aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2010-09-21 08:05:47 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2010-09-23 07:33:08 +0000
commit7c8d35f2905e71cf4ba9a32d114e977f6cd5cb8e (patch)
tree27c69f4124334359fc97c358bc0ca80b54940e3b
parentdc3b31374eb4d07c868009154c9eb55e6d4c3869 (diff)
downloadalpine_aports-7c8d35f2905e71cf4ba9a32d114e977f6cd5cb8e.tar.bz2
alpine_aports-7c8d35f2905e71cf4ba9a32d114e977f6cd5cb8e.tar.xz
alpine_aports-7c8d35f2905e71cf4ba9a32d114e977f6cd5cb8e.zip
main/linux-grsec: upgrade to grsecurity-2.2.0-2.6.32.21-201009201707
(cherry picked from commit 57badfc9c28f37a6d7c99a0627e93151509c800e)
Diffstat
-rw-r--r--main/linux-grsec/APKBUILD6
-rw-r--r--main/linux-grsec/grsecurity-2.2.0-2.6.32.21-201009201707.patch (renamed from main/linux-grsec/grsecurity-2.2.0-2.6.32.21-201009162222.patch)1294
2 files changed, 963 insertions, 337 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index fa82881362..ece603c862 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
4pkgname=linux-${_flavor} 4pkgname=linux-${_flavor}
5pkgver=2.6.32.21 5pkgver=2.6.32.21
6_kernver=2.6.32 6_kernver=2.6.32
7pkgrel=5 7pkgrel=6
8pkgdesc="Linux kernel with grsecurity" 8pkgdesc="Linux kernel with grsecurity"
9url=http://grsecurity.net 9url=http://grsecurity.net
10depends="mkinitfs linux-firmware" 10depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}}
14install= 14install=
15source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 15source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
16 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 16 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
17 grsecurity-2.2.0-2.6.32.21-201009162222.patch 17 grsecurity-2.2.0-2.6.32.21-201009201707.patch
18 0001-grsec-revert-conflicting-flow-cache-changes.patch 18 0001-grsec-revert-conflicting-flow-cache-changes.patch
19 0002-gre-fix-hard-header-destination-address-checking.patch 19 0002-gre-fix-hard-header-destination-address-checking.patch
20 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch 20 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
@@ -151,7 +151,7 @@ firmware() {
151 151
152md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2 152md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2
15329aa10a231882a6e52908642b572326f patch-2.6.32.21.bz2 15329aa10a231882a6e52908642b572326f patch-2.6.32.21.bz2
154b5d2449d17fb6a4d0433264b6a4de5f7 grsecurity-2.2.0-2.6.32.21-201009162222.patch 154a9512a62a10f22fa6a065dadcd538203 grsecurity-2.2.0-2.6.32.21-201009201707.patch
1551d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch 1551d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch
156437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch 156437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch
157151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch 157151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
diff --git a/main/linux-grsec/grsecurity-2.2.0-2.6.32.21-201009162222.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.21-201009201707.patch
index 4ed5e67282..6b08644fe9 100644
--- a/main/linux-grsec/grsecurity-2.2.0-2.6.32.21-201009162222.patch
+++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.21-201009201707.patch
@@ -50,7 +50,16 @@ diff -urNp linux-2.6.32.21/arch/alpha/kernel/module.c linux-2.6.32.21/arch/alpha
50 for (i = 0; i < n; i++) { 50 for (i = 0; i < n; i++) {
51diff -urNp linux-2.6.32.21/arch/alpha/kernel/osf_sys.c linux-2.6.32.21/arch/alpha/kernel/osf_sys.c 51diff -urNp linux-2.6.32.21/arch/alpha/kernel/osf_sys.c linux-2.6.32.21/arch/alpha/kernel/osf_sys.c
52--- linux-2.6.32.21/arch/alpha/kernel/osf_sys.c 2010-08-13 16:24:37.000000000 -0400 52--- linux-2.6.32.21/arch/alpha/kernel/osf_sys.c 2010-08-13 16:24:37.000000000 -0400
53+++ linux-2.6.32.21/arch/alpha/kernel/osf_sys.c 2010-09-04 15:54:51.000000000 -0400 53+++ linux-2.6.32.21/arch/alpha/kernel/osf_sys.c 2010-09-17 18:34:04.000000000 -0400
54@@ -1169,7 +1169,7 @@ arch_get_unmapped_area_1(unsigned long a
55 /* At this point: (!vma || addr < vma->vm_end). */
56 if (limit - len < addr)
57 return -ENOMEM;
58- if (!vma || addr + len <= vma->vm_start)
59+ if (check_heap_stack_gap(vma, addr, len))
60 return addr;
61 addr = vma->vm_end;
62 vma = vma->vm_next;
54@@ -1205,6 +1205,10 @@ arch_get_unmapped_area(struct file *filp 63@@ -1205,6 +1205,10 @@ arch_get_unmapped_area(struct file *filp
55 merely specific addresses, but regions of memory -- perhaps 64 merely specific addresses, but regions of memory -- perhaps
56 this feature should be incorporated into all ports? */ 65 this feature should be incorporated into all ports? */
@@ -446,7 +455,7 @@ diff -urNp linux-2.6.32.21/arch/arm/mm/fault.c linux-2.6.32.21/arch/arm/mm/fault
446 * 455 *
447diff -urNp linux-2.6.32.21/arch/arm/mm/mmap.c linux-2.6.32.21/arch/arm/mm/mmap.c 456diff -urNp linux-2.6.32.21/arch/arm/mm/mmap.c linux-2.6.32.21/arch/arm/mm/mmap.c
448--- linux-2.6.32.21/arch/arm/mm/mmap.c 2010-08-13 16:24:37.000000000 -0400 457--- linux-2.6.32.21/arch/arm/mm/mmap.c 2010-08-13 16:24:37.000000000 -0400
449+++ linux-2.6.32.21/arch/arm/mm/mmap.c 2010-09-04 15:54:51.000000000 -0400 458+++ linux-2.6.32.21/arch/arm/mm/mmap.c 2010-09-17 18:34:04.000000000 -0400
450@@ -63,6 +63,10 @@ arch_get_unmapped_area(struct file *filp 459@@ -63,6 +63,10 @@ arch_get_unmapped_area(struct file *filp
451 if (len > TASK_SIZE) 460 if (len > TASK_SIZE)
452 return -ENOMEM; 461 return -ENOMEM;
@@ -458,7 +467,13 @@ diff -urNp linux-2.6.32.21/arch/arm/mm/mmap.c linux-2.6.32.21/arch/arm/mm/mmap.c
458 if (addr) { 467 if (addr) {
459 if (do_align) 468 if (do_align)
460 addr = COLOUR_ALIGN(addr, pgoff); 469 addr = COLOUR_ALIGN(addr, pgoff);
461@@ -75,10 +79,10 @@ arch_get_unmapped_area(struct file *filp 470@@ -70,15 +74,14 @@ arch_get_unmapped_area(struct file *filp
471 addr = PAGE_ALIGN(addr);
472
473 vma = find_vma(mm, addr);
474- if (TASK_SIZE - len >= addr &&
475- (!vma || addr + len <= vma->vm_start))
476+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len))
462 return addr; 477 return addr;
463 } 478 }
464 if (len > mm->cached_hole_size) { 479 if (len > mm->cached_hole_size) {
@@ -472,7 +487,7 @@ diff -urNp linux-2.6.32.21/arch/arm/mm/mmap.c linux-2.6.32.21/arch/arm/mm/mmap.c
472 } 487 }
473 488
474 full_search: 489 full_search:
475@@ -94,8 +98,8 @@ full_search: 490@@ -94,14 +97,14 @@ full_search:
476 * Start a new search - just in case we missed 491 * Start a new search - just in case we missed
477 * some holes. 492 * some holes.
478 */ 493 */
@@ -483,6 +498,13 @@ diff -urNp linux-2.6.32.21/arch/arm/mm/mmap.c linux-2.6.32.21/arch/arm/mm/mmap.c
483 mm->cached_hole_size = 0; 498 mm->cached_hole_size = 0;
484 goto full_search; 499 goto full_search;
485 } 500 }
501 return -ENOMEM;
502 }
503- if (!vma || addr + len <= vma->vm_start) {
504+ if (check_heap_stack_gap(vma, addr, len)) {
505 /*
506 * Remember the place where we stopped the search:
507 */
486diff -urNp linux-2.6.32.21/arch/arm/plat-s3c/pm.c linux-2.6.32.21/arch/arm/plat-s3c/pm.c 508diff -urNp linux-2.6.32.21/arch/arm/plat-s3c/pm.c linux-2.6.32.21/arch/arm/plat-s3c/pm.c
487--- linux-2.6.32.21/arch/arm/plat-s3c/pm.c 2010-08-13 16:24:37.000000000 -0400 509--- linux-2.6.32.21/arch/arm/plat-s3c/pm.c 2010-08-13 16:24:37.000000000 -0400
488+++ linux-2.6.32.21/arch/arm/plat-s3c/pm.c 2010-09-04 15:54:51.000000000 -0400 510+++ linux-2.6.32.21/arch/arm/plat-s3c/pm.c 2010-09-04 15:54:51.000000000 -0400
@@ -618,6 +640,37 @@ diff -urNp linux-2.6.32.21/arch/frv/include/asm/kmap_types.h linux-2.6.32.21/arc
618 KM_TYPE_NR 640 KM_TYPE_NR
619 }; 641 };
620 642
643diff -urNp linux-2.6.32.21/arch/frv/mm/elf-fdpic.c linux-2.6.32.21/arch/frv/mm/elf-fdpic.c
644--- linux-2.6.32.21/arch/frv/mm/elf-fdpic.c 2010-08-13 16:24:37.000000000 -0400
645+++ linux-2.6.32.21/arch/frv/mm/elf-fdpic.c 2010-09-17 18:34:04.000000000 -0400
646@@ -73,8 +73,7 @@ unsigned long arch_get_unmapped_area(str
647 if (addr) {
648 addr = PAGE_ALIGN(addr);
649 vma = find_vma(current->mm, addr);
650- if (TASK_SIZE - len >= addr &&
651- (!vma || addr + len <= vma->vm_start))
652+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len))
653 goto success;
654 }
655
656@@ -89,7 +88,7 @@ unsigned long arch_get_unmapped_area(str
657 for (; vma; vma = vma->vm_next) {
658 if (addr > limit)
659 break;
660- if (addr + len <= vma->vm_start)
661+ if (check_heap_stack_gap(vma, addr, len))
662 goto success;
663 addr = vma->vm_end;
664 }
665@@ -104,7 +103,7 @@ unsigned long arch_get_unmapped_area(str
666 for (; vma; vma = vma->vm_next) {
667 if (addr > limit)
668 break;
669- if (addr + len <= vma->vm_start)
670+ if (check_heap_stack_gap(vma, addr, len))
671 goto success;
672 addr = vma->vm_end;
673 }
621diff -urNp linux-2.6.32.21/arch/ia64/hp/common/hwsw_iommu.c linux-2.6.32.21/arch/ia64/hp/common/hwsw_iommu.c 674diff -urNp linux-2.6.32.21/arch/ia64/hp/common/hwsw_iommu.c linux-2.6.32.21/arch/ia64/hp/common/hwsw_iommu.c
622--- linux-2.6.32.21/arch/ia64/hp/common/hwsw_iommu.c 2010-08-13 16:24:37.000000000 -0400 675--- linux-2.6.32.21/arch/ia64/hp/common/hwsw_iommu.c 2010-08-13 16:24:37.000000000 -0400
623+++ linux-2.6.32.21/arch/ia64/hp/common/hwsw_iommu.c 2010-09-04 15:54:51.000000000 -0400 676+++ linux-2.6.32.21/arch/ia64/hp/common/hwsw_iommu.c 2010-09-04 15:54:51.000000000 -0400
@@ -1023,7 +1076,7 @@ diff -urNp linux-2.6.32.21/arch/ia64/kernel/pci-swiotlb.c linux-2.6.32.21/arch/i
1023 .map_page = swiotlb_map_page, 1076 .map_page = swiotlb_map_page,
1024diff -urNp linux-2.6.32.21/arch/ia64/kernel/sys_ia64.c linux-2.6.32.21/arch/ia64/kernel/sys_ia64.c 1077diff -urNp linux-2.6.32.21/arch/ia64/kernel/sys_ia64.c linux-2.6.32.21/arch/ia64/kernel/sys_ia64.c
1025--- linux-2.6.32.21/arch/ia64/kernel/sys_ia64.c 2010-08-13 16:24:37.000000000 -0400 1078--- linux-2.6.32.21/arch/ia64/kernel/sys_ia64.c 2010-08-13 16:24:37.000000000 -0400
1026+++ linux-2.6.32.21/arch/ia64/kernel/sys_ia64.c 2010-09-04 15:54:51.000000000 -0400 1079+++ linux-2.6.32.21/arch/ia64/kernel/sys_ia64.c 2010-09-17 18:34:04.000000000 -0400
1027@@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil 1080@@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil
1028 if (REGION_NUMBER(addr) == RGN_HPAGE) 1081 if (REGION_NUMBER(addr) == RGN_HPAGE)
1029 addr = 0; 1082 addr = 0;
@@ -1038,7 +1091,7 @@ diff -urNp linux-2.6.32.21/arch/ia64/kernel/sys_ia64.c linux-2.6.32.21/arch/ia64
1038 if (!addr) 1091 if (!addr)
1039 addr = mm->free_area_cache; 1092 addr = mm->free_area_cache;
1040 1093
1041@@ -61,9 +68,9 @@ arch_get_unmapped_area (struct file *fil 1094@@ -61,14 +68,14 @@ arch_get_unmapped_area (struct file *fil
1042 for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { 1095 for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
1043 /* At this point: (!vma || addr < vma->vm_end). */ 1096 /* At this point: (!vma || addr < vma->vm_end). */
1044 if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) { 1097 if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) {
@@ -1050,6 +1103,12 @@ diff -urNp linux-2.6.32.21/arch/ia64/kernel/sys_ia64.c linux-2.6.32.21/arch/ia64
1050 goto full_search; 1103 goto full_search;
1051 } 1104 }
1052 return -ENOMEM; 1105 return -ENOMEM;
1106 }
1107- if (!vma || addr + len <= vma->vm_start) {
1108+ if (check_heap_stack_gap(vma, addr, len)) {
1109 /* Remember the address where we stopped this search: */
1110 mm->free_area_cache = addr + len;
1111 return addr;
1053diff -urNp linux-2.6.32.21/arch/ia64/kernel/topology.c linux-2.6.32.21/arch/ia64/kernel/topology.c 1112diff -urNp linux-2.6.32.21/arch/ia64/kernel/topology.c linux-2.6.32.21/arch/ia64/kernel/topology.c
1054--- linux-2.6.32.21/arch/ia64/kernel/topology.c 2010-08-13 16:24:37.000000000 -0400 1113--- linux-2.6.32.21/arch/ia64/kernel/topology.c 2010-08-13 16:24:37.000000000 -0400
1055+++ linux-2.6.32.21/arch/ia64/kernel/topology.c 2010-09-04 15:54:51.000000000 -0400 1114+++ linux-2.6.32.21/arch/ia64/kernel/topology.c 2010-09-04 15:54:51.000000000 -0400
@@ -1126,6 +1185,18 @@ diff -urNp linux-2.6.32.21/arch/ia64/mm/fault.c linux-2.6.32.21/arch/ia64/mm/fau
1126 survive: 1185 survive:
1127 /* 1186 /*
1128 * If for any reason at all we couldn't handle the fault, make 1187 * If for any reason at all we couldn't handle the fault, make
1188diff -urNp linux-2.6.32.21/arch/ia64/mm/hugetlbpage.c linux-2.6.32.21/arch/ia64/mm/hugetlbpage.c
1189--- linux-2.6.32.21/arch/ia64/mm/hugetlbpage.c 2010-08-13 16:24:37.000000000 -0400
1190+++ linux-2.6.32.21/arch/ia64/mm/hugetlbpage.c 2010-09-17 18:34:04.000000000 -0400
1191@@ -172,7 +172,7 @@ unsigned long hugetlb_get_unmapped_area(
1192 /* At this point: (!vmm || addr < vmm->vm_end). */
1193 if (REGION_OFFSET(addr) + len > RGN_MAP_LIMIT)
1194 return -ENOMEM;
1195- if (!vmm || (addr + len) <= vmm->vm_start)
1196+ if (check_heap_stack_gap(vmm, addr, len))
1197 return addr;
1198 addr = ALIGN(vmm->vm_end, HPAGE_SIZE);
1199 }
1129diff -urNp linux-2.6.32.21/arch/ia64/mm/init.c linux-2.6.32.21/arch/ia64/mm/init.c 1200diff -urNp linux-2.6.32.21/arch/ia64/mm/init.c linux-2.6.32.21/arch/ia64/mm/init.c
1130--- linux-2.6.32.21/arch/ia64/mm/init.c 2010-08-13 16:24:37.000000000 -0400 1201--- linux-2.6.32.21/arch/ia64/mm/init.c 2010-08-13 16:24:37.000000000 -0400
1131+++ linux-2.6.32.21/arch/ia64/mm/init.c 2010-09-04 15:54:51.000000000 -0400 1202+++ linux-2.6.32.21/arch/ia64/mm/init.c 2010-09-04 15:54:51.000000000 -0400
@@ -1312,8 +1383,8 @@ diff -urNp linux-2.6.32.21/arch/mips/kernel/process.c linux-2.6.32.21/arch/mips/
1312-} 1383-}
1313diff -urNp linux-2.6.32.21/arch/mips/kernel/syscall.c linux-2.6.32.21/arch/mips/kernel/syscall.c 1384diff -urNp linux-2.6.32.21/arch/mips/kernel/syscall.c linux-2.6.32.21/arch/mips/kernel/syscall.c
1314--- linux-2.6.32.21/arch/mips/kernel/syscall.c 2010-08-13 16:24:37.000000000 -0400 1385--- linux-2.6.32.21/arch/mips/kernel/syscall.c 2010-08-13 16:24:37.000000000 -0400
1315+++ linux-2.6.32.21/arch/mips/kernel/syscall.c 2010-09-04 15:54:51.000000000 -0400 1386+++ linux-2.6.32.21/arch/mips/kernel/syscall.c 2010-09-17 18:34:04.000000000 -0400
1316@@ -102,6 +102,11 @@ unsigned long arch_get_unmapped_area(str 1387@@ -102,17 +102,21 @@ unsigned long arch_get_unmapped_area(str
1317 do_color_align = 0; 1388 do_color_align = 0;
1318 if (filp || (flags & MAP_SHARED)) 1389 if (filp || (flags & MAP_SHARED))
1319 do_color_align = 1; 1390 do_color_align = 1;
@@ -1325,8 +1396,12 @@ diff -urNp linux-2.6.32.21/arch/mips/kernel/syscall.c linux-2.6.32.21/arch/mips/
1325 if (addr) { 1396 if (addr) {
1326 if (do_color_align) 1397 if (do_color_align)
1327 addr = COLOUR_ALIGN(addr, pgoff); 1398 addr = COLOUR_ALIGN(addr, pgoff);
1328@@ -112,7 +117,7 @@ unsigned long arch_get_unmapped_area(str 1399 else
1329 (!vmm || addr + len <= vmm->vm_start)) 1400 addr = PAGE_ALIGN(addr);
1401 vmm = find_vma(current->mm, addr);
1402- if (task_size - len >= addr &&
1403- (!vmm || addr + len <= vmm->vm_start))
1404+ if (task_size - len >= addr && check_heap_stack_gap(vmm, addr, len))
1330 return addr; 1405 return addr;
1331 } 1406 }
1332- addr = TASK_UNMAPPED_BASE; 1407- addr = TASK_UNMAPPED_BASE;
@@ -1334,6 +1409,15 @@ diff -urNp linux-2.6.32.21/arch/mips/kernel/syscall.c linux-2.6.32.21/arch/mips/
1334 if (do_color_align) 1409 if (do_color_align)
1335 addr = COLOUR_ALIGN(addr, pgoff); 1410 addr = COLOUR_ALIGN(addr, pgoff);
1336 else 1411 else
1412@@ -122,7 +126,7 @@ unsigned long arch_get_unmapped_area(str
1413 /* At this point: (!vmm || addr < vmm->vm_end). */
1414 if (task_size - len < addr)
1415 return -ENOMEM;
1416- if (!vmm || addr + len <= vmm->vm_start)
1417+ if (check_heap_stack_gap(vmm, addr, len))
1418 return addr;
1419 addr = vmm->vm_end;
1420 if (do_color_align)
1337diff -urNp linux-2.6.32.21/arch/mips/mm/fault.c linux-2.6.32.21/arch/mips/mm/fault.c 1421diff -urNp linux-2.6.32.21/arch/mips/mm/fault.c linux-2.6.32.21/arch/mips/mm/fault.c
1338--- linux-2.6.32.21/arch/mips/mm/fault.c 2010-08-13 16:24:37.000000000 -0400 1422--- linux-2.6.32.21/arch/mips/mm/fault.c 2010-08-13 16:24:37.000000000 -0400
1339+++ linux-2.6.32.21/arch/mips/mm/fault.c 2010-09-04 15:54:51.000000000 -0400 1423+++ linux-2.6.32.21/arch/mips/mm/fault.c 2010-09-04 15:54:51.000000000 -0400
@@ -1516,7 +1600,25 @@ diff -urNp linux-2.6.32.21/arch/parisc/kernel/module.c linux-2.6.32.21/arch/pari
1516 me->arch.unwind_section, table, end, gp); 1600 me->arch.unwind_section, table, end, gp);
1517diff -urNp linux-2.6.32.21/arch/parisc/kernel/sys_parisc.c linux-2.6.32.21/arch/parisc/kernel/sys_parisc.c 1601diff -urNp linux-2.6.32.21/arch/parisc/kernel/sys_parisc.c linux-2.6.32.21/arch/parisc/kernel/sys_parisc.c
1518--- linux-2.6.32.21/arch/parisc/kernel/sys_parisc.c 2010-08-13 16:24:37.000000000 -0400 1602--- linux-2.6.32.21/arch/parisc/kernel/sys_parisc.c 2010-08-13 16:24:37.000000000 -0400
1519+++ linux-2.6.32.21/arch/parisc/kernel/sys_parisc.c 2010-09-04 15:54:51.000000000 -0400 1603+++ linux-2.6.32.21/arch/parisc/kernel/sys_parisc.c 2010-09-17 18:34:04.000000000 -0400
1604@@ -43,7 +43,7 @@ static unsigned long get_unshared_area(u
1605 /* At this point: (!vma || addr < vma->vm_end). */
1606 if (TASK_SIZE - len < addr)
1607 return -ENOMEM;
1608- if (!vma || addr + len <= vma->vm_start)
1609+ if (check_heap_stack_gap(vma, addr, len))
1610 return addr;
1611 addr = vma->vm_end;
1612 }
1613@@ -79,7 +79,7 @@ static unsigned long get_shared_area(str
1614 /* At this point: (!vma || addr < vma->vm_end). */
1615 if (TASK_SIZE - len < addr)
1616 return -ENOMEM;
1617- if (!vma || addr + len <= vma->vm_start)
1618+ if (check_heap_stack_gap(vma, addr, len))
1619 return addr;
1620 addr = DCACHE_ALIGN(vma->vm_end - offset) + offset;
1621 if (addr < vma->vm_end) /* handle wraparound */
1520@@ -98,7 +98,7 @@ unsigned long arch_get_unmapped_area(str 1622@@ -98,7 +98,7 @@ unsigned long arch_get_unmapped_area(str
1521 if (flags & MAP_FIXED) 1623 if (flags & MAP_FIXED)
1522 return addr; 1624 return addr;
@@ -2671,8 +2773,38 @@ diff -urNp linux-2.6.32.21/arch/powerpc/mm/mmap_64.c linux-2.6.32.21/arch/powerp
2671 } 2773 }
2672diff -urNp linux-2.6.32.21/arch/powerpc/mm/slice.c linux-2.6.32.21/arch/powerpc/mm/slice.c 2774diff -urNp linux-2.6.32.21/arch/powerpc/mm/slice.c linux-2.6.32.21/arch/powerpc/mm/slice.c
2673--- linux-2.6.32.21/arch/powerpc/mm/slice.c 2010-08-13 16:24:37.000000000 -0400 2775--- linux-2.6.32.21/arch/powerpc/mm/slice.c 2010-08-13 16:24:37.000000000 -0400
2674+++ linux-2.6.32.21/arch/powerpc/mm/slice.c 2010-09-04 15:54:51.000000000 -0400 2776+++ linux-2.6.32.21/arch/powerpc/mm/slice.c 2010-09-17 18:34:04.000000000 -0400
2675@@ -426,6 +426,11 @@ unsigned long slice_get_unmapped_area(un 2777@@ -98,10 +98,9 @@ static int slice_area_is_free(struct mm_
2778 if ((mm->task_size - len) < addr)
2779 return 0;
2780 vma = find_vma(mm, addr);
2781- return (!vma || (addr + len) <= vma->vm_start);
2782+ return check_heap_stack_gap(vma, addr, len);
2783 }
2784
2785-static int slice_low_has_vma(struct mm_struct *mm, unsigned long slice)
2786 {
2787 return !slice_area_is_free(mm, slice << SLICE_LOW_SHIFT,
2788 1ul << SLICE_LOW_SHIFT);
2789@@ -256,7 +255,7 @@ full_search:
2790 addr = _ALIGN_UP(addr + 1, 1ul << SLICE_HIGH_SHIFT);
2791 continue;
2792 }
2793- if (!vma || addr + len <= vma->vm_start) {
2794+ if (check_heap_stack_gap(vma, addr, len)) {
2795 /*
2796 * Remember the place where we stopped the search:
2797 */
2798@@ -336,7 +335,7 @@ static unsigned long slice_find_area_top
2799 * return with success:
2800 */
2801 vma = find_vma(mm, addr);
2802- if (!vma || (addr + len) <= vma->vm_start) {
2803+ if (check_heap_stack_gap(vma, addr, len)) {
2804 /* remember the address as a hint for next time */
2805 if (use_cache)
2806 mm->free_area_cache = addr;
2807@@ -426,6 +425,11 @@ unsigned long slice_get_unmapped_area(un
2676 if (fixed && addr > (mm->task_size - len)) 2808 if (fixed && addr > (mm->task_size - len))
2677 return -EINVAL; 2809 return -EINVAL;
2678 2810
@@ -3115,6 +3247,56 @@ diff -urNp linux-2.6.32.21/arch/sh/kernel/kgdb.c linux-2.6.32.21/arch/sh/kernel/
3115 /* Breakpoint instruction: trapa #0x3c */ 3247 /* Breakpoint instruction: trapa #0x3c */
3116 #ifdef CONFIG_CPU_LITTLE_ENDIAN 3248 #ifdef CONFIG_CPU_LITTLE_ENDIAN
3117 .gdb_bpt_instr = { 0x3c, 0xc3 }, 3249 .gdb_bpt_instr = { 0x3c, 0xc3 },
3250diff -urNp linux-2.6.32.21/arch/sh/mm/mmap.c linux-2.6.32.21/arch/sh/mm/mmap.c
3251--- linux-2.6.32.21/arch/sh/mm/mmap.c 2010-08-13 16:24:37.000000000 -0400
3252+++ linux-2.6.32.21/arch/sh/mm/mmap.c 2010-09-17 18:34:04.000000000 -0400
3253@@ -74,8 +74,7 @@ unsigned long arch_get_unmapped_area(str
3254 addr = PAGE_ALIGN(addr);
3255
3256 vma = find_vma(mm, addr);
3257- if (TASK_SIZE - len >= addr &&
3258- (!vma || addr + len <= vma->vm_start))
3259+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len))
3260 return addr;
3261 }
3262
3263@@ -106,7 +105,7 @@ full_search:
3264 }
3265 return -ENOMEM;
3266 }
3267- if (likely(!vma || addr + len <= vma->vm_start)) {
3268+ if (likely(check_heap_stack_gap(vma, addr, len))) {
3269 /*
3270 * Remember the place where we stopped the search:
3271 */
3272@@ -157,8 +156,7 @@ arch_get_unmapped_area_topdown(struct fi
3273 addr = PAGE_ALIGN(addr);
3274
3275 vma = find_vma(mm, addr);
3276- if (TASK_SIZE - len >= addr &&
3277- (!vma || addr + len <= vma->vm_start))
3278+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len))
3279 return addr;
3280 }
3281
3282@@ -179,7 +177,7 @@ arch_get_unmapped_area_topdown(struct fi
3283 /* make sure it can fit in the remaining address space */
3284 if (likely(addr > len)) {
3285 vma = find_vma(mm, addr-len);
3286- if (!vma || addr <= vma->vm_start) {
3287+ if (check_heap_stack_gap(vma, addr - len, len)) {
3288 /* remember the address as a hint for next time */
3289 return (mm->free_area_cache = addr-len);
3290 }
3291@@ -199,7 +197,7 @@ arch_get_unmapped_area_topdown(struct fi
3292 * return with success:
3293 */
3294 vma = find_vma(mm, addr);
3295- if (likely(!vma || addr+len <= vma->vm_start)) {
3296+ if (likely(check_heap_stack_gap(vma, addr, len))) {
3297 /* remember the address as a hint for next time */
3298 return (mm->free_area_cache = addr);
3299 }
3118diff -urNp linux-2.6.32.21/arch/sparc/include/asm/atomic_64.h linux-2.6.32.21/arch/sparc/include/asm/atomic_64.h 3300diff -urNp linux-2.6.32.21/arch/sparc/include/asm/atomic_64.h linux-2.6.32.21/arch/sparc/include/asm/atomic_64.h
3119--- linux-2.6.32.21/arch/sparc/include/asm/atomic_64.h 2010-08-29 21:08:20.000000000 -0400 3301--- linux-2.6.32.21/arch/sparc/include/asm/atomic_64.h 2010-08-29 21:08:20.000000000 -0400
3120+++ linux-2.6.32.21/arch/sparc/include/asm/atomic_64.h 2010-09-15 02:34:10.000000000 -0400 3302+++ linux-2.6.32.21/arch/sparc/include/asm/atomic_64.h 2010-09-15 02:34:10.000000000 -0400
@@ -3669,7 +3851,7 @@ diff -urNp linux-2.6.32.21/arch/sparc/kernel/pci_sun4v.c linux-2.6.32.21/arch/sp
3669 .map_page = dma_4v_map_page, 3851 .map_page = dma_4v_map_page,
3670diff -urNp linux-2.6.32.21/arch/sparc/kernel/sys_sparc_32.c linux-2.6.32.21/arch/sparc/kernel/sys_sparc_32.c 3852diff -urNp linux-2.6.32.21/arch/sparc/kernel/sys_sparc_32.c linux-2.6.32.21/arch/sparc/kernel/sys_sparc_32.c
3671--- linux-2.6.32.21/arch/sparc/kernel/sys_sparc_32.c 2010-08-13 16:24:37.000000000 -0400 3853--- linux-2.6.32.21/arch/sparc/kernel/sys_sparc_32.c 2010-08-13 16:24:37.000000000 -0400
3672+++ linux-2.6.32.21/arch/sparc/kernel/sys_sparc_32.c 2010-09-04 15:54:51.000000000 -0400 3854+++ linux-2.6.32.21/arch/sparc/kernel/sys_sparc_32.c 2010-09-17 18:34:04.000000000 -0400
3673@@ -57,7 +57,7 @@ unsigned long arch_get_unmapped_area(str 3855@@ -57,7 +57,7 @@ unsigned long arch_get_unmapped_area(str
3674 if (ARCH_SUN4C && len > 0x20000000) 3856 if (ARCH_SUN4C && len > 0x20000000)
3675 return -ENOMEM; 3857 return -ENOMEM;
@@ -3679,9 +3861,18 @@ diff -urNp linux-2.6.32.21/arch/sparc/kernel/sys_sparc_32.c linux-2.6.32.21/arch
3679 3861
3680 if (flags & MAP_SHARED) 3862 if (flags & MAP_SHARED)
3681 addr = COLOUR_ALIGN(addr); 3863 addr = COLOUR_ALIGN(addr);
3864@@ -72,7 +72,7 @@ unsigned long arch_get_unmapped_area(str
3865 }
3866 if (TASK_SIZE - PAGE_SIZE - len < addr)
3867 return -ENOMEM;
3868- if (!vmm || addr + len <= vmm->vm_start)
3869+ if (check_heap_stack_gap(vmm, addr, len))
3870 return addr;
3871 addr = vmm->vm_end;
3872 if (flags & MAP_SHARED)
3682diff -urNp linux-2.6.32.21/arch/sparc/kernel/sys_sparc_64.c linux-2.6.32.21/arch/sparc/kernel/sys_sparc_64.c 3873diff -urNp linux-2.6.32.21/arch/sparc/kernel/sys_sparc_64.c linux-2.6.32.21/arch/sparc/kernel/sys_sparc_64.c
3683--- linux-2.6.32.21/arch/sparc/kernel/sys_sparc_64.c 2010-08-13 16:24:37.000000000 -0400 3874--- linux-2.6.32.21/arch/sparc/kernel/sys_sparc_64.c 2010-08-13 16:24:37.000000000 -0400
3684+++ linux-2.6.32.21/arch/sparc/kernel/sys_sparc_64.c 2010-09-04 15:54:51.000000000 -0400 3875+++ linux-2.6.32.21/arch/sparc/kernel/sys_sparc_64.c 2010-09-17 18:34:04.000000000 -0400
3685@@ -125,7 +125,7 @@ unsigned long arch_get_unmapped_area(str 3876@@ -125,7 +125,7 @@ unsigned long arch_get_unmapped_area(str
3686 /* We do not accept a shared mapping if it would violate 3877 /* We do not accept a shared mapping if it would violate
3687 * cache aliasing constraints. 3878 * cache aliasing constraints.
@@ -3702,7 +3893,14 @@ diff -urNp linux-2.6.32.21/arch/sparc/kernel/sys_sparc_64.c linux-2.6.32.21/arch
3702 if (addr) { 3893 if (addr) {
3703 if (do_color_align) 3894 if (do_color_align)
3704 addr = COLOUR_ALIGN(addr, pgoff); 3895 addr = COLOUR_ALIGN(addr, pgoff);
3705@@ -153,9 +157,9 @@ unsigned long arch_get_unmapped_area(str 3896@@ -147,15 +151,14 @@ unsigned long arch_get_unmapped_area(str
3897 addr = PAGE_ALIGN(addr);
3898
3899 vma = find_vma(mm, addr);
3900- if (task_size - len >= addr &&
3901- (!vma || addr + len <= vma->vm_start))
3902+ if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len))
3903 return addr;
3706 } 3904 }
3707 3905
3708 if (len > mm->cached_hole_size) { 3906 if (len > mm->cached_hole_size) {
@@ -3714,7 +3912,7 @@ diff -urNp linux-2.6.32.21/arch/sparc/kernel/sys_sparc_64.c linux-2.6.32.21/arch
3714 mm->cached_hole_size = 0; 3912 mm->cached_hole_size = 0;
3715 } 3913 }
3716 3914
3717@@ -175,8 +179,8 @@ full_search: 3915@@ -175,14 +178,14 @@ full_search:
3718 vma = find_vma(mm, VA_EXCLUDE_END); 3916 vma = find_vma(mm, VA_EXCLUDE_END);
3719 } 3917 }
3720 if (unlikely(task_size < addr)) { 3918 if (unlikely(task_size < addr)) {
@@ -3725,7 +3923,14 @@ diff -urNp linux-2.6.32.21/arch/sparc/kernel/sys_sparc_64.c linux-2.6.32.21/arch
3725 mm->cached_hole_size = 0; 3923 mm->cached_hole_size = 0;
3726 goto full_search; 3924 goto full_search;
3727 } 3925 }
3728@@ -216,7 +220,7 @@ arch_get_unmapped_area_topdown(struct fi 3926 return -ENOMEM;
3927 }
3928- if (likely(!vma || addr + len <= vma->vm_start)) {
3929+ if (likely(check_heap_stack_gap(vma, addr, len))) {
3930 /*
3931 * Remember the place where we stopped the search:
3932 */
3933@@ -216,7 +219,7 @@ arch_get_unmapped_area_topdown(struct fi
3729 /* We do not accept a shared mapping if it would violate 3934 /* We do not accept a shared mapping if it would violate
3730 * cache aliasing constraints. 3935 * cache aliasing constraints.
3731 */ 3936 */
@@ -3734,7 +3939,35 @@ diff -urNp linux-2.6.32.21/arch/sparc/kernel/sys_sparc_64.c linux-2.6.32.21/arch
3734 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1))) 3939 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
3735 return -EINVAL; 3940 return -EINVAL;
3736 return addr; 3941 return addr;
3737@@ -384,6 +388,12 @@ void arch_pick_mmap_layout(struct mm_str 3942@@ -237,8 +240,7 @@ arch_get_unmapped_area_topdown(struct fi
3943 addr = PAGE_ALIGN(addr);
3944
3945 vma = find_vma(mm, addr);
3946- if (task_size - len >= addr &&
3947- (!vma || addr + len <= vma->vm_start))
3948+ if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len))
3949 return addr;
3950 }
3951
3952@@ -259,7 +261,7 @@ arch_get_unmapped_area_topdown(struct fi
3953 /* make sure it can fit in the remaining address space */
3954 if (likely(addr > len)) {
3955 vma = find_vma(mm, addr-len);
3956- if (!vma || addr <= vma->vm_start) {
3957+ if (check_heap_stack_gap(vma, addr - len, len)) {
3958 /* remember the address as a hint for next time */
3959 return (mm->free_area_cache = addr-len);
3960 }
3961@@ -279,7 +281,7 @@ arch_get_unmapped_area_topdown(struct fi
3962 * return with success:
3963 */
3964 vma = find_vma(mm, addr);
3965- if (likely(!vma || addr+len <= vma->vm_start)) {
3966+ if (likely(check_heap_stack_gap(vma, addr, len))) {
3967 /* remember the address as a hint for next time */
3968 return (mm->free_area_cache = addr);
3969 }
3970@@ -384,6 +386,12 @@ void arch_pick_mmap_layout(struct mm_str
3738 current->signal->rlim[RLIMIT_STACK].rlim_cur == RLIM_INFINITY || 3971 current->signal->rlim[RLIMIT_STACK].rlim_cur == RLIM_INFINITY ||
3739 sysctl_legacy_va_layout) { 3972 sysctl_legacy_va_layout) {
3740 mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; 3973 mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
@@ -3747,7 +3980,7 @@ diff -urNp linux-2.6.32.21/arch/sparc/kernel/sys_sparc_64.c linux-2.6.32.21/arch
3747 mm->get_unmapped_area = arch_get_unmapped_area; 3980 mm->get_unmapped_area = arch_get_unmapped_area;
3748 mm->unmap_area = arch_unmap_area; 3981 mm->unmap_area = arch_unmap_area;
3749 } else { 3982 } else {
3750@@ -398,6 +408,12 @@ void arch_pick_mmap_layout(struct mm_str 3983@@ -398,6 +406,12 @@ void arch_pick_mmap_layout(struct mm_str
3751 gap = (task_size / 6 * 5); 3984 gap = (task_size / 6 * 5);
3752 3985
3753 mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor); 3986 mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor);
@@ -4033,8 +4266,8 @@ diff -urNp linux-2.6.32.21/arch/sparc/lib/atomic_64.S linux-2.6.32.21/arch/sparc
4033 bne,pn %xcc, 2f 4266 bne,pn %xcc, 2f
4034diff -urNp linux-2.6.32.21/arch/sparc/lib/ksyms.c linux-2.6.32.21/arch/sparc/lib/ksyms.c 4267diff -urNp linux-2.6.32.21/arch/sparc/lib/ksyms.c linux-2.6.32.21/arch/sparc/lib/ksyms.c
4035--- linux-2.6.32.21/arch/sparc/lib/ksyms.c 2010-08-13 16:24:37.000000000 -0400 4268--- linux-2.6.32.21/arch/sparc/lib/ksyms.c 2010-08-13 16:24:37.000000000 -0400
4036+++ linux-2.6.32.21/arch/sparc/lib/ksyms.c 2010-09-04 15:54:51.000000000 -0400 4269+++ linux-2.6.32.21/arch/sparc/lib/ksyms.c 2010-09-17 17:45:39.000000000 -0400
4037@@ -144,12 +144,15 @@ EXPORT_SYMBOL(__downgrade_write); 4270@@ -144,12 +144,17 @@ EXPORT_SYMBOL(__downgrade_write);
4038 4271
4039 /* Atomic counter implementation. */ 4272 /* Atomic counter implementation. */
4040 EXPORT_SYMBOL(atomic_add); 4273 EXPORT_SYMBOL(atomic_add);
@@ -4044,7 +4277,9 @@ diff -urNp linux-2.6.32.21/arch/sparc/lib/ksyms.c linux-2.6.32.21/arch/sparc/lib
4044+EXPORT_SYMBOL(atomic_sub_unchecked); 4277+EXPORT_SYMBOL(atomic_sub_unchecked);
4045 EXPORT_SYMBOL(atomic_sub_ret); 4278 EXPORT_SYMBOL(atomic_sub_ret);
4046 EXPORT_SYMBOL(atomic64_add); 4279 EXPORT_SYMBOL(atomic64_add);
4280+EXPORT_SYMBOL(atomic64_add_unchecked);
4047 EXPORT_SYMBOL(atomic64_add_ret); 4281 EXPORT_SYMBOL(atomic64_add_ret);
4282+EXPORT_SYMBOL(atomic64_add_ret_unchecked);
4048 EXPORT_SYMBOL(atomic64_sub); 4283 EXPORT_SYMBOL(atomic64_sub);
4049+EXPORT_SYMBOL(atomic64_sub_unchecked); 4284+EXPORT_SYMBOL(atomic64_sub_unchecked);
4050 EXPORT_SYMBOL(atomic64_sub_ret); 4285 EXPORT_SYMBOL(atomic64_sub_ret);
@@ -4969,6 +5204,46 @@ diff -urNp linux-2.6.32.21/arch/sparc/mm/fault_64.c linux-2.6.32.21/arch/sparc/m
4969 /* Pure DTLB misses do not tell us whether the fault causing 5204 /* Pure DTLB misses do not tell us whether the fault causing
4970 * load/store/atomic was a write or not, it only says that there 5205 * load/store/atomic was a write or not, it only says that there
4971 * was no match. So in such a case we (carefully) read the 5206 * was no match. So in such a case we (carefully) read the
5207diff -urNp linux-2.6.32.21/arch/sparc/mm/hugetlbpage.c linux-2.6.32.21/arch/sparc/mm/hugetlbpage.c
5208--- linux-2.6.32.21/arch/sparc/mm/hugetlbpage.c 2010-08-13 16:24:37.000000000 -0400
5209+++ linux-2.6.32.21/arch/sparc/mm/hugetlbpage.c 2010-09-17 18:34:04.000000000 -0400
5210@@ -69,7 +69,7 @@ full_search:
5211 }
5212 return -ENOMEM;
5213 }
5214- if (likely(!vma || addr + len <= vma->vm_start)) {
5215+ if (likely(check_heap_stack_gap(vma, addr, len))) {
5216 /*
5217 * Remember the place where we stopped the search:
5218 */
5219@@ -108,7 +108,7 @@ hugetlb_get_unmapped_area_topdown(struct
5220 /* make sure it can fit in the remaining address space */
5221 if (likely(addr > len)) {
5222 vma = find_vma(mm, addr-len);
5223- if (!vma || addr <= vma->vm_start) {
5224+ if (check_heap_stack_gap(vma, addr - len, len)) {
5225 /* remember the address as a hint for next time */
5226 return (mm->free_area_cache = addr-len);
5227 }
5228@@ -126,7 +126,7 @@ hugetlb_get_unmapped_area_topdown(struct
5229 * return with success:
5230 */
5231 vma = find_vma(mm, addr);
5232- if (likely(!vma || addr+len <= vma->vm_start)) {
5233+ if (likely(check_heap_stack_gap(vma, addr, len))) {
5234 /* remember the address as a hint for next time */
5235 return (mm->free_area_cache = addr);
5236 }
5237@@ -183,8 +183,7 @@ hugetlb_get_unmapped_area(struct file *f
5238 if (addr) {
5239 addr = ALIGN(addr, HPAGE_SIZE);
5240 vma = find_vma(mm, addr);
5241- if (task_size - len >= addr &&
5242- (!vma || addr + len <= vma->vm_start))
5243+ if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len))
5244 return addr;
5245 }
5246 if (mm->get_unmapped_area == arch_get_unmapped_area)
4972diff -urNp linux-2.6.32.21/arch/sparc/mm/init_32.c linux-2.6.32.21/arch/sparc/mm/init_32.c 5247diff -urNp linux-2.6.32.21/arch/sparc/mm/init_32.c linux-2.6.32.21/arch/sparc/mm/init_32.c
4973--- linux-2.6.32.21/arch/sparc/mm/init_32.c 2010-08-13 16:24:37.000000000 -0400 5248--- linux-2.6.32.21/arch/sparc/mm/init_32.c 2010-08-13 16:24:37.000000000 -0400
4974+++ linux-2.6.32.21/arch/sparc/mm/init_32.c 2010-09-04 15:54:51.000000000 -0400 5249+++ linux-2.6.32.21/arch/sparc/mm/init_32.c 2010-09-04 15:54:51.000000000 -0400
@@ -6145,7 +6420,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_32.h linux-2.6.32.21/arch
6145 extern u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old_val, u64 new_val); 6420 extern u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old_val, u64 new_val);
6146diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch/x86/include/asm/atomic_64.h 6421diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch/x86/include/asm/atomic_64.h
6147--- linux-2.6.32.21/arch/x86/include/asm/atomic_64.h 2010-08-13 16:24:37.000000000 -0400 6422--- linux-2.6.32.21/arch/x86/include/asm/atomic_64.h 2010-08-13 16:24:37.000000000 -0400
6148+++ linux-2.6.32.21/arch/x86/include/asm/atomic_64.h 2010-09-15 02:36:22.000000000 -0400 6423+++ linux-2.6.32.21/arch/x86/include/asm/atomic_64.h 2010-09-17 20:46:00.000000000 -0400
6149@@ -24,6 +24,17 @@ static inline int atomic_read(const atom 6424@@ -24,6 +24,17 @@ static inline int atomic_read(const atom
6150 } 6425 }
6151 6426
@@ -6426,15 +6701,18 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch
6426 : "+r" (i), "+m" (v->counter) 6701 : "+r" (i), "+m" (v->counter)
6427 : : "memory"); 6702 : : "memory");
6428 return i + __i; 6703 return i + __i;
6429@@ -185,6 +370,7 @@ static inline int atomic_sub_return(int 6704@@ -185,6 +370,10 @@ static inline int atomic_sub_return(int
6430 } 6705 }
6431 6706
6432 #define atomic_inc_return(v) (atomic_add_return(1, v)) 6707 #define atomic_inc_return(v) (atomic_add_return(1, v))
6433+#define atomic_inc_return_unchecked(v) (atomic_add_return_unchecked(1, v)) 6708+static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v)
6709+{
6710+ return atomic_add_return(1, v);
6711+}
6434 #define atomic_dec_return(v) (atomic_sub_return(1, v)) 6712 #define atomic_dec_return(v) (atomic_sub_return(1, v))
6435 6713
6436 /* The 64-bit atomic type */ 6714 /* The 64-bit atomic type */
6437@@ -204,6 +390,18 @@ static inline long atomic64_read(const a 6715@@ -204,6 +393,18 @@ static inline long atomic64_read(const a
6438 } 6716 }
6439 6717
6440 /** 6718 /**
@@ -6453,7 +6731,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch
6453 * atomic64_set - set atomic64 variable 6731 * atomic64_set - set atomic64 variable
6454 * @v: pointer to type atomic64_t 6732 * @v: pointer to type atomic64_t
6455 * @i: required value 6733 * @i: required value
6456@@ -216,6 +414,18 @@ static inline void atomic64_set(atomic64 6734@@ -216,6 +417,18 @@ static inline void atomic64_set(atomic64
6457 } 6735 }
6458 6736
6459 /** 6737 /**
@@ -6472,7 +6750,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch
6472 * atomic64_add - add integer to atomic64 variable 6750 * atomic64_add - add integer to atomic64 variable
6473 * @i: integer value to add 6751 * @i: integer value to add
6474 * @v: pointer to type atomic64_t 6752 * @v: pointer to type atomic64_t
6475@@ -224,6 +434,28 @@ static inline void atomic64_set(atomic64 6753@@ -224,6 +437,28 @@ static inline void atomic64_set(atomic64
6476 */ 6754 */
6477 static inline void atomic64_add(long i, atomic64_t *v) 6755 static inline void atomic64_add(long i, atomic64_t *v)
6478 { 6756 {
@@ -6501,7 +6779,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch
6501 asm volatile(LOCK_PREFIX "addq %1,%0" 6779 asm volatile(LOCK_PREFIX "addq %1,%0"
6502 : "=m" (v->counter) 6780 : "=m" (v->counter)
6503 : "er" (i), "m" (v->counter)); 6781 : "er" (i), "m" (v->counter));
6504@@ -238,7 +470,15 @@ static inline void atomic64_add(long i, 6782@@ -238,7 +473,15 @@ static inline void atomic64_add(long i,
6505 */ 6783 */
6506 static inline void atomic64_sub(long i, atomic64_t *v) 6784 static inline void atomic64_sub(long i, atomic64_t *v)
6507 { 6785 {
@@ -6518,7 +6796,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch
6518 : "=m" (v->counter) 6796 : "=m" (v->counter)
6519 : "er" (i), "m" (v->counter)); 6797 : "er" (i), "m" (v->counter));
6520 } 6798 }
6521@@ -256,7 +496,16 @@ static inline int atomic64_sub_and_test( 6799@@ -256,7 +499,16 @@ static inline int atomic64_sub_and_test(
6522 { 6800 {
6523 unsigned char c; 6801 unsigned char c;
6524 6802
@@ -6536,7 +6814,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch
6536 : "=m" (v->counter), "=qm" (c) 6814 : "=m" (v->counter), "=qm" (c)
6537 : "er" (i), "m" (v->counter) : "memory"); 6815 : "er" (i), "m" (v->counter) : "memory");
6538 return c; 6816 return c;
6539@@ -270,6 +519,31 @@ static inline int atomic64_sub_and_test( 6817@@ -270,6 +522,31 @@ static inline int atomic64_sub_and_test(
6540 */ 6818 */
6541 static inline void atomic64_inc(atomic64_t *v) 6819 static inline void atomic64_inc(atomic64_t *v)
6542 { 6820 {
@@ -6568,7 +6846,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch
6568 asm volatile(LOCK_PREFIX "incq %0" 6846 asm volatile(LOCK_PREFIX "incq %0"
6569 : "=m" (v->counter) 6847 : "=m" (v->counter)
6570 : "m" (v->counter)); 6848 : "m" (v->counter));
6571@@ -283,7 +557,32 @@ static inline void atomic64_inc(atomic64 6849@@ -283,7 +560,32 @@ static inline void atomic64_inc(atomic64
6572 */ 6850 */
6573 static inline void atomic64_dec(atomic64_t *v) 6851 static inline void atomic64_dec(atomic64_t *v)
6574 { 6852 {
@@ -6602,7 +6880,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch
6602 : "=m" (v->counter) 6880 : "=m" (v->counter)
6603 : "m" (v->counter)); 6881 : "m" (v->counter));
6604 } 6882 }
6605@@ -300,7 +599,20 @@ static inline int atomic64_dec_and_test( 6883@@ -300,7 +602,20 @@ static inline int atomic64_dec_and_test(
6606 { 6884 {
6607 unsigned char c; 6885 unsigned char c;
6608 6886
@@ -6624,7 +6902,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch
6624 : "=m" (v->counter), "=qm" (c) 6902 : "=m" (v->counter), "=qm" (c)
6625 : "m" (v->counter) : "memory"); 6903 : "m" (v->counter) : "memory");
6626 return c != 0; 6904 return c != 0;
6627@@ -318,7 +630,20 @@ static inline int atomic64_inc_and_test( 6905@@ -318,7 +633,20 @@ static inline int atomic64_inc_and_test(
6628 { 6906 {
6629 unsigned char c; 6907 unsigned char c;
6630 6908
@@ -6646,7 +6924,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch
6646 : "=m" (v->counter), "=qm" (c) 6924 : "=m" (v->counter), "=qm" (c)
6647 : "m" (v->counter) : "memory"); 6925 : "m" (v->counter) : "memory");
6648 return c != 0; 6926 return c != 0;
6649@@ -337,7 +662,16 @@ static inline int atomic64_add_negative( 6927@@ -337,7 +665,16 @@ static inline int atomic64_add_negative(
6650 { 6928 {
6651 unsigned char c; 6929 unsigned char c;
6652 6930
@@ -6664,7 +6942,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch
6664 : "=m" (v->counter), "=qm" (c) 6942 : "=m" (v->counter), "=qm" (c)
6665 : "er" (i), "m" (v->counter) : "memory"); 6943 : "er" (i), "m" (v->counter) : "memory");
6666 return c; 6944 return c;
6667@@ -353,7 +687,31 @@ static inline int atomic64_add_negative( 6945@@ -353,7 +690,31 @@ static inline int atomic64_add_negative(
6668 static inline long atomic64_add_return(long i, atomic64_t *v) 6946 static inline long atomic64_add_return(long i, atomic64_t *v)
6669 { 6947 {
6670 long __i = i; 6948 long __i = i;
@@ -6697,7 +6975,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch
6697 : "+r" (i), "+m" (v->counter) 6975 : "+r" (i), "+m" (v->counter)
6698 : : "memory"); 6976 : : "memory");
6699 return i + __i; 6977 return i + __i;
6700@@ -365,6 +723,10 @@ static inline long atomic64_sub_return(l 6978@@ -365,6 +726,10 @@ static inline long atomic64_sub_return(l
6701 } 6979 }
6702 6980
6703 #define atomic64_inc_return(v) (atomic64_add_return(1, (v))) 6981 #define atomic64_inc_return(v) (atomic64_add_return(1, (v)))
@@ -6708,7 +6986,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch
6708 #define atomic64_dec_return(v) (atomic64_sub_return(1, (v))) 6986 #define atomic64_dec_return(v) (atomic64_sub_return(1, (v)))
6709 6987
6710 static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new) 6988 static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new)
6711@@ -398,17 +760,29 @@ static inline long atomic_xchg(atomic_t 6989@@ -398,17 +763,29 @@ static inline long atomic_xchg(atomic_t
6712 */ 6990 */
6713 static inline int atomic_add_unless(atomic_t *v, int a, int u) 6991 static inline int atomic_add_unless(atomic_t *v, int a, int u)
6714 { 6992 {
@@ -6742,7 +7020,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/atomic_64.h linux-2.6.32.21/arch
6742 } 7020 }
6743 7021
6744 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0) 7022 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
6745@@ -424,17 +798,29 @@ static inline int atomic_add_unless(atom 7023@@ -424,17 +801,29 @@ static inline int atomic_add_unless(atom
6746 */ 7024 */
6747 static inline int atomic64_add_unless(atomic64_t *v, long a, long u) 7025 static inline int atomic64_add_unless(atomic64_t *v, long a, long u)
6748 { 7026 {
@@ -9393,7 +9671,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/uaccess_64.h linux-2.6.32.21/arc
9393 #endif /* _ASM_X86_UACCESS_64_H */ 9671 #endif /* _ASM_X86_UACCESS_64_H */
9394diff -urNp linux-2.6.32.21/arch/x86/include/asm/uaccess.h linux-2.6.32.21/arch/x86/include/asm/uaccess.h 9672diff -urNp linux-2.6.32.21/arch/x86/include/asm/uaccess.h linux-2.6.32.21/arch/x86/include/asm/uaccess.h
9395--- linux-2.6.32.21/arch/x86/include/asm/uaccess.h 2010-08-13 16:24:37.000000000 -0400 9673--- linux-2.6.32.21/arch/x86/include/asm/uaccess.h 2010-08-13 16:24:37.000000000 -0400
9396+++ linux-2.6.32.21/arch/x86/include/asm/uaccess.h 2010-09-04 15:54:51.000000000 -0400 9674+++ linux-2.6.32.21/arch/x86/include/asm/uaccess.h 2010-09-16 23:14:31.000000000 -0400
9397@@ -8,12 +8,15 @@ 9675@@ -8,12 +8,15 @@
9398 #include <linux/thread_info.h> 9676 #include <linux/thread_info.h>
9399 #include <linux/prefetch.h> 9677 #include <linux/prefetch.h>
@@ -9458,22 +9736,9 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/uaccess.h linux-2.6.32.21/arch/x
9458 9736
9459 /* 9737 /*
9460 * The exception table consists of pairs of addresses: the first is the 9738 * The exception table consists of pairs of addresses: the first is the
9461@@ -179,17 +213,34 @@ extern int __get_user_bad(void); 9739@@ -183,13 +217,21 @@ extern int __get_user_bad(void);
9462 __ret_gu; \
9463 })
9464
9465+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
9466+#define __put_user_x(size, x, ptr, __ret_pu) \
9467+ ({ \
9468+ int __dummy; \
9469+ asm volatile("call __put_user_" #size : "=a" (__ret_pu), "=c" (__dummy) \
9470+ : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx"); \
9471+ })
9472+#else
9473 #define __put_user_x(size, x, ptr, __ret_pu) \
9474 asm volatile("call __put_user_" #size : "=a" (__ret_pu) \ 9740 asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
9475 : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") 9741 : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
9476+#endif
9477 9742
9478- 9743-
9479+#ifdef CONFIG_X86_32 9744+#ifdef CONFIG_X86_32
@@ -9496,7 +9761,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/uaccess.h linux-2.6.32.21/arch/x
9496 ".section .fixup,\"ax\"\n" \ 9761 ".section .fixup,\"ax\"\n" \
9497 "4: movl %3,%0\n" \ 9762 "4: movl %3,%0\n" \
9498 " jmp 3b\n" \ 9763 " jmp 3b\n" \
9499@@ -197,15 +248,18 @@ extern int __get_user_bad(void); 9764@@ -197,15 +239,18 @@ extern int __get_user_bad(void);
9500 _ASM_EXTABLE(1b, 4b) \ 9765 _ASM_EXTABLE(1b, 4b) \
9501 _ASM_EXTABLE(2b, 4b) \ 9766 _ASM_EXTABLE(2b, 4b) \
9502 : "=r" (err) \ 9767 : "=r" (err) \
@@ -9519,7 +9784,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/uaccess.h linux-2.6.32.21/arch/x
9519 9784
9520 #define __put_user_x8(x, ptr, __ret_pu) \ 9785 #define __put_user_x8(x, ptr, __ret_pu) \
9521 asm volatile("call __put_user_8" : "=a" (__ret_pu) \ 9786 asm volatile("call __put_user_8" : "=a" (__ret_pu) \
9522@@ -374,16 +428,18 @@ do { \ 9787@@ -374,16 +419,18 @@ do { \
9523 } while (0) 9788 } while (0)
9524 9789
9525 #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ 9790 #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
@@ -9541,7 +9806,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/uaccess.h linux-2.6.32.21/arch/x
9541 9806
9542 #define __get_user_size_ex(x, ptr, size) \ 9807 #define __get_user_size_ex(x, ptr, size) \
9543 do { \ 9808 do { \
9544@@ -407,10 +463,12 @@ do { \ 9809@@ -407,10 +454,12 @@ do { \
9545 } while (0) 9810 } while (0)
9546 9811
9547 #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \ 9812 #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
@@ -9556,7 +9821,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/uaccess.h linux-2.6.32.21/arch/x
9556 9821
9557 #define __put_user_nocheck(x, ptr, size) \ 9822 #define __put_user_nocheck(x, ptr, size) \
9558 ({ \ 9823 ({ \
9559@@ -424,13 +482,24 @@ do { \ 9824@@ -424,13 +473,24 @@ do { \
9560 int __gu_err; \ 9825 int __gu_err; \
9561 unsigned long __gu_val; \ 9826 unsigned long __gu_val; \
9562 __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ 9827 __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
@@ -9583,7 +9848,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/uaccess.h linux-2.6.32.21/arch/x
9583 9848
9584 /* 9849 /*
9585 * Tell gcc we read from memory instead of writing: this is because 9850 * Tell gcc we read from memory instead of writing: this is because
9586@@ -438,21 +507,26 @@ struct __large_struct { unsigned long bu 9851@@ -438,21 +498,26 @@ struct __large_struct { unsigned long bu
9587 * aliasing issues. 9852 * aliasing issues.
9588 */ 9853 */
9589 #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ 9854 #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
@@ -9614,7 +9879,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/uaccess.h linux-2.6.32.21/arch/x
9614 9879
9615 /* 9880 /*
9616 * uaccess_try and catch 9881 * uaccess_try and catch
9617@@ -530,7 +604,7 @@ struct __large_struct { unsigned long bu 9882@@ -530,7 +595,7 @@ struct __large_struct { unsigned long bu
9618 #define get_user_ex(x, ptr) do { \ 9883 #define get_user_ex(x, ptr) do { \
9619 unsigned long __gue_val; \ 9884 unsigned long __gue_val; \
9620 __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \ 9885 __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
@@ -9623,7 +9888,7 @@ diff -urNp linux-2.6.32.21/arch/x86/include/asm/uaccess.h linux-2.6.32.21/arch/x
9623 } while (0) 9888 } while (0)
9624 9889
9625 #ifdef CONFIG_X86_WP_WORKS_OK 9890 #ifdef CONFIG_X86_WP_WORKS_OK
9626@@ -567,6 +641,7 @@ extern struct movsl_mask { 9891@@ -567,6 +632,7 @@ extern struct movsl_mask {
9627 9892
9628 #define ARCH_HAS_NOCACHE_UACCESS 1 9893 #define ARCH_HAS_NOCACHE_UACCESS 1
9629 9894
@@ -13721,7 +13986,26 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/signal.c linux-2.6.32.21/arch/x86/ker
13721 if (current_thread_info()->status & TS_RESTORE_SIGMASK) 13986 if (current_thread_info()->status & TS_RESTORE_SIGMASK)
13722diff -urNp linux-2.6.32.21/arch/x86/kernel/smpboot.c linux-2.6.32.21/arch/x86/kernel/smpboot.c 13987diff -urNp linux-2.6.32.21/arch/x86/kernel/smpboot.c linux-2.6.32.21/arch/x86/kernel/smpboot.c
13723--- linux-2.6.32.21/arch/x86/kernel/smpboot.c 2010-08-29 21:08:20.000000000 -0400 13988--- linux-2.6.32.21/arch/x86/kernel/smpboot.c 2010-08-29 21:08:20.000000000 -0400
13724+++ linux-2.6.32.21/arch/x86/kernel/smpboot.c 2010-09-04 15:54:51.000000000 -0400 13989+++ linux-2.6.32.21/arch/x86/kernel/smpboot.c 2010-09-17 17:44:35.000000000 -0400
13990@@ -95,14 +95,14 @@ static DEFINE_PER_CPU(struct task_struct
13991 */
13992 static DEFINE_MUTEX(x86_cpu_hotplug_driver_mutex);
13993
13994-void cpu_hotplug_driver_lock()
13995+void cpu_hotplug_driver_lock(void)
13996 {
13997- mutex_lock(&x86_cpu_hotplug_driver_mutex);
13998+ mutex_lock(&x86_cpu_hotplug_driver_mutex);
13999 }
14000
14001-void cpu_hotplug_driver_unlock()
14002+void cpu_hotplug_driver_unlock(void)
14003 {
14004- mutex_unlock(&x86_cpu_hotplug_driver_mutex);
14005+ mutex_unlock(&x86_cpu_hotplug_driver_mutex);
14006 }
14007
14008 ssize_t arch_cpu_probe(const char *buf, size_t count) { return -1; }
13725@@ -748,7 +748,11 @@ do_rest: 14009@@ -748,7 +748,11 @@ do_rest:
13726 (unsigned long)task_stack_page(c_idle.idle) - 14010 (unsigned long)task_stack_page(c_idle.idle) -
13727 KERNEL_STACK_OFFSET + THREAD_SIZE; 14011 KERNEL_STACK_OFFSET + THREAD_SIZE;
@@ -13792,7 +14076,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/syscall_table_32.S linux-2.6.32.21/ar
13792 .long sys_exit 14076 .long sys_exit
13793diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c 14077diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c
13794--- linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c 2010-08-13 16:24:37.000000000 -0400 14078--- linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c 2010-08-13 16:24:37.000000000 -0400
13795+++ linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c 2010-09-04 15:54:51.000000000 -0400 14079+++ linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c 2010-09-17 18:34:04.000000000 -0400
13796@@ -24,6 +24,21 @@ 14080@@ -24,6 +24,21 @@
13797 14081
13798 #include <asm/syscalls.h> 14082 #include <asm/syscalls.h>
@@ -13815,7 +14099,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c linux-2.6.32.21/arch/x8
13815 /* 14099 /*
13816 * Perform the select(nd, in, out, ex, tv) and mmap() system 14100 * Perform the select(nd, in, out, ex, tv) and mmap() system
13817 * calls. Linux/i386 didn't use to be able to handle more than 14101 * calls. Linux/i386 didn't use to be able to handle more than
13818@@ -58,6 +73,205 @@ out: 14102@@ -58,6 +73,208 @@ out:
13819 return err; 14103 return err;
13820 } 14104 }
13821 14105
@@ -13844,10 +14128,11 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c linux-2.6.32.21/arch/x8
13844+ 14128+
13845+ if (addr) { 14129+ if (addr) {
13846+ addr = PAGE_ALIGN(addr); 14130+ addr = PAGE_ALIGN(addr);
13847+ vma = find_vma(mm, addr); 14131+ if (pax_task_size - len >= addr) {
13848+ if (pax_task_size - len >= addr && 14132+ vma = find_vma(mm, addr);
13849+ (!vma || addr + len <= vma->vm_start)) 14133+ if (check_heap_stack_gap(vma, addr, len))
13850+ return addr; 14134+ return addr;
14135+ }
13851+ } 14136+ }
13852+ if (len > mm->cached_hole_size) { 14137+ if (len > mm->cached_hole_size) {
13853+ start_addr = addr = mm->free_area_cache; 14138+ start_addr = addr = mm->free_area_cache;
@@ -13887,13 +14172,8 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c linux-2.6.32.21/arch/x8
13887+ } 14172+ }
13888+ return -ENOMEM; 14173+ return -ENOMEM;
13889+ } 14174+ }
13890+ if (!vma || addr + len <= vma->vm_start) { 14175+ if (check_heap_stack_gap(vma, addr, len))
13891+ /* 14176+ break;
13892+ * Remember the place where we stopped the search:
13893+ */
13894+ mm->free_area_cache = addr + len;
13895+ return addr;
13896+ }
13897+ if (addr + mm->cached_hole_size < vma->vm_start) 14177+ if (addr + mm->cached_hole_size < vma->vm_start)
13898+ mm->cached_hole_size = vma->vm_start - addr; 14178+ mm->cached_hole_size = vma->vm_start - addr;
13899+ addr = vma->vm_end; 14179+ addr = vma->vm_end;
@@ -13903,6 +14183,12 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c linux-2.6.32.21/arch/x8
13903+ goto full_search; 14183+ goto full_search;
13904+ } 14184+ }
13905+ } 14185+ }
14186+
14187+ /*
14188+ * Remember the place where we stopped the search:
14189+ */
14190+ mm->free_area_cache = addr + len;
14191+ return addr;
13906+} 14192+}
13907+ 14193+
13908+unsigned long 14194+unsigned long
@@ -13938,10 +14224,11 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c linux-2.6.32.21/arch/x8
13938+ /* requesting a specific address */ 14224+ /* requesting a specific address */
13939+ if (addr) { 14225+ if (addr) {
13940+ addr = PAGE_ALIGN(addr); 14226+ addr = PAGE_ALIGN(addr);
13941+ vma = find_vma(mm, addr); 14227+ if (pax_task_size - len >= addr) {
13942+ if (pax_task_size - len >= addr && 14228+ vma = find_vma(mm, addr);
13943+ (!vma || addr + len <= vma->vm_start)) 14229+ if (check_heap_stack_gap(vma, addr, len))
13944+ return addr; 14230+ return addr;
14231+ }
13945+ } 14232+ }
13946+ 14233+
13947+ /* check if free_area_cache is useful for us */ 14234+ /* check if free_area_cache is useful for us */
@@ -13956,7 +14243,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c linux-2.6.32.21/arch/x8
13956+ /* make sure it can fit in the remaining address space */ 14243+ /* make sure it can fit in the remaining address space */
13957+ if (addr > len) { 14244+ if (addr > len) {
13958+ vma = find_vma(mm, addr-len); 14245+ vma = find_vma(mm, addr-len);
13959+ if (!vma || addr <= vma->vm_start) 14246+ if (check_heap_stack_gap(vma, addr - len, len))
13960+ /* remember the address as a hint for next time */ 14247+ /* remember the address as a hint for next time */
13961+ return (mm->free_area_cache = addr-len); 14248+ return (mm->free_area_cache = addr-len);
13962+ } 14249+ }
@@ -13973,7 +14260,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c linux-2.6.32.21/arch/x8
13973+ * return with success: 14260+ * return with success:
13974+ */ 14261+ */
13975+ vma = find_vma(mm, addr); 14262+ vma = find_vma(mm, addr);
13976+ if (!vma || addr+len <= vma->vm_start) 14263+ if (check_heap_stack_gap(vma, addr, len))
13977+ /* remember the address as a hint for next time */ 14264+ /* remember the address as a hint for next time */
13978+ return (mm->free_area_cache = addr); 14265+ return (mm->free_area_cache = addr);
13979+ 14266+
@@ -14021,7 +14308,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c linux-2.6.32.21/arch/x8
14021 14308
14022 struct sel_arg_struct { 14309 struct sel_arg_struct {
14023 unsigned long n; 14310 unsigned long n;
14024@@ -93,7 +307,7 @@ asmlinkage int sys_ipc(uint call, int fi 14311@@ -93,7 +310,7 @@ asmlinkage int sys_ipc(uint call, int fi
14025 return sys_semtimedop(first, (struct sembuf __user *)ptr, second, NULL); 14312 return sys_semtimedop(first, (struct sembuf __user *)ptr, second, NULL);
14026 case SEMTIMEDOP: 14313 case SEMTIMEDOP:
14027 return sys_semtimedop(first, (struct sembuf __user *)ptr, second, 14314 return sys_semtimedop(first, (struct sembuf __user *)ptr, second,
@@ -14030,7 +14317,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c linux-2.6.32.21/arch/x8
14030 14317
14031 case SEMGET: 14318 case SEMGET:
14032 return sys_semget(first, second, third); 14319 return sys_semget(first, second, third);
14033@@ -140,7 +354,7 @@ asmlinkage int sys_ipc(uint call, int fi 14320@@ -140,7 +357,7 @@ asmlinkage int sys_ipc(uint call, int fi
14034 ret = do_shmat(first, (char __user *) ptr, second, &raddr); 14321 ret = do_shmat(first, (char __user *) ptr, second, &raddr);
14035 if (ret) 14322 if (ret)
14036 return ret; 14323 return ret;
@@ -14041,7 +14328,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_i386_32.c linux-2.6.32.21/arch/x8
14041 if (!segment_eq(get_fs(), get_ds())) 14328 if (!segment_eq(get_fs(), get_ds()))
14042diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_x86_64.c linux-2.6.32.21/arch/x86/kernel/sys_x86_64.c 14329diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_x86_64.c linux-2.6.32.21/arch/x86/kernel/sys_x86_64.c
14043--- linux-2.6.32.21/arch/x86/kernel/sys_x86_64.c 2010-08-13 16:24:37.000000000 -0400 14330--- linux-2.6.32.21/arch/x86/kernel/sys_x86_64.c 2010-08-13 16:24:37.000000000 -0400
14044+++ linux-2.6.32.21/arch/x86/kernel/sys_x86_64.c 2010-09-04 15:54:51.000000000 -0400 14331+++ linux-2.6.32.21/arch/x86/kernel/sys_x86_64.c 2010-09-17 18:34:04.000000000 -0400
14045@@ -32,8 +32,8 @@ out: 14332@@ -32,8 +32,8 @@ out:
14046 return error; 14333 return error;
14047 } 14334 }
@@ -14062,7 +14349,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_x86_64.c linux-2.6.32.21/arch/x86
14062 *end = TASK_SIZE; 14349 *end = TASK_SIZE;
14063 } 14350 }
14064 } 14351 }
14065@@ -69,11 +69,15 @@ arch_get_unmapped_area(struct file *filp 14352@@ -69,16 +69,19 @@ arch_get_unmapped_area(struct file *filp
14066 if (flags & MAP_FIXED) 14353 if (flags & MAP_FIXED)
14067 return addr; 14354 return addr;
14068 14355
@@ -14079,7 +14366,22 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_x86_64.c linux-2.6.32.21/arch/x86
14079 if (addr) { 14366 if (addr) {
14080 addr = PAGE_ALIGN(addr); 14367 addr = PAGE_ALIGN(addr);
14081 vma = find_vma(mm, addr); 14368 vma = find_vma(mm, addr);
14082@@ -128,7 +132,7 @@ arch_get_unmapped_area_topdown(struct fi 14369- if (end - len >= addr &&
14370- (!vma || addr + len <= vma->vm_start))
14371+ if (end - len >= addr && check_heap_stack_gap(vma, addr, len))
14372 return addr;
14373 }
14374 if (((flags & MAP_32BIT) || test_thread_flag(TIF_IA32))
14375@@ -106,7 +109,7 @@ full_search:
14376 }
14377 return -ENOMEM;
14378 }
14379- if (!vma || addr + len <= vma->vm_start) {
14380+ if (check_heap_stack_gap(vma, addr, len)) {
14381 /*
14382 * Remember the place where we stopped the search:
14383 */
14384@@ -128,7 +131,7 @@ arch_get_unmapped_area_topdown(struct fi
14083 { 14385 {
14084 struct vm_area_struct *vma; 14386 struct vm_area_struct *vma;
14085 struct mm_struct *mm = current->mm; 14387 struct mm_struct *mm = current->mm;
@@ -14088,7 +14390,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_x86_64.c linux-2.6.32.21/arch/x86
14088 14390
14089 /* requested length too big for entire address space */ 14391 /* requested length too big for entire address space */
14090 if (len > TASK_SIZE) 14392 if (len > TASK_SIZE)
14091@@ -141,6 +145,10 @@ arch_get_unmapped_area_topdown(struct fi 14393@@ -141,12 +144,15 @@ arch_get_unmapped_area_topdown(struct fi
14092 if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) 14394 if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT))
14093 goto bottomup; 14395 goto bottomup;
14094 14396
@@ -14099,7 +14401,32 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/sys_x86_64.c linux-2.6.32.21/arch/x86
14099 /* requesting a specific address */ 14401 /* requesting a specific address */
14100 if (addr) { 14402 if (addr) {
14101 addr = PAGE_ALIGN(addr); 14403 addr = PAGE_ALIGN(addr);
14102@@ -198,13 +206,21 @@ bottomup: 14404 vma = find_vma(mm, addr);
14405- if (TASK_SIZE - len >= addr &&
14406- (!vma || addr + len <= vma->vm_start))
14407+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len))
14408 return addr;
14409 }
14410
14411@@ -162,7 +168,7 @@ arch_get_unmapped_area_topdown(struct fi
14412 /* make sure it can fit in the remaining address space */
14413 if (addr > len) {
14414 vma = find_vma(mm, addr-len);
14415- if (!vma || addr <= vma->vm_start)
14416+ if (check_heap_stack_gap(vma, addr - len, len))
14417 /* remember the address as a hint for next time */
14418 return mm->free_area_cache = addr-len;
14419 }
14420@@ -179,7 +185,7 @@ arch_get_unmapped_area_topdown(struct fi
14421 * return with success:
14422 */
14423 vma = find_vma(mm, addr);
14424- if (!vma || addr+len <= vma->vm_start)
14425+ if (check_heap_stack_gap(vma, addr, len))
14426 /* remember the address as a hint for next time */
14427 return mm->free_area_cache = addr;
14428
14429@@ -198,13 +204,21 @@ bottomup:
14103 * can happen with large stack limits and large mmap() 14430 * can happen with large stack limits and large mmap()
14104 * allocations. 14431 * allocations.
14105 */ 14432 */
@@ -14599,22 +14926,13 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/vmi_32.c linux-2.6.32.21/arch/x86/ker
14599 local_irq_save(flags); 14926 local_irq_save(flags);
14600diff -urNp linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S 14927diff -urNp linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S
14601--- linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S 2010-08-13 16:24:37.000000000 -0400 14928--- linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S 2010-08-13 16:24:37.000000000 -0400
14602+++ linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S 2010-09-04 15:54:51.000000000 -0400 14929+++ linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S 2010-09-17 17:29:28.000000000 -0400
14603@@ -26,6 +26,22 @@ 14930@@ -26,6 +26,13 @@
14604 #include <asm/page_types.h> 14931 #include <asm/page_types.h>
14605 #include <asm/cache.h> 14932 #include <asm/cache.h>
14606 #include <asm/boot.h> 14933 #include <asm/boot.h>
14607+#include <asm/segment.h> 14934+#include <asm/segment.h>
14608+ 14935+
14609+#undef PMD_SIZE
14610+#undef PMD_SHIFT
14611+#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
14612+#define PMD_SHIFT 21
14613+#else
14614+#define PMD_SHIFT 22
14615+#endif
14616+#define PMD_SIZE (1 << PMD_SHIFT)
14617+
14618+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) 14936+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
14619+#define __KERNEL_TEXT_OFFSET (LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR) 14937+#define __KERNEL_TEXT_OFFSET (LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR)
14620+#else 14938+#else
@@ -14623,7 +14941,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.21/arch/x8
14623 14941
14624 #undef i386 /* in case the preprocessor is a 32bit one */ 14942 #undef i386 /* in case the preprocessor is a 32bit one */
14625 14943
14626@@ -34,40 +50,55 @@ OUTPUT_FORMAT(CONFIG_OUTPUT_FORMAT, CONF 14944@@ -34,40 +41,55 @@ OUTPUT_FORMAT(CONFIG_OUTPUT_FORMAT, CONF
14627 #ifdef CONFIG_X86_32 14945 #ifdef CONFIG_X86_32
14628 OUTPUT_ARCH(i386) 14946 OUTPUT_ARCH(i386)
14629 ENTRY(phys_startup_32) 14947 ENTRY(phys_startup_32)
@@ -14689,7 +15007,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.21/arch/x8
14689 HEAD_TEXT 15007 HEAD_TEXT
14690 #ifdef CONFIG_X86_32 15008 #ifdef CONFIG_X86_32
14691 . = ALIGN(PAGE_SIZE); 15009 . = ALIGN(PAGE_SIZE);
14692@@ -82,28 +113,69 @@ SECTIONS 15010@@ -82,28 +104,69 @@ SECTIONS
14693 IRQENTRY_TEXT 15011 IRQENTRY_TEXT
14694 *(.fixup) 15012 *(.fixup)
14695 *(.gnu.warning) 15013 *(.gnu.warning)
@@ -14766,7 +15084,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.21/arch/x8
14766 15084
14767 PAGE_ALIGNED_DATA(PAGE_SIZE) 15085 PAGE_ALIGNED_DATA(PAGE_SIZE)
14768 15086
14769@@ -166,12 +238,6 @@ SECTIONS 15087@@ -166,12 +229,6 @@ SECTIONS
14770 } 15088 }
14771 vgetcpu_mode = VVIRT(.vgetcpu_mode); 15089 vgetcpu_mode = VVIRT(.vgetcpu_mode);
14772 15090
@@ -14779,7 +15097,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.21/arch/x8
14779 .vsyscall_3 ADDR(.vsyscall_0) + 3072: AT(VLOAD(.vsyscall_3)) { 15097 .vsyscall_3 ADDR(.vsyscall_0) + 3072: AT(VLOAD(.vsyscall_3)) {
14780 *(.vsyscall_3) 15098 *(.vsyscall_3)
14781 } 15099 }
14782@@ -187,12 +253,19 @@ SECTIONS 15100@@ -187,12 +244,19 @@ SECTIONS
14783 #endif /* CONFIG_X86_64 */ 15101 #endif /* CONFIG_X86_64 */
14784 15102
14785 /* Init code and data - will be freed after init */ 15103 /* Init code and data - will be freed after init */
@@ -14802,7 +15120,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.21/arch/x8
14802 /* 15120 /*
14803 * percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the 15121 * percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the
14804 * output PHDR, so the next output section - .init.text - should 15122 * output PHDR, so the next output section - .init.text - should
14805@@ -201,12 +274,27 @@ SECTIONS 15123@@ -201,12 +265,27 @@ SECTIONS
14806 PERCPU_VADDR(0, :percpu) 15124 PERCPU_VADDR(0, :percpu)
14807 #endif 15125 #endif
14808 15126
@@ -14818,7 +15136,8 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.21/arch/x8
14818+ VMLINUX_SYMBOL(_einittext) = .; 15136+ VMLINUX_SYMBOL(_einittext) = .;
14819+ . = ALIGN(PAGE_SIZE); 15137+ . = ALIGN(PAGE_SIZE);
14820+ } :text.init 15138+ } :text.init
14821+ 15139
15140- INIT_DATA_SECTION(16)
14822+ /* 15141+ /*
14823+ * .exit.text is discard at runtime, not link time, to deal with 15142+ * .exit.text is discard at runtime, not link time, to deal with
14824+ * references from .altinstructions and .eh_frame 15143+ * references from .altinstructions and .eh_frame
@@ -14828,14 +15147,13 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.21/arch/x8
14828+ . = ALIGN(16); 15147+ . = ALIGN(16);
14829+ } :text.exit 15148+ } :text.exit
14830+ . = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text); 15149+ . = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text);
14831 15150+
14832- INIT_DATA_SECTION(16)
14833+ . = ALIGN(PAGE_SIZE); 15151+ . = ALIGN(PAGE_SIZE);
14834+ INIT_DATA_SECTION(16) :init 15152+ INIT_DATA_SECTION(16) :init
14835 15153
14836 .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) { 15154 .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
14837 __x86_cpu_dev_start = .; 15155 __x86_cpu_dev_start = .;
14838@@ -232,19 +320,11 @@ SECTIONS 15156@@ -232,19 +311,11 @@ SECTIONS
14839 *(.altinstr_replacement) 15157 *(.altinstr_replacement)
14840 } 15158 }
14841 15159
@@ -14856,7 +15174,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.21/arch/x8
14856 PERCPU(PAGE_SIZE) 15174 PERCPU(PAGE_SIZE)
14857 #endif 15175 #endif
14858 15176
14859@@ -267,12 +347,6 @@ SECTIONS 15177@@ -267,12 +338,6 @@ SECTIONS
14860 . = ALIGN(PAGE_SIZE); 15178 . = ALIGN(PAGE_SIZE);
14861 } 15179 }
14862 15180
@@ -14869,7 +15187,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.21/arch/x8
14869 /* BSS */ 15187 /* BSS */
14870 . = ALIGN(PAGE_SIZE); 15188 . = ALIGN(PAGE_SIZE);
14871 .bss : AT(ADDR(.bss) - LOAD_OFFSET) { 15189 .bss : AT(ADDR(.bss) - LOAD_OFFSET) {
14872@@ -288,6 +362,7 @@ SECTIONS 15190@@ -288,6 +353,7 @@ SECTIONS
14873 __brk_base = .; 15191 __brk_base = .;
14874 . += 64 * 1024; /* 64k alignment slop space */ 15192 . += 64 * 1024; /* 64k alignment slop space */
14875 *(.brk_reservation) /* areas brk users have reserved */ 15193 *(.brk_reservation) /* areas brk users have reserved */
@@ -14877,7 +15195,7 @@ diff -urNp linux-2.6.32.21/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.21/arch/x8
14877 __brk_limit = .; 15195 __brk_limit = .;
14878 } 15196 }
14879 15197
14880@@ -316,13 +391,12 @@ SECTIONS 15198@@ -316,13 +382,12 @@ SECTIONS
14881 * for the boot processor. 15199 * for the boot processor.
14882 */ 15200 */
14883 #define INIT_PER_CPU(x) init_per_cpu__##x = per_cpu__##x + __per_cpu_load 15201 #define INIT_PER_CPU(x) init_per_cpu__##x = per_cpu__##x + __per_cpu_load
@@ -18096,7 +18414,7 @@ diff -urNp linux-2.6.32.21/arch/x86/mm/highmem_32.c linux-2.6.32.21/arch/x86/mm/
18096 } 18414 }
18097diff -urNp linux-2.6.32.21/arch/x86/mm/hugetlbpage.c linux-2.6.32.21/arch/x86/mm/hugetlbpage.c 18415diff -urNp linux-2.6.32.21/arch/x86/mm/hugetlbpage.c linux-2.6.32.21/arch/x86/mm/hugetlbpage.c
18098--- linux-2.6.32.21/arch/x86/mm/hugetlbpage.c 2010-08-13 16:24:37.000000000 -0400 18416--- linux-2.6.32.21/arch/x86/mm/hugetlbpage.c 2010-08-13 16:24:37.000000000 -0400
18099+++ linux-2.6.32.21/arch/x86/mm/hugetlbpage.c 2010-09-04 15:54:51.000000000 -0400 18417+++ linux-2.6.32.21/arch/x86/mm/hugetlbpage.c 2010-09-17 18:34:04.000000000 -0400
18100@@ -267,13 +267,18 @@ static unsigned long hugetlb_get_unmappe 18418@@ -267,13 +267,18 @@ static unsigned long hugetlb_get_unmappe
18101 struct hstate *h = hstate_file(file); 18419 struct hstate *h = hstate_file(file);
18102 struct mm_struct *mm = current->mm; 18420 struct mm_struct *mm = current->mm;
@@ -18120,7 +18438,7 @@ diff -urNp linux-2.6.32.21/arch/x86/mm/hugetlbpage.c linux-2.6.32.21/arch/x86/mm
18120 } 18438 }
18121 18439
18122 full_search: 18440 full_search:
18123@@ -281,13 +286,13 @@ full_search: 18441@@ -281,26 +286,27 @@ full_search:
18124 18442
18125 for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { 18443 for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
18126 /* At this point: (!vma || addr < vma->vm_end). */ 18444 /* At this point: (!vma || addr < vma->vm_end). */
@@ -18137,18 +18455,38 @@ diff -urNp linux-2.6.32.21/arch/x86/mm/hugetlbpage.c linux-2.6.32.21/arch/x86/mm
18137 mm->cached_hole_size = 0; 18455 mm->cached_hole_size = 0;
18138 goto full_search; 18456 goto full_search;
18139 } 18457 }
18140@@ -310,9 +315,8 @@ static unsigned long hugetlb_get_unmappe 18458 return -ENOMEM;
18459 }
18460- if (!vma || addr + len <= vma->vm_start) {
18461- mm->free_area_cache = addr + len;
18462- return addr;
18463- }
18464+ if (check_heap_stack_gap(vma, addr, len))
18465+ break;
18466 if (addr + mm->cached_hole_size < vma->vm_start)
18467 mm->cached_hole_size = vma->vm_start - addr;
18468 addr = ALIGN(vma->vm_end, huge_page_size(h));
18469 }
18470+
18471+ mm->free_area_cache = addr + len;
18472+ return addr;
18473 }
18474
18475 static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
18476@@ -309,10 +315,9 @@ static unsigned long hugetlb_get_unmappe
18477 {
18141 struct hstate *h = hstate_file(file); 18478 struct hstate *h = hstate_file(file);
18142 struct mm_struct *mm = current->mm; 18479 struct mm_struct *mm = current->mm;
18143 struct vm_area_struct *vma, *prev_vma; 18480- struct vm_area_struct *vma, *prev_vma;
18144- unsigned long base = mm->mmap_base, addr = addr0; 18481- unsigned long base = mm->mmap_base, addr = addr0;
18482+ struct vm_area_struct *vma;
18145+ unsigned long base = mm->mmap_base, addr; 18483+ unsigned long base = mm->mmap_base, addr;
18146 unsigned long largest_hole = mm->cached_hole_size; 18484 unsigned long largest_hole = mm->cached_hole_size;
18147- int first_time = 1; 18485- int first_time = 1;
18148 18486
18149 /* don't allow allocations above current base */ 18487 /* don't allow allocations above current base */
18150 if (mm->free_area_cache > base) 18488 if (mm->free_area_cache > base)
18151@@ -322,7 +326,7 @@ static unsigned long hugetlb_get_unmappe 18489@@ -322,7 +327,7 @@ static unsigned long hugetlb_get_unmappe
18152 largest_hole = 0; 18490 largest_hole = 0;
18153 mm->free_area_cache = base; 18491 mm->free_area_cache = base;
18154 } 18492 }
@@ -18157,7 +18495,51 @@ diff -urNp linux-2.6.32.21/arch/x86/mm/hugetlbpage.c linux-2.6.32.21/arch/x86/mm
18157 /* make sure it can fit in the remaining address space */ 18495 /* make sure it can fit in the remaining address space */
18158 if (mm->free_area_cache < len) 18496 if (mm->free_area_cache < len)
18159 goto fail; 18497 goto fail;
18160@@ -364,22 +368,26 @@ try_again: 18498@@ -330,33 +335,27 @@ try_again:
18499 /* either no address requested or cant fit in requested address hole */
18500 addr = (mm->free_area_cache - len) & huge_page_mask(h);
18501 do {
18502+ vma = find_vma(mm, addr);
18503 /*
18504 * Lookup failure means no vma is above this address,
18505 * i.e. return with success:
18506- */
18507- if (!(vma = find_vma_prev(mm, addr, &prev_vma)))
18508- return addr;
18509-
18510- /*
18511 * new region fits between prev_vma->vm_end and
18512 * vma->vm_start, use it:
18513 */
18514- if (addr + len <= vma->vm_start &&
18515- (!prev_vma || (addr >= prev_vma->vm_end))) {
18516+ if (check_heap_stack_gap(vma, addr, len)) {
18517 /* remember the address as a hint for next time */
18518- mm->cached_hole_size = largest_hole;
18519- return (mm->free_area_cache = addr);
18520- } else {
18521- /* pull free_area_cache down to the first hole */
18522- if (mm->free_area_cache == vma->vm_end) {
18523- mm->free_area_cache = vma->vm_start;
18524- mm->cached_hole_size = largest_hole;
18525- }
18526+ mm->cached_hole_size = largest_hole;
18527+ return (mm->free_area_cache = addr);
18528+ }
18529+ /* pull free_area_cache down to the first hole */
18530+ if (mm->free_area_cache == vma->vm_end) {
18531+ mm->free_area_cache = vma->vm_start;
18532+ mm->cached_hole_size = largest_hole;
18533 }
18534
18535 /* remember the largest hole we saw so far */
18536 if (addr + largest_hole < vma->vm_start)
18537- largest_hole = vma->vm_start - addr;
18538+ largest_hole = vma->vm_start - addr;
18539
18540 /* try just below the current vma->vm_start */
18541 addr = (vma->vm_start - len) & huge_page_mask(h);
18542@@ -364,22 +363,26 @@ try_again:
18161 18543
18162 fail: 18544 fail:
18163 /* 18545 /*
@@ -18195,7 +18577,7 @@ diff -urNp linux-2.6.32.21/arch/x86/mm/hugetlbpage.c linux-2.6.32.21/arch/x86/mm
18195 mm->cached_hole_size = ~0UL; 18577 mm->cached_hole_size = ~0UL;
18196 addr = hugetlb_get_unmapped_area_bottomup(file, addr0, 18578 addr = hugetlb_get_unmapped_area_bottomup(file, addr0,
18197 len, pgoff, flags); 18579 len, pgoff, flags);
18198@@ -387,6 +395,7 @@ fail: 18580@@ -387,6 +390,7 @@ fail:
18199 /* 18581 /*
18200 * Restore the topdown base: 18582 * Restore the topdown base:
18201 */ 18583 */
@@ -18203,7 +18585,7 @@ diff -urNp linux-2.6.32.21/arch/x86/mm/hugetlbpage.c linux-2.6.32.21/arch/x86/mm
18203 mm->free_area_cache = base; 18585 mm->free_area_cache = base;
18204 mm->cached_hole_size = ~0UL; 18586 mm->cached_hole_size = ~0UL;
18205 18587
18206@@ -400,10 +409,17 @@ hugetlb_get_unmapped_area(struct file *f 18588@@ -400,10 +404,17 @@ hugetlb_get_unmapped_area(struct file *f
18207 struct hstate *h = hstate_file(file); 18589 struct hstate *h = hstate_file(file);
18208 struct mm_struct *mm = current->mm; 18590 struct mm_struct *mm = current->mm;
18209 struct vm_area_struct *vma; 18591 struct vm_area_struct *vma;
@@ -18222,15 +18604,16 @@ diff -urNp linux-2.6.32.21/arch/x86/mm/hugetlbpage.c linux-2.6.32.21/arch/x86/mm
18222 return -ENOMEM; 18604 return -ENOMEM;
18223 18605
18224 if (flags & MAP_FIXED) { 18606 if (flags & MAP_FIXED) {
18225@@ -415,7 +431,7 @@ hugetlb_get_unmapped_area(struct file *f 18607@@ -415,8 +426,7 @@ hugetlb_get_unmapped_area(struct file *f
18226 if (addr) { 18608 if (addr) {
18227 addr = ALIGN(addr, huge_page_size(h)); 18609 addr = ALIGN(addr, huge_page_size(h));
18228 vma = find_vma(mm, addr); 18610 vma = find_vma(mm, addr);
18229- if (TASK_SIZE - len >= addr && 18611- if (TASK_SIZE - len >= addr &&
18230+ if (pax_task_size - len >= addr && 18612- (!vma || addr + len <= vma->vm_start))
18231 (!vma || addr + len <= vma->vm_start)) 18613+ if (pax_task_size - len >= addr && check_heap_stack_gap(vma, addr, len))
18232 return addr; 18614 return addr;
18233 } 18615 }
18616 if (mm->get_unmapped_area == arch_get_unmapped_area)
18234diff -urNp linux-2.6.32.21/arch/x86/mm/init_32.c linux-2.6.32.21/arch/x86/mm/init_32.c 18617diff -urNp linux-2.6.32.21/arch/x86/mm/init_32.c linux-2.6.32.21/arch/x86/mm/init_32.c
18235--- linux-2.6.32.21/arch/x86/mm/init_32.c 2010-08-13 16:24:37.000000000 -0400 18618--- linux-2.6.32.21/arch/x86/mm/init_32.c 2010-08-13 16:24:37.000000000 -0400
18236+++ linux-2.6.32.21/arch/x86/mm/init_32.c 2010-09-04 15:54:51.000000000 -0400 18619+++ linux-2.6.32.21/arch/x86/mm/init_32.c 2010-09-04 15:54:51.000000000 -0400
@@ -18602,7 +18985,7 @@ diff -urNp linux-2.6.32.21/arch/x86/mm/init_64.c linux-2.6.32.21/arch/x86/mm/ini
18602 return "[vsyscall]"; 18985 return "[vsyscall]";
18603diff -urNp linux-2.6.32.21/arch/x86/mm/init.c linux-2.6.32.21/arch/x86/mm/init.c 18986diff -urNp linux-2.6.32.21/arch/x86/mm/init.c linux-2.6.32.21/arch/x86/mm/init.c
18604--- linux-2.6.32.21/arch/x86/mm/init.c 2010-08-13 16:24:37.000000000 -0400 18987--- linux-2.6.32.21/arch/x86/mm/init.c 2010-08-13 16:24:37.000000000 -0400
18605+++ linux-2.6.32.21/arch/x86/mm/init.c 2010-09-04 15:54:51.000000000 -0400 18988+++ linux-2.6.32.21/arch/x86/mm/init.c 2010-09-16 22:50:17.000000000 -0400
18606@@ -69,11 +69,7 @@ static void __init find_early_table_spac 18989@@ -69,11 +69,7 @@ static void __init find_early_table_spac
18607 * cause a hotspot and fill up ZONE_DMA. The page tables 18990 * cause a hotspot and fill up ZONE_DMA. The page tables
18608 * need roughly 0.5KB per GB. 18991 * need roughly 0.5KB per GB.
@@ -18616,6 +18999,15 @@ diff -urNp linux-2.6.32.21/arch/x86/mm/init.c linux-2.6.32.21/arch/x86/mm/init.c
18616 e820_table_start = find_e820_area(start, max_pfn_mapped<<PAGE_SHIFT, 18999 e820_table_start = find_e820_area(start, max_pfn_mapped<<PAGE_SHIFT,
18617 tables, PAGE_SIZE); 19000 tables, PAGE_SIZE);
18618 if (e820_table_start == -1UL) 19001 if (e820_table_start == -1UL)
19002@@ -147,7 +143,7 @@ unsigned long __init_refok init_memory_m
19003 #endif
19004
19005 set_nx();
19006- if (nx_enabled)
19007+ if (nx_enabled && cpu_has_nx)
19008 printk(KERN_INFO "NX (Execute Disable) protection: active\n");
19009
19010 /* Enable PSE if available */
18619@@ -331,7 +327,13 @@ unsigned long __init_refok init_memory_m 19011@@ -331,7 +327,13 @@ unsigned long __init_refok init_memory_m
18620 */ 19012 */
18621 int devmem_is_allowed(unsigned long pagenr) 19013 int devmem_is_allowed(unsigned long pagenr)
@@ -20213,7 +20605,7 @@ diff -urNp linux-2.6.32.21/arch/x86/vdso/vma.c linux-2.6.32.21/arch/x86/vdso/vma
20213-__setup("vdso=", vdso_setup); 20605-__setup("vdso=", vdso_setup);
20214diff -urNp linux-2.6.32.21/arch/x86/xen/enlighten.c linux-2.6.32.21/arch/x86/xen/enlighten.c 20606diff -urNp linux-2.6.32.21/arch/x86/xen/enlighten.c linux-2.6.32.21/arch/x86/xen/enlighten.c
20215--- linux-2.6.32.21/arch/x86/xen/enlighten.c 2010-08-13 16:24:37.000000000 -0400 20607--- linux-2.6.32.21/arch/x86/xen/enlighten.c 2010-08-13 16:24:37.000000000 -0400
20216+++ linux-2.6.32.21/arch/x86/xen/enlighten.c 2010-09-04 15:54:51.000000000 -0400 20608+++ linux-2.6.32.21/arch/x86/xen/enlighten.c 2010-09-17 17:30:16.000000000 -0400
20217@@ -71,8 +71,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); 20609@@ -71,8 +71,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
20218 20610
20219 struct shared_info xen_dummy_shared_info; 20611 struct shared_info xen_dummy_shared_info;
@@ -20241,10 +20633,10 @@ diff -urNp linux-2.6.32.21/arch/x86/xen/enlighten.c linux-2.6.32.21/arch/x86/xen
20241- check_efer(); 20633- check_efer();
20242+#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE) 20634+#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
20243+ if ((cpuid_eax(0x80000000) & 0xffff0000) == 0x80000000 && 20635+ if ((cpuid_eax(0x80000000) & 0xffff0000) == 0x80000000 &&
20244+ (cpuid_edx(0x80000001) & (1 << (X86_FEATURE_NX & 31)))) { 20636+ (cpuid_edx(0x80000001) & (1U << (X86_FEATURE_NX & 31)))) {
20245+ unsigned l, h; 20637+ unsigned l, h;
20246+ 20638+
20247+#if defined(CONFIG_X86_32) 20639+#ifdef CONFIG_X86_PAE
20248+ nx_enabled = 1; 20640+ nx_enabled = 1;
20249+#endif 20641+#endif
20250+ __supported_pte_mask |= _PAGE_NX; 20642+ __supported_pte_mask |= _PAGE_NX;
@@ -31772,19 +32164,6 @@ diff -urNp linux-2.6.32.21/fs/ext4/balloc.c linux-2.6.32.21/fs/ext4/balloc.c
31772 if (free_blocks >= (nblocks + dirty_blocks)) 32164 if (free_blocks >= (nblocks + dirty_blocks))
31773 return 1; 32165 return 1;
31774 } 32166 }
31775diff -urNp linux-2.6.32.21/fs/ext4/ioctl.c linux-2.6.32.21/fs/ext4/ioctl.c
31776--- linux-2.6.32.21/fs/ext4/ioctl.c 2010-08-13 16:24:37.000000000 -0400
31777+++ linux-2.6.32.21/fs/ext4/ioctl.c 2010-09-04 15:54:52.000000000 -0400
31778@@ -230,6 +230,9 @@ setversion_out:
31779 struct file *donor_filp;
31780 int err;
31781
31782+ /* temporary workaround for bugs in here */
31783+ return -EOPNOTSUPP;
31784+
31785 if (!(filp->f_mode & FMODE_READ) ||
31786 !(filp->f_mode & FMODE_WRITE))
31787 return -EBADF;
31788diff -urNp linux-2.6.32.21/fs/ext4/namei.c linux-2.6.32.21/fs/ext4/namei.c 32167diff -urNp linux-2.6.32.21/fs/ext4/namei.c linux-2.6.32.21/fs/ext4/namei.c
31789--- linux-2.6.32.21/fs/ext4/namei.c 2010-08-13 16:24:37.000000000 -0400 32168--- linux-2.6.32.21/fs/ext4/namei.c 2010-08-13 16:24:37.000000000 -0400
31790+++ linux-2.6.32.21/fs/ext4/namei.c 2010-09-04 15:54:52.000000000 -0400 32169+++ linux-2.6.32.21/fs/ext4/namei.c 2010-09-04 15:54:52.000000000 -0400
@@ -34418,7 +34797,7 @@ diff -urNp linux-2.6.32.21/fs/proc/root.c linux-2.6.32.21/fs/proc/root.c
34418 34797
34419diff -urNp linux-2.6.32.21/fs/proc/task_mmu.c linux-2.6.32.21/fs/proc/task_mmu.c 34798diff -urNp linux-2.6.32.21/fs/proc/task_mmu.c linux-2.6.32.21/fs/proc/task_mmu.c
34420--- linux-2.6.32.21/fs/proc/task_mmu.c 2010-08-29 21:08:16.000000000 -0400 34799--- linux-2.6.32.21/fs/proc/task_mmu.c 2010-08-29 21:08:16.000000000 -0400
34421+++ linux-2.6.32.21/fs/proc/task_mmu.c 2010-09-04 15:54:52.000000000 -0400 34800+++ linux-2.6.32.21/fs/proc/task_mmu.c 2010-09-17 18:40:06.000000000 -0400
34422@@ -46,15 +46,26 @@ void task_mem(struct seq_file *m, struct 34801@@ -46,15 +46,26 @@ void task_mem(struct seq_file *m, struct
34423 "VmStk:\t%8lu kB\n" 34802 "VmStk:\t%8lu kB\n"
34424 "VmExe:\t%8lu kB\n" 34803 "VmExe:\t%8lu kB\n"
@@ -34462,15 +34841,30 @@ diff -urNp linux-2.6.32.21/fs/proc/task_mmu.c linux-2.6.32.21/fs/proc/task_mmu.c
34462 static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma) 34841 static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma)
34463 { 34842 {
34464 struct mm_struct *mm = vma->vm_mm; 34843 struct mm_struct *mm = vma->vm_mm;
34465@@ -223,13 +240,22 @@ static void show_map_vma(struct seq_file 34844@@ -206,7 +223,6 @@ static void show_map_vma(struct seq_file
34466 start += PAGE_SIZE; 34845 int flags = vma->vm_flags;
34846 unsigned long ino = 0;
34847 unsigned long long pgoff = 0;
34848- unsigned long start;
34849 dev_t dev = 0;
34850 int len;
34851
34852@@ -217,19 +233,23 @@ static void show_map_vma(struct seq_file
34853 pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT;
34854 }
34467 34855
34856- /* We don't show the stack guard page in /proc/maps */
34857- start = vma->vm_start;
34858- if (vma->vm_flags & VM_GROWSDOWN)
34859- start += PAGE_SIZE;
34860-
34468 seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu %n", 34861 seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu %n",
34862- start,
34469+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP 34863+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
34470+ PAX_RAND_FLAGS(mm) ? 0UL : start, 34864+ PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_start,
34471+ PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_end, 34865+ PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_end,
34472+#else 34866+#else
34473 start, 34867+ vma->vm_start,
34474 vma->vm_end, 34868 vma->vm_end,
34475+#endif 34869+#endif
34476 flags & VM_READ ? 'r' : '-', 34870 flags & VM_READ ? 'r' : '-',
@@ -34485,7 +34879,7 @@ diff -urNp linux-2.6.32.21/fs/proc/task_mmu.c linux-2.6.32.21/fs/proc/task_mmu.c
34485 MAJOR(dev), MINOR(dev), ino, &len); 34879 MAJOR(dev), MINOR(dev), ino, &len);
34486 34880
34487 /* 34881 /*
34488@@ -238,16 +264,16 @@ static void show_map_vma(struct seq_file 34882@@ -238,16 +258,16 @@ static void show_map_vma(struct seq_file
34489 */ 34883 */
34490 if (file) { 34884 if (file) {
34491 pad_len_spaces(m, len); 34885 pad_len_spaces(m, len);
@@ -34507,7 +34901,7 @@ diff -urNp linux-2.6.32.21/fs/proc/task_mmu.c linux-2.6.32.21/fs/proc/task_mmu.c
34507 name = "[stack]"; 34901 name = "[stack]";
34508 } 34902 }
34509 } else { 34903 } else {
34510@@ -390,9 +416,16 @@ static int show_smap(struct seq_file *m, 34904@@ -390,9 +410,16 @@ static int show_smap(struct seq_file *m,
34511 }; 34905 };
34512 34906
34513 memset(&mss, 0, sizeof mss); 34907 memset(&mss, 0, sizeof mss);
@@ -34527,7 +34921,7 @@ diff -urNp linux-2.6.32.21/fs/proc/task_mmu.c linux-2.6.32.21/fs/proc/task_mmu.c
34527 34921
34528 show_map_vma(m, vma); 34922 show_map_vma(m, vma);
34529 34923
34530@@ -408,7 +441,11 @@ static int show_smap(struct seq_file *m, 34924@@ -408,7 +435,11 @@ static int show_smap(struct seq_file *m,
34531 "Swap: %8lu kB\n" 34925 "Swap: %8lu kB\n"
34532 "KernelPageSize: %8lu kB\n" 34926 "KernelPageSize: %8lu kB\n"
34533 "MMUPageSize: %8lu kB\n", 34927 "MMUPageSize: %8lu kB\n",
@@ -41692,8 +42086,8 @@ diff -urNp linux-2.6.32.21/grsecurity/grsec_fork.c linux-2.6.32.21/grsecurity/gr
41692+} 42086+}
41693diff -urNp linux-2.6.32.21/grsecurity/grsec_init.c linux-2.6.32.21/grsecurity/grsec_init.c 42087diff -urNp linux-2.6.32.21/grsecurity/grsec_init.c linux-2.6.32.21/grsecurity/grsec_init.c
41694--- linux-2.6.32.21/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500 42088--- linux-2.6.32.21/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
41695+++ linux-2.6.32.21/grsecurity/grsec_init.c 2010-09-04 15:54:52.000000000 -0400 42089+++ linux-2.6.32.21/grsecurity/grsec_init.c 2010-09-17 19:24:55.000000000 -0400
41696@@ -0,0 +1,258 @@ 42090@@ -0,0 +1,266 @@
41697+#include <linux/kernel.h> 42091+#include <linux/kernel.h>
41698+#include <linux/sched.h> 42092+#include <linux/sched.h>
41699+#include <linux/mm.h> 42093+#include <linux/mm.h>
@@ -41742,6 +42136,7 @@ diff -urNp linux-2.6.32.21/grsecurity/grsec_init.c linux-2.6.32.21/grsecurity/gr
41742+#endif 42136+#endif
41743+int grsec_lastack_retries; 42137+int grsec_lastack_retries;
41744+int grsec_enable_tpe_all; 42138+int grsec_enable_tpe_all;
42139+int grsec_enable_tpe_invert;
41745+int grsec_enable_socket_all; 42140+int grsec_enable_socket_all;
41746+int grsec_socket_all_gid; 42141+int grsec_socket_all_gid;
41747+int grsec_enable_socket_client; 42142+int grsec_enable_socket_client;
@@ -41832,6 +42227,13 @@ diff -urNp linux-2.6.32.21/grsecurity/grsec_init.c linux-2.6.32.21/grsecurity/gr
41832+#endif 42227+#endif
41833+#endif 42228+#endif
41834+ 42229+
42230+#ifdef CONFIG_GRKERNSEC_TPE_INVERT
42231+ /* for backward compatibility, tpe_invert always defaults to on if
42232+ enabled in the kernel
42233+ */
42234+ grsec_enable_tpe_invert = 1;
42235+#endif
42236+
41835+#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON) 42237+#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON)
41836+#ifndef CONFIG_GRKERNSEC_SYSCTL 42238+#ifndef CONFIG_GRKERNSEC_SYSCTL
41837+ grsec_lock = 1; 42239+ grsec_lock = 1;
@@ -42828,8 +43230,8 @@ diff -urNp linux-2.6.32.21/grsecurity/grsec_sock.c linux-2.6.32.21/grsecurity/gr
42828+} 43230+}
42829diff -urNp linux-2.6.32.21/grsecurity/grsec_sysctl.c linux-2.6.32.21/grsecurity/grsec_sysctl.c 43231diff -urNp linux-2.6.32.21/grsecurity/grsec_sysctl.c linux-2.6.32.21/grsecurity/grsec_sysctl.c
42830--- linux-2.6.32.21/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500 43232--- linux-2.6.32.21/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
42831+++ linux-2.6.32.21/grsecurity/grsec_sysctl.c 2010-09-04 15:54:52.000000000 -0400 43233+++ linux-2.6.32.21/grsecurity/grsec_sysctl.c 2010-09-17 19:22:27.000000000 -0400
42832@@ -0,0 +1,459 @@ 43234@@ -0,0 +1,469 @@
42833+#include <linux/kernel.h> 43235+#include <linux/kernel.h>
42834+#include <linux/sched.h> 43236+#include <linux/sched.h>
42835+#include <linux/sysctl.h> 43237+#include <linux/sysctl.h>
@@ -43103,6 +43505,16 @@ diff -urNp linux-2.6.32.21/grsecurity/grsec_sysctl.c linux-2.6.32.21/grsecurity/
43103+ .proc_handler = &proc_dointvec, 43505+ .proc_handler = &proc_dointvec,
43104+ }, 43506+ },
43105+#endif 43507+#endif
43508+#ifdef CONFIG_GRKERNSEC_TPE_INVERT
43509+ {
43510+ .ctl_name = CTL_UNNUMBERED,
43511+ .procname = "tpe_invert",
43512+ .data = &grsec_enable_tpe_invert,
43513+ .maxlen = sizeof(int),
43514+ .mode = 0600,
43515+ .proc_handler = &proc_dointvec,
43516+ },
43517+#endif
43106+#ifdef CONFIG_GRKERNSEC_TPE_ALL 43518+#ifdef CONFIG_GRKERNSEC_TPE_ALL
43107+ { 43519+ {
43108+ .ctl_name = CTL_UNNUMBERED, 43520+ .ctl_name = CTL_UNNUMBERED,
@@ -43328,8 +43740,8 @@ diff -urNp linux-2.6.32.21/grsecurity/grsec_time.c linux-2.6.32.21/grsecurity/gr
43328+} 43740+}
43329diff -urNp linux-2.6.32.21/grsecurity/grsec_tpe.c linux-2.6.32.21/grsecurity/grsec_tpe.c 43741diff -urNp linux-2.6.32.21/grsecurity/grsec_tpe.c linux-2.6.32.21/grsecurity/grsec_tpe.c
43330--- linux-2.6.32.21/grsecurity/grsec_tpe.c 1969-12-31 19:00:00.000000000 -0500 43742--- linux-2.6.32.21/grsecurity/grsec_tpe.c 1969-12-31 19:00:00.000000000 -0500
43331+++ linux-2.6.32.21/grsecurity/grsec_tpe.c 2010-09-04 15:54:52.000000000 -0400 43743+++ linux-2.6.32.21/grsecurity/grsec_tpe.c 2010-09-17 19:28:20.000000000 -0400
43332@@ -0,0 +1,38 @@ 43744@@ -0,0 +1,39 @@
43333+#include <linux/kernel.h> 43745+#include <linux/kernel.h>
43334+#include <linux/sched.h> 43746+#include <linux/sched.h>
43335+#include <linux/file.h> 43747+#include <linux/file.h>
@@ -43347,7 +43759,8 @@ diff -urNp linux-2.6.32.21/grsecurity/grsec_tpe.c linux-2.6.32.21/grsecurity/grs
43347+ 43759+
43348+ if (cred->uid && ((grsec_enable_tpe && 43760+ if (cred->uid && ((grsec_enable_tpe &&
43349+#ifdef CONFIG_GRKERNSEC_TPE_INVERT 43761+#ifdef CONFIG_GRKERNSEC_TPE_INVERT
43350+ !in_group_p(grsec_tpe_gid) 43762+ ((grsec_enable_tpe_invert && !in_group_p(grsec_tpe_gid)) ||
43763+ (!grsec_enable_tpe_invert && in_group_p(grsec_tpe_gid)))
43351+#else 43764+#else
43352+ in_group_p(grsec_tpe_gid) 43765+ in_group_p(grsec_tpe_gid)
43353+#endif 43766+#endif
@@ -43435,8 +43848,8 @@ diff -urNp linux-2.6.32.21/grsecurity/grsum.c linux-2.6.32.21/grsecurity/grsum.c
43435+} 43848+}
43436diff -urNp linux-2.6.32.21/grsecurity/Kconfig linux-2.6.32.21/grsecurity/Kconfig 43849diff -urNp linux-2.6.32.21/grsecurity/Kconfig linux-2.6.32.21/grsecurity/Kconfig
43437--- linux-2.6.32.21/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500 43850--- linux-2.6.32.21/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
43438+++ linux-2.6.32.21/grsecurity/Kconfig 2010-09-14 21:34:38.000000000 -0400 43851+++ linux-2.6.32.21/grsecurity/Kconfig 2010-09-17 19:36:28.000000000 -0400
43439@@ -0,0 +1,987 @@ 43852@@ -0,0 +1,986 @@
43440+# 43853+#
43441+# grecurity configuration 43854+# grecurity configuration
43442+# 43855+#
@@ -43588,7 +44001,7 @@ diff -urNp linux-2.6.32.21/grsecurity/Kconfig linux-2.6.32.21/grsecurity/Kconfig
43588+ select PAX_PT_PAX_FLAGS 44001+ select PAX_PT_PAX_FLAGS
43589+ select PAX_HAVE_ACL_FLAGS 44002+ select PAX_HAVE_ACL_FLAGS
43590+ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN) 44003+ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
43591+ select PAX_MEMORY_UDEREF if (X86_32 && !XEN) 44004+ select PAX_MEMORY_UDEREF if (X86 && !XEN)
43592+ select PAX_RANDKSTACK if (X86_TSC && !X86_64) 44005+ select PAX_RANDKSTACK if (X86_TSC && !X86_64)
43593+ select PAX_SEGMEXEC if (X86_32) 44006+ select PAX_SEGMEXEC if (X86_32)
43594+ select PAX_PAGEEXEC 44007+ select PAX_PAGEEXEC
@@ -44197,11 +44610,14 @@ diff -urNp linux-2.6.32.21/grsecurity/Kconfig linux-2.6.32.21/grsecurity/Kconfig
44197+ is enabled, a sysctl option with name "tpe" is created. 44610+ is enabled, a sysctl option with name "tpe" is created.
44198+ 44611+
44199+config GRKERNSEC_TPE_ALL 44612+config GRKERNSEC_TPE_ALL
44200+ bool "Partially restrict non-root users" 44613+ bool "Partially restrict all non-root users"
44201+ depends on GRKERNSEC_TPE 44614+ depends on GRKERNSEC_TPE
44202+ help 44615+ help
44203+ If you say Y here, All non-root users other than the ones in the 44616+ If you say Y here, all non-root users will be covered under
44204+ group specified in the main TPE option will only be allowed to 44617+ a weaker TPE restriction. This is separate from, and in addition to,
44618+ the main TPE options that you have selected elsewhere. Thus, if a
44619+ "trusted" GID is chosen, this restriction applies to even that GID.
44620+ Under this restriction, all non-root users will only be allowed to
44205+ execute files in directories they own that are not group or 44621+ execute files in directories they own that are not group or
44206+ world-writable, or in directories owned by root and writable only by 44622+ world-writable, or in directories owned by root and writable only by
44207+ root. If the sysctl option is enabled, a sysctl option with name 44623+ root. If the sysctl option is enabled, a sysctl option with name
@@ -44214,31 +44630,27 @@ diff -urNp linux-2.6.32.21/grsecurity/Kconfig linux-2.6.32.21/grsecurity/Kconfig
44214+ If you say Y here, the group you specify in the TPE configuration will 44630+ If you say Y here, the group you specify in the TPE configuration will
44215+ decide what group TPE restrictions will be *disabled* for. This 44631+ decide what group TPE restrictions will be *disabled* for. This
44216+ option is useful if you want TPE restrictions to be applied to most 44632+ option is useful if you want TPE restrictions to be applied to most
44217+ users on the system. 44633+ users on the system. If the sysctl option is enabled, a sysctl option
44634+ with name "tpe_invert" is created. Unlike other sysctl options, this
44635+ entry will default to on for backward-compatibility.
44218+ 44636+
44219+config GRKERNSEC_TPE_GID 44637+config GRKERNSEC_TPE_GID
44220+ int "GID for untrusted users" 44638+ int "GID for untrusted users"
44221+ depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT 44639+ depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
44222+ default 1005 44640+ default 1005
44223+ help 44641+ help
44224+ If you have selected the "Invert GID option" above, setting this 44642+ Setting this GID determines what group TPE restrictions will be
44225+ GID determines what group TPE restrictions will be *disabled* for. 44643+ *enabled* for. If the sysctl option is enabled, a sysctl option
44226+ If you have not selected the "Invert GID option" above, setting this 44644+ with name "tpe_gid" is created.
44227+ GID determines what group TPE restrictions will be *enabled* for.
44228+ If the sysctl option is enabled, a sysctl option with name "tpe_gid"
44229+ is created.
44230+ 44645+
44231+config GRKERNSEC_TPE_GID 44646+config GRKERNSEC_TPE_GID
44232+ int "GID for trusted users" 44647+ int "GID for trusted users"
44233+ depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT 44648+ depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
44234+ default 1005 44649+ default 1005
44235+ help 44650+ help
44236+ If you have selected the "Invert GID option" above, setting this 44651+ Setting this GID determines what group TPE restrictions will be
44237+ GID determines what group TPE restrictions will be *disabled* for. 44652+ *disabled* for. If the sysctl option is enabled, a sysctl option
44238+ If you have not selected the "Invert GID option" above, setting this 44653+ with name "tpe_gid" is created.
44239+ GID determines what group TPE restrictions will be *enabled* for.
44240+ If the sysctl option is enabled, a sysctl option with name "tpe_gid"
44241+ is created.
44242+ 44654+
44243+endmenu 44655+endmenu
44244+menu "Network Protections" 44656+menu "Network Protections"
@@ -46216,7 +46628,7 @@ diff -urNp linux-2.6.32.21/include/linux/grdefs.h linux-2.6.32.21/include/linux/
46216+#endif 46628+#endif
46217diff -urNp linux-2.6.32.21/include/linux/grinternal.h linux-2.6.32.21/include/linux/grinternal.h 46629diff -urNp linux-2.6.32.21/include/linux/grinternal.h linux-2.6.32.21/include/linux/grinternal.h
46218--- linux-2.6.32.21/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500 46630--- linux-2.6.32.21/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
46219+++ linux-2.6.32.21/include/linux/grinternal.h 2010-09-04 15:54:52.000000000 -0400 46631+++ linux-2.6.32.21/include/linux/grinternal.h 2010-09-17 19:39:50.000000000 -0400
46220@@ -0,0 +1,211 @@ 46632@@ -0,0 +1,211 @@
46221+#ifndef __GRINTERNAL_H 46633+#ifndef __GRINTERNAL_H
46222+#define __GRINTERNAL_H 46634+#define __GRINTERNAL_H
@@ -46282,7 +46694,7 @@ diff -urNp linux-2.6.32.21/include/linux/grinternal.h linux-2.6.32.21/include/li
46282+extern int grsec_enable_tpe; 46694+extern int grsec_enable_tpe;
46283+extern int grsec_tpe_gid; 46695+extern int grsec_tpe_gid;
46284+extern int grsec_enable_tpe_all; 46696+extern int grsec_enable_tpe_all;
46285+extern int grsec_enable_sidcaps; 46697+extern int grsec_enable_tpe_invert;
46286+extern int grsec_enable_socket_all; 46698+extern int grsec_enable_socket_all;
46287+extern int grsec_socket_all_gid; 46699+extern int grsec_socket_all_gid;
46288+extern int grsec_enable_socket_client; 46700+extern int grsec_enable_socket_client;
@@ -47499,7 +47911,7 @@ diff -urNp linux-2.6.32.21/include/linux/reiserfs_fs_sb.h linux-2.6.32.21/includ
47499 on-disk FS format */ 47911 on-disk FS format */
47500diff -urNp linux-2.6.32.21/include/linux/sched.h linux-2.6.32.21/include/linux/sched.h 47912diff -urNp linux-2.6.32.21/include/linux/sched.h linux-2.6.32.21/include/linux/sched.h
47501--- linux-2.6.32.21/include/linux/sched.h 2010-08-13 16:24:37.000000000 -0400 47913--- linux-2.6.32.21/include/linux/sched.h 2010-08-13 16:24:37.000000000 -0400
47502+++ linux-2.6.32.21/include/linux/sched.h 2010-09-14 18:41:02.000000000 -0400 47914+++ linux-2.6.32.21/include/linux/sched.h 2010-09-17 18:34:04.000000000 -0400
47503@@ -101,6 +101,7 @@ struct bio; 47915@@ -101,6 +101,7 @@ struct bio;
47504 struct fs_struct; 47916 struct fs_struct;
47505 struct bts_context; 47917 struct bts_context;
@@ -47508,7 +47920,19 @@ diff -urNp linux-2.6.32.21/include/linux/sched.h linux-2.6.32.21/include/linux/s
47508 47920
47509 /* 47921 /*
47510 * List of flags we want to share for kernel threads, 47922 * List of flags we want to share for kernel threads,
47511@@ -667,6 +668,15 @@ struct signal_struct { 47923@@ -372,9 +373,11 @@ struct user_namespace;
47924 #define DEFAULT_MAX_MAP_COUNT (USHORT_MAX - MAPCOUNT_ELF_CORE_MARGIN)
47925
47926 extern int sysctl_max_map_count;
47927+extern unsigned long sysctl_heap_stack_gap;
47928
47929 #include <linux/aio.h>
47930
47931+extern bool check_heap_stack_gap(struct vm_area_struct *vma, unsigned long addr, unsigned long len);
47932 extern unsigned long
47933 arch_get_unmapped_area(struct file *, unsigned long, unsigned long,
47934 unsigned long, unsigned long);
47935@@ -667,6 +670,15 @@ struct signal_struct {
47512 struct tty_audit_buf *tty_audit_buf; 47936 struct tty_audit_buf *tty_audit_buf;
47513 #endif 47937 #endif
47514 47938
@@ -47524,7 +47948,7 @@ diff -urNp linux-2.6.32.21/include/linux/sched.h linux-2.6.32.21/include/linux/s
47524 int oom_adj; /* OOM kill score adjustment (bit shift) */ 47948 int oom_adj; /* OOM kill score adjustment (bit shift) */
47525 }; 47949 };
47526 47950
47527@@ -1220,7 +1230,7 @@ struct rcu_node; 47951@@ -1220,7 +1232,7 @@ struct rcu_node;
47528 47952
47529 struct task_struct { 47953 struct task_struct {
47530 volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */ 47954 volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */
@@ -47533,7 +47957,7 @@ diff -urNp linux-2.6.32.21/include/linux/sched.h linux-2.6.32.21/include/linux/s
47533 atomic_t usage; 47957 atomic_t usage;
47534 unsigned int flags; /* per process flags, defined below */ 47958 unsigned int flags; /* per process flags, defined below */
47535 unsigned int ptrace; 47959 unsigned int ptrace;
47536@@ -1332,8 +1342,8 @@ struct task_struct { 47960@@ -1332,8 +1344,8 @@ struct task_struct {
47537 struct list_head thread_group; 47961 struct list_head thread_group;
47538 47962
47539 struct completion *vfork_done; /* for vfork() */ 47963 struct completion *vfork_done; /* for vfork() */
@@ -47544,7 +47968,7 @@ diff -urNp linux-2.6.32.21/include/linux/sched.h linux-2.6.32.21/include/linux/s
47544 47968
47545 cputime_t utime, stime, utimescaled, stimescaled; 47969 cputime_t utime, stime, utimescaled, stimescaled;
47546 cputime_t gtime; 47970 cputime_t gtime;
47547@@ -1347,16 +1357,6 @@ struct task_struct { 47971@@ -1347,16 +1359,6 @@ struct task_struct {
47548 struct task_cputime cputime_expires; 47972 struct task_cputime cputime_expires;
47549 struct list_head cpu_timers[3]; 47973 struct list_head cpu_timers[3];
47550 47974
@@ -47561,7 +47985,7 @@ diff -urNp linux-2.6.32.21/include/linux/sched.h linux-2.6.32.21/include/linux/s
47561 char comm[TASK_COMM_LEN]; /* executable name excluding path 47985 char comm[TASK_COMM_LEN]; /* executable name excluding path
47562 - access with [gs]et_task_comm (which lock 47986 - access with [gs]et_task_comm (which lock
47563 it with task_lock()) 47987 it with task_lock())
47564@@ -1440,6 +1440,15 @@ struct task_struct { 47988@@ -1440,6 +1442,15 @@ struct task_struct {
47565 int hardirq_context; 47989 int hardirq_context;
47566 int softirq_context; 47990 int softirq_context;
47567 #endif 47991 #endif
@@ -47577,7 +48001,7 @@ diff -urNp linux-2.6.32.21/include/linux/sched.h linux-2.6.32.21/include/linux/s
47577 #ifdef CONFIG_LOCKDEP 48001 #ifdef CONFIG_LOCKDEP
47578 # define MAX_LOCK_DEPTH 48UL 48002 # define MAX_LOCK_DEPTH 48UL
47579 u64 curr_chain_key; 48003 u64 curr_chain_key;
47580@@ -1460,6 +1469,9 @@ struct task_struct { 48004@@ -1460,6 +1471,9 @@ struct task_struct {
47581 48005
47582 struct backing_dev_info *backing_dev_info; 48006 struct backing_dev_info *backing_dev_info;
47583 48007
@@ -47587,7 +48011,7 @@ diff -urNp linux-2.6.32.21/include/linux/sched.h linux-2.6.32.21/include/linux/s
47587 struct io_context *io_context; 48011 struct io_context *io_context;
47588 48012
47589 unsigned long ptrace_message; 48013 unsigned long ptrace_message;
47590@@ -1523,6 +1535,20 @@ struct task_struct { 48014@@ -1523,6 +1537,20 @@ struct task_struct {
47591 unsigned long default_timer_slack_ns; 48015 unsigned long default_timer_slack_ns;
47592 48016
47593 struct list_head *scm_work_list; 48017 struct list_head *scm_work_list;
@@ -47608,7 +48032,7 @@ diff -urNp linux-2.6.32.21/include/linux/sched.h linux-2.6.32.21/include/linux/s
47608 #ifdef CONFIG_FUNCTION_GRAPH_TRACER 48032 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
47609 /* Index of current stored adress in ret_stack */ 48033 /* Index of current stored adress in ret_stack */
47610 int curr_ret_stack; 48034 int curr_ret_stack;
47611@@ -1546,6 +1572,52 @@ struct task_struct { 48035@@ -1546,6 +1574,52 @@ struct task_struct {
47612 #endif /* CONFIG_TRACING */ 48036 #endif /* CONFIG_TRACING */
47613 }; 48037 };
47614 48038
@@ -47661,7 +48085,7 @@ diff -urNp linux-2.6.32.21/include/linux/sched.h linux-2.6.32.21/include/linux/s
47661 /* Future-safe accessor for struct task_struct's cpus_allowed. */ 48085 /* Future-safe accessor for struct task_struct's cpus_allowed. */
47662 #define tsk_cpumask(tsk) (&(tsk)->cpus_allowed) 48086 #define tsk_cpumask(tsk) (&(tsk)->cpus_allowed)
47663 48087
47664@@ -2146,7 +2218,7 @@ extern void __cleanup_sighand(struct sig 48088@@ -2146,7 +2220,7 @@ extern void __cleanup_sighand(struct sig
47665 extern void exit_itimers(struct signal_struct *); 48089 extern void exit_itimers(struct signal_struct *);
47666 extern void flush_itimer_signals(void); 48090 extern void flush_itimer_signals(void);
47667 48091
@@ -47670,7 +48094,7 @@ diff -urNp linux-2.6.32.21/include/linux/sched.h linux-2.6.32.21/include/linux/s
47670 48094
47671 extern void daemonize(const char *, ...); 48095 extern void daemonize(const char *, ...);
47672 extern int allow_signal(int); 48096 extern int allow_signal(int);
47673@@ -2259,8 +2331,8 @@ static inline void unlock_task_sighand(s 48097@@ -2259,8 +2333,8 @@ static inline void unlock_task_sighand(s
47674 48098
47675 #ifndef __HAVE_THREAD_FUNCTIONS 48099 #ifndef __HAVE_THREAD_FUNCTIONS
47676 48100
@@ -47681,7 +48105,7 @@ diff -urNp linux-2.6.32.21/include/linux/sched.h linux-2.6.32.21/include/linux/s
47681 48105
47682 static inline void setup_thread_stack(struct task_struct *p, struct task_struct *org) 48106 static inline void setup_thread_stack(struct task_struct *p, struct task_struct *org)
47683 { 48107 {
47684@@ -2275,13 +2347,17 @@ static inline unsigned long *end_of_stac 48108@@ -2275,13 +2349,17 @@ static inline unsigned long *end_of_stac
47685 48109
47686 #endif 48110 #endif
47687 48111
@@ -49315,7 +49739,7 @@ diff -urNp linux-2.6.32.21/kernel/fork.c linux-2.6.32.21/kernel/fork.c
49315 new_fs = fs; 49739 new_fs = fs;
49316diff -urNp linux-2.6.32.21/kernel/futex.c linux-2.6.32.21/kernel/futex.c 49740diff -urNp linux-2.6.32.21/kernel/futex.c linux-2.6.32.21/kernel/futex.c
49317--- linux-2.6.32.21/kernel/futex.c 2010-08-13 16:24:37.000000000 -0400 49741--- linux-2.6.32.21/kernel/futex.c 2010-08-13 16:24:37.000000000 -0400
49318+++ linux-2.6.32.21/kernel/futex.c 2010-09-04 15:54:52.000000000 -0400 49742+++ linux-2.6.32.21/kernel/futex.c 2010-09-17 17:43:01.000000000 -0400
49319@@ -54,6 +54,7 @@ 49743@@ -54,6 +54,7 @@
49320 #include <linux/mount.h> 49744 #include <linux/mount.h>
49321 #include <linux/pagemap.h> 49745 #include <linux/pagemap.h>
@@ -49345,19 +49769,17 @@ diff -urNp linux-2.6.32.21/kernel/futex.c linux-2.6.32.21/kernel/futex.c
49345 restart->futex.val = val; 49769 restart->futex.val = val;
49346 restart->futex.time = abs_time->tv64; 49770 restart->futex.time = abs_time->tv64;
49347 restart->futex.bitset = bitset; 49771 restart->futex.bitset = bitset;
49348@@ -2376,7 +2382,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pi 49772@@ -2376,7 +2382,9 @@ SYSCALL_DEFINE3(get_robust_list, int, pi
49349 { 49773 {
49350 struct robust_list_head __user *head; 49774 struct robust_list_head __user *head;
49351 unsigned long ret; 49775 unsigned long ret;
49352- const struct cred *cred = current_cred(), *pcred;
49353+#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP 49776+#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP
49354+ const struct cred *cred = current_cred(); 49777 const struct cred *cred = current_cred(), *pcred;
49355+ const struct cred *pcred;
49356+#endif 49778+#endif
49357 49779
49358 if (!futex_cmpxchg_enabled) 49780 if (!futex_cmpxchg_enabled)
49359 return -ENOSYS; 49781 return -ENOSYS;
49360@@ -2392,11 +2401,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pi 49782@@ -2392,11 +2400,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pi
49361 if (!p) 49783 if (!p)
49362 goto err_unlock; 49784 goto err_unlock;
49363 ret = -EPERM; 49785 ret = -EPERM;
@@ -49374,7 +49796,7 @@ diff -urNp linux-2.6.32.21/kernel/futex.c linux-2.6.32.21/kernel/futex.c
49374 head = p->robust_list; 49796 head = p->robust_list;
49375 rcu_read_unlock(); 49797 rcu_read_unlock();
49376 } 49798 }
49377@@ -2458,7 +2472,7 @@ retry: 49799@@ -2458,7 +2471,7 @@ retry:
49378 */ 49800 */
49379 static inline int fetch_robust_entry(struct robust_list __user **entry, 49801 static inline int fetch_robust_entry(struct robust_list __user **entry,
49380 struct robust_list __user * __user *head, 49802 struct robust_list __user * __user *head,
@@ -50948,7 +51370,7 @@ diff -urNp linux-2.6.32.21/kernel/sys.c linux-2.6.32.21/kernel/sys.c
50948 } 51370 }
50949diff -urNp linux-2.6.32.21/kernel/sysctl.c linux-2.6.32.21/kernel/sysctl.c 51371diff -urNp linux-2.6.32.21/kernel/sysctl.c linux-2.6.32.21/kernel/sysctl.c
50950--- linux-2.6.32.21/kernel/sysctl.c 2010-08-13 16:24:37.000000000 -0400 51372--- linux-2.6.32.21/kernel/sysctl.c 2010-08-13 16:24:37.000000000 -0400
50951+++ linux-2.6.32.21/kernel/sysctl.c 2010-09-04 15:54:52.000000000 -0400 51373+++ linux-2.6.32.21/kernel/sysctl.c 2010-09-17 18:34:04.000000000 -0400
50952@@ -63,6 +63,13 @@ 51374@@ -63,6 +63,13 @@
50953 static int deprecated_sysctl_warning(struct __sysctl_args *args); 51375 static int deprecated_sysctl_warning(struct __sysctl_args *args);
50954 51376
@@ -51018,7 +51440,21 @@ diff -urNp linux-2.6.32.21/kernel/sysctl.c linux-2.6.32.21/kernel/sysctl.c
51018 { 51440 {
51019 .ctl_name = CTL_UNNUMBERED, 51441 .ctl_name = CTL_UNNUMBERED,
51020 .procname = "sched_child_runs_first", 51442 .procname = "sched_child_runs_first",
51021@@ -1803,6 +1844,8 @@ static int do_sysctl_strategy(struct ctl 51443@@ -1247,6 +1288,13 @@ static struct ctl_table vm_table[] = {
51444 .mode = 0644,
51445 .proc_handler = &proc_dointvec
51446 },
51447+ {
51448+ .procname = "heap_stack_gap",
51449+ .data = &sysctl_heap_stack_gap,
51450+ .maxlen = sizeof(sysctl_heap_stack_gap),
51451+ .mode = 0644,
51452+ .proc_handler = proc_doulongvec_minmax,
51453+ },
51454 #else
51455 {
51456 .ctl_name = CTL_UNNUMBERED,
51457@@ -1803,6 +1851,8 @@ static int do_sysctl_strategy(struct ctl
51022 return 0; 51458 return 0;
51023 } 51459 }
51024 51460
@@ -51027,7 +51463,7 @@ diff -urNp linux-2.6.32.21/kernel/sysctl.c linux-2.6.32.21/kernel/sysctl.c
51027 static int parse_table(int __user *name, int nlen, 51463 static int parse_table(int __user *name, int nlen,
51028 void __user *oldval, size_t __user *oldlenp, 51464 void __user *oldval, size_t __user *oldlenp,
51029 void __user *newval, size_t newlen, 51465 void __user *newval, size_t newlen,
51030@@ -1821,7 +1864,7 @@ repeat: 51466@@ -1821,7 +1871,7 @@ repeat:
51031 if (n == table->ctl_name) { 51467 if (n == table->ctl_name) {
51032 int error; 51468 int error;
51033 if (table->child) { 51469 if (table->child) {
@@ -51036,7 +51472,7 @@ diff -urNp linux-2.6.32.21/kernel/sysctl.c linux-2.6.32.21/kernel/sysctl.c
51036 return -EPERM; 51472 return -EPERM;
51037 name++; 51473 name++;
51038 nlen--; 51474 nlen--;
51039@@ -1906,6 +1949,33 @@ int sysctl_perm(struct ctl_table_root *r 51475@@ -1906,6 +1956,33 @@ int sysctl_perm(struct ctl_table_root *r
51040 int error; 51476 int error;
51041 int mode; 51477 int mode;
51042 51478
@@ -51260,25 +51696,6 @@ diff -urNp linux-2.6.32.21/kernel/trace/ftrace.c linux-2.6.32.21/kernel/trace/ft
51260 } 51696 }
51261 51697
51262 /* 51698 /*
51263diff -urNp linux-2.6.32.21/kernel/trace/Kconfig linux-2.6.32.21/kernel/trace/Kconfig
51264--- linux-2.6.32.21/kernel/trace/Kconfig 2010-08-13 16:24:37.000000000 -0400
51265+++ linux-2.6.32.21/kernel/trace/Kconfig 2010-09-04 15:54:52.000000000 -0400
51266@@ -126,6 +126,7 @@ if FTRACE
51267 config FUNCTION_TRACER
51268 bool "Kernel Function Tracer"
51269 depends on HAVE_FUNCTION_TRACER
51270+ depends on !PAX_KERNEXEC
51271 select FRAME_POINTER
51272 select KALLSYMS
51273 select GENERIC_TRACER
51274@@ -343,6 +344,7 @@ config POWER_TRACER
51275 config STACK_TRACER
51276 bool "Trace max stack"
51277 depends on HAVE_FUNCTION_TRACER
51278+ depends on !PAX_KERNEXEC
51279 select FUNCTION_TRACER
51280 select STACKTRACE
51281 select KALLSYMS
51282diff -urNp linux-2.6.32.21/kernel/trace/ring_buffer.c linux-2.6.32.21/kernel/trace/ring_buffer.c 51699diff -urNp linux-2.6.32.21/kernel/trace/ring_buffer.c linux-2.6.32.21/kernel/trace/ring_buffer.c
51283--- linux-2.6.32.21/kernel/trace/ring_buffer.c 2010-08-13 16:24:37.000000000 -0400 51700--- linux-2.6.32.21/kernel/trace/ring_buffer.c 2010-08-13 16:24:37.000000000 -0400
51284+++ linux-2.6.32.21/kernel/trace/ring_buffer.c 2010-09-04 15:54:52.000000000 -0400 51701+++ linux-2.6.32.21/kernel/trace/ring_buffer.c 2010-09-04 15:54:52.000000000 -0400
@@ -51821,16 +52238,8 @@ diff -urNp linux-2.6.32.21/mm/madvise.c linux-2.6.32.21/mm/madvise.c
51821 goto out; 52238 goto out;
51822diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c 52239diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
51823--- linux-2.6.32.21/mm/memory.c 2010-08-29 21:08:20.000000000 -0400 52240--- linux-2.6.32.21/mm/memory.c 2010-08-29 21:08:20.000000000 -0400
51824+++ linux-2.6.32.21/mm/memory.c 2010-09-04 15:54:52.000000000 -0400 52241+++ linux-2.6.32.21/mm/memory.c 2010-09-17 18:20:06.000000000 -0400
51825@@ -48,6 +48,7 @@ 52242@@ -187,8 +187,12 @@ static inline void free_pmd_range(struct
51826 #include <linux/ksm.h>
51827 #include <linux/rmap.h>
51828 #include <linux/module.h>
51829+#include <linux/security.h>
51830 #include <linux/delayacct.h>
51831 #include <linux/init.h>
51832 #include <linux/writeback.h>
51833@@ -187,8 +188,12 @@ static inline void free_pmd_range(struct
51834 return; 52243 return;
51835 52244
51836 pmd = pmd_offset(pud, start); 52245 pmd = pmd_offset(pud, start);
@@ -51843,7 +52252,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
51843 } 52252 }
51844 52253
51845 static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, 52254 static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
51846@@ -220,8 +225,12 @@ static inline void free_pud_range(struct 52255@@ -220,8 +224,12 @@ static inline void free_pud_range(struct
51847 return; 52256 return;
51848 52257
51849 pud = pud_offset(pgd, start); 52258 pud = pud_offset(pgd, start);
@@ -51856,7 +52265,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
51856 } 52265 }
51857 52266
51858 /* 52267 /*
51859@@ -1251,10 +1260,10 @@ int __get_user_pages(struct task_struct 52268@@ -1251,10 +1259,10 @@ int __get_user_pages(struct task_struct
51860 (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE); 52269 (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE);
51861 i = 0; 52270 i = 0;
51862 52271
@@ -51869,7 +52278,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
51869 if (!vma && in_gate_area(tsk, start)) { 52278 if (!vma && in_gate_area(tsk, start)) {
51870 unsigned long pg = start & PAGE_MASK; 52279 unsigned long pg = start & PAGE_MASK;
51871 struct vm_area_struct *gate_vma = get_gate_vma(tsk); 52280 struct vm_area_struct *gate_vma = get_gate_vma(tsk);
51872@@ -1306,7 +1315,7 @@ int __get_user_pages(struct task_struct 52281@@ -1306,7 +1314,7 @@ int __get_user_pages(struct task_struct
51873 continue; 52282 continue;
51874 } 52283 }
51875 52284
@@ -51878,7 +52287,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
51878 (vma->vm_flags & (VM_IO | VM_PFNMAP)) || 52287 (vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
51879 !(vm_flags & vma->vm_flags)) 52288 !(vm_flags & vma->vm_flags))
51880 return i ? : -EFAULT; 52289 return i ? : -EFAULT;
51881@@ -1381,7 +1390,7 @@ int __get_user_pages(struct task_struct 52290@@ -1381,7 +1389,7 @@ int __get_user_pages(struct task_struct
51882 start += PAGE_SIZE; 52291 start += PAGE_SIZE;
51883 nr_pages--; 52292 nr_pages--;
51884 } while (nr_pages && start < vma->vm_end); 52293 } while (nr_pages && start < vma->vm_end);
@@ -51887,7 +52296,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
51887 return i; 52296 return i;
51888 } 52297 }
51889 52298
51890@@ -1977,6 +1986,186 @@ static inline void cow_user_page(struct 52299@@ -1977,6 +1985,186 @@ static inline void cow_user_page(struct
51891 copy_user_highpage(dst, src, va, vma); 52300 copy_user_highpage(dst, src, va, vma);
51892 } 52301 }
51893 52302
@@ -52074,7 +52483,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
52074 /* 52483 /*
52075 * This routine handles present pages, when users try to write 52484 * This routine handles present pages, when users try to write
52076 * to a shared page. It is done by copying the page to a new address 52485 * to a shared page. It is done by copying the page to a new address
52077@@ -2156,6 +2345,12 @@ gotten: 52486@@ -2156,6 +2344,12 @@ gotten:
52078 */ 52487 */
52079 page_table = pte_offset_map_lock(mm, pmd, address, &ptl); 52488 page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
52080 if (likely(pte_same(*page_table, orig_pte))) { 52489 if (likely(pte_same(*page_table, orig_pte))) {
@@ -52087,7 +52496,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
52087 if (old_page) { 52496 if (old_page) {
52088 if (!PageAnon(old_page)) { 52497 if (!PageAnon(old_page)) {
52089 dec_mm_counter(mm, file_rss); 52498 dec_mm_counter(mm, file_rss);
52090@@ -2207,6 +2402,10 @@ gotten: 52499@@ -2207,6 +2401,10 @@ gotten:
52091 page_remove_rmap(old_page); 52500 page_remove_rmap(old_page);
52092 } 52501 }
52093 52502
@@ -52098,7 +52507,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
52098 /* Free the old page.. */ 52507 /* Free the old page.. */
52099 new_page = old_page; 52508 new_page = old_page;
52100 ret |= VM_FAULT_WRITE; 52509 ret |= VM_FAULT_WRITE;
52101@@ -2604,6 +2803,11 @@ static int do_swap_page(struct mm_struct 52510@@ -2604,6 +2802,11 @@ static int do_swap_page(struct mm_struct
52102 swap_free(entry); 52511 swap_free(entry);
52103 if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) 52512 if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
52104 try_to_free_swap(page); 52513 try_to_free_swap(page);
@@ -52110,7 +52519,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
52110 unlock_page(page); 52519 unlock_page(page);
52111 52520
52112 if (flags & FAULT_FLAG_WRITE) { 52521 if (flags & FAULT_FLAG_WRITE) {
52113@@ -2615,6 +2819,11 @@ static int do_swap_page(struct mm_struct 52522@@ -2615,6 +2818,11 @@ static int do_swap_page(struct mm_struct
52114 52523
52115 /* No need to invalidate - it was non-present before */ 52524 /* No need to invalidate - it was non-present before */
52116 update_mmu_cache(vma, address, pte); 52525 update_mmu_cache(vma, address, pte);
@@ -52122,7 +52531,41 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
52122 unlock: 52531 unlock:
52123 pte_unmap_unlock(page_table, ptl); 52532 pte_unmap_unlock(page_table, ptl);
52124 out: 52533 out:
52125@@ -2665,7 +2874,7 @@ static int do_anonymous_page(struct mm_s 52534@@ -2630,33 +2838,6 @@ out_release:
52535 }
52536
52537 /*
52538- * This is like a special single-page "expand_downwards()",
52539- * except we must first make sure that 'address-PAGE_SIZE'
52540- * doesn't hit another vma.
52541- *
52542- * The "find_vma()" will do the right thing even if we wrap
52543- */
52544-static inline int check_stack_guard_page(struct vm_area_struct *vma, unsigned long address)
52545-{
52546- address &= PAGE_MASK;
52547- if ((vma->vm_flags & VM_GROWSDOWN) && address == vma->vm_start) {
52548- struct vm_area_struct *prev = vma->vm_prev;
52549-
52550- /*
52551- * Is there a mapping abutting this one below?
52552- *
52553- * That's only ok if it's the same stack mapping
52554- * that has gotten split..
52555- */
52556- if (prev && prev->vm_end == address)
52557- return prev->vm_flags & VM_GROWSDOWN ? 0 : -ENOMEM;
52558-
52559- expand_stack(vma, address - PAGE_SIZE);
52560- }
52561- return 0;
52562-}
52563-
52564-/*
52565 * We enter with non-exclusive mmap_sem (to exclude vma changes,
52566 * but allow concurrent faults), and pte mapped but not yet locked.
52567 * We return with mmap_sem still held, but pte unmapped and unlocked.
52568@@ -2665,27 +2846,23 @@ static int do_anonymous_page(struct mm_s
52126 unsigned long address, pte_t *page_table, pmd_t *pmd, 52569 unsigned long address, pte_t *page_table, pmd_t *pmd,
52127 unsigned int flags) 52570 unsigned int flags)
52128 { 52571 {
@@ -52131,7 +52574,31 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
52131 spinlock_t *ptl; 52574 spinlock_t *ptl;
52132 pte_t entry; 52575 pte_t entry;
52133 52576
52134@@ -2704,6 +2913,11 @@ static int do_anonymous_page(struct mm_s 52577- pte_unmap(page_table);
52578-
52579- /* Check if we need to add a guard page to the stack */
52580- if (check_stack_guard_page(vma, address) < 0)
52581- return VM_FAULT_SIGBUS;
52582-
52583- /* Use the zero-page for reads */
52584 if (!(flags & FAULT_FLAG_WRITE)) {
52585 entry = pte_mkspecial(pfn_pte(my_zero_pfn(address),
52586 vma->vm_page_prot));
52587- page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
52588+ ptl = pte_lockptr(mm, pmd);
52589+ spin_lock(ptl);
52590 if (!pte_none(*page_table))
52591 goto unlock;
52592 goto setpte;
52593 }
52594
52595 /* Allocate our own private page. */
52596+ pte_unmap(page_table);
52597+
52598 if (unlikely(anon_vma_prepare(vma)))
52599 goto oom;
52600 page = alloc_zeroed_user_highpage_movable(vma, address);
52601@@ -2704,6 +2881,11 @@ static int do_anonymous_page(struct mm_s
52135 if (!pte_none(*page_table)) 52602 if (!pte_none(*page_table))
52136 goto release; 52603 goto release;
52137 52604
@@ -52143,7 +52610,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
52143 inc_mm_counter(mm, anon_rss); 52610 inc_mm_counter(mm, anon_rss);
52144 page_add_new_anon_rmap(page, vma, address); 52611 page_add_new_anon_rmap(page, vma, address);
52145 setpte: 52612 setpte:
52146@@ -2711,6 +2925,12 @@ setpte: 52613@@ -2711,6 +2893,12 @@ setpte:
52147 52614
52148 /* No need to invalidate - it was non-present before */ 52615 /* No need to invalidate - it was non-present before */
52149 update_mmu_cache(vma, address, entry); 52616 update_mmu_cache(vma, address, entry);
@@ -52156,7 +52623,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
52156 unlock: 52623 unlock:
52157 pte_unmap_unlock(page_table, ptl); 52624 pte_unmap_unlock(page_table, ptl);
52158 return 0; 52625 return 0;
52159@@ -2853,6 +3073,12 @@ static int __do_fault(struct mm_struct * 52626@@ -2853,6 +3041,12 @@ static int __do_fault(struct mm_struct *
52160 */ 52627 */
52161 /* Only go through if we didn't race with anybody else... */ 52628 /* Only go through if we didn't race with anybody else... */
52162 if (likely(pte_same(*page_table, orig_pte))) { 52629 if (likely(pte_same(*page_table, orig_pte))) {
@@ -52169,7 +52636,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
52169 flush_icache_page(vma, page); 52636 flush_icache_page(vma, page);
52170 entry = mk_pte(page, vma->vm_page_prot); 52637 entry = mk_pte(page, vma->vm_page_prot);
52171 if (flags & FAULT_FLAG_WRITE) 52638 if (flags & FAULT_FLAG_WRITE)
52172@@ -2872,6 +3098,14 @@ static int __do_fault(struct mm_struct * 52639@@ -2872,6 +3066,14 @@ static int __do_fault(struct mm_struct *
52173 52640
52174 /* no need to invalidate: a not-present page won't be cached */ 52641 /* no need to invalidate: a not-present page won't be cached */
52175 update_mmu_cache(vma, address, entry); 52642 update_mmu_cache(vma, address, entry);
@@ -52184,7 +52651,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
52184 } else { 52651 } else {
52185 if (charged) 52652 if (charged)
52186 mem_cgroup_uncharge_page(page); 52653 mem_cgroup_uncharge_page(page);
52187@@ -3019,6 +3253,12 @@ static inline int handle_pte_fault(struc 52654@@ -3019,6 +3221,12 @@ static inline int handle_pte_fault(struc
52188 if (flags & FAULT_FLAG_WRITE) 52655 if (flags & FAULT_FLAG_WRITE)
52189 flush_tlb_page(vma, address); 52656 flush_tlb_page(vma, address);
52190 } 52657 }
@@ -52197,7 +52664,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
52197 unlock: 52664 unlock:
52198 pte_unmap_unlock(pte, ptl); 52665 pte_unmap_unlock(pte, ptl);
52199 return 0; 52666 return 0;
52200@@ -3035,6 +3275,10 @@ int handle_mm_fault(struct mm_struct *mm 52667@@ -3035,6 +3243,10 @@ int handle_mm_fault(struct mm_struct *mm
52201 pmd_t *pmd; 52668 pmd_t *pmd;
52202 pte_t *pte; 52669 pte_t *pte;
52203 52670
@@ -52208,7 +52675,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
52208 __set_current_state(TASK_RUNNING); 52675 __set_current_state(TASK_RUNNING);
52209 52676
52210 count_vm_event(PGFAULT); 52677 count_vm_event(PGFAULT);
52211@@ -3042,6 +3286,34 @@ int handle_mm_fault(struct mm_struct *mm 52678@@ -3042,6 +3254,34 @@ int handle_mm_fault(struct mm_struct *mm
52212 if (unlikely(is_vm_hugetlb_page(vma))) 52679 if (unlikely(is_vm_hugetlb_page(vma)))
52213 return hugetlb_fault(mm, vma, address, flags); 52680 return hugetlb_fault(mm, vma, address, flags);
52214 52681
@@ -52243,7 +52710,7 @@ diff -urNp linux-2.6.32.21/mm/memory.c linux-2.6.32.21/mm/memory.c
52243 pgd = pgd_offset(mm, address); 52710 pgd = pgd_offset(mm, address);
52244 pud = pud_alloc(mm, pgd, address); 52711 pud = pud_alloc(mm, pgd, address);
52245 if (!pud) 52712 if (!pud)
52246@@ -3139,7 +3411,7 @@ static int __init gate_vma_init(void) 52713@@ -3139,7 +3379,7 @@ static int __init gate_vma_init(void)
52247 gate_vma.vm_start = FIXADDR_USER_START; 52714 gate_vma.vm_start = FIXADDR_USER_START;
52248 gate_vma.vm_end = FIXADDR_USER_END; 52715 gate_vma.vm_end = FIXADDR_USER_END;
52249 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; 52716 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -52386,7 +52853,7 @@ diff -urNp linux-2.6.32.21/mm/migrate.c linux-2.6.32.21/mm/migrate.c
52386 goto out; 52853 goto out;
52387diff -urNp linux-2.6.32.21/mm/mlock.c linux-2.6.32.21/mm/mlock.c 52854diff -urNp linux-2.6.32.21/mm/mlock.c linux-2.6.32.21/mm/mlock.c
52388--- linux-2.6.32.21/mm/mlock.c 2010-08-29 21:08:20.000000000 -0400 52855--- linux-2.6.32.21/mm/mlock.c 2010-08-29 21:08:20.000000000 -0400
52389+++ linux-2.6.32.21/mm/mlock.c 2010-09-04 15:54:56.000000000 -0400 52856+++ linux-2.6.32.21/mm/mlock.c 2010-09-17 18:47:09.000000000 -0400
52390@@ -13,6 +13,7 @@ 52857@@ -13,6 +13,7 @@
52391 #include <linux/pagemap.h> 52858 #include <linux/pagemap.h>
52392 #include <linux/mempolicy.h> 52859 #include <linux/mempolicy.h>
@@ -52395,7 +52862,40 @@ diff -urNp linux-2.6.32.21/mm/mlock.c linux-2.6.32.21/mm/mlock.c
52395 #include <linux/sched.h> 52862 #include <linux/sched.h>
52396 #include <linux/module.h> 52863 #include <linux/module.h>
52397 #include <linux/rmap.h> 52864 #include <linux/rmap.h>
52398@@ -454,6 +455,9 @@ static int do_mlock(unsigned long start, 52865@@ -138,19 +139,6 @@ void munlock_vma_page(struct page *page)
52866 }
52867 }
52868
52869-/* Is the vma a continuation of the stack vma above it? */
52870-static inline int vma_stack_continue(struct vm_area_struct *vma, unsigned long addr)
52871-{
52872- return vma && (vma->vm_end == addr) && (vma->vm_flags & VM_GROWSDOWN);
52873-}
52874-
52875-static inline int stack_guard_page(struct vm_area_struct *vma, unsigned long addr)
52876-{
52877- return (vma->vm_flags & VM_GROWSDOWN) &&
52878- (vma->vm_start == addr) &&
52879- !vma_stack_continue(vma->vm_prev, addr);
52880-}
52881-
52882 /**
52883 * __mlock_vma_pages_range() - mlock a range of pages in the vma.
52884 * @vma: target vma
52885@@ -183,12 +171,6 @@ static long __mlock_vma_pages_range(stru
52886 if (vma->vm_flags & VM_WRITE)
52887 gup_flags |= FOLL_WRITE;
52888
52889- /* We don't try to access the guard page of a stack vma */
52890- if (stack_guard_page(vma, start)) {
52891- addr += PAGE_SIZE;
52892- nr_pages--;
52893- }
52894-
52895 while (nr_pages > 0) {
52896 int i;
52897
52898@@ -454,6 +436,9 @@ static int do_mlock(unsigned long start,
52399 return -EINVAL; 52899 return -EINVAL;
52400 if (end == start) 52900 if (end == start)
52401 return 0; 52901 return 0;
@@ -52405,7 +52905,7 @@ diff -urNp linux-2.6.32.21/mm/mlock.c linux-2.6.32.21/mm/mlock.c
52405 vma = find_vma_prev(current->mm, start, &prev); 52905 vma = find_vma_prev(current->mm, start, &prev);
52406 if (!vma || vma->vm_start > start) 52906 if (!vma || vma->vm_start > start)
52407 return -ENOMEM; 52907 return -ENOMEM;
52408@@ -464,6 +468,11 @@ static int do_mlock(unsigned long start, 52908@@ -464,6 +449,11 @@ static int do_mlock(unsigned long start,
52409 for (nstart = start ; ; ) { 52909 for (nstart = start ; ; ) {
52410 unsigned int newflags; 52910 unsigned int newflags;
52411 52911
@@ -52417,7 +52917,7 @@ diff -urNp linux-2.6.32.21/mm/mlock.c linux-2.6.32.21/mm/mlock.c
52417 /* Here we know that vma->vm_start <= nstart < vma->vm_end. */ 52917 /* Here we know that vma->vm_start <= nstart < vma->vm_end. */
52418 52918
52419 newflags = vma->vm_flags | VM_LOCKED; 52919 newflags = vma->vm_flags | VM_LOCKED;
52420@@ -513,6 +522,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, st 52920@@ -513,6 +503,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, st
52421 lock_limit >>= PAGE_SHIFT; 52921 lock_limit >>= PAGE_SHIFT;
52422 52922
52423 /* check against resource limits */ 52923 /* check against resource limits */
@@ -52425,7 +52925,7 @@ diff -urNp linux-2.6.32.21/mm/mlock.c linux-2.6.32.21/mm/mlock.c
52425 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK)) 52925 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
52426 error = do_mlock(start, len, 1); 52926 error = do_mlock(start, len, 1);
52427 up_write(&current->mm->mmap_sem); 52927 up_write(&current->mm->mmap_sem);
52428@@ -534,17 +544,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, 52928@@ -534,17 +525,23 @@ SYSCALL_DEFINE2(munlock, unsigned long,
52429 static int do_mlockall(int flags) 52929 static int do_mlockall(int flags)
52430 { 52930 {
52431 struct vm_area_struct * vma, * prev = NULL; 52931 struct vm_area_struct * vma, * prev = NULL;
@@ -52453,17 +52953,17 @@ diff -urNp linux-2.6.32.21/mm/mlock.c linux-2.6.32.21/mm/mlock.c
52453 newflags = vma->vm_flags | VM_LOCKED; 52953 newflags = vma->vm_flags | VM_LOCKED;
52454 if (!(flags & MCL_CURRENT)) 52954 if (!(flags & MCL_CURRENT))
52455 newflags &= ~VM_LOCKED; 52955 newflags &= ~VM_LOCKED;
52456@@ -576,6 +592,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) 52956@@ -576,6 +573,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
52457 lock_limit >>= PAGE_SHIFT; 52957 lock_limit >>= PAGE_SHIFT;
52458 52958
52459 ret = -ENOMEM; 52959 ret = -ENOMEM;
52460+ gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm, 1); 52960+ gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm << PAGE_SHIFT, 1);
52461 if (!(flags & MCL_CURRENT) || (current->mm->total_vm <= lock_limit) || 52961 if (!(flags & MCL_CURRENT) || (current->mm->total_vm <= lock_limit) ||
52462 capable(CAP_IPC_LOCK)) 52962 capable(CAP_IPC_LOCK))
52463 ret = do_mlockall(flags); 52963 ret = do_mlockall(flags);
52464diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c 52964diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52465--- linux-2.6.32.21/mm/mmap.c 2010-08-29 21:08:20.000000000 -0400 52965--- linux-2.6.32.21/mm/mmap.c 2010-08-29 21:08:20.000000000 -0400
52466+++ linux-2.6.32.21/mm/mmap.c 2010-09-04 15:54:52.000000000 -0400 52966+++ linux-2.6.32.21/mm/mmap.c 2010-09-17 18:34:04.000000000 -0400
52467@@ -45,6 +45,16 @@ 52967@@ -45,6 +45,16 @@
52468 #define arch_rebalance_pgtables(addr, len) (addr) 52968 #define arch_rebalance_pgtables(addr, len) (addr)
52469 #endif 52969 #endif
@@ -52481,7 +52981,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52481 static void unmap_region(struct mm_struct *mm, 52981 static void unmap_region(struct mm_struct *mm,
52482 struct vm_area_struct *vma, struct vm_area_struct *prev, 52982 struct vm_area_struct *vma, struct vm_area_struct *prev,
52483 unsigned long start, unsigned long end); 52983 unsigned long start, unsigned long end);
52484@@ -70,16 +80,25 @@ static void unmap_region(struct mm_struc 52984@@ -70,22 +80,32 @@ static void unmap_region(struct mm_struc
52485 * x: (no) no x: (no) yes x: (no) yes x: (yes) yes 52985 * x: (no) no x: (no) yes x: (no) yes x: (yes) yes
52486 * 52986 *
52487 */ 52987 */
@@ -52509,7 +53009,14 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52509 } 53009 }
52510 EXPORT_SYMBOL(vm_get_page_prot); 53010 EXPORT_SYMBOL(vm_get_page_prot);
52511 53011
52512@@ -231,6 +250,7 @@ static struct vm_area_struct *remove_vma 53012 int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */
53013 int sysctl_overcommit_ratio = 50; /* default is 50% */
53014 int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
53015+unsigned long sysctl_heap_stack_gap __read_mostly = 64*1024;
53016 struct percpu_counter vm_committed_as;
53017
53018 /*
53019@@ -231,6 +251,7 @@ static struct vm_area_struct *remove_vma
52513 struct vm_area_struct *next = vma->vm_next; 53020 struct vm_area_struct *next = vma->vm_next;
52514 53021
52515 might_sleep(); 53022 might_sleep();
@@ -52517,7 +53024,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52517 if (vma->vm_ops && vma->vm_ops->close) 53024 if (vma->vm_ops && vma->vm_ops->close)
52518 vma->vm_ops->close(vma); 53025 vma->vm_ops->close(vma);
52519 if (vma->vm_file) { 53026 if (vma->vm_file) {
52520@@ -267,6 +287,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) 53027@@ -267,6 +288,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
52521 * not page aligned -Ram Gupta 53028 * not page aligned -Ram Gupta
52522 */ 53029 */
52523 rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur; 53030 rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
@@ -52525,7 +53032,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52525 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) + 53032 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) +
52526 (mm->end_data - mm->start_data) > rlim) 53033 (mm->end_data - mm->start_data) > rlim)
52527 goto out; 53034 goto out;
52528@@ -704,6 +725,12 @@ static int 53035@@ -704,6 +726,12 @@ static int
52529 can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, 53036 can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
52530 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) 53037 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
52531 { 53038 {
@@ -52538,7 +53045,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52538 if (is_mergeable_vma(vma, file, vm_flags) && 53045 if (is_mergeable_vma(vma, file, vm_flags) &&
52539 is_mergeable_anon_vma(anon_vma, vma->anon_vma)) { 53046 is_mergeable_anon_vma(anon_vma, vma->anon_vma)) {
52540 if (vma->vm_pgoff == vm_pgoff) 53047 if (vma->vm_pgoff == vm_pgoff)
52541@@ -723,6 +750,12 @@ static int 53048@@ -723,6 +751,12 @@ static int
52542 can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, 53049 can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
52543 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) 53050 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
52544 { 53051 {
@@ -52551,7 +53058,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52551 if (is_mergeable_vma(vma, file, vm_flags) && 53058 if (is_mergeable_vma(vma, file, vm_flags) &&
52552 is_mergeable_anon_vma(anon_vma, vma->anon_vma)) { 53059 is_mergeable_anon_vma(anon_vma, vma->anon_vma)) {
52553 pgoff_t vm_pglen; 53060 pgoff_t vm_pglen;
52554@@ -765,12 +798,19 @@ can_vma_merge_after(struct vm_area_struc 53061@@ -765,12 +799,19 @@ can_vma_merge_after(struct vm_area_struc
52555 struct vm_area_struct *vma_merge(struct mm_struct *mm, 53062 struct vm_area_struct *vma_merge(struct mm_struct *mm,
52556 struct vm_area_struct *prev, unsigned long addr, 53063 struct vm_area_struct *prev, unsigned long addr,
52557 unsigned long end, unsigned long vm_flags, 53064 unsigned long end, unsigned long vm_flags,
@@ -52572,7 +53079,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52572 /* 53079 /*
52573 * We later require that vma->vm_flags == vm_flags, 53080 * We later require that vma->vm_flags == vm_flags,
52574 * so this tests vma->vm_flags & VM_SPECIAL, too. 53081 * so this tests vma->vm_flags & VM_SPECIAL, too.
52575@@ -786,6 +826,15 @@ struct vm_area_struct *vma_merge(struct 53082@@ -786,6 +827,15 @@ struct vm_area_struct *vma_merge(struct
52576 if (next && next->vm_end == end) /* cases 6, 7, 8 */ 53083 if (next && next->vm_end == end) /* cases 6, 7, 8 */
52577 next = next->vm_next; 53084 next = next->vm_next;
52578 53085
@@ -52588,7 +53095,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52588 /* 53095 /*
52589 * Can it merge with the predecessor? 53096 * Can it merge with the predecessor?
52590 */ 53097 */
52591@@ -805,9 +854,24 @@ struct vm_area_struct *vma_merge(struct 53098@@ -805,9 +855,24 @@ struct vm_area_struct *vma_merge(struct
52592 /* cases 1, 6 */ 53099 /* cases 1, 6 */
52593 vma_adjust(prev, prev->vm_start, 53100 vma_adjust(prev, prev->vm_start,
52594 next->vm_end, prev->vm_pgoff, NULL); 53101 next->vm_end, prev->vm_pgoff, NULL);
@@ -52614,7 +53121,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52614 return prev; 53121 return prev;
52615 } 53122 }
52616 53123
52617@@ -818,12 +882,27 @@ struct vm_area_struct *vma_merge(struct 53124@@ -818,12 +883,27 @@ struct vm_area_struct *vma_merge(struct
52618 mpol_equal(policy, vma_policy(next)) && 53125 mpol_equal(policy, vma_policy(next)) &&
52619 can_vma_merge_before(next, vm_flags, 53126 can_vma_merge_before(next, vm_flags,
52620 anon_vma, file, pgoff+pglen)) { 53127 anon_vma, file, pgoff+pglen)) {
@@ -52644,7 +53151,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52644 return area; 53151 return area;
52645 } 53152 }
52646 53153
52647@@ -898,14 +977,11 @@ none: 53154@@ -898,14 +978,11 @@ none:
52648 void vm_stat_account(struct mm_struct *mm, unsigned long flags, 53155 void vm_stat_account(struct mm_struct *mm, unsigned long flags,
52649 struct file *file, long pages) 53156 struct file *file, long pages)
52650 { 53157 {
@@ -52660,7 +53167,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52660 mm->stack_vm += pages; 53167 mm->stack_vm += pages;
52661 if (flags & (VM_RESERVED|VM_IO)) 53168 if (flags & (VM_RESERVED|VM_IO))
52662 mm->reserved_vm += pages; 53169 mm->reserved_vm += pages;
52663@@ -932,7 +1008,7 @@ unsigned long do_mmap_pgoff(struct file 53170@@ -932,7 +1009,7 @@ unsigned long do_mmap_pgoff(struct file
52664 * (the exception is when the underlying filesystem is noexec 53171 * (the exception is when the underlying filesystem is noexec
52665 * mounted, in which case we dont add PROT_EXEC.) 53172 * mounted, in which case we dont add PROT_EXEC.)
52666 */ 53173 */
@@ -52669,7 +53176,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52669 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC))) 53176 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC)))
52670 prot |= PROT_EXEC; 53177 prot |= PROT_EXEC;
52671 53178
52672@@ -958,7 +1034,7 @@ unsigned long do_mmap_pgoff(struct file 53179@@ -958,7 +1035,7 @@ unsigned long do_mmap_pgoff(struct file
52673 /* Obtain the address to map to. we verify (or select) it and ensure 53180 /* Obtain the address to map to. we verify (or select) it and ensure
52674 * that it represents a valid section of the address space. 53181 * that it represents a valid section of the address space.
52675 */ 53182 */
@@ -52678,7 +53185,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52678 if (addr & ~PAGE_MASK) 53185 if (addr & ~PAGE_MASK)
52679 return addr; 53186 return addr;
52680 53187
52681@@ -969,6 +1045,28 @@ unsigned long do_mmap_pgoff(struct file 53188@@ -969,6 +1046,28 @@ unsigned long do_mmap_pgoff(struct file
52682 vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | 53189 vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
52683 mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; 53190 mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
52684 53191
@@ -52707,7 +53214,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52707 if (flags & MAP_LOCKED) 53214 if (flags & MAP_LOCKED)
52708 if (!can_do_mlock()) 53215 if (!can_do_mlock())
52709 return -EPERM; 53216 return -EPERM;
52710@@ -980,6 +1078,7 @@ unsigned long do_mmap_pgoff(struct file 53217@@ -980,6 +1079,7 @@ unsigned long do_mmap_pgoff(struct file
52711 locked += mm->locked_vm; 53218 locked += mm->locked_vm;
52712 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur; 53219 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
52713 lock_limit >>= PAGE_SHIFT; 53220 lock_limit >>= PAGE_SHIFT;
@@ -52715,7 +53222,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52715 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) 53222 if (locked > lock_limit && !capable(CAP_IPC_LOCK))
52716 return -EAGAIN; 53223 return -EAGAIN;
52717 } 53224 }
52718@@ -1053,6 +1152,9 @@ unsigned long do_mmap_pgoff(struct file 53225@@ -1053,6 +1153,9 @@ unsigned long do_mmap_pgoff(struct file
52719 if (error) 53226 if (error)
52720 return error; 53227 return error;
52721 53228
@@ -52725,7 +53232,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52725 return mmap_region(file, addr, len, flags, vm_flags, pgoff); 53232 return mmap_region(file, addr, len, flags, vm_flags, pgoff);
52726 } 53233 }
52727 EXPORT_SYMBOL(do_mmap_pgoff); 53234 EXPORT_SYMBOL(do_mmap_pgoff);
52728@@ -1065,10 +1167,10 @@ EXPORT_SYMBOL(do_mmap_pgoff); 53235@@ -1065,10 +1168,10 @@ EXPORT_SYMBOL(do_mmap_pgoff);
52729 */ 53236 */
52730 int vma_wants_writenotify(struct vm_area_struct *vma) 53237 int vma_wants_writenotify(struct vm_area_struct *vma)
52731 { 53238 {
@@ -52738,7 +53245,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52738 return 0; 53245 return 0;
52739 53246
52740 /* The backer wishes to know when pages are first written to? */ 53247 /* The backer wishes to know when pages are first written to? */
52741@@ -1117,14 +1219,24 @@ unsigned long mmap_region(struct file *f 53248@@ -1117,14 +1220,24 @@ unsigned long mmap_region(struct file *f
52742 unsigned long charged = 0; 53249 unsigned long charged = 0;
52743 struct inode *inode = file ? file->f_path.dentry->d_inode : NULL; 53250 struct inode *inode = file ? file->f_path.dentry->d_inode : NULL;
52744 53251
@@ -52765,7 +53272,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52765 } 53272 }
52766 53273
52767 /* Check against address space limit. */ 53274 /* Check against address space limit. */
52768@@ -1173,6 +1285,16 @@ munmap_back: 53275@@ -1173,6 +1286,16 @@ munmap_back:
52769 goto unacct_error; 53276 goto unacct_error;
52770 } 53277 }
52771 53278
@@ -52782,7 +53289,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52782 vma->vm_mm = mm; 53289 vma->vm_mm = mm;
52783 vma->vm_start = addr; 53290 vma->vm_start = addr;
52784 vma->vm_end = addr + len; 53291 vma->vm_end = addr + len;
52785@@ -1195,6 +1317,19 @@ munmap_back: 53292@@ -1195,6 +1318,19 @@ munmap_back:
52786 error = file->f_op->mmap(file, vma); 53293 error = file->f_op->mmap(file, vma);
52787 if (error) 53294 if (error)
52788 goto unmap_and_free_vma; 53295 goto unmap_and_free_vma;
@@ -52802,7 +53309,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52802 if (vm_flags & VM_EXECUTABLE) 53309 if (vm_flags & VM_EXECUTABLE)
52803 added_exe_file_vma(mm); 53310 added_exe_file_vma(mm);
52804 53311
52805@@ -1218,6 +1353,11 @@ munmap_back: 53312@@ -1218,6 +1354,11 @@ munmap_back:
52806 vma_link(mm, vma, prev, rb_link, rb_parent); 53313 vma_link(mm, vma, prev, rb_link, rb_parent);
52807 file = vma->vm_file; 53314 file = vma->vm_file;
52808 53315
@@ -52814,7 +53321,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52814 /* Once vma denies write, undo our temporary denial count */ 53321 /* Once vma denies write, undo our temporary denial count */
52815 if (correct_wcount) 53322 if (correct_wcount)
52816 atomic_inc(&inode->i_writecount); 53323 atomic_inc(&inode->i_writecount);
52817@@ -1226,6 +1366,7 @@ out: 53324@@ -1226,6 +1367,7 @@ out:
52818 53325
52819 mm->total_vm += len >> PAGE_SHIFT; 53326 mm->total_vm += len >> PAGE_SHIFT;
52820 vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); 53327 vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
@@ -52822,7 +53329,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52822 if (vm_flags & VM_LOCKED) { 53329 if (vm_flags & VM_LOCKED) {
52823 /* 53330 /*
52824 * makes pages present; downgrades, drops, reacquires mmap_sem 53331 * makes pages present; downgrades, drops, reacquires mmap_sem
52825@@ -1248,6 +1389,12 @@ unmap_and_free_vma: 53332@@ -1248,6 +1390,12 @@ unmap_and_free_vma:
52826 unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); 53333 unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
52827 charged = 0; 53334 charged = 0;
52828 free_vma: 53335 free_vma:
@@ -52835,7 +53342,41 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52835 kmem_cache_free(vm_area_cachep, vma); 53342 kmem_cache_free(vm_area_cachep, vma);
52836 unacct_error: 53343 unacct_error:
52837 if (charged) 53344 if (charged)
52838@@ -1281,6 +1428,10 @@ arch_get_unmapped_area(struct file *filp 53345@@ -1255,6 +1403,33 @@ unacct_error:
53346 return error;
53347 }
53348
53349+bool check_heap_stack_gap(struct vm_area_struct *vma, unsigned long addr, unsigned long len)
53350+{
53351+ if (!vma) {
53352+#ifdef CONFIG_STACK_GROWSUP
53353+ if (addr > sysctl_heap_stack_gap)
53354+ vma = find_vma(current->mm, addr - sysctl_heap_stack_gap);
53355+ else
53356+ vma = find_vma(current->mm, 0);
53357+ if (vma && (vma->vm_flags & VM_GROWSUP))
53358+ return false;
53359+#endif
53360+ return true;
53361+ }
53362+
53363+ if (addr + len > vma->vm_start)
53364+ return false;
53365+
53366+ if (vma->vm_flags & VM_GROWSDOWN)
53367+ return sysctl_heap_stack_gap <= vma->vm_start - addr - len;
53368+#ifdef CONFIG_STACK_GROWSUP
53369+ else if (vma->vm_prev && (vma->vm_prev->vm_flags & VM_GROWSUP))
53370+ return addr - vma->vm_prev->vm_end <= sysctl_heap_stack_gap;
53371+#endif
53372+
53373+ return true;
53374+}
53375+
53376 /* Get an address range which is currently unmapped.
53377 * For shmat() with addr=0.
53378 *
53379@@ -1281,18 +1456,23 @@ arch_get_unmapped_area(struct file *filp
52839 if (flags & MAP_FIXED) 53380 if (flags & MAP_FIXED)
52840 return addr; 53381 return addr;
52841 53382
@@ -52845,9 +53386,15 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52845+ 53386+
52846 if (addr) { 53387 if (addr) {
52847 addr = PAGE_ALIGN(addr); 53388 addr = PAGE_ALIGN(addr);
52848 vma = find_vma(mm, addr); 53389- vma = find_vma(mm, addr);
52849@@ -1289,10 +1440,10 @@ arch_get_unmapped_area(struct file *filp 53390- if (TASK_SIZE - len >= addr &&
52850 return addr; 53391- (!vma || addr + len <= vma->vm_start))
53392- return addr;
53393+ if (TASK_SIZE - len >= addr) {
53394+ vma = find_vma(mm, addr);
53395+ if (check_heap_stack_gap(vma, addr, len))
53396+ return addr;
53397+ }
52851 } 53398 }
52852 if (len > mm->cached_hole_size) { 53399 if (len > mm->cached_hole_size) {
52853- start_addr = addr = mm->free_area_cache; 53400- start_addr = addr = mm->free_area_cache;
@@ -52860,7 +53407,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52860 } 53407 }
52861 53408
52862 full_search: 53409 full_search:
52863@@ -1303,9 +1454,8 @@ full_search: 53410@@ -1303,34 +1483,40 @@ full_search:
52864 * Start a new search - just in case we missed 53411 * Start a new search - just in case we missed
52865 * some holes. 53412 * some holes.
52866 */ 53413 */
@@ -52872,7 +53419,29 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52872 mm->cached_hole_size = 0; 53419 mm->cached_hole_size = 0;
52873 goto full_search; 53420 goto full_search;
52874 } 53421 }
52875@@ -1327,10 +1477,16 @@ full_search: 53422 return -ENOMEM;
53423 }
53424- if (!vma || addr + len <= vma->vm_start) {
53425- /*
53426- * Remember the place where we stopped the search:
53427- */
53428- mm->free_area_cache = addr + len;
53429- return addr;
53430- }
53431+ if (check_heap_stack_gap(vma, addr, len))
53432+ break;
53433 if (addr + mm->cached_hole_size < vma->vm_start)
53434 mm->cached_hole_size = vma->vm_start - addr;
53435 addr = vma->vm_end;
53436 }
53437+
53438+ /*
53439+ * Remember the place where we stopped the search:
53440+ */
53441+ mm->free_area_cache = addr + len;
53442+ return addr;
53443 }
53444 #endif
52876 53445
52877 void arch_unmap_area(struct mm_struct *mm, unsigned long addr) 53446 void arch_unmap_area(struct mm_struct *mm, unsigned long addr)
52878 { 53447 {
@@ -52890,7 +53459,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52890 mm->free_area_cache = addr; 53459 mm->free_area_cache = addr;
52891 mm->cached_hole_size = ~0UL; 53460 mm->cached_hole_size = ~0UL;
52892 } 53461 }
52893@@ -1348,7 +1504,7 @@ arch_get_unmapped_area_topdown(struct fi 53462@@ -1348,7 +1534,7 @@ arch_get_unmapped_area_topdown(struct fi
52894 { 53463 {
52895 struct vm_area_struct *vma; 53464 struct vm_area_struct *vma;
52896 struct mm_struct *mm = current->mm; 53465 struct mm_struct *mm = current->mm;
@@ -52899,7 +53468,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52899 53468
52900 /* requested length too big for entire address space */ 53469 /* requested length too big for entire address space */
52901 if (len > TASK_SIZE) 53470 if (len > TASK_SIZE)
52902@@ -1357,6 +1513,10 @@ arch_get_unmapped_area_topdown(struct fi 53471@@ -1357,13 +1543,18 @@ arch_get_unmapped_area_topdown(struct fi
52903 if (flags & MAP_FIXED) 53472 if (flags & MAP_FIXED)
52904 return addr; 53473 return addr;
52905 53474
@@ -52910,7 +53479,37 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52910 /* requesting a specific address */ 53479 /* requesting a specific address */
52911 if (addr) { 53480 if (addr) {
52912 addr = PAGE_ALIGN(addr); 53481 addr = PAGE_ALIGN(addr);
52913@@ -1414,13 +1574,21 @@ bottomup: 53482- vma = find_vma(mm, addr);
53483- if (TASK_SIZE - len >= addr &&
53484- (!vma || addr + len <= vma->vm_start))
53485- return addr;
53486+ if (TASK_SIZE - len >= addr) {
53487+ vma = find_vma(mm, addr);
53488+ if (check_heap_stack_gap(vma, addr, len))
53489+ return addr;
53490+ }
53491 }
53492
53493 /* check if free_area_cache is useful for us */
53494@@ -1378,7 +1569,7 @@ arch_get_unmapped_area_topdown(struct fi
53495 /* make sure it can fit in the remaining address space */
53496 if (addr > len) {
53497 vma = find_vma(mm, addr-len);
53498- if (!vma || addr <= vma->vm_start)
53499+ if (check_heap_stack_gap(vma, addr - len, len))
53500 /* remember the address as a hint for next time */
53501 return (mm->free_area_cache = addr-len);
53502 }
53503@@ -1395,7 +1586,7 @@ arch_get_unmapped_area_topdown(struct fi
53504 * return with success:
53505 */
53506 vma = find_vma(mm, addr);
53507- if (!vma || addr+len <= vma->vm_start)
53508+ if (check_heap_stack_gap(vma, addr, len))
53509 /* remember the address as a hint for next time */
53510 return (mm->free_area_cache = addr);
53511
53512@@ -1414,13 +1605,21 @@ bottomup:
52914 * can happen with large stack limits and large mmap() 53513 * can happen with large stack limits and large mmap()
52915 * allocations. 53514 * allocations.
52916 */ 53515 */
@@ -52934,7 +53533,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52934 mm->cached_hole_size = ~0UL; 53533 mm->cached_hole_size = ~0UL;
52935 53534
52936 return addr; 53535 return addr;
52937@@ -1429,6 +1597,12 @@ bottomup: 53536@@ -1429,6 +1628,12 @@ bottomup:
52938 53537
52939 void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) 53538 void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
52940 { 53539 {
@@ -52947,7 +53546,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52947 /* 53546 /*
52948 * Is this a new hole at the highest possible address? 53547 * Is this a new hole at the highest possible address?
52949 */ 53548 */
52950@@ -1436,8 +1610,10 @@ void arch_unmap_area_topdown(struct mm_s 53549@@ -1436,8 +1641,10 @@ void arch_unmap_area_topdown(struct mm_s
52951 mm->free_area_cache = addr; 53550 mm->free_area_cache = addr;
52952 53551
52953 /* dont allow allocations above current base */ 53552 /* dont allow allocations above current base */
@@ -52959,7 +53558,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52959 } 53558 }
52960 53559
52961 unsigned long 53560 unsigned long
52962@@ -1545,6 +1721,27 @@ out: 53561@@ -1545,6 +1752,27 @@ out:
52963 return prev ? prev->vm_next : vma; 53562 return prev ? prev->vm_next : vma;
52964 } 53563 }
52965 53564
@@ -52987,7 +53586,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52987 /* 53586 /*
52988 * Verify that the stack growth is acceptable and 53587 * Verify that the stack growth is acceptable and
52989 * update accounting. This is shared with both the 53588 * update accounting. This is shared with both the
52990@@ -1561,6 +1758,7 @@ static int acct_stack_growth(struct vm_a 53589@@ -1561,6 +1789,7 @@ static int acct_stack_growth(struct vm_a
52991 return -ENOMEM; 53590 return -ENOMEM;
52992 53591
52993 /* Stack limit test */ 53592 /* Stack limit test */
@@ -52995,7 +53594,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
52995 if (size > rlim[RLIMIT_STACK].rlim_cur) 53594 if (size > rlim[RLIMIT_STACK].rlim_cur)
52996 return -ENOMEM; 53595 return -ENOMEM;
52997 53596
52998@@ -1570,6 +1768,7 @@ static int acct_stack_growth(struct vm_a 53597@@ -1570,6 +1799,7 @@ static int acct_stack_growth(struct vm_a
52999 unsigned long limit; 53598 unsigned long limit;
53000 locked = mm->locked_vm + grow; 53599 locked = mm->locked_vm + grow;
53001 limit = rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT; 53600 limit = rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT;
@@ -53003,7 +53602,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53003 if (locked > limit && !capable(CAP_IPC_LOCK)) 53602 if (locked > limit && !capable(CAP_IPC_LOCK))
53004 return -ENOMEM; 53603 return -ENOMEM;
53005 } 53604 }
53006@@ -1605,35 +1804,40 @@ static 53605@@ -1605,35 +1835,42 @@ static
53007 #endif 53606 #endif
53008 int expand_upwards(struct vm_area_struct *vma, unsigned long address) 53607 int expand_upwards(struct vm_area_struct *vma, unsigned long address)
53009 { 53608 {
@@ -53026,7 +53625,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53026 if (unlikely(anon_vma_prepare(vma))) 53625 if (unlikely(anon_vma_prepare(vma)))
53027 return -ENOMEM; 53626 return -ENOMEM;
53028+ locknext = vma->vm_next && (vma->vm_next->vm_flags & VM_GROWSDOWN); 53627+ locknext = vma->vm_next && (vma->vm_next->vm_flags & VM_GROWSDOWN);
53029+ if (locknext && unlikely(anon_vma_prepare(vma->vm_next))) 53628+ if (locknext && anon_vma_prepare(vma->vm_next))
53030+ return -ENOMEM; 53629+ return -ENOMEM;
53031 anon_vma_lock(vma); 53630 anon_vma_lock(vma);
53032+ if (locknext) 53631+ if (locknext)
@@ -53050,11 +53649,13 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53050 53649
53051 /* Somebody else might have raced and expanded it already */ 53650 /* Somebody else might have raced and expanded it already */
53052- if (address > vma->vm_end) { 53651- if (address > vma->vm_end) {
53053+ if (address > vma->vm_end && (!locknext || vma->vm_next->vm_start >= address)) { 53652+ if (vma->vm_next && (vma->vm_next->vm_flags & (VM_READ | VM_WRITE | VM_EXEC)) && vma->vm_next->vm_start - address < sysctl_heap_stack_gap)
53653+ error = -ENOMEM;
53654+ else if (address > vma->vm_end && (!locknext || vma->vm_next->vm_start >= address)) {
53054 unsigned long size, grow; 53655 unsigned long size, grow;
53055 53656
53056 size = address - vma->vm_start; 53657 size = address - vma->vm_start;
53057@@ -1643,6 +1847,8 @@ int expand_upwards(struct vm_area_struct 53658@@ -1643,6 +1880,8 @@ int expand_upwards(struct vm_area_struct
53058 if (!error) 53659 if (!error)
53059 vma->vm_end = address; 53660 vma->vm_end = address;
53060 } 53661 }
@@ -53063,25 +53664,25 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53063 anon_vma_unlock(vma); 53664 anon_vma_unlock(vma);
53064 return error; 53665 return error;
53065 } 53666 }
53066@@ -1654,7 +1860,8 @@ int expand_upwards(struct vm_area_struct 53667@@ -1654,7 +1893,8 @@ int expand_upwards(struct vm_area_struct
53067 static int expand_downwards(struct vm_area_struct *vma, 53668 static int expand_downwards(struct vm_area_struct *vma,
53068 unsigned long address) 53669 unsigned long address)
53069 { 53670 {
53070- int error; 53671- int error;
53071+ int error, lockprev = 0; 53672+ int error, lockprev = 0;
53072+ struct vm_area_struct *prev = NULL; 53673+ struct vm_area_struct *prev;
53073 53674
53074 /* 53675 /*
53075 * We must make sure the anon_vma is allocated 53676 * We must make sure the anon_vma is allocated
53076@@ -1668,6 +1875,15 @@ static int expand_downwards(struct vm_ar 53677@@ -1668,6 +1908,15 @@ static int expand_downwards(struct vm_ar
53077 if (error) 53678 if (error)
53078 return error; 53679 return error;
53079 53680
53681+ prev = vma->vm_prev;
53080+#if defined(CONFIG_STACK_GROWSUP) || defined(CONFIG_IA64) 53682+#if defined(CONFIG_STACK_GROWSUP) || defined(CONFIG_IA64)
53081+ find_vma_prev(vma->vm_mm, address, &prev);
53082+ lockprev = prev && (prev->vm_flags & VM_GROWSUP); 53683+ lockprev = prev && (prev->vm_flags & VM_GROWSUP);
53083+#endif 53684+#endif
53084+ if (lockprev && unlikely(anon_vma_prepare(prev))) 53685+ if (lockprev && anon_vma_prepare(prev))
53085+ return -ENOMEM; 53686+ return -ENOMEM;
53086+ if (lockprev) 53687+ if (lockprev)
53087+ anon_vma_lock(prev); 53688+ anon_vma_lock(prev);
@@ -53089,12 +53690,14 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53089 anon_vma_lock(vma); 53690 anon_vma_lock(vma);
53090 53691
53091 /* 53692 /*
53092@@ -1677,9 +1893,15 @@ static int expand_downwards(struct vm_ar 53693@@ -1677,9 +1926,17 @@ static int expand_downwards(struct vm_ar
53093 */ 53694 */
53094 53695
53095 /* Somebody else might have raced and expanded it already */ 53696 /* Somebody else might have raced and expanded it already */
53096- if (address < vma->vm_start) { 53697- if (address < vma->vm_start) {
53097+ if (address < vma->vm_start && (!lockprev || prev->vm_end <= address)) { 53698+ if (prev && (prev->vm_flags & (VM_READ | VM_WRITE | VM_EXEC)) && address - prev->vm_end < sysctl_heap_stack_gap)
53699+ error = -ENOMEM;
53700+ else if (address < vma->vm_start && (!lockprev || prev->vm_end <= address)) {
53098 unsigned long size, grow; 53701 unsigned long size, grow;
53099 53702
53100+#ifdef CONFIG_PAX_SEGMEXEC 53703+#ifdef CONFIG_PAX_SEGMEXEC
@@ -53106,7 +53709,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53106 size = vma->vm_end - address; 53709 size = vma->vm_end - address;
53107 grow = (vma->vm_start - address) >> PAGE_SHIFT; 53710 grow = (vma->vm_start - address) >> PAGE_SHIFT;
53108 53711
53109@@ -1687,9 +1909,20 @@ static int expand_downwards(struct vm_ar 53712@@ -1687,9 +1944,20 @@ static int expand_downwards(struct vm_ar
53110 if (!error) { 53713 if (!error) {
53111 vma->vm_start = address; 53714 vma->vm_start = address;
53112 vma->vm_pgoff -= grow; 53715 vma->vm_pgoff -= grow;
@@ -53127,7 +53730,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53127 return error; 53730 return error;
53128 } 53731 }
53129 53732
53130@@ -1765,6 +1998,13 @@ static void remove_vma_list(struct mm_st 53733@@ -1765,6 +2033,13 @@ static void remove_vma_list(struct mm_st
53131 do { 53734 do {
53132 long nrpages = vma_pages(vma); 53735 long nrpages = vma_pages(vma);
53133 53736
@@ -53141,7 +53744,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53141 mm->total_vm -= nrpages; 53744 mm->total_vm -= nrpages;
53142 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); 53745 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
53143 vma = remove_vma(vma); 53746 vma = remove_vma(vma);
53144@@ -1810,6 +2050,16 @@ detach_vmas_to_be_unmapped(struct mm_str 53747@@ -1810,6 +2085,16 @@ detach_vmas_to_be_unmapped(struct mm_str
53145 insertion_point = (prev ? &prev->vm_next : &mm->mmap); 53748 insertion_point = (prev ? &prev->vm_next : &mm->mmap);
53146 vma->vm_prev = NULL; 53749 vma->vm_prev = NULL;
53147 do { 53750 do {
@@ -53158,7 +53761,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53158 rb_erase(&vma->vm_rb, &mm->mm_rb); 53761 rb_erase(&vma->vm_rb, &mm->mm_rb);
53159 mm->map_count--; 53762 mm->map_count--;
53160 tail_vma = vma; 53763 tail_vma = vma;
53161@@ -1837,10 +2087,25 @@ int split_vma(struct mm_struct * mm, str 53764@@ -1837,10 +2122,25 @@ int split_vma(struct mm_struct * mm, str
53162 struct mempolicy *pol; 53765 struct mempolicy *pol;
53163 struct vm_area_struct *new; 53766 struct vm_area_struct *new;
53164 53767
@@ -53184,7 +53787,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53184 if (mm->map_count >= sysctl_max_map_count) 53787 if (mm->map_count >= sysctl_max_map_count)
53185 return -ENOMEM; 53788 return -ENOMEM;
53186 53789
53187@@ -1848,6 +2113,16 @@ int split_vma(struct mm_struct * mm, str 53790@@ -1848,6 +2148,16 @@ int split_vma(struct mm_struct * mm, str
53188 if (!new) 53791 if (!new)
53189 return -ENOMEM; 53792 return -ENOMEM;
53190 53793
@@ -53201,7 +53804,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53201 /* most fields are the same, copy all, and then fixup */ 53804 /* most fields are the same, copy all, and then fixup */
53202 *new = *vma; 53805 *new = *vma;
53203 53806
53204@@ -1858,8 +2133,29 @@ int split_vma(struct mm_struct * mm, str 53807@@ -1858,8 +2168,29 @@ int split_vma(struct mm_struct * mm, str
53205 new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); 53808 new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
53206 } 53809 }
53207 53810
@@ -53231,7 +53834,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53231 kmem_cache_free(vm_area_cachep, new); 53834 kmem_cache_free(vm_area_cachep, new);
53232 return PTR_ERR(pol); 53835 return PTR_ERR(pol);
53233 } 53836 }
53234@@ -1880,6 +2176,28 @@ int split_vma(struct mm_struct * mm, str 53837@@ -1880,6 +2211,28 @@ int split_vma(struct mm_struct * mm, str
53235 else 53838 else
53236 vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); 53839 vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
53237 53840
@@ -53260,7 +53863,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53260 return 0; 53863 return 0;
53261 } 53864 }
53262 53865
53263@@ -1888,11 +2206,30 @@ int split_vma(struct mm_struct * mm, str 53866@@ -1888,11 +2241,30 @@ int split_vma(struct mm_struct * mm, str
53264 * work. This now handles partial unmappings. 53867 * work. This now handles partial unmappings.
53265 * Jeremy Fitzhardinge <jeremy@goop.org> 53868 * Jeremy Fitzhardinge <jeremy@goop.org>
53266 */ 53869 */
@@ -53291,7 +53894,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53291 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) 53894 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
53292 return -EINVAL; 53895 return -EINVAL;
53293 53896
53294@@ -1956,6 +2293,8 @@ int do_munmap(struct mm_struct *mm, unsi 53897@@ -1956,6 +2328,8 @@ int do_munmap(struct mm_struct *mm, unsi
53295 /* Fix up all other VM information */ 53898 /* Fix up all other VM information */
53296 remove_vma_list(mm, vma); 53899 remove_vma_list(mm, vma);
53297 53900
@@ -53300,7 +53903,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53300 return 0; 53903 return 0;
53301 } 53904 }
53302 53905
53303@@ -1968,22 +2307,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a 53906@@ -1968,22 +2342,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a
53304 53907
53305 profile_munmap(addr); 53908 profile_munmap(addr);
53306 53909
@@ -53329,7 +53932,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53329 /* 53932 /*
53330 * this is really a simplified "do_mmap". it only handles 53933 * this is really a simplified "do_mmap". it only handles
53331 * anonymous maps. eventually we may be able to do some 53934 * anonymous maps. eventually we may be able to do some
53332@@ -1997,6 +2332,7 @@ unsigned long do_brk(unsigned long addr, 53935@@ -1997,6 +2367,7 @@ unsigned long do_brk(unsigned long addr,
53333 struct rb_node ** rb_link, * rb_parent; 53936 struct rb_node ** rb_link, * rb_parent;
53334 pgoff_t pgoff = addr >> PAGE_SHIFT; 53937 pgoff_t pgoff = addr >> PAGE_SHIFT;
53335 int error; 53938 int error;
@@ -53337,7 +53940,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53337 53940
53338 len = PAGE_ALIGN(len); 53941 len = PAGE_ALIGN(len);
53339 if (!len) 53942 if (!len)
53340@@ -2008,16 +2344,30 @@ unsigned long do_brk(unsigned long addr, 53943@@ -2008,16 +2379,30 @@ unsigned long do_brk(unsigned long addr,
53341 53944
53342 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; 53945 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
53343 53946
@@ -53369,7 +53972,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53369 locked += mm->locked_vm; 53972 locked += mm->locked_vm;
53370 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur; 53973 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
53371 lock_limit >>= PAGE_SHIFT; 53974 lock_limit >>= PAGE_SHIFT;
53372@@ -2034,22 +2384,22 @@ unsigned long do_brk(unsigned long addr, 53975@@ -2034,22 +2419,22 @@ unsigned long do_brk(unsigned long addr,
53373 /* 53976 /*
53374 * Clear old maps. this also does some error checking for us 53977 * Clear old maps. this also does some error checking for us
53375 */ 53978 */
@@ -53396,7 +53999,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53396 return -ENOMEM; 53999 return -ENOMEM;
53397 54000
53398 /* Can we just expand an old private anonymous mapping? */ 54001 /* Can we just expand an old private anonymous mapping? */
53399@@ -2063,7 +2413,7 @@ unsigned long do_brk(unsigned long addr, 54002@@ -2063,7 +2448,7 @@ unsigned long do_brk(unsigned long addr,
53400 */ 54003 */
53401 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); 54004 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
53402 if (!vma) { 54005 if (!vma) {
@@ -53405,7 +54008,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53405 return -ENOMEM; 54008 return -ENOMEM;
53406 } 54009 }
53407 54010
53408@@ -2075,11 +2425,12 @@ unsigned long do_brk(unsigned long addr, 54011@@ -2075,11 +2460,12 @@ unsigned long do_brk(unsigned long addr,
53409 vma->vm_page_prot = vm_get_page_prot(flags); 54012 vma->vm_page_prot = vm_get_page_prot(flags);
53410 vma_link(mm, vma, prev, rb_link, rb_parent); 54013 vma_link(mm, vma, prev, rb_link, rb_parent);
53411 out: 54014 out:
@@ -53420,7 +54023,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53420 return addr; 54023 return addr;
53421 } 54024 }
53422 54025
53423@@ -2126,8 +2477,10 @@ void exit_mmap(struct mm_struct *mm) 54026@@ -2126,8 +2512,10 @@ void exit_mmap(struct mm_struct *mm)
53424 * Walk the list again, actually closing and freeing it, 54027 * Walk the list again, actually closing and freeing it,
53425 * with preemption enabled, without holding any MM locks. 54028 * with preemption enabled, without holding any MM locks.
53426 */ 54029 */
@@ -53432,7 +54035,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53432 54035
53433 BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT); 54036 BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT);
53434 } 54037 }
53435@@ -2141,6 +2494,10 @@ int insert_vm_struct(struct mm_struct * 54038@@ -2141,6 +2529,10 @@ int insert_vm_struct(struct mm_struct *
53436 struct vm_area_struct * __vma, * prev; 54039 struct vm_area_struct * __vma, * prev;
53437 struct rb_node ** rb_link, * rb_parent; 54040 struct rb_node ** rb_link, * rb_parent;
53438 54041
@@ -53443,7 +54046,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53443 /* 54046 /*
53444 * The vm_pgoff of a purely anonymous vma should be irrelevant 54047 * The vm_pgoff of a purely anonymous vma should be irrelevant
53445 * until its first write fault, when page's anon_vma and index 54048 * until its first write fault, when page's anon_vma and index
53446@@ -2163,7 +2520,22 @@ int insert_vm_struct(struct mm_struct * 54049@@ -2163,7 +2555,22 @@ int insert_vm_struct(struct mm_struct *
53447 if ((vma->vm_flags & VM_ACCOUNT) && 54050 if ((vma->vm_flags & VM_ACCOUNT) &&
53448 security_vm_enough_memory_mm(mm, vma_pages(vma))) 54051 security_vm_enough_memory_mm(mm, vma_pages(vma)))
53449 return -ENOMEM; 54052 return -ENOMEM;
@@ -53466,7 +54069,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53466 return 0; 54069 return 0;
53467 } 54070 }
53468 54071
53469@@ -2181,6 +2553,8 @@ struct vm_area_struct *copy_vma(struct v 54072@@ -2181,6 +2588,8 @@ struct vm_area_struct *copy_vma(struct v
53470 struct rb_node **rb_link, *rb_parent; 54073 struct rb_node **rb_link, *rb_parent;
53471 struct mempolicy *pol; 54074 struct mempolicy *pol;
53472 54075
@@ -53475,7 +54078,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53475 /* 54078 /*
53476 * If anonymous vma has not yet been faulted, update new pgoff 54079 * If anonymous vma has not yet been faulted, update new pgoff
53477 * to match new location, to increase its chance of merging. 54080 * to match new location, to increase its chance of merging.
53478@@ -2224,6 +2598,35 @@ struct vm_area_struct *copy_vma(struct v 54081@@ -2224,6 +2633,35 @@ struct vm_area_struct *copy_vma(struct v
53479 return new_vma; 54082 return new_vma;
53480 } 54083 }
53481 54084
@@ -53511,7 +54114,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53511 /* 54114 /*
53512 * Return true if the calling process may expand its vm space by the passed 54115 * Return true if the calling process may expand its vm space by the passed
53513 * number of pages 54116 * number of pages
53514@@ -2234,7 +2637,7 @@ int may_expand_vm(struct mm_struct *mm, 54117@@ -2234,7 +2672,7 @@ int may_expand_vm(struct mm_struct *mm,
53515 unsigned long lim; 54118 unsigned long lim;
53516 54119
53517 lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT; 54120 lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT;
@@ -53520,7 +54123,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53520 if (cur + npages > lim) 54123 if (cur + npages > lim)
53521 return 0; 54124 return 0;
53522 return 1; 54125 return 1;
53523@@ -2303,6 +2706,17 @@ int install_special_mapping(struct mm_st 54126@@ -2303,6 +2741,17 @@ int install_special_mapping(struct mm_st
53524 vma->vm_start = addr; 54127 vma->vm_start = addr;
53525 vma->vm_end = addr + len; 54128 vma->vm_end = addr + len;
53526 54129
@@ -53540,7 +54143,7 @@ diff -urNp linux-2.6.32.21/mm/mmap.c linux-2.6.32.21/mm/mmap.c
53540 54143
53541diff -urNp linux-2.6.32.21/mm/mprotect.c linux-2.6.32.21/mm/mprotect.c 54144diff -urNp linux-2.6.32.21/mm/mprotect.c linux-2.6.32.21/mm/mprotect.c
53542--- linux-2.6.32.21/mm/mprotect.c 2010-08-13 16:24:37.000000000 -0400 54145--- linux-2.6.32.21/mm/mprotect.c 2010-08-13 16:24:37.000000000 -0400
53543+++ linux-2.6.32.21/mm/mprotect.c 2010-09-04 15:54:52.000000000 -0400 54146+++ linux-2.6.32.21/mm/mprotect.c 2010-09-17 18:34:04.000000000 -0400
53544@@ -24,10 +24,16 @@ 54147@@ -24,10 +24,16 @@
53545 #include <linux/mmu_notifier.h> 54148 #include <linux/mmu_notifier.h>
53546 #include <linux/migrate.h> 54149 #include <linux/migrate.h>
@@ -53607,7 +54210,7 @@ diff -urNp linux-2.6.32.21/mm/mprotect.c linux-2.6.32.21/mm/mprotect.c
53607 int 54210 int
53608 mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, 54211 mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
53609 unsigned long start, unsigned long end, unsigned long newflags) 54212 unsigned long start, unsigned long end, unsigned long newflags)
53610@@ -144,6 +192,14 @@ mprotect_fixup(struct vm_area_struct *vm 54213@@ -144,11 +192,29 @@ mprotect_fixup(struct vm_area_struct *vm
53611 int error; 54214 int error;
53612 int dirty_accountable = 0; 54215 int dirty_accountable = 0;
53613 54216
@@ -53622,7 +54225,22 @@ diff -urNp linux-2.6.32.21/mm/mprotect.c linux-2.6.32.21/mm/mprotect.c
53622 if (newflags == oldflags) { 54225 if (newflags == oldflags) {
53623 *pprev = vma; 54226 *pprev = vma;
53624 return 0; 54227 return 0;
53625@@ -165,6 +221,38 @@ mprotect_fixup(struct vm_area_struct *vm 54228 }
54229
54230+ if (newflags & (VM_READ | VM_WRITE | VM_EXEC)) {
54231+ struct vm_area_struct *prev = vma->vm_prev, *next = vma->vm_next;
54232+
54233+ if (next && (next->vm_flags & VM_GROWSDOWN) && sysctl_heap_stack_gap > next->vm_start - end)
54234+ return -ENOMEM;
54235+
54236+ if (prev && (prev->vm_flags & VM_GROWSUP) && sysctl_heap_stack_gap > start - prev->vm_end)
54237+ return -ENOMEM;
54238+ }
54239+
54240 /*
54241 * If we make a private mapping writable we increase our commit;
54242 * but (without finer accounting) cannot reduce our commit if we
54243@@ -165,6 +231,38 @@ mprotect_fixup(struct vm_area_struct *vm
53626 } 54244 }
53627 } 54245 }
53628 54246
@@ -53661,7 +54279,7 @@ diff -urNp linux-2.6.32.21/mm/mprotect.c linux-2.6.32.21/mm/mprotect.c
53661 /* 54279 /*
53662 * First try to merge with previous and/or next vma. 54280 * First try to merge with previous and/or next vma.
53663 */ 54281 */
53664@@ -195,9 +283,21 @@ success: 54282@@ -195,9 +293,21 @@ success:
53665 * vm_flags and vm_page_prot are protected by the mmap_sem 54283 * vm_flags and vm_page_prot are protected by the mmap_sem
53666 * held in write mode. 54284 * held in write mode.
53667 */ 54285 */
@@ -53684,7 +54302,7 @@ diff -urNp linux-2.6.32.21/mm/mprotect.c linux-2.6.32.21/mm/mprotect.c
53684 54302
53685 if (vma_wants_writenotify(vma)) { 54303 if (vma_wants_writenotify(vma)) {
53686 vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED); 54304 vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED);
53687@@ -238,6 +338,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, 54305@@ -238,6 +348,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
53688 end = start + len; 54306 end = start + len;
53689 if (end <= start) 54307 if (end <= start)
53690 return -ENOMEM; 54308 return -ENOMEM;
@@ -53702,7 +54320,7 @@ diff -urNp linux-2.6.32.21/mm/mprotect.c linux-2.6.32.21/mm/mprotect.c
53702 if (!arch_validate_prot(prot)) 54320 if (!arch_validate_prot(prot))
53703 return -EINVAL; 54321 return -EINVAL;
53704 54322
53705@@ -245,7 +356,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, 54323@@ -245,7 +366,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
53706 /* 54324 /*
53707 * Does the application expect PROT_READ to imply PROT_EXEC: 54325 * Does the application expect PROT_READ to imply PROT_EXEC:
53708 */ 54326 */
@@ -53711,7 +54329,7 @@ diff -urNp linux-2.6.32.21/mm/mprotect.c linux-2.6.32.21/mm/mprotect.c
53711 prot |= PROT_EXEC; 54329 prot |= PROT_EXEC;
53712 54330
53713 vm_flags = calc_vm_prot_bits(prot); 54331 vm_flags = calc_vm_prot_bits(prot);
53714@@ -277,6 +388,16 @@ SYSCALL_DEFINE3(mprotect, unsigned long, 54332@@ -277,6 +398,16 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
53715 if (start > vma->vm_start) 54333 if (start > vma->vm_start)
53716 prev = vma; 54334 prev = vma;
53717 54335
@@ -53728,7 +54346,7 @@ diff -urNp linux-2.6.32.21/mm/mprotect.c linux-2.6.32.21/mm/mprotect.c
53728 for (nstart = start ; ; ) { 54346 for (nstart = start ; ; ) {
53729 unsigned long newflags; 54347 unsigned long newflags;
53730 54348
53731@@ -301,6 +422,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, 54349@@ -301,6 +432,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
53732 if (error) 54350 if (error)
53733 goto out; 54351 goto out;
53734 perf_event_mmap(vma); 54352 perf_event_mmap(vma);
@@ -53843,8 +54461,16 @@ diff -urNp linux-2.6.32.21/mm/mremap.c linux-2.6.32.21/mm/mremap.c
53843 if (ret & ~PAGE_MASK) 54461 if (ret & ~PAGE_MASK)
53844diff -urNp linux-2.6.32.21/mm/nommu.c linux-2.6.32.21/mm/nommu.c 54462diff -urNp linux-2.6.32.21/mm/nommu.c linux-2.6.32.21/mm/nommu.c
53845--- linux-2.6.32.21/mm/nommu.c 2010-08-29 21:08:20.000000000 -0400 54463--- linux-2.6.32.21/mm/nommu.c 2010-08-29 21:08:20.000000000 -0400
53846+++ linux-2.6.32.21/mm/nommu.c 2010-09-04 15:54:52.000000000 -0400 54464+++ linux-2.6.32.21/mm/nommu.c 2010-09-17 18:34:04.000000000 -0400
53847@@ -761,15 +761,6 @@ struct vm_area_struct *find_vma(struct m 54465@@ -67,7 +67,6 @@ int sysctl_overcommit_memory = OVERCOMMI
54466 int sysctl_overcommit_ratio = 50; /* default is 50% */
54467 int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
54468 int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS;
54469-int heap_stack_gap = 0;
54470
54471 atomic_long_t mmap_pages_allocated;
54472
54473@@ -761,15 +760,6 @@ struct vm_area_struct *find_vma(struct m
53848 EXPORT_SYMBOL(find_vma); 54474 EXPORT_SYMBOL(find_vma);
53849 54475
53850 /* 54476 /*
@@ -56492,7 +57118,7 @@ diff -urNp linux-2.6.32.21/security/integrity/ima/ima_queue.c linux-2.6.32.21/se
56492 return 0; 57118 return 0;
56493diff -urNp linux-2.6.32.21/security/Kconfig linux-2.6.32.21/security/Kconfig 57119diff -urNp linux-2.6.32.21/security/Kconfig linux-2.6.32.21/security/Kconfig
56494--- linux-2.6.32.21/security/Kconfig 2010-08-13 16:24:37.000000000 -0400 57120--- linux-2.6.32.21/security/Kconfig 2010-08-13 16:24:37.000000000 -0400
56495+++ linux-2.6.32.21/security/Kconfig 2010-09-14 20:52:17.000000000 -0400 57121+++ linux-2.6.32.21/security/Kconfig 2010-09-17 17:39:35.000000000 -0400
56496@@ -4,6 +4,505 @@ 57122@@ -4,6 +4,505 @@
56497 57123
56498 menu "Security options" 57124 menu "Security options"
@@ -56516,7 +57142,7 @@ diff -urNp linux-2.6.32.21/security/Kconfig linux-2.6.32.21/security/Kconfig
56516+ 57142+
56517+config PAX 57143+config PAX
56518+ bool "Enable various PaX features" 57144+ bool "Enable various PaX features"
56519+ depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS32 || MIPS64 || PARISC || PPC || SPARC || X86) 57145+ depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS || PARISC || PPC || SPARC || X86)
56520+ help 57146+ help
56521+ This allows you to enable various PaX features. PaX adds 57147+ This allows you to enable various PaX features. PaX adds
56522+ intrusion prevention mechanisms to the kernel that reduce 57148+ intrusion prevention mechanisms to the kernel that reduce
© 2015 Mike Crute