_handle_chmod(const struct dentry *dentry,
42816+ const struct vfsmount *mnt, mode_t mode);
42817+__u32 gr_acl_handle_chown(const struct dentry *dentry,
42818+ const struct vfsmount *mnt);
42819+int gr_handle_ptrace(struct task_struct *task, const long request);
42820+int gr_handle_proc_ptrace(struct task_struct *task);
42821+__u32 gr_acl_handle_execve(const struct dentry *dentry,
42822+ const struct vfsmount *mnt);
42823+int gr_check_crash_exec(const struct file *filp);
42824+int gr_acl_is_enabled(void);
42825+void gr_set_kernel_label(struct task_struct *task);
42826+void gr_set_role_label(struct task_struct *task, const uid_t uid,
42827+ const gid_t gid);
42828+int gr_set_proc_label(const struct dentry *dentry,
42829+ const struct vfsmount *mnt,
42830+ const int unsafe_share);
42831+__u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
42832+ const struct vfsmount *mnt);
42833+__u32 gr_acl_handle_open(const struct dentry *dentry,
42834+ const struct vfsmount *mnt, const int fmode);
42835+__u32 gr_acl_handle_creat(const struct dentry *dentry,
42836+ const struct dentry *p_dentry,
42837+ const struct vfsmount *p_mnt, const int fmode,
42838+ const int imode);
42839+void gr_handle_create(const struct dentry *dentry,
42840+ const struct vfsmount *mnt);
42841+__u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
42842+ const struct dentry *parent_dentry,
42843+ const struct vfsmount *parent_mnt,
42844+ const int mode);
42845+__u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
42846+ const struct dentry *parent_dentry,
42847+ const struct vfsmount *parent_mnt);
42848+__u32 gr_acl_handle_rmdir(const struct dentry *dentry,
42849+ const struct vfsmount *mnt);
42850+void gr_handle_delete(const ino_t ino, const dev_t dev);
42851+__u32 gr_acl_handle_unlink(const struct dentry *dentry,
42852+ const struct vfsmount *mnt);
42853+__u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
42854+ const struct dentry *parent_dentry,
42855+ const struct vfsmount *parent_mnt,
42856+ const char *from);
42857+__u32 gr_acl_handle_link(const struct dentry *new_dentry,
42858+ const struct dentry *parent_dentry,
42859+ const struct vfsmount *parent_mnt,
42860+ const struct dentry *old_dentry,
42861+ const struct vfsmount *old_mnt, const char *to);
42862+int gr_acl_handle_rename(struct dentry *new_dentry,
42863+ struct dentry *parent_dentry,
42864+ const struct vfsmount *parent_mnt,
42865+ struct dentry *old_dentry,
42866+ struct inode *old_parent_inode,
42867+ struct vfsmount *old_mnt, const char *newname);
42868+void gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
42869+ struct dentry *old_dentry,
42870+ struct dentry *new_dentry,
42871+ struct vfsmount *mnt, const __u8 replace);
42872+__u32 gr_check_link(const struct dentry *new_dentry,
42873+ const struct dentry *parent_dentry,
42874+ const struct vfsmount *parent_mnt,
42875+ const struct dentry *old_dentry,
42876+ const struct vfsmount *old_mnt);
42877+int gr_acl_handle_filldir(const struct file *file, const char *name,
42878+ const unsigned int namelen, const ino_t ino);
42879+
42880+__u32 gr_acl_handle_unix(const struct dentry *dentry,
42881+ const struct vfsmount *mnt);
42882+void gr_acl_handle_exit(void);
42883+void gr_acl_handle_psacct(struct task_struct *task, const long code);
42884+int gr_acl_handle_procpidmem(const struct task_struct *task);
42885+int gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags);
42886+int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode);
42887+
42888+#ifdef CONFIG_GRKERNSEC
42889+void gr_log_nonroot_mod_load(const char *modname);
42890+void gr_handle_vm86(void);
42891+void gr_handle_mem_write(void);
42892+void gr_handle_kmem_write(void);
42893+void gr_handle_open_port(void);
42894+int gr_handle_mem_mmap(const unsigned long offset,
42895+ struct vm_area_struct *vma);
42896+
42897+extern int grsec_enable_dmesg;
42898+extern int grsec_enable_randsrc;
42899+extern int grsec_enable_shm;
42900+#endif
42901+
42902+#endif
42903diff -urNp linux-2.6.32.8/include/linux/hdpu_features.h linux-2.6.32.8/include/linux/hdpu_features.h
42904--- linux-2.6.32.8/include/linux/hdpu_features.h 2010-02-09 07:57:19.000000000 -0500
42905+++ linux-2.6.32.8/include/linux/hdpu_features.h 2010-02-13 21:45:10.753997066 -0500
42906@@ -3,7 +3,7 @@
42907 struct cpustate_t {
42908 spinlock_t lock;
42909 int excl;
42910- int open_count;
42911+ atomic_t open_count;
42912 unsigned char cached_val;
42913 int inited;
42914 unsigned long *set_addr;
42915diff -urNp linux-2.6.32.8/include/linux/highmem.h linux-2.6.32.8/include/linux/highmem.h
42916--- linux-2.6.32.8/include/linux/highmem.h 2010-02-09 07:57:19.000000000 -0500
42917+++ linux-2.6.32.8/include/linux/highmem.h 2010-02-13 21:45:10.753997066 -0500
42918@@ -137,6 +137,18 @@ static inline void clear_highpage(struct
42919 kunmap_atomic(kaddr, KM_USER0);
42920 }
42921
42922+static inline void sanitize_highpage(struct page *page)
42923+{
42924+ void *kaddr;
42925+ unsigned long flags;
42926+
42927+ local_irq_save(flags);
42928+ kaddr = kmap_atomic(page, KM_CLEARPAGE);
42929+ clear_page(kaddr);
42930+ kunmap_atomic(kaddr, KM_CLEARPAGE);
42931+ local_irq_restore(flags);
42932+}
42933+
42934 static inline void zero_user_segments(struct page *page,
42935 unsigned start1, unsigned end1,
42936 unsigned start2, unsigned end2)
42937diff -urNp linux-2.6.32.8/include/linux/init_task.h linux-2.6.32.8/include/linux/init_task.h
42938--- linux-2.6.32.8/include/linux/init_task.h 2010-02-09 07:57:19.000000000 -0500
42939+++ linux-2.6.32.8/include/linux/init_task.h 2010-02-13 21:45:10.753997066 -0500
42940@@ -115,6 +115,13 @@ extern struct cred init_cred;
42941 # define INIT_PERF_EVENTS(tsk)
42942 #endif
42943
42944+#ifdef CONFIG_GRKERNSEC
42945+# define INIT_GR_FS_LOCK \
42946+ .gr_fs_lock = __RW_LOCK_UNLOCKED(gr_fs_lock),
42947+#else
42948+# define INIT_GR_FS_LOCK
42949+#endif
42950+
42951 /*
42952 * INIT_TASK is used to set up the first task table, touch at
42953 * your own risk!. Base=0, limit=0x1fffff (=2MB)
42954@@ -184,6 +191,7 @@ extern struct cred init_cred;
42955 INIT_FTRACE_GRAPH \
42956 INIT_TRACE_RECURSION \
42957 INIT_TASK_RCU_PREEMPT(tsk) \
42958+ INIT_GR_FS_LOCK \
42959 }
42960
42961
42962diff -urNp linux-2.6.32.8/include/linux/interrupt.h linux-2.6.32.8/include/linux/interrupt.h
42963--- linux-2.6.32.8/include/linux/interrupt.h 2010-02-09 07:57:19.000000000 -0500
42964+++ linux-2.6.32.8/include/linux/interrupt.h 2010-02-13 21:45:10.753997066 -0500
42965@@ -357,7 +357,7 @@ enum
42966 /* map softirq index to softirq name. update 'softirq_to_name' in
42967 * kernel/softirq.c when adding a new softirq.
42968 */
42969-extern char *softirq_to_name[NR_SOFTIRQS];
42970+extern const char * const softirq_to_name[NR_SOFTIRQS];
42971
42972 /* softirq mask and active fields moved to irq_cpustat_t in
42973 * asm/hardirq.h to get better cache usage. KAO
42974diff -urNp linux-2.6.32.8/include/linux/jbd2.h linux-2.6.32.8/include/linux/jbd2.h
42975--- linux-2.6.32.8/include/linux/jbd2.h 2010-02-09 07:57:19.000000000 -0500
42976+++ linux-2.6.32.8/include/linux/jbd2.h 2010-02-13 21:45:10.754965648 -0500
42977@@ -66,7 +66,7 @@ extern u8 jbd2_journal_enable_debug;
42978 } \
42979 } while (0)
42980 #else
42981-#define jbd_debug(f, a...) /**/
42982+#define jbd_debug(f, a...) do {} while (0)
42983 #endif
42984
42985 static inline void *jbd2_alloc(size_t size, gfp_t flags)
42986diff -urNp linux-2.6.32.8/include/linux/jbd.h linux-2.6.32.8/include/linux/jbd.h
42987--- linux-2.6.32.8/include/linux/jbd.h 2010-02-09 07:57:19.000000000 -0500
42988+++ linux-2.6.32.8/include/linux/jbd.h 2010-02-13 21:45:10.754965648 -0500
42989@@ -66,7 +66,7 @@ extern u8 journal_enable_debug;
42990 } \
42991 } while (0)
42992 #else
42993-#define jbd_debug(f, a...) /**/
42994+#define jbd_debug(f, a...) do {} while (0)
42995 #endif
42996
42997 static inline void *jbd_alloc(size_t size, gfp_t flags)
42998diff -urNp linux-2.6.32.8/include/linux/kallsyms.h linux-2.6.32.8/include/linux/kallsyms.h
42999--- linux-2.6.32.8/include/linux/kallsyms.h 2010-02-09 07:57:19.000000000 -0500
43000+++ linux-2.6.32.8/include/linux/kallsyms.h 2010-02-13 21:45:10.754965648 -0500
43001@@ -15,7 +15,8 @@
43002
43003 struct module;
43004
43005-#ifdef CONFIG_KALLSYMS
43006+#ifndef __INCLUDED_BY_HIDESYM
43007+#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
43008 /* Lookup the address for a symbol. Returns 0 if not found. */
43009 unsigned long kallsyms_lookup_name(const char *name);
43010
43011@@ -92,6 +93,9 @@ static inline int lookup_symbol_attrs(un
43012 /* Stupid that this does nothing, but I didn't create this mess. */
43013 #define __print_symbol(fmt, addr)
43014 #endif /*CONFIG_KALLSYMS*/
43015+#else /* when included by kallsyms.c, with HIDESYM enabled */
43016+extern void __print_symbol(const char *fmt, unsigned long address);
43017+#endif
43018
43019 /* This macro allows us to keep printk typechecking */
43020 static void __check_printsym_format(const char *fmt, ...)
43021diff -urNp linux-2.6.32.8/include/linux/kgdb.h linux-2.6.32.8/include/linux/kgdb.h
43022--- linux-2.6.32.8/include/linux/kgdb.h 2010-02-09 07:57:19.000000000 -0500
43023+++ linux-2.6.32.8/include/linux/kgdb.h 2010-02-13 21:45:10.755925856 -0500
43024@@ -251,20 +251,20 @@ struct kgdb_arch {
43025 */
43026 struct kgdb_io {
43027 const char *name;
43028- int (*read_char) (void);
43029- void (*write_char) (u8);
43030- void (*flush) (void);
43031- int (*init) (void);
43032- void (*pre_exception) (void);
43033- void (*post_exception) (void);
43034+ int (* const read_char) (void);
43035+ void (* const write_char) (u8);
43036+ void (* const flush) (void);
43037+ int (* const init) (void);
43038+ void (* const pre_exception) (void);
43039+ void (* const post_exception) (void);
43040 };
43041
43042-extern struct kgdb_arch arch_kgdb_ops;
43043+extern const struct kgdb_arch arch_kgdb_ops;
43044
43045 extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs);
43046
43047-extern int kgdb_register_io_module(struct kgdb_io *local_kgdb_io_ops);
43048-extern void kgdb_unregister_io_module(struct kgdb_io *local_kgdb_io_ops);
43049+extern int kgdb_register_io_module(const struct kgdb_io *local_kgdb_io_ops);
43050+extern void kgdb_unregister_io_module(const struct kgdb_io *local_kgdb_io_ops);
43051
43052 extern int kgdb_hex2long(char **ptr, unsigned long *long_val);
43053 extern int kgdb_mem2hex(char *mem, char *buf, int count);
43054diff -urNp linux-2.6.32.8/include/linux/kobject.h linux-2.6.32.8/include/linux/kobject.h
43055--- linux-2.6.32.8/include/linux/kobject.h 2010-02-09 07:57:19.000000000 -0500
43056+++ linux-2.6.32.8/include/linux/kobject.h 2010-02-13 21:45:10.755925856 -0500
43057@@ -106,7 +106,7 @@ extern char *kobject_get_path(struct kob
43058
43059 struct kobj_type {
43060 void (*release)(struct kobject *kobj);
43061- struct sysfs_ops *sysfs_ops;
43062+ const struct sysfs_ops *sysfs_ops;
43063 struct attribute **default_attrs;
43064 };
43065
43066@@ -118,9 +118,9 @@ struct kobj_uevent_env {
43067 };
43068
43069 struct kset_uevent_ops {
43070- int (*filter)(struct kset *kset, struct kobject *kobj);
43071- const char *(*name)(struct kset *kset, struct kobject *kobj);
43072- int (*uevent)(struct kset *kset, struct kobject *kobj,
43073+ int (* const filter)(struct kset *kset, struct kobject *kobj);
43074+ const char *(* const name)(struct kset *kset, struct kobject *kobj);
43075+ int (* const uevent)(struct kset *kset, struct kobject *kobj,
43076 struct kobj_uevent_env *env);
43077 };
43078
43079@@ -132,7 +132,7 @@ struct kobj_attribute {
43080 const char *buf, size_t count);
43081 };
43082
43083-extern struct sysfs_ops kobj_sysfs_ops;
43084+extern const struct sysfs_ops kobj_sysfs_ops;
43085
43086 /**
43087 * struct kset - a set of kobjects of a specific type, belonging to a specific subsystem.
43088@@ -155,14 +155,14 @@ struct kset {
43089 struct list_head list;
43090 spinlock_t list_lock;
43091 struct kobject kobj;
43092- struct kset_uevent_ops *uevent_ops;
43093+ const struct kset_uevent_ops *uevent_ops;
43094 };
43095
43096 extern void kset_init(struct kset *kset);
43097 extern int __must_check kset_register(struct kset *kset);
43098 extern void kset_unregister(struct kset *kset);
43099 extern struct kset * __must_check kset_create_and_add(const char *name,
43100- struct kset_uevent_ops *u,
43101+ const struct kset_uevent_ops *u,
43102 struct kobject *parent_kobj);
43103
43104 static inline struct kset *to_kset(struct kobject *kobj)
43105diff -urNp linux-2.6.32.8/include/linux/kvm_host.h linux-2.6.32.8/include/linux/kvm_host.h
43106--- linux-2.6.32.8/include/linux/kvm_host.h 2010-02-09 07:57:19.000000000 -0500
43107+++ linux-2.6.32.8/include/linux/kvm_host.h 2010-02-13 21:45:10.755925856 -0500
43108@@ -205,7 +205,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vc
43109 void vcpu_load(struct kvm_vcpu *vcpu);
43110 void vcpu_put(struct kvm_vcpu *vcpu);
43111
43112-int kvm_init(void *opaque, unsigned int vcpu_size,
43113+int kvm_init(const void *opaque, unsigned int vcpu_size,
43114 struct module *module);
43115 void kvm_exit(void);
43116
43117@@ -311,7 +311,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(
43118 struct kvm_guest_debug *dbg);
43119 int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run);
43120
43121-int kvm_arch_init(void *opaque);
43122+int kvm_arch_init(const void *opaque);
43123 void kvm_arch_exit(void);
43124
43125 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
43126diff -urNp linux-2.6.32.8/include/linux/libata.h linux-2.6.32.8/include/linux/libata.h
43127--- linux-2.6.32.8/include/linux/libata.h 2010-02-09 07:57:19.000000000 -0500
43128+++ linux-2.6.32.8/include/linux/libata.h 2010-02-13 21:45:10.756946201 -0500
43129@@ -64,11 +64,11 @@
43130 #ifdef ATA_VERBOSE_DEBUG
43131 #define VPRINTK(fmt, args...) printk(KERN_ERR "%s: " fmt, __func__, ## args)
43132 #else
43133-#define VPRINTK(fmt, args...)
43134+#define VPRINTK(fmt, args...) do {} while (0)
43135 #endif /* ATA_VERBOSE_DEBUG */
43136 #else
43137-#define DPRINTK(fmt, args...)
43138-#define VPRINTK(fmt, args...)
43139+#define DPRINTK(fmt, args...) do {} while (0)
43140+#define VPRINTK(fmt, args...) do {} while (0)
43141 #endif /* ATA_DEBUG */
43142
43143 #define BPRINTK(fmt, args...) if (ap->flags & ATA_FLAG_DEBUGMSG) printk(KERN_ERR "%s: " fmt, __func__, ## args)
43144@@ -524,11 +524,11 @@ struct ata_ioports {
43145
43146 struct ata_host {
43147 spinlock_t lock;
43148- struct device *dev;
43149+ struct device *dev;
43150 void __iomem * const *iomap;
43151 unsigned int n_ports;
43152 void *private_data;
43153- struct ata_port_operations *ops;
43154+ const struct ata_port_operations *ops;
43155 unsigned long flags;
43156 #ifdef CONFIG_ATA_ACPI
43157 acpi_handle acpi_handle;
43158@@ -709,7 +709,7 @@ struct ata_link {
43159
43160 struct ata_port {
43161 struct Scsi_Host *scsi_host; /* our co-allocated scsi host */
43162- struct ata_port_operations *ops;
43163+ const struct ata_port_operations *ops;
43164 spinlock_t *lock;
43165 /* Flags owned by the EH context. Only EH should touch these once the
43166 port is active */
43167@@ -891,7 +891,7 @@ struct ata_port_info {
43168 unsigned long pio_mask;
43169 unsigned long mwdma_mask;
43170 unsigned long udma_mask;
43171- struct ata_port_operations *port_ops;
43172+ const struct ata_port_operations *port_ops;
43173 void *private_data;
43174 };
43175
43176@@ -915,7 +915,7 @@ extern const unsigned long sata_deb_timi
43177 extern const unsigned long sata_deb_timing_hotplug[];
43178 extern const unsigned long sata_deb_timing_long[];
43179
43180-extern struct ata_port_operations ata_dummy_port_ops;
43181+extern const struct ata_port_operations ata_dummy_port_ops;
43182 extern const struct ata_port_info ata_dummy_port_info;
43183
43184 static inline const unsigned long *
43185@@ -961,7 +961,7 @@ extern int ata_host_activate(struct ata_
43186 struct scsi_host_template *sht);
43187 extern void ata_host_detach(struct ata_host *host);
43188 extern void ata_host_init(struct ata_host *, struct device *,
43189- unsigned long, struct ata_port_operations *);
43190+ unsigned long, const struct ata_port_operations *);
43191 extern int ata_scsi_detect(struct scsi_host_template *sht);
43192 extern int ata_scsi_ioctl(struct scsi_device *dev, int cmd, void __user *arg);
43193 extern int ata_scsi_queuecmd(struct scsi_cmnd *cmd, void (*done)(struct scsi_cmnd *));
43194diff -urNp linux-2.6.32.8/include/linux/lockd/bind.h linux-2.6.32.8/include/linux/lockd/bind.h
43195--- linux-2.6.32.8/include/linux/lockd/bind.h 2010-02-09 07:57:19.000000000 -0500
43196+++ linux-2.6.32.8/include/linux/lockd/bind.h 2010-02-13 21:45:10.756946201 -0500
43197@@ -23,13 +23,13 @@ struct svc_rqst;
43198 * This is the set of functions for lockd->nfsd communication
43199 */
43200 struct nlmsvc_binding {
43201- __be32 (*fopen)(struct svc_rqst *,
43202+ __be32 (* const fopen)(struct svc_rqst *,
43203 struct nfs_fh *,
43204 struct file **);
43205- void (*fclose)(struct file *);
43206+ void (* const fclose)(struct file *);
43207 };
43208
43209-extern struct nlmsvc_binding * nlmsvc_ops;
43210+extern const struct nlmsvc_binding * nlmsvc_ops;
43211
43212 /*
43213 * Similar to nfs_client_initdata, but without the NFS-specific
43214diff -urNp linux-2.6.32.8/include/linux/mm.h linux-2.6.32.8/include/linux/mm.h
43215--- linux-2.6.32.8/include/linux/mm.h 2010-02-09 07:57:19.000000000 -0500
43216+++ linux-2.6.32.8/include/linux/mm.h 2010-02-13 21:45:10.756946201 -0500
43217@@ -106,6 +106,10 @@ extern unsigned int kobjsize(const void
43218 #define VM_PFN_AT_MMAP 0x40000000 /* PFNMAP vma that is fully mapped at mmap time */
43219 #define VM_MERGEABLE 0x80000000 /* KSM may merge identical pages */
43220
43221+#ifdef CONFIG_PAX_PAGEEXEC
43222+#define VM_PAGEEXEC 0x80000000 /* vma->vm_page_prot needs special handling */
43223+#endif
43224+
43225 #ifndef VM_STACK_DEFAULT_FLAGS /* arch can override this */
43226 #define VM_STACK_DEFAULT_FLAGS VM_DATA_DEFAULT_FLAGS
43227 #endif
43228@@ -880,6 +884,8 @@ struct shrinker {
43229 extern void register_shrinker(struct shrinker *);
43230 extern void unregister_shrinker(struct shrinker *);
43231
43232+pgprot_t vm_get_page_prot(unsigned long vm_flags);
43233+
43234 int vma_wants_writenotify(struct vm_area_struct *vma);
43235
43236 extern pte_t *get_locked_pte(struct mm_struct *mm, unsigned long addr, spinlock_t **ptl);
43237@@ -1152,6 +1158,7 @@ out:
43238 }
43239
43240 extern int do_munmap(struct mm_struct *, unsigned long, size_t);
43241+extern int __do_munmap(struct mm_struct *, unsigned long, size_t);
43242
43243 extern unsigned long do_brk(unsigned long, unsigned long);
43244
43245@@ -1206,6 +1213,10 @@ extern struct vm_area_struct * find_vma(
43246 extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
43247 struct vm_area_struct **pprev);
43248
43249+extern struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma);
43250+extern void pax_mirror_vma(struct vm_area_struct *vma_m, struct vm_area_struct *vma);
43251+extern void pax_mirror_file_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl);
43252+
43253 /* Look up the first VMA which intersects the interval start_addr..end_addr-1,
43254 NULL if none. Assume start_addr < end_addr. */
43255 static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
43256@@ -1222,7 +1233,6 @@ static inline unsigned long vma_pages(st
43257 return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT;
43258 }
43259
43260-pgprot_t vm_get_page_prot(unsigned long vm_flags);
43261 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr);
43262 int remap_pfn_range(struct vm_area_struct *, unsigned long addr,
43263 unsigned long pfn, unsigned long size, pgprot_t);
43264@@ -1320,7 +1330,13 @@ extern void memory_failure(unsigned long
43265 extern int __memory_failure(unsigned long pfn, int trapno, int ref);
43266 extern int sysctl_memory_failure_early_kill;
43267 extern int sysctl_memory_failure_recovery;
43268-extern atomic_long_t mce_bad_pages;
43269+extern atomic_long_unchecked_t mce_bad_pages;
43270+
43271+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
43272+extern void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot);
43273+#else
43274+static inline void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot) {}
43275+#endif
43276
43277 #endif /* __KERNEL__ */
43278 #endif /* _LINUX_MM_H */
43279diff -urNp linux-2.6.32.8/include/linux/mm_types.h linux-2.6.32.8/include/linux/mm_types.h
43280--- linux-2.6.32.8/include/linux/mm_types.h 2010-02-09 07:57:19.000000000 -0500
43281+++ linux-2.6.32.8/include/linux/mm_types.h 2010-02-13 21:45:10.758003169 -0500
43282@@ -186,6 +186,8 @@ struct vm_area_struct {
43283 #ifdef CONFIG_NUMA
43284 struct mempolicy *vm_policy; /* NUMA policy for the VMA */
43285 #endif
43286+
43287+ struct vm_area_struct *vm_mirror;/* PaX: mirror vma or NULL */
43288 };
43289
43290 struct core_thread {
43291@@ -287,6 +289,24 @@ struct mm_struct {
43292 #ifdef CONFIG_MMU_NOTIFIER
43293 struct mmu_notifier_mm *mmu_notifier_mm;
43294 #endif
43295+
43296+#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
43297+ unsigned long pax_flags;
43298+#endif
43299+
43300+#ifdef CONFIG_PAX_DLRESOLVE
43301+ unsigned long call_dl_resolve;
43302+#endif
43303+
43304+#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT)
43305+ unsigned long call_syscall;
43306+#endif
43307+
43308+#ifdef CONFIG_PAX_ASLR
43309+ unsigned long delta_mmap; /* randomized offset */
43310+ unsigned long delta_stack; /* randomized offset */
43311+#endif
43312+
43313 };
43314
43315 /* Future-safe accessor for struct mm_struct's cpu_vm_mask. */
43316diff -urNp linux-2.6.32.8/include/linux/mmu_notifier.h linux-2.6.32.8/include/linux/mmu_notifier.h
43317--- linux-2.6.32.8/include/linux/mmu_notifier.h 2010-02-09 07:57:19.000000000 -0500
43318+++ linux-2.6.32.8/include/linux/mmu_notifier.h 2010-02-13 21:45:10.758003169 -0500
43319@@ -235,12 +235,12 @@ static inline void mmu_notifier_mm_destr
43320 */
43321 #define ptep_clear_flush_notify(__vma, __address, __ptep) \
43322 ({ \
43323- pte_t __pte; \
43324+ pte_t ___pte; \
43325 struct vm_area_struct *___vma = __vma; \
43326 unsigned long ___address = __address; \
43327- __pte = ptep_clear_flush(___vma, ___address, __ptep); \
43328+ ___pte = ptep_clear_flush(___vma, ___address, __ptep); \
43329 mmu_notifier_invalidate_page(___vma->vm_mm, ___address); \
43330- __pte; \
43331+ ___pte; \
43332 })
43333
43334 #define ptep_clear_flush_young_notify(__vma, __address, __ptep) \
43335diff -urNp linux-2.6.32.8/include/linux/mod_devicetable.h linux-2.6.32.8/include/linux/mod_devicetable.h
43336--- linux-2.6.32.8/include/linux/mod_devicetable.h 2010-02-09 07:57:19.000000000 -0500
43337+++ linux-2.6.32.8/include/linux/mod_devicetable.h 2010-02-13 21:45:10.758003169 -0500
43338@@ -12,7 +12,7 @@
43339 typedef unsigned long kernel_ulong_t;
43340 #endif
43341
43342-#define PCI_ANY_ID (~0)
43343+#define PCI_ANY_ID ((__u16)~0)
43344
43345 struct pci_device_id {
43346 __u32 vendor, device; /* Vendor and device ID or PCI_ANY_ID*/
43347@@ -131,7 +131,7 @@ struct usb_device_id {
43348 #define USB_DEVICE_ID_MATCH_INT_SUBCLASS 0x0100
43349 #define USB_DEVICE_ID_MATCH_INT_PROTOCOL 0x0200
43350
43351-#define HID_ANY_ID (~0)
43352+#define HID_ANY_ID (~0U)
43353
43354 struct hid_device_id {
43355 __u16 bus;
43356diff -urNp linux-2.6.32.8/include/linux/module.h linux-2.6.32.8/include/linux/module.h
43357--- linux-2.6.32.8/include/linux/module.h 2010-02-09 07:57:19.000000000 -0500
43358+++ linux-2.6.32.8/include/linux/module.h 2010-02-13 21:45:10.758003169 -0500
43359@@ -287,16 +287,16 @@ struct module
43360 int (*init)(void);
43361
43362 /* If this is non-NULL, vfree after init() returns */
43363- void *module_init;
43364+ void *module_init_rx, *module_init_rw;
43365
43366 /* Here is the actual code + data, vfree'd on unload. */
43367- void *module_core;
43368+ void *module_core_rx, *module_core_rw;
43369
43370 /* Here are the sizes of the init and core sections */
43371- unsigned int init_size, core_size;
43372+ unsigned int init_size_rw, core_size_rw;
43373
43374 /* The size of the executable code in each section. */
43375- unsigned int init_text_size, core_text_size;
43376+ unsigned int init_size_rx, core_size_rx;
43377
43378 /* Arch-specific module values */
43379 struct mod_arch_specific arch;
43380@@ -393,16 +393,46 @@ struct module *__module_address(unsigned
43381 bool is_module_address(unsigned long addr);
43382 bool is_module_text_address(unsigned long addr);
43383
43384+static inline int within_module_range(unsigned long addr, void *start, unsigned long size)
43385+{
43386+
43387+#ifdef CONFIG_PAX_KERNEXEC
43388+ if (ktla_ktva(addr) >= (unsigned long)start &&
43389+ ktla_ktva(addr) < (unsigned long)start + size)
43390+ return 1;
43391+#endif
43392+
43393+ return ((void *)addr >= start && (void *)addr < start + size);
43394+}
43395+
43396+static inline int within_module_core_rx(unsigned long addr, struct module *mod)
43397+{
43398+ return within_module_range(addr, mod->module_core_rx, mod->core_size_rx);
43399+}
43400+
43401+static inline int within_module_core_rw(unsigned long addr, struct module *mod)
43402+{
43403+ return within_module_range(addr, mod->module_core_rw, mod->core_size_rw);
43404+}
43405+
43406+static inline int within_module_init_rx(unsigned long addr, struct module *mod)
43407+{
43408+ return within_module_range(addr, mod->module_init_rx, mod->init_size_rx);
43409+}
43410+
43411+static inline int within_module_init_rw(unsigned long addr, struct module *mod)
43412+{
43413+ return within_module_range(addr, mod->module_init_rw, mod->init_size_rw);
43414+}
43415+
43416 static inline int within_module_core(unsigned long addr, struct module *mod)
43417 {
43418- return (unsigned long)mod->module_core <= addr &&
43419- addr < (unsigned long)mod->module_core + mod->core_size;
43420+ return within_module_core_rx(addr, mod) || within_module_core_rw(addr, mod);
43421 }
43422
43423 static inline int within_module_init(unsigned long addr, struct module *mod)
43424 {
43425- return (unsigned long)mod->module_init <= addr &&
43426- addr < (unsigned long)mod->module_init + mod->init_size;
43427+ return within_module_init_rx(addr, mod) || within_module_init_rw(addr, mod);
43428 }
43429
43430 /* Search for module by name: must hold module_mutex. */
43431diff -urNp linux-2.6.32.8/include/linux/moduleloader.h linux-2.6.32.8/include/linux/moduleloader.h
43432--- linux-2.6.32.8/include/linux/moduleloader.h 2010-02-09 07:57:19.000000000 -0500
43433+++ linux-2.6.32.8/include/linux/moduleloader.h 2010-02-13 21:45:10.758003169 -0500
43434@@ -20,9 +20,21 @@ unsigned int arch_mod_section_prepend(st
43435 sections. Returns NULL on failure. */
43436 void *module_alloc(unsigned long size);
43437
43438+#ifdef CONFIG_PAX_KERNEXEC
43439+void *module_alloc_exec(unsigned long size);
43440+#else
43441+#define module_alloc_exec(x) module_alloc(x)
43442+#endif
43443+
43444 /* Free memory returned from module_alloc. */
43445 void module_free(struct module *mod, void *module_region);
43446
43447+#ifdef CONFIG_PAX_KERNEXEC
43448+void module_free_exec(struct module *mod, void *module_region);
43449+#else
43450+#define module_free_exec(x, y) module_free(x, y)
43451+#endif
43452+
43453 /* Apply the given relocation to the (simplified) ELF. Return -error
43454 or 0. */
43455 int apply_relocate(Elf_Shdr *sechdrs,
43456diff -urNp linux-2.6.32.8/include/linux/namei.h linux-2.6.32.8/include/linux/namei.h
43457--- linux-2.6.32.8/include/linux/namei.h 2010-02-09 07:57:19.000000000 -0500
43458+++ linux-2.6.32.8/include/linux/namei.h 2010-02-13 21:45:10.758999633 -0500
43459@@ -22,7 +22,7 @@ struct nameidata {
43460 unsigned int flags;
43461 int last_type;
43462 unsigned depth;
43463- char *saved_names[MAX_NESTED_LINKS + 1];
43464+ const char *saved_names[MAX_NESTED_LINKS + 1];
43465
43466 /* Intent data */
43467 union {
43468@@ -84,12 +84,12 @@ extern int follow_up(struct path *);
43469 extern struct dentry *lock_rename(struct dentry *, struct dentry *);
43470 extern void unlock_rename(struct dentry *, struct dentry *);
43471
43472-static inline void nd_set_link(struct nameidata *nd, char *path)
43473+static inline void nd_set_link(struct nameidata *nd, const char *path)
43474 {
43475 nd->saved_names[nd->depth] = path;
43476 }
43477
43478-static inline char *nd_get_link(struct nameidata *nd)
43479+static inline const char *nd_get_link(const struct nameidata *nd)
43480 {
43481 return nd->saved_names[nd->depth];
43482 }
43483diff -urNp linux-2.6.32.8/include/linux/nodemask.h linux-2.6.32.8/include/linux/nodemask.h
43484--- linux-2.6.32.8/include/linux/nodemask.h 2010-02-09 07:57:19.000000000 -0500
43485+++ linux-2.6.32.8/include/linux/nodemask.h 2010-02-13 21:45:10.758999633 -0500
43486@@ -464,11 +464,11 @@ static inline int num_node_state(enum no
43487
43488 #define any_online_node(mask) \
43489 ({ \
43490- int node; \
43491- for_each_node_mask(node, (mask)) \
43492- if (node_online(node)) \
43493+ int __node; \
43494+ for_each_node_mask(__node, (mask)) \
43495+ if (node_online(__node)) \
43496 break; \
43497- node; \
43498+ __node; \
43499 })
43500
43501 #define num_online_nodes() num_node_state(N_ONLINE)
43502diff -urNp linux-2.6.32.8/include/linux/oprofile.h linux-2.6.32.8/include/linux/oprofile.h
43503--- linux-2.6.32.8/include/linux/oprofile.h 2010-02-09 07:57:19.000000000 -0500
43504+++ linux-2.6.32.8/include/linux/oprofile.h 2010-02-13 21:45:10.758999633 -0500
43505@@ -129,9 +129,9 @@ int oprofilefs_create_ulong(struct super
43506 int oprofilefs_create_ro_ulong(struct super_block * sb, struct dentry * root,
43507 char const * name, ulong * val);
43508
43509-/** Create a file for read-only access to an atomic_t. */
43510+/** Create a file for read-only access to an atomic_unchecked_t. */
43511 int oprofilefs_create_ro_atomic(struct super_block * sb, struct dentry * root,
43512- char const * name, atomic_t * val);
43513+ char const * name, atomic_unchecked_t * val);
43514
43515 /** create a directory */
43516 struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root,
43517diff -urNp linux-2.6.32.8/include/linux/pipe_fs_i.h linux-2.6.32.8/include/linux/pipe_fs_i.h
43518--- linux-2.6.32.8/include/linux/pipe_fs_i.h 2010-02-09 07:57:19.000000000 -0500
43519+++ linux-2.6.32.8/include/linux/pipe_fs_i.h 2010-02-13 21:45:10.758999633 -0500
43520@@ -46,9 +46,9 @@ struct pipe_inode_info {
43521 wait_queue_head_t wait;
43522 unsigned int nrbufs, curbuf;
43523 struct page *tmp_page;
43524- unsigned int readers;
43525- unsigned int writers;
43526- unsigned int waiting_writers;
43527+ atomic_t readers;
43528+ atomic_t writers;
43529+ atomic_t waiting_writers;
43530 unsigned int r_counter;
43531 unsigned int w_counter;
43532 struct fasync_struct *fasync_readers;
43533diff -urNp linux-2.6.32.8/include/linux/poison.h linux-2.6.32.8/include/linux/poison.h
43534--- linux-2.6.32.8/include/linux/poison.h 2010-02-09 07:57:19.000000000 -0500
43535+++ linux-2.6.32.8/include/linux/poison.h 2010-02-13 21:45:10.758999633 -0500
43536@@ -7,8 +7,8 @@
43537 * under normal circumstances, used to verify that nobody uses
43538 * non-initialized list entries.
43539 */
43540-#define LIST_POISON1 ((void *) 0x00100100)
43541-#define LIST_POISON2 ((void *) 0x00200200)
43542+#define LIST_POISON1 ((void *) (long)0xFFFFFF01)
43543+#define LIST_POISON2 ((void *) (long)0xFFFFFF02)
43544
43545 /********** include/linux/timer.h **********/
43546 /*
43547diff -urNp linux-2.6.32.8/include/linux/proc_fs.h linux-2.6.32.8/include/linux/proc_fs.h
43548--- linux-2.6.32.8/include/linux/proc_fs.h 2010-02-09 07:57:19.000000000 -0500
43549+++ linux-2.6.32.8/include/linux/proc_fs.h 2010-02-13 21:45:10.758999633 -0500
43550@@ -155,6 +155,19 @@ static inline struct proc_dir_entry *pro
43551 return proc_create_data(name, mode, parent, proc_fops, NULL);
43552 }
43553
43554+static inline struct proc_dir_entry *proc_create_grsec(const char *name, mode_t mode,
43555+ struct proc_dir_entry *parent, const struct file_operations *proc_fops)
43556+{
43557+#ifdef CONFIG_GRKERNSEC_PROC_USER
43558+ return proc_create_data(name, S_IRUSR, parent, proc_fops, NULL);
43559+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
43560+ return proc_create_data(name, S_IRUSR | S_IRGRP, parent, proc_fops, NULL);
43561+#else
43562+ return proc_create_data(name, mode, parent, proc_fops, NULL);
43563+#endif
43564+}
43565+
43566+
43567 static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
43568 mode_t mode, struct proc_dir_entry *base,
43569 read_proc_t *read_proc, void * data)
43570diff -urNp linux-2.6.32.8/include/linux/random.h linux-2.6.32.8/include/linux/random.h
43571--- linux-2.6.32.8/include/linux/random.h 2010-02-09 07:57:19.000000000 -0500
43572+++ linux-2.6.32.8/include/linux/random.h 2010-02-13 21:45:10.759932710 -0500
43573@@ -74,6 +74,11 @@ unsigned long randomize_range(unsigned l
43574 u32 random32(void);
43575 void srandom32(u32 seed);
43576
43577+static inline unsigned long pax_get_random_long(void)
43578+{
43579+ return random32() + (sizeof(long) > 4 ? (unsigned long)random32() << 32 : 0);
43580+}
43581+
43582 #endif /* __KERNEL___ */
43583
43584 #endif /* _LINUX_RANDOM_H */
43585diff -urNp linux-2.6.32.8/include/linux/reiserfs_fs.h linux-2.6.32.8/include/linux/reiserfs_fs.h
43586--- linux-2.6.32.8/include/linux/reiserfs_fs.h 2010-02-09 07:57:19.000000000 -0500
43587+++ linux-2.6.32.8/include/linux/reiserfs_fs.h 2010-02-13 21:45:10.759932710 -0500
43588@@ -1326,7 +1326,7 @@ static inline loff_t max_reiserfs_offset
43589 #define REISERFS_USER_MEM 1 /* reiserfs user memory mode */
43590
43591 #define fs_generation(s) (REISERFS_SB(s)->s_generation_counter)
43592-#define get_generation(s) atomic_read (&fs_generation(s))
43593+#define get_generation(s) atomic_read_unchecked (&fs_generation(s))
43594 #define FILESYSTEM_CHANGED_TB(tb) (get_generation((tb)->tb_sb) != (tb)->fs_gen)
43595 #define __fs_changed(gen,s) (gen != get_generation (s))
43596 #define fs_changed(gen,s) ({cond_resched(); __fs_changed(gen, s);})
43597@@ -1534,24 +1534,24 @@ static inline struct super_block *sb_fro
43598 */
43599
43600 struct item_operations {
43601- int (*bytes_number) (struct item_head * ih, int block_size);
43602- void (*decrement_key) (struct cpu_key *);
43603- int (*is_left_mergeable) (struct reiserfs_key * ih,
43604+ int (* const bytes_number) (struct item_head * ih, int block_size);
43605+ void (* const decrement_key) (struct cpu_key *);
43606+ int (* const is_left_mergeable) (struct reiserfs_key * ih,
43607 unsigned long bsize);
43608- void (*print_item) (struct item_head *, char *item);
43609- void (*check_item) (struct item_head *, char *item);
43610+ void (* const print_item) (struct item_head *, char *item);
43611+ void (* const check_item) (struct item_head *, char *item);
43612
43613- int (*create_vi) (struct virtual_node * vn, struct virtual_item * vi,
43614+ int (* const create_vi) (struct virtual_node * vn, struct virtual_item * vi,
43615 int is_affected, int insert_size);
43616- int (*check_left) (struct virtual_item * vi, int free,
43617+ int (* const check_left) (struct virtual_item * vi, int free,
43618 int start_skip, int end_skip);
43619- int (*check_right) (struct virtual_item * vi, int free);
43620- int (*part_size) (struct virtual_item * vi, int from, int to);
43621- int (*unit_num) (struct virtual_item * vi);
43622- void (*print_vi) (struct virtual_item * vi);
43623+ int (* const check_right) (struct virtual_item * vi, int free);
43624+ int (* const part_size) (struct virtual_item * vi, int from, int to);
43625+ int (* const unit_num) (struct virtual_item * vi);
43626+ void (* const print_vi) (struct virtual_item * vi);
43627 };
43628
43629-extern struct item_operations *item_ops[TYPE_ANY + 1];
43630+extern const struct item_operations * const item_ops[TYPE_ANY + 1];
43631
43632 #define op_bytes_number(ih,bsize) item_ops[le_ih_k_type (ih)]->bytes_number (ih, bsize)
43633 #define op_is_left_mergeable(key,bsize) item_ops[le_key_k_type (le_key_version (key), key)]->is_left_mergeable (key, bsize)
43634diff -urNp linux-2.6.32.8/include/linux/reiserfs_fs_sb.h linux-2.6.32.8/include/linux/reiserfs_fs_sb.h
43635--- linux-2.6.32.8/include/linux/reiserfs_fs_sb.h 2010-02-09 07:57:19.000000000 -0500
43636+++ linux-2.6.32.8/include/linux/reiserfs_fs_sb.h 2010-02-13 21:45:10.759932710 -0500
43637@@ -377,7 +377,7 @@ struct reiserfs_sb_info {
43638 /* Comment? -Hans */
43639 wait_queue_head_t s_wait;
43640 /* To be obsoleted soon by per buffer seals.. -Hans */
43641- atomic_t s_generation_counter; // increased by one every time the
43642+ atomic_unchecked_t s_generation_counter; // increased by one every time the
43643 // tree gets re-balanced
43644 unsigned long s_properties; /* File system properties. Currently holds
43645 on-disk FS format */
43646diff -urNp linux-2.6.32.8/include/linux/sched.h linux-2.6.32.8/include/linux/sched.h
43647--- linux-2.6.32.8/include/linux/sched.h 2010-02-09 07:57:19.000000000 -0500
43648+++ linux-2.6.32.8/include/linux/sched.h 2010-02-13 21:45:44.096688557 -0500
43649@@ -101,6 +101,7 @@ struct bio;
43650 struct fs_struct;
43651 struct bts_context;
43652 struct perf_event_context;
43653+struct linux_binprm;
43654
43655 /*
43656 * List of flags we want to share for kernel threads,
43657@@ -664,6 +665,15 @@ struct signal_struct {
43658 struct tty_audit_buf *tty_audit_buf;
43659 #endif
43660
43661+#ifdef CONFIG_GRKERNSEC
43662+ u32 curr_ip;
43663+ u32 gr_saddr;
43664+ u32 gr_daddr;
43665+ u16 gr_sport;
43666+ u16 gr_dport;
43667+ u8 used_accept:1;
43668+#endif
43669+
43670 int oom_adj; /* OOM kill score adjustment (bit shift) */
43671 };
43672
43673@@ -1214,7 +1224,7 @@ struct rcu_node;
43674
43675 struct task_struct {
43676 volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */
43677- void *stack;
43678+ struct thread_info *stack;
43679 atomic_t usage;
43680 unsigned int flags; /* per process flags, defined below */
43681 unsigned int ptrace;
43682@@ -1326,8 +1336,8 @@ struct task_struct {
43683 struct list_head thread_group;
43684
43685 struct completion *vfork_done; /* for vfork() */
43686- int __user *set_child_tid; /* CLONE_CHILD_SETTID */
43687- int __user *clear_child_tid; /* CLONE_CHILD_CLEARTID */
43688+ pid_t __user *set_child_tid; /* CLONE_CHILD_SETTID */
43689+ pid_t __user *clear_child_tid; /* CLONE_CHILD_CLEARTID */
43690
43691 cputime_t utime, stime, utimescaled, stimescaled;
43692 cputime_t gtime;
43693@@ -1341,16 +1351,6 @@ struct task_struct {
43694 struct task_cputime cputime_expires;
43695 struct list_head cpu_timers[3];
43696
43697-/* process credentials */
43698- const struct cred *real_cred; /* objective and real subjective task
43699- * credentials (COW) */
43700- const struct cred *cred; /* effective (overridable) subjective task
43701- * credentials (COW) */
43702- struct mutex cred_guard_mutex; /* guard against foreign influences on
43703- * credential calculations
43704- * (notably. ptrace) */
43705- struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */
43706-
43707 char comm[TASK_COMM_LEN]; /* executable name excluding path
43708 - access with [gs]et_task_comm (which lock
43709 it with task_lock())
43710@@ -1434,6 +1434,15 @@ struct task_struct {
43711 int hardirq_context;
43712 int softirq_context;
43713 #endif
43714+
43715+/* process credentials */
43716+ const struct cred *real_cred; /* objective and real subjective task
43717+ * credentials (COW) */
43718+ struct mutex cred_guard_mutex; /* guard against foreign influences on
43719+ * credential calculations
43720+ * (notably. ptrace) */
43721+ struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */
43722+
43723 #ifdef CONFIG_LOCKDEP
43724 # define MAX_LOCK_DEPTH 48UL
43725 u64 curr_chain_key;
43726@@ -1454,6 +1463,9 @@ struct task_struct {
43727
43728 struct backing_dev_info *backing_dev_info;
43729
43730+ const struct cred *cred; /* effective (overridable) subjective task
43731+ * credentials (COW) */
43732+
43733 struct io_context *io_context;
43734
43735 unsigned long ptrace_message;
43736@@ -1517,6 +1529,19 @@ struct task_struct {
43737 unsigned long default_timer_slack_ns;
43738
43739 struct list_head *scm_work_list;
43740+
43741+#ifdef CONFIG_GRKERNSEC
43742+ /* grsecurity */
43743+ rwlock_t gr_fs_lock;
43744+ struct acl_subject_label *acl;
43745+ struct acl_role_label *role;
43746+ struct file *exec_file;
43747+ u16 acl_role_id;
43748+ u8 acl_sp_role;
43749+ u8 is_writable;
43750+ u8 brute;
43751+#endif
43752+
43753 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
43754 /* Index of current stored adress in ret_stack */
43755 int curr_ret_stack;
43756@@ -1541,6 +1566,52 @@ struct task_struct {
43757 unsigned long stack_start;
43758 };
43759
43760+#define MF_PAX_PAGEEXEC 0x01000000 /* Paging based non-executable pages */
43761+#define MF_PAX_EMUTRAMP 0x02000000 /* Emulate trampolines */
43762+#define MF_PAX_MPROTECT 0x04000000 /* Restrict mprotect() */
43763+#define MF_PAX_RANDMMAP 0x08000000 /* Randomize mmap() base */
43764+/*#define MF_PAX_RANDEXEC 0x10000000*/ /* Randomize ET_EXEC base */
43765+#define MF_PAX_SEGMEXEC 0x20000000 /* Segmentation based non-executable pages */
43766+
43767+#ifdef CONFIG_PAX_SOFTMODE
43768+extern unsigned int pax_softmode;
43769+#endif
43770+
43771+extern int pax_check_flags(unsigned long *);
43772+
43773+/* if tsk != current then task_lock must be held on it */
43774+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
43775+static inline unsigned long pax_get_flags(struct task_struct *tsk)
43776+{
43777+ if (likely(tsk->mm))
43778+ return tsk->mm->pax_flags;
43779+ else
43780+ return 0UL;
43781+}
43782+
43783+/* if tsk != current then task_lock must be held on it */
43784+static inline long pax_set_flags(struct task_struct *tsk, unsigned long flags)
43785+{
43786+ if (likely(tsk->mm)) {
43787+ tsk->mm->pax_flags = flags;
43788+ return 0;
43789+ }
43790+ return -EINVAL;
43791+}
43792+#endif
43793+
43794+#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
43795+extern void pax_set_initial_flags(struct linux_binprm *bprm);
43796+#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS)
43797+extern void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
43798+#endif
43799+
43800+void pax_report_fault(struct pt_regs *regs, void *pc, void *sp);
43801+void pax_report_insns(void *pc, void *sp);
43802+void pax_report_refcount_overflow(struct pt_regs *regs);
43803+void pax_report_leak_to_user(const void *ptr, unsigned long len);
43804+void pax_report_overflow_from_user(const void *ptr, unsigned long len);
43805+
43806 /* Future-safe accessor for struct task_struct's cpus_allowed. */
43807 #define tsk_cpumask(tsk) (&(tsk)->cpus_allowed)
43808
43809@@ -2140,7 +2211,7 @@ extern void __cleanup_sighand(struct sig
43810 extern void exit_itimers(struct signal_struct *);
43811 extern void flush_itimer_signals(void);
43812
43813-extern NORET_TYPE void do_group_exit(int);
43814+extern NORET_TYPE void do_group_exit(int) ATTRIB_NORET;
43815
43816 extern void daemonize(const char *, ...);
43817 extern int allow_signal(int);
43818@@ -2242,6 +2313,33 @@ static inline void task_unlock(struct ta
43819 spin_unlock(&p->alloc_lock);
43820 }
43821
43822+/* grsec: protects only ->fs as task_lock is overkill and we can't
43823+ be using a spin_lock in interrupt context
43824+*/
43825+#ifdef CONFIG_GRKERNSEC
43826+#define gr_fs_write_lock_irqsave(x, y) \
43827+ write_lock_irqsave(&x->gr_fs_lock, y)
43828+#define gr_fs_write_unlock_irqrestore(x, y) \
43829+ write_unlock_irqrestore(&x->gr_fs_lock, y)
43830+#else
43831+#define gr_fs_write_lock_irqsave(x, y)
43832+#define gr_fs_write_unlock_irqrestore(x, y)
43833+#endif
43834+
43835+static inline void gr_fs_read_lock(struct task_struct *p)
43836+{
43837+#ifdef CONFIG_GRKERNSEC
43838+ read_lock(&p->gr_fs_lock);
43839+#endif
43840+}
43841+
43842+static inline void gr_fs_read_unlock(struct task_struct *p)
43843+{
43844+#ifdef CONFIG_GRKERNSEC
43845+ read_unlock(&p->gr_fs_lock);
43846+#endif
43847+}
43848+
43849 extern struct sighand_struct *lock_task_sighand(struct task_struct *tsk,
43850 unsigned long *flags);
43851
43852@@ -2253,8 +2351,8 @@ static inline void unlock_task_sighand(s
43853
43854 #ifndef __HAVE_THREAD_FUNCTIONS
43855
43856-#define task_thread_info(task) ((struct thread_info *)(task)->stack)
43857-#define task_stack_page(task) ((task)->stack)
43858+#define task_thread_info(task) ((task)->stack)
43859+#define task_stack_page(task) ((void *)(task)->stack)
43860
43861 static inline void setup_thread_stack(struct task_struct *p, struct task_struct *org)
43862 {
43863@@ -2269,13 +2367,31 @@ static inline unsigned long *end_of_stac
43864
43865 #endif
43866
43867-static inline int object_is_on_stack(void *obj)
43868+static inline int object_starts_on_stack(void *obj)
43869 {
43870- void *stack = task_stack_page(current);
43871+ const void *stack = task_stack_page(current);
43872
43873 return (obj >= stack) && (obj < (stack + THREAD_SIZE));
43874 }
43875
43876+/* 0: not at all, 1: fully, -1: partially (implies an error) */
43877+static inline int object_is_on_stack(const void *obj, unsigned long len)
43878+{
43879+ const void *stack = task_stack_page(current);
43880+ const void *stackend = stack + THREAD_SIZE;
43881+
43882+ if (obj + len < obj)
43883+ return -1;
43884+
43885+ if (stack <= obj && obj + len <= stackend)
43886+ return 1;
43887+
43888+ if (obj + len <= stack || stackend <= obj)
43889+ return 0;
43890+
43891+ return -1;
43892+}
43893+
43894 extern void thread_info_cache_init(void);
43895
43896 #ifdef CONFIG_DEBUG_STACK_USAGE
43897diff -urNp linux-2.6.32.8/include/linux/screen_info.h linux-2.6.32.8/include/linux/screen_info.h
43898--- linux-2.6.32.8/include/linux/screen_info.h 2010-02-09 07:57:19.000000000 -0500
43899+++ linux-2.6.32.8/include/linux/screen_info.h 2010-02-13 21:45:10.760998020 -0500
43900@@ -42,7 +42,8 @@ struct screen_info {
43901 __u16 pages; /* 0x32 */
43902 __u16 vesa_attributes; /* 0x34 */
43903 __u32 capabilities; /* 0x36 */
43904- __u8 _reserved[6]; /* 0x3a */
43905+ __u16 vesapm_size; /* 0x3a */
43906+ __u8 _reserved[4]; /* 0x3c */
43907 } __attribute__((packed));
43908
43909 #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */
43910diff -urNp linux-2.6.32.8/include/linux/security.h linux-2.6.32.8/include/linux/security.h
43911--- linux-2.6.32.8/include/linux/security.h 2010-02-09 07:57:19.000000000 -0500
43912+++ linux-2.6.32.8/include/linux/security.h 2010-02-13 21:45:10.761790439 -0500
43913@@ -34,6 +34,7 @@
43914 #include <linux/key.h>
43915 #include <linux/xfrm.h>
43916 #include <linux/gfp.h>
43917+#include <linux/grsecurity.h>
43918 #include <net/flow.h>
43919
43920 /* Maximum number of letters for an LSM name string */
43921diff -urNp linux-2.6.32.8/include/linux/shm.h linux-2.6.32.8/include/linux/shm.h
43922--- linux-2.6.32.8/include/linux/shm.h 2010-02-09 07:57:19.000000000 -0500
43923+++ linux-2.6.32.8/include/linux/shm.h 2010-02-13 21:45:10.761790439 -0500
43924@@ -95,6 +95,10 @@ struct shmid_kernel /* private to the ke
43925 pid_t shm_cprid;
43926 pid_t shm_lprid;
43927 struct user_struct *mlock_user;
43928+#ifdef CONFIG_GRKERNSEC
43929+ time_t shm_createtime;
43930+ pid_t shm_lapid;
43931+#endif
43932 };
43933
43934 /* shm_mode upper byte flags */
43935diff -urNp linux-2.6.32.8/include/linux/slab.h linux-2.6.32.8/include/linux/slab.h
43936--- linux-2.6.32.8/include/linux/slab.h 2010-02-09 07:57:19.000000000 -0500
43937+++ linux-2.6.32.8/include/linux/slab.h 2010-02-13 21:45:10.761790439 -0500
43938@@ -11,6 +11,7 @@
43939
43940 #include <linux/gfp.h>
43941 #include <linux/types.h>
43942+#include <linux/err.h>
43943
43944 /*
43945 * Flags to pass to kmem_cache_create().
43946@@ -82,10 +83,13 @@
43947 * ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can.
43948 * Both make kfree a no-op.
43949 */
43950-#define ZERO_SIZE_PTR ((void *)16)
43951+#define ZERO_SIZE_PTR \
43952+({ \
43953+ BUILD_BUG_ON(!(MAX_ERRNO & ~PAGE_MASK));\
43954+ (void *)(-MAX_ERRNO-1L); \
43955+})
43956
43957-#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) <= \
43958- (unsigned long)ZERO_SIZE_PTR)
43959+#define ZERO_OR_NULL_PTR(x) (!(x) || (x) == ZERO_SIZE_PTR)
43960
43961 /*
43962 * struct kmem_cache related prototypes
43963@@ -138,6 +142,7 @@ void * __must_check krealloc(const void
43964 void kfree(const void *);
43965 void kzfree(const void *);
43966 size_t ksize(const void *);
43967+void check_object_size(const void *ptr, unsigned long n, bool to);
43968
43969 /*
43970 * Allocator specific definitions. These are mainly used to establish optimized
43971@@ -328,4 +333,37 @@ static inline void *kzalloc_node(size_t
43972
43973 void __init kmem_cache_init_late(void);
43974
43975+#define kmalloc(x, y) \
43976+({ \
43977+ void *___retval; \
43978+ intoverflow_t ___x = (intoverflow_t)x; \
43979+ if (WARN(___x > ULONG_MAX, "kmalloc size overflow\n"))\
43980+ ___retval = NULL; \
43981+ else \
43982+ ___retval = kmalloc((size_t)___x, (y)); \
43983+ ___retval; \
43984+})
43985+
43986+#define kmalloc_node(x, y, z) \
43987+({ \
43988+ void *___retval; \
43989+ intoverflow_t ___x = (intoverflow_t)x; \
43990+ if (WARN(___x > ULONG_MAX, "kmalloc_node size overflow\n"))\
43991+ ___retval = NULL; \
43992+ else \
43993+ ___retval = kmalloc_node((size_t)___x, (y), (z));\
43994+ ___retval; \
43995+})
43996+
43997+#define kzalloc(x, y) \
43998+({ \
43999+ void *___retval; \
44000+ intoverflow_t ___x = (intoverflow_t)x; \
44001+ if (WARN(___x > ULONG_MAX, "kzalloc size overflow\n"))\
44002+ ___retval = NULL; \
44003+ else \
44004+ ___retval = kzalloc((size_t)___x, (y)); \
44005+ ___retval; \
44006+})
44007+
44008 #endif /* _LINUX_SLAB_H */
44009diff -urNp linux-2.6.32.8/include/linux/slub_def.h linux-2.6.32.8/include/linux/slub_def.h
44010--- linux-2.6.32.8/include/linux/slub_def.h 2010-02-09 07:57:19.000000000 -0500
44011+++ linux-2.6.32.8/include/linux/slub_def.h 2010-02-13 21:45:10.761790439 -0500
44012@@ -86,7 +86,7 @@ struct kmem_cache {
44013 struct kmem_cache_order_objects max;
44014 struct kmem_cache_order_objects min;
44015 gfp_t allocflags; /* gfp flags to use on each alloc */
44016- int refcount; /* Refcount for slab cache destroy */
44017+ atomic_t refcount; /* Refcount for slab cache destroy */
44018 void (*ctor)(void *);
44019 int inuse; /* Offset to metadata */
44020 int align; /* Alignment */
44021diff -urNp linux-2.6.32.8/include/linux/sonet.h linux-2.6.32.8/include/linux/sonet.h
44022--- linux-2.6.32.8/include/linux/sonet.h 2010-02-09 07:57:19.000000000 -0500
44023+++ linux-2.6.32.8/include/linux/sonet.h 2010-02-13 21:45:10.762998102 -0500
44024@@ -61,7 +61,7 @@ struct sonet_stats {
44025 #include <asm/atomic.h>
44026
44027 struct k_sonet_stats {
44028-#define __HANDLE_ITEM(i) atomic_t i
44029+#define __HANDLE_ITEM(i) atomic_unchecked_t i
44030 __SONET_ITEMS
44031 #undef __HANDLE_ITEM
44032 };
44033diff -urNp linux-2.6.32.8/include/linux/suspend.h linux-2.6.32.8/include/linux/suspend.h
44034--- linux-2.6.32.8/include/linux/suspend.h 2010-02-09 07:57:19.000000000 -0500
44035+++ linux-2.6.32.8/include/linux/suspend.h 2010-02-13 21:45:10.762998102 -0500
44036@@ -104,15 +104,15 @@ typedef int __bitwise suspend_state_t;
44037 * which require special recovery actions in that situation.
44038 */
44039 struct platform_suspend_ops {
44040- int (*valid)(suspend_state_t state);
44041- int (*begin)(suspend_state_t state);
44042- int (*prepare)(void);
44043- int (*prepare_late)(void);
44044- int (*enter)(suspend_state_t state);
44045- void (*wake)(void);
44046- void (*finish)(void);
44047- void (*end)(void);
44048- void (*recover)(void);
44049+ int (* const valid)(suspend_state_t state);
44050+ int (* const begin)(suspend_state_t state);
44051+ int (* const prepare)(void);
44052+ int (* const prepare_late)(void);
44053+ int (* const enter)(suspend_state_t state);
44054+ void (* const wake)(void);
44055+ void (* const finish)(void);
44056+ void (* const end)(void);
44057+ void (* const recover)(void);
44058 };
44059
44060 #ifdef CONFIG_SUSPEND
44061@@ -120,7 +120,7 @@ struct platform_suspend_ops {
44062 * suspend_set_ops - set platform dependent suspend operations
44063 * @ops: The new suspend operations to set.
44064 */
44065-extern void suspend_set_ops(struct platform_suspend_ops *ops);
44066+extern void suspend_set_ops(const struct platform_suspend_ops *ops);
44067 extern int suspend_valid_only_mem(suspend_state_t state);
44068
44069 /**
44070@@ -145,7 +145,7 @@ extern int pm_suspend(suspend_state_t st
44071 #else /* !CONFIG_SUSPEND */
44072 #define suspend_valid_only_mem NULL
44073
44074-static inline void suspend_set_ops(struct platform_suspend_ops *ops) {}
44075+static inline void suspend_set_ops(const struct platform_suspend_ops *ops) {}
44076 static inline int pm_suspend(suspend_state_t state) { return -ENOSYS; }
44077 #endif /* !CONFIG_SUSPEND */
44078
44079@@ -215,16 +215,16 @@ extern void mark_free_pages(struct zone
44080 * platforms which require special recovery actions in that situation.
44081 */
44082 struct platform_hibernation_ops {
44083- int (*begin)(void);
44084- void (*end)(void);
44085- int (*pre_snapshot)(void);
44086- void (*finish)(void);
44087- int (*prepare)(void);
44088- int (*enter)(void);
44089- void (*leave)(void);
44090- int (*pre_restore)(void);
44091- void (*restore_cleanup)(void);
44092- void (*recover)(void);
44093+ int (* const begin)(void);
44094+ void (* const end)(void);
44095+ int (* const pre_snapshot)(void);
44096+ void (* const finish)(void);
44097+ int (* const prepare)(void);
44098+ int (* const enter)(void);
44099+ void (* const leave)(void);
44100+ int (* const pre_restore)(void);
44101+ void (* const restore_cleanup)(void);
44102+ void (* const recover)(void);
44103 };
44104
44105 #ifdef CONFIG_HIBERNATION
44106@@ -243,7 +243,7 @@ extern void swsusp_set_page_free(struct
44107 extern void swsusp_unset_page_free(struct page *);
44108 extern unsigned long get_safe_page(gfp_t gfp_mask);
44109
44110-extern void hibernation_set_ops(struct platform_hibernation_ops *ops);
44111+extern void hibernation_set_ops(const struct platform_hibernation_ops *ops);
44112 extern int hibernate(void);
44113 extern bool system_entering_hibernation(void);
44114 #else /* CONFIG_HIBERNATION */
44115@@ -251,7 +251,7 @@ static inline int swsusp_page_is_forbidd
44116 static inline void swsusp_set_page_free(struct page *p) {}
44117 static inline void swsusp_unset_page_free(struct page *p) {}
44118
44119-static inline void hibernation_set_ops(struct platform_hibernation_ops *ops) {}
44120+static inline void hibernation_set_ops(const struct platform_hibernation_ops *ops) {}
44121 static inline int hibernate(void) { return -ENOSYS; }
44122 static inline bool system_entering_hibernation(void) { return false; }
44123 #endif /* CONFIG_HIBERNATION */
44124diff -urNp linux-2.6.32.8/include/linux/sysctl.h linux-2.6.32.8/include/linux/sysctl.h
44125--- linux-2.6.32.8/include/linux/sysctl.h 2010-02-09 07:57:19.000000000 -0500
44126+++ linux-2.6.32.8/include/linux/sysctl.h 2010-02-13 21:45:10.762998102 -0500
44127@@ -164,7 +164,11 @@ enum
44128 KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */
44129 };
44130
44131-
44132+#ifdef CONFIG_PAX_SOFTMODE
44133+enum {
44134+ PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */
44135+};
44136+#endif
44137
44138 /* CTL_VM names: */
44139 enum
44140diff -urNp linux-2.6.32.8/include/linux/sysfs.h linux-2.6.32.8/include/linux/sysfs.h
44141--- linux-2.6.32.8/include/linux/sysfs.h 2010-02-09 07:57:19.000000000 -0500
44142+++ linux-2.6.32.8/include/linux/sysfs.h 2010-02-13 21:45:10.762998102 -0500
44143@@ -75,8 +75,8 @@ struct bin_attribute {
44144 };
44145
44146 struct sysfs_ops {
44147- ssize_t (*show)(struct kobject *, struct attribute *,char *);
44148- ssize_t (*store)(struct kobject *,struct attribute *,const char *, size_t);
44149+ ssize_t (* const show)(struct kobject *, struct attribute *,char *);
44150+ ssize_t (* const store)(struct kobject *,struct attribute *,const char *, size_t);
44151 };
44152
44153 struct sysfs_dirent;
44154diff -urNp linux-2.6.32.8/include/linux/thread_info.h linux-2.6.32.8/include/linux/thread_info.h
44155--- linux-2.6.32.8/include/linux/thread_info.h 2010-02-09 07:57:19.000000000 -0500
44156+++ linux-2.6.32.8/include/linux/thread_info.h 2010-02-13 21:45:10.762998102 -0500
44157@@ -23,7 +23,7 @@ struct restart_block {
44158 };
44159 /* For futex_wait and futex_wait_requeue_pi */
44160 struct {
44161- u32 *uaddr;
44162+ u32 __user *uaddr;
44163 u32 val;
44164 u32 flags;
44165 u32 bitset;
44166diff -urNp linux-2.6.32.8/include/linux/tty.h linux-2.6.32.8/include/linux/tty.h
44167--- linux-2.6.32.8/include/linux/tty.h 2010-02-09 07:57:19.000000000 -0500
44168+++ linux-2.6.32.8/include/linux/tty.h 2010-02-13 21:45:10.763999343 -0500
44169@@ -13,6 +13,7 @@
44170 #include <linux/tty_driver.h>
44171 #include <linux/tty_ldisc.h>
44172 #include <linux/mutex.h>
44173+#include <linux/poll.h>
44174
44175 #include <asm/system.h>
44176
44177@@ -432,7 +433,6 @@ extern int tty_perform_flush(struct tty_
44178 extern dev_t tty_devnum(struct tty_struct *tty);
44179 extern void proc_clear_tty(struct task_struct *p);
44180 extern struct tty_struct *get_current_tty(void);
44181-extern void tty_default_fops(struct file_operations *fops);
44182 extern struct tty_struct *alloc_tty_struct(void);
44183 extern void free_tty_struct(struct tty_struct *tty);
44184 extern void initialize_tty_struct(struct tty_struct *tty,
44185@@ -482,6 +482,18 @@ extern void tty_ldisc_begin(void);
44186 /* This last one is just for the tty layer internals and shouldn't be used elsewhere */
44187 extern void tty_ldisc_enable(struct tty_struct *tty);
44188
44189+/* tty_io.c */
44190+extern ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
44191+extern ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
44192+extern unsigned int tty_poll(struct file *, poll_table *);
44193+#ifdef CONFIG_COMPAT
44194+extern long tty_compat_ioctl(struct file *file, unsigned int cmd,
44195+ unsigned long arg);
44196+#else
44197+#define tty_compat_ioctl NULL
44198+#endif
44199+extern int tty_release(struct inode *, struct file *);
44200+extern int tty_fasync(int fd, struct file *filp, int on);
44201
44202 /* n_tty.c */
44203 extern struct tty_ldisc_ops tty_ldisc_N_TTY;
44204diff -urNp linux-2.6.32.8/include/linux/tty_ldisc.h linux-2.6.32.8/include/linux/tty_ldisc.h
44205--- linux-2.6.32.8/include/linux/tty_ldisc.h 2010-02-09 07:57:19.000000000 -0500
44206+++ linux-2.6.32.8/include/linux/tty_ldisc.h 2010-02-13 21:45:10.763999343 -0500
44207@@ -139,7 +139,7 @@ struct tty_ldisc_ops {
44208
44209 struct module *owner;
44210
44211- int refcount;
44212+ atomic_t refcount;
44213 };
44214
44215 struct tty_ldisc {
44216diff -urNp linux-2.6.32.8/include/linux/types.h linux-2.6.32.8/include/linux/types.h
44217--- linux-2.6.32.8/include/linux/types.h 2010-02-09 07:57:19.000000000 -0500
44218+++ linux-2.6.32.8/include/linux/types.h 2010-02-13 21:45:10.763999343 -0500
44219@@ -191,10 +191,26 @@ typedef struct {
44220 volatile int counter;
44221 } atomic_t;
44222
44223+#ifdef CONFIG_PAX_REFCOUNT
44224+typedef struct {
44225+ volatile int counter;
44226+} atomic_unchecked_t;
44227+#else
44228+typedef atomic_t atomic_unchecked_t;
44229+#endif
44230+
44231 #ifdef CONFIG_64BIT
44232 typedef struct {
44233 volatile long counter;
44234 } atomic64_t;
44235+
44236+#ifdef CONFIG_PAX_REFCOUNT
44237+typedef struct {
44238+ volatile long counter;
44239+} atomic64_unchecked_t;
44240+#else
44241+typedef atomic64_t atomic64_unchecked_t;
44242+#endif
44243 #endif
44244
44245 struct ustat {
44246diff -urNp linux-2.6.32.8/include/linux/uaccess.h linux-2.6.32.8/include/linux/uaccess.h
44247--- linux-2.6.32.8/include/linux/uaccess.h 2010-02-09 07:57:19.000000000 -0500
44248+++ linux-2.6.32.8/include/linux/uaccess.h 2010-02-13 21:45:10.763999343 -0500
44249@@ -76,11 +76,11 @@ static inline unsigned long __copy_from_
44250 long ret; \
44251 mm_segment_t old_fs = get_fs(); \
44252 \
44253- set_fs(KERNEL_DS); \
44254 pagefault_disable(); \
44255+ set_fs(KERNEL_DS); \
44256 ret = __copy_from_user_inatomic(&(retval), (__force typeof(retval) __user *)(addr), sizeof(retval)); \
44257- pagefault_enable(); \
44258 set_fs(old_fs); \
44259+ pagefault_enable(); \
44260 ret; \
44261 })
44262
44263@@ -93,7 +93,7 @@ static inline unsigned long __copy_from_
44264 * Safely read from address @src to the buffer at @dst. If a kernel fault
44265 * happens, handle that and return -EFAULT.
44266 */
44267-extern long probe_kernel_read(void *dst, void *src, size_t size);
44268+extern long probe_kernel_read(void *dst, const void *src, size_t size);
44269
44270 /*
44271 * probe_kernel_write(): safely attempt to write to a location
44272@@ -104,6 +104,6 @@ extern long probe_kernel_read(void *dst,
44273 * Safely write to address @dst from the buffer at @src. If a kernel fault
44274 * happens, handle that and return -EFAULT.
44275 */
44276-extern long probe_kernel_write(void *dst, void *src, size_t size);
44277+extern long probe_kernel_write(void *dst, const void *src, size_t size);
44278
44279 #endif /* __LINUX_UACCESS_H__ */
44280diff -urNp linux-2.6.32.8/include/linux/vmalloc.h linux-2.6.32.8/include/linux/vmalloc.h
44281--- linux-2.6.32.8/include/linux/vmalloc.h 2010-02-09 07:57:19.000000000 -0500
44282+++ linux-2.6.32.8/include/linux/vmalloc.h 2010-02-13 21:45:10.763999343 -0500
44283@@ -13,6 +13,11 @@ struct vm_area_struct; /* vma defining
44284 #define VM_MAP 0x00000004 /* vmap()ed pages */
44285 #define VM_USERMAP 0x00000008 /* suitable for remap_vmalloc_range */
44286 #define VM_VPAGES 0x00000010 /* buffer for pages was vmalloc'ed */
44287+
44288+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
44289+#define VM_KERNEXEC 0x00000020 /* allocate from executable kernel memory range */
44290+#endif
44291+
44292 /* bits [20..32] reserved for arch specific ioremap internals */
44293
44294 /*
44295@@ -123,4 +128,81 @@ struct vm_struct **pcpu_get_vm_areas(con
44296
44297 void pcpu_free_vm_areas(struct vm_struct **vms, int nr_vms);
44298
44299+#define vmalloc(x) \
44300+({ \
44301+ void *___retval; \
44302+ intoverflow_t ___x = (intoverflow_t)x; \
44303+ if (WARN(___x > ULONG_MAX, "vmalloc size overflow\n")) \
44304+ ___retval = NULL; \
44305+ else \
44306+ ___retval = vmalloc((unsigned long)___x); \
44307+ ___retval; \
44308+})
44309+
44310+#define __vmalloc(x, y, z) \
44311+({ \
44312+ void *___retval; \
44313+ intoverflow_t ___x = (intoverflow_t)x; \
44314+ if (WARN(___x > ULONG_MAX, "__vmalloc size overflow\n"))\
44315+ ___retval = NULL; \
44316+ else \
44317+ ___retval = __vmalloc((unsigned long)___x, (y), (z));\
44318+ ___retval; \
44319+})
44320+
44321+#define vmalloc_user(x) \
44322+({ \
44323+ void *___retval; \
44324+ intoverflow_t ___x = (intoverflow_t)x; \
44325+ if (WARN(___x > ULONG_MAX, "vmalloc_user size overflow\n"))\
44326+ ___retval = NULL; \
44327+ else \
44328+ ___retval = vmalloc_user((unsigned long)___x); \
44329+ ___retval; \
44330+})
44331+
44332+#define vmalloc_exec(x) \
44333+({ \
44334+ void *___retval; \
44335+ intoverflow_t ___x = (intoverflow_t)x; \
44336+ if (WARN(___x > ULONG_MAX, "vmalloc_exec size overflow\n"))\
44337+ ___retval = NULL; \
44338+ else \
44339+ ___retval = vmalloc_exec((unsigned long)___x); \
44340+ ___retval; \
44341+})
44342+
44343+#define vmalloc_node(x, y) \
44344+({ \
44345+ void *___retval; \
44346+ intoverflow_t ___x = (intoverflow_t)x; \
44347+ if (WARN(___x > ULONG_MAX, "vmalloc_node size overflow\n"))\
44348+ ___retval = NULL; \
44349+ else \
44350+ ___retval = vmalloc_node((unsigned long)___x, (y));\
44351+ ___retval; \
44352+})
44353+
44354+#define vmalloc_32(x) \
44355+({ \
44356+ void *___retval; \
44357+ intoverflow_t ___x = (intoverflow_t)x; \
44358+ if (WARN(___x > ULONG_MAX, "vmalloc_32 size overflow\n"))\
44359+ ___retval = NULL; \
44360+ else \
44361+ ___retval = vmalloc_32((unsigned long)___x); \
44362+ ___retval; \
44363+})
44364+
44365+#define vmalloc_32_user(x) \
44366+({ \
44367+ void *___retval; \
44368+ intoverflow_t ___x = (intoverflow_t)x; \
44369+ if (WARN(___x > ULONG_MAX, "vmalloc_32_user size overflow\n"))\
44370+ ___retval = NULL; \
44371+ else \
44372+ ___retval = vmalloc_32_user((unsigned long)___x);\
44373+ ___retval; \
44374+})
44375+
44376 #endif /* _LINUX_VMALLOC_H */
44377diff -urNp linux-2.6.32.8/include/net/irda/ircomm_tty.h linux-2.6.32.8/include/net/irda/ircomm_tty.h
44378--- linux-2.6.32.8/include/net/irda/ircomm_tty.h 2010-02-09 07:57:19.000000000 -0500
44379+++ linux-2.6.32.8/include/net/irda/ircomm_tty.h 2010-02-13 21:45:10.764905108 -0500
44380@@ -105,8 +105,8 @@ struct ircomm_tty_cb {
44381 unsigned short close_delay;
44382 unsigned short closing_wait; /* time to wait before closing */
44383
44384- int open_count;
44385- int blocked_open; /* # of blocked opens */
44386+ atomic_t open_count;
44387+ atomic_t blocked_open; /* # of blocked opens */
44388
44389 /* Protect concurent access to :
44390 * o self->open_count
44391diff -urNp linux-2.6.32.8/include/net/neighbour.h linux-2.6.32.8/include/net/neighbour.h
44392--- linux-2.6.32.8/include/net/neighbour.h 2010-02-09 07:57:19.000000000 -0500
44393+++ linux-2.6.32.8/include/net/neighbour.h 2010-02-13 21:45:10.764905108 -0500
44394@@ -125,12 +125,12 @@ struct neighbour
44395 struct neigh_ops
44396 {
44397 int family;
44398- void (*solicit)(struct neighbour *, struct sk_buff*);
44399- void (*error_report)(struct neighbour *, struct sk_buff*);
44400- int (*output)(struct sk_buff*);
44401- int (*connected_output)(struct sk_buff*);
44402- int (*hh_output)(struct sk_buff*);
44403- int (*queue_xmit)(struct sk_buff*);
44404+ void (* const solicit)(struct neighbour *, struct sk_buff*);
44405+ void (* const error_report)(struct neighbour *, struct sk_buff*);
44406+ int (* const output)(struct sk_buff*);
44407+ int (* const connected_output)(struct sk_buff*);
44408+ int (* const hh_output)(struct sk_buff*);
44409+ int (* const queue_xmit)(struct sk_buff*);
44410 };
44411
44412 struct pneigh_entry
44413diff -urNp linux-2.6.32.8/include/net/sctp/sctp.h linux-2.6.32.8/include/net/sctp/sctp.h
44414--- linux-2.6.32.8/include/net/sctp/sctp.h 2010-02-09 07:57:19.000000000 -0500
44415+++ linux-2.6.32.8/include/net/sctp/sctp.h 2010-02-13 21:45:10.764905108 -0500
44416@@ -305,8 +305,8 @@ extern int sctp_debug_flag;
44417
44418 #else /* SCTP_DEBUG */
44419
44420-#define SCTP_DEBUG_PRINTK(whatever...)
44421-#define SCTP_DEBUG_PRINTK_IPADDR(whatever...)
44422+#define SCTP_DEBUG_PRINTK(whatever...) do {} while (0)
44423+#define SCTP_DEBUG_PRINTK_IPADDR(whatever...) do {} while (0)
44424 #define SCTP_ENABLE_DEBUG
44425 #define SCTP_DISABLE_DEBUG
44426 #define SCTP_ASSERT(expr, str, func)
44427diff -urNp linux-2.6.32.8/include/net/tcp.h linux-2.6.32.8/include/net/tcp.h
44428--- linux-2.6.32.8/include/net/tcp.h 2010-02-09 07:57:19.000000000 -0500
44429+++ linux-2.6.32.8/include/net/tcp.h 2010-02-13 21:45:10.765842705 -0500
44430@@ -1420,6 +1420,7 @@ enum tcp_seq_states {
44431 struct tcp_seq_afinfo {
44432 char *name;
44433 sa_family_t family;
44434+ /* cannot be const */
44435 struct file_operations seq_fops;
44436 struct seq_operations seq_ops;
44437 };
44438diff -urNp linux-2.6.32.8/include/net/udp.h linux-2.6.32.8/include/net/udp.h
44439--- linux-2.6.32.8/include/net/udp.h 2010-02-09 07:57:19.000000000 -0500
44440+++ linux-2.6.32.8/include/net/udp.h 2010-02-13 21:45:10.765842705 -0500
44441@@ -187,6 +187,7 @@ struct udp_seq_afinfo {
44442 char *name;
44443 sa_family_t family;
44444 struct udp_table *udp_table;
44445+ /* cannot be const */
44446 struct file_operations seq_fops;
44447 struct seq_operations seq_ops;
44448 };
44449diff -urNp linux-2.6.32.8/include/sound/ac97_codec.h linux-2.6.32.8/include/sound/ac97_codec.h
44450--- linux-2.6.32.8/include/sound/ac97_codec.h 2010-02-09 07:57:19.000000000 -0500
44451+++ linux-2.6.32.8/include/sound/ac97_codec.h 2010-02-13 21:45:10.765842705 -0500
44452@@ -419,15 +419,15 @@
44453 struct snd_ac97;
44454
44455 struct snd_ac97_build_ops {
44456- int (*build_3d) (struct snd_ac97 *ac97);
44457- int (*build_specific) (struct snd_ac97 *ac97);
44458- int (*build_spdif) (struct snd_ac97 *ac97);
44459- int (*build_post_spdif) (struct snd_ac97 *ac97);
44460+ int (* const build_3d) (struct snd_ac97 *ac97);
44461+ int (* const build_specific) (struct snd_ac97 *ac97);
44462+ int (* const build_spdif) (struct snd_ac97 *ac97);
44463+ int (* const build_post_spdif) (struct snd_ac97 *ac97);
44464 #ifdef CONFIG_PM
44465- void (*suspend) (struct snd_ac97 *ac97);
44466- void (*resume) (struct snd_ac97 *ac97);
44467+ void (* const suspend) (struct snd_ac97 *ac97);
44468+ void (* const resume) (struct snd_ac97 *ac97);
44469 #endif
44470- void (*update_jacks) (struct snd_ac97 *ac97); /* for jack-sharing */
44471+ void (* const update_jacks) (struct snd_ac97 *ac97); /* for jack-sharing */
44472 };
44473
44474 struct snd_ac97_bus_ops {
44475@@ -477,7 +477,7 @@ struct snd_ac97_template {
44476
44477 struct snd_ac97 {
44478 /* -- lowlevel (hardware) driver specific -- */
44479- struct snd_ac97_build_ops * build_ops;
44480+ const struct snd_ac97_build_ops * build_ops;
44481 void *private_data;
44482 void (*private_free) (struct snd_ac97 *ac97);
44483 /* --- */
44484diff -urNp linux-2.6.32.8/include/video/uvesafb.h linux-2.6.32.8/include/video/uvesafb.h
44485--- linux-2.6.32.8/include/video/uvesafb.h 2010-02-09 07:57:19.000000000 -0500
44486+++ linux-2.6.32.8/include/video/uvesafb.h 2010-02-13 21:45:10.765842705 -0500
44487@@ -177,6 +177,7 @@ struct uvesafb_par {
44488 u8 ypan; /* 0 - nothing, 1 - ypan, 2 - ywrap */
44489 u8 pmi_setpal; /* PMI for palette changes */
44490 u16 *pmi_base; /* protected mode interface location */
44491+ u8 *pmi_code; /* protected mode code location */
44492 void *pmi_start;
44493 void *pmi_pal;
44494 u8 *vbe_state_orig; /*
44495diff -urNp linux-2.6.32.8/init/do_mounts.c linux-2.6.32.8/init/do_mounts.c
44496--- linux-2.6.32.8/init/do_mounts.c 2010-02-09 07:57:19.000000000 -0500
44497+++ linux-2.6.32.8/init/do_mounts.c 2010-02-13 21:45:10.784313218 -0500
44498@@ -216,11 +216,11 @@ static void __init get_fs_names(char *pa
44499
44500 static int __init do_mount_root(char *name, char *fs, int flags, void *data)
44501 {
44502- int err = sys_mount(name, "/root", fs, flags, data);
44503+ int err = sys_mount((__force char __user *)name, (__force char __user *)"/root", (__force char __user *)fs, flags, (__force void __user *)data);
44504 if (err)
44505 return err;
44506
44507- sys_chdir("/root");
44508+ sys_chdir((__force char __user *)"/root");
44509 ROOT_DEV = current->fs->pwd.mnt->mnt_sb->s_dev;
44510 printk("VFS: Mounted root (%s filesystem)%s on device %u:%u.\n",
44511 current->fs->pwd.mnt->mnt_sb->s_type->name,
44512@@ -311,18 +311,18 @@ void __init change_floppy(char *fmt, ...
44513 va_start(args, fmt);
44514 vsprintf(buf, fmt, args);
44515 va_end(args);
44516- fd = sys_open("/dev/root", O_RDWR | O_NDELAY, 0);
44517+ fd = sys_open((char __user *)"/dev/root", O_RDWR | O_NDELAY, 0);
44518 if (fd >= 0) {
44519 sys_ioctl(fd, FDEJECT, 0);
44520 sys_close(fd);
44521 }
44522 printk(KERN_NOTICE "VFS: Insert %s and press ENTER\n", buf);
44523- fd = sys_open("/dev/console", O_RDWR, 0);
44524+ fd = sys_open((char __user *)"/dev/console", O_RDWR, 0);
44525 if (fd >= 0) {
44526 sys_ioctl(fd, TCGETS, (long)&termios);
44527 termios.c_lflag &= ~ICANON;
44528 sys_ioctl(fd, TCSETSF, (long)&termios);
44529- sys_read(fd, &c, 1);
44530+ sys_read(fd, (char __user *)&c, 1);
44531 termios.c_lflag |= ICANON;
44532 sys_ioctl(fd, TCSETSF, (long)&termios);
44533 sys_close(fd);
44534@@ -416,6 +416,6 @@ void __init prepare_namespace(void)
44535 mount_root();
44536 out:
44537 devtmpfs_mount("dev");
44538- sys_mount(".", "/", NULL, MS_MOVE, NULL);
44539- sys_chroot(".");
44540+ sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
44541+ sys_chroot((__force char __user *)".");
44542 }
44543diff -urNp linux-2.6.32.8/init/do_mounts.h linux-2.6.32.8/init/do_mounts.h
44544--- linux-2.6.32.8/init/do_mounts.h 2010-02-09 07:57:19.000000000 -0500
44545+++ linux-2.6.32.8/init/do_mounts.h 2010-02-13 21:45:10.787011020 -0500
44546@@ -15,15 +15,15 @@ extern int root_mountflags;
44547
44548 static inline int create_dev(char *name, dev_t dev)
44549 {
44550- sys_unlink(name);
44551- return sys_mknod(name, S_IFBLK|0600, new_encode_dev(dev));
44552+ sys_unlink((__force char __user *)name);
44553+ return sys_mknod((__force char __user *)name, S_IFBLK|0600, new_encode_dev(dev));
44554 }
44555
44556 #if BITS_PER_LONG == 32
44557 static inline u32 bstat(char *name)
44558 {
44559 struct stat64 stat;
44560- if (sys_stat64(name, &stat) != 0)
44561+ if (sys_stat64((__force char __user *)name, (__force struct stat64 __user *)&stat) != 0)
44562 return 0;
44563 if (!S_ISBLK(stat.st_mode))
44564 return 0;
44565diff -urNp linux-2.6.32.8/init/do_mounts_initrd.c linux-2.6.32.8/init/do_mounts_initrd.c
44566--- linux-2.6.32.8/init/do_mounts_initrd.c 2010-02-09 07:57:19.000000000 -0500
44567+++ linux-2.6.32.8/init/do_mounts_initrd.c 2010-02-13 21:45:10.807878515 -0500
44568@@ -32,7 +32,7 @@ static int __init do_linuxrc(void * shel
44569 sys_close(old_fd);sys_close(root_fd);
44570 sys_close(0);sys_close(1);sys_close(2);
44571 sys_setsid();
44572- (void) sys_open("/dev/console",O_RDWR,0);
44573+ (void) sys_open((__force const char __user *)"/dev/console",O_RDWR,0);
44574 (void) sys_dup(0);
44575 (void) sys_dup(0);
44576 return kernel_execve(shell, argv, envp_init);
44577@@ -47,13 +47,13 @@ static void __init handle_initrd(void)
44578 create_dev("/dev/root.old", Root_RAM0);
44579 /* mount initrd on rootfs' /root */
44580 mount_block_root("/dev/root.old", root_mountflags & ~MS_RDONLY);
44581- sys_mkdir("/old", 0700);
44582- root_fd = sys_open("/", 0, 0);
44583- old_fd = sys_open("/old", 0, 0);
44584+ sys_mkdir((__force const char __user *)"/old", 0700);
44585+ root_fd = sys_open((__force const char __user *)"/", 0, 0);
44586+ old_fd = sys_open((__force const char __user *)"/old", 0, 0);
44587 /* move initrd over / and chdir/chroot in initrd root */
44588- sys_chdir("/root");
44589- sys_mount(".", "/", NULL, MS_MOVE, NULL);
44590- sys_chroot(".");
44591+ sys_chdir((__force const char __user *)"/root");
44592+ sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
44593+ sys_chroot((__force const char __user *)".");
44594
44595 /*
44596 * In case that a resume from disk is carried out by linuxrc or one of
44597@@ -70,15 +70,15 @@ static void __init handle_initrd(void)
44598
44599 /* move initrd to rootfs' /old */
44600 sys_fchdir(old_fd);
44601- sys_mount("/", ".", NULL, MS_MOVE, NULL);
44602+ sys_mount((__force char __user *)"/", (__force char __user *)".", NULL, MS_MOVE, NULL);
44603 /* switch root and cwd back to / of rootfs */
44604 sys_fchdir(root_fd);
44605- sys_chroot(".");
44606+ sys_chroot((__force const char __user *)".");
44607 sys_close(old_fd);
44608 sys_close(root_fd);
44609
44610 if (new_decode_dev(real_root_dev) == Root_RAM0) {
44611- sys_chdir("/old");
44612+ sys_chdir((__force const char __user *)"/old");
44613 return;
44614 }
44615
44616@@ -86,17 +86,17 @@ static void __init handle_initrd(void)
44617 mount_root();
44618
44619 printk(KERN_NOTICE "Trying to move old root to /initrd ... ");
44620- error = sys_mount("/old", "/root/initrd", NULL, MS_MOVE, NULL);
44621+ error = sys_mount((__force char __user *)"/old", (__force char __user *)"/root/initrd", NULL, MS_MOVE, NULL);
44622 if (!error)
44623 printk("okay\n");
44624 else {
44625- int fd = sys_open("/dev/root.old", O_RDWR, 0);
44626+ int fd = sys_open((__force const char __user *)"/dev/root.old", O_RDWR, 0);
44627 if (error == -ENOENT)
44628 printk("/initrd does not exist. Ignored.\n");
44629 else
44630 printk("failed\n");
44631 printk(KERN_NOTICE "Unmounting old root\n");
44632- sys_umount("/old", MNT_DETACH);
44633+ sys_umount((__force char __user *)"/old", MNT_DETACH);
44634 printk(KERN_NOTICE "Trying to free ramdisk memory ... ");
44635 if (fd < 0) {
44636 error = fd;
44637@@ -119,11 +119,11 @@ int __init initrd_load(void)
44638 * mounted in the normal path.
44639 */
44640 if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) {
44641- sys_unlink("/initrd.image");
44642+ sys_unlink((__force const char __user *)"/initrd.image");
44643 handle_initrd();
44644 return 1;
44645 }
44646 }
44647- sys_unlink("/initrd.image");
44648+ sys_unlink((__force const char __user *)"/initrd.image");
44649 return 0;
44650 }
44651diff -urNp linux-2.6.32.8/init/do_mounts_md.c linux-2.6.32.8/init/do_mounts_md.c
44652--- linux-2.6.32.8/init/do_mounts_md.c 2010-02-09 07:57:19.000000000 -0500
44653+++ linux-2.6.32.8/init/do_mounts_md.c 2010-02-13 21:45:10.822699556 -0500
44654@@ -170,7 +170,7 @@ static void __init md_setup_drive(void)
44655 partitioned ? "_d" : "", minor,
44656 md_setup_args[ent].device_names);
44657
44658- fd = sys_open(name, 0, 0);
44659+ fd = sys_open((__force char __user *)name, 0, 0);
44660 if (fd < 0) {
44661 printk(KERN_ERR "md: open failed - cannot start "
44662 "array %s\n", name);
44663@@ -233,7 +233,7 @@ static void __init md_setup_drive(void)
44664 * array without it
44665 */
44666 sys_close(fd);
44667- fd = sys_open(name, 0, 0);
44668+ fd = sys_open((__force char __user *)name, 0, 0);
44669 sys_ioctl(fd, BLKRRPART, 0);
44670 }
44671 sys_close(fd);
44672@@ -283,7 +283,7 @@ static void __init autodetect_raid(void)
44673
44674 wait_for_device_probe();
44675
44676- fd = sys_open("/dev/md0", 0, 0);
44677+ fd = sys_open((__force char __user *)"/dev/md0", 0, 0);
44678 if (fd >= 0) {
44679 sys_ioctl(fd, RAID_AUTORUN, raid_autopart);
44680 sys_close(fd);
44681diff -urNp linux-2.6.32.8/init/initramfs.c linux-2.6.32.8/init/initramfs.c
44682--- linux-2.6.32.8/init/initramfs.c 2010-02-09 07:57:19.000000000 -0500
44683+++ linux-2.6.32.8/init/initramfs.c 2010-02-13 21:45:10.825527800 -0500
44684@@ -74,7 +74,7 @@ static void __init free_hash(void)
44685 }
44686 }
44687
44688-static long __init do_utime(char __user *filename, time_t mtime)
44689+static long __init do_utime(__force char __user *filename, time_t mtime)
44690 {
44691 struct timespec t[2];
44692
44693@@ -109,7 +109,7 @@ static void __init dir_utime(void)
44694 struct dir_entry *de, *tmp;
44695 list_for_each_entry_safe(de, tmp, &dir_list, list) {
44696 list_del(&de->list);
44697- do_utime(de->name, de->mtime);
44698+ do_utime((__force char __user *)de->name, de->mtime);
44699 kfree(de->name);
44700 kfree(de);
44701 }
44702@@ -271,7 +271,7 @@ static int __init maybe_link(void)
44703 if (nlink >= 2) {
44704 char *old = find_link(major, minor, ino, mode, collected);
44705 if (old)
44706- return (sys_link(old, collected) < 0) ? -1 : 1;
44707+ return (sys_link((__force char __user *)old, (__force char __user *)collected) < 0) ? -1 : 1;
44708 }
44709 return 0;
44710 }
44711@@ -280,11 +280,11 @@ static void __init clean_path(char *path
44712 {
44713 struct stat st;
44714
44715- if (!sys_newlstat(path, &st) && (st.st_mode^mode) & S_IFMT) {
44716+ if (!sys_newlstat((__force char __user *)path, (__force struct stat __user *)&st) && (st.st_mode^mode) & S_IFMT) {
44717 if (S_ISDIR(st.st_mode))
44718- sys_rmdir(path);
44719+ sys_rmdir((__force char __user *)path);
44720 else
44721- sys_unlink(path);
44722+ sys_unlink((__force char __user *)path);
44723 }
44724 }
44725
44726@@ -305,7 +305,7 @@ static int __init do_name(void)
44727 int openflags = O_WRONLY|O_CREAT;
44728 if (ml != 1)
44729 openflags |= O_TRUNC;
44730- wfd = sys_open(collected, openflags, mode);
44731+ wfd = sys_open((__force char __user *)collected, openflags, mode);
44732
44733 if (wfd >= 0) {
44734 sys_fchown(wfd, uid, gid);
44735@@ -317,17 +317,17 @@ static int __init do_name(void)
44736 }
44737 }
44738 } else if (S_ISDIR(mode)) {
44739- sys_mkdir(collected, mode);
44740- sys_chown(collected, uid, gid);
44741- sys_chmod(collected, mode);
44742+ sys_mkdir((__force char __user *)collected, mode);
44743+ sys_chown((__force char __user *)collected, uid, gid);
44744+ sys_chmod((__force char __user *)collected, mode);
44745 dir_add(collected, mtime);
44746 } else if (S_ISBLK(mode) || S_ISCHR(mode) ||
44747 S_ISFIFO(mode) || S_ISSOCK(mode)) {
44748 if (maybe_link() == 0) {
44749- sys_mknod(collected, mode, rdev);
44750- sys_chown(collected, uid, gid);
44751- sys_chmod(collected, mode);
44752- do_utime(collected, mtime);
44753+ sys_mknod((__force char __user *)collected, mode, rdev);
44754+ sys_chown((__force char __user *)collected, uid, gid);
44755+ sys_chmod((__force char __user *)collected, mode);
44756+ do_utime((__force char __user *)collected, mtime);
44757 }
44758 }
44759 return 0;
44760@@ -336,15 +336,15 @@ static int __init do_name(void)
44761 static int __init do_copy(void)
44762 {
44763 if (count >= body_len) {
44764- sys_write(wfd, victim, body_len);
44765+ sys_write(wfd, (__force char __user *)victim, body_len);
44766 sys_close(wfd);
44767- do_utime(vcollected, mtime);
44768+ do_utime((__force char __user *)vcollected, mtime);
44769 kfree(vcollected);
44770 eat(body_len);
44771 state = SkipIt;
44772 return 0;
44773 } else {
44774- sys_write(wfd, victim, count);
44775+ sys_write(wfd, (__force char __user *)victim, count);
44776 body_len -= count;
44777 eat(count);
44778 return 1;
44779@@ -355,9 +355,9 @@ static int __init do_symlink(void)
44780 {
44781 collected[N_ALIGN(name_len) + body_len] = '\0';
44782 clean_path(collected, 0);
44783- sys_symlink(collected + N_ALIGN(name_len), collected);
44784- sys_lchown(collected, uid, gid);
44785- do_utime(collected, mtime);
44786+ sys_symlink((__force char __user *)collected + N_ALIGN(name_len), (__force char __user *)collected);
44787+ sys_lchown((__force char __user *)collected, uid, gid);
44788+ do_utime((__force char __user *)collected, mtime);
44789 state = SkipIt;
44790 next_state = Reset;
44791 return 0;
44792diff -urNp linux-2.6.32.8/init/Kconfig linux-2.6.32.8/init/Kconfig
44793--- linux-2.6.32.8/init/Kconfig 2010-02-09 07:57:19.000000000 -0500
44794+++ linux-2.6.32.8/init/Kconfig 2010-02-13 21:45:10.826573225 -0500
44795@@ -1026,7 +1026,7 @@ config SLUB_DEBUG
44796
44797 config COMPAT_BRK
44798 bool "Disable heap randomization"
44799- default y
44800+ default n
44801 help
44802 Randomizing heap placement makes heap exploits harder, but it
44803 also breaks ancient binaries (including anything libc5 based).
44804@@ -1116,9 +1116,9 @@ config HAVE_GENERIC_DMA_COHERENT
44805
44806 config SLABINFO
44807 bool
44808- depends on PROC_FS
44809+ depends on PROC_FS && !GRKERNSEC_PROC_ADD
44810 depends on SLAB || SLUB_DEBUG
44811- default y
44812+ default n
44813
44814 config RT_MUTEXES
44815 boolean
44816diff -urNp linux-2.6.32.8/init/main.c linux-2.6.32.8/init/main.c
44817--- linux-2.6.32.8/init/main.c 2010-02-09 07:57:19.000000000 -0500
44818+++ linux-2.6.32.8/init/main.c 2010-02-13 21:45:10.827626340 -0500
44819@@ -97,6 +97,7 @@ static inline void mark_rodata_ro(void)
44820 #ifdef CONFIG_TC
44821 extern void tc_init(void);
44822 #endif
44823+extern void grsecurity_init(void);
44824
44825 enum system_states system_state __read_mostly;
44826 EXPORT_SYMBOL(system_state);
44827@@ -183,6 +184,35 @@ static int __init set_reset_devices(char
44828
44829 __setup("reset_devices", set_reset_devices);
44830
44831+#if defined(CONFIG_PAX_MEMORY_UDEREF) && defined(CONFIG_X86_32)
44832+static int __init setup_pax_nouderef(char *str)
44833+{
44834+ unsigned int cpu;
44835+
44836+ for (cpu = 0; cpu < NR_CPUS; cpu++) {
44837+ get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].type = 3;
44838+ get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].limit = 0xf;
44839+ }
44840+ asm("mov %0, %%ds" : : "r" (__KERNEL_DS) : "memory");
44841+ asm("mov %0, %%es" : : "r" (__KERNEL_DS) : "memory");
44842+ asm("mov %0, %%ss" : : "r" (__KERNEL_DS) : "memory");
44843+
44844+ return 0;
44845+}
44846+early_param("pax_nouderef", setup_pax_nouderef);
44847+#endif
44848+
44849+#ifdef CONFIG_PAX_SOFTMODE
44850+unsigned int pax_softmode;
44851+
44852+static int __init setup_pax_softmode(char *str)
44853+{
44854+ get_option(&str, &pax_softmode);
44855+ return 1;
44856+}
44857+__setup("pax_softmode=", setup_pax_softmode);
44858+#endif
44859+
44860 static char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
44861 char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
44862 static const char *panic_later, *panic_param;
44863@@ -702,52 +732,53 @@ int initcall_debug;
44864 core_param(initcall_debug, initcall_debug, bool, 0644);
44865
44866 static char msgbuf[64];
44867-static struct boot_trace_call call;
44868-static struct boot_trace_ret ret;
44869+static struct boot_trace_call trace_call;
44870+static struct boot_trace_ret trace_ret;
44871
44872 int do_one_initcall(initcall_t fn)
44873 {
44874 int count = preempt_count();
44875 ktime_t calltime, delta, rettime;
44876+ const char *msg1 = "", *msg2 = "";
44877
44878 if (initcall_debug) {
44879- call.caller = task_pid_nr(current);
44880- printk("calling %pF @ %i\n", fn, call.caller);
44881+ trace_call.caller = task_pid_nr(current);
44882+ printk("calling %pF @ %i\n", fn, trace_call.caller);
44883 calltime = ktime_get();
44884- trace_boot_call(&call, fn);
44885+ trace_boot_call(&trace_call, fn);
44886 enable_boot_trace();
44887 }
44888
44889- ret.result = fn();
44890+ trace_ret.result = fn();
44891
44892 if (initcall_debug) {
44893 disable_boot_trace();
44894 rettime = ktime_get();
44895 delta = ktime_sub(rettime, calltime);
44896- ret.duration = (unsigned long long) ktime_to_ns(delta) >> 10;
44897- trace_boot_ret(&ret, fn);
44898+ trace_ret.duration = (unsigned long long) ktime_to_ns(delta) >> 10;
44899+ trace_boot_ret(&trace_ret, fn);
44900 printk("initcall %pF returned %d after %Ld usecs\n", fn,
44901- ret.result, ret.duration);
44902+ trace_ret.result, trace_ret.duration);
44903 }
44904
44905 msgbuf[0] = 0;
44906
44907- if (ret.result && ret.result != -ENODEV && initcall_debug)
44908- sprintf(msgbuf, "error code %d ", ret.result);
44909+ if (trace_ret.result && trace_ret.result != -ENODEV && initcall_debug)
44910+ sprintf(msgbuf, "error code %d ", trace_ret.result);
44911
44912 if (preempt_count() != count) {
44913- strlcat(msgbuf, "preemption imbalance ", sizeof(msgbuf));
44914+ msg1 = " preemption imbalance";
44915 preempt_count() = count;
44916 }
44917 if (irqs_disabled()) {
44918- strlcat(msgbuf, "disabled interrupts ", sizeof(msgbuf));
44919+ msg2 = " disabled interrupts";
44920 local_irq_enable();
44921 }
44922- if (msgbuf[0]) {
44923- printk("initcall %pF returned with %s\n", fn, msgbuf);
44924+ if (msgbuf[0] || *msg1 || *msg2) {
44925+ printk("initcall %pF returned with %s%s%s\n", fn, msgbuf, msg1, msg2);
44926 }
44927
44928- return ret.result;
44929+ return trace_ret.result;
44930 }
44931
44932
44933@@ -886,11 +917,13 @@ static int __init kernel_init(void * unu
44934 if (!ramdisk_execute_command)
44935 ramdisk_execute_command = "/init";
44936
44937- if (sys_access((const char __user *) ramdisk_execute_command, 0) != 0) {
44938+ if (sys_access((__force const char __user *) ramdisk_execute_command, 0) != 0) {
44939 ramdisk_execute_command = NULL;
44940 prepare_namespace();
44941 }
44942
44943+ grsecurity_init();
44944+
44945 /*
44946 * Ok, we have completed the initial bootup, and
44947 * we're essentially up and running. Get rid of the
44948diff -urNp linux-2.6.32.8/init/noinitramfs.c linux-2.6.32.8/init/noinitramfs.c
44949--- linux-2.6.32.8/init/noinitramfs.c 2010-02-09 07:57:19.000000000 -0500
44950+++ linux-2.6.32.8/init/noinitramfs.c 2010-02-13 21:45:10.828546413 -0500
44951@@ -29,7 +29,7 @@ static int __init default_rootfs(void)
44952 {
44953 int err;
44954
44955- err = sys_mkdir("/dev", 0755);
44956+ err = sys_mkdir((const char __user *)"/dev", 0755);
44957 if (err < 0)
44958 goto out;
44959
44960@@ -39,7 +39,7 @@ static int __init default_rootfs(void)
44961 if (err < 0)
44962 goto out;
44963
44964- err = sys_mkdir("/root", 0700);
44965+ err = sys_mkdir((const char __user *)"/root", 0700);
44966 if (err < 0)
44967 goto out;
44968
44969diff -urNp linux-2.6.32.8/ipc/ipc_sysctl.c linux-2.6.32.8/ipc/ipc_sysctl.c
44970--- linux-2.6.32.8/ipc/ipc_sysctl.c 2010-02-09 07:57:19.000000000 -0500
44971+++ linux-2.6.32.8/ipc/ipc_sysctl.c 2010-02-13 21:45:10.828546413 -0500
44972@@ -267,7 +267,7 @@ static struct ctl_table ipc_kern_table[]
44973 .extra1 = &zero,
44974 .extra2 = &one,
44975 },
44976- {}
44977+ { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
44978 };
44979
44980 static struct ctl_table ipc_root_table[] = {
44981@@ -277,7 +277,7 @@ static struct ctl_table ipc_root_table[]
44982 .mode = 0555,
44983 .child = ipc_kern_table,
44984 },
44985- {}
44986+ { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
44987 };
44988
44989 static int __init ipc_sysctl_init(void)
44990diff -urNp linux-2.6.32.8/ipc/mqueue.c linux-2.6.32.8/ipc/mqueue.c
44991--- linux-2.6.32.8/ipc/mqueue.c 2010-02-09 07:57:19.000000000 -0500
44992+++ linux-2.6.32.8/ipc/mqueue.c 2010-02-13 21:45:10.828546413 -0500
44993@@ -150,6 +150,7 @@ static struct inode *mqueue_get_inode(st
44994 mq_bytes = (mq_msg_tblsz +
44995 (info->attr.mq_maxmsg * info->attr.mq_msgsize));
44996
44997+ gr_learn_resource(current, RLIMIT_MSGQUEUE, u->mq_bytes + mq_bytes, 1);
44998 spin_lock(&mq_lock);
44999 if (u->mq_bytes + mq_bytes < u->mq_bytes ||
45000 u->mq_bytes + mq_bytes >
45001diff -urNp linux-2.6.32.8/ipc/shm.c linux-2.6.32.8/ipc/shm.c
45002--- linux-2.6.32.8/ipc/shm.c 2010-02-09 07:57:19.000000000 -0500
45003+++ linux-2.6.32.8/ipc/shm.c 2010-02-13 21:45:10.829552044 -0500
45004@@ -70,6 +70,14 @@ static void shm_destroy (struct ipc_name
45005 static int sysvipc_shm_proc_show(struct seq_file *s, void *it);
45006 #endif
45007
45008+#ifdef CONFIG_GRKERNSEC
45009+extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
45010+ const time_t shm_createtime, const uid_t cuid,
45011+ const int shmid);
45012+extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
45013+ const time_t shm_createtime);
45014+#endif
45015+
45016 void shm_init_ns(struct ipc_namespace *ns)
45017 {
45018 ns->shm_ctlmax = SHMMAX;
45019@@ -396,6 +404,14 @@ static int newseg(struct ipc_namespace *
45020 shp->shm_lprid = 0;
45021 shp->shm_atim = shp->shm_dtim = 0;
45022 shp->shm_ctim = get_seconds();
45023+#ifdef CONFIG_GRKERNSEC
45024+ {
45025+ struct timespec timeval;
45026+ do_posix_clock_monotonic_gettime(&timeval);
45027+
45028+ shp->shm_createtime = timeval.tv_sec;
45029+ }
45030+#endif
45031 shp->shm_segsz = size;
45032 shp->shm_nattch = 0;
45033 shp->shm_file = file;
45034@@ -879,9 +895,21 @@ long do_shmat(int shmid, char __user *sh
45035 if (err)
45036 goto out_unlock;
45037
45038+#ifdef CONFIG_GRKERNSEC
45039+ if (!gr_handle_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime,
45040+ shp->shm_perm.cuid, shmid) ||
45041+ !gr_chroot_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime)) {
45042+ err = -EACCES;
45043+ goto out_unlock;
45044+ }
45045+#endif
45046+
45047 path.dentry = dget(shp->shm_file->f_path.dentry);
45048 path.mnt = shp->shm_file->f_path.mnt;
45049 shp->shm_nattch++;
45050+#ifdef CONFIG_GRKERNSEC
45051+ shp->shm_lapid = current->pid;
45052+#endif
45053 size = i_size_read(path.dentry->d_inode);
45054 shm_unlock(shp);
45055
45056diff -urNp linux-2.6.32.8/kernel/acct.c linux-2.6.32.8/kernel/acct.c
45057--- linux-2.6.32.8/kernel/acct.c 2010-02-09 07:57:19.000000000 -0500
45058+++ linux-2.6.32.8/kernel/acct.c 2010-02-13 21:45:10.829552044 -0500
45059@@ -579,7 +579,7 @@ static void do_acct_process(struct bsd_a
45060 */
45061 flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
45062 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
45063- file->f_op->write(file, (char *)&ac,
45064+ file->f_op->write(file, (__force char __user *)&ac,
45065 sizeof(acct_t), &file->f_pos);
45066 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
45067 set_fs(fs);
45068diff -urNp linux-2.6.32.8/kernel/capability.c linux-2.6.32.8/kernel/capability.c
45069--- linux-2.6.32.8/kernel/capability.c 2010-02-09 07:57:19.000000000 -0500
45070+++ linux-2.6.32.8/kernel/capability.c 2010-02-13 21:45:10.829552044 -0500
45071@@ -306,10 +306,21 @@ int capable(int cap)
45072 BUG();
45073 }
45074
45075- if (security_capable(cap) == 0) {
45076+ if (security_capable(cap) == 0 && gr_is_capable(cap)) {
45077 current->flags |= PF_SUPERPRIV;
45078 return 1;
45079 }
45080 return 0;
45081 }
45082+
45083+int capable_nolog(int cap)
45084+{
45085+ if (security_capable(cap) == 0 && gr_is_capable_nolog(cap)) {
45086+ current->flags |= PF_SUPERPRIV;
45087+ return 1;
45088+ }
45089+ return 0;
45090+}
45091+
45092 EXPORT_SYMBOL(capable);
45093+EXPORT_SYMBOL(capable_nolog);
45094diff -urNp linux-2.6.32.8/kernel/configs.c linux-2.6.32.8/kernel/configs.c
45095--- linux-2.6.32.8/kernel/configs.c 2010-02-09 07:57:19.000000000 -0500
45096+++ linux-2.6.32.8/kernel/configs.c 2010-02-13 21:45:10.829552044 -0500
45097@@ -73,8 +73,19 @@ static int __init ikconfig_init(void)
45098 struct proc_dir_entry *entry;
45099
45100 /* create the current config file */
45101+#if defined(CONFIG_GRKERNSEC_PROC_ADD) || defined(CONFIG_GRKERNSEC_HIDESYM)
45102+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_HIDESYM)
45103+ entry = proc_create("config.gz", S_IFREG | S_IRUSR, NULL,
45104+ &ikconfig_file_ops);
45105+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
45106+ entry = proc_create("config.gz", S_IFREG | S_IRUSR | S_IRGRP, NULL,
45107+ &ikconfig_file_ops);
45108+#endif
45109+#else
45110 entry = proc_create("config.gz", S_IFREG | S_IRUGO, NULL,
45111 &ikconfig_file_ops);
45112+#endif
45113+
45114 if (!entry)
45115 return -ENOMEM;
45116
45117diff -urNp linux-2.6.32.8/kernel/cpu.c linux-2.6.32.8/kernel/cpu.c
45118--- linux-2.6.32.8/kernel/cpu.c 2010-02-09 07:57:19.000000000 -0500
45119+++ linux-2.6.32.8/kernel/cpu.c 2010-02-13 21:45:10.830561427 -0500
45120@@ -19,7 +19,7 @@
45121 /* Serializes the updates to cpu_online_mask, cpu_present_mask */
45122 static DEFINE_MUTEX(cpu_add_remove_lock);
45123
45124-static __cpuinitdata RAW_NOTIFIER_HEAD(cpu_chain);
45125+static RAW_NOTIFIER_HEAD(cpu_chain);
45126
45127 /* If set, cpu_up and cpu_down will return -EBUSY and do nothing.
45128 * Should always be manipulated under cpu_add_remove_lock
45129diff -urNp linux-2.6.32.8/kernel/cred.c linux-2.6.32.8/kernel/cred.c
45130--- linux-2.6.32.8/kernel/cred.c 2010-02-09 07:57:19.000000000 -0500
45131+++ linux-2.6.32.8/kernel/cred.c 2010-02-13 21:45:10.830561427 -0500
45132@@ -520,6 +520,8 @@ int commit_creds(struct cred *new)
45133
45134 get_cred(new); /* we will require a ref for the subj creds too */
45135
45136+ gr_set_role_label(task, new->uid, new->gid);
45137+
45138 /* dumpability changes */
45139 if (old->euid != new->euid ||
45140 old->egid != new->egid ||
45141diff -urNp linux-2.6.32.8/kernel/exit.c linux-2.6.32.8/kernel/exit.c
45142--- linux-2.6.32.8/kernel/exit.c 2010-02-09 07:57:19.000000000 -0500
45143+++ linux-2.6.32.8/kernel/exit.c 2010-02-13 21:45:10.830561427 -0500
45144@@ -56,6 +56,10 @@
45145 #include <asm/mmu_context.h>
45146 #include "cred-internals.h"
45147
45148+#ifdef CONFIG_GRKERNSEC
45149+extern rwlock_t grsec_exec_file_lock;
45150+#endif
45151+
45152 static void exit_mm(struct task_struct * tsk);
45153
45154 static void __unhash_process(struct task_struct *p)
45155@@ -167,6 +171,8 @@ void release_task(struct task_struct * p
45156 struct task_struct *leader;
45157 int zap_leader;
45158 repeat:
45159+ gr_del_task_from_ip_table(p);
45160+
45161 tracehook_prepare_release_task(p);
45162 /* don't need to get the RCU readlock here - the process is dead and
45163 * can't be modifying its own credentials */
45164@@ -334,11 +340,22 @@ static void reparent_to_kthreadd(void)
45165 {
45166 write_lock_irq(&tasklist_lock);
45167
45168+#ifdef CONFIG_GRKERNSEC
45169+ write_lock(&grsec_exec_file_lock);
45170+ if (current->exec_file) {
45171+ fput(current->exec_file);
45172+ current->exec_file = NULL;
45173+ }
45174+ write_unlock(&grsec_exec_file_lock);
45175+#endif
45176+
45177 ptrace_unlink(current);
45178 /* Reparent to init */
45179 current->real_parent = current->parent = kthreadd_task;
45180 list_move_tail(&current->sibling, &current->real_parent->children);
45181
45182+ gr_set_kernel_label(current);
45183+
45184 /* Set the exit signal to SIGCHLD so we signal init on exit */
45185 current->exit_signal = SIGCHLD;
45186
45187@@ -390,7 +407,7 @@ int allow_signal(int sig)
45188 * know it'll be handled, so that they don't get converted to
45189 * SIGKILL or just silently dropped.
45190 */
45191- current->sighand->action[(sig)-1].sa.sa_handler = (void __user *)2;
45192+ current->sighand->action[(sig)-1].sa.sa_handler = (__force void __user *)2;
45193 recalc_sigpending();
45194 spin_unlock_irq(&current->sighand->siglock);
45195 return 0;
45196@@ -426,6 +443,17 @@ void daemonize(const char *name, ...)
45197 vsnprintf(current->comm, sizeof(current->comm), name, args);
45198 va_end(args);
45199
45200+#ifdef CONFIG_GRKERNSEC
45201+ write_lock(&grsec_exec_file_lock);
45202+ if (current->exec_file) {
45203+ fput(current->exec_file);
45204+ current->exec_file = NULL;
45205+ }
45206+ write_unlock(&grsec_exec_file_lock);
45207+#endif
45208+
45209+ gr_set_kernel_label(current);
45210+
45211 /*
45212 * If we were started as result of loading a module, close all of the
45213 * user space pages. We don't need them, and if we didn't close them
45214@@ -957,6 +985,9 @@ NORET_TYPE void do_exit(long code)
45215 tsk->exit_code = code;
45216 taskstats_exit(tsk, group_dead);
45217
45218+ gr_acl_handle_psacct(tsk, code);
45219+ gr_acl_handle_exit();
45220+
45221 exit_mm(tsk);
45222
45223 if (group_dead)
45224@@ -1172,7 +1203,7 @@ static int wait_task_zombie(struct wait_
45225
45226 if (unlikely(wo->wo_flags & WNOWAIT)) {
45227 int exit_code = p->exit_code;
45228- int why, status;
45229+ int why;
45230
45231 get_task_struct(p);
45232 read_unlock(&tasklist_lock);
45233diff -urNp linux-2.6.32.8/kernel/fork.c linux-2.6.32.8/kernel/fork.c
45234--- linux-2.6.32.8/kernel/fork.c 2010-02-09 07:57:19.000000000 -0500
45235+++ linux-2.6.32.8/kernel/fork.c 2010-02-13 21:45:10.831839630 -0500
45236@@ -253,7 +253,7 @@ static struct task_struct *dup_task_stru
45237 *stackend = STACK_END_MAGIC; /* for overflow detection */
45238
45239 #ifdef CONFIG_CC_STACKPROTECTOR
45240- tsk->stack_canary = get_random_int();
45241+ tsk->stack_canary = pax_get_random_long();
45242 #endif
45243
45244 /* One for us, one for whoever does the "release_task()" (usually parent) */
45245@@ -293,8 +293,8 @@ static int dup_mmap(struct mm_struct *mm
45246 mm->locked_vm = 0;
45247 mm->mmap = NULL;
45248 mm->mmap_cache = NULL;
45249- mm->free_area_cache = oldmm->mmap_base;
45250- mm->cached_hole_size = ~0UL;
45251+ mm->free_area_cache = oldmm->free_area_cache;
45252+ mm->cached_hole_size = oldmm->cached_hole_size;
45253 mm->map_count = 0;
45254 cpumask_clear(mm_cpumask(mm));
45255 mm->mm_rb = RB_ROOT;
45256@@ -334,6 +334,7 @@ static int dup_mmap(struct mm_struct *mm
45257 tmp->vm_flags &= ~VM_LOCKED;
45258 tmp->vm_mm = mm;
45259 tmp->vm_next = NULL;
45260+ tmp->vm_mirror = NULL;
45261 anon_vma_link(tmp);
45262 file = tmp->vm_file;
45263 if (file) {
45264@@ -381,6 +382,31 @@ static int dup_mmap(struct mm_struct *mm
45265 if (retval)
45266 goto out;
45267 }
45268+
45269+#ifdef CONFIG_PAX_SEGMEXEC
45270+ if (oldmm->pax_flags & MF_PAX_SEGMEXEC) {
45271+ struct vm_area_struct *mpnt_m;
45272+
45273+ for (mpnt = oldmm->mmap, mpnt_m = mm->mmap; mpnt; mpnt = mpnt->vm_next, mpnt_m = mpnt_m->vm_next) {
45274+ BUG_ON(!mpnt_m || mpnt_m->vm_mirror || mpnt->vm_mm != oldmm || mpnt_m->vm_mm != mm);
45275+
45276+ if (!mpnt->vm_mirror)
45277+ continue;
45278+
45279+ if (mpnt->vm_end <= SEGMEXEC_TASK_SIZE) {
45280+ BUG_ON(mpnt->vm_mirror->vm_mirror != mpnt);
45281+ mpnt->vm_mirror = mpnt_m;
45282+ } else {
45283+ BUG_ON(mpnt->vm_mirror->vm_mirror == mpnt || mpnt->vm_mirror->vm_mirror->vm_mm != mm);
45284+ mpnt_m->vm_mirror = mpnt->vm_mirror->vm_mirror;
45285+ mpnt_m->vm_mirror->vm_mirror = mpnt_m;
45286+ mpnt->vm_mirror->vm_mirror = mpnt;
45287+ }
45288+ }
45289+ BUG_ON(mpnt_m);
45290+ }
45291+#endif
45292+
45293 /* a new mm has just been created */
45294 arch_dup_mmap(oldmm, mm);
45295 retval = 0;
45296@@ -731,7 +757,7 @@ static int copy_fs(unsigned long clone_f
45297 write_unlock(&fs->lock);
45298 return -EAGAIN;
45299 }
45300- fs->users++;
45301+ atomic_inc(&fs->users);
45302 write_unlock(&fs->lock);
45303 return 0;
45304 }
45305@@ -1027,10 +1053,13 @@ static struct task_struct *copy_process(
45306 DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
45307 #endif
45308 retval = -EAGAIN;
45309+
45310+ gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->real_cred->user->processes), 0);
45311+
45312 if (atomic_read(&p->real_cred->user->processes) >=
45313 p->signal->rlim[RLIMIT_NPROC].rlim_cur) {
45314- if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
45315- p->real_cred->user != INIT_USER)
45316+ if (p->real_cred->user != INIT_USER &&
45317+ !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN))
45318 goto bad_fork_free;
45319 }
45320
45321@@ -1059,6 +1088,10 @@ static struct task_struct *copy_process(
45322 p->vfork_done = NULL;
45323 spin_lock_init(&p->alloc_lock);
45324
45325+#ifdef CONFIG_GRKERNSEC
45326+ rwlock_init(&p->gr_fs_lock);
45327+#endif
45328+
45329 init_sigpending(&p->pending);
45330
45331 p->utime = cputime_zero;
45332@@ -1179,6 +1212,8 @@ static struct task_struct *copy_process(
45333 goto bad_fork_free_pid;
45334 }
45335
45336+ gr_copy_label(p);
45337+
45338 p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
45339 /*
45340 * Clear TID on mm_release()?
45341@@ -1344,6 +1379,8 @@ bad_fork_cleanup_count:
45342 bad_fork_free:
45343 free_task(p);
45344 fork_out:
45345+ gr_log_forkfail(retval);
45346+
45347 return ERR_PTR(retval);
45348 }
45349
45350@@ -1437,6 +1474,8 @@ long do_fork(unsigned long clone_flags,
45351 if (clone_flags & CLONE_PARENT_SETTID)
45352 put_user(nr, parent_tidptr);
45353
45354+ gr_handle_brute_check();
45355+
45356 if (clone_flags & CLONE_VFORK) {
45357 p->vfork_done = &vfork;
45358 init_completion(&vfork);
45359@@ -1569,7 +1608,7 @@ static int unshare_fs(unsigned long unsh
45360 return 0;
45361
45362 /* don't need lock here; in the worst case we'll do useless copy */
45363- if (fs->users == 1)
45364+ if (atomic_read(&fs->users) == 1)
45365 return 0;
45366
45367 *new_fsp = copy_fs_struct(fs);
45368@@ -1689,14 +1728,18 @@ SYSCALL_DEFINE1(unshare, unsigned long,
45369 task_lock(current);
45370
45371 if (new_fs) {
45372+ unsigned long flags;
45373+
45374+ gr_fs_write_lock_irqsave(current, flags);
45375 fs = current->fs;
45376 write_lock(&fs->lock);
45377 current->fs = new_fs;
45378- if (--fs->users)
45379+ if (atomic_dec_return(&fs->users))
45380 new_fs = NULL;
45381 else
45382 new_fs = fs;
45383 write_unlock(&fs->lock);
45384+ gr_fs_write_unlock_irqrestore(current, flags);
45385 }
45386
45387 if (new_mm) {
45388diff -urNp linux-2.6.32.8/kernel/futex.c linux-2.6.32.8/kernel/futex.c
45389--- linux-2.6.32.8/kernel/futex.c 2010-02-09 07:57:19.000000000 -0500
45390+++ linux-2.6.32.8/kernel/futex.c 2010-02-13 21:45:10.831839630 -0500
45391@@ -54,6 +54,7 @@
45392 #include <linux/mount.h>
45393 #include <linux/pagemap.h>
45394 #include <linux/syscalls.h>
45395+#include <linux/ptrace.h>
45396 #include <linux/signal.h>
45397 #include <linux/module.h>
45398 #include <linux/magic.h>
45399@@ -221,6 +222,11 @@ get_futex_key(u32 __user *uaddr, int fsh
45400 struct page *page;
45401 int err;
45402
45403+#ifdef CONFIG_PAX_SEGMEXEC
45404+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && address >= SEGMEXEC_TASK_SIZE)
45405+ return -EFAULT;
45406+#endif
45407+
45408 /*
45409 * The futex address must be "naturally" aligned.
45410 */
45411@@ -1828,7 +1834,7 @@ retry:
45412
45413 restart = &current_thread_info()->restart_block;
45414 restart->fn = futex_wait_restart;
45415- restart->futex.uaddr = (u32 *)uaddr;
45416+ restart->futex.uaddr = uaddr;
45417 restart->futex.val = val;
45418 restart->futex.time = abs_time->tv64;
45419 restart->futex.bitset = bitset;
45420@@ -2361,7 +2367,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pi
45421 {
45422 struct robust_list_head __user *head;
45423 unsigned long ret;
45424- const struct cred *cred = current_cred(), *pcred;
45425+#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP
45426+ const struct cred *cred = current_cred();
45427+ const struct cred *pcred;
45428+#endif
45429
45430 if (!futex_cmpxchg_enabled)
45431 return -ENOSYS;
45432@@ -2377,11 +2386,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pi
45433 if (!p)
45434 goto err_unlock;
45435 ret = -EPERM;
45436+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
45437+ if (!ptrace_may_access(p, PTRACE_MODE_READ))
45438+ goto err_unlock;
45439+#else
45440 pcred = __task_cred(p);
45441 if (cred->euid != pcred->euid &&
45442 cred->euid != pcred->uid &&
45443 !capable(CAP_SYS_PTRACE))
45444 goto err_unlock;
45445+#endif
45446 head = p->robust_list;
45447 rcu_read_unlock();
45448 }
45449@@ -2443,7 +2457,7 @@ retry:
45450 */
45451 static inline int fetch_robust_entry(struct robust_list __user **entry,
45452 struct robust_list __user * __user *head,
45453- int *pi)
45454+ unsigned int *pi)
45455 {
45456 unsigned long uentry;
45457
45458diff -urNp linux-2.6.32.8/kernel/futex_compat.c linux-2.6.32.8/kernel/futex_compat.c
45459--- linux-2.6.32.8/kernel/futex_compat.c 2010-02-09 07:57:19.000000000 -0500
45460+++ linux-2.6.32.8/kernel/futex_compat.c 2010-02-13 21:45:10.831839630 -0500
45461@@ -10,6 +10,7 @@
45462 #include <linux/compat.h>
45463 #include <linux/nsproxy.h>
45464 #include <linux/futex.h>
45465+#include <linux/ptrace.h>
45466
45467 #include <asm/uaccess.h>
45468
45469@@ -135,7 +136,10 @@ compat_sys_get_robust_list(int pid, comp
45470 {
45471 struct compat_robust_list_head __user *head;
45472 unsigned long ret;
45473- const struct cred *cred = current_cred(), *pcred;
45474+ const struct cred *cred = current_cred();
45475+#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP
45476+ const struct cred *pcred;
45477+#endif
45478
45479 if (!futex_cmpxchg_enabled)
45480 return -ENOSYS;
45481@@ -151,11 +155,16 @@ compat_sys_get_robust_list(int pid, comp
45482 if (!p)
45483 goto err_unlock;
45484 ret = -EPERM;
45485+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
45486+ if (!ptrace_may_access(p, PTRACE_MODE_READ))
45487+ goto err_unlock;
45488+#else
45489 pcred = __task_cred(p);
45490 if (cred->euid != pcred->euid &&
45491 cred->euid != pcred->uid &&
45492 !capable(CAP_SYS_PTRACE))
45493 goto err_unlock;
45494+#endif
45495 head = p->compat_robust_list;
45496 read_unlock(&tasklist_lock);
45497 }
45498diff -urNp linux-2.6.32.8/kernel/gcov/base.c linux-2.6.32.8/kernel/gcov/base.c
45499--- linux-2.6.32.8/kernel/gcov/base.c 2010-02-09 07:57:19.000000000 -0500
45500+++ linux-2.6.32.8/kernel/gcov/base.c 2010-02-13 21:45:10.833034889 -0500
45501@@ -102,11 +102,6 @@ void gcov_enable_events(void)
45502 }
45503
45504 #ifdef CONFIG_MODULES
45505-static inline int within(void *addr, void *start, unsigned long size)
45506-{
45507- return ((addr >= start) && (addr < start + size));
45508-}
45509-
45510 /* Update list and generate events when modules are unloaded. */
45511 static int gcov_module_notifier(struct notifier_block *nb, unsigned long event,
45512 void *data)
45513@@ -121,7 +116,7 @@ static int gcov_module_notifier(struct n
45514 prev = NULL;
45515 /* Remove entries located in module from linked list. */
45516 for (info = gcov_info_head; info; info = info->next) {
45517- if (within(info, mod->module_core, mod->core_size)) {
45518+ if (within_module_core_rw((unsigned long)info, mod)) {
45519 if (prev)
45520 prev->next = info->next;
45521 else
45522diff -urNp linux-2.6.32.8/kernel/kallsyms.c linux-2.6.32.8/kernel/kallsyms.c
45523--- linux-2.6.32.8/kernel/kallsyms.c 2010-02-09 07:57:19.000000000 -0500
45524+++ linux-2.6.32.8/kernel/kallsyms.c 2010-02-13 21:45:10.833034889 -0500
45525@@ -11,6 +11,9 @@
45526 * Changed the compression method from stem compression to "table lookup"
45527 * compression (see scripts/kallsyms.c for a more complete description)
45528 */
45529+#ifdef CONFIG_GRKERNSEC_HIDESYM
45530+#define __INCLUDED_BY_HIDESYM 1
45531+#endif
45532 #include <linux/kallsyms.h>
45533 #include <linux/module.h>
45534 #include <linux/init.h>
45535@@ -51,6 +54,9 @@ extern const unsigned long kallsyms_mark
45536
45537 static inline int is_kernel_inittext(unsigned long addr)
45538 {
45539+ if (system_state != SYSTEM_BOOTING)
45540+ return 0;
45541+
45542 if (addr >= (unsigned long)_sinittext
45543 && addr <= (unsigned long)_einittext)
45544 return 1;
45545@@ -67,6 +73,24 @@ static inline int is_kernel_text(unsigne
45546
45547 static inline int is_kernel(unsigned long addr)
45548 {
45549+ if (is_kernel_inittext(addr))
45550+ return 1;
45551+
45552+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
45553+ if ((unsigned long)MODULES_EXEC_VADDR <= ktla_ktva(addr) && ktla_ktva(addr) <= (unsigned long)MODULES_EXEC_END)
45554+ return 0;
45555+
45556+ if (is_kernel_text(addr))
45557+ return 1;
45558+
45559+ if (ktla_ktva((unsigned long)_stext) <= addr && addr < ktla_ktva((unsigned long)_etext))
45560+ return 1;
45561+
45562+ if ((addr >= (unsigned long)_sdata && addr <= (unsigned long)_end))
45563+ return 1;
45564+ return in_gate_area_no_task(addr);
45565+#endif
45566+
45567 if (addr >= (unsigned long)_stext && addr <= (unsigned long)_end)
45568 return 1;
45569 return in_gate_area_no_task(addr);
45570@@ -413,7 +437,6 @@ static unsigned long get_ksymbol_core(st
45571
45572 static void reset_iter(struct kallsym_iter *iter, loff_t new_pos)
45573 {
45574- iter->name[0] = '\0';
45575 iter->nameoff = get_symbol_offset(new_pos);
45576 iter->pos = new_pos;
45577 }
45578@@ -461,6 +484,11 @@ static int s_show(struct seq_file *m, vo
45579 {
45580 struct kallsym_iter *iter = m->private;
45581
45582+#ifdef CONFIG_GRKERNSEC_HIDESYM
45583+ if (current_uid())
45584+ return 0;
45585+#endif
45586+
45587 /* Some debugging symbols have no name. Ignore them. */
45588 if (!iter->name[0])
45589 return 0;
45590@@ -501,7 +529,7 @@ static int kallsyms_open(struct inode *i
45591 struct kallsym_iter *iter;
45592 int ret;
45593
45594- iter = kmalloc(sizeof(*iter), GFP_KERNEL);
45595+ iter = kzalloc(sizeof(*iter), GFP_KERNEL);
45596 if (!iter)
45597 return -ENOMEM;
45598 reset_iter(iter, 0);
45599diff -urNp linux-2.6.32.8/kernel/kgdb.c linux-2.6.32.8/kernel/kgdb.c
45600--- linux-2.6.32.8/kernel/kgdb.c 2010-02-09 07:57:19.000000000 -0500
45601+++ linux-2.6.32.8/kernel/kgdb.c 2010-02-13 21:45:10.833538724 -0500
45602@@ -86,7 +86,7 @@ static int kgdb_io_module_registered;
45603 /* Guard for recursive entry */
45604 static int exception_level;
45605
45606-static struct kgdb_io *kgdb_io_ops;
45607+static const struct kgdb_io *kgdb_io_ops;
45608 static DEFINE_SPINLOCK(kgdb_registration_lock);
45609
45610 /* kgdb console driver is loaded */
45611@@ -1637,7 +1637,7 @@ static void kgdb_initial_breakpoint(void
45612 *
45613 * Register it with the KGDB core.
45614 */
45615-int kgdb_register_io_module(struct kgdb_io *new_kgdb_io_ops)
45616+int kgdb_register_io_module(const struct kgdb_io *new_kgdb_io_ops)
45617 {
45618 int err;
45619
45620@@ -1682,7 +1682,7 @@ EXPORT_SYMBOL_GPL(kgdb_register_io_modul
45621 *
45622 * Unregister it with the KGDB core.
45623 */
45624-void kgdb_unregister_io_module(struct kgdb_io *old_kgdb_io_ops)
45625+void kgdb_unregister_io_module(const struct kgdb_io *old_kgdb_io_ops)
45626 {
45627 BUG_ON(kgdb_connected);
45628
45629diff -urNp linux-2.6.32.8/kernel/kmod.c linux-2.6.32.8/kernel/kmod.c
45630--- linux-2.6.32.8/kernel/kmod.c 2010-02-09 07:57:19.000000000 -0500
45631+++ linux-2.6.32.8/kernel/kmod.c 2010-02-13 21:45:10.833538724 -0500
45632@@ -90,6 +90,18 @@ int __request_module(bool wait, const ch
45633 if (ret >= MODULE_NAME_LEN)
45634 return -ENAMETOOLONG;
45635
45636+#ifdef CONFIG_GRKERNSEC_MODHARDEN
45637+ /* we could do a tighter check here, but some distros
45638+ are taking it upon themselves to remove CAP_SYS_MODULE
45639+ from even root-running apps which cause modules to be
45640+ auto-loaded
45641+ */
45642+ if (current_uid()) {
45643+ gr_log_nonroot_mod_load(module_name);
45644+ return -EPERM;
45645+ }
45646+#endif
45647+
45648 /* If modprobe needs a service that is in a module, we get a recursive
45649 * loop. Limit the number of running kmod threads to max_threads/2 or
45650 * MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method
45651diff -urNp linux-2.6.32.8/kernel/kprobes.c linux-2.6.32.8/kernel/kprobes.c
45652--- linux-2.6.32.8/kernel/kprobes.c 2010-02-09 07:57:19.000000000 -0500
45653+++ linux-2.6.32.8/kernel/kprobes.c 2010-02-13 21:45:10.833538724 -0500
45654@@ -183,7 +183,7 @@ static kprobe_opcode_t __kprobes *__get_
45655 * kernel image and loaded module images reside. This is required
45656 * so x86_64 can correctly handle the %rip-relative fixups.
45657 */
45658- kip->insns = module_alloc(PAGE_SIZE);
45659+ kip->insns = module_alloc_exec(PAGE_SIZE);
45660 if (!kip->insns) {
45661 kfree(kip);
45662 return NULL;
45663@@ -220,7 +220,7 @@ static int __kprobes collect_one_slot(st
45664 */
45665 if (!list_is_singular(&kprobe_insn_pages)) {
45666 list_del(&kip->list);
45667- module_free(NULL, kip->insns);
45668+ module_free_exec(NULL, kip->insns);
45669 kfree(kip);
45670 }
45671 return 1;
45672diff -urNp linux-2.6.32.8/kernel/lockdep.c linux-2.6.32.8/kernel/lockdep.c
45673--- linux-2.6.32.8/kernel/lockdep.c 2010-02-09 07:57:19.000000000 -0500
45674+++ linux-2.6.32.8/kernel/lockdep.c 2010-02-13 21:45:10.834810591 -0500
45675@@ -577,6 +577,10 @@ static int static_obj(void *obj)
45676 int i;
45677 #endif
45678
45679+#ifdef CONFIG_PAX_KERNEXEC
45680+ start = ktla_ktva(start);
45681+#endif
45682+
45683 /*
45684 * static variable?
45685 */
45686@@ -592,8 +596,7 @@ static int static_obj(void *obj)
45687 */
45688 for_each_possible_cpu(i) {
45689 start = (unsigned long) &__per_cpu_start + per_cpu_offset(i);
45690- end = (unsigned long) &__per_cpu_start + PERCPU_ENOUGH_ROOM
45691- + per_cpu_offset(i);
45692+ end = start + PERCPU_ENOUGH_ROOM;
45693
45694 if ((addr >= start) && (addr < end))
45695 return 1;
45696@@ -710,6 +713,7 @@ register_lock_class(struct lockdep_map *
45697 if (!static_obj(lock->key)) {
45698 debug_locks_off();
45699 printk("INFO: trying to register non-static key.\n");
45700+ printk("lock:%pS key:%pS.\n", lock, lock->key);
45701 printk("the code is fine but needs lockdep annotation.\n");
45702 printk("turning off the locking correctness validator.\n");
45703 dump_stack();
45704diff -urNp linux-2.6.32.8/kernel/module.c linux-2.6.32.8/kernel/module.c
45705--- linux-2.6.32.8/kernel/module.c 2010-02-09 07:57:19.000000000 -0500
45706+++ linux-2.6.32.8/kernel/module.c 2010-02-13 21:45:10.835856182 -0500
45707@@ -89,7 +89,8 @@ static DECLARE_WAIT_QUEUE_HEAD(module_wq
45708 static BLOCKING_NOTIFIER_HEAD(module_notify_list);
45709
45710 /* Bounds of module allocation, for speeding __module_address */
45711-static unsigned long module_addr_min = -1UL, module_addr_max = 0;
45712+static unsigned long module_addr_min_rw = -1UL, module_addr_max_rw = 0;
45713+static unsigned long module_addr_min_rx = -1UL, module_addr_max_rx = 0;
45714
45715 int register_module_notifier(struct notifier_block * nb)
45716 {
45717@@ -245,7 +246,7 @@ bool each_symbol(bool (*fn)(const struct
45718 return true;
45719
45720 list_for_each_entry_rcu(mod, &modules, list) {
45721- struct symsearch arr[] = {
45722+ struct symsearch modarr[] = {
45723 { mod->syms, mod->syms + mod->num_syms, mod->crcs,
45724 NOT_GPL_ONLY, false },
45725 { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms,
45726@@ -267,7 +268,7 @@ bool each_symbol(bool (*fn)(const struct
45727 #endif
45728 };
45729
45730- if (each_symbol_in_section(arr, ARRAY_SIZE(arr), mod, fn, data))
45731+ if (each_symbol_in_section(modarr, ARRAY_SIZE(modarr), mod, fn, data))
45732 return true;
45733 }
45734 return false;
45735@@ -442,7 +443,7 @@ static void *percpu_modalloc(unsigned lo
45736 void *ptr;
45737 int cpu;
45738
45739- if (align > PAGE_SIZE) {
45740+ if (align-1 >= PAGE_SIZE) {
45741 printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n",
45742 name, align, PAGE_SIZE);
45743 align = PAGE_SIZE;
45744@@ -555,7 +556,11 @@ static void percpu_modcopy(void *pcpudes
45745 int cpu;
45746
45747 for_each_possible_cpu(cpu)
45748+#ifdef CONFIG_X86_32
45749+ memcpy(pcpudest + __per_cpu_offset[cpu], from, size);
45750+#else
45751 memcpy(pcpudest + per_cpu_offset(cpu), from, size);
45752+#endif
45753 }
45754
45755 #else /* ... !CONFIG_SMP */
45756@@ -1543,7 +1548,8 @@ static void free_module(struct module *m
45757 destroy_params(mod->kp, mod->num_kp);
45758
45759 /* This may be NULL, but that's OK */
45760- module_free(mod, mod->module_init);
45761+ module_free(mod, mod->module_init_rw);
45762+ module_free_exec(mod, mod->module_init_rx);
45763 kfree(mod->args);
45764 if (mod->percpu)
45765 percpu_modfree(mod->percpu);
45766@@ -1552,10 +1558,12 @@ static void free_module(struct module *m
45767 percpu_modfree(mod->refptr);
45768 #endif
45769 /* Free lock-classes: */
45770- lockdep_free_key_range(mod->module_core, mod->core_size);
45771+ lockdep_free_key_range(mod->module_core_rx, mod->core_size_rx);
45772+ lockdep_free_key_range(mod->module_core_rw, mod->core_size_rw);
45773
45774 /* Finally, free the core (containing the module structure) */
45775- module_free(mod, mod->module_core);
45776+ module_free_exec(mod, mod->module_core_rx);
45777+ module_free(mod, mod->module_core_rw);
45778
45779 #ifdef CONFIG_MPU
45780 update_protections(current->mm);
45781@@ -1649,7 +1657,9 @@ static int simplify_symbols(Elf_Shdr *se
45782 strtab + sym[i].st_name, mod);
45783 /* Ok if resolved. */
45784 if (ksym) {
45785+ pax_open_kernel();
45786 sym[i].st_value = ksym->value;
45787+ pax_close_kernel();
45788 break;
45789 }
45790
45791@@ -1668,7 +1678,9 @@ static int simplify_symbols(Elf_Shdr *se
45792 secbase = (unsigned long)mod->percpu;
45793 else
45794 secbase = sechdrs[sym[i].st_shndx].sh_addr;
45795+ pax_open_kernel();
45796 sym[i].st_value += secbase;
45797+ pax_close_kernel();
45798 break;
45799 }
45800 }
45801@@ -1729,11 +1741,12 @@ static void layout_sections(struct modul
45802 || s->sh_entsize != ~0UL
45803 || strstarts(secstrings + s->sh_name, ".init"))
45804 continue;
45805- s->sh_entsize = get_offset(mod, &mod->core_size, s, i);
45806+ if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC))
45807+ s->sh_entsize = get_offset(mod, &mod->core_size_rw, s, i);
45808+ else
45809+ s->sh_entsize = get_offset(mod, &mod->core_size_rx, s, i);
45810 DEBUGP("\t%s\n", secstrings + s->sh_name);
45811 }
45812- if (m == 0)
45813- mod->core_text_size = mod->core_size;
45814 }
45815
45816 DEBUGP("Init section allocation order:\n");
45817@@ -1746,12 +1759,13 @@ static void layout_sections(struct modul
45818 || s->sh_entsize != ~0UL
45819 || !strstarts(secstrings + s->sh_name, ".init"))
45820 continue;
45821- s->sh_entsize = (get_offset(mod, &mod->init_size, s, i)
45822- | INIT_OFFSET_MASK);
45823+ if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC))
45824+ s->sh_entsize = get_offset(mod, &mod->init_size_rw, s, i);
45825+ else
45826+ s->sh_entsize = get_offset(mod, &mod->init_size_rx, s, i);
45827+ s->sh_entsize |= INIT_OFFSET_MASK;
45828 DEBUGP("\t%s\n", secstrings + s->sh_name);
45829 }
45830- if (m == 0)
45831- mod->init_text_size = mod->init_size;
45832 }
45833 }
45834
45835@@ -1855,9 +1869,8 @@ static int is_exported(const char *name,
45836
45837 /* As per nm */
45838 static char elf_type(const Elf_Sym *sym,
45839- Elf_Shdr *sechdrs,
45840- const char *secstrings,
45841- struct module *mod)
45842+ const Elf_Shdr *sechdrs,
45843+ const char *secstrings)
45844 {
45845 if (ELF_ST_BIND(sym->st_info) == STB_WEAK) {
45846 if (ELF_ST_TYPE(sym->st_info) == STT_OBJECT)
45847@@ -1932,7 +1945,7 @@ static unsigned long layout_symtab(struc
45848
45849 /* Put symbol section at end of init part of module. */
45850 symsect->sh_flags |= SHF_ALLOC;
45851- symsect->sh_entsize = get_offset(mod, &mod->init_size, symsect,
45852+ symsect->sh_entsize = get_offset(mod, &mod->init_size_rx, symsect,
45853 symindex) | INIT_OFFSET_MASK;
45854 DEBUGP("\t%s\n", secstrings + symsect->sh_name);
45855
45856@@ -1949,19 +1962,19 @@ static unsigned long layout_symtab(struc
45857 }
45858
45859 /* Append room for core symbols at end of core part. */
45860- symoffs = ALIGN(mod->core_size, symsect->sh_addralign ?: 1);
45861- mod->core_size = symoffs + ndst * sizeof(Elf_Sym);
45862+ symoffs = ALIGN(mod->core_size_rx, symsect->sh_addralign ?: 1);
45863+ mod->core_size_rx = symoffs + ndst * sizeof(Elf_Sym);
45864
45865 /* Put string table section at end of init part of module. */
45866 strsect->sh_flags |= SHF_ALLOC;
45867- strsect->sh_entsize = get_offset(mod, &mod->init_size, strsect,
45868+ strsect->sh_entsize = get_offset(mod, &mod->init_size_rx, strsect,
45869 strindex) | INIT_OFFSET_MASK;
45870 DEBUGP("\t%s\n", secstrings + strsect->sh_name);
45871
45872 /* Append room for core symbols' strings at end of core part. */
45873- *pstroffs = mod->core_size;
45874+ *pstroffs = mod->core_size_rx;
45875 __set_bit(0, strmap);
45876- mod->core_size += bitmap_weight(strmap, strsect->sh_size);
45877+ mod->core_size_rx += bitmap_weight(strmap, strsect->sh_size);
45878
45879 return symoffs;
45880 }
45881@@ -1985,12 +1998,14 @@ static void add_kallsyms(struct module *
45882 mod->num_symtab = sechdrs[symindex].sh_size / sizeof(Elf_Sym);
45883 mod->strtab = (void *)sechdrs[strindex].sh_addr;
45884
45885+ pax_open_kernel();
45886+
45887 /* Set types up while we still have access to sections. */
45888 for (i = 0; i < mod->num_symtab; i++)
45889 mod->symtab[i].st_info
45890- = elf_type(&mod->symtab[i], sechdrs, secstrings, mod);
45891+ = elf_type(&mod->symtab[i], sechdrs, secstrings);
45892
45893- mod->core_symtab = dst = mod->module_core + symoffs;
45894+ mod->core_symtab = dst = mod->module_core_rx + symoffs;
45895 src = mod->symtab;
45896 *dst = *src;
45897 for (ndst = i = 1; i < mod->num_symtab; ++i, ++src) {
45898@@ -2002,10 +2017,12 @@ static void add_kallsyms(struct module *
45899 }
45900 mod->core_num_syms = ndst;
45901
45902- mod->core_strtab = s = mod->module_core + stroffs;
45903+ mod->core_strtab = s = mod->module_core_rx + stroffs;
45904 for (*s = 0, i = 1; i < sechdrs[strindex].sh_size; ++i)
45905 if (test_bit(i, strmap))
45906 *++s = mod->strtab[i];
45907+
45908+ pax_close_kernel();
45909 }
45910 #else
45911 static inline unsigned long layout_symtab(struct module *mod,
45912@@ -2042,16 +2059,30 @@ static void dynamic_debug_setup(struct _
45913 #endif
45914 }
45915
45916-static void *module_alloc_update_bounds(unsigned long size)
45917+static void *module_alloc_update_bounds_rw(unsigned long size)
45918 {
45919 void *ret = module_alloc(size);
45920
45921 if (ret) {
45922 /* Update module bounds. */
45923- if ((unsigned long)ret < module_addr_min)
45924- module_addr_min = (unsigned long)ret;
45925- if ((unsigned long)ret + size > module_addr_max)
45926- module_addr_max = (unsigned long)ret + size;
45927+ if ((unsigned long)ret < module_addr_min_rw)
45928+ module_addr_min_rw = (unsigned long)ret;
45929+ if ((unsigned long)ret + size > module_addr_max_rw)
45930+ module_addr_max_rw = (unsigned long)ret + size;
45931+ }
45932+ return ret;
45933+}
45934+
45935+static void *module_alloc_update_bounds_rx(unsigned long size)
45936+{
45937+ void *ret = module_alloc_exec(size);
45938+
45939+ if (ret) {
45940+ /* Update module bounds. */
45941+ if ((unsigned long)ret < module_addr_min_rx)
45942+ module_addr_min_rx = (unsigned long)ret;
45943+ if ((unsigned long)ret + size > module_addr_max_rx)
45944+ module_addr_max_rx = (unsigned long)ret + size;
45945 }
45946 return ret;
45947 }
45948@@ -2063,8 +2094,8 @@ static void kmemleak_load_module(struct
45949 unsigned int i;
45950
45951 /* only scan the sections containing data */
45952- kmemleak_scan_area(mod->module_core, (unsigned long)mod -
45953- (unsigned long)mod->module_core,
45954+ kmemleak_scan_area(mod->module_core_rw, (unsigned long)mod -
45955+ (unsigned long)mod->module_core_rw,
45956 sizeof(struct module), GFP_KERNEL);
45957
45958 for (i = 1; i < hdr->e_shnum; i++) {
45959@@ -2074,8 +2105,8 @@ static void kmemleak_load_module(struct
45960 && strncmp(secstrings + sechdrs[i].sh_name, ".bss", 4) != 0)
45961 continue;
45962
45963- kmemleak_scan_area(mod->module_core, sechdrs[i].sh_addr -
45964- (unsigned long)mod->module_core,
45965+ kmemleak_scan_area(mod->module_core_rw, sechdrs[i].sh_addr -
45966+ (unsigned long)mod->module_core_rw,
45967 sechdrs[i].sh_size, GFP_KERNEL);
45968 }
45969 }
45970@@ -2261,7 +2292,7 @@ static noinline struct module *load_modu
45971 secstrings, &stroffs, strmap);
45972
45973 /* Do the allocs. */
45974- ptr = module_alloc_update_bounds(mod->core_size);
45975+ ptr = module_alloc_update_bounds_rw(mod->core_size_rw);
45976 /*
45977 * The pointer to this block is stored in the module structure
45978 * which is inside the block. Just mark it as not being a
45979@@ -2272,23 +2303,47 @@ static noinline struct module *load_modu
45980 err = -ENOMEM;
45981 goto free_percpu;
45982 }
45983- memset(ptr, 0, mod->core_size);
45984- mod->module_core = ptr;
45985+ memset(ptr, 0, mod->core_size_rw);
45986+ mod->module_core_rw = ptr;
45987
45988- ptr = module_alloc_update_bounds(mod->init_size);
45989+ ptr = module_alloc_update_bounds_rw(mod->init_size_rw);
45990 /*
45991 * The pointer to this block is stored in the module structure
45992 * which is inside the block. This block doesn't need to be
45993 * scanned as it contains data and code that will be freed
45994 * after the module is initialized.
45995 */
45996- kmemleak_ignore(ptr);
45997- if (!ptr && mod->init_size) {
45998+ kmemleak_not_leak(ptr);
45999+ if (!ptr && mod->init_size_rw) {
46000+ err = -ENOMEM;
46001+ goto free_core_rw;
46002+ }
46003+ memset(ptr, 0, mod->init_size_rw);
46004+ mod->module_init_rw = ptr;
46005+
46006+ ptr = module_alloc_update_bounds_rx(mod->core_size_rx);
46007+ kmemleak_not_leak(ptr);
46008+ if (!ptr) {
46009+ err = -ENOMEM;
46010+ goto free_init_rw;
46011+ }
46012+
46013+ pax_open_kernel();
46014+ memset(ptr, 0, mod->core_size_rx);
46015+ pax_close_kernel();
46016+ mod->module_core_rx = ptr;
46017+
46018+ ptr = module_alloc_update_bounds_rx(mod->init_size_rx);
46019+ kmemleak_not_leak(ptr);
46020+ if (!ptr && mod->init_size_rx) {
46021 err = -ENOMEM;
46022- goto free_core;
46023+ goto free_core_rx;
46024 }
46025- memset(ptr, 0, mod->init_size);
46026- mod->module_init = ptr;
46027+
46028+ pax_open_kernel();
46029+ memset(ptr, 0, mod->init_size_rx);
46030+ pax_close_kernel();
46031+ mod->module_init_rx = ptr;
46032
46033 /* Transfer each section which specifies SHF_ALLOC */
46034 DEBUGP("final section addresses:\n");
46035@@ -2298,17 +2353,41 @@ static noinline struct module *load_modu
46036 if (!(sechdrs[i].sh_flags & SHF_ALLOC))
46037 continue;
46038
46039- if (sechdrs[i].sh_entsize & INIT_OFFSET_MASK)
46040- dest = mod->module_init
46041- + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK);
46042- else
46043- dest = mod->module_core + sechdrs[i].sh_entsize;
46044+ if (sechdrs[i].sh_entsize & INIT_OFFSET_MASK) {
46045+ if ((sechdrs[i].sh_flags & SHF_WRITE) || !(sechdrs[i].sh_flags & SHF_ALLOC))
46046+ dest = mod->module_init_rw
46047+ + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK);
46048+ else
46049+ dest = mod->module_init_rx
46050+ + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK);
46051+ } else {
46052+ if ((sechdrs[i].sh_flags & SHF_WRITE) || !(sechdrs[i].sh_flags & SHF_ALLOC))
46053+ dest = mod->module_core_rw + sechdrs[i].sh_entsize;
46054+ else
46055+ dest = mod->module_core_rx + sechdrs[i].sh_entsize;
46056+ }
46057+
46058+ if (sechdrs[i].sh_type != SHT_NOBITS) {
46059
46060- if (sechdrs[i].sh_type != SHT_NOBITS)
46061- memcpy(dest, (void *)sechdrs[i].sh_addr,
46062- sechdrs[i].sh_size);
46063+#ifdef CONFIG_PAX_KERNEXEC
46064+ if (!(sechdrs[i].sh_flags & SHF_WRITE) && (sechdrs[i].sh_flags & SHF_ALLOC)) {
46065+ pax_open_kernel();
46066+ memcpy(dest, (void *)sechdrs[i].sh_addr, sechdrs[i].sh_size);
46067+ pax_close_kernel();
46068+ } else
46069+#endif
46070+
46071+ memcpy(dest, (void *)sechdrs[i].sh_addr, sechdrs[i].sh_size);
46072+ }
46073 /* Update sh_addr to point to copy in image. */
46074- sechdrs[i].sh_addr = (unsigned long)dest;
46075+
46076+#ifdef CONFIG_PAX_KERNEXEC
46077+ if (sechdrs[i].sh_flags & SHF_EXECINSTR)
46078+ sechdrs[i].sh_addr = ktva_ktla((unsigned long)dest);
46079+ else
46080+#endif
46081+
46082+ sechdrs[i].sh_addr = (unsigned long)dest;
46083 DEBUGP("\t0x%lx %s\n", sechdrs[i].sh_addr, secstrings + sechdrs[i].sh_name);
46084 }
46085 /* Module has been moved. */
46086@@ -2320,7 +2399,7 @@ static noinline struct module *load_modu
46087 mod->name);
46088 if (!mod->refptr) {
46089 err = -ENOMEM;
46090- goto free_init;
46091+ goto free_init_rx;
46092 }
46093 #endif
46094 /* Now we've moved module, initialize linked lists, etc. */
46095@@ -2429,8 +2508,8 @@ static noinline struct module *load_modu
46096
46097 /* Now do relocations. */
46098 for (i = 1; i < hdr->e_shnum; i++) {
46099- const char *strtab = (char *)sechdrs[strindex].sh_addr;
46100 unsigned int info = sechdrs[i].sh_info;
46101+ strtab = (char *)sechdrs[strindex].sh_addr;
46102
46103 /* Not a valid relocation section? */
46104 if (info >= hdr->e_shnum)
46105@@ -2491,12 +2570,12 @@ static noinline struct module *load_modu
46106 * Do it before processing of module parameters, so the module
46107 * can provide parameter accessor functions of its own.
46108 */
46109- if (mod->module_init)
46110- flush_icache_range((unsigned long)mod->module_init,
46111- (unsigned long)mod->module_init
46112- + mod->init_size);
46113- flush_icache_range((unsigned long)mod->module_core,
46114- (unsigned long)mod->module_core + mod->core_size);
46115+ if (mod->module_init_rx)
46116+ flush_icache_range((unsigned long)mod->module_init_rx,
46117+ (unsigned long)mod->module_init_rx
46118+ + mod->init_size_rx);
46119+ flush_icache_range((unsigned long)mod->module_core_rx,
46120+ (unsigned long)mod->module_core_rx + mod->core_size_rx);
46121
46122 set_fs(old_fs);
46123
46124@@ -2544,12 +2623,16 @@ static noinline struct module *load_modu
46125 free_unload:
46126 module_unload_free(mod);
46127 #if defined(CONFIG_MODULE_UNLOAD) && defined(CONFIG_SMP)
46128+ free_init_rx:
46129 percpu_modfree(mod->refptr);
46130- free_init:
46131 #endif
46132- module_free(mod, mod->module_init);
46133- free_core:
46134- module_free(mod, mod->module_core);
46135+ module_free_exec(mod, mod->module_init_rx);
46136+ free_core_rx:
46137+ module_free_exec(mod, mod->module_core_rx);
46138+ free_init_rw:
46139+ module_free(mod, mod->module_init_rw);
46140+ free_core_rw:
46141+ module_free(mod, mod->module_core_rw);
46142 /* mod will be freed with core. Don't access it beyond this line! */
46143 free_percpu:
46144 if (percpu)
46145@@ -2651,10 +2734,12 @@ SYSCALL_DEFINE3(init_module, void __user
46146 mod->symtab = mod->core_symtab;
46147 mod->strtab = mod->core_strtab;
46148 #endif
46149- module_free(mod, mod->module_init);
46150- mod->module_init = NULL;
46151- mod->init_size = 0;
46152- mod->init_text_size = 0;
46153+ module_free(mod, mod->module_init_rw);
46154+ module_free_exec(mod, mod->module_init_rx);
46155+ mod->module_init_rw = NULL;
46156+ mod->module_init_rx = NULL;
46157+ mod->init_size_rw = 0;
46158+ mod->init_size_rx = 0;
46159 mutex_unlock(&module_mutex);
46160
46161 return 0;
46162@@ -2685,10 +2770,16 @@ static const char *get_ksymbol(struct mo
46163 unsigned long nextval;
46164
46165 /* At worse, next value is at end of module */
46166- if (within_module_init(addr, mod))
46167- nextval = (unsigned long)mod->module_init+mod->init_text_size;
46168+ if (within_module_init_rx(addr, mod))
46169+ nextval = (unsigned long)mod->module_init_rx+mod->init_size_rx;
46170+ else if (within_module_init_rw(addr, mod))
46171+ nextval = (unsigned long)mod->module_init_rw+mod->init_size_rw;
46172+ else if (within_module_core_rx(addr, mod))
46173+ nextval = (unsigned long)mod->module_core_rx+mod->core_size_rx;
46174+ else if (within_module_core_rw(addr, mod))
46175+ nextval = (unsigned long)mod->module_core_rw+mod->core_size_rw;
46176 else
46177- nextval = (unsigned long)mod->module_core+mod->core_text_size;
46178+ return NULL;
46179
46180 /* Scan for closest preceeding symbol, and next symbol. (ELF
46181 starts real symbols at 1). */
46182@@ -2934,7 +3025,7 @@ static int m_show(struct seq_file *m, vo
46183 char buf[8];
46184
46185 seq_printf(m, "%s %u",
46186- mod->name, mod->init_size + mod->core_size);
46187+ mod->name, mod->init_size_rx + mod->init_size_rw + mod->core_size_rx + mod->core_size_rw);
46188 print_unload_info(m, mod);
46189
46190 /* Informative for users. */
46191@@ -2943,7 +3034,7 @@ static int m_show(struct seq_file *m, vo
46192 mod->state == MODULE_STATE_COMING ? "Loading":
46193 "Live");
46194 /* Used by oprofile and other similar tools. */
46195- seq_printf(m, " 0x%p", mod->module_core);
46196+ seq_printf(m, " 0x%p 0x%p", mod->module_core_rx, mod->module_core_rw);
46197
46198 /* Taints info */
46199 if (mod->taints)
46200@@ -2979,7 +3070,17 @@ static const struct file_operations proc
46201
46202 static int __init proc_modules_init(void)
46203 {
46204+#ifndef CONFIG_GRKERNSEC_HIDESYM
46205+#ifdef CONFIG_GRKERNSEC_PROC_USER
46206+ proc_create("modules", S_IRUSR, NULL, &proc_modules_operations);
46207+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
46208+ proc_create("modules", S_IRUSR | S_IRGRP, NULL, &proc_modules_operations);
46209+#else
46210 proc_create("modules", 0, NULL, &proc_modules_operations);
46211+#endif
46212+#else
46213+ proc_create("modules", S_IRUSR, NULL, &proc_modules_operations);
46214+#endif
46215 return 0;
46216 }
46217 module_init(proc_modules_init);
46218@@ -3038,12 +3139,12 @@ struct module *__module_address(unsigned
46219 {
46220 struct module *mod;
46221
46222- if (addr < module_addr_min || addr > module_addr_max)
46223+ if ((addr < module_addr_min_rx || addr > module_addr_max_rx) &&
46224+ (addr < module_addr_min_rw || addr > module_addr_max_rw))
46225 return NULL;
46226
46227 list_for_each_entry_rcu(mod, &modules, list)
46228- if (within_module_core(addr, mod)
46229- || within_module_init(addr, mod))
46230+ if (within_module_init(addr, mod) || within_module_core(addr, mod))
46231 return mod;
46232 return NULL;
46233 }
46234@@ -3077,11 +3178,20 @@ bool is_module_text_address(unsigned lon
46235 */
46236 struct module *__module_text_address(unsigned long addr)
46237 {
46238- struct module *mod = __module_address(addr);
46239+ struct module *mod;
46240+
46241+#ifdef CONFIG_X86_32
46242+ addr = ktla_ktva(addr);
46243+#endif
46244+
46245+ if (addr < module_addr_min_rx || addr > module_addr_max_rx)
46246+ return NULL;
46247+
46248+ mod = __module_address(addr);
46249+
46250 if (mod) {
46251 /* Make sure it's within the text section. */
46252- if (!within(addr, mod->module_init, mod->init_text_size)
46253- && !within(addr, mod->module_core, mod->core_text_size))
46254+ if (!within_module_init_rx(addr, mod) && !within_module_core_rx(addr, mod))
46255 mod = NULL;
46256 }
46257 return mod;
46258diff -urNp linux-2.6.32.8/kernel/panic.c linux-2.6.32.8/kernel/panic.c
46259--- linux-2.6.32.8/kernel/panic.c 2010-02-09 07:57:19.000000000 -0500
46260+++ linux-2.6.32.8/kernel/panic.c 2010-02-13 21:45:10.836559099 -0500
46261@@ -392,7 +392,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
46262 */
46263 void __stack_chk_fail(void)
46264 {
46265- panic("stack-protector: Kernel stack is corrupted in: %p\n",
46266+ dump_stack();
46267+ panic("stack-protector: Kernel stack is corrupted in: %pS\n",
46268 __builtin_return_address(0));
46269 }
46270 EXPORT_SYMBOL(__stack_chk_fail);
46271diff -urNp linux-2.6.32.8/kernel/params.c linux-2.6.32.8/kernel/params.c
46272--- linux-2.6.32.8/kernel/params.c 2010-02-09 07:57:19.000000000 -0500
46273+++ linux-2.6.32.8/kernel/params.c 2010-02-13 21:45:10.836559099 -0500
46274@@ -725,7 +725,7 @@ static ssize_t module_attr_store(struct
46275 return ret;
46276 }
46277
46278-static struct sysfs_ops module_sysfs_ops = {
46279+static const struct sysfs_ops module_sysfs_ops = {
46280 .show = module_attr_show,
46281 .store = module_attr_store,
46282 };
46283@@ -739,7 +739,7 @@ static int uevent_filter(struct kset *ks
46284 return 0;
46285 }
46286
46287-static struct kset_uevent_ops module_uevent_ops = {
46288+static const struct kset_uevent_ops module_uevent_ops = {
46289 .filter = uevent_filter,
46290 };
46291
46292diff -urNp linux-2.6.32.8/kernel/pid.c linux-2.6.32.8/kernel/pid.c
46293--- linux-2.6.32.8/kernel/pid.c 2010-02-09 07:57:19.000000000 -0500
46294+++ linux-2.6.32.8/kernel/pid.c 2010-02-13 21:45:10.836559099 -0500
46295@@ -33,6 +33,7 @@
46296 #include <linux/rculist.h>
46297 #include <linux/bootmem.h>
46298 #include <linux/hash.h>
46299+#include <linux/security.h>
46300 #include <linux/pid_namespace.h>
46301 #include <linux/init_task.h>
46302 #include <linux/syscalls.h>
46303@@ -45,7 +46,7 @@ struct pid init_struct_pid = INIT_STRUCT
46304
46305 int pid_max = PID_MAX_DEFAULT;
46306
46307-#define RESERVED_PIDS 300
46308+#define RESERVED_PIDS 500
46309
46310 int pid_max_min = RESERVED_PIDS + 1;
46311 int pid_max_max = PID_MAX_LIMIT;
46312@@ -380,7 +381,14 @@ EXPORT_SYMBOL(pid_task);
46313 */
46314 struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns)
46315 {
46316- return pid_task(find_pid_ns(nr, ns), PIDTYPE_PID);
46317+ struct task_struct *task;
46318+
46319+ task = pid_task(find_pid_ns(nr, ns), PIDTYPE_PID);
46320+
46321+ if (gr_pid_is_chrooted(task))
46322+ return NULL;
46323+
46324+ return task;
46325 }
46326
46327 struct task_struct *find_task_by_vpid(pid_t vnr)
46328diff -urNp linux-2.6.32.8/kernel/posix-cpu-timers.c linux-2.6.32.8/kernel/posix-cpu-timers.c
46329--- linux-2.6.32.8/kernel/posix-cpu-timers.c 2010-02-09 07:57:19.000000000 -0500
46330+++ linux-2.6.32.8/kernel/posix-cpu-timers.c 2010-02-13 21:45:10.836559099 -0500
46331@@ -6,6 +6,7 @@
46332 #include <linux/posix-timers.h>
46333 #include <linux/errno.h>
46334 #include <linux/math64.h>
46335+#include <linux/security.h>
46336 #include <asm/uaccess.h>
46337 #include <linux/kernel_stat.h>
46338 #include <trace/events/timer.h>
46339@@ -1044,6 +1045,7 @@ static void check_thread_timers(struct t
46340 __group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk);
46341 return;
46342 }
46343+ gr_learn_resource(tsk, RLIMIT_RTTIME, tsk->rt.timeout, 1);
46344 if (tsk->rt.timeout > DIV_ROUND_UP(*soft, USEC_PER_SEC/HZ)) {
46345 /*
46346 * At the soft limit, send a SIGXCPU every second.
46347@@ -1206,6 +1208,7 @@ static void check_process_timers(struct
46348 __group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk);
46349 return;
46350 }
46351+ gr_learn_resource(tsk, RLIMIT_CPU, psecs, 0);
46352 if (psecs >= sig->rlim[RLIMIT_CPU].rlim_cur) {
46353 /*
46354 * At the soft limit, send a SIGXCPU every second.
46355diff -urNp linux-2.6.32.8/kernel/power/hibernate.c linux-2.6.32.8/kernel/power/hibernate.c
46356--- linux-2.6.32.8/kernel/power/hibernate.c 2010-02-09 07:57:19.000000000 -0500
46357+++ linux-2.6.32.8/kernel/power/hibernate.c 2010-02-13 21:45:10.837813262 -0500
46358@@ -48,14 +48,14 @@ enum {
46359
46360 static int hibernation_mode = HIBERNATION_SHUTDOWN;
46361
46362-static struct platform_hibernation_ops *hibernation_ops;
46363+static const struct platform_hibernation_ops *hibernation_ops;
46364
46365 /**
46366 * hibernation_set_ops - set the global hibernate operations
46367 * @ops: the hibernation operations to use in subsequent hibernation transitions
46368 */
46369
46370-void hibernation_set_ops(struct platform_hibernation_ops *ops)
46371+void hibernation_set_ops(const struct platform_hibernation_ops *ops)
46372 {
46373 if (ops && !(ops->begin && ops->end && ops->pre_snapshot
46374 && ops->prepare && ops->finish && ops->enter && ops->pre_restore
46375diff -urNp linux-2.6.32.8/kernel/power/poweroff.c linux-2.6.32.8/kernel/power/poweroff.c
46376--- linux-2.6.32.8/kernel/power/poweroff.c 2010-02-09 07:57:19.000000000 -0500
46377+++ linux-2.6.32.8/kernel/power/poweroff.c 2010-02-13 21:45:10.837813262 -0500
46378@@ -37,7 +37,7 @@ static struct sysrq_key_op sysrq_powerof
46379 .enable_mask = SYSRQ_ENABLE_BOOT,
46380 };
46381
46382-static int pm_sysrq_init(void)
46383+static int __init pm_sysrq_init(void)
46384 {
46385 register_sysrq_key('o', &sysrq_poweroff_op);
46386 return 0;
46387diff -urNp linux-2.6.32.8/kernel/power/process.c linux-2.6.32.8/kernel/power/process.c
46388--- linux-2.6.32.8/kernel/power/process.c 2010-02-09 07:57:19.000000000 -0500
46389+++ linux-2.6.32.8/kernel/power/process.c 2010-02-13 21:45:10.837813262 -0500
46390@@ -37,12 +37,15 @@ static int try_to_freeze_tasks(bool sig_
46391 struct timeval start, end;
46392 u64 elapsed_csecs64;
46393 unsigned int elapsed_csecs;
46394+ bool timedout = false;
46395
46396 do_gettimeofday(&start);
46397
46398 end_time = jiffies + TIMEOUT;
46399 do {
46400 todo = 0;
46401+ if (time_after(jiffies, end_time))
46402+ timedout = true;
46403 read_lock(&tasklist_lock);
46404 do_each_thread(g, p) {
46405 if (frozen(p) || !freezeable(p))
46406@@ -57,15 +60,17 @@ static int try_to_freeze_tasks(bool sig_
46407 * It is "frozen enough". If the task does wake
46408 * up, it will immediately call try_to_freeze.
46409 */
46410- if (!task_is_stopped_or_traced(p) &&
46411- !freezer_should_skip(p))
46412+ if (!task_is_stopped_or_traced(p) && !freezer_should_skip(p)) {
46413 todo++;
46414+ if (timedout) {
46415+ printk(KERN_ERR "Task refusing to freeze:\n");
46416+ sched_show_task(p);
46417+ }
46418+ }
46419 } while_each_thread(g, p);
46420 read_unlock(&tasklist_lock);
46421 yield(); /* Yield is okay here */
46422- if (time_after(jiffies, end_time))
46423- break;
46424- } while (todo);
46425+ } while (todo && !timedout);
46426
46427 do_gettimeofday(&end);
46428 elapsed_csecs64 = timeval_to_ns(&end) - timeval_to_ns(&start);
46429diff -urNp linux-2.6.32.8/kernel/power/suspend.c linux-2.6.32.8/kernel/power/suspend.c
46430--- linux-2.6.32.8/kernel/power/suspend.c 2010-02-09 07:57:19.000000000 -0500
46431+++ linux-2.6.32.8/kernel/power/suspend.c 2010-02-13 21:45:10.837813262 -0500
46432@@ -23,13 +23,13 @@ const char *const pm_states[PM_SUSPEND_M
46433 [PM_SUSPEND_MEM] = "mem",
46434 };
46435
46436-static struct platform_suspend_ops *suspend_ops;
46437+static const struct platform_suspend_ops *suspend_ops;
46438
46439 /**
46440 * suspend_set_ops - Set the global suspend method table.
46441 * @ops: Pointer to ops structure.
46442 */
46443-void suspend_set_ops(struct platform_suspend_ops *ops)
46444+void suspend_set_ops(const struct platform_suspend_ops *ops)
46445 {
46446 mutex_lock(&pm_mutex);
46447 suspend_ops = ops;
46448diff -urNp linux-2.6.32.8/kernel/printk.c linux-2.6.32.8/kernel/printk.c
46449--- linux-2.6.32.8/kernel/printk.c 2010-02-09 07:57:19.000000000 -0500
46450+++ linux-2.6.32.8/kernel/printk.c 2010-02-13 21:45:10.838544634 -0500
46451@@ -278,6 +278,11 @@ int do_syslog(int type, char __user *buf
46452 char c;
46453 int error = 0;
46454
46455+#ifdef CONFIG_GRKERNSEC_DMESG
46456+ if (grsec_enable_dmesg && !capable(CAP_SYS_ADMIN))
46457+ return -EPERM;
46458+#endif
46459+
46460 error = security_syslog(type);
46461 if (error)
46462 return error;
46463diff -urNp linux-2.6.32.8/kernel/ptrace.c linux-2.6.32.8/kernel/ptrace.c
46464--- linux-2.6.32.8/kernel/ptrace.c 2010-02-09 07:57:19.000000000 -0500
46465+++ linux-2.6.32.8/kernel/ptrace.c 2010-02-13 21:45:10.838544634 -0500
46466@@ -141,7 +141,7 @@ int __ptrace_may_access(struct task_stru
46467 cred->gid != tcred->egid ||
46468 cred->gid != tcred->sgid ||
46469 cred->gid != tcred->gid) &&
46470- !capable(CAP_SYS_PTRACE)) {
46471+ !capable_nolog(CAP_SYS_PTRACE)) {
46472 rcu_read_unlock();
46473 return -EPERM;
46474 }
46475@@ -149,7 +149,7 @@ int __ptrace_may_access(struct task_stru
46476 smp_rmb();
46477 if (task->mm)
46478 dumpable = get_dumpable(task->mm);
46479- if (!dumpable && !capable(CAP_SYS_PTRACE))
46480+ if (!dumpable && !capable_nolog(CAP_SYS_PTRACE))
46481 return -EPERM;
46482
46483 return security_ptrace_access_check(task, mode);
46484@@ -199,7 +199,7 @@ int ptrace_attach(struct task_struct *ta
46485 goto unlock_tasklist;
46486
46487 task->ptrace = PT_PTRACED;
46488- if (capable(CAP_SYS_PTRACE))
46489+ if (capable_nolog(CAP_SYS_PTRACE))
46490 task->ptrace |= PT_PTRACE_CAP;
46491
46492 __ptrace_link(task, current);
46493@@ -532,18 +532,18 @@ int ptrace_request(struct task_struct *c
46494 ret = ptrace_setoptions(child, data);
46495 break;
46496 case PTRACE_GETEVENTMSG:
46497- ret = put_user(child->ptrace_message, (unsigned long __user *) data);
46498+ ret = put_user(child->ptrace_message, (__force unsigned long __user *) data);
46499 break;
46500
46501 case PTRACE_GETSIGINFO:
46502 ret = ptrace_getsiginfo(child, &siginfo);
46503 if (!ret)
46504- ret = copy_siginfo_to_user((siginfo_t __user *) data,
46505+ ret = copy_siginfo_to_user((__force siginfo_t __user *) data,
46506 &siginfo);
46507 break;
46508
46509 case PTRACE_SETSIGINFO:
46510- if (copy_from_user(&siginfo, (siginfo_t __user *) data,
46511+ if (copy_from_user(&siginfo, (__force siginfo_t __user *) data,
46512 sizeof siginfo))
46513 ret = -EFAULT;
46514 else
46515@@ -621,6 +621,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
46516 goto out;
46517 }
46518
46519+ if (gr_handle_ptrace(child, request)) {
46520+ ret = -EPERM;
46521+ goto out_put_task_struct;
46522+ }
46523+
46524 if (request == PTRACE_ATTACH) {
46525 ret = ptrace_attach(child);
46526 /*
46527@@ -653,7 +658,7 @@ int generic_ptrace_peekdata(struct task_
46528 copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
46529 if (copied != sizeof(tmp))
46530 return -EIO;
46531- return put_user(tmp, (unsigned long __user *)data);
46532+ return put_user(tmp, (__force unsigned long __user *)data);
46533 }
46534
46535 int generic_ptrace_pokedata(struct task_struct *tsk, long addr, long data)
46536diff -urNp linux-2.6.32.8/kernel/relay.c linux-2.6.32.8/kernel/relay.c
46537--- linux-2.6.32.8/kernel/relay.c 2010-02-09 07:57:19.000000000 -0500
46538+++ linux-2.6.32.8/kernel/relay.c 2010-02-13 21:45:10.839541719 -0500
46539@@ -1292,7 +1292,7 @@ static int subbuf_splice_actor(struct fi
46540 return 0;
46541
46542 ret = *nonpad_ret = splice_to_pipe(pipe, &spd);
46543- if (ret < 0 || ret < total_len)
46544+ if ((int)ret < 0 || ret < total_len)
46545 return ret;
46546
46547 if (read_start + ret == nonpad_end)
46548diff -urNp linux-2.6.32.8/kernel/resource.c linux-2.6.32.8/kernel/resource.c
46549--- linux-2.6.32.8/kernel/resource.c 2010-02-09 07:57:19.000000000 -0500
46550+++ linux-2.6.32.8/kernel/resource.c 2010-02-13 21:45:10.839541719 -0500
46551@@ -132,8 +132,18 @@ static const struct file_operations proc
46552
46553 static int __init ioresources_init(void)
46554 {
46555+#ifdef CONFIG_GRKERNSEC_PROC_ADD
46556+#ifdef CONFIG_GRKERNSEC_PROC_USER
46557+ proc_create("ioports", S_IRUSR, NULL, &proc_ioports_operations);
46558+ proc_create("iomem", S_IRUSR, NULL, &proc_iomem_operations);
46559+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
46560+ proc_create("ioports", S_IRUSR | S_IRGRP, NULL, &proc_ioports_operations);
46561+ proc_create("iomem", S_IRUSR | S_IRGRP, NULL, &proc_iomem_operations);
46562+#endif
46563+#else
46564 proc_create("ioports", 0, NULL, &proc_ioports_operations);
46565 proc_create("iomem", 0, NULL, &proc_iomem_operations);
46566+#endif
46567 return 0;
46568 }
46569 __initcall(ioresources_init);
46570diff -urNp linux-2.6.32.8/kernel/sched.c linux-2.6.32.8/kernel/sched.c
46571--- linux-2.6.32.8/kernel/sched.c 2010-02-09 07:57:19.000000000 -0500
46572+++ linux-2.6.32.8/kernel/sched.c 2010-02-13 21:45:10.841542770 -0500
46573@@ -6090,6 +6090,8 @@ int can_nice(const struct task_struct *p
46574 /* convert nice value [19,-20] to rlimit style value [1,40] */
46575 int nice_rlim = 20 - nice;
46576
46577+ gr_learn_resource(p, RLIMIT_NICE, nice_rlim, 1);
46578+
46579 return (nice_rlim <= p->signal->rlim[RLIMIT_NICE].rlim_cur ||
46580 capable(CAP_SYS_NICE));
46581 }
46582@@ -6123,7 +6125,8 @@ SYSCALL_DEFINE1(nice, int, increment)
46583 if (nice > 19)
46584 nice = 19;
46585
46586- if (increment < 0 && !can_nice(current, nice))
46587+ if (increment < 0 && (!can_nice(current, nice) ||
46588+ gr_handle_chroot_nice()))
46589 return -EPERM;
46590
46591 retval = security_task_setnice(current, nice);
46592@@ -6273,6 +6276,8 @@ recheck:
46593 if (rt_policy(policy)) {
46594 unsigned long rlim_rtprio;
46595
46596+ gr_learn_resource(p, RLIMIT_RTPRIO, param->sched_priority, 1);
46597+
46598 if (!lock_task_sighand(p, &flags))
46599 return -ESRCH;
46600 rlim_rtprio = p->signal->rlim[RLIMIT_RTPRIO].rlim_cur;
46601@@ -7424,7 +7429,7 @@ static struct ctl_table sd_ctl_dir[] = {
46602 .procname = "sched_domain",
46603 .mode = 0555,
46604 },
46605- {0, },
46606+ { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
46607 };
46608
46609 static struct ctl_table sd_ctl_root[] = {
46610@@ -7434,7 +7439,7 @@ static struct ctl_table sd_ctl_root[] =
46611 .mode = 0555,
46612 .child = sd_ctl_dir,
46613 },
46614- {0, },
46615+ { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
46616 };
46617
46618 static struct ctl_table *sd_alloc_ctl_entry(int n)
46619diff -urNp linux-2.6.32.8/kernel/signal.c linux-2.6.32.8/kernel/signal.c
46620--- linux-2.6.32.8/kernel/signal.c 2010-02-09 07:57:19.000000000 -0500
46621+++ linux-2.6.32.8/kernel/signal.c 2010-02-13 21:45:10.842542466 -0500
46622@@ -207,6 +207,9 @@ static struct sigqueue *__sigqueue_alloc
46623 */
46624 user = get_uid(__task_cred(t)->user);
46625 atomic_inc(&user->sigpending);
46626+
46627+ if (!override_rlimit)
46628+ gr_learn_resource(t, RLIMIT_SIGPENDING, atomic_read(&user->sigpending), 1);
46629 if (override_rlimit ||
46630 atomic_read(&user->sigpending) <=
46631 t->signal->rlim[RLIMIT_SIGPENDING].rlim_cur)
46632@@ -625,6 +628,9 @@ static int check_kill_permission(int sig
46633 }
46634 }
46635
46636+ if (gr_handle_signal(t, sig))
46637+ return -EPERM;
46638+
46639 return security_task_kill(t, info, sig, 0);
46640 }
46641
46642@@ -966,7 +972,7 @@ __group_send_sig_info(int sig, struct si
46643 return send_signal(sig, info, p, 1);
46644 }
46645
46646-static int
46647+int
46648 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
46649 {
46650 return send_signal(sig, info, t, 0);
46651@@ -1020,6 +1026,9 @@ force_sig_info(int sig, struct siginfo *
46652 ret = specific_send_sig_info(sig, info, t);
46653 spin_unlock_irqrestore(&t->sighand->siglock, flags);
46654
46655+ gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, t);
46656+ gr_handle_crash(t, sig);
46657+
46658 return ret;
46659 }
46660
46661@@ -1079,8 +1088,11 @@ int group_send_sig_info(int sig, struct
46662 {
46663 int ret = check_kill_permission(sig, info, p);
46664
46665- if (!ret && sig)
46666+ if (!ret && sig) {
46667 ret = do_send_sig_info(sig, info, p, true);
46668+ if (!ret)
46669+ gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, p);
46670+ }
46671
46672 return ret;
46673 }
46674diff -urNp linux-2.6.32.8/kernel/smp.c linux-2.6.32.8/kernel/smp.c
46675--- linux-2.6.32.8/kernel/smp.c 2010-02-09 07:57:19.000000000 -0500
46676+++ linux-2.6.32.8/kernel/smp.c 2010-02-13 21:45:10.842542466 -0500
46677@@ -459,22 +459,22 @@ int smp_call_function(void (*func)(void
46678 }
46679 EXPORT_SYMBOL(smp_call_function);
46680
46681-void ipi_call_lock(void)
46682+void ipi_call_lock(void) __acquires(call_function.lock)
46683 {
46684 spin_lock(&call_function.lock);
46685 }
46686
46687-void ipi_call_unlock(void)
46688+void ipi_call_unlock(void) __releases(call_function.lock)
46689 {
46690 spin_unlock(&call_function.lock);
46691 }
46692
46693-void ipi_call_lock_irq(void)
46694+void ipi_call_lock_irq(void) __acquires(call_function.lock)
46695 {
46696 spin_lock_irq(&call_function.lock);
46697 }
46698
46699-void ipi_call_unlock_irq(void)
46700+void ipi_call_unlock_irq(void) __releases(call_function.lock)
46701 {
46702 spin_unlock_irq(&call_function.lock);
46703 }
46704diff -urNp linux-2.6.32.8/kernel/softirq.c linux-2.6.32.8/kernel/softirq.c
46705--- linux-2.6.32.8/kernel/softirq.c 2010-02-09 07:57:19.000000000 -0500
46706+++ linux-2.6.32.8/kernel/softirq.c 2010-02-13 21:45:10.843549351 -0500
46707@@ -56,7 +56,7 @@ static struct softirq_action softirq_vec
46708
46709 static DEFINE_PER_CPU(struct task_struct *, ksoftirqd);
46710
46711-char *softirq_to_name[NR_SOFTIRQS] = {
46712+const char * const softirq_to_name[NR_SOFTIRQS] = {
46713 "HI", "TIMER", "NET_TX", "NET_RX", "BLOCK", "BLOCK_IOPOLL",
46714 "TASKLET", "SCHED", "HRTIMER", "RCU"
46715 };
46716diff -urNp linux-2.6.32.8/kernel/sys.c linux-2.6.32.8/kernel/sys.c
46717--- linux-2.6.32.8/kernel/sys.c 2010-02-09 07:57:19.000000000 -0500
46718+++ linux-2.6.32.8/kernel/sys.c 2010-02-13 21:45:10.843549351 -0500
46719@@ -133,6 +133,12 @@ static int set_one_prio(struct task_stru
46720 error = -EACCES;
46721 goto out;
46722 }
46723+
46724+ if (gr_handle_chroot_setpriority(p, niceval)) {
46725+ error = -EACCES;
46726+ goto out;
46727+ }
46728+
46729 no_nice = security_task_setnice(p, niceval);
46730 if (no_nice) {
46731 error = no_nice;
46732@@ -190,10 +196,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
46733 !(user = find_user(who)))
46734 goto out_unlock; /* No processes for this user */
46735
46736- do_each_thread(g, p)
46737+ do_each_thread(g, p) {
46738 if (__task_cred(p)->uid == who)
46739 error = set_one_prio(p, niceval, error);
46740- while_each_thread(g, p);
46741+ } while_each_thread(g, p);
46742 if (who != cred->uid)
46743 free_uid(user); /* For find_user() */
46744 break;
46745@@ -253,13 +259,13 @@ SYSCALL_DEFINE2(getpriority, int, which,
46746 !(user = find_user(who)))
46747 goto out_unlock; /* No processes for this user */
46748
46749- do_each_thread(g, p)
46750+ do_each_thread(g, p) {
46751 if (__task_cred(p)->uid == who) {
46752 niceval = 20 - task_nice(p);
46753 if (niceval > retval)
46754 retval = niceval;
46755 }
46756- while_each_thread(g, p);
46757+ } while_each_thread(g, p);
46758 if (who != cred->uid)
46759 free_uid(user); /* for find_user() */
46760 break;
46761@@ -509,6 +515,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, g
46762 goto error;
46763 }
46764
46765+ if (gr_check_group_change(new->gid, new->egid, -1))
46766+ goto error;
46767+
46768 if (rgid != (gid_t) -1 ||
46769 (egid != (gid_t) -1 && egid != old->gid))
46770 new->sgid = new->egid;
46771@@ -542,6 +551,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
46772 goto error;
46773
46774 retval = -EPERM;
46775+
46776+ if (gr_check_group_change(gid, gid, gid))
46777+ goto error;
46778+
46779 if (capable(CAP_SETGID))
46780 new->gid = new->egid = new->sgid = new->fsgid = gid;
46781 else if (gid == old->gid || gid == old->sgid)
46782@@ -632,6 +645,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, u
46783 goto error;
46784 }
46785
46786+ if (gr_check_user_change(new->uid, new->euid, -1))
46787+ goto error;
46788+
46789 if (new->uid != old->uid) {
46790 retval = set_user(new);
46791 if (retval < 0)
46792@@ -680,6 +696,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
46793 goto error;
46794
46795 retval = -EPERM;
46796+
46797+ if (gr_check_crash_uid(uid))
46798+ goto error;
46799+ if (gr_check_user_change(uid, uid, uid))
46800+ goto error;
46801+
46802 if (capable(CAP_SETUID)) {
46803 new->suid = new->uid = uid;
46804 if (uid != old->uid) {
46805@@ -737,6 +759,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid,
46806 goto error;
46807 }
46808
46809+ if (gr_check_user_change(ruid, euid, -1))
46810+ goto error;
46811+
46812 if (ruid != (uid_t) -1) {
46813 new->uid = ruid;
46814 if (ruid != old->uid) {
46815@@ -805,6 +830,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid,
46816 goto error;
46817 }
46818
46819+ if (gr_check_group_change(rgid, egid, -1))
46820+ goto error;
46821+
46822 if (rgid != (gid_t) -1)
46823 new->gid = rgid;
46824 if (egid != (gid_t) -1)
46825@@ -854,6 +882,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
46826 if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0)
46827 goto error;
46828
46829+ if (gr_check_user_change(-1, -1, uid))
46830+ goto error;
46831+
46832 if (uid == old->uid || uid == old->euid ||
46833 uid == old->suid || uid == old->fsuid ||
46834 capable(CAP_SETUID)) {
46835@@ -894,6 +925,9 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
46836 if (gid == old->gid || gid == old->egid ||
46837 gid == old->sgid || gid == old->fsgid ||
46838 capable(CAP_SETGID)) {
46839+ if (gr_check_group_change(-1, -1, gid))
46840+ goto error;
46841+
46842 if (gid != old_fsgid) {
46843 new->fsgid = gid;
46844 goto change_okay;
46845@@ -1459,7 +1493,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsi
46846 error = get_dumpable(me->mm);
46847 break;
46848 case PR_SET_DUMPABLE:
46849- if (arg2 < 0 || arg2 > 1) {
46850+ if (arg2 > 1) {
46851 error = -EINVAL;
46852 break;
46853 }
46854diff -urNp linux-2.6.32.8/kernel/sysctl.c linux-2.6.32.8/kernel/sysctl.c
46855--- linux-2.6.32.8/kernel/sysctl.c 2010-02-09 07:57:19.000000000 -0500
46856+++ linux-2.6.32.8/kernel/sysctl.c 2010-02-13 21:45:10.844608657 -0500
46857@@ -63,6 +63,13 @@
46858 static int deprecated_sysctl_warning(struct __sysctl_args *args);
46859
46860 #if defined(CONFIG_SYSCTL)
46861+#include <linux/grsecurity.h>
46862+#include <linux/grinternal.h>
46863+
46864+extern __u32 gr_handle_sysctl(const ctl_table *table, const int op);
46865+extern int gr_handle_sysctl_mod(const char *dirname, const char *name,
46866+ const int op);
46867+extern int gr_handle_chroot_sysctl(const int op);
46868
46869 /* External variables not in a header file. */
46870 extern int C_A_D;
46871@@ -168,6 +175,7 @@ static int proc_do_cad_pid(struct ctl_ta
46872 static int proc_taint(struct ctl_table *table, int write,
46873 void __user *buffer, size_t *lenp, loff_t *ppos);
46874 #endif
46875+extern ctl_table grsecurity_table[];
46876
46877 static struct ctl_table root_table[];
46878 static struct ctl_table_root sysctl_table_root;
46879@@ -200,6 +208,21 @@ extern struct ctl_table epoll_table[];
46880 int sysctl_legacy_va_layout;
46881 #endif
46882
46883+#ifdef CONFIG_PAX_SOFTMODE
46884+static ctl_table pax_table[] = {
46885+ {
46886+ .ctl_name = CTL_UNNUMBERED,
46887+ .procname = "softmode",
46888+ .data = &pax_softmode,
46889+ .maxlen = sizeof(unsigned int),
46890+ .mode = 0600,
46891+ .proc_handler = &proc_dointvec,
46892+ },
46893+
46894+ { .ctl_name = 0 }
46895+};
46896+#endif
46897+
46898 extern int prove_locking;
46899 extern int lock_stat;
46900
46901@@ -251,6 +274,24 @@ static int max_wakeup_granularity_ns = N
46902 #endif
46903
46904 static struct ctl_table kern_table[] = {
46905+#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS)
46906+ {
46907+ .ctl_name = CTL_UNNUMBERED,
46908+ .procname = "grsecurity",
46909+ .mode = 0500,
46910+ .child = grsecurity_table,
46911+ },
46912+#endif
46913+
46914+#ifdef CONFIG_PAX_SOFTMODE
46915+ {
46916+ .ctl_name = CTL_UNNUMBERED,
46917+ .procname = "pax",
46918+ .mode = 0500,
46919+ .child = pax_table,
46920+ },
46921+#endif
46922+
46923 {
46924 .ctl_name = CTL_UNNUMBERED,
46925 .procname = "sched_child_runs_first",
46926@@ -1803,6 +1844,8 @@ static int do_sysctl_strategy(struct ctl
46927 return 0;
46928 }
46929
46930+static int sysctl_perm_nochk(struct ctl_table_root *root, struct ctl_table *table, int op);
46931+
46932 static int parse_table(int __user *name, int nlen,
46933 void __user *oldval, size_t __user *oldlenp,
46934 void __user *newval, size_t newlen,
46935@@ -1821,7 +1864,7 @@ repeat:
46936 if (n == table->ctl_name) {
46937 int error;
46938 if (table->child) {
46939- if (sysctl_perm(root, table, MAY_EXEC))
46940+ if (sysctl_perm_nochk(root, table, MAY_EXEC))
46941 return -EPERM;
46942 name++;
46943 nlen--;
46944@@ -1906,6 +1949,33 @@ int sysctl_perm(struct ctl_table_root *r
46945 int error;
46946 int mode;
46947
46948+ if (table->parent != NULL && table->parent->procname != NULL &&
46949+ table->procname != NULL &&
46950+ gr_handle_sysctl_mod(table->parent->procname, table->procname, op))
46951+ return -EACCES;
46952+ if (gr_handle_chroot_sysctl(op))
46953+ return -EACCES;
46954+ error = gr_handle_sysctl(table, op);
46955+ if (error)
46956+ return error;
46957+
46958+ error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
46959+ if (error)
46960+ return error;
46961+
46962+ if (root->permissions)
46963+ mode = root->permissions(root, current->nsproxy, table);
46964+ else
46965+ mode = table->mode;
46966+
46967+ return test_perm(mode, op);
46968+}
46969+
46970+int sysctl_perm_nochk(struct ctl_table_root *root, struct ctl_table *table, int op)
46971+{
46972+ int error;
46973+ int mode;
46974+
46975 error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
46976 if (error)
46977 return error;
46978diff -urNp linux-2.6.32.8/kernel/taskstats.c linux-2.6.32.8/kernel/taskstats.c
46979--- linux-2.6.32.8/kernel/taskstats.c 2010-02-09 07:57:19.000000000 -0500
46980+++ linux-2.6.32.8/kernel/taskstats.c 2010-02-13 21:45:10.844608657 -0500
46981@@ -26,9 +26,12 @@
46982 #include <linux/cgroup.h>
46983 #include <linux/fs.h>
46984 #include <linux/file.h>
46985+#include <linux/grsecurity.h>
46986 #include <net/genetlink.h>
46987 #include <asm/atomic.h>
46988
46989+extern int gr_is_taskstats_denied(int pid);
46990+
46991 /*
46992 * Maximum length of a cpumask that can be specified in
46993 * the TASKSTATS_CMD_ATTR_REGISTER/DEREGISTER_CPUMASK attribute
46994@@ -433,6 +436,9 @@ static int taskstats_user_cmd(struct sk_
46995 size_t size;
46996 cpumask_var_t mask;
46997
46998+ if (gr_is_taskstats_denied(current->pid))
46999+ return -EACCES;
47000+
47001 if (!alloc_cpumask_var(&mask, GFP_KERNEL))
47002 return -ENOMEM;
47003
47004diff -urNp linux-2.6.32.8/kernel/time/tick-broadcast.c linux-2.6.32.8/kernel/time/tick-broadcast.c
47005--- linux-2.6.32.8/kernel/time/tick-broadcast.c 2010-02-09 07:57:19.000000000 -0500
47006+++ linux-2.6.32.8/kernel/time/tick-broadcast.c 2010-02-13 21:45:10.844608657 -0500
47007@@ -116,7 +116,7 @@ int tick_device_uses_broadcast(struct cl
47008 * then clear the broadcast bit.
47009 */
47010 if (!(dev->features & CLOCK_EVT_FEAT_C3STOP)) {
47011- int cpu = smp_processor_id();
47012+ cpu = smp_processor_id();
47013
47014 cpumask_clear_cpu(cpu, tick_get_broadcast_mask());
47015 tick_broadcast_clear_oneshot(cpu);
47016diff -urNp linux-2.6.32.8/kernel/time.c linux-2.6.32.8/kernel/time.c
47017--- linux-2.6.32.8/kernel/time.c 2010-02-09 07:57:19.000000000 -0500
47018+++ linux-2.6.32.8/kernel/time.c 2010-02-13 21:45:10.845532966 -0500
47019@@ -94,6 +94,9 @@ SYSCALL_DEFINE1(stime, time_t __user *,
47020 return err;
47021
47022 do_settimeofday(&tv);
47023+
47024+ gr_log_timechange();
47025+
47026 return 0;
47027 }
47028
47029@@ -202,6 +205,8 @@ SYSCALL_DEFINE2(settimeofday, struct tim
47030 return -EFAULT;
47031 }
47032
47033+ gr_log_timechange();
47034+
47035 return do_sys_settimeofday(tv ? &new_ts : NULL, tz ? &new_tz : NULL);
47036 }
47037
47038@@ -240,7 +245,7 @@ EXPORT_SYMBOL(current_fs_time);
47039 * Avoid unnecessary multiplications/divisions in the
47040 * two most common HZ cases:
47041 */
47042-unsigned int inline jiffies_to_msecs(const unsigned long j)
47043+inline unsigned int jiffies_to_msecs(const unsigned long j)
47044 {
47045 #if HZ <= MSEC_PER_SEC && !(MSEC_PER_SEC % HZ)
47046 return (MSEC_PER_SEC / HZ) * j;
47047@@ -256,7 +261,7 @@ unsigned int inline jiffies_to_msecs(con
47048 }
47049 EXPORT_SYMBOL(jiffies_to_msecs);
47050
47051-unsigned int inline jiffies_to_usecs(const unsigned long j)
47052+inline unsigned int jiffies_to_usecs(const unsigned long j)
47053 {
47054 #if HZ <= USEC_PER_SEC && !(USEC_PER_SEC % HZ)
47055 return (USEC_PER_SEC / HZ) * j;
47056diff -urNp linux-2.6.32.8/kernel/trace/ftrace.c linux-2.6.32.8/kernel/trace/ftrace.c
47057--- linux-2.6.32.8/kernel/trace/ftrace.c 2010-02-09 07:57:19.000000000 -0500
47058+++ linux-2.6.32.8/kernel/trace/ftrace.c 2010-02-13 21:45:10.845532966 -0500
47059@@ -1093,13 +1093,18 @@ ftrace_code_disable(struct module *mod,
47060
47061 ip = rec->ip;
47062
47063+ ret = ftrace_arch_code_modify_prepare();
47064+ FTRACE_WARN_ON(ret);
47065+ if (ret)
47066+ return 0;
47067+
47068 ret = ftrace_make_nop(mod, rec, MCOUNT_ADDR);
47069+ FTRACE_WARN_ON(ftrace_arch_code_modify_post_process());
47070 if (ret) {
47071 ftrace_bug(ret, ip);
47072 rec->flags |= FTRACE_FL_FAILED;
47073- return 0;
47074 }
47075- return 1;
47076+ return ret ? 0 : 1;
47077 }
47078
47079 /*
47080diff -urNp linux-2.6.32.8/kernel/trace/Kconfig linux-2.6.32.8/kernel/trace/Kconfig
47081--- linux-2.6.32.8/kernel/trace/Kconfig 2010-02-09 07:57:19.000000000 -0500
47082+++ linux-2.6.32.8/kernel/trace/Kconfig 2010-02-13 21:45:10.846539326 -0500
47083@@ -126,6 +126,7 @@ if FTRACE
47084 config FUNCTION_TRACER
47085 bool "Kernel Function Tracer"
47086 depends on HAVE_FUNCTION_TRACER
47087+ depends on !PAX_KERNEXEC
47088 select FRAME_POINTER
47089 select KALLSYMS
47090 select GENERIC_TRACER
47091@@ -343,6 +344,7 @@ config POWER_TRACER
47092 config STACK_TRACER
47093 bool "Trace max stack"
47094 depends on HAVE_FUNCTION_TRACER
47095+ depends on !PAX_KERNEXEC
47096 select FUNCTION_TRACER
47097 select STACKTRACE
47098 select KALLSYMS
47099diff -urNp linux-2.6.32.8/kernel/trace/trace.c linux-2.6.32.8/kernel/trace/trace.c
47100--- linux-2.6.32.8/kernel/trace/trace.c 2010-02-09 07:57:19.000000000 -0500
47101+++ linux-2.6.32.8/kernel/trace/trace.c 2010-02-13 21:45:10.847537100 -0500
47102@@ -3792,10 +3792,9 @@ static const struct file_operations trac
47103 };
47104 #endif
47105
47106-static struct dentry *d_tracer;
47107-
47108 struct dentry *tracing_init_dentry(void)
47109 {
47110+ static struct dentry *d_tracer;
47111 static int once;
47112
47113 if (d_tracer)
47114@@ -3815,10 +3814,9 @@ struct dentry *tracing_init_dentry(void)
47115 return d_tracer;
47116 }
47117
47118-static struct dentry *d_percpu;
47119-
47120 struct dentry *tracing_dentry_percpu(void)
47121 {
47122+ static struct dentry *d_percpu;
47123 static int once;
47124 struct dentry *d_tracer;
47125
47126diff -urNp linux-2.6.32.8/kernel/trace/trace_events.c linux-2.6.32.8/kernel/trace/trace_events.c
47127--- linux-2.6.32.8/kernel/trace/trace_events.c 2010-02-09 07:57:19.000000000 -0500
47128+++ linux-2.6.32.8/kernel/trace/trace_events.c 2010-02-13 21:45:10.847537100 -0500
47129@@ -951,6 +951,8 @@ static LIST_HEAD(ftrace_module_file_list
47130 * Modules must own their file_operations to keep up with
47131 * reference counting.
47132 */
47133+
47134+/* cannot be const */
47135 struct ftrace_module_file_ops {
47136 struct list_head list;
47137 struct module *mod;
47138diff -urNp linux-2.6.32.8/kernel/trace/trace_output.c linux-2.6.32.8/kernel/trace/trace_output.c
47139--- linux-2.6.32.8/kernel/trace/trace_output.c 2010-02-09 07:57:19.000000000 -0500
47140+++ linux-2.6.32.8/kernel/trace/trace_output.c 2010-02-13 21:45:10.847537100 -0500
47141@@ -237,7 +237,7 @@ int trace_seq_path(struct trace_seq *s,
47142 return 0;
47143 p = d_path(path, s->buffer + s->len, PAGE_SIZE - s->len);
47144 if (!IS_ERR(p)) {
47145- p = mangle_path(s->buffer + s->len, p, "\n");
47146+ p = mangle_path(s->buffer + s->len, p, "\n\\");
47147 if (p) {
47148 s->len = p - s->buffer;
47149 return 1;
47150diff -urNp linux-2.6.32.8/kernel/trace/trace_stack.c linux-2.6.32.8/kernel/trace/trace_stack.c
47151--- linux-2.6.32.8/kernel/trace/trace_stack.c 2010-02-09 07:57:19.000000000 -0500
47152+++ linux-2.6.32.8/kernel/trace/trace_stack.c 2010-02-13 21:45:10.847537100 -0500
47153@@ -50,7 +50,7 @@ static inline void check_stack(void)
47154 return;
47155
47156 /* we do not handle interrupt stacks yet */
47157- if (!object_is_on_stack(&this_size))
47158+ if (!object_starts_on_stack(&this_size))
47159 return;
47160
47161 local_irq_save(flags);
47162diff -urNp linux-2.6.32.8/kernel/utsname_sysctl.c linux-2.6.32.8/kernel/utsname_sysctl.c
47163--- linux-2.6.32.8/kernel/utsname_sysctl.c 2010-02-09 07:57:19.000000000 -0500
47164+++ linux-2.6.32.8/kernel/utsname_sysctl.c 2010-02-13 21:45:10.847537100 -0500
47165@@ -123,7 +123,7 @@ static struct ctl_table uts_kern_table[]
47166 .proc_handler = proc_do_uts_string,
47167 .strategy = sysctl_uts_string,
47168 },
47169- {}
47170+ { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
47171 };
47172
47173 static struct ctl_table uts_root_table[] = {
47174@@ -133,7 +133,7 @@ static struct ctl_table uts_root_table[]
47175 .mode = 0555,
47176 .child = uts_kern_table,
47177 },
47178- {}
47179+ { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
47180 };
47181
47182 static int __init utsname_sysctl_init(void)
47183diff -urNp linux-2.6.32.8/lib/bug.c linux-2.6.32.8/lib/bug.c
47184--- linux-2.6.32.8/lib/bug.c 2010-02-09 07:57:19.000000000 -0500
47185+++ linux-2.6.32.8/lib/bug.c 2010-02-13 21:45:10.847537100 -0500
47186@@ -135,6 +135,8 @@ enum bug_trap_type report_bug(unsigned l
47187 return BUG_TRAP_TYPE_NONE;
47188
47189 bug = find_bug(bugaddr);
47190+ if (!bug)
47191+ return BUG_TRAP_TYPE_NONE;
47192
47193 printk(KERN_EMERG "------------[ cut here ]------------\n");
47194
47195diff -urNp linux-2.6.32.8/lib/debugobjects.c linux-2.6.32.8/lib/debugobjects.c
47196--- linux-2.6.32.8/lib/debugobjects.c 2010-02-09 07:57:19.000000000 -0500
47197+++ linux-2.6.32.8/lib/debugobjects.c 2010-02-13 21:45:10.849050890 -0500
47198@@ -277,7 +277,7 @@ static void debug_object_is_on_stack(voi
47199 if (limit > 4)
47200 return;
47201
47202- is_on_stack = object_is_on_stack(addr);
47203+ is_on_stack = object_starts_on_stack(addr);
47204 if (is_on_stack == onstack)
47205 return;
47206
47207diff -urNp linux-2.6.32.8/lib/dma-debug.c linux-2.6.32.8/lib/dma-debug.c
47208--- linux-2.6.32.8/lib/dma-debug.c 2010-02-09 07:57:19.000000000 -0500
47209+++ linux-2.6.32.8/lib/dma-debug.c 2010-02-13 21:45:10.849050890 -0500
47210@@ -861,7 +861,7 @@ out:
47211
47212 static void check_for_stack(struct device *dev, void *addr)
47213 {
47214- if (object_is_on_stack(addr))
47215+ if (object_starts_on_stack(addr))
47216 err_printk(dev, NULL, "DMA-API: device driver maps memory from"
47217 "stack [addr=%p]\n", addr);
47218 }
47219diff -urNp linux-2.6.32.8/lib/inflate.c linux-2.6.32.8/lib/inflate.c
47220--- linux-2.6.32.8/lib/inflate.c 2010-02-09 07:57:19.000000000 -0500
47221+++ linux-2.6.32.8/lib/inflate.c 2010-02-13 21:45:10.849050890 -0500
47222@@ -266,7 +266,7 @@ static void free(void *where)
47223 malloc_ptr = free_mem_ptr;
47224 }
47225 #else
47226-#define malloc(a) kmalloc(a, GFP_KERNEL)
47227+#define malloc(a) kmalloc((a), GFP_KERNEL)
47228 #define free(a) kfree(a)
47229 #endif
47230
47231diff -urNp linux-2.6.32.8/lib/Kconfig.debug linux-2.6.32.8/lib/Kconfig.debug
47232--- linux-2.6.32.8/lib/Kconfig.debug 2010-02-09 07:57:19.000000000 -0500
47233+++ linux-2.6.32.8/lib/Kconfig.debug 2010-02-13 21:45:10.850011588 -0500
47234@@ -905,7 +905,7 @@ config LATENCYTOP
47235 select STACKTRACE
47236 select SCHEDSTATS
47237 select SCHED_DEBUG
47238- depends on HAVE_LATENCYTOP_SUPPORT
47239+ depends on HAVE_LATENCYTOP_SUPPORT && !GRKERNSEC_HIDESYM
47240 help
47241 Enable this option if you want to use the LatencyTOP tool
47242 to find out which userspace is blocking on what kernel operations.
47243diff -urNp linux-2.6.32.8/lib/kobject.c linux-2.6.32.8/lib/kobject.c
47244--- linux-2.6.32.8/lib/kobject.c 2010-02-09 07:57:19.000000000 -0500
47245+++ linux-2.6.32.8/lib/kobject.c 2010-02-13 21:45:10.850011588 -0500
47246@@ -700,7 +700,7 @@ static ssize_t kobj_attr_store(struct ko
47247 return ret;
47248 }
47249
47250-struct sysfs_ops kobj_sysfs_ops = {
47251+const struct sysfs_ops kobj_sysfs_ops = {
47252 .show = kobj_attr_show,
47253 .store = kobj_attr_store,
47254 };
47255@@ -789,7 +789,7 @@ static struct kobj_type kset_ktype = {
47256 * If the kset was not able to be created, NULL will be returned.
47257 */
47258 static struct kset *kset_create(const char *name,
47259- struct kset_uevent_ops *uevent_ops,
47260+ const struct kset_uevent_ops *uevent_ops,
47261 struct kobject *parent_kobj)
47262 {
47263 struct kset *kset;
47264@@ -832,7 +832,7 @@ static struct kset *kset_create(const ch
47265 * If the kset was not able to be created, NULL will be returned.
47266 */
47267 struct kset *kset_create_and_add(const char *name,
47268- struct kset_uevent_ops *uevent_ops,
47269+ const struct kset_uevent_ops *uevent_ops,
47270 struct kobject *parent_kobj)
47271 {
47272 struct kset *kset;
47273diff -urNp linux-2.6.32.8/lib/kobject_uevent.c linux-2.6.32.8/lib/kobject_uevent.c
47274--- linux-2.6.32.8/lib/kobject_uevent.c 2010-02-09 07:57:19.000000000 -0500
47275+++ linux-2.6.32.8/lib/kobject_uevent.c 2010-02-13 21:45:10.850011588 -0500
47276@@ -95,7 +95,7 @@ int kobject_uevent_env(struct kobject *k
47277 const char *subsystem;
47278 struct kobject *top_kobj;
47279 struct kset *kset;
47280- struct kset_uevent_ops *uevent_ops;
47281+ const struct kset_uevent_ops *uevent_ops;
47282 u64 seq;
47283 int i = 0;
47284 int retval = 0;
47285diff -urNp linux-2.6.32.8/lib/parser.c linux-2.6.32.8/lib/parser.c
47286--- linux-2.6.32.8/lib/parser.c 2010-02-09 07:57:19.000000000 -0500
47287+++ linux-2.6.32.8/lib/parser.c 2010-02-13 21:45:10.850011588 -0500
47288@@ -126,7 +126,7 @@ static int match_number(substring_t *s,
47289 char *buf;
47290 int ret;
47291
47292- buf = kmalloc(s->to - s->from + 1, GFP_KERNEL);
47293+ buf = kmalloc((s->to - s->from) + 1, GFP_KERNEL);
47294 if (!buf)
47295 return -ENOMEM;
47296 memcpy(buf, s->from, s->to - s->from);
47297diff -urNp linux-2.6.32.8/lib/radix-tree.c linux-2.6.32.8/lib/radix-tree.c
47298--- linux-2.6.32.8/lib/radix-tree.c 2010-02-09 07:57:19.000000000 -0500
47299+++ linux-2.6.32.8/lib/radix-tree.c 2010-02-13 21:45:10.851012521 -0500
47300@@ -81,7 +81,7 @@ struct radix_tree_preload {
47301 int nr;
47302 struct radix_tree_node *nodes[RADIX_TREE_MAX_PATH];
47303 };
47304-static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads) = { 0, };
47305+static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads);
47306
47307 static inline gfp_t root_gfp_mask(struct radix_tree_root *root)
47308 {
47309diff -urNp linux-2.6.32.8/lib/random32.c linux-2.6.32.8/lib/random32.c
47310--- linux-2.6.32.8/lib/random32.c 2010-02-09 07:57:19.000000000 -0500
47311+++ linux-2.6.32.8/lib/random32.c 2010-02-13 21:45:10.851012521 -0500
47312@@ -61,7 +61,7 @@ static u32 __random32(struct rnd_state *
47313 */
47314 static inline u32 __seed(u32 x, u32 m)
47315 {
47316- return (x < m) ? x + m : x;
47317+ return (x <= m) ? x + m + 1 : x;
47318 }
47319
47320 /**
47321diff -urNp linux-2.6.32.8/localversion-grsec linux-2.6.32.8/localversion-grsec
47322--- linux-2.6.32.8/localversion-grsec 1969-12-31 19:00:00.000000000 -0500
47323+++ linux-2.6.32.8/localversion-grsec 2010-02-13 21:45:10.851012521 -0500
47324@@ -0,0 +1 @@
47325+-grsec
47326diff -urNp linux-2.6.32.8/Makefile linux-2.6.32.8/Makefile
47327--- linux-2.6.32.8/Makefile 2010-02-09 07:57:19.000000000 -0500
47328+++ linux-2.6.32.8/Makefile 2010-02-13 21:45:10.851012521 -0500
47329@@ -221,8 +221,8 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
47330
47331 HOSTCC = gcc
47332 HOSTCXX = g++
47333-HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer
47334-HOSTCXXFLAGS = -O2
47335+HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
47336+HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks
47337
47338 # Decide whether to build built-in, modular, or both.
47339 # Normally, just do built-in.
47340@@ -644,7 +644,7 @@ export mod_strip_cmd
47341
47342
47343 ifeq ($(KBUILD_EXTMOD),)
47344-core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
47345+core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
47346
47347 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
47348 $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
47349diff -urNp linux-2.6.32.8/mm/filemap.c linux-2.6.32.8/mm/filemap.c
47350--- linux-2.6.32.8/mm/filemap.c 2010-02-09 07:57:19.000000000 -0500
47351+++ linux-2.6.32.8/mm/filemap.c 2010-02-13 21:45:10.852012832 -0500
47352@@ -1622,7 +1622,7 @@ int generic_file_mmap(struct file * file
47353 struct address_space *mapping = file->f_mapping;
47354
47355 if (!mapping->a_ops->readpage)
47356- return -ENOEXEC;
47357+ return -ENODEV;
47358 file_accessed(file);
47359 vma->vm_ops = &generic_file_vm_ops;
47360 vma->vm_flags |= VM_CAN_NONLINEAR;
47361@@ -2018,6 +2018,7 @@ inline int generic_write_checks(struct f
47362 *pos = i_size_read(inode);
47363
47364 if (limit != RLIM_INFINITY) {
47365+ gr_learn_resource(current, RLIMIT_FSIZE,*pos, 0);
47366 if (*pos >= limit) {
47367 send_sig(SIGXFSZ, current, 0);
47368 return -EFBIG;
47369diff -urNp linux-2.6.32.8/mm/fremap.c linux-2.6.32.8/mm/fremap.c
47370--- linux-2.6.32.8/mm/fremap.c 2010-02-09 07:57:19.000000000 -0500
47371+++ linux-2.6.32.8/mm/fremap.c 2010-02-13 21:45:10.852012832 -0500
47372@@ -153,6 +153,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsign
47373 retry:
47374 vma = find_vma(mm, start);
47375
47376+#ifdef CONFIG_PAX_SEGMEXEC
47377+ if (vma && (mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_MAYEXEC))
47378+ goto out;
47379+#endif
47380+
47381 /*
47382 * Make sure the vma is shared, that it supports prefaulting,
47383 * and that the remapped range is valid and fully within
47384diff -urNp linux-2.6.32.8/mm/highmem.c linux-2.6.32.8/mm/highmem.c
47385--- linux-2.6.32.8/mm/highmem.c 2010-02-09 07:57:19.000000000 -0500
47386+++ linux-2.6.32.8/mm/highmem.c 2010-02-13 21:45:10.852012832 -0500
47387@@ -116,9 +116,10 @@ static void flush_all_zero_pkmaps(void)
47388 * So no dangers, even with speculative execution.
47389 */
47390 page = pte_page(pkmap_page_table[i]);
47391+ pax_open_kernel();
47392 pte_clear(&init_mm, (unsigned long)page_address(page),
47393 &pkmap_page_table[i]);
47394-
47395+ pax_close_kernel();
47396 set_page_address(page, NULL);
47397 need_flush = 1;
47398 }
47399@@ -177,9 +178,11 @@ start:
47400 }
47401 }
47402 vaddr = PKMAP_ADDR(last_pkmap_nr);
47403+
47404+ pax_open_kernel();
47405 set_pte_at(&init_mm, vaddr,
47406 &(pkmap_page_table[last_pkmap_nr]), mk_pte(page, kmap_prot));
47407-
47408+ pax_close_kernel();
47409 pkmap_count[last_pkmap_nr] = 1;
47410 set_page_address(page, (void *)vaddr);
47411
47412diff -urNp linux-2.6.32.8/mm/hugetlb.c linux-2.6.32.8/mm/hugetlb.c
47413--- linux-2.6.32.8/mm/hugetlb.c 2010-02-09 07:57:19.000000000 -0500
47414+++ linux-2.6.32.8/mm/hugetlb.c 2010-02-13 21:45:10.853009135 -0500
47415@@ -1924,6 +1924,26 @@ static int unmap_ref_private(struct mm_s
47416 return 1;
47417 }
47418
47419+#ifdef CONFIG_PAX_SEGMEXEC
47420+static void pax_mirror_huge_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m)
47421+{
47422+ struct mm_struct *mm = vma->vm_mm;
47423+ struct vm_area_struct *vma_m;
47424+ unsigned long address_m;
47425+ pte_t *ptep_m;
47426+
47427+ vma_m = pax_find_mirror_vma(vma);
47428+ if (!vma_m)
47429+ return;
47430+
47431+ BUG_ON(address >= SEGMEXEC_TASK_SIZE);
47432+ address_m = address + SEGMEXEC_TASK_SIZE;
47433+ ptep_m = huge_pte_offset(mm, address_m & HPAGE_MASK);
47434+ get_page(page_m);
47435+ set_huge_pte_at(mm, address_m, ptep_m, make_huge_pte(vma_m, page_m, 0));
47436+}
47437+#endif
47438+
47439 static int hugetlb_cow(struct mm_struct *mm, struct vm_area_struct *vma,
47440 unsigned long address, pte_t *ptep, pte_t pte,
47441 struct page *pagecache_page)
47442@@ -1995,6 +2015,11 @@ retry_avoidcopy:
47443 huge_ptep_clear_flush(vma, address, ptep);
47444 set_huge_pte_at(mm, address, ptep,
47445 make_huge_pte(vma, new_page, 1));
47446+
47447+#ifdef CONFIG_PAX_SEGMEXEC
47448+ pax_mirror_huge_pte(vma, address, new_page);
47449+#endif
47450+
47451 /* Make the old page be freed below */
47452 new_page = old_page;
47453 }
47454@@ -2124,6 +2149,10 @@ retry:
47455 && (vma->vm_flags & VM_SHARED)));
47456 set_huge_pte_at(mm, address, ptep, new_pte);
47457
47458+#ifdef CONFIG_PAX_SEGMEXEC
47459+ pax_mirror_huge_pte(vma, address, page);
47460+#endif
47461+
47462 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
47463 /* Optimization, do the COW without a second fault */
47464 ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
47465@@ -2152,6 +2181,28 @@ int hugetlb_fault(struct mm_struct *mm,
47466 static DEFINE_MUTEX(hugetlb_instantiation_mutex);
47467 struct hstate *h = hstate_vma(vma);
47468
47469+#ifdef CONFIG_PAX_SEGMEXEC
47470+ struct vm_area_struct *vma_m;
47471+
47472+ vma_m = pax_find_mirror_vma(vma);
47473+ if (vma_m) {
47474+ unsigned long address_m;
47475+
47476+ if (vma->vm_start > vma_m->vm_start) {
47477+ address_m = address;
47478+ address -= SEGMEXEC_TASK_SIZE;
47479+ vma = vma_m;
47480+ h = hstate_vma(vma);
47481+ } else
47482+ address_m = address + SEGMEXEC_TASK_SIZE;
47483+
47484+ if (!huge_pte_alloc(mm, address_m, huge_page_size(h)))
47485+ return VM_FAULT_OOM;
47486+ address_m &= HPAGE_MASK;
47487+ unmap_hugepage_range(vma, address_m, address_m + HPAGE_SIZE, NULL);
47488+ }
47489+#endif
47490+
47491 ptep = huge_pte_alloc(mm, address, huge_page_size(h));
47492 if (!ptep)
47493 return VM_FAULT_OOM;
47494diff -urNp linux-2.6.32.8/mm/Kconfig linux-2.6.32.8/mm/Kconfig
47495--- linux-2.6.32.8/mm/Kconfig 2010-02-09 07:57:19.000000000 -0500
47496+++ linux-2.6.32.8/mm/Kconfig 2010-02-13 21:45:10.853009135 -0500
47497@@ -228,7 +228,7 @@ config KSM
47498 config DEFAULT_MMAP_MIN_ADDR
47499 int "Low address space to protect from user allocation"
47500 depends on MMU
47501- default 4096
47502+ default 65536
47503 help
47504 This is the portion of low virtual memory which should be protected
47505 from userspace allocation. Keeping a user from writing to low pages
47506diff -urNp linux-2.6.32.8/mm/maccess.c linux-2.6.32.8/mm/maccess.c
47507--- linux-2.6.32.8/mm/maccess.c 2010-02-09 07:57:19.000000000 -0500
47508+++ linux-2.6.32.8/mm/maccess.c 2010-02-13 21:45:10.853009135 -0500
47509@@ -14,7 +14,7 @@
47510 * Safely read from address @src to the buffer at @dst. If a kernel fault
47511 * happens, handle that and return -EFAULT.
47512 */
47513-long probe_kernel_read(void *dst, void *src, size_t size)
47514+long probe_kernel_read(void *dst, const void *src, size_t size)
47515 {
47516 long ret;
47517 mm_segment_t old_fs = get_fs();
47518@@ -39,7 +39,7 @@ EXPORT_SYMBOL_GPL(probe_kernel_read);
47519 * Safely write to address @dst from the buffer at @src. If a kernel fault
47520 * happens, handle that and return -EFAULT.
47521 */
47522-long notrace __weak probe_kernel_write(void *dst, void *src, size_t size)
47523+long notrace __weak probe_kernel_write(void *dst, const void *src, size_t size)
47524 {
47525 long ret;
47526 mm_segment_t old_fs = get_fs();
47527diff -urNp linux-2.6.32.8/mm/madvise.c linux-2.6.32.8/mm/madvise.c
47528--- linux-2.6.32.8/mm/madvise.c 2010-02-09 07:57:19.000000000 -0500
47529+++ linux-2.6.32.8/mm/madvise.c 2010-02-13 21:45:10.853009135 -0500
47530@@ -44,6 +44,10 @@ static long madvise_behavior(struct vm_a
47531 pgoff_t pgoff;
47532 unsigned long new_flags = vma->vm_flags;
47533
47534+#ifdef CONFIG_PAX_SEGMEXEC
47535+ struct vm_area_struct *vma_m;
47536+#endif
47537+
47538 switch (behavior) {
47539 case MADV_NORMAL:
47540 new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ;
47541@@ -103,6 +107,13 @@ success:
47542 /*
47543 * vm_flags is protected by the mmap_sem held in write mode.
47544 */
47545+
47546+#ifdef CONFIG_PAX_SEGMEXEC
47547+ vma_m = pax_find_mirror_vma(vma);
47548+ if (vma_m)
47549+ vma_m->vm_flags = new_flags & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT);
47550+#endif
47551+
47552 vma->vm_flags = new_flags;
47553
47554 out:
47555@@ -161,6 +172,11 @@ static long madvise_dontneed(struct vm_a
47556 struct vm_area_struct ** prev,
47557 unsigned long start, unsigned long end)
47558 {
47559+
47560+#ifdef CONFIG_PAX_SEGMEXEC
47561+ struct vm_area_struct *vma_m;
47562+#endif
47563+
47564 *prev = vma;
47565 if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP))
47566 return -EINVAL;
47567@@ -173,6 +189,21 @@ static long madvise_dontneed(struct vm_a
47568 zap_page_range(vma, start, end - start, &details);
47569 } else
47570 zap_page_range(vma, start, end - start, NULL);
47571+
47572+#ifdef CONFIG_PAX_SEGMEXEC
47573+ vma_m = pax_find_mirror_vma(vma);
47574+ if (vma_m) {
47575+ if (unlikely(vma->vm_flags & VM_NONLINEAR)) {
47576+ struct zap_details details = {
47577+ .nonlinear_vma = vma_m,
47578+ .last_index = ULONG_MAX,
47579+ };
47580+ zap_page_range(vma, start + SEGMEXEC_TASK_SIZE, end - start, &details);
47581+ } else
47582+ zap_page_range(vma, start + SEGMEXEC_TASK_SIZE, end - start, NULL);
47583+ }
47584+#endif
47585+
47586 return 0;
47587 }
47588
47589@@ -359,6 +390,16 @@ SYSCALL_DEFINE3(madvise, unsigned long,
47590 if (end < start)
47591 goto out;
47592
47593+#ifdef CONFIG_PAX_SEGMEXEC
47594+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
47595+ if (end > SEGMEXEC_TASK_SIZE)
47596+ goto out;
47597+ } else
47598+#endif
47599+
47600+ if (end > TASK_SIZE)
47601+ goto out;
47602+
47603 error = 0;
47604 if (end == start)
47605 goto out;
47606diff -urNp linux-2.6.32.8/mm/memory.c linux-2.6.32.8/mm/memory.c
47607--- linux-2.6.32.8/mm/memory.c 2010-02-09 07:57:19.000000000 -0500
47608+++ linux-2.6.32.8/mm/memory.c 2010-02-13 21:45:10.854964243 -0500
47609@@ -48,6 +48,7 @@
47610 #include <linux/ksm.h>
47611 #include <linux/rmap.h>
47612 #include <linux/module.h>
47613+#include <linux/security.h>
47614 #include <linux/delayacct.h>
47615 #include <linux/init.h>
47616 #include <linux/writeback.h>
47617@@ -1251,10 +1252,10 @@ int __get_user_pages(struct task_struct
47618 (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE);
47619 i = 0;
47620
47621- do {
47622+ while (nr_pages) {
47623 struct vm_area_struct *vma;
47624
47625- vma = find_extend_vma(mm, start);
47626+ vma = find_vma(mm, start);
47627 if (!vma && in_gate_area(tsk, start)) {
47628 unsigned long pg = start & PAGE_MASK;
47629 struct vm_area_struct *gate_vma = get_gate_vma(tsk);
47630@@ -1296,7 +1297,7 @@ int __get_user_pages(struct task_struct
47631 continue;
47632 }
47633
47634- if (!vma ||
47635+ if (!vma || start < vma->vm_start ||
47636 (vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
47637 !(vm_flags & vma->vm_flags))
47638 return i ? : -EFAULT;
47639@@ -1371,7 +1372,7 @@ int __get_user_pages(struct task_struct
47640 start += PAGE_SIZE;
47641 nr_pages--;
47642 } while (nr_pages && start < vma->vm_end);
47643- } while (nr_pages);
47644+ }
47645 return i;
47646 }
47647
47648@@ -1967,6 +1968,186 @@ static inline void cow_user_page(struct
47649 copy_user_highpage(dst, src, va, vma);
47650 }
47651
47652+#ifdef CONFIG_PAX_SEGMEXEC
47653+static void pax_unmap_mirror_pte(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd)
47654+{
47655+ struct mm_struct *mm = vma->vm_mm;
47656+ spinlock_t *ptl;
47657+ pte_t *pte, entry;
47658+
47659+ pte = pte_offset_map_lock(mm, pmd, address, &ptl);
47660+ entry = *pte;
47661+ if (!pte_present(entry)) {
47662+ if (!pte_none(entry)) {
47663+ BUG_ON(pte_file(entry));
47664+ free_swap_and_cache(pte_to_swp_entry(entry));
47665+ pte_clear_not_present_full(mm, address, pte, 0);
47666+ }
47667+ } else {
47668+ struct page *page;
47669+
47670+ flush_cache_page(vma, address, pte_pfn(entry));
47671+ entry = ptep_clear_flush(vma, address, pte);
47672+ BUG_ON(pte_dirty(entry));
47673+ page = vm_normal_page(vma, address, entry);
47674+ if (page) {
47675+ update_hiwater_rss(mm);
47676+ if (PageAnon(page))
47677+ dec_mm_counter(mm, anon_rss);
47678+ else
47679+ dec_mm_counter(mm, file_rss);
47680+ page_remove_rmap(page);
47681+ page_cache_release(page);
47682+ }
47683+ }
47684+ pte_unmap_unlock(pte, ptl);
47685+}
47686+
47687+/* PaX: if vma is mirrored, synchronize the mirror's PTE
47688+ *
47689+ * the ptl of the lower mapped page is held on entry and is not released on exit
47690+ * or inside to ensure atomic changes to the PTE states (swapout, mremap, munmap, etc)
47691+ */
47692+static void pax_mirror_anon_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl)
47693+{
47694+ struct mm_struct *mm = vma->vm_mm;
47695+ unsigned long address_m;
47696+ spinlock_t *ptl_m;
47697+ struct vm_area_struct *vma_m;
47698+ pmd_t *pmd_m;
47699+ pte_t *pte_m, entry_m;
47700+
47701+ BUG_ON(!page_m || !PageAnon(page_m));
47702+
47703+ vma_m = pax_find_mirror_vma(vma);
47704+ if (!vma_m)
47705+ return;
47706+
47707+ BUG_ON(!PageLocked(page_m));
47708+ BUG_ON(address >= SEGMEXEC_TASK_SIZE);
47709+ address_m = address + SEGMEXEC_TASK_SIZE;
47710+ pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
47711+ pte_m = pte_offset_map_nested(pmd_m, address_m);
47712+ ptl_m = pte_lockptr(mm, pmd_m);
47713+ if (ptl != ptl_m) {
47714+ spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
47715+ if (!pte_none(*pte_m))
47716+ goto out;
47717+ }
47718+
47719+ entry_m = pfn_pte(page_to_pfn(page_m), vma_m->vm_page_prot);
47720+ page_cache_get(page_m);
47721+ page_add_anon_rmap(page_m, vma_m, address_m);
47722+ inc_mm_counter(mm, anon_rss);
47723+ set_pte_at(mm, address_m, pte_m, entry_m);
47724+ update_mmu_cache(vma_m, address_m, entry_m);
47725+out:
47726+ if (ptl != ptl_m)
47727+ spin_unlock(ptl_m);
47728+ pte_unmap_nested(pte_m);
47729+ unlock_page(page_m);
47730+}
47731+
47732+void pax_mirror_file_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl)
47733+{
47734+ struct mm_struct *mm = vma->vm_mm;
47735+ unsigned long address_m;
47736+ spinlock_t *ptl_m;
47737+ struct vm_area_struct *vma_m;
47738+ pmd_t *pmd_m;
47739+ pte_t *pte_m, entry_m;
47740+
47741+ BUG_ON(!page_m || PageAnon(page_m));
47742+
47743+ vma_m = pax_find_mirror_vma(vma);
47744+ if (!vma_m)
47745+ return;
47746+
47747+ BUG_ON(address >= SEGMEXEC_TASK_SIZE);
47748+ address_m = address + SEGMEXEC_TASK_SIZE;
47749+ pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
47750+ pte_m = pte_offset_map_nested(pmd_m, address_m);
47751+ ptl_m = pte_lockptr(mm, pmd_m);
47752+ if (ptl != ptl_m) {
47753+ spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
47754+ if (!pte_none(*pte_m))
47755+ goto out;
47756+ }
47757+
47758+ entry_m = pfn_pte(page_to_pfn(page_m), vma_m->vm_page_prot);
47759+ page_cache_get(page_m);
47760+ page_add_file_rmap(page_m);
47761+ inc_mm_counter(mm, file_rss);
47762+ set_pte_at(mm, address_m, pte_m, entry_m);
47763+ update_mmu_cache(vma_m, address_m, entry_m);
47764+out:
47765+ if (ptl != ptl_m)
47766+ spin_unlock(ptl_m);
47767+ pte_unmap_nested(pte_m);
47768+}
47769+
47770+static void pax_mirror_pfn_pte(struct vm_area_struct *vma, unsigned long address, unsigned long pfn_m, spinlock_t *ptl)
47771+{
47772+ struct mm_struct *mm = vma->vm_mm;
47773+ unsigned long address_m;
47774+ spinlock_t *ptl_m;
47775+ struct vm_area_struct *vma_m;
47776+ pmd_t *pmd_m;
47777+ pte_t *pte_m, entry_m;
47778+
47779+ vma_m = pax_find_mirror_vma(vma);
47780+ if (!vma_m)
47781+ return;
47782+
47783+ BUG_ON(address >= SEGMEXEC_TASK_SIZE);
47784+ address_m = address + SEGMEXEC_TASK_SIZE;
47785+ pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
47786+ pte_m = pte_offset_map_nested(pmd_m, address_m);
47787+ ptl_m = pte_lockptr(mm, pmd_m);
47788+ if (ptl != ptl_m) {
47789+ spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
47790+ if (!pte_none(*pte_m))
47791+ goto out;
47792+ }
47793+
47794+ entry_m = pfn_pte(pfn_m, vma_m->vm_page_prot);
47795+ set_pte_at(mm, address_m, pte_m, entry_m);
47796+out:
47797+ if (ptl != ptl_m)
47798+ spin_unlock(ptl_m);
47799+ pte_unmap_nested(pte_m);
47800+}
47801+
47802+static void pax_mirror_pte(struct vm_area_struct *vma, unsigned long address, pte_t *pte, pmd_t *pmd, spinlock_t *ptl)
47803+{
47804+ struct page *page_m;
47805+ pte_t entry;
47806+
47807+ if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC))
47808+ goto out;
47809+
47810+ entry = *pte;
47811+ page_m = vm_normal_page(vma, address, entry);
47812+ if (!page_m)
47813+ pax_mirror_pfn_pte(vma, address, pte_pfn(entry), ptl);
47814+ else if (PageAnon(page_m)) {
47815+ if (pax_find_mirror_vma(vma)) {
47816+ pte_unmap_unlock(pte, ptl);
47817+ lock_page(page_m);
47818+ pte = pte_offset_map_lock(vma->vm_mm, pmd, address, &ptl);
47819+ if (pte_same(entry, *pte))
47820+ pax_mirror_anon_pte(vma, address, page_m, ptl);
47821+ else
47822+ unlock_page(page_m);
47823+ }
47824+ } else
47825+ pax_mirror_file_pte(vma, address, page_m, ptl);
47826+
47827+out:
47828+ pte_unmap_unlock(pte, ptl);
47829+}
47830+#endif
47831+
47832 /*
47833 * This routine handles present pages, when users try to write
47834 * to a shared page. It is done by copying the page to a new address
47835@@ -2146,6 +2327,12 @@ gotten:
47836 */
47837 page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
47838 if (likely(pte_same(*page_table, orig_pte))) {
47839+
47840+#ifdef CONFIG_PAX_SEGMEXEC
47841+ if (pax_find_mirror_vma(vma))
47842+ BUG_ON(!trylock_page(new_page));
47843+#endif
47844+
47845 if (old_page) {
47846 if (!PageAnon(old_page)) {
47847 dec_mm_counter(mm, file_rss);
47848@@ -2197,6 +2384,10 @@ gotten:
47849 page_remove_rmap(old_page);
47850 }
47851
47852+#ifdef CONFIG_PAX_SEGMEXEC
47853+ pax_mirror_anon_pte(vma, address, new_page, ptl);
47854+#endif
47855+
47856 /* Free the old page.. */
47857 new_page = old_page;
47858 ret |= VM_FAULT_WRITE;
47859@@ -2594,6 +2785,11 @@ static int do_swap_page(struct mm_struct
47860 swap_free(entry);
47861 if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
47862 try_to_free_swap(page);
47863+
47864+#ifdef CONFIG_PAX_SEGMEXEC
47865+ if ((flags & FAULT_FLAG_WRITE) || !pax_find_mirror_vma(vma))
47866+#endif
47867+
47868 unlock_page(page);
47869
47870 if (flags & FAULT_FLAG_WRITE) {
47871@@ -2605,6 +2801,11 @@ static int do_swap_page(struct mm_struct
47872
47873 /* No need to invalidate - it was non-present before */
47874 update_mmu_cache(vma, address, pte);
47875+
47876+#ifdef CONFIG_PAX_SEGMEXEC
47877+ pax_mirror_anon_pte(vma, address, page, ptl);
47878+#endif
47879+
47880 unlock:
47881 pte_unmap_unlock(page_table, ptl);
47882 out:
47883@@ -2628,7 +2829,7 @@ static int do_anonymous_page(struct mm_s
47884 unsigned long address, pte_t *page_table, pmd_t *pmd,
47885 unsigned int flags)
47886 {
47887- struct page *page;
47888+ struct page *page = NULL;
47889 spinlock_t *ptl;
47890 pte_t entry;
47891
47892@@ -2663,6 +2864,11 @@ static int do_anonymous_page(struct mm_s
47893 if (!pte_none(*page_table))
47894 goto release;
47895
47896+#ifdef CONFIG_PAX_SEGMEXEC
47897+ if (pax_find_mirror_vma(vma))
47898+ BUG_ON(!trylock_page(page));
47899+#endif
47900+
47901 inc_mm_counter(mm, anon_rss);
47902 page_add_new_anon_rmap(page, vma, address);
47903 setpte:
47904@@ -2670,6 +2876,12 @@ setpte:
47905
47906 /* No need to invalidate - it was non-present before */
47907 update_mmu_cache(vma, address, entry);
47908+
47909+#ifdef CONFIG_PAX_SEGMEXEC
47910+ if (page)
47911+ pax_mirror_anon_pte(vma, address, page, ptl);
47912+#endif
47913+
47914 unlock:
47915 pte_unmap_unlock(page_table, ptl);
47916 return 0;
47917@@ -2812,6 +3024,12 @@ static int __do_fault(struct mm_struct *
47918 */
47919 /* Only go through if we didn't race with anybody else... */
47920 if (likely(pte_same(*page_table, orig_pte))) {
47921+
47922+#ifdef CONFIG_PAX_SEGMEXEC
47923+ if (anon && pax_find_mirror_vma(vma))
47924+ BUG_ON(!trylock_page(page));
47925+#endif
47926+
47927 flush_icache_page(vma, page);
47928 entry = mk_pte(page, vma->vm_page_prot);
47929 if (flags & FAULT_FLAG_WRITE)
47930@@ -2831,6 +3049,14 @@ static int __do_fault(struct mm_struct *
47931
47932 /* no need to invalidate: a not-present page won't be cached */
47933 update_mmu_cache(vma, address, entry);
47934+
47935+#ifdef CONFIG_PAX_SEGMEXEC
47936+ if (anon)
47937+ pax_mirror_anon_pte(vma, address, page, ptl);
47938+ else
47939+ pax_mirror_file_pte(vma, address, page, ptl);
47940+#endif
47941+
47942 } else {
47943 if (charged)
47944 mem_cgroup_uncharge_page(page);
47945@@ -2978,6 +3204,12 @@ static inline int handle_pte_fault(struc
47946 if (flags & FAULT_FLAG_WRITE)
47947 flush_tlb_page(vma, address);
47948 }
47949+
47950+#ifdef CONFIG_PAX_SEGMEXEC
47951+ pax_mirror_pte(vma, address, pte, pmd, ptl);
47952+ return 0;
47953+#endif
47954+
47955 unlock:
47956 pte_unmap_unlock(pte, ptl);
47957 return 0;
47958@@ -2994,6 +3226,10 @@ int handle_mm_fault(struct mm_struct *mm
47959 pmd_t *pmd;
47960 pte_t *pte;
47961
47962+#ifdef CONFIG_PAX_SEGMEXEC
47963+ struct vm_area_struct *vma_m;
47964+#endif
47965+
47966 __set_current_state(TASK_RUNNING);
47967
47968 count_vm_event(PGFAULT);
47969@@ -3001,6 +3237,34 @@ int handle_mm_fault(struct mm_struct *mm
47970 if (unlikely(is_vm_hugetlb_page(vma)))
47971 return hugetlb_fault(mm, vma, address, flags);
47972
47973+#ifdef CONFIG_PAX_SEGMEXEC
47974+ vma_m = pax_find_mirror_vma(vma);
47975+ if (vma_m) {
47976+ unsigned long address_m;
47977+ pgd_t *pgd_m;
47978+ pud_t *pud_m;
47979+ pmd_t *pmd_m;
47980+
47981+ if (vma->vm_start > vma_m->vm_start) {
47982+ address_m = address;
47983+ address -= SEGMEXEC_TASK_SIZE;
47984+ vma = vma_m;
47985+ } else
47986+ address_m = address + SEGMEXEC_TASK_SIZE;
47987+
47988+ pgd_m = pgd_offset(mm, address_m);
47989+ pud_m = pud_alloc(mm, pgd_m, address_m);
47990+ if (!pud_m)
47991+ return VM_FAULT_OOM;
47992+ pmd_m = pmd_alloc(mm, pud_m, address_m);
47993+ if (!pmd_m)
47994+ return VM_FAULT_OOM;
47995+ if (!pmd_present(*pmd_m) && __pte_alloc(mm, pmd_m, address_m))
47996+ return VM_FAULT_OOM;
47997+ pax_unmap_mirror_pte(vma_m, address_m, pmd_m);
47998+ }
47999+#endif
48000+
48001 pgd = pgd_offset(mm, address);
48002 pud = pud_alloc(mm, pgd, address);
48003 if (!pud)
48004@@ -3098,7 +3362,7 @@ static int __init gate_vma_init(void)
48005 gate_vma.vm_start = FIXADDR_USER_START;
48006 gate_vma.vm_end = FIXADDR_USER_END;
48007 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
48008- gate_vma.vm_page_prot = __P101;
48009+ gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
48010 /*
48011 * Make sure the vDSO gets into every core dump.
48012 * Dumping its contents makes post-mortem fully interpretable later
48013diff -urNp linux-2.6.32.8/mm/memory-failure.c linux-2.6.32.8/mm/memory-failure.c
48014--- linux-2.6.32.8/mm/memory-failure.c 2010-02-09 07:57:19.000000000 -0500
48015+++ linux-2.6.32.8/mm/memory-failure.c 2010-02-13 21:45:10.855988002 -0500
48016@@ -46,7 +46,7 @@ int sysctl_memory_failure_early_kill __r
48017
48018 int sysctl_memory_failure_recovery __read_mostly = 1;
48019
48020-atomic_long_t mce_bad_pages __read_mostly = ATOMIC_LONG_INIT(0);
48021+atomic_long_unchecked_t mce_bad_pages __read_mostly = ATOMIC_LONG_INIT(0);
48022
48023 /*
48024 * Send all the processes who have the page mapped an ``action optional''
48025@@ -741,7 +741,7 @@ int __memory_failure(unsigned long pfn,
48026 return 0;
48027 }
48028
48029- atomic_long_add(1, &mce_bad_pages);
48030+ atomic_long_add_unchecked(1, &mce_bad_pages);
48031
48032 /*
48033 * We need/can do nothing about count=0 pages.
48034diff -urNp linux-2.6.32.8/mm/mempolicy.c linux-2.6.32.8/mm/mempolicy.c
48035--- linux-2.6.32.8/mm/mempolicy.c 2010-02-09 07:57:19.000000000 -0500
48036+++ linux-2.6.32.8/mm/mempolicy.c 2010-02-13 21:45:10.856574655 -0500
48037@@ -573,6 +573,10 @@ static int mbind_range(struct vm_area_st
48038 struct vm_area_struct *next;
48039 int err;
48040
48041+#ifdef CONFIG_PAX_SEGMEXEC
48042+ struct vm_area_struct *vma_m;
48043+#endif
48044+
48045 err = 0;
48046 for (; vma && vma->vm_start < end; vma = next) {
48047 next = vma->vm_next;
48048@@ -584,6 +588,16 @@ static int mbind_range(struct vm_area_st
48049 err = policy_vma(vma, new);
48050 if (err)
48051 break;
48052+
48053+#ifdef CONFIG_PAX_SEGMEXEC
48054+ vma_m = pax_find_mirror_vma(vma);
48055+ if (vma_m) {
48056+ err = policy_vma(vma_m, new);
48057+ if (err)
48058+ break;
48059+ }
48060+#endif
48061+
48062 }
48063 return err;
48064 }
48065@@ -1002,6 +1016,17 @@ static long do_mbind(unsigned long start
48066
48067 if (end < start)
48068 return -EINVAL;
48069+
48070+#ifdef CONFIG_PAX_SEGMEXEC
48071+ if (mm->pax_flags & MF_PAX_SEGMEXEC) {
48072+ if (end > SEGMEXEC_TASK_SIZE)
48073+ return -EINVAL;
48074+ } else
48075+#endif
48076+
48077+ if (end > TASK_SIZE)
48078+ return -EINVAL;
48079+
48080 if (end == start)
48081 return 0;
48082
48083@@ -1207,6 +1232,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pi
48084 if (!mm)
48085 return -EINVAL;
48086
48087+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
48088+ if (mm != current->mm &&
48089+ (mm->pax_flags & MF_PAX_RANDMMAP || mm->pax_flags & MF_PAX_SEGMEXEC)) {
48090+ err = -EPERM;
48091+ goto out;
48092+ }
48093+#endif
48094+
48095 /*
48096 * Check if this process has the right to modify the specified
48097 * process. The right exists if the process has administrative
48098@@ -1216,8 +1249,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pi
48099 rcu_read_lock();
48100 tcred = __task_cred(task);
48101 if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
48102- cred->uid != tcred->suid && cred->uid != tcred->uid &&
48103- !capable(CAP_SYS_NICE)) {
48104+ cred->uid != tcred->suid && !capable(CAP_SYS_NICE)) {
48105 rcu_read_unlock();
48106 err = -EPERM;
48107 goto out;
48108@@ -2386,7 +2418,7 @@ int show_numa_map(struct seq_file *m, vo
48109
48110 if (file) {
48111 seq_printf(m, " file=");
48112- seq_path(m, &file->f_path, "\n\t= ");
48113+ seq_path(m, &file->f_path, "\n\t\\= ");
48114 } else if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) {
48115 seq_printf(m, " heap");
48116 } else if (vma->vm_start <= mm->start_stack &&
48117diff -urNp linux-2.6.32.8/mm/migrate.c linux-2.6.32.8/mm/migrate.c
48118--- linux-2.6.32.8/mm/migrate.c 2010-02-09 07:57:19.000000000 -0500
48119+++ linux-2.6.32.8/mm/migrate.c 2010-02-13 21:45:10.856574655 -0500
48120@@ -953,6 +953,9 @@ static int do_pages_move(struct mm_struc
48121 goto out_pm;
48122
48123 err = -ENODEV;
48124+ if (node < 0 || node >= MAX_NUMNODES)
48125+ goto out_pm;
48126+
48127 if (!node_state(node, N_HIGH_MEMORY))
48128 goto out_pm;
48129
48130@@ -1103,6 +1106,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,
48131 if (!mm)
48132 return -EINVAL;
48133
48134+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
48135+ if (mm != current->mm &&
48136+ (mm->pax_flags & MF_PAX_RANDMMAP || mm->pax_flags & MF_PAX_SEGMEXEC)) {
48137+ err = -EPERM;
48138+ goto out;
48139+ }
48140+#endif
48141+
48142 /*
48143 * Check if this process has the right to modify the specified
48144 * process. The right exists if the process has administrative
48145@@ -1112,8 +1123,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,
48146 rcu_read_lock();
48147 tcred = __task_cred(task);
48148 if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
48149- cred->uid != tcred->suid && cred->uid != tcred->uid &&
48150- !capable(CAP_SYS_NICE)) {
48151+ cred->uid != tcred->suid && !capable(CAP_SYS_NICE)) {
48152 rcu_read_unlock();
48153 err = -EPERM;
48154 goto out;
48155diff -urNp linux-2.6.32.8/mm/mlock.c linux-2.6.32.8/mm/mlock.c
48156--- linux-2.6.32.8/mm/mlock.c 2010-02-09 07:57:19.000000000 -0500
48157+++ linux-2.6.32.8/mm/mlock.c 2010-02-13 21:45:10.856574655 -0500
48158@@ -13,6 +13,7 @@
48159 #include <linux/pagemap.h>
48160 #include <linux/mempolicy.h>
48161 #include <linux/syscalls.h>
48162+#include <linux/security.h>
48163 #include <linux/sched.h>
48164 #include <linux/module.h>
48165 #include <linux/rmap.h>
48166@@ -435,6 +436,17 @@ static int do_mlock(unsigned long start,
48167 return -EINVAL;
48168 if (end == start)
48169 return 0;
48170+
48171+#ifdef CONFIG_PAX_SEGMEXEC
48172+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
48173+ if (end > SEGMEXEC_TASK_SIZE)
48174+ return -EINVAL;
48175+ } else
48176+#endif
48177+
48178+ if (end > TASK_SIZE)
48179+ return -EINVAL;
48180+
48181 vma = find_vma_prev(current->mm, start, &prev);
48182 if (!vma || vma->vm_start > start)
48183 return -ENOMEM;
48184@@ -494,6 +506,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, st
48185 lock_limit >>= PAGE_SHIFT;
48186
48187 /* check against resource limits */
48188+ gr_learn_resource(current, RLIMIT_MEMLOCK, (current->mm->locked_vm << PAGE_SHIFT) + len, 1);
48189 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
48190 error = do_mlock(start, len, 1);
48191 up_write(&current->mm->mmap_sem);
48192@@ -515,10 +528,10 @@ SYSCALL_DEFINE2(munlock, unsigned long,
48193 static int do_mlockall(int flags)
48194 {
48195 struct vm_area_struct * vma, * prev = NULL;
48196- unsigned int def_flags = 0;
48197+ unsigned int def_flags = current->mm->def_flags & ~VM_LOCKED;
48198
48199 if (flags & MCL_FUTURE)
48200- def_flags = VM_LOCKED;
48201+ def_flags |= VM_LOCKED;
48202 current->mm->def_flags = def_flags;
48203 if (flags == MCL_FUTURE)
48204 goto out;
48205@@ -526,6 +539,12 @@ static int do_mlockall(int flags)
48206 for (vma = current->mm->mmap; vma ; vma = prev->vm_next) {
48207 unsigned int newflags;
48208
48209+#ifdef CONFIG_PAX_SEGMEXEC
48210+ if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE))
48211+ break;
48212+#endif
48213+
48214+ BUG_ON(vma->vm_end > TASK_SIZE);
48215 newflags = vma->vm_flags | VM_LOCKED;
48216 if (!(flags & MCL_CURRENT))
48217 newflags &= ~VM_LOCKED;
48218@@ -557,6 +576,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
48219 lock_limit >>= PAGE_SHIFT;
48220
48221 ret = -ENOMEM;
48222+ gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm, 1);
48223 if (!(flags & MCL_CURRENT) || (current->mm->total_vm <= lock_limit) ||
48224 capable(CAP_IPC_LOCK))
48225 ret = do_mlockall(flags);
48226diff -urNp linux-2.6.32.8/mm/mmap.c linux-2.6.32.8/mm/mmap.c
48227--- linux-2.6.32.8/mm/mmap.c 2010-02-09 07:57:19.000000000 -0500
48228+++ linux-2.6.32.8/mm/mmap.c 2010-02-13 21:45:10.857591578 -0500
48229@@ -45,6 +45,16 @@
48230 #define arch_rebalance_pgtables(addr, len) (addr)
48231 #endif
48232
48233+static inline void verify_mm_writelocked(struct mm_struct *mm)
48234+{
48235+#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAX)
48236+ if (unlikely(down_read_trylock(&mm->mmap_sem))) {
48237+ up_read(&mm->mmap_sem);
48238+ BUG();
48239+ }
48240+#endif
48241+}
48242+
48243 static void unmap_region(struct mm_struct *mm,
48244 struct vm_area_struct *vma, struct vm_area_struct *prev,
48245 unsigned long start, unsigned long end);
48246@@ -70,16 +80,25 @@ static void unmap_region(struct mm_struc
48247 * x: (no) no x: (no) yes x: (no) yes x: (yes) yes
48248 *
48249 */
48250-pgprot_t protection_map[16] = {
48251+pgprot_t protection_map[16] __read_only = {
48252 __P000, __P001, __P010, __P011, __P100, __P101, __P110, __P111,
48253 __S000, __S001, __S010, __S011, __S100, __S101, __S110, __S111
48254 };
48255
48256 pgprot_t vm_get_page_prot(unsigned long vm_flags)
48257 {
48258- return __pgprot(pgprot_val(protection_map[vm_flags &
48259+ pgprot_t prot = __pgprot(pgprot_val(protection_map[vm_flags &
48260 (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]) |
48261 pgprot_val(arch_vm_get_page_prot(vm_flags)));
48262+
48263+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
48264+ if (!nx_enabled &&
48265+ (vm_flags & (VM_PAGEEXEC | VM_EXEC)) == VM_PAGEEXEC &&
48266+ (vm_flags & (VM_READ | VM_WRITE)))
48267+ prot = __pgprot(pte_val(pte_exprotect(__pte(pgprot_val(prot)))));
48268+#endif
48269+
48270+ return prot;
48271 }
48272 EXPORT_SYMBOL(vm_get_page_prot);
48273
48274@@ -231,6 +250,7 @@ static struct vm_area_struct *remove_vma
48275 struct vm_area_struct *next = vma->vm_next;
48276
48277 might_sleep();
48278+ BUG_ON(vma->vm_mirror);
48279 if (vma->vm_ops && vma->vm_ops->close)
48280 vma->vm_ops->close(vma);
48281 if (vma->vm_file) {
48282@@ -267,6 +287,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
48283 * not page aligned -Ram Gupta
48284 */
48285 rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
48286+ gr_learn_resource(current, RLIMIT_DATA, (brk - mm->start_brk) + (mm->end_data - mm->start_data), 1);
48287 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) +
48288 (mm->end_data - mm->start_data) > rlim)
48289 goto out;
48290@@ -694,6 +715,12 @@ static int
48291 can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
48292 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
48293 {
48294+
48295+#ifdef CONFIG_PAX_SEGMEXEC
48296+ if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_start == SEGMEXEC_TASK_SIZE)
48297+ return 0;
48298+#endif
48299+
48300 if (is_mergeable_vma(vma, file, vm_flags) &&
48301 is_mergeable_anon_vma(anon_vma, vma->anon_vma)) {
48302 if (vma->vm_pgoff == vm_pgoff)
48303@@ -713,6 +740,12 @@ static int
48304 can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
48305 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
48306 {
48307+
48308+#ifdef CONFIG_PAX_SEGMEXEC
48309+ if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end == SEGMEXEC_TASK_SIZE)
48310+ return 0;
48311+#endif
48312+
48313 if (is_mergeable_vma(vma, file, vm_flags) &&
48314 is_mergeable_anon_vma(anon_vma, vma->anon_vma)) {
48315 pgoff_t vm_pglen;
48316@@ -755,12 +788,19 @@ can_vma_merge_after(struct vm_area_struc
48317 struct vm_area_struct *vma_merge(struct mm_struct *mm,
48318 struct vm_area_struct *prev, unsigned long addr,
48319 unsigned long end, unsigned long vm_flags,
48320- struct anon_vma *anon_vma, struct file *file,
48321+ struct anon_vma *anon_vma, struct file *file,
48322 pgoff_t pgoff, struct mempolicy *policy)
48323 {
48324 pgoff_t pglen = (end - addr) >> PAGE_SHIFT;
48325 struct vm_area_struct *area, *next;
48326
48327+#ifdef CONFIG_PAX_SEGMEXEC
48328+ unsigned long addr_m = addr + SEGMEXEC_TASK_SIZE, end_m = end + SEGMEXEC_TASK_SIZE;
48329+ struct vm_area_struct *area_m = NULL, *next_m = NULL, *prev_m = NULL;
48330+
48331+ BUG_ON((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE < end);
48332+#endif
48333+
48334 /*
48335 * We later require that vma->vm_flags == vm_flags,
48336 * so this tests vma->vm_flags & VM_SPECIAL, too.
48337@@ -776,6 +816,15 @@ struct vm_area_struct *vma_merge(struct
48338 if (next && next->vm_end == end) /* cases 6, 7, 8 */
48339 next = next->vm_next;
48340
48341+#ifdef CONFIG_PAX_SEGMEXEC
48342+ if (prev)
48343+ prev_m = pax_find_mirror_vma(prev);
48344+ if (area)
48345+ area_m = pax_find_mirror_vma(area);
48346+ if (next)
48347+ next_m = pax_find_mirror_vma(next);
48348+#endif
48349+
48350 /*
48351 * Can it merge with the predecessor?
48352 */
48353@@ -795,9 +844,24 @@ struct vm_area_struct *vma_merge(struct
48354 /* cases 1, 6 */
48355 vma_adjust(prev, prev->vm_start,
48356 next->vm_end, prev->vm_pgoff, NULL);
48357- } else /* cases 2, 5, 7 */
48358+
48359+#ifdef CONFIG_PAX_SEGMEXEC
48360+ if (prev_m)
48361+ vma_adjust(prev_m, prev_m->vm_start,
48362+ next_m->vm_end, prev_m->vm_pgoff, NULL);
48363+#endif
48364+
48365+ } else { /* cases 2, 5, 7 */
48366 vma_adjust(prev, prev->vm_start,
48367 end, prev->vm_pgoff, NULL);
48368+
48369+#ifdef CONFIG_PAX_SEGMEXEC
48370+ if (prev_m)
48371+ vma_adjust(prev_m, prev_m->vm_start,
48372+ end_m, prev_m->vm_pgoff, NULL);
48373+#endif
48374+
48375+ }
48376 return prev;
48377 }
48378
48379@@ -808,12 +872,27 @@ struct vm_area_struct *vma_merge(struct
48380 mpol_equal(policy, vma_policy(next)) &&
48381 can_vma_merge_before(next, vm_flags,
48382 anon_vma, file, pgoff+pglen)) {
48383- if (prev && addr < prev->vm_end) /* case 4 */
48384+ if (prev && addr < prev->vm_end) { /* case 4 */
48385 vma_adjust(prev, prev->vm_start,
48386 addr, prev->vm_pgoff, NULL);
48387- else /* cases 3, 8 */
48388+
48389+#ifdef CONFIG_PAX_SEGMEXEC
48390+ if (prev_m)
48391+ vma_adjust(prev_m, prev_m->vm_start,
48392+ addr_m, prev_m->vm_pgoff, NULL);
48393+#endif
48394+
48395+ } else { /* cases 3, 8 */
48396 vma_adjust(area, addr, next->vm_end,
48397 next->vm_pgoff - pglen, NULL);
48398+
48399+#ifdef CONFIG_PAX_SEGMEXEC
48400+ if (area_m)
48401+ vma_adjust(area_m, addr_m, next_m->vm_end,
48402+ next_m->vm_pgoff - pglen, NULL);
48403+#endif
48404+
48405+ }
48406 return area;
48407 }
48408
48409@@ -888,14 +967,11 @@ none:
48410 void vm_stat_account(struct mm_struct *mm, unsigned long flags,
48411 struct file *file, long pages)
48412 {
48413- const unsigned long stack_flags
48414- = VM_STACK_FLAGS & (VM_GROWSUP|VM_GROWSDOWN);
48415-
48416 if (file) {
48417 mm->shared_vm += pages;
48418 if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC)
48419 mm->exec_vm += pages;
48420- } else if (flags & stack_flags)
48421+ } else if (flags & (VM_GROWSUP|VM_GROWSDOWN))
48422 mm->stack_vm += pages;
48423 if (flags & (VM_RESERVED|VM_IO))
48424 mm->reserved_vm += pages;
48425@@ -922,7 +998,7 @@ unsigned long do_mmap_pgoff(struct file
48426 * (the exception is when the underlying filesystem is noexec
48427 * mounted, in which case we dont add PROT_EXEC.)
48428 */
48429- if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
48430+ if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC))
48431 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC)))
48432 prot |= PROT_EXEC;
48433
48434@@ -948,7 +1024,7 @@ unsigned long do_mmap_pgoff(struct file
48435 /* Obtain the address to map to. we verify (or select) it and ensure
48436 * that it represents a valid section of the address space.
48437 */
48438- addr = get_unmapped_area(file, addr, len, pgoff, flags);
48439+ addr = get_unmapped_area(file, addr, len, pgoff, flags | ((prot & PROT_EXEC) ? MAP_EXECUTABLE : 0));
48440 if (addr & ~PAGE_MASK)
48441 return addr;
48442
48443@@ -959,6 +1035,26 @@ unsigned long do_mmap_pgoff(struct file
48444 vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
48445 mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
48446
48447+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
48448+ if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
48449+
48450+#ifdef CONFIG_PAX_MPROTECT
48451+ if (mm->pax_flags & MF_PAX_MPROTECT) {
48452+ if ((prot & (PROT_WRITE | PROT_EXEC)) != PROT_EXEC)
48453+ vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
48454+ else
48455+ vm_flags &= ~(VM_WRITE | VM_MAYWRITE);
48456+ }
48457+#endif
48458+
48459+ }
48460+#endif
48461+
48462+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
48463+ if ((mm->pax_flags & MF_PAX_PAGEEXEC) && file)
48464+ vm_flags &= ~VM_PAGEEXEC;
48465+#endif
48466+
48467 if (flags & MAP_LOCKED)
48468 if (!can_do_mlock())
48469 return -EPERM;
48470@@ -970,6 +1066,7 @@ unsigned long do_mmap_pgoff(struct file
48471 locked += mm->locked_vm;
48472 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
48473 lock_limit >>= PAGE_SHIFT;
48474+ gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
48475 if (locked > lock_limit && !capable(CAP_IPC_LOCK))
48476 return -EAGAIN;
48477 }
48478@@ -1043,6 +1140,9 @@ unsigned long do_mmap_pgoff(struct file
48479 if (error)
48480 return error;
48481
48482+ if (!gr_acl_handle_mmap(file, prot))
48483+ return -EACCES;
48484+
48485 return mmap_region(file, addr, len, flags, vm_flags, pgoff);
48486 }
48487 EXPORT_SYMBOL(do_mmap_pgoff);
48488@@ -1055,10 +1155,10 @@ EXPORT_SYMBOL(do_mmap_pgoff);
48489 */
48490 int vma_wants_writenotify(struct vm_area_struct *vma)
48491 {
48492- unsigned int vm_flags = vma->vm_flags;
48493+ unsigned long vm_flags = vma->vm_flags;
48494
48495 /* If it was private or non-writable, the write bit is already clear */
48496- if ((vm_flags & (VM_WRITE|VM_SHARED)) != ((VM_WRITE|VM_SHARED)))
48497+ if ((vm_flags & (VM_WRITE|VM_SHARED)) != (VM_WRITE|VM_SHARED))
48498 return 0;
48499
48500 /* The backer wishes to know when pages are first written to? */
48501@@ -1107,14 +1207,24 @@ unsigned long mmap_region(struct file *f
48502 unsigned long charged = 0;
48503 struct inode *inode = file ? file->f_path.dentry->d_inode : NULL;
48504
48505+#ifdef CONFIG_PAX_SEGMEXEC
48506+ struct vm_area_struct *vma_m = NULL;
48507+#endif
48508+
48509+ /*
48510+ * mm->mmap_sem is required to protect against another thread
48511+ * changing the mappings in case we sleep.
48512+ */
48513+ verify_mm_writelocked(mm);
48514+
48515 /* Clear old maps */
48516 error = -ENOMEM;
48517-munmap_back:
48518 vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
48519 if (vma && vma->vm_start < addr + len) {
48520 if (do_munmap(mm, addr, len))
48521 return -ENOMEM;
48522- goto munmap_back;
48523+ vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
48524+ BUG_ON(vma && vma->vm_start < addr + len);
48525 }
48526
48527 /* Check against address space limit. */
48528@@ -1163,6 +1273,16 @@ munmap_back:
48529 goto unacct_error;
48530 }
48531
48532+#ifdef CONFIG_PAX_SEGMEXEC
48533+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vm_flags & VM_EXEC)) {
48534+ vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
48535+ if (!vma_m) {
48536+ error = -ENOMEM;
48537+ goto free_vma;
48538+ }
48539+ }
48540+#endif
48541+
48542 vma->vm_mm = mm;
48543 vma->vm_start = addr;
48544 vma->vm_end = addr + len;
48545@@ -1185,6 +1305,19 @@ munmap_back:
48546 error = file->f_op->mmap(file, vma);
48547 if (error)
48548 goto unmap_and_free_vma;
48549+
48550+#ifdef CONFIG_PAX_SEGMEXEC
48551+ if (vma_m && (vm_flags & VM_EXECUTABLE))
48552+ added_exe_file_vma(mm);
48553+#endif
48554+
48555+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
48556+ if ((mm->pax_flags & MF_PAX_PAGEEXEC) && !(vma->vm_flags & VM_SPECIAL)) {
48557+ vma->vm_flags |= VM_PAGEEXEC;
48558+ vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
48559+ }
48560+#endif
48561+
48562 if (vm_flags & VM_EXECUTABLE)
48563 added_exe_file_vma(mm);
48564
48565@@ -1208,6 +1341,11 @@ munmap_back:
48566 vma_link(mm, vma, prev, rb_link, rb_parent);
48567 file = vma->vm_file;
48568
48569+#ifdef CONFIG_PAX_SEGMEXEC
48570+ if (vma_m)
48571+ pax_mirror_vma(vma_m, vma);
48572+#endif
48573+
48574 /* Once vma denies write, undo our temporary denial count */
48575 if (correct_wcount)
48576 atomic_inc(&inode->i_writecount);
48577@@ -1216,6 +1354,7 @@ out:
48578
48579 mm->total_vm += len >> PAGE_SHIFT;
48580 vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
48581+ track_exec_limit(mm, addr, addr + len, vm_flags);
48582 if (vm_flags & VM_LOCKED) {
48583 /*
48584 * makes pages present; downgrades, drops, reacquires mmap_sem
48585@@ -1238,6 +1377,12 @@ unmap_and_free_vma:
48586 unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
48587 charged = 0;
48588 free_vma:
48589+
48590+#ifdef CONFIG_PAX_SEGMEXEC
48591+ if (vma_m)
48592+ kmem_cache_free(vm_area_cachep, vma_m);
48593+#endif
48594+
48595 kmem_cache_free(vm_area_cachep, vma);
48596 unacct_error:
48597 if (charged)
48598@@ -1271,6 +1416,10 @@ arch_get_unmapped_area(struct file *filp
48599 if (flags & MAP_FIXED)
48600 return addr;
48601
48602+#ifdef CONFIG_PAX_RANDMMAP
48603+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
48604+#endif
48605+
48606 if (addr) {
48607 addr = PAGE_ALIGN(addr);
48608 vma = find_vma(mm, addr);
48609@@ -1279,10 +1428,10 @@ arch_get_unmapped_area(struct file *filp
48610 return addr;
48611 }
48612 if (len > mm->cached_hole_size) {
48613- start_addr = addr = mm->free_area_cache;
48614+ start_addr = addr = mm->free_area_cache;
48615 } else {
48616- start_addr = addr = TASK_UNMAPPED_BASE;
48617- mm->cached_hole_size = 0;
48618+ start_addr = addr = mm->mmap_base;
48619+ mm->cached_hole_size = 0;
48620 }
48621
48622 full_search:
48623@@ -1293,9 +1442,8 @@ full_search:
48624 * Start a new search - just in case we missed
48625 * some holes.
48626 */
48627- if (start_addr != TASK_UNMAPPED_BASE) {
48628- addr = TASK_UNMAPPED_BASE;
48629- start_addr = addr;
48630+ if (start_addr != mm->mmap_base) {
48631+ start_addr = addr = mm->mmap_base;
48632 mm->cached_hole_size = 0;
48633 goto full_search;
48634 }
48635@@ -1317,10 +1465,16 @@ full_search:
48636
48637 void arch_unmap_area(struct mm_struct *mm, unsigned long addr)
48638 {
48639+
48640+#ifdef CONFIG_PAX_SEGMEXEC
48641+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE <= addr)
48642+ return;
48643+#endif
48644+
48645 /*
48646 * Is this a new hole at the lowest possible address?
48647 */
48648- if (addr >= TASK_UNMAPPED_BASE && addr < mm->free_area_cache) {
48649+ if (addr >= mm->mmap_base && addr < mm->free_area_cache) {
48650 mm->free_area_cache = addr;
48651 mm->cached_hole_size = ~0UL;
48652 }
48653@@ -1338,7 +1492,7 @@ arch_get_unmapped_area_topdown(struct fi
48654 {
48655 struct vm_area_struct *vma;
48656 struct mm_struct *mm = current->mm;
48657- unsigned long addr = addr0;
48658+ unsigned long base = mm->mmap_base, addr = addr0;
48659
48660 /* requested length too big for entire address space */
48661 if (len > TASK_SIZE)
48662@@ -1347,6 +1501,10 @@ arch_get_unmapped_area_topdown(struct fi
48663 if (flags & MAP_FIXED)
48664 return addr;
48665
48666+#ifdef CONFIG_PAX_RANDMMAP
48667+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
48668+#endif
48669+
48670 /* requesting a specific address */
48671 if (addr) {
48672 addr = PAGE_ALIGN(addr);
48673@@ -1404,13 +1562,21 @@ bottomup:
48674 * can happen with large stack limits and large mmap()
48675 * allocations.
48676 */
48677+ mm->mmap_base = TASK_UNMAPPED_BASE;
48678+
48679+#ifdef CONFIG_PAX_RANDMMAP
48680+ if (mm->pax_flags & MF_PAX_RANDMMAP)
48681+ mm->mmap_base += mm->delta_mmap;
48682+#endif
48683+
48684+ mm->free_area_cache = mm->mmap_base;
48685 mm->cached_hole_size = ~0UL;
48686- mm->free_area_cache = TASK_UNMAPPED_BASE;
48687 addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
48688 /*
48689 * Restore the topdown base:
48690 */
48691- mm->free_area_cache = mm->mmap_base;
48692+ mm->mmap_base = base;
48693+ mm->free_area_cache = base;
48694 mm->cached_hole_size = ~0UL;
48695
48696 return addr;
48697@@ -1419,6 +1585,12 @@ bottomup:
48698
48699 void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
48700 {
48701+
48702+#ifdef CONFIG_PAX_SEGMEXEC
48703+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE <= addr)
48704+ return;
48705+#endif
48706+
48707 /*
48708 * Is this a new hole at the highest possible address?
48709 */
48710@@ -1426,8 +1598,10 @@ void arch_unmap_area_topdown(struct mm_s
48711 mm->free_area_cache = addr;
48712
48713 /* dont allow allocations above current base */
48714- if (mm->free_area_cache > mm->mmap_base)
48715+ if (mm->free_area_cache > mm->mmap_base) {
48716 mm->free_area_cache = mm->mmap_base;
48717+ mm->cached_hole_size = ~0UL;
48718+ }
48719 }
48720
48721 unsigned long
48722@@ -1535,6 +1709,27 @@ out:
48723 return prev ? prev->vm_next : vma;
48724 }
48725
48726+#ifdef CONFIG_PAX_SEGMEXEC
48727+struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma)
48728+{
48729+ struct vm_area_struct *vma_m;
48730+
48731+ BUG_ON(!vma || vma->vm_start >= vma->vm_end);
48732+ if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)) {
48733+ BUG_ON(vma->vm_mirror);
48734+ return NULL;
48735+ }
48736+ BUG_ON(vma->vm_start < SEGMEXEC_TASK_SIZE && SEGMEXEC_TASK_SIZE < vma->vm_end);
48737+ vma_m = vma->vm_mirror;
48738+ BUG_ON(!vma_m || vma_m->vm_mirror != vma);
48739+ BUG_ON(vma->vm_file != vma_m->vm_file);
48740+ BUG_ON(vma->vm_end - vma->vm_start != vma_m->vm_end - vma_m->vm_start);
48741+ BUG_ON(vma->vm_pgoff != vma_m->vm_pgoff || vma->anon_vma != vma_m->anon_vma);
48742+ BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED));
48743+ return vma_m;
48744+}
48745+#endif
48746+
48747 /*
48748 * Verify that the stack growth is acceptable and
48749 * update accounting. This is shared with both the
48750@@ -1551,6 +1746,7 @@ static int acct_stack_growth(struct vm_a
48751 return -ENOMEM;
48752
48753 /* Stack limit test */
48754+ gr_learn_resource(current, RLIMIT_STACK, size, 1);
48755 if (size > rlim[RLIMIT_STACK].rlim_cur)
48756 return -ENOMEM;
48757
48758@@ -1560,6 +1756,7 @@ static int acct_stack_growth(struct vm_a
48759 unsigned long limit;
48760 locked = mm->locked_vm + grow;
48761 limit = rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT;
48762+ gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
48763 if (locked > limit && !capable(CAP_IPC_LOCK))
48764 return -ENOMEM;
48765 }
48766@@ -1595,35 +1792,40 @@ static
48767 #endif
48768 int expand_upwards(struct vm_area_struct *vma, unsigned long address)
48769 {
48770- int error;
48771+ int error, locknext;
48772
48773 if (!(vma->vm_flags & VM_GROWSUP))
48774 return -EFAULT;
48775
48776+ /* Also guard against wrapping around to address 0. */
48777+ if (address < PAGE_ALIGN(address+1))
48778+ address = PAGE_ALIGN(address+1);
48779+ else
48780+ return -ENOMEM;
48781+
48782 /*
48783 * We must make sure the anon_vma is allocated
48784 * so that the anon_vma locking is not a noop.
48785 */
48786 if (unlikely(anon_vma_prepare(vma)))
48787 return -ENOMEM;
48788+ locknext = vma->vm_next && (vma->vm_next->vm_flags & VM_GROWSDOWN);
48789+ if (locknext && unlikely(anon_vma_prepare(vma->vm_next)))
48790+ return -ENOMEM;
48791 anon_vma_lock(vma);
48792+ if (locknext)
48793+ anon_vma_lock(vma->vm_next);
48794
48795 /*
48796 * vma->vm_start/vm_end cannot change under us because the caller
48797 * is required to hold the mmap_sem in read mode. We need the
48798- * anon_vma lock to serialize against concurrent expand_stacks.
48799- * Also guard against wrapping around to address 0.
48800+ * anon_vma locks to serialize against concurrent expand_stacks
48801+ * and expand_upwards.
48802 */
48803- if (address < PAGE_ALIGN(address+4))
48804- address = PAGE_ALIGN(address+4);
48805- else {
48806- anon_vma_unlock(vma);
48807- return -ENOMEM;
48808- }
48809 error = 0;
48810
48811 /* Somebody else might have raced and expanded it already */
48812- if (address > vma->vm_end) {
48813+ if (address > vma->vm_end && (!locknext || vma->vm_next->vm_start >= address)) {
48814 unsigned long size, grow;
48815
48816 size = address - vma->vm_start;
48817@@ -1633,6 +1835,8 @@ int expand_upwards(struct vm_area_struct
48818 if (!error)
48819 vma->vm_end = address;
48820 }
48821+ if (locknext)
48822+ anon_vma_unlock(vma->vm_next);
48823 anon_vma_unlock(vma);
48824 return error;
48825 }
48826@@ -1644,7 +1848,8 @@ int expand_upwards(struct vm_area_struct
48827 static int expand_downwards(struct vm_area_struct *vma,
48828 unsigned long address)
48829 {
48830- int error;
48831+ int error, lockprev = 0;
48832+ struct vm_area_struct *prev = NULL;
48833
48834 /*
48835 * We must make sure the anon_vma is allocated
48836@@ -1658,6 +1863,15 @@ static int expand_downwards(struct vm_ar
48837 if (error)
48838 return error;
48839
48840+#if defined(CONFIG_STACK_GROWSUP) || defined(CONFIG_IA64)
48841+ find_vma_prev(vma->vm_mm, address, &prev);
48842+ lockprev = prev && (prev->vm_flags & VM_GROWSUP);
48843+#endif
48844+ if (lockprev && unlikely(anon_vma_prepare(prev)))
48845+ return -ENOMEM;
48846+ if (lockprev)
48847+ anon_vma_lock(prev);
48848+
48849 anon_vma_lock(vma);
48850
48851 /*
48852@@ -1667,9 +1881,15 @@ static int expand_downwards(struct vm_ar
48853 */
48854
48855 /* Somebody else might have raced and expanded it already */
48856- if (address < vma->vm_start) {
48857+ if (address < vma->vm_start && (!lockprev || prev->vm_end <= address)) {
48858 unsigned long size, grow;
48859
48860+#ifdef CONFIG_PAX_SEGMEXEC
48861+ struct vm_area_struct *vma_m;
48862+
48863+ vma_m = pax_find_mirror_vma(vma);
48864+#endif
48865+
48866 size = vma->vm_end - address;
48867 grow = (vma->vm_start - address) >> PAGE_SHIFT;
48868
48869@@ -1677,9 +1897,20 @@ static int expand_downwards(struct vm_ar
48870 if (!error) {
48871 vma->vm_start = address;
48872 vma->vm_pgoff -= grow;
48873+ track_exec_limit(vma->vm_mm, vma->vm_start, vma->vm_end, vma->vm_flags);
48874+
48875+#ifdef CONFIG_PAX_SEGMEXEC
48876+ if (vma_m) {
48877+ vma_m->vm_start -= grow << PAGE_SHIFT;
48878+ vma_m->vm_pgoff -= grow;
48879+ }
48880+#endif
48881+
48882 }
48883 }
48884 anon_vma_unlock(vma);
48885+ if (lockprev)
48886+ anon_vma_unlock(prev);
48887 return error;
48888 }
48889
48890@@ -1755,6 +1986,13 @@ static void remove_vma_list(struct mm_st
48891 do {
48892 long nrpages = vma_pages(vma);
48893
48894+#ifdef CONFIG_PAX_SEGMEXEC
48895+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE)) {
48896+ vma = remove_vma(vma);
48897+ continue;
48898+ }
48899+#endif
48900+
48901 mm->total_vm -= nrpages;
48902 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
48903 vma = remove_vma(vma);
48904@@ -1799,6 +2037,16 @@ detach_vmas_to_be_unmapped(struct mm_str
48905
48906 insertion_point = (prev ? &prev->vm_next : &mm->mmap);
48907 do {
48908+
48909+#ifdef CONFIG_PAX_SEGMEXEC
48910+ if (vma->vm_mirror) {
48911+ BUG_ON(!vma->vm_mirror->vm_mirror || vma->vm_mirror->vm_mirror != vma);
48912+ vma->vm_mirror->vm_mirror = NULL;
48913+ vma->vm_mirror->vm_flags &= ~VM_EXEC;
48914+ vma->vm_mirror = NULL;
48915+ }
48916+#endif
48917+
48918 rb_erase(&vma->vm_rb, &mm->mm_rb);
48919 mm->map_count--;
48920 tail_vma = vma;
48921@@ -1824,10 +2072,25 @@ int split_vma(struct mm_struct * mm, str
48922 struct mempolicy *pol;
48923 struct vm_area_struct *new;
48924
48925+#ifdef CONFIG_PAX_SEGMEXEC
48926+ struct vm_area_struct *vma_m, *new_m = NULL;
48927+ unsigned long addr_m = addr + SEGMEXEC_TASK_SIZE;
48928+#endif
48929+
48930 if (is_vm_hugetlb_page(vma) && (addr &
48931 ~(huge_page_mask(hstate_vma(vma)))))
48932 return -EINVAL;
48933
48934+#ifdef CONFIG_PAX_SEGMEXEC
48935+ vma_m = pax_find_mirror_vma(vma);
48936+
48937+ if (mm->pax_flags & MF_PAX_SEGMEXEC) {
48938+ BUG_ON(vma->vm_end > SEGMEXEC_TASK_SIZE);
48939+ if (mm->map_count >= sysctl_max_map_count-1)
48940+ return -ENOMEM;
48941+ } else
48942+#endif
48943+
48944 if (mm->map_count >= sysctl_max_map_count)
48945 return -ENOMEM;
48946
48947@@ -1835,6 +2098,16 @@ int split_vma(struct mm_struct * mm, str
48948 if (!new)
48949 return -ENOMEM;
48950
48951+#ifdef CONFIG_PAX_SEGMEXEC
48952+ if (vma_m) {
48953+ new_m = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
48954+ if (!new_m) {
48955+ kmem_cache_free(vm_area_cachep, new);
48956+ return -ENOMEM;
48957+ }
48958+ }
48959+#endif
48960+
48961 /* most fields are the same, copy all, and then fixup */
48962 *new = *vma;
48963
48964@@ -1845,8 +2118,29 @@ int split_vma(struct mm_struct * mm, str
48965 new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
48966 }
48967
48968+#ifdef CONFIG_PAX_SEGMEXEC
48969+ if (vma_m) {
48970+ *new_m = *vma_m;
48971+ new_m->vm_mirror = new;
48972+ new->vm_mirror = new_m;
48973+
48974+ if (new_below)
48975+ new_m->vm_end = addr_m;
48976+ else {
48977+ new_m->vm_start = addr_m;
48978+ new_m->vm_pgoff += ((addr_m - vma_m->vm_start) >> PAGE_SHIFT);
48979+ }
48980+ }
48981+#endif
48982+
48983 pol = mpol_dup(vma_policy(vma));
48984 if (IS_ERR(pol)) {
48985+
48986+#ifdef CONFIG_PAX_SEGMEXEC
48987+ if (new_m)
48988+ kmem_cache_free(vm_area_cachep, new_m);
48989+#endif
48990+
48991 kmem_cache_free(vm_area_cachep, new);
48992 return PTR_ERR(pol);
48993 }
48994@@ -1867,6 +2161,28 @@ int split_vma(struct mm_struct * mm, str
48995 else
48996 vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
48997
48998+#ifdef CONFIG_PAX_SEGMEXEC
48999+ if (vma_m) {
49000+ mpol_get(pol);
49001+ vma_set_policy(new_m, pol);
49002+
49003+ if (new_m->vm_file) {
49004+ get_file(new_m->vm_file);
49005+ if (vma_m->vm_flags & VM_EXECUTABLE)
49006+ added_exe_file_vma(mm);
49007+ }
49008+
49009+ if (new_m->vm_ops && new_m->vm_ops->open)
49010+ new_m->vm_ops->open(new_m);
49011+
49012+ if (new_below)
49013+ vma_adjust(vma_m, addr_m, vma_m->vm_end, vma_m->vm_pgoff +
49014+ ((addr_m - new_m->vm_start) >> PAGE_SHIFT), new_m);
49015+ else
49016+ vma_adjust(vma_m, vma_m->vm_start, addr_m, vma_m->vm_pgoff, new_m);
49017+ }
49018+#endif
49019+
49020 return 0;
49021 }
49022
49023@@ -1875,11 +2191,30 @@ int split_vma(struct mm_struct * mm, str
49024 * work. This now handles partial unmappings.
49025 * Jeremy Fitzhardinge <jeremy@goop.org>
49026 */
49027+#ifdef CONFIG_PAX_SEGMEXEC
49028 int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
49029 {
49030+ int ret = __do_munmap(mm, start, len);
49031+ if (ret || !(mm->pax_flags & MF_PAX_SEGMEXEC))
49032+ return ret;
49033+
49034+ return __do_munmap(mm, start + SEGMEXEC_TASK_SIZE, len);
49035+}
49036+
49037+int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
49038+#else
49039+int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
49040+#endif
49041+{
49042 unsigned long end;
49043 struct vm_area_struct *vma, *prev, *last;
49044
49045+ /*
49046+ * mm->mmap_sem is required to protect against another thread
49047+ * changing the mappings in case we sleep.
49048+ */
49049+ verify_mm_writelocked(mm);
49050+
49051 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
49052 return -EINVAL;
49053
49054@@ -1943,6 +2278,8 @@ int do_munmap(struct mm_struct *mm, unsi
49055 /* Fix up all other VM information */
49056 remove_vma_list(mm, vma);
49057
49058+ track_exec_limit(mm, start, end, 0UL);
49059+
49060 return 0;
49061 }
49062
49063@@ -1955,22 +2292,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a
49064
49065 profile_munmap(addr);
49066
49067+#ifdef CONFIG_PAX_SEGMEXEC
49068+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) &&
49069+ (len > SEGMEXEC_TASK_SIZE || addr > SEGMEXEC_TASK_SIZE-len))
49070+ return -EINVAL;
49071+#endif
49072+
49073 down_write(&mm->mmap_sem);
49074 ret = do_munmap(mm, addr, len);
49075 up_write(&mm->mmap_sem);
49076 return ret;
49077 }
49078
49079-static inline void verify_mm_writelocked(struct mm_struct *mm)
49080-{
49081-#ifdef CONFIG_DEBUG_VM
49082- if (unlikely(down_read_trylock(&mm->mmap_sem))) {
49083- WARN_ON(1);
49084- up_read(&mm->mmap_sem);
49085- }
49086-#endif
49087-}
49088-
49089 /*
49090 * this is really a simplified "do_mmap". it only handles
49091 * anonymous maps. eventually we may be able to do some
49092@@ -1984,6 +2317,11 @@ unsigned long do_brk(unsigned long addr,
49093 struct rb_node ** rb_link, * rb_parent;
49094 pgoff_t pgoff = addr >> PAGE_SHIFT;
49095 int error;
49096+ unsigned long charged;
49097+
49098+#ifdef CONFIG_PAX_SEGMEXEC
49099+ struct vm_area_struct *vma_m = NULL;
49100+#endif
49101
49102 len = PAGE_ALIGN(len);
49103 if (!len)
49104@@ -1995,16 +2333,30 @@ unsigned long do_brk(unsigned long addr,
49105
49106 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
49107
49108+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
49109+ if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
49110+ flags &= ~VM_EXEC;
49111+
49112+#ifdef CONFIG_PAX_MPROTECT
49113+ if (mm->pax_flags & MF_PAX_MPROTECT)
49114+ flags &= ~VM_MAYEXEC;
49115+#endif
49116+
49117+ }
49118+#endif
49119+
49120 error = get_unmapped_area(NULL, addr, len, 0, MAP_FIXED);
49121 if (error & ~PAGE_MASK)
49122 return error;
49123
49124+ charged = len >> PAGE_SHIFT;
49125+
49126 /*
49127 * mlock MCL_FUTURE?
49128 */
49129 if (mm->def_flags & VM_LOCKED) {
49130 unsigned long locked, lock_limit;
49131- locked = len >> PAGE_SHIFT;
49132+ locked = charged;
49133 locked += mm->locked_vm;
49134 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
49135 lock_limit >>= PAGE_SHIFT;
49136@@ -2021,22 +2373,22 @@ unsigned long do_brk(unsigned long addr,
49137 /*
49138 * Clear old maps. this also does some error checking for us
49139 */
49140- munmap_back:
49141 vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
49142 if (vma && vma->vm_start < addr + len) {
49143 if (do_munmap(mm, addr, len))
49144 return -ENOMEM;
49145- goto munmap_back;
49146+ vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
49147+ BUG_ON(vma && vma->vm_start < addr + len);
49148 }
49149
49150 /* Check against address space limits *after* clearing old maps... */
49151- if (!may_expand_vm(mm, len >> PAGE_SHIFT))
49152+ if (!may_expand_vm(mm, charged))
49153 return -ENOMEM;
49154
49155 if (mm->map_count > sysctl_max_map_count)
49156 return -ENOMEM;
49157
49158- if (security_vm_enough_memory(len >> PAGE_SHIFT))
49159+ if (security_vm_enough_memory(charged))
49160 return -ENOMEM;
49161
49162 /* Can we just expand an old private anonymous mapping? */
49163@@ -2050,10 +2402,21 @@ unsigned long do_brk(unsigned long addr,
49164 */
49165 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
49166 if (!vma) {
49167- vm_unacct_memory(len >> PAGE_SHIFT);
49168+ vm_unacct_memory(charged);
49169 return -ENOMEM;
49170 }
49171
49172+#ifdef CONFIG_PAX_SEGMEXEC
49173+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (flags & VM_EXEC)) {
49174+ vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
49175+ if (!vma_m) {
49176+ kmem_cache_free(vm_area_cachep, vma);
49177+ vm_unacct_memory(charged);
49178+ return -ENOMEM;
49179+ }
49180+ }
49181+#endif
49182+
49183 vma->vm_mm = mm;
49184 vma->vm_start = addr;
49185 vma->vm_end = addr + len;
49186@@ -2062,11 +2425,12 @@ unsigned long do_brk(unsigned long addr,
49187 vma->vm_page_prot = vm_get_page_prot(flags);
49188 vma_link(mm, vma, prev, rb_link, rb_parent);
49189 out:
49190- mm->total_vm += len >> PAGE_SHIFT;
49191+ mm->total_vm += charged;
49192 if (flags & VM_LOCKED) {
49193 if (!mlock_vma_pages_range(vma, addr, addr + len))
49194- mm->locked_vm += (len >> PAGE_SHIFT);
49195+ mm->locked_vm += charged;
49196 }
49197+ track_exec_limit(mm, addr, addr + len, flags);
49198 return addr;
49199 }
49200
49201@@ -2113,8 +2477,10 @@ void exit_mmap(struct mm_struct *mm)
49202 * Walk the list again, actually closing and freeing it,
49203 * with preemption enabled, without holding any MM locks.
49204 */
49205- while (vma)
49206+ while (vma) {
49207+ vma->vm_mirror = NULL;
49208 vma = remove_vma(vma);
49209+ }
49210
49211 BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT);
49212 }
49213@@ -2128,6 +2494,10 @@ int insert_vm_struct(struct mm_struct *
49214 struct vm_area_struct * __vma, * prev;
49215 struct rb_node ** rb_link, * rb_parent;
49216
49217+#ifdef CONFIG_PAX_SEGMEXEC
49218+ struct vm_area_struct *vma_m = NULL;
49219+#endif
49220+
49221 /*
49222 * The vm_pgoff of a purely anonymous vma should be irrelevant
49223 * until its first write fault, when page's anon_vma and index
49224@@ -2150,7 +2520,22 @@ int insert_vm_struct(struct mm_struct *
49225 if ((vma->vm_flags & VM_ACCOUNT) &&
49226 security_vm_enough_memory_mm(mm, vma_pages(vma)))
49227 return -ENOMEM;
49228+
49229+#ifdef CONFIG_PAX_SEGMEXEC
49230+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_EXEC)) {
49231+ vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
49232+ if (!vma_m)
49233+ return -ENOMEM;
49234+ }
49235+#endif
49236+
49237 vma_link(mm, vma, prev, rb_link, rb_parent);
49238+
49239+#ifdef CONFIG_PAX_SEGMEXEC
49240+ if (vma_m)
49241+ pax_mirror_vma(vma_m, vma);
49242+#endif
49243+
49244 return 0;
49245 }
49246
49247@@ -2168,6 +2553,8 @@ struct vm_area_struct *copy_vma(struct v
49248 struct rb_node **rb_link, *rb_parent;
49249 struct mempolicy *pol;
49250
49251+ BUG_ON(vma->vm_mirror);
49252+
49253 /*
49254 * If anonymous vma has not yet been faulted, update new pgoff
49255 * to match new location, to increase its chance of merging.
49256@@ -2211,6 +2598,35 @@ struct vm_area_struct *copy_vma(struct v
49257 return new_vma;
49258 }
49259
49260+#ifdef CONFIG_PAX_SEGMEXEC
49261+void pax_mirror_vma(struct vm_area_struct *vma_m, struct vm_area_struct *vma)
49262+{
49263+ struct vm_area_struct *prev_m;
49264+ struct rb_node **rb_link_m, *rb_parent_m;
49265+ struct mempolicy *pol_m;
49266+
49267+ BUG_ON(!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC));
49268+ BUG_ON(vma->vm_mirror || vma_m->vm_mirror);
49269+ BUG_ON(!mpol_equal(vma_policy(vma), vma_policy(vma_m)));
49270+ *vma_m = *vma;
49271+ pol_m = vma_policy(vma_m);
49272+ mpol_get(pol_m);
49273+ vma_set_policy(vma_m, pol_m);
49274+ vma_m->vm_start += SEGMEXEC_TASK_SIZE;
49275+ vma_m->vm_end += SEGMEXEC_TASK_SIZE;
49276+ vma_m->vm_flags &= ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED);
49277+ vma_m->vm_page_prot = vm_get_page_prot(vma_m->vm_flags);
49278+ if (vma_m->vm_file)
49279+ get_file(vma_m->vm_file);
49280+ if (vma_m->vm_ops && vma_m->vm_ops->open)
49281+ vma_m->vm_ops->open(vma_m);
49282+ find_vma_prepare(vma->vm_mm, vma_m->vm_start, &prev_m, &rb_link_m, &rb_parent_m);
49283+ vma_link(vma->vm_mm, vma_m, prev_m, rb_link_m, rb_parent_m);
49284+ vma_m->vm_mirror = vma;
49285+ vma->vm_mirror = vma_m;
49286+}
49287+#endif
49288+
49289 /*
49290 * Return true if the calling process may expand its vm space by the passed
49291 * number of pages
49292@@ -2221,7 +2637,7 @@ int may_expand_vm(struct mm_struct *mm,
49293 unsigned long lim;
49294
49295 lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT;
49296-
49297+ gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1);
49298 if (cur + npages > lim)
49299 return 0;
49300 return 1;
49301@@ -2290,6 +2706,15 @@ int install_special_mapping(struct mm_st
49302 vma->vm_start = addr;
49303 vma->vm_end = addr + len;
49304
49305+#ifdef CONFIG_PAX_MPROTECT
49306+ if (mm->pax_flags & MF_PAX_MPROTECT) {
49307+ if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC)
49308+ vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
49309+ else
49310+ vm_flags &= ~(VM_WRITE | VM_MAYWRITE);
49311+ }
49312+#endif
49313+
49314 vma->vm_flags = vm_flags | mm->def_flags | VM_DONTEXPAND;
49315 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
49316
49317diff -urNp linux-2.6.32.8/mm/mprotect.c linux-2.6.32.8/mm/mprotect.c
49318--- linux-2.6.32.8/mm/mprotect.c 2010-02-09 07:57:19.000000000 -0500
49319+++ linux-2.6.32.8/mm/mprotect.c 2010-02-13 21:45:10.857591578 -0500
49320@@ -24,10 +24,16 @@
49321 #include <linux/mmu_notifier.h>
49322 #include <linux/migrate.h>
49323 #include <linux/perf_event.h>
49324+
49325+#ifdef CONFIG_PAX_MPROTECT
49326+#include <linux/elf.h>
49327+#endif
49328+
49329 #include <asm/uaccess.h>
49330 #include <asm/pgtable.h>
49331 #include <asm/cacheflush.h>
49332 #include <asm/tlbflush.h>
49333+#include <asm/mmu_context.h>
49334
49335 #ifndef pgprot_modify
49336 static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
49337@@ -132,6 +138,48 @@ static void change_protection(struct vm_
49338 flush_tlb_range(vma, start, end);
49339 }
49340
49341+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
49342+/* called while holding the mmap semaphor for writing except stack expansion */
49343+void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot)
49344+{
49345+ unsigned long oldlimit, newlimit = 0UL;
49346+
49347+ if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || nx_enabled)
49348+ return;
49349+
49350+ spin_lock(&mm->page_table_lock);
49351+ oldlimit = mm->context.user_cs_limit;
49352+ if ((prot & VM_EXEC) && oldlimit < end)
49353+ /* USER_CS limit moved up */
49354+ newlimit = end;
49355+ else if (!(prot & VM_EXEC) && start < oldlimit && oldlimit <= end)
49356+ /* USER_CS limit moved down */
49357+ newlimit = start;
49358+
49359+ if (newlimit) {
49360+ mm->context.user_cs_limit = newlimit;
49361+
49362+#ifdef CONFIG_SMP
49363+ wmb();
49364+ cpus_clear(mm->context.cpu_user_cs_mask);
49365+ cpu_set(smp_processor_id(), mm->context.cpu_user_cs_mask);
49366+#endif
49367+
49368+ set_user_cs(mm->context.user_cs_base, mm->context.user_cs_limit, smp_processor_id());
49369+ }
49370+ spin_unlock(&mm->page_table_lock);
49371+ if (newlimit == end) {
49372+ struct vm_area_struct *vma = find_vma(mm, oldlimit);
49373+
49374+ for (; vma && vma->vm_start < end; vma = vma->vm_next)
49375+ if (is_vm_hugetlb_page(vma))
49376+ hugetlb_change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot);
49377+ else
49378+ change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot, vma_wants_writenotify(vma));
49379+ }
49380+}
49381+#endif
49382+
49383 int
49384 mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
49385 unsigned long start, unsigned long end, unsigned long newflags)
49386@@ -144,6 +192,14 @@ mprotect_fixup(struct vm_area_struct *vm
49387 int error;
49388 int dirty_accountable = 0;
49389
49390+#ifdef CONFIG_PAX_SEGMEXEC
49391+ struct vm_area_struct *vma_m = NULL;
49392+ unsigned long start_m, end_m;
49393+
49394+ start_m = start + SEGMEXEC_TASK_SIZE;
49395+ end_m = end + SEGMEXEC_TASK_SIZE;
49396+#endif
49397+
49398 if (newflags == oldflags) {
49399 *pprev = vma;
49400 return 0;
49401@@ -165,6 +221,38 @@ mprotect_fixup(struct vm_area_struct *vm
49402 }
49403 }
49404
49405+#ifdef CONFIG_PAX_SEGMEXEC
49406+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && ((oldflags ^ newflags) & VM_EXEC)) {
49407+ if (start != vma->vm_start) {
49408+ error = split_vma(mm, vma, start, 1);
49409+ if (error)
49410+ goto fail;
49411+ BUG_ON(!*pprev || (*pprev)->vm_next == vma);
49412+ *pprev = (*pprev)->vm_next;
49413+ }
49414+
49415+ if (end != vma->vm_end) {
49416+ error = split_vma(mm, vma, end, 0);
49417+ if (error)
49418+ goto fail;
49419+ }
49420+
49421+ if (pax_find_mirror_vma(vma)) {
49422+ error = __do_munmap(mm, start_m, end_m - start_m);
49423+ if (error)
49424+ goto fail;
49425+ } else {
49426+ vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
49427+ if (!vma_m) {
49428+ error = -ENOMEM;
49429+ goto fail;
49430+ }
49431+ vma->vm_flags = newflags;
49432+ pax_mirror_vma(vma_m, vma);
49433+ }
49434+ }
49435+#endif
49436+
49437 /*
49438 * First try to merge with previous and/or next vma.
49439 */
49440@@ -196,8 +284,14 @@ success:
49441 * held in write mode.
49442 */
49443 vma->vm_flags = newflags;
49444+
49445+#ifdef CONFIG_PAX_MPROTECT
49446+ if (mm->binfmt && mm->binfmt->handle_mprotect)
49447+ mm->binfmt->handle_mprotect(vma, newflags);
49448+#endif
49449+
49450 vma->vm_page_prot = pgprot_modify(vma->vm_page_prot,
49451- vm_get_page_prot(newflags));
49452+ vm_get_page_prot(vma->vm_flags));
49453
49454 if (vma_wants_writenotify(vma)) {
49455 vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED);
49456@@ -238,6 +332,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
49457 end = start + len;
49458 if (end <= start)
49459 return -ENOMEM;
49460+
49461+#ifdef CONFIG_PAX_SEGMEXEC
49462+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
49463+ if (end > SEGMEXEC_TASK_SIZE)
49464+ return -EINVAL;
49465+ } else
49466+#endif
49467+
49468+ if (end > TASK_SIZE)
49469+ return -EINVAL;
49470+
49471 if (!arch_validate_prot(prot))
49472 return -EINVAL;
49473
49474@@ -245,7 +350,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
49475 /*
49476 * Does the application expect PROT_READ to imply PROT_EXEC:
49477 */
49478- if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
49479+ if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC))
49480 prot |= PROT_EXEC;
49481
49482 vm_flags = calc_vm_prot_bits(prot);
49483@@ -277,6 +382,16 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
49484 if (start > vma->vm_start)
49485 prev = vma;
49486
49487+ if (!gr_acl_handle_mprotect(vma->vm_file, prot)) {
49488+ error = -EACCES;
49489+ goto out;
49490+ }
49491+
49492+#ifdef CONFIG_PAX_MPROTECT
49493+ if (current->mm->binfmt && current->mm->binfmt->handle_mprotect)
49494+ current->mm->binfmt->handle_mprotect(vma, vm_flags);
49495+#endif
49496+
49497 for (nstart = start ; ; ) {
49498 unsigned long newflags;
49499
49500@@ -301,6 +416,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
49501 if (error)
49502 goto out;
49503 perf_event_mmap(vma);
49504+
49505+ track_exec_limit(current->mm, nstart, tmp, vm_flags);
49506+
49507 nstart = tmp;
49508
49509 if (nstart < prev->vm_end)
49510diff -urNp linux-2.6.32.8/mm/mremap.c linux-2.6.32.8/mm/mremap.c
49511--- linux-2.6.32.8/mm/mremap.c 2010-02-09 07:57:19.000000000 -0500
49512+++ linux-2.6.32.8/mm/mremap.c 2010-02-13 21:45:10.857591578 -0500
49513@@ -114,6 +114,12 @@ static void move_ptes(struct vm_area_str
49514 continue;
49515 pte = ptep_clear_flush(vma, old_addr, old_pte);
49516 pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr);
49517+
49518+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
49519+ if (!nx_enabled && (new_vma->vm_flags & (VM_PAGEEXEC | VM_EXEC)) == VM_PAGEEXEC)
49520+ pte = pte_exprotect(pte);
49521+#endif
49522+
49523 set_pte_at(mm, new_addr, new_pte, pte);
49524 }
49525
49526@@ -273,6 +279,11 @@ static struct vm_area_struct *vma_to_res
49527 if (is_vm_hugetlb_page(vma))
49528 goto Einval;
49529
49530+#ifdef CONFIG_PAX_SEGMEXEC
49531+ if (pax_find_mirror_vma(vma))
49532+ goto Einval;
49533+#endif
49534+
49535 /* We can't remap across vm area boundaries */
49536 if (old_len > vma->vm_end - addr)
49537 goto Efault;
49538@@ -322,20 +333,23 @@ static unsigned long mremap_to(unsigned
49539 unsigned long ret = -EINVAL;
49540 unsigned long charged = 0;
49541 unsigned long map_flags;
49542+ unsigned long pax_task_size = TASK_SIZE;
49543
49544 if (new_addr & ~PAGE_MASK)
49545 goto out;
49546
49547- if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len)
49548+#ifdef CONFIG_PAX_SEGMEXEC
49549+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
49550+ pax_task_size = SEGMEXEC_TASK_SIZE;
49551+#endif
49552+
49553+ if (new_len > TASK_SIZE || new_addr > pax_task_size - new_len)
49554 goto out;
49555
49556 /* Check if the location we're moving into overlaps the
49557 * old location at all, and fail if it does.
49558 */
49559- if ((new_addr <= addr) && (new_addr+new_len) > addr)
49560- goto out;
49561-
49562- if ((addr <= new_addr) && (addr+old_len) > new_addr)
49563+ if (addr + old_len > new_addr && new_addr + new_len > addr)
49564 goto out;
49565
49566 ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1);
49567@@ -407,6 +421,7 @@ unsigned long do_mremap(unsigned long ad
49568 struct vm_area_struct *vma;
49569 unsigned long ret = -EINVAL;
49570 unsigned long charged = 0;
49571+ unsigned long pax_task_size = TASK_SIZE;
49572
49573 if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
49574 goto out;
49575@@ -425,6 +440,15 @@ unsigned long do_mremap(unsigned long ad
49576 if (!new_len)
49577 goto out;
49578
49579+#ifdef CONFIG_PAX_SEGMEXEC
49580+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
49581+ pax_task_size = SEGMEXEC_TASK_SIZE;
49582+#endif
49583+
49584+ if (new_len > pax_task_size || addr > pax_task_size-new_len ||
49585+ old_len > pax_task_size || addr > pax_task_size-old_len)
49586+ goto out;
49587+
49588 if (flags & MREMAP_FIXED) {
49589 if (flags & MREMAP_MAYMOVE)
49590 ret = mremap_to(addr, old_len, new_addr, new_len);
49591@@ -471,6 +495,7 @@ unsigned long do_mremap(unsigned long ad
49592 addr + new_len);
49593 }
49594 ret = addr;
49595+ track_exec_limit(vma->vm_mm, vma->vm_start, addr + new_len, vma->vm_flags);
49596 goto out;
49597 }
49598 }
49599@@ -497,7 +522,13 @@ unsigned long do_mremap(unsigned long ad
49600 ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1);
49601 if (ret)
49602 goto out;
49603+
49604+ map_flags = vma->vm_flags;
49605 ret = move_vma(vma, addr, old_len, new_len, new_addr);
49606+ if (!(ret & ~PAGE_MASK)) {
49607+ track_exec_limit(current->mm, addr, addr + old_len, 0UL);
49608+ track_exec_limit(current->mm, new_addr, new_addr + new_len, map_flags);
49609+ }
49610 }
49611 out:
49612 if (ret & ~PAGE_MASK)
49613diff -urNp linux-2.6.32.8/mm/nommu.c linux-2.6.32.8/mm/nommu.c
49614--- linux-2.6.32.8/mm/nommu.c 2010-02-09 07:57:19.000000000 -0500
49615+++ linux-2.6.32.8/mm/nommu.c 2010-02-13 21:45:10.859009520 -0500
49616@@ -758,15 +758,6 @@ struct vm_area_struct *find_vma(struct m
49617 EXPORT_SYMBOL(find_vma);
49618
49619 /*
49620- * find a VMA
49621- * - we don't extend stack VMAs under NOMMU conditions
49622- */
49623-struct vm_area_struct *find_extend_vma(struct mm_struct *mm, unsigned long addr)
49624-{
49625- return find_vma(mm, addr);
49626-}
49627-
49628-/*
49629 * expand a stack to a given address
49630 * - not supported under NOMMU conditions
49631 */
49632diff -urNp linux-2.6.32.8/mm/page_alloc.c linux-2.6.32.8/mm/page_alloc.c
49633--- linux-2.6.32.8/mm/page_alloc.c 2010-02-09 07:57:19.000000000 -0500
49634+++ linux-2.6.32.8/mm/page_alloc.c 2010-02-13 21:45:10.860010936 -0500
49635@@ -586,6 +586,10 @@ static void __free_pages_ok(struct page
49636 int bad = 0;
49637 int wasMlocked = __TestClearPageMlocked(page);
49638
49639+#ifdef CONFIG_PAX_MEMORY_SANITIZE
49640+ unsigned long index = 1UL << order;
49641+#endif
49642+
49643 kmemcheck_free_shadow(page, order);
49644
49645 for (i = 0 ; i < (1 << order) ; ++i)
49646@@ -598,6 +602,12 @@ static void __free_pages_ok(struct page
49647 debug_check_no_obj_freed(page_address(page),
49648 PAGE_SIZE << order);
49649 }
49650+
49651+#ifdef CONFIG_PAX_MEMORY_SANITIZE
49652+ for (; index; --index)
49653+ sanitize_highpage(page + index - 1);
49654+#endif
49655+
49656 arch_free_page(page, order);
49657 kernel_map_pages(page, 1 << order, 0);
49658
49659@@ -701,8 +711,10 @@ static int prep_new_page(struct page *pa
49660 arch_alloc_page(page, order);
49661 kernel_map_pages(page, 1 << order, 1);
49662
49663+#ifndef CONFIG_PAX_MEMORY_SANITIZE
49664 if (gfp_flags & __GFP_ZERO)
49665 prep_zero_page(page, order, gfp_flags);
49666+#endif
49667
49668 if (order && (gfp_flags & __GFP_COMP))
49669 prep_compound_page(page, order);
49670@@ -1096,6 +1108,11 @@ static void free_hot_cold_page(struct pa
49671 debug_check_no_locks_freed(page_address(page), PAGE_SIZE);
49672 debug_check_no_obj_freed(page_address(page), PAGE_SIZE);
49673 }
49674+
49675+#ifdef CONFIG_PAX_MEMORY_SANITIZE
49676+ sanitize_highpage(page);
49677+#endif
49678+
49679 arch_free_page(page, 0);
49680 kernel_map_pages(page, 1, 0);
49681
49682diff -urNp linux-2.6.32.8/mm/percpu.c linux-2.6.32.8/mm/percpu.c
49683--- linux-2.6.32.8/mm/percpu.c 2010-02-09 07:57:19.000000000 -0500
49684+++ linux-2.6.32.8/mm/percpu.c 2010-02-13 21:45:10.860010936 -0500
49685@@ -115,7 +115,7 @@ static unsigned int pcpu_first_unit_cpu
49686 static unsigned int pcpu_last_unit_cpu __read_mostly;
49687
49688 /* the address of the first chunk which starts with the kernel static area */
49689-void *pcpu_base_addr __read_mostly;
49690+void *pcpu_base_addr __read_only;
49691 EXPORT_SYMBOL_GPL(pcpu_base_addr);
49692
49693 static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */
49694diff -urNp linux-2.6.32.8/mm/rmap.c linux-2.6.32.8/mm/rmap.c
49695--- linux-2.6.32.8/mm/rmap.c 2010-02-09 07:57:19.000000000 -0500
49696+++ linux-2.6.32.8/mm/rmap.c 2010-02-13 21:45:10.860931119 -0500
49697@@ -108,6 +108,10 @@ int anon_vma_prepare(struct vm_area_stru
49698 struct mm_struct *mm = vma->vm_mm;
49699 struct anon_vma *allocated;
49700
49701+#ifdef CONFIG_PAX_SEGMEXEC
49702+ struct vm_area_struct *vma_m;
49703+#endif
49704+
49705 anon_vma = find_mergeable_anon_vma(vma);
49706 allocated = NULL;
49707 if (!anon_vma) {
49708@@ -121,6 +125,15 @@ int anon_vma_prepare(struct vm_area_stru
49709 /* page_table_lock to protect against threads */
49710 spin_lock(&mm->page_table_lock);
49711 if (likely(!vma->anon_vma)) {
49712+
49713+#ifdef CONFIG_PAX_SEGMEXEC
49714+ vma_m = pax_find_mirror_vma(vma);
49715+ if (vma_m) {
49716+ vma_m->anon_vma = anon_vma;
49717+ __anon_vma_link(vma_m);
49718+ }
49719+#endif
49720+
49721 vma->anon_vma = anon_vma;
49722 list_add_tail(&vma->anon_vma_node, &anon_vma->head);
49723 allocated = NULL;
49724diff -urNp linux-2.6.32.8/mm/shmem.c linux-2.6.32.8/mm/shmem.c
49725--- linux-2.6.32.8/mm/shmem.c 2010-02-09 07:57:19.000000000 -0500
49726+++ linux-2.6.32.8/mm/shmem.c 2010-02-13 21:45:10.860931119 -0500
49727@@ -31,7 +31,7 @@
49728 #include <linux/swap.h>
49729 #include <linux/ima.h>
49730
49731-static struct vfsmount *shm_mnt;
49732+struct vfsmount *shm_mnt;
49733
49734 #ifdef CONFIG_SHMEM
49735 /*
49736diff -urNp linux-2.6.32.8/mm/slab.c linux-2.6.32.8/mm/slab.c
49737--- linux-2.6.32.8/mm/slab.c 2010-02-09 07:57:19.000000000 -0500
49738+++ linux-2.6.32.8/mm/slab.c 2010-02-13 21:45:10.862011691 -0500
49739@@ -308,7 +308,7 @@ struct kmem_list3 {
49740 * Need this for bootstrapping a per node allocator.
49741 */
49742 #define NUM_INIT_LISTS (3 * MAX_NUMNODES)
49743-struct kmem_list3 __initdata initkmem_list3[NUM_INIT_LISTS];
49744+struct kmem_list3 initkmem_list3[NUM_INIT_LISTS];
49745 #define CACHE_CACHE 0
49746 #define SIZE_AC MAX_NUMNODES
49747 #define SIZE_L3 (2 * MAX_NUMNODES)
49748@@ -558,7 +558,7 @@ static inline void *index_to_obj(struct
49749 * reciprocal_divide(offset, cache->reciprocal_buffer_size)
49750 */
49751 static inline unsigned int obj_to_index(const struct kmem_cache *cache,
49752- const struct slab *slab, void *obj)
49753+ const struct slab *slab, const void *obj)
49754 {
49755 u32 offset = (obj - slab->s_mem);
49756 return reciprocal_divide(offset, cache->reciprocal_buffer_size);
49757@@ -584,14 +584,14 @@ struct cache_names {
49758 static struct cache_names __initdata cache_names[] = {
49759 #define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" },
49760 #include <linux/kmalloc_sizes.h>
49761- {NULL,}
49762+ {NULL, NULL}
49763 #undef CACHE
49764 };
49765
49766 static struct arraycache_init initarray_cache __initdata =
49767- { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
49768+ { {0, BOOT_CPUCACHE_ENTRIES, 1, 0}, {NULL} };
49769 static struct arraycache_init initarray_generic =
49770- { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
49771+ { {0, BOOT_CPUCACHE_ENTRIES, 1, 0}, {NULL} };
49772
49773 /* internal cache of cache description objs */
49774 static struct kmem_cache cache_cache = {
49775@@ -4084,7 +4084,7 @@ out:
49776 schedule_delayed_work(work, round_jiffies_relative(REAPTIMEOUT_CPUC));
49777 }
49778
49779-#ifdef CONFIG_SLABINFO
49780+#if defined(CONFIG_SLABINFO) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
49781
49782 static void print_slabinfo_header(struct seq_file *m)
49783 {
49784@@ -4482,6 +4482,51 @@ static int __init slab_proc_init(void)
49785 module_init(slab_proc_init);
49786 #endif
49787
49788+void check_object_size(const void *ptr, unsigned long n, bool to)
49789+{
49790+
49791+#ifdef CONFIG_PAX_USERCOPY
49792+ struct kmem_cache *cachep;
49793+ struct slab *slabp;
49794+ struct page *page;
49795+ unsigned int objnr;
49796+ unsigned long offset;
49797+
49798+ if (!n)
49799+ return;
49800+
49801+ if (ZERO_OR_NULL_PTR(ptr))
49802+ goto report;
49803+
49804+ if (!virt_addr_valid(ptr))
49805+ return;
49806+
49807+ page = virt_to_head_page(ptr);
49808+
49809+ if (!PageSlab(page)) {
49810+ if (object_is_on_stack(ptr, n) == -1)
49811+ goto report;
49812+ return;
49813+ }
49814+
49815+ cachep = page_get_cache(page);
49816+ slabp = page_get_slab(page);
49817+ objnr = obj_to_index(cachep, slabp, ptr);
49818+ BUG_ON(objnr >= cachep->num);
49819+ offset = ptr - index_to_obj(cachep, slabp, objnr) - obj_offset(cachep);
49820+ if (offset <= obj_size(cachep) && n <= obj_size(cachep) - offset)
49821+ return;
49822+
49823+report:
49824+ if (to)
49825+ pax_report_leak_to_user(ptr, n);
49826+ else
49827+ pax_report_overflow_from_user(ptr, n);
49828+#endif
49829+
49830+}
49831+EXPORT_SYMBOL(check_object_size);
49832+
49833 /**
49834 * ksize - get the actual amount of memory allocated for a given object
49835 * @objp: Pointer to the object
49836diff -urNp linux-2.6.32.8/mm/slob.c linux-2.6.32.8/mm/slob.c
49837--- linux-2.6.32.8/mm/slob.c 2010-02-09 07:57:19.000000000 -0500
49838+++ linux-2.6.32.8/mm/slob.c 2010-02-13 21:45:10.862011691 -0500
49839@@ -29,7 +29,7 @@
49840 * If kmalloc is asked for objects of PAGE_SIZE or larger, it calls
49841 * alloc_pages() directly, allocating compound pages so the page order
49842 * does not have to be separately tracked, and also stores the exact
49843- * allocation size in page->private so that it can be used to accurately
49844+ * allocation size in slob_page->size so that it can be used to accurately
49845 * provide ksize(). These objects are detected in kfree() because slob_page()
49846 * is false for them.
49847 *
49848@@ -58,6 +58,7 @@
49849 */
49850
49851 #include <linux/kernel.h>
49852+#include <linux/sched.h>
49853 #include <linux/slab.h>
49854 #include <linux/mm.h>
49855 #include <linux/swap.h> /* struct reclaim_state */
49856@@ -100,7 +101,8 @@ struct slob_page {
49857 unsigned long flags; /* mandatory */
49858 atomic_t _count; /* mandatory */
49859 slobidx_t units; /* free units left in page */
49860- unsigned long pad[2];
49861+ unsigned long pad[1];
49862+ unsigned long size; /* size when >=PAGE_SIZE */
49863 slob_t *free; /* first free slob_t in page */
49864 struct list_head list; /* linked list of free pages */
49865 };
49866@@ -133,7 +135,7 @@ static LIST_HEAD(free_slob_large);
49867 */
49868 static inline int is_slob_page(struct slob_page *sp)
49869 {
49870- return PageSlab((struct page *)sp);
49871+ return PageSlab((struct page *)sp) && !sp->size;
49872 }
49873
49874 static inline void set_slob_page(struct slob_page *sp)
49875@@ -148,7 +150,7 @@ static inline void clear_slob_page(struc
49876
49877 static inline struct slob_page *slob_page(const void *addr)
49878 {
49879- return (struct slob_page *)virt_to_page(addr);
49880+ return (struct slob_page *)virt_to_head_page(addr);
49881 }
49882
49883 /*
49884@@ -208,7 +210,7 @@ static void set_slob(slob_t *s, slobidx_
49885 /*
49886 * Return the size of a slob block.
49887 */
49888-static slobidx_t slob_units(slob_t *s)
49889+static slobidx_t slob_units(const slob_t *s)
49890 {
49891 if (s->units > 0)
49892 return s->units;
49893@@ -218,7 +220,7 @@ static slobidx_t slob_units(slob_t *s)
49894 /*
49895 * Return the next free slob block pointer after this one.
49896 */
49897-static slob_t *slob_next(slob_t *s)
49898+static slob_t *slob_next(const slob_t *s)
49899 {
49900 slob_t *base = (slob_t *)((unsigned long)s & PAGE_MASK);
49901 slobidx_t next;
49902@@ -233,7 +235,7 @@ static slob_t *slob_next(slob_t *s)
49903 /*
49904 * Returns true if s is the last free block in its page.
49905 */
49906-static int slob_last(slob_t *s)
49907+static int slob_last(const slob_t *s)
49908 {
49909 return !((unsigned long)slob_next(s) & ~PAGE_MASK);
49910 }
49911@@ -252,6 +254,7 @@ static void *slob_new_pages(gfp_t gfp, i
49912 if (!page)
49913 return NULL;
49914
49915+ set_slob_page(page);
49916 return page_address(page);
49917 }
49918
49919@@ -368,11 +371,11 @@ static void *slob_alloc(size_t size, gfp
49920 if (!b)
49921 return NULL;
49922 sp = slob_page(b);
49923- set_slob_page(sp);
49924
49925 spin_lock_irqsave(&slob_lock, flags);
49926 sp->units = SLOB_UNITS(PAGE_SIZE);
49927 sp->free = b;
49928+ sp->size = 0;
49929 INIT_LIST_HEAD(&sp->list);
49930 set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE));
49931 set_slob_page_free(sp, slob_list);
49932@@ -475,10 +478,9 @@ out:
49933 #define ARCH_SLAB_MINALIGN __alignof__(unsigned long)
49934 #endif
49935
49936-void *__kmalloc_node(size_t size, gfp_t gfp, int node)
49937+static void *__kmalloc_node_align(size_t size, gfp_t gfp, int node, int align)
49938 {
49939- unsigned int *m;
49940- int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
49941+ slob_t *m;
49942 void *ret;
49943
49944 lockdep_trace_alloc(gfp);
49945@@ -491,7 +493,10 @@ void *__kmalloc_node(size_t size, gfp_t
49946
49947 if (!m)
49948 return NULL;
49949- *m = size;
49950+ BUILD_BUG_ON(ARCH_KMALLOC_MINALIGN < 2 * SLOB_UNIT);
49951+ BUILD_BUG_ON(ARCH_SLAB_MINALIGN < 2 * SLOB_UNIT);
49952+ m[0].units = size;
49953+ m[1].units = align;
49954 ret = (void *)m + align;
49955
49956 trace_kmalloc_node(_RET_IP_, ret,
49957@@ -501,9 +506,9 @@ void *__kmalloc_node(size_t size, gfp_t
49958
49959 ret = slob_new_pages(gfp | __GFP_COMP, get_order(size), node);
49960 if (ret) {
49961- struct page *page;
49962- page = virt_to_page(ret);
49963- page->private = size;
49964+ struct slob_page *sp;
49965+ sp = slob_page(ret);
49966+ sp->size = size;
49967 }
49968
49969 trace_kmalloc_node(_RET_IP_, ret,
49970@@ -513,6 +518,13 @@ void *__kmalloc_node(size_t size, gfp_t
49971 kmemleak_alloc(ret, size, 1, gfp);
49972 return ret;
49973 }
49974+
49975+void *__kmalloc_node(size_t size, gfp_t gfp, int node)
49976+{
49977+ int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
49978+
49979+ return __kmalloc_node_align(size, gfp, node, align);
49980+}
49981 EXPORT_SYMBOL(__kmalloc_node);
49982
49983 void kfree(const void *block)
49984@@ -528,13 +540,84 @@ void kfree(const void *block)
49985 sp = slob_page(block);
49986 if (is_slob_page(sp)) {
49987 int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
49988- unsigned int *m = (unsigned int *)(block - align);
49989- slob_free(m, *m + align);
49990- } else
49991+ slob_t *m = (slob_t *)(block - align);
49992+ slob_free(m, m[0].units + align);
49993+ } else {
49994+ clear_slob_page(sp);
49995+ free_slob_page(sp);
49996+ sp->size = 0;
49997 put_page(&sp->page);
49998+ }
49999 }
50000 EXPORT_SYMBOL(kfree);
50001
50002+void check_object_size(const void *ptr, unsigned long n, bool to)
50003+{
50004+
50005+#ifdef CONFIG_PAX_USERCOPY
50006+ struct slob_page *sp;
50007+ const slob_t *free;
50008+ const void *base;
50009+
50010+ if (!n)
50011+ return;
50012+
50013+ if (ZERO_OR_NULL_PTR(ptr))
50014+ goto report;
50015+
50016+ if (!virt_addr_valid(ptr))
50017+ return;
50018+
50019+ sp = slob_page(ptr);
50020+ if (!PageSlab((struct page*)sp)) {
50021+ if (object_is_on_stack(ptr, n) == -1)
50022+ goto report;
50023+ return;
50024+ }
50025+
50026+ if (sp->size) {
50027+ base = page_address(&sp->page);
50028+ if (base <= ptr && n <= sp->size - (ptr - base))
50029+ return;
50030+ goto report;
50031+ }
50032+
50033+ /* some tricky double walking to find the chunk */
50034+ base = (void *)((unsigned long)ptr & PAGE_MASK);
50035+ free = sp->free;
50036+
50037+ while (!slob_last(free) && (void *)free <= ptr) {
50038+ base = free + slob_units(free);
50039+ free = slob_next(free);
50040+ }
50041+
50042+ while (base < (void *)free) {
50043+ slobidx_t m = ((slob_t *)base)[0].units, align = ((slob_t *)base)[1].units;
50044+ int size = SLOB_UNIT * SLOB_UNITS(m + align);
50045+ int offset;
50046+
50047+ if (ptr < base + align)
50048+ goto report;
50049+
50050+ offset = ptr - base - align;
50051+ if (offset < m) {
50052+ if (n <= m - offset)
50053+ return;
50054+ goto report;
50055+ }
50056+ base += size;
50057+ }
50058+
50059+report:
50060+ if (to)
50061+ pax_report_leak_to_user(ptr, n);
50062+ else
50063+ pax_report_overflow_from_user(ptr, n);
50064+#endif
50065+
50066+}
50067+EXPORT_SYMBOL(check_object_size);
50068+
50069 /* can't use ksize for kmem_cache_alloc memory, only kmalloc */
50070 size_t ksize(const void *block)
50071 {
50072@@ -547,10 +630,10 @@ size_t ksize(const void *block)
50073 sp = slob_page(block);
50074 if (is_slob_page(sp)) {
50075 int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
50076- unsigned int *m = (unsigned int *)(block - align);
50077- return SLOB_UNITS(*m) * SLOB_UNIT;
50078+ slob_t *m = (slob_t *)(block - align);
50079+ return SLOB_UNITS(m[0].units) * SLOB_UNIT;
50080 } else
50081- return sp->page.private;
50082+ return sp->size;
50083 }
50084 EXPORT_SYMBOL(ksize);
50085
50086@@ -605,17 +688,25 @@ void *kmem_cache_alloc_node(struct kmem_
50087 {
50088 void *b;
50089
50090+#ifdef CONFIG_PAX_USERCOPY
50091+ b = __kmalloc_node_align(c->size, flags, node, c->align);
50092+#else
50093 if (c->size < PAGE_SIZE) {
50094 b = slob_alloc(c->size, flags, c->align, node);
50095 trace_kmem_cache_alloc_node(_RET_IP_, b, c->size,
50096 SLOB_UNITS(c->size) * SLOB_UNIT,
50097 flags, node);
50098 } else {
50099+ struct slob_page *sp;
50100+
50101 b = slob_new_pages(flags, get_order(c->size), node);
50102+ sp = slob_page(b);
50103+ sp->size = c->size;
50104 trace_kmem_cache_alloc_node(_RET_IP_, b, c->size,
50105 PAGE_SIZE << get_order(c->size),
50106 flags, node);
50107 }
50108+#endif
50109
50110 if (c->ctor)
50111 c->ctor(b);
50112@@ -627,10 +718,16 @@ EXPORT_SYMBOL(kmem_cache_alloc_node);
50113
50114 static void __kmem_cache_free(void *b, int size)
50115 {
50116- if (size < PAGE_SIZE)
50117+ struct slob_page *sp = slob_page(b);
50118+
50119+ if (is_slob_page(sp))
50120 slob_free(b, size);
50121- else
50122+ else {
50123+ clear_slob_page(sp);
50124+ free_slob_page(sp);
50125+ sp->size = 0;
50126 slob_free_pages(b, get_order(size));
50127+ }
50128 }
50129
50130 static void kmem_rcu_free(struct rcu_head *head)
50131@@ -643,15 +740,24 @@ static void kmem_rcu_free(struct rcu_hea
50132
50133 void kmem_cache_free(struct kmem_cache *c, void *b)
50134 {
50135+ int size = c->size;
50136+
50137+#ifdef CONFIG_PAX_USERCOPY
50138+ if (size + c->align < PAGE_SIZE) {
50139+ size += c->align;
50140+ b -= c->align;
50141+ }
50142+#endif
50143+
50144 kmemleak_free_recursive(b, c->flags);
50145 if (unlikely(c->flags & SLAB_DESTROY_BY_RCU)) {
50146 struct slob_rcu *slob_rcu;
50147- slob_rcu = b + (c->size - sizeof(struct slob_rcu));
50148+ slob_rcu = b + (size - sizeof(struct slob_rcu));
50149 INIT_RCU_HEAD(&slob_rcu->head);
50150- slob_rcu->size = c->size;
50151+ slob_rcu->size = size;
50152 call_rcu(&slob_rcu->head, kmem_rcu_free);
50153 } else {
50154- __kmem_cache_free(b, c->size);
50155+ __kmem_cache_free(b, size);
50156 }
50157
50158 trace_kmem_cache_free(_RET_IP_, b);
50159diff -urNp linux-2.6.32.8/mm/slub.c linux-2.6.32.8/mm/slub.c
50160--- linux-2.6.32.8/mm/slub.c 2010-02-09 07:57:19.000000000 -0500
50161+++ linux-2.6.32.8/mm/slub.c 2010-02-13 21:53:12.351590932 -0500
50162@@ -1893,6 +1893,8 @@ void kmem_cache_free(struct kmem_cache *
50163
50164 page = virt_to_head_page(x);
50165
50166+ BUG_ON(!PageSlab(page));
50167+
50168 slab_free(s, page, x, _RET_IP_);
50169
50170 trace_kmem_cache_free(_RET_IP_, x);
50171@@ -1937,7 +1939,7 @@ static int slub_min_objects;
50172 * Merge control. If this is set then no merging of slab caches will occur.
50173 * (Could be removed. This was introduced to pacify the merge skeptics.)
50174 */
50175-static int slub_nomerge;
50176+static int slub_nomerge = 1;
50177
50178 /*
50179 * Calculate the order of allocation given an slab object size.
50180@@ -2493,7 +2495,7 @@ static int kmem_cache_open(struct kmem_c
50181 * list to avoid pounding the page allocator excessively.
50182 */
50183 set_min_partial(s, ilog2(s->size));
50184- s->refcount = 1;
50185+ atomic_set(&s->refcount, 1);
50186 #ifdef CONFIG_NUMA
50187 s->remote_node_defrag_ratio = 1000;
50188 #endif
50189@@ -2630,8 +2632,7 @@ static inline int kmem_cache_close(struc
50190 void kmem_cache_destroy(struct kmem_cache *s)
50191 {
50192 down_write(&slub_lock);
50193- s->refcount--;
50194- if (!s->refcount) {
50195+ if (atomic_dec_and_test(&s->refcount)) {
50196 list_del(&s->list);
50197 up_write(&slub_lock);
50198 if (kmem_cache_close(s)) {
50199@@ -2915,6 +2916,46 @@ void *__kmalloc_node(size_t size, gfp_t
50200 EXPORT_SYMBOL(__kmalloc_node);
50201 #endif
50202
50203+void check_object_size(const void *ptr, unsigned long n, bool to)
50204+{
50205+
50206+#ifdef CONFIG_PAX_USERCOPY
50207+ struct page *page;
50208+ struct kmem_cache *s;
50209+ unsigned long offset;
50210+
50211+ if (!n)
50212+ return;
50213+
50214+ if (ZERO_OR_NULL_PTR(ptr))
50215+ goto report;
50216+
50217+ if (!virt_addr_valid(ptr))
50218+ return;
50219+
50220+ page = get_object_page(ptr);
50221+
50222+ if (!page) {
50223+ if (object_is_on_stack(ptr, n) == -1)
50224+ goto report;
50225+ return;
50226+ }
50227+
50228+ s = page->slab;
50229+ offset = (ptr - page_address(page)) % s->size;
50230+ if (offset <= s->objsize && n <= s->objsize - offset)
50231+ return;
50232+
50233+report:
50234+ if (to)
50235+ pax_report_leak_to_user(ptr, n);
50236+ else
50237+ pax_report_overflow_from_user(ptr, n);
50238+#endif
50239+
50240+}
50241+EXPORT_SYMBOL(check_object_size);
50242+
50243 size_t ksize(const void *object)
50244 {
50245 struct page *page;
50246@@ -3186,7 +3227,7 @@ void __init kmem_cache_init(void)
50247 */
50248 create_kmalloc_cache(&kmalloc_caches[0], "kmem_cache_node",
50249 sizeof(struct kmem_cache_node), GFP_NOWAIT);
50250- kmalloc_caches[0].refcount = -1;
50251+ atomic_set(&kmalloc_caches[0].refcount, -1);
50252 caches++;
50253
50254 hotplug_memory_notifier(slab_memory_callback, SLAB_CALLBACK_PRI);
50255@@ -3293,7 +3334,7 @@ static int slab_unmergeable(struct kmem_
50256 /*
50257 * We may have set a slab to be unmergeable during bootstrap.
50258 */
50259- if (s->refcount < 0)
50260+ if (atomic_read(&s->refcount) < 0)
50261 return 1;
50262
50263 return 0;
50264@@ -3353,7 +3394,7 @@ struct kmem_cache *kmem_cache_create(con
50265 if (s) {
50266 int cpu;
50267
50268- s->refcount++;
50269+ atomic_inc(&s->refcount);
50270 /*
50271 * Adjust the object sizes so that we clear
50272 * the complete object on kzalloc.
50273@@ -3372,7 +3413,7 @@ struct kmem_cache *kmem_cache_create(con
50274
50275 if (sysfs_slab_alias(s, name)) {
50276 down_write(&slub_lock);
50277- s->refcount--;
50278+ atomic_dec(&s->refcount);
50279 up_write(&slub_lock);
50280 goto err;
50281 }
50282@@ -4101,7 +4142,7 @@ SLAB_ATTR_RO(ctor);
50283
50284 static ssize_t aliases_show(struct kmem_cache *s, char *buf)
50285 {
50286- return sprintf(buf, "%d\n", s->refcount - 1);
50287+ return sprintf(buf, "%d\n", atomic_read(&s->refcount) - 1);
50288 }
50289 SLAB_ATTR_RO(aliases);
50290
50291@@ -4503,7 +4544,7 @@ static void kmem_cache_release(struct ko
50292 kfree(s);
50293 }
50294
50295-static struct sysfs_ops slab_sysfs_ops = {
50296+static const struct sysfs_ops slab_sysfs_ops = {
50297 .show = slab_attr_show,
50298 .store = slab_attr_store,
50299 };
50300@@ -4522,7 +4563,7 @@ static int uevent_filter(struct kset *ks
50301 return 0;
50302 }
50303
50304-static struct kset_uevent_ops slab_uevent_ops = {
50305+static const struct kset_uevent_ops slab_uevent_ops = {
50306 .filter = uevent_filter,
50307 };
50308
50309@@ -4696,7 +4737,7 @@ __initcall(slab_sysfs_init);
50310 /*
50311 * The /proc/slabinfo ABI
50312 */
50313-#ifdef CONFIG_SLABINFO
50314+#if defined(CONFIG_SLABINFO) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
50315 static void print_slabinfo_header(struct seq_file *m)
50316 {
50317 seq_puts(m, "slabinfo - version: 2.1\n");
50318diff -urNp linux-2.6.32.8/mm/util.c linux-2.6.32.8/mm/util.c
50319--- linux-2.6.32.8/mm/util.c 2010-02-09 07:57:19.000000000 -0500
50320+++ linux-2.6.32.8/mm/util.c 2010-02-13 21:45:10.863790825 -0500
50321@@ -228,6 +228,12 @@ EXPORT_SYMBOL(strndup_user);
50322 void arch_pick_mmap_layout(struct mm_struct *mm)
50323 {
50324 mm->mmap_base = TASK_UNMAPPED_BASE;
50325+
50326+#ifdef CONFIG_PAX_RANDMMAP
50327+ if (mm->pax_flags & MF_PAX_RANDMMAP)
50328+ mm->mmap_base += mm->delta_mmap;
50329+#endif
50330+
50331 mm->get_unmapped_area = arch_get_unmapped_area;
50332 mm->unmap_area = arch_unmap_area;
50333 }
50334diff -urNp linux-2.6.32.8/mm/vmalloc.c linux-2.6.32.8/mm/vmalloc.c
50335--- linux-2.6.32.8/mm/vmalloc.c 2010-02-09 07:57:19.000000000 -0500
50336+++ linux-2.6.32.8/mm/vmalloc.c 2010-02-13 21:45:10.863790825 -0500
50337@@ -40,8 +40,19 @@ static void vunmap_pte_range(pmd_t *pmd,
50338
50339 pte = pte_offset_kernel(pmd, addr);
50340 do {
50341- pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
50342- WARN_ON(!pte_none(ptent) && !pte_present(ptent));
50343+
50344+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
50345+ if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr < (unsigned long)MODULES_EXEC_END) {
50346+ BUG_ON(!pte_exec(*pte));
50347+ set_pte_at(&init_mm, addr, pte, pfn_pte(__pa(addr) >> PAGE_SHIFT, PAGE_KERNEL_EXEC));
50348+ continue;
50349+ }
50350+#endif
50351+
50352+ {
50353+ pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
50354+ WARN_ON(!pte_none(ptent) && !pte_present(ptent));
50355+ }
50356 } while (pte++, addr += PAGE_SIZE, addr != end);
50357 }
50358
50359@@ -92,6 +103,7 @@ static int vmap_pte_range(pmd_t *pmd, un
50360 unsigned long end, pgprot_t prot, struct page **pages, int *nr)
50361 {
50362 pte_t *pte;
50363+ int ret = -ENOMEM;
50364
50365 /*
50366 * nr is a running index into the array which helps higher level
50367@@ -101,17 +113,30 @@ static int vmap_pte_range(pmd_t *pmd, un
50368 pte = pte_alloc_kernel(pmd, addr);
50369 if (!pte)
50370 return -ENOMEM;
50371+
50372+ pax_open_kernel();
50373 do {
50374 struct page *page = pages[*nr];
50375
50376- if (WARN_ON(!pte_none(*pte)))
50377- return -EBUSY;
50378- if (WARN_ON(!page))
50379- return -ENOMEM;
50380+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
50381+ if (pgprot_val(prot) & _PAGE_NX)
50382+#endif
50383+
50384+ if (WARN_ON(!pte_none(*pte))) {
50385+ ret = -EBUSY;
50386+ goto out;
50387+ }
50388+ if (WARN_ON(!page)) {
50389+ ret = -ENOMEM;
50390+ goto out;
50391+ }
50392 set_pte_at(&init_mm, addr, pte, mk_pte(page, prot));
50393 (*nr)++;
50394 } while (pte++, addr += PAGE_SIZE, addr != end);
50395- return 0;
50396+ ret = 0;
50397+out:
50398+ pax_close_kernel();
50399+ return ret;
50400 }
50401
50402 static int vmap_pmd_range(pud_t *pud, unsigned long addr,
50403@@ -192,11 +217,20 @@ int is_vmalloc_or_module_addr(const void
50404 * and fall back on vmalloc() if that fails. Others
50405 * just put it in the vmalloc space.
50406 */
50407-#if defined(CONFIG_MODULES) && defined(MODULES_VADDR)
50408+#ifdef CONFIG_MODULES
50409+#ifdef MODULES_VADDR
50410 unsigned long addr = (unsigned long)x;
50411 if (addr >= MODULES_VADDR && addr < MODULES_END)
50412 return 1;
50413 #endif
50414+
50415+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
50416+ if (x >= (const void *)MODULES_EXEC_VADDR && x < (const void *)MODULES_EXEC_END)
50417+ return 1;
50418+#endif
50419+
50420+#endif
50421+
50422 return is_vmalloc_addr(x);
50423 }
50424
50425@@ -292,13 +326,13 @@ static void __insert_vmap_area(struct vm
50426 struct rb_node *tmp;
50427
50428 while (*p) {
50429- struct vmap_area *tmp;
50430+ struct vmap_area *varea;
50431
50432 parent = *p;
50433- tmp = rb_entry(parent, struct vmap_area, rb_node);
50434- if (va->va_start < tmp->va_end)
50435+ varea = rb_entry(parent, struct vmap_area, rb_node);
50436+ if (va->va_start < varea->va_end)
50437 p = &(*p)->rb_left;
50438- else if (va->va_end > tmp->va_start)
50439+ else if (va->va_end > varea->va_start)
50440 p = &(*p)->rb_right;
50441 else
50442 BUG();
50443@@ -1223,6 +1257,16 @@ static struct vm_struct *__get_vm_area_n
50444 struct vm_struct *area;
50445
50446 BUG_ON(in_interrupt());
50447+
50448+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
50449+ if (flags & VM_KERNEXEC) {
50450+ if (start != VMALLOC_START || end != VMALLOC_END)
50451+ return NULL;
50452+ start = (unsigned long)&MODULES_EXEC_VADDR;
50453+ end = (unsigned long)&MODULES_EXEC_END;
50454+ }
50455+#endif
50456+
50457 if (flags & VM_IOREMAP) {
50458 int bit = fls(size);
50459
50460@@ -1448,6 +1492,11 @@ void *vmap(struct page **pages, unsigned
50461 if (count > totalram_pages)
50462 return NULL;
50463
50464+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
50465+ if (!(pgprot_val(prot) & _PAGE_NX))
50466+ flags |= VM_KERNEXEC;
50467+#endif
50468+
50469 area = get_vm_area_caller((count << PAGE_SHIFT), flags,
50470 __builtin_return_address(0));
50471 if (!area)
50472@@ -1558,6 +1607,13 @@ static void *__vmalloc_node(unsigned lon
50473 if (!size || (size >> PAGE_SHIFT) > totalram_pages)
50474 return NULL;
50475
50476+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
50477+ if (!(pgprot_val(prot) & _PAGE_NX))
50478+ area = __get_vm_area_node(size, align, VM_ALLOC | VM_KERNEXEC, VMALLOC_START, VMALLOC_END,
50479+ node, gfp_mask, caller);
50480+ else
50481+#endif
50482+
50483 area = __get_vm_area_node(size, align, VM_ALLOC, VMALLOC_START,
50484 VMALLOC_END, node, gfp_mask, caller);
50485
50486@@ -1576,6 +1632,7 @@ static void *__vmalloc_node(unsigned lon
50487 return addr;
50488 }
50489
50490+#undef __vmalloc
50491 void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot)
50492 {
50493 return __vmalloc_node(size, 1, gfp_mask, prot, -1,
50494@@ -1592,6 +1649,7 @@ EXPORT_SYMBOL(__vmalloc);
50495 * For tight control over page level allocator and protection flags
50496 * use __vmalloc() instead.
50497 */
50498+#undef vmalloc
50499 void *vmalloc(unsigned long size)
50500 {
50501 return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL,
50502@@ -1606,6 +1664,7 @@ EXPORT_SYMBOL(vmalloc);
50503 * The resulting memory area is zeroed so it can be mapped to userspace
50504 * without leaking data.
50505 */
50506+#undef vmalloc_user
50507 void *vmalloc_user(unsigned long size)
50508 {
50509 struct vm_struct *area;
50510@@ -1633,6 +1692,7 @@ EXPORT_SYMBOL(vmalloc_user);
50511 * For tight control over page level allocator and protection flags
50512 * use __vmalloc() instead.
50513 */
50514+#undef vmalloc_node
50515 void *vmalloc_node(unsigned long size, int node)
50516 {
50517 return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL,
50518@@ -1655,10 +1715,10 @@ EXPORT_SYMBOL(vmalloc_node);
50519 * For tight control over page level allocator and protection flags
50520 * use __vmalloc() instead.
50521 */
50522-
50523+#undef vmalloc_exec
50524 void *vmalloc_exec(unsigned long size)
50525 {
50526- return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC,
50527+ return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL_EXEC,
50528 -1, __builtin_return_address(0));
50529 }
50530
50531@@ -1677,6 +1737,7 @@ void *vmalloc_exec(unsigned long size)
50532 * Allocate enough 32bit PA addressable pages to cover @size from the
50533 * page level allocator and map them into contiguous kernel virtual space.
50534 */
50535+#undef vmalloc_32
50536 void *vmalloc_32(unsigned long size)
50537 {
50538 return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL,
50539@@ -1691,6 +1752,7 @@ EXPORT_SYMBOL(vmalloc_32);
50540 * The resulting memory area is 32bit addressable and zeroed so it can be
50541 * mapped to userspace without leaking data.
50542 */
50543+#undef vmalloc_32_user
50544 void *vmalloc_32_user(unsigned long size)
50545 {
50546 struct vm_struct *area;
50547diff -urNp linux-2.6.32.8/net/atm/atm_misc.c linux-2.6.32.8/net/atm/atm_misc.c
50548--- linux-2.6.32.8/net/atm/atm_misc.c 2010-02-09 07:57:19.000000000 -0500
50549+++ linux-2.6.32.8/net/atm/atm_misc.c 2010-02-13 21:45:10.863790825 -0500
50550@@ -19,7 +19,7 @@ int atm_charge(struct atm_vcc *vcc,int t
50551 if (atomic_read(&sk_atm(vcc)->sk_rmem_alloc) <= sk_atm(vcc)->sk_rcvbuf)
50552 return 1;
50553 atm_return(vcc,truesize);
50554- atomic_inc(&vcc->stats->rx_drop);
50555+ atomic_inc_unchecked(&vcc->stats->rx_drop);
50556 return 0;
50557 }
50558
50559@@ -41,7 +41,7 @@ struct sk_buff *atm_alloc_charge(struct
50560 }
50561 }
50562 atm_return(vcc,guess);
50563- atomic_inc(&vcc->stats->rx_drop);
50564+ atomic_inc_unchecked(&vcc->stats->rx_drop);
50565 return NULL;
50566 }
50567
50568@@ -88,7 +88,7 @@ int atm_pcr_goal(const struct atm_trafpr
50569
50570 void sonet_copy_stats(struct k_sonet_stats *from,struct sonet_stats *to)
50571 {
50572-#define __HANDLE_ITEM(i) to->i = atomic_read(&from->i)
50573+#define __HANDLE_ITEM(i) to->i = atomic_read_unchecked(&from->i)
50574 __SONET_ITEMS
50575 #undef __HANDLE_ITEM
50576 }
50577@@ -96,7 +96,7 @@ void sonet_copy_stats(struct k_sonet_sta
50578
50579 void sonet_subtract_stats(struct k_sonet_stats *from,struct sonet_stats *to)
50580 {
50581-#define __HANDLE_ITEM(i) atomic_sub(to->i,&from->i)
50582+#define __HANDLE_ITEM(i) atomic_sub_unchecked(to->i,&from->i)
50583 __SONET_ITEMS
50584 #undef __HANDLE_ITEM
50585 }
50586diff -urNp linux-2.6.32.8/net/atm/proc.c linux-2.6.32.8/net/atm/proc.c
50587--- linux-2.6.32.8/net/atm/proc.c 2010-02-09 07:57:19.000000000 -0500
50588+++ linux-2.6.32.8/net/atm/proc.c 2010-02-13 21:45:10.864691981 -0500
50589@@ -43,9 +43,9 @@ static void add_stats(struct seq_file *s
50590 const struct k_atm_aal_stats *stats)
50591 {
50592 seq_printf(seq, "%s ( %d %d %d %d %d )", aal,
50593- atomic_read(&stats->tx),atomic_read(&stats->tx_err),
50594- atomic_read(&stats->rx),atomic_read(&stats->rx_err),
50595- atomic_read(&stats->rx_drop));
50596+ atomic_read_unchecked(&stats->tx),atomic_read_unchecked(&stats->tx_err),
50597+ atomic_read_unchecked(&stats->rx),atomic_read_unchecked(&stats->rx_err),
50598+ atomic_read_unchecked(&stats->rx_drop));
50599 }
50600
50601 static void atm_dev_info(struct seq_file *seq, const struct atm_dev *dev)
50602diff -urNp linux-2.6.32.8/net/atm/resources.c linux-2.6.32.8/net/atm/resources.c
50603--- linux-2.6.32.8/net/atm/resources.c 2010-02-09 07:57:19.000000000 -0500
50604+++ linux-2.6.32.8/net/atm/resources.c 2010-02-13 21:45:10.864691981 -0500
50605@@ -161,7 +161,7 @@ void atm_dev_deregister(struct atm_dev *
50606 static void copy_aal_stats(struct k_atm_aal_stats *from,
50607 struct atm_aal_stats *to)
50608 {
50609-#define __HANDLE_ITEM(i) to->i = atomic_read(&from->i)
50610+#define __HANDLE_ITEM(i) to->i = atomic_read_unchecked(&from->i)
50611 __AAL_STAT_ITEMS
50612 #undef __HANDLE_ITEM
50613 }
50614@@ -170,7 +170,7 @@ static void copy_aal_stats(struct k_atm_
50615 static void subtract_aal_stats(struct k_atm_aal_stats *from,
50616 struct atm_aal_stats *to)
50617 {
50618-#define __HANDLE_ITEM(i) atomic_sub(to->i, &from->i)
50619+#define __HANDLE_ITEM(i) atomic_sub_unchecked(to->i, &from->i)
50620 __AAL_STAT_ITEMS
50621 #undef __HANDLE_ITEM
50622 }
50623diff -urNp linux-2.6.32.8/net/bridge/br_private.h linux-2.6.32.8/net/bridge/br_private.h
50624--- linux-2.6.32.8/net/bridge/br_private.h 2010-02-09 07:57:19.000000000 -0500
50625+++ linux-2.6.32.8/net/bridge/br_private.h 2010-02-13 21:45:10.864691981 -0500
50626@@ -254,7 +254,7 @@ extern void br_ifinfo_notify(int event,
50627
50628 #ifdef CONFIG_SYSFS
50629 /* br_sysfs_if.c */
50630-extern struct sysfs_ops brport_sysfs_ops;
50631+extern const struct sysfs_ops brport_sysfs_ops;
50632 extern int br_sysfs_addif(struct net_bridge_port *p);
50633
50634 /* br_sysfs_br.c */
50635diff -urNp linux-2.6.32.8/net/bridge/br_stp_if.c linux-2.6.32.8/net/bridge/br_stp_if.c
50636--- linux-2.6.32.8/net/bridge/br_stp_if.c 2010-02-09 07:57:19.000000000 -0500
50637+++ linux-2.6.32.8/net/bridge/br_stp_if.c 2010-02-13 21:45:10.864691981 -0500
50638@@ -146,7 +146,7 @@ static void br_stp_stop(struct net_bridg
50639 char *envp[] = { NULL };
50640
50641 if (br->stp_enabled == BR_USER_STP) {
50642- r = call_usermodehelper(BR_STP_PROG, argv, envp, 1);
50643+ r = call_usermodehelper(BR_STP_PROG, argv, envp, UMH_WAIT_PROC);
50644 printk(KERN_INFO "%s: userspace STP stopped, return code %d\n",
50645 br->dev->name, r);
50646
50647diff -urNp linux-2.6.32.8/net/bridge/br_sysfs_if.c linux-2.6.32.8/net/bridge/br_sysfs_if.c
50648--- linux-2.6.32.8/net/bridge/br_sysfs_if.c 2010-02-09 07:57:19.000000000 -0500
50649+++ linux-2.6.32.8/net/bridge/br_sysfs_if.c 2010-02-13 21:45:10.864691981 -0500
50650@@ -220,7 +220,7 @@ static ssize_t brport_store(struct kobje
50651 return ret;
50652 }
50653
50654-struct sysfs_ops brport_sysfs_ops = {
50655+const struct sysfs_ops brport_sysfs_ops = {
50656 .show = brport_show,
50657 .store = brport_store,
50658 };
50659diff -urNp linux-2.6.32.8/net/core/flow.c linux-2.6.32.8/net/core/flow.c
50660--- linux-2.6.32.8/net/core/flow.c 2010-02-09 07:57:19.000000000 -0500
50661+++ linux-2.6.32.8/net/core/flow.c 2010-02-13 21:45:10.864691981 -0500
50662@@ -39,7 +39,7 @@ atomic_t flow_cache_genid = ATOMIC_INIT(
50663
50664 static u32 flow_hash_shift;
50665 #define flow_hash_size (1 << flow_hash_shift)
50666-static DEFINE_PER_CPU(struct flow_cache_entry **, flow_tables) = { NULL };
50667+static DEFINE_PER_CPU(struct flow_cache_entry **, flow_tables);
50668
50669 #define flow_table(cpu) (per_cpu(flow_tables, cpu))
50670
50671@@ -52,7 +52,7 @@ struct flow_percpu_info {
50672 u32 hash_rnd;
50673 int count;
50674 };
50675-static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info) = { 0 };
50676+static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info);
50677
50678 #define flow_hash_rnd_recalc(cpu) \
50679 (per_cpu(flow_hash_info, cpu).hash_rnd_recalc)
50680@@ -69,7 +69,7 @@ struct flow_flush_info {
50681 atomic_t cpuleft;
50682 struct completion completion;
50683 };
50684-static DEFINE_PER_CPU(struct tasklet_struct, flow_flush_tasklets) = { NULL };
50685+static DEFINE_PER_CPU(struct tasklet_struct, flow_flush_tasklets);
50686
50687 #define flow_flush_tasklet(cpu) (&per_cpu(flow_flush_tasklets, cpu))
50688
50689diff -urNp linux-2.6.32.8/net/dccp/ccids/ccid3.c linux-2.6.32.8/net/dccp/ccids/ccid3.c
50690--- linux-2.6.32.8/net/dccp/ccids/ccid3.c 2010-02-09 07:57:19.000000000 -0500
50691+++ linux-2.6.32.8/net/dccp/ccids/ccid3.c 2010-02-13 21:45:10.866010784 -0500
50692@@ -41,7 +41,7 @@
50693 static int ccid3_debug;
50694 #define ccid3_pr_debug(format, a...) DCCP_PR_DEBUG(ccid3_debug, format, ##a)
50695 #else
50696-#define ccid3_pr_debug(format, a...)
50697+#define ccid3_pr_debug(format, a...) do {} while (0)
50698 #endif
50699
50700 /*
50701diff -urNp linux-2.6.32.8/net/dccp/dccp.h linux-2.6.32.8/net/dccp/dccp.h
50702--- linux-2.6.32.8/net/dccp/dccp.h 2010-02-09 07:57:19.000000000 -0500
50703+++ linux-2.6.32.8/net/dccp/dccp.h 2010-02-13 21:45:10.866010784 -0500
50704@@ -44,9 +44,9 @@ extern int dccp_debug;
50705 #define dccp_pr_debug_cat(format, a...) DCCP_PRINTK(dccp_debug, format, ##a)
50706 #define dccp_debug(fmt, a...) dccp_pr_debug_cat(KERN_DEBUG fmt, ##a)
50707 #else
50708-#define dccp_pr_debug(format, a...)
50709-#define dccp_pr_debug_cat(format, a...)
50710-#define dccp_debug(format, a...)
50711+#define dccp_pr_debug(format, a...) do {} while (0)
50712+#define dccp_pr_debug_cat(format, a...) do {} while (0)
50713+#define dccp_debug(format, a...) do {} while (0)
50714 #endif
50715
50716 extern struct inet_hashinfo dccp_hashinfo;
50717diff -urNp linux-2.6.32.8/net/ipv4/inet_hashtables.c linux-2.6.32.8/net/ipv4/inet_hashtables.c
50718--- linux-2.6.32.8/net/ipv4/inet_hashtables.c 2010-02-09 07:57:19.000000000 -0500
50719+++ linux-2.6.32.8/net/ipv4/inet_hashtables.c 2010-02-13 21:45:10.866010784 -0500
50720@@ -18,11 +18,14 @@
50721 #include <linux/sched.h>
50722 #include <linux/slab.h>
50723 #include <linux/wait.h>
50724+#include <linux/security.h>
50725
50726 #include <net/inet_connection_sock.h>
50727 #include <net/inet_hashtables.h>
50728 #include <net/ip.h>
50729
50730+extern void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet);
50731+
50732 /*
50733 * Allocate and initialize a new local port bind bucket.
50734 * The bindhash mutex for snum's hash chain must be held here.
50735@@ -490,6 +493,8 @@ ok:
50736 }
50737 spin_unlock(&head->lock);
50738
50739+ gr_update_task_in_ip_table(current, inet_sk(sk));
50740+
50741 if (tw) {
50742 inet_twsk_deschedule(tw, death_row);
50743 inet_twsk_put(tw);
50744diff -urNp linux-2.6.32.8/net/ipv4/netfilter/nf_nat_snmp_basic.c linux-2.6.32.8/net/ipv4/netfilter/nf_nat_snmp_basic.c
50745--- linux-2.6.32.8/net/ipv4/netfilter/nf_nat_snmp_basic.c 2010-02-09 07:57:19.000000000 -0500
50746+++ linux-2.6.32.8/net/ipv4/netfilter/nf_nat_snmp_basic.c 2010-02-13 21:45:10.866708013 -0500
50747@@ -397,7 +397,7 @@ static unsigned char asn1_octets_decode(
50748
50749 *len = 0;
50750
50751- *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
50752+ *octets = kmalloc((eoc - ctx->pointer), GFP_ATOMIC);
50753 if (*octets == NULL) {
50754 if (net_ratelimit())
50755 printk("OOM in bsalg (%d)\n", __LINE__);
50756diff -urNp linux-2.6.32.8/net/ipv4/tcp_ipv4.c linux-2.6.32.8/net/ipv4/tcp_ipv4.c
50757--- linux-2.6.32.8/net/ipv4/tcp_ipv4.c 2010-02-09 07:57:19.000000000 -0500
50758+++ linux-2.6.32.8/net/ipv4/tcp_ipv4.c 2010-02-13 21:45:10.866708013 -0500
50759@@ -1542,6 +1542,9 @@ int tcp_v4_do_rcv(struct sock *sk, struc
50760 return 0;
50761
50762 reset:
50763+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50764+ if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK))
50765+#endif
50766 tcp_v4_send_reset(rsk, skb);
50767 discard:
50768 kfree_skb(skb);
50769@@ -1650,6 +1653,9 @@ no_tcp_socket:
50770 bad_packet:
50771 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
50772 } else {
50773+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50774+ if (skb->dev->flags & IFF_LOOPBACK)
50775+#endif
50776 tcp_v4_send_reset(NULL, skb);
50777 }
50778
50779diff -urNp linux-2.6.32.8/net/ipv4/tcp_minisocks.c linux-2.6.32.8/net/ipv4/tcp_minisocks.c
50780--- linux-2.6.32.8/net/ipv4/tcp_minisocks.c 2010-02-09 07:57:19.000000000 -0500
50781+++ linux-2.6.32.8/net/ipv4/tcp_minisocks.c 2010-02-13 21:45:10.866708013 -0500
50782@@ -672,8 +672,11 @@ listen_overflow:
50783
50784 embryonic_reset:
50785 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS);
50786+
50787+#ifndef CONFIG_GRKERNSEC_BLACKHOLE
50788 if (!(flg & TCP_FLAG_RST))
50789 req->rsk_ops->send_reset(sk, skb);
50790+#endif
50791
50792 inet_csk_reqsk_queue_drop(sk, req, prev);
50793 return NULL;
50794diff -urNp linux-2.6.32.8/net/ipv4/udp.c linux-2.6.32.8/net/ipv4/udp.c
50795--- linux-2.6.32.8/net/ipv4/udp.c 2010-02-09 07:57:19.000000000 -0500
50796+++ linux-2.6.32.8/net/ipv4/udp.c 2010-02-13 21:45:10.867866359 -0500
50797@@ -86,6 +86,7 @@
50798 #include <linux/types.h>
50799 #include <linux/fcntl.h>
50800 #include <linux/module.h>
50801+#include <linux/security.h>
50802 #include <linux/socket.h>
50803 #include <linux/sockios.h>
50804 #include <linux/igmp.h>
50805@@ -371,6 +372,9 @@ found:
50806 return s;
50807 }
50808
50809+extern int gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb);
50810+extern int gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr);
50811+
50812 /*
50813 * This routine is called by the ICMP module when it gets some
50814 * sort of error condition. If err < 0 then the socket should
50815@@ -639,9 +643,18 @@ int udp_sendmsg(struct kiocb *iocb, stru
50816 dport = usin->sin_port;
50817 if (dport == 0)
50818 return -EINVAL;
50819+
50820+ err = gr_search_udp_sendmsg(sk, usin);
50821+ if (err)
50822+ return err;
50823 } else {
50824 if (sk->sk_state != TCP_ESTABLISHED)
50825 return -EDESTADDRREQ;
50826+
50827+ err = gr_search_udp_sendmsg(sk, NULL);
50828+ if (err)
50829+ return err;
50830+
50831 daddr = inet->daddr;
50832 dport = inet->dport;
50833 /* Open fast path for connected socket.
50834@@ -945,6 +958,10 @@ try_again:
50835 if (!skb)
50836 goto out;
50837
50838+ err = gr_search_udp_recvmsg(sk, skb);
50839+ if (err)
50840+ goto out_free;
50841+
50842 ulen = skb->len - sizeof(struct udphdr);
50843 copied = len;
50844 if (copied > ulen)
50845@@ -1335,6 +1352,9 @@ int __udp4_lib_rcv(struct sk_buff *skb,
50846 goto csum_error;
50847
50848 UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
50849+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50850+ if (skb->dev->flags & IFF_LOOPBACK)
50851+#endif
50852 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
50853
50854 /*
50855diff -urNp linux-2.6.32.8/net/ipv6/exthdrs.c linux-2.6.32.8/net/ipv6/exthdrs.c
50856--- linux-2.6.32.8/net/ipv6/exthdrs.c 2010-02-09 07:57:19.000000000 -0500
50857+++ linux-2.6.32.8/net/ipv6/exthdrs.c 2010-02-13 21:45:10.867866359 -0500
50858@@ -635,7 +635,7 @@ static struct tlvtype_proc tlvprochopopt
50859 .type = IPV6_TLV_JUMBO,
50860 .func = ipv6_hop_jumbo,
50861 },
50862- { -1, }
50863+ { -1, NULL }
50864 };
50865
50866 int ipv6_parse_hopopts(struct sk_buff *skb)
50867diff -urNp linux-2.6.32.8/net/ipv6/raw.c linux-2.6.32.8/net/ipv6/raw.c
50868--- linux-2.6.32.8/net/ipv6/raw.c 2010-02-09 07:57:19.000000000 -0500
50869+++ linux-2.6.32.8/net/ipv6/raw.c 2010-02-13 21:45:10.867866359 -0500
50870@@ -600,7 +600,7 @@ out:
50871 return err;
50872 }
50873
50874-static int rawv6_send_hdrinc(struct sock *sk, void *from, int length,
50875+static int rawv6_send_hdrinc(struct sock *sk, void *from, unsigned int length,
50876 struct flowi *fl, struct rt6_info *rt,
50877 unsigned int flags)
50878 {
50879diff -urNp linux-2.6.32.8/net/ipv6/tcp_ipv6.c linux-2.6.32.8/net/ipv6/tcp_ipv6.c
50880--- linux-2.6.32.8/net/ipv6/tcp_ipv6.c 2010-02-09 07:57:19.000000000 -0500
50881+++ linux-2.6.32.8/net/ipv6/tcp_ipv6.c 2010-02-13 21:45:10.868957557 -0500
50882@@ -1578,6 +1578,9 @@ static int tcp_v6_do_rcv(struct sock *sk
50883 return 0;
50884
50885 reset:
50886+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50887+ if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK))
50888+#endif
50889 tcp_v6_send_reset(sk, skb);
50890 discard:
50891 if (opt_skb)
50892@@ -1700,6 +1703,9 @@ no_tcp_socket:
50893 bad_packet:
50894 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
50895 } else {
50896+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50897+ if (skb->dev->flags & IFF_LOOPBACK)
50898+#endif
50899 tcp_v6_send_reset(NULL, skb);
50900 }
50901
50902diff -urNp linux-2.6.32.8/net/ipv6/udp.c linux-2.6.32.8/net/ipv6/udp.c
50903--- linux-2.6.32.8/net/ipv6/udp.c 2010-02-09 07:57:19.000000000 -0500
50904+++ linux-2.6.32.8/net/ipv6/udp.c 2010-02-13 21:45:10.868957557 -0500
50905@@ -587,6 +587,9 @@ int __udp6_lib_rcv(struct sk_buff *skb,
50906 UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS,
50907 proto == IPPROTO_UDPLITE);
50908
50909+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50910+ if (skb->dev->flags & IFF_LOOPBACK)
50911+#endif
50912 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0, dev);
50913
50914 kfree_skb(skb);
50915diff -urNp linux-2.6.32.8/net/irda/ircomm/ircomm_tty.c linux-2.6.32.8/net/irda/ircomm/ircomm_tty.c
50916--- linux-2.6.32.8/net/irda/ircomm/ircomm_tty.c 2010-02-09 07:57:19.000000000 -0500
50917+++ linux-2.6.32.8/net/irda/ircomm/ircomm_tty.c 2010-02-13 21:45:10.868957557 -0500
50918@@ -280,16 +280,16 @@ static int ircomm_tty_block_til_ready(st
50919 add_wait_queue(&self->open_wait, &wait);
50920
50921 IRDA_DEBUG(2, "%s(%d):block_til_ready before block on %s open_count=%d\n",
50922- __FILE__,__LINE__, tty->driver->name, self->open_count );
50923+ __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count) );
50924
50925 /* As far as I can see, we protect open_count - Jean II */
50926 spin_lock_irqsave(&self->spinlock, flags);
50927 if (!tty_hung_up_p(filp)) {
50928 extra_count = 1;
50929- self->open_count--;
50930+ atomic_dec(&self->open_count);
50931 }
50932 spin_unlock_irqrestore(&self->spinlock, flags);
50933- self->blocked_open++;
50934+ atomic_inc(&self->blocked_open);
50935
50936 while (1) {
50937 if (tty->termios->c_cflag & CBAUD) {
50938@@ -329,7 +329,7 @@ static int ircomm_tty_block_til_ready(st
50939 }
50940
50941 IRDA_DEBUG(1, "%s(%d):block_til_ready blocking on %s open_count=%d\n",
50942- __FILE__,__LINE__, tty->driver->name, self->open_count );
50943+ __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count) );
50944
50945 schedule();
50946 }
50947@@ -340,13 +340,13 @@ static int ircomm_tty_block_til_ready(st
50948 if (extra_count) {
50949 /* ++ is not atomic, so this should be protected - Jean II */
50950 spin_lock_irqsave(&self->spinlock, flags);
50951- self->open_count++;
50952+ atomic_inc(&self->open_count);
50953 spin_unlock_irqrestore(&self->spinlock, flags);
50954 }
50955- self->blocked_open--;
50956+ atomic_dec(&self->blocked_open);
50957
50958 IRDA_DEBUG(1, "%s(%d):block_til_ready after blocking on %s open_count=%d\n",
50959- __FILE__,__LINE__, tty->driver->name, self->open_count);
50960+ __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count));
50961
50962 if (!retval)
50963 self->flags |= ASYNC_NORMAL_ACTIVE;
50964@@ -415,14 +415,14 @@ static int ircomm_tty_open(struct tty_st
50965 }
50966 /* ++ is not atomic, so this should be protected - Jean II */
50967 spin_lock_irqsave(&self->spinlock, flags);
50968- self->open_count++;
50969+ atomic_inc(&self->open_count);
50970
50971 tty->driver_data = self;
50972 self->tty = tty;
50973 spin_unlock_irqrestore(&self->spinlock, flags);
50974
50975 IRDA_DEBUG(1, "%s(), %s%d, count = %d\n", __func__ , tty->driver->name,
50976- self->line, self->open_count);
50977+ self->line, atomic_read(&self->open_count));
50978
50979 /* Not really used by us, but lets do it anyway */
50980 self->tty->low_latency = (self->flags & ASYNC_LOW_LATENCY) ? 1 : 0;
50981@@ -511,7 +511,7 @@ static void ircomm_tty_close(struct tty_
50982 return;
50983 }
50984
50985- if ((tty->count == 1) && (self->open_count != 1)) {
50986+ if ((tty->count == 1) && (atomic_read(&self->open_count) != 1)) {
50987 /*
50988 * Uh, oh. tty->count is 1, which means that the tty
50989 * structure will be freed. state->count should always
50990@@ -521,16 +521,16 @@ static void ircomm_tty_close(struct tty_
50991 */
50992 IRDA_DEBUG(0, "%s(), bad serial port count; "
50993 "tty->count is 1, state->count is %d\n", __func__ ,
50994- self->open_count);
50995- self->open_count = 1;
50996+ atomic_read(&self->open_count));
50997+ atomic_set(&self->open_count, 1);
50998 }
50999
51000- if (--self->open_count < 0) {
51001+ if (atomic_dec_return(&self->open_count) < 0) {
51002 IRDA_ERROR("%s(), bad serial port count for ttys%d: %d\n",
51003- __func__, self->line, self->open_count);
51004- self->open_count = 0;
51005+ __func__, self->line, atomic_read(&self->open_count));
51006+ atomic_set(&self->open_count, 0);
51007 }
51008- if (self->open_count) {
51009+ if (atomic_read(&self->open_count)) {
51010 spin_unlock_irqrestore(&self->spinlock, flags);
51011
51012 IRDA_DEBUG(0, "%s(), open count > 0\n", __func__ );
51013@@ -562,7 +562,7 @@ static void ircomm_tty_close(struct tty_
51014 tty->closing = 0;
51015 self->tty = NULL;
51016
51017- if (self->blocked_open) {
51018+ if (atomic_read(&self->blocked_open)) {
51019 if (self->close_delay)
51020 schedule_timeout_interruptible(self->close_delay);
51021 wake_up_interruptible(&self->open_wait);
51022@@ -1017,7 +1017,7 @@ static void ircomm_tty_hangup(struct tty
51023 spin_lock_irqsave(&self->spinlock, flags);
51024 self->flags &= ~ASYNC_NORMAL_ACTIVE;
51025 self->tty = NULL;
51026- self->open_count = 0;
51027+ atomic_set(&self->open_count, 0);
51028 spin_unlock_irqrestore(&self->spinlock, flags);
51029
51030 wake_up_interruptible(&self->open_wait);
51031@@ -1369,7 +1369,7 @@ static void ircomm_tty_line_info(struct
51032 seq_putc(m, '\n');
51033
51034 seq_printf(m, "Role: %s\n", self->client ? "client" : "server");
51035- seq_printf(m, "Open count: %d\n", self->open_count);
51036+ seq_printf(m, "Open count: %d\n", atomic_read(&self->open_count));
51037 seq_printf(m, "Max data size: %d\n", self->max_data_size);
51038 seq_printf(m, "Max header size: %d\n", self->max_header_size);
51039
51040diff -urNp linux-2.6.32.8/net/mac80211/ieee80211_i.h linux-2.6.32.8/net/mac80211/ieee80211_i.h
51041--- linux-2.6.32.8/net/mac80211/ieee80211_i.h 2010-02-09 07:57:19.000000000 -0500
51042+++ linux-2.6.32.8/net/mac80211/ieee80211_i.h 2010-02-13 21:45:10.870009419 -0500
51043@@ -634,7 +634,7 @@ struct ieee80211_local {
51044 /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
51045 spinlock_t queue_stop_reason_lock;
51046
51047- int open_count;
51048+ atomic_t open_count;
51049 int monitors, cooked_mntrs;
51050 /* number of interfaces with corresponding FIF_ flags */
51051 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll;
51052diff -urNp linux-2.6.32.8/net/mac80211/iface.c linux-2.6.32.8/net/mac80211/iface.c
51053--- linux-2.6.32.8/net/mac80211/iface.c 2010-02-09 07:57:19.000000000 -0500
51054+++ linux-2.6.32.8/net/mac80211/iface.c 2010-02-13 21:45:10.870556107 -0500
51055@@ -166,7 +166,7 @@ static int ieee80211_open(struct net_dev
51056 break;
51057 }
51058
51059- if (local->open_count == 0) {
51060+ if (atomic_read(&local->open_count) == 0) {
51061 res = drv_start(local);
51062 if (res)
51063 goto err_del_bss;
51064@@ -196,7 +196,7 @@ static int ieee80211_open(struct net_dev
51065 * Validate the MAC address for this device.
51066 */
51067 if (!is_valid_ether_addr(dev->dev_addr)) {
51068- if (!local->open_count)
51069+ if (!atomic_read(&local->open_count))
51070 drv_stop(local);
51071 return -EADDRNOTAVAIL;
51072 }
51073@@ -292,7 +292,7 @@ static int ieee80211_open(struct net_dev
51074
51075 hw_reconf_flags |= __ieee80211_recalc_idle(local);
51076
51077- local->open_count++;
51078+ atomic_inc(&local->open_count);
51079 if (hw_reconf_flags) {
51080 ieee80211_hw_config(local, hw_reconf_flags);
51081 /*
51082@@ -320,7 +320,7 @@ static int ieee80211_open(struct net_dev
51083 err_del_interface:
51084 drv_remove_interface(local, &conf);
51085 err_stop:
51086- if (!local->open_count)
51087+ if (!atomic_read(&local->open_count))
51088 drv_stop(local);
51089 err_del_bss:
51090 sdata->bss = NULL;
51091@@ -420,7 +420,7 @@ static int ieee80211_stop(struct net_dev
51092 WARN_ON(!list_empty(&sdata->u.ap.vlans));
51093 }
51094
51095- local->open_count--;
51096+ atomic_dec(&local->open_count);
51097
51098 switch (sdata->vif.type) {
51099 case NL80211_IFTYPE_AP_VLAN:
51100@@ -526,7 +526,7 @@ static int ieee80211_stop(struct net_dev
51101
51102 ieee80211_recalc_ps(local, -1);
51103
51104- if (local->open_count == 0) {
51105+ if (atomic_read(&local->open_count) == 0) {
51106 ieee80211_clear_tx_pending(local);
51107 ieee80211_stop_device(local);
51108
51109diff -urNp linux-2.6.32.8/net/mac80211/main.c linux-2.6.32.8/net/mac80211/main.c
51110--- linux-2.6.32.8/net/mac80211/main.c 2010-02-09 07:57:19.000000000 -0500
51111+++ linux-2.6.32.8/net/mac80211/main.c 2010-02-13 21:45:10.870556107 -0500
51112@@ -145,7 +145,7 @@ int ieee80211_hw_config(struct ieee80211
51113 local->hw.conf.power_level = power;
51114 }
51115
51116- if (changed && local->open_count) {
51117+ if (changed && atomic_read(&local->open_count)) {
51118 ret = drv_config(local, changed);
51119 /*
51120 * Goal:
51121diff -urNp linux-2.6.32.8/net/mac80211/pm.c linux-2.6.32.8/net/mac80211/pm.c
51122--- linux-2.6.32.8/net/mac80211/pm.c 2010-02-09 07:57:19.000000000 -0500
51123+++ linux-2.6.32.8/net/mac80211/pm.c 2010-02-13 21:45:10.870556107 -0500
51124@@ -107,7 +107,7 @@ int __ieee80211_suspend(struct ieee80211
51125 }
51126
51127 /* stop hardware - this must stop RX */
51128- if (local->open_count)
51129+ if (atomic_read(&local->open_count))
51130 ieee80211_stop_device(local);
51131
51132 local->suspended = true;
51133diff -urNp linux-2.6.32.8/net/mac80211/rate.c linux-2.6.32.8/net/mac80211/rate.c
51134--- linux-2.6.32.8/net/mac80211/rate.c 2010-02-09 07:57:19.000000000 -0500
51135+++ linux-2.6.32.8/net/mac80211/rate.c 2010-02-13 21:45:10.870556107 -0500
51136@@ -287,7 +287,7 @@ int ieee80211_init_rate_ctrl_alg(struct
51137 struct rate_control_ref *ref, *old;
51138
51139 ASSERT_RTNL();
51140- if (local->open_count)
51141+ if (atomic_read(&local->open_count))
51142 return -EBUSY;
51143
51144 ref = rate_control_alloc(name, local);
51145diff -urNp linux-2.6.32.8/net/mac80211/util.c linux-2.6.32.8/net/mac80211/util.c
51146--- linux-2.6.32.8/net/mac80211/util.c 2010-02-09 07:57:19.000000000 -0500
51147+++ linux-2.6.32.8/net/mac80211/util.c 2010-02-13 21:45:10.870556107 -0500
51148@@ -1042,14 +1042,14 @@ int ieee80211_reconfig(struct ieee80211_
51149 local->resuming = true;
51150
51151 /* restart hardware */
51152- if (local->open_count) {
51153+ if (atomic_read(&local->open_count)) {
51154 /*
51155 * Upon resume hardware can sometimes be goofy due to
51156 * various platform / driver / bus issues, so restarting
51157 * the device may at times not work immediately. Propagate
51158 * the error.
51159 */
51160- res = drv_start(local);
51161+ res = drv_start(local);
51162 if (res) {
51163 WARN(local->suspended, "Harware became unavailable "
51164 "upon resume. This is could be a software issue"
51165diff -urNp linux-2.6.32.8/net/sctp/socket.c linux-2.6.32.8/net/sctp/socket.c
51166--- linux-2.6.32.8/net/sctp/socket.c 2010-02-09 07:57:19.000000000 -0500
51167+++ linux-2.6.32.8/net/sctp/socket.c 2010-02-13 21:45:10.871626716 -0500
51168@@ -1482,7 +1482,7 @@ SCTP_STATIC int sctp_sendmsg(struct kioc
51169 struct sctp_sndrcvinfo *sinfo;
51170 struct sctp_initmsg *sinit;
51171 sctp_assoc_t associd = 0;
51172- sctp_cmsgs_t cmsgs = { NULL };
51173+ sctp_cmsgs_t cmsgs = { NULL, NULL };
51174 int err;
51175 sctp_scope_t scope;
51176 long timeo;
51177@@ -5802,7 +5802,6 @@ pp_found:
51178 */
51179 int reuse = sk->sk_reuse;
51180 struct sock *sk2;
51181- struct hlist_node *node;
51182
51183 SCTP_DEBUG_PRINTK("sctp_get_port() found a possible match\n");
51184 if (pp->fastreuse && sk->sk_reuse &&
51185diff -urNp linux-2.6.32.8/net/socket.c linux-2.6.32.8/net/socket.c
51186--- linux-2.6.32.8/net/socket.c 2010-02-09 07:57:19.000000000 -0500
51187+++ linux-2.6.32.8/net/socket.c 2010-02-13 21:45:10.873014270 -0500
51188@@ -87,6 +87,7 @@
51189 #include <linux/wireless.h>
51190 #include <linux/nsproxy.h>
51191 #include <linux/magic.h>
51192+#include <linux/in.h>
51193
51194 #include <asm/uaccess.h>
51195 #include <asm/unistd.h>
51196@@ -97,6 +98,21 @@
51197 #include <net/sock.h>
51198 #include <linux/netfilter.h>
51199
51200+extern void gr_attach_curr_ip(const struct sock *sk);
51201+extern int gr_handle_sock_all(const int family, const int type,
51202+ const int protocol);
51203+extern int gr_handle_sock_server(const struct sockaddr *sck);
51204+extern int gr_handle_sock_server_other(const struct socket *sck);
51205+extern int gr_handle_sock_client(const struct sockaddr *sck);
51206+extern int gr_search_connect(struct socket * sock,
51207+ struct sockaddr_in * addr);
51208+extern int gr_search_bind(struct socket * sock,
51209+ struct sockaddr_in * addr);
51210+extern int gr_search_listen(struct socket * sock);
51211+extern int gr_search_accept(struct socket * sock);
51212+extern int gr_search_socket(const int domain, const int type,
51213+ const int protocol);
51214+
51215 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
51216 static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
51217 unsigned long nr_segs, loff_t pos);
51218@@ -298,7 +314,7 @@ static int sockfs_get_sb(struct file_sys
51219 mnt);
51220 }
51221
51222-static struct vfsmount *sock_mnt __read_mostly;
51223+struct vfsmount *sock_mnt __read_mostly;
51224
51225 static struct file_system_type sock_fs_type = {
51226 .name = "sockfs",
51227@@ -1283,6 +1299,16 @@ SYSCALL_DEFINE3(socket, int, family, int
51228 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
51229 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
51230
51231+ if(!gr_search_socket(family, type, protocol)) {
51232+ retval = -EACCES;
51233+ goto out;
51234+ }
51235+
51236+ if (gr_handle_sock_all(family, type, protocol)) {
51237+ retval = -EACCES;
51238+ goto out;
51239+ }
51240+
51241 retval = sock_create(family, type, protocol, &sock);
51242 if (retval < 0)
51243 goto out;
51244@@ -1415,6 +1441,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct so
51245 if (sock) {
51246 err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address);
51247 if (err >= 0) {
51248+ if (gr_handle_sock_server((struct sockaddr *)&address)) {
51249+ err = -EACCES;
51250+ goto error;
51251+ }
51252+ err = gr_search_bind(sock, (struct sockaddr_in *)&address);
51253+ if (err)
51254+ goto error;
51255+
51256 err = security_socket_bind(sock,
51257 (struct sockaddr *)&address,
51258 addrlen);
51259@@ -1423,6 +1457,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct so
51260 (struct sockaddr *)
51261 &address, addrlen);
51262 }
51263+error:
51264 fput_light(sock->file, fput_needed);
51265 }
51266 return err;
51267@@ -1446,10 +1481,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, ba
51268 if ((unsigned)backlog > somaxconn)
51269 backlog = somaxconn;
51270
51271+ if (gr_handle_sock_server_other(sock)) {
51272+ err = -EPERM;
51273+ goto error;
51274+ }
51275+
51276+ err = gr_search_listen(sock);
51277+ if (err)
51278+ goto error;
51279+
51280 err = security_socket_listen(sock, backlog);
51281 if (!err)
51282 err = sock->ops->listen(sock, backlog);
51283
51284+error:
51285 fput_light(sock->file, fput_needed);
51286 }
51287 return err;
51288@@ -1492,6 +1537,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
51289 newsock->type = sock->type;
51290 newsock->ops = sock->ops;
51291
51292+ if (gr_handle_sock_server_other(sock)) {
51293+ err = -EPERM;
51294+ sock_release(newsock);
51295+ goto out_put;
51296+ }
51297+
51298+ err = gr_search_accept(sock);
51299+ if (err) {
51300+ sock_release(newsock);
51301+ goto out_put;
51302+ }
51303+
51304 /*
51305 * We don't need try_module_get here, as the listening socket (sock)
51306 * has the protocol module (sock->ops->owner) held.
51307@@ -1534,6 +1591,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
51308 fd_install(newfd, newfile);
51309 err = newfd;
51310
51311+ gr_attach_curr_ip(newsock->sk);
51312+
51313 out_put:
51314 fput_light(sock->file, fput_needed);
51315 out:
51316@@ -1571,6 +1630,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct
51317 int, addrlen)
51318 {
51319 struct socket *sock;
51320+ struct sockaddr *sck;
51321 struct sockaddr_storage address;
51322 int err, fput_needed;
51323
51324@@ -1581,6 +1641,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct
51325 if (err < 0)
51326 goto out_put;
51327
51328+ sck = (struct sockaddr *)&address;
51329+
51330+ if (gr_handle_sock_client(sck)) {
51331+ err = -EACCES;
51332+ goto out_put;
51333+ }
51334+
51335+ err = gr_search_connect(sock, (struct sockaddr_in *)sck);
51336+ if (err)
51337+ goto out_put;
51338+
51339 err =
51340 security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
51341 if (err)
51342diff -urNp linux-2.6.32.8/net/sysctl_net.c linux-2.6.32.8/net/sysctl_net.c
51343--- linux-2.6.32.8/net/sysctl_net.c 2010-02-09 07:57:19.000000000 -0500
51344+++ linux-2.6.32.8/net/sysctl_net.c 2010-02-13 21:45:10.873014270 -0500
51345@@ -46,7 +46,7 @@ static int net_ctl_permissions(struct ct
51346 struct ctl_table *table)
51347 {
51348 /* Allow network administrator to have same access as root. */
51349- if (capable(CAP_NET_ADMIN)) {
51350+ if (capable_nolog(CAP_NET_ADMIN)) {
51351 int mode = (table->mode >> 6) & 7;
51352 return (mode << 6) | (mode << 3) | mode;
51353 }
51354diff -urNp linux-2.6.32.8/net/unix/af_unix.c linux-2.6.32.8/net/unix/af_unix.c
51355--- linux-2.6.32.8/net/unix/af_unix.c 2010-02-09 07:57:19.000000000 -0500
51356+++ linux-2.6.32.8/net/unix/af_unix.c 2010-02-13 21:45:10.873014270 -0500
51357@@ -734,6 +734,12 @@ static struct sock *unix_find_other(stru
51358 err = -ECONNREFUSED;
51359 if (!S_ISSOCK(inode->i_mode))
51360 goto put_fail;
51361+
51362+ if (!gr_acl_handle_unix(path.dentry, path.mnt)) {
51363+ err = -EACCES;
51364+ goto put_fail;
51365+ }
51366+
51367 u = unix_find_socket_byinode(net, inode);
51368 if (!u)
51369 goto put_fail;
51370@@ -754,6 +760,13 @@ static struct sock *unix_find_other(stru
51371 if (u) {
51372 struct dentry *dentry;
51373 dentry = unix_sk(u)->dentry;
51374+
51375+ if (!gr_handle_chroot_unix(u->sk_peercred.pid)) {
51376+ err = -EPERM;
51377+ sock_put(u);
51378+ goto fail;
51379+ }
51380+
51381 if (dentry)
51382 touch_atime(unix_sk(u)->mnt, dentry);
51383 } else
51384@@ -839,11 +852,18 @@ static int unix_bind(struct socket *sock
51385 err = security_path_mknod(&nd.path, dentry, mode, 0);
51386 if (err)
51387 goto out_mknod_drop_write;
51388+ if (!gr_acl_handle_mknod(dentry, nd.path.dentry, nd.path.mnt, mode)) {
51389+ err = -EACCES;
51390+ goto out_mknod_drop_write;
51391+ }
51392 err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
51393 out_mknod_drop_write:
51394 mnt_drop_write(nd.path.mnt);
51395 if (err)
51396 goto out_mknod_dput;
51397+
51398+ gr_handle_create(dentry, nd.path.mnt);
51399+
51400 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
51401 dput(nd.path.dentry);
51402 nd.path.dentry = dentry;
51403@@ -861,6 +881,10 @@ out_mknod_drop_write:
51404 goto out_unlock;
51405 }
51406
51407+#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
51408+ sk->sk_peercred.pid = current->pid;
51409+#endif
51410+
51411 list = &unix_socket_table[addr->hash];
51412 } else {
51413 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
51414diff -urNp linux-2.6.32.8/samples/kobject/kset-example.c linux-2.6.32.8/samples/kobject/kset-example.c
51415--- linux-2.6.32.8/samples/kobject/kset-example.c 2010-02-09 07:57:19.000000000 -0500
51416+++ linux-2.6.32.8/samples/kobject/kset-example.c 2010-02-13 21:45:10.874025155 -0500
51417@@ -87,7 +87,7 @@ static ssize_t foo_attr_store(struct kob
51418 }
51419
51420 /* Our custom sysfs_ops that we will associate with our ktype later on */
51421-static struct sysfs_ops foo_sysfs_ops = {
51422+static const struct sysfs_ops foo_sysfs_ops = {
51423 .show = foo_attr_show,
51424 .store = foo_attr_store,
51425 };
51426diff -urNp linux-2.6.32.8/scripts/basic/fixdep.c linux-2.6.32.8/scripts/basic/fixdep.c
51427--- linux-2.6.32.8/scripts/basic/fixdep.c 2010-02-09 07:57:19.000000000 -0500
51428+++ linux-2.6.32.8/scripts/basic/fixdep.c 2010-02-13 21:45:10.874025155 -0500
51429@@ -222,9 +222,9 @@ static void use_config(char *m, int slen
51430
51431 static void parse_config_file(char *map, size_t len)
51432 {
51433- int *end = (int *) (map + len);
51434+ unsigned int *end = (unsigned int *) (map + len);
51435 /* start at +1, so that p can never be < map */
51436- int *m = (int *) map + 1;
51437+ unsigned int *m = (unsigned int *) map + 1;
51438 char *p, *q;
51439
51440 for (; m < end; m++) {
51441@@ -371,7 +371,7 @@ static void print_deps(void)
51442 static void traps(void)
51443 {
51444 static char test[] __attribute__((aligned(sizeof(int)))) = "CONF";
51445- int *p = (int *)test;
51446+ unsigned int *p = (unsigned int *)test;
51447
51448 if (*p != INT_CONF) {
51449 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n",
51450diff -urNp linux-2.6.32.8/scripts/kallsyms.c linux-2.6.32.8/scripts/kallsyms.c
51451--- linux-2.6.32.8/scripts/kallsyms.c 2010-02-09 07:57:19.000000000 -0500
51452+++ linux-2.6.32.8/scripts/kallsyms.c 2010-02-13 21:45:10.874025155 -0500
51453@@ -43,10 +43,10 @@ struct text_range {
51454
51455 static unsigned long long _text;
51456 static struct text_range text_ranges[] = {
51457- { "_stext", "_etext" },
51458- { "_sinittext", "_einittext" },
51459- { "_stext_l1", "_etext_l1" }, /* Blackfin on-chip L1 inst SRAM */
51460- { "_stext_l2", "_etext_l2" }, /* Blackfin on-chip L2 SRAM */
51461+ { "_stext", "_etext", 0, 0 },
51462+ { "_sinittext", "_einittext", 0, 0 },
51463+ { "_stext_l1", "_etext_l1", 0, 0 }, /* Blackfin on-chip L1 inst SRAM */
51464+ { "_stext_l2", "_etext_l2", 0, 0 }, /* Blackfin on-chip L2 SRAM */
51465 };
51466 #define text_range_text (&text_ranges[0])
51467 #define text_range_inittext (&text_ranges[1])
51468diff -urNp linux-2.6.32.8/scripts/mod/file2alias.c linux-2.6.32.8/scripts/mod/file2alias.c
51469--- linux-2.6.32.8/scripts/mod/file2alias.c 2010-02-09 07:57:19.000000000 -0500
51470+++ linux-2.6.32.8/scripts/mod/file2alias.c 2010-02-13 21:45:10.874025155 -0500
51471@@ -72,7 +72,7 @@ static void device_id_check(const char *
51472 unsigned long size, unsigned long id_size,
51473 void *symval)
51474 {
51475- int i;
51476+ unsigned int i;
51477
51478 if (size % id_size || size < id_size) {
51479 if (cross_build != 0)
51480@@ -102,7 +102,7 @@ static void device_id_check(const char *
51481 /* USB is special because the bcdDevice can be matched against a numeric range */
51482 /* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipN" */
51483 static void do_usb_entry(struct usb_device_id *id,
51484- unsigned int bcdDevice_initial, int bcdDevice_initial_digits,
51485+ unsigned int bcdDevice_initial, unsigned int bcdDevice_initial_digits,
51486 unsigned char range_lo, unsigned char range_hi,
51487 struct module *mod)
51488 {
51489@@ -368,7 +368,7 @@ static void do_pnp_device_entry(void *sy
51490 for (i = 0; i < count; i++) {
51491 const char *id = (char *)devs[i].id;
51492 char acpi_id[sizeof(devs[0].id)];
51493- int j;
51494+ unsigned int j;
51495
51496 buf_printf(&mod->dev_table_buf,
51497 "MODULE_ALIAS(\"pnp:d%s*\");\n", id);
51498@@ -398,7 +398,7 @@ static void do_pnp_card_entries(void *sy
51499
51500 for (j = 0; j < PNP_MAX_DEVICES; j++) {
51501 const char *id = (char *)card->devs[j].id;
51502- int i2, j2;
51503+ unsigned int i2, j2;
51504 int dup = 0;
51505
51506 if (!id[0])
51507@@ -424,7 +424,7 @@ static void do_pnp_card_entries(void *sy
51508 /* add an individual alias for every device entry */
51509 if (!dup) {
51510 char acpi_id[sizeof(card->devs[0].id)];
51511- int k;
51512+ unsigned int k;
51513
51514 buf_printf(&mod->dev_table_buf,
51515 "MODULE_ALIAS(\"pnp:d%s*\");\n", id);
51516@@ -699,7 +699,7 @@ static void dmi_ascii_filter(char *d, co
51517 static int do_dmi_entry(const char *filename, struct dmi_system_id *id,
51518 char *alias)
51519 {
51520- int i, j;
51521+ unsigned int i, j;
51522
51523 sprintf(alias, "dmi*");
51524
51525diff -urNp linux-2.6.32.8/scripts/mod/modpost.c linux-2.6.32.8/scripts/mod/modpost.c
51526--- linux-2.6.32.8/scripts/mod/modpost.c 2010-02-09 07:57:19.000000000 -0500
51527+++ linux-2.6.32.8/scripts/mod/modpost.c 2010-02-13 21:45:10.875018114 -0500
51528@@ -835,6 +835,7 @@ enum mismatch {
51529 INIT_TO_EXIT,
51530 EXIT_TO_INIT,
51531 EXPORT_TO_INIT_EXIT,
51532+ DATA_TO_TEXT
51533 };
51534
51535 struct sectioncheck {
51536@@ -920,6 +921,12 @@ const struct sectioncheck sectioncheck[]
51537 .fromsec = { "__ksymtab*", NULL },
51538 .tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL },
51539 .mismatch = EXPORT_TO_INIT_EXIT
51540+},
51541+/* Do not reference code from writable data */
51542+{
51543+ .fromsec = { DATA_SECTIONS, NULL },
51544+ .tosec = { TEXT_SECTIONS, NULL },
51545+ .mismatch = DATA_TO_TEXT
51546 }
51547 };
51548
51549@@ -1024,10 +1031,10 @@ static Elf_Sym *find_elf_symbol(struct e
51550 continue;
51551 if (ELF_ST_TYPE(sym->st_info) == STT_SECTION)
51552 continue;
51553- if (sym->st_value == addr)
51554- return sym;
51555 /* Find a symbol nearby - addr are maybe negative */
51556 d = sym->st_value - addr;
51557+ if (d == 0)
51558+ return sym;
51559 if (d < 0)
51560 d = addr - sym->st_value;
51561 if (d < distance) {
51562@@ -1268,6 +1275,14 @@ static void report_sec_mismatch(const ch
51563 "Fix this by removing the %sannotation of %s "
51564 "or drop the export.\n",
51565 tosym, sec2annotation(tosec), sec2annotation(tosec), tosym);
51566+ case DATA_TO_TEXT:
51567+/*
51568+ fprintf(stderr,
51569+ "The variable %s references\n"
51570+ "the %s %s%s%s\n",
51571+ fromsym, to, sec2annotation(tosec), tosym, to_p);
51572+*/
51573+ break;
51574 case NO_MISMATCH:
51575 /* To get warnings on missing members */
51576 break;
51577@@ -1651,7 +1666,7 @@ void __attribute__((format(printf, 2, 3)
51578 va_end(ap);
51579 }
51580
51581-void buf_write(struct buffer *buf, const char *s, int len)
51582+void buf_write(struct buffer *buf, const char *s, unsigned int len)
51583 {
51584 if (buf->size - buf->pos < len) {
51585 buf->size += len + SZ;
51586@@ -1863,7 +1878,7 @@ static void write_if_changed(struct buff
51587 if (fstat(fileno(file), &st) < 0)
51588 goto close_write;
51589
51590- if (st.st_size != b->pos)
51591+ if (st.st_size != (off_t)b->pos)
51592 goto close_write;
51593
51594 tmp = NOFAIL(malloc(b->pos));
51595diff -urNp linux-2.6.32.8/scripts/mod/modpost.h linux-2.6.32.8/scripts/mod/modpost.h
51596--- linux-2.6.32.8/scripts/mod/modpost.h 2010-02-09 07:57:19.000000000 -0500
51597+++ linux-2.6.32.8/scripts/mod/modpost.h 2010-02-13 21:45:10.875018114 -0500
51598@@ -92,15 +92,15 @@ void *do_nofail(void *ptr, const char *e
51599
51600 struct buffer {
51601 char *p;
51602- int pos;
51603- int size;
51604+ unsigned int pos;
51605+ unsigned int size;
51606 };
51607
51608 void __attribute__((format(printf, 2, 3)))
51609 buf_printf(struct buffer *buf, const char *fmt, ...);
51610
51611 void
51612-buf_write(struct buffer *buf, const char *s, int len);
51613+buf_write(struct buffer *buf, const char *s, unsigned int len);
51614
51615 struct module {
51616 struct module *next;
51617diff -urNp linux-2.6.32.8/scripts/mod/sumversion.c linux-2.6.32.8/scripts/mod/sumversion.c
51618--- linux-2.6.32.8/scripts/mod/sumversion.c 2010-02-09 07:57:19.000000000 -0500
51619+++ linux-2.6.32.8/scripts/mod/sumversion.c 2010-02-13 21:45:10.875018114 -0500
51620@@ -455,7 +455,7 @@ static void write_version(const char *fi
51621 goto out;
51622 }
51623
51624- if (write(fd, sum, strlen(sum)+1) != strlen(sum)+1) {
51625+ if (write(fd, sum, strlen(sum)+1) != (ssize_t)strlen(sum)+1) {
51626 warn("writing sum in %s failed: %s\n",
51627 filename, strerror(errno));
51628 goto out;
51629diff -urNp linux-2.6.32.8/scripts/pnmtologo.c linux-2.6.32.8/scripts/pnmtologo.c
51630--- linux-2.6.32.8/scripts/pnmtologo.c 2010-02-09 07:57:19.000000000 -0500
51631+++ linux-2.6.32.8/scripts/pnmtologo.c 2010-02-13 21:45:10.875018114 -0500
51632@@ -237,14 +237,14 @@ static void write_header(void)
51633 fprintf(out, " * Linux logo %s\n", logoname);
51634 fputs(" */\n\n", out);
51635 fputs("#include <linux/linux_logo.h>\n\n", out);
51636- fprintf(out, "static unsigned char %s_data[] __initdata = {\n",
51637+ fprintf(out, "static unsigned char %s_data[] = {\n",
51638 logoname);
51639 }
51640
51641 static void write_footer(void)
51642 {
51643 fputs("\n};\n\n", out);
51644- fprintf(out, "const struct linux_logo %s __initconst = {\n", logoname);
51645+ fprintf(out, "const struct linux_logo %s = {\n", logoname);
51646 fprintf(out, "\t.type\t\t= %s,\n", logo_types[logo_type]);
51647 fprintf(out, "\t.width\t\t= %d,\n", logo_width);
51648 fprintf(out, "\t.height\t\t= %d,\n", logo_height);
51649@@ -374,7 +374,7 @@ static void write_logo_clut224(void)
51650 fputs("\n};\n\n", out);
51651
51652 /* write logo clut */
51653- fprintf(out, "static unsigned char %s_clut[] __initdata = {\n",
51654+ fprintf(out, "static unsigned char %s_clut[] = {\n",
51655 logoname);
51656 write_hex_cnt = 0;
51657 for (i = 0; i < logo_clutsize; i++) {
51658diff -urNp linux-2.6.32.8/security/commoncap.c linux-2.6.32.8/security/commoncap.c
51659--- linux-2.6.32.8/security/commoncap.c 2010-02-09 07:57:19.000000000 -0500
51660+++ linux-2.6.32.8/security/commoncap.c 2010-02-13 21:45:10.876017609 -0500
51661@@ -27,7 +27,7 @@
51662 #include <linux/sched.h>
51663 #include <linux/prctl.h>
51664 #include <linux/securebits.h>
51665-
51666+#include <net/sock.h>
51667 /*
51668 * If a non-root user executes a setuid-root binary in
51669 * !secure(SECURE_NOROOT) mode, then we raise capabilities.
51670@@ -50,9 +50,11 @@ static void warn_setuid_and_fcaps_mixed(
51671 }
51672 }
51673
51674+extern kernel_cap_t gr_cap_rtnetlink(struct sock *sk);
51675+
51676 int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
51677 {
51678- NETLINK_CB(skb).eff_cap = current_cap();
51679+ NETLINK_CB(skb).eff_cap = gr_cap_rtnetlink(sk);
51680 return 0;
51681 }
51682
51683diff -urNp linux-2.6.32.8/security/integrity/ima/ima_api.c linux-2.6.32.8/security/integrity/ima/ima_api.c
51684--- linux-2.6.32.8/security/integrity/ima/ima_api.c 2010-02-09 07:57:19.000000000 -0500
51685+++ linux-2.6.32.8/security/integrity/ima/ima_api.c 2010-02-13 21:45:10.876017609 -0500
51686@@ -74,7 +74,7 @@ void ima_add_violation(struct inode *ino
51687 int result;
51688
51689 /* can overflow, only indicator */
51690- atomic_long_inc(&ima_htable.violations);
51691+ atomic_long_inc_unchecked(&ima_htable.violations);
51692
51693 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
51694 if (!entry) {
51695diff -urNp linux-2.6.32.8/security/integrity/ima/ima_fs.c linux-2.6.32.8/security/integrity/ima/ima_fs.c
51696--- linux-2.6.32.8/security/integrity/ima/ima_fs.c 2010-02-09 07:57:19.000000000 -0500
51697+++ linux-2.6.32.8/security/integrity/ima/ima_fs.c 2010-02-13 21:45:10.876017609 -0500
51698@@ -27,12 +27,12 @@
51699 static int valid_policy = 1;
51700 #define TMPBUFLEN 12
51701 static ssize_t ima_show_htable_value(char __user *buf, size_t count,
51702- loff_t *ppos, atomic_long_t *val)
51703+ loff_t *ppos, atomic_long_unchecked_t *val)
51704 {
51705 char tmpbuf[TMPBUFLEN];
51706 ssize_t len;
51707
51708- len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val));
51709+ len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read_unchecked(val));
51710 return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
51711 }
51712
51713diff -urNp linux-2.6.32.8/security/integrity/ima/ima.h linux-2.6.32.8/security/integrity/ima/ima.h
51714--- linux-2.6.32.8/security/integrity/ima/ima.h 2010-02-09 07:57:19.000000000 -0500
51715+++ linux-2.6.32.8/security/integrity/ima/ima.h 2010-02-13 21:45:10.876017609 -0500
51716@@ -84,8 +84,8 @@ void ima_add_violation(struct inode *ino
51717 extern spinlock_t ima_queue_lock;
51718
51719 struct ima_h_table {
51720- atomic_long_t len; /* number of stored measurements in the list */
51721- atomic_long_t violations;
51722+ atomic_long_unchecked_t len; /* number of stored measurements in the list */
51723+ atomic_long_unchecked_t violations;
51724 struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE];
51725 };
51726 extern struct ima_h_table ima_htable;
51727diff -urNp linux-2.6.32.8/security/integrity/ima/ima_queue.c linux-2.6.32.8/security/integrity/ima/ima_queue.c
51728--- linux-2.6.32.8/security/integrity/ima/ima_queue.c 2010-02-09 07:57:19.000000000 -0500
51729+++ linux-2.6.32.8/security/integrity/ima/ima_queue.c 2010-02-13 21:45:10.876017609 -0500
51730@@ -78,7 +78,7 @@ static int ima_add_digest_entry(struct i
51731 INIT_LIST_HEAD(&qe->later);
51732 list_add_tail_rcu(&qe->later, &ima_measurements);
51733
51734- atomic_long_inc(&ima_htable.len);
51735+ atomic_long_inc_unchecked(&ima_htable.len);
51736 key = ima_hash_key(entry->digest);
51737 hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
51738 return 0;
51739diff -urNp linux-2.6.32.8/security/Kconfig linux-2.6.32.8/security/Kconfig
51740--- linux-2.6.32.8/security/Kconfig 2010-02-09 07:57:19.000000000 -0500
51741+++ linux-2.6.32.8/security/Kconfig 2010-02-13 21:45:10.877017753 -0500
51742@@ -4,6 +4,465 @@
51743
51744 menu "Security options"
51745
51746+source grsecurity/Kconfig
51747+
51748+menu "PaX"
51749+
51750+config PAX
51751+ bool "Enable various PaX features"
51752+ depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS32 || MIPS64 || PARISC || PPC32 || PPC64 || SPARC32 || SPARC64 || X86)
51753+ help
51754+ This allows you to enable various PaX features. PaX adds
51755+ intrusion prevention mechanisms to the kernel that reduce
51756+ the risks posed by exploitable memory corruption bugs.
51757+
51758+menu "PaX Control"
51759+ depends on PAX
51760+
51761+config PAX_SOFTMODE
51762+ bool 'Support soft mode'
51763+ help
51764+ Enabling this option will allow you to run PaX in soft mode, that
51765+ is, PaX features will not be enforced by default, only on executables
51766+ marked explicitly. You must also enable PT_PAX_FLAGS support as it
51767+ is the only way to mark executables for soft mode use.
51768+
51769+ Soft mode can be activated by using the "pax_softmode=1" kernel command
51770+ line option on boot. Furthermore you can control various PaX features
51771+ at runtime via the entries in /proc/sys/kernel/pax.
51772+
51773+config PAX_EI_PAX
51774+ bool 'Use legacy ELF header marking'
51775+ help
51776+ Enabling this option will allow you to control PaX features on
51777+ a per executable basis via the 'chpax' utility available at
51778+ http://pax.grsecurity.net/. The control flags will be read from
51779+ an otherwise reserved part of the ELF header. This marking has
51780+ numerous drawbacks (no support for soft-mode, toolchain does not
51781+ know about the non-standard use of the ELF header) therefore it
51782+ has been deprecated in favour of PT_PAX_FLAGS support.
51783+
51784+ If you have applications not marked by the PT_PAX_FLAGS ELF
51785+ program header then you MUST enable this option otherwise they
51786+ will not get any protection.
51787+
51788+ Note that if you enable PT_PAX_FLAGS marking support as well,
51789+ the PT_PAX_FLAG marks will override the legacy EI_PAX marks.
51790+
51791+config PAX_PT_PAX_FLAGS
51792+ bool 'Use ELF program header marking'
51793+ help
51794+ Enabling this option will allow you to control PaX features on
51795+ a per executable basis via the 'paxctl' utility available at
51796+ http://pax.grsecurity.net/. The control flags will be read from
51797+ a PaX specific ELF program header (PT_PAX_FLAGS). This marking
51798+ has the benefits of supporting both soft mode and being fully
51799+ integrated into the toolchain (the binutils patch is available
51800+ from http://pax.grsecurity.net).
51801+
51802+ If you have applications not marked by the PT_PAX_FLAGS ELF
51803+ program header then you MUST enable the EI_PAX marking support
51804+ otherwise they will not get any protection.
51805+
51806+ Note that if you enable the legacy EI_PAX marking support as well,
51807+ the EI_PAX marks will be overridden by the PT_PAX_FLAGS marks.
51808+
51809+choice
51810+ prompt 'MAC system integration'
51811+ default PAX_HAVE_ACL_FLAGS
51812+ help
51813+ Mandatory Access Control systems have the option of controlling
51814+ PaX flags on a per executable basis, choose the method supported
51815+ by your particular system.
51816+
51817+ - "none": if your MAC system does not interact with PaX,
51818+ - "direct": if your MAC system defines pax_set_initial_flags() itself,
51819+ - "hook": if your MAC system uses the pax_set_initial_flags_func callback.
51820+
51821+ NOTE: this option is for developers/integrators only.
51822+
51823+ config PAX_NO_ACL_FLAGS
51824+ bool 'none'
51825+
51826+ config PAX_HAVE_ACL_FLAGS
51827+ bool 'direct'
51828+
51829+ config PAX_HOOK_ACL_FLAGS
51830+ bool 'hook'
51831+endchoice
51832+
51833+endmenu
51834+
51835+menu "Non-executable pages"
51836+ depends on PAX
51837+
51838+config PAX_NOEXEC
51839+ bool "Enforce non-executable pages"
51840+ depends on (PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS) && (ALPHA || (ARM && (CPU_V6 || CPU_V7)) || IA64 || MIPS32 || MIPS64 || PARISC || PPC32 || PPC64 || SPARC32 || SPARC64 || X86)
51841+ help
51842+ By design some architectures do not allow for protecting memory
51843+ pages against execution or even if they do, Linux does not make
51844+ use of this feature. In practice this means that if a page is
51845+ readable (such as the stack or heap) it is also executable.
51846+
51847+ There is a well known exploit technique that makes use of this
51848+ fact and a common programming mistake where an attacker can
51849+ introduce code of his choice somewhere in the attacked program's
51850+ memory (typically the stack or the heap) and then execute it.
51851+
51852+ If the attacked program was running with different (typically
51853+ higher) privileges than that of the attacker, then he can elevate
51854+ his own privilege level (e.g. get a root shell, write to files for
51855+ which he does not have write access to, etc).
51856+
51857+ Enabling this option will let you choose from various features
51858+ that prevent the injection and execution of 'foreign' code in
51859+ a program.
51860+
51861+ This will also break programs that rely on the old behaviour and
51862+ expect that dynamically allocated memory via the malloc() family
51863+ of functions is executable (which it is not). Notable examples
51864+ are the XFree86 4.x server, the java runtime and wine.
51865+
51866+config PAX_PAGEEXEC
51867+ bool "Paging based non-executable pages"
51868+ depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7)
51869+ help
51870+ This implementation is based on the paging feature of the CPU.
51871+ On i386 without hardware non-executable bit support there is a
51872+ variable but usually low performance impact, however on Intel's
51873+ P4 core based CPUs it is very high so you should not enable this
51874+ for kernels meant to be used on such CPUs.
51875+
51876+ On alpha, avr32, ia64, parisc, sparc, sparc64, x86_64 and i386
51877+ with hardware non-executable bit support there is no performance
51878+ impact, on ppc the impact is negligible.
51879+
51880+ Note that several architectures require various emulations due to
51881+ badly designed userland ABIs, this will cause a performance impact
51882+ but will disappear as soon as userland is fixed. For example, ppc
51883+ userland MUST have been built with secure-plt by a recent toolchain.
51884+
51885+config PAX_SEGMEXEC
51886+ bool "Segmentation based non-executable pages"
51887+ depends on PAX_NOEXEC && X86_32
51888+ help
51889+ This implementation is based on the segmentation feature of the
51890+ CPU and has a very small performance impact, however applications
51891+ will be limited to a 1.5 GB address space instead of the normal
51892+ 3 GB.
51893+
51894+config PAX_EMUTRAMP
51895+ bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
51896+ default y if PARISC
51897+ help
51898+ There are some programs and libraries that for one reason or
51899+ another attempt to execute special small code snippets from
51900+ non-executable memory pages. Most notable examples are the
51901+ signal handler return code generated by the kernel itself and
51902+ the GCC trampolines.
51903+
51904+ If you enabled CONFIG_PAX_PAGEEXEC or CONFIG_PAX_SEGMEXEC then
51905+ such programs will no longer work under your kernel.
51906+
51907+ As a remedy you can say Y here and use the 'chpax' or 'paxctl'
51908+ utilities to enable trampoline emulation for the affected programs
51909+ yet still have the protection provided by the non-executable pages.
51910+
51911+ On parisc you MUST enable this option and EMUSIGRT as well, otherwise
51912+ your system will not even boot.
51913+
51914+ Alternatively you can say N here and use the 'chpax' or 'paxctl'
51915+ utilities to disable CONFIG_PAX_PAGEEXEC and CONFIG_PAX_SEGMEXEC
51916+ for the affected files.
51917+
51918+ NOTE: enabling this feature *may* open up a loophole in the
51919+ protection provided by non-executable pages that an attacker
51920+ could abuse. Therefore the best solution is to not have any
51921+ files on your system that would require this option. This can
51922+ be achieved by not using libc5 (which relies on the kernel
51923+ signal handler return code) and not using or rewriting programs
51924+ that make use of the nested function implementation of GCC.
51925+ Skilled users can just fix GCC itself so that it implements
51926+ nested function calls in a way that does not interfere with PaX.
51927+
51928+config PAX_EMUSIGRT
51929+ bool "Automatically emulate sigreturn trampolines"
51930+ depends on PAX_EMUTRAMP && PARISC
51931+ default y
51932+ help
51933+ Enabling this option will have the kernel automatically detect
51934+ and emulate signal return trampolines executing on the stack
51935+ that would otherwise lead to task termination.
51936+
51937+ This solution is intended as a temporary one for users with
51938+ legacy versions of libc (libc5, glibc 2.0, uClibc before 0.9.17,
51939+ Modula-3 runtime, etc) or executables linked to such, basically
51940+ everything that does not specify its own SA_RESTORER function in
51941+ normal executable memory like glibc 2.1+ does.
51942+
51943+ On parisc you MUST enable this option, otherwise your system will
51944+ not even boot.
51945+
51946+ NOTE: this feature cannot be disabled on a per executable basis
51947+ and since it *does* open up a loophole in the protection provided
51948+ by non-executable pages, the best solution is to not have any
51949+ files on your system that would require this option.
51950+
51951+config PAX_MPROTECT
51952+ bool "Restrict mprotect()"
51953+ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC)
51954+ help
51955+ Enabling this option will prevent programs from
51956+ - changing the executable status of memory pages that were
51957+ not originally created as executable,
51958+ - making read-only executable pages writable again,
51959+ - creating executable pages from anonymous memory.
51960+
51961+ You should say Y here to complete the protection provided by
51962+ the enforcement of non-executable pages.
51963+
51964+ NOTE: you can use the 'chpax' or 'paxctl' utilities to control
51965+ this feature on a per file basis.
51966+
51967+config PAX_NOELFRELOCS
51968+ bool "Disallow ELF text relocations"
51969+ depends on PAX_MPROTECT && !PAX_ETEXECRELOCS && (IA64 || PPC || X86)
51970+ help
51971+ Non-executable pages and mprotect() restrictions are effective
51972+ in preventing the introduction of new executable code into an
51973+ attacked task's address space. There remain only two venues
51974+ for this kind of attack: if the attacker can execute already
51975+ existing code in the attacked task then he can either have it
51976+ create and mmap() a file containing his code or have it mmap()
51977+ an already existing ELF library that does not have position
51978+ independent code in it and use mprotect() on it to make it
51979+ writable and copy his code there. While protecting against
51980+ the former approach is beyond PaX, the latter can be prevented
51981+ by having only PIC ELF libraries on one's system (which do not
51982+ need to relocate their code). If you are sure this is your case,
51983+ then enable this option otherwise be careful as you may not even
51984+ be able to boot or log on your system (for example, some PAM
51985+ modules are erroneously compiled as non-PIC by default).
51986+
51987+ NOTE: if you are using dynamic ELF executables (as suggested
51988+ when using ASLR) then you must have made sure that you linked
51989+ your files using the PIC version of crt1 (the et_dyn.tar.gz package
51990+ referenced there has already been updated to support this).
51991+
51992+config PAX_ETEXECRELOCS
51993+ bool "Allow ELF ET_EXEC text relocations"
51994+ depends on PAX_MPROTECT && (ALPHA || IA64 || PARISC)
51995+ default y
51996+ help
51997+ On some architectures there are incorrectly created applications
51998+ that require text relocations and would not work without enabling
51999+ this option. If you are an alpha, ia64 or parisc user, you should
52000+ enable this option and disable it once you have made sure that
52001+ none of your applications need it.
52002+
52003+config PAX_EMUPLT
52004+ bool "Automatically emulate ELF PLT"
52005+ depends on PAX_MPROTECT && (ALPHA || PARISC || SPARC32 || SPARC64)
52006+ default y
52007+ help
52008+ Enabling this option will have the kernel automatically detect
52009+ and emulate the Procedure Linkage Table entries in ELF files.
52010+ On some architectures such entries are in writable memory, and
52011+ become non-executable leading to task termination. Therefore
52012+ it is mandatory that you enable this option on alpha, parisc,
52013+ sparc and sparc64, otherwise your system would not even boot.
52014+
52015+ NOTE: this feature *does* open up a loophole in the protection
52016+ provided by the non-executable pages, therefore the proper
52017+ solution is to modify the toolchain to produce a PLT that does
52018+ not need to be writable.
52019+
52020+config PAX_DLRESOLVE
52021+ bool 'Emulate old glibc resolver stub'
52022+ depends on PAX_EMUPLT && (SPARC32 || SPARC64)
52023+ default n
52024+ help
52025+ This option is needed if userland has an old glibc (before 2.4)
52026+ that puts a 'save' instruction into the runtime generated resolver
52027+ stub that needs special emulation.
52028+
52029+config PAX_KERNEXEC
52030+ bool "Enforce non-executable kernel pages"
52031+ depends on PAX_NOEXEC && X86 && (!X86_32 || X86_WP_WORKS_OK) && !XEN
52032+ help
52033+ This is the kernel land equivalent of PAGEEXEC and MPROTECT,
52034+ that is, enabling this option will make it harder to inject
52035+ and execute 'foreign' code in kernel memory itself.
52036+
52037+endmenu
52038+
52039+menu "Address Space Layout Randomization"
52040+ depends on PAX
52041+
52042+config PAX_ASLR
52043+ bool "Address Space Layout Randomization"
52044+ depends on PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS
52045+ help
52046+ Many if not most exploit techniques rely on the knowledge of
52047+ certain addresses in the attacked program. The following options
52048+ will allow the kernel to apply a certain amount of randomization
52049+ to specific parts of the program thereby forcing an attacker to
52050+ guess them in most cases. Any failed guess will most likely crash
52051+ the attacked program which allows the kernel to detect such attempts
52052+ and react on them. PaX itself provides no reaction mechanisms,
52053+ instead it is strongly encouraged that you make use of Nergal's
52054+ segvguard (ftp://ftp.pl.openwall.com/misc/segvguard/) or grsecurity's
52055+ (http://www.grsecurity.net/) built-in crash detection features or
52056+ develop one yourself.
52057+
52058+ By saying Y here you can choose to randomize the following areas:
52059+ - top of the task's kernel stack
52060+ - top of the task's userland stack
52061+ - base address for mmap() requests that do not specify one
52062+ (this includes all libraries)
52063+ - base address of the main executable
52064+
52065+ It is strongly recommended to say Y here as address space layout
52066+ randomization has negligible impact on performance yet it provides
52067+ a very effective protection.
52068+
52069+ NOTE: you can use the 'chpax' or 'paxctl' utilities to control
52070+ this feature on a per file basis.
52071+
52072+config PAX_RANDKSTACK
52073+ bool "Randomize kernel stack base"
52074+ depends on PAX_ASLR && X86_TSC && X86_32
52075+ help
52076+ By saying Y here the kernel will randomize every task's kernel
52077+ stack on every system call. This will not only force an attacker
52078+ to guess it but also prevent him from making use of possible
52079+ leaked information about it.
52080+
52081+ Since the kernel stack is a rather scarce resource, randomization
52082+ may cause unexpected stack overflows, therefore you should very
52083+ carefully test your system. Note that once enabled in the kernel
52084+ configuration, this feature cannot be disabled on a per file basis.
52085+
52086+config PAX_RANDUSTACK
52087+ bool "Randomize user stack base"
52088+ depends on PAX_ASLR
52089+ help
52090+ By saying Y here the kernel will randomize every task's userland
52091+ stack. The randomization is done in two steps where the second
52092+ one may apply a big amount of shift to the top of the stack and
52093+ cause problems for programs that want to use lots of memory (more
52094+ than 2.5 GB if SEGMEXEC is not active, or 1.25 GB when it is).
52095+ For this reason the second step can be controlled by 'chpax' or
52096+ 'paxctl' on a per file basis.
52097+
52098+config PAX_RANDMMAP
52099+ bool "Randomize mmap() base"
52100+ depends on PAX_ASLR
52101+ help
52102+ By saying Y here the kernel will use a randomized base address for
52103+ mmap() requests that do not specify one themselves. As a result
52104+ all dynamically loaded libraries will appear at random addresses
52105+ and therefore be harder to exploit by a technique where an attacker
52106+ attempts to execute library code for his purposes (e.g. spawn a
52107+ shell from an exploited program that is running at an elevated
52108+ privilege level).
52109+
52110+ Furthermore, if a program is relinked as a dynamic ELF file, its
52111+ base address will be randomized as well, completing the full
52112+ randomization of the address space layout. Attacking such programs
52113+ becomes a guess game. You can find an example of doing this at
52114+ http://pax.grsecurity.net/et_dyn.tar.gz and practical samples at
52115+ http://www.grsecurity.net/grsec-gcc-specs.tar.gz .
52116+
52117+ NOTE: you can use the 'chpax' or 'paxctl' utilities to control this
52118+ feature on a per file basis.
52119+
52120+endmenu
52121+
52122+menu "Miscellaneous hardening features"
52123+
52124+config PAX_MEMORY_SANITIZE
52125+ bool "Sanitize all freed memory"
52126+ help
52127+ By saying Y here the kernel will erase memory pages as soon as they
52128+ are freed. This in turn reduces the lifetime of data stored in the
52129+ pages, making it less likely that sensitive information such as
52130+ passwords, cryptographic secrets, etc stay in memory for too long.
52131+
52132+ This is especially useful for programs whose runtime is short, long
52133+ lived processes and the kernel itself benefit from this as long as
52134+ they operate on whole memory pages and ensure timely freeing of pages
52135+ that may hold sensitive information.
52136+
52137+ The tradeoff is performance impact, on a single CPU system kernel
52138+ compilation sees a 3% slowdown, other systems and workloads may vary
52139+ and you are advised to test this feature on your expected workload
52140+ before deploying it.
52141+
52142+ Note that this feature does not protect data stored in live pages,
52143+ e.g., process memory swapped to disk may stay there for a long time.
52144+
52145+config PAX_MEMORY_UDEREF
52146+ bool "Prevent invalid userland pointer dereference"
52147+ depends on X86_32 && !UML_X86 && !XEN
52148+ help
52149+ By saying Y here the kernel will be prevented from dereferencing
52150+ userland pointers in contexts where the kernel expects only kernel
52151+ pointers. This is both a useful runtime debugging feature and a
52152+ security measure that prevents exploiting a class of kernel bugs.
52153+
52154+ The tradeoff is that some virtualization solutions may experience
52155+ a huge slowdown and therefore you should not enable this feature
52156+ for kernels meant to run in such environments. Whether a given VM
52157+ solution is affected or not is best determined by simply trying it
52158+ out, the performance impact will be obvious right on boot as this
52159+ mechanism engages from very early on. A good rule of thumb is that
52160+ VMs running on CPUs without hardware virtualization support (i.e.,
52161+ the majority of IA-32 CPUs) will likely experience the slowdown.
52162+
52163+config PAX_REFCOUNT
52164+ bool "Prevent various kernel object reference counter overflows"
52165+ depends on GRKERNSEC && (X86 || SPARC64)
52166+ help
52167+ By saying Y here the kernel will detect and prevent overflowing
52168+ various (but not all) kinds of object reference counters. Such
52169+ overflows can normally occur due to bugs only and are often, if
52170+ not always, exploitable.
52171+
52172+ The tradeoff is that data structures protected by an overflowed
52173+ refcount will never be freed and therefore will leak memory. Note
52174+ that this leak also happens even without this protection but in
52175+ that case the overflow can eventually trigger the freeing of the
52176+ data structure while it is still being used elsewhere, resulting
52177+ in the exploitable situation that this feature prevents.
52178+
52179+ Since this has a negligible performance impact, you should enable
52180+ this feature.
52181+
52182+config PAX_USERCOPY
52183+ bool "Bounds check heap object copies between kernel and userland"
52184+ depends on X86 || PPC32 || PPC64 || SPARC32 || SPARC64
52185+ depends on GRKERNSEC && (SLAB || SLUB || SLOB)
52186+ help
52187+ By saying Y here the kernel will enforce the size of heap objects
52188+ when they are copied in either direction between the kernel and
52189+ userland, even if only a part of the heap object is copied.
52190+
52191+ Specifically, this checking prevents information leaking from the
52192+ kernel heap during kernel to userland copies (if the kernel heap
52193+ object is otherwise fully initialized) and prevents kernel heap
52194+ overflows during userland to kernel copies.
52195+
52196+ Note that the current implementation provides the strictest checks
52197+ for the SLUB allocator.
52198+
52199+ Since this has a negligible performance impact, you should enable
52200+ this feature.
52201+endmenu
52202+
52203+endmenu
52204+
52205 config KEYS
52206 bool "Enable access key retention support"
52207 help
52208@@ -146,7 +605,7 @@ config INTEL_TXT
52209 config LSM_MMAP_MIN_ADDR
52210 int "Low address space for LSM to protect from user allocation"
52211 depends on SECURITY && SECURITY_SELINUX
52212- default 65536
52213+ default 32768
52214 help
52215 This is the portion of low virtual memory which should be protected
52216 from userspace allocation. Keeping a user from writing to low pages
52217diff -urNp linux-2.6.32.8/security/min_addr.c linux-2.6.32.8/security/min_addr.c
52218--- linux-2.6.32.8/security/min_addr.c 2010-02-09 07:57:19.000000000 -0500
52219+++ linux-2.6.32.8/security/min_addr.c 2010-02-13 21:45:10.877017753 -0500
52220@@ -14,6 +14,7 @@ unsigned long dac_mmap_min_addr = CONFIG
52221 */
52222 static void update_mmap_min_addr(void)
52223 {
52224+#ifndef SPARC
52225 #ifdef CONFIG_LSM_MMAP_MIN_ADDR
52226 if (dac_mmap_min_addr > CONFIG_LSM_MMAP_MIN_ADDR)
52227 mmap_min_addr = dac_mmap_min_addr;
52228@@ -22,6 +23,7 @@ static void update_mmap_min_addr(void)
52229 #else
52230 mmap_min_addr = dac_mmap_min_addr;
52231 #endif
52232+#endif
52233 }
52234
52235 /*
52236@@ -33,6 +35,9 @@ int mmap_min_addr_handler(struct ctl_tab
52237 {
52238 int ret;
52239
52240+ if (!capable(CAP_SYS_RAWIO))
52241+ return -EPERM;
52242+
52243 ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
52244
52245 update_mmap_min_addr();
52246diff -urNp linux-2.6.32.8/sound/aoa/codecs/onyx.c linux-2.6.32.8/sound/aoa/codecs/onyx.c
52247--- linux-2.6.32.8/sound/aoa/codecs/onyx.c 2010-02-09 07:57:19.000000000 -0500
52248+++ linux-2.6.32.8/sound/aoa/codecs/onyx.c 2010-02-13 21:45:10.887672522 -0500
52249@@ -53,7 +53,7 @@ struct onyx {
52250 spdif_locked:1,
52251 analog_locked:1,
52252 original_mute:2;
52253- int open_count;
52254+ atomic_t open_count;
52255 struct codec_info *codec_info;
52256
52257 /* mutex serializes concurrent access to the device
52258@@ -752,7 +752,7 @@ static int onyx_open(struct codec_info_i
52259 struct onyx *onyx = cii->codec_data;
52260
52261 mutex_lock(&onyx->mutex);
52262- onyx->open_count++;
52263+ atomic_inc(&onyx->open_count);
52264 mutex_unlock(&onyx->mutex);
52265
52266 return 0;
52267@@ -764,8 +764,7 @@ static int onyx_close(struct codec_info_
52268 struct onyx *onyx = cii->codec_data;
52269
52270 mutex_lock(&onyx->mutex);
52271- onyx->open_count--;
52272- if (!onyx->open_count)
52273+ if (atomic_dec_and_test(&onyx->open_count))
52274 onyx->spdif_locked = onyx->analog_locked = 0;
52275 mutex_unlock(&onyx->mutex);
52276
52277diff -urNp linux-2.6.32.8/sound/core/oss/pcm_oss.c linux-2.6.32.8/sound/core/oss/pcm_oss.c
52278--- linux-2.6.32.8/sound/core/oss/pcm_oss.c 2010-02-09 07:57:19.000000000 -0500
52279+++ linux-2.6.32.8/sound/core/oss/pcm_oss.c 2010-02-13 21:45:10.910847144 -0500
52280@@ -2949,8 +2949,8 @@ static void snd_pcm_oss_proc_done(struct
52281 }
52282 }
52283 #else /* !CONFIG_SND_VERBOSE_PROCFS */
52284-#define snd_pcm_oss_proc_init(pcm)
52285-#define snd_pcm_oss_proc_done(pcm)
52286+#define snd_pcm_oss_proc_init(pcm) do {} while (0)
52287+#define snd_pcm_oss_proc_done(pcm) do {} while (0)
52288 #endif /* CONFIG_SND_VERBOSE_PROCFS */
52289
52290 /*
52291diff -urNp linux-2.6.32.8/sound/core/seq/seq_lock.h linux-2.6.32.8/sound/core/seq/seq_lock.h
52292--- linux-2.6.32.8/sound/core/seq/seq_lock.h 2010-02-09 07:57:19.000000000 -0500
52293+++ linux-2.6.32.8/sound/core/seq/seq_lock.h 2010-02-13 21:45:10.919865441 -0500
52294@@ -23,10 +23,10 @@ void snd_use_lock_sync_helper(snd_use_lo
52295 #else /* SMP || CONFIG_SND_DEBUG */
52296
52297 typedef spinlock_t snd_use_lock_t; /* dummy */
52298-#define snd_use_lock_init(lockp) /**/
52299-#define snd_use_lock_use(lockp) /**/
52300-#define snd_use_lock_free(lockp) /**/
52301-#define snd_use_lock_sync(lockp) /**/
52302+#define snd_use_lock_init(lockp) do {} while (0)
52303+#define snd_use_lock_use(lockp) do {} while (0)
52304+#define snd_use_lock_free(lockp) do {} while (0)
52305+#define snd_use_lock_sync(lockp) do {} while (0)
52306
52307 #endif /* SMP || CONFIG_SND_DEBUG */
52308
52309diff -urNp linux-2.6.32.8/sound/drivers/mts64.c linux-2.6.32.8/sound/drivers/mts64.c
52310--- linux-2.6.32.8/sound/drivers/mts64.c 2010-02-09 07:57:19.000000000 -0500
52311+++ linux-2.6.32.8/sound/drivers/mts64.c 2010-02-13 21:45:10.931642664 -0500
52312@@ -65,7 +65,7 @@ struct mts64 {
52313 struct pardevice *pardev;
52314 int pardev_claimed;
52315
52316- int open_count;
52317+ atomic_t open_count;
52318 int current_midi_output_port;
52319 int current_midi_input_port;
52320 u8 mode[MTS64_NUM_INPUT_PORTS];
52321@@ -695,7 +695,7 @@ static int snd_mts64_rawmidi_open(struct
52322 {
52323 struct mts64 *mts = substream->rmidi->private_data;
52324
52325- if (mts->open_count == 0) {
52326+ if (atomic_read(&mts->open_count) == 0) {
52327 /* We don't need a spinlock here, because this is just called
52328 if the device has not been opened before.
52329 So there aren't any IRQs from the device */
52330@@ -703,7 +703,7 @@ static int snd_mts64_rawmidi_open(struct
52331
52332 msleep(50);
52333 }
52334- ++(mts->open_count);
52335+ atomic_inc(&mts->open_count);
52336
52337 return 0;
52338 }
52339@@ -713,8 +713,7 @@ static int snd_mts64_rawmidi_close(struc
52340 struct mts64 *mts = substream->rmidi->private_data;
52341 unsigned long flags;
52342
52343- --(mts->open_count);
52344- if (mts->open_count == 0) {
52345+ if (atomic_dec_return(&mts->open_count) == 0) {
52346 /* We need the spinlock_irqsave here because we can still
52347 have IRQs at this point */
52348 spin_lock_irqsave(&mts->lock, flags);
52349@@ -723,8 +722,8 @@ static int snd_mts64_rawmidi_close(struc
52350
52351 msleep(500);
52352
52353- } else if (mts->open_count < 0)
52354- mts->open_count = 0;
52355+ } else if (atomic_read(&mts->open_count) < 0)
52356+ atomic_set(&mts->open_count, 0);
52357
52358 return 0;
52359 }
52360diff -urNp linux-2.6.32.8/sound/drivers/portman2x4.c linux-2.6.32.8/sound/drivers/portman2x4.c
52361--- linux-2.6.32.8/sound/drivers/portman2x4.c 2010-02-09 07:57:19.000000000 -0500
52362+++ linux-2.6.32.8/sound/drivers/portman2x4.c 2010-02-13 21:45:10.940739783 -0500
52363@@ -83,7 +83,7 @@ struct portman {
52364 struct pardevice *pardev;
52365 int pardev_claimed;
52366
52367- int open_count;
52368+ atomic_t open_count;
52369 int mode[PORTMAN_NUM_INPUT_PORTS];
52370 struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS];
52371 };
52372diff -urNp linux-2.6.32.8/sound/pci/ac97/ac97_codec.c linux-2.6.32.8/sound/pci/ac97/ac97_codec.c
52373--- linux-2.6.32.8/sound/pci/ac97/ac97_codec.c 2010-02-09 07:57:19.000000000 -0500
52374+++ linux-2.6.32.8/sound/pci/ac97/ac97_codec.c 2010-02-13 21:45:10.968693550 -0500
52375@@ -1952,7 +1952,7 @@ static int snd_ac97_dev_disconnect(struc
52376 }
52377
52378 /* build_ops to do nothing */
52379-static struct snd_ac97_build_ops null_build_ops;
52380+static const struct snd_ac97_build_ops null_build_ops;
52381
52382 #ifdef CONFIG_SND_AC97_POWER_SAVE
52383 static void do_update_power(struct work_struct *work)
52384diff -urNp linux-2.6.32.8/sound/pci/ac97/ac97_patch.c linux-2.6.32.8/sound/pci/ac97/ac97_patch.c
52385--- linux-2.6.32.8/sound/pci/ac97/ac97_patch.c 2010-02-09 07:57:19.000000000 -0500
52386+++ linux-2.6.32.8/sound/pci/ac97/ac97_patch.c 2010-02-13 21:45:10.974536860 -0500
52387@@ -371,7 +371,7 @@ static int patch_yamaha_ymf743_build_spd
52388 return 0;
52389 }
52390
52391-static struct snd_ac97_build_ops patch_yamaha_ymf743_ops = {
52392+static const struct snd_ac97_build_ops patch_yamaha_ymf743_ops = {
52393 .build_spdif = patch_yamaha_ymf743_build_spdif,
52394 .build_3d = patch_yamaha_ymf7x3_3d,
52395 };
52396@@ -455,7 +455,7 @@ static int patch_yamaha_ymf753_post_spdi
52397 return 0;
52398 }
52399
52400-static struct snd_ac97_build_ops patch_yamaha_ymf753_ops = {
52401+static const struct snd_ac97_build_ops patch_yamaha_ymf753_ops = {
52402 .build_3d = patch_yamaha_ymf7x3_3d,
52403 .build_post_spdif = patch_yamaha_ymf753_post_spdif
52404 };
52405@@ -502,7 +502,7 @@ static int patch_wolfson_wm9703_specific
52406 return 0;
52407 }
52408
52409-static struct snd_ac97_build_ops patch_wolfson_wm9703_ops = {
52410+static const struct snd_ac97_build_ops patch_wolfson_wm9703_ops = {
52411 .build_specific = patch_wolfson_wm9703_specific,
52412 };
52413
52414@@ -533,7 +533,7 @@ static int patch_wolfson_wm9704_specific
52415 return 0;
52416 }
52417
52418-static struct snd_ac97_build_ops patch_wolfson_wm9704_ops = {
52419+static const struct snd_ac97_build_ops patch_wolfson_wm9704_ops = {
52420 .build_specific = patch_wolfson_wm9704_specific,
52421 };
52422
52423@@ -555,7 +555,7 @@ static int patch_wolfson_wm9705_specific
52424 return 0;
52425 }
52426
52427-static struct snd_ac97_build_ops patch_wolfson_wm9705_ops = {
52428+static const struct snd_ac97_build_ops patch_wolfson_wm9705_ops = {
52429 .build_specific = patch_wolfson_wm9705_specific,
52430 };
52431
52432@@ -692,7 +692,7 @@ static int patch_wolfson_wm9711_specific
52433 return 0;
52434 }
52435
52436-static struct snd_ac97_build_ops patch_wolfson_wm9711_ops = {
52437+static const struct snd_ac97_build_ops patch_wolfson_wm9711_ops = {
52438 .build_specific = patch_wolfson_wm9711_specific,
52439 };
52440
52441@@ -886,7 +886,7 @@ static void patch_wolfson_wm9713_resume
52442 }
52443 #endif
52444
52445-static struct snd_ac97_build_ops patch_wolfson_wm9713_ops = {
52446+static const struct snd_ac97_build_ops patch_wolfson_wm9713_ops = {
52447 .build_specific = patch_wolfson_wm9713_specific,
52448 .build_3d = patch_wolfson_wm9713_3d,
52449 #ifdef CONFIG_PM
52450@@ -991,7 +991,7 @@ static int patch_sigmatel_stac97xx_speci
52451 return 0;
52452 }
52453
52454-static struct snd_ac97_build_ops patch_sigmatel_stac9700_ops = {
52455+static const struct snd_ac97_build_ops patch_sigmatel_stac9700_ops = {
52456 .build_3d = patch_sigmatel_stac9700_3d,
52457 .build_specific = patch_sigmatel_stac97xx_specific
52458 };
52459@@ -1038,7 +1038,7 @@ static int patch_sigmatel_stac9708_speci
52460 return patch_sigmatel_stac97xx_specific(ac97);
52461 }
52462
52463-static struct snd_ac97_build_ops patch_sigmatel_stac9708_ops = {
52464+static const struct snd_ac97_build_ops patch_sigmatel_stac9708_ops = {
52465 .build_3d = patch_sigmatel_stac9708_3d,
52466 .build_specific = patch_sigmatel_stac9708_specific
52467 };
52468@@ -1267,7 +1267,7 @@ static int patch_sigmatel_stac9758_speci
52469 return 0;
52470 }
52471
52472-static struct snd_ac97_build_ops patch_sigmatel_stac9758_ops = {
52473+static const struct snd_ac97_build_ops patch_sigmatel_stac9758_ops = {
52474 .build_3d = patch_sigmatel_stac9700_3d,
52475 .build_specific = patch_sigmatel_stac9758_specific
52476 };
52477@@ -1342,7 +1342,7 @@ static int patch_cirrus_build_spdif(stru
52478 return 0;
52479 }
52480
52481-static struct snd_ac97_build_ops patch_cirrus_ops = {
52482+static const struct snd_ac97_build_ops patch_cirrus_ops = {
52483 .build_spdif = patch_cirrus_build_spdif
52484 };
52485
52486@@ -1399,7 +1399,7 @@ static int patch_conexant_build_spdif(st
52487 return 0;
52488 }
52489
52490-static struct snd_ac97_build_ops patch_conexant_ops = {
52491+static const struct snd_ac97_build_ops patch_conexant_ops = {
52492 .build_spdif = patch_conexant_build_spdif
52493 };
52494
52495@@ -1501,7 +1501,7 @@ static const struct snd_ac97_res_table a
52496 { AC97_VIDEO, 0x9f1f },
52497 { AC97_AUX, 0x9f1f },
52498 { AC97_PCM, 0x9f1f },
52499- { } /* terminator */
52500+ { 0, 0 } /* terminator */
52501 };
52502
52503 static int patch_ad1819(struct snd_ac97 * ac97)
52504@@ -1575,7 +1575,7 @@ static void patch_ad1881_chained(struct
52505 }
52506 }
52507
52508-static struct snd_ac97_build_ops patch_ad1881_build_ops = {
52509+static const struct snd_ac97_build_ops patch_ad1881_build_ops = {
52510 #ifdef CONFIG_PM
52511 .resume = ad18xx_resume
52512 #endif
52513@@ -1662,7 +1662,7 @@ static int patch_ad1885_specific(struct
52514 return 0;
52515 }
52516
52517-static struct snd_ac97_build_ops patch_ad1885_build_ops = {
52518+static const struct snd_ac97_build_ops patch_ad1885_build_ops = {
52519 .build_specific = &patch_ad1885_specific,
52520 #ifdef CONFIG_PM
52521 .resume = ad18xx_resume
52522@@ -1689,7 +1689,7 @@ static int patch_ad1886_specific(struct
52523 return 0;
52524 }
52525
52526-static struct snd_ac97_build_ops patch_ad1886_build_ops = {
52527+static const struct snd_ac97_build_ops patch_ad1886_build_ops = {
52528 .build_specific = &patch_ad1886_specific,
52529 #ifdef CONFIG_PM
52530 .resume = ad18xx_resume
52531@@ -1894,7 +1894,7 @@ static int patch_ad1981a_specific(struct
52532 ARRAY_SIZE(snd_ac97_ad1981x_jack_sense));
52533 }
52534
52535-static struct snd_ac97_build_ops patch_ad1981a_build_ops = {
52536+static const struct snd_ac97_build_ops patch_ad1981a_build_ops = {
52537 .build_post_spdif = patch_ad198x_post_spdif,
52538 .build_specific = patch_ad1981a_specific,
52539 #ifdef CONFIG_PM
52540@@ -1949,7 +1949,7 @@ static int patch_ad1981b_specific(struct
52541 ARRAY_SIZE(snd_ac97_ad1981x_jack_sense));
52542 }
52543
52544-static struct snd_ac97_build_ops patch_ad1981b_build_ops = {
52545+static const struct snd_ac97_build_ops patch_ad1981b_build_ops = {
52546 .build_post_spdif = patch_ad198x_post_spdif,
52547 .build_specific = patch_ad1981b_specific,
52548 #ifdef CONFIG_PM
52549@@ -2088,7 +2088,7 @@ static int patch_ad1888_specific(struct
52550 return patch_build_controls(ac97, snd_ac97_ad1888_controls, ARRAY_SIZE(snd_ac97_ad1888_controls));
52551 }
52552
52553-static struct snd_ac97_build_ops patch_ad1888_build_ops = {
52554+static const struct snd_ac97_build_ops patch_ad1888_build_ops = {
52555 .build_post_spdif = patch_ad198x_post_spdif,
52556 .build_specific = patch_ad1888_specific,
52557 #ifdef CONFIG_PM
52558@@ -2137,7 +2137,7 @@ static int patch_ad1980_specific(struct
52559 return patch_build_controls(ac97, &snd_ac97_ad198x_2cmic, 1);
52560 }
52561
52562-static struct snd_ac97_build_ops patch_ad1980_build_ops = {
52563+static const struct snd_ac97_build_ops patch_ad1980_build_ops = {
52564 .build_post_spdif = patch_ad198x_post_spdif,
52565 .build_specific = patch_ad1980_specific,
52566 #ifdef CONFIG_PM
52567@@ -2252,7 +2252,7 @@ static int patch_ad1985_specific(struct
52568 ARRAY_SIZE(snd_ac97_ad1985_controls));
52569 }
52570
52571-static struct snd_ac97_build_ops patch_ad1985_build_ops = {
52572+static const struct snd_ac97_build_ops patch_ad1985_build_ops = {
52573 .build_post_spdif = patch_ad198x_post_spdif,
52574 .build_specific = patch_ad1985_specific,
52575 #ifdef CONFIG_PM
52576@@ -2544,7 +2544,7 @@ static int patch_ad1986_specific(struct
52577 ARRAY_SIZE(snd_ac97_ad1985_controls));
52578 }
52579
52580-static struct snd_ac97_build_ops patch_ad1986_build_ops = {
52581+static const struct snd_ac97_build_ops patch_ad1986_build_ops = {
52582 .build_post_spdif = patch_ad198x_post_spdif,
52583 .build_specific = patch_ad1986_specific,
52584 #ifdef CONFIG_PM
52585@@ -2649,7 +2649,7 @@ static int patch_alc650_specific(struct
52586 return 0;
52587 }
52588
52589-static struct snd_ac97_build_ops patch_alc650_ops = {
52590+static const struct snd_ac97_build_ops patch_alc650_ops = {
52591 .build_specific = patch_alc650_specific,
52592 .update_jacks = alc650_update_jacks
52593 };
52594@@ -2801,7 +2801,7 @@ static int patch_alc655_specific(struct
52595 return 0;
52596 }
52597
52598-static struct snd_ac97_build_ops patch_alc655_ops = {
52599+static const struct snd_ac97_build_ops patch_alc655_ops = {
52600 .build_specific = patch_alc655_specific,
52601 .update_jacks = alc655_update_jacks
52602 };
52603@@ -2913,7 +2913,7 @@ static int patch_alc850_specific(struct
52604 return 0;
52605 }
52606
52607-static struct snd_ac97_build_ops patch_alc850_ops = {
52608+static const struct snd_ac97_build_ops patch_alc850_ops = {
52609 .build_specific = patch_alc850_specific,
52610 .update_jacks = alc850_update_jacks
52611 };
52612@@ -2975,7 +2975,7 @@ static int patch_cm9738_specific(struct
52613 return patch_build_controls(ac97, snd_ac97_cm9738_controls, ARRAY_SIZE(snd_ac97_cm9738_controls));
52614 }
52615
52616-static struct snd_ac97_build_ops patch_cm9738_ops = {
52617+static const struct snd_ac97_build_ops patch_cm9738_ops = {
52618 .build_specific = patch_cm9738_specific,
52619 .update_jacks = cm9738_update_jacks
52620 };
52621@@ -3066,7 +3066,7 @@ static int patch_cm9739_post_spdif(struc
52622 return patch_build_controls(ac97, snd_ac97_cm9739_controls_spdif, ARRAY_SIZE(snd_ac97_cm9739_controls_spdif));
52623 }
52624
52625-static struct snd_ac97_build_ops patch_cm9739_ops = {
52626+static const struct snd_ac97_build_ops patch_cm9739_ops = {
52627 .build_specific = patch_cm9739_specific,
52628 .build_post_spdif = patch_cm9739_post_spdif,
52629 .update_jacks = cm9739_update_jacks
52630@@ -3240,7 +3240,7 @@ static int patch_cm9761_specific(struct
52631 return patch_build_controls(ac97, snd_ac97_cm9761_controls, ARRAY_SIZE(snd_ac97_cm9761_controls));
52632 }
52633
52634-static struct snd_ac97_build_ops patch_cm9761_ops = {
52635+static const struct snd_ac97_build_ops patch_cm9761_ops = {
52636 .build_specific = patch_cm9761_specific,
52637 .build_post_spdif = patch_cm9761_post_spdif,
52638 .update_jacks = cm9761_update_jacks
52639@@ -3336,7 +3336,7 @@ static int patch_cm9780_specific(struct
52640 return patch_build_controls(ac97, cm9780_controls, ARRAY_SIZE(cm9780_controls));
52641 }
52642
52643-static struct snd_ac97_build_ops patch_cm9780_ops = {
52644+static const struct snd_ac97_build_ops patch_cm9780_ops = {
52645 .build_specific = patch_cm9780_specific,
52646 .build_post_spdif = patch_cm9761_post_spdif /* identical with CM9761 */
52647 };
52648@@ -3456,7 +3456,7 @@ static int patch_vt1616_specific(struct
52649 return 0;
52650 }
52651
52652-static struct snd_ac97_build_ops patch_vt1616_ops = {
52653+static const struct snd_ac97_build_ops patch_vt1616_ops = {
52654 .build_specific = patch_vt1616_specific
52655 };
52656
52657@@ -3810,7 +3810,7 @@ static int patch_it2646_specific(struct
52658 return 0;
52659 }
52660
52661-static struct snd_ac97_build_ops patch_it2646_ops = {
52662+static const struct snd_ac97_build_ops patch_it2646_ops = {
52663 .build_specific = patch_it2646_specific,
52664 .update_jacks = it2646_update_jacks
52665 };
52666@@ -3844,7 +3844,7 @@ static int patch_si3036_specific(struct
52667 return 0;
52668 }
52669
52670-static struct snd_ac97_build_ops patch_si3036_ops = {
52671+static const struct snd_ac97_build_ops patch_si3036_ops = {
52672 .build_specific = patch_si3036_specific,
52673 };
52674
52675@@ -3877,7 +3877,7 @@ static struct snd_ac97_res_table lm4550_
52676 { AC97_AUX, 0x1f1f },
52677 { AC97_PCM, 0x1f1f },
52678 { AC97_REC_GAIN, 0x0f0f },
52679- { } /* terminator */
52680+ { 0, 0 } /* terminator */
52681 };
52682
52683 static int patch_lm4550(struct snd_ac97 *ac97)
52684@@ -3911,7 +3911,7 @@ static int patch_ucb1400_specific(struct
52685 return 0;
52686 }
52687
52688-static struct snd_ac97_build_ops patch_ucb1400_ops = {
52689+static const struct snd_ac97_build_ops patch_ucb1400_ops = {
52690 .build_specific = patch_ucb1400_specific,
52691 };
52692
52693diff -urNp linux-2.6.32.8/sound/pci/ens1370.c linux-2.6.32.8/sound/pci/ens1370.c
52694--- linux-2.6.32.8/sound/pci/ens1370.c 2010-02-09 07:57:19.000000000 -0500
52695+++ linux-2.6.32.8/sound/pci/ens1370.c 2010-02-13 21:45:10.997773975 -0500
52696@@ -452,7 +452,7 @@ static struct pci_device_id snd_audiopci
52697 { PCI_VDEVICE(ENSONIQ, 0x5880), 0, }, /* ES1373 - CT5880 */
52698 { PCI_VDEVICE(ECTIVA, 0x8938), 0, }, /* Ectiva EV1938 */
52699 #endif
52700- { 0, }
52701+ { 0, 0, 0, 0, 0, 0, 0 }
52702 };
52703
52704 MODULE_DEVICE_TABLE(pci, snd_audiopci_ids);
52705diff -urNp linux-2.6.32.8/sound/pci/intel8x0.c linux-2.6.32.8/sound/pci/intel8x0.c
52706--- linux-2.6.32.8/sound/pci/intel8x0.c 2010-02-09 07:57:19.000000000 -0500
52707+++ linux-2.6.32.8/sound/pci/intel8x0.c 2010-02-13 21:45:11.013863921 -0500
52708@@ -444,7 +444,7 @@ static struct pci_device_id snd_intel8x0
52709 { PCI_VDEVICE(AMD, 0x746d), DEVICE_INTEL }, /* AMD8111 */
52710 { PCI_VDEVICE(AMD, 0x7445), DEVICE_INTEL }, /* AMD768 */
52711 { PCI_VDEVICE(AL, 0x5455), DEVICE_ALI }, /* Ali5455 */
52712- { 0, }
52713+ { 0, 0, 0, 0, 0, 0, 0 }
52714 };
52715
52716 MODULE_DEVICE_TABLE(pci, snd_intel8x0_ids);
52717@@ -2123,7 +2123,7 @@ static struct ac97_quirk ac97_quirks[] _
52718 .type = AC97_TUNE_HP_ONLY
52719 },
52720 #endif
52721- { } /* terminator */
52722+ { 0, 0, 0, 0, NULL, 0 } /* terminator */
52723 };
52724
52725 static int __devinit snd_intel8x0_mixer(struct intel8x0 *chip, int ac97_clock,
52726diff -urNp linux-2.6.32.8/sound/pci/intel8x0m.c linux-2.6.32.8/sound/pci/intel8x0m.c
52727--- linux-2.6.32.8/sound/pci/intel8x0m.c 2010-02-09 07:57:19.000000000 -0500
52728+++ linux-2.6.32.8/sound/pci/intel8x0m.c 2010-02-13 21:45:11.025655610 -0500
52729@@ -239,7 +239,7 @@ static struct pci_device_id snd_intel8x0
52730 { PCI_VDEVICE(AMD, 0x746d), DEVICE_INTEL }, /* AMD8111 */
52731 { PCI_VDEVICE(AL, 0x5455), DEVICE_ALI }, /* Ali5455 */
52732 #endif
52733- { 0, }
52734+ { 0, 0, 0, 0, 0, 0, 0 }
52735 };
52736
52737 MODULE_DEVICE_TABLE(pci, snd_intel8x0m_ids);
52738@@ -1264,7 +1264,7 @@ static struct shortname_table {
52739 { 0x5455, "ALi M5455" },
52740 { 0x746d, "AMD AMD8111" },
52741 #endif
52742- { 0 },
52743+ { 0, NULL },
52744 };
52745
52746 static int __devinit snd_intel8x0m_probe(struct pci_dev *pci,
52747diff -urNp linux-2.6.32.8/usr/gen_init_cpio.c linux-2.6.32.8/usr/gen_init_cpio.c
52748--- linux-2.6.32.8/usr/gen_init_cpio.c 2010-02-09 07:57:19.000000000 -0500
52749+++ linux-2.6.32.8/usr/gen_init_cpio.c 2010-02-13 21:45:11.025655610 -0500
52750@@ -299,7 +299,7 @@ static int cpio_mkfile(const char *name,
52751 int retval;
52752 int rc = -1;
52753 int namesize;
52754- int i;
52755+ unsigned int i;
52756
52757 mode |= S_IFREG;
52758
52759@@ -383,9 +383,10 @@ static char *cpio_replace_env(char *new_
52760 *env_var = *expanded = '\0';
52761 strncat(env_var, start + 2, end - start - 2);
52762 strncat(expanded, new_location, start - new_location);
52763- strncat(expanded, getenv(env_var), PATH_MAX);
52764- strncat(expanded, end + 1, PATH_MAX);
52765+ strncat(expanded, getenv(env_var), PATH_MAX - strlen(expanded));
52766+ strncat(expanded, end + 1, PATH_MAX - strlen(expanded));
52767 strncpy(new_location, expanded, PATH_MAX);
52768+ new_location[PATH_MAX] = 0;
52769 } else
52770 break;
52771 }
52772diff -urNp linux-2.6.32.8/virt/kvm/kvm_main.c linux-2.6.32.8/virt/kvm/kvm_main.c
52773--- linux-2.6.32.8/virt/kvm/kvm_main.c 2010-02-09 07:57:19.000000000 -0500
52774+++ linux-2.6.32.8/virt/kvm/kvm_main.c 2010-02-13 21:45:11.026532731 -0500
52775@@ -1745,6 +1745,7 @@ static int kvm_vcpu_release(struct inode
52776 return 0;
52777 }
52778
52779+/* cannot be const */
52780 static struct file_operations kvm_vcpu_fops = {
52781 .release = kvm_vcpu_release,
52782 .unlocked_ioctl = kvm_vcpu_ioctl,
52783@@ -2341,6 +2342,7 @@ static int kvm_vm_mmap(struct file *file
52784 return 0;
52785 }
52786
52787+/* cannot be const */
52788 static struct file_operations kvm_vm_fops = {
52789 .release = kvm_vm_release,
52790 .unlocked_ioctl = kvm_vm_ioctl,
52791@@ -2428,6 +2430,7 @@ out:
52792 return r;
52793 }
52794
52795+/* cannot be const */
52796 static struct file_operations kvm_chardev_ops = {
52797 .unlocked_ioctl = kvm_dev_ioctl,
52798 .compat_ioctl = kvm_dev_ioctl,
52799@@ -2437,6 +2440,9 @@ static struct miscdevice kvm_dev = {
52800 KVM_MINOR,
52801 "kvm",
52802 &kvm_chardev_ops,
52803+ {NULL, NULL},
52804+ NULL,
52805+ NULL
52806 };
52807
52808 static void hardware_enable(void *junk)
52809@@ -2711,7 +2717,7 @@ static void kvm_sched_out(struct preempt
52810 kvm_arch_vcpu_put(vcpu);
52811 }
52812
52813-int kvm_init(void *opaque, unsigned int vcpu_size,
52814+int kvm_init(const void *opaque, unsigned int vcpu_size,
52815 struct module *module)
52816 {
52817 int r;
diff --git a/testing/linux-grsec/kernelconfig.x86 b/testing/linux-grsec/kernelconfig.x86
deleted file mode 100644
index a0b44d4889..0000000000
--- a/testing/linux-grsec/kernelconfig.x86
+++ /dev/null
@@ -1,4606 +0,0 @@
1#
2# Automatically generated make config: don't edit
3# Linux kernel version: 2.6.32.6
4# Fri Jan 29 10:27:23 2010
5#
6# CONFIG_64BIT is not set
7CONFIG_X86_32=y
8# CONFIG_X86_64 is not set
9CONFIG_X86=y
10CONFIG_OUTPUT_FORMAT="elf32-i386"
11CONFIG_ARCH_DEFCONFIG="arch/x86/configs/i386_defconfig"
12CONFIG_GENERIC_TIME=y
13CONFIG_GENERIC_CMOS_UPDATE=y
14CONFIG_CLOCKSOURCE_WATCHDOG=y
15CONFIG_GENERIC_CLOCKEVENTS=y
16CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
17CONFIG_LOCKDEP_SUPPORT=y
18CONFIG_STACKTRACE_SUPPORT=y
19CONFIG_HAVE_LATENCYTOP_SUPPORT=y
20CONFIG_MMU=y
21CONFIG_ZONE_DMA=y
22CONFIG_GENERIC_ISA_DMA=y
23CONFIG_GENERIC_IOMAP=y
24CONFIG_GENERIC_BUG=y
25CONFIG_GENERIC_HWEIGHT=y
26CONFIG_GENERIC_GPIO=y
27CONFIG_ARCH_MAY_HAVE_PC_FDC=y
28# CONFIG_RWSEM_GENERIC_SPINLOCK is not set
29CONFIG_RWSEM_XCHGADD_ALGORITHM=y
30CONFIG_ARCH_HAS_CPU_IDLE_WAIT=y
31CONFIG_GENERIC_CALIBRATE_DELAY=y
32# CONFIG_GENERIC_TIME_VSYSCALL is not set
33CONFIG_ARCH_HAS_CPU_RELAX=y
34CONFIG_ARCH_HAS_DEFAULT_IDLE=y
35CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
36CONFIG_HAVE_SETUP_PER_CPU_AREA=y
37CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
38CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
39# CONFIG_HAVE_CPUMASK_OF_CPU_MAP is not set
40CONFIG_ARCH_HIBERNATION_POSSIBLE=y
41CONFIG_ARCH_SUSPEND_POSSIBLE=y
42# CONFIG_ZONE_DMA32 is not set
43CONFIG_ARCH_POPULATES_NODE_MAP=y
44# CONFIG_AUDIT_ARCH is not set
45CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
46CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
47CONFIG_GENERIC_HARDIRQS=y
48CONFIG_GENERIC_HARDIRQS_NO__DO_IRQ=y
49CONFIG_GENERIC_IRQ_PROBE=y
50CONFIG_GENERIC_PENDING_IRQ=y
51CONFIG_USE_GENERIC_SMP_HELPERS=y
52CONFIG_X86_32_SMP=y
53CONFIG_X86_HT=y
54CONFIG_X86_TRAMPOLINE=y
55CONFIG_X86_32_LAZY_GS=y
56CONFIG_KTIME_SCALAR=y
57CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
58CONFIG_CONSTRUCTORS=y
59
60#
61# General setup
62#
63CONFIG_EXPERIMENTAL=y
64CONFIG_LOCK_KERNEL=y
65CONFIG_INIT_ENV_ARG_LIMIT=32
66CONFIG_LOCALVERSION=""
67# CONFIG_LOCALVERSION_AUTO is not set
68CONFIG_HAVE_KERNEL_GZIP=y
69CONFIG_HAVE_KERNEL_BZIP2=y
70CONFIG_HAVE_KERNEL_LZMA=y
71CONFIG_KERNEL_GZIP=y
72# CONFIG_KERNEL_BZIP2 is not set
73# CONFIG_KERNEL_LZMA is not set
74CONFIG_SWAP=y
75CONFIG_SYSVIPC=y
76CONFIG_SYSVIPC_SYSCTL=y
77# CONFIG_POSIX_MQUEUE is not set
78CONFIG_BSD_PROCESS_ACCT=y
79CONFIG_BSD_PROCESS_ACCT_V3=y
80# CONFIG_TASKSTATS is not set
81# CONFIG_AUDIT is not set
82
83#
84# RCU Subsystem
85#
86CONFIG_TREE_RCU=y
87# CONFIG_TREE_PREEMPT_RCU is not set
88# CONFIG_RCU_TRACE is not set
89CONFIG_RCU_FANOUT=32
90# CONFIG_RCU_FANOUT_EXACT is not set
91# CONFIG_TREE_RCU_TRACE is not set
92CONFIG_IKCONFIG=m
93CONFIG_IKCONFIG_PROC=y
94CONFIG_LOG_BUF_SHIFT=14
95CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
96CONFIG_GROUP_SCHED=y
97CONFIG_FAIR_GROUP_SCHED=y
98# CONFIG_RT_GROUP_SCHED is not set
99CONFIG_USER_SCHED=y
100# CONFIG_CGROUP_SCHED is not set
101# CONFIG_CGROUPS is not set
102# CONFIG_SYSFS_DEPRECATED_V2 is not set
103# CONFIG_RELAY is not set
104# CONFIG_NAMESPACES is not set
105CONFIG_BLK_DEV_INITRD=y
106CONFIG_INITRAMFS_SOURCE=""
107CONFIG_RD_GZIP=y
108CONFIG_RD_BZIP2=y
109CONFIG_RD_LZMA=y
110CONFIG_CC_OPTIMIZE_FOR_SIZE=y
111CONFIG_SYSCTL=y
112CONFIG_ANON_INODES=y
113CONFIG_EMBEDDED=y
114CONFIG_UID16=y
115CONFIG_SYSCTL_SYSCALL=y
116# CONFIG_KALLSYMS is not set
117CONFIG_HOTPLUG=y
118CONFIG_PRINTK=y
119CONFIG_BUG=y
120CONFIG_ELF_CORE=y
121CONFIG_PCSPKR_PLATFORM=y
122CONFIG_BASE_FULL=y
123CONFIG_FUTEX=y
124CONFIG_EPOLL=y
125CONFIG_SIGNALFD=y
126CONFIG_TIMERFD=y
127CONFIG_EVENTFD=y
128CONFIG_SHMEM=y
129CONFIG_AIO=y
130CONFIG_HAVE_PERF_EVENTS=y
131
132#
133# Kernel Performance Events And Counters
134#
135CONFIG_PERF_EVENTS=y
136# CONFIG_EVENT_PROFILE is not set
137CONFIG_PERF_COUNTERS=y
138CONFIG_VM_EVENT_COUNTERS=y
139CONFIG_PCI_QUIRKS=y
140# CONFIG_SLUB_DEBUG is not set
141# CONFIG_COMPAT_BRK is not set
142# CONFIG_SLAB is not set
143CONFIG_SLUB=y
144# CONFIG_SLOB is not set
145CONFIG_PROFILING=y
146CONFIG_TRACEPOINTS=y
147CONFIG_OPROFILE=m
148# CONFIG_OPROFILE_IBS is not set
149# CONFIG_OPROFILE_EVENT_MULTIPLEX is not set
150CONFIG_HAVE_OPROFILE=y
151CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
152CONFIG_HAVE_IOREMAP_PROT=y
153CONFIG_HAVE_KPROBES=y
154CONFIG_HAVE_KRETPROBES=y
155CONFIG_HAVE_ARCH_TRACEHOOK=y
156CONFIG_HAVE_DMA_ATTRS=y
157CONFIG_HAVE_DMA_API_DEBUG=y
158
159#
160# GCOV-based kernel profiling
161#
162# CONFIG_GCOV_KERNEL is not set
163CONFIG_SLOW_WORK=y
164# CONFIG_SLOW_WORK_DEBUG is not set
165CONFIG_HAVE_GENERIC_DMA_COHERENT=y
166CONFIG_RT_MUTEXES=y
167CONFIG_BASE_SMALL=0
168CONFIG_MODULES=y
169# CONFIG_MODULE_FORCE_LOAD is not set
170CONFIG_MODULE_UNLOAD=y
171# CONFIG_MODULE_FORCE_UNLOAD is not set
172CONFIG_MODVERSIONS=y
173# CONFIG_MODULE_SRCVERSION_ALL is not set
174CONFIG_STOP_MACHINE=y
175CONFIG_BLOCK=y
176CONFIG_LBDAF=y
177CONFIG_BLK_DEV_BSG=y
178# CONFIG_BLK_DEV_INTEGRITY is not set
179
180#
181# IO Schedulers
182#
183CONFIG_IOSCHED_NOOP=y
184CONFIG_IOSCHED_AS=m
185CONFIG_IOSCHED_DEADLINE=m
186CONFIG_IOSCHED_CFQ=y
187# CONFIG_DEFAULT_AS is not set
188# CONFIG_DEFAULT_DEADLINE is not set
189CONFIG_DEFAULT_CFQ=y
190# CONFIG_DEFAULT_NOOP is not set
191CONFIG_DEFAULT_IOSCHED="cfq"
192CONFIG_PREEMPT_NOTIFIERS=y
193CONFIG_FREEZER=y
194
195#
196# Processor type and features
197#
198CONFIG_TICK_ONESHOT=y
199CONFIG_NO_HZ=y
200CONFIG_HIGH_RES_TIMERS=y
201CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
202CONFIG_SMP=y
203# CONFIG_SPARSE_IRQ is not set
204CONFIG_X86_MPPARSE=y
205# CONFIG_X86_BIGSMP is not set
206CONFIG_X86_EXTENDED_PLATFORM=y
207# CONFIG_X86_ELAN is not set
208# CONFIG_X86_MRST is not set
209# CONFIG_X86_RDC321X is not set
210# CONFIG_X86_32_NON_STANDARD is not set
211CONFIG_SCHED_OMIT_FRAME_POINTER=y
212CONFIG_PARAVIRT_GUEST=y
213CONFIG_VMI=y
214CONFIG_KVM_CLOCK=y
215CONFIG_KVM_GUEST=y
216CONFIG_LGUEST_GUEST=y
217CONFIG_PARAVIRT=y
218# CONFIG_PARAVIRT_SPINLOCKS is not set
219CONFIG_PARAVIRT_CLOCK=y
220# CONFIG_MEMTEST is not set
221# CONFIG_M386 is not set
222# CONFIG_M486 is not set
223CONFIG_M586=y
224# CONFIG_M586TSC is not set
225# CONFIG_M586MMX is not set
226# CONFIG_M686 is not set
227# CONFIG_MPENTIUMII is not set
228# CONFIG_MPENTIUMIII is not set
229# CONFIG_MPENTIUMM is not set
230# CONFIG_MPENTIUM4 is not set
231# CONFIG_MK6 is not set
232# CONFIG_MK7 is not set
233# CONFIG_MK8 is not set
234# CONFIG_MCRUSOE is not set
235# CONFIG_MEFFICEON is not set
236# CONFIG_MWINCHIPC6 is not set
237# CONFIG_MWINCHIP3D is not set
238# CONFIG_MGEODEGX1 is not set
239# CONFIG_MGEODE_LX is not set
240# CONFIG_MCYRIXIII is not set
241# CONFIG_MVIAC3_2 is not set
242# CONFIG_MVIAC7 is not set
243# CONFIG_MPSC is not set
244# CONFIG_MCORE2 is not set
245# CONFIG_MATOM is not set
246# CONFIG_GENERIC_CPU is not set
247CONFIG_X86_GENERIC=y
248CONFIG_X86_CPU=y
249CONFIG_X86_L1_CACHE_BYTES=64
250CONFIG_X86_INTERNODE_CACHE_BYTES=64
251CONFIG_X86_CMPXCHG=y
252CONFIG_X86_L1_CACHE_SHIFT=5
253CONFIG_X86_XADD=y
254# CONFIG_X86_PPRO_FENCE is not set
255CONFIG_X86_WP_WORKS_OK=y
256CONFIG_X86_INVLPG=y
257CONFIG_X86_BSWAP=y
258CONFIG_X86_POPAD_OK=y
259CONFIG_X86_ALIGNMENT_16=y
260CONFIG_X86_INTEL_USERCOPY=y
261CONFIG_X86_MINIMUM_CPU_FAMILY=4
262# CONFIG_PROCESSOR_SELECT is not set
263CONFIG_CPU_SUP_INTEL=y
264CONFIG_CPU_SUP_CYRIX_32=y
265CONFIG_CPU_SUP_AMD=y
266CONFIG_CPU_SUP_CENTAUR=y
267CONFIG_CPU_SUP_TRANSMETA_32=y
268CONFIG_CPU_SUP_UMC_32=y
269CONFIG_HPET_TIMER=y
270CONFIG_HPET_EMULATE_RTC=y
271CONFIG_DMI=y
272# CONFIG_IOMMU_HELPER is not set
273# CONFIG_IOMMU_API is not set
274CONFIG_NR_CPUS=8
275CONFIG_SCHED_SMT=y
276CONFIG_SCHED_MC=y
277# CONFIG_PREEMPT_NONE is not set
278CONFIG_PREEMPT_VOLUNTARY=y
279# CONFIG_PREEMPT is not set
280CONFIG_X86_LOCAL_APIC=y
281CONFIG_X86_IO_APIC=y
282# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
283# CONFIG_X86_MCE is not set
284CONFIG_VM86=y
285CONFIG_TOSHIBA=m
286CONFIG_I8K=m
287CONFIG_X86_REBOOTFIXUPS=y
288CONFIG_MICROCODE=m
289CONFIG_MICROCODE_INTEL=y
290CONFIG_MICROCODE_AMD=y
291CONFIG_MICROCODE_OLD_INTERFACE=y
292CONFIG_X86_MSR=m
293CONFIG_X86_CPUID=m
294CONFIG_X86_CPU_DEBUG=m
295# CONFIG_NOHIGHMEM is not set
296CONFIG_HIGHMEM4G=y
297# CONFIG_HIGHMEM64G is not set
298CONFIG_VMSPLIT_3G=y
299# CONFIG_VMSPLIT_3G_OPT is not set
300# CONFIG_VMSPLIT_2G is not set
301# CONFIG_VMSPLIT_2G_OPT is not set
302# CONFIG_VMSPLIT_1G is not set
303CONFIG_PAGE_OFFSET=0xC0000000
304CONFIG_HIGHMEM=y
305# CONFIG_ARCH_PHYS_ADDR_T_64BIT is not set
306CONFIG_ARCH_FLATMEM_ENABLE=y
307CONFIG_ARCH_SPARSEMEM_ENABLE=y
308CONFIG_ARCH_SELECT_MEMORY_MODEL=y
309CONFIG_SELECT_MEMORY_MODEL=y
310CONFIG_FLATMEM_MANUAL=y
311# CONFIG_DISCONTIGMEM_MANUAL is not set
312# CONFIG_SPARSEMEM_MANUAL is not set
313CONFIG_FLATMEM=y
314CONFIG_FLAT_NODE_MEM_MAP=y
315CONFIG_SPARSEMEM_STATIC=y
316CONFIG_PAGEFLAGS_EXTENDED=y
317CONFIG_SPLIT_PTLOCK_CPUS=4
318# CONFIG_PHYS_ADDR_T_64BIT is not set
319CONFIG_ZONE_DMA_FLAG=1
320CONFIG_BOUNCE=y
321CONFIG_VIRT_TO_BUS=y
322CONFIG_HAVE_MLOCK=y
323CONFIG_HAVE_MLOCKED_PAGE_BIT=y
324CONFIG_MMU_NOTIFIER=y
325# CONFIG_KSM is not set
326CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
327# CONFIG_HIGHPTE is not set
328# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
329CONFIG_X86_RESERVE_LOW_64K=y
330CONFIG_MATH_EMULATION=y
331CONFIG_MTRR=y
332CONFIG_MTRR_SANITIZER=y
333CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
334CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
335CONFIG_X86_PAT=y
336CONFIG_ARCH_USES_PG_UNCACHED=y
337# CONFIG_SECCOMP is not set
338# CONFIG_CC_STACKPROTECTOR is not set
339# CONFIG_HZ_100 is not set
340# CONFIG_HZ_250 is not set
341CONFIG_HZ_300=y
342# CONFIG_HZ_1000 is not set
343CONFIG_HZ=300
344CONFIG_SCHED_HRTICK=y
345# CONFIG_KEXEC is not set
346# CONFIG_CRASH_DUMP is not set
347CONFIG_PHYSICAL_START=0x1000000
348# CONFIG_RELOCATABLE is not set
349CONFIG_PHYSICAL_ALIGN=0x1000000
350CONFIG_HOTPLUG_CPU=y
351# CONFIG_CMDLINE_BOOL is not set
352CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
353
354#
355# Power management and ACPI options
356#
357CONFIG_PM=y
358# CONFIG_PM_DEBUG is not set
359CONFIG_PM_SLEEP_SMP=y
360CONFIG_PM_SLEEP=y
361CONFIG_SUSPEND=y
362CONFIG_SUSPEND_FREEZER=y
363# CONFIG_HIBERNATION is not set
364# CONFIG_PM_RUNTIME is not set
365CONFIG_ACPI=y
366CONFIG_ACPI_SLEEP=y
367CONFIG_ACPI_PROCFS=y
368CONFIG_ACPI_PROCFS_POWER=y
369# CONFIG_ACPI_POWER_METER is not set
370CONFIG_ACPI_SYSFS_POWER=y
371CONFIG_ACPI_PROC_EVENT=y
372CONFIG_ACPI_AC=m
373CONFIG_ACPI_BATTERY=m
374CONFIG_ACPI_BUTTON=m
375CONFIG_ACPI_VIDEO=m
376CONFIG_ACPI_FAN=m
377CONFIG_ACPI_DOCK=y
378CONFIG_ACPI_PROCESSOR=m
379CONFIG_ACPI_HOTPLUG_CPU=y
380# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
381CONFIG_ACPI_THERMAL=m
382# CONFIG_ACPI_CUSTOM_DSDT is not set
383CONFIG_ACPI_BLACKLIST_YEAR=2000
384# CONFIG_ACPI_DEBUG is not set
385CONFIG_ACPI_PCI_SLOT=m
386CONFIG_X86_PM_TIMER=y
387CONFIG_ACPI_CONTAINER=m
388CONFIG_ACPI_SBS=m
389# CONFIG_SFI is not set
390# CONFIG_APM is not set
391
392#
393# CPU Frequency scaling
394#
395CONFIG_CPU_FREQ=y
396CONFIG_CPU_FREQ_TABLE=m
397# CONFIG_CPU_FREQ_DEBUG is not set
398CONFIG_CPU_FREQ_STAT=m
399# CONFIG_CPU_FREQ_STAT_DETAILS is not set
400CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
401# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set
402# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set
403# CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set
404# CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set
405CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
406CONFIG_CPU_FREQ_GOV_POWERSAVE=m
407CONFIG_CPU_FREQ_GOV_USERSPACE=m
408CONFIG_CPU_FREQ_GOV_ONDEMAND=m
409CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m
410
411#
412# CPUFreq processor drivers
413#
414CONFIG_X86_ACPI_CPUFREQ=m
415CONFIG_X86_POWERNOW_K6=m
416CONFIG_X86_POWERNOW_K7=m
417CONFIG_X86_POWERNOW_K7_ACPI=y
418CONFIG_X86_POWERNOW_K8=m
419CONFIG_X86_GX_SUSPMOD=m
420CONFIG_X86_SPEEDSTEP_CENTRINO=m
421CONFIG_X86_SPEEDSTEP_CENTRINO_TABLE=y
422CONFIG_X86_SPEEDSTEP_ICH=m
423CONFIG_X86_SPEEDSTEP_SMI=m
424CONFIG_X86_P4_CLOCKMOD=m
425CONFIG_X86_CPUFREQ_NFORCE2=m
426CONFIG_X86_LONGRUN=m
427CONFIG_X86_LONGHAUL=m
428CONFIG_X86_E_POWERSAVER=m
429
430#
431# shared options
432#
433CONFIG_X86_SPEEDSTEP_LIB=m
434CONFIG_X86_SPEEDSTEP_RELAXED_CAP_CHECK=y
435CONFIG_CPU_IDLE=y
436CONFIG_CPU_IDLE_GOV_LADDER=y
437CONFIG_CPU_IDLE_GOV_MENU=y
438
439#
440# Bus options (PCI etc.)
441#
442CONFIG_PCI=y
443# CONFIG_PCI_GOBIOS is not set
444# CONFIG_PCI_GOMMCONFIG is not set
445# CONFIG_PCI_GODIRECT is not set
446# CONFIG_PCI_GOOLPC is not set
447CONFIG_PCI_GOANY=y
448CONFIG_PCI_BIOS=y
449CONFIG_PCI_DIRECT=y
450CONFIG_PCI_MMCONFIG=y
451CONFIG_PCI_DOMAINS=y
452CONFIG_PCIEPORTBUS=y
453CONFIG_HOTPLUG_PCI_PCIE=m
454# CONFIG_PCIEAER is not set
455CONFIG_PCIEASPM=y
456# CONFIG_PCIEASPM_DEBUG is not set
457CONFIG_ARCH_SUPPORTS_MSI=y
458# CONFIG_PCI_MSI is not set
459CONFIG_PCI_LEGACY=y
460CONFIG_PCI_STUB=m
461CONFIG_HT_IRQ=y
462# CONFIG_PCI_IOV is not set
463CONFIG_ISA_DMA_API=y
464CONFIG_ISA=y
465# CONFIG_EISA is not set
466# CONFIG_MCA is not set
467CONFIG_SCx200=m
468CONFIG_SCx200HR_TIMER=m
469# CONFIG_OLPC is not set
470CONFIG_K8_NB=y
471CONFIG_PCCARD=m
472# CONFIG_PCMCIA_DEBUG is not set
473CONFIG_PCMCIA=m
474CONFIG_PCMCIA_LOAD_CIS=y
475CONFIG_PCMCIA_IOCTL=y
476CONFIG_CARDBUS=y
477
478#
479# PC-card bridges
480#
481CONFIG_YENTA=m
482CONFIG_YENTA_O2=y
483CONFIG_YENTA_RICOH=y
484CONFIG_YENTA_TI=y
485CONFIG_YENTA_ENE_TUNE=y
486CONFIG_YENTA_TOSHIBA=y
487CONFIG_PD6729=m
488CONFIG_I82092=m
489CONFIG_I82365=m
490CONFIG_TCIC=m
491CONFIG_PCMCIA_PROBE=y
492CONFIG_PCCARD_NONSTATIC=m
493CONFIG_HOTPLUG_PCI=m
494CONFIG_HOTPLUG_PCI_FAKE=m
495CONFIG_HOTPLUG_PCI_COMPAQ=m
496# CONFIG_HOTPLUG_PCI_COMPAQ_NVRAM is not set
497CONFIG_HOTPLUG_PCI_IBM=m
498CONFIG_HOTPLUG_PCI_ACPI=m
499CONFIG_HOTPLUG_PCI_ACPI_IBM=m
500CONFIG_HOTPLUG_PCI_CPCI=y
501CONFIG_HOTPLUG_PCI_CPCI_ZT5550=m
502CONFIG_HOTPLUG_PCI_CPCI_GENERIC=m
503CONFIG_HOTPLUG_PCI_SHPC=m
504
505#
506# Executable file formats / Emulations
507#
508CONFIG_BINFMT_ELF=y
509# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
510CONFIG_HAVE_AOUT=y
511CONFIG_BINFMT_AOUT=m
512CONFIG_BINFMT_MISC=m
513CONFIG_HAVE_ATOMIC_IOMAP=y
514CONFIG_NET=y
515
516#
517# Networking options
518#
519CONFIG_PACKET=m
520CONFIG_PACKET_MMAP=y
521CONFIG_UNIX=y
522CONFIG_XFRM=y
523CONFIG_XFRM_USER=m
524CONFIG_XFRM_SUB_POLICY=y
525CONFIG_XFRM_MIGRATE=y
526# CONFIG_XFRM_STATISTICS is not set
527CONFIG_XFRM_IPCOMP=m
528CONFIG_NET_KEY=m
529CONFIG_NET_KEY_MIGRATE=y
530CONFIG_INET=y
531CONFIG_IP_MULTICAST=y
532CONFIG_IP_ADVANCED_ROUTER=y
533CONFIG_ASK_IP_FIB_HASH=y
534# CONFIG_IP_FIB_TRIE is not set
535CONFIG_IP_FIB_HASH=y
536CONFIG_IP_MULTIPLE_TABLES=y
537CONFIG_IP_ROUTE_MULTIPATH=y
538CONFIG_IP_ROUTE_VERBOSE=y
539CONFIG_IP_PNP=y
540CONFIG_IP_PNP_DHCP=y
541CONFIG_IP_PNP_BOOTP=y
542CONFIG_IP_PNP_RARP=y
543CONFIG_NET_IPIP=m
544CONFIG_NET_IPGRE=m
545CONFIG_NET_IPGRE_BROADCAST=y
546CONFIG_IP_MROUTE=y
547# CONFIG_IP_PIMSM_V1 is not set
548CONFIG_IP_PIMSM_V2=y
549CONFIG_ARPD=y
550CONFIG_SYN_COOKIES=y
551CONFIG_INET_AH=m
552CONFIG_INET_ESP=m
553CONFIG_INET_IPCOMP=m
554CONFIG_INET_XFRM_TUNNEL=m
555CONFIG_INET_TUNNEL=m
556CONFIG_INET_XFRM_MODE_TRANSPORT=m
557CONFIG_INET_XFRM_MODE_TUNNEL=m
558CONFIG_INET_XFRM_MODE_BEET=m
559CONFIG_INET_LRO=y
560CONFIG_INET_DIAG=m
561CONFIG_INET_TCP_DIAG=m
562CONFIG_TCP_CONG_ADVANCED=y
563CONFIG_TCP_CONG_BIC=m
564CONFIG_TCP_CONG_CUBIC=y
565CONFIG_TCP_CONG_WESTWOOD=m
566CONFIG_TCP_CONG_HTCP=m
567CONFIG_TCP_CONG_HSTCP=m
568CONFIG_TCP_CONG_HYBLA=m
569CONFIG_TCP_CONG_VEGAS=m
570CONFIG_TCP_CONG_SCALABLE=m
571CONFIG_TCP_CONG_LP=m
572CONFIG_TCP_CONG_VENO=m
573CONFIG_TCP_CONG_YEAH=m
574CONFIG_TCP_CONG_ILLINOIS=m
575# CONFIG_DEFAULT_BIC is not set
576CONFIG_DEFAULT_CUBIC=y
577# CONFIG_DEFAULT_HTCP is not set
578# CONFIG_DEFAULT_VEGAS is not set
579# CONFIG_DEFAULT_WESTWOOD is not set
580# CONFIG_DEFAULT_RENO is not set
581CONFIG_DEFAULT_TCP_CONG="cubic"
582CONFIG_TCP_MD5SIG=y
583CONFIG_IPV6=m
584CONFIG_IPV6_PRIVACY=y
585CONFIG_IPV6_ROUTER_PREF=y
586CONFIG_IPV6_ROUTE_INFO=y
587# CONFIG_IPV6_OPTIMISTIC_DAD is not set
588CONFIG_INET6_AH=m
589CONFIG_INET6_ESP=m
590CONFIG_INET6_IPCOMP=m
591CONFIG_IPV6_MIP6=m
592CONFIG_INET6_XFRM_TUNNEL=m
593CONFIG_INET6_TUNNEL=m
594CONFIG_INET6_XFRM_MODE_TRANSPORT=m
595CONFIG_INET6_XFRM_MODE_TUNNEL=m
596CONFIG_INET6_XFRM_MODE_BEET=m
597CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
598CONFIG_IPV6_SIT=m
599CONFIG_IPV6_NDISC_NODETYPE=y
600CONFIG_IPV6_TUNNEL=m
601CONFIG_IPV6_MULTIPLE_TABLES=y
602CONFIG_IPV6_SUBTREES=y
603CONFIG_IPV6_MROUTE=y
604CONFIG_IPV6_PIMSM_V2=y
605CONFIG_NETLABEL=y
606CONFIG_NETWORK_SECMARK=y
607CONFIG_NETFILTER=y
608# CONFIG_NETFILTER_DEBUG is not set
609CONFIG_NETFILTER_ADVANCED=y
610CONFIG_BRIDGE_NETFILTER=y
611
612#
613# Core Netfilter Configuration
614#
615CONFIG_NETFILTER_NETLINK=m
616CONFIG_NETFILTER_NETLINK_QUEUE=m
617CONFIG_NETFILTER_NETLINK_LOG=m
618CONFIG_NF_CONNTRACK=m
619CONFIG_NF_CT_ACCT=y
620CONFIG_NF_CONNTRACK_MARK=y
621CONFIG_NF_CONNTRACK_SECMARK=y
622CONFIG_NF_CONNTRACK_EVENTS=y
623CONFIG_NF_CT_PROTO_DCCP=m
624CONFIG_NF_CT_PROTO_GRE=m
625CONFIG_NF_CT_PROTO_SCTP=m
626CONFIG_NF_CT_PROTO_UDPLITE=m
627CONFIG_NF_CONNTRACK_AMANDA=m
628CONFIG_NF_CONNTRACK_FTP=m
629CONFIG_NF_CONNTRACK_H323=m
630CONFIG_NF_CONNTRACK_IRC=m
631CONFIG_NF_CONNTRACK_NETBIOS_NS=m
632CONFIG_NF_CONNTRACK_PPTP=m
633CONFIG_NF_CONNTRACK_SANE=m
634CONFIG_NF_CONNTRACK_SIP=m
635CONFIG_NF_CONNTRACK_TFTP=m
636CONFIG_NF_CT_NETLINK=m
637CONFIG_NETFILTER_TPROXY=m
638CONFIG_NETFILTER_XTABLES=m
639CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
640CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
641CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
642CONFIG_NETFILTER_XT_TARGET_DSCP=m
643CONFIG_NETFILTER_XT_TARGET_HL=m
644CONFIG_NETFILTER_XT_TARGET_LED=m
645CONFIG_NETFILTER_XT_TARGET_MARK=m
646CONFIG_NETFILTER_XT_TARGET_NFLOG=m
647CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
648CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
649CONFIG_NETFILTER_XT_TARGET_RATEEST=m
650CONFIG_NETFILTER_XT_TARGET_TPROXY=m
651CONFIG_NETFILTER_XT_TARGET_TRACE=m
652CONFIG_NETFILTER_XT_TARGET_SECMARK=m
653CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
654CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
655CONFIG_NETFILTER_XT_MATCH_CLUSTER=m
656CONFIG_NETFILTER_XT_MATCH_COMMENT=m
657CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
658CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m
659CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
660CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
661CONFIG_NETFILTER_XT_MATCH_DCCP=m
662CONFIG_NETFILTER_XT_MATCH_DSCP=m
663CONFIG_NETFILTER_XT_MATCH_ESP=m
664CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
665CONFIG_NETFILTER_XT_MATCH_HELPER=m
666CONFIG_NETFILTER_XT_MATCH_HL=m
667CONFIG_NETFILTER_XT_MATCH_IPRANGE=m
668CONFIG_NETFILTER_XT_MATCH_LENGTH=m
669CONFIG_NETFILTER_XT_MATCH_LIMIT=m
670CONFIG_NETFILTER_XT_MATCH_MAC=m
671CONFIG_NETFILTER_XT_MATCH_MARK=m
672CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
673CONFIG_NETFILTER_XT_MATCH_OWNER=m
674CONFIG_NETFILTER_XT_MATCH_POLICY=m
675CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
676CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
677CONFIG_NETFILTER_XT_MATCH_QUOTA=m
678CONFIG_NETFILTER_XT_MATCH_RATEEST=m
679CONFIG_NETFILTER_XT_MATCH_REALM=m
680CONFIG_NETFILTER_XT_MATCH_RECENT=m
681# CONFIG_NETFILTER_XT_MATCH_RECENT_PROC_COMPAT is not set
682CONFIG_NETFILTER_XT_MATCH_SCTP=m
683CONFIG_NETFILTER_XT_MATCH_SOCKET=m
684CONFIG_NETFILTER_XT_MATCH_STATE=m
685CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
686CONFIG_NETFILTER_XT_MATCH_STRING=m
687CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
688CONFIG_NETFILTER_XT_MATCH_TIME=m
689CONFIG_NETFILTER_XT_MATCH_U32=m
690CONFIG_NETFILTER_XT_MATCH_OSF=m
691CONFIG_IP_VS=m
692CONFIG_IP_VS_IPV6=y
693# CONFIG_IP_VS_DEBUG is not set
694CONFIG_IP_VS_TAB_BITS=12
695
696#
697# IPVS transport protocol load balancing support
698#
699CONFIG_IP_VS_PROTO_TCP=y
700CONFIG_IP_VS_PROTO_UDP=y
701CONFIG_IP_VS_PROTO_AH_ESP=y
702CONFIG_IP_VS_PROTO_ESP=y
703CONFIG_IP_VS_PROTO_AH=y
704
705#
706# IPVS scheduler
707#
708CONFIG_IP_VS_RR=m
709CONFIG_IP_VS_WRR=m
710CONFIG_IP_VS_LC=m
711CONFIG_IP_VS_WLC=m
712CONFIG_IP_VS_LBLC=m
713CONFIG_IP_VS_LBLCR=m
714CONFIG_IP_VS_DH=m
715CONFIG_IP_VS_SH=m
716CONFIG_IP_VS_SED=m
717CONFIG_IP_VS_NQ=m
718
719#
720# IPVS application helper
721#
722CONFIG_IP_VS_FTP=m
723
724#
725# IP: Netfilter Configuration
726#
727CONFIG_NF_DEFRAG_IPV4=m
728CONFIG_NF_CONNTRACK_IPV4=m
729CONFIG_NF_CONNTRACK_PROC_COMPAT=y
730CONFIG_IP_NF_QUEUE=m
731CONFIG_IP_NF_IPTABLES=m
732CONFIG_IP_NF_MATCH_ADDRTYPE=m
733CONFIG_IP_NF_MATCH_AH=m
734CONFIG_IP_NF_MATCH_ECN=m
735CONFIG_IP_NF_MATCH_TTL=m
736CONFIG_IP_NF_FILTER=m
737CONFIG_IP_NF_TARGET_REJECT=m
738CONFIG_IP_NF_TARGET_LOG=m
739CONFIG_IP_NF_TARGET_ULOG=m
740CONFIG_NF_NAT=m
741CONFIG_NF_NAT_NEEDED=y
742CONFIG_IP_NF_TARGET_MASQUERADE=m
743CONFIG_IP_NF_TARGET_NETMAP=m
744CONFIG_IP_NF_TARGET_REDIRECT=m
745CONFIG_NF_NAT_SNMP_BASIC=m
746CONFIG_NF_NAT_PROTO_DCCP=m
747CONFIG_NF_NAT_PROTO_GRE=m
748CONFIG_NF_NAT_PROTO_UDPLITE=m
749CONFIG_NF_NAT_PROTO_SCTP=m
750CONFIG_NF_NAT_FTP=m
751CONFIG_NF_NAT_IRC=m
752CONFIG_NF_NAT_TFTP=m
753CONFIG_NF_NAT_AMANDA=m
754CONFIG_NF_NAT_PPTP=m
755CONFIG_NF_NAT_H323=m
756CONFIG_NF_NAT_SIP=m
757CONFIG_IP_NF_MANGLE=m
758CONFIG_IP_NF_TARGET_CLUSTERIP=m
759CONFIG_IP_NF_TARGET_ECN=m
760CONFIG_IP_NF_TARGET_TTL=m
761CONFIG_IP_NF_RAW=m
762CONFIG_IP_NF_SECURITY=m
763CONFIG_IP_NF_ARPTABLES=m
764CONFIG_IP_NF_ARPFILTER=m
765CONFIG_IP_NF_ARP_MANGLE=m
766
767#
768# IPv6: Netfilter Configuration
769#
770CONFIG_NF_CONNTRACK_IPV6=m
771CONFIG_IP6_NF_QUEUE=m
772CONFIG_IP6_NF_IPTABLES=m
773CONFIG_IP6_NF_MATCH_AH=m
774CONFIG_IP6_NF_MATCH_EUI64=m
775CONFIG_IP6_NF_MATCH_FRAG=m
776CONFIG_IP6_NF_MATCH_OPTS=m
777CONFIG_IP6_NF_MATCH_HL=m
778CONFIG_IP6_NF_MATCH_IPV6HEADER=m
779CONFIG_IP6_NF_MATCH_MH=m
780CONFIG_IP6_NF_MATCH_RT=m
781CONFIG_IP6_NF_TARGET_HL=m
782CONFIG_IP6_NF_TARGET_LOG=m
783CONFIG_IP6_NF_FILTER=m
784CONFIG_IP6_NF_TARGET_REJECT=m
785CONFIG_IP6_NF_MANGLE=m
786CONFIG_IP6_NF_RAW=m
787CONFIG_IP6_NF_SECURITY=m
788
789#
790# DECnet: Netfilter Configuration
791#
792CONFIG_DECNET_NF_GRABULATOR=m
793CONFIG_BRIDGE_NF_EBTABLES=m
794CONFIG_BRIDGE_EBT_BROUTE=m
795CONFIG_BRIDGE_EBT_T_FILTER=m
796CONFIG_BRIDGE_EBT_T_NAT=m
797CONFIG_BRIDGE_EBT_802_3=m
798CONFIG_BRIDGE_EBT_AMONG=m
799CONFIG_BRIDGE_EBT_ARP=m
800CONFIG_BRIDGE_EBT_IP=m
801CONFIG_BRIDGE_EBT_IP6=m
802CONFIG_BRIDGE_EBT_LIMIT=m
803CONFIG_BRIDGE_EBT_MARK=m
804CONFIG_BRIDGE_EBT_PKTTYPE=m
805CONFIG_BRIDGE_EBT_STP=m
806CONFIG_BRIDGE_EBT_VLAN=m
807CONFIG_BRIDGE_EBT_ARPREPLY=m
808CONFIG_BRIDGE_EBT_DNAT=m
809CONFIG_BRIDGE_EBT_MARK_T=m
810CONFIG_BRIDGE_EBT_REDIRECT=m
811CONFIG_BRIDGE_EBT_SNAT=m
812CONFIG_BRIDGE_EBT_LOG=m
813CONFIG_BRIDGE_EBT_ULOG=m
814CONFIG_BRIDGE_EBT_NFLOG=m
815CONFIG_IP_DCCP=m
816CONFIG_INET_DCCP_DIAG=m
817
818#
819# DCCP CCIDs Configuration (EXPERIMENTAL)
820#
821# CONFIG_IP_DCCP_CCID2_DEBUG is not set
822CONFIG_IP_DCCP_CCID3=y
823# CONFIG_IP_DCCP_CCID3_DEBUG is not set
824CONFIG_IP_DCCP_CCID3_RTO=100
825CONFIG_IP_DCCP_TFRC_LIB=y
826CONFIG_IP_SCTP=m
827# CONFIG_SCTP_DBG_MSG is not set
828# CONFIG_SCTP_DBG_OBJCNT is not set
829# CONFIG_SCTP_HMAC_NONE is not set
830CONFIG_SCTP_HMAC_SHA1=y
831# CONFIG_SCTP_HMAC_MD5 is not set
832CONFIG_RDS=m
833# CONFIG_RDS_RDMA is not set
834# CONFIG_RDS_TCP is not set
835# CONFIG_RDS_DEBUG is not set
836CONFIG_TIPC=m
837# CONFIG_TIPC_ADVANCED is not set
838# CONFIG_TIPC_DEBUG is not set
839CONFIG_ATM=m
840CONFIG_ATM_CLIP=m
841# CONFIG_ATM_CLIP_NO_ICMP is not set
842CONFIG_ATM_LANE=m
843CONFIG_ATM_MPOA=m
844CONFIG_ATM_BR2684=m
845# CONFIG_ATM_BR2684_IPFILTER is not set
846CONFIG_STP=m
847CONFIG_BRIDGE=m
848# CONFIG_NET_DSA is not set
849CONFIG_VLAN_8021Q=m
850# CONFIG_VLAN_8021Q_GVRP is not set
851CONFIG_DECNET=m
852CONFIG_DECNET_ROUTER=y
853CONFIG_LLC=m
854CONFIG_LLC2=m
855CONFIG_IPX=m
856# CONFIG_IPX_INTERN is not set
857CONFIG_ATALK=m
858CONFIG_DEV_APPLETALK=m
859CONFIG_LTPC=m
860CONFIG_COPS=m
861CONFIG_COPS_DAYNA=y
862CONFIG_COPS_TANGENT=y
863CONFIG_IPDDP=m
864CONFIG_IPDDP_ENCAP=y
865CONFIG_IPDDP_DECAP=y
866CONFIG_X25=m
867CONFIG_LAPB=m
868CONFIG_ECONET=m
869CONFIG_ECONET_AUNUDP=y
870CONFIG_ECONET_NATIVE=y
871CONFIG_WAN_ROUTER=m
872CONFIG_PHONET=m
873CONFIG_IEEE802154=m
874CONFIG_NET_SCHED=y
875
876#
877# Queueing/Scheduling
878#
879CONFIG_NET_SCH_CBQ=m
880CONFIG_NET_SCH_HTB=m
881CONFIG_NET_SCH_HFSC=m
882CONFIG_NET_SCH_ATM=m
883CONFIG_NET_SCH_PRIO=m
884CONFIG_NET_SCH_MULTIQ=m
885CONFIG_NET_SCH_RED=m
886CONFIG_NET_SCH_SFQ=m
887CONFIG_NET_SCH_TEQL=m
888CONFIG_NET_SCH_TBF=m
889CONFIG_NET_SCH_GRED=m
890CONFIG_NET_SCH_DSMARK=m
891CONFIG_NET_SCH_NETEM=m
892CONFIG_NET_SCH_DRR=m
893CONFIG_NET_SCH_INGRESS=m
894
895#
896# Classification
897#
898CONFIG_NET_CLS=y
899CONFIG_NET_CLS_BASIC=m
900CONFIG_NET_CLS_TCINDEX=m
901CONFIG_NET_CLS_ROUTE4=m
902CONFIG_NET_CLS_ROUTE=y
903CONFIG_NET_CLS_FW=m
904CONFIG_NET_CLS_U32=m
905CONFIG_CLS_U32_PERF=y
906CONFIG_CLS_U32_MARK=y
907CONFIG_NET_CLS_RSVP=m
908CONFIG_NET_CLS_RSVP6=m
909CONFIG_NET_CLS_FLOW=m
910CONFIG_NET_EMATCH=y
911CONFIG_NET_EMATCH_STACK=32
912CONFIG_NET_EMATCH_CMP=m
913CONFIG_NET_EMATCH_NBYTE=m
914CONFIG_NET_EMATCH_U32=m
915CONFIG_NET_EMATCH_META=m
916CONFIG_NET_EMATCH_TEXT=m
917CONFIG_NET_CLS_ACT=y
918CONFIG_NET_ACT_POLICE=m
919CONFIG_NET_ACT_GACT=m
920CONFIG_GACT_PROB=y
921CONFIG_NET_ACT_MIRRED=m
922CONFIG_NET_ACT_IPT=m
923CONFIG_NET_ACT_NAT=m
924CONFIG_NET_ACT_PEDIT=m
925CONFIG_NET_ACT_SIMP=m
926CONFIG_NET_ACT_SKBEDIT=m
927# CONFIG_NET_CLS_IND is not set
928CONFIG_NET_SCH_FIFO=y
929# CONFIG_DCB is not set
930
931#
932# Network testing
933#
934CONFIG_NET_PKTGEN=m
935# CONFIG_NET_DROP_MONITOR is not set
936# CONFIG_HAMRADIO is not set
937CONFIG_CAN=m
938CONFIG_CAN_RAW=m
939CONFIG_CAN_BCM=m
940
941#
942# CAN Device Drivers
943#
944CONFIG_CAN_VCAN=m
945CONFIG_CAN_DEV=m
946# CONFIG_CAN_CALC_BITTIMING is not set
947CONFIG_CAN_SJA1000=m
948# CONFIG_CAN_SJA1000_ISA is not set
949CONFIG_CAN_SJA1000_PLATFORM=m
950CONFIG_CAN_EMS_PCI=m
951CONFIG_CAN_KVASER_PCI=m
952
953#
954# CAN USB interfaces
955#
956# CONFIG_CAN_EMS_USB is not set
957# CONFIG_CAN_DEBUG_DEVICES is not set
958CONFIG_IRDA=m
959
960#
961# IrDA protocols
962#
963CONFIG_IRLAN=m
964CONFIG_IRNET=m
965CONFIG_IRCOMM=m
966CONFIG_IRDA_ULTRA=y
967
968#
969# IrDA options
970#
971CONFIG_IRDA_CACHE_LAST_LSAP=y
972CONFIG_IRDA_FAST_RR=y
973# CONFIG_IRDA_DEBUG is not set
974
975#
976# Infrared-port device drivers
977#
978
979#
980# SIR device drivers
981#
982CONFIG_IRTTY_SIR=m
983
984#
985# Dongle support
986#
987CONFIG_DONGLE=y
988CONFIG_ESI_DONGLE=m
989CONFIG_ACTISYS_DONGLE=m
990CONFIG_TEKRAM_DONGLE=m
991CONFIG_TOIM3232_DONGLE=m
992CONFIG_LITELINK_DONGLE=m
993CONFIG_MA600_DONGLE=m
994CONFIG_GIRBIL_DONGLE=m
995CONFIG_MCP2120_DONGLE=m
996CONFIG_OLD_BELKIN_DONGLE=m
997CONFIG_ACT200L_DONGLE=m
998CONFIG_KINGSUN_DONGLE=m
999CONFIG_KSDAZZLE_DONGLE=m
1000CONFIG_KS959_DONGLE=m
1001
1002#
1003# FIR device drivers
1004#
1005CONFIG_USB_IRDA=m
1006CONFIG_SIGMATEL_FIR=m
1007CONFIG_NSC_FIR=m
1008CONFIG_WINBOND_FIR=m
1009CONFIG_TOSHIBA_FIR=m
1010CONFIG_SMC_IRCC_FIR=m
1011CONFIG_ALI_FIR=m
1012CONFIG_VLSI_FIR=m
1013CONFIG_VIA_FIR=m
1014CONFIG_MCS_FIR=m
1015CONFIG_BT=m
1016CONFIG_BT_L2CAP=m
1017CONFIG_BT_SCO=m
1018CONFIG_BT_RFCOMM=m
1019CONFIG_BT_RFCOMM_TTY=y
1020CONFIG_BT_BNEP=m
1021CONFIG_BT_BNEP_MC_FILTER=y
1022CONFIG_BT_BNEP_PROTO_FILTER=y
1023CONFIG_BT_CMTP=m
1024CONFIG_BT_HIDP=m
1025
1026#
1027# Bluetooth device drivers
1028#
1029CONFIG_BT_HCIBTUSB=m
1030CONFIG_BT_HCIBTSDIO=m
1031CONFIG_BT_HCIUART=m
1032CONFIG_BT_HCIUART_H4=y
1033CONFIG_BT_HCIUART_BCSP=y
1034CONFIG_BT_HCIUART_LL=y
1035CONFIG_BT_HCIBCM203X=m
1036CONFIG_BT_HCIBPA10X=m
1037CONFIG_BT_HCIBFUSB=m
1038CONFIG_BT_HCIDTL1=m
1039CONFIG_BT_HCIBT3C=m
1040CONFIG_BT_HCIBLUECARD=m
1041CONFIG_BT_HCIBTUART=m
1042CONFIG_BT_HCIVHCI=m
1043# CONFIG_BT_MRVL is not set
1044CONFIG_AF_RXRPC=m
1045# CONFIG_AF_RXRPC_DEBUG is not set
1046CONFIG_RXKAD=m
1047CONFIG_FIB_RULES=y
1048CONFIG_WIRELESS=y
1049CONFIG_CFG80211=m
1050# CONFIG_NL80211_TESTMODE is not set
1051# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set
1052# CONFIG_CFG80211_REG_DEBUG is not set
1053CONFIG_CFG80211_DEFAULT_PS=y
1054CONFIG_CFG80211_DEFAULT_PS_VALUE=1
1055# CONFIG_CFG80211_DEBUGFS is not set
1056CONFIG_WIRELESS_OLD_REGULATORY=y
1057CONFIG_WIRELESS_EXT=y
1058CONFIG_WIRELESS_EXT_SYSFS=y
1059CONFIG_LIB80211=m
1060CONFIG_LIB80211_CRYPT_WEP=m
1061CONFIG_LIB80211_CRYPT_CCMP=m
1062CONFIG_LIB80211_CRYPT_TKIP=m
1063# CONFIG_LIB80211_DEBUG is not set
1064CONFIG_MAC80211=m
1065CONFIG_MAC80211_RC_PID=y
1066CONFIG_MAC80211_RC_MINSTREL=y
1067CONFIG_MAC80211_RC_DEFAULT_PID=y
1068# CONFIG_MAC80211_RC_DEFAULT_MINSTREL is not set
1069CONFIG_MAC80211_RC_DEFAULT="pid"
1070# CONFIG_MAC80211_MESH is not set
1071CONFIG_MAC80211_LEDS=y
1072# CONFIG_MAC80211_DEBUGFS is not set
1073# CONFIG_MAC80211_DEBUG_MENU is not set
1074CONFIG_WIMAX=m
1075CONFIG_WIMAX_DEBUG_LEVEL=8
1076CONFIG_RFKILL=m
1077CONFIG_RFKILL_LEDS=y
1078# CONFIG_RFKILL_INPUT is not set
1079CONFIG_NET_9P=m
1080CONFIG_NET_9P_VIRTIO=m
1081CONFIG_NET_9P_RDMA=m
1082# CONFIG_NET_9P_DEBUG is not set
1083
1084#
1085# Device Drivers
1086#
1087
1088#
1089# Generic Driver Options
1090#
1091CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
1092# CONFIG_DEVTMPFS is not set
1093CONFIG_STANDALONE=y
1094# CONFIG_PREVENT_FIRMWARE_BUILD is not set
1095CONFIG_FW_LOADER=m
1096# CONFIG_FIRMWARE_IN_KERNEL is not set
1097CONFIG_EXTRA_FIRMWARE=""
1098# CONFIG_SYS_HYPERVISOR is not set
1099CONFIG_CONNECTOR=m
1100CONFIG_MTD=m
1101# CONFIG_MTD_DEBUG is not set
1102CONFIG_MTD_TESTS=m
1103CONFIG_MTD_CONCAT=m
1104CONFIG_MTD_PARTITIONS=y
1105CONFIG_MTD_REDBOOT_PARTS=m
1106CONFIG_MTD_REDBOOT_DIRECTORY_BLOCK=-1
1107# CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED is not set
1108# CONFIG_MTD_REDBOOT_PARTS_READONLY is not set
1109CONFIG_MTD_AR7_PARTS=m
1110
1111#
1112# User Modules And Translation Layers
1113#
1114CONFIG_MTD_CHAR=m
1115CONFIG_HAVE_MTD_OTP=y
1116CONFIG_MTD_BLKDEVS=m
1117CONFIG_MTD_BLOCK=m
1118CONFIG_MTD_BLOCK_RO=m
1119CONFIG_FTL=m
1120CONFIG_NFTL=m
1121CONFIG_NFTL_RW=y
1122CONFIG_INFTL=m
1123CONFIG_RFD_FTL=m
1124CONFIG_SSFDC=m
1125CONFIG_MTD_OOPS=m
1126
1127#
1128# RAM/ROM/Flash chip drivers
1129#
1130CONFIG_MTD_CFI=m
1131CONFIG_MTD_JEDECPROBE=m
1132CONFIG_MTD_GEN_PROBE=m
1133# CONFIG_MTD_CFI_ADV_OPTIONS is not set
1134CONFIG_MTD_MAP_BANK_WIDTH_1=y
1135CONFIG_MTD_MAP_BANK_WIDTH_2=y
1136CONFIG_MTD_MAP_BANK_WIDTH_4=y
1137# CONFIG_MTD_MAP_BANK_WIDTH_8 is not set
1138# CONFIG_MTD_MAP_BANK_WIDTH_16 is not set
1139# CONFIG_MTD_MAP_BANK_WIDTH_32 is not set
1140CONFIG_MTD_CFI_I1=y
1141CONFIG_MTD_CFI_I2=y
1142# CONFIG_MTD_CFI_I4 is not set
1143# CONFIG_MTD_CFI_I8 is not set
1144CONFIG_MTD_CFI_INTELEXT=m
1145CONFIG_MTD_CFI_AMDSTD=m
1146CONFIG_MTD_CFI_STAA=m
1147CONFIG_MTD_CFI_UTIL=m
1148CONFIG_MTD_RAM=m
1149CONFIG_MTD_ROM=m
1150CONFIG_MTD_ABSENT=m
1151
1152#
1153# Mapping drivers for chip access
1154#
1155CONFIG_MTD_COMPLEX_MAPPINGS=y
1156CONFIG_MTD_PHYSMAP=m
1157# CONFIG_MTD_PHYSMAP_COMPAT is not set
1158CONFIG_MTD_SC520CDP=m
1159CONFIG_MTD_NETSC520=m
1160CONFIG_MTD_TS5500=m
1161CONFIG_MTD_SBC_GXX=m
1162CONFIG_MTD_SCx200_DOCFLASH=m
1163CONFIG_MTD_AMD76XROM=m
1164CONFIG_MTD_ICHXROM=m
1165CONFIG_MTD_ESB2ROM=m
1166CONFIG_MTD_CK804XROM=m
1167CONFIG_MTD_SCB2_FLASH=m
1168CONFIG_MTD_NETtel=m
1169CONFIG_MTD_L440GX=m
1170CONFIG_MTD_PCI=m
1171# CONFIG_MTD_GPIO_ADDR is not set
1172CONFIG_MTD_INTEL_VR_NOR=m
1173CONFIG_MTD_PLATRAM=m
1174
1175#
1176# Self-contained MTD device drivers
1177#
1178CONFIG_MTD_PMC551=m
1179CONFIG_MTD_PMC551_BUGFIX=y
1180# CONFIG_MTD_PMC551_DEBUG is not set
1181CONFIG_MTD_DATAFLASH=m
1182# CONFIG_MTD_DATAFLASH_WRITE_VERIFY is not set
1183# CONFIG_MTD_DATAFLASH_OTP is not set
1184CONFIG_MTD_M25P80=m
1185CONFIG_M25PXX_USE_FAST_READ=y
1186# CONFIG_MTD_SST25L is not set
1187CONFIG_MTD_SLRAM=m
1188CONFIG_MTD_PHRAM=m
1189CONFIG_MTD_MTDRAM=m
1190CONFIG_MTDRAM_TOTAL_SIZE=4096
1191CONFIG_MTDRAM_ERASE_SIZE=128
1192CONFIG_MTD_BLOCK2MTD=m
1193
1194#
1195# Disk-On-Chip Device Drivers
1196#
1197CONFIG_MTD_DOC2000=m
1198CONFIG_MTD_DOC2001=m
1199CONFIG_MTD_DOC2001PLUS=m
1200CONFIG_MTD_DOCPROBE=m
1201CONFIG_MTD_DOCECC=m
1202CONFIG_MTD_DOCPROBE_ADVANCED=y
1203CONFIG_MTD_DOCPROBE_ADDRESS=0x0000
1204# CONFIG_MTD_DOCPROBE_HIGH is not set
1205# CONFIG_MTD_DOCPROBE_55AA is not set
1206CONFIG_MTD_NAND=m
1207# CONFIG_MTD_NAND_VERIFY_WRITE is not set
1208CONFIG_MTD_NAND_ECC_SMC=y
1209# CONFIG_MTD_NAND_MUSEUM_IDS is not set
1210CONFIG_MTD_NAND_IDS=m
1211CONFIG_MTD_NAND_DISKONCHIP=m
1212# CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADVANCED is not set
1213CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADDRESS=0
1214# CONFIG_MTD_NAND_DISKONCHIP_BBTWRITE is not set
1215CONFIG_MTD_NAND_CAFE=m
1216CONFIG_MTD_NAND_CS553X=m
1217CONFIG_MTD_NAND_NANDSIM=m
1218CONFIG_MTD_NAND_PLATFORM=m
1219CONFIG_MTD_ALAUDA=m
1220CONFIG_MTD_ONENAND=m
1221# CONFIG_MTD_ONENAND_VERIFY_WRITE is not set
1222# CONFIG_MTD_ONENAND_GENERIC is not set
1223CONFIG_MTD_ONENAND_OTP=y
1224CONFIG_MTD_ONENAND_2X_PROGRAM=y
1225CONFIG_MTD_ONENAND_SIM=m
1226
1227#
1228# LPDDR flash memory drivers
1229#
1230CONFIG_MTD_LPDDR=m
1231CONFIG_MTD_QINFO_PROBE=m
1232
1233#
1234# UBI - Unsorted block images
1235#
1236CONFIG_MTD_UBI=m
1237CONFIG_MTD_UBI_WL_THRESHOLD=4096
1238CONFIG_MTD_UBI_BEB_RESERVE=1
1239# CONFIG_MTD_UBI_GLUEBI is not set
1240
1241#
1242# UBI debugging options
1243#
1244# CONFIG_MTD_UBI_DEBUG is not set
1245CONFIG_PARPORT=m
1246CONFIG_PARPORT_PC=m
1247CONFIG_PARPORT_SERIAL=m
1248# CONFIG_PARPORT_PC_FIFO is not set
1249# CONFIG_PARPORT_PC_SUPERIO is not set
1250CONFIG_PARPORT_PC_PCMCIA=m
1251# CONFIG_PARPORT_GSC is not set
1252CONFIG_PARPORT_AX88796=m
1253# CONFIG_PARPORT_1284 is not set
1254CONFIG_PARPORT_NOT_PC=y
1255CONFIG_PNP=y
1256# CONFIG_PNP_DEBUG_MESSAGES is not set
1257
1258#
1259# Protocols
1260#
1261CONFIG_ISAPNP=y
1262CONFIG_PNPBIOS=y
1263# CONFIG_PNPBIOS_PROC_FS is not set
1264CONFIG_PNPACPI=y
1265CONFIG_BLK_DEV=y
1266CONFIG_BLK_DEV_FD=m
1267CONFIG_BLK_DEV_XD=m
1268# CONFIG_PARIDE is not set
1269CONFIG_BLK_CPQ_DA=m
1270CONFIG_BLK_CPQ_CISS_DA=m
1271CONFIG_CISS_SCSI_TAPE=y
1272CONFIG_BLK_DEV_DAC960=m
1273CONFIG_BLK_DEV_UMEM=m
1274# CONFIG_BLK_DEV_COW_COMMON is not set
1275CONFIG_BLK_DEV_LOOP=m
1276CONFIG_BLK_DEV_CRYPTOLOOP=m
1277CONFIG_BLK_DEV_NBD=m
1278CONFIG_BLK_DEV_OSD=m
1279CONFIG_BLK_DEV_SX8=m
1280CONFIG_BLK_DEV_UB=m
1281CONFIG_BLK_DEV_RAM=y
1282CONFIG_BLK_DEV_RAM_COUNT=16
1283CONFIG_BLK_DEV_RAM_SIZE=4096
1284# CONFIG_BLK_DEV_XIP is not set
1285CONFIG_CDROM_PKTCDVD=m
1286CONFIG_CDROM_PKTCDVD_BUFFERS=8
1287# CONFIG_CDROM_PKTCDVD_WCACHE is not set
1288CONFIG_ATA_OVER_ETH=m
1289CONFIG_VIRTIO_BLK=m
1290# CONFIG_BLK_DEV_HD is not set
1291CONFIG_MISC_DEVICES=y
1292CONFIG_IBM_ASM=m
1293CONFIG_PHANTOM=m
1294CONFIG_SGI_IOC4=m
1295CONFIG_TIFM_CORE=m
1296CONFIG_TIFM_7XX1=m
1297CONFIG_ICS932S401=m
1298CONFIG_ENCLOSURE_SERVICES=m
1299CONFIG_HP_ILO=m
1300CONFIG_DELL_LAPTOP=m
1301CONFIG_ISL29003=m
1302CONFIG_C2PORT=m
1303CONFIG_C2PORT_DURAMAR_2150=m
1304
1305#
1306# EEPROM support
1307#
1308CONFIG_EEPROM_AT24=m
1309CONFIG_EEPROM_AT25=m
1310CONFIG_EEPROM_LEGACY=m
1311CONFIG_EEPROM_MAX6875=m
1312CONFIG_EEPROM_93CX6=m
1313CONFIG_CB710_CORE=m
1314# CONFIG_CB710_DEBUG is not set
1315CONFIG_CB710_DEBUG_ASSUMPTIONS=y
1316CONFIG_HAVE_IDE=y
1317# CONFIG_IDE is not set
1318
1319#
1320# SCSI device support
1321#
1322CONFIG_RAID_ATTRS=m
1323CONFIG_SCSI=m
1324CONFIG_SCSI_DMA=y
1325CONFIG_SCSI_TGT=m
1326CONFIG_SCSI_NETLINK=y
1327CONFIG_SCSI_PROC_FS=y
1328
1329#
1330# SCSI support type (disk, tape, CD-ROM)
1331#
1332CONFIG_BLK_DEV_SD=m
1333CONFIG_CHR_DEV_ST=m
1334CONFIG_CHR_DEV_OSST=m
1335CONFIG_BLK_DEV_SR=m
1336CONFIG_BLK_DEV_SR_VENDOR=y
1337CONFIG_CHR_DEV_SG=m
1338CONFIG_CHR_DEV_SCH=m
1339CONFIG_SCSI_ENCLOSURE=m
1340CONFIG_SCSI_MULTI_LUN=y
1341# CONFIG_SCSI_CONSTANTS is not set
1342# CONFIG_SCSI_LOGGING is not set
1343CONFIG_SCSI_SCAN_ASYNC=y
1344CONFIG_SCSI_WAIT_SCAN=m
1345
1346#
1347# SCSI Transports
1348#
1349CONFIG_SCSI_SPI_ATTRS=m
1350CONFIG_SCSI_FC_ATTRS=m
1351CONFIG_SCSI_FC_TGT_ATTRS=y
1352CONFIG_SCSI_ISCSI_ATTRS=m
1353CONFIG_SCSI_SAS_ATTRS=m
1354CONFIG_SCSI_SAS_LIBSAS=m
1355CONFIG_SCSI_SAS_ATA=y
1356CONFIG_SCSI_SAS_HOST_SMP=y
1357# CONFIG_SCSI_SAS_LIBSAS_DEBUG is not set
1358CONFIG_SCSI_SRP_ATTRS=m
1359CONFIG_SCSI_SRP_TGT_ATTRS=y
1360CONFIG_SCSI_LOWLEVEL=y
1361CONFIG_ISCSI_TCP=m
1362CONFIG_SCSI_CXGB3_ISCSI=m
1363CONFIG_SCSI_BNX2_ISCSI=m
1364# CONFIG_BE2ISCSI is not set
1365CONFIG_BLK_DEV_3W_XXXX_RAID=m
1366CONFIG_SCSI_3W_9XXX=m
1367CONFIG_SCSI_7000FASST=m
1368CONFIG_SCSI_ACARD=m
1369CONFIG_SCSI_AHA152X=m
1370CONFIG_SCSI_AHA1542=m
1371CONFIG_SCSI_AACRAID=m
1372CONFIG_SCSI_AIC7XXX=m
1373CONFIG_AIC7XXX_CMDS_PER_DEVICE=32
1374CONFIG_AIC7XXX_RESET_DELAY_MS=15000
1375# CONFIG_AIC7XXX_BUILD_FIRMWARE is not set
1376CONFIG_AIC7XXX_DEBUG_ENABLE=y
1377CONFIG_AIC7XXX_DEBUG_MASK=0
1378CONFIG_AIC7XXX_REG_PRETTY_PRINT=y
1379CONFIG_SCSI_AIC7XXX_OLD=m
1380CONFIG_SCSI_AIC79XX=m
1381CONFIG_AIC79XX_CMDS_PER_DEVICE=32
1382CONFIG_AIC79XX_RESET_DELAY_MS=15000
1383# CONFIG_AIC79XX_BUILD_FIRMWARE is not set
1384CONFIG_AIC79XX_DEBUG_ENABLE=y
1385CONFIG_AIC79XX_DEBUG_MASK=0
1386CONFIG_AIC79XX_REG_PRETTY_PRINT=y
1387CONFIG_SCSI_AIC94XX=m
1388# CONFIG_AIC94XX_DEBUG is not set
1389CONFIG_SCSI_MVSAS=m
1390CONFIG_SCSI_MVSAS_DEBUG=y
1391CONFIG_SCSI_DPT_I2O=m
1392CONFIG_SCSI_ADVANSYS=m
1393CONFIG_SCSI_IN2000=m
1394CONFIG_SCSI_ARCMSR=m
1395CONFIG_MEGARAID_NEWGEN=y
1396CONFIG_MEGARAID_MM=m
1397CONFIG_MEGARAID_MAILBOX=m
1398CONFIG_MEGARAID_LEGACY=m
1399CONFIG_MEGARAID_SAS=m
1400CONFIG_SCSI_MPT2SAS=m
1401CONFIG_SCSI_MPT2SAS_MAX_SGE=128
1402# CONFIG_SCSI_MPT2SAS_LOGGING is not set
1403CONFIG_SCSI_HPTIOP=m
1404CONFIG_SCSI_BUSLOGIC=m
1405CONFIG_SCSI_FLASHPOINT=y
1406CONFIG_LIBFC=m
1407CONFIG_LIBFCOE=m
1408CONFIG_FCOE=m
1409CONFIG_FCOE_FNIC=m
1410CONFIG_SCSI_DMX3191D=m
1411CONFIG_SCSI_DTC3280=m
1412CONFIG_SCSI_EATA=m
1413# CONFIG_SCSI_EATA_TAGGED_QUEUE is not set
1414# CONFIG_SCSI_EATA_LINKED_COMMANDS is not set
1415CONFIG_SCSI_EATA_MAX_TAGS=16
1416CONFIG_SCSI_FUTURE_DOMAIN=m
1417CONFIG_SCSI_GDTH=m
1418CONFIG_SCSI_GENERIC_NCR5380=m
1419CONFIG_SCSI_GENERIC_NCR5380_MMIO=m
1420CONFIG_SCSI_GENERIC_NCR53C400=y
1421CONFIG_SCSI_IPS=m
1422CONFIG_SCSI_INITIO=m
1423CONFIG_SCSI_INIA100=m
1424CONFIG_SCSI_PPA=m
1425CONFIG_SCSI_IMM=m
1426# CONFIG_SCSI_IZIP_EPP16 is not set
1427# CONFIG_SCSI_IZIP_SLOW_CTR is not set
1428CONFIG_SCSI_NCR53C406A=m
1429CONFIG_SCSI_STEX=m
1430CONFIG_SCSI_SYM53C8XX_2=m
1431CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1
1432CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16
1433CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64
1434CONFIG_SCSI_SYM53C8XX_MMIO=y
1435CONFIG_SCSI_IPR=m
1436CONFIG_SCSI_IPR_TRACE=y
1437# CONFIG_SCSI_IPR_DUMP is not set
1438CONFIG_SCSI_PAS16=m
1439CONFIG_SCSI_QLOGIC_FAS=m
1440CONFIG_SCSI_QLOGIC_1280=m
1441CONFIG_SCSI_QLA_FC=m
1442CONFIG_SCSI_QLA_ISCSI=m
1443CONFIG_SCSI_LPFC=m
1444# CONFIG_SCSI_LPFC_DEBUG_FS is not set
1445CONFIG_SCSI_SYM53C416=m
1446CONFIG_SCSI_DC395x=m
1447CONFIG_SCSI_DC390T=m
1448CONFIG_SCSI_T128=m
1449CONFIG_SCSI_U14_34F=m
1450# CONFIG_SCSI_U14_34F_TAGGED_QUEUE is not set
1451# CONFIG_SCSI_U14_34F_LINKED_COMMANDS is not set
1452CONFIG_SCSI_U14_34F_MAX_TAGS=8
1453CONFIG_SCSI_ULTRASTOR=m
1454CONFIG_SCSI_NSP32=m
1455CONFIG_SCSI_DEBUG=m
1456# CONFIG_SCSI_PMCRAID is not set
1457CONFIG_SCSI_SRP=m
1458# CONFIG_SCSI_BFA_FC is not set
1459CONFIG_SCSI_LOWLEVEL_PCMCIA=y
1460CONFIG_PCMCIA_AHA152X=m
1461CONFIG_PCMCIA_FDOMAIN=m
1462CONFIG_PCMCIA_NINJA_SCSI=m
1463CONFIG_PCMCIA_QLOGIC=m
1464CONFIG_PCMCIA_SYM53C500=m
1465CONFIG_SCSI_DH=m
1466CONFIG_SCSI_DH_RDAC=m
1467CONFIG_SCSI_DH_HP_SW=m
1468CONFIG_SCSI_DH_EMC=m
1469CONFIG_SCSI_DH_ALUA=m
1470CONFIG_SCSI_OSD_INITIATOR=m
1471CONFIG_SCSI_OSD_ULD=m
1472CONFIG_SCSI_OSD_DPRINT_SENSE=1
1473# CONFIG_SCSI_OSD_DEBUG is not set
1474CONFIG_ATA=m
1475# CONFIG_ATA_NONSTANDARD is not set
1476CONFIG_ATA_VERBOSE_ERROR=y
1477CONFIG_ATA_ACPI=y
1478CONFIG_SATA_PMP=y
1479CONFIG_SATA_AHCI=m
1480CONFIG_SATA_SIL24=m
1481CONFIG_ATA_SFF=y
1482CONFIG_SATA_SVW=m
1483CONFIG_ATA_PIIX=m
1484CONFIG_SATA_MV=m
1485CONFIG_SATA_NV=m
1486CONFIG_PDC_ADMA=m
1487CONFIG_SATA_QSTOR=m
1488CONFIG_SATA_PROMISE=m
1489CONFIG_SATA_SX4=m
1490CONFIG_SATA_SIL=m
1491CONFIG_SATA_SIS=m
1492CONFIG_SATA_ULI=m
1493CONFIG_SATA_VIA=m
1494CONFIG_SATA_VITESSE=m
1495CONFIG_SATA_INIC162X=m
1496CONFIG_PATA_ACPI=m
1497CONFIG_PATA_ALI=m
1498CONFIG_PATA_AMD=m
1499CONFIG_PATA_ARTOP=m
1500CONFIG_PATA_ATP867X=m
1501CONFIG_PATA_ATIIXP=m
1502CONFIG_PATA_CMD640_PCI=m
1503CONFIG_PATA_CMD64X=m
1504CONFIG_PATA_CS5520=m
1505CONFIG_PATA_CS5530=m
1506CONFIG_PATA_CS5535=m
1507CONFIG_PATA_CS5536=m
1508CONFIG_PATA_CYPRESS=m
1509CONFIG_PATA_EFAR=m
1510CONFIG_ATA_GENERIC=m
1511CONFIG_PATA_HPT366=m
1512CONFIG_PATA_HPT37X=m
1513CONFIG_PATA_HPT3X2N=m
1514CONFIG_PATA_HPT3X3=m
1515CONFIG_PATA_HPT3X3_DMA=y
1516CONFIG_PATA_ISAPNP=m
1517CONFIG_PATA_IT821X=m
1518CONFIG_PATA_IT8213=m
1519CONFIG_PATA_JMICRON=m
1520CONFIG_PATA_LEGACY=m
1521CONFIG_PATA_TRIFLEX=m
1522CONFIG_PATA_MARVELL=m
1523CONFIG_PATA_MPIIX=m
1524CONFIG_PATA_OLDPIIX=m
1525CONFIG_PATA_NETCELL=m
1526CONFIG_PATA_NINJA32=m
1527CONFIG_PATA_NS87410=m
1528CONFIG_PATA_NS87415=m
1529CONFIG_PATA_OPTI=m
1530CONFIG_PATA_OPTIDMA=m
1531CONFIG_PATA_PCMCIA=m
1532CONFIG_PATA_PDC_OLD=m
1533CONFIG_PATA_QDI=m
1534CONFIG_PATA_RADISYS=m
1535CONFIG_PATA_RDC=m
1536CONFIG_PATA_RZ1000=m
1537CONFIG_PATA_SC1200=m
1538CONFIG_PATA_SERVERWORKS=m
1539CONFIG_PATA_PDC2027X=m
1540CONFIG_PATA_SIL680=m
1541CONFIG_PATA_SIS=m
1542CONFIG_PATA_VIA=m
1543CONFIG_PATA_WINBOND=m
1544CONFIG_PATA_WINBOND_VLB=m
1545CONFIG_PATA_PLATFORM=m
1546CONFIG_PATA_SCH=m
1547CONFIG_MD=y
1548CONFIG_BLK_DEV_MD=y
1549# CONFIG_MD_AUTODETECT is not set
1550CONFIG_MD_LINEAR=m
1551CONFIG_MD_RAID0=m
1552CONFIG_MD_RAID1=m
1553CONFIG_MD_RAID10=m
1554CONFIG_MD_RAID456=m
1555# CONFIG_MULTICORE_RAID456 is not set
1556CONFIG_MD_RAID6_PQ=m
1557# CONFIG_ASYNC_RAID6_TEST is not set
1558CONFIG_MD_MULTIPATH=m
1559CONFIG_MD_FAULTY=m
1560CONFIG_BLK_DEV_DM=m
1561# CONFIG_DM_DEBUG is not set
1562CONFIG_DM_CRYPT=m
1563CONFIG_DM_SNAPSHOT=m
1564CONFIG_DM_MIRROR=m
1565CONFIG_DM_LOG_USERSPACE=m
1566CONFIG_DM_ZERO=m
1567CONFIG_DM_MULTIPATH=m
1568CONFIG_DM_MULTIPATH_QL=m
1569CONFIG_DM_MULTIPATH_ST=m
1570CONFIG_DM_DELAY=m
1571# CONFIG_DM_UEVENT is not set
1572CONFIG_FUSION=y
1573CONFIG_FUSION_SPI=m
1574CONFIG_FUSION_FC=m
1575CONFIG_FUSION_SAS=m
1576CONFIG_FUSION_MAX_SGE=128
1577CONFIG_FUSION_CTL=m
1578# CONFIG_FUSION_LOGGING is not set
1579
1580#
1581# IEEE 1394 (FireWire) support
1582#
1583
1584#
1585# You can enable one or both FireWire driver stacks.
1586#
1587
1588#
1589# See the help texts for more information.
1590#
1591CONFIG_FIREWIRE=m
1592CONFIG_FIREWIRE_OHCI=m
1593CONFIG_FIREWIRE_OHCI_DEBUG=y
1594CONFIG_FIREWIRE_SBP2=m
1595CONFIG_FIREWIRE_NET=m
1596CONFIG_IEEE1394=m
1597CONFIG_IEEE1394_OHCI1394=m
1598CONFIG_IEEE1394_PCILYNX=m
1599CONFIG_IEEE1394_SBP2=m
1600# CONFIG_IEEE1394_SBP2_PHYS_DMA is not set
1601CONFIG_IEEE1394_ETH1394_ROM_ENTRY=y
1602CONFIG_IEEE1394_ETH1394=m
1603CONFIG_IEEE1394_RAWIO=m
1604CONFIG_IEEE1394_VIDEO1394=m
1605CONFIG_IEEE1394_DV1394=m
1606# CONFIG_IEEE1394_VERBOSEDEBUG is not set
1607CONFIG_I2O=m
1608CONFIG_I2O_LCT_NOTIFY_ON_CHANGES=y
1609CONFIG_I2O_EXT_ADAPTEC=y
1610CONFIG_I2O_CONFIG=m
1611CONFIG_I2O_CONFIG_OLD_IOCTL=y
1612CONFIG_I2O_BUS=m
1613CONFIG_I2O_BLOCK=m
1614CONFIG_I2O_SCSI=m
1615CONFIG_I2O_PROC=m
1616# CONFIG_MACINTOSH_DRIVERS is not set
1617CONFIG_NETDEVICES=y
1618CONFIG_IFB=m
1619CONFIG_DUMMY=m
1620CONFIG_BONDING=m
1621CONFIG_MACVLAN=m
1622CONFIG_EQUALIZER=m
1623CONFIG_TUN=m
1624CONFIG_VETH=m
1625CONFIG_NET_SB1000=m
1626CONFIG_ARCNET=m
1627CONFIG_ARCNET_1201=m
1628CONFIG_ARCNET_1051=m
1629CONFIG_ARCNET_RAW=m
1630CONFIG_ARCNET_CAP=m
1631CONFIG_ARCNET_COM90xx=m
1632CONFIG_ARCNET_COM90xxIO=m
1633CONFIG_ARCNET_RIM_I=m
1634CONFIG_ARCNET_COM20020=m
1635CONFIG_ARCNET_COM20020_ISA=m
1636CONFIG_ARCNET_COM20020_PCI=m
1637CONFIG_PHYLIB=m
1638
1639#
1640# MII PHY device drivers
1641#
1642CONFIG_MARVELL_PHY=m
1643CONFIG_DAVICOM_PHY=m
1644CONFIG_QSEMI_PHY=m
1645CONFIG_LXT_PHY=m
1646CONFIG_CICADA_PHY=m
1647CONFIG_VITESSE_PHY=m
1648CONFIG_SMSC_PHY=m
1649CONFIG_BROADCOM_PHY=m
1650CONFIG_ICPLUS_PHY=m
1651CONFIG_REALTEK_PHY=m
1652CONFIG_NATIONAL_PHY=m
1653CONFIG_STE10XP=m
1654CONFIG_LSI_ET1011C_PHY=m
1655CONFIG_MDIO_BITBANG=m
1656CONFIG_MDIO_GPIO=m
1657CONFIG_NET_ETHERNET=y
1658CONFIG_MII=m
1659CONFIG_HAPPYMEAL=m
1660CONFIG_SUNGEM=m
1661CONFIG_CASSINI=m
1662CONFIG_NET_VENDOR_3COM=y
1663CONFIG_EL1=m
1664CONFIG_EL2=m
1665CONFIG_ELPLUS=m
1666CONFIG_EL16=m
1667CONFIG_EL3=m
1668CONFIG_3C515=m
1669CONFIG_VORTEX=m
1670CONFIG_TYPHOON=m
1671CONFIG_LANCE=m
1672CONFIG_NET_VENDOR_SMC=y
1673CONFIG_WD80x3=m
1674CONFIG_ULTRA=m
1675CONFIG_SMC9194=m
1676CONFIG_ENC28J60=m
1677# CONFIG_ENC28J60_WRITEVERIFY is not set
1678CONFIG_ETHOC=m
1679CONFIG_NET_VENDOR_RACAL=y
1680CONFIG_NI52=m
1681CONFIG_NI65=m
1682CONFIG_DNET=m
1683CONFIG_NET_TULIP=y
1684CONFIG_DE2104X=m
1685CONFIG_DE2104X_DSL=0
1686CONFIG_TULIP=m
1687# CONFIG_TULIP_MWI is not set
1688# CONFIG_TULIP_MMIO is not set
1689# CONFIG_TULIP_NAPI is not set
1690CONFIG_DE4X5=m
1691CONFIG_WINBOND_840=m
1692CONFIG_DM9102=m
1693CONFIG_ULI526X=m
1694CONFIG_PCMCIA_XIRCOM=m
1695CONFIG_AT1700=m
1696CONFIG_DEPCA=m
1697CONFIG_HP100=m
1698CONFIG_NET_ISA=y
1699CONFIG_E2100=m
1700CONFIG_EWRK3=m
1701CONFIG_EEXPRESS=m
1702CONFIG_EEXPRESS_PRO=m
1703CONFIG_HPLAN_PLUS=m
1704CONFIG_HPLAN=m
1705CONFIG_LP486E=m
1706CONFIG_ETH16I=m
1707CONFIG_NE2000=m
1708CONFIG_ZNET=m
1709CONFIG_SEEQ8005=m
1710# CONFIG_IBM_NEW_EMAC_ZMII is not set
1711# CONFIG_IBM_NEW_EMAC_RGMII is not set
1712# CONFIG_IBM_NEW_EMAC_TAH is not set
1713# CONFIG_IBM_NEW_EMAC_EMAC4 is not set
1714# CONFIG_IBM_NEW_EMAC_NO_FLOW_CTRL is not set
1715# CONFIG_IBM_NEW_EMAC_MAL_CLR_ICINTSTAT is not set
1716# CONFIG_IBM_NEW_EMAC_MAL_COMMON_ERR is not set
1717CONFIG_NET_PCI=y
1718CONFIG_PCNET32=m
1719CONFIG_AMD8111_ETH=m
1720CONFIG_ADAPTEC_STARFIRE=m
1721CONFIG_AC3200=m
1722CONFIG_APRICOT=m
1723CONFIG_B44=m
1724CONFIG_B44_PCI_AUTOSELECT=y
1725CONFIG_B44_PCICORE_AUTOSELECT=y
1726CONFIG_B44_PCI=y
1727CONFIG_FORCEDETH=m
1728# CONFIG_FORCEDETH_NAPI is not set
1729CONFIG_CS89x0=m
1730CONFIG_E100=m
1731CONFIG_FEALNX=m
1732CONFIG_NATSEMI=m
1733CONFIG_NE2K_PCI=m
1734CONFIG_8139CP=m
1735CONFIG_8139TOO=m
1736CONFIG_8139TOO_PIO=y
1737# CONFIG_8139TOO_TUNE_TWISTER is not set
1738# CONFIG_8139TOO_8129 is not set
1739# CONFIG_8139_OLD_RX_RESET is not set
1740CONFIG_R6040=m
1741CONFIG_SIS900=m
1742CONFIG_EPIC100=m
1743CONFIG_SMSC9420=m
1744CONFIG_SUNDANCE=m
1745# CONFIG_SUNDANCE_MMIO is not set
1746CONFIG_TLAN=m
1747CONFIG_KS8842=m
1748CONFIG_KS8851=m
1749CONFIG_KS8851_MLL=m
1750CONFIG_VIA_RHINE=m
1751# CONFIG_VIA_RHINE_MMIO is not set
1752CONFIG_SC92031=m
1753CONFIG_NET_POCKET=y
1754CONFIG_ATP=m
1755CONFIG_DE600=m
1756CONFIG_DE620=m
1757CONFIG_ATL2=m
1758CONFIG_NETDEV_1000=y
1759CONFIG_ACENIC=m
1760# CONFIG_ACENIC_OMIT_TIGON_I is not set
1761CONFIG_DL2K=m
1762CONFIG_E1000=m
1763CONFIG_E1000E=m
1764CONFIG_IP1000=m
1765CONFIG_IGB=m
1766CONFIG_IGB_DCA=y
1767CONFIG_IGBVF=m
1768CONFIG_NS83820=m
1769CONFIG_HAMACHI=m
1770CONFIG_YELLOWFIN=m
1771CONFIG_R8169=m
1772CONFIG_R8169_VLAN=y
1773CONFIG_SIS190=m
1774CONFIG_SKGE=m
1775# CONFIG_SKGE_DEBUG is not set
1776CONFIG_SKY2=m
1777# CONFIG_SKY2_DEBUG is not set
1778CONFIG_VIA_VELOCITY=m
1779CONFIG_TIGON3=m
1780CONFIG_BNX2=m
1781CONFIG_CNIC=m
1782CONFIG_QLA3XXX=m
1783CONFIG_ATL1=m
1784CONFIG_ATL1E=m
1785CONFIG_ATL1C=m
1786CONFIG_JME=m
1787CONFIG_NETDEV_10000=y
1788CONFIG_MDIO=m
1789CONFIG_CHELSIO_T1=m
1790CONFIG_CHELSIO_T1_1G=y
1791CONFIG_CHELSIO_T3_DEPENDS=y
1792CONFIG_CHELSIO_T3=m
1793CONFIG_ENIC=m
1794CONFIG_IXGBE=m
1795CONFIG_IXGBE_DCA=y
1796CONFIG_IXGB=m
1797CONFIG_S2IO=m
1798CONFIG_VXGE=m
1799# CONFIG_VXGE_DEBUG_TRACE_ALL is not set
1800CONFIG_MYRI10GE=m
1801CONFIG_MYRI10GE_DCA=y
1802CONFIG_NETXEN_NIC=m
1803CONFIG_NIU=m
1804CONFIG_MLX4_EN=m
1805CONFIG_MLX4_CORE=m
1806CONFIG_MLX4_DEBUG=y
1807CONFIG_TEHUTI=m
1808CONFIG_BNX2X=m
1809CONFIG_QLGE=m
1810CONFIG_SFC=m
1811CONFIG_SFC_MTD=y
1812CONFIG_BE2NET=m
1813# CONFIG_TR is not set
1814CONFIG_WLAN=y
1815CONFIG_WLAN_PRE80211=y
1816CONFIG_STRIP=m
1817CONFIG_ARLAN=m
1818CONFIG_WAVELAN=m
1819CONFIG_PCMCIA_WAVELAN=m
1820CONFIG_PCMCIA_NETWAVE=m
1821CONFIG_WLAN_80211=y
1822CONFIG_PCMCIA_RAYCS=m
1823CONFIG_LIBERTAS=m
1824CONFIG_LIBERTAS_USB=m
1825CONFIG_LIBERTAS_CS=m
1826CONFIG_LIBERTAS_SDIO=m
1827CONFIG_LIBERTAS_SPI=m
1828# CONFIG_LIBERTAS_DEBUG is not set
1829CONFIG_LIBERTAS_THINFIRM=m
1830CONFIG_LIBERTAS_THINFIRM_USB=m
1831CONFIG_AIRO=m
1832CONFIG_ATMEL=m
1833CONFIG_PCI_ATMEL=m
1834CONFIG_PCMCIA_ATMEL=m
1835CONFIG_AT76C50X_USB=m
1836CONFIG_AIRO_CS=m
1837CONFIG_PCMCIA_WL3501=m
1838CONFIG_PRISM54=m
1839CONFIG_USB_ZD1201=m
1840CONFIG_USB_NET_RNDIS_WLAN=m
1841CONFIG_RTL8180=m
1842CONFIG_RTL8187=m
1843CONFIG_RTL8187_LEDS=y
1844CONFIG_ADM8211=m
1845CONFIG_MAC80211_HWSIM=m
1846CONFIG_MWL8K=m
1847CONFIG_P54_COMMON=m
1848CONFIG_P54_USB=m
1849CONFIG_P54_PCI=m
1850CONFIG_P54_SPI=m
1851CONFIG_P54_LEDS=y
1852CONFIG_ATH_COMMON=m
1853CONFIG_ATH5K=m
1854# CONFIG_ATH5K_DEBUG is not set
1855CONFIG_ATH9K=m
1856# CONFIG_ATH9K_DEBUG is not set
1857CONFIG_AR9170_USB=m
1858CONFIG_AR9170_LEDS=y
1859CONFIG_IPW2100=m
1860CONFIG_IPW2100_MONITOR=y
1861# CONFIG_IPW2100_DEBUG is not set
1862CONFIG_IPW2200=m
1863CONFIG_IPW2200_MONITOR=y
1864CONFIG_IPW2200_RADIOTAP=y
1865CONFIG_IPW2200_PROMISCUOUS=y
1866CONFIG_IPW2200_QOS=y
1867# CONFIG_IPW2200_DEBUG is not set
1868CONFIG_LIBIPW=m
1869# CONFIG_LIBIPW_DEBUG is not set
1870CONFIG_IWLWIFI=m
1871# CONFIG_IWLWIFI_LEDS is not set
1872# CONFIG_IWLWIFI_SPECTRUM_MEASUREMENT is not set
1873# CONFIG_IWLWIFI_DEBUG is not set
1874CONFIG_IWLAGN=m
1875CONFIG_IWL4965=y
1876CONFIG_IWL5000=y
1877CONFIG_IWL3945=m
1878# CONFIG_IWL3945_SPECTRUM_MEASUREMENT is not set
1879CONFIG_HOSTAP=m
1880CONFIG_HOSTAP_FIRMWARE=y
1881CONFIG_HOSTAP_FIRMWARE_NVRAM=y
1882CONFIG_HOSTAP_PLX=m
1883CONFIG_HOSTAP_PCI=m
1884CONFIG_HOSTAP_CS=m
1885CONFIG_B43=m
1886CONFIG_B43_PCI_AUTOSELECT=y
1887CONFIG_B43_PCICORE_AUTOSELECT=y
1888CONFIG_B43_PCMCIA=y
1889CONFIG_B43_SDIO=y
1890CONFIG_B43_PIO=y
1891CONFIG_B43_PHY_LP=y
1892CONFIG_B43_LEDS=y
1893CONFIG_B43_HWRNG=y
1894# CONFIG_B43_DEBUG is not set
1895CONFIG_B43LEGACY=m
1896CONFIG_B43LEGACY_PCI_AUTOSELECT=y
1897CONFIG_B43LEGACY_PCICORE_AUTOSELECT=y
1898CONFIG_B43LEGACY_LEDS=y
1899CONFIG_B43LEGACY_HWRNG=y
1900CONFIG_B43LEGACY_DEBUG=y
1901CONFIG_B43LEGACY_DMA=y
1902CONFIG_B43LEGACY_PIO=y
1903CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y
1904# CONFIG_B43LEGACY_DMA_MODE is not set
1905# CONFIG_B43LEGACY_PIO_MODE is not set
1906CONFIG_ZD1211RW=m
1907# CONFIG_ZD1211RW_DEBUG is not set
1908CONFIG_RT2X00=m
1909CONFIG_RT2400PCI=m
1910CONFIG_RT2500PCI=m
1911CONFIG_RT61PCI=m
1912CONFIG_RT2500USB=m
1913CONFIG_RT73USB=m
1914CONFIG_RT2800USB=m
1915CONFIG_RT2X00_LIB_PCI=m
1916CONFIG_RT2X00_LIB_USB=m
1917CONFIG_RT2X00_LIB=m
1918CONFIG_RT2X00_LIB_HT=y
1919CONFIG_RT2X00_LIB_FIRMWARE=y
1920CONFIG_RT2X00_LIB_CRYPTO=y
1921CONFIG_RT2X00_LIB_LEDS=y
1922# CONFIG_RT2X00_DEBUG is not set
1923CONFIG_HERMES=m
1924CONFIG_HERMES_CACHE_FW_ON_INIT=y
1925CONFIG_PLX_HERMES=m
1926CONFIG_TMD_HERMES=m
1927CONFIG_NORTEL_HERMES=m
1928CONFIG_PCI_HERMES=m
1929CONFIG_PCMCIA_HERMES=m
1930CONFIG_PCMCIA_SPECTRUM=m
1931CONFIG_WL12XX=m
1932CONFIG_WL1251=m
1933CONFIG_WL1251_SPI=m
1934CONFIG_WL1251_SDIO=m
1935CONFIG_WL1271=m
1936CONFIG_IWM=m
1937# CONFIG_IWM_DEBUG is not set
1938
1939#
1940# WiMAX Wireless Broadband devices
1941#
1942CONFIG_WIMAX_I2400M=m
1943CONFIG_WIMAX_I2400M_USB=m
1944CONFIG_WIMAX_I2400M_SDIO=m
1945CONFIG_WIMAX_I2400M_DEBUG_LEVEL=8
1946
1947#
1948# USB Network Adapters
1949#
1950CONFIG_USB_CATC=m
1951CONFIG_USB_KAWETH=m
1952CONFIG_USB_PEGASUS=m
1953CONFIG_USB_RTL8150=m
1954CONFIG_USB_USBNET=m
1955CONFIG_USB_NET_AX8817X=m
1956CONFIG_USB_NET_CDCETHER=m
1957CONFIG_USB_NET_CDC_EEM=m
1958CONFIG_USB_NET_DM9601=m
1959CONFIG_USB_NET_SMSC95XX=m
1960CONFIG_USB_NET_GL620A=m
1961CONFIG_USB_NET_NET1080=m
1962CONFIG_USB_NET_PLUSB=m
1963CONFIG_USB_NET_MCS7830=m
1964CONFIG_USB_NET_RNDIS_HOST=m
1965CONFIG_USB_NET_CDC_SUBSET=m
1966CONFIG_USB_ALI_M5632=y
1967CONFIG_USB_AN2720=y
1968CONFIG_USB_BELKIN=y
1969CONFIG_USB_ARMLINUX=y
1970CONFIG_USB_EPSON2888=y
1971CONFIG_USB_KC2190=y
1972CONFIG_USB_NET_ZAURUS=m
1973CONFIG_USB_HSO=m
1974CONFIG_USB_NET_INT51X1=m
1975CONFIG_USB_CDC_PHONET=m
1976CONFIG_NET_PCMCIA=y
1977CONFIG_PCMCIA_3C589=m
1978CONFIG_PCMCIA_3C574=m
1979CONFIG_PCMCIA_FMVJ18X=m
1980CONFIG_PCMCIA_PCNET=m
1981CONFIG_PCMCIA_NMCLAN=m
1982CONFIG_PCMCIA_SMC91C92=m
1983CONFIG_PCMCIA_XIRC2PS=m
1984CONFIG_PCMCIA_AXNET=m
1985CONFIG_ARCNET_COM20020_CS=m
1986CONFIG_WAN=y
1987CONFIG_HOSTESS_SV11=m
1988CONFIG_COSA=m
1989CONFIG_LANMEDIA=m
1990CONFIG_SEALEVEL_4021=m
1991CONFIG_HDLC=m
1992CONFIG_HDLC_RAW=m
1993CONFIG_HDLC_RAW_ETH=m
1994CONFIG_HDLC_CISCO=m
1995CONFIG_HDLC_FR=m
1996CONFIG_HDLC_PPP=m
1997CONFIG_HDLC_X25=m
1998CONFIG_PCI200SYN=m
1999CONFIG_WANXL=m
2000# CONFIG_WANXL_BUILD_FIRMWARE is not set
2001CONFIG_PC300TOO=m
2002CONFIG_N2=m
2003CONFIG_C101=m
2004CONFIG_FARSYNC=m
2005CONFIG_DSCC4=m
2006CONFIG_DSCC4_PCISYNC=y
2007CONFIG_DSCC4_PCI_RST=y
2008CONFIG_DLCI=m
2009CONFIG_DLCI_MAX=8
2010CONFIG_SDLA=m
2011CONFIG_WAN_ROUTER_DRIVERS=m
2012CONFIG_CYCLADES_SYNC=m
2013CONFIG_CYCLOMX_X25=y
2014CONFIG_LAPBETHER=m
2015CONFIG_X25_ASY=m
2016CONFIG_SBNI=m
2017CONFIG_SBNI_MULTILINE=y
2018CONFIG_ATM_DRIVERS=y
2019CONFIG_ATM_DUMMY=m
2020CONFIG_ATM_TCP=m
2021CONFIG_ATM_LANAI=m
2022CONFIG_ATM_ENI=m
2023# CONFIG_ATM_ENI_DEBUG is not set
2024# CONFIG_ATM_ENI_TUNE_BURST is not set
2025CONFIG_ATM_FIRESTREAM=m
2026CONFIG_ATM_ZATM=m
2027# CONFIG_ATM_ZATM_DEBUG is not set
2028CONFIG_ATM_NICSTAR=m
2029CONFIG_ATM_NICSTAR_USE_SUNI=y
2030CONFIG_ATM_NICSTAR_USE_IDT77105=y
2031CONFIG_ATM_IDT77252=m
2032# CONFIG_ATM_IDT77252_DEBUG is not set
2033# CONFIG_ATM_IDT77252_RCV_ALL is not set
2034CONFIG_ATM_IDT77252_USE_SUNI=y
2035CONFIG_ATM_AMBASSADOR=m
2036# CONFIG_ATM_AMBASSADOR_DEBUG is not set
2037CONFIG_ATM_HORIZON=m
2038# CONFIG_ATM_HORIZON_DEBUG is not set
2039CONFIG_ATM_IA=m
2040# CONFIG_ATM_IA_DEBUG is not set
2041CONFIG_ATM_FORE200E=m
2042CONFIG_ATM_FORE200E_USE_TASKLET=y
2043CONFIG_ATM_FORE200E_TX_RETRY=16
2044CONFIG_ATM_FORE200E_DEBUG=0
2045CONFIG_ATM_HE=m
2046CONFIG_ATM_HE_USE_SUNI=y
2047CONFIG_ATM_SOLOS=m
2048CONFIG_IEEE802154_DRIVERS=m
2049CONFIG_IEEE802154_FAKEHARD=m
2050CONFIG_FDDI=y
2051CONFIG_DEFXX=m
2052# CONFIG_DEFXX_MMIO is not set
2053CONFIG_SKFP=m
2054CONFIG_HIPPI=y
2055CONFIG_ROADRUNNER=m
2056# CONFIG_ROADRUNNER_LARGE_RINGS is not set
2057CONFIG_PLIP=m
2058CONFIG_PPP=m
2059CONFIG_PPP_MULTILINK=y
2060CONFIG_PPP_FILTER=y
2061CONFIG_PPP_ASYNC=m
2062CONFIG_PPP_SYNC_TTY=m
2063CONFIG_PPP_DEFLATE=m
2064CONFIG_PPP_BSDCOMP=m
2065CONFIG_PPP_MPPE=m
2066CONFIG_PPPOE=m
2067CONFIG_PPPOATM=m
2068CONFIG_PPPOL2TP=m
2069CONFIG_SLIP=m
2070CONFIG_SLIP_COMPRESSED=y
2071CONFIG_SLHC=m
2072CONFIG_SLIP_SMART=y
2073CONFIG_SLIP_MODE_SLIP6=y
2074# CONFIG_NET_FC is not set
2075CONFIG_NETCONSOLE=m
2076CONFIG_NETCONSOLE_DYNAMIC=y
2077CONFIG_NETPOLL=y
2078# CONFIG_NETPOLL_TRAP is not set
2079CONFIG_NET_POLL_CONTROLLER=y
2080CONFIG_VIRTIO_NET=m
2081CONFIG_VMXNET3=m
2082CONFIG_ISDN=y
2083# CONFIG_ISDN_I4L is not set
2084CONFIG_MISDN=m
2085CONFIG_MISDN_DSP=m
2086CONFIG_MISDN_L1OIP=m
2087
2088#
2089# mISDN hardware drivers
2090#
2091CONFIG_MISDN_HFCPCI=m
2092CONFIG_MISDN_HFCMULTI=m
2093CONFIG_MISDN_HFCUSB=m
2094CONFIG_MISDN_AVMFRITZ=m
2095# CONFIG_MISDN_SPEEDFAX is not set
2096# CONFIG_MISDN_INFINEON is not set
2097# CONFIG_MISDN_W6692 is not set
2098# CONFIG_MISDN_NETJET is not set
2099CONFIG_MISDN_IPAC=m
2100CONFIG_ISDN_CAPI=m
2101# CONFIG_ISDN_DRV_AVMB1_VERBOSE_REASON is not set
2102# CONFIG_CAPI_TRACE is not set
2103CONFIG_ISDN_CAPI_MIDDLEWARE=y
2104CONFIG_ISDN_CAPI_CAPI20=m
2105CONFIG_ISDN_CAPI_CAPIFS_BOOL=y
2106CONFIG_ISDN_CAPI_CAPIFS=m
2107
2108#
2109# CAPI hardware drivers
2110#
2111CONFIG_CAPI_AVM=y
2112CONFIG_ISDN_DRV_AVMB1_B1ISA=m
2113CONFIG_ISDN_DRV_AVMB1_B1PCI=m
2114CONFIG_ISDN_DRV_AVMB1_B1PCIV4=y
2115CONFIG_ISDN_DRV_AVMB1_T1ISA=m
2116CONFIG_ISDN_DRV_AVMB1_B1PCMCIA=m
2117CONFIG_ISDN_DRV_AVMB1_AVM_CS=m
2118CONFIG_ISDN_DRV_AVMB1_T1PCI=m
2119CONFIG_ISDN_DRV_AVMB1_C4=m
2120CONFIG_CAPI_EICON=y
2121CONFIG_ISDN_DIVAS=m
2122CONFIG_ISDN_DIVAS_BRIPCI=y
2123CONFIG_ISDN_DIVAS_PRIPCI=y
2124CONFIG_ISDN_DIVAS_DIVACAPI=m
2125CONFIG_ISDN_DIVAS_USERIDI=m
2126CONFIG_ISDN_DIVAS_MAINT=m
2127# CONFIG_PHONE is not set
2128
2129#
2130# Input device support
2131#
2132CONFIG_INPUT=y
2133CONFIG_INPUT_FF_MEMLESS=m
2134CONFIG_INPUT_POLLDEV=m
2135
2136#
2137# Userland interfaces
2138#
2139CONFIG_INPUT_MOUSEDEV=m
2140CONFIG_INPUT_MOUSEDEV_PSAUX=y
2141CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
2142CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
2143CONFIG_INPUT_JOYDEV=m
2144CONFIG_INPUT_EVDEV=m
2145CONFIG_INPUT_EVBUG=m
2146
2147#
2148# Input Device Drivers
2149#
2150CONFIG_INPUT_KEYBOARD=y
2151# CONFIG_KEYBOARD_ADP5588 is not set
2152CONFIG_KEYBOARD_ATKBD=y
2153CONFIG_QT2160=m
2154CONFIG_KEYBOARD_LKKBD=m
2155CONFIG_KEYBOARD_GPIO=m
2156CONFIG_KEYBOARD_MATRIX=m
2157CONFIG_KEYBOARD_LM8323=m
2158# CONFIG_KEYBOARD_MAX7359 is not set
2159CONFIG_KEYBOARD_NEWTON=m
2160# CONFIG_KEYBOARD_OPENCORES is not set
2161CONFIG_KEYBOARD_STOWAWAY=m
2162CONFIG_KEYBOARD_SUNKBD=m
2163CONFIG_KEYBOARD_XTKBD=m
2164CONFIG_INPUT_MOUSE=y
2165CONFIG_MOUSE_PS2=m
2166CONFIG_MOUSE_PS2_ALPS=y
2167CONFIG_MOUSE_PS2_LOGIPS2PP=y
2168CONFIG_MOUSE_PS2_SYNAPTICS=y
2169CONFIG_MOUSE_PS2_LIFEBOOK=y
2170CONFIG_MOUSE_PS2_TRACKPOINT=y
2171# CONFIG_MOUSE_PS2_ELANTECH is not set
2172# CONFIG_MOUSE_PS2_SENTELIC is not set
2173# CONFIG_MOUSE_PS2_TOUCHKIT is not set
2174CONFIG_MOUSE_SERIAL=m
2175CONFIG_MOUSE_APPLETOUCH=m
2176CONFIG_MOUSE_BCM5974=m
2177CONFIG_MOUSE_INPORT=m
2178# CONFIG_MOUSE_ATIXL is not set
2179CONFIG_MOUSE_LOGIBM=m
2180CONFIG_MOUSE_PC110PAD=m
2181CONFIG_MOUSE_VSXXXAA=m
2182CONFIG_MOUSE_GPIO=m
2183CONFIG_MOUSE_SYNAPTICS_I2C=m
2184# CONFIG_INPUT_JOYSTICK is not set
2185# CONFIG_INPUT_TABLET is not set
2186CONFIG_INPUT_TOUCHSCREEN=y
2187CONFIG_TOUCHSCREEN_ADS7846=m
2188CONFIG_TOUCHSCREEN_AD7877=m
2189CONFIG_TOUCHSCREEN_AD7879_I2C=m
2190CONFIG_TOUCHSCREEN_AD7879=m
2191CONFIG_TOUCHSCREEN_EETI=m
2192CONFIG_TOUCHSCREEN_FUJITSU=m
2193CONFIG_TOUCHSCREEN_GUNZE=m
2194CONFIG_TOUCHSCREEN_ELO=m
2195CONFIG_TOUCHSCREEN_WACOM_W8001=m
2196# CONFIG_TOUCHSCREEN_MCS5000 is not set
2197CONFIG_TOUCHSCREEN_MTOUCH=m
2198CONFIG_TOUCHSCREEN_INEXIO=m
2199CONFIG_TOUCHSCREEN_MK712=m
2200CONFIG_TOUCHSCREEN_HTCPEN=m
2201CONFIG_TOUCHSCREEN_PENMOUNT=m
2202CONFIG_TOUCHSCREEN_TOUCHRIGHT=m
2203CONFIG_TOUCHSCREEN_TOUCHWIN=m
2204CONFIG_TOUCHSCREEN_UCB1400=m
2205CONFIG_TOUCHSCREEN_WM97XX=m
2206CONFIG_TOUCHSCREEN_WM9705=y
2207CONFIG_TOUCHSCREEN_WM9712=y
2208CONFIG_TOUCHSCREEN_WM9713=y
2209CONFIG_TOUCHSCREEN_USB_COMPOSITE=m
2210CONFIG_TOUCHSCREEN_USB_EGALAX=y
2211CONFIG_TOUCHSCREEN_USB_PANJIT=y
2212CONFIG_TOUCHSCREEN_USB_3M=y
2213CONFIG_TOUCHSCREEN_USB_ITM=y
2214CONFIG_TOUCHSCREEN_USB_ETURBO=y
2215CONFIG_TOUCHSCREEN_USB_GUNZE=y
2216CONFIG_TOUCHSCREEN_USB_DMC_TSC10=y
2217CONFIG_TOUCHSCREEN_USB_IRTOUCH=y
2218CONFIG_TOUCHSCREEN_USB_IDEALTEK=y
2219CONFIG_TOUCHSCREEN_USB_GENERAL_TOUCH=y
2220CONFIG_TOUCHSCREEN_USB_GOTOP=y
2221CONFIG_TOUCHSCREEN_USB_JASTEC=y
2222CONFIG_TOUCHSCREEN_USB_E2I=y
2223CONFIG_TOUCHSCREEN_TOUCHIT213=m
2224CONFIG_TOUCHSCREEN_TSC2007=m
2225CONFIG_INPUT_MISC=y
2226CONFIG_INPUT_PCSPKR=m
2227CONFIG_INPUT_APANEL=m
2228CONFIG_INPUT_WISTRON_BTNS=m
2229CONFIG_INPUT_ATLAS_BTNS=m
2230CONFIG_INPUT_ATI_REMOTE=m
2231CONFIG_INPUT_ATI_REMOTE2=m
2232CONFIG_INPUT_KEYSPAN_REMOTE=m
2233CONFIG_INPUT_POWERMATE=m
2234CONFIG_INPUT_YEALINK=m
2235CONFIG_INPUT_CM109=m
2236CONFIG_INPUT_UINPUT=m
2237CONFIG_INPUT_WINBOND_CIR=m
2238CONFIG_INPUT_PCF50633_PMU=m
2239CONFIG_INPUT_GPIO_ROTARY_ENCODER=m
2240
2241#
2242# Hardware I/O ports
2243#
2244CONFIG_SERIO=y
2245CONFIG_SERIO_I8042=y
2246CONFIG_SERIO_SERPORT=m
2247CONFIG_SERIO_CT82C710=m
2248CONFIG_SERIO_PARKBD=m
2249CONFIG_SERIO_PCIPS2=m
2250CONFIG_SERIO_LIBPS2=y
2251CONFIG_SERIO_RAW=m
2252# CONFIG_GAMEPORT is not set
2253
2254#
2255# Character devices
2256#
2257CONFIG_VT=y
2258CONFIG_CONSOLE_TRANSLATIONS=y
2259CONFIG_VT_CONSOLE=y
2260CONFIG_HW_CONSOLE=y
2261# CONFIG_VT_HW_CONSOLE_BINDING is not set
2262# CONFIG_DEVKMEM is not set
2263CONFIG_SERIAL_NONSTANDARD=y
2264CONFIG_COMPUTONE=m
2265CONFIG_ROCKETPORT=m
2266CONFIG_CYCLADES=m
2267# CONFIG_CYZ_INTR is not set
2268CONFIG_DIGIEPCA=m
2269CONFIG_MOXA_INTELLIO=m
2270CONFIG_MOXA_SMARTIO=m
2271CONFIG_ISI=m
2272CONFIG_SYNCLINK=m
2273CONFIG_SYNCLINKMP=m
2274CONFIG_SYNCLINK_GT=m
2275CONFIG_N_HDLC=m
2276CONFIG_RISCOM8=m
2277CONFIG_SPECIALIX=m
2278CONFIG_STALDRV=y
2279CONFIG_STALLION=m
2280CONFIG_ISTALLION=m
2281CONFIG_NOZOMI=m
2282
2283#
2284# Serial drivers
2285#
2286CONFIG_SERIAL_8250=y
2287CONFIG_SERIAL_8250_CONSOLE=y
2288CONFIG_FIX_EARLYCON_MEM=y
2289CONFIG_SERIAL_8250_PCI=y
2290CONFIG_SERIAL_8250_PNP=y
2291CONFIG_SERIAL_8250_CS=m
2292CONFIG_SERIAL_8250_NR_UARTS=16
2293CONFIG_SERIAL_8250_RUNTIME_UARTS=4
2294CONFIG_SERIAL_8250_EXTENDED=y
2295CONFIG_SERIAL_8250_MANY_PORTS=y
2296CONFIG_SERIAL_8250_FOURPORT=m
2297CONFIG_SERIAL_8250_ACCENT=m
2298CONFIG_SERIAL_8250_BOCA=m
2299CONFIG_SERIAL_8250_EXAR_ST16C554=m
2300CONFIG_SERIAL_8250_HUB6=m
2301CONFIG_SERIAL_8250_SHARE_IRQ=y
2302# CONFIG_SERIAL_8250_DETECT_IRQ is not set
2303CONFIG_SERIAL_8250_RSA=y
2304
2305#
2306# Non-8250 serial port support
2307#
2308CONFIG_SERIAL_MAX3100=m
2309CONFIG_SERIAL_CORE=y
2310CONFIG_SERIAL_CORE_CONSOLE=y
2311CONFIG_SERIAL_JSM=m
2312CONFIG_UNIX98_PTYS=y
2313# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
2314# CONFIG_LEGACY_PTYS is not set
2315CONFIG_PRINTER=m
2316# CONFIG_LP_CONSOLE is not set
2317CONFIG_PPDEV=m
2318CONFIG_HVC_DRIVER=y
2319CONFIG_VIRTIO_CONSOLE=y
2320CONFIG_IPMI_HANDLER=m
2321# CONFIG_IPMI_PANIC_EVENT is not set
2322CONFIG_IPMI_DEVICE_INTERFACE=m
2323CONFIG_IPMI_SI=m
2324CONFIG_IPMI_WATCHDOG=m
2325CONFIG_IPMI_POWEROFF=m
2326CONFIG_HW_RANDOM=m
2327CONFIG_HW_RANDOM_TIMERIOMEM=m
2328CONFIG_HW_RANDOM_INTEL=m
2329CONFIG_HW_RANDOM_AMD=m
2330CONFIG_HW_RANDOM_GEODE=m
2331CONFIG_HW_RANDOM_VIA=m
2332CONFIG_HW_RANDOM_VIRTIO=m
2333CONFIG_NVRAM=m
2334CONFIG_DTLK=m
2335CONFIG_R3964=m
2336CONFIG_APPLICOM=m
2337CONFIG_SONYPI=m
2338
2339#
2340# PCMCIA character devices
2341#
2342CONFIG_SYNCLINK_CS=m
2343CONFIG_CARDMAN_4000=m
2344CONFIG_CARDMAN_4040=m
2345CONFIG_IPWIRELESS=m
2346CONFIG_MWAVE=m
2347CONFIG_SCx200_GPIO=m
2348CONFIG_PC8736x_GPIO=m
2349CONFIG_NSC_GPIO=m
2350CONFIG_CS5535_GPIO=m
2351CONFIG_RAW_DRIVER=m
2352CONFIG_MAX_RAW_DEVS=256
2353CONFIG_HPET=y
2354CONFIG_HPET_MMAP=y
2355CONFIG_HANGCHECK_TIMER=m
2356CONFIG_TCG_TPM=m
2357CONFIG_TCG_TIS=m
2358CONFIG_TCG_NSC=m
2359CONFIG_TCG_ATMEL=m
2360CONFIG_TCG_INFINEON=m
2361CONFIG_TELCLOCK=m
2362CONFIG_DEVPORT=y
2363CONFIG_I2C=m
2364CONFIG_I2C_BOARDINFO=y
2365CONFIG_I2C_COMPAT=y
2366CONFIG_I2C_CHARDEV=m
2367CONFIG_I2C_HELPER_AUTO=y
2368CONFIG_I2C_ALGOBIT=m
2369CONFIG_I2C_ALGOPCA=m
2370
2371#
2372# I2C Hardware Bus support
2373#
2374
2375#
2376# PC SMBus host controller drivers
2377#
2378CONFIG_I2C_ALI1535=m
2379CONFIG_I2C_ALI1563=m
2380CONFIG_I2C_ALI15X3=m
2381CONFIG_I2C_AMD756=m
2382CONFIG_I2C_AMD756_S4882=m
2383CONFIG_I2C_AMD8111=m
2384CONFIG_I2C_I801=m
2385CONFIG_I2C_ISCH=m
2386CONFIG_I2C_PIIX4=m
2387CONFIG_I2C_NFORCE2=m
2388CONFIG_I2C_NFORCE2_S4985=m
2389CONFIG_I2C_SIS5595=m
2390CONFIG_I2C_SIS630=m
2391CONFIG_I2C_SIS96X=m
2392CONFIG_I2C_VIA=m
2393CONFIG_I2C_VIAPRO=m
2394
2395#
2396# ACPI drivers
2397#
2398CONFIG_I2C_SCMI=m
2399
2400#
2401# I2C system bus drivers (mostly embedded / system-on-chip)
2402#
2403CONFIG_I2C_GPIO=m
2404CONFIG_I2C_OCORES=m
2405CONFIG_I2C_SIMTEC=m
2406
2407#
2408# External I2C/SMBus adapter drivers
2409#
2410CONFIG_I2C_PARPORT=m
2411CONFIG_I2C_PARPORT_LIGHT=m
2412CONFIG_I2C_TAOS_EVM=m
2413CONFIG_I2C_TINY_USB=m
2414
2415#
2416# Graphics adapter I2C/DDC channel drivers
2417#
2418CONFIG_I2C_VOODOO3=m
2419
2420#
2421# Other I2C/SMBus bus drivers
2422#
2423CONFIG_I2C_PCA_ISA=m
2424CONFIG_I2C_PCA_PLATFORM=m
2425CONFIG_I2C_STUB=m
2426CONFIG_SCx200_I2C=m
2427CONFIG_SCx200_I2C_SCL=12
2428CONFIG_SCx200_I2C_SDA=13
2429CONFIG_SCx200_ACB=m
2430
2431#
2432# Miscellaneous I2C Chip support
2433#
2434CONFIG_DS1682=m
2435CONFIG_SENSORS_TSL2550=m
2436# CONFIG_I2C_DEBUG_CORE is not set
2437# CONFIG_I2C_DEBUG_ALGO is not set
2438# CONFIG_I2C_DEBUG_BUS is not set
2439# CONFIG_I2C_DEBUG_CHIP is not set
2440CONFIG_SPI=y
2441CONFIG_SPI_MASTER=y
2442
2443#
2444# SPI Master Controller Drivers
2445#
2446CONFIG_SPI_BITBANG=m
2447CONFIG_SPI_BUTTERFLY=m
2448CONFIG_SPI_GPIO=m
2449CONFIG_SPI_LM70_LLP=m
2450
2451#
2452# SPI Protocol Masters
2453#
2454CONFIG_SPI_SPIDEV=m
2455CONFIG_SPI_TLE62X0=m
2456
2457#
2458# PPS support
2459#
2460# CONFIG_PPS is not set
2461CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
2462CONFIG_GPIOLIB=y
2463# CONFIG_GPIO_SYSFS is not set
2464
2465#
2466# Memory mapped GPIO expanders:
2467#
2468
2469#
2470# I2C GPIO expanders:
2471#
2472CONFIG_GPIO_MAX732X=m
2473CONFIG_GPIO_PCA953X=m
2474CONFIG_GPIO_PCF857X=m
2475
2476#
2477# PCI GPIO expanders:
2478#
2479# CONFIG_GPIO_LANGWELL is not set
2480
2481#
2482# SPI GPIO expanders:
2483#
2484CONFIG_GPIO_MAX7301=m
2485CONFIG_GPIO_MCP23S08=m
2486# CONFIG_GPIO_MC33880 is not set
2487
2488#
2489# AC97 GPIO expanders:
2490#
2491# CONFIG_GPIO_UCB1400 is not set
2492CONFIG_W1=m
2493CONFIG_W1_CON=y
2494
2495#
2496# 1-wire Bus Masters
2497#
2498CONFIG_W1_MASTER_MATROX=m
2499CONFIG_W1_MASTER_DS2490=m
2500CONFIG_W1_MASTER_DS2482=m
2501CONFIG_W1_MASTER_GPIO=m
2502
2503#
2504# 1-wire Slaves
2505#
2506CONFIG_W1_SLAVE_THERM=m
2507CONFIG_W1_SLAVE_SMEM=m
2508CONFIG_W1_SLAVE_DS2431=m
2509CONFIG_W1_SLAVE_DS2433=m
2510# CONFIG_W1_SLAVE_DS2433_CRC is not set
2511CONFIG_W1_SLAVE_DS2760=m
2512CONFIG_W1_SLAVE_BQ27000=m
2513CONFIG_POWER_SUPPLY=y
2514# CONFIG_POWER_SUPPLY_DEBUG is not set
2515CONFIG_PDA_POWER=m
2516CONFIG_WM8350_POWER=m
2517CONFIG_BATTERY_DS2760=m
2518CONFIG_BATTERY_DS2782=m
2519CONFIG_BATTERY_BQ27x00=m
2520CONFIG_BATTERY_MAX17040=m
2521CONFIG_CHARGER_PCF50633=m
2522CONFIG_HWMON=m
2523CONFIG_HWMON_VID=m
2524# CONFIG_HWMON_DEBUG_CHIP is not set
2525
2526#
2527# Native drivers
2528#
2529CONFIG_SENSORS_ABITUGURU=m
2530CONFIG_SENSORS_ABITUGURU3=m
2531CONFIG_SENSORS_AD7414=m
2532CONFIG_SENSORS_AD7418=m
2533CONFIG_SENSORS_ADCXX=m
2534CONFIG_SENSORS_ADM1021=m
2535CONFIG_SENSORS_ADM1025=m
2536CONFIG_SENSORS_ADM1026=m
2537CONFIG_SENSORS_ADM1029=m
2538CONFIG_SENSORS_ADM1031=m
2539CONFIG_SENSORS_ADM9240=m
2540CONFIG_SENSORS_ADT7462=m
2541CONFIG_SENSORS_ADT7470=m
2542CONFIG_SENSORS_ADT7473=m
2543CONFIG_SENSORS_ADT7475=m
2544CONFIG_SENSORS_K8TEMP=m
2545CONFIG_SENSORS_ASB100=m
2546CONFIG_SENSORS_ATXP1=m
2547CONFIG_SENSORS_DS1621=m
2548CONFIG_SENSORS_I5K_AMB=m
2549CONFIG_SENSORS_F71805F=m
2550CONFIG_SENSORS_F71882FG=m
2551CONFIG_SENSORS_F75375S=m
2552CONFIG_SENSORS_FSCHMD=m
2553CONFIG_SENSORS_G760A=m
2554CONFIG_SENSORS_GL518SM=m
2555CONFIG_SENSORS_GL520SM=m
2556CONFIG_SENSORS_CORETEMP=m
2557CONFIG_SENSORS_IBMAEM=m
2558CONFIG_SENSORS_IBMPEX=m
2559CONFIG_SENSORS_IT87=m
2560CONFIG_SENSORS_LM63=m
2561CONFIG_SENSORS_LM70=m
2562CONFIG_SENSORS_LM75=m
2563CONFIG_SENSORS_LM77=m
2564CONFIG_SENSORS_LM78=m
2565CONFIG_SENSORS_LM80=m
2566CONFIG_SENSORS_LM83=m
2567CONFIG_SENSORS_LM85=m
2568CONFIG_SENSORS_LM87=m
2569CONFIG_SENSORS_LM90=m
2570CONFIG_SENSORS_LM92=m
2571CONFIG_SENSORS_LM93=m
2572CONFIG_SENSORS_LTC4215=m
2573CONFIG_SENSORS_LTC4245=m
2574CONFIG_SENSORS_LM95241=m
2575CONFIG_SENSORS_MAX1111=m
2576CONFIG_SENSORS_MAX1619=m
2577CONFIG_SENSORS_MAX6650=m
2578CONFIG_SENSORS_PC87360=m
2579CONFIG_SENSORS_PC87427=m
2580CONFIG_SENSORS_PCF8591=m
2581CONFIG_SENSORS_SHT15=m
2582CONFIG_SENSORS_SIS5595=m
2583CONFIG_SENSORS_DME1737=m
2584CONFIG_SENSORS_SMSC47M1=m
2585CONFIG_SENSORS_SMSC47M192=m
2586CONFIG_SENSORS_SMSC47B397=m
2587CONFIG_SENSORS_ADS7828=m
2588CONFIG_SENSORS_THMC50=m
2589CONFIG_SENSORS_TMP401=m
2590CONFIG_SENSORS_TMP421=m
2591CONFIG_SENSORS_VIA686A=m
2592CONFIG_SENSORS_VT1211=m
2593CONFIG_SENSORS_VT8231=m
2594CONFIG_SENSORS_W83781D=m
2595CONFIG_SENSORS_W83791D=m
2596CONFIG_SENSORS_W83792D=m
2597CONFIG_SENSORS_W83793=m
2598CONFIG_SENSORS_W83L785TS=m
2599CONFIG_SENSORS_W83L786NG=m
2600CONFIG_SENSORS_W83627HF=m
2601CONFIG_SENSORS_W83627EHF=m
2602# CONFIG_SENSORS_WM8350 is not set
2603CONFIG_SENSORS_HDAPS=m
2604CONFIG_SENSORS_APPLESMC=m
2605
2606#
2607# ACPI drivers
2608#
2609CONFIG_SENSORS_ATK0110=m
2610CONFIG_SENSORS_LIS3LV02D=m
2611CONFIG_THERMAL=y
2612CONFIG_WATCHDOG=y
2613# CONFIG_WATCHDOG_NOWAYOUT is not set
2614
2615#
2616# Watchdog Device Drivers
2617#
2618CONFIG_SOFT_WATCHDOG=m
2619CONFIG_WM8350_WATCHDOG=m
2620CONFIG_ACQUIRE_WDT=m
2621CONFIG_ADVANTECH_WDT=m
2622CONFIG_ALIM1535_WDT=m
2623CONFIG_ALIM7101_WDT=m
2624CONFIG_SC520_WDT=m
2625# CONFIG_SBC_FITPC2_WATCHDOG is not set
2626CONFIG_EUROTECH_WDT=m
2627CONFIG_IB700_WDT=m
2628CONFIG_IBMASR=m
2629CONFIG_WAFER_WDT=m
2630CONFIG_I6300ESB_WDT=m
2631CONFIG_ITCO_WDT=m
2632CONFIG_ITCO_VENDOR_SUPPORT=y
2633CONFIG_IT8712F_WDT=m
2634CONFIG_IT87_WDT=m
2635# CONFIG_HP_WATCHDOG is not set
2636CONFIG_SC1200_WDT=m
2637CONFIG_SCx200_WDT=m
2638CONFIG_PC87413_WDT=m
2639CONFIG_60XX_WDT=m
2640CONFIG_SBC8360_WDT=m
2641CONFIG_SBC7240_WDT=m
2642CONFIG_CPU5_WDT=m
2643CONFIG_SMSC_SCH311X_WDT=m
2644CONFIG_SMSC37B787_WDT=m
2645CONFIG_W83627HF_WDT=m
2646CONFIG_W83697HF_WDT=m
2647CONFIG_W83697UG_WDT=m
2648CONFIG_W83877F_WDT=m
2649CONFIG_W83977F_WDT=m
2650CONFIG_MACHZ_WDT=m
2651CONFIG_SBC_EPX_C3_WATCHDOG=m
2652
2653#
2654# ISA-based Watchdog Cards
2655#
2656CONFIG_PCWATCHDOG=m
2657CONFIG_MIXCOMWD=m
2658CONFIG_WDT=m
2659
2660#
2661# PCI-based Watchdog Cards
2662#
2663CONFIG_PCIPCWATCHDOG=m
2664CONFIG_WDTPCI=m
2665
2666#
2667# USB-based Watchdog Cards
2668#
2669CONFIG_USBPCWATCHDOG=m
2670CONFIG_SSB_POSSIBLE=y
2671
2672#
2673# Sonics Silicon Backplane
2674#
2675CONFIG_SSB=m
2676CONFIG_SSB_SPROM=y
2677CONFIG_SSB_BLOCKIO=y
2678CONFIG_SSB_PCIHOST_POSSIBLE=y
2679CONFIG_SSB_PCIHOST=y
2680CONFIG_SSB_B43_PCI_BRIDGE=y
2681CONFIG_SSB_PCMCIAHOST_POSSIBLE=y
2682CONFIG_SSB_PCMCIAHOST=y
2683CONFIG_SSB_SDIOHOST_POSSIBLE=y
2684CONFIG_SSB_SDIOHOST=y
2685# CONFIG_SSB_SILENT is not set
2686# CONFIG_SSB_DEBUG is not set
2687CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y
2688CONFIG_SSB_DRIVER_PCICORE=y
2689
2690#
2691# Multifunction device drivers
2692#
2693CONFIG_MFD_CORE=m
2694CONFIG_MFD_SM501=m
2695# CONFIG_MFD_SM501_GPIO is not set
2696CONFIG_HTC_PASIC3=m
2697CONFIG_UCB1400_CORE=m
2698CONFIG_TPS65010=m
2699# CONFIG_MFD_TMIO is not set
2700CONFIG_MFD_WM8400=m
2701# CONFIG_MFD_WM831X is not set
2702CONFIG_MFD_WM8350=m
2703CONFIG_MFD_WM8350_I2C=m
2704CONFIG_MFD_PCF50633=m
2705# CONFIG_MFD_MC13783 is not set
2706CONFIG_PCF50633_ADC=m
2707CONFIG_PCF50633_GPIO=m
2708CONFIG_AB3100_CORE=m
2709CONFIG_AB3100_OTP=m
2710# CONFIG_EZX_PCAP is not set
2711CONFIG_REGULATOR=y
2712# CONFIG_REGULATOR_DEBUG is not set
2713# CONFIG_REGULATOR_FIXED_VOLTAGE is not set
2714CONFIG_REGULATOR_VIRTUAL_CONSUMER=m
2715CONFIG_REGULATOR_USERSPACE_CONSUMER=m
2716CONFIG_REGULATOR_BQ24022=m
2717CONFIG_REGULATOR_MAX1586=m
2718CONFIG_REGULATOR_WM8350=m
2719CONFIG_REGULATOR_WM8400=m
2720CONFIG_REGULATOR_PCF50633=m
2721CONFIG_REGULATOR_LP3971=m
2722CONFIG_REGULATOR_AB3100=m
2723# CONFIG_REGULATOR_TPS65023 is not set
2724# CONFIG_REGULATOR_TPS6507X is not set
2725CONFIG_MEDIA_SUPPORT=m
2726
2727#
2728# Multimedia core support
2729#
2730CONFIG_VIDEO_DEV=m
2731CONFIG_VIDEO_V4L2_COMMON=m
2732# CONFIG_VIDEO_ALLOW_V4L1 is not set
2733CONFIG_VIDEO_V4L1_COMPAT=y
2734CONFIG_DVB_CORE=m
2735CONFIG_VIDEO_MEDIA=m
2736
2737#
2738# Multimedia drivers
2739#
2740CONFIG_VIDEO_SAA7146=m
2741CONFIG_VIDEO_SAA7146_VV=m
2742# CONFIG_MEDIA_ATTACH is not set
2743CONFIG_MEDIA_TUNER=m
2744# CONFIG_MEDIA_TUNER_CUSTOMISE is not set
2745CONFIG_MEDIA_TUNER_SIMPLE=m
2746CONFIG_MEDIA_TUNER_TDA8290=m
2747CONFIG_MEDIA_TUNER_TDA827X=m
2748CONFIG_MEDIA_TUNER_TDA18271=m
2749CONFIG_MEDIA_TUNER_TDA9887=m
2750CONFIG_MEDIA_TUNER_TEA5761=m
2751CONFIG_MEDIA_TUNER_TEA5767=m
2752CONFIG_MEDIA_TUNER_MT20XX=m
2753CONFIG_MEDIA_TUNER_MT2060=m
2754CONFIG_MEDIA_TUNER_MT2266=m
2755CONFIG_MEDIA_TUNER_MT2131=m
2756CONFIG_MEDIA_TUNER_QT1010=m
2757CONFIG_MEDIA_TUNER_XC2028=m
2758CONFIG_MEDIA_TUNER_XC5000=m
2759CONFIG_MEDIA_TUNER_MXL5005S=m
2760CONFIG_MEDIA_TUNER_MXL5007T=m
2761CONFIG_MEDIA_TUNER_MC44S803=m
2762CONFIG_VIDEO_V4L2=m
2763CONFIG_VIDEOBUF_GEN=m
2764CONFIG_VIDEOBUF_DMA_SG=m
2765CONFIG_VIDEOBUF_VMALLOC=m
2766CONFIG_VIDEOBUF_DVB=m
2767CONFIG_VIDEO_BTCX=m
2768CONFIG_VIDEO_IR=m
2769CONFIG_VIDEO_TVEEPROM=m
2770CONFIG_VIDEO_TUNER=m
2771CONFIG_VIDEO_CAPTURE_DRIVERS=y
2772# CONFIG_VIDEO_ADV_DEBUG is not set
2773# CONFIG_VIDEO_FIXED_MINOR_RANGES is not set
2774# CONFIG_VIDEO_HELPER_CHIPS_AUTO is not set
2775CONFIG_VIDEO_IR_I2C=m
2776
2777#
2778# Encoders/decoders and other helper chips
2779#
2780
2781#
2782# Audio decoders
2783#
2784CONFIG_VIDEO_TVAUDIO=m
2785CONFIG_VIDEO_TDA7432=m
2786CONFIG_VIDEO_TDA9840=m
2787CONFIG_VIDEO_TDA9875=m
2788CONFIG_VIDEO_TEA6415C=m
2789CONFIG_VIDEO_TEA6420=m
2790CONFIG_VIDEO_MSP3400=m
2791CONFIG_VIDEO_CS5345=m
2792CONFIG_VIDEO_CS53L32A=m
2793CONFIG_VIDEO_M52790=m
2794CONFIG_VIDEO_TLV320AIC23B=m
2795CONFIG_VIDEO_WM8775=m
2796CONFIG_VIDEO_WM8739=m
2797CONFIG_VIDEO_VP27SMPX=m
2798
2799#
2800# RDS decoders
2801#
2802CONFIG_VIDEO_SAA6588=m
2803
2804#
2805# Video decoders
2806#
2807# CONFIG_VIDEO_ADV7180 is not set
2808CONFIG_VIDEO_BT819=m
2809CONFIG_VIDEO_BT856=m
2810CONFIG_VIDEO_BT866=m
2811CONFIG_VIDEO_KS0127=m
2812CONFIG_VIDEO_OV7670=m
2813CONFIG_VIDEO_MT9V011=m
2814CONFIG_VIDEO_TCM825X=m
2815CONFIG_VIDEO_SAA7110=m
2816CONFIG_VIDEO_SAA711X=m
2817CONFIG_VIDEO_SAA717X=m
2818CONFIG_VIDEO_TVP514X=m
2819CONFIG_VIDEO_TVP5150=m
2820CONFIG_VIDEO_VPX3220=m
2821
2822#
2823# Video and audio decoders
2824#
2825CONFIG_VIDEO_CX25840=m
2826
2827#
2828# MPEG video encoders
2829#
2830CONFIG_VIDEO_CX2341X=m
2831
2832#
2833# Video encoders
2834#
2835CONFIG_VIDEO_SAA7127=m
2836CONFIG_VIDEO_SAA7185=m
2837CONFIG_VIDEO_ADV7170=m
2838CONFIG_VIDEO_ADV7175=m
2839CONFIG_VIDEO_THS7303=m
2840CONFIG_VIDEO_ADV7343=m
2841
2842#
2843# Video improvement chips
2844#
2845CONFIG_VIDEO_UPD64031A=m
2846CONFIG_VIDEO_UPD64083=m
2847CONFIG_VIDEO_VIVI=m
2848CONFIG_VIDEO_BT848=m
2849CONFIG_VIDEO_BT848_DVB=y
2850CONFIG_VIDEO_SAA5246A=m
2851CONFIG_VIDEO_SAA5249=m
2852CONFIG_VIDEO_ZORAN=m
2853CONFIG_VIDEO_ZORAN_DC30=m
2854CONFIG_VIDEO_ZORAN_ZR36060=m
2855CONFIG_VIDEO_ZORAN_BUZ=m
2856CONFIG_VIDEO_ZORAN_DC10=m
2857CONFIG_VIDEO_ZORAN_LML33=m
2858CONFIG_VIDEO_ZORAN_LML33R10=m
2859CONFIG_VIDEO_ZORAN_AVS6EYES=m
2860CONFIG_VIDEO_SAA7134=m
2861CONFIG_VIDEO_SAA7134_ALSA=m
2862CONFIG_VIDEO_SAA7134_DVB=m
2863CONFIG_VIDEO_HEXIUM_ORION=m
2864CONFIG_VIDEO_HEXIUM_GEMINI=m
2865CONFIG_VIDEO_CX88=m
2866CONFIG_VIDEO_CX88_ALSA=m
2867CONFIG_VIDEO_CX88_BLACKBIRD=m
2868CONFIG_VIDEO_CX88_DVB=m
2869CONFIG_VIDEO_CX88_MPEG=m
2870CONFIG_VIDEO_CX88_VP3054=m
2871CONFIG_VIDEO_CX23885=m
2872CONFIG_VIDEO_AU0828=m
2873CONFIG_VIDEO_IVTV=m
2874CONFIG_VIDEO_FB_IVTV=m
2875CONFIG_VIDEO_CX18=m
2876CONFIG_VIDEO_SAA7164=m
2877CONFIG_VIDEO_CAFE_CCIC=m
2878CONFIG_SOC_CAMERA=m
2879CONFIG_SOC_CAMERA_MT9M001=m
2880CONFIG_SOC_CAMERA_MT9M111=m
2881CONFIG_SOC_CAMERA_MT9T031=m
2882CONFIG_SOC_CAMERA_MT9V022=m
2883CONFIG_SOC_CAMERA_TW9910=m
2884CONFIG_SOC_CAMERA_PLATFORM=m
2885CONFIG_SOC_CAMERA_OV772X=m
2886CONFIG_V4L_USB_DRIVERS=y
2887CONFIG_USB_VIDEO_CLASS=m
2888CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y
2889CONFIG_USB_GSPCA=m
2890CONFIG_USB_M5602=m
2891CONFIG_USB_STV06XX=m
2892CONFIG_USB_GL860=m
2893CONFIG_USB_GSPCA_CONEX=m
2894CONFIG_USB_GSPCA_ETOMS=m
2895CONFIG_USB_GSPCA_FINEPIX=m
2896CONFIG_USB_GSPCA_JEILINJ=m
2897CONFIG_USB_GSPCA_MARS=m
2898CONFIG_USB_GSPCA_MR97310A=m
2899CONFIG_USB_GSPCA_OV519=m
2900CONFIG_USB_GSPCA_OV534=m
2901CONFIG_USB_GSPCA_PAC207=m
2902CONFIG_USB_GSPCA_PAC7311=m
2903CONFIG_USB_GSPCA_SN9C20X=m
2904CONFIG_USB_GSPCA_SN9C20X_EVDEV=y
2905CONFIG_USB_GSPCA_SONIXB=m
2906CONFIG_USB_GSPCA_SONIXJ=m
2907CONFIG_USB_GSPCA_SPCA500=m
2908CONFIG_USB_GSPCA_SPCA501=m
2909CONFIG_USB_GSPCA_SPCA505=m
2910CONFIG_USB_GSPCA_SPCA506=m
2911CONFIG_USB_GSPCA_SPCA508=m
2912CONFIG_USB_GSPCA_SPCA561=m
2913CONFIG_USB_GSPCA_SQ905=m
2914CONFIG_USB_GSPCA_SQ905C=m
2915CONFIG_USB_GSPCA_STK014=m
2916CONFIG_USB_GSPCA_SUNPLUS=m
2917CONFIG_USB_GSPCA_T613=m
2918CONFIG_USB_GSPCA_TV8532=m
2919CONFIG_USB_GSPCA_VC032X=m
2920CONFIG_USB_GSPCA_ZC3XX=m
2921CONFIG_VIDEO_PVRUSB2=m
2922CONFIG_VIDEO_PVRUSB2_SYSFS=y
2923CONFIG_VIDEO_PVRUSB2_DVB=y
2924# CONFIG_VIDEO_PVRUSB2_DEBUGIFC is not set
2925CONFIG_VIDEO_HDPVR=m
2926CONFIG_VIDEO_EM28XX=m
2927CONFIG_VIDEO_EM28XX_ALSA=m
2928CONFIG_VIDEO_EM28XX_DVB=m
2929CONFIG_VIDEO_CX231XX=m
2930CONFIG_VIDEO_CX231XX_ALSA=m
2931CONFIG_VIDEO_CX231XX_DVB=m
2932CONFIG_VIDEO_USBVISION=m
2933CONFIG_USB_ET61X251=m
2934CONFIG_USB_SN9C102=m
2935CONFIG_USB_ZC0301=m
2936CONFIG_USB_PWC_INPUT_EVDEV=y
2937CONFIG_USB_ZR364XX=m
2938CONFIG_USB_STKWEBCAM=m
2939CONFIG_USB_S2255=m
2940CONFIG_RADIO_ADAPTERS=y
2941CONFIG_RADIO_CADET=m
2942CONFIG_RADIO_RTRACK=m
2943CONFIG_RADIO_RTRACK2=m
2944CONFIG_RADIO_AZTECH=m
2945CONFIG_RADIO_GEMTEK=m
2946CONFIG_RADIO_GEMTEK_PCI=m
2947CONFIG_RADIO_MAXIRADIO=m
2948CONFIG_RADIO_MAESTRO=m
2949CONFIG_RADIO_SF16FMI=m
2950CONFIG_RADIO_SF16FMR2=m
2951CONFIG_RADIO_TERRATEC=m
2952CONFIG_RADIO_TRUST=m
2953CONFIG_RADIO_TYPHOON=m
2954CONFIG_RADIO_ZOLTRIX=m
2955# CONFIG_I2C_SI4713 is not set
2956# CONFIG_RADIO_SI4713 is not set
2957CONFIG_USB_DSBR=m
2958# CONFIG_RADIO_SI470X is not set
2959CONFIG_USB_MR800=m
2960CONFIG_RADIO_TEA5764=m
2961CONFIG_DVB_MAX_ADAPTERS=8
2962# CONFIG_DVB_DYNAMIC_MINORS is not set
2963CONFIG_DVB_CAPTURE_DRIVERS=y
2964
2965#
2966# Supported SAA7146 based PCI Adapters
2967#
2968CONFIG_TTPCI_EEPROM=m
2969CONFIG_DVB_AV7110=m
2970CONFIG_DVB_AV7110_OSD=y
2971CONFIG_DVB_BUDGET_CORE=m
2972CONFIG_DVB_BUDGET=m
2973CONFIG_DVB_BUDGET_CI=m
2974CONFIG_DVB_BUDGET_AV=m
2975CONFIG_DVB_BUDGET_PATCH=m
2976
2977#
2978# Supported USB Adapters
2979#
2980CONFIG_DVB_USB=m
2981# CONFIG_DVB_USB_DEBUG is not set
2982CONFIG_DVB_USB_A800=m
2983CONFIG_DVB_USB_DIBUSB_MB=m
2984# CONFIG_DVB_USB_DIBUSB_MB_FAULTY is not set
2985CONFIG_DVB_USB_DIBUSB_MC=m
2986CONFIG_DVB_USB_DIB0700=m
2987CONFIG_DVB_USB_UMT_010=m
2988CONFIG_DVB_USB_CXUSB=m
2989CONFIG_DVB_USB_M920X=m
2990CONFIG_DVB_USB_GL861=m
2991CONFIG_DVB_USB_AU6610=m
2992CONFIG_DVB_USB_DIGITV=m
2993CONFIG_DVB_USB_VP7045=m
2994CONFIG_DVB_USB_VP702X=m
2995CONFIG_DVB_USB_GP8PSK=m
2996CONFIG_DVB_USB_NOVA_T_USB2=m
2997CONFIG_DVB_USB_TTUSB2=m
2998CONFIG_DVB_USB_DTT200U=m
2999CONFIG_DVB_USB_OPERA1=m
3000CONFIG_DVB_USB_AF9005=m
3001CONFIG_DVB_USB_AF9005_REMOTE=m
3002CONFIG_DVB_USB_DW2102=m
3003CONFIG_DVB_USB_CINERGY_T2=m
3004CONFIG_DVB_USB_ANYSEE=m
3005CONFIG_DVB_USB_DTV5100=m
3006CONFIG_DVB_USB_AF9015=m
3007CONFIG_DVB_USB_CE6230=m
3008# CONFIG_DVB_USB_FRIIO is not set
3009CONFIG_DVB_TTUSB_BUDGET=m
3010CONFIG_DVB_TTUSB_DEC=m
3011CONFIG_SMS_SIANO_MDTV=m
3012
3013#
3014# Siano module components
3015#
3016CONFIG_SMS_USB_DRV=m
3017CONFIG_SMS_SDIO_DRV=m
3018
3019#
3020# Supported FlexCopII (B2C2) Adapters
3021#
3022CONFIG_DVB_B2C2_FLEXCOP=m
3023CONFIG_DVB_B2C2_FLEXCOP_PCI=m
3024CONFIG_DVB_B2C2_FLEXCOP_USB=m
3025# CONFIG_DVB_B2C2_FLEXCOP_DEBUG is not set
3026
3027#
3028# Supported BT878 Adapters
3029#
3030CONFIG_DVB_BT8XX=m
3031
3032#
3033# Supported Pluto2 Adapters
3034#
3035CONFIG_DVB_PLUTO2=m
3036
3037#
3038# Supported SDMC DM1105 Adapters
3039#
3040CONFIG_DVB_DM1105=m
3041
3042#
3043# Supported FireWire (IEEE 1394) Adapters
3044#
3045CONFIG_DVB_FIREDTV=m
3046CONFIG_DVB_FIREDTV_IEEE1394=y
3047CONFIG_DVB_FIREDTV_INPUT=y
3048
3049#
3050# Supported Earthsoft PT1 Adapters
3051#
3052# CONFIG_DVB_PT1 is not set
3053
3054#
3055# Supported DVB Frontends
3056#
3057# CONFIG_DVB_FE_CUSTOMISE is not set
3058CONFIG_DVB_STB0899=m
3059CONFIG_DVB_STB6100=m
3060CONFIG_DVB_CX24110=m
3061CONFIG_DVB_CX24123=m
3062CONFIG_DVB_MT312=m
3063CONFIG_DVB_ZL10036=m
3064CONFIG_DVB_ZL10039=m
3065CONFIG_DVB_S5H1420=m
3066CONFIG_DVB_STV0288=m
3067CONFIG_DVB_STB6000=m
3068CONFIG_DVB_STV0299=m
3069CONFIG_DVB_STV6110=m
3070CONFIG_DVB_STV0900=m
3071CONFIG_DVB_TDA8083=m
3072CONFIG_DVB_TDA10086=m
3073CONFIG_DVB_TDA8261=m
3074CONFIG_DVB_VES1X93=m
3075CONFIG_DVB_TUNER_ITD1000=m
3076CONFIG_DVB_TUNER_CX24113=m
3077CONFIG_DVB_TDA826X=m
3078CONFIG_DVB_TUA6100=m
3079CONFIG_DVB_CX24116=m
3080CONFIG_DVB_SI21XX=m
3081CONFIG_DVB_SP8870=m
3082CONFIG_DVB_SP887X=m
3083CONFIG_DVB_CX22700=m
3084CONFIG_DVB_CX22702=m
3085CONFIG_DVB_L64781=m
3086CONFIG_DVB_TDA1004X=m
3087CONFIG_DVB_NXT6000=m
3088CONFIG_DVB_MT352=m
3089CONFIG_DVB_ZL10353=m
3090CONFIG_DVB_DIB3000MB=m
3091CONFIG_DVB_DIB3000MC=m
3092CONFIG_DVB_DIB7000M=m
3093CONFIG_DVB_DIB7000P=m
3094CONFIG_DVB_TDA10048=m
3095CONFIG_DVB_AF9013=m
3096CONFIG_DVB_VES1820=m
3097CONFIG_DVB_TDA10021=m
3098CONFIG_DVB_TDA10023=m
3099CONFIG_DVB_STV0297=m
3100CONFIG_DVB_NXT200X=m
3101CONFIG_DVB_OR51211=m
3102CONFIG_DVB_OR51132=m
3103CONFIG_DVB_BCM3510=m
3104CONFIG_DVB_LGDT330X=m
3105CONFIG_DVB_LGDT3305=m
3106CONFIG_DVB_S5H1409=m
3107CONFIG_DVB_AU8522=m
3108CONFIG_DVB_S5H1411=m
3109CONFIG_DVB_DIB8000=m
3110CONFIG_DVB_PLL=m
3111CONFIG_DVB_TUNER_DIB0070=m
3112CONFIG_DVB_LNBP21=m
3113CONFIG_DVB_ISL6405=m
3114CONFIG_DVB_ISL6421=m
3115CONFIG_DVB_LGS8GL5=m
3116CONFIG_DAB=y
3117CONFIG_USB_DABUSB=m
3118
3119#
3120# Graphics support
3121#
3122CONFIG_AGP=m
3123CONFIG_AGP_ALI=m
3124CONFIG_AGP_ATI=m
3125CONFIG_AGP_AMD=m
3126CONFIG_AGP_AMD64=m
3127CONFIG_AGP_INTEL=m
3128CONFIG_AGP_NVIDIA=m
3129CONFIG_AGP_SIS=m
3130CONFIG_AGP_SWORKS=m
3131CONFIG_AGP_VIA=m
3132CONFIG_AGP_EFFICEON=m
3133# CONFIG_VGA_ARB is not set
3134CONFIG_DRM=m
3135CONFIG_DRM_KMS_HELPER=m
3136CONFIG_DRM_TTM=m
3137CONFIG_DRM_TDFX=m
3138CONFIG_DRM_R128=m
3139CONFIG_DRM_RADEON=m
3140CONFIG_DRM_I810=m
3141CONFIG_DRM_I830=m
3142CONFIG_DRM_I915=m
3143# CONFIG_DRM_I915_KMS is not set
3144CONFIG_DRM_MGA=m
3145CONFIG_DRM_SIS=m
3146CONFIG_DRM_VIA=m
3147CONFIG_DRM_SAVAGE=m
3148CONFIG_VGASTATE=m
3149CONFIG_VIDEO_OUTPUT_CONTROL=m
3150CONFIG_FB=m
3151# CONFIG_FIRMWARE_EDID is not set
3152CONFIG_FB_DDC=m
3153# CONFIG_FB_BOOT_VESA_SUPPORT is not set
3154CONFIG_FB_CFB_FILLRECT=m
3155CONFIG_FB_CFB_COPYAREA=m
3156CONFIG_FB_CFB_IMAGEBLIT=m
3157# CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set
3158CONFIG_FB_SYS_FILLRECT=m
3159CONFIG_FB_SYS_COPYAREA=m
3160CONFIG_FB_SYS_IMAGEBLIT=m
3161# CONFIG_FB_FOREIGN_ENDIAN is not set
3162CONFIG_FB_SYS_FOPS=m
3163CONFIG_FB_DEFERRED_IO=y
3164CONFIG_FB_HECUBA=m
3165CONFIG_FB_SVGALIB=m
3166# CONFIG_FB_MACMODES is not set
3167CONFIG_FB_BACKLIGHT=y
3168CONFIG_FB_MODE_HELPERS=y
3169CONFIG_FB_TILEBLITTING=y
3170
3171#
3172# Frame buffer hardware drivers
3173#
3174CONFIG_FB_CIRRUS=m
3175CONFIG_FB_PM2=m
3176CONFIG_FB_PM2_FIFO_DISCONNECT=y
3177CONFIG_FB_CYBER2000=m
3178CONFIG_FB_ARC=m
3179CONFIG_FB_VGA16=m
3180CONFIG_FB_UVESA=m
3181CONFIG_FB_N411=m
3182CONFIG_FB_HGA=m
3183# CONFIG_FB_HGA_ACCEL is not set
3184CONFIG_FB_S1D13XXX=m
3185CONFIG_FB_NVIDIA=m
3186CONFIG_FB_NVIDIA_I2C=y
3187# CONFIG_FB_NVIDIA_DEBUG is not set
3188CONFIG_FB_NVIDIA_BACKLIGHT=y
3189CONFIG_FB_RIVA=m
3190CONFIG_FB_RIVA_I2C=y
3191# CONFIG_FB_RIVA_DEBUG is not set
3192CONFIG_FB_RIVA_BACKLIGHT=y
3193CONFIG_FB_I810=m
3194CONFIG_FB_I810_GTF=y
3195CONFIG_FB_I810_I2C=y
3196CONFIG_FB_LE80578=m
3197CONFIG_FB_CARILLO_RANCH=m
3198CONFIG_FB_INTEL=m
3199# CONFIG_FB_INTEL_DEBUG is not set
3200CONFIG_FB_INTEL_I2C=y
3201CONFIG_FB_MATROX=m
3202CONFIG_FB_MATROX_MILLENIUM=y
3203CONFIG_FB_MATROX_MYSTIQUE=y
3204CONFIG_FB_MATROX_G=y
3205CONFIG_FB_MATROX_I2C=m
3206CONFIG_FB_MATROX_MAVEN=m
3207CONFIG_FB_RADEON=m
3208CONFIG_FB_RADEON_I2C=y
3209CONFIG_FB_RADEON_BACKLIGHT=y
3210# CONFIG_FB_RADEON_DEBUG is not set
3211CONFIG_FB_ATY128=m
3212CONFIG_FB_ATY128_BACKLIGHT=y
3213CONFIG_FB_ATY=m
3214CONFIG_FB_ATY_CT=y
3215CONFIG_FB_ATY_GENERIC_LCD=y
3216CONFIG_FB_ATY_GX=y
3217CONFIG_FB_ATY_BACKLIGHT=y
3218CONFIG_FB_S3=m
3219CONFIG_FB_SAVAGE=m
3220CONFIG_FB_SAVAGE_I2C=y
3221CONFIG_FB_SAVAGE_ACCEL=y
3222CONFIG_FB_SIS=m
3223CONFIG_FB_SIS_300=y
3224CONFIG_FB_SIS_315=y
3225CONFIG_FB_VIA=m
3226CONFIG_FB_NEOMAGIC=m
3227CONFIG_FB_KYRO=m
3228CONFIG_FB_3DFX=m
3229CONFIG_FB_3DFX_ACCEL=y
3230CONFIG_FB_3DFX_I2C=y
3231CONFIG_FB_VOODOO1=m
3232CONFIG_FB_VT8623=m
3233CONFIG_FB_TRIDENT=m
3234CONFIG_FB_ARK=m
3235CONFIG_FB_PM3=m
3236CONFIG_FB_CARMINE=m
3237CONFIG_FB_CARMINE_DRAM_EVAL=y
3238# CONFIG_CARMINE_DRAM_CUSTOM is not set
3239CONFIG_FB_GEODE=y
3240CONFIG_FB_GEODE_LX=m
3241CONFIG_FB_GEODE_GX=m
3242CONFIG_FB_GEODE_GX1=m
3243CONFIG_FB_TMIO=m
3244CONFIG_FB_TMIO_ACCELL=y
3245CONFIG_FB_SM501=m
3246# CONFIG_FB_VIRTUAL is not set
3247CONFIG_FB_METRONOME=m
3248CONFIG_FB_MB862XX=m
3249# CONFIG_FB_MB862XX_PCI_GDC is not set
3250CONFIG_FB_BROADSHEET=m
3251CONFIG_BACKLIGHT_LCD_SUPPORT=y
3252CONFIG_LCD_CLASS_DEVICE=m
3253CONFIG_LCD_LMS283GF05=m
3254CONFIG_LCD_LTV350QV=m
3255CONFIG_LCD_ILI9320=m
3256CONFIG_LCD_TDO24M=m
3257CONFIG_LCD_VGG2432A4=m
3258CONFIG_LCD_PLATFORM=m
3259CONFIG_BACKLIGHT_CLASS_DEVICE=m
3260CONFIG_BACKLIGHT_GENERIC=m
3261CONFIG_BACKLIGHT_PROGEAR=m
3262CONFIG_BACKLIGHT_CARILLO_RANCH=m
3263CONFIG_BACKLIGHT_MBP_NVIDIA=m
3264CONFIG_BACKLIGHT_SAHARA=m
3265
3266#
3267# Display device support
3268#
3269CONFIG_DISPLAY_SUPPORT=m
3270
3271#
3272# Display hardware drivers
3273#
3274
3275#
3276# Console display driver support
3277#
3278CONFIG_VGA_CONSOLE=y
3279# CONFIG_VGACON_SOFT_SCROLLBACK is not set
3280CONFIG_MDA_CONSOLE=m
3281CONFIG_DUMMY_CONSOLE=y
3282CONFIG_FRAMEBUFFER_CONSOLE=m
3283CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
3284CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
3285# CONFIG_FONTS is not set
3286CONFIG_FONT_8x8=y
3287CONFIG_FONT_8x16=y
3288# CONFIG_LOGO is not set
3289CONFIG_SOUND=m
3290CONFIG_SOUND_OSS_CORE=y
3291CONFIG_SOUND_OSS_CORE_PRECLAIM=y
3292CONFIG_SND=m
3293CONFIG_SND_TIMER=m
3294CONFIG_SND_PCM=m
3295CONFIG_SND_HWDEP=m
3296CONFIG_SND_RAWMIDI=m
3297CONFIG_SND_JACK=y
3298CONFIG_SND_SEQUENCER=m
3299CONFIG_SND_SEQ_DUMMY=m
3300CONFIG_SND_OSSEMUL=y
3301CONFIG_SND_MIXER_OSS=m
3302CONFIG_SND_PCM_OSS=m
3303CONFIG_SND_PCM_OSS_PLUGINS=y
3304CONFIG_SND_SEQUENCER_OSS=y
3305CONFIG_SND_HRTIMER=m
3306CONFIG_SND_SEQ_HRTIMER_DEFAULT=y
3307CONFIG_SND_DYNAMIC_MINORS=y
3308# CONFIG_SND_SUPPORT_OLD_API is not set
3309# CONFIG_SND_VERBOSE_PROCFS is not set
3310# CONFIG_SND_VERBOSE_PRINTK is not set
3311# CONFIG_SND_DEBUG is not set
3312CONFIG_SND_VMASTER=y
3313CONFIG_SND_DMA_SGBUF=y
3314CONFIG_SND_RAWMIDI_SEQ=m
3315CONFIG_SND_OPL3_LIB_SEQ=m
3316CONFIG_SND_OPL4_LIB_SEQ=m
3317CONFIG_SND_SBAWE_SEQ=m
3318CONFIG_SND_EMU10K1_SEQ=m
3319CONFIG_SND_MPU401_UART=m
3320CONFIG_SND_OPL3_LIB=m
3321CONFIG_SND_OPL4_LIB=m
3322CONFIG_SND_VX_LIB=m
3323CONFIG_SND_AC97_CODEC=m
3324CONFIG_SND_DRIVERS=y
3325CONFIG_SND_PCSP=m
3326CONFIG_SND_DUMMY=m
3327CONFIG_SND_VIRMIDI=m
3328CONFIG_SND_MTPAV=m
3329CONFIG_SND_MTS64=m
3330CONFIG_SND_SERIAL_U16550=m
3331CONFIG_SND_MPU401=m
3332CONFIG_SND_PORTMAN2X4=m
3333CONFIG_SND_AC97_POWER_SAVE=y
3334CONFIG_SND_AC97_POWER_SAVE_DEFAULT=0
3335CONFIG_SND_WSS_LIB=m
3336CONFIG_SND_SB_COMMON=m
3337CONFIG_SND_SB8_DSP=m
3338CONFIG_SND_SB16_DSP=m
3339CONFIG_SND_ISA=y
3340CONFIG_SND_ADLIB=m
3341CONFIG_SND_AD1816A=m
3342CONFIG_SND_AD1848=m
3343CONFIG_SND_ALS100=m
3344CONFIG_SND_AZT2320=m
3345CONFIG_SND_CMI8330=m
3346CONFIG_SND_CS4231=m
3347CONFIG_SND_CS4236=m
3348CONFIG_SND_DT019X=m
3349CONFIG_SND_ES968=m
3350CONFIG_SND_ES1688=m
3351CONFIG_SND_ES18XX=m
3352CONFIG_SND_SC6000=m
3353CONFIG_SND_GUSCLASSIC=m
3354CONFIG_SND_GUSEXTREME=m
3355CONFIG_SND_GUSMAX=m
3356CONFIG_SND_INTERWAVE=m
3357CONFIG_SND_INTERWAVE_STB=m
3358CONFIG_SND_OPL3SA2=m
3359CONFIG_SND_OPTI92X_AD1848=m
3360CONFIG_SND_OPTI92X_CS4231=m
3361CONFIG_SND_OPTI93X=m
3362CONFIG_SND_MIRO=m
3363CONFIG_SND_SB8=m
3364CONFIG_SND_SB16=m
3365CONFIG_SND_SBAWE=m
3366CONFIG_SND_SB16_CSP=y
3367CONFIG_SND_SGALAXY=m
3368CONFIG_SND_SSCAPE=m
3369CONFIG_SND_WAVEFRONT=m
3370CONFIG_SND_MSND_PINNACLE=m
3371CONFIG_SND_MSND_CLASSIC=m
3372CONFIG_SND_PCI=y
3373CONFIG_SND_AD1889=m
3374CONFIG_SND_ALS300=m
3375CONFIG_SND_ALS4000=m
3376CONFIG_SND_ALI5451=m
3377CONFIG_SND_ATIIXP=m
3378CONFIG_SND_ATIIXP_MODEM=m
3379CONFIG_SND_AU8810=m
3380CONFIG_SND_AU8820=m
3381CONFIG_SND_AU8830=m
3382CONFIG_SND_AW2=m
3383CONFIG_SND_AZT3328=m
3384CONFIG_SND_BT87X=m
3385# CONFIG_SND_BT87X_OVERCLOCK is not set
3386CONFIG_SND_CA0106=m
3387CONFIG_SND_CMIPCI=m
3388CONFIG_SND_OXYGEN_LIB=m
3389CONFIG_SND_OXYGEN=m
3390CONFIG_SND_CS4281=m
3391CONFIG_SND_CS46XX=m
3392CONFIG_SND_CS46XX_NEW_DSP=y
3393CONFIG_SND_CS5530=m
3394CONFIG_SND_CS5535AUDIO=m
3395CONFIG_SND_CTXFI=m
3396CONFIG_SND_DARLA20=m
3397CONFIG_SND_GINA20=m
3398CONFIG_SND_LAYLA20=m
3399CONFIG_SND_DARLA24=m
3400CONFIG_SND_GINA24=m
3401CONFIG_SND_LAYLA24=m
3402CONFIG_SND_MONA=m
3403CONFIG_SND_MIA=m
3404CONFIG_SND_ECHO3G=m
3405CONFIG_SND_INDIGO=m
3406CONFIG_SND_INDIGOIO=m
3407CONFIG_SND_INDIGODJ=m
3408CONFIG_SND_INDIGOIOX=m
3409CONFIG_SND_INDIGODJX=m
3410CONFIG_SND_EMU10K1=m
3411CONFIG_SND_EMU10K1X=m
3412CONFIG_SND_ENS1370=m
3413CONFIG_SND_ENS1371=m
3414CONFIG_SND_ES1938=m
3415CONFIG_SND_ES1968=m
3416CONFIG_SND_FM801=m
3417# CONFIG_SND_FM801_TEA575X_BOOL is not set
3418CONFIG_SND_HDA_INTEL=m
3419CONFIG_SND_HDA_HWDEP=y
3420# CONFIG_SND_HDA_RECONFIG is not set
3421CONFIG_SND_HDA_INPUT_BEEP=y
3422CONFIG_SND_HDA_INPUT_JACK=y
3423# CONFIG_SND_HDA_PATCH_LOADER is not set
3424CONFIG_SND_HDA_CODEC_REALTEK=y
3425CONFIG_SND_HDA_CODEC_ANALOG=y
3426CONFIG_SND_HDA_CODEC_SIGMATEL=y
3427CONFIG_SND_HDA_CODEC_VIA=y
3428CONFIG_SND_HDA_CODEC_ATIHDMI=y
3429CONFIG_SND_HDA_CODEC_NVHDMI=y
3430CONFIG_SND_HDA_CODEC_INTELHDMI=y
3431CONFIG_SND_HDA_ELD=y
3432CONFIG_SND_HDA_CODEC_CIRRUS=y
3433CONFIG_SND_HDA_CODEC_CONEXANT=y
3434CONFIG_SND_HDA_CODEC_CA0110=y
3435CONFIG_SND_HDA_CODEC_CMEDIA=y
3436CONFIG_SND_HDA_CODEC_SI3054=y
3437CONFIG_SND_HDA_GENERIC=y
3438# CONFIG_SND_HDA_POWER_SAVE is not set
3439CONFIG_SND_HDSP=m
3440CONFIG_SND_HDSPM=m
3441CONFIG_SND_HIFIER=m
3442CONFIG_SND_ICE1712=m
3443CONFIG_SND_ICE1724=m
3444CONFIG_SND_INTEL8X0=m
3445CONFIG_SND_INTEL8X0M=m
3446CONFIG_SND_KORG1212=m
3447CONFIG_SND_LX6464ES=m
3448CONFIG_SND_MAESTRO3=m
3449CONFIG_SND_MIXART=m
3450CONFIG_SND_NM256=m
3451CONFIG_SND_PCXHR=m
3452CONFIG_SND_RIPTIDE=m
3453CONFIG_SND_RME32=m
3454CONFIG_SND_RME96=m
3455CONFIG_SND_RME9652=m
3456CONFIG_SND_SIS7019=m
3457CONFIG_SND_SONICVIBES=m
3458CONFIG_SND_TRIDENT=m
3459CONFIG_SND_VIA82XX=m
3460CONFIG_SND_VIA82XX_MODEM=m
3461CONFIG_SND_VIRTUOSO=m
3462CONFIG_SND_VX222=m
3463CONFIG_SND_YMFPCI=m
3464CONFIG_SND_SPI=y
3465CONFIG_SND_USB=y
3466CONFIG_SND_USB_AUDIO=m
3467CONFIG_SND_USB_USX2Y=m
3468CONFIG_SND_USB_CAIAQ=m
3469# CONFIG_SND_USB_CAIAQ_INPUT is not set
3470CONFIG_SND_USB_US122L=m
3471CONFIG_SND_PCMCIA=y
3472CONFIG_SND_VXPOCKET=m
3473CONFIG_SND_PDAUDIOCF=m
3474CONFIG_SND_SOC=m
3475CONFIG_SND_SOC_I2C_AND_SPI=m
3476CONFIG_SND_SOC_ALL_CODECS=m
3477CONFIG_SND_SOC_WM_HUBS=m
3478CONFIG_SND_SOC_AD1836=m
3479CONFIG_SND_SOC_AD1938=m
3480CONFIG_SND_SOC_AD73311=m
3481CONFIG_SND_SOC_AK4104=m
3482CONFIG_SND_SOC_AK4535=m
3483CONFIG_SND_SOC_AK4642=m
3484CONFIG_SND_SOC_CS4270=m
3485CONFIG_SND_SOC_L3=m
3486CONFIG_SND_SOC_PCM3008=m
3487CONFIG_SND_SOC_SPDIF=m
3488CONFIG_SND_SOC_SSM2602=m
3489CONFIG_SND_SOC_TLV320AIC23=m
3490CONFIG_SND_SOC_TLV320AIC26=m
3491CONFIG_SND_SOC_TLV320AIC3X=m
3492CONFIG_SND_SOC_UDA134X=m
3493CONFIG_SND_SOC_UDA1380=m
3494CONFIG_SND_SOC_WM8350=m
3495CONFIG_SND_SOC_WM8400=m
3496CONFIG_SND_SOC_WM8510=m
3497CONFIG_SND_SOC_WM8523=m
3498CONFIG_SND_SOC_WM8580=m
3499CONFIG_SND_SOC_WM8728=m
3500CONFIG_SND_SOC_WM8731=m
3501CONFIG_SND_SOC_WM8750=m
3502CONFIG_SND_SOC_WM8753=m
3503CONFIG_SND_SOC_WM8776=m
3504CONFIG_SND_SOC_WM8900=m
3505CONFIG_SND_SOC_WM8903=m
3506CONFIG_SND_SOC_WM8940=m
3507CONFIG_SND_SOC_WM8960=m
3508CONFIG_SND_SOC_WM8961=m
3509CONFIG_SND_SOC_WM8971=m
3510CONFIG_SND_SOC_WM8974=m
3511CONFIG_SND_SOC_WM8988=m
3512CONFIG_SND_SOC_WM8990=m
3513CONFIG_SND_SOC_WM8993=m
3514CONFIG_SND_SOC_WM9081=m
3515CONFIG_SND_SOC_MAX9877=m
3516# CONFIG_SOUND_PRIME is not set
3517CONFIG_AC97_BUS=m
3518CONFIG_HID_SUPPORT=y
3519CONFIG_HID=m
3520CONFIG_HIDRAW=y
3521
3522#
3523# USB Input Devices
3524#
3525CONFIG_USB_HID=m
3526# CONFIG_HID_PID is not set
3527# CONFIG_USB_HIDDEV is not set
3528
3529#
3530# USB HID Boot Protocol drivers
3531#
3532CONFIG_USB_KBD=m
3533CONFIG_USB_MOUSE=m
3534
3535#
3536# Special HID drivers
3537#
3538# CONFIG_HID_A4TECH is not set
3539# CONFIG_HID_APPLE is not set
3540# CONFIG_HID_BELKIN is not set
3541# CONFIG_HID_CHERRY is not set
3542# CONFIG_HID_CHICONY is not set
3543# CONFIG_HID_CYPRESS is not set
3544# CONFIG_HID_DRAGONRISE is not set
3545# CONFIG_HID_EZKEY is not set
3546# CONFIG_HID_KYE is not set
3547# CONFIG_HID_GYRATION is not set
3548# CONFIG_HID_TWINHAN is not set
3549# CONFIG_HID_KENSINGTON is not set
3550# CONFIG_HID_LOGITECH is not set
3551# CONFIG_HID_MICROSOFT is not set
3552# CONFIG_HID_MONTEREY is not set
3553# CONFIG_HID_NTRIG is not set
3554# CONFIG_HID_PANTHERLORD is not set
3555# CONFIG_HID_PETALYNX is not set
3556# CONFIG_HID_SAMSUNG is not set
3557# CONFIG_HID_SONY is not set
3558# CONFIG_HID_SUNPLUS is not set
3559# CONFIG_HID_GREENASIA is not set
3560# CONFIG_HID_SMARTJOYPLUS is not set
3561# CONFIG_HID_TOPSEED is not set
3562# CONFIG_HID_THRUSTMASTER is not set
3563# CONFIG_HID_WACOM is not set
3564# CONFIG_HID_ZEROPLUS is not set
3565CONFIG_USB_SUPPORT=y
3566CONFIG_USB_ARCH_HAS_HCD=y
3567CONFIG_USB_ARCH_HAS_OHCI=y
3568CONFIG_USB_ARCH_HAS_EHCI=y
3569CONFIG_USB=m
3570# CONFIG_USB_DEBUG is not set
3571CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
3572
3573#
3574# Miscellaneous USB options
3575#
3576CONFIG_USB_DEVICEFS=y
3577CONFIG_USB_DEVICE_CLASS=y
3578# CONFIG_USB_DYNAMIC_MINORS is not set
3579# CONFIG_USB_SUSPEND is not set
3580# CONFIG_USB_OTG is not set
3581# CONFIG_USB_OTG_WHITELIST is not set
3582# CONFIG_USB_OTG_BLACKLIST_HUB is not set
3583CONFIG_USB_MON=m
3584CONFIG_USB_WUSB=m
3585CONFIG_USB_WUSB_CBAF=m
3586# CONFIG_USB_WUSB_CBAF_DEBUG is not set
3587
3588#
3589# USB Host Controller Drivers
3590#
3591CONFIG_USB_C67X00_HCD=m
3592CONFIG_USB_XHCI_HCD=m
3593# CONFIG_USB_XHCI_HCD_DEBUGGING is not set
3594CONFIG_USB_EHCI_HCD=m
3595# CONFIG_USB_EHCI_ROOT_HUB_TT is not set
3596# CONFIG_USB_EHCI_TT_NEWSCHED is not set
3597CONFIG_USB_OXU210HP_HCD=m
3598CONFIG_USB_ISP116X_HCD=m
3599CONFIG_USB_ISP1760_HCD=m
3600CONFIG_USB_ISP1362_HCD=m
3601CONFIG_USB_OHCI_HCD=m
3602CONFIG_USB_OHCI_HCD_SSB=y
3603# CONFIG_USB_OHCI_BIG_ENDIAN_DESC is not set
3604# CONFIG_USB_OHCI_BIG_ENDIAN_MMIO is not set
3605CONFIG_USB_OHCI_LITTLE_ENDIAN=y
3606CONFIG_USB_UHCI_HCD=m
3607CONFIG_USB_U132_HCD=m
3608CONFIG_USB_SL811_HCD=m
3609CONFIG_USB_SL811_CS=m
3610CONFIG_USB_R8A66597_HCD=m
3611CONFIG_USB_WHCI_HCD=m
3612CONFIG_USB_HWA_HCD=m
3613
3614#
3615# Enable Host or Gadget support to see Inventra options
3616#
3617
3618#
3619# USB Device Class drivers
3620#
3621CONFIG_USB_ACM=m
3622CONFIG_USB_PRINTER=m
3623CONFIG_USB_WDM=m
3624CONFIG_USB_TMC=m
3625
3626#
3627# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may
3628#
3629
3630#
3631# also be needed; see USB_STORAGE Help for more info
3632#
3633CONFIG_USB_STORAGE=m
3634# CONFIG_USB_STORAGE_DEBUG is not set
3635CONFIG_USB_STORAGE_DATAFAB=m
3636CONFIG_USB_STORAGE_FREECOM=m
3637CONFIG_USB_STORAGE_ISD200=m
3638CONFIG_USB_STORAGE_USBAT=m
3639CONFIG_USB_STORAGE_SDDR09=m
3640CONFIG_USB_STORAGE_SDDR55=m
3641CONFIG_USB_STORAGE_JUMPSHOT=m
3642CONFIG_USB_STORAGE_ALAUDA=m
3643CONFIG_USB_STORAGE_ONETOUCH=m
3644CONFIG_USB_STORAGE_KARMA=m
3645CONFIG_USB_STORAGE_CYPRESS_ATACB=m
3646CONFIG_USB_LIBUSUAL=y
3647
3648#
3649# USB Imaging devices
3650#
3651# CONFIG_USB_MDC800 is not set
3652# CONFIG_USB_MICROTEK is not set
3653
3654#
3655# USB port drivers
3656#
3657CONFIG_USB_USS720=m
3658CONFIG_USB_SERIAL=m
3659CONFIG_USB_EZUSB=y
3660CONFIG_USB_SERIAL_GENERIC=y
3661CONFIG_USB_SERIAL_AIRCABLE=m
3662CONFIG_USB_SERIAL_ARK3116=m
3663CONFIG_USB_SERIAL_BELKIN=m
3664CONFIG_USB_SERIAL_CH341=m
3665CONFIG_USB_SERIAL_WHITEHEAT=m
3666CONFIG_USB_SERIAL_DIGI_ACCELEPORT=m
3667CONFIG_USB_SERIAL_CP210X=m
3668CONFIG_USB_SERIAL_CYPRESS_M8=m
3669CONFIG_USB_SERIAL_EMPEG=m
3670CONFIG_USB_SERIAL_FTDI_SIO=m
3671CONFIG_USB_SERIAL_FUNSOFT=m
3672CONFIG_USB_SERIAL_VISOR=m
3673CONFIG_USB_SERIAL_IPAQ=m
3674CONFIG_USB_SERIAL_IR=m
3675CONFIG_USB_SERIAL_EDGEPORT=m
3676CONFIG_USB_SERIAL_EDGEPORT_TI=m
3677CONFIG_USB_SERIAL_GARMIN=m
3678CONFIG_USB_SERIAL_IPW=m
3679CONFIG_USB_SERIAL_IUU=m
3680CONFIG_USB_SERIAL_KEYSPAN_PDA=m
3681CONFIG_USB_SERIAL_KEYSPAN=m
3682CONFIG_USB_SERIAL_KLSI=m
3683CONFIG_USB_SERIAL_KOBIL_SCT=m
3684CONFIG_USB_SERIAL_MCT_U232=m
3685CONFIG_USB_SERIAL_MOS7720=m
3686CONFIG_USB_SERIAL_MOS7840=m
3687CONFIG_USB_SERIAL_MOTOROLA=m
3688CONFIG_USB_SERIAL_NAVMAN=m
3689CONFIG_USB_SERIAL_PL2303=m
3690CONFIG_USB_SERIAL_OTI6858=m
3691CONFIG_USB_SERIAL_QUALCOMM=m
3692CONFIG_USB_SERIAL_SPCP8X5=m
3693CONFIG_USB_SERIAL_HP4X=m
3694CONFIG_USB_SERIAL_SAFE=m
3695CONFIG_USB_SERIAL_SAFE_PADDED=y
3696CONFIG_USB_SERIAL_SIEMENS_MPI=m
3697CONFIG_USB_SERIAL_SIERRAWIRELESS=m
3698CONFIG_USB_SERIAL_SYMBOL=m
3699CONFIG_USB_SERIAL_TI=m
3700CONFIG_USB_SERIAL_CYBERJACK=m
3701CONFIG_USB_SERIAL_XIRCOM=m
3702CONFIG_USB_SERIAL_OPTION=m
3703CONFIG_USB_SERIAL_OMNINET=m
3704CONFIG_USB_SERIAL_OPTICON=m
3705CONFIG_USB_SERIAL_DEBUG=m
3706
3707#
3708# USB Miscellaneous drivers
3709#
3710CONFIG_USB_EMI62=m
3711CONFIG_USB_EMI26=m
3712CONFIG_USB_ADUTUX=m
3713CONFIG_USB_SEVSEG=m
3714CONFIG_USB_RIO500=m
3715# CONFIG_USB_LEGOTOWER is not set
3716CONFIG_USB_LCD=m
3717# CONFIG_USB_BERRY_CHARGE is not set
3718CONFIG_USB_LED=m
3719CONFIG_USB_CYPRESS_CY7C63=m
3720CONFIG_USB_CYTHERM=m
3721CONFIG_USB_IDMOUSE=m
3722CONFIG_USB_FTDI_ELAN=m
3723# CONFIG_USB_APPLEDISPLAY is not set
3724CONFIG_USB_SISUSBVGA=m
3725CONFIG_USB_SISUSBVGA_CON=y
3726CONFIG_USB_LD=m
3727# CONFIG_USB_TRANCEVIBRATOR is not set
3728CONFIG_USB_IOWARRIOR=m
3729CONFIG_USB_TEST=m
3730CONFIG_USB_ISIGHTFW=m
3731# CONFIG_USB_VST is not set
3732CONFIG_USB_ATM=m
3733CONFIG_USB_SPEEDTOUCH=m
3734CONFIG_USB_CXACRU=m
3735CONFIG_USB_UEAGLEATM=m
3736CONFIG_USB_XUSBATM=m
3737# CONFIG_USB_GADGET is not set
3738
3739#
3740# OTG and related infrastructure
3741#
3742CONFIG_USB_OTG_UTILS=y
3743CONFIG_USB_GPIO_VBUS=m
3744CONFIG_NOP_USB_XCEIV=m
3745CONFIG_UWB=m
3746CONFIG_UWB_HWA=m
3747CONFIG_UWB_WHCI=m
3748CONFIG_UWB_WLP=m
3749CONFIG_UWB_I1480U=m
3750CONFIG_UWB_I1480U_WLP=m
3751CONFIG_MMC=m
3752# CONFIG_MMC_DEBUG is not set
3753# CONFIG_MMC_UNSAFE_RESUME is not set
3754
3755#
3756# MMC/SD/SDIO Card Drivers
3757#
3758CONFIG_MMC_BLOCK=m
3759CONFIG_MMC_BLOCK_BOUNCE=y
3760CONFIG_SDIO_UART=m
3761CONFIG_MMC_TEST=m
3762
3763#
3764# MMC/SD/SDIO Host Controller Drivers
3765#
3766CONFIG_MMC_SDHCI=m
3767CONFIG_MMC_SDHCI_PCI=m
3768CONFIG_MMC_RICOH_MMC=m
3769CONFIG_MMC_SDHCI_PLTFM=m
3770CONFIG_MMC_WBSD=m
3771# CONFIG_MMC_AT91 is not set
3772# CONFIG_MMC_ATMELMCI is not set
3773CONFIG_MMC_TIFM_SD=m
3774CONFIG_MMC_SDRICOH_CS=m
3775CONFIG_MMC_CB710=m
3776CONFIG_MMC_VIA_SDMMC=m
3777CONFIG_MEMSTICK=m
3778# CONFIG_MEMSTICK_DEBUG is not set
3779
3780#
3781# MemoryStick drivers
3782#
3783# CONFIG_MEMSTICK_UNSAFE_RESUME is not set
3784CONFIG_MSPRO_BLOCK=m
3785
3786#
3787# MemoryStick Host Controller Drivers
3788#
3789CONFIG_MEMSTICK_TIFM_MS=m
3790CONFIG_MEMSTICK_JMICRON_38X=m
3791CONFIG_NEW_LEDS=y
3792CONFIG_LEDS_CLASS=m
3793
3794#
3795# LED drivers
3796#
3797CONFIG_LEDS_NET48XX=m
3798CONFIG_LEDS_WRAP=m
3799CONFIG_LEDS_ALIX2=m
3800CONFIG_LEDS_PCA9532=m
3801CONFIG_LEDS_GPIO=m
3802CONFIG_LEDS_GPIO_PLATFORM=y
3803CONFIG_LEDS_LP3944=m
3804CONFIG_LEDS_CLEVO_MAIL=m
3805CONFIG_LEDS_PCA955X=m
3806CONFIG_LEDS_WM8350=m
3807CONFIG_LEDS_DAC124S085=m
3808CONFIG_LEDS_BD2802=m
3809
3810#
3811# LED Triggers
3812#
3813CONFIG_LEDS_TRIGGERS=y
3814CONFIG_LEDS_TRIGGER_TIMER=m
3815CONFIG_LEDS_TRIGGER_HEARTBEAT=m
3816CONFIG_LEDS_TRIGGER_BACKLIGHT=m
3817CONFIG_LEDS_TRIGGER_GPIO=m
3818CONFIG_LEDS_TRIGGER_DEFAULT_ON=m
3819
3820#
3821# iptables trigger is under Netfilter config (LED target)
3822#
3823CONFIG_ACCESSIBILITY=y
3824# CONFIG_A11Y_BRAILLE_CONSOLE is not set
3825CONFIG_INFINIBAND=m
3826CONFIG_INFINIBAND_USER_MAD=m
3827CONFIG_INFINIBAND_USER_ACCESS=m
3828CONFIG_INFINIBAND_USER_MEM=y
3829CONFIG_INFINIBAND_ADDR_TRANS=y
3830CONFIG_INFINIBAND_MTHCA=m
3831# CONFIG_INFINIBAND_MTHCA_DEBUG is not set
3832CONFIG_INFINIBAND_AMSO1100=m
3833# CONFIG_INFINIBAND_AMSO1100_DEBUG is not set
3834CONFIG_INFINIBAND_CXGB3=m
3835# CONFIG_INFINIBAND_CXGB3_DEBUG is not set
3836CONFIG_MLX4_INFINIBAND=m
3837CONFIG_INFINIBAND_NES=m
3838# CONFIG_INFINIBAND_NES_DEBUG is not set
3839CONFIG_INFINIBAND_IPOIB=m
3840# CONFIG_INFINIBAND_IPOIB_CM is not set
3841# CONFIG_INFINIBAND_IPOIB_DEBUG is not set
3842CONFIG_INFINIBAND_SRP=m
3843CONFIG_INFINIBAND_ISER=m
3844# CONFIG_EDAC is not set
3845CONFIG_RTC_LIB=m
3846CONFIG_RTC_CLASS=m
3847
3848#
3849# RTC interfaces
3850#
3851CONFIG_RTC_INTF_SYSFS=y
3852CONFIG_RTC_INTF_PROC=y
3853CONFIG_RTC_INTF_DEV=y
3854CONFIG_RTC_INTF_DEV_UIE_EMUL=y
3855CONFIG_RTC_DRV_TEST=m
3856
3857#
3858# I2C RTC drivers
3859#
3860CONFIG_RTC_DRV_DS1307=m
3861CONFIG_RTC_DRV_DS1374=m
3862CONFIG_RTC_DRV_DS1672=m
3863CONFIG_RTC_DRV_MAX6900=m
3864CONFIG_RTC_DRV_RS5C372=m
3865CONFIG_RTC_DRV_ISL1208=m
3866CONFIG_RTC_DRV_X1205=m
3867CONFIG_RTC_DRV_PCF8563=m
3868CONFIG_RTC_DRV_PCF8583=m
3869CONFIG_RTC_DRV_M41T80=m
3870CONFIG_RTC_DRV_M41T80_WDT=y
3871CONFIG_RTC_DRV_S35390A=m
3872CONFIG_RTC_DRV_FM3130=m
3873CONFIG_RTC_DRV_RX8581=m
3874CONFIG_RTC_DRV_RX8025=m
3875
3876#
3877# SPI RTC drivers
3878#
3879CONFIG_RTC_DRV_M41T94=m
3880CONFIG_RTC_DRV_DS1305=m
3881CONFIG_RTC_DRV_DS1390=m
3882CONFIG_RTC_DRV_MAX6902=m
3883CONFIG_RTC_DRV_R9701=m
3884CONFIG_RTC_DRV_RS5C348=m
3885CONFIG_RTC_DRV_DS3234=m
3886CONFIG_RTC_DRV_PCF2123=m
3887
3888#
3889# Platform RTC drivers
3890#
3891CONFIG_RTC_DRV_CMOS=m
3892CONFIG_RTC_DRV_DS1286=m
3893CONFIG_RTC_DRV_DS1511=m
3894CONFIG_RTC_DRV_DS1553=m
3895CONFIG_RTC_DRV_DS1742=m
3896CONFIG_RTC_DRV_STK17TA8=m
3897CONFIG_RTC_DRV_M48T86=m
3898CONFIG_RTC_DRV_M48T35=m
3899CONFIG_RTC_DRV_M48T59=m
3900CONFIG_RTC_DRV_BQ4802=m
3901CONFIG_RTC_DRV_V3020=m
3902CONFIG_RTC_DRV_WM8350=m
3903CONFIG_RTC_DRV_PCF50633=m
3904CONFIG_RTC_DRV_AB3100=m
3905
3906#
3907# on-CPU RTC drivers
3908#
3909CONFIG_DMADEVICES=y
3910
3911#
3912# DMA Devices
3913#
3914CONFIG_ASYNC_TX_DISABLE_CHANNEL_SWITCH=y
3915CONFIG_INTEL_IOATDMA=m
3916CONFIG_DMA_ENGINE=y
3917
3918#
3919# DMA Clients
3920#
3921CONFIG_NET_DMA=y
3922# CONFIG_ASYNC_TX_DMA is not set
3923CONFIG_DMATEST=m
3924CONFIG_DCA=m
3925CONFIG_AUXDISPLAY=y
3926CONFIG_KS0108=m
3927CONFIG_KS0108_PORT=0x378
3928CONFIG_KS0108_DELAY=2
3929CONFIG_CFAG12864B=m
3930CONFIG_CFAG12864B_RATE=20
3931CONFIG_UIO=m
3932CONFIG_UIO_CIF=m
3933CONFIG_UIO_PDRV=m
3934CONFIG_UIO_PDRV_GENIRQ=m
3935CONFIG_UIO_SMX=m
3936CONFIG_UIO_AEC=m
3937CONFIG_UIO_SERCOS3=m
3938# CONFIG_UIO_PCI_GENERIC is not set
3939
3940#
3941# TI VLYNQ
3942#
3943# CONFIG_STAGING is not set
3944CONFIG_X86_PLATFORM_DEVICES=y
3945CONFIG_ACER_WMI=m
3946CONFIG_ASUS_LAPTOP=m
3947CONFIG_DELL_WMI=m
3948CONFIG_FUJITSU_LAPTOP=m
3949# CONFIG_FUJITSU_LAPTOP_DEBUG is not set
3950CONFIG_TC1100_WMI=m
3951CONFIG_HP_WMI=m
3952CONFIG_MSI_LAPTOP=m
3953CONFIG_PANASONIC_LAPTOP=m
3954CONFIG_COMPAL_LAPTOP=m
3955CONFIG_SONY_LAPTOP=m
3956# CONFIG_SONYPI_COMPAT is not set
3957CONFIG_THINKPAD_ACPI=m
3958# CONFIG_THINKPAD_ACPI_DEBUGFACILITIES is not set
3959# CONFIG_THINKPAD_ACPI_DEBUG is not set
3960# CONFIG_THINKPAD_ACPI_UNSAFE_LEDS is not set
3961CONFIG_THINKPAD_ACPI_VIDEO=y
3962CONFIG_THINKPAD_ACPI_HOTKEY_POLL=y
3963CONFIG_INTEL_MENLOW=m
3964CONFIG_EEEPC_LAPTOP=m
3965CONFIG_ACPI_WMI=m
3966CONFIG_ACPI_ASUS=m
3967# CONFIG_TOPSTAR_LAPTOP is not set
3968CONFIG_ACPI_TOSHIBA=m
3969
3970#
3971# Firmware Drivers
3972#
3973CONFIG_EDD=m
3974# CONFIG_EDD_OFF is not set
3975CONFIG_FIRMWARE_MEMMAP=y
3976CONFIG_DELL_RBU=m
3977CONFIG_DCDBAS=m
3978CONFIG_DMIID=y
3979# CONFIG_ISCSI_IBFT_FIND is not set
3980
3981#
3982# File systems
3983#
3984CONFIG_EXT2_FS=m
3985CONFIG_EXT2_FS_XATTR=y
3986CONFIG_EXT2_FS_POSIX_ACL=y
3987CONFIG_EXT2_FS_SECURITY=y
3988CONFIG_EXT2_FS_XIP=y
3989CONFIG_EXT3_FS=m
3990# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
3991CONFIG_EXT3_FS_XATTR=y
3992CONFIG_EXT3_FS_POSIX_ACL=y
3993CONFIG_EXT3_FS_SECURITY=y
3994CONFIG_EXT4_FS=m
3995CONFIG_EXT4_FS_XATTR=y
3996CONFIG_EXT4_FS_POSIX_ACL=y
3997CONFIG_EXT4_FS_SECURITY=y
3998# CONFIG_EXT4_DEBUG is not set
3999CONFIG_FS_XIP=y
4000CONFIG_JBD=m
4001# CONFIG_JBD_DEBUG is not set
4002CONFIG_JBD2=m
4003# CONFIG_JBD2_DEBUG is not set
4004CONFIG_FS_MBCACHE=m
4005CONFIG_REISERFS_FS=m
4006# CONFIG_REISERFS_CHECK is not set
4007CONFIG_REISERFS_PROC_INFO=y
4008CONFIG_REISERFS_FS_XATTR=y
4009CONFIG_REISERFS_FS_POSIX_ACL=y
4010# CONFIG_REISERFS_FS_SECURITY is not set
4011CONFIG_JFS_FS=m
4012CONFIG_JFS_POSIX_ACL=y
4013CONFIG_JFS_SECURITY=y
4014# CONFIG_JFS_DEBUG is not set
4015CONFIG_JFS_STATISTICS=y
4016CONFIG_FS_POSIX_ACL=y
4017CONFIG_XFS_FS=m
4018CONFIG_XFS_QUOTA=y
4019CONFIG_XFS_POSIX_ACL=y
4020CONFIG_XFS_RT=y
4021# CONFIG_XFS_DEBUG is not set
4022CONFIG_GFS2_FS=m
4023CONFIG_GFS2_FS_LOCKING_DLM=y
4024CONFIG_OCFS2_FS=m
4025CONFIG_OCFS2_FS_O2CB=m
4026CONFIG_OCFS2_FS_USERSPACE_CLUSTER=m
4027CONFIG_OCFS2_FS_STATS=y
4028CONFIG_OCFS2_DEBUG_MASKLOG=y
4029# CONFIG_OCFS2_DEBUG_FS is not set
4030CONFIG_OCFS2_FS_POSIX_ACL=y
4031CONFIG_BTRFS_FS=m
4032CONFIG_BTRFS_FS_POSIX_ACL=y
4033CONFIG_NILFS2_FS=m
4034CONFIG_FILE_LOCKING=y
4035CONFIG_FSNOTIFY=y
4036# CONFIG_DNOTIFY is not set
4037CONFIG_INOTIFY=y
4038CONFIG_INOTIFY_USER=y
4039CONFIG_QUOTA=y
4040CONFIG_QUOTA_NETLINK_INTERFACE=y
4041# CONFIG_PRINT_QUOTA_WARNING is not set
4042CONFIG_QUOTA_TREE=m
4043CONFIG_QFMT_V1=m
4044CONFIG_QFMT_V2=m
4045CONFIG_QUOTACTL=y
4046CONFIG_AUTOFS_FS=m
4047CONFIG_AUTOFS4_FS=m
4048CONFIG_FUSE_FS=m
4049# CONFIG_CUSE is not set
4050
4051#
4052# Caches
4053#
4054CONFIG_FSCACHE=m
4055CONFIG_FSCACHE_STATS=y
4056CONFIG_FSCACHE_HISTOGRAM=y
4057# CONFIG_FSCACHE_DEBUG is not set
4058# CONFIG_FSCACHE_OBJECT_LIST is not set
4059CONFIG_CACHEFILES=m
4060# CONFIG_CACHEFILES_DEBUG is not set
4061# CONFIG_CACHEFILES_HISTOGRAM is not set
4062
4063#
4064# CD-ROM/DVD Filesystems
4065#
4066CONFIG_ISO9660_FS=m
4067CONFIG_JOLIET=y
4068CONFIG_ZISOFS=y
4069CONFIG_UDF_FS=m
4070CONFIG_UDF_NLS=y
4071
4072#
4073# DOS/FAT/NT Filesystems
4074#
4075CONFIG_FAT_FS=m
4076CONFIG_MSDOS_FS=m
4077CONFIG_VFAT_FS=m
4078CONFIG_FAT_DEFAULT_CODEPAGE=437
4079CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
4080CONFIG_NTFS_FS=m
4081# CONFIG_NTFS_DEBUG is not set
4082CONFIG_NTFS_RW=y
4083
4084#
4085# Pseudo filesystems
4086#
4087CONFIG_PROC_FS=y
4088CONFIG_PROC_SYSCTL=y
4089CONFIG_SYSFS=y
4090CONFIG_TMPFS=y
4091# CONFIG_TMPFS_POSIX_ACL is not set
4092# CONFIG_HUGETLBFS is not set
4093# CONFIG_HUGETLB_PAGE is not set
4094CONFIG_CONFIGFS_FS=m
4095CONFIG_MISC_FILESYSTEMS=y
4096# CONFIG_ADFS_FS is not set
4097# CONFIG_AFFS_FS is not set
4098CONFIG_ECRYPT_FS=m
4099CONFIG_HFS_FS=m
4100CONFIG_HFSPLUS_FS=m
4101# CONFIG_BEFS_FS is not set
4102# CONFIG_BFS_FS is not set
4103CONFIG_EFS_FS=m
4104CONFIG_JFFS2_FS=m
4105CONFIG_JFFS2_FS_DEBUG=0
4106CONFIG_JFFS2_FS_WRITEBUFFER=y
4107# CONFIG_JFFS2_FS_WBUF_VERIFY is not set
4108CONFIG_JFFS2_SUMMARY=y
4109CONFIG_JFFS2_FS_XATTR=y
4110CONFIG_JFFS2_FS_POSIX_ACL=y
4111CONFIG_JFFS2_FS_SECURITY=y
4112CONFIG_JFFS2_COMPRESSION_OPTIONS=y
4113CONFIG_JFFS2_ZLIB=y
4114CONFIG_JFFS2_LZO=y
4115CONFIG_JFFS2_RTIME=y
4116CONFIG_JFFS2_RUBIN=y
4117# CONFIG_JFFS2_CMODE_NONE is not set
4118CONFIG_JFFS2_CMODE_PRIORITY=y
4119# CONFIG_JFFS2_CMODE_SIZE is not set
4120# CONFIG_JFFS2_CMODE_FAVOURLZO is not set
4121CONFIG_UBIFS_FS=m
4122# CONFIG_UBIFS_FS_XATTR is not set
4123# CONFIG_UBIFS_FS_ADVANCED_COMPR is not set
4124CONFIG_UBIFS_FS_LZO=y
4125CONFIG_UBIFS_FS_ZLIB=y
4126# CONFIG_UBIFS_FS_DEBUG is not set
4127CONFIG_CRAMFS=m
4128CONFIG_SQUASHFS=m
4129# CONFIG_SQUASHFS_EMBEDDED is not set
4130CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3
4131# CONFIG_VXFS_FS is not set
4132CONFIG_MINIX_FS=m
4133CONFIG_OMFS_FS=m
4134CONFIG_HPFS_FS=m
4135# CONFIG_QNX4FS_FS is not set
4136CONFIG_ROMFS_FS=m
4137CONFIG_ROMFS_BACKED_BY_BLOCK=y
4138# CONFIG_ROMFS_BACKED_BY_MTD is not set
4139# CONFIG_ROMFS_BACKED_BY_BOTH is not set
4140CONFIG_ROMFS_ON_BLOCK=y
4141CONFIG_SYSV_FS=m
4142CONFIG_UFS_FS=m
4143# CONFIG_UFS_FS_WRITE is not set
4144# CONFIG_UFS_DEBUG is not set
4145CONFIG_EXOFS_FS=m
4146# CONFIG_EXOFS_DEBUG is not set
4147CONFIG_NETWORK_FILESYSTEMS=y
4148CONFIG_NFS_FS=m
4149CONFIG_NFS_V3=y
4150# CONFIG_NFS_V3_ACL is not set
4151CONFIG_NFS_V4=y
4152# CONFIG_NFS_V4_1 is not set
4153# CONFIG_NFS_FSCACHE is not set
4154CONFIG_NFSD=m
4155CONFIG_NFSD_V3=y
4156# CONFIG_NFSD_V3_ACL is not set
4157CONFIG_NFSD_V4=y
4158CONFIG_LOCKD=m
4159CONFIG_LOCKD_V4=y
4160CONFIG_EXPORTFS=m
4161CONFIG_NFS_COMMON=y
4162CONFIG_SUNRPC=m
4163CONFIG_SUNRPC_GSS=m
4164CONFIG_SUNRPC_XPRT_RDMA=m
4165CONFIG_RPCSEC_GSS_KRB5=m
4166# CONFIG_RPCSEC_GSS_SPKM3 is not set
4167# CONFIG_SMB_FS is not set
4168CONFIG_CIFS=m
4169# CONFIG_CIFS_STATS is not set
4170# CONFIG_CIFS_WEAK_PW_HASH is not set
4171# CONFIG_CIFS_UPCALL is not set
4172CONFIG_CIFS_XATTR=y
4173CONFIG_CIFS_POSIX=y
4174# CONFIG_CIFS_DEBUG2 is not set
4175CONFIG_CIFS_DFS_UPCALL=y
4176CONFIG_CIFS_EXPERIMENTAL=y
4177# CONFIG_NCP_FS is not set
4178# CONFIG_CODA_FS is not set
4179# CONFIG_AFS_FS is not set
4180# CONFIG_9P_FS is not set
4181
4182#
4183# Partition Types
4184#
4185# CONFIG_PARTITION_ADVANCED is not set
4186CONFIG_MSDOS_PARTITION=y
4187CONFIG_NLS=m
4188CONFIG_NLS_DEFAULT="iso8859-1"
4189CONFIG_NLS_CODEPAGE_437=m
4190CONFIG_NLS_CODEPAGE_737=m
4191CONFIG_NLS_CODEPAGE_775=m
4192CONFIG_NLS_CODEPAGE_850=m
4193CONFIG_NLS_CODEPAGE_852=m
4194CONFIG_NLS_CODEPAGE_855=m
4195CONFIG_NLS_CODEPAGE_857=m
4196CONFIG_NLS_CODEPAGE_860=m
4197CONFIG_NLS_CODEPAGE_861=m
4198CONFIG_NLS_CODEPAGE_862=m
4199CONFIG_NLS_CODEPAGE_863=m
4200CONFIG_NLS_CODEPAGE_864=m
4201CONFIG_NLS_CODEPAGE_865=m
4202CONFIG_NLS_CODEPAGE_866=m
4203CONFIG_NLS_CODEPAGE_869=m
4204CONFIG_NLS_CODEPAGE_936=m
4205CONFIG_NLS_CODEPAGE_950=m
4206CONFIG_NLS_CODEPAGE_932=m
4207CONFIG_NLS_CODEPAGE_949=m
4208CONFIG_NLS_CODEPAGE_874=m
4209CONFIG_NLS_ISO8859_8=m
4210CONFIG_NLS_CODEPAGE_1250=m
4211CONFIG_NLS_CODEPAGE_1251=m
4212CONFIG_NLS_ASCII=m
4213CONFIG_NLS_ISO8859_1=m
4214CONFIG_NLS_ISO8859_2=m
4215CONFIG_NLS_ISO8859_3=m
4216CONFIG_NLS_ISO8859_4=m
4217CONFIG_NLS_ISO8859_5=m
4218CONFIG_NLS_ISO8859_6=m
4219CONFIG_NLS_ISO8859_7=m
4220CONFIG_NLS_ISO8859_9=m
4221CONFIG_NLS_ISO8859_13=m
4222CONFIG_NLS_ISO8859_14=m
4223CONFIG_NLS_ISO8859_15=m
4224CONFIG_NLS_KOI8_R=m
4225CONFIG_NLS_KOI8_U=m
4226CONFIG_NLS_UTF8=m
4227CONFIG_DLM=m
4228# CONFIG_DLM_DEBUG is not set
4229
4230#
4231# Kernel hacking
4232#
4233CONFIG_TRACE_IRQFLAGS_SUPPORT=y
4234# CONFIG_PRINTK_TIME is not set
4235CONFIG_ENABLE_WARN_DEPRECATED=y
4236# CONFIG_ENABLE_MUST_CHECK is not set
4237CONFIG_FRAME_WARN=1024
4238# CONFIG_MAGIC_SYSRQ is not set
4239# CONFIG_STRIP_ASM_SYMS is not set
4240# CONFIG_UNUSED_SYMBOLS is not set
4241CONFIG_DEBUG_FS=y
4242# CONFIG_HEADERS_CHECK is not set
4243# CONFIG_DEBUG_KERNEL is not set
4244CONFIG_STACKTRACE=y
4245# CONFIG_DEBUG_BUGVERBOSE is not set
4246# CONFIG_DEBUG_MEMORY_INIT is not set
4247CONFIG_ARCH_WANT_FRAME_POINTERS=y
4248CONFIG_FRAME_POINTER=y
4249# CONFIG_RCU_CPU_STALL_DETECTOR is not set
4250# CONFIG_LATENCYTOP is not set
4251CONFIG_SYSCTL_SYSCALL_CHECK=y
4252CONFIG_USER_STACKTRACE_SUPPORT=y
4253CONFIG_NOP_TRACER=y
4254CONFIG_HAVE_FUNCTION_TRACER=y
4255CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
4256CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y
4257CONFIG_HAVE_FUNCTION_TRACE_MCOUNT_TEST=y
4258CONFIG_HAVE_DYNAMIC_FTRACE=y
4259CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
4260CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
4261CONFIG_RING_BUFFER=y
4262CONFIG_EVENT_TRACING=y
4263CONFIG_CONTEXT_SWITCH_TRACER=y
4264CONFIG_RING_BUFFER_ALLOW_SWAP=y
4265CONFIG_TRACING=y
4266CONFIG_TRACING_SUPPORT=y
4267# CONFIG_FTRACE is not set
4268# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
4269# CONFIG_FIREWIRE_OHCI_REMOTE_DMA is not set
4270# CONFIG_DYNAMIC_DEBUG is not set
4271# CONFIG_DMA_API_DEBUG is not set
4272# CONFIG_SAMPLES is not set
4273CONFIG_HAVE_ARCH_KGDB=y
4274CONFIG_HAVE_ARCH_KMEMCHECK=y
4275CONFIG_STRICT_DEVMEM=y
4276# CONFIG_X86_VERBOSE_BOOTUP is not set
4277# CONFIG_EARLY_PRINTK is not set
4278# CONFIG_4KSTACKS is not set
4279# CONFIG_DOUBLEFAULT is not set
4280# CONFIG_IOMMU_STRESS is not set
4281CONFIG_HAVE_MMIOTRACE_SUPPORT=y
4282CONFIG_IO_DELAY_TYPE_0X80=0
4283CONFIG_IO_DELAY_TYPE_0XED=1
4284CONFIG_IO_DELAY_TYPE_UDELAY=2
4285CONFIG_IO_DELAY_TYPE_NONE=3
4286CONFIG_IO_DELAY_0X80=y
4287# CONFIG_IO_DELAY_0XED is not set
4288# CONFIG_IO_DELAY_UDELAY is not set
4289# CONFIG_IO_DELAY_NONE is not set
4290CONFIG_DEFAULT_IO_DELAY_TYPE=0
4291# CONFIG_OPTIMIZE_INLINING is not set
4292
4293#
4294# Security options
4295#
4296
4297#
4298# Grsecurity
4299#
4300CONFIG_GRKERNSEC=y
4301# CONFIG_GRKERNSEC_LOW is not set
4302# CONFIG_GRKERNSEC_MEDIUM is not set
4303# CONFIG_GRKERNSEC_HIGH is not set
4304CONFIG_GRKERNSEC_CUSTOM=y
4305
4306#
4307# Address Space Protection
4308#
4309CONFIG_GRKERNSEC_KMEM=y
4310CONFIG_GRKERNSEC_VM86=y
4311# CONFIG_GRKERNSEC_IO is not set
4312CONFIG_GRKERNSEC_PROC_MEMMAP=y
4313# CONFIG_GRKERNSEC_BRUTE is not set
4314# CONFIG_GRKERNSEC_MODHARDEN is not set
4315# CONFIG_GRKERNSEC_HIDESYM is not set
4316
4317#
4318# Role Based Access Control Options
4319#
4320# CONFIG_GRKERNSEC_NO_RBAC is not set
4321CONFIG_GRKERNSEC_ACL_HIDEKERN=y
4322CONFIG_GRKERNSEC_ACL_MAXTRIES=3
4323CONFIG_GRKERNSEC_ACL_TIMEOUT=30
4324
4325#
4326# Filesystem Protections
4327#
4328CONFIG_GRKERNSEC_PROC=y
4329CONFIG_GRKERNSEC_PROC_USER=y
4330CONFIG_GRKERNSEC_PROC_ADD=y
4331CONFIG_GRKERNSEC_LINK=y
4332CONFIG_GRKERNSEC_FIFO=y
4333# CONFIG_GRKERNSEC_ROFS is not set
4334CONFIG_GRKERNSEC_CHROOT=y
4335CONFIG_GRKERNSEC_CHROOT_MOUNT=y
4336CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
4337CONFIG_GRKERNSEC_CHROOT_PIVOT=y
4338CONFIG_GRKERNSEC_CHROOT_CHDIR=y
4339CONFIG_GRKERNSEC_CHROOT_CHMOD=y
4340CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
4341CONFIG_GRKERNSEC_CHROOT_MKNOD=y
4342CONFIG_GRKERNSEC_CHROOT_SHMAT=y
4343CONFIG_GRKERNSEC_CHROOT_UNIX=y
4344CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
4345CONFIG_GRKERNSEC_CHROOT_NICE=y
4346CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
4347CONFIG_GRKERNSEC_CHROOT_CAPS=y
4348
4349#
4350# Kernel Auditing
4351#
4352# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
4353# CONFIG_GRKERNSEC_EXECLOG is not set
4354CONFIG_GRKERNSEC_RESLOG=y
4355# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
4356# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
4357# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
4358CONFIG_GRKERNSEC_SIGNAL=y
4359CONFIG_GRKERNSEC_FORKFAIL=y
4360CONFIG_GRKERNSEC_TIME=y
4361CONFIG_GRKERNSEC_PROC_IPADDR=y
4362# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
4363
4364#
4365# Executable Protections
4366#
4367CONFIG_GRKERNSEC_EXECVE=y
4368# CONFIG_GRKERNSEC_DMESG is not set
4369CONFIG_GRKERNSEC_HARDEN_PTRACE=y
4370# CONFIG_GRKERNSEC_TPE is not set
4371
4372#
4373# Network Protections
4374#
4375CONFIG_GRKERNSEC_RANDNET=y
4376# CONFIG_GRKERNSEC_BLACKHOLE is not set
4377# CONFIG_GRKERNSEC_SOCKET is not set
4378
4379#
4380# Sysctl support
4381#
4382CONFIG_GRKERNSEC_SYSCTL=y
4383CONFIG_GRKERNSEC_SYSCTL_ON=y
4384
4385#
4386# Logging Options
4387#
4388CONFIG_GRKERNSEC_FLOODTIME=10
4389CONFIG_GRKERNSEC_FLOODBURST=4
4390
4391#
4392# PaX
4393#
4394CONFIG_PAX=y
4395
4396#
4397# PaX Control
4398#
4399CONFIG_PAX_SOFTMODE=y
4400# CONFIG_PAX_EI_PAX is not set
4401CONFIG_PAX_PT_PAX_FLAGS=y
4402# CONFIG_PAX_NO_ACL_FLAGS is not set
4403CONFIG_PAX_HAVE_ACL_FLAGS=y
4404# CONFIG_PAX_HOOK_ACL_FLAGS is not set
4405
4406#
4407# Non-executable pages
4408#
4409CONFIG_PAX_NOEXEC=y
4410CONFIG_PAX_PAGEEXEC=y
4411# CONFIG_PAX_SEGMEXEC is not set
4412CONFIG_PAX_EMUTRAMP=y
4413CONFIG_PAX_MPROTECT=y
4414CONFIG_PAX_NOELFRELOCS=y
4415CONFIG_PAX_KERNEXEC=y
4416
4417#
4418# Address Space Layout Randomization
4419#
4420CONFIG_PAX_ASLR=y
4421CONFIG_PAX_RANDUSTACK=y
4422CONFIG_PAX_RANDMMAP=y
4423
4424#
4425# Miscellaneous hardening features
4426#
4427# CONFIG_PAX_MEMORY_SANITIZE is not set
4428# CONFIG_PAX_MEMORY_UDEREF is not set
4429CONFIG_PAX_REFCOUNT=y
4430# CONFIG_PAX_USERCOPY is not set
4431CONFIG_KEYS=y
4432# CONFIG_KEYS_DEBUG_PROC_KEYS is not set
4433CONFIG_SECURITY=y
4434CONFIG_SECURITYFS=y
4435# CONFIG_SECURITY_NETWORK is not set
4436# CONFIG_SECURITY_PATH is not set
4437CONFIG_SECURITY_FILE_CAPABILITIES=y
4438# CONFIG_SECURITY_TOMOYO is not set
4439# CONFIG_IMA is not set
4440CONFIG_XOR_BLOCKS=m
4441CONFIG_ASYNC_CORE=m
4442CONFIG_ASYNC_MEMCPY=m
4443CONFIG_ASYNC_XOR=m
4444CONFIG_ASYNC_PQ=m
4445CONFIG_ASYNC_RAID6_RECOV=m
4446CONFIG_ASYNC_TX_DISABLE_PQ_VAL_DMA=y
4447CONFIG_ASYNC_TX_DISABLE_XOR_VAL_DMA=y
4448CONFIG_CRYPTO=y
4449
4450#
4451# Crypto core or helper
4452#
4453CONFIG_CRYPTO_FIPS=y
4454CONFIG_CRYPTO_ALGAPI=y
4455CONFIG_CRYPTO_ALGAPI2=y
4456CONFIG_CRYPTO_AEAD=m
4457CONFIG_CRYPTO_AEAD2=y
4458CONFIG_CRYPTO_BLKCIPHER=m
4459CONFIG_CRYPTO_BLKCIPHER2=y
4460CONFIG_CRYPTO_HASH=y
4461CONFIG_CRYPTO_HASH2=y
4462CONFIG_CRYPTO_RNG=m
4463CONFIG_CRYPTO_RNG2=y
4464CONFIG_CRYPTO_PCOMP=y
4465CONFIG_CRYPTO_MANAGER=m
4466CONFIG_CRYPTO_MANAGER2=y
4467CONFIG_CRYPTO_GF128MUL=m
4468CONFIG_CRYPTO_NULL=m
4469CONFIG_CRYPTO_WORKQUEUE=y
4470CONFIG_CRYPTO_CRYPTD=m
4471CONFIG_CRYPTO_AUTHENC=m
4472CONFIG_CRYPTO_TEST=m
4473
4474#
4475# Authenticated Encryption with Associated Data
4476#
4477CONFIG_CRYPTO_CCM=m
4478CONFIG_CRYPTO_GCM=m
4479CONFIG_CRYPTO_SEQIV=m
4480
4481#
4482# Block modes
4483#
4484CONFIG_CRYPTO_CBC=m
4485CONFIG_CRYPTO_CTR=m
4486CONFIG_CRYPTO_CTS=m
4487CONFIG_CRYPTO_ECB=m
4488CONFIG_CRYPTO_LRW=m
4489CONFIG_CRYPTO_PCBC=m
4490CONFIG_CRYPTO_XTS=m
4491
4492#
4493# Hash modes
4494#
4495CONFIG_CRYPTO_HMAC=m
4496CONFIG_CRYPTO_XCBC=m
4497CONFIG_CRYPTO_VMAC=m
4498
4499#
4500# Digest
4501#
4502CONFIG_CRYPTO_CRC32C=m
4503CONFIG_CRYPTO_CRC32C_INTEL=m
4504CONFIG_CRYPTO_GHASH=m
4505CONFIG_CRYPTO_MD4=m
4506CONFIG_CRYPTO_MD5=y
4507CONFIG_CRYPTO_MICHAEL_MIC=m
4508CONFIG_CRYPTO_RMD128=m
4509CONFIG_CRYPTO_RMD160=m
4510CONFIG_CRYPTO_RMD256=m
4511CONFIG_CRYPTO_RMD320=m
4512CONFIG_CRYPTO_SHA1=m
4513CONFIG_CRYPTO_SHA256=y
4514CONFIG_CRYPTO_SHA512=m
4515CONFIG_CRYPTO_TGR192=m
4516CONFIG_CRYPTO_WP512=m
4517
4518#
4519# Ciphers
4520#
4521CONFIG_CRYPTO_AES=m
4522CONFIG_CRYPTO_AES_586=m
4523CONFIG_CRYPTO_ANUBIS=m
4524CONFIG_CRYPTO_ARC4=m
4525CONFIG_CRYPTO_BLOWFISH=m
4526CONFIG_CRYPTO_CAMELLIA=m
4527CONFIG_CRYPTO_CAST5=m
4528CONFIG_CRYPTO_CAST6=m
4529CONFIG_CRYPTO_DES=m
4530CONFIG_CRYPTO_FCRYPT=m
4531CONFIG_CRYPTO_KHAZAD=m
4532CONFIG_CRYPTO_SALSA20=m
4533CONFIG_CRYPTO_SALSA20_586=m
4534CONFIG_CRYPTO_SEED=m
4535CONFIG_CRYPTO_SERPENT=m
4536CONFIG_CRYPTO_TEA=m
4537CONFIG_CRYPTO_TWOFISH=m
4538CONFIG_CRYPTO_TWOFISH_COMMON=m
4539CONFIG_CRYPTO_TWOFISH_586=m
4540
4541#
4542# Compression
4543#
4544CONFIG_CRYPTO_DEFLATE=m
4545CONFIG_CRYPTO_ZLIB=m
4546CONFIG_CRYPTO_LZO=m
4547
4548#
4549# Random Number Generation
4550#
4551CONFIG_CRYPTO_ANSI_CPRNG=m
4552CONFIG_CRYPTO_HW=y
4553CONFIG_CRYPTO_DEV_PADLOCK=m
4554CONFIG_CRYPTO_DEV_PADLOCK_AES=m
4555CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
4556CONFIG_CRYPTO_DEV_GEODE=m
4557CONFIG_CRYPTO_DEV_HIFN_795X=m
4558CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y
4559CONFIG_HAVE_KVM=y
4560CONFIG_HAVE_KVM_IRQCHIP=y
4561CONFIG_HAVE_KVM_EVENTFD=y
4562CONFIG_KVM_APIC_ARCHITECTURE=y
4563CONFIG_VIRTUALIZATION=y
4564CONFIG_KVM=m
4565CONFIG_KVM_INTEL=m
4566CONFIG_KVM_AMD=m
4567CONFIG_LGUEST=m
4568CONFIG_VIRTIO=y
4569CONFIG_VIRTIO_RING=y
4570CONFIG_VIRTIO_PCI=m
4571CONFIG_VIRTIO_BALLOON=m
4572CONFIG_BINARY_PRINTF=y
4573
4574#
4575# Library routines
4576#
4577CONFIG_BITREVERSE=m
4578CONFIG_GENERIC_FIND_FIRST_BIT=y
4579CONFIG_GENERIC_FIND_NEXT_BIT=y
4580CONFIG_GENERIC_FIND_LAST_BIT=y
4581CONFIG_CRC_CCITT=m
4582CONFIG_CRC16=m
4583CONFIG_CRC_T10DIF=m
4584CONFIG_CRC_ITU_T=m
4585CONFIG_CRC32=m
4586CONFIG_CRC7=m
4587CONFIG_LIBCRC32C=m
4588CONFIG_ZLIB_INFLATE=y
4589CONFIG_ZLIB_DEFLATE=m
4590CONFIG_LZO_COMPRESS=m
4591CONFIG_LZO_DECOMPRESS=m
4592CONFIG_DECOMPRESS_GZIP=y
4593CONFIG_DECOMPRESS_BZIP2=y
4594CONFIG_DECOMPRESS_LZMA=y
4595CONFIG_GENERIC_ALLOCATOR=y
4596CONFIG_REED_SOLOMON=m
4597CONFIG_REED_SOLOMON_DEC16=y
4598CONFIG_TEXTSEARCH=y
4599CONFIG_TEXTSEARCH_KMP=m
4600CONFIG_TEXTSEARCH_BM=m
4601CONFIG_TEXTSEARCH_FSM=m
4602CONFIG_HAS_IOMEM=y
4603CONFIG_HAS_IOPORT=y
4604CONFIG_HAS_DMA=y
4605CONFIG_CHECK_SIGNATURE=y
4606CONFIG_NLATTR=y
© 2015 Mike Crute