]>
Commit | Line | Data |
---|---|---|
82094b55 AF |
1 | From: Greg Kroah-Hartman <gregkh@suse.de> |
2 | Subject: Linux 2.6.27.37 | |
3 | ||
4 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
5 | ||
6 | diff --git a/Makefile b/Makefile | |
7 | index e7046ea..e063536 100644 | |
8 | --- a/Makefile | |
9 | +++ b/Makefile | |
10 | @@ -1,7 +1,7 @@ | |
11 | VERSION = 2 | |
12 | PATCHLEVEL = 6 | |
13 | SUBLEVEL = 27 | |
14 | -EXTRAVERSION = .36 | |
15 | +EXTRAVERSION = .37 | |
16 | NAME = Trembling Tortoise | |
17 | ||
18 | # *DOCUMENTATION* | |
19 | diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S | |
20 | index 5e65290..09b59b2 100644 | |
21 | --- a/arch/x86/ia32/ia32entry.S | |
22 | +++ b/arch/x86/ia32/ia32entry.S | |
23 | @@ -21,8 +21,8 @@ | |
24 | #define __AUDIT_ARCH_LE 0x40000000 | |
25 | ||
26 | #ifndef CONFIG_AUDITSYSCALL | |
27 | -#define sysexit_audit int_ret_from_sys_call | |
28 | -#define sysretl_audit int_ret_from_sys_call | |
29 | +#define sysexit_audit ia32_ret_from_sys_call | |
30 | +#define sysretl_audit ia32_ret_from_sys_call | |
31 | #endif | |
32 | ||
33 | #define IA32_NR_syscalls ((ia32_syscall_end - ia32_sys_call_table)/8) | |
34 | @@ -39,12 +39,12 @@ | |
35 | .endm | |
36 | ||
37 | /* clobbers %eax */ | |
38 | - .macro CLEAR_RREGS | |
39 | + .macro CLEAR_RREGS offset=0, _r9=rax | |
40 | xorl %eax,%eax | |
41 | - movq %rax,R11(%rsp) | |
42 | - movq %rax,R10(%rsp) | |
43 | - movq %rax,R9(%rsp) | |
44 | - movq %rax,R8(%rsp) | |
45 | + movq %rax,\offset+R11(%rsp) | |
46 | + movq %rax,\offset+R10(%rsp) | |
47 | + movq %\_r9,\offset+R9(%rsp) | |
48 | + movq %rax,\offset+R8(%rsp) | |
49 | .endm | |
50 | ||
51 | /* | |
52 | @@ -52,11 +52,10 @@ | |
53 | * We don't reload %eax because syscall_trace_enter() returned | |
54 | * the value it wants us to use in the table lookup. | |
55 | */ | |
56 | - .macro LOAD_ARGS32 offset | |
57 | - movl \offset(%rsp),%r11d | |
58 | - movl \offset+8(%rsp),%r10d | |
59 | + .macro LOAD_ARGS32 offset, _r9=0 | |
60 | + .if \_r9 | |
61 | movl \offset+16(%rsp),%r9d | |
62 | - movl \offset+24(%rsp),%r8d | |
63 | + .endif | |
64 | movl \offset+40(%rsp),%ecx | |
65 | movl \offset+48(%rsp),%edx | |
66 | movl \offset+56(%rsp),%esi | |
67 | @@ -145,7 +144,7 @@ ENTRY(ia32_sysenter_target) | |
68 | SAVE_ARGS 0,0,1 | |
69 | /* no need to do an access_ok check here because rbp has been | |
70 | 32bit zero extended */ | |
71 | -1: movl (%rbp),%r9d | |
72 | +1: movl (%rbp),%ebp | |
73 | .section __ex_table,"a" | |
74 | .quad 1b,ia32_badarg | |
75 | .previous | |
76 | @@ -157,7 +156,7 @@ ENTRY(ia32_sysenter_target) | |
77 | cmpl $(IA32_NR_syscalls-1),%eax | |
78 | ja ia32_badsys | |
79 | sysenter_do_call: | |
80 | - IA32_ARG_FIXUP 1 | |
81 | + IA32_ARG_FIXUP | |
82 | sysenter_dispatch: | |
83 | call *ia32_sys_call_table(,%rax,8) | |
84 | movq %rax,RAX-ARGOFFSET(%rsp) | |
85 | @@ -173,6 +172,10 @@ sysexit_from_sys_call: | |
86 | movl RIP-R11(%rsp),%edx /* User %eip */ | |
87 | CFI_REGISTER rip,rdx | |
88 | RESTORE_ARGS 1,24,1,1,1,1 | |
89 | + xorq %r8,%r8 | |
90 | + xorq %r9,%r9 | |
91 | + xorq %r10,%r10 | |
92 | + xorq %r11,%r11 | |
93 | popfq | |
94 | CFI_ADJUST_CFA_OFFSET -8 | |
95 | /*CFI_RESTORE rflags*/ | |
96 | @@ -203,7 +206,7 @@ sysexit_from_sys_call: | |
97 | ||
98 | .macro auditsys_exit exit,ebpsave=RBP | |
99 | testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) | |
100 | - jnz int_ret_from_sys_call | |
101 | + jnz ia32_ret_from_sys_call | |
102 | TRACE_IRQS_ON | |
103 | sti | |
104 | movl %eax,%esi /* second arg, syscall return value */ | |
105 | @@ -219,8 +222,9 @@ sysexit_from_sys_call: | |
106 | cli | |
107 | TRACE_IRQS_OFF | |
108 | testl %edi,TI_flags(%r10) | |
109 | - jnz int_with_check | |
110 | - jmp \exit | |
111 | + jz \exit | |
112 | + CLEAR_RREGS -ARGOFFSET | |
113 | + jmp int_with_check | |
114 | .endm | |
115 | ||
116 | sysenter_auditsys: | |
117 | @@ -234,20 +238,17 @@ sysexit_audit: | |
118 | #endif | |
119 | ||
120 | sysenter_tracesys: | |
121 | - xchgl %r9d,%ebp | |
122 | #ifdef CONFIG_AUDITSYSCALL | |
123 | testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) | |
124 | jz sysenter_auditsys | |
125 | #endif | |
126 | SAVE_REST | |
127 | CLEAR_RREGS | |
128 | - movq %r9,R9(%rsp) | |
129 | movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */ | |
130 | movq %rsp,%rdi /* &pt_regs -> arg1 */ | |
131 | call syscall_trace_enter | |
132 | LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ | |
133 | RESTORE_REST | |
134 | - xchgl %ebp,%r9d | |
135 | cmpl $(IA32_NR_syscalls-1),%eax | |
136 | ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */ | |
137 | jmp sysenter_do_call | |
138 | @@ -314,9 +315,9 @@ ENTRY(ia32_cstar_target) | |
139 | testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) | |
140 | CFI_REMEMBER_STATE | |
141 | jnz cstar_tracesys | |
142 | -cstar_do_call: | |
143 | cmpl $IA32_NR_syscalls-1,%eax | |
144 | ja ia32_badsys | |
145 | +cstar_do_call: | |
146 | IA32_ARG_FIXUP 1 | |
147 | cstar_dispatch: | |
148 | call *ia32_sys_call_table(,%rax,8) | |
149 | @@ -333,6 +334,9 @@ sysretl_from_sys_call: | |
150 | CFI_REGISTER rip,rcx | |
151 | movl EFLAGS-ARGOFFSET(%rsp),%r11d | |
152 | /*CFI_REGISTER rflags,r11*/ | |
153 | + xorq %r10,%r10 | |
154 | + xorq %r9,%r9 | |
155 | + xorq %r8,%r8 | |
156 | TRACE_IRQS_ON | |
157 | movl RSP-ARGOFFSET(%rsp),%esp | |
158 | CFI_RESTORE rsp | |
159 | @@ -357,15 +361,13 @@ cstar_tracesys: | |
160 | #endif | |
161 | xchgl %r9d,%ebp | |
162 | SAVE_REST | |
163 | - CLEAR_RREGS | |
164 | - movq %r9,R9(%rsp) | |
165 | + CLEAR_RREGS 0, r9 | |
166 | movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ | |
167 | movq %rsp,%rdi /* &pt_regs -> arg1 */ | |
168 | call syscall_trace_enter | |
169 | - LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ | |
170 | + LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */ | |
171 | RESTORE_REST | |
172 | xchgl %ebp,%r9d | |
173 | - movl RSP-ARGOFFSET(%rsp), %r8d | |
174 | cmpl $(IA32_NR_syscalls-1),%eax | |
175 | ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */ | |
176 | jmp cstar_do_call | |
177 | @@ -431,6 +433,8 @@ ia32_do_call: | |
178 | call *ia32_sys_call_table(,%rax,8) # xxx: rip relative | |
179 | ia32_sysret: | |
180 | movq %rax,RAX-ARGOFFSET(%rsp) | |
181 | +ia32_ret_from_sys_call: | |
182 | + CLEAR_RREGS -ARGOFFSET | |
183 | jmp int_ret_from_sys_call | |
184 | ||
185 | ia32_tracesys: | |
186 | @@ -448,8 +452,8 @@ END(ia32_syscall) | |
187 | ||
188 | ia32_badsys: | |
189 | movq $0,ORIG_RAX-ARGOFFSET(%rsp) | |
190 | - movq $-ENOSYS,RAX-ARGOFFSET(%rsp) | |
191 | - jmp int_ret_from_sys_call | |
192 | + movq $-ENOSYS,%rax | |
193 | + jmp ia32_sysret | |
194 | ||
195 | quiet_ni_syscall: | |
196 | movq $-ENOSYS,%rax | |
197 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c | |
198 | index f7c7142..60ebfd7 100644 | |
199 | --- a/arch/x86/kvm/x86.c | |
200 | +++ b/arch/x86/kvm/x86.c | |
201 | @@ -2571,6 +2571,11 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) | |
202 | a3 &= 0xFFFFFFFF; | |
203 | } | |
204 | ||
205 | + if (kvm_x86_ops->get_cpl(vcpu) != 0) { | |
206 | + ret = -KVM_EPERM; | |
207 | + goto out; | |
208 | + } | |
209 | + | |
210 | switch (nr) { | |
211 | case KVM_HC_VAPIC_POLL_IRQ: | |
212 | ret = 0; | |
213 | @@ -2582,6 +2587,7 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) | |
214 | ret = -KVM_ENOSYS; | |
215 | break; | |
216 | } | |
217 | +out: | |
218 | vcpu->arch.regs[VCPU_REGS_RAX] = ret; | |
219 | kvm_x86_ops->decache_regs(vcpu); | |
220 | ++vcpu->stat.hypercalls; | |
221 | diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c | |
222 | index 56fe712..47dd8f5 100644 | |
223 | --- a/arch/x86/mm/mmap.c | |
224 | +++ b/arch/x86/mm/mmap.c | |
225 | @@ -29,13 +29,26 @@ | |
226 | #include <linux/random.h> | |
227 | #include <linux/limits.h> | |
228 | #include <linux/sched.h> | |
229 | +#include <asm/elf.h> | |
230 | + | |
231 | +static unsigned int stack_maxrandom_size(void) | |
232 | +{ | |
233 | + unsigned int max = 0; | |
234 | + if ((current->flags & PF_RANDOMIZE) && | |
235 | + !(current->personality & ADDR_NO_RANDOMIZE)) { | |
236 | + max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT; | |
237 | + } | |
238 | + | |
239 | + return max; | |
240 | +} | |
241 | + | |
242 | ||
243 | /* | |
244 | * Top of mmap area (just below the process stack). | |
245 | * | |
246 | - * Leave an at least ~128 MB hole. | |
247 | + * Leave an at least ~128 MB hole with possible stack randomization. | |
248 | */ | |
249 | -#define MIN_GAP (128*1024*1024) | |
250 | +#define MIN_GAP (128*1024*1024UL + stack_maxrandom_size()) | |
251 | #define MAX_GAP (TASK_SIZE/6*5) | |
252 | ||
253 | /* | |
254 | diff --git a/drivers/net/iseries_veth.c b/drivers/net/iseries_veth.c | |
255 | index c46864d..e1db78a 100644 | |
256 | --- a/drivers/net/iseries_veth.c | |
257 | +++ b/drivers/net/iseries_veth.c | |
258 | @@ -495,7 +495,7 @@ static void veth_take_cap_ack(struct veth_lpar_connection *cnx, | |
259 | cnx->remote_lp); | |
260 | } else { | |
261 | memcpy(&cnx->cap_ack_event, event, | |
262 | - sizeof(&cnx->cap_ack_event)); | |
263 | + sizeof(cnx->cap_ack_event)); | |
264 | cnx->state |= VETH_STATE_GOTCAPACK; | |
265 | veth_kick_statemachine(cnx); | |
266 | } | |
267 | diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c | |
268 | index 763c1ea..dad4fe6 100644 | |
269 | --- a/drivers/watchdog/hpwdt.c | |
270 | +++ b/drivers/watchdog/hpwdt.c | |
271 | @@ -47,6 +47,7 @@ | |
272 | #define PCI_BIOS32_PARAGRAPH_LEN 16 | |
273 | #define PCI_ROM_BASE1 0x000F0000 | |
274 | #define ROM_SIZE 0x10000 | |
275 | +#define HPWDT_VERSION "1.01" | |
276 | ||
277 | struct bios32_service_dir { | |
278 | u32 signature; | |
279 | @@ -130,12 +131,8 @@ static void *cru_rom_addr; | |
280 | static struct cmn_registers cmn_regs; | |
281 | ||
282 | static struct pci_device_id hpwdt_devices[] = { | |
283 | - { | |
284 | - .vendor = PCI_VENDOR_ID_COMPAQ, | |
285 | - .device = 0xB203, | |
286 | - .subvendor = PCI_ANY_ID, | |
287 | - .subdevice = PCI_ANY_ID, | |
288 | - }, | |
289 | + { PCI_DEVICE(PCI_VENDOR_ID_COMPAQ, 0xB203) }, | |
290 | + { PCI_DEVICE(PCI_VENDOR_ID_HP, 0x3306) }, | |
291 | {0}, /* terminate list */ | |
292 | }; | |
293 | MODULE_DEVICE_TABLE(pci, hpwdt_devices); | |
294 | @@ -704,10 +701,11 @@ static int __devinit hpwdt_init_one(struct pci_dev *dev, | |
295 | } | |
296 | ||
297 | printk(KERN_INFO | |
298 | - "hp Watchdog Timer Driver: 1.00" | |
299 | + "hp Watchdog Timer Driver: %s" | |
300 | ", timer margin: %d seconds (nowayout=%d)" | |
301 | ", allow kernel dump: %s (default = 0/OFF).\n", | |
302 | - soft_margin, nowayout, (allow_kdump == 0) ? "OFF" : "ON"); | |
303 | + HPWDT_VERSION, soft_margin, nowayout, | |
304 | + (allow_kdump == 0) ? "OFF" : "ON"); | |
305 | ||
306 | return 0; | |
307 | ||
308 | @@ -757,6 +755,7 @@ static int __init hpwdt_init(void) | |
309 | MODULE_AUTHOR("Tom Mingarelli"); | |
310 | MODULE_DESCRIPTION("hp watchdog driver"); | |
311 | MODULE_LICENSE("GPL"); | |
312 | +MODULE_VERSION(HPWDT_VERSION); | |
313 | MODULE_ALIAS_MISCDEV(WATCHDOG_MINOR); | |
314 | ||
315 | module_param(soft_margin, int, 0); | |
316 | diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c | |
317 | index 5e78fc1..1c1220e 100644 | |
318 | --- a/fs/ecryptfs/inode.c | |
319 | +++ b/fs/ecryptfs/inode.c | |
320 | @@ -443,6 +443,7 @@ static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry) | |
321 | struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir); | |
322 | struct dentry *lower_dir_dentry; | |
323 | ||
324 | + dget(lower_dentry); | |
325 | lower_dir_dentry = lock_parent(lower_dentry); | |
326 | rc = vfs_unlink(lower_dir_inode, lower_dentry); | |
327 | if (rc) { | |
328 | @@ -456,6 +457,7 @@ static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry) | |
329 | d_drop(dentry); | |
330 | out_unlock: | |
331 | unlock_dir(lower_dir_dentry); | |
332 | + dput(lower_dentry); | |
333 | return rc; | |
334 | } | |
335 | ||
336 | diff --git a/include/asm-x86/elf.h b/include/asm-x86/elf.h | |
337 | index 7be4733..36343b6 100644 | |
338 | --- a/include/asm-x86/elf.h | |
339 | +++ b/include/asm-x86/elf.h | |
340 | @@ -287,6 +287,8 @@ do { \ | |
341 | ||
342 | #ifdef CONFIG_X86_32 | |
343 | ||
344 | +#define STACK_RND_MASK (0x7ff) | |
345 | + | |
346 | #define VDSO_HIGH_BASE (__fix_to_virt(FIX_VDSO)) | |
347 | ||
348 | #define ARCH_DLINFO ARCH_DLINFO_IA32(vdso_enabled) | |
349 | diff --git a/include/linux/kvm_para.h b/include/linux/kvm_para.h | |
350 | index 3ddce03..d731092 100644 | |
351 | --- a/include/linux/kvm_para.h | |
352 | +++ b/include/linux/kvm_para.h | |
353 | @@ -13,6 +13,7 @@ | |
354 | #define KVM_ENOSYS 1000 | |
355 | #define KVM_EFAULT EFAULT | |
356 | #define KVM_E2BIG E2BIG | |
357 | +#define KVM_EPERM EPERM | |
358 | ||
359 | #define KVM_HC_VAPIC_POLL_IRQ 1 | |
360 | #define KVM_HC_MMU_OP 2 | |
361 | diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c | |
362 | index 521960b..6e22c16 100644 | |
363 | --- a/kernel/time/timekeeping.c | |
364 | +++ b/kernel/time/timekeeping.c | |
365 | @@ -477,6 +477,28 @@ void update_wall_time(void) | |
366 | /* correct the clock when NTP error is too big */ | |
367 | clocksource_adjust(offset); | |
368 | ||
369 | + /* | |
370 | + * Since in the loop above, we accumulate any amount of time | |
371 | + * in xtime_nsec over a second into xtime.tv_sec, its possible for | |
372 | + * xtime_nsec to be fairly small after the loop. Further, if we're | |
373 | + * slightly speeding the clocksource up in clocksource_adjust(), | |
374 | + * its possible the required corrective factor to xtime_nsec could | |
375 | + * cause it to underflow. | |
376 | + * | |
377 | + * Now, we cannot simply roll the accumulated second back, since | |
378 | + * the NTP subsystem has been notified via second_overflow. So | |
379 | + * instead we push xtime_nsec forward by the amount we underflowed, | |
380 | + * and add that amount into the error. | |
381 | + * | |
382 | + * We'll correct this error next time through this function, when | |
383 | + * xtime_nsec is not as small. | |
384 | + */ | |
385 | + if (unlikely((s64)clock->xtime_nsec < 0)) { | |
386 | + s64 neg = -(s64)clock->xtime_nsec; | |
387 | + clock->xtime_nsec = 0; | |
388 | + clock->error += neg << (NTP_SCALE_SHIFT - clock->shift); | |
389 | + } | |
390 | + | |
391 | /* store full nanoseconds into xtime */ | |
392 | xtime.tv_nsec = (s64)clock->xtime_nsec >> clock->shift; | |
393 | clock->xtime_nsec -= (s64)xtime.tv_nsec << clock->shift; |