]>
Commit | Line | Data |
---|---|---|
ae4e228f MT |
1 | diff -urNp linux-2.6.33.1/arch/alpha/include/asm/elf.h linux-2.6.33.1/arch/alpha/include/asm/elf.h |
2 | --- linux-2.6.33.1/arch/alpha/include/asm/elf.h 2010-03-15 12:09:39.000000000 -0400 | |
3 | +++ linux-2.6.33.1/arch/alpha/include/asm/elf.h 2010-03-20 16:58:38.417757561 -0400 | |
4 | @@ -90,6 +90,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N | |
58c5fc13 MT |
5 | |
6 | #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000) | |
7 | ||
8 | +#ifdef CONFIG_PAX_ASLR | |
9 | +#define PAX_ELF_ET_DYN_BASE (current->personality & ADDR_LIMIT_32BIT ? 0x10000 : 0x120000000UL) | |
10 | + | |
11 | +#define PAX_DELTA_MMAP_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 28) | |
12 | +#define PAX_DELTA_STACK_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 19) | |
13 | +#endif | |
14 | + | |
15 | /* $0 is set by ld.so to a pointer to a function which might be | |
16 | registered using atexit. This provides a mean for the dynamic | |
17 | linker to call DT_FINI functions for shared libraries that have | |
ae4e228f MT |
18 | diff -urNp linux-2.6.33.1/arch/alpha/include/asm/pgtable.h linux-2.6.33.1/arch/alpha/include/asm/pgtable.h |
19 | --- linux-2.6.33.1/arch/alpha/include/asm/pgtable.h 2010-03-15 12:09:39.000000000 -0400 | |
20 | +++ linux-2.6.33.1/arch/alpha/include/asm/pgtable.h 2010-03-20 16:58:38.417757561 -0400 | |
58c5fc13 MT |
21 | @@ -101,6 +101,17 @@ struct vm_area_struct; |
22 | #define PAGE_SHARED __pgprot(_PAGE_VALID | __ACCESS_BITS) | |
23 | #define PAGE_COPY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW) | |
24 | #define PAGE_READONLY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW) | |
25 | + | |
26 | +#ifdef CONFIG_PAX_PAGEEXEC | |
27 | +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOE) | |
28 | +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE) | |
29 | +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE) | |
30 | +#else | |
31 | +# define PAGE_SHARED_NOEXEC PAGE_SHARED | |
32 | +# define PAGE_COPY_NOEXEC PAGE_COPY | |
33 | +# define PAGE_READONLY_NOEXEC PAGE_READONLY | |
34 | +#endif | |
35 | + | |
36 | #define PAGE_KERNEL __pgprot(_PAGE_VALID | _PAGE_ASM | _PAGE_KRE | _PAGE_KWE) | |
37 | ||
38 | #define _PAGE_NORMAL(x) __pgprot(_PAGE_VALID | __ACCESS_BITS | (x)) | |
ae4e228f MT |
39 | diff -urNp linux-2.6.33.1/arch/alpha/kernel/module.c linux-2.6.33.1/arch/alpha/kernel/module.c |
40 | --- linux-2.6.33.1/arch/alpha/kernel/module.c 2010-03-15 12:09:39.000000000 -0400 | |
41 | +++ linux-2.6.33.1/arch/alpha/kernel/module.c 2010-03-20 16:58:38.417757561 -0400 | |
58c5fc13 MT |
42 | @@ -182,7 +182,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs, |
43 | ||
44 | /* The small sections were sorted to the end of the segment. | |
45 | The following should definitely cover them. */ | |
46 | - gp = (u64)me->module_core + me->core_size - 0x8000; | |
47 | + gp = (u64)me->module_core_rw + me->core_size_rw - 0x8000; | |
48 | got = sechdrs[me->arch.gotsecindex].sh_addr; | |
49 | ||
50 | for (i = 0; i < n; i++) { | |
ae4e228f MT |
51 | diff -urNp linux-2.6.33.1/arch/alpha/kernel/osf_sys.c linux-2.6.33.1/arch/alpha/kernel/osf_sys.c |
52 | --- linux-2.6.33.1/arch/alpha/kernel/osf_sys.c 2010-03-15 12:09:39.000000000 -0400 | |
53 | +++ linux-2.6.33.1/arch/alpha/kernel/osf_sys.c 2010-03-20 16:58:38.417757561 -0400 | |
54 | @@ -1205,6 +1205,10 @@ arch_get_unmapped_area(struct file *filp | |
58c5fc13 MT |
55 | merely specific addresses, but regions of memory -- perhaps |
56 | this feature should be incorporated into all ports? */ | |
57 | ||
58 | +#ifdef CONFIG_PAX_RANDMMAP | |
59 | + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP)) | |
60 | +#endif | |
61 | + | |
62 | if (addr) { | |
63 | addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit); | |
64 | if (addr != (unsigned long) -ENOMEM) | |
ae4e228f | 65 | @@ -1212,8 +1216,8 @@ arch_get_unmapped_area(struct file *filp |
58c5fc13 MT |
66 | } |
67 | ||
68 | /* Next, try allocating at TASK_UNMAPPED_BASE. */ | |
69 | - addr = arch_get_unmapped_area_1 (PAGE_ALIGN(TASK_UNMAPPED_BASE), | |
70 | - len, limit); | |
71 | + addr = arch_get_unmapped_area_1 (PAGE_ALIGN(current->mm->mmap_base), len, limit); | |
72 | + | |
73 | if (addr != (unsigned long) -ENOMEM) | |
74 | return addr; | |
75 | ||
ae4e228f MT |
76 | diff -urNp linux-2.6.33.1/arch/alpha/mm/fault.c linux-2.6.33.1/arch/alpha/mm/fault.c |
77 | --- linux-2.6.33.1/arch/alpha/mm/fault.c 2010-03-15 12:09:39.000000000 -0400 | |
78 | +++ linux-2.6.33.1/arch/alpha/mm/fault.c 2010-03-20 16:58:38.420782159 -0400 | |
58c5fc13 MT |
79 | @@ -54,6 +54,124 @@ __load_new_mm_context(struct mm_struct * |
80 | __reload_thread(pcb); | |
81 | } | |
82 | ||
83 | +#ifdef CONFIG_PAX_PAGEEXEC | |
84 | +/* | |
85 | + * PaX: decide what to do with offenders (regs->pc = fault address) | |
86 | + * | |
87 | + * returns 1 when task should be killed | |
88 | + * 2 when patched PLT trampoline was detected | |
89 | + * 3 when unpatched PLT trampoline was detected | |
90 | + */ | |
91 | +static int pax_handle_fetch_fault(struct pt_regs *regs) | |
92 | +{ | |
93 | + | |
94 | +#ifdef CONFIG_PAX_EMUPLT | |
95 | + int err; | |
96 | + | |
97 | + do { /* PaX: patched PLT emulation #1 */ | |
98 | + unsigned int ldah, ldq, jmp; | |
99 | + | |
100 | + err = get_user(ldah, (unsigned int *)regs->pc); | |
101 | + err |= get_user(ldq, (unsigned int *)(regs->pc+4)); | |
102 | + err |= get_user(jmp, (unsigned int *)(regs->pc+8)); | |
103 | + | |
104 | + if (err) | |
105 | + break; | |
106 | + | |
107 | + if ((ldah & 0xFFFF0000U) == 0x277B0000U && | |
108 | + (ldq & 0xFFFF0000U) == 0xA77B0000U && | |
109 | + jmp == 0x6BFB0000U) | |
110 | + { | |
111 | + unsigned long r27, addr; | |
112 | + unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16; | |
113 | + unsigned long addrl = ldq | 0xFFFFFFFFFFFF0000UL; | |
114 | + | |
115 | + addr = regs->r27 + ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL); | |
116 | + err = get_user(r27, (unsigned long *)addr); | |
117 | + if (err) | |
118 | + break; | |
119 | + | |
120 | + regs->r27 = r27; | |
121 | + regs->pc = r27; | |
122 | + return 2; | |
123 | + } | |
124 | + } while (0); | |
125 | + | |
126 | + do { /* PaX: patched PLT emulation #2 */ | |
127 | + unsigned int ldah, lda, br; | |
128 | + | |
129 | + err = get_user(ldah, (unsigned int *)regs->pc); | |
130 | + err |= get_user(lda, (unsigned int *)(regs->pc+4)); | |
131 | + err |= get_user(br, (unsigned int *)(regs->pc+8)); | |
132 | + | |
133 | + if (err) | |
134 | + break; | |
135 | + | |
136 | + if ((ldah & 0xFFFF0000U) == 0x277B0000U && | |
137 | + (lda & 0xFFFF0000U) == 0xA77B0000U && | |
138 | + (br & 0xFFE00000U) == 0xC3E00000U) | |
139 | + { | |
140 | + unsigned long addr = br | 0xFFFFFFFFFFE00000UL; | |
141 | + unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16; | |
142 | + unsigned long addrl = lda | 0xFFFFFFFFFFFF0000UL; | |
143 | + | |
144 | + regs->r27 += ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL); | |
145 | + regs->pc += 12 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2); | |
146 | + return 2; | |
147 | + } | |
148 | + } while (0); | |
149 | + | |
150 | + do { /* PaX: unpatched PLT emulation */ | |
151 | + unsigned int br; | |
152 | + | |
153 | + err = get_user(br, (unsigned int *)regs->pc); | |
154 | + | |
155 | + if (!err && (br & 0xFFE00000U) == 0xC3800000U) { | |
156 | + unsigned int br2, ldq, nop, jmp; | |
157 | + unsigned long addr = br | 0xFFFFFFFFFFE00000UL, resolver; | |
158 | + | |
159 | + addr = regs->pc + 4 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2); | |
160 | + err = get_user(br2, (unsigned int *)addr); | |
161 | + err |= get_user(ldq, (unsigned int *)(addr+4)); | |
162 | + err |= get_user(nop, (unsigned int *)(addr+8)); | |
163 | + err |= get_user(jmp, (unsigned int *)(addr+12)); | |
164 | + err |= get_user(resolver, (unsigned long *)(addr+16)); | |
165 | + | |
166 | + if (err) | |
167 | + break; | |
168 | + | |
169 | + if (br2 == 0xC3600000U && | |
170 | + ldq == 0xA77B000CU && | |
171 | + nop == 0x47FF041FU && | |
172 | + jmp == 0x6B7B0000U) | |
173 | + { | |
174 | + regs->r28 = regs->pc+4; | |
175 | + regs->r27 = addr+16; | |
176 | + regs->pc = resolver; | |
177 | + return 3; | |
178 | + } | |
179 | + } | |
180 | + } while (0); | |
181 | +#endif | |
182 | + | |
183 | + return 1; | |
184 | +} | |
185 | + | |
186 | +void pax_report_insns(void *pc, void *sp) | |
187 | +{ | |
188 | + unsigned long i; | |
189 | + | |
190 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
191 | + for (i = 0; i < 5; i++) { | |
192 | + unsigned int c; | |
193 | + if (get_user(c, (unsigned int *)pc+i)) | |
194 | + printk(KERN_CONT "???????? "); | |
195 | + else | |
196 | + printk(KERN_CONT "%08x ", c); | |
197 | + } | |
198 | + printk("\n"); | |
199 | +} | |
200 | +#endif | |
201 | ||
202 | /* | |
203 | * This routine handles page faults. It determines the address, | |
204 | @@ -131,8 +249,29 @@ do_page_fault(unsigned long address, uns | |
205 | good_area: | |
206 | si_code = SEGV_ACCERR; | |
207 | if (cause < 0) { | |
208 | - if (!(vma->vm_flags & VM_EXEC)) | |
209 | + if (!(vma->vm_flags & VM_EXEC)) { | |
210 | + | |
211 | +#ifdef CONFIG_PAX_PAGEEXEC | |
212 | + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->pc) | |
213 | + goto bad_area; | |
214 | + | |
215 | + up_read(&mm->mmap_sem); | |
216 | + switch (pax_handle_fetch_fault(regs)) { | |
217 | + | |
218 | +#ifdef CONFIG_PAX_EMUPLT | |
219 | + case 2: | |
220 | + case 3: | |
221 | + return; | |
222 | +#endif | |
223 | + | |
224 | + } | |
225 | + pax_report_fault(regs, (void *)regs->pc, (void *)rdusp()); | |
226 | + do_group_exit(SIGKILL); | |
227 | +#else | |
228 | goto bad_area; | |
229 | +#endif | |
230 | + | |
231 | + } | |
232 | } else if (!cause) { | |
233 | /* Allow reads even for write-only mappings */ | |
234 | if (!(vma->vm_flags & (VM_READ | VM_WRITE))) | |
ae4e228f MT |
235 | diff -urNp linux-2.6.33.1/arch/arm/include/asm/elf.h linux-2.6.33.1/arch/arm/include/asm/elf.h |
236 | --- linux-2.6.33.1/arch/arm/include/asm/elf.h 2010-03-15 12:09:39.000000000 -0400 | |
237 | +++ linux-2.6.33.1/arch/arm/include/asm/elf.h 2010-03-20 16:58:38.440745685 -0400 | |
238 | @@ -108,7 +108,14 @@ int dump_task_regs(struct task_struct *t | |
58c5fc13 MT |
239 | the loader. We need to make sure that it is out of the way of the program |
240 | that it will "exec", and that there is sufficient room for the brk. */ | |
241 | ||
242 | -#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3) | |
243 | +#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2) | |
244 | + | |
245 | +#ifdef CONFIG_PAX_ASLR | |
246 | +#define PAX_ELF_ET_DYN_BASE 0x00008000UL | |
247 | + | |
248 | +#define PAX_DELTA_MMAP_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10) | |
249 | +#define PAX_DELTA_STACK_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10) | |
250 | +#endif | |
251 | ||
252 | /* When the program starts, a1 contains a pointer to a function to be | |
253 | registered with atexit, as per the SVR4 ABI. A value of 0 means we | |
ae4e228f MT |
254 | diff -urNp linux-2.6.33.1/arch/arm/include/asm/kmap_types.h linux-2.6.33.1/arch/arm/include/asm/kmap_types.h |
255 | --- linux-2.6.33.1/arch/arm/include/asm/kmap_types.h 2010-03-15 12:09:39.000000000 -0400 | |
256 | +++ linux-2.6.33.1/arch/arm/include/asm/kmap_types.h 2010-03-20 16:58:38.444581130 -0400 | |
58c5fc13 MT |
257 | @@ -19,6 +19,7 @@ enum km_type { |
258 | KM_SOFTIRQ0, | |
259 | KM_SOFTIRQ1, | |
260 | KM_L2_CACHE, | |
261 | + KM_CLEARPAGE, | |
262 | KM_TYPE_NR | |
263 | }; | |
264 | ||
ae4e228f MT |
265 | diff -urNp linux-2.6.33.1/arch/arm/include/asm/uaccess.h linux-2.6.33.1/arch/arm/include/asm/uaccess.h |
266 | --- linux-2.6.33.1/arch/arm/include/asm/uaccess.h 2010-03-15 12:09:39.000000000 -0400 | |
267 | +++ linux-2.6.33.1/arch/arm/include/asm/uaccess.h 2010-03-20 16:58:38.444581130 -0400 | |
268 | @@ -403,6 +403,9 @@ extern unsigned long __must_check __strn | |
58c5fc13 MT |
269 | |
270 | static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) | |
271 | { | |
272 | + if ((long)n < 0) | |
273 | + return n; | |
274 | + | |
275 | if (access_ok(VERIFY_READ, from, n)) | |
276 | n = __copy_from_user(to, from, n); | |
277 | else /* security hole - plug it */ | |
ae4e228f | 278 | @@ -412,6 +415,9 @@ static inline unsigned long __must_check |
58c5fc13 MT |
279 | |
280 | static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) | |
281 | { | |
282 | + if ((long)n < 0) | |
283 | + return n; | |
284 | + | |
285 | if (access_ok(VERIFY_WRITE, to, n)) | |
286 | n = __copy_to_user(to, from, n); | |
287 | return n; | |
ae4e228f MT |
288 | diff -urNp linux-2.6.33.1/arch/arm/kernel/kgdb.c linux-2.6.33.1/arch/arm/kernel/kgdb.c |
289 | --- linux-2.6.33.1/arch/arm/kernel/kgdb.c 2010-03-15 12:09:39.000000000 -0400 | |
290 | +++ linux-2.6.33.1/arch/arm/kernel/kgdb.c 2010-03-20 16:58:38.468885430 -0400 | |
291 | @@ -190,7 +190,7 @@ void kgdb_arch_exit(void) | |
292 | * and we handle the normal undef case within the do_undefinstr | |
293 | * handler. | |
294 | */ | |
295 | -struct kgdb_arch arch_kgdb_ops = { | |
296 | +const struct kgdb_arch arch_kgdb_ops = { | |
297 | #ifndef __ARMEB__ | |
298 | .gdb_bpt_instr = {0xfe, 0xde, 0xff, 0xe7} | |
299 | #else /* ! __ARMEB__ */ | |
300 | diff -urNp linux-2.6.33.1/arch/arm/mach-at91/pm.c linux-2.6.33.1/arch/arm/mach-at91/pm.c | |
301 | --- linux-2.6.33.1/arch/arm/mach-at91/pm.c 2010-03-15 12:09:39.000000000 -0400 | |
302 | +++ linux-2.6.33.1/arch/arm/mach-at91/pm.c 2010-03-20 16:58:38.468885430 -0400 | |
303 | @@ -294,7 +294,7 @@ static void at91_pm_end(void) | |
304 | } | |
305 | ||
306 | ||
307 | -static struct platform_suspend_ops at91_pm_ops ={ | |
308 | +static const struct platform_suspend_ops at91_pm_ops ={ | |
309 | .valid = at91_pm_valid_state, | |
310 | .begin = at91_pm_begin, | |
311 | .enter = at91_pm_enter, | |
312 | diff -urNp linux-2.6.33.1/arch/arm/mach-omap1/pm.c linux-2.6.33.1/arch/arm/mach-omap1/pm.c | |
313 | --- linux-2.6.33.1/arch/arm/mach-omap1/pm.c 2010-03-15 12:09:39.000000000 -0400 | |
314 | +++ linux-2.6.33.1/arch/arm/mach-omap1/pm.c 2010-03-20 16:58:38.472778666 -0400 | |
315 | @@ -647,7 +647,7 @@ static struct irqaction omap_wakeup_irq | |
316 | ||
317 | ||
318 | ||
319 | -static struct platform_suspend_ops omap_pm_ops ={ | |
320 | +static const struct platform_suspend_ops omap_pm_ops ={ | |
321 | .prepare = omap_pm_prepare, | |
322 | .enter = omap_pm_enter, | |
323 | .finish = omap_pm_finish, | |
324 | diff -urNp linux-2.6.33.1/arch/arm/mach-omap2/pm24xx.c linux-2.6.33.1/arch/arm/mach-omap2/pm24xx.c | |
325 | --- linux-2.6.33.1/arch/arm/mach-omap2/pm24xx.c 2010-03-15 12:09:39.000000000 -0400 | |
326 | +++ linux-2.6.33.1/arch/arm/mach-omap2/pm24xx.c 2010-03-20 16:58:38.476775080 -0400 | |
327 | @@ -326,7 +326,7 @@ static void omap2_pm_finish(void) | |
328 | enable_hlt(); | |
329 | } | |
330 | ||
331 | -static struct platform_suspend_ops omap_pm_ops = { | |
332 | +static const struct platform_suspend_ops omap_pm_ops = { | |
333 | .prepare = omap2_pm_prepare, | |
334 | .enter = omap2_pm_enter, | |
335 | .finish = omap2_pm_finish, | |
336 | diff -urNp linux-2.6.33.1/arch/arm/mach-omap2/pm34xx.c linux-2.6.33.1/arch/arm/mach-omap2/pm34xx.c | |
337 | --- linux-2.6.33.1/arch/arm/mach-omap2/pm34xx.c 2010-03-15 12:09:39.000000000 -0400 | |
338 | +++ linux-2.6.33.1/arch/arm/mach-omap2/pm34xx.c 2010-03-20 16:58:38.484767476 -0400 | |
339 | @@ -650,7 +650,7 @@ static void omap3_pm_end(void) | |
340 | return; | |
341 | } | |
342 | ||
343 | -static struct platform_suspend_ops omap_pm_ops = { | |
344 | +static const struct platform_suspend_ops omap_pm_ops = { | |
345 | .begin = omap3_pm_begin, | |
346 | .end = omap3_pm_end, | |
347 | .prepare = omap3_pm_prepare, | |
348 | diff -urNp linux-2.6.33.1/arch/arm/mach-pnx4008/pm.c linux-2.6.33.1/arch/arm/mach-pnx4008/pm.c | |
349 | --- linux-2.6.33.1/arch/arm/mach-pnx4008/pm.c 2010-03-15 12:09:39.000000000 -0400 | |
350 | +++ linux-2.6.33.1/arch/arm/mach-pnx4008/pm.c 2010-03-20 16:58:38.488749331 -0400 | |
351 | @@ -116,7 +116,7 @@ static int pnx4008_pm_valid(suspend_stat | |
352 | (state == PM_SUSPEND_MEM); | |
353 | } | |
354 | ||
355 | -static struct platform_suspend_ops pnx4008_pm_ops = { | |
356 | +static const struct platform_suspend_ops pnx4008_pm_ops = { | |
357 | .enter = pnx4008_pm_enter, | |
358 | .valid = pnx4008_pm_valid, | |
359 | }; | |
360 | diff -urNp linux-2.6.33.1/arch/arm/mach-pxa/pm.c linux-2.6.33.1/arch/arm/mach-pxa/pm.c | |
361 | --- linux-2.6.33.1/arch/arm/mach-pxa/pm.c 2010-03-15 12:09:39.000000000 -0400 | |
362 | +++ linux-2.6.33.1/arch/arm/mach-pxa/pm.c 2010-03-20 16:58:38.492744784 -0400 | |
363 | @@ -95,7 +95,7 @@ void pxa_pm_finish(void) | |
364 | pxa_cpu_pm_fns->finish(); | |
365 | } | |
366 | ||
367 | -static struct platform_suspend_ops pxa_pm_ops = { | |
368 | +static const struct platform_suspend_ops pxa_pm_ops = { | |
369 | .valid = pxa_pm_valid, | |
370 | .enter = pxa_pm_enter, | |
371 | .prepare = pxa_pm_prepare, | |
372 | diff -urNp linux-2.6.33.1/arch/arm/mach-pxa/sharpsl_pm.c linux-2.6.33.1/arch/arm/mach-pxa/sharpsl_pm.c | |
373 | --- linux-2.6.33.1/arch/arm/mach-pxa/sharpsl_pm.c 2010-03-15 12:09:39.000000000 -0400 | |
374 | +++ linux-2.6.33.1/arch/arm/mach-pxa/sharpsl_pm.c 2010-03-20 16:58:38.500761827 -0400 | |
375 | @@ -892,7 +892,7 @@ static void sharpsl_apm_get_power_status | |
376 | } | |
377 | ||
378 | #ifdef CONFIG_PM | |
379 | -static struct platform_suspend_ops sharpsl_pm_ops = { | |
380 | +static const struct platform_suspend_ops sharpsl_pm_ops = { | |
381 | .prepare = pxa_pm_prepare, | |
382 | .finish = pxa_pm_finish, | |
383 | .enter = corgi_pxa_pm_enter, | |
384 | diff -urNp linux-2.6.33.1/arch/arm/mach-sa1100/pm.c linux-2.6.33.1/arch/arm/mach-sa1100/pm.c | |
385 | --- linux-2.6.33.1/arch/arm/mach-sa1100/pm.c 2010-03-15 12:09:39.000000000 -0400 | |
386 | +++ linux-2.6.33.1/arch/arm/mach-sa1100/pm.c 2010-03-20 16:58:38.504745508 -0400 | |
387 | @@ -120,7 +120,7 @@ unsigned long sleep_phys_sp(void *sp) | |
388 | return virt_to_phys(sp); | |
389 | } | |
390 | ||
391 | -static struct platform_suspend_ops sa11x0_pm_ops = { | |
392 | +static const struct platform_suspend_ops sa11x0_pm_ops = { | |
393 | .enter = sa11x0_pm_enter, | |
394 | .valid = suspend_valid_only_mem, | |
395 | }; | |
396 | diff -urNp linux-2.6.33.1/arch/arm/mm/fault.c linux-2.6.33.1/arch/arm/mm/fault.c | |
397 | --- linux-2.6.33.1/arch/arm/mm/fault.c 2010-03-15 12:09:39.000000000 -0400 | |
398 | +++ linux-2.6.33.1/arch/arm/mm/fault.c 2010-03-20 16:58:38.512762145 -0400 | |
399 | @@ -166,6 +166,13 @@ __do_user_fault(struct task_struct *tsk, | |
400 | } | |
401 | #endif | |
402 | ||
403 | +#ifdef CONFIG_PAX_PAGEEXEC | |
404 | + if (fsr & FSR_LNX_PF) { | |
405 | + pax_report_fault(regs, (void *)regs->ARM_pc, (void *)regs->ARM_sp); | |
406 | + do_group_exit(SIGKILL); | |
407 | + } | |
408 | +#endif | |
409 | + | |
410 | tsk->thread.address = addr; | |
411 | tsk->thread.error_code = fsr; | |
412 | tsk->thread.trap_no = 14; | |
413 | @@ -357,6 +364,33 @@ do_page_fault(unsigned long addr, unsign | |
414 | } | |
415 | #endif /* CONFIG_MMU */ | |
416 | ||
417 | +#ifdef CONFIG_PAX_PAGEEXEC | |
418 | +void pax_report_insns(void *pc, void *sp) | |
419 | +{ | |
420 | + long i; | |
421 | + | |
422 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
423 | + for (i = 0; i < 20; i++) { | |
424 | + unsigned char c; | |
425 | + if (get_user(c, (__force unsigned char __user *)pc+i)) | |
426 | + printk(KERN_CONT "?? "); | |
427 | + else | |
428 | + printk(KERN_CONT "%02x ", c); | |
429 | + } | |
430 | + printk("\n"); | |
431 | + | |
432 | + printk(KERN_ERR "PAX: bytes at SP-4: "); | |
433 | + for (i = -1; i < 20; i++) { | |
434 | + unsigned long c; | |
435 | + if (get_user(c, (__force unsigned long __user *)sp+i)) | |
436 | + printk(KERN_CONT "???????? "); | |
437 | + else | |
438 | + printk(KERN_CONT "%08lx ", c); | |
439 | + } | |
440 | + printk("\n"); | |
441 | +} | |
442 | +#endif | |
443 | + | |
444 | /* | |
445 | * First Level Translation Fault Handler | |
446 | * | |
447 | diff -urNp linux-2.6.33.1/arch/arm/mm/mmap.c linux-2.6.33.1/arch/arm/mm/mmap.c | |
448 | --- linux-2.6.33.1/arch/arm/mm/mmap.c 2010-03-15 12:09:39.000000000 -0400 | |
449 | +++ linux-2.6.33.1/arch/arm/mm/mmap.c 2010-03-20 16:58:38.512762145 -0400 | |
450 | @@ -63,6 +63,10 @@ arch_get_unmapped_area(struct file *filp | |
58c5fc13 MT |
451 | if (len > TASK_SIZE) |
452 | return -ENOMEM; | |
453 | ||
454 | +#ifdef CONFIG_PAX_RANDMMAP | |
455 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP)) | |
456 | +#endif | |
457 | + | |
458 | if (addr) { | |
459 | if (do_align) | |
460 | addr = COLOUR_ALIGN(addr, pgoff); | |
ae4e228f | 461 | @@ -75,10 +79,10 @@ arch_get_unmapped_area(struct file *filp |
58c5fc13 MT |
462 | return addr; |
463 | } | |
464 | if (len > mm->cached_hole_size) { | |
465 | - start_addr = addr = mm->free_area_cache; | |
466 | + start_addr = addr = mm->free_area_cache; | |
467 | } else { | |
468 | - start_addr = addr = TASK_UNMAPPED_BASE; | |
469 | - mm->cached_hole_size = 0; | |
470 | + start_addr = addr = mm->mmap_base; | |
471 | + mm->cached_hole_size = 0; | |
472 | } | |
473 | ||
474 | full_search: | |
ae4e228f | 475 | @@ -94,8 +98,8 @@ full_search: |
58c5fc13 MT |
476 | * Start a new search - just in case we missed |
477 | * some holes. | |
478 | */ | |
479 | - if (start_addr != TASK_UNMAPPED_BASE) { | |
480 | - start_addr = addr = TASK_UNMAPPED_BASE; | |
481 | + if (start_addr != mm->mmap_base) { | |
482 | + start_addr = addr = mm->mmap_base; | |
483 | mm->cached_hole_size = 0; | |
484 | goto full_search; | |
485 | } | |
ae4e228f MT |
486 | diff -urNp linux-2.6.33.1/arch/arm/plat-s3c/pm.c linux-2.6.33.1/arch/arm/plat-s3c/pm.c |
487 | --- linux-2.6.33.1/arch/arm/plat-s3c/pm.c 2010-03-15 12:09:39.000000000 -0400 | |
488 | +++ linux-2.6.33.1/arch/arm/plat-s3c/pm.c 2010-03-20 16:58:38.533259132 -0400 | |
489 | @@ -355,7 +355,7 @@ static void s3c_pm_finish(void) | |
490 | s3c_pm_check_cleanup(); | |
491 | } | |
492 | ||
493 | -static struct platform_suspend_ops s3c_pm_ops = { | |
494 | +static const struct platform_suspend_ops s3c_pm_ops = { | |
495 | .enter = s3c_pm_enter, | |
496 | .prepare = s3c_pm_prepare, | |
497 | .finish = s3c_pm_finish, | |
498 | diff -urNp linux-2.6.33.1/arch/avr32/include/asm/elf.h linux-2.6.33.1/arch/avr32/include/asm/elf.h | |
499 | --- linux-2.6.33.1/arch/avr32/include/asm/elf.h 2010-03-15 12:09:39.000000000 -0400 | |
500 | +++ linux-2.6.33.1/arch/avr32/include/asm/elf.h 2010-03-20 16:58:38.533259132 -0400 | |
501 | @@ -84,8 +84,14 @@ typedef struct user_fpu_struct elf_fpreg | |
58c5fc13 MT |
502 | the loader. We need to make sure that it is out of the way of the program |
503 | that it will "exec", and that there is sufficient room for the brk. */ | |
504 | ||
505 | -#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3) | |
506 | +#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2) | |
507 | ||
508 | +#ifdef CONFIG_PAX_ASLR | |
509 | +#define PAX_ELF_ET_DYN_BASE 0x00001000UL | |
510 | + | |
511 | +#define PAX_DELTA_MMAP_LEN 15 | |
512 | +#define PAX_DELTA_STACK_LEN 15 | |
513 | +#endif | |
514 | ||
515 | /* This yields a mask that user programs can use to figure out what | |
516 | instruction set this CPU supports. This could be done in user space, | |
ae4e228f MT |
517 | diff -urNp linux-2.6.33.1/arch/avr32/include/asm/kmap_types.h linux-2.6.33.1/arch/avr32/include/asm/kmap_types.h |
518 | --- linux-2.6.33.1/arch/avr32/include/asm/kmap_types.h 2010-03-15 12:09:39.000000000 -0400 | |
519 | +++ linux-2.6.33.1/arch/avr32/include/asm/kmap_types.h 2010-03-20 16:58:38.533259132 -0400 | |
58c5fc13 MT |
520 | @@ -22,7 +22,8 @@ D(10) KM_IRQ0, |
521 | D(11) KM_IRQ1, | |
522 | D(12) KM_SOFTIRQ0, | |
523 | D(13) KM_SOFTIRQ1, | |
524 | -D(14) KM_TYPE_NR | |
525 | +D(14) KM_CLEARPAGE, | |
526 | +D(15) KM_TYPE_NR | |
527 | }; | |
528 | ||
529 | #undef D | |
ae4e228f MT |
530 | diff -urNp linux-2.6.33.1/arch/avr32/mach-at32ap/pm.c linux-2.6.33.1/arch/avr32/mach-at32ap/pm.c |
531 | --- linux-2.6.33.1/arch/avr32/mach-at32ap/pm.c 2010-03-15 12:09:39.000000000 -0400 | |
532 | +++ linux-2.6.33.1/arch/avr32/mach-at32ap/pm.c 2010-03-20 16:58:38.533259132 -0400 | |
533 | @@ -176,7 +176,7 @@ out: | |
534 | return 0; | |
535 | } | |
536 | ||
537 | -static struct platform_suspend_ops avr32_pm_ops = { | |
538 | +static const struct platform_suspend_ops avr32_pm_ops = { | |
539 | .valid = avr32_pm_valid_state, | |
540 | .enter = avr32_pm_enter, | |
541 | }; | |
542 | diff -urNp linux-2.6.33.1/arch/avr32/mm/fault.c linux-2.6.33.1/arch/avr32/mm/fault.c | |
543 | --- linux-2.6.33.1/arch/avr32/mm/fault.c 2010-03-15 12:09:39.000000000 -0400 | |
544 | +++ linux-2.6.33.1/arch/avr32/mm/fault.c 2010-03-20 16:58:38.533259132 -0400 | |
58c5fc13 MT |
545 | @@ -41,6 +41,23 @@ static inline int notify_page_fault(stru |
546 | ||
547 | int exception_trace = 1; | |
548 | ||
549 | +#ifdef CONFIG_PAX_PAGEEXEC | |
550 | +void pax_report_insns(void *pc, void *sp) | |
551 | +{ | |
552 | + unsigned long i; | |
553 | + | |
554 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
555 | + for (i = 0; i < 20; i++) { | |
556 | + unsigned char c; | |
557 | + if (get_user(c, (unsigned char *)pc+i)) | |
558 | + printk(KERN_CONT "???????? "); | |
559 | + else | |
560 | + printk(KERN_CONT "%02x ", c); | |
561 | + } | |
562 | + printk("\n"); | |
563 | +} | |
564 | +#endif | |
565 | + | |
566 | /* | |
567 | * This routine handles page faults. It determines the address and the | |
568 | * problem, and then passes it off to one of the appropriate routines. | |
569 | @@ -157,6 +174,16 @@ bad_area: | |
570 | up_read(&mm->mmap_sem); | |
571 | ||
572 | if (user_mode(regs)) { | |
573 | + | |
574 | +#ifdef CONFIG_PAX_PAGEEXEC | |
575 | + if (mm->pax_flags & MF_PAX_PAGEEXEC) { | |
576 | + if (ecr == ECR_PROTECTION_X || ecr == ECR_TLB_MISS_X) { | |
577 | + pax_report_fault(regs, (void *)regs->pc, (void *)regs->sp); | |
578 | + do_group_exit(SIGKILL); | |
579 | + } | |
580 | + } | |
581 | +#endif | |
582 | + | |
583 | if (exception_trace && printk_ratelimit()) | |
584 | printk("%s%s[%d]: segfault at %08lx pc %08lx " | |
585 | "sp %08lx ecr %lu\n", | |
ae4e228f MT |
586 | diff -urNp linux-2.6.33.1/arch/blackfin/kernel/kgdb.c linux-2.6.33.1/arch/blackfin/kernel/kgdb.c |
587 | --- linux-2.6.33.1/arch/blackfin/kernel/kgdb.c 2010-03-15 12:09:39.000000000 -0400 | |
588 | +++ linux-2.6.33.1/arch/blackfin/kernel/kgdb.c 2010-03-20 16:58:38.533259132 -0400 | |
589 | @@ -397,7 +397,7 @@ int kgdb_arch_handle_exception(int vecto | |
590 | return -1; /* this means that we do not want to exit from the handler */ | |
58c5fc13 MT |
591 | } |
592 | ||
ae4e228f MT |
593 | -struct kgdb_arch arch_kgdb_ops = { |
594 | +const struct kgdb_arch arch_kgdb_ops = { | |
595 | .gdb_bpt_instr = {0xa1}, | |
596 | #ifdef CONFIG_SMP | |
597 | .flags = KGDB_HW_BREAKPOINT|KGDB_THR_PROC_SWAP, | |
598 | diff -urNp linux-2.6.33.1/arch/blackfin/mach-common/pm.c linux-2.6.33.1/arch/blackfin/mach-common/pm.c | |
599 | --- linux-2.6.33.1/arch/blackfin/mach-common/pm.c 2010-03-15 12:09:39.000000000 -0400 | |
600 | +++ linux-2.6.33.1/arch/blackfin/mach-common/pm.c 2010-03-20 16:58:38.533259132 -0400 | |
601 | @@ -255,7 +255,7 @@ static int bfin_pm_enter(suspend_state_t | |
58c5fc13 MT |
602 | return 0; |
603 | } | |
604 | ||
ae4e228f MT |
605 | -struct platform_suspend_ops bfin_pm_ops = { |
606 | +const struct platform_suspend_ops bfin_pm_ops = { | |
607 | .enter = bfin_pm_enter, | |
608 | .valid = bfin_pm_valid, | |
609 | }; | |
610 | diff -urNp linux-2.6.33.1/arch/blackfin/mm/maccess.c linux-2.6.33.1/arch/blackfin/mm/maccess.c | |
611 | --- linux-2.6.33.1/arch/blackfin/mm/maccess.c 2010-03-15 12:09:39.000000000 -0400 | |
612 | +++ linux-2.6.33.1/arch/blackfin/mm/maccess.c 2010-03-20 16:58:38.536529376 -0400 | |
613 | @@ -16,7 +16,7 @@ static int validate_memory_access_addres | |
614 | return bfin_mem_access_type(addr, size); | |
58c5fc13 MT |
615 | } |
616 | ||
ae4e228f MT |
617 | -long probe_kernel_read(void *dst, void *src, size_t size) |
618 | +long probe_kernel_read(void *dst, const void *src, size_t size) | |
58c5fc13 | 619 | { |
ae4e228f MT |
620 | unsigned long lsrc = (unsigned long)src; |
621 | int mem_type; | |
622 | @@ -55,7 +55,7 @@ long probe_kernel_read(void *dst, void * | |
623 | return -EFAULT; | |
58c5fc13 MT |
624 | } |
625 | ||
ae4e228f MT |
626 | -long probe_kernel_write(void *dst, void *src, size_t size) |
627 | +long probe_kernel_write(void *dst, const void *src, size_t size) | |
58c5fc13 | 628 | { |
ae4e228f MT |
629 | unsigned long ldst = (unsigned long)dst; |
630 | int mem_type; | |
631 | diff -urNp linux-2.6.33.1/arch/frv/include/asm/kmap_types.h linux-2.6.33.1/arch/frv/include/asm/kmap_types.h | |
632 | --- linux-2.6.33.1/arch/frv/include/asm/kmap_types.h 2010-03-15 12:09:39.000000000 -0400 | |
633 | +++ linux-2.6.33.1/arch/frv/include/asm/kmap_types.h 2010-03-20 16:58:38.536529376 -0400 | |
58c5fc13 MT |
634 | @@ -23,6 +23,7 @@ enum km_type { |
635 | KM_IRQ1, | |
636 | KM_SOFTIRQ0, | |
637 | KM_SOFTIRQ1, | |
638 | + KM_CLEARPAGE, | |
639 | KM_TYPE_NR | |
640 | }; | |
641 | ||
ae4e228f MT |
642 | diff -urNp linux-2.6.33.1/arch/ia64/hp/common/hwsw_iommu.c linux-2.6.33.1/arch/ia64/hp/common/hwsw_iommu.c |
643 | --- linux-2.6.33.1/arch/ia64/hp/common/hwsw_iommu.c 2010-03-15 12:09:39.000000000 -0400 | |
644 | +++ linux-2.6.33.1/arch/ia64/hp/common/hwsw_iommu.c 2010-03-20 16:58:38.544753181 -0400 | |
645 | @@ -17,7 +17,7 @@ | |
646 | #include <linux/swiotlb.h> | |
647 | #include <asm/machvec.h> | |
58c5fc13 | 648 | |
ae4e228f MT |
649 | -extern struct dma_map_ops sba_dma_ops, swiotlb_dma_ops; |
650 | +extern const struct dma_map_ops sba_dma_ops, swiotlb_dma_ops; | |
58c5fc13 | 651 | |
ae4e228f MT |
652 | /* swiotlb declarations & definitions: */ |
653 | extern int swiotlb_late_init_with_default_size (size_t size); | |
654 | @@ -33,7 +33,7 @@ static inline int use_swiotlb(struct dev | |
655 | !sba_dma_ops.dma_supported(dev, *dev->dma_mask); | |
58c5fc13 MT |
656 | } |
657 | ||
ae4e228f MT |
658 | -struct dma_map_ops *hwsw_dma_get_ops(struct device *dev) |
659 | +const struct dma_map_ops *hwsw_dma_get_ops(struct device *dev) | |
660 | { | |
661 | if (use_swiotlb(dev)) | |
662 | return &swiotlb_dma_ops; | |
663 | diff -urNp linux-2.6.33.1/arch/ia64/hp/common/sba_iommu.c linux-2.6.33.1/arch/ia64/hp/common/sba_iommu.c | |
664 | --- linux-2.6.33.1/arch/ia64/hp/common/sba_iommu.c 2010-03-15 12:09:39.000000000 -0400 | |
665 | +++ linux-2.6.33.1/arch/ia64/hp/common/sba_iommu.c 2010-03-20 16:58:38.552757823 -0400 | |
666 | @@ -2097,7 +2097,7 @@ static struct acpi_driver acpi_sba_ioc_d | |
667 | }, | |
668 | }; | |
58c5fc13 | 669 | |
ae4e228f MT |
670 | -extern struct dma_map_ops swiotlb_dma_ops; |
671 | +extern const struct dma_map_ops swiotlb_dma_ops; | |
58c5fc13 | 672 | |
ae4e228f MT |
673 | static int __init |
674 | sba_init(void) | |
675 | @@ -2211,7 +2211,7 @@ sba_page_override(char *str) | |
58c5fc13 | 676 | |
ae4e228f | 677 | __setup("sbapagesize=",sba_page_override); |
58c5fc13 | 678 | |
ae4e228f MT |
679 | -struct dma_map_ops sba_dma_ops = { |
680 | +const struct dma_map_ops sba_dma_ops = { | |
681 | .alloc_coherent = sba_alloc_coherent, | |
682 | .free_coherent = sba_free_coherent, | |
683 | .map_page = sba_map_page, | |
684 | diff -urNp linux-2.6.33.1/arch/ia64/ia32/binfmt_elf32.c linux-2.6.33.1/arch/ia64/ia32/binfmt_elf32.c | |
685 | --- linux-2.6.33.1/arch/ia64/ia32/binfmt_elf32.c 2010-03-15 12:09:39.000000000 -0400 | |
686 | +++ linux-2.6.33.1/arch/ia64/ia32/binfmt_elf32.c 2010-03-20 16:58:38.556766787 -0400 | |
58c5fc13 MT |
687 | @@ -45,6 +45,13 @@ randomize_stack_top(unsigned long stack_ |
688 | ||
689 | #define elf_read_implies_exec(ex, have_pt_gnu_stack) (!(have_pt_gnu_stack)) | |
690 | ||
691 | +#ifdef CONFIG_PAX_ASLR | |
692 | +#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL) | |
693 | + | |
694 | +#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13) | |
695 | +#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13) | |
696 | +#endif | |
697 | + | |
698 | /* Ugly but avoids duplication */ | |
699 | #include "../../../fs/binfmt_elf.c" | |
700 | ||
ae4e228f MT |
701 | diff -urNp linux-2.6.33.1/arch/ia64/ia32/ia32priv.h linux-2.6.33.1/arch/ia64/ia32/ia32priv.h |
702 | --- linux-2.6.33.1/arch/ia64/ia32/ia32priv.h 2010-03-15 12:09:39.000000000 -0400 | |
703 | +++ linux-2.6.33.1/arch/ia64/ia32/ia32priv.h 2010-03-20 16:58:38.556766787 -0400 | |
58c5fc13 MT |
704 | @@ -296,7 +296,14 @@ typedef struct compat_siginfo { |
705 | #define ELF_DATA ELFDATA2LSB | |
706 | #define ELF_ARCH EM_386 | |
707 | ||
708 | -#define IA32_STACK_TOP IA32_PAGE_OFFSET | |
709 | +#ifdef CONFIG_PAX_RANDUSTACK | |
710 | +#define __IA32_DELTA_STACK (current->mm->delta_stack) | |
711 | +#else | |
712 | +#define __IA32_DELTA_STACK 0UL | |
713 | +#endif | |
714 | + | |
715 | +#define IA32_STACK_TOP (IA32_PAGE_OFFSET - __IA32_DELTA_STACK) | |
716 | + | |
717 | #define IA32_GATE_OFFSET IA32_PAGE_OFFSET | |
718 | #define IA32_GATE_END IA32_PAGE_OFFSET + PAGE_SIZE | |
719 | ||
ae4e228f MT |
720 | diff -urNp linux-2.6.33.1/arch/ia64/include/asm/dma-mapping.h linux-2.6.33.1/arch/ia64/include/asm/dma-mapping.h |
721 | --- linux-2.6.33.1/arch/ia64/include/asm/dma-mapping.h 2010-03-15 12:09:39.000000000 -0400 | |
722 | +++ linux-2.6.33.1/arch/ia64/include/asm/dma-mapping.h 2010-03-20 16:58:38.564763179 -0400 | |
723 | @@ -12,7 +12,7 @@ | |
58c5fc13 | 724 | |
ae4e228f MT |
725 | #define ARCH_HAS_DMA_GET_REQUIRED_MASK |
726 | ||
727 | -extern struct dma_map_ops *dma_ops; | |
728 | +extern const struct dma_map_ops *dma_ops; | |
729 | extern struct ia64_machine_vector ia64_mv; | |
730 | extern void set_iommu_machvec(void); | |
58c5fc13 | 731 | |
ae4e228f MT |
732 | @@ -24,7 +24,7 @@ extern void machvec_dma_sync_sg(struct d |
733 | static inline void *dma_alloc_coherent(struct device *dev, size_t size, | |
734 | dma_addr_t *daddr, gfp_t gfp) | |
735 | { | |
736 | - struct dma_map_ops *ops = platform_dma_get_ops(dev); | |
737 | + const struct dma_map_ops *ops = platform_dma_get_ops(dev); | |
738 | void *caddr; | |
739 | ||
740 | caddr = ops->alloc_coherent(dev, size, daddr, gfp); | |
741 | @@ -35,7 +35,7 @@ static inline void *dma_alloc_coherent(s | |
742 | static inline void dma_free_coherent(struct device *dev, size_t size, | |
743 | void *caddr, dma_addr_t daddr) | |
744 | { | |
745 | - struct dma_map_ops *ops = platform_dma_get_ops(dev); | |
746 | + const struct dma_map_ops *ops = platform_dma_get_ops(dev); | |
747 | debug_dma_free_coherent(dev, size, caddr, daddr); | |
748 | ops->free_coherent(dev, size, caddr, daddr); | |
749 | } | |
750 | @@ -49,13 +49,13 @@ static inline void dma_free_coherent(str | |
751 | ||
752 | static inline int dma_mapping_error(struct device *dev, dma_addr_t daddr) | |
753 | { | |
754 | - struct dma_map_ops *ops = platform_dma_get_ops(dev); | |
755 | + const struct dma_map_ops *ops = platform_dma_get_ops(dev); | |
756 | return ops->mapping_error(dev, daddr); | |
757 | } | |
758 | ||
759 | static inline int dma_supported(struct device *dev, u64 mask) | |
760 | { | |
761 | - struct dma_map_ops *ops = platform_dma_get_ops(dev); | |
762 | + const struct dma_map_ops *ops = platform_dma_get_ops(dev); | |
763 | return ops->dma_supported(dev, mask); | |
764 | } | |
765 | ||
766 | diff -urNp linux-2.6.33.1/arch/ia64/include/asm/elf.h linux-2.6.33.1/arch/ia64/include/asm/elf.h | |
767 | --- linux-2.6.33.1/arch/ia64/include/asm/elf.h 2010-03-15 12:09:39.000000000 -0400 | |
768 | +++ linux-2.6.33.1/arch/ia64/include/asm/elf.h 2010-03-20 16:58:38.564763179 -0400 | |
769 | @@ -42,6 +42,13 @@ | |
58c5fc13 MT |
770 | */ |
771 | #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x800000000UL) | |
772 | ||
773 | +#ifdef CONFIG_PAX_ASLR | |
774 | +#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL) | |
775 | + | |
776 | +#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13) | |
777 | +#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13) | |
778 | +#endif | |
779 | + | |
780 | #define PT_IA_64_UNWIND 0x70000001 | |
781 | ||
782 | /* IA-64 relocations: */ | |
ae4e228f MT |
783 | diff -urNp linux-2.6.33.1/arch/ia64/include/asm/machvec.h linux-2.6.33.1/arch/ia64/include/asm/machvec.h |
784 | --- linux-2.6.33.1/arch/ia64/include/asm/machvec.h 2010-03-15 12:09:39.000000000 -0400 | |
785 | +++ linux-2.6.33.1/arch/ia64/include/asm/machvec.h 2010-03-20 16:58:38.568641931 -0400 | |
786 | @@ -45,7 +45,7 @@ typedef void ia64_mv_kernel_launch_event | |
787 | /* DMA-mapping interface: */ | |
788 | typedef void ia64_mv_dma_init (void); | |
789 | typedef u64 ia64_mv_dma_get_required_mask (struct device *); | |
790 | -typedef struct dma_map_ops *ia64_mv_dma_get_ops(struct device *); | |
791 | +typedef const struct dma_map_ops *ia64_mv_dma_get_ops(struct device *); | |
792 | ||
793 | /* | |
794 | * WARNING: The legacy I/O space is _architected_. Platforms are | |
795 | @@ -251,7 +251,7 @@ extern void machvec_init_from_cmdline(co | |
796 | # endif /* CONFIG_IA64_GENERIC */ | |
797 | ||
798 | extern void swiotlb_dma_init(void); | |
799 | -extern struct dma_map_ops *dma_get_ops(struct device *); | |
800 | +extern const struct dma_map_ops *dma_get_ops(struct device *); | |
801 | ||
802 | /* | |
803 | * Define default versions so we can extend machvec for new platforms without having | |
804 | diff -urNp linux-2.6.33.1/arch/ia64/include/asm/pgtable.h linux-2.6.33.1/arch/ia64/include/asm/pgtable.h | |
805 | --- linux-2.6.33.1/arch/ia64/include/asm/pgtable.h 2010-03-15 12:09:39.000000000 -0400 | |
806 | +++ linux-2.6.33.1/arch/ia64/include/asm/pgtable.h 2010-03-20 16:58:38.568641931 -0400 | |
58c5fc13 MT |
807 | @@ -143,6 +143,17 @@ |
808 | #define PAGE_READONLY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R) | |
809 | #define PAGE_COPY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R) | |
810 | #define PAGE_COPY_EXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RX) | |
811 | + | |
812 | +#ifdef CONFIG_PAX_PAGEEXEC | |
813 | +# define PAGE_SHARED_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RW) | |
814 | +# define PAGE_READONLY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R) | |
815 | +# define PAGE_COPY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R) | |
816 | +#else | |
817 | +# define PAGE_SHARED_NOEXEC PAGE_SHARED | |
818 | +# define PAGE_READONLY_NOEXEC PAGE_READONLY | |
819 | +# define PAGE_COPY_NOEXEC PAGE_COPY | |
820 | +#endif | |
821 | + | |
822 | #define PAGE_GATE __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX) | |
823 | #define PAGE_KERNEL __pgprot(__DIRTY_BITS | _PAGE_PL_0 | _PAGE_AR_RWX) | |
824 | #define PAGE_KERNELRX __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX) | |
ae4e228f MT |
825 | diff -urNp linux-2.6.33.1/arch/ia64/include/asm/uaccess.h linux-2.6.33.1/arch/ia64/include/asm/uaccess.h |
826 | --- linux-2.6.33.1/arch/ia64/include/asm/uaccess.h 2010-03-15 12:09:39.000000000 -0400 | |
827 | +++ linux-2.6.33.1/arch/ia64/include/asm/uaccess.h 2010-03-20 16:58:38.568641931 -0400 | |
58c5fc13 MT |
828 | @@ -257,7 +257,7 @@ __copy_from_user (void *to, const void _ |
829 | const void *__cu_from = (from); \ | |
830 | long __cu_len = (n); \ | |
831 | \ | |
832 | - if (__access_ok(__cu_to, __cu_len, get_fs())) \ | |
ae4e228f | 833 | + if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_to, __cu_len, get_fs())) \ |
58c5fc13 MT |
834 | __cu_len = __copy_user(__cu_to, (__force void __user *) __cu_from, __cu_len); \ |
835 | __cu_len; \ | |
836 | }) | |
837 | @@ -269,7 +269,7 @@ __copy_from_user (void *to, const void _ | |
838 | long __cu_len = (n); \ | |
839 | \ | |
840 | __chk_user_ptr(__cu_from); \ | |
841 | - if (__access_ok(__cu_from, __cu_len, get_fs())) \ | |
ae4e228f | 842 | + if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_from, __cu_len, get_fs())) \ |
58c5fc13 MT |
843 | __cu_len = __copy_user((__force void __user *) __cu_to, __cu_from, __cu_len); \ |
844 | __cu_len; \ | |
845 | }) | |
ae4e228f MT |
846 | diff -urNp linux-2.6.33.1/arch/ia64/kernel/dma-mapping.c linux-2.6.33.1/arch/ia64/kernel/dma-mapping.c |
847 | --- linux-2.6.33.1/arch/ia64/kernel/dma-mapping.c 2010-03-15 12:09:39.000000000 -0400 | |
848 | +++ linux-2.6.33.1/arch/ia64/kernel/dma-mapping.c 2010-03-20 16:58:38.568641931 -0400 | |
849 | @@ -3,7 +3,7 @@ | |
850 | /* Set this to 1 if there is a HW IOMMU in the system */ | |
851 | int iommu_detected __read_mostly; | |
852 | ||
853 | -struct dma_map_ops *dma_ops; | |
854 | +const struct dma_map_ops *dma_ops; | |
855 | EXPORT_SYMBOL(dma_ops); | |
856 | ||
857 | #define PREALLOC_DMA_DEBUG_ENTRIES (1 << 16) | |
858 | @@ -16,7 +16,7 @@ static int __init dma_init(void) | |
859 | } | |
860 | fs_initcall(dma_init); | |
861 | ||
862 | -struct dma_map_ops *dma_get_ops(struct device *dev) | |
863 | +const struct dma_map_ops *dma_get_ops(struct device *dev) | |
864 | { | |
865 | return dma_ops; | |
866 | } | |
867 | diff -urNp linux-2.6.33.1/arch/ia64/kernel/module.c linux-2.6.33.1/arch/ia64/kernel/module.c | |
868 | --- linux-2.6.33.1/arch/ia64/kernel/module.c 2010-03-15 12:09:39.000000000 -0400 | |
869 | +++ linux-2.6.33.1/arch/ia64/kernel/module.c 2010-03-20 16:58:38.576761283 -0400 | |
58c5fc13 MT |
870 | @@ -315,8 +315,7 @@ module_alloc (unsigned long size) |
871 | void | |
872 | module_free (struct module *mod, void *module_region) | |
873 | { | |
874 | - if (mod && mod->arch.init_unw_table && | |
875 | - module_region == mod->module_init) { | |
876 | + if (mod && mod->arch.init_unw_table && module_region == mod->module_init_rx) { | |
877 | unw_remove_unwind_table(mod->arch.init_unw_table); | |
878 | mod->arch.init_unw_table = NULL; | |
879 | } | |
880 | @@ -502,15 +501,39 @@ module_frob_arch_sections (Elf_Ehdr *ehd | |
881 | } | |
882 | ||
883 | static inline int | |
884 | +in_init_rx (const struct module *mod, uint64_t addr) | |
885 | +{ | |
886 | + return addr - (uint64_t) mod->module_init_rx < mod->init_size_rx; | |
887 | +} | |
888 | + | |
889 | +static inline int | |
890 | +in_init_rw (const struct module *mod, uint64_t addr) | |
891 | +{ | |
892 | + return addr - (uint64_t) mod->module_init_rw < mod->init_size_rw; | |
893 | +} | |
894 | + | |
895 | +static inline int | |
896 | in_init (const struct module *mod, uint64_t addr) | |
897 | { | |
898 | - return addr - (uint64_t) mod->module_init < mod->init_size; | |
899 | + return in_init_rx(mod, addr) || in_init_rw(mod, addr); | |
900 | +} | |
901 | + | |
902 | +static inline int | |
903 | +in_core_rx (const struct module *mod, uint64_t addr) | |
904 | +{ | |
905 | + return addr - (uint64_t) mod->module_core_rx < mod->core_size_rx; | |
906 | +} | |
907 | + | |
908 | +static inline int | |
909 | +in_core_rw (const struct module *mod, uint64_t addr) | |
910 | +{ | |
911 | + return addr - (uint64_t) mod->module_core_rw < mod->core_size_rw; | |
912 | } | |
913 | ||
914 | static inline int | |
915 | in_core (const struct module *mod, uint64_t addr) | |
916 | { | |
917 | - return addr - (uint64_t) mod->module_core < mod->core_size; | |
918 | + return in_core_rx(mod, addr) || in_core_rw(mod, addr); | |
919 | } | |
920 | ||
921 | static inline int | |
922 | @@ -693,7 +716,14 @@ do_reloc (struct module *mod, uint8_t r_ | |
923 | break; | |
924 | ||
925 | case RV_BDREL: | |
926 | - val -= (uint64_t) (in_init(mod, val) ? mod->module_init : mod->module_core); | |
927 | + if (in_init_rx(mod, val)) | |
928 | + val -= (uint64_t) mod->module_init_rx; | |
929 | + else if (in_init_rw(mod, val)) | |
930 | + val -= (uint64_t) mod->module_init_rw; | |
931 | + else if (in_core_rx(mod, val)) | |
932 | + val -= (uint64_t) mod->module_core_rx; | |
933 | + else if (in_core_rw(mod, val)) | |
934 | + val -= (uint64_t) mod->module_core_rw; | |
935 | break; | |
936 | ||
937 | case RV_LTV: | |
938 | @@ -828,15 +858,15 @@ apply_relocate_add (Elf64_Shdr *sechdrs, | |
939 | * addresses have been selected... | |
940 | */ | |
941 | uint64_t gp; | |
942 | - if (mod->core_size > MAX_LTOFF) | |
943 | + if (mod->core_size_rx + mod->core_size_rw > MAX_LTOFF) | |
944 | /* | |
945 | * This takes advantage of fact that SHF_ARCH_SMALL gets allocated | |
946 | * at the end of the module. | |
947 | */ | |
948 | - gp = mod->core_size - MAX_LTOFF / 2; | |
949 | + gp = mod->core_size_rx + mod->core_size_rw - MAX_LTOFF / 2; | |
950 | else | |
951 | - gp = mod->core_size / 2; | |
952 | - gp = (uint64_t) mod->module_core + ((gp + 7) & -8); | |
953 | + gp = (mod->core_size_rx + mod->core_size_rw) / 2; | |
954 | + gp = (uint64_t) mod->module_core_rx + ((gp + 7) & -8); | |
955 | mod->arch.gp = gp; | |
956 | DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp); | |
957 | } | |
ae4e228f MT |
958 | diff -urNp linux-2.6.33.1/arch/ia64/kernel/pci-dma.c linux-2.6.33.1/arch/ia64/kernel/pci-dma.c |
959 | --- linux-2.6.33.1/arch/ia64/kernel/pci-dma.c 2010-03-15 12:09:39.000000000 -0400 | |
960 | +++ linux-2.6.33.1/arch/ia64/kernel/pci-dma.c 2010-03-20 16:58:38.576761283 -0400 | |
961 | @@ -43,7 +43,7 @@ struct device fallback_dev = { | |
962 | .dma_mask = &fallback_dev.coherent_dma_mask, | |
963 | }; | |
964 | ||
965 | -extern struct dma_map_ops intel_dma_ops; | |
966 | +extern const struct dma_map_ops intel_dma_ops; | |
967 | ||
968 | static int __init pci_iommu_init(void) | |
969 | { | |
970 | diff -urNp linux-2.6.33.1/arch/ia64/kernel/pci-swiotlb.c linux-2.6.33.1/arch/ia64/kernel/pci-swiotlb.c | |
971 | --- linux-2.6.33.1/arch/ia64/kernel/pci-swiotlb.c 2010-03-15 12:09:39.000000000 -0400 | |
972 | +++ linux-2.6.33.1/arch/ia64/kernel/pci-swiotlb.c 2010-03-20 16:58:38.576761283 -0400 | |
973 | @@ -21,7 +21,7 @@ static void *ia64_swiotlb_alloc_coherent | |
974 | return swiotlb_alloc_coherent(dev, size, dma_handle, gfp); | |
975 | } | |
976 | ||
977 | -struct dma_map_ops swiotlb_dma_ops = { | |
978 | +const struct dma_map_ops swiotlb_dma_ops = { | |
979 | .alloc_coherent = ia64_swiotlb_alloc_coherent, | |
980 | .free_coherent = swiotlb_free_coherent, | |
981 | .map_page = swiotlb_map_page, | |
982 | diff -urNp linux-2.6.33.1/arch/ia64/kernel/sys_ia64.c linux-2.6.33.1/arch/ia64/kernel/sys_ia64.c | |
983 | --- linux-2.6.33.1/arch/ia64/kernel/sys_ia64.c 2010-03-15 12:09:39.000000000 -0400 | |
984 | +++ linux-2.6.33.1/arch/ia64/kernel/sys_ia64.c 2010-03-20 16:58:38.584549337 -0400 | |
58c5fc13 MT |
985 | @@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil |
986 | if (REGION_NUMBER(addr) == RGN_HPAGE) | |
987 | addr = 0; | |
988 | #endif | |
989 | + | |
990 | +#ifdef CONFIG_PAX_RANDMMAP | |
991 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
992 | + addr = mm->free_area_cache; | |
993 | + else | |
994 | +#endif | |
995 | + | |
996 | if (!addr) | |
997 | addr = mm->free_area_cache; | |
998 | ||
999 | @@ -61,9 +68,9 @@ arch_get_unmapped_area (struct file *fil | |
1000 | for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { | |
1001 | /* At this point: (!vma || addr < vma->vm_end). */ | |
1002 | if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) { | |
1003 | - if (start_addr != TASK_UNMAPPED_BASE) { | |
1004 | + if (start_addr != mm->mmap_base) { | |
1005 | /* Start a new search --- just in case we missed some holes. */ | |
1006 | - addr = TASK_UNMAPPED_BASE; | |
1007 | + addr = mm->mmap_base; | |
1008 | goto full_search; | |
1009 | } | |
1010 | return -ENOMEM; | |
ae4e228f MT |
1011 | diff -urNp linux-2.6.33.1/arch/ia64/kernel/topology.c linux-2.6.33.1/arch/ia64/kernel/topology.c |
1012 | --- linux-2.6.33.1/arch/ia64/kernel/topology.c 2010-03-15 12:09:39.000000000 -0400 | |
1013 | +++ linux-2.6.33.1/arch/ia64/kernel/topology.c 2010-03-20 16:58:38.584549337 -0400 | |
1014 | @@ -282,7 +282,7 @@ static ssize_t cache_show(struct kobject | |
1015 | return ret; | |
1016 | } | |
1017 | ||
1018 | -static struct sysfs_ops cache_sysfs_ops = { | |
1019 | +static const struct sysfs_ops cache_sysfs_ops = { | |
1020 | .show = cache_show | |
1021 | }; | |
1022 | ||
1023 | diff -urNp linux-2.6.33.1/arch/ia64/kernel/vmlinux.lds.S linux-2.6.33.1/arch/ia64/kernel/vmlinux.lds.S | |
1024 | --- linux-2.6.33.1/arch/ia64/kernel/vmlinux.lds.S 2010-03-15 12:09:39.000000000 -0400 | |
1025 | +++ linux-2.6.33.1/arch/ia64/kernel/vmlinux.lds.S 2010-03-20 16:58:38.584549337 -0400 | |
1026 | @@ -196,7 +196,7 @@ SECTIONS | |
1027 | /* Per-cpu data: */ | |
1028 | . = ALIGN(PERCPU_PAGE_SIZE); | |
1029 | PERCPU_VADDR(PERCPU_ADDR, :percpu) | |
1030 | - __phys_per_cpu_start = __per_cpu_load; | |
1031 | + __phys_per_cpu_start = per_cpu_load; | |
1032 | . = __phys_per_cpu_start + PERCPU_PAGE_SIZE; /* ensure percpu data fits | |
1033 | * into percpu page size | |
1034 | */ | |
1035 | diff -urNp linux-2.6.33.1/arch/ia64/mm/fault.c linux-2.6.33.1/arch/ia64/mm/fault.c | |
1036 | --- linux-2.6.33.1/arch/ia64/mm/fault.c 2010-03-15 12:09:39.000000000 -0400 | |
1037 | +++ linux-2.6.33.1/arch/ia64/mm/fault.c 2010-03-20 16:58:38.584549337 -0400 | |
58c5fc13 MT |
1038 | @@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned |
1039 | return pte_present(pte); | |
1040 | } | |
1041 | ||
1042 | +#ifdef CONFIG_PAX_PAGEEXEC | |
1043 | +void pax_report_insns(void *pc, void *sp) | |
1044 | +{ | |
1045 | + unsigned long i; | |
1046 | + | |
1047 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
1048 | + for (i = 0; i < 8; i++) { | |
1049 | + unsigned int c; | |
1050 | + if (get_user(c, (unsigned int *)pc+i)) | |
1051 | + printk(KERN_CONT "???????? "); | |
1052 | + else | |
1053 | + printk(KERN_CONT "%08x ", c); | |
1054 | + } | |
1055 | + printk("\n"); | |
1056 | +} | |
1057 | +#endif | |
1058 | + | |
1059 | void __kprobes | |
1060 | ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *regs) | |
1061 | { | |
1062 | @@ -145,9 +162,23 @@ ia64_do_page_fault (unsigned long addres | |
1063 | mask = ( (((isr >> IA64_ISR_X_BIT) & 1UL) << VM_EXEC_BIT) | |
1064 | | (((isr >> IA64_ISR_W_BIT) & 1UL) << VM_WRITE_BIT)); | |
1065 | ||
1066 | - if ((vma->vm_flags & mask) != mask) | |
1067 | + if ((vma->vm_flags & mask) != mask) { | |
1068 | + | |
1069 | +#ifdef CONFIG_PAX_PAGEEXEC | |
1070 | + if (!(vma->vm_flags & VM_EXEC) && (mask & VM_EXEC)) { | |
1071 | + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->cr_iip) | |
1072 | + goto bad_area; | |
1073 | + | |
1074 | + up_read(&mm->mmap_sem); | |
1075 | + pax_report_fault(regs, (void *)regs->cr_iip, (void *)regs->r12); | |
1076 | + do_group_exit(SIGKILL); | |
1077 | + } | |
1078 | +#endif | |
1079 | + | |
1080 | goto bad_area; | |
1081 | ||
1082 | + } | |
1083 | + | |
1084 | survive: | |
1085 | /* | |
1086 | * If for any reason at all we couldn't handle the fault, make | |
ae4e228f MT |
1087 | diff -urNp linux-2.6.33.1/arch/ia64/mm/init.c linux-2.6.33.1/arch/ia64/mm/init.c |
1088 | --- linux-2.6.33.1/arch/ia64/mm/init.c 2010-03-15 12:09:39.000000000 -0400 | |
1089 | +++ linux-2.6.33.1/arch/ia64/mm/init.c 2010-03-20 16:58:38.584549337 -0400 | |
58c5fc13 MT |
1090 | @@ -122,6 +122,19 @@ ia64_init_addr_space (void) |
1091 | vma->vm_start = current->thread.rbs_bot & PAGE_MASK; | |
1092 | vma->vm_end = vma->vm_start + PAGE_SIZE; | |
1093 | vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT; | |
1094 | + | |
1095 | +#ifdef CONFIG_PAX_PAGEEXEC | |
1096 | + if (current->mm->pax_flags & MF_PAX_PAGEEXEC) { | |
1097 | + vma->vm_flags &= ~VM_EXEC; | |
1098 | + | |
1099 | +#ifdef CONFIG_PAX_MPROTECT | |
1100 | + if (current->mm->pax_flags & MF_PAX_MPROTECT) | |
1101 | + vma->vm_flags &= ~VM_MAYEXEC; | |
1102 | +#endif | |
1103 | + | |
1104 | + } | |
1105 | +#endif | |
1106 | + | |
1107 | vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); | |
1108 | down_write(¤t->mm->mmap_sem); | |
1109 | if (insert_vm_struct(current->mm, vma)) { | |
ae4e228f MT |
1110 | diff -urNp linux-2.6.33.1/arch/ia64/sn/pci/pci_dma.c linux-2.6.33.1/arch/ia64/sn/pci/pci_dma.c |
1111 | --- linux-2.6.33.1/arch/ia64/sn/pci/pci_dma.c 2010-03-15 12:09:39.000000000 -0400 | |
1112 | +++ linux-2.6.33.1/arch/ia64/sn/pci/pci_dma.c 2010-03-20 16:58:38.584549337 -0400 | |
1113 | @@ -464,7 +464,7 @@ int sn_pci_legacy_write(struct pci_bus * | |
1114 | return ret; | |
58c5fc13 MT |
1115 | } |
1116 | ||
ae4e228f MT |
1117 | -static struct dma_map_ops sn_dma_ops = { |
1118 | +static const struct dma_map_ops sn_dma_ops = { | |
1119 | .alloc_coherent = sn_dma_alloc_coherent, | |
1120 | .free_coherent = sn_dma_free_coherent, | |
1121 | .map_page = sn_dma_map_page, | |
1122 | diff -urNp linux-2.6.33.1/arch/m32r/lib/usercopy.c linux-2.6.33.1/arch/m32r/lib/usercopy.c | |
1123 | --- linux-2.6.33.1/arch/m32r/lib/usercopy.c 2010-03-15 12:09:39.000000000 -0400 | |
1124 | +++ linux-2.6.33.1/arch/m32r/lib/usercopy.c 2010-03-20 16:58:38.584549337 -0400 | |
58c5fc13 MT |
1125 | @@ -14,6 +14,9 @@ |
1126 | unsigned long | |
1127 | __generic_copy_to_user(void __user *to, const void *from, unsigned long n) | |
1128 | { | |
1129 | + if ((long)n < 0) | |
1130 | + return n; | |
1131 | + | |
1132 | prefetch(from); | |
1133 | if (access_ok(VERIFY_WRITE, to, n)) | |
1134 | __copy_user(to,from,n); | |
1135 | @@ -23,6 +26,9 @@ __generic_copy_to_user(void __user *to, | |
1136 | unsigned long | |
1137 | __generic_copy_from_user(void *to, const void __user *from, unsigned long n) | |
1138 | { | |
1139 | + if ((long)n < 0) | |
1140 | + return n; | |
1141 | + | |
1142 | prefetchw(to); | |
1143 | if (access_ok(VERIFY_READ, from, n)) | |
1144 | __copy_user_zeroing(to,from,n); | |
ae4e228f MT |
1145 | diff -urNp linux-2.6.33.1/arch/mips/alchemy/devboards/pm.c linux-2.6.33.1/arch/mips/alchemy/devboards/pm.c |
1146 | --- linux-2.6.33.1/arch/mips/alchemy/devboards/pm.c 2010-03-15 12:09:39.000000000 -0400 | |
1147 | +++ linux-2.6.33.1/arch/mips/alchemy/devboards/pm.c 2010-03-20 16:58:38.588679980 -0400 | |
1148 | @@ -78,7 +78,7 @@ static void db1x_pm_end(void) | |
1149 | ||
1150 | } | |
1151 | ||
1152 | -static struct platform_suspend_ops db1x_pm_ops = { | |
1153 | +static const struct platform_suspend_ops db1x_pm_ops = { | |
1154 | .valid = suspend_valid_only_mem, | |
1155 | .begin = db1x_pm_begin, | |
1156 | .enter = db1x_pm_enter, | |
1157 | diff -urNp linux-2.6.33.1/arch/mips/include/asm/elf.h linux-2.6.33.1/arch/mips/include/asm/elf.h | |
1158 | --- linux-2.6.33.1/arch/mips/include/asm/elf.h 2010-03-15 12:09:39.000000000 -0400 | |
1159 | +++ linux-2.6.33.1/arch/mips/include/asm/elf.h 2010-03-20 16:58:38.588679980 -0400 | |
1160 | @@ -367,4 +367,11 @@ extern int dump_task_fpu(struct task_str | |
58c5fc13 MT |
1161 | #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2) |
1162 | #endif | |
1163 | ||
1164 | +#ifdef CONFIG_PAX_ASLR | |
1165 | +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL) | |
1166 | + | |
1167 | +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
1168 | +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
1169 | +#endif | |
1170 | + | |
1171 | #endif /* _ASM_ELF_H */ | |
ae4e228f MT |
1172 | diff -urNp linux-2.6.33.1/arch/mips/include/asm/page.h linux-2.6.33.1/arch/mips/include/asm/page.h |
1173 | --- linux-2.6.33.1/arch/mips/include/asm/page.h 2010-03-15 12:09:39.000000000 -0400 | |
1174 | +++ linux-2.6.33.1/arch/mips/include/asm/page.h 2010-03-20 16:58:38.592758361 -0400 | |
1175 | @@ -93,7 +93,7 @@ extern void copy_user_highpage(struct pa | |
58c5fc13 MT |
1176 | #ifdef CONFIG_CPU_MIPS32 |
1177 | typedef struct { unsigned long pte_low, pte_high; } pte_t; | |
1178 | #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32)) | |
1179 | - #define __pte(x) ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; }) | |
1180 | + #define __pte(x) ({ pte_t __pte = {(x), (x) >> 32}; __pte; }) | |
1181 | #else | |
1182 | typedef struct { unsigned long long pte; } pte_t; | |
1183 | #define pte_val(x) ((x).pte) | |
ae4e228f MT |
1184 | diff -urNp linux-2.6.33.1/arch/mips/include/asm/system.h linux-2.6.33.1/arch/mips/include/asm/system.h |
1185 | --- linux-2.6.33.1/arch/mips/include/asm/system.h 2010-03-15 12:09:39.000000000 -0400 | |
1186 | +++ linux-2.6.33.1/arch/mips/include/asm/system.h 2010-03-20 16:58:38.592758361 -0400 | |
1187 | @@ -230,6 +230,6 @@ extern void per_cpu_trap_init(void); | |
58c5fc13 MT |
1188 | */ |
1189 | #define __ARCH_WANT_UNLOCKED_CTXSW | |
1190 | ||
1191 | -extern unsigned long arch_align_stack(unsigned long sp); | |
1192 | +#define arch_align_stack(x) ((x) & ALMASK) | |
1193 | ||
1194 | #endif /* _ASM_SYSTEM_H */ | |
ae4e228f MT |
1195 | diff -urNp linux-2.6.33.1/arch/mips/kernel/binfmt_elfn32.c linux-2.6.33.1/arch/mips/kernel/binfmt_elfn32.c |
1196 | --- linux-2.6.33.1/arch/mips/kernel/binfmt_elfn32.c 2010-03-15 12:09:39.000000000 -0400 | |
1197 | +++ linux-2.6.33.1/arch/mips/kernel/binfmt_elfn32.c 2010-03-20 16:58:38.592758361 -0400 | |
58c5fc13 MT |
1198 | @@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N |
1199 | #undef ELF_ET_DYN_BASE | |
1200 | #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2) | |
1201 | ||
1202 | +#ifdef CONFIG_PAX_ASLR | |
1203 | +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL) | |
1204 | + | |
1205 | +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
1206 | +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
1207 | +#endif | |
1208 | + | |
1209 | #include <asm/processor.h> | |
1210 | #include <linux/module.h> | |
1211 | #include <linux/elfcore.h> | |
ae4e228f MT |
1212 | diff -urNp linux-2.6.33.1/arch/mips/kernel/binfmt_elfo32.c linux-2.6.33.1/arch/mips/kernel/binfmt_elfo32.c |
1213 | --- linux-2.6.33.1/arch/mips/kernel/binfmt_elfo32.c 2010-03-15 12:09:39.000000000 -0400 | |
1214 | +++ linux-2.6.33.1/arch/mips/kernel/binfmt_elfo32.c 2010-03-20 16:58:38.592758361 -0400 | |
58c5fc13 MT |
1215 | @@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N |
1216 | #undef ELF_ET_DYN_BASE | |
1217 | #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2) | |
1218 | ||
1219 | +#ifdef CONFIG_PAX_ASLR | |
1220 | +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL) | |
1221 | + | |
1222 | +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
1223 | +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
1224 | +#endif | |
1225 | + | |
1226 | #include <asm/processor.h> | |
1227 | ||
1228 | /* | |
ae4e228f MT |
1229 | diff -urNp linux-2.6.33.1/arch/mips/kernel/kgdb.c linux-2.6.33.1/arch/mips/kernel/kgdb.c |
1230 | --- linux-2.6.33.1/arch/mips/kernel/kgdb.c 2010-03-15 12:09:39.000000000 -0400 | |
1231 | +++ linux-2.6.33.1/arch/mips/kernel/kgdb.c 2010-03-20 16:58:38.592758361 -0400 | |
1232 | @@ -245,6 +245,7 @@ int kgdb_arch_handle_exception(int vecto | |
1233 | return -1; | |
1234 | } | |
1235 | ||
1236 | +/* cannot be const */ | |
1237 | struct kgdb_arch arch_kgdb_ops; | |
1238 | ||
1239 | /* | |
1240 | diff -urNp linux-2.6.33.1/arch/mips/kernel/process.c linux-2.6.33.1/arch/mips/kernel/process.c | |
1241 | --- linux-2.6.33.1/arch/mips/kernel/process.c 2010-03-15 12:09:39.000000000 -0400 | |
1242 | +++ linux-2.6.33.1/arch/mips/kernel/process.c 2010-03-20 16:58:38.592758361 -0400 | |
58c5fc13 MT |
1243 | @@ -470,15 +470,3 @@ unsigned long get_wchan(struct task_stru |
1244 | out: | |
1245 | return pc; | |
1246 | } | |
1247 | - | |
1248 | -/* | |
1249 | - * Don't forget that the stack pointer must be aligned on a 8 bytes | |
1250 | - * boundary for 32-bits ABI and 16 bytes for 64-bits ABI. | |
1251 | - */ | |
1252 | -unsigned long arch_align_stack(unsigned long sp) | |
1253 | -{ | |
1254 | - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space) | |
1255 | - sp -= get_random_int() & ~PAGE_MASK; | |
1256 | - | |
1257 | - return sp & ALMASK; | |
1258 | -} | |
ae4e228f MT |
1259 | diff -urNp linux-2.6.33.1/arch/mips/kernel/syscall.c linux-2.6.33.1/arch/mips/kernel/syscall.c |
1260 | --- linux-2.6.33.1/arch/mips/kernel/syscall.c 2010-03-15 12:09:39.000000000 -0400 | |
1261 | +++ linux-2.6.33.1/arch/mips/kernel/syscall.c 2010-03-20 16:58:38.592758361 -0400 | |
1262 | @@ -102,6 +102,11 @@ unsigned long arch_get_unmapped_area(str | |
58c5fc13 MT |
1263 | do_color_align = 0; |
1264 | if (filp || (flags & MAP_SHARED)) | |
1265 | do_color_align = 1; | |
1266 | + | |
1267 | +#ifdef CONFIG_PAX_RANDMMAP | |
1268 | + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP)) | |
1269 | +#endif | |
1270 | + | |
1271 | if (addr) { | |
1272 | if (do_color_align) | |
1273 | addr = COLOUR_ALIGN(addr, pgoff); | |
ae4e228f | 1274 | @@ -112,7 +117,7 @@ unsigned long arch_get_unmapped_area(str |
58c5fc13 MT |
1275 | (!vmm || addr + len <= vmm->vm_start)) |
1276 | return addr; | |
1277 | } | |
1278 | - addr = TASK_UNMAPPED_BASE; | |
1279 | + addr = current->mm->mmap_base; | |
1280 | if (do_color_align) | |
1281 | addr = COLOUR_ALIGN(addr, pgoff); | |
1282 | else | |
ae4e228f MT |
1283 | diff -urNp linux-2.6.33.1/arch/mips/loongson/common/pm.c linux-2.6.33.1/arch/mips/loongson/common/pm.c |
1284 | --- linux-2.6.33.1/arch/mips/loongson/common/pm.c 2010-03-15 12:09:39.000000000 -0400 | |
1285 | +++ linux-2.6.33.1/arch/mips/loongson/common/pm.c 2010-03-20 16:58:38.608773091 -0400 | |
1286 | @@ -147,7 +147,7 @@ static int loongson_pm_valid_state(suspe | |
1287 | } | |
1288 | } | |
1289 | ||
1290 | -static struct platform_suspend_ops loongson_pm_ops = { | |
1291 | +static const struct platform_suspend_ops loongson_pm_ops = { | |
1292 | .valid = loongson_pm_valid_state, | |
1293 | .enter = loongson_pm_enter, | |
1294 | }; | |
1295 | diff -urNp linux-2.6.33.1/arch/mips/mm/fault.c linux-2.6.33.1/arch/mips/mm/fault.c | |
1296 | --- linux-2.6.33.1/arch/mips/mm/fault.c 2010-03-15 12:09:39.000000000 -0400 | |
1297 | +++ linux-2.6.33.1/arch/mips/mm/fault.c 2010-03-20 16:58:38.612819864 -0400 | |
58c5fc13 MT |
1298 | @@ -26,6 +26,23 @@ |
1299 | #include <asm/ptrace.h> | |
1300 | #include <asm/highmem.h> /* For VMALLOC_END */ | |
1301 | ||
1302 | +#ifdef CONFIG_PAX_PAGEEXEC | |
1303 | +void pax_report_insns(void *pc) | |
1304 | +{ | |
1305 | + unsigned long i; | |
1306 | + | |
1307 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
1308 | + for (i = 0; i < 5; i++) { | |
1309 | + unsigned int c; | |
1310 | + if (get_user(c, (unsigned int *)pc+i)) | |
1311 | + printk(KERN_CONT "???????? "); | |
1312 | + else | |
1313 | + printk(KERN_CONT "%08x ", c); | |
1314 | + } | |
1315 | + printk("\n"); | |
1316 | +} | |
1317 | +#endif | |
1318 | + | |
1319 | /* | |
1320 | * This routine handles page faults. It determines the address, | |
1321 | * and the problem, and then passes it off to one of the appropriate | |
ae4e228f MT |
1322 | diff -urNp linux-2.6.33.1/arch/parisc/include/asm/elf.h linux-2.6.33.1/arch/parisc/include/asm/elf.h |
1323 | --- linux-2.6.33.1/arch/parisc/include/asm/elf.h 2010-03-15 12:09:39.000000000 -0400 | |
1324 | +++ linux-2.6.33.1/arch/parisc/include/asm/elf.h 2010-03-20 16:58:38.624763350 -0400 | |
1325 | @@ -342,6 +342,13 @@ struct pt_regs; /* forward declaration.. | |
58c5fc13 MT |
1326 | |
1327 | #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x01000000) | |
1328 | ||
1329 | +#ifdef CONFIG_PAX_ASLR | |
1330 | +#define PAX_ELF_ET_DYN_BASE 0x10000UL | |
1331 | + | |
1332 | +#define PAX_DELTA_MMAP_LEN 16 | |
1333 | +#define PAX_DELTA_STACK_LEN 16 | |
1334 | +#endif | |
1335 | + | |
1336 | /* This yields a mask that user programs can use to figure out what | |
1337 | instruction set this CPU supports. This could be done in user space, | |
1338 | but it's not easy, and we've already done it here. */ | |
ae4e228f MT |
1339 | diff -urNp linux-2.6.33.1/arch/parisc/include/asm/pgtable.h linux-2.6.33.1/arch/parisc/include/asm/pgtable.h |
1340 | --- linux-2.6.33.1/arch/parisc/include/asm/pgtable.h 2010-03-15 12:09:39.000000000 -0400 | |
1341 | +++ linux-2.6.33.1/arch/parisc/include/asm/pgtable.h 2010-03-20 16:58:38.628643492 -0400 | |
58c5fc13 MT |
1342 | @@ -207,6 +207,17 @@ |
1343 | #define PAGE_EXECREAD __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_EXEC |_PAGE_ACCESSED) | |
1344 | #define PAGE_COPY PAGE_EXECREAD | |
1345 | #define PAGE_RWX __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_EXEC |_PAGE_ACCESSED) | |
1346 | + | |
1347 | +#ifdef CONFIG_PAX_PAGEEXEC | |
1348 | +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_ACCESSED) | |
1349 | +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED) | |
1350 | +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED) | |
1351 | +#else | |
1352 | +# define PAGE_SHARED_NOEXEC PAGE_SHARED | |
1353 | +# define PAGE_COPY_NOEXEC PAGE_COPY | |
1354 | +# define PAGE_READONLY_NOEXEC PAGE_READONLY | |
1355 | +#endif | |
1356 | + | |
1357 | #define PAGE_KERNEL __pgprot(_PAGE_KERNEL) | |
1358 | #define PAGE_KERNEL_RO __pgprot(_PAGE_KERNEL & ~_PAGE_WRITE) | |
1359 | #define PAGE_KERNEL_UNC __pgprot(_PAGE_KERNEL | _PAGE_NO_CACHE) | |
ae4e228f MT |
1360 | diff -urNp linux-2.6.33.1/arch/parisc/kernel/module.c linux-2.6.33.1/arch/parisc/kernel/module.c |
1361 | --- linux-2.6.33.1/arch/parisc/kernel/module.c 2010-03-15 12:09:39.000000000 -0400 | |
1362 | +++ linux-2.6.33.1/arch/parisc/kernel/module.c 2010-03-20 16:58:38.636778509 -0400 | |
58c5fc13 MT |
1363 | @@ -95,16 +95,38 @@ |
1364 | ||
1365 | /* three functions to determine where in the module core | |
1366 | * or init pieces the location is */ | |
1367 | +static inline int in_init_rx(struct module *me, void *loc) | |
1368 | +{ | |
1369 | + return (loc >= me->module_init_rx && | |
1370 | + loc < (me->module_init_rx + me->init_size_rx)); | |
1371 | +} | |
1372 | + | |
1373 | +static inline int in_init_rw(struct module *me, void *loc) | |
1374 | +{ | |
1375 | + return (loc >= me->module_init_rw && | |
1376 | + loc < (me->module_init_rw + me->init_size_rw)); | |
1377 | +} | |
1378 | + | |
1379 | static inline int in_init(struct module *me, void *loc) | |
1380 | { | |
1381 | - return (loc >= me->module_init && | |
1382 | - loc <= (me->module_init + me->init_size)); | |
1383 | + return in_init_rx(me, loc) || in_init_rw(me, loc); | |
1384 | +} | |
1385 | + | |
1386 | +static inline int in_core_rx(struct module *me, void *loc) | |
1387 | +{ | |
1388 | + return (loc >= me->module_core_rx && | |
1389 | + loc < (me->module_core_rx + me->core_size_rx)); | |
1390 | +} | |
1391 | + | |
1392 | +static inline int in_core_rw(struct module *me, void *loc) | |
1393 | +{ | |
1394 | + return (loc >= me->module_core_rw && | |
1395 | + loc < (me->module_core_rw + me->core_size_rw)); | |
1396 | } | |
1397 | ||
1398 | static inline int in_core(struct module *me, void *loc) | |
1399 | { | |
1400 | - return (loc >= me->module_core && | |
1401 | - loc <= (me->module_core + me->core_size)); | |
1402 | + return in_core_rx(me, loc) || in_core_rw(me, loc); | |
1403 | } | |
1404 | ||
1405 | static inline int in_local(struct module *me, void *loc) | |
1406 | @@ -364,13 +386,13 @@ int module_frob_arch_sections(CONST Elf_ | |
1407 | } | |
1408 | ||
1409 | /* align things a bit */ | |
1410 | - me->core_size = ALIGN(me->core_size, 16); | |
1411 | - me->arch.got_offset = me->core_size; | |
1412 | - me->core_size += gots * sizeof(struct got_entry); | |
1413 | - | |
1414 | - me->core_size = ALIGN(me->core_size, 16); | |
1415 | - me->arch.fdesc_offset = me->core_size; | |
1416 | - me->core_size += fdescs * sizeof(Elf_Fdesc); | |
1417 | + me->core_size_rw = ALIGN(me->core_size_rw, 16); | |
1418 | + me->arch.got_offset = me->core_size_rw; | |
1419 | + me->core_size_rw += gots * sizeof(struct got_entry); | |
1420 | + | |
1421 | + me->core_size_rw = ALIGN(me->core_size_rw, 16); | |
1422 | + me->arch.fdesc_offset = me->core_size_rw; | |
1423 | + me->core_size_rw += fdescs * sizeof(Elf_Fdesc); | |
1424 | ||
1425 | me->arch.got_max = gots; | |
1426 | me->arch.fdesc_max = fdescs; | |
1427 | @@ -388,7 +410,7 @@ static Elf64_Word get_got(struct module | |
1428 | ||
1429 | BUG_ON(value == 0); | |
1430 | ||
1431 | - got = me->module_core + me->arch.got_offset; | |
1432 | + got = me->module_core_rw + me->arch.got_offset; | |
1433 | for (i = 0; got[i].addr; i++) | |
1434 | if (got[i].addr == value) | |
1435 | goto out; | |
1436 | @@ -406,7 +428,7 @@ static Elf64_Word get_got(struct module | |
1437 | #ifdef CONFIG_64BIT | |
1438 | static Elf_Addr get_fdesc(struct module *me, unsigned long value) | |
1439 | { | |
1440 | - Elf_Fdesc *fdesc = me->module_core + me->arch.fdesc_offset; | |
1441 | + Elf_Fdesc *fdesc = me->module_core_rw + me->arch.fdesc_offset; | |
1442 | ||
1443 | if (!value) { | |
1444 | printk(KERN_ERR "%s: zero OPD requested!\n", me->name); | |
1445 | @@ -424,7 +446,7 @@ static Elf_Addr get_fdesc(struct module | |
1446 | ||
1447 | /* Create new one */ | |
1448 | fdesc->addr = value; | |
1449 | - fdesc->gp = (Elf_Addr)me->module_core + me->arch.got_offset; | |
1450 | + fdesc->gp = (Elf_Addr)me->module_core_rw + me->arch.got_offset; | |
1451 | return (Elf_Addr)fdesc; | |
1452 | } | |
1453 | #endif /* CONFIG_64BIT */ | |
1454 | @@ -848,7 +870,7 @@ register_unwind_table(struct module *me, | |
1455 | ||
1456 | table = (unsigned char *)sechdrs[me->arch.unwind_section].sh_addr; | |
1457 | end = table + sechdrs[me->arch.unwind_section].sh_size; | |
1458 | - gp = (Elf_Addr)me->module_core + me->arch.got_offset; | |
1459 | + gp = (Elf_Addr)me->module_core_rw + me->arch.got_offset; | |
1460 | ||
1461 | DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n", | |
1462 | me->arch.unwind_section, table, end, gp); | |
ae4e228f MT |
1463 | diff -urNp linux-2.6.33.1/arch/parisc/kernel/sys_parisc.c linux-2.6.33.1/arch/parisc/kernel/sys_parisc.c |
1464 | --- linux-2.6.33.1/arch/parisc/kernel/sys_parisc.c 2010-03-15 12:09:39.000000000 -0400 | |
1465 | +++ linux-2.6.33.1/arch/parisc/kernel/sys_parisc.c 2010-03-20 16:58:38.636778509 -0400 | |
58c5fc13 MT |
1466 | @@ -98,7 +98,7 @@ unsigned long arch_get_unmapped_area(str |
1467 | if (flags & MAP_FIXED) | |
1468 | return addr; | |
1469 | if (!addr) | |
1470 | - addr = TASK_UNMAPPED_BASE; | |
1471 | + addr = current->mm->mmap_base; | |
1472 | ||
1473 | if (filp) { | |
1474 | addr = get_shared_area(filp->f_mapping, addr, len, pgoff); | |
ae4e228f MT |
1475 | diff -urNp linux-2.6.33.1/arch/parisc/kernel/traps.c linux-2.6.33.1/arch/parisc/kernel/traps.c |
1476 | --- linux-2.6.33.1/arch/parisc/kernel/traps.c 2010-03-15 12:09:39.000000000 -0400 | |
1477 | +++ linux-2.6.33.1/arch/parisc/kernel/traps.c 2010-03-20 16:58:38.644755446 -0400 | |
58c5fc13 MT |
1478 | @@ -733,9 +733,7 @@ void notrace handle_interruption(int cod |
1479 | ||
1480 | down_read(¤t->mm->mmap_sem); | |
1481 | vma = find_vma(current->mm,regs->iaoq[0]); | |
1482 | - if (vma && (regs->iaoq[0] >= vma->vm_start) | |
1483 | - && (vma->vm_flags & VM_EXEC)) { | |
1484 | - | |
1485 | + if (vma && (regs->iaoq[0] >= vma->vm_start)) { | |
1486 | fault_address = regs->iaoq[0]; | |
1487 | fault_space = regs->iasq[0]; | |
1488 | ||
ae4e228f MT |
1489 | diff -urNp linux-2.6.33.1/arch/parisc/mm/fault.c linux-2.6.33.1/arch/parisc/mm/fault.c |
1490 | --- linux-2.6.33.1/arch/parisc/mm/fault.c 2010-03-15 12:09:39.000000000 -0400 | |
1491 | +++ linux-2.6.33.1/arch/parisc/mm/fault.c 2010-03-20 16:58:38.644755446 -0400 | |
58c5fc13 MT |
1492 | @@ -15,6 +15,7 @@ |
1493 | #include <linux/sched.h> | |
1494 | #include <linux/interrupt.h> | |
1495 | #include <linux/module.h> | |
1496 | +#include <linux/unistd.h> | |
1497 | ||
1498 | #include <asm/uaccess.h> | |
1499 | #include <asm/traps.h> | |
1500 | @@ -52,7 +53,7 @@ DEFINE_PER_CPU(struct exception_data, ex | |
1501 | static unsigned long | |
1502 | parisc_acctyp(unsigned long code, unsigned int inst) | |
1503 | { | |
1504 | - if (code == 6 || code == 16) | |
1505 | + if (code == 6 || code == 7 || code == 16) | |
1506 | return VM_EXEC; | |
1507 | ||
1508 | switch (inst & 0xf0000000) { | |
1509 | @@ -138,6 +139,116 @@ parisc_acctyp(unsigned long code, unsign | |
1510 | } | |
1511 | #endif | |
1512 | ||
1513 | +#ifdef CONFIG_PAX_PAGEEXEC | |
1514 | +/* | |
1515 | + * PaX: decide what to do with offenders (instruction_pointer(regs) = fault address) | |
1516 | + * | |
1517 | + * returns 1 when task should be killed | |
1518 | + * 2 when rt_sigreturn trampoline was detected | |
1519 | + * 3 when unpatched PLT trampoline was detected | |
1520 | + */ | |
1521 | +static int pax_handle_fetch_fault(struct pt_regs *regs) | |
1522 | +{ | |
1523 | + | |
1524 | +#ifdef CONFIG_PAX_EMUPLT | |
1525 | + int err; | |
1526 | + | |
1527 | + do { /* PaX: unpatched PLT emulation */ | |
1528 | + unsigned int bl, depwi; | |
1529 | + | |
1530 | + err = get_user(bl, (unsigned int *)instruction_pointer(regs)); | |
1531 | + err |= get_user(depwi, (unsigned int *)(instruction_pointer(regs)+4)); | |
1532 | + | |
1533 | + if (err) | |
1534 | + break; | |
1535 | + | |
1536 | + if (bl == 0xEA9F1FDDU && depwi == 0xD6801C1EU) { | |
1537 | + unsigned int ldw, bv, ldw2, addr = instruction_pointer(regs)-12; | |
1538 | + | |
1539 | + err = get_user(ldw, (unsigned int *)addr); | |
1540 | + err |= get_user(bv, (unsigned int *)(addr+4)); | |
1541 | + err |= get_user(ldw2, (unsigned int *)(addr+8)); | |
1542 | + | |
1543 | + if (err) | |
1544 | + break; | |
1545 | + | |
1546 | + if (ldw == 0x0E801096U && | |
1547 | + bv == 0xEAC0C000U && | |
1548 | + ldw2 == 0x0E881095U) | |
1549 | + { | |
1550 | + unsigned int resolver, map; | |
1551 | + | |
1552 | + err = get_user(resolver, (unsigned int *)(instruction_pointer(regs)+8)); | |
1553 | + err |= get_user(map, (unsigned int *)(instruction_pointer(regs)+12)); | |
1554 | + if (err) | |
1555 | + break; | |
1556 | + | |
1557 | + regs->gr[20] = instruction_pointer(regs)+8; | |
1558 | + regs->gr[21] = map; | |
1559 | + regs->gr[22] = resolver; | |
1560 | + regs->iaoq[0] = resolver | 3UL; | |
1561 | + regs->iaoq[1] = regs->iaoq[0] + 4; | |
1562 | + return 3; | |
1563 | + } | |
1564 | + } | |
1565 | + } while (0); | |
1566 | +#endif | |
1567 | + | |
1568 | +#ifdef CONFIG_PAX_EMUTRAMP | |
1569 | + | |
1570 | +#ifndef CONFIG_PAX_EMUSIGRT | |
1571 | + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP)) | |
1572 | + return 1; | |
1573 | +#endif | |
1574 | + | |
1575 | + do { /* PaX: rt_sigreturn emulation */ | |
1576 | + unsigned int ldi1, ldi2, bel, nop; | |
1577 | + | |
1578 | + err = get_user(ldi1, (unsigned int *)instruction_pointer(regs)); | |
1579 | + err |= get_user(ldi2, (unsigned int *)(instruction_pointer(regs)+4)); | |
1580 | + err |= get_user(bel, (unsigned int *)(instruction_pointer(regs)+8)); | |
1581 | + err |= get_user(nop, (unsigned int *)(instruction_pointer(regs)+12)); | |
1582 | + | |
1583 | + if (err) | |
1584 | + break; | |
1585 | + | |
1586 | + if ((ldi1 == 0x34190000U || ldi1 == 0x34190002U) && | |
1587 | + ldi2 == 0x3414015AU && | |
1588 | + bel == 0xE4008200U && | |
1589 | + nop == 0x08000240U) | |
1590 | + { | |
1591 | + regs->gr[25] = (ldi1 & 2) >> 1; | |
1592 | + regs->gr[20] = __NR_rt_sigreturn; | |
1593 | + regs->gr[31] = regs->iaoq[1] + 16; | |
1594 | + regs->sr[0] = regs->iasq[1]; | |
1595 | + regs->iaoq[0] = 0x100UL; | |
1596 | + regs->iaoq[1] = regs->iaoq[0] + 4; | |
1597 | + regs->iasq[0] = regs->sr[2]; | |
1598 | + regs->iasq[1] = regs->sr[2]; | |
1599 | + return 2; | |
1600 | + } | |
1601 | + } while (0); | |
1602 | +#endif | |
1603 | + | |
1604 | + return 1; | |
1605 | +} | |
1606 | + | |
1607 | +void pax_report_insns(void *pc, void *sp) | |
1608 | +{ | |
1609 | + unsigned long i; | |
1610 | + | |
1611 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
1612 | + for (i = 0; i < 5; i++) { | |
1613 | + unsigned int c; | |
1614 | + if (get_user(c, (unsigned int *)pc+i)) | |
1615 | + printk(KERN_CONT "???????? "); | |
1616 | + else | |
1617 | + printk(KERN_CONT "%08x ", c); | |
1618 | + } | |
1619 | + printk("\n"); | |
1620 | +} | |
1621 | +#endif | |
1622 | + | |
1623 | int fixup_exception(struct pt_regs *regs) | |
1624 | { | |
1625 | const struct exception_table_entry *fix; | |
1626 | @@ -192,8 +303,33 @@ good_area: | |
1627 | ||
1628 | acc_type = parisc_acctyp(code,regs->iir); | |
1629 | ||
1630 | - if ((vma->vm_flags & acc_type) != acc_type) | |
1631 | + if ((vma->vm_flags & acc_type) != acc_type) { | |
1632 | + | |
1633 | +#ifdef CONFIG_PAX_PAGEEXEC | |
1634 | + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && (acc_type & VM_EXEC) && | |
1635 | + (address & ~3UL) == instruction_pointer(regs)) | |
1636 | + { | |
1637 | + up_read(&mm->mmap_sem); | |
1638 | + switch (pax_handle_fetch_fault(regs)) { | |
1639 | + | |
1640 | +#ifdef CONFIG_PAX_EMUPLT | |
1641 | + case 3: | |
1642 | + return; | |
1643 | +#endif | |
1644 | + | |
1645 | +#ifdef CONFIG_PAX_EMUTRAMP | |
1646 | + case 2: | |
1647 | + return; | |
1648 | +#endif | |
1649 | + | |
1650 | + } | |
1651 | + pax_report_fault(regs, (void *)instruction_pointer(regs), (void *)regs->gr[30]); | |
1652 | + do_group_exit(SIGKILL); | |
1653 | + } | |
1654 | +#endif | |
1655 | + | |
1656 | goto bad_area; | |
1657 | + } | |
1658 | ||
1659 | /* | |
1660 | * If for any reason at all we couldn't handle the fault, make | |
ae4e228f MT |
1661 | diff -urNp linux-2.6.33.1/arch/powerpc/include/asm/device.h linux-2.6.33.1/arch/powerpc/include/asm/device.h |
1662 | --- linux-2.6.33.1/arch/powerpc/include/asm/device.h 2010-03-15 12:09:39.000000000 -0400 | |
1663 | +++ linux-2.6.33.1/arch/powerpc/include/asm/device.h 2010-03-20 16:58:38.652757516 -0400 | |
1664 | @@ -14,7 +14,7 @@ struct dev_archdata { | |
1665 | struct device_node *of_node; | |
58c5fc13 | 1666 | |
ae4e228f MT |
1667 | /* DMA operations on that device */ |
1668 | - struct dma_map_ops *dma_ops; | |
1669 | + const struct dma_map_ops *dma_ops; | |
1670 | ||
1671 | /* | |
1672 | * When an iommu is in use, dma_data is used as a ptr to the base of the | |
1673 | diff -urNp linux-2.6.33.1/arch/powerpc/include/asm/dma-mapping.h linux-2.6.33.1/arch/powerpc/include/asm/dma-mapping.h | |
1674 | --- linux-2.6.33.1/arch/powerpc/include/asm/dma-mapping.h 2010-03-15 12:09:39.000000000 -0400 | |
1675 | +++ linux-2.6.33.1/arch/powerpc/include/asm/dma-mapping.h 2010-03-20 16:58:38.664764295 -0400 | |
1676 | @@ -69,9 +69,9 @@ static inline unsigned long device_to_ma | |
1677 | #ifdef CONFIG_PPC64 | |
1678 | extern struct dma_map_ops dma_iommu_ops; | |
1679 | #endif | |
1680 | -extern struct dma_map_ops dma_direct_ops; | |
1681 | +extern const struct dma_map_ops dma_direct_ops; | |
1682 | ||
1683 | -static inline struct dma_map_ops *get_dma_ops(struct device *dev) | |
1684 | +static inline const struct dma_map_ops *get_dma_ops(struct device *dev) | |
58c5fc13 | 1685 | { |
ae4e228f MT |
1686 | /* We don't handle the NULL dev case for ISA for now. We could |
1687 | * do it via an out of line call but it is not needed for now. The | |
1688 | @@ -84,7 +84,7 @@ static inline struct dma_map_ops *get_dm | |
1689 | return dev->archdata.dma_ops; | |
58c5fc13 MT |
1690 | } |
1691 | ||
ae4e228f MT |
1692 | -static inline void set_dma_ops(struct device *dev, struct dma_map_ops *ops) |
1693 | +static inline void set_dma_ops(struct device *dev, const struct dma_map_ops *ops) | |
58c5fc13 | 1694 | { |
ae4e228f | 1695 | dev->archdata.dma_ops = ops; |
58c5fc13 | 1696 | } |
ae4e228f | 1697 | @@ -118,7 +118,7 @@ static inline void set_dma_offset(struct |
58c5fc13 | 1698 | |
ae4e228f | 1699 | static inline int dma_supported(struct device *dev, u64 mask) |
58c5fc13 | 1700 | { |
ae4e228f MT |
1701 | - struct dma_map_ops *dma_ops = get_dma_ops(dev); |
1702 | + const struct dma_map_ops *dma_ops = get_dma_ops(dev); | |
58c5fc13 | 1703 | |
ae4e228f MT |
1704 | if (unlikely(dma_ops == NULL)) |
1705 | return 0; | |
1706 | @@ -132,7 +132,7 @@ static inline int dma_supported(struct d | |
1707 | ||
1708 | static inline int dma_set_mask(struct device *dev, u64 dma_mask) | |
58c5fc13 | 1709 | { |
ae4e228f MT |
1710 | - struct dma_map_ops *dma_ops = get_dma_ops(dev); |
1711 | + const struct dma_map_ops *dma_ops = get_dma_ops(dev); | |
58c5fc13 | 1712 | |
ae4e228f MT |
1713 | if (unlikely(dma_ops == NULL)) |
1714 | return -EIO; | |
1715 | @@ -147,7 +147,7 @@ static inline int dma_set_mask(struct de | |
1716 | static inline void *dma_alloc_coherent(struct device *dev, size_t size, | |
1717 | dma_addr_t *dma_handle, gfp_t flag) | |
1718 | { | |
1719 | - struct dma_map_ops *dma_ops = get_dma_ops(dev); | |
1720 | + const struct dma_map_ops *dma_ops = get_dma_ops(dev); | |
1721 | void *cpu_addr; | |
1722 | ||
1723 | BUG_ON(!dma_ops); | |
1724 | @@ -162,7 +162,7 @@ static inline void *dma_alloc_coherent(s | |
1725 | static inline void dma_free_coherent(struct device *dev, size_t size, | |
1726 | void *cpu_addr, dma_addr_t dma_handle) | |
58c5fc13 | 1727 | { |
ae4e228f MT |
1728 | - struct dma_map_ops *dma_ops = get_dma_ops(dev); |
1729 | + const struct dma_map_ops *dma_ops = get_dma_ops(dev); | |
1730 | ||
1731 | BUG_ON(!dma_ops); | |
1732 | ||
1733 | @@ -173,7 +173,7 @@ static inline void dma_free_coherent(str | |
1734 | ||
1735 | static inline int dma_mapping_error(struct device *dev, dma_addr_t dma_addr) | |
1736 | { | |
1737 | - struct dma_map_ops *dma_ops = get_dma_ops(dev); | |
1738 | + const struct dma_map_ops *dma_ops = get_dma_ops(dev); | |
1739 | ||
1740 | if (dma_ops->mapping_error) | |
1741 | return dma_ops->mapping_error(dev, dma_addr); | |
1742 | diff -urNp linux-2.6.33.1/arch/powerpc/include/asm/elf.h linux-2.6.33.1/arch/powerpc/include/asm/elf.h | |
1743 | --- linux-2.6.33.1/arch/powerpc/include/asm/elf.h 2010-03-15 12:09:39.000000000 -0400 | |
1744 | +++ linux-2.6.33.1/arch/powerpc/include/asm/elf.h 2010-03-20 16:58:38.664764295 -0400 | |
1745 | @@ -178,8 +178,19 @@ typedef elf_fpreg_t elf_vsrreghalf_t32[E | |
58c5fc13 MT |
1746 | the loader. We need to make sure that it is out of the way of the program |
1747 | that it will "exec", and that there is sufficient room for the brk. */ | |
1748 | ||
1749 | -extern unsigned long randomize_et_dyn(unsigned long base); | |
1750 | -#define ELF_ET_DYN_BASE (randomize_et_dyn(0x20000000)) | |
1751 | +#define ELF_ET_DYN_BASE (0x20000000) | |
1752 | + | |
1753 | +#ifdef CONFIG_PAX_ASLR | |
1754 | +#define PAX_ELF_ET_DYN_BASE (0x10000000UL) | |
1755 | + | |
1756 | +#ifdef __powerpc64__ | |
1757 | +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT) ? 16 : 28) | |
1758 | +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT) ? 16 : 28) | |
1759 | +#else | |
1760 | +#define PAX_DELTA_MMAP_LEN 15 | |
1761 | +#define PAX_DELTA_STACK_LEN 15 | |
1762 | +#endif | |
1763 | +#endif | |
1764 | ||
1765 | /* | |
1766 | * Our registers are always unsigned longs, whether we're a 32 bit | |
ae4e228f | 1767 | @@ -274,9 +285,6 @@ extern int arch_setup_additional_pages(s |
58c5fc13 MT |
1768 | (0x7ff >> (PAGE_SHIFT - 12)) : \ |
1769 | (0x3ffff >> (PAGE_SHIFT - 12))) | |
1770 | ||
1771 | -extern unsigned long arch_randomize_brk(struct mm_struct *mm); | |
1772 | -#define arch_randomize_brk arch_randomize_brk | |
1773 | - | |
1774 | #endif /* __KERNEL__ */ | |
1775 | ||
1776 | /* | |
ae4e228f MT |
1777 | diff -urNp linux-2.6.33.1/arch/powerpc/include/asm/iommu.h linux-2.6.33.1/arch/powerpc/include/asm/iommu.h |
1778 | --- linux-2.6.33.1/arch/powerpc/include/asm/iommu.h 2010-03-15 12:09:39.000000000 -0400 | |
1779 | +++ linux-2.6.33.1/arch/powerpc/include/asm/iommu.h 2010-03-20 16:58:38.664764295 -0400 | |
1780 | @@ -116,6 +116,9 @@ extern void iommu_init_early_iSeries(voi | |
1781 | extern void iommu_init_early_dart(void); | |
1782 | extern void iommu_init_early_pasemi(void); | |
1783 | ||
1784 | +/* dma-iommu.c */ | |
1785 | +extern int dma_iommu_dma_supported(struct device *dev, u64 mask); | |
1786 | + | |
1787 | #ifdef CONFIG_PCI | |
1788 | extern void pci_iommu_init(void); | |
1789 | extern void pci_direct_iommu_init(void); | |
1790 | diff -urNp linux-2.6.33.1/arch/powerpc/include/asm/kmap_types.h linux-2.6.33.1/arch/powerpc/include/asm/kmap_types.h | |
1791 | --- linux-2.6.33.1/arch/powerpc/include/asm/kmap_types.h 2010-03-15 12:09:39.000000000 -0400 | |
1792 | +++ linux-2.6.33.1/arch/powerpc/include/asm/kmap_types.h 2010-03-20 16:58:38.664764295 -0400 | |
58c5fc13 MT |
1793 | @@ -26,6 +26,7 @@ enum km_type { |
1794 | KM_SOFTIRQ1, | |
1795 | KM_PPC_SYNC_PAGE, | |
1796 | KM_PPC_SYNC_ICACHE, | |
1797 | + KM_CLEARPAGE, | |
1798 | KM_TYPE_NR | |
1799 | }; | |
1800 | ||
ae4e228f MT |
1801 | diff -urNp linux-2.6.33.1/arch/powerpc/include/asm/page_64.h linux-2.6.33.1/arch/powerpc/include/asm/page_64.h |
1802 | --- linux-2.6.33.1/arch/powerpc/include/asm/page_64.h 2010-03-15 12:09:39.000000000 -0400 | |
1803 | +++ linux-2.6.33.1/arch/powerpc/include/asm/page_64.h 2010-03-20 16:58:38.664764295 -0400 | |
1804 | @@ -180,15 +180,18 @@ do { \ | |
58c5fc13 MT |
1805 | * stack by default, so in the absense of a PT_GNU_STACK program header |
1806 | * we turn execute permission off. | |
1807 | */ | |
1808 | -#define VM_STACK_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \ | |
1809 | - VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
1810 | +#define VM_STACK_DEFAULT_FLAGS32 \ | |
1811 | + (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \ | |
1812 | + VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
1813 | ||
1814 | #define VM_STACK_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \ | |
1815 | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
1816 | ||
1817 | +#ifndef CONFIG_PAX_PAGEEXEC | |
1818 | #define VM_STACK_DEFAULT_FLAGS \ | |
1819 | (test_thread_flag(TIF_32BIT) ? \ | |
1820 | VM_STACK_DEFAULT_FLAGS32 : VM_STACK_DEFAULT_FLAGS64) | |
1821 | +#endif | |
1822 | ||
1823 | #include <asm-generic/getorder.h> | |
1824 | ||
ae4e228f MT |
1825 | diff -urNp linux-2.6.33.1/arch/powerpc/include/asm/page.h linux-2.6.33.1/arch/powerpc/include/asm/page.h |
1826 | --- linux-2.6.33.1/arch/powerpc/include/asm/page.h 2010-03-15 12:09:39.000000000 -0400 | |
1827 | +++ linux-2.6.33.1/arch/powerpc/include/asm/page.h 2010-03-20 16:58:38.668753880 -0400 | |
58c5fc13 MT |
1828 | @@ -116,8 +116,9 @@ extern phys_addr_t kernstart_addr; |
1829 | * and needs to be executable. This means the whole heap ends | |
1830 | * up being executable. | |
1831 | */ | |
1832 | -#define VM_DATA_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \ | |
1833 | - VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
1834 | +#define VM_DATA_DEFAULT_FLAGS32 \ | |
1835 | + (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \ | |
1836 | + VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
1837 | ||
1838 | #define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \ | |
1839 | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
ae4e228f MT |
1840 | @@ -145,6 +146,9 @@ extern phys_addr_t kernstart_addr; |
1841 | #define is_kernel_addr(x) ((x) >= PAGE_OFFSET) | |
1842 | #endif | |
1843 | ||
1844 | +#define ktla_ktva(addr) (addr) | |
1845 | +#define ktva_ktla(addr) (addr) | |
1846 | + | |
1847 | #ifndef __ASSEMBLY__ | |
1848 | ||
1849 | #undef STRICT_MM_TYPECHECKS | |
1850 | diff -urNp linux-2.6.33.1/arch/powerpc/include/asm/pci.h linux-2.6.33.1/arch/powerpc/include/asm/pci.h | |
1851 | --- linux-2.6.33.1/arch/powerpc/include/asm/pci.h 2010-03-15 12:09:39.000000000 -0400 | |
1852 | +++ linux-2.6.33.1/arch/powerpc/include/asm/pci.h 2010-03-20 16:58:38.668753880 -0400 | |
1853 | @@ -65,8 +65,8 @@ static inline int pci_get_legacy_ide_irq | |
1854 | } | |
1855 | ||
1856 | #ifdef CONFIG_PCI | |
1857 | -extern void set_pci_dma_ops(struct dma_map_ops *dma_ops); | |
1858 | -extern struct dma_map_ops *get_pci_dma_ops(void); | |
1859 | +extern void set_pci_dma_ops(const struct dma_map_ops *dma_ops); | |
1860 | +extern const struct dma_map_ops *get_pci_dma_ops(void); | |
1861 | #else /* CONFIG_PCI */ | |
1862 | #define set_pci_dma_ops(d) | |
1863 | #define get_pci_dma_ops() NULL | |
1864 | diff -urNp linux-2.6.33.1/arch/powerpc/include/asm/pte-hash32.h linux-2.6.33.1/arch/powerpc/include/asm/pte-hash32.h | |
1865 | --- linux-2.6.33.1/arch/powerpc/include/asm/pte-hash32.h 2010-03-15 12:09:39.000000000 -0400 | |
1866 | +++ linux-2.6.33.1/arch/powerpc/include/asm/pte-hash32.h 2010-03-20 16:58:38.668753880 -0400 | |
58c5fc13 MT |
1867 | @@ -21,6 +21,7 @@ |
1868 | #define _PAGE_FILE 0x004 /* when !present: nonlinear file mapping */ | |
1869 | #define _PAGE_USER 0x004 /* usermode access allowed */ | |
1870 | #define _PAGE_GUARDED 0x008 /* G: prohibit speculative access */ | |
ae4e228f | 1871 | +#define _PAGE_EXEC _PAGE_GUARDED |
58c5fc13 MT |
1872 | #define _PAGE_COHERENT 0x010 /* M: enforce memory coherence (SMP systems) */ |
1873 | #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ | |
1874 | #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ | |
ae4e228f MT |
1875 | diff -urNp linux-2.6.33.1/arch/powerpc/include/asm/reg.h linux-2.6.33.1/arch/powerpc/include/asm/reg.h |
1876 | --- linux-2.6.33.1/arch/powerpc/include/asm/reg.h 2010-03-15 12:09:39.000000000 -0400 | |
1877 | +++ linux-2.6.33.1/arch/powerpc/include/asm/reg.h 2010-03-20 16:58:38.672753614 -0400 | |
1878 | @@ -191,6 +191,7 @@ | |
58c5fc13 MT |
1879 | #define SPRN_DBCR 0x136 /* e300 Data Breakpoint Control Reg */ |
1880 | #define SPRN_DSISR 0x012 /* Data Storage Interrupt Status Register */ | |
1881 | #define DSISR_NOHPTE 0x40000000 /* no translation found */ | |
1882 | +#define DSISR_GUARDED 0x10000000 /* fetch from guarded storage */ | |
1883 | #define DSISR_PROTFAULT 0x08000000 /* protection fault */ | |
1884 | #define DSISR_ISSTORE 0x02000000 /* access was a store */ | |
1885 | #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */ | |
ae4e228f MT |
1886 | diff -urNp linux-2.6.33.1/arch/powerpc/include/asm/swiotlb.h linux-2.6.33.1/arch/powerpc/include/asm/swiotlb.h |
1887 | --- linux-2.6.33.1/arch/powerpc/include/asm/swiotlb.h 2010-03-15 12:09:39.000000000 -0400 | |
1888 | +++ linux-2.6.33.1/arch/powerpc/include/asm/swiotlb.h 2010-03-20 16:58:38.672753614 -0400 | |
1889 | @@ -13,7 +13,7 @@ | |
1890 | ||
1891 | #include <linux/swiotlb.h> | |
1892 | ||
1893 | -extern struct dma_map_ops swiotlb_dma_ops; | |
1894 | +extern const struct dma_map_ops swiotlb_dma_ops; | |
1895 | ||
1896 | static inline void dma_mark_clean(void *addr, size_t size) {} | |
1897 | ||
1898 | diff -urNp linux-2.6.33.1/arch/powerpc/include/asm/uaccess.h linux-2.6.33.1/arch/powerpc/include/asm/uaccess.h | |
1899 | --- linux-2.6.33.1/arch/powerpc/include/asm/uaccess.h 2010-03-15 12:09:39.000000000 -0400 | |
1900 | +++ linux-2.6.33.1/arch/powerpc/include/asm/uaccess.h 2010-03-20 16:58:38.676578811 -0400 | |
58c5fc13 MT |
1901 | @@ -327,52 +327,6 @@ do { \ |
1902 | extern unsigned long __copy_tofrom_user(void __user *to, | |
1903 | const void __user *from, unsigned long size); | |
1904 | ||
1905 | -#ifndef __powerpc64__ | |
1906 | - | |
1907 | -static inline unsigned long copy_from_user(void *to, | |
1908 | - const void __user *from, unsigned long n) | |
1909 | -{ | |
1910 | - unsigned long over; | |
1911 | - | |
1912 | - if (access_ok(VERIFY_READ, from, n)) | |
1913 | - return __copy_tofrom_user((__force void __user *)to, from, n); | |
1914 | - if ((unsigned long)from < TASK_SIZE) { | |
1915 | - over = (unsigned long)from + n - TASK_SIZE; | |
1916 | - return __copy_tofrom_user((__force void __user *)to, from, | |
1917 | - n - over) + over; | |
1918 | - } | |
1919 | - return n; | |
1920 | -} | |
1921 | - | |
1922 | -static inline unsigned long copy_to_user(void __user *to, | |
1923 | - const void *from, unsigned long n) | |
1924 | -{ | |
1925 | - unsigned long over; | |
1926 | - | |
1927 | - if (access_ok(VERIFY_WRITE, to, n)) | |
1928 | - return __copy_tofrom_user(to, (__force void __user *)from, n); | |
1929 | - if ((unsigned long)to < TASK_SIZE) { | |
1930 | - over = (unsigned long)to + n - TASK_SIZE; | |
1931 | - return __copy_tofrom_user(to, (__force void __user *)from, | |
1932 | - n - over) + over; | |
1933 | - } | |
1934 | - return n; | |
1935 | -} | |
1936 | - | |
1937 | -#else /* __powerpc64__ */ | |
1938 | - | |
1939 | -#define __copy_in_user(to, from, size) \ | |
1940 | - __copy_tofrom_user((to), (from), (size)) | |
1941 | - | |
1942 | -extern unsigned long copy_from_user(void *to, const void __user *from, | |
1943 | - unsigned long n); | |
1944 | -extern unsigned long copy_to_user(void __user *to, const void *from, | |
1945 | - unsigned long n); | |
1946 | -extern unsigned long copy_in_user(void __user *to, const void __user *from, | |
1947 | - unsigned long n); | |
1948 | - | |
1949 | -#endif /* __powerpc64__ */ | |
1950 | - | |
1951 | static inline unsigned long __copy_from_user_inatomic(void *to, | |
1952 | const void __user *from, unsigned long n) | |
1953 | { | |
ae4e228f | 1954 | @@ -396,6 +350,10 @@ static inline unsigned long __copy_from_ |
58c5fc13 MT |
1955 | if (ret == 0) |
1956 | return 0; | |
1957 | } | |
ae4e228f | 1958 | + |
58c5fc13 MT |
1959 | + if (!__builtin_constant_p(n)) |
1960 | + check_object_size(to, n, false); | |
1961 | + | |
1962 | return __copy_tofrom_user((__force void __user *)to, from, n); | |
1963 | } | |
1964 | ||
ae4e228f | 1965 | @@ -422,6 +380,10 @@ static inline unsigned long __copy_to_us |
58c5fc13 MT |
1966 | if (ret == 0) |
1967 | return 0; | |
1968 | } | |
ae4e228f | 1969 | + |
58c5fc13 MT |
1970 | + if (!__builtin_constant_p(n)) |
1971 | + check_object_size(from, n, true); | |
1972 | + | |
1973 | return __copy_tofrom_user(to, (__force const void __user *)from, n); | |
1974 | } | |
1975 | ||
ae4e228f | 1976 | @@ -439,6 +401,92 @@ static inline unsigned long __copy_to_us |
58c5fc13 MT |
1977 | return __copy_to_user_inatomic(to, from, size); |
1978 | } | |
1979 | ||
1980 | +#ifndef __powerpc64__ | |
1981 | + | |
1982 | +static inline unsigned long __must_check copy_from_user(void *to, | |
1983 | + const void __user *from, unsigned long n) | |
1984 | +{ | |
1985 | + unsigned long over; | |
1986 | + | |
ae4e228f | 1987 | + if ((long)n < 0) |
58c5fc13 MT |
1988 | + return n; |
1989 | + | |
1990 | + if (access_ok(VERIFY_READ, from, n)) { | |
1991 | + if (!__builtin_constant_p(n)) | |
1992 | + check_object_size(to, n, false); | |
58c5fc13 MT |
1993 | + return __copy_tofrom_user((__force void __user *)to, from, n); |
1994 | + } | |
1995 | + if ((unsigned long)from < TASK_SIZE) { | |
1996 | + over = (unsigned long)from + n - TASK_SIZE; | |
1997 | + if (!__builtin_constant_p(n - over)) | |
1998 | + check_object_size(to, n - over, false); | |
1999 | + return __copy_tofrom_user((__force void __user *)to, from, | |
2000 | + n - over) + over; | |
2001 | + } | |
2002 | + return n; | |
2003 | +} | |
2004 | + | |
2005 | +static inline unsigned long __must_check copy_to_user(void __user *to, | |
2006 | + const void *from, unsigned long n) | |
2007 | +{ | |
2008 | + unsigned long over; | |
2009 | + | |
ae4e228f | 2010 | + if ((long)n < 0) |
58c5fc13 MT |
2011 | + return n; |
2012 | + | |
2013 | + if (access_ok(VERIFY_WRITE, to, n)) { | |
2014 | + if (!__builtin_constant_p(n)) | |
2015 | + check_object_size(from, n, true); | |
2016 | + return __copy_tofrom_user(to, (__force void __user *)from, n); | |
2017 | + } | |
2018 | + if ((unsigned long)to < TASK_SIZE) { | |
2019 | + over = (unsigned long)to + n - TASK_SIZE; | |
2020 | + if (!__builtin_constant_p(n)) | |
2021 | + check_object_size(from, n - over, true); | |
2022 | + return __copy_tofrom_user(to, (__force void __user *)from, | |
2023 | + n - over) + over; | |
2024 | + } | |
2025 | + return n; | |
2026 | +} | |
2027 | + | |
2028 | +#else /* __powerpc64__ */ | |
2029 | + | |
2030 | +#define __copy_in_user(to, from, size) \ | |
2031 | + __copy_tofrom_user((to), (from), (size)) | |
2032 | + | |
ae4e228f | 2033 | +static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) |
58c5fc13 | 2034 | +{ |
ae4e228f | 2035 | + if ((long)n < 0 || n > INT_MAX) |
58c5fc13 MT |
2036 | + return n; |
2037 | + | |
2038 | + if (!__builtin_constant_p(n)) | |
2039 | + check_object_size(to, n, false); | |
2040 | + | |
2041 | + if (likely(access_ok(VERIFY_READ, from, n))) | |
2042 | + n = __copy_from_user(to, from, n); | |
2043 | + else | |
2044 | + memset(to, 0, n); | |
58c5fc13 MT |
2045 | + return n; |
2046 | +} | |
2047 | + | |
ae4e228f | 2048 | +static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) |
58c5fc13 | 2049 | +{ |
ae4e228f | 2050 | + if ((long)n < 0 || n > INT_MAX) |
58c5fc13 MT |
2051 | + return n; |
2052 | + | |
2053 | + if (likely(access_ok(VERIFY_WRITE, to, n))) { | |
2054 | + if (!__builtin_constant_p(n)) | |
2055 | + check_object_size(from, n, true); | |
2056 | + n = __copy_to_user(to, from, n); | |
2057 | + } | |
58c5fc13 MT |
2058 | + return n; |
2059 | +} | |
2060 | + | |
2061 | +extern unsigned long copy_in_user(void __user *to, const void __user *from, | |
2062 | + unsigned long n); | |
2063 | + | |
2064 | +#endif /* __powerpc64__ */ | |
2065 | + | |
2066 | extern unsigned long __clear_user(void __user *addr, unsigned long size); | |
2067 | ||
2068 | static inline unsigned long clear_user(void __user *addr, unsigned long size) | |
ae4e228f MT |
2069 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/cacheinfo.c linux-2.6.33.1/arch/powerpc/kernel/cacheinfo.c |
2070 | --- linux-2.6.33.1/arch/powerpc/kernel/cacheinfo.c 2010-03-15 12:09:39.000000000 -0400 | |
2071 | +++ linux-2.6.33.1/arch/powerpc/kernel/cacheinfo.c 2010-03-20 16:58:38.684761974 -0400 | |
2072 | @@ -642,7 +642,7 @@ static struct kobj_attribute *cache_inde | |
2073 | &cache_assoc_attr, | |
2074 | }; | |
2075 | ||
2076 | -static struct sysfs_ops cache_index_ops = { | |
2077 | +static const struct sysfs_ops cache_index_ops = { | |
2078 | .show = cache_index_show, | |
2079 | }; | |
2080 | ||
2081 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/dma.c linux-2.6.33.1/arch/powerpc/kernel/dma.c | |
2082 | --- linux-2.6.33.1/arch/powerpc/kernel/dma.c 2010-03-15 12:09:39.000000000 -0400 | |
2083 | +++ linux-2.6.33.1/arch/powerpc/kernel/dma.c 2010-03-20 16:58:38.700769723 -0400 | |
2084 | @@ -134,7 +134,7 @@ static inline void dma_direct_sync_singl | |
2085 | } | |
2086 | #endif | |
2087 | ||
2088 | -struct dma_map_ops dma_direct_ops = { | |
2089 | +const struct dma_map_ops dma_direct_ops = { | |
2090 | .alloc_coherent = dma_direct_alloc_coherent, | |
2091 | .free_coherent = dma_direct_free_coherent, | |
2092 | .map_sg = dma_direct_map_sg, | |
2093 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/dma-iommu.c linux-2.6.33.1/arch/powerpc/kernel/dma-iommu.c | |
2094 | --- linux-2.6.33.1/arch/powerpc/kernel/dma-iommu.c 2010-03-15 12:09:39.000000000 -0400 | |
2095 | +++ linux-2.6.33.1/arch/powerpc/kernel/dma-iommu.c 2010-03-20 16:58:38.708797745 -0400 | |
2096 | @@ -70,7 +70,7 @@ static void dma_iommu_unmap_sg(struct de | |
2097 | } | |
2098 | ||
2099 | /* We support DMA to/from any memory page via the iommu */ | |
2100 | -static int dma_iommu_dma_supported(struct device *dev, u64 mask) | |
2101 | +int dma_iommu_dma_supported(struct device *dev, u64 mask) | |
2102 | { | |
2103 | struct iommu_table *tbl = get_iommu_table_base(dev); | |
2104 | ||
2105 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/dma-swiotlb.c linux-2.6.33.1/arch/powerpc/kernel/dma-swiotlb.c | |
2106 | --- linux-2.6.33.1/arch/powerpc/kernel/dma-swiotlb.c 2010-03-15 12:09:39.000000000 -0400 | |
2107 | +++ linux-2.6.33.1/arch/powerpc/kernel/dma-swiotlb.c 2010-03-20 16:58:38.720772371 -0400 | |
2108 | @@ -30,7 +30,7 @@ unsigned int ppc_swiotlb_enable; | |
2109 | * map_page, and unmap_page on highmem, use normal dma_ops | |
2110 | * for everything else. | |
2111 | */ | |
2112 | -struct dma_map_ops swiotlb_dma_ops = { | |
2113 | +const struct dma_map_ops swiotlb_dma_ops = { | |
2114 | .alloc_coherent = dma_direct_alloc_coherent, | |
2115 | .free_coherent = dma_direct_free_coherent, | |
2116 | .map_sg = swiotlb_map_sg_attrs, | |
2117 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/exceptions-64e.S linux-2.6.33.1/arch/powerpc/kernel/exceptions-64e.S | |
2118 | --- linux-2.6.33.1/arch/powerpc/kernel/exceptions-64e.S 2010-03-15 12:09:39.000000000 -0400 | |
2119 | +++ linux-2.6.33.1/arch/powerpc/kernel/exceptions-64e.S 2010-03-20 16:58:38.720772371 -0400 | |
2120 | @@ -455,6 +455,7 @@ storage_fault_common: | |
2121 | std r14,_DAR(r1) | |
2122 | std r15,_DSISR(r1) | |
2123 | addi r3,r1,STACK_FRAME_OVERHEAD | |
2124 | + bl .save_nvgprs | |
2125 | mr r4,r14 | |
2126 | mr r5,r15 | |
2127 | ld r14,PACA_EXGEN+EX_R14(r13) | |
2128 | @@ -464,8 +465,7 @@ storage_fault_common: | |
2129 | cmpdi r3,0 | |
2130 | bne- 1f | |
2131 | b .ret_from_except_lite | |
2132 | -1: bl .save_nvgprs | |
2133 | - mr r5,r3 | |
2134 | +1: mr r5,r3 | |
2135 | addi r3,r1,STACK_FRAME_OVERHEAD | |
2136 | ld r4,_DAR(r1) | |
2137 | bl .bad_page_fault | |
2138 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/exceptions-64s.S linux-2.6.33.1/arch/powerpc/kernel/exceptions-64s.S | |
2139 | --- linux-2.6.33.1/arch/powerpc/kernel/exceptions-64s.S 2010-03-15 12:09:39.000000000 -0400 | |
2140 | +++ linux-2.6.33.1/arch/powerpc/kernel/exceptions-64s.S 2010-03-20 16:58:38.720772371 -0400 | |
2141 | @@ -829,10 +829,10 @@ handle_page_fault: | |
2142 | 11: ld r4,_DAR(r1) | |
2143 | ld r5,_DSISR(r1) | |
2144 | addi r3,r1,STACK_FRAME_OVERHEAD | |
2145 | + bl .save_nvgprs | |
2146 | bl .do_page_fault | |
2147 | cmpdi r3,0 | |
2148 | beq+ 13f | |
2149 | - bl .save_nvgprs | |
2150 | mr r5,r3 | |
2151 | addi r3,r1,STACK_FRAME_OVERHEAD | |
2152 | lwz r4,_DAR(r1) | |
2153 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/ibmebus.c linux-2.6.33.1/arch/powerpc/kernel/ibmebus.c | |
2154 | --- linux-2.6.33.1/arch/powerpc/kernel/ibmebus.c 2010-03-15 12:09:39.000000000 -0400 | |
2155 | +++ linux-2.6.33.1/arch/powerpc/kernel/ibmebus.c 2010-03-20 16:58:38.720772371 -0400 | |
2156 | @@ -127,7 +127,7 @@ static int ibmebus_dma_supported(struct | |
2157 | return 1; | |
2158 | } | |
2159 | ||
2160 | -static struct dma_map_ops ibmebus_dma_ops = { | |
2161 | +static const struct dma_map_ops ibmebus_dma_ops = { | |
2162 | .alloc_coherent = ibmebus_alloc_coherent, | |
2163 | .free_coherent = ibmebus_free_coherent, | |
2164 | .map_sg = ibmebus_map_sg, | |
2165 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/kgdb.c linux-2.6.33.1/arch/powerpc/kernel/kgdb.c | |
2166 | --- linux-2.6.33.1/arch/powerpc/kernel/kgdb.c 2010-03-15 12:09:39.000000000 -0400 | |
2167 | +++ linux-2.6.33.1/arch/powerpc/kernel/kgdb.c 2010-03-20 16:58:38.720772371 -0400 | |
2168 | @@ -126,7 +126,7 @@ static int kgdb_handle_breakpoint(struct | |
2169 | if (kgdb_handle_exception(0, SIGTRAP, 0, regs) != 0) | |
2170 | return 0; | |
2171 | ||
2172 | - if (*(u32 *) (regs->nip) == *(u32 *) (&arch_kgdb_ops.gdb_bpt_instr)) | |
2173 | + if (*(u32 *) (regs->nip) == *(const u32 *) (&arch_kgdb_ops.gdb_bpt_instr)) | |
2174 | regs->nip += 4; | |
2175 | ||
2176 | return 1; | |
2177 | @@ -353,7 +353,7 @@ int kgdb_arch_handle_exception(int vecto | |
2178 | /* | |
2179 | * Global data | |
2180 | */ | |
2181 | -struct kgdb_arch arch_kgdb_ops = { | |
2182 | +const struct kgdb_arch arch_kgdb_ops = { | |
2183 | .gdb_bpt_instr = {0x7d, 0x82, 0x10, 0x08}, | |
2184 | }; | |
2185 | ||
2186 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/module_32.c linux-2.6.33.1/arch/powerpc/kernel/module_32.c | |
2187 | --- linux-2.6.33.1/arch/powerpc/kernel/module_32.c 2010-03-15 12:09:39.000000000 -0400 | |
2188 | +++ linux-2.6.33.1/arch/powerpc/kernel/module_32.c 2010-03-20 16:58:38.724667855 -0400 | |
58c5fc13 MT |
2189 | @@ -162,7 +162,7 @@ int module_frob_arch_sections(Elf32_Ehdr |
2190 | me->arch.core_plt_section = i; | |
2191 | } | |
2192 | if (!me->arch.core_plt_section || !me->arch.init_plt_section) { | |
2193 | - printk("Module doesn't contain .plt or .init.plt sections.\n"); | |
2194 | + printk("Module %s doesn't contain .plt or .init.plt sections.\n", me->name); | |
2195 | return -ENOEXEC; | |
2196 | } | |
2197 | ||
2198 | @@ -203,11 +203,16 @@ static uint32_t do_plt_call(void *locati | |
2199 | ||
2200 | DEBUGP("Doing plt for call to 0x%x at 0x%x\n", val, (unsigned int)location); | |
2201 | /* Init, or core PLT? */ | |
2202 | - if (location >= mod->module_core | |
2203 | - && location < mod->module_core + mod->core_size) | |
2204 | + if ((location >= mod->module_core_rx && location < mod->module_core_rx + mod->core_size_rx) || | |
2205 | + (location >= mod->module_core_rw && location < mod->module_core_rw + mod->core_size_rw)) | |
2206 | entry = (void *)sechdrs[mod->arch.core_plt_section].sh_addr; | |
2207 | - else | |
2208 | + else if ((location >= mod->module_init_rx && location < mod->module_init_rx + mod->init_size_rx) || | |
2209 | + (location >= mod->module_init_rw && location < mod->module_init_rw + mod->init_size_rw)) | |
2210 | entry = (void *)sechdrs[mod->arch.init_plt_section].sh_addr; | |
2211 | + else { | |
2212 | + printk(KERN_ERR "%s: invalid R_PPC_REL24 entry found\n", mod->name); | |
2213 | + return ~0UL; | |
2214 | + } | |
2215 | ||
2216 | /* Find this entry, or if that fails, the next avail. entry */ | |
2217 | while (entry->jump[0]) { | |
ae4e228f MT |
2218 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/module.c linux-2.6.33.1/arch/powerpc/kernel/module.c |
2219 | --- linux-2.6.33.1/arch/powerpc/kernel/module.c 2010-03-15 12:09:39.000000000 -0400 | |
2220 | +++ linux-2.6.33.1/arch/powerpc/kernel/module.c 2010-03-20 16:58:38.724667855 -0400 | |
2221 | @@ -31,11 +31,24 @@ | |
2222 | ||
2223 | LIST_HEAD(module_bug_list); | |
2224 | ||
2225 | +#ifdef CONFIG_PAX_KERNEXEC | |
2226 | void *module_alloc(unsigned long size) | |
2227 | { | |
2228 | if (size == 0) | |
2229 | return NULL; | |
2230 | ||
2231 | + return vmalloc(size); | |
2232 | +} | |
2233 | + | |
2234 | +void *module_alloc_exec(unsigned long size) | |
2235 | +#else | |
2236 | +void *module_alloc(unsigned long size) | |
2237 | +#endif | |
2238 | + | |
2239 | +{ | |
2240 | + if (size == 0) | |
2241 | + return NULL; | |
2242 | + | |
2243 | return vmalloc_exec(size); | |
2244 | } | |
2245 | ||
2246 | @@ -45,6 +58,13 @@ void module_free(struct module *mod, voi | |
2247 | vfree(module_region); | |
2248 | } | |
2249 | ||
2250 | +#ifdef CONFIG_PAX_KERNEXEC | |
2251 | +void module_free_exec(struct module *mod, void *module_region) | |
2252 | +{ | |
2253 | + module_free(mod, module_region); | |
2254 | +} | |
2255 | +#endif | |
2256 | + | |
2257 | static const Elf_Shdr *find_section(const Elf_Ehdr *hdr, | |
2258 | const Elf_Shdr *sechdrs, | |
2259 | const char *name) | |
2260 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/pci-common.c linux-2.6.33.1/arch/powerpc/kernel/pci-common.c | |
2261 | --- linux-2.6.33.1/arch/powerpc/kernel/pci-common.c 2010-03-15 12:09:39.000000000 -0400 | |
2262 | +++ linux-2.6.33.1/arch/powerpc/kernel/pci-common.c 2010-03-20 16:58:38.736620382 -0400 | |
2263 | @@ -50,14 +50,14 @@ resource_size_t isa_mem_base; | |
2264 | unsigned int ppc_pci_flags = 0; | |
2265 | ||
2266 | ||
2267 | -static struct dma_map_ops *pci_dma_ops = &dma_direct_ops; | |
2268 | +static const struct dma_map_ops *pci_dma_ops = &dma_direct_ops; | |
2269 | ||
2270 | -void set_pci_dma_ops(struct dma_map_ops *dma_ops) | |
2271 | +void set_pci_dma_ops(const struct dma_map_ops *dma_ops) | |
2272 | { | |
2273 | pci_dma_ops = dma_ops; | |
2274 | } | |
2275 | ||
2276 | -struct dma_map_ops *get_pci_dma_ops(void) | |
2277 | +const struct dma_map_ops *get_pci_dma_ops(void) | |
2278 | { | |
2279 | return pci_dma_ops; | |
2280 | } | |
2281 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/process.c linux-2.6.33.1/arch/powerpc/kernel/process.c | |
2282 | --- linux-2.6.33.1/arch/powerpc/kernel/process.c 2010-03-15 12:09:39.000000000 -0400 | |
2283 | +++ linux-2.6.33.1/arch/powerpc/kernel/process.c 2010-03-20 16:58:38.740772809 -0400 | |
2284 | @@ -1141,51 +1141,3 @@ unsigned long arch_align_stack(unsigned | |
58c5fc13 MT |
2285 | sp -= get_random_int() & ~PAGE_MASK; |
2286 | return sp & ~0xf; | |
2287 | } | |
2288 | - | |
2289 | -static inline unsigned long brk_rnd(void) | |
2290 | -{ | |
2291 | - unsigned long rnd = 0; | |
2292 | - | |
2293 | - /* 8MB for 32bit, 1GB for 64bit */ | |
2294 | - if (is_32bit_task()) | |
2295 | - rnd = (long)(get_random_int() % (1<<(23-PAGE_SHIFT))); | |
2296 | - else | |
2297 | - rnd = (long)(get_random_int() % (1<<(30-PAGE_SHIFT))); | |
2298 | - | |
2299 | - return rnd << PAGE_SHIFT; | |
2300 | -} | |
2301 | - | |
2302 | -unsigned long arch_randomize_brk(struct mm_struct *mm) | |
2303 | -{ | |
ae4e228f MT |
2304 | - unsigned long base = mm->brk; |
2305 | - unsigned long ret; | |
2306 | - | |
2307 | -#ifdef CONFIG_PPC_STD_MMU_64 | |
2308 | - /* | |
2309 | - * If we are using 1TB segments and we are allowed to randomise | |
2310 | - * the heap, we can put it above 1TB so it is backed by a 1TB | |
2311 | - * segment. Otherwise the heap will be in the bottom 1TB | |
2312 | - * which always uses 256MB segments and this may result in a | |
2313 | - * performance penalty. | |
2314 | - */ | |
2315 | - if (!is_32bit_task() && (mmu_highuser_ssize == MMU_SEGSIZE_1T)) | |
2316 | - base = max_t(unsigned long, mm->brk, 1UL << SID_SHIFT_1T); | |
2317 | -#endif | |
2318 | - | |
2319 | - ret = PAGE_ALIGN(base + brk_rnd()); | |
58c5fc13 MT |
2320 | - |
2321 | - if (ret < mm->brk) | |
2322 | - return mm->brk; | |
2323 | - | |
2324 | - return ret; | |
2325 | -} | |
2326 | - | |
2327 | -unsigned long randomize_et_dyn(unsigned long base) | |
2328 | -{ | |
2329 | - unsigned long ret = PAGE_ALIGN(base + brk_rnd()); | |
2330 | - | |
2331 | - if (ret < base) | |
2332 | - return base; | |
2333 | - | |
2334 | - return ret; | |
2335 | -} | |
ae4e228f MT |
2336 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/signal_32.c linux-2.6.33.1/arch/powerpc/kernel/signal_32.c |
2337 | --- linux-2.6.33.1/arch/powerpc/kernel/signal_32.c 2010-03-15 12:09:39.000000000 -0400 | |
2338 | +++ linux-2.6.33.1/arch/powerpc/kernel/signal_32.c 2010-03-20 16:58:38.740772809 -0400 | |
58c5fc13 MT |
2339 | @@ -857,7 +857,7 @@ int handle_rt_signal32(unsigned long sig |
2340 | /* Save user registers on the stack */ | |
2341 | frame = &rt_sf->uc.uc_mcontext; | |
2342 | addr = frame; | |
2343 | - if (vdso32_rt_sigtramp && current->mm->context.vdso_base) { | |
2344 | + if (vdso32_rt_sigtramp && current->mm->context.vdso_base != ~0UL) { | |
2345 | if (save_user_regs(regs, frame, 0, 1)) | |
2346 | goto badframe; | |
2347 | regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp; | |
ae4e228f MT |
2348 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/signal_64.c linux-2.6.33.1/arch/powerpc/kernel/signal_64.c |
2349 | --- linux-2.6.33.1/arch/powerpc/kernel/signal_64.c 2010-03-15 12:09:39.000000000 -0400 | |
2350 | +++ linux-2.6.33.1/arch/powerpc/kernel/signal_64.c 2010-03-20 16:58:38.740772809 -0400 | |
58c5fc13 MT |
2351 | @@ -429,7 +429,7 @@ int handle_rt_signal64(int signr, struct |
2352 | current->thread.fpscr.val = 0; | |
2353 | ||
2354 | /* Set up to return from userspace. */ | |
2355 | - if (vdso64_rt_sigtramp && current->mm->context.vdso_base) { | |
2356 | + if (vdso64_rt_sigtramp && current->mm->context.vdso_base != ~0UL) { | |
2357 | regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp; | |
2358 | } else { | |
2359 | err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); | |
ae4e228f MT |
2360 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/vdso.c linux-2.6.33.1/arch/powerpc/kernel/vdso.c |
2361 | --- linux-2.6.33.1/arch/powerpc/kernel/vdso.c 2010-03-15 12:09:39.000000000 -0400 | |
2362 | +++ linux-2.6.33.1/arch/powerpc/kernel/vdso.c 2010-03-20 16:58:38.740772809 -0400 | |
2363 | @@ -36,6 +36,7 @@ | |
58c5fc13 MT |
2364 | #include <asm/firmware.h> |
2365 | #include <asm/vdso.h> | |
2366 | #include <asm/vdso_datapage.h> | |
2367 | +#include <asm/mman.h> | |
2368 | ||
2369 | #include "setup.h" | |
2370 | ||
ae4e228f | 2371 | @@ -220,7 +221,7 @@ int arch_setup_additional_pages(struct l |
58c5fc13 MT |
2372 | vdso_base = VDSO32_MBASE; |
2373 | #endif | |
2374 | ||
2375 | - current->mm->context.vdso_base = 0; | |
2376 | + current->mm->context.vdso_base = ~0UL; | |
2377 | ||
2378 | /* vDSO has a problem and was disabled, just don't "enable" it for the | |
2379 | * process | |
ae4e228f | 2380 | @@ -240,7 +241,7 @@ int arch_setup_additional_pages(struct l |
58c5fc13 | 2381 | vdso_base = get_unmapped_area(NULL, vdso_base, |
ae4e228f MT |
2382 | (vdso_pages << PAGE_SHIFT) + |
2383 | ((VDSO_ALIGNMENT - 1) & PAGE_MASK), | |
2384 | - 0, 0); | |
2385 | + 0, MAP_PRIVATE | MAP_EXECUTABLE); | |
58c5fc13 MT |
2386 | if (IS_ERR_VALUE(vdso_base)) { |
2387 | rc = vdso_base; | |
2388 | goto fail_mmapsem; | |
ae4e228f MT |
2389 | diff -urNp linux-2.6.33.1/arch/powerpc/kernel/vio.c linux-2.6.33.1/arch/powerpc/kernel/vio.c |
2390 | --- linux-2.6.33.1/arch/powerpc/kernel/vio.c 2010-03-15 12:09:39.000000000 -0400 | |
2391 | +++ linux-2.6.33.1/arch/powerpc/kernel/vio.c 2010-03-20 16:58:38.744562669 -0400 | |
2392 | @@ -601,11 +601,12 @@ static void vio_dma_iommu_unmap_sg(struc | |
2393 | vio_cmo_dealloc(viodev, alloc_size); | |
2394 | } | |
2395 | ||
2396 | -struct dma_map_ops vio_dma_mapping_ops = { | |
2397 | +static const struct dma_map_ops vio_dma_mapping_ops = { | |
2398 | .alloc_coherent = vio_dma_iommu_alloc_coherent, | |
2399 | .free_coherent = vio_dma_iommu_free_coherent, | |
2400 | .map_sg = vio_dma_iommu_map_sg, | |
2401 | .unmap_sg = vio_dma_iommu_unmap_sg, | |
2402 | + .dma_supported = dma_iommu_dma_supported, | |
2403 | .map_page = vio_dma_iommu_map_page, | |
2404 | .unmap_page = vio_dma_iommu_unmap_page, | |
2405 | ||
2406 | @@ -857,7 +858,6 @@ static void vio_cmo_bus_remove(struct vi | |
2407 | ||
2408 | static void vio_cmo_set_dma_ops(struct vio_dev *viodev) | |
2409 | { | |
2410 | - vio_dma_mapping_ops.dma_supported = dma_iommu_ops.dma_supported; | |
2411 | viodev->dev.archdata.dma_ops = &vio_dma_mapping_ops; | |
2412 | } | |
2413 | ||
2414 | diff -urNp linux-2.6.33.1/arch/powerpc/lib/usercopy_64.c linux-2.6.33.1/arch/powerpc/lib/usercopy_64.c | |
2415 | --- linux-2.6.33.1/arch/powerpc/lib/usercopy_64.c 2010-03-15 12:09:39.000000000 -0400 | |
2416 | +++ linux-2.6.33.1/arch/powerpc/lib/usercopy_64.c 2010-03-20 16:58:38.748775088 -0400 | |
58c5fc13 MT |
2417 | @@ -9,22 +9,6 @@ |
2418 | #include <linux/module.h> | |
2419 | #include <asm/uaccess.h> | |
2420 | ||
2421 | -unsigned long copy_from_user(void *to, const void __user *from, unsigned long n) | |
2422 | -{ | |
2423 | - if (likely(access_ok(VERIFY_READ, from, n))) | |
2424 | - n = __copy_from_user(to, from, n); | |
2425 | - else | |
2426 | - memset(to, 0, n); | |
2427 | - return n; | |
2428 | -} | |
2429 | - | |
2430 | -unsigned long copy_to_user(void __user *to, const void *from, unsigned long n) | |
2431 | -{ | |
2432 | - if (likely(access_ok(VERIFY_WRITE, to, n))) | |
2433 | - n = __copy_to_user(to, from, n); | |
2434 | - return n; | |
2435 | -} | |
2436 | - | |
2437 | unsigned long copy_in_user(void __user *to, const void __user *from, | |
2438 | unsigned long n) | |
2439 | { | |
2440 | @@ -35,7 +19,5 @@ unsigned long copy_in_user(void __user * | |
2441 | return n; | |
2442 | } | |
2443 | ||
2444 | -EXPORT_SYMBOL(copy_from_user); | |
2445 | -EXPORT_SYMBOL(copy_to_user); | |
2446 | EXPORT_SYMBOL(copy_in_user); | |
2447 | ||
ae4e228f MT |
2448 | diff -urNp linux-2.6.33.1/arch/powerpc/mm/fault.c linux-2.6.33.1/arch/powerpc/mm/fault.c |
2449 | --- linux-2.6.33.1/arch/powerpc/mm/fault.c 2010-03-15 12:09:39.000000000 -0400 | |
2450 | +++ linux-2.6.33.1/arch/powerpc/mm/fault.c 2010-03-20 16:58:38.748775088 -0400 | |
58c5fc13 MT |
2451 | @@ -30,6 +30,10 @@ |
2452 | #include <linux/kprobes.h> | |
2453 | #include <linux/kdebug.h> | |
ae4e228f | 2454 | #include <linux/perf_event.h> |
58c5fc13 MT |
2455 | +#include <linux/slab.h> |
2456 | +#include <linux/pagemap.h> | |
2457 | +#include <linux/compiler.h> | |
2458 | +#include <linux/unistd.h> | |
2459 | ||
2460 | #include <asm/firmware.h> | |
2461 | #include <asm/page.h> | |
ae4e228f | 2462 | @@ -41,6 +45,7 @@ |
58c5fc13 MT |
2463 | #include <asm/tlbflush.h> |
2464 | #include <asm/siginfo.h> | |
ae4e228f | 2465 | #include <mm/mmu_decl.h> |
58c5fc13 MT |
2466 | +#include <asm/ptrace.h> |
2467 | ||
58c5fc13 | 2468 | #ifdef CONFIG_KPROBES |
ae4e228f | 2469 | static inline int notify_page_fault(struct pt_regs *regs) |
58c5fc13 MT |
2470 | @@ -64,6 +69,33 @@ static inline int notify_page_fault(stru |
2471 | } | |
2472 | #endif | |
2473 | ||
2474 | +#ifdef CONFIG_PAX_PAGEEXEC | |
2475 | +/* | |
2476 | + * PaX: decide what to do with offenders (regs->nip = fault address) | |
2477 | + * | |
2478 | + * returns 1 when task should be killed | |
2479 | + */ | |
2480 | +static int pax_handle_fetch_fault(struct pt_regs *regs) | |
2481 | +{ | |
2482 | + return 1; | |
2483 | +} | |
2484 | + | |
2485 | +void pax_report_insns(void *pc, void *sp) | |
2486 | +{ | |
2487 | + unsigned long i; | |
2488 | + | |
2489 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
2490 | + for (i = 0; i < 5; i++) { | |
2491 | + unsigned int c; | |
ae4e228f | 2492 | + if (get_user(c, (unsigned int __user *)pc+i)) |
58c5fc13 MT |
2493 | + printk(KERN_CONT "???????? "); |
2494 | + else | |
2495 | + printk(KERN_CONT "%08x ", c); | |
2496 | + } | |
2497 | + printk("\n"); | |
2498 | +} | |
2499 | +#endif | |
2500 | + | |
2501 | /* | |
2502 | * Check whether the instruction at regs->nip is a store using | |
2503 | * an update addressing form which will update r1. | |
2504 | @@ -134,7 +166,7 @@ int __kprobes do_page_fault(struct pt_re | |
2505 | * indicate errors in DSISR but can validly be set in SRR1. | |
2506 | */ | |
2507 | if (trap == 0x400) | |
2508 | - error_code &= 0x48200000; | |
2509 | + error_code &= 0x58200000; | |
2510 | else | |
2511 | is_write = error_code & DSISR_ISSTORE; | |
2512 | #else | |
ae4e228f | 2513 | @@ -256,7 +288,7 @@ good_area: |
58c5fc13 MT |
2514 | * "undefined". Of those that can be set, this is the only |
2515 | * one which seems bad. | |
2516 | */ | |
2517 | - if (error_code & 0x10000000) | |
2518 | + if (error_code & DSISR_GUARDED) | |
2519 | /* Guarded storage error. */ | |
2520 | goto bad_area; | |
2521 | #endif /* CONFIG_8xx */ | |
ae4e228f | 2522 | @@ -271,7 +303,7 @@ good_area: |
58c5fc13 MT |
2523 | * processors use the same I/D cache coherency mechanism |
2524 | * as embedded. | |
2525 | */ | |
2526 | - if (error_code & DSISR_PROTFAULT) | |
2527 | + if (error_code & (DSISR_PROTFAULT | DSISR_GUARDED)) | |
2528 | goto bad_area; | |
2529 | #endif /* CONFIG_PPC_STD_MMU */ | |
2530 | ||
ae4e228f | 2531 | @@ -341,6 +373,23 @@ bad_area: |
58c5fc13 MT |
2532 | bad_area_nosemaphore: |
2533 | /* User mode accesses cause a SIGSEGV */ | |
2534 | if (user_mode(regs)) { | |
2535 | + | |
2536 | +#ifdef CONFIG_PAX_PAGEEXEC | |
2537 | + if (mm->pax_flags & MF_PAX_PAGEEXEC) { | |
2538 | +#ifdef CONFIG_PPC_STD_MMU | |
2539 | + if (is_exec && (error_code & (DSISR_PROTFAULT | DSISR_GUARDED))) { | |
2540 | +#else | |
2541 | + if (is_exec && regs->nip == address) { | |
2542 | +#endif | |
2543 | + switch (pax_handle_fetch_fault(regs)) { | |
2544 | + } | |
2545 | + | |
2546 | + pax_report_fault(regs, (void *)regs->nip, (void *)regs->gpr[PT_R1]); | |
2547 | + do_group_exit(SIGKILL); | |
2548 | + } | |
2549 | + } | |
2550 | +#endif | |
2551 | + | |
2552 | _exception(SIGSEGV, regs, code, address); | |
2553 | return 0; | |
2554 | } | |
ae4e228f MT |
2555 | diff -urNp linux-2.6.33.1/arch/powerpc/mm/mmap_64.c linux-2.6.33.1/arch/powerpc/mm/mmap_64.c |
2556 | --- linux-2.6.33.1/arch/powerpc/mm/mmap_64.c 2010-03-15 12:09:39.000000000 -0400 | |
2557 | +++ linux-2.6.33.1/arch/powerpc/mm/mmap_64.c 2010-03-20 16:58:38.748775088 -0400 | |
58c5fc13 MT |
2558 | @@ -99,10 +99,22 @@ void arch_pick_mmap_layout(struct mm_str |
2559 | */ | |
2560 | if (mmap_is_legacy()) { | |
2561 | mm->mmap_base = TASK_UNMAPPED_BASE; | |
2562 | + | |
2563 | +#ifdef CONFIG_PAX_RANDMMAP | |
2564 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
2565 | + mm->mmap_base += mm->delta_mmap; | |
2566 | +#endif | |
2567 | + | |
2568 | mm->get_unmapped_area = arch_get_unmapped_area; | |
2569 | mm->unmap_area = arch_unmap_area; | |
2570 | } else { | |
2571 | mm->mmap_base = mmap_base(); | |
2572 | + | |
2573 | +#ifdef CONFIG_PAX_RANDMMAP | |
2574 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
2575 | + mm->mmap_base -= mm->delta_mmap + mm->delta_stack; | |
2576 | +#endif | |
2577 | + | |
2578 | mm->get_unmapped_area = arch_get_unmapped_area_topdown; | |
2579 | mm->unmap_area = arch_unmap_area_topdown; | |
2580 | } | |
ae4e228f MT |
2581 | diff -urNp linux-2.6.33.1/arch/powerpc/mm/slice.c linux-2.6.33.1/arch/powerpc/mm/slice.c |
2582 | --- linux-2.6.33.1/arch/powerpc/mm/slice.c 2010-03-15 12:09:39.000000000 -0400 | |
2583 | +++ linux-2.6.33.1/arch/powerpc/mm/slice.c 2010-03-20 16:58:38.764771645 -0400 | |
58c5fc13 MT |
2584 | @@ -426,6 +426,11 @@ unsigned long slice_get_unmapped_area(un |
2585 | if (fixed && addr > (mm->task_size - len)) | |
2586 | return -EINVAL; | |
2587 | ||
2588 | +#ifdef CONFIG_PAX_RANDMMAP | |
2589 | + if (!fixed && (mm->pax_flags & MF_PAX_RANDMMAP)) | |
2590 | + addr = 0; | |
2591 | +#endif | |
2592 | + | |
2593 | /* If hint, make sure it matches our alignment restrictions */ | |
2594 | if (!fixed && addr) { | |
2595 | addr = _ALIGN_UP(addr, 1ul << pshift); | |
ae4e228f MT |
2596 | diff -urNp linux-2.6.33.1/arch/powerpc/platforms/52xx/lite5200_pm.c linux-2.6.33.1/arch/powerpc/platforms/52xx/lite5200_pm.c |
2597 | --- linux-2.6.33.1/arch/powerpc/platforms/52xx/lite5200_pm.c 2010-03-15 12:09:39.000000000 -0400 | |
2598 | +++ linux-2.6.33.1/arch/powerpc/platforms/52xx/lite5200_pm.c 2010-03-20 16:58:38.776769493 -0400 | |
2599 | @@ -235,7 +235,7 @@ static void lite5200_pm_end(void) | |
2600 | lite5200_pm_target_state = PM_SUSPEND_ON; | |
2601 | } | |
2602 | ||
2603 | -static struct platform_suspend_ops lite5200_pm_ops = { | |
2604 | +static const struct platform_suspend_ops lite5200_pm_ops = { | |
2605 | .valid = lite5200_pm_valid, | |
2606 | .begin = lite5200_pm_begin, | |
2607 | .prepare = lite5200_pm_prepare, | |
2608 | diff -urNp linux-2.6.33.1/arch/powerpc/platforms/52xx/mpc52xx_pm.c linux-2.6.33.1/arch/powerpc/platforms/52xx/mpc52xx_pm.c | |
2609 | --- linux-2.6.33.1/arch/powerpc/platforms/52xx/mpc52xx_pm.c 2010-03-15 12:09:39.000000000 -0400 | |
2610 | +++ linux-2.6.33.1/arch/powerpc/platforms/52xx/mpc52xx_pm.c 2010-03-20 16:58:38.776769493 -0400 | |
2611 | @@ -180,7 +180,7 @@ void mpc52xx_pm_finish(void) | |
2612 | iounmap(mbar); | |
2613 | } | |
2614 | ||
2615 | -static struct platform_suspend_ops mpc52xx_pm_ops = { | |
2616 | +static const struct platform_suspend_ops mpc52xx_pm_ops = { | |
2617 | .valid = mpc52xx_pm_valid, | |
2618 | .prepare = mpc52xx_pm_prepare, | |
2619 | .enter = mpc52xx_pm_enter, | |
2620 | diff -urNp linux-2.6.33.1/arch/powerpc/platforms/83xx/suspend.c linux-2.6.33.1/arch/powerpc/platforms/83xx/suspend.c | |
2621 | --- linux-2.6.33.1/arch/powerpc/platforms/83xx/suspend.c 2010-03-15 12:09:39.000000000 -0400 | |
2622 | +++ linux-2.6.33.1/arch/powerpc/platforms/83xx/suspend.c 2010-03-20 16:58:38.776769493 -0400 | |
2623 | @@ -311,7 +311,7 @@ static int mpc83xx_is_pci_agent(void) | |
2624 | return ret; | |
58c5fc13 MT |
2625 | } |
2626 | ||
ae4e228f MT |
2627 | -static struct platform_suspend_ops mpc83xx_suspend_ops = { |
2628 | +static const struct platform_suspend_ops mpc83xx_suspend_ops = { | |
2629 | .valid = mpc83xx_suspend_valid, | |
2630 | .begin = mpc83xx_suspend_begin, | |
2631 | .enter = mpc83xx_suspend_enter, | |
2632 | diff -urNp linux-2.6.33.1/arch/powerpc/platforms/cell/iommu.c linux-2.6.33.1/arch/powerpc/platforms/cell/iommu.c | |
2633 | --- linux-2.6.33.1/arch/powerpc/platforms/cell/iommu.c 2010-03-15 12:09:39.000000000 -0400 | |
2634 | +++ linux-2.6.33.1/arch/powerpc/platforms/cell/iommu.c 2010-03-20 16:58:38.776769493 -0400 | |
2635 | @@ -642,7 +642,7 @@ static int dma_fixed_dma_supported(struc | |
2636 | ||
2637 | static int dma_set_mask_and_switch(struct device *dev, u64 dma_mask); | |
2638 | ||
2639 | -struct dma_map_ops dma_iommu_fixed_ops = { | |
2640 | +const struct dma_map_ops dma_iommu_fixed_ops = { | |
2641 | .alloc_coherent = dma_fixed_alloc_coherent, | |
2642 | .free_coherent = dma_fixed_free_coherent, | |
2643 | .map_sg = dma_fixed_map_sg, | |
2644 | diff -urNp linux-2.6.33.1/arch/powerpc/platforms/ps3/system-bus.c linux-2.6.33.1/arch/powerpc/platforms/ps3/system-bus.c | |
2645 | --- linux-2.6.33.1/arch/powerpc/platforms/ps3/system-bus.c 2010-03-15 12:09:39.000000000 -0400 | |
2646 | +++ linux-2.6.33.1/arch/powerpc/platforms/ps3/system-bus.c 2010-03-20 16:58:38.776769493 -0400 | |
2647 | @@ -694,7 +694,7 @@ static int ps3_dma_supported(struct devi | |
2648 | return mask >= DMA_BIT_MASK(32); | |
2649 | } | |
2650 | ||
2651 | -static struct dma_map_ops ps3_sb_dma_ops = { | |
2652 | +static const struct dma_map_ops ps3_sb_dma_ops = { | |
2653 | .alloc_coherent = ps3_alloc_coherent, | |
2654 | .free_coherent = ps3_free_coherent, | |
2655 | .map_sg = ps3_sb_map_sg, | |
2656 | @@ -704,7 +704,7 @@ static struct dma_map_ops ps3_sb_dma_ops | |
2657 | .unmap_page = ps3_unmap_page, | |
58c5fc13 MT |
2658 | }; |
2659 | ||
ae4e228f MT |
2660 | -static struct dma_map_ops ps3_ioc0_dma_ops = { |
2661 | +static const struct dma_map_ops ps3_ioc0_dma_ops = { | |
2662 | .alloc_coherent = ps3_alloc_coherent, | |
2663 | .free_coherent = ps3_free_coherent, | |
2664 | .map_sg = ps3_ioc0_map_sg, | |
2665 | diff -urNp linux-2.6.33.1/arch/powerpc/sysdev/fsl_pmc.c linux-2.6.33.1/arch/powerpc/sysdev/fsl_pmc.c | |
2666 | --- linux-2.6.33.1/arch/powerpc/sysdev/fsl_pmc.c 2010-03-15 12:09:39.000000000 -0400 | |
2667 | +++ linux-2.6.33.1/arch/powerpc/sysdev/fsl_pmc.c 2010-03-20 16:58:38.784767469 -0400 | |
2668 | @@ -53,7 +53,7 @@ static int pmc_suspend_valid(suspend_sta | |
2669 | return 1; | |
58c5fc13 MT |
2670 | } |
2671 | ||
ae4e228f MT |
2672 | -static struct platform_suspend_ops pmc_suspend_ops = { |
2673 | +static const struct platform_suspend_ops pmc_suspend_ops = { | |
2674 | .valid = pmc_suspend_valid, | |
2675 | .enter = pmc_suspend_enter, | |
58c5fc13 | 2676 | }; |
ae4e228f MT |
2677 | diff -urNp linux-2.6.33.1/arch/s390/include/asm/elf.h linux-2.6.33.1/arch/s390/include/asm/elf.h |
2678 | --- linux-2.6.33.1/arch/s390/include/asm/elf.h 2010-03-15 12:09:39.000000000 -0400 | |
2679 | +++ linux-2.6.33.1/arch/s390/include/asm/elf.h 2010-03-20 16:58:38.792763717 -0400 | |
2680 | @@ -163,6 +163,13 @@ extern unsigned int vdso_enabled; | |
2681 | that it will "exec", and that there is sufficient room for the brk. */ | |
2682 | #define ELF_ET_DYN_BASE (STACK_TOP / 3 * 2) | |
58c5fc13 | 2683 | |
ae4e228f MT |
2684 | +#ifdef CONFIG_PAX_ASLR |
2685 | +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_31BIT) ? 0x10000UL : 0x80000000UL) | |
58c5fc13 | 2686 | + |
ae4e228f MT |
2687 | +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_31BIT) ? 15 : 26 ) |
2688 | +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_31BIT) ? 15 : 26 ) | |
2689 | +#endif | |
58c5fc13 | 2690 | + |
ae4e228f MT |
2691 | /* This yields a mask that user programs can use to figure out what |
2692 | instruction set this CPU supports. */ | |
58c5fc13 | 2693 | |
ae4e228f MT |
2694 | diff -urNp linux-2.6.33.1/arch/s390/include/asm/uaccess.h linux-2.6.33.1/arch/s390/include/asm/uaccess.h |
2695 | --- linux-2.6.33.1/arch/s390/include/asm/uaccess.h 2010-03-15 12:09:39.000000000 -0400 | |
2696 | +++ linux-2.6.33.1/arch/s390/include/asm/uaccess.h 2010-03-20 16:58:38.800777709 -0400 | |
2697 | @@ -234,6 +234,10 @@ static inline unsigned long __must_check | |
58c5fc13 MT |
2698 | copy_to_user(void __user *to, const void *from, unsigned long n) |
2699 | { | |
2700 | might_fault(); | |
2701 | + | |
2702 | + if ((long)n < 0) | |
2703 | + return n; | |
2704 | + | |
2705 | if (access_ok(VERIFY_WRITE, to, n)) | |
2706 | n = __copy_to_user(to, from, n); | |
2707 | return n; | |
ae4e228f | 2708 | @@ -259,6 +263,9 @@ copy_to_user(void __user *to, const void |
58c5fc13 MT |
2709 | static inline unsigned long __must_check |
2710 | __copy_from_user(void *to, const void __user *from, unsigned long n) | |
2711 | { | |
2712 | + if ((long)n < 0) | |
2713 | + return n; | |
2714 | + | |
2715 | if (__builtin_constant_p(n) && (n <= 256)) | |
2716 | return uaccess.copy_from_user_small(n, from, to); | |
2717 | else | |
ae4e228f | 2718 | @@ -285,6 +292,10 @@ static inline unsigned long __must_check |
58c5fc13 MT |
2719 | copy_from_user(void *to, const void __user *from, unsigned long n) |
2720 | { | |
2721 | might_fault(); | |
2722 | + | |
2723 | + if ((long)n < 0) | |
2724 | + return n; | |
2725 | + | |
2726 | if (access_ok(VERIFY_READ, from, n)) | |
2727 | n = __copy_from_user(to, from, n); | |
2728 | else | |
ae4e228f MT |
2729 | diff -urNp linux-2.6.33.1/arch/s390/Kconfig linux-2.6.33.1/arch/s390/Kconfig |
2730 | --- linux-2.6.33.1/arch/s390/Kconfig 2010-03-15 12:09:39.000000000 -0400 | |
2731 | +++ linux-2.6.33.1/arch/s390/Kconfig 2010-03-20 16:58:38.812766228 -0400 | |
2732 | @@ -222,13 +222,12 @@ config AUDIT_ARCH | |
2733 | ||
2734 | config S390_EXEC_PROTECT | |
2735 | bool "Data execute protection" | |
2736 | + default y | |
2737 | help | |
2738 | This option allows to enable a buffer overflow protection for user | |
2739 | - space programs and it also selects the addressing mode option above. | |
2740 | - The kernel parameter noexec=on will enable this feature and also | |
2741 | - switch the addressing modes, default is disabled. Enabling this (via | |
2742 | - kernel parameter) on machines earlier than IBM System z9-109 EC/BC | |
2743 | - will reduce system performance. | |
2744 | + space programs. | |
2745 | + Enabling this on machines earlier than IBM System z9-109 EC/BC will | |
2746 | + reduce system performance. | |
2747 | ||
2748 | comment "Code generation options" | |
2749 | ||
2750 | diff -urNp linux-2.6.33.1/arch/s390/kernel/module.c linux-2.6.33.1/arch/s390/kernel/module.c | |
2751 | --- linux-2.6.33.1/arch/s390/kernel/module.c 2010-03-15 12:09:39.000000000 -0400 | |
2752 | +++ linux-2.6.33.1/arch/s390/kernel/module.c 2010-03-20 16:58:38.824764313 -0400 | |
2753 | @@ -166,11 +166,11 @@ module_frob_arch_sections(Elf_Ehdr *hdr, | |
58c5fc13 MT |
2754 | |
2755 | /* Increase core size by size of got & plt and set start | |
2756 | offsets for got and plt. */ | |
2757 | - me->core_size = ALIGN(me->core_size, 4); | |
2758 | - me->arch.got_offset = me->core_size; | |
2759 | - me->core_size += me->arch.got_size; | |
2760 | - me->arch.plt_offset = me->core_size; | |
2761 | - me->core_size += me->arch.plt_size; | |
2762 | + me->core_size_rw = ALIGN(me->core_size_rw, 4); | |
2763 | + me->arch.got_offset = me->core_size_rw; | |
2764 | + me->core_size_rw += me->arch.got_size; | |
2765 | + me->arch.plt_offset = me->core_size_rx; | |
2766 | + me->core_size_rx += me->arch.plt_size; | |
2767 | return 0; | |
2768 | } | |
2769 | ||
ae4e228f | 2770 | @@ -256,7 +256,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base |
58c5fc13 MT |
2771 | if (info->got_initialized == 0) { |
2772 | Elf_Addr *gotent; | |
2773 | ||
2774 | - gotent = me->module_core + me->arch.got_offset + | |
2775 | + gotent = me->module_core_rw + me->arch.got_offset + | |
2776 | info->got_offset; | |
2777 | *gotent = val; | |
2778 | info->got_initialized = 1; | |
ae4e228f | 2779 | @@ -280,7 +280,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base |
58c5fc13 MT |
2780 | else if (r_type == R_390_GOTENT || |
2781 | r_type == R_390_GOTPLTENT) | |
2782 | *(unsigned int *) loc = | |
2783 | - (val + (Elf_Addr) me->module_core - loc) >> 1; | |
2784 | + (val + (Elf_Addr) me->module_core_rw - loc) >> 1; | |
2785 | else if (r_type == R_390_GOT64 || | |
2786 | r_type == R_390_GOTPLT64) | |
2787 | *(unsigned long *) loc = val; | |
ae4e228f | 2788 | @@ -294,7 +294,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base |
58c5fc13 MT |
2789 | case R_390_PLTOFF64: /* 16 bit offset from GOT to PLT. */ |
2790 | if (info->plt_initialized == 0) { | |
2791 | unsigned int *ip; | |
2792 | - ip = me->module_core + me->arch.plt_offset + | |
2793 | + ip = me->module_core_rx + me->arch.plt_offset + | |
2794 | info->plt_offset; | |
2795 | #ifndef CONFIG_64BIT | |
2796 | ip[0] = 0x0d105810; /* basr 1,0; l 1,6(1); br 1 */ | |
ae4e228f | 2797 | @@ -319,7 +319,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base |
58c5fc13 MT |
2798 | val - loc + 0xffffUL < 0x1ffffeUL) || |
2799 | (r_type == R_390_PLT32DBL && | |
2800 | val - loc + 0xffffffffULL < 0x1fffffffeULL))) | |
2801 | - val = (Elf_Addr) me->module_core + | |
2802 | + val = (Elf_Addr) me->module_core_rx + | |
2803 | me->arch.plt_offset + | |
2804 | info->plt_offset; | |
2805 | val += rela->r_addend - loc; | |
ae4e228f | 2806 | @@ -341,7 +341,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base |
58c5fc13 MT |
2807 | case R_390_GOTOFF32: /* 32 bit offset to GOT. */ |
2808 | case R_390_GOTOFF64: /* 64 bit offset to GOT. */ | |
2809 | val = val + rela->r_addend - | |
2810 | - ((Elf_Addr) me->module_core + me->arch.got_offset); | |
2811 | + ((Elf_Addr) me->module_core_rw + me->arch.got_offset); | |
2812 | if (r_type == R_390_GOTOFF16) | |
2813 | *(unsigned short *) loc = val; | |
2814 | else if (r_type == R_390_GOTOFF32) | |
ae4e228f | 2815 | @@ -351,7 +351,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base |
58c5fc13 MT |
2816 | break; |
2817 | case R_390_GOTPC: /* 32 bit PC relative offset to GOT. */ | |
2818 | case R_390_GOTPCDBL: /* 32 bit PC rel. off. to GOT shifted by 1. */ | |
2819 | - val = (Elf_Addr) me->module_core + me->arch.got_offset + | |
2820 | + val = (Elf_Addr) me->module_core_rw + me->arch.got_offset + | |
2821 | rela->r_addend - loc; | |
2822 | if (r_type == R_390_GOTPC) | |
2823 | *(unsigned int *) loc = val; | |
ae4e228f MT |
2824 | diff -urNp linux-2.6.33.1/arch/s390/kernel/setup.c linux-2.6.33.1/arch/s390/kernel/setup.c |
2825 | --- linux-2.6.33.1/arch/s390/kernel/setup.c 2010-03-15 12:09:39.000000000 -0400 | |
2826 | +++ linux-2.6.33.1/arch/s390/kernel/setup.c 2010-03-20 16:58:38.824764313 -0400 | |
2827 | @@ -298,7 +298,7 @@ static int __init early_parse_mem(char * | |
2828 | } | |
2829 | early_param("mem", early_parse_mem); | |
58c5fc13 | 2830 | |
ae4e228f MT |
2831 | -unsigned int user_mode = HOME_SPACE_MODE; |
2832 | +unsigned int user_mode = SECONDARY_SPACE_MODE; | |
2833 | EXPORT_SYMBOL_GPL(user_mode); | |
2834 | ||
2835 | static int set_amode_and_uaccess(unsigned long user_amode, | |
2836 | @@ -327,17 +327,6 @@ static int set_amode_and_uaccess(unsigne | |
2837 | } | |
2838 | } | |
2839 | ||
2840 | -/* | |
2841 | - * Switch kernel/user addressing modes? | |
2842 | - */ | |
2843 | -static int __init early_parse_switch_amode(char *p) | |
2844 | -{ | |
2845 | - if (user_mode != SECONDARY_SPACE_MODE) | |
2846 | - user_mode = PRIMARY_SPACE_MODE; | |
2847 | - return 0; | |
2848 | -} | |
2849 | -early_param("switch_amode", early_parse_switch_amode); | |
2850 | - | |
2851 | static int __init early_parse_user_mode(char *p) | |
2852 | { | |
2853 | if (p && strcmp(p, "primary") == 0) | |
2854 | @@ -354,20 +343,6 @@ static int __init early_parse_user_mode( | |
2855 | } | |
2856 | early_param("user_mode", early_parse_user_mode); | |
2857 | ||
2858 | -#ifdef CONFIG_S390_EXEC_PROTECT | |
2859 | -/* | |
2860 | - * Enable execute protection? | |
2861 | - */ | |
2862 | -static int __init early_parse_noexec(char *p) | |
2863 | -{ | |
2864 | - if (!strncmp(p, "off", 3)) | |
2865 | - return 0; | |
2866 | - user_mode = SECONDARY_SPACE_MODE; | |
2867 | - return 0; | |
2868 | -} | |
2869 | -early_param("noexec", early_parse_noexec); | |
2870 | -#endif /* CONFIG_S390_EXEC_PROTECT */ | |
2871 | - | |
2872 | static void setup_addressing_mode(void) | |
2873 | { | |
2874 | if (user_mode == SECONDARY_SPACE_MODE) { | |
2875 | diff -urNp linux-2.6.33.1/arch/s390/mm/maccess.c linux-2.6.33.1/arch/s390/mm/maccess.c | |
2876 | --- linux-2.6.33.1/arch/s390/mm/maccess.c 2010-03-15 12:09:39.000000000 -0400 | |
2877 | +++ linux-2.6.33.1/arch/s390/mm/maccess.c 2010-03-20 16:58:38.828581240 -0400 | |
2878 | @@ -45,7 +45,7 @@ static long probe_kernel_write_odd(void | |
2879 | return rc ? rc : count; | |
2880 | } | |
2881 | ||
2882 | -long probe_kernel_write(void *dst, void *src, size_t size) | |
2883 | +long probe_kernel_write(void *dst, const void *src, size_t size) | |
2884 | { | |
2885 | long copied = 0; | |
2886 | ||
2887 | diff -urNp linux-2.6.33.1/arch/s390/mm/mmap.c linux-2.6.33.1/arch/s390/mm/mmap.c | |
2888 | --- linux-2.6.33.1/arch/s390/mm/mmap.c 2010-03-15 12:09:39.000000000 -0400 | |
2889 | +++ linux-2.6.33.1/arch/s390/mm/mmap.c 2010-03-20 16:58:38.828581240 -0400 | |
2890 | @@ -78,10 +78,22 @@ void arch_pick_mmap_layout(struct mm_str | |
2891 | */ | |
2892 | if (mmap_is_legacy()) { | |
2893 | mm->mmap_base = TASK_UNMAPPED_BASE; | |
2894 | + | |
2895 | +#ifdef CONFIG_PAX_RANDMMAP | |
2896 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
2897 | + mm->mmap_base += mm->delta_mmap; | |
2898 | +#endif | |
2899 | + | |
2900 | mm->get_unmapped_area = arch_get_unmapped_area; | |
2901 | mm->unmap_area = arch_unmap_area; | |
2902 | } else { | |
2903 | mm->mmap_base = mmap_base(); | |
2904 | + | |
2905 | +#ifdef CONFIG_PAX_RANDMMAP | |
2906 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
2907 | + mm->mmap_base -= mm->delta_mmap + mm->delta_stack; | |
2908 | +#endif | |
2909 | + | |
2910 | mm->get_unmapped_area = arch_get_unmapped_area_topdown; | |
2911 | mm->unmap_area = arch_unmap_area_topdown; | |
2912 | } | |
2913 | @@ -153,10 +165,22 @@ void arch_pick_mmap_layout(struct mm_str | |
2914 | */ | |
2915 | if (mmap_is_legacy()) { | |
2916 | mm->mmap_base = TASK_UNMAPPED_BASE; | |
2917 | + | |
2918 | +#ifdef CONFIG_PAX_RANDMMAP | |
2919 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
2920 | + mm->mmap_base += mm->delta_mmap; | |
2921 | +#endif | |
2922 | + | |
2923 | mm->get_unmapped_area = s390_get_unmapped_area; | |
2924 | mm->unmap_area = arch_unmap_area; | |
2925 | } else { | |
2926 | mm->mmap_base = mmap_base(); | |
2927 | + | |
2928 | +#ifdef CONFIG_PAX_RANDMMAP | |
2929 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
2930 | + mm->mmap_base -= mm->delta_mmap + mm->delta_stack; | |
2931 | +#endif | |
2932 | + | |
2933 | mm->get_unmapped_area = s390_get_unmapped_area_topdown; | |
2934 | mm->unmap_area = arch_unmap_area_topdown; | |
2935 | } | |
2936 | diff -urNp linux-2.6.33.1/arch/sh/boards/mach-hp6xx/pm.c linux-2.6.33.1/arch/sh/boards/mach-hp6xx/pm.c | |
2937 | --- linux-2.6.33.1/arch/sh/boards/mach-hp6xx/pm.c 2010-03-15 12:09:39.000000000 -0400 | |
2938 | +++ linux-2.6.33.1/arch/sh/boards/mach-hp6xx/pm.c 2010-03-20 16:58:38.840778404 -0400 | |
2939 | @@ -143,7 +143,7 @@ static int hp6x0_pm_enter(suspend_state_ | |
2940 | return 0; | |
2941 | } | |
2942 | ||
2943 | -static struct platform_suspend_ops hp6x0_pm_ops = { | |
2944 | +static const struct platform_suspend_ops hp6x0_pm_ops = { | |
2945 | .enter = hp6x0_pm_enter, | |
2946 | .valid = suspend_valid_only_mem, | |
2947 | }; | |
2948 | diff -urNp linux-2.6.33.1/arch/sh/include/asm/dma-mapping.h linux-2.6.33.1/arch/sh/include/asm/dma-mapping.h | |
2949 | --- linux-2.6.33.1/arch/sh/include/asm/dma-mapping.h 2010-03-15 12:09:39.000000000 -0400 | |
2950 | +++ linux-2.6.33.1/arch/sh/include/asm/dma-mapping.h 2010-03-20 16:58:38.844777279 -0400 | |
2951 | @@ -1,10 +1,10 @@ | |
2952 | #ifndef __ASM_SH_DMA_MAPPING_H | |
2953 | #define __ASM_SH_DMA_MAPPING_H | |
2954 | ||
2955 | -extern struct dma_map_ops *dma_ops; | |
2956 | +extern const struct dma_map_ops *dma_ops; | |
2957 | extern void no_iommu_init(void); | |
2958 | ||
2959 | -static inline struct dma_map_ops *get_dma_ops(struct device *dev) | |
2960 | +static inline const struct dma_map_ops *get_dma_ops(struct device *dev) | |
2961 | { | |
2962 | return dma_ops; | |
2963 | } | |
2964 | @@ -14,7 +14,7 @@ static inline struct dma_map_ops *get_dm | |
2965 | ||
2966 | static inline int dma_supported(struct device *dev, u64 mask) | |
2967 | { | |
2968 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
2969 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
2970 | ||
2971 | if (ops->dma_supported) | |
2972 | return ops->dma_supported(dev, mask); | |
2973 | @@ -24,7 +24,7 @@ static inline int dma_supported(struct d | |
2974 | ||
2975 | static inline int dma_set_mask(struct device *dev, u64 mask) | |
2976 | { | |
2977 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
2978 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
2979 | ||
2980 | if (!dev->dma_mask || !dma_supported(dev, mask)) | |
2981 | return -EIO; | |
2982 | @@ -59,7 +59,7 @@ static inline int dma_get_cache_alignmen | |
2983 | ||
2984 | static inline int dma_mapping_error(struct device *dev, dma_addr_t dma_addr) | |
2985 | { | |
2986 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
2987 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
2988 | ||
2989 | if (ops->mapping_error) | |
2990 | return ops->mapping_error(dev, dma_addr); | |
2991 | @@ -70,7 +70,7 @@ static inline int dma_mapping_error(stru | |
2992 | static inline void *dma_alloc_coherent(struct device *dev, size_t size, | |
2993 | dma_addr_t *dma_handle, gfp_t gfp) | |
2994 | { | |
2995 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
2996 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
2997 | void *memory; | |
2998 | ||
2999 | if (dma_alloc_from_coherent(dev, size, dma_handle, &memory)) | |
3000 | @@ -87,7 +87,7 @@ static inline void *dma_alloc_coherent(s | |
3001 | static inline void dma_free_coherent(struct device *dev, size_t size, | |
3002 | void *vaddr, dma_addr_t dma_handle) | |
3003 | { | |
3004 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
3005 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
3006 | ||
3007 | WARN_ON(irqs_disabled()); /* for portability */ | |
3008 | ||
3009 | diff -urNp linux-2.6.33.1/arch/sh/kernel/cpu/sh4/sq.c linux-2.6.33.1/arch/sh/kernel/cpu/sh4/sq.c | |
3010 | --- linux-2.6.33.1/arch/sh/kernel/cpu/sh4/sq.c 2010-03-15 12:09:39.000000000 -0400 | |
3011 | +++ linux-2.6.33.1/arch/sh/kernel/cpu/sh4/sq.c 2010-03-20 16:58:38.848768890 -0400 | |
3012 | @@ -327,7 +327,7 @@ static struct attribute *sq_sysfs_attrs[ | |
3013 | NULL, | |
3014 | }; | |
3015 | ||
3016 | -static struct sysfs_ops sq_sysfs_ops = { | |
3017 | +static const struct sysfs_ops sq_sysfs_ops = { | |
3018 | .show = sq_sysfs_show, | |
3019 | .store = sq_sysfs_store, | |
3020 | }; | |
3021 | diff -urNp linux-2.6.33.1/arch/sh/kernel/cpu/shmobile/pm.c linux-2.6.33.1/arch/sh/kernel/cpu/shmobile/pm.c | |
3022 | --- linux-2.6.33.1/arch/sh/kernel/cpu/shmobile/pm.c 2010-03-15 12:09:39.000000000 -0400 | |
3023 | +++ linux-2.6.33.1/arch/sh/kernel/cpu/shmobile/pm.c 2010-03-20 16:58:38.852765354 -0400 | |
3024 | @@ -140,7 +140,7 @@ static int sh_pm_enter(suspend_state_t s | |
3025 | return 0; | |
3026 | } | |
3027 | ||
3028 | -static struct platform_suspend_ops sh_pm_ops = { | |
3029 | +static const struct platform_suspend_ops sh_pm_ops = { | |
3030 | .enter = sh_pm_enter, | |
3031 | .valid = suspend_valid_only_mem, | |
3032 | }; | |
3033 | diff -urNp linux-2.6.33.1/arch/sh/kernel/dma-nommu.c linux-2.6.33.1/arch/sh/kernel/dma-nommu.c | |
3034 | --- linux-2.6.33.1/arch/sh/kernel/dma-nommu.c 2010-03-15 12:09:39.000000000 -0400 | |
3035 | +++ linux-2.6.33.1/arch/sh/kernel/dma-nommu.c 2010-03-20 16:58:38.852765354 -0400 | |
3036 | @@ -62,7 +62,7 @@ static void nommu_sync_sg(struct device | |
3037 | } | |
3038 | #endif | |
3039 | ||
3040 | -struct dma_map_ops nommu_dma_ops = { | |
3041 | +const struct dma_map_ops nommu_dma_ops = { | |
3042 | .alloc_coherent = dma_generic_alloc_coherent, | |
3043 | .free_coherent = dma_generic_free_coherent, | |
3044 | .map_page = nommu_map_page, | |
3045 | diff -urNp linux-2.6.33.1/arch/sh/kernel/kgdb.c linux-2.6.33.1/arch/sh/kernel/kgdb.c | |
3046 | --- linux-2.6.33.1/arch/sh/kernel/kgdb.c 2010-03-15 12:09:39.000000000 -0400 | |
3047 | +++ linux-2.6.33.1/arch/sh/kernel/kgdb.c 2010-03-20 16:58:38.856769610 -0400 | |
3048 | @@ -271,7 +271,7 @@ void kgdb_arch_exit(void) | |
3049 | { | |
3050 | } | |
3051 | ||
3052 | -struct kgdb_arch arch_kgdb_ops = { | |
3053 | +const struct kgdb_arch arch_kgdb_ops = { | |
3054 | /* Breakpoint instruction: trapa #0x3c */ | |
3055 | #ifdef CONFIG_CPU_LITTLE_ENDIAN | |
3056 | .gdb_bpt_instr = { 0x3c, 0xc3 }, | |
3057 | diff -urNp linux-2.6.33.1/arch/sh/mm/consistent.c linux-2.6.33.1/arch/sh/mm/consistent.c | |
3058 | --- linux-2.6.33.1/arch/sh/mm/consistent.c 2010-03-15 12:09:39.000000000 -0400 | |
3059 | +++ linux-2.6.33.1/arch/sh/mm/consistent.c 2010-03-20 16:58:38.860748595 -0400 | |
3060 | @@ -21,7 +21,7 @@ | |
3061 | ||
3062 | #define PREALLOC_DMA_DEBUG_ENTRIES 4096 | |
3063 | ||
3064 | -struct dma_map_ops *dma_ops; | |
3065 | +const struct dma_map_ops *dma_ops; | |
3066 | EXPORT_SYMBOL(dma_ops); | |
3067 | ||
3068 | static int __init dma_init(void) | |
3069 | diff -urNp linux-2.6.33.1/arch/sparc/include/asm/atomic_64.h linux-2.6.33.1/arch/sparc/include/asm/atomic_64.h | |
3070 | --- linux-2.6.33.1/arch/sparc/include/asm/atomic_64.h 2010-03-15 12:09:39.000000000 -0400 | |
3071 | +++ linux-2.6.33.1/arch/sparc/include/asm/atomic_64.h 2010-03-20 16:58:38.860748595 -0400 | |
3072 | @@ -14,18 +14,38 @@ | |
58c5fc13 MT |
3073 | #define ATOMIC64_INIT(i) { (i) } |
3074 | ||
3075 | #define atomic_read(v) ((v)->counter) | |
ae4e228f MT |
3076 | +static inline int atomic_read_unchecked(const atomic_unchecked_t *v) |
3077 | +{ | |
3078 | + return v->counter; | |
3079 | +} | |
58c5fc13 | 3080 | #define atomic64_read(v) ((v)->counter) |
ae4e228f MT |
3081 | +static inline long atomic64_read_unchecked(const atomic64_unchecked_t *v) |
3082 | +{ | |
3083 | + return v->counter; | |
3084 | +} | |
58c5fc13 MT |
3085 | |
3086 | #define atomic_set(v, i) (((v)->counter) = i) | |
ae4e228f MT |
3087 | +static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i) |
3088 | +{ | |
3089 | + v->counter = i; | |
3090 | +} | |
58c5fc13 | 3091 | #define atomic64_set(v, i) (((v)->counter) = i) |
ae4e228f MT |
3092 | +static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long i) |
3093 | +{ | |
3094 | + v->counter = i; | |
3095 | +} | |
58c5fc13 MT |
3096 | |
3097 | extern void atomic_add(int, atomic_t *); | |
3098 | +extern void atomic_add_unchecked(int, atomic_unchecked_t *); | |
3099 | extern void atomic64_add(int, atomic64_t *); | |
ae4e228f | 3100 | +extern void atomic64_add_unchecked(int, atomic64_unchecked_t *); |
58c5fc13 MT |
3101 | extern void atomic_sub(int, atomic_t *); |
3102 | +extern void atomic_sub_unchecked(int, atomic_unchecked_t *); | |
3103 | extern void atomic64_sub(int, atomic64_t *); | |
3104 | ||
3105 | extern int atomic_add_ret(int, atomic_t *); | |
ae4e228f MT |
3106 | extern int atomic64_add_ret(int, atomic64_t *); |
3107 | +extern int atomic64_add_ret_unchecked(int, atomic64_unchecked_t *); | |
3108 | extern int atomic_sub_ret(int, atomic_t *); | |
3109 | extern int atomic64_sub_ret(int, atomic64_t *); | |
3110 | ||
3111 | @@ -34,6 +54,7 @@ extern int atomic64_sub_ret(int, atomic6 | |
3112 | ||
3113 | #define atomic_inc_return(v) atomic_add_ret(1, v) | |
3114 | #define atomic64_inc_return(v) atomic64_add_ret(1, v) | |
3115 | +#define atomic64_inc_return_unchecked(v) atomic64_add_ret_unchecked(1, v) | |
3116 | ||
3117 | #define atomic_sub_return(i, v) atomic_sub_ret(i, v) | |
3118 | #define atomic64_sub_return(i, v) atomic64_sub_ret(i, v) | |
3119 | @@ -59,7 +80,15 @@ extern int atomic64_sub_ret(int, atomic6 | |
58c5fc13 MT |
3120 | #define atomic64_dec_and_test(v) (atomic64_sub_ret(1, v) == 0) |
3121 | ||
3122 | #define atomic_inc(v) atomic_add(1, v) | |
ae4e228f MT |
3123 | +static inline void atomic_inc_unchecked(atomic_unchecked_t *v) |
3124 | +{ | |
3125 | + atomic_add_unchecked(1, v); | |
3126 | +} | |
58c5fc13 | 3127 | #define atomic64_inc(v) atomic64_add(1, v) |
ae4e228f MT |
3128 | +static inline void atomic64_inc_unchecked(atomic64_unchecked_t *v) |
3129 | +{ | |
3130 | + atomic64_add_unchecked(1, v); | |
3131 | +} | |
58c5fc13 MT |
3132 | |
3133 | #define atomic_dec(v) atomic_sub(1, v) | |
ae4e228f MT |
3134 | #define atomic64_dec(v) atomic64_sub(1, v) |
3135 | @@ -72,17 +101,28 @@ extern int atomic64_sub_ret(int, atomic6 | |
58c5fc13 MT |
3136 | |
3137 | static inline int atomic_add_unless(atomic_t *v, int a, int u) | |
3138 | { | |
3139 | - int c, old; | |
3140 | + int c, old, new; | |
3141 | c = atomic_read(v); | |
3142 | for (;;) { | |
3143 | - if (unlikely(c == (u))) | |
3144 | + if (unlikely(c == u)) | |
3145 | break; | |
3146 | - old = atomic_cmpxchg((v), c, c + (a)); | |
3147 | + | |
3148 | + asm volatile("addcc %2, %0, %0\n" | |
3149 | + | |
3150 | +#ifdef CONFIG_PAX_REFCOUNT | |
3151 | + "tvs %%icc, 6\n" | |
3152 | +#endif | |
3153 | + | |
3154 | + : "=r" (new) | |
3155 | + : "0" (c), "ir" (a) | |
3156 | + : "cc"); | |
3157 | + | |
3158 | + old = atomic_cmpxchg(v, c, new); | |
3159 | if (likely(old == c)) | |
3160 | break; | |
3161 | c = old; | |
3162 | } | |
3163 | - return c != (u); | |
3164 | + return c != u; | |
3165 | } | |
3166 | ||
3167 | #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0) | |
ae4e228f | 3168 | @@ -93,17 +133,28 @@ static inline int atomic_add_unless(atom |
58c5fc13 MT |
3169 | |
3170 | static inline int atomic64_add_unless(atomic64_t *v, long a, long u) | |
3171 | { | |
3172 | - long c, old; | |
3173 | + long c, old, new; | |
3174 | c = atomic64_read(v); | |
3175 | for (;;) { | |
3176 | - if (unlikely(c == (u))) | |
3177 | + if (unlikely(c == u)) | |
3178 | break; | |
3179 | - old = atomic64_cmpxchg((v), c, c + (a)); | |
3180 | + | |
3181 | + asm volatile("addcc %2, %0, %0\n" | |
3182 | + | |
3183 | +#ifdef CONFIG_PAX_REFCOUNT | |
3184 | + "tvs %%xcc, 6\n" | |
3185 | +#endif | |
3186 | + | |
3187 | + : "=r" (new) | |
3188 | + : "0" (c), "ir" (a) | |
3189 | + : "cc"); | |
3190 | + | |
3191 | + old = atomic64_cmpxchg(v, c, new); | |
3192 | if (likely(old == c)) | |
3193 | break; | |
3194 | c = old; | |
3195 | } | |
3196 | - return c != (u); | |
3197 | + return c != u; | |
3198 | } | |
3199 | ||
3200 | #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) | |
ae4e228f MT |
3201 | diff -urNp linux-2.6.33.1/arch/sparc/include/asm/dma-mapping.h linux-2.6.33.1/arch/sparc/include/asm/dma-mapping.h |
3202 | --- linux-2.6.33.1/arch/sparc/include/asm/dma-mapping.h 2010-03-15 12:09:39.000000000 -0400 | |
3203 | +++ linux-2.6.33.1/arch/sparc/include/asm/dma-mapping.h 2010-03-20 16:58:38.881211488 -0400 | |
3204 | @@ -14,10 +14,10 @@ extern int dma_set_mask(struct device *d | |
3205 | #define dma_free_noncoherent(d, s, v, h) dma_free_coherent(d, s, v, h) | |
3206 | #define dma_is_consistent(d, h) (1) | |
3207 | ||
3208 | -extern struct dma_map_ops *dma_ops, pci32_dma_ops; | |
3209 | +extern struct const dma_map_ops *dma_ops, pci32_dma_ops; | |
3210 | extern struct bus_type pci_bus_type; | |
3211 | ||
3212 | -static inline struct dma_map_ops *get_dma_ops(struct device *dev) | |
3213 | +static inline const struct dma_map_ops *get_dma_ops(struct device *dev) | |
3214 | { | |
3215 | #if defined(CONFIG_SPARC32) && defined(CONFIG_PCI) | |
3216 | if (dev->bus == &pci_bus_type) | |
3217 | @@ -31,7 +31,7 @@ static inline struct dma_map_ops *get_dm | |
3218 | static inline void *dma_alloc_coherent(struct device *dev, size_t size, | |
3219 | dma_addr_t *dma_handle, gfp_t flag) | |
3220 | { | |
3221 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
3222 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
3223 | void *cpu_addr; | |
3224 | ||
3225 | cpu_addr = ops->alloc_coherent(dev, size, dma_handle, flag); | |
3226 | @@ -42,7 +42,7 @@ static inline void *dma_alloc_coherent(s | |
3227 | static inline void dma_free_coherent(struct device *dev, size_t size, | |
3228 | void *cpu_addr, dma_addr_t dma_handle) | |
3229 | { | |
3230 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
3231 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
3232 | ||
3233 | debug_dma_free_coherent(dev, size, cpu_addr, dma_handle); | |
3234 | ops->free_coherent(dev, size, cpu_addr, dma_handle); | |
3235 | diff -urNp linux-2.6.33.1/arch/sparc/include/asm/elf_32.h linux-2.6.33.1/arch/sparc/include/asm/elf_32.h | |
3236 | --- linux-2.6.33.1/arch/sparc/include/asm/elf_32.h 2010-03-15 12:09:39.000000000 -0400 | |
3237 | +++ linux-2.6.33.1/arch/sparc/include/asm/elf_32.h 2010-03-20 16:58:38.884769570 -0400 | |
3238 | @@ -114,6 +114,13 @@ typedef struct { | |
58c5fc13 MT |
3239 | |
3240 | #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE) | |
3241 | ||
3242 | +#ifdef CONFIG_PAX_ASLR | |
3243 | +#define PAX_ELF_ET_DYN_BASE 0x10000UL | |
3244 | + | |
3245 | +#define PAX_DELTA_MMAP_LEN 16 | |
3246 | +#define PAX_DELTA_STACK_LEN 16 | |
3247 | +#endif | |
3248 | + | |
3249 | /* This yields a mask that user programs can use to figure out what | |
3250 | instruction set this cpu supports. This can NOT be done in userspace | |
3251 | on Sparc. */ | |
ae4e228f MT |
3252 | diff -urNp linux-2.6.33.1/arch/sparc/include/asm/elf_64.h linux-2.6.33.1/arch/sparc/include/asm/elf_64.h |
3253 | --- linux-2.6.33.1/arch/sparc/include/asm/elf_64.h 2010-03-15 12:09:39.000000000 -0400 | |
3254 | +++ linux-2.6.33.1/arch/sparc/include/asm/elf_64.h 2010-03-20 16:58:38.892779813 -0400 | |
3255 | @@ -162,6 +162,12 @@ typedef struct { | |
58c5fc13 MT |
3256 | #define ELF_ET_DYN_BASE 0x0000010000000000UL |
3257 | #define COMPAT_ELF_ET_DYN_BASE 0x0000000070000000UL | |
3258 | ||
3259 | +#ifdef CONFIG_PAX_ASLR | |
3260 | +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT) ? 0x10000UL : 0x100000UL) | |
3261 | + | |
ae4e228f MT |
3262 | +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT) ? 14 : 28) |
3263 | +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT) ? 15 : 29) | |
58c5fc13 MT |
3264 | +#endif |
3265 | ||
3266 | /* This yields a mask that user programs can use to figure out what | |
3267 | instruction set this cpu supports. */ | |
ae4e228f MT |
3268 | diff -urNp linux-2.6.33.1/arch/sparc/include/asm/pgtable_32.h linux-2.6.33.1/arch/sparc/include/asm/pgtable_32.h |
3269 | --- linux-2.6.33.1/arch/sparc/include/asm/pgtable_32.h 2010-03-15 12:09:39.000000000 -0400 | |
3270 | +++ linux-2.6.33.1/arch/sparc/include/asm/pgtable_32.h 2010-03-20 16:58:38.892779813 -0400 | |
58c5fc13 MT |
3271 | @@ -43,6 +43,13 @@ BTFIXUPDEF_SIMM13(user_ptrs_per_pgd) |
3272 | BTFIXUPDEF_INT(page_none) | |
3273 | BTFIXUPDEF_INT(page_copy) | |
3274 | BTFIXUPDEF_INT(page_readonly) | |
3275 | + | |
3276 | +#ifdef CONFIG_PAX_PAGEEXEC | |
3277 | +BTFIXUPDEF_INT(page_shared_noexec) | |
3278 | +BTFIXUPDEF_INT(page_copy_noexec) | |
3279 | +BTFIXUPDEF_INT(page_readonly_noexec) | |
3280 | +#endif | |
3281 | + | |
3282 | BTFIXUPDEF_INT(page_kernel) | |
3283 | ||
3284 | #define PMD_SHIFT SUN4C_PMD_SHIFT | |
3285 | @@ -64,6 +71,16 @@ extern pgprot_t PAGE_SHARED; | |
3286 | #define PAGE_COPY __pgprot(BTFIXUP_INT(page_copy)) | |
3287 | #define PAGE_READONLY __pgprot(BTFIXUP_INT(page_readonly)) | |
3288 | ||
3289 | +#ifdef CONFIG_PAX_PAGEEXEC | |
3290 | +extern pgprot_t PAGE_SHARED_NOEXEC; | |
3291 | +# define PAGE_COPY_NOEXEC __pgprot(BTFIXUP_INT(page_copy_noexec)) | |
3292 | +# define PAGE_READONLY_NOEXEC __pgprot(BTFIXUP_INT(page_readonly_noexec)) | |
3293 | +#else | |
3294 | +# define PAGE_SHARED_NOEXEC PAGE_SHARED | |
3295 | +# define PAGE_COPY_NOEXEC PAGE_COPY | |
3296 | +# define PAGE_READONLY_NOEXEC PAGE_READONLY | |
3297 | +#endif | |
3298 | + | |
3299 | extern unsigned long page_kernel; | |
3300 | ||
3301 | #ifdef MODULE | |
ae4e228f MT |
3302 | diff -urNp linux-2.6.33.1/arch/sparc/include/asm/pgtsrmmu.h linux-2.6.33.1/arch/sparc/include/asm/pgtsrmmu.h |
3303 | --- linux-2.6.33.1/arch/sparc/include/asm/pgtsrmmu.h 2010-03-15 12:09:39.000000000 -0400 | |
3304 | +++ linux-2.6.33.1/arch/sparc/include/asm/pgtsrmmu.h 2010-03-20 16:58:38.917006269 -0400 | |
58c5fc13 MT |
3305 | @@ -115,6 +115,13 @@ |
3306 | SRMMU_EXEC | SRMMU_REF) | |
3307 | #define SRMMU_PAGE_RDONLY __pgprot(SRMMU_VALID | SRMMU_CACHE | \ | |
3308 | SRMMU_EXEC | SRMMU_REF) | |
3309 | + | |
3310 | +#ifdef CONFIG_PAX_PAGEEXEC | |
3311 | +#define SRMMU_PAGE_SHARED_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_WRITE | SRMMU_REF) | |
3312 | +#define SRMMU_PAGE_COPY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF) | |
3313 | +#define SRMMU_PAGE_RDONLY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF) | |
3314 | +#endif | |
3315 | + | |
3316 | #define SRMMU_PAGE_KERNEL __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_PRIV | \ | |
3317 | SRMMU_DIRTY | SRMMU_REF) | |
3318 | ||
ae4e228f MT |
3319 | diff -urNp linux-2.6.33.1/arch/sparc/include/asm/spinlock_64.h linux-2.6.33.1/arch/sparc/include/asm/spinlock_64.h |
3320 | --- linux-2.6.33.1/arch/sparc/include/asm/spinlock_64.h 2010-03-15 12:09:39.000000000 -0400 | |
3321 | +++ linux-2.6.33.1/arch/sparc/include/asm/spinlock_64.h 2010-03-20 16:58:38.917006269 -0400 | |
3322 | @@ -99,7 +99,12 @@ static void inline arch_read_lock(arch_r | |
58c5fc13 MT |
3323 | __asm__ __volatile__ ( |
3324 | "1: ldsw [%2], %0\n" | |
3325 | " brlz,pn %0, 2f\n" | |
3326 | -"4: add %0, 1, %1\n" | |
3327 | +"4: addcc %0, 1, %1\n" | |
3328 | + | |
3329 | +#ifdef CONFIG_PAX_REFCOUNT | |
3330 | +" tvs %%icc, 6\n" | |
3331 | +#endif | |
3332 | + | |
3333 | " cas [%2], %0, %1\n" | |
3334 | " cmp %0, %1\n" | |
3335 | " bne,pn %%icc, 1b\n" | |
ae4e228f | 3336 | @@ -112,7 +117,7 @@ static void inline arch_read_lock(arch_r |
58c5fc13 MT |
3337 | " .previous" |
3338 | : "=&r" (tmp1), "=&r" (tmp2) | |
3339 | : "r" (lock) | |
3340 | - : "memory"); | |
3341 | + : "memory", "cc"); | |
3342 | } | |
3343 | ||
ae4e228f MT |
3344 | static int inline arch_read_trylock(arch_rwlock_t *lock) |
3345 | @@ -123,7 +128,12 @@ static int inline arch_read_trylock(arch | |
58c5fc13 MT |
3346 | "1: ldsw [%2], %0\n" |
3347 | " brlz,a,pn %0, 2f\n" | |
3348 | " mov 0, %0\n" | |
3349 | -" add %0, 1, %1\n" | |
3350 | +" addcc %0, 1, %1\n" | |
3351 | + | |
3352 | +#ifdef CONFIG_PAX_REFCOUNT | |
3353 | +" tvs %%icc, 6\n" | |
3354 | +#endif | |
3355 | + | |
3356 | " cas [%2], %0, %1\n" | |
3357 | " cmp %0, %1\n" | |
3358 | " bne,pn %%icc, 1b\n" | |
ae4e228f | 3359 | @@ -142,7 +152,12 @@ static void inline arch_read_unlock(arch |
58c5fc13 MT |
3360 | |
3361 | __asm__ __volatile__( | |
3362 | "1: lduw [%2], %0\n" | |
3363 | -" sub %0, 1, %1\n" | |
3364 | +" subcc %0, 1, %1\n" | |
3365 | + | |
3366 | +#ifdef CONFIG_PAX_REFCOUNT | |
ae4e228f | 3367 | +" tvs %%icc, 6\n" |
58c5fc13 MT |
3368 | +#endif |
3369 | + | |
3370 | " cas [%2], %0, %1\n" | |
3371 | " cmp %0, %1\n" | |
3372 | " bne,pn %%xcc, 1b\n" | |
ae4e228f MT |
3373 | diff -urNp linux-2.6.33.1/arch/sparc/include/asm/uaccess_32.h linux-2.6.33.1/arch/sparc/include/asm/uaccess_32.h |
3374 | --- linux-2.6.33.1/arch/sparc/include/asm/uaccess_32.h 2010-03-15 12:09:39.000000000 -0400 | |
3375 | +++ linux-2.6.33.1/arch/sparc/include/asm/uaccess_32.h 2010-03-20 16:58:38.917006269 -0400 | |
3376 | @@ -249,14 +249,25 @@ extern unsigned long __copy_user(void __ | |
58c5fc13 MT |
3377 | |
3378 | static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n) | |
3379 | { | |
3380 | - if (n && __access_ok((unsigned long) to, n)) | |
3381 | + if ((long)n < 0) | |
3382 | + return n; | |
3383 | + | |
3384 | + if (n && __access_ok((unsigned long) to, n)) { | |
3385 | + if (!__builtin_constant_p(n)) | |
3386 | + check_object_size(from, n, true); | |
3387 | return __copy_user(to, (__force void __user *) from, n); | |
3388 | - else | |
3389 | + } else | |
3390 | return n; | |
3391 | } | |
3392 | ||
3393 | static inline unsigned long __copy_to_user(void __user *to, const void *from, unsigned long n) | |
3394 | { | |
3395 | + if ((long)n < 0) | |
3396 | + return n; | |
3397 | + | |
3398 | + if (!__builtin_constant_p(n)) | |
3399 | + check_object_size(from, n, true); | |
3400 | + | |
3401 | return __copy_user(to, (__force void __user *) from, n); | |
3402 | } | |
3403 | ||
ae4e228f | 3404 | @@ -272,19 +283,27 @@ static inline unsigned long copy_from_us |
58c5fc13 | 3405 | { |
ae4e228f MT |
3406 | int sz = __compiletime_object_size(to); |
3407 | ||
58c5fc13 MT |
3408 | + if ((long)n < 0) |
3409 | + return n; | |
3410 | + | |
ae4e228f MT |
3411 | if (unlikely(sz != -1 && sz < n)) { |
3412 | copy_from_user_overflow(); | |
3413 | return n; | |
3414 | } | |
3415 | ||
3416 | - if (n && __access_ok((unsigned long) from, n)) | |
58c5fc13 MT |
3417 | + if (n && __access_ok((unsigned long) from, n)) { |
3418 | + if (!__builtin_constant_p(n)) | |
3419 | + check_object_size(to, n, false); | |
3420 | return __copy_user((__force void __user *) to, from, n); | |
3421 | - else | |
3422 | + } else | |
3423 | return n; | |
3424 | } | |
3425 | ||
3426 | static inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) | |
3427 | { | |
3428 | + if ((long)n < 0) | |
3429 | + return n; | |
58c5fc13 MT |
3430 | + |
3431 | return __copy_user((__force void __user *) to, from, n); | |
3432 | } | |
3433 | ||
ae4e228f MT |
3434 | diff -urNp linux-2.6.33.1/arch/sparc/include/asm/uaccess_64.h linux-2.6.33.1/arch/sparc/include/asm/uaccess_64.h |
3435 | --- linux-2.6.33.1/arch/sparc/include/asm/uaccess_64.h 2010-03-15 12:09:39.000000000 -0400 | |
3436 | +++ linux-2.6.33.1/arch/sparc/include/asm/uaccess_64.h 2010-03-20 16:58:38.924784570 -0400 | |
3437 | @@ -10,6 +10,7 @@ | |
3438 | #include <linux/compiler.h> | |
3439 | #include <linux/string.h> | |
3440 | #include <linux/thread_info.h> | |
3441 | +#include <linux/kernel.h> | |
3442 | #include <asm/asi.h> | |
3443 | #include <asm/system.h> | |
3444 | #include <asm/spitfire.h> | |
3445 | @@ -204,6 +205,7 @@ __asm__ __volatile__( \ | |
3446 | : "=r" (x) : "r" (__m(addr)), "i" (retval)) | |
3447 | ||
3448 | extern int __get_user_bad(void); | |
3449 | +extern void check_object_size(const void *ptr, unsigned long n, bool to); | |
3450 | ||
3451 | extern void copy_from_user_overflow(void) | |
3452 | #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS | |
3453 | @@ -224,6 +226,12 @@ copy_from_user(void *to, const void __us | |
3454 | int sz = __compiletime_object_size(to); | |
3455 | unsigned long ret = size; | |
3456 | ||
3457 | + if ((long)size < 0 || size > INT_MAX) | |
58c5fc13 MT |
3458 | + return size; |
3459 | + | |
3460 | + if (!__builtin_constant_p(size)) | |
3461 | + check_object_size(to, size, false); | |
3462 | + | |
ae4e228f MT |
3463 | if (likely(sz == -1 || sz >= size)) { |
3464 | ret = ___copy_from_user(to, from, size); | |
3465 | if (unlikely(ret)) | |
3466 | @@ -243,8 +251,15 @@ extern unsigned long copy_to_user_fixup( | |
58c5fc13 MT |
3467 | static inline unsigned long __must_check |
3468 | copy_to_user(void __user *to, const void *from, unsigned long size) | |
3469 | { | |
3470 | - unsigned long ret = ___copy_to_user(to, from, size); | |
3471 | + unsigned long ret; | |
3472 | + | |
ae4e228f | 3473 | + if ((long)size < 0 || size > INT_MAX) |
58c5fc13 MT |
3474 | + return size; |
3475 | + | |
3476 | + if (!__builtin_constant_p(size)) | |
3477 | + check_object_size(from, size, true); | |
58c5fc13 | 3478 | |
ae4e228f | 3479 | + ret = ___copy_to_user(to, from, size); |
58c5fc13 MT |
3480 | if (unlikely(ret)) |
3481 | ret = copy_to_user_fixup(to, from, size); | |
ae4e228f MT |
3482 | return ret; |
3483 | diff -urNp linux-2.6.33.1/arch/sparc/kernel/iommu.c linux-2.6.33.1/arch/sparc/kernel/iommu.c | |
3484 | --- linux-2.6.33.1/arch/sparc/kernel/iommu.c 2010-03-15 12:09:39.000000000 -0400 | |
3485 | +++ linux-2.6.33.1/arch/sparc/kernel/iommu.c 2010-03-20 16:58:38.928788728 -0400 | |
3486 | @@ -827,7 +827,7 @@ static void dma_4u_sync_sg_for_cpu(struc | |
3487 | spin_unlock_irqrestore(&iommu->lock, flags); | |
3488 | } | |
3489 | ||
3490 | -static struct dma_map_ops sun4u_dma_ops = { | |
3491 | +static const struct dma_map_ops sun4u_dma_ops = { | |
3492 | .alloc_coherent = dma_4u_alloc_coherent, | |
3493 | .free_coherent = dma_4u_free_coherent, | |
3494 | .map_page = dma_4u_map_page, | |
3495 | @@ -838,7 +838,7 @@ static struct dma_map_ops sun4u_dma_ops | |
3496 | .sync_sg_for_cpu = dma_4u_sync_sg_for_cpu, | |
3497 | }; | |
3498 | ||
3499 | -struct dma_map_ops *dma_ops = &sun4u_dma_ops; | |
3500 | +const struct dma_map_ops *dma_ops = &sun4u_dma_ops; | |
3501 | EXPORT_SYMBOL(dma_ops); | |
3502 | ||
3503 | extern int pci64_dma_supported(struct pci_dev *pdev, u64 device_mask); | |
3504 | diff -urNp linux-2.6.33.1/arch/sparc/kernel/ioport.c linux-2.6.33.1/arch/sparc/kernel/ioport.c | |
3505 | --- linux-2.6.33.1/arch/sparc/kernel/ioport.c 2010-03-15 12:09:39.000000000 -0400 | |
3506 | +++ linux-2.6.33.1/arch/sparc/kernel/ioport.c 2010-03-20 16:58:38.940791948 -0400 | |
3507 | @@ -397,7 +397,7 @@ static void sbus_sync_sg_for_device(stru | |
3508 | BUG(); | |
3509 | } | |
3510 | ||
3511 | -struct dma_map_ops sbus_dma_ops = { | |
3512 | +const struct dma_map_ops sbus_dma_ops = { | |
3513 | .alloc_coherent = sbus_alloc_coherent, | |
3514 | .free_coherent = sbus_free_coherent, | |
3515 | .map_page = sbus_map_page, | |
3516 | @@ -408,7 +408,7 @@ struct dma_map_ops sbus_dma_ops = { | |
3517 | .sync_sg_for_device = sbus_sync_sg_for_device, | |
3518 | }; | |
3519 | ||
3520 | -struct dma_map_ops *dma_ops = &sbus_dma_ops; | |
3521 | +const struct dma_map_ops *dma_ops = &sbus_dma_ops; | |
3522 | EXPORT_SYMBOL(dma_ops); | |
3523 | ||
3524 | static int __init sparc_register_ioport(void) | |
3525 | @@ -645,7 +645,7 @@ static void pci32_sync_sg_for_device(str | |
3526 | } | |
3527 | } | |
3528 | ||
3529 | -struct dma_map_ops pci32_dma_ops = { | |
3530 | +const struct dma_map_ops pci32_dma_ops = { | |
3531 | .alloc_coherent = pci32_alloc_coherent, | |
3532 | .free_coherent = pci32_free_coherent, | |
3533 | .map_page = pci32_map_page, | |
3534 | diff -urNp linux-2.6.33.1/arch/sparc/kernel/kgdb_32.c linux-2.6.33.1/arch/sparc/kernel/kgdb_32.c | |
3535 | --- linux-2.6.33.1/arch/sparc/kernel/kgdb_32.c 2010-03-15 12:09:39.000000000 -0400 | |
3536 | +++ linux-2.6.33.1/arch/sparc/kernel/kgdb_32.c 2010-03-20 16:58:38.940791948 -0400 | |
3537 | @@ -158,7 +158,7 @@ void kgdb_arch_exit(void) | |
3538 | { | |
3539 | } | |
3540 | ||
3541 | -struct kgdb_arch arch_kgdb_ops = { | |
3542 | +const struct kgdb_arch arch_kgdb_ops = { | |
3543 | /* Breakpoint instruction: ta 0x7d */ | |
3544 | .gdb_bpt_instr = { 0x91, 0xd0, 0x20, 0x7d }, | |
3545 | }; | |
3546 | diff -urNp linux-2.6.33.1/arch/sparc/kernel/kgdb_64.c linux-2.6.33.1/arch/sparc/kernel/kgdb_64.c | |
3547 | --- linux-2.6.33.1/arch/sparc/kernel/kgdb_64.c 2010-03-15 12:09:39.000000000 -0400 | |
3548 | +++ linux-2.6.33.1/arch/sparc/kernel/kgdb_64.c 2010-03-20 16:58:38.940791948 -0400 | |
3549 | @@ -180,7 +180,7 @@ void kgdb_arch_exit(void) | |
3550 | { | |
3551 | } | |
3552 | ||
3553 | -struct kgdb_arch arch_kgdb_ops = { | |
3554 | +const struct kgdb_arch arch_kgdb_ops = { | |
3555 | /* Breakpoint instruction: ta 0x72 */ | |
3556 | .gdb_bpt_instr = { 0x91, 0xd0, 0x20, 0x72 }, | |
3557 | }; | |
3558 | diff -urNp linux-2.6.33.1/arch/sparc/kernel/Makefile linux-2.6.33.1/arch/sparc/kernel/Makefile | |
3559 | --- linux-2.6.33.1/arch/sparc/kernel/Makefile 2010-03-15 12:09:39.000000000 -0400 | |
3560 | +++ linux-2.6.33.1/arch/sparc/kernel/Makefile 2010-03-20 16:58:38.944776638 -0400 | |
58c5fc13 MT |
3561 | @@ -3,7 +3,7 @@ |
3562 | # | |
3563 | ||
3564 | asflags-y := -ansi | |
3565 | -ccflags-y := -Werror | |
3566 | +#ccflags-y := -Werror | |
3567 | ||
3568 | extra-y := head_$(BITS).o | |
3569 | extra-y += init_task.o | |
ae4e228f MT |
3570 | diff -urNp linux-2.6.33.1/arch/sparc/kernel/pci_sun4v.c linux-2.6.33.1/arch/sparc/kernel/pci_sun4v.c |
3571 | --- linux-2.6.33.1/arch/sparc/kernel/pci_sun4v.c 2010-03-15 12:09:39.000000000 -0400 | |
3572 | +++ linux-2.6.33.1/arch/sparc/kernel/pci_sun4v.c 2010-03-20 16:58:38.944776638 -0400 | |
3573 | @@ -525,7 +525,7 @@ static void dma_4v_unmap_sg(struct devic | |
3574 | spin_unlock_irqrestore(&iommu->lock, flags); | |
3575 | } | |
3576 | ||
3577 | -static struct dma_map_ops sun4v_dma_ops = { | |
3578 | +static const struct dma_map_ops sun4v_dma_ops = { | |
3579 | .alloc_coherent = dma_4v_alloc_coherent, | |
3580 | .free_coherent = dma_4v_free_coherent, | |
3581 | .map_page = dma_4v_map_page, | |
3582 | diff -urNp linux-2.6.33.1/arch/sparc/kernel/sys_sparc_32.c linux-2.6.33.1/arch/sparc/kernel/sys_sparc_32.c | |
3583 | --- linux-2.6.33.1/arch/sparc/kernel/sys_sparc_32.c 2010-03-15 12:09:39.000000000 -0400 | |
3584 | +++ linux-2.6.33.1/arch/sparc/kernel/sys_sparc_32.c 2010-03-20 16:58:38.944776638 -0400 | |
3585 | @@ -57,7 +57,7 @@ unsigned long arch_get_unmapped_area(str | |
58c5fc13 MT |
3586 | if (ARCH_SUN4C && len > 0x20000000) |
3587 | return -ENOMEM; | |
3588 | if (!addr) | |
3589 | - addr = TASK_UNMAPPED_BASE; | |
3590 | + addr = current->mm->mmap_base; | |
3591 | ||
3592 | if (flags & MAP_SHARED) | |
3593 | addr = COLOUR_ALIGN(addr); | |
ae4e228f MT |
3594 | diff -urNp linux-2.6.33.1/arch/sparc/kernel/sys_sparc_64.c linux-2.6.33.1/arch/sparc/kernel/sys_sparc_64.c |
3595 | --- linux-2.6.33.1/arch/sparc/kernel/sys_sparc_64.c 2010-03-15 12:09:39.000000000 -0400 | |
3596 | +++ linux-2.6.33.1/arch/sparc/kernel/sys_sparc_64.c 2010-03-20 16:58:38.948763345 -0400 | |
58c5fc13 MT |
3597 | @@ -125,7 +125,7 @@ unsigned long arch_get_unmapped_area(str |
3598 | /* We do not accept a shared mapping if it would violate | |
3599 | * cache aliasing constraints. | |
3600 | */ | |
3601 | - if ((flags & MAP_SHARED) && | |
3602 | + if ((filp || (flags & MAP_SHARED)) && | |
3603 | ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1))) | |
3604 | return -EINVAL; | |
3605 | return addr; | |
3606 | @@ -140,6 +140,10 @@ unsigned long arch_get_unmapped_area(str | |
3607 | if (filp || (flags & MAP_SHARED)) | |
3608 | do_color_align = 1; | |
3609 | ||
3610 | +#ifdef CONFIG_PAX_RANDMMAP | |
3611 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP)) | |
3612 | +#endif | |
3613 | + | |
3614 | if (addr) { | |
3615 | if (do_color_align) | |
3616 | addr = COLOUR_ALIGN(addr, pgoff); | |
3617 | @@ -153,9 +157,9 @@ unsigned long arch_get_unmapped_area(str | |
3618 | } | |
3619 | ||
3620 | if (len > mm->cached_hole_size) { | |
3621 | - start_addr = addr = mm->free_area_cache; | |
3622 | + start_addr = addr = mm->free_area_cache; | |
3623 | } else { | |
3624 | - start_addr = addr = TASK_UNMAPPED_BASE; | |
3625 | + start_addr = addr = mm->mmap_base; | |
3626 | mm->cached_hole_size = 0; | |
3627 | } | |
3628 | ||
3629 | @@ -175,8 +179,8 @@ full_search: | |
3630 | vma = find_vma(mm, VA_EXCLUDE_END); | |
3631 | } | |
3632 | if (unlikely(task_size < addr)) { | |
3633 | - if (start_addr != TASK_UNMAPPED_BASE) { | |
3634 | - start_addr = addr = TASK_UNMAPPED_BASE; | |
3635 | + if (start_addr != mm->mmap_base) { | |
3636 | + start_addr = addr = mm->mmap_base; | |
3637 | mm->cached_hole_size = 0; | |
3638 | goto full_search; | |
3639 | } | |
3640 | @@ -216,7 +220,7 @@ arch_get_unmapped_area_topdown(struct fi | |
3641 | /* We do not accept a shared mapping if it would violate | |
3642 | * cache aliasing constraints. | |
3643 | */ | |
3644 | - if ((flags & MAP_SHARED) && | |
3645 | + if ((filp || (flags & MAP_SHARED)) && | |
3646 | ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1))) | |
3647 | return -EINVAL; | |
3648 | return addr; | |
ae4e228f MT |
3649 | @@ -386,6 +390,12 @@ void arch_pick_mmap_layout(struct mm_str |
3650 | gap == RLIM_INFINITY || | |
58c5fc13 MT |
3651 | sysctl_legacy_va_layout) { |
3652 | mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; | |
3653 | + | |
3654 | +#ifdef CONFIG_PAX_RANDMMAP | |
3655 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
3656 | + mm->mmap_base += mm->delta_mmap; | |
3657 | +#endif | |
3658 | + | |
3659 | mm->get_unmapped_area = arch_get_unmapped_area; | |
3660 | mm->unmap_area = arch_unmap_area; | |
3661 | } else { | |
ae4e228f | 3662 | @@ -398,6 +408,12 @@ void arch_pick_mmap_layout(struct mm_str |
58c5fc13 MT |
3663 | gap = (task_size / 6 * 5); |
3664 | ||
3665 | mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor); | |
3666 | + | |
3667 | +#ifdef CONFIG_PAX_RANDMMAP | |
3668 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
3669 | + mm->mmap_base -= mm->delta_mmap + mm->delta_stack; | |
3670 | +#endif | |
3671 | + | |
3672 | mm->get_unmapped_area = arch_get_unmapped_area_topdown; | |
3673 | mm->unmap_area = arch_unmap_area_topdown; | |
3674 | } | |
ae4e228f MT |
3675 | diff -urNp linux-2.6.33.1/arch/sparc/kernel/traps_64.c linux-2.6.33.1/arch/sparc/kernel/traps_64.c |
3676 | --- linux-2.6.33.1/arch/sparc/kernel/traps_64.c 2010-03-15 12:09:39.000000000 -0400 | |
3677 | +++ linux-2.6.33.1/arch/sparc/kernel/traps_64.c 2010-03-20 16:58:38.948763345 -0400 | |
58c5fc13 MT |
3678 | @@ -93,6 +93,12 @@ void bad_trap(struct pt_regs *regs, long |
3679 | ||
3680 | lvl -= 0x100; | |
3681 | if (regs->tstate & TSTATE_PRIV) { | |
3682 | + | |
3683 | +#ifdef CONFIG_PAX_REFCOUNT | |
3684 | + if (lvl == 6) | |
3685 | + pax_report_refcount_overflow(regs); | |
3686 | +#endif | |
3687 | + | |
3688 | sprintf(buffer, "Kernel bad sw trap %lx", lvl); | |
3689 | die_if_kernel(buffer, regs); | |
3690 | } | |
3691 | @@ -111,11 +117,16 @@ void bad_trap(struct pt_regs *regs, long | |
3692 | void bad_trap_tl1(struct pt_regs *regs, long lvl) | |
3693 | { | |
3694 | char buffer[32]; | |
3695 | - | |
3696 | + | |
3697 | if (notify_die(DIE_TRAP_TL1, "bad trap tl1", regs, | |
3698 | 0, lvl, SIGTRAP) == NOTIFY_STOP) | |
3699 | return; | |
3700 | ||
3701 | +#ifdef CONFIG_PAX_REFCOUNT | |
3702 | + if (lvl == 6) | |
3703 | + pax_report_refcount_overflow(regs); | |
3704 | +#endif | |
3705 | + | |
3706 | dump_tl1_traplog((struct tl1_traplog *)(regs + 1)); | |
3707 | ||
3708 | sprintf (buffer, "Bad trap %lx at tl>0", lvl); | |
ae4e228f MT |
3709 | diff -urNp linux-2.6.33.1/arch/sparc/lib/atomic_64.S linux-2.6.33.1/arch/sparc/lib/atomic_64.S |
3710 | --- linux-2.6.33.1/arch/sparc/lib/atomic_64.S 2010-03-15 12:09:39.000000000 -0400 | |
3711 | +++ linux-2.6.33.1/arch/sparc/lib/atomic_64.S 2010-03-20 16:58:38.952780321 -0400 | |
58c5fc13 MT |
3712 | @@ -18,7 +18,12 @@ |
3713 | atomic_add: /* %o0 = increment, %o1 = atomic_ptr */ | |
3714 | BACKOFF_SETUP(%o2) | |
3715 | 1: lduw [%o1], %g1 | |
3716 | - add %g1, %o0, %g7 | |
3717 | + addcc %g1, %o0, %g7 | |
3718 | + | |
3719 | +#ifdef CONFIG_PAX_REFCOUNT | |
3720 | + tvs %icc, 6 | |
3721 | +#endif | |
3722 | + | |
3723 | cas [%o1], %g1, %g7 | |
3724 | cmp %g1, %g7 | |
3725 | bne,pn %icc, 2f | |
3726 | @@ -28,12 +33,32 @@ atomic_add: /* %o0 = increment, %o1 = at | |
3727 | 2: BACKOFF_SPIN(%o2, %o3, 1b) | |
3728 | .size atomic_add, .-atomic_add | |
3729 | ||
3730 | + .globl atomic_add_unchecked | |
3731 | + .type atomic_add_unchecked,#function | |
3732 | +atomic_add_unchecked: /* %o0 = increment, %o1 = atomic_ptr */ | |
3733 | + BACKOFF_SETUP(%o2) | |
3734 | +1: lduw [%o1], %g1 | |
3735 | + add %g1, %o0, %g7 | |
3736 | + cas [%o1], %g1, %g7 | |
3737 | + cmp %g1, %g7 | |
3738 | + bne,pn %icc, 2f | |
3739 | + nop | |
3740 | + retl | |
3741 | + nop | |
3742 | +2: BACKOFF_SPIN(%o2, %o3, 1b) | |
3743 | + .size atomic_add_unchecked, .-atomic_add_unchecked | |
3744 | + | |
3745 | .globl atomic_sub | |
3746 | .type atomic_sub,#function | |
3747 | atomic_sub: /* %o0 = decrement, %o1 = atomic_ptr */ | |
3748 | BACKOFF_SETUP(%o2) | |
3749 | 1: lduw [%o1], %g1 | |
3750 | - sub %g1, %o0, %g7 | |
3751 | + subcc %g1, %o0, %g7 | |
3752 | + | |
3753 | +#ifdef CONFIG_PAX_REFCOUNT | |
3754 | + tvs %icc, 6 | |
3755 | +#endif | |
3756 | + | |
3757 | cas [%o1], %g1, %g7 | |
3758 | cmp %g1, %g7 | |
3759 | bne,pn %icc, 2f | |
3760 | @@ -43,12 +68,32 @@ atomic_sub: /* %o0 = decrement, %o1 = at | |
3761 | 2: BACKOFF_SPIN(%o2, %o3, 1b) | |
3762 | .size atomic_sub, .-atomic_sub | |
3763 | ||
3764 | + .globl atomic_sub_unchecked | |
3765 | + .type atomic_sub_unchecked,#function | |
3766 | +atomic_sub_unchecked: /* %o0 = decrement, %o1 = atomic_ptr */ | |
3767 | + BACKOFF_SETUP(%o2) | |
3768 | +1: lduw [%o1], %g1 | |
3769 | + sub %g1, %o0, %g7 | |
3770 | + cas [%o1], %g1, %g7 | |
3771 | + cmp %g1, %g7 | |
3772 | + bne,pn %icc, 2f | |
3773 | + nop | |
3774 | + retl | |
3775 | + nop | |
3776 | +2: BACKOFF_SPIN(%o2, %o3, 1b) | |
3777 | + .size atomic_sub_unchecked, .-atomic_sub_unchecked | |
3778 | + | |
3779 | .globl atomic_add_ret | |
3780 | .type atomic_add_ret,#function | |
3781 | atomic_add_ret: /* %o0 = increment, %o1 = atomic_ptr */ | |
3782 | BACKOFF_SETUP(%o2) | |
3783 | 1: lduw [%o1], %g1 | |
3784 | - add %g1, %o0, %g7 | |
3785 | + addcc %g1, %o0, %g7 | |
3786 | + | |
3787 | +#ifdef CONFIG_PAX_REFCOUNT | |
3788 | + tvs %icc, 6 | |
3789 | +#endif | |
3790 | + | |
3791 | cas [%o1], %g1, %g7 | |
3792 | cmp %g1, %g7 | |
3793 | bne,pn %icc, 2f | |
3794 | @@ -64,7 +109,12 @@ atomic_add_ret: /* %o0 = increment, %o1 | |
3795 | atomic_sub_ret: /* %o0 = decrement, %o1 = atomic_ptr */ | |
3796 | BACKOFF_SETUP(%o2) | |
3797 | 1: lduw [%o1], %g1 | |
3798 | - sub %g1, %o0, %g7 | |
3799 | + subcc %g1, %o0, %g7 | |
3800 | + | |
3801 | +#ifdef CONFIG_PAX_REFCOUNT | |
3802 | + tvs %icc, 6 | |
3803 | +#endif | |
3804 | + | |
3805 | cas [%o1], %g1, %g7 | |
3806 | cmp %g1, %g7 | |
3807 | bne,pn %icc, 2f | |
3808 | @@ -80,7 +130,12 @@ atomic_sub_ret: /* %o0 = decrement, %o1 | |
3809 | atomic64_add: /* %o0 = increment, %o1 = atomic_ptr */ | |
3810 | BACKOFF_SETUP(%o2) | |
3811 | 1: ldx [%o1], %g1 | |
3812 | - add %g1, %o0, %g7 | |
3813 | + addcc %g1, %o0, %g7 | |
3814 | + | |
3815 | +#ifdef CONFIG_PAX_REFCOUNT | |
3816 | + tvs %xcc, 6 | |
3817 | +#endif | |
3818 | + | |
3819 | casx [%o1], %g1, %g7 | |
3820 | cmp %g1, %g7 | |
3821 | bne,pn %xcc, 2f | |
ae4e228f MT |
3822 | @@ -90,12 +145,32 @@ atomic64_add: /* %o0 = increment, %o1 = |
3823 | 2: BACKOFF_SPIN(%o2, %o3, 1b) | |
3824 | .size atomic64_add, .-atomic64_add | |
3825 | ||
3826 | + .globl atomic64_add_unchecked | |
3827 | + .type atomic64_add_unchecked,#function | |
3828 | +atomic64_add_unchecked: /* %o0 = increment, %o1 = atomic_ptr */ | |
3829 | + BACKOFF_SETUP(%o2) | |
3830 | +1: ldx [%o1], %g1 | |
3831 | + addcc %g1, %o0, %g7 | |
3832 | + casx [%o1], %g1, %g7 | |
3833 | + cmp %g1, %g7 | |
3834 | + bne,pn %xcc, 2f | |
3835 | + nop | |
3836 | + retl | |
3837 | + nop | |
3838 | +2: BACKOFF_SPIN(%o2, %o3, 1b) | |
3839 | + .size atomic64_add_unchecked, .-atomic64_add_unchecked | |
3840 | + | |
3841 | .globl atomic64_sub | |
3842 | .type atomic64_sub,#function | |
58c5fc13 MT |
3843 | atomic64_sub: /* %o0 = decrement, %o1 = atomic_ptr */ |
3844 | BACKOFF_SETUP(%o2) | |
3845 | 1: ldx [%o1], %g1 | |
3846 | - sub %g1, %o0, %g7 | |
3847 | + subcc %g1, %o0, %g7 | |
3848 | + | |
3849 | +#ifdef CONFIG_PAX_REFCOUNT | |
3850 | + tvs %xcc, 6 | |
3851 | +#endif | |
3852 | + | |
3853 | casx [%o1], %g1, %g7 | |
3854 | cmp %g1, %g7 | |
3855 | bne,pn %xcc, 2f | |
ae4e228f | 3856 | @@ -110,7 +185,12 @@ atomic64_sub: /* %o0 = decrement, %o1 = |
58c5fc13 MT |
3857 | atomic64_add_ret: /* %o0 = increment, %o1 = atomic_ptr */ |
3858 | BACKOFF_SETUP(%o2) | |
3859 | 1: ldx [%o1], %g1 | |
3860 | - add %g1, %o0, %g7 | |
3861 | + addcc %g1, %o0, %g7 | |
3862 | + | |
3863 | +#ifdef CONFIG_PAX_REFCOUNT | |
3864 | + tvs %xcc, 6 | |
3865 | +#endif | |
3866 | + | |
3867 | casx [%o1], %g1, %g7 | |
3868 | cmp %g1, %g7 | |
3869 | bne,pn %xcc, 2f | |
ae4e228f MT |
3870 | @@ -121,12 +201,33 @@ atomic64_add_ret: /* %o0 = increment, %o |
3871 | 2: BACKOFF_SPIN(%o2, %o3, 1b) | |
3872 | .size atomic64_add_ret, .-atomic64_add_ret | |
3873 | ||
3874 | + .globl atomic64_add_ret_unchecked | |
3875 | + .type atomic64_add_ret_unchecked,#function | |
3876 | +atomic64_add_ret_unchecked: /* %o0 = increment, %o1 = atomic_ptr */ | |
3877 | + BACKOFF_SETUP(%o2) | |
3878 | +1: ldx [%o1], %g1 | |
3879 | + addcc %g1, %o0, %g7 | |
3880 | + casx [%o1], %g1, %g7 | |
3881 | + cmp %g1, %g7 | |
3882 | + bne,pn %xcc, 2f | |
3883 | + add %g7, %o0, %g7 | |
3884 | + mov %g7, %o0 | |
3885 | + retl | |
3886 | + nop | |
3887 | +2: BACKOFF_SPIN(%o2, %o3, 1b) | |
3888 | + .size atomic64_add_ret_unchecked, .-atomic64_add_ret_unchecked | |
3889 | + | |
3890 | .globl atomic64_sub_ret | |
3891 | .type atomic64_sub_ret,#function | |
58c5fc13 MT |
3892 | atomic64_sub_ret: /* %o0 = decrement, %o1 = atomic_ptr */ |
3893 | BACKOFF_SETUP(%o2) | |
3894 | 1: ldx [%o1], %g1 | |
3895 | - sub %g1, %o0, %g7 | |
3896 | + subcc %g1, %o0, %g7 | |
3897 | + | |
3898 | +#ifdef CONFIG_PAX_REFCOUNT | |
3899 | + tvs %xcc, 6 | |
3900 | +#endif | |
3901 | + | |
3902 | casx [%o1], %g1, %g7 | |
3903 | cmp %g1, %g7 | |
3904 | bne,pn %xcc, 2f | |
ae4e228f MT |
3905 | diff -urNp linux-2.6.33.1/arch/sparc/lib/ksyms.c linux-2.6.33.1/arch/sparc/lib/ksyms.c |
3906 | --- linux-2.6.33.1/arch/sparc/lib/ksyms.c 2010-03-15 12:09:39.000000000 -0400 | |
3907 | +++ linux-2.6.33.1/arch/sparc/lib/ksyms.c 2010-03-20 16:58:38.956579787 -0400 | |
3908 | @@ -142,8 +142,10 @@ EXPORT_SYMBOL(__downgrade_write); | |
58c5fc13 MT |
3909 | |
3910 | /* Atomic counter implementation. */ | |
3911 | EXPORT_SYMBOL(atomic_add); | |
3912 | +EXPORT_SYMBOL(atomic_add_unchecked); | |
3913 | EXPORT_SYMBOL(atomic_add_ret); | |
3914 | EXPORT_SYMBOL(atomic_sub); | |
3915 | +EXPORT_SYMBOL(atomic_sub_unchecked); | |
3916 | EXPORT_SYMBOL(atomic_sub_ret); | |
3917 | EXPORT_SYMBOL(atomic64_add); | |
3918 | EXPORT_SYMBOL(atomic64_add_ret); | |
ae4e228f MT |
3919 | diff -urNp linux-2.6.33.1/arch/sparc/lib/rwsem_64.S linux-2.6.33.1/arch/sparc/lib/rwsem_64.S |
3920 | --- linux-2.6.33.1/arch/sparc/lib/rwsem_64.S 2010-03-15 12:09:39.000000000 -0400 | |
3921 | +++ linux-2.6.33.1/arch/sparc/lib/rwsem_64.S 2010-03-20 16:58:38.956579787 -0400 | |
58c5fc13 MT |
3922 | @@ -11,7 +11,12 @@ |
3923 | .globl __down_read | |
3924 | __down_read: | |
3925 | 1: lduw [%o0], %g1 | |
3926 | - add %g1, 1, %g7 | |
3927 | + addcc %g1, 1, %g7 | |
3928 | + | |
3929 | +#ifdef CONFIG_PAX_REFCOUNT | |
3930 | + tvs %icc, 6 | |
3931 | +#endif | |
3932 | + | |
3933 | cas [%o0], %g1, %g7 | |
3934 | cmp %g1, %g7 | |
3935 | bne,pn %icc, 1b | |
3936 | @@ -33,7 +38,12 @@ __down_read: | |
3937 | .globl __down_read_trylock | |
3938 | __down_read_trylock: | |
3939 | 1: lduw [%o0], %g1 | |
3940 | - add %g1, 1, %g7 | |
3941 | + addcc %g1, 1, %g7 | |
3942 | + | |
3943 | +#ifdef CONFIG_PAX_REFCOUNT | |
3944 | + tvs %icc, 6 | |
3945 | +#endif | |
3946 | + | |
3947 | cmp %g7, 0 | |
3948 | bl,pn %icc, 2f | |
3949 | mov 0, %o1 | |
3950 | @@ -51,7 +61,12 @@ __down_write: | |
3951 | or %g1, %lo(RWSEM_ACTIVE_WRITE_BIAS), %g1 | |
3952 | 1: | |
3953 | lduw [%o0], %g3 | |
3954 | - add %g3, %g1, %g7 | |
3955 | + addcc %g3, %g1, %g7 | |
3956 | + | |
3957 | +#ifdef CONFIG_PAX_REFCOUNT | |
3958 | + tvs %icc, 6 | |
3959 | +#endif | |
3960 | + | |
3961 | cas [%o0], %g3, %g7 | |
3962 | cmp %g3, %g7 | |
3963 | bne,pn %icc, 1b | |
3964 | @@ -77,7 +92,12 @@ __down_write_trylock: | |
3965 | cmp %g3, 0 | |
3966 | bne,pn %icc, 2f | |
3967 | mov 0, %o1 | |
3968 | - add %g3, %g1, %g7 | |
3969 | + addcc %g3, %g1, %g7 | |
3970 | + | |
3971 | +#ifdef CONFIG_PAX_REFCOUNT | |
3972 | + tvs %icc, 6 | |
3973 | +#endif | |
3974 | + | |
3975 | cas [%o0], %g3, %g7 | |
3976 | cmp %g3, %g7 | |
3977 | bne,pn %icc, 1b | |
3978 | @@ -90,7 +110,12 @@ __down_write_trylock: | |
3979 | __up_read: | |
3980 | 1: | |
3981 | lduw [%o0], %g1 | |
3982 | - sub %g1, 1, %g7 | |
3983 | + subcc %g1, 1, %g7 | |
3984 | + | |
3985 | +#ifdef CONFIG_PAX_REFCOUNT | |
3986 | + tvs %icc, 6 | |
3987 | +#endif | |
3988 | + | |
3989 | cas [%o0], %g1, %g7 | |
3990 | cmp %g1, %g7 | |
3991 | bne,pn %icc, 1b | |
3992 | @@ -118,7 +143,12 @@ __up_write: | |
3993 | or %g1, %lo(RWSEM_ACTIVE_WRITE_BIAS), %g1 | |
3994 | 1: | |
3995 | lduw [%o0], %g3 | |
3996 | - sub %g3, %g1, %g7 | |
3997 | + subcc %g3, %g1, %g7 | |
3998 | + | |
3999 | +#ifdef CONFIG_PAX_REFCOUNT | |
4000 | + tvs %icc, 6 | |
4001 | +#endif | |
4002 | + | |
4003 | cas [%o0], %g3, %g7 | |
4004 | cmp %g3, %g7 | |
4005 | bne,pn %icc, 1b | |
4006 | @@ -143,7 +173,12 @@ __downgrade_write: | |
4007 | or %g1, %lo(RWSEM_WAITING_BIAS), %g1 | |
4008 | 1: | |
4009 | lduw [%o0], %g3 | |
4010 | - sub %g3, %g1, %g7 | |
4011 | + subcc %g3, %g1, %g7 | |
4012 | + | |
4013 | +#ifdef CONFIG_PAX_REFCOUNT | |
4014 | + tvs %icc, 6 | |
4015 | +#endif | |
4016 | + | |
4017 | cas [%o0], %g3, %g7 | |
4018 | cmp %g3, %g7 | |
4019 | bne,pn %icc, 1b | |
ae4e228f MT |
4020 | diff -urNp linux-2.6.33.1/arch/sparc/Makefile linux-2.6.33.1/arch/sparc/Makefile |
4021 | --- linux-2.6.33.1/arch/sparc/Makefile 2010-03-15 12:09:39.000000000 -0400 | |
4022 | +++ linux-2.6.33.1/arch/sparc/Makefile 2010-03-20 16:58:38.956579787 -0400 | |
4023 | @@ -75,7 +75,7 @@ drivers-$(CONFIG_OPROFILE) += arch/sparc | |
58c5fc13 MT |
4024 | # Export what is needed by arch/sparc/boot/Makefile |
4025 | export VMLINUX_INIT VMLINUX_MAIN | |
4026 | VMLINUX_INIT := $(head-y) $(init-y) | |
4027 | -VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/ | |
4028 | +VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/ | |
4029 | VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y) | |
4030 | VMLINUX_MAIN += $(drivers-y) $(net-y) | |
4031 | ||
ae4e228f MT |
4032 | diff -urNp linux-2.6.33.1/arch/sparc/mm/fault_32.c linux-2.6.33.1/arch/sparc/mm/fault_32.c |
4033 | --- linux-2.6.33.1/arch/sparc/mm/fault_32.c 2010-03-15 12:09:39.000000000 -0400 | |
4034 | +++ linux-2.6.33.1/arch/sparc/mm/fault_32.c 2010-03-20 16:58:38.956579787 -0400 | |
4035 | @@ -22,6 +22,9 @@ | |
58c5fc13 MT |
4036 | #include <linux/interrupt.h> |
4037 | #include <linux/module.h> | |
4038 | #include <linux/kdebug.h> | |
4039 | +#include <linux/slab.h> | |
4040 | +#include <linux/pagemap.h> | |
4041 | +#include <linux/compiler.h> | |
4042 | ||
4043 | #include <asm/system.h> | |
4044 | #include <asm/page.h> | |
ae4e228f | 4045 | @@ -168,6 +171,267 @@ static unsigned long compute_si_addr(str |
58c5fc13 MT |
4046 | return safe_compute_effective_address(regs, insn); |
4047 | } | |
4048 | ||
4049 | +#ifdef CONFIG_PAX_PAGEEXEC | |
4050 | +#ifdef CONFIG_PAX_DLRESOLVE | |
ae4e228f | 4051 | +static void pax_emuplt_close(struct vm_area_struct *vma) |
58c5fc13 MT |
4052 | +{ |
4053 | + vma->vm_mm->call_dl_resolve = 0UL; | |
4054 | +} | |
4055 | + | |
4056 | +static int pax_emuplt_fault(struct vm_area_struct *vma, struct vm_fault *vmf) | |
4057 | +{ | |
4058 | + unsigned int *kaddr; | |
4059 | + | |
4060 | + vmf->page = alloc_page(GFP_HIGHUSER); | |
4061 | + if (!vmf->page) | |
4062 | + return VM_FAULT_OOM; | |
4063 | + | |
4064 | + kaddr = kmap(vmf->page); | |
4065 | + memset(kaddr, 0, PAGE_SIZE); | |
4066 | + kaddr[0] = 0x9DE3BFA8U; /* save */ | |
4067 | + flush_dcache_page(vmf->page); | |
4068 | + kunmap(vmf->page); | |
4069 | + return VM_FAULT_MAJOR; | |
4070 | +} | |
4071 | + | |
4072 | +static const struct vm_operations_struct pax_vm_ops = { | |
4073 | + .close = pax_emuplt_close, | |
4074 | + .fault = pax_emuplt_fault | |
4075 | +}; | |
4076 | + | |
4077 | +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) | |
4078 | +{ | |
4079 | + int ret; | |
4080 | + | |
4081 | + vma->vm_mm = current->mm; | |
4082 | + vma->vm_start = addr; | |
4083 | + vma->vm_end = addr + PAGE_SIZE; | |
4084 | + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC; | |
4085 | + vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); | |
4086 | + vma->vm_ops = &pax_vm_ops; | |
4087 | + | |
4088 | + ret = insert_vm_struct(current->mm, vma); | |
4089 | + if (ret) | |
4090 | + return ret; | |
4091 | + | |
4092 | + ++current->mm->total_vm; | |
4093 | + return 0; | |
4094 | +} | |
4095 | +#endif | |
4096 | + | |
4097 | +/* | |
4098 | + * PaX: decide what to do with offenders (regs->pc = fault address) | |
4099 | + * | |
4100 | + * returns 1 when task should be killed | |
4101 | + * 2 when patched PLT trampoline was detected | |
4102 | + * 3 when unpatched PLT trampoline was detected | |
4103 | + */ | |
4104 | +static int pax_handle_fetch_fault(struct pt_regs *regs) | |
4105 | +{ | |
4106 | + | |
4107 | +#ifdef CONFIG_PAX_EMUPLT | |
4108 | + int err; | |
4109 | + | |
4110 | + do { /* PaX: patched PLT emulation #1 */ | |
4111 | + unsigned int sethi1, sethi2, jmpl; | |
4112 | + | |
4113 | + err = get_user(sethi1, (unsigned int *)regs->pc); | |
4114 | + err |= get_user(sethi2, (unsigned int *)(regs->pc+4)); | |
4115 | + err |= get_user(jmpl, (unsigned int *)(regs->pc+8)); | |
4116 | + | |
4117 | + if (err) | |
4118 | + break; | |
4119 | + | |
4120 | + if ((sethi1 & 0xFFC00000U) == 0x03000000U && | |
4121 | + (sethi2 & 0xFFC00000U) == 0x03000000U && | |
4122 | + (jmpl & 0xFFFFE000U) == 0x81C06000U) | |
4123 | + { | |
4124 | + unsigned int addr; | |
4125 | + | |
4126 | + regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10; | |
4127 | + addr = regs->u_regs[UREG_G1]; | |
4128 | + addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U); | |
4129 | + regs->pc = addr; | |
4130 | + regs->npc = addr+4; | |
4131 | + return 2; | |
4132 | + } | |
4133 | + } while (0); | |
4134 | + | |
4135 | + { /* PaX: patched PLT emulation #2 */ | |
4136 | + unsigned int ba; | |
4137 | + | |
4138 | + err = get_user(ba, (unsigned int *)regs->pc); | |
4139 | + | |
4140 | + if (!err && (ba & 0xFFC00000U) == 0x30800000U) { | |
4141 | + unsigned int addr; | |
4142 | + | |
4143 | + addr = regs->pc + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2); | |
4144 | + regs->pc = addr; | |
4145 | + regs->npc = addr+4; | |
4146 | + return 2; | |
4147 | + } | |
4148 | + } | |
4149 | + | |
4150 | + do { /* PaX: patched PLT emulation #3 */ | |
4151 | + unsigned int sethi, jmpl, nop; | |
4152 | + | |
4153 | + err = get_user(sethi, (unsigned int *)regs->pc); | |
4154 | + err |= get_user(jmpl, (unsigned int *)(regs->pc+4)); | |
4155 | + err |= get_user(nop, (unsigned int *)(regs->pc+8)); | |
4156 | + | |
4157 | + if (err) | |
4158 | + break; | |
4159 | + | |
4160 | + if ((sethi & 0xFFC00000U) == 0x03000000U && | |
4161 | + (jmpl & 0xFFFFE000U) == 0x81C06000U && | |
4162 | + nop == 0x01000000U) | |
4163 | + { | |
4164 | + unsigned int addr; | |
4165 | + | |
4166 | + addr = (sethi & 0x003FFFFFU) << 10; | |
4167 | + regs->u_regs[UREG_G1] = addr; | |
4168 | + addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U); | |
4169 | + regs->pc = addr; | |
4170 | + regs->npc = addr+4; | |
4171 | + return 2; | |
4172 | + } | |
4173 | + } while (0); | |
4174 | + | |
4175 | + do { /* PaX: unpatched PLT emulation step 1 */ | |
4176 | + unsigned int sethi, ba, nop; | |
4177 | + | |
4178 | + err = get_user(sethi, (unsigned int *)regs->pc); | |
4179 | + err |= get_user(ba, (unsigned int *)(regs->pc+4)); | |
4180 | + err |= get_user(nop, (unsigned int *)(regs->pc+8)); | |
4181 | + | |
4182 | + if (err) | |
4183 | + break; | |
4184 | + | |
4185 | + if ((sethi & 0xFFC00000U) == 0x03000000U && | |
4186 | + ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) && | |
4187 | + nop == 0x01000000U) | |
4188 | + { | |
4189 | + unsigned int addr, save, call; | |
4190 | + | |
4191 | + if ((ba & 0xFFC00000U) == 0x30800000U) | |
4192 | + addr = regs->pc + 4 + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2); | |
4193 | + else | |
4194 | + addr = regs->pc + 4 + ((((ba | 0xFFF80000U) ^ 0x00040000U) + 0x00040000U) << 2); | |
4195 | + | |
4196 | + err = get_user(save, (unsigned int *)addr); | |
4197 | + err |= get_user(call, (unsigned int *)(addr+4)); | |
4198 | + err |= get_user(nop, (unsigned int *)(addr+8)); | |
4199 | + if (err) | |
4200 | + break; | |
4201 | + | |
4202 | +#ifdef CONFIG_PAX_DLRESOLVE | |
4203 | + if (save == 0x9DE3BFA8U && | |
4204 | + (call & 0xC0000000U) == 0x40000000U && | |
4205 | + nop == 0x01000000U) | |
4206 | + { | |
4207 | + struct vm_area_struct *vma; | |
4208 | + unsigned long call_dl_resolve; | |
4209 | + | |
4210 | + down_read(¤t->mm->mmap_sem); | |
4211 | + call_dl_resolve = current->mm->call_dl_resolve; | |
4212 | + up_read(¤t->mm->mmap_sem); | |
4213 | + if (likely(call_dl_resolve)) | |
4214 | + goto emulate; | |
4215 | + | |
4216 | + vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); | |
4217 | + | |
4218 | + down_write(¤t->mm->mmap_sem); | |
4219 | + if (current->mm->call_dl_resolve) { | |
4220 | + call_dl_resolve = current->mm->call_dl_resolve; | |
4221 | + up_write(¤t->mm->mmap_sem); | |
4222 | + if (vma) | |
4223 | + kmem_cache_free(vm_area_cachep, vma); | |
4224 | + goto emulate; | |
4225 | + } | |
4226 | + | |
4227 | + call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE); | |
4228 | + if (!vma || (call_dl_resolve & ~PAGE_MASK)) { | |
4229 | + up_write(¤t->mm->mmap_sem); | |
4230 | + if (vma) | |
4231 | + kmem_cache_free(vm_area_cachep, vma); | |
4232 | + return 1; | |
4233 | + } | |
4234 | + | |
4235 | + if (pax_insert_vma(vma, call_dl_resolve)) { | |
4236 | + up_write(¤t->mm->mmap_sem); | |
4237 | + kmem_cache_free(vm_area_cachep, vma); | |
4238 | + return 1; | |
4239 | + } | |
4240 | + | |
4241 | + current->mm->call_dl_resolve = call_dl_resolve; | |
4242 | + up_write(¤t->mm->mmap_sem); | |
4243 | + | |
4244 | +emulate: | |
4245 | + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10; | |
4246 | + regs->pc = call_dl_resolve; | |
4247 | + regs->npc = addr+4; | |
4248 | + return 3; | |
4249 | + } | |
4250 | +#endif | |
4251 | + | |
4252 | + /* PaX: glibc 2.4+ generates sethi/jmpl instead of save/call */ | |
4253 | + if ((save & 0xFFC00000U) == 0x05000000U && | |
4254 | + (call & 0xFFFFE000U) == 0x85C0A000U && | |
4255 | + nop == 0x01000000U) | |
4256 | + { | |
4257 | + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10; | |
4258 | + regs->u_regs[UREG_G2] = addr + 4; | |
4259 | + addr = (save & 0x003FFFFFU) << 10; | |
4260 | + addr += (((call | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U); | |
4261 | + regs->pc = addr; | |
4262 | + regs->npc = addr+4; | |
4263 | + return 3; | |
4264 | + } | |
4265 | + } | |
4266 | + } while (0); | |
4267 | + | |
4268 | + do { /* PaX: unpatched PLT emulation step 2 */ | |
4269 | + unsigned int save, call, nop; | |
4270 | + | |
4271 | + err = get_user(save, (unsigned int *)(regs->pc-4)); | |
4272 | + err |= get_user(call, (unsigned int *)regs->pc); | |
4273 | + err |= get_user(nop, (unsigned int *)(regs->pc+4)); | |
4274 | + if (err) | |
4275 | + break; | |
4276 | + | |
4277 | + if (save == 0x9DE3BFA8U && | |
4278 | + (call & 0xC0000000U) == 0x40000000U && | |
4279 | + nop == 0x01000000U) | |
4280 | + { | |
4281 | + unsigned int dl_resolve = regs->pc + ((((call | 0xC0000000U) ^ 0x20000000U) + 0x20000000U) << 2); | |
4282 | + | |
4283 | + regs->u_regs[UREG_RETPC] = regs->pc; | |
4284 | + regs->pc = dl_resolve; | |
4285 | + regs->npc = dl_resolve+4; | |
4286 | + return 3; | |
4287 | + } | |
4288 | + } while (0); | |
4289 | +#endif | |
4290 | + | |
4291 | + return 1; | |
4292 | +} | |
4293 | + | |
4294 | +void pax_report_insns(void *pc, void *sp) | |
4295 | +{ | |
4296 | + unsigned long i; | |
4297 | + | |
4298 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
ae4e228f | 4299 | + for (i = 0; i < 8; i++) { |
58c5fc13 MT |
4300 | + unsigned int c; |
4301 | + if (get_user(c, (unsigned int *)pc+i)) | |
4302 | + printk(KERN_CONT "???????? "); | |
4303 | + else | |
4304 | + printk(KERN_CONT "%08x ", c); | |
4305 | + } | |
4306 | + printk("\n"); | |
4307 | +} | |
4308 | +#endif | |
4309 | + | |
4310 | asmlinkage void do_sparc_fault(struct pt_regs *regs, int text_fault, int write, | |
4311 | unsigned long address) | |
4312 | { | |
ae4e228f | 4313 | @@ -234,6 +498,24 @@ good_area: |
58c5fc13 MT |
4314 | if(!(vma->vm_flags & VM_WRITE)) |
4315 | goto bad_area; | |
4316 | } else { | |
4317 | + | |
4318 | +#ifdef CONFIG_PAX_PAGEEXEC | |
4319 | + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && text_fault && !(vma->vm_flags & VM_EXEC)) { | |
4320 | + up_read(&mm->mmap_sem); | |
4321 | + switch (pax_handle_fetch_fault(regs)) { | |
4322 | + | |
4323 | +#ifdef CONFIG_PAX_EMUPLT | |
4324 | + case 2: | |
4325 | + case 3: | |
4326 | + return; | |
4327 | +#endif | |
4328 | + | |
4329 | + } | |
4330 | + pax_report_fault(regs, (void *)regs->pc, (void *)regs->u_regs[UREG_FP]); | |
4331 | + do_group_exit(SIGKILL); | |
4332 | + } | |
4333 | +#endif | |
4334 | + | |
4335 | /* Allow reads even for write-only mappings */ | |
4336 | if(!(vma->vm_flags & (VM_READ | VM_EXEC))) | |
4337 | goto bad_area; | |
ae4e228f MT |
4338 | diff -urNp linux-2.6.33.1/arch/sparc/mm/fault_64.c linux-2.6.33.1/arch/sparc/mm/fault_64.c |
4339 | --- linux-2.6.33.1/arch/sparc/mm/fault_64.c 2010-03-15 12:09:39.000000000 -0400 | |
4340 | +++ linux-2.6.33.1/arch/sparc/mm/fault_64.c 2010-03-20 16:58:38.956579787 -0400 | |
4341 | @@ -21,6 +21,9 @@ | |
58c5fc13 MT |
4342 | #include <linux/kprobes.h> |
4343 | #include <linux/kdebug.h> | |
4344 | #include <linux/percpu.h> | |
4345 | +#include <linux/slab.h> | |
4346 | +#include <linux/pagemap.h> | |
4347 | +#include <linux/compiler.h> | |
4348 | ||
4349 | #include <asm/page.h> | |
4350 | #include <asm/pgtable.h> | |
ae4e228f | 4351 | @@ -244,6 +247,456 @@ static void noinline __kprobes bogus_32b |
58c5fc13 MT |
4352 | show_regs(regs); |
4353 | } | |
4354 | ||
4355 | +#ifdef CONFIG_PAX_PAGEEXEC | |
4356 | +#ifdef CONFIG_PAX_DLRESOLVE | |
4357 | +static void pax_emuplt_close(struct vm_area_struct *vma) | |
4358 | +{ | |
4359 | + vma->vm_mm->call_dl_resolve = 0UL; | |
4360 | +} | |
4361 | + | |
4362 | +static int pax_emuplt_fault(struct vm_area_struct *vma, struct vm_fault *vmf) | |
4363 | +{ | |
4364 | + unsigned int *kaddr; | |
4365 | + | |
4366 | + vmf->page = alloc_page(GFP_HIGHUSER); | |
4367 | + if (!vmf->page) | |
4368 | + return VM_FAULT_OOM; | |
4369 | + | |
4370 | + kaddr = kmap(vmf->page); | |
4371 | + memset(kaddr, 0, PAGE_SIZE); | |
4372 | + kaddr[0] = 0x9DE3BFA8U; /* save */ | |
4373 | + flush_dcache_page(vmf->page); | |
4374 | + kunmap(vmf->page); | |
4375 | + return VM_FAULT_MAJOR; | |
4376 | +} | |
4377 | + | |
4378 | +static const struct vm_operations_struct pax_vm_ops = { | |
4379 | + .close = pax_emuplt_close, | |
4380 | + .fault = pax_emuplt_fault | |
4381 | +}; | |
4382 | + | |
4383 | +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) | |
4384 | +{ | |
4385 | + int ret; | |
4386 | + | |
4387 | + vma->vm_mm = current->mm; | |
4388 | + vma->vm_start = addr; | |
4389 | + vma->vm_end = addr + PAGE_SIZE; | |
4390 | + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC; | |
4391 | + vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); | |
4392 | + vma->vm_ops = &pax_vm_ops; | |
4393 | + | |
4394 | + ret = insert_vm_struct(current->mm, vma); | |
4395 | + if (ret) | |
4396 | + return ret; | |
4397 | + | |
4398 | + ++current->mm->total_vm; | |
4399 | + return 0; | |
4400 | +} | |
4401 | +#endif | |
4402 | + | |
4403 | +/* | |
4404 | + * PaX: decide what to do with offenders (regs->tpc = fault address) | |
4405 | + * | |
4406 | + * returns 1 when task should be killed | |
4407 | + * 2 when patched PLT trampoline was detected | |
4408 | + * 3 when unpatched PLT trampoline was detected | |
4409 | + */ | |
4410 | +static int pax_handle_fetch_fault(struct pt_regs *regs) | |
4411 | +{ | |
4412 | + | |
4413 | +#ifdef CONFIG_PAX_EMUPLT | |
4414 | + int err; | |
4415 | + | |
4416 | + do { /* PaX: patched PLT emulation #1 */ | |
4417 | + unsigned int sethi1, sethi2, jmpl; | |
4418 | + | |
4419 | + err = get_user(sethi1, (unsigned int *)regs->tpc); | |
4420 | + err |= get_user(sethi2, (unsigned int *)(regs->tpc+4)); | |
4421 | + err |= get_user(jmpl, (unsigned int *)(regs->tpc+8)); | |
4422 | + | |
4423 | + if (err) | |
4424 | + break; | |
4425 | + | |
4426 | + if ((sethi1 & 0xFFC00000U) == 0x03000000U && | |
4427 | + (sethi2 & 0xFFC00000U) == 0x03000000U && | |
4428 | + (jmpl & 0xFFFFE000U) == 0x81C06000U) | |
4429 | + { | |
4430 | + unsigned long addr; | |
4431 | + | |
4432 | + regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10; | |
4433 | + addr = regs->u_regs[UREG_G1]; | |
4434 | + addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL); | |
4435 | + | |
4436 | + if (test_thread_flag(TIF_32BIT)) | |
4437 | + addr &= 0xFFFFFFFFUL; | |
4438 | + | |
4439 | + regs->tpc = addr; | |
4440 | + regs->tnpc = addr+4; | |
4441 | + return 2; | |
4442 | + } | |
4443 | + } while (0); | |
4444 | + | |
4445 | + { /* PaX: patched PLT emulation #2 */ | |
4446 | + unsigned int ba; | |
4447 | + | |
4448 | + err = get_user(ba, (unsigned int *)regs->tpc); | |
4449 | + | |
4450 | + if (!err && (ba & 0xFFC00000U) == 0x30800000U) { | |
4451 | + unsigned long addr; | |
4452 | + | |
4453 | + addr = regs->tpc + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2); | |
4454 | + | |
4455 | + if (test_thread_flag(TIF_32BIT)) | |
4456 | + addr &= 0xFFFFFFFFUL; | |
4457 | + | |
4458 | + regs->tpc = addr; | |
4459 | + regs->tnpc = addr+4; | |
4460 | + return 2; | |
4461 | + } | |
4462 | + } | |
4463 | + | |
4464 | + do { /* PaX: patched PLT emulation #3 */ | |
4465 | + unsigned int sethi, jmpl, nop; | |
4466 | + | |
4467 | + err = get_user(sethi, (unsigned int *)regs->tpc); | |
4468 | + err |= get_user(jmpl, (unsigned int *)(regs->tpc+4)); | |
4469 | + err |= get_user(nop, (unsigned int *)(regs->tpc+8)); | |
4470 | + | |
4471 | + if (err) | |
4472 | + break; | |
4473 | + | |
4474 | + if ((sethi & 0xFFC00000U) == 0x03000000U && | |
4475 | + (jmpl & 0xFFFFE000U) == 0x81C06000U && | |
4476 | + nop == 0x01000000U) | |
4477 | + { | |
4478 | + unsigned long addr; | |
4479 | + | |
4480 | + addr = (sethi & 0x003FFFFFU) << 10; | |
4481 | + regs->u_regs[UREG_G1] = addr; | |
4482 | + addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL); | |
4483 | + | |
4484 | + if (test_thread_flag(TIF_32BIT)) | |
4485 | + addr &= 0xFFFFFFFFUL; | |
4486 | + | |
4487 | + regs->tpc = addr; | |
4488 | + regs->tnpc = addr+4; | |
4489 | + return 2; | |
4490 | + } | |
4491 | + } while (0); | |
4492 | + | |
4493 | + do { /* PaX: patched PLT emulation #4 */ | |
ae4e228f | 4494 | + unsigned int sethi, mov1, call, mov2; |
58c5fc13 | 4495 | + |
ae4e228f MT |
4496 | + err = get_user(sethi, (unsigned int *)regs->tpc); |
4497 | + err |= get_user(mov1, (unsigned int *)(regs->tpc+4)); | |
4498 | + err |= get_user(call, (unsigned int *)(regs->tpc+8)); | |
4499 | + err |= get_user(mov2, (unsigned int *)(regs->tpc+12)); | |
58c5fc13 MT |
4500 | + |
4501 | + if (err) | |
4502 | + break; | |
4503 | + | |
ae4e228f MT |
4504 | + if ((sethi & 0xFFC00000U) == 0x03000000U && |
4505 | + mov1 == 0x8210000FU && | |
58c5fc13 MT |
4506 | + (call & 0xC0000000U) == 0x40000000U && |
4507 | + mov2 == 0x9E100001U) | |
4508 | + { | |
4509 | + unsigned long addr; | |
4510 | + | |
4511 | + regs->u_regs[UREG_G1] = regs->u_regs[UREG_RETPC]; | |
4512 | + addr = regs->tpc + 4 + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2); | |
4513 | + | |
4514 | + if (test_thread_flag(TIF_32BIT)) | |
4515 | + addr &= 0xFFFFFFFFUL; | |
4516 | + | |
4517 | + regs->tpc = addr; | |
4518 | + regs->tnpc = addr+4; | |
4519 | + return 2; | |
4520 | + } | |
4521 | + } while (0); | |
4522 | + | |
4523 | + do { /* PaX: patched PLT emulation #5 */ | |
ae4e228f | 4524 | + unsigned int sethi, sethi1, sethi2, or1, or2, sllx, jmpl, nop; |
58c5fc13 | 4525 | + |
ae4e228f MT |
4526 | + err = get_user(sethi, (unsigned int *)regs->tpc); |
4527 | + err |= get_user(sethi1, (unsigned int *)(regs->tpc+4)); | |
4528 | + err |= get_user(sethi2, (unsigned int *)(regs->tpc+8)); | |
4529 | + err |= get_user(or1, (unsigned int *)(regs->tpc+12)); | |
4530 | + err |= get_user(or2, (unsigned int *)(regs->tpc+16)); | |
4531 | + err |= get_user(sllx, (unsigned int *)(regs->tpc+20)); | |
4532 | + err |= get_user(jmpl, (unsigned int *)(regs->tpc+24)); | |
4533 | + err |= get_user(nop, (unsigned int *)(regs->tpc+28)); | |
58c5fc13 MT |
4534 | + |
4535 | + if (err) | |
4536 | + break; | |
4537 | + | |
ae4e228f MT |
4538 | + if ((sethi & 0xFFC00000U) == 0x03000000U && |
4539 | + (sethi1 & 0xFFC00000U) == 0x03000000U && | |
58c5fc13 MT |
4540 | + (sethi2 & 0xFFC00000U) == 0x0B000000U && |
4541 | + (or1 & 0xFFFFE000U) == 0x82106000U && | |
4542 | + (or2 & 0xFFFFE000U) == 0x8A116000U && | |
ae4e228f | 4543 | + sllx == 0x83287020U && |
58c5fc13 MT |
4544 | + jmpl == 0x81C04005U && |
4545 | + nop == 0x01000000U) | |
4546 | + { | |
4547 | + unsigned long addr; | |
4548 | + | |
4549 | + regs->u_regs[UREG_G1] = ((sethi1 & 0x003FFFFFU) << 10) | (or1 & 0x000003FFU); | |
4550 | + regs->u_regs[UREG_G1] <<= 32; | |
4551 | + regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or2 & 0x000003FFU); | |
4552 | + addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5]; | |
4553 | + regs->tpc = addr; | |
4554 | + regs->tnpc = addr+4; | |
4555 | + return 2; | |
4556 | + } | |
4557 | + } while (0); | |
4558 | + | |
4559 | + do { /* PaX: patched PLT emulation #6 */ | |
ae4e228f | 4560 | + unsigned int sethi, sethi1, sethi2, sllx, or, jmpl, nop; |
58c5fc13 | 4561 | + |
ae4e228f MT |
4562 | + err = get_user(sethi, (unsigned int *)regs->tpc); |
4563 | + err |= get_user(sethi1, (unsigned int *)(regs->tpc+4)); | |
4564 | + err |= get_user(sethi2, (unsigned int *)(regs->tpc+8)); | |
4565 | + err |= get_user(sllx, (unsigned int *)(regs->tpc+12)); | |
4566 | + err |= get_user(or, (unsigned int *)(regs->tpc+16)); | |
4567 | + err |= get_user(jmpl, (unsigned int *)(regs->tpc+20)); | |
4568 | + err |= get_user(nop, (unsigned int *)(regs->tpc+24)); | |
58c5fc13 MT |
4569 | + |
4570 | + if (err) | |
4571 | + break; | |
4572 | + | |
ae4e228f MT |
4573 | + if ((sethi & 0xFFC00000U) == 0x03000000U && |
4574 | + (sethi1 & 0xFFC00000U) == 0x03000000U && | |
58c5fc13 | 4575 | + (sethi2 & 0xFFC00000U) == 0x0B000000U && |
ae4e228f | 4576 | + sllx == 0x83287020U && |
58c5fc13 MT |
4577 | + (or & 0xFFFFE000U) == 0x8A116000U && |
4578 | + jmpl == 0x81C04005U && | |
4579 | + nop == 0x01000000U) | |
4580 | + { | |
4581 | + unsigned long addr; | |
4582 | + | |
4583 | + regs->u_regs[UREG_G1] = (sethi1 & 0x003FFFFFU) << 10; | |
4584 | + regs->u_regs[UREG_G1] <<= 32; | |
4585 | + regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or & 0x3FFU); | |
4586 | + addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5]; | |
4587 | + regs->tpc = addr; | |
4588 | + regs->tnpc = addr+4; | |
4589 | + return 2; | |
4590 | + } | |
4591 | + } while (0); | |
4592 | + | |
4593 | + do { /* PaX: unpatched PLT emulation step 1 */ | |
4594 | + unsigned int sethi, ba, nop; | |
4595 | + | |
4596 | + err = get_user(sethi, (unsigned int *)regs->tpc); | |
4597 | + err |= get_user(ba, (unsigned int *)(regs->tpc+4)); | |
4598 | + err |= get_user(nop, (unsigned int *)(regs->tpc+8)); | |
4599 | + | |
4600 | + if (err) | |
4601 | + break; | |
4602 | + | |
4603 | + if ((sethi & 0xFFC00000U) == 0x03000000U && | |
4604 | + ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) && | |
4605 | + nop == 0x01000000U) | |
4606 | + { | |
4607 | + unsigned long addr; | |
4608 | + unsigned int save, call; | |
ae4e228f | 4609 | + unsigned int sethi1, sethi2, or1, or2, sllx, add, jmpl; |
58c5fc13 MT |
4610 | + |
4611 | + if ((ba & 0xFFC00000U) == 0x30800000U) | |
4612 | + addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2); | |
4613 | + else | |
4614 | + addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2); | |
4615 | + | |
4616 | + if (test_thread_flag(TIF_32BIT)) | |
4617 | + addr &= 0xFFFFFFFFUL; | |
4618 | + | |
4619 | + err = get_user(save, (unsigned int *)addr); | |
4620 | + err |= get_user(call, (unsigned int *)(addr+4)); | |
4621 | + err |= get_user(nop, (unsigned int *)(addr+8)); | |
4622 | + if (err) | |
4623 | + break; | |
4624 | + | |
4625 | +#ifdef CONFIG_PAX_DLRESOLVE | |
4626 | + if (save == 0x9DE3BFA8U && | |
4627 | + (call & 0xC0000000U) == 0x40000000U && | |
4628 | + nop == 0x01000000U) | |
4629 | + { | |
4630 | + struct vm_area_struct *vma; | |
4631 | + unsigned long call_dl_resolve; | |
4632 | + | |
4633 | + down_read(¤t->mm->mmap_sem); | |
4634 | + call_dl_resolve = current->mm->call_dl_resolve; | |
4635 | + up_read(¤t->mm->mmap_sem); | |
4636 | + if (likely(call_dl_resolve)) | |
4637 | + goto emulate; | |
4638 | + | |
4639 | + vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); | |
4640 | + | |
4641 | + down_write(¤t->mm->mmap_sem); | |
4642 | + if (current->mm->call_dl_resolve) { | |
4643 | + call_dl_resolve = current->mm->call_dl_resolve; | |
4644 | + up_write(¤t->mm->mmap_sem); | |
4645 | + if (vma) | |
4646 | + kmem_cache_free(vm_area_cachep, vma); | |
4647 | + goto emulate; | |
4648 | + } | |
4649 | + | |
4650 | + call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE); | |
4651 | + if (!vma || (call_dl_resolve & ~PAGE_MASK)) { | |
4652 | + up_write(¤t->mm->mmap_sem); | |
4653 | + if (vma) | |
4654 | + kmem_cache_free(vm_area_cachep, vma); | |
4655 | + return 1; | |
4656 | + } | |
4657 | + | |
4658 | + if (pax_insert_vma(vma, call_dl_resolve)) { | |
4659 | + up_write(¤t->mm->mmap_sem); | |
4660 | + kmem_cache_free(vm_area_cachep, vma); | |
4661 | + return 1; | |
4662 | + } | |
4663 | + | |
4664 | + current->mm->call_dl_resolve = call_dl_resolve; | |
4665 | + up_write(¤t->mm->mmap_sem); | |
4666 | + | |
4667 | +emulate: | |
4668 | + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10; | |
4669 | + regs->tpc = call_dl_resolve; | |
4670 | + regs->tnpc = addr+4; | |
4671 | + return 3; | |
4672 | + } | |
4673 | +#endif | |
4674 | + | |
4675 | + /* PaX: glibc 2.4+ generates sethi/jmpl instead of save/call */ | |
4676 | + if ((save & 0xFFC00000U) == 0x05000000U && | |
4677 | + (call & 0xFFFFE000U) == 0x85C0A000U && | |
4678 | + nop == 0x01000000U) | |
4679 | + { | |
4680 | + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10; | |
4681 | + regs->u_regs[UREG_G2] = addr + 4; | |
4682 | + addr = (save & 0x003FFFFFU) << 10; | |
4683 | + addr += (((call | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL); | |
4684 | + | |
4685 | + if (test_thread_flag(TIF_32BIT)) | |
4686 | + addr &= 0xFFFFFFFFUL; | |
4687 | + | |
4688 | + regs->tpc = addr; | |
4689 | + regs->tnpc = addr+4; | |
4690 | + return 3; | |
4691 | + } | |
ae4e228f MT |
4692 | + |
4693 | + /* PaX: 64-bit PLT stub */ | |
4694 | + err = get_user(sethi1, (unsigned int *)addr); | |
4695 | + err |= get_user(sethi2, (unsigned int *)(addr+4)); | |
4696 | + err |= get_user(or1, (unsigned int *)(addr+8)); | |
4697 | + err |= get_user(or2, (unsigned int *)(addr+12)); | |
4698 | + err |= get_user(sllx, (unsigned int *)(addr+16)); | |
4699 | + err |= get_user(add, (unsigned int *)(addr+20)); | |
4700 | + err |= get_user(jmpl, (unsigned int *)(addr+24)); | |
4701 | + err |= get_user(nop, (unsigned int *)(addr+28)); | |
4702 | + if (err) | |
4703 | + break; | |
4704 | + | |
4705 | + if ((sethi1 & 0xFFC00000U) == 0x09000000U && | |
4706 | + (sethi2 & 0xFFC00000U) == 0x0B000000U && | |
4707 | + (or1 & 0xFFFFE000U) == 0x88112000U && | |
4708 | + (or2 & 0xFFFFE000U) == 0x8A116000U && | |
4709 | + sllx == 0x89293020U && | |
4710 | + add == 0x8A010005U && | |
4711 | + jmpl == 0x89C14000U && | |
4712 | + nop == 0x01000000U) | |
4713 | + { | |
4714 | + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10; | |
4715 | + regs->u_regs[UREG_G4] = ((sethi1 & 0x003FFFFFU) << 10) | (or1 & 0x000003FFU); | |
4716 | + regs->u_regs[UREG_G4] <<= 32; | |
4717 | + regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or2 & 0x000003FFU); | |
4718 | + regs->u_regs[UREG_G5] += regs->u_regs[UREG_G4]; | |
4719 | + regs->u_regs[UREG_G4] = addr + 24; | |
4720 | + addr = regs->u_regs[UREG_G5]; | |
4721 | + regs->tpc = addr; | |
4722 | + regs->tnpc = addr+4; | |
4723 | + return 3; | |
4724 | + } | |
58c5fc13 MT |
4725 | + } |
4726 | + } while (0); | |
4727 | + | |
4728 | +#ifdef CONFIG_PAX_DLRESOLVE | |
4729 | + do { /* PaX: unpatched PLT emulation step 2 */ | |
4730 | + unsigned int save, call, nop; | |
4731 | + | |
4732 | + err = get_user(save, (unsigned int *)(regs->tpc-4)); | |
4733 | + err |= get_user(call, (unsigned int *)regs->tpc); | |
4734 | + err |= get_user(nop, (unsigned int *)(regs->tpc+4)); | |
4735 | + if (err) | |
4736 | + break; | |
4737 | + | |
4738 | + if (save == 0x9DE3BFA8U && | |
4739 | + (call & 0xC0000000U) == 0x40000000U && | |
4740 | + nop == 0x01000000U) | |
4741 | + { | |
4742 | + unsigned long dl_resolve = regs->tpc + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2); | |
4743 | + | |
4744 | + if (test_thread_flag(TIF_32BIT)) | |
4745 | + dl_resolve &= 0xFFFFFFFFUL; | |
4746 | + | |
4747 | + regs->u_regs[UREG_RETPC] = regs->tpc; | |
4748 | + regs->tpc = dl_resolve; | |
4749 | + regs->tnpc = dl_resolve+4; | |
4750 | + return 3; | |
4751 | + } | |
4752 | + } while (0); | |
4753 | +#endif | |
4754 | + | |
4755 | + do { /* PaX: patched PLT emulation #7, must be AFTER the unpatched PLT emulation */ | |
4756 | + unsigned int sethi, ba, nop; | |
4757 | + | |
4758 | + err = get_user(sethi, (unsigned int *)regs->tpc); | |
4759 | + err |= get_user(ba, (unsigned int *)(regs->tpc+4)); | |
4760 | + err |= get_user(nop, (unsigned int *)(regs->tpc+8)); | |
4761 | + | |
4762 | + if (err) | |
4763 | + break; | |
4764 | + | |
4765 | + if ((sethi & 0xFFC00000U) == 0x03000000U && | |
4766 | + (ba & 0xFFF00000U) == 0x30600000U && | |
4767 | + nop == 0x01000000U) | |
4768 | + { | |
4769 | + unsigned long addr; | |
4770 | + | |
4771 | + addr = (sethi & 0x003FFFFFU) << 10; | |
4772 | + regs->u_regs[UREG_G1] = addr; | |
4773 | + addr = regs->tpc + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2); | |
4774 | + | |
4775 | + if (test_thread_flag(TIF_32BIT)) | |
4776 | + addr &= 0xFFFFFFFFUL; | |
4777 | + | |
4778 | + regs->tpc = addr; | |
4779 | + regs->tnpc = addr+4; | |
4780 | + return 2; | |
4781 | + } | |
4782 | + } while (0); | |
4783 | + | |
4784 | +#endif | |
4785 | + | |
4786 | + return 1; | |
4787 | +} | |
4788 | + | |
4789 | +void pax_report_insns(void *pc, void *sp) | |
4790 | +{ | |
4791 | + unsigned long i; | |
4792 | + | |
4793 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
ae4e228f | 4794 | + for (i = 0; i < 8; i++) { |
58c5fc13 MT |
4795 | + unsigned int c; |
4796 | + if (get_user(c, (unsigned int *)pc+i)) | |
4797 | + printk(KERN_CONT "???????? "); | |
4798 | + else | |
4799 | + printk(KERN_CONT "%08x ", c); | |
4800 | + } | |
4801 | + printk("\n"); | |
4802 | +} | |
4803 | +#endif | |
4804 | + | |
4805 | asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs) | |
4806 | { | |
4807 | struct mm_struct *mm = current->mm; | |
ae4e228f | 4808 | @@ -312,6 +765,29 @@ asmlinkage void __kprobes do_sparc64_fau |
58c5fc13 MT |
4809 | if (!vma) |
4810 | goto bad_area; | |
4811 | ||
4812 | +#ifdef CONFIG_PAX_PAGEEXEC | |
4813 | + /* PaX: detect ITLB misses on non-exec pages */ | |
4814 | + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && vma->vm_start <= address && | |
4815 | + !(vma->vm_flags & VM_EXEC) && (fault_code & FAULT_CODE_ITLB)) | |
4816 | + { | |
4817 | + if (address != regs->tpc) | |
4818 | + goto good_area; | |
4819 | + | |
4820 | + up_read(&mm->mmap_sem); | |
4821 | + switch (pax_handle_fetch_fault(regs)) { | |
4822 | + | |
4823 | +#ifdef CONFIG_PAX_EMUPLT | |
4824 | + case 2: | |
4825 | + case 3: | |
4826 | + return; | |
4827 | +#endif | |
4828 | + | |
4829 | + } | |
4830 | + pax_report_fault(regs, (void *)regs->tpc, (void *)(regs->u_regs[UREG_FP] + STACK_BIAS)); | |
4831 | + do_group_exit(SIGKILL); | |
4832 | + } | |
4833 | +#endif | |
4834 | + | |
4835 | /* Pure DTLB misses do not tell us whether the fault causing | |
4836 | * load/store/atomic was a write or not, it only says that there | |
4837 | * was no match. So in such a case we (carefully) read the | |
ae4e228f MT |
4838 | diff -urNp linux-2.6.33.1/arch/sparc/mm/init_32.c linux-2.6.33.1/arch/sparc/mm/init_32.c |
4839 | --- linux-2.6.33.1/arch/sparc/mm/init_32.c 2010-03-15 12:09:39.000000000 -0400 | |
4840 | +++ linux-2.6.33.1/arch/sparc/mm/init_32.c 2010-03-20 16:58:38.956579787 -0400 | |
4841 | @@ -317,6 +317,9 @@ extern void device_scan(void); | |
58c5fc13 MT |
4842 | pgprot_t PAGE_SHARED __read_mostly; |
4843 | EXPORT_SYMBOL(PAGE_SHARED); | |
4844 | ||
4845 | +pgprot_t PAGE_SHARED_NOEXEC __read_mostly; | |
4846 | +EXPORT_SYMBOL(PAGE_SHARED_NOEXEC); | |
4847 | + | |
4848 | void __init paging_init(void) | |
4849 | { | |
4850 | switch(sparc_cpu_model) { | |
ae4e228f | 4851 | @@ -345,17 +348,17 @@ void __init paging_init(void) |
58c5fc13 MT |
4852 | |
4853 | /* Initialize the protection map with non-constant, MMU dependent values. */ | |
4854 | protection_map[0] = PAGE_NONE; | |
4855 | - protection_map[1] = PAGE_READONLY; | |
4856 | - protection_map[2] = PAGE_COPY; | |
4857 | - protection_map[3] = PAGE_COPY; | |
4858 | + protection_map[1] = PAGE_READONLY_NOEXEC; | |
4859 | + protection_map[2] = PAGE_COPY_NOEXEC; | |
4860 | + protection_map[3] = PAGE_COPY_NOEXEC; | |
4861 | protection_map[4] = PAGE_READONLY; | |
4862 | protection_map[5] = PAGE_READONLY; | |
4863 | protection_map[6] = PAGE_COPY; | |
4864 | protection_map[7] = PAGE_COPY; | |
4865 | protection_map[8] = PAGE_NONE; | |
4866 | - protection_map[9] = PAGE_READONLY; | |
4867 | - protection_map[10] = PAGE_SHARED; | |
4868 | - protection_map[11] = PAGE_SHARED; | |
4869 | + protection_map[9] = PAGE_READONLY_NOEXEC; | |
4870 | + protection_map[10] = PAGE_SHARED_NOEXEC; | |
4871 | + protection_map[11] = PAGE_SHARED_NOEXEC; | |
4872 | protection_map[12] = PAGE_READONLY; | |
4873 | protection_map[13] = PAGE_READONLY; | |
4874 | protection_map[14] = PAGE_SHARED; | |
ae4e228f MT |
4875 | diff -urNp linux-2.6.33.1/arch/sparc/mm/Makefile linux-2.6.33.1/arch/sparc/mm/Makefile |
4876 | --- linux-2.6.33.1/arch/sparc/mm/Makefile 2010-03-15 12:09:39.000000000 -0400 | |
4877 | +++ linux-2.6.33.1/arch/sparc/mm/Makefile 2010-03-20 16:58:38.968781407 -0400 | |
58c5fc13 MT |
4878 | @@ -2,7 +2,7 @@ |
4879 | # | |
4880 | ||
4881 | asflags-y := -ansi | |
4882 | -ccflags-y := -Werror | |
4883 | +#ccflags-y := -Werror | |
4884 | ||
4885 | obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o | |
4886 | obj-y += fault_$(BITS).o | |
ae4e228f MT |
4887 | diff -urNp linux-2.6.33.1/arch/sparc/mm/srmmu.c linux-2.6.33.1/arch/sparc/mm/srmmu.c |
4888 | --- linux-2.6.33.1/arch/sparc/mm/srmmu.c 2010-03-15 12:09:39.000000000 -0400 | |
4889 | +++ linux-2.6.33.1/arch/sparc/mm/srmmu.c 2010-03-20 16:58:38.968781407 -0400 | |
4890 | @@ -2198,6 +2198,13 @@ void __init ld_mmu_srmmu(void) | |
58c5fc13 MT |
4891 | PAGE_SHARED = pgprot_val(SRMMU_PAGE_SHARED); |
4892 | BTFIXUPSET_INT(page_copy, pgprot_val(SRMMU_PAGE_COPY)); | |
4893 | BTFIXUPSET_INT(page_readonly, pgprot_val(SRMMU_PAGE_RDONLY)); | |
4894 | + | |
4895 | +#ifdef CONFIG_PAX_PAGEEXEC | |
4896 | + PAGE_SHARED_NOEXEC = pgprot_val(SRMMU_PAGE_SHARED_NOEXEC); | |
4897 | + BTFIXUPSET_INT(page_copy_noexec, pgprot_val(SRMMU_PAGE_COPY_NOEXEC)); | |
4898 | + BTFIXUPSET_INT(page_readonly_noexec, pgprot_val(SRMMU_PAGE_RDONLY_NOEXEC)); | |
4899 | +#endif | |
4900 | + | |
4901 | BTFIXUPSET_INT(page_kernel, pgprot_val(SRMMU_PAGE_KERNEL)); | |
4902 | page_kernel = pgprot_val(SRMMU_PAGE_KERNEL); | |
4903 | ||
ae4e228f MT |
4904 | diff -urNp linux-2.6.33.1/arch/um/include/asm/kmap_types.h linux-2.6.33.1/arch/um/include/asm/kmap_types.h |
4905 | --- linux-2.6.33.1/arch/um/include/asm/kmap_types.h 2010-03-15 12:09:39.000000000 -0400 | |
4906 | +++ linux-2.6.33.1/arch/um/include/asm/kmap_types.h 2010-03-20 16:58:38.968781407 -0400 | |
58c5fc13 MT |
4907 | @@ -23,6 +23,7 @@ enum km_type { |
4908 | KM_IRQ1, | |
4909 | KM_SOFTIRQ0, | |
4910 | KM_SOFTIRQ1, | |
4911 | + KM_CLEARPAGE, | |
4912 | KM_TYPE_NR | |
4913 | }; | |
4914 | ||
ae4e228f MT |
4915 | diff -urNp linux-2.6.33.1/arch/um/include/asm/page.h linux-2.6.33.1/arch/um/include/asm/page.h |
4916 | --- linux-2.6.33.1/arch/um/include/asm/page.h 2010-03-15 12:09:39.000000000 -0400 | |
4917 | +++ linux-2.6.33.1/arch/um/include/asm/page.h 2010-03-20 16:58:38.968781407 -0400 | |
58c5fc13 MT |
4918 | @@ -14,6 +14,9 @@ |
4919 | #define PAGE_SIZE (_AC(1, UL) << PAGE_SHIFT) | |
4920 | #define PAGE_MASK (~(PAGE_SIZE-1)) | |
4921 | ||
4922 | +#define ktla_ktva(addr) (addr) | |
4923 | +#define ktva_ktla(addr) (addr) | |
4924 | + | |
4925 | #ifndef __ASSEMBLY__ | |
4926 | ||
4927 | struct page; | |
ae4e228f MT |
4928 | diff -urNp linux-2.6.33.1/arch/um/sys-i386/syscalls.c linux-2.6.33.1/arch/um/sys-i386/syscalls.c |
4929 | --- linux-2.6.33.1/arch/um/sys-i386/syscalls.c 2010-03-15 12:09:39.000000000 -0400 | |
4930 | +++ linux-2.6.33.1/arch/um/sys-i386/syscalls.c 2010-03-20 16:58:38.968781407 -0400 | |
58c5fc13 MT |
4931 | @@ -11,6 +11,21 @@ |
4932 | #include "asm/uaccess.h" | |
4933 | #include "asm/unistd.h" | |
4934 | ||
4935 | +int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags) | |
4936 | +{ | |
4937 | + unsigned long pax_task_size = TASK_SIZE; | |
4938 | + | |
4939 | +#ifdef CONFIG_PAX_SEGMEXEC | |
4940 | + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) | |
4941 | + pax_task_size = SEGMEXEC_TASK_SIZE; | |
4942 | +#endif | |
4943 | + | |
4944 | + if (len > pax_task_size || addr > pax_task_size - len) | |
4945 | + return -EINVAL; | |
4946 | + | |
4947 | + return 0; | |
4948 | +} | |
4949 | + | |
4950 | /* | |
4951 | * Perform the select(nd, in, out, ex, tv) and mmap() system | |
4952 | * calls. Linux/i386 didn't use to be able to handle more than | |
ae4e228f MT |
4953 | diff -urNp linux-2.6.33.1/arch/x86/boot/bitops.h linux-2.6.33.1/arch/x86/boot/bitops.h |
4954 | --- linux-2.6.33.1/arch/x86/boot/bitops.h 2010-03-15 12:09:39.000000000 -0400 | |
4955 | +++ linux-2.6.33.1/arch/x86/boot/bitops.h 2010-03-20 16:58:38.968781407 -0400 | |
58c5fc13 MT |
4956 | @@ -26,7 +26,7 @@ static inline int variable_test_bit(int |
4957 | u8 v; | |
4958 | const u32 *p = (const u32 *)addr; | |
4959 | ||
4960 | - asm("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr)); | |
4961 | + asm volatile("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr)); | |
4962 | return v; | |
4963 | } | |
4964 | ||
4965 | @@ -37,7 +37,7 @@ static inline int variable_test_bit(int | |
4966 | ||
4967 | static inline void set_bit(int nr, void *addr) | |
4968 | { | |
4969 | - asm("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr)); | |
4970 | + asm volatile("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr)); | |
4971 | } | |
4972 | ||
4973 | #endif /* BOOT_BITOPS_H */ | |
ae4e228f MT |
4974 | diff -urNp linux-2.6.33.1/arch/x86/boot/boot.h linux-2.6.33.1/arch/x86/boot/boot.h |
4975 | --- linux-2.6.33.1/arch/x86/boot/boot.h 2010-03-15 12:09:39.000000000 -0400 | |
4976 | +++ linux-2.6.33.1/arch/x86/boot/boot.h 2010-03-20 16:58:38.972657826 -0400 | |
58c5fc13 MT |
4977 | @@ -82,7 +82,7 @@ static inline void io_delay(void) |
4978 | static inline u16 ds(void) | |
4979 | { | |
4980 | u16 seg; | |
4981 | - asm("movw %%ds,%0" : "=rm" (seg)); | |
4982 | + asm volatile("movw %%ds,%0" : "=rm" (seg)); | |
4983 | return seg; | |
4984 | } | |
4985 | ||
4986 | @@ -178,7 +178,7 @@ static inline void wrgs32(u32 v, addr_t | |
4987 | static inline int memcmp(const void *s1, const void *s2, size_t len) | |
4988 | { | |
4989 | u8 diff; | |
4990 | - asm("repe; cmpsb; setnz %0" | |
4991 | + asm volatile("repe; cmpsb; setnz %0" | |
4992 | : "=qm" (diff), "+D" (s1), "+S" (s2), "+c" (len)); | |
4993 | return diff; | |
4994 | } | |
ae4e228f MT |
4995 | diff -urNp linux-2.6.33.1/arch/x86/boot/compressed/head_32.S linux-2.6.33.1/arch/x86/boot/compressed/head_32.S |
4996 | --- linux-2.6.33.1/arch/x86/boot/compressed/head_32.S 2010-03-15 12:09:39.000000000 -0400 | |
4997 | +++ linux-2.6.33.1/arch/x86/boot/compressed/head_32.S 2010-03-20 16:58:38.972657826 -0400 | |
4998 | @@ -76,7 +76,7 @@ ENTRY(startup_32) | |
58c5fc13 MT |
4999 | notl %eax |
5000 | andl %eax, %ebx | |
5001 | #else | |
5002 | - movl $LOAD_PHYSICAL_ADDR, %ebx | |
5003 | + movl $____LOAD_PHYSICAL_ADDR, %ebx | |
5004 | #endif | |
5005 | ||
5006 | /* Target address to relocate to for decompression */ | |
ae4e228f | 5007 | @@ -149,7 +149,7 @@ relocated: |
58c5fc13 MT |
5008 | * and where it was actually loaded. |
5009 | */ | |
5010 | movl %ebp, %ebx | |
5011 | - subl $LOAD_PHYSICAL_ADDR, %ebx | |
5012 | + subl $____LOAD_PHYSICAL_ADDR, %ebx | |
5013 | jz 2f /* Nothing to be done if loaded at compiled addr. */ | |
5014 | /* | |
5015 | * Process relocations. | |
ae4e228f | 5016 | @@ -157,8 +157,7 @@ relocated: |
58c5fc13 MT |
5017 | |
5018 | 1: subl $4, %edi | |
5019 | movl (%edi), %ecx | |
5020 | - testl %ecx, %ecx | |
5021 | - jz 2f | |
5022 | + jecxz 2f | |
5023 | addl %ebx, -__PAGE_OFFSET(%ebx, %ecx) | |
5024 | jmp 1b | |
5025 | 2: | |
ae4e228f MT |
5026 | diff -urNp linux-2.6.33.1/arch/x86/boot/compressed/head_64.S linux-2.6.33.1/arch/x86/boot/compressed/head_64.S |
5027 | --- linux-2.6.33.1/arch/x86/boot/compressed/head_64.S 2010-03-15 12:09:39.000000000 -0400 | |
5028 | +++ linux-2.6.33.1/arch/x86/boot/compressed/head_64.S 2010-03-20 16:58:38.972657826 -0400 | |
5029 | @@ -91,7 +91,7 @@ ENTRY(startup_32) | |
58c5fc13 MT |
5030 | notl %eax |
5031 | andl %eax, %ebx | |
5032 | #else | |
5033 | - movl $LOAD_PHYSICAL_ADDR, %ebx | |
5034 | + movl $____LOAD_PHYSICAL_ADDR, %ebx | |
5035 | #endif | |
5036 | ||
5037 | /* Target address to relocate to for decompression */ | |
5038 | @@ -233,7 +233,7 @@ ENTRY(startup_64) | |
5039 | notq %rax | |
5040 | andq %rax, %rbp | |
5041 | #else | |
5042 | - movq $LOAD_PHYSICAL_ADDR, %rbp | |
5043 | + movq $____LOAD_PHYSICAL_ADDR, %rbp | |
5044 | #endif | |
5045 | ||
5046 | /* Target address to relocate to for decompression */ | |
ae4e228f MT |
5047 | diff -urNp linux-2.6.33.1/arch/x86/boot/compressed/misc.c linux-2.6.33.1/arch/x86/boot/compressed/misc.c |
5048 | --- linux-2.6.33.1/arch/x86/boot/compressed/misc.c 2010-03-15 12:09:39.000000000 -0400 | |
5049 | +++ linux-2.6.33.1/arch/x86/boot/compressed/misc.c 2010-03-20 16:58:38.972657826 -0400 | |
5050 | @@ -292,7 +292,7 @@ static void parse_elf(void *output) | |
58c5fc13 MT |
5051 | case PT_LOAD: |
5052 | #ifdef CONFIG_RELOCATABLE | |
5053 | dest = output; | |
5054 | - dest += (phdr->p_paddr - LOAD_PHYSICAL_ADDR); | |
5055 | + dest += (phdr->p_paddr - ____LOAD_PHYSICAL_ADDR); | |
5056 | #else | |
5057 | dest = (void *)(phdr->p_paddr); | |
5058 | #endif | |
ae4e228f | 5059 | @@ -339,7 +339,7 @@ asmlinkage void decompress_kernel(void * |
58c5fc13 MT |
5060 | error("Destination address too large"); |
5061 | #endif | |
5062 | #ifndef CONFIG_RELOCATABLE | |
5063 | - if ((unsigned long)output != LOAD_PHYSICAL_ADDR) | |
5064 | + if ((unsigned long)output != ____LOAD_PHYSICAL_ADDR) | |
5065 | error("Wrong destination address"); | |
5066 | #endif | |
5067 | ||
ae4e228f MT |
5068 | diff -urNp linux-2.6.33.1/arch/x86/boot/compressed/mkpiggy.c linux-2.6.33.1/arch/x86/boot/compressed/mkpiggy.c |
5069 | --- linux-2.6.33.1/arch/x86/boot/compressed/mkpiggy.c 2010-03-15 12:09:39.000000000 -0400 | |
5070 | +++ linux-2.6.33.1/arch/x86/boot/compressed/mkpiggy.c 2010-03-20 16:58:38.972657826 -0400 | |
58c5fc13 MT |
5071 | @@ -74,7 +74,7 @@ int main(int argc, char *argv[]) |
5072 | ||
5073 | offs = (olen > ilen) ? olen - ilen : 0; | |
5074 | offs += olen >> 12; /* Add 8 bytes for each 32K block */ | |
5075 | - offs += 32*1024 + 18; /* Add 32K + 18 bytes slack */ | |
5076 | + offs += 64*1024; /* Add 64K bytes slack */ | |
5077 | offs = (offs+4095) & ~4095; /* Round to a 4K boundary */ | |
5078 | ||
5079 | printf(".section \".rodata.compressed\",\"a\",@progbits\n"); | |
ae4e228f MT |
5080 | diff -urNp linux-2.6.33.1/arch/x86/boot/compressed/relocs.c linux-2.6.33.1/arch/x86/boot/compressed/relocs.c |
5081 | --- linux-2.6.33.1/arch/x86/boot/compressed/relocs.c 2010-03-15 12:09:39.000000000 -0400 | |
5082 | +++ linux-2.6.33.1/arch/x86/boot/compressed/relocs.c 2010-03-20 16:58:38.972657826 -0400 | |
5083 | @@ -13,8 +13,11 @@ | |
58c5fc13 | 5084 | |
ae4e228f MT |
5085 | static void die(char *fmt, ...); |
5086 | ||
5087 | +#include "../../../../include/generated/autoconf.h" | |
58c5fc13 MT |
5088 | + |
5089 | #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) | |
5090 | static Elf32_Ehdr ehdr; | |
5091 | +static Elf32_Phdr *phdr; | |
5092 | static unsigned long reloc_count, reloc_idx; | |
5093 | static unsigned long *relocs; | |
5094 | ||
ae4e228f | 5095 | @@ -270,9 +273,39 @@ static void read_ehdr(FILE *fp) |
58c5fc13 MT |
5096 | } |
5097 | } | |
5098 | ||
5099 | +static void read_phdrs(FILE *fp) | |
5100 | +{ | |
5101 | + unsigned int i; | |
5102 | + | |
5103 | + phdr = calloc(ehdr.e_phnum, sizeof(Elf32_Phdr)); | |
5104 | + if (!phdr) { | |
5105 | + die("Unable to allocate %d program headers\n", | |
5106 | + ehdr.e_phnum); | |
5107 | + } | |
5108 | + if (fseek(fp, ehdr.e_phoff, SEEK_SET) < 0) { | |
5109 | + die("Seek to %d failed: %s\n", | |
5110 | + ehdr.e_phoff, strerror(errno)); | |
5111 | + } | |
5112 | + if (fread(phdr, sizeof(*phdr), ehdr.e_phnum, fp) != ehdr.e_phnum) { | |
5113 | + die("Cannot read ELF program headers: %s\n", | |
5114 | + strerror(errno)); | |
5115 | + } | |
5116 | + for(i = 0; i < ehdr.e_phnum; i++) { | |
5117 | + phdr[i].p_type = elf32_to_cpu(phdr[i].p_type); | |
5118 | + phdr[i].p_offset = elf32_to_cpu(phdr[i].p_offset); | |
5119 | + phdr[i].p_vaddr = elf32_to_cpu(phdr[i].p_vaddr); | |
5120 | + phdr[i].p_paddr = elf32_to_cpu(phdr[i].p_paddr); | |
5121 | + phdr[i].p_filesz = elf32_to_cpu(phdr[i].p_filesz); | |
5122 | + phdr[i].p_memsz = elf32_to_cpu(phdr[i].p_memsz); | |
5123 | + phdr[i].p_flags = elf32_to_cpu(phdr[i].p_flags); | |
5124 | + phdr[i].p_align = elf32_to_cpu(phdr[i].p_align); | |
5125 | + } | |
5126 | + | |
5127 | +} | |
5128 | + | |
5129 | static void read_shdrs(FILE *fp) | |
5130 | { | |
5131 | - int i; | |
5132 | + unsigned int i; | |
5133 | Elf32_Shdr shdr; | |
5134 | ||
5135 | secs = calloc(ehdr.e_shnum, sizeof(struct section)); | |
ae4e228f | 5136 | @@ -307,7 +340,7 @@ static void read_shdrs(FILE *fp) |
58c5fc13 MT |
5137 | |
5138 | static void read_strtabs(FILE *fp) | |
5139 | { | |
5140 | - int i; | |
5141 | + unsigned int i; | |
5142 | for (i = 0; i < ehdr.e_shnum; i++) { | |
5143 | struct section *sec = &secs[i]; | |
5144 | if (sec->shdr.sh_type != SHT_STRTAB) { | |
ae4e228f | 5145 | @@ -332,7 +365,7 @@ static void read_strtabs(FILE *fp) |
58c5fc13 MT |
5146 | |
5147 | static void read_symtabs(FILE *fp) | |
5148 | { | |
5149 | - int i,j; | |
5150 | + unsigned int i,j; | |
5151 | for (i = 0; i < ehdr.e_shnum; i++) { | |
5152 | struct section *sec = &secs[i]; | |
5153 | if (sec->shdr.sh_type != SHT_SYMTAB) { | |
ae4e228f | 5154 | @@ -365,7 +398,9 @@ static void read_symtabs(FILE *fp) |
58c5fc13 MT |
5155 | |
5156 | static void read_relocs(FILE *fp) | |
5157 | { | |
5158 | - int i,j; | |
5159 | + unsigned int i,j; | |
5160 | + uint32_t base; | |
5161 | + | |
5162 | for (i = 0; i < ehdr.e_shnum; i++) { | |
5163 | struct section *sec = &secs[i]; | |
5164 | if (sec->shdr.sh_type != SHT_REL) { | |
ae4e228f | 5165 | @@ -385,9 +420,18 @@ static void read_relocs(FILE *fp) |
58c5fc13 MT |
5166 | die("Cannot read symbol table: %s\n", |
5167 | strerror(errno)); | |
5168 | } | |
5169 | + base = 0; | |
5170 | + for (j = 0; j < ehdr.e_phnum; j++) { | |
5171 | + if (phdr[j].p_type != PT_LOAD ) | |
5172 | + continue; | |
5173 | + if (secs[sec->shdr.sh_info].shdr.sh_offset < phdr[j].p_offset || secs[sec->shdr.sh_info].shdr.sh_offset >= phdr[j].p_offset + phdr[j].p_filesz) | |
5174 | + continue; | |
5175 | + base = CONFIG_PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr; | |
5176 | + break; | |
5177 | + } | |
5178 | for (j = 0; j < sec->shdr.sh_size/sizeof(Elf32_Rel); j++) { | |
5179 | Elf32_Rel *rel = &sec->reltab[j]; | |
5180 | - rel->r_offset = elf32_to_cpu(rel->r_offset); | |
5181 | + rel->r_offset = elf32_to_cpu(rel->r_offset) + base; | |
5182 | rel->r_info = elf32_to_cpu(rel->r_info); | |
5183 | } | |
5184 | } | |
ae4e228f | 5185 | @@ -396,14 +440,14 @@ static void read_relocs(FILE *fp) |
58c5fc13 MT |
5186 | |
5187 | static void print_absolute_symbols(void) | |
5188 | { | |
5189 | - int i; | |
5190 | + unsigned int i; | |
5191 | printf("Absolute symbols\n"); | |
5192 | printf(" Num: Value Size Type Bind Visibility Name\n"); | |
5193 | for (i = 0; i < ehdr.e_shnum; i++) { | |
5194 | struct section *sec = &secs[i]; | |
5195 | char *sym_strtab; | |
5196 | Elf32_Sym *sh_symtab; | |
5197 | - int j; | |
5198 | + unsigned int j; | |
5199 | ||
5200 | if (sec->shdr.sh_type != SHT_SYMTAB) { | |
5201 | continue; | |
ae4e228f | 5202 | @@ -431,14 +475,14 @@ static void print_absolute_symbols(void) |
58c5fc13 MT |
5203 | |
5204 | static void print_absolute_relocs(void) | |
5205 | { | |
5206 | - int i, printed = 0; | |
5207 | + unsigned int i, printed = 0; | |
5208 | ||
5209 | for (i = 0; i < ehdr.e_shnum; i++) { | |
5210 | struct section *sec = &secs[i]; | |
5211 | struct section *sec_applies, *sec_symtab; | |
5212 | char *sym_strtab; | |
5213 | Elf32_Sym *sh_symtab; | |
5214 | - int j; | |
5215 | + unsigned int j; | |
5216 | if (sec->shdr.sh_type != SHT_REL) { | |
5217 | continue; | |
5218 | } | |
ae4e228f | 5219 | @@ -499,13 +543,13 @@ static void print_absolute_relocs(void) |
58c5fc13 MT |
5220 | |
5221 | static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym)) | |
5222 | { | |
5223 | - int i; | |
5224 | + unsigned int i; | |
5225 | /* Walk through the relocations */ | |
5226 | for (i = 0; i < ehdr.e_shnum; i++) { | |
5227 | char *sym_strtab; | |
5228 | Elf32_Sym *sh_symtab; | |
5229 | struct section *sec_applies, *sec_symtab; | |
5230 | - int j; | |
5231 | + unsigned int j; | |
5232 | struct section *sec = &secs[i]; | |
5233 | ||
5234 | if (sec->shdr.sh_type != SHT_REL) { | |
ae4e228f MT |
5235 | @@ -530,6 +574,22 @@ static void walk_relocs(void (*visit)(El |
5236 | !is_rel_reloc(sym_name(sym_strtab, sym))) { | |
58c5fc13 MT |
5237 | continue; |
5238 | } | |
5239 | + /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */ | |
5240 | + if (!strcmp(sec_name(sym->st_shndx), ".data.percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load")) | |
5241 | + continue; | |
5242 | + | |
5243 | +#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32) | |
5244 | + /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */ | |
ae4e228f MT |
5245 | + if (!strcmp(sec_name(sym->st_shndx), ".data") && !strcmp(sym_name(sym_strtab, sym), "_etext")) |
5246 | + continue; | |
58c5fc13 MT |
5247 | + if (!strcmp(sec_name(sym->st_shndx), ".init.text")) |
5248 | + continue; | |
5249 | + if (!strcmp(sec_name(sym->st_shndx), ".exit.text")) | |
5250 | + continue; | |
5251 | + if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR")) | |
5252 | + continue; | |
5253 | +#endif | |
ae4e228f MT |
5254 | + |
5255 | switch (r_type) { | |
5256 | case R_386_NONE: | |
5257 | case R_386_PC32: | |
5258 | @@ -571,7 +631,7 @@ static int cmp_relocs(const void *va, co | |
58c5fc13 MT |
5259 | |
5260 | static void emit_relocs(int as_text) | |
5261 | { | |
5262 | - int i; | |
5263 | + unsigned int i; | |
5264 | /* Count how many relocations I have and allocate space for them. */ | |
5265 | reloc_count = 0; | |
5266 | walk_relocs(count_reloc); | |
ae4e228f | 5267 | @@ -665,6 +725,7 @@ int main(int argc, char **argv) |
58c5fc13 MT |
5268 | fname, strerror(errno)); |
5269 | } | |
5270 | read_ehdr(fp); | |
5271 | + read_phdrs(fp); | |
5272 | read_shdrs(fp); | |
5273 | read_strtabs(fp); | |
5274 | read_symtabs(fp); | |
ae4e228f MT |
5275 | diff -urNp linux-2.6.33.1/arch/x86/boot/cpucheck.c linux-2.6.33.1/arch/x86/boot/cpucheck.c |
5276 | --- linux-2.6.33.1/arch/x86/boot/cpucheck.c 2010-03-15 12:09:39.000000000 -0400 | |
5277 | +++ linux-2.6.33.1/arch/x86/boot/cpucheck.c 2010-03-20 16:58:38.972657826 -0400 | |
58c5fc13 MT |
5278 | @@ -74,7 +74,7 @@ static int has_fpu(void) |
5279 | u16 fcw = -1, fsw = -1; | |
5280 | u32 cr0; | |
5281 | ||
5282 | - asm("movl %%cr0,%0" : "=r" (cr0)); | |
5283 | + asm volatile("movl %%cr0,%0" : "=r" (cr0)); | |
5284 | if (cr0 & (X86_CR0_EM|X86_CR0_TS)) { | |
5285 | cr0 &= ~(X86_CR0_EM|X86_CR0_TS); | |
5286 | asm volatile("movl %0,%%cr0" : : "r" (cr0)); | |
5287 | @@ -90,7 +90,7 @@ static int has_eflag(u32 mask) | |
5288 | { | |
5289 | u32 f0, f1; | |
5290 | ||
5291 | - asm("pushfl ; " | |
5292 | + asm volatile("pushfl ; " | |
5293 | "pushfl ; " | |
5294 | "popl %0 ; " | |
5295 | "movl %0,%1 ; " | |
5296 | @@ -115,7 +115,7 @@ static void get_flags(void) | |
5297 | set_bit(X86_FEATURE_FPU, cpu.flags); | |
5298 | ||
5299 | if (has_eflag(X86_EFLAGS_ID)) { | |
5300 | - asm("cpuid" | |
5301 | + asm volatile("cpuid" | |
5302 | : "=a" (max_intel_level), | |
5303 | "=b" (cpu_vendor[0]), | |
5304 | "=d" (cpu_vendor[1]), | |
5305 | @@ -124,7 +124,7 @@ static void get_flags(void) | |
5306 | ||
5307 | if (max_intel_level >= 0x00000001 && | |
5308 | max_intel_level <= 0x0000ffff) { | |
5309 | - asm("cpuid" | |
5310 | + asm volatile("cpuid" | |
5311 | : "=a" (tfms), | |
5312 | "=c" (cpu.flags[4]), | |
5313 | "=d" (cpu.flags[0]) | |
5314 | @@ -136,7 +136,7 @@ static void get_flags(void) | |
5315 | cpu.model += ((tfms >> 16) & 0xf) << 4; | |
5316 | } | |
5317 | ||
5318 | - asm("cpuid" | |
5319 | + asm volatile("cpuid" | |
5320 | : "=a" (max_amd_level) | |
5321 | : "a" (0x80000000) | |
5322 | : "ebx", "ecx", "edx"); | |
5323 | @@ -144,7 +144,7 @@ static void get_flags(void) | |
5324 | if (max_amd_level >= 0x80000001 && | |
5325 | max_amd_level <= 0x8000ffff) { | |
5326 | u32 eax = 0x80000001; | |
5327 | - asm("cpuid" | |
5328 | + asm volatile("cpuid" | |
5329 | : "+a" (eax), | |
5330 | "=c" (cpu.flags[6]), | |
5331 | "=d" (cpu.flags[1]) | |
5332 | @@ -203,9 +203,9 @@ int check_cpu(int *cpu_level_ptr, int *r | |
5333 | u32 ecx = MSR_K7_HWCR; | |
5334 | u32 eax, edx; | |
5335 | ||
5336 | - asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx)); | |
5337 | + asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx)); | |
5338 | eax &= ~(1 << 15); | |
5339 | - asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx)); | |
5340 | + asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx)); | |
5341 | ||
5342 | get_flags(); /* Make sure it really did something */ | |
5343 | err = check_flags(); | |
5344 | @@ -218,9 +218,9 @@ int check_cpu(int *cpu_level_ptr, int *r | |
5345 | u32 ecx = MSR_VIA_FCR; | |
5346 | u32 eax, edx; | |
5347 | ||
5348 | - asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx)); | |
5349 | + asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx)); | |
5350 | eax |= (1<<1)|(1<<7); | |
5351 | - asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx)); | |
5352 | + asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx)); | |
5353 | ||
5354 | set_bit(X86_FEATURE_CX8, cpu.flags); | |
5355 | err = check_flags(); | |
5356 | @@ -231,12 +231,12 @@ int check_cpu(int *cpu_level_ptr, int *r | |
5357 | u32 eax, edx; | |
5358 | u32 level = 1; | |
5359 | ||
5360 | - asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx)); | |
5361 | - asm("wrmsr" : : "a" (~0), "d" (edx), "c" (ecx)); | |
5362 | - asm("cpuid" | |
5363 | + asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx)); | |
5364 | + asm volatile("wrmsr" : : "a" (~0), "d" (edx), "c" (ecx)); | |
5365 | + asm volatile("cpuid" | |
5366 | : "+a" (level), "=d" (cpu.flags[0]) | |
5367 | : : "ecx", "ebx"); | |
5368 | - asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx)); | |
5369 | + asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx)); | |
5370 | ||
5371 | err = check_flags(); | |
5372 | } | |
ae4e228f MT |
5373 | diff -urNp linux-2.6.33.1/arch/x86/boot/header.S linux-2.6.33.1/arch/x86/boot/header.S |
5374 | --- linux-2.6.33.1/arch/x86/boot/header.S 2010-03-15 12:09:39.000000000 -0400 | |
5375 | +++ linux-2.6.33.1/arch/x86/boot/header.S 2010-03-20 16:58:38.972657826 -0400 | |
58c5fc13 MT |
5376 | @@ -224,7 +224,7 @@ setup_data: .quad 0 # 64-bit physical |
5377 | # single linked list of | |
5378 | # struct setup_data | |
5379 | ||
5380 | -pref_address: .quad LOAD_PHYSICAL_ADDR # preferred load addr | |
5381 | +pref_address: .quad ____LOAD_PHYSICAL_ADDR # preferred load addr | |
5382 | ||
5383 | #define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_extract_offset) | |
5384 | #define VO_INIT_SIZE (VO__end - VO__text) | |
ae4e228f MT |
5385 | diff -urNp linux-2.6.33.1/arch/x86/boot/video-vesa.c linux-2.6.33.1/arch/x86/boot/video-vesa.c |
5386 | --- linux-2.6.33.1/arch/x86/boot/video-vesa.c 2010-03-15 12:09:39.000000000 -0400 | |
5387 | +++ linux-2.6.33.1/arch/x86/boot/video-vesa.c 2010-03-20 16:58:38.972657826 -0400 | |
5388 | @@ -200,6 +200,7 @@ static void vesa_store_pm_info(void) | |
58c5fc13 MT |
5389 | |
5390 | boot_params.screen_info.vesapm_seg = oreg.es; | |
5391 | boot_params.screen_info.vesapm_off = oreg.di; | |
5392 | + boot_params.screen_info.vesapm_size = oreg.cx; | |
5393 | } | |
5394 | ||
5395 | /* | |
ae4e228f MT |
5396 | diff -urNp linux-2.6.33.1/arch/x86/ia32/ia32_signal.c linux-2.6.33.1/arch/x86/ia32/ia32_signal.c |
5397 | --- linux-2.6.33.1/arch/x86/ia32/ia32_signal.c 2010-03-15 12:09:39.000000000 -0400 | |
5398 | +++ linux-2.6.33.1/arch/x86/ia32/ia32_signal.c 2010-03-20 16:58:38.972657826 -0400 | |
58c5fc13 MT |
5399 | @@ -403,7 +403,7 @@ static void __user *get_sigframe(struct |
5400 | sp -= frame_size; | |
5401 | /* Align the stack pointer according to the i386 ABI, | |
5402 | * i.e. so that on function entry ((sp + 4) & 15) == 0. */ | |
5403 | - sp = ((sp + 4) & -16ul) - 4; | |
5404 | + sp = ((sp - 12) & -16ul) - 4; | |
5405 | return (void __user *) sp; | |
5406 | } | |
5407 | ||
5408 | @@ -503,7 +503,7 @@ int ia32_setup_rt_frame(int sig, struct | |
5409 | 0xb8, | |
5410 | __NR_ia32_rt_sigreturn, | |
5411 | 0x80cd, | |
5412 | - 0, | |
5413 | + 0 | |
5414 | }; | |
5415 | ||
5416 | frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate); | |
ae4e228f MT |
5417 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/alternative.h linux-2.6.33.1/arch/x86/include/asm/alternative.h |
5418 | --- linux-2.6.33.1/arch/x86/include/asm/alternative.h 2010-03-15 12:09:39.000000000 -0400 | |
5419 | +++ linux-2.6.33.1/arch/x86/include/asm/alternative.h 2010-03-20 16:58:38.972657826 -0400 | |
5420 | @@ -86,7 +86,7 @@ static inline void alternatives_smp_swit | |
58c5fc13 | 5421 | " .byte 664f-663f\n" /* replacementlen */ \ |
ae4e228f | 5422 | " .byte 0xff + (664f-663f) - (662b-661b)\n" /* rlen <= slen */ \ |
58c5fc13 MT |
5423 | ".previous\n" \ |
5424 | - ".section .altinstr_replacement, \"ax\"\n" \ | |
5425 | + ".section .altinstr_replacement, \"a\"\n" \ | |
5426 | "663:\n\t" newinstr "\n664:\n" /* replacement */ \ | |
5427 | ".previous" | |
5428 | ||
ae4e228f MT |
5429 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/apm.h linux-2.6.33.1/arch/x86/include/asm/apm.h |
5430 | --- linux-2.6.33.1/arch/x86/include/asm/apm.h 2010-03-15 12:09:39.000000000 -0400 | |
5431 | +++ linux-2.6.33.1/arch/x86/include/asm/apm.h 2010-03-20 16:58:38.972657826 -0400 | |
58c5fc13 MT |
5432 | @@ -34,7 +34,7 @@ static inline void apm_bios_call_asm(u32 |
5433 | __asm__ __volatile__(APM_DO_ZERO_SEGS | |
5434 | "pushl %%edi\n\t" | |
5435 | "pushl %%ebp\n\t" | |
5436 | - "lcall *%%cs:apm_bios_entry\n\t" | |
5437 | + "lcall *%%ss:apm_bios_entry\n\t" | |
5438 | "setc %%al\n\t" | |
5439 | "popl %%ebp\n\t" | |
5440 | "popl %%edi\n\t" | |
5441 | @@ -58,7 +58,7 @@ static inline u8 apm_bios_call_simple_as | |
5442 | __asm__ __volatile__(APM_DO_ZERO_SEGS | |
5443 | "pushl %%edi\n\t" | |
5444 | "pushl %%ebp\n\t" | |
5445 | - "lcall *%%cs:apm_bios_entry\n\t" | |
5446 | + "lcall *%%ss:apm_bios_entry\n\t" | |
5447 | "setc %%bl\n\t" | |
5448 | "popl %%ebp\n\t" | |
5449 | "popl %%edi\n\t" | |
ae4e228f MT |
5450 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/atomic_32.h linux-2.6.33.1/arch/x86/include/asm/atomic_32.h |
5451 | --- linux-2.6.33.1/arch/x86/include/asm/atomic_32.h 2010-03-15 12:09:39.000000000 -0400 | |
5452 | +++ linux-2.6.33.1/arch/x86/include/asm/atomic_32.h 2010-03-20 16:58:38.972657826 -0400 | |
58c5fc13 MT |
5453 | @@ -25,6 +25,17 @@ static inline int atomic_read(const atom |
5454 | } | |
5455 | ||
5456 | /** | |
5457 | + * atomic_read_unchecked - read atomic variable | |
5458 | + * @v: pointer of type atomic_unchecked_t | |
5459 | + * | |
5460 | + * Atomically reads the value of @v. | |
5461 | + */ | |
5462 | +static inline int atomic_read_unchecked(const atomic_unchecked_t *v) | |
5463 | +{ | |
5464 | + return v->counter; | |
5465 | +} | |
5466 | + | |
5467 | +/** | |
5468 | * atomic_set - set atomic variable | |
5469 | * @v: pointer of type atomic_t | |
5470 | * @i: required value | |
5471 | @@ -37,6 +48,18 @@ static inline void atomic_set(atomic_t * | |
5472 | } | |
5473 | ||
5474 | /** | |
5475 | + * atomic_set_unchecked - set atomic variable | |
5476 | + * @v: pointer of type atomic_unchecked_t | |
5477 | + * @i: required value | |
5478 | + * | |
5479 | + * Atomically sets the value of @v to @i. | |
5480 | + */ | |
5481 | +static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i) | |
5482 | +{ | |
5483 | + v->counter = i; | |
5484 | +} | |
5485 | + | |
5486 | +/** | |
5487 | * atomic_add - add integer to atomic variable | |
5488 | * @i: integer value to add | |
5489 | * @v: pointer of type atomic_t | |
5490 | @@ -45,7 +68,29 @@ static inline void atomic_set(atomic_t * | |
5491 | */ | |
5492 | static inline void atomic_add(int i, atomic_t *v) | |
5493 | { | |
5494 | - asm volatile(LOCK_PREFIX "addl %1,%0" | |
5495 | + asm volatile(LOCK_PREFIX "addl %1,%0\n" | |
5496 | + | |
5497 | +#ifdef CONFIG_PAX_REFCOUNT | |
5498 | + "jno 0f\n" | |
5499 | + LOCK_PREFIX "subl %1,%0\n" | |
5500 | + "into\n0:\n" | |
5501 | + _ASM_EXTABLE(0b, 0b) | |
5502 | +#endif | |
5503 | + | |
5504 | + : "+m" (v->counter) | |
5505 | + : "ir" (i)); | |
5506 | +} | |
5507 | + | |
5508 | +/** | |
5509 | + * atomic_add_unchecked - add integer to atomic variable | |
5510 | + * @i: integer value to add | |
5511 | + * @v: pointer of type atomic_unchecked_t | |
5512 | + * | |
5513 | + * Atomically adds @i to @v. | |
5514 | + */ | |
5515 | +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v) | |
5516 | +{ | |
5517 | + asm volatile(LOCK_PREFIX "addl %1,%0\n" | |
5518 | : "+m" (v->counter) | |
5519 | : "ir" (i)); | |
5520 | } | |
5521 | @@ -59,7 +104,29 @@ static inline void atomic_add(int i, ato | |
5522 | */ | |
5523 | static inline void atomic_sub(int i, atomic_t *v) | |
5524 | { | |
5525 | - asm volatile(LOCK_PREFIX "subl %1,%0" | |
5526 | + asm volatile(LOCK_PREFIX "subl %1,%0\n" | |
5527 | + | |
5528 | +#ifdef CONFIG_PAX_REFCOUNT | |
5529 | + "jno 0f\n" | |
5530 | + LOCK_PREFIX "addl %1,%0\n" | |
5531 | + "into\n0:\n" | |
5532 | + _ASM_EXTABLE(0b, 0b) | |
5533 | +#endif | |
5534 | + | |
5535 | + : "+m" (v->counter) | |
5536 | + : "ir" (i)); | |
5537 | +} | |
5538 | + | |
5539 | +/** | |
5540 | + * atomic_sub_unchecked - subtract integer from atomic variable | |
5541 | + * @i: integer value to subtract | |
5542 | + * @v: pointer of type atomic_t | |
5543 | + * | |
5544 | + * Atomically subtracts @i from @v. | |
5545 | + */ | |
5546 | +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v) | |
5547 | +{ | |
5548 | + asm volatile(LOCK_PREFIX "subl %1,%0\n" | |
5549 | : "+m" (v->counter) | |
5550 | : "ir" (i)); | |
5551 | } | |
5552 | @@ -77,7 +144,16 @@ static inline int atomic_sub_and_test(in | |
5553 | { | |
5554 | unsigned char c; | |
5555 | ||
5556 | - asm volatile(LOCK_PREFIX "subl %2,%0; sete %1" | |
5557 | + asm volatile(LOCK_PREFIX "subl %2,%0\n" | |
5558 | + | |
5559 | +#ifdef CONFIG_PAX_REFCOUNT | |
5560 | + "jno 0f\n" | |
5561 | + LOCK_PREFIX "addl %2,%0\n" | |
5562 | + "into\n0:\n" | |
5563 | + _ASM_EXTABLE(0b, 0b) | |
5564 | +#endif | |
5565 | + | |
5566 | + "sete %1\n" | |
5567 | : "+m" (v->counter), "=qm" (c) | |
5568 | : "ir" (i) : "memory"); | |
5569 | return c; | |
5570 | @@ -91,7 +167,30 @@ static inline int atomic_sub_and_test(in | |
5571 | */ | |
5572 | static inline void atomic_inc(atomic_t *v) | |
5573 | { | |
5574 | - asm volatile(LOCK_PREFIX "incl %0" | |
5575 | + asm volatile(LOCK_PREFIX "incl %0\n" | |
5576 | + | |
5577 | +#ifdef CONFIG_PAX_REFCOUNT | |
5578 | + "into\n0:\n" | |
5579 | + ".pushsection .fixup,\"ax\"\n" | |
5580 | + "1:\n" | |
5581 | + LOCK_PREFIX "decl %0\n" | |
5582 | + "jmp 0b\n" | |
5583 | + ".popsection\n" | |
5584 | + _ASM_EXTABLE(0b, 1b) | |
5585 | +#endif | |
5586 | + | |
5587 | + : "+m" (v->counter)); | |
5588 | +} | |
5589 | + | |
5590 | +/** | |
5591 | + * atomic_inc_unchecked - increment atomic variable | |
5592 | + * @v: pointer of type atomic_unchecked_t | |
5593 | + * | |
5594 | + * Atomically increments @v by 1. | |
5595 | + */ | |
5596 | +static inline void atomic_inc_unchecked(atomic_unchecked_t *v) | |
5597 | +{ | |
5598 | + asm volatile(LOCK_PREFIX "incl %0\n" | |
5599 | : "+m" (v->counter)); | |
5600 | } | |
5601 | ||
5602 | @@ -103,7 +202,18 @@ static inline void atomic_inc(atomic_t * | |
5603 | */ | |
5604 | static inline void atomic_dec(atomic_t *v) | |
5605 | { | |
5606 | - asm volatile(LOCK_PREFIX "decl %0" | |
5607 | + asm volatile(LOCK_PREFIX "decl %0\n" | |
5608 | + | |
5609 | +#ifdef CONFIG_PAX_REFCOUNT | |
5610 | + "into\n0:\n" | |
5611 | + ".pushsection .fixup,\"ax\"\n" | |
5612 | + "1: \n" | |
5613 | + LOCK_PREFIX "incl %0\n" | |
5614 | + "jmp 0b\n" | |
5615 | + ".popsection\n" | |
5616 | + _ASM_EXTABLE(0b, 1b) | |
5617 | +#endif | |
5618 | + | |
5619 | : "+m" (v->counter)); | |
5620 | } | |
5621 | ||
5622 | @@ -119,7 +229,19 @@ static inline int atomic_dec_and_test(at | |
5623 | { | |
5624 | unsigned char c; | |
5625 | ||
5626 | - asm volatile(LOCK_PREFIX "decl %0; sete %1" | |
5627 | + asm volatile(LOCK_PREFIX "decl %0\n" | |
5628 | + | |
5629 | +#ifdef CONFIG_PAX_REFCOUNT | |
5630 | + "into\n0:\n" | |
5631 | + ".pushsection .fixup,\"ax\"\n" | |
5632 | + "1: \n" | |
5633 | + LOCK_PREFIX "incl %0\n" | |
5634 | + "jmp 0b\n" | |
5635 | + ".popsection\n" | |
5636 | + _ASM_EXTABLE(0b, 1b) | |
5637 | +#endif | |
5638 | + | |
5639 | + "sete %1\n" | |
5640 | : "+m" (v->counter), "=qm" (c) | |
5641 | : : "memory"); | |
5642 | return c != 0; | |
5643 | @@ -137,7 +259,19 @@ static inline int atomic_inc_and_test(at | |
5644 | { | |
5645 | unsigned char c; | |
5646 | ||
5647 | - asm volatile(LOCK_PREFIX "incl %0; sete %1" | |
5648 | + asm volatile(LOCK_PREFIX "incl %0\n" | |
5649 | + | |
5650 | +#ifdef CONFIG_PAX_REFCOUNT | |
5651 | + "into\n0:\n" | |
5652 | + ".pushsection .fixup,\"ax\"\n" | |
5653 | + "1: \n" | |
5654 | + LOCK_PREFIX "decl %0\n" | |
5655 | + "jmp 0b\n" | |
5656 | + ".popsection\n" | |
5657 | + _ASM_EXTABLE(0b, 1b) | |
5658 | +#endif | |
5659 | + | |
5660 | + "sete %1\n" | |
5661 | : "+m" (v->counter), "=qm" (c) | |
5662 | : : "memory"); | |
5663 | return c != 0; | |
5664 | @@ -156,7 +290,16 @@ static inline int atomic_add_negative(in | |
5665 | { | |
5666 | unsigned char c; | |
5667 | ||
5668 | - asm volatile(LOCK_PREFIX "addl %2,%0; sets %1" | |
5669 | + asm volatile(LOCK_PREFIX "addl %2,%0\n" | |
5670 | + | |
5671 | +#ifdef CONFIG_PAX_REFCOUNT | |
5672 | + "jno 0f\n" | |
5673 | + LOCK_PREFIX "subl %2,%0\n" | |
5674 | + "into\n0:\n" | |
5675 | + _ASM_EXTABLE(0b, 0b) | |
5676 | +#endif | |
5677 | + | |
5678 | + "sets %1\n" | |
5679 | : "+m" (v->counter), "=qm" (c) | |
5680 | : "ir" (i) : "memory"); | |
5681 | return c; | |
ae4e228f | 5682 | @@ -179,6 +322,46 @@ static inline int atomic_add_return(int |
58c5fc13 MT |
5683 | #endif |
5684 | /* Modern 486+ processor */ | |
5685 | __i = i; | |
58c5fc13 MT |
5686 | + asm volatile(LOCK_PREFIX "xaddl %0, %1\n" |
5687 | + | |
5688 | +#ifdef CONFIG_PAX_REFCOUNT | |
5689 | + "jno 0f\n" | |
5690 | + "movl %0, %1\n" | |
5691 | + "into\n0:\n" | |
5692 | + _ASM_EXTABLE(0b, 0b) | |
5693 | +#endif | |
5694 | + | |
ae4e228f MT |
5695 | + : "+r" (i), "+m" (v->counter) |
5696 | + : : "memory"); | |
5697 | + return i + __i; | |
5698 | + | |
5699 | +#ifdef CONFIG_M386 | |
5700 | +no_xadd: /* Legacy 386 processor */ | |
5701 | + local_irq_save(flags); | |
5702 | + __i = atomic_read(v); | |
5703 | + atomic_set(v, i + __i); | |
5704 | + local_irq_restore(flags); | |
5705 | + return i + __i; | |
5706 | +#endif | |
5707 | +} | |
5708 | + | |
5709 | +/** | |
5710 | + * atomic_add_return_unchecked - add integer and return | |
5711 | + * @v: pointer of type atomic_unchecked_t | |
5712 | + * @i: integer value to add | |
5713 | + * | |
5714 | + * Atomically adds @i to @v and returns @i + @v | |
5715 | + */ | |
5716 | +static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v) | |
5717 | +{ | |
5718 | + int __i; | |
5719 | +#ifdef CONFIG_M386 | |
5720 | + unsigned long flags; | |
5721 | + if (unlikely(boot_cpu_data.x86 <= 3)) | |
5722 | + goto no_xadd; | |
5723 | +#endif | |
5724 | + /* Modern 486+ processor */ | |
5725 | + __i = i; | |
5726 | asm volatile(LOCK_PREFIX "xaddl %0, %1" | |
58c5fc13 MT |
5727 | : "+r" (i), "+m" (v->counter) |
5728 | : : "memory"); | |
ae4e228f | 5729 | @@ -227,22 +410,34 @@ static inline int atomic_xchg(atomic_t * |
58c5fc13 MT |
5730 | */ |
5731 | static inline int atomic_add_unless(atomic_t *v, int a, int u) | |
5732 | { | |
5733 | - int c, old; | |
5734 | + int c, old, new; | |
5735 | c = atomic_read(v); | |
5736 | for (;;) { | |
5737 | - if (unlikely(c == (u))) | |
5738 | + if (unlikely(c == u)) | |
5739 | break; | |
5740 | - old = atomic_cmpxchg((v), c, c + (a)); | |
5741 | + | |
5742 | + asm volatile("addl %2,%0\n" | |
5743 | + | |
5744 | +#ifdef CONFIG_PAX_REFCOUNT | |
5745 | + "into\n0:\n" | |
5746 | + _ASM_EXTABLE(0b, 0b) | |
5747 | +#endif | |
5748 | + | |
5749 | + : "=r" (new) | |
5750 | + : "0" (c), "ir" (a)); | |
5751 | + | |
5752 | + old = atomic_cmpxchg(v, c, new); | |
5753 | if (likely(old == c)) | |
5754 | break; | |
5755 | c = old; | |
5756 | } | |
5757 | - return c != (u); | |
5758 | + return c != u; | |
5759 | } | |
5760 | ||
5761 | #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0) | |
ae4e228f MT |
5762 | |
5763 | #define atomic_inc_return(v) (atomic_add_return(1, v)) | |
5764 | +#define atomic_inc_return_unchecked(v) (atomic_add_return_unchecked(1, v)) | |
5765 | #define atomic_dec_return(v) (atomic_sub_return(1, v)) | |
5766 | ||
5767 | /* These are x86-specific, used by some header files */ | |
5768 | @@ -266,6 +461,14 @@ typedef struct { | |
5769 | u64 __aligned(8) counter; | |
5770 | } atomic64_t; | |
5771 | ||
5772 | +#ifdef CONFIG_PAX_REFCOUNT | |
5773 | +typedef struct { | |
5774 | + u64 __aligned(8) counter; | |
5775 | +} atomic64_unchecked_t; | |
5776 | +#else | |
5777 | +typedef atomic64_t atomic64_unchecked_t; | |
5778 | +#endif | |
5779 | + | |
5780 | #define ATOMIC64_INIT(val) { (val) } | |
5781 | ||
5782 | extern u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old_val, u64 new_val); | |
5783 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/atomic_64.h linux-2.6.33.1/arch/x86/include/asm/atomic_64.h | |
5784 | --- linux-2.6.33.1/arch/x86/include/asm/atomic_64.h 2010-03-15 12:09:39.000000000 -0400 | |
5785 | +++ linux-2.6.33.1/arch/x86/include/asm/atomic_64.h 2010-03-20 16:58:38.972657826 -0400 | |
58c5fc13 MT |
5786 | @@ -24,6 +24,17 @@ static inline int atomic_read(const atom |
5787 | } | |
5788 | ||
5789 | /** | |
5790 | + * atomic_read_unchecked - read atomic variable | |
5791 | + * @v: pointer of type atomic_unchecked_t | |
5792 | + * | |
5793 | + * Atomically reads the value of @v. | |
5794 | + */ | |
5795 | +static inline int atomic_read_unchecked(const atomic_unchecked_t *v) | |
5796 | +{ | |
5797 | + return v->counter; | |
5798 | +} | |
5799 | + | |
5800 | +/** | |
5801 | * atomic_set - set atomic variable | |
5802 | * @v: pointer of type atomic_t | |
5803 | * @i: required value | |
5804 | @@ -36,6 +47,18 @@ static inline void atomic_set(atomic_t * | |
5805 | } | |
5806 | ||
5807 | /** | |
5808 | + * atomic_set_unchecked - set atomic variable | |
5809 | + * @v: pointer of type atomic_unchecked_t | |
5810 | + * @i: required value | |
5811 | + * | |
5812 | + * Atomically sets the value of @v to @i. | |
5813 | + */ | |
5814 | +static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i) | |
5815 | +{ | |
5816 | + v->counter = i; | |
5817 | +} | |
5818 | + | |
5819 | +/** | |
5820 | * atomic_add - add integer to atomic variable | |
5821 | * @i: integer value to add | |
5822 | * @v: pointer of type atomic_t | |
5823 | @@ -44,7 +67,29 @@ static inline void atomic_set(atomic_t * | |
5824 | */ | |
5825 | static inline void atomic_add(int i, atomic_t *v) | |
5826 | { | |
5827 | - asm volatile(LOCK_PREFIX "addl %1,%0" | |
5828 | + asm volatile(LOCK_PREFIX "addl %1,%0\n" | |
5829 | + | |
5830 | +#ifdef CONFIG_PAX_REFCOUNT | |
5831 | + "jno 0f\n" | |
5832 | + LOCK_PREFIX "subl %1,%0\n" | |
5833 | + "int $4\n0:\n" | |
5834 | + _ASM_EXTABLE(0b, 0b) | |
5835 | +#endif | |
5836 | + | |
5837 | + : "=m" (v->counter) | |
5838 | + : "ir" (i), "m" (v->counter)); | |
5839 | +} | |
5840 | + | |
5841 | +/** | |
5842 | + * atomic_add_unchecked - add integer to atomic variable | |
5843 | + * @i: integer value to add | |
5844 | + * @v: pointer of type atomic_unchecked_t | |
5845 | + * | |
5846 | + * Atomically adds @i to @v. | |
5847 | + */ | |
5848 | +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v) | |
5849 | +{ | |
5850 | + asm volatile(LOCK_PREFIX "addl %1,%0\n" | |
5851 | : "=m" (v->counter) | |
5852 | : "ir" (i), "m" (v->counter)); | |
5853 | } | |
5854 | @@ -58,7 +103,29 @@ static inline void atomic_add(int i, ato | |
5855 | */ | |
5856 | static inline void atomic_sub(int i, atomic_t *v) | |
5857 | { | |
5858 | - asm volatile(LOCK_PREFIX "subl %1,%0" | |
5859 | + asm volatile(LOCK_PREFIX "subl %1,%0\n" | |
5860 | + | |
5861 | +#ifdef CONFIG_PAX_REFCOUNT | |
5862 | + "jno 0f\n" | |
5863 | + LOCK_PREFIX "addl %1,%0\n" | |
5864 | + "int $4\n0:\n" | |
5865 | + _ASM_EXTABLE(0b, 0b) | |
5866 | +#endif | |
5867 | + | |
5868 | + : "=m" (v->counter) | |
5869 | + : "ir" (i), "m" (v->counter)); | |
5870 | +} | |
5871 | + | |
5872 | +/** | |
5873 | + * atomic_sub_unchecked - subtract the atomic variable | |
5874 | + * @i: integer value to subtract | |
5875 | + * @v: pointer of type atomic_unchecked_t | |
5876 | + * | |
5877 | + * Atomically subtracts @i from @v. | |
5878 | + */ | |
5879 | +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v) | |
5880 | +{ | |
5881 | + asm volatile(LOCK_PREFIX "subl %1,%0\n" | |
5882 | : "=m" (v->counter) | |
5883 | : "ir" (i), "m" (v->counter)); | |
5884 | } | |
5885 | @@ -76,7 +143,16 @@ static inline int atomic_sub_and_test(in | |
5886 | { | |
5887 | unsigned char c; | |
5888 | ||
5889 | - asm volatile(LOCK_PREFIX "subl %2,%0; sete %1" | |
5890 | + asm volatile(LOCK_PREFIX "subl %2,%0\n" | |
5891 | + | |
5892 | +#ifdef CONFIG_PAX_REFCOUNT | |
5893 | + "jno 0f\n" | |
5894 | + LOCK_PREFIX "addl %2,%0\n" | |
5895 | + "int $4\n0:\n" | |
5896 | + _ASM_EXTABLE(0b, 0b) | |
5897 | +#endif | |
5898 | + | |
5899 | + "sete %1\n" | |
5900 | : "=m" (v->counter), "=qm" (c) | |
5901 | : "ir" (i), "m" (v->counter) : "memory"); | |
5902 | return c; | |
5903 | @@ -90,7 +166,32 @@ static inline int atomic_sub_and_test(in | |
5904 | */ | |
5905 | static inline void atomic_inc(atomic_t *v) | |
5906 | { | |
5907 | - asm volatile(LOCK_PREFIX "incl %0" | |
5908 | + asm volatile(LOCK_PREFIX "incl %0\n" | |
5909 | + | |
5910 | +#ifdef CONFIG_PAX_REFCOUNT | |
5911 | + "jno 0f\n" | |
5912 | + "int $4\n0:\n" | |
5913 | + ".pushsection .fixup,\"ax\"\n" | |
5914 | + "1:\n" | |
5915 | + LOCK_PREFIX "decl %0\n" | |
5916 | + "jmp 0b\n" | |
5917 | + ".popsection\n" | |
5918 | + _ASM_EXTABLE(0b, 1b) | |
5919 | +#endif | |
5920 | + | |
5921 | + : "=m" (v->counter) | |
5922 | + : "m" (v->counter)); | |
5923 | +} | |
5924 | + | |
5925 | +/** | |
5926 | + * atomic_inc_unchecked - increment atomic variable | |
5927 | + * @v: pointer of type atomic_unchecked_t | |
5928 | + * | |
5929 | + * Atomically increments @v by 1. | |
5930 | + */ | |
5931 | +static inline void atomic_inc_unchecked(atomic_unchecked_t *v) | |
5932 | +{ | |
5933 | + asm volatile(LOCK_PREFIX "incl %0\n" | |
5934 | : "=m" (v->counter) | |
5935 | : "m" (v->counter)); | |
5936 | } | |
5937 | @@ -103,7 +204,19 @@ static inline void atomic_inc(atomic_t * | |
5938 | */ | |
5939 | static inline void atomic_dec(atomic_t *v) | |
5940 | { | |
5941 | - asm volatile(LOCK_PREFIX "decl %0" | |
5942 | + asm volatile(LOCK_PREFIX "decl %0\n" | |
5943 | + | |
5944 | +#ifdef CONFIG_PAX_REFCOUNT | |
5945 | + "jno 0f\n" | |
5946 | + "int $4\n0:\n" | |
5947 | + ".pushsection .fixup,\"ax\"\n" | |
5948 | + "1: \n" | |
5949 | + LOCK_PREFIX "incl %0\n" | |
5950 | + "jmp 0b\n" | |
5951 | + ".popsection\n" | |
5952 | + _ASM_EXTABLE(0b, 1b) | |
5953 | +#endif | |
5954 | + | |
5955 | : "=m" (v->counter) | |
5956 | : "m" (v->counter)); | |
5957 | } | |
5958 | @@ -120,7 +233,20 @@ static inline int atomic_dec_and_test(at | |
5959 | { | |
5960 | unsigned char c; | |
5961 | ||
5962 | - asm volatile(LOCK_PREFIX "decl %0; sete %1" | |
5963 | + asm volatile(LOCK_PREFIX "decl %0\n" | |
5964 | + | |
5965 | +#ifdef CONFIG_PAX_REFCOUNT | |
5966 | + "jno 0f\n" | |
5967 | + "int $4\n0:\n" | |
5968 | + ".pushsection .fixup,\"ax\"\n" | |
5969 | + "1: \n" | |
5970 | + LOCK_PREFIX "incl %0\n" | |
5971 | + "jmp 0b\n" | |
5972 | + ".popsection\n" | |
5973 | + _ASM_EXTABLE(0b, 1b) | |
5974 | +#endif | |
5975 | + | |
5976 | + "sete %1\n" | |
5977 | : "=m" (v->counter), "=qm" (c) | |
5978 | : "m" (v->counter) : "memory"); | |
5979 | return c != 0; | |
5980 | @@ -138,7 +264,20 @@ static inline int atomic_inc_and_test(at | |
5981 | { | |
5982 | unsigned char c; | |
5983 | ||
5984 | - asm volatile(LOCK_PREFIX "incl %0; sete %1" | |
5985 | + asm volatile(LOCK_PREFIX "incl %0\n" | |
5986 | + | |
5987 | +#ifdef CONFIG_PAX_REFCOUNT | |
5988 | + "jno 0f\n" | |
5989 | + "int $4\n0:\n" | |
5990 | + ".pushsection .fixup,\"ax\"\n" | |
5991 | + "1: \n" | |
5992 | + LOCK_PREFIX "decl %0\n" | |
5993 | + "jmp 0b\n" | |
5994 | + ".popsection\n" | |
5995 | + _ASM_EXTABLE(0b, 1b) | |
5996 | +#endif | |
5997 | + | |
5998 | + "sete %1\n" | |
5999 | : "=m" (v->counter), "=qm" (c) | |
6000 | : "m" (v->counter) : "memory"); | |
6001 | return c != 0; | |
6002 | @@ -157,7 +296,16 @@ static inline int atomic_add_negative(in | |
6003 | { | |
6004 | unsigned char c; | |
6005 | ||
6006 | - asm volatile(LOCK_PREFIX "addl %2,%0; sets %1" | |
6007 | + asm volatile(LOCK_PREFIX "addl %2,%0\n" | |
6008 | + | |
6009 | +#ifdef CONFIG_PAX_REFCOUNT | |
6010 | + "jno 0f\n" | |
6011 | + LOCK_PREFIX "subl %2,%0\n" | |
6012 | + "int $4\n0:\n" | |
6013 | + _ASM_EXTABLE(0b, 0b) | |
6014 | +#endif | |
6015 | + | |
6016 | + "sets %1\n" | |
6017 | : "=m" (v->counter), "=qm" (c) | |
6018 | : "ir" (i), "m" (v->counter) : "memory"); | |
6019 | return c; | |
6020 | @@ -173,7 +321,15 @@ static inline int atomic_add_negative(in | |
6021 | static inline int atomic_add_return(int i, atomic_t *v) | |
6022 | { | |
6023 | int __i = i; | |
6024 | - asm volatile(LOCK_PREFIX "xaddl %0, %1" | |
6025 | + asm volatile(LOCK_PREFIX "xaddl %0, %1\n" | |
6026 | + | |
6027 | +#ifdef CONFIG_PAX_REFCOUNT | |
6028 | + "jno 0f\n" | |
6029 | + "movl %0, %1\n" | |
6030 | + "int $4\n0:\n" | |
6031 | + _ASM_EXTABLE(0b, 0b) | |
6032 | +#endif | |
6033 | + | |
6034 | : "+r" (i), "+m" (v->counter) | |
6035 | : : "memory"); | |
6036 | return i + __i; | |
ae4e228f MT |
6037 | @@ -204,6 +360,18 @@ static inline long atomic64_read(const a |
6038 | } | |
6039 | ||
6040 | /** | |
6041 | + * atomic64_read_unchecked - read atomic64 variable | |
6042 | + * @v: pointer of type atomic64_unchecked_t | |
6043 | + * | |
6044 | + * Atomically reads the value of @v. | |
6045 | + * Doesn't imply a read memory barrier. | |
6046 | + */ | |
6047 | +static inline long atomic64_read_unchecked(const atomic64_unchecked_t *v) | |
6048 | +{ | |
6049 | + return v->counter; | |
6050 | +} | |
6051 | + | |
6052 | +/** | |
6053 | * atomic64_set - set atomic64 variable | |
6054 | * @v: pointer to type atomic64_t | |
6055 | * @i: required value | |
6056 | @@ -216,6 +384,18 @@ static inline void atomic64_set(atomic64 | |
6057 | } | |
6058 | ||
6059 | /** | |
6060 | + * atomic64_set_unchecked - set atomic64 variable | |
6061 | + * @v: pointer to type atomic64_unchecked_t | |
6062 | + * @i: required value | |
6063 | + * | |
6064 | + * Atomically sets the value of @v to @i. | |
6065 | + */ | |
6066 | +static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long i) | |
6067 | +{ | |
6068 | + v->counter = i; | |
6069 | +} | |
6070 | + | |
6071 | +/** | |
6072 | * atomic64_add - add integer to atomic64 variable | |
6073 | * @i: integer value to add | |
6074 | * @v: pointer to type atomic64_t | |
6075 | @@ -224,6 +404,28 @@ static inline void atomic64_set(atomic64 | |
58c5fc13 MT |
6076 | */ |
6077 | static inline void atomic64_add(long i, atomic64_t *v) | |
6078 | { | |
58c5fc13 MT |
6079 | + asm volatile(LOCK_PREFIX "addq %1,%0\n" |
6080 | + | |
6081 | +#ifdef CONFIG_PAX_REFCOUNT | |
6082 | + "jno 0f\n" | |
6083 | + LOCK_PREFIX "subq %1,%0\n" | |
6084 | + "int $4\n0:\n" | |
6085 | + _ASM_EXTABLE(0b, 0b) | |
6086 | +#endif | |
6087 | + | |
ae4e228f MT |
6088 | + : "=m" (v->counter) |
6089 | + : "er" (i), "m" (v->counter)); | |
6090 | +} | |
6091 | + | |
6092 | +/** | |
6093 | + * atomic64_add_unchecked - add integer to atomic64 variable | |
6094 | + * @i: integer value to add | |
6095 | + * @v: pointer to type atomic64_unchecked_t | |
6096 | + * | |
6097 | + * Atomically adds @i to @v. | |
6098 | + */ | |
6099 | +static inline void atomic64_add_unchecked(long i, atomic64_unchecked_t *v) | |
6100 | +{ | |
6101 | asm volatile(LOCK_PREFIX "addq %1,%0" | |
58c5fc13 MT |
6102 | : "=m" (v->counter) |
6103 | : "er" (i), "m" (v->counter)); | |
ae4e228f | 6104 | @@ -238,7 +440,15 @@ static inline void atomic64_add(long i, |
58c5fc13 MT |
6105 | */ |
6106 | static inline void atomic64_sub(long i, atomic64_t *v) | |
6107 | { | |
6108 | - asm volatile(LOCK_PREFIX "subq %1,%0" | |
6109 | + asm volatile(LOCK_PREFIX "subq %1,%0\n" | |
6110 | + | |
6111 | +#ifdef CONFIG_PAX_REFCOUNT | |
6112 | + "jno 0f\n" | |
6113 | + LOCK_PREFIX "addq %1,%0\n" | |
6114 | + "int $4\n0:\n" | |
6115 | + _ASM_EXTABLE(0b, 0b) | |
6116 | +#endif | |
6117 | + | |
6118 | : "=m" (v->counter) | |
6119 | : "er" (i), "m" (v->counter)); | |
6120 | } | |
ae4e228f | 6121 | @@ -256,7 +466,16 @@ static inline int atomic64_sub_and_test( |
58c5fc13 MT |
6122 | { |
6123 | unsigned char c; | |
6124 | ||
6125 | - asm volatile(LOCK_PREFIX "subq %2,%0; sete %1" | |
6126 | + asm volatile(LOCK_PREFIX "subq %2,%0\n" | |
6127 | + | |
6128 | +#ifdef CONFIG_PAX_REFCOUNT | |
6129 | + "jno 0f\n" | |
6130 | + LOCK_PREFIX "addq %2,%0\n" | |
6131 | + "int $4\n0:\n" | |
6132 | + _ASM_EXTABLE(0b, 0b) | |
6133 | +#endif | |
6134 | + | |
6135 | + "sete %1\n" | |
6136 | : "=m" (v->counter), "=qm" (c) | |
6137 | : "er" (i), "m" (v->counter) : "memory"); | |
6138 | return c; | |
ae4e228f | 6139 | @@ -270,6 +489,31 @@ static inline int atomic64_sub_and_test( |
58c5fc13 MT |
6140 | */ |
6141 | static inline void atomic64_inc(atomic64_t *v) | |
6142 | { | |
58c5fc13 MT |
6143 | + asm volatile(LOCK_PREFIX "incq %0\n" |
6144 | + | |
6145 | +#ifdef CONFIG_PAX_REFCOUNT | |
6146 | + "jno 0f\n" | |
6147 | + "int $4\n0:\n" | |
6148 | + ".pushsection .fixup,\"ax\"\n" | |
6149 | + "1:\n" | |
6150 | + LOCK_PREFIX "decq %0\n" | |
6151 | + "jmp 0b\n" | |
6152 | + ".popsection\n" | |
6153 | + _ASM_EXTABLE(0b, 1b) | |
6154 | +#endif | |
6155 | + | |
ae4e228f MT |
6156 | + : "=m" (v->counter) |
6157 | + : "m" (v->counter)); | |
6158 | +} | |
6159 | + | |
6160 | +/** | |
6161 | + * atomic64_inc_unchecked - increment atomic64 variable | |
6162 | + * @v: pointer to type atomic64_unchecked_t | |
6163 | + * | |
6164 | + * Atomically increments @v by 1. | |
6165 | + */ | |
6166 | +static inline void atomic64_inc_unchecked(atomic64_unchecked_t *v) | |
6167 | +{ | |
6168 | asm volatile(LOCK_PREFIX "incq %0" | |
58c5fc13 MT |
6169 | : "=m" (v->counter) |
6170 | : "m" (v->counter)); | |
ae4e228f | 6171 | @@ -283,7 +527,19 @@ static inline void atomic64_inc(atomic64 |
58c5fc13 MT |
6172 | */ |
6173 | static inline void atomic64_dec(atomic64_t *v) | |
6174 | { | |
6175 | - asm volatile(LOCK_PREFIX "decq %0" | |
6176 | + asm volatile(LOCK_PREFIX "decq %0\n" | |
6177 | + | |
6178 | +#ifdef CONFIG_PAX_REFCOUNT | |
6179 | + "jno 0f\n" | |
6180 | + "int $4\n0:\n" | |
6181 | + ".pushsection .fixup,\"ax\"\n" | |
6182 | + "1: \n" | |
6183 | + LOCK_PREFIX "incq %0\n" | |
6184 | + "jmp 0b\n" | |
6185 | + ".popsection\n" | |
6186 | + _ASM_EXTABLE(0b, 1b) | |
6187 | +#endif | |
6188 | + | |
6189 | : "=m" (v->counter) | |
6190 | : "m" (v->counter)); | |
6191 | } | |
ae4e228f | 6192 | @@ -300,7 +556,20 @@ static inline int atomic64_dec_and_test( |
58c5fc13 MT |
6193 | { |
6194 | unsigned char c; | |
6195 | ||
6196 | - asm volatile(LOCK_PREFIX "decq %0; sete %1" | |
6197 | + asm volatile(LOCK_PREFIX "decq %0\n" | |
6198 | + | |
6199 | +#ifdef CONFIG_PAX_REFCOUNT | |
6200 | + "jno 0f\n" | |
6201 | + "int $4\n0:\n" | |
6202 | + ".pushsection .fixup,\"ax\"\n" | |
6203 | + "1: \n" | |
6204 | + LOCK_PREFIX "incq %0\n" | |
6205 | + "jmp 0b\n" | |
6206 | + ".popsection\n" | |
6207 | + _ASM_EXTABLE(0b, 1b) | |
6208 | +#endif | |
6209 | + | |
6210 | + "sete %1\n" | |
6211 | : "=m" (v->counter), "=qm" (c) | |
6212 | : "m" (v->counter) : "memory"); | |
6213 | return c != 0; | |
ae4e228f | 6214 | @@ -318,7 +587,20 @@ static inline int atomic64_inc_and_test( |
58c5fc13 MT |
6215 | { |
6216 | unsigned char c; | |
6217 | ||
6218 | - asm volatile(LOCK_PREFIX "incq %0; sete %1" | |
6219 | + asm volatile(LOCK_PREFIX "incq %0\n" | |
6220 | + | |
6221 | +#ifdef CONFIG_PAX_REFCOUNT | |
6222 | + "jno 0f\n" | |
6223 | + "int $4\n0:\n" | |
6224 | + ".pushsection .fixup,\"ax\"\n" | |
6225 | + "1: \n" | |
6226 | + LOCK_PREFIX "decq %0\n" | |
6227 | + "jmp 0b\n" | |
6228 | + ".popsection\n" | |
6229 | + _ASM_EXTABLE(0b, 1b) | |
6230 | +#endif | |
6231 | + | |
6232 | + "sete %1\n" | |
6233 | : "=m" (v->counter), "=qm" (c) | |
6234 | : "m" (v->counter) : "memory"); | |
6235 | return c != 0; | |
ae4e228f | 6236 | @@ -337,7 +619,16 @@ static inline int atomic64_add_negative( |
58c5fc13 MT |
6237 | { |
6238 | unsigned char c; | |
6239 | ||
6240 | - asm volatile(LOCK_PREFIX "addq %2,%0; sets %1" | |
6241 | + asm volatile(LOCK_PREFIX "addq %2,%0\n" | |
6242 | + | |
6243 | +#ifdef CONFIG_PAX_REFCOUNT | |
6244 | + "jno 0f\n" | |
6245 | + LOCK_PREFIX "subq %2,%0\n" | |
6246 | + "int $4\n0:\n" | |
6247 | + _ASM_EXTABLE(0b, 0b) | |
6248 | +#endif | |
6249 | + | |
6250 | + "sets %1\n" | |
6251 | : "=m" (v->counter), "=qm" (c) | |
6252 | : "er" (i), "m" (v->counter) : "memory"); | |
6253 | return c; | |
ae4e228f | 6254 | @@ -353,7 +644,31 @@ static inline int atomic64_add_negative( |
58c5fc13 MT |
6255 | static inline long atomic64_add_return(long i, atomic64_t *v) |
6256 | { | |
6257 | long __i = i; | |
6258 | - asm volatile(LOCK_PREFIX "xaddq %0, %1;" | |
6259 | + asm volatile(LOCK_PREFIX "xaddq %0, %1\n" | |
6260 | + | |
6261 | +#ifdef CONFIG_PAX_REFCOUNT | |
6262 | + "jno 0f\n" | |
6263 | + "movq %0, %1\n" | |
6264 | + "int $4\n0:\n" | |
6265 | + _ASM_EXTABLE(0b, 0b) | |
6266 | +#endif | |
6267 | + | |
ae4e228f MT |
6268 | + : "+r" (i), "+m" (v->counter) |
6269 | + : : "memory"); | |
6270 | + return i + __i; | |
6271 | +} | |
6272 | + | |
6273 | +/** | |
6274 | + * atomic64_add_return_unchecked - add and return | |
6275 | + * @i: integer value to add | |
6276 | + * @v: pointer to type atomic64_unchecked_t | |
6277 | + * | |
6278 | + * Atomically adds @i to @v and returns @i + @v | |
6279 | + */ | |
6280 | +static inline long atomic64_add_return_unchecked(long i, atomic64_unchecked_t *v) | |
6281 | +{ | |
6282 | + long __i = i; | |
6283 | + asm volatile(LOCK_PREFIX "xaddq %0, %1" | |
58c5fc13 MT |
6284 | : "+r" (i), "+m" (v->counter) |
6285 | : : "memory"); | |
6286 | return i + __i; | |
ae4e228f MT |
6287 | @@ -365,6 +680,7 @@ static inline long atomic64_sub_return(l |
6288 | } | |
6289 | ||
6290 | #define atomic64_inc_return(v) (atomic64_add_return(1, (v))) | |
6291 | +#define atomic64_inc_return_unchecked(v) (atomic64_add_return_unchecked(1, (v))) | |
6292 | #define atomic64_dec_return(v) (atomic64_sub_return(1, (v))) | |
6293 | ||
6294 | static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new) | |
6295 | @@ -398,17 +714,29 @@ static inline long atomic_xchg(atomic_t | |
58c5fc13 MT |
6296 | */ |
6297 | static inline int atomic_add_unless(atomic_t *v, int a, int u) | |
6298 | { | |
6299 | - int c, old; | |
6300 | + int c, old, new; | |
6301 | c = atomic_read(v); | |
6302 | for (;;) { | |
6303 | - if (unlikely(c == (u))) | |
6304 | + if (unlikely(c == u)) | |
6305 | break; | |
6306 | - old = atomic_cmpxchg((v), c, c + (a)); | |
6307 | + | |
6308 | + asm volatile("addl %2,%0\n" | |
6309 | + | |
6310 | +#ifdef CONFIG_PAX_REFCOUNT | |
6311 | + "jno 0f\n" | |
6312 | + "int $4\n0:\n" | |
6313 | + _ASM_EXTABLE(0b, 0b) | |
6314 | +#endif | |
6315 | + | |
6316 | + : "=r" (new) | |
6317 | + : "0" (c), "ir" (a)); | |
6318 | + | |
6319 | + old = atomic_cmpxchg(v, c, new); | |
6320 | if (likely(old == c)) | |
6321 | break; | |
6322 | c = old; | |
6323 | } | |
6324 | - return c != (u); | |
6325 | + return c != u; | |
6326 | } | |
6327 | ||
6328 | #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0) | |
ae4e228f | 6329 | @@ -424,17 +752,29 @@ static inline int atomic_add_unless(atom |
58c5fc13 MT |
6330 | */ |
6331 | static inline int atomic64_add_unless(atomic64_t *v, long a, long u) | |
6332 | { | |
6333 | - long c, old; | |
6334 | + long c, old, new; | |
6335 | c = atomic64_read(v); | |
6336 | for (;;) { | |
6337 | - if (unlikely(c == (u))) | |
6338 | + if (unlikely(c == u)) | |
6339 | break; | |
6340 | - old = atomic64_cmpxchg((v), c, c + (a)); | |
6341 | + | |
6342 | + asm volatile("addq %2,%0\n" | |
6343 | + | |
6344 | +#ifdef CONFIG_PAX_REFCOUNT | |
6345 | + "jno 0f\n" | |
6346 | + "int $4\n0:\n" | |
6347 | + _ASM_EXTABLE(0b, 0b) | |
6348 | +#endif | |
6349 | + | |
6350 | + : "=r" (new) | |
6351 | + : "0" (c), "er" (a)); | |
6352 | + | |
6353 | + old = atomic64_cmpxchg((v), c, new); | |
6354 | if (likely(old == c)) | |
6355 | break; | |
6356 | c = old; | |
6357 | } | |
6358 | - return c != (u); | |
6359 | + return c != u; | |
6360 | } | |
6361 | ||
6362 | /** | |
ae4e228f MT |
6363 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/boot.h linux-2.6.33.1/arch/x86/include/asm/boot.h |
6364 | --- linux-2.6.33.1/arch/x86/include/asm/boot.h 2010-03-15 12:09:39.000000000 -0400 | |
6365 | +++ linux-2.6.33.1/arch/x86/include/asm/boot.h 2010-03-20 16:58:38.972657826 -0400 | |
58c5fc13 MT |
6366 | @@ -11,10 +11,15 @@ |
6367 | #include <asm/pgtable_types.h> | |
6368 | ||
6369 | /* Physical address where kernel should be loaded. */ | |
6370 | -#define LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \ | |
6371 | +#define ____LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \ | |
6372 | + (CONFIG_PHYSICAL_ALIGN - 1)) \ | |
6373 | & ~(CONFIG_PHYSICAL_ALIGN - 1)) | |
6374 | ||
6375 | +#ifndef __ASSEMBLY__ | |
6376 | +extern unsigned char __LOAD_PHYSICAL_ADDR[]; | |
6377 | +#define LOAD_PHYSICAL_ADDR ((unsigned long)__LOAD_PHYSICAL_ADDR) | |
6378 | +#endif | |
6379 | + | |
6380 | /* Minimum kernel alignment, as a power of two */ | |
6381 | #ifdef CONFIG_X86_64 | |
6382 | #define MIN_KERNEL_ALIGN_LG2 PMD_SHIFT | |
ae4e228f MT |
6383 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/cache.h linux-2.6.33.1/arch/x86/include/asm/cache.h |
6384 | --- linux-2.6.33.1/arch/x86/include/asm/cache.h 2010-03-15 12:09:39.000000000 -0400 | |
6385 | +++ linux-2.6.33.1/arch/x86/include/asm/cache.h 2010-03-20 16:58:38.976510592 -0400 | |
6386 | @@ -8,6 +8,7 @@ | |
58c5fc13 MT |
6387 | #define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) |
6388 | ||
6389 | #define __read_mostly __attribute__((__section__(".data.read_mostly"))) | |
6390 | +#define __read_only __attribute__((__section__(".data.read_only"))) | |
6391 | ||
ae4e228f MT |
6392 | #define INTERNODE_CACHE_SHIFT CONFIG_X86_INTERNODE_CACHE_SHIFT |
6393 | #define INTERNODE_CACHE_BYTES (1 << INTERNODE_CACHE_SHIFT) | |
6394 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/checksum_32.h linux-2.6.33.1/arch/x86/include/asm/checksum_32.h | |
6395 | --- linux-2.6.33.1/arch/x86/include/asm/checksum_32.h 2010-03-15 12:09:39.000000000 -0400 | |
6396 | +++ linux-2.6.33.1/arch/x86/include/asm/checksum_32.h 2010-03-20 16:58:38.976510592 -0400 | |
58c5fc13 MT |
6397 | @@ -31,6 +31,14 @@ asmlinkage __wsum csum_partial_copy_gene |
6398 | int len, __wsum sum, | |
6399 | int *src_err_ptr, int *dst_err_ptr); | |
6400 | ||
6401 | +asmlinkage __wsum csum_partial_copy_generic_to_user(const void *src, void *dst, | |
6402 | + int len, __wsum sum, | |
6403 | + int *src_err_ptr, int *dst_err_ptr); | |
6404 | + | |
6405 | +asmlinkage __wsum csum_partial_copy_generic_from_user(const void *src, void *dst, | |
6406 | + int len, __wsum sum, | |
6407 | + int *src_err_ptr, int *dst_err_ptr); | |
6408 | + | |
6409 | /* | |
6410 | * Note: when you get a NULL pointer exception here this means someone | |
6411 | * passed in an incorrect kernel address to one of these functions. | |
6412 | @@ -50,7 +58,7 @@ static inline __wsum csum_partial_copy_f | |
6413 | int *err_ptr) | |
6414 | { | |
6415 | might_sleep(); | |
6416 | - return csum_partial_copy_generic((__force void *)src, dst, | |
6417 | + return csum_partial_copy_generic_from_user((__force void *)src, dst, | |
6418 | len, sum, err_ptr, NULL); | |
6419 | } | |
6420 | ||
ae4e228f | 6421 | @@ -178,7 +186,7 @@ static inline __wsum csum_and_copy_to_us |
58c5fc13 MT |
6422 | { |
6423 | might_sleep(); | |
6424 | if (access_ok(VERIFY_WRITE, dst, len)) | |
6425 | - return csum_partial_copy_generic(src, (__force void *)dst, | |
6426 | + return csum_partial_copy_generic_to_user(src, (__force void *)dst, | |
6427 | len, sum, NULL, err_ptr); | |
6428 | ||
6429 | if (len) | |
ae4e228f MT |
6430 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/desc.h linux-2.6.33.1/arch/x86/include/asm/desc.h |
6431 | --- linux-2.6.33.1/arch/x86/include/asm/desc.h 2010-03-15 12:09:39.000000000 -0400 | |
6432 | +++ linux-2.6.33.1/arch/x86/include/asm/desc.h 2010-03-20 16:58:38.976510592 -0400 | |
6433 | @@ -4,6 +4,7 @@ | |
6434 | #include <asm/desc_defs.h> | |
6435 | #include <asm/ldt.h> | |
6436 | #include <asm/mmu.h> | |
6437 | +#include <asm/pgtable.h> | |
6438 | #include <linux/smp.h> | |
6439 | ||
6440 | static inline void fill_ldt(struct desc_struct *desc, | |
6441 | @@ -15,6 +16,7 @@ static inline void fill_ldt(struct desc_ | |
58c5fc13 MT |
6442 | desc->base1 = (info->base_addr & 0x00ff0000) >> 16; |
6443 | desc->type = (info->read_exec_only ^ 1) << 1; | |
6444 | desc->type |= info->contents << 2; | |
6445 | + desc->type |= info->seg_not_present ^ 1; | |
6446 | desc->s = 1; | |
6447 | desc->dpl = 0x3; | |
6448 | desc->p = info->seg_not_present ^ 1; | |
ae4e228f | 6449 | @@ -31,16 +33,12 @@ static inline void fill_ldt(struct desc_ |
58c5fc13 MT |
6450 | } |
6451 | ||
6452 | extern struct desc_ptr idt_descr; | |
6453 | -extern gate_desc idt_table[]; | |
6454 | - | |
6455 | -struct gdt_page { | |
6456 | - struct desc_struct gdt[GDT_ENTRIES]; | |
6457 | -} __attribute__((aligned(PAGE_SIZE))); | |
6458 | -DECLARE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page); | |
6459 | +extern gate_desc idt_table[256]; | |
6460 | ||
6461 | +extern struct desc_struct cpu_gdt_table[NR_CPUS][PAGE_SIZE / sizeof(struct desc_struct)]; | |
6462 | static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu) | |
6463 | { | |
6464 | - return per_cpu(gdt_page, cpu).gdt; | |
6465 | + return cpu_gdt_table[cpu]; | |
6466 | } | |
6467 | ||
6468 | #ifdef CONFIG_X86_64 | |
ae4e228f | 6469 | @@ -115,19 +113,24 @@ static inline void paravirt_free_ldt(str |
58c5fc13 MT |
6470 | static inline void native_write_idt_entry(gate_desc *idt, int entry, |
6471 | const gate_desc *gate) | |
6472 | { | |
ae4e228f | 6473 | + pax_open_kernel(); |
58c5fc13 | 6474 | memcpy(&idt[entry], gate, sizeof(*gate)); |
ae4e228f | 6475 | + pax_close_kernel(); |
58c5fc13 MT |
6476 | } |
6477 | ||
6478 | static inline void native_write_ldt_entry(struct desc_struct *ldt, int entry, | |
6479 | const void *desc) | |
6480 | { | |
ae4e228f | 6481 | + pax_open_kernel(); |
58c5fc13 | 6482 | memcpy(&ldt[entry], desc, 8); |
ae4e228f | 6483 | + pax_close_kernel(); |
58c5fc13 MT |
6484 | } |
6485 | ||
6486 | static inline void native_write_gdt_entry(struct desc_struct *gdt, int entry, | |
6487 | const void *desc, int type) | |
6488 | { | |
6489 | unsigned int size; | |
58c5fc13 MT |
6490 | + |
6491 | switch (type) { | |
6492 | case DESC_TSS: | |
6493 | size = sizeof(tss_desc); | |
ae4e228f | 6494 | @@ -139,7 +142,10 @@ static inline void native_write_gdt_entr |
58c5fc13 MT |
6495 | size = sizeof(struct desc_struct); |
6496 | break; | |
6497 | } | |
6498 | + | |
ae4e228f | 6499 | + pax_open_kernel(); |
58c5fc13 | 6500 | memcpy(&gdt[entry], desc, size); |
ae4e228f | 6501 | + pax_close_kernel(); |
58c5fc13 MT |
6502 | } |
6503 | ||
6504 | static inline void pack_descriptor(struct desc_struct *desc, unsigned long base, | |
ae4e228f | 6505 | @@ -211,7 +217,9 @@ static inline void native_set_ldt(const |
58c5fc13 MT |
6506 | |
6507 | static inline void native_load_tr_desc(void) | |
6508 | { | |
ae4e228f | 6509 | + pax_open_kernel(); |
58c5fc13 | 6510 | asm volatile("ltr %w0"::"q" (GDT_ENTRY_TSS*8)); |
ae4e228f | 6511 | + pax_close_kernel(); |
58c5fc13 MT |
6512 | } |
6513 | ||
6514 | static inline void native_load_gdt(const struct desc_ptr *dtr) | |
ae4e228f | 6515 | @@ -246,8 +254,10 @@ static inline void native_load_tls(struc |
58c5fc13 MT |
6516 | unsigned int i; |
6517 | struct desc_struct *gdt = get_cpu_gdt_table(cpu); | |
6518 | ||
ae4e228f | 6519 | + pax_open_kernel(); |
58c5fc13 MT |
6520 | for (i = 0; i < GDT_ENTRY_TLS_ENTRIES; i++) |
6521 | gdt[GDT_ENTRY_TLS_MIN + i] = t->tls_array[i]; | |
ae4e228f | 6522 | + pax_close_kernel(); |
58c5fc13 MT |
6523 | } |
6524 | ||
6525 | #define _LDT_empty(info) \ | |
ae4e228f | 6526 | @@ -392,4 +402,16 @@ static inline void set_system_intr_gate_ |
58c5fc13 MT |
6527 | _set_gate(n, GATE_INTERRUPT, addr, 0x3, ist, __KERNEL_CS); |
6528 | } | |
6529 | ||
6530 | +#ifdef CONFIG_X86_32 | |
6531 | +static inline void set_user_cs(unsigned long base, unsigned long limit, int cpu) | |
6532 | +{ | |
6533 | + struct desc_struct d; | |
6534 | + | |
6535 | + if (likely(limit)) | |
6536 | + limit = (limit - 1UL) >> PAGE_SHIFT; | |
6537 | + pack_descriptor(&d, base, limit, 0xFB, 0xC); | |
6538 | + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_CS, &d, DESCTYPE_S); | |
6539 | +} | |
6540 | +#endif | |
6541 | + | |
6542 | #endif /* _ASM_X86_DESC_H */ | |
ae4e228f MT |
6543 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/device.h linux-2.6.33.1/arch/x86/include/asm/device.h |
6544 | --- linux-2.6.33.1/arch/x86/include/asm/device.h 2010-03-15 12:09:39.000000000 -0400 | |
6545 | +++ linux-2.6.33.1/arch/x86/include/asm/device.h 2010-03-20 16:58:38.976510592 -0400 | |
6546 | @@ -6,7 +6,7 @@ struct dev_archdata { | |
6547 | void *acpi_handle; | |
6548 | #endif | |
6549 | #ifdef CONFIG_X86_64 | |
6550 | -struct dma_map_ops *dma_ops; | |
6551 | + const struct dma_map_ops *dma_ops; | |
6552 | #endif | |
6553 | #if defined(CONFIG_DMAR) || defined(CONFIG_AMD_IOMMU) | |
6554 | void *iommu; /* hook for IOMMU specific extension */ | |
6555 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/dma-mapping.h linux-2.6.33.1/arch/x86/include/asm/dma-mapping.h | |
6556 | --- linux-2.6.33.1/arch/x86/include/asm/dma-mapping.h 2010-03-15 12:09:39.000000000 -0400 | |
6557 | +++ linux-2.6.33.1/arch/x86/include/asm/dma-mapping.h 2010-03-20 16:58:38.976510592 -0400 | |
6558 | @@ -26,9 +26,9 @@ extern int iommu_merge; | |
6559 | extern struct device x86_dma_fallback_dev; | |
6560 | extern int panic_on_overflow; | |
6561 | ||
6562 | -extern struct dma_map_ops *dma_ops; | |
6563 | +extern const struct dma_map_ops *dma_ops; | |
6564 | ||
6565 | -static inline struct dma_map_ops *get_dma_ops(struct device *dev) | |
6566 | +static inline const struct dma_map_ops *get_dma_ops(struct device *dev) | |
6567 | { | |
6568 | #ifdef CONFIG_X86_32 | |
6569 | return dma_ops; | |
6570 | @@ -45,7 +45,7 @@ static inline struct dma_map_ops *get_dm | |
6571 | /* Make sure we keep the same behaviour */ | |
6572 | static inline int dma_mapping_error(struct device *dev, dma_addr_t dma_addr) | |
6573 | { | |
6574 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
6575 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
6576 | if (ops->mapping_error) | |
6577 | return ops->mapping_error(dev, dma_addr); | |
6578 | ||
6579 | @@ -123,7 +123,7 @@ static inline void * | |
6580 | dma_alloc_coherent(struct device *dev, size_t size, dma_addr_t *dma_handle, | |
6581 | gfp_t gfp) | |
6582 | { | |
6583 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
6584 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
6585 | void *memory; | |
6586 | ||
6587 | gfp &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32); | |
6588 | @@ -150,7 +150,7 @@ dma_alloc_coherent(struct device *dev, s | |
6589 | static inline void dma_free_coherent(struct device *dev, size_t size, | |
6590 | void *vaddr, dma_addr_t bus) | |
6591 | { | |
6592 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
6593 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
6594 | ||
6595 | WARN_ON(irqs_disabled()); /* for portability */ | |
6596 | ||
6597 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/e820.h linux-2.6.33.1/arch/x86/include/asm/e820.h | |
6598 | --- linux-2.6.33.1/arch/x86/include/asm/e820.h 2010-03-15 12:09:39.000000000 -0400 | |
6599 | +++ linux-2.6.33.1/arch/x86/include/asm/e820.h 2010-03-20 16:58:38.976510592 -0400 | |
6600 | @@ -64,7 +64,7 @@ struct e820map { | |
6601 | #define ISA_START_ADDRESS 0xa0000 | |
58c5fc13 | 6602 | #define ISA_END_ADDRESS 0x100000 |
58c5fc13 MT |
6603 | |
6604 | -#define BIOS_BEGIN 0x000a0000 | |
6605 | +#define BIOS_BEGIN 0x000c0000 | |
6606 | #define BIOS_END 0x00100000 | |
6607 | ||
6608 | #ifdef __KERNEL__ | |
ae4e228f MT |
6609 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/elf.h linux-2.6.33.1/arch/x86/include/asm/elf.h |
6610 | --- linux-2.6.33.1/arch/x86/include/asm/elf.h 2010-03-15 12:09:39.000000000 -0400 | |
6611 | +++ linux-2.6.33.1/arch/x86/include/asm/elf.h 2010-03-20 16:58:38.976510592 -0400 | |
6612 | @@ -237,7 +237,25 @@ extern int force_personality32; | |
58c5fc13 MT |
6613 | the loader. We need to make sure that it is out of the way of the program |
6614 | that it will "exec", and that there is sufficient room for the brk. */ | |
6615 | ||
6616 | +#ifdef CONFIG_PAX_SEGMEXEC | |
6617 | +#define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3*2 : TASK_SIZE/3*2) | |
6618 | +#else | |
6619 | #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2) | |
6620 | +#endif | |
6621 | + | |
6622 | +#ifdef CONFIG_PAX_ASLR | |
6623 | +#ifdef CONFIG_X86_32 | |
6624 | +#define PAX_ELF_ET_DYN_BASE 0x10000000UL | |
6625 | + | |
6626 | +#define PAX_DELTA_MMAP_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16) | |
6627 | +#define PAX_DELTA_STACK_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16) | |
6628 | +#else | |
6629 | +#define PAX_ELF_ET_DYN_BASE 0x400000UL | |
6630 | + | |
6631 | +#define PAX_DELTA_MMAP_LEN ((test_thread_flag(TIF_IA32)) ? 16 : 32) | |
6632 | +#define PAX_DELTA_STACK_LEN ((test_thread_flag(TIF_IA32)) ? 16 : 32) | |
6633 | +#endif | |
6634 | +#endif | |
6635 | ||
6636 | /* This yields a mask that user programs can use to figure out what | |
6637 | instruction set this CPU supports. This could be done in user space, | |
ae4e228f | 6638 | @@ -291,8 +309,7 @@ do { \ |
58c5fc13 MT |
6639 | #define ARCH_DLINFO \ |
6640 | do { \ | |
6641 | if (vdso_enabled) \ | |
6642 | - NEW_AUX_ENT(AT_SYSINFO_EHDR, \ | |
6643 | - (unsigned long)current->mm->context.vdso); \ | |
6644 | + NEW_AUX_ENT(AT_SYSINFO_EHDR, current->mm->context.vdso);\ | |
6645 | } while (0) | |
6646 | ||
6647 | #define AT_SYSINFO 32 | |
ae4e228f | 6648 | @@ -303,7 +320,7 @@ do { \ |
58c5fc13 MT |
6649 | |
6650 | #endif /* !CONFIG_X86_32 */ | |
6651 | ||
6652 | -#define VDSO_CURRENT_BASE ((unsigned long)current->mm->context.vdso) | |
6653 | +#define VDSO_CURRENT_BASE (current->mm->context.vdso) | |
6654 | ||
6655 | #define VDSO_ENTRY \ | |
6656 | ((unsigned long)VDSO32_SYMBOL(VDSO_CURRENT_BASE, vsyscall)) | |
ae4e228f | 6657 | @@ -317,7 +334,4 @@ extern int arch_setup_additional_pages(s |
58c5fc13 MT |
6658 | extern int syscall32_setup_pages(struct linux_binprm *, int exstack); |
6659 | #define compat_arch_setup_additional_pages syscall32_setup_pages | |
6660 | ||
6661 | -extern unsigned long arch_randomize_brk(struct mm_struct *mm); | |
6662 | -#define arch_randomize_brk arch_randomize_brk | |
6663 | - | |
6664 | #endif /* _ASM_X86_ELF_H */ | |
ae4e228f MT |
6665 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/futex.h linux-2.6.33.1/arch/x86/include/asm/futex.h |
6666 | --- linux-2.6.33.1/arch/x86/include/asm/futex.h 2010-03-15 12:09:39.000000000 -0400 | |
6667 | +++ linux-2.6.33.1/arch/x86/include/asm/futex.h 2010-03-20 16:58:38.976510592 -0400 | |
58c5fc13 MT |
6668 | @@ -11,6 +11,40 @@ |
6669 | #include <asm/processor.h> | |
6670 | #include <asm/system.h> | |
6671 | ||
6672 | +#ifdef CONFIG_X86_32 | |
6673 | +#define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg) \ | |
6674 | + asm volatile( \ | |
6675 | + "movw\t%w6, %%ds\n" \ | |
6676 | + "1:\t" insn "\n" \ | |
6677 | + "2:\tpushl\t%%ss\n" \ | |
6678 | + "\tpopl\t%%ds\n" \ | |
6679 | + "\t.section .fixup,\"ax\"\n" \ | |
6680 | + "3:\tmov\t%3, %1\n" \ | |
6681 | + "\tjmp\t2b\n" \ | |
6682 | + "\t.previous\n" \ | |
6683 | + _ASM_EXTABLE(1b, 3b) \ | |
6684 | + : "=r" (oldval), "=r" (ret), "+m" (*uaddr) \ | |
6685 | + : "i" (-EFAULT), "0" (oparg), "1" (0), "r" (__USER_DS)) | |
6686 | + | |
6687 | +#define __futex_atomic_op2(insn, ret, oldval, uaddr, oparg) \ | |
6688 | + asm volatile("movw\t%w7, %%es\n" \ | |
6689 | + "1:\tmovl\t%%es:%2, %0\n" \ | |
6690 | + "\tmovl\t%0, %3\n" \ | |
6691 | + "\t" insn "\n" \ | |
6692 | + "2:\t" LOCK_PREFIX "cmpxchgl %3, %%es:%2\n"\ | |
6693 | + "\tjnz\t1b\n" \ | |
6694 | + "3:\tpushl\t%%ss\n" \ | |
6695 | + "\tpopl\t%%es\n" \ | |
6696 | + "\t.section .fixup,\"ax\"\n" \ | |
6697 | + "4:\tmov\t%5, %1\n" \ | |
6698 | + "\tjmp\t3b\n" \ | |
6699 | + "\t.previous\n" \ | |
6700 | + _ASM_EXTABLE(1b, 4b) \ | |
6701 | + _ASM_EXTABLE(2b, 4b) \ | |
6702 | + : "=&a" (oldval), "=&r" (ret), \ | |
6703 | + "+m" (*uaddr), "=&r" (tem) \ | |
6704 | + : "r" (oparg), "i" (-EFAULT), "1" (0), "r" (__USER_DS)) | |
6705 | +#else | |
6706 | #define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg) \ | |
6707 | asm volatile("1:\t" insn "\n" \ | |
6708 | "2:\t.section .fixup,\"ax\"\n" \ | |
6709 | @@ -36,8 +70,9 @@ | |
6710 | : "=&a" (oldval), "=&r" (ret), \ | |
6711 | "+m" (*uaddr), "=&r" (tem) \ | |
6712 | : "r" (oparg), "i" (-EFAULT), "1" (0)) | |
6713 | +#endif | |
6714 | ||
6715 | -static inline int futex_atomic_op_inuser(int encoded_op, int __user *uaddr) | |
6716 | +static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) | |
6717 | { | |
6718 | int op = (encoded_op >> 28) & 7; | |
6719 | int cmp = (encoded_op >> 24) & 15; | |
6720 | @@ -61,11 +96,20 @@ static inline int futex_atomic_op_inuser | |
6721 | ||
6722 | switch (op) { | |
6723 | case FUTEX_OP_SET: | |
6724 | +#ifdef CONFIG_X86_32 | |
6725 | + __futex_atomic_op1("xchgl %0, %%ds:%2", ret, oldval, uaddr, oparg); | |
6726 | +#else | |
6727 | __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg); | |
6728 | +#endif | |
6729 | break; | |
6730 | case FUTEX_OP_ADD: | |
6731 | +#ifdef CONFIG_X86_32 | |
6732 | + __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %%ds:%2", ret, oldval, | |
6733 | + uaddr, oparg); | |
6734 | +#else | |
6735 | __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, oldval, | |
6736 | uaddr, oparg); | |
6737 | +#endif | |
6738 | break; | |
6739 | case FUTEX_OP_OR: | |
6740 | __futex_atomic_op2("orl %4, %3", ret, oldval, uaddr, oparg); | |
6741 | @@ -109,7 +153,7 @@ static inline int futex_atomic_op_inuser | |
6742 | return ret; | |
6743 | } | |
6744 | ||
6745 | -static inline int futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, | |
6746 | +static inline int futex_atomic_cmpxchg_inatomic(u32 __user *uaddr, int oldval, | |
6747 | int newval) | |
6748 | { | |
6749 | ||
6750 | @@ -122,14 +166,27 @@ static inline int futex_atomic_cmpxchg_i | |
6751 | if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int))) | |
6752 | return -EFAULT; | |
6753 | ||
6754 | - asm volatile("1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n" | |
6755 | + asm volatile( | |
6756 | +#ifdef CONFIG_X86_32 | |
6757 | + "\tmovw %w5, %%ds\n" | |
6758 | + "1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n" | |
6759 | + "2:\tpushl %%ss\n" | |
6760 | + "\tpopl %%ds\n" | |
6761 | + "\t.section .fixup, \"ax\"\n" | |
6762 | +#else | |
6763 | + "1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n" | |
6764 | "2:\t.section .fixup, \"ax\"\n" | |
6765 | +#endif | |
6766 | "3:\tmov %2, %0\n" | |
6767 | "\tjmp 2b\n" | |
6768 | "\t.previous\n" | |
6769 | _ASM_EXTABLE(1b, 3b) | |
6770 | : "=a" (oldval), "+m" (*uaddr) | |
6771 | +#ifdef CONFIG_X86_32 | |
6772 | + : "i" (-EFAULT), "r" (newval), "0" (oldval), "r" (__USER_DS) | |
6773 | +#else | |
6774 | : "i" (-EFAULT), "r" (newval), "0" (oldval) | |
6775 | +#endif | |
6776 | : "memory" | |
6777 | ); | |
6778 | ||
ae4e228f MT |
6779 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/i387.h linux-2.6.33.1/arch/x86/include/asm/i387.h |
6780 | --- linux-2.6.33.1/arch/x86/include/asm/i387.h 2010-03-15 12:09:39.000000000 -0400 | |
6781 | +++ linux-2.6.33.1/arch/x86/include/asm/i387.h 2010-03-20 16:58:38.976510592 -0400 | |
6782 | @@ -197,13 +197,8 @@ static inline int fxrstor_checking(struc | |
58c5fc13 MT |
6783 | } |
6784 | ||
6785 | /* We need a safe address that is cheap to find and that is already | |
6786 | - in L1 during context switch. The best choices are unfortunately | |
6787 | - different for UP and SMP */ | |
6788 | -#ifdef CONFIG_SMP | |
6789 | -#define safe_address (__per_cpu_offset[0]) | |
6790 | -#else | |
6791 | -#define safe_address (kstat_cpu(0).cpustat.user) | |
6792 | -#endif | |
6793 | + in L1 during context switch. */ | |
6794 | +#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0) | |
6795 | ||
6796 | /* | |
6797 | * These must be called with preempt disabled | |
ae4e228f MT |
6798 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/io_64.h linux-2.6.33.1/arch/x86/include/asm/io_64.h |
6799 | --- linux-2.6.33.1/arch/x86/include/asm/io_64.h 2010-03-15 12:09:39.000000000 -0400 | |
6800 | +++ linux-2.6.33.1/arch/x86/include/asm/io_64.h 2010-03-20 16:58:38.976510592 -0400 | |
58c5fc13 MT |
6801 | @@ -140,6 +140,17 @@ __OUTS(l) |
6802 | ||
6803 | #include <linux/vmalloc.h> | |
6804 | ||
6805 | +#define ARCH_HAS_VALID_PHYS_ADDR_RANGE | |
ae4e228f | 6806 | +static inline int valid_phys_addr_range(unsigned long addr, size_t count) |
58c5fc13 MT |
6807 | +{ |
6808 | + return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0; | |
6809 | +} | |
6810 | + | |
ae4e228f | 6811 | +static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t count) |
58c5fc13 MT |
6812 | +{ |
6813 | + return (pfn + (count >> PAGE_SHIFT)) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0; | |
6814 | +} | |
6815 | + | |
6816 | #include <asm-generic/iomap.h> | |
6817 | ||
6818 | void __memcpy_fromio(void *, unsigned long, unsigned); | |
ae4e228f MT |
6819 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/iommu.h linux-2.6.33.1/arch/x86/include/asm/iommu.h |
6820 | --- linux-2.6.33.1/arch/x86/include/asm/iommu.h 2010-03-15 12:09:39.000000000 -0400 | |
6821 | +++ linux-2.6.33.1/arch/x86/include/asm/iommu.h 2010-03-20 16:58:38.976510592 -0400 | |
6822 | @@ -1,7 +1,7 @@ | |
6823 | #ifndef _ASM_X86_IOMMU_H | |
6824 | #define _ASM_X86_IOMMU_H | |
6825 | ||
6826 | -extern struct dma_map_ops nommu_dma_ops; | |
6827 | +extern const struct dma_map_ops nommu_dma_ops; | |
6828 | extern int force_iommu, no_iommu; | |
6829 | extern int iommu_detected; | |
6830 | extern int iommu_pass_through; | |
6831 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/irqflags.h linux-2.6.33.1/arch/x86/include/asm/irqflags.h | |
6832 | --- linux-2.6.33.1/arch/x86/include/asm/irqflags.h 2010-03-15 12:09:39.000000000 -0400 | |
6833 | +++ linux-2.6.33.1/arch/x86/include/asm/irqflags.h 2010-03-20 17:06:47.204705877 -0400 | |
6834 | @@ -142,10 +142,77 @@ static inline unsigned long __raw_local_ | |
6835 | sti; \ | |
6836 | sysexit | |
6837 | ||
6838 | +/* PaX: special register usage in entry_64.S, beware */ | |
6839 | +#ifdef CONFIG_PAX_KERNEXEC | |
6840 | + .macro ljmpq sel, off | |
6841 | + .byte 0x48; ljmp *1234f(%rip) | |
6842 | + .pushsection .rodata | |
6843 | + .align 16 | |
6844 | + 1234: .quad \off; .word \sel | |
6845 | + .popsection | |
6846 | + .endm | |
6847 | + | |
6848 | +#define PAX_EXIT_KERNEL \ | |
6849 | + push %rsi; \ | |
6850 | + mov %cs, %rsi; \ | |
6851 | + cmp $__KERNEXEC_KERNEL_CS, %esi;\ | |
6852 | + jnz 2f; \ | |
6853 | + mov %cr0, %rsi; \ | |
6854 | + btc $16, %rsi; \ | |
6855 | + ljmpq __KERNEL_CS, 1f; \ | |
6856 | +1: mov %rsi, %cr0; \ | |
6857 | +2: pop %rsi | |
6858 | + | |
6859 | +#define PAX_ENTER_KERNEL \ | |
6860 | + push %rsi; \ | |
6861 | + mov %cr0, %rsi; \ | |
6862 | + bts $16, %rsi; \ | |
6863 | + jnc 1f; \ | |
6864 | + mov %cs, %esi; \ | |
6865 | + cmp $__KERNEL_CS, %esi; \ | |
6866 | + jz 3f; \ | |
6867 | + ljmpq __KERNEL_CS, 3f; \ | |
6868 | +1: ljmpq __KERNEXEC_KERNEL_CS, 2f; \ | |
6869 | +2: mov %rsi, %cr0; \ | |
6870 | +3: pop %rsi | |
6871 | +#else | |
6872 | +#define PAX_EXIT_KERNEL | |
6873 | +#define PAX_ENTER_KERNEL | |
6874 | +#endif | |
6875 | + | |
6876 | #else | |
58c5fc13 MT |
6877 | #define INTERRUPT_RETURN iret |
6878 | #define ENABLE_INTERRUPTS_SYSEXIT sti; sysexit | |
6879 | #define GET_CR0_INTO_EAX movl %cr0, %eax | |
ae4e228f MT |
6880 | + |
6881 | +/* PaX: special register usage in entry_32.S, beware */ | |
6882 | +#ifdef CONFIG_PAX_KERNEXEC | |
6883 | +#define PAX_EXIT_KERNEL \ | |
6884 | + mov %cs, %esi; \ | |
6885 | + cmp $__KERNEXEC_KERNEL_CS, %esi;\ | |
6886 | + jnz 2f; \ | |
6887 | + mov %cr0, %esi; \ | |
6888 | + btc $16, %esi; \ | |
6889 | + ljmp $__KERNEL_CS, $1f; \ | |
6890 | +1: mov %esi, %cr0; \ | |
6891 | +2: | |
6892 | + | |
6893 | +#define PAX_ENTER_KERNEL \ | |
6894 | + mov %cr0, %esi; \ | |
6895 | + bts $16, %esi; \ | |
6896 | + jnc 1f; \ | |
6897 | + mov %cs, %esi; \ | |
6898 | + cmp $__KERNEL_CS, %esi; \ | |
6899 | + jz 3f; \ | |
6900 | + ljmp $__KERNEL_CS, $3f; \ | |
6901 | +1: ljmp $__KERNEXEC_KERNEL_CS, $2f;\ | |
6902 | +2: mov %esi, %cr0; \ | |
6903 | +3: | |
6904 | +#else | |
6905 | +#define PAX_EXIT_KERNEL | |
6906 | +#define PAX_ENTER_KERNEL | |
6907 | +#endif | |
6908 | + | |
58c5fc13 MT |
6909 | #endif |
6910 | ||
6911 | ||
ae4e228f MT |
6912 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/kvm_host.h linux-2.6.33.1/arch/x86/include/asm/kvm_host.h |
6913 | --- linux-2.6.33.1/arch/x86/include/asm/kvm_host.h 2010-03-15 12:09:39.000000000 -0400 | |
6914 | +++ linux-2.6.33.1/arch/x86/include/asm/kvm_host.h 2010-03-20 16:58:38.976510592 -0400 | |
6915 | @@ -536,7 +536,7 @@ struct kvm_x86_ops { | |
6916 | const struct trace_print_flags *exit_reasons_str; | |
58c5fc13 MT |
6917 | }; |
6918 | ||
6919 | -extern struct kvm_x86_ops *kvm_x86_ops; | |
6920 | +extern const struct kvm_x86_ops *kvm_x86_ops; | |
6921 | ||
6922 | int kvm_mmu_module_init(void); | |
6923 | void kvm_mmu_module_exit(void); | |
ae4e228f MT |
6924 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/local.h linux-2.6.33.1/arch/x86/include/asm/local.h |
6925 | --- linux-2.6.33.1/arch/x86/include/asm/local.h 2010-03-15 12:09:39.000000000 -0400 | |
6926 | +++ linux-2.6.33.1/arch/x86/include/asm/local.h 2010-03-20 16:58:38.976510592 -0400 | |
58c5fc13 MT |
6927 | @@ -18,26 +18,90 @@ typedef struct { |
6928 | ||
6929 | static inline void local_inc(local_t *l) | |
6930 | { | |
6931 | - asm volatile(_ASM_INC "%0" | |
6932 | + asm volatile(_ASM_INC "%0\n" | |
6933 | + | |
6934 | +#ifdef CONFIG_PAX_REFCOUNT | |
6935 | +#ifdef CONFIG_X86_32 | |
6936 | + "into\n0:\n" | |
6937 | +#else | |
6938 | + "jno 0f\n" | |
6939 | + "int $4\n0:\n" | |
6940 | +#endif | |
6941 | + ".pushsection .fixup,\"ax\"\n" | |
6942 | + "1:\n" | |
6943 | + _ASM_DEC "%0\n" | |
6944 | + "jmp 0b\n" | |
6945 | + ".popsection\n" | |
6946 | + _ASM_EXTABLE(0b, 1b) | |
6947 | +#endif | |
6948 | + | |
6949 | : "+m" (l->a.counter)); | |
6950 | } | |
6951 | ||
6952 | static inline void local_dec(local_t *l) | |
6953 | { | |
6954 | - asm volatile(_ASM_DEC "%0" | |
6955 | + asm volatile(_ASM_DEC "%0\n" | |
6956 | + | |
6957 | +#ifdef CONFIG_PAX_REFCOUNT | |
6958 | +#ifdef CONFIG_X86_32 | |
6959 | + "into\n0:\n" | |
6960 | +#else | |
6961 | + "jno 0f\n" | |
6962 | + "int $4\n0:\n" | |
6963 | +#endif | |
6964 | + ".pushsection .fixup,\"ax\"\n" | |
6965 | + "1:\n" | |
6966 | + _ASM_INC "%0\n" | |
6967 | + "jmp 0b\n" | |
6968 | + ".popsection\n" | |
6969 | + _ASM_EXTABLE(0b, 1b) | |
6970 | +#endif | |
6971 | + | |
6972 | : "+m" (l->a.counter)); | |
6973 | } | |
6974 | ||
6975 | static inline void local_add(long i, local_t *l) | |
6976 | { | |
6977 | - asm volatile(_ASM_ADD "%1,%0" | |
6978 | + asm volatile(_ASM_ADD "%1,%0\n" | |
6979 | + | |
6980 | +#ifdef CONFIG_PAX_REFCOUNT | |
6981 | +#ifdef CONFIG_X86_32 | |
6982 | + "into\n0:\n" | |
6983 | +#else | |
6984 | + "jno 0f\n" | |
6985 | + "int $4\n0:\n" | |
6986 | +#endif | |
6987 | + ".pushsection .fixup,\"ax\"\n" | |
6988 | + "1:\n" | |
6989 | + _ASM_SUB "%1,%0\n" | |
6990 | + "jmp 0b\n" | |
6991 | + ".popsection\n" | |
6992 | + _ASM_EXTABLE(0b, 1b) | |
6993 | +#endif | |
6994 | + | |
6995 | : "+m" (l->a.counter) | |
6996 | : "ir" (i)); | |
6997 | } | |
6998 | ||
6999 | static inline void local_sub(long i, local_t *l) | |
7000 | { | |
7001 | - asm volatile(_ASM_SUB "%1,%0" | |
7002 | + asm volatile(_ASM_SUB "%1,%0\n" | |
7003 | + | |
7004 | +#ifdef CONFIG_PAX_REFCOUNT | |
7005 | +#ifdef CONFIG_X86_32 | |
7006 | + "into\n0:\n" | |
7007 | +#else | |
7008 | + "jno 0f\n" | |
7009 | + "int $4\n0:\n" | |
7010 | +#endif | |
7011 | + ".pushsection .fixup,\"ax\"\n" | |
7012 | + "1:\n" | |
7013 | + _ASM_ADD "%1,%0\n" | |
7014 | + "jmp 0b\n" | |
7015 | + ".popsection\n" | |
7016 | + _ASM_EXTABLE(0b, 1b) | |
7017 | +#endif | |
7018 | + | |
7019 | : "+m" (l->a.counter) | |
7020 | : "ir" (i)); | |
7021 | } | |
7022 | @@ -55,7 +119,24 @@ static inline int local_sub_and_test(lon | |
7023 | { | |
7024 | unsigned char c; | |
7025 | ||
7026 | - asm volatile(_ASM_SUB "%2,%0; sete %1" | |
7027 | + asm volatile(_ASM_SUB "%2,%0\n" | |
7028 | + | |
7029 | +#ifdef CONFIG_PAX_REFCOUNT | |
7030 | +#ifdef CONFIG_X86_32 | |
7031 | + "into\n0:\n" | |
7032 | +#else | |
7033 | + "jno 0f\n" | |
7034 | + "int $4\n0:\n" | |
7035 | +#endif | |
7036 | + ".pushsection .fixup,\"ax\"\n" | |
7037 | + "1:\n" | |
7038 | + _ASM_ADD "%2,%0\n" | |
7039 | + "jmp 0b\n" | |
7040 | + ".popsection\n" | |
7041 | + _ASM_EXTABLE(0b, 1b) | |
7042 | +#endif | |
7043 | + | |
7044 | + "sete %1\n" | |
7045 | : "+m" (l->a.counter), "=qm" (c) | |
7046 | : "ir" (i) : "memory"); | |
7047 | return c; | |
7048 | @@ -73,7 +154,24 @@ static inline int local_dec_and_test(loc | |
7049 | { | |
7050 | unsigned char c; | |
7051 | ||
7052 | - asm volatile(_ASM_DEC "%0; sete %1" | |
7053 | + asm volatile(_ASM_DEC "%0\n" | |
7054 | + | |
7055 | +#ifdef CONFIG_PAX_REFCOUNT | |
7056 | +#ifdef CONFIG_X86_32 | |
7057 | + "into\n0:\n" | |
7058 | +#else | |
7059 | + "jno 0f\n" | |
7060 | + "int $4\n0:\n" | |
7061 | +#endif | |
7062 | + ".pushsection .fixup,\"ax\"\n" | |
7063 | + "1:\n" | |
7064 | + _ASM_INC "%0\n" | |
7065 | + "jmp 0b\n" | |
7066 | + ".popsection\n" | |
7067 | + _ASM_EXTABLE(0b, 1b) | |
7068 | +#endif | |
7069 | + | |
7070 | + "sete %1\n" | |
7071 | : "+m" (l->a.counter), "=qm" (c) | |
7072 | : : "memory"); | |
7073 | return c != 0; | |
7074 | @@ -91,7 +189,24 @@ static inline int local_inc_and_test(loc | |
7075 | { | |
7076 | unsigned char c; | |
7077 | ||
7078 | - asm volatile(_ASM_INC "%0; sete %1" | |
7079 | + asm volatile(_ASM_INC "%0\n" | |
7080 | + | |
7081 | +#ifdef CONFIG_PAX_REFCOUNT | |
7082 | +#ifdef CONFIG_X86_32 | |
7083 | + "into\n0:\n" | |
7084 | +#else | |
7085 | + "jno 0f\n" | |
7086 | + "int $4\n0:\n" | |
7087 | +#endif | |
7088 | + ".pushsection .fixup,\"ax\"\n" | |
7089 | + "1:\n" | |
7090 | + _ASM_DEC "%0\n" | |
7091 | + "jmp 0b\n" | |
7092 | + ".popsection\n" | |
7093 | + _ASM_EXTABLE(0b, 1b) | |
7094 | +#endif | |
7095 | + | |
7096 | + "sete %1\n" | |
7097 | : "+m" (l->a.counter), "=qm" (c) | |
7098 | : : "memory"); | |
7099 | return c != 0; | |
7100 | @@ -110,7 +225,24 @@ static inline int local_add_negative(lon | |
7101 | { | |
7102 | unsigned char c; | |
7103 | ||
7104 | - asm volatile(_ASM_ADD "%2,%0; sets %1" | |
7105 | + asm volatile(_ASM_ADD "%2,%0\n" | |
7106 | + | |
7107 | +#ifdef CONFIG_PAX_REFCOUNT | |
7108 | +#ifdef CONFIG_X86_32 | |
7109 | + "into\n0:\n" | |
7110 | +#else | |
7111 | + "jno 0f\n" | |
7112 | + "int $4\n0:\n" | |
7113 | +#endif | |
7114 | + ".pushsection .fixup,\"ax\"\n" | |
7115 | + "1:\n" | |
7116 | + _ASM_SUB "%2,%0\n" | |
7117 | + "jmp 0b\n" | |
7118 | + ".popsection\n" | |
7119 | + _ASM_EXTABLE(0b, 1b) | |
7120 | +#endif | |
7121 | + | |
7122 | + "sets %1\n" | |
7123 | : "+m" (l->a.counter), "=qm" (c) | |
7124 | : "ir" (i) : "memory"); | |
7125 | return c; | |
7126 | @@ -133,7 +265,23 @@ static inline long local_add_return(long | |
7127 | #endif | |
7128 | /* Modern 486+ processor */ | |
7129 | __i = i; | |
7130 | - asm volatile(_ASM_XADD "%0, %1;" | |
7131 | + asm volatile(_ASM_XADD "%0, %1\n" | |
7132 | + | |
7133 | +#ifdef CONFIG_PAX_REFCOUNT | |
7134 | +#ifdef CONFIG_X86_32 | |
7135 | + "into\n0:\n" | |
7136 | +#else | |
7137 | + "jno 0f\n" | |
7138 | + "int $4\n0:\n" | |
7139 | +#endif | |
7140 | + ".pushsection .fixup,\"ax\"\n" | |
7141 | + "1:\n" | |
7142 | + _ASM_MOV "%0,%1\n" | |
7143 | + "jmp 0b\n" | |
7144 | + ".popsection\n" | |
7145 | + _ASM_EXTABLE(0b, 1b) | |
7146 | +#endif | |
7147 | + | |
7148 | : "+r" (i), "+m" (l->a.counter) | |
7149 | : : "memory"); | |
7150 | return i + __i; | |
ae4e228f MT |
7151 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/microcode.h linux-2.6.33.1/arch/x86/include/asm/microcode.h |
7152 | --- linux-2.6.33.1/arch/x86/include/asm/microcode.h 2010-03-15 12:09:39.000000000 -0400 | |
7153 | +++ linux-2.6.33.1/arch/x86/include/asm/microcode.h 2010-03-20 16:58:38.976510592 -0400 | |
7154 | @@ -12,13 +12,13 @@ struct device; | |
7155 | enum ucode_state { UCODE_ERROR, UCODE_OK, UCODE_NFOUND }; | |
7156 | ||
7157 | struct microcode_ops { | |
7158 | - enum ucode_state (*request_microcode_user) (int cpu, | |
7159 | + enum ucode_state (* const request_microcode_user) (int cpu, | |
7160 | const void __user *buf, size_t size); | |
7161 | ||
7162 | - enum ucode_state (*request_microcode_fw) (int cpu, | |
7163 | + enum ucode_state (* const request_microcode_fw) (int cpu, | |
7164 | struct device *device); | |
7165 | ||
7166 | - void (*microcode_fini_cpu) (int cpu); | |
7167 | + void (* const microcode_fini_cpu) (int cpu); | |
7168 | ||
7169 | /* | |
7170 | * The generic 'microcode_core' part guarantees that | |
7171 | @@ -38,18 +38,18 @@ struct ucode_cpu_info { | |
7172 | extern struct ucode_cpu_info ucode_cpu_info[]; | |
7173 | ||
7174 | #ifdef CONFIG_MICROCODE_INTEL | |
7175 | -extern struct microcode_ops * __init init_intel_microcode(void); | |
7176 | +extern const struct microcode_ops * __init init_intel_microcode(void); | |
7177 | #else | |
7178 | -static inline struct microcode_ops * __init init_intel_microcode(void) | |
7179 | +static inline const struct microcode_ops * __init init_intel_microcode(void) | |
7180 | { | |
7181 | return NULL; | |
7182 | } | |
7183 | #endif /* CONFIG_MICROCODE_INTEL */ | |
7184 | ||
7185 | #ifdef CONFIG_MICROCODE_AMD | |
7186 | -extern struct microcode_ops * __init init_amd_microcode(void); | |
7187 | +extern const struct microcode_ops * __init init_amd_microcode(void); | |
7188 | #else | |
7189 | -static inline struct microcode_ops * __init init_amd_microcode(void) | |
7190 | +static inline const struct microcode_ops * __init init_amd_microcode(void) | |
7191 | { | |
7192 | return NULL; | |
7193 | } | |
7194 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/mman.h linux-2.6.33.1/arch/x86/include/asm/mman.h | |
7195 | --- linux-2.6.33.1/arch/x86/include/asm/mman.h 2010-03-15 12:09:39.000000000 -0400 | |
7196 | +++ linux-2.6.33.1/arch/x86/include/asm/mman.h 2010-03-20 16:58:38.976510592 -0400 | |
7197 | @@ -5,4 +5,14 @@ | |
7198 | ||
7199 | #include <asm-generic/mman.h> | |
58c5fc13 MT |
7200 | |
7201 | +#ifdef __KERNEL__ | |
7202 | +#ifndef __ASSEMBLY__ | |
7203 | +#ifdef CONFIG_X86_32 | |
7204 | +#define arch_mmap_check i386_mmap_check | |
7205 | +int i386_mmap_check(unsigned long addr, unsigned long len, | |
7206 | + unsigned long flags); | |
7207 | +#endif | |
7208 | +#endif | |
7209 | +#endif | |
7210 | + | |
7211 | #endif /* _ASM_X86_MMAN_H */ | |
ae4e228f MT |
7212 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/mmu_context.h linux-2.6.33.1/arch/x86/include/asm/mmu_context.h |
7213 | --- linux-2.6.33.1/arch/x86/include/asm/mmu_context.h 2010-03-15 12:09:39.000000000 -0400 | |
7214 | +++ linux-2.6.33.1/arch/x86/include/asm/mmu_context.h 2010-03-20 16:58:38.976510592 -0400 | |
58c5fc13 MT |
7215 | @@ -34,11 +34,17 @@ static inline void switch_mm(struct mm_s |
7216 | struct task_struct *tsk) | |
7217 | { | |
7218 | unsigned cpu = smp_processor_id(); | |
7219 | +#if defined(CONFIG_X86_32) && defined(CONFIG_SMP) | |
7220 | + int tlbstate = TLBSTATE_OK; | |
7221 | +#endif | |
7222 | ||
7223 | if (likely(prev != next)) { | |
7224 | /* stop flush ipis for the previous mm */ | |
ae4e228f | 7225 | cpumask_clear_cpu(cpu, mm_cpumask(prev)); |
58c5fc13 MT |
7226 | #ifdef CONFIG_SMP |
7227 | +#ifdef CONFIG_X86_32 | |
7228 | + tlbstate = percpu_read(cpu_tlbstate.state); | |
7229 | +#endif | |
7230 | percpu_write(cpu_tlbstate.state, TLBSTATE_OK); | |
7231 | percpu_write(cpu_tlbstate.active_mm, next); | |
7232 | #endif | |
7233 | @@ -52,6 +58,26 @@ static inline void switch_mm(struct mm_s | |
7234 | */ | |
7235 | if (unlikely(prev->context.ldt != next->context.ldt)) | |
7236 | load_LDT_nolock(&next->context); | |
7237 | + | |
7238 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP) | |
ae4e228f | 7239 | + if (!(__supported_pte_mask & _PAGE_NX)) { |
58c5fc13 MT |
7240 | + smp_mb__before_clear_bit(); |
7241 | + cpu_clear(cpu, prev->context.cpu_user_cs_mask); | |
7242 | + smp_mb__after_clear_bit(); | |
7243 | + cpu_set(cpu, next->context.cpu_user_cs_mask); | |
7244 | + } | |
7245 | +#endif | |
7246 | + | |
7247 | +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)) | |
7248 | + if (unlikely(prev->context.user_cs_base != next->context.user_cs_base || | |
ae4e228f MT |
7249 | + prev->context.user_cs_limit != next->context.user_cs_limit)) |
7250 | + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu); | |
58c5fc13 | 7251 | +#ifdef CONFIG_SMP |
ae4e228f | 7252 | + else if (unlikely(tlbstate != TLBSTATE_OK)) |
58c5fc13 MT |
7253 | + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu); |
7254 | +#endif | |
ae4e228f | 7255 | +#endif |
58c5fc13 MT |
7256 | + |
7257 | } | |
7258 | #ifdef CONFIG_SMP | |
7259 | else { | |
7260 | @@ -65,6 +91,19 @@ static inline void switch_mm(struct mm_s | |
7261 | */ | |
7262 | load_cr3(next->pgd); | |
7263 | load_LDT_nolock(&next->context); | |
7264 | + | |
7265 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) | |
ae4e228f | 7266 | + if (!(__supported_pte_mask & _PAGE_NX)) |
58c5fc13 MT |
7267 | + cpu_set(cpu, next->context.cpu_user_cs_mask); |
7268 | +#endif | |
7269 | + | |
7270 | +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)) | |
7271 | +#ifdef CONFIG_PAX_PAGEEXEC | |
ae4e228f | 7272 | + if (!((next->pax_flags & MF_PAX_PAGEEXEC) && (__supported_pte_mask & _PAGE_NX))) |
58c5fc13 MT |
7273 | +#endif |
7274 | + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu); | |
7275 | +#endif | |
7276 | + | |
7277 | } | |
7278 | } | |
7279 | #endif | |
ae4e228f MT |
7280 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/mmu.h linux-2.6.33.1/arch/x86/include/asm/mmu.h |
7281 | --- linux-2.6.33.1/arch/x86/include/asm/mmu.h 2010-03-15 12:09:39.000000000 -0400 | |
7282 | +++ linux-2.6.33.1/arch/x86/include/asm/mmu.h 2010-03-20 16:58:38.976510592 -0400 | |
58c5fc13 MT |
7283 | @@ -9,10 +9,23 @@ |
7284 | * we put the segment information here. | |
7285 | */ | |
7286 | typedef struct { | |
7287 | - void *ldt; | |
7288 | + struct desc_struct *ldt; | |
7289 | int size; | |
7290 | struct mutex lock; | |
7291 | - void *vdso; | |
7292 | + unsigned long vdso; | |
7293 | + | |
7294 | +#ifdef CONFIG_X86_32 | |
7295 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
7296 | + unsigned long user_cs_base; | |
7297 | + unsigned long user_cs_limit; | |
7298 | + | |
7299 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP) | |
7300 | + cpumask_t cpu_user_cs_mask; | |
7301 | +#endif | |
7302 | + | |
7303 | +#endif | |
7304 | +#endif | |
7305 | + | |
7306 | } mm_context_t; | |
7307 | ||
7308 | #ifdef CONFIG_SMP | |
ae4e228f MT |
7309 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/module.h linux-2.6.33.1/arch/x86/include/asm/module.h |
7310 | --- linux-2.6.33.1/arch/x86/include/asm/module.h 2010-03-15 12:09:39.000000000 -0400 | |
7311 | +++ linux-2.6.33.1/arch/x86/include/asm/module.h 2010-03-20 16:58:38.976510592 -0400 | |
7312 | @@ -65,7 +65,12 @@ | |
58c5fc13 MT |
7313 | # else |
7314 | # define MODULE_STACKSIZE "" | |
7315 | # endif | |
7316 | -# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE | |
7317 | +# ifdef CONFIG_GRKERNSEC | |
7318 | +# define MODULE_GRSEC "GRSECURITY " | |
7319 | +# else | |
7320 | +# define MODULE_GRSEC "" | |
7321 | +# endif | |
7322 | +# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE MODULE_GRSEC | |
7323 | #endif | |
7324 | ||
7325 | #endif /* _ASM_X86_MODULE_H */ | |
ae4e228f MT |
7326 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/page_32_types.h linux-2.6.33.1/arch/x86/include/asm/page_32_types.h |
7327 | --- linux-2.6.33.1/arch/x86/include/asm/page_32_types.h 2010-03-15 12:09:39.000000000 -0400 | |
7328 | +++ linux-2.6.33.1/arch/x86/include/asm/page_32_types.h 2010-03-20 16:58:38.976510592 -0400 | |
58c5fc13 MT |
7329 | @@ -15,6 +15,10 @@ |
7330 | */ | |
7331 | #define __PAGE_OFFSET _AC(CONFIG_PAGE_OFFSET, UL) | |
7332 | ||
7333 | +#ifdef CONFIG_PAX_PAGEEXEC | |
7334 | +#define CONFIG_ARCH_TRACK_EXEC_LIMIT 1 | |
7335 | +#endif | |
7336 | + | |
7337 | #ifdef CONFIG_4KSTACKS | |
7338 | #define THREAD_ORDER 0 | |
7339 | #else | |
ae4e228f MT |
7340 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/page_64_types.h linux-2.6.33.1/arch/x86/include/asm/page_64_types.h |
7341 | --- linux-2.6.33.1/arch/x86/include/asm/page_64_types.h 2010-03-15 12:09:39.000000000 -0400 | |
7342 | +++ linux-2.6.33.1/arch/x86/include/asm/page_64_types.h 2010-03-20 16:58:38.980670389 -0400 | |
58c5fc13 MT |
7343 | @@ -39,6 +39,9 @@ |
7344 | #define __START_KERNEL (__START_KERNEL_map + __PHYSICAL_START) | |
7345 | #define __START_KERNEL_map _AC(0xffffffff80000000, UL) | |
7346 | ||
7347 | +#define ktla_ktva(addr) (addr) | |
7348 | +#define ktva_ktla(addr) (addr) | |
7349 | + | |
7350 | /* See Documentation/x86/x86_64/mm.txt for a description of the memory map. */ | |
7351 | #define __PHYSICAL_MASK_SHIFT 46 | |
7352 | #define __VIRTUAL_MASK_SHIFT 47 | |
ae4e228f MT |
7353 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/paravirt.h linux-2.6.33.1/arch/x86/include/asm/paravirt.h |
7354 | --- linux-2.6.33.1/arch/x86/include/asm/paravirt.h 2010-03-15 12:09:39.000000000 -0400 | |
7355 | +++ linux-2.6.33.1/arch/x86/include/asm/paravirt.h 2010-03-20 16:58:38.980670389 -0400 | |
7356 | @@ -729,6 +729,21 @@ static inline void __set_fixmap(unsigned | |
7357 | pv_mmu_ops.set_fixmap(idx, phys, flags); | |
7358 | } | |
7359 | ||
7360 | +#ifdef CONFIG_PAX_KERNEXEC | |
7361 | +static inline unsigned long pax_open_kernel(void) | |
7362 | +{ | |
7363 | + return pv_mmu_ops.pax_open_kernel(); | |
7364 | +} | |
7365 | + | |
7366 | +static inline unsigned long pax_close_kernel(void) | |
7367 | +{ | |
7368 | + return pv_mmu_ops.pax_close_kernel(); | |
7369 | +} | |
7370 | +#else | |
7371 | +static inline unsigned long pax_open_kernel(void) { return 0; } | |
7372 | +static inline unsigned long pax_close_kernel(void) { return 0; } | |
7373 | +#endif | |
7374 | + | |
7375 | #if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS) | |
7376 | ||
7377 | static inline int arch_spin_is_locked(struct arch_spinlock *lock) | |
7378 | @@ -945,7 +960,7 @@ extern void default_banner(void); | |
58c5fc13 MT |
7379 | |
7380 | #define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4) | |
7381 | #define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4) | |
7382 | -#define PARA_INDIRECT(addr) *%cs:addr | |
7383 | +#define PARA_INDIRECT(addr) *%ss:addr | |
7384 | #endif | |
7385 | ||
7386 | #define INTERRUPT_RETURN \ | |
ae4e228f MT |
7387 | @@ -980,6 +995,34 @@ extern void default_banner(void); |
7388 | CLBR_NONE, \ | |
7389 | jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_irq_enable_sysexit)) | |
58c5fc13 | 7390 | |
ae4e228f MT |
7391 | +#ifdef CONFIG_PAX_KERNEXEC |
7392 | +#define PAX_EXIT_KERNEL \ | |
58c5fc13 | 7393 | + push %eax; push %ecx; \ |
ae4e228f MT |
7394 | + mov %cs, %eax; \ |
7395 | + cmp $__KERNEXEC_KERNEL_CS, %eax; \ | |
7396 | + jnz 2f; \ | |
58c5fc13 | 7397 | + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \ |
ae4e228f MT |
7398 | + btc $16, %eax; \ |
7399 | + ljmp $__KERNEL_CS, $1f; \ | |
7400 | +1: call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0);\ | |
7401 | +2: pop %ecx; pop %eax; \ | |
58c5fc13 | 7402 | + |
ae4e228f | 7403 | +#define PAX_ENTER_KERNEL \ |
58c5fc13 | 7404 | + push %eax; push %ecx; \ |
ae4e228f MT |
7405 | + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \ |
7406 | + bts $16, %eax; \ | |
7407 | + jnc 1f; \ | |
7408 | + mov %cs, %ecx; \ | |
7409 | + cmp $__KERNEL_CS, %ecx; \ | |
7410 | + jz 3f; \ | |
7411 | + ljmp $__KERNEL_CS, $3f; \ | |
7412 | +1: ljmp $__KERNEXEC_KERNEL_CS, $2f; \ | |
7413 | +2: call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0);\ | |
7414 | +3: pop %ecx; pop %eax; | |
7415 | +#else | |
7416 | +#define PAX_EXIT_KERNEL | |
7417 | +#define PAX_ENTER_KERNEL | |
7418 | +#endif | |
7419 | ||
7420 | #else /* !CONFIG_X86_32 */ | |
7421 | ||
7422 | @@ -1022,6 +1065,46 @@ extern void default_banner(void); | |
58c5fc13 MT |
7423 | PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_irq_enable_sysexit), \ |
7424 | CLBR_NONE, \ | |
ae4e228f MT |
7425 | jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_irq_enable_sysexit)) |
7426 | + | |
7427 | +#ifdef CONFIG_PAX_KERNEXEC | |
7428 | + .macro ljmpq sel, off | |
7429 | + .byte 0x48; ljmp *1234f(%rip) | |
7430 | + .pushsection .rodata | |
7431 | + .align 16 | |
7432 | + 1234: .quad \off; .word \sel | |
7433 | + .popsection | |
7434 | + .endm | |
7435 | + | |
7436 | +#define PAX_EXIT_KERNEL \ | |
7437 | + PV_SAVE_REGS(CLBR_NONE); \ | |
7438 | + mov %cs, %rax; \ | |
7439 | + cmp $__KERNEXEC_KERNEL_CS, %eax; \ | |
7440 | + jnz 2f; \ | |
7441 | + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \ | |
7442 | + btc $16, %rax; \ | |
7443 | + mov %rax, %rdi; \ | |
7444 | + ljmpq __KERNEL_CS, 1f; \ | |
7445 | +1: call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0);\ | |
7446 | +2: PV_RESTORE_REGS(CLBR_NONE); | |
7447 | + | |
7448 | +#define PAX_ENTER_KERNEL \ | |
7449 | + PV_SAVE_REGS(CLBR_NONE); \ | |
7450 | + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \ | |
7451 | + bts $16, %rax; \ | |
7452 | + jnc 1f; \ | |
7453 | + mov %cs, %rax; \ | |
7454 | + cmp $__KERNEL_CS, %eax; \ | |
7455 | + jz 3f; \ | |
7456 | + ljmpq __KERNEL_CS, 3f; \ | |
7457 | +1: mov %rax, %rdi; \ | |
7458 | + ljmpq __KERNEXEC_KERNEL_CS, 2f; \ | |
7459 | +2: call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0);\ | |
7460 | +3: PV_RESTORE_REGS(CLBR_NONE); | |
7461 | +#else | |
7462 | +#define PAX_EXIT_KERNEL | |
7463 | +#define PAX_ENTER_KERNEL | |
7464 | +#endif | |
7465 | + | |
7466 | #endif /* CONFIG_X86_32 */ | |
7467 | ||
7468 | #endif /* __ASSEMBLY__ */ | |
7469 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/paravirt_types.h linux-2.6.33.1/arch/x86/include/asm/paravirt_types.h | |
7470 | --- linux-2.6.33.1/arch/x86/include/asm/paravirt_types.h 2010-03-15 12:09:39.000000000 -0400 | |
7471 | +++ linux-2.6.33.1/arch/x86/include/asm/paravirt_types.h 2010-03-20 16:58:38.980670389 -0400 | |
7472 | @@ -316,6 +316,12 @@ struct pv_mmu_ops { | |
7473 | an mfn. We can tell which is which from the index. */ | |
7474 | void (*set_fixmap)(unsigned /* enum fixed_addresses */ idx, | |
7475 | phys_addr_t phys, pgprot_t flags); | |
7476 | + | |
7477 | +#ifdef CONFIG_PAX_KERNEXEC | |
7478 | + unsigned long (*pax_open_kernel)(void); | |
7479 | + unsigned long (*pax_close_kernel)(void); | |
7480 | +#endif | |
7481 | + | |
7482 | }; | |
7483 | ||
7484 | struct arch_spinlock; | |
7485 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/pci_x86.h linux-2.6.33.1/arch/x86/include/asm/pci_x86.h | |
7486 | --- linux-2.6.33.1/arch/x86/include/asm/pci_x86.h 2010-03-15 12:09:39.000000000 -0400 | |
7487 | +++ linux-2.6.33.1/arch/x86/include/asm/pci_x86.h 2010-03-20 16:58:38.980670389 -0400 | |
7488 | @@ -89,16 +89,16 @@ extern int (*pcibios_enable_irq)(struct | |
7489 | extern void (*pcibios_disable_irq)(struct pci_dev *dev); | |
7490 | ||
7491 | struct pci_raw_ops { | |
7492 | - int (*read)(unsigned int domain, unsigned int bus, unsigned int devfn, | |
7493 | + int (* const read)(unsigned int domain, unsigned int bus, unsigned int devfn, | |
7494 | int reg, int len, u32 *val); | |
7495 | - int (*write)(unsigned int domain, unsigned int bus, unsigned int devfn, | |
7496 | + int (* const write)(unsigned int domain, unsigned int bus, unsigned int devfn, | |
7497 | int reg, int len, u32 val); | |
7498 | }; | |
7499 | ||
7500 | -extern struct pci_raw_ops *raw_pci_ops; | |
7501 | -extern struct pci_raw_ops *raw_pci_ext_ops; | |
7502 | +extern const struct pci_raw_ops *raw_pci_ops; | |
7503 | +extern const struct pci_raw_ops *raw_pci_ext_ops; | |
7504 | ||
7505 | -extern struct pci_raw_ops pci_direct_conf1; | |
7506 | +extern const struct pci_raw_ops pci_direct_conf1; | |
7507 | extern bool port_cf9_safe; | |
7508 | ||
7509 | /* arch_initcall level */ | |
7510 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/pgalloc.h linux-2.6.33.1/arch/x86/include/asm/pgalloc.h | |
7511 | --- linux-2.6.33.1/arch/x86/include/asm/pgalloc.h 2010-03-15 12:09:39.000000000 -0400 | |
7512 | +++ linux-2.6.33.1/arch/x86/include/asm/pgalloc.h 2010-03-20 16:58:38.980670389 -0400 | |
7513 | @@ -63,6 +63,13 @@ static inline void pmd_populate_kernel(s | |
58c5fc13 MT |
7514 | pmd_t *pmd, pte_t *pte) |
7515 | { | |
7516 | paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT); | |
7517 | + set_pmd(pmd, __pmd(__pa(pte) | _KERNPG_TABLE)); | |
7518 | +} | |
7519 | + | |
7520 | +static inline void pmd_populate_user(struct mm_struct *mm, | |
7521 | + pmd_t *pmd, pte_t *pte) | |
7522 | +{ | |
7523 | + paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT); | |
7524 | set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE)); | |
7525 | } | |
7526 | ||
ae4e228f MT |
7527 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/pgtable-2level.h linux-2.6.33.1/arch/x86/include/asm/pgtable-2level.h |
7528 | --- linux-2.6.33.1/arch/x86/include/asm/pgtable-2level.h 2010-03-15 12:09:39.000000000 -0400 | |
7529 | +++ linux-2.6.33.1/arch/x86/include/asm/pgtable-2level.h 2010-03-20 16:58:38.980670389 -0400 | |
7530 | @@ -18,7 +18,9 @@ static inline void native_set_pte(pte_t | |
58c5fc13 MT |
7531 | |
7532 | static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) | |
7533 | { | |
ae4e228f | 7534 | + pax_open_kernel(); |
58c5fc13 | 7535 | *pmdp = pmd; |
ae4e228f | 7536 | + pax_close_kernel(); |
58c5fc13 MT |
7537 | } |
7538 | ||
7539 | static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) | |
ae4e228f MT |
7540 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/pgtable_32.h linux-2.6.33.1/arch/x86/include/asm/pgtable_32.h |
7541 | --- linux-2.6.33.1/arch/x86/include/asm/pgtable_32.h 2010-03-15 12:09:39.000000000 -0400 | |
7542 | +++ linux-2.6.33.1/arch/x86/include/asm/pgtable_32.h 2010-03-20 16:58:38.980670389 -0400 | |
58c5fc13 MT |
7543 | @@ -26,8 +26,6 @@ |
7544 | struct mm_struct; | |
7545 | struct vm_area_struct; | |
7546 | ||
7547 | -extern pgd_t swapper_pg_dir[1024]; | |
7548 | - | |
7549 | static inline void pgtable_cache_init(void) { } | |
7550 | static inline void check_pgt_cache(void) { } | |
7551 | void paging_init(void); | |
7552 | @@ -48,6 +46,11 @@ extern void set_pmd_pfn(unsigned long, u | |
7553 | # include <asm/pgtable-2level.h> | |
7554 | #endif | |
7555 | ||
7556 | +extern pgd_t swapper_pg_dir[PTRS_PER_PGD]; | |
7557 | +#ifdef CONFIG_X86_PAE | |
7558 | +extern pmd_t swapper_pm_dir[PTRS_PER_PGD][PTRS_PER_PMD]; | |
7559 | +#endif | |
7560 | + | |
7561 | #if defined(CONFIG_HIGHPTE) | |
7562 | #define __KM_PTE \ | |
7563 | (in_nmi() ? KM_NMI_PTE : \ | |
ae4e228f MT |
7564 | @@ -72,7 +75,9 @@ extern void set_pmd_pfn(unsigned long, u |
7565 | /* Clear a kernel PTE and flush it from the TLB */ | |
7566 | #define kpte_clear_flush(ptep, vaddr) \ | |
7567 | do { \ | |
7568 | + pax_open_kernel(); \ | |
7569 | pte_clear(&init_mm, (vaddr), (ptep)); \ | |
7570 | + pax_close_kernel(); \ | |
7571 | __flush_tlb_one((vaddr)); \ | |
7572 | } while (0) | |
7573 | ||
7574 | @@ -84,6 +89,9 @@ do { \ | |
58c5fc13 MT |
7575 | |
7576 | #endif /* !__ASSEMBLY__ */ | |
7577 | ||
7578 | +#define HAVE_ARCH_UNMAPPED_AREA | |
7579 | +#define HAVE_ARCH_UNMAPPED_AREA_TOPDOWN | |
7580 | + | |
7581 | /* | |
7582 | * kern_addr_valid() is (1) for FLATMEM and (0) for | |
7583 | * SPARSEMEM and DISCONTIGMEM | |
ae4e228f MT |
7584 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/pgtable_32_types.h linux-2.6.33.1/arch/x86/include/asm/pgtable_32_types.h |
7585 | --- linux-2.6.33.1/arch/x86/include/asm/pgtable_32_types.h 2010-03-15 12:09:39.000000000 -0400 | |
7586 | +++ linux-2.6.33.1/arch/x86/include/asm/pgtable_32_types.h 2010-03-20 16:58:38.980670389 -0400 | |
58c5fc13 MT |
7587 | @@ -8,7 +8,7 @@ |
7588 | */ | |
7589 | #ifdef CONFIG_X86_PAE | |
7590 | # include <asm/pgtable-3level_types.h> | |
7591 | -# define PMD_SIZE (1UL << PMD_SHIFT) | |
7592 | +# define PMD_SIZE (_AC(1, UL) << PMD_SHIFT) | |
7593 | # define PMD_MASK (~(PMD_SIZE - 1)) | |
7594 | #else | |
7595 | # include <asm/pgtable-2level_types.h> | |
7596 | @@ -46,6 +46,19 @@ extern bool __vmalloc_start_set; /* set | |
7597 | # define VMALLOC_END (FIXADDR_START - 2 * PAGE_SIZE) | |
7598 | #endif | |
7599 | ||
7600 | +#ifdef CONFIG_PAX_KERNEXEC | |
7601 | +#ifndef __ASSEMBLY__ | |
7602 | +extern unsigned char MODULES_EXEC_VADDR[]; | |
7603 | +extern unsigned char MODULES_EXEC_END[]; | |
7604 | +#endif | |
7605 | +#include <asm/boot.h> | |
7606 | +#define ktla_ktva(addr) (addr + LOAD_PHYSICAL_ADDR + PAGE_OFFSET) | |
7607 | +#define ktva_ktla(addr) (addr - LOAD_PHYSICAL_ADDR - PAGE_OFFSET) | |
7608 | +#else | |
7609 | +#define ktla_ktva(addr) (addr) | |
7610 | +#define ktva_ktla(addr) (addr) | |
7611 | +#endif | |
7612 | + | |
7613 | #define MODULES_VADDR VMALLOC_START | |
7614 | #define MODULES_END VMALLOC_END | |
7615 | #define MODULES_LEN (MODULES_VADDR - MODULES_END) | |
ae4e228f MT |
7616 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/pgtable-3level.h linux-2.6.33.1/arch/x86/include/asm/pgtable-3level.h |
7617 | --- linux-2.6.33.1/arch/x86/include/asm/pgtable-3level.h 2010-03-15 12:09:39.000000000 -0400 | |
7618 | +++ linux-2.6.33.1/arch/x86/include/asm/pgtable-3level.h 2010-03-20 16:58:38.980670389 -0400 | |
7619 | @@ -38,12 +38,16 @@ static inline void native_set_pte_atomic | |
58c5fc13 MT |
7620 | |
7621 | static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) | |
7622 | { | |
ae4e228f | 7623 | + pax_open_kernel(); |
58c5fc13 | 7624 | set_64bit((unsigned long long *)(pmdp), native_pmd_val(pmd)); |
ae4e228f | 7625 | + pax_close_kernel(); |
58c5fc13 MT |
7626 | } |
7627 | ||
7628 | static inline void native_set_pud(pud_t *pudp, pud_t pud) | |
7629 | { | |
ae4e228f | 7630 | + pax_open_kernel(); |
58c5fc13 | 7631 | set_64bit((unsigned long long *)(pudp), native_pud_val(pud)); |
ae4e228f | 7632 | + pax_close_kernel(); |
58c5fc13 MT |
7633 | } |
7634 | ||
7635 | /* | |
ae4e228f MT |
7636 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/pgtable_64.h linux-2.6.33.1/arch/x86/include/asm/pgtable_64.h |
7637 | --- linux-2.6.33.1/arch/x86/include/asm/pgtable_64.h 2010-03-15 12:09:39.000000000 -0400 | |
7638 | +++ linux-2.6.33.1/arch/x86/include/asm/pgtable_64.h 2010-03-20 16:58:38.980670389 -0400 | |
58c5fc13 MT |
7639 | @@ -16,9 +16,12 @@ |
7640 | ||
7641 | extern pud_t level3_kernel_pgt[512]; | |
7642 | extern pud_t level3_ident_pgt[512]; | |
7643 | +extern pud_t level3_vmalloc_pgt[512]; | |
7644 | +extern pud_t level3_vmemmap_pgt[512]; | |
7645 | +extern pud_t level2_vmemmap_pgt[512]; | |
7646 | extern pmd_t level2_kernel_pgt[512]; | |
7647 | extern pmd_t level2_fixmap_pgt[512]; | |
7648 | -extern pmd_t level2_ident_pgt[512]; | |
ae4e228f | 7649 | +extern pmd_t level2_ident_pgt[512*2]; |
58c5fc13 MT |
7650 | extern pgd_t init_level4_pgt[]; |
7651 | ||
7652 | #define swapper_pg_dir init_level4_pgt | |
ae4e228f | 7653 | @@ -74,7 +77,9 @@ static inline pte_t native_ptep_get_and_ |
58c5fc13 MT |
7654 | |
7655 | static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) | |
7656 | { | |
ae4e228f MT |
7657 | + pax_open_kernel(); |
7658 | *pmdp = pmd; | |
7659 | + pax_close_kernel(); | |
7660 | } | |
7661 | ||
7662 | static inline void native_pmd_clear(pmd_t *pmd) | |
7663 | @@ -94,7 +99,9 @@ static inline void native_pud_clear(pud_ | |
7664 | ||
7665 | static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) | |
7666 | { | |
7667 | + pax_open_kernel(); | |
7668 | *pgdp = pgd; | |
7669 | + pax_close_kernel(); | |
7670 | } | |
7671 | ||
7672 | static inline void native_pgd_clear(pgd_t *pgd) | |
7673 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/pgtable.h linux-2.6.33.1/arch/x86/include/asm/pgtable.h | |
7674 | --- linux-2.6.33.1/arch/x86/include/asm/pgtable.h 2010-03-15 12:09:39.000000000 -0400 | |
7675 | +++ linux-2.6.33.1/arch/x86/include/asm/pgtable.h 2010-03-20 16:58:38.980670389 -0400 | |
7676 | @@ -76,12 +76,51 @@ extern struct list_head pgd_list; | |
7677 | ||
7678 | #define arch_end_context_switch(prev) do {} while(0) | |
7679 | ||
7680 | +#define pax_open_kernel() native_pax_open_kernel() | |
7681 | +#define pax_close_kernel() native_pax_close_kernel() | |
7682 | #endif /* CONFIG_PARAVIRT */ | |
7683 | ||
7684 | +#define __HAVE_ARCH_PAX_OPEN_KERNEL | |
7685 | +#define __HAVE_ARCH_PAX_CLOSE_KERNEL | |
58c5fc13 MT |
7686 | + |
7687 | +#ifdef CONFIG_PAX_KERNEXEC | |
ae4e228f MT |
7688 | +static inline unsigned long native_pax_open_kernel(void) |
7689 | +{ | |
58c5fc13 MT |
7690 | + unsigned long cr0; |
7691 | + | |
ae4e228f MT |
7692 | + preempt_disable(); |
7693 | + barrier(); | |
7694 | + cr0 = read_cr0() ^ X86_CR0_WP; | |
7695 | + BUG_ON(unlikely(cr0 & X86_CR0_WP)); | |
7696 | + write_cr0(cr0); | |
7697 | + return cr0 ^ X86_CR0_WP; | |
7698 | +} | |
58c5fc13 | 7699 | + |
ae4e228f MT |
7700 | +static inline unsigned long native_pax_close_kernel(void) |
7701 | +{ | |
7702 | + unsigned long cr0; | |
58c5fc13 | 7703 | + |
ae4e228f MT |
7704 | + cr0 = read_cr0() ^ X86_CR0_WP; |
7705 | + BUG_ON(unlikely(!(cr0 & X86_CR0_WP))); | |
7706 | + write_cr0(cr0); | |
7707 | + barrier(); | |
7708 | + preempt_enable_no_resched(); | |
7709 | + return cr0 ^ X86_CR0_WP; | |
7710 | +} | |
7711 | +#else | |
7712 | +static inline unsigned long native_pax_open_kernel(void) { return 0; } | |
7713 | +static inline unsigned long native_pax_close_kernel(void) { return 0; } | |
58c5fc13 MT |
7714 | +#endif |
7715 | + | |
ae4e228f | 7716 | /* |
58c5fc13 MT |
7717 | * The following only work if pte_present() is true. |
7718 | * Undefined behaviour if not.. | |
7719 | */ | |
7720 | +static inline int pte_user(pte_t pte) | |
7721 | +{ | |
7722 | + return pte_val(pte) & _PAGE_USER; | |
7723 | +} | |
7724 | + | |
7725 | static inline int pte_dirty(pte_t pte) | |
7726 | { | |
7727 | return pte_flags(pte) & _PAGE_DIRTY; | |
ae4e228f | 7728 | @@ -169,9 +208,29 @@ static inline pte_t pte_wrprotect(pte_t |
58c5fc13 MT |
7729 | return pte_clear_flags(pte, _PAGE_RW); |
7730 | } | |
7731 | ||
7732 | +static inline pte_t pte_mkread(pte_t pte) | |
7733 | +{ | |
7734 | + return __pte(pte_val(pte) | _PAGE_USER); | |
7735 | +} | |
7736 | + | |
7737 | static inline pte_t pte_mkexec(pte_t pte) | |
7738 | { | |
7739 | - return pte_clear_flags(pte, _PAGE_NX); | |
7740 | +#ifdef CONFIG_X86_PAE | |
7741 | + if (__supported_pte_mask & _PAGE_NX) | |
7742 | + return pte_clear_flags(pte, _PAGE_NX); | |
7743 | + else | |
7744 | +#endif | |
7745 | + return pte_set_flags(pte, _PAGE_USER); | |
7746 | +} | |
7747 | + | |
7748 | +static inline pte_t pte_exprotect(pte_t pte) | |
7749 | +{ | |
7750 | +#ifdef CONFIG_X86_PAE | |
7751 | + if (__supported_pte_mask & _PAGE_NX) | |
7752 | + return pte_set_flags(pte, _PAGE_NX); | |
7753 | + else | |
7754 | +#endif | |
7755 | + return pte_clear_flags(pte, _PAGE_USER); | |
7756 | } | |
7757 | ||
7758 | static inline pte_t pte_mkdirty(pte_t pte) | |
ae4e228f | 7759 | @@ -474,7 +533,7 @@ static inline pud_t *pud_offset(pgd_t *p |
58c5fc13 MT |
7760 | |
7761 | static inline int pgd_bad(pgd_t pgd) | |
7762 | { | |
7763 | - return (pgd_flags(pgd) & ~_PAGE_USER) != _KERNPG_TABLE; | |
7764 | + return (pgd_flags(pgd) & ~(_PAGE_USER | _PAGE_NX)) != _KERNPG_TABLE; | |
7765 | } | |
7766 | ||
7767 | static inline int pgd_none(pgd_t pgd) | |
ae4e228f MT |
7768 | @@ -613,9 +672,12 @@ static inline void ptep_set_wrprotect(st |
7769 | * dst and src can be on the same page, but the range must not overlap, | |
7770 | * and must not cross a page boundary. | |
58c5fc13 | 7771 | */ |
ae4e228f MT |
7772 | -static inline void clone_pgd_range(pgd_t *dst, pgd_t *src, int count) |
7773 | +static inline void clone_pgd_range(pgd_t *dst, const pgd_t *src, int count) | |
58c5fc13 MT |
7774 | { |
7775 | - memcpy(dst, src, count * sizeof(pgd_t)); | |
ae4e228f MT |
7776 | + pax_open_kernel(); |
7777 | + while (count--) | |
7778 | + *dst++ = *src++; | |
7779 | + pax_close_kernel(); | |
58c5fc13 MT |
7780 | } |
7781 | ||
7782 | ||
ae4e228f MT |
7783 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/pgtable_types.h linux-2.6.33.1/arch/x86/include/asm/pgtable_types.h |
7784 | --- linux-2.6.33.1/arch/x86/include/asm/pgtable_types.h 2010-03-15 12:09:39.000000000 -0400 | |
7785 | +++ linux-2.6.33.1/arch/x86/include/asm/pgtable_types.h 2010-03-20 16:58:38.980670389 -0400 | |
58c5fc13 MT |
7786 | @@ -16,12 +16,11 @@ |
7787 | #define _PAGE_BIT_PSE 7 /* 4 MB (or 2MB) page */ | |
7788 | #define _PAGE_BIT_PAT 7 /* on 4KB pages */ | |
7789 | #define _PAGE_BIT_GLOBAL 8 /* Global TLB entry PPro+ */ | |
7790 | -#define _PAGE_BIT_UNUSED1 9 /* available for programmer */ | |
7791 | +#define _PAGE_BIT_SPECIAL 9 /* special mappings, no associated struct page */ | |
7792 | #define _PAGE_BIT_IOMAP 10 /* flag used to indicate IO mapping */ | |
7793 | #define _PAGE_BIT_HIDDEN 11 /* hidden by kmemcheck */ | |
7794 | #define _PAGE_BIT_PAT_LARGE 12 /* On 2MB or 1GB pages */ | |
7795 | -#define _PAGE_BIT_SPECIAL _PAGE_BIT_UNUSED1 | |
7796 | -#define _PAGE_BIT_CPA_TEST _PAGE_BIT_UNUSED1 | |
7797 | +#define _PAGE_BIT_CPA_TEST _PAGE_BIT_SPECIAL | |
7798 | #define _PAGE_BIT_NX 63 /* No execute: only valid after cpuid check */ | |
7799 | ||
7800 | /* If _PAGE_BIT_PRESENT is clear, we use these: */ | |
7801 | @@ -39,7 +38,6 @@ | |
7802 | #define _PAGE_DIRTY (_AT(pteval_t, 1) << _PAGE_BIT_DIRTY) | |
7803 | #define _PAGE_PSE (_AT(pteval_t, 1) << _PAGE_BIT_PSE) | |
7804 | #define _PAGE_GLOBAL (_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL) | |
7805 | -#define _PAGE_UNUSED1 (_AT(pteval_t, 1) << _PAGE_BIT_UNUSED1) | |
7806 | #define _PAGE_IOMAP (_AT(pteval_t, 1) << _PAGE_BIT_IOMAP) | |
7807 | #define _PAGE_PAT (_AT(pteval_t, 1) << _PAGE_BIT_PAT) | |
7808 | #define _PAGE_PAT_LARGE (_AT(pteval_t, 1) << _PAGE_BIT_PAT_LARGE) | |
7809 | @@ -55,8 +53,10 @@ | |
7810 | ||
7811 | #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE) | |
7812 | #define _PAGE_NX (_AT(pteval_t, 1) << _PAGE_BIT_NX) | |
7813 | -#else | |
7814 | +#elif defined(CONFIG_KMEMCHECK) | |
7815 | #define _PAGE_NX (_AT(pteval_t, 0)) | |
7816 | +#else | |
7817 | +#define _PAGE_NX (_AT(pteval_t, 1) << _PAGE_BIT_HIDDEN) | |
7818 | #endif | |
7819 | ||
7820 | #define _PAGE_FILE (_AT(pteval_t, 1) << _PAGE_BIT_FILE) | |
7821 | @@ -93,6 +93,9 @@ | |
7822 | #define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | \ | |
7823 | _PAGE_ACCESSED) | |
7824 | ||
7825 | +#define PAGE_READONLY_NOEXEC PAGE_READONLY | |
7826 | +#define PAGE_SHARED_NOEXEC PAGE_SHARED | |
7827 | + | |
7828 | #define __PAGE_KERNEL_EXEC \ | |
7829 | (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_GLOBAL) | |
7830 | #define __PAGE_KERNEL (__PAGE_KERNEL_EXEC | _PAGE_NX) | |
7831 | @@ -103,8 +106,8 @@ | |
7832 | #define __PAGE_KERNEL_WC (__PAGE_KERNEL | _PAGE_CACHE_WC) | |
7833 | #define __PAGE_KERNEL_NOCACHE (__PAGE_KERNEL | _PAGE_PCD | _PAGE_PWT) | |
7834 | #define __PAGE_KERNEL_UC_MINUS (__PAGE_KERNEL | _PAGE_PCD) | |
7835 | -#define __PAGE_KERNEL_VSYSCALL (__PAGE_KERNEL_RX | _PAGE_USER) | |
7836 | -#define __PAGE_KERNEL_VSYSCALL_NOCACHE (__PAGE_KERNEL_VSYSCALL | _PAGE_PCD | _PAGE_PWT) | |
7837 | +#define __PAGE_KERNEL_VSYSCALL (__PAGE_KERNEL_RO | _PAGE_USER) | |
7838 | +#define __PAGE_KERNEL_VSYSCALL_NOCACHE (__PAGE_KERNEL_RO | _PAGE_PCD | _PAGE_PWT | _PAGE_USER) | |
7839 | #define __PAGE_KERNEL_LARGE (__PAGE_KERNEL | _PAGE_PSE) | |
7840 | #define __PAGE_KERNEL_LARGE_NOCACHE (__PAGE_KERNEL | _PAGE_CACHE_UC | _PAGE_PSE) | |
7841 | #define __PAGE_KERNEL_LARGE_EXEC (__PAGE_KERNEL_EXEC | _PAGE_PSE) | |
7842 | @@ -163,8 +166,8 @@ | |
7843 | * bits are combined, this will alow user to access the high address mapped | |
7844 | * VDSO in the presence of CONFIG_COMPAT_VDSO | |
7845 | */ | |
7846 | -#define PTE_IDENT_ATTR 0x003 /* PRESENT+RW */ | |
7847 | -#define PDE_IDENT_ATTR 0x067 /* PRESENT+RW+USER+DIRTY+ACCESSED */ | |
7848 | +#define PTE_IDENT_ATTR 0x063 /* PRESENT+RW+DIRTY+ACCESSED */ | |
7849 | +#define PDE_IDENT_ATTR 0x063 /* PRESENT+RW+DIRTY+ACCESSED */ | |
7850 | #define PGD_IDENT_ATTR 0x001 /* PRESENT (no other attributes) */ | |
7851 | #endif | |
7852 | ||
ae4e228f | 7853 | @@ -278,7 +281,6 @@ typedef struct page *pgtable_t; |
58c5fc13 MT |
7854 | |
7855 | extern pteval_t __supported_pte_mask; | |
ae4e228f MT |
7856 | extern void set_nx(void); |
7857 | -extern int nx_enabled; | |
58c5fc13 MT |
7858 | |
7859 | #define pgprot_writecombine pgprot_writecombine | |
7860 | extern pgprot_t pgprot_writecombine(pgprot_t prot); | |
ae4e228f MT |
7861 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/processor.h linux-2.6.33.1/arch/x86/include/asm/processor.h |
7862 | --- linux-2.6.33.1/arch/x86/include/asm/processor.h 2010-03-15 12:09:39.000000000 -0400 | |
7863 | +++ linux-2.6.33.1/arch/x86/include/asm/processor.h 2010-03-20 16:58:38.980670389 -0400 | |
7864 | @@ -273,7 +273,7 @@ struct tss_struct { | |
58c5fc13 MT |
7865 | |
7866 | } ____cacheline_aligned; | |
7867 | ||
7868 | -DECLARE_PER_CPU_SHARED_ALIGNED(struct tss_struct, init_tss); | |
7869 | +extern struct tss_struct init_tss[NR_CPUS]; | |
7870 | ||
7871 | /* | |
7872 | * Save the original ist values for checking stack pointers during debugging | |
ae4e228f | 7873 | @@ -913,8 +913,15 @@ static inline void spin_lock_prefetch(co |
58c5fc13 MT |
7874 | */ |
7875 | #define TASK_SIZE PAGE_OFFSET | |
7876 | #define TASK_SIZE_MAX TASK_SIZE | |
7877 | + | |
7878 | +#ifdef CONFIG_PAX_SEGMEXEC | |
7879 | +#define SEGMEXEC_TASK_SIZE (TASK_SIZE / 2) | |
58c5fc13 MT |
7880 | +#define STACK_TOP ((current->mm->pax_flags & MF_PAX_SEGMEXEC)?SEGMEXEC_TASK_SIZE:TASK_SIZE) |
7881 | +#else | |
7882 | #define STACK_TOP TASK_SIZE | |
7883 | -#define STACK_TOP_MAX STACK_TOP | |
7884 | +#endif | |
ae4e228f | 7885 | + |
58c5fc13 MT |
7886 | +#define STACK_TOP_MAX TASK_SIZE |
7887 | ||
7888 | #define INIT_THREAD { \ | |
7889 | .sp0 = sizeof(init_stack) + (long)&init_stack, \ | |
ae4e228f | 7890 | @@ -931,7 +938,7 @@ static inline void spin_lock_prefetch(co |
58c5fc13 MT |
7891 | */ |
7892 | #define INIT_TSS { \ | |
7893 | .x86_tss = { \ | |
7894 | - .sp0 = sizeof(init_stack) + (long)&init_stack, \ | |
7895 | + .sp0 = sizeof(init_stack) + (long)&init_stack - 8, \ | |
7896 | .ss0 = __KERNEL_DS, \ | |
7897 | .ss1 = __KERNEL_CS, \ | |
7898 | .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ | |
ae4e228f | 7899 | @@ -942,11 +949,7 @@ static inline void spin_lock_prefetch(co |
58c5fc13 MT |
7900 | extern unsigned long thread_saved_pc(struct task_struct *tsk); |
7901 | ||
7902 | #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) | |
7903 | -#define KSTK_TOP(info) \ | |
7904 | -({ \ | |
7905 | - unsigned long *__ptr = (unsigned long *)(info); \ | |
7906 | - (unsigned long)(&__ptr[THREAD_SIZE_LONGS]); \ | |
7907 | -}) | |
7908 | +#define KSTK_TOP(info) ((info)->task.thread.sp0) | |
7909 | ||
7910 | /* | |
7911 | * The below -8 is to reserve 8 bytes on top of the ring0 stack. | |
ae4e228f | 7912 | @@ -961,7 +964,7 @@ extern unsigned long thread_saved_pc(str |
58c5fc13 MT |
7913 | #define task_pt_regs(task) \ |
7914 | ({ \ | |
7915 | struct pt_regs *__regs__; \ | |
7916 | - __regs__ = (struct pt_regs *)(KSTK_TOP(task_stack_page(task))-8); \ | |
7917 | + __regs__ = (struct pt_regs *)((task)->thread.sp0); \ | |
7918 | __regs__ - 1; \ | |
7919 | }) | |
7920 | ||
ae4e228f | 7921 | @@ -977,7 +980,7 @@ extern unsigned long thread_saved_pc(str |
58c5fc13 MT |
7922 | * space during mmap's. |
7923 | */ | |
7924 | #define IA32_PAGE_OFFSET ((current->personality & ADDR_LIMIT_3GB) ? \ | |
7925 | - 0xc0000000 : 0xFFFFe000) | |
7926 | + 0xc0000000 : 0xFFFFf000) | |
7927 | ||
7928 | #define TASK_SIZE (test_thread_flag(TIF_IA32) ? \ | |
7929 | IA32_PAGE_OFFSET : TASK_SIZE_MAX) | |
ae4e228f | 7930 | @@ -1014,6 +1017,10 @@ extern void start_thread(struct pt_regs |
58c5fc13 MT |
7931 | */ |
7932 | #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) | |
7933 | ||
7934 | +#ifdef CONFIG_PAX_SEGMEXEC | |
7935 | +#define SEGMEXEC_TASK_UNMAPPED_BASE (PAGE_ALIGN(SEGMEXEC_TASK_SIZE / 3)) | |
7936 | +#endif | |
7937 | + | |
7938 | #define KSTK_EIP(task) (task_pt_regs(task)->ip) | |
7939 | ||
7940 | /* Get/set a process' ability to use the timestamp counter instruction */ | |
ae4e228f MT |
7941 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/ptrace.h linux-2.6.33.1/arch/x86/include/asm/ptrace.h |
7942 | --- linux-2.6.33.1/arch/x86/include/asm/ptrace.h 2010-03-15 12:09:39.000000000 -0400 | |
7943 | +++ linux-2.6.33.1/arch/x86/include/asm/ptrace.h 2010-03-20 16:58:38.984539447 -0400 | |
7944 | @@ -152,28 +152,29 @@ static inline unsigned long regs_return_ | |
58c5fc13 MT |
7945 | } |
7946 | ||
7947 | /* | |
7948 | - * user_mode_vm(regs) determines whether a register set came from user mode. | |
7949 | + * user_mode(regs) determines whether a register set came from user mode. | |
7950 | * This is true if V8086 mode was enabled OR if the register set was from | |
7951 | * protected mode with RPL-3 CS value. This tricky test checks that with | |
7952 | * one comparison. Many places in the kernel can bypass this full check | |
7953 | - * if they have already ruled out V8086 mode, so user_mode(regs) can be used. | |
7954 | + * if they have already ruled out V8086 mode, so user_mode_novm(regs) can | |
7955 | + * be used. | |
7956 | */ | |
7957 | -static inline int user_mode(struct pt_regs *regs) | |
7958 | +static inline int user_mode_novm(struct pt_regs *regs) | |
7959 | { | |
7960 | #ifdef CONFIG_X86_32 | |
7961 | return (regs->cs & SEGMENT_RPL_MASK) == USER_RPL; | |
7962 | #else | |
7963 | - return !!(regs->cs & 3); | |
7964 | + return !!(regs->cs & SEGMENT_RPL_MASK); | |
7965 | #endif | |
7966 | } | |
7967 | ||
7968 | -static inline int user_mode_vm(struct pt_regs *regs) | |
7969 | +static inline int user_mode(struct pt_regs *regs) | |
7970 | { | |
7971 | #ifdef CONFIG_X86_32 | |
7972 | return ((regs->cs & SEGMENT_RPL_MASK) | (regs->flags & X86_VM_MASK)) >= | |
7973 | USER_RPL; | |
7974 | #else | |
7975 | - return user_mode(regs); | |
7976 | + return user_mode_novm(regs); | |
7977 | #endif | |
7978 | } | |
7979 | ||
ae4e228f MT |
7980 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/reboot.h linux-2.6.33.1/arch/x86/include/asm/reboot.h |
7981 | --- linux-2.6.33.1/arch/x86/include/asm/reboot.h 2010-03-15 12:09:39.000000000 -0400 | |
7982 | +++ linux-2.6.33.1/arch/x86/include/asm/reboot.h 2010-03-20 16:58:38.984539447 -0400 | |
58c5fc13 MT |
7983 | @@ -18,7 +18,7 @@ extern struct machine_ops machine_ops; |
7984 | ||
7985 | void native_machine_crash_shutdown(struct pt_regs *regs); | |
7986 | void native_machine_shutdown(void); | |
7987 | -void machine_real_restart(const unsigned char *code, int length); | |
7988 | +void machine_real_restart(const unsigned char *code, unsigned int length); | |
7989 | ||
7990 | typedef void (*nmi_shootdown_cb)(int, struct die_args*); | |
7991 | void nmi_shootdown_cpus(nmi_shootdown_cb callback); | |
ae4e228f MT |
7992 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/rwsem.h linux-2.6.33.1/arch/x86/include/asm/rwsem.h |
7993 | --- linux-2.6.33.1/arch/x86/include/asm/rwsem.h 2010-03-15 12:09:39.000000000 -0400 | |
7994 | +++ linux-2.6.33.1/arch/x86/include/asm/rwsem.h 2010-03-20 16:58:38.984539447 -0400 | |
58c5fc13 MT |
7995 | @@ -106,10 +106,26 @@ static inline void __down_read(struct rw |
7996 | { | |
7997 | asm volatile("# beginning down_read\n\t" | |
7998 | LOCK_PREFIX " incl (%%eax)\n\t" | |
7999 | + | |
8000 | +#ifdef CONFIG_PAX_REFCOUNT | |
8001 | +#ifdef CONFIG_X86_32 | |
8002 | + "into\n0:\n" | |
8003 | +#else | |
8004 | + "jno 0f\n" | |
8005 | + "int $4\n0:\n" | |
8006 | +#endif | |
8007 | + ".pushsection .fixup,\"ax\"\n" | |
8008 | + "1:\n" | |
8009 | + LOCK_PREFIX "decl (%%eax)\n" | |
8010 | + "jmp 0b\n" | |
8011 | + ".popsection\n" | |
8012 | + _ASM_EXTABLE(0b, 1b) | |
8013 | +#endif | |
8014 | + | |
8015 | /* adds 0x00000001, returns the old value */ | |
8016 | - " jns 1f\n" | |
8017 | + " jns 2f\n" | |
8018 | " call call_rwsem_down_read_failed\n" | |
8019 | - "1:\n\t" | |
8020 | + "2:\n\t" | |
8021 | "# ending down_read\n\t" | |
8022 | : "+m" (sem->count) | |
8023 | : "a" (sem) | |
8024 | @@ -124,13 +140,29 @@ static inline int __down_read_trylock(st | |
8025 | __s32 result, tmp; | |
8026 | asm volatile("# beginning __down_read_trylock\n\t" | |
8027 | " movl %0,%1\n\t" | |
8028 | - "1:\n\t" | |
8029 | + "2:\n\t" | |
8030 | " movl %1,%2\n\t" | |
8031 | " addl %3,%2\n\t" | |
8032 | - " jle 2f\n\t" | |
8033 | + | |
8034 | +#ifdef CONFIG_PAX_REFCOUNT | |
8035 | +#ifdef CONFIG_X86_32 | |
8036 | + "into\n0:\n" | |
8037 | +#else | |
8038 | + "jno 0f\n" | |
8039 | + "int $4\n0:\n" | |
8040 | +#endif | |
8041 | + ".pushsection .fixup,\"ax\"\n" | |
8042 | + "1:\n" | |
8043 | + "subl %3,%2\n" | |
8044 | + "jmp 0b\n" | |
8045 | + ".popsection\n" | |
8046 | + _ASM_EXTABLE(0b, 1b) | |
8047 | +#endif | |
8048 | + | |
8049 | + " jle 3f\n\t" | |
8050 | LOCK_PREFIX " cmpxchgl %2,%0\n\t" | |
8051 | - " jnz 1b\n\t" | |
8052 | - "2:\n\t" | |
8053 | + " jnz 2b\n\t" | |
8054 | + "3:\n\t" | |
8055 | "# ending __down_read_trylock\n\t" | |
8056 | : "+m" (sem->count), "=&a" (result), "=&r" (tmp) | |
8057 | : "i" (RWSEM_ACTIVE_READ_BIAS) | |
8058 | @@ -148,12 +180,28 @@ static inline void __down_write_nested(s | |
8059 | tmp = RWSEM_ACTIVE_WRITE_BIAS; | |
8060 | asm volatile("# beginning down_write\n\t" | |
8061 | LOCK_PREFIX " xadd %%edx,(%%eax)\n\t" | |
8062 | + | |
8063 | +#ifdef CONFIG_PAX_REFCOUNT | |
8064 | +#ifdef CONFIG_X86_32 | |
8065 | + "into\n0:\n" | |
8066 | +#else | |
8067 | + "jno 0f\n" | |
8068 | + "int $4\n0:\n" | |
8069 | +#endif | |
8070 | + ".pushsection .fixup,\"ax\"\n" | |
8071 | + "1:\n" | |
8072 | + "movl %%edx,(%%eax)\n" | |
8073 | + "jmp 0b\n" | |
8074 | + ".popsection\n" | |
8075 | + _ASM_EXTABLE(0b, 1b) | |
8076 | +#endif | |
8077 | + | |
8078 | /* subtract 0x0000ffff, returns the old value */ | |
8079 | " testl %%edx,%%edx\n\t" | |
8080 | /* was the count 0 before? */ | |
8081 | - " jz 1f\n" | |
8082 | + " jz 2f\n" | |
8083 | " call call_rwsem_down_write_failed\n" | |
8084 | - "1:\n" | |
8085 | + "2:\n" | |
8086 | "# ending down_write" | |
8087 | : "+m" (sem->count), "=d" (tmp) | |
8088 | : "a" (sem), "1" (tmp) | |
8089 | @@ -186,10 +234,26 @@ static inline void __up_read(struct rw_s | |
8090 | __s32 tmp = -RWSEM_ACTIVE_READ_BIAS; | |
8091 | asm volatile("# beginning __up_read\n\t" | |
8092 | LOCK_PREFIX " xadd %%edx,(%%eax)\n\t" | |
8093 | + | |
8094 | +#ifdef CONFIG_PAX_REFCOUNT | |
8095 | +#ifdef CONFIG_X86_32 | |
8096 | + "into\n0:\n" | |
8097 | +#else | |
8098 | + "jno 0f\n" | |
8099 | + "int $4\n0:\n" | |
8100 | +#endif | |
8101 | + ".pushsection .fixup,\"ax\"\n" | |
8102 | + "1:\n" | |
8103 | + "movl %%edx,(%%eax)\n" | |
8104 | + "jmp 0b\n" | |
8105 | + ".popsection\n" | |
8106 | + _ASM_EXTABLE(0b, 1b) | |
8107 | +#endif | |
8108 | + | |
8109 | /* subtracts 1, returns the old value */ | |
8110 | - " jns 1f\n\t" | |
8111 | + " jns 2f\n\t" | |
8112 | " call call_rwsem_wake\n" | |
8113 | - "1:\n" | |
8114 | + "2:\n" | |
8115 | "# ending __up_read\n" | |
8116 | : "+m" (sem->count), "=d" (tmp) | |
8117 | : "a" (sem), "1" (tmp) | |
8118 | @@ -204,11 +268,27 @@ static inline void __up_write(struct rw_ | |
8119 | asm volatile("# beginning __up_write\n\t" | |
8120 | " movl %2,%%edx\n\t" | |
8121 | LOCK_PREFIX " xaddl %%edx,(%%eax)\n\t" | |
8122 | + | |
8123 | +#ifdef CONFIG_PAX_REFCOUNT | |
8124 | +#ifdef CONFIG_X86_32 | |
8125 | + "into\n0:\n" | |
8126 | +#else | |
8127 | + "jno 0f\n" | |
8128 | + "int $4\n0:\n" | |
8129 | +#endif | |
8130 | + ".pushsection .fixup,\"ax\"\n" | |
8131 | + "1:\n" | |
8132 | + "movl %%edx,(%%eax)\n" | |
8133 | + "jmp 0b\n" | |
8134 | + ".popsection\n" | |
8135 | + _ASM_EXTABLE(0b, 1b) | |
8136 | +#endif | |
8137 | + | |
8138 | /* tries to transition | |
8139 | 0xffff0001 -> 0x00000000 */ | |
8140 | - " jz 1f\n" | |
8141 | + " jz 2f\n" | |
8142 | " call call_rwsem_wake\n" | |
8143 | - "1:\n\t" | |
8144 | + "2:\n\t" | |
8145 | "# ending __up_write\n" | |
8146 | : "+m" (sem->count) | |
8147 | : "a" (sem), "i" (-RWSEM_ACTIVE_WRITE_BIAS) | |
8148 | @@ -222,10 +302,26 @@ static inline void __downgrade_write(str | |
8149 | { | |
8150 | asm volatile("# beginning __downgrade_write\n\t" | |
8151 | LOCK_PREFIX " addl %2,(%%eax)\n\t" | |
8152 | + | |
8153 | +#ifdef CONFIG_PAX_REFCOUNT | |
8154 | +#ifdef CONFIG_X86_32 | |
8155 | + "into\n0:\n" | |
8156 | +#else | |
8157 | + "jno 0f\n" | |
8158 | + "int $4\n0:\n" | |
8159 | +#endif | |
8160 | + ".pushsection .fixup,\"ax\"\n" | |
8161 | + "1:\n" | |
8162 | + LOCK_PREFIX "subl %2,(%%eax)\n" | |
8163 | + "jmp 0b\n" | |
8164 | + ".popsection\n" | |
8165 | + _ASM_EXTABLE(0b, 1b) | |
8166 | +#endif | |
8167 | + | |
8168 | /* transitions 0xZZZZ0001 -> 0xYYYY0001 */ | |
8169 | - " jns 1f\n\t" | |
8170 | + " jns 2f\n\t" | |
8171 | " call call_rwsem_downgrade_wake\n" | |
8172 | - "1:\n\t" | |
8173 | + "2:\n\t" | |
8174 | "# ending __downgrade_write\n" | |
8175 | : "+m" (sem->count) | |
8176 | : "a" (sem), "i" (-RWSEM_WAITING_BIAS) | |
8177 | @@ -237,7 +333,23 @@ static inline void __downgrade_write(str | |
8178 | */ | |
8179 | static inline void rwsem_atomic_add(int delta, struct rw_semaphore *sem) | |
8180 | { | |
8181 | - asm volatile(LOCK_PREFIX "addl %1,%0" | |
8182 | + asm volatile(LOCK_PREFIX "addl %1,%0\n" | |
8183 | + | |
8184 | +#ifdef CONFIG_PAX_REFCOUNT | |
8185 | +#ifdef CONFIG_X86_32 | |
8186 | + "into\n0:\n" | |
8187 | +#else | |
8188 | + "jno 0f\n" | |
8189 | + "int $4\n0:\n" | |
8190 | +#endif | |
8191 | + ".pushsection .fixup,\"ax\"\n" | |
8192 | + "1:\n" | |
8193 | + LOCK_PREFIX "subl %1,%0\n" | |
8194 | + "jmp 0b\n" | |
8195 | + ".popsection\n" | |
8196 | + _ASM_EXTABLE(0b, 1b) | |
8197 | +#endif | |
8198 | + | |
8199 | : "+m" (sem->count) | |
8200 | : "ir" (delta)); | |
8201 | } | |
8202 | @@ -249,7 +361,23 @@ static inline int rwsem_atomic_update(in | |
8203 | { | |
8204 | int tmp = delta; | |
8205 | ||
8206 | - asm volatile(LOCK_PREFIX "xadd %0,%1" | |
8207 | + asm volatile(LOCK_PREFIX "xadd %0,%1\n" | |
8208 | + | |
8209 | +#ifdef CONFIG_PAX_REFCOUNT | |
8210 | +#ifdef CONFIG_X86_32 | |
8211 | + "into\n0:\n" | |
8212 | +#else | |
8213 | + "jno 0f\n" | |
8214 | + "int $4\n0:\n" | |
8215 | +#endif | |
8216 | + ".pushsection .fixup,\"ax\"\n" | |
8217 | + "1:\n" | |
8218 | + "movl %0,%1\n" | |
8219 | + "jmp 0b\n" | |
8220 | + ".popsection\n" | |
8221 | + _ASM_EXTABLE(0b, 1b) | |
8222 | +#endif | |
8223 | + | |
8224 | : "+r" (tmp), "+m" (sem->count) | |
8225 | : : "memory"); | |
8226 | ||
ae4e228f MT |
8227 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/segment.h linux-2.6.33.1/arch/x86/include/asm/segment.h |
8228 | --- linux-2.6.33.1/arch/x86/include/asm/segment.h 2010-03-15 12:09:39.000000000 -0400 | |
8229 | +++ linux-2.6.33.1/arch/x86/include/asm/segment.h 2010-03-20 16:58:38.984539447 -0400 | |
8230 | @@ -62,8 +62,8 @@ | |
8231 | * 26 - ESPFIX small SS | |
8232 | * 27 - per-cpu [ offset to per-cpu data area ] | |
8233 | * 28 - stack_canary-20 [ for stack protector ] | |
8234 | - * 29 - unused | |
8235 | - * 30 - unused | |
8236 | + * 29 - PCI BIOS CS | |
8237 | + * 30 - PCI BIOS DS | |
8238 | * 31 - TSS for double fault handler | |
8239 | */ | |
8240 | #define GDT_ENTRY_TLS_MIN 6 | |
8241 | @@ -77,6 +77,8 @@ | |
8242 | ||
8243 | #define GDT_ENTRY_KERNEL_CS (GDT_ENTRY_KERNEL_BASE + 0) | |
8244 | ||
8245 | +#define GDT_ENTRY_KERNEXEC_KERNEL_CS (4) | |
8246 | + | |
8247 | #define GDT_ENTRY_KERNEL_DS (GDT_ENTRY_KERNEL_BASE + 1) | |
8248 | ||
8249 | #define GDT_ENTRY_TSS (GDT_ENTRY_KERNEL_BASE + 4) | |
8250 | @@ -88,7 +90,7 @@ | |
58c5fc13 MT |
8251 | #define GDT_ENTRY_ESPFIX_SS (GDT_ENTRY_KERNEL_BASE + 14) |
8252 | #define __ESPFIX_SS (GDT_ENTRY_ESPFIX_SS * 8) | |
8253 | ||
8254 | -#define GDT_ENTRY_PERCPU (GDT_ENTRY_KERNEL_BASE + 15) | |
8255 | +#define GDT_ENTRY_PERCPU (GDT_ENTRY_KERNEL_BASE + 15) | |
8256 | #ifdef CONFIG_SMP | |
8257 | #define __KERNEL_PERCPU (GDT_ENTRY_PERCPU * 8) | |
8258 | #else | |
ae4e228f | 8259 | @@ -102,6 +104,12 @@ |
58c5fc13 MT |
8260 | #define __KERNEL_STACK_CANARY 0 |
8261 | #endif | |
8262 | ||
8263 | +#define GDT_ENTRY_PCIBIOS_CS (GDT_ENTRY_KERNEL_BASE + 17) | |
8264 | +#define __PCIBIOS_CS (GDT_ENTRY_PCIBIOS_CS * 8) | |
8265 | + | |
8266 | +#define GDT_ENTRY_PCIBIOS_DS (GDT_ENTRY_KERNEL_BASE + 18) | |
8267 | +#define __PCIBIOS_DS (GDT_ENTRY_PCIBIOS_DS * 8) | |
8268 | + | |
8269 | #define GDT_ENTRY_DOUBLEFAULT_TSS 31 | |
8270 | ||
8271 | /* | |
ae4e228f | 8272 | @@ -139,7 +147,7 @@ |
58c5fc13 MT |
8273 | */ |
8274 | ||
8275 | /* Matches PNP_CS32 and PNP_CS16 (they must be consecutive) */ | |
8276 | -#define SEGMENT_IS_PNP_CODE(x) (((x) & 0xf4) == GDT_ENTRY_PNPBIOS_BASE * 8) | |
8277 | +#define SEGMENT_IS_PNP_CODE(x) (((x) & 0xFFFCU) == PNP_CS32 || ((x) & 0xFFFCU) == PNP_CS16) | |
8278 | ||
8279 | ||
8280 | #else | |
ae4e228f MT |
8281 | @@ -163,6 +171,8 @@ |
8282 | #define __USER32_CS (GDT_ENTRY_DEFAULT_USER32_CS * 8 + 3) | |
8283 | #define __USER32_DS __USER_DS | |
8284 | ||
8285 | +#define GDT_ENTRY_KERNEXEC_KERNEL_CS 7 | |
8286 | + | |
8287 | #define GDT_ENTRY_TSS 8 /* needs two entries */ | |
8288 | #define GDT_ENTRY_LDT 10 /* needs two entries */ | |
8289 | #define GDT_ENTRY_TLS_MIN 12 | |
8290 | @@ -183,6 +193,7 @@ | |
8291 | #endif | |
8292 | ||
8293 | #define __KERNEL_CS (GDT_ENTRY_KERNEL_CS * 8) | |
8294 | +#define __KERNEXEC_KERNEL_CS (GDT_ENTRY_KERNEXEC_KERNEL_CS * 8) | |
8295 | #define __KERNEL_DS (GDT_ENTRY_KERNEL_DS * 8) | |
8296 | #define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS* 8 + 3) | |
8297 | #define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS* 8 + 3) | |
8298 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/spinlock.h linux-2.6.33.1/arch/x86/include/asm/spinlock.h | |
8299 | --- linux-2.6.33.1/arch/x86/include/asm/spinlock.h 2010-03-15 12:09:39.000000000 -0400 | |
8300 | +++ linux-2.6.33.1/arch/x86/include/asm/spinlock.h 2010-03-20 16:58:38.984539447 -0400 | |
8301 | @@ -249,18 +249,50 @@ static inline int arch_write_can_lock(ar | |
8302 | static inline void arch_read_lock(arch_rwlock_t *rw) | |
58c5fc13 MT |
8303 | { |
8304 | asm volatile(LOCK_PREFIX " subl $1,(%0)\n\t" | |
8305 | - "jns 1f\n" | |
8306 | - "call __read_lock_failed\n\t" | |
8307 | + | |
8308 | +#ifdef CONFIG_PAX_REFCOUNT | |
8309 | +#ifdef CONFIG_X86_32 | |
8310 | + "into\n0:\n" | |
8311 | +#else | |
8312 | + "jno 0f\n" | |
8313 | + "int $4\n0:\n" | |
8314 | +#endif | |
8315 | + ".pushsection .fixup,\"ax\"\n" | |
8316 | "1:\n" | |
8317 | + LOCK_PREFIX " addl $1,(%0)\n" | |
8318 | + "jmp 0b\n" | |
8319 | + ".popsection\n" | |
8320 | + _ASM_EXTABLE(0b, 1b) | |
8321 | +#endif | |
8322 | + | |
8323 | + "jns 2f\n" | |
8324 | + "call __read_lock_failed\n\t" | |
8325 | + "2:\n" | |
8326 | ::LOCK_PTR_REG (rw) : "memory"); | |
8327 | } | |
8328 | ||
ae4e228f | 8329 | static inline void arch_write_lock(arch_rwlock_t *rw) |
58c5fc13 MT |
8330 | { |
8331 | asm volatile(LOCK_PREFIX " subl %1,(%0)\n\t" | |
8332 | - "jz 1f\n" | |
8333 | - "call __write_lock_failed\n\t" | |
8334 | + | |
8335 | +#ifdef CONFIG_PAX_REFCOUNT | |
8336 | +#ifdef CONFIG_X86_32 | |
8337 | + "into\n0:\n" | |
8338 | +#else | |
8339 | + "jno 0f\n" | |
8340 | + "int $4\n0:\n" | |
8341 | +#endif | |
8342 | + ".pushsection .fixup,\"ax\"\n" | |
8343 | "1:\n" | |
8344 | + LOCK_PREFIX " addl %1,(%0)\n" | |
8345 | + "jmp 0b\n" | |
8346 | + ".popsection\n" | |
8347 | + _ASM_EXTABLE(0b, 1b) | |
8348 | +#endif | |
8349 | + | |
8350 | + "jz 2f\n" | |
8351 | + "call __write_lock_failed\n\t" | |
8352 | + "2:\n" | |
8353 | ::LOCK_PTR_REG (rw), "i" (RW_LOCK_BIAS) : "memory"); | |
8354 | } | |
8355 | ||
ae4e228f | 8356 | @@ -286,12 +318,45 @@ static inline int arch_write_trylock(arc |
58c5fc13 | 8357 | |
ae4e228f | 8358 | static inline void arch_read_unlock(arch_rwlock_t *rw) |
58c5fc13 MT |
8359 | { |
8360 | - asm volatile(LOCK_PREFIX "incl %0" :"+m" (rw->lock) : : "memory"); | |
8361 | + asm volatile(LOCK_PREFIX "incl %0\n" | |
8362 | + | |
8363 | +#ifdef CONFIG_PAX_REFCOUNT | |
8364 | +#ifdef CONFIG_X86_32 | |
8365 | + "into\n0:\n" | |
8366 | +#else | |
8367 | + "jno 0f\n" | |
8368 | + "int $4\n0:\n" | |
8369 | +#endif | |
8370 | + ".pushsection .fixup,\"ax\"\n" | |
8371 | + "1:\n" | |
8372 | + LOCK_PREFIX "decl %0\n" | |
8373 | + "jmp 0b\n" | |
8374 | + ".popsection\n" | |
8375 | + _ASM_EXTABLE(0b, 1b) | |
8376 | +#endif | |
8377 | + | |
8378 | + :"+m" (rw->lock) : : "memory"); | |
8379 | } | |
8380 | ||
ae4e228f | 8381 | static inline void arch_write_unlock(arch_rwlock_t *rw) |
58c5fc13 MT |
8382 | { |
8383 | - asm volatile(LOCK_PREFIX "addl %1, %0" | |
8384 | + asm volatile(LOCK_PREFIX "addl %1, %0\n" | |
8385 | + | |
8386 | +#ifdef CONFIG_PAX_REFCOUNT | |
8387 | +#ifdef CONFIG_X86_32 | |
8388 | + "into\n0:\n" | |
8389 | +#else | |
8390 | + "jno 0f\n" | |
8391 | + "int $4\n0:\n" | |
8392 | +#endif | |
8393 | + ".pushsection .fixup,\"ax\"\n" | |
8394 | + "1:\n" | |
8395 | + LOCK_PREFIX "subl %1,%0\n" | |
8396 | + "jmp 0b\n" | |
8397 | + ".popsection\n" | |
8398 | + _ASM_EXTABLE(0b, 1b) | |
8399 | +#endif | |
8400 | + | |
8401 | : "+m" (rw->lock) : "i" (RW_LOCK_BIAS) : "memory"); | |
8402 | } | |
8403 | ||
ae4e228f MT |
8404 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/system.h linux-2.6.33.1/arch/x86/include/asm/system.h |
8405 | --- linux-2.6.33.1/arch/x86/include/asm/system.h 2010-03-15 12:09:39.000000000 -0400 | |
8406 | +++ linux-2.6.33.1/arch/x86/include/asm/system.h 2010-03-20 16:58:38.984539447 -0400 | |
8407 | @@ -202,7 +202,7 @@ static inline unsigned long get_limit(un | |
58c5fc13 MT |
8408 | { |
8409 | unsigned long __limit; | |
8410 | asm("lsll %1,%0" : "=r" (__limit) : "r" (segment)); | |
8411 | - return __limit + 1; | |
8412 | + return __limit; | |
8413 | } | |
8414 | ||
8415 | static inline void native_clts(void) | |
ae4e228f | 8416 | @@ -342,7 +342,7 @@ void enable_hlt(void); |
58c5fc13 MT |
8417 | |
8418 | void cpu_idle_wait(void); | |
8419 | ||
8420 | -extern unsigned long arch_align_stack(unsigned long sp); | |
8421 | +#define arch_align_stack(x) ((x) & ~0xfUL) | |
8422 | extern void free_init_pages(char *what, unsigned long begin, unsigned long end); | |
8423 | ||
8424 | void default_idle(void); | |
ae4e228f MT |
8425 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/uaccess_32.h linux-2.6.33.1/arch/x86/include/asm/uaccess_32.h |
8426 | --- linux-2.6.33.1/arch/x86/include/asm/uaccess_32.h 2010-03-15 12:09:39.000000000 -0400 | |
8427 | +++ linux-2.6.33.1/arch/x86/include/asm/uaccess_32.h 2010-03-20 16:58:38.984539447 -0400 | |
58c5fc13 MT |
8428 | @@ -44,6 +44,9 @@ unsigned long __must_check __copy_from_u |
8429 | static __always_inline unsigned long __must_check | |
8430 | __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) | |
8431 | { | |
8432 | + if ((long)n < 0) | |
8433 | + return n; | |
8434 | + | |
8435 | if (__builtin_constant_p(n)) { | |
8436 | unsigned long ret; | |
8437 | ||
8438 | @@ -62,6 +65,8 @@ __copy_to_user_inatomic(void __user *to, | |
8439 | return ret; | |
8440 | } | |
8441 | } | |
8442 | + if (!__builtin_constant_p(n)) | |
8443 | + check_object_size(from, n, true); | |
8444 | return __copy_to_user_ll(to, from, n); | |
8445 | } | |
8446 | ||
8447 | @@ -89,6 +94,9 @@ __copy_to_user(void __user *to, const vo | |
8448 | static __always_inline unsigned long | |
8449 | __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) | |
8450 | { | |
8451 | + if ((long)n < 0) | |
8452 | + return n; | |
8453 | + | |
8454 | /* Avoid zeroing the tail if the copy fails.. | |
8455 | * If 'n' is constant and 1, 2, or 4, we do still zero on a failure, | |
8456 | * but as the zeroing behaviour is only significant when n is not | |
8457 | @@ -138,6 +146,10 @@ static __always_inline unsigned long | |
8458 | __copy_from_user(void *to, const void __user *from, unsigned long n) | |
8459 | { | |
8460 | might_fault(); | |
8461 | + | |
8462 | + if ((long)n < 0) | |
8463 | + return n; | |
8464 | + | |
8465 | if (__builtin_constant_p(n)) { | |
8466 | unsigned long ret; | |
8467 | ||
8468 | @@ -153,6 +165,8 @@ __copy_from_user(void *to, const void __ | |
8469 | return ret; | |
8470 | } | |
8471 | } | |
8472 | + if (!__builtin_constant_p(n)) | |
8473 | + check_object_size(to, n, false); | |
8474 | return __copy_from_user_ll(to, from, n); | |
8475 | } | |
8476 | ||
8477 | @@ -160,6 +174,10 @@ static __always_inline unsigned long __c | |
8478 | const void __user *from, unsigned long n) | |
8479 | { | |
8480 | might_fault(); | |
8481 | + | |
8482 | + if ((long)n < 0) | |
8483 | + return n; | |
8484 | + | |
8485 | if (__builtin_constant_p(n)) { | |
8486 | unsigned long ret; | |
8487 | ||
ae4e228f | 8488 | @@ -182,15 +200,19 @@ static __always_inline unsigned long |
58c5fc13 MT |
8489 | __copy_from_user_inatomic_nocache(void *to, const void __user *from, |
8490 | unsigned long n) | |
8491 | { | |
8492 | - return __copy_from_user_ll_nocache_nozero(to, from, n); | |
ae4e228f | 8493 | -} |
58c5fc13 MT |
8494 | + if ((long)n < 0) |
8495 | + return n; | |
ae4e228f MT |
8496 | |
8497 | -unsigned long __must_check copy_to_user(void __user *to, | |
8498 | - const void *from, unsigned long n); | |
8499 | -unsigned long __must_check _copy_from_user(void *to, | |
8500 | - const void __user *from, | |
8501 | - unsigned long n); | |
58c5fc13 MT |
8502 | + return __copy_from_user_ll_nocache_nozero(to, from, n); |
8503 | +} | |
ae4e228f MT |
8504 | |
8505 | +extern void copy_to_user_overflow(void) | |
8506 | +#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS | |
8507 | + __compiletime_error("copy_to_user() buffer size is not provably correct") | |
8508 | +#else | |
8509 | + __compiletime_warning("copy_to_user() buffer size is not provably correct") | |
8510 | +#endif | |
8511 | +; | |
8512 | ||
8513 | extern void copy_from_user_overflow(void) | |
8514 | #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS | |
8515 | @@ -200,17 +222,61 @@ extern void copy_from_user_overflow(void | |
8516 | #endif | |
8517 | ; | |
8518 | ||
8519 | -static inline unsigned long __must_check copy_from_user(void *to, | |
8520 | - const void __user *from, | |
8521 | - unsigned long n) | |
58c5fc13 MT |
8522 | +/** |
8523 | + * copy_to_user: - Copy a block of data into user space. | |
8524 | + * @to: Destination address, in user space. | |
8525 | + * @from: Source address, in kernel space. | |
8526 | + * @n: Number of bytes to copy. | |
8527 | + * | |
8528 | + * Context: User context only. This function may sleep. | |
8529 | + * | |
8530 | + * Copy data from kernel space to user space. | |
8531 | + * | |
8532 | + * Returns number of bytes that could not be copied. | |
8533 | + * On success, this will be zero. | |
8534 | + */ | |
ae4e228f | 8535 | +static inline unsigned long __must_check |
58c5fc13 MT |
8536 | +copy_to_user(void __user *to, const void *from, unsigned long n) |
8537 | +{ | |
ae4e228f MT |
8538 | + int sz = __compiletime_object_size(from); |
8539 | + | |
8540 | + if (unlikely(sz != -1 && sz < n)) | |
8541 | + copy_to_user_overflow(); | |
8542 | + else if (access_ok(VERIFY_WRITE, to, n)) | |
58c5fc13 MT |
8543 | + n = __copy_to_user(to, from, n); |
8544 | + return n; | |
8545 | +} | |
8546 | + | |
8547 | +/** | |
8548 | + * copy_from_user: - Copy a block of data from user space. | |
8549 | + * @to: Destination address, in kernel space. | |
8550 | + * @from: Source address, in user space. | |
8551 | + * @n: Number of bytes to copy. | |
8552 | + * | |
8553 | + * Context: User context only. This function may sleep. | |
8554 | + * | |
8555 | + * Copy data from user space to kernel space. | |
8556 | + * | |
8557 | + * Returns number of bytes that could not be copied. | |
8558 | + * On success, this will be zero. | |
8559 | + * | |
8560 | + * If some data could not be copied, this function will pad the copied | |
8561 | + * data to the requested size using zero bytes. | |
8562 | + */ | |
ae4e228f | 8563 | +static inline unsigned long __must_check |
58c5fc13 | 8564 | +copy_from_user(void *to, const void __user *from, unsigned long n) |
ae4e228f MT |
8565 | { |
8566 | int sz = __compiletime_object_size(to); | |
8567 | ||
8568 | - if (likely(sz == -1 || sz >= n)) | |
8569 | - n = _copy_from_user(to, from, n); | |
8570 | - else | |
8571 | + if (unlikely(sz != -1 && sz < n)) | |
8572 | copy_from_user_overflow(); | |
8573 | - | |
8574 | + else if (access_ok(VERIFY_READ, from, n)) | |
58c5fc13 MT |
8575 | + n = __copy_from_user(to, from, n); |
8576 | + else if ((long)n > 0) { | |
8577 | + if (!__builtin_constant_p(n)) | |
8578 | + check_object_size(to, n, false); | |
8579 | + memset(to, 0, n); | |
8580 | + } | |
ae4e228f | 8581 | return n; |
58c5fc13 MT |
8582 | } |
8583 | ||
ae4e228f MT |
8584 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/uaccess_64.h linux-2.6.33.1/arch/x86/include/asm/uaccess_64.h |
8585 | --- linux-2.6.33.1/arch/x86/include/asm/uaccess_64.h 2010-03-15 12:09:39.000000000 -0400 | |
8586 | +++ linux-2.6.33.1/arch/x86/include/asm/uaccess_64.h 2010-03-20 16:58:38.984539447 -0400 | |
58c5fc13 MT |
8587 | @@ -10,6 +10,8 @@ |
8588 | #include <linux/lockdep.h> | |
8589 | #include <asm/page.h> | |
8590 | ||
8591 | +#define set_fs(x) (current_thread_info()->addr_limit = (x)) | |
8592 | + | |
8593 | /* | |
8594 | * Copy To/From Userspace | |
8595 | */ | |
ae4e228f MT |
8596 | @@ -17,27 +19,26 @@ |
8597 | /* Handles exceptions in both to and from, but doesn't do access_ok */ | |
58c5fc13 | 8598 | __must_check unsigned long |
ae4e228f MT |
8599 | copy_user_generic(void *to, const void *from, unsigned len); |
8600 | - | |
58c5fc13 | 8601 | -__must_check unsigned long |
ae4e228f | 8602 | -_copy_to_user(void __user *to, const void *from, unsigned len); |
58c5fc13 | 8603 | -__must_check unsigned long |
ae4e228f MT |
8604 | -_copy_from_user(void *to, const void __user *from, unsigned len); |
8605 | +static __always_inline __must_check unsigned long | |
8606 | +__copy_to_user(void __user *to, const void *from, unsigned len); | |
8607 | +static __always_inline __must_check unsigned long | |
8608 | +__copy_from_user(void *to, const void __user *from, unsigned len); | |
8609 | __must_check unsigned long | |
58c5fc13 MT |
8610 | copy_in_user(void __user *to, const void __user *from, unsigned len); |
8611 | ||
ae4e228f MT |
8612 | static inline unsigned long __must_check copy_from_user(void *to, |
8613 | const void __user *from, | |
8614 | - unsigned long n) | |
8615 | + unsigned n) | |
8616 | { | |
8617 | - int sz = __compiletime_object_size(to); | |
8618 | - | |
8619 | might_fault(); | |
8620 | - if (likely(sz == -1 || sz >= n)) | |
8621 | - n = _copy_from_user(to, from, n); | |
8622 | -#ifdef CONFIG_DEBUG_VM | |
8623 | - else | |
8624 | - WARN(1, "Buffer overflow detected!\n"); | |
8625 | -#endif | |
8626 | + | |
8627 | + if (access_ok(VERIFY_READ, from, n)) | |
8628 | + n = __copy_from_user(to, from, n); | |
8629 | + else if ((int)n > 0) { | |
8630 | + if (!__builtin_constant_p(n)) | |
8631 | + check_object_size(to, n, false); | |
8632 | + memset(to, 0, n); | |
8633 | + } | |
8634 | return n; | |
8635 | } | |
8636 | ||
8637 | @@ -46,17 +47,33 @@ int copy_to_user(void __user *dst, const | |
8638 | { | |
8639 | might_fault(); | |
8640 | ||
8641 | - return _copy_to_user(dst, src, size); | |
8642 | + if (access_ok(VERIFY_WRITE, dst, size)) | |
8643 | + size = __copy_to_user(dst, src, size); | |
8644 | + return size; | |
8645 | } | |
8646 | ||
58c5fc13 MT |
8647 | static __always_inline __must_check |
8648 | -int __copy_from_user(void *dst, const void __user *src, unsigned size) | |
8649 | +unsigned long __copy_from_user(void *dst, const void __user *src, unsigned size) | |
8650 | { | |
8651 | - int ret = 0; | |
ae4e228f | 8652 | + int sz = __compiletime_object_size(dst); |
58c5fc13 MT |
8653 | + unsigned ret = 0; |
8654 | ||
8655 | might_fault(); | |
8656 | - if (!__builtin_constant_p(size)) | |
8657 | + | |
8658 | + if ((int)size < 0) | |
8659 | + return size; | |
8660 | + | |
ae4e228f MT |
8661 | + if (unlikely(sz != -1 && sz < size)) { |
8662 | +#ifdef CONFIG_DEBUG_VM | |
8663 | + WARN(1, "Buffer overflow detected!\n"); | |
8664 | +#endif | |
8665 | + return size; | |
8666 | + } | |
8667 | + | |
58c5fc13 MT |
8668 | + if (!__builtin_constant_p(size)) { |
8669 | + check_object_size(dst, size, false); | |
8670 | return copy_user_generic(dst, (__force void *)src, size); | |
8671 | + } | |
8672 | switch (size) { | |
8673 | case 1:__get_user_asm(*(u8 *)dst, (u8 __user *)src, | |
8674 | ret, "b", "b", "=q", 1); | |
ae4e228f | 8675 | @@ -94,13 +111,27 @@ int __copy_from_user(void *dst, const vo |
58c5fc13 MT |
8676 | } |
8677 | ||
8678 | static __always_inline __must_check | |
8679 | -int __copy_to_user(void __user *dst, const void *src, unsigned size) | |
8680 | +unsigned long __copy_to_user(void __user *dst, const void *src, unsigned size) | |
8681 | { | |
8682 | - int ret = 0; | |
ae4e228f | 8683 | + int sz = __compiletime_object_size(src); |
58c5fc13 MT |
8684 | + unsigned ret = 0; |
8685 | ||
8686 | might_fault(); | |
8687 | - if (!__builtin_constant_p(size)) | |
8688 | + | |
8689 | + if ((int)size < 0) | |
8690 | + return size; | |
8691 | + | |
ae4e228f MT |
8692 | + if (unlikely(sz != -1 && sz < size)) { |
8693 | +#ifdef CONFIG_DEBUG_VM | |
8694 | + WARN(1, "Buffer overflow detected!\n"); | |
8695 | +#endif | |
8696 | + return size; | |
8697 | + } | |
8698 | + | |
58c5fc13 MT |
8699 | + if (!__builtin_constant_p(size)) { |
8700 | + check_object_size(src, size, true); | |
8701 | return copy_user_generic((__force void *)dst, src, size); | |
8702 | + } | |
8703 | switch (size) { | |
8704 | case 1:__put_user_asm(*(u8 *)src, (u8 __user *)dst, | |
8705 | ret, "b", "b", "iq", 1); | |
ae4e228f | 8706 | @@ -138,11 +169,15 @@ int __copy_to_user(void __user *dst, con |
58c5fc13 MT |
8707 | } |
8708 | ||
8709 | static __always_inline __must_check | |
8710 | -int __copy_in_user(void __user *dst, const void __user *src, unsigned size) | |
ae4e228f | 8711 | +unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned size) |
58c5fc13 MT |
8712 | { |
8713 | - int ret = 0; | |
58c5fc13 MT |
8714 | + unsigned ret = 0; |
8715 | ||
8716 | might_fault(); | |
8717 | + | |
8718 | + if ((int)size < 0) | |
8719 | + return size; | |
8720 | + | |
8721 | if (!__builtin_constant_p(size)) | |
8722 | return copy_user_generic((__force void *)dst, | |
8723 | (__force void *)src, size); | |
ae4e228f MT |
8724 | @@ -206,30 +241,38 @@ __copy_from_user_inatomic(void *dst, con |
8725 | return copy_user_generic(dst, (__force const void *)src, size); | |
8726 | } | |
58c5fc13 MT |
8727 | |
8728 | -static __must_check __always_inline int | |
8729 | +static __must_check __always_inline unsigned long | |
8730 | __copy_to_user_inatomic(void __user *dst, const void *src, unsigned size) | |
8731 | { | |
8732 | + if ((int)size < 0) | |
8733 | + return size; | |
8734 | + | |
8735 | return copy_user_generic((__force void *)dst, src, size); | |
8736 | } | |
8737 | ||
8738 | -extern long __copy_user_nocache(void *dst, const void __user *src, | |
8739 | +extern unsigned long __copy_user_nocache(void *dst, const void __user *src, | |
8740 | unsigned size, int zerorest); | |
8741 | ||
8742 | -static inline int | |
8743 | -__copy_from_user_nocache(void *dst, const void __user *src, unsigned size) | |
8744 | +static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned size) | |
8745 | { | |
8746 | might_sleep(); | |
8747 | + | |
8748 | + if ((int)size < 0) | |
8749 | + return size; | |
8750 | + | |
8751 | return __copy_user_nocache(dst, src, size, 1); | |
8752 | } | |
8753 | ||
8754 | -static inline int | |
8755 | -__copy_from_user_inatomic_nocache(void *dst, const void __user *src, | |
8756 | +static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src, | |
8757 | unsigned size) | |
8758 | { | |
8759 | + if ((int)size < 0) | |
8760 | + return size; | |
8761 | + | |
8762 | return __copy_user_nocache(dst, src, size, 0); | |
8763 | } | |
8764 | ||
8765 | -unsigned long | |
8766 | +extern unsigned long | |
8767 | copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest); | |
8768 | ||
8769 | #endif /* _ASM_X86_UACCESS_64_H */ | |
ae4e228f MT |
8770 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/uaccess.h linux-2.6.33.1/arch/x86/include/asm/uaccess.h |
8771 | --- linux-2.6.33.1/arch/x86/include/asm/uaccess.h 2010-03-15 12:09:39.000000000 -0400 | |
8772 | +++ linux-2.6.33.1/arch/x86/include/asm/uaccess.h 2010-03-20 16:58:38.984539447 -0400 | |
58c5fc13 MT |
8773 | @@ -8,8 +8,11 @@ |
8774 | #include <linux/thread_info.h> | |
8775 | #include <linux/prefetch.h> | |
8776 | #include <linux/string.h> | |
8777 | +#include <linux/sched.h> | |
8778 | +#include <linux/slab.h> | |
8779 | #include <asm/asm.h> | |
8780 | #include <asm/page.h> | |
8781 | +#include <asm/segment.h> | |
8782 | ||
8783 | #define VERIFY_READ 0 | |
8784 | #define VERIFY_WRITE 1 | |
8785 | @@ -29,7 +32,12 @@ | |
8786 | ||
8787 | #define get_ds() (KERNEL_DS) | |
8788 | #define get_fs() (current_thread_info()->addr_limit) | |
8789 | +#ifdef CONFIG_X86_32 | |
8790 | +void __set_fs(mm_segment_t x, int cpu); | |
8791 | +void set_fs(mm_segment_t x); | |
8792 | +#else | |
8793 | #define set_fs(x) (current_thread_info()->addr_limit = (x)) | |
8794 | +#endif | |
8795 | ||
8796 | #define segment_eq(a, b) ((a).seg == (b).seg) | |
8797 | ||
ae4e228f | 8798 | @@ -77,7 +85,33 @@ |
58c5fc13 MT |
8799 | * checks that the pointer is in the user space range - after calling |
8800 | * this function, memory access functions may still return -EFAULT. | |
8801 | */ | |
8802 | -#define access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0)) | |
ae4e228f | 8803 | +#define __access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0)) |
58c5fc13 MT |
8804 | +#define access_ok(type, addr, size) \ |
8805 | +({ \ | |
ae4e228f MT |
8806 | + long __size = size; \ |
8807 | + unsigned long __addr = (unsigned long)addr; \ | |
8808 | + unsigned long __addr_ao = __addr & PAGE_MASK; \ | |
8809 | + unsigned long __end_ao = __addr + __size - 1; \ | |
8810 | + bool __ret_ao = __range_not_ok(__addr, __size) == 0; \ | |
58c5fc13 | 8811 | + if (__ret_ao && unlikely((__end_ao ^ __addr_ao) & PAGE_MASK)) { \ |
ae4e228f | 8812 | + while(__addr_ao <= __end_ao) { \ |
58c5fc13 | 8813 | + char __c_ao; \ |
ae4e228f MT |
8814 | + __addr_ao += PAGE_SIZE; \ |
8815 | + if (__size > PAGE_SIZE) \ | |
58c5fc13 | 8816 | + cond_resched(); \ |
ae4e228f | 8817 | + if (__get_user(__c_ao, (char __user *)__addr)) \ |
58c5fc13 | 8818 | + break; \ |
ae4e228f MT |
8819 | + if (type != VERIFY_WRITE) { \ |
8820 | + __addr = __addr_ao; \ | |
58c5fc13 | 8821 | + continue; \ |
ae4e228f MT |
8822 | + } \ |
8823 | + if (__put_user(__c_ao, (char __user *)__addr)) \ | |
58c5fc13 | 8824 | + break; \ |
ae4e228f | 8825 | + __addr = __addr_ao; \ |
58c5fc13 MT |
8826 | + } \ |
8827 | + } \ | |
8828 | + __ret_ao; \ | |
8829 | +}) | |
8830 | ||
8831 | /* | |
8832 | * The exception table consists of pairs of addresses: the first is the | |
ae4e228f | 8833 | @@ -183,13 +217,21 @@ extern int __get_user_bad(void); |
58c5fc13 MT |
8834 | asm volatile("call __put_user_" #size : "=a" (__ret_pu) \ |
8835 | : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") | |
8836 | ||
8837 | - | |
8838 | +#ifdef CONFIG_X86_32 | |
8839 | +#define _ASM_LOAD_USER_DS(ds) "movw %w" #ds ",%%ds\n" | |
8840 | +#define _ASM_LOAD_KERNEL_DS "pushl %%ss; popl %%ds\n" | |
8841 | +#else | |
8842 | +#define _ASM_LOAD_USER_DS(ds) | |
8843 | +#define _ASM_LOAD_KERNEL_DS | |
8844 | +#endif | |
8845 | ||
8846 | #ifdef CONFIG_X86_32 | |
8847 | #define __put_user_asm_u64(x, addr, err, errret) \ | |
8848 | - asm volatile("1: movl %%eax,0(%2)\n" \ | |
8849 | - "2: movl %%edx,4(%2)\n" \ | |
8850 | + asm volatile(_ASM_LOAD_USER_DS(5) \ | |
8851 | + "1: movl %%eax,%%ds:0(%2)\n" \ | |
8852 | + "2: movl %%edx,%%ds:4(%2)\n" \ | |
8853 | "3:\n" \ | |
8854 | + _ASM_LOAD_KERNEL_DS \ | |
8855 | ".section .fixup,\"ax\"\n" \ | |
8856 | "4: movl %3,%0\n" \ | |
8857 | " jmp 3b\n" \ | |
ae4e228f | 8858 | @@ -197,15 +239,18 @@ extern int __get_user_bad(void); |
58c5fc13 MT |
8859 | _ASM_EXTABLE(1b, 4b) \ |
8860 | _ASM_EXTABLE(2b, 4b) \ | |
8861 | : "=r" (err) \ | |
8862 | - : "A" (x), "r" (addr), "i" (errret), "0" (err)) | |
8863 | + : "A" (x), "r" (addr), "i" (errret), "0" (err), \ | |
8864 | + "r"(__USER_DS)) | |
8865 | ||
8866 | #define __put_user_asm_ex_u64(x, addr) \ | |
8867 | - asm volatile("1: movl %%eax,0(%1)\n" \ | |
8868 | - "2: movl %%edx,4(%1)\n" \ | |
8869 | + asm volatile(_ASM_LOAD_USER_DS(2) \ | |
8870 | + "1: movl %%eax,%%ds:0(%1)\n" \ | |
8871 | + "2: movl %%edx,%%ds:4(%1)\n" \ | |
8872 | "3:\n" \ | |
8873 | + _ASM_LOAD_KERNEL_DS \ | |
8874 | _ASM_EXTABLE(1b, 2b - 1b) \ | |
8875 | _ASM_EXTABLE(2b, 3b - 2b) \ | |
8876 | - : : "A" (x), "r" (addr)) | |
8877 | + : : "A" (x), "r" (addr), "r"(__USER_DS)) | |
8878 | ||
8879 | #define __put_user_x8(x, ptr, __ret_pu) \ | |
8880 | asm volatile("call __put_user_8" : "=a" (__ret_pu) \ | |
ae4e228f | 8881 | @@ -374,16 +419,18 @@ do { \ |
58c5fc13 MT |
8882 | } while (0) |
8883 | ||
8884 | #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ | |
8885 | - asm volatile("1: mov"itype" %2,%"rtype"1\n" \ | |
8886 | + asm volatile(_ASM_LOAD_USER_DS(5) \ | |
8887 | + "1: mov"itype" %%ds:%2,%"rtype"1\n" \ | |
8888 | "2:\n" \ | |
8889 | + _ASM_LOAD_KERNEL_DS \ | |
8890 | ".section .fixup,\"ax\"\n" \ | |
8891 | "3: mov %3,%0\n" \ | |
8892 | " xor"itype" %"rtype"1,%"rtype"1\n" \ | |
8893 | " jmp 2b\n" \ | |
8894 | ".previous\n" \ | |
8895 | _ASM_EXTABLE(1b, 3b) \ | |
8896 | - : "=r" (err), ltype(x) \ | |
8897 | - : "m" (__m(addr)), "i" (errret), "0" (err)) | |
8898 | + : "=r" (err), ltype (x) \ | |
8899 | + : "m" (__m(addr)), "i" (errret), "0" (err), "r"(__USER_DS)) | |
8900 | ||
8901 | #define __get_user_size_ex(x, ptr, size) \ | |
8902 | do { \ | |
ae4e228f | 8903 | @@ -407,10 +454,12 @@ do { \ |
58c5fc13 MT |
8904 | } while (0) |
8905 | ||
8906 | #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \ | |
8907 | - asm volatile("1: mov"itype" %1,%"rtype"0\n" \ | |
8908 | + asm volatile(_ASM_LOAD_USER_DS(2) \ | |
8909 | + "1: mov"itype" %%ds:%1,%"rtype"0\n" \ | |
8910 | "2:\n" \ | |
8911 | + _ASM_LOAD_KERNEL_DS \ | |
8912 | _ASM_EXTABLE(1b, 2b - 1b) \ | |
8913 | - : ltype(x) : "m" (__m(addr))) | |
8914 | + : ltype(x) : "m" (__m(addr)), "r"(__USER_DS)) | |
8915 | ||
8916 | #define __put_user_nocheck(x, ptr, size) \ | |
8917 | ({ \ | |
ae4e228f MT |
8918 | @@ -424,7 +473,7 @@ do { \ |
8919 | int __gu_err; \ | |
8920 | unsigned long __gu_val; \ | |
8921 | __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ | |
8922 | - (x) = (__force __typeof__(*(ptr)))__gu_val; \ | |
8923 | + (x) = (__typeof__(*(ptr)))__gu_val; \ | |
8924 | __gu_err; \ | |
8925 | }) | |
8926 | ||
8927 | @@ -438,21 +487,26 @@ struct __large_struct { unsigned long bu | |
58c5fc13 MT |
8928 | * aliasing issues. |
8929 | */ | |
8930 | #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ | |
8931 | - asm volatile("1: mov"itype" %"rtype"1,%2\n" \ | |
8932 | + asm volatile(_ASM_LOAD_USER_DS(5) \ | |
8933 | + "1: mov"itype" %"rtype"1,%%ds:%2\n" \ | |
8934 | "2:\n" \ | |
8935 | + _ASM_LOAD_KERNEL_DS \ | |
8936 | ".section .fixup,\"ax\"\n" \ | |
8937 | "3: mov %3,%0\n" \ | |
8938 | " jmp 2b\n" \ | |
8939 | ".previous\n" \ | |
8940 | _ASM_EXTABLE(1b, 3b) \ | |
8941 | : "=r"(err) \ | |
8942 | - : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err)) | |
8943 | + : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err),\ | |
8944 | + "r"(__USER_DS)) | |
8945 | ||
8946 | #define __put_user_asm_ex(x, addr, itype, rtype, ltype) \ | |
8947 | - asm volatile("1: mov"itype" %"rtype"0,%1\n" \ | |
8948 | + asm volatile(_ASM_LOAD_USER_DS(2) \ | |
8949 | + "1: mov"itype" %"rtype"0,%%ds:%1\n" \ | |
8950 | "2:\n" \ | |
8951 | + _ASM_LOAD_KERNEL_DS \ | |
8952 | _ASM_EXTABLE(1b, 2b - 1b) \ | |
8953 | - : : ltype(x), "m" (__m(addr))) | |
8954 | + : : ltype(x), "m" (__m(addr)), "r"(__USER_DS)) | |
8955 | ||
8956 | /* | |
8957 | * uaccess_try and catch | |
ae4e228f MT |
8958 | @@ -530,7 +584,7 @@ struct __large_struct { unsigned long bu |
8959 | #define get_user_ex(x, ptr) do { \ | |
8960 | unsigned long __gue_val; \ | |
8961 | __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \ | |
8962 | - (x) = (__force __typeof__(*(ptr)))__gue_val; \ | |
8963 | + (x) = (__typeof__(*(ptr)))__gue_val; \ | |
8964 | } while (0) | |
8965 | ||
8966 | #ifdef CONFIG_X86_WP_WORKS_OK | |
8967 | @@ -567,6 +621,7 @@ extern struct movsl_mask { | |
58c5fc13 MT |
8968 | |
8969 | #define ARCH_HAS_NOCACHE_UACCESS 1 | |
8970 | ||
8971 | +#define ARCH_HAS_SORT_EXTABLE | |
8972 | #ifdef CONFIG_X86_32 | |
8973 | # include "uaccess_32.h" | |
8974 | #else | |
ae4e228f MT |
8975 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/vgtod.h linux-2.6.33.1/arch/x86/include/asm/vgtod.h |
8976 | --- linux-2.6.33.1/arch/x86/include/asm/vgtod.h 2010-03-15 12:09:39.000000000 -0400 | |
8977 | +++ linux-2.6.33.1/arch/x86/include/asm/vgtod.h 2010-03-20 16:58:38.984539447 -0400 | |
58c5fc13 MT |
8978 | @@ -14,6 +14,7 @@ struct vsyscall_gtod_data { |
8979 | int sysctl_enabled; | |
8980 | struct timezone sys_tz; | |
8981 | struct { /* extract of a clocksource struct */ | |
8982 | + char name[8]; | |
8983 | cycle_t (*vread)(void); | |
8984 | cycle_t cycle_last; | |
8985 | cycle_t mask; | |
ae4e228f MT |
8986 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/vmi.h linux-2.6.33.1/arch/x86/include/asm/vmi.h |
8987 | --- linux-2.6.33.1/arch/x86/include/asm/vmi.h 2010-03-15 12:09:39.000000000 -0400 | |
8988 | +++ linux-2.6.33.1/arch/x86/include/asm/vmi.h 2010-03-20 16:58:38.984539447 -0400 | |
8989 | @@ -191,6 +191,7 @@ struct vrom_header { | |
8990 | u8 reserved[96]; /* Reserved for headers */ | |
8991 | char vmi_init[8]; /* VMI_Init jump point */ | |
8992 | char get_reloc[8]; /* VMI_GetRelocationInfo jump point */ | |
8993 | + char rom_data[8048]; /* rest of the option ROM */ | |
8994 | } __attribute__((packed)); | |
8995 | ||
8996 | struct pnp_header { | |
8997 | diff -urNp linux-2.6.33.1/arch/x86/include/asm/vsyscall.h linux-2.6.33.1/arch/x86/include/asm/vsyscall.h | |
8998 | --- linux-2.6.33.1/arch/x86/include/asm/vsyscall.h 2010-03-15 12:09:39.000000000 -0400 | |
8999 | +++ linux-2.6.33.1/arch/x86/include/asm/vsyscall.h 2010-03-20 16:58:38.984539447 -0400 | |
58c5fc13 MT |
9000 | @@ -15,9 +15,10 @@ enum vsyscall_num { |
9001 | ||
9002 | #ifdef __KERNEL__ | |
9003 | #include <linux/seqlock.h> | |
9004 | +#include <linux/getcpu.h> | |
9005 | +#include <linux/time.h> | |
9006 | ||
9007 | #define __section_vgetcpu_mode __attribute__ ((unused, __section__ (".vgetcpu_mode"), aligned(16))) | |
9008 | -#define __section_jiffies __attribute__ ((unused, __section__ (".jiffies"), aligned(16))) | |
9009 | ||
9010 | /* Definitions for CONFIG_GENERIC_TIME definitions */ | |
9011 | #define __section_vsyscall_gtod_data __attribute__ \ | |
9012 | @@ -31,7 +32,6 @@ enum vsyscall_num { | |
9013 | #define VGETCPU_LSL 2 | |
9014 | ||
9015 | extern int __vgetcpu_mode; | |
9016 | -extern volatile unsigned long __jiffies; | |
9017 | ||
9018 | /* kernel space (writeable) */ | |
9019 | extern int vgetcpu_mode; | |
9020 | @@ -39,6 +39,9 @@ extern struct timezone sys_tz; | |
9021 | ||
9022 | extern void map_vsyscall(void); | |
9023 | ||
9024 | +extern int vgettimeofday(struct timeval * tv, struct timezone * tz); | |
9025 | +extern time_t vtime(time_t *t); | |
9026 | +extern long vgetcpu(unsigned *cpu, unsigned *node, struct getcpu_cache *tcache); | |
9027 | #endif /* __KERNEL__ */ | |
9028 | ||
9029 | #endif /* _ASM_X86_VSYSCALL_H */ | |
ae4e228f MT |
9030 | diff -urNp linux-2.6.33.1/arch/x86/Kconfig linux-2.6.33.1/arch/x86/Kconfig |
9031 | --- linux-2.6.33.1/arch/x86/Kconfig 2010-03-15 12:09:39.000000000 -0400 | |
9032 | +++ linux-2.6.33.1/arch/x86/Kconfig 2010-03-20 16:58:38.984539447 -0400 | |
9033 | @@ -1088,7 +1088,7 @@ config PAGE_OFFSET | |
58c5fc13 MT |
9034 | hex |
9035 | default 0xB0000000 if VMSPLIT_3G_OPT | |
9036 | default 0x80000000 if VMSPLIT_2G | |
9037 | - default 0x78000000 if VMSPLIT_2G_OPT | |
9038 | + default 0x70000000 if VMSPLIT_2G_OPT | |
9039 | default 0x40000000 if VMSPLIT_1G | |
9040 | default 0xC0000000 | |
9041 | depends on X86_32 | |
ae4e228f | 9042 | @@ -1422,7 +1422,7 @@ config ARCH_USES_PG_UNCACHED |
58c5fc13 MT |
9043 | |
9044 | config EFI | |
9045 | bool "EFI runtime service support" | |
9046 | - depends on ACPI | |
9047 | + depends on ACPI && !PAX_KERNEXEC | |
9048 | ---help--- | |
9049 | This enables the kernel to use EFI runtime services that are | |
9050 | available (such as the EFI variable services). | |
ae4e228f MT |
9051 | @@ -1509,6 +1509,7 @@ config KEXEC_JUMP |
9052 | config PHYSICAL_START | |
9053 | hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP) | |
9054 | default "0x1000000" | |
9055 | + range 0x400000 0x40000000 | |
9056 | ---help--- | |
9057 | This gives the physical address where the kernel is loaded. | |
9058 | ||
9059 | @@ -1573,6 +1574,7 @@ config PHYSICAL_ALIGN | |
9060 | hex | |
9061 | prompt "Alignment value to which kernel should be aligned" if X86_32 | |
9062 | default "0x1000000" | |
9063 | + range 0x400000 0x1000000 if PAX_KERNEXEC | |
9064 | range 0x2000 0x1000000 | |
9065 | ---help--- | |
9066 | This value puts the alignment restrictions on physical address | |
9067 | @@ -1604,9 +1606,10 @@ config HOTPLUG_CPU | |
58c5fc13 MT |
9068 | Say N if you want to disable CPU hotplug. |
9069 | ||
9070 | config COMPAT_VDSO | |
9071 | - def_bool y | |
9072 | + def_bool n | |
9073 | prompt "Compat VDSO support" | |
9074 | depends on X86_32 || IA32_EMULATION | |
9075 | + depends on !PAX_NOEXEC && !PAX_MEMORY_UDEREF | |
9076 | ---help--- | |
9077 | Map the 32-bit VDSO to the predictable old-style address too. | |
ae4e228f MT |
9078 | |
9079 | diff -urNp linux-2.6.33.1/arch/x86/Kconfig.cpu linux-2.6.33.1/arch/x86/Kconfig.cpu | |
9080 | --- linux-2.6.33.1/arch/x86/Kconfig.cpu 2010-03-15 12:09:39.000000000 -0400 | |
9081 | +++ linux-2.6.33.1/arch/x86/Kconfig.cpu 2010-03-20 16:58:38.984539447 -0400 | |
9082 | @@ -336,7 +336,7 @@ config X86_PPRO_FENCE | |
58c5fc13 MT |
9083 | |
9084 | config X86_F00F_BUG | |
9085 | def_bool y | |
9086 | - depends on M586MMX || M586TSC || M586 || M486 || M386 | |
9087 | + depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC | |
9088 | ||
9089 | config X86_WP_WORKS_OK | |
9090 | def_bool y | |
ae4e228f | 9091 | @@ -356,7 +356,7 @@ config X86_POPAD_OK |
58c5fc13 MT |
9092 | |
9093 | config X86_ALIGNMENT_16 | |
9094 | def_bool y | |
9095 | - depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1 | |
9096 | + depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK8 || MK7 || MK6 || MCORE2 || MPENTIUM4 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1 | |
9097 | ||
9098 | config X86_INTEL_USERCOPY | |
9099 | def_bool y | |
ae4e228f | 9100 | @@ -402,7 +402,7 @@ config X86_CMPXCHG64 |
58c5fc13 MT |
9101 | # generates cmov. |
9102 | config X86_CMOV | |
9103 | def_bool y | |
ae4e228f MT |
9104 | - depends on (MK8 || MK7 || MCORE2 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX) |
9105 | + depends on (MK8 || MK7 || MCORE2 || MPSC || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX) | |
58c5fc13 MT |
9106 | |
9107 | config X86_MINIMUM_CPU_FAMILY | |
9108 | int | |
ae4e228f MT |
9109 | diff -urNp linux-2.6.33.1/arch/x86/Kconfig.debug linux-2.6.33.1/arch/x86/Kconfig.debug |
9110 | --- linux-2.6.33.1/arch/x86/Kconfig.debug 2010-03-15 12:09:39.000000000 -0400 | |
9111 | +++ linux-2.6.33.1/arch/x86/Kconfig.debug 2010-03-20 16:58:38.984539447 -0400 | |
58c5fc13 MT |
9112 | @@ -99,7 +99,7 @@ config X86_PTDUMP |
9113 | config DEBUG_RODATA | |
9114 | bool "Write protect kernel read-only data structures" | |
9115 | default y | |
9116 | - depends on DEBUG_KERNEL | |
9117 | + depends on DEBUG_KERNEL && BROKEN | |
9118 | ---help--- | |
9119 | Mark the kernel read-only data as write-protected in the pagetables, | |
9120 | in order to catch accidental (and incorrect) writes to such const | |
ae4e228f MT |
9121 | diff -urNp linux-2.6.33.1/arch/x86/kernel/acpi/boot.c linux-2.6.33.1/arch/x86/kernel/acpi/boot.c |
9122 | --- linux-2.6.33.1/arch/x86/kernel/acpi/boot.c 2010-03-15 12:09:39.000000000 -0400 | |
9123 | +++ linux-2.6.33.1/arch/x86/kernel/acpi/boot.c 2010-03-20 16:58:38.988525305 -0400 | |
9124 | @@ -1503,7 +1503,7 @@ static struct dmi_system_id __initdata a | |
58c5fc13 MT |
9125 | DMI_MATCH(DMI_PRODUCT_NAME, "HP Compaq 6715b"), |
9126 | }, | |
9127 | }, | |
9128 | - {} | |
9129 | + { NULL, NULL, {{0, {0}}}, NULL} | |
9130 | }; | |
9131 | ||
9132 | /* | |
ae4e228f MT |
9133 | diff -urNp linux-2.6.33.1/arch/x86/kernel/acpi/realmode/wakeup.S linux-2.6.33.1/arch/x86/kernel/acpi/realmode/wakeup.S |
9134 | --- linux-2.6.33.1/arch/x86/kernel/acpi/realmode/wakeup.S 2010-03-15 12:09:39.000000000 -0400 | |
9135 | +++ linux-2.6.33.1/arch/x86/kernel/acpi/realmode/wakeup.S 2010-03-20 16:58:38.988525305 -0400 | |
58c5fc13 MT |
9136 | @@ -104,7 +104,7 @@ _start: |
9137 | movl %eax, %ecx | |
9138 | orl %edx, %ecx | |
9139 | jz 1f | |
9140 | - movl $0xc0000080, %ecx | |
9141 | + mov $MSR_EFER, %ecx | |
9142 | wrmsr | |
9143 | 1: | |
9144 | ||
ae4e228f MT |
9145 | diff -urNp linux-2.6.33.1/arch/x86/kernel/acpi/sleep.c linux-2.6.33.1/arch/x86/kernel/acpi/sleep.c |
9146 | --- linux-2.6.33.1/arch/x86/kernel/acpi/sleep.c 2010-03-15 12:09:39.000000000 -0400 | |
9147 | +++ linux-2.6.33.1/arch/x86/kernel/acpi/sleep.c 2010-03-20 16:58:38.988525305 -0400 | |
58c5fc13 MT |
9148 | @@ -11,11 +11,12 @@ |
9149 | #include <linux/cpumask.h> | |
9150 | #include <asm/segment.h> | |
9151 | #include <asm/desc.h> | |
9152 | +#include <asm/e820.h> | |
9153 | ||
9154 | #include "realmode/wakeup.h" | |
9155 | #include "sleep.h" | |
9156 | ||
9157 | -unsigned long acpi_wakeup_address; | |
9158 | +unsigned long acpi_wakeup_address = 0x2000; | |
9159 | unsigned long acpi_realmode_flags; | |
9160 | ||
9161 | /* address in low memory of the wakeup routine. */ | |
ae4e228f | 9162 | @@ -96,8 +97,12 @@ int acpi_save_state_mem(void) |
58c5fc13 MT |
9163 | header->trampoline_segment = setup_trampoline() >> 4; |
9164 | #ifdef CONFIG_SMP | |
9165 | stack_start.sp = temp_stack + sizeof(temp_stack); | |
9166 | + | |
ae4e228f | 9167 | + pax_open_kernel(); |
58c5fc13 MT |
9168 | early_gdt_descr.address = |
9169 | (unsigned long)get_cpu_gdt_table(smp_processor_id()); | |
ae4e228f | 9170 | + pax_close_kernel(); |
58c5fc13 MT |
9171 | + |
9172 | initial_gs = per_cpu_offset(smp_processor_id()); | |
9173 | #endif | |
9174 | initial_code = (unsigned long)wakeup_long64; | |
ae4e228f MT |
9175 | diff -urNp linux-2.6.33.1/arch/x86/kernel/acpi/wakeup_32.S linux-2.6.33.1/arch/x86/kernel/acpi/wakeup_32.S |
9176 | --- linux-2.6.33.1/arch/x86/kernel/acpi/wakeup_32.S 2010-03-15 12:09:39.000000000 -0400 | |
9177 | +++ linux-2.6.33.1/arch/x86/kernel/acpi/wakeup_32.S 2010-03-20 16:58:38.988525305 -0400 | |
58c5fc13 MT |
9178 | @@ -30,13 +30,11 @@ wakeup_pmode_return: |
9179 | # and restore the stack ... but you need gdt for this to work | |
9180 | movl saved_context_esp, %esp | |
9181 | ||
9182 | - movl %cs:saved_magic, %eax | |
9183 | - cmpl $0x12345678, %eax | |
9184 | + cmpl $0x12345678, saved_magic | |
9185 | jne bogus_magic | |
9186 | ||
9187 | # jump to place where we left off | |
9188 | - movl saved_eip, %eax | |
9189 | - jmp *%eax | |
9190 | + jmp *(saved_eip) | |
9191 | ||
9192 | bogus_magic: | |
9193 | jmp bogus_magic | |
ae4e228f MT |
9194 | diff -urNp linux-2.6.33.1/arch/x86/kernel/alternative.c linux-2.6.33.1/arch/x86/kernel/alternative.c |
9195 | --- linux-2.6.33.1/arch/x86/kernel/alternative.c 2010-03-15 12:09:39.000000000 -0400 | |
9196 | +++ linux-2.6.33.1/arch/x86/kernel/alternative.c 2010-03-20 16:58:38.988525305 -0400 | |
9197 | @@ -407,7 +407,7 @@ void __init_or_module apply_paravirt(str | |
58c5fc13 MT |
9198 | |
9199 | BUG_ON(p->len > MAX_PATCH_LEN); | |
9200 | /* prep the buffer with the original instructions */ | |
9201 | - memcpy(insnbuf, p->instr, p->len); | |
9202 | + memcpy(insnbuf, ktla_ktva(p->instr), p->len); | |
9203 | used = pv_init_ops.patch(p->instrtype, p->clobbers, insnbuf, | |
9204 | (unsigned long)p->instr, p->len); | |
9205 | ||
ae4e228f | 9206 | @@ -492,12 +492,16 @@ void __init alternative_instructions(voi |
58c5fc13 MT |
9207 | * instructions. And on the local CPU you need to be protected again NMI or MCE |
9208 | * handlers seeing an inconsistent instruction while you patch. | |
9209 | */ | |
ae4e228f MT |
9210 | -static void *__init_or_module text_poke_early(void *addr, const void *opcode, |
9211 | +static void *__kprobes text_poke_early(void *addr, const void *opcode, | |
9212 | size_t len) | |
58c5fc13 MT |
9213 | { |
9214 | unsigned long flags; | |
58c5fc13 MT |
9215 | local_irq_save(flags); |
9216 | - memcpy(addr, opcode, len); | |
9217 | + | |
ae4e228f | 9218 | + pax_open_kernel(); |
58c5fc13 | 9219 | + memcpy(ktla_ktva(addr), opcode, len); |
ae4e228f | 9220 | + pax_close_kernel(); |
58c5fc13 | 9221 | + |
58c5fc13 | 9222 | sync_core(); |
ae4e228f | 9223 | local_irq_restore(flags); |
58c5fc13 | 9224 | /* Could also do a CLFLUSH here to speed up CPU recovery; but |
ae4e228f | 9225 | @@ -520,35 +524,21 @@ static void *__init_or_module text_poke_ |
58c5fc13 MT |
9226 | */ |
9227 | void *__kprobes text_poke(void *addr, const void *opcode, size_t len) | |
9228 | { | |
9229 | - unsigned long flags; | |
9230 | - char *vaddr; | |
9231 | + unsigned char *vaddr = ktla_ktva(addr); | |
9232 | struct page *pages[2]; | |
9233 | - int i; | |
9234 | + size_t i; | |
58c5fc13 | 9235 | |
ae4e228f | 9236 | if (!core_kernel_text((unsigned long)addr)) { |
58c5fc13 MT |
9237 | - pages[0] = vmalloc_to_page(addr); |
9238 | - pages[1] = vmalloc_to_page(addr + PAGE_SIZE); | |
58c5fc13 MT |
9239 | + pages[0] = vmalloc_to_page(vaddr); |
9240 | + pages[1] = vmalloc_to_page(vaddr + PAGE_SIZE); | |
9241 | } else { | |
9242 | - pages[0] = virt_to_page(addr); | |
9243 | + pages[0] = virt_to_page(vaddr); | |
9244 | WARN_ON(!PageReserved(pages[0])); | |
9245 | - pages[1] = virt_to_page(addr + PAGE_SIZE); | |
9246 | + pages[1] = virt_to_page(vaddr + PAGE_SIZE); | |
9247 | } | |
9248 | BUG_ON(!pages[0]); | |
9249 | - local_irq_save(flags); | |
9250 | - set_fixmap(FIX_TEXT_POKE0, page_to_phys(pages[0])); | |
9251 | - if (pages[1]) | |
9252 | - set_fixmap(FIX_TEXT_POKE1, page_to_phys(pages[1])); | |
9253 | - vaddr = (char *)fix_to_virt(FIX_TEXT_POKE0); | |
9254 | - memcpy(&vaddr[(unsigned long)addr & ~PAGE_MASK], opcode, len); | |
9255 | - clear_fixmap(FIX_TEXT_POKE0); | |
9256 | - if (pages[1]) | |
9257 | - clear_fixmap(FIX_TEXT_POKE1); | |
9258 | - local_flush_tlb(); | |
9259 | - sync_core(); | |
9260 | - /* Could also do a CLFLUSH here to speed up CPU recovery; but | |
9261 | - that causes hangs on some VIA CPUs. */ | |
9262 | + text_poke_early(addr, opcode, len); | |
9263 | for (i = 0; i < len; i++) | |
9264 | - BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]); | |
9265 | - local_irq_restore(flags); | |
9266 | + BUG_ON(((char *)vaddr)[i] != ((char *)opcode)[i]); | |
9267 | return addr; | |
9268 | } | |
ae4e228f MT |
9269 | diff -urNp linux-2.6.33.1/arch/x86/kernel/amd_iommu.c linux-2.6.33.1/arch/x86/kernel/amd_iommu.c |
9270 | --- linux-2.6.33.1/arch/x86/kernel/amd_iommu.c 2010-03-15 12:09:39.000000000 -0400 | |
9271 | +++ linux-2.6.33.1/arch/x86/kernel/amd_iommu.c 2010-03-20 16:58:38.988525305 -0400 | |
9272 | @@ -2210,7 +2210,7 @@ static void prealloc_protection_domains( | |
9273 | } | |
9274 | } | |
9275 | ||
9276 | -static struct dma_map_ops amd_iommu_dma_ops = { | |
9277 | +static const struct dma_map_ops amd_iommu_dma_ops = { | |
9278 | .alloc_coherent = alloc_coherent, | |
9279 | .free_coherent = free_coherent, | |
9280 | .map_page = map_page, | |
9281 | diff -urNp linux-2.6.33.1/arch/x86/kernel/apic/io_apic.c linux-2.6.33.1/arch/x86/kernel/apic/io_apic.c | |
9282 | --- linux-2.6.33.1/arch/x86/kernel/apic/io_apic.c 2010-03-15 12:09:39.000000000 -0400 | |
9283 | +++ linux-2.6.33.1/arch/x86/kernel/apic/io_apic.c 2010-03-20 16:58:38.988525305 -0400 | |
9284 | @@ -701,7 +701,7 @@ struct IO_APIC_route_entry **alloc_ioapi | |
9285 | ioapic_entries = kzalloc(sizeof(*ioapic_entries) * nr_ioapics, | |
9286 | GFP_ATOMIC); | |
9287 | if (!ioapic_entries) | |
9288 | - return 0; | |
9289 | + return NULL; | |
58c5fc13 | 9290 | |
ae4e228f MT |
9291 | for (apic = 0; apic < nr_ioapics; apic++) { |
9292 | ioapic_entries[apic] = | |
9293 | @@ -718,7 +718,7 @@ nomem: | |
9294 | kfree(ioapic_entries[apic]); | |
9295 | kfree(ioapic_entries); | |
58c5fc13 | 9296 | |
ae4e228f MT |
9297 | - return 0; |
9298 | + return NULL; | |
9299 | } | |
58c5fc13 | 9300 | |
ae4e228f MT |
9301 | /* |
9302 | @@ -1135,7 +1135,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, | |
9303 | } | |
9304 | EXPORT_SYMBOL(IO_APIC_get_PCI_irq_vector); | |
9305 | ||
9306 | -void lock_vector_lock(void) | |
9307 | +void lock_vector_lock(void) __acquires(vector_lock) | |
9308 | { | |
9309 | /* Used to the online set of cpus does not change | |
9310 | * during assign_irq_vector. | |
9311 | @@ -1143,7 +1143,7 @@ void lock_vector_lock(void) | |
9312 | spin_lock(&vector_lock); | |
9313 | } | |
9314 | ||
9315 | -void unlock_vector_lock(void) | |
9316 | +void unlock_vector_lock(void) __releases(vector_lock) | |
9317 | { | |
9318 | spin_unlock(&vector_lock); | |
9319 | } | |
9320 | diff -urNp linux-2.6.33.1/arch/x86/kernel/apm_32.c linux-2.6.33.1/arch/x86/kernel/apm_32.c | |
9321 | --- linux-2.6.33.1/arch/x86/kernel/apm_32.c 2010-03-15 12:09:39.000000000 -0400 | |
9322 | +++ linux-2.6.33.1/arch/x86/kernel/apm_32.c 2010-03-20 16:58:38.988525305 -0400 | |
9323 | @@ -410,7 +410,7 @@ static DEFINE_MUTEX(apm_mutex); | |
9324 | * This is for buggy BIOS's that refer to (real mode) segment 0x40 | |
9325 | * even though they are called in protected mode. | |
9326 | */ | |
9327 | -static struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4092, | |
9328 | +static const struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4093, | |
9329 | (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1); | |
9330 | ||
9331 | static const char driver_version[] = "1.16ac"; /* no spaces */ | |
9332 | @@ -588,7 +588,10 @@ static long __apm_bios_call(void *_call) | |
58c5fc13 MT |
9333 | BUG_ON(cpu != 0); |
9334 | gdt = get_cpu_gdt_table(cpu); | |
9335 | save_desc_40 = gdt[0x40 / 8]; | |
9336 | + | |
ae4e228f | 9337 | + pax_open_kernel(); |
58c5fc13 | 9338 | gdt[0x40 / 8] = bad_bios_desc; |
ae4e228f | 9339 | + pax_close_kernel(); |
58c5fc13 | 9340 | |
58c5fc13 MT |
9341 | apm_irq_save(flags); |
9342 | APM_DO_SAVE_SEGS; | |
ae4e228f | 9343 | @@ -597,7 +600,11 @@ static long __apm_bios_call(void *_call) |
58c5fc13 MT |
9344 | &call->esi); |
9345 | APM_DO_RESTORE_SEGS; | |
9346 | apm_irq_restore(flags); | |
9347 | + | |
ae4e228f | 9348 | + pax_open_kernel(); |
58c5fc13 | 9349 | gdt[0x40 / 8] = save_desc_40; |
ae4e228f | 9350 | + pax_close_kernel(); |
58c5fc13 MT |
9351 | + |
9352 | put_cpu(); | |
9353 | ||
9354 | return call->eax & 0xff; | |
ae4e228f | 9355 | @@ -664,7 +671,10 @@ static long __apm_bios_call_simple(void |
58c5fc13 MT |
9356 | BUG_ON(cpu != 0); |
9357 | gdt = get_cpu_gdt_table(cpu); | |
9358 | save_desc_40 = gdt[0x40 / 8]; | |
9359 | + | |
ae4e228f | 9360 | + pax_open_kernel(); |
58c5fc13 | 9361 | gdt[0x40 / 8] = bad_bios_desc; |
ae4e228f | 9362 | + pax_close_kernel(); |
58c5fc13 | 9363 | |
58c5fc13 MT |
9364 | apm_irq_save(flags); |
9365 | APM_DO_SAVE_SEGS; | |
ae4e228f | 9366 | @@ -672,7 +682,11 @@ static long __apm_bios_call_simple(void |
58c5fc13 MT |
9367 | &call->eax); |
9368 | APM_DO_RESTORE_SEGS; | |
9369 | apm_irq_restore(flags); | |
9370 | + | |
ae4e228f | 9371 | + pax_open_kernel(); |
58c5fc13 | 9372 | gdt[0x40 / 8] = save_desc_40; |
ae4e228f | 9373 | + pax_close_kernel(); |
58c5fc13 MT |
9374 | + |
9375 | put_cpu(); | |
9376 | return error; | |
9377 | } | |
ae4e228f | 9378 | @@ -975,7 +989,7 @@ recalc: |
58c5fc13 MT |
9379 | |
9380 | static void apm_power_off(void) | |
9381 | { | |
9382 | - unsigned char po_bios_call[] = { | |
9383 | + const unsigned char po_bios_call[] = { | |
9384 | 0xb8, 0x00, 0x10, /* movw $0x1000,ax */ | |
9385 | 0x8e, 0xd0, /* movw ax,ss */ | |
9386 | 0xbc, 0x00, 0xf0, /* movw $0xf000,sp */ | |
ae4e228f | 9387 | @@ -1931,7 +1945,10 @@ static const struct file_operations apm_ |
58c5fc13 MT |
9388 | static struct miscdevice apm_device = { |
9389 | APM_MINOR_DEV, | |
9390 | "apm_bios", | |
9391 | - &apm_bios_fops | |
9392 | + &apm_bios_fops, | |
9393 | + {NULL, NULL}, | |
9394 | + NULL, | |
9395 | + NULL | |
9396 | }; | |
9397 | ||
9398 | ||
ae4e228f | 9399 | @@ -2252,7 +2269,7 @@ static struct dmi_system_id __initdata a |
58c5fc13 MT |
9400 | { DMI_MATCH(DMI_SYS_VENDOR, "IBM"), }, |
9401 | }, | |
9402 | ||
9403 | - { } | |
9404 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL} | |
9405 | }; | |
9406 | ||
9407 | /* | |
ae4e228f | 9408 | @@ -2355,12 +2372,15 @@ static int __init apm_init(void) |
58c5fc13 MT |
9409 | * code to that CPU. |
9410 | */ | |
9411 | gdt = get_cpu_gdt_table(0); | |
9412 | + | |
ae4e228f MT |
9413 | + pax_open_kernel(); |
9414 | set_desc_base(&gdt[APM_CS >> 3], | |
9415 | (unsigned long)__va((unsigned long)apm_info.bios.cseg << 4)); | |
9416 | set_desc_base(&gdt[APM_CS_16 >> 3], | |
9417 | (unsigned long)__va((unsigned long)apm_info.bios.cseg_16 << 4)); | |
9418 | set_desc_base(&gdt[APM_DS >> 3], | |
9419 | (unsigned long)__va((unsigned long)apm_info.bios.dseg << 4)); | |
9420 | + pax_close_kernel(); | |
58c5fc13 | 9421 | |
58c5fc13 MT |
9422 | proc_create("apm", 0, NULL, &apm_file_ops); |
9423 | ||
ae4e228f MT |
9424 | diff -urNp linux-2.6.33.1/arch/x86/kernel/asm-offsets_32.c linux-2.6.33.1/arch/x86/kernel/asm-offsets_32.c |
9425 | --- linux-2.6.33.1/arch/x86/kernel/asm-offsets_32.c 2010-03-15 12:09:39.000000000 -0400 | |
9426 | +++ linux-2.6.33.1/arch/x86/kernel/asm-offsets_32.c 2010-03-20 16:58:38.988525305 -0400 | |
9427 | @@ -115,6 +115,11 @@ void foo(void) | |
58c5fc13 MT |
9428 | OFFSET(PV_CPU_iret, pv_cpu_ops, iret); |
9429 | OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit); | |
9430 | OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0); | |
ae4e228f MT |
9431 | + |
9432 | +#ifdef CONFIG_PAX_KERNEXEC | |
58c5fc13 | 9433 | + OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0); |
ae4e228f MT |
9434 | +#endif |
9435 | + | |
58c5fc13 MT |
9436 | #endif |
9437 | ||
9438 | #ifdef CONFIG_XEN | |
ae4e228f MT |
9439 | diff -urNp linux-2.6.33.1/arch/x86/kernel/asm-offsets_64.c linux-2.6.33.1/arch/x86/kernel/asm-offsets_64.c |
9440 | --- linux-2.6.33.1/arch/x86/kernel/asm-offsets_64.c 2010-03-15 12:09:39.000000000 -0400 | |
9441 | +++ linux-2.6.33.1/arch/x86/kernel/asm-offsets_64.c 2010-03-20 16:58:38.988525305 -0400 | |
9442 | @@ -63,6 +63,12 @@ int main(void) | |
9443 | OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit); | |
9444 | OFFSET(PV_CPU_swapgs, pv_cpu_ops, swapgs); | |
9445 | OFFSET(PV_MMU_read_cr2, pv_mmu_ops, read_cr2); | |
9446 | + | |
9447 | +#ifdef CONFIG_PAX_KERNEXEC | |
9448 | + OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0); | |
9449 | + OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0); | |
9450 | +#endif | |
9451 | + | |
9452 | #endif | |
9453 | ||
9454 | ||
9455 | @@ -115,6 +121,7 @@ int main(void) | |
58c5fc13 MT |
9456 | ENTRY(cr8); |
9457 | BLANK(); | |
9458 | #undef ENTRY | |
9459 | + DEFINE(TSS_size, sizeof(struct tss_struct)); | |
9460 | DEFINE(TSS_ist, offsetof(struct tss_struct, x86_tss.ist)); | |
9461 | BLANK(); | |
9462 | DEFINE(crypto_tfm_ctx_offset, offsetof(struct crypto_tfm, __crt_ctx)); | |
ae4e228f MT |
9463 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/common.c linux-2.6.33.1/arch/x86/kernel/cpu/common.c |
9464 | --- linux-2.6.33.1/arch/x86/kernel/cpu/common.c 2010-03-15 12:09:39.000000000 -0400 | |
9465 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/common.c 2010-03-20 16:58:38.992510812 -0400 | |
9466 | @@ -83,60 +83,6 @@ static const struct cpu_dev __cpuinitcon | |
58c5fc13 MT |
9467 | |
9468 | static const struct cpu_dev *this_cpu __cpuinitdata = &default_cpu; | |
9469 | ||
9470 | -DEFINE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page) = { .gdt = { | |
9471 | -#ifdef CONFIG_X86_64 | |
9472 | - /* | |
9473 | - * We need valid kernel segments for data and code in long mode too | |
9474 | - * IRET will check the segment types kkeil 2000/10/28 | |
9475 | - * Also sysret mandates a special GDT layout | |
9476 | - * | |
9477 | - * TLS descriptors are currently at a different place compared to i386. | |
9478 | - * Hopefully nobody expects them at a fixed place (Wine?) | |
9479 | - */ | |
ae4e228f MT |
9480 | - [GDT_ENTRY_KERNEL32_CS] = GDT_ENTRY_INIT(0xc09b, 0, 0xfffff), |
9481 | - [GDT_ENTRY_KERNEL_CS] = GDT_ENTRY_INIT(0xa09b, 0, 0xfffff), | |
9482 | - [GDT_ENTRY_KERNEL_DS] = GDT_ENTRY_INIT(0xc093, 0, 0xfffff), | |
9483 | - [GDT_ENTRY_DEFAULT_USER32_CS] = GDT_ENTRY_INIT(0xc0fb, 0, 0xfffff), | |
9484 | - [GDT_ENTRY_DEFAULT_USER_DS] = GDT_ENTRY_INIT(0xc0f3, 0, 0xfffff), | |
9485 | - [GDT_ENTRY_DEFAULT_USER_CS] = GDT_ENTRY_INIT(0xa0fb, 0, 0xfffff), | |
58c5fc13 | 9486 | -#else |
ae4e228f MT |
9487 | - [GDT_ENTRY_KERNEL_CS] = GDT_ENTRY_INIT(0xc09a, 0, 0xfffff), |
9488 | - [GDT_ENTRY_KERNEL_DS] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff), | |
9489 | - [GDT_ENTRY_DEFAULT_USER_CS] = GDT_ENTRY_INIT(0xc0fa, 0, 0xfffff), | |
9490 | - [GDT_ENTRY_DEFAULT_USER_DS] = GDT_ENTRY_INIT(0xc0f2, 0, 0xfffff), | |
58c5fc13 MT |
9491 | - /* |
9492 | - * Segments used for calling PnP BIOS have byte granularity. | |
9493 | - * They code segments and data segments have fixed 64k limits, | |
9494 | - * the transfer segment sizes are set at run time. | |
9495 | - */ | |
9496 | - /* 32-bit code */ | |
ae4e228f | 9497 | - [GDT_ENTRY_PNPBIOS_CS32] = GDT_ENTRY_INIT(0x409a, 0, 0xffff), |
58c5fc13 | 9498 | - /* 16-bit code */ |
ae4e228f | 9499 | - [GDT_ENTRY_PNPBIOS_CS16] = GDT_ENTRY_INIT(0x009a, 0, 0xffff), |
58c5fc13 | 9500 | - /* 16-bit data */ |
ae4e228f | 9501 | - [GDT_ENTRY_PNPBIOS_DS] = GDT_ENTRY_INIT(0x0092, 0, 0xffff), |
58c5fc13 | 9502 | - /* 16-bit data */ |
ae4e228f | 9503 | - [GDT_ENTRY_PNPBIOS_TS1] = GDT_ENTRY_INIT(0x0092, 0, 0), |
58c5fc13 | 9504 | - /* 16-bit data */ |
ae4e228f | 9505 | - [GDT_ENTRY_PNPBIOS_TS2] = GDT_ENTRY_INIT(0x0092, 0, 0), |
58c5fc13 MT |
9506 | - /* |
9507 | - * The APM segments have byte granularity and their bases | |
9508 | - * are set at run time. All have 64k limits. | |
9509 | - */ | |
9510 | - /* 32-bit code */ | |
ae4e228f | 9511 | - [GDT_ENTRY_APMBIOS_BASE] = GDT_ENTRY_INIT(0x409a, 0, 0xffff), |
58c5fc13 | 9512 | - /* 16-bit code */ |
ae4e228f | 9513 | - [GDT_ENTRY_APMBIOS_BASE+1] = GDT_ENTRY_INIT(0x009a, 0, 0xffff), |
58c5fc13 | 9514 | - /* data */ |
ae4e228f | 9515 | - [GDT_ENTRY_APMBIOS_BASE+2] = GDT_ENTRY_INIT(0x4092, 0, 0xffff), |
58c5fc13 | 9516 | - |
ae4e228f MT |
9517 | - [GDT_ENTRY_ESPFIX_SS] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff), |
9518 | - [GDT_ENTRY_PERCPU] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff), | |
58c5fc13 MT |
9519 | - GDT_STACK_CANARY_INIT |
9520 | -#endif | |
9521 | -} }; | |
9522 | -EXPORT_PER_CPU_SYMBOL_GPL(gdt_page); | |
9523 | - | |
9524 | static int __init x86_xsave_setup(char *s) | |
9525 | { | |
9526 | setup_clear_cpu_cap(X86_FEATURE_XSAVE); | |
ae4e228f | 9527 | @@ -344,7 +290,7 @@ void switch_to_new_gdt(int cpu) |
58c5fc13 MT |
9528 | { |
9529 | struct desc_ptr gdt_descr; | |
9530 | ||
9531 | - gdt_descr.address = (long)get_cpu_gdt_table(cpu); | |
9532 | + gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu); | |
9533 | gdt_descr.size = GDT_SIZE - 1; | |
9534 | load_gdt(&gdt_descr); | |
9535 | /* Reload the per-cpu base */ | |
ae4e228f | 9536 | @@ -802,6 +748,10 @@ static void __cpuinit identify_cpu(struc |
58c5fc13 MT |
9537 | /* Filter out anything that depends on CPUID levels we don't have */ |
9538 | filter_cpuid_features(c, true); | |
9539 | ||
ae4e228f | 9540 | +#if defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || (defined(CONFIG_PAX_MEMORY_UDEREF) && defined(CONFIG_X86_32)) |
58c5fc13 MT |
9541 | + setup_clear_cpu_cap(X86_FEATURE_SEP); |
9542 | +#endif | |
9543 | + | |
9544 | /* If the model name is still unset, do table lookup. */ | |
9545 | if (!c->x86_model_id[0]) { | |
9546 | const char *p; | |
ae4e228f | 9547 | @@ -1103,7 +1053,7 @@ void __cpuinit cpu_init(void) |
58c5fc13 MT |
9548 | int i; |
9549 | ||
9550 | cpu = stack_smp_processor_id(); | |
9551 | - t = &per_cpu(init_tss, cpu); | |
9552 | + t = init_tss + cpu; | |
ae4e228f | 9553 | oist = &per_cpu(orig_ist, cpu); |
58c5fc13 MT |
9554 | |
9555 | #ifdef CONFIG_NUMA | |
ae4e228f | 9556 | @@ -1201,7 +1151,7 @@ void __cpuinit cpu_init(void) |
58c5fc13 MT |
9557 | { |
9558 | int cpu = smp_processor_id(); | |
9559 | struct task_struct *curr = current; | |
9560 | - struct tss_struct *t = &per_cpu(init_tss, cpu); | |
9561 | + struct tss_struct *t = init_tss + cpu; | |
9562 | struct thread_struct *thread = &curr->thread; | |
9563 | ||
9564 | if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) { | |
ae4e228f MT |
9565 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c linux-2.6.33.1/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c |
9566 | --- linux-2.6.33.1/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c 2010-03-15 12:09:39.000000000 -0400 | |
9567 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c 2010-03-20 16:58:38.992510812 -0400 | |
9568 | @@ -523,7 +523,7 @@ static const struct dmi_system_id sw_any | |
58c5fc13 MT |
9569 | DMI_MATCH(DMI_PRODUCT_NAME, "X6DLP"), |
9570 | }, | |
9571 | }, | |
9572 | - { } | |
9573 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } | |
9574 | }; | |
58c5fc13 | 9575 | |
ae4e228f MT |
9576 | static int acpi_cpufreq_blacklist(struct cpuinfo_x86 *c) |
9577 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c linux-2.6.33.1/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c | |
9578 | --- linux-2.6.33.1/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c 2010-03-15 12:09:39.000000000 -0400 | |
9579 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c 2010-03-20 16:58:38.992510812 -0400 | |
58c5fc13 MT |
9580 | @@ -225,7 +225,7 @@ static struct cpu_model models[] = |
9581 | { &cpu_ids[CPU_MP4HT_D0], NULL, 0, NULL }, | |
9582 | { &cpu_ids[CPU_MP4HT_E0], NULL, 0, NULL }, | |
9583 | ||
9584 | - { NULL, } | |
9585 | + { NULL, NULL, 0, NULL} | |
9586 | }; | |
9587 | #undef _BANIAS | |
9588 | #undef BANIAS | |
ae4e228f MT |
9589 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/intel.c linux-2.6.33.1/arch/x86/kernel/cpu/intel.c |
9590 | --- linux-2.6.33.1/arch/x86/kernel/cpu/intel.c 2010-03-15 12:09:39.000000000 -0400 | |
9591 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/intel.c 2010-03-20 16:58:38.992510812 -0400 | |
9592 | @@ -139,7 +139,7 @@ static void __cpuinit trap_init_f00f_bug | |
58c5fc13 MT |
9593 | * Update the IDT descriptor and reload the IDT so that |
9594 | * it uses the read-only mapped virtual address. | |
9595 | */ | |
9596 | - idt_descr.address = fix_to_virt(FIX_F00F_IDT); | |
9597 | + idt_descr.address = (struct desc_struct *)fix_to_virt(FIX_F00F_IDT); | |
9598 | load_idt(&idt_descr); | |
9599 | } | |
9600 | #endif | |
ae4e228f MT |
9601 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/intel_cacheinfo.c linux-2.6.33.1/arch/x86/kernel/cpu/intel_cacheinfo.c |
9602 | --- linux-2.6.33.1/arch/x86/kernel/cpu/intel_cacheinfo.c 2010-03-15 12:09:39.000000000 -0400 | |
9603 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/intel_cacheinfo.c 2010-03-20 16:58:38.992510812 -0400 | |
9604 | @@ -848,7 +848,7 @@ static ssize_t store(struct kobject *kob | |
9605 | return ret; | |
9606 | } | |
9607 | ||
9608 | -static struct sysfs_ops sysfs_ops = { | |
9609 | +static const struct sysfs_ops sysfs_ops = { | |
9610 | .show = show, | |
9611 | .store = store, | |
9612 | }; | |
9613 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/Makefile linux-2.6.33.1/arch/x86/kernel/cpu/Makefile | |
9614 | --- linux-2.6.33.1/arch/x86/kernel/cpu/Makefile 2010-03-15 12:09:39.000000000 -0400 | |
9615 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/Makefile 2010-03-20 16:58:38.992510812 -0400 | |
9616 | @@ -8,10 +8,6 @@ CFLAGS_REMOVE_common.o = -pg | |
9617 | CFLAGS_REMOVE_perf_event.o = -pg | |
58c5fc13 MT |
9618 | endif |
9619 | ||
9620 | -# Make sure load_percpu_segment has no stackprotector | |
9621 | -nostackp := $(call cc-option, -fno-stack-protector) | |
9622 | -CFLAGS_common.o := $(nostackp) | |
9623 | - | |
9624 | obj-y := intel_cacheinfo.o addon_cpuid_features.o | |
9625 | obj-y += proc.o capflags.o powerflags.o common.o | |
ae4e228f MT |
9626 | obj-y += vmware.o hypervisor.o sched.o |
9627 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/mcheck/mce_amd.c linux-2.6.33.1/arch/x86/kernel/cpu/mcheck/mce_amd.c | |
9628 | --- linux-2.6.33.1/arch/x86/kernel/cpu/mcheck/mce_amd.c 2010-03-15 12:09:39.000000000 -0400 | |
9629 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/mcheck/mce_amd.c 2010-03-20 16:58:38.992510812 -0400 | |
9630 | @@ -388,7 +388,7 @@ static ssize_t store(struct kobject *kob | |
9631 | return ret; | |
9632 | } | |
9633 | ||
9634 | -static struct sysfs_ops threshold_ops = { | |
9635 | +static const struct sysfs_ops threshold_ops = { | |
9636 | .show = show, | |
9637 | .store = store, | |
9638 | }; | |
9639 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/mcheck/mce.c linux-2.6.33.1/arch/x86/kernel/cpu/mcheck/mce.c | |
9640 | --- linux-2.6.33.1/arch/x86/kernel/cpu/mcheck/mce.c 2010-03-15 12:09:39.000000000 -0400 | |
9641 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/mcheck/mce.c 2010-03-20 16:58:38.992510812 -0400 | |
9642 | @@ -201,7 +201,7 @@ static void print_mce(struct mce *m) | |
9643 | !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "", | |
9644 | m->cs, m->ip); | |
9645 | ||
9646 | - if (m->cs == __KERNEL_CS) | |
9647 | + if (m->cs == __KERNEL_CS || m->cs == __KERNEXEC_KERNEL_CS) | |
9648 | print_symbol("{%s}", m->ip); | |
9649 | pr_cont("\n"); | |
9650 | } | |
9651 | @@ -1444,14 +1444,14 @@ void __cpuinit mcheck_cpu_init(struct cp | |
58c5fc13 MT |
9652 | */ |
9653 | ||
9654 | static DEFINE_SPINLOCK(mce_state_lock); | |
9655 | -static int open_count; /* #times opened */ | |
9656 | +static atomic_t open_count; /* #times opened */ | |
9657 | static int open_exclu; /* already open exclusive? */ | |
9658 | ||
9659 | static int mce_open(struct inode *inode, struct file *file) | |
9660 | { | |
9661 | spin_lock(&mce_state_lock); | |
9662 | ||
9663 | - if (open_exclu || (open_count && (file->f_flags & O_EXCL))) { | |
9664 | + if (open_exclu || (atomic_read(&open_count) && (file->f_flags & O_EXCL))) { | |
9665 | spin_unlock(&mce_state_lock); | |
9666 | ||
9667 | return -EBUSY; | |
ae4e228f | 9668 | @@ -1459,7 +1459,7 @@ static int mce_open(struct inode *inode, |
58c5fc13 MT |
9669 | |
9670 | if (file->f_flags & O_EXCL) | |
9671 | open_exclu = 1; | |
9672 | - open_count++; | |
9673 | + atomic_inc(&open_count); | |
9674 | ||
9675 | spin_unlock(&mce_state_lock); | |
9676 | ||
ae4e228f | 9677 | @@ -1470,7 +1470,7 @@ static int mce_release(struct inode *ino |
58c5fc13 MT |
9678 | { |
9679 | spin_lock(&mce_state_lock); | |
9680 | ||
9681 | - open_count--; | |
9682 | + atomic_dec(&open_count); | |
9683 | open_exclu = 0; | |
9684 | ||
9685 | spin_unlock(&mce_state_lock); | |
ae4e228f | 9686 | @@ -1610,6 +1610,7 @@ static struct miscdevice mce_log_device |
58c5fc13 MT |
9687 | MISC_MCELOG_MINOR, |
9688 | "mcelog", | |
9689 | &mce_chrdev_ops, | |
9690 | + {NULL, NULL}, NULL, NULL | |
9691 | }; | |
9692 | ||
9693 | /* | |
ae4e228f MT |
9694 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/amd.c linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/amd.c |
9695 | --- linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/amd.c 2010-03-15 12:09:39.000000000 -0400 | |
9696 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/amd.c 2010-03-20 16:58:38.992510812 -0400 | |
9697 | @@ -108,7 +108,7 @@ amd_validate_add_page(unsigned long base | |
9698 | return 0; | |
9699 | } | |
9700 | ||
9701 | -static struct mtrr_ops amd_mtrr_ops = { | |
9702 | +static const struct mtrr_ops amd_mtrr_ops = { | |
9703 | .vendor = X86_VENDOR_AMD, | |
9704 | .set = amd_set_mtrr, | |
9705 | .get = amd_get_mtrr, | |
9706 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/centaur.c linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/centaur.c | |
9707 | --- linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/centaur.c 2010-03-15 12:09:39.000000000 -0400 | |
9708 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/centaur.c 2010-03-20 16:58:38.992510812 -0400 | |
9709 | @@ -110,7 +110,7 @@ centaur_validate_add_page(unsigned long | |
9710 | return 0; | |
9711 | } | |
9712 | ||
9713 | -static struct mtrr_ops centaur_mtrr_ops = { | |
9714 | +static const struct mtrr_ops centaur_mtrr_ops = { | |
9715 | .vendor = X86_VENDOR_CENTAUR, | |
9716 | .set = centaur_set_mcr, | |
9717 | .get = centaur_get_mcr, | |
9718 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/cyrix.c linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/cyrix.c | |
9719 | --- linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/cyrix.c 2010-03-15 12:09:39.000000000 -0400 | |
9720 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/cyrix.c 2010-03-20 16:58:38.992510812 -0400 | |
9721 | @@ -265,7 +265,7 @@ static void cyrix_set_all(void) | |
9722 | post_set(); | |
9723 | } | |
9724 | ||
9725 | -static struct mtrr_ops cyrix_mtrr_ops = { | |
9726 | +static const struct mtrr_ops cyrix_mtrr_ops = { | |
9727 | .vendor = X86_VENDOR_CYRIX, | |
9728 | .set_all = cyrix_set_all, | |
9729 | .set = cyrix_set_arr, | |
9730 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/generic.c linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/generic.c | |
9731 | --- linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/generic.c 2010-03-15 12:09:39.000000000 -0400 | |
9732 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/generic.c 2010-03-20 16:58:38.992510812 -0400 | |
9733 | @@ -29,7 +29,7 @@ static struct fixed_range_block fixed_ra | |
9734 | { MSR_MTRRfix64K_00000, 1 }, /* one 64k MTRR */ | |
9735 | { MSR_MTRRfix16K_80000, 2 }, /* two 16k MTRRs */ | |
9736 | { MSR_MTRRfix4K_C0000, 8 }, /* eight 4k MTRRs */ | |
58c5fc13 MT |
9737 | - {} |
9738 | + { 0, 0 } | |
9739 | }; | |
9740 | ||
9741 | static unsigned long smp_changes_mask; | |
ae4e228f MT |
9742 | @@ -752,7 +752,7 @@ int positive_have_wrcomb(void) |
9743 | /* | |
9744 | * Generic structure... | |
9745 | */ | |
9746 | -struct mtrr_ops generic_mtrr_ops = { | |
9747 | +const struct mtrr_ops generic_mtrr_ops = { | |
9748 | .use_intel_if = 1, | |
9749 | .set_all = generic_set_all, | |
9750 | .get = generic_get_mtrr, | |
9751 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/main.c linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/main.c | |
9752 | --- linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/main.c 2010-03-15 12:09:39.000000000 -0400 | |
9753 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/main.c 2010-03-20 16:58:38.996547732 -0400 | |
9754 | @@ -60,14 +60,14 @@ static DEFINE_MUTEX(mtrr_mutex); | |
9755 | u64 size_or_mask, size_and_mask; | |
9756 | static bool mtrr_aps_delayed_init; | |
9757 | ||
9758 | -static struct mtrr_ops *mtrr_ops[X86_VENDOR_NUM]; | |
9759 | +static const struct mtrr_ops *mtrr_ops[X86_VENDOR_NUM] __read_only; | |
9760 | ||
9761 | -struct mtrr_ops *mtrr_if; | |
9762 | +const struct mtrr_ops *mtrr_if; | |
9763 | ||
9764 | static void set_mtrr(unsigned int reg, unsigned long base, | |
9765 | unsigned long size, mtrr_type type); | |
9766 | ||
9767 | -void set_mtrr_ops(struct mtrr_ops *ops) | |
9768 | +void set_mtrr_ops(const struct mtrr_ops *ops) | |
9769 | { | |
9770 | if (ops->vendor && ops->vendor < X86_VENDOR_NUM) | |
9771 | mtrr_ops[ops->vendor] = ops; | |
9772 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/mtrr.h linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/mtrr.h | |
9773 | --- linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/mtrr.h 2010-03-15 12:09:39.000000000 -0400 | |
9774 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/mtrr/mtrr.h 2010-03-20 16:58:38.996547732 -0400 | |
9775 | @@ -12,19 +12,19 @@ | |
9776 | extern unsigned int mtrr_usage_table[MTRR_MAX_VAR_RANGES]; | |
9777 | ||
9778 | struct mtrr_ops { | |
9779 | - u32 vendor; | |
9780 | - u32 use_intel_if; | |
9781 | - void (*set)(unsigned int reg, unsigned long base, | |
9782 | + const u32 vendor; | |
9783 | + const u32 use_intel_if; | |
9784 | + void (* const set)(unsigned int reg, unsigned long base, | |
9785 | unsigned long size, mtrr_type type); | |
9786 | - void (*set_all)(void); | |
9787 | + void (* const set_all)(void); | |
9788 | ||
9789 | - void (*get)(unsigned int reg, unsigned long *base, | |
9790 | + void (* const get)(unsigned int reg, unsigned long *base, | |
9791 | unsigned long *size, mtrr_type *type); | |
9792 | - int (*get_free_region)(unsigned long base, unsigned long size, | |
9793 | + int (* const get_free_region)(unsigned long base, unsigned long size, | |
9794 | int replace_reg); | |
9795 | - int (*validate_add_page)(unsigned long base, unsigned long size, | |
9796 | + int (* const validate_add_page)(unsigned long base, unsigned long size, | |
9797 | unsigned int type); | |
9798 | - int (*have_wrcomb)(void); | |
9799 | + int (* const have_wrcomb)(void); | |
9800 | }; | |
9801 | ||
9802 | extern int generic_get_free_region(unsigned long base, unsigned long size, | |
9803 | @@ -32,7 +32,7 @@ extern int generic_get_free_region(unsig | |
9804 | extern int generic_validate_add_page(unsigned long base, unsigned long size, | |
9805 | unsigned int type); | |
9806 | ||
9807 | -extern struct mtrr_ops generic_mtrr_ops; | |
9808 | +extern const struct mtrr_ops generic_mtrr_ops; | |
9809 | ||
9810 | extern int positive_have_wrcomb(void); | |
9811 | ||
9812 | @@ -53,10 +53,10 @@ void fill_mtrr_var_range(unsigned int in | |
9813 | u32 base_lo, u32 base_hi, u32 mask_lo, u32 mask_hi); | |
9814 | void get_mtrr_state(void); | |
9815 | ||
9816 | -extern void set_mtrr_ops(struct mtrr_ops *ops); | |
9817 | +extern void set_mtrr_ops(const struct mtrr_ops *ops); | |
9818 | ||
9819 | extern u64 size_or_mask, size_and_mask; | |
9820 | -extern struct mtrr_ops *mtrr_if; | |
9821 | +extern const struct mtrr_ops *mtrr_if; | |
9822 | ||
9823 | #define is_cpu(vnd) (mtrr_if && mtrr_if->vendor == X86_VENDOR_##vnd) | |
9824 | #define use_intel() (mtrr_if && mtrr_if->use_intel_if == 1) | |
9825 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/perfctr-watchdog.c linux-2.6.33.1/arch/x86/kernel/cpu/perfctr-watchdog.c | |
9826 | --- linux-2.6.33.1/arch/x86/kernel/cpu/perfctr-watchdog.c 2010-03-15 12:09:39.000000000 -0400 | |
9827 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/perfctr-watchdog.c 2010-03-20 16:58:38.996547732 -0400 | |
9828 | @@ -30,11 +30,11 @@ struct nmi_watchdog_ctlblk { | |
9829 | ||
9830 | /* Interface defining a CPU specific perfctr watchdog */ | |
9831 | struct wd_ops { | |
9832 | - int (*reserve)(void); | |
9833 | - void (*unreserve)(void); | |
9834 | - int (*setup)(unsigned nmi_hz); | |
9835 | - void (*rearm)(struct nmi_watchdog_ctlblk *wd, unsigned nmi_hz); | |
9836 | - void (*stop)(void); | |
9837 | + int (* const reserve)(void); | |
9838 | + void (* const unreserve)(void); | |
9839 | + int (* const setup)(unsigned nmi_hz); | |
9840 | + void (* const rearm)(struct nmi_watchdog_ctlblk *wd, unsigned nmi_hz); | |
9841 | + void (* const stop)(void); | |
9842 | unsigned perfctr; | |
9843 | unsigned evntsel; | |
9844 | u64 checkbit; | |
9845 | @@ -645,6 +645,7 @@ static const struct wd_ops p4_wd_ops = { | |
9846 | #define ARCH_PERFMON_NMI_EVENT_SEL ARCH_PERFMON_UNHALTED_CORE_CYCLES_SEL | |
9847 | #define ARCH_PERFMON_NMI_EVENT_UMASK ARCH_PERFMON_UNHALTED_CORE_CYCLES_UMASK | |
9848 | ||
9849 | +/* cannot be const */ | |
9850 | static struct wd_ops intel_arch_wd_ops; | |
9851 | ||
9852 | static int setup_intel_arch_watchdog(unsigned nmi_hz) | |
9853 | @@ -697,6 +698,7 @@ static int setup_intel_arch_watchdog(uns | |
9854 | return 1; | |
9855 | } | |
58c5fc13 | 9856 | |
ae4e228f MT |
9857 | +/* cannot be const */ |
9858 | static struct wd_ops intel_arch_wd_ops __read_mostly = { | |
9859 | .reserve = single_msr_reserve, | |
9860 | .unreserve = single_msr_unreserve, | |
9861 | diff -urNp linux-2.6.33.1/arch/x86/kernel/cpu/perf_event.c linux-2.6.33.1/arch/x86/kernel/cpu/perf_event.c | |
9862 | --- linux-2.6.33.1/arch/x86/kernel/cpu/perf_event.c 2010-03-15 12:09:39.000000000 -0400 | |
9863 | +++ linux-2.6.33.1/arch/x86/kernel/cpu/perf_event.c 2010-03-20 16:58:38.996547732 -0400 | |
9864 | @@ -2426,7 +2426,7 @@ perf_callchain_user(struct pt_regs *regs | |
9865 | break; | |
58c5fc13 | 9866 | |
ae4e228f MT |
9867 | callchain_store(entry, frame.return_address); |
9868 | - fp = frame.next_frame; | |
9869 | + fp = (__force const void __user *)frame.next_frame; | |
9870 | } | |
9871 | } | |
9872 | ||
9873 | diff -urNp linux-2.6.33.1/arch/x86/kernel/crash.c linux-2.6.33.1/arch/x86/kernel/crash.c | |
9874 | --- linux-2.6.33.1/arch/x86/kernel/crash.c 2010-03-15 12:09:39.000000000 -0400 | |
9875 | +++ linux-2.6.33.1/arch/x86/kernel/crash.c 2010-03-20 16:58:38.996547732 -0400 | |
9876 | @@ -41,7 +41,7 @@ static void kdump_nmi_callback(int cpu, | |
58c5fc13 MT |
9877 | regs = args->regs; |
9878 | ||
9879 | #ifdef CONFIG_X86_32 | |
9880 | - if (!user_mode_vm(regs)) { | |
9881 | + if (!user_mode(regs)) { | |
9882 | crash_fixup_ss_esp(&fixed_regs, regs); | |
9883 | regs = &fixed_regs; | |
9884 | } | |
ae4e228f MT |
9885 | diff -urNp linux-2.6.33.1/arch/x86/kernel/doublefault_32.c linux-2.6.33.1/arch/x86/kernel/doublefault_32.c |
9886 | --- linux-2.6.33.1/arch/x86/kernel/doublefault_32.c 2010-03-15 12:09:39.000000000 -0400 | |
9887 | +++ linux-2.6.33.1/arch/x86/kernel/doublefault_32.c 2010-03-20 16:58:38.996547732 -0400 | |
58c5fc13 MT |
9888 | @@ -11,7 +11,7 @@ |
9889 | ||
9890 | #define DOUBLEFAULT_STACKSIZE (1024) | |
9891 | static unsigned long doublefault_stack[DOUBLEFAULT_STACKSIZE]; | |
9892 | -#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE) | |
9893 | +#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE-2) | |
9894 | ||
9895 | #define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + MAXMEM) | |
9896 | ||
9897 | @@ -21,7 +21,7 @@ static void doublefault_fn(void) | |
9898 | unsigned long gdt, tss; | |
9899 | ||
9900 | store_gdt(&gdt_desc); | |
9901 | - gdt = gdt_desc.address; | |
9902 | + gdt = (unsigned long)gdt_desc.address; | |
9903 | ||
9904 | printk(KERN_EMERG "PANIC: double fault, gdt at %08lx [%d bytes]\n", gdt, gdt_desc.size); | |
9905 | ||
ae4e228f | 9906 | @@ -58,10 +58,10 @@ struct tss_struct doublefault_tss __cach |
58c5fc13 MT |
9907 | /* 0x2 bit is always set */ |
9908 | .flags = X86_EFLAGS_SF | 0x2, | |
9909 | .sp = STACK_START, | |
9910 | - .es = __USER_DS, | |
9911 | + .es = __KERNEL_DS, | |
9912 | .cs = __KERNEL_CS, | |
9913 | .ss = __KERNEL_DS, | |
9914 | - .ds = __USER_DS, | |
9915 | + .ds = __KERNEL_DS, | |
9916 | .fs = __KERNEL_PERCPU, | |
9917 | ||
9918 | .__cr3 = __pa_nodebug(swapper_pg_dir), | |
ae4e228f MT |
9919 | diff -urNp linux-2.6.33.1/arch/x86/kernel/dumpstack_32.c linux-2.6.33.1/arch/x86/kernel/dumpstack_32.c |
9920 | --- linux-2.6.33.1/arch/x86/kernel/dumpstack_32.c 2010-03-15 12:09:39.000000000 -0400 | |
9921 | +++ linux-2.6.33.1/arch/x86/kernel/dumpstack_32.c 2010-03-20 16:58:38.996547732 -0400 | |
9922 | @@ -112,11 +112,12 @@ void show_registers(struct pt_regs *regs | |
58c5fc13 MT |
9923 | * When in-kernel, we also print out the stack and code at the |
9924 | * time of the fault.. | |
9925 | */ | |
9926 | - if (!user_mode_vm(regs)) { | |
9927 | + if (!user_mode(regs)) { | |
9928 | unsigned int code_prologue = code_bytes * 43 / 64; | |
9929 | unsigned int code_len = code_bytes; | |
9930 | unsigned char c; | |
9931 | u8 *ip; | |
9932 | + unsigned long cs_base = get_desc_base(&get_cpu_gdt_table(smp_processor_id())[(0xffff & regs->cs) >> 3]); | |
9933 | ||
9934 | printk(KERN_EMERG "Stack:\n"); | |
9935 | show_stack_log_lvl(NULL, regs, ®s->sp, | |
ae4e228f | 9936 | @@ -124,10 +125,10 @@ void show_registers(struct pt_regs *regs |
58c5fc13 MT |
9937 | |
9938 | printk(KERN_EMERG "Code: "); | |
9939 | ||
9940 | - ip = (u8 *)regs->ip - code_prologue; | |
9941 | + ip = (u8 *)regs->ip - code_prologue + cs_base; | |
9942 | if (ip < (u8 *)PAGE_OFFSET || probe_kernel_address(ip, c)) { | |
9943 | /* try starting at IP */ | |
9944 | - ip = (u8 *)regs->ip; | |
9945 | + ip = (u8 *)regs->ip + cs_base; | |
9946 | code_len = code_len - code_prologue + 1; | |
9947 | } | |
9948 | for (i = 0; i < code_len; i++, ip++) { | |
ae4e228f | 9949 | @@ -136,7 +137,7 @@ void show_registers(struct pt_regs *regs |
58c5fc13 MT |
9950 | printk(" Bad EIP value."); |
9951 | break; | |
9952 | } | |
9953 | - if (ip == (u8 *)regs->ip) | |
9954 | + if (ip == (u8 *)regs->ip + cs_base) | |
9955 | printk("<%02x> ", c); | |
9956 | else | |
9957 | printk("%02x ", c); | |
ae4e228f | 9958 | @@ -149,6 +150,7 @@ int is_valid_bugaddr(unsigned long ip) |
58c5fc13 MT |
9959 | { |
9960 | unsigned short ud2; | |
9961 | ||
9962 | + ip = ktla_ktva(ip); | |
9963 | if (ip < PAGE_OFFSET) | |
9964 | return 0; | |
9965 | if (probe_kernel_address((unsigned short *)ip, ud2)) | |
ae4e228f MT |
9966 | diff -urNp linux-2.6.33.1/arch/x86/kernel/dumpstack.c linux-2.6.33.1/arch/x86/kernel/dumpstack.c |
9967 | --- linux-2.6.33.1/arch/x86/kernel/dumpstack.c 2010-03-15 12:09:39.000000000 -0400 | |
9968 | +++ linux-2.6.33.1/arch/x86/kernel/dumpstack.c 2010-03-20 16:58:38.996547732 -0400 | |
9969 | @@ -207,7 +207,7 @@ void dump_stack(void) | |
58c5fc13 MT |
9970 | #endif |
9971 | ||
9972 | printk("Pid: %d, comm: %.20s %s %s %.*s\n", | |
9973 | - current->pid, current->comm, print_tainted(), | |
9974 | + task_pid_nr(current), current->comm, print_tainted(), | |
9975 | init_utsname()->release, | |
9976 | (int)strcspn(init_utsname()->version, " "), | |
9977 | init_utsname()->version); | |
ae4e228f | 9978 | @@ -268,7 +268,7 @@ void __kprobes oops_end(unsigned long fl |
58c5fc13 MT |
9979 | panic("Fatal exception in interrupt"); |
9980 | if (panic_on_oops) | |
9981 | panic("Fatal exception"); | |
9982 | - do_exit(signr); | |
9983 | + do_group_exit(signr); | |
9984 | } | |
9985 | ||
9986 | int __kprobes __die(const char *str, struct pt_regs *regs, long err) | |
ae4e228f MT |
9987 | @@ -295,7 +295,7 @@ int __kprobes __die(const char *str, str |
9988 | ||
9989 | show_registers(regs); | |
9990 | #ifdef CONFIG_X86_32 | |
9991 | - if (user_mode_vm(regs)) { | |
9992 | + if (user_mode(regs)) { | |
9993 | sp = regs->sp; | |
9994 | ss = regs->ss & 0xffff; | |
9995 | } else { | |
9996 | @@ -323,7 +323,7 @@ void die(const char *str, struct pt_regs | |
58c5fc13 MT |
9997 | unsigned long flags = oops_begin(); |
9998 | int sig = SIGSEGV; | |
9999 | ||
10000 | - if (!user_mode_vm(regs)) | |
10001 | + if (!user_mode(regs)) | |
10002 | report_bug(regs->ip, regs); | |
10003 | ||
10004 | if (__die(str, regs, err)) | |
ae4e228f MT |
10005 | diff -urNp linux-2.6.33.1/arch/x86/kernel/e820.c linux-2.6.33.1/arch/x86/kernel/e820.c |
10006 | --- linux-2.6.33.1/arch/x86/kernel/e820.c 2010-03-15 12:09:39.000000000 -0400 | |
10007 | +++ linux-2.6.33.1/arch/x86/kernel/e820.c 2010-03-20 16:58:38.996547732 -0400 | |
10008 | @@ -28,6 +28,8 @@ | |
10009 | #include <asm/setup.h> | |
10010 | #include <asm/trampoline.h> | |
10011 | ||
10012 | +#include "acpi/realmode/wakeup.h" | |
10013 | + | |
10014 | /* | |
10015 | * The e820 map is the map that gets modified e.g. with command line parameters | |
10016 | * and that is also registered with modifications in the kernel resource tree | |
10017 | @@ -741,8 +743,7 @@ static struct early_res early_res[MAX_EA | |
10018 | */ | |
10019 | { PAGE_SIZE, PAGE_SIZE + PAGE_SIZE, "EX TRAMPOLINE", 1 }, | |
10020 | #endif | |
10021 | - | |
58c5fc13 | 10022 | - {} |
58c5fc13 MT |
10023 | + { 0, 0, {0}, 0 } |
10024 | }; | |
10025 | ||
10026 | static int __init find_overlapped_early(u64 start, u64 end) | |
ae4e228f MT |
10027 | diff -urNp linux-2.6.33.1/arch/x86/kernel/efi_32.c linux-2.6.33.1/arch/x86/kernel/efi_32.c |
10028 | --- linux-2.6.33.1/arch/x86/kernel/efi_32.c 2010-03-15 12:09:39.000000000 -0400 | |
10029 | +++ linux-2.6.33.1/arch/x86/kernel/efi_32.c 2010-03-20 16:58:38.996547732 -0400 | |
58c5fc13 MT |
10030 | @@ -38,70 +38,38 @@ |
10031 | */ | |
10032 | ||
10033 | static unsigned long efi_rt_eflags; | |
10034 | -static pgd_t efi_bak_pg_dir_pointer[2]; | |
10035 | +static pgd_t __initdata efi_bak_pg_dir_pointer[KERNEL_PGD_PTRS]; | |
10036 | ||
10037 | -void efi_call_phys_prelog(void) | |
10038 | +void __init efi_call_phys_prelog(void) | |
10039 | { | |
10040 | - unsigned long cr4; | |
10041 | - unsigned long temp; | |
10042 | struct desc_ptr gdt_descr; | |
10043 | ||
10044 | local_irq_save(efi_rt_eflags); | |
10045 | ||
10046 | - /* | |
10047 | - * If I don't have PAE, I should just duplicate two entries in page | |
10048 | - * directory. If I have PAE, I just need to duplicate one entry in | |
10049 | - * page directory. | |
10050 | - */ | |
10051 | - cr4 = read_cr4_safe(); | |
10052 | ||
10053 | - if (cr4 & X86_CR4_PAE) { | |
10054 | - efi_bak_pg_dir_pointer[0].pgd = | |
10055 | - swapper_pg_dir[pgd_index(0)].pgd; | |
10056 | - swapper_pg_dir[0].pgd = | |
10057 | - swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd; | |
10058 | - } else { | |
10059 | - efi_bak_pg_dir_pointer[0].pgd = | |
10060 | - swapper_pg_dir[pgd_index(0)].pgd; | |
10061 | - efi_bak_pg_dir_pointer[1].pgd = | |
10062 | - swapper_pg_dir[pgd_index(0x400000)].pgd; | |
10063 | - swapper_pg_dir[pgd_index(0)].pgd = | |
10064 | - swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd; | |
10065 | - temp = PAGE_OFFSET + 0x400000; | |
10066 | - swapper_pg_dir[pgd_index(0x400000)].pgd = | |
10067 | - swapper_pg_dir[pgd_index(temp)].pgd; | |
10068 | - } | |
10069 | + clone_pgd_range(efi_bak_pg_dir_pointer, swapper_pg_dir, KERNEL_PGD_PTRS); | |
10070 | + clone_pgd_range(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY, | |
10071 | + min_t(unsigned long, KERNEL_PGD_PTRS, KERNEL_PGD_BOUNDARY)); | |
10072 | ||
10073 | /* | |
10074 | * After the lock is released, the original page table is restored. | |
10075 | */ | |
10076 | __flush_tlb_all(); | |
10077 | ||
10078 | - gdt_descr.address = __pa(get_cpu_gdt_table(0)); | |
10079 | + gdt_descr.address = (struct desc_struct *)__pa(get_cpu_gdt_table(0)); | |
10080 | gdt_descr.size = GDT_SIZE - 1; | |
10081 | load_gdt(&gdt_descr); | |
10082 | } | |
10083 | ||
10084 | -void efi_call_phys_epilog(void) | |
10085 | +void __init efi_call_phys_epilog(void) | |
10086 | { | |
10087 | - unsigned long cr4; | |
10088 | struct desc_ptr gdt_descr; | |
10089 | ||
10090 | - gdt_descr.address = (unsigned long)get_cpu_gdt_table(0); | |
10091 | + gdt_descr.address = get_cpu_gdt_table(0); | |
10092 | gdt_descr.size = GDT_SIZE - 1; | |
10093 | load_gdt(&gdt_descr); | |
10094 | ||
10095 | - cr4 = read_cr4_safe(); | |
10096 | - | |
10097 | - if (cr4 & X86_CR4_PAE) { | |
10098 | - swapper_pg_dir[pgd_index(0)].pgd = | |
10099 | - efi_bak_pg_dir_pointer[0].pgd; | |
10100 | - } else { | |
10101 | - swapper_pg_dir[pgd_index(0)].pgd = | |
10102 | - efi_bak_pg_dir_pointer[0].pgd; | |
10103 | - swapper_pg_dir[pgd_index(0x400000)].pgd = | |
10104 | - efi_bak_pg_dir_pointer[1].pgd; | |
10105 | - } | |
10106 | + clone_pgd_range(swapper_pg_dir, efi_bak_pg_dir_pointer, KERNEL_PGD_PTRS); | |
10107 | ||
10108 | /* | |
10109 | * After the lock is released, the original page table is restored. | |
ae4e228f MT |
10110 | diff -urNp linux-2.6.33.1/arch/x86/kernel/efi_stub_32.S linux-2.6.33.1/arch/x86/kernel/efi_stub_32.S |
10111 | --- linux-2.6.33.1/arch/x86/kernel/efi_stub_32.S 2010-03-15 12:09:39.000000000 -0400 | |
10112 | +++ linux-2.6.33.1/arch/x86/kernel/efi_stub_32.S 2010-03-20 16:58:38.996547732 -0400 | |
58c5fc13 MT |
10113 | @@ -6,6 +6,7 @@ |
10114 | */ | |
10115 | ||
10116 | #include <linux/linkage.h> | |
10117 | +#include <linux/init.h> | |
10118 | #include <asm/page_types.h> | |
10119 | ||
10120 | /* | |
10121 | @@ -20,7 +21,7 @@ | |
10122 | * service functions will comply with gcc calling convention, too. | |
10123 | */ | |
10124 | ||
10125 | -.text | |
10126 | +__INIT | |
10127 | ENTRY(efi_call_phys) | |
10128 | /* | |
10129 | * 0. The function can only be called in Linux kernel. So CS has been | |
10130 | @@ -36,9 +37,7 @@ ENTRY(efi_call_phys) | |
10131 | * The mapping of lower virtual memory has been created in prelog and | |
10132 | * epilog. | |
10133 | */ | |
10134 | - movl $1f, %edx | |
10135 | - subl $__PAGE_OFFSET, %edx | |
10136 | - jmp *%edx | |
10137 | + jmp 1f-__PAGE_OFFSET | |
10138 | 1: | |
10139 | ||
10140 | /* | |
10141 | @@ -47,14 +46,8 @@ ENTRY(efi_call_phys) | |
10142 | * parameter 2, ..., param n. To make things easy, we save the return | |
10143 | * address of efi_call_phys in a global variable. | |
10144 | */ | |
10145 | - popl %edx | |
10146 | - movl %edx, saved_return_addr | |
10147 | - /* get the function pointer into ECX*/ | |
10148 | - popl %ecx | |
10149 | - movl %ecx, efi_rt_function_ptr | |
10150 | - movl $2f, %edx | |
10151 | - subl $__PAGE_OFFSET, %edx | |
10152 | - pushl %edx | |
10153 | + popl (saved_return_addr) | |
10154 | + popl (efi_rt_function_ptr) | |
10155 | ||
10156 | /* | |
10157 | * 3. Clear PG bit in %CR0. | |
10158 | @@ -73,9 +66,8 @@ ENTRY(efi_call_phys) | |
10159 | /* | |
10160 | * 5. Call the physical function. | |
10161 | */ | |
10162 | - jmp *%ecx | |
10163 | + call *(efi_rt_function_ptr-__PAGE_OFFSET) | |
10164 | ||
10165 | -2: | |
10166 | /* | |
10167 | * 6. After EFI runtime service returns, control will return to | |
10168 | * following instruction. We'd better readjust stack pointer first. | |
10169 | @@ -88,35 +80,28 @@ ENTRY(efi_call_phys) | |
10170 | movl %cr0, %edx | |
10171 | orl $0x80000000, %edx | |
10172 | movl %edx, %cr0 | |
10173 | - jmp 1f | |
10174 | -1: | |
10175 | + | |
10176 | /* | |
10177 | * 8. Now restore the virtual mode from flat mode by | |
10178 | * adding EIP with PAGE_OFFSET. | |
10179 | */ | |
10180 | - movl $1f, %edx | |
10181 | - jmp *%edx | |
10182 | + jmp 1f+__PAGE_OFFSET | |
10183 | 1: | |
10184 | ||
10185 | /* | |
10186 | * 9. Balance the stack. And because EAX contain the return value, | |
10187 | * we'd better not clobber it. | |
10188 | */ | |
10189 | - leal efi_rt_function_ptr, %edx | |
10190 | - movl (%edx), %ecx | |
10191 | - pushl %ecx | |
10192 | + pushl (efi_rt_function_ptr) | |
10193 | ||
10194 | /* | |
10195 | - * 10. Push the saved return address onto the stack and return. | |
10196 | + * 10. Return to the saved return address. | |
10197 | */ | |
10198 | - leal saved_return_addr, %edx | |
10199 | - movl (%edx), %ecx | |
10200 | - pushl %ecx | |
10201 | - ret | |
10202 | + jmpl *(saved_return_addr) | |
10203 | ENDPROC(efi_call_phys) | |
10204 | .previous | |
10205 | ||
10206 | -.data | |
10207 | +__INITDATA | |
10208 | saved_return_addr: | |
10209 | .long 0 | |
10210 | efi_rt_function_ptr: | |
ae4e228f MT |
10211 | diff -urNp linux-2.6.33.1/arch/x86/kernel/entry_32.S linux-2.6.33.1/arch/x86/kernel/entry_32.S |
10212 | --- linux-2.6.33.1/arch/x86/kernel/entry_32.S 2010-03-15 12:09:39.000000000 -0400 | |
10213 | +++ linux-2.6.33.1/arch/x86/kernel/entry_32.S 2010-03-20 16:58:39.000574964 -0400 | |
58c5fc13 MT |
10214 | @@ -191,7 +191,7 @@ |
10215 | ||
10216 | #endif /* CONFIG_X86_32_LAZY_GS */ | |
10217 | ||
10218 | -.macro SAVE_ALL | |
10219 | +.macro __SAVE_ALL _DS | |
10220 | cld | |
10221 | PUSH_GS | |
10222 | pushl %fs | |
10223 | @@ -224,7 +224,7 @@ | |
10224 | pushl %ebx | |
10225 | CFI_ADJUST_CFA_OFFSET 4 | |
10226 | CFI_REL_OFFSET ebx, 0 | |
10227 | - movl $(__USER_DS), %edx | |
10228 | + movl $\_DS, %edx | |
10229 | movl %edx, %ds | |
10230 | movl %edx, %es | |
10231 | movl $(__KERNEL_PERCPU), %edx | |
ae4e228f | 10232 | @@ -232,6 +232,15 @@ |
58c5fc13 MT |
10233 | SET_KERNEL_GS %edx |
10234 | .endm | |
10235 | ||
10236 | +.macro SAVE_ALL | |
ae4e228f | 10237 | +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 | 10238 | + __SAVE_ALL __KERNEL_DS |
ae4e228f | 10239 | + PAX_ENTER_KERNEL |
58c5fc13 MT |
10240 | +#else |
10241 | + __SAVE_ALL __USER_DS | |
10242 | +#endif | |
10243 | +.endm | |
10244 | + | |
10245 | .macro RESTORE_INT_REGS | |
10246 | popl %ebx | |
10247 | CFI_ADJUST_CFA_OFFSET -4 | |
ae4e228f | 10248 | @@ -356,7 +365,15 @@ check_userspace: |
58c5fc13 MT |
10249 | movb PT_CS(%esp), %al |
10250 | andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax | |
10251 | cmpl $USER_RPL, %eax | |
10252 | + | |
10253 | +#ifdef CONFIG_PAX_KERNEXEC | |
10254 | + jae resume_userspace | |
ae4e228f MT |
10255 | + |
10256 | + PAX_EXIT_KERNEL | |
58c5fc13 MT |
10257 | + jmp resume_kernel |
10258 | +#else | |
10259 | jb resume_kernel # not returning to v8086 or userspace | |
10260 | +#endif | |
10261 | ||
10262 | ENTRY(resume_userspace) | |
10263 | LOCKDEP_SYS_EXIT | |
ae4e228f | 10264 | @@ -422,10 +439,9 @@ sysenter_past_esp: |
58c5fc13 MT |
10265 | /*CFI_REL_OFFSET cs, 0*/ |
10266 | /* | |
10267 | * Push current_thread_info()->sysenter_return to the stack. | |
10268 | - * A tiny bit of offset fixup is necessary - 4*4 means the 4 words | |
10269 | - * pushed above; +8 corresponds to copy_thread's esp0 setting. | |
10270 | */ | |
10271 | - pushl (TI_sysenter_return-THREAD_SIZE+8+4*4)(%esp) | |
10272 | + GET_THREAD_INFO(%ebp) | |
10273 | + pushl TI_sysenter_return(%ebp) | |
10274 | CFI_ADJUST_CFA_OFFSET 4 | |
10275 | CFI_REL_OFFSET eip, 0 | |
10276 | ||
ae4e228f | 10277 | @@ -438,9 +454,19 @@ sysenter_past_esp: |
58c5fc13 MT |
10278 | * Load the potential sixth argument from user stack. |
10279 | * Careful about security. | |
10280 | */ | |
10281 | + movl PT_OLDESP(%esp),%ebp | |
10282 | + | |
10283 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | |
10284 | + mov PT_OLDSS(%esp),%ds | |
10285 | +1: movl %ds:(%ebp),%ebp | |
10286 | + push %ss | |
10287 | + pop %ds | |
10288 | +#else | |
10289 | cmpl $__PAGE_OFFSET-3,%ebp | |
10290 | jae syscall_fault | |
10291 | 1: movl (%ebp),%ebp | |
10292 | +#endif | |
10293 | + | |
10294 | movl %ebp,PT_EBP(%esp) | |
10295 | .section __ex_table,"a" | |
10296 | .align 4 | |
ae4e228f | 10297 | @@ -463,12 +489,23 @@ sysenter_do_call: |
58c5fc13 MT |
10298 | testl $_TIF_ALLWORK_MASK, %ecx |
10299 | jne sysexit_audit | |
10300 | sysenter_exit: | |
10301 | + | |
10302 | +#ifdef CONFIG_PAX_RANDKSTACK | |
10303 | + pushl %eax | |
10304 | + CFI_ADJUST_CFA_OFFSET 4 | |
10305 | + call pax_randomize_kstack | |
10306 | + popl %eax | |
10307 | + CFI_ADJUST_CFA_OFFSET -4 | |
10308 | +#endif | |
10309 | + | |
10310 | /* if something modifies registers it must also disable sysexit */ | |
10311 | movl PT_EIP(%esp), %edx | |
10312 | movl PT_OLDESP(%esp), %ecx | |
10313 | xorl %ebp,%ebp | |
10314 | TRACE_IRQS_ON | |
10315 | 1: mov PT_FS(%esp), %fs | |
10316 | +2: mov PT_DS(%esp), %ds | |
10317 | +3: mov PT_ES(%esp), %es | |
10318 | PTGS_TO_GS | |
10319 | ENABLE_INTERRUPTS_SYSEXIT | |
10320 | ||
ae4e228f | 10321 | @@ -512,11 +549,17 @@ sysexit_audit: |
58c5fc13 MT |
10322 | |
10323 | CFI_ENDPROC | |
10324 | .pushsection .fixup,"ax" | |
10325 | -2: movl $0,PT_FS(%esp) | |
10326 | +4: movl $0,PT_FS(%esp) | |
10327 | + jmp 1b | |
10328 | +5: movl $0,PT_DS(%esp) | |
10329 | + jmp 1b | |
10330 | +6: movl $0,PT_ES(%esp) | |
10331 | jmp 1b | |
10332 | .section __ex_table,"a" | |
10333 | .align 4 | |
10334 | - .long 1b,2b | |
10335 | + .long 1b,4b | |
10336 | + .long 2b,5b | |
10337 | + .long 3b,6b | |
10338 | .popsection | |
10339 | PTGS_TO_GS_EX | |
10340 | ENDPROC(ia32_sysenter_target) | |
ae4e228f | 10341 | @@ -550,6 +593,10 @@ syscall_exit: |
58c5fc13 MT |
10342 | testl $_TIF_ALLWORK_MASK, %ecx # current->work |
10343 | jne syscall_exit_work | |
10344 | ||
10345 | +#ifdef CONFIG_PAX_RANDKSTACK | |
10346 | + call pax_randomize_kstack | |
10347 | +#endif | |
10348 | + | |
10349 | restore_all: | |
10350 | TRACE_IRQS_IRET | |
10351 | restore_all_notrace: | |
ae4e228f | 10352 | @@ -614,7 +661,13 @@ ldt_ss: |
58c5fc13 MT |
10353 | mov PT_OLDESP(%esp), %eax /* load userspace esp */ |
10354 | mov %dx, %ax /* eax: new kernel esp */ | |
10355 | sub %eax, %edx /* offset (low word is 0) */ | |
10356 | - PER_CPU(gdt_page, %ebx) | |
10357 | +#ifdef CONFIG_SMP | |
10358 | + movl PER_CPU_VAR(cpu_number), %ebx | |
10359 | + shll $PAGE_SHIFT_asm, %ebx | |
10360 | + addl $cpu_gdt_table, %ebx | |
10361 | +#else | |
10362 | + movl $cpu_gdt_table, %ebx | |
10363 | +#endif | |
10364 | shr $16, %edx | |
10365 | mov %dl, GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx) /* bits 16..23 */ | |
10366 | mov %dh, GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx) /* bits 24..31 */ | |
ae4e228f | 10367 | @@ -654,25 +707,19 @@ work_resched: |
58c5fc13 MT |
10368 | |
10369 | work_notifysig: # deal with pending signals and | |
10370 | # notify-resume requests | |
10371 | + movl %esp, %eax | |
10372 | #ifdef CONFIG_VM86 | |
10373 | testl $X86_EFLAGS_VM, PT_EFLAGS(%esp) | |
10374 | - movl %esp, %eax | |
10375 | - jne work_notifysig_v86 # returning to kernel-space or | |
10376 | + jz 1f # returning to kernel-space or | |
10377 | # vm86-space | |
10378 | - xorl %edx, %edx | |
10379 | - call do_notify_resume | |
10380 | - jmp resume_userspace_sig | |
10381 | ||
10382 | - ALIGN | |
10383 | -work_notifysig_v86: | |
10384 | pushl %ecx # save ti_flags for do_notify_resume | |
10385 | CFI_ADJUST_CFA_OFFSET 4 | |
10386 | call save_v86_state # %eax contains pt_regs pointer | |
10387 | popl %ecx | |
10388 | CFI_ADJUST_CFA_OFFSET -4 | |
10389 | movl %eax, %esp | |
10390 | -#else | |
10391 | - movl %esp, %eax | |
10392 | +1: | |
10393 | #endif | |
10394 | xorl %edx, %edx | |
10395 | call do_notify_resume | |
ae4e228f | 10396 | @@ -707,6 +754,10 @@ END(syscall_exit_work) |
58c5fc13 MT |
10397 | |
10398 | RING0_INT_FRAME # can't unwind into user space anyway | |
10399 | syscall_fault: | |
10400 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | |
10401 | + push %ss | |
10402 | + pop %ds | |
10403 | +#endif | |
10404 | GET_THREAD_INFO(%ebp) | |
10405 | movl $-EFAULT,PT_EAX(%esp) | |
10406 | jmp resume_userspace | |
ae4e228f | 10407 | @@ -790,7 +841,13 @@ ptregs_clone: |
58c5fc13 MT |
10408 | * normal stack and adjusts ESP with the matching offset. |
10409 | */ | |
10410 | /* fixup the stack */ | |
10411 | - PER_CPU(gdt_page, %ebx) | |
10412 | +#ifdef CONFIG_SMP | |
10413 | + movl PER_CPU_VAR(cpu_number), %ebx | |
10414 | + shll $PAGE_SHIFT_asm, %ebx | |
10415 | + addl $cpu_gdt_table, %ebx | |
10416 | +#else | |
10417 | + movl $cpu_gdt_table, %ebx | |
10418 | +#endif | |
10419 | mov GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx), %al /* bits 16..23 */ | |
10420 | mov GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx), %ah /* bits 24..31 */ | |
10421 | shl $16, %eax | |
ae4e228f MT |
10422 | @@ -1254,7 +1311,6 @@ return_to_handler: |
10423 | jmp *%ecx | |
58c5fc13 MT |
10424 | #endif |
10425 | ||
10426 | -.section .rodata,"a" | |
10427 | #include "syscall_table_32.S" | |
10428 | ||
10429 | syscall_table_size=(.-sys_call_table) | |
ae4e228f | 10430 | @@ -1306,12 +1362,15 @@ error_code: |
58c5fc13 MT |
10431 | movl %ecx, %fs |
10432 | UNWIND_ESPFIX_STACK | |
10433 | GS_TO_REG %ecx | |
10434 | + | |
ae4e228f | 10435 | + PAX_ENTER_KERNEL |
58c5fc13 MT |
10436 | + |
10437 | movl PT_GS(%esp), %edi # get the function address | |
10438 | movl PT_ORIG_EAX(%esp), %edx # get the error code | |
10439 | movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart | |
10440 | REG_TO_PTGS %ecx | |
10441 | SET_KERNEL_GS %ecx | |
10442 | - movl $(__USER_DS), %ecx | |
10443 | + movl $(__KERNEL_DS), %ecx | |
10444 | movl %ecx, %ds | |
10445 | movl %ecx, %es | |
10446 | TRACE_IRQS_OFF | |
ae4e228f | 10447 | @@ -1407,6 +1466,9 @@ nmi_stack_correct: |
58c5fc13 MT |
10448 | xorl %edx,%edx # zero error code |
10449 | movl %esp,%eax # pt_regs pointer | |
10450 | call do_nmi | |
10451 | + | |
ae4e228f | 10452 | + PAX_EXIT_KERNEL |
58c5fc13 MT |
10453 | + |
10454 | jmp restore_all_notrace | |
10455 | CFI_ENDPROC | |
10456 | ||
ae4e228f | 10457 | @@ -1447,6 +1509,9 @@ nmi_espfix_stack: |
58c5fc13 MT |
10458 | FIXUP_ESPFIX_STACK # %eax == %esp |
10459 | xorl %edx,%edx # zero error code | |
10460 | call do_nmi | |
10461 | + | |
ae4e228f | 10462 | + PAX_EXIT_KERNEL |
58c5fc13 MT |
10463 | + |
10464 | RESTORE_REGS | |
10465 | lss 12+4(%esp), %esp # back to espfix stack | |
10466 | CFI_ADJUST_CFA_OFFSET -24 | |
ae4e228f MT |
10467 | diff -urNp linux-2.6.33.1/arch/x86/kernel/entry_64.S linux-2.6.33.1/arch/x86/kernel/entry_64.S |
10468 | --- linux-2.6.33.1/arch/x86/kernel/entry_64.S 2010-03-15 12:09:39.000000000 -0400 | |
10469 | +++ linux-2.6.33.1/arch/x86/kernel/entry_64.S 2010-03-20 16:58:39.000574964 -0400 | |
10470 | @@ -53,6 +53,7 @@ | |
10471 | #include <asm/paravirt.h> | |
10472 | #include <asm/ftrace.h> | |
10473 | #include <asm/percpu.h> | |
10474 | +#include <asm/pgtable.h> | |
10475 | ||
10476 | /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ | |
10477 | #include <linux/elf-em.h> | |
10478 | @@ -800,6 +801,7 @@ END(interrupt) | |
10479 | CFI_ADJUST_CFA_OFFSET 10*8 | |
10480 | call save_args | |
10481 | PARTIAL_FRAME 0 | |
10482 | + PAX_ENTER_KERNEL | |
10483 | call \func | |
10484 | .endm | |
10485 | ||
10486 | @@ -825,6 +827,7 @@ ret_from_intr: | |
10487 | CFI_DEF_CFA_REGISTER rsp | |
10488 | CFI_ADJUST_CFA_OFFSET -8 | |
10489 | exit_intr: | |
10490 | + PAX_EXIT_KERNEL | |
10491 | GET_THREAD_INFO(%rcx) | |
10492 | testl $3,CS-ARGOFFSET(%rsp) | |
10493 | je retint_kernel | |
10494 | @@ -1040,6 +1043,7 @@ ENTRY(\sym) | |
10495 | CFI_ADJUST_CFA_OFFSET 15*8 | |
10496 | call error_entry | |
10497 | DEFAULT_FRAME 0 | |
10498 | + PAX_ENTER_KERNEL | |
10499 | movq %rsp,%rdi /* pt_regs pointer */ | |
10500 | xorl %esi,%esi /* no error code */ | |
10501 | call \do_sym | |
10502 | @@ -1057,6 +1061,7 @@ ENTRY(\sym) | |
10503 | subq $15*8, %rsp | |
10504 | call save_paranoid | |
10505 | TRACE_IRQS_OFF | |
10506 | + PAX_ENTER_KERNEL | |
10507 | movq %rsp,%rdi /* pt_regs pointer */ | |
10508 | xorl %esi,%esi /* no error code */ | |
10509 | call \do_sym | |
10510 | @@ -1074,9 +1079,15 @@ ENTRY(\sym) | |
10511 | subq $15*8, %rsp | |
10512 | call save_paranoid | |
58c5fc13 | 10513 | TRACE_IRQS_OFF |
ae4e228f | 10514 | + PAX_ENTER_KERNEL |
58c5fc13 MT |
10515 | movq %rsp,%rdi /* pt_regs pointer */ |
10516 | xorl %esi,%esi /* no error code */ | |
ae4e228f | 10517 | - PER_CPU(init_tss, %r12) |
58c5fc13 | 10518 | +#ifdef CONFIG_SMP |
ae4e228f MT |
10519 | + imul $TSS_size, PER_CPU_VAR(cpu_number), %r12d |
10520 | + lea init_tss(%r12), %r12 | |
58c5fc13 | 10521 | +#else |
ae4e228f | 10522 | + lea init_tss(%rip), %r12 |
58c5fc13 | 10523 | +#endif |
ae4e228f | 10524 | subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%r12) |
58c5fc13 | 10525 | call \do_sym |
ae4e228f MT |
10526 | addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%r12) |
10527 | @@ -1093,6 +1104,7 @@ ENTRY(\sym) | |
10528 | CFI_ADJUST_CFA_OFFSET 15*8 | |
10529 | call error_entry | |
10530 | DEFAULT_FRAME 0 | |
10531 | + PAX_ENTER_KERNEL | |
10532 | movq %rsp,%rdi /* pt_regs pointer */ | |
10533 | movq ORIG_RAX(%rsp),%rsi /* get error code */ | |
10534 | movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ | |
10535 | @@ -1112,6 +1124,7 @@ ENTRY(\sym) | |
10536 | call save_paranoid | |
10537 | DEFAULT_FRAME 0 | |
10538 | TRACE_IRQS_OFF | |
10539 | + PAX_ENTER_KERNEL | |
10540 | movq %rsp,%rdi /* pt_regs pointer */ | |
10541 | movq ORIG_RAX(%rsp),%rsi /* get error code */ | |
10542 | movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ | |
10543 | @@ -1373,11 +1386,13 @@ ENTRY(paranoid_exit) | |
10544 | testl $3,CS(%rsp) | |
10545 | jnz paranoid_userspace | |
10546 | paranoid_swapgs: | |
10547 | + PAX_EXIT_KERNEL | |
10548 | TRACE_IRQS_IRETQ 0 | |
10549 | SWAPGS_UNSAFE_STACK | |
10550 | RESTORE_ALL 8 | |
10551 | jmp irq_return | |
10552 | paranoid_restore: | |
10553 | + PAX_EXIT_KERNEL | |
10554 | TRACE_IRQS_IRETQ 0 | |
10555 | RESTORE_ALL 8 | |
10556 | jmp irq_return | |
10557 | @@ -1499,6 +1514,7 @@ ENTRY(nmi) | |
10558 | CFI_ADJUST_CFA_OFFSET 15*8 | |
10559 | call save_paranoid | |
10560 | DEFAULT_FRAME 0 | |
10561 | + PAX_ENTER_KERNEL | |
10562 | /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ | |
10563 | movq %rsp,%rdi | |
10564 | movq $-1,%rsi | |
10565 | @@ -1514,6 +1530,7 @@ ENTRY(nmi) | |
10566 | nmi_swapgs: | |
10567 | SWAPGS_UNSAFE_STACK | |
10568 | nmi_restore: | |
10569 | + PAX_EXIT_KERNEL | |
10570 | RESTORE_ALL 8 | |
10571 | jmp irq_return | |
10572 | nmi_userspace: | |
10573 | diff -urNp linux-2.6.33.1/arch/x86/kernel/ftrace.c linux-2.6.33.1/arch/x86/kernel/ftrace.c | |
10574 | --- linux-2.6.33.1/arch/x86/kernel/ftrace.c 2010-03-15 12:09:39.000000000 -0400 | |
10575 | +++ linux-2.6.33.1/arch/x86/kernel/ftrace.c 2010-03-20 16:58:39.000574964 -0400 | |
10576 | @@ -151,7 +151,9 @@ void ftrace_nmi_enter(void) | |
10577 | { | |
10578 | if (atomic_inc_return(&nmi_running) & MOD_CODE_WRITE_FLAG) { | |
10579 | smp_rmb(); | |
10580 | + pax_open_kernel(); | |
10581 | ftrace_mod_code(); | |
10582 | + pax_close_kernel(); | |
10583 | atomic_inc(&nmi_update_count); | |
10584 | } | |
10585 | /* Must have previous changes seen before executions */ | |
10586 | @@ -234,7 +236,7 @@ do_ftrace_mod_code(unsigned long ip, voi | |
10587 | ||
10588 | ||
10589 | ||
10590 | -static unsigned char ftrace_nop[MCOUNT_INSN_SIZE]; | |
10591 | +static unsigned char ftrace_nop[MCOUNT_INSN_SIZE] __read_only; | |
10592 | ||
10593 | static unsigned char *ftrace_nop_replace(void) | |
10594 | { | |
10595 | @@ -247,6 +249,8 @@ ftrace_modify_code(unsigned long ip, uns | |
10596 | { | |
10597 | unsigned char replaced[MCOUNT_INSN_SIZE]; | |
10598 | ||
10599 | + ip = ktla_ktva(ip); | |
10600 | + | |
10601 | /* | |
10602 | * Note: Due to modules and __init, code can | |
10603 | * disappear and change, we need to protect against faulting | |
10604 | @@ -303,7 +307,7 @@ int ftrace_update_ftrace_func(ftrace_fun | |
58c5fc13 MT |
10605 | unsigned char old[MCOUNT_INSN_SIZE], *new; |
10606 | int ret; | |
10607 | ||
10608 | - memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE); | |
10609 | + memcpy(old, (void *)ktla_ktva((unsigned long)ftrace_call), MCOUNT_INSN_SIZE); | |
10610 | new = ftrace_call_replace(ip, (unsigned long)func); | |
ae4e228f MT |
10611 | ret = ftrace_modify_code(ip, old, new); |
10612 | ||
10613 | @@ -356,15 +360,15 @@ int __init ftrace_dyn_arch_init(void *da | |
10614 | switch (faulted) { | |
10615 | case 0: | |
10616 | pr_info("converting mcount calls to 0f 1f 44 00 00\n"); | |
10617 | - memcpy(ftrace_nop, ftrace_test_p6nop, MCOUNT_INSN_SIZE); | |
10618 | + memcpy(ftrace_nop, ktla_ktva(ftrace_test_p6nop), MCOUNT_INSN_SIZE); | |
10619 | break; | |
10620 | case 1: | |
10621 | pr_info("converting mcount calls to 66 66 66 66 90\n"); | |
10622 | - memcpy(ftrace_nop, ftrace_test_nop5, MCOUNT_INSN_SIZE); | |
10623 | + memcpy(ftrace_nop, ktla_ktva(ftrace_test_nop5), MCOUNT_INSN_SIZE); | |
10624 | break; | |
10625 | case 2: | |
10626 | pr_info("converting mcount calls to jmp . + 5\n"); | |
10627 | - memcpy(ftrace_nop, ftrace_test_jmp, MCOUNT_INSN_SIZE); | |
10628 | + memcpy(ftrace_nop, ktla_ktva(ftrace_test_jmp), MCOUNT_INSN_SIZE); | |
10629 | break; | |
10630 | } | |
58c5fc13 | 10631 | |
ae4e228f MT |
10632 | @@ -385,6 +389,8 @@ static int ftrace_mod_jmp(unsigned long |
10633 | { | |
10634 | unsigned char code[MCOUNT_INSN_SIZE]; | |
10635 | ||
10636 | + ip = ktla_ktva(ip); | |
10637 | + | |
10638 | if (probe_kernel_read(code, (void *)ip, MCOUNT_INSN_SIZE)) | |
10639 | return -EFAULT; | |
10640 | ||
10641 | diff -urNp linux-2.6.33.1/arch/x86/kernel/head32.c linux-2.6.33.1/arch/x86/kernel/head32.c | |
10642 | --- linux-2.6.33.1/arch/x86/kernel/head32.c 2010-03-15 12:09:39.000000000 -0400 | |
10643 | +++ linux-2.6.33.1/arch/x86/kernel/head32.c 2010-03-20 16:58:39.000574964 -0400 | |
10644 | @@ -16,6 +16,7 @@ | |
10645 | #include <asm/apic.h> | |
10646 | #include <asm/io_apic.h> | |
58c5fc13 | 10647 | #include <asm/bios_ebda.h> |
58c5fc13 MT |
10648 | +#include <asm/boot.h> |
10649 | ||
ae4e228f | 10650 | static void __init i386_default_early_setup(void) |
58c5fc13 | 10651 | { |
ae4e228f | 10652 | @@ -29,7 +30,7 @@ static void __init i386_default_early_se |
58c5fc13 | 10653 | |
ae4e228f MT |
10654 | void __init i386_start_kernel(void) |
10655 | { | |
58c5fc13 MT |
10656 | - reserve_early(__pa_symbol(&_text), __pa_symbol(&__bss_stop), "TEXT DATA BSS"); |
10657 | + reserve_early(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop), "TEXT DATA BSS"); | |
10658 | ||
10659 | #ifdef CONFIG_BLK_DEV_INITRD | |
10660 | /* Reserve INITRD */ | |
ae4e228f MT |
10661 | diff -urNp linux-2.6.33.1/arch/x86/kernel/head_32.S linux-2.6.33.1/arch/x86/kernel/head_32.S |
10662 | --- linux-2.6.33.1/arch/x86/kernel/head_32.S 2010-03-15 12:09:39.000000000 -0400 | |
10663 | +++ linux-2.6.33.1/arch/x86/kernel/head_32.S 2010-03-20 16:58:39.000574964 -0400 | |
10664 | @@ -21,10 +21,17 @@ | |
10665 | #include <asm/msr-index.h> | |
10666 | #include <asm/cpufeature.h> | |
58c5fc13 MT |
10667 | #include <asm/percpu.h> |
10668 | +#include <asm/msr-index.h> | |
10669 | ||
10670 | /* Physical address */ | |
10671 | #define pa(X) ((X) - __PAGE_OFFSET) | |
ae4e228f MT |
10672 | |
10673 | +#ifdef CONFIG_PAX_KERNEXEC | |
10674 | +#define ta(X) (X) | |
10675 | +#else | |
10676 | +#define ta(X) ((X) - __PAGE_OFFSET) | |
10677 | +#endif | |
10678 | + | |
10679 | /* | |
10680 | * References to members of the new_cpu_data structure. | |
10681 | */ | |
10682 | @@ -54,11 +61,7 @@ | |
58c5fc13 MT |
10683 | * and small than max_low_pfn, otherwise will waste some page table entries |
10684 | */ | |
10685 | ||
10686 | -#if PTRS_PER_PMD > 1 | |
10687 | -#define PAGE_TABLE_SIZE(pages) (((pages) / PTRS_PER_PMD) + PTRS_PER_PGD) | |
10688 | -#else | |
10689 | -#define PAGE_TABLE_SIZE(pages) ((pages) / PTRS_PER_PGD) | |
10690 | -#endif | |
10691 | +#define PAGE_TABLE_SIZE(pages) ((pages) / PTRS_PER_PTE) | |
10692 | ||
10693 | /* Enough space to fit pagetables for the low memory linear map */ | |
10694 | MAPPING_BEYOND_END = \ | |
ae4e228f | 10695 | @@ -75,6 +78,12 @@ INIT_MAP_SIZE = PAGE_TABLE_SIZE(KERNEL_P |
58c5fc13 MT |
10696 | RESERVE_BRK(pagetables, INIT_MAP_SIZE) |
10697 | ||
10698 | /* | |
10699 | + * Real beginning of normal "text" segment | |
10700 | + */ | |
10701 | +ENTRY(stext) | |
10702 | +ENTRY(_stext) | |
10703 | + | |
10704 | +/* | |
10705 | * 32-bit kernel entrypoint; only used by the boot CPU. On entry, | |
10706 | * %esi points to the real-mode code as a 32-bit pointer. | |
10707 | * CS and DS must be 4 GB flat segments, but we don't depend on | |
ae4e228f | 10708 | @@ -82,6 +91,13 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE) |
58c5fc13 MT |
10709 | * can. |
10710 | */ | |
ae4e228f | 10711 | __HEAD |
58c5fc13 MT |
10712 | + |
10713 | +#ifdef CONFIG_PAX_KERNEXEC | |
10714 | + jmp startup_32 | |
10715 | +/* PaX: fill first page in .text with int3 to catch NULL derefs in kernel mode */ | |
10716 | +.fill PAGE_SIZE-5,1,0xcc | |
10717 | +#endif | |
10718 | + | |
10719 | ENTRY(startup_32) | |
10720 | /* test KEEP_SEGMENTS flag to see if the bootloader is asking | |
10721 | us to not reload segments */ | |
ae4e228f | 10722 | @@ -99,6 +115,55 @@ ENTRY(startup_32) |
58c5fc13 MT |
10723 | movl %eax,%gs |
10724 | 2: | |
10725 | ||
10726 | +#ifdef CONFIG_SMP | |
10727 | + movl $pa(cpu_gdt_table),%edi | |
10728 | + movl $__per_cpu_load,%eax | |
10729 | + movw %ax,__KERNEL_PERCPU + 2(%edi) | |
10730 | + rorl $16,%eax | |
10731 | + movb %al,__KERNEL_PERCPU + 4(%edi) | |
10732 | + movb %ah,__KERNEL_PERCPU + 7(%edi) | |
10733 | + movl $__per_cpu_end - 1,%eax | |
ae4e228f | 10734 | + subl $__per_cpu_start,%eax |
58c5fc13 MT |
10735 | + movw %ax,__KERNEL_PERCPU + 0(%edi) |
10736 | +#endif | |
10737 | + | |
10738 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | |
10739 | + movl $NR_CPUS,%ecx | |
10740 | + movl $pa(cpu_gdt_table),%edi | |
10741 | +1: | |
10742 | + movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c09700),GDT_ENTRY_KERNEL_DS * 8 + 4(%edi) | |
10743 | + addl $PAGE_SIZE_asm,%edi | |
10744 | + loop 1b | |
10745 | +#endif | |
10746 | + | |
10747 | +#ifdef CONFIG_PAX_KERNEXEC | |
10748 | + movl $pa(boot_gdt),%edi | |
ae4e228f | 10749 | + movl $__LOAD_PHYSICAL_ADDR,%eax |
58c5fc13 MT |
10750 | + movw %ax,__BOOT_CS + 2(%edi) |
10751 | + rorl $16,%eax | |
10752 | + movb %al,__BOOT_CS + 4(%edi) | |
10753 | + movb %ah,__BOOT_CS + 7(%edi) | |
10754 | + rorl $16,%eax | |
10755 | + | |
ae4e228f MT |
10756 | + ljmp $(__BOOT_CS),$1f |
10757 | +1: | |
10758 | + | |
58c5fc13 MT |
10759 | + movl $NR_CPUS,%ecx |
10760 | + movl $pa(cpu_gdt_table),%edi | |
ae4e228f | 10761 | + addl $__PAGE_OFFSET,%eax |
58c5fc13 MT |
10762 | +1: |
10763 | + movw %ax,__KERNEL_CS + 2(%edi) | |
ae4e228f | 10764 | + movw %ax,__KERNEXEC_KERNEL_CS + 2(%edi) |
58c5fc13 MT |
10765 | + rorl $16,%eax |
10766 | + movb %al,__KERNEL_CS + 4(%edi) | |
ae4e228f | 10767 | + movb %al,__KERNEXEC_KERNEL_CS + 4(%edi) |
58c5fc13 | 10768 | + movb %ah,__KERNEL_CS + 7(%edi) |
ae4e228f | 10769 | + movb %ah,__KERNEXEC_KERNEL_CS + 7(%edi) |
58c5fc13 MT |
10770 | + rorl $16,%eax |
10771 | + addl $PAGE_SIZE_asm,%edi | |
10772 | + loop 1b | |
10773 | +#endif | |
10774 | + | |
10775 | /* | |
10776 | * Clear BSS first so that there are no surprises... | |
10777 | */ | |
ae4e228f | 10778 | @@ -142,9 +207,7 @@ ENTRY(startup_32) |
58c5fc13 MT |
10779 | cmpl $num_subarch_entries, %eax |
10780 | jae bad_subarch | |
10781 | ||
10782 | - movl pa(subarch_entries)(,%eax,4), %eax | |
10783 | - subl $__PAGE_OFFSET, %eax | |
10784 | - jmp *%eax | |
10785 | + jmp *pa(subarch_entries)(,%eax,4) | |
10786 | ||
10787 | bad_subarch: | |
10788 | WEAK(lguest_entry) | |
ae4e228f | 10789 | @@ -156,10 +219,10 @@ WEAK(xen_entry) |
58c5fc13 MT |
10790 | __INITDATA |
10791 | ||
10792 | subarch_entries: | |
10793 | - .long default_entry /* normal x86/PC */ | |
10794 | - .long lguest_entry /* lguest hypervisor */ | |
10795 | - .long xen_entry /* Xen hypervisor */ | |
ae4e228f MT |
10796 | - .long default_entry /* Moorestown MID */ |
10797 | + .long ta(default_entry) /* normal x86/PC */ | |
10798 | + .long ta(lguest_entry) /* lguest hypervisor */ | |
10799 | + .long ta(xen_entry) /* Xen hypervisor */ | |
10800 | + .long ta(default_entry) /* Moorestown MID */ | |
58c5fc13 MT |
10801 | num_subarch_entries = (. - subarch_entries) / 4 |
10802 | .previous | |
10803 | #endif /* CONFIG_PARAVIRT */ | |
ae4e228f | 10804 | @@ -220,8 +283,11 @@ default_entry: |
58c5fc13 MT |
10805 | movl %eax, pa(max_pfn_mapped) |
10806 | ||
10807 | /* Do early initialization of the fixmap area */ | |
10808 | - movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax | |
10809 | - movl %eax,pa(swapper_pg_pmd+0x1000*KPMDS-8) | |
10810 | +#ifdef CONFIG_COMPAT_VDSO | |
10811 | + movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_pmd+0x1000*KPMDS-8) | |
10812 | +#else | |
10813 | + movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-8) | |
10814 | +#endif | |
10815 | #else /* Not PAE */ | |
10816 | ||
10817 | page_pde_offset = (__PAGE_OFFSET >> 20); | |
ae4e228f | 10818 | @@ -251,8 +317,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20); |
58c5fc13 MT |
10819 | movl %eax, pa(max_pfn_mapped) |
10820 | ||
10821 | /* Do early initialization of the fixmap area */ | |
10822 | - movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax | |
10823 | - movl %eax,pa(swapper_pg_dir+0xffc) | |
10824 | +#ifdef CONFIG_COMPAT_VDSO | |
10825 | + movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_dir+0xffc) | |
10826 | +#else | |
10827 | + movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xffc) | |
10828 | +#endif | |
10829 | #endif | |
10830 | jmp 3f | |
10831 | /* | |
ae4e228f | 10832 | @@ -299,6 +368,7 @@ ENTRY(startup_32_smp) |
58c5fc13 MT |
10833 | orl %edx,%eax |
10834 | movl %eax,%cr4 | |
10835 | ||
10836 | +#ifdef CONFIG_X86_PAE | |
ae4e228f MT |
10837 | testb $X86_CR4_PAE, %al # check if PAE is enabled |
10838 | jz 6f | |
58c5fc13 | 10839 | |
ae4e228f | 10840 | @@ -323,6 +393,9 @@ ENTRY(startup_32_smp) |
58c5fc13 MT |
10841 | /* Make changes effective */ |
10842 | wrmsr | |
10843 | ||
10844 | + btsl $_PAGE_BIT_NX-32,pa(__supported_pte_mask+4) | |
58c5fc13 | 10845 | +#endif |
ae4e228f | 10846 | + |
58c5fc13 MT |
10847 | 6: |
10848 | ||
10849 | /* | |
ae4e228f | 10850 | @@ -348,9 +421,7 @@ ENTRY(startup_32_smp) |
58c5fc13 MT |
10851 | |
10852 | #ifdef CONFIG_SMP | |
10853 | cmpb $0, ready | |
10854 | - jz 1f /* Initial CPU cleans BSS */ | |
10855 | - jmp checkCPUtype | |
10856 | -1: | |
10857 | + jnz checkCPUtype /* Initial CPU cleans BSS */ | |
10858 | #endif /* CONFIG_SMP */ | |
10859 | ||
10860 | /* | |
ae4e228f | 10861 | @@ -428,7 +499,7 @@ is386: movl $2,%ecx # set MP |
58c5fc13 MT |
10862 | 1: movl $(__KERNEL_DS),%eax # reload all the segment registers |
10863 | movl %eax,%ss # after changing gdt. | |
10864 | ||
10865 | - movl $(__USER_DS),%eax # DS/ES contains default USER segment | |
10866 | +# movl $(__KERNEL_DS),%eax # DS/ES contains default KERNEL segment | |
10867 | movl %eax,%ds | |
10868 | movl %eax,%es | |
10869 | ||
ae4e228f | 10870 | @@ -442,8 +513,11 @@ is386: movl $2,%ecx # set MP |
58c5fc13 MT |
10871 | */ |
10872 | cmpb $0,ready | |
10873 | jne 1f | |
10874 | - movl $per_cpu__gdt_page,%eax | |
10875 | + movl $cpu_gdt_table,%eax | |
10876 | movl $per_cpu__stack_canary,%ecx | |
10877 | +#ifdef CONFIG_SMP | |
10878 | + addl $__per_cpu_load,%ecx | |
10879 | +#endif | |
10880 | movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax) | |
10881 | shrl $16, %ecx | |
10882 | movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax) | |
ae4e228f | 10883 | @@ -461,10 +535,6 @@ is386: movl $2,%ecx # set MP |
58c5fc13 MT |
10884 | #ifdef CONFIG_SMP |
10885 | movb ready, %cl | |
10886 | movb $1, ready | |
10887 | - cmpb $0,%cl # the first CPU calls start_kernel | |
10888 | - je 1f | |
10889 | - movl (stack_start), %esp | |
10890 | -1: | |
10891 | #endif /* CONFIG_SMP */ | |
10892 | jmp *(initial_code) | |
10893 | ||
ae4e228f | 10894 | @@ -550,22 +620,22 @@ early_page_fault: |
58c5fc13 MT |
10895 | jmp early_fault |
10896 | ||
10897 | early_fault: | |
10898 | - cld | |
10899 | #ifdef CONFIG_PRINTK | |
10900 | + cmpl $1,%ss:early_recursion_flag | |
10901 | + je hlt_loop | |
10902 | + incl %ss:early_recursion_flag | |
10903 | + cld | |
10904 | pusha | |
10905 | movl $(__KERNEL_DS),%eax | |
10906 | movl %eax,%ds | |
10907 | movl %eax,%es | |
10908 | - cmpl $2,early_recursion_flag | |
10909 | - je hlt_loop | |
10910 | - incl early_recursion_flag | |
10911 | movl %cr2,%eax | |
10912 | pushl %eax | |
10913 | pushl %edx /* trapno */ | |
10914 | pushl $fault_msg | |
10915 | call printk | |
10916 | +; call dump_stack | |
10917 | #endif | |
10918 | - call dump_stack | |
10919 | hlt_loop: | |
10920 | hlt | |
10921 | jmp hlt_loop | |
ae4e228f | 10922 | @@ -573,8 +643,11 @@ hlt_loop: |
58c5fc13 MT |
10923 | /* This is the default interrupt "handler" :-) */ |
10924 | ALIGN | |
10925 | ignore_int: | |
10926 | - cld | |
10927 | #ifdef CONFIG_PRINTK | |
10928 | + cmpl $2,%ss:early_recursion_flag | |
10929 | + je hlt_loop | |
10930 | + incl %ss:early_recursion_flag | |
10931 | + cld | |
10932 | pushl %eax | |
10933 | pushl %ecx | |
10934 | pushl %edx | |
ae4e228f | 10935 | @@ -583,9 +656,6 @@ ignore_int: |
58c5fc13 MT |
10936 | movl $(__KERNEL_DS),%eax |
10937 | movl %eax,%ds | |
10938 | movl %eax,%es | |
10939 | - cmpl $2,early_recursion_flag | |
10940 | - je hlt_loop | |
10941 | - incl early_recursion_flag | |
10942 | pushl 16(%esp) | |
10943 | pushl 24(%esp) | |
10944 | pushl 32(%esp) | |
ae4e228f | 10945 | @@ -612,27 +682,37 @@ ENTRY(initial_code) |
58c5fc13 MT |
10946 | /* |
10947 | * BSS section | |
10948 | */ | |
ae4e228f | 10949 | -__PAGE_ALIGNED_BSS |
58c5fc13 MT |
10950 | - .align PAGE_SIZE_asm |
10951 | #ifdef CONFIG_X86_PAE | |
10952 | +.section .swapper_pg_pmd,"a",@progbits | |
10953 | swapper_pg_pmd: | |
10954 | .fill 1024*KPMDS,4,0 | |
10955 | #else | |
10956 | +.section .swapper_pg_dir,"a",@progbits | |
10957 | ENTRY(swapper_pg_dir) | |
10958 | .fill 1024,4,0 | |
10959 | #endif | |
10960 | + | |
10961 | swapper_pg_fixmap: | |
10962 | .fill 1024,4,0 | |
10963 | + | |
10964 | +.section .empty_zero_page,"a",@progbits | |
10965 | ENTRY(empty_zero_page) | |
10966 | .fill 4096,1,0 | |
10967 | ||
10968 | /* | |
10969 | + * The IDT has to be page-aligned to simplify the Pentium | |
10970 | + * F0 0F bug workaround.. We have a special link segment | |
10971 | + * for this. | |
10972 | + */ | |
10973 | +.section .idt,"a",@progbits | |
10974 | +ENTRY(idt_table) | |
10975 | + .fill 256,8,0 | |
10976 | + | |
10977 | +/* | |
10978 | * This starts the data section. | |
10979 | */ | |
10980 | #ifdef CONFIG_X86_PAE | |
ae4e228f | 10981 | -__PAGE_ALIGNED_DATA |
58c5fc13 MT |
10982 | - /* Page-aligned for the benefit of paravirt? */ |
10983 | - .align PAGE_SIZE_asm | |
10984 | +.section .swapper_pg_dir,"a",@progbits | |
10985 | ENTRY(swapper_pg_dir) | |
10986 | .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */ | |
10987 | # if KPMDS == 3 | |
ae4e228f | 10988 | @@ -655,11 +735,12 @@ ENTRY(swapper_pg_dir) |
58c5fc13 MT |
10989 | |
10990 | .data | |
10991 | ENTRY(stack_start) | |
10992 | - .long init_thread_union+THREAD_SIZE | |
10993 | + .long init_thread_union+THREAD_SIZE-8 | |
10994 | .long __BOOT_DS | |
10995 | ||
10996 | ready: .byte 0 | |
10997 | ||
10998 | +.section .rodata,"a",@progbits | |
10999 | early_recursion_flag: | |
11000 | .long 0 | |
11001 | ||
ae4e228f | 11002 | @@ -695,7 +776,7 @@ fault_msg: |
58c5fc13 MT |
11003 | .word 0 # 32 bit align gdt_desc.address |
11004 | boot_gdt_descr: | |
11005 | .word __BOOT_DS+7 | |
11006 | - .long boot_gdt - __PAGE_OFFSET | |
11007 | + .long pa(boot_gdt) | |
11008 | ||
11009 | .word 0 # 32-bit align idt_desc.address | |
11010 | idt_descr: | |
ae4e228f | 11011 | @@ -706,7 +787,7 @@ idt_descr: |
58c5fc13 MT |
11012 | .word 0 # 32 bit align gdt_desc.address |
11013 | ENTRY(early_gdt_descr) | |
11014 | .word GDT_ENTRIES*8-1 | |
11015 | - .long per_cpu__gdt_page /* Overwritten for secondary CPUs */ | |
11016 | + .long cpu_gdt_table /* Overwritten for secondary CPUs */ | |
11017 | ||
11018 | /* | |
11019 | * The boot_gdt must mirror the equivalent in setup.S and is | |
ae4e228f | 11020 | @@ -715,5 +796,65 @@ ENTRY(early_gdt_descr) |
58c5fc13 MT |
11021 | .align L1_CACHE_BYTES |
11022 | ENTRY(boot_gdt) | |
11023 | .fill GDT_ENTRY_BOOT_CS,8,0 | |
11024 | - .quad 0x00cf9a000000ffff /* kernel 4GB code at 0x00000000 */ | |
11025 | - .quad 0x00cf92000000ffff /* kernel 4GB data at 0x00000000 */ | |
11026 | + .quad 0x00cf9b000000ffff /* kernel 4GB code at 0x00000000 */ | |
11027 | + .quad 0x00cf93000000ffff /* kernel 4GB data at 0x00000000 */ | |
11028 | + | |
11029 | + .align PAGE_SIZE_asm | |
11030 | +ENTRY(cpu_gdt_table) | |
11031 | + .rept NR_CPUS | |
11032 | + .quad 0x0000000000000000 /* NULL descriptor */ | |
11033 | + .quad 0x0000000000000000 /* 0x0b reserved */ | |
11034 | + .quad 0x0000000000000000 /* 0x13 reserved */ | |
11035 | + .quad 0x0000000000000000 /* 0x1b reserved */ | |
ae4e228f MT |
11036 | + |
11037 | +#ifdef CONFIG_PAX_KERNEXEC | |
11038 | + .quad 0x00cf9b000000ffff /* 0x20 alternate kernel 4GB code at 0x00000000 */ | |
11039 | +#else | |
58c5fc13 | 11040 | + .quad 0x0000000000000000 /* 0x20 unused */ |
ae4e228f MT |
11041 | +#endif |
11042 | + | |
58c5fc13 MT |
11043 | + .quad 0x0000000000000000 /* 0x28 unused */ |
11044 | + .quad 0x0000000000000000 /* 0x33 TLS entry 1 */ | |
11045 | + .quad 0x0000000000000000 /* 0x3b TLS entry 2 */ | |
11046 | + .quad 0x0000000000000000 /* 0x43 TLS entry 3 */ | |
11047 | + .quad 0x0000000000000000 /* 0x4b reserved */ | |
11048 | + .quad 0x0000000000000000 /* 0x53 reserved */ | |
11049 | + .quad 0x0000000000000000 /* 0x5b reserved */ | |
11050 | + | |
11051 | + .quad 0x00cf9b000000ffff /* 0x60 kernel 4GB code at 0x00000000 */ | |
11052 | + .quad 0x00cf93000000ffff /* 0x68 kernel 4GB data at 0x00000000 */ | |
11053 | + .quad 0x00cffb000000ffff /* 0x73 user 4GB code at 0x00000000 */ | |
11054 | + .quad 0x00cff3000000ffff /* 0x7b user 4GB data at 0x00000000 */ | |
11055 | + | |
11056 | + .quad 0x0000000000000000 /* 0x80 TSS descriptor */ | |
11057 | + .quad 0x0000000000000000 /* 0x88 LDT descriptor */ | |
11058 | + | |
11059 | + /* | |
11060 | + * Segments used for calling PnP BIOS have byte granularity. | |
11061 | + * The code segments and data segments have fixed 64k limits, | |
11062 | + * the transfer segment sizes are set at run time. | |
11063 | + */ | |
11064 | + .quad 0x00409b000000ffff /* 0x90 32-bit code */ | |
11065 | + .quad 0x00009b000000ffff /* 0x98 16-bit code */ | |
11066 | + .quad 0x000093000000ffff /* 0xa0 16-bit data */ | |
11067 | + .quad 0x0000930000000000 /* 0xa8 16-bit data */ | |
11068 | + .quad 0x0000930000000000 /* 0xb0 16-bit data */ | |
11069 | + | |
11070 | + /* | |
11071 | + * The APM segments have byte granularity and their bases | |
11072 | + * are set at run time. All have 64k limits. | |
11073 | + */ | |
11074 | + .quad 0x00409b000000ffff /* 0xb8 APM CS code */ | |
11075 | + .quad 0x00009b000000ffff /* 0xc0 APM CS 16 code (16 bit) */ | |
11076 | + .quad 0x004093000000ffff /* 0xc8 APM DS data */ | |
11077 | + | |
11078 | + .quad 0x00c0930000000000 /* 0xd0 - ESPFIX SS */ | |
11079 | + .quad 0x0040930000000000 /* 0xd8 - PERCPU */ | |
ae4e228f | 11080 | + .quad 0x0040910000000018 /* 0xe0 - STACK_CANARY */ |
58c5fc13 MT |
11081 | + .quad 0x0000000000000000 /* 0xe8 - PCIBIOS_CS */ |
11082 | + .quad 0x0000000000000000 /* 0xf0 - PCIBIOS_DS */ | |
11083 | + .quad 0x0000000000000000 /* 0xf8 - GDT entry 31: double-fault TSS */ | |
11084 | + | |
11085 | + /* Be sure this is zeroed to avoid false validations in Xen */ | |
11086 | + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 | |
11087 | + .endr | |
ae4e228f MT |
11088 | diff -urNp linux-2.6.33.1/arch/x86/kernel/head_64.S linux-2.6.33.1/arch/x86/kernel/head_64.S |
11089 | --- linux-2.6.33.1/arch/x86/kernel/head_64.S 2010-03-15 12:09:39.000000000 -0400 | |
11090 | +++ linux-2.6.33.1/arch/x86/kernel/head_64.S 2010-03-20 16:58:39.000574964 -0400 | |
11091 | @@ -19,6 +19,7 @@ | |
11092 | #include <asm/cache.h> | |
11093 | #include <asm/processor-flags.h> | |
11094 | #include <asm/percpu.h> | |
11095 | +#include <asm/cpufeature.h> | |
11096 | ||
11097 | #ifdef CONFIG_PARAVIRT | |
11098 | #include <asm/asm-offsets.h> | |
11099 | @@ -38,6 +39,10 @@ L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET | |
58c5fc13 MT |
11100 | L3_PAGE_OFFSET = pud_index(__PAGE_OFFSET) |
11101 | L4_START_KERNEL = pgd_index(__START_KERNEL_map) | |
11102 | L3_START_KERNEL = pud_index(__START_KERNEL_map) | |
11103 | +L4_VMALLOC_START = pgd_index(VMALLOC_START) | |
11104 | +L3_VMALLOC_START = pud_index(VMALLOC_START) | |
11105 | +L4_VMEMMAP_START = pgd_index(VMEMMAP_START) | |
11106 | +L3_VMEMMAP_START = pud_index(VMEMMAP_START) | |
11107 | ||
11108 | .text | |
ae4e228f MT |
11109 | __HEAD |
11110 | @@ -85,35 +90,22 @@ startup_64: | |
58c5fc13 MT |
11111 | */ |
11112 | addq %rbp, init_level4_pgt + 0(%rip) | |
11113 | addq %rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip) | |
11114 | + addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip) | |
11115 | + addq %rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip) | |
11116 | addq %rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip) | |
11117 | ||
11118 | addq %rbp, level3_ident_pgt + 0(%rip) | |
ae4e228f | 11119 | +#ifndef CONFIG_XEN |
58c5fc13 | 11120 | + addq %rbp, level3_ident_pgt + 8(%rip) |
ae4e228f | 11121 | +#endif |
58c5fc13 MT |
11122 | |
11123 | - addq %rbp, level3_kernel_pgt + (510*8)(%rip) | |
11124 | - addq %rbp, level3_kernel_pgt + (511*8)(%rip) | |
11125 | + addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip) | |
11126 | ||
11127 | - addq %rbp, level2_fixmap_pgt + (506*8)(%rip) | |
11128 | + addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip) | |
11129 | + addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip) | |
11130 | ||
11131 | - /* Add an Identity mapping if I am above 1G */ | |
11132 | - leaq _text(%rip), %rdi | |
11133 | - andq $PMD_PAGE_MASK, %rdi | |
11134 | - | |
11135 | - movq %rdi, %rax | |
11136 | - shrq $PUD_SHIFT, %rax | |
11137 | - andq $(PTRS_PER_PUD - 1), %rax | |
11138 | - jz ident_complete | |
11139 | - | |
11140 | - leaq (level2_spare_pgt - __START_KERNEL_map + _KERNPG_TABLE)(%rbp), %rdx | |
11141 | - leaq level3_ident_pgt(%rip), %rbx | |
11142 | - movq %rdx, 0(%rbx, %rax, 8) | |
11143 | - | |
11144 | - movq %rdi, %rax | |
11145 | - shrq $PMD_SHIFT, %rax | |
11146 | - andq $(PTRS_PER_PMD - 1), %rax | |
11147 | - leaq __PAGE_KERNEL_IDENT_LARGE_EXEC(%rdi), %rdx | |
11148 | - leaq level2_spare_pgt(%rip), %rbx | |
11149 | - movq %rdx, 0(%rbx, %rax, 8) | |
11150 | -ident_complete: | |
11151 | + addq %rbp, level2_fixmap_pgt + (506*8)(%rip) | |
11152 | + addq %rbp, level2_fixmap_pgt + (507*8)(%rip) | |
11153 | ||
11154 | /* | |
11155 | * Fixup the kernel text+data virtual addresses. Note that | |
ae4e228f MT |
11156 | @@ -184,9 +176,14 @@ ENTRY(secondary_startup_64) |
11157 | movl $MSR_EFER, %ecx | |
11158 | rdmsr | |
11159 | btsl $_EFER_SCE, %eax /* Enable System Call */ | |
11160 | - btl $20,%edi /* No Execute supported? */ | |
11161 | + btl $(X86_FEATURE_NX & 31),%edi /* No Execute supported? */ | |
58c5fc13 MT |
11162 | jnc 1f |
11163 | btsl $_EFER_NX, %eax | |
11164 | + leaq init_level4_pgt(%rip), %rdi | |
11165 | + btsq $_PAGE_BIT_NX, 8*L4_PAGE_OFFSET(%rdi) | |
11166 | + btsq $_PAGE_BIT_NX, 8*L4_VMALLOC_START(%rdi) | |
11167 | + btsq $_PAGE_BIT_NX, 8*L4_VMEMMAP_START(%rdi) | |
ae4e228f | 11168 | + btsq $_PAGE_BIT_NX, __supported_pte_mask(%rip) |
58c5fc13 MT |
11169 | 1: wrmsr /* Make changes effective */ |
11170 | ||
11171 | /* Setup cr0 */ | |
ae4e228f | 11172 | @@ -271,7 +268,7 @@ ENTRY(secondary_startup_64) |
58c5fc13 MT |
11173 | bad_address: |
11174 | jmp bad_address | |
11175 | ||
11176 | - .section ".init.text","ax" | |
11177 | + __INIT | |
11178 | #ifdef CONFIG_EARLY_PRINTK | |
11179 | .globl early_idt_handlers | |
11180 | early_idt_handlers: | |
ae4e228f | 11181 | @@ -316,18 +313,23 @@ ENTRY(early_idt_handler) |
58c5fc13 MT |
11182 | #endif /* EARLY_PRINTK */ |
11183 | 1: hlt | |
11184 | jmp 1b | |
11185 | + .previous | |
11186 | ||
11187 | #ifdef CONFIG_EARLY_PRINTK | |
11188 | + __INITDATA | |
11189 | early_recursion_flag: | |
11190 | .long 0 | |
11191 | + .previous | |
11192 | ||
11193 | + .section .rodata,"a",@progbits | |
11194 | early_idt_msg: | |
11195 | .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" | |
11196 | early_idt_ripmsg: | |
11197 | .asciz "RIP %s\n" | |
11198 | -#endif /* CONFIG_EARLY_PRINTK */ | |
11199 | .previous | |
11200 | +#endif /* CONFIG_EARLY_PRINTK */ | |
11201 | ||
11202 | + .section .rodata,"a",@progbits | |
11203 | #define NEXT_PAGE(name) \ | |
11204 | .balign PAGE_SIZE; \ | |
11205 | ENTRY(name) | |
ae4e228f | 11206 | @@ -351,13 +353,29 @@ NEXT_PAGE(init_level4_pgt) |
58c5fc13 MT |
11207 | .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE |
11208 | .org init_level4_pgt + L4_PAGE_OFFSET*8, 0 | |
11209 | .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE | |
11210 | + .org init_level4_pgt + L4_VMALLOC_START*8, 0 | |
11211 | + .quad level3_vmalloc_pgt - __START_KERNEL_map + _KERNPG_TABLE | |
11212 | + .org init_level4_pgt + L4_VMEMMAP_START*8, 0 | |
11213 | + .quad level3_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE | |
11214 | .org init_level4_pgt + L4_START_KERNEL*8, 0 | |
11215 | /* (2^48-(2*1024*1024*1024))/(2^39) = 511 */ | |
11216 | .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE | |
11217 | ||
11218 | NEXT_PAGE(level3_ident_pgt) | |
11219 | .quad level2_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE | |
11220 | +#ifdef CONFIG_XEN | |
11221 | .fill 511,8,0 | |
11222 | +#else | |
11223 | + .quad level2_ident_pgt + PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE | |
ae4e228f | 11224 | + .fill 510,8,0 |
58c5fc13 MT |
11225 | +#endif |
11226 | + | |
11227 | +NEXT_PAGE(level3_vmalloc_pgt) | |
11228 | + .fill 512,8,0 | |
11229 | + | |
11230 | +NEXT_PAGE(level3_vmemmap_pgt) | |
11231 | + .fill L3_VMEMMAP_START,8,0 | |
11232 | + .quad level2_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE | |
11233 | ||
11234 | NEXT_PAGE(level3_kernel_pgt) | |
11235 | .fill L3_START_KERNEL,8,0 | |
ae4e228f | 11236 | @@ -365,20 +383,23 @@ NEXT_PAGE(level3_kernel_pgt) |
58c5fc13 MT |
11237 | .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE |
11238 | .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE | |
11239 | ||
11240 | +NEXT_PAGE(level2_vmemmap_pgt) | |
11241 | + .fill 512,8,0 | |
11242 | + | |
11243 | NEXT_PAGE(level2_fixmap_pgt) | |
11244 | - .fill 506,8,0 | |
11245 | - .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE | |
11246 | - /* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */ | |
11247 | - .fill 5,8,0 | |
11248 | + .fill 507,8,0 | |
11249 | + .quad level1_vsyscall_pgt - __START_KERNEL_map + _PAGE_TABLE | |
11250 | + /* 6MB reserved for vsyscalls + a 2MB hole = 3 + 1 entries */ | |
11251 | + .fill 4,8,0 | |
11252 | ||
11253 | -NEXT_PAGE(level1_fixmap_pgt) | |
11254 | +NEXT_PAGE(level1_vsyscall_pgt) | |
11255 | .fill 512,8,0 | |
11256 | ||
11257 | -NEXT_PAGE(level2_ident_pgt) | |
11258 | - /* Since I easily can, map the first 1G. | |
ae4e228f | 11259 | + /* Since I easily can, map the first 2G. |
58c5fc13 MT |
11260 | * Don't set NX because code runs from these pages. |
11261 | */ | |
11262 | - PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, PTRS_PER_PMD) | |
11263 | +NEXT_PAGE(level2_ident_pgt) | |
ae4e228f | 11264 | + PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, 2*PTRS_PER_PMD) |
58c5fc13 MT |
11265 | |
11266 | NEXT_PAGE(level2_kernel_pgt) | |
11267 | /* | |
ae4e228f | 11268 | @@ -391,33 +412,55 @@ NEXT_PAGE(level2_kernel_pgt) |
58c5fc13 MT |
11269 | * If you want to increase this then increase MODULES_VADDR |
11270 | * too.) | |
11271 | */ | |
11272 | - PMDS(0, __PAGE_KERNEL_LARGE_EXEC, | |
11273 | - KERNEL_IMAGE_SIZE/PMD_SIZE) | |
11274 | - | |
11275 | -NEXT_PAGE(level2_spare_pgt) | |
11276 | - .fill 512, 8, 0 | |
11277 | + PMDS(0, __PAGE_KERNEL_LARGE_EXEC, KERNEL_IMAGE_SIZE/PMD_SIZE) | |
11278 | ||
11279 | #undef PMDS | |
11280 | #undef NEXT_PAGE | |
11281 | ||
11282 | - .data | |
11283 | + .align PAGE_SIZE | |
11284 | +ENTRY(cpu_gdt_table) | |
11285 | + .rept NR_CPUS | |
11286 | + .quad 0x0000000000000000 /* NULL descriptor */ | |
11287 | + .quad 0x00cf9b000000ffff /* __KERNEL32_CS */ | |
11288 | + .quad 0x00af9b000000ffff /* __KERNEL_CS */ | |
11289 | + .quad 0x00cf93000000ffff /* __KERNEL_DS */ | |
11290 | + .quad 0x00cffb000000ffff /* __USER32_CS */ | |
11291 | + .quad 0x00cff3000000ffff /* __USER_DS, __USER32_DS */ | |
11292 | + .quad 0x00affb000000ffff /* __USER_CS */ | |
ae4e228f MT |
11293 | + |
11294 | +#ifdef CONFIG_PAX_KERNEXEC | |
11295 | + .quad 0x00af9b000000ffff /* __KERNEXEC_KERNEL_CS */ | |
11296 | +#else | |
58c5fc13 | 11297 | + .quad 0x0 /* unused */ |
ae4e228f MT |
11298 | +#endif |
11299 | + | |
58c5fc13 MT |
11300 | + .quad 0,0 /* TSS */ |
11301 | + .quad 0,0 /* LDT */ | |
11302 | + .quad 0,0,0 /* three TLS descriptors */ | |
11303 | + .quad 0x0000f40000000000 /* node/CPU stored in limit */ | |
11304 | + /* asm/segment.h:GDT_ENTRIES must match this */ | |
11305 | + | |
11306 | + /* zero the remaining page */ | |
11307 | + .fill PAGE_SIZE / 8 - GDT_ENTRIES,8,0 | |
11308 | + .endr | |
11309 | + | |
11310 | .align 16 | |
11311 | .globl early_gdt_descr | |
11312 | early_gdt_descr: | |
11313 | .word GDT_ENTRIES*8-1 | |
11314 | early_gdt_descr_base: | |
11315 | - .quad INIT_PER_CPU_VAR(gdt_page) | |
11316 | + .quad cpu_gdt_table | |
11317 | ||
11318 | ENTRY(phys_base) | |
11319 | /* This must match the first entry in level2_kernel_pgt */ | |
11320 | .quad 0x0000000000000000 | |
11321 | ||
11322 | #include "../../x86/xen/xen-head.S" | |
11323 | - | |
11324 | - .section .bss, "aw", @nobits | |
11325 | + | |
11326 | + .section .rodata,"a",@progbits | |
11327 | .align L1_CACHE_BYTES | |
11328 | ENTRY(idt_table) | |
11329 | - .skip IDT_ENTRIES * 16 | |
11330 | + .fill 512,8,0 | |
11331 | ||
ae4e228f | 11332 | __PAGE_ALIGNED_BSS |
58c5fc13 | 11333 | .align PAGE_SIZE |
ae4e228f MT |
11334 | diff -urNp linux-2.6.33.1/arch/x86/kernel/i386_ksyms_32.c linux-2.6.33.1/arch/x86/kernel/i386_ksyms_32.c |
11335 | --- linux-2.6.33.1/arch/x86/kernel/i386_ksyms_32.c 2010-03-15 12:09:39.000000000 -0400 | |
11336 | +++ linux-2.6.33.1/arch/x86/kernel/i386_ksyms_32.c 2010-03-20 16:58:39.000574964 -0400 | |
11337 | @@ -20,8 +20,12 @@ extern void cmpxchg8b_emu(void); | |
11338 | EXPORT_SYMBOL(cmpxchg8b_emu); | |
58c5fc13 MT |
11339 | #endif |
11340 | ||
11341 | +EXPORT_SYMBOL_GPL(cpu_gdt_table); | |
11342 | + | |
11343 | /* Networking helper routines. */ | |
11344 | EXPORT_SYMBOL(csum_partial_copy_generic); | |
11345 | +EXPORT_SYMBOL(csum_partial_copy_generic_to_user); | |
11346 | +EXPORT_SYMBOL(csum_partial_copy_generic_from_user); | |
11347 | ||
11348 | EXPORT_SYMBOL(__get_user_1); | |
11349 | EXPORT_SYMBOL(__get_user_2); | |
ae4e228f | 11350 | @@ -36,3 +40,7 @@ EXPORT_SYMBOL(strstr); |
58c5fc13 MT |
11351 | |
11352 | EXPORT_SYMBOL(csum_partial); | |
11353 | EXPORT_SYMBOL(empty_zero_page); | |
11354 | + | |
11355 | +#ifdef CONFIG_PAX_KERNEXEC | |
11356 | +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); | |
11357 | +#endif | |
ae4e228f MT |
11358 | diff -urNp linux-2.6.33.1/arch/x86/kernel/init_task.c linux-2.6.33.1/arch/x86/kernel/init_task.c |
11359 | --- linux-2.6.33.1/arch/x86/kernel/init_task.c 2010-03-15 12:09:39.000000000 -0400 | |
11360 | +++ linux-2.6.33.1/arch/x86/kernel/init_task.c 2010-03-20 16:58:39.000574964 -0400 | |
11361 | @@ -38,5 +38,5 @@ EXPORT_SYMBOL(init_task); | |
58c5fc13 MT |
11362 | * section. Since TSS's are completely CPU-local, we want them |
11363 | * on exact cacheline boundaries, to eliminate cacheline ping-pong. | |
11364 | */ | |
11365 | -DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, init_tss) = INIT_TSS; | |
11366 | - | |
11367 | +struct tss_struct init_tss[NR_CPUS] ____cacheline_internodealigned_in_smp = { [0 ... NR_CPUS-1] = INIT_TSS }; | |
11368 | +EXPORT_SYMBOL(init_tss); | |
ae4e228f MT |
11369 | diff -urNp linux-2.6.33.1/arch/x86/kernel/ioport.c linux-2.6.33.1/arch/x86/kernel/ioport.c |
11370 | --- linux-2.6.33.1/arch/x86/kernel/ioport.c 2010-03-15 12:09:39.000000000 -0400 | |
11371 | +++ linux-2.6.33.1/arch/x86/kernel/ioport.c 2010-03-20 16:58:39.000574964 -0400 | |
58c5fc13 MT |
11372 | @@ -6,6 +6,7 @@ |
11373 | #include <linux/sched.h> | |
11374 | #include <linux/kernel.h> | |
11375 | #include <linux/capability.h> | |
11376 | +#include <linux/security.h> | |
11377 | #include <linux/errno.h> | |
11378 | #include <linux/types.h> | |
11379 | #include <linux/ioport.h> | |
11380 | @@ -41,6 +42,12 @@ asmlinkage long sys_ioperm(unsigned long | |
11381 | ||
11382 | if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) | |
11383 | return -EINVAL; | |
11384 | +#ifdef CONFIG_GRKERNSEC_IO | |
11385 | + if (turn_on) { | |
11386 | + gr_handle_ioperm(); | |
11387 | + return -EPERM; | |
11388 | + } | |
11389 | +#endif | |
11390 | if (turn_on && !capable(CAP_SYS_RAWIO)) | |
11391 | return -EPERM; | |
11392 | ||
11393 | @@ -67,7 +74,7 @@ asmlinkage long sys_ioperm(unsigned long | |
11394 | * because the ->io_bitmap_max value must match the bitmap | |
11395 | * contents: | |
11396 | */ | |
11397 | - tss = &per_cpu(init_tss, get_cpu()); | |
11398 | + tss = init_tss + get_cpu(); | |
11399 | ||
11400 | set_bitmap(t->io_bitmap_ptr, from, num, !turn_on); | |
11401 | ||
ae4e228f | 11402 | @@ -112,8 +119,13 @@ long sys_iopl(unsigned int level, struct |
58c5fc13 MT |
11403 | return -EINVAL; |
11404 | /* Trying to gain more privileges? */ | |
11405 | if (level > old) { | |
11406 | +#ifdef CONFIG_GRKERNSEC_IO | |
11407 | + gr_handle_iopl(); | |
11408 | + return -EPERM; | |
11409 | +#else | |
11410 | if (!capable(CAP_SYS_RAWIO)) | |
11411 | return -EPERM; | |
11412 | +#endif | |
11413 | } | |
11414 | regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); | |
ae4e228f MT |
11415 | t->iopl = level << 12; |
11416 | diff -urNp linux-2.6.33.1/arch/x86/kernel/irq_32.c linux-2.6.33.1/arch/x86/kernel/irq_32.c | |
11417 | --- linux-2.6.33.1/arch/x86/kernel/irq_32.c 2010-03-15 12:09:39.000000000 -0400 | |
11418 | +++ linux-2.6.33.1/arch/x86/kernel/irq_32.c 2010-03-20 16:58:39.000574964 -0400 | |
58c5fc13 MT |
11419 | @@ -94,7 +94,7 @@ execute_on_irq_stack(int overflow, struc |
11420 | return 0; | |
11421 | ||
11422 | /* build the stack frame on the IRQ stack */ | |
11423 | - isp = (u32 *) ((char *)irqctx + sizeof(*irqctx)); | |
11424 | + isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8); | |
11425 | irqctx->tinfo.task = curctx->tinfo.task; | |
11426 | irqctx->tinfo.previous_esp = current_stack_pointer; | |
11427 | ||
11428 | @@ -175,7 +175,7 @@ asmlinkage void do_softirq(void) | |
11429 | irqctx->tinfo.previous_esp = current_stack_pointer; | |
11430 | ||
11431 | /* build the stack frame on the softirq stack */ | |
11432 | - isp = (u32 *) ((char *)irqctx + sizeof(*irqctx)); | |
11433 | + isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8); | |
11434 | ||
11435 | call_on_stack(__do_softirq, isp); | |
11436 | /* | |
ae4e228f MT |
11437 | diff -urNp linux-2.6.33.1/arch/x86/kernel/kgdb.c linux-2.6.33.1/arch/x86/kernel/kgdb.c |
11438 | --- linux-2.6.33.1/arch/x86/kernel/kgdb.c 2010-03-15 12:09:39.000000000 -0400 | |
11439 | +++ linux-2.6.33.1/arch/x86/kernel/kgdb.c 2010-03-20 16:58:39.004585163 -0400 | |
11440 | @@ -89,7 +89,7 @@ void pt_regs_to_gdb_regs(unsigned long * | |
11441 | gdb_regs[GDB_CS] = regs->cs; | |
11442 | gdb_regs[GDB_FS] = 0xFFFF; | |
11443 | gdb_regs[GDB_GS] = 0xFFFF; | |
11444 | - if (user_mode_vm(regs)) { | |
11445 | + if (user_mode(regs)) { | |
11446 | gdb_regs[GDB_SS] = regs->ss; | |
11447 | gdb_regs[GDB_SP] = regs->sp; | |
11448 | } else { | |
11449 | @@ -690,7 +690,7 @@ unsigned long kgdb_arch_pc(int exception | |
11450 | return instruction_pointer(regs); | |
11451 | } | |
11452 | ||
11453 | -struct kgdb_arch arch_kgdb_ops = { | |
11454 | +const struct kgdb_arch arch_kgdb_ops = { | |
11455 | /* Breakpoint instruction: */ | |
11456 | .gdb_bpt_instr = { 0xcc }, | |
11457 | .flags = KGDB_HW_BREAKPOINT, | |
11458 | diff -urNp linux-2.6.33.1/arch/x86/kernel/kprobes.c linux-2.6.33.1/arch/x86/kernel/kprobes.c | |
11459 | --- linux-2.6.33.1/arch/x86/kernel/kprobes.c 2010-03-15 12:09:39.000000000 -0400 | |
11460 | +++ linux-2.6.33.1/arch/x86/kernel/kprobes.c 2010-03-20 16:58:39.004585163 -0400 | |
11461 | @@ -113,9 +113,13 @@ static void __kprobes set_jmp_op(void *f | |
58c5fc13 MT |
11462 | char op; |
11463 | s32 raddr; | |
11464 | } __attribute__((packed)) * jop; | |
11465 | - jop = (struct __arch_jmp_op *)from; | |
11466 | + | |
58c5fc13 MT |
11467 | + jop = (struct __arch_jmp_op *)(ktla_ktva(from)); |
11468 | + | |
ae4e228f | 11469 | + pax_open_kernel(); |
58c5fc13 MT |
11470 | jop->raddr = (s32)((long)(to) - ((long)(from) + 5)); |
11471 | jop->op = RELATIVEJUMP_INSTRUCTION; | |
ae4e228f | 11472 | + pax_close_kernel(); |
58c5fc13 MT |
11473 | } |
11474 | ||
11475 | /* | |
ae4e228f | 11476 | @@ -323,16 +327,18 @@ static void __kprobes fix_riprel(struct |
58c5fc13 MT |
11477 | |
11478 | static void __kprobes arch_copy_kprobe(struct kprobe *p) | |
11479 | { | |
11480 | - memcpy(p->ainsn.insn, p->addr, MAX_INSN_SIZE * sizeof(kprobe_opcode_t)); | |
ae4e228f | 11481 | + pax_open_kernel(); |
58c5fc13 | 11482 | + memcpy(p->ainsn.insn, ktla_ktva(p->addr), MAX_INSN_SIZE * sizeof(kprobe_opcode_t)); |
ae4e228f | 11483 | + pax_close_kernel(); |
58c5fc13 MT |
11484 | |
11485 | fix_riprel(p); | |
11486 | ||
11487 | - if (can_boost(p->addr)) | |
11488 | + if (can_boost(ktla_ktva(p->addr))) | |
11489 | p->ainsn.boostable = 0; | |
11490 | else | |
11491 | p->ainsn.boostable = -1; | |
11492 | ||
11493 | - p->opcode = *p->addr; | |
11494 | + p->opcode = *(ktla_ktva(p->addr)); | |
11495 | } | |
11496 | ||
11497 | int __kprobes arch_prepare_kprobe(struct kprobe *p) | |
ae4e228f | 11498 | @@ -412,7 +418,7 @@ static void __kprobes prepare_singlestep |
58c5fc13 MT |
11499 | if (p->opcode == BREAKPOINT_INSTRUCTION) |
11500 | regs->ip = (unsigned long)p->addr; | |
11501 | else | |
11502 | - regs->ip = (unsigned long)p->ainsn.insn; | |
11503 | + regs->ip = ktva_ktla((unsigned long)p->ainsn.insn); | |
11504 | } | |
11505 | ||
11506 | void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri, | |
ae4e228f | 11507 | @@ -433,7 +439,7 @@ static void __kprobes setup_singlestep(s |
58c5fc13 MT |
11508 | if (p->ainsn.boostable == 1 && !p->post_handler) { |
11509 | /* Boost up -- we can execute copied instructions directly */ | |
11510 | reset_current_kprobe(); | |
11511 | - regs->ip = (unsigned long)p->ainsn.insn; | |
11512 | + regs->ip = ktva_ktla((unsigned long)p->ainsn.insn); | |
11513 | preempt_enable_no_resched(); | |
11514 | return; | |
11515 | } | |
ae4e228f | 11516 | @@ -490,7 +496,7 @@ static int __kprobes kprobe_handler(stru |
58c5fc13 MT |
11517 | struct kprobe_ctlblk *kcb; |
11518 | ||
11519 | addr = (kprobe_opcode_t *)(regs->ip - sizeof(kprobe_opcode_t)); | |
11520 | - if (*addr != BREAKPOINT_INSTRUCTION) { | |
11521 | + if (*(kprobe_opcode_t *)ktla_ktva((unsigned long)addr) != BREAKPOINT_INSTRUCTION) { | |
11522 | /* | |
11523 | * The breakpoint instruction was removed right | |
11524 | * after we hit it. Another cpu has removed | |
ae4e228f | 11525 | @@ -742,7 +748,7 @@ static void __kprobes resume_execution(s |
58c5fc13 MT |
11526 | struct pt_regs *regs, struct kprobe_ctlblk *kcb) |
11527 | { | |
11528 | unsigned long *tos = stack_addr(regs); | |
11529 | - unsigned long copy_ip = (unsigned long)p->ainsn.insn; | |
11530 | + unsigned long copy_ip = ktva_ktla((unsigned long)p->ainsn.insn); | |
11531 | unsigned long orig_ip = (unsigned long)p->addr; | |
11532 | kprobe_opcode_t *insn = p->ainsn.insn; | |
11533 | ||
ae4e228f | 11534 | @@ -925,7 +931,7 @@ int __kprobes kprobe_exceptions_notify(s |
58c5fc13 MT |
11535 | struct die_args *args = data; |
11536 | int ret = NOTIFY_DONE; | |
11537 | ||
11538 | - if (args->regs && user_mode_vm(args->regs)) | |
11539 | + if (args->regs && user_mode(args->regs)) | |
11540 | return ret; | |
11541 | ||
11542 | switch (val) { | |
ae4e228f MT |
11543 | diff -urNp linux-2.6.33.1/arch/x86/kernel/ldt.c linux-2.6.33.1/arch/x86/kernel/ldt.c |
11544 | --- linux-2.6.33.1/arch/x86/kernel/ldt.c 2010-03-15 12:09:39.000000000 -0400 | |
11545 | +++ linux-2.6.33.1/arch/x86/kernel/ldt.c 2010-03-20 16:58:39.004585163 -0400 | |
58c5fc13 MT |
11546 | @@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, i |
11547 | if (reload) { | |
11548 | #ifdef CONFIG_SMP | |
11549 | preempt_disable(); | |
11550 | - load_LDT(pc); | |
11551 | + load_LDT_nolock(pc); | |
ae4e228f MT |
11552 | if (!cpumask_equal(mm_cpumask(current->mm), |
11553 | cpumask_of(smp_processor_id()))) | |
58c5fc13 MT |
11554 | smp_call_function(flush_ldt, current->mm, 1); |
11555 | preempt_enable(); | |
11556 | #else | |
11557 | - load_LDT(pc); | |
11558 | + load_LDT_nolock(pc); | |
11559 | #endif | |
11560 | } | |
11561 | if (oldsize) { | |
11562 | @@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t | |
11563 | return err; | |
11564 | ||
11565 | for (i = 0; i < old->size; i++) | |
11566 | - write_ldt_entry(new->ldt, i, old->ldt + i * LDT_ENTRY_SIZE); | |
11567 | + write_ldt_entry(new->ldt, i, old->ldt + i); | |
11568 | return 0; | |
11569 | } | |
11570 | ||
11571 | @@ -115,6 +115,24 @@ int init_new_context(struct task_struct | |
11572 | retval = copy_ldt(&mm->context, &old_mm->context); | |
11573 | mutex_unlock(&old_mm->context.lock); | |
11574 | } | |
11575 | + | |
11576 | + if (tsk == current) { | |
11577 | + mm->context.vdso = ~0UL; | |
11578 | + | |
11579 | +#ifdef CONFIG_X86_32 | |
11580 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
11581 | + mm->context.user_cs_base = 0UL; | |
11582 | + mm->context.user_cs_limit = ~0UL; | |
11583 | + | |
11584 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP) | |
11585 | + cpus_clear(mm->context.cpu_user_cs_mask); | |
11586 | +#endif | |
11587 | + | |
11588 | +#endif | |
11589 | +#endif | |
11590 | + | |
11591 | + } | |
11592 | + | |
11593 | return retval; | |
11594 | } | |
11595 | ||
11596 | @@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, u | |
11597 | } | |
11598 | } | |
11599 | ||
11600 | +#ifdef CONFIG_PAX_SEGMEXEC | |
11601 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (ldt_info.contents & MODIFY_LDT_CONTENTS_CODE)) { | |
11602 | + error = -EINVAL; | |
11603 | + goto out_unlock; | |
11604 | + } | |
11605 | +#endif | |
11606 | + | |
11607 | fill_ldt(&ldt, &ldt_info); | |
11608 | if (oldmode) | |
11609 | ldt.avl = 0; | |
ae4e228f MT |
11610 | diff -urNp linux-2.6.33.1/arch/x86/kernel/machine_kexec_32.c linux-2.6.33.1/arch/x86/kernel/machine_kexec_32.c |
11611 | --- linux-2.6.33.1/arch/x86/kernel/machine_kexec_32.c 2010-03-15 12:09:39.000000000 -0400 | |
11612 | +++ linux-2.6.33.1/arch/x86/kernel/machine_kexec_32.c 2010-03-20 16:58:39.004585163 -0400 | |
11613 | @@ -27,7 +27,7 @@ | |
58c5fc13 | 11614 | #include <asm/cacheflush.h> |
ae4e228f | 11615 | #include <asm/debugreg.h> |
58c5fc13 MT |
11616 | |
11617 | -static void set_idt(void *newidt, __u16 limit) | |
11618 | +static void set_idt(struct desc_struct *newidt, __u16 limit) | |
11619 | { | |
11620 | struct desc_ptr curidt; | |
11621 | ||
ae4e228f | 11622 | @@ -39,7 +39,7 @@ static void set_idt(void *newidt, __u16 |
58c5fc13 MT |
11623 | } |
11624 | ||
11625 | ||
11626 | -static void set_gdt(void *newgdt, __u16 limit) | |
11627 | +static void set_gdt(struct desc_struct *newgdt, __u16 limit) | |
11628 | { | |
11629 | struct desc_ptr curgdt; | |
11630 | ||
11631 | @@ -217,7 +217,7 @@ void machine_kexec(struct kimage *image) | |
11632 | } | |
11633 | ||
11634 | control_page = page_address(image->control_code_page); | |
11635 | - memcpy(control_page, relocate_kernel, KEXEC_CONTROL_CODE_MAX_SIZE); | |
11636 | + memcpy(control_page, (void *)ktla_ktva((unsigned long)relocate_kernel), KEXEC_CONTROL_CODE_MAX_SIZE); | |
11637 | ||
11638 | relocate_kernel_ptr = control_page; | |
11639 | page_list[PA_CONTROL_PAGE] = __pa(control_page); | |
ae4e228f MT |
11640 | diff -urNp linux-2.6.33.1/arch/x86/kernel/microcode_amd.c linux-2.6.33.1/arch/x86/kernel/microcode_amd.c |
11641 | --- linux-2.6.33.1/arch/x86/kernel/microcode_amd.c 2010-03-15 12:09:39.000000000 -0400 | |
11642 | +++ linux-2.6.33.1/arch/x86/kernel/microcode_amd.c 2010-03-20 16:58:39.004585163 -0400 | |
11643 | @@ -331,7 +331,7 @@ static void microcode_fini_cpu_amd(int c | |
11644 | uci->mc = NULL; | |
11645 | } | |
11646 | ||
11647 | -static struct microcode_ops microcode_amd_ops = { | |
11648 | +static const struct microcode_ops microcode_amd_ops = { | |
11649 | .request_microcode_user = request_microcode_user, | |
11650 | .request_microcode_fw = request_microcode_fw, | |
11651 | .collect_cpu_info = collect_cpu_info_amd, | |
11652 | @@ -339,7 +339,7 @@ static struct microcode_ops microcode_am | |
11653 | .microcode_fini_cpu = microcode_fini_cpu_amd, | |
11654 | }; | |
58c5fc13 | 11655 | |
ae4e228f MT |
11656 | -struct microcode_ops * __init init_amd_microcode(void) |
11657 | +const struct microcode_ops * __init init_amd_microcode(void) | |
11658 | { | |
11659 | return µcode_amd_ops; | |
11660 | } | |
11661 | diff -urNp linux-2.6.33.1/arch/x86/kernel/microcode_core.c linux-2.6.33.1/arch/x86/kernel/microcode_core.c | |
11662 | --- linux-2.6.33.1/arch/x86/kernel/microcode_core.c 2010-03-15 12:09:39.000000000 -0400 | |
11663 | +++ linux-2.6.33.1/arch/x86/kernel/microcode_core.c 2010-03-20 16:58:39.004585163 -0400 | |
11664 | @@ -92,7 +92,7 @@ MODULE_LICENSE("GPL"); | |
11665 | ||
11666 | #define MICROCODE_VERSION "2.00" | |
11667 | ||
11668 | -static struct microcode_ops *microcode_ops; | |
11669 | +static const struct microcode_ops *microcode_ops; | |
11670 | ||
11671 | /* | |
11672 | * Synchronization. | |
11673 | diff -urNp linux-2.6.33.1/arch/x86/kernel/microcode_intel.c linux-2.6.33.1/arch/x86/kernel/microcode_intel.c | |
11674 | --- linux-2.6.33.1/arch/x86/kernel/microcode_intel.c 2010-03-15 12:09:39.000000000 -0400 | |
11675 | +++ linux-2.6.33.1/arch/x86/kernel/microcode_intel.c 2010-03-20 16:58:39.011824892 -0400 | |
11676 | @@ -436,13 +436,13 @@ static enum ucode_state request_microcod | |
11677 | ||
11678 | static int get_ucode_user(void *to, const void *from, size_t n) | |
11679 | { | |
11680 | - return copy_from_user(to, from, n); | |
11681 | + return copy_from_user(to, (__force const void __user *)from, n); | |
11682 | } | |
11683 | ||
11684 | static enum ucode_state | |
11685 | request_microcode_user(int cpu, const void __user *buf, size_t size) | |
11686 | { | |
11687 | - return generic_load_microcode(cpu, (void *)buf, size, &get_ucode_user); | |
11688 | + return generic_load_microcode(cpu, (__force void *)buf, size, &get_ucode_user); | |
11689 | } | |
11690 | ||
11691 | static void microcode_fini_cpu(int cpu) | |
11692 | @@ -453,7 +453,7 @@ static void microcode_fini_cpu(int cpu) | |
11693 | uci->mc = NULL; | |
11694 | } | |
11695 | ||
11696 | -static struct microcode_ops microcode_intel_ops = { | |
11697 | +static const struct microcode_ops microcode_intel_ops = { | |
11698 | .request_microcode_user = request_microcode_user, | |
11699 | .request_microcode_fw = request_microcode_fw, | |
11700 | .collect_cpu_info = collect_cpu_info, | |
11701 | @@ -461,7 +461,7 @@ static struct microcode_ops microcode_in | |
11702 | .microcode_fini_cpu = microcode_fini_cpu, | |
11703 | }; | |
11704 | ||
11705 | -struct microcode_ops * __init init_intel_microcode(void) | |
11706 | +const struct microcode_ops * __init init_intel_microcode(void) | |
11707 | { | |
11708 | return µcode_intel_ops; | |
11709 | } | |
11710 | diff -urNp linux-2.6.33.1/arch/x86/kernel/module.c linux-2.6.33.1/arch/x86/kernel/module.c | |
11711 | --- linux-2.6.33.1/arch/x86/kernel/module.c 2010-03-15 12:09:39.000000000 -0400 | |
11712 | +++ linux-2.6.33.1/arch/x86/kernel/module.c 2010-03-20 16:58:39.011824892 -0400 | |
11713 | @@ -34,7 +34,7 @@ | |
58c5fc13 MT |
11714 | #define DEBUGP(fmt...) |
11715 | #endif | |
11716 | ||
11717 | -void *module_alloc(unsigned long size) | |
11718 | +static void *__module_alloc(unsigned long size, pgprot_t prot) | |
11719 | { | |
11720 | struct vm_struct *area; | |
11721 | ||
ae4e228f | 11722 | @@ -48,8 +48,18 @@ void *module_alloc(unsigned long size) |
58c5fc13 MT |
11723 | if (!area) |
11724 | return NULL; | |
11725 | ||
11726 | - return __vmalloc_area(area, GFP_KERNEL | __GFP_HIGHMEM, | |
11727 | - PAGE_KERNEL_EXEC); | |
11728 | + return __vmalloc_area(area, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, prot); | |
11729 | +} | |
11730 | + | |
58c5fc13 MT |
11731 | +void *module_alloc(unsigned long size) |
11732 | +{ | |
ae4e228f MT |
11733 | + |
11734 | +#ifdef CONFIG_PAX_KERNEXEC | |
58c5fc13 | 11735 | + return __module_alloc(size, PAGE_KERNEL); |
ae4e228f MT |
11736 | +#else |
11737 | + return __module_alloc(size, PAGE_KERNEL_EXEC); | |
11738 | +#endif | |
11739 | + | |
11740 | } | |
11741 | ||
11742 | /* Free memory returned from module_alloc */ | |
11743 | @@ -58,6 +68,40 @@ void module_free(struct module *mod, voi | |
11744 | vfree(module_region); | |
11745 | } | |
11746 | ||
11747 | +#ifdef CONFIG_PAX_KERNEXEC | |
11748 | +#ifdef CONFIG_X86_32 | |
58c5fc13 MT |
11749 | +void *module_alloc_exec(unsigned long size) |
11750 | +{ | |
11751 | + struct vm_struct *area; | |
11752 | + | |
11753 | + if (size == 0) | |
11754 | + return NULL; | |
11755 | + | |
11756 | + area = __get_vm_area(size, VM_ALLOC, (unsigned long)&MODULES_EXEC_VADDR, (unsigned long)&MODULES_EXEC_END); | |
ae4e228f | 11757 | + return area ? area->addr : NULL; |
58c5fc13 MT |
11758 | +} |
11759 | +EXPORT_SYMBOL(module_alloc_exec); | |
11760 | + | |
11761 | +void module_free_exec(struct module *mod, void *module_region) | |
11762 | +{ | |
ae4e228f | 11763 | + vunmap(module_region); |
58c5fc13 MT |
11764 | +} |
11765 | +EXPORT_SYMBOL(module_free_exec); | |
11766 | +#else | |
58c5fc13 MT |
11767 | +void module_free_exec(struct module *mod, void *module_region) |
11768 | +{ | |
11769 | + module_free(mod, module_region); | |
11770 | +} | |
11771 | +EXPORT_SYMBOL(module_free_exec); | |
11772 | + | |
11773 | +void *module_alloc_exec(unsigned long size) | |
11774 | +{ | |
11775 | + return __module_alloc(size, PAGE_KERNEL_RX); | |
11776 | +} | |
11777 | +EXPORT_SYMBOL(module_alloc_exec); | |
11778 | +#endif | |
58c5fc13 | 11779 | +#endif |
ae4e228f MT |
11780 | + |
11781 | /* We don't need anything special. */ | |
11782 | int module_frob_arch_sections(Elf_Ehdr *hdr, | |
11783 | Elf_Shdr *sechdrs, | |
11784 | @@ -77,14 +121,16 @@ int apply_relocate(Elf32_Shdr *sechdrs, | |
58c5fc13 MT |
11785 | unsigned int i; |
11786 | Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr; | |
11787 | Elf32_Sym *sym; | |
11788 | - uint32_t *location; | |
11789 | + uint32_t *plocation, location; | |
58c5fc13 MT |
11790 | |
11791 | DEBUGP("Applying relocate section %u to %u\n", relsec, | |
11792 | sechdrs[relsec].sh_info); | |
11793 | for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) { | |
11794 | /* This is where to make the change */ | |
11795 | - location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr | |
11796 | - + rel[i].r_offset; | |
11797 | + plocation = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr + rel[i].r_offset; | |
11798 | + location = (uint32_t)plocation; | |
11799 | + if (sechdrs[sechdrs[relsec].sh_info].sh_flags & SHF_EXECINSTR) | |
11800 | + plocation = ktla_ktva((void *)plocation); | |
11801 | /* This is the symbol it is referring to. Note that all | |
11802 | undefined symbols have been resolved. */ | |
11803 | sym = (Elf32_Sym *)sechdrs[symindex].sh_addr | |
ae4e228f | 11804 | @@ -93,11 +139,15 @@ int apply_relocate(Elf32_Shdr *sechdrs, |
58c5fc13 MT |
11805 | switch (ELF32_R_TYPE(rel[i].r_info)) { |
11806 | case R_386_32: | |
11807 | /* We add the value into the location given */ | |
11808 | - *location += sym->st_value; | |
ae4e228f | 11809 | + pax_open_kernel(); |
58c5fc13 | 11810 | + *plocation += sym->st_value; |
ae4e228f | 11811 | + pax_close_kernel(); |
58c5fc13 MT |
11812 | break; |
11813 | case R_386_PC32: | |
11814 | /* Add the value, subtract its postition */ | |
11815 | - *location += sym->st_value - (uint32_t)location; | |
ae4e228f | 11816 | + pax_open_kernel(); |
58c5fc13 | 11817 | + *plocation += sym->st_value - location; |
ae4e228f | 11818 | + pax_close_kernel(); |
58c5fc13 MT |
11819 | break; |
11820 | default: | |
11821 | printk(KERN_ERR "module %s: Unknown relocation: %u\n", | |
ae4e228f | 11822 | @@ -153,21 +203,30 @@ int apply_relocate_add(Elf64_Shdr *sechd |
58c5fc13 MT |
11823 | case R_X86_64_NONE: |
11824 | break; | |
11825 | case R_X86_64_64: | |
ae4e228f | 11826 | + pax_open_kernel(); |
58c5fc13 | 11827 | *(u64 *)loc = val; |
ae4e228f | 11828 | + pax_close_kernel(); |
58c5fc13 MT |
11829 | break; |
11830 | case R_X86_64_32: | |
ae4e228f | 11831 | + pax_open_kernel(); |
58c5fc13 | 11832 | *(u32 *)loc = val; |
ae4e228f | 11833 | + pax_close_kernel(); |
58c5fc13 MT |
11834 | if (val != *(u32 *)loc) |
11835 | goto overflow; | |
11836 | break; | |
11837 | case R_X86_64_32S: | |
ae4e228f | 11838 | + pax_open_kernel(); |
58c5fc13 | 11839 | *(s32 *)loc = val; |
ae4e228f | 11840 | + pax_close_kernel(); |
58c5fc13 MT |
11841 | if ((s64)val != *(s32 *)loc) |
11842 | goto overflow; | |
11843 | break; | |
11844 | case R_X86_64_PC32: | |
11845 | val -= (u64)loc; | |
ae4e228f | 11846 | + pax_open_kernel(); |
58c5fc13 | 11847 | *(u32 *)loc = val; |
ae4e228f | 11848 | + pax_close_kernel(); |
58c5fc13 MT |
11849 | + |
11850 | #if 0 | |
11851 | if ((s64)val != *(s32 *)loc) | |
11852 | goto overflow; | |
ae4e228f MT |
11853 | diff -urNp linux-2.6.33.1/arch/x86/kernel/paravirt.c linux-2.6.33.1/arch/x86/kernel/paravirt.c |
11854 | --- linux-2.6.33.1/arch/x86/kernel/paravirt.c 2010-03-15 12:09:39.000000000 -0400 | |
11855 | +++ linux-2.6.33.1/arch/x86/kernel/paravirt.c 2010-03-20 16:58:39.012867487 -0400 | |
11856 | @@ -120,9 +120,9 @@ unsigned paravirt_patch_jmp(void *insnbu | |
58c5fc13 MT |
11857 | |
11858 | /* Neat trick to map patch type back to the call within the | |
11859 | * corresponding structure. */ | |
11860 | -static void *get_call_destination(u8 type) | |
11861 | +static const void *get_call_destination(u8 type) | |
11862 | { | |
11863 | - struct paravirt_patch_template tmpl = { | |
11864 | + const struct paravirt_patch_template tmpl = { | |
11865 | .pv_init_ops = pv_init_ops, | |
11866 | .pv_time_ops = pv_time_ops, | |
11867 | .pv_cpu_ops = pv_cpu_ops, | |
ae4e228f | 11868 | @@ -133,13 +133,13 @@ static void *get_call_destination(u8 typ |
58c5fc13 MT |
11869 | .pv_lock_ops = pv_lock_ops, |
11870 | #endif | |
11871 | }; | |
11872 | - return *((void **)&tmpl + type); | |
11873 | + return *((const void **)&tmpl + type); | |
11874 | } | |
11875 | ||
11876 | unsigned paravirt_patch_default(u8 type, u16 clobbers, void *insnbuf, | |
11877 | unsigned long addr, unsigned len) | |
11878 | { | |
11879 | - void *opfunc = get_call_destination(type); | |
11880 | + const void *opfunc = get_call_destination(type); | |
11881 | unsigned ret; | |
11882 | ||
11883 | if (opfunc == NULL) | |
ae4e228f | 11884 | @@ -178,7 +178,7 @@ unsigned paravirt_patch_insns(void *insn |
58c5fc13 MT |
11885 | if (insn_len > len || start == NULL) |
11886 | insn_len = len; | |
11887 | else | |
11888 | - memcpy(insnbuf, start, insn_len); | |
11889 | + memcpy(insnbuf, ktla_ktva(start), insn_len); | |
11890 | ||
11891 | return insn_len; | |
11892 | } | |
ae4e228f | 11893 | @@ -294,22 +294,22 @@ void arch_flush_lazy_mmu_mode(void) |
58c5fc13 MT |
11894 | preempt_enable(); |
11895 | } | |
11896 | ||
11897 | -struct pv_info pv_info = { | |
11898 | +struct pv_info pv_info __read_only = { | |
11899 | .name = "bare hardware", | |
11900 | .paravirt_enabled = 0, | |
11901 | .kernel_rpl = 0, | |
11902 | .shared_kernel_pmd = 1, /* Only used when CONFIG_X86_PAE is set */ | |
11903 | }; | |
11904 | ||
11905 | -struct pv_init_ops pv_init_ops = { | |
11906 | +struct pv_init_ops pv_init_ops __read_only = { | |
11907 | .patch = native_patch, | |
58c5fc13 MT |
11908 | }; |
11909 | ||
11910 | -struct pv_time_ops pv_time_ops = { | |
11911 | +struct pv_time_ops pv_time_ops __read_only = { | |
ae4e228f | 11912 | .sched_clock = native_sched_clock, |
58c5fc13 MT |
11913 | }; |
11914 | ||
11915 | -struct pv_irq_ops pv_irq_ops = { | |
11916 | +struct pv_irq_ops pv_irq_ops __read_only = { | |
58c5fc13 MT |
11917 | .save_fl = __PV_IS_CALLEE_SAVE(native_save_fl), |
11918 | .restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl), | |
ae4e228f MT |
11919 | .irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable), |
11920 | @@ -321,7 +321,7 @@ struct pv_irq_ops pv_irq_ops = { | |
58c5fc13 MT |
11921 | #endif |
11922 | }; | |
11923 | ||
11924 | -struct pv_cpu_ops pv_cpu_ops = { | |
11925 | +struct pv_cpu_ops pv_cpu_ops __read_only = { | |
11926 | .cpuid = native_cpuid, | |
11927 | .get_debugreg = native_get_debugreg, | |
11928 | .set_debugreg = native_set_debugreg, | |
ae4e228f | 11929 | @@ -382,7 +382,7 @@ struct pv_cpu_ops pv_cpu_ops = { |
58c5fc13 MT |
11930 | .end_context_switch = paravirt_nop, |
11931 | }; | |
11932 | ||
11933 | -struct pv_apic_ops pv_apic_ops = { | |
11934 | +struct pv_apic_ops pv_apic_ops __read_only = { | |
11935 | #ifdef CONFIG_X86_LOCAL_APIC | |
ae4e228f MT |
11936 | .startup_ipi_hook = paravirt_nop, |
11937 | #endif | |
11938 | @@ -396,7 +396,7 @@ struct pv_apic_ops pv_apic_ops = { | |
58c5fc13 MT |
11939 | #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_64) |
11940 | #endif | |
11941 | ||
11942 | -struct pv_mmu_ops pv_mmu_ops = { | |
11943 | +struct pv_mmu_ops pv_mmu_ops __read_only = { | |
ae4e228f MT |
11944 | |
11945 | .read_cr2 = native_read_cr2, | |
11946 | .write_cr2 = native_write_cr2, | |
11947 | @@ -467,6 +467,12 @@ struct pv_mmu_ops pv_mmu_ops = { | |
11948 | }, | |
11949 | ||
11950 | .set_fixmap = native_set_fixmap, | |
11951 | + | |
11952 | +#ifdef CONFIG_PAX_KERNEXEC | |
11953 | + .pax_open_kernel = native_pax_open_kernel, | |
11954 | + .pax_close_kernel = native_pax_close_kernel, | |
11955 | +#endif | |
11956 | + | |
11957 | }; | |
11958 | ||
11959 | EXPORT_SYMBOL_GPL(pv_time_ops); | |
11960 | diff -urNp linux-2.6.33.1/arch/x86/kernel/paravirt-spinlocks.c linux-2.6.33.1/arch/x86/kernel/paravirt-spinlocks.c | |
11961 | --- linux-2.6.33.1/arch/x86/kernel/paravirt-spinlocks.c 2010-03-15 12:09:39.000000000 -0400 | |
11962 | +++ linux-2.6.33.1/arch/x86/kernel/paravirt-spinlocks.c 2010-03-20 16:58:39.012867487 -0400 | |
11963 | @@ -13,7 +13,7 @@ default_spin_lock_flags(arch_spinlock_t | |
11964 | arch_spin_lock(lock); | |
58c5fc13 MT |
11965 | } |
11966 | ||
11967 | -struct pv_lock_ops pv_lock_ops = { | |
11968 | +struct pv_lock_ops pv_lock_ops __read_only = { | |
11969 | #ifdef CONFIG_SMP | |
11970 | .spin_is_locked = __ticket_spin_is_locked, | |
11971 | .spin_is_contended = __ticket_spin_is_contended, | |
ae4e228f MT |
11972 | diff -urNp linux-2.6.33.1/arch/x86/kernel/pci-calgary_64.c linux-2.6.33.1/arch/x86/kernel/pci-calgary_64.c |
11973 | --- linux-2.6.33.1/arch/x86/kernel/pci-calgary_64.c 2010-03-15 12:09:39.000000000 -0400 | |
11974 | +++ linux-2.6.33.1/arch/x86/kernel/pci-calgary_64.c 2010-03-20 16:58:39.012867487 -0400 | |
11975 | @@ -470,7 +470,7 @@ static void calgary_free_coherent(struct | |
11976 | free_pages((unsigned long)vaddr, get_order(size)); | |
11977 | } | |
11978 | ||
11979 | -static struct dma_map_ops calgary_dma_ops = { | |
11980 | +static const struct dma_map_ops calgary_dma_ops = { | |
11981 | .alloc_coherent = calgary_alloc_coherent, | |
11982 | .free_coherent = calgary_free_coherent, | |
11983 | .map_sg = calgary_map_sg, | |
11984 | diff -urNp linux-2.6.33.1/arch/x86/kernel/pci-dma.c linux-2.6.33.1/arch/x86/kernel/pci-dma.c | |
11985 | --- linux-2.6.33.1/arch/x86/kernel/pci-dma.c 2010-03-15 12:09:39.000000000 -0400 | |
11986 | +++ linux-2.6.33.1/arch/x86/kernel/pci-dma.c 2010-03-20 16:58:39.012867487 -0400 | |
11987 | @@ -15,7 +15,7 @@ | |
11988 | ||
11989 | static int forbid_dac __read_mostly; | |
11990 | ||
11991 | -struct dma_map_ops *dma_ops = &nommu_dma_ops; | |
11992 | +const struct dma_map_ops *dma_ops = &nommu_dma_ops; | |
11993 | EXPORT_SYMBOL(dma_ops); | |
11994 | ||
11995 | static int iommu_sac_force __read_mostly; | |
11996 | @@ -240,7 +240,7 @@ early_param("iommu", iommu_setup); | |
11997 | ||
11998 | int dma_supported(struct device *dev, u64 mask) | |
11999 | { | |
12000 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
12001 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
12002 | ||
12003 | #ifdef CONFIG_PCI | |
12004 | if (mask > 0xffffffff && forbid_dac > 0) { | |
12005 | diff -urNp linux-2.6.33.1/arch/x86/kernel/pci-gart_64.c linux-2.6.33.1/arch/x86/kernel/pci-gart_64.c | |
12006 | --- linux-2.6.33.1/arch/x86/kernel/pci-gart_64.c 2010-03-15 12:09:39.000000000 -0400 | |
12007 | +++ linux-2.6.33.1/arch/x86/kernel/pci-gart_64.c 2010-03-20 16:58:39.012867487 -0400 | |
12008 | @@ -695,7 +695,7 @@ static __init int init_k8_gatt(struct ag | |
12009 | return -1; | |
12010 | } | |
12011 | ||
12012 | -static struct dma_map_ops gart_dma_ops = { | |
12013 | +static const struct dma_map_ops gart_dma_ops = { | |
12014 | .map_sg = gart_map_sg, | |
12015 | .unmap_sg = gart_unmap_sg, | |
12016 | .map_page = gart_map_page, | |
12017 | diff -urNp linux-2.6.33.1/arch/x86/kernel/pci-nommu.c linux-2.6.33.1/arch/x86/kernel/pci-nommu.c | |
12018 | --- linux-2.6.33.1/arch/x86/kernel/pci-nommu.c 2010-03-15 12:09:39.000000000 -0400 | |
12019 | +++ linux-2.6.33.1/arch/x86/kernel/pci-nommu.c 2010-03-20 16:58:39.012867487 -0400 | |
12020 | @@ -94,7 +94,7 @@ static void nommu_sync_sg_for_device(str | |
12021 | flush_write_buffers(); | |
12022 | } | |
12023 | ||
12024 | -struct dma_map_ops nommu_dma_ops = { | |
12025 | +const struct dma_map_ops nommu_dma_ops = { | |
12026 | .alloc_coherent = dma_generic_alloc_coherent, | |
12027 | .free_coherent = nommu_free_coherent, | |
12028 | .map_sg = nommu_map_sg, | |
12029 | diff -urNp linux-2.6.33.1/arch/x86/kernel/pci-swiotlb.c linux-2.6.33.1/arch/x86/kernel/pci-swiotlb.c | |
12030 | --- linux-2.6.33.1/arch/x86/kernel/pci-swiotlb.c 2010-03-15 12:09:39.000000000 -0400 | |
12031 | +++ linux-2.6.33.1/arch/x86/kernel/pci-swiotlb.c 2010-03-20 16:58:39.012867487 -0400 | |
12032 | @@ -25,7 +25,7 @@ static void *x86_swiotlb_alloc_coherent( | |
12033 | return swiotlb_alloc_coherent(hwdev, size, dma_handle, flags); | |
12034 | } | |
12035 | ||
12036 | -static struct dma_map_ops swiotlb_dma_ops = { | |
12037 | +static const struct dma_map_ops swiotlb_dma_ops = { | |
12038 | .mapping_error = swiotlb_dma_mapping_error, | |
12039 | .alloc_coherent = x86_swiotlb_alloc_coherent, | |
12040 | .free_coherent = swiotlb_free_coherent, | |
12041 | diff -urNp linux-2.6.33.1/arch/x86/kernel/process_32.c linux-2.6.33.1/arch/x86/kernel/process_32.c | |
12042 | --- linux-2.6.33.1/arch/x86/kernel/process_32.c 2010-03-15 12:09:39.000000000 -0400 | |
12043 | +++ linux-2.6.33.1/arch/x86/kernel/process_32.c 2010-03-20 16:58:39.012867487 -0400 | |
12044 | @@ -66,6 +66,7 @@ asmlinkage void ret_from_fork(void) __as | |
58c5fc13 MT |
12045 | unsigned long thread_saved_pc(struct task_struct *tsk) |
12046 | { | |
12047 | return ((unsigned long *)tsk->thread.sp)[3]; | |
12048 | +//XXX return tsk->thread.eip; | |
12049 | } | |
12050 | ||
12051 | #ifndef CONFIG_SMP | |
ae4e228f MT |
12052 | @@ -127,7 +128,7 @@ void __show_regs(struct pt_regs *regs, i |
12053 | unsigned long sp; | |
58c5fc13 | 12054 | unsigned short ss, gs; |
58c5fc13 MT |
12055 | |
12056 | - if (user_mode_vm(regs)) { | |
12057 | + if (user_mode(regs)) { | |
12058 | sp = regs->sp; | |
12059 | ss = regs->ss & 0xffff; | |
12060 | gs = get_user_gs(regs); | |
ae4e228f | 12061 | @@ -203,7 +204,7 @@ int copy_thread(unsigned long clone_flag |
58c5fc13 MT |
12062 | struct task_struct *tsk; |
12063 | int err; | |
12064 | ||
12065 | - childregs = task_pt_regs(p); | |
12066 | + childregs = task_stack_page(p) + THREAD_SIZE - sizeof(struct pt_regs) - 8; | |
12067 | *childregs = *regs; | |
12068 | childregs->ax = 0; | |
12069 | childregs->sp = sp; | |
ae4e228f | 12070 | @@ -237,6 +238,7 @@ int copy_thread(unsigned long clone_flag |
58c5fc13 MT |
12071 | * Set a new TLS for the child thread? |
12072 | */ | |
12073 | if (clone_flags & CLONE_SETTLS) | |
12074 | +//XXX needs set_fs()? | |
12075 | err = do_set_thread_area(p, -1, | |
12076 | (struct user_desc __user *)childregs->si, 0); | |
12077 | ||
ae4e228f | 12078 | @@ -307,7 +309,7 @@ __switch_to(struct task_struct *prev_p, |
58c5fc13 MT |
12079 | struct thread_struct *prev = &prev_p->thread, |
12080 | *next = &next_p->thread; | |
12081 | int cpu = smp_processor_id(); | |
12082 | - struct tss_struct *tss = &per_cpu(init_tss, cpu); | |
12083 | + struct tss_struct *tss = init_tss + cpu; | |
ae4e228f | 12084 | bool preload_fpu; |
58c5fc13 MT |
12085 | |
12086 | /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ | |
ae4e228f | 12087 | @@ -342,6 +344,11 @@ __switch_to(struct task_struct *prev_p, |
58c5fc13 MT |
12088 | */ |
12089 | lazy_save_gs(prev->gs); | |
12090 | ||
12091 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | |
12092 | + if (!segment_eq(task_thread_info(prev_p)->addr_limit, task_thread_info(next_p)->addr_limit)) | |
12093 | + __set_fs(task_thread_info(next_p)->addr_limit, cpu); | |
12094 | +#endif | |
12095 | + | |
12096 | /* | |
12097 | * Load the per-thread Thread-Local Storage descriptor. | |
12098 | */ | |
ae4e228f | 12099 | @@ -418,3 +425,27 @@ unsigned long get_wchan(struct task_stru |
58c5fc13 MT |
12100 | return 0; |
12101 | } | |
12102 | ||
12103 | +#ifdef CONFIG_PAX_RANDKSTACK | |
12104 | +asmlinkage void pax_randomize_kstack(void) | |
12105 | +{ | |
12106 | + struct thread_struct *thread = ¤t->thread; | |
12107 | + unsigned long time; | |
12108 | + | |
12109 | + if (!randomize_va_space) | |
12110 | + return; | |
12111 | + | |
12112 | + rdtscl(time); | |
12113 | + | |
12114 | + /* P4 seems to return a 0 LSB, ignore it */ | |
12115 | +#ifdef CONFIG_MPENTIUM4 | |
12116 | + time &= 0x1EUL; | |
12117 | + time <<= 2; | |
12118 | +#else | |
12119 | + time &= 0xFUL; | |
12120 | + time <<= 3; | |
12121 | +#endif | |
12122 | + | |
12123 | + thread->sp0 ^= time; | |
12124 | + load_sp0(init_tss + smp_processor_id(), thread); | |
12125 | +} | |
12126 | +#endif | |
ae4e228f MT |
12127 | diff -urNp linux-2.6.33.1/arch/x86/kernel/process_64.c linux-2.6.33.1/arch/x86/kernel/process_64.c |
12128 | --- linux-2.6.33.1/arch/x86/kernel/process_64.c 2010-03-15 12:09:39.000000000 -0400 | |
12129 | +++ linux-2.6.33.1/arch/x86/kernel/process_64.c 2010-03-20 16:58:39.012867487 -0400 | |
12130 | @@ -88,7 +88,7 @@ static void __exit_idle(void) | |
58c5fc13 MT |
12131 | void exit_idle(void) |
12132 | { | |
12133 | /* idle loop has pid 0 */ | |
12134 | - if (current->pid) | |
12135 | + if (task_pid_nr(current)) | |
12136 | return; | |
12137 | __exit_idle(); | |
12138 | } | |
ae4e228f | 12139 | @@ -389,7 +389,7 @@ __switch_to(struct task_struct *prev_p, |
58c5fc13 MT |
12140 | struct thread_struct *prev = &prev_p->thread; |
12141 | struct thread_struct *next = &next_p->thread; | |
12142 | int cpu = smp_processor_id(); | |
12143 | - struct tss_struct *tss = &per_cpu(init_tss, cpu); | |
12144 | + struct tss_struct *tss = init_tss + cpu; | |
12145 | unsigned fsindex, gsindex; | |
ae4e228f | 12146 | bool preload_fpu; |
58c5fc13 | 12147 | |
ae4e228f | 12148 | @@ -542,12 +542,11 @@ unsigned long get_wchan(struct task_stru |
58c5fc13 MT |
12149 | if (!p || p == current || p->state == TASK_RUNNING) |
12150 | return 0; | |
12151 | stack = (unsigned long)task_stack_page(p); | |
12152 | - if (p->thread.sp < stack || p->thread.sp >= stack+THREAD_SIZE) | |
12153 | + if (p->thread.sp < stack || p->thread.sp > stack+THREAD_SIZE-8-sizeof(u64)) | |
12154 | return 0; | |
12155 | fp = *(u64 *)(p->thread.sp); | |
12156 | do { | |
12157 | - if (fp < (unsigned long)stack || | |
12158 | - fp >= (unsigned long)stack+THREAD_SIZE) | |
12159 | + if (fp < stack || fp > stack+THREAD_SIZE-8-sizeof(u64)) | |
12160 | return 0; | |
12161 | ip = *(u64 *)(fp+8); | |
12162 | if (!in_sched_functions(ip)) | |
ae4e228f MT |
12163 | diff -urNp linux-2.6.33.1/arch/x86/kernel/process.c linux-2.6.33.1/arch/x86/kernel/process.c |
12164 | --- linux-2.6.33.1/arch/x86/kernel/process.c 2010-03-15 12:09:39.000000000 -0400 | |
12165 | +++ linux-2.6.33.1/arch/x86/kernel/process.c 2010-03-20 16:58:39.012867487 -0400 | |
12166 | @@ -78,7 +78,7 @@ void exit_thread(void) | |
58c5fc13 MT |
12167 | unsigned long *bp = t->io_bitmap_ptr; |
12168 | ||
12169 | if (bp) { | |
12170 | - struct tss_struct *tss = &per_cpu(init_tss, get_cpu()); | |
12171 | + struct tss_struct *tss = init_tss + get_cpu(); | |
12172 | ||
12173 | t->io_bitmap_ptr = NULL; | |
12174 | clear_thread_flag(TIF_IO_BITMAP); | |
ae4e228f | 12175 | @@ -105,7 +105,7 @@ void show_regs_common(void) |
58c5fc13 | 12176 | |
ae4e228f MT |
12177 | printk(KERN_CONT "\n"); |
12178 | printk(KERN_DEFAULT "Pid: %d, comm: %.20s %s %s %.*s %s/%s\n", | |
12179 | - current->pid, current->comm, print_tainted(), | |
12180 | + task_pid_nr(current), current->comm, print_tainted(), | |
12181 | init_utsname()->release, | |
12182 | (int)strcspn(init_utsname()->version, " "), | |
12183 | init_utsname()->version, board, product); | |
12184 | @@ -115,6 +115,9 @@ void flush_thread(void) | |
12185 | { | |
12186 | struct task_struct *tsk = current; | |
58c5fc13 MT |
12187 | |
12188 | +#if defined(CONFIG_X86_32) && !defined(CONFIG_CC_STACKPROTECTOR) | |
12189 | + loadsegment(gs, 0); | |
12190 | +#endif | |
ae4e228f MT |
12191 | flush_ptrace_hw_breakpoint(tsk); |
12192 | memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array)); | |
12193 | /* | |
12194 | @@ -272,8 +275,8 @@ int kernel_thread(int (*fn)(void *), voi | |
12195 | regs.di = (unsigned long) arg; | |
12196 | ||
12197 | #ifdef CONFIG_X86_32 | |
12198 | - regs.ds = __USER_DS; | |
12199 | - regs.es = __USER_DS; | |
12200 | + regs.ds = __KERNEL_DS; | |
12201 | + regs.es = __KERNEL_DS; | |
12202 | regs.fs = __KERNEL_PERCPU; | |
12203 | regs.gs = __KERNEL_STACK_CANARY; | |
12204 | #else | |
12205 | @@ -664,17 +667,3 @@ static int __init idle_setup(char *str) | |
58c5fc13 MT |
12206 | return 0; |
12207 | } | |
12208 | early_param("idle", idle_setup); | |
12209 | - | |
12210 | -unsigned long arch_align_stack(unsigned long sp) | |
12211 | -{ | |
12212 | - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space) | |
12213 | - sp -= get_random_int() % 8192; | |
12214 | - return sp & ~0xf; | |
12215 | -} | |
12216 | - | |
12217 | -unsigned long arch_randomize_brk(struct mm_struct *mm) | |
12218 | -{ | |
12219 | - unsigned long range_end = mm->brk + 0x02000000; | |
12220 | - return randomize_range(mm->brk, range_end, 0) ? : mm->brk; | |
12221 | -} | |
12222 | - | |
ae4e228f MT |
12223 | diff -urNp linux-2.6.33.1/arch/x86/kernel/ptrace.c linux-2.6.33.1/arch/x86/kernel/ptrace.c |
12224 | --- linux-2.6.33.1/arch/x86/kernel/ptrace.c 2010-03-15 12:09:39.000000000 -0400 | |
12225 | +++ linux-2.6.33.1/arch/x86/kernel/ptrace.c 2010-03-20 16:58:39.012867487 -0400 | |
12226 | @@ -1167,7 +1167,7 @@ static const struct user_regset_view use | |
12227 | long arch_ptrace(struct task_struct *child, long request, long addr, long data) | |
12228 | { | |
12229 | int ret; | |
12230 | - unsigned long __user *datap = (unsigned long __user *)data; | |
12231 | + unsigned long __user *datap = (__force unsigned long __user *)data; | |
12232 | ||
12233 | switch (request) { | |
12234 | /* read the word at location addr in the USER area. */ | |
12235 | @@ -1254,14 +1254,14 @@ long arch_ptrace(struct task_struct *chi | |
12236 | if (addr < 0) | |
12237 | return -EIO; | |
12238 | ret = do_get_thread_area(child, addr, | |
12239 | - (struct user_desc __user *) data); | |
12240 | + (__force struct user_desc __user *) data); | |
12241 | break; | |
12242 | ||
12243 | case PTRACE_SET_THREAD_AREA: | |
12244 | if (addr < 0) | |
12245 | return -EIO; | |
12246 | ret = do_set_thread_area(child, addr, | |
12247 | - (struct user_desc __user *) data, 0); | |
12248 | + (__force struct user_desc __user *) data, 0); | |
12249 | break; | |
12250 | #endif | |
12251 | ||
12252 | @@ -1280,12 +1280,12 @@ long arch_ptrace(struct task_struct *chi | |
12253 | #ifdef CONFIG_X86_PTRACE_BTS | |
12254 | case PTRACE_BTS_CONFIG: | |
12255 | ret = ptrace_bts_config | |
12256 | - (child, data, (struct ptrace_bts_config __user *)addr); | |
12257 | + (child, data, (__force struct ptrace_bts_config __user *)addr); | |
12258 | break; | |
12259 | ||
12260 | case PTRACE_BTS_STATUS: | |
12261 | ret = ptrace_bts_status | |
12262 | - (child, data, (struct ptrace_bts_config __user *)addr); | |
12263 | + (child, data, (__force struct ptrace_bts_config __user *)addr); | |
12264 | break; | |
12265 | ||
12266 | case PTRACE_BTS_SIZE: | |
12267 | @@ -1294,7 +1294,7 @@ long arch_ptrace(struct task_struct *chi | |
12268 | ||
12269 | case PTRACE_BTS_GET: | |
12270 | ret = ptrace_bts_read_record | |
12271 | - (child, data, (struct bts_struct __user *) addr); | |
12272 | + (child, data, (__force struct bts_struct __user *) addr); | |
12273 | break; | |
12274 | ||
12275 | case PTRACE_BTS_CLEAR: | |
12276 | @@ -1303,7 +1303,7 @@ long arch_ptrace(struct task_struct *chi | |
12277 | ||
12278 | case PTRACE_BTS_DRAIN: | |
12279 | ret = ptrace_bts_drain | |
12280 | - (child, data, (struct bts_struct __user *) addr); | |
12281 | + (child, data, (__force struct bts_struct __user *) addr); | |
12282 | break; | |
12283 | #endif /* CONFIG_X86_PTRACE_BTS */ | |
12284 | ||
12285 | @@ -1690,7 +1690,7 @@ static void fill_sigtrap_info(struct tas | |
12286 | memset(info, 0, sizeof(*info)); | |
12287 | info->si_signo = SIGTRAP; | |
12288 | info->si_code = si_code; | |
12289 | - info->si_addr = user_mode_vm(regs) ? (void __user *)regs->ip : NULL; | |
12290 | + info->si_addr = user_mode(regs) ? (__force void __user *)regs->ip : NULL; | |
12291 | } | |
12292 | ||
12293 | void user_single_step_siginfo(struct task_struct *tsk, | |
12294 | diff -urNp linux-2.6.33.1/arch/x86/kernel/reboot.c linux-2.6.33.1/arch/x86/kernel/reboot.c | |
12295 | --- linux-2.6.33.1/arch/x86/kernel/reboot.c 2010-03-15 12:09:39.000000000 -0400 | |
12296 | +++ linux-2.6.33.1/arch/x86/kernel/reboot.c 2010-03-20 16:58:39.016512700 -0400 | |
12297 | @@ -33,7 +33,7 @@ void (*pm_power_off)(void); | |
58c5fc13 MT |
12298 | EXPORT_SYMBOL(pm_power_off); |
12299 | ||
12300 | static const struct desc_ptr no_idt = {}; | |
12301 | -static int reboot_mode; | |
12302 | +static unsigned short reboot_mode; | |
12303 | enum reboot_type reboot_type = BOOT_KBD; | |
12304 | int reboot_force; | |
12305 | ||
ae4e228f MT |
12306 | @@ -276,7 +276,7 @@ static struct dmi_system_id __initdata r |
12307 | DMI_MATCH(DMI_BOARD_NAME, "P4S800"), | |
58c5fc13 MT |
12308 | }, |
12309 | }, | |
12310 | - { } | |
12311 | + { NULL, NULL, {{0, {0}}}, NULL} | |
12312 | }; | |
12313 | ||
12314 | static int __init reboot_init(void) | |
ae4e228f | 12315 | @@ -292,12 +292,12 @@ core_initcall(reboot_init); |
58c5fc13 MT |
12316 | controller to pulse the CPU reset line, which is more thorough, but |
12317 | doesn't work with at least one type of 486 motherboard. It is easy | |
12318 | to stop this code working; hence the copious comments. */ | |
12319 | -static const unsigned long long | |
12320 | -real_mode_gdt_entries [3] = | |
12321 | +static struct desc_struct | |
12322 | +real_mode_gdt_entries [3] __read_only = | |
12323 | { | |
12324 | - 0x0000000000000000ULL, /* Null descriptor */ | |
12325 | - 0x00009b000000ffffULL, /* 16-bit real-mode 64k code at 0x00000000 */ | |
12326 | - 0x000093000100ffffULL /* 16-bit real-mode 64k data at 0x00000100 */ | |
ae4e228f MT |
12327 | + GDT_ENTRY_INIT(0, 0, 0), /* Null descriptor */ |
12328 | + GDT_ENTRY_INIT(0x9b, 0, 0xffff), /* 16-bit real-mode 64k code at 0x00000000 */ | |
12329 | + GDT_ENTRY_INIT(0x93, 0x100, 0xffff) /* 16-bit real-mode 64k data at 0x00000100 */ | |
58c5fc13 MT |
12330 | }; |
12331 | ||
12332 | static const struct desc_ptr | |
ae4e228f | 12333 | @@ -346,7 +346,7 @@ static const unsigned char jump_to_bios |
58c5fc13 MT |
12334 | * specified by the code and length parameters. |
12335 | * We assume that length will aways be less that 100! | |
12336 | */ | |
12337 | -void machine_real_restart(const unsigned char *code, int length) | |
12338 | +void machine_real_restart(const unsigned char *code, unsigned int length) | |
12339 | { | |
12340 | local_irq_disable(); | |
12341 | ||
ae4e228f | 12342 | @@ -366,8 +366,8 @@ void machine_real_restart(const unsigned |
58c5fc13 MT |
12343 | /* Remap the kernel at virtual address zero, as well as offset zero |
12344 | from the kernel segment. This assumes the kernel segment starts at | |
12345 | virtual address PAGE_OFFSET. */ | |
12346 | - memcpy(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY, | |
12347 | - sizeof(swapper_pg_dir [0]) * KERNEL_PGD_PTRS); | |
12348 | + clone_pgd_range(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY, | |
12349 | + min_t(unsigned long, KERNEL_PGD_PTRS, KERNEL_PGD_BOUNDARY)); | |
12350 | ||
12351 | /* | |
12352 | * Use `swapper_pg_dir' as our page directory. | |
ae4e228f | 12353 | @@ -379,16 +379,15 @@ void machine_real_restart(const unsigned |
58c5fc13 MT |
12354 | boot)". This seems like a fairly standard thing that gets set by |
12355 | REBOOT.COM programs, and the previous reset routine did this | |
12356 | too. */ | |
12357 | - *((unsigned short *)0x472) = reboot_mode; | |
12358 | + *(unsigned short *)(__va(0x472)) = reboot_mode; | |
12359 | ||
12360 | /* For the switch to real mode, copy some code to low memory. It has | |
12361 | to be in the first 64k because it is running in 16-bit mode, and it | |
12362 | has to have the same physical and virtual address, because it turns | |
12363 | off paging. Copy it near the end of the first page, out of the way | |
12364 | of BIOS variables. */ | |
12365 | - memcpy((void *)(0x1000 - sizeof(real_mode_switch) - 100), | |
12366 | - real_mode_switch, sizeof (real_mode_switch)); | |
12367 | - memcpy((void *)(0x1000 - 100), code, length); | |
12368 | + memcpy(__va(0x1000 - sizeof (real_mode_switch) - 100), real_mode_switch, sizeof (real_mode_switch)); | |
12369 | + memcpy(__va(0x1000 - 100), code, length); | |
12370 | ||
12371 | /* Set up the IDT for real mode. */ | |
12372 | load_idt(&real_mode_idt); | |
ae4e228f MT |
12373 | diff -urNp linux-2.6.33.1/arch/x86/kernel/setup.c linux-2.6.33.1/arch/x86/kernel/setup.c |
12374 | --- linux-2.6.33.1/arch/x86/kernel/setup.c 2010-03-15 12:09:39.000000000 -0400 | |
12375 | +++ linux-2.6.33.1/arch/x86/kernel/setup.c 2010-03-20 16:58:39.016512700 -0400 | |
12376 | @@ -749,14 +749,14 @@ void __init setup_arch(char **cmdline_p) | |
58c5fc13 MT |
12377 | |
12378 | if (!boot_params.hdr.root_flags) | |
12379 | root_mountflags &= ~MS_RDONLY; | |
12380 | - init_mm.start_code = (unsigned long) _text; | |
12381 | - init_mm.end_code = (unsigned long) _etext; | |
12382 | + init_mm.start_code = ktla_ktva((unsigned long) _text); | |
12383 | + init_mm.end_code = ktla_ktva((unsigned long) _etext); | |
12384 | init_mm.end_data = (unsigned long) _edata; | |
12385 | init_mm.brk = _brk_end; | |
12386 | ||
12387 | - code_resource.start = virt_to_phys(_text); | |
12388 | - code_resource.end = virt_to_phys(_etext)-1; | |
12389 | - data_resource.start = virt_to_phys(_etext); | |
12390 | + code_resource.start = virt_to_phys(ktla_ktva(_text)); | |
12391 | + code_resource.end = virt_to_phys(ktla_ktva(_etext))-1; | |
12392 | + data_resource.start = virt_to_phys(_sdata); | |
12393 | data_resource.end = virt_to_phys(_edata)-1; | |
12394 | bss_resource.start = virt_to_phys(&__bss_start); | |
12395 | bss_resource.end = virt_to_phys(&__bss_stop)-1; | |
ae4e228f MT |
12396 | diff -urNp linux-2.6.33.1/arch/x86/kernel/setup_percpu.c linux-2.6.33.1/arch/x86/kernel/setup_percpu.c |
12397 | --- linux-2.6.33.1/arch/x86/kernel/setup_percpu.c 2010-03-15 12:09:39.000000000 -0400 | |
12398 | +++ linux-2.6.33.1/arch/x86/kernel/setup_percpu.c 2010-03-20 16:58:39.016512700 -0400 | |
12399 | @@ -27,19 +27,17 @@ | |
12400 | # define DBG(fmt, ...) do { if (0) pr_dbg(fmt, ##__VA_ARGS__); } while (0) | |
58c5fc13 MT |
12401 | #endif |
12402 | ||
12403 | +#ifdef CONFIG_SMP | |
12404 | DEFINE_PER_CPU(int, cpu_number); | |
12405 | EXPORT_PER_CPU_SYMBOL(cpu_number); | |
12406 | +#endif | |
12407 | ||
12408 | -#ifdef CONFIG_X86_64 | |
12409 | #define BOOT_PERCPU_OFFSET ((unsigned long)__per_cpu_load) | |
12410 | -#else | |
12411 | -#define BOOT_PERCPU_OFFSET 0 | |
12412 | -#endif | |
12413 | ||
12414 | DEFINE_PER_CPU(unsigned long, this_cpu_off) = BOOT_PERCPU_OFFSET; | |
12415 | EXPORT_PER_CPU_SYMBOL(this_cpu_off); | |
12416 | ||
12417 | -unsigned long __per_cpu_offset[NR_CPUS] __read_mostly = { | |
12418 | +unsigned long __per_cpu_offset[NR_CPUS] __read_only = { | |
12419 | [0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET, | |
12420 | }; | |
12421 | EXPORT_SYMBOL(__per_cpu_offset); | |
ae4e228f | 12422 | @@ -161,10 +159,10 @@ static inline void setup_percpu_segment( |
58c5fc13 MT |
12423 | { |
12424 | #ifdef CONFIG_X86_32 | |
ae4e228f MT |
12425 | struct desc_struct gdt; |
12426 | + unsigned long base = per_cpu_offset(cpu); | |
12427 | ||
58c5fc13 MT |
12428 | - pack_descriptor(&gdt, per_cpu_offset(cpu), 0xFFFFF, |
12429 | - 0x2 | DESCTYPE_S, 0x8); | |
12430 | - gdt.s = 1; | |
ae4e228f MT |
12431 | + pack_descriptor(&gdt, base, (VMALLOC_END - base - 1) >> PAGE_SHIFT, |
12432 | + 0x83 | DESCTYPE_S, 0xC); | |
12433 | write_gdt_entry(get_cpu_gdt_table(cpu), | |
12434 | GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S); | |
58c5fc13 | 12435 | #endif |
ae4e228f | 12436 | @@ -213,6 +211,11 @@ void __init setup_per_cpu_areas(void) |
58c5fc13 MT |
12437 | /* alrighty, percpu areas up and running */ |
12438 | delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start; | |
12439 | for_each_possible_cpu(cpu) { | |
12440 | +#ifdef CONFIG_CC_STACKPROTECTOR | |
12441 | +#ifdef CONFIG_x86_32 | |
12442 | + unsigned long canary = per_cpu(stack_canary, cpu); | |
12443 | +#endif | |
12444 | +#endif | |
ae4e228f | 12445 | per_cpu_offset(cpu) = delta + pcpu_unit_offsets[cpu]; |
58c5fc13 MT |
12446 | per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu); |
12447 | per_cpu(cpu_number, cpu) = cpu; | |
ae4e228f | 12448 | @@ -240,6 +243,12 @@ void __init setup_per_cpu_areas(void) |
58c5fc13 MT |
12449 | early_per_cpu_map(x86_cpu_to_node_map, cpu); |
12450 | #endif | |
12451 | #endif | |
12452 | +#ifdef CONFIG_CC_STACKPROTECTOR | |
12453 | +#ifdef CONFIG_x86_32 | |
12454 | + if (cpu == boot_cpu_id) | |
12455 | + per_cpu(stack_canary, cpu) = canary; | |
12456 | +#endif | |
12457 | +#endif | |
12458 | /* | |
12459 | * Up to this point, the boot CPU has been using .data.init | |
12460 | * area. Reload any changed state for the boot CPU. | |
ae4e228f MT |
12461 | diff -urNp linux-2.6.33.1/arch/x86/kernel/signal.c linux-2.6.33.1/arch/x86/kernel/signal.c |
12462 | --- linux-2.6.33.1/arch/x86/kernel/signal.c 2010-03-15 12:09:39.000000000 -0400 | |
12463 | +++ linux-2.6.33.1/arch/x86/kernel/signal.c 2010-03-20 16:58:39.016512700 -0400 | |
12464 | @@ -198,7 +198,7 @@ static unsigned long align_sigframe(unsi | |
58c5fc13 MT |
12465 | * Align the stack pointer according to the i386 ABI, |
12466 | * i.e. so that on function entry ((sp + 4) & 15) == 0. | |
12467 | */ | |
12468 | - sp = ((sp + 4) & -16ul) - 4; | |
12469 | + sp = ((sp - 12) & -16ul) - 4; | |
12470 | #else /* !CONFIG_X86_32 */ | |
12471 | sp = round_down(sp, 16) - 8; | |
12472 | #endif | |
ae4e228f MT |
12473 | @@ -249,11 +249,11 @@ get_sigframe(struct k_sigaction *ka, str |
12474 | * Return an always-bogus address instead so we will die with SIGSEGV. | |
12475 | */ | |
12476 | if (onsigstack && !likely(on_sig_stack(sp))) | |
12477 | - return (void __user *)-1L; | |
12478 | + return (__force void __user *)-1L; | |
12479 | ||
12480 | /* save i387 state */ | |
12481 | if (used_math() && save_i387_xstate(*fpstate) < 0) | |
12482 | - return (void __user *)-1L; | |
12483 | + return (__force void __user *)-1L; | |
12484 | ||
12485 | return (void __user *)sp; | |
12486 | } | |
12487 | @@ -308,9 +308,9 @@ __setup_frame(int sig, struct k_sigactio | |
58c5fc13 MT |
12488 | } |
12489 | ||
12490 | if (current->mm->context.vdso) | |
12491 | - restorer = VDSO32_SYMBOL(current->mm->context.vdso, sigreturn); | |
ae4e228f | 12492 | + restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, sigreturn); |
58c5fc13 MT |
12493 | else |
12494 | - restorer = &frame->retcode; | |
12495 | + restorer = (void __user *)&frame->retcode; | |
12496 | if (ka->sa.sa_flags & SA_RESTORER) | |
12497 | restorer = ka->sa.sa_restorer; | |
12498 | ||
ae4e228f MT |
12499 | @@ -324,7 +324,7 @@ __setup_frame(int sig, struct k_sigactio |
12500 | * reasons and because gdb uses it as a signature to notice | |
12501 | * signal handler stack frames. | |
12502 | */ | |
12503 | - err |= __put_user(*((u64 *)&retcode), (u64 *)frame->retcode); | |
12504 | + err |= __put_user(*((u64 *)&retcode), (u64 __user *)frame->retcode); | |
12505 | ||
12506 | if (err) | |
12507 | return -EFAULT; | |
12508 | @@ -378,7 +378,7 @@ static int __setup_rt_frame(int sig, str | |
58c5fc13 MT |
12509 | err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set)); |
12510 | ||
12511 | /* Set up to return from userspace. */ | |
12512 | - restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); | |
ae4e228f | 12513 | + restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); |
58c5fc13 MT |
12514 | if (ka->sa.sa_flags & SA_RESTORER) |
12515 | restorer = ka->sa.sa_restorer; | |
12516 | put_user_ex(restorer, &frame->pretcode); | |
ae4e228f MT |
12517 | @@ -390,7 +390,7 @@ static int __setup_rt_frame(int sig, str |
12518 | * reasons and because gdb uses it as a signature to notice | |
12519 | * signal handler stack frames. | |
12520 | */ | |
12521 | - put_user_ex(*((u64 *)&rt_retcode), (u64 *)frame->retcode); | |
12522 | + put_user_ex(*((u64 *)&rt_retcode), (u64 __user *)frame->retcode); | |
12523 | } put_user_catch(err); | |
12524 | ||
12525 | if (err) | |
12526 | @@ -780,7 +780,7 @@ static void do_signal(struct pt_regs *re | |
58c5fc13 MT |
12527 | * X86_32: vm86 regs switched out by assembly code before reaching |
12528 | * here, so testing against kernel CS suffices. | |
12529 | */ | |
12530 | - if (!user_mode(regs)) | |
12531 | + if (!user_mode_novm(regs)) | |
12532 | return; | |
12533 | ||
12534 | if (current_thread_info()->status & TS_RESTORE_SIGMASK) | |
ae4e228f MT |
12535 | diff -urNp linux-2.6.33.1/arch/x86/kernel/smpboot.c linux-2.6.33.1/arch/x86/kernel/smpboot.c |
12536 | --- linux-2.6.33.1/arch/x86/kernel/smpboot.c 2010-03-15 12:09:39.000000000 -0400 | |
12537 | +++ linux-2.6.33.1/arch/x86/kernel/smpboot.c 2010-03-20 16:58:39.016512700 -0400 | |
12538 | @@ -750,7 +750,11 @@ do_rest: | |
58c5fc13 MT |
12539 | (unsigned long)task_stack_page(c_idle.idle) - |
12540 | KERNEL_STACK_OFFSET + THREAD_SIZE; | |
12541 | #endif | |
12542 | + | |
ae4e228f | 12543 | + pax_open_kernel(); |
58c5fc13 | 12544 | early_gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu); |
ae4e228f | 12545 | + pax_close_kernel(); |
58c5fc13 MT |
12546 | + |
12547 | initial_code = (unsigned long)start_secondary; | |
12548 | stack_start.sp = (void *) c_idle.idle->thread.sp; | |
12549 | ||
ae4e228f MT |
12550 | diff -urNp linux-2.6.33.1/arch/x86/kernel/step.c linux-2.6.33.1/arch/x86/kernel/step.c |
12551 | --- linux-2.6.33.1/arch/x86/kernel/step.c 2010-03-15 12:09:39.000000000 -0400 | |
12552 | +++ linux-2.6.33.1/arch/x86/kernel/step.c 2010-03-20 16:58:39.016512700 -0400 | |
12553 | @@ -27,10 +27,10 @@ unsigned long convert_ip_to_linear(struc | |
12554 | struct desc_struct *desc; | |
58c5fc13 MT |
12555 | unsigned long base; |
12556 | ||
12557 | - seg &= ~7UL; | |
12558 | + seg >>= 3; | |
12559 | ||
12560 | mutex_lock(&child->mm->context.lock); | |
12561 | - if (unlikely((seg >> 3) >= child->mm->context.size)) | |
58c5fc13 | 12562 | + if (unlikely(seg >= child->mm->context.size)) |
ae4e228f | 12563 | addr = -1L; /* bogus selector, access would fault */ |
58c5fc13 | 12564 | else { |
ae4e228f MT |
12565 | desc = child->mm->context.ldt + seg; |
12566 | @@ -53,6 +53,9 @@ static int is_setting_trap_flag(struct t | |
58c5fc13 MT |
12567 | unsigned char opcode[15]; |
12568 | unsigned long addr = convert_ip_to_linear(child, regs); | |
12569 | ||
12570 | + if (addr == -EINVAL) | |
12571 | + return 0; | |
12572 | + | |
12573 | copied = access_process_vm(child, addr, opcode, sizeof(opcode), 0); | |
12574 | for (i = 0; i < copied; i++) { | |
12575 | switch (opcode[i]) { | |
ae4e228f | 12576 | @@ -74,7 +77,7 @@ static int is_setting_trap_flag(struct t |
58c5fc13 MT |
12577 | |
12578 | #ifdef CONFIG_X86_64 | |
12579 | case 0x40 ... 0x4f: | |
12580 | - if (regs->cs != __USER_CS) | |
12581 | + if ((regs->cs & 0xffff) != __USER_CS) | |
12582 | /* 32-bit mode: register increment */ | |
12583 | return 0; | |
12584 | /* 64-bit mode: REX prefix */ | |
ae4e228f MT |
12585 | diff -urNp linux-2.6.33.1/arch/x86/kernel/syscall_table_32.S linux-2.6.33.1/arch/x86/kernel/syscall_table_32.S |
12586 | --- linux-2.6.33.1/arch/x86/kernel/syscall_table_32.S 2010-03-15 12:09:39.000000000 -0400 | |
12587 | +++ linux-2.6.33.1/arch/x86/kernel/syscall_table_32.S 2010-03-20 16:58:39.016512700 -0400 | |
58c5fc13 MT |
12588 | @@ -1,3 +1,4 @@ |
12589 | +.section .rodata,"a",@progbits | |
12590 | ENTRY(sys_call_table) | |
12591 | .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */ | |
12592 | .long sys_exit | |
ae4e228f MT |
12593 | diff -urNp linux-2.6.33.1/arch/x86/kernel/sys_i386_32.c linux-2.6.33.1/arch/x86/kernel/sys_i386_32.c |
12594 | --- linux-2.6.33.1/arch/x86/kernel/sys_i386_32.c 2010-03-15 12:09:39.000000000 -0400 | |
12595 | +++ linux-2.6.33.1/arch/x86/kernel/sys_i386_32.c 2010-03-20 16:58:39.016512700 -0400 | |
58c5fc13 MT |
12596 | @@ -24,6 +24,21 @@ |
12597 | ||
12598 | #include <asm/syscalls.h> | |
12599 | ||
12600 | +int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags) | |
12601 | +{ | |
12602 | + unsigned long pax_task_size = TASK_SIZE; | |
12603 | + | |
12604 | +#ifdef CONFIG_PAX_SEGMEXEC | |
12605 | + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) | |
12606 | + pax_task_size = SEGMEXEC_TASK_SIZE; | |
12607 | +#endif | |
12608 | + | |
12609 | + if (len > pax_task_size || addr > pax_task_size - len) | |
12610 | + return -EINVAL; | |
12611 | + | |
12612 | + return 0; | |
12613 | +} | |
12614 | + | |
ae4e228f MT |
12615 | /* |
12616 | * Perform the select(nd, in, out, ex, tv) and mmap() system | |
12617 | * calls. Linux/i386 didn't use to be able to handle more than | |
12618 | @@ -58,6 +73,205 @@ out: | |
58c5fc13 MT |
12619 | return err; |
12620 | } | |
12621 | ||
12622 | +unsigned long | |
12623 | +arch_get_unmapped_area(struct file *filp, unsigned long addr, | |
12624 | + unsigned long len, unsigned long pgoff, unsigned long flags) | |
12625 | +{ | |
12626 | + struct mm_struct *mm = current->mm; | |
12627 | + struct vm_area_struct *vma; | |
12628 | + unsigned long start_addr, pax_task_size = TASK_SIZE; | |
12629 | + | |
12630 | +#ifdef CONFIG_PAX_SEGMEXEC | |
12631 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
12632 | + pax_task_size = SEGMEXEC_TASK_SIZE; | |
12633 | +#endif | |
12634 | + | |
12635 | + if (len > pax_task_size) | |
12636 | + return -ENOMEM; | |
12637 | + | |
12638 | + if (flags & MAP_FIXED) | |
12639 | + return addr; | |
12640 | + | |
12641 | +#ifdef CONFIG_PAX_RANDMMAP | |
12642 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP)) | |
12643 | +#endif | |
12644 | + | |
12645 | + if (addr) { | |
12646 | + addr = PAGE_ALIGN(addr); | |
12647 | + vma = find_vma(mm, addr); | |
12648 | + if (pax_task_size - len >= addr && | |
12649 | + (!vma || addr + len <= vma->vm_start)) | |
12650 | + return addr; | |
12651 | + } | |
12652 | + if (len > mm->cached_hole_size) { | |
12653 | + start_addr = addr = mm->free_area_cache; | |
12654 | + } else { | |
12655 | + start_addr = addr = mm->mmap_base; | |
12656 | + mm->cached_hole_size = 0; | |
12657 | + } | |
12658 | + | |
12659 | +#ifdef CONFIG_PAX_PAGEEXEC | |
ae4e228f | 12660 | + if (!(__supported_pte_mask & _PAGE_NX) && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE) && start_addr >= mm->mmap_base) { |
58c5fc13 MT |
12661 | + start_addr = 0x00110000UL; |
12662 | + | |
12663 | +#ifdef CONFIG_PAX_RANDMMAP | |
12664 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
12665 | + start_addr += mm->delta_mmap & 0x03FFF000UL; | |
12666 | +#endif | |
12667 | + | |
12668 | + if (mm->start_brk <= start_addr && start_addr < mm->mmap_base) | |
12669 | + start_addr = addr = mm->mmap_base; | |
12670 | + else | |
12671 | + addr = start_addr; | |
12672 | + } | |
12673 | +#endif | |
12674 | + | |
12675 | +full_search: | |
12676 | + for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { | |
12677 | + /* At this point: (!vma || addr < vma->vm_end). */ | |
12678 | + if (pax_task_size - len < addr) { | |
12679 | + /* | |
12680 | + * Start a new search - just in case we missed | |
12681 | + * some holes. | |
12682 | + */ | |
12683 | + if (start_addr != mm->mmap_base) { | |
12684 | + start_addr = addr = mm->mmap_base; | |
12685 | + mm->cached_hole_size = 0; | |
12686 | + goto full_search; | |
12687 | + } | |
12688 | + return -ENOMEM; | |
12689 | + } | |
12690 | + if (!vma || addr + len <= vma->vm_start) { | |
12691 | + /* | |
12692 | + * Remember the place where we stopped the search: | |
12693 | + */ | |
12694 | + mm->free_area_cache = addr + len; | |
12695 | + return addr; | |
12696 | + } | |
12697 | + if (addr + mm->cached_hole_size < vma->vm_start) | |
12698 | + mm->cached_hole_size = vma->vm_start - addr; | |
12699 | + addr = vma->vm_end; | |
12700 | + if (mm->start_brk <= addr && addr < mm->mmap_base) { | |
12701 | + start_addr = addr = mm->mmap_base; | |
12702 | + mm->cached_hole_size = 0; | |
12703 | + goto full_search; | |
12704 | + } | |
12705 | + } | |
12706 | +} | |
12707 | + | |
12708 | +unsigned long | |
12709 | +arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, | |
12710 | + const unsigned long len, const unsigned long pgoff, | |
12711 | + const unsigned long flags) | |
12712 | +{ | |
12713 | + struct vm_area_struct *vma; | |
12714 | + struct mm_struct *mm = current->mm; | |
12715 | + unsigned long base = mm->mmap_base, addr = addr0, pax_task_size = TASK_SIZE; | |
12716 | + | |
12717 | +#ifdef CONFIG_PAX_SEGMEXEC | |
12718 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
12719 | + pax_task_size = SEGMEXEC_TASK_SIZE; | |
12720 | +#endif | |
12721 | + | |
12722 | + /* requested length too big for entire address space */ | |
12723 | + if (len > pax_task_size) | |
12724 | + return -ENOMEM; | |
12725 | + | |
12726 | + if (flags & MAP_FIXED) | |
12727 | + return addr; | |
12728 | + | |
12729 | +#ifdef CONFIG_PAX_PAGEEXEC | |
ae4e228f | 12730 | + if (!(__supported_pte_mask & _PAGE_NX) && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE)) |
58c5fc13 MT |
12731 | + goto bottomup; |
12732 | +#endif | |
12733 | + | |
12734 | +#ifdef CONFIG_PAX_RANDMMAP | |
12735 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP)) | |
12736 | +#endif | |
12737 | + | |
12738 | + /* requesting a specific address */ | |
12739 | + if (addr) { | |
12740 | + addr = PAGE_ALIGN(addr); | |
12741 | + vma = find_vma(mm, addr); | |
12742 | + if (pax_task_size - len >= addr && | |
12743 | + (!vma || addr + len <= vma->vm_start)) | |
12744 | + return addr; | |
12745 | + } | |
12746 | + | |
12747 | + /* check if free_area_cache is useful for us */ | |
12748 | + if (len <= mm->cached_hole_size) { | |
12749 | + mm->cached_hole_size = 0; | |
12750 | + mm->free_area_cache = mm->mmap_base; | |
12751 | + } | |
12752 | + | |
12753 | + /* either no address requested or can't fit in requested address hole */ | |
12754 | + addr = mm->free_area_cache; | |
12755 | + | |
12756 | + /* make sure it can fit in the remaining address space */ | |
12757 | + if (addr > len) { | |
12758 | + vma = find_vma(mm, addr-len); | |
12759 | + if (!vma || addr <= vma->vm_start) | |
12760 | + /* remember the address as a hint for next time */ | |
12761 | + return (mm->free_area_cache = addr-len); | |
12762 | + } | |
12763 | + | |
12764 | + if (mm->mmap_base < len) | |
12765 | + goto bottomup; | |
12766 | + | |
12767 | + addr = mm->mmap_base-len; | |
12768 | + | |
12769 | + do { | |
12770 | + /* | |
12771 | + * Lookup failure means no vma is above this address, | |
12772 | + * else if new region fits below vma->vm_start, | |
12773 | + * return with success: | |
12774 | + */ | |
12775 | + vma = find_vma(mm, addr); | |
12776 | + if (!vma || addr+len <= vma->vm_start) | |
12777 | + /* remember the address as a hint for next time */ | |
12778 | + return (mm->free_area_cache = addr); | |
12779 | + | |
12780 | + /* remember the largest hole we saw so far */ | |
12781 | + if (addr + mm->cached_hole_size < vma->vm_start) | |
12782 | + mm->cached_hole_size = vma->vm_start - addr; | |
12783 | + | |
12784 | + /* try just below the current vma->vm_start */ | |
12785 | + addr = vma->vm_start-len; | |
12786 | + } while (len < vma->vm_start); | |
12787 | + | |
12788 | +bottomup: | |
12789 | + /* | |
12790 | + * A failed mmap() very likely causes application failure, | |
12791 | + * so fall back to the bottom-up function here. This scenario | |
12792 | + * can happen with large stack limits and large mmap() | |
12793 | + * allocations. | |
12794 | + */ | |
12795 | + | |
12796 | +#ifdef CONFIG_PAX_SEGMEXEC | |
12797 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
12798 | + mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE; | |
12799 | + else | |
12800 | +#endif | |
12801 | + | |
12802 | + mm->mmap_base = TASK_UNMAPPED_BASE; | |
12803 | + | |
12804 | +#ifdef CONFIG_PAX_RANDMMAP | |
12805 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
12806 | + mm->mmap_base += mm->delta_mmap; | |
12807 | +#endif | |
12808 | + | |
12809 | + mm->free_area_cache = mm->mmap_base; | |
12810 | + mm->cached_hole_size = ~0UL; | |
12811 | + addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags); | |
12812 | + /* | |
12813 | + * Restore the topdown base: | |
12814 | + */ | |
12815 | + mm->mmap_base = base; | |
12816 | + mm->free_area_cache = base; | |
12817 | + mm->cached_hole_size = ~0UL; | |
12818 | + | |
12819 | + return addr; | |
12820 | +} | |
12821 | ||
12822 | struct sel_arg_struct { | |
12823 | unsigned long n; | |
ae4e228f MT |
12824 | @@ -93,7 +307,7 @@ asmlinkage int sys_ipc(uint call, int fi |
12825 | return sys_semtimedop(first, (struct sembuf __user *)ptr, second, NULL); | |
12826 | case SEMTIMEDOP: | |
12827 | return sys_semtimedop(first, (struct sembuf __user *)ptr, second, | |
12828 | - (const struct timespec __user *)fifth); | |
12829 | + (__force const struct timespec __user *)fifth); | |
12830 | ||
12831 | case SEMGET: | |
12832 | return sys_semget(first, second, third); | |
12833 | @@ -140,7 +354,7 @@ asmlinkage int sys_ipc(uint call, int fi | |
12834 | ret = do_shmat(first, (char __user *) ptr, second, &raddr); | |
12835 | if (ret) | |
12836 | return ret; | |
12837 | - return put_user(raddr, (ulong __user *) third); | |
12838 | + return put_user(raddr, (__force ulong __user *) third); | |
12839 | } | |
12840 | case 1: /* iBCS2 emulator entry point */ | |
12841 | if (!segment_eq(get_fs(), get_ds())) | |
12842 | diff -urNp linux-2.6.33.1/arch/x86/kernel/sys_x86_64.c linux-2.6.33.1/arch/x86/kernel/sys_x86_64.c | |
12843 | --- linux-2.6.33.1/arch/x86/kernel/sys_x86_64.c 2010-03-15 12:09:39.000000000 -0400 | |
12844 | +++ linux-2.6.33.1/arch/x86/kernel/sys_x86_64.c 2010-03-20 16:58:39.016512700 -0400 | |
12845 | @@ -32,8 +32,8 @@ out: | |
58c5fc13 MT |
12846 | return error; |
12847 | } | |
12848 | ||
12849 | -static void find_start_end(unsigned long flags, unsigned long *begin, | |
12850 | - unsigned long *end) | |
12851 | +static void find_start_end(struct mm_struct *mm, unsigned long flags, | |
12852 | + unsigned long *begin, unsigned long *end) | |
12853 | { | |
12854 | if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) { | |
12855 | unsigned long new_begin; | |
ae4e228f | 12856 | @@ -52,7 +52,7 @@ static void find_start_end(unsigned long |
58c5fc13 MT |
12857 | *begin = new_begin; |
12858 | } | |
12859 | } else { | |
12860 | - *begin = TASK_UNMAPPED_BASE; | |
12861 | + *begin = mm->mmap_base; | |
12862 | *end = TASK_SIZE; | |
12863 | } | |
12864 | } | |
ae4e228f | 12865 | @@ -69,11 +69,15 @@ arch_get_unmapped_area(struct file *filp |
58c5fc13 MT |
12866 | if (flags & MAP_FIXED) |
12867 | return addr; | |
12868 | ||
12869 | - find_start_end(flags, &begin, &end); | |
12870 | + find_start_end(mm, flags, &begin, &end); | |
12871 | ||
12872 | if (len > end) | |
12873 | return -ENOMEM; | |
12874 | ||
12875 | +#ifdef CONFIG_PAX_RANDMMAP | |
12876 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP)) | |
12877 | +#endif | |
12878 | + | |
12879 | if (addr) { | |
12880 | addr = PAGE_ALIGN(addr); | |
12881 | vma = find_vma(mm, addr); | |
ae4e228f | 12882 | @@ -128,7 +132,7 @@ arch_get_unmapped_area_topdown(struct fi |
58c5fc13 MT |
12883 | { |
12884 | struct vm_area_struct *vma; | |
12885 | struct mm_struct *mm = current->mm; | |
12886 | - unsigned long addr = addr0; | |
12887 | + unsigned long base = mm->mmap_base, addr = addr0; | |
12888 | ||
12889 | /* requested length too big for entire address space */ | |
12890 | if (len > TASK_SIZE) | |
ae4e228f | 12891 | @@ -141,6 +145,10 @@ arch_get_unmapped_area_topdown(struct fi |
58c5fc13 MT |
12892 | if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) |
12893 | goto bottomup; | |
12894 | ||
12895 | +#ifdef CONFIG_PAX_RANDMMAP | |
12896 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP)) | |
12897 | +#endif | |
12898 | + | |
12899 | /* requesting a specific address */ | |
12900 | if (addr) { | |
12901 | addr = PAGE_ALIGN(addr); | |
ae4e228f | 12902 | @@ -198,13 +206,21 @@ bottomup: |
58c5fc13 MT |
12903 | * can happen with large stack limits and large mmap() |
12904 | * allocations. | |
12905 | */ | |
12906 | + mm->mmap_base = TASK_UNMAPPED_BASE; | |
12907 | + | |
12908 | +#ifdef CONFIG_PAX_RANDMMAP | |
12909 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
12910 | + mm->mmap_base += mm->delta_mmap; | |
12911 | +#endif | |
12912 | + | |
12913 | + mm->free_area_cache = mm->mmap_base; | |
12914 | mm->cached_hole_size = ~0UL; | |
12915 | - mm->free_area_cache = TASK_UNMAPPED_BASE; | |
12916 | addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags); | |
12917 | /* | |
12918 | * Restore the topdown base: | |
12919 | */ | |
12920 | - mm->free_area_cache = mm->mmap_base; | |
12921 | + mm->mmap_base = base; | |
12922 | + mm->free_area_cache = base; | |
12923 | mm->cached_hole_size = ~0UL; | |
12924 | ||
12925 | return addr; | |
ae4e228f MT |
12926 | diff -urNp linux-2.6.33.1/arch/x86/kernel/time.c linux-2.6.33.1/arch/x86/kernel/time.c |
12927 | --- linux-2.6.33.1/arch/x86/kernel/time.c 2010-03-15 12:09:39.000000000 -0400 | |
12928 | +++ linux-2.6.33.1/arch/x86/kernel/time.c 2010-03-20 16:58:39.020693949 -0400 | |
12929 | @@ -26,17 +26,13 @@ | |
12930 | int timer_ack; | |
12931 | #endif | |
12932 | ||
12933 | -#ifdef CONFIG_X86_64 | |
12934 | -volatile unsigned long __jiffies __section_jiffies = INITIAL_JIFFIES; | |
12935 | -#endif | |
12936 | - | |
12937 | unsigned long profile_pc(struct pt_regs *regs) | |
12938 | { | |
58c5fc13 MT |
12939 | unsigned long pc = instruction_pointer(regs); |
12940 | ||
58c5fc13 MT |
12941 | - if (!user_mode_vm(regs) && in_lock_functions(pc)) { |
12942 | + if (!user_mode(regs) && in_lock_functions(pc)) { | |
12943 | #ifdef CONFIG_FRAME_POINTER | |
12944 | - return *(unsigned long *)(regs->bp + sizeof(long)); | |
12945 | + return ktla_ktva(*(unsigned long *)(regs->bp + sizeof(long))); | |
12946 | #else | |
ae4e228f MT |
12947 | unsigned long *sp = |
12948 | (unsigned long *)kernel_stack_pointer(regs); | |
12949 | @@ -45,11 +41,17 @@ unsigned long profile_pc(struct pt_regs | |
12950 | * or above a saved flags. Eflags has bits 22-31 zero, | |
12951 | * kernel addresses don't. | |
12952 | */ | |
58c5fc13 MT |
12953 | + |
12954 | +#ifdef CONFIG_PAX_KERNEXEC | |
12955 | + return ktla_ktva(sp[0]); | |
12956 | +#else | |
12957 | if (sp[0] >> 22) | |
12958 | return sp[0]; | |
12959 | if (sp[1] >> 22) | |
12960 | return sp[1]; | |
12961 | #endif | |
12962 | + | |
12963 | +#endif | |
12964 | } | |
58c5fc13 MT |
12965 | return pc; |
12966 | } | |
ae4e228f MT |
12967 | diff -urNp linux-2.6.33.1/arch/x86/kernel/tls.c linux-2.6.33.1/arch/x86/kernel/tls.c |
12968 | --- linux-2.6.33.1/arch/x86/kernel/tls.c 2010-03-15 12:09:39.000000000 -0400 | |
12969 | +++ linux-2.6.33.1/arch/x86/kernel/tls.c 2010-03-20 16:58:39.020693949 -0400 | |
58c5fc13 MT |
12970 | @@ -85,6 +85,11 @@ int do_set_thread_area(struct task_struc |
12971 | if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) | |
12972 | return -EINVAL; | |
12973 | ||
12974 | +#ifdef CONFIG_PAX_SEGMEXEC | |
12975 | + if ((p->mm->pax_flags & MF_PAX_SEGMEXEC) && (info.contents & MODIFY_LDT_CONTENTS_CODE)) | |
12976 | + return -EINVAL; | |
12977 | +#endif | |
12978 | + | |
12979 | set_tls_desc(p, idx, &info, 1); | |
12980 | ||
12981 | return 0; | |
ae4e228f MT |
12982 | diff -urNp linux-2.6.33.1/arch/x86/kernel/trampoline_32.S linux-2.6.33.1/arch/x86/kernel/trampoline_32.S |
12983 | --- linux-2.6.33.1/arch/x86/kernel/trampoline_32.S 2010-03-15 12:09:39.000000000 -0400 | |
12984 | +++ linux-2.6.33.1/arch/x86/kernel/trampoline_32.S 2010-03-20 16:58:39.020693949 -0400 | |
12985 | @@ -32,6 +32,12 @@ | |
12986 | #include <asm/segment.h> | |
12987 | #include <asm/page_types.h> | |
12988 | ||
12989 | +#ifdef CONFIG_PAX_KERNEXEC | |
12990 | +#define ta(X) (X) | |
12991 | +#else | |
12992 | +#define ta(X) ((X) - __PAGE_OFFSET) | |
12993 | +#endif | |
12994 | + | |
12995 | /* We can free up trampoline after bootup if cpu hotplug is not supported. */ | |
12996 | __CPUINITRODATA | |
12997 | .code16 | |
12998 | @@ -60,7 +66,7 @@ r_base = . | |
12999 | inc %ax # protected mode (PE) bit | |
13000 | lmsw %ax # into protected mode | |
13001 | # flush prefetch and jump to startup_32_smp in arch/i386/kernel/head.S | |
13002 | - ljmpl $__BOOT_CS, $(startup_32_smp-__PAGE_OFFSET) | |
13003 | + ljmpl $__BOOT_CS, $ta(startup_32_smp) | |
13004 | ||
13005 | # These need to be in the same 64K segment as the above; | |
13006 | # hence we don't use the boot_gdt_descr defined in head.S | |
13007 | diff -urNp linux-2.6.33.1/arch/x86/kernel/traps.c linux-2.6.33.1/arch/x86/kernel/traps.c | |
13008 | --- linux-2.6.33.1/arch/x86/kernel/traps.c 2010-03-15 12:09:39.000000000 -0400 | |
13009 | +++ linux-2.6.33.1/arch/x86/kernel/traps.c 2010-03-20 16:58:39.020693949 -0400 | |
13010 | @@ -69,12 +69,6 @@ asmlinkage int system_call(void); | |
58c5fc13 MT |
13011 | |
13012 | /* Do we ignore FPU interrupts ? */ | |
13013 | char ignore_fpu_irq; | |
13014 | - | |
13015 | -/* | |
13016 | - * The IDT has to be page-aligned to simplify the Pentium | |
ae4e228f | 13017 | - * F0 0F bug workaround. |
58c5fc13 | 13018 | - */ |
ae4e228f | 13019 | -gate_desc idt_table[NR_VECTORS] __page_aligned_data = { { { { 0, 0 } } }, }; |
58c5fc13 MT |
13020 | #endif |
13021 | ||
13022 | DECLARE_BITMAP(used_vectors, NR_VECTORS); | |
ae4e228f | 13023 | @@ -112,19 +106,19 @@ static inline void preempt_conditional_c |
58c5fc13 MT |
13024 | static inline void |
13025 | die_if_kernel(const char *str, struct pt_regs *regs, long err) | |
13026 | { | |
13027 | - if (!user_mode_vm(regs)) | |
13028 | + if (!user_mode(regs)) | |
13029 | die(str, regs, err); | |
13030 | } | |
13031 | #endif | |
ae4e228f MT |
13032 | |
13033 | static void __kprobes | |
13034 | -do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, | |
13035 | +do_trap(int trapnr, int signr, const char *str, struct pt_regs *regs, | |
13036 | long error_code, siginfo_t *info) | |
13037 | { | |
58c5fc13 MT |
13038 | struct task_struct *tsk = current; |
13039 | ||
13040 | #ifdef CONFIG_X86_32 | |
13041 | - if (regs->flags & X86_VM_MASK) { | |
13042 | + if (v8086_mode(regs)) { | |
13043 | /* | |
13044 | * traps 0, 1, 3, 4, and 5 should be forwarded to vm86. | |
13045 | * On nmi (interrupt 2), do_trap should not be called. | |
ae4e228f | 13046 | @@ -135,7 +129,7 @@ do_trap(int trapnr, int signr, char *str |
58c5fc13 MT |
13047 | } |
13048 | #endif | |
13049 | ||
13050 | - if (!user_mode(regs)) | |
13051 | + if (!user_mode_novm(regs)) | |
13052 | goto kernel_trap; | |
13053 | ||
13054 | #ifdef CONFIG_X86_32 | |
ae4e228f | 13055 | @@ -158,7 +152,7 @@ trap_signal: |
58c5fc13 MT |
13056 | printk_ratelimit()) { |
13057 | printk(KERN_INFO | |
13058 | "%s[%d] trap %s ip:%lx sp:%lx error:%lx", | |
13059 | - tsk->comm, tsk->pid, str, | |
13060 | + tsk->comm, task_pid_nr(tsk), str, | |
13061 | regs->ip, regs->sp, error_code); | |
13062 | print_vma_addr(" in ", regs->ip); | |
13063 | printk("\n"); | |
ae4e228f MT |
13064 | @@ -175,8 +169,20 @@ kernel_trap: |
13065 | if (!fixup_exception(regs)) { | |
13066 | tsk->thread.error_code = error_code; | |
58c5fc13 | 13067 | tsk->thread.trap_no = trapnr; |
ae4e228f MT |
13068 | + |
13069 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) | |
13070 | + if (trapnr == 12 && ((regs->cs & 0xFFFF) == __KERNEL_CS || (regs->cs & 0xFFFF) == __KERNEXEC_KERNEL_CS)) | |
13071 | + str = "PAX: suspicious stack segment fault"; | |
13072 | +#endif | |
13073 | + | |
58c5fc13 MT |
13074 | die(str, regs, error_code); |
13075 | } | |
13076 | + | |
13077 | +#ifdef CONFIG_PAX_REFCOUNT | |
13078 | + if (trapnr == 4) | |
13079 | + pax_report_refcount_overflow(regs); | |
13080 | +#endif | |
13081 | + | |
13082 | return; | |
13083 | ||
13084 | #ifdef CONFIG_X86_32 | |
ae4e228f | 13085 | @@ -265,14 +271,30 @@ do_general_protection(struct pt_regs *re |
58c5fc13 MT |
13086 | conditional_sti(regs); |
13087 | ||
13088 | #ifdef CONFIG_X86_32 | |
13089 | - if (regs->flags & X86_VM_MASK) | |
13090 | + if (v8086_mode(regs)) | |
13091 | goto gp_in_vm86; | |
13092 | #endif | |
13093 | ||
13094 | tsk = current; | |
13095 | - if (!user_mode(regs)) | |
13096 | + if (!user_mode_novm(regs)) | |
13097 | goto gp_in_kernel; | |
13098 | ||
13099 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) | |
ae4e228f | 13100 | + if (!(__supported_pte_mask & _PAGE_NX) && tsk->mm && (tsk->mm->pax_flags & MF_PAX_PAGEEXEC)) { |
58c5fc13 MT |
13101 | + struct mm_struct *mm = tsk->mm; |
13102 | + unsigned long limit; | |
13103 | + | |
13104 | + down_write(&mm->mmap_sem); | |
13105 | + limit = mm->context.user_cs_limit; | |
13106 | + if (limit < TASK_SIZE) { | |
13107 | + track_exec_limit(mm, limit, TASK_SIZE, VM_EXEC); | |
13108 | + up_write(&mm->mmap_sem); | |
13109 | + return; | |
13110 | + } | |
13111 | + up_write(&mm->mmap_sem); | |
13112 | + } | |
13113 | +#endif | |
13114 | + | |
13115 | tsk->thread.error_code = error_code; | |
13116 | tsk->thread.trap_no = 13; | |
13117 | ||
ae4e228f | 13118 | @@ -305,6 +327,13 @@ gp_in_kernel: |
58c5fc13 MT |
13119 | if (notify_die(DIE_GPF, "general protection fault", regs, |
13120 | error_code, 13, SIGSEGV) == NOTIFY_STOP) | |
13121 | return; | |
13122 | + | |
13123 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) | |
ae4e228f | 13124 | + if ((regs->cs & 0xFFFF) == __KERNEL_CS || (regs->cs & 0xFFFF) == __KERNEXEC_KERNEL_CS) |
58c5fc13 MT |
13125 | + die("PAX: suspicious general protection fault", regs, error_code); |
13126 | + else | |
13127 | +#endif | |
13128 | + | |
13129 | die("general protection fault", regs, error_code); | |
13130 | } | |
13131 | ||
ae4e228f MT |
13132 | @@ -556,7 +585,7 @@ dotraplinkage void __kprobes do_debug(st |
13133 | /* It's safe to allow irq's after DR6 has been saved */ | |
13134 | preempt_conditional_sti(regs); | |
58c5fc13 | 13135 | |
ae4e228f MT |
13136 | - if (regs->flags & X86_VM_MASK) { |
13137 | + if (v8086_mode(regs)) { | |
13138 | handle_vm86_trap((struct kernel_vm86_regs *) regs, | |
13139 | error_code, 1); | |
13140 | return; | |
13141 | @@ -569,7 +598,7 @@ dotraplinkage void __kprobes do_debug(st | |
13142 | * We already checked v86 mode above, so we can check for kernel mode | |
13143 | * by just checking the CPL of CS. | |
58c5fc13 | 13144 | */ |
ae4e228f MT |
13145 | - if ((dr6 & DR_STEP) && !user_mode(regs)) { |
13146 | + if ((dr6 & DR_STEP) && !user_mode_novm(regs)) { | |
13147 | tsk->thread.debugreg6 &= ~DR_STEP; | |
13148 | set_tsk_thread_flag(tsk, TIF_SINGLESTEP); | |
13149 | regs->flags &= ~X86_EFLAGS_TF; | |
13150 | @@ -736,7 +765,7 @@ do_simd_coprocessor_error(struct pt_regs | |
58c5fc13 MT |
13151 | * Handle strange cache flush from user space exception |
13152 | * in all other cases. This is undocumented behaviour. | |
13153 | */ | |
13154 | - if (regs->flags & X86_VM_MASK) { | |
13155 | + if (v8086_mode(regs)) { | |
13156 | handle_vm86_fault((struct kernel_vm86_regs *)regs, error_code); | |
13157 | return; | |
13158 | } | |
ae4e228f MT |
13159 | diff -urNp linux-2.6.33.1/arch/x86/kernel/tsc.c linux-2.6.33.1/arch/x86/kernel/tsc.c |
13160 | --- linux-2.6.33.1/arch/x86/kernel/tsc.c 2010-03-15 12:09:39.000000000 -0400 | |
13161 | +++ linux-2.6.33.1/arch/x86/kernel/tsc.c 2010-03-20 16:58:39.020693949 -0400 | |
13162 | @@ -795,7 +795,7 @@ static struct dmi_system_id __initdata b | |
58c5fc13 MT |
13163 | DMI_MATCH(DMI_BOARD_NAME, "2635FA0"), |
13164 | }, | |
13165 | }, | |
13166 | - {} | |
13167 | + { NULL, NULL, {{0, {0}}}, NULL} | |
13168 | }; | |
13169 | ||
13170 | static void __init check_system_tsc_reliable(void) | |
ae4e228f MT |
13171 | diff -urNp linux-2.6.33.1/arch/x86/kernel/vm86_32.c linux-2.6.33.1/arch/x86/kernel/vm86_32.c |
13172 | --- linux-2.6.33.1/arch/x86/kernel/vm86_32.c 2010-03-15 12:09:39.000000000 -0400 | |
13173 | +++ linux-2.6.33.1/arch/x86/kernel/vm86_32.c 2010-03-20 16:58:39.020693949 -0400 | |
13174 | @@ -41,6 +41,7 @@ | |
13175 | #include <linux/ptrace.h> | |
13176 | #include <linux/audit.h> | |
13177 | #include <linux/stddef.h> | |
13178 | +#include <linux/grsecurity.h> | |
13179 | ||
13180 | #include <asm/uaccess.h> | |
13181 | #include <asm/io.h> | |
13182 | @@ -148,7 +149,7 @@ struct pt_regs *save_v86_state(struct ke | |
58c5fc13 MT |
13183 | do_exit(SIGSEGV); |
13184 | } | |
13185 | ||
13186 | - tss = &per_cpu(init_tss, get_cpu()); | |
13187 | + tss = init_tss + get_cpu(); | |
13188 | current->thread.sp0 = current->thread.saved_sp0; | |
13189 | current->thread.sysenter_cs = __KERNEL_CS; | |
13190 | load_sp0(tss, ¤t->thread); | |
ae4e228f MT |
13191 | @@ -207,6 +208,13 @@ int sys_vm86old(struct vm86_struct __use |
13192 | struct task_struct *tsk; | |
13193 | int tmp, ret = -EPERM; | |
13194 | ||
13195 | +#ifdef CONFIG_GRKERNSEC_VM86 | |
13196 | + if (!capable(CAP_SYS_RAWIO)) { | |
13197 | + gr_handle_vm86(); | |
13198 | + goto out; | |
13199 | + } | |
13200 | +#endif | |
13201 | + | |
13202 | tsk = current; | |
13203 | if (tsk->thread.saved_sp0) | |
13204 | goto out; | |
13205 | @@ -237,6 +245,14 @@ int sys_vm86(unsigned long cmd, unsigned | |
13206 | int tmp, ret; | |
13207 | struct vm86plus_struct __user *v86; | |
13208 | ||
13209 | +#ifdef CONFIG_GRKERNSEC_VM86 | |
13210 | + if (!capable(CAP_SYS_RAWIO)) { | |
13211 | + gr_handle_vm86(); | |
13212 | + ret = -EPERM; | |
13213 | + goto out; | |
13214 | + } | |
13215 | +#endif | |
13216 | + | |
13217 | tsk = current; | |
13218 | switch (cmd) { | |
13219 | case VM86_REQUEST_IRQ: | |
13220 | @@ -323,7 +339,7 @@ static void do_sys_vm86(struct kernel_vm | |
58c5fc13 MT |
13221 | tsk->thread.saved_fs = info->regs32->fs; |
13222 | tsk->thread.saved_gs = get_user_gs(info->regs32); | |
13223 | ||
13224 | - tss = &per_cpu(init_tss, get_cpu()); | |
13225 | + tss = init_tss + get_cpu(); | |
13226 | tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0; | |
13227 | if (cpu_has_sep) | |
13228 | tsk->thread.sysenter_cs = 0; | |
ae4e228f MT |
13229 | @@ -528,7 +544,7 @@ static void do_int(struct kernel_vm86_re |
13230 | goto cannot_handle; | |
13231 | if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored)) | |
13232 | goto cannot_handle; | |
13233 | - intr_ptr = (unsigned long __user *) (i << 2); | |
13234 | + intr_ptr = (__force unsigned long __user *) (i << 2); | |
13235 | if (get_user(segoffs, intr_ptr)) | |
13236 | goto cannot_handle; | |
13237 | if ((segoffs >> 16) == BIOSSEG) | |
13238 | diff -urNp linux-2.6.33.1/arch/x86/kernel/vmi_32.c linux-2.6.33.1/arch/x86/kernel/vmi_32.c | |
13239 | --- linux-2.6.33.1/arch/x86/kernel/vmi_32.c 2010-03-15 12:09:39.000000000 -0400 | |
13240 | +++ linux-2.6.33.1/arch/x86/kernel/vmi_32.c 2010-03-20 16:58:39.020693949 -0400 | |
13241 | @@ -44,12 +44,17 @@ typedef u32 __attribute__((regparm(1))) | |
13242 | typedef u64 __attribute__((regparm(2))) (VROMLONGFUNC)(int); | |
13243 | ||
13244 | #define call_vrom_func(rom,func) \ | |
13245 | - (((VROMFUNC *)(rom->func))()) | |
13246 | + (((VROMFUNC *)(ktva_ktla(rom.func)))()) | |
13247 | ||
13248 | #define call_vrom_long_func(rom,func,arg) \ | |
13249 | - (((VROMLONGFUNC *)(rom->func)) (arg)) | |
13250 | +({\ | |
13251 | + u64 __reloc = ((VROMLONGFUNC *)(ktva_ktla(rom.func))) (arg);\ | |
13252 | + struct vmi_relocation_info *const __rel = (struct vmi_relocation_info *)&__reloc;\ | |
13253 | + __rel->eip = (unsigned char *)ktva_ktla((unsigned long)__rel->eip);\ | |
13254 | + __reloc;\ | |
13255 | +}) | |
13256 | ||
13257 | -static struct vrom_header *vmi_rom; | |
13258 | +static struct vrom_header vmi_rom __attribute((__section__(".vmi.rom"), __aligned__(PAGE_SIZE))); | |
13259 | static int disable_pge; | |
13260 | static int disable_pse; | |
13261 | static int disable_sep; | |
13262 | @@ -76,10 +81,10 @@ static struct { | |
13263 | void (*set_initial_ap_state)(int, int); | |
13264 | void (*halt)(void); | |
13265 | void (*set_lazy_mode)(int mode); | |
13266 | -} vmi_ops; | |
13267 | +} vmi_ops __read_only; | |
13268 | ||
13269 | /* Cached VMI operations */ | |
13270 | -struct vmi_timer_ops vmi_timer_ops; | |
13271 | +struct vmi_timer_ops vmi_timer_ops __read_only; | |
13272 | ||
13273 | /* | |
13274 | * VMI patching routines. | |
13275 | @@ -94,7 +99,7 @@ struct vmi_timer_ops vmi_timer_ops; | |
13276 | static inline void patch_offset(void *insnbuf, | |
13277 | unsigned long ip, unsigned long dest) | |
13278 | { | |
13279 | - *(unsigned long *)(insnbuf+1) = dest-ip-5; | |
13280 | + *(unsigned long *)(insnbuf+1) = dest-ip-5; | |
13281 | } | |
13282 | ||
13283 | static unsigned patch_internal(int call, unsigned len, void *insnbuf, | |
13284 | @@ -102,6 +107,7 @@ static unsigned patch_internal(int call, | |
58c5fc13 MT |
13285 | { |
13286 | u64 reloc; | |
13287 | struct vmi_relocation_info *const rel = (struct vmi_relocation_info *)&reloc; | |
58c5fc13 MT |
13288 | + |
13289 | reloc = call_vrom_long_func(vmi_rom, get_reloc, call); | |
13290 | switch(rel->type) { | |
13291 | case VMI_RELOCATION_CALL_REL: | |
ae4e228f | 13292 | @@ -404,13 +410,13 @@ static void vmi_set_pud(pud_t *pudp, pud |
58c5fc13 MT |
13293 | |
13294 | static void vmi_pte_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep) | |
13295 | { | |
13296 | - const pte_t pte = { .pte = 0 }; | |
13297 | + const pte_t pte = __pte(0ULL); | |
13298 | vmi_ops.set_pte(pte, ptep, vmi_flags_addr(mm, addr, VMI_PAGE_PT, 0)); | |
13299 | } | |
13300 | ||
13301 | static void vmi_pmd_clear(pmd_t *pmd) | |
13302 | { | |
13303 | - const pte_t pte = { .pte = 0 }; | |
13304 | + const pte_t pte = __pte(0ULL); | |
13305 | vmi_ops.set_pte(pte, (pte_t *)pmd, VMI_PAGE_PD); | |
13306 | } | |
13307 | #endif | |
ae4e228f | 13308 | @@ -438,8 +444,8 @@ vmi_startup_ipi_hook(int phys_apicid, un |
58c5fc13 MT |
13309 | ap.ss = __KERNEL_DS; |
13310 | ap.esp = (unsigned long) start_esp; | |
13311 | ||
13312 | - ap.ds = __USER_DS; | |
13313 | - ap.es = __USER_DS; | |
13314 | + ap.ds = __KERNEL_DS; | |
13315 | + ap.es = __KERNEL_DS; | |
13316 | ap.fs = __KERNEL_PERCPU; | |
13317 | ap.gs = __KERNEL_STACK_CANARY; | |
13318 | ||
ae4e228f MT |
13319 | @@ -486,6 +492,18 @@ static void vmi_leave_lazy_mmu(void) |
13320 | paravirt_leave_lazy_mmu(); | |
13321 | } | |
58c5fc13 MT |
13322 | |
13323 | +#ifdef CONFIG_PAX_KERNEXEC | |
ae4e228f MT |
13324 | +static unsigned long vmi_pax_open_kernel(void) |
13325 | +{ | |
13326 | + return 0; | |
13327 | +} | |
13328 | + | |
13329 | +static unsigned long vmi_pax_close_kernel(void) | |
13330 | +{ | |
13331 | + return 0; | |
13332 | +} | |
58c5fc13 MT |
13333 | +#endif |
13334 | + | |
ae4e228f MT |
13335 | static inline int __init check_vmi_rom(struct vrom_header *rom) |
13336 | { | |
13337 | struct pci_header *pci; | |
13338 | @@ -498,6 +516,10 @@ static inline int __init check_vmi_rom(s | |
13339 | return 0; | |
13340 | if (rom->vrom_signature != VMI_SIGNATURE) | |
58c5fc13 | 13341 | return 0; |
ae4e228f MT |
13342 | + if (rom->rom_length * 512 > sizeof(*rom)) { |
13343 | + printk(KERN_WARNING "PAX: VMI: ROM size too big: %x\n", rom->rom_length * 512); | |
13344 | + return 0; | |
13345 | + } | |
13346 | if (rom->api_version_maj != VMI_API_REV_MAJOR || | |
13347 | rom->api_version_min+1 < VMI_API_REV_MINOR+1) { | |
13348 | printk(KERN_WARNING "VMI: Found mismatched rom version %d.%d\n", | |
13349 | @@ -562,7 +584,7 @@ static inline int __init probe_vmi_rom(v | |
13350 | struct vrom_header *romstart; | |
13351 | romstart = (struct vrom_header *)isa_bus_to_virt(base); | |
13352 | if (check_vmi_rom(romstart)) { | |
13353 | - vmi_rom = romstart; | |
13354 | + vmi_rom = *romstart; | |
13355 | return 1; | |
13356 | } | |
58c5fc13 | 13357 | } |
ae4e228f | 13358 | @@ -836,6 +858,11 @@ static inline int __init activate_vmi(vo |
58c5fc13 MT |
13359 | |
13360 | para_fill(pv_irq_ops.safe_halt, Halt); | |
13361 | ||
13362 | +#ifdef CONFIG_PAX_KERNEXEC | |
ae4e228f MT |
13363 | + pv_mmu_ops.pax_open_kernel = vmi_pax_open_kernel; |
13364 | + pv_mmu_ops.pax_close_kernel = vmi_pax_close_kernel; | |
58c5fc13 MT |
13365 | +#endif |
13366 | + | |
13367 | /* | |
13368 | * Alternative instruction rewriting doesn't happen soon enough | |
13369 | * to convert VMI_IRET to a call instead of a jump; so we have | |
ae4e228f MT |
13370 | @@ -853,16 +880,16 @@ static inline int __init activate_vmi(vo |
13371 | ||
13372 | void __init vmi_init(void) | |
13373 | { | |
13374 | - if (!vmi_rom) | |
13375 | + if (!vmi_rom.rom_signature) | |
13376 | probe_vmi_rom(); | |
13377 | else | |
13378 | - check_vmi_rom(vmi_rom); | |
13379 | + check_vmi_rom(&vmi_rom); | |
13380 | ||
13381 | /* In case probing for or validating the ROM failed, basil */ | |
13382 | - if (!vmi_rom) | |
13383 | + if (!vmi_rom.rom_signature) | |
13384 | return; | |
13385 | ||
13386 | - reserve_top_address(-vmi_rom->virtual_top); | |
13387 | + reserve_top_address(-vmi_rom.virtual_top); | |
13388 | ||
13389 | #ifdef CONFIG_X86_IO_APIC | |
13390 | /* This is virtual hardware; timer routing is wired correctly */ | |
13391 | @@ -874,7 +901,7 @@ void __init vmi_activate(void) | |
13392 | { | |
13393 | unsigned long flags; | |
13394 | ||
13395 | - if (!vmi_rom) | |
13396 | + if (!vmi_rom.rom_signature) | |
13397 | return; | |
13398 | ||
13399 | local_irq_save(flags); | |
13400 | diff -urNp linux-2.6.33.1/arch/x86/kernel/vmlinux.lds.S linux-2.6.33.1/arch/x86/kernel/vmlinux.lds.S | |
13401 | --- linux-2.6.33.1/arch/x86/kernel/vmlinux.lds.S 2010-03-15 12:09:39.000000000 -0400 | |
13402 | +++ linux-2.6.33.1/arch/x86/kernel/vmlinux.lds.S 2010-03-20 16:58:39.020693949 -0400 | |
58c5fc13 MT |
13403 | @@ -26,6 +26,22 @@ |
13404 | #include <asm/page_types.h> | |
13405 | #include <asm/cache.h> | |
13406 | #include <asm/boot.h> | |
13407 | +#include <asm/segment.h> | |
13408 | + | |
13409 | +#undef PMD_SIZE | |
13410 | +#undef PMD_SHIFT | |
13411 | +#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE) | |
13412 | +#define PMD_SHIFT 21 | |
13413 | +#else | |
13414 | +#define PMD_SHIFT 22 | |
13415 | +#endif | |
13416 | +#define PMD_SIZE (1 << PMD_SHIFT) | |
13417 | + | |
13418 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) | |
13419 | +#define __KERNEL_TEXT_OFFSET (LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR) | |
13420 | +#else | |
13421 | +#define __KERNEL_TEXT_OFFSET 0 | |
13422 | +#endif | |
13423 | ||
13424 | #undef i386 /* in case the preprocessor is a 32bit one */ | |
13425 | ||
ae4e228f | 13426 | @@ -34,13 +50,13 @@ OUTPUT_FORMAT(CONFIG_OUTPUT_FORMAT, CONF |
58c5fc13 MT |
13427 | #ifdef CONFIG_X86_32 |
13428 | OUTPUT_ARCH(i386) | |
13429 | ENTRY(phys_startup_32) | |
13430 | -jiffies = jiffies_64; | |
13431 | #else | |
13432 | OUTPUT_ARCH(i386:x86-64) | |
13433 | ENTRY(phys_startup_64) | |
13434 | -jiffies_64 = jiffies; | |
13435 | #endif | |
13436 | ||
13437 | +jiffies = jiffies_64; | |
13438 | + | |
ae4e228f MT |
13439 | #if defined(CONFIG_X86_64) && defined(CONFIG_DEBUG_RODATA) |
13440 | /* | |
13441 | * On 64-bit, align RODATA to 2MB so that even with CONFIG_DEBUG_RODATA | |
13442 | @@ -69,31 +85,46 @@ jiffies_64 = jiffies; | |
13443 | ||
58c5fc13 MT |
13444 | PHDRS { |
13445 | text PT_LOAD FLAGS(5); /* R_E */ | |
13446 | - data PT_LOAD FLAGS(7); /* RWE */ | |
ae4e228f MT |
13447 | +#ifdef CONFIG_XEN |
13448 | + rodata PT_LOAD FLAGS(5); /* R_E */ | |
13449 | +#else | |
58c5fc13 | 13450 | + rodata PT_LOAD FLAGS(4); /* R__ */ |
ae4e228f MT |
13451 | +#endif |
13452 | +#ifdef CONFIG_X86_32 | |
13453 | + module PT_LOAD FLAGS(5); /* R_E */ | |
13454 | +#endif | |
58c5fc13 MT |
13455 | + data PT_LOAD FLAGS(6); /* RW_ */ |
13456 | #ifdef CONFIG_X86_64 | |
ae4e228f | 13457 | user PT_LOAD FLAGS(5); /* R_E */ |
58c5fc13 MT |
13458 | +#endif |
13459 | + init.begin PT_LOAD FLAGS(6); /* RW_ */ | |
13460 | #ifdef CONFIG_SMP | |
ae4e228f | 13461 | percpu PT_LOAD FLAGS(6); /* RW_ */ |
58c5fc13 MT |
13462 | #endif |
13463 | + text.init PT_LOAD FLAGS(5); /* R_E */ | |
13464 | + text.exit PT_LOAD FLAGS(5); /* R_E */ | |
13465 | init PT_LOAD FLAGS(7); /* RWE */ | |
13466 | -#endif | |
13467 | note PT_NOTE FLAGS(0); /* ___ */ | |
13468 | } | |
13469 | ||
13470 | SECTIONS | |
13471 | { | |
13472 | #ifdef CONFIG_X86_32 | |
13473 | - . = LOAD_OFFSET + LOAD_PHYSICAL_ADDR; | |
13474 | - phys_startup_32 = startup_32 - LOAD_OFFSET; | |
13475 | + . = LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR; | |
13476 | #else | |
13477 | - . = __START_KERNEL; | |
13478 | - phys_startup_64 = startup_64 - LOAD_OFFSET; | |
13479 | + . = __START_KERNEL; | |
13480 | #endif | |
13481 | ||
13482 | /* Text and read-only data */ | |
ae4e228f MT |
13483 | - .text : AT(ADDR(.text) - LOAD_OFFSET) { |
13484 | - _text = .; | |
58c5fc13 | 13485 | + .text (. - __KERNEL_TEXT_OFFSET): AT(ADDR(.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) { |
ae4e228f | 13486 | /* bootstrapping code */ |
58c5fc13 MT |
13487 | +#ifdef CONFIG_X86_32 |
13488 | + phys_startup_32 = startup_32 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET; | |
13489 | +#else | |
13490 | + phys_startup_64 = startup_64 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET; | |
13491 | +#endif | |
13492 | + __LOAD_PHYSICAL_ADDR = . - LOAD_OFFSET + __KERNEL_TEXT_OFFSET; | |
ae4e228f MT |
13493 | + _text = .; |
13494 | HEAD_TEXT | |
58c5fc13 | 13495 | #ifdef CONFIG_X86_32 |
58c5fc13 | 13496 | . = ALIGN(PAGE_SIZE); |
ae4e228f MT |
13497 | @@ -108,30 +139,66 @@ SECTIONS |
13498 | IRQENTRY_TEXT | |
13499 | *(.fixup) | |
13500 | *(.gnu.warning) | |
13501 | - /* End of text section */ | |
13502 | - _etext = .; | |
58c5fc13 MT |
13503 | } :text = 0x9090 |
13504 | ||
13505 | - NOTES :text :note | |
13506 | + . += __KERNEL_TEXT_OFFSET; | |
13507 | + | |
13508 | + . = ALIGN(PAGE_SIZE); | |
13509 | + NOTES :rodata :note | |
13510 | ||
ae4e228f MT |
13511 | - EXCEPTION_TABLE(16) :text = 0x9090 |
13512 | + EXCEPTION_TABLE(16) :rodata | |
58c5fc13 | 13513 | |
ae4e228f | 13514 | X64_ALIGN_DEBUG_RODATA_BEGIN |
58c5fc13 | 13515 | RO_DATA(PAGE_SIZE) |
ae4e228f | 13516 | X64_ALIGN_DEBUG_RODATA_END |
58c5fc13 MT |
13517 | |
13518 | +#ifdef CONFIG_X86_32 | |
13519 | + . = ALIGN(PAGE_SIZE); | |
13520 | + .rodata.page_aligned : AT(ADDR(.rodata.page_aligned) - LOAD_OFFSET) { | |
13521 | + *(.idt) | |
13522 | + . = ALIGN(PAGE_SIZE); | |
13523 | + *(.empty_zero_page) | |
13524 | + *(.swapper_pg_pmd) | |
13525 | + *(.swapper_pg_dir) | |
58c5fc13 MT |
13526 | + } |
13527 | + | |
ae4e228f MT |
13528 | + . = ALIGN(PAGE_SIZE); |
13529 | + .vmi.rom : AT(ADDR(.vmi.rom) - LOAD_OFFSET) { | |
13530 | + *(.vmi.rom) | |
13531 | + } :module | |
13532 | + | |
58c5fc13 MT |
13533 | + . = ALIGN(PAGE_SIZE); |
13534 | + .module.text : AT(ADDR(.module.text) - LOAD_OFFSET) { | |
ae4e228f MT |
13535 | + |
13536 | +#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_MODULES) | |
58c5fc13 MT |
13537 | + MODULES_EXEC_VADDR = .; |
13538 | + BYTE(0) | |
ae4e228f | 13539 | + . += (CONFIG_PAX_KERNEXEC_MODULE_TEXT * 1024 * 1024); |
58c5fc13 MT |
13540 | + . = ALIGN(PMD_SIZE); |
13541 | + MODULES_EXEC_END = . - 1; | |
58c5fc13 | 13542 | +#endif |
ae4e228f MT |
13543 | + |
13544 | + } :module | |
58c5fc13 MT |
13545 | +#endif |
13546 | + | |
13547 | /* Data */ | |
13548 | .data : AT(ADDR(.data) - LOAD_OFFSET) { | |
ae4e228f MT |
13549 | + /* End of text section */ |
13550 | + _etext = . - __KERNEL_TEXT_OFFSET; | |
58c5fc13 MT |
13551 | + |
13552 | +#ifdef CONFIG_PAX_KERNEXEC | |
13553 | + . = ALIGN(PMD_SIZE); | |
13554 | +#else | |
13555 | + . = ALIGN(PAGE_SIZE); | |
13556 | +#endif | |
13557 | + | |
13558 | /* Start of data section */ | |
13559 | _sdata = .; | |
13560 | ||
13561 | /* init_task */ | |
13562 | INIT_TASK_DATA(THREAD_SIZE) | |
13563 | ||
13564 | -#ifdef CONFIG_X86_32 | |
13565 | - /* 32 bit has nosave before _edata */ | |
13566 | NOSAVE_DATA | |
13567 | -#endif | |
13568 | ||
13569 | PAGE_ALIGNED_DATA(PAGE_SIZE) | |
ae4e228f MT |
13570 | |
13571 | @@ -194,12 +261,6 @@ SECTIONS | |
58c5fc13 MT |
13572 | } |
13573 | vgetcpu_mode = VVIRT(.vgetcpu_mode); | |
13574 | ||
ae4e228f | 13575 | - . = ALIGN(L1_CACHE_BYTES); |
58c5fc13 MT |
13576 | - .jiffies : AT(VLOAD(.jiffies)) { |
13577 | - *(.jiffies) | |
13578 | - } | |
13579 | - jiffies = VVIRT(.jiffies); | |
13580 | - | |
13581 | .vsyscall_3 ADDR(.vsyscall_0) + 3072: AT(VLOAD(.vsyscall_3)) { | |
13582 | *(.vsyscall_3) | |
13583 | } | |
ae4e228f | 13584 | @@ -215,12 +276,19 @@ SECTIONS |
58c5fc13 MT |
13585 | #endif /* CONFIG_X86_64 */ |
13586 | ||
13587 | /* Init code and data - will be freed after init */ | |
13588 | - . = ALIGN(PAGE_SIZE); | |
13589 | .init.begin : AT(ADDR(.init.begin) - LOAD_OFFSET) { | |
13590 | + BYTE(0) | |
13591 | + | |
13592 | +#ifdef CONFIG_PAX_KERNEXEC | |
13593 | + . = ALIGN(PMD_SIZE); | |
13594 | +#else | |
13595 | + . = ALIGN(PAGE_SIZE); | |
13596 | +#endif | |
13597 | + | |
13598 | __init_begin = .; /* paired with __init_end */ | |
13599 | - } | |
13600 | + } :init.begin | |
13601 | ||
13602 | -#if defined(CONFIG_X86_64) && defined(CONFIG_SMP) | |
13603 | +#ifdef CONFIG_SMP | |
13604 | /* | |
13605 | * percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the | |
13606 | * output PHDR, so the next output section - .init.text - should | |
ae4e228f | 13607 | @@ -229,12 +297,27 @@ SECTIONS |
58c5fc13 MT |
13608 | PERCPU_VADDR(0, :percpu) |
13609 | #endif | |
13610 | ||
ae4e228f | 13611 | - INIT_TEXT_SECTION(PAGE_SIZE) |
58c5fc13 MT |
13612 | -#ifdef CONFIG_X86_64 |
13613 | - :init | |
13614 | -#endif | |
ae4e228f MT |
13615 | + . = ALIGN(PAGE_SIZE); |
13616 | + init_begin = .; | |
13617 | + .init.text (. - __KERNEL_TEXT_OFFSET): AT(init_begin - LOAD_OFFSET) { | |
13618 | + VMLINUX_SYMBOL(_sinittext) = .; | |
13619 | + INIT_TEXT | |
13620 | + VMLINUX_SYMBOL(_einittext) = .; | |
13621 | + . = ALIGN(PAGE_SIZE); | |
58c5fc13 MT |
13622 | + } :text.init |
13623 | + | |
13624 | + /* | |
13625 | + * .exit.text is discard at runtime, not link time, to deal with | |
13626 | + * references from .altinstructions and .eh_frame | |
13627 | + */ | |
13628 | + .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) { | |
13629 | + EXIT_TEXT | |
13630 | + . = ALIGN(16); | |
13631 | + } :text.exit | |
13632 | + . = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text); | |
13633 | ||
ae4e228f MT |
13634 | - INIT_DATA_SECTION(16) |
13635 | + . = ALIGN(PAGE_SIZE); | |
13636 | + INIT_DATA_SECTION(16) :init | |
58c5fc13 | 13637 | |
ae4e228f MT |
13638 | .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) { |
13639 | __x86_cpu_dev_start = .; | |
13640 | @@ -260,19 +343,11 @@ SECTIONS | |
58c5fc13 MT |
13641 | *(.altinstr_replacement) |
13642 | } | |
13643 | ||
13644 | - /* | |
13645 | - * .exit.text is discard at runtime, not link time, to deal with | |
13646 | - * references from .altinstructions and .eh_frame | |
13647 | - */ | |
13648 | - .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) { | |
13649 | - EXIT_TEXT | |
13650 | - } | |
13651 | - | |
13652 | .exit.data : AT(ADDR(.exit.data) - LOAD_OFFSET) { | |
13653 | EXIT_DATA | |
13654 | } | |
58c5fc13 MT |
13655 | |
13656 | -#if !defined(CONFIG_X86_64) || !defined(CONFIG_SMP) | |
13657 | +#ifndef CONFIG_SMP | |
13658 | PERCPU(PAGE_SIZE) | |
13659 | #endif | |
13660 | ||
ae4e228f | 13661 | @@ -295,12 +370,6 @@ SECTIONS |
58c5fc13 MT |
13662 | . = ALIGN(PAGE_SIZE); |
13663 | } | |
13664 | ||
13665 | -#ifdef CONFIG_X86_64 | |
13666 | - .data_nosave : AT(ADDR(.data_nosave) - LOAD_OFFSET) { | |
13667 | - NOSAVE_DATA | |
13668 | - } | |
13669 | -#endif | |
13670 | - | |
13671 | /* BSS */ | |
13672 | . = ALIGN(PAGE_SIZE); | |
13673 | .bss : AT(ADDR(.bss) - LOAD_OFFSET) { | |
ae4e228f | 13674 | @@ -316,6 +385,7 @@ SECTIONS |
58c5fc13 MT |
13675 | __brk_base = .; |
13676 | . += 64 * 1024; /* 64k alignment slop space */ | |
13677 | *(.brk_reservation) /* areas brk users have reserved */ | |
13678 | + . = ALIGN(PMD_SIZE); | |
13679 | __brk_limit = .; | |
13680 | } | |
13681 | ||
ae4e228f | 13682 | @@ -342,13 +412,12 @@ SECTIONS |
58c5fc13 MT |
13683 | * for the boot processor. |
13684 | */ | |
13685 | #define INIT_PER_CPU(x) init_per_cpu__##x = per_cpu__##x + __per_cpu_load | |
13686 | -INIT_PER_CPU(gdt_page); | |
13687 | INIT_PER_CPU(irq_stack_union); | |
13688 | ||
13689 | /* | |
13690 | * Build-time check on the image size: | |
13691 | */ | |
13692 | -. = ASSERT((_end - _text <= KERNEL_IMAGE_SIZE), | |
13693 | +. = ASSERT((_end - _text - __KERNEL_TEXT_OFFSET <= KERNEL_IMAGE_SIZE), | |
13694 | "kernel image bigger than KERNEL_IMAGE_SIZE"); | |
13695 | ||
13696 | #ifdef CONFIG_SMP | |
ae4e228f MT |
13697 | diff -urNp linux-2.6.33.1/arch/x86/kernel/vsyscall_64.c linux-2.6.33.1/arch/x86/kernel/vsyscall_64.c |
13698 | --- linux-2.6.33.1/arch/x86/kernel/vsyscall_64.c 2010-03-15 12:09:39.000000000 -0400 | |
13699 | +++ linux-2.6.33.1/arch/x86/kernel/vsyscall_64.c 2010-03-20 16:58:39.020693949 -0400 | |
13700 | @@ -80,6 +80,7 @@ void update_vsyscall(struct timespec *wa | |
58c5fc13 MT |
13701 | |
13702 | write_seqlock_irqsave(&vsyscall_gtod_data.lock, flags); | |
13703 | /* copy vsyscall data */ | |
13704 | + strlcpy(vsyscall_gtod_data.clock.name, clock->name, sizeof vsyscall_gtod_data.clock.name); | |
13705 | vsyscall_gtod_data.clock.vread = clock->vread; | |
13706 | vsyscall_gtod_data.clock.cycle_last = clock->cycle_last; | |
13707 | vsyscall_gtod_data.clock.mask = clock->mask; | |
ae4e228f | 13708 | @@ -203,7 +204,7 @@ vgetcpu(unsigned *cpu, unsigned *node, s |
58c5fc13 MT |
13709 | We do this here because otherwise user space would do it on |
13710 | its own in a likely inferior way (no access to jiffies). | |
13711 | If you don't like it pass NULL. */ | |
13712 | - if (tcache && tcache->blob[0] == (j = __jiffies)) { | |
13713 | + if (tcache && tcache->blob[0] == (j = jiffies)) { | |
13714 | p = tcache->blob[1]; | |
13715 | } else if (__vgetcpu_mode == VGETCPU_RDTSCP) { | |
13716 | /* Load per CPU data from RDTSCP */ | |
ae4e228f MT |
13717 | diff -urNp linux-2.6.33.1/arch/x86/kernel/x8664_ksyms_64.c linux-2.6.33.1/arch/x86/kernel/x8664_ksyms_64.c |
13718 | --- linux-2.6.33.1/arch/x86/kernel/x8664_ksyms_64.c 2010-03-15 12:09:39.000000000 -0400 | |
13719 | +++ linux-2.6.33.1/arch/x86/kernel/x8664_ksyms_64.c 2010-03-20 16:58:39.020693949 -0400 | |
13720 | @@ -28,8 +28,6 @@ EXPORT_SYMBOL(__put_user_8); | |
58c5fc13 MT |
13721 | |
13722 | EXPORT_SYMBOL(copy_user_generic); | |
13723 | EXPORT_SYMBOL(__copy_user_nocache); | |
ae4e228f MT |
13724 | -EXPORT_SYMBOL(_copy_from_user); |
13725 | -EXPORT_SYMBOL(_copy_to_user); | |
58c5fc13 MT |
13726 | |
13727 | EXPORT_SYMBOL(copy_page); | |
ae4e228f MT |
13728 | EXPORT_SYMBOL(clear_page); |
13729 | diff -urNp linux-2.6.33.1/arch/x86/kernel/xsave.c linux-2.6.33.1/arch/x86/kernel/xsave.c | |
13730 | --- linux-2.6.33.1/arch/x86/kernel/xsave.c 2010-03-15 12:09:39.000000000 -0400 | |
13731 | +++ linux-2.6.33.1/arch/x86/kernel/xsave.c 2010-03-20 16:58:39.020693949 -0400 | |
13732 | @@ -54,7 +54,7 @@ int check_for_xstate(struct i387_fxsave_ | |
13733 | fx_sw_user->xstate_size > fx_sw_user->extended_size) | |
13734 | return -1; | |
13735 | ||
13736 | - err = __get_user(magic2, (__u32 *) (((void *)fpstate) + | |
13737 | + err = __get_user(magic2, (__u32 __user *) (((void __user *)fpstate) + | |
13738 | fx_sw_user->extended_size - | |
13739 | FP_XSTATE_MAGIC2_SIZE)); | |
13740 | /* | |
13741 | @@ -196,7 +196,7 @@ fx_only: | |
13742 | * the other extended state. | |
13743 | */ | |
13744 | xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE); | |
13745 | - return fxrstor_checking((__force struct i387_fxsave_struct *)buf); | |
13746 | + return fxrstor_checking((struct i387_fxsave_struct __user *)buf); | |
13747 | } | |
13748 | ||
13749 | /* | |
13750 | @@ -228,7 +228,7 @@ int restore_i387_xstate(void __user *buf | |
13751 | if (task_thread_info(tsk)->status & TS_XSAVE) | |
13752 | err = restore_user_xstate(buf); | |
13753 | else | |
13754 | - err = fxrstor_checking((__force struct i387_fxsave_struct *) | |
13755 | + err = fxrstor_checking((struct i387_fxsave_struct __user *) | |
13756 | buf); | |
13757 | if (unlikely(err)) { | |
13758 | /* | |
13759 | diff -urNp linux-2.6.33.1/arch/x86/kvm/emulate.c linux-2.6.33.1/arch/x86/kvm/emulate.c | |
13760 | --- linux-2.6.33.1/arch/x86/kvm/emulate.c 2010-03-15 12:09:39.000000000 -0400 | |
13761 | +++ linux-2.6.33.1/arch/x86/kvm/emulate.c 2010-03-20 16:58:39.024538149 -0400 | |
13762 | @@ -413,6 +413,7 @@ static u32 group2_table[] = { | |
13763 | ||
13764 | #define ____emulate_2op(_op, _src, _dst, _eflags, _x, _y, _suffix) \ | |
13765 | do { \ | |
13766 | + unsigned long _tmp; \ | |
13767 | __asm__ __volatile__ ( \ | |
13768 | _PRE_EFLAGS("0", "4", "2") \ | |
13769 | _op _suffix " %"_x"3,%1; " \ | |
13770 | @@ -426,8 +427,6 @@ static u32 group2_table[] = { | |
13771 | /* Raw emulation: instruction has two explicit operands. */ | |
13772 | #define __emulate_2op_nobyte(_op,_src,_dst,_eflags,_wx,_wy,_lx,_ly,_qx,_qy) \ | |
13773 | do { \ | |
13774 | - unsigned long _tmp; \ | |
13775 | - \ | |
13776 | switch ((_dst).bytes) { \ | |
13777 | case 2: \ | |
13778 | ____emulate_2op(_op,_src,_dst,_eflags,_wx,_wy,"w"); \ | |
13779 | @@ -443,7 +442,6 @@ static u32 group2_table[] = { | |
13780 | ||
13781 | #define __emulate_2op(_op,_src,_dst,_eflags,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \ | |
13782 | do { \ | |
13783 | - unsigned long _tmp; \ | |
13784 | switch ((_dst).bytes) { \ | |
13785 | case 1: \ | |
13786 | ____emulate_2op(_op,_src,_dst,_eflags,_bx,_by,"b"); \ | |
13787 | diff -urNp linux-2.6.33.1/arch/x86/kvm/svm.c linux-2.6.33.1/arch/x86/kvm/svm.c | |
13788 | --- linux-2.6.33.1/arch/x86/kvm/svm.c 2010-03-15 12:09:39.000000000 -0400 | |
13789 | +++ linux-2.6.33.1/arch/x86/kvm/svm.c 2010-03-20 16:58:39.024538149 -0400 | |
13790 | @@ -2428,7 +2428,11 @@ static void reload_tss(struct kvm_vcpu * | |
58c5fc13 MT |
13791 | int cpu = raw_smp_processor_id(); |
13792 | ||
ae4e228f | 13793 | struct svm_cpu_data *sd = per_cpu(svm_data, cpu); |
58c5fc13 | 13794 | + |
ae4e228f MT |
13795 | + pax_open_kernel(); |
13796 | sd->tss_desc->type = 9; /* available 32/64-bit TSS */ | |
13797 | + pax_close_kernel(); | |
58c5fc13 MT |
13798 | + |
13799 | load_TR_desc(); | |
13800 | } | |
13801 | ||
ae4e228f MT |
13802 | @@ -2910,7 +2914,7 @@ static bool svm_gb_page_enable(void) |
13803 | return true; | |
58c5fc13 MT |
13804 | } |
13805 | ||
13806 | -static struct kvm_x86_ops svm_x86_ops = { | |
13807 | +static const struct kvm_x86_ops svm_x86_ops = { | |
13808 | .cpu_has_kvm_support = has_svm, | |
13809 | .disabled_by_bios = is_disabled, | |
13810 | .hardware_setup = svm_hardware_setup, | |
ae4e228f MT |
13811 | diff -urNp linux-2.6.33.1/arch/x86/kvm/vmx.c linux-2.6.33.1/arch/x86/kvm/vmx.c |
13812 | --- linux-2.6.33.1/arch/x86/kvm/vmx.c 2010-03-15 12:09:39.000000000 -0400 | |
13813 | +++ linux-2.6.33.1/arch/x86/kvm/vmx.c 2010-03-20 16:58:39.024538149 -0400 | |
13814 | @@ -580,7 +580,11 @@ static void reload_tss(void) | |
58c5fc13 | 13815 | |
58c5fc13 MT |
13816 | kvm_get_gdt(&gdt); |
13817 | descs = (void *)gdt.base; | |
13818 | + | |
ae4e228f | 13819 | + pax_open_kernel(); |
58c5fc13 | 13820 | descs[GDT_ENTRY_TSS].type = 9; /* available TSS */ |
ae4e228f | 13821 | + pax_close_kernel(); |
58c5fc13 MT |
13822 | + |
13823 | load_TR_desc(); | |
13824 | } | |
13825 | ||
ae4e228f | 13826 | @@ -1385,8 +1389,11 @@ static __init int hardware_setup(void) |
58c5fc13 MT |
13827 | if (!cpu_has_vmx_flexpriority()) |
13828 | flexpriority_enabled = 0; | |
13829 | ||
13830 | - if (!cpu_has_vmx_tpr_shadow()) | |
13831 | - kvm_x86_ops->update_cr8_intercept = NULL; | |
13832 | + if (!cpu_has_vmx_tpr_shadow()) { | |
ae4e228f | 13833 | + pax_open_kernel(); |
58c5fc13 | 13834 | + *(void **)&kvm_x86_ops->update_cr8_intercept = NULL; |
ae4e228f | 13835 | + pax_close_kernel(); |
58c5fc13 MT |
13836 | + } |
13837 | ||
ae4e228f MT |
13838 | if (enable_ept && !cpu_has_vmx_ept_2m_page()) |
13839 | kvm_disable_largepages(); | |
13840 | @@ -2357,7 +2364,7 @@ static int vmx_vcpu_setup(struct vcpu_vm | |
58c5fc13 MT |
13841 | vmcs_writel(HOST_IDTR_BASE, dt.base); /* 22.2.4 */ |
13842 | ||
13843 | asm("mov $.Lkvm_vmx_return, %0" : "=r"(kvm_vmx_return)); | |
13844 | - vmcs_writel(HOST_RIP, kvm_vmx_return); /* 22.2.5 */ | |
13845 | + vmcs_writel(HOST_RIP, ktla_ktva(kvm_vmx_return)); /* 22.2.5 */ | |
13846 | vmcs_write32(VM_EXIT_MSR_STORE_COUNT, 0); | |
13847 | vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, 0); | |
13848 | vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, 0); | |
ae4e228f | 13849 | @@ -3742,6 +3749,12 @@ static void vmx_vcpu_run(struct kvm_vcpu |
58c5fc13 MT |
13850 | "jmp .Lkvm_vmx_return \n\t" |
13851 | ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" | |
13852 | ".Lkvm_vmx_return: " | |
13853 | + | |
13854 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) | |
13855 | + "ljmp %[cs],$.Lkvm_vmx_return2\n\t" | |
13856 | + ".Lkvm_vmx_return2: " | |
13857 | +#endif | |
13858 | + | |
13859 | /* Save guest registers, load host registers, keep flags */ | |
13860 | "xchg %0, (%%"R"sp) \n\t" | |
13861 | "mov %%"R"ax, %c[rax](%0) \n\t" | |
ae4e228f | 13862 | @@ -3788,6 +3801,11 @@ static void vmx_vcpu_run(struct kvm_vcpu |
58c5fc13 MT |
13863 | [r15]"i"(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R15])), |
13864 | #endif | |
13865 | [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)) | |
13866 | + | |
13867 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) | |
13868 | + ,[cs]"i"(__KERNEL_CS) | |
13869 | +#endif | |
13870 | + | |
13871 | : "cc", "memory" | |
13872 | , R"bx", R"di", R"si" | |
13873 | #ifdef CONFIG_X86_64 | |
ae4e228f | 13874 | @@ -3806,7 +3824,7 @@ static void vmx_vcpu_run(struct kvm_vcpu |
58c5fc13 MT |
13875 | if (vmx->rmode.irq.pending) |
13876 | fixup_rmode_irq(vmx); | |
13877 | ||
13878 | - asm("mov %0, %%ds; mov %0, %%es" : : "r"(__USER_DS)); | |
13879 | + asm("mov %0, %%ds; mov %0, %%es" : : "r"(__KERNEL_DS)); | |
13880 | vmx->launched = 1; | |
13881 | ||
13882 | vmx_complete_interrupts(vmx); | |
ae4e228f MT |
13883 | @@ -3974,7 +3992,7 @@ static bool vmx_gb_page_enable(void) |
13884 | return false; | |
58c5fc13 MT |
13885 | } |
13886 | ||
13887 | -static struct kvm_x86_ops vmx_x86_ops = { | |
13888 | +static const struct kvm_x86_ops vmx_x86_ops = { | |
13889 | .cpu_has_kvm_support = cpu_has_kvm_support, | |
13890 | .disabled_by_bios = vmx_disabled_by_bios, | |
13891 | .hardware_setup = hardware_setup, | |
ae4e228f MT |
13892 | diff -urNp linux-2.6.33.1/arch/x86/kvm/x86.c linux-2.6.33.1/arch/x86/kvm/x86.c |
13893 | --- linux-2.6.33.1/arch/x86/kvm/x86.c 2010-03-15 12:09:39.000000000 -0400 | |
13894 | +++ linux-2.6.33.1/arch/x86/kvm/x86.c 2010-03-20 16:58:39.024538149 -0400 | |
13895 | @@ -83,7 +83,7 @@ static void update_cr8_intercept(struct | |
13896 | static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid, | |
13897 | struct kvm_cpuid_entry2 __user *entries); | |
58c5fc13 MT |
13898 | |
13899 | -struct kvm_x86_ops *kvm_x86_ops; | |
13900 | +const struct kvm_x86_ops *kvm_x86_ops; | |
13901 | EXPORT_SYMBOL_GPL(kvm_x86_ops); | |
13902 | ||
ae4e228f MT |
13903 | int ignore_msrs = 0; |
13904 | @@ -109,38 +109,38 @@ static struct kvm_shared_msrs_global __r | |
13905 | static DEFINE_PER_CPU(struct kvm_shared_msrs, shared_msrs); | |
13906 | ||
58c5fc13 MT |
13907 | struct kvm_stats_debugfs_item debugfs_entries[] = { |
13908 | - { "pf_fixed", VCPU_STAT(pf_fixed) }, | |
13909 | - { "pf_guest", VCPU_STAT(pf_guest) }, | |
13910 | - { "tlb_flush", VCPU_STAT(tlb_flush) }, | |
13911 | - { "invlpg", VCPU_STAT(invlpg) }, | |
13912 | - { "exits", VCPU_STAT(exits) }, | |
13913 | - { "io_exits", VCPU_STAT(io_exits) }, | |
13914 | - { "mmio_exits", VCPU_STAT(mmio_exits) }, | |
13915 | - { "signal_exits", VCPU_STAT(signal_exits) }, | |
13916 | - { "irq_window", VCPU_STAT(irq_window_exits) }, | |
13917 | - { "nmi_window", VCPU_STAT(nmi_window_exits) }, | |
13918 | - { "halt_exits", VCPU_STAT(halt_exits) }, | |
13919 | - { "halt_wakeup", VCPU_STAT(halt_wakeup) }, | |
13920 | - { "hypercalls", VCPU_STAT(hypercalls) }, | |
13921 | - { "request_irq", VCPU_STAT(request_irq_exits) }, | |
13922 | - { "irq_exits", VCPU_STAT(irq_exits) }, | |
13923 | - { "host_state_reload", VCPU_STAT(host_state_reload) }, | |
13924 | - { "efer_reload", VCPU_STAT(efer_reload) }, | |
13925 | - { "fpu_reload", VCPU_STAT(fpu_reload) }, | |
13926 | - { "insn_emulation", VCPU_STAT(insn_emulation) }, | |
13927 | - { "insn_emulation_fail", VCPU_STAT(insn_emulation_fail) }, | |
13928 | - { "irq_injections", VCPU_STAT(irq_injections) }, | |
13929 | - { "nmi_injections", VCPU_STAT(nmi_injections) }, | |
13930 | - { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped) }, | |
13931 | - { "mmu_pte_write", VM_STAT(mmu_pte_write) }, | |
13932 | - { "mmu_pte_updated", VM_STAT(mmu_pte_updated) }, | |
13933 | - { "mmu_pde_zapped", VM_STAT(mmu_pde_zapped) }, | |
13934 | - { "mmu_flooded", VM_STAT(mmu_flooded) }, | |
13935 | - { "mmu_recycled", VM_STAT(mmu_recycled) }, | |
13936 | - { "mmu_cache_miss", VM_STAT(mmu_cache_miss) }, | |
13937 | - { "mmu_unsync", VM_STAT(mmu_unsync) }, | |
13938 | - { "remote_tlb_flush", VM_STAT(remote_tlb_flush) }, | |
13939 | - { "largepages", VM_STAT(lpages) }, | |
13940 | + { "pf_fixed", VCPU_STAT(pf_fixed), NULL }, | |
13941 | + { "pf_guest", VCPU_STAT(pf_guest), NULL }, | |
13942 | + { "tlb_flush", VCPU_STAT(tlb_flush), NULL }, | |
13943 | + { "invlpg", VCPU_STAT(invlpg), NULL }, | |
13944 | + { "exits", VCPU_STAT(exits), NULL }, | |
13945 | + { "io_exits", VCPU_STAT(io_exits), NULL }, | |
13946 | + { "mmio_exits", VCPU_STAT(mmio_exits), NULL }, | |
13947 | + { "signal_exits", VCPU_STAT(signal_exits), NULL }, | |
13948 | + { "irq_window", VCPU_STAT(irq_window_exits), NULL }, | |
13949 | + { "nmi_window", VCPU_STAT(nmi_window_exits), NULL }, | |
13950 | + { "halt_exits", VCPU_STAT(halt_exits), NULL }, | |
13951 | + { "halt_wakeup", VCPU_STAT(halt_wakeup), NULL }, | |
13952 | + { "hypercalls", VCPU_STAT(hypercalls), NULL }, | |
13953 | + { "request_irq", VCPU_STAT(request_irq_exits), NULL }, | |
13954 | + { "irq_exits", VCPU_STAT(irq_exits), NULL }, | |
13955 | + { "host_state_reload", VCPU_STAT(host_state_reload), NULL }, | |
13956 | + { "efer_reload", VCPU_STAT(efer_reload), NULL }, | |
13957 | + { "fpu_reload", VCPU_STAT(fpu_reload), NULL }, | |
13958 | + { "insn_emulation", VCPU_STAT(insn_emulation), NULL }, | |
13959 | + { "insn_emulation_fail", VCPU_STAT(insn_emulation_fail), NULL }, | |
13960 | + { "irq_injections", VCPU_STAT(irq_injections), NULL }, | |
13961 | + { "nmi_injections", VCPU_STAT(nmi_injections), NULL }, | |
13962 | + { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped), NULL }, | |
13963 | + { "mmu_pte_write", VM_STAT(mmu_pte_write), NULL }, | |
13964 | + { "mmu_pte_updated", VM_STAT(mmu_pte_updated), NULL }, | |
13965 | + { "mmu_pde_zapped", VM_STAT(mmu_pde_zapped), NULL }, | |
13966 | + { "mmu_flooded", VM_STAT(mmu_flooded), NULL }, | |
13967 | + { "mmu_recycled", VM_STAT(mmu_recycled), NULL }, | |
13968 | + { "mmu_cache_miss", VM_STAT(mmu_cache_miss), NULL }, | |
13969 | + { "mmu_unsync", VM_STAT(mmu_unsync), NULL }, | |
13970 | + { "remote_tlb_flush", VM_STAT(remote_tlb_flush), NULL }, | |
13971 | + { "largepages", VM_STAT(lpages), NULL }, | |
13972 | { NULL } | |
13973 | }; | |
13974 | ||
ae4e228f MT |
13975 | @@ -1405,6 +1405,8 @@ long kvm_arch_dev_ioctl(struct file *fil |
13976 | if (n < msr_list.nmsrs) | |
13977 | goto out; | |
13978 | r = -EFAULT; | |
13979 | + if (num_msrs_to_save > ARRAY_SIZE(msrs_to_save)) | |
13980 | + goto out; | |
13981 | if (copy_to_user(user_msr_list->indices, &msrs_to_save, | |
13982 | num_msrs_to_save * sizeof(u32))) | |
13983 | goto out; | |
13984 | @@ -1787,7 +1789,7 @@ static int kvm_vcpu_ioctl_set_lapic(stru | |
58c5fc13 MT |
13985 | static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, |
13986 | struct kvm_interrupt *irq) | |
13987 | { | |
13988 | - if (irq->irq < 0 || irq->irq >= 256) | |
13989 | + if (irq->irq >= 256) | |
13990 | return -EINVAL; | |
13991 | if (irqchip_in_kernel(vcpu->kvm)) | |
13992 | return -ENXIO; | |
ae4e228f MT |
13993 | @@ -3414,10 +3416,10 @@ static void kvm_timer_init(void) |
13994 | } | |
13995 | } | |
58c5fc13 MT |
13996 | |
13997 | -int kvm_arch_init(void *opaque) | |
13998 | +int kvm_arch_init(const void *opaque) | |
13999 | { | |
ae4e228f | 14000 | int r; |
58c5fc13 MT |
14001 | - struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque; |
14002 | + const struct kvm_x86_ops *ops = (const struct kvm_x86_ops *)opaque; | |
14003 | ||
14004 | if (kvm_x86_ops) { | |
14005 | printk(KERN_ERR "kvm: already loaded the other module\n"); | |
ae4e228f MT |
14006 | diff -urNp linux-2.6.33.1/arch/x86/lib/checksum_32.S linux-2.6.33.1/arch/x86/lib/checksum_32.S |
14007 | --- linux-2.6.33.1/arch/x86/lib/checksum_32.S 2010-03-15 12:09:39.000000000 -0400 | |
14008 | +++ linux-2.6.33.1/arch/x86/lib/checksum_32.S 2010-03-20 16:58:39.024538149 -0400 | |
58c5fc13 MT |
14009 | @@ -28,7 +28,8 @@ |
14010 | #include <linux/linkage.h> | |
14011 | #include <asm/dwarf2.h> | |
14012 | #include <asm/errno.h> | |
14013 | - | |
14014 | +#include <asm/segment.h> | |
14015 | + | |
14016 | /* | |
14017 | * computes a partial checksum, e.g. for TCP/UDP fragments | |
14018 | */ | |
14019 | @@ -304,9 +305,22 @@ unsigned int csum_partial_copy_generic ( | |
14020 | ||
14021 | #define ARGBASE 16 | |
14022 | #define FP 12 | |
14023 | - | |
14024 | -ENTRY(csum_partial_copy_generic) | |
14025 | + | |
14026 | +ENTRY(csum_partial_copy_generic_to_user) | |
14027 | CFI_STARTPROC | |
14028 | + pushl $(__USER_DS) | |
14029 | + CFI_ADJUST_CFA_OFFSET 4 | |
14030 | + popl %es | |
14031 | + CFI_ADJUST_CFA_OFFSET -4 | |
14032 | + jmp csum_partial_copy_generic | |
14033 | + | |
14034 | +ENTRY(csum_partial_copy_generic_from_user) | |
14035 | + pushl $(__USER_DS) | |
14036 | + CFI_ADJUST_CFA_OFFSET 4 | |
14037 | + popl %ds | |
14038 | + CFI_ADJUST_CFA_OFFSET -4 | |
14039 | + | |
14040 | +ENTRY(csum_partial_copy_generic) | |
14041 | subl $4,%esp | |
14042 | CFI_ADJUST_CFA_OFFSET 4 | |
14043 | pushl %edi | |
14044 | @@ -331,7 +345,7 @@ ENTRY(csum_partial_copy_generic) | |
14045 | jmp 4f | |
14046 | SRC(1: movw (%esi), %bx ) | |
14047 | addl $2, %esi | |
14048 | -DST( movw %bx, (%edi) ) | |
14049 | +DST( movw %bx, %es:(%edi) ) | |
14050 | addl $2, %edi | |
14051 | addw %bx, %ax | |
14052 | adcl $0, %eax | |
14053 | @@ -343,30 +357,30 @@ DST( movw %bx, (%edi) ) | |
14054 | SRC(1: movl (%esi), %ebx ) | |
14055 | SRC( movl 4(%esi), %edx ) | |
14056 | adcl %ebx, %eax | |
14057 | -DST( movl %ebx, (%edi) ) | |
14058 | +DST( movl %ebx, %es:(%edi) ) | |
14059 | adcl %edx, %eax | |
14060 | -DST( movl %edx, 4(%edi) ) | |
14061 | +DST( movl %edx, %es:4(%edi) ) | |
14062 | ||
14063 | SRC( movl 8(%esi), %ebx ) | |
14064 | SRC( movl 12(%esi), %edx ) | |
14065 | adcl %ebx, %eax | |
14066 | -DST( movl %ebx, 8(%edi) ) | |
14067 | +DST( movl %ebx, %es:8(%edi) ) | |
14068 | adcl %edx, %eax | |
14069 | -DST( movl %edx, 12(%edi) ) | |
14070 | +DST( movl %edx, %es:12(%edi) ) | |
14071 | ||
14072 | SRC( movl 16(%esi), %ebx ) | |
14073 | SRC( movl 20(%esi), %edx ) | |
14074 | adcl %ebx, %eax | |
14075 | -DST( movl %ebx, 16(%edi) ) | |
14076 | +DST( movl %ebx, %es:16(%edi) ) | |
14077 | adcl %edx, %eax | |
14078 | -DST( movl %edx, 20(%edi) ) | |
14079 | +DST( movl %edx, %es:20(%edi) ) | |
14080 | ||
14081 | SRC( movl 24(%esi), %ebx ) | |
14082 | SRC( movl 28(%esi), %edx ) | |
14083 | adcl %ebx, %eax | |
14084 | -DST( movl %ebx, 24(%edi) ) | |
14085 | +DST( movl %ebx, %es:24(%edi) ) | |
14086 | adcl %edx, %eax | |
14087 | -DST( movl %edx, 28(%edi) ) | |
14088 | +DST( movl %edx, %es:28(%edi) ) | |
14089 | ||
14090 | lea 32(%esi), %esi | |
14091 | lea 32(%edi), %edi | |
14092 | @@ -380,7 +394,7 @@ DST( movl %edx, 28(%edi) ) | |
14093 | shrl $2, %edx # This clears CF | |
14094 | SRC(3: movl (%esi), %ebx ) | |
14095 | adcl %ebx, %eax | |
14096 | -DST( movl %ebx, (%edi) ) | |
14097 | +DST( movl %ebx, %es:(%edi) ) | |
14098 | lea 4(%esi), %esi | |
14099 | lea 4(%edi), %edi | |
14100 | dec %edx | |
14101 | @@ -392,12 +406,12 @@ DST( movl %ebx, (%edi) ) | |
14102 | jb 5f | |
14103 | SRC( movw (%esi), %cx ) | |
14104 | leal 2(%esi), %esi | |
14105 | -DST( movw %cx, (%edi) ) | |
14106 | +DST( movw %cx, %es:(%edi) ) | |
14107 | leal 2(%edi), %edi | |
14108 | je 6f | |
14109 | shll $16,%ecx | |
14110 | SRC(5: movb (%esi), %cl ) | |
14111 | -DST( movb %cl, (%edi) ) | |
14112 | +DST( movb %cl, %es:(%edi) ) | |
14113 | 6: addl %ecx, %eax | |
14114 | adcl $0, %eax | |
14115 | 7: | |
14116 | @@ -408,7 +422,7 @@ DST( movb %cl, (%edi) ) | |
14117 | ||
14118 | 6001: | |
14119 | movl ARGBASE+20(%esp), %ebx # src_err_ptr | |
14120 | - movl $-EFAULT, (%ebx) | |
14121 | + movl $-EFAULT, %ss:(%ebx) | |
14122 | ||
14123 | # zero the complete destination - computing the rest | |
14124 | # is too much work | |
14125 | @@ -421,11 +435,19 @@ DST( movb %cl, (%edi) ) | |
14126 | ||
14127 | 6002: | |
14128 | movl ARGBASE+24(%esp), %ebx # dst_err_ptr | |
14129 | - movl $-EFAULT,(%ebx) | |
14130 | + movl $-EFAULT,%ss:(%ebx) | |
14131 | jmp 5000b | |
14132 | ||
14133 | .previous | |
14134 | ||
14135 | + pushl %ss | |
14136 | + CFI_ADJUST_CFA_OFFSET 4 | |
14137 | + popl %ds | |
14138 | + CFI_ADJUST_CFA_OFFSET -4 | |
14139 | + pushl %ss | |
14140 | + CFI_ADJUST_CFA_OFFSET 4 | |
14141 | + popl %es | |
14142 | + CFI_ADJUST_CFA_OFFSET -4 | |
14143 | popl %ebx | |
14144 | CFI_ADJUST_CFA_OFFSET -4 | |
14145 | CFI_RESTORE ebx | |
14146 | @@ -439,26 +461,41 @@ DST( movb %cl, (%edi) ) | |
14147 | CFI_ADJUST_CFA_OFFSET -4 | |
14148 | ret | |
14149 | CFI_ENDPROC | |
14150 | -ENDPROC(csum_partial_copy_generic) | |
14151 | +ENDPROC(csum_partial_copy_generic_to_user) | |
14152 | ||
14153 | #else | |
14154 | ||
14155 | /* Version for PentiumII/PPro */ | |
14156 | ||
14157 | #define ROUND1(x) \ | |
14158 | + nop; nop; nop; \ | |
14159 | SRC(movl x(%esi), %ebx ) ; \ | |
14160 | addl %ebx, %eax ; \ | |
14161 | - DST(movl %ebx, x(%edi) ) ; | |
14162 | + DST(movl %ebx, %es:x(%edi)) ; | |
14163 | ||
14164 | #define ROUND(x) \ | |
14165 | + nop; nop; nop; \ | |
14166 | SRC(movl x(%esi), %ebx ) ; \ | |
14167 | adcl %ebx, %eax ; \ | |
14168 | - DST(movl %ebx, x(%edi) ) ; | |
14169 | + DST(movl %ebx, %es:x(%edi)) ; | |
14170 | ||
14171 | #define ARGBASE 12 | |
14172 | - | |
14173 | -ENTRY(csum_partial_copy_generic) | |
14174 | + | |
14175 | +ENTRY(csum_partial_copy_generic_to_user) | |
14176 | CFI_STARTPROC | |
14177 | + pushl $(__USER_DS) | |
14178 | + CFI_ADJUST_CFA_OFFSET 4 | |
14179 | + popl %es | |
14180 | + CFI_ADJUST_CFA_OFFSET -4 | |
14181 | + jmp csum_partial_copy_generic | |
14182 | + | |
14183 | +ENTRY(csum_partial_copy_generic_from_user) | |
14184 | + pushl $(__USER_DS) | |
14185 | + CFI_ADJUST_CFA_OFFSET 4 | |
14186 | + popl %ds | |
14187 | + CFI_ADJUST_CFA_OFFSET -4 | |
14188 | + | |
14189 | +ENTRY(csum_partial_copy_generic) | |
14190 | pushl %ebx | |
14191 | CFI_ADJUST_CFA_OFFSET 4 | |
14192 | CFI_REL_OFFSET ebx, 0 | |
14193 | @@ -482,7 +519,7 @@ ENTRY(csum_partial_copy_generic) | |
14194 | subl %ebx, %edi | |
14195 | lea -1(%esi),%edx | |
14196 | andl $-32,%edx | |
14197 | - lea 3f(%ebx,%ebx), %ebx | |
14198 | + lea 3f(%ebx,%ebx,2), %ebx | |
14199 | testl %esi, %esi | |
14200 | jmp *%ebx | |
14201 | 1: addl $64,%esi | |
14202 | @@ -503,19 +540,19 @@ ENTRY(csum_partial_copy_generic) | |
14203 | jb 5f | |
14204 | SRC( movw (%esi), %dx ) | |
14205 | leal 2(%esi), %esi | |
14206 | -DST( movw %dx, (%edi) ) | |
14207 | +DST( movw %dx, %es:(%edi) ) | |
14208 | leal 2(%edi), %edi | |
14209 | je 6f | |
14210 | shll $16,%edx | |
14211 | 5: | |
14212 | SRC( movb (%esi), %dl ) | |
14213 | -DST( movb %dl, (%edi) ) | |
14214 | +DST( movb %dl, %es:(%edi) ) | |
14215 | 6: addl %edx, %eax | |
14216 | adcl $0, %eax | |
14217 | 7: | |
14218 | .section .fixup, "ax" | |
14219 | 6001: movl ARGBASE+20(%esp), %ebx # src_err_ptr | |
14220 | - movl $-EFAULT, (%ebx) | |
14221 | + movl $-EFAULT, %ss:(%ebx) | |
14222 | # zero the complete destination (computing the rest is too much work) | |
14223 | movl ARGBASE+8(%esp),%edi # dst | |
14224 | movl ARGBASE+12(%esp),%ecx # len | |
14225 | @@ -523,10 +560,18 @@ DST( movb %dl, (%edi) ) | |
14226 | rep; stosb | |
14227 | jmp 7b | |
14228 | 6002: movl ARGBASE+24(%esp), %ebx # dst_err_ptr | |
14229 | - movl $-EFAULT, (%ebx) | |
14230 | + movl $-EFAULT, %ss:(%ebx) | |
14231 | jmp 7b | |
14232 | .previous | |
14233 | ||
14234 | + pushl %ss | |
14235 | + CFI_ADJUST_CFA_OFFSET 4 | |
14236 | + popl %ds | |
14237 | + CFI_ADJUST_CFA_OFFSET -4 | |
14238 | + pushl %ss | |
14239 | + CFI_ADJUST_CFA_OFFSET 4 | |
14240 | + popl %es | |
14241 | + CFI_ADJUST_CFA_OFFSET -4 | |
14242 | popl %esi | |
14243 | CFI_ADJUST_CFA_OFFSET -4 | |
14244 | CFI_RESTORE esi | |
14245 | @@ -538,7 +583,7 @@ DST( movb %dl, (%edi) ) | |
14246 | CFI_RESTORE ebx | |
14247 | ret | |
14248 | CFI_ENDPROC | |
14249 | -ENDPROC(csum_partial_copy_generic) | |
14250 | +ENDPROC(csum_partial_copy_generic_to_user) | |
14251 | ||
14252 | #undef ROUND | |
14253 | #undef ROUND1 | |
ae4e228f MT |
14254 | diff -urNp linux-2.6.33.1/arch/x86/lib/clear_page_64.S linux-2.6.33.1/arch/x86/lib/clear_page_64.S |
14255 | --- linux-2.6.33.1/arch/x86/lib/clear_page_64.S 2010-03-15 12:09:39.000000000 -0400 | |
14256 | +++ linux-2.6.33.1/arch/x86/lib/clear_page_64.S 2010-03-20 16:58:39.028522513 -0400 | |
58c5fc13 MT |
14257 | @@ -43,7 +43,7 @@ ENDPROC(clear_page) |
14258 | ||
14259 | #include <asm/cpufeature.h> | |
14260 | ||
14261 | - .section .altinstr_replacement,"ax" | |
14262 | + .section .altinstr_replacement,"a" | |
14263 | 1: .byte 0xeb /* jmp <disp8> */ | |
14264 | .byte (clear_page_c - clear_page) - (2f - 1b) /* offset */ | |
14265 | 2: | |
ae4e228f MT |
14266 | diff -urNp linux-2.6.33.1/arch/x86/lib/copy_page_64.S linux-2.6.33.1/arch/x86/lib/copy_page_64.S |
14267 | --- linux-2.6.33.1/arch/x86/lib/copy_page_64.S 2010-03-15 12:09:39.000000000 -0400 | |
14268 | +++ linux-2.6.33.1/arch/x86/lib/copy_page_64.S 2010-03-20 16:58:39.028522513 -0400 | |
58c5fc13 MT |
14269 | @@ -104,7 +104,7 @@ ENDPROC(copy_page) |
14270 | ||
14271 | #include <asm/cpufeature.h> | |
14272 | ||
14273 | - .section .altinstr_replacement,"ax" | |
14274 | + .section .altinstr_replacement,"a" | |
14275 | 1: .byte 0xeb /* jmp <disp8> */ | |
14276 | .byte (copy_page_c - copy_page) - (2f - 1b) /* offset */ | |
14277 | 2: | |
ae4e228f MT |
14278 | diff -urNp linux-2.6.33.1/arch/x86/lib/copy_user_64.S linux-2.6.33.1/arch/x86/lib/copy_user_64.S |
14279 | --- linux-2.6.33.1/arch/x86/lib/copy_user_64.S 2010-03-15 12:09:39.000000000 -0400 | |
14280 | +++ linux-2.6.33.1/arch/x86/lib/copy_user_64.S 2010-03-20 16:58:39.028522513 -0400 | |
58c5fc13 MT |
14281 | @@ -21,7 +21,7 @@ |
14282 | .byte 0xe9 /* 32bit jump */ | |
14283 | .long \orig-1f /* by default jump to orig */ | |
14284 | 1: | |
14285 | - .section .altinstr_replacement,"ax" | |
14286 | + .section .altinstr_replacement,"a" | |
14287 | 2: .byte 0xe9 /* near jump with 32bit immediate */ | |
14288 | .long \alt-1b /* offset */ /* or alternatively to alt */ | |
14289 | .previous | |
14290 | @@ -64,32 +64,6 @@ | |
14291 | #endif | |
14292 | .endm | |
14293 | ||
14294 | -/* Standard copy_to_user with segment limit checking */ | |
ae4e228f | 14295 | -ENTRY(_copy_to_user) |
58c5fc13 MT |
14296 | - CFI_STARTPROC |
14297 | - GET_THREAD_INFO(%rax) | |
14298 | - movq %rdi,%rcx | |
14299 | - addq %rdx,%rcx | |
14300 | - jc bad_to_user | |
14301 | - cmpq TI_addr_limit(%rax),%rcx | |
14302 | - jae bad_to_user | |
14303 | - ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string | |
14304 | - CFI_ENDPROC | |
ae4e228f | 14305 | -ENDPROC(_copy_to_user) |
58c5fc13 MT |
14306 | - |
14307 | -/* Standard copy_from_user with segment limit checking */ | |
ae4e228f | 14308 | -ENTRY(_copy_from_user) |
58c5fc13 MT |
14309 | - CFI_STARTPROC |
14310 | - GET_THREAD_INFO(%rax) | |
14311 | - movq %rsi,%rcx | |
14312 | - addq %rdx,%rcx | |
14313 | - jc bad_from_user | |
14314 | - cmpq TI_addr_limit(%rax),%rcx | |
14315 | - jae bad_from_user | |
14316 | - ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string | |
14317 | - CFI_ENDPROC | |
ae4e228f | 14318 | -ENDPROC(_copy_from_user) |
58c5fc13 MT |
14319 | - |
14320 | ENTRY(copy_user_generic) | |
14321 | CFI_STARTPROC | |
14322 | ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string | |
ae4e228f | 14323 | @@ -101,6 +75,8 @@ ENDPROC(copy_user_generic) |
58c5fc13 MT |
14324 | ENTRY(bad_from_user) |
14325 | bad_from_user: | |
14326 | CFI_STARTPROC | |
14327 | + testl %edx,%edx | |
14328 | + js bad_to_user | |
14329 | movl %edx,%ecx | |
14330 | xorl %eax,%eax | |
14331 | rep | |
ae4e228f MT |
14332 | diff -urNp linux-2.6.33.1/arch/x86/lib/getuser.S linux-2.6.33.1/arch/x86/lib/getuser.S |
14333 | --- linux-2.6.33.1/arch/x86/lib/getuser.S 2010-03-15 12:09:39.000000000 -0400 | |
14334 | +++ linux-2.6.33.1/arch/x86/lib/getuser.S 2010-03-20 16:58:39.028522513 -0400 | |
14335 | @@ -33,14 +33,28 @@ | |
58c5fc13 MT |
14336 | #include <asm/asm-offsets.h> |
14337 | #include <asm/thread_info.h> | |
14338 | #include <asm/asm.h> | |
14339 | +#include <asm/segment.h> | |
14340 | ||
14341 | .text | |
14342 | ENTRY(__get_user_1) | |
ae4e228f | 14343 | CFI_STARTPROC |
58c5fc13 | 14344 | + |
ae4e228f | 14345 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14346 | + pushl $(__USER_DS) |
14347 | + popl %ds | |
ae4e228f MT |
14348 | +#else |
14349 | GET_THREAD_INFO(%_ASM_DX) | |
14350 | cmp TI_addr_limit(%_ASM_DX),%_ASM_AX | |
14351 | jae bad_get_user | |
58c5fc13 MT |
14352 | +#endif |
14353 | + | |
14354 | 1: movzb (%_ASM_AX),%edx | |
14355 | + | |
ae4e228f | 14356 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14357 | + pushl %ss |
14358 | + pop %ds | |
14359 | +#endif | |
14360 | + | |
14361 | xor %eax,%eax | |
14362 | ret | |
14363 | CFI_ENDPROC | |
ae4e228f MT |
14364 | @@ -49,11 +63,24 @@ ENDPROC(__get_user_1) |
14365 | ENTRY(__get_user_2) | |
14366 | CFI_STARTPROC | |
14367 | add $1,%_ASM_AX | |
58c5fc13 | 14368 | + |
ae4e228f | 14369 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14370 | + pushl $(__USER_DS) |
14371 | + popl %ds | |
ae4e228f MT |
14372 | +#else |
14373 | jc bad_get_user | |
14374 | GET_THREAD_INFO(%_ASM_DX) | |
14375 | cmp TI_addr_limit(%_ASM_DX),%_ASM_AX | |
14376 | jae bad_get_user | |
58c5fc13 MT |
14377 | +#endif |
14378 | + | |
14379 | 2: movzwl -1(%_ASM_AX),%edx | |
14380 | + | |
ae4e228f | 14381 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14382 | + pushl %ss |
14383 | + pop %ds | |
14384 | +#endif | |
14385 | + | |
14386 | xor %eax,%eax | |
14387 | ret | |
14388 | CFI_ENDPROC | |
ae4e228f MT |
14389 | @@ -62,11 +89,24 @@ ENDPROC(__get_user_2) |
14390 | ENTRY(__get_user_4) | |
14391 | CFI_STARTPROC | |
14392 | add $3,%_ASM_AX | |
58c5fc13 | 14393 | + |
ae4e228f | 14394 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14395 | + pushl $(__USER_DS) |
14396 | + popl %ds | |
ae4e228f MT |
14397 | +#else |
14398 | jc bad_get_user | |
14399 | GET_THREAD_INFO(%_ASM_DX) | |
14400 | cmp TI_addr_limit(%_ASM_DX),%_ASM_AX | |
14401 | jae bad_get_user | |
58c5fc13 MT |
14402 | +#endif |
14403 | + | |
14404 | 3: mov -3(%_ASM_AX),%edx | |
14405 | + | |
ae4e228f | 14406 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14407 | + pushl %ss |
14408 | + pop %ds | |
14409 | +#endif | |
14410 | + | |
14411 | xor %eax,%eax | |
14412 | ret | |
14413 | CFI_ENDPROC | |
ae4e228f | 14414 | @@ -89,6 +129,12 @@ ENDPROC(__get_user_8) |
58c5fc13 MT |
14415 | |
14416 | bad_get_user: | |
14417 | CFI_STARTPROC | |
14418 | + | |
ae4e228f | 14419 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14420 | + pushl %ss |
14421 | + pop %ds | |
14422 | +#endif | |
14423 | + | |
14424 | xor %edx,%edx | |
14425 | mov $(-EFAULT),%_ASM_AX | |
14426 | ret | |
ae4e228f MT |
14427 | diff -urNp linux-2.6.33.1/arch/x86/lib/memcpy_64.S linux-2.6.33.1/arch/x86/lib/memcpy_64.S |
14428 | --- linux-2.6.33.1/arch/x86/lib/memcpy_64.S 2010-03-15 12:09:39.000000000 -0400 | |
14429 | +++ linux-2.6.33.1/arch/x86/lib/memcpy_64.S 2010-03-20 16:58:39.028522513 -0400 | |
58c5fc13 MT |
14430 | @@ -128,7 +128,7 @@ ENDPROC(__memcpy) |
14431 | * It is also a lot simpler. Use this when possible: | |
14432 | */ | |
14433 | ||
14434 | - .section .altinstr_replacement, "ax" | |
14435 | + .section .altinstr_replacement, "a" | |
14436 | 1: .byte 0xeb /* jmp <disp8> */ | |
14437 | .byte (memcpy_c - memcpy) - (2f - 1b) /* offset */ | |
14438 | 2: | |
ae4e228f MT |
14439 | diff -urNp linux-2.6.33.1/arch/x86/lib/memset_64.S linux-2.6.33.1/arch/x86/lib/memset_64.S |
14440 | --- linux-2.6.33.1/arch/x86/lib/memset_64.S 2010-03-15 12:09:39.000000000 -0400 | |
14441 | +++ linux-2.6.33.1/arch/x86/lib/memset_64.S 2010-03-20 16:58:39.028522513 -0400 | |
58c5fc13 MT |
14442 | @@ -118,7 +118,7 @@ ENDPROC(__memset) |
14443 | ||
14444 | #include <asm/cpufeature.h> | |
14445 | ||
14446 | - .section .altinstr_replacement,"ax" | |
14447 | + .section .altinstr_replacement,"a" | |
14448 | 1: .byte 0xeb /* jmp <disp8> */ | |
14449 | .byte (memset_c - memset) - (2f - 1b) /* offset */ | |
14450 | 2: | |
ae4e228f MT |
14451 | diff -urNp linux-2.6.33.1/arch/x86/lib/mmx_32.c linux-2.6.33.1/arch/x86/lib/mmx_32.c |
14452 | --- linux-2.6.33.1/arch/x86/lib/mmx_32.c 2010-03-15 12:09:39.000000000 -0400 | |
14453 | +++ linux-2.6.33.1/arch/x86/lib/mmx_32.c 2010-03-20 16:58:39.028522513 -0400 | |
58c5fc13 MT |
14454 | @@ -29,6 +29,7 @@ void *_mmx_memcpy(void *to, const void * |
14455 | { | |
14456 | void *p; | |
14457 | int i; | |
14458 | + unsigned long cr0; | |
14459 | ||
14460 | if (unlikely(in_interrupt())) | |
14461 | return __memcpy(to, from, len); | |
14462 | @@ -39,44 +40,72 @@ void *_mmx_memcpy(void *to, const void * | |
14463 | kernel_fpu_begin(); | |
14464 | ||
14465 | __asm__ __volatile__ ( | |
14466 | - "1: prefetch (%0)\n" /* This set is 28 bytes */ | |
14467 | - " prefetch 64(%0)\n" | |
14468 | - " prefetch 128(%0)\n" | |
14469 | - " prefetch 192(%0)\n" | |
14470 | - " prefetch 256(%0)\n" | |
14471 | + "1: prefetch (%1)\n" /* This set is 28 bytes */ | |
14472 | + " prefetch 64(%1)\n" | |
14473 | + " prefetch 128(%1)\n" | |
14474 | + " prefetch 192(%1)\n" | |
14475 | + " prefetch 256(%1)\n" | |
14476 | "2: \n" | |
14477 | ".section .fixup, \"ax\"\n" | |
14478 | - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */ | |
14479 | + "3: \n" | |
14480 | + | |
14481 | +#ifdef CONFIG_PAX_KERNEXEC | |
14482 | + " movl %%cr0, %0\n" | |
14483 | + " movl %0, %%eax\n" | |
14484 | + " andl $0xFFFEFFFF, %%eax\n" | |
14485 | + " movl %%eax, %%cr0\n" | |
14486 | +#endif | |
14487 | + | |
14488 | + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */ | |
14489 | + | |
14490 | +#ifdef CONFIG_PAX_KERNEXEC | |
14491 | + " movl %0, %%cr0\n" | |
14492 | +#endif | |
14493 | + | |
14494 | " jmp 2b\n" | |
14495 | ".previous\n" | |
14496 | _ASM_EXTABLE(1b, 3b) | |
14497 | - : : "r" (from)); | |
14498 | + : "=&r" (cr0) : "r" (from) : "ax"); | |
14499 | ||
14500 | for ( ; i > 5; i--) { | |
14501 | __asm__ __volatile__ ( | |
14502 | - "1: prefetch 320(%0)\n" | |
14503 | - "2: movq (%0), %%mm0\n" | |
14504 | - " movq 8(%0), %%mm1\n" | |
14505 | - " movq 16(%0), %%mm2\n" | |
14506 | - " movq 24(%0), %%mm3\n" | |
14507 | - " movq %%mm0, (%1)\n" | |
14508 | - " movq %%mm1, 8(%1)\n" | |
14509 | - " movq %%mm2, 16(%1)\n" | |
14510 | - " movq %%mm3, 24(%1)\n" | |
14511 | - " movq 32(%0), %%mm0\n" | |
14512 | - " movq 40(%0), %%mm1\n" | |
14513 | - " movq 48(%0), %%mm2\n" | |
14514 | - " movq 56(%0), %%mm3\n" | |
14515 | - " movq %%mm0, 32(%1)\n" | |
14516 | - " movq %%mm1, 40(%1)\n" | |
14517 | - " movq %%mm2, 48(%1)\n" | |
14518 | - " movq %%mm3, 56(%1)\n" | |
14519 | + "1: prefetch 320(%1)\n" | |
14520 | + "2: movq (%1), %%mm0\n" | |
14521 | + " movq 8(%1), %%mm1\n" | |
14522 | + " movq 16(%1), %%mm2\n" | |
14523 | + " movq 24(%1), %%mm3\n" | |
14524 | + " movq %%mm0, (%2)\n" | |
14525 | + " movq %%mm1, 8(%2)\n" | |
14526 | + " movq %%mm2, 16(%2)\n" | |
14527 | + " movq %%mm3, 24(%2)\n" | |
14528 | + " movq 32(%1), %%mm0\n" | |
14529 | + " movq 40(%1), %%mm1\n" | |
14530 | + " movq 48(%1), %%mm2\n" | |
14531 | + " movq 56(%1), %%mm3\n" | |
14532 | + " movq %%mm0, 32(%2)\n" | |
14533 | + " movq %%mm1, 40(%2)\n" | |
14534 | + " movq %%mm2, 48(%2)\n" | |
14535 | + " movq %%mm3, 56(%2)\n" | |
14536 | ".section .fixup, \"ax\"\n" | |
14537 | - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */ | |
14538 | + "3:\n" | |
14539 | + | |
14540 | +#ifdef CONFIG_PAX_KERNEXEC | |
14541 | + " movl %%cr0, %0\n" | |
14542 | + " movl %0, %%eax\n" | |
14543 | + " andl $0xFFFEFFFF, %%eax\n" | |
14544 | + " movl %%eax, %%cr0\n" | |
14545 | +#endif | |
14546 | + | |
14547 | + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */ | |
14548 | + | |
14549 | +#ifdef CONFIG_PAX_KERNEXEC | |
14550 | + " movl %0, %%cr0\n" | |
14551 | +#endif | |
14552 | + | |
14553 | " jmp 2b\n" | |
14554 | ".previous\n" | |
14555 | _ASM_EXTABLE(1b, 3b) | |
14556 | - : : "r" (from), "r" (to) : "memory"); | |
14557 | + : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax"); | |
14558 | ||
14559 | from += 64; | |
14560 | to += 64; | |
14561 | @@ -158,6 +187,7 @@ static void fast_clear_page(void *page) | |
14562 | static void fast_copy_page(void *to, void *from) | |
14563 | { | |
14564 | int i; | |
14565 | + unsigned long cr0; | |
14566 | ||
14567 | kernel_fpu_begin(); | |
14568 | ||
14569 | @@ -166,42 +196,70 @@ static void fast_copy_page(void *to, voi | |
14570 | * but that is for later. -AV | |
14571 | */ | |
14572 | __asm__ __volatile__( | |
14573 | - "1: prefetch (%0)\n" | |
14574 | - " prefetch 64(%0)\n" | |
14575 | - " prefetch 128(%0)\n" | |
14576 | - " prefetch 192(%0)\n" | |
14577 | - " prefetch 256(%0)\n" | |
14578 | + "1: prefetch (%1)\n" | |
14579 | + " prefetch 64(%1)\n" | |
14580 | + " prefetch 128(%1)\n" | |
14581 | + " prefetch 192(%1)\n" | |
14582 | + " prefetch 256(%1)\n" | |
14583 | "2: \n" | |
14584 | ".section .fixup, \"ax\"\n" | |
14585 | - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */ | |
14586 | + "3: \n" | |
14587 | + | |
14588 | +#ifdef CONFIG_PAX_KERNEXEC | |
14589 | + " movl %%cr0, %0\n" | |
14590 | + " movl %0, %%eax\n" | |
14591 | + " andl $0xFFFEFFFF, %%eax\n" | |
14592 | + " movl %%eax, %%cr0\n" | |
14593 | +#endif | |
14594 | + | |
14595 | + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */ | |
14596 | + | |
14597 | +#ifdef CONFIG_PAX_KERNEXEC | |
14598 | + " movl %0, %%cr0\n" | |
14599 | +#endif | |
14600 | + | |
14601 | " jmp 2b\n" | |
14602 | ".previous\n" | |
14603 | - _ASM_EXTABLE(1b, 3b) : : "r" (from)); | |
14604 | + _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from) : "ax"); | |
14605 | ||
14606 | for (i = 0; i < (4096-320)/64; i++) { | |
14607 | __asm__ __volatile__ ( | |
14608 | - "1: prefetch 320(%0)\n" | |
14609 | - "2: movq (%0), %%mm0\n" | |
14610 | - " movntq %%mm0, (%1)\n" | |
14611 | - " movq 8(%0), %%mm1\n" | |
14612 | - " movntq %%mm1, 8(%1)\n" | |
14613 | - " movq 16(%0), %%mm2\n" | |
14614 | - " movntq %%mm2, 16(%1)\n" | |
14615 | - " movq 24(%0), %%mm3\n" | |
14616 | - " movntq %%mm3, 24(%1)\n" | |
14617 | - " movq 32(%0), %%mm4\n" | |
14618 | - " movntq %%mm4, 32(%1)\n" | |
14619 | - " movq 40(%0), %%mm5\n" | |
14620 | - " movntq %%mm5, 40(%1)\n" | |
14621 | - " movq 48(%0), %%mm6\n" | |
14622 | - " movntq %%mm6, 48(%1)\n" | |
14623 | - " movq 56(%0), %%mm7\n" | |
14624 | - " movntq %%mm7, 56(%1)\n" | |
14625 | + "1: prefetch 320(%1)\n" | |
14626 | + "2: movq (%1), %%mm0\n" | |
14627 | + " movntq %%mm0, (%2)\n" | |
14628 | + " movq 8(%1), %%mm1\n" | |
14629 | + " movntq %%mm1, 8(%2)\n" | |
14630 | + " movq 16(%1), %%mm2\n" | |
14631 | + " movntq %%mm2, 16(%2)\n" | |
14632 | + " movq 24(%1), %%mm3\n" | |
14633 | + " movntq %%mm3, 24(%2)\n" | |
14634 | + " movq 32(%1), %%mm4\n" | |
14635 | + " movntq %%mm4, 32(%2)\n" | |
14636 | + " movq 40(%1), %%mm5\n" | |
14637 | + " movntq %%mm5, 40(%2)\n" | |
14638 | + " movq 48(%1), %%mm6\n" | |
14639 | + " movntq %%mm6, 48(%2)\n" | |
14640 | + " movq 56(%1), %%mm7\n" | |
14641 | + " movntq %%mm7, 56(%2)\n" | |
14642 | ".section .fixup, \"ax\"\n" | |
14643 | - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */ | |
14644 | + "3:\n" | |
14645 | + | |
14646 | +#ifdef CONFIG_PAX_KERNEXEC | |
14647 | + " movl %%cr0, %0\n" | |
14648 | + " movl %0, %%eax\n" | |
14649 | + " andl $0xFFFEFFFF, %%eax\n" | |
14650 | + " movl %%eax, %%cr0\n" | |
14651 | +#endif | |
14652 | + | |
14653 | + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */ | |
14654 | + | |
14655 | +#ifdef CONFIG_PAX_KERNEXEC | |
14656 | + " movl %0, %%cr0\n" | |
14657 | +#endif | |
14658 | + | |
14659 | " jmp 2b\n" | |
14660 | ".previous\n" | |
14661 | - _ASM_EXTABLE(1b, 3b) : : "r" (from), "r" (to) : "memory"); | |
14662 | + _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax"); | |
14663 | ||
14664 | from += 64; | |
14665 | to += 64; | |
14666 | @@ -280,47 +338,76 @@ static void fast_clear_page(void *page) | |
14667 | static void fast_copy_page(void *to, void *from) | |
14668 | { | |
14669 | int i; | |
14670 | + unsigned long cr0; | |
14671 | ||
14672 | kernel_fpu_begin(); | |
14673 | ||
14674 | __asm__ __volatile__ ( | |
14675 | - "1: prefetch (%0)\n" | |
14676 | - " prefetch 64(%0)\n" | |
14677 | - " prefetch 128(%0)\n" | |
14678 | - " prefetch 192(%0)\n" | |
14679 | - " prefetch 256(%0)\n" | |
14680 | + "1: prefetch (%1)\n" | |
14681 | + " prefetch 64(%1)\n" | |
14682 | + " prefetch 128(%1)\n" | |
14683 | + " prefetch 192(%1)\n" | |
14684 | + " prefetch 256(%1)\n" | |
14685 | "2: \n" | |
14686 | ".section .fixup, \"ax\"\n" | |
14687 | - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */ | |
14688 | + "3: \n" | |
14689 | + | |
14690 | +#ifdef CONFIG_PAX_KERNEXEC | |
14691 | + " movl %%cr0, %0\n" | |
14692 | + " movl %0, %%eax\n" | |
14693 | + " andl $0xFFFEFFFF, %%eax\n" | |
14694 | + " movl %%eax, %%cr0\n" | |
14695 | +#endif | |
14696 | + | |
14697 | + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */ | |
14698 | + | |
14699 | +#ifdef CONFIG_PAX_KERNEXEC | |
14700 | + " movl %0, %%cr0\n" | |
14701 | +#endif | |
14702 | + | |
14703 | " jmp 2b\n" | |
14704 | ".previous\n" | |
14705 | - _ASM_EXTABLE(1b, 3b) : : "r" (from)); | |
14706 | + _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from) : "ax"); | |
14707 | ||
14708 | for (i = 0; i < 4096/64; i++) { | |
14709 | __asm__ __volatile__ ( | |
14710 | - "1: prefetch 320(%0)\n" | |
14711 | - "2: movq (%0), %%mm0\n" | |
14712 | - " movq 8(%0), %%mm1\n" | |
14713 | - " movq 16(%0), %%mm2\n" | |
14714 | - " movq 24(%0), %%mm3\n" | |
14715 | - " movq %%mm0, (%1)\n" | |
14716 | - " movq %%mm1, 8(%1)\n" | |
14717 | - " movq %%mm2, 16(%1)\n" | |
14718 | - " movq %%mm3, 24(%1)\n" | |
14719 | - " movq 32(%0), %%mm0\n" | |
14720 | - " movq 40(%0), %%mm1\n" | |
14721 | - " movq 48(%0), %%mm2\n" | |
14722 | - " movq 56(%0), %%mm3\n" | |
14723 | - " movq %%mm0, 32(%1)\n" | |
14724 | - " movq %%mm1, 40(%1)\n" | |
14725 | - " movq %%mm2, 48(%1)\n" | |
14726 | - " movq %%mm3, 56(%1)\n" | |
14727 | + "1: prefetch 320(%1)\n" | |
14728 | + "2: movq (%1), %%mm0\n" | |
14729 | + " movq 8(%1), %%mm1\n" | |
14730 | + " movq 16(%1), %%mm2\n" | |
14731 | + " movq 24(%1), %%mm3\n" | |
14732 | + " movq %%mm0, (%2)\n" | |
14733 | + " movq %%mm1, 8(%2)\n" | |
14734 | + " movq %%mm2, 16(%2)\n" | |
14735 | + " movq %%mm3, 24(%2)\n" | |
14736 | + " movq 32(%1), %%mm0\n" | |
14737 | + " movq 40(%1), %%mm1\n" | |
14738 | + " movq 48(%1), %%mm2\n" | |
14739 | + " movq 56(%1), %%mm3\n" | |
14740 | + " movq %%mm0, 32(%2)\n" | |
14741 | + " movq %%mm1, 40(%2)\n" | |
14742 | + " movq %%mm2, 48(%2)\n" | |
14743 | + " movq %%mm3, 56(%2)\n" | |
14744 | ".section .fixup, \"ax\"\n" | |
14745 | - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */ | |
14746 | + "3:\n" | |
14747 | + | |
14748 | +#ifdef CONFIG_PAX_KERNEXEC | |
14749 | + " movl %%cr0, %0\n" | |
14750 | + " movl %0, %%eax\n" | |
14751 | + " andl $0xFFFEFFFF, %%eax\n" | |
14752 | + " movl %%eax, %%cr0\n" | |
14753 | +#endif | |
14754 | + | |
14755 | + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */ | |
14756 | + | |
14757 | +#ifdef CONFIG_PAX_KERNEXEC | |
14758 | + " movl %0, %%cr0\n" | |
14759 | +#endif | |
14760 | + | |
14761 | " jmp 2b\n" | |
14762 | ".previous\n" | |
14763 | _ASM_EXTABLE(1b, 3b) | |
14764 | - : : "r" (from), "r" (to) : "memory"); | |
14765 | + : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax"); | |
14766 | ||
14767 | from += 64; | |
14768 | to += 64; | |
ae4e228f MT |
14769 | diff -urNp linux-2.6.33.1/arch/x86/lib/putuser.S linux-2.6.33.1/arch/x86/lib/putuser.S |
14770 | --- linux-2.6.33.1/arch/x86/lib/putuser.S 2010-03-15 12:09:39.000000000 -0400 | |
14771 | +++ linux-2.6.33.1/arch/x86/lib/putuser.S 2010-03-20 16:58:39.028522513 -0400 | |
58c5fc13 MT |
14772 | @@ -15,6 +15,7 @@ |
14773 | #include <asm/thread_info.h> | |
14774 | #include <asm/errno.h> | |
14775 | #include <asm/asm.h> | |
14776 | +#include <asm/segment.h> | |
14777 | ||
14778 | ||
14779 | /* | |
ae4e228f MT |
14780 | @@ -29,59 +30,120 @@ |
14781 | * as they get called from within inline assembly. | |
14782 | */ | |
14783 | ||
14784 | -#define ENTER CFI_STARTPROC ; \ | |
14785 | - GET_THREAD_INFO(%_ASM_BX) | |
14786 | +#define ENTER CFI_STARTPROC | |
14787 | #define EXIT ret ; \ | |
14788 | CFI_ENDPROC | |
14789 | ||
14790 | .text | |
14791 | ENTRY(__put_user_1) | |
58c5fc13 | 14792 | ENTER |
58c5fc13 | 14793 | + |
ae4e228f | 14794 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14795 | + pushl $(__USER_DS) |
14796 | + popl %ds | |
ae4e228f MT |
14797 | +#else |
14798 | + GET_THREAD_INFO(%_ASM_BX) | |
14799 | cmp TI_addr_limit(%_ASM_BX),%_ASM_CX | |
14800 | jae bad_put_user | |
58c5fc13 MT |
14801 | +#endif |
14802 | + | |
14803 | 1: movb %al,(%_ASM_CX) | |
14804 | + | |
ae4e228f | 14805 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14806 | + pushl %ss |
14807 | + popl %ds | |
14808 | +#endif | |
14809 | + | |
14810 | xor %eax,%eax | |
14811 | EXIT | |
14812 | ENDPROC(__put_user_1) | |
ae4e228f MT |
14813 | |
14814 | ENTRY(__put_user_2) | |
14815 | ENTER | |
58c5fc13 | 14816 | + |
ae4e228f | 14817 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14818 | + pushl $(__USER_DS) |
14819 | + popl %ds | |
ae4e228f MT |
14820 | +#else |
14821 | + GET_THREAD_INFO(%_ASM_BX) | |
14822 | mov TI_addr_limit(%_ASM_BX),%_ASM_BX | |
14823 | sub $1,%_ASM_BX | |
14824 | cmp %_ASM_BX,%_ASM_CX | |
14825 | jae bad_put_user | |
58c5fc13 MT |
14826 | +#endif |
14827 | + | |
14828 | 2: movw %ax,(%_ASM_CX) | |
14829 | + | |
ae4e228f | 14830 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14831 | + pushl %ss |
14832 | + popl %ds | |
14833 | +#endif | |
14834 | + | |
14835 | xor %eax,%eax | |
14836 | EXIT | |
14837 | ENDPROC(__put_user_2) | |
ae4e228f MT |
14838 | |
14839 | ENTRY(__put_user_4) | |
14840 | ENTER | |
58c5fc13 | 14841 | + |
ae4e228f | 14842 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14843 | + pushl $(__USER_DS) |
14844 | + popl %ds | |
ae4e228f MT |
14845 | +#else |
14846 | + GET_THREAD_INFO(%_ASM_BX) | |
14847 | mov TI_addr_limit(%_ASM_BX),%_ASM_BX | |
14848 | sub $3,%_ASM_BX | |
14849 | cmp %_ASM_BX,%_ASM_CX | |
14850 | jae bad_put_user | |
58c5fc13 MT |
14851 | +#endif |
14852 | + | |
14853 | 3: movl %eax,(%_ASM_CX) | |
14854 | + | |
ae4e228f | 14855 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14856 | + pushl %ss |
14857 | + popl %ds | |
14858 | +#endif | |
14859 | + | |
14860 | xor %eax,%eax | |
14861 | EXIT | |
14862 | ENDPROC(__put_user_4) | |
ae4e228f MT |
14863 | |
14864 | ENTRY(__put_user_8) | |
14865 | ENTER | |
58c5fc13 | 14866 | + |
ae4e228f | 14867 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14868 | + pushl $(__USER_DS) |
14869 | + popl %ds | |
ae4e228f MT |
14870 | +#else |
14871 | + GET_THREAD_INFO(%_ASM_BX) | |
14872 | mov TI_addr_limit(%_ASM_BX),%_ASM_BX | |
14873 | sub $7,%_ASM_BX | |
14874 | cmp %_ASM_BX,%_ASM_CX | |
14875 | jae bad_put_user | |
58c5fc13 MT |
14876 | +#endif |
14877 | + | |
14878 | 4: mov %_ASM_AX,(%_ASM_CX) | |
14879 | #ifdef CONFIG_X86_32 | |
14880 | 5: movl %edx,4(%_ASM_CX) | |
14881 | #endif | |
14882 | + | |
ae4e228f | 14883 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14884 | + pushl %ss |
14885 | + popl %ds | |
14886 | +#endif | |
14887 | + | |
14888 | xor %eax,%eax | |
14889 | EXIT | |
14890 | ENDPROC(__put_user_8) | |
14891 | ||
14892 | bad_put_user: | |
14893 | CFI_STARTPROC | |
14894 | + | |
ae4e228f | 14895 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
58c5fc13 MT |
14896 | + pushl %ss |
14897 | + popl %ds | |
14898 | +#endif | |
14899 | + | |
14900 | movl $-EFAULT,%eax | |
14901 | EXIT | |
14902 | END(bad_put_user) | |
ae4e228f MT |
14903 | diff -urNp linux-2.6.33.1/arch/x86/lib/usercopy_32.c linux-2.6.33.1/arch/x86/lib/usercopy_32.c |
14904 | --- linux-2.6.33.1/arch/x86/lib/usercopy_32.c 2010-03-15 12:09:39.000000000 -0400 | |
14905 | +++ linux-2.6.33.1/arch/x86/lib/usercopy_32.c 2010-03-20 16:58:39.028522513 -0400 | |
58c5fc13 MT |
14906 | @@ -36,31 +36,38 @@ static inline int __movsl_is_ok(unsigned |
14907 | * Copy a null terminated string from userspace. | |
14908 | */ | |
14909 | ||
14910 | -#define __do_strncpy_from_user(dst, src, count, res) \ | |
14911 | -do { \ | |
14912 | - int __d0, __d1, __d2; \ | |
14913 | - might_fault(); \ | |
14914 | - __asm__ __volatile__( \ | |
14915 | - " testl %1,%1\n" \ | |
14916 | - " jz 2f\n" \ | |
14917 | - "0: lodsb\n" \ | |
14918 | - " stosb\n" \ | |
14919 | - " testb %%al,%%al\n" \ | |
14920 | - " jz 1f\n" \ | |
14921 | - " decl %1\n" \ | |
14922 | - " jnz 0b\n" \ | |
14923 | - "1: subl %1,%0\n" \ | |
14924 | - "2:\n" \ | |
14925 | - ".section .fixup,\"ax\"\n" \ | |
14926 | - "3: movl %5,%0\n" \ | |
14927 | - " jmp 2b\n" \ | |
14928 | - ".previous\n" \ | |
14929 | - _ASM_EXTABLE(0b,3b) \ | |
14930 | - : "=&d"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1), \ | |
14931 | - "=&D" (__d2) \ | |
14932 | - : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst) \ | |
14933 | - : "memory"); \ | |
14934 | -} while (0) | |
14935 | +static long __do_strncpy_from_user(char *dst, const char __user *src, long count) | |
14936 | +{ | |
14937 | + int __d0, __d1, __d2; | |
14938 | + long res = -EFAULT; | |
14939 | + | |
14940 | + might_fault(); | |
14941 | + __asm__ __volatile__( | |
14942 | + " movw %w10,%%ds\n" | |
14943 | + " testl %1,%1\n" | |
14944 | + " jz 2f\n" | |
14945 | + "0: lodsb\n" | |
14946 | + " stosb\n" | |
14947 | + " testb %%al,%%al\n" | |
14948 | + " jz 1f\n" | |
14949 | + " decl %1\n" | |
14950 | + " jnz 0b\n" | |
14951 | + "1: subl %1,%0\n" | |
14952 | + "2:\n" | |
14953 | + " pushl %%ss\n" | |
14954 | + " popl %%ds\n" | |
14955 | + ".section .fixup,\"ax\"\n" | |
14956 | + "3: movl %5,%0\n" | |
14957 | + " jmp 2b\n" | |
14958 | + ".previous\n" | |
14959 | + _ASM_EXTABLE(0b,3b) | |
14960 | + : "=&d"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1), | |
14961 | + "=&D" (__d2) | |
14962 | + : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst), | |
14963 | + "r"(__USER_DS) | |
14964 | + : "memory"); | |
14965 | + return res; | |
14966 | +} | |
14967 | ||
14968 | /** | |
14969 | * __strncpy_from_user: - Copy a NUL terminated string from userspace, with less checking. | |
14970 | @@ -85,9 +92,7 @@ do { \ | |
14971 | long | |
14972 | __strncpy_from_user(char *dst, const char __user *src, long count) | |
14973 | { | |
14974 | - long res; | |
14975 | - __do_strncpy_from_user(dst, src, count, res); | |
14976 | - return res; | |
14977 | + return __do_strncpy_from_user(dst, src, count); | |
14978 | } | |
14979 | EXPORT_SYMBOL(__strncpy_from_user); | |
14980 | ||
14981 | @@ -114,7 +119,7 @@ strncpy_from_user(char *dst, const char | |
14982 | { | |
14983 | long res = -EFAULT; | |
14984 | if (access_ok(VERIFY_READ, src, 1)) | |
14985 | - __do_strncpy_from_user(dst, src, count, res); | |
14986 | + res = __do_strncpy_from_user(dst, src, count); | |
14987 | return res; | |
14988 | } | |
14989 | EXPORT_SYMBOL(strncpy_from_user); | |
14990 | @@ -123,24 +128,30 @@ EXPORT_SYMBOL(strncpy_from_user); | |
14991 | * Zero Userspace | |
14992 | */ | |
14993 | ||
14994 | -#define __do_clear_user(addr,size) \ | |
14995 | -do { \ | |
14996 | - int __d0; \ | |
14997 | - might_fault(); \ | |
14998 | - __asm__ __volatile__( \ | |
14999 | - "0: rep; stosl\n" \ | |
15000 | - " movl %2,%0\n" \ | |
15001 | - "1: rep; stosb\n" \ | |
15002 | - "2:\n" \ | |
15003 | - ".section .fixup,\"ax\"\n" \ | |
15004 | - "3: lea 0(%2,%0,4),%0\n" \ | |
15005 | - " jmp 2b\n" \ | |
15006 | - ".previous\n" \ | |
15007 | - _ASM_EXTABLE(0b,3b) \ | |
15008 | - _ASM_EXTABLE(1b,2b) \ | |
15009 | - : "=&c"(size), "=&D" (__d0) \ | |
15010 | - : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0)); \ | |
15011 | -} while (0) | |
15012 | +static unsigned long __do_clear_user(void __user *addr, unsigned long size) | |
15013 | +{ | |
15014 | + int __d0; | |
15015 | + | |
15016 | + might_fault(); | |
15017 | + __asm__ __volatile__( | |
15018 | + " movw %w6,%%es\n" | |
15019 | + "0: rep; stosl\n" | |
15020 | + " movl %2,%0\n" | |
15021 | + "1: rep; stosb\n" | |
15022 | + "2:\n" | |
15023 | + " pushl %%ss\n" | |
15024 | + " popl %%es\n" | |
15025 | + ".section .fixup,\"ax\"\n" | |
15026 | + "3: lea 0(%2,%0,4),%0\n" | |
15027 | + " jmp 2b\n" | |
15028 | + ".previous\n" | |
15029 | + _ASM_EXTABLE(0b,3b) | |
15030 | + _ASM_EXTABLE(1b,2b) | |
15031 | + : "=&c"(size), "=&D" (__d0) | |
15032 | + : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0), | |
15033 | + "r"(__USER_DS)); | |
15034 | + return size; | |
15035 | +} | |
15036 | ||
15037 | /** | |
15038 | * clear_user: - Zero a block of memory in user space. | |
15039 | @@ -157,7 +168,7 @@ clear_user(void __user *to, unsigned lon | |
15040 | { | |
15041 | might_fault(); | |
15042 | if (access_ok(VERIFY_WRITE, to, n)) | |
15043 | - __do_clear_user(to, n); | |
15044 | + n = __do_clear_user(to, n); | |
15045 | return n; | |
15046 | } | |
15047 | EXPORT_SYMBOL(clear_user); | |
15048 | @@ -176,8 +187,7 @@ EXPORT_SYMBOL(clear_user); | |
15049 | unsigned long | |
15050 | __clear_user(void __user *to, unsigned long n) | |
15051 | { | |
15052 | - __do_clear_user(to, n); | |
15053 | - return n; | |
15054 | + return __do_clear_user(to, n); | |
15055 | } | |
15056 | EXPORT_SYMBOL(__clear_user); | |
15057 | ||
15058 | @@ -200,14 +210,17 @@ long strnlen_user(const char __user *s, | |
15059 | might_fault(); | |
15060 | ||
15061 | __asm__ __volatile__( | |
15062 | + " movw %w8,%%es\n" | |
15063 | " testl %0, %0\n" | |
15064 | " jz 3f\n" | |
15065 | - " andl %0,%%ecx\n" | |
15066 | + " movl %0,%%ecx\n" | |
15067 | "0: repne; scasb\n" | |
15068 | " setne %%al\n" | |
15069 | " subl %%ecx,%0\n" | |
15070 | " addl %0,%%eax\n" | |
15071 | "1:\n" | |
15072 | + " pushl %%ss\n" | |
15073 | + " popl %%es\n" | |
15074 | ".section .fixup,\"ax\"\n" | |
15075 | "2: xorl %%eax,%%eax\n" | |
15076 | " jmp 1b\n" | |
15077 | @@ -219,7 +232,7 @@ long strnlen_user(const char __user *s, | |
15078 | " .long 0b,2b\n" | |
15079 | ".previous" | |
15080 | :"=&r" (n), "=&D" (s), "=&a" (res), "=&c" (tmp) | |
15081 | - :"0" (n), "1" (s), "2" (0), "3" (mask) | |
15082 | + :"0" (n), "1" (s), "2" (0), "3" (mask), "r" (__USER_DS) | |
15083 | :"cc"); | |
15084 | return res & mask; | |
15085 | } | |
15086 | @@ -227,10 +240,121 @@ EXPORT_SYMBOL(strnlen_user); | |
15087 | ||
15088 | #ifdef CONFIG_X86_INTEL_USERCOPY | |
15089 | static unsigned long | |
15090 | -__copy_user_intel(void __user *to, const void *from, unsigned long size) | |
15091 | +__generic_copy_to_user_intel(void __user *to, const void *from, unsigned long size) | |
15092 | +{ | |
15093 | + int d0, d1; | |
15094 | + __asm__ __volatile__( | |
15095 | + " movw %w6, %%es\n" | |
15096 | + " .align 2,0x90\n" | |
15097 | + "1: movl 32(%4), %%eax\n" | |
15098 | + " cmpl $67, %0\n" | |
15099 | + " jbe 3f\n" | |
15100 | + "2: movl 64(%4), %%eax\n" | |
15101 | + " .align 2,0x90\n" | |
15102 | + "3: movl 0(%4), %%eax\n" | |
15103 | + "4: movl 4(%4), %%edx\n" | |
15104 | + "5: movl %%eax, %%es:0(%3)\n" | |
15105 | + "6: movl %%edx, %%es:4(%3)\n" | |
15106 | + "7: movl 8(%4), %%eax\n" | |
15107 | + "8: movl 12(%4),%%edx\n" | |
15108 | + "9: movl %%eax, %%es:8(%3)\n" | |
15109 | + "10: movl %%edx, %%es:12(%3)\n" | |
15110 | + "11: movl 16(%4), %%eax\n" | |
15111 | + "12: movl 20(%4), %%edx\n" | |
15112 | + "13: movl %%eax, %%es:16(%3)\n" | |
15113 | + "14: movl %%edx, %%es:20(%3)\n" | |
15114 | + "15: movl 24(%4), %%eax\n" | |
15115 | + "16: movl 28(%4), %%edx\n" | |
15116 | + "17: movl %%eax, %%es:24(%3)\n" | |
15117 | + "18: movl %%edx, %%es:28(%3)\n" | |
15118 | + "19: movl 32(%4), %%eax\n" | |
15119 | + "20: movl 36(%4), %%edx\n" | |
15120 | + "21: movl %%eax, %%es:32(%3)\n" | |
15121 | + "22: movl %%edx, %%es:36(%3)\n" | |
15122 | + "23: movl 40(%4), %%eax\n" | |
15123 | + "24: movl 44(%4), %%edx\n" | |
15124 | + "25: movl %%eax, %%es:40(%3)\n" | |
15125 | + "26: movl %%edx, %%es:44(%3)\n" | |
15126 | + "27: movl 48(%4), %%eax\n" | |
15127 | + "28: movl 52(%4), %%edx\n" | |
15128 | + "29: movl %%eax, %%es:48(%3)\n" | |
15129 | + "30: movl %%edx, %%es:52(%3)\n" | |
15130 | + "31: movl 56(%4), %%eax\n" | |
15131 | + "32: movl 60(%4), %%edx\n" | |
15132 | + "33: movl %%eax, %%es:56(%3)\n" | |
15133 | + "34: movl %%edx, %%es:60(%3)\n" | |
15134 | + " addl $-64, %0\n" | |
15135 | + " addl $64, %4\n" | |
15136 | + " addl $64, %3\n" | |
15137 | + " cmpl $63, %0\n" | |
15138 | + " ja 1b\n" | |
15139 | + "35: movl %0, %%eax\n" | |
15140 | + " shrl $2, %0\n" | |
15141 | + " andl $3, %%eax\n" | |
15142 | + " cld\n" | |
15143 | + "99: rep; movsl\n" | |
15144 | + "36: movl %%eax, %0\n" | |
15145 | + "37: rep; movsb\n" | |
15146 | + "100:\n" | |
15147 | + " pushl %%ss\n" | |
15148 | + " popl %%es\n" | |
15149 | + ".section .fixup,\"ax\"\n" | |
15150 | + "101: lea 0(%%eax,%0,4),%0\n" | |
15151 | + " jmp 100b\n" | |
15152 | + ".previous\n" | |
15153 | + ".section __ex_table,\"a\"\n" | |
15154 | + " .align 4\n" | |
15155 | + " .long 1b,100b\n" | |
15156 | + " .long 2b,100b\n" | |
15157 | + " .long 3b,100b\n" | |
15158 | + " .long 4b,100b\n" | |
15159 | + " .long 5b,100b\n" | |
15160 | + " .long 6b,100b\n" | |
15161 | + " .long 7b,100b\n" | |
15162 | + " .long 8b,100b\n" | |
15163 | + " .long 9b,100b\n" | |
15164 | + " .long 10b,100b\n" | |
15165 | + " .long 11b,100b\n" | |
15166 | + " .long 12b,100b\n" | |
15167 | + " .long 13b,100b\n" | |
15168 | + " .long 14b,100b\n" | |
15169 | + " .long 15b,100b\n" | |
15170 | + " .long 16b,100b\n" | |
15171 | + " .long 17b,100b\n" | |
15172 | + " .long 18b,100b\n" | |
15173 | + " .long 19b,100b\n" | |
15174 | + " .long 20b,100b\n" | |
15175 | + " .long 21b,100b\n" | |
15176 | + " .long 22b,100b\n" | |
15177 | + " .long 23b,100b\n" | |
15178 | + " .long 24b,100b\n" | |
15179 | + " .long 25b,100b\n" | |
15180 | + " .long 26b,100b\n" | |
15181 | + " .long 27b,100b\n" | |
15182 | + " .long 28b,100b\n" | |
15183 | + " .long 29b,100b\n" | |
15184 | + " .long 30b,100b\n" | |
15185 | + " .long 31b,100b\n" | |
15186 | + " .long 32b,100b\n" | |
15187 | + " .long 33b,100b\n" | |
15188 | + " .long 34b,100b\n" | |
15189 | + " .long 35b,100b\n" | |
15190 | + " .long 36b,100b\n" | |
15191 | + " .long 37b,100b\n" | |
15192 | + " .long 99b,101b\n" | |
15193 | + ".previous" | |
15194 | + : "=&c"(size), "=&D" (d0), "=&S" (d1) | |
15195 | + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS) | |
15196 | + : "eax", "edx", "memory"); | |
15197 | + return size; | |
15198 | +} | |
15199 | + | |
15200 | +static unsigned long | |
15201 | +__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size) | |
15202 | { | |
15203 | int d0, d1; | |
15204 | __asm__ __volatile__( | |
15205 | + " movw %w6, %%ds\n" | |
15206 | " .align 2,0x90\n" | |
15207 | "1: movl 32(%4), %%eax\n" | |
15208 | " cmpl $67, %0\n" | |
15209 | @@ -239,36 +363,36 @@ __copy_user_intel(void __user *to, const | |
15210 | " .align 2,0x90\n" | |
15211 | "3: movl 0(%4), %%eax\n" | |
15212 | "4: movl 4(%4), %%edx\n" | |
15213 | - "5: movl %%eax, 0(%3)\n" | |
15214 | - "6: movl %%edx, 4(%3)\n" | |
15215 | + "5: movl %%eax, %%es:0(%3)\n" | |
15216 | + "6: movl %%edx, %%es:4(%3)\n" | |
15217 | "7: movl 8(%4), %%eax\n" | |
15218 | "8: movl 12(%4),%%edx\n" | |
15219 | - "9: movl %%eax, 8(%3)\n" | |
15220 | - "10: movl %%edx, 12(%3)\n" | |
15221 | + "9: movl %%eax, %%es:8(%3)\n" | |
15222 | + "10: movl %%edx, %%es:12(%3)\n" | |
15223 | "11: movl 16(%4), %%eax\n" | |
15224 | "12: movl 20(%4), %%edx\n" | |
15225 | - "13: movl %%eax, 16(%3)\n" | |
15226 | - "14: movl %%edx, 20(%3)\n" | |
15227 | + "13: movl %%eax, %%es:16(%3)\n" | |
15228 | + "14: movl %%edx, %%es:20(%3)\n" | |
15229 | "15: movl 24(%4), %%eax\n" | |
15230 | "16: movl 28(%4), %%edx\n" | |
15231 | - "17: movl %%eax, 24(%3)\n" | |
15232 | - "18: movl %%edx, 28(%3)\n" | |
15233 | + "17: movl %%eax, %%es:24(%3)\n" | |
15234 | + "18: movl %%edx, %%es:28(%3)\n" | |
15235 | "19: movl 32(%4), %%eax\n" | |
15236 | "20: movl 36(%4), %%edx\n" | |
15237 | - "21: movl %%eax, 32(%3)\n" | |
15238 | - "22: movl %%edx, 36(%3)\n" | |
15239 | + "21: movl %%eax, %%es:32(%3)\n" | |
15240 | + "22: movl %%edx, %%es:36(%3)\n" | |
15241 | "23: movl 40(%4), %%eax\n" | |
15242 | "24: movl 44(%4), %%edx\n" | |
15243 | - "25: movl %%eax, 40(%3)\n" | |
15244 | - "26: movl %%edx, 44(%3)\n" | |
15245 | + "25: movl %%eax, %%es:40(%3)\n" | |
15246 | + "26: movl %%edx, %%es:44(%3)\n" | |
15247 | "27: movl 48(%4), %%eax\n" | |
15248 | "28: movl 52(%4), %%edx\n" | |
15249 | - "29: movl %%eax, 48(%3)\n" | |
15250 | - "30: movl %%edx, 52(%3)\n" | |
15251 | + "29: movl %%eax, %%es:48(%3)\n" | |
15252 | + "30: movl %%edx, %%es:52(%3)\n" | |
15253 | "31: movl 56(%4), %%eax\n" | |
15254 | "32: movl 60(%4), %%edx\n" | |
15255 | - "33: movl %%eax, 56(%3)\n" | |
15256 | - "34: movl %%edx, 60(%3)\n" | |
15257 | + "33: movl %%eax, %%es:56(%3)\n" | |
15258 | + "34: movl %%edx, %%es:60(%3)\n" | |
15259 | " addl $-64, %0\n" | |
15260 | " addl $64, %4\n" | |
15261 | " addl $64, %3\n" | |
15262 | @@ -282,6 +406,8 @@ __copy_user_intel(void __user *to, const | |
15263 | "36: movl %%eax, %0\n" | |
15264 | "37: rep; movsb\n" | |
15265 | "100:\n" | |
15266 | + " pushl %%ss\n" | |
15267 | + " popl %%ds\n" | |
15268 | ".section .fixup,\"ax\"\n" | |
15269 | "101: lea 0(%%eax,%0,4),%0\n" | |
15270 | " jmp 100b\n" | |
15271 | @@ -328,7 +454,7 @@ __copy_user_intel(void __user *to, const | |
15272 | " .long 99b,101b\n" | |
15273 | ".previous" | |
15274 | : "=&c"(size), "=&D" (d0), "=&S" (d1) | |
15275 | - : "1"(to), "2"(from), "0"(size) | |
15276 | + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS) | |
15277 | : "eax", "edx", "memory"); | |
15278 | return size; | |
15279 | } | |
15280 | @@ -338,6 +464,7 @@ __copy_user_zeroing_intel(void *to, cons | |
15281 | { | |
15282 | int d0, d1; | |
15283 | __asm__ __volatile__( | |
15284 | + " movw %w6, %%ds\n" | |
15285 | " .align 2,0x90\n" | |
15286 | "0: movl 32(%4), %%eax\n" | |
15287 | " cmpl $67, %0\n" | |
15288 | @@ -346,36 +473,36 @@ __copy_user_zeroing_intel(void *to, cons | |
15289 | " .align 2,0x90\n" | |
15290 | "2: movl 0(%4), %%eax\n" | |
15291 | "21: movl 4(%4), %%edx\n" | |
15292 | - " movl %%eax, 0(%3)\n" | |
15293 | - " movl %%edx, 4(%3)\n" | |
15294 | + " movl %%eax, %%es:0(%3)\n" | |
15295 | + " movl %%edx, %%es:4(%3)\n" | |
15296 | "3: movl 8(%4), %%eax\n" | |
15297 | "31: movl 12(%4),%%edx\n" | |
15298 | - " movl %%eax, 8(%3)\n" | |
15299 | - " movl %%edx, 12(%3)\n" | |
15300 | + " movl %%eax, %%es:8(%3)\n" | |
15301 | + " movl %%edx, %%es:12(%3)\n" | |
15302 | "4: movl 16(%4), %%eax\n" | |
15303 | "41: movl 20(%4), %%edx\n" | |
15304 | - " movl %%eax, 16(%3)\n" | |
15305 | - " movl %%edx, 20(%3)\n" | |
15306 | + " movl %%eax, %%es:16(%3)\n" | |
15307 | + " movl %%edx, %%es:20(%3)\n" | |
15308 | "10: movl 24(%4), %%eax\n" | |
15309 | "51: movl 28(%4), %%edx\n" | |
15310 | - " movl %%eax, 24(%3)\n" | |
15311 | - " movl %%edx, 28(%3)\n" | |
15312 | + " movl %%eax, %%es:24(%3)\n" | |
15313 | + " movl %%edx, %%es:28(%3)\n" | |
15314 | "11: movl 32(%4), %%eax\n" | |
15315 | "61: movl 36(%4), %%edx\n" | |
15316 | - " movl %%eax, 32(%3)\n" | |
15317 | - " movl %%edx, 36(%3)\n" | |
15318 | + " movl %%eax, %%es:32(%3)\n" | |
15319 | + " movl %%edx, %%es:36(%3)\n" | |
15320 | "12: movl 40(%4), %%eax\n" | |
15321 | "71: movl 44(%4), %%edx\n" | |
15322 | - " movl %%eax, 40(%3)\n" | |
15323 | - " movl %%edx, 44(%3)\n" | |
15324 | + " movl %%eax, %%es:40(%3)\n" | |
15325 | + " movl %%edx, %%es:44(%3)\n" | |
15326 | "13: movl 48(%4), %%eax\n" | |
15327 | "81: movl 52(%4), %%edx\n" | |
15328 | - " movl %%eax, 48(%3)\n" | |
15329 | - " movl %%edx, 52(%3)\n" | |
15330 | + " movl %%eax, %%es:48(%3)\n" | |
15331 | + " movl %%edx, %%es:52(%3)\n" | |
15332 | "14: movl 56(%4), %%eax\n" | |
15333 | "91: movl 60(%4), %%edx\n" | |
15334 | - " movl %%eax, 56(%3)\n" | |
15335 | - " movl %%edx, 60(%3)\n" | |
15336 | + " movl %%eax, %%es:56(%3)\n" | |
15337 | + " movl %%edx, %%es:60(%3)\n" | |
15338 | " addl $-64, %0\n" | |
15339 | " addl $64, %4\n" | |
15340 | " addl $64, %3\n" | |
15341 | @@ -389,6 +516,8 @@ __copy_user_zeroing_intel(void *to, cons | |
15342 | " movl %%eax,%0\n" | |
15343 | "7: rep; movsb\n" | |
15344 | "8:\n" | |
15345 | + " pushl %%ss\n" | |
15346 | + " popl %%ds\n" | |
15347 | ".section .fixup,\"ax\"\n" | |
15348 | "9: lea 0(%%eax,%0,4),%0\n" | |
15349 | "16: pushl %0\n" | |
15350 | @@ -423,7 +552,7 @@ __copy_user_zeroing_intel(void *to, cons | |
15351 | " .long 7b,16b\n" | |
15352 | ".previous" | |
15353 | : "=&c"(size), "=&D" (d0), "=&S" (d1) | |
15354 | - : "1"(to), "2"(from), "0"(size) | |
15355 | + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS) | |
15356 | : "eax", "edx", "memory"); | |
15357 | return size; | |
15358 | } | |
15359 | @@ -439,6 +568,7 @@ static unsigned long __copy_user_zeroing | |
15360 | int d0, d1; | |
15361 | ||
15362 | __asm__ __volatile__( | |
15363 | + " movw %w6, %%ds\n" | |
15364 | " .align 2,0x90\n" | |
15365 | "0: movl 32(%4), %%eax\n" | |
15366 | " cmpl $67, %0\n" | |
15367 | @@ -447,36 +577,36 @@ static unsigned long __copy_user_zeroing | |
15368 | " .align 2,0x90\n" | |
15369 | "2: movl 0(%4), %%eax\n" | |
15370 | "21: movl 4(%4), %%edx\n" | |
15371 | - " movnti %%eax, 0(%3)\n" | |
15372 | - " movnti %%edx, 4(%3)\n" | |
15373 | + " movnti %%eax, %%es:0(%3)\n" | |
15374 | + " movnti %%edx, %%es:4(%3)\n" | |
15375 | "3: movl 8(%4), %%eax\n" | |
15376 | "31: movl 12(%4),%%edx\n" | |
15377 | - " movnti %%eax, 8(%3)\n" | |
15378 | - " movnti %%edx, 12(%3)\n" | |
15379 | + " movnti %%eax, %%es:8(%3)\n" | |
15380 | + " movnti %%edx, %%es:12(%3)\n" | |
15381 | "4: movl 16(%4), %%eax\n" | |
15382 | "41: movl 20(%4), %%edx\n" | |
15383 | - " movnti %%eax, 16(%3)\n" | |
15384 | - " movnti %%edx, 20(%3)\n" | |
15385 | + " movnti %%eax, %%es:16(%3)\n" | |
15386 | + " movnti %%edx, %%es:20(%3)\n" | |
15387 | "10: movl 24(%4), %%eax\n" | |
15388 | "51: movl 28(%4), %%edx\n" | |
15389 | - " movnti %%eax, 24(%3)\n" | |
15390 | - " movnti %%edx, 28(%3)\n" | |
15391 | + " movnti %%eax, %%es:24(%3)\n" | |
15392 | + " movnti %%edx, %%es:28(%3)\n" | |
15393 | "11: movl 32(%4), %%eax\n" | |
15394 | "61: movl 36(%4), %%edx\n" | |
15395 | - " movnti %%eax, 32(%3)\n" | |
15396 | - " movnti %%edx, 36(%3)\n" | |
15397 | + " movnti %%eax, %%es:32(%3)\n" | |
15398 | + " movnti %%edx, %%es:36(%3)\n" | |
15399 | "12: movl 40(%4), %%eax\n" | |
15400 | "71: movl 44(%4), %%edx\n" | |
15401 | - " movnti %%eax, 40(%3)\n" | |
15402 | - " movnti %%edx, 44(%3)\n" | |
15403 | + " movnti %%eax, %%es:40(%3)\n" | |
15404 | + " movnti %%edx, %%es:44(%3)\n" | |
15405 | "13: movl 48(%4), %%eax\n" | |
15406 | "81: movl 52(%4), %%edx\n" | |
15407 | - " movnti %%eax, 48(%3)\n" | |
15408 | - " movnti %%edx, 52(%3)\n" | |
15409 | + " movnti %%eax, %%es:48(%3)\n" | |
15410 | + " movnti %%edx, %%es:52(%3)\n" | |
15411 | "14: movl 56(%4), %%eax\n" | |
15412 | "91: movl 60(%4), %%edx\n" | |
15413 | - " movnti %%eax, 56(%3)\n" | |
15414 | - " movnti %%edx, 60(%3)\n" | |
15415 | + " movnti %%eax, %%es:56(%3)\n" | |
15416 | + " movnti %%edx, %%es:60(%3)\n" | |
15417 | " addl $-64, %0\n" | |
15418 | " addl $64, %4\n" | |
15419 | " addl $64, %3\n" | |
15420 | @@ -491,6 +621,8 @@ static unsigned long __copy_user_zeroing | |
15421 | " movl %%eax,%0\n" | |
15422 | "7: rep; movsb\n" | |
15423 | "8:\n" | |
15424 | + " pushl %%ss\n" | |
15425 | + " popl %%ds\n" | |
15426 | ".section .fixup,\"ax\"\n" | |
15427 | "9: lea 0(%%eax,%0,4),%0\n" | |
15428 | "16: pushl %0\n" | |
15429 | @@ -525,7 +657,7 @@ static unsigned long __copy_user_zeroing | |
15430 | " .long 7b,16b\n" | |
15431 | ".previous" | |
15432 | : "=&c"(size), "=&D" (d0), "=&S" (d1) | |
15433 | - : "1"(to), "2"(from), "0"(size) | |
15434 | + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS) | |
15435 | : "eax", "edx", "memory"); | |
15436 | return size; | |
15437 | } | |
15438 | @@ -536,6 +668,7 @@ static unsigned long __copy_user_intel_n | |
15439 | int d0, d1; | |
15440 | ||
15441 | __asm__ __volatile__( | |
15442 | + " movw %w6, %%ds\n" | |
15443 | " .align 2,0x90\n" | |
15444 | "0: movl 32(%4), %%eax\n" | |
15445 | " cmpl $67, %0\n" | |
15446 | @@ -544,36 +677,36 @@ static unsigned long __copy_user_intel_n | |
15447 | " .align 2,0x90\n" | |
15448 | "2: movl 0(%4), %%eax\n" | |
15449 | "21: movl 4(%4), %%edx\n" | |
15450 | - " movnti %%eax, 0(%3)\n" | |
15451 | - " movnti %%edx, 4(%3)\n" | |
15452 | + " movnti %%eax, %%es:0(%3)\n" | |
15453 | + " movnti %%edx, %%es:4(%3)\n" | |
15454 | "3: movl 8(%4), %%eax\n" | |
15455 | "31: movl 12(%4),%%edx\n" | |
15456 | - " movnti %%eax, 8(%3)\n" | |
15457 | - " movnti %%edx, 12(%3)\n" | |
15458 | + " movnti %%eax, %%es:8(%3)\n" | |
15459 | + " movnti %%edx, %%es:12(%3)\n" | |
15460 | "4: movl 16(%4), %%eax\n" | |
15461 | "41: movl 20(%4), %%edx\n" | |
15462 | - " movnti %%eax, 16(%3)\n" | |
15463 | - " movnti %%edx, 20(%3)\n" | |
15464 | + " movnti %%eax, %%es:16(%3)\n" | |
15465 | + " movnti %%edx, %%es:20(%3)\n" | |
15466 | "10: movl 24(%4), %%eax\n" | |
15467 | "51: movl 28(%4), %%edx\n" | |
15468 | - " movnti %%eax, 24(%3)\n" | |
15469 | - " movnti %%edx, 28(%3)\n" | |
15470 | + " movnti %%eax, %%es:24(%3)\n" | |
15471 | + " movnti %%edx, %%es:28(%3)\n" | |
15472 | "11: movl 32(%4), %%eax\n" | |
15473 | "61: movl 36(%4), %%edx\n" | |
15474 | - " movnti %%eax, 32(%3)\n" | |
15475 | - " movnti %%edx, 36(%3)\n" | |
15476 | + " movnti %%eax, %%es:32(%3)\n" | |
15477 | + " movnti %%edx, %%es:36(%3)\n" | |
15478 | "12: movl 40(%4), %%eax\n" | |
15479 | "71: movl 44(%4), %%edx\n" | |
15480 | - " movnti %%eax, 40(%3)\n" | |
15481 | - " movnti %%edx, 44(%3)\n" | |
15482 | + " movnti %%eax, %%es:40(%3)\n" | |
15483 | + " movnti %%edx, %%es:44(%3)\n" | |
15484 | "13: movl 48(%4), %%eax\n" | |
15485 | "81: movl 52(%4), %%edx\n" | |
15486 | - " movnti %%eax, 48(%3)\n" | |
15487 | - " movnti %%edx, 52(%3)\n" | |
15488 | + " movnti %%eax, %%es:48(%3)\n" | |
15489 | + " movnti %%edx, %%es:52(%3)\n" | |
15490 | "14: movl 56(%4), %%eax\n" | |
15491 | "91: movl 60(%4), %%edx\n" | |
15492 | - " movnti %%eax, 56(%3)\n" | |
15493 | - " movnti %%edx, 60(%3)\n" | |
15494 | + " movnti %%eax, %%es:56(%3)\n" | |
15495 | + " movnti %%edx, %%es:60(%3)\n" | |
15496 | " addl $-64, %0\n" | |
15497 | " addl $64, %4\n" | |
15498 | " addl $64, %3\n" | |
15499 | @@ -588,6 +721,8 @@ static unsigned long __copy_user_intel_n | |
15500 | " movl %%eax,%0\n" | |
15501 | "7: rep; movsb\n" | |
15502 | "8:\n" | |
15503 | + " pushl %%ss\n" | |
15504 | + " popl %%ds\n" | |
15505 | ".section .fixup,\"ax\"\n" | |
15506 | "9: lea 0(%%eax,%0,4),%0\n" | |
15507 | "16: jmp 8b\n" | |
15508 | @@ -616,7 +751,7 @@ static unsigned long __copy_user_intel_n | |
15509 | " .long 7b,16b\n" | |
15510 | ".previous" | |
15511 | : "=&c"(size), "=&D" (d0), "=&S" (d1) | |
15512 | - : "1"(to), "2"(from), "0"(size) | |
15513 | + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS) | |
15514 | : "eax", "edx", "memory"); | |
15515 | return size; | |
15516 | } | |
15517 | @@ -629,90 +764,146 @@ static unsigned long __copy_user_intel_n | |
15518 | */ | |
15519 | unsigned long __copy_user_zeroing_intel(void *to, const void __user *from, | |
15520 | unsigned long size); | |
15521 | -unsigned long __copy_user_intel(void __user *to, const void *from, | |
15522 | +unsigned long __generic_copy_to_user_intel(void __user *to, const void *from, | |
15523 | + unsigned long size); | |
15524 | +unsigned long __generic_copy_from_user_intel(void *to, const void __user *from, | |
15525 | unsigned long size); | |
15526 | unsigned long __copy_user_zeroing_intel_nocache(void *to, | |
15527 | const void __user *from, unsigned long size); | |
15528 | #endif /* CONFIG_X86_INTEL_USERCOPY */ | |
15529 | ||
15530 | /* Generic arbitrary sized copy. */ | |
15531 | -#define __copy_user(to, from, size) \ | |
15532 | -do { \ | |
15533 | - int __d0, __d1, __d2; \ | |
15534 | - __asm__ __volatile__( \ | |
15535 | - " cmp $7,%0\n" \ | |
15536 | - " jbe 1f\n" \ | |
15537 | - " movl %1,%0\n" \ | |
15538 | - " negl %0\n" \ | |
15539 | - " andl $7,%0\n" \ | |
15540 | - " subl %0,%3\n" \ | |
15541 | - "4: rep; movsb\n" \ | |
15542 | - " movl %3,%0\n" \ | |
15543 | - " shrl $2,%0\n" \ | |
15544 | - " andl $3,%3\n" \ | |
15545 | - " .align 2,0x90\n" \ | |
15546 | - "0: rep; movsl\n" \ | |
15547 | - " movl %3,%0\n" \ | |
15548 | - "1: rep; movsb\n" \ | |
15549 | - "2:\n" \ | |
15550 | - ".section .fixup,\"ax\"\n" \ | |
15551 | - "5: addl %3,%0\n" \ | |
15552 | - " jmp 2b\n" \ | |
15553 | - "3: lea 0(%3,%0,4),%0\n" \ | |
15554 | - " jmp 2b\n" \ | |
15555 | - ".previous\n" \ | |
15556 | - ".section __ex_table,\"a\"\n" \ | |
15557 | - " .align 4\n" \ | |
15558 | - " .long 4b,5b\n" \ | |
15559 | - " .long 0b,3b\n" \ | |
15560 | - " .long 1b,2b\n" \ | |
15561 | - ".previous" \ | |
15562 | - : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) \ | |
15563 | - : "3"(size), "0"(size), "1"(to), "2"(from) \ | |
15564 | - : "memory"); \ | |
15565 | -} while (0) | |
15566 | - | |
15567 | -#define __copy_user_zeroing(to, from, size) \ | |
15568 | -do { \ | |
15569 | - int __d0, __d1, __d2; \ | |
15570 | - __asm__ __volatile__( \ | |
15571 | - " cmp $7,%0\n" \ | |
15572 | - " jbe 1f\n" \ | |
15573 | - " movl %1,%0\n" \ | |
15574 | - " negl %0\n" \ | |
15575 | - " andl $7,%0\n" \ | |
15576 | - " subl %0,%3\n" \ | |
15577 | - "4: rep; movsb\n" \ | |
15578 | - " movl %3,%0\n" \ | |
15579 | - " shrl $2,%0\n" \ | |
15580 | - " andl $3,%3\n" \ | |
15581 | - " .align 2,0x90\n" \ | |
15582 | - "0: rep; movsl\n" \ | |
15583 | - " movl %3,%0\n" \ | |
15584 | - "1: rep; movsb\n" \ | |
15585 | - "2:\n" \ | |
15586 | - ".section .fixup,\"ax\"\n" \ | |
15587 | - "5: addl %3,%0\n" \ | |
15588 | - " jmp 6f\n" \ | |
15589 | - "3: lea 0(%3,%0,4),%0\n" \ | |
15590 | - "6: pushl %0\n" \ | |
15591 | - " pushl %%eax\n" \ | |
15592 | - " xorl %%eax,%%eax\n" \ | |
15593 | - " rep; stosb\n" \ | |
15594 | - " popl %%eax\n" \ | |
15595 | - " popl %0\n" \ | |
15596 | - " jmp 2b\n" \ | |
15597 | - ".previous\n" \ | |
15598 | - ".section __ex_table,\"a\"\n" \ | |
15599 | - " .align 4\n" \ | |
15600 | - " .long 4b,5b\n" \ | |
15601 | - " .long 0b,3b\n" \ | |
15602 | - " .long 1b,6b\n" \ | |
15603 | - ".previous" \ | |
15604 | - : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) \ | |
15605 | - : "3"(size), "0"(size), "1"(to), "2"(from) \ | |
15606 | - : "memory"); \ | |
15607 | -} while (0) | |
15608 | +static unsigned long | |
15609 | +__generic_copy_to_user(void __user *to, const void *from, unsigned long size) | |
15610 | +{ | |
15611 | + int __d0, __d1, __d2; | |
15612 | + | |
15613 | + __asm__ __volatile__( | |
15614 | + " movw %w8,%%es\n" | |
15615 | + " cmp $7,%0\n" | |
15616 | + " jbe 1f\n" | |
15617 | + " movl %1,%0\n" | |
15618 | + " negl %0\n" | |
15619 | + " andl $7,%0\n" | |
15620 | + " subl %0,%3\n" | |
15621 | + "4: rep; movsb\n" | |
15622 | + " movl %3,%0\n" | |
15623 | + " shrl $2,%0\n" | |
15624 | + " andl $3,%3\n" | |
15625 | + " .align 2,0x90\n" | |
15626 | + "0: rep; movsl\n" | |
15627 | + " movl %3,%0\n" | |
15628 | + "1: rep; movsb\n" | |
15629 | + "2:\n" | |
15630 | + " pushl %%ss\n" | |
15631 | + " popl %%es\n" | |
15632 | + ".section .fixup,\"ax\"\n" | |
15633 | + "5: addl %3,%0\n" | |
15634 | + " jmp 2b\n" | |
15635 | + "3: lea 0(%3,%0,4),%0\n" | |
15636 | + " jmp 2b\n" | |
15637 | + ".previous\n" | |
15638 | + ".section __ex_table,\"a\"\n" | |
15639 | + " .align 4\n" | |
15640 | + " .long 4b,5b\n" | |
15641 | + " .long 0b,3b\n" | |
15642 | + " .long 1b,2b\n" | |
15643 | + ".previous" | |
15644 | + : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) | |
15645 | + : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS) | |
15646 | + : "memory"); | |
15647 | + return size; | |
15648 | +} | |
15649 | + | |
15650 | +static unsigned long | |
15651 | +__generic_copy_from_user(void *to, const void __user *from, unsigned long size) | |
15652 | +{ | |
15653 | + int __d0, __d1, __d2; | |
15654 | + | |
15655 | + __asm__ __volatile__( | |
15656 | + " movw %w8,%%ds\n" | |
15657 | + " cmp $7,%0\n" | |
15658 | + " jbe 1f\n" | |
15659 | + " movl %1,%0\n" | |
15660 | + " negl %0\n" | |
15661 | + " andl $7,%0\n" | |
15662 | + " subl %0,%3\n" | |
15663 | + "4: rep; movsb\n" | |
15664 | + " movl %3,%0\n" | |
15665 | + " shrl $2,%0\n" | |
15666 | + " andl $3,%3\n" | |
15667 | + " .align 2,0x90\n" | |
15668 | + "0: rep; movsl\n" | |
15669 | + " movl %3,%0\n" | |
15670 | + "1: rep; movsb\n" | |
15671 | + "2:\n" | |
15672 | + " pushl %%ss\n" | |
15673 | + " popl %%ds\n" | |
15674 | + ".section .fixup,\"ax\"\n" | |
15675 | + "5: addl %3,%0\n" | |
15676 | + " jmp 2b\n" | |
15677 | + "3: lea 0(%3,%0,4),%0\n" | |
15678 | + " jmp 2b\n" | |
15679 | + ".previous\n" | |
15680 | + ".section __ex_table,\"a\"\n" | |
15681 | + " .align 4\n" | |
15682 | + " .long 4b,5b\n" | |
15683 | + " .long 0b,3b\n" | |
15684 | + " .long 1b,2b\n" | |
15685 | + ".previous" | |
15686 | + : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) | |
15687 | + : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS) | |
15688 | + : "memory"); | |
15689 | + return size; | |
15690 | +} | |
15691 | + | |
15692 | +static unsigned long | |
15693 | +__copy_user_zeroing(void *to, const void __user *from, unsigned long size) | |
15694 | +{ | |
15695 | + int __d0, __d1, __d2; | |
15696 | + | |
15697 | + __asm__ __volatile__( | |
15698 | + " movw %w8,%%ds\n" | |
15699 | + " cmp $7,%0\n" | |
15700 | + " jbe 1f\n" | |
15701 | + " movl %1,%0\n" | |
15702 | + " negl %0\n" | |
15703 | + " andl $7,%0\n" | |
15704 | + " subl %0,%3\n" | |
15705 | + "4: rep; movsb\n" | |
15706 | + " movl %3,%0\n" | |
15707 | + " shrl $2,%0\n" | |
15708 | + " andl $3,%3\n" | |
15709 | + " .align 2,0x90\n" | |
15710 | + "0: rep; movsl\n" | |
15711 | + " movl %3,%0\n" | |
15712 | + "1: rep; movsb\n" | |
15713 | + "2:\n" | |
15714 | + " pushl %%ss\n" | |
15715 | + " popl %%ds\n" | |
15716 | + ".section .fixup,\"ax\"\n" | |
15717 | + "5: addl %3,%0\n" | |
15718 | + " jmp 6f\n" | |
15719 | + "3: lea 0(%3,%0,4),%0\n" | |
15720 | + "6: pushl %0\n" | |
15721 | + " pushl %%eax\n" | |
15722 | + " xorl %%eax,%%eax\n" | |
15723 | + " rep; stosb\n" | |
15724 | + " popl %%eax\n" | |
15725 | + " popl %0\n" | |
15726 | + " jmp 2b\n" | |
15727 | + ".previous\n" | |
15728 | + ".section __ex_table,\"a\"\n" | |
15729 | + " .align 4\n" | |
15730 | + " .long 4b,5b\n" | |
15731 | + " .long 0b,3b\n" | |
15732 | + " .long 1b,6b\n" | |
15733 | + ".previous" | |
15734 | + : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) | |
15735 | + : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS) | |
15736 | + : "memory"); | |
15737 | + return size; | |
15738 | +} | |
15739 | ||
15740 | unsigned long __copy_to_user_ll(void __user *to, const void *from, | |
15741 | unsigned long n) | |
15742 | @@ -775,9 +966,9 @@ survive: | |
15743 | } | |
15744 | #endif | |
15745 | if (movsl_is_ok(to, from, n)) | |
15746 | - __copy_user(to, from, n); | |
15747 | + n = __generic_copy_to_user(to, from, n); | |
15748 | else | |
15749 | - n = __copy_user_intel(to, from, n); | |
15750 | + n = __generic_copy_to_user_intel(to, from, n); | |
15751 | return n; | |
15752 | } | |
15753 | EXPORT_SYMBOL(__copy_to_user_ll); | |
15754 | @@ -786,7 +977,7 @@ unsigned long __copy_from_user_ll(void * | |
15755 | unsigned long n) | |
15756 | { | |
15757 | if (movsl_is_ok(to, from, n)) | |
15758 | - __copy_user_zeroing(to, from, n); | |
15759 | + n = __copy_user_zeroing(to, from, n); | |
15760 | else | |
15761 | n = __copy_user_zeroing_intel(to, from, n); | |
15762 | return n; | |
15763 | @@ -797,10 +988,9 @@ unsigned long __copy_from_user_ll_nozero | |
15764 | unsigned long n) | |
15765 | { | |
15766 | if (movsl_is_ok(to, from, n)) | |
15767 | - __copy_user(to, from, n); | |
15768 | + n = __generic_copy_from_user(to, from, n); | |
15769 | else | |
15770 | - n = __copy_user_intel((void __user *)to, | |
15771 | - (const void *)from, n); | |
15772 | + n = __generic_copy_from_user_intel(to, from, n); | |
15773 | return n; | |
15774 | } | |
15775 | EXPORT_SYMBOL(__copy_from_user_ll_nozero); | |
15776 | @@ -812,9 +1002,9 @@ unsigned long __copy_from_user_ll_nocach | |
15777 | if (n > 64 && cpu_has_xmm2) | |
15778 | n = __copy_user_zeroing_intel_nocache(to, from, n); | |
15779 | else | |
15780 | - __copy_user_zeroing(to, from, n); | |
15781 | + n = __copy_user_zeroing(to, from, n); | |
15782 | #else | |
15783 | - __copy_user_zeroing(to, from, n); | |
15784 | + n = __copy_user_zeroing(to, from, n); | |
15785 | #endif | |
15786 | return n; | |
15787 | } | |
ae4e228f | 15788 | @@ -827,65 +1017,53 @@ unsigned long __copy_from_user_ll_nocach |
58c5fc13 MT |
15789 | if (n > 64 && cpu_has_xmm2) |
15790 | n = __copy_user_intel_nocache(to, from, n); | |
15791 | else | |
15792 | - __copy_user(to, from, n); | |
15793 | + n = __generic_copy_from_user(to, from, n); | |
15794 | #else | |
15795 | - __copy_user(to, from, n); | |
15796 | + n = __generic_copy_from_user(to, from, n); | |
15797 | #endif | |
15798 | return n; | |
15799 | } | |
15800 | EXPORT_SYMBOL(__copy_from_user_ll_nocache_nozero); | |
15801 | ||
15802 | -/** | |
15803 | - * copy_to_user: - Copy a block of data into user space. | |
15804 | - * @to: Destination address, in user space. | |
15805 | - * @from: Source address, in kernel space. | |
15806 | - * @n: Number of bytes to copy. | |
15807 | - * | |
15808 | - * Context: User context only. This function may sleep. | |
15809 | - * | |
15810 | - * Copy data from kernel space to user space. | |
15811 | - * | |
15812 | - * Returns number of bytes that could not be copied. | |
15813 | - * On success, this will be zero. | |
15814 | - */ | |
15815 | -unsigned long | |
15816 | -copy_to_user(void __user *to, const void *from, unsigned long n) | |
ae4e228f | 15817 | +void copy_from_user_overflow(void) |
58c5fc13 MT |
15818 | { |
15819 | - if (access_ok(VERIFY_WRITE, to, n)) | |
15820 | - n = __copy_to_user(to, from, n); | |
15821 | - return n; | |
ae4e228f | 15822 | + WARN(1, "Buffer overflow detected!\n"); |
58c5fc13 MT |
15823 | } |
15824 | -EXPORT_SYMBOL(copy_to_user); | |
ae4e228f | 15825 | +EXPORT_SYMBOL(copy_from_user_overflow); |
58c5fc13 MT |
15826 | |
15827 | -/** | |
15828 | - * copy_from_user: - Copy a block of data from user space. | |
15829 | - * @to: Destination address, in kernel space. | |
15830 | - * @from: Source address, in user space. | |
15831 | - * @n: Number of bytes to copy. | |
15832 | - * | |
15833 | - * Context: User context only. This function may sleep. | |
15834 | - * | |
15835 | - * Copy data from user space to kernel space. | |
15836 | - * | |
15837 | - * Returns number of bytes that could not be copied. | |
15838 | - * On success, this will be zero. | |
15839 | - * | |
15840 | - * If some data could not be copied, this function will pad the copied | |
15841 | - * data to the requested size using zero bytes. | |
15842 | - */ | |
15843 | -unsigned long | |
ae4e228f MT |
15844 | -_copy_from_user(void *to, const void __user *from, unsigned long n) |
15845 | +void copy_to_user_overflow(void) | |
58c5fc13 MT |
15846 | { |
15847 | - if (access_ok(VERIFY_READ, from, n)) | |
15848 | - n = __copy_from_user(to, from, n); | |
15849 | - else | |
15850 | - memset(to, 0, n); | |
15851 | - return n; | |
ae4e228f MT |
15852 | + WARN(1, "Buffer overflow detected!\n"); |
15853 | } | |
15854 | -EXPORT_SYMBOL(_copy_from_user); | |
15855 | +EXPORT_SYMBOL(copy_to_user_overflow); | |
15856 | ||
15857 | -void copy_from_user_overflow(void) | |
15858 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | |
15859 | +void __set_fs(mm_segment_t x, int cpu) | |
15860 | { | |
15861 | - WARN(1, "Buffer overflow detected!\n"); | |
15862 | + unsigned long limit = x.seg; | |
15863 | + struct desc_struct d; | |
15864 | + | |
15865 | + current_thread_info()->addr_limit = x; | |
15866 | + if (unlikely(paravirt_enabled())) | |
15867 | + return; | |
15868 | + | |
15869 | + if (likely(limit)) | |
15870 | + limit = (limit - 1UL) >> PAGE_SHIFT; | |
15871 | + pack_descriptor(&d, 0UL, limit, 0xF3, 0xC); | |
15872 | + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_DS, &d, DESCTYPE_S); | |
15873 | } | |
15874 | -EXPORT_SYMBOL(copy_from_user_overflow); | |
15875 | + | |
15876 | +void set_fs(mm_segment_t x) | |
15877 | +{ | |
58c5fc13 MT |
15878 | + __set_fs(x, get_cpu()); |
15879 | + put_cpu(); | |
ae4e228f MT |
15880 | +} |
15881 | +EXPORT_SYMBOL(copy_from_user); | |
58c5fc13 MT |
15882 | +#else |
15883 | +void set_fs(mm_segment_t x) | |
15884 | +{ | |
15885 | + current_thread_info()->addr_limit = x; | |
15886 | +} | |
15887 | +#endif | |
15888 | + | |
15889 | +EXPORT_SYMBOL(set_fs); | |
ae4e228f MT |
15890 | diff -urNp linux-2.6.33.1/arch/x86/Makefile linux-2.6.33.1/arch/x86/Makefile |
15891 | --- linux-2.6.33.1/arch/x86/Makefile 2010-03-15 12:09:39.000000000 -0400 | |
15892 | +++ linux-2.6.33.1/arch/x86/Makefile 2010-03-20 16:58:39.028522513 -0400 | |
15893 | @@ -192,3 +192,12 @@ define archhelp | |
58c5fc13 MT |
15894 | echo ' FDARGS="..." arguments for the booted kernel' |
15895 | echo ' FDINITRD=file initrd for the booted kernel' | |
15896 | endef | |
15897 | + | |
15898 | +define OLD_LD | |
15899 | + | |
15900 | +*** ${VERSION}.${PATCHLEVEL} PaX kernels no longer build correctly with old versions of binutils. | |
15901 | +*** Please upgrade your binutils to 2.18 or newer | |
15902 | +endef | |
15903 | + | |
15904 | +archprepare: | |
15905 | + $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD))) | |
ae4e228f MT |
15906 | diff -urNp linux-2.6.33.1/arch/x86/mm/extable.c linux-2.6.33.1/arch/x86/mm/extable.c |
15907 | --- linux-2.6.33.1/arch/x86/mm/extable.c 2010-03-15 12:09:39.000000000 -0400 | |
15908 | +++ linux-2.6.33.1/arch/x86/mm/extable.c 2010-03-20 16:58:39.032549699 -0400 | |
15909 | @@ -1,14 +1,71 @@ | |
58c5fc13 MT |
15910 | #include <linux/module.h> |
15911 | #include <linux/spinlock.h> | |
15912 | +#include <linux/sort.h> | |
15913 | #include <asm/uaccess.h> | |
ae4e228f | 15914 | +#include <asm/pgtable.h> |
58c5fc13 MT |
15915 | |
15916 | +/* | |
15917 | + * The exception table needs to be sorted so that the binary | |
15918 | + * search that we use to find entries in it works properly. | |
15919 | + * This is used both for the kernel exception table and for | |
15920 | + * the exception tables of modules that get loaded. | |
15921 | + */ | |
15922 | +static int cmp_ex(const void *a, const void *b) | |
15923 | +{ | |
15924 | + const struct exception_table_entry *x = a, *y = b; | |
15925 | + | |
15926 | + /* avoid overflow */ | |
15927 | + if (x->insn > y->insn) | |
15928 | + return 1; | |
15929 | + if (x->insn < y->insn) | |
15930 | + return -1; | |
15931 | + return 0; | |
15932 | +} | |
15933 | + | |
15934 | +static void swap_ex(void *a, void *b, int size) | |
15935 | +{ | |
15936 | + struct exception_table_entry t, *x = a, *y = b; | |
15937 | + | |
58c5fc13 MT |
15938 | + t = *x; |
15939 | + | |
ae4e228f | 15940 | + pax_open_kernel(); |
58c5fc13 MT |
15941 | + *x = *y; |
15942 | + *y = t; | |
ae4e228f | 15943 | + pax_close_kernel(); |
58c5fc13 MT |
15944 | +} |
15945 | + | |
15946 | +void sort_extable(struct exception_table_entry *start, | |
15947 | + struct exception_table_entry *finish) | |
15948 | +{ | |
15949 | + sort(start, finish - start, sizeof(struct exception_table_entry), | |
15950 | + cmp_ex, swap_ex); | |
15951 | +} | |
15952 | + | |
15953 | +#ifdef CONFIG_MODULES | |
15954 | +/* | |
15955 | + * If the exception table is sorted, any referring to the module init | |
15956 | + * will be at the beginning or the end. | |
15957 | + */ | |
15958 | +void trim_init_extable(struct module *m) | |
15959 | +{ | |
15960 | + /*trim the beginning*/ | |
15961 | + while (m->num_exentries && within_module_init(m->extable[0].insn, m)) { | |
15962 | + m->extable++; | |
15963 | + m->num_exentries--; | |
15964 | + } | |
15965 | + /*trim the end*/ | |
15966 | + while (m->num_exentries && | |
15967 | + within_module_init(m->extable[m->num_exentries-1].insn, m)) | |
15968 | + m->num_exentries--; | |
15969 | +} | |
15970 | +#endif /* CONFIG_MODULES */ | |
15971 | ||
15972 | int fixup_exception(struct pt_regs *regs) | |
15973 | { | |
15974 | const struct exception_table_entry *fixup; | |
15975 | ||
15976 | #ifdef CONFIG_PNPBIOS | |
15977 | - if (unlikely(SEGMENT_IS_PNP_CODE(regs->cs))) { | |
15978 | + if (unlikely(!v8086_mode(regs) && SEGMENT_IS_PNP_CODE(regs->cs))) { | |
15979 | extern u32 pnp_bios_fault_eip, pnp_bios_fault_esp; | |
15980 | extern u32 pnp_bios_is_utter_crap; | |
15981 | pnp_bios_is_utter_crap = 1; | |
ae4e228f MT |
15982 | diff -urNp linux-2.6.33.1/arch/x86/mm/fault.c linux-2.6.33.1/arch/x86/mm/fault.c |
15983 | --- linux-2.6.33.1/arch/x86/mm/fault.c 2010-03-15 12:09:39.000000000 -0400 | |
15984 | +++ linux-2.6.33.1/arch/x86/mm/fault.c 2010-03-20 16:58:39.032549699 -0400 | |
58c5fc13 MT |
15985 | @@ -11,10 +11,14 @@ |
15986 | #include <linux/kprobes.h> /* __kprobes, ... */ | |
15987 | #include <linux/mmiotrace.h> /* kmmio_handler, ... */ | |
ae4e228f | 15988 | #include <linux/perf_event.h> /* perf_sw_event */ |
58c5fc13 MT |
15989 | +#include <linux/unistd.h> |
15990 | +#include <linux/compiler.h> | |
15991 | ||
15992 | #include <asm/traps.h> /* dotraplinkage, ... */ | |
15993 | #include <asm/pgalloc.h> /* pgd_*(), ... */ | |
15994 | #include <asm/kmemcheck.h> /* kmemcheck_*(), ... */ | |
15995 | +#include <asm/vsyscall.h> | |
15996 | +#include <asm/tlbflush.h> | |
15997 | ||
15998 | /* | |
15999 | * Page fault error code bits: | |
ae4e228f | 16000 | @@ -52,7 +56,7 @@ static inline int __kprobes notify_page_ |
58c5fc13 MT |
16001 | int ret = 0; |
16002 | ||
16003 | /* kprobe_running() needs smp_processor_id() */ | |
16004 | - if (kprobes_built_in() && !user_mode_vm(regs)) { | |
16005 | + if (kprobes_built_in() && !user_mode(regs)) { | |
16006 | preempt_disable(); | |
16007 | if (kprobe_running() && kprobe_fault_handler(regs, 14)) | |
16008 | ret = 1; | |
ae4e228f | 16009 | @@ -173,6 +177,30 @@ force_sig_info_fault(int si_signo, int s |
58c5fc13 MT |
16010 | force_sig_info(si_signo, &info, tsk); |
16011 | } | |
16012 | ||
16013 | +#ifdef CONFIG_PAX_EMUTRAMP | |
16014 | +static int pax_handle_fetch_fault(struct pt_regs *regs); | |
16015 | +#endif | |
16016 | + | |
16017 | +#ifdef CONFIG_PAX_PAGEEXEC | |
16018 | +static inline pmd_t * pax_get_pmd(struct mm_struct *mm, unsigned long address) | |
16019 | +{ | |
16020 | + pgd_t *pgd; | |
16021 | + pud_t *pud; | |
16022 | + pmd_t *pmd; | |
16023 | + | |
16024 | + pgd = pgd_offset(mm, address); | |
16025 | + if (!pgd_present(*pgd)) | |
16026 | + return NULL; | |
16027 | + pud = pud_offset(pgd, address); | |
16028 | + if (!pud_present(*pud)) | |
16029 | + return NULL; | |
16030 | + pmd = pmd_offset(pud, address); | |
16031 | + if (!pmd_present(*pmd)) | |
16032 | + return NULL; | |
16033 | + return pmd; | |
16034 | +} | |
16035 | +#endif | |
16036 | + | |
16037 | DEFINE_SPINLOCK(pgd_lock); | |
16038 | LIST_HEAD(pgd_list); | |
16039 | ||
ae4e228f | 16040 | @@ -536,7 +564,7 @@ static int is_errata93(struct pt_regs *r |
58c5fc13 MT |
16041 | static int is_errata100(struct pt_regs *regs, unsigned long address) |
16042 | { | |
16043 | #ifdef CONFIG_X86_64 | |
16044 | - if ((regs->cs == __USER32_CS || (regs->cs & (1<<2))) && (address >> 32)) | |
16045 | + if ((regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT)) && (address >> 32)) | |
16046 | return 1; | |
16047 | #endif | |
16048 | return 0; | |
ae4e228f | 16049 | @@ -563,7 +591,7 @@ static int is_f00f_bug(struct pt_regs *r |
58c5fc13 MT |
16050 | } |
16051 | ||
16052 | static const char nx_warning[] = KERN_CRIT | |
16053 | -"kernel tried to execute NX-protected page - exploit attempt? (uid: %d)\n"; | |
16054 | +"kernel tried to execute NX-protected page - exploit attempt? (uid: %d, task: %s, pid: %d)\n"; | |
16055 | ||
16056 | static void | |
16057 | show_fault_oops(struct pt_regs *regs, unsigned long error_code, | |
ae4e228f | 16058 | @@ -572,15 +600,26 @@ show_fault_oops(struct pt_regs *regs, un |
58c5fc13 MT |
16059 | if (!oops_may_print()) |
16060 | return; | |
16061 | ||
16062 | - if (error_code & PF_INSTR) { | |
ae4e228f | 16063 | + if ((__supported_pte_mask & _PAGE_NX) && (error_code & PF_INSTR)) { |
58c5fc13 MT |
16064 | unsigned int level; |
16065 | ||
16066 | pte_t *pte = lookup_address(address, &level); | |
16067 | ||
16068 | if (pte && pte_present(*pte) && !pte_exec(*pte)) | |
16069 | - printk(nx_warning, current_uid()); | |
16070 | + printk(nx_warning, current_uid(), current->comm, task_pid_nr(current)); | |
16071 | } | |
16072 | ||
16073 | +#ifdef CONFIG_PAX_KERNEXEC | |
ae4e228f | 16074 | + if (init_mm.start_code <= address && address < init_mm.end_code) { |
58c5fc13 | 16075 | + if (current->signal->curr_ip) |
ae4e228f MT |
16076 | + printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", |
16077 | + ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid()); | |
58c5fc13 MT |
16078 | + else |
16079 | + printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", | |
16080 | + current->comm, task_pid_nr(current), current_uid(), current_euid()); | |
16081 | + } | |
16082 | +#endif | |
16083 | + | |
16084 | printk(KERN_ALERT "BUG: unable to handle kernel "); | |
16085 | if (address < PAGE_SIZE) | |
16086 | printk(KERN_CONT "NULL pointer dereference"); | |
ae4e228f | 16087 | @@ -705,6 +744,68 @@ __bad_area_nosemaphore(struct pt_regs *r |
58c5fc13 MT |
16088 | unsigned long address, int si_code) |
16089 | { | |
16090 | struct task_struct *tsk = current; | |
16091 | + struct mm_struct *mm = tsk->mm; | |
16092 | + | |
16093 | +#ifdef CONFIG_X86_64 | |
16094 | + if (mm && (error_code & PF_INSTR)) { | |
16095 | + if (regs->ip == (unsigned long)vgettimeofday) { | |
16096 | + regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, fallback_gettimeofday); | |
16097 | + return; | |
16098 | + } else if (regs->ip == (unsigned long)vtime) { | |
16099 | + regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, fallback_time); | |
16100 | + return; | |
16101 | + } else if (regs->ip == (unsigned long)vgetcpu) { | |
16102 | + regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, getcpu); | |
16103 | + return; | |
16104 | + } | |
16105 | + } | |
16106 | +#endif | |
16107 | + | |
16108 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
16109 | + if (mm && (error_code & PF_USER)) { | |
16110 | + unsigned long ip = regs->ip; | |
16111 | + | |
16112 | + if (v8086_mode(regs)) | |
16113 | + ip = ((regs->cs & 0xffff) << 4) + (regs->ip & 0xffff); | |
16114 | + | |
16115 | + /* | |
16116 | + * It's possible to have interrupts off here: | |
16117 | + */ | |
16118 | + local_irq_enable(); | |
16119 | + | |
16120 | +#ifdef CONFIG_PAX_PAGEEXEC | |
16121 | + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && | |
ae4e228f | 16122 | + (((__supported_pte_mask & _PAGE_NX) && (error_code & PF_INSTR)) || (!(error_code & (PF_PROT | PF_WRITE)) && regs->ip == address))) { |
58c5fc13 MT |
16123 | + |
16124 | +#ifdef CONFIG_PAX_EMUTRAMP | |
16125 | + switch (pax_handle_fetch_fault(regs)) { | |
16126 | + case 2: | |
16127 | + return; | |
16128 | + } | |
16129 | +#endif | |
16130 | + | |
16131 | + pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp); | |
16132 | + do_group_exit(SIGKILL); | |
16133 | + } | |
16134 | +#endif | |
16135 | + | |
16136 | +#ifdef CONFIG_PAX_SEGMEXEC | |
16137 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && !(error_code & (PF_PROT | PF_WRITE)) && (regs->ip + SEGMEXEC_TASK_SIZE == address)) { | |
16138 | + | |
16139 | +#ifdef CONFIG_PAX_EMUTRAMP | |
16140 | + switch (pax_handle_fetch_fault(regs)) { | |
16141 | + case 2: | |
16142 | + return; | |
16143 | + } | |
16144 | +#endif | |
16145 | + | |
16146 | + pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp); | |
16147 | + do_group_exit(SIGKILL); | |
16148 | + } | |
16149 | +#endif | |
16150 | + | |
16151 | + } | |
16152 | +#endif | |
16153 | ||
16154 | /* User mode accesses just cause a SIGSEGV */ | |
16155 | if (error_code & PF_USER) { | |
ae4e228f | 16156 | @@ -849,6 +950,106 @@ static int spurious_fault_check(unsigned |
58c5fc13 MT |
16157 | return 1; |
16158 | } | |
16159 | ||
16160 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) | |
16161 | +static int pax_handle_pageexec_fault(struct pt_regs *regs, struct mm_struct *mm, unsigned long address, unsigned long error_code) | |
16162 | +{ | |
16163 | + pte_t *pte; | |
16164 | + pmd_t *pmd; | |
16165 | + spinlock_t *ptl; | |
16166 | + unsigned char pte_mask; | |
16167 | + | |
ae4e228f | 16168 | + if ((__supported_pte_mask & _PAGE_NX) || (error_code & (PF_PROT|PF_USER)) != (PF_PROT|PF_USER) || v8086_mode(regs) || |
58c5fc13 MT |
16169 | + !(mm->pax_flags & MF_PAX_PAGEEXEC)) |
16170 | + return 0; | |
16171 | + | |
16172 | + /* PaX: it's our fault, let's handle it if we can */ | |
16173 | + | |
16174 | + /* PaX: take a look at read faults before acquiring any locks */ | |
16175 | + if (unlikely(!(error_code & PF_WRITE) && (regs->ip == address))) { | |
16176 | + /* instruction fetch attempt from a protected page in user mode */ | |
16177 | + up_read(&mm->mmap_sem); | |
16178 | + | |
16179 | +#ifdef CONFIG_PAX_EMUTRAMP | |
16180 | + switch (pax_handle_fetch_fault(regs)) { | |
16181 | + case 2: | |
16182 | + return 1; | |
16183 | + } | |
16184 | +#endif | |
16185 | + | |
16186 | + pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp); | |
16187 | + do_group_exit(SIGKILL); | |
16188 | + } | |
16189 | + | |
16190 | + pmd = pax_get_pmd(mm, address); | |
16191 | + if (unlikely(!pmd)) | |
16192 | + return 0; | |
16193 | + | |
16194 | + pte = pte_offset_map_lock(mm, pmd, address, &ptl); | |
16195 | + if (unlikely(!(pte_val(*pte) & _PAGE_PRESENT) || pte_user(*pte))) { | |
16196 | + pte_unmap_unlock(pte, ptl); | |
16197 | + return 0; | |
16198 | + } | |
16199 | + | |
16200 | + if (unlikely((error_code & PF_WRITE) && !pte_write(*pte))) { | |
16201 | + /* write attempt to a protected page in user mode */ | |
16202 | + pte_unmap_unlock(pte, ptl); | |
16203 | + return 0; | |
16204 | + } | |
16205 | + | |
16206 | +#ifdef CONFIG_SMP | |
16207 | + if (likely(address > get_limit(regs->cs) && cpu_isset(smp_processor_id(), mm->context.cpu_user_cs_mask))) | |
16208 | +#else | |
16209 | + if (likely(address > get_limit(regs->cs))) | |
16210 | +#endif | |
16211 | + { | |
16212 | + set_pte(pte, pte_mkread(*pte)); | |
16213 | + __flush_tlb_one(address); | |
16214 | + pte_unmap_unlock(pte, ptl); | |
16215 | + up_read(&mm->mmap_sem); | |
16216 | + return 1; | |
16217 | + } | |
16218 | + | |
16219 | + pte_mask = _PAGE_ACCESSED | _PAGE_USER | ((error_code & PF_WRITE) << (_PAGE_BIT_DIRTY-1)); | |
16220 | + | |
16221 | + /* | |
16222 | + * PaX: fill DTLB with user rights and retry | |
16223 | + */ | |
16224 | + __asm__ __volatile__ ( | |
16225 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | |
16226 | + "movw %w4,%%es\n" | |
16227 | +#endif | |
16228 | + "orb %2,(%1)\n" | |
16229 | +#if defined(CONFIG_M586) || defined(CONFIG_M586TSC) | |
16230 | +/* | |
16231 | + * PaX: let this uncommented 'invlpg' remind us on the behaviour of Intel's | |
16232 | + * (and AMD's) TLBs. namely, they do not cache PTEs that would raise *any* | |
16233 | + * page fault when examined during a TLB load attempt. this is true not only | |
16234 | + * for PTEs holding a non-present entry but also present entries that will | |
16235 | + * raise a page fault (such as those set up by PaX, or the copy-on-write | |
16236 | + * mechanism). in effect it means that we do *not* need to flush the TLBs | |
16237 | + * for our target pages since their PTEs are simply not in the TLBs at all. | |
16238 | + | |
16239 | + * the best thing in omitting it is that we gain around 15-20% speed in the | |
16240 | + * fast path of the page fault handler and can get rid of tracing since we | |
16241 | + * can no longer flush unintended entries. | |
16242 | + */ | |
16243 | + "invlpg (%0)\n" | |
16244 | +#endif | |
16245 | + "testb $0,%%es:(%0)\n" | |
16246 | + "xorb %3,(%1)\n" | |
16247 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | |
16248 | + "pushl %%ss\n" | |
16249 | + "popl %%es\n" | |
16250 | +#endif | |
16251 | + : | |
16252 | + : "r" (address), "r" (pte), "q" (pte_mask), "i" (_PAGE_USER), "r" (__USER_DS) | |
16253 | + : "memory", "cc"); | |
16254 | + pte_unmap_unlock(pte, ptl); | |
16255 | + up_read(&mm->mmap_sem); | |
16256 | + return 1; | |
16257 | +} | |
16258 | +#endif | |
16259 | + | |
16260 | /* | |
16261 | * Handle a spurious fault caused by a stale TLB entry. | |
16262 | * | |
ae4e228f | 16263 | @@ -915,6 +1116,9 @@ int show_unhandled_signals = 1; |
58c5fc13 MT |
16264 | static inline int |
16265 | access_error(unsigned long error_code, int write, struct vm_area_struct *vma) | |
16266 | { | |
ae4e228f | 16267 | + if ((__supported_pte_mask & _PAGE_NX) && (error_code & PF_INSTR) && !(vma->vm_flags & VM_EXEC)) |
58c5fc13 MT |
16268 | + return 1; |
16269 | + | |
16270 | if (write) { | |
16271 | /* write, present and write, not present: */ | |
16272 | if (unlikely(!(vma->vm_flags & VM_WRITE))) | |
ae4e228f | 16273 | @@ -948,17 +1152,16 @@ do_page_fault(struct pt_regs *regs, unsi |
58c5fc13 MT |
16274 | { |
16275 | struct vm_area_struct *vma; | |
16276 | struct task_struct *tsk; | |
16277 | - unsigned long address; | |
16278 | struct mm_struct *mm; | |
16279 | int write; | |
16280 | int fault; | |
16281 | ||
16282 | + /* Get the faulting address: */ | |
16283 | + const unsigned long address = read_cr2(); | |
16284 | + | |
16285 | tsk = current; | |
16286 | mm = tsk->mm; | |
16287 | ||
16288 | - /* Get the faulting address: */ | |
16289 | - address = read_cr2(); | |
16290 | - | |
16291 | /* | |
16292 | * Detect and handle instructions that would cause a page fault for | |
16293 | * both a tracked kernel page and a userspace page. | |
ae4e228f | 16294 | @@ -1018,7 +1221,7 @@ do_page_fault(struct pt_regs *regs, unsi |
58c5fc13 MT |
16295 | * User-mode registers count as a user access even for any |
16296 | * potential system fault or CPU buglet: | |
16297 | */ | |
16298 | - if (user_mode_vm(regs)) { | |
16299 | + if (user_mode(regs)) { | |
16300 | local_irq_enable(); | |
16301 | error_code |= PF_USER; | |
16302 | } else { | |
ae4e228f | 16303 | @@ -1072,6 +1275,11 @@ do_page_fault(struct pt_regs *regs, unsi |
58c5fc13 MT |
16304 | might_sleep(); |
16305 | } | |
16306 | ||
16307 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) | |
16308 | + if (pax_handle_pageexec_fault(regs, mm, address, error_code)) | |
16309 | + return; | |
16310 | +#endif | |
16311 | + | |
16312 | vma = find_vma(mm, address); | |
16313 | if (unlikely(!vma)) { | |
16314 | bad_area(regs, error_code, address); | |
ae4e228f | 16315 | @@ -1083,18 +1291,24 @@ do_page_fault(struct pt_regs *regs, unsi |
58c5fc13 MT |
16316 | bad_area(regs, error_code, address); |
16317 | return; | |
16318 | } | |
16319 | - if (error_code & PF_USER) { | |
16320 | - /* | |
16321 | - * Accessing the stack below %sp is always a bug. | |
16322 | - * The large cushion allows instructions like enter | |
16323 | - * and pusha to work. ("enter $65535, $31" pushes | |
16324 | - * 32 pointers and then decrements %sp by 65535.) | |
16325 | - */ | |
16326 | - if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) { | |
16327 | - bad_area(regs, error_code, address); | |
16328 | - return; | |
16329 | - } | |
16330 | + /* | |
16331 | + * Accessing the stack below %sp is always a bug. | |
16332 | + * The large cushion allows instructions like enter | |
16333 | + * and pusha to work. ("enter $65535, $31" pushes | |
16334 | + * 32 pointers and then decrements %sp by 65535.) | |
16335 | + */ | |
16336 | + if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < task_pt_regs(tsk)->sp)) { | |
16337 | + bad_area(regs, error_code, address); | |
16338 | + return; | |
16339 | + } | |
16340 | + | |
16341 | +#ifdef CONFIG_PAX_SEGMEXEC | |
16342 | + if (unlikely((mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < address - SEGMEXEC_TASK_SIZE - 1)) { | |
16343 | + bad_area(regs, error_code, address); | |
16344 | + return; | |
16345 | } | |
16346 | +#endif | |
16347 | + | |
16348 | if (unlikely(expand_stack(vma, address))) { | |
16349 | bad_area(regs, error_code, address); | |
16350 | return; | |
ae4e228f | 16351 | @@ -1138,3 +1352,199 @@ good_area: |
58c5fc13 MT |
16352 | |
16353 | up_read(&mm->mmap_sem); | |
16354 | } | |
16355 | + | |
16356 | +#ifdef CONFIG_PAX_EMUTRAMP | |
16357 | +static int pax_handle_fetch_fault_32(struct pt_regs *regs) | |
16358 | +{ | |
16359 | + int err; | |
16360 | + | |
16361 | + do { /* PaX: gcc trampoline emulation #1 */ | |
16362 | + unsigned char mov1, mov2; | |
16363 | + unsigned short jmp; | |
16364 | + unsigned int addr1, addr2; | |
16365 | + | |
16366 | +#ifdef CONFIG_X86_64 | |
16367 | + if ((regs->ip + 11) >> 32) | |
16368 | + break; | |
16369 | +#endif | |
16370 | + | |
16371 | + err = get_user(mov1, (unsigned char __user *)regs->ip); | |
16372 | + err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1)); | |
16373 | + err |= get_user(mov2, (unsigned char __user *)(regs->ip + 5)); | |
16374 | + err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6)); | |
16375 | + err |= get_user(jmp, (unsigned short __user *)(regs->ip + 10)); | |
16376 | + | |
16377 | + if (err) | |
16378 | + break; | |
16379 | + | |
16380 | + if (mov1 == 0xB9 && mov2 == 0xB8 && jmp == 0xE0FF) { | |
16381 | + regs->cx = addr1; | |
16382 | + regs->ax = addr2; | |
16383 | + regs->ip = addr2; | |
16384 | + return 2; | |
16385 | + } | |
16386 | + } while (0); | |
16387 | + | |
16388 | + do { /* PaX: gcc trampoline emulation #2 */ | |
16389 | + unsigned char mov, jmp; | |
16390 | + unsigned int addr1, addr2; | |
16391 | + | |
16392 | +#ifdef CONFIG_X86_64 | |
16393 | + if ((regs->ip + 9) >> 32) | |
16394 | + break; | |
16395 | +#endif | |
16396 | + | |
16397 | + err = get_user(mov, (unsigned char __user *)regs->ip); | |
16398 | + err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1)); | |
16399 | + err |= get_user(jmp, (unsigned char __user *)(regs->ip + 5)); | |
16400 | + err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6)); | |
16401 | + | |
16402 | + if (err) | |
16403 | + break; | |
16404 | + | |
16405 | + if (mov == 0xB9 && jmp == 0xE9) { | |
16406 | + regs->cx = addr1; | |
16407 | + regs->ip = (unsigned int)(regs->ip + addr2 + 10); | |
16408 | + return 2; | |
16409 | + } | |
16410 | + } while (0); | |
16411 | + | |
16412 | + return 1; /* PaX in action */ | |
16413 | +} | |
16414 | + | |
16415 | +#ifdef CONFIG_X86_64 | |
16416 | +static int pax_handle_fetch_fault_64(struct pt_regs *regs) | |
16417 | +{ | |
16418 | + int err; | |
16419 | + | |
16420 | + do { /* PaX: gcc trampoline emulation #1 */ | |
16421 | + unsigned short mov1, mov2, jmp1; | |
16422 | + unsigned char jmp2; | |
16423 | + unsigned int addr1; | |
16424 | + unsigned long addr2; | |
16425 | + | |
16426 | + err = get_user(mov1, (unsigned short __user *)regs->ip); | |
16427 | + err |= get_user(addr1, (unsigned int __user *)(regs->ip + 2)); | |
16428 | + err |= get_user(mov2, (unsigned short __user *)(regs->ip + 6)); | |
16429 | + err |= get_user(addr2, (unsigned long __user *)(regs->ip + 8)); | |
16430 | + err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 16)); | |
16431 | + err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 18)); | |
16432 | + | |
16433 | + if (err) | |
16434 | + break; | |
16435 | + | |
16436 | + if (mov1 == 0xBB41 && mov2 == 0xBA49 && jmp1 == 0xFF49 && jmp2 == 0xE3) { | |
16437 | + regs->r11 = addr1; | |
16438 | + regs->r10 = addr2; | |
16439 | + regs->ip = addr1; | |
16440 | + return 2; | |
16441 | + } | |
16442 | + } while (0); | |
16443 | + | |
16444 | + do { /* PaX: gcc trampoline emulation #2 */ | |
16445 | + unsigned short mov1, mov2, jmp1; | |
16446 | + unsigned char jmp2; | |
16447 | + unsigned long addr1, addr2; | |
16448 | + | |
16449 | + err = get_user(mov1, (unsigned short __user *)regs->ip); | |
16450 | + err |= get_user(addr1, (unsigned long __user *)(regs->ip + 2)); | |
16451 | + err |= get_user(mov2, (unsigned short __user *)(regs->ip + 10)); | |
16452 | + err |= get_user(addr2, (unsigned long __user *)(regs->ip + 12)); | |
16453 | + err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 20)); | |
16454 | + err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 22)); | |
16455 | + | |
16456 | + if (err) | |
16457 | + break; | |
16458 | + | |
16459 | + if (mov1 == 0xBB49 && mov2 == 0xBA49 && jmp1 == 0xFF49 && jmp2 == 0xE3) { | |
16460 | + regs->r11 = addr1; | |
16461 | + regs->r10 = addr2; | |
16462 | + regs->ip = addr1; | |
16463 | + return 2; | |
16464 | + } | |
16465 | + } while (0); | |
16466 | + | |
16467 | + return 1; /* PaX in action */ | |
16468 | +} | |
16469 | +#endif | |
16470 | + | |
16471 | +/* | |
16472 | + * PaX: decide what to do with offenders (regs->ip = fault address) | |
16473 | + * | |
16474 | + * returns 1 when task should be killed | |
16475 | + * 2 when gcc trampoline was detected | |
16476 | + */ | |
16477 | +static int pax_handle_fetch_fault(struct pt_regs *regs) | |
16478 | +{ | |
16479 | + if (v8086_mode(regs)) | |
16480 | + return 1; | |
16481 | + | |
16482 | + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP)) | |
16483 | + return 1; | |
16484 | + | |
16485 | +#ifdef CONFIG_X86_32 | |
16486 | + return pax_handle_fetch_fault_32(regs); | |
16487 | +#else | |
16488 | + if (regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT)) | |
16489 | + return pax_handle_fetch_fault_32(regs); | |
16490 | + else | |
16491 | + return pax_handle_fetch_fault_64(regs); | |
16492 | +#endif | |
16493 | +} | |
16494 | +#endif | |
16495 | + | |
16496 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
16497 | +void pax_report_insns(void *pc, void *sp) | |
16498 | +{ | |
16499 | + long i; | |
16500 | + | |
16501 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
16502 | + for (i = 0; i < 20; i++) { | |
16503 | + unsigned char c; | |
ae4e228f | 16504 | + if (get_user(c, (__force unsigned char __user *)pc+i)) |
58c5fc13 MT |
16505 | + printk(KERN_CONT "?? "); |
16506 | + else | |
16507 | + printk(KERN_CONT "%02x ", c); | |
16508 | + } | |
16509 | + printk("\n"); | |
16510 | + | |
16511 | + printk(KERN_ERR "PAX: bytes at SP-%lu: ", (unsigned long)sizeof(long)); | |
ae4e228f | 16512 | + for (i = -1; i < 80 / (long)sizeof(long); i++) { |
58c5fc13 | 16513 | + unsigned long c; |
ae4e228f | 16514 | + if (get_user(c, (__force unsigned long __user *)sp+i)) |
58c5fc13 MT |
16515 | +#ifdef CONFIG_X86_32 |
16516 | + printk(KERN_CONT "???????? "); | |
16517 | +#else | |
16518 | + printk(KERN_CONT "???????????????? "); | |
16519 | +#endif | |
16520 | + else | |
16521 | + printk(KERN_CONT "%0*lx ", 2 * (int)sizeof(long), c); | |
16522 | + } | |
16523 | + printk("\n"); | |
16524 | +} | |
16525 | +#endif | |
58c5fc13 | 16526 | + |
ae4e228f MT |
16527 | +/** |
16528 | + * probe_kernel_write(): safely attempt to write to a location | |
16529 | + * @dst: address to write to | |
16530 | + * @src: pointer to the data that shall be written | |
16531 | + * @size: size of the data chunk | |
16532 | + * | |
16533 | + * Safely write to address @dst from the buffer at @src. If a kernel fault | |
16534 | + * happens, handle that and return -EFAULT. | |
16535 | + */ | |
16536 | +long notrace probe_kernel_write(void *dst, const void *src, size_t size) | |
16537 | +{ | |
16538 | + long ret; | |
16539 | + mm_segment_t old_fs = get_fs(); | |
16540 | + | |
16541 | + set_fs(KERNEL_DS); | |
16542 | + pagefault_disable(); | |
16543 | + pax_open_kernel(); | |
16544 | + ret = __copy_to_user_inatomic((__force void __user *)dst, src, size); | |
16545 | + pax_close_kernel(); | |
16546 | + pagefault_enable(); | |
16547 | + set_fs(old_fs); | |
16548 | + | |
16549 | + return ret ? -EFAULT : 0; | |
16550 | +} | |
16551 | diff -urNp linux-2.6.33.1/arch/x86/mm/gup.c linux-2.6.33.1/arch/x86/mm/gup.c | |
16552 | --- linux-2.6.33.1/arch/x86/mm/gup.c 2010-03-15 12:09:39.000000000 -0400 | |
16553 | +++ linux-2.6.33.1/arch/x86/mm/gup.c 2010-03-20 16:58:39.032549699 -0400 | |
16554 | @@ -237,7 +237,7 @@ int __get_user_pages_fast(unsigned long | |
16555 | addr = start; | |
16556 | len = (unsigned long) nr_pages << PAGE_SHIFT; | |
16557 | end = start + len; | |
16558 | - if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ, | |
16559 | + if (unlikely(!__access_ok(write ? VERIFY_WRITE : VERIFY_READ, | |
16560 | (void __user *)start, len))) | |
16561 | return 0; | |
58c5fc13 | 16562 | |
ae4e228f MT |
16563 | diff -urNp linux-2.6.33.1/arch/x86/mm/highmem_32.c linux-2.6.33.1/arch/x86/mm/highmem_32.c |
16564 | --- linux-2.6.33.1/arch/x86/mm/highmem_32.c 2010-03-15 12:09:39.000000000 -0400 | |
16565 | +++ linux-2.6.33.1/arch/x86/mm/highmem_32.c 2010-03-20 16:58:39.032549699 -0400 | |
16566 | @@ -43,7 +43,10 @@ void *kmap_atomic_prot(struct page *page | |
58c5fc13 MT |
16567 | idx = type + KM_TYPE_NR*smp_processor_id(); |
16568 | vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx); | |
16569 | BUG_ON(!pte_none(*(kmap_pte-idx))); | |
16570 | + | |
ae4e228f | 16571 | + pax_open_kernel(); |
58c5fc13 | 16572 | set_pte(kmap_pte-idx, mk_pte(page, prot)); |
ae4e228f | 16573 | + pax_close_kernel(); |
58c5fc13 | 16574 | |
58c5fc13 MT |
16575 | return (void *)vaddr; |
16576 | } | |
ae4e228f MT |
16577 | diff -urNp linux-2.6.33.1/arch/x86/mm/hugetlbpage.c linux-2.6.33.1/arch/x86/mm/hugetlbpage.c |
16578 | --- linux-2.6.33.1/arch/x86/mm/hugetlbpage.c 2010-03-15 12:09:39.000000000 -0400 | |
16579 | +++ linux-2.6.33.1/arch/x86/mm/hugetlbpage.c 2010-03-20 16:58:39.032549699 -0400 | |
58c5fc13 MT |
16580 | @@ -267,13 +267,18 @@ static unsigned long hugetlb_get_unmappe |
16581 | struct hstate *h = hstate_file(file); | |
16582 | struct mm_struct *mm = current->mm; | |
16583 | struct vm_area_struct *vma; | |
16584 | - unsigned long start_addr; | |
16585 | + unsigned long start_addr, pax_task_size = TASK_SIZE; | |
16586 | + | |
16587 | +#ifdef CONFIG_PAX_SEGMEXEC | |
16588 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
16589 | + pax_task_size = SEGMEXEC_TASK_SIZE; | |
16590 | +#endif | |
16591 | ||
16592 | if (len > mm->cached_hole_size) { | |
16593 | - start_addr = mm->free_area_cache; | |
16594 | + start_addr = mm->free_area_cache; | |
16595 | } else { | |
16596 | - start_addr = TASK_UNMAPPED_BASE; | |
16597 | - mm->cached_hole_size = 0; | |
16598 | + start_addr = mm->mmap_base; | |
16599 | + mm->cached_hole_size = 0; | |
16600 | } | |
16601 | ||
16602 | full_search: | |
16603 | @@ -281,13 +286,13 @@ full_search: | |
16604 | ||
16605 | for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { | |
16606 | /* At this point: (!vma || addr < vma->vm_end). */ | |
16607 | - if (TASK_SIZE - len < addr) { | |
16608 | + if (pax_task_size - len < addr) { | |
16609 | /* | |
16610 | * Start a new search - just in case we missed | |
16611 | * some holes. | |
16612 | */ | |
16613 | - if (start_addr != TASK_UNMAPPED_BASE) { | |
16614 | - start_addr = TASK_UNMAPPED_BASE; | |
16615 | + if (start_addr != mm->mmap_base) { | |
16616 | + start_addr = mm->mmap_base; | |
16617 | mm->cached_hole_size = 0; | |
16618 | goto full_search; | |
16619 | } | |
16620 | @@ -310,9 +315,8 @@ static unsigned long hugetlb_get_unmappe | |
16621 | struct hstate *h = hstate_file(file); | |
16622 | struct mm_struct *mm = current->mm; | |
16623 | struct vm_area_struct *vma, *prev_vma; | |
16624 | - unsigned long base = mm->mmap_base, addr = addr0; | |
16625 | + unsigned long base = mm->mmap_base, addr; | |
16626 | unsigned long largest_hole = mm->cached_hole_size; | |
16627 | - int first_time = 1; | |
16628 | ||
16629 | /* don't allow allocations above current base */ | |
16630 | if (mm->free_area_cache > base) | |
16631 | @@ -322,7 +326,7 @@ static unsigned long hugetlb_get_unmappe | |
16632 | largest_hole = 0; | |
16633 | mm->free_area_cache = base; | |
16634 | } | |
16635 | -try_again: | |
16636 | + | |
16637 | /* make sure it can fit in the remaining address space */ | |
16638 | if (mm->free_area_cache < len) | |
16639 | goto fail; | |
16640 | @@ -364,22 +368,26 @@ try_again: | |
16641 | ||
16642 | fail: | |
16643 | /* | |
16644 | - * if hint left us with no space for the requested | |
16645 | - * mapping then try again: | |
16646 | - */ | |
16647 | - if (first_time) { | |
16648 | - mm->free_area_cache = base; | |
16649 | - largest_hole = 0; | |
16650 | - first_time = 0; | |
16651 | - goto try_again; | |
16652 | - } | |
16653 | - /* | |
16654 | * A failed mmap() very likely causes application failure, | |
16655 | * so fall back to the bottom-up function here. This scenario | |
16656 | * can happen with large stack limits and large mmap() | |
16657 | * allocations. | |
16658 | */ | |
16659 | - mm->free_area_cache = TASK_UNMAPPED_BASE; | |
16660 | + | |
16661 | +#ifdef CONFIG_PAX_SEGMEXEC | |
16662 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
16663 | + mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE; | |
16664 | + else | |
16665 | +#endif | |
16666 | + | |
16667 | + mm->mmap_base = TASK_UNMAPPED_BASE; | |
16668 | + | |
16669 | +#ifdef CONFIG_PAX_RANDMMAP | |
16670 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
16671 | + mm->mmap_base += mm->delta_mmap; | |
16672 | +#endif | |
16673 | + | |
16674 | + mm->free_area_cache = mm->mmap_base; | |
16675 | mm->cached_hole_size = ~0UL; | |
16676 | addr = hugetlb_get_unmapped_area_bottomup(file, addr0, | |
16677 | len, pgoff, flags); | |
16678 | @@ -387,6 +395,7 @@ fail: | |
16679 | /* | |
16680 | * Restore the topdown base: | |
16681 | */ | |
16682 | + mm->mmap_base = base; | |
16683 | mm->free_area_cache = base; | |
16684 | mm->cached_hole_size = ~0UL; | |
16685 | ||
16686 | @@ -400,10 +409,17 @@ hugetlb_get_unmapped_area(struct file *f | |
16687 | struct hstate *h = hstate_file(file); | |
16688 | struct mm_struct *mm = current->mm; | |
16689 | struct vm_area_struct *vma; | |
16690 | + unsigned long pax_task_size = TASK_SIZE; | |
16691 | ||
16692 | if (len & ~huge_page_mask(h)) | |
16693 | return -EINVAL; | |
16694 | - if (len > TASK_SIZE) | |
16695 | + | |
16696 | +#ifdef CONFIG_PAX_SEGMEXEC | |
16697 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
16698 | + pax_task_size = SEGMEXEC_TASK_SIZE; | |
16699 | +#endif | |
16700 | + | |
16701 | + if (len > pax_task_size) | |
16702 | return -ENOMEM; | |
16703 | ||
16704 | if (flags & MAP_FIXED) { | |
16705 | @@ -415,7 +431,7 @@ hugetlb_get_unmapped_area(struct file *f | |
16706 | if (addr) { | |
16707 | addr = ALIGN(addr, huge_page_size(h)); | |
16708 | vma = find_vma(mm, addr); | |
16709 | - if (TASK_SIZE - len >= addr && | |
16710 | + if (pax_task_size - len >= addr && | |
16711 | (!vma || addr + len <= vma->vm_start)) | |
16712 | return addr; | |
16713 | } | |
ae4e228f MT |
16714 | diff -urNp linux-2.6.33.1/arch/x86/mm/init_32.c linux-2.6.33.1/arch/x86/mm/init_32.c |
16715 | --- linux-2.6.33.1/arch/x86/mm/init_32.c 2010-03-15 12:09:39.000000000 -0400 | |
16716 | +++ linux-2.6.33.1/arch/x86/mm/init_32.c 2010-03-20 16:58:39.032549699 -0400 | |
16717 | @@ -72,36 +72,6 @@ static __init void *alloc_low_page(void) | |
58c5fc13 MT |
16718 | } |
16719 | ||
16720 | /* | |
16721 | - * Creates a middle page table and puts a pointer to it in the | |
16722 | - * given global directory entry. This only returns the gd entry | |
16723 | - * in non-PAE compilation mode, since the middle layer is folded. | |
16724 | - */ | |
16725 | -static pmd_t * __init one_md_table_init(pgd_t *pgd) | |
16726 | -{ | |
16727 | - pud_t *pud; | |
16728 | - pmd_t *pmd_table; | |
16729 | - | |
16730 | -#ifdef CONFIG_X86_PAE | |
16731 | - if (!(pgd_val(*pgd) & _PAGE_PRESENT)) { | |
16732 | - if (after_bootmem) | |
ae4e228f | 16733 | - pmd_table = (pmd_t *)alloc_bootmem_pages(PAGE_SIZE); |
58c5fc13 MT |
16734 | - else |
16735 | - pmd_table = (pmd_t *)alloc_low_page(); | |
16736 | - paravirt_alloc_pmd(&init_mm, __pa(pmd_table) >> PAGE_SHIFT); | |
16737 | - set_pgd(pgd, __pgd(__pa(pmd_table) | _PAGE_PRESENT)); | |
16738 | - pud = pud_offset(pgd, 0); | |
16739 | - BUG_ON(pmd_table != pmd_offset(pud, 0)); | |
16740 | - | |
16741 | - return pmd_table; | |
16742 | - } | |
16743 | -#endif | |
16744 | - pud = pud_offset(pgd, 0); | |
16745 | - pmd_table = pmd_offset(pud, 0); | |
16746 | - | |
16747 | - return pmd_table; | |
16748 | -} | |
16749 | - | |
16750 | -/* | |
16751 | * Create a page table and place a pointer to it in a middle page | |
16752 | * directory entry: | |
16753 | */ | |
ae4e228f | 16754 | @@ -121,13 +91,28 @@ static pte_t * __init one_page_table_ini |
58c5fc13 MT |
16755 | page_table = (pte_t *)alloc_low_page(); |
16756 | ||
16757 | paravirt_alloc_pte(&init_mm, __pa(page_table) >> PAGE_SHIFT); | |
16758 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
16759 | + set_pmd(pmd, __pmd(__pa(page_table) | _KERNPG_TABLE)); | |
16760 | +#else | |
16761 | set_pmd(pmd, __pmd(__pa(page_table) | _PAGE_TABLE)); | |
16762 | +#endif | |
16763 | BUG_ON(page_table != pte_offset_kernel(pmd, 0)); | |
16764 | } | |
16765 | ||
16766 | return pte_offset_kernel(pmd, 0); | |
16767 | } | |
16768 | ||
16769 | +static pmd_t * __init one_md_table_init(pgd_t *pgd) | |
16770 | +{ | |
16771 | + pud_t *pud; | |
16772 | + pmd_t *pmd_table; | |
16773 | + | |
16774 | + pud = pud_offset(pgd, 0); | |
16775 | + pmd_table = pmd_offset(pud, 0); | |
16776 | + | |
16777 | + return pmd_table; | |
16778 | +} | |
16779 | + | |
16780 | pmd_t * __init populate_extra_pmd(unsigned long vaddr) | |
16781 | { | |
16782 | int pgd_idx = pgd_index(vaddr); | |
ae4e228f | 16783 | @@ -201,6 +186,7 @@ page_table_range_init(unsigned long star |
58c5fc13 MT |
16784 | int pgd_idx, pmd_idx; |
16785 | unsigned long vaddr; | |
16786 | pgd_t *pgd; | |
16787 | + pud_t *pud; | |
16788 | pmd_t *pmd; | |
16789 | pte_t *pte = NULL; | |
16790 | ||
ae4e228f | 16791 | @@ -210,8 +196,13 @@ page_table_range_init(unsigned long star |
58c5fc13 MT |
16792 | pgd = pgd_base + pgd_idx; |
16793 | ||
16794 | for ( ; (pgd_idx < PTRS_PER_PGD) && (vaddr != end); pgd++, pgd_idx++) { | |
16795 | - pmd = one_md_table_init(pgd); | |
16796 | - pmd = pmd + pmd_index(vaddr); | |
16797 | + pud = pud_offset(pgd, vaddr); | |
16798 | + pmd = pmd_offset(pud, vaddr); | |
16799 | + | |
16800 | +#ifdef CONFIG_X86_PAE | |
16801 | + paravirt_alloc_pmd(&init_mm, __pa(pmd) >> PAGE_SHIFT); | |
16802 | +#endif | |
16803 | + | |
16804 | for (; (pmd_idx < PTRS_PER_PMD) && (vaddr != end); | |
16805 | pmd++, pmd_idx++) { | |
16806 | pte = page_table_kmap_check(one_page_table_init(pmd), | |
ae4e228f | 16807 | @@ -223,11 +214,20 @@ page_table_range_init(unsigned long star |
58c5fc13 MT |
16808 | } |
16809 | } | |
16810 | ||
16811 | -static inline int is_kernel_text(unsigned long addr) | |
16812 | +static inline int is_kernel_text(unsigned long start, unsigned long end) | |
16813 | { | |
16814 | - if (addr >= PAGE_OFFSET && addr <= (unsigned long)__init_end) | |
16815 | - return 1; | |
16816 | - return 0; | |
ae4e228f | 16817 | + if ((start > ktla_ktva((unsigned long)_etext) || |
58c5fc13 MT |
16818 | + end <= ktla_ktva((unsigned long)_stext)) && |
16819 | + (start > ktla_ktva((unsigned long)_einittext) || | |
16820 | + end <= ktla_ktva((unsigned long)_sinittext)) && | |
ae4e228f MT |
16821 | + |
16822 | +#ifdef CONFIG_ACPI_SLEEP | |
16823 | + (start > (unsigned long)__va(acpi_wakeup_address) + 0x4000 || end <= (unsigned long)__va(acpi_wakeup_address)) && | |
16824 | +#endif | |
16825 | + | |
58c5fc13 MT |
16826 | + (start > (unsigned long)__va(0xfffff) || end <= (unsigned long)__va(0xc0000))) |
16827 | + return 0; | |
16828 | + return 1; | |
16829 | } | |
16830 | ||
16831 | /* | |
ae4e228f | 16832 | @@ -243,9 +243,10 @@ kernel_physical_mapping_init(unsigned lo |
58c5fc13 MT |
16833 | int use_pse = page_size_mask == (1<<PG_LEVEL_2M); |
16834 | unsigned long start_pfn, end_pfn; | |
16835 | pgd_t *pgd_base = swapper_pg_dir; | |
16836 | - int pgd_idx, pmd_idx, pte_ofs; | |
16837 | + unsigned int pgd_idx, pmd_idx, pte_ofs; | |
16838 | unsigned long pfn; | |
16839 | pgd_t *pgd; | |
16840 | + pud_t *pud; | |
16841 | pmd_t *pmd; | |
16842 | pte_t *pte; | |
16843 | unsigned pages_2m, pages_4k; | |
ae4e228f | 16844 | @@ -278,8 +279,13 @@ repeat: |
58c5fc13 MT |
16845 | pfn = start_pfn; |
16846 | pgd_idx = pgd_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET); | |
16847 | pgd = pgd_base + pgd_idx; | |
16848 | - for (; pgd_idx < PTRS_PER_PGD; pgd++, pgd_idx++) { | |
16849 | - pmd = one_md_table_init(pgd); | |
16850 | + for (; pgd_idx < PTRS_PER_PGD && pfn < max_low_pfn; pgd++, pgd_idx++) { | |
16851 | + pud = pud_offset(pgd, 0); | |
16852 | + pmd = pmd_offset(pud, 0); | |
16853 | + | |
16854 | +#ifdef CONFIG_X86_PAE | |
16855 | + paravirt_alloc_pmd(&init_mm, __pa(pmd) >> PAGE_SHIFT); | |
16856 | +#endif | |
16857 | ||
16858 | if (pfn >= end_pfn) | |
16859 | continue; | |
ae4e228f | 16860 | @@ -291,14 +297,13 @@ repeat: |
58c5fc13 MT |
16861 | #endif |
16862 | for (; pmd_idx < PTRS_PER_PMD && pfn < end_pfn; | |
16863 | pmd++, pmd_idx++) { | |
16864 | - unsigned int addr = pfn * PAGE_SIZE + PAGE_OFFSET; | |
16865 | + unsigned long address = pfn * PAGE_SIZE + PAGE_OFFSET; | |
16866 | ||
16867 | /* | |
16868 | * Map with big pages if possible, otherwise | |
16869 | * create normal page tables: | |
16870 | */ | |
16871 | if (use_pse) { | |
16872 | - unsigned int addr2; | |
16873 | pgprot_t prot = PAGE_KERNEL_LARGE; | |
16874 | /* | |
16875 | * first pass will use the same initial | |
ae4e228f | 16876 | @@ -308,11 +313,7 @@ repeat: |
58c5fc13 MT |
16877 | __pgprot(PTE_IDENT_ATTR | |
16878 | _PAGE_PSE); | |
16879 | ||
16880 | - addr2 = (pfn + PTRS_PER_PTE-1) * PAGE_SIZE + | |
16881 | - PAGE_OFFSET + PAGE_SIZE-1; | |
16882 | - | |
16883 | - if (is_kernel_text(addr) || | |
16884 | - is_kernel_text(addr2)) | |
16885 | + if (is_kernel_text(address, address + PMD_SIZE)) | |
16886 | prot = PAGE_KERNEL_LARGE_EXEC; | |
16887 | ||
16888 | pages_2m++; | |
ae4e228f | 16889 | @@ -329,7 +330,7 @@ repeat: |
58c5fc13 MT |
16890 | pte_ofs = pte_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET); |
16891 | pte += pte_ofs; | |
16892 | for (; pte_ofs < PTRS_PER_PTE && pfn < end_pfn; | |
16893 | - pte++, pfn++, pte_ofs++, addr += PAGE_SIZE) { | |
16894 | + pte++, pfn++, pte_ofs++, address += PAGE_SIZE) { | |
16895 | pgprot_t prot = PAGE_KERNEL; | |
16896 | /* | |
16897 | * first pass will use the same initial | |
ae4e228f | 16898 | @@ -337,7 +338,7 @@ repeat: |
58c5fc13 MT |
16899 | */ |
16900 | pgprot_t init_prot = __pgprot(PTE_IDENT_ATTR); | |
16901 | ||
16902 | - if (is_kernel_text(addr)) | |
16903 | + if (is_kernel_text(address, address + PAGE_SIZE)) | |
16904 | prot = PAGE_KERNEL_EXEC; | |
16905 | ||
16906 | pages_4k++; | |
ae4e228f | 16907 | @@ -489,7 +490,7 @@ void __init native_pagetable_setup_start |
58c5fc13 MT |
16908 | |
16909 | pud = pud_offset(pgd, va); | |
16910 | pmd = pmd_offset(pud, va); | |
16911 | - if (!pmd_present(*pmd)) | |
16912 | + if (!pmd_present(*pmd) || pmd_huge(*pmd)) | |
16913 | break; | |
16914 | ||
16915 | pte = pte_offset_kernel(pmd, va); | |
ae4e228f | 16916 | @@ -541,9 +542,7 @@ void __init early_ioremap_page_table_ran |
58c5fc13 MT |
16917 | |
16918 | static void __init pagetable_init(void) | |
16919 | { | |
16920 | - pgd_t *pgd_base = swapper_pg_dir; | |
16921 | - | |
16922 | - permanent_kmaps_init(pgd_base); | |
16923 | + permanent_kmaps_init(swapper_pg_dir); | |
16924 | } | |
16925 | ||
16926 | #ifdef CONFIG_ACPI_SLEEP | |
ae4e228f | 16927 | @@ -551,12 +550,12 @@ static void __init pagetable_init(void) |
58c5fc13 MT |
16928 | * ACPI suspend needs this for resume, because things like the intel-agp |
16929 | * driver might have split up a kernel 4MB mapping. | |
16930 | */ | |
16931 | -char swsusp_pg_dir[PAGE_SIZE] | |
16932 | +pgd_t swsusp_pg_dir[PTRS_PER_PGD] | |
16933 | __attribute__ ((aligned(PAGE_SIZE))); | |
16934 | ||
16935 | static inline void save_pg_dir(void) | |
16936 | { | |
16937 | - memcpy(swsusp_pg_dir, swapper_pg_dir, PAGE_SIZE); | |
16938 | + clone_pgd_range(swsusp_pg_dir, swapper_pg_dir, PTRS_PER_PGD); | |
16939 | } | |
16940 | #else /* !CONFIG_ACPI_SLEEP */ | |
16941 | static inline void save_pg_dir(void) | |
ae4e228f | 16942 | @@ -588,7 +587,7 @@ void zap_low_mappings(bool early) |
58c5fc13 MT |
16943 | flush_tlb_all(); |
16944 | } | |
16945 | ||
16946 | -pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL | _PAGE_IOMAP); | |
16947 | +pteval_t __supported_pte_mask __read_only = ~(_PAGE_NX | _PAGE_GLOBAL | _PAGE_IOMAP); | |
16948 | EXPORT_SYMBOL_GPL(__supported_pte_mask); | |
16949 | ||
16950 | /* user-defined highmem size */ | |
ae4e228f MT |
16951 | @@ -777,7 +776,7 @@ void __init setup_bootmem_allocator(void |
16952 | * Initialize the boot-time allocator (with low memory only): | |
16953 | */ | |
16954 | bootmap_size = bootmem_bootmap_pages(max_low_pfn)<<PAGE_SHIFT; | |
16955 | - bootmap = find_e820_area(0, max_pfn_mapped<<PAGE_SHIFT, bootmap_size, | |
16956 | + bootmap = find_e820_area(0x100000, max_pfn_mapped<<PAGE_SHIFT, bootmap_size, | |
16957 | PAGE_SIZE); | |
16958 | if (bootmap == -1L) | |
16959 | panic("Cannot find bootmem map of size %ld\n", bootmap_size); | |
16960 | @@ -881,7 +880,7 @@ void __init mem_init(void) | |
58c5fc13 MT |
16961 | set_highmem_pages_init(); |
16962 | ||
16963 | codesize = (unsigned long) &_etext - (unsigned long) &_text; | |
16964 | - datasize = (unsigned long) &_edata - (unsigned long) &_etext; | |
16965 | + datasize = (unsigned long) &_edata - (unsigned long) &_sdata; | |
16966 | initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin; | |
16967 | ||
ae4e228f MT |
16968 | printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, " |
16969 | @@ -922,10 +921,10 @@ void __init mem_init(void) | |
58c5fc13 MT |
16970 | ((unsigned long)&__init_end - |
16971 | (unsigned long)&__init_begin) >> 10, | |
16972 | ||
16973 | - (unsigned long)&_etext, (unsigned long)&_edata, | |
16974 | - ((unsigned long)&_edata - (unsigned long)&_etext) >> 10, | |
16975 | + (unsigned long)&_sdata, (unsigned long)&_edata, | |
16976 | + ((unsigned long)&_edata - (unsigned long)&_sdata) >> 10, | |
16977 | ||
16978 | - (unsigned long)&_text, (unsigned long)&_etext, | |
16979 | + ktla_ktva((unsigned long)&_text), ktla_ktva((unsigned long)&_etext), | |
16980 | ((unsigned long)&_etext - (unsigned long)&_text) >> 10); | |
16981 | ||
16982 | /* | |
ae4e228f MT |
16983 | @@ -1006,6 +1005,7 @@ void set_kernel_text_rw(void) |
16984 | if (!kernel_set_to_readonly) | |
16985 | return; | |
58c5fc13 | 16986 | |
ae4e228f MT |
16987 | + start = ktla_ktva(start); |
16988 | pr_debug("Set kernel text: %lx - %lx for read write\n", | |
16989 | start, start+size); | |
16990 | ||
16991 | @@ -1020,6 +1020,7 @@ void set_kernel_text_ro(void) | |
16992 | if (!kernel_set_to_readonly) | |
16993 | return; | |
16994 | ||
16995 | + start = ktla_ktva(start); | |
16996 | pr_debug("Set kernel text: %lx - %lx for read only\n", | |
16997 | start, start+size); | |
16998 | ||
16999 | @@ -1031,6 +1032,7 @@ void mark_rodata_ro(void) | |
17000 | unsigned long start = PFN_ALIGN(_text); | |
17001 | unsigned long size = PFN_ALIGN(_etext) - start; | |
17002 | ||
17003 | + start = ktla_ktva(start); | |
17004 | set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT); | |
17005 | printk(KERN_INFO "Write protecting the kernel text: %luk\n", | |
17006 | size >> 10); | |
17007 | diff -urNp linux-2.6.33.1/arch/x86/mm/init_64.c linux-2.6.33.1/arch/x86/mm/init_64.c | |
17008 | --- linux-2.6.33.1/arch/x86/mm/init_64.c 2010-03-15 12:09:39.000000000 -0400 | |
17009 | +++ linux-2.6.33.1/arch/x86/mm/init_64.c 2010-03-20 16:58:39.032549699 -0400 | |
17010 | @@ -73,7 +73,7 @@ early_param("gbpages", parse_direct_gbpa | |
17011 | * around without checking the pgd every time. | |
17012 | */ | |
17013 | ||
17014 | -pteval_t __supported_pte_mask __read_mostly = ~_PAGE_IOMAP; | |
17015 | +pteval_t __supported_pte_mask __read_only = ~(_PAGE_NX | _PAGE_IOMAP); | |
17016 | EXPORT_SYMBOL_GPL(__supported_pte_mask); | |
17017 | ||
17018 | int force_personality32; | |
17019 | @@ -164,7 +164,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, | |
58c5fc13 MT |
17020 | pmd = fill_pmd(pud, vaddr); |
17021 | pte = fill_pte(pmd, vaddr); | |
17022 | ||
ae4e228f | 17023 | + pax_open_kernel(); |
58c5fc13 | 17024 | set_pte(pte, new_pte); |
ae4e228f | 17025 | + pax_close_kernel(); |
58c5fc13 | 17026 | |
58c5fc13 MT |
17027 | /* |
17028 | * It's enough to flush this one mapping. | |
ae4e228f | 17029 | @@ -223,14 +225,12 @@ static void __init __init_extra_mapping( |
58c5fc13 MT |
17030 | pgd = pgd_offset_k((unsigned long)__va(phys)); |
17031 | if (pgd_none(*pgd)) { | |
17032 | pud = (pud_t *) spp_getpage(); | |
17033 | - set_pgd(pgd, __pgd(__pa(pud) | _KERNPG_TABLE | | |
17034 | - _PAGE_USER)); | |
17035 | + set_pgd(pgd, __pgd(__pa(pud) | _PAGE_TABLE)); | |
17036 | } | |
17037 | pud = pud_offset(pgd, (unsigned long)__va(phys)); | |
17038 | if (pud_none(*pud)) { | |
17039 | pmd = (pmd_t *) spp_getpage(); | |
17040 | - set_pud(pud, __pud(__pa(pmd) | _KERNPG_TABLE | | |
17041 | - _PAGE_USER)); | |
17042 | + set_pud(pud, __pud(__pa(pmd) | _PAGE_TABLE)); | |
17043 | } | |
17044 | pmd = pmd_offset(pud, phys); | |
17045 | BUG_ON(!pmd_none(*pmd)); | |
ae4e228f | 17046 | @@ -882,8 +882,8 @@ int kern_addr_valid(unsigned long addr) |
58c5fc13 MT |
17047 | static struct vm_area_struct gate_vma = { |
17048 | .vm_start = VSYSCALL_START, | |
17049 | .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), | |
17050 | - .vm_page_prot = PAGE_READONLY_EXEC, | |
17051 | - .vm_flags = VM_READ | VM_EXEC | |
17052 | + .vm_page_prot = PAGE_READONLY, | |
17053 | + .vm_flags = VM_READ | |
17054 | }; | |
17055 | ||
17056 | struct vm_area_struct *get_gate_vma(struct task_struct *tsk) | |
ae4e228f | 17057 | @@ -917,7 +917,7 @@ int in_gate_area_no_task(unsigned long a |
58c5fc13 MT |
17058 | |
17059 | const char *arch_vma_name(struct vm_area_struct *vma) | |
17060 | { | |
17061 | - if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso) | |
17062 | + if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso) | |
17063 | return "[vdso]"; | |
17064 | if (vma == &gate_vma) | |
17065 | return "[vsyscall]"; | |
ae4e228f MT |
17066 | diff -urNp linux-2.6.33.1/arch/x86/mm/init.c linux-2.6.33.1/arch/x86/mm/init.c |
17067 | --- linux-2.6.33.1/arch/x86/mm/init.c 2010-03-15 12:09:39.000000000 -0400 | |
17068 | +++ linux-2.6.33.1/arch/x86/mm/init.c 2010-03-20 16:58:39.036535097 -0400 | |
17069 | @@ -69,11 +69,7 @@ static void __init find_early_table_spac | |
17070 | * cause a hotspot and fill up ZONE_DMA. The page tables | |
17071 | * need roughly 0.5KB per GB. | |
17072 | */ | |
17073 | -#ifdef CONFIG_X86_32 | |
17074 | - start = 0x7000; | |
17075 | -#else | |
17076 | - start = 0x8000; | |
17077 | -#endif | |
17078 | + start = 0x100000; | |
17079 | e820_table_start = find_e820_area(start, max_pfn_mapped<<PAGE_SHIFT, | |
17080 | tables, PAGE_SIZE); | |
17081 | if (e820_table_start == -1UL) | |
17082 | @@ -327,7 +323,13 @@ unsigned long __init_refok init_memory_m | |
58c5fc13 MT |
17083 | */ |
17084 | int devmem_is_allowed(unsigned long pagenr) | |
17085 | { | |
17086 | - if (pagenr <= 256) | |
17087 | + if (!pagenr) | |
17088 | + return 1; | |
17089 | +#ifdef CONFIG_VM86 | |
17090 | + if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT)) | |
17091 | + return 1; | |
17092 | +#endif | |
17093 | + if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT)) | |
17094 | return 1; | |
17095 | if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) | |
17096 | return 0; | |
ae4e228f | 17097 | @@ -375,6 +377,87 @@ void free_init_pages(char *what, unsigne |
58c5fc13 MT |
17098 | |
17099 | void free_initmem(void) | |
17100 | { | |
17101 | + | |
17102 | +#ifdef CONFIG_PAX_KERNEXEC | |
17103 | + pgd_t *pgd; | |
17104 | + pud_t *pud; | |
17105 | + pmd_t *pmd; | |
17106 | + | |
17107 | +#ifdef CONFIG_X86_32 | |
17108 | + /* PaX: limit KERNEL_CS to actual size */ | |
17109 | + unsigned long addr, limit; | |
17110 | + struct desc_struct d; | |
17111 | + int cpu; | |
17112 | + | |
ae4e228f | 17113 | + limit = paravirt_enabled() ? ktva_ktla(0xffffffff) : (unsigned long)&_etext; |
58c5fc13 MT |
17114 | + limit = (limit - 1UL) >> PAGE_SHIFT; |
17115 | + | |
17116 | + memset(__LOAD_PHYSICAL_ADDR + PAGE_OFFSET, POISON_FREE_INITMEM, PAGE_SIZE); | |
17117 | + for (cpu = 0; cpu < NR_CPUS; cpu++) { | |
17118 | + pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC); | |
17119 | + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S); | |
17120 | + } | |
17121 | + | |
17122 | + /* PaX: make KERNEL_CS read-only */ | |
ae4e228f MT |
17123 | + addr = PFN_ALIGN(ktla_ktva((unsigned long)&_text)); |
17124 | + if (!paravirt_enabled()) | |
17125 | + set_memory_ro(addr, (PFN_ALIGN(_sdata) - addr) >> PAGE_SHIFT); | |
17126 | +/* | |
17127 | + for (addr = ktla_ktva((unsigned long)&_text); addr < (unsigned long)&_sdata; addr += PMD_SIZE) { | |
17128 | + pgd = pgd_offset_k(addr); | |
17129 | + pud = pud_offset(pgd, addr); | |
17130 | + pmd = pmd_offset(pud, addr); | |
17131 | + set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW)); | |
17132 | + } | |
17133 | +*/ | |
58c5fc13 | 17134 | +#ifdef CONFIG_X86_PAE |
ae4e228f | 17135 | + set_memory_nx(PFN_ALIGN(__init_begin), (PFN_ALIGN(__init_end) - PFN_ALIGN(__init_begin)) >> PAGE_SHIFT); |
58c5fc13 MT |
17136 | + for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) { |
17137 | + pgd = pgd_offset_k(addr); | |
17138 | + pud = pud_offset(pgd, addr); | |
17139 | + pmd = pmd_offset(pud, addr); | |
17140 | + set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask))); | |
17141 | + } | |
17142 | +#endif | |
ae4e228f MT |
17143 | + |
17144 | +#ifdef CONFIG_MODULES | |
17145 | + set_memory_4k((unsigned long)MODULES_EXEC_VADDR, (MODULES_EXEC_END - MODULES_EXEC_VADDR) >> PAGE_SHIFT); | |
17146 | +#endif | |
17147 | + | |
58c5fc13 MT |
17148 | +#else |
17149 | + unsigned long addr, end; | |
17150 | + | |
17151 | + /* PaX: make kernel code/rodata read-only, rest non-executable */ | |
17152 | + for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) { | |
17153 | + pgd = pgd_offset_k(addr); | |
17154 | + pud = pud_offset(pgd, addr); | |
17155 | + pmd = pmd_offset(pud, addr); | |
ae4e228f MT |
17156 | + if (!pmd_present(*pmd)) |
17157 | + continue; | |
58c5fc13 MT |
17158 | + if ((unsigned long)_text <= addr && addr < (unsigned long)_sdata) |
17159 | + set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW)); | |
17160 | + else | |
17161 | + set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask))); | |
17162 | + } | |
17163 | + | |
17164 | + addr = (unsigned long)__va(__pa(__START_KERNEL_map)); | |
17165 | + end = addr + KERNEL_IMAGE_SIZE; | |
17166 | + for (; addr < end; addr += PMD_SIZE) { | |
17167 | + pgd = pgd_offset_k(addr); | |
17168 | + pud = pud_offset(pgd, addr); | |
17169 | + pmd = pmd_offset(pud, addr); | |
ae4e228f MT |
17170 | + if (!pmd_present(*pmd)) |
17171 | + continue; | |
58c5fc13 MT |
17172 | + if ((unsigned long)__va(__pa(_text)) <= addr && addr < (unsigned long)__va(__pa(_sdata))) |
17173 | + set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW)); | |
17174 | + else | |
17175 | + set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask))); | |
17176 | + } | |
17177 | +#endif | |
17178 | + | |
17179 | + flush_tlb_all(); | |
17180 | +#endif | |
17181 | + | |
17182 | free_init_pages("unused kernel memory", | |
17183 | (unsigned long)(&__init_begin), | |
17184 | (unsigned long)(&__init_end)); | |
ae4e228f MT |
17185 | diff -urNp linux-2.6.33.1/arch/x86/mm/iomap_32.c linux-2.6.33.1/arch/x86/mm/iomap_32.c |
17186 | --- linux-2.6.33.1/arch/x86/mm/iomap_32.c 2010-03-15 12:09:39.000000000 -0400 | |
17187 | +++ linux-2.6.33.1/arch/x86/mm/iomap_32.c 2010-03-20 16:58:39.036535097 -0400 | |
17188 | @@ -65,7 +65,11 @@ void *kmap_atomic_prot_pfn(unsigned long | |
58c5fc13 MT |
17189 | debug_kmap_atomic(type); |
17190 | idx = type + KM_TYPE_NR * smp_processor_id(); | |
17191 | vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx); | |
17192 | + | |
ae4e228f | 17193 | + pax_open_kernel(); |
58c5fc13 | 17194 | set_pte(kmap_pte - idx, pfn_pte(pfn, prot)); |
ae4e228f | 17195 | + pax_close_kernel(); |
58c5fc13 MT |
17196 | + |
17197 | arch_flush_lazy_mmu_mode(); | |
17198 | ||
17199 | return (void *)vaddr; | |
ae4e228f MT |
17200 | diff -urNp linux-2.6.33.1/arch/x86/mm/ioremap.c linux-2.6.33.1/arch/x86/mm/ioremap.c |
17201 | --- linux-2.6.33.1/arch/x86/mm/ioremap.c 2010-03-15 12:09:39.000000000 -0400 | |
17202 | +++ linux-2.6.33.1/arch/x86/mm/ioremap.c 2010-03-20 16:58:39.036535097 -0400 | |
17203 | @@ -41,8 +41,8 @@ int page_is_ram(unsigned long pagenr) | |
58c5fc13 MT |
17204 | * Second special case: Some BIOSen report the PC BIOS |
17205 | * area (640->1Mb) as ram even though it is not. | |
17206 | */ | |
17207 | - if (pagenr >= (BIOS_BEGIN >> PAGE_SHIFT) && | |
17208 | - pagenr < (BIOS_END >> PAGE_SHIFT)) | |
17209 | + if (pagenr >= (ISA_START_ADDRESS >> PAGE_SHIFT) && | |
17210 | + pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT)) | |
17211 | return 0; | |
17212 | ||
17213 | for (i = 0; i < e820.nr_map; i++) { | |
ae4e228f | 17214 | @@ -137,13 +137,10 @@ static void __iomem *__ioremap_caller(re |
58c5fc13 MT |
17215 | /* |
17216 | * Don't allow anybody to remap normal RAM that we're using.. | |
17217 | */ | |
17218 | - for (pfn = phys_addr >> PAGE_SHIFT; | |
17219 | - (pfn << PAGE_SHIFT) < (last_addr & PAGE_MASK); | |
17220 | - pfn++) { | |
17221 | - | |
17222 | + for (pfn = phys_addr >> PAGE_SHIFT; ((resource_size_t)pfn << PAGE_SHIFT) < (last_addr & PAGE_MASK); pfn++) { | |
17223 | int is_ram = page_is_ram(pfn); | |
17224 | ||
ae4e228f MT |
17225 | - if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn))) |
17226 | + if (is_ram && pfn_valid(pfn) && (pfn >= 0x100 || !PageReserved(pfn_to_page(pfn)))) | |
17227 | return NULL; | |
17228 | WARN_ON_ONCE(is_ram); | |
58c5fc13 | 17229 | } |
ae4e228f | 17230 | @@ -383,7 +380,7 @@ static int __init early_ioremap_debug_se |
58c5fc13 MT |
17231 | early_param("early_ioremap_debug", early_ioremap_debug_setup); |
17232 | ||
17233 | static __initdata int after_paging_init; | |
17234 | -static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __page_aligned_bss; | |
17235 | +static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __read_only __aligned(PAGE_SIZE); | |
17236 | ||
17237 | static inline pmd_t * __init early_ioremap_pmd(unsigned long addr) | |
17238 | { | |
ae4e228f | 17239 | @@ -415,8 +412,7 @@ void __init early_ioremap_init(void) |
58c5fc13 MT |
17240 | slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i); |
17241 | ||
17242 | pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN)); | |
17243 | - memset(bm_pte, 0, sizeof(bm_pte)); | |
17244 | - pmd_populate_kernel(&init_mm, pmd, bm_pte); | |
17245 | + pmd_populate_user(&init_mm, pmd, bm_pte); | |
17246 | ||
17247 | /* | |
17248 | * The boot-ioremap range spans multiple pmds, for which | |
ae4e228f MT |
17249 | diff -urNp linux-2.6.33.1/arch/x86/mm/kmemcheck/kmemcheck.c linux-2.6.33.1/arch/x86/mm/kmemcheck/kmemcheck.c |
17250 | --- linux-2.6.33.1/arch/x86/mm/kmemcheck/kmemcheck.c 2010-03-15 12:09:39.000000000 -0400 | |
17251 | +++ linux-2.6.33.1/arch/x86/mm/kmemcheck/kmemcheck.c 2010-03-20 16:58:39.036535097 -0400 | |
17252 | @@ -622,9 +622,9 @@ bool kmemcheck_fault(struct pt_regs *reg | |
17253 | * memory (e.g. tracked pages)? For now, we need this to avoid | |
17254 | * invoking kmemcheck for PnP BIOS calls. | |
17255 | */ | |
17256 | - if (regs->flags & X86_VM_MASK) | |
17257 | + if (v8086_mode(regs)) | |
17258 | return false; | |
17259 | - if (regs->cs != __KERNEL_CS) | |
17260 | + if (regs->cs != __KERNEL_CS && regs->cs != __KERNEXEC_KERNEL_CS) | |
17261 | return false; | |
17262 | ||
17263 | pte = kmemcheck_pte_lookup(address); | |
17264 | diff -urNp linux-2.6.33.1/arch/x86/mm/mmap.c linux-2.6.33.1/arch/x86/mm/mmap.c | |
17265 | --- linux-2.6.33.1/arch/x86/mm/mmap.c 2010-03-15 12:09:39.000000000 -0400 | |
17266 | +++ linux-2.6.33.1/arch/x86/mm/mmap.c 2010-03-20 16:58:39.036535097 -0400 | |
17267 | @@ -49,7 +49,7 @@ static unsigned int stack_maxrandom_size | |
17268 | * Leave an at least ~128 MB hole with possible stack randomization. | |
58c5fc13 | 17269 | */ |
ae4e228f | 17270 | #define MIN_GAP (128*1024*1024UL + stack_maxrandom_size()) |
58c5fc13 MT |
17271 | -#define MAX_GAP (TASK_SIZE/6*5) |
17272 | +#define MAX_GAP (pax_task_size/6*5) | |
17273 | ||
17274 | /* | |
17275 | * True on X86_32 or when emulating IA32 on X86_64 | |
ae4e228f | 17276 | @@ -94,27 +94,40 @@ static unsigned long mmap_rnd(void) |
58c5fc13 MT |
17277 | return rnd << PAGE_SHIFT; |
17278 | } | |
17279 | ||
17280 | -static unsigned long mmap_base(void) | |
17281 | +static unsigned long mmap_base(struct mm_struct *mm) | |
17282 | { | |
17283 | unsigned long gap = current->signal->rlim[RLIMIT_STACK].rlim_cur; | |
17284 | + unsigned long pax_task_size = TASK_SIZE; | |
17285 | + | |
17286 | +#ifdef CONFIG_PAX_SEGMEXEC | |
17287 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
17288 | + pax_task_size = SEGMEXEC_TASK_SIZE; | |
17289 | +#endif | |
17290 | ||
17291 | if (gap < MIN_GAP) | |
17292 | gap = MIN_GAP; | |
17293 | else if (gap > MAX_GAP) | |
17294 | gap = MAX_GAP; | |
17295 | ||
17296 | - return PAGE_ALIGN(TASK_SIZE - gap - mmap_rnd()); | |
17297 | + return PAGE_ALIGN(pax_task_size - gap - mmap_rnd()); | |
17298 | } | |
17299 | ||
17300 | /* | |
17301 | * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64 | |
17302 | * does, but not when emulating X86_32 | |
17303 | */ | |
17304 | -static unsigned long mmap_legacy_base(void) | |
17305 | +static unsigned long mmap_legacy_base(struct mm_struct *mm) | |
17306 | { | |
17307 | - if (mmap_is_ia32()) | |
17308 | + if (mmap_is_ia32()) { | |
17309 | + | |
17310 | +#ifdef CONFIG_PAX_SEGMEXEC | |
17311 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
17312 | + return SEGMEXEC_TASK_UNMAPPED_BASE; | |
17313 | + else | |
17314 | +#endif | |
17315 | + | |
17316 | return TASK_UNMAPPED_BASE; | |
17317 | - else | |
17318 | + } else | |
17319 | return TASK_UNMAPPED_BASE + mmap_rnd(); | |
17320 | } | |
17321 | ||
ae4e228f | 17322 | @@ -125,11 +138,23 @@ static unsigned long mmap_legacy_base(vo |
58c5fc13 MT |
17323 | void arch_pick_mmap_layout(struct mm_struct *mm) |
17324 | { | |
17325 | if (mmap_is_legacy()) { | |
17326 | - mm->mmap_base = mmap_legacy_base(); | |
17327 | + mm->mmap_base = mmap_legacy_base(mm); | |
17328 | + | |
17329 | +#ifdef CONFIG_PAX_RANDMMAP | |
17330 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
17331 | + mm->mmap_base += mm->delta_mmap; | |
17332 | +#endif | |
17333 | + | |
17334 | mm->get_unmapped_area = arch_get_unmapped_area; | |
17335 | mm->unmap_area = arch_unmap_area; | |
17336 | } else { | |
17337 | - mm->mmap_base = mmap_base(); | |
17338 | + mm->mmap_base = mmap_base(mm); | |
17339 | + | |
17340 | +#ifdef CONFIG_PAX_RANDMMAP | |
17341 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
17342 | + mm->mmap_base -= mm->delta_mmap + mm->delta_stack; | |
17343 | +#endif | |
17344 | + | |
17345 | mm->get_unmapped_area = arch_get_unmapped_area_topdown; | |
17346 | mm->unmap_area = arch_unmap_area_topdown; | |
17347 | } | |
ae4e228f MT |
17348 | diff -urNp linux-2.6.33.1/arch/x86/mm/numa_32.c linux-2.6.33.1/arch/x86/mm/numa_32.c |
17349 | --- linux-2.6.33.1/arch/x86/mm/numa_32.c 2010-03-15 12:09:39.000000000 -0400 | |
17350 | +++ linux-2.6.33.1/arch/x86/mm/numa_32.c 2010-03-20 16:58:39.036535097 -0400 | |
58c5fc13 MT |
17351 | @@ -98,7 +98,6 @@ unsigned long node_memmap_size_bytes(int |
17352 | } | |
17353 | #endif | |
17354 | ||
17355 | -extern unsigned long find_max_low_pfn(void); | |
17356 | extern unsigned long highend_pfn, highstart_pfn; | |
17357 | ||
17358 | #define LARGE_PAGE_BYTES (PTRS_PER_PTE * PAGE_SIZE) | |
ae4e228f MT |
17359 | diff -urNp linux-2.6.33.1/arch/x86/mm/pageattr.c linux-2.6.33.1/arch/x86/mm/pageattr.c |
17360 | --- linux-2.6.33.1/arch/x86/mm/pageattr.c 2010-03-15 12:09:39.000000000 -0400 | |
17361 | +++ linux-2.6.33.1/arch/x86/mm/pageattr.c 2010-03-20 16:58:39.036535097 -0400 | |
17362 | @@ -268,9 +268,10 @@ static inline pgprot_t static_protection | |
58c5fc13 MT |
17363 | * Does not cover __inittext since that is gone later on. On |
17364 | * 64bit we do not enforce !NX on the low mapping | |
17365 | */ | |
17366 | - if (within(address, (unsigned long)_text, (unsigned long)_etext)) | |
17367 | + if (within(address, ktla_ktva((unsigned long)_text), ktla_ktva((unsigned long)_etext))) | |
17368 | pgprot_val(forbidden) |= _PAGE_NX; | |
17369 | ||
17370 | +#ifdef CONFIG_DEBUG_RODATA | |
17371 | /* | |
17372 | * The .rodata section needs to be read-only. Using the pfn | |
17373 | * catches all aliases. | |
ae4e228f | 17374 | @@ -278,6 +279,7 @@ static inline pgprot_t static_protection |
58c5fc13 MT |
17375 | if (within(pfn, __pa((unsigned long)__start_rodata) >> PAGE_SHIFT, |
17376 | __pa((unsigned long)__end_rodata) >> PAGE_SHIFT)) | |
17377 | pgprot_val(forbidden) |= _PAGE_RW; | |
17378 | +#endif | |
17379 | ||
ae4e228f MT |
17380 | #if defined(CONFIG_X86_64) && defined(CONFIG_DEBUG_RODATA) |
17381 | /* | |
17382 | @@ -347,7 +349,10 @@ EXPORT_SYMBOL_GPL(lookup_address); | |
58c5fc13 MT |
17383 | static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte) |
17384 | { | |
58c5fc13 | 17385 | /* change init_mm */ |
ae4e228f | 17386 | + pax_open_kernel(); |
58c5fc13 | 17387 | set_pte_atomic(kpte, pte); |
ae4e228f | 17388 | + pax_close_kernel(); |
58c5fc13 MT |
17389 | + |
17390 | #ifdef CONFIG_X86_32 | |
17391 | if (!SHARED_KERNEL_PMD) { | |
17392 | struct page *page; | |
ae4e228f MT |
17393 | diff -urNp linux-2.6.33.1/arch/x86/mm/pageattr-test.c linux-2.6.33.1/arch/x86/mm/pageattr-test.c |
17394 | --- linux-2.6.33.1/arch/x86/mm/pageattr-test.c 2010-03-15 12:09:39.000000000 -0400 | |
17395 | +++ linux-2.6.33.1/arch/x86/mm/pageattr-test.c 2010-03-20 16:58:39.036535097 -0400 | |
58c5fc13 MT |
17396 | @@ -36,7 +36,7 @@ enum { |
17397 | ||
17398 | static int pte_testbit(pte_t pte) | |
17399 | { | |
17400 | - return pte_flags(pte) & _PAGE_UNUSED1; | |
17401 | + return pte_flags(pte) & _PAGE_CPA_TEST; | |
17402 | } | |
17403 | ||
17404 | struct split_state { | |
ae4e228f MT |
17405 | diff -urNp linux-2.6.33.1/arch/x86/mm/pat.c linux-2.6.33.1/arch/x86/mm/pat.c |
17406 | --- linux-2.6.33.1/arch/x86/mm/pat.c 2010-03-15 12:09:39.000000000 -0400 | |
17407 | +++ linux-2.6.33.1/arch/x86/mm/pat.c 2010-03-20 16:58:39.036535097 -0400 | |
17408 | @@ -259,7 +259,7 @@ chk_conflict(struct memtype *new, struct | |
58c5fc13 MT |
17409 | |
17410 | conflict: | |
17411 | printk(KERN_INFO "%s:%d conflicting memory types " | |
17412 | - "%Lx-%Lx %s<->%s\n", current->comm, current->pid, new->start, | |
17413 | + "%Lx-%Lx %s<->%s\n", current->comm, task_pid_nr(current), new->start, | |
17414 | new->end, cattr_name(new->type), cattr_name(entry->type)); | |
17415 | return -EBUSY; | |
17416 | } | |
ae4e228f | 17417 | @@ -555,7 +555,7 @@ unlock_ret: |
58c5fc13 MT |
17418 | |
17419 | if (err) { | |
17420 | printk(KERN_INFO "%s:%d freeing invalid memtype %Lx-%Lx\n", | |
17421 | - current->comm, current->pid, start, end); | |
17422 | + current->comm, task_pid_nr(current), start, end); | |
17423 | } | |
17424 | ||
17425 | dprintk("free_memtype request 0x%Lx-0x%Lx\n", start, end); | |
ae4e228f | 17426 | @@ -750,7 +750,7 @@ int kernel_map_sync_memtype(u64 base, un |
58c5fc13 MT |
17427 | printk(KERN_INFO |
17428 | "%s:%d ioremap_change_attr failed %s " | |
17429 | "for %Lx-%Lx\n", | |
17430 | - current->comm, current->pid, | |
17431 | + current->comm, task_pid_nr(current), | |
17432 | cattr_name(flags), | |
17433 | base, (unsigned long long)(base + size)); | |
17434 | return -EINVAL; | |
ae4e228f | 17435 | @@ -808,7 +808,7 @@ static int reserve_pfn_range(u64 paddr, |
58c5fc13 MT |
17436 | free_memtype(paddr, paddr + size); |
17437 | printk(KERN_ERR "%s:%d map pfn expected mapping type %s" | |
17438 | " for %Lx-%Lx, got %s\n", | |
17439 | - current->comm, current->pid, | |
17440 | + current->comm, task_pid_nr(current), | |
17441 | cattr_name(want_flags), | |
17442 | (unsigned long long)paddr, | |
17443 | (unsigned long long)(paddr + size), | |
ae4e228f MT |
17444 | diff -urNp linux-2.6.33.1/arch/x86/mm/pgtable_32.c linux-2.6.33.1/arch/x86/mm/pgtable_32.c |
17445 | --- linux-2.6.33.1/arch/x86/mm/pgtable_32.c 2010-03-15 12:09:39.000000000 -0400 | |
17446 | +++ linux-2.6.33.1/arch/x86/mm/pgtable_32.c 2010-03-20 16:58:39.036535097 -0400 | |
17447 | @@ -49,10 +49,13 @@ void set_pte_vaddr(unsigned long vaddr, | |
58c5fc13 MT |
17448 | return; |
17449 | } | |
17450 | pte = pte_offset_kernel(pmd, vaddr); | |
17451 | + | |
ae4e228f | 17452 | + pax_open_kernel(); |
58c5fc13 MT |
17453 | if (pte_val(pteval)) |
17454 | set_pte_at(&init_mm, vaddr, pte, pteval); | |
17455 | else | |
17456 | pte_clear(&init_mm, vaddr, pte); | |
ae4e228f | 17457 | + pax_close_kernel(); |
58c5fc13 | 17458 | |
58c5fc13 MT |
17459 | /* |
17460 | * It's enough to flush this one mapping. | |
ae4e228f MT |
17461 | diff -urNp linux-2.6.33.1/arch/x86/mm/tlb.c linux-2.6.33.1/arch/x86/mm/tlb.c |
17462 | --- linux-2.6.33.1/arch/x86/mm/tlb.c 2010-03-15 12:09:39.000000000 -0400 | |
17463 | +++ linux-2.6.33.1/arch/x86/mm/tlb.c 2010-03-20 16:58:39.036535097 -0400 | |
17464 | @@ -13,7 +13,7 @@ | |
58c5fc13 MT |
17465 | #include <asm/uv/uv.h> |
17466 | ||
17467 | DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate) | |
17468 | - = { &init_mm, 0, }; | |
17469 | + = { &init_mm, 0 }; | |
17470 | ||
17471 | /* | |
17472 | * Smarter SMP flushing macros. | |
ae4e228f MT |
17473 | diff -urNp linux-2.6.33.1/arch/x86/oprofile/backtrace.c linux-2.6.33.1/arch/x86/oprofile/backtrace.c |
17474 | --- linux-2.6.33.1/arch/x86/oprofile/backtrace.c 2010-03-15 12:09:39.000000000 -0400 | |
17475 | +++ linux-2.6.33.1/arch/x86/oprofile/backtrace.c 2010-03-20 17:06:47.204705877 -0400 | |
17476 | @@ -58,7 +58,7 @@ static struct frame_head *dump_user_back | |
17477 | struct frame_head bufhead[2]; | |
17478 | ||
17479 | /* Also check accessibility of one struct frame_head beyond */ | |
17480 | - if (!access_ok(VERIFY_READ, head, sizeof(bufhead))) | |
17481 | + if (!__access_ok(VERIFY_READ, head, sizeof(bufhead))) | |
17482 | return NULL; | |
17483 | if (__copy_from_user_inatomic(bufhead, head, sizeof(bufhead))) | |
17484 | return NULL; | |
17485 | @@ -78,7 +78,7 @@ x86_backtrace(struct pt_regs * const reg | |
58c5fc13 MT |
17486 | { |
17487 | struct frame_head *head = (struct frame_head *)frame_pointer(regs); | |
17488 | ||
17489 | - if (!user_mode_vm(regs)) { | |
17490 | + if (!user_mode(regs)) { | |
17491 | unsigned long stack = kernel_stack_pointer(regs); | |
17492 | if (depth) | |
17493 | dump_trace(NULL, regs, (unsigned long *)stack, 0, | |
ae4e228f MT |
17494 | diff -urNp linux-2.6.33.1/arch/x86/oprofile/op_model_p4.c linux-2.6.33.1/arch/x86/oprofile/op_model_p4.c |
17495 | --- linux-2.6.33.1/arch/x86/oprofile/op_model_p4.c 2010-03-15 12:09:39.000000000 -0400 | |
17496 | +++ linux-2.6.33.1/arch/x86/oprofile/op_model_p4.c 2010-03-20 16:58:39.036535097 -0400 | |
17497 | @@ -50,7 +50,7 @@ static inline void setup_num_counters(vo | |
58c5fc13 MT |
17498 | #endif |
17499 | } | |
17500 | ||
17501 | -static int inline addr_increment(void) | |
17502 | +static inline int addr_increment(void) | |
17503 | { | |
17504 | #ifdef CONFIG_SMP | |
17505 | return smp_num_siblings == 2 ? 2 : 1; | |
ae4e228f MT |
17506 | diff -urNp linux-2.6.33.1/arch/x86/pci/common.c linux-2.6.33.1/arch/x86/pci/common.c |
17507 | --- linux-2.6.33.1/arch/x86/pci/common.c 2010-03-15 12:09:39.000000000 -0400 | |
17508 | +++ linux-2.6.33.1/arch/x86/pci/common.c 2010-03-20 16:58:39.036535097 -0400 | |
17509 | @@ -31,8 +31,8 @@ int noioapicreroute = 1; | |
17510 | int pcibios_last_bus = -1; | |
17511 | unsigned long pirq_table_addr; | |
17512 | struct pci_bus *pci_root_bus; | |
17513 | -struct pci_raw_ops *raw_pci_ops; | |
17514 | -struct pci_raw_ops *raw_pci_ext_ops; | |
17515 | +const struct pci_raw_ops *raw_pci_ops; | |
17516 | +const struct pci_raw_ops *raw_pci_ext_ops; | |
17517 | ||
17518 | int raw_pci_read(unsigned int domain, unsigned int bus, unsigned int devfn, | |
17519 | int reg, int len, u32 *val) | |
58c5fc13 MT |
17520 | @@ -370,7 +370,7 @@ static const struct dmi_system_id __devi |
17521 | DMI_MATCH(DMI_PRODUCT_NAME, "ProLiant DL585 G2"), | |
17522 | }, | |
17523 | }, | |
17524 | - {} | |
17525 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL} | |
17526 | }; | |
17527 | ||
17528 | void __init dmi_check_pciprobe(void) | |
ae4e228f MT |
17529 | diff -urNp linux-2.6.33.1/arch/x86/pci/direct.c linux-2.6.33.1/arch/x86/pci/direct.c |
17530 | --- linux-2.6.33.1/arch/x86/pci/direct.c 2010-03-15 12:09:39.000000000 -0400 | |
17531 | +++ linux-2.6.33.1/arch/x86/pci/direct.c 2010-03-20 16:58:39.040721575 -0400 | |
17532 | @@ -79,7 +79,7 @@ static int pci_conf1_write(unsigned int | |
17533 | ||
17534 | #undef PCI_CONF1_ADDRESS | |
17535 | ||
17536 | -struct pci_raw_ops pci_direct_conf1 = { | |
17537 | +const struct pci_raw_ops pci_direct_conf1 = { | |
17538 | .read = pci_conf1_read, | |
17539 | .write = pci_conf1_write, | |
17540 | }; | |
17541 | @@ -173,7 +173,7 @@ static int pci_conf2_write(unsigned int | |
17542 | ||
17543 | #undef PCI_CONF2_ADDRESS | |
17544 | ||
17545 | -struct pci_raw_ops pci_direct_conf2 = { | |
17546 | +const struct pci_raw_ops pci_direct_conf2 = { | |
17547 | .read = pci_conf2_read, | |
17548 | .write = pci_conf2_write, | |
17549 | }; | |
17550 | @@ -189,7 +189,7 @@ struct pci_raw_ops pci_direct_conf2 = { | |
17551 | * This should be close to trivial, but it isn't, because there are buggy | |
17552 | * chipsets (yes, you guessed it, by Intel and Compaq) that have no class ID. | |
17553 | */ | |
17554 | -static int __init pci_sanity_check(struct pci_raw_ops *o) | |
17555 | +static int __init pci_sanity_check(const struct pci_raw_ops *o) | |
17556 | { | |
17557 | u32 x = 0; | |
17558 | int year, devfn; | |
17559 | diff -urNp linux-2.6.33.1/arch/x86/pci/fixup.c linux-2.6.33.1/arch/x86/pci/fixup.c | |
17560 | --- linux-2.6.33.1/arch/x86/pci/fixup.c 2010-03-15 12:09:39.000000000 -0400 | |
17561 | +++ linux-2.6.33.1/arch/x86/pci/fixup.c 2010-03-20 16:58:39.040721575 -0400 | |
58c5fc13 MT |
17562 | @@ -364,7 +364,7 @@ static const struct dmi_system_id __devi |
17563 | DMI_MATCH(DMI_PRODUCT_NAME, "MS-6702E"), | |
17564 | }, | |
17565 | }, | |
17566 | - {} | |
17567 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } | |
17568 | }; | |
17569 | ||
17570 | /* | |
17571 | @@ -435,7 +435,7 @@ static const struct dmi_system_id __devi | |
17572 | DMI_MATCH(DMI_PRODUCT_VERSION, "PSA40U"), | |
17573 | }, | |
17574 | }, | |
17575 | - { } | |
17576 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } | |
17577 | }; | |
17578 | ||
17579 | static void __devinit pci_pre_fixup_toshiba_ohci1394(struct pci_dev *dev) | |
ae4e228f MT |
17580 | diff -urNp linux-2.6.33.1/arch/x86/pci/irq.c linux-2.6.33.1/arch/x86/pci/irq.c |
17581 | --- linux-2.6.33.1/arch/x86/pci/irq.c 2010-03-15 12:09:39.000000000 -0400 | |
17582 | +++ linux-2.6.33.1/arch/x86/pci/irq.c 2010-03-20 16:58:39.040721575 -0400 | |
58c5fc13 MT |
17583 | @@ -543,7 +543,7 @@ static __init int intel_router_probe(str |
17584 | static struct pci_device_id __initdata pirq_440gx[] = { | |
17585 | { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443GX_0) }, | |
17586 | { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443GX_2) }, | |
17587 | - { }, | |
17588 | + { PCI_DEVICE(0, 0) } | |
17589 | }; | |
17590 | ||
17591 | /* 440GX has a proprietary PIRQ router -- don't use it */ | |
17592 | @@ -1107,7 +1107,7 @@ static struct dmi_system_id __initdata p | |
17593 | DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"), | |
17594 | }, | |
17595 | }, | |
17596 | - { } | |
17597 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } | |
17598 | }; | |
17599 | ||
17600 | int __init pcibios_irq_init(void) | |
ae4e228f MT |
17601 | diff -urNp linux-2.6.33.1/arch/x86/pci/mmconfig_32.c linux-2.6.33.1/arch/x86/pci/mmconfig_32.c |
17602 | --- linux-2.6.33.1/arch/x86/pci/mmconfig_32.c 2010-03-15 12:09:39.000000000 -0400 | |
17603 | +++ linux-2.6.33.1/arch/x86/pci/mmconfig_32.c 2010-03-20 16:58:39.040721575 -0400 | |
17604 | @@ -117,7 +117,7 @@ static int pci_mmcfg_write(unsigned int | |
17605 | return 0; | |
17606 | } | |
17607 | ||
17608 | -static struct pci_raw_ops pci_mmcfg = { | |
17609 | +static const struct pci_raw_ops pci_mmcfg = { | |
17610 | .read = pci_mmcfg_read, | |
17611 | .write = pci_mmcfg_write, | |
17612 | }; | |
17613 | diff -urNp linux-2.6.33.1/arch/x86/pci/mmconfig_64.c linux-2.6.33.1/arch/x86/pci/mmconfig_64.c | |
17614 | --- linux-2.6.33.1/arch/x86/pci/mmconfig_64.c 2010-03-15 12:09:39.000000000 -0400 | |
17615 | +++ linux-2.6.33.1/arch/x86/pci/mmconfig_64.c 2010-03-20 16:58:39.040721575 -0400 | |
17616 | @@ -81,7 +81,7 @@ static int pci_mmcfg_write(unsigned int | |
17617 | return 0; | |
17618 | } | |
17619 | ||
17620 | -static struct pci_raw_ops pci_mmcfg = { | |
17621 | +static const struct pci_raw_ops pci_mmcfg = { | |
17622 | .read = pci_mmcfg_read, | |
17623 | .write = pci_mmcfg_write, | |
17624 | }; | |
17625 | diff -urNp linux-2.6.33.1/arch/x86/pci/numaq_32.c linux-2.6.33.1/arch/x86/pci/numaq_32.c | |
17626 | --- linux-2.6.33.1/arch/x86/pci/numaq_32.c 2010-03-15 12:09:39.000000000 -0400 | |
17627 | +++ linux-2.6.33.1/arch/x86/pci/numaq_32.c 2010-03-20 16:58:39.040721575 -0400 | |
17628 | @@ -112,7 +112,7 @@ static int pci_conf1_mq_write(unsigned i | |
17629 | ||
17630 | #undef PCI_CONF1_MQ_ADDRESS | |
17631 | ||
17632 | -static struct pci_raw_ops pci_direct_conf1_mq = { | |
17633 | +static const struct pci_raw_ops pci_direct_conf1_mq = { | |
17634 | .read = pci_conf1_mq_read, | |
17635 | .write = pci_conf1_mq_write | |
17636 | }; | |
17637 | diff -urNp linux-2.6.33.1/arch/x86/pci/olpc.c linux-2.6.33.1/arch/x86/pci/olpc.c | |
17638 | --- linux-2.6.33.1/arch/x86/pci/olpc.c 2010-03-15 12:09:39.000000000 -0400 | |
17639 | +++ linux-2.6.33.1/arch/x86/pci/olpc.c 2010-03-20 16:58:39.040721575 -0400 | |
17640 | @@ -297,7 +297,7 @@ static int pci_olpc_write(unsigned int s | |
17641 | return 0; | |
17642 | } | |
17643 | ||
17644 | -static struct pci_raw_ops pci_olpc_conf = { | |
17645 | +static const struct pci_raw_ops pci_olpc_conf = { | |
17646 | .read = pci_olpc_read, | |
17647 | .write = pci_olpc_write, | |
17648 | }; | |
17649 | diff -urNp linux-2.6.33.1/arch/x86/pci/pcbios.c linux-2.6.33.1/arch/x86/pci/pcbios.c | |
17650 | --- linux-2.6.33.1/arch/x86/pci/pcbios.c 2010-03-15 12:09:39.000000000 -0400 | |
17651 | +++ linux-2.6.33.1/arch/x86/pci/pcbios.c 2010-03-20 16:58:39.040721575 -0400 | |
17652 | @@ -56,50 +56,93 @@ union bios32 { | |
58c5fc13 MT |
17653 | static struct { |
17654 | unsigned long address; | |
17655 | unsigned short segment; | |
17656 | -} bios32_indirect = { 0, __KERNEL_CS }; | |
17657 | +} bios32_indirect __read_only = { 0, __PCIBIOS_CS }; | |
17658 | ||
17659 | /* | |
17660 | * Returns the entry point for the given service, NULL on error | |
17661 | */ | |
17662 | ||
17663 | -static unsigned long bios32_service(unsigned long service) | |
17664 | +static unsigned long __devinit bios32_service(unsigned long service) | |
17665 | { | |
17666 | unsigned char return_code; /* %al */ | |
17667 | unsigned long address; /* %ebx */ | |
17668 | unsigned long length; /* %ecx */ | |
17669 | unsigned long entry; /* %edx */ | |
17670 | unsigned long flags; | |
17671 | + struct desc_struct d, *gdt; | |
58c5fc13 MT |
17672 | |
17673 | local_irq_save(flags); | |
17674 | - __asm__("lcall *(%%edi); cld" | |
17675 | + | |
17676 | + gdt = get_cpu_gdt_table(smp_processor_id()); | |
17677 | + | |
58c5fc13 MT |
17678 | + pack_descriptor(&d, 0UL, 0xFFFFFUL, 0x9B, 0xC); |
17679 | + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_CS, &d, DESCTYPE_S); | |
17680 | + pack_descriptor(&d, 0UL, 0xFFFFFUL, 0x93, 0xC); | |
17681 | + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_DS, &d, DESCTYPE_S); | |
17682 | + | |
58c5fc13 MT |
17683 | + __asm__("movw %w7, %%ds; lcall *(%%edi); push %%ss; pop %%ds; cld" |
17684 | : "=a" (return_code), | |
17685 | "=b" (address), | |
17686 | "=c" (length), | |
17687 | "=d" (entry) | |
17688 | : "0" (service), | |
17689 | "1" (0), | |
17690 | - "D" (&bios32_indirect)); | |
17691 | + "D" (&bios32_indirect), | |
17692 | + "r"(__PCIBIOS_DS) | |
17693 | + : "memory"); | |
17694 | + | |
ae4e228f | 17695 | + pax_open_kernel(); |
58c5fc13 MT |
17696 | + gdt[GDT_ENTRY_PCIBIOS_CS].a = 0; |
17697 | + gdt[GDT_ENTRY_PCIBIOS_CS].b = 0; | |
17698 | + gdt[GDT_ENTRY_PCIBIOS_DS].a = 0; | |
17699 | + gdt[GDT_ENTRY_PCIBIOS_DS].b = 0; | |
ae4e228f | 17700 | + pax_close_kernel(); |
58c5fc13 MT |
17701 | + |
17702 | local_irq_restore(flags); | |
17703 | ||
17704 | switch (return_code) { | |
17705 | - case 0: | |
17706 | - return address + entry; | |
17707 | - case 0x80: /* Not present */ | |
17708 | - printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service); | |
17709 | - return 0; | |
17710 | - default: /* Shouldn't happen */ | |
17711 | - printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n", | |
17712 | - service, return_code); | |
17713 | + case 0: { | |
17714 | + int cpu; | |
17715 | + unsigned char flags; | |
17716 | + | |
17717 | + printk(KERN_INFO "bios32_service: base:%08lx length:%08lx entry:%08lx\n", address, length, entry); | |
17718 | + if (address >= 0xFFFF0 || length > 0x100000 - address || length <= entry) { | |
17719 | + printk(KERN_WARNING "bios32_service: not valid\n"); | |
17720 | return 0; | |
17721 | + } | |
17722 | + address = address + PAGE_OFFSET; | |
17723 | + length += 16UL; /* some BIOSs underreport this... */ | |
17724 | + flags = 4; | |
17725 | + if (length >= 64*1024*1024) { | |
17726 | + length >>= PAGE_SHIFT; | |
17727 | + flags |= 8; | |
17728 | + } | |
17729 | + | |
58c5fc13 MT |
17730 | + for (cpu = 0; cpu < NR_CPUS; cpu++) { |
17731 | + gdt = get_cpu_gdt_table(cpu); | |
17732 | + pack_descriptor(&d, address, length, 0x9b, flags); | |
17733 | + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_CS, &d, DESCTYPE_S); | |
17734 | + pack_descriptor(&d, address, length, 0x93, flags); | |
17735 | + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_DS, &d, DESCTYPE_S); | |
17736 | + } | |
58c5fc13 MT |
17737 | + return entry; |
17738 | + } | |
17739 | + case 0x80: /* Not present */ | |
17740 | + printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service); | |
17741 | + return 0; | |
17742 | + default: /* Shouldn't happen */ | |
17743 | + printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n", | |
17744 | + service, return_code); | |
17745 | + return 0; | |
17746 | } | |
17747 | } | |
17748 | ||
17749 | static struct { | |
17750 | unsigned long address; | |
17751 | unsigned short segment; | |
17752 | -} pci_indirect = { 0, __KERNEL_CS }; | |
17753 | +} pci_indirect __read_only = { 0, __PCIBIOS_CS }; | |
17754 | ||
17755 | -static int pci_bios_present; | |
17756 | +static int pci_bios_present __read_only; | |
17757 | ||
17758 | static int __devinit check_pcibios(void) | |
17759 | { | |
ae4e228f | 17760 | @@ -108,11 +151,13 @@ static int __devinit check_pcibios(void) |
58c5fc13 MT |
17761 | unsigned long flags, pcibios_entry; |
17762 | ||
17763 | if ((pcibios_entry = bios32_service(PCI_SERVICE))) { | |
17764 | - pci_indirect.address = pcibios_entry + PAGE_OFFSET; | |
17765 | + pci_indirect.address = pcibios_entry; | |
17766 | ||
17767 | local_irq_save(flags); | |
17768 | - __asm__( | |
17769 | - "lcall *(%%edi); cld\n\t" | |
17770 | + __asm__("movw %w6, %%ds\n\t" | |
17771 | + "lcall *%%ss:(%%edi); cld\n\t" | |
17772 | + "push %%ss\n\t" | |
17773 | + "pop %%ds\n\t" | |
17774 | "jc 1f\n\t" | |
17775 | "xor %%ah, %%ah\n" | |
17776 | "1:" | |
ae4e228f | 17777 | @@ -121,7 +166,8 @@ static int __devinit check_pcibios(void) |
58c5fc13 MT |
17778 | "=b" (ebx), |
17779 | "=c" (ecx) | |
17780 | : "1" (PCIBIOS_PCI_BIOS_PRESENT), | |
17781 | - "D" (&pci_indirect) | |
17782 | + "D" (&pci_indirect), | |
17783 | + "r" (__PCIBIOS_DS) | |
17784 | : "memory"); | |
17785 | local_irq_restore(flags); | |
17786 | ||
ae4e228f | 17787 | @@ -165,7 +211,10 @@ static int pci_bios_read(unsigned int se |
58c5fc13 MT |
17788 | |
17789 | switch (len) { | |
17790 | case 1: | |
17791 | - __asm__("lcall *(%%esi); cld\n\t" | |
17792 | + __asm__("movw %w6, %%ds\n\t" | |
17793 | + "lcall *%%ss:(%%esi); cld\n\t" | |
17794 | + "push %%ss\n\t" | |
17795 | + "pop %%ds\n\t" | |
17796 | "jc 1f\n\t" | |
17797 | "xor %%ah, %%ah\n" | |
17798 | "1:" | |
ae4e228f | 17799 | @@ -174,7 +223,8 @@ static int pci_bios_read(unsigned int se |
58c5fc13 MT |
17800 | : "1" (PCIBIOS_READ_CONFIG_BYTE), |
17801 | "b" (bx), | |
17802 | "D" ((long)reg), | |
17803 | - "S" (&pci_indirect)); | |
17804 | + "S" (&pci_indirect), | |
17805 | + "r" (__PCIBIOS_DS)); | |
17806 | /* | |
17807 | * Zero-extend the result beyond 8 bits, do not trust the | |
17808 | * BIOS having done it: | |
ae4e228f | 17809 | @@ -182,7 +232,10 @@ static int pci_bios_read(unsigned int se |
58c5fc13 MT |
17810 | *value &= 0xff; |
17811 | break; | |
17812 | case 2: | |
17813 | - __asm__("lcall *(%%esi); cld\n\t" | |
17814 | + __asm__("movw %w6, %%ds\n\t" | |
17815 | + "lcall *%%ss:(%%esi); cld\n\t" | |
17816 | + "push %%ss\n\t" | |
17817 | + "pop %%ds\n\t" | |
17818 | "jc 1f\n\t" | |
17819 | "xor %%ah, %%ah\n" | |
17820 | "1:" | |
ae4e228f | 17821 | @@ -191,7 +244,8 @@ static int pci_bios_read(unsigned int se |
58c5fc13 MT |
17822 | : "1" (PCIBIOS_READ_CONFIG_WORD), |
17823 | "b" (bx), | |
17824 | "D" ((long)reg), | |
17825 | - "S" (&pci_indirect)); | |
17826 | + "S" (&pci_indirect), | |
17827 | + "r" (__PCIBIOS_DS)); | |
17828 | /* | |
17829 | * Zero-extend the result beyond 16 bits, do not trust the | |
17830 | * BIOS having done it: | |
ae4e228f | 17831 | @@ -199,7 +253,10 @@ static int pci_bios_read(unsigned int se |
58c5fc13 MT |
17832 | *value &= 0xffff; |
17833 | break; | |
17834 | case 4: | |
17835 | - __asm__("lcall *(%%esi); cld\n\t" | |
17836 | + __asm__("movw %w6, %%ds\n\t" | |
17837 | + "lcall *%%ss:(%%esi); cld\n\t" | |
17838 | + "push %%ss\n\t" | |
17839 | + "pop %%ds\n\t" | |
17840 | "jc 1f\n\t" | |
17841 | "xor %%ah, %%ah\n" | |
17842 | "1:" | |
ae4e228f | 17843 | @@ -208,7 +265,8 @@ static int pci_bios_read(unsigned int se |
58c5fc13 MT |
17844 | : "1" (PCIBIOS_READ_CONFIG_DWORD), |
17845 | "b" (bx), | |
17846 | "D" ((long)reg), | |
17847 | - "S" (&pci_indirect)); | |
17848 | + "S" (&pci_indirect), | |
17849 | + "r" (__PCIBIOS_DS)); | |
17850 | break; | |
17851 | } | |
17852 | ||
ae4e228f | 17853 | @@ -231,7 +289,10 @@ static int pci_bios_write(unsigned int s |
58c5fc13 MT |
17854 | |
17855 | switch (len) { | |
17856 | case 1: | |
17857 | - __asm__("lcall *(%%esi); cld\n\t" | |
17858 | + __asm__("movw %w6, %%ds\n\t" | |
17859 | + "lcall *%%ss:(%%esi); cld\n\t" | |
17860 | + "push %%ss\n\t" | |
17861 | + "pop %%ds\n\t" | |
17862 | "jc 1f\n\t" | |
17863 | "xor %%ah, %%ah\n" | |
17864 | "1:" | |
ae4e228f | 17865 | @@ -240,10 +301,14 @@ static int pci_bios_write(unsigned int s |
58c5fc13 MT |
17866 | "c" (value), |
17867 | "b" (bx), | |
17868 | "D" ((long)reg), | |
17869 | - "S" (&pci_indirect)); | |
17870 | + "S" (&pci_indirect), | |
17871 | + "r" (__PCIBIOS_DS)); | |
17872 | break; | |
17873 | case 2: | |
17874 | - __asm__("lcall *(%%esi); cld\n\t" | |
17875 | + __asm__("movw %w6, %%ds\n\t" | |
17876 | + "lcall *%%ss:(%%esi); cld\n\t" | |
17877 | + "push %%ss\n\t" | |
17878 | + "pop %%ds\n\t" | |
17879 | "jc 1f\n\t" | |
17880 | "xor %%ah, %%ah\n" | |
17881 | "1:" | |
ae4e228f | 17882 | @@ -252,10 +317,14 @@ static int pci_bios_write(unsigned int s |
58c5fc13 MT |
17883 | "c" (value), |
17884 | "b" (bx), | |
17885 | "D" ((long)reg), | |
17886 | - "S" (&pci_indirect)); | |
17887 | + "S" (&pci_indirect), | |
17888 | + "r" (__PCIBIOS_DS)); | |
17889 | break; | |
17890 | case 4: | |
17891 | - __asm__("lcall *(%%esi); cld\n\t" | |
17892 | + __asm__("movw %w6, %%ds\n\t" | |
17893 | + "lcall *%%ss:(%%esi); cld\n\t" | |
17894 | + "push %%ss\n\t" | |
17895 | + "pop %%ds\n\t" | |
17896 | "jc 1f\n\t" | |
17897 | "xor %%ah, %%ah\n" | |
17898 | "1:" | |
ae4e228f | 17899 | @@ -264,7 +333,8 @@ static int pci_bios_write(unsigned int s |
58c5fc13 MT |
17900 | "c" (value), |
17901 | "b" (bx), | |
17902 | "D" ((long)reg), | |
17903 | - "S" (&pci_indirect)); | |
17904 | + "S" (&pci_indirect), | |
17905 | + "r" (__PCIBIOS_DS)); | |
17906 | break; | |
17907 | } | |
17908 | ||
ae4e228f MT |
17909 | @@ -278,7 +348,7 @@ static int pci_bios_write(unsigned int s |
17910 | * Function table for BIOS32 access | |
17911 | */ | |
17912 | ||
17913 | -static struct pci_raw_ops pci_bios_access = { | |
17914 | +static const struct pci_raw_ops pci_bios_access = { | |
17915 | .read = pci_bios_read, | |
17916 | .write = pci_bios_write | |
17917 | }; | |
17918 | @@ -287,7 +357,7 @@ static struct pci_raw_ops pci_bios_acces | |
17919 | * Try to find PCI BIOS. | |
17920 | */ | |
17921 | ||
17922 | -static struct pci_raw_ops * __devinit pci_find_bios(void) | |
17923 | +static const struct pci_raw_ops * __devinit pci_find_bios(void) | |
17924 | { | |
17925 | union bios32 *check; | |
17926 | unsigned char sum; | |
17927 | @@ -368,10 +438,13 @@ struct irq_routing_table * pcibios_get_i | |
58c5fc13 MT |
17928 | |
17929 | DBG("PCI: Fetching IRQ routing table... "); | |
17930 | __asm__("push %%es\n\t" | |
17931 | + "movw %w8, %%ds\n\t" | |
17932 | "push %%ds\n\t" | |
17933 | "pop %%es\n\t" | |
17934 | - "lcall *(%%esi); cld\n\t" | |
17935 | + "lcall *%%ss:(%%esi); cld\n\t" | |
17936 | "pop %%es\n\t" | |
17937 | + "push %%ss\n\t" | |
17938 | + "pop %%ds\n" | |
17939 | "jc 1f\n\t" | |
17940 | "xor %%ah, %%ah\n" | |
17941 | "1:" | |
ae4e228f | 17942 | @@ -382,7 +455,8 @@ struct irq_routing_table * pcibios_get_i |
58c5fc13 MT |
17943 | "1" (0), |
17944 | "D" ((long) &opt), | |
17945 | "S" (&pci_indirect), | |
17946 | - "m" (opt) | |
17947 | + "m" (opt), | |
17948 | + "r" (__PCIBIOS_DS) | |
17949 | : "memory"); | |
17950 | DBG("OK ret=%d, size=%d, map=%x\n", ret, opt.size, map); | |
17951 | if (ret & 0xff00) | |
ae4e228f | 17952 | @@ -406,7 +480,10 @@ int pcibios_set_irq_routing(struct pci_d |
58c5fc13 MT |
17953 | { |
17954 | int ret; | |
17955 | ||
17956 | - __asm__("lcall *(%%esi); cld\n\t" | |
17957 | + __asm__("movw %w5, %%ds\n\t" | |
17958 | + "lcall *%%ss:(%%esi); cld\n\t" | |
17959 | + "push %%ss\n\t" | |
17960 | + "pop %%ds\n" | |
17961 | "jc 1f\n\t" | |
17962 | "xor %%ah, %%ah\n" | |
17963 | "1:" | |
ae4e228f | 17964 | @@ -414,7 +491,8 @@ int pcibios_set_irq_routing(struct pci_d |
58c5fc13 MT |
17965 | : "0" (PCIBIOS_SET_PCI_HW_INT), |
17966 | "b" ((dev->bus->number << 8) | dev->devfn), | |
17967 | "c" ((irq << 8) | (pin + 10)), | |
17968 | - "S" (&pci_indirect)); | |
17969 | + "S" (&pci_indirect), | |
17970 | + "r" (__PCIBIOS_DS)); | |
17971 | return !(ret & 0xff00); | |
17972 | } | |
17973 | EXPORT_SYMBOL(pcibios_set_irq_routing); | |
ae4e228f MT |
17974 | diff -urNp linux-2.6.33.1/arch/x86/power/cpu.c linux-2.6.33.1/arch/x86/power/cpu.c |
17975 | --- linux-2.6.33.1/arch/x86/power/cpu.c 2010-03-15 12:09:39.000000000 -0400 | |
17976 | +++ linux-2.6.33.1/arch/x86/power/cpu.c 2010-03-20 16:58:39.040721575 -0400 | |
17977 | @@ -127,7 +127,7 @@ static void do_fpu_end(void) | |
58c5fc13 MT |
17978 | static void fix_processor_context(void) |
17979 | { | |
17980 | int cpu = smp_processor_id(); | |
17981 | - struct tss_struct *t = &per_cpu(init_tss, cpu); | |
17982 | + struct tss_struct *t = init_tss + cpu; | |
58c5fc13 MT |
17983 | |
17984 | set_tss_desc(cpu, t); /* | |
17985 | * This just modifies memory; should not be | |
ae4e228f | 17986 | @@ -137,7 +137,9 @@ static void fix_processor_context(void) |
58c5fc13 MT |
17987 | */ |
17988 | ||
17989 | #ifdef CONFIG_X86_64 | |
ae4e228f | 17990 | + pax_open_kernel(); |
58c5fc13 | 17991 | get_cpu_gdt_table(cpu)[GDT_ENTRY_TSS].type = 9; |
ae4e228f | 17992 | + pax_close_kernel(); |
58c5fc13 | 17993 | |
58c5fc13 MT |
17994 | syscall_init(); /* This sets MSR_*STAR and related */ |
17995 | #endif | |
ae4e228f MT |
17996 | diff -urNp linux-2.6.33.1/arch/x86/vdso/Makefile linux-2.6.33.1/arch/x86/vdso/Makefile |
17997 | --- linux-2.6.33.1/arch/x86/vdso/Makefile 2010-03-15 12:09:39.000000000 -0400 | |
17998 | +++ linux-2.6.33.1/arch/x86/vdso/Makefile 2010-03-20 16:58:39.040721575 -0400 | |
58c5fc13 MT |
17999 | @@ -122,7 +122,7 @@ quiet_cmd_vdso = VDSO $@ |
18000 | $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \ | |
18001 | -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) | |
18002 | ||
ae4e228f MT |
18003 | -VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) |
18004 | +VDSO_LDFLAGS = -fPIC -shared --no-undefined $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) | |
58c5fc13 MT |
18005 | GCOV_PROFILE := n |
18006 | ||
18007 | # | |
ae4e228f MT |
18008 | diff -urNp linux-2.6.33.1/arch/x86/vdso/vclock_gettime.c linux-2.6.33.1/arch/x86/vdso/vclock_gettime.c |
18009 | --- linux-2.6.33.1/arch/x86/vdso/vclock_gettime.c 2010-03-15 12:09:39.000000000 -0400 | |
18010 | +++ linux-2.6.33.1/arch/x86/vdso/vclock_gettime.c 2010-03-20 16:58:39.044545939 -0400 | |
58c5fc13 MT |
18011 | @@ -22,24 +22,48 @@ |
18012 | #include <asm/hpet.h> | |
18013 | #include <asm/unistd.h> | |
18014 | #include <asm/io.h> | |
18015 | +#include <asm/fixmap.h> | |
18016 | #include "vextern.h" | |
18017 | ||
18018 | #define gtod vdso_vsyscall_gtod_data | |
18019 | ||
18020 | +notrace noinline long __vdso_fallback_time(long *t) | |
18021 | +{ | |
18022 | + long secs; | |
18023 | + asm volatile("syscall" | |
18024 | + : "=a" (secs) | |
18025 | + : "0" (__NR_time),"D" (t) : "r11", "cx", "memory"); | |
18026 | + return secs; | |
18027 | +} | |
18028 | + | |
18029 | notrace static long vdso_fallback_gettime(long clock, struct timespec *ts) | |
18030 | { | |
18031 | long ret; | |
18032 | asm("syscall" : "=a" (ret) : | |
18033 | - "0" (__NR_clock_gettime),"D" (clock), "S" (ts) : "memory"); | |
18034 | + "0" (__NR_clock_gettime),"D" (clock), "S" (ts) : "r11", "cx", "memory"); | |
18035 | return ret; | |
18036 | } | |
18037 | ||
18038 | +notrace static inline cycle_t __vdso_vread_hpet(void) | |
18039 | +{ | |
18040 | + return readl((const void __iomem *)fix_to_virt(VSYSCALL_HPET) + 0xf0); | |
18041 | +} | |
18042 | + | |
18043 | +notrace static inline cycle_t __vdso_vread_tsc(void) | |
18044 | +{ | |
18045 | + cycle_t ret = (cycle_t)vget_cycles(); | |
18046 | + | |
18047 | + return ret >= gtod->clock.cycle_last ? ret : gtod->clock.cycle_last; | |
18048 | +} | |
18049 | + | |
18050 | notrace static inline long vgetns(void) | |
18051 | { | |
18052 | long v; | |
18053 | - cycles_t (*vread)(void); | |
18054 | - vread = gtod->clock.vread; | |
18055 | - v = (vread() - gtod->clock.cycle_last) & gtod->clock.mask; | |
18056 | + if (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3]) | |
18057 | + v = __vdso_vread_tsc(); | |
18058 | + else | |
18059 | + v = __vdso_vread_hpet(); | |
18060 | + v = (v - gtod->clock.cycle_last) & gtod->clock.mask; | |
18061 | return (v * gtod->clock.mult) >> gtod->clock.shift; | |
18062 | } | |
18063 | ||
ae4e228f | 18064 | @@ -113,7 +137,9 @@ notrace static noinline int do_monotonic |
58c5fc13 MT |
18065 | |
18066 | notrace int __vdso_clock_gettime(clockid_t clock, struct timespec *ts) | |
18067 | { | |
ae4e228f | 18068 | - if (likely(gtod->sysctl_enabled)) |
58c5fc13 MT |
18069 | + if (likely(gtod->sysctl_enabled && |
18070 | + ((gtod->clock.name[0] == 'h' && gtod->clock.name[1] == 'p' && gtod->clock.name[2] == 'e' && gtod->clock.name[3] == 't' && !gtod->clock.name[4]) || | |
18071 | + (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3])))) | |
18072 | switch (clock) { | |
18073 | case CLOCK_REALTIME: | |
ae4e228f MT |
18074 | if (likely(gtod->clock.vread)) |
18075 | @@ -133,10 +159,20 @@ notrace int __vdso_clock_gettime(clockid | |
58c5fc13 MT |
18076 | int clock_gettime(clockid_t, struct timespec *) |
18077 | __attribute__((weak, alias("__vdso_clock_gettime"))); | |
18078 | ||
18079 | -notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz) | |
18080 | +notrace noinline int __vdso_fallback_gettimeofday(struct timeval *tv, struct timezone *tz) | |
18081 | { | |
18082 | long ret; | |
18083 | - if (likely(gtod->sysctl_enabled && gtod->clock.vread)) { | |
18084 | + asm("syscall" : "=a" (ret) : | |
18085 | + "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "r11", "cx", "memory"); | |
18086 | + return ret; | |
18087 | +} | |
18088 | + | |
18089 | +notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz) | |
18090 | +{ | |
18091 | + if (likely(gtod->sysctl_enabled && | |
18092 | + ((gtod->clock.name[0] == 'h' && gtod->clock.name[1] == 'p' && gtod->clock.name[2] == 'e' && gtod->clock.name[3] == 't' && !gtod->clock.name[4]) || | |
18093 | + (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3])))) | |
18094 | + { | |
18095 | if (likely(tv != NULL)) { | |
18096 | BUILD_BUG_ON(offsetof(struct timeval, tv_usec) != | |
18097 | offsetof(struct timespec, tv_nsec) || | |
ae4e228f | 18098 | @@ -151,9 +187,7 @@ notrace int __vdso_gettimeofday(struct t |
58c5fc13 MT |
18099 | } |
18100 | return 0; | |
18101 | } | |
18102 | - asm("syscall" : "=a" (ret) : | |
18103 | - "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "memory"); | |
18104 | - return ret; | |
18105 | + return __vdso_fallback_gettimeofday(tv, tz); | |
18106 | } | |
18107 | int gettimeofday(struct timeval *, struct timezone *) | |
18108 | __attribute__((weak, alias("__vdso_gettimeofday"))); | |
ae4e228f MT |
18109 | diff -urNp linux-2.6.33.1/arch/x86/vdso/vdso32-setup.c linux-2.6.33.1/arch/x86/vdso/vdso32-setup.c |
18110 | --- linux-2.6.33.1/arch/x86/vdso/vdso32-setup.c 2010-03-15 12:09:39.000000000 -0400 | |
18111 | +++ linux-2.6.33.1/arch/x86/vdso/vdso32-setup.c 2010-03-20 16:58:39.044545939 -0400 | |
58c5fc13 MT |
18112 | @@ -25,6 +25,7 @@ |
18113 | #include <asm/tlbflush.h> | |
18114 | #include <asm/vdso.h> | |
18115 | #include <asm/proto.h> | |
18116 | +#include <asm/mman.h> | |
18117 | ||
18118 | enum { | |
18119 | VDSO_DISABLED = 0, | |
18120 | @@ -226,7 +227,7 @@ static inline void map_compat_vdso(int m | |
18121 | void enable_sep_cpu(void) | |
18122 | { | |
18123 | int cpu = get_cpu(); | |
18124 | - struct tss_struct *tss = &per_cpu(init_tss, cpu); | |
18125 | + struct tss_struct *tss = init_tss + cpu; | |
18126 | ||
18127 | if (!boot_cpu_has(X86_FEATURE_SEP)) { | |
18128 | put_cpu(); | |
18129 | @@ -249,7 +250,7 @@ static int __init gate_vma_init(void) | |
18130 | gate_vma.vm_start = FIXADDR_USER_START; | |
18131 | gate_vma.vm_end = FIXADDR_USER_END; | |
18132 | gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; | |
18133 | - gate_vma.vm_page_prot = __P101; | |
18134 | + gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags); | |
18135 | /* | |
18136 | * Make sure the vDSO gets into every core dump. | |
18137 | * Dumping its contents makes post-mortem fully interpretable later | |
18138 | @@ -331,14 +332,14 @@ int arch_setup_additional_pages(struct l | |
18139 | if (compat) | |
18140 | addr = VDSO_HIGH_BASE; | |
18141 | else { | |
18142 | - addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0); | |
18143 | + addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, MAP_EXECUTABLE); | |
18144 | if (IS_ERR_VALUE(addr)) { | |
18145 | ret = addr; | |
18146 | goto up_fail; | |
18147 | } | |
18148 | } | |
18149 | ||
18150 | - current->mm->context.vdso = (void *)addr; | |
18151 | + current->mm->context.vdso = addr; | |
18152 | ||
18153 | if (compat_uses_vma || !compat) { | |
18154 | /* | |
ae4e228f MT |
18155 | @@ -361,11 +362,11 @@ int arch_setup_additional_pages(struct l |
18156 | } | |
18157 | ||
18158 | current_thread_info()->sysenter_return = | |
18159 | - VDSO32_SYMBOL(addr, SYSENTER_RETURN); | |
18160 | + (__force void __user *)VDSO32_SYMBOL(addr, SYSENTER_RETURN); | |
58c5fc13 MT |
18161 | |
18162 | up_fail: | |
18163 | if (ret) | |
18164 | - current->mm->context.vdso = NULL; | |
18165 | + current->mm->context.vdso = 0; | |
18166 | ||
18167 | up_write(&mm->mmap_sem); | |
18168 | ||
ae4e228f | 18169 | @@ -412,8 +413,14 @@ __initcall(ia32_binfmt_init); |
58c5fc13 MT |
18170 | |
18171 | const char *arch_vma_name(struct vm_area_struct *vma) | |
18172 | { | |
18173 | - if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso) | |
18174 | + if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso) | |
18175 | return "[vdso]"; | |
18176 | + | |
18177 | +#ifdef CONFIG_PAX_SEGMEXEC | |
18178 | + if (vma->vm_mm && vma->vm_mirror && vma->vm_mirror->vm_start == vma->vm_mm->context.vdso) | |
18179 | + return "[vdso]"; | |
18180 | +#endif | |
18181 | + | |
18182 | return NULL; | |
18183 | } | |
18184 | ||
ae4e228f | 18185 | @@ -422,7 +429,7 @@ struct vm_area_struct *get_gate_vma(stru |
58c5fc13 MT |
18186 | struct mm_struct *mm = tsk->mm; |
18187 | ||
18188 | /* Check to see if this task was created in compat vdso mode */ | |
18189 | - if (mm && mm->context.vdso == (void *)VDSO_HIGH_BASE) | |
18190 | + if (mm && mm->context.vdso == VDSO_HIGH_BASE) | |
18191 | return &gate_vma; | |
18192 | return NULL; | |
18193 | } | |
ae4e228f MT |
18194 | diff -urNp linux-2.6.33.1/arch/x86/vdso/vdso.lds.S linux-2.6.33.1/arch/x86/vdso/vdso.lds.S |
18195 | --- linux-2.6.33.1/arch/x86/vdso/vdso.lds.S 2010-03-15 12:09:39.000000000 -0400 | |
18196 | +++ linux-2.6.33.1/arch/x86/vdso/vdso.lds.S 2010-03-20 16:58:39.044545939 -0400 | |
58c5fc13 MT |
18197 | @@ -35,3 +35,9 @@ VDSO64_PRELINK = VDSO_PRELINK; |
18198 | #define VEXTERN(x) VDSO64_ ## x = vdso_ ## x; | |
18199 | #include "vextern.h" | |
18200 | #undef VEXTERN | |
18201 | + | |
18202 | +#define VEXTERN(x) VDSO64_ ## x = __vdso_ ## x; | |
18203 | +VEXTERN(fallback_gettimeofday) | |
18204 | +VEXTERN(fallback_time) | |
18205 | +VEXTERN(getcpu) | |
18206 | +#undef VEXTERN | |
ae4e228f MT |
18207 | diff -urNp linux-2.6.33.1/arch/x86/vdso/vextern.h linux-2.6.33.1/arch/x86/vdso/vextern.h |
18208 | --- linux-2.6.33.1/arch/x86/vdso/vextern.h 2010-03-15 12:09:39.000000000 -0400 | |
18209 | +++ linux-2.6.33.1/arch/x86/vdso/vextern.h 2010-03-20 16:58:39.044545939 -0400 | |
58c5fc13 MT |
18210 | @@ -11,6 +11,5 @@ |
18211 | put into vextern.h and be referenced as a pointer with vdso prefix. | |
18212 | The main kernel later fills in the values. */ | |
18213 | ||
18214 | -VEXTERN(jiffies) | |
18215 | VEXTERN(vgetcpu_mode) | |
18216 | VEXTERN(vsyscall_gtod_data) | |
ae4e228f MT |
18217 | diff -urNp linux-2.6.33.1/arch/x86/vdso/vma.c linux-2.6.33.1/arch/x86/vdso/vma.c |
18218 | --- linux-2.6.33.1/arch/x86/vdso/vma.c 2010-03-15 12:09:39.000000000 -0400 | |
18219 | +++ linux-2.6.33.1/arch/x86/vdso/vma.c 2010-03-20 16:58:39.044545939 -0400 | |
58c5fc13 MT |
18220 | @@ -57,7 +57,7 @@ static int __init init_vdso_vars(void) |
18221 | if (!vbase) | |
18222 | goto oom; | |
18223 | ||
18224 | - if (memcmp(vbase, "\177ELF", 4)) { | |
18225 | + if (memcmp(vbase, ELFMAG, SELFMAG)) { | |
18226 | printk("VDSO: I'm broken; not ELF\n"); | |
18227 | vdso_enabled = 0; | |
18228 | } | |
18229 | @@ -66,6 +66,7 @@ static int __init init_vdso_vars(void) | |
18230 | *(typeof(__ ## x) **) var_ref(VDSO64_SYMBOL(vbase, x), #x) = &__ ## x; | |
18231 | #include "vextern.h" | |
18232 | #undef VEXTERN | |
18233 | + vunmap(vbase); | |
18234 | return 0; | |
18235 | ||
18236 | oom: | |
18237 | @@ -116,7 +117,7 @@ int arch_setup_additional_pages(struct l | |
18238 | goto up_fail; | |
18239 | } | |
18240 | ||
18241 | - current->mm->context.vdso = (void *)addr; | |
18242 | + current->mm->context.vdso = addr; | |
18243 | ||
18244 | ret = install_special_mapping(mm, addr, vdso_size, | |
18245 | VM_READ|VM_EXEC| | |
18246 | @@ -124,7 +125,7 @@ int arch_setup_additional_pages(struct l | |
18247 | VM_ALWAYSDUMP, | |
18248 | vdso_pages); | |
18249 | if (ret) { | |
18250 | - current->mm->context.vdso = NULL; | |
18251 | + current->mm->context.vdso = 0; | |
18252 | goto up_fail; | |
18253 | } | |
18254 | ||
18255 | @@ -132,10 +133,3 @@ up_fail: | |
18256 | up_write(&mm->mmap_sem); | |
18257 | return ret; | |
18258 | } | |
18259 | - | |
18260 | -static __init int vdso_setup(char *s) | |
18261 | -{ | |
18262 | - vdso_enabled = simple_strtoul(s, NULL, 0); | |
18263 | - return 0; | |
18264 | -} | |
18265 | -__setup("vdso=", vdso_setup); | |
ae4e228f MT |
18266 | diff -urNp linux-2.6.33.1/arch/x86/xen/enlighten.c linux-2.6.33.1/arch/x86/xen/enlighten.c |
18267 | --- linux-2.6.33.1/arch/x86/xen/enlighten.c 2010-03-15 12:09:39.000000000 -0400 | |
18268 | +++ linux-2.6.33.1/arch/x86/xen/enlighten.c 2010-03-20 16:58:39.044545939 -0400 | |
18269 | @@ -73,8 +73,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); | |
58c5fc13 MT |
18270 | |
18271 | struct shared_info xen_dummy_shared_info; | |
18272 | ||
18273 | -void *xen_initial_gdt; | |
18274 | - | |
18275 | /* | |
18276 | * Point at some empty memory to start with. We map the real shared_info | |
18277 | * page as soon as fixmap is up and running. | |
ae4e228f | 18278 | @@ -550,7 +548,7 @@ static void xen_write_idt_entry(gate_des |
58c5fc13 MT |
18279 | |
18280 | preempt_disable(); | |
18281 | ||
18282 | - start = __get_cpu_var(idt_desc).address; | |
18283 | + start = (unsigned long)__get_cpu_var(idt_desc).address; | |
18284 | end = start + __get_cpu_var(idt_desc).size + 1; | |
18285 | ||
18286 | xen_mc_flush(); | |
ae4e228f | 18287 | @@ -1133,13 +1131,6 @@ asmlinkage void __init xen_start_kernel( |
58c5fc13 MT |
18288 | |
18289 | machine_ops = xen_machine_ops; | |
18290 | ||
18291 | - /* | |
18292 | - * The only reliable way to retain the initial address of the | |
18293 | - * percpu gdt_page is to remember it here, so we can go and | |
18294 | - * mark it RW later, when the initial percpu area is freed. | |
18295 | - */ | |
18296 | - xen_initial_gdt = &per_cpu(gdt_page, 0); | |
18297 | - | |
18298 | xen_smp_init(); | |
18299 | ||
ae4e228f MT |
18300 | pgd = (pgd_t *)xen_start_info->pt_base; |
18301 | diff -urNp linux-2.6.33.1/arch/x86/xen/mmu.c linux-2.6.33.1/arch/x86/xen/mmu.c | |
18302 | --- linux-2.6.33.1/arch/x86/xen/mmu.c 2010-03-15 12:09:39.000000000 -0400 | |
18303 | +++ linux-2.6.33.1/arch/x86/xen/mmu.c 2010-03-20 16:58:39.044545939 -0400 | |
18304 | @@ -1711,6 +1711,8 @@ __init pgd_t *xen_setup_kernel_pagetable | |
58c5fc13 MT |
18305 | convert_pfn_mfn(init_level4_pgt); |
18306 | convert_pfn_mfn(level3_ident_pgt); | |
18307 | convert_pfn_mfn(level3_kernel_pgt); | |
18308 | + convert_pfn_mfn(level3_vmalloc_pgt); | |
18309 | + convert_pfn_mfn(level3_vmemmap_pgt); | |
18310 | ||
18311 | l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd); | |
18312 | l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud); | |
ae4e228f | 18313 | @@ -1729,7 +1731,10 @@ __init pgd_t *xen_setup_kernel_pagetable |
58c5fc13 MT |
18314 | set_page_prot(init_level4_pgt, PAGE_KERNEL_RO); |
18315 | set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO); | |
18316 | set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO); | |
18317 | + set_page_prot(level3_vmalloc_pgt, PAGE_KERNEL_RO); | |
18318 | + set_page_prot(level3_vmemmap_pgt, PAGE_KERNEL_RO); | |
18319 | set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO); | |
18320 | + set_page_prot(level2_vmemmap_pgt, PAGE_KERNEL_RO); | |
18321 | set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); | |
18322 | set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); | |
18323 | ||
ae4e228f MT |
18324 | diff -urNp linux-2.6.33.1/arch/x86/xen/smp.c linux-2.6.33.1/arch/x86/xen/smp.c |
18325 | --- linux-2.6.33.1/arch/x86/xen/smp.c 2010-03-15 12:09:39.000000000 -0400 | |
18326 | +++ linux-2.6.33.1/arch/x86/xen/smp.c 2010-03-20 16:58:39.044545939 -0400 | |
18327 | @@ -168,11 +168,6 @@ static void __init xen_smp_prepare_boot_ | |
58c5fc13 MT |
18328 | { |
18329 | BUG_ON(smp_processor_id() != 0); | |
18330 | native_smp_prepare_boot_cpu(); | |
18331 | - | |
18332 | - /* We've switched to the "real" per-cpu gdt, so make sure the | |
18333 | - old memory can be recycled */ | |
18334 | - make_lowmem_page_readwrite(xen_initial_gdt); | |
18335 | - | |
18336 | xen_setup_vcpu_info_placement(); | |
18337 | } | |
18338 | ||
ae4e228f | 18339 | @@ -232,8 +227,8 @@ cpu_initialize_context(unsigned int cpu, |
58c5fc13 MT |
18340 | gdt = get_cpu_gdt_table(cpu); |
18341 | ||
18342 | ctxt->flags = VGCF_IN_KERNEL; | |
18343 | - ctxt->user_regs.ds = __USER_DS; | |
18344 | - ctxt->user_regs.es = __USER_DS; | |
18345 | + ctxt->user_regs.ds = __KERNEL_DS; | |
18346 | + ctxt->user_regs.es = __KERNEL_DS; | |
18347 | ctxt->user_regs.ss = __KERNEL_DS; | |
18348 | #ifdef CONFIG_X86_32 | |
18349 | ctxt->user_regs.fs = __KERNEL_PERCPU; | |
ae4e228f MT |
18350 | diff -urNp linux-2.6.33.1/arch/x86/xen/xen-ops.h linux-2.6.33.1/arch/x86/xen/xen-ops.h |
18351 | --- linux-2.6.33.1/arch/x86/xen/xen-ops.h 2010-03-15 12:09:39.000000000 -0400 | |
18352 | +++ linux-2.6.33.1/arch/x86/xen/xen-ops.h 2010-03-20 16:58:39.044545939 -0400 | |
58c5fc13 MT |
18353 | @@ -10,8 +10,6 @@ |
18354 | extern const char xen_hypervisor_callback[]; | |
18355 | extern const char xen_failsafe_callback[]; | |
18356 | ||
18357 | -extern void *xen_initial_gdt; | |
18358 | - | |
18359 | struct trap_info; | |
18360 | void xen_copy_trap_info(struct trap_info *traps); | |
18361 | ||
ae4e228f MT |
18362 | diff -urNp linux-2.6.33.1/block/blk-integrity.c linux-2.6.33.1/block/blk-integrity.c |
18363 | --- linux-2.6.33.1/block/blk-integrity.c 2010-03-15 12:09:39.000000000 -0400 | |
18364 | +++ linux-2.6.33.1/block/blk-integrity.c 2010-03-20 16:58:39.052902082 -0400 | |
18365 | @@ -278,7 +278,7 @@ static struct attribute *integrity_attrs | |
18366 | NULL, | |
18367 | }; | |
58c5fc13 | 18368 | |
ae4e228f MT |
18369 | -static struct sysfs_ops integrity_ops = { |
18370 | +static const struct sysfs_ops integrity_ops = { | |
18371 | .show = &integrity_attr_show, | |
18372 | .store = &integrity_attr_store, | |
18373 | }; | |
18374 | diff -urNp linux-2.6.33.1/block/blk-iopoll.c linux-2.6.33.1/block/blk-iopoll.c | |
18375 | --- linux-2.6.33.1/block/blk-iopoll.c 2010-03-15 12:09:39.000000000 -0400 | |
18376 | +++ linux-2.6.33.1/block/blk-iopoll.c 2010-03-20 16:58:39.068779508 -0400 | |
18377 | @@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopo | |
18378 | } | |
18379 | EXPORT_SYMBOL(blk_iopoll_complete); | |
18380 | ||
18381 | -static void blk_iopoll_softirq(struct softirq_action *h) | |
18382 | +static void blk_iopoll_softirq(void) | |
18383 | { | |
18384 | struct list_head *list = &__get_cpu_var(blk_cpu_iopoll); | |
18385 | int rearm = 0, budget = blk_iopoll_budget; | |
18386 | diff -urNp linux-2.6.33.1/block/blk-map.c linux-2.6.33.1/block/blk-map.c | |
18387 | --- linux-2.6.33.1/block/blk-map.c 2010-03-15 12:09:39.000000000 -0400 | |
18388 | +++ linux-2.6.33.1/block/blk-map.c 2010-03-20 16:58:39.068779508 -0400 | |
18389 | @@ -54,7 +54,7 @@ static int __blk_rq_map_user(struct requ | |
18390 | * direct dma. else, set up kernel bounce buffers | |
18391 | */ | |
18392 | uaddr = (unsigned long) ubuf; | |
18393 | - if (blk_rq_aligned(q, ubuf, len) && !map_data) | |
18394 | + if (blk_rq_aligned(q, (__force void *)ubuf, len) && !map_data) | |
18395 | bio = bio_map_user(q, NULL, uaddr, len, reading, gfp_mask); | |
18396 | else | |
18397 | bio = bio_copy_user(q, map_data, uaddr, len, reading, gfp_mask); | |
18398 | @@ -297,7 +297,7 @@ int blk_rq_map_kern(struct request_queue | |
18399 | if (!len || !kbuf) | |
18400 | return -EINVAL; | |
58c5fc13 | 18401 | |
ae4e228f MT |
18402 | - do_copy = !blk_rq_aligned(q, kbuf, len) || object_is_on_stack(kbuf); |
18403 | + do_copy = !blk_rq_aligned(q, kbuf, len) || object_starts_on_stack(kbuf); | |
18404 | if (do_copy) | |
18405 | bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading); | |
18406 | else | |
18407 | diff -urNp linux-2.6.33.1/block/blk-softirq.c linux-2.6.33.1/block/blk-softirq.c | |
18408 | --- linux-2.6.33.1/block/blk-softirq.c 2010-03-15 12:09:39.000000000 -0400 | |
18409 | +++ linux-2.6.33.1/block/blk-softirq.c 2010-03-20 16:58:39.068779508 -0400 | |
18410 | @@ -17,7 +17,7 @@ static DEFINE_PER_CPU(struct list_head, | |
18411 | * Softirq action handler - move entries to local list and loop over them | |
18412 | * while passing them to the queue registered handler. | |
18413 | */ | |
18414 | -static void blk_done_softirq(struct softirq_action *h) | |
18415 | +static void blk_done_softirq(void) | |
18416 | { | |
18417 | struct list_head *cpu_list, local_list; | |
58c5fc13 | 18418 | |
ae4e228f MT |
18419 | diff -urNp linux-2.6.33.1/block/blk-sysfs.c linux-2.6.33.1/block/blk-sysfs.c |
18420 | --- linux-2.6.33.1/block/blk-sysfs.c 2010-03-15 12:09:39.000000000 -0400 | |
18421 | +++ linux-2.6.33.1/block/blk-sysfs.c 2010-03-20 16:58:39.068779508 -0400 | |
18422 | @@ -447,7 +447,7 @@ static void blk_release_queue(struct kob | |
18423 | kmem_cache_free(blk_requestq_cachep, q); | |
58c5fc13 MT |
18424 | } |
18425 | ||
ae4e228f MT |
18426 | -static struct sysfs_ops queue_sysfs_ops = { |
18427 | +static const struct sysfs_ops queue_sysfs_ops = { | |
18428 | .show = queue_attr_show, | |
18429 | .store = queue_attr_store, | |
18430 | }; | |
18431 | diff -urNp linux-2.6.33.1/block/elevator.c linux-2.6.33.1/block/elevator.c | |
18432 | --- linux-2.6.33.1/block/elevator.c 2010-03-15 12:09:39.000000000 -0400 | |
18433 | +++ linux-2.6.33.1/block/elevator.c 2010-03-20 16:58:39.073372227 -0400 | |
18434 | @@ -883,7 +883,7 @@ elv_attr_store(struct kobject *kobj, str | |
18435 | return error; | |
18436 | } | |
58c5fc13 | 18437 | |
ae4e228f MT |
18438 | -static struct sysfs_ops elv_sysfs_ops = { |
18439 | +static const struct sysfs_ops elv_sysfs_ops = { | |
18440 | .show = elv_attr_show, | |
18441 | .store = elv_attr_store, | |
18442 | }; | |
18443 | diff -urNp linux-2.6.33.1/crypto/lrw.c linux-2.6.33.1/crypto/lrw.c | |
18444 | --- linux-2.6.33.1/crypto/lrw.c 2010-03-15 12:09:39.000000000 -0400 | |
18445 | +++ linux-2.6.33.1/crypto/lrw.c 2010-03-20 16:58:39.077284706 -0400 | |
58c5fc13 MT |
18446 | @@ -60,7 +60,7 @@ static int setkey(struct crypto_tfm *par |
18447 | struct priv *ctx = crypto_tfm_ctx(parent); | |
18448 | struct crypto_cipher *child = ctx->child; | |
18449 | int err, i; | |
18450 | - be128 tmp = { 0 }; | |
18451 | + be128 tmp = { 0, 0 }; | |
18452 | int bsize = crypto_cipher_blocksize(child); | |
18453 | ||
18454 | crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); | |
ae4e228f MT |
18455 | diff -urNp linux-2.6.33.1/Documentation/dontdiff linux-2.6.33.1/Documentation/dontdiff |
18456 | --- linux-2.6.33.1/Documentation/dontdiff 2010-03-15 12:09:39.000000000 -0400 | |
18457 | +++ linux-2.6.33.1/Documentation/dontdiff 2010-03-20 16:58:39.077284706 -0400 | |
58c5fc13 MT |
18458 | @@ -3,6 +3,7 @@ |
18459 | *.bin | |
18460 | *.cpio | |
18461 | *.csp | |
18462 | +*.dbg | |
18463 | *.dsp | |
18464 | *.dvi | |
18465 | *.elf | |
ae4e228f MT |
18466 | @@ -40,6 +41,7 @@ |
18467 | *.ver | |
18468 | *.xml | |
18469 | *_MODULES | |
18470 | +*_reg_safe.h | |
18471 | *_vga16.c | |
18472 | *~ | |
18473 | *.9 | |
18474 | @@ -49,11 +51,16 @@ | |
58c5fc13 MT |
18475 | 53c700_d.h |
18476 | CVS | |
18477 | ChangeSet | |
18478 | +GPATH | |
18479 | +GRTAGS | |
18480 | +GSYMS | |
18481 | +GTAGS | |
18482 | Image | |
18483 | Kerntypes | |
18484 | Module.markers | |
18485 | Module.symvers | |
18486 | PENDING | |
18487 | +PERF* | |
18488 | SCCS | |
18489 | System.map* | |
18490 | TAGS | |
ae4e228f | 18491 | @@ -77,7 +84,9 @@ btfixupprep |
58c5fc13 MT |
18492 | build |
18493 | bvmlinux | |
18494 | bzImage* | |
18495 | +capflags.c | |
18496 | classlist.h* | |
18497 | +common-cmds.h | |
18498 | comp*.log | |
18499 | compile.h* | |
18500 | conf | |
ae4e228f MT |
18501 | @@ -107,13 +116,15 @@ generated |
18502 | genheaders | |
58c5fc13 MT |
18503 | genksyms |
18504 | *_gray256.c | |
18505 | +hash | |
18506 | ihex2fw | |
18507 | ikconfig.h* | |
ae4e228f | 18508 | +inat-tables.c |
58c5fc13 MT |
18509 | initramfs_data.cpio |
18510 | +initramfs_data.cpio.bz2 | |
18511 | initramfs_data.cpio.gz | |
18512 | initramfs_list | |
18513 | kallsyms | |
18514 | -kconfig | |
18515 | keywords.c | |
18516 | ksym.c* | |
18517 | ksym.h* | |
ae4e228f | 18518 | @@ -137,10 +148,13 @@ mkboot |
58c5fc13 MT |
18519 | mkbugboot |
18520 | mkcpustr | |
18521 | mkdep | |
18522 | +mkpiggy | |
18523 | mkprep | |
ae4e228f | 18524 | +mkregtable |
58c5fc13 MT |
18525 | mktables |
18526 | mktree | |
ae4e228f MT |
18527 | modpost |
18528 | +modules.builtin | |
18529 | modules.order | |
18530 | modversions.h* | |
18531 | ncscope.* | |
18532 | @@ -153,6 +167,7 @@ patches* | |
58c5fc13 MT |
18533 | pca200e.bin |
18534 | pca200e_ecd.bin2 | |
18535 | piggy.gz | |
18536 | +piggy.S | |
18537 | piggyback | |
18538 | pnmtologo | |
18539 | ppc_defs.h* | |
ae4e228f | 18540 | @@ -167,6 +182,7 @@ setup |
58c5fc13 MT |
18541 | setup.bin |
18542 | setup.elf | |
18543 | sImage | |
18544 | +slabinfo | |
18545 | sm_tbl* | |
18546 | split-include | |
18547 | syscalltab.h | |
ae4e228f | 18548 | @@ -190,14 +206,20 @@ version.h* |
58c5fc13 MT |
18549 | vmlinux |
18550 | vmlinux-* | |
18551 | vmlinux.aout | |
18552 | +vmlinux.bin.all | |
18553 | +vmlinux.bin.bz2 | |
18554 | vmlinux.lds | |
18555 | +vmlinux.relocs | |
18556 | +voffset.h | |
18557 | vsyscall.lds | |
18558 | vsyscall_32.lds | |
18559 | wanxlfw.inc | |
18560 | uImage | |
18561 | unifdef | |
18562 | +utsrelease.h | |
18563 | wakeup.bin | |
18564 | wakeup.elf | |
18565 | wakeup.lds | |
18566 | zImage* | |
18567 | zconf.hash.c | |
18568 | +zoffset.h | |
ae4e228f MT |
18569 | diff -urNp linux-2.6.33.1/Documentation/filesystems/sysfs.txt linux-2.6.33.1/Documentation/filesystems/sysfs.txt |
18570 | --- linux-2.6.33.1/Documentation/filesystems/sysfs.txt 2010-03-15 12:09:39.000000000 -0400 | |
18571 | +++ linux-2.6.33.1/Documentation/filesystems/sysfs.txt 2010-03-20 16:58:39.077284706 -0400 | |
18572 | @@ -123,8 +123,8 @@ set of sysfs operations for forwarding r | |
18573 | show and store methods of the attribute owners. | |
18574 | ||
18575 | struct sysfs_ops { | |
18576 | - ssize_t (*show)(struct kobject *, struct attribute *, char *); | |
18577 | - ssize_t (*store)(struct kobject *, struct attribute *, const char *); | |
18578 | + ssize_t (* const show)(struct kobject *, struct attribute *, char *); | |
18579 | + ssize_t (* const store)(struct kobject *, struct attribute *, const char *); | |
18580 | }; | |
18581 | ||
18582 | [ Subsystems should have already defined a struct kobj_type as a | |
18583 | diff -urNp linux-2.6.33.1/Documentation/kernel-parameters.txt linux-2.6.33.1/Documentation/kernel-parameters.txt | |
18584 | --- linux-2.6.33.1/Documentation/kernel-parameters.txt 2010-03-15 12:09:39.000000000 -0400 | |
18585 | +++ linux-2.6.33.1/Documentation/kernel-parameters.txt 2010-03-20 16:58:39.081342736 -0400 | |
18586 | @@ -1865,6 +1865,12 @@ and is between 256 and 4096 characters. | |
58c5fc13 MT |
18587 | the specified number of seconds. This is to be used if |
18588 | your oopses keep scrolling off the screen. | |
18589 | ||
18590 | + pax_nouderef [X86-32] disables UDEREF. Most likely needed under certain | |
18591 | + virtualization environments that don't cope well with the | |
18592 | + expand down segment used by UDEREF on X86-32. | |
18593 | + | |
18594 | + pax_softmode= [X86-32] 0/1 to disable/enable PaX softmode on boot already. | |
18595 | + | |
18596 | pcbit= [HW,ISDN] | |
18597 | ||
18598 | pcd. [PARIDE] | |
ae4e228f MT |
18599 | diff -urNp linux-2.6.33.1/drivers/acpi/battery.c linux-2.6.33.1/drivers/acpi/battery.c |
18600 | --- linux-2.6.33.1/drivers/acpi/battery.c 2010-03-15 12:09:39.000000000 -0400 | |
18601 | +++ linux-2.6.33.1/drivers/acpi/battery.c 2010-03-20 16:58:39.097283097 -0400 | |
18602 | @@ -763,7 +763,7 @@ DECLARE_FILE_FUNCTIONS(alarm); | |
18603 | } | |
18604 | ||
18605 | static struct battery_file { | |
18606 | - struct file_operations ops; | |
18607 | + const struct file_operations ops; | |
18608 | mode_t mode; | |
18609 | const char *name; | |
18610 | } acpi_battery_file[] = { | |
18611 | diff -urNp linux-2.6.33.1/drivers/acpi/blacklist.c linux-2.6.33.1/drivers/acpi/blacklist.c | |
18612 | --- linux-2.6.33.1/drivers/acpi/blacklist.c 2010-03-15 12:09:39.000000000 -0400 | |
18613 | +++ linux-2.6.33.1/drivers/acpi/blacklist.c 2010-03-20 16:58:39.097283097 -0400 | |
18614 | @@ -73,7 +73,7 @@ static struct acpi_blacklist_item acpi_b | |
58c5fc13 MT |
18615 | {"IBM ", "TP600E ", 0x00000105, ACPI_SIG_DSDT, less_than_or_equal, |
18616 | "Incorrect _ADR", 1}, | |
18617 | ||
18618 | - {""} | |
ae4e228f | 18619 | + {"", "", 0, NULL, all_versions, NULL, 0} |
58c5fc13 MT |
18620 | }; |
18621 | ||
18622 | #if CONFIG_ACPI_BLACKLIST_YEAR | |
ae4e228f MT |
18623 | diff -urNp linux-2.6.33.1/drivers/acpi/dock.c linux-2.6.33.1/drivers/acpi/dock.c |
18624 | --- linux-2.6.33.1/drivers/acpi/dock.c 2010-03-15 12:09:39.000000000 -0400 | |
18625 | +++ linux-2.6.33.1/drivers/acpi/dock.c 2010-03-20 16:58:39.097283097 -0400 | |
18626 | @@ -76,7 +76,7 @@ struct dock_dependent_device { | |
18627 | struct list_head list; | |
18628 | struct list_head hotplug_list; | |
18629 | acpi_handle handle; | |
18630 | - struct acpi_dock_ops *ops; | |
18631 | + const struct acpi_dock_ops *ops; | |
18632 | void *context; | |
18633 | }; | |
18634 | ||
18635 | @@ -588,7 +588,7 @@ EXPORT_SYMBOL_GPL(unregister_dock_notifi | |
18636 | * the dock driver after _DCK is executed. | |
18637 | */ | |
18638 | int | |
18639 | -register_hotplug_dock_device(acpi_handle handle, struct acpi_dock_ops *ops, | |
18640 | +register_hotplug_dock_device(acpi_handle handle, const struct acpi_dock_ops *ops, | |
18641 | void *context) | |
18642 | { | |
18643 | struct dock_dependent_device *dd; | |
18644 | diff -urNp linux-2.6.33.1/drivers/acpi/osl.c linux-2.6.33.1/drivers/acpi/osl.c | |
18645 | --- linux-2.6.33.1/drivers/acpi/osl.c 2010-03-15 12:09:39.000000000 -0400 | |
18646 | +++ linux-2.6.33.1/drivers/acpi/osl.c 2010-03-20 16:58:39.101703980 -0400 | |
18647 | @@ -523,6 +523,8 @@ acpi_os_read_memory(acpi_physical_addres | |
58c5fc13 MT |
18648 | void __iomem *virt_addr; |
18649 | ||
18650 | virt_addr = ioremap(phys_addr, width); | |
18651 | + if (!virt_addr) | |
18652 | + return AE_NO_MEMORY; | |
18653 | if (!value) | |
18654 | value = &dummy; | |
18655 | ||
ae4e228f | 18656 | @@ -551,6 +553,8 @@ acpi_os_write_memory(acpi_physical_addre |
58c5fc13 MT |
18657 | void __iomem *virt_addr; |
18658 | ||
18659 | virt_addr = ioremap(phys_addr, width); | |
18660 | + if (!virt_addr) | |
18661 | + return AE_NO_MEMORY; | |
18662 | ||
18663 | switch (width) { | |
18664 | case 8: | |
ae4e228f MT |
18665 | diff -urNp linux-2.6.33.1/drivers/acpi/processor_core.c linux-2.6.33.1/drivers/acpi/processor_core.c |
18666 | --- linux-2.6.33.1/drivers/acpi/processor_core.c 2010-03-15 12:09:39.000000000 -0400 | |
18667 | +++ linux-2.6.33.1/drivers/acpi/processor_core.c 2010-03-20 16:58:39.109290821 -0400 | |
18668 | @@ -734,7 +734,7 @@ static int __cpuinit acpi_processor_add( | |
58c5fc13 MT |
18669 | return 0; |
18670 | } | |
18671 | ||
18672 | - BUG_ON((pr->id >= nr_cpu_ids) || (pr->id < 0)); | |
18673 | + BUG_ON(pr->id >= nr_cpu_ids); | |
18674 | ||
18675 | /* | |
18676 | * Buggy BIOS check | |
ae4e228f MT |
18677 | diff -urNp linux-2.6.33.1/drivers/acpi/processor_idle.c linux-2.6.33.1/drivers/acpi/processor_idle.c |
18678 | --- linux-2.6.33.1/drivers/acpi/processor_idle.c 2010-03-15 12:09:39.000000000 -0400 | |
18679 | +++ linux-2.6.33.1/drivers/acpi/processor_idle.c 2010-03-20 16:58:39.109290821 -0400 | |
18680 | @@ -118,7 +118,7 @@ static struct dmi_system_id __cpuinitdat | |
18681 | DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK Computer Inc."), | |
18682 | DMI_MATCH(DMI_PRODUCT_NAME,"L8400B series Notebook PC")}, | |
18683 | (void *)1}, | |
58c5fc13 MT |
18684 | - {}, |
18685 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}, | |
18686 | }; | |
18687 | ||
18688 | ||
ae4e228f MT |
18689 | diff -urNp linux-2.6.33.1/drivers/acpi/sleep.c linux-2.6.33.1/drivers/acpi/sleep.c |
18690 | --- linux-2.6.33.1/drivers/acpi/sleep.c 2010-03-15 12:09:39.000000000 -0400 | |
18691 | +++ linux-2.6.33.1/drivers/acpi/sleep.c 2010-03-20 16:58:39.113276130 -0400 | |
18692 | @@ -302,7 +302,7 @@ static int acpi_suspend_state_valid(susp | |
18693 | } | |
18694 | } | |
18695 | ||
18696 | -static struct platform_suspend_ops acpi_suspend_ops = { | |
18697 | +static const struct platform_suspend_ops acpi_suspend_ops = { | |
18698 | .valid = acpi_suspend_state_valid, | |
18699 | .begin = acpi_suspend_begin, | |
18700 | .prepare_late = acpi_pm_prepare, | |
18701 | @@ -330,7 +330,7 @@ static int acpi_suspend_begin_old(suspen | |
18702 | * The following callbacks are used if the pre-ACPI 2.0 suspend ordering has | |
18703 | * been requested. | |
18704 | */ | |
18705 | -static struct platform_suspend_ops acpi_suspend_ops_old = { | |
18706 | +static const struct platform_suspend_ops acpi_suspend_ops_old = { | |
18707 | .valid = acpi_suspend_state_valid, | |
18708 | .begin = acpi_suspend_begin_old, | |
18709 | .prepare_late = acpi_pm_disable_gpes, | |
18710 | @@ -557,7 +557,7 @@ static void acpi_pm_enable_gpes(void) | |
18711 | acpi_enable_all_runtime_gpes(); | |
18712 | } | |
18713 | ||
18714 | -static struct platform_hibernation_ops acpi_hibernation_ops = { | |
18715 | +static const struct platform_hibernation_ops acpi_hibernation_ops = { | |
18716 | .begin = acpi_hibernation_begin, | |
18717 | .end = acpi_pm_end, | |
18718 | .pre_snapshot = acpi_hibernation_pre_snapshot, | |
18719 | @@ -610,7 +610,7 @@ static int acpi_hibernation_pre_snapshot | |
18720 | * The following callbacks are used if the pre-ACPI 2.0 suspend ordering has | |
18721 | * been requested. | |
18722 | */ | |
18723 | -static struct platform_hibernation_ops acpi_hibernation_ops_old = { | |
18724 | +static const struct platform_hibernation_ops acpi_hibernation_ops_old = { | |
18725 | .begin = acpi_hibernation_begin_old, | |
18726 | .end = acpi_pm_end, | |
18727 | .pre_snapshot = acpi_hibernation_pre_snapshot_old, | |
18728 | diff -urNp linux-2.6.33.1/drivers/acpi/video.c linux-2.6.33.1/drivers/acpi/video.c | |
18729 | --- linux-2.6.33.1/drivers/acpi/video.c 2010-03-15 12:09:39.000000000 -0400 | |
18730 | +++ linux-2.6.33.1/drivers/acpi/video.c 2010-03-20 16:58:39.136890536 -0400 | |
18731 | @@ -366,7 +366,7 @@ static int acpi_video_set_brightness(str | |
18732 | vd->brightness->levels[request_level]); | |
18733 | } | |
18734 | ||
18735 | -static struct backlight_ops acpi_backlight_ops = { | |
18736 | +static const struct backlight_ops acpi_backlight_ops = { | |
18737 | .get_brightness = acpi_video_get_brightness, | |
18738 | .update_status = acpi_video_set_brightness, | |
18739 | }; | |
18740 | diff -urNp linux-2.6.33.1/drivers/ata/ahci.c linux-2.6.33.1/drivers/ata/ahci.c | |
18741 | --- linux-2.6.33.1/drivers/ata/ahci.c 2010-03-15 12:09:39.000000000 -0400 | |
18742 | +++ linux-2.6.33.1/drivers/ata/ahci.c 2010-03-20 16:58:39.153286662 -0400 | |
18743 | @@ -387,7 +387,7 @@ static struct scsi_host_template ahci_sh | |
18744 | .sdev_attrs = ahci_sdev_attrs, | |
18745 | }; | |
18746 | ||
18747 | -static struct ata_port_operations ahci_ops = { | |
18748 | +static const struct ata_port_operations ahci_ops = { | |
18749 | .inherits = &sata_pmp_port_ops, | |
18750 | ||
18751 | .qc_defer = sata_pmp_qc_defer_cmd_switch, | |
18752 | @@ -424,17 +424,17 @@ static struct ata_port_operations ahci_o | |
18753 | .port_stop = ahci_port_stop, | |
18754 | }; | |
18755 | ||
18756 | -static struct ata_port_operations ahci_vt8251_ops = { | |
18757 | +static const struct ata_port_operations ahci_vt8251_ops = { | |
18758 | .inherits = &ahci_ops, | |
18759 | .hardreset = ahci_vt8251_hardreset, | |
18760 | }; | |
18761 | ||
18762 | -static struct ata_port_operations ahci_p5wdh_ops = { | |
18763 | +static const struct ata_port_operations ahci_p5wdh_ops = { | |
18764 | .inherits = &ahci_ops, | |
18765 | .hardreset = ahci_p5wdh_hardreset, | |
18766 | }; | |
18767 | ||
18768 | -static struct ata_port_operations ahci_sb600_ops = { | |
18769 | +static const struct ata_port_operations ahci_sb600_ops = { | |
18770 | .inherits = &ahci_ops, | |
18771 | .softreset = ahci_sb600_softreset, | |
18772 | .pmp_softreset = ahci_sb600_softreset, | |
18773 | @@ -681,7 +681,7 @@ static const struct pci_device_id ahci_p | |
58c5fc13 MT |
18774 | { PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, |
18775 | PCI_CLASS_STORAGE_SATA_AHCI, 0xffffff, board_ahci }, | |
18776 | ||
18777 | - { } /* terminate list */ | |
18778 | + { 0, 0, 0, 0, 0, 0, 0 } /* terminate list */ | |
18779 | }; | |
18780 | ||
18781 | ||
ae4e228f MT |
18782 | diff -urNp linux-2.6.33.1/drivers/ata/ata_generic.c linux-2.6.33.1/drivers/ata/ata_generic.c |
18783 | --- linux-2.6.33.1/drivers/ata/ata_generic.c 2010-03-15 12:09:39.000000000 -0400 | |
18784 | +++ linux-2.6.33.1/drivers/ata/ata_generic.c 2010-03-20 16:58:39.156781730 -0400 | |
18785 | @@ -95,7 +95,7 @@ static struct scsi_host_template generic | |
18786 | ATA_BMDMA_SHT(DRV_NAME), | |
18787 | }; | |
18788 | ||
18789 | -static struct ata_port_operations generic_port_ops = { | |
18790 | +static const struct ata_port_operations generic_port_ops = { | |
18791 | .inherits = &ata_bmdma_port_ops, | |
18792 | .cable_detect = ata_cable_unknown, | |
18793 | .set_mode = generic_set_mode, | |
18794 | diff -urNp linux-2.6.33.1/drivers/ata/ata_piix.c linux-2.6.33.1/drivers/ata/ata_piix.c | |
18795 | --- linux-2.6.33.1/drivers/ata/ata_piix.c 2010-03-15 12:09:39.000000000 -0400 | |
18796 | +++ linux-2.6.33.1/drivers/ata/ata_piix.c 2010-03-20 16:58:39.160672594 -0400 | |
58c5fc13 MT |
18797 | @@ -291,7 +291,7 @@ static const struct pci_device_id piix_p |
18798 | { 0x8086, 0x3b2d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata }, | |
18799 | /* SATA Controller IDE (PCH) */ | |
18800 | { 0x8086, 0x3b2e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata }, | |
18801 | - { } /* terminate list */ | |
18802 | + { 0, 0, 0, 0, 0, 0, 0 } /* terminate list */ | |
18803 | }; | |
18804 | ||
18805 | static struct pci_driver piix_pci_driver = { | |
ae4e228f MT |
18806 | @@ -309,7 +309,7 @@ static struct scsi_host_template piix_sh |
18807 | ATA_BMDMA_SHT(DRV_NAME), | |
18808 | }; | |
18809 | ||
18810 | -static struct ata_port_operations piix_pata_ops = { | |
18811 | +static const struct ata_port_operations piix_pata_ops = { | |
18812 | .inherits = &ata_bmdma32_port_ops, | |
18813 | .cable_detect = ata_cable_40wire, | |
18814 | .set_piomode = piix_set_piomode, | |
18815 | @@ -317,22 +317,22 @@ static struct ata_port_operations piix_p | |
18816 | .prereset = piix_pata_prereset, | |
18817 | }; | |
18818 | ||
18819 | -static struct ata_port_operations piix_vmw_ops = { | |
18820 | +static const struct ata_port_operations piix_vmw_ops = { | |
18821 | .inherits = &piix_pata_ops, | |
18822 | .bmdma_status = piix_vmw_bmdma_status, | |
18823 | }; | |
18824 | ||
18825 | -static struct ata_port_operations ich_pata_ops = { | |
18826 | +static const struct ata_port_operations ich_pata_ops = { | |
18827 | .inherits = &piix_pata_ops, | |
18828 | .cable_detect = ich_pata_cable_detect, | |
18829 | .set_dmamode = ich_set_dmamode, | |
18830 | }; | |
18831 | ||
18832 | -static struct ata_port_operations piix_sata_ops = { | |
18833 | +static const struct ata_port_operations piix_sata_ops = { | |
18834 | .inherits = &ata_bmdma32_port_ops, | |
18835 | }; | |
18836 | ||
18837 | -static struct ata_port_operations piix_sidpr_sata_ops = { | |
18838 | +static const struct ata_port_operations piix_sidpr_sata_ops = { | |
18839 | .inherits = &piix_sata_ops, | |
18840 | .hardreset = sata_std_hardreset, | |
18841 | .scr_read = piix_sidpr_scr_read, | |
58c5fc13 MT |
18842 | @@ -608,7 +608,7 @@ static const struct ich_laptop ich_lapto |
18843 | { 0x2653, 0x1043, 0x82D8 }, /* ICH6M on Asus Eee 701 */ | |
18844 | { 0x27df, 0x104d, 0x900e }, /* ICH7 on Sony TZ-90 */ | |
18845 | /* end marker */ | |
18846 | - { 0, } | |
18847 | + { 0, 0, 0 } | |
18848 | }; | |
18849 | ||
18850 | /** | |
18851 | @@ -1086,7 +1086,7 @@ static int piix_broken_suspend(void) | |
18852 | }, | |
18853 | }, | |
18854 | ||
18855 | - { } /* terminate list */ | |
18856 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } /* terminate list */ | |
18857 | }; | |
18858 | static const char *oemstrs[] = { | |
18859 | "Tecra M3,", | |
ae4e228f MT |
18860 | diff -urNp linux-2.6.33.1/drivers/ata/libata-acpi.c linux-2.6.33.1/drivers/ata/libata-acpi.c |
18861 | --- linux-2.6.33.1/drivers/ata/libata-acpi.c 2010-03-15 12:09:39.000000000 -0400 | |
18862 | +++ linux-2.6.33.1/drivers/ata/libata-acpi.c 2010-03-20 16:58:39.164792430 -0400 | |
18863 | @@ -223,12 +223,12 @@ static void ata_acpi_dev_uevent(acpi_han | |
18864 | ata_acpi_uevent(dev->link->ap, dev, event); | |
18865 | } | |
18866 | ||
18867 | -static struct acpi_dock_ops ata_acpi_dev_dock_ops = { | |
18868 | +static const struct acpi_dock_ops ata_acpi_dev_dock_ops = { | |
18869 | .handler = ata_acpi_dev_notify_dock, | |
18870 | .uevent = ata_acpi_dev_uevent, | |
18871 | }; | |
18872 | ||
18873 | -static struct acpi_dock_ops ata_acpi_ap_dock_ops = { | |
18874 | +static const struct acpi_dock_ops ata_acpi_ap_dock_ops = { | |
18875 | .handler = ata_acpi_ap_notify_dock, | |
18876 | .uevent = ata_acpi_ap_uevent, | |
18877 | }; | |
18878 | diff -urNp linux-2.6.33.1/drivers/ata/libata-core.c linux-2.6.33.1/drivers/ata/libata-core.c | |
18879 | --- linux-2.6.33.1/drivers/ata/libata-core.c 2010-03-15 12:09:39.000000000 -0400 | |
18880 | +++ linux-2.6.33.1/drivers/ata/libata-core.c 2010-03-20 16:58:39.176796856 -0400 | |
58c5fc13 MT |
18881 | @@ -896,7 +896,7 @@ static const struct ata_xfer_ent { |
18882 | { ATA_SHIFT_PIO, ATA_NR_PIO_MODES, XFER_PIO_0 }, | |
18883 | { ATA_SHIFT_MWDMA, ATA_NR_MWDMA_MODES, XFER_MW_DMA_0 }, | |
18884 | { ATA_SHIFT_UDMA, ATA_NR_UDMA_MODES, XFER_UDMA_0 }, | |
18885 | - { -1, }, | |
18886 | + { -1, 0, 0 } | |
18887 | }; | |
18888 | ||
18889 | /** | |
ae4e228f | 18890 | @@ -3163,7 +3163,7 @@ static const struct ata_timing ata_timin |
58c5fc13 MT |
18891 | { XFER_UDMA_5, 0, 0, 0, 0, 0, 0, 0, 0, 20 }, |
18892 | { XFER_UDMA_6, 0, 0, 0, 0, 0, 0, 0, 0, 15 }, | |
18893 | ||
18894 | - { 0xFF } | |
18895 | + { 0xFF, 0, 0, 0, 0, 0, 0, 0, 0 } | |
18896 | }; | |
18897 | ||
18898 | #define ENOUGH(v, unit) (((v)-1)/(unit)+1) | |
ae4e228f | 18899 | @@ -4385,7 +4385,7 @@ static const struct ata_blacklist_entry |
58c5fc13 MT |
18900 | { "PIONEER DVD-RW DVRTD08", "1.00", ATA_HORKAGE_NOSETXFER }, |
18901 | ||
18902 | /* End Marker */ | |
18903 | - { } | |
18904 | + { NULL, NULL, 0 } | |
18905 | }; | |
18906 | ||
18907 | static int strn_pattern_cmp(const char *patt, const char *name, int wildchar) | |
ae4e228f MT |
18908 | @@ -5961,7 +5961,7 @@ static void ata_host_stop(struct device |
18909 | * LOCKING: | |
18910 | * None. | |
18911 | */ | |
18912 | -static void ata_finalize_port_ops(struct ata_port_operations *ops) | |
18913 | +static void ata_finalize_port_ops(const struct ata_port_operations *ops) | |
18914 | { | |
18915 | static DEFINE_SPINLOCK(lock); | |
18916 | const struct ata_port_operations *cur; | |
18917 | @@ -5973,6 +5973,7 @@ static void ata_finalize_port_ops(struct | |
18918 | return; | |
18919 | ||
18920 | spin_lock(&lock); | |
18921 | + pax_open_kernel(); | |
18922 | ||
18923 | for (cur = ops->inherits; cur; cur = cur->inherits) { | |
18924 | void **inherit = (void **)cur; | |
18925 | @@ -5986,8 +5987,9 @@ static void ata_finalize_port_ops(struct | |
18926 | if (IS_ERR(*pp)) | |
18927 | *pp = NULL; | |
18928 | ||
18929 | - ops->inherits = NULL; | |
18930 | + ((struct ata_port_operations *)ops)->inherits = NULL; | |
18931 | ||
18932 | + pax_close_kernel(); | |
18933 | spin_unlock(&lock); | |
18934 | } | |
18935 | ||
18936 | @@ -6084,7 +6086,7 @@ int ata_host_start(struct ata_host *host | |
18937 | */ | |
18938 | /* KILLME - the only user left is ipr */ | |
18939 | void ata_host_init(struct ata_host *host, struct device *dev, | |
18940 | - unsigned long flags, struct ata_port_operations *ops) | |
18941 | + unsigned long flags, const struct ata_port_operations *ops) | |
18942 | { | |
18943 | spin_lock_init(&host->lock); | |
18944 | host->dev = dev; | |
18945 | @@ -6754,7 +6756,7 @@ static void ata_dummy_error_handler(stru | |
18946 | /* truly dummy */ | |
18947 | } | |
18948 | ||
18949 | -struct ata_port_operations ata_dummy_port_ops = { | |
18950 | +const struct ata_port_operations ata_dummy_port_ops = { | |
18951 | .qc_prep = ata_noop_qc_prep, | |
18952 | .qc_issue = ata_dummy_qc_issue, | |
18953 | .error_handler = ata_dummy_error_handler, | |
18954 | diff -urNp linux-2.6.33.1/drivers/ata/libata-eh.c linux-2.6.33.1/drivers/ata/libata-eh.c | |
18955 | --- linux-2.6.33.1/drivers/ata/libata-eh.c 2010-03-15 12:09:39.000000000 -0400 | |
18956 | +++ linux-2.6.33.1/drivers/ata/libata-eh.c 2010-03-20 16:58:39.180707680 -0400 | |
18957 | @@ -3675,7 +3675,7 @@ void ata_do_eh(struct ata_port *ap, ata_ | |
18958 | */ | |
18959 | void ata_std_error_handler(struct ata_port *ap) | |
18960 | { | |
18961 | - struct ata_port_operations *ops = ap->ops; | |
18962 | + const struct ata_port_operations *ops = ap->ops; | |
18963 | ata_reset_fn_t hardreset = ops->hardreset; | |
18964 | ||
18965 | /* ignore built-in hardreset if SCR access is not available */ | |
18966 | diff -urNp linux-2.6.33.1/drivers/ata/libata-pmp.c linux-2.6.33.1/drivers/ata/libata-pmp.c | |
18967 | --- linux-2.6.33.1/drivers/ata/libata-pmp.c 2010-03-15 12:09:39.000000000 -0400 | |
18968 | +++ linux-2.6.33.1/drivers/ata/libata-pmp.c 2010-03-20 16:58:39.180707680 -0400 | |
18969 | @@ -841,7 +841,7 @@ static int sata_pmp_handle_link_fail(str | |
18970 | */ | |
18971 | static int sata_pmp_eh_recover(struct ata_port *ap) | |
18972 | { | |
18973 | - struct ata_port_operations *ops = ap->ops; | |
18974 | + const struct ata_port_operations *ops = ap->ops; | |
18975 | int pmp_tries, link_tries[SATA_PMP_MAX_PORTS]; | |
18976 | struct ata_link *pmp_link = &ap->link; | |
18977 | struct ata_device *pmp_dev = pmp_link->device; | |
18978 | diff -urNp linux-2.6.33.1/drivers/ata/pata_acpi.c linux-2.6.33.1/drivers/ata/pata_acpi.c | |
18979 | --- linux-2.6.33.1/drivers/ata/pata_acpi.c 2010-03-15 12:09:39.000000000 -0400 | |
18980 | +++ linux-2.6.33.1/drivers/ata/pata_acpi.c 2010-03-20 16:58:39.188784803 -0400 | |
18981 | @@ -215,7 +215,7 @@ static struct scsi_host_template pacpi_s | |
18982 | ATA_BMDMA_SHT(DRV_NAME), | |
18983 | }; | |
18984 | ||
18985 | -static struct ata_port_operations pacpi_ops = { | |
18986 | +static const struct ata_port_operations pacpi_ops = { | |
18987 | .inherits = &ata_bmdma_port_ops, | |
18988 | .qc_issue = pacpi_qc_issue, | |
18989 | .cable_detect = pacpi_cable_detect, | |
18990 | diff -urNp linux-2.6.33.1/drivers/ata/pata_ali.c linux-2.6.33.1/drivers/ata/pata_ali.c | |
18991 | --- linux-2.6.33.1/drivers/ata/pata_ali.c 2010-03-15 12:09:39.000000000 -0400 | |
18992 | +++ linux-2.6.33.1/drivers/ata/pata_ali.c 2010-03-20 16:58:39.188784803 -0400 | |
18993 | @@ -365,7 +365,7 @@ static struct scsi_host_template ali_sht | |
18994 | * Port operations for PIO only ALi | |
18995 | */ | |
18996 | ||
18997 | -static struct ata_port_operations ali_early_port_ops = { | |
18998 | +static const struct ata_port_operations ali_early_port_ops = { | |
18999 | .inherits = &ata_sff_port_ops, | |
19000 | .cable_detect = ata_cable_40wire, | |
19001 | .set_piomode = ali_set_piomode, | |
19002 | @@ -382,7 +382,7 @@ static const struct ata_port_operations | |
19003 | * Port operations for DMA capable ALi without cable | |
19004 | * detect | |
19005 | */ | |
19006 | -static struct ata_port_operations ali_20_port_ops = { | |
19007 | +static const struct ata_port_operations ali_20_port_ops = { | |
19008 | .inherits = &ali_dma_base_ops, | |
19009 | .cable_detect = ata_cable_40wire, | |
19010 | .mode_filter = ali_20_filter, | |
19011 | @@ -393,7 +393,7 @@ static struct ata_port_operations ali_20 | |
19012 | /* | |
19013 | * Port operations for DMA capable ALi with cable detect | |
19014 | */ | |
19015 | -static struct ata_port_operations ali_c2_port_ops = { | |
19016 | +static const struct ata_port_operations ali_c2_port_ops = { | |
19017 | .inherits = &ali_dma_base_ops, | |
19018 | .check_atapi_dma = ali_check_atapi_dma, | |
19019 | .cable_detect = ali_c2_cable_detect, | |
19020 | @@ -404,7 +404,7 @@ static struct ata_port_operations ali_c2 | |
19021 | /* | |
19022 | * Port operations for DMA capable ALi with cable detect | |
19023 | */ | |
19024 | -static struct ata_port_operations ali_c4_port_ops = { | |
19025 | +static const struct ata_port_operations ali_c4_port_ops = { | |
19026 | .inherits = &ali_dma_base_ops, | |
19027 | .check_atapi_dma = ali_check_atapi_dma, | |
19028 | .cable_detect = ali_c2_cable_detect, | |
19029 | @@ -414,7 +414,7 @@ static struct ata_port_operations ali_c4 | |
19030 | /* | |
19031 | * Port operations for DMA capable ALi with cable detect and LBA48 | |
19032 | */ | |
19033 | -static struct ata_port_operations ali_c5_port_ops = { | |
19034 | +static const struct ata_port_operations ali_c5_port_ops = { | |
19035 | .inherits = &ali_dma_base_ops, | |
19036 | .check_atapi_dma = ali_check_atapi_dma, | |
19037 | .dev_config = ali_warn_atapi_dma, | |
19038 | diff -urNp linux-2.6.33.1/drivers/ata/pata_amd.c linux-2.6.33.1/drivers/ata/pata_amd.c | |
19039 | --- linux-2.6.33.1/drivers/ata/pata_amd.c 2010-03-15 12:09:39.000000000 -0400 | |
19040 | +++ linux-2.6.33.1/drivers/ata/pata_amd.c 2010-03-20 16:58:39.214454463 -0400 | |
19041 | @@ -397,28 +397,28 @@ static const struct ata_port_operations | |
19042 | .prereset = amd_pre_reset, | |
19043 | }; | |
19044 | ||
19045 | -static struct ata_port_operations amd33_port_ops = { | |
19046 | +static const struct ata_port_operations amd33_port_ops = { | |
19047 | .inherits = &amd_base_port_ops, | |
19048 | .cable_detect = ata_cable_40wire, | |
19049 | .set_piomode = amd33_set_piomode, | |
19050 | .set_dmamode = amd33_set_dmamode, | |
19051 | }; | |
19052 | ||
19053 | -static struct ata_port_operations amd66_port_ops = { | |
19054 | +static const struct ata_port_operations amd66_port_ops = { | |
19055 | .inherits = &amd_base_port_ops, | |
19056 | .cable_detect = ata_cable_unknown, | |
19057 | .set_piomode = amd66_set_piomode, | |
19058 | .set_dmamode = amd66_set_dmamode, | |
19059 | }; | |
19060 | ||
19061 | -static struct ata_port_operations amd100_port_ops = { | |
19062 | +static const struct ata_port_operations amd100_port_ops = { | |
19063 | .inherits = &amd_base_port_ops, | |
19064 | .cable_detect = ata_cable_unknown, | |
19065 | .set_piomode = amd100_set_piomode, | |
19066 | .set_dmamode = amd100_set_dmamode, | |
19067 | }; | |
19068 | ||
19069 | -static struct ata_port_operations amd133_port_ops = { | |
19070 | +static const struct ata_port_operations amd133_port_ops = { | |
19071 | .inherits = &amd_base_port_ops, | |
19072 | .cable_detect = amd_cable_detect, | |
19073 | .set_piomode = amd133_set_piomode, | |
19074 | @@ -433,13 +433,13 @@ static const struct ata_port_operations | |
19075 | .host_stop = nv_host_stop, | |
19076 | }; | |
19077 | ||
19078 | -static struct ata_port_operations nv100_port_ops = { | |
19079 | +static const struct ata_port_operations nv100_port_ops = { | |
19080 | .inherits = &nv_base_port_ops, | |
19081 | .set_piomode = nv100_set_piomode, | |
19082 | .set_dmamode = nv100_set_dmamode, | |
19083 | }; | |
19084 | ||
19085 | -static struct ata_port_operations nv133_port_ops = { | |
19086 | +static const struct ata_port_operations nv133_port_ops = { | |
19087 | .inherits = &nv_base_port_ops, | |
19088 | .set_piomode = nv133_set_piomode, | |
19089 | .set_dmamode = nv133_set_dmamode, | |
19090 | diff -urNp linux-2.6.33.1/drivers/ata/pata_artop.c linux-2.6.33.1/drivers/ata/pata_artop.c | |
19091 | --- linux-2.6.33.1/drivers/ata/pata_artop.c 2010-03-15 12:09:39.000000000 -0400 | |
19092 | +++ linux-2.6.33.1/drivers/ata/pata_artop.c 2010-03-20 16:58:39.220796895 -0400 | |
19093 | @@ -311,7 +311,7 @@ static struct scsi_host_template artop_s | |
19094 | ATA_BMDMA_SHT(DRV_NAME), | |
19095 | }; | |
19096 | ||
19097 | -static struct ata_port_operations artop6210_ops = { | |
19098 | +static const struct ata_port_operations artop6210_ops = { | |
19099 | .inherits = &ata_bmdma_port_ops, | |
19100 | .cable_detect = ata_cable_40wire, | |
19101 | .set_piomode = artop6210_set_piomode, | |
19102 | @@ -320,7 +320,7 @@ static struct ata_port_operations artop6 | |
19103 | .qc_defer = artop6210_qc_defer, | |
19104 | }; | |
19105 | ||
19106 | -static struct ata_port_operations artop6260_ops = { | |
19107 | +static const struct ata_port_operations artop6260_ops = { | |
19108 | .inherits = &ata_bmdma_port_ops, | |
19109 | .cable_detect = artop6260_cable_detect, | |
19110 | .set_piomode = artop6260_set_piomode, | |
19111 | diff -urNp linux-2.6.33.1/drivers/ata/pata_at32.c linux-2.6.33.1/drivers/ata/pata_at32.c | |
19112 | --- linux-2.6.33.1/drivers/ata/pata_at32.c 2010-03-15 12:09:39.000000000 -0400 | |
19113 | +++ linux-2.6.33.1/drivers/ata/pata_at32.c 2010-03-20 16:58:39.220796895 -0400 | |
19114 | @@ -172,7 +172,7 @@ static struct scsi_host_template at32_sh | |
19115 | ATA_PIO_SHT(DRV_NAME), | |
19116 | }; | |
19117 | ||
19118 | -static struct ata_port_operations at32_port_ops = { | |
19119 | +static const struct ata_port_operations at32_port_ops = { | |
19120 | .inherits = &ata_sff_port_ops, | |
19121 | .cable_detect = ata_cable_40wire, | |
19122 | .set_piomode = pata_at32_set_piomode, | |
19123 | diff -urNp linux-2.6.33.1/drivers/ata/pata_at91.c linux-2.6.33.1/drivers/ata/pata_at91.c | |
19124 | --- linux-2.6.33.1/drivers/ata/pata_at91.c 2010-03-15 12:09:39.000000000 -0400 | |
19125 | +++ linux-2.6.33.1/drivers/ata/pata_at91.c 2010-03-20 16:58:39.224661770 -0400 | |
19126 | @@ -195,7 +195,7 @@ static struct scsi_host_template pata_at | |
19127 | ATA_PIO_SHT(DRV_NAME), | |
19128 | }; | |
19129 | ||
19130 | -static struct ata_port_operations pata_at91_port_ops = { | |
19131 | +static const struct ata_port_operations pata_at91_port_ops = { | |
19132 | .inherits = &ata_sff_port_ops, | |
19133 | ||
19134 | .sff_data_xfer = pata_at91_data_xfer_noirq, | |
19135 | diff -urNp linux-2.6.33.1/drivers/ata/pata_atiixp.c linux-2.6.33.1/drivers/ata/pata_atiixp.c | |
19136 | --- linux-2.6.33.1/drivers/ata/pata_atiixp.c 2010-03-15 12:09:39.000000000 -0400 | |
19137 | +++ linux-2.6.33.1/drivers/ata/pata_atiixp.c 2010-03-20 16:58:39.224661770 -0400 | |
19138 | @@ -205,7 +205,7 @@ static struct scsi_host_template atiixp_ | |
19139 | .sg_tablesize = LIBATA_DUMB_MAX_PRD, | |
19140 | }; | |
19141 | ||
19142 | -static struct ata_port_operations atiixp_port_ops = { | |
19143 | +static const struct ata_port_operations atiixp_port_ops = { | |
19144 | .inherits = &ata_bmdma_port_ops, | |
19145 | ||
19146 | .qc_prep = ata_sff_dumb_qc_prep, | |
19147 | diff -urNp linux-2.6.33.1/drivers/ata/pata_atp867x.c linux-2.6.33.1/drivers/ata/pata_atp867x.c | |
19148 | --- linux-2.6.33.1/drivers/ata/pata_atp867x.c 2010-03-15 12:09:39.000000000 -0400 | |
19149 | +++ linux-2.6.33.1/drivers/ata/pata_atp867x.c 2010-03-20 16:58:39.224661770 -0400 | |
19150 | @@ -274,7 +274,7 @@ static struct scsi_host_template atp867x | |
19151 | ATA_BMDMA_SHT(DRV_NAME), | |
19152 | }; | |
19153 | ||
19154 | -static struct ata_port_operations atp867x_ops = { | |
19155 | +static const struct ata_port_operations atp867x_ops = { | |
19156 | .inherits = &ata_bmdma_port_ops, | |
19157 | .cable_detect = atp867x_cable_detect, | |
19158 | .set_piomode = atp867x_set_piomode, | |
19159 | diff -urNp linux-2.6.33.1/drivers/ata/pata_bf54x.c linux-2.6.33.1/drivers/ata/pata_bf54x.c | |
19160 | --- linux-2.6.33.1/drivers/ata/pata_bf54x.c 2010-03-15 12:09:39.000000000 -0400 | |
19161 | +++ linux-2.6.33.1/drivers/ata/pata_bf54x.c 2010-03-20 16:58:39.236808133 -0400 | |
19162 | @@ -1464,7 +1464,7 @@ static struct scsi_host_template bfin_sh | |
19163 | .dma_boundary = ATA_DMA_BOUNDARY, | |
19164 | }; | |
19165 | ||
19166 | -static struct ata_port_operations bfin_pata_ops = { | |
19167 | +static const struct ata_port_operations bfin_pata_ops = { | |
19168 | .inherits = &ata_sff_port_ops, | |
19169 | ||
19170 | .set_piomode = bfin_set_piomode, | |
19171 | diff -urNp linux-2.6.33.1/drivers/ata/pata_cmd640.c linux-2.6.33.1/drivers/ata/pata_cmd640.c | |
19172 | --- linux-2.6.33.1/drivers/ata/pata_cmd640.c 2010-03-15 12:09:39.000000000 -0400 | |
19173 | +++ linux-2.6.33.1/drivers/ata/pata_cmd640.c 2010-03-20 16:58:39.244791590 -0400 | |
19174 | @@ -168,7 +168,7 @@ static struct scsi_host_template cmd640_ | |
19175 | ATA_BMDMA_SHT(DRV_NAME), | |
19176 | }; | |
19177 | ||
19178 | -static struct ata_port_operations cmd640_port_ops = { | |
19179 | +static const struct ata_port_operations cmd640_port_ops = { | |
19180 | .inherits = &ata_bmdma_port_ops, | |
19181 | /* In theory xfer_noirq is not needed once we kill the prefetcher */ | |
19182 | .sff_data_xfer = ata_sff_data_xfer_noirq, | |
19183 | diff -urNp linux-2.6.33.1/drivers/ata/pata_cmd64x.c linux-2.6.33.1/drivers/ata/pata_cmd64x.c | |
19184 | --- linux-2.6.33.1/drivers/ata/pata_cmd64x.c 2010-03-15 12:09:39.000000000 -0400 | |
19185 | +++ linux-2.6.33.1/drivers/ata/pata_cmd64x.c 2010-03-20 16:58:39.252794847 -0400 | |
19186 | @@ -275,18 +275,18 @@ static const struct ata_port_operations | |
19187 | .set_dmamode = cmd64x_set_dmamode, | |
19188 | }; | |
19189 | ||
19190 | -static struct ata_port_operations cmd64x_port_ops = { | |
19191 | +static const struct ata_port_operations cmd64x_port_ops = { | |
19192 | .inherits = &cmd64x_base_ops, | |
19193 | .cable_detect = ata_cable_40wire, | |
19194 | }; | |
19195 | ||
19196 | -static struct ata_port_operations cmd646r1_port_ops = { | |
19197 | +static const struct ata_port_operations cmd646r1_port_ops = { | |
19198 | .inherits = &cmd64x_base_ops, | |
19199 | .bmdma_stop = cmd646r1_bmdma_stop, | |
19200 | .cable_detect = ata_cable_40wire, | |
19201 | }; | |
19202 | ||
19203 | -static struct ata_port_operations cmd648_port_ops = { | |
19204 | +static const struct ata_port_operations cmd648_port_ops = { | |
19205 | .inherits = &cmd64x_base_ops, | |
19206 | .bmdma_stop = cmd648_bmdma_stop, | |
19207 | .cable_detect = cmd648_cable_detect, | |
19208 | diff -urNp linux-2.6.33.1/drivers/ata/pata_cs5520.c linux-2.6.33.1/drivers/ata/pata_cs5520.c | |
19209 | --- linux-2.6.33.1/drivers/ata/pata_cs5520.c 2010-03-15 12:09:39.000000000 -0400 | |
19210 | +++ linux-2.6.33.1/drivers/ata/pata_cs5520.c 2010-03-20 16:58:39.268797665 -0400 | |
19211 | @@ -108,7 +108,7 @@ static struct scsi_host_template cs5520_ | |
19212 | .sg_tablesize = LIBATA_DUMB_MAX_PRD, | |
19213 | }; | |
19214 | ||
19215 | -static struct ata_port_operations cs5520_port_ops = { | |
19216 | +static const struct ata_port_operations cs5520_port_ops = { | |
19217 | .inherits = &ata_bmdma_port_ops, | |
19218 | .qc_prep = ata_sff_dumb_qc_prep, | |
19219 | .cable_detect = ata_cable_40wire, | |
19220 | diff -urNp linux-2.6.33.1/drivers/ata/pata_cs5530.c linux-2.6.33.1/drivers/ata/pata_cs5530.c | |
19221 | --- linux-2.6.33.1/drivers/ata/pata_cs5530.c 2010-03-15 12:09:39.000000000 -0400 | |
19222 | +++ linux-2.6.33.1/drivers/ata/pata_cs5530.c 2010-03-20 16:58:39.272512019 -0400 | |
19223 | @@ -164,7 +164,7 @@ static struct scsi_host_template cs5530_ | |
19224 | .sg_tablesize = LIBATA_DUMB_MAX_PRD, | |
19225 | }; | |
19226 | ||
19227 | -static struct ata_port_operations cs5530_port_ops = { | |
19228 | +static const struct ata_port_operations cs5530_port_ops = { | |
19229 | .inherits = &ata_bmdma_port_ops, | |
19230 | ||
19231 | .qc_prep = ata_sff_dumb_qc_prep, | |
19232 | diff -urNp linux-2.6.33.1/drivers/ata/pata_cs5535.c linux-2.6.33.1/drivers/ata/pata_cs5535.c | |
19233 | --- linux-2.6.33.1/drivers/ata/pata_cs5535.c 2010-03-15 12:09:39.000000000 -0400 | |
19234 | +++ linux-2.6.33.1/drivers/ata/pata_cs5535.c 2010-03-20 16:58:39.272512019 -0400 | |
19235 | @@ -160,7 +160,7 @@ static struct scsi_host_template cs5535_ | |
19236 | ATA_BMDMA_SHT(DRV_NAME), | |
19237 | }; | |
19238 | ||
19239 | -static struct ata_port_operations cs5535_port_ops = { | |
19240 | +static const struct ata_port_operations cs5535_port_ops = { | |
19241 | .inherits = &ata_bmdma_port_ops, | |
19242 | .cable_detect = cs5535_cable_detect, | |
19243 | .set_piomode = cs5535_set_piomode, | |
19244 | diff -urNp linux-2.6.33.1/drivers/ata/pata_cs5536.c linux-2.6.33.1/drivers/ata/pata_cs5536.c | |
19245 | --- linux-2.6.33.1/drivers/ata/pata_cs5536.c 2010-03-15 12:09:39.000000000 -0400 | |
19246 | +++ linux-2.6.33.1/drivers/ata/pata_cs5536.c 2010-03-20 16:58:39.272512019 -0400 | |
19247 | @@ -223,7 +223,7 @@ static struct scsi_host_template cs5536_ | |
19248 | ATA_BMDMA_SHT(DRV_NAME), | |
19249 | }; | |
19250 | ||
19251 | -static struct ata_port_operations cs5536_port_ops = { | |
19252 | +static const struct ata_port_operations cs5536_port_ops = { | |
19253 | .inherits = &ata_bmdma32_port_ops, | |
19254 | .cable_detect = cs5536_cable_detect, | |
19255 | .set_piomode = cs5536_set_piomode, | |
19256 | diff -urNp linux-2.6.33.1/drivers/ata/pata_cypress.c linux-2.6.33.1/drivers/ata/pata_cypress.c | |
19257 | --- linux-2.6.33.1/drivers/ata/pata_cypress.c 2010-03-15 12:09:39.000000000 -0400 | |
19258 | +++ linux-2.6.33.1/drivers/ata/pata_cypress.c 2010-03-20 16:58:39.272512019 -0400 | |
19259 | @@ -113,7 +113,7 @@ static struct scsi_host_template cy82c69 | |
19260 | ATA_BMDMA_SHT(DRV_NAME), | |
19261 | }; | |
19262 | ||
19263 | -static struct ata_port_operations cy82c693_port_ops = { | |
19264 | +static const struct ata_port_operations cy82c693_port_ops = { | |
19265 | .inherits = &ata_bmdma_port_ops, | |
19266 | .cable_detect = ata_cable_40wire, | |
19267 | .set_piomode = cy82c693_set_piomode, | |
19268 | diff -urNp linux-2.6.33.1/drivers/ata/pata_efar.c linux-2.6.33.1/drivers/ata/pata_efar.c | |
19269 | --- linux-2.6.33.1/drivers/ata/pata_efar.c 2010-03-15 12:09:39.000000000 -0400 | |
19270 | +++ linux-2.6.33.1/drivers/ata/pata_efar.c 2010-03-20 16:58:39.272512019 -0400 | |
19271 | @@ -223,7 +223,7 @@ static struct scsi_host_template efar_sh | |
19272 | ATA_BMDMA_SHT(DRV_NAME), | |
19273 | }; | |
19274 | ||
19275 | -static struct ata_port_operations efar_ops = { | |
19276 | +static const struct ata_port_operations efar_ops = { | |
19277 | .inherits = &ata_bmdma_port_ops, | |
19278 | .cable_detect = efar_cable_detect, | |
19279 | .set_piomode = efar_set_piomode, | |
19280 | diff -urNp linux-2.6.33.1/drivers/ata/pata_hpt366.c linux-2.6.33.1/drivers/ata/pata_hpt366.c | |
19281 | --- linux-2.6.33.1/drivers/ata/pata_hpt366.c 2010-03-15 12:09:39.000000000 -0400 | |
19282 | +++ linux-2.6.33.1/drivers/ata/pata_hpt366.c 2010-03-20 16:58:39.272512019 -0400 | |
19283 | @@ -280,7 +280,7 @@ static struct scsi_host_template hpt36x_ | |
19284 | * Configuration for HPT366/68 | |
19285 | */ | |
19286 | ||
19287 | -static struct ata_port_operations hpt366_port_ops = { | |
19288 | +static const struct ata_port_operations hpt366_port_ops = { | |
19289 | .inherits = &ata_bmdma_port_ops, | |
19290 | .cable_detect = hpt36x_cable_detect, | |
19291 | .mode_filter = hpt366_filter, | |
19292 | diff -urNp linux-2.6.33.1/drivers/ata/pata_hpt37x.c linux-2.6.33.1/drivers/ata/pata_hpt37x.c | |
19293 | --- linux-2.6.33.1/drivers/ata/pata_hpt37x.c 2010-03-15 12:09:39.000000000 -0400 | |
19294 | +++ linux-2.6.33.1/drivers/ata/pata_hpt37x.c 2010-03-20 16:58:39.272512019 -0400 | |
19295 | @@ -583,7 +583,7 @@ static struct scsi_host_template hpt37x_ | |
19296 | * Configuration for HPT370 | |
19297 | */ | |
19298 | ||
19299 | -static struct ata_port_operations hpt370_port_ops = { | |
19300 | +static const struct ata_port_operations hpt370_port_ops = { | |
19301 | .inherits = &ata_bmdma_port_ops, | |
19302 | ||
19303 | .bmdma_stop = hpt370_bmdma_stop, | |
19304 | @@ -599,7 +599,7 @@ static struct ata_port_operations hpt370 | |
19305 | * Configuration for HPT370A. Close to 370 but less filters | |
19306 | */ | |
19307 | ||
19308 | -static struct ata_port_operations hpt370a_port_ops = { | |
19309 | +static const struct ata_port_operations hpt370a_port_ops = { | |
19310 | .inherits = &hpt370_port_ops, | |
19311 | .mode_filter = hpt370a_filter, | |
19312 | }; | |
19313 | @@ -609,7 +609,7 @@ static struct ata_port_operations hpt370 | |
19314 | * and DMA mode setting functionality. | |
19315 | */ | |
19316 | ||
19317 | -static struct ata_port_operations hpt372_port_ops = { | |
19318 | +static const struct ata_port_operations hpt372_port_ops = { | |
19319 | .inherits = &ata_bmdma_port_ops, | |
19320 | ||
19321 | .bmdma_stop = hpt37x_bmdma_stop, | |
19322 | @@ -625,7 +625,7 @@ static struct ata_port_operations hpt372 | |
19323 | * but we have a different cable detection procedure for function 1. | |
19324 | */ | |
19325 | ||
19326 | -static struct ata_port_operations hpt374_fn1_port_ops = { | |
19327 | +static const struct ata_port_operations hpt374_fn1_port_ops = { | |
19328 | .inherits = &hpt372_port_ops, | |
19329 | .cable_detect = hpt374_fn1_cable_detect, | |
19330 | .prereset = hpt37x_pre_reset, | |
19331 | diff -urNp linux-2.6.33.1/drivers/ata/pata_hpt3x2n.c linux-2.6.33.1/drivers/ata/pata_hpt3x2n.c | |
19332 | --- linux-2.6.33.1/drivers/ata/pata_hpt3x2n.c 2010-03-15 12:09:39.000000000 -0400 | |
19333 | +++ linux-2.6.33.1/drivers/ata/pata_hpt3x2n.c 2010-03-20 16:58:39.276654661 -0400 | |
19334 | @@ -339,7 +339,7 @@ static struct scsi_host_template hpt3x2n | |
19335 | * Configuration for HPT3x2n. | |
19336 | */ | |
19337 | ||
19338 | -static struct ata_port_operations hpt3x2n_port_ops = { | |
19339 | +static const struct ata_port_operations hpt3x2n_port_ops = { | |
19340 | .inherits = &ata_bmdma_port_ops, | |
19341 | ||
19342 | .bmdma_stop = hpt3x2n_bmdma_stop, | |
19343 | diff -urNp linux-2.6.33.1/drivers/ata/pata_hpt3x3.c linux-2.6.33.1/drivers/ata/pata_hpt3x3.c | |
19344 | --- linux-2.6.33.1/drivers/ata/pata_hpt3x3.c 2010-03-15 12:09:39.000000000 -0400 | |
19345 | +++ linux-2.6.33.1/drivers/ata/pata_hpt3x3.c 2010-03-20 16:58:39.284801841 -0400 | |
19346 | @@ -141,7 +141,7 @@ static struct scsi_host_template hpt3x3_ | |
19347 | ATA_BMDMA_SHT(DRV_NAME), | |
19348 | }; | |
19349 | ||
19350 | -static struct ata_port_operations hpt3x3_port_ops = { | |
19351 | +static const struct ata_port_operations hpt3x3_port_ops = { | |
19352 | .inherits = &ata_bmdma_port_ops, | |
19353 | .cable_detect = ata_cable_40wire, | |
19354 | .set_piomode = hpt3x3_set_piomode, | |
19355 | diff -urNp linux-2.6.33.1/drivers/ata/pata_icside.c linux-2.6.33.1/drivers/ata/pata_icside.c | |
19356 | --- linux-2.6.33.1/drivers/ata/pata_icside.c 2010-03-15 12:09:39.000000000 -0400 | |
19357 | +++ linux-2.6.33.1/drivers/ata/pata_icside.c 2010-03-20 16:58:39.284801841 -0400 | |
19358 | @@ -319,7 +319,7 @@ static void pata_icside_postreset(struct | |
19359 | } | |
19360 | } | |
19361 | ||
19362 | -static struct ata_port_operations pata_icside_port_ops = { | |
19363 | +static const struct ata_port_operations pata_icside_port_ops = { | |
19364 | .inherits = &ata_sff_port_ops, | |
19365 | /* no need to build any PRD tables for DMA */ | |
19366 | .qc_prep = ata_noop_qc_prep, | |
19367 | diff -urNp linux-2.6.33.1/drivers/ata/pata_isapnp.c linux-2.6.33.1/drivers/ata/pata_isapnp.c | |
19368 | --- linux-2.6.33.1/drivers/ata/pata_isapnp.c 2010-03-15 12:09:39.000000000 -0400 | |
19369 | +++ linux-2.6.33.1/drivers/ata/pata_isapnp.c 2010-03-20 16:58:39.292806212 -0400 | |
19370 | @@ -23,12 +23,12 @@ static struct scsi_host_template isapnp_ | |
19371 | ATA_PIO_SHT(DRV_NAME), | |
19372 | }; | |
19373 | ||
19374 | -static struct ata_port_operations isapnp_port_ops = { | |
19375 | +static const struct ata_port_operations isapnp_port_ops = { | |
19376 | .inherits = &ata_sff_port_ops, | |
19377 | .cable_detect = ata_cable_40wire, | |
19378 | }; | |
19379 | ||
19380 | -static struct ata_port_operations isapnp_noalt_port_ops = { | |
19381 | +static const struct ata_port_operations isapnp_noalt_port_ops = { | |
19382 | .inherits = &ata_sff_port_ops, | |
19383 | .cable_detect = ata_cable_40wire, | |
19384 | /* No altstatus so we don't want to use the lost interrupt poll */ | |
19385 | diff -urNp linux-2.6.33.1/drivers/ata/pata_it8213.c linux-2.6.33.1/drivers/ata/pata_it8213.c | |
19386 | --- linux-2.6.33.1/drivers/ata/pata_it8213.c 2010-03-15 12:09:39.000000000 -0400 | |
19387 | +++ linux-2.6.33.1/drivers/ata/pata_it8213.c 2010-03-20 16:58:39.296567577 -0400 | |
19388 | @@ -233,7 +233,7 @@ static struct scsi_host_template it8213_ | |
19389 | }; | |
19390 | ||
19391 | ||
19392 | -static struct ata_port_operations it8213_ops = { | |
19393 | +static const struct ata_port_operations it8213_ops = { | |
19394 | .inherits = &ata_bmdma_port_ops, | |
19395 | .cable_detect = it8213_cable_detect, | |
19396 | .set_piomode = it8213_set_piomode, | |
19397 | diff -urNp linux-2.6.33.1/drivers/ata/pata_it821x.c linux-2.6.33.1/drivers/ata/pata_it821x.c | |
19398 | --- linux-2.6.33.1/drivers/ata/pata_it821x.c 2010-03-15 12:09:39.000000000 -0400 | |
19399 | +++ linux-2.6.33.1/drivers/ata/pata_it821x.c 2010-03-20 16:58:39.296567577 -0400 | |
19400 | @@ -800,7 +800,7 @@ static struct scsi_host_template it821x_ | |
19401 | ATA_BMDMA_SHT(DRV_NAME), | |
19402 | }; | |
19403 | ||
19404 | -static struct ata_port_operations it821x_smart_port_ops = { | |
19405 | +static const struct ata_port_operations it821x_smart_port_ops = { | |
19406 | .inherits = &ata_bmdma_port_ops, | |
19407 | ||
19408 | .check_atapi_dma= it821x_check_atapi_dma, | |
19409 | @@ -814,7 +814,7 @@ static struct ata_port_operations it821x | |
19410 | .port_start = it821x_port_start, | |
19411 | }; | |
19412 | ||
19413 | -static struct ata_port_operations it821x_passthru_port_ops = { | |
19414 | +static const struct ata_port_operations it821x_passthru_port_ops = { | |
19415 | .inherits = &ata_bmdma_port_ops, | |
19416 | ||
19417 | .check_atapi_dma= it821x_check_atapi_dma, | |
19418 | @@ -830,7 +830,7 @@ static struct ata_port_operations it821x | |
19419 | .port_start = it821x_port_start, | |
19420 | }; | |
19421 | ||
19422 | -static struct ata_port_operations it821x_rdc_port_ops = { | |
19423 | +static const struct ata_port_operations it821x_rdc_port_ops = { | |
19424 | .inherits = &ata_bmdma_port_ops, | |
19425 | ||
19426 | .check_atapi_dma= it821x_check_atapi_dma, | |
19427 | diff -urNp linux-2.6.33.1/drivers/ata/pata_ixp4xx_cf.c linux-2.6.33.1/drivers/ata/pata_ixp4xx_cf.c | |
19428 | --- linux-2.6.33.1/drivers/ata/pata_ixp4xx_cf.c 2010-03-15 12:09:39.000000000 -0400 | |
19429 | +++ linux-2.6.33.1/drivers/ata/pata_ixp4xx_cf.c 2010-03-20 16:58:39.296567577 -0400 | |
19430 | @@ -89,7 +89,7 @@ static struct scsi_host_template ixp4xx_ | |
19431 | ATA_PIO_SHT(DRV_NAME), | |
19432 | }; | |
19433 | ||
19434 | -static struct ata_port_operations ixp4xx_port_ops = { | |
19435 | +static const struct ata_port_operations ixp4xx_port_ops = { | |
19436 | .inherits = &ata_sff_port_ops, | |
19437 | .sff_data_xfer = ixp4xx_mmio_data_xfer, | |
19438 | .cable_detect = ata_cable_40wire, | |
19439 | diff -urNp linux-2.6.33.1/drivers/ata/pata_jmicron.c linux-2.6.33.1/drivers/ata/pata_jmicron.c | |
19440 | --- linux-2.6.33.1/drivers/ata/pata_jmicron.c 2010-03-15 12:09:39.000000000 -0400 | |
19441 | +++ linux-2.6.33.1/drivers/ata/pata_jmicron.c 2010-03-20 16:58:39.296567577 -0400 | |
19442 | @@ -111,7 +111,7 @@ static struct scsi_host_template jmicron | |
19443 | ATA_BMDMA_SHT(DRV_NAME), | |
19444 | }; | |
19445 | ||
19446 | -static struct ata_port_operations jmicron_ops = { | |
19447 | +static const struct ata_port_operations jmicron_ops = { | |
19448 | .inherits = &ata_bmdma_port_ops, | |
19449 | .prereset = jmicron_pre_reset, | |
19450 | }; | |
19451 | diff -urNp linux-2.6.33.1/drivers/ata/pata_legacy.c linux-2.6.33.1/drivers/ata/pata_legacy.c | |
19452 | --- linux-2.6.33.1/drivers/ata/pata_legacy.c 2010-03-15 12:09:39.000000000 -0400 | |
19453 | +++ linux-2.6.33.1/drivers/ata/pata_legacy.c 2010-03-20 16:58:39.296567577 -0400 | |
19454 | @@ -113,7 +113,7 @@ struct legacy_probe { | |
19455 | ||
19456 | struct legacy_controller { | |
19457 | const char *name; | |
19458 | - struct ata_port_operations *ops; | |
19459 | + const struct ata_port_operations *ops; | |
19460 | unsigned int pio_mask; | |
19461 | unsigned int flags; | |
19462 | unsigned int pflags; | |
19463 | @@ -230,12 +230,12 @@ static const struct ata_port_operations | |
19464 | * pio_mask as well. | |
19465 | */ | |
19466 | ||
19467 | -static struct ata_port_operations simple_port_ops = { | |
19468 | +static const struct ata_port_operations simple_port_ops = { | |
19469 | .inherits = &legacy_base_port_ops, | |
19470 | .sff_data_xfer = ata_sff_data_xfer_noirq, | |
19471 | }; | |
19472 | ||
19473 | -static struct ata_port_operations legacy_port_ops = { | |
19474 | +static const struct ata_port_operations legacy_port_ops = { | |
19475 | .inherits = &legacy_base_port_ops, | |
19476 | .sff_data_xfer = ata_sff_data_xfer_noirq, | |
19477 | .set_mode = legacy_set_mode, | |
19478 | @@ -331,7 +331,7 @@ static unsigned int pdc_data_xfer_vlb(st | |
19479 | return buflen; | |
19480 | } | |
19481 | ||
19482 | -static struct ata_port_operations pdc20230_port_ops = { | |
19483 | +static const struct ata_port_operations pdc20230_port_ops = { | |
19484 | .inherits = &legacy_base_port_ops, | |
19485 | .set_piomode = pdc20230_set_piomode, | |
19486 | .sff_data_xfer = pdc_data_xfer_vlb, | |
19487 | @@ -364,7 +364,7 @@ static void ht6560a_set_piomode(struct a | |
19488 | ioread8(ap->ioaddr.status_addr); | |
19489 | } | |
19490 | ||
19491 | -static struct ata_port_operations ht6560a_port_ops = { | |
19492 | +static const struct ata_port_operations ht6560a_port_ops = { | |
19493 | .inherits = &legacy_base_port_ops, | |
19494 | .set_piomode = ht6560a_set_piomode, | |
19495 | }; | |
19496 | @@ -407,7 +407,7 @@ static void ht6560b_set_piomode(struct a | |
19497 | ioread8(ap->ioaddr.status_addr); | |
19498 | } | |
19499 | ||
19500 | -static struct ata_port_operations ht6560b_port_ops = { | |
19501 | +static const struct ata_port_operations ht6560b_port_ops = { | |
19502 | .inherits = &legacy_base_port_ops, | |
19503 | .set_piomode = ht6560b_set_piomode, | |
19504 | }; | |
19505 | @@ -506,7 +506,7 @@ static void opti82c611a_set_piomode(stru | |
19506 | } | |
19507 | ||
19508 | ||
19509 | -static struct ata_port_operations opti82c611a_port_ops = { | |
19510 | +static const struct ata_port_operations opti82c611a_port_ops = { | |
19511 | .inherits = &legacy_base_port_ops, | |
19512 | .set_piomode = opti82c611a_set_piomode, | |
19513 | }; | |
19514 | @@ -616,7 +616,7 @@ static unsigned int opti82c46x_qc_issue( | |
19515 | return ata_sff_qc_issue(qc); | |
19516 | } | |
19517 | ||
19518 | -static struct ata_port_operations opti82c46x_port_ops = { | |
19519 | +static const struct ata_port_operations opti82c46x_port_ops = { | |
19520 | .inherits = &legacy_base_port_ops, | |
19521 | .set_piomode = opti82c46x_set_piomode, | |
19522 | .qc_issue = opti82c46x_qc_issue, | |
19523 | @@ -778,20 +778,20 @@ static int qdi_port(struct platform_devi | |
19524 | return 0; | |
19525 | } | |
19526 | ||
19527 | -static struct ata_port_operations qdi6500_port_ops = { | |
19528 | +static const struct ata_port_operations qdi6500_port_ops = { | |
19529 | .inherits = &legacy_base_port_ops, | |
19530 | .set_piomode = qdi6500_set_piomode, | |
19531 | .qc_issue = qdi_qc_issue, | |
19532 | .sff_data_xfer = vlb32_data_xfer, | |
19533 | }; | |
19534 | ||
19535 | -static struct ata_port_operations qdi6580_port_ops = { | |
19536 | +static const struct ata_port_operations qdi6580_port_ops = { | |
19537 | .inherits = &legacy_base_port_ops, | |
19538 | .set_piomode = qdi6580_set_piomode, | |
19539 | .sff_data_xfer = vlb32_data_xfer, | |
19540 | }; | |
19541 | ||
19542 | -static struct ata_port_operations qdi6580dp_port_ops = { | |
19543 | +static const struct ata_port_operations qdi6580dp_port_ops = { | |
19544 | .inherits = &legacy_base_port_ops, | |
19545 | .set_piomode = qdi6580dp_set_piomode, | |
19546 | .qc_issue = qdi_qc_issue, | |
19547 | @@ -863,7 +863,7 @@ static int winbond_port(struct platform_ | |
19548 | return 0; | |
19549 | } | |
19550 | ||
19551 | -static struct ata_port_operations winbond_port_ops = { | |
19552 | +static const struct ata_port_operations winbond_port_ops = { | |
19553 | .inherits = &legacy_base_port_ops, | |
19554 | .set_piomode = winbond_set_piomode, | |
19555 | .sff_data_xfer = vlb32_data_xfer, | |
19556 | @@ -986,7 +986,7 @@ static __init int legacy_init_one(struct | |
19557 | int pio_modes = controller->pio_mask; | |
19558 | unsigned long io = probe->port; | |
19559 | u32 mask = (1 << probe->slot); | |
19560 | - struct ata_port_operations *ops = controller->ops; | |
19561 | + const struct ata_port_operations *ops = controller->ops; | |
19562 | struct legacy_data *ld = &legacy_data[probe->slot]; | |
19563 | struct ata_host *host = NULL; | |
19564 | struct ata_port *ap; | |
19565 | diff -urNp linux-2.6.33.1/drivers/ata/pata_macio.c linux-2.6.33.1/drivers/ata/pata_macio.c | |
19566 | --- linux-2.6.33.1/drivers/ata/pata_macio.c 2010-03-15 12:09:39.000000000 -0400 | |
19567 | +++ linux-2.6.33.1/drivers/ata/pata_macio.c 2010-03-20 16:58:39.300646647 -0400 | |
19568 | @@ -915,7 +915,7 @@ static struct scsi_host_template pata_ma | |
19569 | .slave_configure = pata_macio_slave_config, | |
19570 | }; | |
19571 | ||
19572 | -static struct ata_port_operations pata_macio_ops = { | |
19573 | +static const struct ata_port_operations pata_macio_ops = { | |
19574 | .inherits = &ata_sff_port_ops, | |
19575 | ||
19576 | .freeze = pata_macio_freeze, | |
19577 | diff -urNp linux-2.6.33.1/drivers/ata/pata_marvell.c linux-2.6.33.1/drivers/ata/pata_marvell.c | |
19578 | --- linux-2.6.33.1/drivers/ata/pata_marvell.c 2010-03-15 12:09:39.000000000 -0400 | |
19579 | +++ linux-2.6.33.1/drivers/ata/pata_marvell.c 2010-03-20 16:58:39.300646647 -0400 | |
19580 | @@ -100,7 +100,7 @@ static struct scsi_host_template marvell | |
19581 | ATA_BMDMA_SHT(DRV_NAME), | |
19582 | }; | |
19583 | ||
19584 | -static struct ata_port_operations marvell_ops = { | |
19585 | +static const struct ata_port_operations marvell_ops = { | |
19586 | .inherits = &ata_bmdma_port_ops, | |
19587 | .cable_detect = marvell_cable_detect, | |
19588 | .prereset = marvell_pre_reset, | |
19589 | diff -urNp linux-2.6.33.1/drivers/ata/pata_mpc52xx.c linux-2.6.33.1/drivers/ata/pata_mpc52xx.c | |
19590 | --- linux-2.6.33.1/drivers/ata/pata_mpc52xx.c 2010-03-15 12:09:39.000000000 -0400 | |
19591 | +++ linux-2.6.33.1/drivers/ata/pata_mpc52xx.c 2010-03-20 16:58:39.300646647 -0400 | |
19592 | @@ -609,7 +609,7 @@ static struct scsi_host_template mpc52xx | |
19593 | ATA_PIO_SHT(DRV_NAME), | |
19594 | }; | |
19595 | ||
19596 | -static struct ata_port_operations mpc52xx_ata_port_ops = { | |
19597 | +static const struct ata_port_operations mpc52xx_ata_port_ops = { | |
19598 | .inherits = &ata_sff_port_ops, | |
19599 | .sff_dev_select = mpc52xx_ata_dev_select, | |
19600 | .set_piomode = mpc52xx_ata_set_piomode, | |
19601 | diff -urNp linux-2.6.33.1/drivers/ata/pata_mpiix.c linux-2.6.33.1/drivers/ata/pata_mpiix.c | |
19602 | --- linux-2.6.33.1/drivers/ata/pata_mpiix.c 2010-03-15 12:09:39.000000000 -0400 | |
19603 | +++ linux-2.6.33.1/drivers/ata/pata_mpiix.c 2010-03-20 16:58:39.300646647 -0400 | |
19604 | @@ -140,7 +140,7 @@ static struct scsi_host_template mpiix_s | |
19605 | ATA_PIO_SHT(DRV_NAME), | |
19606 | }; | |
19607 | ||
19608 | -static struct ata_port_operations mpiix_port_ops = { | |
19609 | +static const struct ata_port_operations mpiix_port_ops = { | |
19610 | .inherits = &ata_sff_port_ops, | |
19611 | .qc_issue = mpiix_qc_issue, | |
19612 | .cable_detect = ata_cable_40wire, | |
19613 | diff -urNp linux-2.6.33.1/drivers/ata/pata_netcell.c linux-2.6.33.1/drivers/ata/pata_netcell.c | |
19614 | --- linux-2.6.33.1/drivers/ata/pata_netcell.c 2010-03-15 12:09:39.000000000 -0400 | |
19615 | +++ linux-2.6.33.1/drivers/ata/pata_netcell.c 2010-03-20 16:58:39.300646647 -0400 | |
19616 | @@ -34,7 +34,7 @@ static struct scsi_host_template netcell | |
19617 | ATA_BMDMA_SHT(DRV_NAME), | |
19618 | }; | |
19619 | ||
19620 | -static struct ata_port_operations netcell_ops = { | |
19621 | +static const struct ata_port_operations netcell_ops = { | |
19622 | .inherits = &ata_bmdma_port_ops, | |
19623 | .cable_detect = ata_cable_80wire, | |
19624 | .read_id = netcell_read_id, | |
19625 | diff -urNp linux-2.6.33.1/drivers/ata/pata_ninja32.c linux-2.6.33.1/drivers/ata/pata_ninja32.c | |
19626 | --- linux-2.6.33.1/drivers/ata/pata_ninja32.c 2010-03-15 12:09:39.000000000 -0400 | |
19627 | +++ linux-2.6.33.1/drivers/ata/pata_ninja32.c 2010-03-20 16:58:39.304517814 -0400 | |
19628 | @@ -81,7 +81,7 @@ static struct scsi_host_template ninja32 | |
19629 | ATA_BMDMA_SHT(DRV_NAME), | |
19630 | }; | |
19631 | ||
19632 | -static struct ata_port_operations ninja32_port_ops = { | |
19633 | +static const struct ata_port_operations ninja32_port_ops = { | |
19634 | .inherits = &ata_bmdma_port_ops, | |
19635 | .sff_dev_select = ninja32_dev_select, | |
19636 | .cable_detect = ata_cable_40wire, | |
19637 | diff -urNp linux-2.6.33.1/drivers/ata/pata_ns87410.c linux-2.6.33.1/drivers/ata/pata_ns87410.c | |
19638 | --- linux-2.6.33.1/drivers/ata/pata_ns87410.c 2010-03-15 12:09:39.000000000 -0400 | |
19639 | +++ linux-2.6.33.1/drivers/ata/pata_ns87410.c 2010-03-20 16:58:39.304517814 -0400 | |
19640 | @@ -132,7 +132,7 @@ static struct scsi_host_template ns87410 | |
19641 | ATA_PIO_SHT(DRV_NAME), | |
19642 | }; | |
19643 | ||
19644 | -static struct ata_port_operations ns87410_port_ops = { | |
19645 | +static const struct ata_port_operations ns87410_port_ops = { | |
19646 | .inherits = &ata_sff_port_ops, | |
19647 | .qc_issue = ns87410_qc_issue, | |
19648 | .cable_detect = ata_cable_40wire, | |
19649 | diff -urNp linux-2.6.33.1/drivers/ata/pata_ns87415.c linux-2.6.33.1/drivers/ata/pata_ns87415.c | |
19650 | --- linux-2.6.33.1/drivers/ata/pata_ns87415.c 2010-03-15 12:09:39.000000000 -0400 | |
19651 | +++ linux-2.6.33.1/drivers/ata/pata_ns87415.c 2010-03-20 16:58:39.304517814 -0400 | |
19652 | @@ -299,7 +299,7 @@ static u8 ns87560_bmdma_status(struct at | |
19653 | } | |
19654 | #endif /* 87560 SuperIO Support */ | |
19655 | ||
19656 | -static struct ata_port_operations ns87415_pata_ops = { | |
19657 | +static const struct ata_port_operations ns87415_pata_ops = { | |
19658 | .inherits = &ata_bmdma_port_ops, | |
19659 | ||
19660 | .check_atapi_dma = ns87415_check_atapi_dma, | |
19661 | @@ -313,7 +313,7 @@ static struct ata_port_operations ns8741 | |
19662 | }; | |
19663 | ||
19664 | #if defined(CONFIG_SUPERIO) | |
19665 | -static struct ata_port_operations ns87560_pata_ops = { | |
19666 | +static const struct ata_port_operations ns87560_pata_ops = { | |
19667 | .inherits = &ns87415_pata_ops, | |
19668 | .sff_tf_read = ns87560_tf_read, | |
19669 | .sff_check_status = ns87560_check_status, | |
19670 | diff -urNp linux-2.6.33.1/drivers/ata/pata_octeon_cf.c linux-2.6.33.1/drivers/ata/pata_octeon_cf.c | |
19671 | --- linux-2.6.33.1/drivers/ata/pata_octeon_cf.c 2010-03-15 12:09:39.000000000 -0400 | |
19672 | +++ linux-2.6.33.1/drivers/ata/pata_octeon_cf.c 2010-03-20 16:58:39.304517814 -0400 | |
19673 | @@ -801,6 +801,7 @@ static unsigned int octeon_cf_qc_issue(s | |
19674 | return 0; | |
19675 | } | |
19676 | ||
19677 | +/* cannot be const */ | |
19678 | static struct ata_port_operations octeon_cf_ops = { | |
19679 | .inherits = &ata_sff_port_ops, | |
19680 | .check_atapi_dma = octeon_cf_check_atapi_dma, | |
19681 | diff -urNp linux-2.6.33.1/drivers/ata/pata_oldpiix.c linux-2.6.33.1/drivers/ata/pata_oldpiix.c | |
19682 | --- linux-2.6.33.1/drivers/ata/pata_oldpiix.c 2010-03-15 12:09:39.000000000 -0400 | |
19683 | +++ linux-2.6.33.1/drivers/ata/pata_oldpiix.c 2010-03-20 16:58:39.304517814 -0400 | |
19684 | @@ -208,7 +208,7 @@ static struct scsi_host_template oldpiix | |
19685 | ATA_BMDMA_SHT(DRV_NAME), | |
19686 | }; | |
19687 | ||
19688 | -static struct ata_port_operations oldpiix_pata_ops = { | |
19689 | +static const struct ata_port_operations oldpiix_pata_ops = { | |
19690 | .inherits = &ata_bmdma_port_ops, | |
19691 | .qc_issue = oldpiix_qc_issue, | |
19692 | .cable_detect = ata_cable_40wire, | |
19693 | diff -urNp linux-2.6.33.1/drivers/ata/pata_opti.c linux-2.6.33.1/drivers/ata/pata_opti.c | |
19694 | --- linux-2.6.33.1/drivers/ata/pata_opti.c 2010-03-15 12:09:39.000000000 -0400 | |
19695 | +++ linux-2.6.33.1/drivers/ata/pata_opti.c 2010-03-20 16:58:39.304517814 -0400 | |
19696 | @@ -152,7 +152,7 @@ static struct scsi_host_template opti_sh | |
19697 | ATA_PIO_SHT(DRV_NAME), | |
19698 | }; | |
19699 | ||
19700 | -static struct ata_port_operations opti_port_ops = { | |
19701 | +static const struct ata_port_operations opti_port_ops = { | |
19702 | .inherits = &ata_sff_port_ops, | |
19703 | .cable_detect = ata_cable_40wire, | |
19704 | .set_piomode = opti_set_piomode, | |
19705 | diff -urNp linux-2.6.33.1/drivers/ata/pata_optidma.c linux-2.6.33.1/drivers/ata/pata_optidma.c | |
19706 | --- linux-2.6.33.1/drivers/ata/pata_optidma.c 2010-03-15 12:09:39.000000000 -0400 | |
19707 | +++ linux-2.6.33.1/drivers/ata/pata_optidma.c 2010-03-20 16:58:39.308536639 -0400 | |
19708 | @@ -337,7 +337,7 @@ static struct scsi_host_template optidma | |
19709 | ATA_BMDMA_SHT(DRV_NAME), | |
19710 | }; | |
19711 | ||
19712 | -static struct ata_port_operations optidma_port_ops = { | |
19713 | +static const struct ata_port_operations optidma_port_ops = { | |
19714 | .inherits = &ata_bmdma_port_ops, | |
19715 | .cable_detect = ata_cable_40wire, | |
19716 | .set_piomode = optidma_set_pio_mode, | |
19717 | @@ -346,7 +346,7 @@ static struct ata_port_operations optidm | |
19718 | .prereset = optidma_pre_reset, | |
19719 | }; | |
19720 | ||
19721 | -static struct ata_port_operations optiplus_port_ops = { | |
19722 | +static const struct ata_port_operations optiplus_port_ops = { | |
19723 | .inherits = &optidma_port_ops, | |
19724 | .set_piomode = optiplus_set_pio_mode, | |
19725 | .set_dmamode = optiplus_set_dma_mode, | |
19726 | diff -urNp linux-2.6.33.1/drivers/ata/pata_palmld.c linux-2.6.33.1/drivers/ata/pata_palmld.c | |
19727 | --- linux-2.6.33.1/drivers/ata/pata_palmld.c 2010-03-15 12:09:39.000000000 -0400 | |
19728 | +++ linux-2.6.33.1/drivers/ata/pata_palmld.c 2010-03-20 16:58:39.308536639 -0400 | |
19729 | @@ -37,7 +37,7 @@ static struct scsi_host_template palmld_ | |
19730 | ATA_PIO_SHT(DRV_NAME), | |
19731 | }; | |
19732 | ||
19733 | -static struct ata_port_operations palmld_port_ops = { | |
19734 | +static const struct ata_port_operations palmld_port_ops = { | |
19735 | .inherits = &ata_sff_port_ops, | |
19736 | .sff_data_xfer = ata_sff_data_xfer_noirq, | |
19737 | .cable_detect = ata_cable_40wire, | |
19738 | diff -urNp linux-2.6.33.1/drivers/ata/pata_pcmcia.c linux-2.6.33.1/drivers/ata/pata_pcmcia.c | |
19739 | --- linux-2.6.33.1/drivers/ata/pata_pcmcia.c 2010-03-15 12:09:39.000000000 -0400 | |
19740 | +++ linux-2.6.33.1/drivers/ata/pata_pcmcia.c 2010-03-20 16:58:39.308536639 -0400 | |
19741 | @@ -162,14 +162,14 @@ static struct scsi_host_template pcmcia_ | |
19742 | ATA_PIO_SHT(DRV_NAME), | |
19743 | }; | |
19744 | ||
19745 | -static struct ata_port_operations pcmcia_port_ops = { | |
19746 | +static const struct ata_port_operations pcmcia_port_ops = { | |
19747 | .inherits = &ata_sff_port_ops, | |
19748 | .sff_data_xfer = ata_sff_data_xfer_noirq, | |
19749 | .cable_detect = ata_cable_40wire, | |
19750 | .set_mode = pcmcia_set_mode, | |
19751 | }; | |
19752 | ||
19753 | -static struct ata_port_operations pcmcia_8bit_port_ops = { | |
19754 | +static const struct ata_port_operations pcmcia_8bit_port_ops = { | |
19755 | .inherits = &ata_sff_port_ops, | |
19756 | .sff_data_xfer = ata_data_xfer_8bit, | |
19757 | .cable_detect = ata_cable_40wire, | |
19758 | @@ -253,7 +253,7 @@ static int pcmcia_init_one(struct pcmcia | |
19759 | unsigned long io_base, ctl_base; | |
19760 | void __iomem *io_addr, *ctl_addr; | |
19761 | int n_ports = 1; | |
19762 | - struct ata_port_operations *ops = &pcmcia_port_ops; | |
19763 | + const struct ata_port_operations *ops = &pcmcia_port_ops; | |
19764 | ||
19765 | info = kzalloc(sizeof(*info), GFP_KERNEL); | |
19766 | if (info == NULL) | |
19767 | diff -urNp linux-2.6.33.1/drivers/ata/pata_pdc2027x.c linux-2.6.33.1/drivers/ata/pata_pdc2027x.c | |
19768 | --- linux-2.6.33.1/drivers/ata/pata_pdc2027x.c 2010-03-15 12:09:39.000000000 -0400 | |
19769 | +++ linux-2.6.33.1/drivers/ata/pata_pdc2027x.c 2010-03-20 16:58:39.308536639 -0400 | |
19770 | @@ -132,14 +132,14 @@ static struct scsi_host_template pdc2027 | |
19771 | ATA_BMDMA_SHT(DRV_NAME), | |
19772 | }; | |
19773 | ||
19774 | -static struct ata_port_operations pdc2027x_pata100_ops = { | |
19775 | +static const struct ata_port_operations pdc2027x_pata100_ops = { | |
19776 | .inherits = &ata_bmdma_port_ops, | |
19777 | .check_atapi_dma = pdc2027x_check_atapi_dma, | |
19778 | .cable_detect = pdc2027x_cable_detect, | |
19779 | .prereset = pdc2027x_prereset, | |
19780 | }; | |
19781 | ||
19782 | -static struct ata_port_operations pdc2027x_pata133_ops = { | |
19783 | +static const struct ata_port_operations pdc2027x_pata133_ops = { | |
19784 | .inherits = &pdc2027x_pata100_ops, | |
19785 | .mode_filter = pdc2027x_mode_filter, | |
19786 | .set_piomode = pdc2027x_set_piomode, | |
19787 | diff -urNp linux-2.6.33.1/drivers/ata/pata_pdc202xx_old.c linux-2.6.33.1/drivers/ata/pata_pdc202xx_old.c | |
19788 | --- linux-2.6.33.1/drivers/ata/pata_pdc202xx_old.c 2010-03-15 12:09:39.000000000 -0400 | |
19789 | +++ linux-2.6.33.1/drivers/ata/pata_pdc202xx_old.c 2010-03-20 16:58:39.308536639 -0400 | |
19790 | @@ -265,7 +265,7 @@ static struct scsi_host_template pdc202x | |
19791 | ATA_BMDMA_SHT(DRV_NAME), | |
19792 | }; | |
19793 | ||
19794 | -static struct ata_port_operations pdc2024x_port_ops = { | |
19795 | +static const struct ata_port_operations pdc2024x_port_ops = { | |
19796 | .inherits = &ata_bmdma_port_ops, | |
19797 | ||
19798 | .cable_detect = ata_cable_40wire, | |
19799 | @@ -273,7 +273,7 @@ static struct ata_port_operations pdc202 | |
19800 | .set_dmamode = pdc202xx_set_dmamode, | |
19801 | }; | |
19802 | ||
19803 | -static struct ata_port_operations pdc2026x_port_ops = { | |
19804 | +static const struct ata_port_operations pdc2026x_port_ops = { | |
19805 | .inherits = &pdc2024x_port_ops, | |
19806 | ||
19807 | .check_atapi_dma = pdc2026x_check_atapi_dma, | |
19808 | diff -urNp linux-2.6.33.1/drivers/ata/pata_piccolo.c linux-2.6.33.1/drivers/ata/pata_piccolo.c | |
19809 | --- linux-2.6.33.1/drivers/ata/pata_piccolo.c 2010-03-15 12:09:39.000000000 -0400 | |
19810 | +++ linux-2.6.33.1/drivers/ata/pata_piccolo.c 2010-03-20 16:58:39.308536639 -0400 | |
19811 | @@ -67,7 +67,7 @@ static struct scsi_host_template tosh_sh | |
19812 | ATA_BMDMA_SHT(DRV_NAME), | |
19813 | }; | |
19814 | ||
19815 | -static struct ata_port_operations tosh_port_ops = { | |
19816 | +static const struct ata_port_operations tosh_port_ops = { | |
19817 | .inherits = &ata_bmdma_port_ops, | |
19818 | .cable_detect = ata_cable_unknown, | |
19819 | .set_piomode = tosh_set_piomode, | |
19820 | diff -urNp linux-2.6.33.1/drivers/ata/pata_platform.c linux-2.6.33.1/drivers/ata/pata_platform.c | |
19821 | --- linux-2.6.33.1/drivers/ata/pata_platform.c 2010-03-15 12:09:39.000000000 -0400 | |
19822 | +++ linux-2.6.33.1/drivers/ata/pata_platform.c 2010-03-20 16:58:39.312510954 -0400 | |
19823 | @@ -48,7 +48,7 @@ static struct scsi_host_template pata_pl | |
19824 | ATA_PIO_SHT(DRV_NAME), | |
19825 | }; | |
19826 | ||
19827 | -static struct ata_port_operations pata_platform_port_ops = { | |
19828 | +static const struct ata_port_operations pata_platform_port_ops = { | |
19829 | .inherits = &ata_sff_port_ops, | |
19830 | .sff_data_xfer = ata_sff_data_xfer_noirq, | |
19831 | .cable_detect = ata_cable_unknown, | |
19832 | diff -urNp linux-2.6.33.1/drivers/ata/pata_qdi.c linux-2.6.33.1/drivers/ata/pata_qdi.c | |
19833 | --- linux-2.6.33.1/drivers/ata/pata_qdi.c 2010-03-15 12:09:39.000000000 -0400 | |
19834 | +++ linux-2.6.33.1/drivers/ata/pata_qdi.c 2010-03-20 16:58:39.312510954 -0400 | |
19835 | @@ -157,7 +157,7 @@ static struct scsi_host_template qdi_sht | |
19836 | ATA_PIO_SHT(DRV_NAME), | |
19837 | }; | |
19838 | ||
19839 | -static struct ata_port_operations qdi6500_port_ops = { | |
19840 | +static const struct ata_port_operations qdi6500_port_ops = { | |
19841 | .inherits = &ata_sff_port_ops, | |
19842 | .qc_issue = qdi_qc_issue, | |
19843 | .sff_data_xfer = qdi_data_xfer, | |
19844 | @@ -165,7 +165,7 @@ static struct ata_port_operations qdi650 | |
19845 | .set_piomode = qdi6500_set_piomode, | |
19846 | }; | |
19847 | ||
19848 | -static struct ata_port_operations qdi6580_port_ops = { | |
19849 | +static const struct ata_port_operations qdi6580_port_ops = { | |
19850 | .inherits = &qdi6500_port_ops, | |
19851 | .set_piomode = qdi6580_set_piomode, | |
19852 | }; | |
19853 | diff -urNp linux-2.6.33.1/drivers/ata/pata_radisys.c linux-2.6.33.1/drivers/ata/pata_radisys.c | |
19854 | --- linux-2.6.33.1/drivers/ata/pata_radisys.c 2010-03-15 12:09:39.000000000 -0400 | |
19855 | +++ linux-2.6.33.1/drivers/ata/pata_radisys.c 2010-03-20 16:58:39.312510954 -0400 | |
19856 | @@ -187,7 +187,7 @@ static struct scsi_host_template radisys | |
19857 | ATA_BMDMA_SHT(DRV_NAME), | |
19858 | }; | |
19859 | ||
19860 | -static struct ata_port_operations radisys_pata_ops = { | |
19861 | +static const struct ata_port_operations radisys_pata_ops = { | |
19862 | .inherits = &ata_bmdma_port_ops, | |
19863 | .qc_issue = radisys_qc_issue, | |
19864 | .cable_detect = ata_cable_unknown, | |
19865 | diff -urNp linux-2.6.33.1/drivers/ata/pata_rb532_cf.c linux-2.6.33.1/drivers/ata/pata_rb532_cf.c | |
19866 | --- linux-2.6.33.1/drivers/ata/pata_rb532_cf.c 2010-03-15 12:09:39.000000000 -0400 | |
19867 | +++ linux-2.6.33.1/drivers/ata/pata_rb532_cf.c 2010-03-20 16:58:39.312510954 -0400 | |
19868 | @@ -68,7 +68,7 @@ static irqreturn_t rb532_pata_irq_handle | |
19869 | return IRQ_HANDLED; | |
19870 | } | |
19871 | ||
19872 | -static struct ata_port_operations rb532_pata_port_ops = { | |
19873 | +static const struct ata_port_operations rb532_pata_port_ops = { | |
19874 | .inherits = &ata_sff_port_ops, | |
19875 | .sff_data_xfer = ata_sff_data_xfer32, | |
19876 | }; | |
19877 | diff -urNp linux-2.6.33.1/drivers/ata/pata_rdc.c linux-2.6.33.1/drivers/ata/pata_rdc.c | |
19878 | --- linux-2.6.33.1/drivers/ata/pata_rdc.c 2010-03-15 12:09:39.000000000 -0400 | |
19879 | +++ linux-2.6.33.1/drivers/ata/pata_rdc.c 2010-03-20 16:58:39.312510954 -0400 | |
19880 | @@ -272,7 +272,7 @@ static void rdc_set_dmamode(struct ata_p | |
19881 | pci_write_config_byte(dev, 0x48, udma_enable); | |
19882 | } | |
19883 | ||
19884 | -static struct ata_port_operations rdc_pata_ops = { | |
19885 | +static const struct ata_port_operations rdc_pata_ops = { | |
19886 | .inherits = &ata_bmdma32_port_ops, | |
19887 | .cable_detect = rdc_pata_cable_detect, | |
19888 | .set_piomode = rdc_set_piomode, | |
19889 | diff -urNp linux-2.6.33.1/drivers/ata/pata_rz1000.c linux-2.6.33.1/drivers/ata/pata_rz1000.c | |
19890 | --- linux-2.6.33.1/drivers/ata/pata_rz1000.c 2010-03-15 12:09:39.000000000 -0400 | |
19891 | +++ linux-2.6.33.1/drivers/ata/pata_rz1000.c 2010-03-20 16:58:39.312510954 -0400 | |
19892 | @@ -54,7 +54,7 @@ static struct scsi_host_template rz1000_ | |
19893 | ATA_PIO_SHT(DRV_NAME), | |
19894 | }; | |
19895 | ||
19896 | -static struct ata_port_operations rz1000_port_ops = { | |
19897 | +static const struct ata_port_operations rz1000_port_ops = { | |
19898 | .inherits = &ata_sff_port_ops, | |
19899 | .cable_detect = ata_cable_40wire, | |
19900 | .set_mode = rz1000_set_mode, | |
19901 | diff -urNp linux-2.6.33.1/drivers/ata/pata_sc1200.c linux-2.6.33.1/drivers/ata/pata_sc1200.c | |
19902 | --- linux-2.6.33.1/drivers/ata/pata_sc1200.c 2010-03-15 12:09:39.000000000 -0400 | |
19903 | +++ linux-2.6.33.1/drivers/ata/pata_sc1200.c 2010-03-20 16:58:39.312510954 -0400 | |
19904 | @@ -207,7 +207,7 @@ static struct scsi_host_template sc1200_ | |
19905 | .sg_tablesize = LIBATA_DUMB_MAX_PRD, | |
19906 | }; | |
19907 | ||
19908 | -static struct ata_port_operations sc1200_port_ops = { | |
19909 | +static const struct ata_port_operations sc1200_port_ops = { | |
19910 | .inherits = &ata_bmdma_port_ops, | |
19911 | .qc_prep = ata_sff_dumb_qc_prep, | |
19912 | .qc_issue = sc1200_qc_issue, | |
19913 | diff -urNp linux-2.6.33.1/drivers/ata/pata_scc.c linux-2.6.33.1/drivers/ata/pata_scc.c | |
19914 | --- linux-2.6.33.1/drivers/ata/pata_scc.c 2010-03-15 12:09:39.000000000 -0400 | |
19915 | +++ linux-2.6.33.1/drivers/ata/pata_scc.c 2010-03-20 16:58:39.316539767 -0400 | |
19916 | @@ -965,7 +965,7 @@ static struct scsi_host_template scc_sht | |
19917 | ATA_BMDMA_SHT(DRV_NAME), | |
19918 | }; | |
19919 | ||
19920 | -static struct ata_port_operations scc_pata_ops = { | |
19921 | +static const struct ata_port_operations scc_pata_ops = { | |
19922 | .inherits = &ata_bmdma_port_ops, | |
19923 | ||
19924 | .set_piomode = scc_set_piomode, | |
19925 | diff -urNp linux-2.6.33.1/drivers/ata/pata_sch.c linux-2.6.33.1/drivers/ata/pata_sch.c | |
19926 | --- linux-2.6.33.1/drivers/ata/pata_sch.c 2010-03-15 12:09:39.000000000 -0400 | |
19927 | +++ linux-2.6.33.1/drivers/ata/pata_sch.c 2010-03-20 16:58:39.316539767 -0400 | |
19928 | @@ -75,7 +75,7 @@ static struct scsi_host_template sch_sht | |
19929 | ATA_BMDMA_SHT(DRV_NAME), | |
19930 | }; | |
19931 | ||
19932 | -static struct ata_port_operations sch_pata_ops = { | |
19933 | +static const struct ata_port_operations sch_pata_ops = { | |
19934 | .inherits = &ata_bmdma_port_ops, | |
19935 | .cable_detect = ata_cable_unknown, | |
19936 | .set_piomode = sch_set_piomode, | |
19937 | diff -urNp linux-2.6.33.1/drivers/ata/pata_serverworks.c linux-2.6.33.1/drivers/ata/pata_serverworks.c | |
19938 | --- linux-2.6.33.1/drivers/ata/pata_serverworks.c 2010-03-15 12:09:39.000000000 -0400 | |
19939 | +++ linux-2.6.33.1/drivers/ata/pata_serverworks.c 2010-03-20 16:58:39.316539767 -0400 | |
19940 | @@ -299,7 +299,7 @@ static struct scsi_host_template serverw | |
19941 | ATA_BMDMA_SHT(DRV_NAME), | |
19942 | }; | |
19943 | ||
19944 | -static struct ata_port_operations serverworks_osb4_port_ops = { | |
19945 | +static const struct ata_port_operations serverworks_osb4_port_ops = { | |
19946 | .inherits = &ata_bmdma_port_ops, | |
19947 | .cable_detect = serverworks_cable_detect, | |
19948 | .mode_filter = serverworks_osb4_filter, | |
19949 | @@ -307,7 +307,7 @@ static struct ata_port_operations server | |
19950 | .set_dmamode = serverworks_set_dmamode, | |
19951 | }; | |
19952 | ||
19953 | -static struct ata_port_operations serverworks_csb_port_ops = { | |
19954 | +static const struct ata_port_operations serverworks_csb_port_ops = { | |
19955 | .inherits = &serverworks_osb4_port_ops, | |
19956 | .mode_filter = serverworks_csb_filter, | |
19957 | }; | |
19958 | diff -urNp linux-2.6.33.1/drivers/ata/pata_sil680.c linux-2.6.33.1/drivers/ata/pata_sil680.c | |
19959 | --- linux-2.6.33.1/drivers/ata/pata_sil680.c 2010-03-15 12:09:39.000000000 -0400 | |
19960 | +++ linux-2.6.33.1/drivers/ata/pata_sil680.c 2010-03-20 16:58:39.316539767 -0400 | |
19961 | @@ -194,7 +194,7 @@ static struct scsi_host_template sil680_ | |
19962 | ATA_BMDMA_SHT(DRV_NAME), | |
19963 | }; | |
19964 | ||
19965 | -static struct ata_port_operations sil680_port_ops = { | |
19966 | +static const struct ata_port_operations sil680_port_ops = { | |
19967 | .inherits = &ata_bmdma32_port_ops, | |
19968 | .cable_detect = sil680_cable_detect, | |
19969 | .set_piomode = sil680_set_piomode, | |
19970 | diff -urNp linux-2.6.33.1/drivers/ata/pata_sis.c linux-2.6.33.1/drivers/ata/pata_sis.c | |
19971 | --- linux-2.6.33.1/drivers/ata/pata_sis.c 2010-03-15 12:09:39.000000000 -0400 | |
19972 | +++ linux-2.6.33.1/drivers/ata/pata_sis.c 2010-03-20 16:58:39.320616216 -0400 | |
19973 | @@ -503,47 +503,47 @@ static struct scsi_host_template sis_sht | |
19974 | ATA_BMDMA_SHT(DRV_NAME), | |
19975 | }; | |
19976 | ||
19977 | -static struct ata_port_operations sis_133_for_sata_ops = { | |
19978 | +static const struct ata_port_operations sis_133_for_sata_ops = { | |
19979 | .inherits = &ata_bmdma_port_ops, | |
19980 | .set_piomode = sis_133_set_piomode, | |
19981 | .set_dmamode = sis_133_set_dmamode, | |
19982 | .cable_detect = sis_133_cable_detect, | |
19983 | }; | |
19984 | ||
19985 | -static struct ata_port_operations sis_base_ops = { | |
19986 | +static const struct ata_port_operations sis_base_ops = { | |
19987 | .inherits = &ata_bmdma_port_ops, | |
19988 | .prereset = sis_pre_reset, | |
19989 | }; | |
19990 | ||
19991 | -static struct ata_port_operations sis_133_ops = { | |
19992 | +static const struct ata_port_operations sis_133_ops = { | |
19993 | .inherits = &sis_base_ops, | |
19994 | .set_piomode = sis_133_set_piomode, | |
19995 | .set_dmamode = sis_133_set_dmamode, | |
19996 | .cable_detect = sis_133_cable_detect, | |
19997 | }; | |
19998 | ||
19999 | -static struct ata_port_operations sis_133_early_ops = { | |
20000 | +static const struct ata_port_operations sis_133_early_ops = { | |
20001 | .inherits = &sis_base_ops, | |
20002 | .set_piomode = sis_100_set_piomode, | |
20003 | .set_dmamode = sis_133_early_set_dmamode, | |
20004 | .cable_detect = sis_66_cable_detect, | |
20005 | }; | |
20006 | ||
20007 | -static struct ata_port_operations sis_100_ops = { | |
20008 | +static const struct ata_port_operations sis_100_ops = { | |
20009 | .inherits = &sis_base_ops, | |
20010 | .set_piomode = sis_100_set_piomode, | |
20011 | .set_dmamode = sis_100_set_dmamode, | |
20012 | .cable_detect = sis_66_cable_detect, | |
20013 | }; | |
20014 | ||
20015 | -static struct ata_port_operations sis_66_ops = { | |
20016 | +static const struct ata_port_operations sis_66_ops = { | |
20017 | .inherits = &sis_base_ops, | |
20018 | .set_piomode = sis_old_set_piomode, | |
20019 | .set_dmamode = sis_66_set_dmamode, | |
20020 | .cable_detect = sis_66_cable_detect, | |
20021 | }; | |
20022 | ||
20023 | -static struct ata_port_operations sis_old_ops = { | |
20024 | +static const struct ata_port_operations sis_old_ops = { | |
20025 | .inherits = &sis_base_ops, | |
20026 | .set_piomode = sis_old_set_piomode, | |
20027 | .set_dmamode = sis_old_set_dmamode, | |
20028 | diff -urNp linux-2.6.33.1/drivers/ata/pata_sl82c105.c linux-2.6.33.1/drivers/ata/pata_sl82c105.c | |
20029 | --- linux-2.6.33.1/drivers/ata/pata_sl82c105.c 2010-03-15 12:09:39.000000000 -0400 | |
20030 | +++ linux-2.6.33.1/drivers/ata/pata_sl82c105.c 2010-03-20 16:58:39.320616216 -0400 | |
20031 | @@ -231,7 +231,7 @@ static struct scsi_host_template sl82c10 | |
20032 | ATA_BMDMA_SHT(DRV_NAME), | |
20033 | }; | |
20034 | ||
20035 | -static struct ata_port_operations sl82c105_port_ops = { | |
20036 | +static const struct ata_port_operations sl82c105_port_ops = { | |
20037 | .inherits = &ata_bmdma_port_ops, | |
20038 | .qc_defer = sl82c105_qc_defer, | |
20039 | .bmdma_start = sl82c105_bmdma_start, | |
20040 | diff -urNp linux-2.6.33.1/drivers/ata/pata_triflex.c linux-2.6.33.1/drivers/ata/pata_triflex.c | |
20041 | --- linux-2.6.33.1/drivers/ata/pata_triflex.c 2010-03-15 12:09:39.000000000 -0400 | |
20042 | +++ linux-2.6.33.1/drivers/ata/pata_triflex.c 2010-03-20 16:58:39.320616216 -0400 | |
20043 | @@ -178,7 +178,7 @@ static struct scsi_host_template triflex | |
20044 | ATA_BMDMA_SHT(DRV_NAME), | |
20045 | }; | |
20046 | ||
20047 | -static struct ata_port_operations triflex_port_ops = { | |
20048 | +static const struct ata_port_operations triflex_port_ops = { | |
20049 | .inherits = &ata_bmdma_port_ops, | |
20050 | .bmdma_start = triflex_bmdma_start, | |
20051 | .bmdma_stop = triflex_bmdma_stop, | |
20052 | diff -urNp linux-2.6.33.1/drivers/ata/pata_via.c linux-2.6.33.1/drivers/ata/pata_via.c | |
20053 | --- linux-2.6.33.1/drivers/ata/pata_via.c 2010-03-15 12:09:39.000000000 -0400 | |
20054 | +++ linux-2.6.33.1/drivers/ata/pata_via.c 2010-03-20 16:58:39.320616216 -0400 | |
20055 | @@ -452,7 +452,7 @@ static struct scsi_host_template via_sht | |
20056 | ATA_BMDMA_SHT(DRV_NAME), | |
20057 | }; | |
20058 | ||
20059 | -static struct ata_port_operations via_port_ops = { | |
20060 | +static const struct ata_port_operations via_port_ops = { | |
20061 | .inherits = &ata_bmdma_port_ops, | |
20062 | .cable_detect = via_cable_detect, | |
20063 | .set_piomode = via_set_piomode, | |
20064 | @@ -463,7 +463,7 @@ static struct ata_port_operations via_po | |
20065 | .mode_filter = via_mode_filter, | |
20066 | }; | |
20067 | ||
20068 | -static struct ata_port_operations via_port_ops_noirq = { | |
20069 | +static const struct ata_port_operations via_port_ops_noirq = { | |
20070 | .inherits = &via_port_ops, | |
20071 | .sff_data_xfer = ata_sff_data_xfer_noirq, | |
20072 | }; | |
20073 | diff -urNp linux-2.6.33.1/drivers/ata/pata_winbond.c linux-2.6.33.1/drivers/ata/pata_winbond.c | |
20074 | --- linux-2.6.33.1/drivers/ata/pata_winbond.c 2010-03-15 12:09:39.000000000 -0400 | |
20075 | +++ linux-2.6.33.1/drivers/ata/pata_winbond.c 2010-03-20 16:58:39.346062317 -0400 | |
20076 | @@ -125,7 +125,7 @@ static struct scsi_host_template winbond | |
20077 | ATA_PIO_SHT(DRV_NAME), | |
20078 | }; | |
20079 | ||
20080 | -static struct ata_port_operations winbond_port_ops = { | |
20081 | +static const struct ata_port_operations winbond_port_ops = { | |
20082 | .inherits = &ata_sff_port_ops, | |
20083 | .sff_data_xfer = winbond_data_xfer, | |
20084 | .cable_detect = ata_cable_40wire, | |
20085 | diff -urNp linux-2.6.33.1/drivers/ata/pdc_adma.c linux-2.6.33.1/drivers/ata/pdc_adma.c | |
20086 | --- linux-2.6.33.1/drivers/ata/pdc_adma.c 2010-03-15 12:09:39.000000000 -0400 | |
20087 | +++ linux-2.6.33.1/drivers/ata/pdc_adma.c 2010-03-20 16:58:39.348522755 -0400 | |
20088 | @@ -145,7 +145,7 @@ static struct scsi_host_template adma_at | |
20089 | .dma_boundary = ADMA_DMA_BOUNDARY, | |
20090 | }; | |
20091 | ||
20092 | -static struct ata_port_operations adma_ata_ops = { | |
20093 | +static const struct ata_port_operations adma_ata_ops = { | |
20094 | .inherits = &ata_sff_port_ops, | |
20095 | ||
20096 | .lost_interrupt = ATA_OP_NULL, | |
20097 | diff -urNp linux-2.6.33.1/drivers/ata/sata_fsl.c linux-2.6.33.1/drivers/ata/sata_fsl.c | |
20098 | --- linux-2.6.33.1/drivers/ata/sata_fsl.c 2010-03-15 12:09:39.000000000 -0400 | |
20099 | +++ linux-2.6.33.1/drivers/ata/sata_fsl.c 2010-03-20 16:58:39.348522755 -0400 | |
20100 | @@ -1260,7 +1260,7 @@ static struct scsi_host_template sata_fs | |
20101 | .dma_boundary = ATA_DMA_BOUNDARY, | |
20102 | }; | |
20103 | ||
20104 | -static struct ata_port_operations sata_fsl_ops = { | |
20105 | +static const struct ata_port_operations sata_fsl_ops = { | |
20106 | .inherits = &sata_pmp_port_ops, | |
20107 | ||
20108 | .qc_defer = ata_std_qc_defer, | |
20109 | diff -urNp linux-2.6.33.1/drivers/ata/sata_inic162x.c linux-2.6.33.1/drivers/ata/sata_inic162x.c | |
20110 | --- linux-2.6.33.1/drivers/ata/sata_inic162x.c 2010-03-15 12:09:39.000000000 -0400 | |
20111 | +++ linux-2.6.33.1/drivers/ata/sata_inic162x.c 2010-03-20 16:58:39.348522755 -0400 | |
20112 | @@ -721,7 +721,7 @@ static int inic_port_start(struct ata_po | |
20113 | return 0; | |
20114 | } | |
20115 | ||
20116 | -static struct ata_port_operations inic_port_ops = { | |
20117 | +static const struct ata_port_operations inic_port_ops = { | |
20118 | .inherits = &sata_port_ops, | |
20119 | ||
20120 | .check_atapi_dma = inic_check_atapi_dma, | |
20121 | diff -urNp linux-2.6.33.1/drivers/ata/sata_mv.c linux-2.6.33.1/drivers/ata/sata_mv.c | |
20122 | --- linux-2.6.33.1/drivers/ata/sata_mv.c 2010-03-15 12:09:39.000000000 -0400 | |
20123 | +++ linux-2.6.33.1/drivers/ata/sata_mv.c 2010-03-20 16:58:39.352614445 -0400 | |
20124 | @@ -662,7 +662,7 @@ static struct scsi_host_template mv6_sht | |
20125 | .dma_boundary = MV_DMA_BOUNDARY, | |
20126 | }; | |
20127 | ||
20128 | -static struct ata_port_operations mv5_ops = { | |
20129 | +static const struct ata_port_operations mv5_ops = { | |
20130 | .inherits = &ata_sff_port_ops, | |
20131 | ||
20132 | .lost_interrupt = ATA_OP_NULL, | |
20133 | @@ -684,7 +684,7 @@ static struct ata_port_operations mv5_op | |
20134 | .port_stop = mv_port_stop, | |
20135 | }; | |
20136 | ||
20137 | -static struct ata_port_operations mv6_ops = { | |
20138 | +static const struct ata_port_operations mv6_ops = { | |
20139 | .inherits = &mv5_ops, | |
20140 | .dev_config = mv6_dev_config, | |
20141 | .scr_read = mv_scr_read, | |
20142 | @@ -704,7 +704,7 @@ static struct ata_port_operations mv6_op | |
20143 | .bmdma_status = mv_bmdma_status, | |
20144 | }; | |
20145 | ||
20146 | -static struct ata_port_operations mv_iie_ops = { | |
20147 | +static const struct ata_port_operations mv_iie_ops = { | |
20148 | .inherits = &mv6_ops, | |
20149 | .dev_config = ATA_OP_NULL, | |
20150 | .qc_prep = mv_qc_prep_iie, | |
20151 | diff -urNp linux-2.6.33.1/drivers/ata/sata_nv.c linux-2.6.33.1/drivers/ata/sata_nv.c | |
20152 | --- linux-2.6.33.1/drivers/ata/sata_nv.c 2010-03-15 12:09:39.000000000 -0400 | |
20153 | +++ linux-2.6.33.1/drivers/ata/sata_nv.c 2010-03-20 16:58:39.352614445 -0400 | |
20154 | @@ -464,7 +464,7 @@ static struct scsi_host_template nv_swnc | |
20155 | * cases. Define nv_hardreset() which only kicks in for post-boot | |
20156 | * probing and use it for all variants. | |
20157 | */ | |
20158 | -static struct ata_port_operations nv_generic_ops = { | |
20159 | +static const struct ata_port_operations nv_generic_ops = { | |
20160 | .inherits = &ata_bmdma_port_ops, | |
20161 | .lost_interrupt = ATA_OP_NULL, | |
20162 | .scr_read = nv_scr_read, | |
20163 | @@ -472,20 +472,20 @@ static struct ata_port_operations nv_gen | |
20164 | .hardreset = nv_hardreset, | |
20165 | }; | |
20166 | ||
20167 | -static struct ata_port_operations nv_nf2_ops = { | |
20168 | +static const struct ata_port_operations nv_nf2_ops = { | |
20169 | .inherits = &nv_generic_ops, | |
20170 | .freeze = nv_nf2_freeze, | |
20171 | .thaw = nv_nf2_thaw, | |
20172 | }; | |
20173 | ||
20174 | -static struct ata_port_operations nv_ck804_ops = { | |
20175 | +static const struct ata_port_operations nv_ck804_ops = { | |
20176 | .inherits = &nv_generic_ops, | |
20177 | .freeze = nv_ck804_freeze, | |
20178 | .thaw = nv_ck804_thaw, | |
20179 | .host_stop = nv_ck804_host_stop, | |
20180 | }; | |
20181 | ||
20182 | -static struct ata_port_operations nv_adma_ops = { | |
20183 | +static const struct ata_port_operations nv_adma_ops = { | |
20184 | .inherits = &nv_ck804_ops, | |
20185 | ||
20186 | .check_atapi_dma = nv_adma_check_atapi_dma, | |
20187 | @@ -509,7 +509,7 @@ static struct ata_port_operations nv_adm | |
20188 | .host_stop = nv_adma_host_stop, | |
20189 | }; | |
20190 | ||
20191 | -static struct ata_port_operations nv_swncq_ops = { | |
20192 | +static const struct ata_port_operations nv_swncq_ops = { | |
20193 | .inherits = &nv_generic_ops, | |
20194 | ||
20195 | .qc_defer = ata_std_qc_defer, | |
20196 | diff -urNp linux-2.6.33.1/drivers/ata/sata_promise.c linux-2.6.33.1/drivers/ata/sata_promise.c | |
20197 | --- linux-2.6.33.1/drivers/ata/sata_promise.c 2010-03-15 12:09:39.000000000 -0400 | |
20198 | +++ linux-2.6.33.1/drivers/ata/sata_promise.c 2010-03-20 16:58:39.352614445 -0400 | |
20199 | @@ -195,7 +195,7 @@ static const struct ata_port_operations | |
20200 | .error_handler = pdc_error_handler, | |
20201 | }; | |
20202 | ||
20203 | -static struct ata_port_operations pdc_sata_ops = { | |
20204 | +static const struct ata_port_operations pdc_sata_ops = { | |
20205 | .inherits = &pdc_common_ops, | |
20206 | .cable_detect = pdc_sata_cable_detect, | |
20207 | .freeze = pdc_sata_freeze, | |
20208 | @@ -208,14 +208,14 @@ static struct ata_port_operations pdc_sa | |
20209 | ||
20210 | /* First-generation chips need a more restrictive ->check_atapi_dma op, | |
20211 | and ->freeze/thaw that ignore the hotplug controls. */ | |
20212 | -static struct ata_port_operations pdc_old_sata_ops = { | |
20213 | +static const struct ata_port_operations pdc_old_sata_ops = { | |
20214 | .inherits = &pdc_sata_ops, | |
20215 | .freeze = pdc_freeze, | |
20216 | .thaw = pdc_thaw, | |
20217 | .check_atapi_dma = pdc_old_sata_check_atapi_dma, | |
20218 | }; | |
20219 | ||
20220 | -static struct ata_port_operations pdc_pata_ops = { | |
20221 | +static const struct ata_port_operations pdc_pata_ops = { | |
20222 | .inherits = &pdc_common_ops, | |
20223 | .cable_detect = pdc_pata_cable_detect, | |
20224 | .freeze = pdc_freeze, | |
20225 | diff -urNp linux-2.6.33.1/drivers/ata/sata_qstor.c linux-2.6.33.1/drivers/ata/sata_qstor.c | |
20226 | --- linux-2.6.33.1/drivers/ata/sata_qstor.c 2010-03-15 12:09:39.000000000 -0400 | |
20227 | +++ linux-2.6.33.1/drivers/ata/sata_qstor.c 2010-03-20 16:58:39.356512831 -0400 | |
20228 | @@ -132,7 +132,7 @@ static struct scsi_host_template qs_ata_ | |
20229 | .dma_boundary = QS_DMA_BOUNDARY, | |
20230 | }; | |
20231 | ||
20232 | -static struct ata_port_operations qs_ata_ops = { | |
20233 | +static const struct ata_port_operations qs_ata_ops = { | |
20234 | .inherits = &ata_sff_port_ops, | |
20235 | ||
20236 | .check_atapi_dma = qs_check_atapi_dma, | |
20237 | diff -urNp linux-2.6.33.1/drivers/ata/sata_sil24.c linux-2.6.33.1/drivers/ata/sata_sil24.c | |
20238 | --- linux-2.6.33.1/drivers/ata/sata_sil24.c 2010-03-15 12:09:39.000000000 -0400 | |
20239 | +++ linux-2.6.33.1/drivers/ata/sata_sil24.c 2010-03-20 16:58:39.364799637 -0400 | |
20240 | @@ -388,7 +388,7 @@ static struct scsi_host_template sil24_s | |
20241 | .dma_boundary = ATA_DMA_BOUNDARY, | |
20242 | }; | |
20243 | ||
20244 | -static struct ata_port_operations sil24_ops = { | |
20245 | +static const struct ata_port_operations sil24_ops = { | |
20246 | .inherits = &sata_pmp_port_ops, | |
20247 | ||
20248 | .qc_defer = sil24_qc_defer, | |
20249 | diff -urNp linux-2.6.33.1/drivers/ata/sata_sil.c linux-2.6.33.1/drivers/ata/sata_sil.c | |
20250 | --- linux-2.6.33.1/drivers/ata/sata_sil.c 2010-03-15 12:09:39.000000000 -0400 | |
20251 | +++ linux-2.6.33.1/drivers/ata/sata_sil.c 2010-03-20 16:58:39.368722008 -0400 | |
20252 | @@ -182,7 +182,7 @@ static struct scsi_host_template sil_sht | |
20253 | .sg_tablesize = ATA_MAX_PRD | |
20254 | }; | |
20255 | ||
20256 | -static struct ata_port_operations sil_ops = { | |
20257 | +static const struct ata_port_operations sil_ops = { | |
20258 | .inherits = &ata_bmdma32_port_ops, | |
20259 | .dev_config = sil_dev_config, | |
20260 | .set_mode = sil_set_mode, | |
20261 | diff -urNp linux-2.6.33.1/drivers/ata/sata_sis.c linux-2.6.33.1/drivers/ata/sata_sis.c | |
20262 | --- linux-2.6.33.1/drivers/ata/sata_sis.c 2010-03-15 12:09:39.000000000 -0400 | |
20263 | +++ linux-2.6.33.1/drivers/ata/sata_sis.c 2010-03-20 16:58:39.368722008 -0400 | |
20264 | @@ -89,7 +89,7 @@ static struct scsi_host_template sis_sht | |
20265 | ATA_BMDMA_SHT(DRV_NAME), | |
20266 | }; | |
20267 | ||
20268 | -static struct ata_port_operations sis_ops = { | |
20269 | +static const struct ata_port_operations sis_ops = { | |
20270 | .inherits = &ata_bmdma_port_ops, | |
20271 | .scr_read = sis_scr_read, | |
20272 | .scr_write = sis_scr_write, | |
20273 | diff -urNp linux-2.6.33.1/drivers/ata/sata_svw.c linux-2.6.33.1/drivers/ata/sata_svw.c | |
20274 | --- linux-2.6.33.1/drivers/ata/sata_svw.c 2010-03-15 12:09:39.000000000 -0400 | |
20275 | +++ linux-2.6.33.1/drivers/ata/sata_svw.c 2010-03-20 16:58:39.368722008 -0400 | |
20276 | @@ -344,7 +344,7 @@ static struct scsi_host_template k2_sata | |
20277 | }; | |
20278 | ||
20279 | ||
20280 | -static struct ata_port_operations k2_sata_ops = { | |
20281 | +static const struct ata_port_operations k2_sata_ops = { | |
20282 | .inherits = &ata_bmdma_port_ops, | |
20283 | .sff_tf_load = k2_sata_tf_load, | |
20284 | .sff_tf_read = k2_sata_tf_read, | |
20285 | diff -urNp linux-2.6.33.1/drivers/ata/sata_sx4.c linux-2.6.33.1/drivers/ata/sata_sx4.c | |
20286 | --- linux-2.6.33.1/drivers/ata/sata_sx4.c 2010-03-15 12:09:39.000000000 -0400 | |
20287 | +++ linux-2.6.33.1/drivers/ata/sata_sx4.c 2010-03-20 16:58:39.368722008 -0400 | |
20288 | @@ -248,7 +248,7 @@ static struct scsi_host_template pdc_sat | |
20289 | }; | |
20290 | ||
20291 | /* TODO: inherit from base port_ops after converting to new EH */ | |
20292 | -static struct ata_port_operations pdc_20621_ops = { | |
20293 | +static const struct ata_port_operations pdc_20621_ops = { | |
20294 | .inherits = &ata_sff_port_ops, | |
20295 | ||
20296 | .check_atapi_dma = pdc_check_atapi_dma, | |
20297 | diff -urNp linux-2.6.33.1/drivers/ata/sata_uli.c linux-2.6.33.1/drivers/ata/sata_uli.c | |
20298 | --- linux-2.6.33.1/drivers/ata/sata_uli.c 2010-03-15 12:09:39.000000000 -0400 | |
20299 | +++ linux-2.6.33.1/drivers/ata/sata_uli.c 2010-03-20 16:58:39.372783452 -0400 | |
20300 | @@ -79,7 +79,7 @@ static struct scsi_host_template uli_sht | |
20301 | ATA_BMDMA_SHT(DRV_NAME), | |
20302 | }; | |
20303 | ||
20304 | -static struct ata_port_operations uli_ops = { | |
20305 | +static const struct ata_port_operations uli_ops = { | |
20306 | .inherits = &ata_bmdma_port_ops, | |
20307 | .scr_read = uli_scr_read, | |
20308 | .scr_write = uli_scr_write, | |
20309 | diff -urNp linux-2.6.33.1/drivers/ata/sata_via.c linux-2.6.33.1/drivers/ata/sata_via.c | |
20310 | --- linux-2.6.33.1/drivers/ata/sata_via.c 2010-03-15 12:09:39.000000000 -0400 | |
20311 | +++ linux-2.6.33.1/drivers/ata/sata_via.c 2010-03-20 16:58:39.372783452 -0400 | |
20312 | @@ -112,31 +112,31 @@ static struct scsi_host_template svia_sh | |
20313 | ATA_BMDMA_SHT(DRV_NAME), | |
20314 | }; | |
20315 | ||
20316 | -static struct ata_port_operations svia_base_ops = { | |
20317 | +static const struct ata_port_operations svia_base_ops = { | |
20318 | .inherits = &ata_bmdma_port_ops, | |
20319 | .sff_tf_load = svia_tf_load, | |
20320 | }; | |
20321 | ||
20322 | -static struct ata_port_operations vt6420_sata_ops = { | |
20323 | +static const struct ata_port_operations vt6420_sata_ops = { | |
20324 | .inherits = &svia_base_ops, | |
20325 | .freeze = svia_noop_freeze, | |
20326 | .prereset = vt6420_prereset, | |
20327 | }; | |
20328 | ||
20329 | -static struct ata_port_operations vt6421_pata_ops = { | |
20330 | +static const struct ata_port_operations vt6421_pata_ops = { | |
20331 | .inherits = &svia_base_ops, | |
20332 | .cable_detect = vt6421_pata_cable_detect, | |
20333 | .set_piomode = vt6421_set_pio_mode, | |
20334 | .set_dmamode = vt6421_set_dma_mode, | |
20335 | }; | |
20336 | ||
20337 | -static struct ata_port_operations vt6421_sata_ops = { | |
20338 | +static const struct ata_port_operations vt6421_sata_ops = { | |
20339 | .inherits = &svia_base_ops, | |
20340 | .scr_read = svia_scr_read, | |
20341 | .scr_write = svia_scr_write, | |
20342 | }; | |
20343 | ||
20344 | -static struct ata_port_operations vt8251_ops = { | |
20345 | +static const struct ata_port_operations vt8251_ops = { | |
20346 | .inherits = &svia_base_ops, | |
20347 | .hardreset = sata_std_hardreset, | |
20348 | .scr_read = vt8251_scr_read, | |
20349 | diff -urNp linux-2.6.33.1/drivers/ata/sata_vsc.c linux-2.6.33.1/drivers/ata/sata_vsc.c | |
20350 | --- linux-2.6.33.1/drivers/ata/sata_vsc.c 2010-03-15 12:09:39.000000000 -0400 | |
20351 | +++ linux-2.6.33.1/drivers/ata/sata_vsc.c 2010-03-20 16:58:39.372783452 -0400 | |
20352 | @@ -306,7 +306,7 @@ static struct scsi_host_template vsc_sat | |
20353 | }; | |
20354 | ||
20355 | ||
20356 | -static struct ata_port_operations vsc_sata_ops = { | |
20357 | +static const struct ata_port_operations vsc_sata_ops = { | |
20358 | .inherits = &ata_bmdma_port_ops, | |
20359 | /* The IRQ handling is not quite standard SFF behaviour so we | |
20360 | cannot use the default lost interrupt handler */ | |
20361 | diff -urNp linux-2.6.33.1/drivers/atm/adummy.c linux-2.6.33.1/drivers/atm/adummy.c | |
20362 | --- linux-2.6.33.1/drivers/atm/adummy.c 2010-03-15 12:09:39.000000000 -0400 | |
20363 | +++ linux-2.6.33.1/drivers/atm/adummy.c 2010-03-20 16:58:39.380807655 -0400 | |
58c5fc13 MT |
20364 | @@ -77,7 +77,7 @@ adummy_send(struct atm_vcc *vcc, struct |
20365 | vcc->pop(vcc, skb); | |
20366 | else | |
20367 | dev_kfree_skb_any(skb); | |
20368 | - atomic_inc(&vcc->stats->tx); | |
20369 | + atomic_inc_unchecked(&vcc->stats->tx); | |
20370 | ||
20371 | return 0; | |
20372 | } | |
ae4e228f MT |
20373 | diff -urNp linux-2.6.33.1/drivers/atm/ambassador.c linux-2.6.33.1/drivers/atm/ambassador.c |
20374 | --- linux-2.6.33.1/drivers/atm/ambassador.c 2010-03-15 12:09:39.000000000 -0400 | |
20375 | +++ linux-2.6.33.1/drivers/atm/ambassador.c 2010-03-20 16:58:39.414343197 -0400 | |
58c5fc13 MT |
20376 | @@ -453,7 +453,7 @@ static void tx_complete (amb_dev * dev, |
20377 | PRINTD (DBG_FLOW|DBG_TX, "tx_complete %p %p", dev, tx); | |
20378 | ||
20379 | // VC layer stats | |
20380 | - atomic_inc(&ATM_SKB(skb)->vcc->stats->tx); | |
20381 | + atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx); | |
20382 | ||
20383 | // free the descriptor | |
20384 | kfree (tx_descr); | |
20385 | @@ -494,7 +494,7 @@ static void rx_complete (amb_dev * dev, | |
20386 | dump_skb ("<<<", vc, skb); | |
20387 | ||
20388 | // VC layer stats | |
20389 | - atomic_inc(&atm_vcc->stats->rx); | |
20390 | + atomic_inc_unchecked(&atm_vcc->stats->rx); | |
20391 | __net_timestamp(skb); | |
20392 | // end of our responsability | |
20393 | atm_vcc->push (atm_vcc, skb); | |
20394 | @@ -509,7 +509,7 @@ static void rx_complete (amb_dev * dev, | |
20395 | } else { | |
20396 | PRINTK (KERN_INFO, "dropped over-size frame"); | |
20397 | // should we count this? | |
20398 | - atomic_inc(&atm_vcc->stats->rx_drop); | |
20399 | + atomic_inc_unchecked(&atm_vcc->stats->rx_drop); | |
20400 | } | |
20401 | ||
20402 | } else { | |
ae4e228f | 20403 | @@ -1341,7 +1341,7 @@ static int amb_send (struct atm_vcc * at |
58c5fc13 MT |
20404 | } |
20405 | ||
20406 | if (check_area (skb->data, skb->len)) { | |
20407 | - atomic_inc(&atm_vcc->stats->tx_err); | |
20408 | + atomic_inc_unchecked(&atm_vcc->stats->tx_err); | |
20409 | return -ENOMEM; // ? | |
20410 | } | |
20411 | ||
ae4e228f MT |
20412 | diff -urNp linux-2.6.33.1/drivers/atm/atmtcp.c linux-2.6.33.1/drivers/atm/atmtcp.c |
20413 | --- linux-2.6.33.1/drivers/atm/atmtcp.c 2010-03-15 12:09:39.000000000 -0400 | |
20414 | +++ linux-2.6.33.1/drivers/atm/atmtcp.c 2010-03-20 16:58:39.414343197 -0400 | |
58c5fc13 MT |
20415 | @@ -206,7 +206,7 @@ static int atmtcp_v_send(struct atm_vcc |
20416 | if (vcc->pop) vcc->pop(vcc,skb); | |
20417 | else dev_kfree_skb(skb); | |
20418 | if (dev_data) return 0; | |
20419 | - atomic_inc(&vcc->stats->tx_err); | |
20420 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20421 | return -ENOLINK; | |
20422 | } | |
20423 | size = skb->len+sizeof(struct atmtcp_hdr); | |
20424 | @@ -214,7 +214,7 @@ static int atmtcp_v_send(struct atm_vcc | |
20425 | if (!new_skb) { | |
20426 | if (vcc->pop) vcc->pop(vcc,skb); | |
20427 | else dev_kfree_skb(skb); | |
20428 | - atomic_inc(&vcc->stats->tx_err); | |
20429 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20430 | return -ENOBUFS; | |
20431 | } | |
20432 | hdr = (void *) skb_put(new_skb,sizeof(struct atmtcp_hdr)); | |
20433 | @@ -225,8 +225,8 @@ static int atmtcp_v_send(struct atm_vcc | |
20434 | if (vcc->pop) vcc->pop(vcc,skb); | |
20435 | else dev_kfree_skb(skb); | |
20436 | out_vcc->push(out_vcc,new_skb); | |
20437 | - atomic_inc(&vcc->stats->tx); | |
20438 | - atomic_inc(&out_vcc->stats->rx); | |
20439 | + atomic_inc_unchecked(&vcc->stats->tx); | |
20440 | + atomic_inc_unchecked(&out_vcc->stats->rx); | |
20441 | return 0; | |
20442 | } | |
20443 | ||
20444 | @@ -300,7 +300,7 @@ static int atmtcp_c_send(struct atm_vcc | |
20445 | out_vcc = find_vcc(dev, ntohs(hdr->vpi), ntohs(hdr->vci)); | |
20446 | read_unlock(&vcc_sklist_lock); | |
20447 | if (!out_vcc) { | |
20448 | - atomic_inc(&vcc->stats->tx_err); | |
20449 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20450 | goto done; | |
20451 | } | |
20452 | skb_pull(skb,sizeof(struct atmtcp_hdr)); | |
20453 | @@ -312,8 +312,8 @@ static int atmtcp_c_send(struct atm_vcc | |
20454 | __net_timestamp(new_skb); | |
20455 | skb_copy_from_linear_data(skb, skb_put(new_skb, skb->len), skb->len); | |
20456 | out_vcc->push(out_vcc,new_skb); | |
20457 | - atomic_inc(&vcc->stats->tx); | |
20458 | - atomic_inc(&out_vcc->stats->rx); | |
20459 | + atomic_inc_unchecked(&vcc->stats->tx); | |
20460 | + atomic_inc_unchecked(&out_vcc->stats->rx); | |
20461 | done: | |
20462 | if (vcc->pop) vcc->pop(vcc,skb); | |
20463 | else dev_kfree_skb(skb); | |
ae4e228f MT |
20464 | diff -urNp linux-2.6.33.1/drivers/atm/eni.c linux-2.6.33.1/drivers/atm/eni.c |
20465 | --- linux-2.6.33.1/drivers/atm/eni.c 2010-03-15 12:09:39.000000000 -0400 | |
20466 | +++ linux-2.6.33.1/drivers/atm/eni.c 2010-03-20 16:58:39.441488287 -0400 | |
58c5fc13 MT |
20467 | @@ -525,7 +525,7 @@ static int rx_aal0(struct atm_vcc *vcc) |
20468 | DPRINTK(DEV_LABEL "(itf %d): trashing empty cell\n", | |
20469 | vcc->dev->number); | |
20470 | length = 0; | |
20471 | - atomic_inc(&vcc->stats->rx_err); | |
20472 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
20473 | } | |
20474 | else { | |
20475 | length = ATM_CELL_SIZE-1; /* no HEC */ | |
20476 | @@ -580,7 +580,7 @@ static int rx_aal5(struct atm_vcc *vcc) | |
20477 | size); | |
20478 | } | |
20479 | eff = length = 0; | |
20480 | - atomic_inc(&vcc->stats->rx_err); | |
20481 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
20482 | } | |
20483 | else { | |
20484 | size = (descr & MID_RED_COUNT)*(ATM_CELL_PAYLOAD >> 2); | |
20485 | @@ -597,7 +597,7 @@ static int rx_aal5(struct atm_vcc *vcc) | |
20486 | "(VCI=%d,length=%ld,size=%ld (descr 0x%lx))\n", | |
20487 | vcc->dev->number,vcc->vci,length,size << 2,descr); | |
20488 | length = eff = 0; | |
20489 | - atomic_inc(&vcc->stats->rx_err); | |
20490 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
20491 | } | |
20492 | } | |
20493 | skb = eff ? atm_alloc_charge(vcc,eff << 2,GFP_ATOMIC) : NULL; | |
20494 | @@ -770,7 +770,7 @@ rx_dequeued++; | |
20495 | vcc->push(vcc,skb); | |
20496 | pushed++; | |
20497 | } | |
20498 | - atomic_inc(&vcc->stats->rx); | |
20499 | + atomic_inc_unchecked(&vcc->stats->rx); | |
20500 | } | |
20501 | wake_up(&eni_dev->rx_wait); | |
20502 | } | |
20503 | @@ -1227,7 +1227,7 @@ static void dequeue_tx(struct atm_dev *d | |
20504 | PCI_DMA_TODEVICE); | |
20505 | if (vcc->pop) vcc->pop(vcc,skb); | |
20506 | else dev_kfree_skb_irq(skb); | |
20507 | - atomic_inc(&vcc->stats->tx); | |
20508 | + atomic_inc_unchecked(&vcc->stats->tx); | |
20509 | wake_up(&eni_dev->tx_wait); | |
20510 | dma_complete++; | |
20511 | } | |
ae4e228f MT |
20512 | diff -urNp linux-2.6.33.1/drivers/atm/firestream.c linux-2.6.33.1/drivers/atm/firestream.c |
20513 | --- linux-2.6.33.1/drivers/atm/firestream.c 2010-03-15 12:09:39.000000000 -0400 | |
20514 | +++ linux-2.6.33.1/drivers/atm/firestream.c 2010-03-20 16:58:39.441488287 -0400 | |
58c5fc13 MT |
20515 | @@ -748,7 +748,7 @@ static void process_txdone_queue (struct |
20516 | } | |
20517 | } | |
20518 | ||
20519 | - atomic_inc(&ATM_SKB(skb)->vcc->stats->tx); | |
20520 | + atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx); | |
20521 | ||
20522 | fs_dprintk (FS_DEBUG_TXMEM, "i"); | |
20523 | fs_dprintk (FS_DEBUG_ALLOC, "Free t-skb: %p\n", skb); | |
20524 | @@ -815,7 +815,7 @@ static void process_incoming (struct fs_ | |
20525 | #endif | |
20526 | skb_put (skb, qe->p1 & 0xffff); | |
20527 | ATM_SKB(skb)->vcc = atm_vcc; | |
20528 | - atomic_inc(&atm_vcc->stats->rx); | |
20529 | + atomic_inc_unchecked(&atm_vcc->stats->rx); | |
20530 | __net_timestamp(skb); | |
20531 | fs_dprintk (FS_DEBUG_ALLOC, "Free rec-skb: %p (pushed)\n", skb); | |
20532 | atm_vcc->push (atm_vcc, skb); | |
20533 | @@ -836,12 +836,12 @@ static void process_incoming (struct fs_ | |
20534 | kfree (pe); | |
20535 | } | |
20536 | if (atm_vcc) | |
20537 | - atomic_inc(&atm_vcc->stats->rx_drop); | |
20538 | + atomic_inc_unchecked(&atm_vcc->stats->rx_drop); | |
20539 | break; | |
20540 | case 0x1f: /* Reassembly abort: no buffers. */ | |
20541 | /* Silently increment error counter. */ | |
20542 | if (atm_vcc) | |
20543 | - atomic_inc(&atm_vcc->stats->rx_drop); | |
20544 | + atomic_inc_unchecked(&atm_vcc->stats->rx_drop); | |
20545 | break; | |
20546 | default: /* Hmm. Haven't written the code to handle the others yet... -- REW */ | |
20547 | printk (KERN_WARNING "Don't know what to do with RX status %x: %s.\n", | |
ae4e228f MT |
20548 | diff -urNp linux-2.6.33.1/drivers/atm/fore200e.c linux-2.6.33.1/drivers/atm/fore200e.c |
20549 | --- linux-2.6.33.1/drivers/atm/fore200e.c 2010-03-15 12:09:39.000000000 -0400 | |
20550 | +++ linux-2.6.33.1/drivers/atm/fore200e.c 2010-03-20 16:58:39.457804294 -0400 | |
58c5fc13 MT |
20551 | @@ -931,9 +931,9 @@ fore200e_tx_irq(struct fore200e* fore200 |
20552 | #endif | |
20553 | /* check error condition */ | |
20554 | if (*entry->status & STATUS_ERROR) | |
20555 | - atomic_inc(&vcc->stats->tx_err); | |
20556 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20557 | else | |
20558 | - atomic_inc(&vcc->stats->tx); | |
20559 | + atomic_inc_unchecked(&vcc->stats->tx); | |
20560 | } | |
20561 | } | |
20562 | ||
20563 | @@ -1082,7 +1082,7 @@ fore200e_push_rpd(struct fore200e* fore2 | |
20564 | if (skb == NULL) { | |
20565 | DPRINTK(2, "unable to alloc new skb, rx PDU length = %d\n", pdu_len); | |
20566 | ||
20567 | - atomic_inc(&vcc->stats->rx_drop); | |
20568 | + atomic_inc_unchecked(&vcc->stats->rx_drop); | |
20569 | return -ENOMEM; | |
20570 | } | |
20571 | ||
20572 | @@ -1125,14 +1125,14 @@ fore200e_push_rpd(struct fore200e* fore2 | |
20573 | ||
20574 | dev_kfree_skb_any(skb); | |
20575 | ||
20576 | - atomic_inc(&vcc->stats->rx_drop); | |
20577 | + atomic_inc_unchecked(&vcc->stats->rx_drop); | |
20578 | return -ENOMEM; | |
20579 | } | |
20580 | ||
20581 | ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0); | |
20582 | ||
20583 | vcc->push(vcc, skb); | |
20584 | - atomic_inc(&vcc->stats->rx); | |
20585 | + atomic_inc_unchecked(&vcc->stats->rx); | |
20586 | ||
20587 | ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0); | |
20588 | ||
20589 | @@ -1210,7 +1210,7 @@ fore200e_rx_irq(struct fore200e* fore200 | |
20590 | DPRINTK(2, "damaged PDU on %d.%d.%d\n", | |
20591 | fore200e->atm_dev->number, | |
20592 | entry->rpd->atm_header.vpi, entry->rpd->atm_header.vci); | |
20593 | - atomic_inc(&vcc->stats->rx_err); | |
20594 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
20595 | } | |
20596 | } | |
20597 | ||
20598 | @@ -1655,7 +1655,7 @@ fore200e_send(struct atm_vcc *vcc, struc | |
20599 | goto retry_here; | |
20600 | } | |
20601 | ||
20602 | - atomic_inc(&vcc->stats->tx_err); | |
20603 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20604 | ||
20605 | fore200e->tx_sat++; | |
20606 | DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n", | |
ae4e228f MT |
20607 | diff -urNp linux-2.6.33.1/drivers/atm/he.c linux-2.6.33.1/drivers/atm/he.c |
20608 | --- linux-2.6.33.1/drivers/atm/he.c 2010-03-15 12:09:39.000000000 -0400 | |
20609 | +++ linux-2.6.33.1/drivers/atm/he.c 2010-03-20 16:58:39.488806819 -0400 | |
20610 | @@ -1769,7 +1769,7 @@ he_service_rbrq(struct he_dev *he_dev, i | |
58c5fc13 MT |
20611 | |
20612 | if (RBRQ_HBUF_ERR(he_dev->rbrq_head)) { | |
20613 | hprintk("HBUF_ERR! (cid 0x%x)\n", cid); | |
20614 | - atomic_inc(&vcc->stats->rx_drop); | |
20615 | + atomic_inc_unchecked(&vcc->stats->rx_drop); | |
20616 | goto return_host_buffers; | |
20617 | } | |
20618 | ||
ae4e228f | 20619 | @@ -1802,7 +1802,7 @@ he_service_rbrq(struct he_dev *he_dev, i |
58c5fc13 MT |
20620 | RBRQ_LEN_ERR(he_dev->rbrq_head) |
20621 | ? "LEN_ERR" : "", | |
20622 | vcc->vpi, vcc->vci); | |
20623 | - atomic_inc(&vcc->stats->rx_err); | |
20624 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
20625 | goto return_host_buffers; | |
20626 | } | |
20627 | ||
ae4e228f | 20628 | @@ -1861,7 +1861,7 @@ he_service_rbrq(struct he_dev *he_dev, i |
58c5fc13 MT |
20629 | vcc->push(vcc, skb); |
20630 | spin_lock(&he_dev->global_lock); | |
20631 | ||
20632 | - atomic_inc(&vcc->stats->rx); | |
20633 | + atomic_inc_unchecked(&vcc->stats->rx); | |
20634 | ||
20635 | return_host_buffers: | |
20636 | ++pdus_assembled; | |
ae4e228f | 20637 | @@ -2206,7 +2206,7 @@ __enqueue_tpd(struct he_dev *he_dev, str |
58c5fc13 MT |
20638 | tpd->vcc->pop(tpd->vcc, tpd->skb); |
20639 | else | |
20640 | dev_kfree_skb_any(tpd->skb); | |
20641 | - atomic_inc(&tpd->vcc->stats->tx_err); | |
20642 | + atomic_inc_unchecked(&tpd->vcc->stats->tx_err); | |
20643 | } | |
20644 | pci_pool_free(he_dev->tpd_pool, tpd, TPD_ADDR(tpd->status)); | |
20645 | return; | |
ae4e228f | 20646 | @@ -2618,7 +2618,7 @@ he_send(struct atm_vcc *vcc, struct sk_b |
58c5fc13 MT |
20647 | vcc->pop(vcc, skb); |
20648 | else | |
20649 | dev_kfree_skb_any(skb); | |
20650 | - atomic_inc(&vcc->stats->tx_err); | |
20651 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20652 | return -EINVAL; | |
20653 | } | |
20654 | ||
ae4e228f | 20655 | @@ -2629,7 +2629,7 @@ he_send(struct atm_vcc *vcc, struct sk_b |
58c5fc13 MT |
20656 | vcc->pop(vcc, skb); |
20657 | else | |
20658 | dev_kfree_skb_any(skb); | |
20659 | - atomic_inc(&vcc->stats->tx_err); | |
20660 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20661 | return -EINVAL; | |
20662 | } | |
20663 | #endif | |
ae4e228f | 20664 | @@ -2641,7 +2641,7 @@ he_send(struct atm_vcc *vcc, struct sk_b |
58c5fc13 MT |
20665 | vcc->pop(vcc, skb); |
20666 | else | |
20667 | dev_kfree_skb_any(skb); | |
20668 | - atomic_inc(&vcc->stats->tx_err); | |
20669 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20670 | spin_unlock_irqrestore(&he_dev->global_lock, flags); | |
20671 | return -ENOMEM; | |
20672 | } | |
ae4e228f | 20673 | @@ -2683,7 +2683,7 @@ he_send(struct atm_vcc *vcc, struct sk_b |
58c5fc13 MT |
20674 | vcc->pop(vcc, skb); |
20675 | else | |
20676 | dev_kfree_skb_any(skb); | |
20677 | - atomic_inc(&vcc->stats->tx_err); | |
20678 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20679 | spin_unlock_irqrestore(&he_dev->global_lock, flags); | |
20680 | return -ENOMEM; | |
20681 | } | |
ae4e228f | 20682 | @@ -2714,7 +2714,7 @@ he_send(struct atm_vcc *vcc, struct sk_b |
58c5fc13 MT |
20683 | __enqueue_tpd(he_dev, tpd, cid); |
20684 | spin_unlock_irqrestore(&he_dev->global_lock, flags); | |
20685 | ||
20686 | - atomic_inc(&vcc->stats->tx); | |
20687 | + atomic_inc_unchecked(&vcc->stats->tx); | |
20688 | ||
20689 | return 0; | |
20690 | } | |
ae4e228f MT |
20691 | diff -urNp linux-2.6.33.1/drivers/atm/horizon.c linux-2.6.33.1/drivers/atm/horizon.c |
20692 | --- linux-2.6.33.1/drivers/atm/horizon.c 2010-03-15 12:09:39.000000000 -0400 | |
20693 | +++ linux-2.6.33.1/drivers/atm/horizon.c 2010-03-20 16:58:39.496821217 -0400 | |
58c5fc13 MT |
20694 | @@ -1033,7 +1033,7 @@ static void rx_schedule (hrz_dev * dev, |
20695 | { | |
20696 | struct atm_vcc * vcc = ATM_SKB(skb)->vcc; | |
20697 | // VC layer stats | |
20698 | - atomic_inc(&vcc->stats->rx); | |
20699 | + atomic_inc_unchecked(&vcc->stats->rx); | |
20700 | __net_timestamp(skb); | |
20701 | // end of our responsability | |
20702 | vcc->push (vcc, skb); | |
20703 | @@ -1185,7 +1185,7 @@ static void tx_schedule (hrz_dev * const | |
20704 | dev->tx_iovec = NULL; | |
20705 | ||
20706 | // VC layer stats | |
20707 | - atomic_inc(&ATM_SKB(skb)->vcc->stats->tx); | |
20708 | + atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx); | |
20709 | ||
20710 | // free the skb | |
20711 | hrz_kfree_skb (skb); | |
ae4e228f MT |
20712 | diff -urNp linux-2.6.33.1/drivers/atm/idt77252.c linux-2.6.33.1/drivers/atm/idt77252.c |
20713 | --- linux-2.6.33.1/drivers/atm/idt77252.c 2010-03-15 12:09:39.000000000 -0400 | |
20714 | +++ linux-2.6.33.1/drivers/atm/idt77252.c 2010-03-20 16:58:39.496821217 -0400 | |
58c5fc13 MT |
20715 | @@ -810,7 +810,7 @@ drain_scq(struct idt77252_dev *card, str |
20716 | else | |
20717 | dev_kfree_skb(skb); | |
20718 | ||
20719 | - atomic_inc(&vcc->stats->tx); | |
20720 | + atomic_inc_unchecked(&vcc->stats->tx); | |
20721 | } | |
20722 | ||
20723 | atomic_dec(&scq->used); | |
20724 | @@ -1073,13 +1073,13 @@ dequeue_rx(struct idt77252_dev *card, st | |
20725 | if ((sb = dev_alloc_skb(64)) == NULL) { | |
20726 | printk("%s: Can't allocate buffers for aal0.\n", | |
20727 | card->name); | |
20728 | - atomic_add(i, &vcc->stats->rx_drop); | |
20729 | + atomic_add_unchecked(i, &vcc->stats->rx_drop); | |
20730 | break; | |
20731 | } | |
20732 | if (!atm_charge(vcc, sb->truesize)) { | |
20733 | RXPRINTK("%s: atm_charge() dropped aal0 packets.\n", | |
20734 | card->name); | |
20735 | - atomic_add(i - 1, &vcc->stats->rx_drop); | |
20736 | + atomic_add_unchecked(i - 1, &vcc->stats->rx_drop); | |
20737 | dev_kfree_skb(sb); | |
20738 | break; | |
20739 | } | |
20740 | @@ -1096,7 +1096,7 @@ dequeue_rx(struct idt77252_dev *card, st | |
20741 | ATM_SKB(sb)->vcc = vcc; | |
20742 | __net_timestamp(sb); | |
20743 | vcc->push(vcc, sb); | |
20744 | - atomic_inc(&vcc->stats->rx); | |
20745 | + atomic_inc_unchecked(&vcc->stats->rx); | |
20746 | ||
20747 | cell += ATM_CELL_PAYLOAD; | |
20748 | } | |
20749 | @@ -1133,13 +1133,13 @@ dequeue_rx(struct idt77252_dev *card, st | |
20750 | "(CDC: %08x)\n", | |
20751 | card->name, len, rpp->len, readl(SAR_REG_CDC)); | |
20752 | recycle_rx_pool_skb(card, rpp); | |
20753 | - atomic_inc(&vcc->stats->rx_err); | |
20754 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
20755 | return; | |
20756 | } | |
20757 | if (stat & SAR_RSQE_CRC) { | |
20758 | RXPRINTK("%s: AAL5 CRC error.\n", card->name); | |
20759 | recycle_rx_pool_skb(card, rpp); | |
20760 | - atomic_inc(&vcc->stats->rx_err); | |
20761 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
20762 | return; | |
20763 | } | |
20764 | if (skb_queue_len(&rpp->queue) > 1) { | |
20765 | @@ -1150,7 +1150,7 @@ dequeue_rx(struct idt77252_dev *card, st | |
20766 | RXPRINTK("%s: Can't alloc RX skb.\n", | |
20767 | card->name); | |
20768 | recycle_rx_pool_skb(card, rpp); | |
20769 | - atomic_inc(&vcc->stats->rx_err); | |
20770 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
20771 | return; | |
20772 | } | |
20773 | if (!atm_charge(vcc, skb->truesize)) { | |
20774 | @@ -1169,7 +1169,7 @@ dequeue_rx(struct idt77252_dev *card, st | |
20775 | __net_timestamp(skb); | |
20776 | ||
20777 | vcc->push(vcc, skb); | |
20778 | - atomic_inc(&vcc->stats->rx); | |
20779 | + atomic_inc_unchecked(&vcc->stats->rx); | |
20780 | ||
20781 | return; | |
20782 | } | |
20783 | @@ -1191,7 +1191,7 @@ dequeue_rx(struct idt77252_dev *card, st | |
20784 | __net_timestamp(skb); | |
20785 | ||
20786 | vcc->push(vcc, skb); | |
20787 | - atomic_inc(&vcc->stats->rx); | |
20788 | + atomic_inc_unchecked(&vcc->stats->rx); | |
20789 | ||
20790 | if (skb->truesize > SAR_FB_SIZE_3) | |
20791 | add_rx_skb(card, 3, SAR_FB_SIZE_3, 1); | |
20792 | @@ -1303,14 +1303,14 @@ idt77252_rx_raw(struct idt77252_dev *car | |
20793 | if (vcc->qos.aal != ATM_AAL0) { | |
20794 | RPRINTK("%s: raw cell for non AAL0 vc %u.%u\n", | |
20795 | card->name, vpi, vci); | |
20796 | - atomic_inc(&vcc->stats->rx_drop); | |
20797 | + atomic_inc_unchecked(&vcc->stats->rx_drop); | |
20798 | goto drop; | |
20799 | } | |
20800 | ||
20801 | if ((sb = dev_alloc_skb(64)) == NULL) { | |
20802 | printk("%s: Can't allocate buffers for AAL0.\n", | |
20803 | card->name); | |
20804 | - atomic_inc(&vcc->stats->rx_err); | |
20805 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
20806 | goto drop; | |
20807 | } | |
20808 | ||
20809 | @@ -1329,7 +1329,7 @@ idt77252_rx_raw(struct idt77252_dev *car | |
20810 | ATM_SKB(sb)->vcc = vcc; | |
20811 | __net_timestamp(sb); | |
20812 | vcc->push(vcc, sb); | |
20813 | - atomic_inc(&vcc->stats->rx); | |
20814 | + atomic_inc_unchecked(&vcc->stats->rx); | |
20815 | ||
20816 | drop: | |
20817 | skb_pull(queue, 64); | |
20818 | @@ -1954,13 +1954,13 @@ idt77252_send_skb(struct atm_vcc *vcc, s | |
20819 | ||
20820 | if (vc == NULL) { | |
20821 | printk("%s: NULL connection in send().\n", card->name); | |
20822 | - atomic_inc(&vcc->stats->tx_err); | |
20823 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20824 | dev_kfree_skb(skb); | |
20825 | return -EINVAL; | |
20826 | } | |
20827 | if (!test_bit(VCF_TX, &vc->flags)) { | |
20828 | printk("%s: Trying to transmit on a non-tx VC.\n", card->name); | |
20829 | - atomic_inc(&vcc->stats->tx_err); | |
20830 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20831 | dev_kfree_skb(skb); | |
20832 | return -EINVAL; | |
20833 | } | |
20834 | @@ -1972,14 +1972,14 @@ idt77252_send_skb(struct atm_vcc *vcc, s | |
20835 | break; | |
20836 | default: | |
20837 | printk("%s: Unsupported AAL: %d\n", card->name, vcc->qos.aal); | |
20838 | - atomic_inc(&vcc->stats->tx_err); | |
20839 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20840 | dev_kfree_skb(skb); | |
20841 | return -EINVAL; | |
20842 | } | |
20843 | ||
20844 | if (skb_shinfo(skb)->nr_frags != 0) { | |
20845 | printk("%s: No scatter-gather yet.\n", card->name); | |
20846 | - atomic_inc(&vcc->stats->tx_err); | |
20847 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20848 | dev_kfree_skb(skb); | |
20849 | return -EINVAL; | |
20850 | } | |
20851 | @@ -1987,7 +1987,7 @@ idt77252_send_skb(struct atm_vcc *vcc, s | |
20852 | ||
20853 | err = queue_skb(card, vc, skb, oam); | |
20854 | if (err) { | |
20855 | - atomic_inc(&vcc->stats->tx_err); | |
20856 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20857 | dev_kfree_skb(skb); | |
20858 | return err; | |
20859 | } | |
20860 | @@ -2010,7 +2010,7 @@ idt77252_send_oam(struct atm_vcc *vcc, v | |
20861 | skb = dev_alloc_skb(64); | |
20862 | if (!skb) { | |
20863 | printk("%s: Out of memory in send_oam().\n", card->name); | |
20864 | - atomic_inc(&vcc->stats->tx_err); | |
20865 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
20866 | return -ENOMEM; | |
20867 | } | |
20868 | atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); | |
ae4e228f MT |
20869 | diff -urNp linux-2.6.33.1/drivers/atm/iphase.c linux-2.6.33.1/drivers/atm/iphase.c |
20870 | --- linux-2.6.33.1/drivers/atm/iphase.c 2010-03-15 12:09:39.000000000 -0400 | |
20871 | +++ linux-2.6.33.1/drivers/atm/iphase.c 2010-03-20 16:58:39.500808414 -0400 | |
58c5fc13 MT |
20872 | @@ -1123,7 +1123,7 @@ static int rx_pkt(struct atm_dev *dev) |
20873 | status = (u_short) (buf_desc_ptr->desc_mode); | |
20874 | if (status & (RX_CER | RX_PTE | RX_OFL)) | |
20875 | { | |
20876 | - atomic_inc(&vcc->stats->rx_err); | |
20877 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
20878 | IF_ERR(printk("IA: bad packet, dropping it");) | |
20879 | if (status & RX_CER) { | |
20880 | IF_ERR(printk(" cause: packet CRC error\n");) | |
20881 | @@ -1146,7 +1146,7 @@ static int rx_pkt(struct atm_dev *dev) | |
20882 | len = dma_addr - buf_addr; | |
20883 | if (len > iadev->rx_buf_sz) { | |
20884 | printk("Over %d bytes sdu received, dropped!!!\n", iadev->rx_buf_sz); | |
20885 | - atomic_inc(&vcc->stats->rx_err); | |
20886 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
20887 | goto out_free_desc; | |
20888 | } | |
20889 | ||
20890 | @@ -1296,7 +1296,7 @@ static void rx_dle_intr(struct atm_dev * | |
20891 | ia_vcc = INPH_IA_VCC(vcc); | |
20892 | if (ia_vcc == NULL) | |
20893 | { | |
20894 | - atomic_inc(&vcc->stats->rx_err); | |
20895 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
20896 | dev_kfree_skb_any(skb); | |
20897 | atm_return(vcc, atm_guess_pdu2truesize(len)); | |
20898 | goto INCR_DLE; | |
20899 | @@ -1308,7 +1308,7 @@ static void rx_dle_intr(struct atm_dev * | |
20900 | if ((length > iadev->rx_buf_sz) || (length > | |
20901 | (skb->len - sizeof(struct cpcs_trailer)))) | |
20902 | { | |
20903 | - atomic_inc(&vcc->stats->rx_err); | |
20904 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
20905 | IF_ERR(printk("rx_dle_intr: Bad AAL5 trailer %d (skb len %d)", | |
20906 | length, skb->len);) | |
20907 | dev_kfree_skb_any(skb); | |
20908 | @@ -1324,7 +1324,7 @@ static void rx_dle_intr(struct atm_dev * | |
20909 | ||
20910 | IF_RX(printk("rx_dle_intr: skb push");) | |
20911 | vcc->push(vcc,skb); | |
20912 | - atomic_inc(&vcc->stats->rx); | |
20913 | + atomic_inc_unchecked(&vcc->stats->rx); | |
20914 | iadev->rx_pkt_cnt++; | |
20915 | } | |
20916 | INCR_DLE: | |
20917 | @@ -2806,15 +2806,15 @@ static int ia_ioctl(struct atm_dev *dev, | |
20918 | { | |
20919 | struct k_sonet_stats *stats; | |
20920 | stats = &PRIV(_ia_dev[board])->sonet_stats; | |
20921 | - printk("section_bip: %d\n", atomic_read(&stats->section_bip)); | |
20922 | - printk("line_bip : %d\n", atomic_read(&stats->line_bip)); | |
20923 | - printk("path_bip : %d\n", atomic_read(&stats->path_bip)); | |
20924 | - printk("line_febe : %d\n", atomic_read(&stats->line_febe)); | |
20925 | - printk("path_febe : %d\n", atomic_read(&stats->path_febe)); | |
20926 | - printk("corr_hcs : %d\n", atomic_read(&stats->corr_hcs)); | |
20927 | - printk("uncorr_hcs : %d\n", atomic_read(&stats->uncorr_hcs)); | |
20928 | - printk("tx_cells : %d\n", atomic_read(&stats->tx_cells)); | |
20929 | - printk("rx_cells : %d\n", atomic_read(&stats->rx_cells)); | |
20930 | + printk("section_bip: %d\n", atomic_read_unchecked(&stats->section_bip)); | |
20931 | + printk("line_bip : %d\n", atomic_read_unchecked(&stats->line_bip)); | |
20932 | + printk("path_bip : %d\n", atomic_read_unchecked(&stats->path_bip)); | |
20933 | + printk("line_febe : %d\n", atomic_read_unchecked(&stats->line_febe)); | |
20934 | + printk("path_febe : %d\n", atomic_read_unchecked(&stats->path_febe)); | |
20935 | + printk("corr_hcs : %d\n", atomic_read_unchecked(&stats->corr_hcs)); | |
20936 | + printk("uncorr_hcs : %d\n", atomic_read_unchecked(&stats->uncorr_hcs)); | |
20937 | + printk("tx_cells : %d\n", atomic_read_unchecked(&stats->tx_cells)); | |
20938 | + printk("rx_cells : %d\n", atomic_read_unchecked(&stats->rx_cells)); | |
20939 | } | |
20940 | ia_cmds.status = 0; | |
20941 | break; | |
20942 | @@ -2919,7 +2919,7 @@ static int ia_pkt_tx (struct atm_vcc *vc | |
20943 | if ((desc == 0) || (desc > iadev->num_tx_desc)) | |
20944 | { | |
20945 | IF_ERR(printk(DEV_LABEL "invalid desc for send: %d\n", desc);) | |
20946 | - atomic_inc(&vcc->stats->tx); | |
20947 | + atomic_inc_unchecked(&vcc->stats->tx); | |
20948 | if (vcc->pop) | |
20949 | vcc->pop(vcc, skb); | |
20950 | else | |
20951 | @@ -3024,14 +3024,14 @@ static int ia_pkt_tx (struct atm_vcc *vc | |
20952 | ATM_DESC(skb) = vcc->vci; | |
20953 | skb_queue_tail(&iadev->tx_dma_q, skb); | |
20954 | ||
20955 | - atomic_inc(&vcc->stats->tx); | |
20956 | + atomic_inc_unchecked(&vcc->stats->tx); | |
20957 | iadev->tx_pkt_cnt++; | |
20958 | /* Increment transaction counter */ | |
20959 | writel(2, iadev->dma+IPHASE5575_TX_COUNTER); | |
20960 | ||
20961 | #if 0 | |
20962 | /* add flow control logic */ | |
20963 | - if (atomic_read(&vcc->stats->tx) % 20 == 0) { | |
20964 | + if (atomic_read_unchecked(&vcc->stats->tx) % 20 == 0) { | |
20965 | if (iavcc->vc_desc_cnt > 10) { | |
20966 | vcc->tx_quota = vcc->tx_quota * 3 / 4; | |
20967 | printk("Tx1: vcc->tx_quota = %d \n", (u32)vcc->tx_quota ); | |
ae4e228f MT |
20968 | diff -urNp linux-2.6.33.1/drivers/atm/lanai.c linux-2.6.33.1/drivers/atm/lanai.c |
20969 | --- linux-2.6.33.1/drivers/atm/lanai.c 2010-03-15 12:09:39.000000000 -0400 | |
20970 | +++ linux-2.6.33.1/drivers/atm/lanai.c 2010-03-20 16:58:39.504511968 -0400 | |
58c5fc13 MT |
20971 | @@ -1305,7 +1305,7 @@ static void lanai_send_one_aal5(struct l |
20972 | vcc_tx_add_aal5_trailer(lvcc, skb->len, 0, 0); | |
20973 | lanai_endtx(lanai, lvcc); | |
20974 | lanai_free_skb(lvcc->tx.atmvcc, skb); | |
20975 | - atomic_inc(&lvcc->tx.atmvcc->stats->tx); | |
20976 | + atomic_inc_unchecked(&lvcc->tx.atmvcc->stats->tx); | |
20977 | } | |
20978 | ||
20979 | /* Try to fill the buffer - don't call unless there is backlog */ | |
20980 | @@ -1428,7 +1428,7 @@ static void vcc_rx_aal5(struct lanai_vcc | |
20981 | ATM_SKB(skb)->vcc = lvcc->rx.atmvcc; | |
20982 | __net_timestamp(skb); | |
20983 | lvcc->rx.atmvcc->push(lvcc->rx.atmvcc, skb); | |
20984 | - atomic_inc(&lvcc->rx.atmvcc->stats->rx); | |
20985 | + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx); | |
20986 | out: | |
20987 | lvcc->rx.buf.ptr = end; | |
20988 | cardvcc_write(lvcc, endptr, vcc_rxreadptr); | |
20989 | @@ -1670,7 +1670,7 @@ static int handle_service(struct lanai_d | |
20990 | DPRINTK("(itf %d) got RX service entry 0x%X for non-AAL5 " | |
20991 | "vcc %d\n", lanai->number, (unsigned int) s, vci); | |
20992 | lanai->stats.service_rxnotaal5++; | |
20993 | - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err); | |
20994 | + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err); | |
20995 | return 0; | |
20996 | } | |
20997 | if (likely(!(s & (SERVICE_TRASH | SERVICE_STREAM | SERVICE_CRCERR)))) { | |
20998 | @@ -1682,7 +1682,7 @@ static int handle_service(struct lanai_d | |
20999 | int bytes; | |
21000 | read_unlock(&vcc_sklist_lock); | |
21001 | DPRINTK("got trashed rx pdu on vci %d\n", vci); | |
21002 | - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err); | |
21003 | + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err); | |
21004 | lvcc->stats.x.aal5.service_trash++; | |
21005 | bytes = (SERVICE_GET_END(s) * 16) - | |
21006 | (((unsigned long) lvcc->rx.buf.ptr) - | |
21007 | @@ -1694,7 +1694,7 @@ static int handle_service(struct lanai_d | |
21008 | } | |
21009 | if (s & SERVICE_STREAM) { | |
21010 | read_unlock(&vcc_sklist_lock); | |
21011 | - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err); | |
21012 | + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err); | |
21013 | lvcc->stats.x.aal5.service_stream++; | |
21014 | printk(KERN_ERR DEV_LABEL "(itf %d): Got AAL5 stream " | |
21015 | "PDU on VCI %d!\n", lanai->number, vci); | |
21016 | @@ -1702,7 +1702,7 @@ static int handle_service(struct lanai_d | |
21017 | return 0; | |
21018 | } | |
21019 | DPRINTK("got rx crc error on vci %d\n", vci); | |
21020 | - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err); | |
21021 | + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err); | |
21022 | lvcc->stats.x.aal5.service_rxcrc++; | |
21023 | lvcc->rx.buf.ptr = &lvcc->rx.buf.start[SERVICE_GET_END(s) * 4]; | |
21024 | cardvcc_write(lvcc, SERVICE_GET_END(s), vcc_rxreadptr); | |
ae4e228f MT |
21025 | diff -urNp linux-2.6.33.1/drivers/atm/nicstar.c linux-2.6.33.1/drivers/atm/nicstar.c |
21026 | --- linux-2.6.33.1/drivers/atm/nicstar.c 2010-03-15 12:09:39.000000000 -0400 | |
21027 | +++ linux-2.6.33.1/drivers/atm/nicstar.c 2010-03-20 16:58:39.504511968 -0400 | |
58c5fc13 MT |
21028 | @@ -1723,7 +1723,7 @@ static int ns_send(struct atm_vcc *vcc, |
21029 | if ((vc = (vc_map *) vcc->dev_data) == NULL) | |
21030 | { | |
21031 | printk("nicstar%d: vcc->dev_data == NULL on ns_send().\n", card->index); | |
21032 | - atomic_inc(&vcc->stats->tx_err); | |
21033 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
21034 | dev_kfree_skb_any(skb); | |
21035 | return -EINVAL; | |
21036 | } | |
21037 | @@ -1731,7 +1731,7 @@ static int ns_send(struct atm_vcc *vcc, | |
21038 | if (!vc->tx) | |
21039 | { | |
21040 | printk("nicstar%d: Trying to transmit on a non-tx VC.\n", card->index); | |
21041 | - atomic_inc(&vcc->stats->tx_err); | |
21042 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
21043 | dev_kfree_skb_any(skb); | |
21044 | return -EINVAL; | |
21045 | } | |
21046 | @@ -1739,7 +1739,7 @@ static int ns_send(struct atm_vcc *vcc, | |
21047 | if (vcc->qos.aal != ATM_AAL5 && vcc->qos.aal != ATM_AAL0) | |
21048 | { | |
21049 | printk("nicstar%d: Only AAL0 and AAL5 are supported.\n", card->index); | |
21050 | - atomic_inc(&vcc->stats->tx_err); | |
21051 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
21052 | dev_kfree_skb_any(skb); | |
21053 | return -EINVAL; | |
21054 | } | |
21055 | @@ -1747,7 +1747,7 @@ static int ns_send(struct atm_vcc *vcc, | |
21056 | if (skb_shinfo(skb)->nr_frags != 0) | |
21057 | { | |
21058 | printk("nicstar%d: No scatter-gather yet.\n", card->index); | |
21059 | - atomic_inc(&vcc->stats->tx_err); | |
21060 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
21061 | dev_kfree_skb_any(skb); | |
21062 | return -EINVAL; | |
21063 | } | |
21064 | @@ -1792,11 +1792,11 @@ static int ns_send(struct atm_vcc *vcc, | |
21065 | ||
21066 | if (push_scqe(card, vc, scq, &scqe, skb) != 0) | |
21067 | { | |
21068 | - atomic_inc(&vcc->stats->tx_err); | |
21069 | + atomic_inc_unchecked(&vcc->stats->tx_err); | |
21070 | dev_kfree_skb_any(skb); | |
21071 | return -EIO; | |
21072 | } | |
21073 | - atomic_inc(&vcc->stats->tx); | |
21074 | + atomic_inc_unchecked(&vcc->stats->tx); | |
21075 | ||
21076 | return 0; | |
21077 | } | |
21078 | @@ -2111,14 +2111,14 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21079 | { | |
21080 | printk("nicstar%d: Can't allocate buffers for aal0.\n", | |
21081 | card->index); | |
21082 | - atomic_add(i,&vcc->stats->rx_drop); | |
21083 | + atomic_add_unchecked(i,&vcc->stats->rx_drop); | |
21084 | break; | |
21085 | } | |
21086 | if (!atm_charge(vcc, sb->truesize)) | |
21087 | { | |
21088 | RXPRINTK("nicstar%d: atm_charge() dropped aal0 packets.\n", | |
21089 | card->index); | |
21090 | - atomic_add(i-1,&vcc->stats->rx_drop); /* already increased by 1 */ | |
21091 | + atomic_add_unchecked(i-1,&vcc->stats->rx_drop); /* already increased by 1 */ | |
21092 | dev_kfree_skb_any(sb); | |
21093 | break; | |
21094 | } | |
21095 | @@ -2133,7 +2133,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21096 | ATM_SKB(sb)->vcc = vcc; | |
21097 | __net_timestamp(sb); | |
21098 | vcc->push(vcc, sb); | |
21099 | - atomic_inc(&vcc->stats->rx); | |
21100 | + atomic_inc_unchecked(&vcc->stats->rx); | |
21101 | cell += ATM_CELL_PAYLOAD; | |
21102 | } | |
21103 | ||
21104 | @@ -2152,7 +2152,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21105 | if (iovb == NULL) | |
21106 | { | |
21107 | printk("nicstar%d: Out of iovec buffers.\n", card->index); | |
21108 | - atomic_inc(&vcc->stats->rx_drop); | |
21109 | + atomic_inc_unchecked(&vcc->stats->rx_drop); | |
21110 | recycle_rx_buf(card, skb); | |
21111 | return; | |
21112 | } | |
21113 | @@ -2182,7 +2182,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21114 | else if (NS_SKB(iovb)->iovcnt >= NS_MAX_IOVECS) | |
21115 | { | |
21116 | printk("nicstar%d: received too big AAL5 SDU.\n", card->index); | |
21117 | - atomic_inc(&vcc->stats->rx_err); | |
21118 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
21119 | recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data, NS_MAX_IOVECS); | |
21120 | NS_SKB(iovb)->iovcnt = 0; | |
21121 | iovb->len = 0; | |
21122 | @@ -2202,7 +2202,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21123 | printk("nicstar%d: Expected a small buffer, and this is not one.\n", | |
21124 | card->index); | |
21125 | which_list(card, skb); | |
21126 | - atomic_inc(&vcc->stats->rx_err); | |
21127 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
21128 | recycle_rx_buf(card, skb); | |
21129 | vc->rx_iov = NULL; | |
21130 | recycle_iov_buf(card, iovb); | |
21131 | @@ -2216,7 +2216,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21132 | printk("nicstar%d: Expected a large buffer, and this is not one.\n", | |
21133 | card->index); | |
21134 | which_list(card, skb); | |
21135 | - atomic_inc(&vcc->stats->rx_err); | |
21136 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
21137 | recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data, | |
21138 | NS_SKB(iovb)->iovcnt); | |
21139 | vc->rx_iov = NULL; | |
21140 | @@ -2240,7 +2240,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21141 | printk(" - PDU size mismatch.\n"); | |
21142 | else | |
21143 | printk(".\n"); | |
21144 | - atomic_inc(&vcc->stats->rx_err); | |
21145 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
21146 | recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data, | |
21147 | NS_SKB(iovb)->iovcnt); | |
21148 | vc->rx_iov = NULL; | |
21149 | @@ -2256,7 +2256,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21150 | if (!atm_charge(vcc, skb->truesize)) | |
21151 | { | |
21152 | push_rxbufs(card, skb); | |
21153 | - atomic_inc(&vcc->stats->rx_drop); | |
21154 | + atomic_inc_unchecked(&vcc->stats->rx_drop); | |
21155 | } | |
21156 | else | |
21157 | { | |
21158 | @@ -2268,7 +2268,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21159 | ATM_SKB(skb)->vcc = vcc; | |
21160 | __net_timestamp(skb); | |
21161 | vcc->push(vcc, skb); | |
21162 | - atomic_inc(&vcc->stats->rx); | |
21163 | + atomic_inc_unchecked(&vcc->stats->rx); | |
21164 | } | |
21165 | } | |
21166 | else if (NS_SKB(iovb)->iovcnt == 2) /* One small plus one large buffer */ | |
21167 | @@ -2283,7 +2283,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21168 | if (!atm_charge(vcc, sb->truesize)) | |
21169 | { | |
21170 | push_rxbufs(card, sb); | |
21171 | - atomic_inc(&vcc->stats->rx_drop); | |
21172 | + atomic_inc_unchecked(&vcc->stats->rx_drop); | |
21173 | } | |
21174 | else | |
21175 | { | |
21176 | @@ -2295,7 +2295,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21177 | ATM_SKB(sb)->vcc = vcc; | |
21178 | __net_timestamp(sb); | |
21179 | vcc->push(vcc, sb); | |
21180 | - atomic_inc(&vcc->stats->rx); | |
21181 | + atomic_inc_unchecked(&vcc->stats->rx); | |
21182 | } | |
21183 | ||
21184 | push_rxbufs(card, skb); | |
21185 | @@ -2306,7 +2306,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21186 | if (!atm_charge(vcc, skb->truesize)) | |
21187 | { | |
21188 | push_rxbufs(card, skb); | |
21189 | - atomic_inc(&vcc->stats->rx_drop); | |
21190 | + atomic_inc_unchecked(&vcc->stats->rx_drop); | |
21191 | } | |
21192 | else | |
21193 | { | |
21194 | @@ -2320,7 +2320,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21195 | ATM_SKB(skb)->vcc = vcc; | |
21196 | __net_timestamp(skb); | |
21197 | vcc->push(vcc, skb); | |
21198 | - atomic_inc(&vcc->stats->rx); | |
21199 | + atomic_inc_unchecked(&vcc->stats->rx); | |
21200 | } | |
21201 | ||
21202 | push_rxbufs(card, sb); | |
21203 | @@ -2342,7 +2342,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21204 | if (hb == NULL) | |
21205 | { | |
21206 | printk("nicstar%d: Out of huge buffers.\n", card->index); | |
21207 | - atomic_inc(&vcc->stats->rx_drop); | |
21208 | + atomic_inc_unchecked(&vcc->stats->rx_drop); | |
21209 | recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data, | |
21210 | NS_SKB(iovb)->iovcnt); | |
21211 | vc->rx_iov = NULL; | |
21212 | @@ -2393,7 +2393,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21213 | } | |
21214 | else | |
21215 | dev_kfree_skb_any(hb); | |
21216 | - atomic_inc(&vcc->stats->rx_drop); | |
21217 | + atomic_inc_unchecked(&vcc->stats->rx_drop); | |
21218 | } | |
21219 | else | |
21220 | { | |
21221 | @@ -2427,7 +2427,7 @@ static void dequeue_rx(ns_dev *card, ns_ | |
21222 | #endif /* NS_USE_DESTRUCTORS */ | |
21223 | __net_timestamp(hb); | |
21224 | vcc->push(vcc, hb); | |
21225 | - atomic_inc(&vcc->stats->rx); | |
21226 | + atomic_inc_unchecked(&vcc->stats->rx); | |
21227 | } | |
21228 | } | |
21229 | ||
ae4e228f MT |
21230 | diff -urNp linux-2.6.33.1/drivers/atm/solos-pci.c linux-2.6.33.1/drivers/atm/solos-pci.c |
21231 | --- linux-2.6.33.1/drivers/atm/solos-pci.c 2010-03-15 12:09:39.000000000 -0400 | |
21232 | +++ linux-2.6.33.1/drivers/atm/solos-pci.c 2010-03-20 16:58:39.512795633 -0400 | |
21233 | @@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg) | |
58c5fc13 MT |
21234 | } |
21235 | atm_charge(vcc, skb->truesize); | |
21236 | vcc->push(vcc, skb); | |
21237 | - atomic_inc(&vcc->stats->rx); | |
21238 | + atomic_inc_unchecked(&vcc->stats->rx); | |
21239 | break; | |
21240 | ||
21241 | case PKT_STATUS: | |
ae4e228f | 21242 | @@ -1017,7 +1017,7 @@ static uint32_t fpga_tx(struct solos_car |
58c5fc13 MT |
21243 | vcc = SKB_CB(oldskb)->vcc; |
21244 | ||
21245 | if (vcc) { | |
21246 | - atomic_inc(&vcc->stats->tx); | |
21247 | + atomic_inc_unchecked(&vcc->stats->tx); | |
21248 | solos_pop(vcc, oldskb); | |
21249 | } else | |
21250 | dev_kfree_skb_irq(oldskb); | |
ae4e228f MT |
21251 | diff -urNp linux-2.6.33.1/drivers/atm/suni.c linux-2.6.33.1/drivers/atm/suni.c |
21252 | --- linux-2.6.33.1/drivers/atm/suni.c 2010-03-15 12:09:39.000000000 -0400 | |
21253 | +++ linux-2.6.33.1/drivers/atm/suni.c 2010-03-20 16:58:39.516795609 -0400 | |
58c5fc13 MT |
21254 | @@ -49,8 +49,8 @@ static DEFINE_SPINLOCK(sunis_lock); |
21255 | ||
21256 | ||
21257 | #define ADD_LIMITED(s,v) \ | |
21258 | - atomic_add((v),&stats->s); \ | |
21259 | - if (atomic_read(&stats->s) < 0) atomic_set(&stats->s,INT_MAX); | |
21260 | + atomic_add_unchecked((v),&stats->s); \ | |
21261 | + if (atomic_read_unchecked(&stats->s) < 0) atomic_set_unchecked(&stats->s,INT_MAX); | |
21262 | ||
21263 | ||
21264 | static void suni_hz(unsigned long from_timer) | |
ae4e228f MT |
21265 | diff -urNp linux-2.6.33.1/drivers/atm/uPD98402.c linux-2.6.33.1/drivers/atm/uPD98402.c |
21266 | --- linux-2.6.33.1/drivers/atm/uPD98402.c 2010-03-15 12:09:39.000000000 -0400 | |
21267 | +++ linux-2.6.33.1/drivers/atm/uPD98402.c 2010-03-20 16:58:39.516795609 -0400 | |
58c5fc13 MT |
21268 | @@ -41,7 +41,7 @@ static int fetch_stats(struct atm_dev *d |
21269 | struct sonet_stats tmp; | |
21270 | int error = 0; | |
21271 | ||
21272 | - atomic_add(GET(HECCT),&PRIV(dev)->sonet_stats.uncorr_hcs); | |
21273 | + atomic_add_unchecked(GET(HECCT),&PRIV(dev)->sonet_stats.uncorr_hcs); | |
21274 | sonet_copy_stats(&PRIV(dev)->sonet_stats,&tmp); | |
21275 | if (arg) error = copy_to_user(arg,&tmp,sizeof(tmp)); | |
21276 | if (zero && !error) { | |
21277 | @@ -160,9 +160,9 @@ static int uPD98402_ioctl(struct atm_dev | |
21278 | ||
21279 | ||
21280 | #define ADD_LIMITED(s,v) \ | |
21281 | - { atomic_add(GET(v),&PRIV(dev)->sonet_stats.s); \ | |
21282 | - if (atomic_read(&PRIV(dev)->sonet_stats.s) < 0) \ | |
21283 | - atomic_set(&PRIV(dev)->sonet_stats.s,INT_MAX); } | |
21284 | + { atomic_add_unchecked(GET(v),&PRIV(dev)->sonet_stats.s); \ | |
21285 | + if (atomic_read_unchecked(&PRIV(dev)->sonet_stats.s) < 0) \ | |
21286 | + atomic_set_unchecked(&PRIV(dev)->sonet_stats.s,INT_MAX); } | |
21287 | ||
21288 | ||
21289 | static void stat_event(struct atm_dev *dev) | |
21290 | @@ -193,7 +193,7 @@ static void uPD98402_int(struct atm_dev | |
21291 | if (reason & uPD98402_INT_PFM) stat_event(dev); | |
21292 | if (reason & uPD98402_INT_PCO) { | |
21293 | (void) GET(PCOCR); /* clear interrupt cause */ | |
21294 | - atomic_add(GET(HECCT), | |
21295 | + atomic_add_unchecked(GET(HECCT), | |
21296 | &PRIV(dev)->sonet_stats.uncorr_hcs); | |
21297 | } | |
21298 | if ((reason & uPD98402_INT_RFO) && | |
21299 | @@ -221,9 +221,9 @@ static int uPD98402_start(struct atm_dev | |
21300 | PUT(~(uPD98402_INT_PFM | uPD98402_INT_ALM | uPD98402_INT_RFO | | |
21301 | uPD98402_INT_LOS),PIMR); /* enable them */ | |
21302 | (void) fetch_stats(dev,NULL,1); /* clear kernel counters */ | |
21303 | - atomic_set(&PRIV(dev)->sonet_stats.corr_hcs,-1); | |
21304 | - atomic_set(&PRIV(dev)->sonet_stats.tx_cells,-1); | |
21305 | - atomic_set(&PRIV(dev)->sonet_stats.rx_cells,-1); | |
21306 | + atomic_set_unchecked(&PRIV(dev)->sonet_stats.corr_hcs,-1); | |
21307 | + atomic_set_unchecked(&PRIV(dev)->sonet_stats.tx_cells,-1); | |
21308 | + atomic_set_unchecked(&PRIV(dev)->sonet_stats.rx_cells,-1); | |
21309 | return 0; | |
21310 | } | |
21311 | ||
ae4e228f MT |
21312 | diff -urNp linux-2.6.33.1/drivers/atm/zatm.c linux-2.6.33.1/drivers/atm/zatm.c |
21313 | --- linux-2.6.33.1/drivers/atm/zatm.c 2010-03-15 12:09:39.000000000 -0400 | |
21314 | +++ linux-2.6.33.1/drivers/atm/zatm.c 2010-03-20 16:58:39.516795609 -0400 | |
58c5fc13 MT |
21315 | @@ -458,7 +458,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy |
21316 | } | |
21317 | if (!size) { | |
21318 | dev_kfree_skb_irq(skb); | |
21319 | - if (vcc) atomic_inc(&vcc->stats->rx_err); | |
21320 | + if (vcc) atomic_inc_unchecked(&vcc->stats->rx_err); | |
21321 | continue; | |
21322 | } | |
21323 | if (!atm_charge(vcc,skb->truesize)) { | |
21324 | @@ -468,7 +468,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy | |
21325 | skb->len = size; | |
21326 | ATM_SKB(skb)->vcc = vcc; | |
21327 | vcc->push(vcc,skb); | |
21328 | - atomic_inc(&vcc->stats->rx); | |
21329 | + atomic_inc_unchecked(&vcc->stats->rx); | |
21330 | } | |
21331 | zout(pos & 0xffff,MTA(mbx)); | |
21332 | #if 0 /* probably a stupid idea */ | |
21333 | @@ -732,7 +732,7 @@ if (*ZATM_PRV_DSC(skb) != (uPD98401_TXPD | |
21334 | skb_queue_head(&zatm_vcc->backlog,skb); | |
21335 | break; | |
21336 | } | |
21337 | - atomic_inc(&vcc->stats->tx); | |
21338 | + atomic_inc_unchecked(&vcc->stats->tx); | |
21339 | wake_up(&zatm_vcc->tx_wait); | |
21340 | } | |
21341 | ||
ae4e228f MT |
21342 | diff -urNp linux-2.6.33.1/drivers/base/bus.c linux-2.6.33.1/drivers/base/bus.c |
21343 | --- linux-2.6.33.1/drivers/base/bus.c 2010-03-15 12:09:39.000000000 -0400 | |
21344 | +++ linux-2.6.33.1/drivers/base/bus.c 2010-03-20 16:58:39.548804768 -0400 | |
21345 | @@ -70,7 +70,7 @@ static ssize_t drv_attr_store(struct kob | |
21346 | return ret; | |
58c5fc13 MT |
21347 | } |
21348 | ||
ae4e228f MT |
21349 | -static struct sysfs_ops driver_sysfs_ops = { |
21350 | +static const struct sysfs_ops driver_sysfs_ops = { | |
21351 | .show = drv_attr_show, | |
21352 | .store = drv_attr_store, | |
21353 | }; | |
21354 | @@ -115,7 +115,7 @@ static ssize_t bus_attr_store(struct kob | |
21355 | return ret; | |
58c5fc13 MT |
21356 | } |
21357 | ||
ae4e228f MT |
21358 | -static struct sysfs_ops bus_sysfs_ops = { |
21359 | +static const struct sysfs_ops bus_sysfs_ops = { | |
21360 | .show = bus_attr_show, | |
21361 | .store = bus_attr_store, | |
21362 | }; | |
21363 | @@ -154,7 +154,7 @@ static int bus_uevent_filter(struct kset | |
21364 | return 0; | |
21365 | } | |
21366 | ||
21367 | -static struct kset_uevent_ops bus_uevent_ops = { | |
21368 | +static const struct kset_uevent_ops bus_uevent_ops = { | |
21369 | .filter = bus_uevent_filter, | |
21370 | }; | |
21371 | ||
21372 | diff -urNp linux-2.6.33.1/drivers/base/class.c linux-2.6.33.1/drivers/base/class.c | |
21373 | --- linux-2.6.33.1/drivers/base/class.c 2010-03-15 12:09:39.000000000 -0400 | |
21374 | +++ linux-2.6.33.1/drivers/base/class.c 2010-03-20 16:58:39.548804768 -0400 | |
21375 | @@ -63,7 +63,7 @@ static void class_release(struct kobject | |
21376 | kfree(cp); | |
21377 | } | |
21378 | ||
21379 | -static struct sysfs_ops class_sysfs_ops = { | |
21380 | +static const struct sysfs_ops class_sysfs_ops = { | |
21381 | .show = class_attr_show, | |
21382 | .store = class_attr_store, | |
21383 | }; | |
21384 | diff -urNp linux-2.6.33.1/drivers/base/core.c linux-2.6.33.1/drivers/base/core.c | |
21385 | --- linux-2.6.33.1/drivers/base/core.c 2010-03-15 12:09:39.000000000 -0400 | |
21386 | +++ linux-2.6.33.1/drivers/base/core.c 2010-03-20 16:58:39.548804768 -0400 | |
21387 | @@ -100,7 +100,7 @@ static ssize_t dev_attr_store(struct kob | |
21388 | return ret; | |
21389 | } | |
21390 | ||
21391 | -static struct sysfs_ops dev_sysfs_ops = { | |
21392 | +static const struct sysfs_ops dev_sysfs_ops = { | |
21393 | .show = dev_attr_show, | |
21394 | .store = dev_attr_store, | |
21395 | }; | |
21396 | @@ -252,7 +252,7 @@ static int dev_uevent(struct kset *kset, | |
21397 | return retval; | |
21398 | } | |
21399 | ||
21400 | -static struct kset_uevent_ops device_uevent_ops = { | |
21401 | +static const struct kset_uevent_ops device_uevent_ops = { | |
21402 | .filter = dev_uevent_filter, | |
21403 | .name = dev_uevent_name, | |
21404 | .uevent = dev_uevent, | |
21405 | diff -urNp linux-2.6.33.1/drivers/base/memory.c linux-2.6.33.1/drivers/base/memory.c | |
21406 | --- linux-2.6.33.1/drivers/base/memory.c 2010-03-15 12:09:39.000000000 -0400 | |
21407 | +++ linux-2.6.33.1/drivers/base/memory.c 2010-03-20 16:58:39.553060820 -0400 | |
21408 | @@ -44,7 +44,7 @@ static int memory_uevent(struct kset *ks | |
21409 | return retval; | |
21410 | } | |
21411 | ||
21412 | -static struct kset_uevent_ops memory_uevent_ops = { | |
21413 | +static const struct kset_uevent_ops memory_uevent_ops = { | |
21414 | .name = memory_uevent_name, | |
21415 | .uevent = memory_uevent, | |
21416 | }; | |
21417 | diff -urNp linux-2.6.33.1/drivers/base/sys.c linux-2.6.33.1/drivers/base/sys.c | |
21418 | --- linux-2.6.33.1/drivers/base/sys.c 2010-03-15 12:09:39.000000000 -0400 | |
21419 | +++ linux-2.6.33.1/drivers/base/sys.c 2010-03-20 16:58:39.553060820 -0400 | |
21420 | @@ -54,7 +54,7 @@ sysdev_store(struct kobject *kobj, struc | |
21421 | return -EIO; | |
21422 | } | |
21423 | ||
21424 | -static struct sysfs_ops sysfs_ops = { | |
21425 | +static const struct sysfs_ops sysfs_ops = { | |
21426 | .show = sysdev_show, | |
21427 | .store = sysdev_store, | |
21428 | }; | |
21429 | @@ -104,7 +104,7 @@ static ssize_t sysdev_class_store(struct | |
21430 | return -EIO; | |
21431 | } | |
21432 | ||
21433 | -static struct sysfs_ops sysfs_class_ops = { | |
21434 | +static const struct sysfs_ops sysfs_class_ops = { | |
21435 | .show = sysdev_class_show, | |
21436 | .store = sysdev_class_store, | |
21437 | }; | |
21438 | diff -urNp linux-2.6.33.1/drivers/block/pktcdvd.c linux-2.6.33.1/drivers/block/pktcdvd.c | |
21439 | --- linux-2.6.33.1/drivers/block/pktcdvd.c 2010-03-15 12:09:39.000000000 -0400 | |
21440 | +++ linux-2.6.33.1/drivers/block/pktcdvd.c 2010-03-20 16:58:39.568810035 -0400 | |
21441 | @@ -284,7 +284,7 @@ static ssize_t kobj_pkt_store(struct kob | |
21442 | return len; | |
21443 | } | |
21444 | ||
21445 | -static struct sysfs_ops kobj_pkt_ops = { | |
21446 | +static const struct sysfs_ops kobj_pkt_ops = { | |
21447 | .show = kobj_pkt_show, | |
21448 | .store = kobj_pkt_store | |
21449 | }; | |
21450 | diff -urNp linux-2.6.33.1/drivers/char/agp/frontend.c linux-2.6.33.1/drivers/char/agp/frontend.c | |
21451 | --- linux-2.6.33.1/drivers/char/agp/frontend.c 2010-03-15 12:09:39.000000000 -0400 | |
21452 | +++ linux-2.6.33.1/drivers/char/agp/frontend.c 2010-03-20 16:58:39.572812162 -0400 | |
21453 | @@ -818,7 +818,7 @@ static int agpioc_reserve_wrap(struct ag | |
58c5fc13 MT |
21454 | if (copy_from_user(&reserve, arg, sizeof(struct agp_region))) |
21455 | return -EFAULT; | |
21456 | ||
21457 | - if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment)) | |
21458 | + if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment_priv)) | |
21459 | return -EFAULT; | |
21460 | ||
21461 | client = agp_find_client_by_pid(reserve.pid); | |
ae4e228f MT |
21462 | diff -urNp linux-2.6.33.1/drivers/char/agp/intel-agp.c linux-2.6.33.1/drivers/char/agp/intel-agp.c |
21463 | --- linux-2.6.33.1/drivers/char/agp/intel-agp.c 2010-03-15 12:09:39.000000000 -0400 | |
21464 | +++ linux-2.6.33.1/drivers/char/agp/intel-agp.c 2010-03-20 16:58:39.588814817 -0400 | |
21465 | @@ -2575,7 +2575,7 @@ static struct pci_device_id agp_intel_pc | |
21466 | ID(PCI_DEVICE_ID_INTEL_IRONLAKE_M_HB), | |
21467 | ID(PCI_DEVICE_ID_INTEL_IRONLAKE_MA_HB), | |
21468 | ID(PCI_DEVICE_ID_INTEL_IRONLAKE_MC2_HB), | |
58c5fc13 MT |
21469 | - { } |
21470 | + { 0, 0, 0, 0, 0, 0, 0 } | |
21471 | }; | |
21472 | ||
21473 | MODULE_DEVICE_TABLE(pci, agp_intel_pci_table); | |
ae4e228f MT |
21474 | diff -urNp linux-2.6.33.1/drivers/char/hpet.c linux-2.6.33.1/drivers/char/hpet.c |
21475 | --- linux-2.6.33.1/drivers/char/hpet.c 2010-03-15 12:09:39.000000000 -0400 | |
21476 | +++ linux-2.6.33.1/drivers/char/hpet.c 2010-03-20 16:58:39.592808427 -0400 | |
58c5fc13 MT |
21477 | @@ -995,7 +995,7 @@ static struct acpi_driver hpet_acpi_driv |
21478 | }, | |
21479 | }; | |
21480 | ||
21481 | -static struct miscdevice hpet_misc = { HPET_MINOR, "hpet", &hpet_fops }; | |
21482 | +static struct miscdevice hpet_misc = { HPET_MINOR, "hpet", &hpet_fops, {NULL, NULL}, NULL, NULL }; | |
21483 | ||
21484 | static int __init hpet_init(void) | |
21485 | { | |
ae4e228f MT |
21486 | diff -urNp linux-2.6.33.1/drivers/char/hvc_beat.c linux-2.6.33.1/drivers/char/hvc_beat.c |
21487 | --- linux-2.6.33.1/drivers/char/hvc_beat.c 2010-03-15 12:09:39.000000000 -0400 | |
21488 | +++ linux-2.6.33.1/drivers/char/hvc_beat.c 2010-03-20 16:58:39.596613651 -0400 | |
21489 | @@ -84,7 +84,7 @@ static int hvc_beat_put_chars(uint32_t v | |
21490 | return cnt; | |
21491 | } | |
21492 | ||
21493 | -static struct hv_ops hvc_beat_get_put_ops = { | |
21494 | +static const struct hv_ops hvc_beat_get_put_ops = { | |
21495 | .get_chars = hvc_beat_get_chars, | |
21496 | .put_chars = hvc_beat_put_chars, | |
21497 | }; | |
21498 | diff -urNp linux-2.6.33.1/drivers/char/hvc_console.c linux-2.6.33.1/drivers/char/hvc_console.c | |
21499 | --- linux-2.6.33.1/drivers/char/hvc_console.c 2010-03-15 12:09:39.000000000 -0400 | |
21500 | +++ linux-2.6.33.1/drivers/char/hvc_console.c 2010-03-20 16:58:39.596613651 -0400 | |
21501 | @@ -125,7 +125,7 @@ static struct hvc_struct *hvc_get_by_ind | |
21502 | * console interfaces but can still be used as a tty device. This has to be | |
21503 | * static because kmalloc will not work during early console init. | |
21504 | */ | |
21505 | -static struct hv_ops *cons_ops[MAX_NR_HVC_CONSOLES]; | |
21506 | +static const struct hv_ops *cons_ops[MAX_NR_HVC_CONSOLES]; | |
21507 | static uint32_t vtermnos[MAX_NR_HVC_CONSOLES] = | |
21508 | {[0 ... MAX_NR_HVC_CONSOLES - 1] = -1}; | |
21509 | ||
21510 | @@ -247,7 +247,7 @@ static void destroy_hvc_struct(struct kr | |
21511 | * vty adapters do NOT get an hvc_instantiate() callback since they | |
21512 | * appear after early console init. | |
21513 | */ | |
21514 | -int hvc_instantiate(uint32_t vtermno, int index, struct hv_ops *ops) | |
21515 | +int hvc_instantiate(uint32_t vtermno, int index, const struct hv_ops *ops) | |
21516 | { | |
21517 | struct hvc_struct *hp; | |
21518 | ||
21519 | @@ -749,7 +749,7 @@ static const struct tty_operations hvc_o | |
21520 | }; | |
21521 | ||
21522 | struct hvc_struct __devinit *hvc_alloc(uint32_t vtermno, int data, | |
21523 | - struct hv_ops *ops, int outbuf_size) | |
21524 | + const struct hv_ops *ops, int outbuf_size) | |
21525 | { | |
21526 | struct hvc_struct *hp; | |
21527 | int i; | |
21528 | diff -urNp linux-2.6.33.1/drivers/char/hvc_console.h linux-2.6.33.1/drivers/char/hvc_console.h | |
21529 | --- linux-2.6.33.1/drivers/char/hvc_console.h 2010-03-15 12:09:39.000000000 -0400 | |
21530 | +++ linux-2.6.33.1/drivers/char/hvc_console.h 2010-03-20 16:58:39.596613651 -0400 | |
21531 | @@ -55,7 +55,7 @@ struct hvc_struct { | |
21532 | int outbuf_size; | |
21533 | int n_outbuf; | |
21534 | uint32_t vtermno; | |
21535 | - struct hv_ops *ops; | |
21536 | + const struct hv_ops *ops; | |
21537 | int irq_requested; | |
21538 | int data; | |
21539 | struct winsize ws; | |
21540 | @@ -76,11 +76,11 @@ struct hv_ops { | |
21541 | }; | |
21542 | ||
21543 | /* Register a vterm and a slot index for use as a console (console_init) */ | |
21544 | -extern int hvc_instantiate(uint32_t vtermno, int index, struct hv_ops *ops); | |
21545 | +extern int hvc_instantiate(uint32_t vtermno, int index, const struct hv_ops *ops); | |
21546 | ||
21547 | /* register a vterm for hvc tty operation (module_init or hotplug add) */ | |
21548 | extern struct hvc_struct * __devinit hvc_alloc(uint32_t vtermno, int data, | |
21549 | - struct hv_ops *ops, int outbuf_size); | |
21550 | + const struct hv_ops *ops, int outbuf_size); | |
21551 | /* remove a vterm from hvc tty operation (module_exit or hotplug remove) */ | |
21552 | extern int hvc_remove(struct hvc_struct *hp); | |
21553 | ||
21554 | diff -urNp linux-2.6.33.1/drivers/char/hvc_iseries.c linux-2.6.33.1/drivers/char/hvc_iseries.c | |
21555 | --- linux-2.6.33.1/drivers/char/hvc_iseries.c 2010-03-15 12:09:39.000000000 -0400 | |
21556 | +++ linux-2.6.33.1/drivers/char/hvc_iseries.c 2010-03-20 16:58:39.596613651 -0400 | |
21557 | @@ -197,7 +197,7 @@ done: | |
21558 | return sent; | |
21559 | } | |
21560 | ||
21561 | -static struct hv_ops hvc_get_put_ops = { | |
21562 | +static const struct hv_ops hvc_get_put_ops = { | |
21563 | .get_chars = get_chars, | |
21564 | .put_chars = put_chars, | |
21565 | .notifier_add = notifier_add_irq, | |
21566 | diff -urNp linux-2.6.33.1/drivers/char/hvc_iucv.c linux-2.6.33.1/drivers/char/hvc_iucv.c | |
21567 | --- linux-2.6.33.1/drivers/char/hvc_iucv.c 2010-03-15 12:09:39.000000000 -0400 | |
21568 | +++ linux-2.6.33.1/drivers/char/hvc_iucv.c 2010-03-20 16:58:39.596613651 -0400 | |
21569 | @@ -922,7 +922,7 @@ static int hvc_iucv_pm_restore_thaw(stru | |
21570 | ||
21571 | ||
21572 | /* HVC operations */ | |
21573 | -static struct hv_ops hvc_iucv_ops = { | |
21574 | +static const struct hv_ops hvc_iucv_ops = { | |
21575 | .get_chars = hvc_iucv_get_chars, | |
21576 | .put_chars = hvc_iucv_put_chars, | |
21577 | .notifier_add = hvc_iucv_notifier_add, | |
21578 | diff -urNp linux-2.6.33.1/drivers/char/hvc_rtas.c linux-2.6.33.1/drivers/char/hvc_rtas.c | |
21579 | --- linux-2.6.33.1/drivers/char/hvc_rtas.c 2010-03-15 12:09:39.000000000 -0400 | |
21580 | +++ linux-2.6.33.1/drivers/char/hvc_rtas.c 2010-03-20 16:58:39.600817341 -0400 | |
21581 | @@ -71,7 +71,7 @@ static int hvc_rtas_read_console(uint32_ | |
21582 | return i; | |
21583 | } | |
21584 | ||
21585 | -static struct hv_ops hvc_rtas_get_put_ops = { | |
21586 | +static const struct hv_ops hvc_rtas_get_put_ops = { | |
21587 | .get_chars = hvc_rtas_read_console, | |
21588 | .put_chars = hvc_rtas_write_console, | |
21589 | }; | |
21590 | diff -urNp linux-2.6.33.1/drivers/char/hvcs.c linux-2.6.33.1/drivers/char/hvcs.c | |
21591 | --- linux-2.6.33.1/drivers/char/hvcs.c 2010-03-15 12:09:39.000000000 -0400 | |
21592 | +++ linux-2.6.33.1/drivers/char/hvcs.c 2010-03-20 16:58:39.600817341 -0400 | |
58c5fc13 MT |
21593 | @@ -269,7 +269,7 @@ struct hvcs_struct { |
21594 | unsigned int index; | |
21595 | ||
21596 | struct tty_struct *tty; | |
21597 | - int open_count; | |
21598 | + atomic_t open_count; | |
21599 | ||
21600 | /* | |
21601 | * Used to tell the driver kernel_thread what operations need to take | |
21602 | @@ -419,7 +419,7 @@ static ssize_t hvcs_vterm_state_store(st | |
21603 | ||
21604 | spin_lock_irqsave(&hvcsd->lock, flags); | |
21605 | ||
21606 | - if (hvcsd->open_count > 0) { | |
21607 | + if (atomic_read(&hvcsd->open_count) > 0) { | |
21608 | spin_unlock_irqrestore(&hvcsd->lock, flags); | |
21609 | printk(KERN_INFO "HVCS: vterm state unchanged. " | |
21610 | "The hvcs device node is still in use.\n"); | |
21611 | @@ -1135,7 +1135,7 @@ static int hvcs_open(struct tty_struct * | |
21612 | if ((retval = hvcs_partner_connect(hvcsd))) | |
21613 | goto error_release; | |
21614 | ||
21615 | - hvcsd->open_count = 1; | |
21616 | + atomic_set(&hvcsd->open_count, 1); | |
21617 | hvcsd->tty = tty; | |
21618 | tty->driver_data = hvcsd; | |
21619 | ||
21620 | @@ -1169,7 +1169,7 @@ fast_open: | |
21621 | ||
21622 | spin_lock_irqsave(&hvcsd->lock, flags); | |
21623 | kref_get(&hvcsd->kref); | |
21624 | - hvcsd->open_count++; | |
21625 | + atomic_inc(&hvcsd->open_count); | |
21626 | hvcsd->todo_mask |= HVCS_SCHED_READ; | |
21627 | spin_unlock_irqrestore(&hvcsd->lock, flags); | |
21628 | ||
21629 | @@ -1213,7 +1213,7 @@ static void hvcs_close(struct tty_struct | |
21630 | hvcsd = tty->driver_data; | |
21631 | ||
21632 | spin_lock_irqsave(&hvcsd->lock, flags); | |
21633 | - if (--hvcsd->open_count == 0) { | |
21634 | + if (atomic_dec_and_test(&hvcsd->open_count)) { | |
21635 | ||
21636 | vio_disable_interrupts(hvcsd->vdev); | |
21637 | ||
21638 | @@ -1239,10 +1239,10 @@ static void hvcs_close(struct tty_struct | |
21639 | free_irq(irq, hvcsd); | |
21640 | kref_put(&hvcsd->kref, destroy_hvcs_struct); | |
21641 | return; | |
21642 | - } else if (hvcsd->open_count < 0) { | |
21643 | + } else if (atomic_read(&hvcsd->open_count) < 0) { | |
21644 | printk(KERN_ERR "HVCS: vty-server@%X open_count: %d" | |
21645 | " is missmanaged.\n", | |
21646 | - hvcsd->vdev->unit_address, hvcsd->open_count); | |
21647 | + hvcsd->vdev->unit_address, atomic_read(&hvcsd->open_count)); | |
21648 | } | |
21649 | ||
21650 | spin_unlock_irqrestore(&hvcsd->lock, flags); | |
21651 | @@ -1258,7 +1258,7 @@ static void hvcs_hangup(struct tty_struc | |
21652 | ||
21653 | spin_lock_irqsave(&hvcsd->lock, flags); | |
21654 | /* Preserve this so that we know how many kref refs to put */ | |
21655 | - temp_open_count = hvcsd->open_count; | |
21656 | + temp_open_count = atomic_read(&hvcsd->open_count); | |
21657 | ||
21658 | /* | |
21659 | * Don't kref put inside the spinlock because the destruction | |
21660 | @@ -1273,7 +1273,7 @@ static void hvcs_hangup(struct tty_struc | |
21661 | hvcsd->tty->driver_data = NULL; | |
21662 | hvcsd->tty = NULL; | |
21663 | ||
21664 | - hvcsd->open_count = 0; | |
21665 | + atomic_set(&hvcsd->open_count, 0); | |
21666 | ||
21667 | /* This will drop any buffered data on the floor which is OK in a hangup | |
21668 | * scenario. */ | |
21669 | @@ -1344,7 +1344,7 @@ static int hvcs_write(struct tty_struct | |
21670 | * the middle of a write operation? This is a crummy place to do this | |
21671 | * but we want to keep it all in the spinlock. | |
21672 | */ | |
21673 | - if (hvcsd->open_count <= 0) { | |
21674 | + if (atomic_read(&hvcsd->open_count) <= 0) { | |
21675 | spin_unlock_irqrestore(&hvcsd->lock, flags); | |
21676 | return -ENODEV; | |
21677 | } | |
21678 | @@ -1418,7 +1418,7 @@ static int hvcs_write_room(struct tty_st | |
21679 | { | |
21680 | struct hvcs_struct *hvcsd = tty->driver_data; | |
21681 | ||
21682 | - if (!hvcsd || hvcsd->open_count <= 0) | |
21683 | + if (!hvcsd || atomic_read(&hvcsd->open_count) <= 0) | |
21684 | return 0; | |
21685 | ||
21686 | return HVCS_BUFF_LEN - hvcsd->chars_in_buffer; | |
ae4e228f MT |
21687 | diff -urNp linux-2.6.33.1/drivers/char/hvc_udbg.c linux-2.6.33.1/drivers/char/hvc_udbg.c |
21688 | --- linux-2.6.33.1/drivers/char/hvc_udbg.c 2010-03-15 12:09:39.000000000 -0400 | |
21689 | +++ linux-2.6.33.1/drivers/char/hvc_udbg.c 2010-03-20 16:58:39.600817341 -0400 | |
21690 | @@ -58,7 +58,7 @@ static int hvc_udbg_get(uint32_t vtermno | |
21691 | return i; | |
21692 | } | |
21693 | ||
21694 | -static struct hv_ops hvc_udbg_ops = { | |
21695 | +static const struct hv_ops hvc_udbg_ops = { | |
21696 | .get_chars = hvc_udbg_get, | |
21697 | .put_chars = hvc_udbg_put, | |
21698 | }; | |
21699 | diff -urNp linux-2.6.33.1/drivers/char/hvc_vio.c linux-2.6.33.1/drivers/char/hvc_vio.c | |
21700 | --- linux-2.6.33.1/drivers/char/hvc_vio.c 2010-03-15 12:09:39.000000000 -0400 | |
21701 | +++ linux-2.6.33.1/drivers/char/hvc_vio.c 2010-03-20 16:58:39.600817341 -0400 | |
21702 | @@ -77,7 +77,7 @@ static int filtered_get_chars(uint32_t v | |
21703 | return got; | |
21704 | } | |
21705 | ||
21706 | -static struct hv_ops hvc_get_put_ops = { | |
21707 | +static const struct hv_ops hvc_get_put_ops = { | |
21708 | .get_chars = filtered_get_chars, | |
21709 | .put_chars = hvc_put_chars, | |
21710 | .notifier_add = notifier_add_irq, | |
21711 | diff -urNp linux-2.6.33.1/drivers/char/hvc_xen.c linux-2.6.33.1/drivers/char/hvc_xen.c | |
21712 | --- linux-2.6.33.1/drivers/char/hvc_xen.c 2010-03-15 12:09:39.000000000 -0400 | |
21713 | +++ linux-2.6.33.1/drivers/char/hvc_xen.c 2010-03-20 16:58:39.604556535 -0400 | |
21714 | @@ -122,7 +122,7 @@ static int read_console(uint32_t vtermno | |
21715 | return recv; | |
21716 | } | |
21717 | ||
21718 | -static struct hv_ops hvc_ops = { | |
21719 | +static const struct hv_ops hvc_ops = { | |
21720 | .get_chars = read_console, | |
21721 | .put_chars = write_console, | |
21722 | .notifier_add = notifier_add_irq, | |
21723 | diff -urNp linux-2.6.33.1/drivers/char/ipmi/ipmi_msghandler.c linux-2.6.33.1/drivers/char/ipmi/ipmi_msghandler.c | |
21724 | --- linux-2.6.33.1/drivers/char/ipmi/ipmi_msghandler.c 2010-03-15 12:09:39.000000000 -0400 | |
21725 | +++ linux-2.6.33.1/drivers/char/ipmi/ipmi_msghandler.c 2010-03-20 16:58:39.604556535 -0400 | |
21726 | @@ -414,7 +414,7 @@ struct ipmi_smi { | |
58c5fc13 MT |
21727 | struct proc_dir_entry *proc_dir; |
21728 | char proc_dir_name[10]; | |
21729 | ||
21730 | - atomic_t stats[IPMI_NUM_STATS]; | |
21731 | + atomic_unchecked_t stats[IPMI_NUM_STATS]; | |
21732 | ||
21733 | /* | |
21734 | * run_to_completion duplicate of smb_info, smi_info | |
ae4e228f | 21735 | @@ -447,9 +447,9 @@ static DEFINE_MUTEX(smi_watchers_mutex); |
58c5fc13 MT |
21736 | |
21737 | ||
21738 | #define ipmi_inc_stat(intf, stat) \ | |
21739 | - atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat]) | |
21740 | + atomic_inc_unchecked(&(intf)->stats[IPMI_STAT_ ## stat]) | |
21741 | #define ipmi_get_stat(intf, stat) \ | |
21742 | - ((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat])) | |
21743 | + ((unsigned int) atomic_read_unchecked(&(intf)->stats[IPMI_STAT_ ## stat])) | |
21744 | ||
21745 | static int is_lan_addr(struct ipmi_addr *addr) | |
21746 | { | |
ae4e228f | 21747 | @@ -2808,7 +2808,7 @@ int ipmi_register_smi(struct ipmi_smi_ha |
58c5fc13 MT |
21748 | INIT_LIST_HEAD(&intf->cmd_rcvrs); |
21749 | init_waitqueue_head(&intf->waitq); | |
21750 | for (i = 0; i < IPMI_NUM_STATS; i++) | |
21751 | - atomic_set(&intf->stats[i], 0); | |
21752 | + atomic_set_unchecked(&intf->stats[i], 0); | |
21753 | ||
21754 | intf->proc_dir = NULL; | |
21755 | ||
ae4e228f MT |
21756 | diff -urNp linux-2.6.33.1/drivers/char/ipmi/ipmi_si_intf.c linux-2.6.33.1/drivers/char/ipmi/ipmi_si_intf.c |
21757 | --- linux-2.6.33.1/drivers/char/ipmi/ipmi_si_intf.c 2010-03-15 12:09:39.000000000 -0400 | |
21758 | +++ linux-2.6.33.1/drivers/char/ipmi/ipmi_si_intf.c 2010-03-20 16:58:39.608700771 -0400 | |
21759 | @@ -278,7 +278,7 @@ struct smi_info { | |
58c5fc13 MT |
21760 | unsigned char slave_addr; |
21761 | ||
21762 | /* Counters and things for the proc filesystem. */ | |
21763 | - atomic_t stats[SI_NUM_STATS]; | |
21764 | + atomic_unchecked_t stats[SI_NUM_STATS]; | |
21765 | ||
21766 | struct task_struct *thread; | |
21767 | ||
ae4e228f | 21768 | @@ -286,9 +286,9 @@ struct smi_info { |
58c5fc13 MT |
21769 | }; |
21770 | ||
21771 | #define smi_inc_stat(smi, stat) \ | |
21772 | - atomic_inc(&(smi)->stats[SI_STAT_ ## stat]) | |
21773 | + atomic_inc_unchecked(&(smi)->stats[SI_STAT_ ## stat]) | |
21774 | #define smi_get_stat(smi, stat) \ | |
21775 | - ((unsigned int) atomic_read(&(smi)->stats[SI_STAT_ ## stat])) | |
21776 | + ((unsigned int) atomic_read_unchecked(&(smi)->stats[SI_STAT_ ## stat])) | |
21777 | ||
21778 | #define SI_MAX_PARMS 4 | |
21779 | ||
ae4e228f | 21780 | @@ -3020,7 +3020,7 @@ static int try_smi_init(struct smi_info |
58c5fc13 MT |
21781 | atomic_set(&new_smi->req_events, 0); |
21782 | new_smi->run_to_completion = 0; | |
21783 | for (i = 0; i < SI_NUM_STATS; i++) | |
21784 | - atomic_set(&new_smi->stats[i], 0); | |
21785 | + atomic_set_unchecked(&new_smi->stats[i], 0); | |
21786 | ||
21787 | new_smi->interrupt_disabled = 0; | |
21788 | atomic_set(&new_smi->stop_operation, 0); | |
ae4e228f MT |
21789 | diff -urNp linux-2.6.33.1/drivers/char/keyboard.c linux-2.6.33.1/drivers/char/keyboard.c |
21790 | --- linux-2.6.33.1/drivers/char/keyboard.c 2010-03-15 12:09:39.000000000 -0400 | |
21791 | +++ linux-2.6.33.1/drivers/char/keyboard.c 2010-03-20 16:58:39.608700771 -0400 | |
21792 | @@ -652,6 +652,16 @@ static void k_spec(struct vc_data *vc, u | |
58c5fc13 MT |
21793 | kbd->kbdmode == VC_MEDIUMRAW) && |
21794 | value != KVAL(K_SAK)) | |
21795 | return; /* SAK is allowed even in raw mode */ | |
21796 | + | |
21797 | +#if defined(CONFIG_GRKERNSEC_PROC) || defined(CONFIG_GRKERNSEC_PROC_MEMMAP) | |
21798 | + { | |
21799 | + void *func = fn_handler[value]; | |
21800 | + if (func == fn_show_state || func == fn_show_ptregs || | |
21801 | + func == fn_show_mem) | |
21802 | + return; | |
21803 | + } | |
21804 | +#endif | |
21805 | + | |
21806 | fn_handler[value](vc); | |
21807 | } | |
21808 | ||
ae4e228f | 21809 | @@ -1405,7 +1415,7 @@ static const struct input_device_id kbd_ |
58c5fc13 MT |
21810 | .evbit = { BIT_MASK(EV_SND) }, |
21811 | }, | |
21812 | ||
21813 | - { }, /* Terminating entry */ | |
21814 | + { 0 }, /* Terminating entry */ | |
21815 | }; | |
21816 | ||
21817 | MODULE_DEVICE_TABLE(input, kbd_ids); | |
ae4e228f MT |
21818 | diff -urNp linux-2.6.33.1/drivers/char/mem.c linux-2.6.33.1/drivers/char/mem.c |
21819 | --- linux-2.6.33.1/drivers/char/mem.c 2010-03-15 12:09:39.000000000 -0400 | |
21820 | +++ linux-2.6.33.1/drivers/char/mem.c 2010-03-20 16:58:39.608700771 -0400 | |
58c5fc13 MT |
21821 | @@ -18,6 +18,7 @@ |
21822 | #include <linux/raw.h> | |
21823 | #include <linux/tty.h> | |
21824 | #include <linux/capability.h> | |
21825 | +#include <linux/security.h> | |
21826 | #include <linux/ptrace.h> | |
21827 | #include <linux/device.h> | |
21828 | #include <linux/highmem.h> | |
ae4e228f | 21829 | @@ -34,6 +35,10 @@ |
58c5fc13 MT |
21830 | # include <linux/efi.h> |
21831 | #endif | |
21832 | ||
21833 | +#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC) | |
21834 | +extern struct file_operations grsec_fops; | |
21835 | +#endif | |
21836 | + | |
ae4e228f MT |
21837 | static inline unsigned long size_inside_page(unsigned long start, |
21838 | unsigned long size) | |
21839 | { | |
21840 | @@ -191,6 +196,11 @@ static ssize_t write_mem(struct file * f | |
58c5fc13 MT |
21841 | if (!valid_phys_addr_range(p, count)) |
21842 | return -EFAULT; | |
21843 | ||
21844 | +#ifdef CONFIG_GRKERNSEC_KMEM | |
21845 | + gr_handle_mem_write(); | |
21846 | + return -EPERM; | |
21847 | +#endif | |
21848 | + | |
21849 | written = 0; | |
21850 | ||
21851 | #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED | |
ae4e228f | 21852 | @@ -311,6 +321,11 @@ static int mmap_mem(struct file * file, |
58c5fc13 MT |
21853 | &vma->vm_page_prot)) |
21854 | return -EINVAL; | |
21855 | ||
21856 | +#ifdef CONFIG_GRKERNSEC_KMEM | |
21857 | + if (gr_handle_mem_mmap(vma->vm_pgoff << PAGE_SHIFT, vma)) | |
21858 | + return -EPERM; | |
21859 | +#endif | |
21860 | + | |
21861 | vma->vm_page_prot = phys_mem_access_prot(file, vma->vm_pgoff, | |
21862 | size, | |
21863 | vma->vm_page_prot); | |
ae4e228f | 21864 | @@ -527,6 +542,11 @@ static ssize_t write_kmem(struct file * |
58c5fc13 | 21865 | char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ |
ae4e228f | 21866 | int err = 0; |
58c5fc13 MT |
21867 | |
21868 | +#ifdef CONFIG_GRKERNSEC_KMEM | |
21869 | + gr_handle_kmem_write(); | |
21870 | + return -EPERM; | |
21871 | +#endif | |
21872 | + | |
21873 | if (p < (unsigned long) high_memory) { | |
ae4e228f MT |
21874 | unsigned long to_write = min_t(unsigned long, count, |
21875 | (unsigned long)high_memory - p); | |
21876 | @@ -727,6 +747,16 @@ static loff_t memory_lseek(struct file * | |
58c5fc13 MT |
21877 | |
21878 | static int open_port(struct inode * inode, struct file * filp) | |
21879 | { | |
21880 | +#ifdef CONFIG_GRKERNSEC_KMEM | |
21881 | + gr_handle_open_port(); | |
21882 | + return -EPERM; | |
21883 | +#endif | |
21884 | + | |
21885 | + return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; | |
21886 | +} | |
21887 | + | |
21888 | +static int open_mem(struct inode * inode, struct file * filp) | |
21889 | +{ | |
21890 | return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; | |
21891 | } | |
21892 | ||
ae4e228f | 21893 | @@ -734,7 +764,6 @@ static int open_port(struct inode * inod |
58c5fc13 MT |
21894 | #define full_lseek null_lseek |
21895 | #define write_zero write_null | |
21896 | #define read_full read_zero | |
21897 | -#define open_mem open_port | |
21898 | #define open_kmem open_mem | |
21899 | #define open_oldmem open_mem | |
21900 | ||
ae4e228f | 21901 | @@ -850,6 +879,9 @@ static const struct memdev { |
58c5fc13 | 21902 | #ifdef CONFIG_CRASH_DUMP |
ae4e228f | 21903 | [12] = { "oldmem", 0, &oldmem_fops, NULL }, |
58c5fc13 MT |
21904 | #endif |
21905 | +#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC) | |
ae4e228f | 21906 | + [13] = { "grsec",S_IRUSR | S_IWUGO, &grsec_fops, NULL }, |
58c5fc13 MT |
21907 | +#endif |
21908 | }; | |
21909 | ||
21910 | static int memory_open(struct inode *inode, struct file *filp) | |
ae4e228f MT |
21911 | diff -urNp linux-2.6.33.1/drivers/char/nvram.c linux-2.6.33.1/drivers/char/nvram.c |
21912 | --- linux-2.6.33.1/drivers/char/nvram.c 2010-03-15 12:09:39.000000000 -0400 | |
21913 | +++ linux-2.6.33.1/drivers/char/nvram.c 2010-03-20 16:58:39.612523711 -0400 | |
21914 | @@ -246,7 +246,7 @@ static ssize_t nvram_read(struct file *f | |
21915 | ||
21916 | spin_unlock_irq(&rtc_lock); | |
58c5fc13 | 21917 | |
ae4e228f MT |
21918 | - if (copy_to_user(buf, contents, tmp - contents)) |
21919 | + if (tmp - contents > sizeof(contents) || copy_to_user(buf, contents, tmp - contents)) | |
21920 | return -EFAULT; | |
21921 | ||
21922 | *ppos = i; | |
21923 | @@ -434,7 +434,10 @@ static const struct file_operations nvra | |
58c5fc13 MT |
21924 | static struct miscdevice nvram_dev = { |
21925 | NVRAM_MINOR, | |
21926 | "nvram", | |
21927 | - &nvram_fops | |
21928 | + &nvram_fops, | |
21929 | + {NULL, NULL}, | |
21930 | + NULL, | |
21931 | + NULL | |
21932 | }; | |
21933 | ||
21934 | static int __init nvram_init(void) | |
ae4e228f MT |
21935 | diff -urNp linux-2.6.33.1/drivers/char/pcmcia/ipwireless/tty.c linux-2.6.33.1/drivers/char/pcmcia/ipwireless/tty.c |
21936 | --- linux-2.6.33.1/drivers/char/pcmcia/ipwireless/tty.c 2010-03-15 12:09:39.000000000 -0400 | |
21937 | +++ linux-2.6.33.1/drivers/char/pcmcia/ipwireless/tty.c 2010-03-20 16:58:39.612523711 -0400 | |
58c5fc13 MT |
21938 | @@ -51,7 +51,7 @@ struct ipw_tty { |
21939 | int tty_type; | |
21940 | struct ipw_network *network; | |
21941 | struct tty_struct *linux_tty; | |
21942 | - int open_count; | |
21943 | + atomic_t open_count; | |
21944 | unsigned int control_lines; | |
21945 | struct mutex ipw_tty_mutex; | |
21946 | int tx_bytes_queued; | |
21947 | @@ -127,10 +127,10 @@ static int ipw_open(struct tty_struct *l | |
21948 | mutex_unlock(&tty->ipw_tty_mutex); | |
21949 | return -ENODEV; | |
21950 | } | |
21951 | - if (tty->open_count == 0) | |
21952 | + if (atomic_read(&tty->open_count) == 0) | |
21953 | tty->tx_bytes_queued = 0; | |
21954 | ||
21955 | - tty->open_count++; | |
21956 | + atomic_inc(&tty->open_count); | |
21957 | ||
21958 | tty->linux_tty = linux_tty; | |
21959 | linux_tty->driver_data = tty; | |
21960 | @@ -146,9 +146,7 @@ static int ipw_open(struct tty_struct *l | |
21961 | ||
21962 | static void do_ipw_close(struct ipw_tty *tty) | |
21963 | { | |
21964 | - tty->open_count--; | |
21965 | - | |
21966 | - if (tty->open_count == 0) { | |
21967 | + if (atomic_dec_return(&tty->open_count) == 0) { | |
21968 | struct tty_struct *linux_tty = tty->linux_tty; | |
21969 | ||
21970 | if (linux_tty != NULL) { | |
21971 | @@ -169,7 +167,7 @@ static void ipw_hangup(struct tty_struct | |
21972 | return; | |
21973 | ||
21974 | mutex_lock(&tty->ipw_tty_mutex); | |
21975 | - if (tty->open_count == 0) { | |
21976 | + if (atomic_read(&tty->open_count) == 0) { | |
21977 | mutex_unlock(&tty->ipw_tty_mutex); | |
21978 | return; | |
21979 | } | |
21980 | @@ -198,7 +196,7 @@ void ipwireless_tty_received(struct ipw_ | |
21981 | return; | |
21982 | } | |
21983 | ||
21984 | - if (!tty->open_count) { | |
21985 | + if (!atomic_read(&tty->open_count)) { | |
21986 | mutex_unlock(&tty->ipw_tty_mutex); | |
21987 | return; | |
21988 | } | |
21989 | @@ -240,7 +238,7 @@ static int ipw_write(struct tty_struct * | |
21990 | return -ENODEV; | |
21991 | ||
21992 | mutex_lock(&tty->ipw_tty_mutex); | |
21993 | - if (!tty->open_count) { | |
21994 | + if (!atomic_read(&tty->open_count)) { | |
21995 | mutex_unlock(&tty->ipw_tty_mutex); | |
21996 | return -EINVAL; | |
21997 | } | |
21998 | @@ -280,7 +278,7 @@ static int ipw_write_room(struct tty_str | |
21999 | if (!tty) | |
22000 | return -ENODEV; | |
22001 | ||
22002 | - if (!tty->open_count) | |
22003 | + if (!atomic_read(&tty->open_count)) | |
22004 | return -EINVAL; | |
22005 | ||
22006 | room = IPWIRELESS_TX_QUEUE_SIZE - tty->tx_bytes_queued; | |
22007 | @@ -322,7 +320,7 @@ static int ipw_chars_in_buffer(struct tt | |
22008 | if (!tty) | |
22009 | return 0; | |
22010 | ||
22011 | - if (!tty->open_count) | |
22012 | + if (!atomic_read(&tty->open_count)) | |
22013 | return 0; | |
22014 | ||
22015 | return tty->tx_bytes_queued; | |
22016 | @@ -403,7 +401,7 @@ static int ipw_tiocmget(struct tty_struc | |
22017 | if (!tty) | |
22018 | return -ENODEV; | |
22019 | ||
22020 | - if (!tty->open_count) | |
22021 | + if (!atomic_read(&tty->open_count)) | |
22022 | return -EINVAL; | |
22023 | ||
22024 | return get_control_lines(tty); | |
22025 | @@ -419,7 +417,7 @@ ipw_tiocmset(struct tty_struct *linux_tt | |
22026 | if (!tty) | |
22027 | return -ENODEV; | |
22028 | ||
22029 | - if (!tty->open_count) | |
22030 | + if (!atomic_read(&tty->open_count)) | |
22031 | return -EINVAL; | |
22032 | ||
22033 | return set_control_lines(tty, set, clear); | |
22034 | @@ -433,7 +431,7 @@ static int ipw_ioctl(struct tty_struct * | |
22035 | if (!tty) | |
22036 | return -ENODEV; | |
22037 | ||
22038 | - if (!tty->open_count) | |
22039 | + if (!atomic_read(&tty->open_count)) | |
22040 | return -EINVAL; | |
22041 | ||
22042 | /* FIXME: Exactly how is the tty object locked here .. */ | |
22043 | @@ -591,7 +589,7 @@ void ipwireless_tty_free(struct ipw_tty | |
22044 | against a parallel ioctl etc */ | |
22045 | mutex_lock(&ttyj->ipw_tty_mutex); | |
22046 | } | |
22047 | - while (ttyj->open_count) | |
22048 | + while (atomic_read(&ttyj->open_count)) | |
22049 | do_ipw_close(ttyj); | |
22050 | ipwireless_disassociate_network_ttys(network, | |
22051 | ttyj->channel_idx); | |
ae4e228f MT |
22052 | diff -urNp linux-2.6.33.1/drivers/char/pty.c linux-2.6.33.1/drivers/char/pty.c |
22053 | --- linux-2.6.33.1/drivers/char/pty.c 2010-03-15 12:09:39.000000000 -0400 | |
22054 | +++ linux-2.6.33.1/drivers/char/pty.c 2010-03-20 16:58:39.612523711 -0400 | |
22055 | @@ -676,7 +676,18 @@ static int ptmx_open(struct inode *inode | |
22056 | return ret; | |
22057 | } | |
22058 | ||
22059 | -static struct file_operations ptmx_fops; | |
22060 | +static const struct file_operations ptmx_fops = { | |
22061 | + .llseek = no_llseek, | |
22062 | + .read = tty_read, | |
22063 | + .write = tty_write, | |
22064 | + .poll = tty_poll, | |
22065 | + .unlocked_ioctl = tty_ioctl, | |
22066 | + .compat_ioctl = tty_compat_ioctl, | |
22067 | + .open = ptmx_open, | |
22068 | + .release = tty_release, | |
22069 | + .fasync = tty_fasync, | |
22070 | +}; | |
22071 | + | |
22072 | ||
22073 | static void __init unix98_pty_init(void) | |
22074 | { | |
22075 | @@ -730,9 +741,6 @@ static void __init unix98_pty_init(void) | |
22076 | register_sysctl_table(pty_root_table); | |
22077 | ||
22078 | /* Now create the /dev/ptmx special device */ | |
22079 | - tty_default_fops(&ptmx_fops); | |
22080 | - ptmx_fops.open = ptmx_open; | |
22081 | - | |
22082 | cdev_init(&ptmx_cdev, &ptmx_fops); | |
22083 | if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) || | |
22084 | register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0) | |
22085 | diff -urNp linux-2.6.33.1/drivers/char/random.c linux-2.6.33.1/drivers/char/random.c | |
22086 | --- linux-2.6.33.1/drivers/char/random.c 2010-03-15 12:09:39.000000000 -0400 | |
22087 | +++ linux-2.6.33.1/drivers/char/random.c 2010-03-20 16:58:39.620815282 -0400 | |
22088 | @@ -254,8 +254,13 @@ | |
58c5fc13 MT |
22089 | /* |
22090 | * Configuration information | |
22091 | */ | |
22092 | +#ifdef CONFIG_GRKERNSEC_RANDNET | |
22093 | +#define INPUT_POOL_WORDS 512 | |
22094 | +#define OUTPUT_POOL_WORDS 128 | |
22095 | +#else | |
22096 | #define INPUT_POOL_WORDS 128 | |
22097 | #define OUTPUT_POOL_WORDS 32 | |
22098 | +#endif | |
22099 | #define SEC_XFER_SIZE 512 | |
22100 | ||
22101 | /* | |
ae4e228f | 22102 | @@ -292,10 +297,17 @@ static struct poolinfo { |
58c5fc13 MT |
22103 | int poolwords; |
22104 | int tap1, tap2, tap3, tap4, tap5; | |
22105 | } poolinfo_table[] = { | |
22106 | +#ifdef CONFIG_GRKERNSEC_RANDNET | |
22107 | + /* x^512 + x^411 + x^308 + x^208 +x^104 + x + 1 -- 225 */ | |
22108 | + { 512, 411, 308, 208, 104, 1 }, | |
22109 | + /* x^128 + x^103 + x^76 + x^51 + x^25 + x + 1 -- 105 */ | |
22110 | + { 128, 103, 76, 51, 25, 1 }, | |
22111 | +#else | |
22112 | /* x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 -- 105 */ | |
22113 | { 128, 103, 76, 51, 25, 1 }, | |
22114 | /* x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 -- 15 */ | |
22115 | { 32, 26, 20, 14, 7, 1 }, | |
22116 | +#endif | |
22117 | #if 0 | |
22118 | /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */ | |
22119 | { 2048, 1638, 1231, 819, 411, 1 }, | |
ae4e228f MT |
22120 | @@ -903,7 +915,7 @@ static ssize_t extract_entropy_user(stru |
22121 | ||
22122 | extract_buf(r, tmp); | |
22123 | i = min_t(int, nbytes, EXTRACT_SIZE); | |
22124 | - if (copy_to_user(buf, tmp, i)) { | |
22125 | + if (i > sizeof(tmp) || copy_to_user(buf, tmp, i)) { | |
22126 | ret = -EFAULT; | |
22127 | break; | |
22128 | } | |
22129 | @@ -1209,7 +1221,7 @@ EXPORT_SYMBOL(generate_random_uuid); | |
58c5fc13 MT |
22130 | #include <linux/sysctl.h> |
22131 | ||
22132 | static int min_read_thresh = 8, min_write_thresh; | |
22133 | -static int max_read_thresh = INPUT_POOL_WORDS * 32; | |
22134 | +static int max_read_thresh = OUTPUT_POOL_WORDS * 32; | |
22135 | static int max_write_thresh = INPUT_POOL_WORDS * 32; | |
22136 | static char sysctl_bootid[16]; | |
22137 | ||
ae4e228f MT |
22138 | diff -urNp linux-2.6.33.1/drivers/char/sonypi.c linux-2.6.33.1/drivers/char/sonypi.c |
22139 | --- linux-2.6.33.1/drivers/char/sonypi.c 2010-03-15 12:09:39.000000000 -0400 | |
22140 | +++ linux-2.6.33.1/drivers/char/sonypi.c 2010-03-20 16:58:39.624516836 -0400 | |
58c5fc13 MT |
22141 | @@ -490,7 +490,7 @@ static struct sonypi_device { |
22142 | spinlock_t fifo_lock; | |
22143 | wait_queue_head_t fifo_proc_list; | |
22144 | struct fasync_struct *fifo_async; | |
22145 | - int open_count; | |
22146 | + atomic_t open_count; | |
22147 | int model; | |
22148 | struct input_dev *input_jog_dev; | |
22149 | struct input_dev *input_key_dev; | |
ae4e228f | 22150 | @@ -897,7 +897,7 @@ static int sonypi_misc_fasync(int fd, st |
58c5fc13 MT |
22151 | static int sonypi_misc_release(struct inode *inode, struct file *file) |
22152 | { | |
22153 | mutex_lock(&sonypi_device.lock); | |
22154 | - sonypi_device.open_count--; | |
22155 | + atomic_dec(&sonypi_device.open_count); | |
22156 | mutex_unlock(&sonypi_device.lock); | |
22157 | return 0; | |
22158 | } | |
ae4e228f MT |
22159 | @@ -906,9 +906,9 @@ static int sonypi_misc_open(struct inode |
22160 | { | |
58c5fc13 MT |
22161 | mutex_lock(&sonypi_device.lock); |
22162 | /* Flush input queue on first open */ | |
22163 | - if (!sonypi_device.open_count) | |
22164 | + if (!atomic_read(&sonypi_device.open_count)) | |
ae4e228f | 22165 | kfifo_reset(&sonypi_device.fifo); |
58c5fc13 MT |
22166 | - sonypi_device.open_count++; |
22167 | + atomic_inc(&sonypi_device.open_count); | |
22168 | mutex_unlock(&sonypi_device.lock); | |
ae4e228f | 22169 | |
58c5fc13 | 22170 | return 0; |
ae4e228f MT |
22171 | diff -urNp linux-2.6.33.1/drivers/char/tpm/tpm_bios.c linux-2.6.33.1/drivers/char/tpm/tpm_bios.c |
22172 | --- linux-2.6.33.1/drivers/char/tpm/tpm_bios.c 2010-03-15 12:09:39.000000000 -0400 | |
22173 | +++ linux-2.6.33.1/drivers/char/tpm/tpm_bios.c 2010-03-20 16:58:39.624516836 -0400 | |
22174 | @@ -172,7 +172,7 @@ static void *tpm_bios_measurements_start | |
22175 | event = addr; | |
22176 | ||
22177 | if ((event->event_type == 0 && event->event_size == 0) || | |
22178 | - ((addr + sizeof(struct tcpa_event) + event->event_size) >= limit)) | |
22179 | + (event->event_size >= limit - addr - sizeof(struct tcpa_event))) | |
22180 | return NULL; | |
22181 | ||
22182 | return addr; | |
22183 | @@ -197,7 +197,7 @@ static void *tpm_bios_measurements_next( | |
22184 | return NULL; | |
22185 | ||
22186 | if ((event->event_type == 0 && event->event_size == 0) || | |
22187 | - ((v + sizeof(struct tcpa_event) + event->event_size) >= limit)) | |
22188 | + (event->event_size >= limit - v - sizeof(struct tcpa_event))) | |
22189 | return NULL; | |
22190 | ||
22191 | (*pos)++; | |
22192 | @@ -290,7 +290,8 @@ static int tpm_binary_bios_measurements_ | |
22193 | int i; | |
22194 | ||
22195 | for (i = 0; i < sizeof(struct tcpa_event) + event->event_size; i++) | |
22196 | - seq_putc(m, data[i]); | |
22197 | + if (!seq_putc(m, data[i])) | |
22198 | + return -EFAULT; | |
22199 | ||
58c5fc13 MT |
22200 | return 0; |
22201 | } | |
ae4e228f MT |
22202 | @@ -409,6 +410,11 @@ static int read_log(struct tpm_bios_log |
22203 | log->bios_event_log_end = log->bios_event_log + len; | |
58c5fc13 | 22204 | |
ae4e228f MT |
22205 | virt = acpi_os_map_memory(start, len); |
22206 | + if (!virt) { | |
22207 | + kfree(log->bios_event_log); | |
22208 | + log->bios_event_log = NULL; | |
22209 | + return -EFAULT; | |
22210 | + } | |
22211 | ||
22212 | memcpy(log->bios_event_log, virt, len); | |
22213 | ||
22214 | diff -urNp linux-2.6.33.1/drivers/char/tty_io.c linux-2.6.33.1/drivers/char/tty_io.c | |
22215 | --- linux-2.6.33.1/drivers/char/tty_io.c 2010-03-15 12:09:39.000000000 -0400 | |
22216 | +++ linux-2.6.33.1/drivers/char/tty_io.c 2010-03-20 16:58:39.628796519 -0400 | |
22217 | @@ -136,20 +136,10 @@ LIST_HEAD(tty_drivers); /* linked list | |
22218 | DEFINE_MUTEX(tty_mutex); | |
22219 | EXPORT_SYMBOL(tty_mutex); | |
22220 | ||
22221 | -static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); | |
22222 | -static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *); | |
22223 | ssize_t redirected_tty_write(struct file *, const char __user *, | |
22224 | size_t, loff_t *); | |
22225 | -static unsigned int tty_poll(struct file *, poll_table *); | |
22226 | static int tty_open(struct inode *, struct file *); | |
22227 | long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg); | |
22228 | -#ifdef CONFIG_COMPAT | |
22229 | -static long tty_compat_ioctl(struct file *file, unsigned int cmd, | |
22230 | - unsigned long arg); | |
22231 | -#else | |
22232 | -#define tty_compat_ioctl NULL | |
22233 | -#endif | |
22234 | -static int tty_fasync(int fd, struct file *filp, int on); | |
22235 | static void release_tty(struct tty_struct *tty, int idx); | |
22236 | static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty); | |
22237 | static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty); | |
22238 | @@ -871,7 +861,7 @@ EXPORT_SYMBOL(start_tty); | |
22239 | * read calls may be outstanding in parallel. | |
22240 | */ | |
22241 | ||
22242 | -static ssize_t tty_read(struct file *file, char __user *buf, size_t count, | |
22243 | +ssize_t tty_read(struct file *file, char __user *buf, size_t count, | |
22244 | loff_t *ppos) | |
22245 | { | |
22246 | int i; | |
22247 | @@ -899,6 +889,8 @@ static ssize_t tty_read(struct file *fil | |
22248 | return i; | |
22249 | } | |
22250 | ||
22251 | +EXPORT_SYMBOL(tty_read); | |
22252 | + | |
22253 | void tty_write_unlock(struct tty_struct *tty) | |
22254 | { | |
22255 | mutex_unlock(&tty->atomic_write_lock); | |
22256 | @@ -1048,7 +1040,7 @@ void tty_write_message(struct tty_struct | |
22257 | * write method will not be invoked in parallel for each device. | |
22258 | */ | |
22259 | ||
22260 | -static ssize_t tty_write(struct file *file, const char __user *buf, | |
22261 | +ssize_t tty_write(struct file *file, const char __user *buf, | |
22262 | size_t count, loff_t *ppos) | |
22263 | { | |
22264 | struct tty_struct *tty; | |
22265 | @@ -1075,6 +1067,8 @@ static ssize_t tty_write(struct file *fi | |
22266 | return ret; | |
22267 | } | |
22268 | ||
22269 | +EXPORT_SYMBOL(tty_write); | |
22270 | + | |
22271 | ssize_t redirected_tty_write(struct file *file, const char __user *buf, | |
22272 | size_t count, loff_t *ppos) | |
22273 | { | |
22274 | @@ -1894,6 +1888,8 @@ got_driver: | |
22275 | ||
22276 | ||
22277 | ||
22278 | +EXPORT_SYMBOL(tty_release); | |
22279 | + | |
22280 | /** | |
22281 | * tty_poll - check tty status | |
22282 | * @filp: file being polled | |
22283 | @@ -1906,7 +1902,7 @@ got_driver: | |
22284 | * may be re-entered freely by other callers. | |
22285 | */ | |
58c5fc13 | 22286 | |
ae4e228f MT |
22287 | -static unsigned int tty_poll(struct file *filp, poll_table *wait) |
22288 | +unsigned int tty_poll(struct file *filp, poll_table *wait) | |
22289 | { | |
22290 | struct tty_struct *tty; | |
22291 | struct tty_ldisc *ld; | |
22292 | @@ -1923,7 +1919,9 @@ static unsigned int tty_poll(struct file | |
22293 | return ret; | |
22294 | } | |
22295 | ||
22296 | -static int tty_fasync(int fd, struct file *filp, int on) | |
22297 | +EXPORT_SYMBOL(tty_poll); | |
22298 | + | |
22299 | +int tty_fasync(int fd, struct file *filp, int on) | |
22300 | { | |
22301 | struct tty_struct *tty; | |
22302 | unsigned long flags; | |
22303 | @@ -1967,6 +1965,8 @@ out: | |
22304 | return retval; | |
22305 | } | |
22306 | ||
22307 | +EXPORT_SYMBOL(tty_fasync); | |
22308 | + | |
22309 | /** | |
22310 | * tiocsti - fake input character | |
22311 | * @tty: tty to fake input into | |
22312 | @@ -2599,8 +2599,10 @@ long tty_ioctl(struct file *file, unsign | |
22313 | return retval; | |
22314 | } | |
22315 | ||
22316 | +EXPORT_SYMBOL(tty_ioctl); | |
22317 | + | |
22318 | #ifdef CONFIG_COMPAT | |
22319 | -static long tty_compat_ioctl(struct file *file, unsigned int cmd, | |
22320 | +long tty_compat_ioctl(struct file *file, unsigned int cmd, | |
22321 | unsigned long arg) | |
22322 | { | |
22323 | struct inode *inode = file->f_dentry->d_inode; | |
22324 | @@ -2624,6 +2626,9 @@ static long tty_compat_ioctl(struct file | |
22325 | ||
22326 | return retval; | |
22327 | } | |
22328 | + | |
22329 | +EXPORT_SYMBOL(tty_compat_ioctl); | |
22330 | + | |
22331 | #endif | |
22332 | ||
22333 | /* | |
22334 | @@ -3067,11 +3072,6 @@ struct tty_struct *get_current_tty(void) | |
22335 | } | |
22336 | EXPORT_SYMBOL_GPL(get_current_tty); | |
22337 | ||
22338 | -void tty_default_fops(struct file_operations *fops) | |
22339 | -{ | |
22340 | - *fops = tty_fops; | |
22341 | -} | |
22342 | - | |
22343 | /* | |
22344 | * Initialize the console device. This is called *early*, so | |
22345 | * we can't necessarily depend on lots of kernel help here. | |
22346 | diff -urNp linux-2.6.33.1/drivers/char/tty_ldisc.c linux-2.6.33.1/drivers/char/tty_ldisc.c | |
22347 | --- linux-2.6.33.1/drivers/char/tty_ldisc.c 2010-03-15 12:09:39.000000000 -0400 | |
22348 | +++ linux-2.6.33.1/drivers/char/tty_ldisc.c 2010-03-20 16:58:39.628796519 -0400 | |
22349 | @@ -75,7 +75,7 @@ static void put_ldisc(struct tty_ldisc * | |
58c5fc13 MT |
22350 | if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) { |
22351 | struct tty_ldisc_ops *ldo = ld->ops; | |
22352 | ||
22353 | - ldo->refcount--; | |
22354 | + atomic_dec(&ldo->refcount); | |
22355 | module_put(ldo->owner); | |
22356 | spin_unlock_irqrestore(&tty_ldisc_lock, flags); | |
22357 | ||
ae4e228f | 22358 | @@ -109,7 +109,7 @@ int tty_register_ldisc(int disc, struct |
58c5fc13 MT |
22359 | spin_lock_irqsave(&tty_ldisc_lock, flags); |
22360 | tty_ldiscs[disc] = new_ldisc; | |
22361 | new_ldisc->num = disc; | |
22362 | - new_ldisc->refcount = 0; | |
22363 | + atomic_set(&new_ldisc->refcount, 0); | |
22364 | spin_unlock_irqrestore(&tty_ldisc_lock, flags); | |
22365 | ||
22366 | return ret; | |
ae4e228f | 22367 | @@ -137,7 +137,7 @@ int tty_unregister_ldisc(int disc) |
58c5fc13 MT |
22368 | return -EINVAL; |
22369 | ||
22370 | spin_lock_irqsave(&tty_ldisc_lock, flags); | |
22371 | - if (tty_ldiscs[disc]->refcount) | |
22372 | + if (atomic_read(&tty_ldiscs[disc]->refcount)) | |
22373 | ret = -EBUSY; | |
22374 | else | |
22375 | tty_ldiscs[disc] = NULL; | |
ae4e228f MT |
22376 | @@ -158,7 +158,7 @@ static struct tty_ldisc_ops *get_ldops(i |
22377 | if (ldops) { | |
22378 | ret = ERR_PTR(-EAGAIN); | |
22379 | if (try_module_get(ldops->owner)) { | |
58c5fc13 MT |
22380 | - ldops->refcount++; |
22381 | + atomic_inc(&ldops->refcount); | |
ae4e228f MT |
22382 | ret = ldops; |
22383 | } | |
22384 | } | |
22385 | @@ -171,7 +171,7 @@ static void put_ldops(struct tty_ldisc_o | |
22386 | unsigned long flags; | |
22387 | ||
22388 | spin_lock_irqsave(&tty_ldisc_lock, flags); | |
22389 | - ldops->refcount--; | |
22390 | + atomic_dec(&ldops->refcount); | |
22391 | module_put(ldops->owner); | |
22392 | spin_unlock_irqrestore(&tty_ldisc_lock, flags); | |
22393 | } | |
22394 | diff -urNp linux-2.6.33.1/drivers/char/virtio_console.c linux-2.6.33.1/drivers/char/virtio_console.c | |
22395 | --- linux-2.6.33.1/drivers/char/virtio_console.c 2010-03-15 12:09:39.000000000 -0400 | |
22396 | +++ linux-2.6.33.1/drivers/char/virtio_console.c 2010-03-20 16:58:39.628796519 -0400 | |
22397 | @@ -44,6 +44,7 @@ static unsigned int in_len; | |
22398 | static char *in, *inbuf; | |
22399 | ||
22400 | /* The operations for our console. */ | |
22401 | +/* cannot be const */ | |
22402 | static struct hv_ops virtio_cons; | |
22403 | ||
22404 | /* The hvc device */ | |
22405 | diff -urNp linux-2.6.33.1/drivers/char/vt_ioctl.c linux-2.6.33.1/drivers/char/vt_ioctl.c | |
22406 | --- linux-2.6.33.1/drivers/char/vt_ioctl.c 2010-03-15 12:09:39.000000000 -0400 | |
22407 | +++ linux-2.6.33.1/drivers/char/vt_ioctl.c 2010-03-20 16:58:39.632763861 -0400 | |
22408 | @@ -226,6 +226,12 @@ do_kdsk_ioctl(int cmd, struct kbentry __ | |
58c5fc13 MT |
22409 | case KDSKBENT: |
22410 | if (!perm) | |
22411 | return -EPERM; | |
22412 | + | |
22413 | +#ifdef CONFIG_GRKERNSEC | |
22414 | + if (!capable(CAP_SYS_TTY_CONFIG)) | |
22415 | + return -EPERM; | |
22416 | +#endif | |
22417 | + | |
22418 | if (!i && v == K_NOSUCHMAP) { | |
22419 | /* deallocate map */ | |
22420 | key_map = key_maps[s]; | |
ae4e228f | 22421 | @@ -366,6 +372,13 @@ do_kdgkb_ioctl(int cmd, struct kbsentry |
58c5fc13 MT |
22422 | goto reterr; |
22423 | } | |
22424 | ||
22425 | +#ifdef CONFIG_GRKERNSEC | |
22426 | + if (!capable(CAP_SYS_TTY_CONFIG)) { | |
22427 | + ret = -EPERM; | |
22428 | + goto reterr; | |
22429 | + } | |
22430 | +#endif | |
22431 | + | |
22432 | q = func_table[i]; | |
22433 | first_free = funcbufptr + (funcbufsize - funcbufleft); | |
22434 | for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++) | |
ae4e228f MT |
22435 | diff -urNp linux-2.6.33.1/drivers/cpufreq/cpufreq.c linux-2.6.33.1/drivers/cpufreq/cpufreq.c |
22436 | --- linux-2.6.33.1/drivers/cpufreq/cpufreq.c 2010-03-15 12:09:39.000000000 -0400 | |
22437 | +++ linux-2.6.33.1/drivers/cpufreq/cpufreq.c 2010-03-20 16:58:39.632763861 -0400 | |
22438 | @@ -766,7 +766,7 @@ static void cpufreq_sysfs_release(struct | |
22439 | complete(&policy->kobj_unregister); | |
58c5fc13 MT |
22440 | } |
22441 | ||
ae4e228f MT |
22442 | -static struct sysfs_ops sysfs_ops = { |
22443 | +static const struct sysfs_ops sysfs_ops = { | |
22444 | .show = show, | |
22445 | .store = store, | |
22446 | }; | |
22447 | diff -urNp linux-2.6.33.1/drivers/cpuidle/sysfs.c linux-2.6.33.1/drivers/cpuidle/sysfs.c | |
22448 | --- linux-2.6.33.1/drivers/cpuidle/sysfs.c 2010-03-15 12:09:39.000000000 -0400 | |
22449 | +++ linux-2.6.33.1/drivers/cpuidle/sysfs.c 2010-03-20 16:58:39.640816327 -0400 | |
22450 | @@ -191,7 +191,7 @@ static ssize_t cpuidle_store(struct kobj | |
22451 | return ret; | |
22452 | } | |
22453 | ||
22454 | -static struct sysfs_ops cpuidle_sysfs_ops = { | |
22455 | +static const struct sysfs_ops cpuidle_sysfs_ops = { | |
22456 | .show = cpuidle_show, | |
22457 | .store = cpuidle_store, | |
22458 | }; | |
22459 | @@ -277,7 +277,7 @@ static ssize_t cpuidle_state_show(struct | |
22460 | return ret; | |
22461 | } | |
22462 | ||
22463 | -static struct sysfs_ops cpuidle_state_sysfs_ops = { | |
22464 | +static const struct sysfs_ops cpuidle_state_sysfs_ops = { | |
22465 | .show = cpuidle_state_show, | |
22466 | }; | |
22467 | ||
22468 | diff -urNp linux-2.6.33.1/drivers/dma/ioat/dma.c linux-2.6.33.1/drivers/dma/ioat/dma.c | |
22469 | --- linux-2.6.33.1/drivers/dma/ioat/dma.c 2010-03-15 12:09:39.000000000 -0400 | |
22470 | +++ linux-2.6.33.1/drivers/dma/ioat/dma.c 2010-03-20 16:58:39.664561584 -0400 | |
22471 | @@ -1146,7 +1146,7 @@ ioat_attr_show(struct kobject *kobj, str | |
22472 | return entry->show(&chan->common, page); | |
22473 | } | |
22474 | ||
22475 | -struct sysfs_ops ioat_sysfs_ops = { | |
22476 | +const struct sysfs_ops ioat_sysfs_ops = { | |
22477 | .show = ioat_attr_show, | |
22478 | }; | |
22479 | ||
22480 | diff -urNp linux-2.6.33.1/drivers/dma/ioat/dma.h linux-2.6.33.1/drivers/dma/ioat/dma.h | |
22481 | --- linux-2.6.33.1/drivers/dma/ioat/dma.h 2010-03-15 12:09:39.000000000 -0400 | |
22482 | +++ linux-2.6.33.1/drivers/dma/ioat/dma.h 2010-03-20 16:58:39.664561584 -0400 | |
22483 | @@ -347,7 +347,7 @@ bool ioat_cleanup_preamble(struct ioat_c | |
22484 | unsigned long *phys_complete); | |
22485 | void ioat_kobject_add(struct ioatdma_device *device, struct kobj_type *type); | |
22486 | void ioat_kobject_del(struct ioatdma_device *device); | |
22487 | -extern struct sysfs_ops ioat_sysfs_ops; | |
22488 | +extern const struct sysfs_ops ioat_sysfs_ops; | |
22489 | extern struct ioat_sysfs_entry ioat_version_attr; | |
22490 | extern struct ioat_sysfs_entry ioat_cap_attr; | |
22491 | #endif /* IOATDMA_H */ | |
22492 | diff -urNp linux-2.6.33.1/drivers/edac/edac_core.h linux-2.6.33.1/drivers/edac/edac_core.h | |
22493 | --- linux-2.6.33.1/drivers/edac/edac_core.h 2010-03-15 12:09:39.000000000 -0400 | |
22494 | +++ linux-2.6.33.1/drivers/edac/edac_core.h 2010-03-20 16:58:39.668813885 -0400 | |
22495 | @@ -100,11 +100,11 @@ extern const char *edac_mem_types[]; | |
58c5fc13 MT |
22496 | |
22497 | #else /* !CONFIG_EDAC_DEBUG */ | |
22498 | ||
22499 | -#define debugf0( ... ) | |
22500 | -#define debugf1( ... ) | |
22501 | -#define debugf2( ... ) | |
22502 | -#define debugf3( ... ) | |
22503 | -#define debugf4( ... ) | |
22504 | +#define debugf0( ... ) do {} while (0) | |
22505 | +#define debugf1( ... ) do {} while (0) | |
22506 | +#define debugf2( ... ) do {} while (0) | |
22507 | +#define debugf3( ... ) do {} while (0) | |
22508 | +#define debugf4( ... ) do {} while (0) | |
22509 | ||
22510 | #endif /* !CONFIG_EDAC_DEBUG */ | |
22511 | ||
ae4e228f MT |
22512 | diff -urNp linux-2.6.33.1/drivers/edac/edac_device_sysfs.c linux-2.6.33.1/drivers/edac/edac_device_sysfs.c |
22513 | --- linux-2.6.33.1/drivers/edac/edac_device_sysfs.c 2010-03-15 12:09:39.000000000 -0400 | |
22514 | +++ linux-2.6.33.1/drivers/edac/edac_device_sysfs.c 2010-03-20 16:58:39.672639279 -0400 | |
22515 | @@ -137,7 +137,7 @@ static ssize_t edac_dev_ctl_info_store(s | |
22516 | } | |
22517 | ||
22518 | /* edac_dev file operations for an 'ctl_info' */ | |
22519 | -static struct sysfs_ops device_ctl_info_ops = { | |
22520 | +static const struct sysfs_ops device_ctl_info_ops = { | |
22521 | .show = edac_dev_ctl_info_show, | |
22522 | .store = edac_dev_ctl_info_store | |
22523 | }; | |
22524 | @@ -373,7 +373,7 @@ static ssize_t edac_dev_instance_store(s | |
22525 | } | |
22526 | ||
22527 | /* edac_dev file operations for an 'instance' */ | |
22528 | -static struct sysfs_ops device_instance_ops = { | |
22529 | +static const struct sysfs_ops device_instance_ops = { | |
22530 | .show = edac_dev_instance_show, | |
22531 | .store = edac_dev_instance_store | |
22532 | }; | |
22533 | @@ -476,7 +476,7 @@ static ssize_t edac_dev_block_store(stru | |
22534 | } | |
22535 | ||
22536 | /* edac_dev file operations for a 'block' */ | |
22537 | -static struct sysfs_ops device_block_ops = { | |
22538 | +static const struct sysfs_ops device_block_ops = { | |
22539 | .show = edac_dev_block_show, | |
22540 | .store = edac_dev_block_store | |
22541 | }; | |
22542 | diff -urNp linux-2.6.33.1/drivers/edac/edac_mc_sysfs.c linux-2.6.33.1/drivers/edac/edac_mc_sysfs.c | |
22543 | --- linux-2.6.33.1/drivers/edac/edac_mc_sysfs.c 2010-03-15 12:09:39.000000000 -0400 | |
22544 | +++ linux-2.6.33.1/drivers/edac/edac_mc_sysfs.c 2010-03-20 16:58:39.676823381 -0400 | |
22545 | @@ -245,7 +245,7 @@ static ssize_t csrowdev_store(struct kob | |
22546 | return -EIO; | |
22547 | } | |
22548 | ||
22549 | -static struct sysfs_ops csrowfs_ops = { | |
22550 | +static const struct sysfs_ops csrowfs_ops = { | |
22551 | .show = csrowdev_show, | |
22552 | .store = csrowdev_store | |
22553 | }; | |
22554 | @@ -575,7 +575,7 @@ static ssize_t mcidev_store(struct kobje | |
22555 | } | |
22556 | ||
22557 | /* Intermediate show/store table */ | |
22558 | -static struct sysfs_ops mci_ops = { | |
22559 | +static const struct sysfs_ops mci_ops = { | |
22560 | .show = mcidev_show, | |
22561 | .store = mcidev_store | |
22562 | }; | |
22563 | diff -urNp linux-2.6.33.1/drivers/edac/edac_pci_sysfs.c linux-2.6.33.1/drivers/edac/edac_pci_sysfs.c | |
22564 | --- linux-2.6.33.1/drivers/edac/edac_pci_sysfs.c 2010-03-15 12:09:39.000000000 -0400 | |
22565 | +++ linux-2.6.33.1/drivers/edac/edac_pci_sysfs.c 2010-03-20 16:58:39.680817937 -0400 | |
22566 | @@ -121,7 +121,7 @@ static ssize_t edac_pci_instance_store(s | |
22567 | } | |
22568 | ||
22569 | /* fs_ops table */ | |
22570 | -static struct sysfs_ops pci_instance_ops = { | |
22571 | +static const struct sysfs_ops pci_instance_ops = { | |
22572 | .show = edac_pci_instance_show, | |
22573 | .store = edac_pci_instance_store | |
22574 | }; | |
22575 | @@ -261,7 +261,7 @@ static ssize_t edac_pci_dev_store(struct | |
22576 | return -EIO; | |
22577 | } | |
22578 | ||
22579 | -static struct sysfs_ops edac_pci_sysfs_ops = { | |
22580 | +static const struct sysfs_ops edac_pci_sysfs_ops = { | |
22581 | .show = edac_pci_dev_show, | |
22582 | .store = edac_pci_dev_store | |
22583 | }; | |
22584 | diff -urNp linux-2.6.33.1/drivers/firmware/dmi_scan.c linux-2.6.33.1/drivers/firmware/dmi_scan.c | |
22585 | --- linux-2.6.33.1/drivers/firmware/dmi_scan.c 2010-03-15 12:09:39.000000000 -0400 | |
22586 | +++ linux-2.6.33.1/drivers/firmware/dmi_scan.c 2010-03-20 16:58:39.680817937 -0400 | |
22587 | @@ -388,11 +388,6 @@ void __init dmi_scan_machine(void) | |
58c5fc13 MT |
22588 | } |
22589 | } | |
22590 | else { | |
22591 | - /* | |
22592 | - * no iounmap() for that ioremap(); it would be a no-op, but | |
22593 | - * it's so early in setup that sucker gets confused into doing | |
22594 | - * what it shouldn't if we actually call it. | |
22595 | - */ | |
22596 | p = dmi_ioremap(0xF0000, 0x10000); | |
22597 | if (p == NULL) | |
22598 | goto error; | |
ae4e228f MT |
22599 | diff -urNp linux-2.6.33.1/drivers/firmware/edd.c linux-2.6.33.1/drivers/firmware/edd.c |
22600 | --- linux-2.6.33.1/drivers/firmware/edd.c 2010-03-15 12:09:39.000000000 -0400 | |
22601 | +++ linux-2.6.33.1/drivers/firmware/edd.c 2010-03-20 16:58:39.680817937 -0400 | |
22602 | @@ -122,7 +122,7 @@ edd_attr_show(struct kobject * kobj, str | |
22603 | return ret; | |
58c5fc13 MT |
22604 | } |
22605 | ||
ae4e228f MT |
22606 | -static struct sysfs_ops edd_attr_ops = { |
22607 | +static const struct sysfs_ops edd_attr_ops = { | |
22608 | .show = edd_attr_show, | |
22609 | }; | |
22610 | ||
22611 | diff -urNp linux-2.6.33.1/drivers/firmware/efivars.c linux-2.6.33.1/drivers/firmware/efivars.c | |
22612 | --- linux-2.6.33.1/drivers/firmware/efivars.c 2010-03-15 12:09:39.000000000 -0400 | |
22613 | +++ linux-2.6.33.1/drivers/firmware/efivars.c 2010-03-20 16:58:39.680817937 -0400 | |
22614 | @@ -362,7 +362,7 @@ static ssize_t efivar_attr_store(struct | |
22615 | return ret; | |
22616 | } | |
22617 | ||
22618 | -static struct sysfs_ops efivar_attr_ops = { | |
22619 | +static const struct sysfs_ops efivar_attr_ops = { | |
22620 | .show = efivar_attr_show, | |
22621 | .store = efivar_attr_store, | |
22622 | }; | |
22623 | diff -urNp linux-2.6.33.1/drivers/firmware/iscsi_ibft.c linux-2.6.33.1/drivers/firmware/iscsi_ibft.c | |
22624 | --- linux-2.6.33.1/drivers/firmware/iscsi_ibft.c 2010-03-15 12:09:39.000000000 -0400 | |
22625 | +++ linux-2.6.33.1/drivers/firmware/iscsi_ibft.c 2010-03-20 16:58:39.680817937 -0400 | |
22626 | @@ -525,7 +525,7 @@ static ssize_t ibft_show_attribute(struc | |
22627 | return ret; | |
22628 | } | |
22629 | ||
22630 | -static struct sysfs_ops ibft_attr_ops = { | |
22631 | +static const struct sysfs_ops ibft_attr_ops = { | |
22632 | .show = ibft_show_attribute, | |
22633 | }; | |
22634 | ||
22635 | diff -urNp linux-2.6.33.1/drivers/firmware/memmap.c linux-2.6.33.1/drivers/firmware/memmap.c | |
22636 | --- linux-2.6.33.1/drivers/firmware/memmap.c 2010-03-15 12:09:39.000000000 -0400 | |
22637 | +++ linux-2.6.33.1/drivers/firmware/memmap.c 2010-03-20 16:58:39.684538507 -0400 | |
22638 | @@ -74,7 +74,7 @@ static struct attribute *def_attrs[] = { | |
22639 | NULL | |
22640 | }; | |
58c5fc13 | 22641 | |
ae4e228f MT |
22642 | -static struct sysfs_ops memmap_attr_ops = { |
22643 | +static const struct sysfs_ops memmap_attr_ops = { | |
22644 | .show = memmap_attr_show, | |
22645 | }; | |
22646 | ||
22647 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/drm_drv.c linux-2.6.33.1/drivers/gpu/drm/drm_drv.c | |
22648 | --- linux-2.6.33.1/drivers/gpu/drm/drm_drv.c 2010-03-15 12:09:39.000000000 -0400 | |
22649 | +++ linux-2.6.33.1/drivers/gpu/drm/drm_drv.c 2010-03-20 16:58:39.696814507 -0400 | |
22650 | @@ -448,7 +448,7 @@ long drm_ioctl(struct file *filp, | |
22651 | ||
22652 | dev = file_priv->minor->dev; | |
58c5fc13 MT |
22653 | atomic_inc(&dev->ioctl_count); |
22654 | - atomic_inc(&dev->counts[_DRM_STAT_IOCTLS]); | |
22655 | + atomic_inc_unchecked(&dev->counts[_DRM_STAT_IOCTLS]); | |
22656 | ++file_priv->ioctl_count; | |
22657 | ||
22658 | DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n", | |
ae4e228f MT |
22659 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/drm_fops.c linux-2.6.33.1/drivers/gpu/drm/drm_fops.c |
22660 | --- linux-2.6.33.1/drivers/gpu/drm/drm_fops.c 2010-03-15 12:09:39.000000000 -0400 | |
22661 | +++ linux-2.6.33.1/drivers/gpu/drm/drm_fops.c 2010-03-20 16:58:39.704802989 -0400 | |
58c5fc13 MT |
22662 | @@ -66,7 +66,7 @@ static int drm_setup(struct drm_device * |
22663 | } | |
22664 | ||
22665 | for (i = 0; i < ARRAY_SIZE(dev->counts); i++) | |
22666 | - atomic_set(&dev->counts[i], 0); | |
22667 | + atomic_set_unchecked(&dev->counts[i], 0); | |
22668 | ||
22669 | dev->sigdata.lock = NULL; | |
22670 | ||
22671 | @@ -130,9 +130,9 @@ int drm_open(struct inode *inode, struct | |
22672 | ||
22673 | retcode = drm_open_helper(inode, filp, dev); | |
22674 | if (!retcode) { | |
22675 | - atomic_inc(&dev->counts[_DRM_STAT_OPENS]); | |
22676 | + atomic_inc_unchecked(&dev->counts[_DRM_STAT_OPENS]); | |
22677 | spin_lock(&dev->count_lock); | |
22678 | - if (!dev->open_count++) { | |
22679 | + if (atomic_inc_return(&dev->open_count) == 1) { | |
22680 | spin_unlock(&dev->count_lock); | |
22681 | retcode = drm_setup(dev); | |
22682 | goto out; | |
ae4e228f | 22683 | @@ -472,7 +472,7 @@ int drm_release(struct inode *inode, str |
58c5fc13 MT |
22684 | |
22685 | lock_kernel(); | |
22686 | ||
22687 | - DRM_DEBUG("open_count = %d\n", dev->open_count); | |
22688 | + DRM_DEBUG("open_count = %d\n", atomic_read(&dev->open_count)); | |
22689 | ||
22690 | if (dev->driver->preclose) | |
22691 | dev->driver->preclose(dev, file_priv); | |
ae4e228f | 22692 | @@ -484,7 +484,7 @@ int drm_release(struct inode *inode, str |
58c5fc13 MT |
22693 | DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n", |
22694 | task_pid_nr(current), | |
22695 | (long)old_encode_dev(file_priv->minor->device), | |
22696 | - dev->open_count); | |
22697 | + atomic_read(&dev->open_count)); | |
22698 | ||
22699 | /* if the master has gone away we can't do anything with the lock */ | |
22700 | if (file_priv->minor->master) | |
ae4e228f | 22701 | @@ -565,9 +565,9 @@ int drm_release(struct inode *inode, str |
58c5fc13 MT |
22702 | * End inline drm_release |
22703 | */ | |
22704 | ||
22705 | - atomic_inc(&dev->counts[_DRM_STAT_CLOSES]); | |
22706 | + atomic_inc_unchecked(&dev->counts[_DRM_STAT_CLOSES]); | |
22707 | spin_lock(&dev->count_lock); | |
22708 | - if (!--dev->open_count) { | |
22709 | + if (atomic_dec_and_test(&dev->open_count)) { | |
22710 | if (atomic_read(&dev->ioctl_count)) { | |
22711 | DRM_ERROR("Device busy: %d\n", | |
22712 | atomic_read(&dev->ioctl_count)); | |
ae4e228f MT |
22713 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/drm_ioctl.c linux-2.6.33.1/drivers/gpu/drm/drm_ioctl.c |
22714 | --- linux-2.6.33.1/drivers/gpu/drm/drm_ioctl.c 2010-03-15 12:09:39.000000000 -0400 | |
22715 | +++ linux-2.6.33.1/drivers/gpu/drm/drm_ioctl.c 2010-03-20 16:58:39.704802989 -0400 | |
58c5fc13 MT |
22716 | @@ -283,7 +283,7 @@ int drm_getstats(struct drm_device *dev, |
22717 | stats->data[i].value = | |
22718 | (file_priv->master->lock.hw_lock ? file_priv->master->lock.hw_lock->lock : 0); | |
22719 | else | |
22720 | - stats->data[i].value = atomic_read(&dev->counts[i]); | |
22721 | + stats->data[i].value = atomic_read_unchecked(&dev->counts[i]); | |
22722 | stats->data[i].type = dev->types[i]; | |
22723 | } | |
22724 | ||
ae4e228f MT |
22725 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/drm_lock.c linux-2.6.33.1/drivers/gpu/drm/drm_lock.c |
22726 | --- linux-2.6.33.1/drivers/gpu/drm/drm_lock.c 2010-03-15 12:09:39.000000000 -0400 | |
22727 | +++ linux-2.6.33.1/drivers/gpu/drm/drm_lock.c 2010-03-20 16:58:39.712815966 -0400 | |
58c5fc13 MT |
22728 | @@ -87,7 +87,7 @@ int drm_lock(struct drm_device *dev, voi |
22729 | if (drm_lock_take(&master->lock, lock->context)) { | |
22730 | master->lock.file_priv = file_priv; | |
22731 | master->lock.lock_time = jiffies; | |
22732 | - atomic_inc(&dev->counts[_DRM_STAT_LOCKS]); | |
22733 | + atomic_inc_unchecked(&dev->counts[_DRM_STAT_LOCKS]); | |
22734 | break; /* Got lock */ | |
22735 | } | |
22736 | ||
22737 | @@ -165,7 +165,7 @@ int drm_unlock(struct drm_device *dev, v | |
22738 | return -EINVAL; | |
22739 | } | |
22740 | ||
22741 | - atomic_inc(&dev->counts[_DRM_STAT_UNLOCKS]); | |
22742 | + atomic_inc_unchecked(&dev->counts[_DRM_STAT_UNLOCKS]); | |
22743 | ||
22744 | /* kernel_context_switch isn't used by any of the x86 drm | |
22745 | * modules but is required by the Sparc driver. | |
ae4e228f MT |
22746 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/i810/i810_dma.c linux-2.6.33.1/drivers/gpu/drm/i810/i810_dma.c |
22747 | --- linux-2.6.33.1/drivers/gpu/drm/i810/i810_dma.c 2010-03-15 12:09:39.000000000 -0400 | |
22748 | +++ linux-2.6.33.1/drivers/gpu/drm/i810/i810_dma.c 2010-03-20 16:58:39.712815966 -0400 | |
58c5fc13 MT |
22749 | @@ -952,8 +952,8 @@ static int i810_dma_vertex(struct drm_de |
22750 | dma->buflist[vertex->idx], | |
22751 | vertex->discard, vertex->used); | |
22752 | ||
22753 | - atomic_add(vertex->used, &dev->counts[_DRM_STAT_SECONDARY]); | |
22754 | - atomic_inc(&dev->counts[_DRM_STAT_DMA]); | |
22755 | + atomic_add_unchecked(vertex->used, &dev->counts[_DRM_STAT_SECONDARY]); | |
22756 | + atomic_inc_unchecked(&dev->counts[_DRM_STAT_DMA]); | |
22757 | sarea_priv->last_enqueue = dev_priv->counter - 1; | |
22758 | sarea_priv->last_dispatch = (int)hw_status[5]; | |
22759 | ||
22760 | @@ -1115,8 +1115,8 @@ static int i810_dma_mc(struct drm_device | |
22761 | i810_dma_dispatch_mc(dev, dma->buflist[mc->idx], mc->used, | |
22762 | mc->last_render); | |
22763 | ||
22764 | - atomic_add(mc->used, &dev->counts[_DRM_STAT_SECONDARY]); | |
22765 | - atomic_inc(&dev->counts[_DRM_STAT_DMA]); | |
22766 | + atomic_add_unchecked(mc->used, &dev->counts[_DRM_STAT_SECONDARY]); | |
22767 | + atomic_inc_unchecked(&dev->counts[_DRM_STAT_DMA]); | |
22768 | sarea_priv->last_enqueue = dev_priv->counter - 1; | |
22769 | sarea_priv->last_dispatch = (int)hw_status[5]; | |
22770 | ||
ae4e228f MT |
22771 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/i915/dvo_ch7017.c linux-2.6.33.1/drivers/gpu/drm/i915/dvo_ch7017.c |
22772 | --- linux-2.6.33.1/drivers/gpu/drm/i915/dvo_ch7017.c 2010-03-15 12:09:39.000000000 -0400 | |
22773 | +++ linux-2.6.33.1/drivers/gpu/drm/i915/dvo_ch7017.c 2010-03-20 16:58:39.720824119 -0400 | |
22774 | @@ -444,7 +444,7 @@ static void ch7017_destroy(struct intel_ | |
22775 | } | |
22776 | } | |
22777 | ||
22778 | -struct intel_dvo_dev_ops ch7017_ops = { | |
22779 | +const struct intel_dvo_dev_ops ch7017_ops = { | |
22780 | .init = ch7017_init, | |
22781 | .detect = ch7017_detect, | |
22782 | .mode_valid = ch7017_mode_valid, | |
22783 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/i915/dvo_ch7xxx.c linux-2.6.33.1/drivers/gpu/drm/i915/dvo_ch7xxx.c | |
22784 | --- linux-2.6.33.1/drivers/gpu/drm/i915/dvo_ch7xxx.c 2010-03-15 12:09:39.000000000 -0400 | |
22785 | +++ linux-2.6.33.1/drivers/gpu/drm/i915/dvo_ch7xxx.c 2010-03-20 16:58:39.724540120 -0400 | |
22786 | @@ -358,7 +358,7 @@ static void ch7xxx_destroy(struct intel_ | |
22787 | } | |
58c5fc13 MT |
22788 | } |
22789 | ||
ae4e228f MT |
22790 | -struct intel_dvo_dev_ops ch7xxx_ops = { |
22791 | +const struct intel_dvo_dev_ops ch7xxx_ops = { | |
22792 | .init = ch7xxx_init, | |
22793 | .detect = ch7xxx_detect, | |
22794 | .mode_valid = ch7xxx_mode_valid, | |
22795 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/i915/dvo.h linux-2.6.33.1/drivers/gpu/drm/i915/dvo.h | |
22796 | --- linux-2.6.33.1/drivers/gpu/drm/i915/dvo.h 2010-03-15 12:09:39.000000000 -0400 | |
22797 | +++ linux-2.6.33.1/drivers/gpu/drm/i915/dvo.h 2010-03-20 16:58:39.724540120 -0400 | |
22798 | @@ -135,23 +135,23 @@ struct intel_dvo_dev_ops { | |
22799 | * | |
22800 | * \return singly-linked list of modes or NULL if no modes found. | |
22801 | */ | |
22802 | - struct drm_display_mode *(*get_modes)(struct intel_dvo_device *dvo); | |
22803 | + struct drm_display_mode *(* const get_modes)(struct intel_dvo_device *dvo); | |
22804 | ||
22805 | /** | |
22806 | * Clean up driver-specific bits of the output | |
22807 | */ | |
22808 | - void (*destroy) (struct intel_dvo_device *dvo); | |
22809 | + void (* const destroy) (struct intel_dvo_device *dvo); | |
22810 | ||
22811 | /** | |
22812 | * Debugging hook to dump device registers to log file | |
22813 | */ | |
22814 | - void (*dump_regs)(struct intel_dvo_device *dvo); | |
22815 | + void (* const dump_regs)(struct intel_dvo_device *dvo); | |
22816 | }; | |
22817 | ||
22818 | -extern struct intel_dvo_dev_ops sil164_ops; | |
22819 | -extern struct intel_dvo_dev_ops ch7xxx_ops; | |
22820 | -extern struct intel_dvo_dev_ops ivch_ops; | |
22821 | -extern struct intel_dvo_dev_ops tfp410_ops; | |
22822 | -extern struct intel_dvo_dev_ops ch7017_ops; | |
22823 | +extern const struct intel_dvo_dev_ops sil164_ops; | |
22824 | +extern const struct intel_dvo_dev_ops ch7xxx_ops; | |
22825 | +extern const struct intel_dvo_dev_ops ivch_ops; | |
22826 | +extern const struct intel_dvo_dev_ops tfp410_ops; | |
22827 | +extern const struct intel_dvo_dev_ops ch7017_ops; | |
22828 | ||
22829 | #endif /* _INTEL_DVO_H */ | |
22830 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/i915/dvo_ivch.c linux-2.6.33.1/drivers/gpu/drm/i915/dvo_ivch.c | |
22831 | --- linux-2.6.33.1/drivers/gpu/drm/i915/dvo_ivch.c 2010-03-15 12:09:39.000000000 -0400 | |
22832 | +++ linux-2.6.33.1/drivers/gpu/drm/i915/dvo_ivch.c 2010-03-20 16:58:39.724540120 -0400 | |
22833 | @@ -431,7 +431,7 @@ static void ivch_destroy(struct intel_dv | |
22834 | } | |
22835 | } | |
22836 | ||
22837 | -struct intel_dvo_dev_ops ivch_ops= { | |
22838 | +const struct intel_dvo_dev_ops ivch_ops= { | |
22839 | .init = ivch_init, | |
22840 | .dpms = ivch_dpms, | |
22841 | .save = ivch_save, | |
22842 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/i915/dvo_sil164.c linux-2.6.33.1/drivers/gpu/drm/i915/dvo_sil164.c | |
22843 | --- linux-2.6.33.1/drivers/gpu/drm/i915/dvo_sil164.c 2010-03-15 12:09:39.000000000 -0400 | |
22844 | +++ linux-2.6.33.1/drivers/gpu/drm/i915/dvo_sil164.c 2010-03-20 16:58:39.724540120 -0400 | |
22845 | @@ -290,7 +290,7 @@ static void sil164_destroy(struct intel_ | |
22846 | } | |
22847 | } | |
22848 | ||
22849 | -struct intel_dvo_dev_ops sil164_ops = { | |
22850 | +const struct intel_dvo_dev_ops sil164_ops = { | |
22851 | .init = sil164_init, | |
22852 | .detect = sil164_detect, | |
22853 | .mode_valid = sil164_mode_valid, | |
22854 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/i915/dvo_tfp410.c linux-2.6.33.1/drivers/gpu/drm/i915/dvo_tfp410.c | |
22855 | --- linux-2.6.33.1/drivers/gpu/drm/i915/dvo_tfp410.c 2010-03-15 12:09:39.000000000 -0400 | |
22856 | +++ linux-2.6.33.1/drivers/gpu/drm/i915/dvo_tfp410.c 2010-03-20 16:58:39.724540120 -0400 | |
22857 | @@ -325,7 +325,7 @@ static void tfp410_destroy(struct intel_ | |
22858 | } | |
22859 | } | |
22860 | ||
22861 | -struct intel_dvo_dev_ops tfp410_ops = { | |
22862 | +const struct intel_dvo_dev_ops tfp410_ops = { | |
22863 | .init = tfp410_init, | |
22864 | .detect = tfp410_detect, | |
22865 | .mode_valid = tfp410_mode_valid, | |
22866 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/i915/i915_drv.c linux-2.6.33.1/drivers/gpu/drm/i915/i915_drv.c | |
22867 | --- linux-2.6.33.1/drivers/gpu/drm/i915/i915_drv.c 2010-03-15 12:09:39.000000000 -0400 | |
22868 | +++ linux-2.6.33.1/drivers/gpu/drm/i915/i915_drv.c 2010-03-20 16:58:39.724540120 -0400 | |
22869 | @@ -470,7 +470,7 @@ const struct dev_pm_ops i915_pm_ops = { | |
22870 | .restore = i915_pm_resume, | |
22871 | }; | |
22872 | ||
58c5fc13 MT |
22873 | -static struct vm_operations_struct i915_gem_vm_ops = { |
22874 | +static const struct vm_operations_struct i915_gem_vm_ops = { | |
22875 | .fault = i915_gem_fault, | |
22876 | .open = drm_gem_vm_open, | |
22877 | .close = drm_gem_vm_close, | |
ae4e228f MT |
22878 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/nouveau/nouveau_backlight.c linux-2.6.33.1/drivers/gpu/drm/nouveau/nouveau_backlight.c |
22879 | --- linux-2.6.33.1/drivers/gpu/drm/nouveau/nouveau_backlight.c 2010-03-15 12:09:39.000000000 -0400 | |
22880 | +++ linux-2.6.33.1/drivers/gpu/drm/nouveau/nouveau_backlight.c 2010-03-20 16:58:39.737935163 -0400 | |
22881 | @@ -58,7 +58,7 @@ static int nv40_set_intensity(struct bac | |
22882 | return 0; | |
22883 | } | |
22884 | ||
22885 | -static struct backlight_ops nv40_bl_ops = { | |
22886 | +static const struct backlight_ops nv40_bl_ops = { | |
22887 | .options = BL_CORE_SUSPENDRESUME, | |
22888 | .get_brightness = nv40_get_intensity, | |
22889 | .update_status = nv40_set_intensity, | |
22890 | @@ -81,7 +81,7 @@ static int nv50_set_intensity(struct bac | |
22891 | return 0; | |
22892 | } | |
22893 | ||
22894 | -static struct backlight_ops nv50_bl_ops = { | |
22895 | +static const struct backlight_ops nv50_bl_ops = { | |
22896 | .options = BL_CORE_SUSPENDRESUME, | |
22897 | .get_brightness = nv50_get_intensity, | |
22898 | .update_status = nv50_set_intensity, | |
22899 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/radeon/mkregtable.c linux-2.6.33.1/drivers/gpu/drm/radeon/mkregtable.c | |
22900 | --- linux-2.6.33.1/drivers/gpu/drm/radeon/mkregtable.c 2010-03-15 12:09:39.000000000 -0400 | |
22901 | +++ linux-2.6.33.1/drivers/gpu/drm/radeon/mkregtable.c 2010-03-20 16:58:39.737935163 -0400 | |
22902 | @@ -637,14 +637,14 @@ static int parser_auth(struct table *t, | |
22903 | regex_t mask_rex; | |
22904 | regmatch_t match[4]; | |
22905 | char buf[1024]; | |
22906 | - size_t end; | |
22907 | + long end; | |
22908 | int len; | |
22909 | int done = 0; | |
22910 | int r; | |
22911 | unsigned o; | |
22912 | struct offset *offset; | |
22913 | char last_reg_s[10]; | |
22914 | - int last_reg; | |
22915 | + unsigned long last_reg; | |
22916 | ||
22917 | if (regcomp | |
22918 | (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { | |
22919 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/radeon/radeon_atombios.c linux-2.6.33.1/drivers/gpu/drm/radeon/radeon_atombios.c | |
22920 | --- linux-2.6.33.1/drivers/gpu/drm/radeon/radeon_atombios.c 2010-03-15 12:09:39.000000000 -0400 | |
22921 | +++ linux-2.6.33.1/drivers/gpu/drm/radeon/radeon_atombios.c 2010-03-20 16:58:39.737935163 -0400 | |
22922 | @@ -637,14 +637,14 @@ static uint16_t atombios_get_connector_o | |
22923 | } | |
58c5fc13 MT |
22924 | } |
22925 | ||
22926 | -struct bios_connector { | |
22927 | +static struct bios_connector { | |
22928 | bool valid; | |
ae4e228f | 22929 | uint16_t line_mux; |
58c5fc13 MT |
22930 | uint16_t devices; |
22931 | int connector_type; | |
22932 | struct radeon_i2c_bus_rec ddc_bus; | |
ae4e228f | 22933 | struct radeon_hpd hpd; |
58c5fc13 | 22934 | -}; |
ae4e228f | 22935 | +} bios_connectors[ATOM_MAX_SUPPORTED_DEVICE]; |
58c5fc13 MT |
22936 | |
22937 | bool radeon_get_atom_connector_info_from_supported_devices_table(struct | |
22938 | drm_device | |
ae4e228f | 22939 | @@ -660,7 +660,6 @@ bool radeon_get_atom_connector_info_from |
58c5fc13 MT |
22940 | uint8_t dac; |
22941 | union atom_supported_devices *supported_devices; | |
ae4e228f | 22942 | int i, j, max_device; |
58c5fc13 MT |
22943 | - struct bios_connector bios_connectors[ATOM_MAX_SUPPORTED_DEVICE]; |
22944 | ||
22945 | atom_parse_data_header(ctx, index, &size, &frev, &crev, &data_offset); | |
22946 | ||
ae4e228f MT |
22947 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/radeon/radeon_state.c linux-2.6.33.1/drivers/gpu/drm/radeon/radeon_state.c |
22948 | --- linux-2.6.33.1/drivers/gpu/drm/radeon/radeon_state.c 2010-03-15 12:09:39.000000000 -0400 | |
22949 | +++ linux-2.6.33.1/drivers/gpu/drm/radeon/radeon_state.c 2010-03-20 16:58:39.757317099 -0400 | |
22950 | @@ -2139,7 +2139,7 @@ static int radeon_cp_clear(struct drm_de | |
22951 | if (sarea_priv->nbox > RADEON_NR_SAREA_CLIPRECTS) | |
22952 | sarea_priv->nbox = RADEON_NR_SAREA_CLIPRECTS; | |
22953 | ||
22954 | - if (DRM_COPY_FROM_USER(&depth_boxes, clear->depth_boxes, | |
22955 | + if (sarea_priv->nbox > RADEON_NR_SAREA_CLIPRECTS || DRM_COPY_FROM_USER(&depth_boxes, clear->depth_boxes, | |
22956 | sarea_priv->nbox * sizeof(depth_boxes[0]))) | |
22957 | return -EFAULT; | |
22958 | ||
22959 | @@ -3014,7 +3014,7 @@ static int radeon_cp_getparam(struct drm | |
58c5fc13 MT |
22960 | { |
22961 | drm_radeon_private_t *dev_priv = dev->dev_private; | |
22962 | drm_radeon_getparam_t *param = data; | |
22963 | - int value; | |
22964 | + int value = 0; | |
22965 | ||
22966 | DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); | |
22967 | ||
ae4e228f MT |
22968 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/radeon/radeon_ttm.c linux-2.6.33.1/drivers/gpu/drm/radeon/radeon_ttm.c |
22969 | --- linux-2.6.33.1/drivers/gpu/drm/radeon/radeon_ttm.c 2010-03-15 12:09:39.000000000 -0400 | |
22970 | +++ linux-2.6.33.1/drivers/gpu/drm/radeon/radeon_ttm.c 2010-03-20 16:58:39.760772786 -0400 | |
22971 | @@ -564,27 +564,10 @@ void radeon_ttm_fini(struct radeon_devic | |
58c5fc13 MT |
22972 | DRM_INFO("radeon: ttm finalized\n"); |
22973 | } | |
22974 | ||
22975 | -static struct vm_operations_struct radeon_ttm_vm_ops; | |
ae4e228f | 22976 | -static const struct vm_operations_struct *ttm_vm_ops = NULL; |
58c5fc13 MT |
22977 | - |
22978 | -static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf) | |
22979 | -{ | |
22980 | - struct ttm_buffer_object *bo; | |
22981 | - int r; | |
22982 | - | |
22983 | - bo = (struct ttm_buffer_object *)vma->vm_private_data; | |
22984 | - if (bo == NULL) { | |
22985 | - return VM_FAULT_NOPAGE; | |
22986 | - } | |
22987 | - r = ttm_vm_ops->fault(vma, vmf); | |
22988 | - return r; | |
22989 | -} | |
22990 | - | |
22991 | int radeon_mmap(struct file *filp, struct vm_area_struct *vma) | |
22992 | { | |
22993 | struct drm_file *file_priv; | |
22994 | struct radeon_device *rdev; | |
22995 | - int r; | |
22996 | ||
22997 | if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) { | |
22998 | return drm_mmap(filp, vma); | |
ae4e228f | 22999 | @@ -592,20 +575,9 @@ int radeon_mmap(struct file *filp, struc |
58c5fc13 MT |
23000 | |
23001 | file_priv = (struct drm_file *)filp->private_data; | |
23002 | rdev = file_priv->minor->dev->dev_private; | |
23003 | - if (rdev == NULL) { | |
23004 | + if (!rdev) | |
23005 | return -EINVAL; | |
23006 | - } | |
23007 | - r = ttm_bo_mmap(filp, vma, &rdev->mman.bdev); | |
23008 | - if (unlikely(r != 0)) { | |
23009 | - return r; | |
23010 | - } | |
23011 | - if (unlikely(ttm_vm_ops == NULL)) { | |
23012 | - ttm_vm_ops = vma->vm_ops; | |
23013 | - radeon_ttm_vm_ops = *ttm_vm_ops; | |
23014 | - radeon_ttm_vm_ops.fault = &radeon_ttm_fault; | |
23015 | - } | |
23016 | - vma->vm_ops = &radeon_ttm_vm_ops; | |
23017 | - return 0; | |
23018 | + return ttm_bo_mmap(filp, vma, &rdev->mman.bdev); | |
23019 | } | |
23020 | ||
23021 | ||
ae4e228f MT |
23022 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_bo.c linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_bo.c |
23023 | --- linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_bo.c 2010-03-15 12:09:39.000000000 -0400 | |
23024 | +++ linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_bo.c 2010-03-20 16:58:39.760772786 -0400 | |
23025 | @@ -128,7 +128,7 @@ static struct attribute *ttm_bo_global_a | |
23026 | NULL | |
23027 | }; | |
23028 | ||
23029 | -static struct sysfs_ops ttm_bo_global_ops = { | |
23030 | +static const struct sysfs_ops ttm_bo_global_ops = { | |
23031 | .show = &ttm_bo_global_show | |
23032 | }; | |
23033 | ||
23034 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_bo_vm.c linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_bo_vm.c | |
23035 | --- linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_bo_vm.c 2010-03-15 12:09:39.000000000 -0400 | |
23036 | +++ linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_bo_vm.c 2010-03-20 16:58:39.760772786 -0400 | |
58c5fc13 MT |
23037 | @@ -73,7 +73,7 @@ static int ttm_bo_vm_fault(struct vm_are |
23038 | { | |
23039 | struct ttm_buffer_object *bo = (struct ttm_buffer_object *) | |
23040 | vma->vm_private_data; | |
23041 | - struct ttm_bo_device *bdev = bo->bdev; | |
23042 | + struct ttm_bo_device *bdev; | |
23043 | unsigned long bus_base; | |
23044 | unsigned long bus_offset; | |
23045 | unsigned long bus_size; | |
23046 | @@ -88,6 +88,10 @@ static int ttm_bo_vm_fault(struct vm_are | |
23047 | unsigned long address = (unsigned long)vmf->virtual_address; | |
23048 | int retval = VM_FAULT_NOPAGE; | |
23049 | ||
23050 | + if (!bo) | |
23051 | + return VM_FAULT_NOPAGE; | |
23052 | + bdev = bo->bdev; | |
23053 | + | |
23054 | /* | |
23055 | * Work around locking order reversal in fault / nopfn | |
23056 | * between mmap_sem and bo_reserve: Perform a trylock operation | |
ae4e228f MT |
23057 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_global.c linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_global.c |
23058 | --- linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_global.c 2010-03-15 12:09:39.000000000 -0400 | |
23059 | +++ linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_global.c 2010-03-20 16:58:39.764713262 -0400 | |
23060 | @@ -36,7 +36,7 @@ | |
23061 | struct ttm_global_item { | |
23062 | struct mutex mutex; | |
23063 | void *object; | |
23064 | - int refcount; | |
23065 | + atomic_t refcount; | |
23066 | }; | |
58c5fc13 | 23067 | |
ae4e228f MT |
23068 | static struct ttm_global_item glob[TTM_GLOBAL_NUM]; |
23069 | @@ -49,7 +49,7 @@ void ttm_global_init(void) | |
23070 | struct ttm_global_item *item = &glob[i]; | |
23071 | mutex_init(&item->mutex); | |
23072 | item->object = NULL; | |
23073 | - item->refcount = 0; | |
23074 | + atomic_set(&item->refcount, 0); | |
23075 | } | |
23076 | } | |
23077 | ||
23078 | @@ -59,7 +59,7 @@ void ttm_global_release(void) | |
23079 | for (i = 0; i < TTM_GLOBAL_NUM; ++i) { | |
23080 | struct ttm_global_item *item = &glob[i]; | |
23081 | BUG_ON(item->object != NULL); | |
23082 | - BUG_ON(item->refcount != 0); | |
23083 | + BUG_ON(atomic_read(&item->refcount) != 0); | |
23084 | } | |
23085 | } | |
23086 | ||
23087 | @@ -70,7 +70,7 @@ int ttm_global_item_ref(struct ttm_globa | |
23088 | void *object; | |
23089 | ||
23090 | mutex_lock(&item->mutex); | |
23091 | - if (item->refcount == 0) { | |
23092 | + if (atomic_read(&item->refcount) == 0) { | |
23093 | item->object = kzalloc(ref->size, GFP_KERNEL); | |
23094 | if (unlikely(item->object == NULL)) { | |
23095 | ret = -ENOMEM; | |
23096 | @@ -83,7 +83,7 @@ int ttm_global_item_ref(struct ttm_globa | |
23097 | goto out_err; | |
23098 | ||
23099 | } | |
23100 | - ++item->refcount; | |
23101 | + atomic_inc(&item->refcount); | |
23102 | ref->object = item->object; | |
23103 | object = item->object; | |
23104 | mutex_unlock(&item->mutex); | |
23105 | @@ -100,9 +100,9 @@ void ttm_global_item_unref(struct ttm_gl | |
23106 | struct ttm_global_item *item = &glob[ref->global_type]; | |
23107 | ||
23108 | mutex_lock(&item->mutex); | |
23109 | - BUG_ON(item->refcount == 0); | |
23110 | + BUG_ON(atomic_read(&item->refcount) == 0); | |
23111 | BUG_ON(ref->object != item->object); | |
23112 | - if (--item->refcount == 0) { | |
23113 | + if (atomic_dec_and_test(&item->refcount)) { | |
23114 | ref->release(ref); | |
23115 | item->object = NULL; | |
23116 | } | |
23117 | diff -urNp linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_memory.c linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_memory.c | |
23118 | --- linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_memory.c 2010-03-15 12:09:39.000000000 -0400 | |
23119 | +++ linux-2.6.33.1/drivers/gpu/drm/ttm/ttm_memory.c 2010-03-20 16:58:39.764713262 -0400 | |
23120 | @@ -152,7 +152,7 @@ static struct attribute *ttm_mem_zone_at | |
23121 | NULL | |
23122 | }; | |
23123 | ||
23124 | -static struct sysfs_ops ttm_mem_zone_ops = { | |
23125 | +static const struct sysfs_ops ttm_mem_zone_ops = { | |
23126 | .show = &ttm_mem_zone_show, | |
23127 | .store = &ttm_mem_zone_store | |
23128 | }; | |
23129 | diff -urNp linux-2.6.33.1/drivers/hwmon/k8temp.c linux-2.6.33.1/drivers/hwmon/k8temp.c | |
23130 | --- linux-2.6.33.1/drivers/hwmon/k8temp.c 2010-03-15 12:09:39.000000000 -0400 | |
23131 | +++ linux-2.6.33.1/drivers/hwmon/k8temp.c 2010-03-20 16:58:39.764713262 -0400 | |
58c5fc13 MT |
23132 | @@ -138,7 +138,7 @@ static DEVICE_ATTR(name, S_IRUGO, show_n |
23133 | ||
ae4e228f | 23134 | static const struct pci_device_id k8temp_ids[] = { |
58c5fc13 MT |
23135 | { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_K8_NB_MISC) }, |
23136 | - { 0 }, | |
23137 | + { 0, 0, 0, 0, 0, 0, 0 }, | |
23138 | }; | |
23139 | ||
23140 | MODULE_DEVICE_TABLE(pci, k8temp_ids); | |
ae4e228f MT |
23141 | diff -urNp linux-2.6.33.1/drivers/hwmon/sis5595.c linux-2.6.33.1/drivers/hwmon/sis5595.c |
23142 | --- linux-2.6.33.1/drivers/hwmon/sis5595.c 2010-03-15 12:09:39.000000000 -0400 | |
23143 | +++ linux-2.6.33.1/drivers/hwmon/sis5595.c 2010-03-20 16:58:39.772823109 -0400 | |
58c5fc13 MT |
23144 | @@ -699,7 +699,7 @@ static struct sis5595_data *sis5595_upda |
23145 | ||
ae4e228f | 23146 | static const struct pci_device_id sis5595_pci_ids[] = { |
58c5fc13 MT |
23147 | { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_503) }, |
23148 | - { 0, } | |
23149 | + { 0, 0, 0, 0, 0, 0, 0 } | |
23150 | }; | |
23151 | ||
23152 | MODULE_DEVICE_TABLE(pci, sis5595_pci_ids); | |
ae4e228f MT |
23153 | diff -urNp linux-2.6.33.1/drivers/hwmon/via686a.c linux-2.6.33.1/drivers/hwmon/via686a.c |
23154 | --- linux-2.6.33.1/drivers/hwmon/via686a.c 2010-03-15 12:09:39.000000000 -0400 | |
23155 | +++ linux-2.6.33.1/drivers/hwmon/via686a.c 2010-03-20 16:58:39.780824922 -0400 | |
58c5fc13 MT |
23156 | @@ -769,7 +769,7 @@ static struct via686a_data *via686a_upda |
23157 | ||
ae4e228f | 23158 | static const struct pci_device_id via686a_pci_ids[] = { |
58c5fc13 MT |
23159 | { PCI_DEVICE(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_82C686_4) }, |
23160 | - { 0, } | |
23161 | + { 0, 0, 0, 0, 0, 0, 0 } | |
23162 | }; | |
23163 | ||
23164 | MODULE_DEVICE_TABLE(pci, via686a_pci_ids); | |
ae4e228f MT |
23165 | diff -urNp linux-2.6.33.1/drivers/hwmon/vt8231.c linux-2.6.33.1/drivers/hwmon/vt8231.c |
23166 | --- linux-2.6.33.1/drivers/hwmon/vt8231.c 2010-03-15 12:09:39.000000000 -0400 | |
23167 | +++ linux-2.6.33.1/drivers/hwmon/vt8231.c 2010-03-20 16:58:39.784811184 -0400 | |
58c5fc13 MT |
23168 | @@ -699,7 +699,7 @@ static struct platform_driver vt8231_dri |
23169 | ||
ae4e228f | 23170 | static const struct pci_device_id vt8231_pci_ids[] = { |
58c5fc13 MT |
23171 | { PCI_DEVICE(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_8231_4) }, |
23172 | - { 0, } | |
23173 | + { 0, 0, 0, 0, 0, 0, 0 } | |
23174 | }; | |
23175 | ||
23176 | MODULE_DEVICE_TABLE(pci, vt8231_pci_ids); | |
ae4e228f MT |
23177 | diff -urNp linux-2.6.33.1/drivers/hwmon/w83791d.c linux-2.6.33.1/drivers/hwmon/w83791d.c |
23178 | --- linux-2.6.33.1/drivers/hwmon/w83791d.c 2010-03-15 12:09:39.000000000 -0400 | |
23179 | +++ linux-2.6.33.1/drivers/hwmon/w83791d.c 2010-03-20 16:58:39.796811468 -0400 | |
23180 | @@ -329,8 +329,8 @@ static int w83791d_detect(struct i2c_cli | |
58c5fc13 MT |
23181 | struct i2c_board_info *info); |
23182 | static int w83791d_remove(struct i2c_client *client); | |
23183 | ||
23184 | -static int w83791d_read(struct i2c_client *client, u8 register); | |
23185 | -static int w83791d_write(struct i2c_client *client, u8 register, u8 value); | |
23186 | +static int w83791d_read(struct i2c_client *client, u8 reg); | |
23187 | +static int w83791d_write(struct i2c_client *client, u8 reg, u8 value); | |
23188 | static struct w83791d_data *w83791d_update_device(struct device *dev); | |
23189 | ||
23190 | #ifdef DEBUG | |
ae4e228f MT |
23191 | diff -urNp linux-2.6.33.1/drivers/i2c/busses/i2c-i801.c linux-2.6.33.1/drivers/i2c/busses/i2c-i801.c |
23192 | --- linux-2.6.33.1/drivers/i2c/busses/i2c-i801.c 2010-03-15 12:09:39.000000000 -0400 | |
23193 | +++ linux-2.6.33.1/drivers/i2c/busses/i2c-i801.c 2010-03-20 16:58:39.804825087 -0400 | |
58c5fc13 MT |
23194 | @@ -578,7 +578,7 @@ static struct pci_device_id i801_ids[] = |
23195 | { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH10_4) }, | |
23196 | { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH10_5) }, | |
23197 | { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_PCH_SMBUS) }, | |
23198 | - { 0, } | |
23199 | + { 0, 0, 0, 0, 0, 0, 0 } | |
23200 | }; | |
23201 | ||
23202 | MODULE_DEVICE_TABLE (pci, i801_ids); | |
ae4e228f MT |
23203 | diff -urNp linux-2.6.33.1/drivers/i2c/busses/i2c-piix4.c linux-2.6.33.1/drivers/i2c/busses/i2c-piix4.c |
23204 | --- linux-2.6.33.1/drivers/i2c/busses/i2c-piix4.c 2010-03-15 12:09:39.000000000 -0400 | |
23205 | +++ linux-2.6.33.1/drivers/i2c/busses/i2c-piix4.c 2010-03-20 16:58:39.821741415 -0400 | |
23206 | @@ -124,7 +124,7 @@ static struct dmi_system_id __devinitdat | |
58c5fc13 MT |
23207 | .ident = "IBM", |
23208 | .matches = { DMI_MATCH(DMI_SYS_VENDOR, "IBM"), }, | |
23209 | }, | |
23210 | - { }, | |
ae4e228f | 23211 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } |
58c5fc13 MT |
23212 | }; |
23213 | ||
23214 | static int __devinit piix4_setup(struct pci_dev *PIIX4_dev, | |
ae4e228f | 23215 | @@ -491,7 +491,7 @@ static struct pci_device_id piix4_ids[] |
58c5fc13 MT |
23216 | PCI_DEVICE_ID_SERVERWORKS_HT1000SB) }, |
23217 | { PCI_DEVICE(PCI_VENDOR_ID_SERVERWORKS, | |
23218 | PCI_DEVICE_ID_SERVERWORKS_HT1100LD) }, | |
23219 | - { 0, } | |
23220 | + { 0, 0, 0, 0, 0, 0, 0 } | |
23221 | }; | |
23222 | ||
23223 | MODULE_DEVICE_TABLE (pci, piix4_ids); | |
ae4e228f MT |
23224 | diff -urNp linux-2.6.33.1/drivers/i2c/busses/i2c-sis630.c linux-2.6.33.1/drivers/i2c/busses/i2c-sis630.c |
23225 | --- linux-2.6.33.1/drivers/i2c/busses/i2c-sis630.c 2010-03-15 12:09:39.000000000 -0400 | |
23226 | +++ linux-2.6.33.1/drivers/i2c/busses/i2c-sis630.c 2010-03-20 16:58:39.832567311 -0400 | |
58c5fc13 MT |
23227 | @@ -471,7 +471,7 @@ static struct i2c_adapter sis630_adapter |
23228 | static struct pci_device_id sis630_ids[] __devinitdata = { | |
23229 | { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_503) }, | |
23230 | { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_LPC) }, | |
23231 | - { 0, } | |
23232 | + { 0, 0, 0, 0, 0, 0, 0 } | |
23233 | }; | |
23234 | ||
23235 | MODULE_DEVICE_TABLE (pci, sis630_ids); | |
ae4e228f MT |
23236 | diff -urNp linux-2.6.33.1/drivers/i2c/busses/i2c-sis96x.c linux-2.6.33.1/drivers/i2c/busses/i2c-sis96x.c |
23237 | --- linux-2.6.33.1/drivers/i2c/busses/i2c-sis96x.c 2010-03-15 12:09:39.000000000 -0400 | |
23238 | +++ linux-2.6.33.1/drivers/i2c/busses/i2c-sis96x.c 2010-03-20 16:58:39.832567311 -0400 | |
58c5fc13 MT |
23239 | @@ -247,7 +247,7 @@ static struct i2c_adapter sis96x_adapter |
23240 | ||
23241 | static struct pci_device_id sis96x_ids[] = { | |
23242 | { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_SMBUS) }, | |
23243 | - { 0, } | |
23244 | + { 0, 0, 0, 0, 0, 0, 0 } | |
23245 | }; | |
23246 | ||
23247 | MODULE_DEVICE_TABLE (pci, sis96x_ids); | |
ae4e228f MT |
23248 | diff -urNp linux-2.6.33.1/drivers/ide/ide-cd.c linux-2.6.33.1/drivers/ide/ide-cd.c |
23249 | --- linux-2.6.33.1/drivers/ide/ide-cd.c 2010-03-15 12:09:39.000000000 -0400 | |
23250 | +++ linux-2.6.33.1/drivers/ide/ide-cd.c 2010-03-20 16:58:39.844814079 -0400 | |
23251 | @@ -766,7 +766,7 @@ static void cdrom_do_block_pc(ide_drive_ | |
23252 | alignment = queue_dma_alignment(q) | q->dma_pad_mask; | |
23253 | if ((unsigned long)buf & alignment | |
23254 | || blk_rq_bytes(rq) & q->dma_pad_mask | |
23255 | - || object_is_on_stack(buf)) | |
23256 | + || object_starts_on_stack(buf)) | |
23257 | drive->dma = 0; | |
23258 | } | |
23259 | } | |
23260 | diff -urNp linux-2.6.33.1/drivers/ieee1394/dv1394.c linux-2.6.33.1/drivers/ieee1394/dv1394.c | |
23261 | --- linux-2.6.33.1/drivers/ieee1394/dv1394.c 2010-03-15 12:09:39.000000000 -0400 | |
23262 | +++ linux-2.6.33.1/drivers/ieee1394/dv1394.c 2010-03-20 16:58:39.856823569 -0400 | |
58c5fc13 MT |
23263 | @@ -739,7 +739,7 @@ static void frame_prepare(struct video_c |
23264 | based upon DIF section and sequence | |
23265 | */ | |
23266 | ||
23267 | -static void inline | |
23268 | +static inline void | |
23269 | frame_put_packet (struct frame *f, struct packet *p) | |
23270 | { | |
23271 | int section_type = p->data[0] >> 5; /* section type is in bits 5 - 7 */ | |
23272 | @@ -2178,7 +2178,7 @@ static const struct ieee1394_device_id d | |
23273 | .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff, | |
23274 | .version = AVC_SW_VERSION_ENTRY & 0xffffff | |
23275 | }, | |
23276 | - { } | |
23277 | + { 0, 0, 0, 0, 0, 0 } | |
23278 | }; | |
23279 | ||
23280 | MODULE_DEVICE_TABLE(ieee1394, dv1394_id_table); | |
ae4e228f MT |
23281 | diff -urNp linux-2.6.33.1/drivers/ieee1394/eth1394.c linux-2.6.33.1/drivers/ieee1394/eth1394.c |
23282 | --- linux-2.6.33.1/drivers/ieee1394/eth1394.c 2010-03-15 12:09:39.000000000 -0400 | |
23283 | +++ linux-2.6.33.1/drivers/ieee1394/eth1394.c 2010-03-20 16:58:39.865827641 -0400 | |
23284 | @@ -446,7 +446,7 @@ static const struct ieee1394_device_id e | |
58c5fc13 MT |
23285 | .specifier_id = ETHER1394_GASP_SPECIFIER_ID, |
23286 | .version = ETHER1394_GASP_VERSION, | |
23287 | }, | |
23288 | - {} | |
23289 | + { 0, 0, 0, 0, 0, 0 } | |
23290 | }; | |
23291 | ||
23292 | MODULE_DEVICE_TABLE(ieee1394, eth1394_id_table); | |
ae4e228f MT |
23293 | diff -urNp linux-2.6.33.1/drivers/ieee1394/hosts.c linux-2.6.33.1/drivers/ieee1394/hosts.c |
23294 | --- linux-2.6.33.1/drivers/ieee1394/hosts.c 2010-03-15 12:09:39.000000000 -0400 | |
23295 | +++ linux-2.6.33.1/drivers/ieee1394/hosts.c 2010-03-20 16:58:39.865827641 -0400 | |
58c5fc13 MT |
23296 | @@ -78,6 +78,7 @@ static int dummy_isoctl(struct hpsb_iso |
23297 | } | |
23298 | ||
23299 | static struct hpsb_host_driver dummy_driver = { | |
23300 | + .name = "dummy", | |
23301 | .transmit_packet = dummy_transmit_packet, | |
23302 | .devctl = dummy_devctl, | |
23303 | .isoctl = dummy_isoctl | |
ae4e228f MT |
23304 | diff -urNp linux-2.6.33.1/drivers/ieee1394/ohci1394.c linux-2.6.33.1/drivers/ieee1394/ohci1394.c |
23305 | --- linux-2.6.33.1/drivers/ieee1394/ohci1394.c 2010-03-15 12:09:39.000000000 -0400 | |
23306 | +++ linux-2.6.33.1/drivers/ieee1394/ohci1394.c 2010-03-20 16:58:39.873869022 -0400 | |
23307 | @@ -148,9 +148,9 @@ printk(level "%s: " fmt "\n" , OHCI1394_ | |
58c5fc13 MT |
23308 | printk(level "%s: fw-host%d: " fmt "\n" , OHCI1394_DRIVER_NAME, ohci->host->id , ## args) |
23309 | ||
23310 | /* Module Parameters */ | |
23311 | -static int phys_dma = 1; | |
23312 | +static int phys_dma; | |
23313 | module_param(phys_dma, int, 0444); | |
23314 | -MODULE_PARM_DESC(phys_dma, "Enable physical DMA (default = 1)."); | |
23315 | +MODULE_PARM_DESC(phys_dma, "Enable physical DMA (default = 0)."); | |
23316 | ||
23317 | static void dma_trm_tasklet(unsigned long data); | |
23318 | static void dma_trm_reset(struct dma_trm_ctx *d); | |
ae4e228f | 23319 | @@ -3445,7 +3445,7 @@ static struct pci_device_id ohci1394_pci |
58c5fc13 MT |
23320 | .subvendor = PCI_ANY_ID, |
23321 | .subdevice = PCI_ANY_ID, | |
23322 | }, | |
23323 | - { 0, }, | |
23324 | + { 0, 0, 0, 0, 0, 0, 0 }, | |
23325 | }; | |
23326 | ||
23327 | MODULE_DEVICE_TABLE(pci, ohci1394_pci_tbl); | |
ae4e228f MT |
23328 | diff -urNp linux-2.6.33.1/drivers/ieee1394/raw1394.c linux-2.6.33.1/drivers/ieee1394/raw1394.c |
23329 | --- linux-2.6.33.1/drivers/ieee1394/raw1394.c 2010-03-15 12:09:39.000000000 -0400 | |
23330 | +++ linux-2.6.33.1/drivers/ieee1394/raw1394.c 2010-03-20 16:58:39.873869022 -0400 | |
23331 | @@ -3002,7 +3002,7 @@ static const struct ieee1394_device_id r | |
58c5fc13 MT |
23332 | .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION, |
23333 | .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff, | |
23334 | .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff}, | |
23335 | - {} | |
23336 | + { 0, 0, 0, 0, 0, 0 } | |
23337 | }; | |
23338 | ||
23339 | MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table); | |
ae4e228f MT |
23340 | diff -urNp linux-2.6.33.1/drivers/ieee1394/sbp2.c linux-2.6.33.1/drivers/ieee1394/sbp2.c |
23341 | --- linux-2.6.33.1/drivers/ieee1394/sbp2.c 2010-03-15 12:09:39.000000000 -0400 | |
23342 | +++ linux-2.6.33.1/drivers/ieee1394/sbp2.c 2010-03-20 16:58:39.877823938 -0400 | |
58c5fc13 MT |
23343 | @@ -290,7 +290,7 @@ static const struct ieee1394_device_id s |
23344 | .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION, | |
23345 | .specifier_id = SBP2_UNIT_SPEC_ID_ENTRY & 0xffffff, | |
23346 | .version = SBP2_SW_VERSION_ENTRY & 0xffffff}, | |
23347 | - {} | |
23348 | + { 0, 0, 0, 0, 0, 0 } | |
23349 | }; | |
23350 | MODULE_DEVICE_TABLE(ieee1394, sbp2_id_table); | |
23351 | ||
ae4e228f | 23352 | @@ -2111,7 +2111,7 @@ MODULE_DESCRIPTION("IEEE-1394 SBP-2 prot |
58c5fc13 MT |
23353 | MODULE_SUPPORTED_DEVICE(SBP2_DEVICE_NAME); |
23354 | MODULE_LICENSE("GPL"); | |
23355 | ||
23356 | -static int sbp2_module_init(void) | |
23357 | +static int __init sbp2_module_init(void) | |
23358 | { | |
23359 | int ret; | |
23360 | ||
ae4e228f MT |
23361 | diff -urNp linux-2.6.33.1/drivers/ieee1394/video1394.c linux-2.6.33.1/drivers/ieee1394/video1394.c |
23362 | --- linux-2.6.33.1/drivers/ieee1394/video1394.c 2010-03-15 12:09:39.000000000 -0400 | |
23363 | +++ linux-2.6.33.1/drivers/ieee1394/video1394.c 2010-03-20 16:58:39.877823938 -0400 | |
23364 | @@ -1311,7 +1311,7 @@ static const struct ieee1394_device_id v | |
58c5fc13 MT |
23365 | .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff, |
23366 | .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff | |
23367 | }, | |
23368 | - { } | |
23369 | + { 0, 0, 0, 0, 0, 0 } | |
23370 | }; | |
23371 | ||
23372 | MODULE_DEVICE_TABLE(ieee1394, video1394_id_table); | |
ae4e228f MT |
23373 | diff -urNp linux-2.6.33.1/drivers/infiniband/core/cm.c linux-2.6.33.1/drivers/infiniband/core/cm.c |
23374 | --- linux-2.6.33.1/drivers/infiniband/core/cm.c 2010-03-15 12:09:39.000000000 -0400 | |
23375 | +++ linux-2.6.33.1/drivers/infiniband/core/cm.c 2010-03-20 16:58:39.905667556 -0400 | |
23376 | @@ -112,7 +112,7 @@ static char const counter_group_names[CM | |
23377 | ||
23378 | struct cm_counter_group { | |
23379 | struct kobject obj; | |
23380 | - atomic_long_t counter[CM_ATTR_COUNT]; | |
23381 | + atomic_long_unchecked_t counter[CM_ATTR_COUNT]; | |
23382 | }; | |
23383 | ||
23384 | struct cm_counter_attribute { | |
23385 | @@ -1386,7 +1386,7 @@ static void cm_dup_req_handler(struct cm | |
23386 | struct ib_mad_send_buf *msg = NULL; | |
23387 | int ret; | |
23388 | ||
23389 | - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23390 | + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23391 | counter[CM_REQ_COUNTER]); | |
23392 | ||
23393 | /* Quick state check to discard duplicate REQs. */ | |
23394 | @@ -1764,7 +1764,7 @@ static void cm_dup_rep_handler(struct cm | |
23395 | if (!cm_id_priv) | |
23396 | return; | |
58c5fc13 | 23397 | |
ae4e228f MT |
23398 | - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES]. |
23399 | + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23400 | counter[CM_REP_COUNTER]); | |
23401 | ret = cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg); | |
23402 | if (ret) | |
23403 | @@ -1931,7 +1931,7 @@ static int cm_rtu_handler(struct cm_work | |
23404 | if (cm_id_priv->id.state != IB_CM_REP_SENT && | |
23405 | cm_id_priv->id.state != IB_CM_MRA_REP_RCVD) { | |
23406 | spin_unlock_irq(&cm_id_priv->lock); | |
23407 | - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23408 | + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23409 | counter[CM_RTU_COUNTER]); | |
23410 | goto out; | |
23411 | } | |
23412 | @@ -2110,7 +2110,7 @@ static int cm_dreq_handler(struct cm_wor | |
23413 | cm_id_priv = cm_acquire_id(dreq_msg->remote_comm_id, | |
23414 | dreq_msg->local_comm_id); | |
23415 | if (!cm_id_priv) { | |
23416 | - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23417 | + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23418 | counter[CM_DREQ_COUNTER]); | |
23419 | cm_issue_drep(work->port, work->mad_recv_wc); | |
23420 | return -EINVAL; | |
23421 | @@ -2131,7 +2131,7 @@ static int cm_dreq_handler(struct cm_wor | |
23422 | case IB_CM_MRA_REP_RCVD: | |
23423 | break; | |
23424 | case IB_CM_TIMEWAIT: | |
23425 | - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23426 | + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23427 | counter[CM_DREQ_COUNTER]); | |
23428 | if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg)) | |
23429 | goto unlock; | |
23430 | @@ -2145,7 +2145,7 @@ static int cm_dreq_handler(struct cm_wor | |
23431 | cm_free_msg(msg); | |
23432 | goto deref; | |
23433 | case IB_CM_DREQ_RCVD: | |
23434 | - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23435 | + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23436 | counter[CM_DREQ_COUNTER]); | |
23437 | goto unlock; | |
23438 | default: | |
23439 | @@ -2501,7 +2501,7 @@ static int cm_mra_handler(struct cm_work | |
23440 | ib_modify_mad(cm_id_priv->av.port->mad_agent, | |
23441 | cm_id_priv->msg, timeout)) { | |
23442 | if (cm_id_priv->id.lap_state == IB_CM_MRA_LAP_RCVD) | |
23443 | - atomic_long_inc(&work->port-> | |
23444 | + atomic_long_inc_unchecked(&work->port-> | |
23445 | counter_group[CM_RECV_DUPLICATES]. | |
23446 | counter[CM_MRA_COUNTER]); | |
23447 | goto out; | |
23448 | @@ -2510,7 +2510,7 @@ static int cm_mra_handler(struct cm_work | |
23449 | break; | |
23450 | case IB_CM_MRA_REQ_RCVD: | |
23451 | case IB_CM_MRA_REP_RCVD: | |
23452 | - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23453 | + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23454 | counter[CM_MRA_COUNTER]); | |
23455 | /* fall through */ | |
23456 | default: | |
23457 | @@ -2672,7 +2672,7 @@ static int cm_lap_handler(struct cm_work | |
23458 | case IB_CM_LAP_IDLE: | |
23459 | break; | |
23460 | case IB_CM_MRA_LAP_SENT: | |
23461 | - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23462 | + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23463 | counter[CM_LAP_COUNTER]); | |
23464 | if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg)) | |
23465 | goto unlock; | |
23466 | @@ -2688,7 +2688,7 @@ static int cm_lap_handler(struct cm_work | |
23467 | cm_free_msg(msg); | |
23468 | goto deref; | |
23469 | case IB_CM_LAP_RCVD: | |
23470 | - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23471 | + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23472 | counter[CM_LAP_COUNTER]); | |
23473 | goto unlock; | |
23474 | default: | |
23475 | @@ -2972,7 +2972,7 @@ static int cm_sidr_req_handler(struct cm | |
23476 | cur_cm_id_priv = cm_insert_remote_sidr(cm_id_priv); | |
23477 | if (cur_cm_id_priv) { | |
23478 | spin_unlock_irq(&cm.lock); | |
23479 | - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23480 | + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES]. | |
23481 | counter[CM_SIDR_REQ_COUNTER]); | |
23482 | goto out; /* Duplicate message. */ | |
23483 | } | |
23484 | @@ -3183,10 +3183,10 @@ static void cm_send_handler(struct ib_ma | |
23485 | if (!msg->context[0] && (attr_index != CM_REJ_COUNTER)) | |
23486 | msg->retries = 1; | |
23487 | ||
23488 | - atomic_long_add(1 + msg->retries, | |
23489 | + atomic_long_add_unchecked(1 + msg->retries, | |
23490 | &port->counter_group[CM_XMIT].counter[attr_index]); | |
23491 | if (msg->retries) | |
23492 | - atomic_long_add(msg->retries, | |
23493 | + atomic_long_add_unchecked(msg->retries, | |
23494 | &port->counter_group[CM_XMIT_RETRIES]. | |
23495 | counter[attr_index]); | |
23496 | ||
23497 | @@ -3396,7 +3396,7 @@ static void cm_recv_handler(struct ib_ma | |
23498 | } | |
23499 | ||
23500 | attr_id = be16_to_cpu(mad_recv_wc->recv_buf.mad->mad_hdr.attr_id); | |
23501 | - atomic_long_inc(&port->counter_group[CM_RECV]. | |
23502 | + atomic_long_inc_unchecked(&port->counter_group[CM_RECV]. | |
23503 | counter[attr_id - CM_ATTR_ID_OFFSET]); | |
23504 | ||
23505 | work = kmalloc(sizeof *work + sizeof(struct ib_sa_path_rec) * paths, | |
23506 | @@ -3594,10 +3594,10 @@ static ssize_t cm_show_counter(struct ko | |
23507 | cm_attr = container_of(attr, struct cm_counter_attribute, attr); | |
23508 | ||
23509 | return sprintf(buf, "%ld\n", | |
23510 | - atomic_long_read(&group->counter[cm_attr->index])); | |
23511 | + atomic_long_read_unchecked(&group->counter[cm_attr->index])); | |
23512 | } | |
23513 | ||
23514 | -static struct sysfs_ops cm_counter_ops = { | |
23515 | +static const struct sysfs_ops cm_counter_ops = { | |
23516 | .show = cm_show_counter | |
58c5fc13 MT |
23517 | }; |
23518 | ||
ae4e228f MT |
23519 | diff -urNp linux-2.6.33.1/drivers/infiniband/core/sysfs.c linux-2.6.33.1/drivers/infiniband/core/sysfs.c |
23520 | --- linux-2.6.33.1/drivers/infiniband/core/sysfs.c 2010-03-15 12:09:39.000000000 -0400 | |
23521 | +++ linux-2.6.33.1/drivers/infiniband/core/sysfs.c 2010-03-20 16:58:39.912829502 -0400 | |
23522 | @@ -79,7 +79,7 @@ static ssize_t port_attr_show(struct kob | |
23523 | return port_attr->show(p, port_attr, buf); | |
58c5fc13 MT |
23524 | } |
23525 | ||
ae4e228f MT |
23526 | -static struct sysfs_ops port_sysfs_ops = { |
23527 | +static const struct sysfs_ops port_sysfs_ops = { | |
23528 | .show = port_attr_show | |
58c5fc13 | 23529 | }; |
ae4e228f MT |
23530 | |
23531 | diff -urNp linux-2.6.33.1/drivers/input/keyboard/atkbd.c linux-2.6.33.1/drivers/input/keyboard/atkbd.c | |
23532 | --- linux-2.6.33.1/drivers/input/keyboard/atkbd.c 2010-03-15 12:09:39.000000000 -0400 | |
23533 | +++ linux-2.6.33.1/drivers/input/keyboard/atkbd.c 2010-03-20 16:58:39.929160943 -0400 | |
23534 | @@ -1229,7 +1229,7 @@ static struct serio_device_id atkbd_seri | |
58c5fc13 MT |
23535 | .id = SERIO_ANY, |
23536 | .extra = SERIO_ANY, | |
23537 | }, | |
23538 | - { 0 } | |
23539 | + { 0, 0, 0, 0 } | |
23540 | }; | |
23541 | ||
23542 | MODULE_DEVICE_TABLE(serio, atkbd_serio_ids); | |
ae4e228f MT |
23543 | diff -urNp linux-2.6.33.1/drivers/input/mouse/lifebook.c linux-2.6.33.1/drivers/input/mouse/lifebook.c |
23544 | --- linux-2.6.33.1/drivers/input/mouse/lifebook.c 2010-03-15 12:09:39.000000000 -0400 | |
23545 | +++ linux-2.6.33.1/drivers/input/mouse/lifebook.c 2010-03-20 16:58:39.929160943 -0400 | |
23546 | @@ -122,7 +122,7 @@ static const struct dmi_system_id __init | |
58c5fc13 MT |
23547 | DMI_MATCH(DMI_PRODUCT_NAME, "LifeBook B142"), |
23548 | }, | |
23549 | }, | |
23550 | - { } | |
23551 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL} | |
23552 | }; | |
23553 | ||
ae4e228f MT |
23554 | void __init lifebook_module_init(void) |
23555 | diff -urNp linux-2.6.33.1/drivers/input/mouse/psmouse-base.c linux-2.6.33.1/drivers/input/mouse/psmouse-base.c | |
23556 | --- linux-2.6.33.1/drivers/input/mouse/psmouse-base.c 2010-03-15 12:09:39.000000000 -0400 | |
23557 | +++ linux-2.6.33.1/drivers/input/mouse/psmouse-base.c 2010-03-20 16:58:39.936833108 -0400 | |
23558 | @@ -1442,7 +1442,7 @@ static struct serio_device_id psmouse_se | |
58c5fc13 MT |
23559 | .id = SERIO_ANY, |
23560 | .extra = SERIO_ANY, | |
23561 | }, | |
23562 | - { 0 } | |
23563 | + { 0, 0, 0, 0 } | |
23564 | }; | |
23565 | ||
23566 | MODULE_DEVICE_TABLE(serio, psmouse_serio_ids); | |
ae4e228f MT |
23567 | diff -urNp linux-2.6.33.1/drivers/input/mouse/synaptics.c linux-2.6.33.1/drivers/input/mouse/synaptics.c |
23568 | --- linux-2.6.33.1/drivers/input/mouse/synaptics.c 2010-03-15 12:09:39.000000000 -0400 | |
23569 | +++ linux-2.6.33.1/drivers/input/mouse/synaptics.c 2010-03-20 16:58:39.944836883 -0400 | |
23570 | @@ -438,7 +438,7 @@ static void synaptics_process_packet(str | |
58c5fc13 MT |
23571 | break; |
23572 | case 2: | |
23573 | if (SYN_MODEL_PEN(priv->model_id)) | |
23574 | - ; /* Nothing, treat a pen as a single finger */ | |
23575 | + break; /* Nothing, treat a pen as a single finger */ | |
23576 | break; | |
23577 | case 4 ... 15: | |
23578 | if (SYN_CAP_PALMDETECT(priv->capabilities)) | |
ae4e228f MT |
23579 | @@ -654,7 +654,6 @@ static const struct dmi_system_id __init |
23580 | DMI_MATCH(DMI_SYS_VENDOR, "TOSHIBA"), | |
58c5fc13 MT |
23581 | DMI_MATCH(DMI_PRODUCT_NAME, "PORTEGE M300"), |
23582 | }, | |
ae4e228f MT |
23583 | - |
23584 | }, | |
23585 | { | |
23586 | /* Toshiba Portege M300 */ | |
23587 | @@ -663,9 +662,8 @@ static const struct dmi_system_id __init | |
23588 | DMI_MATCH(DMI_PRODUCT_NAME, "Portable PC"), | |
23589 | DMI_MATCH(DMI_PRODUCT_VERSION, "Version 1.0"), | |
23590 | }, | |
23591 | - | |
58c5fc13 MT |
23592 | }, |
23593 | - { } | |
23594 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } | |
58c5fc13 | 23595 | #endif |
ae4e228f | 23596 | }; |
58c5fc13 | 23597 | |
ae4e228f MT |
23598 | diff -urNp linux-2.6.33.1/drivers/input/mousedev.c linux-2.6.33.1/drivers/input/mousedev.c |
23599 | --- linux-2.6.33.1/drivers/input/mousedev.c 2010-03-15 12:09:39.000000000 -0400 | |
23600 | +++ linux-2.6.33.1/drivers/input/mousedev.c 2010-03-20 16:58:39.952834604 -0400 | |
23601 | @@ -760,7 +760,7 @@ static ssize_t mousedev_read(struct file | |
23602 | ||
23603 | spin_unlock_irq(&client->packet_lock); | |
23604 | ||
23605 | - if (copy_to_user(buffer, data, count)) | |
23606 | + if (count > sizeof(data) || copy_to_user(buffer, data, count)) | |
23607 | return -EFAULT; | |
23608 | ||
23609 | return count; | |
23610 | @@ -1057,7 +1057,7 @@ static struct input_handler mousedev_han | |
58c5fc13 MT |
23611 | |
23612 | #ifdef CONFIG_INPUT_MOUSEDEV_PSAUX | |
23613 | static struct miscdevice psaux_mouse = { | |
23614 | - PSMOUSE_MINOR, "psaux", &mousedev_fops | |
23615 | + PSMOUSE_MINOR, "psaux", &mousedev_fops, {NULL, NULL}, NULL, NULL | |
23616 | }; | |
23617 | static int psaux_registered; | |
23618 | #endif | |
ae4e228f MT |
23619 | diff -urNp linux-2.6.33.1/drivers/input/serio/i8042-x86ia64io.h linux-2.6.33.1/drivers/input/serio/i8042-x86ia64io.h |
23620 | --- linux-2.6.33.1/drivers/input/serio/i8042-x86ia64io.h 2010-03-15 12:09:39.000000000 -0400 | |
23621 | +++ linux-2.6.33.1/drivers/input/serio/i8042-x86ia64io.h 2010-03-20 16:58:39.964826079 -0400 | |
23622 | @@ -172,7 +172,7 @@ static const struct dmi_system_id __init | |
58c5fc13 MT |
23623 | DMI_MATCH(DMI_PRODUCT_VERSION, "Rev 1"), |
23624 | }, | |
23625 | }, | |
23626 | - { } | |
23627 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } | |
23628 | }; | |
23629 | ||
23630 | /* | |
ae4e228f | 23631 | @@ -402,7 +402,7 @@ static const struct dmi_system_id __init |
58c5fc13 MT |
23632 | DMI_MATCH(DMI_PRODUCT_VERSION, "0100"), |
23633 | }, | |
23634 | }, | |
23635 | - { } | |
23636 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } | |
23637 | }; | |
23638 | ||
ae4e228f MT |
23639 | static const struct dmi_system_id __initconst i8042_dmi_reset_table[] = { |
23640 | @@ -469,7 +469,7 @@ static const struct dmi_system_id __init | |
23641 | DMI_MATCH(DMI_PRODUCT_NAME, "Vostro 1720"), | |
58c5fc13 MT |
23642 | }, |
23643 | }, | |
23644 | - { } | |
23645 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } | |
23646 | }; | |
23647 | ||
23648 | #ifdef CONFIG_PNP | |
ae4e228f | 23649 | @@ -488,7 +488,7 @@ static const struct dmi_system_id __init |
58c5fc13 MT |
23650 | DMI_MATCH(DMI_BOARD_VENDOR, "MICRO-STAR INTERNATIONAL CO., LTD"), |
23651 | }, | |
23652 | }, | |
23653 | - { } | |
ae4e228f MT |
23654 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } |
23655 | }; | |
23656 | ||
23657 | static const struct dmi_system_id __initconst i8042_dmi_laptop_table[] = { | |
23658 | @@ -512,7 +512,7 @@ static const struct dmi_system_id __init | |
23659 | DMI_MATCH(DMI_CHASSIS_TYPE, "14"), /* Sub-Notebook */ | |
23660 | }, | |
23661 | }, | |
23662 | - { } | |
58c5fc13 MT |
23663 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } |
23664 | }; | |
23665 | #endif | |
23666 | ||
ae4e228f | 23667 | @@ -586,7 +586,7 @@ static const struct dmi_system_id __init |
58c5fc13 MT |
23668 | DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 4280"), |
23669 | }, | |
23670 | }, | |
23671 | - { } | |
23672 | + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } | |
23673 | }; | |
23674 | ||
23675 | #endif /* CONFIG_X86 */ | |
ae4e228f MT |
23676 | diff -urNp linux-2.6.33.1/drivers/input/serio/serio_raw.c linux-2.6.33.1/drivers/input/serio/serio_raw.c |
23677 | --- linux-2.6.33.1/drivers/input/serio/serio_raw.c 2010-03-15 12:09:39.000000000 -0400 | |
23678 | +++ linux-2.6.33.1/drivers/input/serio/serio_raw.c 2010-03-20 16:58:39.964826079 -0400 | |
23679 | @@ -377,7 +377,7 @@ static struct serio_device_id serio_raw_ | |
58c5fc13 MT |
23680 | .id = SERIO_ANY, |
23681 | .extra = SERIO_ANY, | |
23682 | }, | |
23683 | - { 0 } | |
23684 | + { 0, 0, 0, 0 } | |
23685 | }; | |
23686 | ||
23687 | MODULE_DEVICE_TABLE(serio, serio_raw_serio_ids); | |
ae4e228f MT |
23688 | diff -urNp linux-2.6.33.1/drivers/isdn/gigaset/common.c linux-2.6.33.1/drivers/isdn/gigaset/common.c |
23689 | --- linux-2.6.33.1/drivers/isdn/gigaset/common.c 2010-03-15 12:09:39.000000000 -0400 | |
23690 | +++ linux-2.6.33.1/drivers/isdn/gigaset/common.c 2010-03-20 16:58:39.984838298 -0400 | |
23691 | @@ -732,7 +732,7 @@ struct cardstate *gigaset_initcs(struct | |
58c5fc13 MT |
23692 | cs->commands_pending = 0; |
23693 | cs->cur_at_seq = 0; | |
23694 | cs->gotfwver = -1; | |
23695 | - cs->open_count = 0; | |
23696 | + atomic_set(&cs->open_count, 0); | |
23697 | cs->dev = NULL; | |
23698 | cs->tty = NULL; | |
23699 | cs->tty_dev = NULL; | |
ae4e228f MT |
23700 | diff -urNp linux-2.6.33.1/drivers/isdn/gigaset/gigaset.h linux-2.6.33.1/drivers/isdn/gigaset/gigaset.h |
23701 | --- linux-2.6.33.1/drivers/isdn/gigaset/gigaset.h 2010-03-15 12:09:39.000000000 -0400 | |
23702 | +++ linux-2.6.33.1/drivers/isdn/gigaset/gigaset.h 2010-03-20 16:58:39.988819691 -0400 | |
23703 | @@ -440,7 +440,7 @@ struct cardstate { | |
58c5fc13 MT |
23704 | spinlock_t cmdlock; |
23705 | unsigned curlen, cmdbytes; | |
23706 | ||
23707 | - unsigned open_count; | |
23708 | + atomic_t open_count; | |
23709 | struct tty_struct *tty; | |
23710 | struct tasklet_struct if_wake_tasklet; | |
23711 | unsigned control_state; | |
ae4e228f MT |
23712 | diff -urNp linux-2.6.33.1/drivers/isdn/gigaset/interface.c linux-2.6.33.1/drivers/isdn/gigaset/interface.c |
23713 | --- linux-2.6.33.1/drivers/isdn/gigaset/interface.c 2010-03-15 12:09:39.000000000 -0400 | |
23714 | +++ linux-2.6.33.1/drivers/isdn/gigaset/interface.c 2010-03-20 16:58:39.996850965 -0400 | |
58c5fc13 | 23715 | @@ -165,9 +165,7 @@ static int if_open(struct tty_struct *tt |
ae4e228f | 23716 | return -ERESTARTSYS; |
58c5fc13 MT |
23717 | tty->driver_data = cs; |
23718 | ||
23719 | - ++cs->open_count; | |
23720 | - | |
23721 | - if (cs->open_count == 1) { | |
23722 | + if (atomic_inc_return(&cs->open_count) == 1) { | |
23723 | spin_lock_irqsave(&cs->lock, flags); | |
23724 | cs->tty = tty; | |
23725 | spin_unlock_irqrestore(&cs->lock, flags); | |
23726 | @@ -195,10 +193,10 @@ static void if_close(struct tty_struct * | |
23727 | ||
23728 | if (!cs->connected) | |
23729 | gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */ | |
23730 | - else if (!cs->open_count) | |
23731 | + else if (!atomic_read(&cs->open_count)) | |
23732 | dev_warn(cs->dev, "%s: device not opened\n", __func__); | |
23733 | else { | |
23734 | - if (!--cs->open_count) { | |
23735 | + if (!atomic_dec_return(&cs->open_count)) { | |
23736 | spin_lock_irqsave(&cs->lock, flags); | |
23737 | cs->tty = NULL; | |
23738 | spin_unlock_irqrestore(&cs->lock, flags); | |
23739 | @@ -233,7 +231,7 @@ static int if_ioctl(struct tty_struct *t | |
23740 | if (!cs->connected) { | |
23741 | gig_dbg(DEBUG_IF, "not connected"); | |
23742 | retval = -ENODEV; | |
23743 | - } else if (!cs->open_count) | |
23744 | + } else if (!atomic_read(&cs->open_count)) | |
23745 | dev_warn(cs->dev, "%s: device not opened\n", __func__); | |
23746 | else { | |
23747 | retval = 0; | |
ae4e228f | 23748 | @@ -360,7 +358,7 @@ static int if_write(struct tty_struct *t |
58c5fc13 MT |
23749 | if (!cs->connected) { |
23750 | gig_dbg(DEBUG_IF, "not connected"); | |
23751 | retval = -ENODEV; | |
23752 | - } else if (!cs->open_count) | |
23753 | + } else if (!atomic_read(&cs->open_count)) | |
23754 | dev_warn(cs->dev, "%s: device not opened\n", __func__); | |
23755 | else if (cs->mstate != MS_LOCKED) { | |
23756 | dev_warn(cs->dev, "can't write to unlocked device\n"); | |
ae4e228f | 23757 | @@ -394,7 +392,7 @@ static int if_write_room(struct tty_stru |
58c5fc13 MT |
23758 | if (!cs->connected) { |
23759 | gig_dbg(DEBUG_IF, "not connected"); | |
23760 | retval = -ENODEV; | |
23761 | - } else if (!cs->open_count) | |
23762 | + } else if (!atomic_read(&cs->open_count)) | |
23763 | dev_warn(cs->dev, "%s: device not opened\n", __func__); | |
23764 | else if (cs->mstate != MS_LOCKED) { | |
23765 | dev_warn(cs->dev, "can't write to unlocked device\n"); | |
ae4e228f MT |
23766 | @@ -424,7 +422,7 @@ static int if_chars_in_buffer(struct tty |
23767 | ||
23768 | if (!cs->connected) | |
58c5fc13 | 23769 | gig_dbg(DEBUG_IF, "not connected"); |
ae4e228f MT |
23770 | - else if (!cs->open_count) |
23771 | + else if (!atomic_read(&cs->open_count)) | |
58c5fc13 | 23772 | dev_warn(cs->dev, "%s: device not opened\n", __func__); |
ae4e228f | 23773 | else if (cs->mstate != MS_LOCKED) |
58c5fc13 | 23774 | dev_warn(cs->dev, "can't write to unlocked device\n"); |
ae4e228f | 23775 | @@ -452,7 +450,7 @@ static void if_throttle(struct tty_struc |
58c5fc13 MT |
23776 | |
23777 | if (!cs->connected) | |
23778 | gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */ | |
23779 | - else if (!cs->open_count) | |
23780 | + else if (!atomic_read(&cs->open_count)) | |
23781 | dev_warn(cs->dev, "%s: device not opened\n", __func__); | |
ae4e228f MT |
23782 | else |
23783 | gig_dbg(DEBUG_ANY, "%s: not implemented\n", __func__); | |
23784 | @@ -476,7 +474,7 @@ static void if_unthrottle(struct tty_str | |
58c5fc13 MT |
23785 | |
23786 | if (!cs->connected) | |
23787 | gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */ | |
23788 | - else if (!cs->open_count) | |
23789 | + else if (!atomic_read(&cs->open_count)) | |
23790 | dev_warn(cs->dev, "%s: device not opened\n", __func__); | |
ae4e228f MT |
23791 | else |
23792 | gig_dbg(DEBUG_ANY, "%s: not implemented\n", __func__); | |
23793 | @@ -507,7 +505,7 @@ static void if_set_termios(struct tty_st | |
58c5fc13 MT |
23794 | goto out; |
23795 | } | |
23796 | ||
23797 | - if (!cs->open_count) { | |
23798 | + if (!atomic_read(&cs->open_count)) { | |
23799 | dev_warn(cs->dev, "%s: device not opened\n", __func__); | |
23800 | goto out; | |
23801 | } | |
ae4e228f MT |
23802 | diff -urNp linux-2.6.33.1/drivers/isdn/hardware/avm/b1.c linux-2.6.33.1/drivers/isdn/hardware/avm/b1.c |
23803 | --- linux-2.6.33.1/drivers/isdn/hardware/avm/b1.c 2010-03-15 12:09:39.000000000 -0400 | |
23804 | +++ linux-2.6.33.1/drivers/isdn/hardware/avm/b1.c 2010-03-20 16:58:40.004515803 -0400 | |
23805 | @@ -173,7 +173,7 @@ int b1_load_t4file(avmcard *card, capilo | |
23806 | } | |
23807 | if (left) { | |
23808 | if (t4file->user) { | |
23809 | - if (copy_from_user(buf, dp, left)) | |
23810 | + if (left > sizeof(buf) || copy_from_user(buf, dp, left)) | |
23811 | return -EFAULT; | |
23812 | } else { | |
23813 | memcpy(buf, dp, left); | |
23814 | @@ -221,7 +221,7 @@ int b1_load_config(avmcard *card, capilo | |
23815 | } | |
23816 | if (left) { | |
23817 | if (config->user) { | |
23818 | - if (copy_from_user(buf, dp, left)) | |
23819 | + if (left > sizeof(buf) || copy_from_user(buf, dp, left)) | |
23820 | return -EFAULT; | |
23821 | } else { | |
23822 | memcpy(buf, dp, left); | |
23823 | diff -urNp linux-2.6.33.1/drivers/isdn/icn/icn.c linux-2.6.33.1/drivers/isdn/icn/icn.c | |
23824 | --- linux-2.6.33.1/drivers/isdn/icn/icn.c 2010-03-15 12:09:39.000000000 -0400 | |
23825 | +++ linux-2.6.33.1/drivers/isdn/icn/icn.c 2010-03-20 16:58:40.012833882 -0400 | |
23826 | @@ -1044,7 +1044,7 @@ icn_writecmd(const u_char * buf, int len | |
23827 | if (count > len) | |
23828 | count = len; | |
23829 | if (user) { | |
23830 | - if (copy_from_user(msg, buf, count)) | |
23831 | + if (count > sizeof(msg) || copy_from_user(msg, buf, count)) | |
23832 | return -EFAULT; | |
23833 | } else | |
23834 | memcpy(msg, buf, count); | |
23835 | diff -urNp linux-2.6.33.1/drivers/lguest/core.c linux-2.6.33.1/drivers/lguest/core.c | |
23836 | --- linux-2.6.33.1/drivers/lguest/core.c 2010-03-15 12:09:39.000000000 -0400 | |
23837 | +++ linux-2.6.33.1/drivers/lguest/core.c 2010-03-20 16:58:40.012833882 -0400 | |
23838 | @@ -91,9 +91,17 @@ static __init int map_switcher(void) | |
58c5fc13 MT |
23839 | * it's worked so far. The end address needs +1 because __get_vm_area |
23840 | * allocates an extra guard page, so we need space for that. | |
23841 | */ | |
23842 | + | |
23843 | +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) | |
23844 | + switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE, | |
23845 | + VM_ALLOC | VM_KERNEXEC, SWITCHER_ADDR, SWITCHER_ADDR | |
23846 | + + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE); | |
23847 | +#else | |
23848 | switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE, | |
23849 | VM_ALLOC, SWITCHER_ADDR, SWITCHER_ADDR | |
23850 | + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE); | |
23851 | +#endif | |
23852 | + | |
23853 | if (!switcher_vma) { | |
23854 | err = -ENOMEM; | |
23855 | printk("lguest: could not map switcher pages high\n"); | |
ae4e228f MT |
23856 | diff -urNp linux-2.6.33.1/drivers/macintosh/via-pmu-backlight.c linux-2.6.33.1/drivers/macintosh/via-pmu-backlight.c |
23857 | --- linux-2.6.33.1/drivers/macintosh/via-pmu-backlight.c 2010-03-15 12:09:39.000000000 -0400 | |
23858 | +++ linux-2.6.33.1/drivers/macintosh/via-pmu-backlight.c 2010-03-20 16:58:40.016740354 -0400 | |
23859 | @@ -15,7 +15,7 @@ | |
23860 | ||
23861 | #define MAX_PMU_LEVEL 0xFF | |
23862 | ||
23863 | -static struct backlight_ops pmu_backlight_data; | |
23864 | +static const struct backlight_ops pmu_backlight_data; | |
23865 | static DEFINE_SPINLOCK(pmu_backlight_lock); | |
23866 | static int sleeping, uses_pmu_bl; | |
23867 | static u8 bl_curve[FB_BACKLIGHT_LEVELS]; | |
23868 | @@ -115,7 +115,7 @@ static int pmu_backlight_get_brightness( | |
23869 | return bd->props.brightness; | |
23870 | } | |
23871 | ||
23872 | -static struct backlight_ops pmu_backlight_data = { | |
23873 | +static const struct backlight_ops pmu_backlight_data = { | |
23874 | .get_brightness = pmu_backlight_get_brightness, | |
23875 | .update_status = pmu_backlight_update_status, | |
23876 | ||
23877 | diff -urNp linux-2.6.33.1/drivers/macintosh/via-pmu.c linux-2.6.33.1/drivers/macintosh/via-pmu.c | |
23878 | --- linux-2.6.33.1/drivers/macintosh/via-pmu.c 2010-03-15 12:09:39.000000000 -0400 | |
23879 | +++ linux-2.6.33.1/drivers/macintosh/via-pmu.c 2010-03-20 16:58:40.028838991 -0400 | |
23880 | @@ -2254,7 +2254,7 @@ static int pmu_sleep_valid(suspend_state | |
23881 | && (pmac_call_feature(PMAC_FTR_SLEEP_STATE, NULL, 0, -1) >= 0); | |
23882 | } | |
23883 | ||
23884 | -static struct platform_suspend_ops pmu_pm_ops = { | |
23885 | +static const struct platform_suspend_ops pmu_pm_ops = { | |
23886 | .enter = powerbook_sleep, | |
23887 | .valid = pmu_sleep_valid, | |
23888 | }; | |
23889 | diff -urNp linux-2.6.33.1/drivers/md/bitmap.c linux-2.6.33.1/drivers/md/bitmap.c | |
23890 | --- linux-2.6.33.1/drivers/md/bitmap.c 2010-03-15 12:09:39.000000000 -0400 | |
23891 | +++ linux-2.6.33.1/drivers/md/bitmap.c 2010-03-20 16:58:40.032827823 -0400 | |
58c5fc13 MT |
23892 | @@ -58,7 +58,7 @@ |
23893 | # if DEBUG > 0 | |
23894 | # define PRINTK(x...) printk(KERN_DEBUG x) | |
23895 | # else | |
23896 | -# define PRINTK(x...) | |
23897 | +# define PRINTK(x...) do {} while (0) | |
23898 | # endif | |
23899 | #endif | |
23900 | ||
ae4e228f MT |
23901 | diff -urNp linux-2.6.33.1/drivers/md/dm-sysfs.c linux-2.6.33.1/drivers/md/dm-sysfs.c |
23902 | --- linux-2.6.33.1/drivers/md/dm-sysfs.c 2010-03-15 12:09:39.000000000 -0400 | |
23903 | +++ linux-2.6.33.1/drivers/md/dm-sysfs.c 2010-03-20 16:58:40.040842627 -0400 | |
23904 | @@ -75,7 +75,7 @@ static struct attribute *dm_attrs[] = { | |
23905 | NULL, | |
23906 | }; | |
23907 | ||
23908 | -static struct sysfs_ops dm_sysfs_ops = { | |
23909 | +static const struct sysfs_ops dm_sysfs_ops = { | |
23910 | .show = dm_attr_show, | |
23911 | }; | |
23912 | ||
23913 | diff -urNp linux-2.6.33.1/drivers/md/dm-table.c linux-2.6.33.1/drivers/md/dm-table.c | |
23914 | --- linux-2.6.33.1/drivers/md/dm-table.c 2010-03-15 12:09:39.000000000 -0400 | |
23915 | +++ linux-2.6.33.1/drivers/md/dm-table.c 2010-03-20 16:58:40.048835074 -0400 | |
23916 | @@ -363,7 +363,7 @@ static int device_area_is_invalid(struct | |
58c5fc13 MT |
23917 | if (!dev_size) |
23918 | return 0; | |
23919 | ||
23920 | - if ((start >= dev_size) || (start + len > dev_size)) { | |
23921 | + if ((start >= dev_size) || (len > dev_size - start)) { | |
23922 | DMWARN("%s: %s too small for target: " | |
23923 | "start=%llu, len=%llu, dev_size=%llu", | |
23924 | dm_device_name(ti->table->md), bdevname(bdev, b), | |
ae4e228f MT |
23925 | diff -urNp linux-2.6.33.1/drivers/md/md.c linux-2.6.33.1/drivers/md/md.c |
23926 | --- linux-2.6.33.1/drivers/md/md.c 2010-03-15 12:09:39.000000000 -0400 | |
23927 | +++ linux-2.6.33.1/drivers/md/md.c 2010-03-20 16:58:40.084837077 -0400 | |
23928 | @@ -2642,7 +2642,7 @@ static void rdev_free(struct kobject *ko | |
23929 | mdk_rdev_t *rdev = container_of(ko, mdk_rdev_t, kobj); | |
23930 | kfree(rdev); | |
23931 | } | |
23932 | -static struct sysfs_ops rdev_sysfs_ops = { | |
23933 | +static const struct sysfs_ops rdev_sysfs_ops = { | |
23934 | .show = rdev_attr_show, | |
23935 | .store = rdev_attr_store, | |
23936 | }; | |
23937 | @@ -4059,7 +4059,7 @@ static void md_free(struct kobject *ko) | |
23938 | kfree(mddev); | |
23939 | } | |
23940 | ||
23941 | -static struct sysfs_ops md_sysfs_ops = { | |
23942 | +static const struct sysfs_ops md_sysfs_ops = { | |
23943 | .show = md_attr_show, | |
23944 | .store = md_attr_store, | |
23945 | }; | |
23946 | @@ -6187,7 +6187,7 @@ static int md_seq_show(struct seq_file * | |
58c5fc13 MT |
23947 | chunk_kb ? "KB" : "B"); |
23948 | if (bitmap->file) { | |
23949 | seq_printf(seq, ", file: "); | |
23950 | - seq_path(seq, &bitmap->file->f_path, " \t\n"); | |
23951 | + seq_path(seq, &bitmap->file->f_path, " \t\n\\"); | |
23952 | } | |
23953 | ||
23954 | seq_printf(seq, "\n"); | |
ae4e228f | 23955 | @@ -6281,7 +6281,7 @@ static int is_mddev_idle(mddev_t *mddev, |
58c5fc13 MT |
23956 | struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; |
23957 | curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + | |
23958 | (int)part_stat_read(&disk->part0, sectors[1]) - | |
23959 | - atomic_read(&disk->sync_io); | |
23960 | + atomic_read_unchecked(&disk->sync_io); | |
23961 | /* sync IO will cause sync_io to increase before the disk_stats | |
23962 | * as sync_io is counted when a request starts, and | |
23963 | * disk_stats is counted when it completes. | |
ae4e228f MT |
23964 | diff -urNp linux-2.6.33.1/drivers/md/md.h linux-2.6.33.1/drivers/md/md.h |
23965 | --- linux-2.6.33.1/drivers/md/md.h 2010-03-15 12:09:39.000000000 -0400 | |
23966 | +++ linux-2.6.33.1/drivers/md/md.h 2010-03-20 16:58:40.084837077 -0400 | |
23967 | @@ -327,7 +327,7 @@ static inline void rdev_dec_pending(mdk_ | |
58c5fc13 MT |
23968 | |
23969 | static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors) | |
23970 | { | |
23971 | - atomic_add(nr_sectors, &bdev->bd_contains->bd_disk->sync_io); | |
23972 | + atomic_add_unchecked(nr_sectors, &bdev->bd_contains->bd_disk->sync_io); | |
23973 | } | |
23974 | ||
23975 | struct mdk_personality | |
ae4e228f MT |
23976 | diff -urNp linux-2.6.33.1/drivers/media/dvb/dvb-core/dvbdev.c linux-2.6.33.1/drivers/media/dvb/dvb-core/dvbdev.c |
23977 | --- linux-2.6.33.1/drivers/media/dvb/dvb-core/dvbdev.c 2010-03-15 12:09:39.000000000 -0400 | |
23978 | +++ linux-2.6.33.1/drivers/media/dvb/dvb-core/dvbdev.c 2010-03-20 16:58:40.088543139 -0400 | |
23979 | @@ -191,6 +191,7 @@ int dvb_register_device(struct dvb_adapt | |
23980 | const struct dvb_device *template, void *priv, int type) | |
23981 | { | |
23982 | struct dvb_device *dvbdev; | |
23983 | + /* cannot be const */ | |
23984 | struct file_operations *dvbdevfops; | |
23985 | struct device *clsdev; | |
23986 | int minor; | |
23987 | diff -urNp linux-2.6.33.1/drivers/media/radio/radio-cadet.c linux-2.6.33.1/drivers/media/radio/radio-cadet.c | |
23988 | --- linux-2.6.33.1/drivers/media/radio/radio-cadet.c 2010-03-15 12:09:39.000000000 -0400 | |
23989 | +++ linux-2.6.33.1/drivers/media/radio/radio-cadet.c 2010-03-20 16:58:40.096832684 -0400 | |
23990 | @@ -347,7 +347,7 @@ static ssize_t cadet_read(struct file *f | |
23991 | while (i < count && dev->rdsin != dev->rdsout) | |
23992 | readbuf[i++] = dev->rdsbuf[dev->rdsout++]; | |
23993 | ||
23994 | - if (copy_to_user(data, readbuf, i)) | |
23995 | + if (i > sizeof(readbuf) || copy_to_user(data, readbuf, i)) | |
23996 | return -EFAULT; | |
23997 | return i; | |
58c5fc13 | 23998 | } |
ae4e228f MT |
23999 | diff -urNp linux-2.6.33.1/drivers/message/i2o/i2o_proc.c linux-2.6.33.1/drivers/message/i2o/i2o_proc.c |
24000 | --- linux-2.6.33.1/drivers/message/i2o/i2o_proc.c 2010-03-15 12:09:39.000000000 -0400 | |
24001 | +++ linux-2.6.33.1/drivers/message/i2o/i2o_proc.c 2010-03-20 16:58:40.104831679 -0400 | |
58c5fc13 MT |
24002 | @@ -259,13 +259,6 @@ static char *scsi_devices[] = { |
24003 | "Array Controller Device" | |
24004 | }; | |
24005 | ||
24006 | -static char *chtostr(u8 * chars, int n) | |
24007 | -{ | |
24008 | - char tmp[256]; | |
24009 | - tmp[0] = 0; | |
24010 | - return strncat(tmp, (char *)chars, n); | |
24011 | -} | |
24012 | - | |
24013 | static int i2o_report_query_status(struct seq_file *seq, int block_status, | |
24014 | char *group) | |
24015 | { | |
24016 | @@ -842,8 +835,7 @@ static int i2o_seq_show_ddm_table(struct | |
24017 | ||
24018 | seq_printf(seq, "%-#7x", ddm_table.i2o_vendor_id); | |
24019 | seq_printf(seq, "%-#8x", ddm_table.module_id); | |
24020 | - seq_printf(seq, "%-29s", | |
24021 | - chtostr(ddm_table.module_name_version, 28)); | |
24022 | + seq_printf(seq, "%-.28s", ddm_table.module_name_version); | |
24023 | seq_printf(seq, "%9d ", ddm_table.data_size); | |
24024 | seq_printf(seq, "%8d", ddm_table.code_size); | |
24025 | ||
24026 | @@ -944,8 +936,8 @@ static int i2o_seq_show_drivers_stored(s | |
24027 | ||
24028 | seq_printf(seq, "%-#7x", dst->i2o_vendor_id); | |
24029 | seq_printf(seq, "%-#8x", dst->module_id); | |
24030 | - seq_printf(seq, "%-29s", chtostr(dst->module_name_version, 28)); | |
24031 | - seq_printf(seq, "%-9s", chtostr(dst->date, 8)); | |
24032 | + seq_printf(seq, "%-.28s", dst->module_name_version); | |
24033 | + seq_printf(seq, "%-.8s", dst->date); | |
24034 | seq_printf(seq, "%8d ", dst->module_size); | |
24035 | seq_printf(seq, "%8d ", dst->mpb_size); | |
24036 | seq_printf(seq, "0x%04x", dst->module_flags); | |
24037 | @@ -1276,14 +1268,10 @@ static int i2o_seq_show_dev_identity(str | |
24038 | seq_printf(seq, "Device Class : %s\n", i2o_get_class_name(work16[0])); | |
24039 | seq_printf(seq, "Owner TID : %0#5x\n", work16[2]); | |
24040 | seq_printf(seq, "Parent TID : %0#5x\n", work16[3]); | |
24041 | - seq_printf(seq, "Vendor info : %s\n", | |
24042 | - chtostr((u8 *) (work32 + 2), 16)); | |
24043 | - seq_printf(seq, "Product info : %s\n", | |
24044 | - chtostr((u8 *) (work32 + 6), 16)); | |
24045 | - seq_printf(seq, "Description : %s\n", | |
24046 | - chtostr((u8 *) (work32 + 10), 16)); | |
24047 | - seq_printf(seq, "Product rev. : %s\n", | |
24048 | - chtostr((u8 *) (work32 + 14), 8)); | |
24049 | + seq_printf(seq, "Vendor info : %.16s\n", (u8 *) (work32 + 2)); | |
24050 | + seq_printf(seq, "Product info : %.16s\n", (u8 *) (work32 + 6)); | |
24051 | + seq_printf(seq, "Description : %.16s\n", (u8 *) (work32 + 10)); | |
24052 | + seq_printf(seq, "Product rev. : %.8s\n", (u8 *) (work32 + 14)); | |
24053 | ||
24054 | seq_printf(seq, "Serial number : "); | |
24055 | print_serial_number(seq, (u8 *) (work32 + 16), | |
24056 | @@ -1328,10 +1316,8 @@ static int i2o_seq_show_ddm_identity(str | |
24057 | } | |
24058 | ||
24059 | seq_printf(seq, "Registering DDM TID : 0x%03x\n", result.ddm_tid); | |
24060 | - seq_printf(seq, "Module name : %s\n", | |
24061 | - chtostr(result.module_name, 24)); | |
24062 | - seq_printf(seq, "Module revision : %s\n", | |
24063 | - chtostr(result.module_rev, 8)); | |
24064 | + seq_printf(seq, "Module name : %.24s\n", result.module_name); | |
24065 | + seq_printf(seq, "Module revision : %.8s\n", result.module_rev); | |
24066 | ||
24067 | seq_printf(seq, "Serial number : "); | |
24068 | print_serial_number(seq, result.serial_number, sizeof(result) - 36); | |
24069 | @@ -1362,14 +1348,10 @@ static int i2o_seq_show_uinfo(struct seq | |
24070 | return 0; | |
24071 | } | |
24072 | ||
24073 | - seq_printf(seq, "Device name : %s\n", | |
24074 | - chtostr(result.device_name, 64)); | |
24075 | - seq_printf(seq, "Service name : %s\n", | |
24076 | - chtostr(result.service_name, 64)); | |
24077 | - seq_printf(seq, "Physical name : %s\n", | |
24078 | - chtostr(result.physical_location, 64)); | |
24079 | - seq_printf(seq, "Instance number : %s\n", | |
24080 | - chtostr(result.instance_number, 4)); | |
24081 | + seq_printf(seq, "Device name : %.64s\n", result.device_name); | |
24082 | + seq_printf(seq, "Service name : %.64s\n", result.service_name); | |
24083 | + seq_printf(seq, "Physical name : %.64s\n", result.physical_location); | |
24084 | + seq_printf(seq, "Instance number : %.4s\n", result.instance_number); | |
24085 | ||
24086 | return 0; | |
24087 | } | |
ae4e228f MT |
24088 | diff -urNp linux-2.6.33.1/drivers/misc/kgdbts.c linux-2.6.33.1/drivers/misc/kgdbts.c |
24089 | --- linux-2.6.33.1/drivers/misc/kgdbts.c 2010-03-15 12:09:39.000000000 -0400 | |
24090 | +++ linux-2.6.33.1/drivers/misc/kgdbts.c 2010-03-20 16:58:40.120597489 -0400 | |
24091 | @@ -118,7 +118,7 @@ | |
24092 | } while (0) | |
24093 | #define MAX_CONFIG_LEN 40 | |
24094 | ||
24095 | -static struct kgdb_io kgdbts_io_ops; | |
24096 | +static const struct kgdb_io kgdbts_io_ops; | |
24097 | static char get_buf[BUFMAX]; | |
24098 | static int get_buf_cnt; | |
24099 | static char put_buf[BUFMAX]; | |
24100 | @@ -1108,7 +1108,7 @@ static void kgdbts_post_exp_handler(void | |
24101 | module_put(THIS_MODULE); | |
24102 | } | |
24103 | ||
24104 | -static struct kgdb_io kgdbts_io_ops = { | |
24105 | +static const struct kgdb_io kgdbts_io_ops = { | |
24106 | .name = "kgdbts", | |
24107 | .read_char = kgdbts_get_char, | |
24108 | .write_char = kgdbts_put_char, | |
24109 | diff -urNp linux-2.6.33.1/drivers/misc/sgi-gru/gruhandles.c linux-2.6.33.1/drivers/misc/sgi-gru/gruhandles.c | |
24110 | --- linux-2.6.33.1/drivers/misc/sgi-gru/gruhandles.c 2010-03-15 12:09:39.000000000 -0400 | |
24111 | +++ linux-2.6.33.1/drivers/misc/sgi-gru/gruhandles.c 2010-03-20 16:58:40.120597489 -0400 | |
24112 | @@ -44,8 +44,8 @@ static void update_mcs_stats(enum mcs_op | |
24113 | unsigned long nsec; | |
24114 | ||
24115 | nsec = CLKS2NSEC(clks); | |
24116 | - atomic_long_inc(&mcs_op_statistics[op].count); | |
24117 | - atomic_long_add(nsec, &mcs_op_statistics[op].total); | |
24118 | + atomic_long_inc_unchecked(&mcs_op_statistics[op].count); | |
24119 | + atomic_long_add_unchecked(nsec, &mcs_op_statistics[op].total); | |
24120 | if (mcs_op_statistics[op].max < nsec) | |
24121 | mcs_op_statistics[op].max = nsec; | |
24122 | } | |
24123 | diff -urNp linux-2.6.33.1/drivers/misc/sgi-gru/gruprocfs.c linux-2.6.33.1/drivers/misc/sgi-gru/gruprocfs.c | |
24124 | --- linux-2.6.33.1/drivers/misc/sgi-gru/gruprocfs.c 2010-03-15 12:09:39.000000000 -0400 | |
24125 | +++ linux-2.6.33.1/drivers/misc/sgi-gru/gruprocfs.c 2010-03-20 16:58:40.120597489 -0400 | |
24126 | @@ -32,9 +32,9 @@ | |
24127 | ||
24128 | #define printstat(s, f) printstat_val(s, &gru_stats.f, #f) | |
24129 | ||
24130 | -static void printstat_val(struct seq_file *s, atomic_long_t *v, char *id) | |
24131 | +static void printstat_val(struct seq_file *s, atomic_long_unchecked_t *v, char *id) | |
24132 | { | |
24133 | - unsigned long val = atomic_long_read(v); | |
24134 | + unsigned long val = atomic_long_read_unchecked(v); | |
24135 | ||
24136 | seq_printf(s, "%16lu %s\n", val, id); | |
24137 | } | |
24138 | @@ -134,8 +134,8 @@ static int mcs_statistics_show(struct se | |
24139 | ||
24140 | seq_printf(s, "%-20s%12s%12s%12s\n", "#id", "count", "aver-clks", "max-clks"); | |
24141 | for (op = 0; op < mcsop_last; op++) { | |
24142 | - count = atomic_long_read(&mcs_op_statistics[op].count); | |
24143 | - total = atomic_long_read(&mcs_op_statistics[op].total); | |
24144 | + count = atomic_long_read_unchecked(&mcs_op_statistics[op].count); | |
24145 | + total = atomic_long_read_unchecked(&mcs_op_statistics[op].total); | |
24146 | max = mcs_op_statistics[op].max; | |
24147 | seq_printf(s, "%-20s%12ld%12ld%12ld\n", id[op], count, | |
24148 | count ? total / count : 0, max); | |
24149 | diff -urNp linux-2.6.33.1/drivers/misc/sgi-gru/grutables.h linux-2.6.33.1/drivers/misc/sgi-gru/grutables.h | |
24150 | --- linux-2.6.33.1/drivers/misc/sgi-gru/grutables.h 2010-03-15 12:09:39.000000000 -0400 | |
24151 | +++ linux-2.6.33.1/drivers/misc/sgi-gru/grutables.h 2010-03-20 16:58:40.124833908 -0400 | |
24152 | @@ -167,82 +167,82 @@ extern unsigned int gru_max_gids; | |
24153 | * GRU statistics. | |
24154 | */ | |
24155 | struct gru_stats_s { | |
24156 | - atomic_long_t vdata_alloc; | |
24157 | - atomic_long_t vdata_free; | |
24158 | - atomic_long_t gts_alloc; | |
24159 | - atomic_long_t gts_free; | |
24160 | - atomic_long_t gms_alloc; | |
24161 | - atomic_long_t gms_free; | |
24162 | - atomic_long_t gts_double_allocate; | |
24163 | - atomic_long_t assign_context; | |
24164 | - atomic_long_t assign_context_failed; | |
24165 | - atomic_long_t free_context; | |
24166 | - atomic_long_t load_user_context; | |
24167 | - atomic_long_t load_kernel_context; | |
24168 | - atomic_long_t lock_kernel_context; | |
24169 | - atomic_long_t unlock_kernel_context; | |
24170 | - atomic_long_t steal_user_context; | |
24171 | - atomic_long_t steal_kernel_context; | |
24172 | - atomic_long_t steal_context_failed; | |
24173 | - atomic_long_t nopfn; | |
24174 | - atomic_long_t asid_new; | |
24175 | - atomic_long_t asid_next; | |
24176 | - atomic_long_t asid_wrap; | |
24177 | - atomic_long_t asid_reuse; | |
24178 | - atomic_long_t intr; | |
24179 | - atomic_long_t intr_cbr; | |
24180 | - atomic_long_t intr_tfh; | |
24181 | - atomic_long_t intr_spurious; | |
24182 | - atomic_long_t intr_mm_lock_failed; | |
24183 | - atomic_long_t call_os; | |
24184 | - atomic_long_t call_os_wait_queue; | |
24185 | - atomic_long_t user_flush_tlb; | |
24186 | - atomic_long_t user_unload_context; | |
24187 | - atomic_long_t user_exception; | |
24188 | - atomic_long_t set_context_option; | |
24189 | - atomic_long_t check_context_retarget_intr; | |
24190 | - atomic_long_t check_context_unload; | |
24191 | - atomic_long_t tlb_dropin; | |
24192 | - atomic_long_t tlb_preload_page; | |
24193 | - atomic_long_t tlb_dropin_fail_no_asid; | |
24194 | - atomic_long_t tlb_dropin_fail_upm; | |
24195 | - atomic_long_t tlb_dropin_fail_invalid; | |
24196 | - atomic_long_t tlb_dropin_fail_range_active; | |
24197 | - atomic_long_t tlb_dropin_fail_idle; | |
24198 | - atomic_long_t tlb_dropin_fail_fmm; | |
24199 | - atomic_long_t tlb_dropin_fail_no_exception; | |
24200 | - atomic_long_t tfh_stale_on_fault; | |
24201 | - atomic_long_t mmu_invalidate_range; | |
24202 | - atomic_long_t mmu_invalidate_page; | |
24203 | - atomic_long_t flush_tlb; | |
24204 | - atomic_long_t flush_tlb_gru; | |
24205 | - atomic_long_t flush_tlb_gru_tgh; | |
24206 | - atomic_long_t flush_tlb_gru_zero_asid; | |
24207 | - | |
24208 | - atomic_long_t copy_gpa; | |
24209 | - atomic_long_t read_gpa; | |
24210 | - | |
24211 | - atomic_long_t mesq_receive; | |
24212 | - atomic_long_t mesq_receive_none; | |
24213 | - atomic_long_t mesq_send; | |
24214 | - atomic_long_t mesq_send_failed; | |
24215 | - atomic_long_t mesq_noop; | |
24216 | - atomic_long_t mesq_send_unexpected_error; | |
24217 | - atomic_long_t mesq_send_lb_overflow; | |
24218 | - atomic_long_t mesq_send_qlimit_reached; | |
24219 | - atomic_long_t mesq_send_amo_nacked; | |
24220 | - atomic_long_t mesq_send_put_nacked; | |
24221 | - atomic_long_t mesq_page_overflow; | |
24222 | - atomic_long_t mesq_qf_locked; | |
24223 | - atomic_long_t mesq_qf_noop_not_full; | |
24224 | - atomic_long_t mesq_qf_switch_head_failed; | |
24225 | - atomic_long_t mesq_qf_unexpected_error; | |
24226 | - atomic_long_t mesq_noop_unexpected_error; | |
24227 | - atomic_long_t mesq_noop_lb_overflow; | |
24228 | - atomic_long_t mesq_noop_qlimit_reached; | |
24229 | - atomic_long_t mesq_noop_amo_nacked; | |
24230 | - atomic_long_t mesq_noop_put_nacked; | |
24231 | - atomic_long_t mesq_noop_page_overflow; | |
24232 | + atomic_long_unchecked_t vdata_alloc; | |
24233 | + atomic_long_unchecked_t vdata_free; | |
24234 | + atomic_long_unchecked_t gts_alloc; | |
24235 | + atomic_long_unchecked_t gts_free; | |
24236 | + atomic_long_unchecked_t gms_alloc; | |
24237 | + atomic_long_unchecked_t gms_free; | |
24238 | + atomic_long_unchecked_t gts_double_allocate; | |
24239 | + atomic_long_unchecked_t assign_context; | |
24240 | + atomic_long_unchecked_t assign_context_failed; | |
24241 | + atomic_long_unchecked_t free_context; | |
24242 | + atomic_long_unchecked_t load_user_context; | |
24243 | + atomic_long_unchecked_t load_kernel_context; | |
24244 | + atomic_long_unchecked_t lock_kernel_context; | |
24245 | + atomic_long_unchecked_t unlock_kernel_context; | |
24246 | + atomic_long_unchecked_t steal_user_context; | |
24247 | + atomic_long_unchecked_t steal_kernel_context; | |
24248 | + atomic_long_unchecked_t steal_context_failed; | |
24249 | + atomic_long_unchecked_t nopfn; | |
24250 | + atomic_long_unchecked_t asid_new; | |
24251 | + atomic_long_unchecked_t asid_next; | |
24252 | + atomic_long_unchecked_t asid_wrap; | |
24253 | + atomic_long_unchecked_t asid_reuse; | |
24254 | + atomic_long_unchecked_t intr; | |
24255 | + atomic_long_unchecked_t intr_cbr; | |
24256 | + atomic_long_unchecked_t intr_tfh; | |
24257 | + atomic_long_unchecked_t intr_spurious; | |
24258 | + atomic_long_unchecked_t intr_mm_lock_failed; | |
24259 | + atomic_long_unchecked_t call_os; | |
24260 | + atomic_long_unchecked_t call_os_wait_queue; | |
24261 | + atomic_long_unchecked_t user_flush_tlb; | |
24262 | + atomic_long_unchecked_t user_unload_context; | |
24263 | + atomic_long_unchecked_t user_exception; | |
24264 | + atomic_long_unchecked_t set_context_option; | |
24265 | + atomic_long_unchecked_t check_context_retarget_intr; | |
24266 | + atomic_long_unchecked_t check_context_unload; | |
24267 | + atomic_long_unchecked_t tlb_dropin; | |
24268 | + atomic_long_unchecked_t tlb_preload_page; | |
24269 | + atomic_long_unchecked_t tlb_dropin_fail_no_asid; | |
24270 | + atomic_long_unchecked_t tlb_dropin_fail_upm; | |
24271 | + atomic_long_unchecked_t tlb_dropin_fail_invalid; | |
24272 | + atomic_long_unchecked_t tlb_dropin_fail_range_active; | |
24273 | + atomic_long_unchecked_t tlb_dropin_fail_idle; | |
24274 | + atomic_long_unchecked_t tlb_dropin_fail_fmm; | |
24275 | + atomic_long_unchecked_t tlb_dropin_fail_no_exception; | |
24276 | + atomic_long_unchecked_t tfh_stale_on_fault; | |
24277 | + atomic_long_unchecked_t mmu_invalidate_range; | |
24278 | + atomic_long_unchecked_t mmu_invalidate_page; | |
24279 | + atomic_long_unchecked_t flush_tlb; | |
24280 | + atomic_long_unchecked_t flush_tlb_gru; | |
24281 | + atomic_long_unchecked_t flush_tlb_gru_tgh; | |
24282 | + atomic_long_unchecked_t flush_tlb_gru_zero_asid; | |
24283 | + | |
24284 | + atomic_long_unchecked_t copy_gpa; | |
24285 | + atomic_long_unchecked_t read_gpa; | |
24286 | + | |
24287 | + atomic_long_unchecked_t mesq_receive; | |
24288 | + atomic_long_unchecked_t mesq_receive_none; | |
24289 | + atomic_long_unchecked_t mesq_send; | |
24290 | + atomic_long_unchecked_t mesq_send_failed; | |
24291 | + atomic_long_unchecked_t mesq_noop; | |
24292 | + atomic_long_unchecked_t mesq_send_unexpected_error; | |
24293 | + atomic_long_unchecked_t mesq_send_lb_overflow; | |
24294 | + atomic_long_unchecked_t mesq_send_qlimit_reached; | |
24295 | + atomic_long_unchecked_t mesq_send_amo_nacked; | |
24296 | + atomic_long_unchecked_t mesq_send_put_nacked; | |
24297 | + atomic_long_unchecked_t mesq_page_overflow; | |
24298 | + atomic_long_unchecked_t mesq_qf_locked; | |
24299 | + atomic_long_unchecked_t mesq_qf_noop_not_full; | |
24300 | + atomic_long_unchecked_t mesq_qf_switch_head_failed; | |
24301 | + atomic_long_unchecked_t mesq_qf_unexpected_error; | |
24302 | + atomic_long_unchecked_t mesq_noop_unexpected_error; | |
24303 | + atomic_long_unchecked_t mesq_noop_lb_overflow; | |
24304 | + atomic_long_unchecked_t mesq_noop_qlimit_reached; | |
24305 | + atomic_long_unchecked_t mesq_noop_amo_nacked; | |
24306 | + atomic_long_unchecked_t mesq_noop_put_nacked; | |
24307 | + atomic_long_unchecked_t mesq_noop_page_overflow; | |
58c5fc13 | 24308 | |
58c5fc13 | 24309 | }; |
58c5fc13 | 24310 | |
ae4e228f MT |
24311 | @@ -251,8 +251,8 @@ enum mcs_op {cchop_allocate, cchop_start |
24312 | tghop_invalidate, mcsop_last}; | |
58c5fc13 | 24313 | |
ae4e228f MT |
24314 | struct mcs_op_statistic { |
24315 | - atomic_long_t count; | |
24316 | - atomic_long_t total; | |
24317 | + atomic_long_unchecked_t count; | |
24318 | + atomic_long_unchecked_t total; | |
24319 | unsigned long max; | |
58c5fc13 MT |
24320 | }; |
24321 | ||
ae4e228f | 24322 | @@ -275,7 +275,7 @@ extern struct mcs_op_statistic mcs_op_st |
58c5fc13 | 24323 | |
ae4e228f MT |
24324 | #define STAT(id) do { \ |
24325 | if (gru_options & OPT_STATS) \ | |
24326 | - atomic_long_inc(&gru_stats.id); \ | |
24327 | + atomic_long_inc_unchecked(&gru_stats.id); \ | |
24328 | } while (0) | |
58c5fc13 | 24329 | |
ae4e228f MT |
24330 | #ifdef CONFIG_SGI_GRU_DEBUG |
24331 | diff -urNp linux-2.6.33.1/drivers/mtd/devices/doc2000.c linux-2.6.33.1/drivers/mtd/devices/doc2000.c | |
24332 | --- linux-2.6.33.1/drivers/mtd/devices/doc2000.c 2010-03-15 12:09:39.000000000 -0400 | |
24333 | +++ linux-2.6.33.1/drivers/mtd/devices/doc2000.c 2010-03-20 16:58:40.128534904 -0400 | |
58c5fc13 MT |
24334 | @@ -776,7 +776,7 @@ static int doc_write(struct mtd_info *mt |
24335 | ||
24336 | /* The ECC will not be calculated correctly if less than 512 is written */ | |
24337 | /* DBB- | |
24338 | - if (len != 0x200 && eccbuf) | |
24339 | + if (len != 0x200) | |
24340 | printk(KERN_WARNING | |
24341 | "ECC needs a full sector write (adr: %lx size %lx)\n", | |
24342 | (long) to, (long) len); | |
ae4e228f MT |
24343 | diff -urNp linux-2.6.33.1/drivers/mtd/devices/doc2001.c linux-2.6.33.1/drivers/mtd/devices/doc2001.c |
24344 | --- linux-2.6.33.1/drivers/mtd/devices/doc2001.c 2010-03-15 12:09:39.000000000 -0400 | |
24345 | +++ linux-2.6.33.1/drivers/mtd/devices/doc2001.c 2010-03-20 17:13:45.197003644 -0400 | |
24346 | @@ -393,7 +393,7 @@ static int doc_read (struct mtd_info *mt | |
24347 | struct Nand *mychip = &this->chips[from >> (this->chipshift)]; | |
24348 | ||
58c5fc13 | 24349 | /* Don't allow read past end of device */ |
ae4e228f MT |
24350 | - if (from >= this->totlen) |
24351 | + if (from >= this->totlen || !len) | |
58c5fc13 | 24352 | return -EINVAL; |
58c5fc13 MT |
24353 | |
24354 | /* Don't allow a single read to cross a 512-byte block boundary */ | |
ae4e228f MT |
24355 | diff -urNp linux-2.6.33.1/drivers/mtd/ubi/build.c linux-2.6.33.1/drivers/mtd/ubi/build.c |
24356 | --- linux-2.6.33.1/drivers/mtd/ubi/build.c 2010-03-15 12:09:39.000000000 -0400 | |
24357 | +++ linux-2.6.33.1/drivers/mtd/ubi/build.c 2010-03-20 16:58:40.128534904 -0400 | |
24358 | @@ -1255,7 +1255,7 @@ module_exit(ubi_exit); | |
24359 | static int __init bytes_str_to_int(const char *str) | |
24360 | { | |
24361 | char *endp; | |
24362 | - unsigned long result; | |
24363 | + unsigned long result, scale = 1; | |
58c5fc13 MT |
24364 | |
24365 | result = simple_strtoul(str, &endp, 0); | |
ae4e228f MT |
24366 | if (str == endp || result >= INT_MAX) { |
24367 | @@ -1266,11 +1266,11 @@ static int __init bytes_str_to_int(const | |
24368 | ||
24369 | switch (*endp) { | |
24370 | case 'G': | |
24371 | - result *= 1024; | |
24372 | + scale *= 1024; | |
24373 | case 'M': | |
24374 | - result *= 1024; | |
24375 | + scale *= 1024; | |
24376 | case 'K': | |
24377 | - result *= 1024; | |
24378 | + scale *= 1024; | |
24379 | if (endp[1] == 'i' && endp[2] == 'B') | |
24380 | endp += 2; | |
24381 | case '\0': | |
24382 | @@ -1281,7 +1281,13 @@ static int __init bytes_str_to_int(const | |
58c5fc13 | 24383 | return -EINVAL; |
ae4e228f MT |
24384 | } |
24385 | ||
24386 | - return result; | |
24387 | + if ((intoverflow_t)result*scale >= INT_MAX) { | |
24388 | + printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n", | |
24389 | + str); | |
24390 | + return -EINVAL; | |
24391 | + } | |
24392 | + | |
24393 | + return result*scale; | |
24394 | } | |
24395 | ||
24396 | /** | |
24397 | diff -urNp linux-2.6.33.1/drivers/net/e1000e/82571.c linux-2.6.33.1/drivers/net/e1000e/82571.c | |
24398 | --- linux-2.6.33.1/drivers/net/e1000e/82571.c 2010-03-15 12:09:39.000000000 -0400 | |
24399 | +++ linux-2.6.33.1/drivers/net/e1000e/82571.c 2010-03-20 16:58:40.152824721 -0400 | |
24400 | @@ -207,6 +207,7 @@ static s32 e1000_init_mac_params_82571(s | |
24401 | { | |
24402 | struct e1000_hw *hw = &adapter->hw; | |
24403 | struct e1000_mac_info *mac = &hw->mac; | |
24404 | + /* cannot be const */ | |
24405 | struct e1000_mac_operations *func = &mac->ops; | |
24406 | u32 swsm = 0; | |
24407 | u32 swsm2 = 0; | |
24408 | @@ -1688,7 +1689,7 @@ static void e1000_clear_hw_cntrs_82571(s | |
24409 | er32(ICRXDMTC); | |
24410 | } | |
24411 | ||
24412 | -static struct e1000_mac_operations e82571_mac_ops = { | |
24413 | +static const struct e1000_mac_operations e82571_mac_ops = { | |
24414 | /* .check_mng_mode: mac type dependent */ | |
24415 | /* .check_for_link: media type dependent */ | |
24416 | .id_led_init = e1000e_id_led_init, | |
24417 | @@ -1708,7 +1709,7 @@ static struct e1000_mac_operations e8257 | |
24418 | .setup_led = e1000e_setup_led_generic, | |
24419 | }; | |
24420 | ||
24421 | -static struct e1000_phy_operations e82_phy_ops_igp = { | |
24422 | +static const struct e1000_phy_operations e82_phy_ops_igp = { | |
24423 | .acquire = e1000_get_hw_semaphore_82571, | |
24424 | .check_polarity = e1000_check_polarity_igp, | |
24425 | .check_reset_block = e1000e_check_reset_block_generic, | |
24426 | @@ -1726,7 +1727,7 @@ static struct e1000_phy_operations e82_p | |
24427 | .cfg_on_link_up = NULL, | |
24428 | }; | |
24429 | ||
24430 | -static struct e1000_phy_operations e82_phy_ops_m88 = { | |
24431 | +static const struct e1000_phy_operations e82_phy_ops_m88 = { | |
24432 | .acquire = e1000_get_hw_semaphore_82571, | |
24433 | .check_polarity = e1000_check_polarity_m88, | |
24434 | .check_reset_block = e1000e_check_reset_block_generic, | |
24435 | @@ -1744,7 +1745,7 @@ static struct e1000_phy_operations e82_p | |
24436 | .cfg_on_link_up = NULL, | |
24437 | }; | |
24438 | ||
24439 | -static struct e1000_phy_operations e82_phy_ops_bm = { | |
24440 | +static const struct e1000_phy_operations e82_phy_ops_bm = { | |
24441 | .acquire = e1000_get_hw_semaphore_82571, | |
24442 | .check_polarity = e1000_check_polarity_m88, | |
24443 | .check_reset_block = e1000e_check_reset_block_generic, | |
24444 | @@ -1762,7 +1763,7 @@ static struct e1000_phy_operations e82_p | |
24445 | .cfg_on_link_up = NULL, | |
24446 | }; | |
24447 | ||
24448 | -static struct e1000_nvm_operations e82571_nvm_ops = { | |
24449 | +static const struct e1000_nvm_operations e82571_nvm_ops = { | |
24450 | .acquire = e1000_acquire_nvm_82571, | |
24451 | .read = e1000e_read_nvm_eerd, | |
24452 | .release = e1000_release_nvm_82571, | |
24453 | diff -urNp linux-2.6.33.1/drivers/net/e1000e/e1000.h linux-2.6.33.1/drivers/net/e1000e/e1000.h | |
24454 | --- linux-2.6.33.1/drivers/net/e1000e/e1000.h 2010-03-15 12:09:39.000000000 -0400 | |
24455 | +++ linux-2.6.33.1/drivers/net/e1000e/e1000.h 2010-03-20 16:58:40.152824721 -0400 | |
24456 | @@ -379,9 +379,9 @@ struct e1000_info { | |
24457 | u32 pba; | |
24458 | u32 max_hw_frame_size; | |
24459 | s32 (*get_variants)(struct e1000_adapter *); | |
24460 | - struct e1000_mac_operations *mac_ops; | |
24461 | - struct e1000_phy_operations *phy_ops; | |
24462 | - struct e1000_nvm_operations *nvm_ops; | |
24463 | + const struct e1000_mac_operations *mac_ops; | |
24464 | + const struct e1000_phy_operations *phy_ops; | |
24465 | + const struct e1000_nvm_operations *nvm_ops; | |
24466 | }; | |
24467 | ||
24468 | /* hardware capability, feature, and workaround flags */ | |
24469 | diff -urNp linux-2.6.33.1/drivers/net/e1000e/es2lan.c linux-2.6.33.1/drivers/net/e1000e/es2lan.c | |
24470 | --- linux-2.6.33.1/drivers/net/e1000e/es2lan.c 2010-03-15 12:09:39.000000000 -0400 | |
24471 | +++ linux-2.6.33.1/drivers/net/e1000e/es2lan.c 2010-03-20 16:58:40.152824721 -0400 | |
24472 | @@ -205,6 +205,7 @@ static s32 e1000_init_mac_params_80003es | |
24473 | { | |
24474 | struct e1000_hw *hw = &adapter->hw; | |
24475 | struct e1000_mac_info *mac = &hw->mac; | |
24476 | + /* cannot be const */ | |
24477 | struct e1000_mac_operations *func = &mac->ops; | |
24478 | ||
24479 | /* Set media type */ | |
24480 | @@ -1402,7 +1403,7 @@ static void e1000_clear_hw_cntrs_80003es | |
24481 | er32(ICRXDMTC); | |
24482 | } | |
24483 | ||
24484 | -static struct e1000_mac_operations es2_mac_ops = { | |
24485 | +static const struct e1000_mac_operations es2_mac_ops = { | |
24486 | .id_led_init = e1000e_id_led_init, | |
24487 | .check_mng_mode = e1000e_check_mng_mode_generic, | |
24488 | /* check_for_link dependent on media type */ | |
24489 | @@ -1422,7 +1423,7 @@ static struct e1000_mac_operations es2_m | |
24490 | .setup_led = e1000e_setup_led_generic, | |
24491 | }; | |
24492 | ||
24493 | -static struct e1000_phy_operations es2_phy_ops = { | |
24494 | +static const struct e1000_phy_operations es2_phy_ops = { | |
24495 | .acquire = e1000_acquire_phy_80003es2lan, | |
24496 | .check_polarity = e1000_check_polarity_m88, | |
24497 | .check_reset_block = e1000e_check_reset_block_generic, | |
24498 | @@ -1440,7 +1441,7 @@ static struct e1000_phy_operations es2_p | |
24499 | .cfg_on_link_up = e1000_cfg_on_link_up_80003es2lan, | |
24500 | }; | |
24501 | ||
24502 | -static struct e1000_nvm_operations es2_nvm_ops = { | |
24503 | +static const struct e1000_nvm_operations es2_nvm_ops = { | |
24504 | .acquire = e1000_acquire_nvm_80003es2lan, | |
24505 | .read = e1000e_read_nvm_eerd, | |
24506 | .release = e1000_release_nvm_80003es2lan, | |
24507 | diff -urNp linux-2.6.33.1/drivers/net/e1000e/hw.h linux-2.6.33.1/drivers/net/e1000e/hw.h | |
24508 | --- linux-2.6.33.1/drivers/net/e1000e/hw.h 2010-03-15 12:09:39.000000000 -0400 | |
24509 | +++ linux-2.6.33.1/drivers/net/e1000e/hw.h 2010-03-20 16:58:40.156835598 -0400 | |
24510 | @@ -783,13 +783,13 @@ struct e1000_phy_operations { | |
24511 | ||
24512 | /* Function pointers for the NVM. */ | |
24513 | struct e1000_nvm_operations { | |
24514 | - s32 (*acquire)(struct e1000_hw *); | |
24515 | - s32 (*read)(struct e1000_hw *, u16, u16, u16 *); | |
24516 | - void (*release)(struct e1000_hw *); | |
24517 | - s32 (*update)(struct e1000_hw *); | |
24518 | - s32 (*valid_led_default)(struct e1000_hw *, u16 *); | |
24519 | - s32 (*validate)(struct e1000_hw *); | |
24520 | - s32 (*write)(struct e1000_hw *, u16, u16, u16 *); | |
24521 | + s32 (* const acquire)(struct e1000_hw *); | |
24522 | + s32 (* const read)(struct e1000_hw *, u16, u16, u16 *); | |
24523 | + void (* const release)(struct e1000_hw *); | |
24524 | + s32 (* const update)(struct e1000_hw *); | |
24525 | + s32 (* const valid_led_default)(struct e1000_hw *, u16 *); | |
24526 | + s32 (* const validate)(struct e1000_hw *); | |
24527 | + s32 (* const write)(struct e1000_hw *, u16, u16, u16 *); | |
24528 | }; | |
24529 | ||
24530 | struct e1000_mac_info { | |
24531 | @@ -864,6 +864,7 @@ struct e1000_phy_info { | |
24532 | }; | |
24533 | ||
24534 | struct e1000_nvm_info { | |
24535 | + /* cannot be const */ | |
24536 | struct e1000_nvm_operations ops; | |
24537 | ||
24538 | enum e1000_nvm_type type; | |
24539 | diff -urNp linux-2.6.33.1/drivers/net/e1000e/ich8lan.c linux-2.6.33.1/drivers/net/e1000e/ich8lan.c | |
24540 | --- linux-2.6.33.1/drivers/net/e1000e/ich8lan.c 2010-03-15 12:09:39.000000000 -0400 | |
24541 | +++ linux-2.6.33.1/drivers/net/e1000e/ich8lan.c 2010-03-20 16:58:40.168822418 -0400 | |
24542 | @@ -3361,7 +3361,7 @@ static void e1000_clear_hw_cntrs_ich8lan | |
24543 | } | |
24544 | } | |
24545 | ||
24546 | -static struct e1000_mac_operations ich8_mac_ops = { | |
24547 | +static const struct e1000_mac_operations ich8_mac_ops = { | |
24548 | .id_led_init = e1000e_id_led_init, | |
24549 | .check_mng_mode = e1000_check_mng_mode_ich8lan, | |
24550 | .check_for_link = e1000_check_for_copper_link_ich8lan, | |
24551 | @@ -3379,7 +3379,7 @@ static struct e1000_mac_operations ich8_ | |
24552 | /* id_led_init dependent on mac type */ | |
24553 | }; | |
24554 | ||
24555 | -static struct e1000_phy_operations ich8_phy_ops = { | |
24556 | +static const struct e1000_phy_operations ich8_phy_ops = { | |
24557 | .acquire = e1000_acquire_swflag_ich8lan, | |
24558 | .check_reset_block = e1000_check_reset_block_ich8lan, | |
24559 | .commit = NULL, | |
24560 | @@ -3393,7 +3393,7 @@ static struct e1000_phy_operations ich8_ | |
24561 | .write_reg = e1000e_write_phy_reg_igp, | |
24562 | }; | |
24563 | ||
24564 | -static struct e1000_nvm_operations ich8_nvm_ops = { | |
24565 | +static const struct e1000_nvm_operations ich8_nvm_ops = { | |
24566 | .acquire = e1000_acquire_nvm_ich8lan, | |
24567 | .read = e1000_read_nvm_ich8lan, | |
24568 | .release = e1000_release_nvm_ich8lan, | |
24569 | diff -urNp linux-2.6.33.1/drivers/net/ibmveth.c linux-2.6.33.1/drivers/net/ibmveth.c | |
24570 | --- linux-2.6.33.1/drivers/net/ibmveth.c 2010-03-15 12:09:39.000000000 -0400 | |
24571 | +++ linux-2.6.33.1/drivers/net/ibmveth.c 2010-03-20 16:58:40.180852292 -0400 | |
24572 | @@ -1577,7 +1577,7 @@ static struct attribute * veth_pool_attr | |
24573 | NULL, | |
24574 | }; | |
24575 | ||
24576 | -static struct sysfs_ops veth_pool_ops = { | |
24577 | +static const struct sysfs_ops veth_pool_ops = { | |
24578 | .show = veth_pool_show, | |
24579 | .store = veth_pool_store, | |
24580 | }; | |
24581 | diff -urNp linux-2.6.33.1/drivers/net/igb/e1000_82575.c linux-2.6.33.1/drivers/net/igb/e1000_82575.c | |
24582 | --- linux-2.6.33.1/drivers/net/igb/e1000_82575.c 2010-03-15 12:09:39.000000000 -0400 | |
24583 | +++ linux-2.6.33.1/drivers/net/igb/e1000_82575.c 2010-03-20 16:58:40.192835070 -0400 | |
24584 | @@ -1583,7 +1583,7 @@ u16 igb_rxpbs_adjust_82580(u32 data) | |
24585 | return ret_val; | |
24586 | } | |
24587 | ||
24588 | -static struct e1000_mac_operations e1000_mac_ops_82575 = { | |
24589 | +static const struct e1000_mac_operations e1000_mac_ops_82575 = { | |
24590 | .init_hw = igb_init_hw_82575, | |
24591 | .check_for_link = igb_check_for_link_82575, | |
24592 | .rar_set = igb_rar_set, | |
24593 | @@ -1591,13 +1591,13 @@ static struct e1000_mac_operations e1000 | |
24594 | .get_speed_and_duplex = igb_get_speed_and_duplex_copper, | |
24595 | }; | |
24596 | ||
24597 | -static struct e1000_phy_operations e1000_phy_ops_82575 = { | |
24598 | +static const struct e1000_phy_operations e1000_phy_ops_82575 = { | |
24599 | .acquire = igb_acquire_phy_82575, | |
24600 | .get_cfg_done = igb_get_cfg_done_82575, | |
24601 | .release = igb_release_phy_82575, | |
24602 | }; | |
24603 | ||
24604 | -static struct e1000_nvm_operations e1000_nvm_ops_82575 = { | |
24605 | +static const struct e1000_nvm_operations e1000_nvm_ops_82575 = { | |
24606 | .acquire = igb_acquire_nvm_82575, | |
24607 | .read = igb_read_nvm_eerd, | |
24608 | .release = igb_release_nvm_82575, | |
24609 | diff -urNp linux-2.6.33.1/drivers/net/igb/e1000_hw.h linux-2.6.33.1/drivers/net/igb/e1000_hw.h | |
24610 | --- linux-2.6.33.1/drivers/net/igb/e1000_hw.h 2010-03-15 12:09:39.000000000 -0400 | |
24611 | +++ linux-2.6.33.1/drivers/net/igb/e1000_hw.h 2010-03-20 16:58:40.192835070 -0400 | |
24612 | @@ -316,17 +316,17 @@ struct e1000_phy_operations { | |
24613 | }; | |
24614 | ||
24615 | struct e1000_nvm_operations { | |
24616 | - s32 (*acquire)(struct e1000_hw *); | |
24617 | - s32 (*read)(struct e1000_hw *, u16, u16, u16 *); | |
24618 | - void (*release)(struct e1000_hw *); | |
24619 | - s32 (*write)(struct e1000_hw *, u16, u16, u16 *); | |
24620 | + s32 (* const acquire)(struct e1000_hw *); | |
24621 | + s32 (* const read)(struct e1000_hw *, u16, u16, u16 *); | |
24622 | + void (* const release)(struct e1000_hw *); | |
24623 | + s32 (* const write)(struct e1000_hw *, u16, u16, u16 *); | |
24624 | }; | |
24625 | ||
24626 | struct e1000_info { | |
24627 | s32 (*get_invariants)(struct e1000_hw *); | |
24628 | - struct e1000_mac_operations *mac_ops; | |
24629 | - struct e1000_phy_operations *phy_ops; | |
24630 | - struct e1000_nvm_operations *nvm_ops; | |
24631 | + const struct e1000_mac_operations *mac_ops; | |
24632 | + const struct e1000_phy_operations *phy_ops; | |
24633 | + const struct e1000_nvm_operations *nvm_ops; | |
24634 | }; | |
24635 | ||
24636 | extern const struct e1000_info e1000_82575_info; | |
24637 | @@ -412,6 +412,7 @@ struct e1000_phy_info { | |
24638 | }; | |
24639 | ||
24640 | struct e1000_nvm_info { | |
24641 | + /* cannot be const */ | |
24642 | struct e1000_nvm_operations ops; | |
24643 | ||
24644 | enum e1000_nvm_type type; | |
24645 | diff -urNp linux-2.6.33.1/drivers/net/irda/vlsi_ir.c linux-2.6.33.1/drivers/net/irda/vlsi_ir.c | |
24646 | --- linux-2.6.33.1/drivers/net/irda/vlsi_ir.c 2010-03-15 12:09:39.000000000 -0400 | |
24647 | +++ linux-2.6.33.1/drivers/net/irda/vlsi_ir.c 2010-03-20 16:58:40.204836200 -0400 | |
24648 | @@ -907,13 +907,12 @@ static netdev_tx_t vlsi_hard_start_xmit( | |
58c5fc13 MT |
24649 | /* no race - tx-ring already empty */ |
24650 | vlsi_set_baud(idev, iobase); | |
24651 | netif_wake_queue(ndev); | |
24652 | - } | |
24653 | - else | |
24654 | - ; | |
24655 | + } else { | |
24656 | /* keep the speed change pending like it would | |
24657 | * for any len>0 packet. tx completion interrupt | |
24658 | * will apply it when the tx ring becomes empty. | |
24659 | */ | |
24660 | + } | |
24661 | spin_unlock_irqrestore(&idev->lock, flags); | |
24662 | dev_kfree_skb_any(skb); | |
ae4e228f MT |
24663 | return NETDEV_TX_OK; |
24664 | diff -urNp linux-2.6.33.1/drivers/net/iseries_veth.c linux-2.6.33.1/drivers/net/iseries_veth.c | |
24665 | --- linux-2.6.33.1/drivers/net/iseries_veth.c 2010-03-15 12:09:39.000000000 -0400 | |
24666 | +++ linux-2.6.33.1/drivers/net/iseries_veth.c 2010-03-20 16:58:40.227948499 -0400 | |
24667 | @@ -384,7 +384,7 @@ static struct attribute *veth_cnx_defaul | |
24668 | NULL | |
24669 | }; | |
24670 | ||
24671 | -static struct sysfs_ops veth_cnx_sysfs_ops = { | |
24672 | +static const struct sysfs_ops veth_cnx_sysfs_ops = { | |
24673 | .show = veth_cnx_attribute_show | |
24674 | }; | |
24675 | ||
24676 | @@ -441,7 +441,7 @@ static struct attribute *veth_port_defau | |
24677 | NULL | |
24678 | }; | |
24679 | ||
24680 | -static struct sysfs_ops veth_port_sysfs_ops = { | |
24681 | +static const struct sysfs_ops veth_port_sysfs_ops = { | |
24682 | .show = veth_port_attribute_show | |
24683 | }; | |
24684 | ||
24685 | diff -urNp linux-2.6.33.1/drivers/net/pcnet32.c linux-2.6.33.1/drivers/net/pcnet32.c | |
24686 | --- linux-2.6.33.1/drivers/net/pcnet32.c 2010-03-15 12:09:39.000000000 -0400 | |
24687 | +++ linux-2.6.33.1/drivers/net/pcnet32.c 2010-03-20 16:58:40.232840159 -0400 | |
24688 | @@ -80,7 +80,7 @@ static int cards_found; | |
58c5fc13 MT |
24689 | /* |
24690 | * VLB I/O addresses | |
24691 | */ | |
24692 | -static unsigned int pcnet32_portlist[] __initdata = | |
24693 | +static unsigned int pcnet32_portlist[] __devinitdata = | |
24694 | { 0x300, 0x320, 0x340, 0x360, 0 }; | |
24695 | ||
24696 | static int pcnet32_debug = 0; | |
ae4e228f MT |
24697 | diff -urNp linux-2.6.33.1/drivers/net/ppp_generic.c linux-2.6.33.1/drivers/net/ppp_generic.c |
24698 | --- linux-2.6.33.1/drivers/net/ppp_generic.c 2010-03-15 12:09:39.000000000 -0400 | |
24699 | +++ linux-2.6.33.1/drivers/net/ppp_generic.c 2010-03-20 16:58:40.236519222 -0400 | |
24700 | @@ -988,7 +988,6 @@ ppp_net_ioctl(struct net_device *dev, st | |
24701 | void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data; | |
24702 | struct ppp_stats stats; | |
24703 | struct ppp_comp_stats cstats; | |
24704 | - char *vers; | |
24705 | ||
24706 | switch (cmd) { | |
24707 | case SIOCGPPPSTATS: | |
24708 | @@ -1010,8 +1009,7 @@ ppp_net_ioctl(struct net_device *dev, st | |
24709 | break; | |
24710 | ||
24711 | case SIOCGPPPVER: | |
24712 | - vers = PPP_VERSION; | |
24713 | - if (copy_to_user(addr, vers, strlen(vers) + 1)) | |
24714 | + if (copy_to_user(addr, PPP_VERSION, sizeof(PPP_VERSION))) | |
24715 | break; | |
24716 | err = 0; | |
24717 | break; | |
24718 | diff -urNp linux-2.6.33.1/drivers/net/tg3.h linux-2.6.33.1/drivers/net/tg3.h | |
24719 | --- linux-2.6.33.1/drivers/net/tg3.h 2010-03-15 12:09:39.000000000 -0400 | |
24720 | +++ linux-2.6.33.1/drivers/net/tg3.h 2010-03-20 16:58:40.244857185 -0400 | |
24721 | @@ -101,6 +101,7 @@ | |
58c5fc13 MT |
24722 | #define CHIPREV_ID_5750_A0 0x4000 |
24723 | #define CHIPREV_ID_5750_A1 0x4001 | |
24724 | #define CHIPREV_ID_5750_A3 0x4003 | |
24725 | +#define CHIPREV_ID_5750_C1 0x4201 | |
24726 | #define CHIPREV_ID_5750_C2 0x4202 | |
24727 | #define CHIPREV_ID_5752_A0_HW 0x5000 | |
24728 | #define CHIPREV_ID_5752_A0 0x6000 | |
ae4e228f MT |
24729 | diff -urNp linux-2.6.33.1/drivers/net/tulip/de4x5.c linux-2.6.33.1/drivers/net/tulip/de4x5.c |
24730 | --- linux-2.6.33.1/drivers/net/tulip/de4x5.c 2010-03-15 12:09:39.000000000 -0400 | |
24731 | +++ linux-2.6.33.1/drivers/net/tulip/de4x5.c 2010-03-20 16:58:40.269912385 -0400 | |
24732 | @@ -5472,7 +5472,7 @@ de4x5_ioctl(struct net_device *dev, stru | |
24733 | for (i=0; i<ETH_ALEN; i++) { | |
24734 | tmp.addr[i] = dev->dev_addr[i]; | |
24735 | } | |
24736 | - if (copy_to_user(ioc->data, tmp.addr, ioc->len)) return -EFAULT; | |
24737 | + if (ioc->len > sizeof(tmp.addr) || copy_to_user(ioc->data, tmp.addr, ioc->len)) return -EFAULT; | |
24738 | break; | |
24739 | ||
24740 | case DE4X5_SET_HWADDR: /* Set the hardware address */ | |
24741 | @@ -5512,7 +5512,7 @@ de4x5_ioctl(struct net_device *dev, stru | |
24742 | spin_lock_irqsave(&lp->lock, flags); | |
24743 | memcpy(&statbuf, &lp->pktStats, ioc->len); | |
24744 | spin_unlock_irqrestore(&lp->lock, flags); | |
24745 | - if (copy_to_user(ioc->data, &statbuf, ioc->len)) | |
24746 | + if (ioc->len > sizeof(statbuf) || copy_to_user(ioc->data, &statbuf, ioc->len)) | |
24747 | return -EFAULT; | |
24748 | break; | |
24749 | } | |
24750 | diff -urNp linux-2.6.33.1/drivers/net/usb/hso.c linux-2.6.33.1/drivers/net/usb/hso.c | |
24751 | --- linux-2.6.33.1/drivers/net/usb/hso.c 2010-03-15 12:09:39.000000000 -0400 | |
24752 | +++ linux-2.6.33.1/drivers/net/usb/hso.c 2010-03-20 16:58:40.272671924 -0400 | |
58c5fc13 MT |
24753 | @@ -258,7 +258,7 @@ struct hso_serial { |
24754 | ||
24755 | /* from usb_serial_port */ | |
24756 | struct tty_struct *tty; | |
24757 | - int open_count; | |
24758 | + atomic_t open_count; | |
24759 | spinlock_t serial_lock; | |
24760 | ||
24761 | int (*write_data) (struct hso_serial *serial); | |
ae4e228f | 24762 | @@ -1203,7 +1203,7 @@ static void put_rxbuf_data_and_resubmit_ |
58c5fc13 MT |
24763 | struct urb *urb; |
24764 | ||
24765 | urb = serial->rx_urb[0]; | |
24766 | - if (serial->open_count > 0) { | |
24767 | + if (atomic_read(&serial->open_count) > 0) { | |
24768 | count = put_rxbuf_data(urb, serial); | |
24769 | if (count == -1) | |
24770 | return; | |
ae4e228f | 24771 | @@ -1239,7 +1239,7 @@ static void hso_std_serial_read_bulk_cal |
58c5fc13 MT |
24772 | DUMP1(urb->transfer_buffer, urb->actual_length); |
24773 | ||
24774 | /* Anyone listening? */ | |
24775 | - if (serial->open_count == 0) | |
24776 | + if (atomic_read(&serial->open_count) == 0) | |
24777 | return; | |
24778 | ||
24779 | if (status == 0) { | |
ae4e228f | 24780 | @@ -1334,8 +1334,7 @@ static int hso_serial_open(struct tty_st |
58c5fc13 MT |
24781 | spin_unlock_irq(&serial->serial_lock); |
24782 | ||
24783 | /* check for port already opened, if not set the termios */ | |
24784 | - serial->open_count++; | |
24785 | - if (serial->open_count == 1) { | |
24786 | + if (atomic_inc_return(&serial->open_count) == 1) { | |
24787 | tty->low_latency = 1; | |
24788 | serial->rx_state = RX_IDLE; | |
24789 | /* Force default termio settings */ | |
ae4e228f | 24790 | @@ -1348,7 +1347,7 @@ static int hso_serial_open(struct tty_st |
58c5fc13 MT |
24791 | result = hso_start_serial_device(serial->parent, GFP_KERNEL); |
24792 | if (result) { | |
24793 | hso_stop_serial_device(serial->parent); | |
24794 | - serial->open_count--; | |
24795 | + atomic_dec(&serial->open_count); | |
24796 | kref_put(&serial->parent->ref, hso_serial_ref_free); | |
24797 | } | |
24798 | } else { | |
ae4e228f | 24799 | @@ -1385,10 +1384,10 @@ static void hso_serial_close(struct tty_ |
58c5fc13 MT |
24800 | |
24801 | /* reset the rts and dtr */ | |
24802 | /* do the actual close */ | |
24803 | - serial->open_count--; | |
24804 | + atomic_dec(&serial->open_count); | |
ae4e228f | 24805 | |
58c5fc13 MT |
24806 | - if (serial->open_count <= 0) { |
24807 | - serial->open_count = 0; | |
24808 | + if (atomic_read(&serial->open_count) <= 0) { | |
24809 | + atomic_set(&serial->open_count, 0); | |
24810 | spin_lock_irq(&serial->serial_lock); | |
24811 | if (serial->tty == tty) { | |
24812 | serial->tty->driver_data = NULL; | |
ae4e228f | 24813 | @@ -1470,7 +1469,7 @@ static void hso_serial_set_termios(struc |
58c5fc13 MT |
24814 | |
24815 | /* the actual setup */ | |
24816 | spin_lock_irqsave(&serial->serial_lock, flags); | |
24817 | - if (serial->open_count) | |
24818 | + if (atomic_read(&serial->open_count)) | |
24819 | _hso_serial_set_termios(tty, old); | |
24820 | else | |
24821 | tty->termios = old; | |
ae4e228f MT |
24822 | @@ -1933,7 +1932,7 @@ static void intr_callback(struct urb *ur |
24823 | D1("Pending read interrupt on port %d\n", i); | |
24824 | spin_lock(&serial->serial_lock); | |
24825 | if (serial->rx_state == RX_IDLE && | |
24826 | - serial->open_count > 0) { | |
24827 | + atomic_read(&serial->open_count) > 0) { | |
24828 | /* Setup and send a ctrl req read on | |
24829 | * port i */ | |
24830 | if (!serial->rx_urb_filled[0]) { | |
24831 | @@ -3124,7 +3123,7 @@ static int hso_resume(struct usb_interfa | |
58c5fc13 MT |
24832 | /* Start all serial ports */ |
24833 | for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) { | |
24834 | if (serial_table[i] && (serial_table[i]->interface == iface)) { | |
24835 | - if (dev2ser(serial_table[i])->open_count) { | |
24836 | + if (atomic_read(&dev2ser(serial_table[i])->open_count)) { | |
24837 | result = | |
24838 | hso_start_serial_device(serial_table[i], GFP_NOIO); | |
24839 | hso_kick_transmit(dev2ser(serial_table[i])); | |
ae4e228f MT |
24840 | diff -urNp linux-2.6.33.1/drivers/net/wireless/b43/debugfs.c linux-2.6.33.1/drivers/net/wireless/b43/debugfs.c |
24841 | --- linux-2.6.33.1/drivers/net/wireless/b43/debugfs.c 2010-03-15 12:09:39.000000000 -0400 | |
24842 | +++ linux-2.6.33.1/drivers/net/wireless/b43/debugfs.c 2010-03-20 16:58:40.276838321 -0400 | |
24843 | @@ -43,7 +43,7 @@ static struct dentry *rootdir; | |
24844 | struct b43_debugfs_fops { | |
24845 | ssize_t (*read)(struct b43_wldev *dev, char *buf, size_t bufsize); | |
24846 | int (*write)(struct b43_wldev *dev, const char *buf, size_t count); | |
24847 | - struct file_operations fops; | |
24848 | + const struct file_operations fops; | |
24849 | /* Offset of struct b43_dfs_file in struct b43_dfsentry */ | |
24850 | size_t file_struct_offset; | |
24851 | }; | |
24852 | diff -urNp linux-2.6.33.1/drivers/net/wireless/b43legacy/debugfs.c linux-2.6.33.1/drivers/net/wireless/b43legacy/debugfs.c | |
24853 | --- linux-2.6.33.1/drivers/net/wireless/b43legacy/debugfs.c 2010-03-15 12:09:39.000000000 -0400 | |
24854 | +++ linux-2.6.33.1/drivers/net/wireless/b43legacy/debugfs.c 2010-03-20 16:58:40.292572897 -0400 | |
24855 | @@ -44,7 +44,7 @@ static struct dentry *rootdir; | |
24856 | struct b43legacy_debugfs_fops { | |
24857 | ssize_t (*read)(struct b43legacy_wldev *dev, char *buf, size_t bufsize); | |
24858 | int (*write)(struct b43legacy_wldev *dev, const char *buf, size_t count); | |
24859 | - struct file_operations fops; | |
24860 | + const struct file_operations fops; | |
24861 | /* Offset of struct b43legacy_dfs_file in struct b43legacy_dfsentry */ | |
24862 | size_t file_struct_offset; | |
24863 | /* Take wl->irq_lock before calling read/write? */ | |
24864 | diff -urNp linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-1000.c linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-1000.c | |
24865 | --- linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-1000.c 2010-03-15 12:09:39.000000000 -0400 | |
24866 | +++ linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-1000.c 2010-03-20 16:58:40.296852154 -0400 | |
24867 | @@ -140,7 +140,7 @@ static struct iwl_lib_ops iwl1000_lib = | |
24868 | }, | |
24869 | }; | |
24870 | ||
24871 | -static struct iwl_ops iwl1000_ops = { | |
24872 | +static const struct iwl_ops iwl1000_ops = { | |
24873 | .ucode = &iwl5000_ucode, | |
24874 | .lib = &iwl1000_lib, | |
24875 | .hcmd = &iwl5000_hcmd, | |
24876 | diff -urNp linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-3945.c linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-3945.c | |
24877 | --- linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-3945.c 2010-03-15 12:09:39.000000000 -0400 | |
24878 | +++ linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-3945.c 2010-03-20 16:58:40.308852389 -0400 | |
24879 | @@ -2804,7 +2804,7 @@ static struct iwl_hcmd_utils_ops iwl3945 | |
24880 | .rts_tx_cmd_flag = iwlcore_rts_tx_cmd_flag, | |
24881 | }; | |
24882 | ||
24883 | -static struct iwl_ops iwl3945_ops = { | |
24884 | +static const struct iwl_ops iwl3945_ops = { | |
24885 | .ucode = &iwl3945_ucode, | |
24886 | .lib = &iwl3945_lib, | |
24887 | .hcmd = &iwl3945_hcmd, | |
24888 | diff -urNp linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-4965.c linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-4965.c | |
24889 | --- linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-4965.c 2010-03-15 12:09:39.000000000 -0400 | |
24890 | +++ linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-4965.c 2010-03-20 16:58:40.316840649 -0400 | |
24891 | @@ -2208,7 +2208,7 @@ static struct iwl_lib_ops iwl4965_lib = | |
24892 | }, | |
24893 | }; | |
24894 | ||
24895 | -static struct iwl_ops iwl4965_ops = { | |
24896 | +static const struct iwl_ops iwl4965_ops = { | |
24897 | .ucode = &iwl4965_ucode, | |
24898 | .lib = &iwl4965_lib, | |
24899 | .hcmd = &iwl4965_hcmd, | |
24900 | diff -urNp linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-5000.c linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-5000.c | |
24901 | --- linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-5000.c 2010-03-15 12:09:39.000000000 -0400 | |
24902 | +++ linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-5000.c 2010-03-20 16:58:40.338443044 -0400 | |
24903 | @@ -1553,7 +1553,7 @@ static struct iwl_lib_ops iwl5150_lib = | |
24904 | }, | |
24905 | }; | |
24906 | ||
24907 | -static struct iwl_ops iwl5000_ops = { | |
24908 | +static const struct iwl_ops iwl5000_ops = { | |
24909 | .ucode = &iwl5000_ucode, | |
24910 | .lib = &iwl5000_lib, | |
24911 | .hcmd = &iwl5000_hcmd, | |
24912 | @@ -1561,7 +1561,7 @@ static struct iwl_ops iwl5000_ops = { | |
24913 | .led = &iwlagn_led_ops, | |
24914 | }; | |
24915 | ||
24916 | -static struct iwl_ops iwl5150_ops = { | |
24917 | +static const struct iwl_ops iwl5150_ops = { | |
24918 | .ucode = &iwl5000_ucode, | |
24919 | .lib = &iwl5150_lib, | |
24920 | .hcmd = &iwl5000_hcmd, | |
24921 | diff -urNp linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-6000.c linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-6000.c | |
24922 | --- linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-6000.c 2010-03-15 12:09:39.000000000 -0400 | |
24923 | +++ linux-2.6.33.1/drivers/net/wireless/iwlwifi/iwl-6000.c 2010-03-20 16:58:40.338443044 -0400 | |
24924 | @@ -252,7 +252,7 @@ static struct iwl_lib_ops iwl6000_lib = | |
24925 | }, | |
24926 | }; | |
24927 | ||
24928 | -static struct iwl_ops iwl6000_ops = { | |
24929 | +static const struct iwl_ops iwl6000_ops = { | |
24930 | .ucode = &iwl5000_ucode, | |
24931 | .lib = &iwl6000_lib, | |
24932 | .hcmd = &iwl5000_hcmd, | |
24933 | @@ -267,7 +267,7 @@ static struct iwl_hcmd_utils_ops iwl6050 | |
24934 | .calc_rssi = iwl5000_calc_rssi, | |
24935 | }; | |
24936 | ||
24937 | -static struct iwl_ops iwl6050_ops = { | |
24938 | +static const struct iwl_ops iwl6050_ops = { | |
24939 | .ucode = &iwl5000_ucode, | |
24940 | .lib = &iwl6000_lib, | |
24941 | .hcmd = &iwl5000_hcmd, | |
24942 | diff -urNp linux-2.6.33.1/drivers/net/wireless/libertas/debugfs.c linux-2.6.33.1/drivers/net/wireless/libertas/debugfs.c | |
24943 | --- linux-2.6.33.1/drivers/net/wireless/libertas/debugfs.c 2010-03-15 12:09:39.000000000 -0400 | |
24944 | +++ linux-2.6.33.1/drivers/net/wireless/libertas/debugfs.c 2010-03-20 16:58:40.348846186 -0400 | |
24945 | @@ -717,7 +717,7 @@ out_unlock: | |
24946 | struct lbs_debugfs_files { | |
24947 | const char *name; | |
24948 | int perm; | |
24949 | - struct file_operations fops; | |
24950 | + const struct file_operations fops; | |
24951 | }; | |
24952 | ||
24953 | static const struct lbs_debugfs_files debugfs_files[] = { | |
24954 | diff -urNp linux-2.6.33.1/drivers/oprofile/buffer_sync.c linux-2.6.33.1/drivers/oprofile/buffer_sync.c | |
24955 | --- linux-2.6.33.1/drivers/oprofile/buffer_sync.c 2010-03-15 12:09:39.000000000 -0400 | |
24956 | +++ linux-2.6.33.1/drivers/oprofile/buffer_sync.c 2010-03-20 16:58:40.357847963 -0400 | |
24957 | @@ -340,7 +340,7 @@ static void add_data(struct op_entry *en | |
58c5fc13 MT |
24958 | if (cookie == NO_COOKIE) |
24959 | offset = pc; | |
24960 | if (cookie == INVALID_COOKIE) { | |
24961 | - atomic_inc(&oprofile_stats.sample_lost_no_mapping); | |
24962 | + atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mapping); | |
24963 | offset = pc; | |
24964 | } | |
24965 | if (cookie != last_cookie) { | |
ae4e228f | 24966 | @@ -384,14 +384,14 @@ add_sample(struct mm_struct *mm, struct |
58c5fc13 MT |
24967 | /* add userspace sample */ |
24968 | ||
24969 | if (!mm) { | |
24970 | - atomic_inc(&oprofile_stats.sample_lost_no_mm); | |
24971 | + atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mm); | |
24972 | return 0; | |
24973 | } | |
24974 | ||
24975 | cookie = lookup_dcookie(mm, s->eip, &offset); | |
24976 | ||
24977 | if (cookie == INVALID_COOKIE) { | |
24978 | - atomic_inc(&oprofile_stats.sample_lost_no_mapping); | |
24979 | + atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mapping); | |
24980 | return 0; | |
24981 | } | |
24982 | ||
ae4e228f | 24983 | @@ -560,7 +560,7 @@ void sync_buffer(int cpu) |
58c5fc13 MT |
24984 | /* ignore backtraces if failed to add a sample */ |
24985 | if (state == sb_bt_start) { | |
24986 | state = sb_bt_ignore; | |
24987 | - atomic_inc(&oprofile_stats.bt_lost_no_mapping); | |
24988 | + atomic_inc_unchecked(&oprofile_stats.bt_lost_no_mapping); | |
24989 | } | |
24990 | } | |
24991 | release_mm(mm); | |
ae4e228f MT |
24992 | diff -urNp linux-2.6.33.1/drivers/oprofile/event_buffer.c linux-2.6.33.1/drivers/oprofile/event_buffer.c |
24993 | --- linux-2.6.33.1/drivers/oprofile/event_buffer.c 2010-03-15 12:09:39.000000000 -0400 | |
24994 | +++ linux-2.6.33.1/drivers/oprofile/event_buffer.c 2010-03-20 16:58:40.360587811 -0400 | |
24995 | @@ -53,7 +53,7 @@ void add_event_entry(unsigned long value | |
24996 | } | |
24997 | ||
58c5fc13 MT |
24998 | if (buffer_pos == buffer_size) { |
24999 | - atomic_inc(&oprofile_stats.event_lost_overflow); | |
25000 | + atomic_inc_unchecked(&oprofile_stats.event_lost_overflow); | |
25001 | return; | |
25002 | } | |
25003 | ||
ae4e228f MT |
25004 | diff -urNp linux-2.6.33.1/drivers/oprofile/oprof.c linux-2.6.33.1/drivers/oprofile/oprof.c |
25005 | --- linux-2.6.33.1/drivers/oprofile/oprof.c 2010-03-15 12:09:39.000000000 -0400 | |
25006 | +++ linux-2.6.33.1/drivers/oprofile/oprof.c 2010-03-20 16:58:40.368849108 -0400 | |
25007 | @@ -110,7 +110,7 @@ static void switch_worker(struct work_st | |
25008 | if (oprofile_ops.switch_events()) | |
25009 | return; | |
58c5fc13 | 25010 | |
ae4e228f MT |
25011 | - atomic_inc(&oprofile_stats.multiplex_counter); |
25012 | + atomic_inc_unchecked(&oprofile_stats.multiplex_counter); | |
25013 | start_switch_worker(); | |
25014 | } | |
58c5fc13 | 25015 | |
ae4e228f MT |
25016 | diff -urNp linux-2.6.33.1/drivers/oprofile/oprofilefs.c linux-2.6.33.1/drivers/oprofile/oprofilefs.c |
25017 | --- linux-2.6.33.1/drivers/oprofile/oprofilefs.c 2010-03-15 12:09:39.000000000 -0400 | |
25018 | +++ linux-2.6.33.1/drivers/oprofile/oprofilefs.c 2010-03-20 16:58:40.372843891 -0400 | |
58c5fc13 MT |
25019 | @@ -187,7 +187,7 @@ static const struct file_operations atom |
25020 | ||
25021 | ||
25022 | int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root, | |
25023 | - char const *name, atomic_t *val) | |
25024 | + char const *name, atomic_unchecked_t *val) | |
25025 | { | |
25026 | struct dentry *d = __oprofilefs_create_file(sb, root, name, | |
25027 | &atomic_ro_fops, 0444); | |
ae4e228f MT |
25028 | diff -urNp linux-2.6.33.1/drivers/oprofile/oprofile_stats.c linux-2.6.33.1/drivers/oprofile/oprofile_stats.c |
25029 | --- linux-2.6.33.1/drivers/oprofile/oprofile_stats.c 2010-03-15 12:09:39.000000000 -0400 | |
25030 | +++ linux-2.6.33.1/drivers/oprofile/oprofile_stats.c 2010-03-20 16:58:40.376630331 -0400 | |
25031 | @@ -30,11 +30,11 @@ void oprofile_reset_stats(void) | |
58c5fc13 MT |
25032 | cpu_buf->sample_invalid_eip = 0; |
25033 | } | |
25034 | ||
25035 | - atomic_set(&oprofile_stats.sample_lost_no_mm, 0); | |
25036 | - atomic_set(&oprofile_stats.sample_lost_no_mapping, 0); | |
25037 | - atomic_set(&oprofile_stats.event_lost_overflow, 0); | |
25038 | - atomic_set(&oprofile_stats.bt_lost_no_mapping, 0); | |
ae4e228f | 25039 | - atomic_set(&oprofile_stats.multiplex_counter, 0); |
58c5fc13 MT |
25040 | + atomic_set_unchecked(&oprofile_stats.sample_lost_no_mm, 0); |
25041 | + atomic_set_unchecked(&oprofile_stats.sample_lost_no_mapping, 0); | |
25042 | + atomic_set_unchecked(&oprofile_stats.event_lost_overflow, 0); | |
25043 | + atomic_set_unchecked(&oprofile_stats.bt_lost_no_mapping, 0); | |
ae4e228f | 25044 | + atomic_set_unchecked(&oprofile_stats.multiplex_counter, 0); |
58c5fc13 MT |
25045 | } |
25046 | ||
25047 | ||
ae4e228f MT |
25048 | diff -urNp linux-2.6.33.1/drivers/oprofile/oprofile_stats.h linux-2.6.33.1/drivers/oprofile/oprofile_stats.h |
25049 | --- linux-2.6.33.1/drivers/oprofile/oprofile_stats.h 2010-03-15 12:09:39.000000000 -0400 | |
25050 | +++ linux-2.6.33.1/drivers/oprofile/oprofile_stats.h 2010-03-20 16:58:40.376630331 -0400 | |
25051 | @@ -13,11 +13,11 @@ | |
58c5fc13 MT |
25052 | #include <asm/atomic.h> |
25053 | ||
25054 | struct oprofile_stat_struct { | |
25055 | - atomic_t sample_lost_no_mm; | |
25056 | - atomic_t sample_lost_no_mapping; | |
25057 | - atomic_t bt_lost_no_mapping; | |
25058 | - atomic_t event_lost_overflow; | |
ae4e228f | 25059 | - atomic_t multiplex_counter; |
58c5fc13 MT |
25060 | + atomic_unchecked_t sample_lost_no_mm; |
25061 | + atomic_unchecked_t sample_lost_no_mapping; | |
25062 | + atomic_unchecked_t bt_lost_no_mapping; | |
25063 | + atomic_unchecked_t event_lost_overflow; | |
ae4e228f | 25064 | + atomic_unchecked_t multiplex_counter; |
58c5fc13 MT |
25065 | }; |
25066 | ||
25067 | extern struct oprofile_stat_struct oprofile_stats; | |
ae4e228f MT |
25068 | diff -urNp linux-2.6.33.1/drivers/parisc/pdc_stable.c linux-2.6.33.1/drivers/parisc/pdc_stable.c |
25069 | --- linux-2.6.33.1/drivers/parisc/pdc_stable.c 2010-03-15 12:09:39.000000000 -0400 | |
25070 | +++ linux-2.6.33.1/drivers/parisc/pdc_stable.c 2010-03-20 16:58:40.392862259 -0400 | |
25071 | @@ -481,7 +481,7 @@ pdcspath_attr_store(struct kobject *kobj | |
25072 | return ret; | |
25073 | } | |
25074 | ||
25075 | -static struct sysfs_ops pdcspath_attr_ops = { | |
25076 | +static const struct sysfs_ops pdcspath_attr_ops = { | |
25077 | .show = pdcspath_attr_show, | |
25078 | .store = pdcspath_attr_store, | |
25079 | }; | |
25080 | diff -urNp linux-2.6.33.1/drivers/parport/procfs.c linux-2.6.33.1/drivers/parport/procfs.c | |
25081 | --- linux-2.6.33.1/drivers/parport/procfs.c 2010-03-15 12:09:39.000000000 -0400 | |
25082 | +++ linux-2.6.33.1/drivers/parport/procfs.c 2010-03-20 16:58:40.392862259 -0400 | |
25083 | @@ -64,7 +64,7 @@ static int do_active_device(ctl_table *t | |
25084 | ||
25085 | *ppos += len; | |
25086 | ||
25087 | - return copy_to_user(result, buffer, len) ? -EFAULT : 0; | |
25088 | + return (len > sizeof(buffer) || copy_to_user(result, buffer, len)) ? -EFAULT : 0; | |
25089 | } | |
25090 | ||
25091 | #ifdef CONFIG_PARPORT_1284 | |
25092 | @@ -106,7 +106,7 @@ static int do_autoprobe(ctl_table *table | |
25093 | ||
25094 | *ppos += len; | |
25095 | ||
25096 | - return copy_to_user (result, buffer, len) ? -EFAULT : 0; | |
25097 | + return (len > sizeof(buffer) || copy_to_user (result, buffer, len)) ? -EFAULT : 0; | |
25098 | } | |
25099 | #endif /* IEEE1284.3 support. */ | |
25100 | ||
25101 | diff -urNp linux-2.6.33.1/drivers/pci/hotplug/acpiphp_glue.c linux-2.6.33.1/drivers/pci/hotplug/acpiphp_glue.c | |
25102 | --- linux-2.6.33.1/drivers/pci/hotplug/acpiphp_glue.c 2010-03-15 12:09:39.000000000 -0400 | |
25103 | +++ linux-2.6.33.1/drivers/pci/hotplug/acpiphp_glue.c 2010-03-20 16:58:40.418811417 -0400 | |
25104 | @@ -109,7 +109,7 @@ static int post_dock_fixups(struct notif | |
25105 | } | |
25106 | ||
25107 | ||
25108 | -static struct acpi_dock_ops acpiphp_dock_ops = { | |
25109 | +static const struct acpi_dock_ops acpiphp_dock_ops = { | |
25110 | .handler = handle_hotplug_event_func, | |
25111 | }; | |
25112 | ||
25113 | diff -urNp linux-2.6.33.1/drivers/pci/hotplug/cpqphp_nvram.c linux-2.6.33.1/drivers/pci/hotplug/cpqphp_nvram.c | |
25114 | --- linux-2.6.33.1/drivers/pci/hotplug/cpqphp_nvram.c 2010-03-15 12:09:39.000000000 -0400 | |
25115 | +++ linux-2.6.33.1/drivers/pci/hotplug/cpqphp_nvram.c 2010-03-20 16:58:40.420729851 -0400 | |
58c5fc13 MT |
25116 | @@ -428,9 +428,13 @@ static u32 store_HRT (void __iomem *rom_ |
25117 | ||
25118 | void compaq_nvram_init (void __iomem *rom_start) | |
25119 | { | |
25120 | + | |
25121 | +#ifndef CONFIG_PAX_KERNEXEC | |
25122 | if (rom_start) { | |
25123 | compaq_int15_entry_point = (rom_start + ROM_INT15_PHY_ADDR - ROM_PHY_ADDR); | |
25124 | } | |
25125 | +#endif | |
25126 | + | |
25127 | dbg("int15 entry = %p\n", compaq_int15_entry_point); | |
25128 | ||
25129 | /* initialize our int15 lock */ | |
ae4e228f MT |
25130 | diff -urNp linux-2.6.33.1/drivers/pci/hotplug/fakephp.c linux-2.6.33.1/drivers/pci/hotplug/fakephp.c |
25131 | --- linux-2.6.33.1/drivers/pci/hotplug/fakephp.c 2010-03-15 12:09:39.000000000 -0400 | |
25132 | +++ linux-2.6.33.1/drivers/pci/hotplug/fakephp.c 2010-03-20 16:58:40.420729851 -0400 | |
25133 | @@ -73,7 +73,7 @@ static void legacy_release(struct kobjec | |
25134 | } | |
25135 | ||
25136 | static struct kobj_type legacy_ktype = { | |
25137 | - .sysfs_ops = &(struct sysfs_ops){ | |
25138 | + .sysfs_ops = &(const struct sysfs_ops){ | |
25139 | .store = legacy_store, .show = legacy_show | |
25140 | }, | |
25141 | .release = &legacy_release, | |
25142 | diff -urNp linux-2.6.33.1/drivers/pci/intel-iommu.c linux-2.6.33.1/drivers/pci/intel-iommu.c | |
25143 | --- linux-2.6.33.1/drivers/pci/intel-iommu.c 2010-03-15 12:09:39.000000000 -0400 | |
25144 | +++ linux-2.6.33.1/drivers/pci/intel-iommu.c 2010-03-20 16:58:40.428854036 -0400 | |
25145 | @@ -2940,7 +2940,7 @@ static int intel_mapping_error(struct de | |
25146 | return !dma_addr; | |
25147 | } | |
25148 | ||
25149 | -struct dma_map_ops intel_dma_ops = { | |
25150 | +const struct dma_map_ops intel_dma_ops = { | |
25151 | .alloc_coherent = intel_alloc_coherent, | |
25152 | .free_coherent = intel_free_coherent, | |
25153 | .map_sg = intel_map_sg, | |
25154 | diff -urNp linux-2.6.33.1/drivers/pci/pcie/portdrv_pci.c linux-2.6.33.1/drivers/pci/pcie/portdrv_pci.c | |
25155 | --- linux-2.6.33.1/drivers/pci/pcie/portdrv_pci.c 2010-03-15 12:09:39.000000000 -0400 | |
25156 | +++ linux-2.6.33.1/drivers/pci/pcie/portdrv_pci.c 2010-03-20 16:58:40.432849247 -0400 | |
25157 | @@ -250,7 +250,7 @@ static void pcie_portdrv_err_resume(stru | |
58c5fc13 MT |
25158 | static const struct pci_device_id port_pci_ids[] = { { |
25159 | /* handle any PCI-Express port */ | |
25160 | PCI_DEVICE_CLASS(((PCI_CLASS_BRIDGE_PCI << 8) | 0x00), ~0), | |
25161 | - }, { /* end: all zeroes */ } | |
25162 | + }, { 0, 0, 0, 0, 0, 0, 0 } | |
25163 | }; | |
25164 | MODULE_DEVICE_TABLE(pci, port_pci_ids); | |
25165 | ||
ae4e228f MT |
25166 | diff -urNp linux-2.6.33.1/drivers/pci/proc.c linux-2.6.33.1/drivers/pci/proc.c |
25167 | --- linux-2.6.33.1/drivers/pci/proc.c 2010-03-15 12:09:39.000000000 -0400 | |
25168 | +++ linux-2.6.33.1/drivers/pci/proc.c 2010-03-20 16:58:40.432849247 -0400 | |
58c5fc13 MT |
25169 | @@ -480,7 +480,16 @@ static const struct file_operations proc |
25170 | static int __init pci_proc_init(void) | |
25171 | { | |
25172 | struct pci_dev *dev = NULL; | |
25173 | + | |
25174 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
25175 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
25176 | + proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR, NULL); | |
25177 | +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
25178 | + proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL); | |
25179 | +#endif | |
25180 | +#else | |
25181 | proc_bus_pci_dir = proc_mkdir("bus/pci", NULL); | |
25182 | +#endif | |
25183 | proc_create("devices", 0, proc_bus_pci_dir, | |
25184 | &proc_bus_pci_dev_operations); | |
25185 | proc_initialized = 1; | |
ae4e228f MT |
25186 | diff -urNp linux-2.6.33.1/drivers/pci/slot.c linux-2.6.33.1/drivers/pci/slot.c |
25187 | --- linux-2.6.33.1/drivers/pci/slot.c 2010-03-15 12:09:39.000000000 -0400 | |
25188 | +++ linux-2.6.33.1/drivers/pci/slot.c 2010-03-20 16:58:40.436850488 -0400 | |
25189 | @@ -29,7 +29,7 @@ static ssize_t pci_slot_attr_store(struc | |
25190 | return attribute->store ? attribute->store(slot, buf, len) : -EIO; | |
25191 | } | |
25192 | ||
25193 | -static struct sysfs_ops pci_slot_sysfs_ops = { | |
25194 | +static const struct sysfs_ops pci_slot_sysfs_ops = { | |
25195 | .show = pci_slot_attr_show, | |
25196 | .store = pci_slot_attr_store, | |
25197 | }; | |
25198 | diff -urNp linux-2.6.33.1/drivers/pcmcia/ti113x.h linux-2.6.33.1/drivers/pcmcia/ti113x.h | |
25199 | --- linux-2.6.33.1/drivers/pcmcia/ti113x.h 2010-03-15 12:09:39.000000000 -0400 | |
25200 | +++ linux-2.6.33.1/drivers/pcmcia/ti113x.h 2010-03-20 16:58:40.444846583 -0400 | |
58c5fc13 MT |
25201 | @@ -903,7 +903,7 @@ static struct pci_device_id ene_tune_tbl |
25202 | DEVID(PCI_VENDOR_ID_MOTOROLA, 0x3410, 0xECC0, PCI_ANY_ID, | |
25203 | ENE_TEST_C9_TLTENABLE | ENE_TEST_C9_PFENABLE, ENE_TEST_C9_TLTENABLE), | |
25204 | ||
25205 | - {} | |
25206 | + { 0, 0, 0, 0, 0, 0, 0 } | |
25207 | }; | |
25208 | ||
25209 | static void ene_tune_bridge(struct pcmcia_socket *sock, struct pci_bus *bus) | |
ae4e228f MT |
25210 | diff -urNp linux-2.6.33.1/drivers/pcmcia/yenta_socket.c linux-2.6.33.1/drivers/pcmcia/yenta_socket.c |
25211 | --- linux-2.6.33.1/drivers/pcmcia/yenta_socket.c 2010-03-15 12:09:39.000000000 -0400 | |
25212 | +++ linux-2.6.33.1/drivers/pcmcia/yenta_socket.c 2010-03-20 16:58:40.460864210 -0400 | |
25213 | @@ -1432,7 +1432,7 @@ static struct pci_device_id yenta_table[ | |
58c5fc13 MT |
25214 | |
25215 | /* match any cardbus bridge */ | |
25216 | CB_ID(PCI_ANY_ID, PCI_ANY_ID, DEFAULT), | |
25217 | - { /* all zeroes */ } | |
25218 | + { 0, 0, 0, 0, 0, 0, 0 } | |
25219 | }; | |
25220 | MODULE_DEVICE_TABLE(pci, yenta_table); | |
25221 | ||
ae4e228f MT |
25222 | diff -urNp linux-2.6.33.1/drivers/platform/x86/acer-wmi.c linux-2.6.33.1/drivers/platform/x86/acer-wmi.c |
25223 | --- linux-2.6.33.1/drivers/platform/x86/acer-wmi.c 2010-03-15 12:09:39.000000000 -0400 | |
25224 | +++ linux-2.6.33.1/drivers/platform/x86/acer-wmi.c 2010-03-20 16:58:40.464856812 -0400 | |
25225 | @@ -915,7 +915,7 @@ static int update_bl_status(struct backl | |
25226 | return 0; | |
25227 | } | |
25228 | ||
25229 | -static struct backlight_ops acer_bl_ops = { | |
25230 | +static const struct backlight_ops acer_bl_ops = { | |
25231 | .get_brightness = read_brightness, | |
25232 | .update_status = update_bl_status, | |
25233 | }; | |
25234 | diff -urNp linux-2.6.33.1/drivers/platform/x86/asus_acpi.c linux-2.6.33.1/drivers/platform/x86/asus_acpi.c | |
25235 | --- linux-2.6.33.1/drivers/platform/x86/asus_acpi.c 2010-03-15 12:09:39.000000000 -0400 | |
25236 | +++ linux-2.6.33.1/drivers/platform/x86/asus_acpi.c 2010-03-20 16:58:40.480866604 -0400 | |
25237 | @@ -1464,7 +1464,7 @@ static int asus_hotk_remove(struct acpi_ | |
25238 | return 0; | |
25239 | } | |
25240 | ||
25241 | -static struct backlight_ops asus_backlight_data = { | |
25242 | +static const struct backlight_ops asus_backlight_data = { | |
25243 | .get_brightness = read_brightness, | |
25244 | .update_status = set_brightness_status, | |
25245 | }; | |
25246 | diff -urNp linux-2.6.33.1/drivers/platform/x86/asus-laptop.c linux-2.6.33.1/drivers/platform/x86/asus-laptop.c | |
25247 | --- linux-2.6.33.1/drivers/platform/x86/asus-laptop.c 2010-03-15 12:09:39.000000000 -0400 | |
25248 | +++ linux-2.6.33.1/drivers/platform/x86/asus-laptop.c 2010-03-20 16:58:40.480866604 -0400 | |
25249 | @@ -251,7 +251,7 @@ static struct backlight_device *asus_bac | |
25250 | */ | |
25251 | static int read_brightness(struct backlight_device *bd); | |
25252 | static int update_bl_status(struct backlight_device *bd); | |
25253 | -static struct backlight_ops asusbl_ops = { | |
25254 | +static const struct backlight_ops asusbl_ops = { | |
25255 | .get_brightness = read_brightness, | |
25256 | .update_status = update_bl_status, | |
25257 | }; | |
25258 | diff -urNp linux-2.6.33.1/drivers/platform/x86/classmate-laptop.c linux-2.6.33.1/drivers/platform/x86/classmate-laptop.c | |
25259 | --- linux-2.6.33.1/drivers/platform/x86/classmate-laptop.c 2010-03-15 12:09:39.000000000 -0400 | |
25260 | +++ linux-2.6.33.1/drivers/platform/x86/classmate-laptop.c 2010-03-20 16:58:40.484567094 -0400 | |
25261 | @@ -452,7 +452,7 @@ static int cmpc_bl_update_status(struct | |
25262 | return -1; | |
25263 | } | |
25264 | ||
25265 | -static struct backlight_ops cmpc_bl_ops = { | |
25266 | +static const struct backlight_ops cmpc_bl_ops = { | |
25267 | .get_brightness = cmpc_bl_get_brightness, | |
25268 | .update_status = cmpc_bl_update_status | |
25269 | }; | |
25270 | diff -urNp linux-2.6.33.1/drivers/platform/x86/compal-laptop.c linux-2.6.33.1/drivers/platform/x86/compal-laptop.c | |
25271 | --- linux-2.6.33.1/drivers/platform/x86/compal-laptop.c 2010-03-15 12:09:39.000000000 -0400 | |
25272 | +++ linux-2.6.33.1/drivers/platform/x86/compal-laptop.c 2010-03-20 16:58:40.484567094 -0400 | |
25273 | @@ -162,7 +162,7 @@ static int bl_update_status(struct backl | |
25274 | return set_lcd_level(b->props.brightness); | |
25275 | } | |
25276 | ||
25277 | -static struct backlight_ops compalbl_ops = { | |
25278 | +static const struct backlight_ops compalbl_ops = { | |
25279 | .get_brightness = bl_get_brightness, | |
25280 | .update_status = bl_update_status, | |
25281 | }; | |
25282 | diff -urNp linux-2.6.33.1/drivers/platform/x86/dell-laptop.c linux-2.6.33.1/drivers/platform/x86/dell-laptop.c | |
25283 | --- linux-2.6.33.1/drivers/platform/x86/dell-laptop.c 2010-03-15 12:09:39.000000000 -0400 | |
25284 | +++ linux-2.6.33.1/drivers/platform/x86/dell-laptop.c 2010-03-20 16:58:40.484567094 -0400 | |
25285 | @@ -333,7 +333,7 @@ static int dell_get_intensity(struct bac | |
25286 | return buffer.output[1]; | |
25287 | } | |
25288 | ||
25289 | -static struct backlight_ops dell_ops = { | |
25290 | +static const struct backlight_ops dell_ops = { | |
25291 | .get_brightness = dell_get_intensity, | |
25292 | .update_status = dell_send_intensity, | |
25293 | }; | |
25294 | diff -urNp linux-2.6.33.1/drivers/platform/x86/eeepc-laptop.c linux-2.6.33.1/drivers/platform/x86/eeepc-laptop.c | |
25295 | --- linux-2.6.33.1/drivers/platform/x86/eeepc-laptop.c 2010-03-15 12:09:39.000000000 -0400 | |
25296 | +++ linux-2.6.33.1/drivers/platform/x86/eeepc-laptop.c 2010-03-20 16:58:40.484567094 -0400 | |
25297 | @@ -1096,7 +1096,7 @@ static int update_bl_status(struct backl | |
25298 | return set_brightness(bd, bd->props.brightness); | |
25299 | } | |
25300 | ||
25301 | -static struct backlight_ops eeepcbl_ops = { | |
25302 | +static const struct backlight_ops eeepcbl_ops = { | |
25303 | .get_brightness = read_brightness, | |
25304 | .update_status = update_bl_status, | |
25305 | }; | |
25306 | diff -urNp linux-2.6.33.1/drivers/platform/x86/fujitsu-laptop.c linux-2.6.33.1/drivers/platform/x86/fujitsu-laptop.c | |
25307 | --- linux-2.6.33.1/drivers/platform/x86/fujitsu-laptop.c 2010-03-15 12:09:39.000000000 -0400 | |
25308 | +++ linux-2.6.33.1/drivers/platform/x86/fujitsu-laptop.c 2010-03-20 16:58:40.488600423 -0400 | |
25309 | @@ -436,7 +436,7 @@ static int bl_update_status(struct backl | |
25310 | return ret; | |
25311 | } | |
25312 | ||
25313 | -static struct backlight_ops fujitsubl_ops = { | |
25314 | +static const struct backlight_ops fujitsubl_ops = { | |
25315 | .get_brightness = bl_get_brightness, | |
25316 | .update_status = bl_update_status, | |
25317 | }; | |
25318 | diff -urNp linux-2.6.33.1/drivers/platform/x86/msi-laptop.c linux-2.6.33.1/drivers/platform/x86/msi-laptop.c | |
25319 | --- linux-2.6.33.1/drivers/platform/x86/msi-laptop.c 2010-03-15 12:09:39.000000000 -0400 | |
25320 | +++ linux-2.6.33.1/drivers/platform/x86/msi-laptop.c 2010-03-20 16:58:40.488600423 -0400 | |
25321 | @@ -161,7 +161,7 @@ static int bl_update_status(struct backl | |
25322 | return set_lcd_level(b->props.brightness); | |
25323 | } | |
25324 | ||
25325 | -static struct backlight_ops msibl_ops = { | |
25326 | +static const struct backlight_ops msibl_ops = { | |
25327 | .get_brightness = bl_get_brightness, | |
25328 | .update_status = bl_update_status, | |
25329 | }; | |
25330 | diff -urNp linux-2.6.33.1/drivers/platform/x86/msi-wmi.c linux-2.6.33.1/drivers/platform/x86/msi-wmi.c | |
25331 | --- linux-2.6.33.1/drivers/platform/x86/msi-wmi.c 2010-03-15 12:09:39.000000000 -0400 | |
25332 | +++ linux-2.6.33.1/drivers/platform/x86/msi-wmi.c 2010-03-20 16:58:40.488600423 -0400 | |
25333 | @@ -138,7 +138,7 @@ static int bl_set_status(struct backligh | |
25334 | return msi_wmi_set_block(0, backlight_map[bright]); | |
25335 | } | |
25336 | ||
25337 | -static struct backlight_ops msi_backlight_ops = { | |
25338 | +static const struct backlight_ops msi_backlight_ops = { | |
25339 | .get_brightness = bl_get, | |
25340 | .update_status = bl_set_status, | |
25341 | }; | |
25342 | diff -urNp linux-2.6.33.1/drivers/platform/x86/panasonic-laptop.c linux-2.6.33.1/drivers/platform/x86/panasonic-laptop.c | |
25343 | --- linux-2.6.33.1/drivers/platform/x86/panasonic-laptop.c 2010-03-15 12:09:39.000000000 -0400 | |
25344 | +++ linux-2.6.33.1/drivers/platform/x86/panasonic-laptop.c 2010-03-20 16:58:40.488600423 -0400 | |
25345 | @@ -352,7 +352,7 @@ static int bl_set_status(struct backligh | |
25346 | return acpi_pcc_write_sset(pcc, SINF_DC_CUR_BRIGHT, bright); | |
25347 | } | |
25348 | ||
25349 | -static struct backlight_ops pcc_backlight_ops = { | |
25350 | +static const struct backlight_ops pcc_backlight_ops = { | |
25351 | .get_brightness = bl_get, | |
25352 | .update_status = bl_set_status, | |
25353 | }; | |
25354 | diff -urNp linux-2.6.33.1/drivers/platform/x86/sony-laptop.c linux-2.6.33.1/drivers/platform/x86/sony-laptop.c | |
25355 | --- linux-2.6.33.1/drivers/platform/x86/sony-laptop.c 2010-03-15 12:09:39.000000000 -0400 | |
25356 | +++ linux-2.6.33.1/drivers/platform/x86/sony-laptop.c 2010-03-20 16:58:40.508859925 -0400 | |
25357 | @@ -853,7 +853,7 @@ static int sony_backlight_get_brightness | |
25358 | } | |
25359 | ||
25360 | static struct backlight_device *sony_backlight_device; | |
25361 | -static struct backlight_ops sony_backlight_ops = { | |
25362 | +static const struct backlight_ops sony_backlight_ops = { | |
25363 | .update_status = sony_backlight_update_status, | |
25364 | .get_brightness = sony_backlight_get_brightness, | |
25365 | }; | |
25366 | diff -urNp linux-2.6.33.1/drivers/platform/x86/thinkpad_acpi.c linux-2.6.33.1/drivers/platform/x86/thinkpad_acpi.c | |
25367 | --- linux-2.6.33.1/drivers/platform/x86/thinkpad_acpi.c 2010-03-15 12:09:39.000000000 -0400 | |
25368 | +++ linux-2.6.33.1/drivers/platform/x86/thinkpad_acpi.c 2010-03-20 16:58:40.516859801 -0400 | |
25369 | @@ -6131,7 +6131,7 @@ static void tpacpi_brightness_notify_cha | |
25370 | BACKLIGHT_UPDATE_HOTKEY); | |
25371 | } | |
25372 | ||
25373 | -static struct backlight_ops ibm_backlight_data = { | |
25374 | +static const struct backlight_ops ibm_backlight_data = { | |
25375 | .get_brightness = brightness_get, | |
25376 | .update_status = brightness_update_status, | |
25377 | }; | |
25378 | diff -urNp linux-2.6.33.1/drivers/platform/x86/toshiba_acpi.c linux-2.6.33.1/drivers/platform/x86/toshiba_acpi.c | |
25379 | --- linux-2.6.33.1/drivers/platform/x86/toshiba_acpi.c 2010-03-15 12:09:39.000000000 -0400 | |
25380 | +++ linux-2.6.33.1/drivers/platform/x86/toshiba_acpi.c 2010-03-20 16:58:40.520536360 -0400 | |
25381 | @@ -706,7 +706,7 @@ static acpi_status remove_device(void) | |
25382 | return AE_OK; | |
25383 | } | |
25384 | ||
25385 | -static struct backlight_ops toshiba_backlight_data = { | |
25386 | +static const struct backlight_ops toshiba_backlight_data = { | |
25387 | .get_brightness = get_lcd, | |
25388 | .update_status = set_lcd_status, | |
25389 | }; | |
25390 | diff -urNp linux-2.6.33.1/drivers/pnp/pnpbios/bioscalls.c linux-2.6.33.1/drivers/pnp/pnpbios/bioscalls.c | |
25391 | --- linux-2.6.33.1/drivers/pnp/pnpbios/bioscalls.c 2010-03-15 12:09:39.000000000 -0400 | |
25392 | +++ linux-2.6.33.1/drivers/pnp/pnpbios/bioscalls.c 2010-03-20 16:58:40.524855697 -0400 | |
25393 | @@ -60,7 +60,7 @@ do { \ | |
25394 | set_desc_limit(&gdt[(selname) >> 3], (size) - 1); \ | |
58c5fc13 MT |
25395 | } while(0) |
25396 | ||
ae4e228f MT |
25397 | -static struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4092, |
25398 | +static const struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4093, | |
25399 | (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1); | |
58c5fc13 MT |
25400 | |
25401 | /* | |
ae4e228f | 25402 | @@ -97,7 +97,10 @@ static inline u16 call_pnp_bios(u16 func |
58c5fc13 MT |
25403 | |
25404 | cpu = get_cpu(); | |
25405 | save_desc_40 = get_cpu_gdt_table(cpu)[0x40 / 8]; | |
25406 | + | |
ae4e228f | 25407 | + pax_open_kernel(); |
58c5fc13 | 25408 | get_cpu_gdt_table(cpu)[0x40 / 8] = bad_bios_desc; |
ae4e228f | 25409 | + pax_close_kernel(); |
58c5fc13 | 25410 | |
58c5fc13 MT |
25411 | /* On some boxes IRQ's during PnP BIOS calls are deadly. */ |
25412 | spin_lock_irqsave(&pnp_bios_lock, flags); | |
ae4e228f | 25413 | @@ -135,7 +138,10 @@ static inline u16 call_pnp_bios(u16 func |
58c5fc13 MT |
25414 | :"memory"); |
25415 | spin_unlock_irqrestore(&pnp_bios_lock, flags); | |
25416 | ||
ae4e228f | 25417 | + pax_open_kernel(); |
58c5fc13 | 25418 | get_cpu_gdt_table(cpu)[0x40 / 8] = save_desc_40; |
ae4e228f | 25419 | + pax_close_kernel(); |
58c5fc13 MT |
25420 | + |
25421 | put_cpu(); | |
25422 | ||
25423 | /* If we get here and this is set then the PnP BIOS faulted on us. */ | |
ae4e228f | 25424 | @@ -469,7 +475,7 @@ int pnp_bios_read_escd(char *data, u32 n |
58c5fc13 MT |
25425 | return status; |
25426 | } | |
25427 | ||
25428 | -void pnpbios_calls_init(union pnp_bios_install_struct *header) | |
25429 | +void __init pnpbios_calls_init(union pnp_bios_install_struct *header) | |
25430 | { | |
25431 | int i; | |
25432 | ||
ae4e228f | 25433 | @@ -477,6 +483,8 @@ void pnpbios_calls_init(union pnp_bios_i |
58c5fc13 MT |
25434 | pnp_bios_callpoint.offset = header->fields.pm16offset; |
25435 | pnp_bios_callpoint.segment = PNP_CS16; | |
25436 | ||
ae4e228f | 25437 | + pax_open_kernel(); |
58c5fc13 | 25438 | + |
ae4e228f MT |
25439 | for_each_possible_cpu(i) { |
25440 | struct desc_struct *gdt = get_cpu_gdt_table(i); | |
25441 | if (!gdt) | |
25442 | @@ -488,4 +496,6 @@ void pnpbios_calls_init(union pnp_bios_i | |
25443 | set_desc_base(&gdt[GDT_ENTRY_PNPBIOS_DS], | |
25444 | (unsigned long)__va(header->fields.pm16dseg)); | |
58c5fc13 MT |
25445 | } |
25446 | + | |
ae4e228f | 25447 | + pax_close_kernel(); |
58c5fc13 | 25448 | } |
ae4e228f MT |
25449 | diff -urNp linux-2.6.33.1/drivers/pnp/quirks.c linux-2.6.33.1/drivers/pnp/quirks.c |
25450 | --- linux-2.6.33.1/drivers/pnp/quirks.c 2010-03-15 12:09:39.000000000 -0400 | |
25451 | +++ linux-2.6.33.1/drivers/pnp/quirks.c 2010-03-20 16:58:40.528847437 -0400 | |
25452 | @@ -322,7 +322,7 @@ static struct pnp_fixup pnp_fixups[] = { | |
58c5fc13 MT |
25453 | /* PnP resources that might overlap PCI BARs */ |
25454 | {"PNP0c01", quirk_system_pci_resources}, | |
25455 | {"PNP0c02", quirk_system_pci_resources}, | |
25456 | - {""} | |
25457 | + {"", NULL} | |
25458 | }; | |
25459 | ||
25460 | void pnp_fixup_device(struct pnp_dev *dev) | |
ae4e228f MT |
25461 | diff -urNp linux-2.6.33.1/drivers/pnp/resource.c linux-2.6.33.1/drivers/pnp/resource.c |
25462 | --- linux-2.6.33.1/drivers/pnp/resource.c 2010-03-15 12:09:39.000000000 -0400 | |
25463 | +++ linux-2.6.33.1/drivers/pnp/resource.c 2010-03-20 16:58:40.532529204 -0400 | |
58c5fc13 MT |
25464 | @@ -355,7 +355,7 @@ int pnp_check_irq(struct pnp_dev *dev, s |
25465 | return 1; | |
25466 | ||
25467 | /* check if the resource is valid */ | |
25468 | - if (*irq < 0 || *irq > 15) | |
25469 | + if (*irq > 15) | |
25470 | return 0; | |
25471 | ||
25472 | /* check if the resource is reserved */ | |
25473 | @@ -419,7 +419,7 @@ int pnp_check_dma(struct pnp_dev *dev, s | |
25474 | return 1; | |
25475 | ||
25476 | /* check if the resource is valid */ | |
25477 | - if (*dma < 0 || *dma == 4 || *dma > 7) | |
25478 | + if (*dma == 4 || *dma > 7) | |
25479 | return 0; | |
25480 | ||
25481 | /* check if the resource is reserved */ | |
ae4e228f MT |
25482 | diff -urNp linux-2.6.33.1/drivers/s390/cio/qdio_debug.c linux-2.6.33.1/drivers/s390/cio/qdio_debug.c |
25483 | --- linux-2.6.33.1/drivers/s390/cio/qdio_debug.c 2010-03-15 12:09:39.000000000 -0400 | |
25484 | +++ linux-2.6.33.1/drivers/s390/cio/qdio_debug.c 2010-03-20 16:58:40.552847675 -0400 | |
25485 | @@ -215,7 +215,7 @@ static int qperf_seq_open(struct inode * | |
25486 | filp->f_path.dentry->d_inode->i_private); | |
58c5fc13 MT |
25487 | } |
25488 | ||
ae4e228f MT |
25489 | -static struct file_operations debugfs_perf_fops = { |
25490 | +static const struct file_operations debugfs_perf_fops = { | |
58c5fc13 | 25491 | .owner = THIS_MODULE, |
ae4e228f | 25492 | .open = qperf_seq_open, |
58c5fc13 | 25493 | .read = seq_read, |
ae4e228f MT |
25494 | diff -urNp linux-2.6.33.1/drivers/scsi/ipr.c linux-2.6.33.1/drivers/scsi/ipr.c |
25495 | --- linux-2.6.33.1/drivers/scsi/ipr.c 2010-03-15 12:09:39.000000000 -0400 | |
25496 | +++ linux-2.6.33.1/drivers/scsi/ipr.c 2010-03-20 16:58:40.596672237 -0400 | |
25497 | @@ -5291,7 +5291,7 @@ static bool ipr_qc_fill_rtf(struct ata_q | |
25498 | return true; | |
58c5fc13 MT |
25499 | } |
25500 | ||
ae4e228f MT |
25501 | -static struct ata_port_operations ipr_sata_ops = { |
25502 | +static const struct ata_port_operations ipr_sata_ops = { | |
25503 | .phy_reset = ipr_ata_phy_reset, | |
25504 | .hardreset = ipr_sata_reset, | |
25505 | .post_internal_cmd = ipr_ata_post_internal, | |
25506 | diff -urNp linux-2.6.33.1/drivers/scsi/libfc/fc_exch.c linux-2.6.33.1/drivers/scsi/libfc/fc_exch.c | |
25507 | --- linux-2.6.33.1/drivers/scsi/libfc/fc_exch.c 2010-03-15 12:09:39.000000000 -0400 | |
25508 | +++ linux-2.6.33.1/drivers/scsi/libfc/fc_exch.c 2010-03-20 16:58:40.600909572 -0400 | |
25509 | @@ -100,12 +100,12 @@ struct fc_exch_mgr { | |
58c5fc13 MT |
25510 | * all together if not used XXX |
25511 | */ | |
25512 | struct { | |
25513 | - atomic_t no_free_exch; | |
25514 | - atomic_t no_free_exch_xid; | |
25515 | - atomic_t xid_not_found; | |
25516 | - atomic_t xid_busy; | |
25517 | - atomic_t seq_not_found; | |
25518 | - atomic_t non_bls_resp; | |
25519 | + atomic_unchecked_t no_free_exch; | |
25520 | + atomic_unchecked_t no_free_exch_xid; | |
25521 | + atomic_unchecked_t xid_not_found; | |
25522 | + atomic_unchecked_t xid_busy; | |
25523 | + atomic_unchecked_t seq_not_found; | |
25524 | + atomic_unchecked_t non_bls_resp; | |
25525 | } stats; | |
58c5fc13 | 25526 | }; |
ae4e228f MT |
25527 | #define fc_seq_exch(sp) container_of(sp, struct fc_exch, seq) |
25528 | @@ -671,7 +671,7 @@ static struct fc_exch *fc_exch_em_alloc( | |
58c5fc13 MT |
25529 | /* allocate memory for exchange */ |
25530 | ep = mempool_alloc(mp->ep_pool, GFP_ATOMIC); | |
25531 | if (!ep) { | |
25532 | - atomic_inc(&mp->stats.no_free_exch); | |
25533 | + atomic_inc_unchecked(&mp->stats.no_free_exch); | |
25534 | goto out; | |
25535 | } | |
25536 | memset(ep, 0, sizeof(*ep)); | |
ae4e228f | 25537 | @@ -718,7 +718,7 @@ out: |
58c5fc13 MT |
25538 | return ep; |
25539 | err: | |
ae4e228f | 25540 | spin_unlock_bh(&pool->lock); |
58c5fc13 MT |
25541 | - atomic_inc(&mp->stats.no_free_exch_xid); |
25542 | + atomic_inc_unchecked(&mp->stats.no_free_exch_xid); | |
25543 | mempool_free(ep, mp->ep_pool); | |
25544 | return NULL; | |
25545 | } | |
ae4e228f | 25546 | @@ -868,7 +868,7 @@ static enum fc_pf_rjt_reason fc_seq_look |
58c5fc13 MT |
25547 | xid = ntohs(fh->fh_ox_id); /* we originated exch */ |
25548 | ep = fc_exch_find(mp, xid); | |
25549 | if (!ep) { | |
25550 | - atomic_inc(&mp->stats.xid_not_found); | |
25551 | + atomic_inc_unchecked(&mp->stats.xid_not_found); | |
25552 | reject = FC_RJT_OX_ID; | |
25553 | goto out; | |
25554 | } | |
ae4e228f | 25555 | @@ -898,7 +898,7 @@ static enum fc_pf_rjt_reason fc_seq_look |
58c5fc13 MT |
25556 | ep = fc_exch_find(mp, xid); |
25557 | if ((f_ctl & FC_FC_FIRST_SEQ) && fc_sof_is_init(fr_sof(fp))) { | |
25558 | if (ep) { | |
25559 | - atomic_inc(&mp->stats.xid_busy); | |
25560 | + atomic_inc_unchecked(&mp->stats.xid_busy); | |
25561 | reject = FC_RJT_RX_ID; | |
25562 | goto rel; | |
25563 | } | |
ae4e228f | 25564 | @@ -909,7 +909,7 @@ static enum fc_pf_rjt_reason fc_seq_look |
58c5fc13 MT |
25565 | } |
25566 | xid = ep->xid; /* get our XID */ | |
25567 | } else if (!ep) { | |
25568 | - atomic_inc(&mp->stats.xid_not_found); | |
25569 | + atomic_inc_unchecked(&mp->stats.xid_not_found); | |
25570 | reject = FC_RJT_RX_ID; /* XID not found */ | |
25571 | goto out; | |
25572 | } | |
ae4e228f | 25573 | @@ -930,7 +930,7 @@ static enum fc_pf_rjt_reason fc_seq_look |
58c5fc13 MT |
25574 | } else { |
25575 | sp = &ep->seq; | |
25576 | if (sp->id != fh->fh_seq_id) { | |
25577 | - atomic_inc(&mp->stats.seq_not_found); | |
25578 | + atomic_inc_unchecked(&mp->stats.seq_not_found); | |
25579 | reject = FC_RJT_SEQ_ID; /* sequence/exch should exist */ | |
25580 | goto rel; | |
25581 | } | |
ae4e228f | 25582 | @@ -1317,22 +1317,22 @@ static void fc_exch_recv_seq_resp(struct |
58c5fc13 MT |
25583 | |
25584 | ep = fc_exch_find(mp, ntohs(fh->fh_ox_id)); | |
25585 | if (!ep) { | |
25586 | - atomic_inc(&mp->stats.xid_not_found); | |
25587 | + atomic_inc_unchecked(&mp->stats.xid_not_found); | |
25588 | goto out; | |
25589 | } | |
25590 | if (ep->esb_stat & ESB_ST_COMPLETE) { | |
25591 | - atomic_inc(&mp->stats.xid_not_found); | |
25592 | + atomic_inc_unchecked(&mp->stats.xid_not_found); | |
25593 | goto out; | |
25594 | } | |
25595 | if (ep->rxid == FC_XID_UNKNOWN) | |
25596 | ep->rxid = ntohs(fh->fh_rx_id); | |
25597 | if (ep->sid != 0 && ep->sid != ntoh24(fh->fh_d_id)) { | |
25598 | - atomic_inc(&mp->stats.xid_not_found); | |
25599 | + atomic_inc_unchecked(&mp->stats.xid_not_found); | |
25600 | goto rel; | |
25601 | } | |
25602 | if (ep->did != ntoh24(fh->fh_s_id) && | |
25603 | ep->did != FC_FID_FLOGI) { | |
25604 | - atomic_inc(&mp->stats.xid_not_found); | |
25605 | + atomic_inc_unchecked(&mp->stats.xid_not_found); | |
25606 | goto rel; | |
25607 | } | |
25608 | sof = fr_sof(fp); | |
ae4e228f | 25609 | @@ -1343,7 +1343,7 @@ static void fc_exch_recv_seq_resp(struct |
58c5fc13 MT |
25610 | } else { |
25611 | sp = &ep->seq; | |
25612 | if (sp->id != fh->fh_seq_id) { | |
25613 | - atomic_inc(&mp->stats.seq_not_found); | |
25614 | + atomic_inc_unchecked(&mp->stats.seq_not_found); | |
25615 | goto rel; | |
25616 | } | |
25617 | } | |
ae4e228f | 25618 | @@ -1406,9 +1406,9 @@ static void fc_exch_recv_resp(struct fc_ |
58c5fc13 | 25619 | sp = fc_seq_lookup_orig(mp, fp); /* doesn't hold sequence */ |
ae4e228f MT |
25620 | |
25621 | if (!sp) | |
58c5fc13 MT |
25622 | - atomic_inc(&mp->stats.xid_not_found); |
25623 | + atomic_inc_unchecked(&mp->stats.xid_not_found); | |
ae4e228f | 25624 | else |
58c5fc13 MT |
25625 | - atomic_inc(&mp->stats.non_bls_resp); |
25626 | + atomic_inc_unchecked(&mp->stats.non_bls_resp); | |
ae4e228f | 25627 | |
58c5fc13 | 25628 | fc_frame_free(fp); |
ae4e228f MT |
25629 | } |
25630 | diff -urNp linux-2.6.33.1/drivers/scsi/libsas/sas_ata.c linux-2.6.33.1/drivers/scsi/libsas/sas_ata.c | |
25631 | --- linux-2.6.33.1/drivers/scsi/libsas/sas_ata.c 2010-03-15 12:09:39.000000000 -0400 | |
25632 | +++ linux-2.6.33.1/drivers/scsi/libsas/sas_ata.c 2010-03-20 16:58:40.625874020 -0400 | |
25633 | @@ -343,7 +343,7 @@ static int sas_ata_scr_read(struct ata_l | |
25634 | } | |
25635 | } | |
25636 | ||
25637 | -static struct ata_port_operations sas_sata_ops = { | |
25638 | +static const struct ata_port_operations sas_sata_ops = { | |
25639 | .phy_reset = sas_ata_phy_reset, | |
25640 | .post_internal_cmd = sas_ata_post_internal, | |
25641 | .qc_prep = ata_noop_qc_prep, | |
25642 | diff -urNp linux-2.6.33.1/drivers/scsi/scsi_logging.h linux-2.6.33.1/drivers/scsi/scsi_logging.h | |
25643 | --- linux-2.6.33.1/drivers/scsi/scsi_logging.h 2010-03-15 12:09:39.000000000 -0400 | |
25644 | +++ linux-2.6.33.1/drivers/scsi/scsi_logging.h 2010-03-20 16:58:40.673358427 -0400 | |
58c5fc13 MT |
25645 | @@ -51,7 +51,7 @@ do { \ |
25646 | } while (0); \ | |
25647 | } while (0) | |
25648 | #else | |
25649 | -#define SCSI_CHECK_LOGGING(SHIFT, BITS, LEVEL, CMD) | |
25650 | +#define SCSI_CHECK_LOGGING(SHIFT, BITS, LEVEL, CMD) do {} while (0) | |
25651 | #endif /* CONFIG_SCSI_LOGGING */ | |
25652 | ||
25653 | /* | |
ae4e228f MT |
25654 | diff -urNp linux-2.6.33.1/drivers/scsi/sg.c linux-2.6.33.1/drivers/scsi/sg.c |
25655 | --- linux-2.6.33.1/drivers/scsi/sg.c 2010-03-15 12:09:39.000000000 -0400 | |
25656 | +++ linux-2.6.33.1/drivers/scsi/sg.c 2010-03-20 16:58:40.692870926 -0400 | |
25657 | @@ -2292,7 +2292,7 @@ struct sg_proc_leaf { | |
25658 | const struct file_operations * fops; | |
58c5fc13 MT |
25659 | }; |
25660 | ||
ae4e228f MT |
25661 | -static struct sg_proc_leaf sg_proc_leaf_arr[] = { |
25662 | +static const struct sg_proc_leaf sg_proc_leaf_arr[] = { | |
25663 | {"allow_dio", &adio_fops}, | |
25664 | {"debug", &debug_fops}, | |
25665 | {"def_reserved_size", &dressz_fops}, | |
25666 | @@ -2307,7 +2307,7 @@ sg_proc_init(void) | |
25667 | { | |
25668 | int k, mask; | |
25669 | int num_leaves = ARRAY_SIZE(sg_proc_leaf_arr); | |
25670 | - struct sg_proc_leaf * leaf; | |
25671 | + const struct sg_proc_leaf * leaf; | |
25672 | ||
25673 | sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL); | |
25674 | if (!sg_proc_sgp) | |
25675 | diff -urNp linux-2.6.33.1/drivers/serial/8250_pci.c linux-2.6.33.1/drivers/serial/8250_pci.c | |
25676 | --- linux-2.6.33.1/drivers/serial/8250_pci.c 2010-03-15 12:09:39.000000000 -0400 | |
25677 | +++ linux-2.6.33.1/drivers/serial/8250_pci.c 2010-03-20 16:58:40.736223750 -0400 | |
25678 | @@ -3664,7 +3664,7 @@ static struct pci_device_id serial_pci_t | |
58c5fc13 MT |
25679 | PCI_ANY_ID, PCI_ANY_ID, |
25680 | PCI_CLASS_COMMUNICATION_MULTISERIAL << 8, | |
25681 | 0xffff00, pbn_default }, | |
25682 | - { 0, } | |
25683 | + { 0, 0, 0, 0, 0, 0, 0 } | |
25684 | }; | |
25685 | ||
25686 | static struct pci_driver serial_pci_driver = { | |
ae4e228f MT |
25687 | diff -urNp linux-2.6.33.1/drivers/serial/kgdboc.c linux-2.6.33.1/drivers/serial/kgdboc.c |
25688 | --- linux-2.6.33.1/drivers/serial/kgdboc.c 2010-03-15 12:09:39.000000000 -0400 | |
25689 | +++ linux-2.6.33.1/drivers/serial/kgdboc.c 2010-03-20 16:58:40.745176799 -0400 | |
25690 | @@ -18,7 +18,7 @@ | |
25691 | ||
25692 | #define MAX_CONFIG_LEN 40 | |
25693 | ||
25694 | -static struct kgdb_io kgdboc_io_ops; | |
25695 | +static const struct kgdb_io kgdboc_io_ops; | |
25696 | ||
25697 | /* -1 = init not run yet, 0 = unconfigured, 1 = configured. */ | |
25698 | static int configured = -1; | |
25699 | @@ -154,7 +154,7 @@ static void kgdboc_post_exp_handler(void | |
25700 | module_put(THIS_MODULE); | |
25701 | } | |
25702 | ||
25703 | -static struct kgdb_io kgdboc_io_ops = { | |
25704 | +static const struct kgdb_io kgdboc_io_ops = { | |
25705 | .name = "kgdboc", | |
25706 | .read_char = kgdboc_get_char, | |
25707 | .write_char = kgdboc_put_char, | |
25708 | diff -urNp linux-2.6.33.1/drivers/staging/b3dfg/b3dfg.c linux-2.6.33.1/drivers/staging/b3dfg/b3dfg.c | |
25709 | --- linux-2.6.33.1/drivers/staging/b3dfg/b3dfg.c 2010-03-15 12:09:39.000000000 -0400 | |
25710 | +++ linux-2.6.33.1/drivers/staging/b3dfg/b3dfg.c 2010-03-20 16:58:40.760695484 -0400 | |
25711 | @@ -455,7 +455,7 @@ static int b3dfg_vma_fault(struct vm_are | |
58c5fc13 MT |
25712 | return VM_FAULT_NOPAGE; |
25713 | } | |
25714 | ||
25715 | -static struct vm_operations_struct b3dfg_vm_ops = { | |
25716 | +static const struct vm_operations_struct b3dfg_vm_ops = { | |
25717 | .fault = b3dfg_vma_fault, | |
25718 | }; | |
25719 | ||
ae4e228f | 25720 | @@ -836,7 +836,7 @@ static int b3dfg_mmap(struct file *filp, |
58c5fc13 MT |
25721 | return r; |
25722 | } | |
25723 | ||
25724 | -static struct file_operations b3dfg_fops = { | |
25725 | +static const struct file_operations b3dfg_fops = { | |
25726 | .owner = THIS_MODULE, | |
25727 | .open = b3dfg_open, | |
25728 | .release = b3dfg_release, | |
ae4e228f MT |
25729 | diff -urNp linux-2.6.33.1/drivers/staging/comedi/comedi_fops.c linux-2.6.33.1/drivers/staging/comedi/comedi_fops.c |
25730 | --- linux-2.6.33.1/drivers/staging/comedi/comedi_fops.c 2010-03-15 12:09:39.000000000 -0400 | |
25731 | +++ linux-2.6.33.1/drivers/staging/comedi/comedi_fops.c 2010-03-20 16:58:40.772884102 -0400 | |
25732 | @@ -1384,7 +1384,7 @@ void comedi_unmap(struct vm_area_struct | |
58c5fc13 MT |
25733 | mutex_unlock(&dev->mutex); |
25734 | } | |
25735 | ||
25736 | -static struct vm_operations_struct comedi_vm_ops = { | |
25737 | +static const struct vm_operations_struct comedi_vm_ops = { | |
ae4e228f | 25738 | .close = comedi_unmap, |
58c5fc13 MT |
25739 | }; |
25740 | ||
ae4e228f MT |
25741 | diff -urNp linux-2.6.33.1/drivers/staging/dream/pmem.c linux-2.6.33.1/drivers/staging/dream/pmem.c |
25742 | --- linux-2.6.33.1/drivers/staging/dream/pmem.c 2010-03-15 12:09:39.000000000 -0400 | |
25743 | +++ linux-2.6.33.1/drivers/staging/dream/pmem.c 2010-03-20 16:58:40.792529665 -0400 | |
25744 | @@ -174,7 +174,7 @@ static int pmem_mmap(struct file *, stru | |
25745 | static int pmem_open(struct inode *, struct file *); | |
25746 | static long pmem_ioctl(struct file *, unsigned int, unsigned long); | |
25747 | ||
25748 | -struct file_operations pmem_fops = { | |
25749 | +const struct file_operations pmem_fops = { | |
25750 | .release = pmem_release, | |
25751 | .mmap = pmem_mmap, | |
25752 | .open = pmem_open, | |
25753 | @@ -1202,7 +1202,7 @@ static ssize_t debug_read(struct file *f | |
25754 | return simple_read_from_buffer(buf, count, ppos, buffer, n); | |
25755 | } | |
58c5fc13 | 25756 | |
ae4e228f MT |
25757 | -static struct file_operations debug_fops = { |
25758 | +static const struct file_operations debug_fops = { | |
25759 | .read = debug_read, | |
25760 | .open = debug_open, | |
25761 | }; | |
25762 | diff -urNp linux-2.6.33.1/drivers/staging/dream/qdsp5/adsp_driver.c linux-2.6.33.1/drivers/staging/dream/qdsp5/adsp_driver.c | |
25763 | --- linux-2.6.33.1/drivers/staging/dream/qdsp5/adsp_driver.c 2010-03-15 12:09:39.000000000 -0400 | |
25764 | +++ linux-2.6.33.1/drivers/staging/dream/qdsp5/adsp_driver.c 2010-03-20 16:58:40.796888570 -0400 | |
25765 | @@ -576,7 +576,7 @@ static struct adsp_device *inode_to_devi | |
25766 | static dev_t adsp_devno; | |
25767 | static struct class *adsp_class; | |
25768 | ||
25769 | -static struct file_operations adsp_fops = { | |
25770 | +static const struct file_operations adsp_fops = { | |
25771 | .owner = THIS_MODULE, | |
25772 | .open = adsp_open, | |
25773 | .unlocked_ioctl = adsp_ioctl, | |
25774 | diff -urNp linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_aac.c linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_aac.c | |
25775 | --- linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_aac.c 2010-03-15 12:09:39.000000000 -0400 | |
25776 | +++ linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_aac.c 2010-03-20 16:58:40.808875958 -0400 | |
25777 | @@ -1022,7 +1022,7 @@ done: | |
25778 | return rc; | |
25779 | } | |
58c5fc13 | 25780 | |
ae4e228f MT |
25781 | -static struct file_operations audio_aac_fops = { |
25782 | +static const struct file_operations audio_aac_fops = { | |
25783 | .owner = THIS_MODULE, | |
25784 | .open = audio_open, | |
25785 | .release = audio_release, | |
25786 | diff -urNp linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_amrnb.c linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_amrnb.c | |
25787 | --- linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_amrnb.c 2010-03-15 12:09:39.000000000 -0400 | |
25788 | +++ linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_amrnb.c 2010-03-20 16:58:40.808875958 -0400 | |
25789 | @@ -833,7 +833,7 @@ done: | |
25790 | return rc; | |
25791 | } | |
25792 | ||
25793 | -static struct file_operations audio_amrnb_fops = { | |
25794 | +static const struct file_operations audio_amrnb_fops = { | |
25795 | .owner = THIS_MODULE, | |
25796 | .open = audamrnb_open, | |
25797 | .release = audamrnb_release, | |
25798 | diff -urNp linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_evrc.c linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_evrc.c | |
25799 | --- linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_evrc.c 2010-03-15 12:09:39.000000000 -0400 | |
25800 | +++ linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_evrc.c 2010-03-20 16:58:40.812532082 -0400 | |
25801 | @@ -805,7 +805,7 @@ dma_fail: | |
25802 | return rc; | |
25803 | } | |
25804 | ||
25805 | -static struct file_operations audio_evrc_fops = { | |
25806 | +static const struct file_operations audio_evrc_fops = { | |
25807 | .owner = THIS_MODULE, | |
25808 | .open = audevrc_open, | |
25809 | .release = audevrc_release, | |
25810 | diff -urNp linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_in.c linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_in.c | |
25811 | --- linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_in.c 2010-03-15 12:09:39.000000000 -0400 | |
25812 | +++ linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_in.c 2010-03-20 16:58:40.812532082 -0400 | |
25813 | @@ -913,7 +913,7 @@ static int audpre_open(struct inode *ino | |
25814 | return 0; | |
25815 | } | |
25816 | ||
25817 | -static struct file_operations audio_fops = { | |
25818 | +static const struct file_operations audio_fops = { | |
25819 | .owner = THIS_MODULE, | |
25820 | .open = audio_in_open, | |
25821 | .release = audio_in_release, | |
25822 | @@ -922,7 +922,7 @@ static struct file_operations audio_fops | |
25823 | .unlocked_ioctl = audio_in_ioctl, | |
25824 | }; | |
25825 | ||
25826 | -static struct file_operations audpre_fops = { | |
25827 | +static const struct file_operations audpre_fops = { | |
25828 | .owner = THIS_MODULE, | |
25829 | .open = audpre_open, | |
25830 | .unlocked_ioctl = audpre_ioctl, | |
25831 | diff -urNp linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_mp3.c linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_mp3.c | |
25832 | --- linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_mp3.c 2010-03-15 12:09:39.000000000 -0400 | |
25833 | +++ linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_mp3.c 2010-03-20 16:58:40.812532082 -0400 | |
25834 | @@ -941,7 +941,7 @@ done: | |
25835 | return rc; | |
25836 | } | |
25837 | ||
25838 | -static struct file_operations audio_mp3_fops = { | |
25839 | +static const struct file_operations audio_mp3_fops = { | |
25840 | .owner = THIS_MODULE, | |
25841 | .open = audio_open, | |
25842 | .release = audio_release, | |
25843 | diff -urNp linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_out.c linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_out.c | |
25844 | --- linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_out.c 2010-03-15 12:09:39.000000000 -0400 | |
25845 | +++ linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_out.c 2010-03-20 16:58:40.812532082 -0400 | |
25846 | @@ -806,7 +806,7 @@ static int audpp_open(struct inode *inod | |
25847 | return 0; | |
25848 | } | |
25849 | ||
25850 | -static struct file_operations audio_fops = { | |
25851 | +static const struct file_operations audio_fops = { | |
25852 | .owner = THIS_MODULE, | |
25853 | .open = audio_open, | |
25854 | .release = audio_release, | |
25855 | @@ -815,7 +815,7 @@ static struct file_operations audio_fops | |
25856 | .unlocked_ioctl = audio_ioctl, | |
25857 | }; | |
25858 | ||
25859 | -static struct file_operations audpp_fops = { | |
25860 | +static const struct file_operations audpp_fops = { | |
25861 | .owner = THIS_MODULE, | |
25862 | .open = audpp_open, | |
25863 | .unlocked_ioctl = audpp_ioctl, | |
25864 | diff -urNp linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_qcelp.c linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_qcelp.c | |
25865 | --- linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_qcelp.c 2010-03-15 12:09:39.000000000 -0400 | |
25866 | +++ linux-2.6.33.1/drivers/staging/dream/qdsp5/audio_qcelp.c 2010-03-20 16:58:40.816705807 -0400 | |
25867 | @@ -816,7 +816,7 @@ err: | |
25868 | return rc; | |
25869 | } | |
25870 | ||
25871 | -static struct file_operations audio_qcelp_fops = { | |
25872 | +static const struct file_operations audio_qcelp_fops = { | |
58c5fc13 | 25873 | .owner = THIS_MODULE, |
ae4e228f MT |
25874 | .open = audqcelp_open, |
25875 | .release = audqcelp_release, | |
25876 | diff -urNp linux-2.6.33.1/drivers/staging/dream/qdsp5/snd.c linux-2.6.33.1/drivers/staging/dream/qdsp5/snd.c | |
25877 | --- linux-2.6.33.1/drivers/staging/dream/qdsp5/snd.c 2010-03-15 12:09:39.000000000 -0400 | |
25878 | +++ linux-2.6.33.1/drivers/staging/dream/qdsp5/snd.c 2010-03-20 16:58:40.816705807 -0400 | |
25879 | @@ -242,7 +242,7 @@ err: | |
25880 | return rc; | |
25881 | } | |
25882 | ||
25883 | -static struct file_operations snd_fops = { | |
25884 | +static const struct file_operations snd_fops = { | |
25885 | .owner = THIS_MODULE, | |
25886 | .open = snd_open, | |
25887 | .release = snd_release, | |
25888 | diff -urNp linux-2.6.33.1/drivers/staging/dream/smd/smd_qmi.c linux-2.6.33.1/drivers/staging/dream/smd/smd_qmi.c | |
25889 | --- linux-2.6.33.1/drivers/staging/dream/smd/smd_qmi.c 2010-03-15 12:09:39.000000000 -0400 | |
25890 | +++ linux-2.6.33.1/drivers/staging/dream/smd/smd_qmi.c 2010-03-20 16:58:40.828884259 -0400 | |
25891 | @@ -788,7 +788,7 @@ static int qmi_release(struct inode *ip, | |
25892 | return 0; | |
25893 | } | |
25894 | ||
25895 | -static struct file_operations qmi_fops = { | |
25896 | +static const struct file_operations qmi_fops = { | |
25897 | .owner = THIS_MODULE, | |
25898 | .read = qmi_read, | |
25899 | .write = qmi_write, | |
25900 | diff -urNp linux-2.6.33.1/drivers/staging/dream/smd/smd_rpcrouter_device.c linux-2.6.33.1/drivers/staging/dream/smd/smd_rpcrouter_device.c | |
25901 | --- linux-2.6.33.1/drivers/staging/dream/smd/smd_rpcrouter_device.c 2010-03-15 12:09:39.000000000 -0400 | |
25902 | +++ linux-2.6.33.1/drivers/staging/dream/smd/smd_rpcrouter_device.c 2010-03-20 16:58:40.828884259 -0400 | |
25903 | @@ -214,7 +214,7 @@ static long rpcrouter_ioctl(struct file | |
25904 | return rc; | |
25905 | } | |
25906 | ||
25907 | -static struct file_operations rpcrouter_server_fops = { | |
25908 | +static const struct file_operations rpcrouter_server_fops = { | |
25909 | .owner = THIS_MODULE, | |
25910 | .open = rpcrouter_open, | |
25911 | .release = rpcrouter_release, | |
25912 | @@ -224,7 +224,7 @@ static struct file_operations rpcrouter_ | |
25913 | .unlocked_ioctl = rpcrouter_ioctl, | |
25914 | }; | |
25915 | ||
25916 | -static struct file_operations rpcrouter_router_fops = { | |
25917 | +static const struct file_operations rpcrouter_router_fops = { | |
25918 | .owner = THIS_MODULE, | |
25919 | .open = rpcrouter_open, | |
25920 | .release = rpcrouter_release, | |
25921 | diff -urNp linux-2.6.33.1/drivers/staging/go7007/go7007-v4l2.c linux-2.6.33.1/drivers/staging/go7007/go7007-v4l2.c | |
25922 | --- linux-2.6.33.1/drivers/staging/go7007/go7007-v4l2.c 2010-03-15 12:09:39.000000000 -0400 | |
25923 | +++ linux-2.6.33.1/drivers/staging/go7007/go7007-v4l2.c 2010-03-20 16:58:40.858660027 -0400 | |
25924 | @@ -1674,7 +1674,7 @@ static int go7007_vm_fault(struct vm_are | |
58c5fc13 MT |
25925 | return 0; |
25926 | } | |
25927 | ||
25928 | -static struct vm_operations_struct go7007_vm_ops = { | |
25929 | +static const struct vm_operations_struct go7007_vm_ops = { | |
25930 | .open = go7007_vm_open, | |
25931 | .close = go7007_vm_close, | |
25932 | .fault = go7007_vm_fault, | |
ae4e228f MT |
25933 | diff -urNp linux-2.6.33.1/drivers/staging/hv/blkvsc_drv.c linux-2.6.33.1/drivers/staging/hv/blkvsc_drv.c |
25934 | --- linux-2.6.33.1/drivers/staging/hv/blkvsc_drv.c 2010-03-15 12:09:39.000000000 -0400 | |
25935 | +++ linux-2.6.33.1/drivers/staging/hv/blkvsc_drv.c 2010-03-20 16:58:40.876878598 -0400 | |
25936 | @@ -153,7 +153,7 @@ static int blkvsc_ringbuffer_size = BLKV | |
25937 | /* The one and only one */ | |
25938 | static struct blkvsc_driver_context g_blkvsc_drv; | |
25939 | ||
25940 | -static struct block_device_operations block_ops = { | |
25941 | +static const struct block_device_operations block_ops = { | |
25942 | .owner = THIS_MODULE, | |
25943 | .open = blkvsc_open, | |
25944 | .release = blkvsc_release, | |
25945 | diff -urNp linux-2.6.33.1/drivers/staging/panel/panel.c linux-2.6.33.1/drivers/staging/panel/panel.c | |
25946 | --- linux-2.6.33.1/drivers/staging/panel/panel.c 2010-03-15 12:09:39.000000000 -0400 | |
25947 | +++ linux-2.6.33.1/drivers/staging/panel/panel.c 2010-03-20 16:58:40.888879754 -0400 | |
25948 | @@ -1305,7 +1305,7 @@ static int lcd_release(struct inode *ino | |
58c5fc13 MT |
25949 | return 0; |
25950 | } | |
25951 | ||
25952 | -static struct file_operations lcd_fops = { | |
25953 | +static const struct file_operations lcd_fops = { | |
25954 | .write = lcd_write, | |
25955 | .open = lcd_open, | |
25956 | .release = lcd_release, | |
ae4e228f | 25957 | @@ -1565,7 +1565,7 @@ static int keypad_release(struct inode * |
58c5fc13 MT |
25958 | return 0; |
25959 | } | |
25960 | ||
25961 | -static struct file_operations keypad_fops = { | |
25962 | +static const struct file_operations keypad_fops = { | |
25963 | .read = keypad_read, /* read */ | |
25964 | .open = keypad_open, /* open */ | |
25965 | .release = keypad_release, /* close */ | |
ae4e228f MT |
25966 | diff -urNp linux-2.6.33.1/drivers/staging/phison/phison.c linux-2.6.33.1/drivers/staging/phison/phison.c |
25967 | --- linux-2.6.33.1/drivers/staging/phison/phison.c 2010-03-15 12:09:39.000000000 -0400 | |
25968 | +++ linux-2.6.33.1/drivers/staging/phison/phison.c 2010-03-20 16:58:40.896878917 -0400 | |
25969 | @@ -43,7 +43,7 @@ static struct scsi_host_template phison_ | |
25970 | ATA_BMDMA_SHT(DRV_NAME), | |
25971 | }; | |
25972 | ||
25973 | -static struct ata_port_operations phison_ops = { | |
25974 | +static const struct ata_port_operations phison_ops = { | |
25975 | .inherits = &ata_bmdma_port_ops, | |
25976 | .prereset = phison_pre_reset, | |
25977 | }; | |
25978 | diff -urNp linux-2.6.33.1/drivers/staging/poch/poch.c linux-2.6.33.1/drivers/staging/poch/poch.c | |
25979 | --- linux-2.6.33.1/drivers/staging/poch/poch.c 2010-03-15 12:09:39.000000000 -0400 | |
25980 | +++ linux-2.6.33.1/drivers/staging/poch/poch.c 2010-03-20 16:58:40.920050870 -0400 | |
25981 | @@ -1032,7 +1032,7 @@ static int poch_ioctl(struct inode *inod | |
58c5fc13 MT |
25982 | return 0; |
25983 | } | |
25984 | ||
25985 | -static struct file_operations poch_fops = { | |
25986 | +static const struct file_operations poch_fops = { | |
25987 | .owner = THIS_MODULE, | |
25988 | .open = poch_open, | |
25989 | .release = poch_release, | |
ae4e228f MT |
25990 | diff -urNp linux-2.6.33.1/drivers/staging/pohmelfs/inode.c linux-2.6.33.1/drivers/staging/pohmelfs/inode.c |
25991 | --- linux-2.6.33.1/drivers/staging/pohmelfs/inode.c 2010-03-15 12:09:39.000000000 -0400 | |
25992 | +++ linux-2.6.33.1/drivers/staging/pohmelfs/inode.c 2010-03-20 16:58:40.936891697 -0400 | |
25993 | @@ -1854,7 +1854,7 @@ static int pohmelfs_fill_super(struct su | |
25994 | mutex_init(&psb->mcache_lock); | |
25995 | psb->mcache_root = RB_ROOT; | |
25996 | psb->mcache_timeout = msecs_to_jiffies(5000); | |
25997 | - atomic_long_set(&psb->mcache_gen, 0); | |
25998 | + atomic_long_set_unchecked(&psb->mcache_gen, 0); | |
25999 | ||
26000 | psb->trans_max_pages = 100; | |
26001 | ||
26002 | diff -urNp linux-2.6.33.1/drivers/staging/pohmelfs/mcache.c linux-2.6.33.1/drivers/staging/pohmelfs/mcache.c | |
26003 | --- linux-2.6.33.1/drivers/staging/pohmelfs/mcache.c 2010-03-15 12:09:39.000000000 -0400 | |
26004 | +++ linux-2.6.33.1/drivers/staging/pohmelfs/mcache.c 2010-03-20 16:58:40.936891697 -0400 | |
26005 | @@ -121,7 +121,7 @@ struct pohmelfs_mcache *pohmelfs_mcache_ | |
26006 | m->data = data; | |
26007 | m->start = start; | |
26008 | m->size = size; | |
26009 | - m->gen = atomic_long_inc_return(&psb->mcache_gen); | |
26010 | + m->gen = atomic_long_inc_return_unchecked(&psb->mcache_gen); | |
26011 | ||
26012 | mutex_lock(&psb->mcache_lock); | |
26013 | err = pohmelfs_mcache_insert(psb, m); | |
26014 | diff -urNp linux-2.6.33.1/drivers/staging/pohmelfs/netfs.h linux-2.6.33.1/drivers/staging/pohmelfs/netfs.h | |
26015 | --- linux-2.6.33.1/drivers/staging/pohmelfs/netfs.h 2010-03-15 12:09:39.000000000 -0400 | |
26016 | +++ linux-2.6.33.1/drivers/staging/pohmelfs/netfs.h 2010-03-20 16:58:40.940661223 -0400 | |
26017 | @@ -571,7 +571,7 @@ struct pohmelfs_config; | |
26018 | struct pohmelfs_sb { | |
26019 | struct rb_root mcache_root; | |
26020 | struct mutex mcache_lock; | |
26021 | - atomic_long_t mcache_gen; | |
26022 | + atomic_long_unchecked_t mcache_gen; | |
26023 | unsigned long mcache_timeout; | |
26024 | ||
26025 | unsigned int idx; | |
26026 | diff -urNp linux-2.6.33.1/drivers/staging/ramzswap/ramzswap_drv.c linux-2.6.33.1/drivers/staging/ramzswap/ramzswap_drv.c | |
26027 | --- linux-2.6.33.1/drivers/staging/ramzswap/ramzswap_drv.c 2010-03-15 12:09:39.000000000 -0400 | |
26028 | +++ linux-2.6.33.1/drivers/staging/ramzswap/ramzswap_drv.c 2010-03-20 16:58:40.944873774 -0400 | |
26029 | @@ -1288,7 +1288,7 @@ out: | |
26030 | return ret; | |
58c5fc13 MT |
26031 | } |
26032 | ||
ae4e228f MT |
26033 | -static struct block_device_operations ramzswap_devops = { |
26034 | +static const struct block_device_operations ramzswap_devops = { | |
26035 | .ioctl = ramzswap_ioctl, | |
26036 | .owner = THIS_MODULE, | |
26037 | }; | |
26038 | diff -urNp linux-2.6.33.1/drivers/staging/rtl8192u/ieee80211/proc.c linux-2.6.33.1/drivers/staging/rtl8192u/ieee80211/proc.c | |
26039 | --- linux-2.6.33.1/drivers/staging/rtl8192u/ieee80211/proc.c 2010-03-15 12:09:39.000000000 -0400 | |
26040 | +++ linux-2.6.33.1/drivers/staging/rtl8192u/ieee80211/proc.c 2010-03-20 16:58:40.944873774 -0400 | |
58c5fc13 MT |
26041 | @@ -99,7 +99,7 @@ static int crypto_info_open(struct inode |
26042 | return seq_open(file, &crypto_seq_ops); | |
26043 | } | |
26044 | ||
26045 | -static struct file_operations proc_crypto_ops = { | |
26046 | +static const struct file_operations proc_crypto_ops = { | |
26047 | .open = crypto_info_open, | |
26048 | .read = seq_read, | |
26049 | .llseek = seq_lseek, | |
ae4e228f MT |
26050 | diff -urNp linux-2.6.33.1/drivers/staging/samsung-laptop/samsung-laptop.c linux-2.6.33.1/drivers/staging/samsung-laptop/samsung-laptop.c |
26051 | --- linux-2.6.33.1/drivers/staging/samsung-laptop/samsung-laptop.c 2010-03-15 12:09:39.000000000 -0400 | |
26052 | +++ linux-2.6.33.1/drivers/staging/samsung-laptop/samsung-laptop.c 2010-03-20 16:58:40.952877179 -0400 | |
26053 | @@ -268,7 +268,7 @@ static int update_status(struct backligh | |
58c5fc13 MT |
26054 | return 0; |
26055 | } | |
26056 | ||
ae4e228f MT |
26057 | -static struct backlight_ops backlight_ops = { |
26058 | +static const struct backlight_ops backlight_ops = { | |
26059 | .get_brightness = get_brightness, | |
26060 | .update_status = update_status, | |
26061 | }; | |
26062 | diff -urNp linux-2.6.33.1/drivers/staging/sep/sep_driver.c linux-2.6.33.1/drivers/staging/sep/sep_driver.c | |
26063 | --- linux-2.6.33.1/drivers/staging/sep/sep_driver.c 2010-03-15 12:09:39.000000000 -0400 | |
26064 | +++ linux-2.6.33.1/drivers/staging/sep/sep_driver.c 2010-03-20 16:58:40.956865691 -0400 | |
26065 | @@ -2605,7 +2605,7 @@ static struct pci_driver sep_pci_driver | |
26066 | static dev_t sep_devno; | |
26067 | ||
26068 | /* the files operations structure of the driver */ | |
26069 | -static struct file_operations sep_file_operations = { | |
26070 | +static const struct file_operations sep_file_operations = { | |
26071 | .owner = THIS_MODULE, | |
26072 | .ioctl = sep_ioctl, | |
26073 | .poll = sep_poll, | |
26074 | diff -urNp linux-2.6.33.1/drivers/staging/vme/devices/vme_user.c linux-2.6.33.1/drivers/staging/vme/devices/vme_user.c | |
26075 | --- linux-2.6.33.1/drivers/staging/vme/devices/vme_user.c 2010-03-15 12:09:39.000000000 -0400 | |
26076 | +++ linux-2.6.33.1/drivers/staging/vme/devices/vme_user.c 2010-03-20 16:58:40.956865691 -0400 | |
26077 | @@ -135,7 +135,7 @@ static int vme_user_ioctl(struct inode * | |
26078 | static int __init vme_user_probe(struct device *, int, int); | |
26079 | static int __exit vme_user_remove(struct device *, int, int); | |
26080 | ||
26081 | -static struct file_operations vme_user_fops = { | |
26082 | +static const struct file_operations vme_user_fops = { | |
26083 | .open = vme_user_open, | |
26084 | .release = vme_user_release, | |
26085 | .read = vme_user_read, | |
26086 | diff -urNp linux-2.6.33.1/drivers/uio/uio.c linux-2.6.33.1/drivers/uio/uio.c | |
26087 | --- linux-2.6.33.1/drivers/uio/uio.c 2010-03-15 12:09:39.000000000 -0400 | |
26088 | +++ linux-2.6.33.1/drivers/uio/uio.c 2010-03-20 16:58:40.964892465 -0400 | |
26089 | @@ -129,7 +129,7 @@ static ssize_t map_type_show(struct kobj | |
26090 | return entry->show(mem, buf); | |
26091 | } | |
26092 | ||
26093 | -static struct sysfs_ops map_sysfs_ops = { | |
26094 | +static const struct sysfs_ops map_sysfs_ops = { | |
26095 | .show = map_type_show, | |
26096 | }; | |
26097 | ||
26098 | @@ -217,7 +217,7 @@ static ssize_t portio_type_show(struct k | |
26099 | return entry->show(port, buf); | |
26100 | } | |
26101 | ||
26102 | -static struct sysfs_ops portio_sysfs_ops = { | |
26103 | +static const struct sysfs_ops portio_sysfs_ops = { | |
26104 | .show = portio_type_show, | |
26105 | }; | |
26106 | ||
26107 | diff -urNp linux-2.6.33.1/drivers/usb/atm/usbatm.c linux-2.6.33.1/drivers/usb/atm/usbatm.c | |
26108 | --- linux-2.6.33.1/drivers/usb/atm/usbatm.c 2010-03-15 12:09:39.000000000 -0400 | |
26109 | +++ linux-2.6.33.1/drivers/usb/atm/usbatm.c 2010-03-20 16:58:40.976907794 -0400 | |
58c5fc13 MT |
26110 | @@ -333,7 +333,7 @@ static void usbatm_extract_one_cell(stru |
26111 | if (printk_ratelimit()) | |
26112 | atm_warn(instance, "%s: OAM not supported (vpi %d, vci %d)!\n", | |
26113 | __func__, vpi, vci); | |
26114 | - atomic_inc(&vcc->stats->rx_err); | |
26115 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
26116 | return; | |
26117 | } | |
26118 | ||
26119 | @@ -361,7 +361,7 @@ static void usbatm_extract_one_cell(stru | |
26120 | if (length > ATM_MAX_AAL5_PDU) { | |
26121 | atm_rldbg(instance, "%s: bogus length %u (vcc: 0x%p)!\n", | |
26122 | __func__, length, vcc); | |
26123 | - atomic_inc(&vcc->stats->rx_err); | |
26124 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
26125 | goto out; | |
26126 | } | |
26127 | ||
26128 | @@ -370,14 +370,14 @@ static void usbatm_extract_one_cell(stru | |
26129 | if (sarb->len < pdu_length) { | |
26130 | atm_rldbg(instance, "%s: bogus pdu_length %u (sarb->len: %u, vcc: 0x%p)!\n", | |
26131 | __func__, pdu_length, sarb->len, vcc); | |
26132 | - atomic_inc(&vcc->stats->rx_err); | |
26133 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
26134 | goto out; | |
26135 | } | |
26136 | ||
26137 | if (crc32_be(~0, skb_tail_pointer(sarb) - pdu_length, pdu_length) != 0xc704dd7b) { | |
26138 | atm_rldbg(instance, "%s: packet failed crc check (vcc: 0x%p)!\n", | |
26139 | __func__, vcc); | |
26140 | - atomic_inc(&vcc->stats->rx_err); | |
26141 | + atomic_inc_unchecked(&vcc->stats->rx_err); | |
26142 | goto out; | |
26143 | } | |
26144 | ||
26145 | @@ -387,7 +387,7 @@ static void usbatm_extract_one_cell(stru | |
26146 | if (printk_ratelimit()) | |
26147 | atm_err(instance, "%s: no memory for skb (length: %u)!\n", | |
26148 | __func__, length); | |
26149 | - atomic_inc(&vcc->stats->rx_drop); | |
26150 | + atomic_inc_unchecked(&vcc->stats->rx_drop); | |
26151 | goto out; | |
26152 | } | |
26153 | ||
26154 | @@ -412,7 +412,7 @@ static void usbatm_extract_one_cell(stru | |
26155 | ||
26156 | vcc->push(vcc, skb); | |
26157 | ||
26158 | - atomic_inc(&vcc->stats->rx); | |
26159 | + atomic_inc_unchecked(&vcc->stats->rx); | |
26160 | out: | |
26161 | skb_trim(sarb, 0); | |
26162 | } | |
26163 | @@ -616,7 +616,7 @@ static void usbatm_tx_process(unsigned l | |
26164 | struct atm_vcc *vcc = UDSL_SKB(skb)->atm.vcc; | |
26165 | ||
26166 | usbatm_pop(vcc, skb); | |
26167 | - atomic_inc(&vcc->stats->tx); | |
26168 | + atomic_inc_unchecked(&vcc->stats->tx); | |
26169 | ||
26170 | skb = skb_dequeue(&instance->sndqueue); | |
26171 | } | |
26172 | @@ -775,11 +775,11 @@ static int usbatm_atm_proc_read(struct a | |
26173 | if (!left--) | |
26174 | return sprintf(page, | |
26175 | "AAL5: tx %d ( %d err ), rx %d ( %d err, %d drop )\n", | |
26176 | - atomic_read(&atm_dev->stats.aal5.tx), | |
26177 | - atomic_read(&atm_dev->stats.aal5.tx_err), | |
26178 | - atomic_read(&atm_dev->stats.aal5.rx), | |
26179 | - atomic_read(&atm_dev->stats.aal5.rx_err), | |
26180 | - atomic_read(&atm_dev->stats.aal5.rx_drop)); | |
26181 | + atomic_read_unchecked(&atm_dev->stats.aal5.tx), | |
26182 | + atomic_read_unchecked(&atm_dev->stats.aal5.tx_err), | |
26183 | + atomic_read_unchecked(&atm_dev->stats.aal5.rx), | |
26184 | + atomic_read_unchecked(&atm_dev->stats.aal5.rx_err), | |
26185 | + atomic_read_unchecked(&atm_dev->stats.aal5.rx_drop)); | |
26186 | ||
26187 | if (!left--) { | |
26188 | if (instance->disconnected) | |
ae4e228f MT |
26189 | diff -urNp linux-2.6.33.1/drivers/usb/class/cdc-acm.c linux-2.6.33.1/drivers/usb/class/cdc-acm.c |
26190 | --- linux-2.6.33.1/drivers/usb/class/cdc-acm.c 2010-03-15 12:09:39.000000000 -0400 | |
26191 | +++ linux-2.6.33.1/drivers/usb/class/cdc-acm.c 2010-03-20 16:58:40.993421809 -0400 | |
26192 | @@ -1590,7 +1590,7 @@ static struct usb_device_id acm_ids[] = | |
26193 | { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_ACM, | |
58c5fc13 MT |
26194 | USB_CDC_ACM_PROTO_AT_CDMA) }, |
26195 | ||
58c5fc13 MT |
26196 | - { } |
26197 | + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } | |
26198 | }; | |
26199 | ||
26200 | MODULE_DEVICE_TABLE(usb, acm_ids); | |
ae4e228f MT |
26201 | diff -urNp linux-2.6.33.1/drivers/usb/class/usblp.c linux-2.6.33.1/drivers/usb/class/usblp.c |
26202 | --- linux-2.6.33.1/drivers/usb/class/usblp.c 2010-03-15 12:09:39.000000000 -0400 | |
26203 | +++ linux-2.6.33.1/drivers/usb/class/usblp.c 2010-03-20 16:58:41.016571934 -0400 | |
58c5fc13 MT |
26204 | @@ -228,7 +228,7 @@ static const struct quirk_printer_struct |
26205 | { 0x0482, 0x0010, USBLP_QUIRK_BIDIR }, /* Kyocera Mita FS 820, by zut <kernel@zut.de> */ | |
26206 | { 0x04f9, 0x000d, USBLP_QUIRK_BIDIR }, /* Brother Industries, Ltd HL-1440 Laser Printer */ | |
26207 | { 0x04b8, 0x0202, USBLP_QUIRK_BAD_CLASS }, /* Seiko Epson Receipt Printer M129C */ | |
26208 | - { 0, 0 } | |
26209 | + { 0, 0, 0 } | |
26210 | }; | |
26211 | ||
26212 | static int usblp_wwait(struct usblp *usblp, int nonblock); | |
26213 | @@ -1412,7 +1412,7 @@ static struct usb_device_id usblp_ids [] | |
26214 | { USB_INTERFACE_INFO(7, 1, 2) }, | |
26215 | { USB_INTERFACE_INFO(7, 1, 3) }, | |
26216 | { USB_DEVICE(0x04b8, 0x0202) }, /* Seiko Epson Receipt Printer M129C */ | |
26217 | - { } /* Terminating entry */ | |
26218 | + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */ | |
26219 | }; | |
26220 | ||
26221 | MODULE_DEVICE_TABLE (usb, usblp_ids); | |
ae4e228f MT |
26222 | diff -urNp linux-2.6.33.1/drivers/usb/core/hcd.c linux-2.6.33.1/drivers/usb/core/hcd.c |
26223 | --- linux-2.6.33.1/drivers/usb/core/hcd.c 2010-03-15 12:09:39.000000000 -0400 | |
26224 | +++ linux-2.6.33.1/drivers/usb/core/hcd.c 2010-03-20 16:58:41.020890314 -0400 | |
26225 | @@ -2266,7 +2266,7 @@ EXPORT_SYMBOL_GPL(usb_hcd_platform_shutd | |
26226 | ||
26227 | #if defined(CONFIG_USB_MON) || defined(CONFIG_USB_MON_MODULE) | |
26228 | ||
26229 | -struct usb_mon_operations *mon_ops; | |
26230 | +const struct usb_mon_operations *mon_ops; | |
26231 | ||
26232 | /* | |
26233 | * The registration is unlocked. | |
26234 | @@ -2276,7 +2276,7 @@ struct usb_mon_operations *mon_ops; | |
26235 | * symbols from usbcore, usbcore gets referenced and cannot be unloaded first. | |
26236 | */ | |
26237 | ||
26238 | -int usb_mon_register (struct usb_mon_operations *ops) | |
26239 | +int usb_mon_register (const struct usb_mon_operations *ops) | |
26240 | { | |
26241 | ||
26242 | if (mon_ops) | |
26243 | diff -urNp linux-2.6.33.1/drivers/usb/core/hcd.h linux-2.6.33.1/drivers/usb/core/hcd.h | |
26244 | --- linux-2.6.33.1/drivers/usb/core/hcd.h 2010-03-15 12:09:39.000000000 -0400 | |
26245 | +++ linux-2.6.33.1/drivers/usb/core/hcd.h 2010-03-20 16:58:41.032566122 -0400 | |
26246 | @@ -501,13 +501,13 @@ static inline void usbfs_cleanup(void) { | |
26247 | #if defined(CONFIG_USB_MON) || defined(CONFIG_USB_MON_MODULE) | |
26248 | ||
26249 | struct usb_mon_operations { | |
26250 | - void (*urb_submit)(struct usb_bus *bus, struct urb *urb); | |
26251 | - void (*urb_submit_error)(struct usb_bus *bus, struct urb *urb, int err); | |
26252 | - void (*urb_complete)(struct usb_bus *bus, struct urb *urb, int status); | |
26253 | + void (* const urb_submit)(struct usb_bus *bus, struct urb *urb); | |
26254 | + void (* const urb_submit_error)(struct usb_bus *bus, struct urb *urb, int err); | |
26255 | + void (* const urb_complete)(struct usb_bus *bus, struct urb *urb, int status); | |
26256 | /* void (*urb_unlink)(struct usb_bus *bus, struct urb *urb); */ | |
26257 | }; | |
26258 | ||
26259 | -extern struct usb_mon_operations *mon_ops; | |
26260 | +extern const struct usb_mon_operations *mon_ops; | |
26261 | ||
26262 | static inline void usbmon_urb_submit(struct usb_bus *bus, struct urb *urb) | |
26263 | { | |
26264 | @@ -529,7 +529,7 @@ static inline void usbmon_urb_complete(s | |
26265 | (*mon_ops->urb_complete)(bus, urb, status); | |
58c5fc13 MT |
26266 | } |
26267 | ||
ae4e228f MT |
26268 | -int usb_mon_register(struct usb_mon_operations *ops); |
26269 | +int usb_mon_register(const struct usb_mon_operations *ops); | |
26270 | void usb_mon_deregister(void); | |
26271 | ||
26272 | #else | |
26273 | diff -urNp linux-2.6.33.1/drivers/usb/core/hub.c linux-2.6.33.1/drivers/usb/core/hub.c | |
26274 | --- linux-2.6.33.1/drivers/usb/core/hub.c 2010-03-15 12:09:39.000000000 -0400 | |
26275 | +++ linux-2.6.33.1/drivers/usb/core/hub.c 2010-03-20 16:58:41.044569139 -0400 | |
26276 | @@ -3462,7 +3462,7 @@ static struct usb_device_id hub_id_table | |
58c5fc13 MT |
26277 | .bDeviceClass = USB_CLASS_HUB}, |
26278 | { .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS, | |
26279 | .bInterfaceClass = USB_CLASS_HUB}, | |
26280 | - { } /* Terminating entry */ | |
26281 | + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */ | |
26282 | }; | |
26283 | ||
26284 | MODULE_DEVICE_TABLE (usb, hub_id_table); | |
ae4e228f MT |
26285 | diff -urNp linux-2.6.33.1/drivers/usb/core/message.c linux-2.6.33.1/drivers/usb/core/message.c |
26286 | --- linux-2.6.33.1/drivers/usb/core/message.c 2010-03-15 12:09:39.000000000 -0400 | |
26287 | +++ linux-2.6.33.1/drivers/usb/core/message.c 2010-03-20 16:58:41.048891316 -0400 | |
26288 | @@ -909,8 +909,8 @@ char *usb_cache_string(struct usb_device | |
26289 | buf = kmalloc(MAX_USB_STRING_SIZE, GFP_NOIO); | |
58c5fc13 MT |
26290 | if (buf) { |
26291 | len = usb_string(udev, index, buf, MAX_USB_STRING_SIZE); | |
26292 | - if (len > 0) { | |
ae4e228f | 26293 | - smallbuf = kmalloc(++len, GFP_NOIO); |
58c5fc13 | 26294 | + if (len++ > 0) { |
ae4e228f | 26295 | + smallbuf = kmalloc(len, GFP_NOIO); |
58c5fc13 MT |
26296 | if (!smallbuf) |
26297 | return buf; | |
26298 | memcpy(smallbuf, buf, len); | |
ae4e228f MT |
26299 | diff -urNp linux-2.6.33.1/drivers/usb/host/ehci-pci.c linux-2.6.33.1/drivers/usb/host/ehci-pci.c |
26300 | --- linux-2.6.33.1/drivers/usb/host/ehci-pci.c 2010-03-15 12:09:39.000000000 -0400 | |
26301 | +++ linux-2.6.33.1/drivers/usb/host/ehci-pci.c 2010-03-20 16:58:41.060592249 -0400 | |
26302 | @@ -422,7 +422,7 @@ static const struct pci_device_id pci_id | |
58c5fc13 MT |
26303 | PCI_DEVICE_CLASS(PCI_CLASS_SERIAL_USB_EHCI, ~0), |
26304 | .driver_data = (unsigned long) &ehci_pci_hc_driver, | |
26305 | }, | |
26306 | - { /* end: all zeroes */ } | |
26307 | + { 0, 0, 0, 0, 0, 0, 0 } | |
26308 | }; | |
26309 | MODULE_DEVICE_TABLE(pci, pci_ids); | |
26310 | ||
ae4e228f MT |
26311 | diff -urNp linux-2.6.33.1/drivers/usb/host/uhci-hcd.c linux-2.6.33.1/drivers/usb/host/uhci-hcd.c |
26312 | --- linux-2.6.33.1/drivers/usb/host/uhci-hcd.c 2010-03-15 12:09:39.000000000 -0400 | |
26313 | +++ linux-2.6.33.1/drivers/usb/host/uhci-hcd.c 2010-03-20 16:58:41.072592318 -0400 | |
26314 | @@ -941,7 +941,7 @@ static const struct pci_device_id uhci_p | |
58c5fc13 MT |
26315 | /* handle any USB UHCI controller */ |
26316 | PCI_DEVICE_CLASS(PCI_CLASS_SERIAL_USB_UHCI, ~0), | |
26317 | .driver_data = (unsigned long) &uhci_driver, | |
26318 | - }, { /* end: all zeroes */ } | |
26319 | + }, { 0, 0, 0, 0, 0, 0, 0 } | |
26320 | }; | |
26321 | ||
26322 | MODULE_DEVICE_TABLE(pci, uhci_pci_ids); | |
ae4e228f MT |
26323 | diff -urNp linux-2.6.33.1/drivers/usb/misc/appledisplay.c linux-2.6.33.1/drivers/usb/misc/appledisplay.c |
26324 | --- linux-2.6.33.1/drivers/usb/misc/appledisplay.c 2010-03-15 12:09:39.000000000 -0400 | |
26325 | +++ linux-2.6.33.1/drivers/usb/misc/appledisplay.c 2010-03-20 16:58:41.076561776 -0400 | |
26326 | @@ -179,7 +179,7 @@ static int appledisplay_bl_get_brightnes | |
26327 | return pdata->msgdata[1]; | |
58c5fc13 MT |
26328 | } |
26329 | ||
ae4e228f MT |
26330 | -static struct backlight_ops appledisplay_bl_data = { |
26331 | +static const struct backlight_ops appledisplay_bl_data = { | |
26332 | .get_brightness = appledisplay_bl_get_brightness, | |
26333 | .update_status = appledisplay_bl_update_status, | |
26334 | }; | |
26335 | diff -urNp linux-2.6.33.1/drivers/usb/mon/mon_main.c linux-2.6.33.1/drivers/usb/mon/mon_main.c | |
26336 | --- linux-2.6.33.1/drivers/usb/mon/mon_main.c 2010-03-15 12:09:39.000000000 -0400 | |
26337 | +++ linux-2.6.33.1/drivers/usb/mon/mon_main.c 2010-03-20 16:58:41.084588620 -0400 | |
26338 | @@ -238,7 +238,7 @@ static struct notifier_block mon_nb = { | |
26339 | /* | |
26340 | * Ops | |
26341 | */ | |
26342 | -static struct usb_mon_operations mon_ops_0 = { | |
26343 | +static const struct usb_mon_operations mon_ops_0 = { | |
26344 | .urb_submit = mon_submit, | |
26345 | .urb_submit_error = mon_submit_error, | |
26346 | .urb_complete = mon_complete, | |
26347 | diff -urNp linux-2.6.33.1/drivers/usb/storage/debug.h linux-2.6.33.1/drivers/usb/storage/debug.h | |
26348 | --- linux-2.6.33.1/drivers/usb/storage/debug.h 2010-03-15 12:09:39.000000000 -0400 | |
26349 | +++ linux-2.6.33.1/drivers/usb/storage/debug.h 2010-03-20 16:58:41.084588620 -0400 | |
58c5fc13 MT |
26350 | @@ -54,9 +54,9 @@ void usb_stor_show_sense( unsigned char |
26351 | #define US_DEBUGPX(x...) printk( x ) | |
26352 | #define US_DEBUG(x) x | |
26353 | #else | |
26354 | -#define US_DEBUGP(x...) | |
26355 | -#define US_DEBUGPX(x...) | |
26356 | -#define US_DEBUG(x) | |
26357 | +#define US_DEBUGP(x...) do {} while (0) | |
26358 | +#define US_DEBUGPX(x...) do {} while (0) | |
26359 | +#define US_DEBUG(x) do {} while (0) | |
26360 | #endif | |
26361 | ||
26362 | #endif | |
ae4e228f MT |
26363 | diff -urNp linux-2.6.33.1/drivers/usb/storage/usb.c linux-2.6.33.1/drivers/usb/storage/usb.c |
26364 | --- linux-2.6.33.1/drivers/usb/storage/usb.c 2010-03-15 12:09:39.000000000 -0400 | |
26365 | +++ linux-2.6.33.1/drivers/usb/storage/usb.c 2010-03-20 16:58:41.084588620 -0400 | |
26366 | @@ -122,7 +122,7 @@ MODULE_PARM_DESC(quirks, "supplemental l | |
58c5fc13 MT |
26367 | |
26368 | static struct us_unusual_dev us_unusual_dev_list[] = { | |
26369 | # include "unusual_devs.h" | |
26370 | - { } /* Terminating entry */ | |
26371 | + { NULL, NULL, 0, 0, NULL } /* Terminating entry */ | |
26372 | }; | |
26373 | ||
26374 | #undef UNUSUAL_DEV | |
ae4e228f MT |
26375 | diff -urNp linux-2.6.33.1/drivers/usb/storage/usual-tables.c linux-2.6.33.1/drivers/usb/storage/usual-tables.c |
26376 | --- linux-2.6.33.1/drivers/usb/storage/usual-tables.c 2010-03-15 12:09:39.000000000 -0400 | |
26377 | +++ linux-2.6.33.1/drivers/usb/storage/usual-tables.c 2010-03-20 16:58:41.084588620 -0400 | |
58c5fc13 MT |
26378 | @@ -48,7 +48,7 @@ |
26379 | ||
26380 | struct usb_device_id usb_storage_usb_ids[] = { | |
26381 | # include "unusual_devs.h" | |
26382 | - { } /* Terminating entry */ | |
26383 | + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */ | |
26384 | }; | |
26385 | EXPORT_SYMBOL_GPL(usb_storage_usb_ids); | |
26386 | ||
ae4e228f MT |
26387 | diff -urNp linux-2.6.33.1/drivers/uwb/wlp/messages.c linux-2.6.33.1/drivers/uwb/wlp/messages.c |
26388 | --- linux-2.6.33.1/drivers/uwb/wlp/messages.c 2010-03-15 12:09:39.000000000 -0400 | |
26389 | +++ linux-2.6.33.1/drivers/uwb/wlp/messages.c 2010-03-20 16:58:41.096879476 -0400 | |
58c5fc13 MT |
26390 | @@ -903,7 +903,7 @@ int wlp_parse_f0(struct wlp *wlp, struct |
26391 | size_t len = skb->len; | |
26392 | size_t used; | |
26393 | ssize_t result; | |
26394 | - struct wlp_nonce enonce, rnonce; | |
26395 | + struct wlp_nonce enonce = {{0}}, rnonce = {{0}}; | |
26396 | enum wlp_assc_error assc_err; | |
26397 | char enonce_buf[WLP_WSS_NONCE_STRSIZE]; | |
26398 | char rnonce_buf[WLP_WSS_NONCE_STRSIZE]; | |
ae4e228f MT |
26399 | diff -urNp linux-2.6.33.1/drivers/uwb/wlp/sysfs.c linux-2.6.33.1/drivers/uwb/wlp/sysfs.c |
26400 | --- linux-2.6.33.1/drivers/uwb/wlp/sysfs.c 2010-03-15 12:09:39.000000000 -0400 | |
26401 | +++ linux-2.6.33.1/drivers/uwb/wlp/sysfs.c 2010-03-20 16:58:41.104559489 -0400 | |
26402 | @@ -615,8 +615,7 @@ ssize_t wlp_wss_attr_store(struct kobjec | |
26403 | return ret; | |
26404 | } | |
26405 | ||
26406 | -static | |
26407 | -struct sysfs_ops wss_sysfs_ops = { | |
26408 | +static const struct sysfs_ops wss_sysfs_ops = { | |
26409 | .show = wlp_wss_attr_show, | |
26410 | .store = wlp_wss_attr_store, | |
26411 | }; | |
26412 | diff -urNp linux-2.6.33.1/drivers/video/atmel_lcdfb.c linux-2.6.33.1/drivers/video/atmel_lcdfb.c | |
26413 | --- linux-2.6.33.1/drivers/video/atmel_lcdfb.c 2010-03-15 12:09:39.000000000 -0400 | |
26414 | +++ linux-2.6.33.1/drivers/video/atmel_lcdfb.c 2010-03-20 16:58:41.116887355 -0400 | |
26415 | @@ -110,7 +110,7 @@ static int atmel_bl_get_brightness(struc | |
26416 | return lcdc_readl(sinfo, ATMEL_LCDC_CONTRAST_VAL); | |
26417 | } | |
26418 | ||
26419 | -static struct backlight_ops atmel_lcdc_bl_ops = { | |
26420 | +static const struct backlight_ops atmel_lcdc_bl_ops = { | |
26421 | .update_status = atmel_bl_update_status, | |
26422 | .get_brightness = atmel_bl_get_brightness, | |
26423 | }; | |
26424 | diff -urNp linux-2.6.33.1/drivers/video/aty/aty128fb.c linux-2.6.33.1/drivers/video/aty/aty128fb.c | |
26425 | --- linux-2.6.33.1/drivers/video/aty/aty128fb.c 2010-03-15 12:09:39.000000000 -0400 | |
26426 | +++ linux-2.6.33.1/drivers/video/aty/aty128fb.c 2010-03-20 16:58:41.141056447 -0400 | |
26427 | @@ -1787,7 +1787,7 @@ static int aty128_bl_get_brightness(stru | |
26428 | return bd->props.brightness; | |
26429 | } | |
26430 | ||
26431 | -static struct backlight_ops aty128_bl_data = { | |
26432 | +static const struct backlight_ops aty128_bl_data = { | |
26433 | .get_brightness = aty128_bl_get_brightness, | |
26434 | .update_status = aty128_bl_update_status, | |
26435 | }; | |
26436 | diff -urNp linux-2.6.33.1/drivers/video/aty/atyfb_base.c linux-2.6.33.1/drivers/video/aty/atyfb_base.c | |
26437 | --- linux-2.6.33.1/drivers/video/aty/atyfb_base.c 2010-03-15 12:09:39.000000000 -0400 | |
26438 | +++ linux-2.6.33.1/drivers/video/aty/atyfb_base.c 2010-03-20 16:58:41.141056447 -0400 | |
26439 | @@ -2225,7 +2225,7 @@ static int aty_bl_get_brightness(struct | |
26440 | return bd->props.brightness; | |
26441 | } | |
26442 | ||
26443 | -static struct backlight_ops aty_bl_data = { | |
26444 | +static const struct backlight_ops aty_bl_data = { | |
26445 | .get_brightness = aty_bl_get_brightness, | |
26446 | .update_status = aty_bl_update_status, | |
26447 | }; | |
26448 | diff -urNp linux-2.6.33.1/drivers/video/aty/radeon_backlight.c linux-2.6.33.1/drivers/video/aty/radeon_backlight.c | |
26449 | --- linux-2.6.33.1/drivers/video/aty/radeon_backlight.c 2010-03-15 12:09:39.000000000 -0400 | |
26450 | +++ linux-2.6.33.1/drivers/video/aty/radeon_backlight.c 2010-03-20 16:58:41.144609392 -0400 | |
26451 | @@ -127,7 +127,7 @@ static int radeon_bl_get_brightness(stru | |
26452 | return bd->props.brightness; | |
26453 | } | |
26454 | ||
26455 | -static struct backlight_ops radeon_bl_data = { | |
26456 | +static const struct backlight_ops radeon_bl_data = { | |
26457 | .get_brightness = radeon_bl_get_brightness, | |
26458 | .update_status = radeon_bl_update_status, | |
26459 | }; | |
26460 | diff -urNp linux-2.6.33.1/drivers/video/bf54x-lq043fb.c linux-2.6.33.1/drivers/video/bf54x-lq043fb.c | |
26461 | --- linux-2.6.33.1/drivers/video/bf54x-lq043fb.c 2010-03-15 12:09:39.000000000 -0400 | |
26462 | +++ linux-2.6.33.1/drivers/video/bf54x-lq043fb.c 2010-03-20 16:58:41.172899299 -0400 | |
26463 | @@ -463,7 +463,7 @@ static int bl_get_brightness(struct back | |
58c5fc13 MT |
26464 | return 0; |
26465 | } | |
26466 | ||
ae4e228f MT |
26467 | -static struct backlight_ops bfin_lq043fb_bl_ops = { |
26468 | +static const struct backlight_ops bfin_lq043fb_bl_ops = { | |
26469 | .get_brightness = bl_get_brightness, | |
58c5fc13 | 26470 | }; |
ae4e228f MT |
26471 | |
26472 | diff -urNp linux-2.6.33.1/drivers/video/bfin-t350mcqb-fb.c linux-2.6.33.1/drivers/video/bfin-t350mcqb-fb.c | |
26473 | --- linux-2.6.33.1/drivers/video/bfin-t350mcqb-fb.c 2010-03-15 12:09:39.000000000 -0400 | |
26474 | +++ linux-2.6.33.1/drivers/video/bfin-t350mcqb-fb.c 2010-03-20 16:58:41.172899299 -0400 | |
26475 | @@ -381,7 +381,7 @@ static int bl_get_brightness(struct back | |
26476 | return 0; | |
26477 | } | |
26478 | ||
26479 | -static struct backlight_ops bfin_lq043fb_bl_ops = { | |
26480 | +static const struct backlight_ops bfin_lq043fb_bl_ops = { | |
26481 | .get_brightness = bl_get_brightness, | |
26482 | }; | |
26483 | ||
26484 | diff -urNp linux-2.6.33.1/drivers/video/fbmem.c linux-2.6.33.1/drivers/video/fbmem.c | |
26485 | --- linux-2.6.33.1/drivers/video/fbmem.c 2010-03-15 12:09:39.000000000 -0400 | |
26486 | +++ linux-2.6.33.1/drivers/video/fbmem.c 2010-03-20 16:58:41.176758490 -0400 | |
58c5fc13 MT |
26487 | @@ -403,7 +403,7 @@ static void fb_do_show_logo(struct fb_in |
26488 | image->dx += image->width + 8; | |
26489 | } | |
26490 | } else if (rotate == FB_ROTATE_UD) { | |
26491 | - for (x = 0; x < num && image->dx >= 0; x++) { | |
26492 | + for (x = 0; x < num && (__s32)image->dx >= 0; x++) { | |
26493 | info->fbops->fb_imageblit(info, image); | |
26494 | image->dx -= image->width + 8; | |
26495 | } | |
26496 | @@ -415,7 +415,7 @@ static void fb_do_show_logo(struct fb_in | |
26497 | image->dy += image->height + 8; | |
26498 | } | |
26499 | } else if (rotate == FB_ROTATE_CCW) { | |
26500 | - for (x = 0; x < num && image->dy >= 0; x++) { | |
26501 | + for (x = 0; x < num && (__s32)image->dy >= 0; x++) { | |
26502 | info->fbops->fb_imageblit(info, image); | |
26503 | image->dy -= image->height + 8; | |
26504 | } | |
ae4e228f | 26505 | @@ -1119,7 +1119,7 @@ static long do_fb_ioctl(struct fb_info * |
58c5fc13 MT |
26506 | return -EFAULT; |
26507 | if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES) | |
26508 | return -EINVAL; | |
26509 | - if (con2fb.framebuffer < 0 || con2fb.framebuffer >= FB_MAX) | |
26510 | + if (con2fb.framebuffer >= FB_MAX) | |
26511 | return -EINVAL; | |
26512 | if (!registered_fb[con2fb.framebuffer]) | |
26513 | request_module("fb%d", con2fb.framebuffer); | |
ae4e228f MT |
26514 | diff -urNp linux-2.6.33.1/drivers/video/fbmon.c linux-2.6.33.1/drivers/video/fbmon.c |
26515 | --- linux-2.6.33.1/drivers/video/fbmon.c 2010-03-15 12:09:39.000000000 -0400 | |
26516 | +++ linux-2.6.33.1/drivers/video/fbmon.c 2010-03-20 16:58:41.184890729 -0400 | |
58c5fc13 MT |
26517 | @@ -45,7 +45,7 @@ |
26518 | #ifdef DEBUG | |
26519 | #define DPRINTK(fmt, args...) printk(fmt,## args) | |
26520 | #else | |
26521 | -#define DPRINTK(fmt, args...) | |
26522 | +#define DPRINTK(fmt, args...) do {} while (0) | |
26523 | #endif | |
26524 | ||
26525 | #define FBMON_FIX_HEADER 1 | |
ae4e228f MT |
26526 | diff -urNp linux-2.6.33.1/drivers/video/i810/i810_accel.c linux-2.6.33.1/drivers/video/i810/i810_accel.c |
26527 | --- linux-2.6.33.1/drivers/video/i810/i810_accel.c 2010-03-15 12:09:39.000000000 -0400 | |
26528 | +++ linux-2.6.33.1/drivers/video/i810/i810_accel.c 2010-03-20 16:58:41.188702176 -0400 | |
58c5fc13 MT |
26529 | @@ -73,6 +73,7 @@ static inline int wait_for_space(struct |
26530 | } | |
26531 | } | |
26532 | printk("ringbuffer lockup!!!\n"); | |
26533 | + printk("head:%u tail:%u iring.size:%u space:%u\n", head, tail, par->iring.size, space); | |
26534 | i810_report_error(mmio); | |
26535 | par->dev_flags |= LOCKUP; | |
26536 | info->pixmap.scan_align = 1; | |
ae4e228f MT |
26537 | diff -urNp linux-2.6.33.1/drivers/video/i810/i810_main.c linux-2.6.33.1/drivers/video/i810/i810_main.c |
26538 | --- linux-2.6.33.1/drivers/video/i810/i810_main.c 2010-03-15 12:09:39.000000000 -0400 | |
26539 | +++ linux-2.6.33.1/drivers/video/i810/i810_main.c 2010-03-20 16:58:41.196891711 -0400 | |
58c5fc13 MT |
26540 | @@ -120,7 +120,7 @@ static struct pci_device_id i810fb_pci_t |
26541 | PCI_ANY_ID, PCI_ANY_ID, 0, 0, 4 }, | |
26542 | { PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82815_CGC, | |
26543 | PCI_ANY_ID, PCI_ANY_ID, 0, 0, 5 }, | |
26544 | - { 0 }, | |
26545 | + { 0, 0, 0, 0, 0, 0, 0 }, | |
26546 | }; | |
26547 | ||
26548 | static struct pci_driver i810fb_driver = { | |
ae4e228f MT |
26549 | diff -urNp linux-2.6.33.1/drivers/video/modedb.c linux-2.6.33.1/drivers/video/modedb.c |
26550 | --- linux-2.6.33.1/drivers/video/modedb.c 2010-03-15 12:09:39.000000000 -0400 | |
26551 | +++ linux-2.6.33.1/drivers/video/modedb.c 2010-03-20 16:58:41.200859456 -0400 | |
26552 | @@ -39,240 +39,240 @@ static const struct fb_videomode modedb[ | |
58c5fc13 MT |
26553 | { |
26554 | /* 640x400 @ 70 Hz, 31.5 kHz hsync */ | |
26555 | NULL, 70, 640, 400, 39721, 40, 24, 39, 9, 96, 2, | |
26556 | - 0, FB_VMODE_NONINTERLACED | |
26557 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26558 | }, { | |
26559 | /* 640x480 @ 60 Hz, 31.5 kHz hsync */ | |
26560 | NULL, 60, 640, 480, 39721, 40, 24, 32, 11, 96, 2, | |
26561 | - 0, FB_VMODE_NONINTERLACED | |
26562 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26563 | }, { | |
26564 | /* 800x600 @ 56 Hz, 35.15 kHz hsync */ | |
26565 | NULL, 56, 800, 600, 27777, 128, 24, 22, 1, 72, 2, | |
26566 | - 0, FB_VMODE_NONINTERLACED | |
26567 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26568 | }, { | |
26569 | /* 1024x768 @ 87 Hz interlaced, 35.5 kHz hsync */ | |
26570 | NULL, 87, 1024, 768, 22271, 56, 24, 33, 8, 160, 8, | |
26571 | - 0, FB_VMODE_INTERLACED | |
26572 | + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN | |
26573 | }, { | |
26574 | /* 640x400 @ 85 Hz, 37.86 kHz hsync */ | |
26575 | NULL, 85, 640, 400, 31746, 96, 32, 41, 1, 64, 3, | |
26576 | - FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED | |
26577 | + FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26578 | }, { | |
26579 | /* 640x480 @ 72 Hz, 36.5 kHz hsync */ | |
26580 | NULL, 72, 640, 480, 31746, 144, 40, 30, 8, 40, 3, | |
26581 | - 0, FB_VMODE_NONINTERLACED | |
26582 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26583 | }, { | |
26584 | /* 640x480 @ 75 Hz, 37.50 kHz hsync */ | |
26585 | NULL, 75, 640, 480, 31746, 120, 16, 16, 1, 64, 3, | |
26586 | - 0, FB_VMODE_NONINTERLACED | |
26587 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26588 | }, { | |
26589 | /* 800x600 @ 60 Hz, 37.8 kHz hsync */ | |
26590 | NULL, 60, 800, 600, 25000, 88, 40, 23, 1, 128, 4, | |
26591 | - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED | |
26592 | + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26593 | }, { | |
26594 | /* 640x480 @ 85 Hz, 43.27 kHz hsync */ | |
26595 | NULL, 85, 640, 480, 27777, 80, 56, 25, 1, 56, 3, | |
26596 | - 0, FB_VMODE_NONINTERLACED | |
26597 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26598 | }, { | |
26599 | /* 1152x864 @ 89 Hz interlaced, 44 kHz hsync */ | |
26600 | NULL, 89, 1152, 864, 15384, 96, 16, 110, 1, 216, 10, | |
26601 | - 0, FB_VMODE_INTERLACED | |
26602 | + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN | |
26603 | }, { | |
26604 | /* 800x600 @ 72 Hz, 48.0 kHz hsync */ | |
26605 | NULL, 72, 800, 600, 20000, 64, 56, 23, 37, 120, 6, | |
26606 | - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED | |
26607 | + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26608 | }, { | |
26609 | /* 1024x768 @ 60 Hz, 48.4 kHz hsync */ | |
26610 | NULL, 60, 1024, 768, 15384, 168, 8, 29, 3, 144, 6, | |
26611 | - 0, FB_VMODE_NONINTERLACED | |
26612 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26613 | }, { | |
26614 | /* 640x480 @ 100 Hz, 53.01 kHz hsync */ | |
26615 | NULL, 100, 640, 480, 21834, 96, 32, 36, 8, 96, 6, | |
26616 | - 0, FB_VMODE_NONINTERLACED | |
26617 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26618 | }, { | |
26619 | /* 1152x864 @ 60 Hz, 53.5 kHz hsync */ | |
26620 | NULL, 60, 1152, 864, 11123, 208, 64, 16, 4, 256, 8, | |
26621 | - 0, FB_VMODE_NONINTERLACED | |
26622 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26623 | }, { | |
26624 | /* 800x600 @ 85 Hz, 55.84 kHz hsync */ | |
26625 | NULL, 85, 800, 600, 16460, 160, 64, 36, 16, 64, 5, | |
26626 | - 0, FB_VMODE_NONINTERLACED | |
26627 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26628 | }, { | |
26629 | /* 1024x768 @ 70 Hz, 56.5 kHz hsync */ | |
26630 | NULL, 70, 1024, 768, 13333, 144, 24, 29, 3, 136, 6, | |
26631 | - 0, FB_VMODE_NONINTERLACED | |
26632 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26633 | }, { | |
26634 | /* 1280x1024 @ 87 Hz interlaced, 51 kHz hsync */ | |
26635 | NULL, 87, 1280, 1024, 12500, 56, 16, 128, 1, 216, 12, | |
26636 | - 0, FB_VMODE_INTERLACED | |
26637 | + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN | |
26638 | }, { | |
26639 | /* 800x600 @ 100 Hz, 64.02 kHz hsync */ | |
26640 | NULL, 100, 800, 600, 14357, 160, 64, 30, 4, 64, 6, | |
26641 | - 0, FB_VMODE_NONINTERLACED | |
26642 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26643 | }, { | |
26644 | /* 1024x768 @ 76 Hz, 62.5 kHz hsync */ | |
26645 | NULL, 76, 1024, 768, 11764, 208, 8, 36, 16, 120, 3, | |
26646 | - 0, FB_VMODE_NONINTERLACED | |
26647 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26648 | }, { | |
26649 | /* 1152x864 @ 70 Hz, 62.4 kHz hsync */ | |
26650 | NULL, 70, 1152, 864, 10869, 106, 56, 20, 1, 160, 10, | |
26651 | - 0, FB_VMODE_NONINTERLACED | |
26652 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26653 | }, { | |
26654 | /* 1280x1024 @ 61 Hz, 64.2 kHz hsync */ | |
26655 | NULL, 61, 1280, 1024, 9090, 200, 48, 26, 1, 184, 3, | |
26656 | - 0, FB_VMODE_NONINTERLACED | |
26657 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26658 | }, { | |
26659 | /* 1400x1050 @ 60Hz, 63.9 kHz hsync */ | |
26660 | NULL, 60, 1400, 1050, 9259, 136, 40, 13, 1, 112, 3, | |
26661 | - 0, FB_VMODE_NONINTERLACED | |
26662 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26663 | }, { | |
26664 | /* 1400x1050 @ 75,107 Hz, 82,392 kHz +hsync +vsync*/ | |
26665 | NULL, 75, 1400, 1050, 7190, 120, 56, 23, 10, 112, 13, | |
26666 | - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED | |
26667 | + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26668 | }, { | |
26669 | /* 1400x1050 @ 60 Hz, ? kHz +hsync +vsync*/ | |
26670 | NULL, 60, 1400, 1050, 9259, 128, 40, 12, 0, 112, 3, | |
26671 | - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED | |
26672 | + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26673 | }, { | |
26674 | /* 1024x768 @ 85 Hz, 70.24 kHz hsync */ | |
26675 | NULL, 85, 1024, 768, 10111, 192, 32, 34, 14, 160, 6, | |
26676 | - 0, FB_VMODE_NONINTERLACED | |
26677 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26678 | }, { | |
26679 | /* 1152x864 @ 78 Hz, 70.8 kHz hsync */ | |
26680 | NULL, 78, 1152, 864, 9090, 228, 88, 32, 0, 84, 12, | |
26681 | - 0, FB_VMODE_NONINTERLACED | |
26682 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26683 | }, { | |
26684 | /* 1280x1024 @ 70 Hz, 74.59 kHz hsync */ | |
26685 | NULL, 70, 1280, 1024, 7905, 224, 32, 28, 8, 160, 8, | |
26686 | - 0, FB_VMODE_NONINTERLACED | |
26687 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26688 | }, { | |
26689 | /* 1600x1200 @ 60Hz, 75.00 kHz hsync */ | |
26690 | NULL, 60, 1600, 1200, 6172, 304, 64, 46, 1, 192, 3, | |
26691 | - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED | |
26692 | + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26693 | }, { | |
26694 | /* 1152x864 @ 84 Hz, 76.0 kHz hsync */ | |
26695 | NULL, 84, 1152, 864, 7407, 184, 312, 32, 0, 128, 12, | |
26696 | - 0, FB_VMODE_NONINTERLACED | |
26697 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26698 | }, { | |
26699 | /* 1280x1024 @ 74 Hz, 78.85 kHz hsync */ | |
26700 | NULL, 74, 1280, 1024, 7407, 256, 32, 34, 3, 144, 3, | |
26701 | - 0, FB_VMODE_NONINTERLACED | |
26702 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26703 | }, { | |
26704 | /* 1024x768 @ 100Hz, 80.21 kHz hsync */ | |
26705 | NULL, 100, 1024, 768, 8658, 192, 32, 21, 3, 192, 10, | |
26706 | - 0, FB_VMODE_NONINTERLACED | |
26707 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26708 | }, { | |
26709 | /* 1280x1024 @ 76 Hz, 81.13 kHz hsync */ | |
26710 | NULL, 76, 1280, 1024, 7407, 248, 32, 34, 3, 104, 3, | |
26711 | - 0, FB_VMODE_NONINTERLACED | |
26712 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26713 | }, { | |
26714 | /* 1600x1200 @ 70 Hz, 87.50 kHz hsync */ | |
26715 | NULL, 70, 1600, 1200, 5291, 304, 64, 46, 1, 192, 3, | |
26716 | - 0, FB_VMODE_NONINTERLACED | |
26717 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26718 | }, { | |
26719 | /* 1152x864 @ 100 Hz, 89.62 kHz hsync */ | |
26720 | NULL, 100, 1152, 864, 7264, 224, 32, 17, 2, 128, 19, | |
26721 | - 0, FB_VMODE_NONINTERLACED | |
26722 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26723 | }, { | |
26724 | /* 1280x1024 @ 85 Hz, 91.15 kHz hsync */ | |
26725 | NULL, 85, 1280, 1024, 6349, 224, 64, 44, 1, 160, 3, | |
26726 | - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED | |
26727 | + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26728 | }, { | |
26729 | /* 1600x1200 @ 75 Hz, 93.75 kHz hsync */ | |
26730 | NULL, 75, 1600, 1200, 4938, 304, 64, 46, 1, 192, 3, | |
26731 | - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED | |
26732 | + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26733 | }, { | |
26734 | /* 1680x1050 @ 60 Hz, 65.191 kHz hsync */ | |
26735 | NULL, 60, 1680, 1050, 6848, 280, 104, 30, 3, 176, 6, | |
26736 | - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED | |
26737 | + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26738 | }, { | |
26739 | /* 1600x1200 @ 85 Hz, 105.77 kHz hsync */ | |
26740 | NULL, 85, 1600, 1200, 4545, 272, 16, 37, 4, 192, 3, | |
26741 | - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED | |
26742 | + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26743 | }, { | |
26744 | /* 1280x1024 @ 100 Hz, 107.16 kHz hsync */ | |
26745 | NULL, 100, 1280, 1024, 5502, 256, 32, 26, 7, 128, 15, | |
26746 | - 0, FB_VMODE_NONINTERLACED | |
26747 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26748 | }, { | |
26749 | /* 1800x1440 @ 64Hz, 96.15 kHz hsync */ | |
26750 | NULL, 64, 1800, 1440, 4347, 304, 96, 46, 1, 192, 3, | |
26751 | - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED | |
26752 | + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26753 | }, { | |
26754 | /* 1800x1440 @ 70Hz, 104.52 kHz hsync */ | |
26755 | NULL, 70, 1800, 1440, 4000, 304, 96, 46, 1, 192, 3, | |
26756 | - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED | |
26757 | + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26758 | }, { | |
26759 | /* 512x384 @ 78 Hz, 31.50 kHz hsync */ | |
26760 | NULL, 78, 512, 384, 49603, 48, 16, 16, 1, 64, 3, | |
26761 | - 0, FB_VMODE_NONINTERLACED | |
26762 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26763 | }, { | |
26764 | /* 512x384 @ 85 Hz, 34.38 kHz hsync */ | |
26765 | NULL, 85, 512, 384, 45454, 48, 16, 16, 1, 64, 3, | |
26766 | - 0, FB_VMODE_NONINTERLACED | |
26767 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26768 | }, { | |
26769 | /* 320x200 @ 70 Hz, 31.5 kHz hsync, 8:5 aspect ratio */ | |
26770 | NULL, 70, 320, 200, 79440, 16, 16, 20, 4, 48, 1, | |
26771 | - 0, FB_VMODE_DOUBLE | |
26772 | + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN | |
26773 | }, { | |
26774 | /* 320x240 @ 60 Hz, 31.5 kHz hsync, 4:3 aspect ratio */ | |
26775 | NULL, 60, 320, 240, 79440, 16, 16, 16, 5, 48, 1, | |
26776 | - 0, FB_VMODE_DOUBLE | |
26777 | + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN | |
26778 | }, { | |
26779 | /* 320x240 @ 72 Hz, 36.5 kHz hsync */ | |
26780 | NULL, 72, 320, 240, 63492, 16, 16, 16, 4, 48, 2, | |
26781 | - 0, FB_VMODE_DOUBLE | |
26782 | + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN | |
26783 | }, { | |
26784 | /* 400x300 @ 56 Hz, 35.2 kHz hsync, 4:3 aspect ratio */ | |
26785 | NULL, 56, 400, 300, 55555, 64, 16, 10, 1, 32, 1, | |
26786 | - 0, FB_VMODE_DOUBLE | |
26787 | + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN | |
26788 | }, { | |
26789 | /* 400x300 @ 60 Hz, 37.8 kHz hsync */ | |
26790 | NULL, 60, 400, 300, 50000, 48, 16, 11, 1, 64, 2, | |
26791 | - 0, FB_VMODE_DOUBLE | |
26792 | + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN | |
26793 | }, { | |
26794 | /* 400x300 @ 72 Hz, 48.0 kHz hsync */ | |
26795 | NULL, 72, 400, 300, 40000, 32, 24, 11, 19, 64, 3, | |
26796 | - 0, FB_VMODE_DOUBLE | |
26797 | + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN | |
26798 | }, { | |
26799 | /* 480x300 @ 56 Hz, 35.2 kHz hsync, 8:5 aspect ratio */ | |
26800 | NULL, 56, 480, 300, 46176, 80, 16, 10, 1, 40, 1, | |
26801 | - 0, FB_VMODE_DOUBLE | |
26802 | + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN | |
26803 | }, { | |
26804 | /* 480x300 @ 60 Hz, 37.8 kHz hsync */ | |
26805 | NULL, 60, 480, 300, 41858, 56, 16, 11, 1, 80, 2, | |
26806 | - 0, FB_VMODE_DOUBLE | |
26807 | + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN | |
26808 | }, { | |
26809 | /* 480x300 @ 63 Hz, 39.6 kHz hsync */ | |
26810 | NULL, 63, 480, 300, 40000, 56, 16, 11, 1, 80, 2, | |
26811 | - 0, FB_VMODE_DOUBLE | |
26812 | + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN | |
26813 | }, { | |
26814 | /* 480x300 @ 72 Hz, 48.0 kHz hsync */ | |
26815 | NULL, 72, 480, 300, 33386, 40, 24, 11, 19, 80, 3, | |
26816 | - 0, FB_VMODE_DOUBLE | |
26817 | + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN | |
26818 | }, { | |
26819 | /* 1920x1200 @ 60 Hz, 74.5 Khz hsync */ | |
26820 | NULL, 60, 1920, 1200, 5177, 128, 336, 1, 38, 208, 3, | |
26821 | FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT, | |
26822 | - FB_VMODE_NONINTERLACED | |
26823 | + FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26824 | }, { | |
26825 | /* 1152x768, 60 Hz, PowerBook G4 Titanium I and II */ | |
26826 | NULL, 60, 1152, 768, 14047, 158, 26, 29, 3, 136, 6, | |
26827 | - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED | |
26828 | + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26829 | }, { | |
26830 | /* 1366x768, 60 Hz, 47.403 kHz hsync, WXGA 16:9 aspect ratio */ | |
26831 | NULL, 60, 1366, 768, 13806, 120, 10, 14, 3, 32, 5, | |
26832 | - 0, FB_VMODE_NONINTERLACED | |
26833 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26834 | }, { | |
26835 | /* 1280x800, 60 Hz, 47.403 kHz hsync, WXGA 16:10 aspect ratio */ | |
26836 | NULL, 60, 1280, 800, 12048, 200, 64, 24, 1, 136, 3, | |
26837 | - 0, FB_VMODE_NONINTERLACED | |
26838 | + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN | |
26839 | }, { | |
26840 | /* 720x576i @ 50 Hz, 15.625 kHz hsync (PAL RGB) */ | |
26841 | NULL, 50, 720, 576, 74074, 64, 16, 39, 5, 64, 5, | |
26842 | - 0, FB_VMODE_INTERLACED | |
26843 | + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN | |
26844 | }, { | |
26845 | /* 800x520i @ 50 Hz, 15.625 kHz hsync (PAL RGB) */ | |
26846 | NULL, 50, 800, 520, 58823, 144, 64, 72, 28, 80, 5, | |
26847 | - 0, FB_VMODE_INTERLACED | |
26848 | + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN | |
26849 | }, | |
26850 | }; | |
26851 | ||
ae4e228f MT |
26852 | diff -urNp linux-2.6.33.1/drivers/video/nvidia/nv_backlight.c linux-2.6.33.1/drivers/video/nvidia/nv_backlight.c |
26853 | --- linux-2.6.33.1/drivers/video/nvidia/nv_backlight.c 2010-03-15 12:09:39.000000000 -0400 | |
26854 | +++ linux-2.6.33.1/drivers/video/nvidia/nv_backlight.c 2010-03-20 16:58:41.200859456 -0400 | |
26855 | @@ -87,7 +87,7 @@ static int nvidia_bl_get_brightness(stru | |
26856 | return bd->props.brightness; | |
26857 | } | |
26858 | ||
26859 | -static struct backlight_ops nvidia_bl_ops = { | |
26860 | +static const struct backlight_ops nvidia_bl_ops = { | |
26861 | .get_brightness = nvidia_bl_get_brightness, | |
26862 | .update_status = nvidia_bl_update_status, | |
26863 | }; | |
26864 | diff -urNp linux-2.6.33.1/drivers/video/omap2/displays/panel-taal.c linux-2.6.33.1/drivers/video/omap2/displays/panel-taal.c | |
26865 | --- linux-2.6.33.1/drivers/video/omap2/displays/panel-taal.c 2010-03-15 12:09:39.000000000 -0400 | |
26866 | +++ linux-2.6.33.1/drivers/video/omap2/displays/panel-taal.c 2010-03-20 16:58:41.208900904 -0400 | |
26867 | @@ -313,7 +313,7 @@ static int taal_bl_get_intensity(struct | |
26868 | return 0; | |
26869 | } | |
26870 | ||
26871 | -static struct backlight_ops taal_bl_ops = { | |
26872 | +static const struct backlight_ops taal_bl_ops = { | |
26873 | .get_brightness = taal_bl_get_intensity, | |
26874 | .update_status = taal_bl_update_status, | |
26875 | }; | |
26876 | diff -urNp linux-2.6.33.1/drivers/video/omap2/dss/manager.c linux-2.6.33.1/drivers/video/omap2/dss/manager.c | |
26877 | --- linux-2.6.33.1/drivers/video/omap2/dss/manager.c 2010-03-15 12:09:39.000000000 -0400 | |
26878 | +++ linux-2.6.33.1/drivers/video/omap2/dss/manager.c 2010-03-20 16:58:41.220903696 -0400 | |
26879 | @@ -341,7 +341,7 @@ static ssize_t manager_attr_store(struct | |
26880 | return manager_attr->store(manager, buf, size); | |
26881 | } | |
26882 | ||
26883 | -static struct sysfs_ops manager_sysfs_ops = { | |
26884 | +static const struct sysfs_ops manager_sysfs_ops = { | |
26885 | .show = manager_attr_show, | |
26886 | .store = manager_attr_store, | |
26887 | }; | |
26888 | diff -urNp linux-2.6.33.1/drivers/video/omap2/dss/overlay.c linux-2.6.33.1/drivers/video/omap2/dss/overlay.c | |
26889 | --- linux-2.6.33.1/drivers/video/omap2/dss/overlay.c 2010-03-15 12:09:39.000000000 -0400 | |
26890 | +++ linux-2.6.33.1/drivers/video/omap2/dss/overlay.c 2010-03-20 16:58:41.220903696 -0400 | |
26891 | @@ -320,7 +320,7 @@ static ssize_t overlay_attr_store(struct | |
26892 | return overlay_attr->store(overlay, buf, size); | |
58c5fc13 MT |
26893 | } |
26894 | ||
ae4e228f MT |
26895 | -static struct sysfs_ops overlay_sysfs_ops = { |
26896 | +static const struct sysfs_ops overlay_sysfs_ops = { | |
26897 | .show = overlay_attr_show, | |
26898 | .store = overlay_attr_store, | |
58c5fc13 | 26899 | }; |
ae4e228f MT |
26900 | diff -urNp linux-2.6.33.1/drivers/video/riva/fbdev.c linux-2.6.33.1/drivers/video/riva/fbdev.c |
26901 | --- linux-2.6.33.1/drivers/video/riva/fbdev.c 2010-03-15 12:09:39.000000000 -0400 | |
26902 | +++ linux-2.6.33.1/drivers/video/riva/fbdev.c 2010-03-20 16:58:41.252568052 -0400 | |
26903 | @@ -331,7 +331,7 @@ static int riva_bl_get_brightness(struct | |
26904 | return bd->props.brightness; | |
26905 | } | |
26906 | ||
26907 | -static struct backlight_ops riva_bl_ops = { | |
26908 | +static const struct backlight_ops riva_bl_ops = { | |
26909 | .get_brightness = riva_bl_get_brightness, | |
26910 | .update_status = riva_bl_update_status, | |
26911 | }; | |
26912 | diff -urNp linux-2.6.33.1/drivers/video/uvesafb.c linux-2.6.33.1/drivers/video/uvesafb.c | |
26913 | --- linux-2.6.33.1/drivers/video/uvesafb.c 2010-03-15 12:09:39.000000000 -0400 | |
26914 | +++ linux-2.6.33.1/drivers/video/uvesafb.c 2010-03-20 16:58:41.260895734 -0400 | |
58c5fc13 MT |
26915 | @@ -18,6 +18,7 @@ |
26916 | #include <linux/fb.h> | |
26917 | #include <linux/io.h> | |
26918 | #include <linux/mutex.h> | |
26919 | +#include <linux/moduleloader.h> | |
26920 | #include <video/edid.h> | |
26921 | #include <video/uvesafb.h> | |
26922 | #ifdef CONFIG_X86 | |
ae4e228f | 26923 | @@ -120,7 +121,7 @@ static int uvesafb_helper_start(void) |
58c5fc13 MT |
26924 | NULL, |
26925 | }; | |
26926 | ||
26927 | - return call_usermodehelper(v86d_path, argv, envp, 1); | |
26928 | + return call_usermodehelper(v86d_path, argv, envp, UMH_WAIT_PROC); | |
26929 | } | |
26930 | ||
26931 | /* | |
ae4e228f | 26932 | @@ -568,10 +569,32 @@ static int __devinit uvesafb_vbe_getpmi( |
58c5fc13 MT |
26933 | if ((task->t.regs.eax & 0xffff) != 0x4f || task->t.regs.es < 0xc000) { |
26934 | par->pmi_setpal = par->ypan = 0; | |
26935 | } else { | |
26936 | + | |
26937 | +#ifdef CONFIG_PAX_KERNEXEC | |
26938 | +#ifdef CONFIG_MODULES | |
58c5fc13 MT |
26939 | + par->pmi_code = module_alloc_exec((u16)task->t.regs.ecx); |
26940 | +#endif | |
26941 | + if (!par->pmi_code) { | |
26942 | + par->pmi_setpal = par->ypan = 0; | |
26943 | + return 0; | |
26944 | + } | |
26945 | +#endif | |
26946 | + | |
26947 | par->pmi_base = (u16 *)phys_to_virt(((u32)task->t.regs.es << 4) | |
26948 | + task->t.regs.edi); | |
26949 | + | |
26950 | +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC) | |
ae4e228f | 26951 | + pax_open_kernel(); |
58c5fc13 | 26952 | + memcpy(par->pmi_code, par->pmi_base, (u16)task->t.regs.ecx); |
ae4e228f | 26953 | + pax_close_kernel(); |
58c5fc13 MT |
26954 | + |
26955 | + par->pmi_start = ktva_ktla(par->pmi_code + par->pmi_base[1]); | |
26956 | + par->pmi_pal = ktva_ktla(par->pmi_code + par->pmi_base[2]); | |
26957 | +#else | |
26958 | par->pmi_start = (u8 *)par->pmi_base + par->pmi_base[1]; | |
26959 | par->pmi_pal = (u8 *)par->pmi_base + par->pmi_base[2]; | |
26960 | +#endif | |
26961 | + | |
26962 | printk(KERN_INFO "uvesafb: protected mode interface info at " | |
26963 | "%04x:%04x\n", | |
26964 | (u16)task->t.regs.es, (u16)task->t.regs.edi); | |
ae4e228f | 26965 | @@ -1799,6 +1822,11 @@ out: |
58c5fc13 MT |
26966 | if (par->vbe_modes) |
26967 | kfree(par->vbe_modes); | |
26968 | ||
26969 | +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC) | |
26970 | + if (par->pmi_code) | |
26971 | + module_free_exec(NULL, par->pmi_code); | |
26972 | +#endif | |
26973 | + | |
26974 | framebuffer_release(info); | |
26975 | return err; | |
26976 | } | |
ae4e228f | 26977 | @@ -1825,6 +1853,12 @@ static int uvesafb_remove(struct platfor |
58c5fc13 MT |
26978 | kfree(par->vbe_state_orig); |
26979 | if (par->vbe_state_saved) | |
26980 | kfree(par->vbe_state_saved); | |
26981 | + | |
26982 | +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC) | |
26983 | + if (par->pmi_code) | |
26984 | + module_free_exec(NULL, par->pmi_code); | |
26985 | +#endif | |
26986 | + | |
26987 | } | |
26988 | ||
26989 | framebuffer_release(info); | |
ae4e228f MT |
26990 | diff -urNp linux-2.6.33.1/drivers/video/vesafb.c linux-2.6.33.1/drivers/video/vesafb.c |
26991 | --- linux-2.6.33.1/drivers/video/vesafb.c 2010-03-15 12:09:39.000000000 -0400 | |
26992 | +++ linux-2.6.33.1/drivers/video/vesafb.c 2010-03-20 16:58:41.264903169 -0400 | |
58c5fc13 MT |
26993 | @@ -9,6 +9,7 @@ |
26994 | */ | |
26995 | ||
26996 | #include <linux/module.h> | |
26997 | +#include <linux/moduleloader.h> | |
26998 | #include <linux/kernel.h> | |
26999 | #include <linux/errno.h> | |
27000 | #include <linux/string.h> | |
27001 | @@ -53,8 +54,8 @@ static int vram_remap __initdata; /* | |
27002 | static int vram_total __initdata; /* Set total amount of memory */ | |
27003 | static int pmi_setpal __read_mostly = 1; /* pmi for palette changes ??? */ | |
27004 | static int ypan __read_mostly; /* 0..nothing, 1..ypan, 2..ywrap */ | |
27005 | -static void (*pmi_start)(void) __read_mostly; | |
27006 | -static void (*pmi_pal) (void) __read_mostly; | |
27007 | +static void (*pmi_start)(void) __read_only; | |
27008 | +static void (*pmi_pal) (void) __read_only; | |
27009 | static int depth __read_mostly; | |
27010 | static int vga_compat __read_mostly; | |
27011 | /* --------------------------------------------------------------------- */ | |
27012 | @@ -233,6 +234,7 @@ static int __init vesafb_probe(struct pl | |
27013 | unsigned int size_vmode; | |
27014 | unsigned int size_remap; | |
27015 | unsigned int size_total; | |
27016 | + void *pmi_code = NULL; | |
27017 | ||
27018 | if (screen_info.orig_video_isVGA != VIDEO_TYPE_VLFB) | |
27019 | return -ENODEV; | |
27020 | @@ -275,10 +277,6 @@ static int __init vesafb_probe(struct pl | |
27021 | size_remap = size_total; | |
27022 | vesafb_fix.smem_len = size_remap; | |
27023 | ||
27024 | -#ifndef __i386__ | |
27025 | - screen_info.vesapm_seg = 0; | |
27026 | -#endif | |
27027 | - | |
27028 | if (!request_mem_region(vesafb_fix.smem_start, size_total, "vesafb")) { | |
27029 | printk(KERN_WARNING | |
27030 | "vesafb: cannot reserve video memory at 0x%lx\n", | |
27031 | @@ -315,9 +313,21 @@ static int __init vesafb_probe(struct pl | |
27032 | printk(KERN_INFO "vesafb: mode is %dx%dx%d, linelength=%d, pages=%d\n", | |
27033 | vesafb_defined.xres, vesafb_defined.yres, vesafb_defined.bits_per_pixel, vesafb_fix.line_length, screen_info.pages); | |
27034 | ||
27035 | +#ifdef __i386__ | |
27036 | + | |
27037 | +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC) | |
27038 | + pmi_code = module_alloc_exec(screen_info.vesapm_size); | |
27039 | + if (!pmi_code) | |
27040 | +#elif !defined(CONFIG_PAX_KERNEXEC) | |
27041 | + if (0) | |
27042 | +#endif | |
27043 | + | |
27044 | +#endif | |
27045 | + screen_info.vesapm_seg = 0; | |
27046 | + | |
27047 | if (screen_info.vesapm_seg) { | |
27048 | - printk(KERN_INFO "vesafb: protected mode interface info at %04x:%04x\n", | |
27049 | - screen_info.vesapm_seg,screen_info.vesapm_off); | |
27050 | + printk(KERN_INFO "vesafb: protected mode interface info at %04x:%04x %04x bytes\n", | |
27051 | + screen_info.vesapm_seg,screen_info.vesapm_off,screen_info.vesapm_size); | |
27052 | } | |
27053 | ||
27054 | if (screen_info.vesapm_seg < 0xc000) | |
ae4e228f | 27055 | @@ -325,9 +335,25 @@ static int __init vesafb_probe(struct pl |
58c5fc13 MT |
27056 | |
27057 | if (ypan || pmi_setpal) { | |
27058 | unsigned short *pmi_base; | |
27059 | - pmi_base = (unsigned short*)phys_to_virt(((unsigned long)screen_info.vesapm_seg << 4) + screen_info.vesapm_off); | |
27060 | - pmi_start = (void*)((char*)pmi_base + pmi_base[1]); | |
27061 | - pmi_pal = (void*)((char*)pmi_base + pmi_base[2]); | |
27062 | + | |
58c5fc13 MT |
27063 | + pmi_base = (unsigned short*)phys_to_virt(((unsigned long)screen_info.vesapm_seg << 4) + screen_info.vesapm_off); |
27064 | + | |
27065 | +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC) | |
ae4e228f | 27066 | + pax_open_kernel(); |
58c5fc13 MT |
27067 | + memcpy(pmi_code, pmi_base, screen_info.vesapm_size); |
27068 | +#else | |
27069 | + pmi_code = pmi_base; | |
27070 | +#endif | |
27071 | + | |
27072 | + pmi_start = (void*)((char*)pmi_code + pmi_base[1]); | |
27073 | + pmi_pal = (void*)((char*)pmi_code + pmi_base[2]); | |
27074 | + | |
27075 | +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC) | |
27076 | + pmi_start = ktva_ktla(pmi_start); | |
27077 | + pmi_pal = ktva_ktla(pmi_pal); | |
ae4e228f | 27078 | + pax_close_kernel(); |
58c5fc13 MT |
27079 | +#endif |
27080 | + | |
27081 | printk(KERN_INFO "vesafb: pmi: set display start = %p, set palette = %p\n",pmi_start,pmi_pal); | |
27082 | if (pmi_base[3]) { | |
27083 | printk(KERN_INFO "vesafb: pmi: ports = "); | |
ae4e228f | 27084 | @@ -469,6 +495,11 @@ static int __init vesafb_probe(struct pl |
58c5fc13 MT |
27085 | info->node, info->fix.id); |
27086 | return 0; | |
27087 | err: | |
27088 | + | |
27089 | +#if defined(__i386__) && defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC) | |
27090 | + module_free_exec(NULL, pmi_code); | |
27091 | +#endif | |
27092 | + | |
27093 | if (info->screen_base) | |
27094 | iounmap(info->screen_base); | |
27095 | framebuffer_release(info); | |
ae4e228f MT |
27096 | diff -urNp linux-2.6.33.1/drivers/xen/sys-hypervisor.c linux-2.6.33.1/drivers/xen/sys-hypervisor.c |
27097 | --- linux-2.6.33.1/drivers/xen/sys-hypervisor.c 2010-03-15 12:09:39.000000000 -0400 | |
27098 | +++ linux-2.6.33.1/drivers/xen/sys-hypervisor.c 2010-03-20 16:58:41.272886902 -0400 | |
27099 | @@ -426,7 +426,7 @@ static ssize_t hyp_sysfs_store(struct ko | |
27100 | return 0; | |
27101 | } | |
27102 | ||
27103 | -static struct sysfs_ops hyp_sysfs_ops = { | |
27104 | +static const struct sysfs_ops hyp_sysfs_ops = { | |
27105 | .show = hyp_sysfs_show, | |
27106 | .store = hyp_sysfs_store, | |
27107 | }; | |
27108 | diff -urNp linux-2.6.33.1/fs/9p/vfs_inode.c linux-2.6.33.1/fs/9p/vfs_inode.c | |
27109 | --- linux-2.6.33.1/fs/9p/vfs_inode.c 2010-03-15 12:09:39.000000000 -0400 | |
27110 | +++ linux-2.6.33.1/fs/9p/vfs_inode.c 2010-03-20 16:58:41.284893283 -0400 | |
27111 | @@ -1041,7 +1041,7 @@ static void *v9fs_vfs_follow_link(struct | |
58c5fc13 MT |
27112 | static void |
27113 | v9fs_vfs_put_link(struct dentry *dentry, struct nameidata *nd, void *p) | |
27114 | { | |
27115 | - char *s = nd_get_link(nd); | |
27116 | + const char *s = nd_get_link(nd); | |
27117 | ||
27118 | P9_DPRINTK(P9_DEBUG_VFS, " %s %s\n", dentry->d_name.name, | |
27119 | IS_ERR(s) ? "<error>" : s); | |
ae4e228f MT |
27120 | diff -urNp linux-2.6.33.1/fs/aio.c linux-2.6.33.1/fs/aio.c |
27121 | --- linux-2.6.33.1/fs/aio.c 2010-03-15 12:09:39.000000000 -0400 | |
27122 | +++ linux-2.6.33.1/fs/aio.c 2010-03-20 16:58:41.305540612 -0400 | |
27123 | @@ -129,7 +129,7 @@ static int aio_setup_ring(struct kioctx | |
58c5fc13 MT |
27124 | size += sizeof(struct io_event) * nr_events; |
27125 | nr_pages = (size + PAGE_SIZE-1) >> PAGE_SHIFT; | |
27126 | ||
27127 | - if (nr_pages < 0) | |
27128 | + if (nr_pages <= 0) | |
27129 | return -EINVAL; | |
27130 | ||
27131 | nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event); | |
ae4e228f MT |
27132 | diff -urNp linux-2.6.33.1/fs/attr.c linux-2.6.33.1/fs/attr.c |
27133 | --- linux-2.6.33.1/fs/attr.c 2010-03-15 12:09:39.000000000 -0400 | |
27134 | +++ linux-2.6.33.1/fs/attr.c 2010-03-20 16:58:41.305540612 -0400 | |
27135 | @@ -83,6 +83,7 @@ int inode_newsize_ok(const struct inode | |
27136 | unsigned long limit; | |
27137 | ||
27138 | limit = current->signal->rlim[RLIMIT_FSIZE].rlim_cur; | |
27139 | + gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long)offset, 1); | |
27140 | if (limit != RLIM_INFINITY && offset > limit) | |
27141 | goto out_sig; | |
27142 | if (offset > inode->i_sb->s_maxbytes) | |
27143 | diff -urNp linux-2.6.33.1/fs/autofs/root.c linux-2.6.33.1/fs/autofs/root.c | |
27144 | --- linux-2.6.33.1/fs/autofs/root.c 2010-03-15 12:09:39.000000000 -0400 | |
27145 | +++ linux-2.6.33.1/fs/autofs/root.c 2010-03-20 16:58:41.316888614 -0400 | |
58c5fc13 MT |
27146 | @@ -299,7 +299,8 @@ static int autofs_root_symlink(struct in |
27147 | set_bit(n,sbi->symlink_bitmap); | |
27148 | sl = &sbi->symlink[n]; | |
27149 | sl->len = strlen(symname); | |
27150 | - sl->data = kmalloc(slsize = sl->len+1, GFP_KERNEL); | |
27151 | + slsize = sl->len+1; | |
27152 | + sl->data = kmalloc(slsize, GFP_KERNEL); | |
27153 | if (!sl->data) { | |
27154 | clear_bit(n,sbi->symlink_bitmap); | |
27155 | unlock_kernel(); | |
ae4e228f MT |
27156 | diff -urNp linux-2.6.33.1/fs/autofs4/symlink.c linux-2.6.33.1/fs/autofs4/symlink.c |
27157 | --- linux-2.6.33.1/fs/autofs4/symlink.c 2010-03-15 12:09:39.000000000 -0400 | |
27158 | +++ linux-2.6.33.1/fs/autofs4/symlink.c 2010-03-20 16:58:41.324896891 -0400 | |
58c5fc13 MT |
27159 | @@ -15,7 +15,7 @@ |
27160 | static void *autofs4_follow_link(struct dentry *dentry, struct nameidata *nd) | |
27161 | { | |
27162 | struct autofs_info *ino = autofs4_dentry_ino(dentry); | |
27163 | - nd_set_link(nd, (char *)ino->u.symlink); | |
27164 | + nd_set_link(nd, ino->u.symlink); | |
27165 | return NULL; | |
27166 | } | |
27167 | ||
ae4e228f MT |
27168 | diff -urNp linux-2.6.33.1/fs/befs/linuxvfs.c linux-2.6.33.1/fs/befs/linuxvfs.c |
27169 | --- linux-2.6.33.1/fs/befs/linuxvfs.c 2010-03-15 12:09:39.000000000 -0400 | |
27170 | +++ linux-2.6.33.1/fs/befs/linuxvfs.c 2010-03-20 16:58:41.332900573 -0400 | |
58c5fc13 MT |
27171 | @@ -493,7 +493,7 @@ static void befs_put_link(struct dentry |
27172 | { | |
27173 | befs_inode_info *befs_ino = BEFS_I(dentry->d_inode); | |
27174 | if (befs_ino->i_flags & BEFS_LONG_SYMLINK) { | |
27175 | - char *link = nd_get_link(nd); | |
27176 | + const char *link = nd_get_link(nd); | |
27177 | if (!IS_ERR(link)) | |
27178 | kfree(link); | |
27179 | } | |
ae4e228f MT |
27180 | diff -urNp linux-2.6.33.1/fs/binfmt_aout.c linux-2.6.33.1/fs/binfmt_aout.c |
27181 | --- linux-2.6.33.1/fs/binfmt_aout.c 2010-03-15 12:09:39.000000000 -0400 | |
27182 | +++ linux-2.6.33.1/fs/binfmt_aout.c 2010-03-20 16:58:41.336873242 -0400 | |
58c5fc13 MT |
27183 | @@ -16,6 +16,7 @@ |
27184 | #include <linux/string.h> | |
27185 | #include <linux/fs.h> | |
27186 | #include <linux/file.h> | |
27187 | +#include <linux/security.h> | |
27188 | #include <linux/stat.h> | |
27189 | #include <linux/fcntl.h> | |
27190 | #include <linux/ptrace.h> | |
ae4e228f | 27191 | @@ -114,10 +115,12 @@ static int aout_core_dump(struct coredum |
58c5fc13 MT |
27192 | |
27193 | /* If the size of the dump file exceeds the rlimit, then see what would happen | |
27194 | if we wrote the stack, but not the data area. */ | |
27195 | + gr_learn_resource(current, RLIMIT_CORE, (dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE, 1); | |
ae4e228f | 27196 | if ((dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE > cprm->limit) |
58c5fc13 MT |
27197 | dump.u_dsize = 0; |
27198 | ||
27199 | /* Make sure we have enough room to write the stack and data areas. */ | |
27200 | + gr_learn_resource(current, RLIMIT_CORE, (dump.u_ssize + 1) * PAGE_SIZE, 1); | |
ae4e228f | 27201 | if ((dump.u_ssize + 1) * PAGE_SIZE > cprm->limit) |
58c5fc13 MT |
27202 | dump.u_ssize = 0; |
27203 | ||
ae4e228f | 27204 | @@ -250,6 +253,8 @@ static int load_aout_binary(struct linux |
58c5fc13 MT |
27205 | rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur; |
27206 | if (rlim >= RLIM_INFINITY) | |
27207 | rlim = ~0; | |
27208 | + | |
27209 | + gr_learn_resource(current, RLIMIT_DATA, ex.a_data + ex.a_bss, 1); | |
27210 | if (ex.a_data + ex.a_bss > rlim) | |
27211 | return -ENOMEM; | |
27212 | ||
ae4e228f | 27213 | @@ -278,6 +283,27 @@ static int load_aout_binary(struct linux |
58c5fc13 MT |
27214 | install_exec_creds(bprm); |
27215 | current->flags &= ~PF_FORKNOEXEC; | |
27216 | ||
27217 | +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) | |
27218 | + current->mm->pax_flags = 0UL; | |
27219 | +#endif | |
27220 | + | |
27221 | +#ifdef CONFIG_PAX_PAGEEXEC | |
27222 | + if (!(N_FLAGS(ex) & F_PAX_PAGEEXEC)) { | |
27223 | + current->mm->pax_flags |= MF_PAX_PAGEEXEC; | |
27224 | + | |
27225 | +#ifdef CONFIG_PAX_EMUTRAMP | |
27226 | + if (N_FLAGS(ex) & F_PAX_EMUTRAMP) | |
27227 | + current->mm->pax_flags |= MF_PAX_EMUTRAMP; | |
27228 | +#endif | |
27229 | + | |
27230 | +#ifdef CONFIG_PAX_MPROTECT | |
27231 | + if (!(N_FLAGS(ex) & F_PAX_MPROTECT)) | |
27232 | + current->mm->pax_flags |= MF_PAX_MPROTECT; | |
27233 | +#endif | |
27234 | + | |
27235 | + } | |
27236 | +#endif | |
27237 | + | |
27238 | if (N_MAGIC(ex) == OMAGIC) { | |
27239 | unsigned long text_addr, map_size; | |
27240 | loff_t pos; | |
ae4e228f | 27241 | @@ -350,7 +376,7 @@ static int load_aout_binary(struct linux |
58c5fc13 MT |
27242 | |
27243 | down_write(¤t->mm->mmap_sem); | |
27244 | error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data, | |
27245 | - PROT_READ | PROT_WRITE | PROT_EXEC, | |
27246 | + PROT_READ | PROT_WRITE, | |
27247 | MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, | |
27248 | fd_offset + ex.a_text); | |
27249 | up_write(¤t->mm->mmap_sem); | |
ae4e228f MT |
27250 | diff -urNp linux-2.6.33.1/fs/binfmt_elf.c linux-2.6.33.1/fs/binfmt_elf.c |
27251 | --- linux-2.6.33.1/fs/binfmt_elf.c 2010-03-15 12:09:39.000000000 -0400 | |
27252 | +++ linux-2.6.33.1/fs/binfmt_elf.c 2010-03-20 16:58:41.348904798 -0400 | |
27253 | @@ -50,6 +50,10 @@ static int elf_core_dump(struct coredump | |
58c5fc13 MT |
27254 | #define elf_core_dump NULL |
27255 | #endif | |
27256 | ||
27257 | +#ifdef CONFIG_PAX_MPROTECT | |
27258 | +static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags); | |
27259 | +#endif | |
27260 | + | |
27261 | #if ELF_EXEC_PAGESIZE > PAGE_SIZE | |
27262 | #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE | |
27263 | #else | |
ae4e228f | 27264 | @@ -69,6 +73,11 @@ static struct linux_binfmt elf_format = |
58c5fc13 MT |
27265 | .load_binary = load_elf_binary, |
27266 | .load_shlib = load_elf_library, | |
27267 | .core_dump = elf_core_dump, | |
27268 | + | |
27269 | +#ifdef CONFIG_PAX_MPROTECT | |
27270 | + .handle_mprotect= elf_handle_mprotect, | |
27271 | +#endif | |
27272 | + | |
27273 | .min_coredump = ELF_EXEC_PAGESIZE, | |
27274 | .hasvdso = 1 | |
27275 | }; | |
ae4e228f | 27276 | @@ -77,6 +86,8 @@ static struct linux_binfmt elf_format = |
58c5fc13 MT |
27277 | |
27278 | static int set_brk(unsigned long start, unsigned long end) | |
27279 | { | |
27280 | + unsigned long e = end; | |
27281 | + | |
27282 | start = ELF_PAGEALIGN(start); | |
27283 | end = ELF_PAGEALIGN(end); | |
27284 | if (end > start) { | |
ae4e228f | 27285 | @@ -87,7 +98,7 @@ static int set_brk(unsigned long start, |
58c5fc13 MT |
27286 | if (BAD_ADDR(addr)) |
27287 | return addr; | |
27288 | } | |
27289 | - current->mm->start_brk = current->mm->brk = end; | |
27290 | + current->mm->start_brk = current->mm->brk = e; | |
27291 | return 0; | |
27292 | } | |
27293 | ||
ae4e228f | 27294 | @@ -148,7 +159,7 @@ create_elf_tables(struct linux_binprm *b |
58c5fc13 MT |
27295 | elf_addr_t __user *u_rand_bytes; |
27296 | const char *k_platform = ELF_PLATFORM; | |
27297 | const char *k_base_platform = ELF_BASE_PLATFORM; | |
27298 | - unsigned char k_rand_bytes[16]; | |
27299 | + u32 k_rand_bytes[4]; | |
27300 | int items; | |
27301 | elf_addr_t *elf_info; | |
27302 | int ei_index = 0; | |
ae4e228f | 27303 | @@ -195,6 +206,10 @@ create_elf_tables(struct linux_binprm *b |
58c5fc13 MT |
27304 | * Generate 16 random bytes for userspace PRNG seeding. |
27305 | */ | |
27306 | get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); | |
27307 | + srandom32(k_rand_bytes[0] ^ random32()); | |
27308 | + srandom32(k_rand_bytes[1] ^ random32()); | |
27309 | + srandom32(k_rand_bytes[2] ^ random32()); | |
27310 | + srandom32(k_rand_bytes[3] ^ random32()); | |
27311 | u_rand_bytes = (elf_addr_t __user *) | |
27312 | STACK_ALLOC(p, sizeof(k_rand_bytes)); | |
27313 | if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes))) | |
ae4e228f | 27314 | @@ -385,10 +400,10 @@ static unsigned long load_elf_interp(str |
58c5fc13 MT |
27315 | { |
27316 | struct elf_phdr *elf_phdata; | |
27317 | struct elf_phdr *eppnt; | |
27318 | - unsigned long load_addr = 0; | |
27319 | + unsigned long load_addr = 0, pax_task_size = TASK_SIZE; | |
27320 | int load_addr_set = 0; | |
27321 | unsigned long last_bss = 0, elf_bss = 0; | |
27322 | - unsigned long error = ~0UL; | |
27323 | + unsigned long error = -EINVAL; | |
27324 | unsigned long total_size; | |
27325 | int retval, i, size; | |
27326 | ||
ae4e228f | 27327 | @@ -434,6 +449,11 @@ static unsigned long load_elf_interp(str |
58c5fc13 MT |
27328 | goto out_close; |
27329 | } | |
27330 | ||
27331 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27332 | + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) | |
27333 | + pax_task_size = SEGMEXEC_TASK_SIZE; | |
27334 | +#endif | |
27335 | + | |
27336 | eppnt = elf_phdata; | |
27337 | for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { | |
27338 | if (eppnt->p_type == PT_LOAD) { | |
ae4e228f | 27339 | @@ -477,8 +497,8 @@ static unsigned long load_elf_interp(str |
58c5fc13 MT |
27340 | k = load_addr + eppnt->p_vaddr; |
27341 | if (BAD_ADDR(k) || | |
27342 | eppnt->p_filesz > eppnt->p_memsz || | |
27343 | - eppnt->p_memsz > TASK_SIZE || | |
27344 | - TASK_SIZE - eppnt->p_memsz < k) { | |
27345 | + eppnt->p_memsz > pax_task_size || | |
27346 | + pax_task_size - eppnt->p_memsz < k) { | |
27347 | error = -ENOMEM; | |
27348 | goto out_close; | |
27349 | } | |
ae4e228f | 27350 | @@ -532,6 +552,177 @@ out: |
58c5fc13 MT |
27351 | return error; |
27352 | } | |
27353 | ||
27354 | +#if (defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)) && defined(CONFIG_PAX_SOFTMODE) | |
27355 | +static unsigned long pax_parse_softmode(const struct elf_phdr * const elf_phdata) | |
27356 | +{ | |
27357 | + unsigned long pax_flags = 0UL; | |
27358 | + | |
27359 | +#ifdef CONFIG_PAX_PAGEEXEC | |
27360 | + if (elf_phdata->p_flags & PF_PAGEEXEC) | |
27361 | + pax_flags |= MF_PAX_PAGEEXEC; | |
27362 | +#endif | |
27363 | + | |
27364 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27365 | + if (elf_phdata->p_flags & PF_SEGMEXEC) | |
27366 | + pax_flags |= MF_PAX_SEGMEXEC; | |
27367 | +#endif | |
27368 | + | |
27369 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC) | |
27370 | + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { | |
ae4e228f | 27371 | + if ((__supported_pte_mask & _PAGE_NX)) |
58c5fc13 MT |
27372 | + pax_flags &= ~MF_PAX_SEGMEXEC; |
27373 | + else | |
27374 | + pax_flags &= ~MF_PAX_PAGEEXEC; | |
27375 | + } | |
27376 | +#endif | |
27377 | + | |
27378 | +#ifdef CONFIG_PAX_EMUTRAMP | |
27379 | + if (elf_phdata->p_flags & PF_EMUTRAMP) | |
27380 | + pax_flags |= MF_PAX_EMUTRAMP; | |
27381 | +#endif | |
27382 | + | |
27383 | +#ifdef CONFIG_PAX_MPROTECT | |
27384 | + if (elf_phdata->p_flags & PF_MPROTECT) | |
27385 | + pax_flags |= MF_PAX_MPROTECT; | |
27386 | +#endif | |
27387 | + | |
27388 | +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK) | |
27389 | + if (randomize_va_space && (elf_phdata->p_flags & PF_RANDMMAP)) | |
27390 | + pax_flags |= MF_PAX_RANDMMAP; | |
27391 | +#endif | |
27392 | + | |
27393 | + return pax_flags; | |
27394 | +} | |
27395 | +#endif | |
27396 | + | |
27397 | +#ifdef CONFIG_PAX_PT_PAX_FLAGS | |
27398 | +static unsigned long pax_parse_hardmode(const struct elf_phdr * const elf_phdata) | |
27399 | +{ | |
27400 | + unsigned long pax_flags = 0UL; | |
27401 | + | |
27402 | +#ifdef CONFIG_PAX_PAGEEXEC | |
27403 | + if (!(elf_phdata->p_flags & PF_NOPAGEEXEC)) | |
27404 | + pax_flags |= MF_PAX_PAGEEXEC; | |
27405 | +#endif | |
27406 | + | |
27407 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27408 | + if (!(elf_phdata->p_flags & PF_NOSEGMEXEC)) | |
27409 | + pax_flags |= MF_PAX_SEGMEXEC; | |
27410 | +#endif | |
27411 | + | |
27412 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC) | |
27413 | + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { | |
ae4e228f | 27414 | + if ((__supported_pte_mask & _PAGE_NX)) |
58c5fc13 MT |
27415 | + pax_flags &= ~MF_PAX_SEGMEXEC; |
27416 | + else | |
27417 | + pax_flags &= ~MF_PAX_PAGEEXEC; | |
27418 | + } | |
27419 | +#endif | |
27420 | + | |
27421 | +#ifdef CONFIG_PAX_EMUTRAMP | |
27422 | + if (!(elf_phdata->p_flags & PF_NOEMUTRAMP)) | |
27423 | + pax_flags |= MF_PAX_EMUTRAMP; | |
27424 | +#endif | |
27425 | + | |
27426 | +#ifdef CONFIG_PAX_MPROTECT | |
27427 | + if (!(elf_phdata->p_flags & PF_NOMPROTECT)) | |
27428 | + pax_flags |= MF_PAX_MPROTECT; | |
27429 | +#endif | |
27430 | + | |
27431 | +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK) | |
27432 | + if (randomize_va_space && !(elf_phdata->p_flags & PF_NORANDMMAP)) | |
27433 | + pax_flags |= MF_PAX_RANDMMAP; | |
27434 | +#endif | |
27435 | + | |
27436 | + return pax_flags; | |
27437 | +} | |
27438 | +#endif | |
27439 | + | |
27440 | +#ifdef CONFIG_PAX_EI_PAX | |
27441 | +static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex) | |
27442 | +{ | |
27443 | + unsigned long pax_flags = 0UL; | |
27444 | + | |
27445 | +#ifdef CONFIG_PAX_PAGEEXEC | |
27446 | + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC)) | |
27447 | + pax_flags |= MF_PAX_PAGEEXEC; | |
27448 | +#endif | |
27449 | + | |
27450 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27451 | + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_SEGMEXEC)) | |
27452 | + pax_flags |= MF_PAX_SEGMEXEC; | |
27453 | +#endif | |
27454 | + | |
27455 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC) | |
27456 | + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { | |
ae4e228f | 27457 | + if ((__supported_pte_mask & _PAGE_NX)) |
58c5fc13 MT |
27458 | + pax_flags &= ~MF_PAX_SEGMEXEC; |
27459 | + else | |
27460 | + pax_flags &= ~MF_PAX_PAGEEXEC; | |
27461 | + } | |
27462 | +#endif | |
27463 | + | |
27464 | +#ifdef CONFIG_PAX_EMUTRAMP | |
27465 | + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && (elf_ex->e_ident[EI_PAX] & EF_PAX_EMUTRAMP)) | |
27466 | + pax_flags |= MF_PAX_EMUTRAMP; | |
27467 | +#endif | |
27468 | + | |
27469 | +#ifdef CONFIG_PAX_MPROTECT | |
27470 | + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && !(elf_ex->e_ident[EI_PAX] & EF_PAX_MPROTECT)) | |
27471 | + pax_flags |= MF_PAX_MPROTECT; | |
27472 | +#endif | |
27473 | + | |
27474 | +#ifdef CONFIG_PAX_ASLR | |
27475 | + if (randomize_va_space && !(elf_ex->e_ident[EI_PAX] & EF_PAX_RANDMMAP)) | |
27476 | + pax_flags |= MF_PAX_RANDMMAP; | |
27477 | +#endif | |
27478 | + | |
27479 | + return pax_flags; | |
27480 | +} | |
27481 | +#endif | |
27482 | + | |
27483 | +#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) | |
27484 | +static long pax_parse_elf_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata) | |
27485 | +{ | |
27486 | + unsigned long pax_flags = 0UL; | |
27487 | + | |
27488 | +#ifdef CONFIG_PAX_PT_PAX_FLAGS | |
27489 | + unsigned long i; | |
27490 | +#endif | |
27491 | + | |
27492 | +#ifdef CONFIG_PAX_EI_PAX | |
27493 | + pax_flags = pax_parse_ei_pax(elf_ex); | |
27494 | +#endif | |
27495 | + | |
27496 | +#ifdef CONFIG_PAX_PT_PAX_FLAGS | |
27497 | + for (i = 0UL; i < elf_ex->e_phnum; i++) | |
27498 | + if (elf_phdata[i].p_type == PT_PAX_FLAGS) { | |
27499 | + if (((elf_phdata[i].p_flags & PF_PAGEEXEC) && (elf_phdata[i].p_flags & PF_NOPAGEEXEC)) || | |
27500 | + ((elf_phdata[i].p_flags & PF_SEGMEXEC) && (elf_phdata[i].p_flags & PF_NOSEGMEXEC)) || | |
27501 | + ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) || | |
27502 | + ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) || | |
27503 | + ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP))) | |
27504 | + return -EINVAL; | |
27505 | + | |
27506 | +#ifdef CONFIG_PAX_SOFTMODE | |
27507 | + if (pax_softmode) | |
27508 | + pax_flags = pax_parse_softmode(&elf_phdata[i]); | |
27509 | + else | |
27510 | +#endif | |
27511 | + | |
27512 | + pax_flags = pax_parse_hardmode(&elf_phdata[i]); | |
27513 | + break; | |
27514 | + } | |
27515 | +#endif | |
27516 | + | |
27517 | + if (0 > pax_check_flags(&pax_flags)) | |
27518 | + return -EINVAL; | |
27519 | + | |
27520 | + current->mm->pax_flags = pax_flags; | |
27521 | + return 0; | |
27522 | +} | |
27523 | +#endif | |
27524 | + | |
27525 | /* | |
27526 | * These are the functions used to load ELF style executables and shared | |
27527 | * libraries. There is no binary dependent code anywhere else. | |
ae4e228f | 27528 | @@ -548,6 +739,11 @@ static unsigned long randomize_stack_top |
58c5fc13 MT |
27529 | { |
27530 | unsigned int random_variable = 0; | |
27531 | ||
27532 | +#ifdef CONFIG_PAX_RANDUSTACK | |
27533 | + if (randomize_va_space) | |
27534 | + return stack_top - current->mm->delta_stack; | |
27535 | +#endif | |
27536 | + | |
27537 | if ((current->flags & PF_RANDOMIZE) && | |
27538 | !(current->personality & ADDR_NO_RANDOMIZE)) { | |
27539 | random_variable = get_random_int() & STACK_RND_MASK; | |
ae4e228f | 27540 | @@ -566,7 +762,7 @@ static int load_elf_binary(struct linux_ |
58c5fc13 MT |
27541 | unsigned long load_addr = 0, load_bias = 0; |
27542 | int load_addr_set = 0; | |
27543 | char * elf_interpreter = NULL; | |
27544 | - unsigned long error; | |
27545 | + unsigned long error = 0; | |
27546 | struct elf_phdr *elf_ppnt, *elf_phdata; | |
27547 | unsigned long elf_bss, elf_brk; | |
27548 | int retval, i; | |
ae4e228f | 27549 | @@ -576,11 +772,11 @@ static int load_elf_binary(struct linux_ |
58c5fc13 MT |
27550 | unsigned long start_code, end_code, start_data, end_data; |
27551 | unsigned long reloc_func_desc = 0; | |
27552 | int executable_stack = EXSTACK_DEFAULT; | |
27553 | - unsigned long def_flags = 0; | |
27554 | struct { | |
27555 | struct elfhdr elf_ex; | |
27556 | struct elfhdr interp_elf_ex; | |
27557 | } *loc; | |
27558 | + unsigned long pax_task_size = TASK_SIZE; | |
27559 | ||
27560 | loc = kmalloc(sizeof(*loc), GFP_KERNEL); | |
27561 | if (!loc) { | |
ae4e228f | 27562 | @@ -718,11 +914,80 @@ static int load_elf_binary(struct linux_ |
58c5fc13 MT |
27563 | |
27564 | /* OK, This is the point of no return */ | |
27565 | current->flags &= ~PF_FORKNOEXEC; | |
27566 | - current->mm->def_flags = def_flags; | |
27567 | + | |
27568 | +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) | |
27569 | + current->mm->pax_flags = 0UL; | |
27570 | +#endif | |
27571 | + | |
27572 | +#ifdef CONFIG_PAX_DLRESOLVE | |
27573 | + current->mm->call_dl_resolve = 0UL; | |
27574 | +#endif | |
27575 | + | |
27576 | +#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT) | |
27577 | + current->mm->call_syscall = 0UL; | |
27578 | +#endif | |
27579 | + | |
27580 | +#ifdef CONFIG_PAX_ASLR | |
27581 | + current->mm->delta_mmap = 0UL; | |
27582 | + current->mm->delta_stack = 0UL; | |
27583 | +#endif | |
27584 | + | |
27585 | + current->mm->def_flags = 0; | |
27586 | + | |
27587 | +#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) | |
27588 | + if (0 > pax_parse_elf_flags(&loc->elf_ex, elf_phdata)) { | |
27589 | + send_sig(SIGKILL, current, 0); | |
27590 | + goto out_free_dentry; | |
27591 | + } | |
27592 | +#endif | |
27593 | + | |
27594 | +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS | |
27595 | + pax_set_initial_flags(bprm); | |
27596 | +#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS) | |
27597 | + if (pax_set_initial_flags_func) | |
27598 | + (pax_set_initial_flags_func)(bprm); | |
27599 | +#endif | |
27600 | + | |
27601 | +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT | |
ae4e228f | 27602 | + if ((current->mm->pax_flags & MF_PAX_PAGEEXEC) && !(__supported_pte_mask & _PAGE_NX)) { |
58c5fc13 MT |
27603 | + current->mm->context.user_cs_limit = PAGE_SIZE; |
27604 | + current->mm->def_flags |= VM_PAGEEXEC; | |
27605 | + } | |
27606 | +#endif | |
27607 | + | |
27608 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27609 | + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) { | |
27610 | + current->mm->context.user_cs_base = SEGMEXEC_TASK_SIZE; | |
27611 | + current->mm->context.user_cs_limit = TASK_SIZE-SEGMEXEC_TASK_SIZE; | |
27612 | + pax_task_size = SEGMEXEC_TASK_SIZE; | |
27613 | + } | |
27614 | +#endif | |
27615 | + | |
27616 | +#if defined(CONFIG_ARCH_TRACK_EXEC_LIMIT) || defined(CONFIG_PAX_SEGMEXEC) | |
27617 | + if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { | |
27618 | + set_user_cs(current->mm->context.user_cs_base, current->mm->context.user_cs_limit, get_cpu()); | |
27619 | + put_cpu(); | |
27620 | + } | |
27621 | +#endif | |
ae4e228f MT |
27622 | |
27623 | /* Do this immediately, since STACK_TOP as used in setup_arg_pages | |
27624 | may depend on the personality. */ | |
27625 | SET_PERSONALITY(loc->elf_ex); | |
58c5fc13 MT |
27626 | + |
27627 | +#ifdef CONFIG_PAX_ASLR | |
27628 | + if (current->mm->pax_flags & MF_PAX_RANDMMAP) { | |
27629 | + current->mm->delta_mmap = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN)-1)) << PAGE_SHIFT; | |
27630 | + current->mm->delta_stack = (pax_get_random_long() & ((1UL << PAX_DELTA_STACK_LEN)-1)) << PAGE_SHIFT; | |
27631 | + } | |
27632 | +#endif | |
58c5fc13 MT |
27633 | + |
27634 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
27635 | + if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { | |
27636 | + executable_stack = EXSTACK_DISABLE_X; | |
27637 | + current->personality &= ~READ_IMPLIES_EXEC; | |
27638 | + } else | |
27639 | +#endif | |
27640 | + | |
27641 | if (elf_read_implies_exec(loc->elf_ex, executable_stack)) | |
27642 | current->personality |= READ_IMPLIES_EXEC; | |
27643 | ||
ae4e228f | 27644 | @@ -804,6 +1069,20 @@ static int load_elf_binary(struct linux_ |
58c5fc13 MT |
27645 | #else |
27646 | load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); | |
27647 | #endif | |
27648 | + | |
27649 | +#ifdef CONFIG_PAX_RANDMMAP | |
27650 | + /* PaX: randomize base address at the default exe base if requested */ | |
27651 | + if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && elf_interpreter) { | |
27652 | +#ifdef CONFIG_SPARC64 | |
27653 | + load_bias = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << (PAGE_SHIFT+1); | |
27654 | +#else | |
27655 | + load_bias = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << PAGE_SHIFT; | |
27656 | +#endif | |
27657 | + load_bias = ELF_PAGESTART(PAX_ELF_ET_DYN_BASE - vaddr + load_bias); | |
27658 | + elf_flags |= MAP_FIXED; | |
27659 | + } | |
27660 | +#endif | |
27661 | + | |
27662 | } | |
27663 | ||
27664 | error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, | |
ae4e228f | 27665 | @@ -836,9 +1115,9 @@ static int load_elf_binary(struct linux_ |
58c5fc13 MT |
27666 | * allowed task size. Note that p_filesz must always be |
27667 | * <= p_memsz so it is only necessary to check p_memsz. | |
27668 | */ | |
27669 | - if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz || | |
27670 | - elf_ppnt->p_memsz > TASK_SIZE || | |
27671 | - TASK_SIZE - elf_ppnt->p_memsz < k) { | |
27672 | + if (k >= pax_task_size || elf_ppnt->p_filesz > elf_ppnt->p_memsz || | |
27673 | + elf_ppnt->p_memsz > pax_task_size || | |
27674 | + pax_task_size - elf_ppnt->p_memsz < k) { | |
27675 | /* set_brk can never work. Avoid overflows. */ | |
27676 | send_sig(SIGKILL, current, 0); | |
27677 | retval = -EINVAL; | |
ae4e228f | 27678 | @@ -866,6 +1145,11 @@ static int load_elf_binary(struct linux_ |
58c5fc13 MT |
27679 | start_data += load_bias; |
27680 | end_data += load_bias; | |
27681 | ||
27682 | +#ifdef CONFIG_PAX_RANDMMAP | |
27683 | + if (current->mm->pax_flags & MF_PAX_RANDMMAP) | |
27684 | + elf_brk += PAGE_SIZE + ((pax_get_random_long() & ~PAGE_MASK) << 4); | |
27685 | +#endif | |
27686 | + | |
27687 | /* Calling set_brk effectively mmaps the pages that we need | |
27688 | * for the bss and break sections. We must do this before | |
27689 | * mapping in the interpreter, to make sure it doesn't wind | |
ae4e228f | 27690 | @@ -877,9 +1161,11 @@ static int load_elf_binary(struct linux_ |
58c5fc13 MT |
27691 | goto out_free_dentry; |
27692 | } | |
27693 | if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { | |
27694 | - send_sig(SIGSEGV, current, 0); | |
27695 | - retval = -EFAULT; /* Nobody gets to see this, but.. */ | |
27696 | - goto out_free_dentry; | |
27697 | + /* | |
27698 | + * This bss-zeroing can fail if the ELF | |
27699 | + * file specifies odd protections. So | |
27700 | + * we don't check the return value | |
27701 | + */ | |
27702 | } | |
27703 | ||
27704 | if (elf_interpreter) { | |
ae4e228f | 27705 | @@ -1107,8 +1393,10 @@ static int dump_seek(struct file *file, |
58c5fc13 MT |
27706 | unsigned long n = off; |
27707 | if (n > PAGE_SIZE) | |
27708 | n = PAGE_SIZE; | |
27709 | - if (!dump_write(file, buf, n)) | |
27710 | + if (!dump_write(file, buf, n)) { | |
27711 | + free_page((unsigned long)buf); | |
27712 | return 0; | |
27713 | + } | |
27714 | off -= n; | |
27715 | } | |
27716 | free_page((unsigned long)buf); | |
ae4e228f | 27717 | @@ -1120,7 +1408,7 @@ static int dump_seek(struct file *file, |
58c5fc13 MT |
27718 | * Decide what to dump of a segment, part, all or none. |
27719 | */ | |
27720 | static unsigned long vma_dump_size(struct vm_area_struct *vma, | |
27721 | - unsigned long mm_flags) | |
27722 | + unsigned long mm_flags, long signr) | |
27723 | { | |
27724 | #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) | |
27725 | ||
ae4e228f | 27726 | @@ -1154,7 +1442,7 @@ static unsigned long vma_dump_size(struc |
58c5fc13 MT |
27727 | if (vma->vm_file == NULL) |
27728 | return 0; | |
27729 | ||
27730 | - if (FILTER(MAPPED_PRIVATE)) | |
27731 | + if (signr == SIGKILL || FILTER(MAPPED_PRIVATE)) | |
27732 | goto whole; | |
27733 | ||
27734 | /* | |
ae4e228f | 27735 | @@ -1250,9 +1538,12 @@ static int writenote(struct memelfnote * |
58c5fc13 MT |
27736 | #undef DUMP_WRITE |
27737 | ||
ae4e228f MT |
27738 | #define DUMP_WRITE(addr, nr) \ |
27739 | + do { \ | |
58c5fc13 | 27740 | + gr_learn_resource(current, RLIMIT_CORE, size + (nr), 1); \ |
ae4e228f MT |
27741 | if ((size += (nr)) > cprm->limit || \ |
27742 | !dump_write(cprm->file, (addr), (nr))) \ | |
58c5fc13 | 27743 | - goto end_coredump; |
ae4e228f | 27744 | + goto end_coredump; \ |
58c5fc13 | 27745 | + } while (0); |
ae4e228f MT |
27746 | |
27747 | static void fill_elf_header(struct elfhdr *elf, int segs, | |
27748 | u16 machine, u32 flags, u8 osabi) | |
27749 | @@ -1381,9 +1672,9 @@ static void fill_auxv_note(struct memelf | |
27750 | { | |
27751 | elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; | |
27752 | int i = 0; | |
27753 | - do | |
27754 | + do { | |
27755 | i += 2; | |
27756 | - while (auxv[i - 2] != AT_NULL); | |
27757 | + } while (auxv[i - 2] != AT_NULL); | |
27758 | fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); | |
27759 | } | |
27760 | ||
27761 | @@ -1969,7 +2260,7 @@ static int elf_core_dump(struct coredump | |
58c5fc13 MT |
27762 | phdr.p_offset = offset; |
27763 | phdr.p_vaddr = vma->vm_start; | |
27764 | phdr.p_paddr = 0; | |
27765 | - phdr.p_filesz = vma_dump_size(vma, mm_flags); | |
ae4e228f | 27766 | + phdr.p_filesz = vma_dump_size(vma, mm_flags, cprm->signr); |
58c5fc13 MT |
27767 | phdr.p_memsz = vma->vm_end - vma->vm_start; |
27768 | offset += phdr.p_filesz; | |
27769 | phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; | |
ae4e228f | 27770 | @@ -2002,7 +2293,7 @@ static int elf_core_dump(struct coredump |
58c5fc13 MT |
27771 | unsigned long addr; |
27772 | unsigned long end; | |
27773 | ||
27774 | - end = vma->vm_start + vma_dump_size(vma, mm_flags); | |
ae4e228f | 27775 | + end = vma->vm_start + vma_dump_size(vma, mm_flags, cprm->signr); |
58c5fc13 MT |
27776 | |
27777 | for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { | |
27778 | struct page *page; | |
ae4e228f MT |
27779 | @@ -2011,6 +2302,7 @@ static int elf_core_dump(struct coredump |
27780 | page = get_dump_page(addr); | |
27781 | if (page) { | |
27782 | void *kaddr = kmap(page); | |
27783 | + gr_learn_resource(current, RLIMIT_CORE, size + PAGE_SIZE, 1); | |
27784 | stop = ((size += PAGE_SIZE) > cprm->limit) || | |
27785 | !dump_write(cprm->file, kaddr, | |
27786 | PAGE_SIZE); | |
27787 | @@ -2039,6 +2331,97 @@ out: | |
27788 | ||
27789 | #endif /* CONFIG_ELF_CORE */ | |
58c5fc13 MT |
27790 | |
27791 | +#ifdef CONFIG_PAX_MPROTECT | |
27792 | +/* PaX: non-PIC ELF libraries need relocations on their executable segments | |
27793 | + * therefore we'll grant them VM_MAYWRITE once during their life. Similarly | |
27794 | + * we'll remove VM_MAYWRITE for good on RELRO segments. | |
27795 | + * | |
27796 | + * The checks favour ld-linux.so behaviour which operates on a per ELF segment | |
27797 | + * basis because we want to allow the common case and not the special ones. | |
27798 | + */ | |
27799 | +static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags) | |
27800 | +{ | |
27801 | + struct elfhdr elf_h; | |
27802 | + struct elf_phdr elf_p; | |
27803 | + unsigned long i; | |
27804 | + unsigned long oldflags; | |
27805 | + bool is_textrel_rw, is_textrel_rx, is_relro; | |
27806 | + | |
27807 | + if (!(vma->vm_mm->pax_flags & MF_PAX_MPROTECT)) | |
27808 | + return; | |
27809 | + | |
27810 | + oldflags = vma->vm_flags & (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ); | |
27811 | + newflags &= VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ; | |
27812 | + | |
27813 | +#ifdef CONFIG_PAX_NOELFRELOCS | |
27814 | + is_textrel_rw = false; | |
27815 | + is_textrel_rx = false; | |
27816 | +#else | |
27817 | + /* possible TEXTREL */ | |
27818 | + is_textrel_rw = vma->vm_file && !vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYREAD | VM_EXEC | VM_READ) && newflags == (VM_WRITE | VM_READ); | |
27819 | + is_textrel_rx = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_WRITE | VM_READ) && newflags == (VM_EXEC | VM_READ); | |
27820 | +#endif | |
27821 | + | |
27822 | + /* possible RELRO */ | |
27823 | + is_relro = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ) && newflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ); | |
27824 | + | |
27825 | + if (!is_textrel_rw && !is_textrel_rx && !is_relro) | |
27826 | + return; | |
27827 | + | |
27828 | + if (sizeof(elf_h) != kernel_read(vma->vm_file, 0UL, (char *)&elf_h, sizeof(elf_h)) || | |
27829 | + memcmp(elf_h.e_ident, ELFMAG, SELFMAG) || | |
27830 | + | |
27831 | +#ifdef CONFIG_PAX_ETEXECRELOCS | |
27832 | + ((is_textrel_rw || is_textrel_rx) && (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC)) || | |
27833 | +#else | |
27834 | + ((is_textrel_rw || is_textrel_rx) && elf_h.e_type != ET_DYN) || | |
27835 | +#endif | |
27836 | + | |
27837 | + (is_relro && (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC)) || | |
27838 | + !elf_check_arch(&elf_h) || | |
27839 | + elf_h.e_phentsize != sizeof(struct elf_phdr) || | |
27840 | + elf_h.e_phnum > 65536UL / sizeof(struct elf_phdr)) | |
27841 | + return; | |
27842 | + | |
27843 | + for (i = 0UL; i < elf_h.e_phnum; i++) { | |
27844 | + if (sizeof(elf_p) != kernel_read(vma->vm_file, elf_h.e_phoff + i*sizeof(elf_p), (char *)&elf_p, sizeof(elf_p))) | |
27845 | + return; | |
27846 | + switch (elf_p.p_type) { | |
27847 | + case PT_DYNAMIC: | |
27848 | + if (!is_textrel_rw && !is_textrel_rx) | |
27849 | + continue; | |
27850 | + i = 0UL; | |
27851 | + while ((i+1) * sizeof(elf_dyn) <= elf_p.p_filesz) { | |
27852 | + elf_dyn dyn; | |
27853 | + | |
27854 | + if (sizeof(dyn) != kernel_read(vma->vm_file, elf_p.p_offset + i*sizeof(dyn), (char *)&dyn, sizeof(dyn))) | |
27855 | + return; | |
27856 | + if (dyn.d_tag == DT_NULL) | |
27857 | + return; | |
27858 | + if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) { | |
27859 | + gr_log_textrel(vma); | |
27860 | + if (is_textrel_rw) | |
27861 | + vma->vm_flags |= VM_MAYWRITE; | |
27862 | + else | |
27863 | + /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */ | |
27864 | + vma->vm_flags &= ~VM_MAYWRITE; | |
27865 | + return; | |
27866 | + } | |
27867 | + i++; | |
27868 | + } | |
27869 | + return; | |
27870 | + | |
27871 | + case PT_GNU_RELRO: | |
27872 | + if (!is_relro) | |
27873 | + continue; | |
27874 | + if ((elf_p.p_offset >> PAGE_SHIFT) == vma->vm_pgoff && ELF_PAGEALIGN(elf_p.p_memsz) == vma->vm_end - vma->vm_start) | |
27875 | + vma->vm_flags &= ~VM_MAYWRITE; | |
27876 | + return; | |
27877 | + } | |
27878 | + } | |
27879 | +} | |
27880 | +#endif | |
27881 | + | |
27882 | static int __init init_elf_binfmt(void) | |
27883 | { | |
27884 | return register_binfmt(&elf_format); | |
ae4e228f MT |
27885 | diff -urNp linux-2.6.33.1/fs/binfmt_flat.c linux-2.6.33.1/fs/binfmt_flat.c |
27886 | --- linux-2.6.33.1/fs/binfmt_flat.c 2010-03-15 12:09:39.000000000 -0400 | |
27887 | +++ linux-2.6.33.1/fs/binfmt_flat.c 2010-03-20 16:58:41.369218937 -0400 | |
27888 | @@ -564,7 +564,9 @@ static int load_flat_file(struct linux_b | |
58c5fc13 MT |
27889 | realdatastart = (unsigned long) -ENOMEM; |
27890 | printk("Unable to allocate RAM for process data, errno %d\n", | |
27891 | (int)-realdatastart); | |
27892 | + down_write(¤t->mm->mmap_sem); | |
27893 | do_munmap(current->mm, textpos, text_len); | |
27894 | + up_write(¤t->mm->mmap_sem); | |
27895 | ret = realdatastart; | |
27896 | goto err; | |
27897 | } | |
ae4e228f | 27898 | @@ -588,8 +590,10 @@ static int load_flat_file(struct linux_b |
58c5fc13 | 27899 | } |
ae4e228f | 27900 | if (IS_ERR_VALUE(result)) { |
58c5fc13 MT |
27901 | printk("Unable to read data+bss, errno %d\n", (int)-result); |
27902 | + down_write(¤t->mm->mmap_sem); | |
27903 | do_munmap(current->mm, textpos, text_len); | |
27904 | do_munmap(current->mm, realdatastart, data_len + extra); | |
27905 | + up_write(¤t->mm->mmap_sem); | |
27906 | ret = result; | |
27907 | goto err; | |
27908 | } | |
ae4e228f | 27909 | @@ -658,8 +662,10 @@ static int load_flat_file(struct linux_b |
58c5fc13 | 27910 | } |
ae4e228f | 27911 | if (IS_ERR_VALUE(result)) { |
58c5fc13 MT |
27912 | printk("Unable to read code+data+bss, errno %d\n",(int)-result); |
27913 | + down_write(¤t->mm->mmap_sem); | |
27914 | do_munmap(current->mm, textpos, text_len + data_len + extra + | |
27915 | MAX_SHARED_LIBS * sizeof(unsigned long)); | |
27916 | + up_write(¤t->mm->mmap_sem); | |
27917 | ret = result; | |
27918 | goto err; | |
27919 | } | |
ae4e228f MT |
27920 | diff -urNp linux-2.6.33.1/fs/binfmt_misc.c linux-2.6.33.1/fs/binfmt_misc.c |
27921 | --- linux-2.6.33.1/fs/binfmt_misc.c 2010-03-15 12:09:39.000000000 -0400 | |
27922 | +++ linux-2.6.33.1/fs/binfmt_misc.c 2010-03-20 16:58:41.384059578 -0400 | |
58c5fc13 MT |
27923 | @@ -693,7 +693,7 @@ static int bm_fill_super(struct super_bl |
27924 | static struct tree_descr bm_files[] = { | |
27925 | [2] = {"status", &bm_status_operations, S_IWUSR|S_IRUGO}, | |
27926 | [3] = {"register", &bm_register_operations, S_IWUSR}, | |
27927 | - /* last one */ {""} | |
27928 | + /* last one */ {"", NULL, 0} | |
27929 | }; | |
27930 | int err = simple_fill_super(sb, 0x42494e4d, bm_files); | |
27931 | if (!err) | |
ae4e228f MT |
27932 | diff -urNp linux-2.6.33.1/fs/bio.c linux-2.6.33.1/fs/bio.c |
27933 | --- linux-2.6.33.1/fs/bio.c 2010-03-15 12:09:39.000000000 -0400 | |
27934 | +++ linux-2.6.33.1/fs/bio.c 2010-03-20 16:58:41.384547944 -0400 | |
27935 | @@ -1217,7 +1217,7 @@ static void bio_copy_kern_endio(struct b | |
27936 | const int read = bio_data_dir(bio) == READ; | |
27937 | struct bio_map_data *bmd = bio->bi_private; | |
27938 | int i; | |
27939 | - char *p = bmd->sgvecs[0].iov_base; | |
27940 | + char *p = (__force char *)bmd->sgvecs[0].iov_base; | |
27941 | ||
27942 | __bio_for_each_segment(bvec, bio, i, 0) { | |
27943 | char *addr = page_address(bvec->bv_page); | |
27944 | diff -urNp linux-2.6.33.1/fs/btrfs/ctree.c linux-2.6.33.1/fs/btrfs/ctree.c | |
27945 | --- linux-2.6.33.1/fs/btrfs/ctree.c 2010-03-15 12:09:39.000000000 -0400 | |
27946 | +++ linux-2.6.33.1/fs/btrfs/ctree.c 2010-03-20 16:58:41.388867884 -0400 | |
27947 | @@ -3645,7 +3645,6 @@ setup_items_for_insert(struct btrfs_tran | |
27948 | ||
27949 | ret = 0; | |
27950 | if (slot == 0) { | |
27951 | - struct btrfs_disk_key disk_key; | |
27952 | btrfs_cpu_key_to_disk(&disk_key, cpu_key); | |
27953 | ret = fixup_low_keys(trans, root, path, &disk_key, 1); | |
27954 | } | |
27955 | diff -urNp linux-2.6.33.1/fs/btrfs/disk-io.c linux-2.6.33.1/fs/btrfs/disk-io.c | |
27956 | --- linux-2.6.33.1/fs/btrfs/disk-io.c 2010-03-15 12:09:39.000000000 -0400 | |
27957 | +++ linux-2.6.33.1/fs/btrfs/disk-io.c 2010-03-20 16:58:41.388867884 -0400 | |
27958 | @@ -39,7 +39,7 @@ | |
27959 | #include "tree-log.h" | |
27960 | #include "free-space-cache.h" | |
27961 | ||
27962 | -static struct extent_io_ops btree_extent_io_ops; | |
27963 | +static const struct extent_io_ops btree_extent_io_ops; | |
27964 | static void end_workqueue_fn(struct btrfs_work *work); | |
27965 | static void free_fs_root(struct btrfs_root *root); | |
27966 | ||
27967 | @@ -2605,7 +2605,7 @@ out: | |
58c5fc13 MT |
27968 | return 0; |
27969 | } | |
27970 | ||
ae4e228f MT |
27971 | -static struct extent_io_ops btree_extent_io_ops = { |
27972 | +static const struct extent_io_ops btree_extent_io_ops = { | |
27973 | .write_cache_pages_lock_hook = btree_lock_page_hook, | |
27974 | .readpage_end_io_hook = btree_readpage_end_io_hook, | |
27975 | .submit_bio_hook = btree_submit_bio_hook, | |
27976 | diff -urNp linux-2.6.33.1/fs/btrfs/extent_io.h linux-2.6.33.1/fs/btrfs/extent_io.h | |
27977 | --- linux-2.6.33.1/fs/btrfs/extent_io.h 2010-03-15 12:09:39.000000000 -0400 | |
27978 | +++ linux-2.6.33.1/fs/btrfs/extent_io.h 2010-03-20 16:58:41.392898040 -0400 | |
27979 | @@ -49,36 +49,36 @@ typedef int (extent_submit_bio_hook_t)(s | |
27980 | struct bio *bio, int mirror_num, | |
27981 | unsigned long bio_flags); | |
27982 | struct extent_io_ops { | |
27983 | - int (*fill_delalloc)(struct inode *inode, struct page *locked_page, | |
27984 | + int (* const fill_delalloc)(struct inode *inode, struct page *locked_page, | |
27985 | u64 start, u64 end, int *page_started, | |
27986 | unsigned long *nr_written); | |
27987 | - int (*writepage_start_hook)(struct page *page, u64 start, u64 end); | |
27988 | - int (*writepage_io_hook)(struct page *page, u64 start, u64 end); | |
27989 | + int (* const writepage_start_hook)(struct page *page, u64 start, u64 end); | |
27990 | + int (* const writepage_io_hook)(struct page *page, u64 start, u64 end); | |
27991 | extent_submit_bio_hook_t *submit_bio_hook; | |
27992 | - int (*merge_bio_hook)(struct page *page, unsigned long offset, | |
27993 | + int (* const merge_bio_hook)(struct page *page, unsigned long offset, | |
27994 | size_t size, struct bio *bio, | |
27995 | unsigned long bio_flags); | |
27996 | - int (*readpage_io_hook)(struct page *page, u64 start, u64 end); | |
27997 | - int (*readpage_io_failed_hook)(struct bio *bio, struct page *page, | |
27998 | + int (* const readpage_io_hook)(struct page *page, u64 start, u64 end); | |
27999 | + int (* const readpage_io_failed_hook)(struct bio *bio, struct page *page, | |
28000 | u64 start, u64 end, | |
28001 | struct extent_state *state); | |
28002 | - int (*writepage_io_failed_hook)(struct bio *bio, struct page *page, | |
28003 | + int (* const writepage_io_failed_hook)(struct bio *bio, struct page *page, | |
28004 | u64 start, u64 end, | |
28005 | struct extent_state *state); | |
28006 | - int (*readpage_end_io_hook)(struct page *page, u64 start, u64 end, | |
28007 | + int (* const readpage_end_io_hook)(struct page *page, u64 start, u64 end, | |
28008 | struct extent_state *state); | |
28009 | - int (*writepage_end_io_hook)(struct page *page, u64 start, u64 end, | |
28010 | + int (* const writepage_end_io_hook)(struct page *page, u64 start, u64 end, | |
28011 | struct extent_state *state, int uptodate); | |
28012 | - int (*set_bit_hook)(struct inode *inode, u64 start, u64 end, | |
28013 | + int (* const set_bit_hook)(struct inode *inode, u64 start, u64 end, | |
28014 | unsigned long old, unsigned long bits); | |
28015 | - int (*clear_bit_hook)(struct inode *inode, struct extent_state *state, | |
28016 | + int (* const clear_bit_hook)(struct inode *inode, struct extent_state *state, | |
28017 | unsigned long bits); | |
28018 | - int (*merge_extent_hook)(struct inode *inode, | |
28019 | + int (* const merge_extent_hook)(struct inode *inode, | |
28020 | struct extent_state *new, | |
28021 | struct extent_state *other); | |
28022 | - int (*split_extent_hook)(struct inode *inode, | |
28023 | + int (* const split_extent_hook)(struct inode *inode, | |
28024 | struct extent_state *orig, u64 split); | |
28025 | - int (*write_cache_pages_lock_hook)(struct page *page); | |
28026 | + int (* const write_cache_pages_lock_hook)(struct page *page); | |
28027 | }; | |
28028 | ||
28029 | struct extent_io_tree { | |
28030 | @@ -88,7 +88,7 @@ struct extent_io_tree { | |
28031 | u64 dirty_bytes; | |
28032 | spinlock_t lock; | |
28033 | spinlock_t buffer_lock; | |
28034 | - struct extent_io_ops *ops; | |
28035 | + const struct extent_io_ops *ops; | |
28036 | }; | |
28037 | ||
28038 | struct extent_state { | |
28039 | diff -urNp linux-2.6.33.1/fs/btrfs/free-space-cache.c linux-2.6.33.1/fs/btrfs/free-space-cache.c | |
28040 | --- linux-2.6.33.1/fs/btrfs/free-space-cache.c 2010-03-15 12:09:39.000000000 -0400 | |
28041 | +++ linux-2.6.33.1/fs/btrfs/free-space-cache.c 2010-03-20 16:58:41.392898040 -0400 | |
28042 | @@ -1074,8 +1074,6 @@ u64 btrfs_alloc_from_cluster(struct btrf | |
28043 | ||
28044 | while(1) { | |
28045 | if (entry->bytes < bytes || entry->offset < min_start) { | |
28046 | - struct rb_node *node; | |
28047 | - | |
28048 | node = rb_next(&entry->offset_index); | |
28049 | if (!node) | |
28050 | break; | |
28051 | @@ -1226,7 +1224,7 @@ again: | |
28052 | */ | |
28053 | while (entry->bitmap || found_bitmap || | |
28054 | (!entry->bitmap && entry->bytes < min_bytes)) { | |
28055 | - struct rb_node *node = rb_next(&entry->offset_index); | |
28056 | + node = rb_next(&entry->offset_index); | |
28057 | ||
28058 | if (entry->bitmap && entry->bytes > bytes + empty_size) { | |
28059 | ret = btrfs_bitmap_cluster(block_group, entry, cluster, | |
28060 | diff -urNp linux-2.6.33.1/fs/btrfs/inode.c linux-2.6.33.1/fs/btrfs/inode.c | |
28061 | --- linux-2.6.33.1/fs/btrfs/inode.c 2010-03-15 12:09:39.000000000 -0400 | |
28062 | +++ linux-2.6.33.1/fs/btrfs/inode.c 2010-03-20 16:58:41.396902904 -0400 | |
28063 | @@ -63,7 +63,7 @@ static const struct inode_operations btr | |
28064 | static const struct address_space_operations btrfs_aops; | |
28065 | static const struct address_space_operations btrfs_symlink_aops; | |
28066 | static const struct file_operations btrfs_dir_file_operations; | |
28067 | -static struct extent_io_ops btrfs_extent_io_ops; | |
28068 | +static const struct extent_io_ops btrfs_extent_io_ops; | |
58c5fc13 MT |
28069 | |
28070 | static struct kmem_cache *btrfs_inode_cachep; | |
ae4e228f MT |
28071 | struct kmem_cache *btrfs_trans_handle_cachep; |
28072 | @@ -5973,7 +5973,7 @@ static const struct file_operations btrf | |
28073 | .fsync = btrfs_sync_file, | |
28074 | }; | |
58c5fc13 | 28075 | |
ae4e228f MT |
28076 | -static struct extent_io_ops btrfs_extent_io_ops = { |
28077 | +static const struct extent_io_ops btrfs_extent_io_ops = { | |
28078 | .fill_delalloc = run_delalloc_range, | |
28079 | .submit_bio_hook = btrfs_submit_bio_hook, | |
28080 | .merge_bio_hook = btrfs_merge_bio_hook, | |
28081 | diff -urNp linux-2.6.33.1/fs/btrfs/sysfs.c linux-2.6.33.1/fs/btrfs/sysfs.c | |
28082 | --- linux-2.6.33.1/fs/btrfs/sysfs.c 2010-03-15 12:09:39.000000000 -0400 | |
28083 | +++ linux-2.6.33.1/fs/btrfs/sysfs.c 2010-03-20 16:58:41.404901120 -0400 | |
28084 | @@ -164,12 +164,12 @@ static void btrfs_root_release(struct ko | |
28085 | complete(&root->kobj_unregister); | |
28086 | } | |
28087 | ||
28088 | -static struct sysfs_ops btrfs_super_attr_ops = { | |
28089 | +static const struct sysfs_ops btrfs_super_attr_ops = { | |
28090 | .show = btrfs_super_attr_show, | |
28091 | .store = btrfs_super_attr_store, | |
28092 | }; | |
28093 | ||
28094 | -static struct sysfs_ops btrfs_root_attr_ops = { | |
28095 | +static const struct sysfs_ops btrfs_root_attr_ops = { | |
28096 | .show = btrfs_root_attr_show, | |
28097 | .store = btrfs_root_attr_store, | |
28098 | }; | |
28099 | diff -urNp linux-2.6.33.1/fs/buffer.c linux-2.6.33.1/fs/buffer.c | |
28100 | --- linux-2.6.33.1/fs/buffer.c 2010-03-15 12:09:39.000000000 -0400 | |
28101 | +++ linux-2.6.33.1/fs/buffer.c 2010-03-20 16:58:41.408897047 -0400 | |
58c5fc13 MT |
28102 | @@ -25,6 +25,7 @@ |
28103 | #include <linux/percpu.h> | |
28104 | #include <linux/slab.h> | |
28105 | #include <linux/capability.h> | |
28106 | +#include <linux/security.h> | |
28107 | #include <linux/blkdev.h> | |
28108 | #include <linux/file.h> | |
28109 | #include <linux/quotaops.h> | |
ae4e228f MT |
28110 | diff -urNp linux-2.6.33.1/fs/cachefiles/daemon.c linux-2.6.33.1/fs/cachefiles/daemon.c |
28111 | --- linux-2.6.33.1/fs/cachefiles/daemon.c 2010-03-15 12:09:39.000000000 -0400 | |
28112 | +++ linux-2.6.33.1/fs/cachefiles/daemon.c 2010-03-20 16:58:41.408897047 -0400 | |
28113 | @@ -195,7 +195,7 @@ static ssize_t cachefiles_daemon_read(st | |
28114 | if (n > buflen) | |
28115 | return -EMSGSIZE; | |
28116 | ||
28117 | - if (copy_to_user(_buffer, buffer, n) != 0) | |
28118 | + if (n > sizeof(buffer) || copy_to_user(_buffer, buffer, n) != 0) | |
28119 | return -EFAULT; | |
58c5fc13 | 28120 | |
ae4e228f MT |
28121 | return n; |
28122 | diff -urNp linux-2.6.33.1/fs/cachefiles/rdwr.c linux-2.6.33.1/fs/cachefiles/rdwr.c | |
28123 | --- linux-2.6.33.1/fs/cachefiles/rdwr.c 2010-03-15 12:09:39.000000000 -0400 | |
28124 | +++ linux-2.6.33.1/fs/cachefiles/rdwr.c 2010-03-20 16:58:41.412812404 -0400 | |
28125 | @@ -944,7 +944,7 @@ int cachefiles_write_page(struct fscache | |
28126 | old_fs = get_fs(); | |
28127 | set_fs(KERNEL_DS); | |
28128 | ret = file->f_op->write( | |
28129 | - file, (const void __user *) data, len, &pos); | |
28130 | + file, (__force const void __user *) data, len, &pos); | |
28131 | set_fs(old_fs); | |
28132 | kunmap(page); | |
28133 | if (ret != len) | |
28134 | diff -urNp linux-2.6.33.1/fs/cifs/cifs_uniupr.h linux-2.6.33.1/fs/cifs/cifs_uniupr.h | |
28135 | --- linux-2.6.33.1/fs/cifs/cifs_uniupr.h 2010-03-15 12:09:39.000000000 -0400 | |
28136 | +++ linux-2.6.33.1/fs/cifs/cifs_uniupr.h 2010-03-20 16:58:41.416893406 -0400 | |
58c5fc13 MT |
28137 | @@ -132,7 +132,7 @@ const struct UniCaseRange CifsUniUpperRa |
28138 | {0x0490, 0x04cc, UniCaseRangeU0490}, | |
28139 | {0x1e00, 0x1ffc, UniCaseRangeU1e00}, | |
28140 | {0xff40, 0xff5a, UniCaseRangeUff40}, | |
28141 | - {0} | |
28142 | + {0, 0, NULL} | |
28143 | }; | |
28144 | #endif | |
28145 | ||
ae4e228f MT |
28146 | diff -urNp linux-2.6.33.1/fs/cifs/link.c linux-2.6.33.1/fs/cifs/link.c |
28147 | --- linux-2.6.33.1/fs/cifs/link.c 2010-03-15 12:09:39.000000000 -0400 | |
28148 | +++ linux-2.6.33.1/fs/cifs/link.c 2010-03-20 16:58:41.416893406 -0400 | |
58c5fc13 MT |
28149 | @@ -215,7 +215,7 @@ cifs_symlink(struct inode *inode, struct |
28150 | ||
28151 | void cifs_put_link(struct dentry *direntry, struct nameidata *nd, void *cookie) | |
28152 | { | |
28153 | - char *p = nd_get_link(nd); | |
28154 | + const char *p = nd_get_link(nd); | |
28155 | if (!IS_ERR(p)) | |
28156 | kfree(p); | |
28157 | } | |
ae4e228f MT |
28158 | diff -urNp linux-2.6.33.1/fs/compat_binfmt_elf.c linux-2.6.33.1/fs/compat_binfmt_elf.c |
28159 | --- linux-2.6.33.1/fs/compat_binfmt_elf.c 2010-03-15 12:09:39.000000000 -0400 | |
28160 | +++ linux-2.6.33.1/fs/compat_binfmt_elf.c 2010-03-20 16:58:41.424927933 -0400 | |
58c5fc13 MT |
28161 | @@ -29,10 +29,12 @@ |
28162 | #undef elfhdr | |
28163 | #undef elf_phdr | |
28164 | #undef elf_note | |
ae4e228f | 28165 | +#undef elf_dyn |
58c5fc13 MT |
28166 | #undef elf_addr_t |
28167 | #define elfhdr elf32_hdr | |
28168 | #define elf_phdr elf32_phdr | |
28169 | #define elf_note elf32_note | |
28170 | +#define elf_dyn Elf32_Dyn | |
28171 | #define elf_addr_t Elf32_Addr | |
28172 | ||
28173 | /* | |
ae4e228f MT |
28174 | diff -urNp linux-2.6.33.1/fs/compat.c linux-2.6.33.1/fs/compat.c |
28175 | --- linux-2.6.33.1/fs/compat.c 2010-03-15 12:09:39.000000000 -0400 | |
28176 | +++ linux-2.6.33.1/fs/compat.c 2010-03-20 16:58:41.424927933 -0400 | |
28177 | @@ -1408,14 +1408,12 @@ static int compat_copy_strings(int argc, | |
58c5fc13 MT |
28178 | if (!kmapped_page || kpos != (pos & PAGE_MASK)) { |
28179 | struct page *page; | |
28180 | ||
28181 | -#ifdef CONFIG_STACK_GROWSUP | |
28182 | ret = expand_stack_downwards(bprm->vma, pos); | |
28183 | if (ret < 0) { | |
28184 | /* We've exceed the stack rlimit. */ | |
28185 | ret = -E2BIG; | |
28186 | goto out; | |
28187 | } | |
28188 | -#endif | |
28189 | ret = get_user_pages(current, bprm->mm, pos, | |
28190 | 1, 1, 1, &page, NULL); | |
28191 | if (ret <= 0) { | |
ae4e228f | 28192 | @@ -1461,6 +1459,11 @@ int compat_do_execve(char * filename, |
58c5fc13 MT |
28193 | compat_uptr_t __user *envp, |
28194 | struct pt_regs * regs) | |
28195 | { | |
28196 | +#ifdef CONFIG_GRKERNSEC | |
28197 | + struct file *old_exec_file; | |
28198 | + struct acl_subject_label *old_acl; | |
28199 | + struct rlimit old_rlim[RLIM_NLIMITS]; | |
28200 | +#endif | |
28201 | struct linux_binprm *bprm; | |
28202 | struct file *file; | |
28203 | struct files_struct *displaced; | |
ae4e228f | 28204 | @@ -1497,6 +1500,14 @@ int compat_do_execve(char * filename, |
58c5fc13 MT |
28205 | bprm->filename = filename; |
28206 | bprm->interp = filename; | |
28207 | ||
28208 | + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->cred->user->processes), 1); | |
28209 | + retval = -EAGAIN; | |
28210 | + if (gr_handle_nproc()) | |
28211 | + goto out_file; | |
28212 | + retval = -EACCES; | |
28213 | + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) | |
28214 | + goto out_file; | |
28215 | + | |
28216 | retval = bprm_mm_init(bprm); | |
28217 | if (retval) | |
28218 | goto out_file; | |
ae4e228f | 28219 | @@ -1526,9 +1537,40 @@ int compat_do_execve(char * filename, |
58c5fc13 MT |
28220 | if (retval < 0) |
28221 | goto out; | |
28222 | ||
28223 | + if (!gr_tpe_allow(file)) { | |
28224 | + retval = -EACCES; | |
28225 | + goto out; | |
28226 | + } | |
28227 | + | |
28228 | + if (gr_check_crash_exec(file)) { | |
28229 | + retval = -EACCES; | |
28230 | + goto out; | |
28231 | + } | |
28232 | + | |
28233 | + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt); | |
28234 | + | |
28235 | + gr_handle_exec_args(bprm, (char __user * __user *)argv); | |
28236 | + | |
28237 | +#ifdef CONFIG_GRKERNSEC | |
28238 | + old_acl = current->acl; | |
28239 | + memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim)); | |
28240 | + old_exec_file = current->exec_file; | |
28241 | + get_file(file); | |
28242 | + current->exec_file = file; | |
28243 | +#endif | |
28244 | + | |
28245 | + retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt, | |
28246 | + bprm->unsafe & LSM_UNSAFE_SHARE); | |
28247 | + if (retval < 0) | |
28248 | + goto out_fail; | |
28249 | + | |
28250 | retval = search_binary_handler(bprm, regs); | |
28251 | if (retval < 0) | |
28252 | - goto out; | |
28253 | + goto out_fail; | |
28254 | +#ifdef CONFIG_GRKERNSEC | |
28255 | + if (old_exec_file) | |
28256 | + fput(old_exec_file); | |
28257 | +#endif | |
28258 | ||
ae4e228f MT |
28259 | current->stack_start = current->mm->start_stack; |
28260 | ||
28261 | @@ -1541,6 +1583,14 @@ int compat_do_execve(char * filename, | |
58c5fc13 MT |
28262 | put_files_struct(displaced); |
28263 | return retval; | |
28264 | ||
28265 | +out_fail: | |
28266 | +#ifdef CONFIG_GRKERNSEC | |
28267 | + current->acl = old_acl; | |
28268 | + memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim)); | |
28269 | + fput(current->exec_file); | |
28270 | + current->exec_file = old_exec_file; | |
28271 | +#endif | |
28272 | + | |
28273 | out: | |
28274 | if (bprm->mm) | |
28275 | mmput(bprm->mm); | |
ae4e228f MT |
28276 | diff -urNp linux-2.6.33.1/fs/debugfs/inode.c linux-2.6.33.1/fs/debugfs/inode.c |
28277 | --- linux-2.6.33.1/fs/debugfs/inode.c 2010-03-15 12:09:39.000000000 -0400 | |
28278 | +++ linux-2.6.33.1/fs/debugfs/inode.c 2010-03-20 16:58:41.432715858 -0400 | |
28279 | @@ -128,7 +128,7 @@ static inline int debugfs_positive(struc | |
58c5fc13 MT |
28280 | |
28281 | static int debug_fill_super(struct super_block *sb, void *data, int silent) | |
28282 | { | |
28283 | - static struct tree_descr debug_files[] = {{""}}; | |
28284 | + static struct tree_descr debug_files[] = {{"", NULL, 0}}; | |
28285 | ||
28286 | return simple_fill_super(sb, DEBUGFS_MAGIC, debug_files); | |
28287 | } | |
ae4e228f MT |
28288 | diff -urNp linux-2.6.33.1/fs/dlm/lockspace.c linux-2.6.33.1/fs/dlm/lockspace.c |
28289 | --- linux-2.6.33.1/fs/dlm/lockspace.c 2010-03-15 12:09:39.000000000 -0400 | |
28290 | +++ linux-2.6.33.1/fs/dlm/lockspace.c 2010-03-20 16:58:41.444895285 -0400 | |
28291 | @@ -148,7 +148,7 @@ static void lockspace_kobj_release(struc | |
28292 | kfree(ls); | |
58c5fc13 MT |
28293 | } |
28294 | ||
ae4e228f MT |
28295 | -static struct sysfs_ops dlm_attr_ops = { |
28296 | +static const struct sysfs_ops dlm_attr_ops = { | |
28297 | .show = dlm_attr_show, | |
28298 | .store = dlm_attr_store, | |
28299 | }; | |
28300 | diff -urNp linux-2.6.33.1/fs/ecryptfs/inode.c linux-2.6.33.1/fs/ecryptfs/inode.c | |
28301 | --- linux-2.6.33.1/fs/ecryptfs/inode.c 2010-03-15 12:09:39.000000000 -0400 | |
28302 | +++ linux-2.6.33.1/fs/ecryptfs/inode.c 2010-03-20 16:58:41.460901500 -0400 | |
28303 | @@ -685,7 +685,7 @@ ecryptfs_readlink(struct dentry *dentry, | |
28304 | old_fs = get_fs(); | |
28305 | set_fs(get_ds()); | |
28306 | rc = lower_dentry->d_inode->i_op->readlink(lower_dentry, | |
28307 | - (char __user *)lower_buf, | |
28308 | + (__force char __user *)lower_buf, | |
28309 | lower_bufsiz); | |
28310 | set_fs(old_fs); | |
28311 | if (rc >= 0) { | |
28312 | @@ -729,7 +729,7 @@ static void *ecryptfs_follow_link(struct | |
28313 | } | |
28314 | old_fs = get_fs(); | |
28315 | set_fs(get_ds()); | |
28316 | - rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len); | |
28317 | + rc = dentry->d_inode->i_op->readlink(dentry, (__force char __user *)buf, len); | |
28318 | set_fs(old_fs); | |
28319 | if (rc < 0) { | |
28320 | kfree(buf); | |
28321 | @@ -744,7 +744,7 @@ out: | |
28322 | static void | |
28323 | ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr) | |
28324 | { | |
28325 | - char *buf = nd_get_link(nd); | |
28326 | + const char *buf = nd_get_link(nd); | |
28327 | if (!IS_ERR(buf)) { | |
28328 | /* Free the char* */ | |
28329 | kfree(buf); | |
28330 | diff -urNp linux-2.6.33.1/fs/ecryptfs/miscdev.c linux-2.6.33.1/fs/ecryptfs/miscdev.c | |
28331 | --- linux-2.6.33.1/fs/ecryptfs/miscdev.c 2010-03-15 12:09:39.000000000 -0400 | |
28332 | +++ linux-2.6.33.1/fs/ecryptfs/miscdev.c 2010-03-20 16:58:41.460901500 -0400 | |
28333 | @@ -327,7 +327,7 @@ check_list: | |
28334 | goto out_unlock_msg_ctx; | |
28335 | i = 5; | |
28336 | if (msg_ctx->msg) { | |
28337 | - if (copy_to_user(&buf[i], packet_length, packet_length_size)) | |
28338 | + if (packet_length_size > sizeof(packet_length) || copy_to_user(&buf[i], packet_length, packet_length_size)) | |
28339 | goto out_unlock_msg_ctx; | |
28340 | i += packet_length_size; | |
28341 | if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) | |
28342 | diff -urNp linux-2.6.33.1/fs/exec.c linux-2.6.33.1/fs/exec.c | |
28343 | --- linux-2.6.33.1/fs/exec.c 2010-03-15 12:09:39.000000000 -0400 | |
28344 | +++ linux-2.6.33.1/fs/exec.c 2010-03-20 16:58:41.472962075 -0400 | |
58c5fc13 | 28345 | @@ -55,12 +55,24 @@ |
58c5fc13 MT |
28346 | #include <linux/fsnotify.h> |
28347 | #include <linux/fs_struct.h> | |
ae4e228f | 28348 | #include <linux/pipe_fs_i.h> |
58c5fc13 MT |
28349 | +#include <linux/random.h> |
28350 | +#include <linux/seq_file.h> | |
28351 | + | |
28352 | +#ifdef CONFIG_PAX_REFCOUNT | |
28353 | +#include <linux/kallsyms.h> | |
28354 | +#include <linux/kdebug.h> | |
28355 | +#endif | |
28356 | ||
28357 | #include <asm/uaccess.h> | |
28358 | #include <asm/mmu_context.h> | |
28359 | #include <asm/tlb.h> | |
28360 | #include "internal.h" | |
28361 | ||
28362 | +#ifdef CONFIG_PAX_HOOK_ACL_FLAGS | |
28363 | +void (*pax_set_initial_flags_func)(struct linux_binprm *bprm); | |
28364 | +EXPORT_SYMBOL(pax_set_initial_flags_func); | |
28365 | +#endif | |
28366 | + | |
28367 | int core_uses_pid; | |
28368 | char core_pattern[CORENAME_MAX_SIZE] = "core"; | |
ae4e228f MT |
28369 | unsigned int core_pipe_limit; |
28370 | @@ -114,7 +126,7 @@ SYSCALL_DEFINE1(uselib, const char __use | |
58c5fc13 MT |
28371 | goto out; |
28372 | ||
28373 | file = do_filp_open(AT_FDCWD, tmp, | |
28374 | - O_LARGEFILE | O_RDONLY | FMODE_EXEC, 0, | |
28375 | + O_LARGEFILE | O_RDONLY | FMODE_EXEC | FMODE_GREXEC, 0, | |
28376 | MAY_READ | MAY_EXEC | MAY_OPEN); | |
28377 | putname(tmp); | |
28378 | error = PTR_ERR(file); | |
ae4e228f | 28379 | @@ -162,18 +174,10 @@ static struct page *get_arg_page(struct |
58c5fc13 MT |
28380 | int write) |
28381 | { | |
28382 | struct page *page; | |
28383 | - int ret; | |
28384 | ||
28385 | -#ifdef CONFIG_STACK_GROWSUP | |
28386 | - if (write) { | |
28387 | - ret = expand_stack_downwards(bprm->vma, pos); | |
28388 | - if (ret < 0) | |
28389 | - return NULL; | |
28390 | - } | |
28391 | -#endif | |
28392 | - ret = get_user_pages(current, bprm->mm, pos, | |
28393 | - 1, write, 1, &page, NULL); | |
28394 | - if (ret <= 0) | |
28395 | + if (0 > expand_stack_downwards(bprm->vma, pos)) | |
28396 | + return NULL; | |
28397 | + if (0 >= get_user_pages(current, bprm->mm, pos, 1, write, 1, &page, NULL)) | |
28398 | return NULL; | |
28399 | ||
28400 | if (write) { | |
ae4e228f | 28401 | @@ -245,6 +249,11 @@ static int __bprm_mm_init(struct linux_b |
58c5fc13 MT |
28402 | vma->vm_end = STACK_TOP_MAX; |
28403 | vma->vm_start = vma->vm_end - PAGE_SIZE; | |
28404 | vma->vm_flags = VM_STACK_FLAGS; | |
28405 | + | |
28406 | +#ifdef CONFIG_PAX_SEGMEXEC | |
28407 | + vma->vm_flags &= ~(VM_EXEC | VM_MAYEXEC); | |
28408 | +#endif | |
28409 | + | |
28410 | vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); | |
28411 | err = insert_vm_struct(mm, vma); | |
28412 | if (err) | |
ae4e228f | 28413 | @@ -253,6 +262,12 @@ static int __bprm_mm_init(struct linux_b |
58c5fc13 MT |
28414 | mm->stack_vm = mm->total_vm = 1; |
28415 | up_write(&mm->mmap_sem); | |
28416 | bprm->p = vma->vm_end - sizeof(void *); | |
28417 | + | |
28418 | +#ifdef CONFIG_PAX_RANDUSTACK | |
28419 | + if (randomize_va_space) | |
28420 | + bprm->p ^= (pax_get_random_long() & ~15) & ~PAGE_MASK; | |
28421 | +#endif | |
28422 | + | |
28423 | return 0; | |
28424 | err: | |
28425 | up_write(&mm->mmap_sem); | |
ae4e228f MT |
28426 | @@ -474,7 +489,7 @@ int copy_strings_kernel(int argc,char ** |
28427 | int r; | |
28428 | mm_segment_t oldfs = get_fs(); | |
28429 | set_fs(KERNEL_DS); | |
28430 | - r = copy_strings(argc, (char __user * __user *)argv, bprm); | |
28431 | + r = copy_strings(argc, (__force char __user * __user *)argv, bprm); | |
28432 | set_fs(oldfs); | |
28433 | return r; | |
28434 | } | |
28435 | @@ -504,7 +519,8 @@ static int shift_arg_pages(struct vm_are | |
58c5fc13 MT |
28436 | unsigned long new_end = old_end - shift; |
28437 | struct mmu_gather *tlb; | |
28438 | ||
28439 | - BUG_ON(new_start > new_end); | |
28440 | + if (new_start >= new_end || new_start < mmap_min_addr) | |
28441 | + return -EFAULT; | |
28442 | ||
28443 | /* | |
28444 | * ensure there are no vmas between where we want to go | |
ae4e228f | 28445 | @@ -513,6 +529,10 @@ static int shift_arg_pages(struct vm_are |
58c5fc13 MT |
28446 | if (vma != find_vma(mm, new_start)) |
28447 | return -EFAULT; | |
28448 | ||
28449 | +#ifdef CONFIG_PAX_SEGMEXEC | |
28450 | + BUG_ON(pax_find_mirror_vma(vma)); | |
28451 | +#endif | |
28452 | + | |
28453 | /* | |
28454 | * cover the whole range: [new_start, old_end) | |
28455 | */ | |
ae4e228f | 28456 | @@ -604,8 +624,28 @@ int setup_arg_pages(struct linux_binprm |
58c5fc13 MT |
28457 | bprm->exec -= stack_shift; |
28458 | ||
28459 | down_write(&mm->mmap_sem); | |
28460 | + | |
28461 | + /* Move stack pages down in memory. */ | |
28462 | + if (stack_shift) { | |
28463 | + ret = shift_arg_pages(vma, stack_shift); | |
28464 | + if (ret) | |
28465 | + goto out_unlock; | |
28466 | + } | |
28467 | + | |
28468 | vm_flags = VM_STACK_FLAGS; | |
28469 | ||
58c5fc13 MT |
28470 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) |
28471 | + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { | |
28472 | + vm_flags &= ~VM_EXEC; | |
28473 | + | |
28474 | +#ifdef CONFIG_PAX_MPROTECT | |
28475 | + if (mm->pax_flags & MF_PAX_MPROTECT) | |
28476 | + vm_flags &= ~VM_MAYEXEC; | |
28477 | +#endif | |
28478 | + | |
28479 | + } | |
28480 | +#endif | |
28481 | + | |
ae4e228f MT |
28482 | /* |
28483 | * Adjust stack execute permissions; explicitly enable for | |
28484 | * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone | |
28485 | @@ -623,13 +663,6 @@ int setup_arg_pages(struct linux_binprm | |
58c5fc13 MT |
28486 | goto out_unlock; |
28487 | BUG_ON(prev != vma); | |
28488 | ||
28489 | - /* Move stack pages down in memory. */ | |
28490 | - if (stack_shift) { | |
28491 | - ret = shift_arg_pages(vma, stack_shift); | |
ae4e228f MT |
28492 | - if (ret) |
28493 | - goto out_unlock; | |
58c5fc13 MT |
28494 | - } |
28495 | - | |
ae4e228f MT |
28496 | stack_expand = EXTRA_STACK_VM_PAGES * PAGE_SIZE; |
28497 | stack_size = vma->vm_end - vma->vm_start; | |
28498 | /* | |
28499 | @@ -666,7 +699,7 @@ struct file *open_exec(const char *name) | |
58c5fc13 MT |
28500 | int err; |
28501 | ||
28502 | file = do_filp_open(AT_FDCWD, name, | |
28503 | - O_LARGEFILE | O_RDONLY | FMODE_EXEC, 0, | |
28504 | + O_LARGEFILE | O_RDONLY | FMODE_EXEC | FMODE_GREXEC, 0, | |
28505 | MAY_EXEC | MAY_OPEN); | |
28506 | if (IS_ERR(file)) | |
28507 | goto out; | |
ae4e228f MT |
28508 | @@ -703,7 +736,7 @@ int kernel_read(struct file *file, loff_ |
28509 | old_fs = get_fs(); | |
28510 | set_fs(get_ds()); | |
28511 | /* The cast to a user pointer is valid due to the set_fs() */ | |
28512 | - result = vfs_read(file, (void __user *)addr, count, &pos); | |
28513 | + result = vfs_read(file, (__force void __user *)addr, count, &pos); | |
28514 | set_fs(old_fs); | |
28515 | return result; | |
28516 | } | |
28517 | @@ -1120,7 +1153,7 @@ int check_unsafe_exec(struct linux_binpr | |
58c5fc13 MT |
28518 | } |
28519 | rcu_read_unlock(); | |
28520 | ||
28521 | - if (p->fs->users > n_fs) { | |
28522 | + if (atomic_read(&p->fs->users) > n_fs) { | |
28523 | bprm->unsafe |= LSM_UNSAFE_SHARE; | |
28524 | } else { | |
28525 | res = -EAGAIN; | |
ae4e228f | 28526 | @@ -1316,6 +1349,11 @@ int do_execve(char * filename, |
58c5fc13 MT |
28527 | char __user *__user *envp, |
28528 | struct pt_regs * regs) | |
28529 | { | |
28530 | +#ifdef CONFIG_GRKERNSEC | |
28531 | + struct file *old_exec_file; | |
28532 | + struct acl_subject_label *old_acl; | |
28533 | + struct rlimit old_rlim[RLIM_NLIMITS]; | |
28534 | +#endif | |
28535 | struct linux_binprm *bprm; | |
28536 | struct file *file; | |
28537 | struct files_struct *displaced; | |
ae4e228f | 28538 | @@ -1352,6 +1390,18 @@ int do_execve(char * filename, |
58c5fc13 MT |
28539 | bprm->filename = filename; |
28540 | bprm->interp = filename; | |
28541 | ||
28542 | + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->cred->user->processes), 1); | |
28543 | + | |
28544 | + if (gr_handle_nproc()) { | |
28545 | + retval = -EAGAIN; | |
28546 | + goto out_file; | |
28547 | + } | |
28548 | + | |
28549 | + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) { | |
28550 | + retval = -EACCES; | |
28551 | + goto out_file; | |
28552 | + } | |
28553 | + | |
28554 | retval = bprm_mm_init(bprm); | |
28555 | if (retval) | |
28556 | goto out_file; | |
ae4e228f | 28557 | @@ -1381,10 +1431,41 @@ int do_execve(char * filename, |
58c5fc13 MT |
28558 | if (retval < 0) |
28559 | goto out; | |
28560 | ||
28561 | + if (!gr_tpe_allow(file)) { | |
28562 | + retval = -EACCES; | |
28563 | + goto out; | |
28564 | + } | |
28565 | + | |
28566 | + if (gr_check_crash_exec(file)) { | |
28567 | + retval = -EACCES; | |
28568 | + goto out; | |
28569 | + } | |
28570 | + | |
28571 | + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt); | |
28572 | + | |
28573 | + gr_handle_exec_args(bprm, argv); | |
28574 | + | |
28575 | +#ifdef CONFIG_GRKERNSEC | |
28576 | + old_acl = current->acl; | |
28577 | + memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim)); | |
28578 | + old_exec_file = current->exec_file; | |
28579 | + get_file(file); | |
28580 | + current->exec_file = file; | |
28581 | +#endif | |
28582 | + | |
28583 | + retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt, | |
28584 | + bprm->unsafe & LSM_UNSAFE_SHARE); | |
28585 | + if (retval < 0) | |
28586 | + goto out_fail; | |
28587 | + | |
28588 | current->flags &= ~PF_KTHREAD; | |
28589 | retval = search_binary_handler(bprm,regs); | |
28590 | if (retval < 0) | |
28591 | - goto out; | |
28592 | + goto out_fail; | |
28593 | +#ifdef CONFIG_GRKERNSEC | |
28594 | + if (old_exec_file) | |
28595 | + fput(old_exec_file); | |
28596 | +#endif | |
28597 | ||
ae4e228f MT |
28598 | current->stack_start = current->mm->start_stack; |
28599 | ||
28600 | @@ -1397,6 +1478,14 @@ int do_execve(char * filename, | |
58c5fc13 MT |
28601 | put_files_struct(displaced); |
28602 | return retval; | |
28603 | ||
28604 | +out_fail: | |
28605 | +#ifdef CONFIG_GRKERNSEC | |
28606 | + current->acl = old_acl; | |
28607 | + memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim)); | |
28608 | + fput(current->exec_file); | |
28609 | + current->exec_file = old_exec_file; | |
28610 | +#endif | |
28611 | + | |
28612 | out: | |
28613 | if (bprm->mm) | |
28614 | mmput (bprm->mm); | |
ae4e228f | 28615 | @@ -1560,6 +1649,169 @@ out: |
58c5fc13 MT |
28616 | return ispipe; |
28617 | } | |
28618 | ||
28619 | +int pax_check_flags(unsigned long *flags) | |
28620 | +{ | |
28621 | + int retval = 0; | |
28622 | + | |
28623 | +#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_SEGMEXEC) | |
28624 | + if (*flags & MF_PAX_SEGMEXEC) | |
28625 | + { | |
28626 | + *flags &= ~MF_PAX_SEGMEXEC; | |
28627 | + retval = -EINVAL; | |
28628 | + } | |
28629 | +#endif | |
28630 | + | |
28631 | + if ((*flags & MF_PAX_PAGEEXEC) | |
28632 | + | |
28633 | +#ifdef CONFIG_PAX_PAGEEXEC | |
28634 | + && (*flags & MF_PAX_SEGMEXEC) | |
28635 | +#endif | |
28636 | + | |
28637 | + ) | |
28638 | + { | |
28639 | + *flags &= ~MF_PAX_PAGEEXEC; | |
28640 | + retval = -EINVAL; | |
28641 | + } | |
28642 | + | |
28643 | + if ((*flags & MF_PAX_MPROTECT) | |
28644 | + | |
28645 | +#ifdef CONFIG_PAX_MPROTECT | |
28646 | + && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) | |
28647 | +#endif | |
28648 | + | |
28649 | + ) | |
28650 | + { | |
28651 | + *flags &= ~MF_PAX_MPROTECT; | |
28652 | + retval = -EINVAL; | |
28653 | + } | |
28654 | + | |
28655 | + if ((*flags & MF_PAX_EMUTRAMP) | |
28656 | + | |
28657 | +#ifdef CONFIG_PAX_EMUTRAMP | |
28658 | + && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) | |
28659 | +#endif | |
28660 | + | |
28661 | + ) | |
28662 | + { | |
28663 | + *flags &= ~MF_PAX_EMUTRAMP; | |
28664 | + retval = -EINVAL; | |
28665 | + } | |
28666 | + | |
28667 | + return retval; | |
28668 | +} | |
28669 | + | |
28670 | +EXPORT_SYMBOL(pax_check_flags); | |
28671 | + | |
28672 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
28673 | +void pax_report_fault(struct pt_regs *regs, void *pc, void *sp) | |
28674 | +{ | |
28675 | + struct task_struct *tsk = current; | |
28676 | + struct mm_struct *mm = current->mm; | |
28677 | + char *buffer_exec = (char *)__get_free_page(GFP_KERNEL); | |
28678 | + char *buffer_fault = (char *)__get_free_page(GFP_KERNEL); | |
28679 | + char *path_exec = NULL; | |
28680 | + char *path_fault = NULL; | |
28681 | + unsigned long start = 0UL, end = 0UL, offset = 0UL; | |
28682 | + | |
28683 | + if (buffer_exec && buffer_fault) { | |
28684 | + struct vm_area_struct *vma, *vma_exec = NULL, *vma_fault = NULL; | |
28685 | + | |
28686 | + down_read(&mm->mmap_sem); | |
28687 | + vma = mm->mmap; | |
28688 | + while (vma && (!vma_exec || !vma_fault)) { | |
28689 | + if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) | |
28690 | + vma_exec = vma; | |
28691 | + if (vma->vm_start <= (unsigned long)pc && (unsigned long)pc < vma->vm_end) | |
28692 | + vma_fault = vma; | |
28693 | + vma = vma->vm_next; | |
28694 | + } | |
28695 | + if (vma_exec) { | |
28696 | + path_exec = d_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE); | |
28697 | + if (IS_ERR(path_exec)) | |
28698 | + path_exec = "<path too long>"; | |
28699 | + else { | |
28700 | + path_exec = mangle_path(buffer_exec, path_exec, "\t\n\\"); | |
28701 | + if (path_exec) { | |
28702 | + *path_exec = 0; | |
28703 | + path_exec = buffer_exec; | |
28704 | + } else | |
28705 | + path_exec = "<path too long>"; | |
28706 | + } | |
28707 | + } | |
28708 | + if (vma_fault) { | |
28709 | + start = vma_fault->vm_start; | |
28710 | + end = vma_fault->vm_end; | |
28711 | + offset = vma_fault->vm_pgoff << PAGE_SHIFT; | |
28712 | + if (vma_fault->vm_file) { | |
28713 | + path_fault = d_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE); | |
28714 | + if (IS_ERR(path_fault)) | |
28715 | + path_fault = "<path too long>"; | |
28716 | + else { | |
28717 | + path_fault = mangle_path(buffer_fault, path_fault, "\t\n\\"); | |
28718 | + if (path_fault) { | |
28719 | + *path_fault = 0; | |
28720 | + path_fault = buffer_fault; | |
28721 | + } else | |
28722 | + path_fault = "<path too long>"; | |
28723 | + } | |
28724 | + } else | |
28725 | + path_fault = "<anonymous mapping>"; | |
28726 | + } | |
28727 | + up_read(&mm->mmap_sem); | |
28728 | + } | |
28729 | + if (tsk->signal->curr_ip) | |
ae4e228f | 28730 | + printk(KERN_ERR "PAX: From %pI4: execution attempt in: %s, %08lx-%08lx %08lx\n", &tsk->signal->curr_ip, path_fault, start, end, offset); |
58c5fc13 MT |
28731 | + else |
28732 | + printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset); | |
28733 | + printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, " | |
28734 | + "PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk), | |
28735 | + task_uid(tsk), task_euid(tsk), pc, sp); | |
28736 | + free_page((unsigned long)buffer_exec); | |
28737 | + free_page((unsigned long)buffer_fault); | |
28738 | + pax_report_insns(pc, sp); | |
28739 | + do_coredump(SIGKILL, SIGKILL, regs); | |
28740 | +} | |
28741 | +#endif | |
28742 | + | |
28743 | +#ifdef CONFIG_PAX_REFCOUNT | |
28744 | +void pax_report_refcount_overflow(struct pt_regs *regs) | |
28745 | +{ | |
28746 | + if (current->signal->curr_ip) | |
ae4e228f MT |
28747 | + printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", |
28748 | + ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid()); | |
58c5fc13 MT |
28749 | + else |
28750 | + printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", | |
28751 | + current->comm, task_pid_nr(current), current_uid(), current_euid()); | |
28752 | + print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); | |
28753 | + show_regs(regs); | |
ae4e228f | 28754 | + force_sig_info(SIGKILL, SEND_SIG_FORCED, current); |
58c5fc13 MT |
28755 | +} |
28756 | +#endif | |
28757 | + | |
28758 | +#ifdef CONFIG_PAX_USERCOPY | |
28759 | +void pax_report_leak_to_user(const void *ptr, unsigned long len) | |
28760 | +{ | |
28761 | + if (current->signal->curr_ip) | |
ae4e228f MT |
28762 | + printk(KERN_ERR "PAX: From %pI4: kernel memory leak attempt detected from %p (%lu bytes)\n", |
28763 | + ¤t->signal->curr_ip, ptr, len); | |
58c5fc13 MT |
28764 | + else |
28765 | + printk(KERN_ERR "PAX: kernel memory leak attempt detected from %p (%lu bytes)\n", ptr, len); | |
28766 | + dump_stack(); | |
28767 | + do_group_exit(SIGKILL); | |
28768 | +} | |
28769 | + | |
28770 | +void pax_report_overflow_from_user(const void *ptr, unsigned long len) | |
28771 | +{ | |
ae4e228f MT |
28772 | + if (current->signal->curr_ip) |
28773 | + printk(KERN_ERR "PAX: From %pI4: kernel memory overflow attempt detected to %p (%lu bytes)\n", | |
28774 | + ¤t->signal->curr_ip, ptr, len); | |
28775 | + else | |
28776 | + printk(KERN_ERR "PAX: kernel memory overflow attempt detected to %p (%lu bytes)\n", ptr, len); | |
58c5fc13 MT |
28777 | + dump_stack(); |
28778 | + do_group_exit(SIGKILL); | |
28779 | +} | |
28780 | +#endif | |
28781 | + | |
28782 | static int zap_process(struct task_struct *start) | |
28783 | { | |
28784 | struct task_struct *t; | |
ae4e228f MT |
28785 | @@ -1762,17 +2014,17 @@ static void wait_for_dump_helpers(struct |
28786 | pipe = file->f_path.dentry->d_inode->i_pipe; | |
28787 | ||
28788 | pipe_lock(pipe); | |
28789 | - pipe->readers++; | |
28790 | - pipe->writers--; | |
28791 | + atomic_inc(&pipe->readers); | |
28792 | + atomic_dec(&pipe->writers); | |
28793 | ||
28794 | - while ((pipe->readers > 1) && (!signal_pending(current))) { | |
28795 | + while ((atomic_read(&pipe->readers) > 1) && (!signal_pending(current))) { | |
28796 | wake_up_interruptible_sync(&pipe->wait); | |
28797 | kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); | |
28798 | pipe_wait(pipe); | |
28799 | } | |
28800 | ||
28801 | - pipe->readers--; | |
28802 | - pipe->writers++; | |
28803 | + atomic_dec(&pipe->readers); | |
28804 | + atomic_inc(&pipe->writers); | |
28805 | pipe_unlock(pipe); | |
28806 | ||
28807 | } | |
28808 | @@ -1846,6 +2098,10 @@ void do_coredump(long signr, int exit_co | |
58c5fc13 MT |
28809 | */ |
28810 | clear_thread_flag(TIF_SIGPENDING); | |
28811 | ||
28812 | + if (signr == SIGKILL || signr == SIGILL) | |
28813 | + gr_handle_brute_attach(current); | |
28814 | + gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1); | |
28815 | + | |
28816 | /* | |
28817 | * lock_kernel() because format_corename() is controlled by sysctl, which | |
28818 | * uses lock_kernel() | |
ae4e228f MT |
28819 | diff -urNp linux-2.6.33.1/fs/ext2/balloc.c linux-2.6.33.1/fs/ext2/balloc.c |
28820 | --- linux-2.6.33.1/fs/ext2/balloc.c 2010-03-15 12:09:39.000000000 -0400 | |
28821 | +++ linux-2.6.33.1/fs/ext2/balloc.c 2010-03-20 16:58:41.476618429 -0400 | |
58c5fc13 MT |
28822 | @@ -1192,7 +1192,7 @@ static int ext2_has_free_blocks(struct e |
28823 | ||
28824 | free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); | |
28825 | root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); | |
28826 | - if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && | |
28827 | + if (free_blocks < root_blocks + 1 && !capable_nolog(CAP_SYS_RESOURCE) && | |
28828 | sbi->s_resuid != current_fsuid() && | |
28829 | (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { | |
28830 | return 0; | |
ae4e228f MT |
28831 | diff -urNp linux-2.6.33.1/fs/ext3/balloc.c linux-2.6.33.1/fs/ext3/balloc.c |
28832 | --- linux-2.6.33.1/fs/ext3/balloc.c 2010-03-15 12:09:39.000000000 -0400 | |
28833 | +++ linux-2.6.33.1/fs/ext3/balloc.c 2010-03-20 16:58:41.484909301 -0400 | |
58c5fc13 MT |
28834 | @@ -1421,7 +1421,7 @@ static int ext3_has_free_blocks(struct e |
28835 | ||
28836 | free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); | |
28837 | root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); | |
28838 | - if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && | |
28839 | + if (free_blocks < root_blocks + 1 && !capable_nolog(CAP_SYS_RESOURCE) && | |
28840 | sbi->s_resuid != current_fsuid() && | |
28841 | (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { | |
28842 | return 0; | |
ae4e228f MT |
28843 | diff -urNp linux-2.6.33.1/fs/ext3/namei.c linux-2.6.33.1/fs/ext3/namei.c |
28844 | --- linux-2.6.33.1/fs/ext3/namei.c 2010-03-15 12:09:39.000000000 -0400 | |
28845 | +++ linux-2.6.33.1/fs/ext3/namei.c 2010-03-20 16:58:41.496970241 -0400 | |
58c5fc13 MT |
28846 | @@ -1168,7 +1168,7 @@ static struct ext3_dir_entry_2 *do_split |
28847 | char *data1 = (*bh)->b_data, *data2; | |
28848 | unsigned split, move, size; | |
28849 | struct ext3_dir_entry_2 *de = NULL, *de2; | |
28850 | - int err = 0, i; | |
28851 | + int i, err = 0; | |
28852 | ||
28853 | bh2 = ext3_append (handle, dir, &newblock, &err); | |
28854 | if (!(bh2)) { | |
ae4e228f MT |
28855 | diff -urNp linux-2.6.33.1/fs/ext3/xattr.c linux-2.6.33.1/fs/ext3/xattr.c |
28856 | --- linux-2.6.33.1/fs/ext3/xattr.c 2010-03-15 12:09:39.000000000 -0400 | |
28857 | +++ linux-2.6.33.1/fs/ext3/xattr.c 2010-03-20 16:58:41.500911319 -0400 | |
58c5fc13 MT |
28858 | @@ -89,8 +89,8 @@ |
28859 | printk("\n"); \ | |
28860 | } while (0) | |
28861 | #else | |
28862 | -# define ea_idebug(f...) | |
28863 | -# define ea_bdebug(f...) | |
28864 | +# define ea_idebug(f...) do {} while (0) | |
28865 | +# define ea_bdebug(f...) do {} while (0) | |
28866 | #endif | |
28867 | ||
28868 | static void ext3_xattr_cache_insert(struct buffer_head *); | |
ae4e228f MT |
28869 | diff -urNp linux-2.6.33.1/fs/ext4/balloc.c linux-2.6.33.1/fs/ext4/balloc.c |
28870 | --- linux-2.6.33.1/fs/ext4/balloc.c 2010-03-15 12:09:39.000000000 -0400 | |
28871 | +++ linux-2.6.33.1/fs/ext4/balloc.c 2010-03-20 16:58:41.500911319 -0400 | |
28872 | @@ -535,7 +535,7 @@ int ext4_has_free_blocks(struct ext4_sb_ | |
58c5fc13 MT |
28873 | /* Hm, nope. Are (enough) root reserved blocks available? */ |
28874 | if (sbi->s_resuid == current_fsuid() || | |
28875 | ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) || | |
28876 | - capable(CAP_SYS_RESOURCE)) { | |
28877 | + capable_nolog(CAP_SYS_RESOURCE)) { | |
28878 | if (free_blocks >= (nblocks + dirty_blocks)) | |
28879 | return 1; | |
28880 | } | |
ae4e228f MT |
28881 | diff -urNp linux-2.6.33.1/fs/ext4/ioctl.c linux-2.6.33.1/fs/ext4/ioctl.c |
28882 | --- linux-2.6.33.1/fs/ext4/ioctl.c 2010-03-15 12:09:39.000000000 -0400 | |
28883 | +++ linux-2.6.33.1/fs/ext4/ioctl.c 2010-03-20 16:58:41.500911319 -0400 | |
28884 | @@ -221,6 +221,9 @@ setversion_out: | |
28885 | struct file *donor_filp; | |
28886 | int err; | |
28887 | ||
28888 | + /* temporary workaround for bugs in here */ | |
28889 | + return -EOPNOTSUPP; | |
28890 | + | |
28891 | if (!(filp->f_mode & FMODE_READ) || | |
28892 | !(filp->f_mode & FMODE_WRITE)) | |
28893 | return -EBADF; | |
28894 | diff -urNp linux-2.6.33.1/fs/ext4/namei.c linux-2.6.33.1/fs/ext4/namei.c | |
28895 | --- linux-2.6.33.1/fs/ext4/namei.c 2010-03-15 12:09:39.000000000 -0400 | |
28896 | +++ linux-2.6.33.1/fs/ext4/namei.c 2010-03-20 16:58:41.504537056 -0400 | |
58c5fc13 MT |
28897 | @@ -1203,7 +1203,7 @@ static struct ext4_dir_entry_2 *do_split |
28898 | char *data1 = (*bh)->b_data, *data2; | |
28899 | unsigned split, move, size; | |
28900 | struct ext4_dir_entry_2 *de = NULL, *de2; | |
28901 | - int err = 0, i; | |
28902 | + int i, err = 0; | |
28903 | ||
28904 | bh2 = ext4_append (handle, dir, &newblock, &err); | |
28905 | if (!(bh2)) { | |
ae4e228f MT |
28906 | diff -urNp linux-2.6.33.1/fs/ext4/super.c linux-2.6.33.1/fs/ext4/super.c |
28907 | --- linux-2.6.33.1/fs/ext4/super.c 2010-03-15 12:09:39.000000000 -0400 | |
28908 | +++ linux-2.6.33.1/fs/ext4/super.c 2010-03-20 16:58:41.512931908 -0400 | |
28909 | @@ -2292,7 +2292,7 @@ static void ext4_sb_release(struct kobje | |
28910 | } | |
28911 | ||
28912 | ||
28913 | -static struct sysfs_ops ext4_attr_ops = { | |
28914 | +static const struct sysfs_ops ext4_attr_ops = { | |
28915 | .show = ext4_attr_show, | |
28916 | .store = ext4_attr_store, | |
28917 | }; | |
28918 | diff -urNp linux-2.6.33.1/fs/fcntl.c linux-2.6.33.1/fs/fcntl.c | |
28919 | --- linux-2.6.33.1/fs/fcntl.c 2010-03-15 12:09:39.000000000 -0400 | |
28920 | +++ linux-2.6.33.1/fs/fcntl.c 2010-03-20 16:58:41.516920875 -0400 | |
28921 | @@ -344,6 +344,7 @@ static long do_fcntl(int fd, unsigned in | |
58c5fc13 MT |
28922 | switch (cmd) { |
28923 | case F_DUPFD: | |
28924 | case F_DUPFD_CLOEXEC: | |
28925 | + gr_learn_resource(current, RLIMIT_NOFILE, arg, 0); | |
28926 | if (arg >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur) | |
28927 | break; | |
28928 | err = alloc_fd(arg, cmd == F_DUPFD_CLOEXEC ? O_CLOEXEC : 0); | |
ae4e228f | 28929 | @@ -500,7 +501,8 @@ static inline int sigio_perm(struct task |
58c5fc13 MT |
28930 | ret = ((fown->euid == 0 || |
28931 | fown->euid == cred->suid || fown->euid == cred->uid || | |
28932 | fown->uid == cred->suid || fown->uid == cred->uid) && | |
28933 | - !security_file_send_sigiotask(p, fown, sig)); | |
28934 | + !security_file_send_sigiotask(p, fown, sig) && | |
28935 | + !gr_check_protected_task(p) && !gr_pid_is_chrooted(p)); | |
28936 | rcu_read_unlock(); | |
28937 | return ret; | |
28938 | } | |
ae4e228f MT |
28939 | diff -urNp linux-2.6.33.1/fs/fifo.c linux-2.6.33.1/fs/fifo.c |
28940 | --- linux-2.6.33.1/fs/fifo.c 2010-03-15 12:09:39.000000000 -0400 | |
28941 | +++ linux-2.6.33.1/fs/fifo.c 2010-03-20 16:58:41.516920875 -0400 | |
28942 | @@ -59,10 +59,10 @@ static int fifo_open(struct inode *inode | |
28943 | */ | |
28944 | filp->f_op = &read_pipefifo_fops; | |
28945 | pipe->r_counter++; | |
28946 | - if (pipe->readers++ == 0) | |
28947 | + if (atomic_inc_return(&pipe->readers) == 1) | |
28948 | wake_up_partner(inode); | |
28949 | ||
28950 | - if (!pipe->writers) { | |
28951 | + if (!atomic_read(&pipe->writers)) { | |
28952 | if ((filp->f_flags & O_NONBLOCK)) { | |
28953 | /* suppress POLLHUP until we have | |
28954 | * seen a writer */ | |
28955 | @@ -83,15 +83,15 @@ static int fifo_open(struct inode *inode | |
28956 | * errno=ENXIO when there is no process reading the FIFO. | |
28957 | */ | |
28958 | ret = -ENXIO; | |
28959 | - if ((filp->f_flags & O_NONBLOCK) && !pipe->readers) | |
28960 | + if ((filp->f_flags & O_NONBLOCK) && !atomic_read(&pipe->readers)) | |
28961 | goto err; | |
28962 | ||
28963 | filp->f_op = &write_pipefifo_fops; | |
28964 | pipe->w_counter++; | |
28965 | - if (!pipe->writers++) | |
28966 | + if (atomic_inc_return(&pipe->writers) == 1) | |
28967 | wake_up_partner(inode); | |
28968 | ||
28969 | - if (!pipe->readers) { | |
28970 | + if (!atomic_read(&pipe->readers)) { | |
28971 | wait_for_partner(inode, &pipe->r_counter); | |
28972 | if (signal_pending(current)) | |
28973 | goto err_wr; | |
28974 | @@ -107,11 +107,11 @@ static int fifo_open(struct inode *inode | |
28975 | */ | |
28976 | filp->f_op = &rdwr_pipefifo_fops; | |
28977 | ||
28978 | - pipe->readers++; | |
28979 | - pipe->writers++; | |
28980 | + atomic_inc(&pipe->readers); | |
28981 | + atomic_inc(&pipe->writers); | |
28982 | pipe->r_counter++; | |
28983 | pipe->w_counter++; | |
28984 | - if (pipe->readers == 1 || pipe->writers == 1) | |
28985 | + if (atomic_read(&pipe->readers) == 1 || atomic_read(&pipe->writers) == 1) | |
28986 | wake_up_partner(inode); | |
28987 | break; | |
28988 | ||
28989 | @@ -125,19 +125,19 @@ static int fifo_open(struct inode *inode | |
28990 | return 0; | |
28991 | ||
28992 | err_rd: | |
28993 | - if (!--pipe->readers) | |
28994 | + if (atomic_dec_and_test(&pipe->readers)) | |
28995 | wake_up_interruptible(&pipe->wait); | |
28996 | ret = -ERESTARTSYS; | |
28997 | goto err; | |
28998 | ||
28999 | err_wr: | |
29000 | - if (!--pipe->writers) | |
29001 | + if (atomic_dec_and_test(&pipe->writers)) | |
29002 | wake_up_interruptible(&pipe->wait); | |
29003 | ret = -ERESTARTSYS; | |
29004 | goto err; | |
29005 | ||
29006 | err: | |
29007 | - if (!pipe->readers && !pipe->writers) | |
29008 | + if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) | |
29009 | free_pipe_info(inode); | |
29010 | ||
29011 | err_nocleanup: | |
29012 | diff -urNp linux-2.6.33.1/fs/file.c linux-2.6.33.1/fs/file.c | |
29013 | --- linux-2.6.33.1/fs/file.c 2010-03-15 12:09:39.000000000 -0400 | |
29014 | +++ linux-2.6.33.1/fs/file.c 2010-03-20 16:58:41.516920875 -0400 | |
29015 | @@ -14,6 +14,7 @@ | |
58c5fc13 MT |
29016 | #include <linux/slab.h> |
29017 | #include <linux/vmalloc.h> | |
29018 | #include <linux/file.h> | |
29019 | +#include <linux/security.h> | |
29020 | #include <linux/fdtable.h> | |
29021 | #include <linux/bitops.h> | |
29022 | #include <linux/interrupt.h> | |
ae4e228f | 29023 | @@ -257,6 +258,8 @@ int expand_files(struct files_struct *fi |
58c5fc13 MT |
29024 | * N.B. For clone tasks sharing a files structure, this test |
29025 | * will limit the total number of files that can be opened. | |
29026 | */ | |
29027 | + | |
29028 | + gr_learn_resource(current, RLIMIT_NOFILE, nr, 0); | |
29029 | if (nr >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur) | |
29030 | return -EMFILE; | |
29031 | ||
ae4e228f MT |
29032 | diff -urNp linux-2.6.33.1/fs/fs_struct.c linux-2.6.33.1/fs/fs_struct.c |
29033 | --- linux-2.6.33.1/fs/fs_struct.c 2010-03-15 12:09:39.000000000 -0400 | |
29034 | +++ linux-2.6.33.1/fs/fs_struct.c 2010-03-20 16:58:41.516920875 -0400 | |
29035 | @@ -45,10 +45,12 @@ void chroot_fs_refs(struct path *old_roo | |
29036 | struct task_struct *g, *p; | |
29037 | struct fs_struct *fs; | |
29038 | int count = 0; | |
29039 | + unsigned long flags; | |
29040 | ||
29041 | read_lock(&tasklist_lock); | |
29042 | do_each_thread(g, p) { | |
29043 | task_lock(p); | |
29044 | + gr_fs_write_lock_irqsave(p, flags); | |
29045 | fs = p->fs; | |
29046 | if (fs) { | |
29047 | write_lock(&fs->lock); | |
29048 | @@ -66,6 +68,7 @@ void chroot_fs_refs(struct path *old_roo | |
29049 | } | |
29050 | write_unlock(&fs->lock); | |
29051 | } | |
29052 | + gr_fs_write_unlock_irqrestore(p, flags); | |
29053 | task_unlock(p); | |
29054 | } while_each_thread(g, p); | |
29055 | read_unlock(&tasklist_lock); | |
29056 | @@ -83,14 +86,17 @@ void free_fs_struct(struct fs_struct *fs | |
29057 | void exit_fs(struct task_struct *tsk) | |
29058 | { | |
29059 | struct fs_struct *fs = tsk->fs; | |
29060 | + unsigned long flags; | |
29061 | ||
29062 | if (fs) { | |
29063 | int kill; | |
58c5fc13 | 29064 | task_lock(tsk); |
ae4e228f | 29065 | + gr_fs_write_lock_irqsave(tsk, flags); |
58c5fc13 MT |
29066 | write_lock(&fs->lock); |
29067 | tsk->fs = NULL; | |
29068 | - kill = !--fs->users; | |
29069 | + kill = !atomic_dec_return(&fs->users); | |
29070 | write_unlock(&fs->lock); | |
ae4e228f | 29071 | + gr_fs_write_unlock_irqrestore(tsk, flags); |
58c5fc13 MT |
29072 | task_unlock(tsk); |
29073 | if (kill) | |
ae4e228f MT |
29074 | free_fs_struct(fs); |
29075 | @@ -102,7 +108,7 @@ struct fs_struct *copy_fs_struct(struct | |
58c5fc13 MT |
29076 | struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL); |
29077 | /* We don't need to lock fs - think why ;-) */ | |
29078 | if (fs) { | |
29079 | - fs->users = 1; | |
29080 | + atomic_set(&fs->users, 1); | |
29081 | fs->in_exec = 0; | |
29082 | rwlock_init(&fs->lock); | |
29083 | fs->umask = old->umask; | |
ae4e228f MT |
29084 | @@ -121,15 +127,18 @@ int unshare_fs_struct(void) |
29085 | struct fs_struct *fs = current->fs; | |
29086 | struct fs_struct *new_fs = copy_fs_struct(fs); | |
29087 | int kill; | |
29088 | + unsigned long flags; | |
29089 | ||
29090 | if (!new_fs) | |
29091 | return -ENOMEM; | |
58c5fc13 MT |
29092 | |
29093 | task_lock(current); | |
ae4e228f | 29094 | + gr_fs_write_lock_irqsave(current, flags); |
58c5fc13 MT |
29095 | write_lock(&fs->lock); |
29096 | - kill = !--fs->users; | |
29097 | + kill = !atomic_dec_return(&fs->users); | |
29098 | current->fs = new_fs; | |
29099 | write_unlock(&fs->lock); | |
ae4e228f | 29100 | + gr_fs_write_unlock_irqrestore(current, flags); |
58c5fc13 | 29101 | task_unlock(current); |
ae4e228f MT |
29102 | |
29103 | if (kill) | |
29104 | @@ -147,7 +156,7 @@ EXPORT_SYMBOL(current_umask); | |
58c5fc13 MT |
29105 | |
29106 | /* to be mentioned only in INIT_TASK */ | |
29107 | struct fs_struct init_fs = { | |
29108 | - .users = 1, | |
29109 | + .users = ATOMIC_INIT(1), | |
29110 | .lock = __RW_LOCK_UNLOCKED(init_fs.lock), | |
29111 | .umask = 0022, | |
29112 | }; | |
ae4e228f MT |
29113 | @@ -155,6 +164,7 @@ struct fs_struct init_fs = { |
29114 | void daemonize_fs_struct(void) | |
29115 | { | |
29116 | struct fs_struct *fs = current->fs; | |
29117 | + unsigned long flags; | |
29118 | ||
29119 | if (fs) { | |
29120 | int kill; | |
29121 | @@ -162,13 +172,15 @@ void daemonize_fs_struct(void) | |
58c5fc13 MT |
29122 | task_lock(current); |
29123 | ||
29124 | write_lock(&init_fs.lock); | |
29125 | - init_fs.users++; | |
29126 | + atomic_inc(&init_fs.users); | |
29127 | write_unlock(&init_fs.lock); | |
29128 | ||
ae4e228f | 29129 | + gr_fs_write_lock_irqsave(current, flags); |
58c5fc13 MT |
29130 | write_lock(&fs->lock); |
29131 | current->fs = &init_fs; | |
29132 | - kill = !--fs->users; | |
29133 | + kill = !atomic_dec_return(&fs->users); | |
29134 | write_unlock(&fs->lock); | |
ae4e228f | 29135 | + gr_fs_write_unlock_irqrestore(current, flags); |
58c5fc13 MT |
29136 | |
29137 | task_unlock(current); | |
ae4e228f MT |
29138 | if (kill) |
29139 | diff -urNp linux-2.6.33.1/fs/fuse/control.c linux-2.6.33.1/fs/fuse/control.c | |
29140 | --- linux-2.6.33.1/fs/fuse/control.c 2010-03-15 12:09:39.000000000 -0400 | |
29141 | +++ linux-2.6.33.1/fs/fuse/control.c 2010-03-20 16:58:41.520615009 -0400 | |
29142 | @@ -293,7 +293,7 @@ void fuse_ctl_remove_conn(struct fuse_co | |
58c5fc13 MT |
29143 | |
29144 | static int fuse_ctl_fill_super(struct super_block *sb, void *data, int silent) | |
29145 | { | |
29146 | - struct tree_descr empty_descr = {""}; | |
29147 | + struct tree_descr empty_descr = {"", NULL, 0}; | |
29148 | struct fuse_conn *fc; | |
29149 | int err; | |
29150 | ||
ae4e228f MT |
29151 | diff -urNp linux-2.6.33.1/fs/fuse/cuse.c linux-2.6.33.1/fs/fuse/cuse.c |
29152 | --- linux-2.6.33.1/fs/fuse/cuse.c 2010-03-15 12:09:39.000000000 -0400 | |
29153 | +++ linux-2.6.33.1/fs/fuse/cuse.c 2010-03-20 16:58:41.520615009 -0400 | |
29154 | @@ -528,8 +528,18 @@ static int cuse_channel_release(struct i | |
29155 | return rc; | |
29156 | } | |
29157 | ||
29158 | -static struct file_operations cuse_channel_fops; /* initialized during init */ | |
29159 | - | |
29160 | +static const struct file_operations cuse_channel_fops = { /* initialized during init */ | |
29161 | + .owner = THIS_MODULE, | |
29162 | + .llseek = no_llseek, | |
29163 | + .read = do_sync_read, | |
29164 | + .aio_read = fuse_dev_read, | |
29165 | + .write = do_sync_write, | |
29166 | + .aio_write = fuse_dev_write, | |
29167 | + .poll = fuse_dev_poll, | |
29168 | + .open = cuse_channel_open, | |
29169 | + .release = cuse_channel_release, | |
29170 | + .fasync = fuse_dev_fasync, | |
29171 | +}; | |
29172 | ||
29173 | /************************************************************************** | |
29174 | * Misc stuff and module initializatiion | |
29175 | @@ -575,12 +585,6 @@ static int __init cuse_init(void) | |
29176 | for (i = 0; i < CUSE_CONNTBL_LEN; i++) | |
29177 | INIT_LIST_HEAD(&cuse_conntbl[i]); | |
29178 | ||
29179 | - /* inherit and extend fuse_dev_operations */ | |
29180 | - cuse_channel_fops = fuse_dev_operations; | |
29181 | - cuse_channel_fops.owner = THIS_MODULE; | |
29182 | - cuse_channel_fops.open = cuse_channel_open; | |
29183 | - cuse_channel_fops.release = cuse_channel_release; | |
29184 | - | |
29185 | cuse_class = class_create(THIS_MODULE, "cuse"); | |
29186 | if (IS_ERR(cuse_class)) | |
29187 | return PTR_ERR(cuse_class); | |
29188 | diff -urNp linux-2.6.33.1/fs/fuse/dev.c linux-2.6.33.1/fs/fuse/dev.c | |
29189 | --- linux-2.6.33.1/fs/fuse/dev.c 2010-03-15 12:09:39.000000000 -0400 | |
29190 | +++ linux-2.6.33.1/fs/fuse/dev.c 2010-03-20 16:58:41.524892399 -0400 | |
29191 | @@ -745,7 +745,7 @@ __releases(&fc->lock) | |
29192 | * request_end(). Otherwise add it to the processing list, and set | |
29193 | * the 'sent' flag. | |
29194 | */ | |
29195 | -static ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov, | |
29196 | +ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov, | |
29197 | unsigned long nr_segs, loff_t pos) | |
29198 | { | |
29199 | int err; | |
29200 | @@ -828,6 +828,8 @@ static ssize_t fuse_dev_read(struct kioc | |
29201 | return err; | |
29202 | } | |
29203 | ||
29204 | +EXPORT_SYMBOL_GPL(fuse_dev_read); | |
29205 | + | |
29206 | static int fuse_notify_poll(struct fuse_conn *fc, unsigned int size, | |
29207 | struct fuse_copy_state *cs) | |
29208 | { | |
29209 | @@ -885,7 +887,7 @@ static int fuse_notify_inval_entry(struc | |
58c5fc13 MT |
29210 | { |
29211 | struct fuse_notify_inval_entry_out outarg; | |
29212 | int err = -EINVAL; | |
29213 | - char buf[FUSE_NAME_MAX+1]; | |
29214 | + char *buf = NULL; | |
29215 | struct qstr name; | |
29216 | ||
29217 | if (size < sizeof(outarg)) | |
ae4e228f | 29218 | @@ -899,6 +901,11 @@ static int fuse_notify_inval_entry(struc |
58c5fc13 MT |
29219 | if (outarg.namelen > FUSE_NAME_MAX) |
29220 | goto err; | |
29221 | ||
29222 | + err = -ENOMEM; | |
29223 | + buf = kmalloc(FUSE_NAME_MAX+1, GFP_KERNEL); | |
29224 | + if (!buf) | |
29225 | + goto err; | |
29226 | + | |
29227 | name.name = buf; | |
29228 | name.len = outarg.namelen; | |
29229 | err = fuse_copy_one(cs, buf, outarg.namelen + 1); | |
ae4e228f | 29230 | @@ -910,17 +917,15 @@ static int fuse_notify_inval_entry(struc |
58c5fc13 MT |
29231 | |
29232 | down_read(&fc->killsb); | |
29233 | err = -ENOENT; | |
29234 | - if (!fc->sb) | |
29235 | - goto err_unlock; | |
29236 | - | |
29237 | - err = fuse_reverse_inval_entry(fc->sb, outarg.parent, &name); | |
29238 | - | |
29239 | -err_unlock: | |
29240 | + if (fc->sb) | |
29241 | + err = fuse_reverse_inval_entry(fc->sb, outarg.parent, &name); | |
29242 | up_read(&fc->killsb); | |
29243 | + kfree(buf); | |
29244 | return err; | |
29245 | ||
29246 | err: | |
29247 | fuse_copy_finish(cs); | |
29248 | + kfree(buf); | |
29249 | return err; | |
29250 | } | |
29251 | ||
ae4e228f MT |
29252 | @@ -987,7 +992,7 @@ static int copy_out_args(struct fuse_cop |
29253 | * it from the list and copy the rest of the buffer to the request. | |
29254 | * The request is finished by calling request_end() | |
29255 | */ | |
29256 | -static ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov, | |
29257 | +ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov, | |
29258 | unsigned long nr_segs, loff_t pos) | |
29259 | { | |
29260 | int err; | |
29261 | @@ -1084,7 +1089,9 @@ static ssize_t fuse_dev_write(struct kio | |
29262 | return err; | |
29263 | } | |
29264 | ||
29265 | -static unsigned fuse_dev_poll(struct file *file, poll_table *wait) | |
29266 | +EXPORT_SYMBOL_GPL(fuse_dev_write); | |
29267 | + | |
29268 | +unsigned fuse_dev_poll(struct file *file, poll_table *wait) | |
29269 | { | |
29270 | unsigned mask = POLLOUT | POLLWRNORM; | |
29271 | struct fuse_conn *fc = fuse_get_conn(file); | |
29272 | @@ -1103,6 +1110,8 @@ static unsigned fuse_dev_poll(struct fil | |
29273 | return mask; | |
29274 | } | |
29275 | ||
29276 | +EXPORT_SYMBOL_GPL(fuse_dev_poll); | |
29277 | + | |
29278 | /* | |
29279 | * Abort all requests on the given list (pending or processing) | |
29280 | * | |
29281 | @@ -1210,7 +1219,7 @@ int fuse_dev_release(struct inode *inode | |
29282 | } | |
29283 | EXPORT_SYMBOL_GPL(fuse_dev_release); | |
29284 | ||
29285 | -static int fuse_dev_fasync(int fd, struct file *file, int on) | |
29286 | +int fuse_dev_fasync(int fd, struct file *file, int on) | |
29287 | { | |
29288 | struct fuse_conn *fc = fuse_get_conn(file); | |
29289 | if (!fc) | |
29290 | @@ -1220,6 +1229,8 @@ static int fuse_dev_fasync(int fd, struc | |
29291 | return fasync_helper(fd, file, on, &fc->fasync); | |
29292 | } | |
29293 | ||
29294 | +EXPORT_SYMBOL_GPL(fuse_dev_fasync); | |
29295 | + | |
29296 | const struct file_operations fuse_dev_operations = { | |
29297 | .owner = THIS_MODULE, | |
29298 | .llseek = no_llseek, | |
29299 | diff -urNp linux-2.6.33.1/fs/fuse/dir.c linux-2.6.33.1/fs/fuse/dir.c | |
29300 | --- linux-2.6.33.1/fs/fuse/dir.c 2010-03-15 12:09:39.000000000 -0400 | |
29301 | +++ linux-2.6.33.1/fs/fuse/dir.c 2010-03-20 16:58:41.528872982 -0400 | |
29302 | @@ -1127,7 +1127,7 @@ static char *read_link(struct dentry *de | |
58c5fc13 MT |
29303 | return link; |
29304 | } | |
29305 | ||
29306 | -static void free_link(char *link) | |
29307 | +static void free_link(const char *link) | |
29308 | { | |
29309 | if (!IS_ERR(link)) | |
29310 | free_page((unsigned long) link); | |
ae4e228f MT |
29311 | diff -urNp linux-2.6.33.1/fs/fuse/fuse_i.h linux-2.6.33.1/fs/fuse/fuse_i.h |
29312 | --- linux-2.6.33.1/fs/fuse/fuse_i.h 2010-03-15 12:09:39.000000000 -0400 | |
29313 | +++ linux-2.6.33.1/fs/fuse/fuse_i.h 2010-03-20 16:58:41.532912913 -0400 | |
29314 | @@ -521,6 +521,16 @@ extern const struct file_operations fuse | |
29315 | ||
29316 | extern const struct dentry_operations fuse_dentry_operations; | |
29317 | ||
29318 | +extern ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov, | |
29319 | + unsigned long nr_segs, loff_t pos); | |
29320 | + | |
29321 | +extern ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov, | |
29322 | + unsigned long nr_segs, loff_t pos); | |
29323 | + | |
29324 | +extern unsigned fuse_dev_poll(struct file *file, poll_table *wait); | |
29325 | + | |
29326 | +extern int fuse_dev_fasync(int fd, struct file *file, int on); | |
29327 | + | |
29328 | /** | |
29329 | * Inode to nodeid comparison. | |
29330 | */ | |
29331 | diff -urNp linux-2.6.33.1/fs/gfs2/sys.c linux-2.6.33.1/fs/gfs2/sys.c | |
29332 | --- linux-2.6.33.1/fs/gfs2/sys.c 2010-03-15 12:09:39.000000000 -0400 | |
29333 | +++ linux-2.6.33.1/fs/gfs2/sys.c 2010-03-20 16:58:41.563618654 -0400 | |
29334 | @@ -49,7 +49,7 @@ static ssize_t gfs2_attr_store(struct ko | |
29335 | return a->store ? a->store(sdp, buf, len) : len; | |
58c5fc13 MT |
29336 | } |
29337 | ||
ae4e228f MT |
29338 | -static struct sysfs_ops gfs2_attr_ops = { |
29339 | +static const struct sysfs_ops gfs2_attr_ops = { | |
29340 | .show = gfs2_attr_show, | |
29341 | .store = gfs2_attr_store, | |
29342 | }; | |
29343 | @@ -576,7 +576,7 @@ static int gfs2_uevent(struct kset *kset | |
29344 | return 0; | |
58c5fc13 MT |
29345 | } |
29346 | ||
ae4e228f MT |
29347 | -static struct kset_uevent_ops gfs2_uevent_ops = { |
29348 | +static const struct kset_uevent_ops gfs2_uevent_ops = { | |
29349 | .uevent = gfs2_uevent, | |
58c5fc13 | 29350 | }; |
ae4e228f MT |
29351 | |
29352 | diff -urNp linux-2.6.33.1/fs/hfs/inode.c linux-2.6.33.1/fs/hfs/inode.c | |
29353 | --- linux-2.6.33.1/fs/hfs/inode.c 2010-03-15 12:09:39.000000000 -0400 | |
29354 | +++ linux-2.6.33.1/fs/hfs/inode.c 2010-03-20 16:58:41.564527258 -0400 | |
58c5fc13 MT |
29355 | @@ -423,7 +423,7 @@ int hfs_write_inode(struct inode *inode, |
29356 | ||
29357 | if (S_ISDIR(main_inode->i_mode)) { | |
29358 | if (fd.entrylength < sizeof(struct hfs_cat_dir)) | |
29359 | - /* panic? */; | |
29360 | + {/* panic? */} | |
29361 | hfs_bnode_read(fd.bnode, &rec, fd.entryoffset, | |
29362 | sizeof(struct hfs_cat_dir)); | |
29363 | if (rec.type != HFS_CDR_DIR || | |
29364 | @@ -444,7 +444,7 @@ int hfs_write_inode(struct inode *inode, | |
29365 | sizeof(struct hfs_cat_file)); | |
29366 | } else { | |
29367 | if (fd.entrylength < sizeof(struct hfs_cat_file)) | |
29368 | - /* panic? */; | |
29369 | + {/* panic? */} | |
29370 | hfs_bnode_read(fd.bnode, &rec, fd.entryoffset, | |
29371 | sizeof(struct hfs_cat_file)); | |
29372 | if (rec.type != HFS_CDR_FIL || | |
ae4e228f MT |
29373 | diff -urNp linux-2.6.33.1/fs/hfsplus/inode.c linux-2.6.33.1/fs/hfsplus/inode.c |
29374 | --- linux-2.6.33.1/fs/hfsplus/inode.c 2010-03-15 12:09:39.000000000 -0400 | |
29375 | +++ linux-2.6.33.1/fs/hfsplus/inode.c 2010-03-20 16:58:41.564527258 -0400 | |
58c5fc13 MT |
29376 | @@ -406,7 +406,7 @@ int hfsplus_cat_read_inode(struct inode |
29377 | struct hfsplus_cat_folder *folder = &entry.folder; | |
29378 | ||
29379 | if (fd->entrylength < sizeof(struct hfsplus_cat_folder)) | |
29380 | - /* panic? */; | |
29381 | + {/* panic? */} | |
29382 | hfs_bnode_read(fd->bnode, &entry, fd->entryoffset, | |
29383 | sizeof(struct hfsplus_cat_folder)); | |
29384 | hfsplus_get_perms(inode, &folder->permissions, 1); | |
29385 | @@ -423,7 +423,7 @@ int hfsplus_cat_read_inode(struct inode | |
29386 | struct hfsplus_cat_file *file = &entry.file; | |
29387 | ||
29388 | if (fd->entrylength < sizeof(struct hfsplus_cat_file)) | |
29389 | - /* panic? */; | |
29390 | + {/* panic? */} | |
29391 | hfs_bnode_read(fd->bnode, &entry, fd->entryoffset, | |
29392 | sizeof(struct hfsplus_cat_file)); | |
29393 | ||
29394 | @@ -479,7 +479,7 @@ int hfsplus_cat_write_inode(struct inode | |
29395 | struct hfsplus_cat_folder *folder = &entry.folder; | |
29396 | ||
29397 | if (fd.entrylength < sizeof(struct hfsplus_cat_folder)) | |
29398 | - /* panic? */; | |
29399 | + {/* panic? */} | |
29400 | hfs_bnode_read(fd.bnode, &entry, fd.entryoffset, | |
29401 | sizeof(struct hfsplus_cat_folder)); | |
29402 | /* simple node checks? */ | |
29403 | @@ -501,7 +501,7 @@ int hfsplus_cat_write_inode(struct inode | |
29404 | struct hfsplus_cat_file *file = &entry.file; | |
29405 | ||
29406 | if (fd.entrylength < sizeof(struct hfsplus_cat_file)) | |
29407 | - /* panic? */; | |
29408 | + {/* panic? */} | |
29409 | hfs_bnode_read(fd.bnode, &entry, fd.entryoffset, | |
29410 | sizeof(struct hfsplus_cat_file)); | |
29411 | hfsplus_inode_write_fork(inode, &file->data_fork); | |
ae4e228f MT |
29412 | diff -urNp linux-2.6.33.1/fs/ioctl.c linux-2.6.33.1/fs/ioctl.c |
29413 | --- linux-2.6.33.1/fs/ioctl.c 2010-03-15 12:09:39.000000000 -0400 | |
29414 | +++ linux-2.6.33.1/fs/ioctl.c 2010-03-20 16:58:41.564527258 -0400 | |
29415 | @@ -97,7 +97,7 @@ int fiemap_fill_next_extent(struct fiema | |
29416 | u64 phys, u64 len, u32 flags) | |
29417 | { | |
29418 | struct fiemap_extent extent; | |
29419 | - struct fiemap_extent *dest = fieinfo->fi_extents_start; | |
29420 | + struct fiemap_extent __user *dest = fieinfo->fi_extents_start; | |
29421 | ||
29422 | /* only count the extents */ | |
29423 | if (fieinfo->fi_extents_max == 0) { | |
29424 | @@ -207,7 +207,7 @@ static int ioctl_fiemap(struct file *fil | |
29425 | ||
29426 | fieinfo.fi_flags = fiemap.fm_flags; | |
29427 | fieinfo.fi_extents_max = fiemap.fm_extent_count; | |
29428 | - fieinfo.fi_extents_start = (struct fiemap_extent *)(arg + sizeof(fiemap)); | |
29429 | + fieinfo.fi_extents_start = (struct fiemap_extent __user *)(arg + sizeof(fiemap)); | |
29430 | ||
29431 | if (fiemap.fm_extent_count != 0 && | |
29432 | !access_ok(VERIFY_WRITE, fieinfo.fi_extents_start, | |
29433 | @@ -220,7 +220,7 @@ static int ioctl_fiemap(struct file *fil | |
29434 | error = inode->i_op->fiemap(inode, &fieinfo, fiemap.fm_start, len); | |
29435 | fiemap.fm_flags = fieinfo.fi_flags; | |
29436 | fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped; | |
29437 | - if (copy_to_user((char *)arg, &fiemap, sizeof(fiemap))) | |
29438 | + if (copy_to_user((__force char __user *)arg, &fiemap, sizeof(fiemap))) | |
29439 | error = -EFAULT; | |
58c5fc13 | 29440 | |
ae4e228f MT |
29441 | return error; |
29442 | diff -urNp linux-2.6.33.1/fs/jffs2/debug.h linux-2.6.33.1/fs/jffs2/debug.h | |
29443 | --- linux-2.6.33.1/fs/jffs2/debug.h 2010-03-15 12:09:39.000000000 -0400 | |
29444 | +++ linux-2.6.33.1/fs/jffs2/debug.h 2010-03-20 16:58:41.564527258 -0400 | |
58c5fc13 MT |
29445 | @@ -52,13 +52,13 @@ |
29446 | #if CONFIG_JFFS2_FS_DEBUG > 0 | |
29447 | #define D1(x) x | |
29448 | #else | |
29449 | -#define D1(x) | |
29450 | +#define D1(x) do {} while (0); | |
29451 | #endif | |
29452 | ||
29453 | #if CONFIG_JFFS2_FS_DEBUG > 1 | |
29454 | #define D2(x) x | |
29455 | #else | |
29456 | -#define D2(x) | |
29457 | +#define D2(x) do {} while (0); | |
29458 | #endif | |
29459 | ||
29460 | /* The prefixes of JFFS2 messages */ | |
29461 | @@ -114,73 +114,73 @@ | |
29462 | #ifdef JFFS2_DBG_READINODE_MESSAGES | |
29463 | #define dbg_readinode(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__) | |
29464 | #else | |
29465 | -#define dbg_readinode(fmt, ...) | |
29466 | +#define dbg_readinode(fmt, ...) do {} while (0) | |
29467 | #endif | |
29468 | #ifdef JFFS2_DBG_READINODE2_MESSAGES | |
29469 | #define dbg_readinode2(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__) | |
29470 | #else | |
29471 | -#define dbg_readinode2(fmt, ...) | |
29472 | +#define dbg_readinode2(fmt, ...) do {} while (0) | |
29473 | #endif | |
29474 | ||
29475 | /* Fragtree build debugging messages */ | |
29476 | #ifdef JFFS2_DBG_FRAGTREE_MESSAGES | |
29477 | #define dbg_fragtree(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__) | |
29478 | #else | |
29479 | -#define dbg_fragtree(fmt, ...) | |
29480 | +#define dbg_fragtree(fmt, ...) do {} while (0) | |
29481 | #endif | |
29482 | #ifdef JFFS2_DBG_FRAGTREE2_MESSAGES | |
29483 | #define dbg_fragtree2(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__) | |
29484 | #else | |
29485 | -#define dbg_fragtree2(fmt, ...) | |
29486 | +#define dbg_fragtree2(fmt, ...) do {} while (0) | |
29487 | #endif | |
29488 | ||
29489 | /* Directory entry list manilulation debugging messages */ | |
29490 | #ifdef JFFS2_DBG_DENTLIST_MESSAGES | |
29491 | #define dbg_dentlist(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__) | |
29492 | #else | |
29493 | -#define dbg_dentlist(fmt, ...) | |
29494 | +#define dbg_dentlist(fmt, ...) do {} while (0) | |
29495 | #endif | |
29496 | ||
29497 | /* Print the messages about manipulating node_refs */ | |
29498 | #ifdef JFFS2_DBG_NODEREF_MESSAGES | |
29499 | #define dbg_noderef(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__) | |
29500 | #else | |
29501 | -#define dbg_noderef(fmt, ...) | |
29502 | +#define dbg_noderef(fmt, ...) do {} while (0) | |
29503 | #endif | |
29504 | ||
29505 | /* Manipulations with the list of inodes (JFFS2 inocache) */ | |
29506 | #ifdef JFFS2_DBG_INOCACHE_MESSAGES | |
29507 | #define dbg_inocache(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__) | |
29508 | #else | |
29509 | -#define dbg_inocache(fmt, ...) | |
29510 | +#define dbg_inocache(fmt, ...) do {} while (0) | |
29511 | #endif | |
29512 | ||
29513 | /* Summary debugging messages */ | |
29514 | #ifdef JFFS2_DBG_SUMMARY_MESSAGES | |
29515 | #define dbg_summary(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__) | |
29516 | #else | |
29517 | -#define dbg_summary(fmt, ...) | |
29518 | +#define dbg_summary(fmt, ...) do {} while (0) | |
29519 | #endif | |
29520 | ||
29521 | /* File system build messages */ | |
29522 | #ifdef JFFS2_DBG_FSBUILD_MESSAGES | |
29523 | #define dbg_fsbuild(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__) | |
29524 | #else | |
29525 | -#define dbg_fsbuild(fmt, ...) | |
29526 | +#define dbg_fsbuild(fmt, ...) do {} while (0) | |
29527 | #endif | |
29528 | ||
29529 | /* Watch the object allocations */ | |
29530 | #ifdef JFFS2_DBG_MEMALLOC_MESSAGES | |
29531 | #define dbg_memalloc(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__) | |
29532 | #else | |
29533 | -#define dbg_memalloc(fmt, ...) | |
29534 | +#define dbg_memalloc(fmt, ...) do {} while (0) | |
29535 | #endif | |
29536 | ||
29537 | /* Watch the XATTR subsystem */ | |
29538 | #ifdef JFFS2_DBG_XATTR_MESSAGES | |
29539 | #define dbg_xattr(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__) | |
29540 | #else | |
29541 | -#define dbg_xattr(fmt, ...) | |
29542 | +#define dbg_xattr(fmt, ...) do {} while (0) | |
29543 | #endif | |
29544 | ||
29545 | /* "Sanity" checks */ | |
ae4e228f MT |
29546 | diff -urNp linux-2.6.33.1/fs/jffs2/erase.c linux-2.6.33.1/fs/jffs2/erase.c |
29547 | --- linux-2.6.33.1/fs/jffs2/erase.c 2010-03-15 12:09:39.000000000 -0400 | |
29548 | +++ linux-2.6.33.1/fs/jffs2/erase.c 2010-03-20 16:58:41.588752321 -0400 | |
58c5fc13 MT |
29549 | @@ -434,7 +434,8 @@ static void jffs2_mark_erased_block(stru |
29550 | struct jffs2_unknown_node marker = { | |
29551 | .magic = cpu_to_je16(JFFS2_MAGIC_BITMASK), | |
29552 | .nodetype = cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER), | |
29553 | - .totlen = cpu_to_je32(c->cleanmarker_size) | |
29554 | + .totlen = cpu_to_je32(c->cleanmarker_size), | |
29555 | + .hdr_crc = cpu_to_je32(0) | |
29556 | }; | |
29557 | ||
29558 | jffs2_prealloc_raw_node_refs(c, jeb, 1); | |
ae4e228f MT |
29559 | diff -urNp linux-2.6.33.1/fs/jffs2/summary.h linux-2.6.33.1/fs/jffs2/summary.h |
29560 | --- linux-2.6.33.1/fs/jffs2/summary.h 2010-03-15 12:09:39.000000000 -0400 | |
29561 | +++ linux-2.6.33.1/fs/jffs2/summary.h 2010-03-20 16:58:41.588752321 -0400 | |
58c5fc13 MT |
29562 | @@ -194,18 +194,18 @@ int jffs2_sum_scan_sumnode(struct jffs2_ |
29563 | ||
29564 | #define jffs2_sum_active() (0) | |
29565 | #define jffs2_sum_init(a) (0) | |
29566 | -#define jffs2_sum_exit(a) | |
29567 | -#define jffs2_sum_disable_collecting(a) | |
29568 | +#define jffs2_sum_exit(a) do {} while (0) | |
29569 | +#define jffs2_sum_disable_collecting(a) do {} while (0) | |
29570 | #define jffs2_sum_is_disabled(a) (0) | |
29571 | -#define jffs2_sum_reset_collected(a) | |
29572 | +#define jffs2_sum_reset_collected(a) do {} while (0) | |
29573 | #define jffs2_sum_add_kvec(a,b,c,d) (0) | |
29574 | -#define jffs2_sum_move_collected(a,b) | |
29575 | +#define jffs2_sum_move_collected(a,b) do {} while (0) | |
29576 | #define jffs2_sum_write_sumnode(a) (0) | |
29577 | -#define jffs2_sum_add_padding_mem(a,b) | |
29578 | -#define jffs2_sum_add_inode_mem(a,b,c) | |
29579 | -#define jffs2_sum_add_dirent_mem(a,b,c) | |
29580 | -#define jffs2_sum_add_xattr_mem(a,b,c) | |
29581 | -#define jffs2_sum_add_xref_mem(a,b,c) | |
29582 | +#define jffs2_sum_add_padding_mem(a,b) do {} while (0) | |
29583 | +#define jffs2_sum_add_inode_mem(a,b,c) do {} while (0) | |
29584 | +#define jffs2_sum_add_dirent_mem(a,b,c) do {} while (0) | |
29585 | +#define jffs2_sum_add_xattr_mem(a,b,c) do {} while (0) | |
29586 | +#define jffs2_sum_add_xref_mem(a,b,c) do {} while (0) | |
29587 | #define jffs2_sum_scan_sumnode(a,b,c,d,e) (0) | |
29588 | ||
29589 | #endif /* CONFIG_JFFS2_SUMMARY */ | |
ae4e228f MT |
29590 | diff -urNp linux-2.6.33.1/fs/jffs2/wbuf.c linux-2.6.33.1/fs/jffs2/wbuf.c |
29591 | --- linux-2.6.33.1/fs/jffs2/wbuf.c 2010-03-15 12:09:39.000000000 -0400 | |
29592 | +++ linux-2.6.33.1/fs/jffs2/wbuf.c 2010-03-20 16:58:41.588752321 -0400 | |
58c5fc13 MT |
29593 | @@ -1012,7 +1012,8 @@ static const struct jffs2_unknown_node o |
29594 | { | |
29595 | .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK), | |
29596 | .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER), | |
29597 | - .totlen = constant_cpu_to_je32(8) | |
29598 | + .totlen = constant_cpu_to_je32(8), | |
29599 | + .hdr_crc = constant_cpu_to_je32(0) | |
29600 | }; | |
29601 | ||
29602 | /* | |
ae4e228f MT |
29603 | diff -urNp linux-2.6.33.1/fs/lockd/svc.c linux-2.6.33.1/fs/lockd/svc.c |
29604 | --- linux-2.6.33.1/fs/lockd/svc.c 2010-03-15 12:09:39.000000000 -0400 | |
29605 | +++ linux-2.6.33.1/fs/lockd/svc.c 2010-03-20 16:58:41.588752321 -0400 | |
29606 | @@ -43,7 +43,7 @@ | |
29607 | ||
29608 | static struct svc_program nlmsvc_program; | |
29609 | ||
29610 | -struct nlmsvc_binding * nlmsvc_ops; | |
29611 | +const struct nlmsvc_binding * nlmsvc_ops; | |
29612 | EXPORT_SYMBOL_GPL(nlmsvc_ops); | |
29613 | ||
29614 | static DEFINE_MUTEX(nlmsvc_mutex); | |
29615 | diff -urNp linux-2.6.33.1/fs/locks.c linux-2.6.33.1/fs/locks.c | |
29616 | --- linux-2.6.33.1/fs/locks.c 2010-03-15 12:09:39.000000000 -0400 | |
29617 | +++ linux-2.6.33.1/fs/locks.c 2010-03-20 16:58:41.600927747 -0400 | |
58c5fc13 MT |
29618 | @@ -2007,16 +2007,16 @@ void locks_remove_flock(struct file *fil |
29619 | return; | |
29620 | ||
29621 | if (filp->f_op && filp->f_op->flock) { | |
29622 | - struct file_lock fl = { | |
29623 | + struct file_lock flock = { | |
29624 | .fl_pid = current->tgid, | |
29625 | .fl_file = filp, | |
29626 | .fl_flags = FL_FLOCK, | |
29627 | .fl_type = F_UNLCK, | |
29628 | .fl_end = OFFSET_MAX, | |
29629 | }; | |
29630 | - filp->f_op->flock(filp, F_SETLKW, &fl); | |
29631 | - if (fl.fl_ops && fl.fl_ops->fl_release_private) | |
29632 | - fl.fl_ops->fl_release_private(&fl); | |
29633 | + filp->f_op->flock(filp, F_SETLKW, &flock); | |
29634 | + if (flock.fl_ops && flock.fl_ops->fl_release_private) | |
29635 | + flock.fl_ops->fl_release_private(&flock); | |
29636 | } | |
29637 | ||
29638 | lock_kernel(); | |
ae4e228f MT |
29639 | diff -urNp linux-2.6.33.1/fs/namei.c linux-2.6.33.1/fs/namei.c |
29640 | --- linux-2.6.33.1/fs/namei.c 2010-03-15 12:09:39.000000000 -0400 | |
29641 | +++ linux-2.6.33.1/fs/namei.c 2010-03-20 16:58:41.612934232 -0400 | |
29642 | @@ -565,7 +565,7 @@ static __always_inline int __do_follow_l | |
58c5fc13 MT |
29643 | cookie = dentry->d_inode->i_op->follow_link(dentry, nd); |
29644 | error = PTR_ERR(cookie); | |
29645 | if (!IS_ERR(cookie)) { | |
29646 | - char *s = nd_get_link(nd); | |
29647 | + const char *s = nd_get_link(nd); | |
29648 | error = 0; | |
29649 | if (s) | |
29650 | error = __vfs_follow_link(nd, s); | |
ae4e228f | 29651 | @@ -599,6 +599,13 @@ static inline int do_follow_link(struct |
58c5fc13 MT |
29652 | err = security_inode_follow_link(path->dentry, nd); |
29653 | if (err) | |
29654 | goto loop; | |
29655 | + | |
29656 | + if (gr_handle_follow_link(path->dentry->d_parent->d_inode, | |
29657 | + path->dentry->d_inode, path->dentry, nd->path.mnt)) { | |
29658 | + err = -EACCES; | |
29659 | + goto loop; | |
29660 | + } | |
29661 | + | |
29662 | current->link_count++; | |
29663 | current->total_link_count++; | |
29664 | nd->depth++; | |
ae4e228f | 29665 | @@ -994,11 +1001,18 @@ return_reval: |
58c5fc13 MT |
29666 | break; |
29667 | } | |
29668 | return_base: | |
29669 | + if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) { | |
29670 | + path_put(&nd->path); | |
29671 | + return -ENOENT; | |
29672 | + } | |
29673 | return 0; | |
29674 | out_dput: | |
29675 | path_put_conditional(&next, nd); | |
29676 | break; | |
29677 | } | |
29678 | + if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) | |
29679 | + err = -ENOENT; | |
29680 | + | |
29681 | path_put(&nd->path); | |
29682 | return_err: | |
29683 | return err; | |
ae4e228f | 29684 | @@ -1552,12 +1566,19 @@ static int __open_namei_create(struct na |
58c5fc13 MT |
29685 | int error; |
29686 | struct dentry *dir = nd->path.dentry; | |
29687 | ||
29688 | + if (!gr_acl_handle_creat(path->dentry, nd->path.dentry, nd->path.mnt, flag, mode)) { | |
29689 | + error = -EACCES; | |
29690 | + goto out_unlock; | |
29691 | + } | |
29692 | + | |
29693 | if (!IS_POSIXACL(dir->d_inode)) | |
29694 | mode &= ~current_umask(); | |
29695 | error = security_path_mknod(&nd->path, path->dentry, mode, 0); | |
29696 | if (error) | |
29697 | goto out_unlock; | |
29698 | error = vfs_create(dir->d_inode, path->dentry, mode, nd); | |
29699 | + if (!error) | |
29700 | + gr_handle_create(path->dentry, nd->path.mnt); | |
29701 | out_unlock: | |
29702 | mutex_unlock(&dir->d_inode->i_mutex); | |
29703 | dput(nd->path.dentry); | |
ae4e228f MT |
29704 | @@ -1665,6 +1686,22 @@ struct file *do_filp_open(int dfd, const |
29705 | release_open_intent(&nd); | |
58c5fc13 MT |
29706 | if (error) |
29707 | return ERR_PTR(error); | |
29708 | + | |
ae4e228f MT |
29709 | + if (gr_handle_rofs_blockwrite(nd.path.dentry, nd.path.mnt, acc_mode)) { |
29710 | + error = -EPERM; | |
29711 | + goto exit; | |
29712 | + } | |
29713 | + | |
58c5fc13 MT |
29714 | + if (gr_handle_rawio(nd.path.dentry->d_inode)) { |
29715 | + error = -EPERM; | |
29716 | + goto exit; | |
29717 | + } | |
29718 | + | |
29719 | + if (!gr_acl_handle_open(nd.path.dentry, nd.path.mnt, flag)) { | |
29720 | + error = -EACCES; | |
29721 | + goto exit; | |
29722 | + } | |
29723 | + | |
29724 | goto ok; | |
29725 | } | |
29726 | ||
ae4e228f | 29727 | @@ -1758,6 +1795,24 @@ do_last: |
58c5fc13 MT |
29728 | /* |
29729 | * It already exists. | |
29730 | */ | |
29731 | + | |
ae4e228f MT |
29732 | + if (gr_handle_rofs_blockwrite(path.dentry, nd.path.mnt, acc_mode)) { |
29733 | + error = -EPERM; | |
29734 | + goto exit_mutex_unlock; | |
29735 | + } | |
58c5fc13 MT |
29736 | + if (gr_handle_rawio(path.dentry->d_inode)) { |
29737 | + error = -EPERM; | |
29738 | + goto exit_mutex_unlock; | |
29739 | + } | |
29740 | + if (!gr_acl_handle_open(path.dentry, nd.path.mnt, flag)) { | |
29741 | + error = -EACCES; | |
29742 | + goto exit_mutex_unlock; | |
29743 | + } | |
29744 | + if (gr_handle_fifo(path.dentry, nd.path.mnt, dir, flag, acc_mode)) { | |
29745 | + error = -EACCES; | |
29746 | + goto exit_mutex_unlock; | |
29747 | + } | |
29748 | + | |
29749 | mutex_unlock(&dir->d_inode->i_mutex); | |
29750 | audit_inode(pathname, path.dentry); | |
29751 | ||
ae4e228f | 29752 | @@ -1866,6 +1921,13 @@ do_link: |
58c5fc13 MT |
29753 | error = security_inode_follow_link(path.dentry, &nd); |
29754 | if (error) | |
29755 | goto exit_dput; | |
29756 | + | |
29757 | + if (gr_handle_follow_link(path.dentry->d_parent->d_inode, path.dentry->d_inode, | |
29758 | + path.dentry, nd.path.mnt)) { | |
29759 | + error = -EACCES; | |
29760 | + goto exit_dput; | |
29761 | + } | |
29762 | + | |
29763 | error = __do_follow_link(&path, &nd); | |
ae4e228f | 29764 | path_put(&path); |
58c5fc13 | 29765 | if (error) { |
ae4e228f | 29766 | @@ -2045,6 +2107,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const |
58c5fc13 MT |
29767 | error = may_mknod(mode); |
29768 | if (error) | |
29769 | goto out_dput; | |
29770 | + | |
29771 | + if (gr_handle_chroot_mknod(dentry, nd.path.mnt, mode)) { | |
29772 | + error = -EPERM; | |
29773 | + goto out_dput; | |
29774 | + } | |
29775 | + | |
29776 | + if (!gr_acl_handle_mknod(dentry, nd.path.dentry, nd.path.mnt, mode)) { | |
29777 | + error = -EACCES; | |
29778 | + goto out_dput; | |
29779 | + } | |
29780 | + | |
29781 | error = mnt_want_write(nd.path.mnt); | |
29782 | if (error) | |
29783 | goto out_dput; | |
ae4e228f | 29784 | @@ -2065,6 +2138,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const |
58c5fc13 MT |
29785 | } |
29786 | out_drop_write: | |
29787 | mnt_drop_write(nd.path.mnt); | |
29788 | + | |
29789 | + if (!error) | |
29790 | + gr_handle_create(dentry, nd.path.mnt); | |
29791 | out_dput: | |
29792 | dput(dentry); | |
29793 | out_unlock: | |
ae4e228f | 29794 | @@ -2118,6 +2194,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const |
58c5fc13 MT |
29795 | if (IS_ERR(dentry)) |
29796 | goto out_unlock; | |
29797 | ||
29798 | + if (!gr_acl_handle_mkdir(dentry, nd.path.dentry, nd.path.mnt)) { | |
29799 | + error = -EACCES; | |
29800 | + goto out_dput; | |
29801 | + } | |
29802 | + | |
29803 | if (!IS_POSIXACL(nd.path.dentry->d_inode)) | |
29804 | mode &= ~current_umask(); | |
29805 | error = mnt_want_write(nd.path.mnt); | |
ae4e228f | 29806 | @@ -2129,6 +2210,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const |
58c5fc13 MT |
29807 | error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode); |
29808 | out_drop_write: | |
29809 | mnt_drop_write(nd.path.mnt); | |
29810 | + | |
29811 | + if (!error) | |
29812 | + gr_handle_create(dentry, nd.path.mnt); | |
29813 | + | |
29814 | out_dput: | |
29815 | dput(dentry); | |
29816 | out_unlock: | |
ae4e228f | 29817 | @@ -2210,6 +2295,8 @@ static long do_rmdir(int dfd, const char |
58c5fc13 MT |
29818 | char * name; |
29819 | struct dentry *dentry; | |
29820 | struct nameidata nd; | |
29821 | + ino_t saved_ino = 0; | |
29822 | + dev_t saved_dev = 0; | |
29823 | ||
29824 | error = user_path_parent(dfd, pathname, &nd, &name); | |
29825 | if (error) | |
ae4e228f | 29826 | @@ -2234,6 +2321,19 @@ static long do_rmdir(int dfd, const char |
58c5fc13 MT |
29827 | error = PTR_ERR(dentry); |
29828 | if (IS_ERR(dentry)) | |
29829 | goto exit2; | |
29830 | + | |
29831 | + if (dentry->d_inode != NULL) { | |
29832 | + if (dentry->d_inode->i_nlink <= 1) { | |
29833 | + saved_ino = dentry->d_inode->i_ino; | |
29834 | + saved_dev = dentry->d_inode->i_sb->s_dev; | |
29835 | + } | |
29836 | + | |
29837 | + if (!gr_acl_handle_rmdir(dentry, nd.path.mnt)) { | |
29838 | + error = -EACCES; | |
29839 | + goto exit3; | |
29840 | + } | |
29841 | + } | |
29842 | + | |
29843 | error = mnt_want_write(nd.path.mnt); | |
29844 | if (error) | |
29845 | goto exit3; | |
ae4e228f | 29846 | @@ -2241,6 +2341,8 @@ static long do_rmdir(int dfd, const char |
58c5fc13 MT |
29847 | if (error) |
29848 | goto exit4; | |
29849 | error = vfs_rmdir(nd.path.dentry->d_inode, dentry); | |
29850 | + if (!error && (saved_dev || saved_ino)) | |
29851 | + gr_handle_delete(saved_ino, saved_dev); | |
29852 | exit4: | |
29853 | mnt_drop_write(nd.path.mnt); | |
29854 | exit3: | |
ae4e228f | 29855 | @@ -2302,6 +2404,8 @@ static long do_unlinkat(int dfd, const c |
58c5fc13 MT |
29856 | struct dentry *dentry; |
29857 | struct nameidata nd; | |
29858 | struct inode *inode = NULL; | |
29859 | + ino_t saved_ino = 0; | |
29860 | + dev_t saved_dev = 0; | |
29861 | ||
29862 | error = user_path_parent(dfd, pathname, &nd, &name); | |
29863 | if (error) | |
ae4e228f | 29864 | @@ -2321,8 +2425,19 @@ static long do_unlinkat(int dfd, const c |
58c5fc13 MT |
29865 | if (nd.last.name[nd.last.len]) |
29866 | goto slashes; | |
29867 | inode = dentry->d_inode; | |
29868 | - if (inode) | |
29869 | + if (inode) { | |
29870 | + if (inode->i_nlink <= 1) { | |
29871 | + saved_ino = inode->i_ino; | |
29872 | + saved_dev = inode->i_sb->s_dev; | |
29873 | + } | |
29874 | + | |
29875 | atomic_inc(&inode->i_count); | |
29876 | + | |
29877 | + if (!gr_acl_handle_unlink(dentry, nd.path.mnt)) { | |
29878 | + error = -EACCES; | |
29879 | + goto exit2; | |
29880 | + } | |
29881 | + } | |
29882 | error = mnt_want_write(nd.path.mnt); | |
29883 | if (error) | |
29884 | goto exit2; | |
ae4e228f | 29885 | @@ -2330,6 +2445,8 @@ static long do_unlinkat(int dfd, const c |
58c5fc13 MT |
29886 | if (error) |
29887 | goto exit3; | |
29888 | error = vfs_unlink(nd.path.dentry->d_inode, dentry); | |
29889 | + if (!error && (saved_ino || saved_dev)) | |
29890 | + gr_handle_delete(saved_ino, saved_dev); | |
29891 | exit3: | |
29892 | mnt_drop_write(nd.path.mnt); | |
29893 | exit2: | |
ae4e228f | 29894 | @@ -2408,6 +2525,11 @@ SYSCALL_DEFINE3(symlinkat, const char __ |
58c5fc13 MT |
29895 | if (IS_ERR(dentry)) |
29896 | goto out_unlock; | |
29897 | ||
29898 | + if (!gr_acl_handle_symlink(dentry, nd.path.dentry, nd.path.mnt, from)) { | |
29899 | + error = -EACCES; | |
29900 | + goto out_dput; | |
29901 | + } | |
29902 | + | |
29903 | error = mnt_want_write(nd.path.mnt); | |
29904 | if (error) | |
29905 | goto out_dput; | |
ae4e228f | 29906 | @@ -2415,6 +2537,8 @@ SYSCALL_DEFINE3(symlinkat, const char __ |
58c5fc13 MT |
29907 | if (error) |
29908 | goto out_drop_write; | |
29909 | error = vfs_symlink(nd.path.dentry->d_inode, dentry, from); | |
29910 | + if (!error) | |
29911 | + gr_handle_create(dentry, nd.path.mnt); | |
29912 | out_drop_write: | |
29913 | mnt_drop_write(nd.path.mnt); | |
29914 | out_dput: | |
ae4e228f | 29915 | @@ -2508,6 +2632,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con |
58c5fc13 MT |
29916 | error = PTR_ERR(new_dentry); |
29917 | if (IS_ERR(new_dentry)) | |
29918 | goto out_unlock; | |
29919 | + | |
29920 | + if (gr_handle_hardlink(old_path.dentry, old_path.mnt, | |
29921 | + old_path.dentry->d_inode, | |
29922 | + old_path.dentry->d_inode->i_mode, to)) { | |
29923 | + error = -EACCES; | |
29924 | + goto out_dput; | |
29925 | + } | |
29926 | + | |
29927 | + if (!gr_acl_handle_link(new_dentry, nd.path.dentry, nd.path.mnt, | |
29928 | + old_path.dentry, old_path.mnt, to)) { | |
29929 | + error = -EACCES; | |
29930 | + goto out_dput; | |
29931 | + } | |
29932 | + | |
29933 | error = mnt_want_write(nd.path.mnt); | |
29934 | if (error) | |
29935 | goto out_dput; | |
ae4e228f | 29936 | @@ -2515,6 +2653,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con |
58c5fc13 MT |
29937 | if (error) |
29938 | goto out_drop_write; | |
29939 | error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry); | |
29940 | + if (!error) | |
29941 | + gr_handle_create(new_dentry, nd.path.mnt); | |
29942 | out_drop_write: | |
29943 | mnt_drop_write(nd.path.mnt); | |
29944 | out_dput: | |
ae4e228f | 29945 | @@ -2748,6 +2888,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c |
58c5fc13 MT |
29946 | if (new_dentry == trap) |
29947 | goto exit5; | |
29948 | ||
29949 | + error = gr_acl_handle_rename(new_dentry, new_dir, newnd.path.mnt, | |
29950 | + old_dentry, old_dir->d_inode, oldnd.path.mnt, | |
29951 | + to); | |
29952 | + if (error) | |
29953 | + goto exit5; | |
29954 | + | |
29955 | error = mnt_want_write(oldnd.path.mnt); | |
29956 | if (error) | |
29957 | goto exit5; | |
ae4e228f | 29958 | @@ -2757,6 +2903,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c |
58c5fc13 MT |
29959 | goto exit6; |
29960 | error = vfs_rename(old_dir->d_inode, old_dentry, | |
29961 | new_dir->d_inode, new_dentry); | |
29962 | + if (!error) | |
29963 | + gr_handle_rename(old_dir->d_inode, new_dir->d_inode, old_dentry, | |
29964 | + new_dentry, oldnd.path.mnt, new_dentry->d_inode ? 1 : 0); | |
29965 | exit6: | |
29966 | mnt_drop_write(oldnd.path.mnt); | |
29967 | exit5: | |
ae4e228f MT |
29968 | diff -urNp linux-2.6.33.1/fs/namespace.c linux-2.6.33.1/fs/namespace.c |
29969 | --- linux-2.6.33.1/fs/namespace.c 2010-03-15 12:09:39.000000000 -0400 | |
29970 | +++ linux-2.6.33.1/fs/namespace.c 2010-03-20 16:58:41.649168726 -0400 | |
29971 | @@ -1085,6 +1085,9 @@ static int do_umount(struct vfsmount *mn | |
58c5fc13 MT |
29972 | if (!(sb->s_flags & MS_RDONLY)) |
29973 | retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); | |
29974 | up_write(&sb->s_umount); | |
29975 | + | |
29976 | + gr_log_remount(mnt->mnt_devname, retval); | |
29977 | + | |
29978 | return retval; | |
29979 | } | |
29980 | ||
ae4e228f | 29981 | @@ -1106,6 +1109,9 @@ static int do_umount(struct vfsmount *mn |
58c5fc13 MT |
29982 | security_sb_umount_busy(mnt); |
29983 | up_write(&namespace_sem); | |
29984 | release_mounts(&umount_list); | |
29985 | + | |
29986 | + gr_log_unmount(mnt->mnt_devname, retval); | |
29987 | + | |
29988 | return retval; | |
29989 | } | |
29990 | ||
ae4e228f MT |
29991 | @@ -1963,6 +1969,16 @@ long do_mount(char *dev_name, char *dir_ |
29992 | MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | | |
29993 | MS_STRICTATIME); | |
58c5fc13 | 29994 | |
ae4e228f MT |
29995 | + if (gr_handle_rofs_mount(path.dentry, path.mnt, mnt_flags)) { |
29996 | + retval = -EPERM; | |
29997 | + goto dput_out; | |
29998 | + } | |
29999 | + | |
58c5fc13 MT |
30000 | + if (gr_handle_chroot_mount(path.dentry, path.mnt, dev_name)) { |
30001 | + retval = -EPERM; | |
30002 | + goto dput_out; | |
30003 | + } | |
30004 | + | |
30005 | if (flags & MS_REMOUNT) | |
30006 | retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, | |
30007 | data_page); | |
ae4e228f | 30008 | @@ -1977,6 +1993,9 @@ long do_mount(char *dev_name, char *dir_ |
58c5fc13 MT |
30009 | dev_name, data_page); |
30010 | dput_out: | |
30011 | path_put(&path); | |
30012 | + | |
30013 | + gr_log_mount(dev_name, dir_name, retval); | |
30014 | + | |
30015 | return retval; | |
30016 | } | |
30017 | ||
ae4e228f | 30018 | @@ -2183,6 +2202,12 @@ SYSCALL_DEFINE2(pivot_root, const char _ |
58c5fc13 MT |
30019 | goto out1; |
30020 | } | |
30021 | ||
30022 | + if (gr_handle_chroot_pivot()) { | |
30023 | + error = -EPERM; | |
30024 | + path_put(&old); | |
30025 | + goto out1; | |
30026 | + } | |
30027 | + | |
30028 | read_lock(¤t->fs->lock); | |
30029 | root = current->fs->root; | |
30030 | path_get(¤t->fs->root); | |
ae4e228f MT |
30031 | diff -urNp linux-2.6.33.1/fs/nfs/inode.c linux-2.6.33.1/fs/nfs/inode.c |
30032 | --- linux-2.6.33.1/fs/nfs/inode.c 2010-03-15 12:09:39.000000000 -0400 | |
30033 | +++ linux-2.6.33.1/fs/nfs/inode.c 2010-03-20 16:58:41.649168726 -0400 | |
30034 | @@ -965,16 +965,16 @@ static int nfs_size_need_update(const st | |
30035 | return nfs_size_to_loff_t(fattr->size) > i_size_read(inode); | |
30036 | } | |
30037 | ||
30038 | -static atomic_long_t nfs_attr_generation_counter; | |
30039 | +static atomic_long_unchecked_t nfs_attr_generation_counter; | |
30040 | ||
30041 | static unsigned long nfs_read_attr_generation_counter(void) | |
30042 | { | |
30043 | - return atomic_long_read(&nfs_attr_generation_counter); | |
30044 | + return atomic_long_read_unchecked(&nfs_attr_generation_counter); | |
30045 | } | |
30046 | ||
30047 | unsigned long nfs_inc_attr_generation_counter(void) | |
30048 | { | |
30049 | - return atomic_long_inc_return(&nfs_attr_generation_counter); | |
30050 | + return atomic_long_inc_return_unchecked(&nfs_attr_generation_counter); | |
30051 | } | |
30052 | ||
30053 | void nfs_fattr_init(struct nfs_fattr *fattr) | |
30054 | diff -urNp linux-2.6.33.1/fs/nfs/nfs4proc.c linux-2.6.33.1/fs/nfs/nfs4proc.c | |
30055 | --- linux-2.6.33.1/fs/nfs/nfs4proc.c 2010-03-15 12:09:39.000000000 -0400 | |
30056 | +++ linux-2.6.33.1/fs/nfs/nfs4proc.c 2010-03-20 16:58:41.652911113 -0400 | |
30057 | @@ -1159,7 +1159,7 @@ static int _nfs4_do_open_reclaim(struct | |
58c5fc13 MT |
30058 | static int nfs4_do_open_reclaim(struct nfs_open_context *ctx, struct nfs4_state *state) |
30059 | { | |
30060 | struct nfs_server *server = NFS_SERVER(state->inode); | |
30061 | - struct nfs4_exception exception = { }; | |
30062 | + struct nfs4_exception exception = {0, 0}; | |
30063 | int err; | |
30064 | do { | |
30065 | err = _nfs4_do_open_reclaim(ctx, state); | |
ae4e228f | 30066 | @@ -1201,7 +1201,7 @@ static int _nfs4_open_delegation_recall( |
58c5fc13 MT |
30067 | |
30068 | int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid) | |
30069 | { | |
30070 | - struct nfs4_exception exception = { }; | |
30071 | + struct nfs4_exception exception = {0, 0}; | |
30072 | struct nfs_server *server = NFS_SERVER(state->inode); | |
30073 | int err; | |
30074 | do { | |
ae4e228f MT |
30075 | @@ -1572,7 +1572,7 @@ static int _nfs4_open_expired(struct nfs |
30076 | static int nfs4_do_open_expired(struct nfs_open_context *ctx, struct nfs4_state *state) | |
58c5fc13 MT |
30077 | { |
30078 | struct nfs_server *server = NFS_SERVER(state->inode); | |
30079 | - struct nfs4_exception exception = { }; | |
30080 | + struct nfs4_exception exception = {0, 0}; | |
30081 | int err; | |
30082 | ||
30083 | do { | |
ae4e228f | 30084 | @@ -1678,7 +1678,7 @@ out_err: |
58c5fc13 MT |
30085 | |
30086 | static struct nfs4_state *nfs4_do_open(struct inode *dir, struct path *path, fmode_t fmode, int flags, struct iattr *sattr, struct rpc_cred *cred) | |
30087 | { | |
30088 | - struct nfs4_exception exception = { }; | |
30089 | + struct nfs4_exception exception = {0, 0}; | |
30090 | struct nfs4_state *res; | |
30091 | int status; | |
30092 | ||
ae4e228f | 30093 | @@ -1769,7 +1769,7 @@ static int nfs4_do_setattr(struct inode |
58c5fc13 MT |
30094 | struct nfs4_state *state) |
30095 | { | |
30096 | struct nfs_server *server = NFS_SERVER(inode); | |
30097 | - struct nfs4_exception exception = { }; | |
30098 | + struct nfs4_exception exception = {0, 0}; | |
30099 | int err; | |
30100 | do { | |
30101 | err = nfs4_handle_exception(server, | |
ae4e228f | 30102 | @@ -2146,7 +2146,7 @@ static int _nfs4_server_capabilities(str |
58c5fc13 MT |
30103 | |
30104 | int nfs4_server_capabilities(struct nfs_server *server, struct nfs_fh *fhandle) | |
30105 | { | |
30106 | - struct nfs4_exception exception = { }; | |
30107 | + struct nfs4_exception exception = {0, 0}; | |
30108 | int err; | |
30109 | do { | |
30110 | err = nfs4_handle_exception(server, | |
ae4e228f | 30111 | @@ -2180,7 +2180,7 @@ static int _nfs4_lookup_root(struct nfs_ |
58c5fc13 MT |
30112 | static int nfs4_lookup_root(struct nfs_server *server, struct nfs_fh *fhandle, |
30113 | struct nfs_fsinfo *info) | |
30114 | { | |
30115 | - struct nfs4_exception exception = { }; | |
30116 | + struct nfs4_exception exception = {0, 0}; | |
30117 | int err; | |
30118 | do { | |
30119 | err = nfs4_handle_exception(server, | |
ae4e228f | 30120 | @@ -2269,7 +2269,7 @@ static int _nfs4_proc_getattr(struct nfs |
58c5fc13 MT |
30121 | |
30122 | static int nfs4_proc_getattr(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fattr *fattr) | |
30123 | { | |
30124 | - struct nfs4_exception exception = { }; | |
30125 | + struct nfs4_exception exception = {0, 0}; | |
30126 | int err; | |
30127 | do { | |
30128 | err = nfs4_handle_exception(server, | |
ae4e228f | 30129 | @@ -2357,7 +2357,7 @@ static int nfs4_proc_lookupfh(struct nfs |
58c5fc13 MT |
30130 | struct qstr *name, struct nfs_fh *fhandle, |
30131 | struct nfs_fattr *fattr) | |
30132 | { | |
30133 | - struct nfs4_exception exception = { }; | |
30134 | + struct nfs4_exception exception = {0, 0}; | |
30135 | int err; | |
30136 | do { | |
30137 | err = _nfs4_proc_lookupfh(server, dirfh, name, fhandle, fattr); | |
ae4e228f | 30138 | @@ -2386,7 +2386,7 @@ static int _nfs4_proc_lookup(struct inod |
58c5fc13 MT |
30139 | |
30140 | static int nfs4_proc_lookup(struct inode *dir, struct qstr *name, struct nfs_fh *fhandle, struct nfs_fattr *fattr) | |
30141 | { | |
30142 | - struct nfs4_exception exception = { }; | |
30143 | + struct nfs4_exception exception = {0, 0}; | |
30144 | int err; | |
30145 | do { | |
30146 | err = nfs4_handle_exception(NFS_SERVER(dir), | |
ae4e228f | 30147 | @@ -2450,7 +2450,7 @@ static int _nfs4_proc_access(struct inod |
58c5fc13 MT |
30148 | |
30149 | static int nfs4_proc_access(struct inode *inode, struct nfs_access_entry *entry) | |
30150 | { | |
30151 | - struct nfs4_exception exception = { }; | |
30152 | + struct nfs4_exception exception = {0, 0}; | |
30153 | int err; | |
30154 | do { | |
30155 | err = nfs4_handle_exception(NFS_SERVER(inode), | |
ae4e228f | 30156 | @@ -2506,7 +2506,7 @@ static int _nfs4_proc_readlink(struct in |
58c5fc13 MT |
30157 | static int nfs4_proc_readlink(struct inode *inode, struct page *page, |
30158 | unsigned int pgbase, unsigned int pglen) | |
30159 | { | |
30160 | - struct nfs4_exception exception = { }; | |
30161 | + struct nfs4_exception exception = {0, 0}; | |
30162 | int err; | |
30163 | do { | |
30164 | err = nfs4_handle_exception(NFS_SERVER(inode), | |
ae4e228f | 30165 | @@ -2604,7 +2604,7 @@ static int _nfs4_proc_remove(struct inod |
58c5fc13 MT |
30166 | |
30167 | static int nfs4_proc_remove(struct inode *dir, struct qstr *name) | |
30168 | { | |
30169 | - struct nfs4_exception exception = { }; | |
30170 | + struct nfs4_exception exception = {0, 0}; | |
30171 | int err; | |
30172 | do { | |
30173 | err = nfs4_handle_exception(NFS_SERVER(dir), | |
ae4e228f | 30174 | @@ -2677,7 +2677,7 @@ static int _nfs4_proc_rename(struct inod |
58c5fc13 MT |
30175 | static int nfs4_proc_rename(struct inode *old_dir, struct qstr *old_name, |
30176 | struct inode *new_dir, struct qstr *new_name) | |
30177 | { | |
30178 | - struct nfs4_exception exception = { }; | |
30179 | + struct nfs4_exception exception = {0, 0}; | |
30180 | int err; | |
30181 | do { | |
30182 | err = nfs4_handle_exception(NFS_SERVER(old_dir), | |
ae4e228f | 30183 | @@ -2724,7 +2724,7 @@ static int _nfs4_proc_link(struct inode |
58c5fc13 MT |
30184 | |
30185 | static int nfs4_proc_link(struct inode *inode, struct inode *dir, struct qstr *name) | |
30186 | { | |
30187 | - struct nfs4_exception exception = { }; | |
30188 | + struct nfs4_exception exception = {0, 0}; | |
30189 | int err; | |
30190 | do { | |
30191 | err = nfs4_handle_exception(NFS_SERVER(inode), | |
ae4e228f | 30192 | @@ -2816,7 +2816,7 @@ out: |
58c5fc13 MT |
30193 | static int nfs4_proc_symlink(struct inode *dir, struct dentry *dentry, |
30194 | struct page *page, unsigned int len, struct iattr *sattr) | |
30195 | { | |
30196 | - struct nfs4_exception exception = { }; | |
30197 | + struct nfs4_exception exception = {0, 0}; | |
30198 | int err; | |
30199 | do { | |
30200 | err = nfs4_handle_exception(NFS_SERVER(dir), | |
ae4e228f | 30201 | @@ -2847,7 +2847,7 @@ out: |
58c5fc13 MT |
30202 | static int nfs4_proc_mkdir(struct inode *dir, struct dentry *dentry, |
30203 | struct iattr *sattr) | |
30204 | { | |
30205 | - struct nfs4_exception exception = { }; | |
30206 | + struct nfs4_exception exception = {0, 0}; | |
30207 | int err; | |
30208 | do { | |
30209 | err = nfs4_handle_exception(NFS_SERVER(dir), | |
ae4e228f | 30210 | @@ -2896,7 +2896,7 @@ static int _nfs4_proc_readdir(struct den |
58c5fc13 MT |
30211 | static int nfs4_proc_readdir(struct dentry *dentry, struct rpc_cred *cred, |
30212 | u64 cookie, struct page *page, unsigned int count, int plus) | |
30213 | { | |
30214 | - struct nfs4_exception exception = { }; | |
30215 | + struct nfs4_exception exception = {0, 0}; | |
30216 | int err; | |
30217 | do { | |
30218 | err = nfs4_handle_exception(NFS_SERVER(dentry->d_inode), | |
ae4e228f | 30219 | @@ -2944,7 +2944,7 @@ out: |
58c5fc13 MT |
30220 | static int nfs4_proc_mknod(struct inode *dir, struct dentry *dentry, |
30221 | struct iattr *sattr, dev_t rdev) | |
30222 | { | |
30223 | - struct nfs4_exception exception = { }; | |
30224 | + struct nfs4_exception exception = {0, 0}; | |
30225 | int err; | |
30226 | do { | |
30227 | err = nfs4_handle_exception(NFS_SERVER(dir), | |
ae4e228f | 30228 | @@ -2976,7 +2976,7 @@ static int _nfs4_proc_statfs(struct nfs_ |
58c5fc13 MT |
30229 | |
30230 | static int nfs4_proc_statfs(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fsstat *fsstat) | |
30231 | { | |
30232 | - struct nfs4_exception exception = { }; | |
30233 | + struct nfs4_exception exception = {0, 0}; | |
30234 | int err; | |
30235 | do { | |
30236 | err = nfs4_handle_exception(server, | |
ae4e228f | 30237 | @@ -3007,7 +3007,7 @@ static int _nfs4_do_fsinfo(struct nfs_se |
58c5fc13 MT |
30238 | |
30239 | static int nfs4_do_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fsinfo *fsinfo) | |
30240 | { | |
30241 | - struct nfs4_exception exception = { }; | |
30242 | + struct nfs4_exception exception = {0, 0}; | |
30243 | int err; | |
30244 | ||
30245 | do { | |
ae4e228f | 30246 | @@ -3053,7 +3053,7 @@ static int _nfs4_proc_pathconf(struct nf |
58c5fc13 MT |
30247 | static int nfs4_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle, |
30248 | struct nfs_pathconf *pathconf) | |
30249 | { | |
30250 | - struct nfs4_exception exception = { }; | |
30251 | + struct nfs4_exception exception = {0, 0}; | |
30252 | int err; | |
30253 | ||
30254 | do { | |
ae4e228f | 30255 | @@ -3348,7 +3348,7 @@ out_free: |
58c5fc13 MT |
30256 | |
30257 | static ssize_t nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen) | |
30258 | { | |
30259 | - struct nfs4_exception exception = { }; | |
30260 | + struct nfs4_exception exception = {0, 0}; | |
30261 | ssize_t ret; | |
30262 | do { | |
30263 | ret = __nfs4_get_acl_uncached(inode, buf, buflen); | |
ae4e228f | 30264 | @@ -3404,7 +3404,7 @@ static int __nfs4_proc_set_acl(struct in |
58c5fc13 MT |
30265 | |
30266 | static int nfs4_proc_set_acl(struct inode *inode, const void *buf, size_t buflen) | |
30267 | { | |
30268 | - struct nfs4_exception exception = { }; | |
30269 | + struct nfs4_exception exception = {0, 0}; | |
30270 | int err; | |
30271 | do { | |
30272 | err = nfs4_handle_exception(NFS_SERVER(inode), | |
ae4e228f | 30273 | @@ -3686,7 +3686,7 @@ out: |
58c5fc13 MT |
30274 | int nfs4_proc_delegreturn(struct inode *inode, struct rpc_cred *cred, const nfs4_stateid *stateid, int issync) |
30275 | { | |
30276 | struct nfs_server *server = NFS_SERVER(inode); | |
30277 | - struct nfs4_exception exception = { }; | |
30278 | + struct nfs4_exception exception = {0, 0}; | |
30279 | int err; | |
30280 | do { | |
30281 | err = _nfs4_proc_delegreturn(inode, cred, stateid, issync); | |
ae4e228f | 30282 | @@ -3759,7 +3759,7 @@ out: |
58c5fc13 MT |
30283 | |
30284 | static int nfs4_proc_getlk(struct nfs4_state *state, int cmd, struct file_lock *request) | |
30285 | { | |
30286 | - struct nfs4_exception exception = { }; | |
30287 | + struct nfs4_exception exception = {0, 0}; | |
30288 | int err; | |
30289 | ||
30290 | do { | |
ae4e228f | 30291 | @@ -4171,7 +4171,7 @@ static int _nfs4_do_setlk(struct nfs4_st |
58c5fc13 MT |
30292 | static int nfs4_lock_reclaim(struct nfs4_state *state, struct file_lock *request) |
30293 | { | |
30294 | struct nfs_server *server = NFS_SERVER(state->inode); | |
30295 | - struct nfs4_exception exception = { }; | |
30296 | + struct nfs4_exception exception = {0, 0}; | |
30297 | int err; | |
30298 | ||
30299 | do { | |
ae4e228f | 30300 | @@ -4189,7 +4189,7 @@ static int nfs4_lock_reclaim(struct nfs4 |
58c5fc13 MT |
30301 | static int nfs4_lock_expired(struct nfs4_state *state, struct file_lock *request) |
30302 | { | |
30303 | struct nfs_server *server = NFS_SERVER(state->inode); | |
30304 | - struct nfs4_exception exception = { }; | |
30305 | + struct nfs4_exception exception = {0, 0}; | |
30306 | int err; | |
30307 | ||
30308 | err = nfs4_set_lock_state(state, request); | |
ae4e228f | 30309 | @@ -4253,7 +4253,7 @@ out: |
58c5fc13 MT |
30310 | |
30311 | static int nfs4_proc_setlk(struct nfs4_state *state, int cmd, struct file_lock *request) | |
30312 | { | |
30313 | - struct nfs4_exception exception = { }; | |
30314 | + struct nfs4_exception exception = {0, 0}; | |
30315 | int err; | |
30316 | ||
30317 | do { | |
ae4e228f | 30318 | @@ -4313,7 +4313,7 @@ nfs4_proc_lock(struct file *filp, int cm |
58c5fc13 MT |
30319 | int nfs4_lock_delegation_recall(struct nfs4_state *state, struct file_lock *fl) |
30320 | { | |
30321 | struct nfs_server *server = NFS_SERVER(state->inode); | |
30322 | - struct nfs4_exception exception = { }; | |
30323 | + struct nfs4_exception exception = {0, 0}; | |
30324 | int err; | |
30325 | ||
30326 | err = nfs4_set_lock_state(state, fl); | |
ae4e228f MT |
30327 | diff -urNp linux-2.6.33.1/fs/nfsd/lockd.c linux-2.6.33.1/fs/nfsd/lockd.c |
30328 | --- linux-2.6.33.1/fs/nfsd/lockd.c 2010-03-15 12:09:39.000000000 -0400 | |
30329 | +++ linux-2.6.33.1/fs/nfsd/lockd.c 2010-03-20 16:58:41.660926393 -0400 | |
30330 | @@ -61,7 +61,7 @@ nlm_fclose(struct file *filp) | |
30331 | fput(filp); | |
58c5fc13 MT |
30332 | } |
30333 | ||
ae4e228f MT |
30334 | -static struct nlmsvc_binding nfsd_nlm_ops = { |
30335 | +static const struct nlmsvc_binding nfsd_nlm_ops = { | |
30336 | .fopen = nlm_fopen, /* open file for locking */ | |
30337 | .fclose = nlm_fclose, /* close file */ | |
58c5fc13 | 30338 | }; |
ae4e228f MT |
30339 | diff -urNp linux-2.6.33.1/fs/nfsd/nfsctl.c linux-2.6.33.1/fs/nfsd/nfsctl.c |
30340 | --- linux-2.6.33.1/fs/nfsd/nfsctl.c 2010-03-15 12:09:39.000000000 -0400 | |
30341 | +++ linux-2.6.33.1/fs/nfsd/nfsctl.c 2010-03-20 16:58:41.676914510 -0400 | |
30342 | @@ -159,7 +159,7 @@ static int export_features_open(struct i | |
30343 | return single_open(file, export_features_show, NULL); | |
58c5fc13 MT |
30344 | } |
30345 | ||
ae4e228f MT |
30346 | -static struct file_operations export_features_operations = { |
30347 | +static const struct file_operations export_features_operations = { | |
30348 | .open = export_features_open, | |
30349 | .read = seq_read, | |
30350 | .llseek = seq_lseek, | |
30351 | diff -urNp linux-2.6.33.1/fs/nfsd/vfs.c linux-2.6.33.1/fs/nfsd/vfs.c | |
30352 | --- linux-2.6.33.1/fs/nfsd/vfs.c 2010-03-15 12:09:39.000000000 -0400 | |
30353 | +++ linux-2.6.33.1/fs/nfsd/vfs.c 2010-03-20 16:58:41.676914510 -0400 | |
30354 | @@ -945,7 +945,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, st | |
30355 | } else { | |
30356 | oldfs = get_fs(); | |
30357 | set_fs(KERNEL_DS); | |
30358 | - host_err = vfs_readv(file, (struct iovec __user *)vec, vlen, &offset); | |
30359 | + host_err = vfs_readv(file, (__force struct iovec __user *)vec, vlen, &offset); | |
30360 | set_fs(oldfs); | |
30361 | } | |
30362 | ||
30363 | @@ -1068,7 +1068,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, s | |
30364 | ||
30365 | /* Write the data. */ | |
30366 | oldfs = get_fs(); set_fs(KERNEL_DS); | |
30367 | - host_err = vfs_writev(file, (struct iovec __user *)vec, vlen, &offset); | |
30368 | + host_err = vfs_writev(file, (__force struct iovec __user *)vec, vlen, &offset); | |
30369 | set_fs(oldfs); | |
30370 | if (host_err < 0) | |
30371 | goto out_nfserr; | |
30372 | @@ -1543,7 +1543,7 @@ nfsd_readlink(struct svc_rqst *rqstp, st | |
30373 | */ | |
58c5fc13 | 30374 | |
ae4e228f MT |
30375 | oldfs = get_fs(); set_fs(KERNEL_DS); |
30376 | - host_err = inode->i_op->readlink(dentry, buf, *lenp); | |
30377 | + host_err = inode->i_op->readlink(dentry, (__force char __user *)buf, *lenp); | |
30378 | set_fs(oldfs); | |
58c5fc13 | 30379 | |
ae4e228f MT |
30380 | if (host_err < 0) |
30381 | diff -urNp linux-2.6.33.1/fs/nls/nls_base.c linux-2.6.33.1/fs/nls/nls_base.c | |
30382 | --- linux-2.6.33.1/fs/nls/nls_base.c 2010-03-15 12:09:39.000000000 -0400 | |
30383 | +++ linux-2.6.33.1/fs/nls/nls_base.c 2010-03-20 16:58:41.684912030 -0400 | |
58c5fc13 MT |
30384 | @@ -41,7 +41,7 @@ static const struct utf8_table utf8_tabl |
30385 | {0xF8, 0xF0, 3*6, 0x1FFFFF, 0x10000, /* 4 byte sequence */}, | |
30386 | {0xFC, 0xF8, 4*6, 0x3FFFFFF, 0x200000, /* 5 byte sequence */}, | |
30387 | {0xFE, 0xFC, 5*6, 0x7FFFFFFF, 0x4000000, /* 6 byte sequence */}, | |
30388 | - {0, /* end of table */} | |
30389 | + {0, 0, 0, 0, 0, /* end of table */} | |
30390 | }; | |
30391 | ||
30392 | #define UNICODE_MAX 0x0010ffff | |
ae4e228f MT |
30393 | diff -urNp linux-2.6.33.1/fs/ntfs/file.c linux-2.6.33.1/fs/ntfs/file.c |
30394 | --- linux-2.6.33.1/fs/ntfs/file.c 2010-03-15 12:09:39.000000000 -0400 | |
30395 | +++ linux-2.6.33.1/fs/ntfs/file.c 2010-03-20 16:58:41.717206210 -0400 | |
30396 | @@ -2243,6 +2243,6 @@ const struct inode_operations ntfs_file_ | |
58c5fc13 MT |
30397 | #endif /* NTFS_RW */ |
30398 | }; | |
30399 | ||
30400 | -const struct file_operations ntfs_empty_file_ops = {}; | |
ae4e228f | 30401 | +const struct file_operations ntfs_empty_file_ops __read_only; |
58c5fc13 MT |
30402 | |
30403 | -const struct inode_operations ntfs_empty_inode_ops = {}; | |
ae4e228f MT |
30404 | +const struct inode_operations ntfs_empty_inode_ops __read_only; |
30405 | diff -urNp linux-2.6.33.1/fs/ocfs2/cluster/masklog.c linux-2.6.33.1/fs/ocfs2/cluster/masklog.c | |
30406 | --- linux-2.6.33.1/fs/ocfs2/cluster/masklog.c 2010-03-15 12:09:39.000000000 -0400 | |
30407 | +++ linux-2.6.33.1/fs/ocfs2/cluster/masklog.c 2010-03-20 16:58:41.724925424 -0400 | |
30408 | @@ -135,7 +135,7 @@ static ssize_t mlog_store(struct kobject | |
30409 | return mlog_mask_store(mlog_attr->mask, buf, count); | |
30410 | } | |
30411 | ||
30412 | -static struct sysfs_ops mlog_attr_ops = { | |
30413 | +static const struct sysfs_ops mlog_attr_ops = { | |
30414 | .show = mlog_show, | |
30415 | .store = mlog_store, | |
30416 | }; | |
30417 | diff -urNp linux-2.6.33.1/fs/ocfs2/localalloc.c linux-2.6.33.1/fs/ocfs2/localalloc.c | |
30418 | --- linux-2.6.33.1/fs/ocfs2/localalloc.c 2010-03-15 12:09:39.000000000 -0400 | |
30419 | +++ linux-2.6.33.1/fs/ocfs2/localalloc.c 2010-03-20 16:58:41.736921327 -0400 | |
30420 | @@ -1188,7 +1188,7 @@ static int ocfs2_local_alloc_slide_windo | |
58c5fc13 MT |
30421 | goto bail; |
30422 | } | |
30423 | ||
30424 | - atomic_inc(&osb->alloc_stats.moves); | |
30425 | + atomic_inc_unchecked(&osb->alloc_stats.moves); | |
30426 | ||
30427 | status = 0; | |
30428 | bail: | |
ae4e228f MT |
30429 | diff -urNp linux-2.6.33.1/fs/ocfs2/ocfs2.h linux-2.6.33.1/fs/ocfs2/ocfs2.h |
30430 | --- linux-2.6.33.1/fs/ocfs2/ocfs2.h 2010-03-15 12:09:39.000000000 -0400 | |
30431 | +++ linux-2.6.33.1/fs/ocfs2/ocfs2.h 2010-03-20 16:58:41.753416780 -0400 | |
30432 | @@ -221,11 +221,11 @@ enum ocfs2_vol_state | |
58c5fc13 MT |
30433 | |
30434 | struct ocfs2_alloc_stats | |
30435 | { | |
30436 | - atomic_t moves; | |
30437 | - atomic_t local_data; | |
30438 | - atomic_t bitmap_data; | |
30439 | - atomic_t bg_allocs; | |
30440 | - atomic_t bg_extends; | |
30441 | + atomic_unchecked_t moves; | |
30442 | + atomic_unchecked_t local_data; | |
30443 | + atomic_unchecked_t bitmap_data; | |
30444 | + atomic_unchecked_t bg_allocs; | |
30445 | + atomic_unchecked_t bg_extends; | |
30446 | }; | |
30447 | ||
30448 | enum ocfs2_local_alloc_state | |
ae4e228f MT |
30449 | diff -urNp linux-2.6.33.1/fs/ocfs2/suballoc.c linux-2.6.33.1/fs/ocfs2/suballoc.c |
30450 | --- linux-2.6.33.1/fs/ocfs2/suballoc.c 2010-03-15 12:09:39.000000000 -0400 | |
30451 | +++ linux-2.6.33.1/fs/ocfs2/suballoc.c 2010-03-20 16:58:41.773443597 -0400 | |
58c5fc13 MT |
30452 | @@ -620,7 +620,7 @@ static int ocfs2_reserve_suballoc_bits(s |
30453 | mlog_errno(status); | |
30454 | goto bail; | |
30455 | } | |
30456 | - atomic_inc(&osb->alloc_stats.bg_extends); | |
30457 | + atomic_inc_unchecked(&osb->alloc_stats.bg_extends); | |
30458 | ||
30459 | /* You should never ask for this much metadata */ | |
30460 | BUG_ON(bits_wanted > | |
ae4e228f | 30461 | @@ -1651,7 +1651,7 @@ int ocfs2_claim_metadata(struct ocfs2_su |
58c5fc13 MT |
30462 | mlog_errno(status); |
30463 | goto bail; | |
30464 | } | |
30465 | - atomic_inc(&osb->alloc_stats.bg_allocs); | |
30466 | + atomic_inc_unchecked(&osb->alloc_stats.bg_allocs); | |
30467 | ||
30468 | *blkno_start = bg_blkno + (u64) *suballoc_bit_start; | |
30469 | ac->ac_bits_given += (*num_bits); | |
ae4e228f | 30470 | @@ -1725,7 +1725,7 @@ int ocfs2_claim_new_inode(struct ocfs2_s |
58c5fc13 MT |
30471 | mlog_errno(status); |
30472 | goto bail; | |
30473 | } | |
30474 | - atomic_inc(&osb->alloc_stats.bg_allocs); | |
30475 | + atomic_inc_unchecked(&osb->alloc_stats.bg_allocs); | |
30476 | ||
30477 | BUG_ON(num_bits != 1); | |
30478 | ||
ae4e228f | 30479 | @@ -1827,7 +1827,7 @@ int __ocfs2_claim_clusters(struct ocfs2_ |
58c5fc13 MT |
30480 | cluster_start, |
30481 | num_clusters); | |
30482 | if (!status) | |
30483 | - atomic_inc(&osb->alloc_stats.local_data); | |
30484 | + atomic_inc_unchecked(&osb->alloc_stats.local_data); | |
30485 | } else { | |
30486 | if (min_clusters > (osb->bitmap_cpg - 1)) { | |
30487 | /* The only paths asking for contiguousness | |
ae4e228f | 30488 | @@ -1855,7 +1855,7 @@ int __ocfs2_claim_clusters(struct ocfs2_ |
58c5fc13 MT |
30489 | ocfs2_desc_bitmap_to_cluster_off(ac->ac_inode, |
30490 | bg_blkno, | |
30491 | bg_bit_off); | |
30492 | - atomic_inc(&osb->alloc_stats.bitmap_data); | |
30493 | + atomic_inc_unchecked(&osb->alloc_stats.bitmap_data); | |
30494 | } | |
30495 | } | |
30496 | if (status < 0) { | |
ae4e228f MT |
30497 | diff -urNp linux-2.6.33.1/fs/ocfs2/super.c linux-2.6.33.1/fs/ocfs2/super.c |
30498 | --- linux-2.6.33.1/fs/ocfs2/super.c 2010-03-15 12:09:39.000000000 -0400 | |
30499 | +++ linux-2.6.33.1/fs/ocfs2/super.c 2010-03-20 16:58:41.781934851 -0400 | |
30500 | @@ -286,11 +286,11 @@ static int ocfs2_osb_dump(struct ocfs2_s | |
58c5fc13 MT |
30501 | "%10s => GlobalAllocs: %d LocalAllocs: %d " |
30502 | "SubAllocs: %d LAWinMoves: %d SAExtends: %d\n", | |
30503 | "Stats", | |
30504 | - atomic_read(&osb->alloc_stats.bitmap_data), | |
30505 | - atomic_read(&osb->alloc_stats.local_data), | |
30506 | - atomic_read(&osb->alloc_stats.bg_allocs), | |
30507 | - atomic_read(&osb->alloc_stats.moves), | |
30508 | - atomic_read(&osb->alloc_stats.bg_extends)); | |
30509 | + atomic_read_unchecked(&osb->alloc_stats.bitmap_data), | |
30510 | + atomic_read_unchecked(&osb->alloc_stats.local_data), | |
30511 | + atomic_read_unchecked(&osb->alloc_stats.bg_allocs), | |
30512 | + atomic_read_unchecked(&osb->alloc_stats.moves), | |
30513 | + atomic_read_unchecked(&osb->alloc_stats.bg_extends)); | |
30514 | ||
30515 | out += snprintf(buf + out, len - out, | |
30516 | "%10s => State: %u Descriptor: %llu Size: %u bits " | |
ae4e228f | 30517 | @@ -1999,11 +1999,11 @@ static int ocfs2_initialize_super(struct |
58c5fc13 MT |
30518 | spin_lock_init(&osb->osb_xattr_lock); |
30519 | ocfs2_init_inode_steal_slot(osb); | |
30520 | ||
30521 | - atomic_set(&osb->alloc_stats.moves, 0); | |
30522 | - atomic_set(&osb->alloc_stats.local_data, 0); | |
30523 | - atomic_set(&osb->alloc_stats.bitmap_data, 0); | |
30524 | - atomic_set(&osb->alloc_stats.bg_allocs, 0); | |
30525 | - atomic_set(&osb->alloc_stats.bg_extends, 0); | |
30526 | + atomic_set_unchecked(&osb->alloc_stats.moves, 0); | |
30527 | + atomic_set_unchecked(&osb->alloc_stats.local_data, 0); | |
30528 | + atomic_set_unchecked(&osb->alloc_stats.bitmap_data, 0); | |
30529 | + atomic_set_unchecked(&osb->alloc_stats.bg_allocs, 0); | |
30530 | + atomic_set_unchecked(&osb->alloc_stats.bg_extends, 0); | |
30531 | ||
30532 | /* Copy the blockcheck stats from the superblock probe */ | |
30533 | osb->osb_ecc_stats = *stats; | |
ae4e228f MT |
30534 | diff -urNp linux-2.6.33.1/fs/ocfs2/symlink.c linux-2.6.33.1/fs/ocfs2/symlink.c |
30535 | --- linux-2.6.33.1/fs/ocfs2/symlink.c 2010-03-15 12:09:39.000000000 -0400 | |
30536 | +++ linux-2.6.33.1/fs/ocfs2/symlink.c 2010-03-20 16:58:41.809220780 -0400 | |
30537 | @@ -148,7 +148,7 @@ bail: | |
58c5fc13 | 30538 | |
ae4e228f MT |
30539 | static void ocfs2_fast_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie) |
30540 | { | |
30541 | - char *link = nd_get_link(nd); | |
30542 | + const char *link = nd_get_link(nd); | |
30543 | if (!IS_ERR(link)) | |
30544 | kfree(link); | |
58c5fc13 | 30545 | } |
ae4e228f MT |
30546 | diff -urNp linux-2.6.33.1/fs/open.c linux-2.6.33.1/fs/open.c |
30547 | --- linux-2.6.33.1/fs/open.c 2010-03-15 12:09:39.000000000 -0400 | |
30548 | +++ linux-2.6.33.1/fs/open.c 2010-03-20 16:58:41.824559234 -0400 | |
30549 | @@ -209,6 +209,9 @@ int do_truncate(struct dentry *dentry, l | |
58c5fc13 MT |
30550 | if (length < 0) |
30551 | return -EINVAL; | |
30552 | ||
30553 | + if (filp && !gr_acl_handle_truncate(dentry, filp->f_path.mnt)) | |
30554 | + return -EACCES; | |
30555 | + | |
30556 | newattrs.ia_size = length; | |
30557 | newattrs.ia_valid = ATTR_SIZE | time_attrs; | |
30558 | if (filp) { | |
ae4e228f | 30559 | @@ -514,6 +517,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, con |
58c5fc13 MT |
30560 | if (__mnt_is_readonly(path.mnt)) |
30561 | res = -EROFS; | |
30562 | ||
30563 | + if (!res && !gr_acl_handle_access(path.dentry, path.mnt, mode)) | |
30564 | + res = -EACCES; | |
30565 | + | |
30566 | out_path_release: | |
30567 | path_put(&path); | |
30568 | out: | |
ae4e228f | 30569 | @@ -540,6 +546,8 @@ SYSCALL_DEFINE1(chdir, const char __user |
58c5fc13 MT |
30570 | if (error) |
30571 | goto dput_and_out; | |
30572 | ||
30573 | + gr_log_chdir(path.dentry, path.mnt); | |
30574 | + | |
30575 | set_fs_pwd(current->fs, &path); | |
30576 | ||
30577 | dput_and_out: | |
ae4e228f | 30578 | @@ -566,6 +574,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd |
58c5fc13 MT |
30579 | goto out_putf; |
30580 | ||
30581 | error = inode_permission(inode, MAY_EXEC | MAY_ACCESS); | |
30582 | + | |
30583 | + if (!error && !gr_chroot_fchdir(file->f_path.dentry, file->f_path.mnt)) | |
30584 | + error = -EPERM; | |
30585 | + | |
30586 | + if (!error) | |
30587 | + gr_log_chdir(file->f_path.dentry, file->f_path.mnt); | |
30588 | + | |
30589 | if (!error) | |
30590 | set_fs_pwd(current->fs, &file->f_path); | |
30591 | out_putf: | |
ae4e228f MT |
30592 | @@ -594,7 +609,18 @@ SYSCALL_DEFINE1(chroot, const char __use |
30593 | if (error) | |
58c5fc13 MT |
30594 | goto dput_and_out; |
30595 | ||
30596 | + if (gr_handle_chroot_chroot(path.dentry, path.mnt)) | |
30597 | + goto dput_and_out; | |
30598 | + | |
30599 | + if (gr_handle_chroot_caps(&path)) { | |
30600 | + error = -ENOMEM; | |
30601 | + goto dput_and_out; | |
30602 | + } | |
30603 | + | |
30604 | set_fs_root(current->fs, &path); | |
30605 | + | |
30606 | + gr_handle_chroot_chdir(&path); | |
30607 | + | |
30608 | error = 0; | |
30609 | dput_and_out: | |
30610 | path_put(&path); | |
ae4e228f | 30611 | @@ -622,6 +648,12 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd |
58c5fc13 MT |
30612 | err = mnt_want_write_file(file); |
30613 | if (err) | |
30614 | goto out_putf; | |
30615 | + | |
30616 | + if (!gr_acl_handle_fchmod(dentry, file->f_path.mnt, mode)) { | |
30617 | + err = -EACCES; | |
30618 | + goto out_drop_write; | |
30619 | + } | |
30620 | + | |
30621 | mutex_lock(&inode->i_mutex); | |
ae4e228f MT |
30622 | err = security_path_chmod(dentry, file->f_vfsmnt, mode); |
30623 | if (err) | |
30624 | @@ -633,6 +665,7 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd | |
58c5fc13 | 30625 | err = notify_change(dentry, &newattrs); |
ae4e228f | 30626 | out_unlock: |
58c5fc13 | 30627 | mutex_unlock(&inode->i_mutex); |
58c5fc13 MT |
30628 | +out_drop_write: |
30629 | mnt_drop_write(file->f_path.mnt); | |
30630 | out_putf: | |
30631 | fput(file); | |
ae4e228f | 30632 | @@ -655,17 +688,30 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons |
58c5fc13 MT |
30633 | error = mnt_want_write(path.mnt); |
30634 | if (error) | |
30635 | goto dput_and_out; | |
30636 | + | |
30637 | + if (!gr_acl_handle_chmod(path.dentry, path.mnt, mode)) { | |
30638 | + error = -EACCES; | |
30639 | + goto out_drop_write; | |
30640 | + } | |
30641 | + | |
30642 | mutex_lock(&inode->i_mutex); | |
ae4e228f MT |
30643 | error = security_path_chmod(path.dentry, path.mnt, mode); |
30644 | if (error) | |
30645 | goto out_unlock; | |
58c5fc13 MT |
30646 | if (mode == (mode_t) -1) |
30647 | mode = inode->i_mode; | |
30648 | + | |
30649 | + if (gr_handle_chroot_chmod(path.dentry, path.mnt, mode)) { | |
30650 | + error = -EACCES; | |
ae4e228f | 30651 | + goto out_unlock; |
58c5fc13 MT |
30652 | + } |
30653 | + | |
30654 | newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); | |
30655 | newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; | |
30656 | error = notify_change(path.dentry, &newattrs); | |
ae4e228f | 30657 | out_unlock: |
58c5fc13 | 30658 | mutex_unlock(&inode->i_mutex); |
58c5fc13 MT |
30659 | +out_drop_write: |
30660 | mnt_drop_write(path.mnt); | |
30661 | dput_and_out: | |
30662 | path_put(&path); | |
ae4e228f | 30663 | @@ -684,6 +730,9 @@ static int chown_common(struct path *pat |
58c5fc13 MT |
30664 | int error; |
30665 | struct iattr newattrs; | |
30666 | ||
ae4e228f | 30667 | + if (!gr_acl_handle_chown(path->dentry, path->mnt)) |
58c5fc13 MT |
30668 | + return -EACCES; |
30669 | + | |
30670 | newattrs.ia_valid = ATTR_CTIME; | |
30671 | if (user != (uid_t) -1) { | |
30672 | newattrs.ia_valid |= ATTR_UID; | |
ae4e228f MT |
30673 | diff -urNp linux-2.6.33.1/fs/pipe.c linux-2.6.33.1/fs/pipe.c |
30674 | --- linux-2.6.33.1/fs/pipe.c 2010-03-15 12:09:39.000000000 -0400 | |
30675 | +++ linux-2.6.33.1/fs/pipe.c 2010-03-20 16:58:41.824559234 -0400 | |
30676 | @@ -401,9 +401,9 @@ redo: | |
30677 | } | |
30678 | if (bufs) /* More to do? */ | |
30679 | continue; | |
30680 | - if (!pipe->writers) | |
30681 | + if (!atomic_read(&pipe->writers)) | |
30682 | break; | |
30683 | - if (!pipe->waiting_writers) { | |
30684 | + if (!atomic_read(&pipe->waiting_writers)) { | |
30685 | /* syscall merging: Usually we must not sleep | |
30686 | * if O_NONBLOCK is set, or if we got some data. | |
30687 | * But if a writer sleeps in kernel space, then | |
30688 | @@ -462,7 +462,7 @@ pipe_write(struct kiocb *iocb, const str | |
30689 | mutex_lock(&inode->i_mutex); | |
30690 | pipe = inode->i_pipe; | |
30691 | ||
30692 | - if (!pipe->readers) { | |
30693 | + if (!atomic_read(&pipe->readers)) { | |
30694 | send_sig(SIGPIPE, current, 0); | |
30695 | ret = -EPIPE; | |
30696 | goto out; | |
30697 | @@ -511,7 +511,7 @@ redo1: | |
30698 | for (;;) { | |
30699 | int bufs; | |
30700 | ||
30701 | - if (!pipe->readers) { | |
30702 | + if (!atomic_read(&pipe->readers)) { | |
30703 | send_sig(SIGPIPE, current, 0); | |
30704 | if (!ret) | |
30705 | ret = -EPIPE; | |
30706 | @@ -597,9 +597,9 @@ redo2: | |
30707 | kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); | |
30708 | do_wakeup = 0; | |
30709 | } | |
30710 | - pipe->waiting_writers++; | |
30711 | + atomic_inc(&pipe->waiting_writers); | |
30712 | pipe_wait(pipe); | |
30713 | - pipe->waiting_writers--; | |
30714 | + atomic_dec(&pipe->waiting_writers); | |
30715 | } | |
30716 | out: | |
30717 | mutex_unlock(&inode->i_mutex); | |
30718 | @@ -666,7 +666,7 @@ pipe_poll(struct file *filp, poll_table | |
30719 | mask = 0; | |
30720 | if (filp->f_mode & FMODE_READ) { | |
30721 | mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0; | |
30722 | - if (!pipe->writers && filp->f_version != pipe->w_counter) | |
30723 | + if (!atomic_read(&pipe->writers) && filp->f_version != pipe->w_counter) | |
30724 | mask |= POLLHUP; | |
30725 | } | |
30726 | ||
30727 | @@ -676,7 +676,7 @@ pipe_poll(struct file *filp, poll_table | |
30728 | * Most Unices do not set POLLERR for FIFOs but on Linux they | |
30729 | * behave exactly like pipes for poll(). | |
30730 | */ | |
30731 | - if (!pipe->readers) | |
30732 | + if (!atomic_read(&pipe->readers)) | |
30733 | mask |= POLLERR; | |
30734 | } | |
30735 | ||
30736 | @@ -690,10 +690,10 @@ pipe_release(struct inode *inode, int de | |
30737 | ||
30738 | mutex_lock(&inode->i_mutex); | |
30739 | pipe = inode->i_pipe; | |
30740 | - pipe->readers -= decr; | |
30741 | - pipe->writers -= decw; | |
30742 | + atomic_sub(decr, &pipe->readers); | |
30743 | + atomic_sub(decw, &pipe->writers); | |
30744 | ||
30745 | - if (!pipe->readers && !pipe->writers) { | |
30746 | + if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) { | |
30747 | free_pipe_info(inode); | |
30748 | } else { | |
30749 | wake_up_interruptible_sync(&pipe->wait); | |
30750 | @@ -783,7 +783,7 @@ pipe_read_open(struct inode *inode, stru | |
30751 | ||
30752 | if (inode->i_pipe) { | |
30753 | ret = 0; | |
30754 | - inode->i_pipe->readers++; | |
30755 | + atomic_inc(&inode->i_pipe->readers); | |
30756 | } | |
30757 | ||
30758 | mutex_unlock(&inode->i_mutex); | |
30759 | @@ -800,7 +800,7 @@ pipe_write_open(struct inode *inode, str | |
30760 | ||
30761 | if (inode->i_pipe) { | |
30762 | ret = 0; | |
30763 | - inode->i_pipe->writers++; | |
30764 | + atomic_inc(&inode->i_pipe->writers); | |
30765 | } | |
30766 | ||
30767 | mutex_unlock(&inode->i_mutex); | |
30768 | @@ -818,9 +818,9 @@ pipe_rdwr_open(struct inode *inode, stru | |
30769 | if (inode->i_pipe) { | |
30770 | ret = 0; | |
30771 | if (filp->f_mode & FMODE_READ) | |
30772 | - inode->i_pipe->readers++; | |
30773 | + atomic_inc(&inode->i_pipe->readers); | |
30774 | if (filp->f_mode & FMODE_WRITE) | |
30775 | - inode->i_pipe->writers++; | |
30776 | + atomic_inc(&inode->i_pipe->writers); | |
30777 | } | |
30778 | ||
30779 | mutex_unlock(&inode->i_mutex); | |
30780 | @@ -905,7 +905,7 @@ void free_pipe_info(struct inode *inode) | |
58c5fc13 MT |
30781 | inode->i_pipe = NULL; |
30782 | } | |
30783 | ||
30784 | -static struct vfsmount *pipe_mnt __read_mostly; | |
30785 | +struct vfsmount *pipe_mnt __read_mostly; | |
ae4e228f MT |
30786 | |
30787 | /* | |
30788 | * pipefs_dname() is called from d_path(). | |
30789 | @@ -933,7 +933,8 @@ static struct inode * get_pipe_inode(voi | |
30790 | goto fail_iput; | |
30791 | inode->i_pipe = pipe; | |
30792 | ||
30793 | - pipe->readers = pipe->writers = 1; | |
30794 | + atomic_set(&pipe->readers, 1); | |
30795 | + atomic_set(&pipe->writers, 1); | |
30796 | inode->i_fop = &rdwr_pipefifo_fops; | |
30797 | ||
58c5fc13 | 30798 | /* |
ae4e228f MT |
30799 | diff -urNp linux-2.6.33.1/fs/proc/array.c linux-2.6.33.1/fs/proc/array.c |
30800 | --- linux-2.6.33.1/fs/proc/array.c 2010-03-15 12:09:39.000000000 -0400 | |
30801 | +++ linux-2.6.33.1/fs/proc/array.c 2010-03-20 16:58:41.824559234 -0400 | |
30802 | @@ -337,6 +337,21 @@ static void task_cpus_allowed(struct seq | |
30803 | seq_printf(m, "\n"); | |
58c5fc13 MT |
30804 | } |
30805 | ||
30806 | +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) | |
30807 | +static inline void task_pax(struct seq_file *m, struct task_struct *p) | |
30808 | +{ | |
30809 | + if (p->mm) | |
30810 | + seq_printf(m, "PaX:\t%c%c%c%c%c\n", | |
30811 | + p->mm->pax_flags & MF_PAX_PAGEEXEC ? 'P' : 'p', | |
30812 | + p->mm->pax_flags & MF_PAX_EMUTRAMP ? 'E' : 'e', | |
30813 | + p->mm->pax_flags & MF_PAX_MPROTECT ? 'M' : 'm', | |
30814 | + p->mm->pax_flags & MF_PAX_RANDMMAP ? 'R' : 'r', | |
30815 | + p->mm->pax_flags & MF_PAX_SEGMEXEC ? 'S' : 's'); | |
30816 | + else | |
30817 | + seq_printf(m, "PaX:\t-----\n"); | |
30818 | +} | |
30819 | +#endif | |
30820 | + | |
30821 | int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, | |
30822 | struct pid *pid, struct task_struct *task) | |
30823 | { | |
ae4e228f | 30824 | @@ -357,9 +372,20 @@ int proc_pid_status(struct seq_file *m, |
58c5fc13 MT |
30825 | task_show_regs(m, task); |
30826 | #endif | |
30827 | task_context_switch_counts(m, task); | |
30828 | + | |
30829 | +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) | |
30830 | + task_pax(m, task); | |
30831 | +#endif | |
30832 | + | |
30833 | return 0; | |
30834 | } | |
30835 | ||
30836 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
30837 | +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \ | |
30838 | + (_mm->pax_flags & MF_PAX_RANDMMAP || \ | |
30839 | + _mm->pax_flags & MF_PAX_SEGMEXEC)) | |
30840 | +#endif | |
30841 | + | |
30842 | static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, | |
30843 | struct pid *pid, struct task_struct *task, int whole) | |
30844 | { | |
ae4e228f MT |
30845 | @@ -452,6 +478,19 @@ static int do_task_stat(struct seq_file |
30846 | gtime = task->gtime; | |
58c5fc13 MT |
30847 | } |
30848 | ||
30849 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
30850 | + if (PAX_RAND_FLAGS(mm)) { | |
30851 | + eip = 0; | |
30852 | + esp = 0; | |
30853 | + wchan = 0; | |
30854 | + } | |
30855 | +#endif | |
30856 | +#ifdef CONFIG_GRKERNSEC_HIDESYM | |
30857 | + wchan = 0; | |
30858 | + eip =0; | |
30859 | + esp =0; | |
30860 | +#endif | |
30861 | + | |
30862 | /* scale priority and nice values from timeslices to -20..20 */ | |
30863 | /* to make it look like a "normal" Unix priority/nice value */ | |
30864 | priority = task_prio(task); | |
ae4e228f | 30865 | @@ -492,9 +531,15 @@ static int do_task_stat(struct seq_file |
58c5fc13 MT |
30866 | vsize, |
30867 | mm ? get_mm_rss(mm) : 0, | |
30868 | rsslim, | |
30869 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
30870 | + PAX_RAND_FLAGS(mm) ? 1 : (mm ? mm->start_code : 0), | |
30871 | + PAX_RAND_FLAGS(mm) ? 1 : (mm ? mm->end_code : 0), | |
ae4e228f | 30872 | + PAX_RAND_FLAGS(mm) ? 0 : ((permitted && mm) ? task->stack_start : 0), |
58c5fc13 MT |
30873 | +#else |
30874 | mm ? mm->start_code : 0, | |
30875 | mm ? mm->end_code : 0, | |
ae4e228f | 30876 | (permitted && mm) ? task->stack_start : 0, |
58c5fc13 MT |
30877 | +#endif |
30878 | esp, | |
30879 | eip, | |
30880 | /* The signal information here is obsolete. | |
ae4e228f | 30881 | @@ -547,3 +592,10 @@ int proc_pid_statm(struct seq_file *m, s |
58c5fc13 MT |
30882 | |
30883 | return 0; | |
30884 | } | |
30885 | + | |
30886 | +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR | |
30887 | +int proc_pid_ipaddr(struct task_struct *task, char *buffer) | |
30888 | +{ | |
ae4e228f | 30889 | + return sprintf(buffer, "%pI4\n", &task->signal->curr_ip); |
58c5fc13 MT |
30890 | +} |
30891 | +#endif | |
ae4e228f MT |
30892 | diff -urNp linux-2.6.33.1/fs/proc/base.c linux-2.6.33.1/fs/proc/base.c |
30893 | --- linux-2.6.33.1/fs/proc/base.c 2010-03-15 12:09:39.000000000 -0400 | |
30894 | +++ linux-2.6.33.1/fs/proc/base.c 2010-03-20 16:58:41.824559234 -0400 | |
30895 | @@ -102,6 +102,22 @@ struct pid_entry { | |
30896 | union proc_op op; | |
30897 | }; | |
30898 | ||
30899 | +struct getdents_callback { | |
30900 | + struct linux_dirent __user * current_dir; | |
30901 | + struct linux_dirent __user * previous; | |
30902 | + struct file * file; | |
30903 | + int count; | |
30904 | + int error; | |
30905 | +}; | |
30906 | + | |
30907 | +static int gr_fake_filldir(void * __buf, const char *name, int namlen, | |
30908 | + loff_t offset, u64 ino, unsigned int d_type) | |
30909 | +{ | |
30910 | + struct getdents_callback * buf = (struct getdents_callback *) __buf; | |
30911 | + buf->error = -EINVAL; | |
30912 | + return 0; | |
30913 | +} | |
30914 | + | |
30915 | #define NOD(NAME, MODE, IOP, FOP, OP) { \ | |
30916 | .name = (NAME), \ | |
30917 | .len = sizeof(NAME) - 1, \ | |
30918 | @@ -213,6 +229,9 @@ static int check_mem_permission(struct t | |
58c5fc13 MT |
30919 | if (task == current) |
30920 | return 0; | |
30921 | ||
30922 | + if (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task)) | |
30923 | + return -EPERM; | |
30924 | + | |
30925 | /* | |
30926 | * If current is actively ptrace'ing, and would also be | |
30927 | * permitted to freshly attach with ptrace now, permit it. | |
ae4e228f | 30928 | @@ -260,6 +279,9 @@ static int proc_pid_cmdline(struct task_ |
58c5fc13 MT |
30929 | if (!mm->arg_end) |
30930 | goto out_mm; /* Shh! No looking before we're done */ | |
30931 | ||
30932 | + if (gr_acl_handle_procpidmem(task)) | |
30933 | + goto out_mm; | |
30934 | + | |
30935 | len = mm->arg_end - mm->arg_start; | |
30936 | ||
30937 | if (len > PAGE_SIZE) | |
ae4e228f | 30938 | @@ -287,12 +309,26 @@ out: |
58c5fc13 MT |
30939 | return res; |
30940 | } | |
30941 | ||
30942 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
30943 | +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \ | |
30944 | + (_mm->pax_flags & MF_PAX_RANDMMAP || \ | |
30945 | + _mm->pax_flags & MF_PAX_SEGMEXEC)) | |
30946 | +#endif | |
30947 | + | |
30948 | static int proc_pid_auxv(struct task_struct *task, char *buffer) | |
30949 | { | |
30950 | int res = 0; | |
30951 | struct mm_struct *mm = get_task_mm(task); | |
30952 | if (mm) { | |
30953 | unsigned int nwords = 0; | |
30954 | + | |
30955 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
30956 | + if (PAX_RAND_FLAGS(mm)) { | |
30957 | + mmput(mm); | |
30958 | + return res; | |
30959 | + } | |
30960 | +#endif | |
30961 | + | |
30962 | do { | |
30963 | nwords += 2; | |
30964 | } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */ | |
ae4e228f | 30965 | @@ -328,7 +364,7 @@ static int proc_pid_wchan(struct task_st |
58c5fc13 MT |
30966 | } |
30967 | #endif /* CONFIG_KALLSYMS */ | |
30968 | ||
30969 | -#ifdef CONFIG_STACKTRACE | |
30970 | +#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM) | |
30971 | ||
30972 | #define MAX_STACK_TRACE_DEPTH 64 | |
30973 | ||
ae4e228f | 30974 | @@ -521,7 +557,7 @@ static int proc_pid_limits(struct task_s |
58c5fc13 MT |
30975 | return count; |
30976 | } | |
30977 | ||
30978 | -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK | |
30979 | +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP) | |
30980 | static int proc_pid_syscall(struct task_struct *task, char *buffer) | |
30981 | { | |
30982 | long nr; | |
ae4e228f | 30983 | @@ -935,6 +971,9 @@ static ssize_t environ_read(struct file |
58c5fc13 MT |
30984 | if (!task) |
30985 | goto out_no_task; | |
30986 | ||
30987 | + if (gr_acl_handle_procpidmem(task)) | |
30988 | + goto out; | |
30989 | + | |
30990 | if (!ptrace_may_access(task, PTRACE_MODE_READ)) | |
30991 | goto out; | |
30992 | ||
ae4e228f | 30993 | @@ -1520,7 +1559,11 @@ static struct inode *proc_pid_make_inode |
58c5fc13 MT |
30994 | rcu_read_lock(); |
30995 | cred = __task_cred(task); | |
30996 | inode->i_uid = cred->euid; | |
30997 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
30998 | + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID; | |
30999 | +#else | |
31000 | inode->i_gid = cred->egid; | |
31001 | +#endif | |
31002 | rcu_read_unlock(); | |
31003 | } | |
31004 | security_task_to_inode(task, inode); | |
ae4e228f | 31005 | @@ -1538,6 +1581,9 @@ static int pid_getattr(struct vfsmount * |
58c5fc13 MT |
31006 | struct inode *inode = dentry->d_inode; |
31007 | struct task_struct *task; | |
31008 | const struct cred *cred; | |
31009 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
31010 | + const struct cred *tmpcred = current_cred(); | |
31011 | +#endif | |
31012 | ||
31013 | generic_fillattr(inode, stat); | |
31014 | ||
ae4e228f | 31015 | @@ -1545,12 +1591,34 @@ static int pid_getattr(struct vfsmount * |
58c5fc13 MT |
31016 | stat->uid = 0; |
31017 | stat->gid = 0; | |
31018 | task = pid_task(proc_pid(inode), PIDTYPE_PID); | |
31019 | + | |
31020 | + if (task && (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))) { | |
31021 | + rcu_read_unlock(); | |
31022 | + return -ENOENT; | |
31023 | + } | |
31024 | + | |
31025 | if (task) { | |
31026 | + cred = __task_cred(task); | |
31027 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
31028 | + if (!tmpcred->uid || (tmpcred->uid == cred->uid) | |
31029 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
31030 | + || in_group_p(CONFIG_GRKERNSEC_PROC_GID) | |
31031 | +#endif | |
31032 | + ) | |
31033 | +#endif | |
31034 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || | |
31035 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
31036 | + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) || | |
31037 | +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
31038 | + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) || | |
31039 | +#endif | |
31040 | task_dumpable(task)) { | |
31041 | - cred = __task_cred(task); | |
31042 | stat->uid = cred->euid; | |
31043 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
31044 | + stat->gid = CONFIG_GRKERNSEC_PROC_GID; | |
31045 | +#else | |
31046 | stat->gid = cred->egid; | |
31047 | +#endif | |
31048 | } | |
31049 | } | |
31050 | rcu_read_unlock(); | |
ae4e228f | 31051 | @@ -1582,11 +1650,20 @@ static int pid_revalidate(struct dentry |
58c5fc13 MT |
31052 | |
31053 | if (task) { | |
31054 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || | |
31055 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
31056 | + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) || | |
31057 | +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
31058 | + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) || | |
31059 | +#endif | |
31060 | task_dumpable(task)) { | |
31061 | rcu_read_lock(); | |
31062 | cred = __task_cred(task); | |
31063 | inode->i_uid = cred->euid; | |
31064 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
31065 | + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID; | |
31066 | +#else | |
31067 | inode->i_gid = cred->egid; | |
31068 | +#endif | |
31069 | rcu_read_unlock(); | |
31070 | } else { | |
31071 | inode->i_uid = 0; | |
ae4e228f | 31072 | @@ -1707,7 +1784,8 @@ static int proc_fd_info(struct inode *in |
58c5fc13 MT |
31073 | int fd = proc_fd(inode); |
31074 | ||
31075 | if (task) { | |
31076 | - files = get_files_struct(task); | |
31077 | + if (!gr_acl_handle_procpidmem(task)) | |
31078 | + files = get_files_struct(task); | |
31079 | put_task_struct(task); | |
31080 | } | |
31081 | if (files) { | |
ae4e228f | 31082 | @@ -1959,12 +2037,22 @@ static const struct file_operations proc |
58c5fc13 MT |
31083 | static int proc_fd_permission(struct inode *inode, int mask) |
31084 | { | |
31085 | int rv; | |
31086 | + struct task_struct *task; | |
31087 | ||
31088 | rv = generic_permission(inode, mask, NULL); | |
31089 | - if (rv == 0) | |
31090 | - return 0; | |
31091 | + | |
31092 | if (task_pid(current) == proc_pid(inode)) | |
31093 | rv = 0; | |
31094 | + | |
31095 | + task = get_proc_task(inode); | |
31096 | + if (task == NULL) | |
31097 | + return rv; | |
31098 | + | |
31099 | + if (gr_acl_handle_procpidmem(task)) | |
31100 | + rv = -EACCES; | |
31101 | + | |
31102 | + put_task_struct(task); | |
31103 | + | |
31104 | return rv; | |
31105 | } | |
31106 | ||
ae4e228f | 31107 | @@ -2073,6 +2161,9 @@ static struct dentry *proc_pident_lookup |
58c5fc13 MT |
31108 | if (!task) |
31109 | goto out_no_task; | |
31110 | ||
31111 | + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task)) | |
31112 | + goto out; | |
31113 | + | |
31114 | /* | |
31115 | * Yes, it does not scale. And it should not. Don't add | |
31116 | * new entries into /proc/<tgid>/ without very good reasons. | |
ae4e228f | 31117 | @@ -2117,6 +2208,9 @@ static int proc_pident_readdir(struct fi |
58c5fc13 MT |
31118 | if (!task) |
31119 | goto out_no_task; | |
31120 | ||
31121 | + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task)) | |
31122 | + goto out; | |
31123 | + | |
31124 | ret = 0; | |
31125 | i = filp->f_pos; | |
31126 | switch (i) { | |
ae4e228f MT |
31127 | @@ -2384,7 +2478,7 @@ static void *proc_self_follow_link(struc |
31128 | static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd, | |
31129 | void *cookie) | |
31130 | { | |
31131 | - char *s = nd_get_link(nd); | |
31132 | + const char *s = nd_get_link(nd); | |
31133 | if (!IS_ERR(s)) | |
31134 | __putname(s); | |
31135 | } | |
31136 | @@ -2497,6 +2591,9 @@ static struct dentry *proc_base_lookup(s | |
58c5fc13 MT |
31137 | if (p > last) |
31138 | goto out; | |
31139 | ||
31140 | + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task)) | |
31141 | + goto out; | |
31142 | + | |
31143 | error = proc_base_instantiate(dir, dentry, task, p); | |
31144 | ||
31145 | out: | |
ae4e228f | 31146 | @@ -2584,7 +2681,7 @@ static const struct pid_entry tgid_base_ |
58c5fc13 MT |
31147 | REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), |
31148 | #endif | |
ae4e228f | 31149 | REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), |
58c5fc13 MT |
31150 | -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK |
31151 | +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP) | |
31152 | INF("syscall", S_IRUSR, proc_pid_syscall), | |
31153 | #endif | |
31154 | INF("cmdline", S_IRUGO, proc_pid_cmdline), | |
ae4e228f | 31155 | @@ -2612,7 +2709,7 @@ static const struct pid_entry tgid_base_ |
58c5fc13 MT |
31156 | #ifdef CONFIG_KALLSYMS |
31157 | INF("wchan", S_IRUGO, proc_pid_wchan), | |
31158 | #endif | |
31159 | -#ifdef CONFIG_STACKTRACE | |
31160 | +#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM) | |
31161 | ONE("stack", S_IRUSR, proc_pid_stack), | |
31162 | #endif | |
31163 | #ifdef CONFIG_SCHEDSTATS | |
ae4e228f | 31164 | @@ -2642,6 +2739,9 @@ static const struct pid_entry tgid_base_ |
58c5fc13 MT |
31165 | #ifdef CONFIG_TASK_IO_ACCOUNTING |
31166 | INF("io", S_IRUGO, proc_tgid_io_accounting), | |
31167 | #endif | |
31168 | +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR | |
31169 | + INF("ipaddr", S_IRUSR, proc_pid_ipaddr), | |
31170 | +#endif | |
31171 | }; | |
31172 | ||
31173 | static int proc_tgid_base_readdir(struct file * filp, | |
ae4e228f | 31174 | @@ -2766,7 +2866,14 @@ static struct dentry *proc_pid_instantia |
58c5fc13 MT |
31175 | if (!inode) |
31176 | goto out; | |
31177 | ||
31178 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
31179 | + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR; | |
31180 | +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
31181 | + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID; | |
31182 | + inode->i_mode = S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP; | |
31183 | +#else | |
31184 | inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; | |
31185 | +#endif | |
31186 | inode->i_op = &proc_tgid_base_inode_operations; | |
31187 | inode->i_fop = &proc_tgid_base_operations; | |
31188 | inode->i_flags|=S_IMMUTABLE; | |
ae4e228f | 31189 | @@ -2808,7 +2915,11 @@ struct dentry *proc_pid_lookup(struct in |
58c5fc13 MT |
31190 | if (!task) |
31191 | goto out; | |
31192 | ||
31193 | + if (gr_check_hidden_task(task)) | |
31194 | + goto out_put_task; | |
31195 | + | |
31196 | result = proc_pid_instantiate(dir, dentry, task, NULL); | |
31197 | +out_put_task: | |
31198 | put_task_struct(task); | |
31199 | out: | |
31200 | return result; | |
ae4e228f | 31201 | @@ -2873,6 +2984,11 @@ int proc_pid_readdir(struct file * filp, |
58c5fc13 MT |
31202 | { |
31203 | unsigned int nr = filp->f_pos - FIRST_PROCESS_ENTRY; | |
31204 | struct task_struct *reaper = get_proc_task(filp->f_path.dentry->d_inode); | |
31205 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
31206 | + const struct cred *tmpcred = current_cred(); | |
31207 | + const struct cred *itercred; | |
31208 | +#endif | |
ae4e228f | 31209 | + filldir_t __filldir = filldir; |
58c5fc13 MT |
31210 | struct tgid_iter iter; |
31211 | struct pid_namespace *ns; | |
31212 | ||
ae4e228f | 31213 | @@ -2891,8 +3007,27 @@ int proc_pid_readdir(struct file * filp, |
58c5fc13 MT |
31214 | for (iter = next_tgid(ns, iter); |
31215 | iter.task; | |
31216 | iter.tgid += 1, iter = next_tgid(ns, iter)) { | |
31217 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
ae4e228f | 31218 | + rcu_read_lock(); |
58c5fc13 MT |
31219 | + itercred = __task_cred(iter.task); |
31220 | +#endif | |
31221 | + if (gr_pid_is_chrooted(iter.task) || gr_check_hidden_task(iter.task) | |
31222 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
31223 | + || (tmpcred->uid && (itercred->uid != tmpcred->uid) | |
31224 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
31225 | + && !in_group_p(CONFIG_GRKERNSEC_PROC_GID) | |
31226 | +#endif | |
31227 | + ) | |
31228 | +#endif | |
31229 | + ) | |
ae4e228f MT |
31230 | + __filldir = &gr_fake_filldir; |
31231 | + else | |
31232 | + __filldir = filldir; | |
31233 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
31234 | + rcu_read_unlock(); | |
31235 | +#endif | |
58c5fc13 | 31236 | filp->f_pos = iter.tgid + TGID_OFFSET; |
ae4e228f MT |
31237 | - if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) { |
31238 | + if (proc_pid_fill_cache(filp, dirent, __filldir, iter) < 0) { | |
58c5fc13 | 31239 | put_task_struct(iter.task); |
ae4e228f MT |
31240 | goto out; |
31241 | } | |
31242 | @@ -2919,7 +3054,7 @@ static const struct pid_entry tid_base_s | |
58c5fc13 MT |
31243 | REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), |
31244 | #endif | |
ae4e228f | 31245 | REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), |
58c5fc13 MT |
31246 | -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK |
31247 | +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP) | |
31248 | INF("syscall", S_IRUSR, proc_pid_syscall), | |
31249 | #endif | |
31250 | INF("cmdline", S_IRUGO, proc_pid_cmdline), | |
ae4e228f | 31251 | @@ -2946,7 +3081,7 @@ static const struct pid_entry tid_base_s |
58c5fc13 MT |
31252 | #ifdef CONFIG_KALLSYMS |
31253 | INF("wchan", S_IRUGO, proc_pid_wchan), | |
31254 | #endif | |
31255 | -#ifdef CONFIG_STACKTRACE | |
31256 | +#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM) | |
31257 | ONE("stack", S_IRUSR, proc_pid_stack), | |
31258 | #endif | |
31259 | #ifdef CONFIG_SCHEDSTATS | |
ae4e228f MT |
31260 | diff -urNp linux-2.6.33.1/fs/proc/cmdline.c linux-2.6.33.1/fs/proc/cmdline.c |
31261 | --- linux-2.6.33.1/fs/proc/cmdline.c 2010-03-15 12:09:39.000000000 -0400 | |
31262 | +++ linux-2.6.33.1/fs/proc/cmdline.c 2010-03-20 16:58:41.828775433 -0400 | |
58c5fc13 MT |
31263 | @@ -23,7 +23,11 @@ static const struct file_operations cmdl |
31264 | ||
31265 | static int __init proc_cmdline_init(void) | |
31266 | { | |
31267 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
31268 | + proc_create_grsec("cmdline", 0, NULL, &cmdline_proc_fops); | |
31269 | +#else | |
31270 | proc_create("cmdline", 0, NULL, &cmdline_proc_fops); | |
31271 | +#endif | |
31272 | return 0; | |
31273 | } | |
31274 | module_init(proc_cmdline_init); | |
ae4e228f MT |
31275 | diff -urNp linux-2.6.33.1/fs/proc/devices.c linux-2.6.33.1/fs/proc/devices.c |
31276 | --- linux-2.6.33.1/fs/proc/devices.c 2010-03-15 12:09:39.000000000 -0400 | |
31277 | +++ linux-2.6.33.1/fs/proc/devices.c 2010-03-20 16:58:41.828775433 -0400 | |
58c5fc13 MT |
31278 | @@ -64,7 +64,11 @@ static const struct file_operations proc |
31279 | ||
31280 | static int __init proc_devices_init(void) | |
31281 | { | |
31282 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
31283 | + proc_create_grsec("devices", 0, NULL, &proc_devinfo_operations); | |
31284 | +#else | |
31285 | proc_create("devices", 0, NULL, &proc_devinfo_operations); | |
31286 | +#endif | |
31287 | return 0; | |
31288 | } | |
31289 | module_init(proc_devices_init); | |
ae4e228f MT |
31290 | diff -urNp linux-2.6.33.1/fs/proc/inode.c linux-2.6.33.1/fs/proc/inode.c |
31291 | --- linux-2.6.33.1/fs/proc/inode.c 2010-03-15 12:09:39.000000000 -0400 | |
31292 | +++ linux-2.6.33.1/fs/proc/inode.c 2010-03-20 16:58:41.828775433 -0400 | |
31293 | @@ -434,7 +434,11 @@ struct inode *proc_get_inode(struct supe | |
58c5fc13 MT |
31294 | if (de->mode) { |
31295 | inode->i_mode = de->mode; | |
31296 | inode->i_uid = de->uid; | |
31297 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
31298 | + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID; | |
31299 | +#else | |
31300 | inode->i_gid = de->gid; | |
31301 | +#endif | |
31302 | } | |
31303 | if (de->size) | |
31304 | inode->i_size = de->size; | |
ae4e228f MT |
31305 | diff -urNp linux-2.6.33.1/fs/proc/internal.h linux-2.6.33.1/fs/proc/internal.h |
31306 | --- linux-2.6.33.1/fs/proc/internal.h 2010-03-15 12:09:39.000000000 -0400 | |
31307 | +++ linux-2.6.33.1/fs/proc/internal.h 2010-03-20 16:58:41.828775433 -0400 | |
58c5fc13 MT |
31308 | @@ -51,6 +51,9 @@ extern int proc_pid_status(struct seq_fi |
31309 | struct pid *pid, struct task_struct *task); | |
31310 | extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, | |
31311 | struct pid *pid, struct task_struct *task); | |
31312 | +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR | |
31313 | +extern int proc_pid_ipaddr(struct task_struct *task, char *buffer); | |
31314 | +#endif | |
31315 | extern loff_t mem_lseek(struct file *file, loff_t offset, int orig); | |
31316 | ||
31317 | extern const struct file_operations proc_maps_operations; | |
ae4e228f MT |
31318 | diff -urNp linux-2.6.33.1/fs/proc/Kconfig linux-2.6.33.1/fs/proc/Kconfig |
31319 | --- linux-2.6.33.1/fs/proc/Kconfig 2010-03-15 12:09:39.000000000 -0400 | |
31320 | +++ linux-2.6.33.1/fs/proc/Kconfig 2010-03-20 16:58:41.828775433 -0400 | |
58c5fc13 MT |
31321 | @@ -30,12 +30,12 @@ config PROC_FS |
31322 | ||
31323 | config PROC_KCORE | |
31324 | bool "/proc/kcore support" if !ARM | |
31325 | - depends on PROC_FS && MMU | |
31326 | + depends on PROC_FS && MMU && !GRKERNSEC_PROC_ADD | |
31327 | ||
31328 | config PROC_VMCORE | |
31329 | bool "/proc/vmcore support (EXPERIMENTAL)" | |
31330 | - depends on PROC_FS && CRASH_DUMP | |
31331 | - default y | |
31332 | + depends on PROC_FS && CRASH_DUMP && !GRKERNSEC | |
31333 | + default n | |
31334 | help | |
31335 | Exports the dump image of crashed kernel in ELF format. | |
31336 | ||
31337 | @@ -59,8 +59,8 @@ config PROC_SYSCTL | |
31338 | limited in memory. | |
31339 | ||
31340 | config PROC_PAGE_MONITOR | |
31341 | - default y | |
31342 | - depends on PROC_FS && MMU | |
31343 | + default n | |
31344 | + depends on PROC_FS && MMU && !GRKERNSEC | |
31345 | bool "Enable /proc page monitoring" if EMBEDDED | |
31346 | help | |
31347 | Various /proc files exist to monitor process memory utilization: | |
ae4e228f MT |
31348 | diff -urNp linux-2.6.33.1/fs/proc/kcore.c linux-2.6.33.1/fs/proc/kcore.c |
31349 | --- linux-2.6.33.1/fs/proc/kcore.c 2010-03-15 12:09:39.000000000 -0400 | |
31350 | +++ linux-2.6.33.1/fs/proc/kcore.c 2010-03-20 16:58:41.832562866 -0400 | |
31351 | @@ -541,6 +541,9 @@ read_kcore(struct file *file, char __use | |
58c5fc13 | 31352 | |
ae4e228f | 31353 | static int open_kcore(struct inode *inode, struct file *filp) |
58c5fc13 | 31354 | { |
ae4e228f MT |
31355 | +#if defined(CONFIG_GRKERNSEC_PROC_ADD) || defined(CONFIG_GRKERNSEC_HIDESYM) |
31356 | + return -EPERM; | |
58c5fc13 | 31357 | +#endif |
ae4e228f MT |
31358 | if (!capable(CAP_SYS_RAWIO)) |
31359 | return -EPERM; | |
31360 | if (kcore_need_update) | |
31361 | diff -urNp linux-2.6.33.1/fs/proc/meminfo.c linux-2.6.33.1/fs/proc/meminfo.c | |
31362 | --- linux-2.6.33.1/fs/proc/meminfo.c 2010-03-15 12:09:39.000000000 -0400 | |
31363 | +++ linux-2.6.33.1/fs/proc/meminfo.c 2010-03-20 16:58:41.832562866 -0400 | |
31364 | @@ -149,7 +149,7 @@ static int meminfo_proc_show(struct seq_ | |
31365 | vmi.used >> 10, | |
31366 | vmi.largest_chunk >> 10 | |
31367 | #ifdef CONFIG_MEMORY_FAILURE | |
31368 | - ,atomic_long_read(&mce_bad_pages) << (PAGE_SHIFT - 10) | |
31369 | + ,atomic_long_read_unchecked(&mce_bad_pages) << (PAGE_SHIFT - 10) | |
31370 | #endif | |
31371 | ); | |
31372 | ||
31373 | diff -urNp linux-2.6.33.1/fs/proc/nommu.c linux-2.6.33.1/fs/proc/nommu.c | |
31374 | --- linux-2.6.33.1/fs/proc/nommu.c 2010-03-15 12:09:39.000000000 -0400 | |
31375 | +++ linux-2.6.33.1/fs/proc/nommu.c 2010-03-20 16:58:41.832562866 -0400 | |
58c5fc13 MT |
31376 | @@ -67,7 +67,7 @@ static int nommu_region_show(struct seq_ |
31377 | if (len < 1) | |
31378 | len = 1; | |
31379 | seq_printf(m, "%*c", len, ' '); | |
31380 | - seq_path(m, &file->f_path, ""); | |
31381 | + seq_path(m, &file->f_path, "\n\\"); | |
31382 | } | |
31383 | ||
31384 | seq_putc(m, '\n'); | |
ae4e228f MT |
31385 | diff -urNp linux-2.6.33.1/fs/proc/proc_net.c linux-2.6.33.1/fs/proc/proc_net.c |
31386 | --- linux-2.6.33.1/fs/proc/proc_net.c 2010-03-15 12:09:39.000000000 -0400 | |
31387 | +++ linux-2.6.33.1/fs/proc/proc_net.c 2010-03-20 16:58:41.832562866 -0400 | |
58c5fc13 MT |
31388 | @@ -104,6 +104,17 @@ static struct net *get_proc_task_net(str |
31389 | struct task_struct *task; | |
31390 | struct nsproxy *ns; | |
31391 | struct net *net = NULL; | |
31392 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
31393 | + const struct cred *cred = current_cred(); | |
31394 | +#endif | |
31395 | + | |
31396 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
31397 | + if (cred->fsuid) | |
31398 | + return net; | |
31399 | +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
31400 | + if (cred->fsuid && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)) | |
31401 | + return net; | |
31402 | +#endif | |
31403 | ||
31404 | rcu_read_lock(); | |
31405 | task = pid_task(proc_pid(dir), PIDTYPE_PID); | |
ae4e228f MT |
31406 | diff -urNp linux-2.6.33.1/fs/proc/proc_sysctl.c linux-2.6.33.1/fs/proc/proc_sysctl.c |
31407 | --- linux-2.6.33.1/fs/proc/proc_sysctl.c 2010-03-15 12:09:39.000000000 -0400 | |
31408 | +++ linux-2.6.33.1/fs/proc/proc_sysctl.c 2010-03-20 16:58:41.832562866 -0400 | |
58c5fc13 MT |
31409 | @@ -7,6 +7,8 @@ |
31410 | #include <linux/security.h> | |
31411 | #include "internal.h" | |
31412 | ||
31413 | +extern __u32 gr_handle_sysctl(const struct ctl_table *table, const int op); | |
31414 | + | |
31415 | static const struct dentry_operations proc_sys_dentry_operations; | |
31416 | static const struct file_operations proc_sys_file_operations; | |
31417 | static const struct inode_operations proc_sys_inode_operations; | |
31418 | @@ -109,6 +111,9 @@ static struct dentry *proc_sys_lookup(st | |
31419 | if (!p) | |
31420 | goto out; | |
31421 | ||
31422 | + if (gr_handle_sysctl(p, MAY_EXEC)) | |
31423 | + goto out; | |
31424 | + | |
31425 | err = ERR_PTR(-ENOMEM); | |
31426 | inode = proc_sys_make_inode(dir->i_sb, h ? h : head, p); | |
31427 | if (h) | |
31428 | @@ -228,6 +233,9 @@ static int scan(struct ctl_table_header | |
31429 | if (*pos < file->f_pos) | |
31430 | continue; | |
31431 | ||
31432 | + if (gr_handle_sysctl(table, 0)) | |
31433 | + continue; | |
31434 | + | |
31435 | res = proc_sys_fill_cache(file, dirent, filldir, head, table); | |
31436 | if (res) | |
31437 | return res; | |
31438 | @@ -344,6 +352,9 @@ static int proc_sys_getattr(struct vfsmo | |
31439 | if (IS_ERR(head)) | |
31440 | return PTR_ERR(head); | |
31441 | ||
31442 | + if (table && gr_handle_sysctl(table, MAY_EXEC)) | |
31443 | + return -ENOENT; | |
31444 | + | |
31445 | generic_fillattr(inode, stat); | |
31446 | if (table) | |
31447 | stat->mode = (stat->mode & S_IFMT) | table->mode; | |
ae4e228f MT |
31448 | diff -urNp linux-2.6.33.1/fs/proc/root.c linux-2.6.33.1/fs/proc/root.c |
31449 | --- linux-2.6.33.1/fs/proc/root.c 2010-03-15 12:09:39.000000000 -0400 | |
31450 | +++ linux-2.6.33.1/fs/proc/root.c 2010-03-20 16:58:41.836587389 -0400 | |
58c5fc13 MT |
31451 | @@ -134,7 +134,15 @@ void __init proc_root_init(void) |
31452 | #ifdef CONFIG_PROC_DEVICETREE | |
31453 | proc_device_tree_init(); | |
31454 | #endif | |
31455 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
31456 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
31457 | + proc_mkdir_mode("bus", S_IRUSR | S_IXUSR, NULL); | |
31458 | +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
31459 | + proc_mkdir_mode("bus", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL); | |
31460 | +#endif | |
31461 | +#else | |
31462 | proc_mkdir("bus", NULL); | |
31463 | +#endif | |
31464 | proc_sys_init(); | |
31465 | } | |
31466 | ||
ae4e228f MT |
31467 | diff -urNp linux-2.6.33.1/fs/proc/task_mmu.c linux-2.6.33.1/fs/proc/task_mmu.c |
31468 | --- linux-2.6.33.1/fs/proc/task_mmu.c 2010-03-15 12:09:39.000000000 -0400 | |
31469 | +++ linux-2.6.33.1/fs/proc/task_mmu.c 2010-03-20 16:58:41.836587389 -0400 | |
58c5fc13 MT |
31470 | @@ -46,15 +46,26 @@ void task_mem(struct seq_file *m, struct |
31471 | "VmStk:\t%8lu kB\n" | |
31472 | "VmExe:\t%8lu kB\n" | |
31473 | "VmLib:\t%8lu kB\n" | |
31474 | - "VmPTE:\t%8lu kB\n", | |
31475 | - hiwater_vm << (PAGE_SHIFT-10), | |
31476 | + "VmPTE:\t%8lu kB\n" | |
31477 | + | |
31478 | +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT | |
31479 | + "CsBase:\t%8lx\nCsLim:\t%8lx\n" | |
31480 | +#endif | |
31481 | + | |
31482 | + ,hiwater_vm << (PAGE_SHIFT-10), | |
31483 | (total_vm - mm->reserved_vm) << (PAGE_SHIFT-10), | |
31484 | mm->locked_vm << (PAGE_SHIFT-10), | |
31485 | hiwater_rss << (PAGE_SHIFT-10), | |
31486 | total_rss << (PAGE_SHIFT-10), | |
31487 | data << (PAGE_SHIFT-10), | |
31488 | mm->stack_vm << (PAGE_SHIFT-10), text, lib, | |
31489 | - (PTRS_PER_PTE*sizeof(pte_t)*mm->nr_ptes) >> 10); | |
31490 | + (PTRS_PER_PTE*sizeof(pte_t)*mm->nr_ptes) >> 10 | |
31491 | + | |
31492 | +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT | |
31493 | + , mm->context.user_cs_base, mm->context.user_cs_limit | |
31494 | +#endif | |
31495 | + | |
31496 | + ); | |
31497 | } | |
31498 | ||
31499 | unsigned long task_vsize(struct mm_struct *mm) | |
31500 | @@ -199,6 +210,12 @@ static int do_maps_open(struct inode *in | |
31501 | return ret; | |
31502 | } | |
31503 | ||
31504 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
31505 | +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \ | |
31506 | + (_mm->pax_flags & MF_PAX_RANDMMAP || \ | |
31507 | + _mm->pax_flags & MF_PAX_SEGMEXEC)) | |
31508 | +#endif | |
31509 | + | |
31510 | static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma) | |
31511 | { | |
31512 | struct mm_struct *mm = vma->vm_mm; | |
31513 | @@ -217,13 +234,22 @@ static void show_map_vma(struct seq_file | |
31514 | } | |
31515 | ||
31516 | seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu %n", | |
31517 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
31518 | + PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_start, | |
31519 | + PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_end, | |
31520 | +#else | |
31521 | vma->vm_start, | |
31522 | vma->vm_end, | |
31523 | +#endif | |
31524 | flags & VM_READ ? 'r' : '-', | |
31525 | flags & VM_WRITE ? 'w' : '-', | |
31526 | flags & VM_EXEC ? 'x' : '-', | |
31527 | flags & VM_MAYSHARE ? 's' : 'p', | |
31528 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
31529 | + PAX_RAND_FLAGS(mm) ? 0UL : pgoff, | |
31530 | +#else | |
31531 | pgoff, | |
31532 | +#endif | |
31533 | MAJOR(dev), MINOR(dev), ino, &len); | |
31534 | ||
31535 | /* | |
31536 | @@ -232,16 +258,16 @@ static void show_map_vma(struct seq_file | |
31537 | */ | |
31538 | if (file) { | |
31539 | pad_len_spaces(m, len); | |
31540 | - seq_path(m, &file->f_path, "\n"); | |
31541 | + seq_path(m, &file->f_path, "\n\\"); | |
31542 | } else { | |
31543 | const char *name = arch_vma_name(vma); | |
31544 | if (!name) { | |
31545 | if (mm) { | |
31546 | - if (vma->vm_start <= mm->start_brk && | |
31547 | - vma->vm_end >= mm->brk) { | |
31548 | + if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) { | |
31549 | name = "[heap]"; | |
31550 | - } else if (vma->vm_start <= mm->start_stack && | |
31551 | - vma->vm_end >= mm->start_stack) { | |
31552 | + } else if ((vma->vm_flags & (VM_GROWSDOWN | VM_GROWSUP)) || | |
31553 | + (vma->vm_start <= mm->start_stack && | |
31554 | + vma->vm_end >= mm->start_stack)) { | |
31555 | name = "[stack]"; | |
ae4e228f MT |
31556 | } else { |
31557 | unsigned long stack_start; | |
31558 | @@ -402,9 +428,16 @@ static int show_smap(struct seq_file *m, | |
58c5fc13 MT |
31559 | }; |
31560 | ||
31561 | memset(&mss, 0, sizeof mss); | |
31562 | - mss.vma = vma; | |
31563 | - if (vma->vm_mm && !is_vm_hugetlb_page(vma)) | |
31564 | - walk_page_range(vma->vm_start, vma->vm_end, &smaps_walk); | |
31565 | + | |
31566 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
31567 | + if (!PAX_RAND_FLAGS(vma->vm_mm)) { | |
31568 | +#endif | |
31569 | + mss.vma = vma; | |
31570 | + if (vma->vm_mm && !is_vm_hugetlb_page(vma)) | |
31571 | + walk_page_range(vma->vm_start, vma->vm_end, &smaps_walk); | |
31572 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
31573 | + } | |
31574 | +#endif | |
31575 | ||
31576 | show_map_vma(m, vma); | |
31577 | ||
ae4e228f | 31578 | @@ -420,7 +453,11 @@ static int show_smap(struct seq_file *m, |
58c5fc13 MT |
31579 | "Swap: %8lu kB\n" |
31580 | "KernelPageSize: %8lu kB\n" | |
31581 | "MMUPageSize: %8lu kB\n", | |
31582 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
31583 | + PAX_RAND_FLAGS(vma->vm_mm) ? 0UL : (vma->vm_end - vma->vm_start) >> 10, | |
31584 | +#else | |
31585 | (vma->vm_end - vma->vm_start) >> 10, | |
31586 | +#endif | |
31587 | mss.resident >> 10, | |
31588 | (unsigned long)(mss.pss >> (10 + PSS_SHIFT)), | |
31589 | mss.shared_clean >> 10, | |
ae4e228f MT |
31590 | diff -urNp linux-2.6.33.1/fs/proc/task_nommu.c linux-2.6.33.1/fs/proc/task_nommu.c |
31591 | --- linux-2.6.33.1/fs/proc/task_nommu.c 2010-03-15 12:09:39.000000000 -0400 | |
31592 | +++ linux-2.6.33.1/fs/proc/task_nommu.c 2010-03-20 16:58:41.836587389 -0400 | |
58c5fc13 MT |
31593 | @@ -50,7 +50,7 @@ void task_mem(struct seq_file *m, struct |
31594 | else | |
31595 | bytes += kobjsize(mm); | |
31596 | ||
31597 | - if (current->fs && current->fs->users > 1) | |
31598 | + if (current->fs && atomic_read(¤t->fs->users) > 1) | |
31599 | sbytes += kobjsize(current->fs); | |
31600 | else | |
31601 | bytes += kobjsize(current->fs); | |
ae4e228f | 31602 | @@ -158,7 +158,7 @@ static int nommu_vma_show(struct seq_fil |
58c5fc13 MT |
31603 | if (len < 1) |
31604 | len = 1; | |
31605 | seq_printf(m, "%*c", len, ' '); | |
31606 | - seq_path(m, &file->f_path, ""); | |
31607 | + seq_path(m, &file->f_path, "\n\\"); | |
31608 | } | |
31609 | ||
31610 | seq_putc(m, '\n'); | |
ae4e228f MT |
31611 | diff -urNp linux-2.6.33.1/fs/readdir.c linux-2.6.33.1/fs/readdir.c |
31612 | --- linux-2.6.33.1/fs/readdir.c 2010-03-15 12:09:39.000000000 -0400 | |
31613 | +++ linux-2.6.33.1/fs/readdir.c 2010-03-20 16:58:41.836587389 -0400 | |
58c5fc13 MT |
31614 | @@ -16,6 +16,7 @@ |
31615 | #include <linux/security.h> | |
31616 | #include <linux/syscalls.h> | |
31617 | #include <linux/unistd.h> | |
31618 | +#include <linux/namei.h> | |
31619 | ||
31620 | #include <asm/uaccess.h> | |
31621 | ||
31622 | @@ -67,6 +68,7 @@ struct old_linux_dirent { | |
31623 | ||
31624 | struct readdir_callback { | |
31625 | struct old_linux_dirent __user * dirent; | |
31626 | + struct file * file; | |
31627 | int result; | |
31628 | }; | |
31629 | ||
31630 | @@ -84,6 +86,10 @@ static int fillonedir(void * __buf, cons | |
31631 | buf->result = -EOVERFLOW; | |
31632 | return -EOVERFLOW; | |
31633 | } | |
31634 | + | |
31635 | + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino)) | |
31636 | + return 0; | |
31637 | + | |
31638 | buf->result++; | |
31639 | dirent = buf->dirent; | |
31640 | if (!access_ok(VERIFY_WRITE, dirent, | |
31641 | @@ -116,6 +122,7 @@ SYSCALL_DEFINE3(old_readdir, unsigned in | |
31642 | ||
31643 | buf.result = 0; | |
31644 | buf.dirent = dirent; | |
31645 | + buf.file = file; | |
31646 | ||
31647 | error = vfs_readdir(file, fillonedir, &buf); | |
31648 | if (buf.result) | |
31649 | @@ -142,6 +149,7 @@ struct linux_dirent { | |
31650 | struct getdents_callback { | |
31651 | struct linux_dirent __user * current_dir; | |
31652 | struct linux_dirent __user * previous; | |
31653 | + struct file * file; | |
31654 | int count; | |
31655 | int error; | |
31656 | }; | |
31657 | @@ -162,6 +170,10 @@ static int filldir(void * __buf, const c | |
31658 | buf->error = -EOVERFLOW; | |
31659 | return -EOVERFLOW; | |
31660 | } | |
31661 | + | |
31662 | + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino)) | |
31663 | + return 0; | |
31664 | + | |
31665 | dirent = buf->previous; | |
31666 | if (dirent) { | |
31667 | if (__put_user(offset, &dirent->d_off)) | |
31668 | @@ -209,6 +221,7 @@ SYSCALL_DEFINE3(getdents, unsigned int, | |
31669 | buf.previous = NULL; | |
31670 | buf.count = count; | |
31671 | buf.error = 0; | |
31672 | + buf.file = file; | |
31673 | ||
31674 | error = vfs_readdir(file, filldir, &buf); | |
31675 | if (error >= 0) | |
31676 | @@ -228,6 +241,7 @@ out: | |
31677 | struct getdents_callback64 { | |
31678 | struct linux_dirent64 __user * current_dir; | |
31679 | struct linux_dirent64 __user * previous; | |
31680 | + struct file *file; | |
31681 | int count; | |
31682 | int error; | |
31683 | }; | |
31684 | @@ -242,6 +256,10 @@ static int filldir64(void * __buf, const | |
31685 | buf->error = -EINVAL; /* only used if we fail.. */ | |
31686 | if (reclen > buf->count) | |
31687 | return -EINVAL; | |
31688 | + | |
31689 | + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino)) | |
31690 | + return 0; | |
31691 | + | |
31692 | dirent = buf->previous; | |
31693 | if (dirent) { | |
31694 | if (__put_user(offset, &dirent->d_off)) | |
31695 | @@ -289,6 +307,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int | |
31696 | ||
31697 | buf.current_dir = dirent; | |
31698 | buf.previous = NULL; | |
31699 | + buf.file = file; | |
31700 | buf.count = count; | |
31701 | buf.error = 0; | |
31702 | ||
ae4e228f MT |
31703 | diff -urNp linux-2.6.33.1/fs/reiserfs/do_balan.c linux-2.6.33.1/fs/reiserfs/do_balan.c |
31704 | --- linux-2.6.33.1/fs/reiserfs/do_balan.c 2010-03-15 12:09:39.000000000 -0400 | |
31705 | +++ linux-2.6.33.1/fs/reiserfs/do_balan.c 2010-03-20 16:58:41.848535760 -0400 | |
31706 | @@ -2051,7 +2051,7 @@ void do_balance(struct tree_balance *tb, | |
58c5fc13 MT |
31707 | return; |
31708 | } | |
31709 | ||
31710 | - atomic_inc(&(fs_generation(tb->tb_sb))); | |
31711 | + atomic_inc_unchecked(&(fs_generation(tb->tb_sb))); | |
31712 | do_balance_starts(tb); | |
31713 | ||
31714 | /* balance leaf returns 0 except if combining L R and S into | |
ae4e228f MT |
31715 | diff -urNp linux-2.6.33.1/fs/reiserfs/item_ops.c linux-2.6.33.1/fs/reiserfs/item_ops.c |
31716 | --- linux-2.6.33.1/fs/reiserfs/item_ops.c 2010-03-15 12:09:39.000000000 -0400 | |
31717 | +++ linux-2.6.33.1/fs/reiserfs/item_ops.c 2010-03-20 16:58:41.848535760 -0400 | |
31718 | @@ -102,7 +102,7 @@ static void sd_print_vi(struct virtual_i | |
31719 | vi->vi_index, vi->vi_type, vi->vi_ih); | |
31720 | } | |
31721 | ||
31722 | -static struct item_operations stat_data_ops = { | |
31723 | +static const struct item_operations stat_data_ops = { | |
31724 | .bytes_number = sd_bytes_number, | |
31725 | .decrement_key = sd_decrement_key, | |
31726 | .is_left_mergeable = sd_is_left_mergeable, | |
31727 | @@ -196,7 +196,7 @@ static void direct_print_vi(struct virtu | |
31728 | vi->vi_index, vi->vi_type, vi->vi_ih); | |
31729 | } | |
31730 | ||
31731 | -static struct item_operations direct_ops = { | |
31732 | +static const struct item_operations direct_ops = { | |
31733 | .bytes_number = direct_bytes_number, | |
31734 | .decrement_key = direct_decrement_key, | |
31735 | .is_left_mergeable = direct_is_left_mergeable, | |
31736 | @@ -341,7 +341,7 @@ static void indirect_print_vi(struct vir | |
31737 | vi->vi_index, vi->vi_type, vi->vi_ih); | |
31738 | } | |
31739 | ||
31740 | -static struct item_operations indirect_ops = { | |
31741 | +static const struct item_operations indirect_ops = { | |
31742 | .bytes_number = indirect_bytes_number, | |
31743 | .decrement_key = indirect_decrement_key, | |
31744 | .is_left_mergeable = indirect_is_left_mergeable, | |
31745 | @@ -628,7 +628,7 @@ static void direntry_print_vi(struct vir | |
31746 | printk("\n"); | |
31747 | } | |
31748 | ||
31749 | -static struct item_operations direntry_ops = { | |
31750 | +static const struct item_operations direntry_ops = { | |
31751 | .bytes_number = direntry_bytes_number, | |
31752 | .decrement_key = direntry_decrement_key, | |
31753 | .is_left_mergeable = direntry_is_left_mergeable, | |
31754 | @@ -724,7 +724,7 @@ static void errcatch_print_vi(struct vir | |
31755 | "Invalid item type observed, run fsck ASAP"); | |
31756 | } | |
31757 | ||
31758 | -static struct item_operations errcatch_ops = { | |
31759 | +static const struct item_operations errcatch_ops = { | |
31760 | errcatch_bytes_number, | |
31761 | errcatch_decrement_key, | |
31762 | errcatch_is_left_mergeable, | |
31763 | @@ -746,7 +746,7 @@ static struct item_operations errcatch_o | |
31764 | #error Item types must use disk-format assigned values. | |
31765 | #endif | |
31766 | ||
31767 | -struct item_operations *item_ops[TYPE_ANY + 1] = { | |
31768 | +const struct item_operations * const item_ops[TYPE_ANY + 1] = { | |
31769 | &stat_data_ops, | |
31770 | &indirect_ops, | |
31771 | &direct_ops, | |
31772 | diff -urNp linux-2.6.33.1/fs/reiserfs/procfs.c linux-2.6.33.1/fs/reiserfs/procfs.c | |
31773 | --- linux-2.6.33.1/fs/reiserfs/procfs.c 2010-03-15 12:09:39.000000000 -0400 | |
31774 | +++ linux-2.6.33.1/fs/reiserfs/procfs.c 2010-03-20 16:58:41.848535760 -0400 | |
31775 | @@ -113,7 +113,7 @@ static int show_super(struct seq_file *m | |
58c5fc13 MT |
31776 | "SMALL_TAILS " : "NO_TAILS ", |
31777 | replay_only(sb) ? "REPLAY_ONLY " : "", | |
31778 | convert_reiserfs(sb) ? "CONV " : "", | |
31779 | - atomic_read(&r->s_generation_counter), | |
31780 | + atomic_read_unchecked(&r->s_generation_counter), | |
31781 | SF(s_disk_reads), SF(s_disk_writes), SF(s_fix_nodes), | |
31782 | SF(s_do_balance), SF(s_unneeded_left_neighbor), | |
31783 | SF(s_good_search_by_key_reada), SF(s_bmaps), | |
ae4e228f MT |
31784 | diff -urNp linux-2.6.33.1/fs/select.c linux-2.6.33.1/fs/select.c |
31785 | --- linux-2.6.33.1/fs/select.c 2010-03-15 12:09:39.000000000 -0400 | |
31786 | +++ linux-2.6.33.1/fs/select.c 2010-03-20 16:58:41.848535760 -0400 | |
31787 | @@ -20,6 +20,7 @@ | |
58c5fc13 MT |
31788 | #include <linux/module.h> |
31789 | #include <linux/slab.h> | |
31790 | #include <linux/poll.h> | |
31791 | +#include <linux/security.h> | |
31792 | #include <linux/personality.h> /* for STICKY_TIMEOUTS */ | |
31793 | #include <linux/file.h> | |
31794 | #include <linux/fdtable.h> | |
ae4e228f | 31795 | @@ -821,6 +822,7 @@ int do_sys_poll(struct pollfd __user *uf |
58c5fc13 MT |
31796 | struct poll_list *walk = head; |
31797 | unsigned long todo = nfds; | |
31798 | ||
31799 | + gr_learn_resource(current, RLIMIT_NOFILE, nfds, 1); | |
31800 | if (nfds > current->signal->rlim[RLIMIT_NOFILE].rlim_cur) | |
31801 | return -EINVAL; | |
31802 | ||
ae4e228f MT |
31803 | diff -urNp linux-2.6.33.1/fs/seq_file.c linux-2.6.33.1/fs/seq_file.c |
31804 | --- linux-2.6.33.1/fs/seq_file.c 2010-03-15 12:09:39.000000000 -0400 | |
31805 | +++ linux-2.6.33.1/fs/seq_file.c 2010-03-20 16:58:41.860772579 -0400 | |
58c5fc13 MT |
31806 | @@ -76,7 +76,8 @@ static int traverse(struct seq_file *m, |
31807 | return 0; | |
31808 | } | |
31809 | if (!m->buf) { | |
31810 | - m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL); | |
31811 | + m->size = PAGE_SIZE; | |
ae4e228f | 31812 | + m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL); |
58c5fc13 MT |
31813 | if (!m->buf) |
31814 | return -ENOMEM; | |
31815 | } | |
31816 | @@ -116,7 +117,8 @@ static int traverse(struct seq_file *m, | |
31817 | Eoverflow: | |
31818 | m->op->stop(m, p); | |
31819 | kfree(m->buf); | |
31820 | - m->buf = kmalloc(m->size <<= 1, GFP_KERNEL); | |
31821 | + m->size <<= 1; | |
31822 | + m->buf = kmalloc(m->size, GFP_KERNEL); | |
31823 | return !m->buf ? -ENOMEM : -EAGAIN; | |
31824 | } | |
31825 | ||
31826 | @@ -169,7 +171,8 @@ ssize_t seq_read(struct file *file, char | |
31827 | m->version = file->f_version; | |
31828 | /* grab buffer if we didn't have one */ | |
31829 | if (!m->buf) { | |
31830 | - m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL); | |
31831 | + m->size = PAGE_SIZE; | |
ae4e228f | 31832 | + m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL); |
58c5fc13 MT |
31833 | if (!m->buf) |
31834 | goto Enomem; | |
31835 | } | |
31836 | @@ -210,7 +213,8 @@ ssize_t seq_read(struct file *file, char | |
31837 | goto Fill; | |
31838 | m->op->stop(m, p); | |
31839 | kfree(m->buf); | |
31840 | - m->buf = kmalloc(m->size <<= 1, GFP_KERNEL); | |
31841 | + m->size <<= 1; | |
31842 | + m->buf = kmalloc(m->size, GFP_KERNEL); | |
31843 | if (!m->buf) | |
31844 | goto Enomem; | |
31845 | m->count = 0; | |
ae4e228f MT |
31846 | diff -urNp linux-2.6.33.1/fs/smbfs/symlink.c linux-2.6.33.1/fs/smbfs/symlink.c |
31847 | --- linux-2.6.33.1/fs/smbfs/symlink.c 2010-03-15 12:09:39.000000000 -0400 | |
31848 | +++ linux-2.6.33.1/fs/smbfs/symlink.c 2010-03-20 16:58:41.860772579 -0400 | |
58c5fc13 MT |
31849 | @@ -55,7 +55,7 @@ static void *smb_follow_link(struct dent |
31850 | ||
31851 | static void smb_put_link(struct dentry *dentry, struct nameidata *nd, void *p) | |
31852 | { | |
31853 | - char *s = nd_get_link(nd); | |
31854 | + const char *s = nd_get_link(nd); | |
31855 | if (!IS_ERR(s)) | |
31856 | __putname(s); | |
31857 | } | |
ae4e228f MT |
31858 | diff -urNp linux-2.6.33.1/fs/splice.c linux-2.6.33.1/fs/splice.c |
31859 | --- linux-2.6.33.1/fs/splice.c 2010-03-15 12:09:39.000000000 -0400 | |
31860 | +++ linux-2.6.33.1/fs/splice.c 2010-03-20 16:58:41.877542041 -0400 | |
31861 | @@ -185,7 +185,7 @@ ssize_t splice_to_pipe(struct pipe_inode | |
31862 | pipe_lock(pipe); | |
31863 | ||
31864 | for (;;) { | |
31865 | - if (!pipe->readers) { | |
31866 | + if (!atomic_read(&pipe->readers)) { | |
31867 | send_sig(SIGPIPE, current, 0); | |
31868 | if (!ret) | |
31869 | ret = -EPIPE; | |
31870 | @@ -239,9 +239,9 @@ ssize_t splice_to_pipe(struct pipe_inode | |
31871 | do_wakeup = 0; | |
31872 | } | |
31873 | ||
31874 | - pipe->waiting_writers++; | |
31875 | + atomic_inc(&pipe->waiting_writers); | |
31876 | pipe_wait(pipe); | |
31877 | - pipe->waiting_writers--; | |
31878 | + atomic_dec(&pipe->waiting_writers); | |
31879 | } | |
31880 | ||
31881 | pipe_unlock(pipe); | |
31882 | @@ -531,7 +531,7 @@ static ssize_t kernel_readv(struct file | |
31883 | old_fs = get_fs(); | |
31884 | set_fs(get_ds()); | |
31885 | /* The cast to a user pointer is valid due to the set_fs() */ | |
31886 | - res = vfs_readv(file, (const struct iovec __user *)vec, vlen, &pos); | |
31887 | + res = vfs_readv(file, (__force const struct iovec __user *)vec, vlen, &pos); | |
31888 | set_fs(old_fs); | |
31889 | ||
31890 | return res; | |
31891 | @@ -546,7 +546,7 @@ static ssize_t kernel_write(struct file | |
31892 | old_fs = get_fs(); | |
31893 | set_fs(get_ds()); | |
31894 | /* The cast to a user pointer is valid due to the set_fs() */ | |
31895 | - res = vfs_write(file, (const char __user *)buf, count, &pos); | |
31896 | + res = vfs_write(file, (__force const char __user *)buf, count, &pos); | |
31897 | set_fs(old_fs); | |
31898 | ||
31899 | return res; | |
31900 | @@ -588,7 +588,7 @@ ssize_t default_file_splice_read(struct | |
31901 | goto err; | |
31902 | ||
31903 | this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset); | |
31904 | - vec[i].iov_base = (void __user *) page_address(page); | |
31905 | + vec[i].iov_base = (__force void __user *) page_address(page); | |
31906 | vec[i].iov_len = this_len; | |
31907 | pages[i] = page; | |
31908 | spd.nr_pages++; | |
31909 | @@ -810,10 +810,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); | |
31910 | int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd) | |
31911 | { | |
31912 | while (!pipe->nrbufs) { | |
31913 | - if (!pipe->writers) | |
31914 | + if (!atomic_read(&pipe->writers)) | |
31915 | return 0; | |
31916 | ||
31917 | - if (!pipe->waiting_writers && sd->num_spliced) | |
31918 | + if (!atomic_read(&pipe->waiting_writers) && sd->num_spliced) | |
31919 | return 0; | |
31920 | ||
31921 | if (sd->flags & SPLICE_F_NONBLOCK) | |
31922 | @@ -1150,7 +1150,7 @@ ssize_t splice_direct_to_actor(struct fi | |
31923 | * out of the pipe right after the splice_to_pipe(). So set | |
31924 | * PIPE_READERS appropriately. | |
31925 | */ | |
31926 | - pipe->readers = 1; | |
31927 | + atomic_set(&pipe->readers, 1); | |
31928 | ||
31929 | current->splice_pipe = pipe; | |
31930 | } | |
31931 | @@ -1710,9 +1710,9 @@ static int ipipe_prep(struct pipe_inode_ | |
31932 | ret = -ERESTARTSYS; | |
31933 | break; | |
31934 | } | |
31935 | - if (!pipe->writers) | |
31936 | + if (!atomic_read(&pipe->writers)) | |
31937 | break; | |
31938 | - if (!pipe->waiting_writers) { | |
31939 | + if (!atomic_read(&pipe->waiting_writers)) { | |
31940 | if (flags & SPLICE_F_NONBLOCK) { | |
31941 | ret = -EAGAIN; | |
31942 | break; | |
31943 | @@ -1744,7 +1744,7 @@ static int opipe_prep(struct pipe_inode_ | |
31944 | pipe_lock(pipe); | |
31945 | ||
31946 | while (pipe->nrbufs >= PIPE_BUFFERS) { | |
31947 | - if (!pipe->readers) { | |
31948 | + if (!atomic_read(&pipe->readers)) { | |
31949 | send_sig(SIGPIPE, current, 0); | |
31950 | ret = -EPIPE; | |
31951 | break; | |
31952 | @@ -1757,9 +1757,9 @@ static int opipe_prep(struct pipe_inode_ | |
31953 | ret = -ERESTARTSYS; | |
31954 | break; | |
31955 | } | |
31956 | - pipe->waiting_writers++; | |
31957 | + atomic_inc(&pipe->waiting_writers); | |
31958 | pipe_wait(pipe); | |
31959 | - pipe->waiting_writers--; | |
31960 | + atomic_dec(&pipe->waiting_writers); | |
31961 | } | |
58c5fc13 | 31962 | |
ae4e228f MT |
31963 | pipe_unlock(pipe); |
31964 | @@ -1795,14 +1795,14 @@ retry: | |
31965 | pipe_double_lock(ipipe, opipe); | |
31966 | ||
31967 | do { | |
31968 | - if (!opipe->readers) { | |
31969 | + if (!atomic_read(&opipe->readers)) { | |
31970 | send_sig(SIGPIPE, current, 0); | |
31971 | if (!ret) | |
31972 | ret = -EPIPE; | |
31973 | break; | |
31974 | } | |
31975 | ||
31976 | - if (!ipipe->nrbufs && !ipipe->writers) | |
31977 | + if (!ipipe->nrbufs && !atomic_read(&ipipe->writers)) | |
31978 | break; | |
31979 | ||
31980 | /* | |
31981 | @@ -1902,7 +1902,7 @@ static int link_pipe(struct pipe_inode_i | |
31982 | pipe_double_lock(ipipe, opipe); | |
31983 | ||
31984 | do { | |
31985 | - if (!opipe->readers) { | |
31986 | + if (!atomic_read(&opipe->readers)) { | |
31987 | send_sig(SIGPIPE, current, 0); | |
31988 | if (!ret) | |
31989 | ret = -EPIPE; | |
31990 | @@ -1947,7 +1947,7 @@ static int link_pipe(struct pipe_inode_i | |
31991 | * return EAGAIN if we have the potential of some data in the | |
31992 | * future, otherwise just return 0 | |
31993 | */ | |
31994 | - if (!ret && ipipe->waiting_writers && (flags & SPLICE_F_NONBLOCK)) | |
31995 | + if (!ret && atomic_read(&ipipe->waiting_writers) && (flags & SPLICE_F_NONBLOCK)) | |
31996 | ret = -EAGAIN; | |
31997 | ||
31998 | pipe_unlock(ipipe); | |
31999 | diff -urNp linux-2.6.33.1/fs/sysfs/file.c linux-2.6.33.1/fs/sysfs/file.c | |
32000 | --- linux-2.6.33.1/fs/sysfs/file.c 2010-03-15 12:09:39.000000000 -0400 | |
32001 | +++ linux-2.6.33.1/fs/sysfs/file.c 2010-03-20 16:58:41.877542041 -0400 | |
32002 | @@ -53,7 +53,7 @@ struct sysfs_buffer { | |
32003 | size_t count; | |
32004 | loff_t pos; | |
32005 | char * page; | |
32006 | - struct sysfs_ops * ops; | |
32007 | + const struct sysfs_ops * ops; | |
32008 | struct mutex mutex; | |
32009 | int needs_read_fill; | |
32010 | int event; | |
32011 | @@ -75,7 +75,7 @@ static int fill_read_buffer(struct dentr | |
32012 | { | |
32013 | struct sysfs_dirent *attr_sd = dentry->d_fsdata; | |
32014 | struct kobject *kobj = attr_sd->s_parent->s_dir.kobj; | |
32015 | - struct sysfs_ops * ops = buffer->ops; | |
32016 | + const struct sysfs_ops * ops = buffer->ops; | |
32017 | int ret = 0; | |
32018 | ssize_t count; | |
32019 | ||
32020 | @@ -199,7 +199,7 @@ flush_write_buffer(struct dentry * dentr | |
32021 | { | |
32022 | struct sysfs_dirent *attr_sd = dentry->d_fsdata; | |
32023 | struct kobject *kobj = attr_sd->s_parent->s_dir.kobj; | |
32024 | - struct sysfs_ops * ops = buffer->ops; | |
32025 | + const struct sysfs_ops * ops = buffer->ops; | |
32026 | int rc; | |
32027 | ||
32028 | /* need attr_sd for attr and ops, its parent for kobj */ | |
32029 | @@ -335,7 +335,7 @@ static int sysfs_open_file(struct inode | |
32030 | struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; | |
32031 | struct kobject *kobj = attr_sd->s_parent->s_dir.kobj; | |
32032 | struct sysfs_buffer *buffer; | |
32033 | - struct sysfs_ops *ops; | |
32034 | + const struct sysfs_ops *ops; | |
32035 | int error = -EACCES; | |
32036 | char *p; | |
32037 | ||
32038 | diff -urNp linux-2.6.33.1/fs/sysfs/symlink.c linux-2.6.33.1/fs/sysfs/symlink.c | |
32039 | --- linux-2.6.33.1/fs/sysfs/symlink.c 2010-03-15 12:09:39.000000000 -0400 | |
32040 | +++ linux-2.6.33.1/fs/sysfs/symlink.c 2010-03-20 16:58:41.877542041 -0400 | |
32041 | @@ -204,7 +204,7 @@ static void *sysfs_follow_link(struct de | |
58c5fc13 MT |
32042 | |
32043 | static void sysfs_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie) | |
32044 | { | |
32045 | - char *page = nd_get_link(nd); | |
32046 | + const char *page = nd_get_link(nd); | |
32047 | if (!IS_ERR(page)) | |
32048 | free_page((unsigned long)page); | |
32049 | } | |
ae4e228f MT |
32050 | diff -urNp linux-2.6.33.1/fs/udf/balloc.c linux-2.6.33.1/fs/udf/balloc.c |
32051 | --- linux-2.6.33.1/fs/udf/balloc.c 2010-03-15 12:09:39.000000000 -0400 | |
32052 | +++ linux-2.6.33.1/fs/udf/balloc.c 2010-03-20 16:58:41.880865953 -0400 | |
58c5fc13 MT |
32053 | @@ -172,9 +172,7 @@ static void udf_bitmap_free_blocks(struc |
32054 | ||
32055 | mutex_lock(&sbi->s_alloc_mutex); | |
32056 | partmap = &sbi->s_partmaps[bloc->partitionReferenceNum]; | |
32057 | - if (bloc->logicalBlockNum < 0 || | |
32058 | - (bloc->logicalBlockNum + count) > | |
32059 | - partmap->s_partition_len) { | |
32060 | + if ((bloc->logicalBlockNum + count) > partmap->s_partition_len) { | |
32061 | udf_debug("%d < %d || %d + %d > %d\n", | |
32062 | bloc->logicalBlockNum, 0, bloc->logicalBlockNum, | |
32063 | count, partmap->s_partition_len); | |
32064 | @@ -436,9 +434,7 @@ static void udf_table_free_blocks(struct | |
32065 | ||
32066 | mutex_lock(&sbi->s_alloc_mutex); | |
32067 | partmap = &sbi->s_partmaps[bloc->partitionReferenceNum]; | |
32068 | - if (bloc->logicalBlockNum < 0 || | |
32069 | - (bloc->logicalBlockNum + count) > | |
32070 | - partmap->s_partition_len) { | |
32071 | + if ((bloc->logicalBlockNum + count) > partmap->s_partition_len) { | |
32072 | udf_debug("%d < %d || %d + %d > %d\n", | |
ae4e228f | 32073 | bloc->logicalBlockNum, 0, bloc->logicalBlockNum, count, |
58c5fc13 | 32074 | partmap->s_partition_len); |
ae4e228f MT |
32075 | diff -urNp linux-2.6.33.1/fs/utimes.c linux-2.6.33.1/fs/utimes.c |
32076 | --- linux-2.6.33.1/fs/utimes.c 2010-03-15 12:09:39.000000000 -0400 | |
32077 | +++ linux-2.6.33.1/fs/utimes.c 2010-03-20 16:58:41.884933711 -0400 | |
58c5fc13 MT |
32078 | @@ -1,6 +1,7 @@ |
32079 | #include <linux/compiler.h> | |
32080 | #include <linux/file.h> | |
32081 | #include <linux/fs.h> | |
32082 | +#include <linux/security.h> | |
32083 | #include <linux/linkage.h> | |
32084 | #include <linux/mount.h> | |
32085 | #include <linux/namei.h> | |
32086 | @@ -101,6 +102,12 @@ static int utimes_common(struct path *pa | |
32087 | goto mnt_drop_write_and_out; | |
32088 | } | |
32089 | } | |
32090 | + | |
32091 | + if (!gr_acl_handle_utime(path->dentry, path->mnt)) { | |
32092 | + error = -EACCES; | |
32093 | + goto mnt_drop_write_and_out; | |
32094 | + } | |
32095 | + | |
32096 | mutex_lock(&inode->i_mutex); | |
32097 | error = notify_change(path->dentry, &newattrs); | |
32098 | mutex_unlock(&inode->i_mutex); | |
ae4e228f MT |
32099 | diff -urNp linux-2.6.33.1/fs/xfs/linux-2.6/xfs_ioctl.c linux-2.6.33.1/fs/xfs/linux-2.6/xfs_ioctl.c |
32100 | --- linux-2.6.33.1/fs/xfs/linux-2.6/xfs_ioctl.c 2010-03-15 12:09:39.000000000 -0400 | |
32101 | +++ linux-2.6.33.1/fs/xfs/linux-2.6/xfs_ioctl.c 2010-03-20 16:58:41.884933711 -0400 | |
32102 | @@ -135,7 +135,7 @@ xfs_find_handle( | |
32103 | } | |
58c5fc13 | 32104 | |
ae4e228f MT |
32105 | error = -EFAULT; |
32106 | - if (copy_to_user(hreq->ohandle, &handle, hsize) || | |
32107 | + if (hsize > sizeof(handle) || copy_to_user(hreq->ohandle, &handle, hsize) || | |
32108 | copy_to_user(hreq->ohandlen, &hsize, sizeof(__s32))) | |
32109 | goto out_put; | |
58c5fc13 | 32110 | |
ae4e228f MT |
32111 | diff -urNp linux-2.6.33.1/fs/xfs/linux-2.6/xfs_iops.c linux-2.6.33.1/fs/xfs/linux-2.6/xfs_iops.c |
32112 | --- linux-2.6.33.1/fs/xfs/linux-2.6/xfs_iops.c 2010-03-15 12:09:39.000000000 -0400 | |
32113 | +++ linux-2.6.33.1/fs/xfs/linux-2.6/xfs_iops.c 2010-03-20 16:58:41.884933711 -0400 | |
32114 | @@ -469,7 +469,7 @@ xfs_vn_put_link( | |
58c5fc13 MT |
32115 | struct nameidata *nd, |
32116 | void *p) | |
32117 | { | |
32118 | - char *s = nd_get_link(nd); | |
32119 | + const char *s = nd_get_link(nd); | |
32120 | ||
32121 | if (!IS_ERR(s)) | |
32122 | kfree(s); | |
ae4e228f MT |
32123 | diff -urNp linux-2.6.33.1/fs/xfs/xfs_bmap.c linux-2.6.33.1/fs/xfs/xfs_bmap.c |
32124 | --- linux-2.6.33.1/fs/xfs/xfs_bmap.c 2010-03-15 12:09:39.000000000 -0400 | |
32125 | +++ linux-2.6.33.1/fs/xfs/xfs_bmap.c 2010-03-20 16:58:41.888938450 -0400 | |
32126 | @@ -296,7 +296,7 @@ xfs_bmap_validate_ret( | |
58c5fc13 MT |
32127 | int nmap, |
32128 | int ret_nmap); | |
32129 | #else | |
32130 | -#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) | |
32131 | +#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) do {} while (0) | |
32132 | #endif /* DEBUG */ | |
32133 | ||
ae4e228f MT |
32134 | STATIC int |
32135 | diff -urNp linux-2.6.33.1/grsecurity/gracl_alloc.c linux-2.6.33.1/grsecurity/gracl_alloc.c | |
32136 | --- linux-2.6.33.1/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500 | |
32137 | +++ linux-2.6.33.1/grsecurity/gracl_alloc.c 2010-03-20 16:58:41.888938450 -0400 | |
58c5fc13 MT |
32138 | @@ -0,0 +1,105 @@ |
32139 | +#include <linux/kernel.h> | |
32140 | +#include <linux/mm.h> | |
32141 | +#include <linux/slab.h> | |
32142 | +#include <linux/vmalloc.h> | |
32143 | +#include <linux/gracl.h> | |
32144 | +#include <linux/grsecurity.h> | |
32145 | + | |
32146 | +static unsigned long alloc_stack_next = 1; | |
32147 | +static unsigned long alloc_stack_size = 1; | |
32148 | +static void **alloc_stack; | |
32149 | + | |
32150 | +static __inline__ int | |
32151 | +alloc_pop(void) | |
32152 | +{ | |
32153 | + if (alloc_stack_next == 1) | |
32154 | + return 0; | |
32155 | + | |
32156 | + kfree(alloc_stack[alloc_stack_next - 2]); | |
32157 | + | |
32158 | + alloc_stack_next--; | |
32159 | + | |
32160 | + return 1; | |
32161 | +} | |
32162 | + | |
32163 | +static __inline__ int | |
32164 | +alloc_push(void *buf) | |
32165 | +{ | |
32166 | + if (alloc_stack_next >= alloc_stack_size) | |
32167 | + return 1; | |
32168 | + | |
32169 | + alloc_stack[alloc_stack_next - 1] = buf; | |
32170 | + | |
32171 | + alloc_stack_next++; | |
32172 | + | |
32173 | + return 0; | |
32174 | +} | |
32175 | + | |
32176 | +void * | |
32177 | +acl_alloc(unsigned long len) | |
32178 | +{ | |
32179 | + void *ret = NULL; | |
32180 | + | |
32181 | + if (!len || len > PAGE_SIZE) | |
32182 | + goto out; | |
32183 | + | |
32184 | + ret = kmalloc(len, GFP_KERNEL); | |
32185 | + | |
32186 | + if (ret) { | |
32187 | + if (alloc_push(ret)) { | |
32188 | + kfree(ret); | |
32189 | + ret = NULL; | |
32190 | + } | |
32191 | + } | |
32192 | + | |
32193 | +out: | |
32194 | + return ret; | |
32195 | +} | |
32196 | + | |
32197 | +void * | |
32198 | +acl_alloc_num(unsigned long num, unsigned long len) | |
32199 | +{ | |
32200 | + if (!len || (num > (PAGE_SIZE / len))) | |
32201 | + return NULL; | |
32202 | + | |
32203 | + return acl_alloc(num * len); | |
32204 | +} | |
32205 | + | |
32206 | +void | |
32207 | +acl_free_all(void) | |
32208 | +{ | |
32209 | + if (gr_acl_is_enabled() || !alloc_stack) | |
32210 | + return; | |
32211 | + | |
32212 | + while (alloc_pop()) ; | |
32213 | + | |
32214 | + if (alloc_stack) { | |
32215 | + if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE) | |
32216 | + kfree(alloc_stack); | |
32217 | + else | |
32218 | + vfree(alloc_stack); | |
32219 | + } | |
32220 | + | |
32221 | + alloc_stack = NULL; | |
32222 | + alloc_stack_size = 1; | |
32223 | + alloc_stack_next = 1; | |
32224 | + | |
32225 | + return; | |
32226 | +} | |
32227 | + | |
32228 | +int | |
32229 | +acl_alloc_stack_init(unsigned long size) | |
32230 | +{ | |
32231 | + if ((size * sizeof (void *)) <= PAGE_SIZE) | |
32232 | + alloc_stack = | |
32233 | + (void **) kmalloc(size * sizeof (void *), GFP_KERNEL); | |
32234 | + else | |
32235 | + alloc_stack = (void **) vmalloc(size * sizeof (void *)); | |
32236 | + | |
32237 | + alloc_stack_size = size; | |
32238 | + | |
32239 | + if (!alloc_stack) | |
32240 | + return 0; | |
32241 | + else | |
32242 | + return 1; | |
32243 | +} | |
ae4e228f MT |
32244 | diff -urNp linux-2.6.33.1/grsecurity/gracl.c linux-2.6.33.1/grsecurity/gracl.c |
32245 | --- linux-2.6.33.1/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500 | |
32246 | +++ linux-2.6.33.1/grsecurity/gracl.c 2010-03-20 17:00:48.140865901 -0400 | |
32247 | @@ -0,0 +1,3917 @@ | |
58c5fc13 MT |
32248 | +#include <linux/kernel.h> |
32249 | +#include <linux/module.h> | |
32250 | +#include <linux/sched.h> | |
32251 | +#include <linux/mm.h> | |
32252 | +#include <linux/file.h> | |
32253 | +#include <linux/fs.h> | |
32254 | +#include <linux/namei.h> | |
32255 | +#include <linux/mount.h> | |
32256 | +#include <linux/tty.h> | |
32257 | +#include <linux/proc_fs.h> | |
32258 | +#include <linux/smp_lock.h> | |
32259 | +#include <linux/slab.h> | |
32260 | +#include <linux/vmalloc.h> | |
32261 | +#include <linux/types.h> | |
32262 | +#include <linux/sysctl.h> | |
32263 | +#include <linux/netdevice.h> | |
32264 | +#include <linux/ptrace.h> | |
32265 | +#include <linux/gracl.h> | |
32266 | +#include <linux/gralloc.h> | |
32267 | +#include <linux/grsecurity.h> | |
32268 | +#include <linux/grinternal.h> | |
32269 | +#include <linux/pid_namespace.h> | |
32270 | +#include <linux/fdtable.h> | |
32271 | +#include <linux/percpu.h> | |
32272 | + | |
32273 | +#include <asm/uaccess.h> | |
32274 | +#include <asm/errno.h> | |
32275 | +#include <asm/mman.h> | |
32276 | + | |
32277 | +static struct acl_role_db acl_role_set; | |
32278 | +static struct name_db name_set; | |
32279 | +static struct inodev_db inodev_set; | |
32280 | + | |
32281 | +/* for keeping track of userspace pointers used for subjects, so we | |
32282 | + can share references in the kernel as well | |
32283 | +*/ | |
32284 | + | |
32285 | +static struct dentry *real_root; | |
32286 | +static struct vfsmount *real_root_mnt; | |
32287 | + | |
32288 | +static struct acl_subj_map_db subj_map_set; | |
32289 | + | |
32290 | +static struct acl_role_label *default_role; | |
32291 | + | |
ae4e228f MT |
32292 | +static struct acl_role_label *role_list; |
32293 | + | |
58c5fc13 MT |
32294 | +static u16 acl_sp_role_value; |
32295 | + | |
32296 | +extern char *gr_shared_page[4]; | |
32297 | +static DECLARE_MUTEX(gr_dev_sem); | |
32298 | +DEFINE_RWLOCK(gr_inode_lock); | |
32299 | + | |
32300 | +struct gr_arg *gr_usermode; | |
32301 | + | |
58c5fc13 | 32302 | +static unsigned int gr_status __read_only = GR_STATUS_INIT; |
58c5fc13 MT |
32303 | + |
32304 | +extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum); | |
32305 | +extern void gr_clear_learn_entries(void); | |
32306 | + | |
32307 | +#ifdef CONFIG_GRKERNSEC_RESLOG | |
32308 | +extern void gr_log_resource(const struct task_struct *task, | |
32309 | + const int res, const unsigned long wanted, const int gt); | |
32310 | +#endif | |
32311 | + | |
32312 | +unsigned char *gr_system_salt; | |
32313 | +unsigned char *gr_system_sum; | |
32314 | + | |
32315 | +static struct sprole_pw **acl_special_roles = NULL; | |
32316 | +static __u16 num_sprole_pws = 0; | |
32317 | + | |
32318 | +static struct acl_role_label *kernel_role = NULL; | |
32319 | + | |
32320 | +static unsigned int gr_auth_attempts = 0; | |
32321 | +static unsigned long gr_auth_expires = 0UL; | |
32322 | + | |
32323 | +extern struct vfsmount *sock_mnt; | |
32324 | +extern struct vfsmount *pipe_mnt; | |
32325 | +extern struct vfsmount *shm_mnt; | |
32326 | +static struct acl_object_label *fakefs_obj; | |
32327 | + | |
32328 | +extern int gr_init_uidset(void); | |
32329 | +extern void gr_free_uidset(void); | |
32330 | +extern void gr_remove_uid(uid_t uid); | |
32331 | +extern int gr_find_uid(uid_t uid); | |
32332 | + | |
32333 | +__inline__ int | |
32334 | +gr_acl_is_enabled(void) | |
32335 | +{ | |
32336 | + return (gr_status & GR_READY); | |
32337 | +} | |
32338 | + | |
32339 | +char gr_roletype_to_char(void) | |
32340 | +{ | |
32341 | + switch (current->role->roletype & | |
32342 | + (GR_ROLE_DEFAULT | GR_ROLE_USER | GR_ROLE_GROUP | | |
32343 | + GR_ROLE_SPECIAL)) { | |
32344 | + case GR_ROLE_DEFAULT: | |
32345 | + return 'D'; | |
32346 | + case GR_ROLE_USER: | |
32347 | + return 'U'; | |
32348 | + case GR_ROLE_GROUP: | |
32349 | + return 'G'; | |
32350 | + case GR_ROLE_SPECIAL: | |
32351 | + return 'S'; | |
32352 | + } | |
32353 | + | |
32354 | + return 'X'; | |
32355 | +} | |
32356 | + | |
32357 | +__inline__ int | |
32358 | +gr_acl_tpe_check(void) | |
32359 | +{ | |
32360 | + if (unlikely(!(gr_status & GR_READY))) | |
32361 | + return 0; | |
32362 | + if (current->role->roletype & GR_ROLE_TPE) | |
32363 | + return 1; | |
32364 | + else | |
32365 | + return 0; | |
32366 | +} | |
32367 | + | |
32368 | +int | |
32369 | +gr_handle_rawio(const struct inode *inode) | |
32370 | +{ | |
32371 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
32372 | + if (inode && S_ISBLK(inode->i_mode) && | |
32373 | + grsec_enable_chroot_caps && proc_is_chrooted(current) && | |
32374 | + !capable(CAP_SYS_RAWIO)) | |
32375 | + return 1; | |
32376 | +#endif | |
32377 | + return 0; | |
32378 | +} | |
32379 | + | |
32380 | +static int | |
32381 | +gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb) | |
32382 | +{ | |
32383 | + int i; | |
32384 | + unsigned long *l1; | |
32385 | + unsigned long *l2; | |
32386 | + unsigned char *c1; | |
32387 | + unsigned char *c2; | |
32388 | + int num_longs; | |
32389 | + | |
32390 | + if (likely(lena != lenb)) | |
32391 | + return 0; | |
32392 | + | |
32393 | + l1 = (unsigned long *)a; | |
32394 | + l2 = (unsigned long *)b; | |
32395 | + | |
32396 | + num_longs = lena / sizeof(unsigned long); | |
32397 | + | |
32398 | + for (i = num_longs; i--; l1++, l2++) { | |
32399 | + if (unlikely(*l1 != *l2)) | |
32400 | + return 0; | |
32401 | + } | |
32402 | + | |
32403 | + c1 = (unsigned char *) l1; | |
32404 | + c2 = (unsigned char *) l2; | |
32405 | + | |
32406 | + i = lena - (num_longs * sizeof(unsigned long)); | |
32407 | + | |
32408 | + for (; i--; c1++, c2++) { | |
32409 | + if (unlikely(*c1 != *c2)) | |
32410 | + return 0; | |
32411 | + } | |
32412 | + | |
32413 | + return 1; | |
32414 | +} | |
32415 | + | |
32416 | +static char * __our_d_path(struct dentry *dentry, struct vfsmount *vfsmnt, | |
32417 | + struct dentry *root, struct vfsmount *rootmnt, | |
32418 | + char *buffer, int buflen) | |
32419 | +{ | |
32420 | + char * end = buffer+buflen; | |
32421 | + char * retval; | |
32422 | + int namelen; | |
32423 | + | |
32424 | + *--end = '\0'; | |
32425 | + buflen--; | |
32426 | + | |
32427 | + if (buflen < 1) | |
32428 | + goto Elong; | |
32429 | + /* Get '/' right */ | |
32430 | + retval = end-1; | |
32431 | + *retval = '/'; | |
32432 | + | |
32433 | + for (;;) { | |
32434 | + struct dentry * parent; | |
32435 | + | |
32436 | + if (dentry == root && vfsmnt == rootmnt) | |
32437 | + break; | |
32438 | + if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) { | |
32439 | + /* Global root? */ | |
32440 | + spin_lock(&vfsmount_lock); | |
32441 | + if (vfsmnt->mnt_parent == vfsmnt) { | |
32442 | + spin_unlock(&vfsmount_lock); | |
32443 | + goto global_root; | |
32444 | + } | |
32445 | + dentry = vfsmnt->mnt_mountpoint; | |
32446 | + vfsmnt = vfsmnt->mnt_parent; | |
32447 | + spin_unlock(&vfsmount_lock); | |
32448 | + continue; | |
32449 | + } | |
32450 | + parent = dentry->d_parent; | |
32451 | + prefetch(parent); | |
32452 | + namelen = dentry->d_name.len; | |
32453 | + buflen -= namelen + 1; | |
32454 | + if (buflen < 0) | |
32455 | + goto Elong; | |
32456 | + end -= namelen; | |
32457 | + memcpy(end, dentry->d_name.name, namelen); | |
32458 | + *--end = '/'; | |
32459 | + retval = end; | |
32460 | + dentry = parent; | |
32461 | + } | |
32462 | + | |
32463 | + return retval; | |
32464 | + | |
32465 | +global_root: | |
32466 | + namelen = dentry->d_name.len; | |
32467 | + buflen -= namelen; | |
32468 | + if (buflen < 0) | |
32469 | + goto Elong; | |
32470 | + retval -= namelen-1; /* hit the slash */ | |
32471 | + memcpy(retval, dentry->d_name.name, namelen); | |
32472 | + return retval; | |
32473 | +Elong: | |
32474 | + return ERR_PTR(-ENAMETOOLONG); | |
32475 | +} | |
32476 | + | |
32477 | +static char * | |
32478 | +gen_full_path(struct dentry *dentry, struct vfsmount *vfsmnt, | |
32479 | + struct dentry *root, struct vfsmount *rootmnt, char *buf, int buflen) | |
32480 | +{ | |
32481 | + char *retval; | |
32482 | + | |
32483 | + retval = __our_d_path(dentry, vfsmnt, root, rootmnt, buf, buflen); | |
32484 | + if (unlikely(IS_ERR(retval))) | |
32485 | + retval = strcpy(buf, "<path too long>"); | |
32486 | + else if (unlikely(retval[1] == '/' && retval[2] == '\0')) | |
32487 | + retval[1] = '\0'; | |
32488 | + | |
32489 | + return retval; | |
32490 | +} | |
32491 | + | |
32492 | +static char * | |
32493 | +__d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt, | |
32494 | + char *buf, int buflen) | |
32495 | +{ | |
32496 | + char *res; | |
32497 | + | |
32498 | + /* we can use real_root, real_root_mnt, because this is only called | |
32499 | + by the RBAC system */ | |
32500 | + res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, real_root, real_root_mnt, buf, buflen); | |
32501 | + | |
32502 | + return res; | |
32503 | +} | |
32504 | + | |
32505 | +static char * | |
32506 | +d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt, | |
32507 | + char *buf, int buflen) | |
32508 | +{ | |
32509 | + char *res; | |
32510 | + struct dentry *root; | |
32511 | + struct vfsmount *rootmnt; | |
32512 | + struct task_struct *reaper = &init_task; | |
32513 | + | |
32514 | + /* we can't use real_root, real_root_mnt, because they belong only to the RBAC system */ | |
32515 | + read_lock(&reaper->fs->lock); | |
32516 | + root = dget(reaper->fs->root.dentry); | |
32517 | + rootmnt = mntget(reaper->fs->root.mnt); | |
32518 | + read_unlock(&reaper->fs->lock); | |
32519 | + | |
32520 | + spin_lock(&dcache_lock); | |
32521 | + res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, root, rootmnt, buf, buflen); | |
32522 | + spin_unlock(&dcache_lock); | |
32523 | + | |
32524 | + dput(root); | |
32525 | + mntput(rootmnt); | |
32526 | + return res; | |
32527 | +} | |
32528 | + | |
32529 | +static char * | |
32530 | +gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt) | |
32531 | +{ | |
32532 | + char *ret; | |
32533 | + spin_lock(&dcache_lock); | |
32534 | + ret = __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()), | |
32535 | + PAGE_SIZE); | |
32536 | + spin_unlock(&dcache_lock); | |
32537 | + return ret; | |
32538 | +} | |
32539 | + | |
32540 | +char * | |
32541 | +gr_to_filename_nolock(const struct dentry *dentry, const struct vfsmount *mnt) | |
32542 | +{ | |
32543 | + return __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()), | |
32544 | + PAGE_SIZE); | |
32545 | +} | |
32546 | + | |
32547 | +char * | |
32548 | +gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt) | |
32549 | +{ | |
32550 | + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()), | |
32551 | + PAGE_SIZE); | |
32552 | +} | |
32553 | + | |
32554 | +char * | |
32555 | +gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt) | |
32556 | +{ | |
32557 | + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[1], smp_processor_id()), | |
32558 | + PAGE_SIZE); | |
32559 | +} | |
32560 | + | |
32561 | +char * | |
32562 | +gr_to_filename2(const struct dentry *dentry, const struct vfsmount *mnt) | |
32563 | +{ | |
32564 | + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[2], smp_processor_id()), | |
32565 | + PAGE_SIZE); | |
32566 | +} | |
32567 | + | |
32568 | +char * | |
32569 | +gr_to_filename3(const struct dentry *dentry, const struct vfsmount *mnt) | |
32570 | +{ | |
32571 | + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[3], smp_processor_id()), | |
32572 | + PAGE_SIZE); | |
32573 | +} | |
32574 | + | |
32575 | +__inline__ __u32 | |
32576 | +to_gr_audit(const __u32 reqmode) | |
32577 | +{ | |
32578 | + /* masks off auditable permission flags, then shifts them to create | |
32579 | + auditing flags, and adds the special case of append auditing if | |
32580 | + we're requesting write */ | |
32581 | + return (((reqmode & ~GR_AUDITS) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0)); | |
32582 | +} | |
32583 | + | |
32584 | +struct acl_subject_label * | |
32585 | +lookup_subject_map(const struct acl_subject_label *userp) | |
32586 | +{ | |
32587 | + unsigned int index = shash(userp, subj_map_set.s_size); | |
32588 | + struct subject_map *match; | |
32589 | + | |
32590 | + match = subj_map_set.s_hash[index]; | |
32591 | + | |
32592 | + while (match && match->user != userp) | |
32593 | + match = match->next; | |
32594 | + | |
32595 | + if (match != NULL) | |
32596 | + return match->kernel; | |
32597 | + else | |
32598 | + return NULL; | |
32599 | +} | |
32600 | + | |
32601 | +static void | |
32602 | +insert_subj_map_entry(struct subject_map *subjmap) | |
32603 | +{ | |
32604 | + unsigned int index = shash(subjmap->user, subj_map_set.s_size); | |
32605 | + struct subject_map **curr; | |
32606 | + | |
32607 | + subjmap->prev = NULL; | |
32608 | + | |
32609 | + curr = &subj_map_set.s_hash[index]; | |
32610 | + if (*curr != NULL) | |
32611 | + (*curr)->prev = subjmap; | |
32612 | + | |
32613 | + subjmap->next = *curr; | |
32614 | + *curr = subjmap; | |
32615 | + | |
32616 | + return; | |
32617 | +} | |
32618 | + | |
32619 | +static struct acl_role_label * | |
32620 | +lookup_acl_role_label(const struct task_struct *task, const uid_t uid, | |
32621 | + const gid_t gid) | |
32622 | +{ | |
32623 | + unsigned int index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size); | |
32624 | + struct acl_role_label *match; | |
32625 | + struct role_allowed_ip *ipp; | |
32626 | + unsigned int x; | |
32627 | + | |
32628 | + match = acl_role_set.r_hash[index]; | |
32629 | + | |
32630 | + while (match) { | |
32631 | + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_USER)) == (GR_ROLE_DOMAIN | GR_ROLE_USER)) { | |
32632 | + for (x = 0; x < match->domain_child_num; x++) { | |
32633 | + if (match->domain_children[x] == uid) | |
32634 | + goto found; | |
32635 | + } | |
32636 | + } else if (match->uidgid == uid && match->roletype & GR_ROLE_USER) | |
32637 | + break; | |
32638 | + match = match->next; | |
32639 | + } | |
32640 | +found: | |
32641 | + if (match == NULL) { | |
32642 | + try_group: | |
32643 | + index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size); | |
32644 | + match = acl_role_set.r_hash[index]; | |
32645 | + | |
32646 | + while (match) { | |
32647 | + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) == (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) { | |
32648 | + for (x = 0; x < match->domain_child_num; x++) { | |
32649 | + if (match->domain_children[x] == gid) | |
32650 | + goto found2; | |
32651 | + } | |
32652 | + } else if (match->uidgid == gid && match->roletype & GR_ROLE_GROUP) | |
32653 | + break; | |
32654 | + match = match->next; | |
32655 | + } | |
32656 | +found2: | |
32657 | + if (match == NULL) | |
32658 | + match = default_role; | |
32659 | + if (match->allowed_ips == NULL) | |
32660 | + return match; | |
32661 | + else { | |
32662 | + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) { | |
32663 | + if (likely | |
32664 | + ((ntohl(task->signal->curr_ip) & ipp->netmask) == | |
32665 | + (ntohl(ipp->addr) & ipp->netmask))) | |
32666 | + return match; | |
32667 | + } | |
32668 | + match = default_role; | |
32669 | + } | |
32670 | + } else if (match->allowed_ips == NULL) { | |
32671 | + return match; | |
32672 | + } else { | |
32673 | + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) { | |
32674 | + if (likely | |
32675 | + ((ntohl(task->signal->curr_ip) & ipp->netmask) == | |
32676 | + (ntohl(ipp->addr) & ipp->netmask))) | |
32677 | + return match; | |
32678 | + } | |
32679 | + goto try_group; | |
32680 | + } | |
32681 | + | |
32682 | + return match; | |
32683 | +} | |
32684 | + | |
32685 | +struct acl_subject_label * | |
32686 | +lookup_acl_subj_label(const ino_t ino, const dev_t dev, | |
32687 | + const struct acl_role_label *role) | |
32688 | +{ | |
32689 | + unsigned int index = fhash(ino, dev, role->subj_hash_size); | |
32690 | + struct acl_subject_label *match; | |
32691 | + | |
32692 | + match = role->subj_hash[index]; | |
32693 | + | |
32694 | + while (match && (match->inode != ino || match->device != dev || | |
32695 | + (match->mode & GR_DELETED))) { | |
32696 | + match = match->next; | |
32697 | + } | |
32698 | + | |
32699 | + if (match && !(match->mode & GR_DELETED)) | |
32700 | + return match; | |
32701 | + else | |
32702 | + return NULL; | |
32703 | +} | |
32704 | + | |
32705 | +struct acl_subject_label * | |
32706 | +lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev, | |
32707 | + const struct acl_role_label *role) | |
32708 | +{ | |
32709 | + unsigned int index = fhash(ino, dev, role->subj_hash_size); | |
32710 | + struct acl_subject_label *match; | |
32711 | + | |
32712 | + match = role->subj_hash[index]; | |
32713 | + | |
32714 | + while (match && (match->inode != ino || match->device != dev || | |
32715 | + !(match->mode & GR_DELETED))) { | |
32716 | + match = match->next; | |
32717 | + } | |
32718 | + | |
32719 | + if (match && (match->mode & GR_DELETED)) | |
32720 | + return match; | |
32721 | + else | |
32722 | + return NULL; | |
32723 | +} | |
32724 | + | |
32725 | +static struct acl_object_label * | |
32726 | +lookup_acl_obj_label(const ino_t ino, const dev_t dev, | |
32727 | + const struct acl_subject_label *subj) | |
32728 | +{ | |
32729 | + unsigned int index = fhash(ino, dev, subj->obj_hash_size); | |
32730 | + struct acl_object_label *match; | |
32731 | + | |
32732 | + match = subj->obj_hash[index]; | |
32733 | + | |
32734 | + while (match && (match->inode != ino || match->device != dev || | |
32735 | + (match->mode & GR_DELETED))) { | |
32736 | + match = match->next; | |
32737 | + } | |
32738 | + | |
32739 | + if (match && !(match->mode & GR_DELETED)) | |
32740 | + return match; | |
32741 | + else | |
32742 | + return NULL; | |
32743 | +} | |
32744 | + | |
32745 | +static struct acl_object_label * | |
32746 | +lookup_acl_obj_label_create(const ino_t ino, const dev_t dev, | |
32747 | + const struct acl_subject_label *subj) | |
32748 | +{ | |
32749 | + unsigned int index = fhash(ino, dev, subj->obj_hash_size); | |
32750 | + struct acl_object_label *match; | |
32751 | + | |
32752 | + match = subj->obj_hash[index]; | |
32753 | + | |
32754 | + while (match && (match->inode != ino || match->device != dev || | |
32755 | + !(match->mode & GR_DELETED))) { | |
32756 | + match = match->next; | |
32757 | + } | |
32758 | + | |
32759 | + if (match && (match->mode & GR_DELETED)) | |
32760 | + return match; | |
32761 | + | |
32762 | + match = subj->obj_hash[index]; | |
32763 | + | |
32764 | + while (match && (match->inode != ino || match->device != dev || | |
32765 | + (match->mode & GR_DELETED))) { | |
32766 | + match = match->next; | |
32767 | + } | |
32768 | + | |
32769 | + if (match && !(match->mode & GR_DELETED)) | |
32770 | + return match; | |
32771 | + else | |
32772 | + return NULL; | |
32773 | +} | |
32774 | + | |
32775 | +static struct name_entry * | |
32776 | +lookup_name_entry(const char *name) | |
32777 | +{ | |
32778 | + unsigned int len = strlen(name); | |
32779 | + unsigned int key = full_name_hash(name, len); | |
32780 | + unsigned int index = key % name_set.n_size; | |
32781 | + struct name_entry *match; | |
32782 | + | |
32783 | + match = name_set.n_hash[index]; | |
32784 | + | |
32785 | + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len))) | |
32786 | + match = match->next; | |
32787 | + | |
32788 | + return match; | |
32789 | +} | |
32790 | + | |
32791 | +static struct name_entry * | |
32792 | +lookup_name_entry_create(const char *name) | |
32793 | +{ | |
32794 | + unsigned int len = strlen(name); | |
32795 | + unsigned int key = full_name_hash(name, len); | |
32796 | + unsigned int index = key % name_set.n_size; | |
32797 | + struct name_entry *match; | |
32798 | + | |
32799 | + match = name_set.n_hash[index]; | |
32800 | + | |
32801 | + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) || | |
32802 | + !match->deleted)) | |
32803 | + match = match->next; | |
32804 | + | |
32805 | + if (match && match->deleted) | |
32806 | + return match; | |
32807 | + | |
32808 | + match = name_set.n_hash[index]; | |
32809 | + | |
32810 | + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) || | |
32811 | + match->deleted)) | |
32812 | + match = match->next; | |
32813 | + | |
32814 | + if (match && !match->deleted) | |
32815 | + return match; | |
32816 | + else | |
32817 | + return NULL; | |
32818 | +} | |
32819 | + | |
32820 | +static struct inodev_entry * | |
32821 | +lookup_inodev_entry(const ino_t ino, const dev_t dev) | |
32822 | +{ | |
32823 | + unsigned int index = fhash(ino, dev, inodev_set.i_size); | |
32824 | + struct inodev_entry *match; | |
32825 | + | |
32826 | + match = inodev_set.i_hash[index]; | |
32827 | + | |
32828 | + while (match && (match->nentry->inode != ino || match->nentry->device != dev)) | |
32829 | + match = match->next; | |
32830 | + | |
32831 | + return match; | |
32832 | +} | |
32833 | + | |
32834 | +static void | |
32835 | +insert_inodev_entry(struct inodev_entry *entry) | |
32836 | +{ | |
32837 | + unsigned int index = fhash(entry->nentry->inode, entry->nentry->device, | |
32838 | + inodev_set.i_size); | |
32839 | + struct inodev_entry **curr; | |
32840 | + | |
32841 | + entry->prev = NULL; | |
32842 | + | |
32843 | + curr = &inodev_set.i_hash[index]; | |
32844 | + if (*curr != NULL) | |
32845 | + (*curr)->prev = entry; | |
32846 | + | |
32847 | + entry->next = *curr; | |
32848 | + *curr = entry; | |
32849 | + | |
32850 | + return; | |
32851 | +} | |
32852 | + | |
32853 | +static void | |
32854 | +__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid) | |
32855 | +{ | |
32856 | + unsigned int index = | |
32857 | + rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size); | |
32858 | + struct acl_role_label **curr; | |
ae4e228f | 32859 | + struct acl_role_label *tmp; |
58c5fc13 MT |
32860 | + |
32861 | + curr = &acl_role_set.r_hash[index]; | |
58c5fc13 | 32862 | + |
ae4e228f MT |
32863 | + /* if role was already inserted due to domains and already has |
32864 | + a role in the same bucket as it attached, then we need to | |
32865 | + combine these two buckets | |
32866 | + */ | |
32867 | + if (role->next) { | |
32868 | + tmp = role->next; | |
32869 | + while (tmp->next) | |
32870 | + tmp = tmp->next; | |
32871 | + tmp->next = *curr; | |
32872 | + } else | |
32873 | + role->next = *curr; | |
58c5fc13 MT |
32874 | + *curr = role; |
32875 | + | |
32876 | + return; | |
32877 | +} | |
32878 | + | |
32879 | +static void | |
32880 | +insert_acl_role_label(struct acl_role_label *role) | |
32881 | +{ | |
32882 | + int i; | |
32883 | + | |
ae4e228f MT |
32884 | + if (role_list == NULL) { |
32885 | + role_list = role; | |
32886 | + role->prev = NULL; | |
32887 | + } else { | |
32888 | + role->prev = role_list; | |
32889 | + role_list = role; | |
32890 | + } | |
32891 | + | |
32892 | + /* used for hash chains */ | |
32893 | + role->next = NULL; | |
32894 | + | |
58c5fc13 MT |
32895 | + if (role->roletype & GR_ROLE_DOMAIN) { |
32896 | + for (i = 0; i < role->domain_child_num; i++) | |
32897 | + __insert_acl_role_label(role, role->domain_children[i]); | |
32898 | + } else | |
32899 | + __insert_acl_role_label(role, role->uidgid); | |
32900 | +} | |
32901 | + | |
32902 | +static int | |
32903 | +insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted) | |
32904 | +{ | |
32905 | + struct name_entry **curr, *nentry; | |
32906 | + struct inodev_entry *ientry; | |
32907 | + unsigned int len = strlen(name); | |
32908 | + unsigned int key = full_name_hash(name, len); | |
32909 | + unsigned int index = key % name_set.n_size; | |
32910 | + | |
32911 | + curr = &name_set.n_hash[index]; | |
32912 | + | |
32913 | + while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len))) | |
32914 | + curr = &((*curr)->next); | |
32915 | + | |
32916 | + if (*curr != NULL) | |
32917 | + return 1; | |
32918 | + | |
32919 | + nentry = acl_alloc(sizeof (struct name_entry)); | |
32920 | + if (nentry == NULL) | |
32921 | + return 0; | |
32922 | + ientry = acl_alloc(sizeof (struct inodev_entry)); | |
32923 | + if (ientry == NULL) | |
32924 | + return 0; | |
32925 | + ientry->nentry = nentry; | |
32926 | + | |
32927 | + nentry->key = key; | |
32928 | + nentry->name = name; | |
32929 | + nentry->inode = inode; | |
32930 | + nentry->device = device; | |
32931 | + nentry->len = len; | |
32932 | + nentry->deleted = deleted; | |
32933 | + | |
32934 | + nentry->prev = NULL; | |
32935 | + curr = &name_set.n_hash[index]; | |
32936 | + if (*curr != NULL) | |
32937 | + (*curr)->prev = nentry; | |
32938 | + nentry->next = *curr; | |
32939 | + *curr = nentry; | |
32940 | + | |
32941 | + /* insert us into the table searchable by inode/dev */ | |
32942 | + insert_inodev_entry(ientry); | |
32943 | + | |
32944 | + return 1; | |
32945 | +} | |
32946 | + | |
32947 | +static void | |
32948 | +insert_acl_obj_label(struct acl_object_label *obj, | |
32949 | + struct acl_subject_label *subj) | |
32950 | +{ | |
32951 | + unsigned int index = | |
32952 | + fhash(obj->inode, obj->device, subj->obj_hash_size); | |
32953 | + struct acl_object_label **curr; | |
32954 | + | |
32955 | + | |
32956 | + obj->prev = NULL; | |
32957 | + | |
32958 | + curr = &subj->obj_hash[index]; | |
32959 | + if (*curr != NULL) | |
32960 | + (*curr)->prev = obj; | |
32961 | + | |
32962 | + obj->next = *curr; | |
32963 | + *curr = obj; | |
32964 | + | |
32965 | + return; | |
32966 | +} | |
32967 | + | |
32968 | +static void | |
32969 | +insert_acl_subj_label(struct acl_subject_label *obj, | |
32970 | + struct acl_role_label *role) | |
32971 | +{ | |
32972 | + unsigned int index = fhash(obj->inode, obj->device, role->subj_hash_size); | |
32973 | + struct acl_subject_label **curr; | |
32974 | + | |
32975 | + obj->prev = NULL; | |
32976 | + | |
32977 | + curr = &role->subj_hash[index]; | |
32978 | + if (*curr != NULL) | |
32979 | + (*curr)->prev = obj; | |
32980 | + | |
32981 | + obj->next = *curr; | |
32982 | + *curr = obj; | |
32983 | + | |
32984 | + return; | |
32985 | +} | |
32986 | + | |
32987 | +/* allocating chained hash tables, so optimal size is where lambda ~ 1 */ | |
32988 | + | |
32989 | +static void * | |
32990 | +create_table(__u32 * len, int elementsize) | |
32991 | +{ | |
32992 | + unsigned int table_sizes[] = { | |
32993 | + 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381, | |
32994 | + 32749, 65521, 131071, 262139, 524287, 1048573, 2097143, | |
32995 | + 4194301, 8388593, 16777213, 33554393, 67108859 | |
32996 | + }; | |
32997 | + void *newtable = NULL; | |
32998 | + unsigned int pwr = 0; | |
32999 | + | |
33000 | + while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) && | |
33001 | + table_sizes[pwr] <= *len) | |
33002 | + pwr++; | |
33003 | + | |
33004 | + if (table_sizes[pwr] <= *len || (table_sizes[pwr] > ULONG_MAX / elementsize)) | |
33005 | + return newtable; | |
33006 | + | |
33007 | + if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE) | |
33008 | + newtable = | |
33009 | + kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL); | |
33010 | + else | |
33011 | + newtable = vmalloc(table_sizes[pwr] * elementsize); | |
33012 | + | |
33013 | + *len = table_sizes[pwr]; | |
33014 | + | |
33015 | + return newtable; | |
33016 | +} | |
33017 | + | |
33018 | +static int | |
33019 | +init_variables(const struct gr_arg *arg) | |
33020 | +{ | |
33021 | + struct task_struct *reaper = &init_task; | |
33022 | + unsigned int stacksize; | |
33023 | + | |
33024 | + subj_map_set.s_size = arg->role_db.num_subjects; | |
33025 | + acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children; | |
33026 | + name_set.n_size = arg->role_db.num_objects; | |
33027 | + inodev_set.i_size = arg->role_db.num_objects; | |
33028 | + | |
33029 | + if (!subj_map_set.s_size || !acl_role_set.r_size || | |
33030 | + !name_set.n_size || !inodev_set.i_size) | |
33031 | + return 1; | |
33032 | + | |
33033 | + if (!gr_init_uidset()) | |
33034 | + return 1; | |
33035 | + | |
33036 | + /* set up the stack that holds allocation info */ | |
33037 | + | |
33038 | + stacksize = arg->role_db.num_pointers + 5; | |
33039 | + | |
33040 | + if (!acl_alloc_stack_init(stacksize)) | |
33041 | + return 1; | |
33042 | + | |
33043 | + /* grab reference for the real root dentry and vfsmount */ | |
33044 | + read_lock(&reaper->fs->lock); | |
33045 | + real_root_mnt = mntget(reaper->fs->root.mnt); | |
33046 | + real_root = dget(reaper->fs->root.dentry); | |
33047 | + read_unlock(&reaper->fs->lock); | |
33048 | + | |
33049 | + fakefs_obj = acl_alloc(sizeof(struct acl_object_label)); | |
33050 | + if (fakefs_obj == NULL) | |
33051 | + return 1; | |
33052 | + fakefs_obj->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC; | |
33053 | + | |
33054 | + subj_map_set.s_hash = | |
33055 | + (struct subject_map **) create_table(&subj_map_set.s_size, sizeof(void *)); | |
33056 | + acl_role_set.r_hash = | |
33057 | + (struct acl_role_label **) create_table(&acl_role_set.r_size, sizeof(void *)); | |
33058 | + name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size, sizeof(void *)); | |
33059 | + inodev_set.i_hash = | |
33060 | + (struct inodev_entry **) create_table(&inodev_set.i_size, sizeof(void *)); | |
33061 | + | |
33062 | + if (!subj_map_set.s_hash || !acl_role_set.r_hash || | |
33063 | + !name_set.n_hash || !inodev_set.i_hash) | |
33064 | + return 1; | |
33065 | + | |
33066 | + memset(subj_map_set.s_hash, 0, | |
33067 | + sizeof(struct subject_map *) * subj_map_set.s_size); | |
33068 | + memset(acl_role_set.r_hash, 0, | |
33069 | + sizeof (struct acl_role_label *) * acl_role_set.r_size); | |
33070 | + memset(name_set.n_hash, 0, | |
33071 | + sizeof (struct name_entry *) * name_set.n_size); | |
33072 | + memset(inodev_set.i_hash, 0, | |
33073 | + sizeof (struct inodev_entry *) * inodev_set.i_size); | |
33074 | + | |
33075 | + return 0; | |
33076 | +} | |
33077 | + | |
33078 | +/* free information not needed after startup | |
33079 | + currently contains user->kernel pointer mappings for subjects | |
33080 | +*/ | |
33081 | + | |
33082 | +static void | |
33083 | +free_init_variables(void) | |
33084 | +{ | |
33085 | + __u32 i; | |
33086 | + | |
33087 | + if (subj_map_set.s_hash) { | |
33088 | + for (i = 0; i < subj_map_set.s_size; i++) { | |
33089 | + if (subj_map_set.s_hash[i]) { | |
33090 | + kfree(subj_map_set.s_hash[i]); | |
33091 | + subj_map_set.s_hash[i] = NULL; | |
33092 | + } | |
33093 | + } | |
33094 | + | |
33095 | + if ((subj_map_set.s_size * sizeof (struct subject_map *)) <= | |
33096 | + PAGE_SIZE) | |
33097 | + kfree(subj_map_set.s_hash); | |
33098 | + else | |
33099 | + vfree(subj_map_set.s_hash); | |
33100 | + } | |
33101 | + | |
33102 | + return; | |
33103 | +} | |
33104 | + | |
33105 | +static void | |
33106 | +free_variables(void) | |
33107 | +{ | |
33108 | + struct acl_subject_label *s; | |
33109 | + struct acl_role_label *r; | |
33110 | + struct task_struct *task, *task2; | |
ae4e228f | 33111 | + unsigned int x; |
58c5fc13 MT |
33112 | + |
33113 | + gr_clear_learn_entries(); | |
33114 | + | |
33115 | + read_lock(&tasklist_lock); | |
33116 | + do_each_thread(task2, task) { | |
33117 | + task->acl_sp_role = 0; | |
33118 | + task->acl_role_id = 0; | |
33119 | + task->acl = NULL; | |
33120 | + task->role = NULL; | |
33121 | + } while_each_thread(task2, task); | |
33122 | + read_unlock(&tasklist_lock); | |
33123 | + | |
33124 | + /* release the reference to the real root dentry and vfsmount */ | |
33125 | + if (real_root) | |
33126 | + dput(real_root); | |
33127 | + real_root = NULL; | |
33128 | + if (real_root_mnt) | |
33129 | + mntput(real_root_mnt); | |
33130 | + real_root_mnt = NULL; | |
33131 | + | |
33132 | + /* free all object hash tables */ | |
33133 | + | |
ae4e228f | 33134 | + FOR_EACH_ROLE_START(r) |
58c5fc13 | 33135 | + if (r->subj_hash == NULL) |
ae4e228f | 33136 | + goto next_role; |
58c5fc13 MT |
33137 | + FOR_EACH_SUBJECT_START(r, s, x) |
33138 | + if (s->obj_hash == NULL) | |
33139 | + break; | |
33140 | + if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE) | |
33141 | + kfree(s->obj_hash); | |
33142 | + else | |
33143 | + vfree(s->obj_hash); | |
33144 | + FOR_EACH_SUBJECT_END(s, x) | |
33145 | + FOR_EACH_NESTED_SUBJECT_START(r, s) | |
33146 | + if (s->obj_hash == NULL) | |
33147 | + break; | |
33148 | + if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE) | |
33149 | + kfree(s->obj_hash); | |
33150 | + else | |
33151 | + vfree(s->obj_hash); | |
33152 | + FOR_EACH_NESTED_SUBJECT_END(s) | |
33153 | + if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE) | |
33154 | + kfree(r->subj_hash); | |
33155 | + else | |
33156 | + vfree(r->subj_hash); | |
33157 | + r->subj_hash = NULL; | |
ae4e228f MT |
33158 | +next_role: |
33159 | + FOR_EACH_ROLE_END(r) | |
58c5fc13 MT |
33160 | + |
33161 | + acl_free_all(); | |
33162 | + | |
33163 | + if (acl_role_set.r_hash) { | |
33164 | + if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <= | |
33165 | + PAGE_SIZE) | |
33166 | + kfree(acl_role_set.r_hash); | |
33167 | + else | |
33168 | + vfree(acl_role_set.r_hash); | |
33169 | + } | |
33170 | + if (name_set.n_hash) { | |
33171 | + if ((name_set.n_size * sizeof (struct name_entry *)) <= | |
33172 | + PAGE_SIZE) | |
33173 | + kfree(name_set.n_hash); | |
33174 | + else | |
33175 | + vfree(name_set.n_hash); | |
33176 | + } | |
33177 | + | |
33178 | + if (inodev_set.i_hash) { | |
33179 | + if ((inodev_set.i_size * sizeof (struct inodev_entry *)) <= | |
33180 | + PAGE_SIZE) | |
33181 | + kfree(inodev_set.i_hash); | |
33182 | + else | |
33183 | + vfree(inodev_set.i_hash); | |
33184 | + } | |
33185 | + | |
33186 | + gr_free_uidset(); | |
33187 | + | |
33188 | + memset(&name_set, 0, sizeof (struct name_db)); | |
33189 | + memset(&inodev_set, 0, sizeof (struct inodev_db)); | |
33190 | + memset(&acl_role_set, 0, sizeof (struct acl_role_db)); | |
33191 | + memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db)); | |
33192 | + | |
33193 | + default_role = NULL; | |
ae4e228f | 33194 | + role_list = NULL; |
58c5fc13 MT |
33195 | + |
33196 | + return; | |
33197 | +} | |
33198 | + | |
33199 | +static __u32 | |
33200 | +count_user_objs(struct acl_object_label *userp) | |
33201 | +{ | |
33202 | + struct acl_object_label o_tmp; | |
33203 | + __u32 num = 0; | |
33204 | + | |
33205 | + while (userp) { | |
33206 | + if (copy_from_user(&o_tmp, userp, | |
33207 | + sizeof (struct acl_object_label))) | |
33208 | + break; | |
33209 | + | |
33210 | + userp = o_tmp.prev; | |
33211 | + num++; | |
33212 | + } | |
33213 | + | |
33214 | + return num; | |
33215 | +} | |
33216 | + | |
33217 | +static struct acl_subject_label * | |
33218 | +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role); | |
33219 | + | |
33220 | +static int | |
33221 | +copy_user_glob(struct acl_object_label *obj) | |
33222 | +{ | |
33223 | + struct acl_object_label *g_tmp, **guser; | |
33224 | + unsigned int len; | |
33225 | + char *tmp; | |
33226 | + | |
33227 | + if (obj->globbed == NULL) | |
33228 | + return 0; | |
33229 | + | |
33230 | + guser = &obj->globbed; | |
33231 | + while (*guser) { | |
33232 | + g_tmp = (struct acl_object_label *) | |
33233 | + acl_alloc(sizeof (struct acl_object_label)); | |
33234 | + if (g_tmp == NULL) | |
33235 | + return -ENOMEM; | |
33236 | + | |
33237 | + if (copy_from_user(g_tmp, *guser, | |
33238 | + sizeof (struct acl_object_label))) | |
33239 | + return -EFAULT; | |
33240 | + | |
33241 | + len = strnlen_user(g_tmp->filename, PATH_MAX); | |
33242 | + | |
33243 | + if (!len || len >= PATH_MAX) | |
33244 | + return -EINVAL; | |
33245 | + | |
33246 | + if ((tmp = (char *) acl_alloc(len)) == NULL) | |
33247 | + return -ENOMEM; | |
33248 | + | |
33249 | + if (copy_from_user(tmp, g_tmp->filename, len)) | |
33250 | + return -EFAULT; | |
33251 | + tmp[len-1] = '\0'; | |
33252 | + g_tmp->filename = tmp; | |
33253 | + | |
33254 | + *guser = g_tmp; | |
33255 | + guser = &(g_tmp->next); | |
33256 | + } | |
33257 | + | |
33258 | + return 0; | |
33259 | +} | |
33260 | + | |
33261 | +static int | |
33262 | +copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj, | |
33263 | + struct acl_role_label *role) | |
33264 | +{ | |
33265 | + struct acl_object_label *o_tmp; | |
33266 | + unsigned int len; | |
33267 | + int ret; | |
33268 | + char *tmp; | |
33269 | + | |
33270 | + while (userp) { | |
33271 | + if ((o_tmp = (struct acl_object_label *) | |
33272 | + acl_alloc(sizeof (struct acl_object_label))) == NULL) | |
33273 | + return -ENOMEM; | |
33274 | + | |
33275 | + if (copy_from_user(o_tmp, userp, | |
33276 | + sizeof (struct acl_object_label))) | |
33277 | + return -EFAULT; | |
33278 | + | |
33279 | + userp = o_tmp->prev; | |
33280 | + | |
33281 | + len = strnlen_user(o_tmp->filename, PATH_MAX); | |
33282 | + | |
33283 | + if (!len || len >= PATH_MAX) | |
33284 | + return -EINVAL; | |
33285 | + | |
33286 | + if ((tmp = (char *) acl_alloc(len)) == NULL) | |
33287 | + return -ENOMEM; | |
33288 | + | |
33289 | + if (copy_from_user(tmp, o_tmp->filename, len)) | |
33290 | + return -EFAULT; | |
33291 | + tmp[len-1] = '\0'; | |
33292 | + o_tmp->filename = tmp; | |
33293 | + | |
33294 | + insert_acl_obj_label(o_tmp, subj); | |
33295 | + if (!insert_name_entry(o_tmp->filename, o_tmp->inode, | |
33296 | + o_tmp->device, (o_tmp->mode & GR_DELETED) ? 1 : 0)) | |
33297 | + return -ENOMEM; | |
33298 | + | |
33299 | + ret = copy_user_glob(o_tmp); | |
33300 | + if (ret) | |
33301 | + return ret; | |
33302 | + | |
33303 | + if (o_tmp->nested) { | |
33304 | + o_tmp->nested = do_copy_user_subj(o_tmp->nested, role); | |
33305 | + if (IS_ERR(o_tmp->nested)) | |
33306 | + return PTR_ERR(o_tmp->nested); | |
33307 | + | |
33308 | + /* insert into nested subject list */ | |
33309 | + o_tmp->nested->next = role->hash->first; | |
33310 | + role->hash->first = o_tmp->nested; | |
33311 | + } | |
33312 | + } | |
33313 | + | |
33314 | + return 0; | |
33315 | +} | |
33316 | + | |
33317 | +static __u32 | |
33318 | +count_user_subjs(struct acl_subject_label *userp) | |
33319 | +{ | |
33320 | + struct acl_subject_label s_tmp; | |
33321 | + __u32 num = 0; | |
33322 | + | |
33323 | + while (userp) { | |
33324 | + if (copy_from_user(&s_tmp, userp, | |
33325 | + sizeof (struct acl_subject_label))) | |
33326 | + break; | |
33327 | + | |
33328 | + userp = s_tmp.prev; | |
33329 | + /* do not count nested subjects against this count, since | |
33330 | + they are not included in the hash table, but are | |
33331 | + attached to objects. We have already counted | |
33332 | + the subjects in userspace for the allocation | |
33333 | + stack | |
33334 | + */ | |
33335 | + if (!(s_tmp.mode & GR_NESTED)) | |
33336 | + num++; | |
33337 | + } | |
33338 | + | |
33339 | + return num; | |
33340 | +} | |
33341 | + | |
33342 | +static int | |
33343 | +copy_user_allowedips(struct acl_role_label *rolep) | |
33344 | +{ | |
33345 | + struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast; | |
33346 | + | |
33347 | + ruserip = rolep->allowed_ips; | |
33348 | + | |
33349 | + while (ruserip) { | |
33350 | + rlast = rtmp; | |
33351 | + | |
33352 | + if ((rtmp = (struct role_allowed_ip *) | |
33353 | + acl_alloc(sizeof (struct role_allowed_ip))) == NULL) | |
33354 | + return -ENOMEM; | |
33355 | + | |
33356 | + if (copy_from_user(rtmp, ruserip, | |
33357 | + sizeof (struct role_allowed_ip))) | |
33358 | + return -EFAULT; | |
33359 | + | |
33360 | + ruserip = rtmp->prev; | |
33361 | + | |
33362 | + if (!rlast) { | |
33363 | + rtmp->prev = NULL; | |
33364 | + rolep->allowed_ips = rtmp; | |
33365 | + } else { | |
33366 | + rlast->next = rtmp; | |
33367 | + rtmp->prev = rlast; | |
33368 | + } | |
33369 | + | |
33370 | + if (!ruserip) | |
33371 | + rtmp->next = NULL; | |
33372 | + } | |
33373 | + | |
33374 | + return 0; | |
33375 | +} | |
33376 | + | |
33377 | +static int | |
33378 | +copy_user_transitions(struct acl_role_label *rolep) | |
33379 | +{ | |
33380 | + struct role_transition *rusertp, *rtmp = NULL, *rlast; | |
33381 | + | |
33382 | + unsigned int len; | |
33383 | + char *tmp; | |
33384 | + | |
33385 | + rusertp = rolep->transitions; | |
33386 | + | |
33387 | + while (rusertp) { | |
33388 | + rlast = rtmp; | |
33389 | + | |
33390 | + if ((rtmp = (struct role_transition *) | |
33391 | + acl_alloc(sizeof (struct role_transition))) == NULL) | |
33392 | + return -ENOMEM; | |
33393 | + | |
33394 | + if (copy_from_user(rtmp, rusertp, | |
33395 | + sizeof (struct role_transition))) | |
33396 | + return -EFAULT; | |
33397 | + | |
33398 | + rusertp = rtmp->prev; | |
33399 | + | |
33400 | + len = strnlen_user(rtmp->rolename, GR_SPROLE_LEN); | |
33401 | + | |
33402 | + if (!len || len >= GR_SPROLE_LEN) | |
33403 | + return -EINVAL; | |
33404 | + | |
33405 | + if ((tmp = (char *) acl_alloc(len)) == NULL) | |
33406 | + return -ENOMEM; | |
33407 | + | |
33408 | + if (copy_from_user(tmp, rtmp->rolename, len)) | |
33409 | + return -EFAULT; | |
33410 | + tmp[len-1] = '\0'; | |
33411 | + rtmp->rolename = tmp; | |
33412 | + | |
33413 | + if (!rlast) { | |
33414 | + rtmp->prev = NULL; | |
33415 | + rolep->transitions = rtmp; | |
33416 | + } else { | |
33417 | + rlast->next = rtmp; | |
33418 | + rtmp->prev = rlast; | |
33419 | + } | |
33420 | + | |
33421 | + if (!rusertp) | |
33422 | + rtmp->next = NULL; | |
33423 | + } | |
33424 | + | |
33425 | + return 0; | |
33426 | +} | |
33427 | + | |
33428 | +static struct acl_subject_label * | |
33429 | +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role) | |
33430 | +{ | |
33431 | + struct acl_subject_label *s_tmp = NULL, *s_tmp2; | |
33432 | + unsigned int len; | |
33433 | + char *tmp; | |
33434 | + __u32 num_objs; | |
33435 | + struct acl_ip_label **i_tmp, *i_utmp2; | |
33436 | + struct gr_hash_struct ghash; | |
33437 | + struct subject_map *subjmap; | |
33438 | + unsigned int i_num; | |
33439 | + int err; | |
33440 | + | |
33441 | + s_tmp = lookup_subject_map(userp); | |
33442 | + | |
33443 | + /* we've already copied this subject into the kernel, just return | |
33444 | + the reference to it, and don't copy it over again | |
33445 | + */ | |
33446 | + if (s_tmp) | |
33447 | + return(s_tmp); | |
33448 | + | |
33449 | + if ((s_tmp = (struct acl_subject_label *) | |
33450 | + acl_alloc(sizeof (struct acl_subject_label))) == NULL) | |
33451 | + return ERR_PTR(-ENOMEM); | |
33452 | + | |
33453 | + subjmap = (struct subject_map *)kmalloc(sizeof (struct subject_map), GFP_KERNEL); | |
33454 | + if (subjmap == NULL) | |
33455 | + return ERR_PTR(-ENOMEM); | |
33456 | + | |
33457 | + subjmap->user = userp; | |
33458 | + subjmap->kernel = s_tmp; | |
33459 | + insert_subj_map_entry(subjmap); | |
33460 | + | |
33461 | + if (copy_from_user(s_tmp, userp, | |
33462 | + sizeof (struct acl_subject_label))) | |
33463 | + return ERR_PTR(-EFAULT); | |
33464 | + | |
33465 | + len = strnlen_user(s_tmp->filename, PATH_MAX); | |
33466 | + | |
33467 | + if (!len || len >= PATH_MAX) | |
33468 | + return ERR_PTR(-EINVAL); | |
33469 | + | |
33470 | + if ((tmp = (char *) acl_alloc(len)) == NULL) | |
33471 | + return ERR_PTR(-ENOMEM); | |
33472 | + | |
33473 | + if (copy_from_user(tmp, s_tmp->filename, len)) | |
33474 | + return ERR_PTR(-EFAULT); | |
33475 | + tmp[len-1] = '\0'; | |
33476 | + s_tmp->filename = tmp; | |
33477 | + | |
33478 | + if (!strcmp(s_tmp->filename, "/")) | |
33479 | + role->root_label = s_tmp; | |
33480 | + | |
33481 | + if (copy_from_user(&ghash, s_tmp->hash, sizeof(struct gr_hash_struct))) | |
33482 | + return ERR_PTR(-EFAULT); | |
33483 | + | |
33484 | + /* copy user and group transition tables */ | |
33485 | + | |
33486 | + if (s_tmp->user_trans_num) { | |
33487 | + uid_t *uidlist; | |
33488 | + | |
33489 | + uidlist = (uid_t *)acl_alloc_num(s_tmp->user_trans_num, sizeof(uid_t)); | |
33490 | + if (uidlist == NULL) | |
33491 | + return ERR_PTR(-ENOMEM); | |
33492 | + if (copy_from_user(uidlist, s_tmp->user_transitions, s_tmp->user_trans_num * sizeof(uid_t))) | |
33493 | + return ERR_PTR(-EFAULT); | |
33494 | + | |
33495 | + s_tmp->user_transitions = uidlist; | |
33496 | + } | |
33497 | + | |
33498 | + if (s_tmp->group_trans_num) { | |
33499 | + gid_t *gidlist; | |
33500 | + | |
33501 | + gidlist = (gid_t *)acl_alloc_num(s_tmp->group_trans_num, sizeof(gid_t)); | |
33502 | + if (gidlist == NULL) | |
33503 | + return ERR_PTR(-ENOMEM); | |
33504 | + if (copy_from_user(gidlist, s_tmp->group_transitions, s_tmp->group_trans_num * sizeof(gid_t))) | |
33505 | + return ERR_PTR(-EFAULT); | |
33506 | + | |
33507 | + s_tmp->group_transitions = gidlist; | |
33508 | + } | |
33509 | + | |
33510 | + /* set up object hash table */ | |
33511 | + num_objs = count_user_objs(ghash.first); | |
33512 | + | |
33513 | + s_tmp->obj_hash_size = num_objs; | |
33514 | + s_tmp->obj_hash = | |
33515 | + (struct acl_object_label **) | |
33516 | + create_table(&(s_tmp->obj_hash_size), sizeof(void *)); | |
33517 | + | |
33518 | + if (!s_tmp->obj_hash) | |
33519 | + return ERR_PTR(-ENOMEM); | |
33520 | + | |
33521 | + memset(s_tmp->obj_hash, 0, | |
33522 | + s_tmp->obj_hash_size * | |
33523 | + sizeof (struct acl_object_label *)); | |
33524 | + | |
33525 | + /* add in objects */ | |
33526 | + err = copy_user_objs(ghash.first, s_tmp, role); | |
33527 | + | |
33528 | + if (err) | |
33529 | + return ERR_PTR(err); | |
33530 | + | |
33531 | + /* set pointer for parent subject */ | |
33532 | + if (s_tmp->parent_subject) { | |
33533 | + s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role); | |
33534 | + | |
33535 | + if (IS_ERR(s_tmp2)) | |
33536 | + return s_tmp2; | |
33537 | + | |
33538 | + s_tmp->parent_subject = s_tmp2; | |
33539 | + } | |
33540 | + | |
33541 | + /* add in ip acls */ | |
33542 | + | |
33543 | + if (!s_tmp->ip_num) { | |
33544 | + s_tmp->ips = NULL; | |
33545 | + goto insert; | |
33546 | + } | |
33547 | + | |
33548 | + i_tmp = | |
33549 | + (struct acl_ip_label **) acl_alloc_num(s_tmp->ip_num, | |
33550 | + sizeof (struct acl_ip_label *)); | |
33551 | + | |
33552 | + if (!i_tmp) | |
33553 | + return ERR_PTR(-ENOMEM); | |
33554 | + | |
33555 | + for (i_num = 0; i_num < s_tmp->ip_num; i_num++) { | |
33556 | + *(i_tmp + i_num) = | |
33557 | + (struct acl_ip_label *) | |
33558 | + acl_alloc(sizeof (struct acl_ip_label)); | |
33559 | + if (!*(i_tmp + i_num)) | |
33560 | + return ERR_PTR(-ENOMEM); | |
33561 | + | |
33562 | + if (copy_from_user | |
33563 | + (&i_utmp2, s_tmp->ips + i_num, | |
33564 | + sizeof (struct acl_ip_label *))) | |
33565 | + return ERR_PTR(-EFAULT); | |
33566 | + | |
33567 | + if (copy_from_user | |
33568 | + (*(i_tmp + i_num), i_utmp2, | |
33569 | + sizeof (struct acl_ip_label))) | |
33570 | + return ERR_PTR(-EFAULT); | |
33571 | + | |
33572 | + if ((*(i_tmp + i_num))->iface == NULL) | |
33573 | + continue; | |
33574 | + | |
33575 | + len = strnlen_user((*(i_tmp + i_num))->iface, IFNAMSIZ); | |
33576 | + if (!len || len >= IFNAMSIZ) | |
33577 | + return ERR_PTR(-EINVAL); | |
33578 | + tmp = acl_alloc(len); | |
33579 | + if (tmp == NULL) | |
33580 | + return ERR_PTR(-ENOMEM); | |
33581 | + if (copy_from_user(tmp, (*(i_tmp + i_num))->iface, len)) | |
33582 | + return ERR_PTR(-EFAULT); | |
33583 | + (*(i_tmp + i_num))->iface = tmp; | |
33584 | + } | |
33585 | + | |
33586 | + s_tmp->ips = i_tmp; | |
33587 | + | |
33588 | +insert: | |
33589 | + if (!insert_name_entry(s_tmp->filename, s_tmp->inode, | |
33590 | + s_tmp->device, (s_tmp->mode & GR_DELETED) ? 1 : 0)) | |
33591 | + return ERR_PTR(-ENOMEM); | |
33592 | + | |
33593 | + return s_tmp; | |
33594 | +} | |
33595 | + | |
33596 | +static int | |
33597 | +copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role) | |
33598 | +{ | |
33599 | + struct acl_subject_label s_pre; | |
33600 | + struct acl_subject_label * ret; | |
33601 | + int err; | |
33602 | + | |
33603 | + while (userp) { | |
33604 | + if (copy_from_user(&s_pre, userp, | |
33605 | + sizeof (struct acl_subject_label))) | |
33606 | + return -EFAULT; | |
33607 | + | |
33608 | + /* do not add nested subjects here, add | |
33609 | + while parsing objects | |
33610 | + */ | |
33611 | + | |
33612 | + if (s_pre.mode & GR_NESTED) { | |
33613 | + userp = s_pre.prev; | |
33614 | + continue; | |
33615 | + } | |
33616 | + | |
33617 | + ret = do_copy_user_subj(userp, role); | |
33618 | + | |
33619 | + err = PTR_ERR(ret); | |
33620 | + if (IS_ERR(ret)) | |
33621 | + return err; | |
33622 | + | |
33623 | + insert_acl_subj_label(ret, role); | |
33624 | + | |
33625 | + userp = s_pre.prev; | |
33626 | + } | |
33627 | + | |
33628 | + return 0; | |
33629 | +} | |
33630 | + | |
33631 | +static int | |
33632 | +copy_user_acl(struct gr_arg *arg) | |
33633 | +{ | |
33634 | + struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2; | |
33635 | + struct sprole_pw *sptmp; | |
33636 | + struct gr_hash_struct *ghash; | |
33637 | + uid_t *domainlist; | |
33638 | + unsigned int r_num; | |
33639 | + unsigned int len; | |
33640 | + char *tmp; | |
33641 | + int err = 0; | |
33642 | + __u16 i; | |
33643 | + __u32 num_subjs; | |
33644 | + | |
33645 | + /* we need a default and kernel role */ | |
33646 | + if (arg->role_db.num_roles < 2) | |
33647 | + return -EINVAL; | |
33648 | + | |
33649 | + /* copy special role authentication info from userspace */ | |
33650 | + | |
33651 | + num_sprole_pws = arg->num_sprole_pws; | |
33652 | + acl_special_roles = (struct sprole_pw **) acl_alloc_num(num_sprole_pws, sizeof(struct sprole_pw *)); | |
33653 | + | |
33654 | + if (!acl_special_roles) { | |
33655 | + err = -ENOMEM; | |
33656 | + goto cleanup; | |
33657 | + } | |
33658 | + | |
33659 | + for (i = 0; i < num_sprole_pws; i++) { | |
33660 | + sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw)); | |
33661 | + if (!sptmp) { | |
33662 | + err = -ENOMEM; | |
33663 | + goto cleanup; | |
33664 | + } | |
33665 | + if (copy_from_user(sptmp, arg->sprole_pws + i, | |
33666 | + sizeof (struct sprole_pw))) { | |
33667 | + err = -EFAULT; | |
33668 | + goto cleanup; | |
33669 | + } | |
33670 | + | |
33671 | + len = | |
33672 | + strnlen_user(sptmp->rolename, GR_SPROLE_LEN); | |
33673 | + | |
33674 | + if (!len || len >= GR_SPROLE_LEN) { | |
33675 | + err = -EINVAL; | |
33676 | + goto cleanup; | |
33677 | + } | |
33678 | + | |
33679 | + if ((tmp = (char *) acl_alloc(len)) == NULL) { | |
33680 | + err = -ENOMEM; | |
33681 | + goto cleanup; | |
33682 | + } | |
33683 | + | |
33684 | + if (copy_from_user(tmp, sptmp->rolename, len)) { | |
33685 | + err = -EFAULT; | |
33686 | + goto cleanup; | |
33687 | + } | |
33688 | + tmp[len-1] = '\0'; | |
33689 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
33690 | + printk(KERN_ALERT "Copying special role %s\n", tmp); | |
33691 | +#endif | |
33692 | + sptmp->rolename = tmp; | |
33693 | + acl_special_roles[i] = sptmp; | |
33694 | + } | |
33695 | + | |
33696 | + r_utmp = (struct acl_role_label **) arg->role_db.r_table; | |
33697 | + | |
33698 | + for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) { | |
33699 | + r_tmp = acl_alloc(sizeof (struct acl_role_label)); | |
33700 | + | |
33701 | + if (!r_tmp) { | |
33702 | + err = -ENOMEM; | |
33703 | + goto cleanup; | |
33704 | + } | |
33705 | + | |
33706 | + if (copy_from_user(&r_utmp2, r_utmp + r_num, | |
33707 | + sizeof (struct acl_role_label *))) { | |
33708 | + err = -EFAULT; | |
33709 | + goto cleanup; | |
33710 | + } | |
33711 | + | |
33712 | + if (copy_from_user(r_tmp, r_utmp2, | |
33713 | + sizeof (struct acl_role_label))) { | |
33714 | + err = -EFAULT; | |
33715 | + goto cleanup; | |
33716 | + } | |
33717 | + | |
33718 | + len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN); | |
33719 | + | |
33720 | + if (!len || len >= PATH_MAX) { | |
33721 | + err = -EINVAL; | |
33722 | + goto cleanup; | |
33723 | + } | |
33724 | + | |
33725 | + if ((tmp = (char *) acl_alloc(len)) == NULL) { | |
33726 | + err = -ENOMEM; | |
33727 | + goto cleanup; | |
33728 | + } | |
33729 | + if (copy_from_user(tmp, r_tmp->rolename, len)) { | |
33730 | + err = -EFAULT; | |
33731 | + goto cleanup; | |
33732 | + } | |
33733 | + tmp[len-1] = '\0'; | |
33734 | + r_tmp->rolename = tmp; | |
33735 | + | |
33736 | + if (!strcmp(r_tmp->rolename, "default") | |
33737 | + && (r_tmp->roletype & GR_ROLE_DEFAULT)) { | |
33738 | + default_role = r_tmp; | |
33739 | + } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) { | |
33740 | + kernel_role = r_tmp; | |
33741 | + } | |
33742 | + | |
33743 | + if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) { | |
33744 | + err = -ENOMEM; | |
33745 | + goto cleanup; | |
33746 | + } | |
33747 | + if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) { | |
33748 | + err = -EFAULT; | |
33749 | + goto cleanup; | |
33750 | + } | |
33751 | + | |
33752 | + r_tmp->hash = ghash; | |
33753 | + | |
33754 | + num_subjs = count_user_subjs(r_tmp->hash->first); | |
33755 | + | |
33756 | + r_tmp->subj_hash_size = num_subjs; | |
33757 | + r_tmp->subj_hash = | |
33758 | + (struct acl_subject_label **) | |
33759 | + create_table(&(r_tmp->subj_hash_size), sizeof(void *)); | |
33760 | + | |
33761 | + if (!r_tmp->subj_hash) { | |
33762 | + err = -ENOMEM; | |
33763 | + goto cleanup; | |
33764 | + } | |
33765 | + | |
33766 | + err = copy_user_allowedips(r_tmp); | |
33767 | + if (err) | |
33768 | + goto cleanup; | |
33769 | + | |
33770 | + /* copy domain info */ | |
33771 | + if (r_tmp->domain_children != NULL) { | |
33772 | + domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t)); | |
33773 | + if (domainlist == NULL) { | |
33774 | + err = -ENOMEM; | |
33775 | + goto cleanup; | |
33776 | + } | |
33777 | + if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) { | |
33778 | + err = -EFAULT; | |
33779 | + goto cleanup; | |
33780 | + } | |
33781 | + r_tmp->domain_children = domainlist; | |
33782 | + } | |
33783 | + | |
33784 | + err = copy_user_transitions(r_tmp); | |
33785 | + if (err) | |
33786 | + goto cleanup; | |
33787 | + | |
33788 | + memset(r_tmp->subj_hash, 0, | |
33789 | + r_tmp->subj_hash_size * | |
33790 | + sizeof (struct acl_subject_label *)); | |
33791 | + | |
33792 | + err = copy_user_subjs(r_tmp->hash->first, r_tmp); | |
33793 | + | |
33794 | + if (err) | |
33795 | + goto cleanup; | |
33796 | + | |
33797 | + /* set nested subject list to null */ | |
33798 | + r_tmp->hash->first = NULL; | |
33799 | + | |
33800 | + insert_acl_role_label(r_tmp); | |
33801 | + } | |
33802 | + | |
33803 | + goto return_err; | |
33804 | + cleanup: | |
33805 | + free_variables(); | |
33806 | + return_err: | |
33807 | + return err; | |
33808 | + | |
33809 | +} | |
33810 | + | |
33811 | +static int | |
33812 | +gracl_init(struct gr_arg *args) | |
33813 | +{ | |
33814 | + int error = 0; | |
33815 | + | |
33816 | + memcpy(gr_system_salt, args->salt, GR_SALT_LEN); | |
33817 | + memcpy(gr_system_sum, args->sum, GR_SHA_LEN); | |
33818 | + | |
33819 | + if (init_variables(args)) { | |
33820 | + gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION); | |
33821 | + error = -ENOMEM; | |
33822 | + free_variables(); | |
33823 | + goto out; | |
33824 | + } | |
33825 | + | |
33826 | + error = copy_user_acl(args); | |
33827 | + free_init_variables(); | |
33828 | + if (error) { | |
33829 | + free_variables(); | |
33830 | + goto out; | |
33831 | + } | |
33832 | + | |
33833 | + if ((error = gr_set_acls(0))) { | |
33834 | + free_variables(); | |
33835 | + goto out; | |
33836 | + } | |
33837 | + | |
ae4e228f | 33838 | + pax_open_kernel(); |
58c5fc13 | 33839 | + gr_status |= GR_READY; |
ae4e228f | 33840 | + pax_close_kernel(); |
58c5fc13 MT |
33841 | + |
33842 | + out: | |
33843 | + return error; | |
33844 | +} | |
33845 | + | |
33846 | +/* derived from glibc fnmatch() 0: match, 1: no match*/ | |
33847 | + | |
33848 | +static int | |
33849 | +glob_match(const char *p, const char *n) | |
33850 | +{ | |
33851 | + char c; | |
33852 | + | |
33853 | + while ((c = *p++) != '\0') { | |
33854 | + switch (c) { | |
33855 | + case '?': | |
33856 | + if (*n == '\0') | |
33857 | + return 1; | |
33858 | + else if (*n == '/') | |
33859 | + return 1; | |
33860 | + break; | |
33861 | + case '\\': | |
33862 | + if (*n != c) | |
33863 | + return 1; | |
33864 | + break; | |
33865 | + case '*': | |
33866 | + for (c = *p++; c == '?' || c == '*'; c = *p++) { | |
33867 | + if (*n == '/') | |
33868 | + return 1; | |
33869 | + else if (c == '?') { | |
33870 | + if (*n == '\0') | |
33871 | + return 1; | |
33872 | + else | |
33873 | + ++n; | |
33874 | + } | |
33875 | + } | |
33876 | + if (c == '\0') { | |
33877 | + return 0; | |
33878 | + } else { | |
33879 | + const char *endp; | |
33880 | + | |
33881 | + if ((endp = strchr(n, '/')) == NULL) | |
33882 | + endp = n + strlen(n); | |
33883 | + | |
33884 | + if (c == '[') { | |
33885 | + for (--p; n < endp; ++n) | |
33886 | + if (!glob_match(p, n)) | |
33887 | + return 0; | |
33888 | + } else if (c == '/') { | |
33889 | + while (*n != '\0' && *n != '/') | |
33890 | + ++n; | |
33891 | + if (*n == '/' && !glob_match(p, n + 1)) | |
33892 | + return 0; | |
33893 | + } else { | |
33894 | + for (--p; n < endp; ++n) | |
33895 | + if (*n == c && !glob_match(p, n)) | |
33896 | + return 0; | |
33897 | + } | |
33898 | + | |
33899 | + return 1; | |
33900 | + } | |
33901 | + case '[': | |
33902 | + { | |
33903 | + int not; | |
33904 | + char cold; | |
33905 | + | |
33906 | + if (*n == '\0' || *n == '/') | |
33907 | + return 1; | |
33908 | + | |
33909 | + not = (*p == '!' || *p == '^'); | |
33910 | + if (not) | |
33911 | + ++p; | |
33912 | + | |
33913 | + c = *p++; | |
33914 | + for (;;) { | |
33915 | + unsigned char fn = (unsigned char)*n; | |
33916 | + | |
33917 | + if (c == '\0') | |
33918 | + return 1; | |
33919 | + else { | |
33920 | + if (c == fn) | |
33921 | + goto matched; | |
33922 | + cold = c; | |
33923 | + c = *p++; | |
33924 | + | |
33925 | + if (c == '-' && *p != ']') { | |
33926 | + unsigned char cend = *p++; | |
33927 | + | |
33928 | + if (cend == '\0') | |
33929 | + return 1; | |
33930 | + | |
33931 | + if (cold <= fn && fn <= cend) | |
33932 | + goto matched; | |
33933 | + | |
33934 | + c = *p++; | |
33935 | + } | |
33936 | + } | |
33937 | + | |
33938 | + if (c == ']') | |
33939 | + break; | |
33940 | + } | |
33941 | + if (!not) | |
33942 | + return 1; | |
33943 | + break; | |
33944 | + matched: | |
33945 | + while (c != ']') { | |
33946 | + if (c == '\0') | |
33947 | + return 1; | |
33948 | + | |
33949 | + c = *p++; | |
33950 | + } | |
33951 | + if (not) | |
33952 | + return 1; | |
33953 | + } | |
33954 | + break; | |
33955 | + default: | |
33956 | + if (c != *n) | |
33957 | + return 1; | |
33958 | + } | |
33959 | + | |
33960 | + ++n; | |
33961 | + } | |
33962 | + | |
33963 | + if (*n == '\0') | |
33964 | + return 0; | |
33965 | + | |
33966 | + if (*n == '/') | |
33967 | + return 0; | |
33968 | + | |
33969 | + return 1; | |
33970 | +} | |
33971 | + | |
33972 | +static struct acl_object_label * | |
33973 | +chk_glob_label(struct acl_object_label *globbed, | |
33974 | + struct dentry *dentry, struct vfsmount *mnt, char **path) | |
33975 | +{ | |
33976 | + struct acl_object_label *tmp; | |
33977 | + | |
33978 | + if (*path == NULL) | |
33979 | + *path = gr_to_filename_nolock(dentry, mnt); | |
33980 | + | |
33981 | + tmp = globbed; | |
33982 | + | |
33983 | + while (tmp) { | |
33984 | + if (!glob_match(tmp->filename, *path)) | |
33985 | + return tmp; | |
33986 | + tmp = tmp->next; | |
33987 | + } | |
33988 | + | |
33989 | + return NULL; | |
33990 | +} | |
33991 | + | |
33992 | +static struct acl_object_label * | |
33993 | +__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt, | |
33994 | + const ino_t curr_ino, const dev_t curr_dev, | |
33995 | + const struct acl_subject_label *subj, char **path, const int checkglob) | |
33996 | +{ | |
33997 | + struct acl_subject_label *tmpsubj; | |
33998 | + struct acl_object_label *retval; | |
33999 | + struct acl_object_label *retval2; | |
34000 | + | |
34001 | + tmpsubj = (struct acl_subject_label *) subj; | |
34002 | + read_lock(&gr_inode_lock); | |
34003 | + do { | |
34004 | + retval = lookup_acl_obj_label(curr_ino, curr_dev, tmpsubj); | |
34005 | + if (retval) { | |
34006 | + if (checkglob && retval->globbed) { | |
34007 | + retval2 = chk_glob_label(retval->globbed, (struct dentry *)orig_dentry, | |
34008 | + (struct vfsmount *)orig_mnt, path); | |
34009 | + if (retval2) | |
34010 | + retval = retval2; | |
34011 | + } | |
34012 | + break; | |
34013 | + } | |
34014 | + } while ((tmpsubj = tmpsubj->parent_subject)); | |
34015 | + read_unlock(&gr_inode_lock); | |
34016 | + | |
34017 | + return retval; | |
34018 | +} | |
34019 | + | |
34020 | +static __inline__ struct acl_object_label * | |
34021 | +full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt, | |
34022 | + const struct dentry *curr_dentry, | |
34023 | + const struct acl_subject_label *subj, char **path, const int checkglob) | |
34024 | +{ | |
34025 | + return __full_lookup(orig_dentry, orig_mnt, | |
34026 | + curr_dentry->d_inode->i_ino, | |
34027 | + curr_dentry->d_inode->i_sb->s_dev, subj, path, checkglob); | |
34028 | +} | |
34029 | + | |
34030 | +static struct acl_object_label * | |
34031 | +__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, | |
34032 | + const struct acl_subject_label *subj, char *path, const int checkglob) | |
34033 | +{ | |
34034 | + struct dentry *dentry = (struct dentry *) l_dentry; | |
34035 | + struct vfsmount *mnt = (struct vfsmount *) l_mnt; | |
34036 | + struct acl_object_label *retval; | |
34037 | + | |
34038 | + spin_lock(&dcache_lock); | |
34039 | + | |
34040 | + if (unlikely(mnt == shm_mnt || mnt == pipe_mnt || mnt == sock_mnt || | |
34041 | + /* ignore Eric Biederman */ | |
34042 | + IS_PRIVATE(l_dentry->d_inode))) { | |
34043 | + retval = fakefs_obj; | |
34044 | + goto out; | |
34045 | + } | |
34046 | + | |
34047 | + for (;;) { | |
34048 | + if (dentry == real_root && mnt == real_root_mnt) | |
34049 | + break; | |
34050 | + | |
34051 | + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) { | |
34052 | + if (mnt->mnt_parent == mnt) | |
34053 | + break; | |
34054 | + | |
34055 | + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob); | |
34056 | + if (retval != NULL) | |
34057 | + goto out; | |
34058 | + | |
34059 | + dentry = mnt->mnt_mountpoint; | |
34060 | + mnt = mnt->mnt_parent; | |
34061 | + continue; | |
34062 | + } | |
34063 | + | |
34064 | + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob); | |
34065 | + if (retval != NULL) | |
34066 | + goto out; | |
34067 | + | |
34068 | + dentry = dentry->d_parent; | |
34069 | + } | |
34070 | + | |
34071 | + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob); | |
34072 | + | |
34073 | + if (retval == NULL) | |
34074 | + retval = full_lookup(l_dentry, l_mnt, real_root, subj, &path, checkglob); | |
34075 | +out: | |
34076 | + spin_unlock(&dcache_lock); | |
34077 | + return retval; | |
34078 | +} | |
34079 | + | |
34080 | +static __inline__ struct acl_object_label * | |
34081 | +chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, | |
34082 | + const struct acl_subject_label *subj) | |
34083 | +{ | |
34084 | + char *path = NULL; | |
34085 | + return __chk_obj_label(l_dentry, l_mnt, subj, path, 1); | |
34086 | +} | |
34087 | + | |
34088 | +static __inline__ struct acl_object_label * | |
34089 | +chk_obj_label_noglob(const struct dentry *l_dentry, const struct vfsmount *l_mnt, | |
34090 | + const struct acl_subject_label *subj) | |
34091 | +{ | |
34092 | + char *path = NULL; | |
34093 | + return __chk_obj_label(l_dentry, l_mnt, subj, path, 0); | |
34094 | +} | |
34095 | + | |
34096 | +static __inline__ struct acl_object_label * | |
34097 | +chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, | |
34098 | + const struct acl_subject_label *subj, char *path) | |
34099 | +{ | |
34100 | + return __chk_obj_label(l_dentry, l_mnt, subj, path, 1); | |
34101 | +} | |
34102 | + | |
34103 | +static struct acl_subject_label * | |
34104 | +chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, | |
34105 | + const struct acl_role_label *role) | |
34106 | +{ | |
34107 | + struct dentry *dentry = (struct dentry *) l_dentry; | |
34108 | + struct vfsmount *mnt = (struct vfsmount *) l_mnt; | |
34109 | + struct acl_subject_label *retval; | |
34110 | + | |
34111 | + spin_lock(&dcache_lock); | |
34112 | + | |
34113 | + for (;;) { | |
34114 | + if (dentry == real_root && mnt == real_root_mnt) | |
34115 | + break; | |
34116 | + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) { | |
34117 | + if (mnt->mnt_parent == mnt) | |
34118 | + break; | |
34119 | + | |
34120 | + read_lock(&gr_inode_lock); | |
34121 | + retval = | |
34122 | + lookup_acl_subj_label(dentry->d_inode->i_ino, | |
34123 | + dentry->d_inode->i_sb->s_dev, role); | |
34124 | + read_unlock(&gr_inode_lock); | |
34125 | + if (retval != NULL) | |
34126 | + goto out; | |
34127 | + | |
34128 | + dentry = mnt->mnt_mountpoint; | |
34129 | + mnt = mnt->mnt_parent; | |
34130 | + continue; | |
34131 | + } | |
34132 | + | |
34133 | + read_lock(&gr_inode_lock); | |
34134 | + retval = lookup_acl_subj_label(dentry->d_inode->i_ino, | |
34135 | + dentry->d_inode->i_sb->s_dev, role); | |
34136 | + read_unlock(&gr_inode_lock); | |
34137 | + if (retval != NULL) | |
34138 | + goto out; | |
34139 | + | |
34140 | + dentry = dentry->d_parent; | |
34141 | + } | |
34142 | + | |
34143 | + read_lock(&gr_inode_lock); | |
34144 | + retval = lookup_acl_subj_label(dentry->d_inode->i_ino, | |
34145 | + dentry->d_inode->i_sb->s_dev, role); | |
34146 | + read_unlock(&gr_inode_lock); | |
34147 | + | |
34148 | + if (unlikely(retval == NULL)) { | |
34149 | + read_lock(&gr_inode_lock); | |
34150 | + retval = lookup_acl_subj_label(real_root->d_inode->i_ino, | |
34151 | + real_root->d_inode->i_sb->s_dev, role); | |
34152 | + read_unlock(&gr_inode_lock); | |
34153 | + } | |
34154 | +out: | |
34155 | + spin_unlock(&dcache_lock); | |
34156 | + | |
34157 | + return retval; | |
34158 | +} | |
34159 | + | |
34160 | +static void | |
34161 | +gr_log_learn(const struct dentry *dentry, const struct vfsmount *mnt, const __u32 mode) | |
34162 | +{ | |
34163 | + struct task_struct *task = current; | |
34164 | + const struct cred *cred = current_cred(); | |
34165 | + | |
34166 | + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype, | |
34167 | + cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry, | |
34168 | + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename, | |
ae4e228f | 34169 | + 1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, &task->signal->curr_ip); |
58c5fc13 MT |
34170 | + |
34171 | + return; | |
34172 | +} | |
34173 | + | |
34174 | +static void | |
34175 | +gr_log_learn_sysctl(const char *path, const __u32 mode) | |
34176 | +{ | |
34177 | + struct task_struct *task = current; | |
34178 | + const struct cred *cred = current_cred(); | |
34179 | + | |
34180 | + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype, | |
34181 | + cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry, | |
34182 | + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename, | |
ae4e228f | 34183 | + 1UL, 1UL, path, (unsigned long) mode, &task->signal->curr_ip); |
58c5fc13 MT |
34184 | + |
34185 | + return; | |
34186 | +} | |
34187 | + | |
34188 | +static void | |
34189 | +gr_log_learn_id_change(const char type, const unsigned int real, | |
34190 | + const unsigned int effective, const unsigned int fs) | |
34191 | +{ | |
34192 | + struct task_struct *task = current; | |
34193 | + const struct cred *cred = current_cred(); | |
34194 | + | |
34195 | + security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype, | |
34196 | + cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry, | |
34197 | + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename, | |
ae4e228f | 34198 | + type, real, effective, fs, &task->signal->curr_ip); |
58c5fc13 MT |
34199 | + |
34200 | + return; | |
34201 | +} | |
34202 | + | |
34203 | +__u32 | |
34204 | +gr_check_link(const struct dentry * new_dentry, | |
34205 | + const struct dentry * parent_dentry, | |
34206 | + const struct vfsmount * parent_mnt, | |
34207 | + const struct dentry * old_dentry, const struct vfsmount * old_mnt) | |
34208 | +{ | |
34209 | + struct acl_object_label *obj; | |
34210 | + __u32 oldmode, newmode; | |
34211 | + __u32 needmode; | |
34212 | + | |
34213 | + if (unlikely(!(gr_status & GR_READY))) | |
34214 | + return (GR_CREATE | GR_LINK); | |
34215 | + | |
34216 | + obj = chk_obj_label(old_dentry, old_mnt, current->acl); | |
34217 | + oldmode = obj->mode; | |
34218 | + | |
34219 | + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) | |
34220 | + oldmode |= (GR_CREATE | GR_LINK); | |
34221 | + | |
34222 | + needmode = GR_CREATE | GR_AUDIT_CREATE | GR_SUPPRESS; | |
34223 | + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID)) | |
34224 | + needmode |= GR_SETID | GR_AUDIT_SETID; | |
34225 | + | |
34226 | + newmode = | |
34227 | + gr_check_create(new_dentry, parent_dentry, parent_mnt, | |
34228 | + oldmode | needmode); | |
34229 | + | |
34230 | + needmode = newmode & (GR_FIND | GR_APPEND | GR_WRITE | GR_EXEC | | |
34231 | + GR_SETID | GR_READ | GR_FIND | GR_DELETE | | |
34232 | + GR_INHERIT | GR_AUDIT_INHERIT); | |
34233 | + | |
34234 | + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID) && !(newmode & GR_SETID)) | |
34235 | + goto bad; | |
34236 | + | |
34237 | + if ((oldmode & needmode) != needmode) | |
34238 | + goto bad; | |
34239 | + | |
34240 | + needmode = oldmode & (GR_NOPTRACE | GR_PTRACERD | GR_INHERIT | GR_AUDITS); | |
34241 | + if ((newmode & needmode) != needmode) | |
34242 | + goto bad; | |
34243 | + | |
34244 | + if ((newmode & (GR_CREATE | GR_LINK)) == (GR_CREATE | GR_LINK)) | |
34245 | + return newmode; | |
34246 | +bad: | |
34247 | + needmode = oldmode; | |
34248 | + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID)) | |
34249 | + needmode |= GR_SETID; | |
34250 | + | |
34251 | + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) { | |
34252 | + gr_log_learn(old_dentry, old_mnt, needmode); | |
34253 | + return (GR_CREATE | GR_LINK); | |
34254 | + } else if (newmode & GR_SUPPRESS) | |
34255 | + return GR_SUPPRESS; | |
34256 | + else | |
34257 | + return 0; | |
34258 | +} | |
34259 | + | |
34260 | +__u32 | |
34261 | +gr_search_file(const struct dentry * dentry, const __u32 mode, | |
34262 | + const struct vfsmount * mnt) | |
34263 | +{ | |
34264 | + __u32 retval = mode; | |
34265 | + struct acl_subject_label *curracl; | |
34266 | + struct acl_object_label *currobj; | |
34267 | + | |
34268 | + if (unlikely(!(gr_status & GR_READY))) | |
34269 | + return (mode & ~GR_AUDITS); | |
34270 | + | |
34271 | + curracl = current->acl; | |
34272 | + | |
34273 | + currobj = chk_obj_label(dentry, mnt, curracl); | |
34274 | + retval = currobj->mode & mode; | |
34275 | + | |
34276 | + if (unlikely | |
34277 | + ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) && !(mode & GR_NOPTRACE) | |
34278 | + && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) { | |
34279 | + __u32 new_mode = mode; | |
34280 | + | |
34281 | + new_mode &= ~(GR_AUDITS | GR_SUPPRESS); | |
34282 | + | |
34283 | + retval = new_mode; | |
34284 | + | |
34285 | + if (new_mode & GR_EXEC && curracl->mode & GR_INHERITLEARN) | |
34286 | + new_mode |= GR_INHERIT; | |
34287 | + | |
34288 | + if (!(mode & GR_NOLEARN)) | |
34289 | + gr_log_learn(dentry, mnt, new_mode); | |
34290 | + } | |
34291 | + | |
34292 | + return retval; | |
34293 | +} | |
34294 | + | |
34295 | +__u32 | |
34296 | +gr_check_create(const struct dentry * new_dentry, const struct dentry * parent, | |
34297 | + const struct vfsmount * mnt, const __u32 mode) | |
34298 | +{ | |
34299 | + struct name_entry *match; | |
34300 | + struct acl_object_label *matchpo; | |
34301 | + struct acl_subject_label *curracl; | |
34302 | + char *path; | |
34303 | + __u32 retval; | |
34304 | + | |
34305 | + if (unlikely(!(gr_status & GR_READY))) | |
34306 | + return (mode & ~GR_AUDITS); | |
34307 | + | |
34308 | + preempt_disable(); | |
34309 | + path = gr_to_filename_rbac(new_dentry, mnt); | |
34310 | + match = lookup_name_entry_create(path); | |
34311 | + | |
34312 | + if (!match) | |
34313 | + goto check_parent; | |
34314 | + | |
34315 | + curracl = current->acl; | |
34316 | + | |
34317 | + read_lock(&gr_inode_lock); | |
34318 | + matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl); | |
34319 | + read_unlock(&gr_inode_lock); | |
34320 | + | |
34321 | + if (matchpo) { | |
34322 | + if ((matchpo->mode & mode) != | |
34323 | + (mode & ~(GR_AUDITS | GR_SUPPRESS)) | |
34324 | + && curracl->mode & (GR_LEARN | GR_INHERITLEARN)) { | |
34325 | + __u32 new_mode = mode; | |
34326 | + | |
34327 | + new_mode &= ~(GR_AUDITS | GR_SUPPRESS); | |
34328 | + | |
34329 | + gr_log_learn(new_dentry, mnt, new_mode); | |
34330 | + | |
34331 | + preempt_enable(); | |
34332 | + return new_mode; | |
34333 | + } | |
34334 | + preempt_enable(); | |
34335 | + return (matchpo->mode & mode); | |
34336 | + } | |
34337 | + | |
34338 | + check_parent: | |
34339 | + curracl = current->acl; | |
34340 | + | |
34341 | + matchpo = chk_obj_create_label(parent, mnt, curracl, path); | |
34342 | + retval = matchpo->mode & mode; | |
34343 | + | |
34344 | + if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))) | |
34345 | + && (curracl->mode & (GR_LEARN | GR_INHERITLEARN))) { | |
34346 | + __u32 new_mode = mode; | |
34347 | + | |
34348 | + new_mode &= ~(GR_AUDITS | GR_SUPPRESS); | |
34349 | + | |
34350 | + gr_log_learn(new_dentry, mnt, new_mode); | |
34351 | + preempt_enable(); | |
34352 | + return new_mode; | |
34353 | + } | |
34354 | + | |
34355 | + preempt_enable(); | |
34356 | + return retval; | |
34357 | +} | |
34358 | + | |
34359 | +int | |
34360 | +gr_check_hidden_task(const struct task_struct *task) | |
34361 | +{ | |
34362 | + if (unlikely(!(gr_status & GR_READY))) | |
34363 | + return 0; | |
34364 | + | |
34365 | + if (!(task->acl->mode & GR_PROCFIND) && !(current->acl->mode & GR_VIEW)) | |
34366 | + return 1; | |
34367 | + | |
34368 | + return 0; | |
34369 | +} | |
34370 | + | |
34371 | +int | |
34372 | +gr_check_protected_task(const struct task_struct *task) | |
34373 | +{ | |
34374 | + if (unlikely(!(gr_status & GR_READY) || !task)) | |
34375 | + return 0; | |
34376 | + | |
34377 | + if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) && | |
34378 | + task->acl != current->acl) | |
34379 | + return 1; | |
34380 | + | |
34381 | + return 0; | |
34382 | +} | |
34383 | + | |
34384 | +void | |
34385 | +gr_copy_label(struct task_struct *tsk) | |
34386 | +{ | |
34387 | + tsk->signal->used_accept = 0; | |
34388 | + tsk->acl_sp_role = 0; | |
34389 | + tsk->acl_role_id = current->acl_role_id; | |
34390 | + tsk->acl = current->acl; | |
34391 | + tsk->role = current->role; | |
34392 | + tsk->signal->curr_ip = current->signal->curr_ip; | |
34393 | + if (current->exec_file) | |
34394 | + get_file(current->exec_file); | |
34395 | + tsk->exec_file = current->exec_file; | |
34396 | + tsk->is_writable = current->is_writable; | |
34397 | + if (unlikely(current->signal->used_accept)) | |
34398 | + current->signal->curr_ip = 0; | |
34399 | + | |
34400 | + return; | |
34401 | +} | |
34402 | + | |
34403 | +static void | |
34404 | +gr_set_proc_res(struct task_struct *task) | |
34405 | +{ | |
34406 | + struct acl_subject_label *proc; | |
34407 | + unsigned short i; | |
34408 | + | |
34409 | + proc = task->acl; | |
34410 | + | |
34411 | + if (proc->mode & (GR_LEARN | GR_INHERITLEARN)) | |
34412 | + return; | |
34413 | + | |
34414 | + for (i = 0; i < RLIM_NLIMITS; i++) { | |
34415 | + if (!(proc->resmask & (1 << i))) | |
34416 | + continue; | |
34417 | + | |
34418 | + task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur; | |
34419 | + task->signal->rlim[i].rlim_max = proc->res[i].rlim_max; | |
34420 | + } | |
34421 | + | |
34422 | + return; | |
34423 | +} | |
34424 | + | |
34425 | +int | |
34426 | +gr_check_user_change(int real, int effective, int fs) | |
34427 | +{ | |
34428 | + unsigned int i; | |
34429 | + __u16 num; | |
34430 | + uid_t *uidlist; | |
34431 | + int curuid; | |
34432 | + int realok = 0; | |
34433 | + int effectiveok = 0; | |
34434 | + int fsok = 0; | |
34435 | + | |
34436 | + if (unlikely(!(gr_status & GR_READY))) | |
34437 | + return 0; | |
34438 | + | |
34439 | + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) | |
34440 | + gr_log_learn_id_change('u', real, effective, fs); | |
34441 | + | |
34442 | + num = current->acl->user_trans_num; | |
34443 | + uidlist = current->acl->user_transitions; | |
34444 | + | |
34445 | + if (uidlist == NULL) | |
34446 | + return 0; | |
34447 | + | |
34448 | + if (real == -1) | |
34449 | + realok = 1; | |
34450 | + if (effective == -1) | |
34451 | + effectiveok = 1; | |
34452 | + if (fs == -1) | |
34453 | + fsok = 1; | |
34454 | + | |
34455 | + if (current->acl->user_trans_type & GR_ID_ALLOW) { | |
34456 | + for (i = 0; i < num; i++) { | |
34457 | + curuid = (int)uidlist[i]; | |
34458 | + if (real == curuid) | |
34459 | + realok = 1; | |
34460 | + if (effective == curuid) | |
34461 | + effectiveok = 1; | |
34462 | + if (fs == curuid) | |
34463 | + fsok = 1; | |
34464 | + } | |
34465 | + } else if (current->acl->user_trans_type & GR_ID_DENY) { | |
34466 | + for (i = 0; i < num; i++) { | |
34467 | + curuid = (int)uidlist[i]; | |
34468 | + if (real == curuid) | |
34469 | + break; | |
34470 | + if (effective == curuid) | |
34471 | + break; | |
34472 | + if (fs == curuid) | |
34473 | + break; | |
34474 | + } | |
34475 | + /* not in deny list */ | |
34476 | + if (i == num) { | |
34477 | + realok = 1; | |
34478 | + effectiveok = 1; | |
34479 | + fsok = 1; | |
34480 | + } | |
34481 | + } | |
34482 | + | |
34483 | + if (realok && effectiveok && fsok) | |
34484 | + return 0; | |
34485 | + else { | |
34486 | + gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real); | |
34487 | + return 1; | |
34488 | + } | |
34489 | +} | |
34490 | + | |
34491 | +int | |
34492 | +gr_check_group_change(int real, int effective, int fs) | |
34493 | +{ | |
34494 | + unsigned int i; | |
34495 | + __u16 num; | |
34496 | + gid_t *gidlist; | |
34497 | + int curgid; | |
34498 | + int realok = 0; | |
34499 | + int effectiveok = 0; | |
34500 | + int fsok = 0; | |
34501 | + | |
34502 | + if (unlikely(!(gr_status & GR_READY))) | |
34503 | + return 0; | |
34504 | + | |
34505 | + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) | |
34506 | + gr_log_learn_id_change('g', real, effective, fs); | |
34507 | + | |
34508 | + num = current->acl->group_trans_num; | |
34509 | + gidlist = current->acl->group_transitions; | |
34510 | + | |
34511 | + if (gidlist == NULL) | |
34512 | + return 0; | |
34513 | + | |
34514 | + if (real == -1) | |
34515 | + realok = 1; | |
34516 | + if (effective == -1) | |
34517 | + effectiveok = 1; | |
34518 | + if (fs == -1) | |
34519 | + fsok = 1; | |
34520 | + | |
34521 | + if (current->acl->group_trans_type & GR_ID_ALLOW) { | |
34522 | + for (i = 0; i < num; i++) { | |
34523 | + curgid = (int)gidlist[i]; | |
34524 | + if (real == curgid) | |
34525 | + realok = 1; | |
34526 | + if (effective == curgid) | |
34527 | + effectiveok = 1; | |
34528 | + if (fs == curgid) | |
34529 | + fsok = 1; | |
34530 | + } | |
34531 | + } else if (current->acl->group_trans_type & GR_ID_DENY) { | |
34532 | + for (i = 0; i < num; i++) { | |
34533 | + curgid = (int)gidlist[i]; | |
34534 | + if (real == curgid) | |
34535 | + break; | |
34536 | + if (effective == curgid) | |
34537 | + break; | |
34538 | + if (fs == curgid) | |
34539 | + break; | |
34540 | + } | |
34541 | + /* not in deny list */ | |
34542 | + if (i == num) { | |
34543 | + realok = 1; | |
34544 | + effectiveok = 1; | |
34545 | + fsok = 1; | |
34546 | + } | |
34547 | + } | |
34548 | + | |
34549 | + if (realok && effectiveok && fsok) | |
34550 | + return 0; | |
34551 | + else { | |
34552 | + gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real); | |
34553 | + return 1; | |
34554 | + } | |
34555 | +} | |
34556 | + | |
34557 | +void | |
34558 | +gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid) | |
34559 | +{ | |
34560 | + struct acl_role_label *role = task->role; | |
34561 | + struct acl_subject_label *subj = NULL; | |
34562 | + struct acl_object_label *obj; | |
34563 | + struct file *filp; | |
34564 | + | |
34565 | + if (unlikely(!(gr_status & GR_READY))) | |
34566 | + return; | |
34567 | + | |
34568 | + filp = task->exec_file; | |
34569 | + | |
34570 | + /* kernel process, we'll give them the kernel role */ | |
34571 | + if (unlikely(!filp)) { | |
34572 | + task->role = kernel_role; | |
34573 | + task->acl = kernel_role->root_label; | |
34574 | + return; | |
34575 | + } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL)) | |
34576 | + role = lookup_acl_role_label(task, uid, gid); | |
34577 | + | |
34578 | + /* perform subject lookup in possibly new role | |
34579 | + we can use this result below in the case where role == task->role | |
34580 | + */ | |
34581 | + subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role); | |
34582 | + | |
34583 | + /* if we changed uid/gid, but result in the same role | |
34584 | + and are using inheritance, don't lose the inherited subject | |
34585 | + if current subject is other than what normal lookup | |
34586 | + would result in, we arrived via inheritance, don't | |
34587 | + lose subject | |
34588 | + */ | |
34589 | + if (role != task->role || (!(task->acl->mode & GR_INHERITLEARN) && | |
34590 | + (subj == task->acl))) | |
34591 | + task->acl = subj; | |
34592 | + | |
34593 | + task->role = role; | |
34594 | + | |
34595 | + task->is_writable = 0; | |
34596 | + | |
34597 | + /* ignore additional mmap checks for processes that are writable | |
34598 | + by the default ACL */ | |
34599 | + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label); | |
34600 | + if (unlikely(obj->mode & GR_WRITE)) | |
34601 | + task->is_writable = 1; | |
34602 | + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label); | |
34603 | + if (unlikely(obj->mode & GR_WRITE)) | |
34604 | + task->is_writable = 1; | |
34605 | + | |
34606 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
34607 | + printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename); | |
34608 | +#endif | |
34609 | + | |
34610 | + gr_set_proc_res(task); | |
34611 | + | |
34612 | + return; | |
34613 | +} | |
34614 | + | |
34615 | +int | |
34616 | +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt, | |
34617 | + const int unsafe_share) | |
34618 | +{ | |
34619 | + struct task_struct *task = current; | |
34620 | + struct acl_subject_label *newacl; | |
34621 | + struct acl_object_label *obj; | |
34622 | + __u32 retmode; | |
34623 | + | |
34624 | + if (unlikely(!(gr_status & GR_READY))) | |
34625 | + return 0; | |
34626 | + | |
34627 | + newacl = chk_subj_label(dentry, mnt, task->role); | |
34628 | + | |
34629 | + task_lock(task); | |
ae4e228f MT |
34630 | + if ((((task->ptrace & PT_PTRACED) || unsafe_share) && |
34631 | + !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) && | |
58c5fc13 MT |
34632 | + !(task->role->roletype & GR_ROLE_GOD) && |
34633 | + !gr_search_file(dentry, GR_PTRACERD, mnt) && | |
ae4e228f | 34634 | + !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN)))) { |
58c5fc13 | 34635 | + task_unlock(task); |
ae4e228f MT |
34636 | + if (unsafe_share) |
34637 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt); | |
34638 | + else | |
34639 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt); | |
58c5fc13 MT |
34640 | + return -EACCES; |
34641 | + } | |
34642 | + task_unlock(task); | |
34643 | + | |
34644 | + obj = chk_obj_label(dentry, mnt, task->acl); | |
34645 | + retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT); | |
34646 | + | |
34647 | + if (!(task->acl->mode & GR_INHERITLEARN) && | |
34648 | + ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT))) { | |
34649 | + if (obj->nested) | |
34650 | + task->acl = obj->nested; | |
34651 | + else | |
34652 | + task->acl = newacl; | |
34653 | + } else if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT) | |
34654 | + gr_log_str_fs(GR_DO_AUDIT, GR_INHERIT_ACL_MSG, task->acl->filename, dentry, mnt); | |
34655 | + | |
34656 | + task->is_writable = 0; | |
34657 | + | |
34658 | + /* ignore additional mmap checks for processes that are writable | |
34659 | + by the default ACL */ | |
34660 | + obj = chk_obj_label(dentry, mnt, default_role->root_label); | |
34661 | + if (unlikely(obj->mode & GR_WRITE)) | |
34662 | + task->is_writable = 1; | |
34663 | + obj = chk_obj_label(dentry, mnt, task->role->root_label); | |
34664 | + if (unlikely(obj->mode & GR_WRITE)) | |
34665 | + task->is_writable = 1; | |
34666 | + | |
34667 | + gr_set_proc_res(task); | |
34668 | + | |
34669 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
34670 | + printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename); | |
34671 | +#endif | |
34672 | + return 0; | |
34673 | +} | |
34674 | + | |
34675 | +/* always called with valid inodev ptr */ | |
34676 | +static void | |
34677 | +do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev) | |
34678 | +{ | |
34679 | + struct acl_object_label *matchpo; | |
34680 | + struct acl_subject_label *matchps; | |
34681 | + struct acl_subject_label *subj; | |
34682 | + struct acl_role_label *role; | |
ae4e228f | 34683 | + unsigned int x; |
58c5fc13 | 34684 | + |
ae4e228f | 34685 | + FOR_EACH_ROLE_START(role) |
58c5fc13 MT |
34686 | + FOR_EACH_SUBJECT_START(role, subj, x) |
34687 | + if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL) | |
34688 | + matchpo->mode |= GR_DELETED; | |
34689 | + FOR_EACH_SUBJECT_END(subj,x) | |
34690 | + FOR_EACH_NESTED_SUBJECT_START(role, subj) | |
34691 | + if (subj->inode == ino && subj->device == dev) | |
34692 | + subj->mode |= GR_DELETED; | |
34693 | + FOR_EACH_NESTED_SUBJECT_END(subj) | |
34694 | + if ((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL) | |
34695 | + matchps->mode |= GR_DELETED; | |
ae4e228f | 34696 | + FOR_EACH_ROLE_END(role) |
58c5fc13 MT |
34697 | + |
34698 | + inodev->nentry->deleted = 1; | |
34699 | + | |
34700 | + return; | |
34701 | +} | |
34702 | + | |
34703 | +void | |
34704 | +gr_handle_delete(const ino_t ino, const dev_t dev) | |
34705 | +{ | |
34706 | + struct inodev_entry *inodev; | |
34707 | + | |
34708 | + if (unlikely(!(gr_status & GR_READY))) | |
34709 | + return; | |
34710 | + | |
34711 | + write_lock(&gr_inode_lock); | |
34712 | + inodev = lookup_inodev_entry(ino, dev); | |
34713 | + if (inodev != NULL) | |
34714 | + do_handle_delete(inodev, ino, dev); | |
34715 | + write_unlock(&gr_inode_lock); | |
34716 | + | |
34717 | + return; | |
34718 | +} | |
34719 | + | |
34720 | +static void | |
34721 | +update_acl_obj_label(const ino_t oldinode, const dev_t olddevice, | |
34722 | + const ino_t newinode, const dev_t newdevice, | |
34723 | + struct acl_subject_label *subj) | |
34724 | +{ | |
34725 | + unsigned int index = fhash(oldinode, olddevice, subj->obj_hash_size); | |
34726 | + struct acl_object_label *match; | |
34727 | + | |
34728 | + match = subj->obj_hash[index]; | |
34729 | + | |
34730 | + while (match && (match->inode != oldinode || | |
34731 | + match->device != olddevice || | |
34732 | + !(match->mode & GR_DELETED))) | |
34733 | + match = match->next; | |
34734 | + | |
34735 | + if (match && (match->inode == oldinode) | |
34736 | + && (match->device == olddevice) | |
34737 | + && (match->mode & GR_DELETED)) { | |
34738 | + if (match->prev == NULL) { | |
34739 | + subj->obj_hash[index] = match->next; | |
34740 | + if (match->next != NULL) | |
34741 | + match->next->prev = NULL; | |
34742 | + } else { | |
34743 | + match->prev->next = match->next; | |
34744 | + if (match->next != NULL) | |
34745 | + match->next->prev = match->prev; | |
34746 | + } | |
34747 | + match->prev = NULL; | |
34748 | + match->next = NULL; | |
34749 | + match->inode = newinode; | |
34750 | + match->device = newdevice; | |
34751 | + match->mode &= ~GR_DELETED; | |
34752 | + | |
34753 | + insert_acl_obj_label(match, subj); | |
34754 | + } | |
34755 | + | |
34756 | + return; | |
34757 | +} | |
34758 | + | |
34759 | +static void | |
34760 | +update_acl_subj_label(const ino_t oldinode, const dev_t olddevice, | |
34761 | + const ino_t newinode, const dev_t newdevice, | |
34762 | + struct acl_role_label *role) | |
34763 | +{ | |
34764 | + unsigned int index = fhash(oldinode, olddevice, role->subj_hash_size); | |
34765 | + struct acl_subject_label *match; | |
34766 | + | |
34767 | + match = role->subj_hash[index]; | |
34768 | + | |
34769 | + while (match && (match->inode != oldinode || | |
34770 | + match->device != olddevice || | |
34771 | + !(match->mode & GR_DELETED))) | |
34772 | + match = match->next; | |
34773 | + | |
34774 | + if (match && (match->inode == oldinode) | |
34775 | + && (match->device == olddevice) | |
34776 | + && (match->mode & GR_DELETED)) { | |
34777 | + if (match->prev == NULL) { | |
34778 | + role->subj_hash[index] = match->next; | |
34779 | + if (match->next != NULL) | |
34780 | + match->next->prev = NULL; | |
34781 | + } else { | |
34782 | + match->prev->next = match->next; | |
34783 | + if (match->next != NULL) | |
34784 | + match->next->prev = match->prev; | |
34785 | + } | |
34786 | + match->prev = NULL; | |
34787 | + match->next = NULL; | |
34788 | + match->inode = newinode; | |
34789 | + match->device = newdevice; | |
34790 | + match->mode &= ~GR_DELETED; | |
34791 | + | |
34792 | + insert_acl_subj_label(match, role); | |
34793 | + } | |
34794 | + | |
34795 | + return; | |
34796 | +} | |
34797 | + | |
34798 | +static void | |
34799 | +update_inodev_entry(const ino_t oldinode, const dev_t olddevice, | |
34800 | + const ino_t newinode, const dev_t newdevice) | |
34801 | +{ | |
34802 | + unsigned int index = fhash(oldinode, olddevice, inodev_set.i_size); | |
34803 | + struct inodev_entry *match; | |
34804 | + | |
34805 | + match = inodev_set.i_hash[index]; | |
34806 | + | |
34807 | + while (match && (match->nentry->inode != oldinode || | |
34808 | + match->nentry->device != olddevice || !match->nentry->deleted)) | |
34809 | + match = match->next; | |
34810 | + | |
34811 | + if (match && (match->nentry->inode == oldinode) | |
34812 | + && (match->nentry->device == olddevice) && | |
34813 | + match->nentry->deleted) { | |
34814 | + if (match->prev == NULL) { | |
34815 | + inodev_set.i_hash[index] = match->next; | |
34816 | + if (match->next != NULL) | |
34817 | + match->next->prev = NULL; | |
34818 | + } else { | |
34819 | + match->prev->next = match->next; | |
34820 | + if (match->next != NULL) | |
34821 | + match->next->prev = match->prev; | |
34822 | + } | |
34823 | + match->prev = NULL; | |
34824 | + match->next = NULL; | |
34825 | + match->nentry->inode = newinode; | |
34826 | + match->nentry->device = newdevice; | |
34827 | + match->nentry->deleted = 0; | |
34828 | + | |
34829 | + insert_inodev_entry(match); | |
34830 | + } | |
34831 | + | |
34832 | + return; | |
34833 | +} | |
34834 | + | |
34835 | +static void | |
34836 | +do_handle_create(const struct name_entry *matchn, const struct dentry *dentry, | |
34837 | + const struct vfsmount *mnt) | |
34838 | +{ | |
34839 | + struct acl_subject_label *subj; | |
34840 | + struct acl_role_label *role; | |
ae4e228f MT |
34841 | + unsigned int x; |
34842 | + | |
34843 | + FOR_EACH_ROLE_START(role) | |
58c5fc13 MT |
34844 | + update_acl_subj_label(matchn->inode, matchn->device, |
34845 | + dentry->d_inode->i_ino, | |
34846 | + dentry->d_inode->i_sb->s_dev, role); | |
34847 | + | |
34848 | + FOR_EACH_NESTED_SUBJECT_START(role, subj) | |
34849 | + if ((subj->inode == dentry->d_inode->i_ino) && | |
34850 | + (subj->device == dentry->d_inode->i_sb->s_dev)) { | |
34851 | + subj->inode = dentry->d_inode->i_ino; | |
34852 | + subj->device = dentry->d_inode->i_sb->s_dev; | |
34853 | + } | |
34854 | + FOR_EACH_NESTED_SUBJECT_END(subj) | |
34855 | + FOR_EACH_SUBJECT_START(role, subj, x) | |
34856 | + update_acl_obj_label(matchn->inode, matchn->device, | |
34857 | + dentry->d_inode->i_ino, | |
34858 | + dentry->d_inode->i_sb->s_dev, subj); | |
34859 | + FOR_EACH_SUBJECT_END(subj,x) | |
ae4e228f | 34860 | + FOR_EACH_ROLE_END(role) |
58c5fc13 MT |
34861 | + |
34862 | + update_inodev_entry(matchn->inode, matchn->device, | |
34863 | + dentry->d_inode->i_ino, dentry->d_inode->i_sb->s_dev); | |
34864 | + | |
34865 | + return; | |
34866 | +} | |
34867 | + | |
34868 | +void | |
34869 | +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt) | |
34870 | +{ | |
34871 | + struct name_entry *matchn; | |
34872 | + | |
34873 | + if (unlikely(!(gr_status & GR_READY))) | |
34874 | + return; | |
34875 | + | |
34876 | + preempt_disable(); | |
34877 | + matchn = lookup_name_entry(gr_to_filename_rbac(dentry, mnt)); | |
34878 | + | |
34879 | + if (unlikely((unsigned long)matchn)) { | |
34880 | + write_lock(&gr_inode_lock); | |
34881 | + do_handle_create(matchn, dentry, mnt); | |
34882 | + write_unlock(&gr_inode_lock); | |
34883 | + } | |
34884 | + preempt_enable(); | |
34885 | + | |
34886 | + return; | |
34887 | +} | |
34888 | + | |
34889 | +void | |
34890 | +gr_handle_rename(struct inode *old_dir, struct inode *new_dir, | |
34891 | + struct dentry *old_dentry, | |
34892 | + struct dentry *new_dentry, | |
34893 | + struct vfsmount *mnt, const __u8 replace) | |
34894 | +{ | |
34895 | + struct name_entry *matchn; | |
34896 | + struct inodev_entry *inodev; | |
34897 | + | |
34898 | + /* vfs_rename swaps the name and parent link for old_dentry and | |
34899 | + new_dentry | |
34900 | + at this point, old_dentry has the new name, parent link, and inode | |
34901 | + for the renamed file | |
34902 | + if a file is being replaced by a rename, new_dentry has the inode | |
34903 | + and name for the replaced file | |
34904 | + */ | |
34905 | + | |
34906 | + if (unlikely(!(gr_status & GR_READY))) | |
34907 | + return; | |
34908 | + | |
34909 | + preempt_disable(); | |
34910 | + matchn = lookup_name_entry(gr_to_filename_rbac(old_dentry, mnt)); | |
34911 | + | |
34912 | + /* we wouldn't have to check d_inode if it weren't for | |
34913 | + NFS silly-renaming | |
34914 | + */ | |
34915 | + | |
34916 | + write_lock(&gr_inode_lock); | |
34917 | + if (unlikely(replace && new_dentry->d_inode)) { | |
34918 | + inodev = lookup_inodev_entry(new_dentry->d_inode->i_ino, | |
34919 | + new_dentry->d_inode->i_sb->s_dev); | |
34920 | + if (inodev != NULL && (new_dentry->d_inode->i_nlink <= 1)) | |
34921 | + do_handle_delete(inodev, new_dentry->d_inode->i_ino, | |
34922 | + new_dentry->d_inode->i_sb->s_dev); | |
34923 | + } | |
34924 | + | |
34925 | + inodev = lookup_inodev_entry(old_dentry->d_inode->i_ino, | |
34926 | + old_dentry->d_inode->i_sb->s_dev); | |
34927 | + if (inodev != NULL && (old_dentry->d_inode->i_nlink <= 1)) | |
34928 | + do_handle_delete(inodev, old_dentry->d_inode->i_ino, | |
34929 | + old_dentry->d_inode->i_sb->s_dev); | |
34930 | + | |
34931 | + if (unlikely((unsigned long)matchn)) | |
34932 | + do_handle_create(matchn, old_dentry, mnt); | |
34933 | + | |
34934 | + write_unlock(&gr_inode_lock); | |
34935 | + preempt_enable(); | |
34936 | + | |
34937 | + return; | |
34938 | +} | |
34939 | + | |
34940 | +static int | |
34941 | +lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt, | |
34942 | + unsigned char **sum) | |
34943 | +{ | |
34944 | + struct acl_role_label *r; | |
34945 | + struct role_allowed_ip *ipp; | |
34946 | + struct role_transition *trans; | |
34947 | + unsigned int i; | |
34948 | + int found = 0; | |
34949 | + | |
34950 | + /* check transition table */ | |
34951 | + | |
34952 | + for (trans = current->role->transitions; trans; trans = trans->next) { | |
34953 | + if (!strcmp(rolename, trans->rolename)) { | |
34954 | + found = 1; | |
34955 | + break; | |
34956 | + } | |
34957 | + } | |
34958 | + | |
34959 | + if (!found) | |
34960 | + return 0; | |
34961 | + | |
34962 | + /* handle special roles that do not require authentication | |
34963 | + and check ip */ | |
34964 | + | |
ae4e228f | 34965 | + FOR_EACH_ROLE_START(r) |
58c5fc13 MT |
34966 | + if (!strcmp(rolename, r->rolename) && |
34967 | + (r->roletype & GR_ROLE_SPECIAL)) { | |
34968 | + found = 0; | |
34969 | + if (r->allowed_ips != NULL) { | |
34970 | + for (ipp = r->allowed_ips; ipp; ipp = ipp->next) { | |
34971 | + if ((ntohl(current->signal->curr_ip) & ipp->netmask) == | |
34972 | + (ntohl(ipp->addr) & ipp->netmask)) | |
34973 | + found = 1; | |
34974 | + } | |
34975 | + } else | |
34976 | + found = 2; | |
34977 | + if (!found) | |
34978 | + return 0; | |
34979 | + | |
34980 | + if (((mode == GR_SPROLE) && (r->roletype & GR_ROLE_NOPW)) || | |
34981 | + ((mode == GR_SPROLEPAM) && (r->roletype & GR_ROLE_PAM))) { | |
34982 | + *salt = NULL; | |
34983 | + *sum = NULL; | |
34984 | + return 1; | |
34985 | + } | |
34986 | + } | |
ae4e228f | 34987 | + FOR_EACH_ROLE_END(r) |
58c5fc13 MT |
34988 | + |
34989 | + for (i = 0; i < num_sprole_pws; i++) { | |
34990 | + if (!strcmp(rolename, acl_special_roles[i]->rolename)) { | |
34991 | + *salt = acl_special_roles[i]->salt; | |
34992 | + *sum = acl_special_roles[i]->sum; | |
34993 | + return 1; | |
34994 | + } | |
34995 | + } | |
34996 | + | |
34997 | + return 0; | |
34998 | +} | |
34999 | + | |
35000 | +static void | |
35001 | +assign_special_role(char *rolename) | |
35002 | +{ | |
35003 | + struct acl_object_label *obj; | |
35004 | + struct acl_role_label *r; | |
35005 | + struct acl_role_label *assigned = NULL; | |
35006 | + struct task_struct *tsk; | |
35007 | + struct file *filp; | |
58c5fc13 | 35008 | + |
ae4e228f | 35009 | + FOR_EACH_ROLE_START(r) |
58c5fc13 | 35010 | + if (!strcmp(rolename, r->rolename) && |
ae4e228f | 35011 | + (r->roletype & GR_ROLE_SPECIAL)) { |
58c5fc13 | 35012 | + assigned = r; |
ae4e228f MT |
35013 | + break; |
35014 | + } | |
35015 | + FOR_EACH_ROLE_END(r) | |
58c5fc13 MT |
35016 | + |
35017 | + if (!assigned) | |
35018 | + return; | |
35019 | + | |
35020 | + read_lock(&tasklist_lock); | |
35021 | + read_lock(&grsec_exec_file_lock); | |
35022 | + | |
35023 | + tsk = current->parent; | |
35024 | + if (tsk == NULL) | |
35025 | + goto out_unlock; | |
35026 | + | |
35027 | + filp = tsk->exec_file; | |
35028 | + if (filp == NULL) | |
35029 | + goto out_unlock; | |
35030 | + | |
35031 | + tsk->is_writable = 0; | |
35032 | + | |
35033 | + tsk->acl_sp_role = 1; | |
35034 | + tsk->acl_role_id = ++acl_sp_role_value; | |
35035 | + tsk->role = assigned; | |
35036 | + tsk->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role); | |
35037 | + | |
35038 | + /* ignore additional mmap checks for processes that are writable | |
35039 | + by the default ACL */ | |
35040 | + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label); | |
35041 | + if (unlikely(obj->mode & GR_WRITE)) | |
35042 | + tsk->is_writable = 1; | |
35043 | + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role->root_label); | |
35044 | + if (unlikely(obj->mode & GR_WRITE)) | |
35045 | + tsk->is_writable = 1; | |
35046 | + | |
35047 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
35048 | + printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid); | |
35049 | +#endif | |
35050 | + | |
35051 | +out_unlock: | |
35052 | + read_unlock(&grsec_exec_file_lock); | |
35053 | + read_unlock(&tasklist_lock); | |
35054 | + return; | |
35055 | +} | |
35056 | + | |
35057 | +int gr_check_secure_terminal(struct task_struct *task) | |
35058 | +{ | |
35059 | + struct task_struct *p, *p2, *p3; | |
35060 | + struct files_struct *files; | |
35061 | + struct fdtable *fdt; | |
35062 | + struct file *our_file = NULL, *file; | |
35063 | + int i; | |
35064 | + | |
35065 | + if (task->signal->tty == NULL) | |
35066 | + return 1; | |
35067 | + | |
35068 | + files = get_files_struct(task); | |
35069 | + if (files != NULL) { | |
35070 | + rcu_read_lock(); | |
35071 | + fdt = files_fdtable(files); | |
35072 | + for (i=0; i < fdt->max_fds; i++) { | |
35073 | + file = fcheck_files(files, i); | |
35074 | + if (file && (our_file == NULL) && (file->private_data == task->signal->tty)) { | |
35075 | + get_file(file); | |
35076 | + our_file = file; | |
35077 | + } | |
35078 | + } | |
35079 | + rcu_read_unlock(); | |
35080 | + put_files_struct(files); | |
35081 | + } | |
35082 | + | |
35083 | + if (our_file == NULL) | |
35084 | + return 1; | |
35085 | + | |
35086 | + read_lock(&tasklist_lock); | |
35087 | + do_each_thread(p2, p) { | |
35088 | + files = get_files_struct(p); | |
35089 | + if (files == NULL || | |
35090 | + (p->signal && p->signal->tty == task->signal->tty)) { | |
35091 | + if (files != NULL) | |
35092 | + put_files_struct(files); | |
35093 | + continue; | |
35094 | + } | |
35095 | + rcu_read_lock(); | |
35096 | + fdt = files_fdtable(files); | |
35097 | + for (i=0; i < fdt->max_fds; i++) { | |
35098 | + file = fcheck_files(files, i); | |
35099 | + if (file && S_ISCHR(file->f_path.dentry->d_inode->i_mode) && | |
35100 | + file->f_path.dentry->d_inode->i_rdev == our_file->f_path.dentry->d_inode->i_rdev) { | |
35101 | + p3 = task; | |
35102 | + while (p3->pid > 0) { | |
35103 | + if (p3 == p) | |
35104 | + break; | |
35105 | + p3 = p3->parent; | |
35106 | + } | |
35107 | + if (p3 == p) | |
35108 | + break; | |
35109 | + gr_log_ttysniff(GR_DONT_AUDIT_GOOD, GR_TTYSNIFF_ACL_MSG, p); | |
35110 | + gr_handle_alertkill(p); | |
35111 | + rcu_read_unlock(); | |
35112 | + put_files_struct(files); | |
35113 | + read_unlock(&tasklist_lock); | |
35114 | + fput(our_file); | |
35115 | + return 0; | |
35116 | + } | |
35117 | + } | |
35118 | + rcu_read_unlock(); | |
35119 | + put_files_struct(files); | |
35120 | + } while_each_thread(p2, p); | |
35121 | + read_unlock(&tasklist_lock); | |
35122 | + | |
35123 | + fput(our_file); | |
35124 | + return 1; | |
35125 | +} | |
35126 | + | |
35127 | +ssize_t | |
35128 | +write_grsec_handler(struct file *file, const char * buf, size_t count, loff_t *ppos) | |
35129 | +{ | |
35130 | + struct gr_arg_wrapper uwrap; | |
ae4e228f MT |
35131 | + unsigned char *sprole_salt = NULL; |
35132 | + unsigned char *sprole_sum = NULL; | |
58c5fc13 MT |
35133 | + int error = sizeof (struct gr_arg_wrapper); |
35134 | + int error2 = 0; | |
35135 | + | |
35136 | + down(&gr_dev_sem); | |
35137 | + | |
35138 | + if ((gr_status & GR_READY) && !(current->acl->mode & GR_KERNELAUTH)) { | |
35139 | + error = -EPERM; | |
35140 | + goto out; | |
35141 | + } | |
35142 | + | |
35143 | + if (count != sizeof (struct gr_arg_wrapper)) { | |
35144 | + gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)sizeof(struct gr_arg_wrapper)); | |
35145 | + error = -EINVAL; | |
35146 | + goto out; | |
35147 | + } | |
35148 | + | |
35149 | + | |
35150 | + if (gr_auth_expires && time_after_eq(get_seconds(), gr_auth_expires)) { | |
35151 | + gr_auth_expires = 0; | |
35152 | + gr_auth_attempts = 0; | |
35153 | + } | |
35154 | + | |
35155 | + if (copy_from_user(&uwrap, buf, sizeof (struct gr_arg_wrapper))) { | |
35156 | + error = -EFAULT; | |
35157 | + goto out; | |
35158 | + } | |
35159 | + | |
35160 | + if ((uwrap.version != GRSECURITY_VERSION) || (uwrap.size != sizeof(struct gr_arg))) { | |
35161 | + error = -EINVAL; | |
35162 | + goto out; | |
35163 | + } | |
35164 | + | |
35165 | + if (copy_from_user(gr_usermode, uwrap.arg, sizeof (struct gr_arg))) { | |
35166 | + error = -EFAULT; | |
35167 | + goto out; | |
35168 | + } | |
35169 | + | |
35170 | + if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_SPROLEPAM && | |
35171 | + gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES && | |
35172 | + time_after(gr_auth_expires, get_seconds())) { | |
35173 | + error = -EBUSY; | |
35174 | + goto out; | |
35175 | + } | |
35176 | + | |
35177 | + /* if non-root trying to do anything other than use a special role, | |
35178 | + do not attempt authentication, do not count towards authentication | |
35179 | + locking | |
35180 | + */ | |
35181 | + | |
35182 | + if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS && | |
35183 | + gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM && | |
35184 | + current_uid()) { | |
35185 | + error = -EPERM; | |
35186 | + goto out; | |
35187 | + } | |
35188 | + | |
35189 | + /* ensure pw and special role name are null terminated */ | |
35190 | + | |
35191 | + gr_usermode->pw[GR_PW_LEN - 1] = '\0'; | |
35192 | + gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0'; | |
35193 | + | |
35194 | + /* Okay. | |
35195 | + * We have our enough of the argument structure..(we have yet | |
35196 | + * to copy_from_user the tables themselves) . Copy the tables | |
35197 | + * only if we need them, i.e. for loading operations. */ | |
35198 | + | |
35199 | + switch (gr_usermode->mode) { | |
35200 | + case GR_STATUS: | |
35201 | + if (gr_status & GR_READY) { | |
35202 | + error = 1; | |
35203 | + if (!gr_check_secure_terminal(current)) | |
35204 | + error = 3; | |
35205 | + } else | |
35206 | + error = 2; | |
35207 | + goto out; | |
35208 | + case GR_SHUTDOWN: | |
35209 | + if ((gr_status & GR_READY) | |
35210 | + && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) { | |
ae4e228f | 35211 | + pax_open_kernel(); |
58c5fc13 | 35212 | + gr_status &= ~GR_READY; |
ae4e228f MT |
35213 | + pax_close_kernel(); |
35214 | + | |
58c5fc13 MT |
35215 | + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG); |
35216 | + free_variables(); | |
35217 | + memset(gr_usermode, 0, sizeof (struct gr_arg)); | |
35218 | + memset(gr_system_salt, 0, GR_SALT_LEN); | |
35219 | + memset(gr_system_sum, 0, GR_SHA_LEN); | |
35220 | + } else if (gr_status & GR_READY) { | |
35221 | + gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG); | |
35222 | + error = -EPERM; | |
35223 | + } else { | |
35224 | + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTI_ACL_MSG); | |
35225 | + error = -EAGAIN; | |
35226 | + } | |
35227 | + break; | |
35228 | + case GR_ENABLE: | |
35229 | + if (!(gr_status & GR_READY) && !(error2 = gracl_init(gr_usermode))) | |
35230 | + gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION); | |
35231 | + else { | |
35232 | + if (gr_status & GR_READY) | |
35233 | + error = -EAGAIN; | |
35234 | + else | |
35235 | + error = error2; | |
35236 | + gr_log_str(GR_DONT_AUDIT, GR_ENABLEF_ACL_MSG, GR_VERSION); | |
35237 | + } | |
35238 | + break; | |
35239 | + case GR_RELOAD: | |
35240 | + if (!(gr_status & GR_READY)) { | |
35241 | + gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION); | |
35242 | + error = -EAGAIN; | |
35243 | + } else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) { | |
35244 | + lock_kernel(); | |
58c5fc13 | 35245 | + |
ae4e228f | 35246 | + pax_open_kernel(); |
58c5fc13 | 35247 | + gr_status &= ~GR_READY; |
ae4e228f MT |
35248 | + pax_close_kernel(); |
35249 | + | |
58c5fc13 MT |
35250 | + free_variables(); |
35251 | + if (!(error2 = gracl_init(gr_usermode))) { | |
35252 | + unlock_kernel(); | |
35253 | + gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION); | |
35254 | + } else { | |
35255 | + unlock_kernel(); | |
35256 | + error = error2; | |
35257 | + gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION); | |
35258 | + } | |
35259 | + } else { | |
35260 | + gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION); | |
35261 | + error = -EPERM; | |
35262 | + } | |
35263 | + break; | |
35264 | + case GR_SEGVMOD: | |
35265 | + if (unlikely(!(gr_status & GR_READY))) { | |
35266 | + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODI_ACL_MSG); | |
35267 | + error = -EAGAIN; | |
35268 | + break; | |
35269 | + } | |
35270 | + | |
35271 | + if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) { | |
35272 | + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG); | |
35273 | + if (gr_usermode->segv_device && gr_usermode->segv_inode) { | |
35274 | + struct acl_subject_label *segvacl; | |
35275 | + segvacl = | |
35276 | + lookup_acl_subj_label(gr_usermode->segv_inode, | |
35277 | + gr_usermode->segv_device, | |
35278 | + current->role); | |
35279 | + if (segvacl) { | |
35280 | + segvacl->crashes = 0; | |
35281 | + segvacl->expires = 0; | |
35282 | + } | |
35283 | + } else if (gr_find_uid(gr_usermode->segv_uid) >= 0) { | |
35284 | + gr_remove_uid(gr_usermode->segv_uid); | |
35285 | + } | |
35286 | + } else { | |
35287 | + gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG); | |
35288 | + error = -EPERM; | |
35289 | + } | |
35290 | + break; | |
35291 | + case GR_SPROLE: | |
35292 | + case GR_SPROLEPAM: | |
35293 | + if (unlikely(!(gr_status & GR_READY))) { | |
35294 | + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SPROLEI_ACL_MSG); | |
35295 | + error = -EAGAIN; | |
35296 | + break; | |
35297 | + } | |
35298 | + | |
35299 | + if (current->role->expires && time_after_eq(get_seconds(), current->role->expires)) { | |
35300 | + current->role->expires = 0; | |
35301 | + current->role->auth_attempts = 0; | |
35302 | + } | |
35303 | + | |
35304 | + if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES && | |
35305 | + time_after(current->role->expires, get_seconds())) { | |
35306 | + error = -EBUSY; | |
35307 | + goto out; | |
35308 | + } | |
35309 | + | |
35310 | + if (lookup_special_role_auth | |
35311 | + (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum) | |
35312 | + && ((!sprole_salt && !sprole_sum) | |
35313 | + || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) { | |
35314 | + char *p = ""; | |
35315 | + assign_special_role(gr_usermode->sp_role); | |
35316 | + read_lock(&tasklist_lock); | |
35317 | + if (current->parent) | |
35318 | + p = current->parent->role->rolename; | |
35319 | + read_unlock(&tasklist_lock); | |
35320 | + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG, | |
35321 | + p, acl_sp_role_value); | |
35322 | + } else { | |
35323 | + gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode->sp_role); | |
35324 | + error = -EPERM; | |
35325 | + if(!(current->role->auth_attempts++)) | |
35326 | + current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT; | |
35327 | + | |
35328 | + goto out; | |
35329 | + } | |
35330 | + break; | |
35331 | + case GR_UNSPROLE: | |
35332 | + if (unlikely(!(gr_status & GR_READY))) { | |
35333 | + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_UNSPROLEI_ACL_MSG); | |
35334 | + error = -EAGAIN; | |
35335 | + break; | |
35336 | + } | |
35337 | + | |
35338 | + if (current->role->roletype & GR_ROLE_SPECIAL) { | |
35339 | + char *p = ""; | |
35340 | + int i = 0; | |
35341 | + | |
35342 | + read_lock(&tasklist_lock); | |
35343 | + if (current->parent) { | |
35344 | + p = current->parent->role->rolename; | |
35345 | + i = current->parent->acl_role_id; | |
35346 | + } | |
35347 | + read_unlock(&tasklist_lock); | |
35348 | + | |
35349 | + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_UNSPROLES_ACL_MSG, p, i); | |
35350 | + gr_set_acls(1); | |
35351 | + } else { | |
58c5fc13 MT |
35352 | + error = -EPERM; |
35353 | + goto out; | |
35354 | + } | |
35355 | + break; | |
35356 | + default: | |
35357 | + gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode->mode); | |
35358 | + error = -EINVAL; | |
35359 | + break; | |
35360 | + } | |
35361 | + | |
35362 | + if (error != -EPERM) | |
35363 | + goto out; | |
35364 | + | |
35365 | + if(!(gr_auth_attempts++)) | |
35366 | + gr_auth_expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT; | |
35367 | + | |
35368 | + out: | |
35369 | + up(&gr_dev_sem); | |
35370 | + return error; | |
35371 | +} | |
35372 | + | |
35373 | +int | |
35374 | +gr_set_acls(const int type) | |
35375 | +{ | |
35376 | + struct acl_object_label *obj; | |
35377 | + struct task_struct *task, *task2; | |
35378 | + struct file *filp; | |
35379 | + struct acl_role_label *role = current->role; | |
35380 | + __u16 acl_role_id = current->acl_role_id; | |
35381 | + const struct cred *cred; | |
35382 | + char *tmpname; | |
35383 | + struct name_entry *nmatch; | |
35384 | + struct acl_subject_label *tmpsubj; | |
35385 | + | |
ae4e228f | 35386 | + rcu_read_lock(); |
58c5fc13 MT |
35387 | + read_lock(&tasklist_lock); |
35388 | + read_lock(&grsec_exec_file_lock); | |
35389 | + do_each_thread(task2, task) { | |
35390 | + /* check to see if we're called from the exit handler, | |
35391 | + if so, only replace ACLs that have inherited the admin | |
35392 | + ACL */ | |
35393 | + | |
35394 | + if (type && (task->role != role || | |
35395 | + task->acl_role_id != acl_role_id)) | |
35396 | + continue; | |
35397 | + | |
35398 | + task->acl_role_id = 0; | |
35399 | + task->acl_sp_role = 0; | |
35400 | + | |
35401 | + if ((filp = task->exec_file)) { | |
35402 | + cred = __task_cred(task); | |
35403 | + task->role = lookup_acl_role_label(task, cred->uid, cred->gid); | |
35404 | + | |
35405 | + /* the following is to apply the correct subject | |
35406 | + on binaries running when the RBAC system | |
35407 | + is enabled, when the binaries have been | |
35408 | + replaced or deleted since their execution | |
35409 | + ----- | |
35410 | + when the RBAC system starts, the inode/dev | |
35411 | + from exec_file will be one the RBAC system | |
35412 | + is unaware of. It only knows the inode/dev | |
35413 | + of the present file on disk, or the absence | |
35414 | + of it. | |
35415 | + */ | |
35416 | + preempt_disable(); | |
35417 | + tmpname = gr_to_filename_rbac(filp->f_path.dentry, filp->f_path.mnt); | |
35418 | + | |
35419 | + nmatch = lookup_name_entry(tmpname); | |
35420 | + preempt_enable(); | |
35421 | + tmpsubj = NULL; | |
35422 | + if (nmatch) { | |
35423 | + if (nmatch->deleted) | |
35424 | + tmpsubj = lookup_acl_subj_label_deleted(nmatch->inode, nmatch->device, task->role); | |
35425 | + else | |
35426 | + tmpsubj = lookup_acl_subj_label(nmatch->inode, nmatch->device, task->role); | |
35427 | + if (tmpsubj != NULL) | |
35428 | + task->acl = tmpsubj; | |
35429 | + } | |
35430 | + if (tmpsubj == NULL) | |
35431 | + task->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, | |
35432 | + task->role); | |
35433 | + if (task->acl) { | |
35434 | + struct acl_subject_label *curr; | |
35435 | + curr = task->acl; | |
35436 | + | |
35437 | + task->is_writable = 0; | |
35438 | + /* ignore additional mmap checks for processes that are writable | |
35439 | + by the default ACL */ | |
35440 | + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label); | |
35441 | + if (unlikely(obj->mode & GR_WRITE)) | |
35442 | + task->is_writable = 1; | |
35443 | + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label); | |
35444 | + if (unlikely(obj->mode & GR_WRITE)) | |
35445 | + task->is_writable = 1; | |
35446 | + | |
35447 | + gr_set_proc_res(task); | |
35448 | + | |
35449 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
35450 | + printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename); | |
35451 | +#endif | |
35452 | + } else { | |
35453 | + read_unlock(&grsec_exec_file_lock); | |
35454 | + read_unlock(&tasklist_lock); | |
ae4e228f | 35455 | + rcu_read_unlock(); |
58c5fc13 MT |
35456 | + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task->pid); |
35457 | + return 1; | |
35458 | + } | |
35459 | + } else { | |
35460 | + // it's a kernel process | |
35461 | + task->role = kernel_role; | |
35462 | + task->acl = kernel_role->root_label; | |
35463 | +#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN | |
35464 | + task->acl->mode &= ~GR_PROCFIND; | |
35465 | +#endif | |
35466 | + } | |
35467 | + } while_each_thread(task2, task); | |
35468 | + read_unlock(&grsec_exec_file_lock); | |
35469 | + read_unlock(&tasklist_lock); | |
ae4e228f MT |
35470 | + rcu_read_unlock(); |
35471 | + | |
58c5fc13 MT |
35472 | + return 0; |
35473 | +} | |
35474 | + | |
35475 | +void | |
35476 | +gr_learn_resource(const struct task_struct *task, | |
35477 | + const int res, const unsigned long wanted, const int gt) | |
35478 | +{ | |
35479 | + struct acl_subject_label *acl; | |
35480 | + const struct cred *cred; | |
35481 | + | |
35482 | + if (unlikely((gr_status & GR_READY) && | |
35483 | + task->acl && (task->acl->mode & (GR_LEARN | GR_INHERITLEARN)))) | |
35484 | + goto skip_reslog; | |
35485 | + | |
35486 | +#ifdef CONFIG_GRKERNSEC_RESLOG | |
35487 | + gr_log_resource(task, res, wanted, gt); | |
35488 | +#endif | |
35489 | + skip_reslog: | |
35490 | + | |
35491 | + if (unlikely(!(gr_status & GR_READY) || !wanted || res >= GR_NLIMITS)) | |
35492 | + return; | |
35493 | + | |
35494 | + acl = task->acl; | |
35495 | + | |
35496 | + if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) || | |
35497 | + !(acl->resmask & (1 << (unsigned short) res)))) | |
35498 | + return; | |
35499 | + | |
35500 | + if (wanted >= acl->res[res].rlim_cur) { | |
35501 | + unsigned long res_add; | |
35502 | + | |
35503 | + res_add = wanted; | |
35504 | + switch (res) { | |
35505 | + case RLIMIT_CPU: | |
35506 | + res_add += GR_RLIM_CPU_BUMP; | |
35507 | + break; | |
35508 | + case RLIMIT_FSIZE: | |
35509 | + res_add += GR_RLIM_FSIZE_BUMP; | |
35510 | + break; | |
35511 | + case RLIMIT_DATA: | |
35512 | + res_add += GR_RLIM_DATA_BUMP; | |
35513 | + break; | |
35514 | + case RLIMIT_STACK: | |
35515 | + res_add += GR_RLIM_STACK_BUMP; | |
35516 | + break; | |
35517 | + case RLIMIT_CORE: | |
35518 | + res_add += GR_RLIM_CORE_BUMP; | |
35519 | + break; | |
35520 | + case RLIMIT_RSS: | |
35521 | + res_add += GR_RLIM_RSS_BUMP; | |
35522 | + break; | |
35523 | + case RLIMIT_NPROC: | |
35524 | + res_add += GR_RLIM_NPROC_BUMP; | |
35525 | + break; | |
35526 | + case RLIMIT_NOFILE: | |
35527 | + res_add += GR_RLIM_NOFILE_BUMP; | |
35528 | + break; | |
35529 | + case RLIMIT_MEMLOCK: | |
35530 | + res_add += GR_RLIM_MEMLOCK_BUMP; | |
35531 | + break; | |
35532 | + case RLIMIT_AS: | |
35533 | + res_add += GR_RLIM_AS_BUMP; | |
35534 | + break; | |
35535 | + case RLIMIT_LOCKS: | |
35536 | + res_add += GR_RLIM_LOCKS_BUMP; | |
35537 | + break; | |
35538 | + case RLIMIT_SIGPENDING: | |
35539 | + res_add += GR_RLIM_SIGPENDING_BUMP; | |
35540 | + break; | |
35541 | + case RLIMIT_MSGQUEUE: | |
35542 | + res_add += GR_RLIM_MSGQUEUE_BUMP; | |
35543 | + break; | |
35544 | + case RLIMIT_NICE: | |
35545 | + res_add += GR_RLIM_NICE_BUMP; | |
35546 | + break; | |
35547 | + case RLIMIT_RTPRIO: | |
35548 | + res_add += GR_RLIM_RTPRIO_BUMP; | |
35549 | + break; | |
35550 | + case RLIMIT_RTTIME: | |
35551 | + res_add += GR_RLIM_RTTIME_BUMP; | |
35552 | + break; | |
35553 | + } | |
35554 | + | |
35555 | + acl->res[res].rlim_cur = res_add; | |
35556 | + | |
35557 | + if (wanted > acl->res[res].rlim_max) | |
35558 | + acl->res[res].rlim_max = res_add; | |
35559 | + | |
35560 | + /* only log the subject filename, since resource logging is supported for | |
35561 | + single-subject learning only */ | |
ae4e228f | 35562 | + rcu_read_lock(); |
58c5fc13 MT |
35563 | + cred = __task_cred(task); |
35564 | + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, | |
35565 | + task->role->roletype, cred->uid, cred->gid, acl->filename, | |
35566 | + acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max, | |
ae4e228f MT |
35567 | + "", (unsigned long) res, &task->signal->curr_ip); |
35568 | + rcu_read_unlock(); | |
58c5fc13 MT |
35569 | + } |
35570 | + | |
35571 | + return; | |
35572 | +} | |
35573 | + | |
35574 | +#if defined(CONFIG_PAX_HAVE_ACL_FLAGS) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)) | |
35575 | +void | |
35576 | +pax_set_initial_flags(struct linux_binprm *bprm) | |
35577 | +{ | |
35578 | + struct task_struct *task = current; | |
35579 | + struct acl_subject_label *proc; | |
35580 | + unsigned long flags; | |
35581 | + | |
35582 | + if (unlikely(!(gr_status & GR_READY))) | |
35583 | + return; | |
35584 | + | |
35585 | + flags = pax_get_flags(task); | |
35586 | + | |
35587 | + proc = task->acl; | |
35588 | + | |
35589 | + if (proc->pax_flags & GR_PAX_DISABLE_PAGEEXEC) | |
35590 | + flags &= ~MF_PAX_PAGEEXEC; | |
35591 | + if (proc->pax_flags & GR_PAX_DISABLE_SEGMEXEC) | |
35592 | + flags &= ~MF_PAX_SEGMEXEC; | |
35593 | + if (proc->pax_flags & GR_PAX_DISABLE_RANDMMAP) | |
35594 | + flags &= ~MF_PAX_RANDMMAP; | |
35595 | + if (proc->pax_flags & GR_PAX_DISABLE_EMUTRAMP) | |
35596 | + flags &= ~MF_PAX_EMUTRAMP; | |
35597 | + if (proc->pax_flags & GR_PAX_DISABLE_MPROTECT) | |
35598 | + flags &= ~MF_PAX_MPROTECT; | |
35599 | + | |
35600 | + if (proc->pax_flags & GR_PAX_ENABLE_PAGEEXEC) | |
35601 | + flags |= MF_PAX_PAGEEXEC; | |
35602 | + if (proc->pax_flags & GR_PAX_ENABLE_SEGMEXEC) | |
35603 | + flags |= MF_PAX_SEGMEXEC; | |
35604 | + if (proc->pax_flags & GR_PAX_ENABLE_RANDMMAP) | |
35605 | + flags |= MF_PAX_RANDMMAP; | |
35606 | + if (proc->pax_flags & GR_PAX_ENABLE_EMUTRAMP) | |
35607 | + flags |= MF_PAX_EMUTRAMP; | |
35608 | + if (proc->pax_flags & GR_PAX_ENABLE_MPROTECT) | |
35609 | + flags |= MF_PAX_MPROTECT; | |
35610 | + | |
35611 | + pax_set_flags(task, flags); | |
35612 | + | |
35613 | + return; | |
35614 | +} | |
35615 | +#endif | |
35616 | + | |
35617 | +#ifdef CONFIG_SYSCTL | |
35618 | +/* Eric Biederman likes breaking userland ABI and every inode-based security | |
35619 | + system to save 35kb of memory */ | |
35620 | + | |
35621 | +/* we modify the passed in filename, but adjust it back before returning */ | |
35622 | +static struct acl_object_label *gr_lookup_by_name(char *name, unsigned int len) | |
35623 | +{ | |
35624 | + struct name_entry *nmatch; | |
35625 | + char *p, *lastp = NULL; | |
35626 | + struct acl_object_label *obj = NULL, *tmp; | |
35627 | + struct acl_subject_label *tmpsubj; | |
35628 | + char c = '\0'; | |
35629 | + | |
35630 | + read_lock(&gr_inode_lock); | |
35631 | + | |
35632 | + p = name + len - 1; | |
35633 | + do { | |
35634 | + nmatch = lookup_name_entry(name); | |
35635 | + if (lastp != NULL) | |
35636 | + *lastp = c; | |
35637 | + | |
35638 | + if (nmatch == NULL) | |
35639 | + goto next_component; | |
35640 | + tmpsubj = current->acl; | |
35641 | + do { | |
35642 | + obj = lookup_acl_obj_label(nmatch->inode, nmatch->device, tmpsubj); | |
35643 | + if (obj != NULL) { | |
35644 | + tmp = obj->globbed; | |
35645 | + while (tmp) { | |
35646 | + if (!glob_match(tmp->filename, name)) { | |
35647 | + obj = tmp; | |
35648 | + goto found_obj; | |
35649 | + } | |
35650 | + tmp = tmp->next; | |
35651 | + } | |
35652 | + goto found_obj; | |
35653 | + } | |
35654 | + } while ((tmpsubj = tmpsubj->parent_subject)); | |
35655 | +next_component: | |
35656 | + /* end case */ | |
35657 | + if (p == name) | |
35658 | + break; | |
35659 | + | |
35660 | + while (*p != '/') | |
35661 | + p--; | |
35662 | + if (p == name) | |
35663 | + lastp = p + 1; | |
35664 | + else { | |
35665 | + lastp = p; | |
35666 | + p--; | |
35667 | + } | |
35668 | + c = *lastp; | |
35669 | + *lastp = '\0'; | |
35670 | + } while (1); | |
35671 | +found_obj: | |
35672 | + read_unlock(&gr_inode_lock); | |
35673 | + /* obj returned will always be non-null */ | |
35674 | + return obj; | |
35675 | +} | |
35676 | + | |
35677 | +/* returns 0 when allowing, non-zero on error | |
35678 | + op of 0 is used for readdir, so we don't log the names of hidden files | |
35679 | +*/ | |
35680 | +__u32 | |
35681 | +gr_handle_sysctl(const struct ctl_table *table, const int op) | |
35682 | +{ | |
35683 | + ctl_table *tmp; | |
35684 | + const char *proc_sys = "/proc/sys"; | |
35685 | + char *path; | |
35686 | + struct acl_object_label *obj; | |
35687 | + unsigned short len = 0, pos = 0, depth = 0, i; | |
35688 | + __u32 err = 0; | |
35689 | + __u32 mode = 0; | |
35690 | + | |
35691 | + if (unlikely(!(gr_status & GR_READY))) | |
35692 | + return 0; | |
35693 | + | |
35694 | + /* for now, ignore operations on non-sysctl entries if it's not a | |
35695 | + readdir*/ | |
35696 | + if (table->child != NULL && op != 0) | |
35697 | + return 0; | |
35698 | + | |
35699 | + mode |= GR_FIND; | |
35700 | + /* it's only a read if it's an entry, read on dirs is for readdir */ | |
35701 | + if (op & MAY_READ) | |
35702 | + mode |= GR_READ; | |
35703 | + if (op & MAY_WRITE) | |
35704 | + mode |= GR_WRITE; | |
35705 | + | |
35706 | + preempt_disable(); | |
35707 | + | |
35708 | + path = per_cpu_ptr(gr_shared_page[0], smp_processor_id()); | |
35709 | + | |
35710 | + /* it's only a read/write if it's an actual entry, not a dir | |
35711 | + (which are opened for readdir) | |
35712 | + */ | |
35713 | + | |
35714 | + /* convert the requested sysctl entry into a pathname */ | |
35715 | + | |
35716 | + for (tmp = (ctl_table *)table; tmp != NULL; tmp = tmp->parent) { | |
35717 | + len += strlen(tmp->procname); | |
35718 | + len++; | |
35719 | + depth++; | |
35720 | + } | |
35721 | + | |
35722 | + if ((len + depth + strlen(proc_sys) + 1) > PAGE_SIZE) { | |
35723 | + /* deny */ | |
35724 | + goto out; | |
35725 | + } | |
35726 | + | |
35727 | + memset(path, 0, PAGE_SIZE); | |
35728 | + | |
35729 | + memcpy(path, proc_sys, strlen(proc_sys)); | |
35730 | + | |
35731 | + pos += strlen(proc_sys); | |
35732 | + | |
35733 | + for (; depth > 0; depth--) { | |
35734 | + path[pos] = '/'; | |
35735 | + pos++; | |
35736 | + for (i = 1, tmp = (ctl_table *)table; tmp != NULL; tmp = tmp->parent) { | |
35737 | + if (depth == i) { | |
35738 | + memcpy(path + pos, tmp->procname, | |
35739 | + strlen(tmp->procname)); | |
35740 | + pos += strlen(tmp->procname); | |
35741 | + } | |
35742 | + i++; | |
35743 | + } | |
35744 | + } | |
35745 | + | |
35746 | + obj = gr_lookup_by_name(path, pos); | |
35747 | + err = obj->mode & (mode | to_gr_audit(mode) | GR_SUPPRESS); | |
35748 | + | |
35749 | + if (unlikely((current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) && | |
35750 | + ((err & mode) != mode))) { | |
35751 | + __u32 new_mode = mode; | |
35752 | + | |
35753 | + new_mode &= ~(GR_AUDITS | GR_SUPPRESS); | |
35754 | + | |
35755 | + err = 0; | |
35756 | + gr_log_learn_sysctl(path, new_mode); | |
35757 | + } else if (!(err & GR_FIND) && !(err & GR_SUPPRESS) && op != 0) { | |
35758 | + gr_log_hidden_sysctl(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, path); | |
35759 | + err = -ENOENT; | |
35760 | + } else if (!(err & GR_FIND)) { | |
35761 | + err = -ENOENT; | |
35762 | + } else if (((err & mode) & ~GR_FIND) != (mode & ~GR_FIND) && !(err & GR_SUPPRESS)) { | |
35763 | + gr_log_str4(GR_DONT_AUDIT, GR_SYSCTL_ACL_MSG, "denied", | |
35764 | + path, (mode & GR_READ) ? " reading" : "", | |
35765 | + (mode & GR_WRITE) ? " writing" : ""); | |
35766 | + err = -EACCES; | |
35767 | + } else if ((err & mode) != mode) { | |
35768 | + err = -EACCES; | |
35769 | + } else if ((((err & mode) & ~GR_FIND) == (mode & ~GR_FIND)) && (err & GR_AUDITS)) { | |
35770 | + gr_log_str4(GR_DO_AUDIT, GR_SYSCTL_ACL_MSG, "successful", | |
35771 | + path, (mode & GR_READ) ? " reading" : "", | |
35772 | + (mode & GR_WRITE) ? " writing" : ""); | |
35773 | + err = 0; | |
35774 | + } else | |
35775 | + err = 0; | |
35776 | + | |
35777 | + out: | |
35778 | + preempt_enable(); | |
35779 | + | |
35780 | + return err; | |
35781 | +} | |
35782 | +#endif | |
35783 | + | |
35784 | +int | |
35785 | +gr_handle_proc_ptrace(struct task_struct *task) | |
35786 | +{ | |
35787 | + struct file *filp; | |
35788 | + struct task_struct *tmp = task; | |
35789 | + struct task_struct *curtemp = current; | |
35790 | + __u32 retmode; | |
35791 | + | |
35792 | +#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE | |
35793 | + if (unlikely(!(gr_status & GR_READY))) | |
35794 | + return 0; | |
35795 | +#endif | |
35796 | + | |
35797 | + read_lock(&tasklist_lock); | |
35798 | + read_lock(&grsec_exec_file_lock); | |
35799 | + filp = task->exec_file; | |
35800 | + | |
35801 | + while (tmp->pid > 0) { | |
35802 | + if (tmp == curtemp) | |
35803 | + break; | |
35804 | + tmp = tmp->parent; | |
35805 | + } | |
35806 | + | |
35807 | + if (!filp || (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) || | |
35808 | + ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE))))) { | |
35809 | + read_unlock(&grsec_exec_file_lock); | |
35810 | + read_unlock(&tasklist_lock); | |
35811 | + return 1; | |
35812 | + } | |
35813 | + | |
35814 | +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE | |
35815 | + if (!(gr_status & GR_READY)) { | |
35816 | + read_unlock(&grsec_exec_file_lock); | |
35817 | + read_unlock(&tasklist_lock); | |
35818 | + return 0; | |
35819 | + } | |
35820 | +#endif | |
35821 | + | |
35822 | + retmode = gr_search_file(filp->f_path.dentry, GR_NOPTRACE, filp->f_path.mnt); | |
35823 | + read_unlock(&grsec_exec_file_lock); | |
35824 | + read_unlock(&tasklist_lock); | |
35825 | + | |
35826 | + if (retmode & GR_NOPTRACE) | |
35827 | + return 1; | |
35828 | + | |
35829 | + if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD) | |
35830 | + && (current->acl != task->acl || (current->acl != current->role->root_label | |
35831 | + && current->pid != task->pid))) | |
35832 | + return 1; | |
35833 | + | |
35834 | + return 0; | |
35835 | +} | |
35836 | + | |
35837 | +int | |
35838 | +gr_handle_ptrace(struct task_struct *task, const long request) | |
35839 | +{ | |
35840 | + struct task_struct *tmp = task; | |
35841 | + struct task_struct *curtemp = current; | |
35842 | + __u32 retmode; | |
35843 | + | |
35844 | +#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE | |
35845 | + if (unlikely(!(gr_status & GR_READY))) | |
35846 | + return 0; | |
35847 | +#endif | |
35848 | + | |
35849 | + read_lock(&tasklist_lock); | |
35850 | + while (tmp->pid > 0) { | |
35851 | + if (tmp == curtemp) | |
35852 | + break; | |
35853 | + tmp = tmp->parent; | |
35854 | + } | |
35855 | + | |
35856 | + if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) || | |
35857 | + ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) { | |
35858 | + read_unlock(&tasklist_lock); | |
35859 | + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task); | |
35860 | + return 1; | |
35861 | + } | |
35862 | + read_unlock(&tasklist_lock); | |
35863 | + | |
35864 | +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE | |
35865 | + if (!(gr_status & GR_READY)) | |
35866 | + return 0; | |
35867 | +#endif | |
35868 | + | |
35869 | + read_lock(&grsec_exec_file_lock); | |
35870 | + if (unlikely(!task->exec_file)) { | |
35871 | + read_unlock(&grsec_exec_file_lock); | |
35872 | + return 0; | |
35873 | + } | |
35874 | + | |
35875 | + retmode = gr_search_file(task->exec_file->f_path.dentry, GR_PTRACERD | GR_NOPTRACE, task->exec_file->f_path.mnt); | |
35876 | + read_unlock(&grsec_exec_file_lock); | |
35877 | + | |
35878 | + if (retmode & GR_NOPTRACE) { | |
35879 | + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task); | |
35880 | + return 1; | |
35881 | + } | |
35882 | + | |
35883 | + if (retmode & GR_PTRACERD) { | |
35884 | + switch (request) { | |
35885 | + case PTRACE_POKETEXT: | |
35886 | + case PTRACE_POKEDATA: | |
35887 | + case PTRACE_POKEUSR: | |
35888 | +#if !defined(CONFIG_PPC32) && !defined(CONFIG_PPC64) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA) && !defined(CONFIG_IA64) | |
35889 | + case PTRACE_SETREGS: | |
35890 | + case PTRACE_SETFPREGS: | |
35891 | +#endif | |
35892 | +#ifdef CONFIG_X86 | |
35893 | + case PTRACE_SETFPXREGS: | |
35894 | +#endif | |
35895 | +#ifdef CONFIG_ALTIVEC | |
35896 | + case PTRACE_SETVRREGS: | |
35897 | +#endif | |
35898 | + return 1; | |
35899 | + default: | |
35900 | + return 0; | |
35901 | + } | |
35902 | + } else if (!(current->acl->mode & GR_POVERRIDE) && | |
35903 | + !(current->role->roletype & GR_ROLE_GOD) && | |
35904 | + (current->acl != task->acl)) { | |
35905 | + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task); | |
35906 | + return 1; | |
35907 | + } | |
35908 | + | |
35909 | + return 0; | |
35910 | +} | |
35911 | + | |
35912 | +static int is_writable_mmap(const struct file *filp) | |
35913 | +{ | |
35914 | + struct task_struct *task = current; | |
35915 | + struct acl_object_label *obj, *obj2; | |
35916 | + | |
35917 | + if (gr_status & GR_READY && !(task->acl->mode & GR_OVERRIDE) && | |
35918 | + !task->is_writable && S_ISREG(filp->f_path.dentry->d_inode->i_mode)) { | |
35919 | + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label); | |
35920 | + obj2 = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, | |
35921 | + task->role->root_label); | |
35922 | + if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) { | |
35923 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_WRITLIB_ACL_MSG, filp->f_path.dentry, filp->f_path.mnt); | |
35924 | + return 1; | |
35925 | + } | |
35926 | + } | |
35927 | + return 0; | |
35928 | +} | |
35929 | + | |
35930 | +int | |
35931 | +gr_acl_handle_mmap(const struct file *file, const unsigned long prot) | |
35932 | +{ | |
35933 | + __u32 mode; | |
35934 | + | |
35935 | + if (unlikely(!file || !(prot & PROT_EXEC))) | |
35936 | + return 1; | |
35937 | + | |
35938 | + if (is_writable_mmap(file)) | |
35939 | + return 0; | |
35940 | + | |
35941 | + mode = | |
35942 | + gr_search_file(file->f_path.dentry, | |
35943 | + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS, | |
35944 | + file->f_path.mnt); | |
35945 | + | |
35946 | + if (!gr_tpe_allow(file)) | |
35947 | + return 0; | |
35948 | + | |
35949 | + if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) { | |
35950 | + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt); | |
35951 | + return 0; | |
35952 | + } else if (unlikely(!(mode & GR_EXEC))) { | |
35953 | + return 0; | |
35954 | + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) { | |
35955 | + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt); | |
35956 | + return 1; | |
35957 | + } | |
35958 | + | |
35959 | + return 1; | |
35960 | +} | |
35961 | + | |
35962 | +int | |
35963 | +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot) | |
35964 | +{ | |
35965 | + __u32 mode; | |
35966 | + | |
35967 | + if (unlikely(!file || !(prot & PROT_EXEC))) | |
35968 | + return 1; | |
35969 | + | |
35970 | + if (is_writable_mmap(file)) | |
35971 | + return 0; | |
35972 | + | |
35973 | + mode = | |
35974 | + gr_search_file(file->f_path.dentry, | |
35975 | + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS, | |
35976 | + file->f_path.mnt); | |
35977 | + | |
35978 | + if (!gr_tpe_allow(file)) | |
35979 | + return 0; | |
35980 | + | |
35981 | + if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) { | |
35982 | + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt); | |
35983 | + return 0; | |
35984 | + } else if (unlikely(!(mode & GR_EXEC))) { | |
35985 | + return 0; | |
35986 | + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) { | |
35987 | + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt); | |
35988 | + return 1; | |
35989 | + } | |
35990 | + | |
35991 | + return 1; | |
35992 | +} | |
35993 | + | |
35994 | +void | |
35995 | +gr_acl_handle_psacct(struct task_struct *task, const long code) | |
35996 | +{ | |
35997 | + unsigned long runtime; | |
35998 | + unsigned long cputime; | |
35999 | + unsigned int wday, cday; | |
36000 | + __u8 whr, chr; | |
36001 | + __u8 wmin, cmin; | |
36002 | + __u8 wsec, csec; | |
36003 | + struct timespec timeval; | |
36004 | + | |
36005 | + if (unlikely(!(gr_status & GR_READY) || !task->acl || | |
36006 | + !(task->acl->mode & GR_PROCACCT))) | |
36007 | + return; | |
36008 | + | |
36009 | + do_posix_clock_monotonic_gettime(&timeval); | |
36010 | + runtime = timeval.tv_sec - task->start_time.tv_sec; | |
36011 | + wday = runtime / (3600 * 24); | |
36012 | + runtime -= wday * (3600 * 24); | |
36013 | + whr = runtime / 3600; | |
36014 | + runtime -= whr * 3600; | |
36015 | + wmin = runtime / 60; | |
36016 | + runtime -= wmin * 60; | |
36017 | + wsec = runtime; | |
36018 | + | |
36019 | + cputime = (task->utime + task->stime) / HZ; | |
36020 | + cday = cputime / (3600 * 24); | |
36021 | + cputime -= cday * (3600 * 24); | |
36022 | + chr = cputime / 3600; | |
36023 | + cputime -= chr * 3600; | |
36024 | + cmin = cputime / 60; | |
36025 | + cputime -= cmin * 60; | |
36026 | + csec = cputime; | |
36027 | + | |
36028 | + gr_log_procacct(GR_DO_AUDIT, GR_ACL_PROCACCT_MSG, task, wday, whr, wmin, wsec, cday, chr, cmin, csec, code); | |
36029 | + | |
36030 | + return; | |
36031 | +} | |
36032 | + | |
36033 | +void gr_set_kernel_label(struct task_struct *task) | |
36034 | +{ | |
36035 | + if (gr_status & GR_READY) { | |
36036 | + task->role = kernel_role; | |
36037 | + task->acl = kernel_role->root_label; | |
36038 | + } | |
36039 | + return; | |
36040 | +} | |
36041 | + | |
36042 | +#ifdef CONFIG_TASKSTATS | |
36043 | +int gr_is_taskstats_denied(int pid) | |
36044 | +{ | |
36045 | + struct task_struct *task; | |
36046 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
36047 | + const struct cred *cred; | |
36048 | +#endif | |
36049 | + int ret = 0; | |
36050 | + | |
36051 | + /* restrict taskstats viewing to un-chrooted root users | |
36052 | + who have the 'view' subject flag if the RBAC system is enabled | |
36053 | + */ | |
36054 | + | |
36055 | + read_lock(&tasklist_lock); | |
36056 | + task = find_task_by_vpid(pid); | |
36057 | + if (task) { | |
ae4e228f | 36058 | + gr_fs_read_lock(task); |
58c5fc13 MT |
36059 | +#ifdef CONFIG_GRKERNSEC_CHROOT |
36060 | + if (proc_is_chrooted(task)) | |
36061 | + ret = -EACCES; | |
36062 | +#endif | |
36063 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
36064 | + cred = __task_cred(task); | |
36065 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
36066 | + if (cred->uid != 0) | |
36067 | + ret = -EACCES; | |
36068 | +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
36069 | + if (cred->uid != 0 && !groups_search(cred->group_info, CONFIG_GRKERNSEC_PROC_GID)) | |
36070 | + ret = -EACCES; | |
36071 | +#endif | |
36072 | +#endif | |
36073 | + if (gr_status & GR_READY) { | |
36074 | + if (!(task->acl->mode & GR_VIEW)) | |
36075 | + ret = -EACCES; | |
36076 | + } | |
36077 | + | |
ae4e228f | 36078 | + gr_fs_read_unlock(task); |
58c5fc13 MT |
36079 | + } else |
36080 | + ret = -ENOENT; | |
36081 | + | |
36082 | + read_unlock(&tasklist_lock); | |
36083 | + | |
36084 | + return ret; | |
36085 | +} | |
36086 | +#endif | |
36087 | + | |
36088 | +int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino) | |
36089 | +{ | |
36090 | + struct task_struct *task = current; | |
36091 | + struct dentry *dentry = file->f_path.dentry; | |
36092 | + struct vfsmount *mnt = file->f_path.mnt; | |
36093 | + struct acl_object_label *obj, *tmp; | |
36094 | + struct acl_subject_label *subj; | |
36095 | + unsigned int bufsize; | |
36096 | + int is_not_root; | |
36097 | + char *path; | |
36098 | + | |
36099 | + if (unlikely(!(gr_status & GR_READY))) | |
36100 | + return 1; | |
36101 | + | |
36102 | + if (task->acl->mode & (GR_LEARN | GR_INHERITLEARN)) | |
36103 | + return 1; | |
36104 | + | |
36105 | + /* ignore Eric Biederman */ | |
36106 | + if (IS_PRIVATE(dentry->d_inode)) | |
36107 | + return 1; | |
36108 | + | |
36109 | + subj = task->acl; | |
36110 | + do { | |
36111 | + obj = lookup_acl_obj_label(ino, dentry->d_inode->i_sb->s_dev, subj); | |
36112 | + if (obj != NULL) | |
36113 | + return (obj->mode & GR_FIND) ? 1 : 0; | |
36114 | + } while ((subj = subj->parent_subject)); | |
36115 | + | |
36116 | + /* this is purely an optimization since we're looking for an object | |
36117 | + for the directory we're doing a readdir on | |
36118 | + if it's possible for any globbed object to match the entry we're | |
36119 | + filling into the directory, then the object we find here will be | |
36120 | + an anchor point with attached globbed objects | |
36121 | + */ | |
36122 | + obj = chk_obj_label_noglob(dentry, mnt, task->acl); | |
36123 | + if (obj->globbed == NULL) | |
36124 | + return (obj->mode & GR_FIND) ? 1 : 0; | |
36125 | + | |
36126 | + is_not_root = ((obj->filename[0] == '/') && | |
36127 | + (obj->filename[1] == '\0')) ? 0 : 1; | |
36128 | + bufsize = PAGE_SIZE - namelen - is_not_root; | |
36129 | + | |
36130 | + /* check bufsize > PAGE_SIZE || bufsize == 0 */ | |
36131 | + if (unlikely((bufsize - 1) > (PAGE_SIZE - 1))) | |
36132 | + return 1; | |
36133 | + | |
36134 | + preempt_disable(); | |
36135 | + path = d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()), | |
36136 | + bufsize); | |
36137 | + | |
36138 | + bufsize = strlen(path); | |
36139 | + | |
36140 | + /* if base is "/", don't append an additional slash */ | |
36141 | + if (is_not_root) | |
36142 | + *(path + bufsize) = '/'; | |
36143 | + memcpy(path + bufsize + is_not_root, name, namelen); | |
36144 | + *(path + bufsize + namelen + is_not_root) = '\0'; | |
36145 | + | |
36146 | + tmp = obj->globbed; | |
36147 | + while (tmp) { | |
36148 | + if (!glob_match(tmp->filename, path)) { | |
36149 | + preempt_enable(); | |
36150 | + return (tmp->mode & GR_FIND) ? 1 : 0; | |
36151 | + } | |
36152 | + tmp = tmp->next; | |
36153 | + } | |
36154 | + preempt_enable(); | |
36155 | + return (obj->mode & GR_FIND) ? 1 : 0; | |
36156 | +} | |
36157 | + | |
36158 | +EXPORT_SYMBOL(gr_learn_resource); | |
36159 | +EXPORT_SYMBOL(gr_set_kernel_label); | |
36160 | +#ifdef CONFIG_SECURITY | |
36161 | +EXPORT_SYMBOL(gr_check_user_change); | |
36162 | +EXPORT_SYMBOL(gr_check_group_change); | |
36163 | +#endif | |
36164 | + | |
ae4e228f MT |
36165 | diff -urNp linux-2.6.33.1/grsecurity/gracl_cap.c linux-2.6.33.1/grsecurity/gracl_cap.c |
36166 | --- linux-2.6.33.1/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500 | |
36167 | +++ linux-2.6.33.1/grsecurity/gracl_cap.c 2010-03-20 16:58:41.888938450 -0400 | |
58c5fc13 MT |
36168 | @@ -0,0 +1,131 @@ |
36169 | +#include <linux/kernel.h> | |
36170 | +#include <linux/module.h> | |
36171 | +#include <linux/sched.h> | |
36172 | +#include <linux/gracl.h> | |
36173 | +#include <linux/grsecurity.h> | |
36174 | +#include <linux/grinternal.h> | |
36175 | + | |
36176 | +static const char *captab_log[] = { | |
36177 | + "CAP_CHOWN", | |
36178 | + "CAP_DAC_OVERRIDE", | |
36179 | + "CAP_DAC_READ_SEARCH", | |
36180 | + "CAP_FOWNER", | |
36181 | + "CAP_FSETID", | |
36182 | + "CAP_KILL", | |
36183 | + "CAP_SETGID", | |
36184 | + "CAP_SETUID", | |
36185 | + "CAP_SETPCAP", | |
36186 | + "CAP_LINUX_IMMUTABLE", | |
36187 | + "CAP_NET_BIND_SERVICE", | |
36188 | + "CAP_NET_BROADCAST", | |
36189 | + "CAP_NET_ADMIN", | |
36190 | + "CAP_NET_RAW", | |
36191 | + "CAP_IPC_LOCK", | |
36192 | + "CAP_IPC_OWNER", | |
36193 | + "CAP_SYS_MODULE", | |
36194 | + "CAP_SYS_RAWIO", | |
36195 | + "CAP_SYS_CHROOT", | |
36196 | + "CAP_SYS_PTRACE", | |
36197 | + "CAP_SYS_PACCT", | |
36198 | + "CAP_SYS_ADMIN", | |
36199 | + "CAP_SYS_BOOT", | |
36200 | + "CAP_SYS_NICE", | |
36201 | + "CAP_SYS_RESOURCE", | |
36202 | + "CAP_SYS_TIME", | |
36203 | + "CAP_SYS_TTY_CONFIG", | |
36204 | + "CAP_MKNOD", | |
36205 | + "CAP_LEASE", | |
36206 | + "CAP_AUDIT_WRITE", | |
36207 | + "CAP_AUDIT_CONTROL", | |
36208 | + "CAP_SETFCAP", | |
36209 | + "CAP_MAC_OVERRIDE", | |
36210 | + "CAP_MAC_ADMIN" | |
36211 | +}; | |
36212 | + | |
36213 | +EXPORT_SYMBOL(gr_is_capable); | |
36214 | +EXPORT_SYMBOL(gr_is_capable_nolog); | |
36215 | + | |
36216 | +int | |
36217 | +gr_is_capable(const int cap) | |
36218 | +{ | |
36219 | + struct task_struct *task = current; | |
36220 | + const struct cred *cred = current_cred(); | |
36221 | + struct acl_subject_label *curracl; | |
36222 | + kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set; | |
36223 | + | |
36224 | + if (!gr_acl_is_enabled()) | |
36225 | + return 1; | |
36226 | + | |
36227 | + curracl = task->acl; | |
36228 | + | |
36229 | + cap_drop = curracl->cap_lower; | |
36230 | + cap_mask = curracl->cap_mask; | |
36231 | + | |
36232 | + while ((curracl = curracl->parent_subject)) { | |
36233 | + /* if the cap isn't specified in the current computed mask but is specified in the | |
36234 | + current level subject, and is lowered in the current level subject, then add | |
36235 | + it to the set of dropped capabilities | |
36236 | + otherwise, add the current level subject's mask to the current computed mask | |
36237 | + */ | |
36238 | + if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) { | |
36239 | + cap_raise(cap_mask, cap); | |
36240 | + if (cap_raised(curracl->cap_lower, cap)) | |
36241 | + cap_raise(cap_drop, cap); | |
36242 | + } | |
36243 | + } | |
36244 | + | |
36245 | + if (!cap_raised(cap_drop, cap)) | |
36246 | + return 1; | |
36247 | + | |
36248 | + curracl = task->acl; | |
36249 | + | |
36250 | + if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) | |
36251 | + && cap_raised(cred->cap_effective, cap)) { | |
36252 | + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, | |
36253 | + task->role->roletype, cred->uid, | |
36254 | + cred->gid, task->exec_file ? | |
36255 | + gr_to_filename(task->exec_file->f_path.dentry, | |
36256 | + task->exec_file->f_path.mnt) : curracl->filename, | |
36257 | + curracl->filename, 0UL, | |
ae4e228f | 36258 | + 0UL, "", (unsigned long) cap, &task->signal->curr_ip); |
58c5fc13 MT |
36259 | + return 1; |
36260 | + } | |
36261 | + | |
36262 | + if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap)) | |
36263 | + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]); | |
36264 | + return 0; | |
36265 | +} | |
36266 | + | |
36267 | +int | |
36268 | +gr_is_capable_nolog(const int cap) | |
36269 | +{ | |
36270 | + struct acl_subject_label *curracl; | |
36271 | + kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set; | |
36272 | + | |
36273 | + if (!gr_acl_is_enabled()) | |
36274 | + return 1; | |
36275 | + | |
36276 | + curracl = current->acl; | |
36277 | + | |
36278 | + cap_drop = curracl->cap_lower; | |
36279 | + cap_mask = curracl->cap_mask; | |
36280 | + | |
36281 | + while ((curracl = curracl->parent_subject)) { | |
36282 | + /* if the cap isn't specified in the current computed mask but is specified in the | |
36283 | + current level subject, and is lowered in the current level subject, then add | |
36284 | + it to the set of dropped capabilities | |
36285 | + otherwise, add the current level subject's mask to the current computed mask | |
36286 | + */ | |
36287 | + if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) { | |
36288 | + cap_raise(cap_mask, cap); | |
36289 | + if (cap_raised(curracl->cap_lower, cap)) | |
36290 | + cap_raise(cap_drop, cap); | |
36291 | + } | |
36292 | + } | |
36293 | + | |
36294 | + if (!cap_raised(cap_drop, cap)) | |
36295 | + return 1; | |
36296 | + | |
36297 | + return 0; | |
36298 | +} | |
36299 | + | |
ae4e228f MT |
36300 | diff -urNp linux-2.6.33.1/grsecurity/gracl_fs.c linux-2.6.33.1/grsecurity/gracl_fs.c |
36301 | --- linux-2.6.33.1/grsecurity/gracl_fs.c 1969-12-31 19:00:00.000000000 -0500 | |
36302 | +++ linux-2.6.33.1/grsecurity/gracl_fs.c 2010-03-20 16:58:41.888938450 -0400 | |
58c5fc13 MT |
36303 | @@ -0,0 +1,424 @@ |
36304 | +#include <linux/kernel.h> | |
36305 | +#include <linux/sched.h> | |
36306 | +#include <linux/types.h> | |
36307 | +#include <linux/fs.h> | |
36308 | +#include <linux/file.h> | |
36309 | +#include <linux/stat.h> | |
36310 | +#include <linux/grsecurity.h> | |
36311 | +#include <linux/grinternal.h> | |
36312 | +#include <linux/gracl.h> | |
36313 | + | |
36314 | +__u32 | |
36315 | +gr_acl_handle_hidden_file(const struct dentry * dentry, | |
36316 | + const struct vfsmount * mnt) | |
36317 | +{ | |
36318 | + __u32 mode; | |
36319 | + | |
36320 | + if (unlikely(!dentry->d_inode)) | |
36321 | + return GR_FIND; | |
36322 | + | |
36323 | + mode = | |
36324 | + gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt); | |
36325 | + | |
36326 | + if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) { | |
36327 | + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt); | |
36328 | + return mode; | |
36329 | + } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) { | |
36330 | + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt); | |
36331 | + return 0; | |
36332 | + } else if (unlikely(!(mode & GR_FIND))) | |
36333 | + return 0; | |
36334 | + | |
36335 | + return GR_FIND; | |
36336 | +} | |
36337 | + | |
36338 | +__u32 | |
36339 | +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt, | |
36340 | + const int fmode) | |
36341 | +{ | |
36342 | + __u32 reqmode = GR_FIND; | |
36343 | + __u32 mode; | |
36344 | + | |
36345 | + if (unlikely(!dentry->d_inode)) | |
36346 | + return reqmode; | |
36347 | + | |
36348 | + if (unlikely(fmode & O_APPEND)) | |
36349 | + reqmode |= GR_APPEND; | |
36350 | + else if (unlikely(fmode & FMODE_WRITE)) | |
36351 | + reqmode |= GR_WRITE; | |
36352 | + if (likely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY))) | |
36353 | + reqmode |= GR_READ; | |
36354 | + if ((fmode & FMODE_GREXEC) && (fmode & FMODE_EXEC)) | |
36355 | + reqmode &= ~GR_READ; | |
36356 | + mode = | |
36357 | + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, | |
36358 | + mnt); | |
36359 | + | |
36360 | + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) { | |
36361 | + gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt, | |
36362 | + reqmode & GR_READ ? " reading" : "", | |
36363 | + reqmode & GR_WRITE ? " writing" : reqmode & | |
36364 | + GR_APPEND ? " appending" : ""); | |
36365 | + return reqmode; | |
36366 | + } else | |
36367 | + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS))) | |
36368 | + { | |
36369 | + gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt, | |
36370 | + reqmode & GR_READ ? " reading" : "", | |
36371 | + reqmode & GR_WRITE ? " writing" : reqmode & | |
36372 | + GR_APPEND ? " appending" : ""); | |
36373 | + return 0; | |
36374 | + } else if (unlikely((mode & reqmode) != reqmode)) | |
36375 | + return 0; | |
36376 | + | |
36377 | + return reqmode; | |
36378 | +} | |
36379 | + | |
36380 | +__u32 | |
36381 | +gr_acl_handle_creat(const struct dentry * dentry, | |
36382 | + const struct dentry * p_dentry, | |
36383 | + const struct vfsmount * p_mnt, const int fmode, | |
36384 | + const int imode) | |
36385 | +{ | |
36386 | + __u32 reqmode = GR_WRITE | GR_CREATE; | |
36387 | + __u32 mode; | |
36388 | + | |
36389 | + if (unlikely(fmode & O_APPEND)) | |
36390 | + reqmode |= GR_APPEND; | |
36391 | + if (unlikely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY))) | |
36392 | + reqmode |= GR_READ; | |
36393 | + if (unlikely((fmode & O_CREAT) && (imode & (S_ISUID | S_ISGID)))) | |
36394 | + reqmode |= GR_SETID; | |
36395 | + | |
36396 | + mode = | |
36397 | + gr_check_create(dentry, p_dentry, p_mnt, | |
36398 | + reqmode | to_gr_audit(reqmode) | GR_SUPPRESS); | |
36399 | + | |
36400 | + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) { | |
36401 | + gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt, | |
36402 | + reqmode & GR_READ ? " reading" : "", | |
36403 | + reqmode & GR_WRITE ? " writing" : reqmode & | |
36404 | + GR_APPEND ? " appending" : ""); | |
36405 | + return reqmode; | |
36406 | + } else | |
36407 | + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS))) | |
36408 | + { | |
36409 | + gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt, | |
36410 | + reqmode & GR_READ ? " reading" : "", | |
36411 | + reqmode & GR_WRITE ? " writing" : reqmode & | |
36412 | + GR_APPEND ? " appending" : ""); | |
36413 | + return 0; | |
36414 | + } else if (unlikely((mode & reqmode) != reqmode)) | |
36415 | + return 0; | |
36416 | + | |
36417 | + return reqmode; | |
36418 | +} | |
36419 | + | |
36420 | +__u32 | |
36421 | +gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt, | |
36422 | + const int fmode) | |
36423 | +{ | |
36424 | + __u32 mode, reqmode = GR_FIND; | |
36425 | + | |
36426 | + if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode)) | |
36427 | + reqmode |= GR_EXEC; | |
36428 | + if (fmode & S_IWOTH) | |
36429 | + reqmode |= GR_WRITE; | |
36430 | + if (fmode & S_IROTH) | |
36431 | + reqmode |= GR_READ; | |
36432 | + | |
36433 | + mode = | |
36434 | + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, | |
36435 | + mnt); | |
36436 | + | |
36437 | + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) { | |
36438 | + gr_log_fs_rbac_mode3(GR_DO_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt, | |
36439 | + reqmode & GR_READ ? " reading" : "", | |
36440 | + reqmode & GR_WRITE ? " writing" : "", | |
36441 | + reqmode & GR_EXEC ? " executing" : ""); | |
36442 | + return reqmode; | |
36443 | + } else | |
36444 | + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS))) | |
36445 | + { | |
36446 | + gr_log_fs_rbac_mode3(GR_DONT_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt, | |
36447 | + reqmode & GR_READ ? " reading" : "", | |
36448 | + reqmode & GR_WRITE ? " writing" : "", | |
36449 | + reqmode & GR_EXEC ? " executing" : ""); | |
36450 | + return 0; | |
36451 | + } else if (unlikely((mode & reqmode) != reqmode)) | |
36452 | + return 0; | |
36453 | + | |
36454 | + return reqmode; | |
36455 | +} | |
36456 | + | |
36457 | +static __u32 generic_fs_handler(const struct dentry *dentry, const struct vfsmount *mnt, __u32 reqmode, const char *fmt) | |
36458 | +{ | |
36459 | + __u32 mode; | |
36460 | + | |
36461 | + mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt); | |
36462 | + | |
36463 | + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) { | |
36464 | + gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, dentry, mnt); | |
36465 | + return mode; | |
36466 | + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) { | |
36467 | + gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, dentry, mnt); | |
36468 | + return 0; | |
36469 | + } else if (unlikely((mode & (reqmode)) != (reqmode))) | |
36470 | + return 0; | |
36471 | + | |
36472 | + return (reqmode); | |
36473 | +} | |
36474 | + | |
36475 | +__u32 | |
36476 | +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt) | |
36477 | +{ | |
36478 | + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG); | |
36479 | +} | |
36480 | + | |
36481 | +__u32 | |
36482 | +gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt) | |
36483 | +{ | |
36484 | + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG); | |
36485 | +} | |
36486 | + | |
36487 | +__u32 | |
36488 | +gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt) | |
36489 | +{ | |
36490 | + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG); | |
36491 | +} | |
36492 | + | |
36493 | +__u32 | |
36494 | +gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt) | |
36495 | +{ | |
36496 | + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG); | |
36497 | +} | |
36498 | + | |
36499 | +__u32 | |
36500 | +gr_acl_handle_fchmod(const struct dentry *dentry, const struct vfsmount *mnt, | |
36501 | + mode_t mode) | |
36502 | +{ | |
36503 | + if (unlikely(dentry->d_inode && S_ISSOCK(dentry->d_inode->i_mode))) | |
36504 | + return 1; | |
36505 | + | |
36506 | + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) { | |
36507 | + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID, | |
36508 | + GR_FCHMOD_ACL_MSG); | |
36509 | + } else { | |
36510 | + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_FCHMOD_ACL_MSG); | |
36511 | + } | |
36512 | +} | |
36513 | + | |
36514 | +__u32 | |
36515 | +gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt, | |
36516 | + mode_t mode) | |
36517 | +{ | |
36518 | + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) { | |
36519 | + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID, | |
36520 | + GR_CHMOD_ACL_MSG); | |
36521 | + } else { | |
36522 | + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG); | |
36523 | + } | |
36524 | +} | |
36525 | + | |
36526 | +__u32 | |
36527 | +gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt) | |
36528 | +{ | |
36529 | + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG); | |
36530 | +} | |
36531 | + | |
36532 | +__u32 | |
36533 | +gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt) | |
36534 | +{ | |
36535 | + return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG); | |
36536 | +} | |
36537 | + | |
36538 | +__u32 | |
36539 | +gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt) | |
36540 | +{ | |
36541 | + return generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE, | |
36542 | + GR_UNIXCONNECT_ACL_MSG); | |
36543 | +} | |
36544 | + | |
36545 | +/* hardlinks require at minimum create permission, | |
36546 | + any additional privilege required is based on the | |
36547 | + privilege of the file being linked to | |
36548 | +*/ | |
36549 | +__u32 | |
36550 | +gr_acl_handle_link(const struct dentry * new_dentry, | |
36551 | + const struct dentry * parent_dentry, | |
36552 | + const struct vfsmount * parent_mnt, | |
36553 | + const struct dentry * old_dentry, | |
36554 | + const struct vfsmount * old_mnt, const char *to) | |
36555 | +{ | |
36556 | + __u32 mode; | |
36557 | + __u32 needmode = GR_CREATE | GR_LINK; | |
36558 | + __u32 needaudit = GR_AUDIT_CREATE | GR_AUDIT_LINK; | |
36559 | + | |
36560 | + mode = | |
36561 | + gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry, | |
36562 | + old_mnt); | |
36563 | + | |
36564 | + if (unlikely(((mode & needmode) == needmode) && (mode & needaudit))) { | |
36565 | + gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to); | |
36566 | + return mode; | |
36567 | + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) { | |
36568 | + gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to); | |
36569 | + return 0; | |
36570 | + } else if (unlikely((mode & needmode) != needmode)) | |
36571 | + return 0; | |
36572 | + | |
36573 | + return 1; | |
36574 | +} | |
36575 | + | |
36576 | +__u32 | |
36577 | +gr_acl_handle_symlink(const struct dentry * new_dentry, | |
36578 | + const struct dentry * parent_dentry, | |
36579 | + const struct vfsmount * parent_mnt, const char *from) | |
36580 | +{ | |
36581 | + __u32 needmode = GR_WRITE | GR_CREATE; | |
36582 | + __u32 mode; | |
36583 | + | |
36584 | + mode = | |
36585 | + gr_check_create(new_dentry, parent_dentry, parent_mnt, | |
36586 | + GR_CREATE | GR_AUDIT_CREATE | | |
36587 | + GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS); | |
36588 | + | |
36589 | + if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) { | |
36590 | + gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt); | |
36591 | + return mode; | |
36592 | + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) { | |
36593 | + gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt); | |
36594 | + return 0; | |
36595 | + } else if (unlikely((mode & needmode) != needmode)) | |
36596 | + return 0; | |
36597 | + | |
36598 | + return (GR_WRITE | GR_CREATE); | |
36599 | +} | |
36600 | + | |
36601 | +static __u32 generic_fs_create_handler(const struct dentry *new_dentry, const struct dentry *parent_dentry, const struct vfsmount *parent_mnt, __u32 reqmode, const char *fmt) | |
36602 | +{ | |
36603 | + __u32 mode; | |
36604 | + | |
36605 | + mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS); | |
36606 | + | |
36607 | + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) { | |
36608 | + gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, new_dentry, parent_mnt); | |
36609 | + return mode; | |
36610 | + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) { | |
36611 | + gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, new_dentry, parent_mnt); | |
36612 | + return 0; | |
36613 | + } else if (unlikely((mode & (reqmode)) != (reqmode))) | |
36614 | + return 0; | |
36615 | + | |
36616 | + return (reqmode); | |
36617 | +} | |
36618 | + | |
36619 | +__u32 | |
36620 | +gr_acl_handle_mknod(const struct dentry * new_dentry, | |
36621 | + const struct dentry * parent_dentry, | |
36622 | + const struct vfsmount * parent_mnt, | |
36623 | + const int mode) | |
36624 | +{ | |
36625 | + __u32 reqmode = GR_WRITE | GR_CREATE; | |
36626 | + if (unlikely(mode & (S_ISUID | S_ISGID))) | |
36627 | + reqmode |= GR_SETID; | |
36628 | + | |
36629 | + return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt, | |
36630 | + reqmode, GR_MKNOD_ACL_MSG); | |
36631 | +} | |
36632 | + | |
36633 | +__u32 | |
36634 | +gr_acl_handle_mkdir(const struct dentry *new_dentry, | |
36635 | + const struct dentry *parent_dentry, | |
36636 | + const struct vfsmount *parent_mnt) | |
36637 | +{ | |
36638 | + return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt, | |
36639 | + GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG); | |
36640 | +} | |
36641 | + | |
36642 | +#define RENAME_CHECK_SUCCESS(old, new) \ | |
36643 | + (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \ | |
36644 | + ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ))) | |
36645 | + | |
36646 | +int | |
36647 | +gr_acl_handle_rename(struct dentry *new_dentry, | |
36648 | + struct dentry *parent_dentry, | |
36649 | + const struct vfsmount *parent_mnt, | |
36650 | + struct dentry *old_dentry, | |
36651 | + struct inode *old_parent_inode, | |
36652 | + struct vfsmount *old_mnt, const char *newname) | |
36653 | +{ | |
36654 | + __u32 comp1, comp2; | |
36655 | + int error = 0; | |
36656 | + | |
36657 | + if (unlikely(!gr_acl_is_enabled())) | |
36658 | + return 0; | |
36659 | + | |
36660 | + if (!new_dentry->d_inode) { | |
36661 | + comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt, | |
36662 | + GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ | | |
36663 | + GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS); | |
36664 | + comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE | | |
36665 | + GR_DELETE | GR_AUDIT_DELETE | | |
36666 | + GR_AUDIT_READ | GR_AUDIT_WRITE | | |
36667 | + GR_SUPPRESS, old_mnt); | |
36668 | + } else { | |
36669 | + comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE | | |
36670 | + GR_CREATE | GR_DELETE | | |
36671 | + GR_AUDIT_CREATE | GR_AUDIT_DELETE | | |
36672 | + GR_AUDIT_READ | GR_AUDIT_WRITE | | |
36673 | + GR_SUPPRESS, parent_mnt); | |
36674 | + comp2 = | |
36675 | + gr_search_file(old_dentry, | |
36676 | + GR_READ | GR_WRITE | GR_AUDIT_READ | | |
36677 | + GR_DELETE | GR_AUDIT_DELETE | | |
36678 | + GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt); | |
36679 | + } | |
36680 | + | |
36681 | + if (RENAME_CHECK_SUCCESS(comp1, comp2) && | |
36682 | + ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS))) | |
36683 | + gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname); | |
36684 | + else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS) | |
36685 | + && !(comp2 & GR_SUPPRESS)) { | |
36686 | + gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname); | |
36687 | + error = -EACCES; | |
36688 | + } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2))) | |
36689 | + error = -EACCES; | |
36690 | + | |
36691 | + return error; | |
36692 | +} | |
36693 | + | |
36694 | +void | |
36695 | +gr_acl_handle_exit(void) | |
36696 | +{ | |
36697 | + u16 id; | |
36698 | + char *rolename; | |
36699 | + struct file *exec_file; | |
36700 | + | |
36701 | + if (unlikely(current->acl_sp_role && gr_acl_is_enabled())) { | |
36702 | + id = current->acl_role_id; | |
36703 | + rolename = current->role->rolename; | |
36704 | + gr_set_acls(1); | |
36705 | + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id); | |
36706 | + } | |
36707 | + | |
36708 | + write_lock(&grsec_exec_file_lock); | |
36709 | + exec_file = current->exec_file; | |
36710 | + current->exec_file = NULL; | |
36711 | + write_unlock(&grsec_exec_file_lock); | |
36712 | + | |
36713 | + if (exec_file) | |
36714 | + fput(exec_file); | |
36715 | +} | |
36716 | + | |
36717 | +int | |
36718 | +gr_acl_handle_procpidmem(const struct task_struct *task) | |
36719 | +{ | |
36720 | + if (unlikely(!gr_acl_is_enabled())) | |
36721 | + return 0; | |
36722 | + | |
36723 | + if (task != current && task->acl->mode & GR_PROTPROCFD) | |
36724 | + return -EACCES; | |
36725 | + | |
36726 | + return 0; | |
36727 | +} | |
ae4e228f MT |
36728 | diff -urNp linux-2.6.33.1/grsecurity/gracl_ip.c linux-2.6.33.1/grsecurity/gracl_ip.c |
36729 | --- linux-2.6.33.1/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500 | |
36730 | +++ linux-2.6.33.1/grsecurity/gracl_ip.c 2010-03-20 16:58:41.892922620 -0400 | |
36731 | @@ -0,0 +1,339 @@ | |
58c5fc13 MT |
36732 | +#include <linux/kernel.h> |
36733 | +#include <asm/uaccess.h> | |
36734 | +#include <asm/errno.h> | |
36735 | +#include <net/sock.h> | |
36736 | +#include <linux/file.h> | |
36737 | +#include <linux/fs.h> | |
36738 | +#include <linux/net.h> | |
36739 | +#include <linux/in.h> | |
36740 | +#include <linux/skbuff.h> | |
36741 | +#include <linux/ip.h> | |
36742 | +#include <linux/udp.h> | |
36743 | +#include <linux/smp_lock.h> | |
36744 | +#include <linux/types.h> | |
36745 | +#include <linux/sched.h> | |
36746 | +#include <linux/netdevice.h> | |
36747 | +#include <linux/inetdevice.h> | |
36748 | +#include <linux/gracl.h> | |
36749 | +#include <linux/grsecurity.h> | |
36750 | +#include <linux/grinternal.h> | |
36751 | + | |
36752 | +#define GR_BIND 0x01 | |
36753 | +#define GR_CONNECT 0x02 | |
36754 | +#define GR_INVERT 0x04 | |
36755 | +#define GR_BINDOVERRIDE 0x08 | |
36756 | +#define GR_CONNECTOVERRIDE 0x10 | |
36757 | + | |
36758 | +static const char * gr_protocols[256] = { | |
36759 | + "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt", | |
36760 | + "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet", | |
36761 | + "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1", | |
36762 | + "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp", | |
36763 | + "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++", | |
36764 | + "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre", | |
36765 | + "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile", | |
36766 | + "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63", | |
36767 | + "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv", | |
36768 | + "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak", | |
36769 | + "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf", | |
36770 | + "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp", | |
36771 | + "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim", | |
36772 | + "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip", | |
36773 | + "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp", | |
36774 | + "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup", | |
36775 | + "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135", | |
36776 | + "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143", | |
36777 | + "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151", | |
36778 | + "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159", | |
36779 | + "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167", | |
36780 | + "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175", | |
36781 | + "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183", | |
36782 | + "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191", | |
36783 | + "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199", | |
36784 | + "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207", | |
36785 | + "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215", | |
36786 | + "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223", | |
36787 | + "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231", | |
36788 | + "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239", | |
36789 | + "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247", | |
36790 | + "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255", | |
36791 | + }; | |
36792 | + | |
36793 | +static const char * gr_socktypes[11] = { | |
36794 | + "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6", | |
36795 | + "unknown:7", "unknown:8", "unknown:9", "packet" | |
36796 | + }; | |
36797 | + | |
36798 | +const char * | |
36799 | +gr_proto_to_name(unsigned char proto) | |
36800 | +{ | |
36801 | + return gr_protocols[proto]; | |
36802 | +} | |
36803 | + | |
36804 | +const char * | |
36805 | +gr_socktype_to_name(unsigned char type) | |
36806 | +{ | |
36807 | + return gr_socktypes[type]; | |
36808 | +} | |
36809 | + | |
36810 | +int | |
36811 | +gr_search_socket(const int domain, const int type, const int protocol) | |
36812 | +{ | |
36813 | + struct acl_subject_label *curr; | |
36814 | + const struct cred *cred = current_cred(); | |
36815 | + | |
36816 | + if (unlikely(!gr_acl_is_enabled())) | |
36817 | + goto exit; | |
36818 | + | |
36819 | + if ((domain < 0) || (type < 0) || (protocol < 0) || (domain != PF_INET) | |
36820 | + || (domain >= NPROTO) || (type >= SOCK_MAX) || (protocol > 255)) | |
36821 | + goto exit; // let the kernel handle it | |
36822 | + | |
36823 | + curr = current->acl; | |
36824 | + | |
36825 | + if (!curr->ips) | |
36826 | + goto exit; | |
36827 | + | |
36828 | + if ((curr->ip_type & (1 << type)) && | |
36829 | + (curr->ip_proto[protocol / 32] & (1 << (protocol % 32)))) | |
36830 | + goto exit; | |
36831 | + | |
36832 | + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) { | |
36833 | + /* we don't place acls on raw sockets , and sometimes | |
36834 | + dgram/ip sockets are opened for ioctl and not | |
36835 | + bind/connect, so we'll fake a bind learn log */ | |
36836 | + if (type == SOCK_RAW || type == SOCK_PACKET) { | |
36837 | + __u32 fakeip = 0; | |
36838 | + security_learn(GR_IP_LEARN_MSG, current->role->rolename, | |
36839 | + current->role->roletype, cred->uid, | |
36840 | + cred->gid, current->exec_file ? | |
36841 | + gr_to_filename(current->exec_file->f_path.dentry, | |
36842 | + current->exec_file->f_path.mnt) : | |
36843 | + curr->filename, curr->filename, | |
ae4e228f MT |
36844 | + &fakeip, 0, type, |
36845 | + protocol, GR_CONNECT, ¤t->signal->curr_ip); | |
58c5fc13 MT |
36846 | + } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) { |
36847 | + __u32 fakeip = 0; | |
36848 | + security_learn(GR_IP_LEARN_MSG, current->role->rolename, | |
36849 | + current->role->roletype, cred->uid, | |
36850 | + cred->gid, current->exec_file ? | |
36851 | + gr_to_filename(current->exec_file->f_path.dentry, | |
36852 | + current->exec_file->f_path.mnt) : | |
36853 | + curr->filename, curr->filename, | |
ae4e228f MT |
36854 | + &fakeip, 0, type, |
36855 | + protocol, GR_BIND, ¤t->signal->curr_ip); | |
58c5fc13 MT |
36856 | + } |
36857 | + /* we'll log when they use connect or bind */ | |
36858 | + goto exit; | |
36859 | + } | |
36860 | + | |
36861 | + gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, "inet", | |
36862 | + gr_socktype_to_name(type), gr_proto_to_name(protocol)); | |
36863 | + | |
36864 | + return 0; | |
36865 | + exit: | |
36866 | + return 1; | |
36867 | +} | |
36868 | + | |
36869 | +int check_ip_policy(struct acl_ip_label *ip, __u32 ip_addr, __u16 ip_port, __u8 protocol, const int mode, const int type, __u32 our_addr, __u32 our_netmask) | |
36870 | +{ | |
36871 | + if ((ip->mode & mode) && | |
36872 | + (ip_port >= ip->low) && | |
36873 | + (ip_port <= ip->high) && | |
36874 | + ((ntohl(ip_addr) & our_netmask) == | |
36875 | + (ntohl(our_addr) & our_netmask)) | |
36876 | + && (ip->proto[protocol / 32] & (1 << (protocol % 32))) | |
36877 | + && (ip->type & (1 << type))) { | |
36878 | + if (ip->mode & GR_INVERT) | |
36879 | + return 2; // specifically denied | |
36880 | + else | |
36881 | + return 1; // allowed | |
36882 | + } | |
36883 | + | |
36884 | + return 0; // not specifically allowed, may continue parsing | |
36885 | +} | |
36886 | + | |
36887 | +static int | |
36888 | +gr_search_connectbind(const int full_mode, struct sock *sk, | |
36889 | + struct sockaddr_in *addr, const int type) | |
36890 | +{ | |
36891 | + char iface[IFNAMSIZ] = {0}; | |
36892 | + struct acl_subject_label *curr; | |
36893 | + struct acl_ip_label *ip; | |
36894 | + struct inet_sock *isk; | |
36895 | + struct net_device *dev; | |
36896 | + struct in_device *idev; | |
36897 | + unsigned long i; | |
36898 | + int ret; | |
36899 | + int mode = full_mode & (GR_BIND | GR_CONNECT); | |
36900 | + __u32 ip_addr = 0; | |
36901 | + __u32 our_addr; | |
36902 | + __u32 our_netmask; | |
36903 | + char *p; | |
36904 | + __u16 ip_port = 0; | |
36905 | + const struct cred *cred = current_cred(); | |
36906 | + | |
36907 | + if (unlikely(!gr_acl_is_enabled() || sk->sk_family != PF_INET)) | |
36908 | + return 0; | |
36909 | + | |
36910 | + curr = current->acl; | |
36911 | + isk = inet_sk(sk); | |
36912 | + | |
36913 | + /* INADDR_ANY overriding for binds, inaddr_any_override is already in network order */ | |
36914 | + if ((full_mode & GR_BINDOVERRIDE) && addr->sin_addr.s_addr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0) | |
36915 | + addr->sin_addr.s_addr = curr->inaddr_any_override; | |
ae4e228f | 36916 | + if ((full_mode & GR_CONNECT) && isk->inet_saddr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0) { |
58c5fc13 MT |
36917 | + struct sockaddr_in saddr; |
36918 | + int err; | |
36919 | + | |
36920 | + saddr.sin_family = AF_INET; | |
36921 | + saddr.sin_addr.s_addr = curr->inaddr_any_override; | |
ae4e228f | 36922 | + saddr.sin_port = isk->inet_sport; |
58c5fc13 MT |
36923 | + |
36924 | + err = security_socket_bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in)); | |
36925 | + if (err) | |
36926 | + return err; | |
36927 | + | |
36928 | + err = sk->sk_socket->ops->bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in)); | |
36929 | + if (err) | |
36930 | + return err; | |
36931 | + } | |
36932 | + | |
36933 | + if (!curr->ips) | |
36934 | + return 0; | |
36935 | + | |
36936 | + ip_addr = addr->sin_addr.s_addr; | |
36937 | + ip_port = ntohs(addr->sin_port); | |
36938 | + | |
36939 | + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) { | |
36940 | + security_learn(GR_IP_LEARN_MSG, current->role->rolename, | |
36941 | + current->role->roletype, cred->uid, | |
36942 | + cred->gid, current->exec_file ? | |
36943 | + gr_to_filename(current->exec_file->f_path.dentry, | |
36944 | + current->exec_file->f_path.mnt) : | |
36945 | + curr->filename, curr->filename, | |
ae4e228f MT |
36946 | + &ip_addr, ip_port, type, |
36947 | + sk->sk_protocol, mode, ¤t->signal->curr_ip); | |
58c5fc13 MT |
36948 | + return 0; |
36949 | + } | |
36950 | + | |
36951 | + for (i = 0; i < curr->ip_num; i++) { | |
36952 | + ip = *(curr->ips + i); | |
36953 | + if (ip->iface != NULL) { | |
36954 | + strncpy(iface, ip->iface, IFNAMSIZ - 1); | |
36955 | + p = strchr(iface, ':'); | |
36956 | + if (p != NULL) | |
36957 | + *p = '\0'; | |
36958 | + dev = dev_get_by_name(sock_net(sk), iface); | |
36959 | + if (dev == NULL) | |
36960 | + continue; | |
36961 | + idev = in_dev_get(dev); | |
36962 | + if (idev == NULL) { | |
36963 | + dev_put(dev); | |
36964 | + continue; | |
36965 | + } | |
36966 | + rcu_read_lock(); | |
36967 | + for_ifa(idev) { | |
36968 | + if (!strcmp(ip->iface, ifa->ifa_label)) { | |
36969 | + our_addr = ifa->ifa_address; | |
36970 | + our_netmask = 0xffffffff; | |
36971 | + ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask); | |
36972 | + if (ret == 1) { | |
36973 | + rcu_read_unlock(); | |
36974 | + in_dev_put(idev); | |
36975 | + dev_put(dev); | |
36976 | + return 0; | |
36977 | + } else if (ret == 2) { | |
36978 | + rcu_read_unlock(); | |
36979 | + in_dev_put(idev); | |
36980 | + dev_put(dev); | |
36981 | + goto denied; | |
36982 | + } | |
36983 | + } | |
36984 | + } endfor_ifa(idev); | |
36985 | + rcu_read_unlock(); | |
36986 | + in_dev_put(idev); | |
36987 | + dev_put(dev); | |
36988 | + } else { | |
36989 | + our_addr = ip->addr; | |
36990 | + our_netmask = ip->netmask; | |
36991 | + ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask); | |
36992 | + if (ret == 1) | |
36993 | + return 0; | |
36994 | + else if (ret == 2) | |
36995 | + goto denied; | |
36996 | + } | |
36997 | + } | |
36998 | + | |
36999 | +denied: | |
37000 | + if (mode == GR_BIND) | |
ae4e228f | 37001 | + gr_log_int5_str2(GR_DONT_AUDIT, GR_BIND_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol)); |
58c5fc13 | 37002 | + else if (mode == GR_CONNECT) |
ae4e228f | 37003 | + gr_log_int5_str2(GR_DONT_AUDIT, GR_CONNECT_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol)); |
58c5fc13 MT |
37004 | + |
37005 | + return -EACCES; | |
37006 | +} | |
37007 | + | |
37008 | +int | |
37009 | +gr_search_connect(struct socket *sock, struct sockaddr_in *addr) | |
37010 | +{ | |
37011 | + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type); | |
37012 | +} | |
37013 | + | |
37014 | +int | |
37015 | +gr_search_bind(struct socket *sock, struct sockaddr_in *addr) | |
37016 | +{ | |
37017 | + return gr_search_connectbind(GR_BIND | GR_BINDOVERRIDE, sock->sk, addr, sock->type); | |
37018 | +} | |
37019 | + | |
37020 | +int gr_search_listen(struct socket *sock) | |
37021 | +{ | |
37022 | + struct sock *sk = sock->sk; | |
37023 | + struct sockaddr_in addr; | |
37024 | + | |
ae4e228f MT |
37025 | + addr.sin_addr.s_addr = inet_sk(sk)->inet_saddr; |
37026 | + addr.sin_port = inet_sk(sk)->inet_sport; | |
58c5fc13 MT |
37027 | + |
37028 | + return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type); | |
37029 | +} | |
37030 | + | |
37031 | +int gr_search_accept(struct socket *sock) | |
37032 | +{ | |
37033 | + struct sock *sk = sock->sk; | |
37034 | + struct sockaddr_in addr; | |
37035 | + | |
ae4e228f MT |
37036 | + addr.sin_addr.s_addr = inet_sk(sk)->inet_saddr; |
37037 | + addr.sin_port = inet_sk(sk)->inet_sport; | |
58c5fc13 MT |
37038 | + |
37039 | + return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type); | |
37040 | +} | |
37041 | + | |
37042 | +int | |
37043 | +gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr) | |
37044 | +{ | |
37045 | + if (addr) | |
37046 | + return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM); | |
37047 | + else { | |
37048 | + struct sockaddr_in sin; | |
37049 | + const struct inet_sock *inet = inet_sk(sk); | |
37050 | + | |
ae4e228f MT |
37051 | + sin.sin_addr.s_addr = inet->inet_daddr; |
37052 | + sin.sin_port = inet->inet_dport; | |
58c5fc13 MT |
37053 | + |
37054 | + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM); | |
37055 | + } | |
37056 | +} | |
37057 | + | |
37058 | +int | |
37059 | +gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb) | |
37060 | +{ | |
37061 | + struct sockaddr_in sin; | |
37062 | + | |
37063 | + if (unlikely(skb->len < sizeof (struct udphdr))) | |
37064 | + return 0; // skip this packet | |
37065 | + | |
37066 | + sin.sin_addr.s_addr = ip_hdr(skb)->saddr; | |
37067 | + sin.sin_port = udp_hdr(skb)->source; | |
37068 | + | |
37069 | + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM); | |
37070 | +} | |
ae4e228f MT |
37071 | diff -urNp linux-2.6.33.1/grsecurity/gracl_learn.c linux-2.6.33.1/grsecurity/gracl_learn.c |
37072 | --- linux-2.6.33.1/grsecurity/gracl_learn.c 1969-12-31 19:00:00.000000000 -0500 | |
37073 | +++ linux-2.6.33.1/grsecurity/gracl_learn.c 2010-03-20 16:58:41.892922620 -0400 | |
58c5fc13 MT |
37074 | @@ -0,0 +1,211 @@ |
37075 | +#include <linux/kernel.h> | |
37076 | +#include <linux/mm.h> | |
37077 | +#include <linux/sched.h> | |
37078 | +#include <linux/poll.h> | |
37079 | +#include <linux/smp_lock.h> | |
37080 | +#include <linux/string.h> | |
37081 | +#include <linux/file.h> | |
37082 | +#include <linux/types.h> | |
37083 | +#include <linux/vmalloc.h> | |
37084 | +#include <linux/grinternal.h> | |
37085 | + | |
37086 | +extern ssize_t write_grsec_handler(struct file * file, const char __user * buf, | |
37087 | + size_t count, loff_t *ppos); | |
37088 | +extern int gr_acl_is_enabled(void); | |
37089 | + | |
37090 | +static DECLARE_WAIT_QUEUE_HEAD(learn_wait); | |
37091 | +static int gr_learn_attached; | |
37092 | + | |
37093 | +/* use a 512k buffer */ | |
37094 | +#define LEARN_BUFFER_SIZE (512 * 1024) | |
37095 | + | |
37096 | +static DEFINE_SPINLOCK(gr_learn_lock); | |
37097 | +static DECLARE_MUTEX(gr_learn_user_sem); | |
37098 | + | |
37099 | +/* we need to maintain two buffers, so that the kernel context of grlearn | |
37100 | + uses a semaphore around the userspace copying, and the other kernel contexts | |
37101 | + use a spinlock when copying into the buffer, since they cannot sleep | |
37102 | +*/ | |
37103 | +static char *learn_buffer; | |
37104 | +static char *learn_buffer_user; | |
37105 | +static int learn_buffer_len; | |
37106 | +static int learn_buffer_user_len; | |
37107 | + | |
37108 | +static ssize_t | |
37109 | +read_learn(struct file *file, char __user * buf, size_t count, loff_t * ppos) | |
37110 | +{ | |
37111 | + DECLARE_WAITQUEUE(wait, current); | |
37112 | + ssize_t retval = 0; | |
37113 | + | |
37114 | + add_wait_queue(&learn_wait, &wait); | |
37115 | + set_current_state(TASK_INTERRUPTIBLE); | |
37116 | + do { | |
37117 | + down(&gr_learn_user_sem); | |
37118 | + spin_lock(&gr_learn_lock); | |
37119 | + if (learn_buffer_len) | |
37120 | + break; | |
37121 | + spin_unlock(&gr_learn_lock); | |
37122 | + up(&gr_learn_user_sem); | |
37123 | + if (file->f_flags & O_NONBLOCK) { | |
37124 | + retval = -EAGAIN; | |
37125 | + goto out; | |
37126 | + } | |
37127 | + if (signal_pending(current)) { | |
37128 | + retval = -ERESTARTSYS; | |
37129 | + goto out; | |
37130 | + } | |
37131 | + | |
37132 | + schedule(); | |
37133 | + } while (1); | |
37134 | + | |
37135 | + memcpy(learn_buffer_user, learn_buffer, learn_buffer_len); | |
37136 | + learn_buffer_user_len = learn_buffer_len; | |
37137 | + retval = learn_buffer_len; | |
37138 | + learn_buffer_len = 0; | |
37139 | + | |
37140 | + spin_unlock(&gr_learn_lock); | |
37141 | + | |
37142 | + if (copy_to_user(buf, learn_buffer_user, learn_buffer_user_len)) | |
37143 | + retval = -EFAULT; | |
37144 | + | |
37145 | + up(&gr_learn_user_sem); | |
37146 | +out: | |
37147 | + set_current_state(TASK_RUNNING); | |
37148 | + remove_wait_queue(&learn_wait, &wait); | |
37149 | + return retval; | |
37150 | +} | |
37151 | + | |
37152 | +static unsigned int | |
37153 | +poll_learn(struct file * file, poll_table * wait) | |
37154 | +{ | |
37155 | + poll_wait(file, &learn_wait, wait); | |
37156 | + | |
37157 | + if (learn_buffer_len) | |
37158 | + return (POLLIN | POLLRDNORM); | |
37159 | + | |
37160 | + return 0; | |
37161 | +} | |
37162 | + | |
37163 | +void | |
37164 | +gr_clear_learn_entries(void) | |
37165 | +{ | |
37166 | + char *tmp; | |
37167 | + | |
37168 | + down(&gr_learn_user_sem); | |
37169 | + if (learn_buffer != NULL) { | |
37170 | + spin_lock(&gr_learn_lock); | |
37171 | + tmp = learn_buffer; | |
37172 | + learn_buffer = NULL; | |
37173 | + spin_unlock(&gr_learn_lock); | |
37174 | + vfree(learn_buffer); | |
37175 | + } | |
37176 | + if (learn_buffer_user != NULL) { | |
37177 | + vfree(learn_buffer_user); | |
37178 | + learn_buffer_user = NULL; | |
37179 | + } | |
37180 | + learn_buffer_len = 0; | |
37181 | + up(&gr_learn_user_sem); | |
37182 | + | |
37183 | + return; | |
37184 | +} | |
37185 | + | |
37186 | +void | |
37187 | +gr_add_learn_entry(const char *fmt, ...) | |
37188 | +{ | |
37189 | + va_list args; | |
37190 | + unsigned int len; | |
37191 | + | |
37192 | + if (!gr_learn_attached) | |
37193 | + return; | |
37194 | + | |
37195 | + spin_lock(&gr_learn_lock); | |
37196 | + | |
37197 | + /* leave a gap at the end so we know when it's "full" but don't have to | |
37198 | + compute the exact length of the string we're trying to append | |
37199 | + */ | |
37200 | + if (learn_buffer_len > LEARN_BUFFER_SIZE - 16384) { | |
37201 | + spin_unlock(&gr_learn_lock); | |
37202 | + wake_up_interruptible(&learn_wait); | |
37203 | + return; | |
37204 | + } | |
37205 | + if (learn_buffer == NULL) { | |
37206 | + spin_unlock(&gr_learn_lock); | |
37207 | + return; | |
37208 | + } | |
37209 | + | |
37210 | + va_start(args, fmt); | |
37211 | + len = vsnprintf(learn_buffer + learn_buffer_len, LEARN_BUFFER_SIZE - learn_buffer_len, fmt, args); | |
37212 | + va_end(args); | |
37213 | + | |
37214 | + learn_buffer_len += len + 1; | |
37215 | + | |
37216 | + spin_unlock(&gr_learn_lock); | |
37217 | + wake_up_interruptible(&learn_wait); | |
37218 | + | |
37219 | + return; | |
37220 | +} | |
37221 | + | |
37222 | +static int | |
37223 | +open_learn(struct inode *inode, struct file *file) | |
37224 | +{ | |
37225 | + if (file->f_mode & FMODE_READ && gr_learn_attached) | |
37226 | + return -EBUSY; | |
37227 | + if (file->f_mode & FMODE_READ) { | |
37228 | + int retval = 0; | |
37229 | + down(&gr_learn_user_sem); | |
37230 | + if (learn_buffer == NULL) | |
37231 | + learn_buffer = vmalloc(LEARN_BUFFER_SIZE); | |
37232 | + if (learn_buffer_user == NULL) | |
37233 | + learn_buffer_user = vmalloc(LEARN_BUFFER_SIZE); | |
37234 | + if (learn_buffer == NULL) { | |
37235 | + retval = -ENOMEM; | |
37236 | + goto out_error; | |
37237 | + } | |
37238 | + if (learn_buffer_user == NULL) { | |
37239 | + retval = -ENOMEM; | |
37240 | + goto out_error; | |
37241 | + } | |
37242 | + learn_buffer_len = 0; | |
37243 | + learn_buffer_user_len = 0; | |
37244 | + gr_learn_attached = 1; | |
37245 | +out_error: | |
37246 | + up(&gr_learn_user_sem); | |
37247 | + return retval; | |
37248 | + } | |
37249 | + return 0; | |
37250 | +} | |
37251 | + | |
37252 | +static int | |
37253 | +close_learn(struct inode *inode, struct file *file) | |
37254 | +{ | |
37255 | + char *tmp; | |
37256 | + | |
37257 | + if (file->f_mode & FMODE_READ) { | |
37258 | + down(&gr_learn_user_sem); | |
37259 | + if (learn_buffer != NULL) { | |
37260 | + spin_lock(&gr_learn_lock); | |
37261 | + tmp = learn_buffer; | |
37262 | + learn_buffer = NULL; | |
37263 | + spin_unlock(&gr_learn_lock); | |
37264 | + vfree(tmp); | |
37265 | + } | |
37266 | + if (learn_buffer_user != NULL) { | |
37267 | + vfree(learn_buffer_user); | |
37268 | + learn_buffer_user = NULL; | |
37269 | + } | |
37270 | + learn_buffer_len = 0; | |
37271 | + learn_buffer_user_len = 0; | |
37272 | + gr_learn_attached = 0; | |
37273 | + up(&gr_learn_user_sem); | |
37274 | + } | |
37275 | + | |
37276 | + return 0; | |
37277 | +} | |
37278 | + | |
37279 | +const struct file_operations grsec_fops = { | |
37280 | + .read = read_learn, | |
37281 | + .write = write_grsec_handler, | |
37282 | + .open = open_learn, | |
37283 | + .release = close_learn, | |
37284 | + .poll = poll_learn, | |
37285 | +}; | |
ae4e228f MT |
37286 | diff -urNp linux-2.6.33.1/grsecurity/gracl_res.c linux-2.6.33.1/grsecurity/gracl_res.c |
37287 | --- linux-2.6.33.1/grsecurity/gracl_res.c 1969-12-31 19:00:00.000000000 -0500 | |
37288 | +++ linux-2.6.33.1/grsecurity/gracl_res.c 2010-03-20 16:58:41.892922620 -0400 | |
37289 | @@ -0,0 +1,65 @@ | |
58c5fc13 MT |
37290 | +#include <linux/kernel.h> |
37291 | +#include <linux/sched.h> | |
37292 | +#include <linux/gracl.h> | |
37293 | +#include <linux/grinternal.h> | |
37294 | + | |
37295 | +static const char *restab_log[] = { | |
37296 | + [RLIMIT_CPU] = "RLIMIT_CPU", | |
37297 | + [RLIMIT_FSIZE] = "RLIMIT_FSIZE", | |
37298 | + [RLIMIT_DATA] = "RLIMIT_DATA", | |
37299 | + [RLIMIT_STACK] = "RLIMIT_STACK", | |
37300 | + [RLIMIT_CORE] = "RLIMIT_CORE", | |
37301 | + [RLIMIT_RSS] = "RLIMIT_RSS", | |
37302 | + [RLIMIT_NPROC] = "RLIMIT_NPROC", | |
37303 | + [RLIMIT_NOFILE] = "RLIMIT_NOFILE", | |
37304 | + [RLIMIT_MEMLOCK] = "RLIMIT_MEMLOCK", | |
37305 | + [RLIMIT_AS] = "RLIMIT_AS", | |
37306 | + [RLIMIT_LOCKS] = "RLIMIT_LOCKS", | |
37307 | + [RLIMIT_SIGPENDING] = "RLIMIT_SIGPENDING", | |
37308 | + [RLIMIT_MSGQUEUE] = "RLIMIT_MSGQUEUE", | |
37309 | + [RLIMIT_NICE] = "RLIMIT_NICE", | |
37310 | + [RLIMIT_RTPRIO] = "RLIMIT_RTPRIO", | |
37311 | + [RLIMIT_RTTIME] = "RLIMIT_RTTIME", | |
37312 | + [GR_CRASH_RES] = "RLIMIT_CRASH" | |
37313 | +}; | |
37314 | + | |
37315 | +void | |
37316 | +gr_log_resource(const struct task_struct *task, | |
37317 | + const int res, const unsigned long wanted, const int gt) | |
37318 | +{ | |
ae4e228f | 37319 | + const struct cred *cred; |
58c5fc13 MT |
37320 | + |
37321 | + if (!gr_acl_is_enabled() && !grsec_resource_logging) | |
37322 | + return; | |
37323 | + | |
37324 | + // not yet supported resource | |
37325 | + if (!restab_log[res]) | |
37326 | + return; | |
37327 | + | |
ae4e228f MT |
37328 | + rcu_read_lock(); |
37329 | + cred = __task_cred(task); | |
37330 | + | |
37331 | + if (res == RLIMIT_NPROC && | |
37332 | + (cap_raised(cred->cap_effective, CAP_SYS_ADMIN) || | |
37333 | + cap_raised(cred->cap_effective, CAP_SYS_RESOURCE))) | |
37334 | + goto out_rcu_unlock; | |
37335 | + else if (res == RLIMIT_MEMLOCK && | |
37336 | + cap_raised(cred->cap_effective, CAP_IPC_LOCK)) | |
37337 | + goto out_rcu_unlock; | |
37338 | + else if (res == RLIMIT_NICE && cap_raised(cred->cap_effective, CAP_SYS_NICE)) | |
37339 | + goto out_rcu_unlock; | |
37340 | + rcu_read_unlock(); | |
37341 | + | |
58c5fc13 MT |
37342 | + preempt_disable(); |
37343 | + | |
37344 | + if (unlikely(((gt && wanted > task->signal->rlim[res].rlim_cur) || | |
37345 | + (!gt && wanted >= task->signal->rlim[res].rlim_cur)) && | |
37346 | + task->signal->rlim[res].rlim_cur != RLIM_INFINITY)) | |
37347 | + gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], task->signal->rlim[res].rlim_cur); | |
37348 | + preempt_enable_no_resched(); | |
37349 | + | |
37350 | + return; | |
ae4e228f MT |
37351 | +out_rcu_unlock: |
37352 | + rcu_read_unlock(); | |
37353 | + return; | |
58c5fc13 | 37354 | +} |
ae4e228f MT |
37355 | diff -urNp linux-2.6.33.1/grsecurity/gracl_segv.c linux-2.6.33.1/grsecurity/gracl_segv.c |
37356 | --- linux-2.6.33.1/grsecurity/gracl_segv.c 1969-12-31 19:00:00.000000000 -0500 | |
37357 | +++ linux-2.6.33.1/grsecurity/gracl_segv.c 2010-03-20 16:58:41.892922620 -0400 | |
37358 | @@ -0,0 +1,310 @@ | |
58c5fc13 MT |
37359 | +#include <linux/kernel.h> |
37360 | +#include <linux/mm.h> | |
37361 | +#include <asm/uaccess.h> | |
37362 | +#include <asm/errno.h> | |
37363 | +#include <asm/mman.h> | |
37364 | +#include <net/sock.h> | |
37365 | +#include <linux/file.h> | |
37366 | +#include <linux/fs.h> | |
37367 | +#include <linux/net.h> | |
37368 | +#include <linux/in.h> | |
37369 | +#include <linux/smp_lock.h> | |
37370 | +#include <linux/slab.h> | |
37371 | +#include <linux/types.h> | |
37372 | +#include <linux/sched.h> | |
37373 | +#include <linux/timer.h> | |
37374 | +#include <linux/gracl.h> | |
37375 | +#include <linux/grsecurity.h> | |
37376 | +#include <linux/grinternal.h> | |
37377 | + | |
37378 | +static struct crash_uid *uid_set; | |
37379 | +static unsigned short uid_used; | |
37380 | +static DEFINE_SPINLOCK(gr_uid_lock); | |
37381 | +extern rwlock_t gr_inode_lock; | |
37382 | +extern struct acl_subject_label * | |
37383 | + lookup_acl_subj_label(const ino_t inode, const dev_t dev, | |
37384 | + struct acl_role_label *role); | |
37385 | +extern int specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t); | |
37386 | + | |
37387 | +int | |
37388 | +gr_init_uidset(void) | |
37389 | +{ | |
37390 | + uid_set = | |
37391 | + kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL); | |
37392 | + uid_used = 0; | |
37393 | + | |
37394 | + return uid_set ? 1 : 0; | |
37395 | +} | |
37396 | + | |
37397 | +void | |
37398 | +gr_free_uidset(void) | |
37399 | +{ | |
37400 | + if (uid_set) | |
37401 | + kfree(uid_set); | |
37402 | + | |
37403 | + return; | |
37404 | +} | |
37405 | + | |
37406 | +int | |
37407 | +gr_find_uid(const uid_t uid) | |
37408 | +{ | |
37409 | + struct crash_uid *tmp = uid_set; | |
37410 | + uid_t buid; | |
37411 | + int low = 0, high = uid_used - 1, mid; | |
37412 | + | |
37413 | + while (high >= low) { | |
37414 | + mid = (low + high) >> 1; | |
37415 | + buid = tmp[mid].uid; | |
37416 | + if (buid == uid) | |
37417 | + return mid; | |
37418 | + if (buid > uid) | |
37419 | + high = mid - 1; | |
37420 | + if (buid < uid) | |
37421 | + low = mid + 1; | |
37422 | + } | |
37423 | + | |
37424 | + return -1; | |
37425 | +} | |
37426 | + | |
37427 | +static __inline__ void | |
37428 | +gr_insertsort(void) | |
37429 | +{ | |
37430 | + unsigned short i, j; | |
37431 | + struct crash_uid index; | |
37432 | + | |
37433 | + for (i = 1; i < uid_used; i++) { | |
37434 | + index = uid_set[i]; | |
37435 | + j = i; | |
37436 | + while ((j > 0) && uid_set[j - 1].uid > index.uid) { | |
37437 | + uid_set[j] = uid_set[j - 1]; | |
37438 | + j--; | |
37439 | + } | |
37440 | + uid_set[j] = index; | |
37441 | + } | |
37442 | + | |
37443 | + return; | |
37444 | +} | |
37445 | + | |
37446 | +static __inline__ void | |
37447 | +gr_insert_uid(const uid_t uid, const unsigned long expires) | |
37448 | +{ | |
37449 | + int loc; | |
37450 | + | |
37451 | + if (uid_used == GR_UIDTABLE_MAX) | |
37452 | + return; | |
37453 | + | |
37454 | + loc = gr_find_uid(uid); | |
37455 | + | |
37456 | + if (loc >= 0) { | |
37457 | + uid_set[loc].expires = expires; | |
37458 | + return; | |
37459 | + } | |
37460 | + | |
37461 | + uid_set[uid_used].uid = uid; | |
37462 | + uid_set[uid_used].expires = expires; | |
37463 | + uid_used++; | |
37464 | + | |
37465 | + gr_insertsort(); | |
37466 | + | |
37467 | + return; | |
37468 | +} | |
37469 | + | |
37470 | +void | |
37471 | +gr_remove_uid(const unsigned short loc) | |
37472 | +{ | |
37473 | + unsigned short i; | |
37474 | + | |
37475 | + for (i = loc + 1; i < uid_used; i++) | |
37476 | + uid_set[i - 1] = uid_set[i]; | |
37477 | + | |
37478 | + uid_used--; | |
37479 | + | |
37480 | + return; | |
37481 | +} | |
37482 | + | |
37483 | +int | |
37484 | +gr_check_crash_uid(const uid_t uid) | |
37485 | +{ | |
37486 | + int loc; | |
37487 | + int ret = 0; | |
37488 | + | |
37489 | + if (unlikely(!gr_acl_is_enabled())) | |
37490 | + return 0; | |
37491 | + | |
37492 | + spin_lock(&gr_uid_lock); | |
37493 | + loc = gr_find_uid(uid); | |
37494 | + | |
37495 | + if (loc < 0) | |
37496 | + goto out_unlock; | |
37497 | + | |
37498 | + if (time_before_eq(uid_set[loc].expires, get_seconds())) | |
37499 | + gr_remove_uid(loc); | |
37500 | + else | |
37501 | + ret = 1; | |
37502 | + | |
37503 | +out_unlock: | |
37504 | + spin_unlock(&gr_uid_lock); | |
37505 | + return ret; | |
37506 | +} | |
37507 | + | |
37508 | +static __inline__ int | |
37509 | +proc_is_setxid(const struct cred *cred) | |
37510 | +{ | |
37511 | + if (cred->uid != cred->euid || cred->uid != cred->suid || | |
37512 | + cred->uid != cred->fsuid) | |
37513 | + return 1; | |
37514 | + if (cred->gid != cred->egid || cred->gid != cred->sgid || | |
37515 | + cred->gid != cred->fsgid) | |
37516 | + return 1; | |
37517 | + | |
37518 | + return 0; | |
37519 | +} | |
37520 | +static __inline__ int | |
37521 | +gr_fake_force_sig(int sig, struct task_struct *t) | |
37522 | +{ | |
37523 | + unsigned long int flags; | |
37524 | + int ret, blocked, ignored; | |
37525 | + struct k_sigaction *action; | |
37526 | + | |
37527 | + spin_lock_irqsave(&t->sighand->siglock, flags); | |
37528 | + action = &t->sighand->action[sig-1]; | |
37529 | + ignored = action->sa.sa_handler == SIG_IGN; | |
37530 | + blocked = sigismember(&t->blocked, sig); | |
37531 | + if (blocked || ignored) { | |
37532 | + action->sa.sa_handler = SIG_DFL; | |
37533 | + if (blocked) { | |
37534 | + sigdelset(&t->blocked, sig); | |
37535 | + recalc_sigpending_and_wake(t); | |
37536 | + } | |
37537 | + } | |
37538 | + if (action->sa.sa_handler == SIG_DFL) | |
37539 | + t->signal->flags &= ~SIGNAL_UNKILLABLE; | |
37540 | + ret = specific_send_sig_info(sig, SEND_SIG_PRIV, t); | |
37541 | + | |
37542 | + spin_unlock_irqrestore(&t->sighand->siglock, flags); | |
37543 | + | |
37544 | + return ret; | |
37545 | +} | |
37546 | + | |
37547 | +void | |
37548 | +gr_handle_crash(struct task_struct *task, const int sig) | |
37549 | +{ | |
37550 | + struct acl_subject_label *curr; | |
37551 | + struct acl_subject_label *curr2; | |
37552 | + struct task_struct *tsk, *tsk2; | |
ae4e228f | 37553 | + const struct cred *cred; |
58c5fc13 MT |
37554 | + const struct cred *cred2; |
37555 | + | |
37556 | + if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL) | |
37557 | + return; | |
37558 | + | |
37559 | + if (unlikely(!gr_acl_is_enabled())) | |
37560 | + return; | |
37561 | + | |
37562 | + curr = task->acl; | |
37563 | + | |
37564 | + if (!(curr->resmask & (1 << GR_CRASH_RES))) | |
37565 | + return; | |
37566 | + | |
37567 | + if (time_before_eq(curr->expires, get_seconds())) { | |
37568 | + curr->expires = 0; | |
37569 | + curr->crashes = 0; | |
37570 | + } | |
37571 | + | |
37572 | + curr->crashes++; | |
37573 | + | |
37574 | + if (!curr->expires) | |
37575 | + curr->expires = get_seconds() + curr->res[GR_CRASH_RES].rlim_max; | |
37576 | + | |
37577 | + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) && | |
37578 | + time_after(curr->expires, get_seconds())) { | |
ae4e228f MT |
37579 | + rcu_read_lock(); |
37580 | + cred = __task_cred(task); | |
58c5fc13 MT |
37581 | + if (cred->uid && proc_is_setxid(cred)) { |
37582 | + gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max); | |
37583 | + spin_lock(&gr_uid_lock); | |
37584 | + gr_insert_uid(cred->uid, curr->expires); | |
37585 | + spin_unlock(&gr_uid_lock); | |
37586 | + curr->expires = 0; | |
37587 | + curr->crashes = 0; | |
37588 | + read_lock(&tasklist_lock); | |
37589 | + do_each_thread(tsk2, tsk) { | |
37590 | + cred2 = __task_cred(tsk); | |
37591 | + if (tsk != task && cred2->uid == cred->uid) | |
37592 | + gr_fake_force_sig(SIGKILL, tsk); | |
37593 | + } while_each_thread(tsk2, tsk); | |
37594 | + read_unlock(&tasklist_lock); | |
37595 | + } else { | |
37596 | + gr_log_crash2(GR_DONT_AUDIT, GR_SEGVNOSUID_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max); | |
37597 | + read_lock(&tasklist_lock); | |
37598 | + do_each_thread(tsk2, tsk) { | |
37599 | + if (likely(tsk != task)) { | |
37600 | + curr2 = tsk->acl; | |
37601 | + | |
37602 | + if (curr2->device == curr->device && | |
37603 | + curr2->inode == curr->inode) | |
37604 | + gr_fake_force_sig(SIGKILL, tsk); | |
37605 | + } | |
37606 | + } while_each_thread(tsk2, tsk); | |
37607 | + read_unlock(&tasklist_lock); | |
37608 | + } | |
ae4e228f | 37609 | + rcu_read_unlock(); |
58c5fc13 MT |
37610 | + } |
37611 | + | |
37612 | + return; | |
37613 | +} | |
37614 | + | |
37615 | +int | |
37616 | +gr_check_crash_exec(const struct file *filp) | |
37617 | +{ | |
37618 | + struct acl_subject_label *curr; | |
37619 | + | |
37620 | + if (unlikely(!gr_acl_is_enabled())) | |
37621 | + return 0; | |
37622 | + | |
37623 | + read_lock(&gr_inode_lock); | |
37624 | + curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino, | |
37625 | + filp->f_path.dentry->d_inode->i_sb->s_dev, | |
37626 | + current->role); | |
37627 | + read_unlock(&gr_inode_lock); | |
37628 | + | |
37629 | + if (!curr || !(curr->resmask & (1 << GR_CRASH_RES)) || | |
37630 | + (!curr->crashes && !curr->expires)) | |
37631 | + return 0; | |
37632 | + | |
37633 | + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) && | |
37634 | + time_after(curr->expires, get_seconds())) | |
37635 | + return 1; | |
37636 | + else if (time_before_eq(curr->expires, get_seconds())) { | |
37637 | + curr->crashes = 0; | |
37638 | + curr->expires = 0; | |
37639 | + } | |
37640 | + | |
37641 | + return 0; | |
37642 | +} | |
37643 | + | |
37644 | +void | |
37645 | +gr_handle_alertkill(struct task_struct *task) | |
37646 | +{ | |
37647 | + struct acl_subject_label *curracl; | |
37648 | + __u32 curr_ip; | |
37649 | + struct task_struct *p, *p2; | |
37650 | + | |
37651 | + if (unlikely(!gr_acl_is_enabled())) | |
37652 | + return; | |
37653 | + | |
37654 | + curracl = task->acl; | |
37655 | + curr_ip = task->signal->curr_ip; | |
37656 | + | |
37657 | + if ((curracl->mode & GR_KILLIPPROC) && curr_ip) { | |
37658 | + read_lock(&tasklist_lock); | |
37659 | + do_each_thread(p2, p) { | |
37660 | + if (p->signal->curr_ip == curr_ip) | |
37661 | + gr_fake_force_sig(SIGKILL, p); | |
37662 | + } while_each_thread(p2, p); | |
37663 | + read_unlock(&tasklist_lock); | |
37664 | + } else if (curracl->mode & GR_KILLPROC) | |
37665 | + gr_fake_force_sig(SIGKILL, task); | |
37666 | + | |
37667 | + return; | |
37668 | +} | |
ae4e228f MT |
37669 | diff -urNp linux-2.6.33.1/grsecurity/gracl_shm.c linux-2.6.33.1/grsecurity/gracl_shm.c |
37670 | --- linux-2.6.33.1/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500 | |
37671 | +++ linux-2.6.33.1/grsecurity/gracl_shm.c 2010-03-20 16:58:41.892922620 -0400 | |
58c5fc13 MT |
37672 | @@ -0,0 +1,37 @@ |
37673 | +#include <linux/kernel.h> | |
37674 | +#include <linux/mm.h> | |
37675 | +#include <linux/sched.h> | |
37676 | +#include <linux/file.h> | |
37677 | +#include <linux/ipc.h> | |
37678 | +#include <linux/gracl.h> | |
37679 | +#include <linux/grsecurity.h> | |
37680 | +#include <linux/grinternal.h> | |
37681 | + | |
37682 | +int | |
37683 | +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
37684 | + const time_t shm_createtime, const uid_t cuid, const int shmid) | |
37685 | +{ | |
37686 | + struct task_struct *task; | |
37687 | + | |
37688 | + if (!gr_acl_is_enabled()) | |
37689 | + return 1; | |
37690 | + | |
37691 | + read_lock(&tasklist_lock); | |
37692 | + | |
37693 | + task = find_task_by_vpid(shm_cprid); | |
37694 | + | |
37695 | + if (unlikely(!task)) | |
37696 | + task = find_task_by_vpid(shm_lapid); | |
37697 | + | |
37698 | + if (unlikely(task && (time_before_eq((unsigned long)task->start_time.tv_sec, (unsigned long)shm_createtime) || | |
37699 | + (task->pid == shm_lapid)) && | |
37700 | + (task->acl->mode & GR_PROTSHM) && | |
37701 | + (task->acl != current->acl))) { | |
37702 | + read_unlock(&tasklist_lock); | |
37703 | + gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid); | |
37704 | + return 0; | |
37705 | + } | |
37706 | + read_unlock(&tasklist_lock); | |
37707 | + | |
37708 | + return 1; | |
37709 | +} | |
ae4e228f MT |
37710 | diff -urNp linux-2.6.33.1/grsecurity/grsec_chdir.c linux-2.6.33.1/grsecurity/grsec_chdir.c |
37711 | --- linux-2.6.33.1/grsecurity/grsec_chdir.c 1969-12-31 19:00:00.000000000 -0500 | |
37712 | +++ linux-2.6.33.1/grsecurity/grsec_chdir.c 2010-03-20 16:58:41.892922620 -0400 | |
58c5fc13 MT |
37713 | @@ -0,0 +1,19 @@ |
37714 | +#include <linux/kernel.h> | |
37715 | +#include <linux/sched.h> | |
37716 | +#include <linux/fs.h> | |
37717 | +#include <linux/file.h> | |
37718 | +#include <linux/grsecurity.h> | |
37719 | +#include <linux/grinternal.h> | |
37720 | + | |
37721 | +void | |
37722 | +gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt) | |
37723 | +{ | |
37724 | +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR | |
37725 | + if ((grsec_enable_chdir && grsec_enable_group && | |
37726 | + in_group_p(grsec_audit_gid)) || (grsec_enable_chdir && | |
37727 | + !grsec_enable_group)) { | |
37728 | + gr_log_fs_generic(GR_DO_AUDIT, GR_CHDIR_AUDIT_MSG, dentry, mnt); | |
37729 | + } | |
37730 | +#endif | |
37731 | + return; | |
37732 | +} | |
ae4e228f MT |
37733 | diff -urNp linux-2.6.33.1/grsecurity/grsec_chroot.c linux-2.6.33.1/grsecurity/grsec_chroot.c |
37734 | --- linux-2.6.33.1/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500 | |
37735 | +++ linux-2.6.33.1/grsecurity/grsec_chroot.c 2010-03-20 16:58:41.892922620 -0400 | |
58c5fc13 MT |
37736 | @@ -0,0 +1,348 @@ |
37737 | +#include <linux/kernel.h> | |
37738 | +#include <linux/module.h> | |
37739 | +#include <linux/sched.h> | |
37740 | +#include <linux/file.h> | |
37741 | +#include <linux/fs.h> | |
37742 | +#include <linux/mount.h> | |
37743 | +#include <linux/types.h> | |
37744 | +#include <linux/pid_namespace.h> | |
37745 | +#include <linux/grsecurity.h> | |
37746 | +#include <linux/grinternal.h> | |
37747 | + | |
37748 | +int | |
37749 | +gr_handle_chroot_unix(const pid_t pid) | |
37750 | +{ | |
37751 | +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX | |
37752 | + struct pid *spid = NULL; | |
37753 | + | |
37754 | + if (unlikely(!grsec_enable_chroot_unix)) | |
37755 | + return 1; | |
37756 | + | |
37757 | + if (likely(!proc_is_chrooted(current))) | |
37758 | + return 1; | |
37759 | + | |
37760 | + read_lock(&tasklist_lock); | |
37761 | + | |
37762 | + spid = find_vpid(pid); | |
37763 | + if (spid) { | |
37764 | + struct task_struct *p; | |
37765 | + p = pid_task(spid, PIDTYPE_PID); | |
ae4e228f | 37766 | + gr_fs_read_lock(p); |
58c5fc13 | 37767 | + if (unlikely(!have_same_root(current, p))) { |
ae4e228f | 37768 | + gr_fs_read_unlock(p); |
58c5fc13 MT |
37769 | + read_unlock(&tasklist_lock); |
37770 | + gr_log_noargs(GR_DONT_AUDIT, GR_UNIX_CHROOT_MSG); | |
37771 | + return 0; | |
37772 | + } | |
ae4e228f | 37773 | + gr_fs_read_unlock(p); |
58c5fc13 MT |
37774 | + } |
37775 | + read_unlock(&tasklist_lock); | |
37776 | +#endif | |
37777 | + return 1; | |
37778 | +} | |
37779 | + | |
37780 | +int | |
37781 | +gr_handle_chroot_nice(void) | |
37782 | +{ | |
37783 | +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE | |
37784 | + if (grsec_enable_chroot_nice && proc_is_chrooted(current)) { | |
37785 | + gr_log_noargs(GR_DONT_AUDIT, GR_NICE_CHROOT_MSG); | |
37786 | + return -EPERM; | |
37787 | + } | |
37788 | +#endif | |
37789 | + return 0; | |
37790 | +} | |
37791 | + | |
37792 | +int | |
37793 | +gr_handle_chroot_setpriority(struct task_struct *p, const int niceval) | |
37794 | +{ | |
37795 | +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE | |
37796 | + if (grsec_enable_chroot_nice && (niceval < task_nice(p)) | |
37797 | + && proc_is_chrooted(current)) { | |
37798 | + gr_log_str_int(GR_DONT_AUDIT, GR_PRIORITY_CHROOT_MSG, p->comm, p->pid); | |
37799 | + return -EACCES; | |
37800 | + } | |
37801 | +#endif | |
37802 | + return 0; | |
37803 | +} | |
37804 | + | |
37805 | +int | |
37806 | +gr_handle_chroot_rawio(const struct inode *inode) | |
37807 | +{ | |
37808 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
37809 | + if (grsec_enable_chroot_caps && proc_is_chrooted(current) && | |
37810 | + inode && S_ISBLK(inode->i_mode) && !capable(CAP_SYS_RAWIO)) | |
37811 | + return 1; | |
37812 | +#endif | |
37813 | + return 0; | |
37814 | +} | |
37815 | + | |
37816 | +int | |
37817 | +gr_pid_is_chrooted(struct task_struct *p) | |
37818 | +{ | |
37819 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK | |
37820 | + if (!grsec_enable_chroot_findtask || !proc_is_chrooted(current) || p == NULL) | |
37821 | + return 0; | |
37822 | + | |
ae4e228f | 37823 | + gr_fs_read_lock(p); |
58c5fc13 MT |
37824 | + if ((p->exit_state & (EXIT_ZOMBIE | EXIT_DEAD)) || |
37825 | + !have_same_root(current, p)) { | |
ae4e228f | 37826 | + gr_fs_read_unlock(p); |
58c5fc13 MT |
37827 | + return 1; |
37828 | + } | |
ae4e228f | 37829 | + gr_fs_read_unlock(p); |
58c5fc13 MT |
37830 | +#endif |
37831 | + return 0; | |
37832 | +} | |
37833 | + | |
37834 | +EXPORT_SYMBOL(gr_pid_is_chrooted); | |
37835 | + | |
37836 | +#if defined(CONFIG_GRKERNSEC_CHROOT_DOUBLE) || defined(CONFIG_GRKERNSEC_CHROOT_FCHDIR) | |
37837 | +int gr_is_outside_chroot(const struct dentry *u_dentry, const struct vfsmount *u_mnt) | |
37838 | +{ | |
37839 | + struct dentry *dentry = (struct dentry *)u_dentry; | |
37840 | + struct vfsmount *mnt = (struct vfsmount *)u_mnt; | |
37841 | + struct dentry *realroot; | |
37842 | + struct vfsmount *realrootmnt; | |
37843 | + struct dentry *currentroot; | |
37844 | + struct vfsmount *currentmnt; | |
37845 | + struct task_struct *reaper = &init_task; | |
37846 | + int ret = 1; | |
37847 | + | |
37848 | + read_lock(&reaper->fs->lock); | |
37849 | + realrootmnt = mntget(reaper->fs->root.mnt); | |
37850 | + realroot = dget(reaper->fs->root.dentry); | |
37851 | + read_unlock(&reaper->fs->lock); | |
37852 | + | |
37853 | + read_lock(¤t->fs->lock); | |
37854 | + currentmnt = mntget(current->fs->root.mnt); | |
37855 | + currentroot = dget(current->fs->root.dentry); | |
37856 | + read_unlock(¤t->fs->lock); | |
37857 | + | |
37858 | + spin_lock(&dcache_lock); | |
37859 | + for (;;) { | |
37860 | + if (unlikely((dentry == realroot && mnt == realrootmnt) | |
37861 | + || (dentry == currentroot && mnt == currentmnt))) | |
37862 | + break; | |
37863 | + if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) { | |
37864 | + if (mnt->mnt_parent == mnt) | |
37865 | + break; | |
37866 | + dentry = mnt->mnt_mountpoint; | |
37867 | + mnt = mnt->mnt_parent; | |
37868 | + continue; | |
37869 | + } | |
37870 | + dentry = dentry->d_parent; | |
37871 | + } | |
37872 | + spin_unlock(&dcache_lock); | |
37873 | + | |
37874 | + dput(currentroot); | |
37875 | + mntput(currentmnt); | |
37876 | + | |
37877 | + /* access is outside of chroot */ | |
37878 | + if (dentry == realroot && mnt == realrootmnt) | |
37879 | + ret = 0; | |
37880 | + | |
37881 | + dput(realroot); | |
37882 | + mntput(realrootmnt); | |
37883 | + return ret; | |
37884 | +} | |
37885 | +#endif | |
37886 | + | |
37887 | +int | |
37888 | +gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt) | |
37889 | +{ | |
37890 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR | |
37891 | + if (!grsec_enable_chroot_fchdir) | |
37892 | + return 1; | |
37893 | + | |
37894 | + if (!proc_is_chrooted(current)) | |
37895 | + return 1; | |
37896 | + else if (!gr_is_outside_chroot(u_dentry, u_mnt)) { | |
37897 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_FCHDIR_MSG, u_dentry, u_mnt); | |
37898 | + return 0; | |
37899 | + } | |
37900 | +#endif | |
37901 | + return 1; | |
37902 | +} | |
37903 | + | |
37904 | +int | |
37905 | +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
37906 | + const time_t shm_createtime) | |
37907 | +{ | |
37908 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT | |
37909 | + struct pid *pid = NULL; | |
37910 | + time_t starttime; | |
37911 | + | |
37912 | + if (unlikely(!grsec_enable_chroot_shmat)) | |
37913 | + return 1; | |
37914 | + | |
37915 | + if (likely(!proc_is_chrooted(current))) | |
37916 | + return 1; | |
37917 | + | |
37918 | + read_lock(&tasklist_lock); | |
37919 | + | |
37920 | + pid = find_vpid(shm_cprid); | |
37921 | + if (pid) { | |
37922 | + struct task_struct *p; | |
37923 | + p = pid_task(pid, PIDTYPE_PID); | |
ae4e228f | 37924 | + gr_fs_read_lock(p); |
58c5fc13 MT |
37925 | + starttime = p->start_time.tv_sec; |
37926 | + if (unlikely(!have_same_root(current, p) && | |
37927 | + time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime))) { | |
ae4e228f | 37928 | + gr_fs_read_unlock(p); |
58c5fc13 MT |
37929 | + read_unlock(&tasklist_lock); |
37930 | + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG); | |
37931 | + return 0; | |
37932 | + } | |
ae4e228f | 37933 | + gr_fs_read_unlock(p); |
58c5fc13 MT |
37934 | + } else { |
37935 | + pid = find_vpid(shm_lapid); | |
37936 | + if (pid) { | |
37937 | + struct task_struct *p; | |
37938 | + p = pid_task(pid, PIDTYPE_PID); | |
ae4e228f | 37939 | + gr_fs_read_lock(p); |
58c5fc13 | 37940 | + if (unlikely(!have_same_root(current, p))) { |
ae4e228f | 37941 | + gr_fs_read_unlock(p); |
58c5fc13 MT |
37942 | + read_unlock(&tasklist_lock); |
37943 | + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG); | |
37944 | + return 0; | |
37945 | + } | |
ae4e228f | 37946 | + gr_fs_read_unlock(p); |
58c5fc13 MT |
37947 | + } |
37948 | + } | |
37949 | + | |
37950 | + read_unlock(&tasklist_lock); | |
37951 | +#endif | |
37952 | + return 1; | |
37953 | +} | |
37954 | + | |
37955 | +void | |
37956 | +gr_log_chroot_exec(const struct dentry *dentry, const struct vfsmount *mnt) | |
37957 | +{ | |
37958 | +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG | |
37959 | + if (grsec_enable_chroot_execlog && proc_is_chrooted(current)) | |
37960 | + gr_log_fs_generic(GR_DO_AUDIT, GR_EXEC_CHROOT_MSG, dentry, mnt); | |
37961 | +#endif | |
37962 | + return; | |
37963 | +} | |
37964 | + | |
37965 | +int | |
37966 | +gr_handle_chroot_mknod(const struct dentry *dentry, | |
37967 | + const struct vfsmount *mnt, const int mode) | |
37968 | +{ | |
37969 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD | |
37970 | + if (grsec_enable_chroot_mknod && !S_ISFIFO(mode) && !S_ISREG(mode) && | |
37971 | + proc_is_chrooted(current)) { | |
37972 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_MKNOD_CHROOT_MSG, dentry, mnt); | |
37973 | + return -EPERM; | |
37974 | + } | |
37975 | +#endif | |
37976 | + return 0; | |
37977 | +} | |
37978 | + | |
37979 | +int | |
37980 | +gr_handle_chroot_mount(const struct dentry *dentry, | |
37981 | + const struct vfsmount *mnt, const char *dev_name) | |
37982 | +{ | |
37983 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT | |
37984 | + if (grsec_enable_chroot_mount && proc_is_chrooted(current)) { | |
37985 | + gr_log_str_fs(GR_DONT_AUDIT, GR_MOUNT_CHROOT_MSG, dev_name, dentry, mnt); | |
37986 | + return -EPERM; | |
37987 | + } | |
37988 | +#endif | |
37989 | + return 0; | |
37990 | +} | |
37991 | + | |
37992 | +int | |
37993 | +gr_handle_chroot_pivot(void) | |
37994 | +{ | |
37995 | +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT | |
37996 | + if (grsec_enable_chroot_pivot && proc_is_chrooted(current)) { | |
37997 | + gr_log_noargs(GR_DONT_AUDIT, GR_PIVOT_CHROOT_MSG); | |
37998 | + return -EPERM; | |
37999 | + } | |
38000 | +#endif | |
38001 | + return 0; | |
38002 | +} | |
38003 | + | |
38004 | +int | |
38005 | +gr_handle_chroot_chroot(const struct dentry *dentry, const struct vfsmount *mnt) | |
38006 | +{ | |
38007 | +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE | |
38008 | + if (grsec_enable_chroot_double && proc_is_chrooted(current) && | |
38009 | + !gr_is_outside_chroot(dentry, mnt)) { | |
38010 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_CHROOT_MSG, dentry, mnt); | |
38011 | + return -EPERM; | |
38012 | + } | |
38013 | +#endif | |
38014 | + return 0; | |
38015 | +} | |
38016 | + | |
38017 | +int | |
38018 | +gr_handle_chroot_caps(struct path *path) | |
38019 | +{ | |
38020 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
38021 | + if (grsec_enable_chroot_caps && current->pid > 1 && current->fs != NULL && | |
38022 | + (init_task.fs->root.dentry != path->dentry) && | |
38023 | + (current->nsproxy->mnt_ns->root->mnt_root != path->dentry)) { | |
38024 | + | |
38025 | + kernel_cap_t chroot_caps = GR_CHROOT_CAPS; | |
38026 | + const struct cred *old = current_cred(); | |
38027 | + struct cred *new = prepare_creds(); | |
38028 | + if (new == NULL) | |
38029 | + return 1; | |
38030 | + | |
38031 | + new->cap_permitted = cap_drop(old->cap_permitted, | |
38032 | + chroot_caps); | |
38033 | + new->cap_inheritable = cap_drop(old->cap_inheritable, | |
38034 | + chroot_caps); | |
38035 | + new->cap_effective = cap_drop(old->cap_effective, | |
38036 | + chroot_caps); | |
38037 | + | |
38038 | + commit_creds(new); | |
38039 | + | |
38040 | + return 0; | |
38041 | + } | |
38042 | +#endif | |
38043 | + return 0; | |
38044 | +} | |
38045 | + | |
38046 | +int | |
38047 | +gr_handle_chroot_sysctl(const int op) | |
38048 | +{ | |
38049 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL | |
ae4e228f MT |
38050 | + if (grsec_enable_chroot_sysctl && (op & MAY_WRITE) && |
38051 | + proc_is_chrooted(current)) | |
58c5fc13 MT |
38052 | + return -EACCES; |
38053 | +#endif | |
38054 | + return 0; | |
38055 | +} | |
38056 | + | |
38057 | +void | |
38058 | +gr_handle_chroot_chdir(struct path *path) | |
38059 | +{ | |
38060 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR | |
38061 | + if (grsec_enable_chroot_chdir) | |
38062 | + set_fs_pwd(current->fs, path); | |
38063 | +#endif | |
38064 | + return; | |
38065 | +} | |
38066 | + | |
38067 | +int | |
38068 | +gr_handle_chroot_chmod(const struct dentry *dentry, | |
38069 | + const struct vfsmount *mnt, const int mode) | |
38070 | +{ | |
38071 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD | |
38072 | + if (grsec_enable_chroot_chmod && | |
38073 | + ((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))) && | |
38074 | + proc_is_chrooted(current)) { | |
38075 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHMOD_CHROOT_MSG, dentry, mnt); | |
38076 | + return -EPERM; | |
38077 | + } | |
38078 | +#endif | |
38079 | + return 0; | |
38080 | +} | |
38081 | + | |
38082 | +#ifdef CONFIG_SECURITY | |
38083 | +EXPORT_SYMBOL(gr_handle_chroot_caps); | |
38084 | +#endif | |
ae4e228f MT |
38085 | diff -urNp linux-2.6.33.1/grsecurity/grsec_disabled.c linux-2.6.33.1/grsecurity/grsec_disabled.c |
38086 | --- linux-2.6.33.1/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500 | |
38087 | +++ linux-2.6.33.1/grsecurity/grsec_disabled.c 2010-03-20 16:58:41.892922620 -0400 | |
58c5fc13 MT |
38088 | @@ -0,0 +1,426 @@ |
38089 | +#include <linux/kernel.h> | |
38090 | +#include <linux/module.h> | |
38091 | +#include <linux/sched.h> | |
38092 | +#include <linux/file.h> | |
38093 | +#include <linux/fs.h> | |
38094 | +#include <linux/kdev_t.h> | |
38095 | +#include <linux/net.h> | |
38096 | +#include <linux/in.h> | |
38097 | +#include <linux/ip.h> | |
38098 | +#include <linux/skbuff.h> | |
38099 | +#include <linux/sysctl.h> | |
38100 | + | |
38101 | +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS | |
38102 | +void | |
38103 | +pax_set_initial_flags(struct linux_binprm *bprm) | |
38104 | +{ | |
38105 | + return; | |
38106 | +} | |
38107 | +#endif | |
38108 | + | |
38109 | +#ifdef CONFIG_SYSCTL | |
38110 | +__u32 | |
38111 | +gr_handle_sysctl(const struct ctl_table * table, const int op) | |
38112 | +{ | |
38113 | + return 0; | |
38114 | +} | |
38115 | +#endif | |
38116 | + | |
38117 | +#ifdef CONFIG_TASKSTATS | |
38118 | +int gr_is_taskstats_denied(int pid) | |
38119 | +{ | |
38120 | + return 0; | |
38121 | +} | |
38122 | +#endif | |
38123 | + | |
38124 | +int | |
38125 | +gr_acl_is_enabled(void) | |
38126 | +{ | |
38127 | + return 0; | |
38128 | +} | |
38129 | + | |
38130 | +int | |
38131 | +gr_handle_rawio(const struct inode *inode) | |
38132 | +{ | |
38133 | + return 0; | |
38134 | +} | |
38135 | + | |
38136 | +void | |
38137 | +gr_acl_handle_psacct(struct task_struct *task, const long code) | |
38138 | +{ | |
38139 | + return; | |
38140 | +} | |
38141 | + | |
38142 | +int | |
38143 | +gr_handle_ptrace(struct task_struct *task, const long request) | |
38144 | +{ | |
38145 | + return 0; | |
38146 | +} | |
38147 | + | |
38148 | +int | |
38149 | +gr_handle_proc_ptrace(struct task_struct *task) | |
38150 | +{ | |
38151 | + return 0; | |
38152 | +} | |
38153 | + | |
38154 | +void | |
38155 | +gr_learn_resource(const struct task_struct *task, | |
38156 | + const int res, const unsigned long wanted, const int gt) | |
38157 | +{ | |
38158 | + return; | |
38159 | +} | |
38160 | + | |
38161 | +int | |
38162 | +gr_set_acls(const int type) | |
38163 | +{ | |
38164 | + return 0; | |
38165 | +} | |
38166 | + | |
38167 | +int | |
38168 | +gr_check_hidden_task(const struct task_struct *tsk) | |
38169 | +{ | |
38170 | + return 0; | |
38171 | +} | |
38172 | + | |
38173 | +int | |
38174 | +gr_check_protected_task(const struct task_struct *task) | |
38175 | +{ | |
38176 | + return 0; | |
38177 | +} | |
38178 | + | |
38179 | +void | |
38180 | +gr_copy_label(struct task_struct *tsk) | |
38181 | +{ | |
38182 | + return; | |
38183 | +} | |
38184 | + | |
38185 | +void | |
38186 | +gr_set_pax_flags(struct task_struct *task) | |
38187 | +{ | |
38188 | + return; | |
38189 | +} | |
38190 | + | |
38191 | +int | |
38192 | +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt, | |
38193 | + const int unsafe_share) | |
38194 | +{ | |
38195 | + return 0; | |
38196 | +} | |
38197 | + | |
38198 | +void | |
38199 | +gr_handle_delete(const ino_t ino, const dev_t dev) | |
38200 | +{ | |
38201 | + return; | |
38202 | +} | |
38203 | + | |
38204 | +void | |
38205 | +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt) | |
38206 | +{ | |
38207 | + return; | |
38208 | +} | |
38209 | + | |
38210 | +void | |
38211 | +gr_handle_crash(struct task_struct *task, const int sig) | |
38212 | +{ | |
38213 | + return; | |
38214 | +} | |
38215 | + | |
38216 | +int | |
38217 | +gr_check_crash_exec(const struct file *filp) | |
38218 | +{ | |
38219 | + return 0; | |
38220 | +} | |
38221 | + | |
38222 | +int | |
38223 | +gr_check_crash_uid(const uid_t uid) | |
38224 | +{ | |
38225 | + return 0; | |
38226 | +} | |
38227 | + | |
38228 | +void | |
38229 | +gr_handle_rename(struct inode *old_dir, struct inode *new_dir, | |
38230 | + struct dentry *old_dentry, | |
38231 | + struct dentry *new_dentry, | |
38232 | + struct vfsmount *mnt, const __u8 replace) | |
38233 | +{ | |
38234 | + return; | |
38235 | +} | |
38236 | + | |
38237 | +int | |
38238 | +gr_search_socket(const int family, const int type, const int protocol) | |
38239 | +{ | |
38240 | + return 1; | |
38241 | +} | |
38242 | + | |
38243 | +int | |
38244 | +gr_search_connectbind(const int mode, const struct socket *sock, | |
38245 | + const struct sockaddr_in *addr) | |
38246 | +{ | |
38247 | + return 0; | |
38248 | +} | |
38249 | + | |
38250 | +int | |
38251 | +gr_is_capable(const int cap) | |
38252 | +{ | |
38253 | + return 1; | |
38254 | +} | |
38255 | + | |
38256 | +int | |
38257 | +gr_is_capable_nolog(const int cap) | |
38258 | +{ | |
38259 | + return 1; | |
38260 | +} | |
38261 | + | |
38262 | +void | |
38263 | +gr_handle_alertkill(struct task_struct *task) | |
38264 | +{ | |
38265 | + return; | |
38266 | +} | |
38267 | + | |
38268 | +__u32 | |
38269 | +gr_acl_handle_execve(const struct dentry * dentry, const struct vfsmount * mnt) | |
38270 | +{ | |
38271 | + return 1; | |
38272 | +} | |
38273 | + | |
38274 | +__u32 | |
38275 | +gr_acl_handle_hidden_file(const struct dentry * dentry, | |
38276 | + const struct vfsmount * mnt) | |
38277 | +{ | |
38278 | + return 1; | |
38279 | +} | |
38280 | + | |
38281 | +__u32 | |
38282 | +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt, | |
38283 | + const int fmode) | |
38284 | +{ | |
38285 | + return 1; | |
38286 | +} | |
38287 | + | |
38288 | +__u32 | |
38289 | +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt) | |
38290 | +{ | |
38291 | + return 1; | |
38292 | +} | |
38293 | + | |
38294 | +__u32 | |
38295 | +gr_acl_handle_unlink(const struct dentry * dentry, const struct vfsmount * mnt) | |
38296 | +{ | |
38297 | + return 1; | |
38298 | +} | |
38299 | + | |
38300 | +int | |
38301 | +gr_acl_handle_mmap(const struct file *file, const unsigned long prot, | |
38302 | + unsigned int *vm_flags) | |
38303 | +{ | |
38304 | + return 1; | |
38305 | +} | |
38306 | + | |
38307 | +__u32 | |
38308 | +gr_acl_handle_truncate(const struct dentry * dentry, | |
38309 | + const struct vfsmount * mnt) | |
38310 | +{ | |
38311 | + return 1; | |
38312 | +} | |
38313 | + | |
38314 | +__u32 | |
38315 | +gr_acl_handle_utime(const struct dentry * dentry, const struct vfsmount * mnt) | |
38316 | +{ | |
38317 | + return 1; | |
38318 | +} | |
38319 | + | |
38320 | +__u32 | |
38321 | +gr_acl_handle_access(const struct dentry * dentry, | |
38322 | + const struct vfsmount * mnt, const int fmode) | |
38323 | +{ | |
38324 | + return 1; | |
38325 | +} | |
38326 | + | |
38327 | +__u32 | |
38328 | +gr_acl_handle_fchmod(const struct dentry * dentry, const struct vfsmount * mnt, | |
38329 | + mode_t mode) | |
38330 | +{ | |
38331 | + return 1; | |
38332 | +} | |
38333 | + | |
38334 | +__u32 | |
38335 | +gr_acl_handle_chmod(const struct dentry * dentry, const struct vfsmount * mnt, | |
38336 | + mode_t mode) | |
38337 | +{ | |
38338 | + return 1; | |
38339 | +} | |
38340 | + | |
38341 | +__u32 | |
38342 | +gr_acl_handle_chown(const struct dentry * dentry, const struct vfsmount * mnt) | |
38343 | +{ | |
38344 | + return 1; | |
38345 | +} | |
38346 | + | |
38347 | +void | |
38348 | +grsecurity_init(void) | |
38349 | +{ | |
38350 | + return; | |
38351 | +} | |
38352 | + | |
38353 | +__u32 | |
38354 | +gr_acl_handle_mknod(const struct dentry * new_dentry, | |
38355 | + const struct dentry * parent_dentry, | |
38356 | + const struct vfsmount * parent_mnt, | |
38357 | + const int mode) | |
38358 | +{ | |
38359 | + return 1; | |
38360 | +} | |
38361 | + | |
38362 | +__u32 | |
38363 | +gr_acl_handle_mkdir(const struct dentry * new_dentry, | |
38364 | + const struct dentry * parent_dentry, | |
38365 | + const struct vfsmount * parent_mnt) | |
38366 | +{ | |
38367 | + return 1; | |
38368 | +} | |
38369 | + | |
38370 | +__u32 | |
38371 | +gr_acl_handle_symlink(const struct dentry * new_dentry, | |
38372 | + const struct dentry * parent_dentry, | |
38373 | + const struct vfsmount * parent_mnt, const char *from) | |
38374 | +{ | |
38375 | + return 1; | |
38376 | +} | |
38377 | + | |
38378 | +__u32 | |
38379 | +gr_acl_handle_link(const struct dentry * new_dentry, | |
38380 | + const struct dentry * parent_dentry, | |
38381 | + const struct vfsmount * parent_mnt, | |
38382 | + const struct dentry * old_dentry, | |
38383 | + const struct vfsmount * old_mnt, const char *to) | |
38384 | +{ | |
38385 | + return 1; | |
38386 | +} | |
38387 | + | |
38388 | +int | |
38389 | +gr_acl_handle_rename(const struct dentry *new_dentry, | |
38390 | + const struct dentry *parent_dentry, | |
38391 | + const struct vfsmount *parent_mnt, | |
38392 | + const struct dentry *old_dentry, | |
38393 | + const struct inode *old_parent_inode, | |
38394 | + const struct vfsmount *old_mnt, const char *newname) | |
38395 | +{ | |
38396 | + return 0; | |
38397 | +} | |
38398 | + | |
38399 | +int | |
38400 | +gr_acl_handle_filldir(const struct file *file, const char *name, | |
38401 | + const int namelen, const ino_t ino) | |
38402 | +{ | |
38403 | + return 1; | |
38404 | +} | |
38405 | + | |
38406 | +int | |
38407 | +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
38408 | + const time_t shm_createtime, const uid_t cuid, const int shmid) | |
38409 | +{ | |
38410 | + return 1; | |
38411 | +} | |
38412 | + | |
38413 | +int | |
38414 | +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr) | |
38415 | +{ | |
38416 | + return 0; | |
38417 | +} | |
38418 | + | |
38419 | +int | |
38420 | +gr_search_accept(const struct socket *sock) | |
38421 | +{ | |
38422 | + return 0; | |
38423 | +} | |
38424 | + | |
38425 | +int | |
38426 | +gr_search_listen(const struct socket *sock) | |
38427 | +{ | |
38428 | + return 0; | |
38429 | +} | |
38430 | + | |
38431 | +int | |
38432 | +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr) | |
38433 | +{ | |
38434 | + return 0; | |
38435 | +} | |
38436 | + | |
38437 | +__u32 | |
38438 | +gr_acl_handle_unix(const struct dentry * dentry, const struct vfsmount * mnt) | |
38439 | +{ | |
38440 | + return 1; | |
38441 | +} | |
38442 | + | |
38443 | +__u32 | |
38444 | +gr_acl_handle_creat(const struct dentry * dentry, | |
38445 | + const struct dentry * p_dentry, | |
38446 | + const struct vfsmount * p_mnt, const int fmode, | |
38447 | + const int imode) | |
38448 | +{ | |
38449 | + return 1; | |
38450 | +} | |
38451 | + | |
38452 | +void | |
38453 | +gr_acl_handle_exit(void) | |
38454 | +{ | |
38455 | + return; | |
38456 | +} | |
38457 | + | |
38458 | +int | |
38459 | +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot) | |
38460 | +{ | |
38461 | + return 1; | |
38462 | +} | |
38463 | + | |
38464 | +void | |
38465 | +gr_set_role_label(const uid_t uid, const gid_t gid) | |
38466 | +{ | |
38467 | + return; | |
38468 | +} | |
38469 | + | |
38470 | +int | |
38471 | +gr_acl_handle_procpidmem(const struct task_struct *task) | |
38472 | +{ | |
38473 | + return 0; | |
38474 | +} | |
38475 | + | |
38476 | +int | |
38477 | +gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb) | |
38478 | +{ | |
38479 | + return 0; | |
38480 | +} | |
38481 | + | |
38482 | +int | |
38483 | +gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr) | |
38484 | +{ | |
38485 | + return 0; | |
38486 | +} | |
38487 | + | |
38488 | +void | |
38489 | +gr_set_kernel_label(struct task_struct *task) | |
38490 | +{ | |
38491 | + return; | |
38492 | +} | |
38493 | + | |
38494 | +int | |
38495 | +gr_check_user_change(int real, int effective, int fs) | |
38496 | +{ | |
38497 | + return 0; | |
38498 | +} | |
38499 | + | |
38500 | +int | |
38501 | +gr_check_group_change(int real, int effective, int fs) | |
38502 | +{ | |
38503 | + return 0; | |
38504 | +} | |
38505 | + | |
38506 | + | |
38507 | +EXPORT_SYMBOL(gr_is_capable); | |
38508 | +EXPORT_SYMBOL(gr_is_capable_nolog); | |
38509 | +EXPORT_SYMBOL(gr_learn_resource); | |
38510 | +EXPORT_SYMBOL(gr_set_kernel_label); | |
38511 | +#ifdef CONFIG_SECURITY | |
38512 | +EXPORT_SYMBOL(gr_check_user_change); | |
38513 | +EXPORT_SYMBOL(gr_check_group_change); | |
38514 | +#endif | |
ae4e228f MT |
38515 | diff -urNp linux-2.6.33.1/grsecurity/grsec_exec.c linux-2.6.33.1/grsecurity/grsec_exec.c |
38516 | --- linux-2.6.33.1/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500 | |
38517 | +++ linux-2.6.33.1/grsecurity/grsec_exec.c 2010-03-20 16:58:41.892922620 -0400 | |
58c5fc13 MT |
38518 | @@ -0,0 +1,89 @@ |
38519 | +#include <linux/kernel.h> | |
38520 | +#include <linux/sched.h> | |
38521 | +#include <linux/file.h> | |
38522 | +#include <linux/binfmts.h> | |
38523 | +#include <linux/smp_lock.h> | |
38524 | +#include <linux/fs.h> | |
38525 | +#include <linux/types.h> | |
38526 | +#include <linux/grdefs.h> | |
38527 | +#include <linux/grinternal.h> | |
38528 | +#include <linux/capability.h> | |
38529 | + | |
38530 | +#include <asm/uaccess.h> | |
38531 | + | |
38532 | +#ifdef CONFIG_GRKERNSEC_EXECLOG | |
38533 | +static char gr_exec_arg_buf[132]; | |
38534 | +static DECLARE_MUTEX(gr_exec_arg_sem); | |
38535 | +#endif | |
38536 | + | |
38537 | +int | |
38538 | +gr_handle_nproc(void) | |
38539 | +{ | |
38540 | +#ifdef CONFIG_GRKERNSEC_EXECVE | |
38541 | + const struct cred *cred = current_cred(); | |
38542 | + if (grsec_enable_execve && cred->user && | |
38543 | + (atomic_read(&cred->user->processes) > | |
38544 | + current->signal->rlim[RLIMIT_NPROC].rlim_cur) && | |
38545 | + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) { | |
38546 | + gr_log_noargs(GR_DONT_AUDIT, GR_NPROC_MSG); | |
38547 | + return -EAGAIN; | |
38548 | + } | |
38549 | +#endif | |
38550 | + return 0; | |
38551 | +} | |
38552 | + | |
38553 | +void | |
38554 | +gr_handle_exec_args(struct linux_binprm *bprm, const char __user *__user *argv) | |
38555 | +{ | |
38556 | +#ifdef CONFIG_GRKERNSEC_EXECLOG | |
38557 | + char *grarg = gr_exec_arg_buf; | |
38558 | + unsigned int i, x, execlen = 0; | |
38559 | + char c; | |
38560 | + | |
38561 | + if (!((grsec_enable_execlog && grsec_enable_group && | |
38562 | + in_group_p(grsec_audit_gid)) | |
38563 | + || (grsec_enable_execlog && !grsec_enable_group))) | |
38564 | + return; | |
38565 | + | |
38566 | + down(&gr_exec_arg_sem); | |
38567 | + memset(grarg, 0, sizeof(gr_exec_arg_buf)); | |
38568 | + | |
38569 | + if (unlikely(argv == NULL)) | |
38570 | + goto log; | |
38571 | + | |
38572 | + for (i = 0; i < bprm->argc && execlen < 128; i++) { | |
38573 | + const char __user *p; | |
38574 | + unsigned int len; | |
38575 | + | |
38576 | + if (copy_from_user(&p, argv + i, sizeof(p))) | |
38577 | + goto log; | |
38578 | + if (!p) | |
38579 | + goto log; | |
38580 | + len = strnlen_user(p, 128 - execlen); | |
38581 | + if (len > 128 - execlen) | |
38582 | + len = 128 - execlen; | |
38583 | + else if (len > 0) | |
38584 | + len--; | |
38585 | + if (copy_from_user(grarg + execlen, p, len)) | |
38586 | + goto log; | |
38587 | + | |
38588 | + /* rewrite unprintable characters */ | |
38589 | + for (x = 0; x < len; x++) { | |
38590 | + c = *(grarg + execlen + x); | |
38591 | + if (c < 32 || c > 126) | |
38592 | + *(grarg + execlen + x) = ' '; | |
38593 | + } | |
38594 | + | |
38595 | + execlen += len; | |
38596 | + *(grarg + execlen) = ' '; | |
38597 | + *(grarg + execlen + 1) = '\0'; | |
38598 | + execlen++; | |
38599 | + } | |
38600 | + | |
38601 | + log: | |
38602 | + gr_log_fs_str(GR_DO_AUDIT, GR_EXEC_AUDIT_MSG, bprm->file->f_path.dentry, | |
38603 | + bprm->file->f_path.mnt, grarg); | |
38604 | + up(&gr_exec_arg_sem); | |
38605 | +#endif | |
38606 | + return; | |
38607 | +} | |
ae4e228f MT |
38608 | diff -urNp linux-2.6.33.1/grsecurity/grsec_fifo.c linux-2.6.33.1/grsecurity/grsec_fifo.c |
38609 | --- linux-2.6.33.1/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000 -0500 | |
38610 | +++ linux-2.6.33.1/grsecurity/grsec_fifo.c 2010-03-20 16:58:41.892922620 -0400 | |
58c5fc13 MT |
38611 | @@ -0,0 +1,24 @@ |
38612 | +#include <linux/kernel.h> | |
38613 | +#include <linux/sched.h> | |
38614 | +#include <linux/fs.h> | |
38615 | +#include <linux/file.h> | |
38616 | +#include <linux/grinternal.h> | |
38617 | + | |
38618 | +int | |
38619 | +gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt, | |
38620 | + const struct dentry *dir, const int flag, const int acc_mode) | |
38621 | +{ | |
38622 | +#ifdef CONFIG_GRKERNSEC_FIFO | |
38623 | + const struct cred *cred = current_cred(); | |
38624 | + | |
38625 | + if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) && | |
38626 | + !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) && | |
38627 | + (dentry->d_inode->i_uid != dir->d_inode->i_uid) && | |
38628 | + (cred->fsuid != dentry->d_inode->i_uid)) { | |
38629 | + if (!generic_permission(dentry->d_inode, acc_mode, NULL)) | |
38630 | + gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, dentry->d_inode->i_uid, dentry->d_inode->i_gid); | |
38631 | + return -EACCES; | |
38632 | + } | |
38633 | +#endif | |
38634 | + return 0; | |
38635 | +} | |
ae4e228f MT |
38636 | diff -urNp linux-2.6.33.1/grsecurity/grsec_fork.c linux-2.6.33.1/grsecurity/grsec_fork.c |
38637 | --- linux-2.6.33.1/grsecurity/grsec_fork.c 1969-12-31 19:00:00.000000000 -0500 | |
38638 | +++ linux-2.6.33.1/grsecurity/grsec_fork.c 2010-03-20 16:58:41.892922620 -0400 | |
58c5fc13 MT |
38639 | @@ -0,0 +1,15 @@ |
38640 | +#include <linux/kernel.h> | |
38641 | +#include <linux/sched.h> | |
38642 | +#include <linux/grsecurity.h> | |
38643 | +#include <linux/grinternal.h> | |
38644 | +#include <linux/errno.h> | |
38645 | + | |
38646 | +void | |
38647 | +gr_log_forkfail(const int retval) | |
38648 | +{ | |
38649 | +#ifdef CONFIG_GRKERNSEC_FORKFAIL | |
38650 | + if (grsec_enable_forkfail && retval != -ERESTARTNOINTR) | |
38651 | + gr_log_int(GR_DONT_AUDIT, GR_FAILFORK_MSG, retval); | |
38652 | +#endif | |
38653 | + return; | |
38654 | +} | |
ae4e228f MT |
38655 | diff -urNp linux-2.6.33.1/grsecurity/grsec_init.c linux-2.6.33.1/grsecurity/grsec_init.c |
38656 | --- linux-2.6.33.1/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500 | |
38657 | +++ linux-2.6.33.1/grsecurity/grsec_init.c 2010-03-20 17:00:48.140865901 -0400 | |
38658 | @@ -0,0 +1,241 @@ | |
58c5fc13 MT |
38659 | +#include <linux/kernel.h> |
38660 | +#include <linux/sched.h> | |
38661 | +#include <linux/mm.h> | |
38662 | +#include <linux/smp_lock.h> | |
38663 | +#include <linux/gracl.h> | |
38664 | +#include <linux/slab.h> | |
38665 | +#include <linux/vmalloc.h> | |
38666 | +#include <linux/percpu.h> | |
38667 | + | |
38668 | +int grsec_enable_link; | |
38669 | +int grsec_enable_dmesg; | |
38670 | +int grsec_enable_harden_ptrace; | |
38671 | +int grsec_enable_fifo; | |
38672 | +int grsec_enable_execve; | |
38673 | +int grsec_enable_execlog; | |
38674 | +int grsec_enable_signal; | |
38675 | +int grsec_enable_forkfail; | |
ae4e228f | 38676 | +int grsec_enable_audit_ptrace; |
58c5fc13 MT |
38677 | +int grsec_enable_time; |
38678 | +int grsec_enable_audit_textrel; | |
38679 | +int grsec_enable_group; | |
38680 | +int grsec_audit_gid; | |
38681 | +int grsec_enable_chdir; | |
38682 | +int grsec_enable_mount; | |
ae4e228f | 38683 | +int grsec_enable_rofs; |
58c5fc13 MT |
38684 | +int grsec_enable_chroot_findtask; |
38685 | +int grsec_enable_chroot_mount; | |
38686 | +int grsec_enable_chroot_shmat; | |
38687 | +int grsec_enable_chroot_fchdir; | |
38688 | +int grsec_enable_chroot_double; | |
38689 | +int grsec_enable_chroot_pivot; | |
38690 | +int grsec_enable_chroot_chdir; | |
38691 | +int grsec_enable_chroot_chmod; | |
38692 | +int grsec_enable_chroot_mknod; | |
38693 | +int grsec_enable_chroot_nice; | |
38694 | +int grsec_enable_chroot_execlog; | |
38695 | +int grsec_enable_chroot_caps; | |
38696 | +int grsec_enable_chroot_sysctl; | |
38697 | +int grsec_enable_chroot_unix; | |
38698 | +int grsec_enable_tpe; | |
38699 | +int grsec_tpe_gid; | |
ae4e228f MT |
38700 | +int grsec_enable_blackhole; |
38701 | +int grsec_lastack_retries; | |
58c5fc13 MT |
38702 | +int grsec_enable_tpe_all; |
38703 | +int grsec_enable_socket_all; | |
38704 | +int grsec_socket_all_gid; | |
38705 | +int grsec_enable_socket_client; | |
38706 | +int grsec_socket_client_gid; | |
38707 | +int grsec_enable_socket_server; | |
38708 | +int grsec_socket_server_gid; | |
38709 | +int grsec_resource_logging; | |
38710 | +int grsec_lock; | |
38711 | + | |
38712 | +DEFINE_SPINLOCK(grsec_alert_lock); | |
38713 | +unsigned long grsec_alert_wtime = 0; | |
38714 | +unsigned long grsec_alert_fyet = 0; | |
38715 | + | |
38716 | +DEFINE_SPINLOCK(grsec_audit_lock); | |
38717 | + | |
38718 | +DEFINE_RWLOCK(grsec_exec_file_lock); | |
38719 | + | |
38720 | +char *gr_shared_page[4]; | |
38721 | + | |
38722 | +char *gr_alert_log_fmt; | |
38723 | +char *gr_audit_log_fmt; | |
38724 | +char *gr_alert_log_buf; | |
38725 | +char *gr_audit_log_buf; | |
38726 | + | |
38727 | +extern struct gr_arg *gr_usermode; | |
38728 | +extern unsigned char *gr_system_salt; | |
38729 | +extern unsigned char *gr_system_sum; | |
38730 | + | |
38731 | +void __init | |
38732 | +grsecurity_init(void) | |
38733 | +{ | |
38734 | + int j; | |
38735 | + /* create the per-cpu shared pages */ | |
38736 | + | |
38737 | +#ifdef CONFIG_X86 | |
38738 | + memset((char *)(0x41a + PAGE_OFFSET), 0, 36); | |
38739 | +#endif | |
38740 | + | |
38741 | + for (j = 0; j < 4; j++) { | |
38742 | + gr_shared_page[j] = (char *)__alloc_percpu(PAGE_SIZE, __alignof__(unsigned long long)); | |
38743 | + if (gr_shared_page[j] == NULL) { | |
38744 | + panic("Unable to allocate grsecurity shared page"); | |
38745 | + return; | |
38746 | + } | |
38747 | + } | |
38748 | + | |
38749 | + /* allocate log buffers */ | |
38750 | + gr_alert_log_fmt = kmalloc(512, GFP_KERNEL); | |
38751 | + if (!gr_alert_log_fmt) { | |
38752 | + panic("Unable to allocate grsecurity alert log format buffer"); | |
38753 | + return; | |
38754 | + } | |
38755 | + gr_audit_log_fmt = kmalloc(512, GFP_KERNEL); | |
38756 | + if (!gr_audit_log_fmt) { | |
38757 | + panic("Unable to allocate grsecurity audit log format buffer"); | |
38758 | + return; | |
38759 | + } | |
38760 | + gr_alert_log_buf = (char *) get_zeroed_page(GFP_KERNEL); | |
38761 | + if (!gr_alert_log_buf) { | |
38762 | + panic("Unable to allocate grsecurity alert log buffer"); | |
38763 | + return; | |
38764 | + } | |
38765 | + gr_audit_log_buf = (char *) get_zeroed_page(GFP_KERNEL); | |
38766 | + if (!gr_audit_log_buf) { | |
38767 | + panic("Unable to allocate grsecurity audit log buffer"); | |
38768 | + return; | |
38769 | + } | |
38770 | + | |
38771 | + /* allocate memory for authentication structure */ | |
38772 | + gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL); | |
38773 | + gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL); | |
38774 | + gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL); | |
38775 | + | |
38776 | + if (!gr_usermode || !gr_system_salt || !gr_system_sum) { | |
38777 | + panic("Unable to allocate grsecurity authentication structure"); | |
38778 | + return; | |
38779 | + } | |
38780 | + | |
38781 | +#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON) | |
38782 | +#ifndef CONFIG_GRKERNSEC_SYSCTL | |
38783 | + grsec_lock = 1; | |
38784 | +#endif | |
38785 | +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL | |
38786 | + grsec_enable_audit_textrel = 1; | |
38787 | +#endif | |
38788 | +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP | |
38789 | + grsec_enable_group = 1; | |
38790 | + grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID; | |
38791 | +#endif | |
38792 | +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR | |
38793 | + grsec_enable_chdir = 1; | |
38794 | +#endif | |
38795 | +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE | |
38796 | + grsec_enable_harden_ptrace = 1; | |
38797 | +#endif | |
38798 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
38799 | + grsec_enable_mount = 1; | |
38800 | +#endif | |
38801 | +#ifdef CONFIG_GRKERNSEC_LINK | |
38802 | + grsec_enable_link = 1; | |
38803 | +#endif | |
38804 | +#ifdef CONFIG_GRKERNSEC_DMESG | |
38805 | + grsec_enable_dmesg = 1; | |
38806 | +#endif | |
ae4e228f MT |
38807 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE |
38808 | + grsec_enable_blackhole = 1; | |
38809 | + grsec_lastack_retries = 4; | |
38810 | +#endif | |
58c5fc13 MT |
38811 | +#ifdef CONFIG_GRKERNSEC_FIFO |
38812 | + grsec_enable_fifo = 1; | |
38813 | +#endif | |
38814 | +#ifdef CONFIG_GRKERNSEC_EXECVE | |
38815 | + grsec_enable_execve = 1; | |
38816 | +#endif | |
38817 | +#ifdef CONFIG_GRKERNSEC_EXECLOG | |
38818 | + grsec_enable_execlog = 1; | |
38819 | +#endif | |
38820 | +#ifdef CONFIG_GRKERNSEC_SIGNAL | |
38821 | + grsec_enable_signal = 1; | |
38822 | +#endif | |
38823 | +#ifdef CONFIG_GRKERNSEC_FORKFAIL | |
38824 | + grsec_enable_forkfail = 1; | |
38825 | +#endif | |
38826 | +#ifdef CONFIG_GRKERNSEC_TIME | |
38827 | + grsec_enable_time = 1; | |
38828 | +#endif | |
38829 | +#ifdef CONFIG_GRKERNSEC_RESLOG | |
38830 | + grsec_resource_logging = 1; | |
38831 | +#endif | |
38832 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK | |
38833 | + grsec_enable_chroot_findtask = 1; | |
38834 | +#endif | |
38835 | +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX | |
38836 | + grsec_enable_chroot_unix = 1; | |
38837 | +#endif | |
38838 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT | |
38839 | + grsec_enable_chroot_mount = 1; | |
38840 | +#endif | |
38841 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR | |
38842 | + grsec_enable_chroot_fchdir = 1; | |
38843 | +#endif | |
38844 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT | |
38845 | + grsec_enable_chroot_shmat = 1; | |
38846 | +#endif | |
ae4e228f MT |
38847 | +#ifdef CONFIG_GRKERNSEC_AUDIT_PTRACE |
38848 | + grsec_enable_audit_ptrace = 1; | |
38849 | +#endif | |
58c5fc13 MT |
38850 | +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE |
38851 | + grsec_enable_chroot_double = 1; | |
38852 | +#endif | |
38853 | +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT | |
38854 | + grsec_enable_chroot_pivot = 1; | |
38855 | +#endif | |
38856 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR | |
38857 | + grsec_enable_chroot_chdir = 1; | |
38858 | +#endif | |
38859 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD | |
38860 | + grsec_enable_chroot_chmod = 1; | |
38861 | +#endif | |
38862 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD | |
38863 | + grsec_enable_chroot_mknod = 1; | |
38864 | +#endif | |
38865 | +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE | |
38866 | + grsec_enable_chroot_nice = 1; | |
38867 | +#endif | |
38868 | +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG | |
38869 | + grsec_enable_chroot_execlog = 1; | |
38870 | +#endif | |
38871 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
38872 | + grsec_enable_chroot_caps = 1; | |
38873 | +#endif | |
38874 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL | |
38875 | + grsec_enable_chroot_sysctl = 1; | |
38876 | +#endif | |
38877 | +#ifdef CONFIG_GRKERNSEC_TPE | |
38878 | + grsec_enable_tpe = 1; | |
38879 | + grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID; | |
38880 | +#ifdef CONFIG_GRKERNSEC_TPE_ALL | |
38881 | + grsec_enable_tpe_all = 1; | |
38882 | +#endif | |
38883 | +#endif | |
38884 | +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL | |
38885 | + grsec_enable_socket_all = 1; | |
38886 | + grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID; | |
38887 | +#endif | |
38888 | +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT | |
38889 | + grsec_enable_socket_client = 1; | |
38890 | + grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID; | |
38891 | +#endif | |
38892 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER | |
38893 | + grsec_enable_socket_server = 1; | |
38894 | + grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID; | |
38895 | +#endif | |
38896 | +#endif | |
38897 | + | |
38898 | + return; | |
38899 | +} | |
ae4e228f MT |
38900 | diff -urNp linux-2.6.33.1/grsecurity/grsec_link.c linux-2.6.33.1/grsecurity/grsec_link.c |
38901 | --- linux-2.6.33.1/grsecurity/grsec_link.c 1969-12-31 19:00:00.000000000 -0500 | |
38902 | +++ linux-2.6.33.1/grsecurity/grsec_link.c 2010-03-20 16:58:41.892922620 -0400 | |
58c5fc13 MT |
38903 | @@ -0,0 +1,43 @@ |
38904 | +#include <linux/kernel.h> | |
38905 | +#include <linux/sched.h> | |
38906 | +#include <linux/fs.h> | |
38907 | +#include <linux/file.h> | |
38908 | +#include <linux/grinternal.h> | |
38909 | + | |
38910 | +int | |
38911 | +gr_handle_follow_link(const struct inode *parent, | |
38912 | + const struct inode *inode, | |
38913 | + const struct dentry *dentry, const struct vfsmount *mnt) | |
38914 | +{ | |
38915 | +#ifdef CONFIG_GRKERNSEC_LINK | |
38916 | + const struct cred *cred = current_cred(); | |
38917 | + | |
38918 | + if (grsec_enable_link && S_ISLNK(inode->i_mode) && | |
38919 | + (parent->i_mode & S_ISVTX) && (parent->i_uid != inode->i_uid) && | |
38920 | + (parent->i_mode & S_IWOTH) && (cred->fsuid != inode->i_uid)) { | |
38921 | + gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid); | |
38922 | + return -EACCES; | |
38923 | + } | |
38924 | +#endif | |
38925 | + return 0; | |
38926 | +} | |
38927 | + | |
38928 | +int | |
38929 | +gr_handle_hardlink(const struct dentry *dentry, | |
38930 | + const struct vfsmount *mnt, | |
38931 | + struct inode *inode, const int mode, const char *to) | |
38932 | +{ | |
38933 | +#ifdef CONFIG_GRKERNSEC_LINK | |
38934 | + const struct cred *cred = current_cred(); | |
38935 | + | |
38936 | + if (grsec_enable_link && cred->fsuid != inode->i_uid && | |
38937 | + (!S_ISREG(mode) || (mode & S_ISUID) || | |
38938 | + ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) || | |
38939 | + (generic_permission(inode, MAY_READ | MAY_WRITE, NULL))) && | |
38940 | + !capable(CAP_FOWNER) && cred->uid) { | |
38941 | + gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid, to); | |
38942 | + return -EPERM; | |
38943 | + } | |
38944 | +#endif | |
38945 | + return 0; | |
38946 | +} | |
ae4e228f MT |
38947 | diff -urNp linux-2.6.33.1/grsecurity/grsec_log.c linux-2.6.33.1/grsecurity/grsec_log.c |
38948 | --- linux-2.6.33.1/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500 | |
38949 | +++ linux-2.6.33.1/grsecurity/grsec_log.c 2010-03-20 16:58:41.892922620 -0400 | |
38950 | @@ -0,0 +1,296 @@ | |
58c5fc13 MT |
38951 | +#include <linux/kernel.h> |
38952 | +#include <linux/sched.h> | |
38953 | +#include <linux/file.h> | |
38954 | +#include <linux/tty.h> | |
38955 | +#include <linux/fs.h> | |
38956 | +#include <linux/grinternal.h> | |
38957 | + | |
38958 | +#define BEGIN_LOCKS(x) \ | |
ae4e228f | 38959 | + rcu_read_lock(); \ |
58c5fc13 MT |
38960 | + read_lock(&tasklist_lock); \ |
38961 | + read_lock(&grsec_exec_file_lock); \ | |
38962 | + if (x != GR_DO_AUDIT) \ | |
38963 | + spin_lock(&grsec_alert_lock); \ | |
38964 | + else \ | |
38965 | + spin_lock(&grsec_audit_lock) | |
38966 | + | |
38967 | +#define END_LOCKS(x) \ | |
38968 | + if (x != GR_DO_AUDIT) \ | |
38969 | + spin_unlock(&grsec_alert_lock); \ | |
38970 | + else \ | |
38971 | + spin_unlock(&grsec_audit_lock); \ | |
38972 | + read_unlock(&grsec_exec_file_lock); \ | |
38973 | + read_unlock(&tasklist_lock); \ | |
ae4e228f | 38974 | + rcu_read_unlock(); \ |
58c5fc13 MT |
38975 | + if (x == GR_DONT_AUDIT) \ |
38976 | + gr_handle_alertkill(current) | |
38977 | + | |
38978 | +enum { | |
38979 | + FLOODING, | |
38980 | + NO_FLOODING | |
38981 | +}; | |
38982 | + | |
38983 | +extern char *gr_alert_log_fmt; | |
38984 | +extern char *gr_audit_log_fmt; | |
38985 | +extern char *gr_alert_log_buf; | |
38986 | +extern char *gr_audit_log_buf; | |
38987 | + | |
38988 | +static int gr_log_start(int audit) | |
38989 | +{ | |
38990 | + char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT; | |
38991 | + char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt; | |
38992 | + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf; | |
38993 | + | |
38994 | + if (audit == GR_DO_AUDIT) | |
38995 | + goto set_fmt; | |
38996 | + | |
38997 | + if (!grsec_alert_wtime || jiffies - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) { | |
38998 | + grsec_alert_wtime = jiffies; | |
38999 | + grsec_alert_fyet = 0; | |
39000 | + } else if ((jiffies - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { | |
39001 | + grsec_alert_fyet++; | |
39002 | + } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { | |
39003 | + grsec_alert_wtime = jiffies; | |
39004 | + grsec_alert_fyet++; | |
39005 | + printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); | |
39006 | + return FLOODING; | |
39007 | + } else return FLOODING; | |
39008 | + | |
39009 | +set_fmt: | |
39010 | + memset(buf, 0, PAGE_SIZE); | |
39011 | + if (current->signal->curr_ip && gr_acl_is_enabled()) { | |
ae4e228f MT |
39012 | + sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) "); |
39013 | + snprintf(buf, PAGE_SIZE - 1, fmt, ¤t->signal->curr_ip, current->role->rolename, gr_roletype_to_char(), current->acl->filename); | |
58c5fc13 | 39014 | + } else if (current->signal->curr_ip) { |
ae4e228f MT |
39015 | + sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: "); |
39016 | + snprintf(buf, PAGE_SIZE - 1, fmt, ¤t->signal->curr_ip); | |
58c5fc13 MT |
39017 | + } else if (gr_acl_is_enabled()) { |
39018 | + sprintf(fmt, "%s%s", loglevel, "grsec: (%.64s:%c:%.950s) "); | |
39019 | + snprintf(buf, PAGE_SIZE - 1, fmt, current->role->rolename, gr_roletype_to_char(), current->acl->filename); | |
39020 | + } else { | |
39021 | + sprintf(fmt, "%s%s", loglevel, "grsec: "); | |
39022 | + strcpy(buf, fmt); | |
39023 | + } | |
39024 | + | |
39025 | + return NO_FLOODING; | |
39026 | +} | |
39027 | + | |
39028 | +static void gr_log_middle(int audit, const char *msg, va_list ap) | |
39029 | + __attribute__ ((format (printf, 2, 0))); | |
39030 | + | |
39031 | +static void gr_log_middle(int audit, const char *msg, va_list ap) | |
39032 | +{ | |
39033 | + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf; | |
39034 | + unsigned int len = strlen(buf); | |
39035 | + | |
39036 | + vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap); | |
39037 | + | |
39038 | + return; | |
39039 | +} | |
39040 | + | |
39041 | +static void gr_log_middle_varargs(int audit, const char *msg, ...) | |
39042 | + __attribute__ ((format (printf, 2, 3))); | |
39043 | + | |
39044 | +static void gr_log_middle_varargs(int audit, const char *msg, ...) | |
39045 | +{ | |
39046 | + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf; | |
39047 | + unsigned int len = strlen(buf); | |
39048 | + va_list ap; | |
39049 | + | |
39050 | + va_start(ap, msg); | |
39051 | + vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap); | |
39052 | + va_end(ap); | |
39053 | + | |
39054 | + return; | |
39055 | +} | |
39056 | + | |
39057 | +static void gr_log_end(int audit) | |
39058 | +{ | |
39059 | + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf; | |
39060 | + unsigned int len = strlen(buf); | |
39061 | + | |
39062 | + snprintf(buf + len, PAGE_SIZE - len - 1, DEFAULTSECMSG, DEFAULTSECARGS(current, current_cred(), __task_cred(current->parent))); | |
39063 | + printk("%s\n", buf); | |
39064 | + | |
39065 | + return; | |
39066 | +} | |
39067 | + | |
39068 | +void gr_log_varargs(int audit, const char *msg, int argtypes, ...) | |
39069 | +{ | |
39070 | + int logtype; | |
39071 | + char *result = (audit == GR_DO_AUDIT) ? "successful" : "denied"; | |
39072 | + char *str1, *str2, *str3; | |
39073 | + void *voidptr; | |
39074 | + int num1, num2; | |
39075 | + unsigned long ulong1, ulong2; | |
39076 | + struct dentry *dentry; | |
39077 | + struct vfsmount *mnt; | |
39078 | + struct file *file; | |
39079 | + struct task_struct *task; | |
39080 | + const struct cred *cred, *pcred; | |
39081 | + va_list ap; | |
39082 | + | |
39083 | + BEGIN_LOCKS(audit); | |
39084 | + logtype = gr_log_start(audit); | |
39085 | + if (logtype == FLOODING) { | |
39086 | + END_LOCKS(audit); | |
39087 | + return; | |
39088 | + } | |
39089 | + va_start(ap, argtypes); | |
39090 | + switch (argtypes) { | |
39091 | + case GR_TTYSNIFF: | |
39092 | + task = va_arg(ap, struct task_struct *); | |
ae4e228f | 39093 | + gr_log_middle_varargs(audit, msg, &task->signal->curr_ip, gr_task_fullpath0(task), task->comm, task->pid, gr_parent_task_fullpath0(task), task->parent->comm, task->parent->pid); |
58c5fc13 MT |
39094 | + break; |
39095 | + case GR_SYSCTL_HIDDEN: | |
39096 | + str1 = va_arg(ap, char *); | |
39097 | + gr_log_middle_varargs(audit, msg, result, str1); | |
39098 | + break; | |
39099 | + case GR_RBAC: | |
39100 | + dentry = va_arg(ap, struct dentry *); | |
39101 | + mnt = va_arg(ap, struct vfsmount *); | |
39102 | + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt)); | |
39103 | + break; | |
39104 | + case GR_RBAC_STR: | |
39105 | + dentry = va_arg(ap, struct dentry *); | |
39106 | + mnt = va_arg(ap, struct vfsmount *); | |
39107 | + str1 = va_arg(ap, char *); | |
39108 | + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1); | |
39109 | + break; | |
39110 | + case GR_STR_RBAC: | |
39111 | + str1 = va_arg(ap, char *); | |
39112 | + dentry = va_arg(ap, struct dentry *); | |
39113 | + mnt = va_arg(ap, struct vfsmount *); | |
39114 | + gr_log_middle_varargs(audit, msg, result, str1, gr_to_filename(dentry, mnt)); | |
39115 | + break; | |
39116 | + case GR_RBAC_MODE2: | |
39117 | + dentry = va_arg(ap, struct dentry *); | |
39118 | + mnt = va_arg(ap, struct vfsmount *); | |
39119 | + str1 = va_arg(ap, char *); | |
39120 | + str2 = va_arg(ap, char *); | |
39121 | + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2); | |
39122 | + break; | |
39123 | + case GR_RBAC_MODE3: | |
39124 | + dentry = va_arg(ap, struct dentry *); | |
39125 | + mnt = va_arg(ap, struct vfsmount *); | |
39126 | + str1 = va_arg(ap, char *); | |
39127 | + str2 = va_arg(ap, char *); | |
39128 | + str3 = va_arg(ap, char *); | |
39129 | + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2, str3); | |
39130 | + break; | |
39131 | + case GR_FILENAME: | |
39132 | + dentry = va_arg(ap, struct dentry *); | |
39133 | + mnt = va_arg(ap, struct vfsmount *); | |
39134 | + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt)); | |
39135 | + break; | |
39136 | + case GR_STR_FILENAME: | |
39137 | + str1 = va_arg(ap, char *); | |
39138 | + dentry = va_arg(ap, struct dentry *); | |
39139 | + mnt = va_arg(ap, struct vfsmount *); | |
39140 | + gr_log_middle_varargs(audit, msg, str1, gr_to_filename(dentry, mnt)); | |
39141 | + break; | |
39142 | + case GR_FILENAME_STR: | |
39143 | + dentry = va_arg(ap, struct dentry *); | |
39144 | + mnt = va_arg(ap, struct vfsmount *); | |
39145 | + str1 = va_arg(ap, char *); | |
39146 | + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), str1); | |
39147 | + break; | |
39148 | + case GR_FILENAME_TWO_INT: | |
39149 | + dentry = va_arg(ap, struct dentry *); | |
39150 | + mnt = va_arg(ap, struct vfsmount *); | |
39151 | + num1 = va_arg(ap, int); | |
39152 | + num2 = va_arg(ap, int); | |
39153 | + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2); | |
39154 | + break; | |
39155 | + case GR_FILENAME_TWO_INT_STR: | |
39156 | + dentry = va_arg(ap, struct dentry *); | |
39157 | + mnt = va_arg(ap, struct vfsmount *); | |
39158 | + num1 = va_arg(ap, int); | |
39159 | + num2 = va_arg(ap, int); | |
39160 | + str1 = va_arg(ap, char *); | |
39161 | + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2, str1); | |
39162 | + break; | |
39163 | + case GR_TEXTREL: | |
39164 | + file = va_arg(ap, struct file *); | |
39165 | + ulong1 = va_arg(ap, unsigned long); | |
39166 | + ulong2 = va_arg(ap, unsigned long); | |
39167 | + gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2); | |
39168 | + break; | |
39169 | + case GR_PTRACE: | |
39170 | + task = va_arg(ap, struct task_struct *); | |
39171 | + gr_log_middle_varargs(audit, msg, task->exec_file ? gr_to_filename(task->exec_file->f_path.dentry, task->exec_file->f_path.mnt) : "(none)", task->comm, task->pid); | |
39172 | + break; | |
39173 | + case GR_RESOURCE: | |
39174 | + task = va_arg(ap, struct task_struct *); | |
39175 | + cred = __task_cred(task); | |
39176 | + pcred = __task_cred(task->parent); | |
39177 | + ulong1 = va_arg(ap, unsigned long); | |
39178 | + str1 = va_arg(ap, char *); | |
39179 | + ulong2 = va_arg(ap, unsigned long); | |
39180 | + gr_log_middle_varargs(audit, msg, ulong1, str1, ulong2, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid); | |
39181 | + break; | |
39182 | + case GR_CAP: | |
39183 | + task = va_arg(ap, struct task_struct *); | |
39184 | + cred = __task_cred(task); | |
39185 | + pcred = __task_cred(task->parent); | |
39186 | + str1 = va_arg(ap, char *); | |
39187 | + gr_log_middle_varargs(audit, msg, str1, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid); | |
39188 | + break; | |
39189 | + case GR_SIG: | |
39190 | + str1 = va_arg(ap, char *); | |
39191 | + voidptr = va_arg(ap, void *); | |
39192 | + gr_log_middle_varargs(audit, msg, str1, voidptr); | |
39193 | + break; | |
39194 | + case GR_SIG2: | |
39195 | + task = va_arg(ap, struct task_struct *); | |
39196 | + cred = __task_cred(task); | |
39197 | + pcred = __task_cred(task->parent); | |
39198 | + num1 = va_arg(ap, int); | |
39199 | + gr_log_middle_varargs(audit, msg, num1, gr_task_fullpath0(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath0(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid); | |
39200 | + break; | |
39201 | + case GR_CRASH1: | |
39202 | + task = va_arg(ap, struct task_struct *); | |
39203 | + cred = __task_cred(task); | |
39204 | + pcred = __task_cred(task->parent); | |
39205 | + ulong1 = va_arg(ap, unsigned long); | |
39206 | + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, cred->uid, ulong1); | |
39207 | + break; | |
39208 | + case GR_CRASH2: | |
39209 | + task = va_arg(ap, struct task_struct *); | |
39210 | + cred = __task_cred(task); | |
39211 | + pcred = __task_cred(task->parent); | |
39212 | + ulong1 = va_arg(ap, unsigned long); | |
39213 | + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, ulong1); | |
39214 | + break; | |
39215 | + case GR_PSACCT: | |
39216 | + { | |
39217 | + unsigned int wday, cday; | |
39218 | + __u8 whr, chr; | |
39219 | + __u8 wmin, cmin; | |
39220 | + __u8 wsec, csec; | |
39221 | + char cur_tty[64] = { 0 }; | |
39222 | + char parent_tty[64] = { 0 }; | |
39223 | + | |
39224 | + task = va_arg(ap, struct task_struct *); | |
39225 | + wday = va_arg(ap, unsigned int); | |
39226 | + cday = va_arg(ap, unsigned int); | |
39227 | + whr = va_arg(ap, int); | |
39228 | + chr = va_arg(ap, int); | |
39229 | + wmin = va_arg(ap, int); | |
39230 | + cmin = va_arg(ap, int); | |
39231 | + wsec = va_arg(ap, int); | |
39232 | + csec = va_arg(ap, int); | |
39233 | + ulong1 = va_arg(ap, unsigned long); | |
39234 | + cred = __task_cred(task); | |
39235 | + pcred = __task_cred(task->parent); | |
39236 | + | |
ae4e228f | 39237 | + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, &task->signal->curr_ip, tty_name(task->signal->tty, cur_tty), cred->uid, cred->euid, cred->gid, cred->egid, wday, whr, wmin, wsec, cday, chr, cmin, csec, (task->flags & PF_SIGNALED) ? "killed by signal" : "exited", ulong1, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, &task->parent->signal->curr_ip, tty_name(task->parent->signal->tty, parent_tty), pcred->uid, pcred->euid, pcred->gid, pcred->egid); |
58c5fc13 MT |
39238 | + } |
39239 | + break; | |
39240 | + default: | |
39241 | + gr_log_middle(audit, msg, ap); | |
39242 | + } | |
39243 | + va_end(ap); | |
39244 | + gr_log_end(audit); | |
39245 | + END_LOCKS(audit); | |
39246 | +} | |
ae4e228f MT |
39247 | diff -urNp linux-2.6.33.1/grsecurity/grsec_mem.c linux-2.6.33.1/grsecurity/grsec_mem.c |
39248 | --- linux-2.6.33.1/grsecurity/grsec_mem.c 1969-12-31 19:00:00.000000000 -0500 | |
39249 | +++ linux-2.6.33.1/grsecurity/grsec_mem.c 2010-03-20 16:58:41.892922620 -0400 | |
39250 | @@ -0,0 +1,85 @@ | |
58c5fc13 MT |
39251 | +#include <linux/kernel.h> |
39252 | +#include <linux/sched.h> | |
39253 | +#include <linux/mm.h> | |
39254 | +#include <linux/mman.h> | |
39255 | +#include <linux/grinternal.h> | |
39256 | + | |
39257 | +void | |
39258 | +gr_handle_ioperm(void) | |
39259 | +{ | |
39260 | + gr_log_noargs(GR_DONT_AUDIT, GR_IOPERM_MSG); | |
39261 | + return; | |
39262 | +} | |
39263 | + | |
39264 | +void | |
39265 | +gr_handle_iopl(void) | |
39266 | +{ | |
39267 | + gr_log_noargs(GR_DONT_AUDIT, GR_IOPL_MSG); | |
39268 | + return; | |
39269 | +} | |
39270 | + | |
39271 | +void | |
39272 | +gr_handle_mem_write(void) | |
39273 | +{ | |
39274 | + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_WRITE_MSG); | |
39275 | + return; | |
39276 | +} | |
39277 | + | |
39278 | +void | |
39279 | +gr_handle_kmem_write(void) | |
39280 | +{ | |
39281 | + gr_log_noargs(GR_DONT_AUDIT, GR_KMEM_MSG); | |
39282 | + return; | |
39283 | +} | |
39284 | + | |
39285 | +void | |
39286 | +gr_handle_open_port(void) | |
39287 | +{ | |
39288 | + gr_log_noargs(GR_DONT_AUDIT, GR_PORT_OPEN_MSG); | |
39289 | + return; | |
39290 | +} | |
39291 | + | |
39292 | +int | |
39293 | +gr_handle_mem_mmap(const unsigned long offset, struct vm_area_struct *vma) | |
39294 | +{ | |
39295 | + unsigned long start, end; | |
39296 | + | |
39297 | + start = offset; | |
39298 | + end = start + vma->vm_end - vma->vm_start; | |
39299 | + | |
39300 | + if (start > end) { | |
39301 | + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG); | |
39302 | + return -EPERM; | |
39303 | + } | |
39304 | + | |
39305 | + /* allowed ranges : ISA I/O BIOS */ | |
39306 | + if ((start >= __pa(high_memory)) | |
39307 | +#if defined(CONFIG_X86) || defined(CONFIG_PPC) | |
39308 | + || (start >= 0x000a0000 && end <= 0x00100000) | |
39309 | + || (start >= 0x00000000 && end <= 0x00001000) | |
39310 | +#endif | |
39311 | + ) | |
39312 | + return 0; | |
39313 | + | |
39314 | + if (vma->vm_flags & VM_WRITE) { | |
39315 | + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG); | |
39316 | + return -EPERM; | |
39317 | + } else | |
39318 | + vma->vm_flags &= ~VM_MAYWRITE; | |
39319 | + | |
39320 | + return 0; | |
39321 | +} | |
39322 | + | |
39323 | +void | |
39324 | +gr_log_nonroot_mod_load(const char *modname) | |
39325 | +{ | |
39326 | + gr_log_str(GR_DONT_AUDIT, GR_NONROOT_MODLOAD_MSG, modname); | |
39327 | + return; | |
39328 | +} | |
39329 | + | |
ae4e228f MT |
39330 | +void |
39331 | +gr_handle_vm86(void) | |
39332 | +{ | |
39333 | + gr_log_noargs(GR_DONT_AUDIT, GR_VM86_MSG); | |
39334 | + return; | |
39335 | +} | |
39336 | diff -urNp linux-2.6.33.1/grsecurity/grsec_mount.c linux-2.6.33.1/grsecurity/grsec_mount.c | |
39337 | --- linux-2.6.33.1/grsecurity/grsec_mount.c 1969-12-31 19:00:00.000000000 -0500 | |
39338 | +++ linux-2.6.33.1/grsecurity/grsec_mount.c 2010-03-20 16:58:41.892922620 -0400 | |
39339 | @@ -0,0 +1,62 @@ | |
58c5fc13 MT |
39340 | +#include <linux/kernel.h> |
39341 | +#include <linux/sched.h> | |
ae4e228f | 39342 | +#include <linux/mount.h> |
58c5fc13 MT |
39343 | +#include <linux/grsecurity.h> |
39344 | +#include <linux/grinternal.h> | |
39345 | + | |
39346 | +void | |
39347 | +gr_log_remount(const char *devname, const int retval) | |
39348 | +{ | |
39349 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
39350 | + if (grsec_enable_mount && (retval >= 0)) | |
39351 | + gr_log_str(GR_DO_AUDIT, GR_REMOUNT_AUDIT_MSG, devname ? devname : "none"); | |
39352 | +#endif | |
39353 | + return; | |
39354 | +} | |
39355 | + | |
39356 | +void | |
39357 | +gr_log_unmount(const char *devname, const int retval) | |
39358 | +{ | |
39359 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
39360 | + if (grsec_enable_mount && (retval >= 0)) | |
39361 | + gr_log_str(GR_DO_AUDIT, GR_UNMOUNT_AUDIT_MSG, devname ? devname : "none"); | |
39362 | +#endif | |
39363 | + return; | |
39364 | +} | |
39365 | + | |
39366 | +void | |
39367 | +gr_log_mount(const char *from, const char *to, const int retval) | |
39368 | +{ | |
39369 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
39370 | + if (grsec_enable_mount && (retval >= 0)) | |
39371 | + gr_log_str_str(GR_DO_AUDIT, GR_MOUNT_AUDIT_MSG, from, to); | |
39372 | +#endif | |
39373 | + return; | |
39374 | +} | |
ae4e228f MT |
39375 | + |
39376 | +int | |
39377 | +gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags) | |
39378 | +{ | |
39379 | +#ifdef CONFIG_GRKERNSEC_ROFS | |
39380 | + if (grsec_enable_rofs && !(mnt_flags & MNT_READONLY)) { | |
39381 | + gr_log_fs_generic(GR_DO_AUDIT, GR_ROFS_MOUNT_MSG, dentry, mnt); | |
39382 | + return -EPERM; | |
39383 | + } else | |
39384 | + return 0; | |
39385 | +#endif | |
39386 | + return 0; | |
39387 | +} | |
39388 | + | |
39389 | +int | |
39390 | +gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode) | |
39391 | +{ | |
39392 | +#ifdef CONFIG_GRKERNSEC_ROFS | |
39393 | + if (grsec_enable_rofs && (acc_mode & MAY_WRITE) && | |
39394 | + dentry->d_inode && S_ISBLK(dentry->d_inode->i_mode)) { | |
39395 | + gr_log_fs_generic(GR_DO_AUDIT, GR_ROFS_BLOCKWRITE_MSG, dentry, mnt); | |
39396 | + return -EPERM; | |
39397 | + } else | |
39398 | + return 0; | |
39399 | +#endif | |
39400 | + return 0; | |
39401 | +} | |
39402 | diff -urNp linux-2.6.33.1/grsecurity/grsec_ptrace.c linux-2.6.33.1/grsecurity/grsec_ptrace.c | |
39403 | --- linux-2.6.33.1/grsecurity/grsec_ptrace.c 1969-12-31 19:00:00.000000000 -0500 | |
39404 | +++ linux-2.6.33.1/grsecurity/grsec_ptrace.c 2010-03-20 16:58:41.892922620 -0400 | |
39405 | @@ -0,0 +1,14 @@ | |
39406 | +#include <linux/kernel.h> | |
39407 | +#include <linux/sched.h> | |
39408 | +#include <linux/grinternal.h> | |
39409 | +#include <linux/grsecurity.h> | |
39410 | + | |
39411 | +void | |
39412 | +gr_audit_ptrace(struct task_struct *task) | |
39413 | +{ | |
39414 | +#ifdef CONFIG_GRKERNSEC_AUDIT_PTRACE | |
39415 | + if (grsec_enable_audit_ptrace) | |
39416 | + gr_log_ptrace(GR_DO_AUDIT, GR_PTRACE_AUDIT_MSG, task); | |
39417 | +#endif | |
39418 | + return; | |
39419 | +} | |
39420 | diff -urNp linux-2.6.33.1/grsecurity/grsec_sig.c linux-2.6.33.1/grsecurity/grsec_sig.c | |
39421 | --- linux-2.6.33.1/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000 -0500 | |
39422 | +++ linux-2.6.33.1/grsecurity/grsec_sig.c 2010-03-20 16:58:41.892922620 -0400 | |
58c5fc13 MT |
39423 | @@ -0,0 +1,65 @@ |
39424 | +#include <linux/kernel.h> | |
39425 | +#include <linux/sched.h> | |
39426 | +#include <linux/delay.h> | |
39427 | +#include <linux/grsecurity.h> | |
39428 | +#include <linux/grinternal.h> | |
39429 | + | |
39430 | +char *signames[] = { | |
39431 | + [SIGSEGV] = "Segmentation fault", | |
39432 | + [SIGILL] = "Illegal instruction", | |
39433 | + [SIGABRT] = "Abort", | |
39434 | + [SIGBUS] = "Invalid alignment/Bus error" | |
39435 | +}; | |
39436 | + | |
39437 | +void | |
39438 | +gr_log_signal(const int sig, const void *addr, const struct task_struct *t) | |
39439 | +{ | |
39440 | +#ifdef CONFIG_GRKERNSEC_SIGNAL | |
39441 | + if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) || | |
39442 | + (sig == SIGABRT) || (sig == SIGBUS))) { | |
39443 | + if (t->pid == current->pid) { | |
39444 | + gr_log_sig_addr(GR_DONT_AUDIT_GOOD, GR_UNISIGLOG_MSG, signames[sig], addr); | |
39445 | + } else { | |
39446 | + gr_log_sig_task(GR_DONT_AUDIT_GOOD, GR_DUALSIGLOG_MSG, t, sig); | |
39447 | + } | |
39448 | + } | |
39449 | +#endif | |
39450 | + return; | |
39451 | +} | |
39452 | + | |
39453 | +int | |
39454 | +gr_handle_signal(const struct task_struct *p, const int sig) | |
39455 | +{ | |
39456 | +#ifdef CONFIG_GRKERNSEC | |
39457 | + if (current->pid > 1 && gr_check_protected_task(p)) { | |
39458 | + gr_log_sig_task(GR_DONT_AUDIT, GR_SIG_ACL_MSG, p, sig); | |
39459 | + return -EPERM; | |
39460 | + } else if (gr_pid_is_chrooted((struct task_struct *)p)) { | |
39461 | + return -EPERM; | |
39462 | + } | |
39463 | +#endif | |
39464 | + return 0; | |
39465 | +} | |
39466 | + | |
39467 | +void gr_handle_brute_attach(struct task_struct *p) | |
39468 | +{ | |
39469 | +#ifdef CONFIG_GRKERNSEC_BRUTE | |
39470 | + read_lock(&tasklist_lock); | |
39471 | + read_lock(&grsec_exec_file_lock); | |
39472 | + if (p->parent && p->parent->exec_file == p->exec_file) | |
39473 | + p->parent->brute = 1; | |
39474 | + read_unlock(&grsec_exec_file_lock); | |
39475 | + read_unlock(&tasklist_lock); | |
39476 | +#endif | |
39477 | + return; | |
39478 | +} | |
39479 | + | |
39480 | +void gr_handle_brute_check(void) | |
39481 | +{ | |
39482 | +#ifdef CONFIG_GRKERNSEC_BRUTE | |
39483 | + if (current->brute) | |
39484 | + msleep(30 * 1000); | |
39485 | +#endif | |
39486 | + return; | |
39487 | +} | |
39488 | + | |
ae4e228f MT |
39489 | diff -urNp linux-2.6.33.1/grsecurity/grsec_sock.c linux-2.6.33.1/grsecurity/grsec_sock.c |
39490 | --- linux-2.6.33.1/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000 -0500 | |
39491 | +++ linux-2.6.33.1/grsecurity/grsec_sock.c 2010-03-20 16:58:41.892922620 -0400 | |
39492 | @@ -0,0 +1,271 @@ | |
58c5fc13 MT |
39493 | +#include <linux/kernel.h> |
39494 | +#include <linux/module.h> | |
39495 | +#include <linux/sched.h> | |
39496 | +#include <linux/file.h> | |
39497 | +#include <linux/net.h> | |
39498 | +#include <linux/in.h> | |
39499 | +#include <linux/ip.h> | |
39500 | +#include <net/sock.h> | |
39501 | +#include <net/inet_sock.h> | |
39502 | +#include <linux/grsecurity.h> | |
39503 | +#include <linux/grinternal.h> | |
39504 | +#include <linux/gracl.h> | |
39505 | + | |
39506 | +kernel_cap_t gr_cap_rtnetlink(struct sock *sock); | |
39507 | +EXPORT_SYMBOL(gr_cap_rtnetlink); | |
39508 | + | |
39509 | +extern int gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb); | |
39510 | +extern int gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr); | |
39511 | + | |
39512 | +EXPORT_SYMBOL(gr_search_udp_recvmsg); | |
39513 | +EXPORT_SYMBOL(gr_search_udp_sendmsg); | |
39514 | + | |
39515 | +#ifdef CONFIG_UNIX_MODULE | |
39516 | +EXPORT_SYMBOL(gr_acl_handle_unix); | |
39517 | +EXPORT_SYMBOL(gr_acl_handle_mknod); | |
39518 | +EXPORT_SYMBOL(gr_handle_chroot_unix); | |
39519 | +EXPORT_SYMBOL(gr_handle_create); | |
39520 | +#endif | |
39521 | + | |
39522 | +#ifdef CONFIG_GRKERNSEC | |
39523 | +#define gr_conn_table_size 32749 | |
39524 | +struct conn_table_entry { | |
39525 | + struct conn_table_entry *next; | |
39526 | + struct signal_struct *sig; | |
39527 | +}; | |
39528 | + | |
39529 | +struct conn_table_entry *gr_conn_table[gr_conn_table_size]; | |
39530 | +DEFINE_SPINLOCK(gr_conn_table_lock); | |
39531 | + | |
39532 | +extern const char * gr_socktype_to_name(unsigned char type); | |
39533 | +extern const char * gr_proto_to_name(unsigned char proto); | |
39534 | + | |
39535 | +static __inline__ int | |
39536 | +conn_hash(__u32 saddr, __u32 daddr, __u16 sport, __u16 dport, unsigned int size) | |
39537 | +{ | |
39538 | + return ((daddr + saddr + (sport << 8) + (dport << 16)) % size); | |
39539 | +} | |
39540 | + | |
39541 | +static __inline__ int | |
39542 | +conn_match(const struct signal_struct *sig, __u32 saddr, __u32 daddr, | |
39543 | + __u16 sport, __u16 dport) | |
39544 | +{ | |
39545 | + if (unlikely(sig->gr_saddr == saddr && sig->gr_daddr == daddr && | |
39546 | + sig->gr_sport == sport && sig->gr_dport == dport)) | |
39547 | + return 1; | |
39548 | + else | |
39549 | + return 0; | |
39550 | +} | |
39551 | + | |
39552 | +static void gr_add_to_task_ip_table_nolock(struct signal_struct *sig, struct conn_table_entry *newent) | |
39553 | +{ | |
39554 | + struct conn_table_entry **match; | |
39555 | + unsigned int index; | |
39556 | + | |
39557 | + index = conn_hash(sig->gr_saddr, sig->gr_daddr, | |
39558 | + sig->gr_sport, sig->gr_dport, | |
39559 | + gr_conn_table_size); | |
39560 | + | |
39561 | + newent->sig = sig; | |
39562 | + | |
39563 | + match = &gr_conn_table[index]; | |
39564 | + newent->next = *match; | |
39565 | + *match = newent; | |
39566 | + | |
39567 | + return; | |
39568 | +} | |
39569 | + | |
39570 | +static void gr_del_task_from_ip_table_nolock(struct signal_struct *sig) | |
39571 | +{ | |
39572 | + struct conn_table_entry *match, *last = NULL; | |
39573 | + unsigned int index; | |
39574 | + | |
39575 | + index = conn_hash(sig->gr_saddr, sig->gr_daddr, | |
39576 | + sig->gr_sport, sig->gr_dport, | |
39577 | + gr_conn_table_size); | |
39578 | + | |
39579 | + match = gr_conn_table[index]; | |
39580 | + while (match && !conn_match(match->sig, | |
39581 | + sig->gr_saddr, sig->gr_daddr, sig->gr_sport, | |
39582 | + sig->gr_dport)) { | |
39583 | + last = match; | |
39584 | + match = match->next; | |
39585 | + } | |
39586 | + | |
39587 | + if (match) { | |
39588 | + if (last) | |
39589 | + last->next = match->next; | |
39590 | + else | |
39591 | + gr_conn_table[index] = NULL; | |
39592 | + kfree(match); | |
39593 | + } | |
39594 | + | |
39595 | + return; | |
39596 | +} | |
39597 | + | |
39598 | +static struct signal_struct * gr_lookup_task_ip_table(__u32 saddr, __u32 daddr, | |
39599 | + __u16 sport, __u16 dport) | |
39600 | +{ | |
39601 | + struct conn_table_entry *match; | |
39602 | + unsigned int index; | |
39603 | + | |
39604 | + index = conn_hash(saddr, daddr, sport, dport, gr_conn_table_size); | |
39605 | + | |
39606 | + match = gr_conn_table[index]; | |
39607 | + while (match && !conn_match(match->sig, saddr, daddr, sport, dport)) | |
39608 | + match = match->next; | |
39609 | + | |
39610 | + if (match) | |
39611 | + return match->sig; | |
39612 | + else | |
39613 | + return NULL; | |
39614 | +} | |
39615 | + | |
39616 | +#endif | |
39617 | + | |
39618 | +void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet) | |
39619 | +{ | |
39620 | +#ifdef CONFIG_GRKERNSEC | |
39621 | + struct signal_struct *sig = task->signal; | |
39622 | + struct conn_table_entry *newent; | |
39623 | + | |
39624 | + newent = kmalloc(sizeof(struct conn_table_entry), GFP_ATOMIC); | |
39625 | + if (newent == NULL) | |
39626 | + return; | |
39627 | + /* no bh lock needed since we are called with bh disabled */ | |
39628 | + spin_lock(&gr_conn_table_lock); | |
39629 | + gr_del_task_from_ip_table_nolock(sig); | |
ae4e228f MT |
39630 | + sig->gr_saddr = inet->inet_rcv_saddr; |
39631 | + sig->gr_daddr = inet->inet_daddr; | |
39632 | + sig->gr_sport = inet->inet_sport; | |
39633 | + sig->gr_dport = inet->inet_dport; | |
58c5fc13 MT |
39634 | + gr_add_to_task_ip_table_nolock(sig, newent); |
39635 | + spin_unlock(&gr_conn_table_lock); | |
39636 | +#endif | |
39637 | + return; | |
39638 | +} | |
39639 | + | |
39640 | +void gr_del_task_from_ip_table(struct task_struct *task) | |
39641 | +{ | |
39642 | +#ifdef CONFIG_GRKERNSEC | |
39643 | + spin_lock_bh(&gr_conn_table_lock); | |
39644 | + gr_del_task_from_ip_table_nolock(task->signal); | |
39645 | + spin_unlock_bh(&gr_conn_table_lock); | |
39646 | +#endif | |
39647 | + return; | |
39648 | +} | |
39649 | + | |
39650 | +void | |
39651 | +gr_attach_curr_ip(const struct sock *sk) | |
39652 | +{ | |
39653 | +#ifdef CONFIG_GRKERNSEC | |
39654 | + struct signal_struct *p, *set; | |
39655 | + const struct inet_sock *inet = inet_sk(sk); | |
39656 | + | |
39657 | + if (unlikely(sk->sk_protocol != IPPROTO_TCP)) | |
39658 | + return; | |
39659 | + | |
39660 | + set = current->signal; | |
39661 | + | |
39662 | + spin_lock_bh(&gr_conn_table_lock); | |
ae4e228f MT |
39663 | + p = gr_lookup_task_ip_table(inet->inet_daddr, inet->inet_rcv_saddr, |
39664 | + inet->inet_dport, inet->inet_sport); | |
58c5fc13 MT |
39665 | + if (unlikely(p != NULL)) { |
39666 | + set->curr_ip = p->curr_ip; | |
39667 | + set->used_accept = 1; | |
39668 | + gr_del_task_from_ip_table_nolock(p); | |
39669 | + spin_unlock_bh(&gr_conn_table_lock); | |
39670 | + return; | |
39671 | + } | |
39672 | + spin_unlock_bh(&gr_conn_table_lock); | |
39673 | + | |
ae4e228f | 39674 | + set->curr_ip = inet->inet_daddr; |
58c5fc13 MT |
39675 | + set->used_accept = 1; |
39676 | +#endif | |
39677 | + return; | |
39678 | +} | |
39679 | + | |
39680 | +int | |
39681 | +gr_handle_sock_all(const int family, const int type, const int protocol) | |
39682 | +{ | |
39683 | +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL | |
39684 | + if (grsec_enable_socket_all && in_group_p(grsec_socket_all_gid) && | |
39685 | + (family != AF_UNIX) && (family != AF_LOCAL)) { | |
39686 | + gr_log_int_str2(GR_DONT_AUDIT, GR_SOCK2_MSG, family, gr_socktype_to_name(type), gr_proto_to_name(protocol)); | |
39687 | + return -EACCES; | |
39688 | + } | |
39689 | +#endif | |
39690 | + return 0; | |
39691 | +} | |
39692 | + | |
39693 | +int | |
39694 | +gr_handle_sock_server(const struct sockaddr *sck) | |
39695 | +{ | |
39696 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER | |
39697 | + if (grsec_enable_socket_server && | |
39698 | + in_group_p(grsec_socket_server_gid) && | |
39699 | + sck && (sck->sa_family != AF_UNIX) && | |
39700 | + (sck->sa_family != AF_LOCAL)) { | |
39701 | + gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG); | |
39702 | + return -EACCES; | |
39703 | + } | |
39704 | +#endif | |
39705 | + return 0; | |
39706 | +} | |
39707 | + | |
39708 | +int | |
39709 | +gr_handle_sock_server_other(const struct sock *sck) | |
39710 | +{ | |
39711 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER | |
39712 | + if (grsec_enable_socket_server && | |
39713 | + in_group_p(grsec_socket_server_gid) && | |
39714 | + sck && (sck->sk_family != AF_UNIX) && | |
39715 | + (sck->sk_family != AF_LOCAL)) { | |
39716 | + gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG); | |
39717 | + return -EACCES; | |
39718 | + } | |
39719 | +#endif | |
39720 | + return 0; | |
39721 | +} | |
39722 | + | |
39723 | +int | |
39724 | +gr_handle_sock_client(const struct sockaddr *sck) | |
39725 | +{ | |
39726 | +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT | |
39727 | + if (grsec_enable_socket_client && in_group_p(grsec_socket_client_gid) && | |
39728 | + sck && (sck->sa_family != AF_UNIX) && | |
39729 | + (sck->sa_family != AF_LOCAL)) { | |
39730 | + gr_log_noargs(GR_DONT_AUDIT, GR_CONNECT_MSG); | |
39731 | + return -EACCES; | |
39732 | + } | |
39733 | +#endif | |
39734 | + return 0; | |
39735 | +} | |
39736 | + | |
39737 | +kernel_cap_t | |
39738 | +gr_cap_rtnetlink(struct sock *sock) | |
39739 | +{ | |
39740 | +#ifdef CONFIG_GRKERNSEC | |
39741 | + if (!gr_acl_is_enabled()) | |
39742 | + return current_cap(); | |
39743 | + else if (sock->sk_protocol == NETLINK_ISCSI && | |
39744 | + cap_raised(current_cap(), CAP_SYS_ADMIN) && | |
39745 | + gr_is_capable(CAP_SYS_ADMIN)) | |
39746 | + return current_cap(); | |
39747 | + else if (sock->sk_protocol == NETLINK_AUDIT && | |
39748 | + cap_raised(current_cap(), CAP_AUDIT_WRITE) && | |
39749 | + gr_is_capable(CAP_AUDIT_WRITE) && | |
39750 | + cap_raised(current_cap(), CAP_AUDIT_CONTROL) && | |
39751 | + gr_is_capable(CAP_AUDIT_CONTROL)) | |
39752 | + return current_cap(); | |
39753 | + else if (cap_raised(current_cap(), CAP_NET_ADMIN) && | |
ae4e228f MT |
39754 | + ((sock->sk_protocol == NETLINK_ROUTE) ? |
39755 | + gr_is_capable_nolog(CAP_NET_ADMIN) : | |
39756 | + gr_is_capable(CAP_NET_ADMIN))) | |
58c5fc13 MT |
39757 | + return current_cap(); |
39758 | + else | |
39759 | + return __cap_empty_set; | |
39760 | +#else | |
39761 | + return current_cap(); | |
39762 | +#endif | |
39763 | +} | |
ae4e228f MT |
39764 | diff -urNp linux-2.6.33.1/grsecurity/grsec_sysctl.c linux-2.6.33.1/grsecurity/grsec_sysctl.c |
39765 | --- linux-2.6.33.1/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500 | |
39766 | +++ linux-2.6.33.1/grsecurity/grsec_sysctl.c 2010-03-20 17:08:11.436987044 -0400 | |
39767 | @@ -0,0 +1,404 @@ | |
58c5fc13 MT |
39768 | +#include <linux/kernel.h> |
39769 | +#include <linux/sched.h> | |
39770 | +#include <linux/sysctl.h> | |
39771 | +#include <linux/grsecurity.h> | |
39772 | +#include <linux/grinternal.h> | |
39773 | + | |
39774 | +int | |
39775 | +gr_handle_sysctl_mod(const char *dirname, const char *name, const int op) | |
39776 | +{ | |
39777 | +#ifdef CONFIG_GRKERNSEC_SYSCTL | |
39778 | + if (!strcmp(dirname, "grsecurity") && grsec_lock && (op & MAY_WRITE)) { | |
39779 | + gr_log_str(GR_DONT_AUDIT, GR_SYSCTL_MSG, name); | |
39780 | + return -EACCES; | |
39781 | + } | |
39782 | +#endif | |
39783 | + return 0; | |
39784 | +} | |
39785 | + | |
ae4e228f MT |
39786 | +#ifdef CONFIG_GRKERNSEC_ROFS |
39787 | +static int __maybe_unused one = 1; | |
39788 | +#endif | |
39789 | + | |
39790 | +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS) | |
58c5fc13 MT |
39791 | +ctl_table grsecurity_table[] = { |
39792 | +#ifdef CONFIG_GRKERNSEC_SYSCTL | |
39793 | +#ifdef CONFIG_GRKERNSEC_LINK | |
39794 | + { | |
58c5fc13 MT |
39795 | + .procname = "linking_restrictions", |
39796 | + .data = &grsec_enable_link, | |
39797 | + .maxlen = sizeof(int), | |
39798 | + .mode = 0600, | |
39799 | + .proc_handler = &proc_dointvec, | |
39800 | + }, | |
39801 | +#endif | |
39802 | +#ifdef CONFIG_GRKERNSEC_FIFO | |
39803 | + { | |
58c5fc13 MT |
39804 | + .procname = "fifo_restrictions", |
39805 | + .data = &grsec_enable_fifo, | |
39806 | + .maxlen = sizeof(int), | |
39807 | + .mode = 0600, | |
39808 | + .proc_handler = &proc_dointvec, | |
39809 | + }, | |
39810 | +#endif | |
39811 | +#ifdef CONFIG_GRKERNSEC_EXECVE | |
39812 | + { | |
58c5fc13 MT |
39813 | + .procname = "execve_limiting", |
39814 | + .data = &grsec_enable_execve, | |
39815 | + .maxlen = sizeof(int), | |
39816 | + .mode = 0600, | |
39817 | + .proc_handler = &proc_dointvec, | |
39818 | + }, | |
39819 | +#endif | |
ae4e228f MT |
39820 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE |
39821 | + { | |
39822 | + .procname = "ip_blackhole", | |
39823 | + .data = &grsec_enable_blackhole, | |
39824 | + .maxlen = sizeof(int), | |
39825 | + .mode = 0600, | |
39826 | + .proc_handler = &proc_dointvec, | |
39827 | + }, | |
39828 | + { | |
39829 | + .procname = "lastack_retries", | |
39830 | + .data = &grsec_lastack_retries, | |
39831 | + .maxlen = sizeof(int), | |
39832 | + .mode = 0600, | |
39833 | + .proc_handler = &proc_dointvec, | |
39834 | + }, | |
39835 | +#endif | |
58c5fc13 MT |
39836 | +#ifdef CONFIG_GRKERNSEC_EXECLOG |
39837 | + { | |
58c5fc13 MT |
39838 | + .procname = "exec_logging", |
39839 | + .data = &grsec_enable_execlog, | |
39840 | + .maxlen = sizeof(int), | |
39841 | + .mode = 0600, | |
39842 | + .proc_handler = &proc_dointvec, | |
39843 | + }, | |
39844 | +#endif | |
39845 | +#ifdef CONFIG_GRKERNSEC_SIGNAL | |
39846 | + { | |
58c5fc13 MT |
39847 | + .procname = "signal_logging", |
39848 | + .data = &grsec_enable_signal, | |
39849 | + .maxlen = sizeof(int), | |
39850 | + .mode = 0600, | |
39851 | + .proc_handler = &proc_dointvec, | |
39852 | + }, | |
39853 | +#endif | |
39854 | +#ifdef CONFIG_GRKERNSEC_FORKFAIL | |
39855 | + { | |
58c5fc13 MT |
39856 | + .procname = "forkfail_logging", |
39857 | + .data = &grsec_enable_forkfail, | |
39858 | + .maxlen = sizeof(int), | |
39859 | + .mode = 0600, | |
39860 | + .proc_handler = &proc_dointvec, | |
39861 | + }, | |
39862 | +#endif | |
39863 | +#ifdef CONFIG_GRKERNSEC_TIME | |
39864 | + { | |
58c5fc13 MT |
39865 | + .procname = "timechange_logging", |
39866 | + .data = &grsec_enable_time, | |
39867 | + .maxlen = sizeof(int), | |
39868 | + .mode = 0600, | |
39869 | + .proc_handler = &proc_dointvec, | |
39870 | + }, | |
39871 | +#endif | |
39872 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT | |
39873 | + { | |
58c5fc13 MT |
39874 | + .procname = "chroot_deny_shmat", |
39875 | + .data = &grsec_enable_chroot_shmat, | |
39876 | + .maxlen = sizeof(int), | |
39877 | + .mode = 0600, | |
39878 | + .proc_handler = &proc_dointvec, | |
39879 | + }, | |
39880 | +#endif | |
39881 | +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX | |
39882 | + { | |
58c5fc13 MT |
39883 | + .procname = "chroot_deny_unix", |
39884 | + .data = &grsec_enable_chroot_unix, | |
39885 | + .maxlen = sizeof(int), | |
39886 | + .mode = 0600, | |
39887 | + .proc_handler = &proc_dointvec, | |
39888 | + }, | |
39889 | +#endif | |
39890 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT | |
39891 | + { | |
58c5fc13 MT |
39892 | + .procname = "chroot_deny_mount", |
39893 | + .data = &grsec_enable_chroot_mount, | |
39894 | + .maxlen = sizeof(int), | |
39895 | + .mode = 0600, | |
39896 | + .proc_handler = &proc_dointvec, | |
39897 | + }, | |
39898 | +#endif | |
39899 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR | |
39900 | + { | |
58c5fc13 MT |
39901 | + .procname = "chroot_deny_fchdir", |
39902 | + .data = &grsec_enable_chroot_fchdir, | |
39903 | + .maxlen = sizeof(int), | |
39904 | + .mode = 0600, | |
39905 | + .proc_handler = &proc_dointvec, | |
39906 | + }, | |
39907 | +#endif | |
39908 | +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE | |
39909 | + { | |
58c5fc13 MT |
39910 | + .procname = "chroot_deny_chroot", |
39911 | + .data = &grsec_enable_chroot_double, | |
39912 | + .maxlen = sizeof(int), | |
39913 | + .mode = 0600, | |
39914 | + .proc_handler = &proc_dointvec, | |
39915 | + }, | |
39916 | +#endif | |
39917 | +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT | |
39918 | + { | |
58c5fc13 MT |
39919 | + .procname = "chroot_deny_pivot", |
39920 | + .data = &grsec_enable_chroot_pivot, | |
39921 | + .maxlen = sizeof(int), | |
39922 | + .mode = 0600, | |
39923 | + .proc_handler = &proc_dointvec, | |
39924 | + }, | |
39925 | +#endif | |
39926 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR | |
39927 | + { | |
58c5fc13 MT |
39928 | + .procname = "chroot_enforce_chdir", |
39929 | + .data = &grsec_enable_chroot_chdir, | |
39930 | + .maxlen = sizeof(int), | |
39931 | + .mode = 0600, | |
39932 | + .proc_handler = &proc_dointvec, | |
39933 | + }, | |
39934 | +#endif | |
39935 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD | |
39936 | + { | |
58c5fc13 MT |
39937 | + .procname = "chroot_deny_chmod", |
39938 | + .data = &grsec_enable_chroot_chmod, | |
39939 | + .maxlen = sizeof(int), | |
39940 | + .mode = 0600, | |
39941 | + .proc_handler = &proc_dointvec, | |
39942 | + }, | |
39943 | +#endif | |
39944 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD | |
39945 | + { | |
58c5fc13 MT |
39946 | + .procname = "chroot_deny_mknod", |
39947 | + .data = &grsec_enable_chroot_mknod, | |
39948 | + .maxlen = sizeof(int), | |
39949 | + .mode = 0600, | |
39950 | + .proc_handler = &proc_dointvec, | |
39951 | + }, | |
39952 | +#endif | |
39953 | +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE | |
39954 | + { | |
58c5fc13 MT |
39955 | + .procname = "chroot_restrict_nice", |
39956 | + .data = &grsec_enable_chroot_nice, | |
39957 | + .maxlen = sizeof(int), | |
39958 | + .mode = 0600, | |
39959 | + .proc_handler = &proc_dointvec, | |
39960 | + }, | |
39961 | +#endif | |
39962 | +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG | |
39963 | + { | |
58c5fc13 MT |
39964 | + .procname = "chroot_execlog", |
39965 | + .data = &grsec_enable_chroot_execlog, | |
39966 | + .maxlen = sizeof(int), | |
39967 | + .mode = 0600, | |
39968 | + .proc_handler = &proc_dointvec, | |
39969 | + }, | |
39970 | +#endif | |
39971 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
39972 | + { | |
58c5fc13 MT |
39973 | + .procname = "chroot_caps", |
39974 | + .data = &grsec_enable_chroot_caps, | |
39975 | + .maxlen = sizeof(int), | |
39976 | + .mode = 0600, | |
39977 | + .proc_handler = &proc_dointvec, | |
39978 | + }, | |
39979 | +#endif | |
39980 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL | |
39981 | + { | |
58c5fc13 MT |
39982 | + .procname = "chroot_deny_sysctl", |
39983 | + .data = &grsec_enable_chroot_sysctl, | |
39984 | + .maxlen = sizeof(int), | |
39985 | + .mode = 0600, | |
39986 | + .proc_handler = &proc_dointvec, | |
39987 | + }, | |
39988 | +#endif | |
39989 | +#ifdef CONFIG_GRKERNSEC_TPE | |
39990 | + { | |
58c5fc13 MT |
39991 | + .procname = "tpe", |
39992 | + .data = &grsec_enable_tpe, | |
39993 | + .maxlen = sizeof(int), | |
39994 | + .mode = 0600, | |
39995 | + .proc_handler = &proc_dointvec, | |
39996 | + }, | |
39997 | + { | |
58c5fc13 MT |
39998 | + .procname = "tpe_gid", |
39999 | + .data = &grsec_tpe_gid, | |
40000 | + .maxlen = sizeof(int), | |
40001 | + .mode = 0600, | |
40002 | + .proc_handler = &proc_dointvec, | |
40003 | + }, | |
40004 | +#endif | |
40005 | +#ifdef CONFIG_GRKERNSEC_TPE_ALL | |
40006 | + { | |
58c5fc13 MT |
40007 | + .procname = "tpe_restrict_all", |
40008 | + .data = &grsec_enable_tpe_all, | |
40009 | + .maxlen = sizeof(int), | |
40010 | + .mode = 0600, | |
40011 | + .proc_handler = &proc_dointvec, | |
40012 | + }, | |
40013 | +#endif | |
40014 | +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL | |
40015 | + { | |
58c5fc13 MT |
40016 | + .procname = "socket_all", |
40017 | + .data = &grsec_enable_socket_all, | |
40018 | + .maxlen = sizeof(int), | |
40019 | + .mode = 0600, | |
40020 | + .proc_handler = &proc_dointvec, | |
40021 | + }, | |
40022 | + { | |
58c5fc13 MT |
40023 | + .procname = "socket_all_gid", |
40024 | + .data = &grsec_socket_all_gid, | |
40025 | + .maxlen = sizeof(int), | |
40026 | + .mode = 0600, | |
40027 | + .proc_handler = &proc_dointvec, | |
40028 | + }, | |
40029 | +#endif | |
40030 | +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT | |
40031 | + { | |
58c5fc13 MT |
40032 | + .procname = "socket_client", |
40033 | + .data = &grsec_enable_socket_client, | |
40034 | + .maxlen = sizeof(int), | |
40035 | + .mode = 0600, | |
40036 | + .proc_handler = &proc_dointvec, | |
40037 | + }, | |
40038 | + { | |
58c5fc13 MT |
40039 | + .procname = "socket_client_gid", |
40040 | + .data = &grsec_socket_client_gid, | |
40041 | + .maxlen = sizeof(int), | |
40042 | + .mode = 0600, | |
40043 | + .proc_handler = &proc_dointvec, | |
40044 | + }, | |
40045 | +#endif | |
40046 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER | |
40047 | + { | |
58c5fc13 MT |
40048 | + .procname = "socket_server", |
40049 | + .data = &grsec_enable_socket_server, | |
40050 | + .maxlen = sizeof(int), | |
40051 | + .mode = 0600, | |
40052 | + .proc_handler = &proc_dointvec, | |
40053 | + }, | |
40054 | + { | |
58c5fc13 MT |
40055 | + .procname = "socket_server_gid", |
40056 | + .data = &grsec_socket_server_gid, | |
40057 | + .maxlen = sizeof(int), | |
40058 | + .mode = 0600, | |
40059 | + .proc_handler = &proc_dointvec, | |
40060 | + }, | |
40061 | +#endif | |
40062 | +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP | |
40063 | + { | |
58c5fc13 MT |
40064 | + .procname = "audit_group", |
40065 | + .data = &grsec_enable_group, | |
40066 | + .maxlen = sizeof(int), | |
40067 | + .mode = 0600, | |
40068 | + .proc_handler = &proc_dointvec, | |
40069 | + }, | |
40070 | + { | |
58c5fc13 MT |
40071 | + .procname = "audit_gid", |
40072 | + .data = &grsec_audit_gid, | |
40073 | + .maxlen = sizeof(int), | |
40074 | + .mode = 0600, | |
40075 | + .proc_handler = &proc_dointvec, | |
40076 | + }, | |
40077 | +#endif | |
40078 | +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR | |
40079 | + { | |
58c5fc13 MT |
40080 | + .procname = "audit_chdir", |
40081 | + .data = &grsec_enable_chdir, | |
40082 | + .maxlen = sizeof(int), | |
40083 | + .mode = 0600, | |
40084 | + .proc_handler = &proc_dointvec, | |
40085 | + }, | |
40086 | +#endif | |
40087 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
40088 | + { | |
58c5fc13 MT |
40089 | + .procname = "audit_mount", |
40090 | + .data = &grsec_enable_mount, | |
40091 | + .maxlen = sizeof(int), | |
40092 | + .mode = 0600, | |
40093 | + .proc_handler = &proc_dointvec, | |
40094 | + }, | |
40095 | +#endif | |
40096 | +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL | |
40097 | + { | |
58c5fc13 MT |
40098 | + .procname = "audit_textrel", |
40099 | + .data = &grsec_enable_audit_textrel, | |
40100 | + .maxlen = sizeof(int), | |
40101 | + .mode = 0600, | |
40102 | + .proc_handler = &proc_dointvec, | |
40103 | + }, | |
40104 | +#endif | |
40105 | +#ifdef CONFIG_GRKERNSEC_DMESG | |
40106 | + { | |
58c5fc13 MT |
40107 | + .procname = "dmesg", |
40108 | + .data = &grsec_enable_dmesg, | |
40109 | + .maxlen = sizeof(int), | |
40110 | + .mode = 0600, | |
40111 | + .proc_handler = &proc_dointvec, | |
40112 | + }, | |
40113 | +#endif | |
40114 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK | |
40115 | + { | |
58c5fc13 MT |
40116 | + .procname = "chroot_findtask", |
40117 | + .data = &grsec_enable_chroot_findtask, | |
40118 | + .maxlen = sizeof(int), | |
40119 | + .mode = 0600, | |
40120 | + .proc_handler = &proc_dointvec, | |
40121 | + }, | |
40122 | +#endif | |
40123 | +#ifdef CONFIG_GRKERNSEC_RESLOG | |
40124 | + { | |
58c5fc13 MT |
40125 | + .procname = "resource_logging", |
40126 | + .data = &grsec_resource_logging, | |
40127 | + .maxlen = sizeof(int), | |
40128 | + .mode = 0600, | |
40129 | + .proc_handler = &proc_dointvec, | |
40130 | + }, | |
40131 | +#endif | |
ae4e228f MT |
40132 | +#ifdef CONFIG_GRKERNSEC_AUDIT_PTRACE |
40133 | + { | |
40134 | + .procname = "audit_ptrace", | |
40135 | + .data = &grsec_enable_audit_ptrace, | |
40136 | + .maxlen = sizeof(int), | |
40137 | + .mode = 0600, | |
40138 | + .proc_handler = &proc_dointvec, | |
40139 | + }, | |
40140 | +#endif | |
58c5fc13 MT |
40141 | +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE |
40142 | + { | |
58c5fc13 MT |
40143 | + .procname = "harden_ptrace", |
40144 | + .data = &grsec_enable_harden_ptrace, | |
40145 | + .maxlen = sizeof(int), | |
40146 | + .mode = 0600, | |
40147 | + .proc_handler = &proc_dointvec, | |
40148 | + }, | |
40149 | +#endif | |
40150 | + { | |
58c5fc13 MT |
40151 | + .procname = "grsec_lock", |
40152 | + .data = &grsec_lock, | |
40153 | + .maxlen = sizeof(int), | |
40154 | + .mode = 0600, | |
40155 | + .proc_handler = &proc_dointvec, | |
40156 | + }, | |
40157 | +#endif | |
ae4e228f MT |
40158 | +#ifdef CONFIG_GRKERNSEC_ROFS |
40159 | + { | |
40160 | + .procname = "romount_protect", | |
40161 | + .data = &grsec_enable_rofs, | |
40162 | + .maxlen = sizeof(int), | |
40163 | + .mode = 0600, | |
40164 | + .proc_handler = &proc_dointvec_minmax, | |
40165 | + .extra1 = &one, | |
40166 | + .extra2 = &one, | |
40167 | + }, | |
40168 | +#endif | |
40169 | + { } | |
58c5fc13 MT |
40170 | +}; |
40171 | +#endif | |
ae4e228f MT |
40172 | diff -urNp linux-2.6.33.1/grsecurity/grsec_textrel.c linux-2.6.33.1/grsecurity/grsec_textrel.c |
40173 | --- linux-2.6.33.1/grsecurity/grsec_textrel.c 1969-12-31 19:00:00.000000000 -0500 | |
40174 | +++ linux-2.6.33.1/grsecurity/grsec_textrel.c 2010-03-20 16:58:41.900965882 -0400 | |
58c5fc13 MT |
40175 | @@ -0,0 +1,16 @@ |
40176 | +#include <linux/kernel.h> | |
40177 | +#include <linux/sched.h> | |
40178 | +#include <linux/mm.h> | |
40179 | +#include <linux/file.h> | |
40180 | +#include <linux/grinternal.h> | |
40181 | +#include <linux/grsecurity.h> | |
40182 | + | |
40183 | +void | |
40184 | +gr_log_textrel(struct vm_area_struct * vma) | |
40185 | +{ | |
40186 | +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL | |
40187 | + if (grsec_enable_audit_textrel) | |
40188 | + gr_log_textrel_ulong_ulong(GR_DO_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff); | |
40189 | +#endif | |
40190 | + return; | |
40191 | +} | |
ae4e228f MT |
40192 | diff -urNp linux-2.6.33.1/grsecurity/grsec_time.c linux-2.6.33.1/grsecurity/grsec_time.c |
40193 | --- linux-2.6.33.1/grsecurity/grsec_time.c 1969-12-31 19:00:00.000000000 -0500 | |
40194 | +++ linux-2.6.33.1/grsecurity/grsec_time.c 2010-03-20 16:58:41.900965882 -0400 | |
58c5fc13 MT |
40195 | @@ -0,0 +1,13 @@ |
40196 | +#include <linux/kernel.h> | |
40197 | +#include <linux/sched.h> | |
40198 | +#include <linux/grinternal.h> | |
40199 | + | |
40200 | +void | |
40201 | +gr_log_timechange(void) | |
40202 | +{ | |
40203 | +#ifdef CONFIG_GRKERNSEC_TIME | |
40204 | + if (grsec_enable_time) | |
40205 | + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_TIME_MSG); | |
40206 | +#endif | |
40207 | + return; | |
40208 | +} | |
ae4e228f MT |
40209 | diff -urNp linux-2.6.33.1/grsecurity/grsec_tpe.c linux-2.6.33.1/grsecurity/grsec_tpe.c |
40210 | --- linux-2.6.33.1/grsecurity/grsec_tpe.c 1969-12-31 19:00:00.000000000 -0500 | |
40211 | +++ linux-2.6.33.1/grsecurity/grsec_tpe.c 2010-03-20 16:58:41.900965882 -0400 | |
58c5fc13 MT |
40212 | @@ -0,0 +1,38 @@ |
40213 | +#include <linux/kernel.h> | |
40214 | +#include <linux/sched.h> | |
40215 | +#include <linux/file.h> | |
40216 | +#include <linux/fs.h> | |
40217 | +#include <linux/grinternal.h> | |
40218 | + | |
40219 | +extern int gr_acl_tpe_check(void); | |
40220 | + | |
40221 | +int | |
40222 | +gr_tpe_allow(const struct file *file) | |
40223 | +{ | |
40224 | +#ifdef CONFIG_GRKERNSEC | |
40225 | + struct inode *inode = file->f_path.dentry->d_parent->d_inode; | |
40226 | + const struct cred *cred = current_cred(); | |
40227 | + | |
40228 | + if (cred->uid && ((grsec_enable_tpe && | |
40229 | +#ifdef CONFIG_GRKERNSEC_TPE_INVERT | |
40230 | + !in_group_p(grsec_tpe_gid) | |
40231 | +#else | |
40232 | + in_group_p(grsec_tpe_gid) | |
40233 | +#endif | |
40234 | + ) || gr_acl_tpe_check()) && | |
40235 | + (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) || | |
40236 | + (inode->i_mode & S_IWOTH))))) { | |
40237 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt); | |
40238 | + return 0; | |
40239 | + } | |
40240 | +#ifdef CONFIG_GRKERNSEC_TPE_ALL | |
40241 | + if (cred->uid && grsec_enable_tpe && grsec_enable_tpe_all && | |
40242 | + ((inode->i_uid && (inode->i_uid != cred->uid)) || | |
40243 | + (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) { | |
40244 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt); | |
40245 | + return 0; | |
40246 | + } | |
40247 | +#endif | |
40248 | +#endif | |
40249 | + return 1; | |
40250 | +} | |
ae4e228f MT |
40251 | diff -urNp linux-2.6.33.1/grsecurity/grsum.c linux-2.6.33.1/grsecurity/grsum.c |
40252 | --- linux-2.6.33.1/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500 | |
40253 | +++ linux-2.6.33.1/grsecurity/grsum.c 2010-03-20 16:58:41.900965882 -0400 | |
58c5fc13 MT |
40254 | @@ -0,0 +1,59 @@ |
40255 | +#include <linux/err.h> | |
40256 | +#include <linux/kernel.h> | |
40257 | +#include <linux/sched.h> | |
40258 | +#include <linux/mm.h> | |
40259 | +#include <linux/scatterlist.h> | |
40260 | +#include <linux/crypto.h> | |
40261 | +#include <linux/gracl.h> | |
40262 | + | |
40263 | + | |
40264 | +#if !defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE) || !defined(CONFIG_CRYPTO_SHA256) || defined(CONFIG_CRYPTO_SHA256_MODULE) | |
40265 | +#error "crypto and sha256 must be built into the kernel" | |
40266 | +#endif | |
40267 | + | |
40268 | +int | |
40269 | +chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum) | |
40270 | +{ | |
40271 | + char *p; | |
40272 | + struct crypto_hash *tfm; | |
40273 | + struct hash_desc desc; | |
40274 | + struct scatterlist sg; | |
40275 | + unsigned char temp_sum[GR_SHA_LEN]; | |
40276 | + volatile int retval = 0; | |
40277 | + volatile int dummy = 0; | |
40278 | + unsigned int i; | |
40279 | + | |
40280 | + tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC); | |
40281 | + if (IS_ERR(tfm)) { | |
40282 | + /* should never happen, since sha256 should be built in */ | |
40283 | + return 1; | |
40284 | + } | |
40285 | + | |
40286 | + desc.tfm = tfm; | |
40287 | + desc.flags = 0; | |
40288 | + | |
40289 | + crypto_hash_init(&desc); | |
40290 | + | |
40291 | + p = salt; | |
40292 | + sg_set_buf(&sg, p, GR_SALT_LEN); | |
40293 | + crypto_hash_update(&desc, &sg, sg.length); | |
40294 | + | |
40295 | + p = entry->pw; | |
40296 | + sg_set_buf(&sg, p, strlen(p)); | |
40297 | + | |
40298 | + crypto_hash_update(&desc, &sg, sg.length); | |
40299 | + | |
40300 | + crypto_hash_final(&desc, temp_sum); | |
40301 | + | |
40302 | + memset(entry->pw, 0, GR_PW_LEN); | |
40303 | + | |
40304 | + for (i = 0; i < GR_SHA_LEN; i++) | |
40305 | + if (sum[i] != temp_sum[i]) | |
40306 | + retval = 1; | |
40307 | + else | |
40308 | + dummy = 1; // waste a cycle | |
40309 | + | |
40310 | + crypto_free_hash(tfm); | |
40311 | + | |
40312 | + return retval; | |
40313 | +} | |
ae4e228f MT |
40314 | diff -urNp linux-2.6.33.1/grsecurity/Kconfig linux-2.6.33.1/grsecurity/Kconfig |
40315 | --- linux-2.6.33.1/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500 | |
40316 | +++ linux-2.6.33.1/grsecurity/Kconfig 2010-03-20 17:00:48.140865901 -0400 | |
40317 | @@ -0,0 +1,965 @@ | |
58c5fc13 MT |
40318 | +# |
40319 | +# grecurity configuration | |
40320 | +# | |
40321 | + | |
40322 | +menu "Grsecurity" | |
40323 | + | |
40324 | +config GRKERNSEC | |
40325 | + bool "Grsecurity" | |
40326 | + select CRYPTO | |
40327 | + select CRYPTO_SHA256 | |
40328 | + help | |
40329 | + If you say Y here, you will be able to configure many features | |
40330 | + that will enhance the security of your system. It is highly | |
40331 | + recommended that you say Y here and read through the help | |
40332 | + for each option so that you fully understand the features and | |
40333 | + can evaluate their usefulness for your machine. | |
40334 | + | |
40335 | +choice | |
40336 | + prompt "Security Level" | |
40337 | + depends on GRKERNSEC | |
40338 | + default GRKERNSEC_CUSTOM | |
40339 | + | |
40340 | +config GRKERNSEC_LOW | |
40341 | + bool "Low" | |
40342 | + select GRKERNSEC_LINK | |
40343 | + select GRKERNSEC_FIFO | |
40344 | + select GRKERNSEC_EXECVE | |
40345 | + select GRKERNSEC_RANDNET | |
40346 | + select GRKERNSEC_DMESG | |
40347 | + select GRKERNSEC_CHROOT | |
40348 | + select GRKERNSEC_CHROOT_CHDIR | |
40349 | + | |
40350 | + help | |
40351 | + If you choose this option, several of the grsecurity options will | |
40352 | + be enabled that will give you greater protection against a number | |
40353 | + of attacks, while assuring that none of your software will have any | |
40354 | + conflicts with the additional security measures. If you run a lot | |
40355 | + of unusual software, or you are having problems with the higher | |
40356 | + security levels, you should say Y here. With this option, the | |
40357 | + following features are enabled: | |
40358 | + | |
40359 | + - Linking restrictions | |
40360 | + - FIFO restrictions | |
40361 | + - Enforcing RLIMIT_NPROC on execve | |
40362 | + - Restricted dmesg | |
40363 | + - Enforced chdir("/") on chroot | |
40364 | + - Runtime module disabling | |
40365 | + | |
40366 | +config GRKERNSEC_MEDIUM | |
40367 | + bool "Medium" | |
40368 | + select PAX | |
40369 | + select PAX_EI_PAX | |
40370 | + select PAX_PT_PAX_FLAGS | |
40371 | + select PAX_HAVE_ACL_FLAGS | |
40372 | + select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR) | |
40373 | + select GRKERNSEC_CHROOT | |
40374 | + select GRKERNSEC_CHROOT_SYSCTL | |
40375 | + select GRKERNSEC_LINK | |
40376 | + select GRKERNSEC_FIFO | |
40377 | + select GRKERNSEC_EXECVE | |
40378 | + select GRKERNSEC_DMESG | |
40379 | + select GRKERNSEC_RANDNET | |
40380 | + select GRKERNSEC_FORKFAIL | |
40381 | + select GRKERNSEC_TIME | |
40382 | + select GRKERNSEC_SIGNAL | |
40383 | + select GRKERNSEC_CHROOT | |
40384 | + select GRKERNSEC_CHROOT_UNIX | |
40385 | + select GRKERNSEC_CHROOT_MOUNT | |
40386 | + select GRKERNSEC_CHROOT_PIVOT | |
40387 | + select GRKERNSEC_CHROOT_DOUBLE | |
40388 | + select GRKERNSEC_CHROOT_CHDIR | |
40389 | + select GRKERNSEC_CHROOT_MKNOD | |
40390 | + select GRKERNSEC_PROC | |
40391 | + select GRKERNSEC_PROC_USERGROUP | |
40392 | + select PAX_RANDUSTACK | |
40393 | + select PAX_ASLR | |
40394 | + select PAX_RANDMMAP | |
40395 | + select PAX_REFCOUNT if (X86 || SPARC64) | |
40396 | + select PAX_USERCOPY if ((X86 || SPARC32 || SPARC64 || PPC32 || PPC64) && (SLAB || SLUB || SLOB)) | |
40397 | + | |
40398 | + help | |
40399 | + If you say Y here, several features in addition to those included | |
40400 | + in the low additional security level will be enabled. These | |
40401 | + features provide even more security to your system, though in rare | |
40402 | + cases they may be incompatible with very old or poorly written | |
40403 | + software. If you enable this option, make sure that your auth | |
40404 | + service (identd) is running as gid 1001. With this option, | |
40405 | + the following features (in addition to those provided in the | |
40406 | + low additional security level) will be enabled: | |
40407 | + | |
40408 | + - Failed fork logging | |
40409 | + - Time change logging | |
40410 | + - Signal logging | |
40411 | + - Deny mounts in chroot | |
40412 | + - Deny double chrooting | |
40413 | + - Deny sysctl writes in chroot | |
40414 | + - Deny mknod in chroot | |
40415 | + - Deny access to abstract AF_UNIX sockets out of chroot | |
40416 | + - Deny pivot_root in chroot | |
40417 | + - Denied writes of /dev/kmem, /dev/mem, and /dev/port | |
40418 | + - /proc restrictions with special GID set to 10 (usually wheel) | |
40419 | + - Address Space Layout Randomization (ASLR) | |
40420 | + - Prevent exploitation of most refcount overflows | |
40421 | + - Bounds checking of copying between the kernel and userland | |
40422 | + | |
40423 | +config GRKERNSEC_HIGH | |
40424 | + bool "High" | |
40425 | + select GRKERNSEC_LINK | |
40426 | + select GRKERNSEC_FIFO | |
40427 | + select GRKERNSEC_EXECVE | |
40428 | + select GRKERNSEC_DMESG | |
40429 | + select GRKERNSEC_FORKFAIL | |
40430 | + select GRKERNSEC_TIME | |
40431 | + select GRKERNSEC_SIGNAL | |
40432 | + select GRKERNSEC_CHROOT | |
40433 | + select GRKERNSEC_CHROOT_SHMAT | |
40434 | + select GRKERNSEC_CHROOT_UNIX | |
40435 | + select GRKERNSEC_CHROOT_MOUNT | |
40436 | + select GRKERNSEC_CHROOT_FCHDIR | |
40437 | + select GRKERNSEC_CHROOT_PIVOT | |
40438 | + select GRKERNSEC_CHROOT_DOUBLE | |
40439 | + select GRKERNSEC_CHROOT_CHDIR | |
40440 | + select GRKERNSEC_CHROOT_MKNOD | |
40441 | + select GRKERNSEC_CHROOT_CAPS | |
40442 | + select GRKERNSEC_CHROOT_SYSCTL | |
40443 | + select GRKERNSEC_CHROOT_FINDTASK | |
40444 | + select GRKERNSEC_PROC | |
40445 | + select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR) | |
40446 | + select GRKERNSEC_HIDESYM | |
40447 | + select GRKERNSEC_BRUTE | |
40448 | + select GRKERNSEC_PROC_USERGROUP | |
40449 | + select GRKERNSEC_KMEM | |
40450 | + select GRKERNSEC_RESLOG | |
40451 | + select GRKERNSEC_RANDNET | |
40452 | + select GRKERNSEC_PROC_ADD | |
40453 | + select GRKERNSEC_CHROOT_CHMOD | |
40454 | + select GRKERNSEC_CHROOT_NICE | |
40455 | + select GRKERNSEC_AUDIT_MOUNT | |
40456 | + select GRKERNSEC_MODHARDEN if (MODULES) | |
40457 | + select GRKERNSEC_HARDEN_PTRACE | |
ae4e228f | 40458 | + select GRKERNSEC_VM86 if (X86_32) |
58c5fc13 MT |
40459 | + select PAX |
40460 | + select PAX_RANDUSTACK | |
40461 | + select PAX_ASLR | |
40462 | + select PAX_RANDMMAP | |
40463 | + select PAX_NOEXEC | |
40464 | + select PAX_MPROTECT | |
40465 | + select PAX_EI_PAX | |
40466 | + select PAX_PT_PAX_FLAGS | |
40467 | + select PAX_HAVE_ACL_FLAGS | |
ae4e228f MT |
40468 | + select PAX_KERNEXEC if ((PPC32 || PPC64 || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN) |
40469 | + select PAX_MEMORY_UDEREF if (X86_32 && !XEN) | |
58c5fc13 MT |
40470 | + select PAX_RANDKSTACK if (X86_TSC && !X86_64) |
40471 | + select PAX_SEGMEXEC if (X86_32) | |
40472 | + select PAX_PAGEEXEC | |
40473 | + select PAX_EMUPLT if (ALPHA || PARISC || SPARC32 || SPARC64) | |
40474 | + select PAX_EMUTRAMP if (PARISC) | |
40475 | + select PAX_EMUSIGRT if (PARISC) | |
40476 | + select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC) | |
40477 | + select PAX_REFCOUNT if (X86 || SPARC64) | |
40478 | + select PAX_USERCOPY if ((X86 || PPC32 || PPC64 || SPARC32 || SPARC64) && (SLAB || SLUB || SLOB)) | |
40479 | + help | |
40480 | + If you say Y here, many of the features of grsecurity will be | |
40481 | + enabled, which will protect you against many kinds of attacks | |
40482 | + against your system. The heightened security comes at a cost | |
40483 | + of an increased chance of incompatibilities with rare software | |
40484 | + on your machine. Since this security level enables PaX, you should | |
40485 | + view <http://pax.grsecurity.net> and read about the PaX | |
40486 | + project. While you are there, download chpax and run it on | |
40487 | + binaries that cause problems with PaX. Also remember that | |
40488 | + since the /proc restrictions are enabled, you must run your | |
40489 | + identd as gid 1001. This security level enables the following | |
40490 | + features in addition to those listed in the low and medium | |
40491 | + security levels: | |
40492 | + | |
40493 | + - Additional /proc restrictions | |
40494 | + - Chmod restrictions in chroot | |
40495 | + - No signals, ptrace, or viewing of processes outside of chroot | |
40496 | + - Capability restrictions in chroot | |
40497 | + - Deny fchdir out of chroot | |
40498 | + - Priority restrictions in chroot | |
40499 | + - Segmentation-based implementation of PaX | |
40500 | + - Mprotect restrictions | |
40501 | + - Removal of addresses from /proc/<pid>/[smaps|maps|stat] | |
40502 | + - Kernel stack randomization | |
40503 | + - Mount/unmount/remount logging | |
40504 | + - Kernel symbol hiding | |
40505 | + - Prevention of memory exhaustion-based exploits | |
40506 | + - Hardening of module auto-loading | |
40507 | + - Ptrace restrictions | |
ae4e228f | 40508 | + - Restricted vm86 mode |
58c5fc13 MT |
40509 | + |
40510 | +config GRKERNSEC_CUSTOM | |
40511 | + bool "Custom" | |
40512 | + help | |
40513 | + If you say Y here, you will be able to configure every grsecurity | |
40514 | + option, which allows you to enable many more features that aren't | |
40515 | + covered in the basic security levels. These additional features | |
40516 | + include TPE, socket restrictions, and the sysctl system for | |
40517 | + grsecurity. It is advised that you read through the help for | |
40518 | + each option to determine its usefulness in your situation. | |
40519 | + | |
40520 | +endchoice | |
40521 | + | |
40522 | +menu "Address Space Protection" | |
40523 | +depends on GRKERNSEC | |
40524 | + | |
40525 | +config GRKERNSEC_KMEM | |
40526 | + bool "Deny writing to /dev/kmem, /dev/mem, and /dev/port" | |
40527 | + help | |
40528 | + If you say Y here, /dev/kmem and /dev/mem won't be allowed to | |
40529 | + be written to via mmap or otherwise to modify the running kernel. | |
40530 | + /dev/port will also not be allowed to be opened. If you have module | |
40531 | + support disabled, enabling this will close up four ways that are | |
40532 | + currently used to insert malicious code into the running kernel. | |
40533 | + Even with all these features enabled, we still highly recommend that | |
40534 | + you use the RBAC system, as it is still possible for an attacker to | |
40535 | + modify the running kernel through privileged I/O granted by ioperm/iopl. | |
40536 | + If you are not using XFree86, you may be able to stop this additional | |
40537 | + case by enabling the 'Disable privileged I/O' option. Though nothing | |
40538 | + legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem, | |
40539 | + but only to video memory, which is the only writing we allow in this | |
40540 | + case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will | |
40541 | + not be allowed to mprotect it with PROT_WRITE later. | |
40542 | + It is highly recommended that you say Y here if you meet all the | |
40543 | + conditions above. | |
40544 | + | |
ae4e228f MT |
40545 | +config GRKERNSEC_VM86 |
40546 | + bool "Restrict VM86 mode" | |
40547 | + depends on X86_32 | |
40548 | + | |
40549 | + help | |
40550 | + If you say Y here, only processes with CAP_SYS_RAWIO will be able to | |
40551 | + make use of a special execution mode on 32bit x86 processors called | |
40552 | + Virtual 8086 (VM86) mode. XFree86 may need vm86 mode for certain | |
40553 | + video cards and will still work with this option enabled. The purpose | |
40554 | + of the option is to prevent exploitation of emulation errors in | |
40555 | + virtualization of vm86 mode like the one discovered in VMWare in 2009. | |
40556 | + Nearly all users should be able to enable this option. | |
40557 | + | |
58c5fc13 MT |
40558 | +config GRKERNSEC_IO |
40559 | + bool "Disable privileged I/O" | |
40560 | + depends on X86 | |
40561 | + select RTC_CLASS | |
40562 | + select RTC_INTF_DEV | |
40563 | + select RTC_DRV_CMOS | |
40564 | + | |
40565 | + help | |
40566 | + If you say Y here, all ioperm and iopl calls will return an error. | |
40567 | + Ioperm and iopl can be used to modify the running kernel. | |
40568 | + Unfortunately, some programs need this access to operate properly, | |
40569 | + the most notable of which are XFree86 and hwclock. hwclock can be | |
40570 | + remedied by having RTC support in the kernel, so real-time | |
40571 | + clock support is enabled if this option is enabled, to ensure | |
40572 | + that hwclock operates correctly. XFree86 still will not | |
40573 | + operate correctly with this option enabled, so DO NOT CHOOSE Y | |
40574 | + IF YOU USE XFree86. If you use XFree86 and you still want to | |
40575 | + protect your kernel against modification, use the RBAC system. | |
40576 | + | |
40577 | +config GRKERNSEC_PROC_MEMMAP | |
40578 | + bool "Remove addresses from /proc/<pid>/[smaps|maps|stat]" | |
40579 | + default y if (PAX_NOEXEC || PAX_ASLR) | |
40580 | + depends on PAX_NOEXEC || PAX_ASLR | |
40581 | + help | |
40582 | + If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will | |
40583 | + give no information about the addresses of its mappings if | |
40584 | + PaX features that rely on random addresses are enabled on the task. | |
40585 | + If you use PaX it is greatly recommended that you say Y here as it | |
40586 | + closes up a hole that makes the full ASLR useless for suid | |
40587 | + binaries. | |
40588 | + | |
40589 | +config GRKERNSEC_BRUTE | |
40590 | + bool "Deter exploit bruteforcing" | |
40591 | + help | |
40592 | + If you say Y here, attempts to bruteforce exploits against forking | |
40593 | + daemons such as apache or sshd will be deterred. When a child of a | |
40594 | + forking daemon is killed by PaX or crashes due to an illegal | |
40595 | + instruction, the parent process will be delayed 30 seconds upon every | |
40596 | + subsequent fork until the administrator is able to assess the | |
40597 | + situation and restart the daemon. It is recommended that you also | |
40598 | + enable signal logging in the auditing section so that logs are | |
40599 | + generated when a process performs an illegal instruction. | |
40600 | + | |
40601 | +config GRKERNSEC_MODHARDEN | |
40602 | + bool "Harden module auto-loading" | |
40603 | + depends on MODULES | |
40604 | + help | |
40605 | + If you say Y here, module auto-loading in response to use of some | |
40606 | + feature implemented by an unloaded module will be restricted to | |
40607 | + root users. Enabling this option helps defend against attacks | |
40608 | + by unprivileged users who abuse the auto-loading behavior to | |
40609 | + cause a vulnerable module to load that is then exploited. | |
40610 | + | |
40611 | + If this option prevents a legitimate use of auto-loading for a | |
40612 | + non-root user, the administrator can execute modprobe manually | |
40613 | + with the exact name of the module mentioned in the alert log. | |
40614 | + Alternatively, the administrator can add the module to the list | |
40615 | + of modules loaded at boot by modifying init scripts. | |
40616 | + | |
40617 | + Modification of init scripts will most likely be needed on | |
40618 | + Ubuntu servers with encrypted home directory support enabled, | |
40619 | + as the first non-root user logging in will cause the ecb(aes), | |
40620 | + ecb(aes)-all, cbc(aes), and cbc(aes)-all modules to be loaded. | |
40621 | + | |
40622 | +config GRKERNSEC_HIDESYM | |
40623 | + bool "Hide kernel symbols" | |
40624 | + help | |
40625 | + If you say Y here, getting information on loaded modules, and | |
40626 | + displaying all kernel symbols through a syscall will be restricted | |
40627 | + to users with CAP_SYS_MODULE. For software compatibility reasons, | |
40628 | + /proc/kallsyms will be restricted to the root user. The RBAC | |
40629 | + system can hide that entry even from root. Note that this option | |
40630 | + is only effective provided the following conditions are met: | |
40631 | + 1) The kernel using grsecurity is not precompiled by some distribution | |
40632 | + 2) You are using the RBAC system and hiding other files such as your | |
40633 | + kernel image and System.map. Alternatively, enabling this option | |
40634 | + causes the permissions on /boot, /lib/modules, and the kernel | |
40635 | + source directory to change at compile time to prevent | |
40636 | + reading by non-root users. | |
40637 | + If the above conditions are met, this option will aid in providing a | |
40638 | + useful protection against local kernel exploitation of overflows | |
40639 | + and arbitrary read/write vulnerabilities. | |
40640 | + | |
40641 | +endmenu | |
40642 | +menu "Role Based Access Control Options" | |
40643 | +depends on GRKERNSEC | |
40644 | + | |
40645 | +config GRKERNSEC_NO_RBAC | |
40646 | + bool "Disable RBAC system" | |
40647 | + help | |
40648 | + If you say Y here, the /dev/grsec device will be removed from the kernel, | |
40649 | + preventing the RBAC system from being enabled. You should only say Y | |
40650 | + here if you have no intention of using the RBAC system, so as to prevent | |
40651 | + an attacker with root access from misusing the RBAC system to hide files | |
40652 | + and processes when loadable module support and /dev/[k]mem have been | |
40653 | + locked down. | |
40654 | + | |
40655 | +config GRKERNSEC_ACL_HIDEKERN | |
40656 | + bool "Hide kernel processes" | |
40657 | + help | |
40658 | + If you say Y here, all kernel threads will be hidden to all | |
40659 | + processes but those whose subject has the "view hidden processes" | |
40660 | + flag. | |
40661 | + | |
40662 | +config GRKERNSEC_ACL_MAXTRIES | |
40663 | + int "Maximum tries before password lockout" | |
40664 | + default 3 | |
40665 | + help | |
40666 | + This option enforces the maximum number of times a user can attempt | |
40667 | + to authorize themselves with the grsecurity RBAC system before being | |
40668 | + denied the ability to attempt authorization again for a specified time. | |
40669 | + The lower the number, the harder it will be to brute-force a password. | |
40670 | + | |
40671 | +config GRKERNSEC_ACL_TIMEOUT | |
40672 | + int "Time to wait after max password tries, in seconds" | |
40673 | + default 30 | |
40674 | + help | |
40675 | + This option specifies the time the user must wait after attempting to | |
40676 | + authorize to the RBAC system with the maximum number of invalid | |
40677 | + passwords. The higher the number, the harder it will be to brute-force | |
40678 | + a password. | |
40679 | + | |
40680 | +endmenu | |
40681 | +menu "Filesystem Protections" | |
40682 | +depends on GRKERNSEC | |
40683 | + | |
40684 | +config GRKERNSEC_PROC | |
40685 | + bool "Proc restrictions" | |
40686 | + help | |
40687 | + If you say Y here, the permissions of the /proc filesystem | |
40688 | + will be altered to enhance system security and privacy. You MUST | |
40689 | + choose either a user only restriction or a user and group restriction. | |
40690 | + Depending upon the option you choose, you can either restrict users to | |
40691 | + see only the processes they themselves run, or choose a group that can | |
40692 | + view all processes and files normally restricted to root if you choose | |
40693 | + the "restrict to user only" option. NOTE: If you're running identd as | |
40694 | + a non-root user, you will have to run it as the group you specify here. | |
40695 | + | |
40696 | +config GRKERNSEC_PROC_USER | |
40697 | + bool "Restrict /proc to user only" | |
40698 | + depends on GRKERNSEC_PROC | |
40699 | + help | |
40700 | + If you say Y here, non-root users will only be able to view their own | |
40701 | + processes, and restricts them from viewing network-related information, | |
40702 | + and viewing kernel symbol and module information. | |
40703 | + | |
40704 | +config GRKERNSEC_PROC_USERGROUP | |
40705 | + bool "Allow special group" | |
40706 | + depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER | |
40707 | + help | |
40708 | + If you say Y here, you will be able to select a group that will be | |
40709 | + able to view all processes, network-related information, and | |
40710 | + kernel and symbol information. This option is useful if you want | |
40711 | + to run identd as a non-root user. | |
40712 | + | |
40713 | +config GRKERNSEC_PROC_GID | |
40714 | + int "GID for special group" | |
40715 | + depends on GRKERNSEC_PROC_USERGROUP | |
40716 | + default 1001 | |
40717 | + | |
40718 | +config GRKERNSEC_PROC_ADD | |
40719 | + bool "Additional restrictions" | |
40720 | + depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP | |
40721 | + help | |
40722 | + If you say Y here, additional restrictions will be placed on | |
40723 | + /proc that keep normal users from viewing device information and | |
40724 | + slabinfo information that could be useful for exploits. | |
40725 | + | |
40726 | +config GRKERNSEC_LINK | |
40727 | + bool "Linking restrictions" | |
40728 | + help | |
40729 | + If you say Y here, /tmp race exploits will be prevented, since users | |
40730 | + will no longer be able to follow symlinks owned by other users in | |
40731 | + world-writable +t directories (i.e. /tmp), unless the owner of the | |
40732 | + symlink is the owner of the directory. users will also not be | |
40733 | + able to hardlink to files they do not own. If the sysctl option is | |
40734 | + enabled, a sysctl option with name "linking_restrictions" is created. | |
40735 | + | |
40736 | +config GRKERNSEC_FIFO | |
40737 | + bool "FIFO restrictions" | |
40738 | + help | |
40739 | + If you say Y here, users will not be able to write to FIFOs they don't | |
40740 | + own in world-writable +t directories (i.e. /tmp), unless the owner of | |
40741 | + the FIFO is the same owner of the directory it's held in. If the sysctl | |
40742 | + option is enabled, a sysctl option with name "fifo_restrictions" is | |
40743 | + created. | |
40744 | + | |
ae4e228f MT |
40745 | +config GRKERNSEC_ROFS |
40746 | + bool "Runtime read-only mount protection" | |
40747 | + help | |
40748 | + If you say Y here, a sysctl option with name "romount_protect" will | |
40749 | + be created. By setting this option to 1 at runtime, filesystems | |
40750 | + will be protected in the following ways: | |
40751 | + * No new writable mounts will be allowed | |
40752 | + * Existing read-only mounts won't be able to be remounted read/write | |
40753 | + * Write operations will be denied on all block devices | |
40754 | + This option acts independently of grsec_lock: once it is set to 1, | |
40755 | + it cannot be turned off. Therefore, please be mindful of the resulting | |
40756 | + behavior if this option is enabled in an init script on a read-only | |
40757 | + filesystem. This feature is mainly intended for secure embedded systems. | |
40758 | + | |
58c5fc13 MT |
40759 | +config GRKERNSEC_CHROOT |
40760 | + bool "Chroot jail restrictions" | |
40761 | + help | |
40762 | + If you say Y here, you will be able to choose several options that will | |
40763 | + make breaking out of a chrooted jail much more difficult. If you | |
40764 | + encounter no software incompatibilities with the following options, it | |
40765 | + is recommended that you enable each one. | |
40766 | + | |
40767 | +config GRKERNSEC_CHROOT_MOUNT | |
40768 | + bool "Deny mounts" | |
40769 | + depends on GRKERNSEC_CHROOT | |
40770 | + help | |
40771 | + If you say Y here, processes inside a chroot will not be able to | |
40772 | + mount or remount filesystems. If the sysctl option is enabled, a | |
40773 | + sysctl option with name "chroot_deny_mount" is created. | |
40774 | + | |
40775 | +config GRKERNSEC_CHROOT_DOUBLE | |
40776 | + bool "Deny double-chroots" | |
40777 | + depends on GRKERNSEC_CHROOT | |
40778 | + help | |
40779 | + If you say Y here, processes inside a chroot will not be able to chroot | |
40780 | + again outside the chroot. This is a widely used method of breaking | |
40781 | + out of a chroot jail and should not be allowed. If the sysctl | |
40782 | + option is enabled, a sysctl option with name | |
40783 | + "chroot_deny_chroot" is created. | |
40784 | + | |
40785 | +config GRKERNSEC_CHROOT_PIVOT | |
40786 | + bool "Deny pivot_root in chroot" | |
40787 | + depends on GRKERNSEC_CHROOT | |
40788 | + help | |
40789 | + If you say Y here, processes inside a chroot will not be able to use | |
40790 | + a function called pivot_root() that was introduced in Linux 2.3.41. It | |
40791 | + works similar to chroot in that it changes the root filesystem. This | |
40792 | + function could be misused in a chrooted process to attempt to break out | |
40793 | + of the chroot, and therefore should not be allowed. If the sysctl | |
40794 | + option is enabled, a sysctl option with name "chroot_deny_pivot" is | |
40795 | + created. | |
40796 | + | |
40797 | +config GRKERNSEC_CHROOT_CHDIR | |
40798 | + bool "Enforce chdir(\"/\") on all chroots" | |
40799 | + depends on GRKERNSEC_CHROOT | |
40800 | + help | |
40801 | + If you say Y here, the current working directory of all newly-chrooted | |
40802 | + applications will be set to the the root directory of the chroot. | |
40803 | + The man page on chroot(2) states: | |
40804 | + Note that this call does not change the current working | |
40805 | + directory, so that `.' can be outside the tree rooted at | |
40806 | + `/'. In particular, the super-user can escape from a | |
40807 | + `chroot jail' by doing `mkdir foo; chroot foo; cd ..'. | |
40808 | + | |
40809 | + It is recommended that you say Y here, since it's not known to break | |
40810 | + any software. If the sysctl option is enabled, a sysctl option with | |
40811 | + name "chroot_enforce_chdir" is created. | |
40812 | + | |
40813 | +config GRKERNSEC_CHROOT_CHMOD | |
40814 | + bool "Deny (f)chmod +s" | |
40815 | + depends on GRKERNSEC_CHROOT | |
40816 | + help | |
40817 | + If you say Y here, processes inside a chroot will not be able to chmod | |
40818 | + or fchmod files to make them have suid or sgid bits. This protects | |
40819 | + against another published method of breaking a chroot. If the sysctl | |
40820 | + option is enabled, a sysctl option with name "chroot_deny_chmod" is | |
40821 | + created. | |
40822 | + | |
40823 | +config GRKERNSEC_CHROOT_FCHDIR | |
40824 | + bool "Deny fchdir out of chroot" | |
40825 | + depends on GRKERNSEC_CHROOT | |
40826 | + help | |
40827 | + If you say Y here, a well-known method of breaking chroots by fchdir'ing | |
40828 | + to a file descriptor of the chrooting process that points to a directory | |
40829 | + outside the filesystem will be stopped. If the sysctl option | |
40830 | + is enabled, a sysctl option with name "chroot_deny_fchdir" is created. | |
40831 | + | |
40832 | +config GRKERNSEC_CHROOT_MKNOD | |
40833 | + bool "Deny mknod" | |
40834 | + depends on GRKERNSEC_CHROOT | |
40835 | + help | |
40836 | + If you say Y here, processes inside a chroot will not be allowed to | |
40837 | + mknod. The problem with using mknod inside a chroot is that it | |
40838 | + would allow an attacker to create a device entry that is the same | |
40839 | + as one on the physical root of your system, which could range from | |
40840 | + anything from the console device to a device for your harddrive (which | |
40841 | + they could then use to wipe the drive or steal data). It is recommended | |
40842 | + that you say Y here, unless you run into software incompatibilities. | |
40843 | + If the sysctl option is enabled, a sysctl option with name | |
40844 | + "chroot_deny_mknod" is created. | |
40845 | + | |
40846 | +config GRKERNSEC_CHROOT_SHMAT | |
40847 | + bool "Deny shmat() out of chroot" | |
40848 | + depends on GRKERNSEC_CHROOT | |
40849 | + help | |
40850 | + If you say Y here, processes inside a chroot will not be able to attach | |
40851 | + to shared memory segments that were created outside of the chroot jail. | |
40852 | + It is recommended that you say Y here. If the sysctl option is enabled, | |
40853 | + a sysctl option with name "chroot_deny_shmat" is created. | |
40854 | + | |
40855 | +config GRKERNSEC_CHROOT_UNIX | |
40856 | + bool "Deny access to abstract AF_UNIX sockets out of chroot" | |
40857 | + depends on GRKERNSEC_CHROOT | |
40858 | + help | |
40859 | + If you say Y here, processes inside a chroot will not be able to | |
40860 | + connect to abstract (meaning not belonging to a filesystem) Unix | |
40861 | + domain sockets that were bound outside of a chroot. It is recommended | |
40862 | + that you say Y here. If the sysctl option is enabled, a sysctl option | |
40863 | + with name "chroot_deny_unix" is created. | |
40864 | + | |
40865 | +config GRKERNSEC_CHROOT_FINDTASK | |
40866 | + bool "Protect outside processes" | |
40867 | + depends on GRKERNSEC_CHROOT | |
40868 | + help | |
40869 | + If you say Y here, processes inside a chroot will not be able to | |
40870 | + kill, send signals with fcntl, ptrace, capget, getpgid, setpgid, | |
40871 | + getsid, or view any process outside of the chroot. If the sysctl | |
40872 | + option is enabled, a sysctl option with name "chroot_findtask" is | |
40873 | + created. | |
40874 | + | |
40875 | +config GRKERNSEC_CHROOT_NICE | |
40876 | + bool "Restrict priority changes" | |
40877 | + depends on GRKERNSEC_CHROOT | |
40878 | + help | |
40879 | + If you say Y here, processes inside a chroot will not be able to raise | |
40880 | + the priority of processes in the chroot, or alter the priority of | |
40881 | + processes outside the chroot. This provides more security than simply | |
40882 | + removing CAP_SYS_NICE from the process' capability set. If the | |
40883 | + sysctl option is enabled, a sysctl option with name "chroot_restrict_nice" | |
40884 | + is created. | |
40885 | + | |
40886 | +config GRKERNSEC_CHROOT_SYSCTL | |
40887 | + bool "Deny sysctl writes" | |
40888 | + depends on GRKERNSEC_CHROOT | |
40889 | + help | |
40890 | + If you say Y here, an attacker in a chroot will not be able to | |
40891 | + write to sysctl entries, either by sysctl(2) or through a /proc | |
40892 | + interface. It is strongly recommended that you say Y here. If the | |
40893 | + sysctl option is enabled, a sysctl option with name | |
40894 | + "chroot_deny_sysctl" is created. | |
40895 | + | |
40896 | +config GRKERNSEC_CHROOT_CAPS | |
40897 | + bool "Capability restrictions" | |
40898 | + depends on GRKERNSEC_CHROOT | |
40899 | + help | |
40900 | + If you say Y here, the capabilities on all root processes within a | |
40901 | + chroot jail will be lowered to stop module insertion, raw i/o, | |
40902 | + system and net admin tasks, rebooting the system, modifying immutable | |
40903 | + files, modifying IPC owned by another, and changing the system time. | |
40904 | + This is left an option because it can break some apps. Disable this | |
40905 | + if your chrooted apps are having problems performing those kinds of | |
40906 | + tasks. If the sysctl option is enabled, a sysctl option with | |
40907 | + name "chroot_caps" is created. | |
40908 | + | |
40909 | +endmenu | |
40910 | +menu "Kernel Auditing" | |
40911 | +depends on GRKERNSEC | |
40912 | + | |
40913 | +config GRKERNSEC_AUDIT_GROUP | |
40914 | + bool "Single group for auditing" | |
40915 | + help | |
40916 | + If you say Y here, the exec, chdir, and (un)mount logging features | |
40917 | + will only operate on a group you specify. This option is recommended | |
40918 | + if you only want to watch certain users instead of having a large | |
40919 | + amount of logs from the entire system. If the sysctl option is enabled, | |
40920 | + a sysctl option with name "audit_group" is created. | |
40921 | + | |
40922 | +config GRKERNSEC_AUDIT_GID | |
40923 | + int "GID for auditing" | |
40924 | + depends on GRKERNSEC_AUDIT_GROUP | |
40925 | + default 1007 | |
40926 | + | |
40927 | +config GRKERNSEC_EXECLOG | |
40928 | + bool "Exec logging" | |
40929 | + help | |
40930 | + If you say Y here, all execve() calls will be logged (since the | |
40931 | + other exec*() calls are frontends to execve(), all execution | |
40932 | + will be logged). Useful for shell-servers that like to keep track | |
40933 | + of their users. If the sysctl option is enabled, a sysctl option with | |
40934 | + name "exec_logging" is created. | |
40935 | + WARNING: This option when enabled will produce a LOT of logs, especially | |
40936 | + on an active system. | |
40937 | + | |
40938 | +config GRKERNSEC_RESLOG | |
40939 | + bool "Resource logging" | |
40940 | + help | |
40941 | + If you say Y here, all attempts to overstep resource limits will | |
40942 | + be logged with the resource name, the requested size, and the current | |
40943 | + limit. It is highly recommended that you say Y here. If the sysctl | |
40944 | + option is enabled, a sysctl option with name "resource_logging" is | |
40945 | + created. If the RBAC system is enabled, the sysctl value is ignored. | |
40946 | + | |
40947 | +config GRKERNSEC_CHROOT_EXECLOG | |
40948 | + bool "Log execs within chroot" | |
40949 | + help | |
40950 | + If you say Y here, all executions inside a chroot jail will be logged | |
40951 | + to syslog. This can cause a large amount of logs if certain | |
40952 | + applications (eg. djb's daemontools) are installed on the system, and | |
40953 | + is therefore left as an option. If the sysctl option is enabled, a | |
40954 | + sysctl option with name "chroot_execlog" is created. | |
40955 | + | |
ae4e228f MT |
40956 | +config GRKERNSEC_AUDIT_PTRACE |
40957 | + bool "Ptrace logging" | |
40958 | + help | |
40959 | + If you say Y here, all attempts to attach to a process via ptrace | |
40960 | + will be logged. If the sysctl option is enabled, a sysctl option | |
40961 | + with name "audit_ptrace" is created. | |
40962 | + | |
58c5fc13 MT |
40963 | +config GRKERNSEC_AUDIT_CHDIR |
40964 | + bool "Chdir logging" | |
40965 | + help | |
40966 | + If you say Y here, all chdir() calls will be logged. If the sysctl | |
40967 | + option is enabled, a sysctl option with name "audit_chdir" is created. | |
40968 | + | |
40969 | +config GRKERNSEC_AUDIT_MOUNT | |
40970 | + bool "(Un)Mount logging" | |
40971 | + help | |
40972 | + If you say Y here, all mounts and unmounts will be logged. If the | |
40973 | + sysctl option is enabled, a sysctl option with name "audit_mount" is | |
40974 | + created. | |
40975 | + | |
40976 | +config GRKERNSEC_SIGNAL | |
40977 | + bool "Signal logging" | |
40978 | + help | |
40979 | + If you say Y here, certain important signals will be logged, such as | |
40980 | + SIGSEGV, which will as a result inform you of when a error in a program | |
40981 | + occurred, which in some cases could mean a possible exploit attempt. | |
40982 | + If the sysctl option is enabled, a sysctl option with name | |
40983 | + "signal_logging" is created. | |
40984 | + | |
40985 | +config GRKERNSEC_FORKFAIL | |
40986 | + bool "Fork failure logging" | |
40987 | + help | |
40988 | + If you say Y here, all failed fork() attempts will be logged. | |
40989 | + This could suggest a fork bomb, or someone attempting to overstep | |
40990 | + their process limit. If the sysctl option is enabled, a sysctl option | |
40991 | + with name "forkfail_logging" is created. | |
40992 | + | |
40993 | +config GRKERNSEC_TIME | |
40994 | + bool "Time change logging" | |
40995 | + help | |
40996 | + If you say Y here, any changes of the system clock will be logged. | |
40997 | + If the sysctl option is enabled, a sysctl option with name | |
40998 | + "timechange_logging" is created. | |
40999 | + | |
41000 | +config GRKERNSEC_PROC_IPADDR | |
41001 | + bool "/proc/<pid>/ipaddr support" | |
41002 | + help | |
41003 | + If you say Y here, a new entry will be added to each /proc/<pid> | |
41004 | + directory that contains the IP address of the person using the task. | |
41005 | + The IP is carried across local TCP and AF_UNIX stream sockets. | |
41006 | + This information can be useful for IDS/IPSes to perform remote response | |
41007 | + to a local attack. The entry is readable by only the owner of the | |
41008 | + process (and root if he has CAP_DAC_OVERRIDE, which can be removed via | |
41009 | + the RBAC system), and thus does not create privacy concerns. | |
41010 | + | |
41011 | +config GRKERNSEC_AUDIT_TEXTREL | |
41012 | + bool 'ELF text relocations logging (READ HELP)' | |
41013 | + depends on PAX_MPROTECT | |
41014 | + help | |
41015 | + If you say Y here, text relocations will be logged with the filename | |
41016 | + of the offending library or binary. The purpose of the feature is | |
41017 | + to help Linux distribution developers get rid of libraries and | |
41018 | + binaries that need text relocations which hinder the future progress | |
41019 | + of PaX. Only Linux distribution developers should say Y here, and | |
41020 | + never on a production machine, as this option creates an information | |
41021 | + leak that could aid an attacker in defeating the randomization of | |
41022 | + a single memory region. If the sysctl option is enabled, a sysctl | |
41023 | + option with name "audit_textrel" is created. | |
41024 | + | |
41025 | +endmenu | |
41026 | + | |
41027 | +menu "Executable Protections" | |
41028 | +depends on GRKERNSEC | |
41029 | + | |
41030 | +config GRKERNSEC_EXECVE | |
41031 | + bool "Enforce RLIMIT_NPROC on execs" | |
41032 | + help | |
41033 | + If you say Y here, users with a resource limit on processes will | |
41034 | + have the value checked during execve() calls. The current system | |
41035 | + only checks the system limit during fork() calls. If the sysctl option | |
41036 | + is enabled, a sysctl option with name "execve_limiting" is created. | |
41037 | + | |
41038 | +config GRKERNSEC_DMESG | |
41039 | + bool "Dmesg(8) restriction" | |
41040 | + help | |
41041 | + If you say Y here, non-root users will not be able to use dmesg(8) | |
41042 | + to view up to the last 4kb of messages in the kernel's log buffer. | |
41043 | + If the sysctl option is enabled, a sysctl option with name "dmesg" is | |
41044 | + created. | |
41045 | + | |
41046 | +config GRKERNSEC_HARDEN_PTRACE | |
41047 | + bool "Deter ptrace-based process snooping" | |
41048 | + help | |
41049 | + If you say Y here, TTY sniffers and other malicious monitoring | |
41050 | + programs implemented through ptrace will be defeated. If you | |
41051 | + have been using the RBAC system, this option has already been | |
41052 | + enabled for several years for all users, with the ability to make | |
41053 | + fine-grained exceptions. | |
41054 | + | |
41055 | + This option only affects the ability of non-root users to ptrace | |
41056 | + processes that are not a descendent of the ptracing process. | |
41057 | + This means that strace ./binary and gdb ./binary will still work, | |
41058 | + but attaching to arbitrary processes will not. If the sysctl | |
41059 | + option is enabled, a sysctl option with name "harden_ptrace" is | |
41060 | + created. | |
41061 | + | |
41062 | +config GRKERNSEC_TPE | |
41063 | + bool "Trusted Path Execution (TPE)" | |
41064 | + help | |
41065 | + If you say Y here, you will be able to choose a gid to add to the | |
41066 | + supplementary groups of users you want to mark as "untrusted." | |
41067 | + These users will not be able to execute any files that are not in | |
41068 | + root-owned directories writable only by root. If the sysctl option | |
41069 | + is enabled, a sysctl option with name "tpe" is created. | |
41070 | + | |
41071 | +config GRKERNSEC_TPE_ALL | |
41072 | + bool "Partially restrict non-root users" | |
41073 | + depends on GRKERNSEC_TPE | |
41074 | + help | |
41075 | + If you say Y here, All non-root users other than the ones in the | |
41076 | + group specified in the main TPE option will only be allowed to | |
41077 | + execute files in directories they own that are not group or | |
41078 | + world-writable, or in directories owned by root and writable only by | |
41079 | + root. If the sysctl option is enabled, a sysctl option with name | |
41080 | + "tpe_restrict_all" is created. | |
41081 | + | |
41082 | +config GRKERNSEC_TPE_INVERT | |
41083 | + bool "Invert GID option" | |
41084 | + depends on GRKERNSEC_TPE | |
41085 | + help | |
41086 | + If you say Y here, the group you specify in the TPE configuration will | |
41087 | + decide what group TPE restrictions will be *disabled* for. This | |
41088 | + option is useful if you want TPE restrictions to be applied to most | |
41089 | + users on the system. | |
41090 | + | |
41091 | +config GRKERNSEC_TPE_GID | |
41092 | + int "GID for untrusted users" | |
41093 | + depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT | |
41094 | + default 1005 | |
41095 | + help | |
41096 | + If you have selected the "Invert GID option" above, setting this | |
41097 | + GID determines what group TPE restrictions will be *disabled* for. | |
41098 | + If you have not selected the "Invert GID option" above, setting this | |
41099 | + GID determines what group TPE restrictions will be *enabled* for. | |
41100 | + If the sysctl option is enabled, a sysctl option with name "tpe_gid" | |
41101 | + is created. | |
41102 | + | |
41103 | +config GRKERNSEC_TPE_GID | |
41104 | + int "GID for trusted users" | |
41105 | + depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT | |
41106 | + default 1005 | |
41107 | + help | |
41108 | + If you have selected the "Invert GID option" above, setting this | |
41109 | + GID determines what group TPE restrictions will be *disabled* for. | |
41110 | + If you have not selected the "Invert GID option" above, setting this | |
41111 | + GID determines what group TPE restrictions will be *enabled* for. | |
41112 | + If the sysctl option is enabled, a sysctl option with name "tpe_gid" | |
41113 | + is created. | |
41114 | + | |
41115 | +endmenu | |
41116 | +menu "Network Protections" | |
41117 | +depends on GRKERNSEC | |
41118 | + | |
41119 | +config GRKERNSEC_RANDNET | |
41120 | + bool "Larger entropy pools" | |
41121 | + help | |
41122 | + If you say Y here, the entropy pools used for many features of Linux | |
41123 | + and grsecurity will be doubled in size. Since several grsecurity | |
41124 | + features use additional randomness, it is recommended that you say Y | |
41125 | + here. Saying Y here has a similar effect as modifying | |
41126 | + /proc/sys/kernel/random/poolsize. | |
41127 | + | |
41128 | +config GRKERNSEC_BLACKHOLE | |
ae4e228f | 41129 | + bool "TCP/UDP blackhole and LAST_ACK DoS prevention" |
58c5fc13 MT |
41130 | + help |
41131 | + If you say Y here, neither TCP resets nor ICMP | |
41132 | + destination-unreachable packets will be sent in response to packets | |
41133 | + send to ports for which no associated listening process exists. | |
41134 | + This feature supports both IPV4 and IPV6 and exempts the | |
41135 | + loopback interface from blackholing. Enabling this feature | |
41136 | + makes a host more resilient to DoS attacks and reduces network | |
41137 | + visibility against scanners. | |
41138 | + | |
ae4e228f MT |
41139 | + The blackhole feature as-implemented is equivalent to the FreeBSD |
41140 | + blackhole feature, as prevents RST responses to all packets, not | |
41141 | + just SYNs. Under most application behavior this causes no | |
41142 | + problems, but applications (like haproxy) may not close certain | |
41143 | + connections in a way that cleanly terminates them on the remote | |
41144 | + end, leaving the remote host in LAST_ACK state. Because of this | |
41145 | + side-effect and to prevent intentional LAST_ACK DoSes, this | |
41146 | + feature also adds automatic mitigation against such attacks. | |
41147 | + The mitigation drastically reduces the amount of time a socket | |
41148 | + can spend in LAST_ACK state. If you're using haproxy and not | |
41149 | + all servers it connects to have this option enabled, consider | |
41150 | + disabling this feature on the haproxy host. | |
41151 | + | |
41152 | + If this option is enabled, two sysctl options with names | |
41153 | + "ip_blackhole" and "lastack_retries" will be created. | |
41154 | + While "ip_blackhole" takes the standard zero/non-zero on/off | |
41155 | + toggle, "lastack_retries" uses the same kinds of values as | |
41156 | + "tcp_retries1" and "tcp_retries2". The default value of 4 | |
41157 | + prevents a socket from lasting more than 45 seconds in LAST_ACK | |
41158 | + state. | |
41159 | + | |
58c5fc13 MT |
41160 | +config GRKERNSEC_SOCKET |
41161 | + bool "Socket restrictions" | |
41162 | + help | |
41163 | + If you say Y here, you will be able to choose from several options. | |
41164 | + If you assign a GID on your system and add it to the supplementary | |
41165 | + groups of users you want to restrict socket access to, this patch | |
41166 | + will perform up to three things, based on the option(s) you choose. | |
41167 | + | |
41168 | +config GRKERNSEC_SOCKET_ALL | |
41169 | + bool "Deny any sockets to group" | |
41170 | + depends on GRKERNSEC_SOCKET | |
41171 | + help | |
41172 | + If you say Y here, you will be able to choose a GID of whose users will | |
41173 | + be unable to connect to other hosts from your machine or run server | |
41174 | + applications from your machine. If the sysctl option is enabled, a | |
41175 | + sysctl option with name "socket_all" is created. | |
41176 | + | |
41177 | +config GRKERNSEC_SOCKET_ALL_GID | |
41178 | + int "GID to deny all sockets for" | |
41179 | + depends on GRKERNSEC_SOCKET_ALL | |
41180 | + default 1004 | |
41181 | + help | |
41182 | + Here you can choose the GID to disable socket access for. Remember to | |
41183 | + add the users you want socket access disabled for to the GID | |
41184 | + specified here. If the sysctl option is enabled, a sysctl option | |
41185 | + with name "socket_all_gid" is created. | |
41186 | + | |
41187 | +config GRKERNSEC_SOCKET_CLIENT | |
41188 | + bool "Deny client sockets to group" | |
41189 | + depends on GRKERNSEC_SOCKET | |
41190 | + help | |
41191 | + If you say Y here, you will be able to choose a GID of whose users will | |
41192 | + be unable to connect to other hosts from your machine, but will be | |
41193 | + able to run servers. If this option is enabled, all users in the group | |
41194 | + you specify will have to use passive mode when initiating ftp transfers | |
41195 | + from the shell on your machine. If the sysctl option is enabled, a | |
41196 | + sysctl option with name "socket_client" is created. | |
41197 | + | |
41198 | +config GRKERNSEC_SOCKET_CLIENT_GID | |
41199 | + int "GID to deny client sockets for" | |
41200 | + depends on GRKERNSEC_SOCKET_CLIENT | |
41201 | + default 1003 | |
41202 | + help | |
41203 | + Here you can choose the GID to disable client socket access for. | |
41204 | + Remember to add the users you want client socket access disabled for to | |
41205 | + the GID specified here. If the sysctl option is enabled, a sysctl | |
41206 | + option with name "socket_client_gid" is created. | |
41207 | + | |
41208 | +config GRKERNSEC_SOCKET_SERVER | |
41209 | + bool "Deny server sockets to group" | |
41210 | + depends on GRKERNSEC_SOCKET | |
41211 | + help | |
41212 | + If you say Y here, you will be able to choose a GID of whose users will | |
41213 | + be unable to run server applications from your machine. If the sysctl | |
41214 | + option is enabled, a sysctl option with name "socket_server" is created. | |
41215 | + | |
41216 | +config GRKERNSEC_SOCKET_SERVER_GID | |
41217 | + int "GID to deny server sockets for" | |
41218 | + depends on GRKERNSEC_SOCKET_SERVER | |
41219 | + default 1002 | |
41220 | + help | |
41221 | + Here you can choose the GID to disable server socket access for. | |
41222 | + Remember to add the users you want server socket access disabled for to | |
41223 | + the GID specified here. If the sysctl option is enabled, a sysctl | |
41224 | + option with name "socket_server_gid" is created. | |
41225 | + | |
41226 | +endmenu | |
41227 | +menu "Sysctl support" | |
41228 | +depends on GRKERNSEC && SYSCTL | |
41229 | + | |
41230 | +config GRKERNSEC_SYSCTL | |
41231 | + bool "Sysctl support" | |
41232 | + help | |
41233 | + If you say Y here, you will be able to change the options that | |
41234 | + grsecurity runs with at bootup, without having to recompile your | |
41235 | + kernel. You can echo values to files in /proc/sys/kernel/grsecurity | |
41236 | + to enable (1) or disable (0) various features. All the sysctl entries | |
41237 | + are mutable until the "grsec_lock" entry is set to a non-zero value. | |
41238 | + All features enabled in the kernel configuration are disabled at boot | |
41239 | + if you do not say Y to the "Turn on features by default" option. | |
41240 | + All options should be set at startup, and the grsec_lock entry should | |
41241 | + be set to a non-zero value after all the options are set. | |
41242 | + *THIS IS EXTREMELY IMPORTANT* | |
41243 | + | |
41244 | +config GRKERNSEC_SYSCTL_ON | |
41245 | + bool "Turn on features by default" | |
41246 | + depends on GRKERNSEC_SYSCTL | |
41247 | + help | |
41248 | + If you say Y here, instead of having all features enabled in the | |
41249 | + kernel configuration disabled at boot time, the features will be | |
41250 | + enabled at boot time. It is recommended you say Y here unless | |
41251 | + there is some reason you would want all sysctl-tunable features to | |
41252 | + be disabled by default. As mentioned elsewhere, it is important | |
41253 | + to enable the grsec_lock entry once you have finished modifying | |
41254 | + the sysctl entries. | |
41255 | + | |
41256 | +endmenu | |
41257 | +menu "Logging Options" | |
41258 | +depends on GRKERNSEC | |
41259 | + | |
41260 | +config GRKERNSEC_FLOODTIME | |
41261 | + int "Seconds in between log messages (minimum)" | |
41262 | + default 10 | |
41263 | + help | |
41264 | + This option allows you to enforce the number of seconds between | |
41265 | + grsecurity log messages. The default should be suitable for most | |
41266 | + people, however, if you choose to change it, choose a value small enough | |
41267 | + to allow informative logs to be produced, but large enough to | |
41268 | + prevent flooding. | |
41269 | + | |
41270 | +config GRKERNSEC_FLOODBURST | |
41271 | + int "Number of messages in a burst (maximum)" | |
41272 | + default 4 | |
41273 | + help | |
41274 | + This option allows you to choose the maximum number of messages allowed | |
41275 | + within the flood time interval you chose in a separate option. The | |
41276 | + default should be suitable for most people, however if you find that | |
41277 | + many of your logs are being interpreted as flooding, you may want to | |
41278 | + raise this value. | |
41279 | + | |
41280 | +endmenu | |
41281 | + | |
41282 | +endmenu | |
ae4e228f MT |
41283 | diff -urNp linux-2.6.33.1/grsecurity/Makefile linux-2.6.33.1/grsecurity/Makefile |
41284 | --- linux-2.6.33.1/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500 | |
41285 | +++ linux-2.6.33.1/grsecurity/Makefile 2010-03-20 16:58:41.900965882 -0400 | |
58c5fc13 MT |
41286 | @@ -0,0 +1,29 @@ |
41287 | +# grsecurity's ACL system was originally written in 2001 by Michael Dalton | |
41288 | +# during 2001-2009 it has been completely redesigned by Brad Spengler | |
41289 | +# into an RBAC system | |
41290 | +# | |
41291 | +# All code in this directory and various hooks inserted throughout the kernel | |
41292 | +# are copyright Brad Spengler - Open Source Security, Inc., and released | |
41293 | +# under the GPL v2 or higher | |
41294 | + | |
41295 | +obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \ | |
41296 | + grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \ | |
ae4e228f | 41297 | + grsec_time.o grsec_tpe.o grsec_link.o grsec_textrel.o grsec_ptrace.o |
58c5fc13 MT |
41298 | + |
41299 | +obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \ | |
41300 | + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \ | |
41301 | + gracl_learn.o grsec_log.o | |
41302 | +obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o | |
41303 | + | |
41304 | +ifndef CONFIG_GRKERNSEC | |
41305 | +obj-y += grsec_disabled.o | |
41306 | +endif | |
41307 | + | |
41308 | +ifdef CONFIG_GRKERNSEC_HIDESYM | |
41309 | +extra-y := grsec_hidesym.o | |
41310 | +$(obj)/grsec_hidesym.o: | |
41311 | + @-chmod -f 500 /boot | |
41312 | + @-chmod -f 500 /lib/modules | |
41313 | + @-chmod -f 700 . | |
41314 | + @echo ' grsec: protected kernel image paths' | |
41315 | +endif | |
ae4e228f MT |
41316 | diff -urNp linux-2.6.33.1/include/acpi/acpi_drivers.h linux-2.6.33.1/include/acpi/acpi_drivers.h |
41317 | --- linux-2.6.33.1/include/acpi/acpi_drivers.h 2010-03-15 12:09:39.000000000 -0400 | |
41318 | +++ linux-2.6.33.1/include/acpi/acpi_drivers.h 2010-03-20 16:58:41.900965882 -0400 | |
41319 | @@ -119,8 +119,8 @@ int acpi_processor_set_thermal_limit(acp | |
41320 | Dock Station | |
41321 | -------------------------------------------------------------------------- */ | |
41322 | struct acpi_dock_ops { | |
41323 | - acpi_notify_handler handler; | |
41324 | - acpi_notify_handler uevent; | |
41325 | + const acpi_notify_handler handler; | |
41326 | + const acpi_notify_handler uevent; | |
41327 | }; | |
58c5fc13 | 41328 | |
ae4e228f MT |
41329 | #if defined(CONFIG_ACPI_DOCK) || defined(CONFIG_ACPI_DOCK_MODULE) |
41330 | @@ -128,7 +128,7 @@ extern int is_dock_device(acpi_handle ha | |
41331 | extern int register_dock_notifier(struct notifier_block *nb); | |
41332 | extern void unregister_dock_notifier(struct notifier_block *nb); | |
41333 | extern int register_hotplug_dock_device(acpi_handle handle, | |
41334 | - struct acpi_dock_ops *ops, | |
41335 | + const struct acpi_dock_ops *ops, | |
41336 | void *context); | |
41337 | extern void unregister_hotplug_dock_device(acpi_handle handle); | |
41338 | #else | |
41339 | @@ -144,7 +144,7 @@ static inline void unregister_dock_notif | |
41340 | { | |
41341 | } | |
41342 | static inline int register_hotplug_dock_device(acpi_handle handle, | |
41343 | - struct acpi_dock_ops *ops, | |
41344 | + const struct acpi_dock_ops *ops, | |
41345 | void *context) | |
41346 | { | |
41347 | return -ENODEV; | |
41348 | diff -urNp linux-2.6.33.1/include/asm-generic/atomic-long.h linux-2.6.33.1/include/asm-generic/atomic-long.h | |
41349 | --- linux-2.6.33.1/include/asm-generic/atomic-long.h 2010-03-15 12:09:39.000000000 -0400 | |
41350 | +++ linux-2.6.33.1/include/asm-generic/atomic-long.h 2010-03-20 16:58:41.900965882 -0400 | |
41351 | @@ -22,6 +22,12 @@ | |
41352 | ||
41353 | typedef atomic64_t atomic_long_t; | |
41354 | ||
41355 | +#ifdef CONFIG_PAX_REFCOUNT | |
41356 | +typedef atomic64_unchecked_t atomic_long_unchecked_t; | |
41357 | +#else | |
41358 | +typedef atomic64_t atomic_long_unchecked_t; | |
41359 | +#endif | |
58c5fc13 | 41360 | + |
ae4e228f | 41361 | #define ATOMIC_LONG_INIT(i) ATOMIC64_INIT(i) |
58c5fc13 | 41362 | |
ae4e228f MT |
41363 | static inline long atomic_long_read(atomic_long_t *l) |
41364 | @@ -31,6 +37,15 @@ static inline long atomic_long_read(atom | |
41365 | return (long)atomic64_read(v); | |
41366 | } | |
41367 | ||
41368 | +#ifdef CONFIG_PAX_REFCOUNT | |
41369 | +static inline long atomic_long_read_unchecked(atomic_long_unchecked_t *l) | |
41370 | +{ | |
41371 | + atomic64_unchecked_t *v = (atomic64_unchecked_t *)l; | |
58c5fc13 | 41372 | + |
ae4e228f MT |
41373 | + return (long)atomic64_read_unchecked(v); |
41374 | +} | |
41375 | +#endif | |
41376 | + | |
41377 | static inline void atomic_long_set(atomic_long_t *l, long i) | |
41378 | { | |
41379 | atomic64_t *v = (atomic64_t *)l; | |
41380 | @@ -38,6 +53,15 @@ static inline void atomic_long_set(atomi | |
41381 | atomic64_set(v, i); | |
41382 | } | |
58c5fc13 | 41383 | |
ae4e228f MT |
41384 | +#ifdef CONFIG_PAX_REFCOUNT |
41385 | +static inline void atomic_long_set_unchecked(atomic_long_unchecked_t *l, long i) | |
41386 | +{ | |
41387 | + atomic64_unchecked_t *v = (atomic64_unchecked_t *)l; | |
41388 | + | |
41389 | + atomic64_set_unchecked(v, i); | |
41390 | +} | |
41391 | +#endif | |
41392 | + | |
41393 | static inline void atomic_long_inc(atomic_long_t *l) | |
41394 | { | |
41395 | atomic64_t *v = (atomic64_t *)l; | |
41396 | @@ -45,6 +69,15 @@ static inline void atomic_long_inc(atomi | |
41397 | atomic64_inc(v); | |
58c5fc13 MT |
41398 | } |
41399 | ||
ae4e228f MT |
41400 | +#ifdef CONFIG_PAX_REFCOUNT |
41401 | +static inline void atomic_long_inc_unchecked(atomic_long_unchecked_t *l) | |
58c5fc13 | 41402 | +{ |
ae4e228f MT |
41403 | + atomic64_unchecked_t *v = (atomic64_unchecked_t *)l; |
41404 | + | |
41405 | + atomic64_inc_unchecked(v); | |
58c5fc13 | 41406 | +} |
ae4e228f | 41407 | +#endif |
58c5fc13 | 41408 | + |
ae4e228f | 41409 | static inline void atomic_long_dec(atomic_long_t *l) |
58c5fc13 | 41410 | { |
ae4e228f MT |
41411 | atomic64_t *v = (atomic64_t *)l; |
41412 | @@ -59,6 +92,15 @@ static inline void atomic_long_add(long | |
41413 | atomic64_add(i, v); | |
58c5fc13 MT |
41414 | } |
41415 | ||
ae4e228f MT |
41416 | +#ifdef CONFIG_PAX_REFCOUNT |
41417 | +static inline void atomic_long_add_unchecked(long i, atomic_long_unchecked_t *l) | |
58c5fc13 | 41418 | +{ |
ae4e228f MT |
41419 | + atomic64_unchecked_t *v = (atomic64_unchecked_t *)l; |
41420 | + | |
41421 | + atomic64_add_unchecked(i, v); | |
58c5fc13 | 41422 | +} |
ae4e228f | 41423 | +#endif |
58c5fc13 | 41424 | + |
ae4e228f | 41425 | static inline void atomic_long_sub(long i, atomic_long_t *l) |
58c5fc13 | 41426 | { |
ae4e228f MT |
41427 | atomic64_t *v = (atomic64_t *)l; |
41428 | @@ -115,6 +157,15 @@ static inline long atomic_long_inc_retur | |
41429 | return (long)atomic64_inc_return(v); | |
58c5fc13 MT |
41430 | } |
41431 | ||
ae4e228f MT |
41432 | +#ifdef CONFIG_PAX_REFCOUNT |
41433 | +static inline long atomic_long_inc_return_unchecked(atomic_long_unchecked_t *l) | |
58c5fc13 | 41434 | +{ |
ae4e228f MT |
41435 | + atomic64_unchecked_t *v = (atomic64_unchecked_t *)l; |
41436 | + | |
41437 | + return (long)atomic64_inc_return_unchecked(v); | |
58c5fc13 | 41438 | +} |
ae4e228f | 41439 | +#endif |
58c5fc13 | 41440 | + |
ae4e228f MT |
41441 | static inline long atomic_long_dec_return(atomic_long_t *l) |
41442 | { | |
41443 | atomic64_t *v = (atomic64_t *)l; | |
41444 | @@ -140,6 +191,12 @@ static inline long atomic_long_add_unles | |
41445 | ||
41446 | typedef atomic_t atomic_long_t; | |
41447 | ||
41448 | +#ifdef CONFIG_PAX_REFCOUNT | |
41449 | +typedef atomic_unchecked_t atomic_long_unchecked_t; | |
41450 | +#else | |
41451 | +typedef atomic_t atomic_long_unchecked_t; | |
41452 | +#endif | |
41453 | + | |
41454 | #define ATOMIC_LONG_INIT(i) ATOMIC_INIT(i) | |
41455 | static inline long atomic_long_read(atomic_long_t *l) | |
41456 | { | |
41457 | @@ -148,6 +205,15 @@ static inline long atomic_long_read(atom | |
41458 | return (long)atomic_read(v); | |
41459 | } | |
41460 | ||
41461 | +#ifdef CONFIG_PAX_REFCOUNT | |
41462 | +static inline long atomic_long_read_unchecked(atomic_long_unchecked_t *l) | |
41463 | +{ | |
41464 | + atomic_unchecked_t *v = (atomic_unchecked_t *)l; | |
41465 | + | |
41466 | + return (long)atomic_read_unchecked(v); | |
41467 | +} | |
41468 | +#endif | |
41469 | + | |
41470 | static inline void atomic_long_set(atomic_long_t *l, long i) | |
41471 | { | |
41472 | atomic_t *v = (atomic_t *)l; | |
41473 | @@ -155,6 +221,15 @@ static inline void atomic_long_set(atomi | |
41474 | atomic_set(v, i); | |
41475 | } | |
41476 | ||
41477 | +#ifdef CONFIG_PAX_REFCOUNT | |
41478 | +static inline void atomic_long_set_unchecked(atomic_long_unchecked_t *l, long i) | |
41479 | +{ | |
41480 | + atomic_unchecked_t *v = (atomic_unchecked_t *)l; | |
41481 | + | |
41482 | + atomic_set_unchecked(v, i); | |
41483 | +} | |
41484 | +#endif | |
41485 | + | |
41486 | static inline void atomic_long_inc(atomic_long_t *l) | |
41487 | { | |
41488 | atomic_t *v = (atomic_t *)l; | |
41489 | @@ -162,6 +237,15 @@ static inline void atomic_long_inc(atomi | |
41490 | atomic_inc(v); | |
41491 | } | |
41492 | ||
41493 | +#ifdef CONFIG_PAX_REFCOUNT | |
41494 | +static inline void atomic_long_inc_unchecked(atomic_long_unchecked_t *l) | |
41495 | +{ | |
41496 | + atomic_unchecked_t *v = (atomic_unchecked_t *)l; | |
41497 | + | |
41498 | + atomic_inc_unchecked(v); | |
41499 | +} | |
41500 | +#endif | |
41501 | + | |
41502 | static inline void atomic_long_dec(atomic_long_t *l) | |
41503 | { | |
41504 | atomic_t *v = (atomic_t *)l; | |
41505 | @@ -176,6 +260,15 @@ static inline void atomic_long_add(long | |
41506 | atomic_add(i, v); | |
41507 | } | |
41508 | ||
41509 | +#ifdef CONFIG_PAX_REFCOUNT | |
41510 | +static inline void atomic_long_add_unchecked(long i, atomic_long_unchecked_t *l) | |
41511 | +{ | |
41512 | + atomic_unchecked_t *v = (atomic_unchecked_t *)l; | |
41513 | + | |
41514 | + atomic_add_unchecked(i, v); | |
41515 | +} | |
41516 | +#endif | |
41517 | + | |
41518 | static inline void atomic_long_sub(long i, atomic_long_t *l) | |
58c5fc13 | 41519 | { |
ae4e228f MT |
41520 | atomic_t *v = (atomic_t *)l; |
41521 | @@ -232,6 +325,15 @@ static inline long atomic_long_inc_retur | |
41522 | return (long)atomic_inc_return(v); | |
41523 | } | |
41524 | ||
41525 | +#ifdef CONFIG_PAX_REFCOUNT | |
41526 | +static inline long atomic_long_inc_return_unchecked(atomic_long_unchecked_t *l) | |
41527 | +{ | |
41528 | + atomic_unchecked_t *v = (atomic_unchecked_t *)l; | |
41529 | + | |
41530 | + return (long)atomic_inc_return_unchecked(v); | |
41531 | +} | |
41532 | +#endif | |
41533 | + | |
41534 | static inline long atomic_long_dec_return(atomic_long_t *l) | |
41535 | { | |
41536 | atomic_t *v = (atomic_t *)l; | |
41537 | @@ -255,4 +357,33 @@ static inline long atomic_long_add_unles | |
41538 | ||
41539 | #endif /* BITS_PER_LONG == 64 */ | |
41540 | ||
41541 | +#ifdef CONFIG_PAX_REFCOUNT | |
41542 | +static inline void pax_refcount_needs_these_functions(void) | |
41543 | +{ | |
41544 | + atomic_read_unchecked((atomic_unchecked_t *)NULL); | |
41545 | + atomic_set_unchecked((atomic_unchecked_t *)NULL, 0); | |
41546 | + atomic_add_unchecked(0, (atomic_unchecked_t *)NULL); | |
41547 | + atomic_sub_unchecked(0, (atomic_unchecked_t *)NULL); | |
41548 | + atomic_inc_unchecked((atomic_unchecked_t *)NULL); | |
41549 | + | |
41550 | + atomic_long_read_unchecked((atomic_long_unchecked_t *)NULL); | |
41551 | + atomic_long_set_unchecked((atomic_long_unchecked_t *)NULL, 0); | |
41552 | + atomic_long_add_unchecked(0, (atomic_long_unchecked_t *)NULL); | |
41553 | + atomic_long_inc_unchecked((atomic_long_unchecked_t *)NULL); | |
41554 | + atomic_long_inc_return_unchecked((atomic_long_unchecked_t *)NULL); | |
41555 | +} | |
41556 | +#else | |
41557 | +#define atomic_read_unchecked(v) atomic_read(v) | |
41558 | +#define atomic_set_unchecked(v, i) atomic_set((v), (i)) | |
41559 | +#define atomic_add_unchecked(i, v) atomic_add((i), (v)) | |
41560 | +#define atomic_sub_unchecked(i, v) atomic_sub((i), (v)) | |
41561 | +#define atomic_inc_unchecked(v) atomic_inc(v) | |
41562 | + | |
41563 | +#define atomic_long_read_unchecked(v) atomic_long_read(v) | |
41564 | +#define atomic_long_set_unchecked(v, i) atomic_long_set((v), (i)) | |
41565 | +#define atomic_long_add_unchecked(i, v) atomic_long_add((i), (v)) | |
41566 | +#define atomic_long_inc_unchecked(v) atomic_long_inc(v) | |
41567 | +#define atomic_long_inc_return_unchecked(v) atomic_long_inc_return(v) | |
41568 | +#endif | |
41569 | + | |
41570 | #endif /* _ASM_GENERIC_ATOMIC_LONG_H */ | |
41571 | diff -urNp linux-2.6.33.1/include/asm-generic/dma-mapping-common.h linux-2.6.33.1/include/asm-generic/dma-mapping-common.h | |
41572 | --- linux-2.6.33.1/include/asm-generic/dma-mapping-common.h 2010-03-15 12:09:39.000000000 -0400 | |
41573 | +++ linux-2.6.33.1/include/asm-generic/dma-mapping-common.h 2010-03-20 16:58:41.904583344 -0400 | |
41574 | @@ -11,7 +11,7 @@ static inline dma_addr_t dma_map_single_ | |
41575 | enum dma_data_direction dir, | |
41576 | struct dma_attrs *attrs) | |
41577 | { | |
41578 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
41579 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
41580 | dma_addr_t addr; | |
41581 | ||
41582 | kmemcheck_mark_initialized(ptr, size); | |
41583 | @@ -30,7 +30,7 @@ static inline void dma_unmap_single_attr | |
41584 | enum dma_data_direction dir, | |
41585 | struct dma_attrs *attrs) | |
41586 | { | |
41587 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
41588 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
41589 | ||
41590 | BUG_ON(!valid_dma_direction(dir)); | |
41591 | if (ops->unmap_page) | |
41592 | @@ -42,7 +42,7 @@ static inline int dma_map_sg_attrs(struc | |
41593 | int nents, enum dma_data_direction dir, | |
41594 | struct dma_attrs *attrs) | |
41595 | { | |
41596 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
41597 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
41598 | int i, ents; | |
41599 | struct scatterlist *s; | |
41600 | ||
41601 | @@ -59,7 +59,7 @@ static inline void dma_unmap_sg_attrs(st | |
41602 | int nents, enum dma_data_direction dir, | |
41603 | struct dma_attrs *attrs) | |
41604 | { | |
41605 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
41606 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
41607 | ||
41608 | BUG_ON(!valid_dma_direction(dir)); | |
41609 | debug_dma_unmap_sg(dev, sg, nents, dir); | |
41610 | @@ -71,7 +71,7 @@ static inline dma_addr_t dma_map_page(st | |
41611 | size_t offset, size_t size, | |
41612 | enum dma_data_direction dir) | |
41613 | { | |
41614 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
41615 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
41616 | dma_addr_t addr; | |
41617 | ||
41618 | kmemcheck_mark_initialized(page_address(page) + offset, size); | |
41619 | @@ -85,7 +85,7 @@ static inline dma_addr_t dma_map_page(st | |
41620 | static inline void dma_unmap_page(struct device *dev, dma_addr_t addr, | |
41621 | size_t size, enum dma_data_direction dir) | |
41622 | { | |
41623 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
41624 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
41625 | ||
41626 | BUG_ON(!valid_dma_direction(dir)); | |
41627 | if (ops->unmap_page) | |
41628 | @@ -97,7 +97,7 @@ static inline void dma_sync_single_for_c | |
41629 | size_t size, | |
41630 | enum dma_data_direction dir) | |
41631 | { | |
41632 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
41633 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
41634 | ||
41635 | BUG_ON(!valid_dma_direction(dir)); | |
41636 | if (ops->sync_single_for_cpu) | |
41637 | @@ -109,7 +109,7 @@ static inline void dma_sync_single_for_d | |
41638 | dma_addr_t addr, size_t size, | |
41639 | enum dma_data_direction dir) | |
41640 | { | |
41641 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
41642 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
41643 | ||
41644 | BUG_ON(!valid_dma_direction(dir)); | |
41645 | if (ops->sync_single_for_device) | |
41646 | @@ -123,7 +123,7 @@ static inline void dma_sync_single_range | |
41647 | size_t size, | |
41648 | enum dma_data_direction dir) | |
41649 | { | |
41650 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
41651 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
41652 | ||
41653 | BUG_ON(!valid_dma_direction(dir)); | |
41654 | if (ops->sync_single_range_for_cpu) { | |
41655 | @@ -140,7 +140,7 @@ static inline void dma_sync_single_range | |
41656 | size_t size, | |
41657 | enum dma_data_direction dir) | |
41658 | { | |
41659 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
41660 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
41661 | ||
41662 | BUG_ON(!valid_dma_direction(dir)); | |
41663 | if (ops->sync_single_range_for_device) { | |
41664 | @@ -155,7 +155,7 @@ static inline void | |
41665 | dma_sync_sg_for_cpu(struct device *dev, struct scatterlist *sg, | |
41666 | int nelems, enum dma_data_direction dir) | |
41667 | { | |
41668 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
41669 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
41670 | ||
41671 | BUG_ON(!valid_dma_direction(dir)); | |
41672 | if (ops->sync_sg_for_cpu) | |
41673 | @@ -167,7 +167,7 @@ static inline void | |
41674 | dma_sync_sg_for_device(struct device *dev, struct scatterlist *sg, | |
41675 | int nelems, enum dma_data_direction dir) | |
41676 | { | |
41677 | - struct dma_map_ops *ops = get_dma_ops(dev); | |
41678 | + const struct dma_map_ops *ops = get_dma_ops(dev); | |
41679 | ||
41680 | BUG_ON(!valid_dma_direction(dir)); | |
41681 | if (ops->sync_sg_for_device) | |
41682 | diff -urNp linux-2.6.33.1/include/asm-generic/futex.h linux-2.6.33.1/include/asm-generic/futex.h | |
41683 | --- linux-2.6.33.1/include/asm-generic/futex.h 2010-03-15 12:09:39.000000000 -0400 | |
41684 | +++ linux-2.6.33.1/include/asm-generic/futex.h 2010-03-20 16:58:41.904583344 -0400 | |
58c5fc13 MT |
41685 | @@ -6,7 +6,7 @@ |
41686 | #include <asm/errno.h> | |
41687 | ||
41688 | static inline int | |
41689 | -futex_atomic_op_inuser (int encoded_op, int __user *uaddr) | |
41690 | +futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr) | |
41691 | { | |
41692 | int op = (encoded_op >> 28) & 7; | |
41693 | int cmp = (encoded_op >> 24) & 15; | |
41694 | @@ -48,7 +48,7 @@ futex_atomic_op_inuser (int encoded_op, | |
41695 | } | |
41696 | ||
41697 | static inline int | |
41698 | -futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, int newval) | |
41699 | +futex_atomic_cmpxchg_inatomic(u32 __user *uaddr, int oldval, int newval) | |
41700 | { | |
41701 | return -ENOSYS; | |
41702 | } | |
ae4e228f MT |
41703 | diff -urNp linux-2.6.33.1/include/asm-generic/int-l64.h linux-2.6.33.1/include/asm-generic/int-l64.h |
41704 | --- linux-2.6.33.1/include/asm-generic/int-l64.h 2010-03-15 12:09:39.000000000 -0400 | |
41705 | +++ linux-2.6.33.1/include/asm-generic/int-l64.h 2010-03-20 16:58:41.904583344 -0400 | |
58c5fc13 MT |
41706 | @@ -46,6 +46,8 @@ typedef unsigned int u32; |
41707 | typedef signed long s64; | |
41708 | typedef unsigned long u64; | |
41709 | ||
41710 | +typedef unsigned int intoverflow_t __attribute__ ((mode(TI))); | |
41711 | + | |
41712 | #define S8_C(x) x | |
41713 | #define U8_C(x) x ## U | |
41714 | #define S16_C(x) x | |
ae4e228f MT |
41715 | diff -urNp linux-2.6.33.1/include/asm-generic/int-ll64.h linux-2.6.33.1/include/asm-generic/int-ll64.h |
41716 | --- linux-2.6.33.1/include/asm-generic/int-ll64.h 2010-03-15 12:09:39.000000000 -0400 | |
41717 | +++ linux-2.6.33.1/include/asm-generic/int-ll64.h 2010-03-20 16:58:41.904583344 -0400 | |
58c5fc13 MT |
41718 | @@ -51,6 +51,8 @@ typedef unsigned int u32; |
41719 | typedef signed long long s64; | |
41720 | typedef unsigned long long u64; | |
41721 | ||
41722 | +typedef unsigned long long intoverflow_t; | |
41723 | + | |
41724 | #define S8_C(x) x | |
41725 | #define U8_C(x) x ## U | |
41726 | #define S16_C(x) x | |
ae4e228f MT |
41727 | diff -urNp linux-2.6.33.1/include/asm-generic/kmap_types.h linux-2.6.33.1/include/asm-generic/kmap_types.h |
41728 | --- linux-2.6.33.1/include/asm-generic/kmap_types.h 2010-03-15 12:09:39.000000000 -0400 | |
41729 | +++ linux-2.6.33.1/include/asm-generic/kmap_types.h 2010-03-20 16:58:41.904583344 -0400 | |
41730 | @@ -28,7 +28,8 @@ KMAP_D(15) KM_UML_USERCOPY, | |
41731 | KMAP_D(16) KM_IRQ_PTE, | |
41732 | KMAP_D(17) KM_NMI, | |
41733 | KMAP_D(18) KM_NMI_PTE, | |
41734 | -KMAP_D(19) KM_TYPE_NR | |
41735 | +KMAP_D(19) KM_CLEARPAGE, | |
41736 | +KMAP_D(20) KM_TYPE_NR | |
58c5fc13 MT |
41737 | }; |
41738 | ||
ae4e228f MT |
41739 | #undef KMAP_D |
41740 | diff -urNp linux-2.6.33.1/include/asm-generic/pgtable.h linux-2.6.33.1/include/asm-generic/pgtable.h | |
41741 | --- linux-2.6.33.1/include/asm-generic/pgtable.h 2010-03-15 12:09:39.000000000 -0400 | |
41742 | +++ linux-2.6.33.1/include/asm-generic/pgtable.h 2010-03-20 16:58:41.904583344 -0400 | |
41743 | @@ -344,6 +344,14 @@ extern void untrack_pfn_vma(struct vm_ar | |
41744 | unsigned long size); | |
41745 | #endif | |
41746 | ||
41747 | +#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL | |
41748 | +static inline unsigned long pax_open_kernel(void) { return 0; } | |
41749 | +#endif | |
41750 | + | |
41751 | +#ifndef __HAVE_ARCH_PAX_CLOSE_KERNEL | |
41752 | +static inline unsigned long pax_close_kernel(void) { return 0; } | |
41753 | +#endif | |
41754 | + | |
41755 | #endif /* !__ASSEMBLY__ */ | |
41756 | ||
41757 | #endif /* _ASM_GENERIC_PGTABLE_H */ | |
41758 | diff -urNp linux-2.6.33.1/include/asm-generic/vmlinux.lds.h linux-2.6.33.1/include/asm-generic/vmlinux.lds.h | |
41759 | --- linux-2.6.33.1/include/asm-generic/vmlinux.lds.h 2010-03-15 12:09:39.000000000 -0400 | |
41760 | +++ linux-2.6.33.1/include/asm-generic/vmlinux.lds.h 2010-03-20 16:58:41.904583344 -0400 | |
41761 | @@ -203,6 +203,7 @@ | |
58c5fc13 MT |
41762 | .rodata : AT(ADDR(.rodata) - LOAD_OFFSET) { \ |
41763 | VMLINUX_SYMBOL(__start_rodata) = .; \ | |
41764 | *(.rodata) *(.rodata.*) \ | |
41765 | + *(.data.read_only) \ | |
41766 | *(__vermagic) /* Kernel version magic */ \ | |
41767 | *(__markers_strings) /* Markers: strings */ \ | |
41768 | *(__tracepoints_strings)/* Tracepoints: strings */ \ | |
ae4e228f | 41769 | @@ -660,22 +661,24 @@ |
58c5fc13 MT |
41770 | * section in the linker script will go there too. @phdr should have |
41771 | * a leading colon. | |
41772 | * | |
41773 | - * Note that this macros defines __per_cpu_load as an absolute symbol. | |
41774 | + * Note that this macros defines per_cpu_load as an absolute symbol. | |
41775 | * If there is no need to put the percpu section at a predetermined | |
41776 | * address, use PERCPU(). | |
41777 | */ | |
41778 | #define PERCPU_VADDR(vaddr, phdr) \ | |
41779 | - VMLINUX_SYMBOL(__per_cpu_load) = .; \ | |
41780 | - .data.percpu vaddr : AT(VMLINUX_SYMBOL(__per_cpu_load) \ | |
41781 | + per_cpu_load = .; \ | |
41782 | + .data.percpu vaddr : AT(VMLINUX_SYMBOL(per_cpu_load) \ | |
41783 | - LOAD_OFFSET) { \ | |
41784 | + VMLINUX_SYMBOL(__per_cpu_load) = . + per_cpu_load; \ | |
41785 | VMLINUX_SYMBOL(__per_cpu_start) = .; \ | |
41786 | *(.data.percpu.first) \ | |
41787 | - *(.data.percpu.page_aligned) \ | |
41788 | *(.data.percpu) \ | |
41789 | + . = ALIGN(PAGE_SIZE); \ | |
41790 | + *(.data.percpu.page_aligned) \ | |
41791 | *(.data.percpu.shared_aligned) \ | |
41792 | VMLINUX_SYMBOL(__per_cpu_end) = .; \ | |
41793 | } phdr \ | |
41794 | - . = VMLINUX_SYMBOL(__per_cpu_load) + SIZEOF(.data.percpu); | |
41795 | + . = VMLINUX_SYMBOL(per_cpu_load) + SIZEOF(.data.percpu); | |
41796 | ||
41797 | /** | |
41798 | * PERCPU - define output section for percpu area, simple version | |
ae4e228f MT |
41799 | diff -urNp linux-2.6.33.1/include/drm/drm_pciids.h linux-2.6.33.1/include/drm/drm_pciids.h |
41800 | --- linux-2.6.33.1/include/drm/drm_pciids.h 2010-03-15 12:09:39.000000000 -0400 | |
41801 | +++ linux-2.6.33.1/include/drm/drm_pciids.h 2010-03-20 16:58:41.904583344 -0400 | |
58c5fc13 MT |
41802 | @@ -375,7 +375,7 @@ |
41803 | {0x1002, 0x9712, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS880|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ | |
41804 | {0x1002, 0x9713, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS880|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ | |
41805 | {0x1002, 0x9714, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS880|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ | |
41806 | - {0, 0, 0} | |
41807 | + {0, 0, 0, 0, 0, 0} | |
41808 | ||
41809 | #define r128_PCI_IDS \ | |
41810 | {0x1002, 0x4c45, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41811 | @@ -415,14 +415,14 @@ | |
41812 | {0x1002, 0x5446, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41813 | {0x1002, 0x544C, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41814 | {0x1002, 0x5452, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41815 | - {0, 0, 0} | |
41816 | + {0, 0, 0, 0, 0, 0} | |
41817 | ||
41818 | #define mga_PCI_IDS \ | |
41819 | {0x102b, 0x0520, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G200}, \ | |
41820 | {0x102b, 0x0521, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G200}, \ | |
41821 | {0x102b, 0x0525, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G400}, \ | |
41822 | {0x102b, 0x2527, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G550}, \ | |
41823 | - {0, 0, 0} | |
41824 | + {0, 0, 0, 0, 0, 0} | |
41825 | ||
41826 | #define mach64_PCI_IDS \ | |
41827 | {0x1002, 0x4749, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41828 | @@ -445,7 +445,7 @@ | |
41829 | {0x1002, 0x4c53, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41830 | {0x1002, 0x4c4d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41831 | {0x1002, 0x4c4e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41832 | - {0, 0, 0} | |
41833 | + {0, 0, 0, 0, 0, 0} | |
41834 | ||
41835 | #define sisdrv_PCI_IDS \ | |
41836 | {0x1039, 0x0300, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41837 | @@ -456,7 +456,7 @@ | |
41838 | {0x1039, 0x7300, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41839 | {0x18CA, 0x0040, PCI_ANY_ID, PCI_ANY_ID, 0, 0, SIS_CHIP_315}, \ | |
41840 | {0x18CA, 0x0042, PCI_ANY_ID, PCI_ANY_ID, 0, 0, SIS_CHIP_315}, \ | |
41841 | - {0, 0, 0} | |
41842 | + {0, 0, 0, 0, 0, 0} | |
41843 | ||
41844 | #define tdfx_PCI_IDS \ | |
41845 | {0x121a, 0x0003, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41846 | @@ -465,7 +465,7 @@ | |
41847 | {0x121a, 0x0007, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41848 | {0x121a, 0x0009, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41849 | {0x121a, 0x000b, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41850 | - {0, 0, 0} | |
41851 | + {0, 0, 0, 0, 0, 0} | |
41852 | ||
41853 | #define viadrv_PCI_IDS \ | |
41854 | {0x1106, 0x3022, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41855 | @@ -477,14 +477,14 @@ | |
41856 | {0x1106, 0x3343, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41857 | {0x1106, 0x3230, PCI_ANY_ID, PCI_ANY_ID, 0, 0, VIA_DX9_0}, \ | |
41858 | {0x1106, 0x3157, PCI_ANY_ID, PCI_ANY_ID, 0, 0, VIA_PRO_GROUP_A}, \ | |
41859 | - {0, 0, 0} | |
41860 | + {0, 0, 0, 0, 0, 0} | |
41861 | ||
41862 | #define i810_PCI_IDS \ | |
41863 | {0x8086, 0x7121, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41864 | {0x8086, 0x7123, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41865 | {0x8086, 0x7125, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41866 | {0x8086, 0x1132, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41867 | - {0, 0, 0} | |
41868 | + {0, 0, 0, 0, 0, 0} | |
41869 | ||
41870 | #define i830_PCI_IDS \ | |
41871 | {0x8086, 0x3577, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41872 | @@ -492,11 +492,11 @@ | |
41873 | {0x8086, 0x3582, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41874 | {0x8086, 0x2572, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41875 | {0x8086, 0x358e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41876 | - {0, 0, 0} | |
41877 | + {0, 0, 0, 0, 0, 0} | |
41878 | ||
41879 | #define gamma_PCI_IDS \ | |
41880 | {0x3d3d, 0x0008, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \ | |
41881 | - {0, 0, 0} | |
41882 | + {0, 0, 0, 0, 0, 0} | |
41883 | ||
41884 | #define savage_PCI_IDS \ | |
41885 | {0x5333, 0x8a20, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_SAVAGE3D}, \ | |
41886 | @@ -522,10 +522,10 @@ | |
41887 | {0x5333, 0x8d02, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_TWISTER}, \ | |
41888 | {0x5333, 0x8d03, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_PROSAVAGEDDR}, \ | |
41889 | {0x5333, 0x8d04, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_PROSAVAGEDDR}, \ | |
41890 | - {0, 0, 0} | |
41891 | + {0, 0, 0, 0, 0, 0} | |
41892 | ||
41893 | #define ffb_PCI_IDS \ | |
41894 | - {0, 0, 0} | |
41895 | + {0, 0, 0, 0, 0, 0} | |
41896 | ||
41897 | #define i915_PCI_IDS \ | |
41898 | {0x8086, 0x3577, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \ | |
ae4e228f | 41899 | @@ -558,4 +558,4 @@ |
58c5fc13 MT |
41900 | {0x8086, 0x35e8, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \ |
41901 | {0x8086, 0x0042, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \ | |
41902 | {0x8086, 0x0046, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \ | |
41903 | - {0, 0, 0} | |
41904 | + {0, 0, 0, 0, 0, 0} | |
ae4e228f MT |
41905 | diff -urNp linux-2.6.33.1/include/drm/drmP.h linux-2.6.33.1/include/drm/drmP.h |
41906 | --- linux-2.6.33.1/include/drm/drmP.h 2010-03-15 12:09:39.000000000 -0400 | |
41907 | +++ linux-2.6.33.1/include/drm/drmP.h 2010-03-20 16:58:41.904583344 -0400 | |
41908 | @@ -806,7 +806,7 @@ struct drm_driver { | |
41909 | void (*vgaarb_irq)(struct drm_device *dev, bool state); | |
58c5fc13 MT |
41910 | |
41911 | /* Driver private ops for this object */ | |
41912 | - struct vm_operations_struct *gem_vm_ops; | |
41913 | + const struct vm_operations_struct *gem_vm_ops; | |
41914 | ||
41915 | int major; | |
41916 | int minor; | |
ae4e228f | 41917 | @@ -915,7 +915,7 @@ struct drm_device { |
58c5fc13 MT |
41918 | |
41919 | /** \name Usage Counters */ | |
41920 | /*@{ */ | |
41921 | - int open_count; /**< Outstanding files open */ | |
41922 | + atomic_t open_count; /**< Outstanding files open */ | |
41923 | atomic_t ioctl_count; /**< Outstanding IOCTLs pending */ | |
41924 | atomic_t vma_count; /**< Outstanding vma areas open */ | |
41925 | int buf_use; /**< Buffers in use -- cannot alloc */ | |
ae4e228f | 41926 | @@ -926,7 +926,7 @@ struct drm_device { |
58c5fc13 MT |
41927 | /*@{ */ |
41928 | unsigned long counters; | |
41929 | enum drm_stat_type types[15]; | |
41930 | - atomic_t counts[15]; | |
41931 | + atomic_unchecked_t counts[15]; | |
41932 | /*@} */ | |
41933 | ||
41934 | struct list_head filelist; | |
ae4e228f MT |
41935 | diff -urNp linux-2.6.33.1/include/linux/a.out.h linux-2.6.33.1/include/linux/a.out.h |
41936 | --- linux-2.6.33.1/include/linux/a.out.h 2010-03-15 12:09:39.000000000 -0400 | |
41937 | +++ linux-2.6.33.1/include/linux/a.out.h 2010-03-20 16:58:41.904583344 -0400 | |
58c5fc13 MT |
41938 | @@ -39,6 +39,14 @@ enum machine_type { |
41939 | M_MIPS2 = 152 /* MIPS R6000/R4000 binary */ | |
41940 | }; | |
41941 | ||
41942 | +/* Constants for the N_FLAGS field */ | |
41943 | +#define F_PAX_PAGEEXEC 1 /* Paging based non-executable pages */ | |
41944 | +#define F_PAX_EMUTRAMP 2 /* Emulate trampolines */ | |
41945 | +#define F_PAX_MPROTECT 4 /* Restrict mprotect() */ | |
41946 | +#define F_PAX_RANDMMAP 8 /* Randomize mmap() base */ | |
41947 | +/*#define F_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */ | |
41948 | +#define F_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */ | |
41949 | + | |
41950 | #if !defined (N_MAGIC) | |
41951 | #define N_MAGIC(exec) ((exec).a_info & 0xffff) | |
41952 | #endif | |
ae4e228f MT |
41953 | diff -urNp linux-2.6.33.1/include/linux/atmdev.h linux-2.6.33.1/include/linux/atmdev.h |
41954 | --- linux-2.6.33.1/include/linux/atmdev.h 2010-03-15 12:09:39.000000000 -0400 | |
41955 | +++ linux-2.6.33.1/include/linux/atmdev.h 2010-03-20 16:58:41.904583344 -0400 | |
58c5fc13 MT |
41956 | @@ -237,7 +237,7 @@ struct compat_atm_iobuf { |
41957 | #endif | |
41958 | ||
41959 | struct k_atm_aal_stats { | |
41960 | -#define __HANDLE_ITEM(i) atomic_t i | |
41961 | +#define __HANDLE_ITEM(i) atomic_unchecked_t i | |
41962 | __AAL_STAT_ITEMS | |
41963 | #undef __HANDLE_ITEM | |
41964 | }; | |
ae4e228f MT |
41965 | diff -urNp linux-2.6.33.1/include/linux/binfmts.h linux-2.6.33.1/include/linux/binfmts.h |
41966 | --- linux-2.6.33.1/include/linux/binfmts.h 2010-03-15 12:09:39.000000000 -0400 | |
41967 | +++ linux-2.6.33.1/include/linux/binfmts.h 2010-03-20 16:58:41.904583344 -0400 | |
41968 | @@ -86,6 +86,7 @@ struct linux_binfmt { | |
58c5fc13 MT |
41969 | int (*load_binary)(struct linux_binprm *, struct pt_regs * regs); |
41970 | int (*load_shlib)(struct file *); | |
ae4e228f | 41971 | int (*core_dump)(struct coredump_params *cprm); |
58c5fc13 MT |
41972 | + void (*handle_mprotect)(struct vm_area_struct *vma, unsigned long newflags); |
41973 | unsigned long min_coredump; /* minimal dump size */ | |
41974 | int hasvdso; | |
41975 | }; | |
ae4e228f MT |
41976 | diff -urNp linux-2.6.33.1/include/linux/blkdev.h linux-2.6.33.1/include/linux/blkdev.h |
41977 | --- linux-2.6.33.1/include/linux/blkdev.h 2010-03-15 12:09:39.000000000 -0400 | |
41978 | +++ linux-2.6.33.1/include/linux/blkdev.h 2010-03-20 16:58:41.908542968 -0400 | |
41979 | @@ -1287,19 +1287,19 @@ static inline int blk_integrity_rq(struc | |
41980 | #endif /* CONFIG_BLK_DEV_INTEGRITY */ | |
41981 | ||
41982 | struct block_device_operations { | |
41983 | - int (*open) (struct block_device *, fmode_t); | |
41984 | - int (*release) (struct gendisk *, fmode_t); | |
41985 | - int (*locked_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long); | |
41986 | - int (*ioctl) (struct block_device *, fmode_t, unsigned, unsigned long); | |
41987 | - int (*compat_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long); | |
41988 | - int (*direct_access) (struct block_device *, sector_t, | |
41989 | + int (* const open) (struct block_device *, fmode_t); | |
41990 | + int (* const release) (struct gendisk *, fmode_t); | |
41991 | + int (* const locked_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long); | |
41992 | + int (* const ioctl) (struct block_device *, fmode_t, unsigned, unsigned long); | |
41993 | + int (* const compat_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long); | |
41994 | + int (* const direct_access) (struct block_device *, sector_t, | |
41995 | void **, unsigned long *); | |
41996 | - int (*media_changed) (struct gendisk *); | |
41997 | - unsigned long long (*set_capacity) (struct gendisk *, | |
41998 | + int (* const media_changed) (struct gendisk *); | |
41999 | + unsigned long long (* const set_capacity) (struct gendisk *, | |
42000 | unsigned long long); | |
42001 | - int (*revalidate_disk) (struct gendisk *); | |
42002 | - int (*getgeo)(struct block_device *, struct hd_geometry *); | |
42003 | - struct module *owner; | |
42004 | + int (* const revalidate_disk) (struct gendisk *); | |
42005 | + int (* const getgeo)(struct block_device *, struct hd_geometry *); | |
42006 | + struct module * const owner; | |
42007 | }; | |
42008 | ||
42009 | extern int __blkdev_driver_ioctl(struct block_device *, fmode_t, unsigned int, | |
42010 | diff -urNp linux-2.6.33.1/include/linux/cache.h linux-2.6.33.1/include/linux/cache.h | |
42011 | --- linux-2.6.33.1/include/linux/cache.h 2010-03-15 12:09:39.000000000 -0400 | |
42012 | +++ linux-2.6.33.1/include/linux/cache.h 2010-03-20 16:58:41.908542968 -0400 | |
58c5fc13 MT |
42013 | @@ -16,6 +16,10 @@ |
42014 | #define __read_mostly | |
42015 | #endif | |
42016 | ||
42017 | +#ifndef __read_only | |
42018 | +#define __read_only __read_mostly | |
42019 | +#endif | |
42020 | + | |
42021 | #ifndef ____cacheline_aligned | |
42022 | #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) | |
42023 | #endif | |
ae4e228f MT |
42024 | diff -urNp linux-2.6.33.1/include/linux/capability.h linux-2.6.33.1/include/linux/capability.h |
42025 | --- linux-2.6.33.1/include/linux/capability.h 2010-03-15 12:09:39.000000000 -0400 | |
42026 | +++ linux-2.6.33.1/include/linux/capability.h 2010-03-20 16:58:41.908542968 -0400 | |
42027 | @@ -561,6 +561,7 @@ extern const kernel_cap_t __cap_init_eff | |
58c5fc13 MT |
42028 | (security_real_capable_noaudit((t), (cap)) == 0) |
42029 | ||
42030 | extern int capable(int cap); | |
42031 | +int capable_nolog(int cap); | |
42032 | ||
42033 | /* audit system wants to get cap info from files as well */ | |
42034 | struct dentry; | |
ae4e228f MT |
42035 | diff -urNp linux-2.6.33.1/include/linux/compiler-gcc4.h linux-2.6.33.1/include/linux/compiler-gcc4.h |
42036 | --- linux-2.6.33.1/include/linux/compiler-gcc4.h 2010-03-15 12:09:39.000000000 -0400 | |
42037 | +++ linux-2.6.33.1/include/linux/compiler-gcc4.h 2010-03-20 16:58:41.908542968 -0400 | |
42038 | @@ -50,6 +50,10 @@ | |
42039 | #define unreachable() __builtin_unreachable() | |
42040 | #endif | |
58c5fc13 MT |
42041 | |
42042 | +#define __alloc_size(...) __attribute((alloc_size(__VA_ARGS__))) | |
42043 | +#define __bos(ptr, arg) __builtin_object_size((ptr), (arg)) | |
42044 | +#define __bos0(ptr) __bos((ptr), 0) | |
42045 | +#define __bos1(ptr) __bos((ptr), 1) | |
42046 | #endif | |
ae4e228f MT |
42047 | |
42048 | #if __GNUC_MINOR__ > 0 | |
42049 | diff -urNp linux-2.6.33.1/include/linux/compiler.h linux-2.6.33.1/include/linux/compiler.h | |
42050 | --- linux-2.6.33.1/include/linux/compiler.h 2010-03-15 12:09:39.000000000 -0400 | |
42051 | +++ linux-2.6.33.1/include/linux/compiler.h 2010-03-20 16:58:41.908542968 -0400 | |
42052 | @@ -267,6 +267,22 @@ void ftrace_likely_update(struct ftrace_ | |
58c5fc13 MT |
42053 | #define __cold |
42054 | #endif | |
42055 | ||
42056 | +#ifndef __alloc_size | |
42057 | +#define __alloc_size | |
42058 | +#endif | |
42059 | + | |
42060 | +#ifndef __bos | |
42061 | +#define __bos | |
42062 | +#endif | |
42063 | + | |
42064 | +#ifndef __bos0 | |
42065 | +#define __bos0 | |
42066 | +#endif | |
42067 | + | |
42068 | +#ifndef __bos1 | |
42069 | +#define __bos1 | |
42070 | +#endif | |
42071 | + | |
42072 | /* Simple shorthand for a section definition */ | |
42073 | #ifndef __section | |
42074 | # define __section(S) __attribute__ ((__section__(#S))) | |
ae4e228f MT |
42075 | diff -urNp linux-2.6.33.1/include/linux/decompress/mm.h linux-2.6.33.1/include/linux/decompress/mm.h |
42076 | --- linux-2.6.33.1/include/linux/decompress/mm.h 2010-03-15 12:09:39.000000000 -0400 | |
42077 | +++ linux-2.6.33.1/include/linux/decompress/mm.h 2010-03-20 16:58:41.908542968 -0400 | |
58c5fc13 MT |
42078 | @@ -68,7 +68,7 @@ static void free(void *where) |
42079 | * warnings when not needed (indeed large_malloc / large_free are not | |
42080 | * needed by inflate */ | |
42081 | ||
42082 | -#define malloc(a) kmalloc(a, GFP_KERNEL) | |
42083 | +#define malloc(a) kmalloc((a), GFP_KERNEL) | |
42084 | #define free(a) kfree(a) | |
42085 | ||
42086 | #define large_malloc(a) vmalloc(a) | |
ae4e228f MT |
42087 | diff -urNp linux-2.6.33.1/include/linux/dma-mapping.h linux-2.6.33.1/include/linux/dma-mapping.h |
42088 | --- linux-2.6.33.1/include/linux/dma-mapping.h 2010-03-15 12:09:39.000000000 -0400 | |
42089 | +++ linux-2.6.33.1/include/linux/dma-mapping.h 2010-03-20 16:58:41.908542968 -0400 | |
42090 | @@ -16,50 +16,50 @@ enum dma_data_direction { | |
42091 | }; | |
42092 | ||
42093 | struct dma_map_ops { | |
42094 | - void* (*alloc_coherent)(struct device *dev, size_t size, | |
42095 | + void* (* const alloc_coherent)(struct device *dev, size_t size, | |
42096 | dma_addr_t *dma_handle, gfp_t gfp); | |
42097 | - void (*free_coherent)(struct device *dev, size_t size, | |
42098 | + void (* const free_coherent)(struct device *dev, size_t size, | |
42099 | void *vaddr, dma_addr_t dma_handle); | |
42100 | - dma_addr_t (*map_page)(struct device *dev, struct page *page, | |
42101 | + dma_addr_t (* const map_page)(struct device *dev, struct page *page, | |
42102 | unsigned long offset, size_t size, | |
42103 | enum dma_data_direction dir, | |
42104 | struct dma_attrs *attrs); | |
42105 | - void (*unmap_page)(struct device *dev, dma_addr_t dma_handle, | |
42106 | + void (* const unmap_page)(struct device *dev, dma_addr_t dma_handle, | |
42107 | size_t size, enum dma_data_direction dir, | |
42108 | struct dma_attrs *attrs); | |
42109 | - int (*map_sg)(struct device *dev, struct scatterlist *sg, | |
42110 | + int (* const map_sg)(struct device *dev, struct scatterlist *sg, | |
42111 | int nents, enum dma_data_direction dir, | |
42112 | struct dma_attrs *attrs); | |
42113 | - void (*unmap_sg)(struct device *dev, | |
42114 | + void (* const unmap_sg)(struct device *dev, | |
42115 | struct scatterlist *sg, int nents, | |
42116 | enum dma_data_direction dir, | |
42117 | struct dma_attrs *attrs); | |
42118 | - void (*sync_single_for_cpu)(struct device *dev, | |
42119 | + void (* const sync_single_for_cpu)(struct device *dev, | |
42120 | dma_addr_t dma_handle, size_t size, | |
42121 | enum dma_data_direction dir); | |
42122 | - void (*sync_single_for_device)(struct device *dev, | |
42123 | + void (* const sync_single_for_device)(struct device *dev, | |
42124 | dma_addr_t dma_handle, size_t size, | |
42125 | enum dma_data_direction dir); | |
42126 | - void (*sync_single_range_for_cpu)(struct device *dev, | |
42127 | + void (* const sync_single_range_for_cpu)(struct device *dev, | |
42128 | dma_addr_t dma_handle, | |
42129 | unsigned long offset, | |
42130 | size_t size, | |
42131 | enum dma_data_direction dir); | |
42132 | - void (*sync_single_range_for_device)(struct device *dev, | |
42133 | + void (* const sync_single_range_for_device)(struct device *dev, | |
42134 | dma_addr_t dma_handle, | |
42135 | unsigned long offset, | |
42136 | size_t size, | |
42137 | enum dma_data_direction dir); | |
42138 | - void (*sync_sg_for_cpu)(struct device *dev, | |
42139 | + void (* const sync_sg_for_cpu)(struct device *dev, | |
42140 | struct scatterlist *sg, int nents, | |
42141 | enum dma_data_direction dir); | |
42142 | - void (*sync_sg_for_device)(struct device *dev, | |
42143 | + void (* const sync_sg_for_device)(struct device *dev, | |
42144 | struct scatterlist *sg, int nents, | |
42145 | enum dma_data_direction dir); | |
42146 | - int (*mapping_error)(struct device *dev, dma_addr_t dma_addr); | |
42147 | - int (*dma_supported)(struct device *dev, u64 mask); | |
42148 | - int (*set_dma_mask)(struct device *dev, u64 mask); | |
42149 | - int is_phys; | |
42150 | + int (* const mapping_error)(struct device *dev, dma_addr_t dma_addr); | |
42151 | + int (* const dma_supported)(struct device *dev, u64 mask); | |
42152 | + int (* set_dma_mask)(struct device *dev, u64 mask); | |
42153 | + const int is_phys; | |
42154 | }; | |
42155 | ||
42156 | #define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1)) | |
42157 | diff -urNp linux-2.6.33.1/include/linux/elf.h linux-2.6.33.1/include/linux/elf.h | |
42158 | --- linux-2.6.33.1/include/linux/elf.h 2010-03-15 12:09:39.000000000 -0400 | |
42159 | +++ linux-2.6.33.1/include/linux/elf.h 2010-03-20 16:58:41.908542968 -0400 | |
58c5fc13 MT |
42160 | @@ -49,6 +49,17 @@ typedef __s64 Elf64_Sxword; |
42161 | #define PT_GNU_EH_FRAME 0x6474e550 | |
42162 | ||
42163 | #define PT_GNU_STACK (PT_LOOS + 0x474e551) | |
42164 | +#define PT_GNU_RELRO (PT_LOOS + 0x474e552) | |
42165 | + | |
42166 | +#define PT_PAX_FLAGS (PT_LOOS + 0x5041580) | |
42167 | + | |
42168 | +/* Constants for the e_flags field */ | |
42169 | +#define EF_PAX_PAGEEXEC 1 /* Paging based non-executable pages */ | |
42170 | +#define EF_PAX_EMUTRAMP 2 /* Emulate trampolines */ | |
42171 | +#define EF_PAX_MPROTECT 4 /* Restrict mprotect() */ | |
42172 | +#define EF_PAX_RANDMMAP 8 /* Randomize mmap() base */ | |
42173 | +/*#define EF_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */ | |
42174 | +#define EF_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */ | |
42175 | ||
42176 | /* These constants define the different elf file types */ | |
42177 | #define ET_NONE 0 | |
42178 | @@ -84,6 +95,8 @@ typedef __s64 Elf64_Sxword; | |
42179 | #define DT_DEBUG 21 | |
42180 | #define DT_TEXTREL 22 | |
42181 | #define DT_JMPREL 23 | |
42182 | +#define DT_FLAGS 30 | |
42183 | + #define DF_TEXTREL 0x00000004 | |
42184 | #define DT_ENCODING 32 | |
42185 | #define OLD_DT_LOOS 0x60000000 | |
42186 | #define DT_LOOS 0x6000000d | |
42187 | @@ -230,6 +243,19 @@ typedef struct elf64_hdr { | |
42188 | #define PF_W 0x2 | |
42189 | #define PF_X 0x1 | |
42190 | ||
42191 | +#define PF_PAGEEXEC (1U << 4) /* Enable PAGEEXEC */ | |
42192 | +#define PF_NOPAGEEXEC (1U << 5) /* Disable PAGEEXEC */ | |
42193 | +#define PF_SEGMEXEC (1U << 6) /* Enable SEGMEXEC */ | |
42194 | +#define PF_NOSEGMEXEC (1U << 7) /* Disable SEGMEXEC */ | |
42195 | +#define PF_MPROTECT (1U << 8) /* Enable MPROTECT */ | |
42196 | +#define PF_NOMPROTECT (1U << 9) /* Disable MPROTECT */ | |
42197 | +/*#define PF_RANDEXEC (1U << 10)*/ /* Enable RANDEXEC */ | |
42198 | +/*#define PF_NORANDEXEC (1U << 11)*/ /* Disable RANDEXEC */ | |
42199 | +#define PF_EMUTRAMP (1U << 12) /* Enable EMUTRAMP */ | |
42200 | +#define PF_NOEMUTRAMP (1U << 13) /* Disable EMUTRAMP */ | |
42201 | +#define PF_RANDMMAP (1U << 14) /* Enable RANDMMAP */ | |
42202 | +#define PF_NORANDMMAP (1U << 15) /* Disable RANDMMAP */ | |
42203 | + | |
42204 | typedef struct elf32_phdr{ | |
42205 | Elf32_Word p_type; | |
42206 | Elf32_Off p_offset; | |
42207 | @@ -322,6 +348,8 @@ typedef struct elf64_shdr { | |
42208 | #define EI_OSABI 7 | |
42209 | #define EI_PAD 8 | |
42210 | ||
42211 | +#define EI_PAX 14 | |
42212 | + | |
42213 | #define ELFMAG0 0x7f /* EI_MAG */ | |
42214 | #define ELFMAG1 'E' | |
42215 | #define ELFMAG2 'L' | |
ae4e228f | 42216 | @@ -386,6 +414,7 @@ extern Elf32_Dyn _DYNAMIC []; |
58c5fc13 MT |
42217 | #define elf_phdr elf32_phdr |
42218 | #define elf_note elf32_note | |
42219 | #define elf_addr_t Elf32_Off | |
42220 | +#define elf_dyn Elf32_Dyn | |
42221 | ||
42222 | #else | |
42223 | ||
ae4e228f | 42224 | @@ -394,6 +423,7 @@ extern Elf64_Dyn _DYNAMIC []; |
58c5fc13 MT |
42225 | #define elf_phdr elf64_phdr |
42226 | #define elf_note elf64_note | |
42227 | #define elf_addr_t Elf64_Off | |
42228 | +#define elf_dyn Elf64_Dyn | |
42229 | ||
42230 | #endif | |
42231 | ||
ae4e228f MT |
42232 | diff -urNp linux-2.6.33.1/include/linux/fs.h linux-2.6.33.1/include/linux/fs.h |
42233 | --- linux-2.6.33.1/include/linux/fs.h 2010-03-15 12:09:39.000000000 -0400 | |
42234 | +++ linux-2.6.33.1/include/linux/fs.h 2010-03-20 16:59:37.096727099 -0400 | |
42235 | @@ -90,6 +90,11 @@ struct inodes_stat_t { | |
42236 | /* Expect random access pattern */ | |
42237 | #define FMODE_RANDOM ((__force fmode_t)4096) | |
58c5fc13 MT |
42238 | |
42239 | +/* Hack for grsec so as not to require read permission simply to execute | |
ae4e228f MT |
42240 | + * a binary |
42241 | + */ | |
58c5fc13 MT |
42242 | +#define FMODE_GREXEC ((__force fmode_t)8192) |
42243 | + | |
42244 | /* | |
42245 | * The below are the various read and write types that we support. Some of | |
42246 | * them include behavioral modifiers that send information down to the | |
ae4e228f MT |
42247 | @@ -570,41 +575,41 @@ typedef int (*read_actor_t)(read_descrip |
42248 | unsigned long, unsigned long); | |
42249 | ||
42250 | struct address_space_operations { | |
42251 | - int (*writepage)(struct page *page, struct writeback_control *wbc); | |
42252 | - int (*readpage)(struct file *, struct page *); | |
42253 | - void (*sync_page)(struct page *); | |
42254 | + int (* const writepage)(struct page *page, struct writeback_control *wbc); | |
42255 | + int (* const readpage)(struct file *, struct page *); | |
42256 | + void (* const sync_page)(struct page *); | |
42257 | ||
42258 | /* Write back some dirty pages from this mapping. */ | |
42259 | - int (*writepages)(struct address_space *, struct writeback_control *); | |
42260 | + int (* const writepages)(struct address_space *, struct writeback_control *); | |
42261 | ||
42262 | /* Set a page dirty. Return true if this dirtied it */ | |
42263 | - int (*set_page_dirty)(struct page *page); | |
42264 | + int (* const set_page_dirty)(struct page *page); | |
42265 | ||
42266 | - int (*readpages)(struct file *filp, struct address_space *mapping, | |
42267 | + int (* const readpages)(struct file *filp, struct address_space *mapping, | |
42268 | struct list_head *pages, unsigned nr_pages); | |
42269 | ||
42270 | - int (*write_begin)(struct file *, struct address_space *mapping, | |
42271 | + int (* const write_begin)(struct file *, struct address_space *mapping, | |
42272 | loff_t pos, unsigned len, unsigned flags, | |
42273 | struct page **pagep, void **fsdata); | |
42274 | - int (*write_end)(struct file *, struct address_space *mapping, | |
42275 | + int (* const write_end)(struct file *, struct address_space *mapping, | |
42276 | loff_t pos, unsigned len, unsigned copied, | |
42277 | struct page *page, void *fsdata); | |
42278 | ||
42279 | /* Unfortunately this kludge is needed for FIBMAP. Don't use it */ | |
42280 | - sector_t (*bmap)(struct address_space *, sector_t); | |
42281 | - void (*invalidatepage) (struct page *, unsigned long); | |
42282 | - int (*releasepage) (struct page *, gfp_t); | |
42283 | - ssize_t (*direct_IO)(int, struct kiocb *, const struct iovec *iov, | |
42284 | + sector_t (* const bmap)(struct address_space *, sector_t); | |
42285 | + void (* const invalidatepage) (struct page *, unsigned long); | |
42286 | + int (* const releasepage) (struct page *, gfp_t); | |
42287 | + ssize_t (* const direct_IO)(int, struct kiocb *, const struct iovec *iov, | |
42288 | loff_t offset, unsigned long nr_segs); | |
42289 | - int (*get_xip_mem)(struct address_space *, pgoff_t, int, | |
42290 | + int (* const get_xip_mem)(struct address_space *, pgoff_t, int, | |
42291 | void **, unsigned long *); | |
42292 | /* migrate the contents of a page to the specified target */ | |
42293 | - int (*migratepage) (struct address_space *, | |
42294 | + int (* const migratepage) (struct address_space *, | |
42295 | struct page *, struct page *); | |
42296 | - int (*launder_page) (struct page *); | |
42297 | - int (*is_partially_uptodate) (struct page *, read_descriptor_t *, | |
42298 | + int (* const launder_page) (struct page *); | |
42299 | + int (* const is_partially_uptodate) (struct page *, read_descriptor_t *, | |
42300 | unsigned long); | |
42301 | - int (*error_remove_page)(struct address_space *, struct page *); | |
42302 | + int (* const error_remove_page)(struct address_space *, struct page *); | |
42303 | }; | |
42304 | ||
42305 | /* | |
42306 | @@ -1032,19 +1037,19 @@ static inline int file_check_writeable(s | |
42307 | typedef struct files_struct *fl_owner_t; | |
42308 | ||
42309 | struct file_lock_operations { | |
42310 | - void (*fl_copy_lock)(struct file_lock *, struct file_lock *); | |
42311 | - void (*fl_release_private)(struct file_lock *); | |
42312 | + void (* const fl_copy_lock)(struct file_lock *, struct file_lock *); | |
42313 | + void (* const fl_release_private)(struct file_lock *); | |
42314 | }; | |
42315 | ||
42316 | struct lock_manager_operations { | |
42317 | - int (*fl_compare_owner)(struct file_lock *, struct file_lock *); | |
42318 | - void (*fl_notify)(struct file_lock *); /* unblock callback */ | |
42319 | - int (*fl_grant)(struct file_lock *, struct file_lock *, int); | |
42320 | - void (*fl_copy_lock)(struct file_lock *, struct file_lock *); | |
42321 | - void (*fl_release_private)(struct file_lock *); | |
42322 | - void (*fl_break)(struct file_lock *); | |
42323 | - int (*fl_mylease)(struct file_lock *, struct file_lock *); | |
42324 | - int (*fl_change)(struct file_lock **, int); | |
42325 | + int (* const fl_compare_owner)(struct file_lock *, struct file_lock *); | |
42326 | + void (* const fl_notify)(struct file_lock *); /* unblock callback */ | |
42327 | + int (* const fl_grant)(struct file_lock *, struct file_lock *, int); | |
42328 | + void (* const fl_copy_lock)(struct file_lock *, struct file_lock *); | |
42329 | + void (* const fl_release_private)(struct file_lock *); | |
42330 | + void (* const fl_break)(struct file_lock *); | |
42331 | + int (* const fl_mylease)(struct file_lock *, struct file_lock *); | |
42332 | + int (* const fl_change)(struct file_lock **, int); | |
42333 | }; | |
42334 | ||
42335 | struct lock_manager { | |
42336 | @@ -1437,7 +1442,7 @@ struct fiemap_extent_info { | |
42337 | unsigned int fi_flags; /* Flags as passed from user */ | |
42338 | unsigned int fi_extents_mapped; /* Number of mapped extents */ | |
42339 | unsigned int fi_extents_max; /* Size of fiemap_extent array */ | |
42340 | - struct fiemap_extent *fi_extents_start; /* Start of fiemap_extent | |
42341 | + struct fiemap_extent __user *fi_extents_start; /* Start of fiemap_extent | |
42342 | * array */ | |
42343 | }; | |
42344 | int fiemap_fill_next_extent(struct fiemap_extent_info *info, u64 logical, | |
42345 | @@ -1554,30 +1559,30 @@ extern ssize_t vfs_writev(struct file *, | |
42346 | unsigned long, loff_t *); | |
42347 | ||
42348 | struct super_operations { | |
42349 | - struct inode *(*alloc_inode)(struct super_block *sb); | |
42350 | - void (*destroy_inode)(struct inode *); | |
42351 | + struct inode *(* const alloc_inode)(struct super_block *sb); | |
42352 | + void (* const destroy_inode)(struct inode *); | |
42353 | ||
42354 | - void (*dirty_inode) (struct inode *); | |
42355 | - int (*write_inode) (struct inode *, int); | |
42356 | - void (*drop_inode) (struct inode *); | |
42357 | - void (*delete_inode) (struct inode *); | |
42358 | - void (*put_super) (struct super_block *); | |
42359 | - void (*write_super) (struct super_block *); | |
42360 | - int (*sync_fs)(struct super_block *sb, int wait); | |
42361 | - int (*freeze_fs) (struct super_block *); | |
42362 | - int (*unfreeze_fs) (struct super_block *); | |
42363 | - int (*statfs) (struct dentry *, struct kstatfs *); | |
42364 | - int (*remount_fs) (struct super_block *, int *, char *); | |
42365 | - void (*clear_inode) (struct inode *); | |
42366 | - void (*umount_begin) (struct super_block *); | |
42367 | + void (* const dirty_inode) (struct inode *); | |
42368 | + int (* const write_inode) (struct inode *, int); | |
42369 | + void (* const drop_inode) (struct inode *); | |
42370 | + void (* const delete_inode) (struct inode *); | |
42371 | + void (* const put_super) (struct super_block *); | |
42372 | + void (* const write_super) (struct super_block *); | |
42373 | + int (* const sync_fs)(struct super_block *sb, int wait); | |
42374 | + int (* const freeze_fs) (struct super_block *); | |
42375 | + int (* const unfreeze_fs) (struct super_block *); | |
42376 | + int (* const statfs) (struct dentry *, struct kstatfs *); | |
42377 | + int (* const remount_fs) (struct super_block *, int *, char *); | |
42378 | + void (* const clear_inode) (struct inode *); | |
42379 | + void (* const umount_begin) (struct super_block *); | |
42380 | ||
42381 | - int (*show_options)(struct seq_file *, struct vfsmount *); | |
42382 | - int (*show_stats)(struct seq_file *, struct vfsmount *); | |
42383 | + int (* const show_options)(struct seq_file *, struct vfsmount *); | |
42384 | + int (* const show_stats)(struct seq_file *, struct vfsmount *); | |
42385 | #ifdef CONFIG_QUOTA | |
42386 | - ssize_t (*quota_read)(struct super_block *, int, char *, size_t, loff_t); | |
42387 | - ssize_t (*quota_write)(struct super_block *, int, const char *, size_t, loff_t); | |
42388 | + ssize_t (* const quota_read)(struct super_block *, int, char *, size_t, loff_t); | |
42389 | + ssize_t (* const quota_write)(struct super_block *, int, const char *, size_t, loff_t); | |
42390 | #endif | |
42391 | - int (*bdev_try_to_free_page)(struct super_block*, struct page*, gfp_t); | |
42392 | + int (* const bdev_try_to_free_page)(struct super_block*, struct page*, gfp_t); | |
42393 | }; | |
42394 | ||
42395 | /* | |
42396 | diff -urNp linux-2.6.33.1/include/linux/fs_struct.h linux-2.6.33.1/include/linux/fs_struct.h | |
42397 | --- linux-2.6.33.1/include/linux/fs_struct.h 2010-03-15 12:09:39.000000000 -0400 | |
42398 | +++ linux-2.6.33.1/include/linux/fs_struct.h 2010-03-20 16:58:41.908542968 -0400 | |
58c5fc13 MT |
42399 | @@ -4,7 +4,7 @@ |
42400 | #include <linux/path.h> | |
42401 | ||
42402 | struct fs_struct { | |
42403 | - int users; | |
42404 | + atomic_t users; | |
42405 | rwlock_t lock; | |
42406 | int umask; | |
42407 | int in_exec; | |
ae4e228f MT |
42408 | diff -urNp linux-2.6.33.1/include/linux/genhd.h linux-2.6.33.1/include/linux/genhd.h |
42409 | --- linux-2.6.33.1/include/linux/genhd.h 2010-03-15 12:09:39.000000000 -0400 | |
42410 | +++ linux-2.6.33.1/include/linux/genhd.h 2010-03-20 16:58:41.912517036 -0400 | |
42411 | @@ -162,7 +162,7 @@ struct gendisk { | |
58c5fc13 MT |
42412 | |
42413 | struct timer_rand_state *random; | |
42414 | ||
42415 | - atomic_t sync_io; /* RAID */ | |
42416 | + atomic_unchecked_t sync_io; /* RAID */ | |
42417 | struct work_struct async_notify; | |
42418 | #ifdef CONFIG_BLK_DEV_INTEGRITY | |
42419 | struct blk_integrity *integrity; | |
ae4e228f MT |
42420 | diff -urNp linux-2.6.33.1/include/linux/gracl.h linux-2.6.33.1/include/linux/gracl.h |
42421 | --- linux-2.6.33.1/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500 | |
42422 | +++ linux-2.6.33.1/include/linux/gracl.h 2010-03-20 16:58:41.912517036 -0400 | |
42423 | @@ -0,0 +1,309 @@ | |
58c5fc13 MT |
42424 | +#ifndef GR_ACL_H |
42425 | +#define GR_ACL_H | |
42426 | + | |
42427 | +#include <linux/grdefs.h> | |
42428 | +#include <linux/resource.h> | |
42429 | +#include <linux/capability.h> | |
42430 | +#include <linux/dcache.h> | |
42431 | +#include <asm/resource.h> | |
42432 | + | |
42433 | +/* Major status information */ | |
42434 | + | |
42435 | +#define GR_VERSION "grsecurity 2.1.14" | |
42436 | +#define GRSECURITY_VERSION 0x2114 | |
42437 | + | |
42438 | +enum { | |
42439 | + GR_SHUTDOWN = 0, | |
42440 | + GR_ENABLE = 1, | |
42441 | + GR_SPROLE = 2, | |
42442 | + GR_RELOAD = 3, | |
42443 | + GR_SEGVMOD = 4, | |
42444 | + GR_STATUS = 5, | |
42445 | + GR_UNSPROLE = 6, | |
42446 | + GR_PASSSET = 7, | |
42447 | + GR_SPROLEPAM = 8, | |
42448 | +}; | |
42449 | + | |
42450 | +/* Password setup definitions | |
42451 | + * kernel/grhash.c */ | |
42452 | +enum { | |
42453 | + GR_PW_LEN = 128, | |
42454 | + GR_SALT_LEN = 16, | |
42455 | + GR_SHA_LEN = 32, | |
42456 | +}; | |
42457 | + | |
42458 | +enum { | |
42459 | + GR_SPROLE_LEN = 64, | |
42460 | +}; | |
42461 | + | |
42462 | +#define GR_NLIMITS 32 | |
42463 | + | |
42464 | +/* Begin Data Structures */ | |
42465 | + | |
42466 | +struct sprole_pw { | |
42467 | + unsigned char *rolename; | |
42468 | + unsigned char salt[GR_SALT_LEN]; | |
42469 | + unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */ | |
42470 | +}; | |
42471 | + | |
42472 | +struct name_entry { | |
42473 | + __u32 key; | |
42474 | + ino_t inode; | |
42475 | + dev_t device; | |
42476 | + char *name; | |
42477 | + __u16 len; | |
42478 | + __u8 deleted; | |
42479 | + struct name_entry *prev; | |
42480 | + struct name_entry *next; | |
42481 | +}; | |
42482 | + | |
42483 | +struct inodev_entry { | |
42484 | + struct name_entry *nentry; | |
42485 | + struct inodev_entry *prev; | |
42486 | + struct inodev_entry *next; | |
42487 | +}; | |
42488 | + | |
42489 | +struct acl_role_db { | |
42490 | + struct acl_role_label **r_hash; | |
42491 | + __u32 r_size; | |
42492 | +}; | |
42493 | + | |
42494 | +struct inodev_db { | |
42495 | + struct inodev_entry **i_hash; | |
42496 | + __u32 i_size; | |
42497 | +}; | |
42498 | + | |
42499 | +struct name_db { | |
42500 | + struct name_entry **n_hash; | |
42501 | + __u32 n_size; | |
42502 | +}; | |
42503 | + | |
42504 | +struct crash_uid { | |
42505 | + uid_t uid; | |
42506 | + unsigned long expires; | |
42507 | +}; | |
42508 | + | |
42509 | +struct gr_hash_struct { | |
42510 | + void **table; | |
42511 | + void **nametable; | |
42512 | + void *first; | |
42513 | + __u32 table_size; | |
42514 | + __u32 used_size; | |
42515 | + int type; | |
42516 | +}; | |
42517 | + | |
42518 | +/* Userspace Grsecurity ACL data structures */ | |
42519 | + | |
42520 | +struct acl_subject_label { | |
42521 | + char *filename; | |
42522 | + ino_t inode; | |
42523 | + dev_t device; | |
42524 | + __u32 mode; | |
42525 | + kernel_cap_t cap_mask; | |
42526 | + kernel_cap_t cap_lower; | |
42527 | + | |
42528 | + struct rlimit res[GR_NLIMITS]; | |
42529 | + __u32 resmask; | |
42530 | + | |
42531 | + __u8 user_trans_type; | |
42532 | + __u8 group_trans_type; | |
42533 | + uid_t *user_transitions; | |
42534 | + gid_t *group_transitions; | |
42535 | + __u16 user_trans_num; | |
42536 | + __u16 group_trans_num; | |
42537 | + | |
42538 | + __u32 ip_proto[8]; | |
42539 | + __u32 ip_type; | |
42540 | + struct acl_ip_label **ips; | |
42541 | + __u32 ip_num; | |
42542 | + __u32 inaddr_any_override; | |
42543 | + | |
42544 | + __u32 crashes; | |
42545 | + unsigned long expires; | |
42546 | + | |
42547 | + struct acl_subject_label *parent_subject; | |
42548 | + struct gr_hash_struct *hash; | |
42549 | + struct acl_subject_label *prev; | |
42550 | + struct acl_subject_label *next; | |
42551 | + | |
42552 | + struct acl_object_label **obj_hash; | |
42553 | + __u32 obj_hash_size; | |
42554 | + __u16 pax_flags; | |
42555 | +}; | |
42556 | + | |
42557 | +struct role_allowed_ip { | |
42558 | + __u32 addr; | |
42559 | + __u32 netmask; | |
42560 | + | |
42561 | + struct role_allowed_ip *prev; | |
42562 | + struct role_allowed_ip *next; | |
42563 | +}; | |
42564 | + | |
42565 | +struct role_transition { | |
42566 | + char *rolename; | |
42567 | + | |
42568 | + struct role_transition *prev; | |
42569 | + struct role_transition *next; | |
42570 | +}; | |
42571 | + | |
42572 | +struct acl_role_label { | |
42573 | + char *rolename; | |
42574 | + uid_t uidgid; | |
42575 | + __u16 roletype; | |
42576 | + | |
42577 | + __u16 auth_attempts; | |
42578 | + unsigned long expires; | |
42579 | + | |
42580 | + struct acl_subject_label *root_label; | |
42581 | + struct gr_hash_struct *hash; | |
42582 | + | |
42583 | + struct acl_role_label *prev; | |
42584 | + struct acl_role_label *next; | |
42585 | + | |
42586 | + struct role_transition *transitions; | |
42587 | + struct role_allowed_ip *allowed_ips; | |
42588 | + uid_t *domain_children; | |
42589 | + __u16 domain_child_num; | |
42590 | + | |
42591 | + struct acl_subject_label **subj_hash; | |
42592 | + __u32 subj_hash_size; | |
42593 | +}; | |
42594 | + | |
42595 | +struct user_acl_role_db { | |
42596 | + struct acl_role_label **r_table; | |
42597 | + __u32 num_pointers; /* Number of allocations to track */ | |
42598 | + __u32 num_roles; /* Number of roles */ | |
42599 | + __u32 num_domain_children; /* Number of domain children */ | |
42600 | + __u32 num_subjects; /* Number of subjects */ | |
42601 | + __u32 num_objects; /* Number of objects */ | |
42602 | +}; | |
42603 | + | |
42604 | +struct acl_object_label { | |
42605 | + char *filename; | |
42606 | + ino_t inode; | |
42607 | + dev_t device; | |
42608 | + __u32 mode; | |
42609 | + | |
42610 | + struct acl_subject_label *nested; | |
42611 | + struct acl_object_label *globbed; | |
42612 | + | |
42613 | + /* next two structures not used */ | |
42614 | + | |
42615 | + struct acl_object_label *prev; | |
42616 | + struct acl_object_label *next; | |
42617 | +}; | |
42618 | + | |
42619 | +struct acl_ip_label { | |
42620 | + char *iface; | |
42621 | + __u32 addr; | |
42622 | + __u32 netmask; | |
42623 | + __u16 low, high; | |
42624 | + __u8 mode; | |
42625 | + __u32 type; | |
42626 | + __u32 proto[8]; | |
42627 | + | |
42628 | + /* next two structures not used */ | |
42629 | + | |
42630 | + struct acl_ip_label *prev; | |
42631 | + struct acl_ip_label *next; | |
42632 | +}; | |
42633 | + | |
42634 | +struct gr_arg { | |
42635 | + struct user_acl_role_db role_db; | |
42636 | + unsigned char pw[GR_PW_LEN]; | |
42637 | + unsigned char salt[GR_SALT_LEN]; | |
42638 | + unsigned char sum[GR_SHA_LEN]; | |
42639 | + unsigned char sp_role[GR_SPROLE_LEN]; | |
42640 | + struct sprole_pw *sprole_pws; | |
42641 | + dev_t segv_device; | |
42642 | + ino_t segv_inode; | |
42643 | + uid_t segv_uid; | |
42644 | + __u16 num_sprole_pws; | |
42645 | + __u16 mode; | |
42646 | +}; | |
42647 | + | |
42648 | +struct gr_arg_wrapper { | |
42649 | + struct gr_arg *arg; | |
42650 | + __u32 version; | |
42651 | + __u32 size; | |
42652 | +}; | |
42653 | + | |
42654 | +struct subject_map { | |
42655 | + struct acl_subject_label *user; | |
42656 | + struct acl_subject_label *kernel; | |
42657 | + struct subject_map *prev; | |
42658 | + struct subject_map *next; | |
42659 | +}; | |
42660 | + | |
42661 | +struct acl_subj_map_db { | |
42662 | + struct subject_map **s_hash; | |
42663 | + __u32 s_size; | |
42664 | +}; | |
42665 | + | |
42666 | +/* End Data Structures Section */ | |
42667 | + | |
42668 | +/* Hash functions generated by empirical testing by Brad Spengler | |
42669 | + Makes good use of the low bits of the inode. Generally 0-1 times | |
42670 | + in loop for successful match. 0-3 for unsuccessful match. | |
42671 | + Shift/add algorithm with modulus of table size and an XOR*/ | |
42672 | + | |
42673 | +static __inline__ unsigned int | |
42674 | +rhash(const uid_t uid, const __u16 type, const unsigned int sz) | |
42675 | +{ | |
ae4e228f | 42676 | + return ((((uid + type) << (16 + type)) ^ uid) % sz); |
58c5fc13 MT |
42677 | +} |
42678 | + | |
42679 | + static __inline__ unsigned int | |
42680 | +shash(const struct acl_subject_label *userp, const unsigned int sz) | |
42681 | +{ | |
42682 | + return ((const unsigned long)userp % sz); | |
42683 | +} | |
42684 | + | |
42685 | +static __inline__ unsigned int | |
42686 | +fhash(const ino_t ino, const dev_t dev, const unsigned int sz) | |
42687 | +{ | |
42688 | + return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz); | |
42689 | +} | |
42690 | + | |
42691 | +static __inline__ unsigned int | |
42692 | +nhash(const char *name, const __u16 len, const unsigned int sz) | |
42693 | +{ | |
42694 | + return full_name_hash((const unsigned char *)name, len) % sz; | |
42695 | +} | |
42696 | + | |
ae4e228f MT |
42697 | +#define FOR_EACH_ROLE_START(role) \ |
42698 | + role = role_list; \ | |
42699 | + while (role) { | |
58c5fc13 | 42700 | + |
ae4e228f MT |
42701 | +#define FOR_EACH_ROLE_END(role) \ |
42702 | + role = role->prev; \ | |
58c5fc13 MT |
42703 | + } |
42704 | + | |
42705 | +#define FOR_EACH_SUBJECT_START(role,subj,iter) \ | |
42706 | + subj = NULL; \ | |
42707 | + iter = 0; \ | |
42708 | + while (iter < role->subj_hash_size) { \ | |
42709 | + if (subj == NULL) \ | |
42710 | + subj = role->subj_hash[iter]; \ | |
42711 | + if (subj == NULL) { \ | |
42712 | + iter++; \ | |
42713 | + continue; \ | |
42714 | + } | |
42715 | + | |
42716 | +#define FOR_EACH_SUBJECT_END(subj,iter) \ | |
42717 | + subj = subj->next; \ | |
42718 | + if (subj == NULL) \ | |
42719 | + iter++; \ | |
42720 | + } | |
42721 | + | |
42722 | + | |
42723 | +#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \ | |
42724 | + subj = role->hash->first; \ | |
42725 | + while (subj != NULL) { | |
42726 | + | |
42727 | +#define FOR_EACH_NESTED_SUBJECT_END(subj) \ | |
42728 | + subj = subj->next; \ | |
42729 | + } | |
42730 | + | |
42731 | +#endif | |
42732 | + | |
ae4e228f MT |
42733 | diff -urNp linux-2.6.33.1/include/linux/gralloc.h linux-2.6.33.1/include/linux/gralloc.h |
42734 | --- linux-2.6.33.1/include/linux/gralloc.h 1969-12-31 19:00:00.000000000 -0500 | |
42735 | +++ linux-2.6.33.1/include/linux/gralloc.h 2010-03-20 16:58:41.912517036 -0400 | |
58c5fc13 MT |
42736 | @@ -0,0 +1,9 @@ |
42737 | +#ifndef __GRALLOC_H | |
42738 | +#define __GRALLOC_H | |
42739 | + | |
42740 | +void acl_free_all(void); | |
42741 | +int acl_alloc_stack_init(unsigned long size); | |
42742 | +void *acl_alloc(unsigned long len); | |
42743 | +void *acl_alloc_num(unsigned long num, unsigned long len); | |
42744 | + | |
42745 | +#endif | |
ae4e228f MT |
42746 | diff -urNp linux-2.6.33.1/include/linux/grdefs.h linux-2.6.33.1/include/linux/grdefs.h |
42747 | --- linux-2.6.33.1/include/linux/grdefs.h 1969-12-31 19:00:00.000000000 -0500 | |
42748 | +++ linux-2.6.33.1/include/linux/grdefs.h 2010-03-20 16:58:41.912517036 -0400 | |
58c5fc13 MT |
42749 | @@ -0,0 +1,136 @@ |
42750 | +#ifndef GRDEFS_H | |
42751 | +#define GRDEFS_H | |
42752 | + | |
42753 | +/* Begin grsecurity status declarations */ | |
42754 | + | |
42755 | +enum { | |
42756 | + GR_READY = 0x01, | |
42757 | + GR_STATUS_INIT = 0x00 // disabled state | |
42758 | +}; | |
42759 | + | |
42760 | +/* Begin ACL declarations */ | |
42761 | + | |
42762 | +/* Role flags */ | |
42763 | + | |
42764 | +enum { | |
42765 | + GR_ROLE_USER = 0x0001, | |
42766 | + GR_ROLE_GROUP = 0x0002, | |
42767 | + GR_ROLE_DEFAULT = 0x0004, | |
42768 | + GR_ROLE_SPECIAL = 0x0008, | |
42769 | + GR_ROLE_AUTH = 0x0010, | |
42770 | + GR_ROLE_NOPW = 0x0020, | |
42771 | + GR_ROLE_GOD = 0x0040, | |
42772 | + GR_ROLE_LEARN = 0x0080, | |
42773 | + GR_ROLE_TPE = 0x0100, | |
42774 | + GR_ROLE_DOMAIN = 0x0200, | |
42775 | + GR_ROLE_PAM = 0x0400 | |
42776 | +}; | |
42777 | + | |
42778 | +/* ACL Subject and Object mode flags */ | |
42779 | +enum { | |
42780 | + GR_DELETED = 0x80000000 | |
42781 | +}; | |
42782 | + | |
42783 | +/* ACL Object-only mode flags */ | |
42784 | +enum { | |
42785 | + GR_READ = 0x00000001, | |
42786 | + GR_APPEND = 0x00000002, | |
42787 | + GR_WRITE = 0x00000004, | |
42788 | + GR_EXEC = 0x00000008, | |
42789 | + GR_FIND = 0x00000010, | |
42790 | + GR_INHERIT = 0x00000020, | |
42791 | + GR_SETID = 0x00000040, | |
42792 | + GR_CREATE = 0x00000080, | |
42793 | + GR_DELETE = 0x00000100, | |
42794 | + GR_LINK = 0x00000200, | |
42795 | + GR_AUDIT_READ = 0x00000400, | |
42796 | + GR_AUDIT_APPEND = 0x00000800, | |
42797 | + GR_AUDIT_WRITE = 0x00001000, | |
42798 | + GR_AUDIT_EXEC = 0x00002000, | |
42799 | + GR_AUDIT_FIND = 0x00004000, | |
42800 | + GR_AUDIT_INHERIT= 0x00008000, | |
42801 | + GR_AUDIT_SETID = 0x00010000, | |
42802 | + GR_AUDIT_CREATE = 0x00020000, | |
42803 | + GR_AUDIT_DELETE = 0x00040000, | |
42804 | + GR_AUDIT_LINK = 0x00080000, | |
42805 | + GR_PTRACERD = 0x00100000, | |
42806 | + GR_NOPTRACE = 0x00200000, | |
42807 | + GR_SUPPRESS = 0x00400000, | |
42808 | + GR_NOLEARN = 0x00800000 | |
42809 | +}; | |
42810 | + | |
42811 | +#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \ | |
42812 | + GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \ | |
42813 | + GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK) | |
42814 | + | |
42815 | +/* ACL subject-only mode flags */ | |
42816 | +enum { | |
42817 | + GR_KILL = 0x00000001, | |
42818 | + GR_VIEW = 0x00000002, | |
42819 | + GR_PROTECTED = 0x00000004, | |
42820 | + GR_LEARN = 0x00000008, | |
42821 | + GR_OVERRIDE = 0x00000010, | |
42822 | + /* just a placeholder, this mode is only used in userspace */ | |
42823 | + GR_DUMMY = 0x00000020, | |
42824 | + GR_PROTSHM = 0x00000040, | |
42825 | + GR_KILLPROC = 0x00000080, | |
42826 | + GR_KILLIPPROC = 0x00000100, | |
42827 | + /* just a placeholder, this mode is only used in userspace */ | |
42828 | + GR_NOTROJAN = 0x00000200, | |
42829 | + GR_PROTPROCFD = 0x00000400, | |
42830 | + GR_PROCACCT = 0x00000800, | |
42831 | + GR_RELAXPTRACE = 0x00001000, | |
42832 | + GR_NESTED = 0x00002000, | |
42833 | + GR_INHERITLEARN = 0x00004000, | |
42834 | + GR_PROCFIND = 0x00008000, | |
42835 | + GR_POVERRIDE = 0x00010000, | |
42836 | + GR_KERNELAUTH = 0x00020000, | |
42837 | +}; | |
42838 | + | |
42839 | +enum { | |
42840 | + GR_PAX_ENABLE_SEGMEXEC = 0x0001, | |
42841 | + GR_PAX_ENABLE_PAGEEXEC = 0x0002, | |
42842 | + GR_PAX_ENABLE_MPROTECT = 0x0004, | |
42843 | + GR_PAX_ENABLE_RANDMMAP = 0x0008, | |
42844 | + GR_PAX_ENABLE_EMUTRAMP = 0x0010, | |
42845 | + GR_PAX_DISABLE_SEGMEXEC = 0x0100, | |
42846 | + GR_PAX_DISABLE_PAGEEXEC = 0x0200, | |
42847 | + GR_PAX_DISABLE_MPROTECT = 0x0400, | |
42848 | + GR_PAX_DISABLE_RANDMMAP = 0x0800, | |
42849 | + GR_PAX_DISABLE_EMUTRAMP = 0x1000, | |
42850 | +}; | |
42851 | + | |
42852 | +enum { | |
42853 | + GR_ID_USER = 0x01, | |
42854 | + GR_ID_GROUP = 0x02, | |
42855 | +}; | |
42856 | + | |
42857 | +enum { | |
42858 | + GR_ID_ALLOW = 0x01, | |
42859 | + GR_ID_DENY = 0x02, | |
42860 | +}; | |
42861 | + | |
42862 | +#define GR_CRASH_RES 31 | |
42863 | +#define GR_UIDTABLE_MAX 500 | |
42864 | + | |
42865 | +/* begin resource learning section */ | |
42866 | +enum { | |
42867 | + GR_RLIM_CPU_BUMP = 60, | |
42868 | + GR_RLIM_FSIZE_BUMP = 50000, | |
42869 | + GR_RLIM_DATA_BUMP = 10000, | |
42870 | + GR_RLIM_STACK_BUMP = 1000, | |
42871 | + GR_RLIM_CORE_BUMP = 10000, | |
42872 | + GR_RLIM_RSS_BUMP = 500000, | |
42873 | + GR_RLIM_NPROC_BUMP = 1, | |
42874 | + GR_RLIM_NOFILE_BUMP = 5, | |
42875 | + GR_RLIM_MEMLOCK_BUMP = 50000, | |
42876 | + GR_RLIM_AS_BUMP = 500000, | |
42877 | + GR_RLIM_LOCKS_BUMP = 2, | |
42878 | + GR_RLIM_SIGPENDING_BUMP = 5, | |
42879 | + GR_RLIM_MSGQUEUE_BUMP = 10000, | |
42880 | + GR_RLIM_NICE_BUMP = 1, | |
42881 | + GR_RLIM_RTPRIO_BUMP = 1, | |
42882 | + GR_RLIM_RTTIME_BUMP = 1000000 | |
42883 | +}; | |
42884 | + | |
42885 | +#endif | |
ae4e228f MT |
42886 | diff -urNp linux-2.6.33.1/include/linux/grinternal.h linux-2.6.33.1/include/linux/grinternal.h |
42887 | --- linux-2.6.33.1/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500 | |
42888 | +++ linux-2.6.33.1/include/linux/grinternal.h 2010-03-20 17:34:52.485855710 -0400 | |
42889 | @@ -0,0 +1,215 @@ | |
58c5fc13 MT |
42890 | +#ifndef __GRINTERNAL_H |
42891 | +#define __GRINTERNAL_H | |
42892 | + | |
42893 | +#ifdef CONFIG_GRKERNSEC | |
42894 | + | |
42895 | +#include <linux/fs.h> | |
42896 | +#include <linux/mnt_namespace.h> | |
42897 | +#include <linux/nsproxy.h> | |
42898 | +#include <linux/gracl.h> | |
42899 | +#include <linux/grdefs.h> | |
42900 | +#include <linux/grmsg.h> | |
42901 | + | |
42902 | +void gr_add_learn_entry(const char *fmt, ...) | |
42903 | + __attribute__ ((format (printf, 1, 2))); | |
42904 | +__u32 gr_search_file(const struct dentry *dentry, const __u32 mode, | |
42905 | + const struct vfsmount *mnt); | |
42906 | +__u32 gr_check_create(const struct dentry *new_dentry, | |
42907 | + const struct dentry *parent, | |
42908 | + const struct vfsmount *mnt, const __u32 mode); | |
42909 | +int gr_check_protected_task(const struct task_struct *task); | |
42910 | +__u32 to_gr_audit(const __u32 reqmode); | |
42911 | +int gr_set_acls(const int type); | |
42912 | + | |
42913 | +int gr_acl_is_enabled(void); | |
42914 | +char gr_roletype_to_char(void); | |
42915 | + | |
42916 | +void gr_handle_alertkill(struct task_struct *task); | |
42917 | +char *gr_to_filename(const struct dentry *dentry, | |
42918 | + const struct vfsmount *mnt); | |
42919 | +char *gr_to_filename1(const struct dentry *dentry, | |
42920 | + const struct vfsmount *mnt); | |
42921 | +char *gr_to_filename2(const struct dentry *dentry, | |
42922 | + const struct vfsmount *mnt); | |
42923 | +char *gr_to_filename3(const struct dentry *dentry, | |
42924 | + const struct vfsmount *mnt); | |
42925 | + | |
42926 | +extern int grsec_enable_harden_ptrace; | |
42927 | +extern int grsec_enable_link; | |
42928 | +extern int grsec_enable_fifo; | |
42929 | +extern int grsec_enable_execve; | |
42930 | +extern int grsec_enable_shm; | |
42931 | +extern int grsec_enable_execlog; | |
42932 | +extern int grsec_enable_signal; | |
ae4e228f | 42933 | +extern int grsec_enable_audit_ptrace; |
58c5fc13 MT |
42934 | +extern int grsec_enable_forkfail; |
42935 | +extern int grsec_enable_time; | |
ae4e228f | 42936 | +extern int grsec_enable_rofs; |
58c5fc13 MT |
42937 | +extern int grsec_enable_chroot_shmat; |
42938 | +extern int grsec_enable_chroot_findtask; | |
42939 | +extern int grsec_enable_chroot_mount; | |
42940 | +extern int grsec_enable_chroot_double; | |
42941 | +extern int grsec_enable_chroot_pivot; | |
42942 | +extern int grsec_enable_chroot_chdir; | |
42943 | +extern int grsec_enable_chroot_chmod; | |
42944 | +extern int grsec_enable_chroot_mknod; | |
42945 | +extern int grsec_enable_chroot_fchdir; | |
42946 | +extern int grsec_enable_chroot_nice; | |
42947 | +extern int grsec_enable_chroot_execlog; | |
42948 | +extern int grsec_enable_chroot_caps; | |
42949 | +extern int grsec_enable_chroot_sysctl; | |
42950 | +extern int grsec_enable_chroot_unix; | |
42951 | +extern int grsec_enable_tpe; | |
42952 | +extern int grsec_tpe_gid; | |
42953 | +extern int grsec_enable_tpe_all; | |
42954 | +extern int grsec_enable_sidcaps; | |
42955 | +extern int grsec_enable_socket_all; | |
42956 | +extern int grsec_socket_all_gid; | |
42957 | +extern int grsec_enable_socket_client; | |
42958 | +extern int grsec_socket_client_gid; | |
42959 | +extern int grsec_enable_socket_server; | |
42960 | +extern int grsec_socket_server_gid; | |
42961 | +extern int grsec_audit_gid; | |
42962 | +extern int grsec_enable_group; | |
42963 | +extern int grsec_enable_audit_textrel; | |
42964 | +extern int grsec_enable_mount; | |
42965 | +extern int grsec_enable_chdir; | |
42966 | +extern int grsec_resource_logging; | |
ae4e228f MT |
42967 | +extern int grsec_enable_blackhole; |
42968 | +extern int grsec_lastack_retries; | |
58c5fc13 MT |
42969 | +extern int grsec_lock; |
42970 | + | |
42971 | +extern spinlock_t grsec_alert_lock; | |
42972 | +extern unsigned long grsec_alert_wtime; | |
42973 | +extern unsigned long grsec_alert_fyet; | |
42974 | + | |
42975 | +extern spinlock_t grsec_audit_lock; | |
42976 | + | |
42977 | +extern rwlock_t grsec_exec_file_lock; | |
42978 | + | |
42979 | +#define gr_task_fullpath(tsk) (tsk->exec_file ? \ | |
42980 | + gr_to_filename2(tsk->exec_file->f_path.dentry, \ | |
42981 | + tsk->exec_file->f_vfsmnt) : "/") | |
42982 | + | |
42983 | +#define gr_parent_task_fullpath(tsk) (tsk->parent->exec_file ? \ | |
42984 | + gr_to_filename3(tsk->parent->exec_file->f_path.dentry, \ | |
42985 | + tsk->parent->exec_file->f_vfsmnt) : "/") | |
42986 | + | |
42987 | +#define gr_task_fullpath0(tsk) (tsk->exec_file ? \ | |
42988 | + gr_to_filename(tsk->exec_file->f_path.dentry, \ | |
42989 | + tsk->exec_file->f_vfsmnt) : "/") | |
42990 | + | |
42991 | +#define gr_parent_task_fullpath0(tsk) (tsk->parent->exec_file ? \ | |
42992 | + gr_to_filename1(tsk->parent->exec_file->f_path.dentry, \ | |
42993 | + tsk->parent->exec_file->f_vfsmnt) : "/") | |
42994 | + | |
42995 | +#define proc_is_chrooted(tsk_a) ((tsk_a->pid > 1) && (tsk_a->fs != NULL) && \ | |
42996 | + ((init_task.fs->root.dentry != tsk_a->fs->root.dentry) && \ | |
42997 | + (tsk_a->nsproxy->mnt_ns->root->mnt_root != \ | |
42998 | + tsk_a->fs->root.dentry))) | |
42999 | + | |
43000 | +#define have_same_root(tsk_a,tsk_b) ((tsk_a->fs != NULL) && (tsk_b->fs != NULL) && \ | |
43001 | + (tsk_a->fs->root.dentry == tsk_b->fs->root.dentry)) | |
43002 | + | |
43003 | +#define DEFAULTSECARGS(task, cred, pcred) gr_task_fullpath(task), task->comm, \ | |
43004 | + task->pid, cred->uid, \ | |
43005 | + cred->euid, cred->gid, cred->egid, \ | |
43006 | + gr_parent_task_fullpath(task), \ | |
43007 | + task->parent->comm, task->parent->pid, \ | |
43008 | + pcred->uid, pcred->euid, \ | |
43009 | + pcred->gid, pcred->egid | |
43010 | + | |
43011 | +#define GR_CHROOT_CAPS {{ \ | |
43012 | + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \ | |
43013 | + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \ | |
43014 | + CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \ | |
43015 | + CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \ | |
43016 | + CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \ | |
43017 | + CAP_TO_MASK(CAP_IPC_OWNER) , 0 }} | |
43018 | + | |
43019 | +#define security_learn(normal_msg,args...) \ | |
43020 | +({ \ | |
43021 | + read_lock(&grsec_exec_file_lock); \ | |
43022 | + gr_add_learn_entry(normal_msg "\n", ## args); \ | |
43023 | + read_unlock(&grsec_exec_file_lock); \ | |
43024 | +}) | |
43025 | + | |
43026 | +enum { | |
43027 | + GR_DO_AUDIT, | |
43028 | + GR_DONT_AUDIT, | |
43029 | + GR_DONT_AUDIT_GOOD | |
43030 | +}; | |
43031 | + | |
43032 | +enum { | |
43033 | + GR_TTYSNIFF, | |
43034 | + GR_RBAC, | |
43035 | + GR_RBAC_STR, | |
43036 | + GR_STR_RBAC, | |
43037 | + GR_RBAC_MODE2, | |
43038 | + GR_RBAC_MODE3, | |
43039 | + GR_FILENAME, | |
43040 | + GR_SYSCTL_HIDDEN, | |
43041 | + GR_NOARGS, | |
43042 | + GR_ONE_INT, | |
43043 | + GR_ONE_INT_TWO_STR, | |
43044 | + GR_ONE_STR, | |
43045 | + GR_STR_INT, | |
43046 | + GR_TWO_INT, | |
43047 | + GR_THREE_INT, | |
43048 | + GR_FIVE_INT_TWO_STR, | |
43049 | + GR_TWO_STR, | |
43050 | + GR_THREE_STR, | |
43051 | + GR_FOUR_STR, | |
43052 | + GR_STR_FILENAME, | |
43053 | + GR_FILENAME_STR, | |
43054 | + GR_FILENAME_TWO_INT, | |
43055 | + GR_FILENAME_TWO_INT_STR, | |
43056 | + GR_TEXTREL, | |
43057 | + GR_PTRACE, | |
43058 | + GR_RESOURCE, | |
43059 | + GR_CAP, | |
43060 | + GR_SIG, | |
43061 | + GR_SIG2, | |
43062 | + GR_CRASH1, | |
43063 | + GR_CRASH2, | |
43064 | + GR_PSACCT | |
43065 | +}; | |
43066 | + | |
43067 | +#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str) | |
43068 | +#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task) | |
43069 | +#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt) | |
43070 | +#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str) | |
43071 | +#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt) | |
43072 | +#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2) | |
43073 | +#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3) | |
43074 | +#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt) | |
43075 | +#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS) | |
43076 | +#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num) | |
43077 | +#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2) | |
43078 | +#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str) | |
43079 | +#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num) | |
43080 | +#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2) | |
43081 | +#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3) | |
43082 | +#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2) | |
43083 | +#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2) | |
43084 | +#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3) | |
43085 | +#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4) | |
43086 | +#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt) | |
43087 | +#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str) | |
43088 | +#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2) | |
43089 | +#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str) | |
43090 | +#define gr_log_textrel_ulong_ulong(audit, msg, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, file, ulong1, ulong2) | |
43091 | +#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task) | |
43092 | +#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2) | |
43093 | +#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str) | |
43094 | +#define gr_log_sig_addr(audit, msg, str, addr) gr_log_varargs(audit, msg, GR_SIG, str, addr) | |
43095 | +#define gr_log_sig_task(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG2, task, num) | |
43096 | +#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong) | |
43097 | +#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1) | |
43098 | +#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) | |
43099 | + | |
43100 | +void gr_log_varargs(int audit, const char *msg, int argtypes, ...); | |
43101 | + | |
43102 | +#endif | |
43103 | + | |
43104 | +#endif | |
ae4e228f MT |
43105 | diff -urNp linux-2.6.33.1/include/linux/grmsg.h linux-2.6.33.1/include/linux/grmsg.h |
43106 | --- linux-2.6.33.1/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500 | |
43107 | +++ linux-2.6.33.1/include/linux/grmsg.h 2010-03-20 17:00:48.140865901 -0400 | |
43108 | @@ -0,0 +1,107 @@ | |
58c5fc13 | 43109 | +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" |
ae4e228f | 43110 | +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" |
58c5fc13 MT |
43111 | +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " |
43112 | +#define GR_STOPMOD_MSG "denied modification of module state by " | |
ae4e228f MT |
43113 | +#define GR_ROFS_BLOCKWRITE_MSG "denied write to block device %.950s by " |
43114 | +#define GR_ROFS_MOUNT_MSG "denied writable mount of %.950s by " | |
58c5fc13 MT |
43115 | +#define GR_IOPERM_MSG "denied use of ioperm() by " |
43116 | +#define GR_IOPL_MSG "denied use of iopl() by " | |
43117 | +#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by " | |
43118 | +#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by " | |
43119 | +#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by " | |
43120 | +#define GR_KMEM_MSG "denied write of /dev/kmem by " | |
43121 | +#define GR_PORT_OPEN_MSG "denied open of /dev/port by " | |
43122 | +#define GR_MEM_WRITE_MSG "denied write of /dev/mem by " | |
43123 | +#define GR_MEM_MMAP_MSG "denied mmap write of /dev/[k]mem by " | |
43124 | +#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by " | |
ae4e228f MT |
43125 | +#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%pI4" |
43126 | +#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%pI4" | |
58c5fc13 MT |
43127 | +#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by " |
43128 | +#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by " | |
43129 | +#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by " | |
43130 | +#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by " | |
43131 | +#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by " | |
43132 | +#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by " | |
43133 | +#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by " | |
ae4e228f | 43134 | +#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%pI4 %.480s[%.16s:%d], parent %.480s[%.16s:%d] against " |
58c5fc13 MT |
43135 | +#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by " |
43136 | +#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by " | |
43137 | +#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by " | |
43138 | +#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by " | |
43139 | +#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for " | |
43140 | +#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by " | |
43141 | +#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by " | |
43142 | +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by " | |
ae4e228f | 43143 | +#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by " |
58c5fc13 MT |
43144 | +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by " |
43145 | +#define GR_NPROC_MSG "denied overstep of process limit by " | |
43146 | +#define GR_EXEC_ACL_MSG "%s execution of %.950s by " | |
43147 | +#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by " | |
43148 | +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds" | |
43149 | +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds" | |
43150 | +#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by " | |
43151 | +#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by " | |
43152 | +#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by " | |
43153 | +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by " | |
43154 | +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by " | |
43155 | +#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by " | |
43156 | +#define GR_FCHMOD_ACL_MSG "%s fchmod of %.950s by " | |
43157 | +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by " | |
43158 | +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by " | |
43159 | +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by " | |
43160 | +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by " | |
43161 | +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by " | |
43162 | +#define GR_INITF_ACL_MSG "init_variables() failed %s by " | |
43163 | +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader" | |
43164 | +#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbaged by " | |
43165 | +#define GR_SHUTS_ACL_MSG "shutdown auth success for " | |
43166 | +#define GR_SHUTF_ACL_MSG "shutdown auth failure for " | |
43167 | +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for " | |
43168 | +#define GR_SEGVMODS_ACL_MSG "segvmod auth success for " | |
43169 | +#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for " | |
43170 | +#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for " | |
43171 | +#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by " | |
43172 | +#define GR_ENABLEF_ACL_MSG "unable to load %s for " | |
43173 | +#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system" | |
43174 | +#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by " | |
43175 | +#define GR_RELOADF_ACL_MSG "failed reload of %s for " | |
43176 | +#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for " | |
43177 | +#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by " | |
43178 | +#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by " | |
43179 | +#define GR_SPROLEF_ACL_MSG "special role %s failure for " | |
43180 | +#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for " | |
43181 | +#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by " | |
58c5fc13 MT |
43182 | +#define GR_INVMODE_ACL_MSG "invalid mode %d by " |
43183 | +#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by " | |
43184 | +#define GR_FAILFORK_MSG "failed fork with errno %d by " | |
43185 | +#define GR_NICE_CHROOT_MSG "denied priority change by " | |
43186 | +#define GR_UNISIGLOG_MSG "%.32s occurred at %p in " | |
43187 | +#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by " | |
43188 | +#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by " | |
43189 | +#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by " | |
43190 | +#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by " | |
43191 | +#define GR_TIME_MSG "time set by " | |
43192 | +#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by " | |
43193 | +#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by " | |
43194 | +#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by " | |
43195 | +#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by " | |
43196 | +#define GR_SOCK2_MSG "denied socket(%d,%.16s,%.16s) by " | |
43197 | +#define GR_BIND_MSG "denied bind() by " | |
43198 | +#define GR_CONNECT_MSG "denied connect() by " | |
ae4e228f MT |
43199 | +#define GR_BIND_ACL_MSG "denied bind() to %pI4 port %u sock type %.16s protocol %.16s by " |
43200 | +#define GR_CONNECT_ACL_MSG "denied connect() to %pI4 port %u sock type %.16s protocol %.16s by " | |
43201 | +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4" | |
58c5fc13 MT |
43202 | +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process " |
43203 | +#define GR_CAP_ACL_MSG "use of %s denied for " | |
43204 | +#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for " | |
43205 | +#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for " | |
43206 | +#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by " | |
43207 | +#define GR_UNMOUNT_AUDIT_MSG "unmount of %.256s by " | |
43208 | +#define GR_MOUNT_AUDIT_MSG "mount of %.256s to %.256s by " | |
43209 | +#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by " | |
43210 | +#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by " | |
43211 | +#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for " | |
43212 | +#define GR_TEXTREL_AUDIT_MSG "text relocation in %s, VMA:0x%08lx 0x%08lx by " | |
43213 | +#define GR_NONROOT_MODLOAD_MSG "denied kernel module auto-load of %.64s by " | |
ae4e228f MT |
43214 | +#define GR_VM86_MSG "denied use of vm86 by " |
43215 | +#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by " | |
43216 | diff -urNp linux-2.6.33.1/include/linux/grsecurity.h linux-2.6.33.1/include/linux/grsecurity.h | |
43217 | --- linux-2.6.33.1/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500 | |
43218 | +++ linux-2.6.33.1/include/linux/grsecurity.h 2010-03-20 17:00:48.140865901 -0400 | |
43219 | @@ -0,0 +1,199 @@ | |
58c5fc13 MT |
43220 | +#ifndef GR_SECURITY_H |
43221 | +#define GR_SECURITY_H | |
43222 | +#include <linux/fs.h> | |
43223 | +#include <linux/fs_struct.h> | |
43224 | +#include <linux/binfmts.h> | |
43225 | +#include <linux/gracl.h> | |
43226 | + | |
43227 | +/* notify of brain-dead configs */ | |
43228 | +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC) | |
43229 | +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled." | |
43230 | +#endif | |
43231 | +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS) | |
43232 | +#error "CONFIG_PAX_NOEXEC enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled." | |
43233 | +#endif | |
43234 | +#if defined(CONFIG_PAX_ASLR) && (defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS) | |
43235 | +#error "CONFIG_PAX_ASLR enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled." | |
43236 | +#endif | |
43237 | +#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP) | |
43238 | +#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled." | |
43239 | +#endif | |
43240 | +#if defined(CONFIG_PAX) && !defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_ASLR) | |
43241 | +#error "CONFIG_PAX enabled, but no PaX options are enabled." | |
43242 | +#endif | |
43243 | + | |
43244 | +void gr_handle_brute_attach(struct task_struct *p); | |
43245 | +void gr_handle_brute_check(void); | |
43246 | + | |
43247 | +char gr_roletype_to_char(void); | |
43248 | + | |
43249 | +int gr_check_user_change(int real, int effective, int fs); | |
43250 | +int gr_check_group_change(int real, int effective, int fs); | |
43251 | + | |
43252 | +void gr_del_task_from_ip_table(struct task_struct *p); | |
43253 | + | |
43254 | +int gr_pid_is_chrooted(struct task_struct *p); | |
43255 | +int gr_handle_chroot_nice(void); | |
43256 | +int gr_handle_chroot_sysctl(const int op); | |
43257 | +int gr_handle_chroot_setpriority(struct task_struct *p, | |
43258 | + const int niceval); | |
43259 | +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt); | |
43260 | +int gr_handle_chroot_chroot(const struct dentry *dentry, | |
43261 | + const struct vfsmount *mnt); | |
43262 | +int gr_handle_chroot_caps(struct path *path); | |
43263 | +void gr_handle_chroot_chdir(struct path *path); | |
43264 | +int gr_handle_chroot_chmod(const struct dentry *dentry, | |
43265 | + const struct vfsmount *mnt, const int mode); | |
43266 | +int gr_handle_chroot_mknod(const struct dentry *dentry, | |
43267 | + const struct vfsmount *mnt, const int mode); | |
43268 | +int gr_handle_chroot_mount(const struct dentry *dentry, | |
43269 | + const struct vfsmount *mnt, | |
43270 | + const char *dev_name); | |
43271 | +int gr_handle_chroot_pivot(void); | |
43272 | +int gr_handle_chroot_unix(const pid_t pid); | |
43273 | + | |
43274 | +int gr_handle_rawio(const struct inode *inode); | |
43275 | +int gr_handle_nproc(void); | |
43276 | + | |
43277 | +void gr_handle_ioperm(void); | |
43278 | +void gr_handle_iopl(void); | |
43279 | + | |
43280 | +int gr_tpe_allow(const struct file *file); | |
43281 | + | |
43282 | +int gr_random_pid(void); | |
43283 | + | |
43284 | +void gr_log_forkfail(const int retval); | |
43285 | +void gr_log_timechange(void); | |
43286 | +void gr_log_signal(const int sig, const void *addr, const struct task_struct *t); | |
43287 | +void gr_log_chdir(const struct dentry *dentry, | |
43288 | + const struct vfsmount *mnt); | |
43289 | +void gr_log_chroot_exec(const struct dentry *dentry, | |
43290 | + const struct vfsmount *mnt); | |
43291 | +void gr_handle_exec_args(struct linux_binprm *bprm, char **argv); | |
43292 | +void gr_log_remount(const char *devname, const int retval); | |
43293 | +void gr_log_unmount(const char *devname, const int retval); | |
43294 | +void gr_log_mount(const char *from, const char *to, const int retval); | |
43295 | +void gr_log_textrel(struct vm_area_struct *vma); | |
43296 | + | |
43297 | +int gr_handle_follow_link(const struct inode *parent, | |
43298 | + const struct inode *inode, | |
43299 | + const struct dentry *dentry, | |
43300 | + const struct vfsmount *mnt); | |
43301 | +int gr_handle_fifo(const struct dentry *dentry, | |
43302 | + const struct vfsmount *mnt, | |
43303 | + const struct dentry *dir, const int flag, | |
43304 | + const int acc_mode); | |
43305 | +int gr_handle_hardlink(const struct dentry *dentry, | |
43306 | + const struct vfsmount *mnt, | |
43307 | + struct inode *inode, | |
43308 | + const int mode, const char *to); | |
43309 | + | |
43310 | +int gr_is_capable(const int cap); | |
43311 | +int gr_is_capable_nolog(const int cap); | |
43312 | +void gr_learn_resource(const struct task_struct *task, const int limit, | |
43313 | + const unsigned long wanted, const int gt); | |
43314 | +void gr_copy_label(struct task_struct *tsk); | |
43315 | +void gr_handle_crash(struct task_struct *task, const int sig); | |
43316 | +int gr_handle_signal(const struct task_struct *p, const int sig); | |
43317 | +int gr_check_crash_uid(const uid_t uid); | |
43318 | +int gr_check_protected_task(const struct task_struct *task); | |
43319 | +int gr_acl_handle_mmap(const struct file *file, | |
43320 | + const unsigned long prot); | |
43321 | +int gr_acl_handle_mprotect(const struct file *file, | |
43322 | + const unsigned long prot); | |
43323 | +int gr_check_hidden_task(const struct task_struct *tsk); | |
43324 | +__u32 gr_acl_handle_truncate(const struct dentry *dentry, | |
43325 | + const struct vfsmount *mnt); | |
43326 | +__u32 gr_acl_handle_utime(const struct dentry *dentry, | |
43327 | + const struct vfsmount *mnt); | |
43328 | +__u32 gr_acl_handle_access(const struct dentry *dentry, | |
43329 | + const struct vfsmount *mnt, const int fmode); | |
43330 | +__u32 gr_acl_handle_fchmod(const struct dentry *dentry, | |
43331 | + const struct vfsmount *mnt, mode_t mode); | |
43332 | +__u32 gr_acl_handle_chmod(const struct dentry *dentry, | |
43333 | + const struct vfsmount *mnt, mode_t mode); | |
43334 | +__u32 gr_acl_handle_chown(const struct dentry *dentry, | |
43335 | + const struct vfsmount *mnt); | |
43336 | +int gr_handle_ptrace(struct task_struct *task, const long request); | |
43337 | +int gr_handle_proc_ptrace(struct task_struct *task); | |
43338 | +__u32 gr_acl_handle_execve(const struct dentry *dentry, | |
43339 | + const struct vfsmount *mnt); | |
43340 | +int gr_check_crash_exec(const struct file *filp); | |
43341 | +int gr_acl_is_enabled(void); | |
43342 | +void gr_set_kernel_label(struct task_struct *task); | |
43343 | +void gr_set_role_label(struct task_struct *task, const uid_t uid, | |
43344 | + const gid_t gid); | |
43345 | +int gr_set_proc_label(const struct dentry *dentry, | |
43346 | + const struct vfsmount *mnt, | |
43347 | + const int unsafe_share); | |
43348 | +__u32 gr_acl_handle_hidden_file(const struct dentry *dentry, | |
43349 | + const struct vfsmount *mnt); | |
43350 | +__u32 gr_acl_handle_open(const struct dentry *dentry, | |
43351 | + const struct vfsmount *mnt, const int fmode); | |
43352 | +__u32 gr_acl_handle_creat(const struct dentry *dentry, | |
43353 | + const struct dentry *p_dentry, | |
43354 | + const struct vfsmount *p_mnt, const int fmode, | |
43355 | + const int imode); | |
43356 | +void gr_handle_create(const struct dentry *dentry, | |
43357 | + const struct vfsmount *mnt); | |
43358 | +__u32 gr_acl_handle_mknod(const struct dentry *new_dentry, | |
43359 | + const struct dentry *parent_dentry, | |
43360 | + const struct vfsmount *parent_mnt, | |
43361 | + const int mode); | |
43362 | +__u32 gr_acl_handle_mkdir(const struct dentry *new_dentry, | |
43363 | + const struct dentry *parent_dentry, | |
43364 | + const struct vfsmount *parent_mnt); | |
43365 | +__u32 gr_acl_handle_rmdir(const struct dentry *dentry, | |
43366 | + const struct vfsmount *mnt); | |
43367 | +void gr_handle_delete(const ino_t ino, const dev_t dev); | |
43368 | +__u32 gr_acl_handle_unlink(const struct dentry *dentry, | |
43369 | + const struct vfsmount *mnt); | |
43370 | +__u32 gr_acl_handle_symlink(const struct dentry *new_dentry, | |
43371 | + const struct dentry *parent_dentry, | |
43372 | + const struct vfsmount *parent_mnt, | |
43373 | + const char *from); | |
43374 | +__u32 gr_acl_handle_link(const struct dentry *new_dentry, | |
43375 | + const struct dentry *parent_dentry, | |
43376 | + const struct vfsmount *parent_mnt, | |
43377 | + const struct dentry *old_dentry, | |
43378 | + const struct vfsmount *old_mnt, const char *to); | |
43379 | +int gr_acl_handle_rename(struct dentry *new_dentry, | |
43380 | + struct dentry *parent_dentry, | |
43381 | + const struct vfsmount *parent_mnt, | |
43382 | + struct dentry *old_dentry, | |
43383 | + struct inode *old_parent_inode, | |
43384 | + struct vfsmount *old_mnt, const char *newname); | |
43385 | +void gr_handle_rename(struct inode *old_dir, struct inode *new_dir, | |
43386 | + struct dentry *old_dentry, | |
43387 | + struct dentry *new_dentry, | |
43388 | + struct vfsmount *mnt, const __u8 replace); | |
43389 | +__u32 gr_check_link(const struct dentry *new_dentry, | |
43390 | + const struct dentry *parent_dentry, | |
43391 | + const struct vfsmount *parent_mnt, | |
43392 | + const struct dentry *old_dentry, | |
43393 | + const struct vfsmount *old_mnt); | |
43394 | +int gr_acl_handle_filldir(const struct file *file, const char *name, | |
43395 | + const unsigned int namelen, const ino_t ino); | |
43396 | + | |
43397 | +__u32 gr_acl_handle_unix(const struct dentry *dentry, | |
43398 | + const struct vfsmount *mnt); | |
43399 | +void gr_acl_handle_exit(void); | |
43400 | +void gr_acl_handle_psacct(struct task_struct *task, const long code); | |
43401 | +int gr_acl_handle_procpidmem(const struct task_struct *task); | |
ae4e228f MT |
43402 | +int gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags); |
43403 | +int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode); | |
43404 | +void gr_audit_ptrace(struct task_struct *task); | |
58c5fc13 MT |
43405 | + |
43406 | +#ifdef CONFIG_GRKERNSEC | |
43407 | +void gr_log_nonroot_mod_load(const char *modname); | |
ae4e228f | 43408 | +void gr_handle_vm86(void); |
58c5fc13 MT |
43409 | +void gr_handle_mem_write(void); |
43410 | +void gr_handle_kmem_write(void); | |
43411 | +void gr_handle_open_port(void); | |
43412 | +int gr_handle_mem_mmap(const unsigned long offset, | |
43413 | + struct vm_area_struct *vma); | |
43414 | + | |
43415 | +extern int grsec_enable_dmesg; | |
58c5fc13 MT |
43416 | +#endif |
43417 | + | |
43418 | +#endif | |
ae4e228f MT |
43419 | diff -urNp linux-2.6.33.1/include/linux/grsock.h linux-2.6.33.1/include/linux/grsock.h |
43420 | --- linux-2.6.33.1/include/linux/grsock.h 1969-12-31 19:00:00.000000000 -0500 | |
43421 | +++ linux-2.6.33.1/include/linux/grsock.h 2010-03-20 16:58:41.912517036 -0400 | |
43422 | @@ -0,0 +1,19 @@ | |
43423 | +#ifndef __GRSOCK_H | |
43424 | +#define __GRSOCK_H | |
43425 | + | |
43426 | +extern void gr_attach_curr_ip(const struct sock *sk); | |
43427 | +extern int gr_handle_sock_all(const int family, const int type, | |
43428 | + const int protocol); | |
43429 | +extern int gr_handle_sock_server(const struct sockaddr *sck); | |
43430 | +extern int gr_handle_sock_server_other(const struct socket *sck); | |
43431 | +extern int gr_handle_sock_client(const struct sockaddr *sck); | |
43432 | +extern int gr_search_connect(struct socket * sock, | |
43433 | + struct sockaddr_in * addr); | |
43434 | +extern int gr_search_bind(struct socket * sock, | |
43435 | + struct sockaddr_in * addr); | |
43436 | +extern int gr_search_listen(struct socket * sock); | |
43437 | +extern int gr_search_accept(struct socket * sock); | |
43438 | +extern int gr_search_socket(const int domain, const int type, | |
43439 | + const int protocol); | |
43440 | + | |
43441 | +#endif | |
43442 | diff -urNp linux-2.6.33.1/include/linux/hdpu_features.h linux-2.6.33.1/include/linux/hdpu_features.h | |
43443 | --- linux-2.6.33.1/include/linux/hdpu_features.h 2010-03-15 12:09:39.000000000 -0400 | |
43444 | +++ linux-2.6.33.1/include/linux/hdpu_features.h 2010-03-20 16:58:41.912517036 -0400 | |
58c5fc13 MT |
43445 | @@ -3,7 +3,7 @@ |
43446 | struct cpustate_t { | |
43447 | spinlock_t lock; | |
43448 | int excl; | |
43449 | - int open_count; | |
43450 | + atomic_t open_count; | |
43451 | unsigned char cached_val; | |
43452 | int inited; | |
43453 | unsigned long *set_addr; | |
ae4e228f MT |
43454 | diff -urNp linux-2.6.33.1/include/linux/highmem.h linux-2.6.33.1/include/linux/highmem.h |
43455 | --- linux-2.6.33.1/include/linux/highmem.h 2010-03-15 12:09:39.000000000 -0400 | |
43456 | +++ linux-2.6.33.1/include/linux/highmem.h 2010-03-20 16:58:41.912517036 -0400 | |
58c5fc13 MT |
43457 | @@ -137,6 +137,18 @@ static inline void clear_highpage(struct |
43458 | kunmap_atomic(kaddr, KM_USER0); | |
43459 | } | |
43460 | ||
43461 | +static inline void sanitize_highpage(struct page *page) | |
43462 | +{ | |
43463 | + void *kaddr; | |
43464 | + unsigned long flags; | |
43465 | + | |
43466 | + local_irq_save(flags); | |
43467 | + kaddr = kmap_atomic(page, KM_CLEARPAGE); | |
43468 | + clear_page(kaddr); | |
43469 | + kunmap_atomic(kaddr, KM_CLEARPAGE); | |
43470 | + local_irq_restore(flags); | |
43471 | +} | |
43472 | + | |
43473 | static inline void zero_user_segments(struct page *page, | |
43474 | unsigned start1, unsigned end1, | |
43475 | unsigned start2, unsigned end2) | |
ae4e228f MT |
43476 | diff -urNp linux-2.6.33.1/include/linux/init_task.h linux-2.6.33.1/include/linux/init_task.h |
43477 | --- linux-2.6.33.1/include/linux/init_task.h 2010-03-15 12:09:39.000000000 -0400 | |
43478 | +++ linux-2.6.33.1/include/linux/init_task.h 2010-03-20 16:58:41.912517036 -0400 | |
43479 | @@ -111,6 +111,13 @@ extern struct cred init_cred; | |
43480 | # define INIT_PERF_EVENTS(tsk) | |
43481 | #endif | |
43482 | ||
43483 | +#ifdef CONFIG_GRKERNSEC | |
43484 | +# define INIT_GR_FS_LOCK \ | |
43485 | + .gr_fs_lock = __RW_LOCK_UNLOCKED(gr_fs_lock), | |
43486 | +#else | |
43487 | +# define INIT_GR_FS_LOCK | |
43488 | +#endif | |
43489 | + | |
43490 | /* | |
43491 | * INIT_TASK is used to set up the first task table, touch at | |
43492 | * your own risk!. Base=0, limit=0x1fffff (=2MB) | |
43493 | @@ -180,6 +187,7 @@ extern struct cred init_cred; | |
43494 | INIT_FTRACE_GRAPH \ | |
43495 | INIT_TRACE_RECURSION \ | |
43496 | INIT_TASK_RCU_PREEMPT(tsk) \ | |
43497 | + INIT_GR_FS_LOCK \ | |
43498 | } | |
43499 | ||
43500 | ||
43501 | diff -urNp linux-2.6.33.1/include/linux/interrupt.h linux-2.6.33.1/include/linux/interrupt.h | |
43502 | --- linux-2.6.33.1/include/linux/interrupt.h 2010-03-15 12:09:39.000000000 -0400 | |
43503 | +++ linux-2.6.33.1/include/linux/interrupt.h 2010-03-20 16:58:41.912517036 -0400 | |
43504 | @@ -357,7 +357,7 @@ enum | |
43505 | /* map softirq index to softirq name. update 'softirq_to_name' in | |
43506 | * kernel/softirq.c when adding a new softirq. | |
43507 | */ | |
43508 | -extern char *softirq_to_name[NR_SOFTIRQS]; | |
43509 | +extern const char * const softirq_to_name[NR_SOFTIRQS]; | |
43510 | ||
43511 | /* softirq mask and active fields moved to irq_cpustat_t in | |
43512 | * asm/hardirq.h to get better cache usage. KAO | |
43513 | @@ -365,12 +365,12 @@ extern char *softirq_to_name[NR_SOFTIRQS | |
43514 | ||
43515 | struct softirq_action | |
43516 | { | |
43517 | - void (*action)(struct softirq_action *); | |
43518 | + void (*action)(void); | |
43519 | }; | |
43520 | ||
43521 | asmlinkage void do_softirq(void); | |
43522 | asmlinkage void __do_softirq(void); | |
43523 | -extern void open_softirq(int nr, void (*action)(struct softirq_action *)); | |
43524 | +extern void open_softirq(int nr, void (*action)(void)); | |
43525 | extern void softirq_init(void); | |
43526 | #define __raise_softirq_irqoff(nr) do { or_softirq_pending(1UL << (nr)); } while (0) | |
43527 | extern void raise_softirq_irqoff(unsigned int nr); | |
43528 | diff -urNp linux-2.6.33.1/include/linux/jbd2.h linux-2.6.33.1/include/linux/jbd2.h | |
43529 | --- linux-2.6.33.1/include/linux/jbd2.h 2010-03-15 12:09:39.000000000 -0400 | |
43530 | +++ linux-2.6.33.1/include/linux/jbd2.h 2010-03-20 16:58:41.912517036 -0400 | |
58c5fc13 MT |
43531 | @@ -66,7 +66,7 @@ extern u8 jbd2_journal_enable_debug; |
43532 | } \ | |
43533 | } while (0) | |
43534 | #else | |
43535 | -#define jbd_debug(f, a...) /**/ | |
43536 | +#define jbd_debug(f, a...) do {} while (0) | |
43537 | #endif | |
43538 | ||
43539 | static inline void *jbd2_alloc(size_t size, gfp_t flags) | |
ae4e228f MT |
43540 | diff -urNp linux-2.6.33.1/include/linux/jbd.h linux-2.6.33.1/include/linux/jbd.h |
43541 | --- linux-2.6.33.1/include/linux/jbd.h 2010-03-15 12:09:39.000000000 -0400 | |
43542 | +++ linux-2.6.33.1/include/linux/jbd.h 2010-03-20 16:58:41.916544293 -0400 | |
58c5fc13 MT |
43543 | @@ -66,7 +66,7 @@ extern u8 journal_enable_debug; |
43544 | } \ | |
43545 | } while (0) | |
43546 | #else | |
43547 | -#define jbd_debug(f, a...) /**/ | |
43548 | +#define jbd_debug(f, a...) do {} while (0) | |
43549 | #endif | |
43550 | ||
43551 | static inline void *jbd_alloc(size_t size, gfp_t flags) | |
ae4e228f MT |
43552 | diff -urNp linux-2.6.33.1/include/linux/kallsyms.h linux-2.6.33.1/include/linux/kallsyms.h |
43553 | --- linux-2.6.33.1/include/linux/kallsyms.h 2010-03-15 12:09:39.000000000 -0400 | |
43554 | +++ linux-2.6.33.1/include/linux/kallsyms.h 2010-03-20 16:58:41.916544293 -0400 | |
58c5fc13 MT |
43555 | @@ -15,7 +15,8 @@ |
43556 | ||
43557 | struct module; | |
43558 | ||
43559 | -#ifdef CONFIG_KALLSYMS | |
43560 | +#ifndef __INCLUDED_BY_HIDESYM | |
43561 | +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM) | |
43562 | /* Lookup the address for a symbol. Returns 0 if not found. */ | |
43563 | unsigned long kallsyms_lookup_name(const char *name); | |
43564 | ||
43565 | @@ -92,6 +93,9 @@ static inline int lookup_symbol_attrs(un | |
43566 | /* Stupid that this does nothing, but I didn't create this mess. */ | |
43567 | #define __print_symbol(fmt, addr) | |
43568 | #endif /*CONFIG_KALLSYMS*/ | |
43569 | +#else /* when included by kallsyms.c, with HIDESYM enabled */ | |
43570 | +extern void __print_symbol(const char *fmt, unsigned long address); | |
43571 | +#endif | |
43572 | ||
43573 | /* This macro allows us to keep printk typechecking */ | |
43574 | static void __check_printsym_format(const char *fmt, ...) | |
ae4e228f MT |
43575 | diff -urNp linux-2.6.33.1/include/linux/kgdb.h linux-2.6.33.1/include/linux/kgdb.h |
43576 | --- linux-2.6.33.1/include/linux/kgdb.h 2010-03-15 12:09:39.000000000 -0400 | |
43577 | +++ linux-2.6.33.1/include/linux/kgdb.h 2010-03-20 16:58:41.916544293 -0400 | |
43578 | @@ -250,20 +250,20 @@ struct kgdb_arch { | |
43579 | */ | |
43580 | struct kgdb_io { | |
43581 | const char *name; | |
43582 | - int (*read_char) (void); | |
43583 | - void (*write_char) (u8); | |
43584 | - void (*flush) (void); | |
43585 | - int (*init) (void); | |
43586 | - void (*pre_exception) (void); | |
43587 | - void (*post_exception) (void); | |
43588 | + int (* const read_char) (void); | |
43589 | + void (* const write_char) (u8); | |
43590 | + void (* const flush) (void); | |
43591 | + int (* const init) (void); | |
43592 | + void (* const pre_exception) (void); | |
43593 | + void (* const post_exception) (void); | |
43594 | }; | |
43595 | ||
43596 | -extern struct kgdb_arch arch_kgdb_ops; | |
43597 | +extern const struct kgdb_arch arch_kgdb_ops; | |
43598 | ||
43599 | extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs); | |
43600 | ||
43601 | -extern int kgdb_register_io_module(struct kgdb_io *local_kgdb_io_ops); | |
43602 | -extern void kgdb_unregister_io_module(struct kgdb_io *local_kgdb_io_ops); | |
43603 | +extern int kgdb_register_io_module(const struct kgdb_io *local_kgdb_io_ops); | |
43604 | +extern void kgdb_unregister_io_module(const struct kgdb_io *local_kgdb_io_ops); | |
43605 | ||
43606 | extern int kgdb_hex2long(char **ptr, unsigned long *long_val); | |
43607 | extern int kgdb_mem2hex(char *mem, char *buf, int count); | |
43608 | diff -urNp linux-2.6.33.1/include/linux/kobject.h linux-2.6.33.1/include/linux/kobject.h | |
43609 | --- linux-2.6.33.1/include/linux/kobject.h 2010-03-15 12:09:39.000000000 -0400 | |
43610 | +++ linux-2.6.33.1/include/linux/kobject.h 2010-03-20 16:58:41.916544293 -0400 | |
43611 | @@ -106,7 +106,7 @@ extern char *kobject_get_path(struct kob | |
43612 | ||
43613 | struct kobj_type { | |
43614 | void (*release)(struct kobject *kobj); | |
43615 | - struct sysfs_ops *sysfs_ops; | |
43616 | + const struct sysfs_ops *sysfs_ops; | |
43617 | struct attribute **default_attrs; | |
43618 | }; | |
43619 | ||
43620 | @@ -118,9 +118,9 @@ struct kobj_uevent_env { | |
43621 | }; | |
43622 | ||
43623 | struct kset_uevent_ops { | |
43624 | - int (*filter)(struct kset *kset, struct kobject *kobj); | |
43625 | - const char *(*name)(struct kset *kset, struct kobject *kobj); | |
43626 | - int (*uevent)(struct kset *kset, struct kobject *kobj, | |
43627 | + int (* const filter)(struct kset *kset, struct kobject *kobj); | |
43628 | + const char *(* const name)(struct kset *kset, struct kobject *kobj); | |
43629 | + int (* const uevent)(struct kset *kset, struct kobject *kobj, | |
43630 | struct kobj_uevent_env *env); | |
43631 | }; | |
43632 | ||
43633 | @@ -132,7 +132,7 @@ struct kobj_attribute { | |
43634 | const char *buf, size_t count); | |
43635 | }; | |
43636 | ||
43637 | -extern struct sysfs_ops kobj_sysfs_ops; | |
43638 | +extern const struct sysfs_ops kobj_sysfs_ops; | |
43639 | ||
43640 | /** | |
43641 | * struct kset - a set of kobjects of a specific type, belonging to a specific subsystem. | |
43642 | @@ -155,14 +155,14 @@ struct kset { | |
43643 | struct list_head list; | |
43644 | spinlock_t list_lock; | |
43645 | struct kobject kobj; | |
43646 | - struct kset_uevent_ops *uevent_ops; | |
43647 | + const struct kset_uevent_ops *uevent_ops; | |
43648 | }; | |
43649 | ||
43650 | extern void kset_init(struct kset *kset); | |
43651 | extern int __must_check kset_register(struct kset *kset); | |
43652 | extern void kset_unregister(struct kset *kset); | |
43653 | extern struct kset * __must_check kset_create_and_add(const char *name, | |
43654 | - struct kset_uevent_ops *u, | |
43655 | + const struct kset_uevent_ops *u, | |
43656 | struct kobject *parent_kobj); | |
43657 | ||
43658 | static inline struct kset *to_kset(struct kobject *kobj) | |
43659 | diff -urNp linux-2.6.33.1/include/linux/kvm_host.h linux-2.6.33.1/include/linux/kvm_host.h | |
43660 | --- linux-2.6.33.1/include/linux/kvm_host.h 2010-03-15 12:09:39.000000000 -0400 | |
43661 | +++ linux-2.6.33.1/include/linux/kvm_host.h 2010-03-20 16:58:41.916544293 -0400 | |
43662 | @@ -225,7 +225,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vc | |
58c5fc13 MT |
43663 | void vcpu_load(struct kvm_vcpu *vcpu); |
43664 | void vcpu_put(struct kvm_vcpu *vcpu); | |
43665 | ||
43666 | -int kvm_init(void *opaque, unsigned int vcpu_size, | |
43667 | +int kvm_init(const void *opaque, unsigned int vcpu_size, | |
43668 | struct module *module); | |
43669 | void kvm_exit(void); | |
43670 | ||
ae4e228f | 43671 | @@ -332,7 +332,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug( |
58c5fc13 MT |
43672 | struct kvm_guest_debug *dbg); |
43673 | int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run); | |
43674 | ||
43675 | -int kvm_arch_init(void *opaque); | |
43676 | +int kvm_arch_init(const void *opaque); | |
43677 | void kvm_arch_exit(void); | |
43678 | ||
43679 | int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); | |
ae4e228f MT |
43680 | diff -urNp linux-2.6.33.1/include/linux/libata.h linux-2.6.33.1/include/linux/libata.h |
43681 | --- linux-2.6.33.1/include/linux/libata.h 2010-03-15 12:09:39.000000000 -0400 | |
43682 | +++ linux-2.6.33.1/include/linux/libata.h 2010-03-20 16:58:41.916544293 -0400 | |
58c5fc13 MT |
43683 | @@ -64,11 +64,11 @@ |
43684 | #ifdef ATA_VERBOSE_DEBUG | |
43685 | #define VPRINTK(fmt, args...) printk(KERN_ERR "%s: " fmt, __func__, ## args) | |
43686 | #else | |
43687 | -#define VPRINTK(fmt, args...) | |
43688 | +#define VPRINTK(fmt, args...) do {} while (0) | |
43689 | #endif /* ATA_VERBOSE_DEBUG */ | |
43690 | #else | |
43691 | -#define DPRINTK(fmt, args...) | |
43692 | -#define VPRINTK(fmt, args...) | |
43693 | +#define DPRINTK(fmt, args...) do {} while (0) | |
43694 | +#define VPRINTK(fmt, args...) do {} while (0) | |
43695 | #endif /* ATA_DEBUG */ | |
43696 | ||
43697 | #define BPRINTK(fmt, args...) if (ap->flags & ATA_FLAG_DEBUGMSG) printk(KERN_ERR "%s: " fmt, __func__, ## args) | |
ae4e228f MT |
43698 | @@ -524,11 +524,11 @@ struct ata_ioports { |
43699 | ||
43700 | struct ata_host { | |
43701 | spinlock_t lock; | |
43702 | - struct device *dev; | |
43703 | + struct device *dev; | |
43704 | void __iomem * const *iomap; | |
43705 | unsigned int n_ports; | |
43706 | void *private_data; | |
43707 | - struct ata_port_operations *ops; | |
43708 | + const struct ata_port_operations *ops; | |
43709 | unsigned long flags; | |
43710 | #ifdef CONFIG_ATA_ACPI | |
43711 | acpi_handle acpi_handle; | |
43712 | @@ -710,7 +710,7 @@ struct ata_link { | |
43713 | ||
43714 | struct ata_port { | |
43715 | struct Scsi_Host *scsi_host; /* our co-allocated scsi host */ | |
43716 | - struct ata_port_operations *ops; | |
43717 | + const struct ata_port_operations *ops; | |
43718 | spinlock_t *lock; | |
43719 | /* Flags owned by the EH context. Only EH should touch these once the | |
43720 | port is active */ | |
43721 | @@ -892,7 +892,7 @@ struct ata_port_info { | |
43722 | unsigned long pio_mask; | |
43723 | unsigned long mwdma_mask; | |
43724 | unsigned long udma_mask; | |
43725 | - struct ata_port_operations *port_ops; | |
43726 | + const struct ata_port_operations *port_ops; | |
43727 | void *private_data; | |
43728 | }; | |
43729 | ||
43730 | @@ -916,7 +916,7 @@ extern const unsigned long sata_deb_timi | |
43731 | extern const unsigned long sata_deb_timing_hotplug[]; | |
43732 | extern const unsigned long sata_deb_timing_long[]; | |
43733 | ||
43734 | -extern struct ata_port_operations ata_dummy_port_ops; | |
43735 | +extern const struct ata_port_operations ata_dummy_port_ops; | |
43736 | extern const struct ata_port_info ata_dummy_port_info; | |
43737 | ||
43738 | static inline const unsigned long * | |
43739 | @@ -962,7 +962,7 @@ extern int ata_host_activate(struct ata_ | |
43740 | struct scsi_host_template *sht); | |
43741 | extern void ata_host_detach(struct ata_host *host); | |
43742 | extern void ata_host_init(struct ata_host *, struct device *, | |
43743 | - unsigned long, struct ata_port_operations *); | |
43744 | + unsigned long, const struct ata_port_operations *); | |
43745 | extern int ata_scsi_detect(struct scsi_host_template *sht); | |
43746 | extern int ata_scsi_ioctl(struct scsi_device *dev, int cmd, void __user *arg); | |
43747 | extern int ata_scsi_queuecmd(struct scsi_cmnd *cmd, void (*done)(struct scsi_cmnd *)); | |
43748 | diff -urNp linux-2.6.33.1/include/linux/lockd/bind.h linux-2.6.33.1/include/linux/lockd/bind.h | |
43749 | --- linux-2.6.33.1/include/linux/lockd/bind.h 2010-03-15 12:09:39.000000000 -0400 | |
43750 | +++ linux-2.6.33.1/include/linux/lockd/bind.h 2010-03-20 16:58:41.916544293 -0400 | |
43751 | @@ -23,13 +23,13 @@ struct svc_rqst; | |
43752 | * This is the set of functions for lockd->nfsd communication | |
43753 | */ | |
43754 | struct nlmsvc_binding { | |
43755 | - __be32 (*fopen)(struct svc_rqst *, | |
43756 | + __be32 (* const fopen)(struct svc_rqst *, | |
43757 | struct nfs_fh *, | |
43758 | struct file **); | |
43759 | - void (*fclose)(struct file *); | |
43760 | + void (* const fclose)(struct file *); | |
43761 | }; | |
43762 | ||
43763 | -extern struct nlmsvc_binding * nlmsvc_ops; | |
43764 | +extern const struct nlmsvc_binding * nlmsvc_ops; | |
43765 | ||
43766 | /* | |
43767 | * Similar to nfs_client_initdata, but without the NFS-specific | |
43768 | diff -urNp linux-2.6.33.1/include/linux/mm.h linux-2.6.33.1/include/linux/mm.h | |
43769 | --- linux-2.6.33.1/include/linux/mm.h 2010-03-15 12:09:39.000000000 -0400 | |
43770 | +++ linux-2.6.33.1/include/linux/mm.h 2010-03-20 16:58:41.916544293 -0400 | |
43771 | @@ -106,6 +106,10 @@ extern unsigned int kobjsize(const void | |
58c5fc13 | 43772 | #define VM_PFN_AT_MMAP 0x40000000 /* PFNMAP vma that is fully mapped at mmap time */ |
ae4e228f | 43773 | #define VM_MERGEABLE 0x80000000 /* KSM may merge identical pages */ |
58c5fc13 MT |
43774 | |
43775 | +#ifdef CONFIG_PAX_PAGEEXEC | |
43776 | +#define VM_PAGEEXEC 0x80000000 /* vma->vm_page_prot needs special handling */ | |
43777 | +#endif | |
43778 | + | |
43779 | #ifndef VM_STACK_DEFAULT_FLAGS /* arch can override this */ | |
43780 | #define VM_STACK_DEFAULT_FLAGS VM_DATA_DEFAULT_FLAGS | |
43781 | #endif | |
ae4e228f | 43782 | @@ -895,6 +899,8 @@ struct shrinker { |
58c5fc13 MT |
43783 | extern void register_shrinker(struct shrinker *); |
43784 | extern void unregister_shrinker(struct shrinker *); | |
43785 | ||
43786 | +pgprot_t vm_get_page_prot(unsigned long vm_flags); | |
43787 | + | |
43788 | int vma_wants_writenotify(struct vm_area_struct *vma); | |
43789 | ||
43790 | extern pte_t *get_locked_pte(struct mm_struct *mm, unsigned long addr, spinlock_t **ptl); | |
ae4e228f | 43791 | @@ -1171,6 +1177,7 @@ out: |
58c5fc13 MT |
43792 | } |
43793 | ||
43794 | extern int do_munmap(struct mm_struct *, unsigned long, size_t); | |
43795 | +extern int __do_munmap(struct mm_struct *, unsigned long, size_t); | |
43796 | ||
43797 | extern unsigned long do_brk(unsigned long, unsigned long); | |
43798 | ||
ae4e228f | 43799 | @@ -1225,6 +1232,10 @@ extern struct vm_area_struct * find_vma( |
58c5fc13 MT |
43800 | extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, |
43801 | struct vm_area_struct **pprev); | |
43802 | ||
43803 | +extern struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma); | |
43804 | +extern void pax_mirror_vma(struct vm_area_struct *vma_m, struct vm_area_struct *vma); | |
43805 | +extern void pax_mirror_file_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl); | |
43806 | + | |
43807 | /* Look up the first VMA which intersects the interval start_addr..end_addr-1, | |
43808 | NULL if none. Assume start_addr < end_addr. */ | |
43809 | static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) | |
ae4e228f | 43810 | @@ -1241,7 +1252,6 @@ static inline unsigned long vma_pages(st |
58c5fc13 MT |
43811 | return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; |
43812 | } | |
43813 | ||
43814 | -pgprot_t vm_get_page_prot(unsigned long vm_flags); | |
43815 | struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr); | |
43816 | int remap_pfn_range(struct vm_area_struct *, unsigned long addr, | |
43817 | unsigned long pfn, unsigned long size, pgprot_t); | |
ae4e228f MT |
43818 | @@ -1344,8 +1354,14 @@ extern int unpoison_memory(unsigned long |
43819 | extern int sysctl_memory_failure_early_kill; | |
43820 | extern int sysctl_memory_failure_recovery; | |
43821 | extern void shake_page(struct page *p, int access); | |
43822 | -extern atomic_long_t mce_bad_pages; | |
43823 | +extern atomic_long_unchecked_t mce_bad_pages; | |
43824 | extern int soft_offline_page(struct page *page, int flags); | |
43825 | ||
58c5fc13 MT |
43826 | +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT |
43827 | +extern void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot); | |
43828 | +#else | |
43829 | +static inline void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot) {} | |
43830 | +#endif | |
43831 | + | |
43832 | #endif /* __KERNEL__ */ | |
43833 | #endif /* _LINUX_MM_H */ | |
ae4e228f MT |
43834 | diff -urNp linux-2.6.33.1/include/linux/mm_types.h linux-2.6.33.1/include/linux/mm_types.h |
43835 | --- linux-2.6.33.1/include/linux/mm_types.h 2010-03-15 12:09:39.000000000 -0400 | |
43836 | +++ linux-2.6.33.1/include/linux/mm_types.h 2010-03-20 16:58:41.916544293 -0400 | |
43837 | @@ -188,6 +188,8 @@ struct vm_area_struct { | |
58c5fc13 MT |
43838 | #ifdef CONFIG_NUMA |
43839 | struct mempolicy *vm_policy; /* NUMA policy for the VMA */ | |
43840 | #endif | |
43841 | + | |
43842 | + struct vm_area_struct *vm_mirror;/* PaX: mirror vma or NULL */ | |
43843 | }; | |
43844 | ||
43845 | struct core_thread { | |
ae4e228f | 43846 | @@ -291,6 +293,24 @@ struct mm_struct { |
58c5fc13 MT |
43847 | #ifdef CONFIG_MMU_NOTIFIER |
43848 | struct mmu_notifier_mm *mmu_notifier_mm; | |
43849 | #endif | |
43850 | + | |
43851 | +#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) | |
43852 | + unsigned long pax_flags; | |
43853 | +#endif | |
43854 | + | |
43855 | +#ifdef CONFIG_PAX_DLRESOLVE | |
43856 | + unsigned long call_dl_resolve; | |
43857 | +#endif | |
43858 | + | |
43859 | +#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT) | |
43860 | + unsigned long call_syscall; | |
43861 | +#endif | |
43862 | + | |
43863 | +#ifdef CONFIG_PAX_ASLR | |
43864 | + unsigned long delta_mmap; /* randomized offset */ | |
43865 | + unsigned long delta_stack; /* randomized offset */ | |
43866 | +#endif | |
43867 | + | |
43868 | }; | |
43869 | ||
43870 | /* Future-safe accessor for struct mm_struct's cpu_vm_mask. */ | |
ae4e228f MT |
43871 | diff -urNp linux-2.6.33.1/include/linux/mmu_notifier.h linux-2.6.33.1/include/linux/mmu_notifier.h |
43872 | --- linux-2.6.33.1/include/linux/mmu_notifier.h 2010-03-15 12:09:39.000000000 -0400 | |
43873 | +++ linux-2.6.33.1/include/linux/mmu_notifier.h 2010-03-20 16:58:41.916544293 -0400 | |
43874 | @@ -235,12 +235,12 @@ static inline void mmu_notifier_mm_destr | |
43875 | */ | |
43876 | #define ptep_clear_flush_notify(__vma, __address, __ptep) \ | |
43877 | ({ \ | |
43878 | - pte_t __pte; \ | |
43879 | + pte_t ___pte; \ | |
43880 | struct vm_area_struct *___vma = __vma; \ | |
43881 | unsigned long ___address = __address; \ | |
43882 | - __pte = ptep_clear_flush(___vma, ___address, __ptep); \ | |
43883 | + ___pte = ptep_clear_flush(___vma, ___address, __ptep); \ | |
43884 | mmu_notifier_invalidate_page(___vma->vm_mm, ___address); \ | |
43885 | - __pte; \ | |
43886 | + ___pte; \ | |
43887 | }) | |
43888 | ||
43889 | #define ptep_clear_flush_young_notify(__vma, __address, __ptep) \ | |
43890 | diff -urNp linux-2.6.33.1/include/linux/mod_devicetable.h linux-2.6.33.1/include/linux/mod_devicetable.h | |
43891 | --- linux-2.6.33.1/include/linux/mod_devicetable.h 2010-03-15 12:09:39.000000000 -0400 | |
43892 | +++ linux-2.6.33.1/include/linux/mod_devicetable.h 2010-03-20 16:58:41.916544293 -0400 | |
58c5fc13 MT |
43893 | @@ -12,7 +12,7 @@ |
43894 | typedef unsigned long kernel_ulong_t; | |
43895 | #endif | |
43896 | ||
43897 | -#define PCI_ANY_ID (~0) | |
43898 | +#define PCI_ANY_ID ((__u16)~0) | |
43899 | ||
43900 | struct pci_device_id { | |
43901 | __u32 vendor, device; /* Vendor and device ID or PCI_ANY_ID*/ | |
43902 | @@ -131,7 +131,7 @@ struct usb_device_id { | |
43903 | #define USB_DEVICE_ID_MATCH_INT_SUBCLASS 0x0100 | |
43904 | #define USB_DEVICE_ID_MATCH_INT_PROTOCOL 0x0200 | |
43905 | ||
43906 | -#define HID_ANY_ID (~0) | |
43907 | +#define HID_ANY_ID (~0U) | |
43908 | ||
43909 | struct hid_device_id { | |
43910 | __u16 bus; | |
ae4e228f MT |
43911 | diff -urNp linux-2.6.33.1/include/linux/module.h linux-2.6.33.1/include/linux/module.h |
43912 | --- linux-2.6.33.1/include/linux/module.h 2010-03-15 12:09:39.000000000 -0400 | |
43913 | +++ linux-2.6.33.1/include/linux/module.h 2010-03-20 16:58:41.916544293 -0400 | |
43914 | @@ -289,16 +289,16 @@ struct module | |
58c5fc13 MT |
43915 | int (*init)(void); |
43916 | ||
43917 | /* If this is non-NULL, vfree after init() returns */ | |
43918 | - void *module_init; | |
43919 | + void *module_init_rx, *module_init_rw; | |
43920 | ||
43921 | /* Here is the actual code + data, vfree'd on unload. */ | |
43922 | - void *module_core; | |
43923 | + void *module_core_rx, *module_core_rw; | |
43924 | ||
43925 | /* Here are the sizes of the init and core sections */ | |
43926 | - unsigned int init_size, core_size; | |
43927 | + unsigned int init_size_rw, core_size_rw; | |
43928 | ||
43929 | /* The size of the executable code in each section. */ | |
43930 | - unsigned int init_text_size, core_text_size; | |
43931 | + unsigned int init_size_rx, core_size_rx; | |
43932 | ||
43933 | /* Arch-specific module values */ | |
43934 | struct mod_arch_specific arch; | |
ae4e228f | 43935 | @@ -395,16 +395,46 @@ struct module *__module_address(unsigned |
58c5fc13 MT |
43936 | bool is_module_address(unsigned long addr); |
43937 | bool is_module_text_address(unsigned long addr); | |
43938 | ||
43939 | +static inline int within_module_range(unsigned long addr, void *start, unsigned long size) | |
43940 | +{ | |
43941 | + | |
43942 | +#ifdef CONFIG_PAX_KERNEXEC | |
43943 | + if (ktla_ktva(addr) >= (unsigned long)start && | |
43944 | + ktla_ktva(addr) < (unsigned long)start + size) | |
43945 | + return 1; | |
43946 | +#endif | |
43947 | + | |
43948 | + return ((void *)addr >= start && (void *)addr < start + size); | |
43949 | +} | |
43950 | + | |
43951 | +static inline int within_module_core_rx(unsigned long addr, struct module *mod) | |
43952 | +{ | |
43953 | + return within_module_range(addr, mod->module_core_rx, mod->core_size_rx); | |
43954 | +} | |
43955 | + | |
43956 | +static inline int within_module_core_rw(unsigned long addr, struct module *mod) | |
43957 | +{ | |
43958 | + return within_module_range(addr, mod->module_core_rw, mod->core_size_rw); | |
43959 | +} | |
43960 | + | |
43961 | +static inline int within_module_init_rx(unsigned long addr, struct module *mod) | |
43962 | +{ | |
43963 | + return within_module_range(addr, mod->module_init_rx, mod->init_size_rx); | |
43964 | +} | |
43965 | + | |
43966 | +static inline int within_module_init_rw(unsigned long addr, struct module *mod) | |
43967 | +{ | |
43968 | + return within_module_range(addr, mod->module_init_rw, mod->init_size_rw); | |
43969 | +} | |
43970 | + | |
43971 | static inline int within_module_core(unsigned long addr, struct module *mod) | |
43972 | { | |
43973 | - return (unsigned long)mod->module_core <= addr && | |
43974 | - addr < (unsigned long)mod->module_core + mod->core_size; | |
43975 | + return within_module_core_rx(addr, mod) || within_module_core_rw(addr, mod); | |
43976 | } | |
43977 | ||
43978 | static inline int within_module_init(unsigned long addr, struct module *mod) | |
43979 | { | |
43980 | - return (unsigned long)mod->module_init <= addr && | |
43981 | - addr < (unsigned long)mod->module_init + mod->init_size; | |
43982 | + return within_module_init_rx(addr, mod) || within_module_init_rw(addr, mod); | |
43983 | } | |
43984 | ||
43985 | /* Search for module by name: must hold module_mutex. */ | |
ae4e228f MT |
43986 | diff -urNp linux-2.6.33.1/include/linux/moduleloader.h linux-2.6.33.1/include/linux/moduleloader.h |
43987 | --- linux-2.6.33.1/include/linux/moduleloader.h 2010-03-15 12:09:39.000000000 -0400 | |
43988 | +++ linux-2.6.33.1/include/linux/moduleloader.h 2010-03-20 16:58:41.916544293 -0400 | |
58c5fc13 MT |
43989 | @@ -20,9 +20,21 @@ unsigned int arch_mod_section_prepend(st |
43990 | sections. Returns NULL on failure. */ | |
43991 | void *module_alloc(unsigned long size); | |
43992 | ||
43993 | +#ifdef CONFIG_PAX_KERNEXEC | |
43994 | +void *module_alloc_exec(unsigned long size); | |
43995 | +#else | |
43996 | +#define module_alloc_exec(x) module_alloc(x) | |
43997 | +#endif | |
43998 | + | |
43999 | /* Free memory returned from module_alloc. */ | |
44000 | void module_free(struct module *mod, void *module_region); | |
44001 | ||
44002 | +#ifdef CONFIG_PAX_KERNEXEC | |
44003 | +void module_free_exec(struct module *mod, void *module_region); | |
44004 | +#else | |
ae4e228f | 44005 | +#define module_free_exec(x, y) module_free((x), (y)) |
58c5fc13 MT |
44006 | +#endif |
44007 | + | |
44008 | /* Apply the given relocation to the (simplified) ELF. Return -error | |
44009 | or 0. */ | |
44010 | int apply_relocate(Elf_Shdr *sechdrs, | |
ae4e228f MT |
44011 | diff -urNp linux-2.6.33.1/include/linux/namei.h linux-2.6.33.1/include/linux/namei.h |
44012 | --- linux-2.6.33.1/include/linux/namei.h 2010-03-15 12:09:39.000000000 -0400 | |
44013 | +++ linux-2.6.33.1/include/linux/namei.h 2010-03-20 16:58:41.916544293 -0400 | |
58c5fc13 MT |
44014 | @@ -22,7 +22,7 @@ struct nameidata { |
44015 | unsigned int flags; | |
44016 | int last_type; | |
44017 | unsigned depth; | |
44018 | - char *saved_names[MAX_NESTED_LINKS + 1]; | |
44019 | + const char *saved_names[MAX_NESTED_LINKS + 1]; | |
44020 | ||
44021 | /* Intent data */ | |
44022 | union { | |
ae4e228f | 44023 | @@ -81,12 +81,12 @@ extern int follow_up(struct path *); |
58c5fc13 MT |
44024 | extern struct dentry *lock_rename(struct dentry *, struct dentry *); |
44025 | extern void unlock_rename(struct dentry *, struct dentry *); | |
44026 | ||
44027 | -static inline void nd_set_link(struct nameidata *nd, char *path) | |
44028 | +static inline void nd_set_link(struct nameidata *nd, const char *path) | |
44029 | { | |
44030 | nd->saved_names[nd->depth] = path; | |
44031 | } | |
44032 | ||
44033 | -static inline char *nd_get_link(struct nameidata *nd) | |
ae4e228f | 44034 | +static inline const char *nd_get_link(const struct nameidata *nd) |
58c5fc13 MT |
44035 | { |
44036 | return nd->saved_names[nd->depth]; | |
44037 | } | |
ae4e228f MT |
44038 | diff -urNp linux-2.6.33.1/include/linux/nodemask.h linux-2.6.33.1/include/linux/nodemask.h |
44039 | --- linux-2.6.33.1/include/linux/nodemask.h 2010-03-15 12:09:39.000000000 -0400 | |
44040 | +++ linux-2.6.33.1/include/linux/nodemask.h 2010-03-20 16:58:41.916544293 -0400 | |
44041 | @@ -469,11 +469,11 @@ static inline int num_node_state(enum no | |
58c5fc13 MT |
44042 | |
44043 | #define any_online_node(mask) \ | |
44044 | ({ \ | |
44045 | - int node; \ | |
44046 | - for_each_node_mask(node, (mask)) \ | |
44047 | - if (node_online(node)) \ | |
44048 | + int __node; \ | |
44049 | + for_each_node_mask(__node, (mask)) \ | |
44050 | + if (node_online(__node)) \ | |
44051 | break; \ | |
44052 | - node; \ | |
44053 | + __node; \ | |
44054 | }) | |
44055 | ||
44056 | #define num_online_nodes() num_node_state(N_ONLINE) | |
ae4e228f MT |
44057 | diff -urNp linux-2.6.33.1/include/linux/oprofile.h linux-2.6.33.1/include/linux/oprofile.h |
44058 | --- linux-2.6.33.1/include/linux/oprofile.h 2010-03-15 12:09:39.000000000 -0400 | |
44059 | +++ linux-2.6.33.1/include/linux/oprofile.h 2010-03-20 16:58:41.920592896 -0400 | |
44060 | @@ -129,9 +129,9 @@ int oprofilefs_create_ulong(struct super | |
44061 | int oprofilefs_create_ro_ulong(struct super_block * sb, struct dentry * root, | |
44062 | char const * name, ulong * val); | |
58c5fc13 | 44063 | |
ae4e228f MT |
44064 | -/** Create a file for read-only access to an atomic_t. */ |
44065 | +/** Create a file for read-only access to an atomic_unchecked_t. */ | |
58c5fc13 MT |
44066 | int oprofilefs_create_ro_atomic(struct super_block * sb, struct dentry * root, |
44067 | - char const * name, atomic_t * val); | |
44068 | + char const * name, atomic_unchecked_t * val); | |
44069 | ||
44070 | /** create a directory */ | |
44071 | struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root, | |
ae4e228f MT |
44072 | diff -urNp linux-2.6.33.1/include/linux/pipe_fs_i.h linux-2.6.33.1/include/linux/pipe_fs_i.h |
44073 | --- linux-2.6.33.1/include/linux/pipe_fs_i.h 2010-03-15 12:09:39.000000000 -0400 | |
44074 | +++ linux-2.6.33.1/include/linux/pipe_fs_i.h 2010-03-20 16:58:41.920592896 -0400 | |
44075 | @@ -46,9 +46,9 @@ struct pipe_inode_info { | |
44076 | wait_queue_head_t wait; | |
44077 | unsigned int nrbufs, curbuf; | |
44078 | struct page *tmp_page; | |
44079 | - unsigned int readers; | |
44080 | - unsigned int writers; | |
44081 | - unsigned int waiting_writers; | |
44082 | + atomic_t readers; | |
44083 | + atomic_t writers; | |
44084 | + atomic_t waiting_writers; | |
44085 | unsigned int r_counter; | |
44086 | unsigned int w_counter; | |
44087 | struct fasync_struct *fasync_readers; | |
44088 | diff -urNp linux-2.6.33.1/include/linux/poison.h linux-2.6.33.1/include/linux/poison.h | |
44089 | --- linux-2.6.33.1/include/linux/poison.h 2010-03-15 12:09:39.000000000 -0400 | |
44090 | +++ linux-2.6.33.1/include/linux/poison.h 2010-03-20 16:58:41.920592896 -0400 | |
44091 | @@ -19,8 +19,8 @@ | |
58c5fc13 MT |
44092 | * under normal circumstances, used to verify that nobody uses |
44093 | * non-initialized list entries. | |
44094 | */ | |
ae4e228f MT |
44095 | -#define LIST_POISON1 ((void *) 0x00100100 + POISON_POINTER_DELTA) |
44096 | -#define LIST_POISON2 ((void *) 0x00200200 + POISON_POINTER_DELTA) | |
44097 | +#define LIST_POISON1 ((void *) (long)0xFFFFFF01) | |
44098 | +#define LIST_POISON2 ((void *) (long)0xFFFFFF02) | |
58c5fc13 MT |
44099 | |
44100 | /********** include/linux/timer.h **********/ | |
44101 | /* | |
ae4e228f MT |
44102 | diff -urNp linux-2.6.33.1/include/linux/proc_fs.h linux-2.6.33.1/include/linux/proc_fs.h |
44103 | --- linux-2.6.33.1/include/linux/proc_fs.h 2010-03-15 12:09:39.000000000 -0400 | |
44104 | +++ linux-2.6.33.1/include/linux/proc_fs.h 2010-03-20 16:58:41.920592896 -0400 | |
44105 | @@ -155,6 +155,19 @@ static inline struct proc_dir_entry *pro | |
58c5fc13 MT |
44106 | return proc_create_data(name, mode, parent, proc_fops, NULL); |
44107 | } | |
44108 | ||
44109 | +static inline struct proc_dir_entry *proc_create_grsec(const char *name, mode_t mode, | |
44110 | + struct proc_dir_entry *parent, const struct file_operations *proc_fops) | |
44111 | +{ | |
44112 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
44113 | + return proc_create_data(name, S_IRUSR, parent, proc_fops, NULL); | |
44114 | +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
44115 | + return proc_create_data(name, S_IRUSR | S_IRGRP, parent, proc_fops, NULL); | |
44116 | +#else | |
44117 | + return proc_create_data(name, mode, parent, proc_fops, NULL); | |
44118 | +#endif | |
44119 | +} | |
44120 | + | |
44121 | + | |
44122 | static inline struct proc_dir_entry *create_proc_read_entry(const char *name, | |
44123 | mode_t mode, struct proc_dir_entry *base, | |
44124 | read_proc_t *read_proc, void * data) | |
ae4e228f MT |
44125 | diff -urNp linux-2.6.33.1/include/linux/random.h linux-2.6.33.1/include/linux/random.h |
44126 | --- linux-2.6.33.1/include/linux/random.h 2010-03-15 12:09:39.000000000 -0400 | |
44127 | +++ linux-2.6.33.1/include/linux/random.h 2010-03-20 16:58:41.920592896 -0400 | |
58c5fc13 MT |
44128 | @@ -74,6 +74,11 @@ unsigned long randomize_range(unsigned l |
44129 | u32 random32(void); | |
44130 | void srandom32(u32 seed); | |
44131 | ||
44132 | +static inline unsigned long pax_get_random_long(void) | |
44133 | +{ | |
44134 | + return random32() + (sizeof(long) > 4 ? (unsigned long)random32() << 32 : 0); | |
44135 | +} | |
44136 | + | |
44137 | #endif /* __KERNEL___ */ | |
44138 | ||
44139 | #endif /* _LINUX_RANDOM_H */ | |
ae4e228f MT |
44140 | diff -urNp linux-2.6.33.1/include/linux/reiserfs_fs.h linux-2.6.33.1/include/linux/reiserfs_fs.h |
44141 | --- linux-2.6.33.1/include/linux/reiserfs_fs.h 2010-03-15 12:09:39.000000000 -0400 | |
44142 | +++ linux-2.6.33.1/include/linux/reiserfs_fs.h 2010-03-20 16:58:41.920592896 -0400 | |
44143 | @@ -1404,7 +1404,7 @@ static inline loff_t max_reiserfs_offset | |
58c5fc13 MT |
44144 | #define REISERFS_USER_MEM 1 /* reiserfs user memory mode */ |
44145 | ||
44146 | #define fs_generation(s) (REISERFS_SB(s)->s_generation_counter) | |
44147 | -#define get_generation(s) atomic_read (&fs_generation(s)) | |
44148 | +#define get_generation(s) atomic_read_unchecked (&fs_generation(s)) | |
44149 | #define FILESYSTEM_CHANGED_TB(tb) (get_generation((tb)->tb_sb) != (tb)->fs_gen) | |
44150 | #define __fs_changed(gen,s) (gen != get_generation (s)) | |
ae4e228f MT |
44151 | #define fs_changed(gen,s) \ |
44152 | @@ -1616,24 +1616,24 @@ static inline struct super_block *sb_fro | |
44153 | */ | |
44154 | ||
44155 | struct item_operations { | |
44156 | - int (*bytes_number) (struct item_head * ih, int block_size); | |
44157 | - void (*decrement_key) (struct cpu_key *); | |
44158 | - int (*is_left_mergeable) (struct reiserfs_key * ih, | |
44159 | + int (* const bytes_number) (struct item_head * ih, int block_size); | |
44160 | + void (* const decrement_key) (struct cpu_key *); | |
44161 | + int (* const is_left_mergeable) (struct reiserfs_key * ih, | |
44162 | unsigned long bsize); | |
44163 | - void (*print_item) (struct item_head *, char *item); | |
44164 | - void (*check_item) (struct item_head *, char *item); | |
44165 | + void (* const print_item) (struct item_head *, char *item); | |
44166 | + void (* const check_item) (struct item_head *, char *item); | |
44167 | ||
44168 | - int (*create_vi) (struct virtual_node * vn, struct virtual_item * vi, | |
44169 | + int (* const create_vi) (struct virtual_node * vn, struct virtual_item * vi, | |
44170 | int is_affected, int insert_size); | |
44171 | - int (*check_left) (struct virtual_item * vi, int free, | |
44172 | + int (* const check_left) (struct virtual_item * vi, int free, | |
44173 | int start_skip, int end_skip); | |
44174 | - int (*check_right) (struct virtual_item * vi, int free); | |
44175 | - int (*part_size) (struct virtual_item * vi, int from, int to); | |
44176 | - int (*unit_num) (struct virtual_item * vi); | |
44177 | - void (*print_vi) (struct virtual_item * vi); | |
44178 | + int (* const check_right) (struct virtual_item * vi, int free); | |
44179 | + int (* const part_size) (struct virtual_item * vi, int from, int to); | |
44180 | + int (* const unit_num) (struct virtual_item * vi); | |
44181 | + void (* const print_vi) (struct virtual_item * vi); | |
44182 | }; | |
44183 | ||
44184 | -extern struct item_operations *item_ops[TYPE_ANY + 1]; | |
44185 | +extern const struct item_operations * const item_ops[TYPE_ANY + 1]; | |
44186 | ||
44187 | #define op_bytes_number(ih,bsize) item_ops[le_ih_k_type (ih)]->bytes_number (ih, bsize) | |
44188 | #define op_is_left_mergeable(key,bsize) item_ops[le_key_k_type (le_key_version (key), key)]->is_left_mergeable (key, bsize) | |
44189 | diff -urNp linux-2.6.33.1/include/linux/reiserfs_fs_sb.h linux-2.6.33.1/include/linux/reiserfs_fs_sb.h | |
44190 | --- linux-2.6.33.1/include/linux/reiserfs_fs_sb.h 2010-03-15 12:09:39.000000000 -0400 | |
44191 | +++ linux-2.6.33.1/include/linux/reiserfs_fs_sb.h 2010-03-20 16:58:41.920592896 -0400 | |
44192 | @@ -386,7 +386,7 @@ struct reiserfs_sb_info { | |
58c5fc13 MT |
44193 | /* Comment? -Hans */ |
44194 | wait_queue_head_t s_wait; | |
44195 | /* To be obsoleted soon by per buffer seals.. -Hans */ | |
44196 | - atomic_t s_generation_counter; // increased by one every time the | |
44197 | + atomic_unchecked_t s_generation_counter; // increased by one every time the | |
44198 | // tree gets re-balanced | |
44199 | unsigned long s_properties; /* File system properties. Currently holds | |
44200 | on-disk FS format */ | |
ae4e228f MT |
44201 | diff -urNp linux-2.6.33.1/include/linux/sched.h linux-2.6.33.1/include/linux/sched.h |
44202 | --- linux-2.6.33.1/include/linux/sched.h 2010-03-15 12:09:39.000000000 -0400 | |
44203 | +++ linux-2.6.33.1/include/linux/sched.h 2010-03-20 16:58:41.920592896 -0400 | |
44204 | @@ -101,6 +101,7 @@ struct bio; | |
58c5fc13 MT |
44205 | struct fs_struct; |
44206 | struct bts_context; | |
ae4e228f | 44207 | struct perf_event_context; |
58c5fc13 MT |
44208 | +struct linux_binprm; |
44209 | ||
44210 | /* | |
44211 | * List of flags we want to share for kernel threads, | |
ae4e228f | 44212 | @@ -678,6 +679,15 @@ struct signal_struct { |
58c5fc13 MT |
44213 | struct tty_audit_buf *tty_audit_buf; |
44214 | #endif | |
ae4e228f | 44215 | |
58c5fc13 MT |
44216 | +#ifdef CONFIG_GRKERNSEC |
44217 | + u32 curr_ip; | |
44218 | + u32 gr_saddr; | |
44219 | + u32 gr_daddr; | |
44220 | + u16 gr_sport; | |
44221 | + u16 gr_dport; | |
44222 | + u8 used_accept:1; | |
44223 | +#endif | |
ae4e228f MT |
44224 | + |
44225 | int oom_adj; /* OOM kill score adjustment (bit shift) */ | |
58c5fc13 MT |
44226 | }; |
44227 | ||
ae4e228f | 44228 | @@ -1234,7 +1244,7 @@ struct rcu_node; |
58c5fc13 MT |
44229 | |
44230 | struct task_struct { | |
44231 | volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */ | |
44232 | - void *stack; | |
44233 | + struct thread_info *stack; | |
44234 | atomic_t usage; | |
44235 | unsigned int flags; /* per process flags, defined below */ | |
44236 | unsigned int ptrace; | |
ae4e228f | 44237 | @@ -1346,8 +1356,8 @@ struct task_struct { |
58c5fc13 MT |
44238 | struct list_head thread_group; |
44239 | ||
44240 | struct completion *vfork_done; /* for vfork() */ | |
44241 | - int __user *set_child_tid; /* CLONE_CHILD_SETTID */ | |
44242 | - int __user *clear_child_tid; /* CLONE_CHILD_CLEARTID */ | |
44243 | + pid_t __user *set_child_tid; /* CLONE_CHILD_SETTID */ | |
44244 | + pid_t __user *clear_child_tid; /* CLONE_CHILD_CLEARTID */ | |
44245 | ||
44246 | cputime_t utime, stime, utimescaled, stimescaled; | |
44247 | cputime_t gtime; | |
ae4e228f | 44248 | @@ -1363,16 +1373,6 @@ struct task_struct { |
58c5fc13 MT |
44249 | struct task_cputime cputime_expires; |
44250 | struct list_head cpu_timers[3]; | |
44251 | ||
44252 | -/* process credentials */ | |
44253 | - const struct cred *real_cred; /* objective and real subjective task | |
44254 | - * credentials (COW) */ | |
44255 | - const struct cred *cred; /* effective (overridable) subjective task | |
44256 | - * credentials (COW) */ | |
44257 | - struct mutex cred_guard_mutex; /* guard against foreign influences on | |
44258 | - * credential calculations | |
44259 | - * (notably. ptrace) */ | |
ae4e228f | 44260 | - struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */ |
58c5fc13 MT |
44261 | - |
44262 | char comm[TASK_COMM_LEN]; /* executable name excluding path | |
44263 | - access with [gs]et_task_comm (which lock | |
44264 | it with task_lock()) | |
ae4e228f MT |
44265 | @@ -1456,6 +1456,15 @@ struct task_struct { |
44266 | int softirqs_enabled; | |
44267 | int softirq_context; | |
58c5fc13 MT |
44268 | #endif |
44269 | + | |
44270 | +/* process credentials */ | |
44271 | + const struct cred *real_cred; /* objective and real subjective task | |
44272 | + * credentials (COW) */ | |
58c5fc13 MT |
44273 | + struct mutex cred_guard_mutex; /* guard against foreign influences on |
44274 | + * credential calculations | |
44275 | + * (notably. ptrace) */ | |
ae4e228f | 44276 | + struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */ |
58c5fc13 | 44277 | + |
ae4e228f MT |
44278 | #ifdef CONFIG_LOCKDEP |
44279 | # define MAX_LOCK_DEPTH 48UL | |
44280 | u64 curr_chain_key; | |
44281 | @@ -1476,6 +1485,9 @@ struct task_struct { | |
44282 | ||
44283 | struct backing_dev_info *backing_dev_info; | |
44284 | ||
44285 | + const struct cred *cred; /* effective (overridable) subjective task | |
44286 | + * credentials (COW) */ | |
44287 | + | |
44288 | struct io_context *io_context; | |
44289 | ||
44290 | unsigned long ptrace_message; | |
44291 | @@ -1539,6 +1551,19 @@ struct task_struct { | |
44292 | unsigned long default_timer_slack_ns; | |
44293 | ||
44294 | struct list_head *scm_work_list; | |
58c5fc13 MT |
44295 | + |
44296 | +#ifdef CONFIG_GRKERNSEC | |
44297 | + /* grsecurity */ | |
ae4e228f | 44298 | + rwlock_t gr_fs_lock; |
58c5fc13 MT |
44299 | + struct acl_subject_label *acl; |
44300 | + struct acl_role_label *role; | |
44301 | + struct file *exec_file; | |
44302 | + u16 acl_role_id; | |
44303 | + u8 acl_sp_role; | |
44304 | + u8 is_writable; | |
44305 | + u8 brute; | |
44306 | +#endif | |
44307 | + | |
ae4e228f MT |
44308 | #ifdef CONFIG_FUNCTION_GRAPH_TRACER |
44309 | /* Index of current stored adress in ret_stack */ | |
44310 | int curr_ret_stack; | |
44311 | @@ -1571,6 +1596,52 @@ struct task_struct { | |
44312 | #endif | |
58c5fc13 MT |
44313 | }; |
44314 | ||
44315 | +#define MF_PAX_PAGEEXEC 0x01000000 /* Paging based non-executable pages */ | |
44316 | +#define MF_PAX_EMUTRAMP 0x02000000 /* Emulate trampolines */ | |
44317 | +#define MF_PAX_MPROTECT 0x04000000 /* Restrict mprotect() */ | |
44318 | +#define MF_PAX_RANDMMAP 0x08000000 /* Randomize mmap() base */ | |
44319 | +/*#define MF_PAX_RANDEXEC 0x10000000*/ /* Randomize ET_EXEC base */ | |
44320 | +#define MF_PAX_SEGMEXEC 0x20000000 /* Segmentation based non-executable pages */ | |
44321 | + | |
44322 | +#ifdef CONFIG_PAX_SOFTMODE | |
44323 | +extern unsigned int pax_softmode; | |
44324 | +#endif | |
44325 | + | |
44326 | +extern int pax_check_flags(unsigned long *); | |
44327 | + | |
44328 | +/* if tsk != current then task_lock must be held on it */ | |
44329 | +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) | |
44330 | +static inline unsigned long pax_get_flags(struct task_struct *tsk) | |
44331 | +{ | |
44332 | + if (likely(tsk->mm)) | |
44333 | + return tsk->mm->pax_flags; | |
44334 | + else | |
44335 | + return 0UL; | |
44336 | +} | |
44337 | + | |
44338 | +/* if tsk != current then task_lock must be held on it */ | |
44339 | +static inline long pax_set_flags(struct task_struct *tsk, unsigned long flags) | |
44340 | +{ | |
44341 | + if (likely(tsk->mm)) { | |
44342 | + tsk->mm->pax_flags = flags; | |
44343 | + return 0; | |
44344 | + } | |
44345 | + return -EINVAL; | |
44346 | +} | |
44347 | +#endif | |
44348 | + | |
44349 | +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS | |
44350 | +extern void pax_set_initial_flags(struct linux_binprm *bprm); | |
44351 | +#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS) | |
44352 | +extern void (*pax_set_initial_flags_func)(struct linux_binprm *bprm); | |
44353 | +#endif | |
44354 | + | |
44355 | +void pax_report_fault(struct pt_regs *regs, void *pc, void *sp); | |
44356 | +void pax_report_insns(void *pc, void *sp); | |
44357 | +void pax_report_refcount_overflow(struct pt_regs *regs); | |
44358 | +void pax_report_leak_to_user(const void *ptr, unsigned long len); | |
44359 | +void pax_report_overflow_from_user(const void *ptr, unsigned long len); | |
44360 | + | |
44361 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ | |
ae4e228f | 44362 | #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) |
58c5fc13 | 44363 | |
ae4e228f | 44364 | @@ -2172,7 +2243,7 @@ extern void __cleanup_sighand(struct sig |
58c5fc13 MT |
44365 | extern void exit_itimers(struct signal_struct *); |
44366 | extern void flush_itimer_signals(void); | |
44367 | ||
44368 | -extern NORET_TYPE void do_group_exit(int); | |
44369 | +extern NORET_TYPE void do_group_exit(int) ATTRIB_NORET; | |
44370 | ||
44371 | extern void daemonize(const char *, ...); | |
44372 | extern int allow_signal(int); | |
ae4e228f MT |
44373 | @@ -2274,6 +2345,33 @@ static inline void task_unlock(struct ta |
44374 | spin_unlock(&p->alloc_lock); | |
44375 | } | |
44376 | ||
44377 | +/* grsec: protects only ->fs as task_lock is overkill and we can't | |
44378 | + be using a spin_lock in interrupt context | |
44379 | +*/ | |
44380 | +#ifdef CONFIG_GRKERNSEC | |
44381 | +#define gr_fs_write_lock_irqsave(x, y) \ | |
44382 | + write_lock_irqsave(&x->gr_fs_lock, y) | |
44383 | +#define gr_fs_write_unlock_irqrestore(x, y) \ | |
44384 | + write_unlock_irqrestore(&x->gr_fs_lock, y) | |
44385 | +#else | |
44386 | +#define gr_fs_write_lock_irqsave(x, y) | |
44387 | +#define gr_fs_write_unlock_irqrestore(x, y) | |
44388 | +#endif | |
44389 | + | |
44390 | +static inline void gr_fs_read_lock(struct task_struct *p) | |
44391 | +{ | |
44392 | +#ifdef CONFIG_GRKERNSEC | |
44393 | + read_lock(&p->gr_fs_lock); | |
44394 | +#endif | |
44395 | +} | |
44396 | + | |
44397 | +static inline void gr_fs_read_unlock(struct task_struct *p) | |
44398 | +{ | |
44399 | +#ifdef CONFIG_GRKERNSEC | |
44400 | + read_unlock(&p->gr_fs_lock); | |
44401 | +#endif | |
44402 | +} | |
44403 | + | |
44404 | extern struct sighand_struct *lock_task_sighand(struct task_struct *tsk, | |
44405 | unsigned long *flags); | |
44406 | ||
44407 | @@ -2285,8 +2383,8 @@ static inline void unlock_task_sighand(s | |
58c5fc13 MT |
44408 | |
44409 | #ifndef __HAVE_THREAD_FUNCTIONS | |
44410 | ||
44411 | -#define task_thread_info(task) ((struct thread_info *)(task)->stack) | |
44412 | -#define task_stack_page(task) ((task)->stack) | |
44413 | +#define task_thread_info(task) ((task)->stack) | |
44414 | +#define task_stack_page(task) ((void *)(task)->stack) | |
44415 | ||
44416 | static inline void setup_thread_stack(struct task_struct *p, struct task_struct *org) | |
44417 | { | |
ae4e228f | 44418 | @@ -2301,13 +2399,31 @@ static inline unsigned long *end_of_stac |
58c5fc13 MT |
44419 | |
44420 | #endif | |
44421 | ||
44422 | -static inline int object_is_on_stack(void *obj) | |
ae4e228f | 44423 | +static inline int object_starts_on_stack(void *obj) |
58c5fc13 | 44424 | { |
ae4e228f MT |
44425 | - void *stack = task_stack_page(current); |
44426 | + const void *stack = task_stack_page(current); | |
58c5fc13 | 44427 | |
ae4e228f MT |
44428 | return (obj >= stack) && (obj < (stack + THREAD_SIZE)); |
44429 | } | |
44430 | ||
44431 | +/* 0: not at all, 1: fully, -1: partially (implies an error) */ | |
44432 | +static inline int object_is_on_stack(const void *obj, unsigned long len) | |
44433 | +{ | |
44434 | + const void *stack = task_stack_page(current); | |
44435 | + const void *stackend = stack + THREAD_SIZE; | |
44436 | + | |
44437 | + if (obj + len < obj) | |
44438 | + return -1; | |
44439 | + | |
44440 | + if (stack <= obj && obj + len <= stackend) | |
44441 | + return 1; | |
44442 | + | |
44443 | + if (obj + len <= stack || stackend <= obj) | |
44444 | + return 0; | |
44445 | + | |
44446 | + return -1; | |
44447 | +} | |
44448 | + | |
44449 | extern void thread_info_cache_init(void); | |
44450 | ||
44451 | #ifdef CONFIG_DEBUG_STACK_USAGE | |
44452 | diff -urNp linux-2.6.33.1/include/linux/screen_info.h linux-2.6.33.1/include/linux/screen_info.h | |
44453 | --- linux-2.6.33.1/include/linux/screen_info.h 2010-03-15 12:09:39.000000000 -0400 | |
44454 | +++ linux-2.6.33.1/include/linux/screen_info.h 2010-03-20 16:58:41.920592896 -0400 | |
44455 | @@ -43,7 +43,8 @@ struct screen_info { | |
58c5fc13 MT |
44456 | __u16 pages; /* 0x32 */ |
44457 | __u16 vesa_attributes; /* 0x34 */ | |
44458 | __u32 capabilities; /* 0x36 */ | |
44459 | - __u8 _reserved[6]; /* 0x3a */ | |
44460 | + __u16 vesapm_size; /* 0x3a */ | |
44461 | + __u8 _reserved[4]; /* 0x3c */ | |
44462 | } __attribute__((packed)); | |
44463 | ||
44464 | #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */ | |
ae4e228f MT |
44465 | diff -urNp linux-2.6.33.1/include/linux/security.h linux-2.6.33.1/include/linux/security.h |
44466 | --- linux-2.6.33.1/include/linux/security.h 2010-03-15 12:09:39.000000000 -0400 | |
44467 | +++ linux-2.6.33.1/include/linux/security.h 2010-03-20 16:58:41.924637706 -0400 | |
58c5fc13 MT |
44468 | @@ -34,6 +34,7 @@ |
44469 | #include <linux/key.h> | |
44470 | #include <linux/xfrm.h> | |
44471 | #include <linux/gfp.h> | |
44472 | +#include <linux/grsecurity.h> | |
44473 | #include <net/flow.h> | |
44474 | ||
44475 | /* Maximum number of letters for an LSM name string */ | |
ae4e228f MT |
44476 | diff -urNp linux-2.6.33.1/include/linux/shm.h linux-2.6.33.1/include/linux/shm.h |
44477 | --- linux-2.6.33.1/include/linux/shm.h 2010-03-15 12:09:39.000000000 -0400 | |
44478 | +++ linux-2.6.33.1/include/linux/shm.h 2010-03-20 16:58:41.924637706 -0400 | |
58c5fc13 MT |
44479 | @@ -95,6 +95,10 @@ struct shmid_kernel /* private to the ke |
44480 | pid_t shm_cprid; | |
44481 | pid_t shm_lprid; | |
44482 | struct user_struct *mlock_user; | |
44483 | +#ifdef CONFIG_GRKERNSEC | |
44484 | + time_t shm_createtime; | |
44485 | + pid_t shm_lapid; | |
44486 | +#endif | |
44487 | }; | |
44488 | ||
44489 | /* shm_mode upper byte flags */ | |
ae4e228f MT |
44490 | diff -urNp linux-2.6.33.1/include/linux/slab.h linux-2.6.33.1/include/linux/slab.h |
44491 | --- linux-2.6.33.1/include/linux/slab.h 2010-03-15 12:09:39.000000000 -0400 | |
44492 | +++ linux-2.6.33.1/include/linux/slab.h 2010-03-20 16:58:41.924637706 -0400 | |
44493 | @@ -11,6 +11,7 @@ | |
44494 | ||
44495 | #include <linux/gfp.h> | |
44496 | #include <linux/types.h> | |
44497 | +#include <linux/err.h> | |
44498 | ||
44499 | /* | |
44500 | * Flags to pass to kmem_cache_create(). | |
44501 | @@ -82,10 +83,13 @@ | |
58c5fc13 MT |
44502 | * ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can. |
44503 | * Both make kfree a no-op. | |
44504 | */ | |
44505 | -#define ZERO_SIZE_PTR ((void *)16) | |
ae4e228f MT |
44506 | +#define ZERO_SIZE_PTR \ |
44507 | +({ \ | |
44508 | + BUILD_BUG_ON(!(MAX_ERRNO & ~PAGE_MASK));\ | |
44509 | + (void *)(-MAX_ERRNO-1L); \ | |
44510 | +}) | |
58c5fc13 MT |
44511 | |
44512 | -#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) <= \ | |
44513 | - (unsigned long)ZERO_SIZE_PTR) | |
44514 | +#define ZERO_OR_NULL_PTR(x) (!(x) || (x) == ZERO_SIZE_PTR) | |
44515 | ||
44516 | /* | |
44517 | * struct kmem_cache related prototypes | |
ae4e228f | 44518 | @@ -138,6 +142,7 @@ void * __must_check krealloc(const void |
58c5fc13 MT |
44519 | void kfree(const void *); |
44520 | void kzfree(const void *); | |
44521 | size_t ksize(const void *); | |
44522 | +void check_object_size(const void *ptr, unsigned long n, bool to); | |
44523 | ||
44524 | /* | |
44525 | * Allocator specific definitions. These are mainly used to establish optimized | |
ae4e228f | 44526 | @@ -328,4 +333,37 @@ static inline void *kzalloc_node(size_t |
58c5fc13 MT |
44527 | |
44528 | void __init kmem_cache_init_late(void); | |
44529 | ||
44530 | +#define kmalloc(x, y) \ | |
44531 | +({ \ | |
44532 | + void *___retval; \ | |
44533 | + intoverflow_t ___x = (intoverflow_t)x; \ | |
44534 | + if (WARN(___x > ULONG_MAX, "kmalloc size overflow\n"))\ | |
44535 | + ___retval = NULL; \ | |
44536 | + else \ | |
44537 | + ___retval = kmalloc((size_t)___x, (y)); \ | |
44538 | + ___retval; \ | |
44539 | +}) | |
44540 | + | |
44541 | +#define kmalloc_node(x, y, z) \ | |
44542 | +({ \ | |
44543 | + void *___retval; \ | |
44544 | + intoverflow_t ___x = (intoverflow_t)x; \ | |
44545 | + if (WARN(___x > ULONG_MAX, "kmalloc_node size overflow\n"))\ | |
44546 | + ___retval = NULL; \ | |
44547 | + else \ | |
44548 | + ___retval = kmalloc_node((size_t)___x, (y), (z));\ | |
44549 | + ___retval; \ | |
44550 | +}) | |
44551 | + | |
44552 | +#define kzalloc(x, y) \ | |
44553 | +({ \ | |
44554 | + void *___retval; \ | |
44555 | + intoverflow_t ___x = (intoverflow_t)x; \ | |
44556 | + if (WARN(___x > ULONG_MAX, "kzalloc size overflow\n"))\ | |
44557 | + ___retval = NULL; \ | |
44558 | + else \ | |
44559 | + ___retval = kzalloc((size_t)___x, (y)); \ | |
44560 | + ___retval; \ | |
44561 | +}) | |
44562 | + | |
44563 | #endif /* _LINUX_SLAB_H */ | |
ae4e228f MT |
44564 | diff -urNp linux-2.6.33.1/include/linux/slub_def.h linux-2.6.33.1/include/linux/slub_def.h |
44565 | --- linux-2.6.33.1/include/linux/slub_def.h 2010-03-15 12:09:39.000000000 -0400 | |
44566 | +++ linux-2.6.33.1/include/linux/slub_def.h 2010-03-20 16:58:41.924637706 -0400 | |
58c5fc13 MT |
44567 | @@ -86,7 +86,7 @@ struct kmem_cache { |
44568 | struct kmem_cache_order_objects max; | |
44569 | struct kmem_cache_order_objects min; | |
44570 | gfp_t allocflags; /* gfp flags to use on each alloc */ | |
44571 | - int refcount; /* Refcount for slab cache destroy */ | |
44572 | + atomic_t refcount; /* Refcount for slab cache destroy */ | |
44573 | void (*ctor)(void *); | |
44574 | int inuse; /* Offset to metadata */ | |
44575 | int align; /* Alignment */ | |
ae4e228f MT |
44576 | diff -urNp linux-2.6.33.1/include/linux/sonet.h linux-2.6.33.1/include/linux/sonet.h |
44577 | --- linux-2.6.33.1/include/linux/sonet.h 2010-03-15 12:09:39.000000000 -0400 | |
44578 | +++ linux-2.6.33.1/include/linux/sonet.h 2010-03-20 16:58:41.924637706 -0400 | |
58c5fc13 MT |
44579 | @@ -61,7 +61,7 @@ struct sonet_stats { |
44580 | #include <asm/atomic.h> | |
44581 | ||
44582 | struct k_sonet_stats { | |
44583 | -#define __HANDLE_ITEM(i) atomic_t i | |
44584 | +#define __HANDLE_ITEM(i) atomic_unchecked_t i | |
44585 | __SONET_ITEMS | |
44586 | #undef __HANDLE_ITEM | |
44587 | }; | |
ae4e228f MT |
44588 | diff -urNp linux-2.6.33.1/include/linux/suspend.h linux-2.6.33.1/include/linux/suspend.h |
44589 | --- linux-2.6.33.1/include/linux/suspend.h 2010-03-15 12:09:39.000000000 -0400 | |
44590 | +++ linux-2.6.33.1/include/linux/suspend.h 2010-03-20 16:58:41.924637706 -0400 | |
44591 | @@ -104,15 +104,15 @@ typedef int __bitwise suspend_state_t; | |
44592 | * which require special recovery actions in that situation. | |
44593 | */ | |
44594 | struct platform_suspend_ops { | |
44595 | - int (*valid)(suspend_state_t state); | |
44596 | - int (*begin)(suspend_state_t state); | |
44597 | - int (*prepare)(void); | |
44598 | - int (*prepare_late)(void); | |
44599 | - int (*enter)(suspend_state_t state); | |
44600 | - void (*wake)(void); | |
44601 | - void (*finish)(void); | |
44602 | - void (*end)(void); | |
44603 | - void (*recover)(void); | |
44604 | + int (* const valid)(suspend_state_t state); | |
44605 | + int (* const begin)(suspend_state_t state); | |
44606 | + int (* const prepare)(void); | |
44607 | + int (* const prepare_late)(void); | |
44608 | + int (* const enter)(suspend_state_t state); | |
44609 | + void (* const wake)(void); | |
44610 | + void (* const finish)(void); | |
44611 | + void (* const end)(void); | |
44612 | + void (* const recover)(void); | |
44613 | }; | |
44614 | ||
44615 | #ifdef CONFIG_SUSPEND | |
44616 | @@ -120,7 +120,7 @@ struct platform_suspend_ops { | |
44617 | * suspend_set_ops - set platform dependent suspend operations | |
44618 | * @ops: The new suspend operations to set. | |
44619 | */ | |
44620 | -extern void suspend_set_ops(struct platform_suspend_ops *ops); | |
44621 | +extern void suspend_set_ops(const struct platform_suspend_ops *ops); | |
44622 | extern int suspend_valid_only_mem(suspend_state_t state); | |
44623 | ||
44624 | /** | |
44625 | @@ -145,7 +145,7 @@ extern int pm_suspend(suspend_state_t st | |
44626 | #else /* !CONFIG_SUSPEND */ | |
44627 | #define suspend_valid_only_mem NULL | |
44628 | ||
44629 | -static inline void suspend_set_ops(struct platform_suspend_ops *ops) {} | |
44630 | +static inline void suspend_set_ops(const struct platform_suspend_ops *ops) {} | |
44631 | static inline int pm_suspend(suspend_state_t state) { return -ENOSYS; } | |
44632 | #endif /* !CONFIG_SUSPEND */ | |
44633 | ||
44634 | @@ -215,16 +215,16 @@ extern void mark_free_pages(struct zone | |
44635 | * platforms which require special recovery actions in that situation. | |
44636 | */ | |
44637 | struct platform_hibernation_ops { | |
44638 | - int (*begin)(void); | |
44639 | - void (*end)(void); | |
44640 | - int (*pre_snapshot)(void); | |
44641 | - void (*finish)(void); | |
44642 | - int (*prepare)(void); | |
44643 | - int (*enter)(void); | |
44644 | - void (*leave)(void); | |
44645 | - int (*pre_restore)(void); | |
44646 | - void (*restore_cleanup)(void); | |
44647 | - void (*recover)(void); | |
44648 | + int (* const begin)(void); | |
44649 | + void (* const end)(void); | |
44650 | + int (* const pre_snapshot)(void); | |
44651 | + void (* const finish)(void); | |
44652 | + int (* const prepare)(void); | |
44653 | + int (* const enter)(void); | |
44654 | + void (* const leave)(void); | |
44655 | + int (* const pre_restore)(void); | |
44656 | + void (* const restore_cleanup)(void); | |
44657 | + void (* const recover)(void); | |
44658 | }; | |
44659 | ||
44660 | #ifdef CONFIG_HIBERNATION | |
44661 | @@ -243,7 +243,7 @@ extern void swsusp_set_page_free(struct | |
44662 | extern void swsusp_unset_page_free(struct page *); | |
44663 | extern unsigned long get_safe_page(gfp_t gfp_mask); | |
44664 | ||
44665 | -extern void hibernation_set_ops(struct platform_hibernation_ops *ops); | |
44666 | +extern void hibernation_set_ops(const struct platform_hibernation_ops *ops); | |
44667 | extern int hibernate(void); | |
44668 | extern bool system_entering_hibernation(void); | |
44669 | #else /* CONFIG_HIBERNATION */ | |
44670 | @@ -251,7 +251,7 @@ static inline int swsusp_page_is_forbidd | |
44671 | static inline void swsusp_set_page_free(struct page *p) {} | |
44672 | static inline void swsusp_unset_page_free(struct page *p) {} | |
44673 | ||
44674 | -static inline void hibernation_set_ops(struct platform_hibernation_ops *ops) {} | |
44675 | +static inline void hibernation_set_ops(const struct platform_hibernation_ops *ops) {} | |
44676 | static inline int hibernate(void) { return -ENOSYS; } | |
44677 | static inline bool system_entering_hibernation(void) { return false; } | |
44678 | #endif /* CONFIG_HIBERNATION */ | |
44679 | diff -urNp linux-2.6.33.1/include/linux/sysctl.h linux-2.6.33.1/include/linux/sysctl.h | |
44680 | --- linux-2.6.33.1/include/linux/sysctl.h 2010-03-15 12:09:39.000000000 -0400 | |
44681 | +++ linux-2.6.33.1/include/linux/sysctl.h 2010-03-20 16:58:41.924637706 -0400 | |
44682 | @@ -155,7 +155,11 @@ enum | |
58c5fc13 MT |
44683 | KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */ |
44684 | }; | |
44685 | ||
44686 | - | |
44687 | +#ifdef CONFIG_PAX_SOFTMODE | |
44688 | +enum { | |
44689 | + PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */ | |
44690 | +}; | |
44691 | +#endif | |
44692 | ||
44693 | /* CTL_VM names: */ | |
44694 | enum | |
ae4e228f MT |
44695 | diff -urNp linux-2.6.33.1/include/linux/sysfs.h linux-2.6.33.1/include/linux/sysfs.h |
44696 | --- linux-2.6.33.1/include/linux/sysfs.h 2010-03-15 12:09:39.000000000 -0400 | |
44697 | +++ linux-2.6.33.1/include/linux/sysfs.h 2010-03-20 16:58:41.924637706 -0400 | |
44698 | @@ -75,8 +75,8 @@ struct bin_attribute { | |
44699 | }; | |
44700 | ||
44701 | struct sysfs_ops { | |
44702 | - ssize_t (*show)(struct kobject *, struct attribute *,char *); | |
44703 | - ssize_t (*store)(struct kobject *,struct attribute *,const char *, size_t); | |
44704 | + ssize_t (* const show)(struct kobject *, struct attribute *,char *); | |
44705 | + ssize_t (* const store)(struct kobject *,struct attribute *,const char *, size_t); | |
44706 | }; | |
44707 | ||
44708 | struct sysfs_dirent; | |
44709 | diff -urNp linux-2.6.33.1/include/linux/thread_info.h linux-2.6.33.1/include/linux/thread_info.h | |
44710 | --- linux-2.6.33.1/include/linux/thread_info.h 2010-03-15 12:09:39.000000000 -0400 | |
44711 | +++ linux-2.6.33.1/include/linux/thread_info.h 2010-03-20 16:58:41.924637706 -0400 | |
58c5fc13 MT |
44712 | @@ -23,7 +23,7 @@ struct restart_block { |
44713 | }; | |
44714 | /* For futex_wait and futex_wait_requeue_pi */ | |
44715 | struct { | |
44716 | - u32 *uaddr; | |
44717 | + u32 __user *uaddr; | |
44718 | u32 val; | |
44719 | u32 flags; | |
44720 | u32 bitset; | |
ae4e228f MT |
44721 | diff -urNp linux-2.6.33.1/include/linux/tty.h linux-2.6.33.1/include/linux/tty.h |
44722 | --- linux-2.6.33.1/include/linux/tty.h 2010-03-15 12:09:39.000000000 -0400 | |
44723 | +++ linux-2.6.33.1/include/linux/tty.h 2010-03-20 16:58:41.924637706 -0400 | |
44724 | @@ -13,6 +13,7 @@ | |
44725 | #include <linux/tty_driver.h> | |
44726 | #include <linux/tty_ldisc.h> | |
44727 | #include <linux/mutex.h> | |
44728 | +#include <linux/poll.h> | |
44729 | ||
44730 | #include <asm/system.h> | |
44731 | ||
44732 | @@ -440,7 +441,6 @@ extern int tty_perform_flush(struct tty_ | |
44733 | extern dev_t tty_devnum(struct tty_struct *tty); | |
44734 | extern void proc_clear_tty(struct task_struct *p); | |
44735 | extern struct tty_struct *get_current_tty(void); | |
44736 | -extern void tty_default_fops(struct file_operations *fops); | |
44737 | extern struct tty_struct *alloc_tty_struct(void); | |
44738 | extern void free_tty_struct(struct tty_struct *tty); | |
44739 | extern void initialize_tty_struct(struct tty_struct *tty, | |
44740 | @@ -501,6 +501,18 @@ extern void tty_ldisc_begin(void); | |
44741 | /* This last one is just for the tty layer internals and shouldn't be used elsewhere */ | |
44742 | extern void tty_ldisc_enable(struct tty_struct *tty); | |
44743 | ||
44744 | +/* tty_io.c */ | |
44745 | +extern ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); | |
44746 | +extern ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *); | |
44747 | +extern unsigned int tty_poll(struct file *, poll_table *); | |
44748 | +#ifdef CONFIG_COMPAT | |
44749 | +extern long tty_compat_ioctl(struct file *file, unsigned int cmd, | |
44750 | + unsigned long arg); | |
44751 | +#else | |
44752 | +#define tty_compat_ioctl NULL | |
44753 | +#endif | |
44754 | +extern int tty_release(struct inode *, struct file *); | |
44755 | +extern int tty_fasync(int fd, struct file *filp, int on); | |
44756 | ||
44757 | /* n_tty.c */ | |
44758 | extern struct tty_ldisc_ops tty_ldisc_N_TTY; | |
44759 | diff -urNp linux-2.6.33.1/include/linux/tty_ldisc.h linux-2.6.33.1/include/linux/tty_ldisc.h | |
44760 | --- linux-2.6.33.1/include/linux/tty_ldisc.h 2010-03-15 12:09:39.000000000 -0400 | |
44761 | +++ linux-2.6.33.1/include/linux/tty_ldisc.h 2010-03-20 16:58:41.924637706 -0400 | |
58c5fc13 MT |
44762 | @@ -139,7 +139,7 @@ struct tty_ldisc_ops { |
44763 | ||
44764 | struct module *owner; | |
44765 | ||
44766 | - int refcount; | |
44767 | + atomic_t refcount; | |
44768 | }; | |
44769 | ||
44770 | struct tty_ldisc { | |
ae4e228f MT |
44771 | diff -urNp linux-2.6.33.1/include/linux/types.h linux-2.6.33.1/include/linux/types.h |
44772 | --- linux-2.6.33.1/include/linux/types.h 2010-03-15 12:09:39.000000000 -0400 | |
44773 | +++ linux-2.6.33.1/include/linux/types.h 2010-03-20 16:58:41.924637706 -0400 | |
58c5fc13 MT |
44774 | @@ -191,10 +191,26 @@ typedef struct { |
44775 | volatile int counter; | |
44776 | } atomic_t; | |
44777 | ||
44778 | +#ifdef CONFIG_PAX_REFCOUNT | |
44779 | +typedef struct { | |
44780 | + volatile int counter; | |
44781 | +} atomic_unchecked_t; | |
44782 | +#else | |
44783 | +typedef atomic_t atomic_unchecked_t; | |
44784 | +#endif | |
44785 | + | |
44786 | #ifdef CONFIG_64BIT | |
44787 | typedef struct { | |
44788 | volatile long counter; | |
44789 | } atomic64_t; | |
44790 | + | |
44791 | +#ifdef CONFIG_PAX_REFCOUNT | |
44792 | +typedef struct { | |
44793 | + volatile long counter; | |
44794 | +} atomic64_unchecked_t; | |
44795 | +#else | |
44796 | +typedef atomic64_t atomic64_unchecked_t; | |
44797 | +#endif | |
44798 | #endif | |
44799 | ||
44800 | struct ustat { | |
ae4e228f MT |
44801 | diff -urNp linux-2.6.33.1/include/linux/uaccess.h linux-2.6.33.1/include/linux/uaccess.h |
44802 | --- linux-2.6.33.1/include/linux/uaccess.h 2010-03-15 12:09:39.000000000 -0400 | |
44803 | +++ linux-2.6.33.1/include/linux/uaccess.h 2010-03-20 16:58:41.924637706 -0400 | |
58c5fc13 MT |
44804 | @@ -76,11 +76,11 @@ static inline unsigned long __copy_from_ |
44805 | long ret; \ | |
44806 | mm_segment_t old_fs = get_fs(); \ | |
44807 | \ | |
44808 | - set_fs(KERNEL_DS); \ | |
44809 | pagefault_disable(); \ | |
44810 | + set_fs(KERNEL_DS); \ | |
44811 | ret = __copy_from_user_inatomic(&(retval), (__force typeof(retval) __user *)(addr), sizeof(retval)); \ | |
44812 | - pagefault_enable(); \ | |
44813 | set_fs(old_fs); \ | |
44814 | + pagefault_enable(); \ | |
44815 | ret; \ | |
44816 | }) | |
44817 | ||
ae4e228f MT |
44818 | @@ -93,8 +93,8 @@ static inline unsigned long __copy_from_ |
44819 | * Safely read from address @src to the buffer at @dst. If a kernel fault | |
44820 | * happens, handle that and return -EFAULT. | |
44821 | */ | |
44822 | -extern long probe_kernel_read(void *dst, void *src, size_t size); | |
44823 | -extern long __probe_kernel_read(void *dst, void *src, size_t size); | |
44824 | +extern long probe_kernel_read(void *dst, const void *src, size_t size); | |
44825 | +extern long __probe_kernel_read(void *dst, const void *src, size_t size); | |
44826 | ||
44827 | /* | |
44828 | * probe_kernel_write(): safely attempt to write to a location | |
44829 | @@ -105,7 +105,7 @@ extern long __probe_kernel_read(void *ds | |
44830 | * Safely write to address @dst from the buffer at @src. If a kernel fault | |
44831 | * happens, handle that and return -EFAULT. | |
44832 | */ | |
44833 | -extern long notrace probe_kernel_write(void *dst, void *src, size_t size); | |
44834 | -extern long notrace __probe_kernel_write(void *dst, void *src, size_t size); | |
44835 | +extern long notrace probe_kernel_write(void *dst, const void *src, size_t size); | |
44836 | +extern long notrace __probe_kernel_write(void *dst, const void *src, size_t size); | |
44837 | ||
44838 | #endif /* __LINUX_UACCESS_H__ */ | |
44839 | diff -urNp linux-2.6.33.1/include/linux/vmalloc.h linux-2.6.33.1/include/linux/vmalloc.h | |
44840 | --- linux-2.6.33.1/include/linux/vmalloc.h 2010-03-15 12:09:39.000000000 -0400 | |
44841 | +++ linux-2.6.33.1/include/linux/vmalloc.h 2010-03-20 16:58:41.928524770 -0400 | |
58c5fc13 MT |
44842 | @@ -13,6 +13,11 @@ struct vm_area_struct; /* vma defining |
44843 | #define VM_MAP 0x00000004 /* vmap()ed pages */ | |
44844 | #define VM_USERMAP 0x00000008 /* suitable for remap_vmalloc_range */ | |
44845 | #define VM_VPAGES 0x00000010 /* buffer for pages was vmalloc'ed */ | |
44846 | + | |
44847 | +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) | |
44848 | +#define VM_KERNEXEC 0x00000020 /* allocate from executable kernel memory range */ | |
44849 | +#endif | |
44850 | + | |
44851 | /* bits [20..32] reserved for arch specific ioremap internals */ | |
44852 | ||
44853 | /* | |
ae4e228f MT |
44854 | @@ -121,4 +126,81 @@ struct vm_struct **pcpu_get_vm_areas(con |
44855 | ||
44856 | void pcpu_free_vm_areas(struct vm_struct **vms, int nr_vms); | |
58c5fc13 MT |
44857 | |
44858 | +#define vmalloc(x) \ | |
44859 | +({ \ | |
44860 | + void *___retval; \ | |
44861 | + intoverflow_t ___x = (intoverflow_t)x; \ | |
44862 | + if (WARN(___x > ULONG_MAX, "vmalloc size overflow\n")) \ | |
44863 | + ___retval = NULL; \ | |
44864 | + else \ | |
44865 | + ___retval = vmalloc((unsigned long)___x); \ | |
44866 | + ___retval; \ | |
44867 | +}) | |
44868 | + | |
44869 | +#define __vmalloc(x, y, z) \ | |
44870 | +({ \ | |
44871 | + void *___retval; \ | |
44872 | + intoverflow_t ___x = (intoverflow_t)x; \ | |
44873 | + if (WARN(___x > ULONG_MAX, "__vmalloc size overflow\n"))\ | |
44874 | + ___retval = NULL; \ | |
44875 | + else \ | |
44876 | + ___retval = __vmalloc((unsigned long)___x, (y), (z));\ | |
44877 | + ___retval; \ | |
44878 | +}) | |
44879 | + | |
44880 | +#define vmalloc_user(x) \ | |
44881 | +({ \ | |
44882 | + void *___retval; \ | |
44883 | + intoverflow_t ___x = (intoverflow_t)x; \ | |
44884 | + if (WARN(___x > ULONG_MAX, "vmalloc_user size overflow\n"))\ | |
44885 | + ___retval = NULL; \ | |
44886 | + else \ | |
44887 | + ___retval = vmalloc_user((unsigned long)___x); \ | |
44888 | + ___retval; \ | |
44889 | +}) | |
44890 | + | |
44891 | +#define vmalloc_exec(x) \ | |
44892 | +({ \ | |
44893 | + void *___retval; \ | |
44894 | + intoverflow_t ___x = (intoverflow_t)x; \ | |
44895 | + if (WARN(___x > ULONG_MAX, "vmalloc_exec size overflow\n"))\ | |
44896 | + ___retval = NULL; \ | |
44897 | + else \ | |
44898 | + ___retval = vmalloc_exec((unsigned long)___x); \ | |
44899 | + ___retval; \ | |
44900 | +}) | |
44901 | + | |
44902 | +#define vmalloc_node(x, y) \ | |
44903 | +({ \ | |
44904 | + void *___retval; \ | |
44905 | + intoverflow_t ___x = (intoverflow_t)x; \ | |
44906 | + if (WARN(___x > ULONG_MAX, "vmalloc_node size overflow\n"))\ | |
44907 | + ___retval = NULL; \ | |
44908 | + else \ | |
44909 | + ___retval = vmalloc_node((unsigned long)___x, (y));\ | |
44910 | + ___retval; \ | |
44911 | +}) | |
44912 | + | |
44913 | +#define vmalloc_32(x) \ | |
44914 | +({ \ | |
44915 | + void *___retval; \ | |
44916 | + intoverflow_t ___x = (intoverflow_t)x; \ | |
44917 | + if (WARN(___x > ULONG_MAX, "vmalloc_32 size overflow\n"))\ | |
44918 | + ___retval = NULL; \ | |
44919 | + else \ | |
44920 | + ___retval = vmalloc_32((unsigned long)___x); \ | |
44921 | + ___retval; \ | |
44922 | +}) | |
44923 | + | |
44924 | +#define vmalloc_32_user(x) \ | |
44925 | +({ \ | |
44926 | + void *___retval; \ | |
44927 | + intoverflow_t ___x = (intoverflow_t)x; \ | |
44928 | + if (WARN(___x > ULONG_MAX, "vmalloc_32_user size overflow\n"))\ | |
44929 | + ___retval = NULL; \ | |
44930 | + else \ | |
44931 | + ___retval = vmalloc_32_user((unsigned long)___x);\ | |
44932 | + ___retval; \ | |
44933 | +}) | |
44934 | + | |
44935 | #endif /* _LINUX_VMALLOC_H */ | |
ae4e228f MT |
44936 | diff -urNp linux-2.6.33.1/include/net/irda/ircomm_tty.h linux-2.6.33.1/include/net/irda/ircomm_tty.h |
44937 | --- linux-2.6.33.1/include/net/irda/ircomm_tty.h 2010-03-15 12:09:39.000000000 -0400 | |
44938 | +++ linux-2.6.33.1/include/net/irda/ircomm_tty.h 2010-03-20 16:58:41.928524770 -0400 | |
58c5fc13 MT |
44939 | @@ -105,8 +105,8 @@ struct ircomm_tty_cb { |
44940 | unsigned short close_delay; | |
44941 | unsigned short closing_wait; /* time to wait before closing */ | |
44942 | ||
44943 | - int open_count; | |
44944 | - int blocked_open; /* # of blocked opens */ | |
44945 | + atomic_t open_count; | |
44946 | + atomic_t blocked_open; /* # of blocked opens */ | |
44947 | ||
44948 | /* Protect concurent access to : | |
44949 | * o self->open_count | |
ae4e228f MT |
44950 | diff -urNp linux-2.6.33.1/include/net/neighbour.h linux-2.6.33.1/include/net/neighbour.h |
44951 | --- linux-2.6.33.1/include/net/neighbour.h 2010-03-15 12:09:39.000000000 -0400 | |
44952 | +++ linux-2.6.33.1/include/net/neighbour.h 2010-03-20 16:58:41.928524770 -0400 | |
44953 | @@ -116,12 +116,12 @@ struct neighbour { | |
44954 | ||
44955 | struct neigh_ops { | |
44956 | int family; | |
44957 | - void (*solicit)(struct neighbour *, struct sk_buff*); | |
44958 | - void (*error_report)(struct neighbour *, struct sk_buff*); | |
44959 | - int (*output)(struct sk_buff*); | |
44960 | - int (*connected_output)(struct sk_buff*); | |
44961 | - int (*hh_output)(struct sk_buff*); | |
44962 | - int (*queue_xmit)(struct sk_buff*); | |
44963 | + void (* const solicit)(struct neighbour *, struct sk_buff*); | |
44964 | + void (* const error_report)(struct neighbour *, struct sk_buff*); | |
44965 | + int (* const output)(struct sk_buff*); | |
44966 | + int (* const connected_output)(struct sk_buff*); | |
44967 | + int (* const hh_output)(struct sk_buff*); | |
44968 | + int (* const queue_xmit)(struct sk_buff*); | |
44969 | }; | |
44970 | ||
44971 | struct pneigh_entry { | |
44972 | diff -urNp linux-2.6.33.1/include/net/sctp/sctp.h linux-2.6.33.1/include/net/sctp/sctp.h | |
44973 | --- linux-2.6.33.1/include/net/sctp/sctp.h 2010-03-15 12:09:39.000000000 -0400 | |
44974 | +++ linux-2.6.33.1/include/net/sctp/sctp.h 2010-03-20 16:58:41.928524770 -0400 | |
44975 | @@ -304,8 +304,8 @@ extern int sctp_debug_flag; | |
58c5fc13 MT |
44976 | |
44977 | #else /* SCTP_DEBUG */ | |
44978 | ||
44979 | -#define SCTP_DEBUG_PRINTK(whatever...) | |
44980 | -#define SCTP_DEBUG_PRINTK_IPADDR(whatever...) | |
44981 | +#define SCTP_DEBUG_PRINTK(whatever...) do {} while (0) | |
44982 | +#define SCTP_DEBUG_PRINTK_IPADDR(whatever...) do {} while (0) | |
44983 | #define SCTP_ENABLE_DEBUG | |
44984 | #define SCTP_DISABLE_DEBUG | |
44985 | #define SCTP_ASSERT(expr, str, func) | |
ae4e228f MT |
44986 | diff -urNp linux-2.6.33.1/include/net/tcp.h linux-2.6.33.1/include/net/tcp.h |
44987 | --- linux-2.6.33.1/include/net/tcp.h 2010-03-15 12:09:39.000000000 -0400 | |
44988 | +++ linux-2.6.33.1/include/net/tcp.h 2010-03-20 16:58:41.928524770 -0400 | |
44989 | @@ -1392,6 +1392,7 @@ enum tcp_seq_states { | |
44990 | struct tcp_seq_afinfo { | |
44991 | char *name; | |
44992 | sa_family_t family; | |
44993 | + /* cannot be const */ | |
44994 | struct file_operations seq_fops; | |
44995 | struct seq_operations seq_ops; | |
44996 | }; | |
44997 | diff -urNp linux-2.6.33.1/include/net/udp.h linux-2.6.33.1/include/net/udp.h | |
44998 | --- linux-2.6.33.1/include/net/udp.h 2010-03-15 12:09:39.000000000 -0400 | |
44999 | +++ linux-2.6.33.1/include/net/udp.h 2010-03-20 16:58:41.928524770 -0400 | |
45000 | @@ -221,6 +221,7 @@ struct udp_seq_afinfo { | |
45001 | char *name; | |
45002 | sa_family_t family; | |
45003 | struct udp_table *udp_table; | |
45004 | + /* cannot be const */ | |
45005 | struct file_operations seq_fops; | |
45006 | struct seq_operations seq_ops; | |
45007 | }; | |
45008 | diff -urNp linux-2.6.33.1/include/sound/ac97_codec.h linux-2.6.33.1/include/sound/ac97_codec.h | |
45009 | --- linux-2.6.33.1/include/sound/ac97_codec.h 2010-03-15 12:09:39.000000000 -0400 | |
45010 | +++ linux-2.6.33.1/include/sound/ac97_codec.h 2010-03-20 16:58:41.928524770 -0400 | |
45011 | @@ -419,15 +419,15 @@ | |
45012 | struct snd_ac97; | |
45013 | ||
45014 | struct snd_ac97_build_ops { | |
45015 | - int (*build_3d) (struct snd_ac97 *ac97); | |
45016 | - int (*build_specific) (struct snd_ac97 *ac97); | |
45017 | - int (*build_spdif) (struct snd_ac97 *ac97); | |
45018 | - int (*build_post_spdif) (struct snd_ac97 *ac97); | |
45019 | + int (* const build_3d) (struct snd_ac97 *ac97); | |
45020 | + int (* const build_specific) (struct snd_ac97 *ac97); | |
45021 | + int (* const build_spdif) (struct snd_ac97 *ac97); | |
45022 | + int (* const build_post_spdif) (struct snd_ac97 *ac97); | |
45023 | #ifdef CONFIG_PM | |
45024 | - void (*suspend) (struct snd_ac97 *ac97); | |
45025 | - void (*resume) (struct snd_ac97 *ac97); | |
45026 | + void (* const suspend) (struct snd_ac97 *ac97); | |
45027 | + void (* const resume) (struct snd_ac97 *ac97); | |
58c5fc13 | 45028 | #endif |
ae4e228f MT |
45029 | - void (*update_jacks) (struct snd_ac97 *ac97); /* for jack-sharing */ |
45030 | + void (* const update_jacks) (struct snd_ac97 *ac97); /* for jack-sharing */ | |
45031 | }; | |
45032 | ||
45033 | struct snd_ac97_bus_ops { | |
45034 | @@ -477,7 +477,7 @@ struct snd_ac97_template { | |
45035 | ||
45036 | struct snd_ac97 { | |
45037 | /* -- lowlevel (hardware) driver specific -- */ | |
45038 | - struct snd_ac97_build_ops * build_ops; | |
45039 | + const struct snd_ac97_build_ops * build_ops; | |
45040 | void *private_data; | |
45041 | void (*private_free) (struct snd_ac97 *ac97); | |
45042 | /* --- */ | |
45043 | diff -urNp linux-2.6.33.1/include/trace/events/irq.h linux-2.6.33.1/include/trace/events/irq.h | |
45044 | --- linux-2.6.33.1/include/trace/events/irq.h 2010-03-15 12:09:39.000000000 -0400 | |
45045 | +++ linux-2.6.33.1/include/trace/events/irq.h 2010-03-20 16:58:41.928524770 -0400 | |
45046 | @@ -34,7 +34,7 @@ | |
45047 | */ | |
45048 | TRACE_EVENT(irq_handler_entry, | |
45049 | ||
45050 | - TP_PROTO(int irq, struct irqaction *action), | |
45051 | + TP_PROTO(int irq, const struct irqaction *action), | |
45052 | ||
45053 | TP_ARGS(irq, action), | |
45054 | ||
45055 | @@ -64,7 +64,7 @@ TRACE_EVENT(irq_handler_entry, | |
45056 | */ | |
45057 | TRACE_EVENT(irq_handler_exit, | |
45058 | ||
45059 | - TP_PROTO(int irq, struct irqaction *action, int ret), | |
45060 | + TP_PROTO(int irq, const struct irqaction *action, int ret), | |
45061 | ||
45062 | TP_ARGS(irq, action, ret), | |
45063 | ||
45064 | @@ -84,7 +84,7 @@ TRACE_EVENT(irq_handler_exit, | |
58c5fc13 | 45065 | |
ae4e228f | 45066 | DECLARE_EVENT_CLASS(softirq, |
58c5fc13 | 45067 | |
ae4e228f MT |
45068 | - TP_PROTO(struct softirq_action *h, struct softirq_action *vec), |
45069 | + TP_PROTO(const struct softirq_action *h, const struct softirq_action *vec), | |
45070 | ||
45071 | TP_ARGS(h, vec), | |
45072 | ||
45073 | @@ -113,7 +113,7 @@ DECLARE_EVENT_CLASS(softirq, | |
45074 | */ | |
45075 | DEFINE_EVENT(softirq, softirq_entry, | |
45076 | ||
45077 | - TP_PROTO(struct softirq_action *h, struct softirq_action *vec), | |
45078 | + TP_PROTO(const struct softirq_action *h, const struct softirq_action *vec), | |
45079 | ||
45080 | TP_ARGS(h, vec) | |
45081 | ); | |
45082 | @@ -131,7 +131,7 @@ DEFINE_EVENT(softirq, softirq_entry, | |
45083 | */ | |
45084 | DEFINE_EVENT(softirq, softirq_exit, | |
45085 | ||
45086 | - TP_PROTO(struct softirq_action *h, struct softirq_action *vec), | |
45087 | + TP_PROTO(const struct softirq_action *h, const struct softirq_action *vec), | |
45088 | ||
45089 | TP_ARGS(h, vec) | |
45090 | ); | |
45091 | diff -urNp linux-2.6.33.1/include/video/uvesafb.h linux-2.6.33.1/include/video/uvesafb.h | |
45092 | --- linux-2.6.33.1/include/video/uvesafb.h 2010-03-15 12:09:39.000000000 -0400 | |
45093 | +++ linux-2.6.33.1/include/video/uvesafb.h 2010-03-20 16:58:41.928524770 -0400 | |
58c5fc13 MT |
45094 | @@ -177,6 +177,7 @@ struct uvesafb_par { |
45095 | u8 ypan; /* 0 - nothing, 1 - ypan, 2 - ywrap */ | |
45096 | u8 pmi_setpal; /* PMI for palette changes */ | |
45097 | u16 *pmi_base; /* protected mode interface location */ | |
45098 | + u8 *pmi_code; /* protected mode code location */ | |
45099 | void *pmi_start; | |
45100 | void *pmi_pal; | |
45101 | u8 *vbe_state_orig; /* | |
ae4e228f MT |
45102 | diff -urNp linux-2.6.33.1/init/do_mounts.c linux-2.6.33.1/init/do_mounts.c |
45103 | --- linux-2.6.33.1/init/do_mounts.c 2010-03-15 12:09:39.000000000 -0400 | |
45104 | +++ linux-2.6.33.1/init/do_mounts.c 2010-03-20 16:58:41.936928392 -0400 | |
58c5fc13 MT |
45105 | @@ -216,11 +216,11 @@ static void __init get_fs_names(char *pa |
45106 | ||
45107 | static int __init do_mount_root(char *name, char *fs, int flags, void *data) | |
45108 | { | |
45109 | - int err = sys_mount(name, "/root", fs, flags, data); | |
ae4e228f | 45110 | + int err = sys_mount((__force char __user *)name, (__force char __user *)"/root", (__force char __user *)fs, flags, (__force void __user *)data); |
58c5fc13 MT |
45111 | if (err) |
45112 | return err; | |
45113 | ||
45114 | - sys_chdir("/root"); | |
ae4e228f | 45115 | + sys_chdir((__force char __user *)"/root"); |
58c5fc13 MT |
45116 | ROOT_DEV = current->fs->pwd.mnt->mnt_sb->s_dev; |
45117 | printk("VFS: Mounted root (%s filesystem)%s on device %u:%u.\n", | |
45118 | current->fs->pwd.mnt->mnt_sb->s_type->name, | |
45119 | @@ -311,18 +311,18 @@ void __init change_floppy(char *fmt, ... | |
45120 | va_start(args, fmt); | |
45121 | vsprintf(buf, fmt, args); | |
45122 | va_end(args); | |
45123 | - fd = sys_open("/dev/root", O_RDWR | O_NDELAY, 0); | |
45124 | + fd = sys_open((char __user *)"/dev/root", O_RDWR | O_NDELAY, 0); | |
45125 | if (fd >= 0) { | |
45126 | sys_ioctl(fd, FDEJECT, 0); | |
45127 | sys_close(fd); | |
45128 | } | |
45129 | printk(KERN_NOTICE "VFS: Insert %s and press ENTER\n", buf); | |
45130 | - fd = sys_open("/dev/console", O_RDWR, 0); | |
45131 | + fd = sys_open((char __user *)"/dev/console", O_RDWR, 0); | |
45132 | if (fd >= 0) { | |
45133 | sys_ioctl(fd, TCGETS, (long)&termios); | |
45134 | termios.c_lflag &= ~ICANON; | |
45135 | sys_ioctl(fd, TCSETSF, (long)&termios); | |
45136 | - sys_read(fd, &c, 1); | |
45137 | + sys_read(fd, (char __user *)&c, 1); | |
45138 | termios.c_lflag |= ICANON; | |
45139 | sys_ioctl(fd, TCSETSF, (long)&termios); | |
45140 | sys_close(fd); | |
ae4e228f | 45141 | @@ -416,6 +416,6 @@ void __init prepare_namespace(void) |
58c5fc13 MT |
45142 | mount_root(); |
45143 | out: | |
ae4e228f | 45144 | devtmpfs_mount("dev"); |
58c5fc13 MT |
45145 | - sys_mount(".", "/", NULL, MS_MOVE, NULL); |
45146 | - sys_chroot("."); | |
ae4e228f MT |
45147 | + sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL); |
45148 | + sys_chroot((__force char __user *)"."); | |
58c5fc13 | 45149 | } |
ae4e228f MT |
45150 | diff -urNp linux-2.6.33.1/init/do_mounts.h linux-2.6.33.1/init/do_mounts.h |
45151 | --- linux-2.6.33.1/init/do_mounts.h 2010-03-15 12:09:39.000000000 -0400 | |
45152 | +++ linux-2.6.33.1/init/do_mounts.h 2010-03-20 16:58:41.973158089 -0400 | |
58c5fc13 MT |
45153 | @@ -15,15 +15,15 @@ extern int root_mountflags; |
45154 | ||
45155 | static inline int create_dev(char *name, dev_t dev) | |
45156 | { | |
45157 | - sys_unlink(name); | |
45158 | - return sys_mknod(name, S_IFBLK|0600, new_encode_dev(dev)); | |
ae4e228f MT |
45159 | + sys_unlink((__force char __user *)name); |
45160 | + return sys_mknod((__force char __user *)name, S_IFBLK|0600, new_encode_dev(dev)); | |
58c5fc13 MT |
45161 | } |
45162 | ||
45163 | #if BITS_PER_LONG == 32 | |
45164 | static inline u32 bstat(char *name) | |
45165 | { | |
45166 | struct stat64 stat; | |
45167 | - if (sys_stat64(name, &stat) != 0) | |
ae4e228f | 45168 | + if (sys_stat64((__force char __user *)name, (__force struct stat64 __user *)&stat) != 0) |
58c5fc13 MT |
45169 | return 0; |
45170 | if (!S_ISBLK(stat.st_mode)) | |
45171 | return 0; | |
ae4e228f MT |
45172 | diff -urNp linux-2.6.33.1/init/do_mounts_initrd.c linux-2.6.33.1/init/do_mounts_initrd.c |
45173 | --- linux-2.6.33.1/init/do_mounts_initrd.c 2010-03-15 12:09:39.000000000 -0400 | |
45174 | +++ linux-2.6.33.1/init/do_mounts_initrd.c 2010-03-20 16:58:41.973158089 -0400 | |
58c5fc13 MT |
45175 | @@ -32,7 +32,7 @@ static int __init do_linuxrc(void * shel |
45176 | sys_close(old_fd);sys_close(root_fd); | |
45177 | sys_close(0);sys_close(1);sys_close(2); | |
45178 | sys_setsid(); | |
45179 | - (void) sys_open("/dev/console",O_RDWR,0); | |
ae4e228f | 45180 | + (void) sys_open((__force const char __user *)"/dev/console",O_RDWR,0); |
58c5fc13 MT |
45181 | (void) sys_dup(0); |
45182 | (void) sys_dup(0); | |
45183 | return kernel_execve(shell, argv, envp_init); | |
45184 | @@ -47,13 +47,13 @@ static void __init handle_initrd(void) | |
45185 | create_dev("/dev/root.old", Root_RAM0); | |
45186 | /* mount initrd on rootfs' /root */ | |
45187 | mount_block_root("/dev/root.old", root_mountflags & ~MS_RDONLY); | |
45188 | - sys_mkdir("/old", 0700); | |
45189 | - root_fd = sys_open("/", 0, 0); | |
45190 | - old_fd = sys_open("/old", 0, 0); | |
ae4e228f MT |
45191 | + sys_mkdir((__force const char __user *)"/old", 0700); |
45192 | + root_fd = sys_open((__force const char __user *)"/", 0, 0); | |
45193 | + old_fd = sys_open((__force const char __user *)"/old", 0, 0); | |
58c5fc13 MT |
45194 | /* move initrd over / and chdir/chroot in initrd root */ |
45195 | - sys_chdir("/root"); | |
45196 | - sys_mount(".", "/", NULL, MS_MOVE, NULL); | |
45197 | - sys_chroot("."); | |
ae4e228f MT |
45198 | + sys_chdir((__force const char __user *)"/root"); |
45199 | + sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL); | |
45200 | + sys_chroot((__force const char __user *)"."); | |
58c5fc13 MT |
45201 | |
45202 | /* | |
45203 | * In case that a resume from disk is carried out by linuxrc or one of | |
45204 | @@ -70,15 +70,15 @@ static void __init handle_initrd(void) | |
45205 | ||
45206 | /* move initrd to rootfs' /old */ | |
45207 | sys_fchdir(old_fd); | |
45208 | - sys_mount("/", ".", NULL, MS_MOVE, NULL); | |
ae4e228f | 45209 | + sys_mount((__force char __user *)"/", (__force char __user *)".", NULL, MS_MOVE, NULL); |
58c5fc13 MT |
45210 | /* switch root and cwd back to / of rootfs */ |
45211 | sys_fchdir(root_fd); | |
45212 | - sys_chroot("."); | |
ae4e228f | 45213 | + sys_chroot((__force const char __user *)"."); |
58c5fc13 MT |
45214 | sys_close(old_fd); |
45215 | sys_close(root_fd); | |
45216 | ||
45217 | if (new_decode_dev(real_root_dev) == Root_RAM0) { | |
45218 | - sys_chdir("/old"); | |
ae4e228f | 45219 | + sys_chdir((__force const char __user *)"/old"); |
58c5fc13 MT |
45220 | return; |
45221 | } | |
45222 | ||
45223 | @@ -86,17 +86,17 @@ static void __init handle_initrd(void) | |
45224 | mount_root(); | |
45225 | ||
45226 | printk(KERN_NOTICE "Trying to move old root to /initrd ... "); | |
45227 | - error = sys_mount("/old", "/root/initrd", NULL, MS_MOVE, NULL); | |
ae4e228f | 45228 | + error = sys_mount((__force char __user *)"/old", (__force char __user *)"/root/initrd", NULL, MS_MOVE, NULL); |
58c5fc13 MT |
45229 | if (!error) |
45230 | printk("okay\n"); | |
45231 | else { | |
45232 | - int fd = sys_open("/dev/root.old", O_RDWR, 0); | |
ae4e228f | 45233 | + int fd = sys_open((__force const char __user *)"/dev/root.old", O_RDWR, 0); |
58c5fc13 MT |
45234 | if (error == -ENOENT) |
45235 | printk("/initrd does not exist. Ignored.\n"); | |
45236 | else | |
45237 | printk("failed\n"); | |
45238 | printk(KERN_NOTICE "Unmounting old root\n"); | |
45239 | - sys_umount("/old", MNT_DETACH); | |
ae4e228f | 45240 | + sys_umount((__force char __user *)"/old", MNT_DETACH); |
58c5fc13 MT |
45241 | printk(KERN_NOTICE "Trying to free ramdisk memory ... "); |
45242 | if (fd < 0) { | |
45243 | error = fd; | |
45244 | @@ -119,11 +119,11 @@ int __init initrd_load(void) | |
45245 | * mounted in the normal path. | |
45246 | */ | |
45247 | if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) { | |
45248 | - sys_unlink("/initrd.image"); | |
ae4e228f | 45249 | + sys_unlink((__force const char __user *)"/initrd.image"); |
58c5fc13 MT |
45250 | handle_initrd(); |
45251 | return 1; | |
45252 | } | |
45253 | } | |
45254 | - sys_unlink("/initrd.image"); | |
ae4e228f | 45255 | + sys_unlink((__force const char __user *)"/initrd.image"); |
58c5fc13 MT |
45256 | return 0; |
45257 | } | |
ae4e228f MT |
45258 | diff -urNp linux-2.6.33.1/init/do_mounts_md.c linux-2.6.33.1/init/do_mounts_md.c |
45259 | --- linux-2.6.33.1/init/do_mounts_md.c 2010-03-15 12:09:39.000000000 -0400 | |
45260 | +++ linux-2.6.33.1/init/do_mounts_md.c 2010-03-20 16:58:41.973158089 -0400 | |
58c5fc13 MT |
45261 | @@ -170,7 +170,7 @@ static void __init md_setup_drive(void) |
45262 | partitioned ? "_d" : "", minor, | |
45263 | md_setup_args[ent].device_names); | |
45264 | ||
45265 | - fd = sys_open(name, 0, 0); | |
ae4e228f | 45266 | + fd = sys_open((__force char __user *)name, 0, 0); |
58c5fc13 MT |
45267 | if (fd < 0) { |
45268 | printk(KERN_ERR "md: open failed - cannot start " | |
45269 | "array %s\n", name); | |
45270 | @@ -233,7 +233,7 @@ static void __init md_setup_drive(void) | |
45271 | * array without it | |
45272 | */ | |
45273 | sys_close(fd); | |
45274 | - fd = sys_open(name, 0, 0); | |
ae4e228f | 45275 | + fd = sys_open((__force char __user *)name, 0, 0); |
58c5fc13 MT |
45276 | sys_ioctl(fd, BLKRRPART, 0); |
45277 | } | |
45278 | sys_close(fd); | |
45279 | @@ -283,7 +283,7 @@ static void __init autodetect_raid(void) | |
45280 | ||
45281 | wait_for_device_probe(); | |
45282 | ||
45283 | - fd = sys_open("/dev/md0", 0, 0); | |
ae4e228f | 45284 | + fd = sys_open((__force char __user *)"/dev/md0", 0, 0); |
58c5fc13 MT |
45285 | if (fd >= 0) { |
45286 | sys_ioctl(fd, RAID_AUTORUN, raid_autopart); | |
45287 | sys_close(fd); | |
ae4e228f MT |
45288 | diff -urNp linux-2.6.33.1/init/initramfs.c linux-2.6.33.1/init/initramfs.c |
45289 | --- linux-2.6.33.1/init/initramfs.c 2010-03-15 12:09:39.000000000 -0400 | |
45290 | +++ linux-2.6.33.1/init/initramfs.c 2010-03-20 16:58:41.973158089 -0400 | |
45291 | @@ -74,7 +74,7 @@ static void __init free_hash(void) | |
45292 | } | |
45293 | } | |
45294 | ||
45295 | -static long __init do_utime(char __user *filename, time_t mtime) | |
45296 | +static long __init do_utime(__force char __user *filename, time_t mtime) | |
45297 | { | |
45298 | struct timespec t[2]; | |
45299 | ||
45300 | @@ -109,7 +109,7 @@ static void __init dir_utime(void) | |
45301 | struct dir_entry *de, *tmp; | |
45302 | list_for_each_entry_safe(de, tmp, &dir_list, list) { | |
45303 | list_del(&de->list); | |
45304 | - do_utime(de->name, de->mtime); | |
45305 | + do_utime((__force char __user *)de->name, de->mtime); | |
45306 | kfree(de->name); | |
45307 | kfree(de); | |
45308 | } | |
58c5fc13 MT |
45309 | @@ -271,7 +271,7 @@ static int __init maybe_link(void) |
45310 | if (nlink >= 2) { | |
45311 | char *old = find_link(major, minor, ino, mode, collected); | |
45312 | if (old) | |
45313 | - return (sys_link(old, collected) < 0) ? -1 : 1; | |
ae4e228f | 45314 | + return (sys_link((__force char __user *)old, (__force char __user *)collected) < 0) ? -1 : 1; |
58c5fc13 MT |
45315 | } |
45316 | return 0; | |
45317 | } | |
45318 | @@ -280,11 +280,11 @@ static void __init clean_path(char *path | |
45319 | { | |
45320 | struct stat st; | |
45321 | ||
45322 | - if (!sys_newlstat(path, &st) && (st.st_mode^mode) & S_IFMT) { | |
ae4e228f | 45323 | + if (!sys_newlstat((__force char __user *)path, (__force struct stat __user *)&st) && (st.st_mode^mode) & S_IFMT) { |
58c5fc13 MT |
45324 | if (S_ISDIR(st.st_mode)) |
45325 | - sys_rmdir(path); | |
ae4e228f | 45326 | + sys_rmdir((__force char __user *)path); |
58c5fc13 MT |
45327 | else |
45328 | - sys_unlink(path); | |
ae4e228f | 45329 | + sys_unlink((__force char __user *)path); |
58c5fc13 MT |
45330 | } |
45331 | } | |
45332 | ||
45333 | @@ -305,7 +305,7 @@ static int __init do_name(void) | |
45334 | int openflags = O_WRONLY|O_CREAT; | |
45335 | if (ml != 1) | |
45336 | openflags |= O_TRUNC; | |
45337 | - wfd = sys_open(collected, openflags, mode); | |
ae4e228f | 45338 | + wfd = sys_open((__force char __user *)collected, openflags, mode); |
58c5fc13 MT |
45339 | |
45340 | if (wfd >= 0) { | |
45341 | sys_fchown(wfd, uid, gid); | |
ae4e228f | 45342 | @@ -317,17 +317,17 @@ static int __init do_name(void) |
58c5fc13 MT |
45343 | } |
45344 | } | |
45345 | } else if (S_ISDIR(mode)) { | |
45346 | - sys_mkdir(collected, mode); | |
45347 | - sys_chown(collected, uid, gid); | |
45348 | - sys_chmod(collected, mode); | |
ae4e228f MT |
45349 | + sys_mkdir((__force char __user *)collected, mode); |
45350 | + sys_chown((__force char __user *)collected, uid, gid); | |
45351 | + sys_chmod((__force char __user *)collected, mode); | |
58c5fc13 MT |
45352 | dir_add(collected, mtime); |
45353 | } else if (S_ISBLK(mode) || S_ISCHR(mode) || | |
45354 | S_ISFIFO(mode) || S_ISSOCK(mode)) { | |
45355 | if (maybe_link() == 0) { | |
45356 | - sys_mknod(collected, mode, rdev); | |
45357 | - sys_chown(collected, uid, gid); | |
45358 | - sys_chmod(collected, mode); | |
ae4e228f MT |
45359 | - do_utime(collected, mtime); |
45360 | + sys_mknod((__force char __user *)collected, mode, rdev); | |
45361 | + sys_chown((__force char __user *)collected, uid, gid); | |
45362 | + sys_chmod((__force char __user *)collected, mode); | |
45363 | + do_utime((__force char __user *)collected, mtime); | |
58c5fc13 MT |
45364 | } |
45365 | } | |
ae4e228f MT |
45366 | return 0; |
45367 | @@ -336,15 +336,15 @@ static int __init do_name(void) | |
58c5fc13 MT |
45368 | static int __init do_copy(void) |
45369 | { | |
45370 | if (count >= body_len) { | |
45371 | - sys_write(wfd, victim, body_len); | |
ae4e228f | 45372 | + sys_write(wfd, (__force char __user *)victim, body_len); |
58c5fc13 | 45373 | sys_close(wfd); |
ae4e228f MT |
45374 | - do_utime(vcollected, mtime); |
45375 | + do_utime((__force char __user *)vcollected, mtime); | |
58c5fc13 | 45376 | kfree(vcollected); |
ae4e228f | 45377 | eat(body_len); |
58c5fc13 MT |
45378 | state = SkipIt; |
45379 | return 0; | |
45380 | } else { | |
45381 | - sys_write(wfd, victim, count); | |
ae4e228f | 45382 | + sys_write(wfd, (__force char __user *)victim, count); |
58c5fc13 MT |
45383 | body_len -= count; |
45384 | eat(count); | |
45385 | return 1; | |
ae4e228f | 45386 | @@ -355,9 +355,9 @@ static int __init do_symlink(void) |
58c5fc13 MT |
45387 | { |
45388 | collected[N_ALIGN(name_len) + body_len] = '\0'; | |
45389 | clean_path(collected, 0); | |
45390 | - sys_symlink(collected + N_ALIGN(name_len), collected); | |
45391 | - sys_lchown(collected, uid, gid); | |
ae4e228f MT |
45392 | - do_utime(collected, mtime); |
45393 | + sys_symlink((__force char __user *)collected + N_ALIGN(name_len), (__force char __user *)collected); | |
45394 | + sys_lchown((__force char __user *)collected, uid, gid); | |
45395 | + do_utime((__force char __user *)collected, mtime); | |
58c5fc13 MT |
45396 | state = SkipIt; |
45397 | next_state = Reset; | |
ae4e228f MT |
45398 | return 0; |
45399 | diff -urNp linux-2.6.33.1/init/Kconfig linux-2.6.33.1/init/Kconfig | |
45400 | --- linux-2.6.33.1/init/Kconfig 2010-03-15 12:09:39.000000000 -0400 | |
45401 | +++ linux-2.6.33.1/init/Kconfig 2010-03-20 16:58:41.973158089 -0400 | |
45402 | @@ -1046,7 +1046,7 @@ config SLUB_DEBUG | |
58c5fc13 MT |
45403 | |
45404 | config COMPAT_BRK | |
45405 | bool "Disable heap randomization" | |
45406 | - default y | |
45407 | + default n | |
45408 | help | |
45409 | Randomizing heap placement makes heap exploits harder, but it | |
45410 | also breaks ancient binaries (including anything libc5 based). | |
ae4e228f | 45411 | @@ -1158,9 +1158,9 @@ config HAVE_GENERIC_DMA_COHERENT |
58c5fc13 MT |
45412 | |
45413 | config SLABINFO | |
45414 | bool | |
45415 | - depends on PROC_FS | |
45416 | + depends on PROC_FS && !GRKERNSEC_PROC_ADD | |
45417 | depends on SLAB || SLUB_DEBUG | |
45418 | - default y | |
45419 | + default n | |
45420 | ||
45421 | config RT_MUTEXES | |
45422 | boolean | |
ae4e228f MT |
45423 | diff -urNp linux-2.6.33.1/init/main.c linux-2.6.33.1/init/main.c |
45424 | --- linux-2.6.33.1/init/main.c 2010-03-15 12:09:39.000000000 -0400 | |
45425 | +++ linux-2.6.33.1/init/main.c 2010-03-20 16:58:41.976562026 -0400 | |
45426 | @@ -97,6 +97,7 @@ static inline void mark_rodata_ro(void) | |
58c5fc13 MT |
45427 | #ifdef CONFIG_TC |
45428 | extern void tc_init(void); | |
45429 | #endif | |
45430 | +extern void grsecurity_init(void); | |
45431 | ||
45432 | enum system_states system_state __read_mostly; | |
45433 | EXPORT_SYMBOL(system_state); | |
ae4e228f | 45434 | @@ -183,6 +184,35 @@ static int __init set_reset_devices(char |
58c5fc13 MT |
45435 | |
45436 | __setup("reset_devices", set_reset_devices); | |
45437 | ||
45438 | +#if defined(CONFIG_PAX_MEMORY_UDEREF) && defined(CONFIG_X86_32) | |
45439 | +static int __init setup_pax_nouderef(char *str) | |
45440 | +{ | |
45441 | + unsigned int cpu; | |
45442 | + | |
45443 | + for (cpu = 0; cpu < NR_CPUS; cpu++) { | |
45444 | + get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].type = 3; | |
45445 | + get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].limit = 0xf; | |
45446 | + } | |
45447 | + asm("mov %0, %%ds" : : "r" (__KERNEL_DS) : "memory"); | |
45448 | + asm("mov %0, %%es" : : "r" (__KERNEL_DS) : "memory"); | |
45449 | + asm("mov %0, %%ss" : : "r" (__KERNEL_DS) : "memory"); | |
45450 | + | |
45451 | + return 0; | |
45452 | +} | |
45453 | +early_param("pax_nouderef", setup_pax_nouderef); | |
45454 | +#endif | |
45455 | + | |
45456 | +#ifdef CONFIG_PAX_SOFTMODE | |
45457 | +unsigned int pax_softmode; | |
45458 | + | |
45459 | +static int __init setup_pax_softmode(char *str) | |
45460 | +{ | |
45461 | + get_option(&str, &pax_softmode); | |
45462 | + return 1; | |
45463 | +} | |
45464 | +__setup("pax_softmode=", setup_pax_softmode); | |
45465 | +#endif | |
45466 | + | |
45467 | static char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; | |
45468 | char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; | |
45469 | static const char *panic_later, *panic_param; | |
ae4e228f MT |
45470 | @@ -697,52 +727,53 @@ int initcall_debug; |
45471 | core_param(initcall_debug, initcall_debug, bool, 0644); | |
58c5fc13 | 45472 | |
ae4e228f MT |
45473 | static char msgbuf[64]; |
45474 | -static struct boot_trace_call call; | |
45475 | -static struct boot_trace_ret ret; | |
45476 | +static struct boot_trace_call trace_call; | |
45477 | +static struct boot_trace_ret trace_ret; | |
58c5fc13 | 45478 | |
ae4e228f | 45479 | int do_one_initcall(initcall_t fn) |
58c5fc13 MT |
45480 | { |
45481 | int count = preempt_count(); | |
45482 | ktime_t calltime, delta, rettime; | |
45483 | + const char *msg1 = "", *msg2 = ""; | |
45484 | ||
45485 | if (initcall_debug) { | |
ae4e228f MT |
45486 | - call.caller = task_pid_nr(current); |
45487 | - printk("calling %pF @ %i\n", fn, call.caller); | |
45488 | + trace_call.caller = task_pid_nr(current); | |
45489 | + printk("calling %pF @ %i\n", fn, trace_call.caller); | |
45490 | calltime = ktime_get(); | |
45491 | - trace_boot_call(&call, fn); | |
45492 | + trace_boot_call(&trace_call, fn); | |
45493 | enable_boot_trace(); | |
45494 | } | |
45495 | ||
45496 | - ret.result = fn(); | |
45497 | + trace_ret.result = fn(); | |
45498 | ||
45499 | if (initcall_debug) { | |
45500 | disable_boot_trace(); | |
45501 | rettime = ktime_get(); | |
45502 | delta = ktime_sub(rettime, calltime); | |
45503 | - ret.duration = (unsigned long long) ktime_to_ns(delta) >> 10; | |
45504 | - trace_boot_ret(&ret, fn); | |
45505 | + trace_ret.duration = (unsigned long long) ktime_to_ns(delta) >> 10; | |
45506 | + trace_boot_ret(&trace_ret, fn); | |
45507 | printk("initcall %pF returned %d after %Ld usecs\n", fn, | |
45508 | - ret.result, ret.duration); | |
45509 | + trace_ret.result, trace_ret.duration); | |
45510 | } | |
45511 | ||
45512 | msgbuf[0] = 0; | |
45513 | ||
45514 | - if (ret.result && ret.result != -ENODEV && initcall_debug) | |
45515 | - sprintf(msgbuf, "error code %d ", ret.result); | |
45516 | + if (trace_ret.result && trace_ret.result != -ENODEV && initcall_debug) | |
45517 | + sprintf(msgbuf, "error code %d ", trace_ret.result); | |
58c5fc13 MT |
45518 | |
45519 | if (preempt_count() != count) { | |
45520 | - strlcat(msgbuf, "preemption imbalance ", sizeof(msgbuf)); | |
45521 | + msg1 = " preemption imbalance"; | |
45522 | preempt_count() = count; | |
45523 | } | |
45524 | if (irqs_disabled()) { | |
45525 | - strlcat(msgbuf, "disabled interrupts ", sizeof(msgbuf)); | |
45526 | + msg2 = " disabled interrupts"; | |
45527 | local_irq_enable(); | |
45528 | } | |
45529 | - if (msgbuf[0]) { | |
45530 | - printk("initcall %pF returned with %s\n", fn, msgbuf); | |
45531 | + if (msgbuf[0] || *msg1 || *msg2) { | |
45532 | + printk("initcall %pF returned with %s%s%s\n", fn, msgbuf, msg1, msg2); | |
45533 | } | |
45534 | ||
ae4e228f MT |
45535 | - return ret.result; |
45536 | + return trace_ret.result; | |
45537 | } | |
45538 | ||
45539 | ||
45540 | @@ -881,11 +912,13 @@ static int __init kernel_init(void * unu | |
45541 | if (!ramdisk_execute_command) | |
45542 | ramdisk_execute_command = "/init"; | |
45543 | ||
45544 | - if (sys_access((const char __user *) ramdisk_execute_command, 0) != 0) { | |
45545 | + if (sys_access((__force const char __user *) ramdisk_execute_command, 0) != 0) { | |
45546 | ramdisk_execute_command = NULL; | |
58c5fc13 MT |
45547 | prepare_namespace(); |
45548 | } | |
45549 | ||
45550 | + grsecurity_init(); | |
45551 | + | |
45552 | /* | |
45553 | * Ok, we have completed the initial bootup, and | |
45554 | * we're essentially up and running. Get rid of the | |
ae4e228f MT |
45555 | diff -urNp linux-2.6.33.1/init/noinitramfs.c linux-2.6.33.1/init/noinitramfs.c |
45556 | --- linux-2.6.33.1/init/noinitramfs.c 2010-03-15 12:09:39.000000000 -0400 | |
45557 | +++ linux-2.6.33.1/init/noinitramfs.c 2010-03-20 16:58:41.976562026 -0400 | |
58c5fc13 MT |
45558 | @@ -29,7 +29,7 @@ static int __init default_rootfs(void) |
45559 | { | |
45560 | int err; | |
45561 | ||
45562 | - err = sys_mkdir("/dev", 0755); | |
45563 | + err = sys_mkdir((const char __user *)"/dev", 0755); | |
45564 | if (err < 0) | |
45565 | goto out; | |
45566 | ||
45567 | @@ -39,7 +39,7 @@ static int __init default_rootfs(void) | |
45568 | if (err < 0) | |
45569 | goto out; | |
45570 | ||
45571 | - err = sys_mkdir("/root", 0700); | |
45572 | + err = sys_mkdir((const char __user *)"/root", 0700); | |
45573 | if (err < 0) | |
45574 | goto out; | |
45575 | ||
ae4e228f MT |
45576 | diff -urNp linux-2.6.33.1/ipc/mqueue.c linux-2.6.33.1/ipc/mqueue.c |
45577 | --- linux-2.6.33.1/ipc/mqueue.c 2010-03-15 12:09:39.000000000 -0400 | |
45578 | +++ linux-2.6.33.1/ipc/mqueue.c 2010-03-20 16:58:41.976562026 -0400 | |
45579 | @@ -149,6 +149,7 @@ static struct inode *mqueue_get_inode(st | |
58c5fc13 MT |
45580 | mq_bytes = (mq_msg_tblsz + |
45581 | (info->attr.mq_maxmsg * info->attr.mq_msgsize)); | |
45582 | ||
45583 | + gr_learn_resource(current, RLIMIT_MSGQUEUE, u->mq_bytes + mq_bytes, 1); | |
45584 | spin_lock(&mq_lock); | |
45585 | if (u->mq_bytes + mq_bytes < u->mq_bytes || | |
45586 | u->mq_bytes + mq_bytes > | |
ae4e228f MT |
45587 | diff -urNp linux-2.6.33.1/ipc/shm.c linux-2.6.33.1/ipc/shm.c |
45588 | --- linux-2.6.33.1/ipc/shm.c 2010-03-15 12:09:39.000000000 -0400 | |
45589 | +++ linux-2.6.33.1/ipc/shm.c 2010-03-20 16:58:41.997340945 -0400 | |
45590 | @@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_name | |
58c5fc13 MT |
45591 | static int sysvipc_shm_proc_show(struct seq_file *s, void *it); |
45592 | #endif | |
45593 | ||
45594 | +#ifdef CONFIG_GRKERNSEC | |
45595 | +extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
45596 | + const time_t shm_createtime, const uid_t cuid, | |
45597 | + const int shmid); | |
45598 | +extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
45599 | + const time_t shm_createtime); | |
45600 | +#endif | |
45601 | + | |
45602 | void shm_init_ns(struct ipc_namespace *ns) | |
45603 | { | |
45604 | ns->shm_ctlmax = SHMMAX; | |
ae4e228f | 45605 | @@ -398,6 +406,14 @@ static int newseg(struct ipc_namespace * |
58c5fc13 MT |
45606 | shp->shm_lprid = 0; |
45607 | shp->shm_atim = shp->shm_dtim = 0; | |
45608 | shp->shm_ctim = get_seconds(); | |
45609 | +#ifdef CONFIG_GRKERNSEC | |
45610 | + { | |
45611 | + struct timespec timeval; | |
45612 | + do_posix_clock_monotonic_gettime(&timeval); | |
45613 | + | |
45614 | + shp->shm_createtime = timeval.tv_sec; | |
45615 | + } | |
45616 | +#endif | |
45617 | shp->shm_segsz = size; | |
45618 | shp->shm_nattch = 0; | |
45619 | shp->shm_file = file; | |
ae4e228f | 45620 | @@ -881,9 +897,21 @@ long do_shmat(int shmid, char __user *sh |
58c5fc13 MT |
45621 | if (err) |
45622 | goto out_unlock; | |
45623 | ||
45624 | +#ifdef CONFIG_GRKERNSEC | |
45625 | + if (!gr_handle_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime, | |
45626 | + shp->shm_perm.cuid, shmid) || | |
45627 | + !gr_chroot_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime)) { | |
45628 | + err = -EACCES; | |
45629 | + goto out_unlock; | |
45630 | + } | |
45631 | +#endif | |
45632 | + | |
ae4e228f MT |
45633 | path = shp->shm_file->f_path; |
45634 | path_get(&path); | |
58c5fc13 MT |
45635 | shp->shm_nattch++; |
45636 | +#ifdef CONFIG_GRKERNSEC | |
45637 | + shp->shm_lapid = current->pid; | |
45638 | +#endif | |
45639 | size = i_size_read(path.dentry->d_inode); | |
45640 | shm_unlock(shp); | |
45641 | ||
ae4e228f MT |
45642 | diff -urNp linux-2.6.33.1/kernel/acct.c linux-2.6.33.1/kernel/acct.c |
45643 | --- linux-2.6.33.1/kernel/acct.c 2010-03-15 12:09:39.000000000 -0400 | |
45644 | +++ linux-2.6.33.1/kernel/acct.c 2010-03-20 16:58:42.008931878 -0400 | |
45645 | @@ -579,7 +579,7 @@ static void do_acct_process(struct bsd_a | |
58c5fc13 MT |
45646 | */ |
45647 | flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur; | |
45648 | current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY; | |
45649 | - file->f_op->write(file, (char *)&ac, | |
ae4e228f | 45650 | + file->f_op->write(file, (__force char __user *)&ac, |
58c5fc13 MT |
45651 | sizeof(acct_t), &file->f_pos); |
45652 | current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; | |
45653 | set_fs(fs); | |
ae4e228f MT |
45654 | diff -urNp linux-2.6.33.1/kernel/capability.c linux-2.6.33.1/kernel/capability.c |
45655 | --- linux-2.6.33.1/kernel/capability.c 2010-03-15 12:09:39.000000000 -0400 | |
45656 | +++ linux-2.6.33.1/kernel/capability.c 2010-03-20 16:58:42.008931878 -0400 | |
45657 | @@ -206,6 +206,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_ | |
45658 | * before modification is attempted and the application | |
45659 | * fails. | |
45660 | */ | |
45661 | + if (tocopy > ARRAY_SIZE(kdata)) | |
45662 | + return -EFAULT; | |
45663 | + | |
45664 | if (copy_to_user(dataptr, kdata, tocopy | |
45665 | * sizeof(struct __user_cap_data_struct))) { | |
45666 | return -EFAULT; | |
45667 | @@ -307,10 +310,21 @@ int capable(int cap) | |
58c5fc13 MT |
45668 | BUG(); |
45669 | } | |
45670 | ||
45671 | - if (security_capable(cap) == 0) { | |
45672 | + if (security_capable(cap) == 0 && gr_is_capable(cap)) { | |
58c5fc13 MT |
45673 | + current->flags |= PF_SUPERPRIV; |
45674 | + return 1; | |
45675 | + } | |
45676 | + return 0; | |
45677 | +} | |
ae4e228f MT |
45678 | + |
45679 | +int capable_nolog(int cap) | |
45680 | +{ | |
45681 | + if (security_capable(cap) == 0 && gr_is_capable_nolog(cap)) { | |
45682 | current->flags |= PF_SUPERPRIV; | |
45683 | return 1; | |
45684 | } | |
45685 | return 0; | |
45686 | } | |
58c5fc13 MT |
45687 | + |
45688 | EXPORT_SYMBOL(capable); | |
45689 | +EXPORT_SYMBOL(capable_nolog); | |
ae4e228f MT |
45690 | diff -urNp linux-2.6.33.1/kernel/configs.c linux-2.6.33.1/kernel/configs.c |
45691 | --- linux-2.6.33.1/kernel/configs.c 2010-03-15 12:09:39.000000000 -0400 | |
45692 | +++ linux-2.6.33.1/kernel/configs.c 2010-03-20 16:58:42.020953047 -0400 | |
58c5fc13 MT |
45693 | @@ -73,8 +73,19 @@ static int __init ikconfig_init(void) |
45694 | struct proc_dir_entry *entry; | |
45695 | ||
45696 | /* create the current config file */ | |
45697 | +#if defined(CONFIG_GRKERNSEC_PROC_ADD) || defined(CONFIG_GRKERNSEC_HIDESYM) | |
45698 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_HIDESYM) | |
45699 | + entry = proc_create("config.gz", S_IFREG | S_IRUSR, NULL, | |
45700 | + &ikconfig_file_ops); | |
45701 | +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
45702 | + entry = proc_create("config.gz", S_IFREG | S_IRUSR | S_IRGRP, NULL, | |
45703 | + &ikconfig_file_ops); | |
45704 | +#endif | |
45705 | +#else | |
45706 | entry = proc_create("config.gz", S_IFREG | S_IRUGO, NULL, | |
45707 | &ikconfig_file_ops); | |
45708 | +#endif | |
45709 | + | |
45710 | if (!entry) | |
45711 | return -ENOMEM; | |
45712 | ||
ae4e228f MT |
45713 | diff -urNp linux-2.6.33.1/kernel/cpu.c linux-2.6.33.1/kernel/cpu.c |
45714 | --- linux-2.6.33.1/kernel/cpu.c 2010-03-15 12:09:39.000000000 -0400 | |
45715 | +++ linux-2.6.33.1/kernel/cpu.c 2010-03-20 16:58:42.028929112 -0400 | |
58c5fc13 MT |
45716 | @@ -19,7 +19,7 @@ |
45717 | /* Serializes the updates to cpu_online_mask, cpu_present_mask */ | |
45718 | static DEFINE_MUTEX(cpu_add_remove_lock); | |
45719 | ||
45720 | -static __cpuinitdata RAW_NOTIFIER_HEAD(cpu_chain); | |
45721 | +static RAW_NOTIFIER_HEAD(cpu_chain); | |
45722 | ||
45723 | /* If set, cpu_up and cpu_down will return -EBUSY and do nothing. | |
45724 | * Should always be manipulated under cpu_add_remove_lock | |
ae4e228f MT |
45725 | diff -urNp linux-2.6.33.1/kernel/cred.c linux-2.6.33.1/kernel/cred.c |
45726 | --- linux-2.6.33.1/kernel/cred.c 2010-03-15 12:09:39.000000000 -0400 | |
45727 | +++ linux-2.6.33.1/kernel/cred.c 2010-03-20 16:58:42.028929112 -0400 | |
45728 | @@ -520,6 +520,8 @@ int commit_creds(struct cred *new) | |
58c5fc13 MT |
45729 | |
45730 | get_cred(new); /* we will require a ref for the subj creds too */ | |
45731 | ||
45732 | + gr_set_role_label(task, new->uid, new->gid); | |
45733 | + | |
45734 | /* dumpability changes */ | |
45735 | if (old->euid != new->euid || | |
45736 | old->egid != new->egid || | |
ae4e228f MT |
45737 | diff -urNp linux-2.6.33.1/kernel/exit.c linux-2.6.33.1/kernel/exit.c |
45738 | --- linux-2.6.33.1/kernel/exit.c 2010-03-15 12:09:39.000000000 -0400 | |
45739 | +++ linux-2.6.33.1/kernel/exit.c 2010-03-20 16:58:42.032663961 -0400 | |
45740 | @@ -57,6 +57,10 @@ | |
58c5fc13 MT |
45741 | #include <asm/mmu_context.h> |
45742 | #include "cred-internals.h" | |
45743 | ||
45744 | +#ifdef CONFIG_GRKERNSEC | |
45745 | +extern rwlock_t grsec_exec_file_lock; | |
45746 | +#endif | |
45747 | + | |
45748 | static void exit_mm(struct task_struct * tsk); | |
45749 | ||
45750 | static void __unhash_process(struct task_struct *p) | |
ae4e228f | 45751 | @@ -168,6 +172,8 @@ void release_task(struct task_struct * p |
58c5fc13 MT |
45752 | struct task_struct *leader; |
45753 | int zap_leader; | |
45754 | repeat: | |
45755 | + gr_del_task_from_ip_table(p); | |
45756 | + | |
45757 | tracehook_prepare_release_task(p); | |
45758 | /* don't need to get the RCU readlock here - the process is dead and | |
45759 | * can't be modifying its own credentials */ | |
ae4e228f | 45760 | @@ -335,11 +341,22 @@ static void reparent_to_kthreadd(void) |
58c5fc13 MT |
45761 | { |
45762 | write_lock_irq(&tasklist_lock); | |
45763 | ||
45764 | +#ifdef CONFIG_GRKERNSEC | |
45765 | + write_lock(&grsec_exec_file_lock); | |
45766 | + if (current->exec_file) { | |
45767 | + fput(current->exec_file); | |
45768 | + current->exec_file = NULL; | |
45769 | + } | |
45770 | + write_unlock(&grsec_exec_file_lock); | |
45771 | +#endif | |
45772 | + | |
45773 | ptrace_unlink(current); | |
45774 | /* Reparent to init */ | |
45775 | current->real_parent = current->parent = kthreadd_task; | |
45776 | list_move_tail(¤t->sibling, ¤t->real_parent->children); | |
45777 | ||
45778 | + gr_set_kernel_label(current); | |
45779 | + | |
45780 | /* Set the exit signal to SIGCHLD so we signal init on exit */ | |
45781 | current->exit_signal = SIGCHLD; | |
45782 | ||
ae4e228f MT |
45783 | @@ -391,7 +408,7 @@ int allow_signal(int sig) |
45784 | * know it'll be handled, so that they don't get converted to | |
45785 | * SIGKILL or just silently dropped. | |
45786 | */ | |
45787 | - current->sighand->action[(sig)-1].sa.sa_handler = (void __user *)2; | |
45788 | + current->sighand->action[(sig)-1].sa.sa_handler = (__force void __user *)2; | |
45789 | recalc_sigpending(); | |
45790 | spin_unlock_irq(¤t->sighand->siglock); | |
45791 | return 0; | |
45792 | @@ -427,6 +444,17 @@ void daemonize(const char *name, ...) | |
58c5fc13 MT |
45793 | vsnprintf(current->comm, sizeof(current->comm), name, args); |
45794 | va_end(args); | |
45795 | ||
45796 | +#ifdef CONFIG_GRKERNSEC | |
45797 | + write_lock(&grsec_exec_file_lock); | |
45798 | + if (current->exec_file) { | |
45799 | + fput(current->exec_file); | |
45800 | + current->exec_file = NULL; | |
45801 | + } | |
45802 | + write_unlock(&grsec_exec_file_lock); | |
45803 | +#endif | |
45804 | + | |
45805 | + gr_set_kernel_label(current); | |
45806 | + | |
45807 | /* | |
45808 | * If we were started as result of loading a module, close all of the | |
45809 | * user space pages. We don't need them, and if we didn't close them | |
ae4e228f | 45810 | @@ -961,6 +989,9 @@ NORET_TYPE void do_exit(long code) |
58c5fc13 MT |
45811 | tsk->exit_code = code; |
45812 | taskstats_exit(tsk, group_dead); | |
45813 | ||
45814 | + gr_acl_handle_psacct(tsk, code); | |
45815 | + gr_acl_handle_exit(); | |
45816 | + | |
45817 | exit_mm(tsk); | |
45818 | ||
45819 | if (group_dead) | |
ae4e228f | 45820 | @@ -1180,7 +1211,7 @@ static int wait_task_zombie(struct wait_ |
58c5fc13 MT |
45821 | |
45822 | if (unlikely(wo->wo_flags & WNOWAIT)) { | |
45823 | int exit_code = p->exit_code; | |
45824 | - int why, status; | |
45825 | + int why; | |
45826 | ||
45827 | get_task_struct(p); | |
45828 | read_unlock(&tasklist_lock); | |
ae4e228f MT |
45829 | diff -urNp linux-2.6.33.1/kernel/fork.c linux-2.6.33.1/kernel/fork.c |
45830 | --- linux-2.6.33.1/kernel/fork.c 2010-03-15 12:09:39.000000000 -0400 | |
45831 | +++ linux-2.6.33.1/kernel/fork.c 2010-03-20 16:58:42.032663961 -0400 | |
45832 | @@ -255,7 +255,7 @@ static struct task_struct *dup_task_stru | |
58c5fc13 MT |
45833 | *stackend = STACK_END_MAGIC; /* for overflow detection */ |
45834 | ||
45835 | #ifdef CONFIG_CC_STACKPROTECTOR | |
45836 | - tsk->stack_canary = get_random_int(); | |
45837 | + tsk->stack_canary = pax_get_random_long(); | |
45838 | #endif | |
45839 | ||
45840 | /* One for us, one for whoever does the "release_task()" (usually parent) */ | |
ae4e228f | 45841 | @@ -295,8 +295,8 @@ static int dup_mmap(struct mm_struct *mm |
58c5fc13 MT |
45842 | mm->locked_vm = 0; |
45843 | mm->mmap = NULL; | |
45844 | mm->mmap_cache = NULL; | |
45845 | - mm->free_area_cache = oldmm->mmap_base; | |
45846 | - mm->cached_hole_size = ~0UL; | |
45847 | + mm->free_area_cache = oldmm->free_area_cache; | |
45848 | + mm->cached_hole_size = oldmm->cached_hole_size; | |
45849 | mm->map_count = 0; | |
45850 | cpumask_clear(mm_cpumask(mm)); | |
45851 | mm->mm_rb = RB_ROOT; | |
ae4e228f | 45852 | @@ -336,6 +336,7 @@ static int dup_mmap(struct mm_struct *mm |
58c5fc13 MT |
45853 | tmp->vm_flags &= ~VM_LOCKED; |
45854 | tmp->vm_mm = mm; | |
45855 | tmp->vm_next = NULL; | |
45856 | + tmp->vm_mirror = NULL; | |
45857 | anon_vma_link(tmp); | |
45858 | file = tmp->vm_file; | |
45859 | if (file) { | |
ae4e228f | 45860 | @@ -383,6 +384,31 @@ static int dup_mmap(struct mm_struct *mm |
58c5fc13 MT |
45861 | if (retval) |
45862 | goto out; | |
45863 | } | |
45864 | + | |
45865 | +#ifdef CONFIG_PAX_SEGMEXEC | |
45866 | + if (oldmm->pax_flags & MF_PAX_SEGMEXEC) { | |
45867 | + struct vm_area_struct *mpnt_m; | |
45868 | + | |
45869 | + for (mpnt = oldmm->mmap, mpnt_m = mm->mmap; mpnt; mpnt = mpnt->vm_next, mpnt_m = mpnt_m->vm_next) { | |
45870 | + BUG_ON(!mpnt_m || mpnt_m->vm_mirror || mpnt->vm_mm != oldmm || mpnt_m->vm_mm != mm); | |
45871 | + | |
45872 | + if (!mpnt->vm_mirror) | |
45873 | + continue; | |
45874 | + | |
45875 | + if (mpnt->vm_end <= SEGMEXEC_TASK_SIZE) { | |
45876 | + BUG_ON(mpnt->vm_mirror->vm_mirror != mpnt); | |
45877 | + mpnt->vm_mirror = mpnt_m; | |
45878 | + } else { | |
45879 | + BUG_ON(mpnt->vm_mirror->vm_mirror == mpnt || mpnt->vm_mirror->vm_mirror->vm_mm != mm); | |
45880 | + mpnt_m->vm_mirror = mpnt->vm_mirror->vm_mirror; | |
45881 | + mpnt_m->vm_mirror->vm_mirror = mpnt_m; | |
45882 | + mpnt->vm_mirror->vm_mirror = mpnt; | |
45883 | + } | |
45884 | + } | |
45885 | + BUG_ON(mpnt_m); | |
45886 | + } | |
45887 | +#endif | |
45888 | + | |
45889 | /* a new mm has just been created */ | |
45890 | arch_dup_mmap(oldmm, mm); | |
45891 | retval = 0; | |
ae4e228f | 45892 | @@ -733,7 +759,7 @@ static int copy_fs(unsigned long clone_f |
58c5fc13 MT |
45893 | write_unlock(&fs->lock); |
45894 | return -EAGAIN; | |
45895 | } | |
45896 | - fs->users++; | |
45897 | + atomic_inc(&fs->users); | |
45898 | write_unlock(&fs->lock); | |
45899 | return 0; | |
45900 | } | |
ae4e228f | 45901 | @@ -1032,10 +1058,13 @@ static struct task_struct *copy_process( |
58c5fc13 MT |
45902 | DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); |
45903 | #endif | |
45904 | retval = -EAGAIN; | |
45905 | + | |
45906 | + gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->real_cred->user->processes), 0); | |
45907 | + | |
45908 | if (atomic_read(&p->real_cred->user->processes) >= | |
45909 | p->signal->rlim[RLIMIT_NPROC].rlim_cur) { | |
ae4e228f MT |
45910 | - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && |
45911 | - p->real_cred->user != INIT_USER) | |
45912 | + if (p->real_cred->user != INIT_USER && | |
45913 | + !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) | |
45914 | goto bad_fork_free; | |
45915 | } | |
45916 | ||
45917 | @@ -1064,6 +1093,10 @@ static struct task_struct *copy_process( | |
45918 | p->vfork_done = NULL; | |
45919 | spin_lock_init(&p->alloc_lock); | |
45920 | ||
45921 | +#ifdef CONFIG_GRKERNSEC | |
45922 | + rwlock_init(&p->gr_fs_lock); | |
45923 | +#endif | |
45924 | + | |
45925 | init_sigpending(&p->pending); | |
45926 | ||
45927 | p->utime = cputime_zero; | |
45928 | @@ -1190,6 +1223,8 @@ static struct task_struct *copy_process( | |
58c5fc13 MT |
45929 | goto bad_fork_free_pid; |
45930 | } | |
45931 | ||
45932 | + gr_copy_label(p); | |
45933 | + | |
45934 | p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL; | |
45935 | /* | |
45936 | * Clear TID on mm_release()? | |
ae4e228f | 45937 | @@ -1342,6 +1377,8 @@ bad_fork_cleanup_count: |
58c5fc13 MT |
45938 | bad_fork_free: |
45939 | free_task(p); | |
45940 | fork_out: | |
45941 | + gr_log_forkfail(retval); | |
45942 | + | |
45943 | return ERR_PTR(retval); | |
45944 | } | |
45945 | ||
ae4e228f | 45946 | @@ -1435,6 +1472,8 @@ long do_fork(unsigned long clone_flags, |
58c5fc13 MT |
45947 | if (clone_flags & CLONE_PARENT_SETTID) |
45948 | put_user(nr, parent_tidptr); | |
45949 | ||
45950 | + gr_handle_brute_check(); | |
45951 | + | |
45952 | if (clone_flags & CLONE_VFORK) { | |
45953 | p->vfork_done = &vfork; | |
45954 | init_completion(&vfork); | |
ae4e228f | 45955 | @@ -1567,7 +1606,7 @@ static int unshare_fs(unsigned long unsh |
58c5fc13 MT |
45956 | return 0; |
45957 | ||
45958 | /* don't need lock here; in the worst case we'll do useless copy */ | |
45959 | - if (fs->users == 1) | |
45960 | + if (atomic_read(&fs->users) == 1) | |
45961 | return 0; | |
45962 | ||
45963 | *new_fsp = copy_fs_struct(fs); | |
ae4e228f MT |
45964 | @@ -1687,14 +1726,18 @@ SYSCALL_DEFINE1(unshare, unsigned long, |
45965 | task_lock(current); | |
45966 | ||
45967 | if (new_fs) { | |
45968 | + unsigned long flags; | |
45969 | + | |
45970 | + gr_fs_write_lock_irqsave(current, flags); | |
58c5fc13 MT |
45971 | fs = current->fs; |
45972 | write_lock(&fs->lock); | |
45973 | current->fs = new_fs; | |
45974 | - if (--fs->users) | |
45975 | + if (atomic_dec_return(&fs->users)) | |
45976 | new_fs = NULL; | |
45977 | else | |
45978 | new_fs = fs; | |
ae4e228f MT |
45979 | write_unlock(&fs->lock); |
45980 | + gr_fs_write_unlock_irqrestore(current, flags); | |
45981 | } | |
45982 | ||
45983 | if (new_mm) { | |
45984 | diff -urNp linux-2.6.33.1/kernel/futex.c linux-2.6.33.1/kernel/futex.c | |
45985 | --- linux-2.6.33.1/kernel/futex.c 2010-03-15 12:09:39.000000000 -0400 | |
45986 | +++ linux-2.6.33.1/kernel/futex.c 2010-03-20 16:58:42.048537218 -0400 | |
45987 | @@ -54,6 +54,7 @@ | |
45988 | #include <linux/mount.h> | |
45989 | #include <linux/pagemap.h> | |
45990 | #include <linux/syscalls.h> | |
45991 | +#include <linux/ptrace.h> | |
45992 | #include <linux/signal.h> | |
45993 | #include <linux/module.h> | |
45994 | #include <linux/magic.h> | |
45995 | @@ -221,6 +222,11 @@ get_futex_key(u32 __user *uaddr, int fsh | |
58c5fc13 MT |
45996 | struct page *page; |
45997 | int err; | |
45998 | ||
45999 | +#ifdef CONFIG_PAX_SEGMEXEC | |
46000 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && address >= SEGMEXEC_TASK_SIZE) | |
46001 | + return -EFAULT; | |
46002 | +#endif | |
46003 | + | |
46004 | /* | |
46005 | * The futex address must be "naturally" aligned. | |
46006 | */ | |
ae4e228f | 46007 | @@ -1852,7 +1858,7 @@ retry: |
58c5fc13 MT |
46008 | |
46009 | restart = ¤t_thread_info()->restart_block; | |
46010 | restart->fn = futex_wait_restart; | |
46011 | - restart->futex.uaddr = (u32 *)uaddr; | |
46012 | + restart->futex.uaddr = uaddr; | |
46013 | restart->futex.val = val; | |
46014 | restart->futex.time = abs_time->tv64; | |
46015 | restart->futex.bitset = bitset; | |
ae4e228f MT |
46016 | @@ -2385,7 +2391,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pi |
46017 | { | |
46018 | struct robust_list_head __user *head; | |
46019 | unsigned long ret; | |
46020 | - const struct cred *cred = current_cred(), *pcred; | |
46021 | +#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP | |
46022 | + const struct cred *cred = current_cred(); | |
46023 | + const struct cred *pcred; | |
46024 | +#endif | |
46025 | ||
46026 | if (!futex_cmpxchg_enabled) | |
46027 | return -ENOSYS; | |
46028 | @@ -2401,11 +2410,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pi | |
46029 | if (!p) | |
46030 | goto err_unlock; | |
46031 | ret = -EPERM; | |
46032 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
46033 | + if (!ptrace_may_access(p, PTRACE_MODE_READ)) | |
46034 | + goto err_unlock; | |
46035 | +#else | |
46036 | pcred = __task_cred(p); | |
46037 | if (cred->euid != pcred->euid && | |
46038 | cred->euid != pcred->uid && | |
46039 | !capable(CAP_SYS_PTRACE)) | |
46040 | goto err_unlock; | |
46041 | +#endif | |
46042 | head = p->robust_list; | |
46043 | rcu_read_unlock(); | |
46044 | } | |
46045 | @@ -2467,7 +2481,7 @@ retry: | |
58c5fc13 MT |
46046 | */ |
46047 | static inline int fetch_robust_entry(struct robust_list __user **entry, | |
46048 | struct robust_list __user * __user *head, | |
46049 | - int *pi) | |
46050 | + unsigned int *pi) | |
46051 | { | |
46052 | unsigned long uentry; | |
46053 | ||
ae4e228f MT |
46054 | diff -urNp linux-2.6.33.1/kernel/futex_compat.c linux-2.6.33.1/kernel/futex_compat.c |
46055 | --- linux-2.6.33.1/kernel/futex_compat.c 2010-03-15 12:09:39.000000000 -0400 | |
46056 | +++ linux-2.6.33.1/kernel/futex_compat.c 2010-03-20 16:58:42.048537218 -0400 | |
46057 | @@ -10,6 +10,7 @@ | |
46058 | #include <linux/compat.h> | |
46059 | #include <linux/nsproxy.h> | |
46060 | #include <linux/futex.h> | |
46061 | +#include <linux/ptrace.h> | |
46062 | ||
46063 | #include <asm/uaccess.h> | |
46064 | ||
46065 | @@ -135,7 +136,10 @@ compat_sys_get_robust_list(int pid, comp | |
46066 | { | |
46067 | struct compat_robust_list_head __user *head; | |
46068 | unsigned long ret; | |
46069 | - const struct cred *cred = current_cred(), *pcred; | |
46070 | + const struct cred *cred = current_cred(); | |
46071 | +#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP | |
46072 | + const struct cred *pcred; | |
46073 | +#endif | |
46074 | ||
46075 | if (!futex_cmpxchg_enabled) | |
46076 | return -ENOSYS; | |
46077 | @@ -151,11 +155,16 @@ compat_sys_get_robust_list(int pid, comp | |
46078 | if (!p) | |
46079 | goto err_unlock; | |
46080 | ret = -EPERM; | |
46081 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
46082 | + if (!ptrace_may_access(p, PTRACE_MODE_READ)) | |
46083 | + goto err_unlock; | |
46084 | +#else | |
46085 | pcred = __task_cred(p); | |
46086 | if (cred->euid != pcred->euid && | |
46087 | cred->euid != pcred->uid && | |
46088 | !capable(CAP_SYS_PTRACE)) | |
46089 | goto err_unlock; | |
46090 | +#endif | |
46091 | head = p->compat_robust_list; | |
46092 | read_unlock(&tasklist_lock); | |
46093 | } | |
46094 | diff -urNp linux-2.6.33.1/kernel/gcov/base.c linux-2.6.33.1/kernel/gcov/base.c | |
46095 | --- linux-2.6.33.1/kernel/gcov/base.c 2010-03-15 12:09:39.000000000 -0400 | |
46096 | +++ linux-2.6.33.1/kernel/gcov/base.c 2010-03-20 16:58:42.048537218 -0400 | |
58c5fc13 MT |
46097 | @@ -102,11 +102,6 @@ void gcov_enable_events(void) |
46098 | } | |
46099 | ||
46100 | #ifdef CONFIG_MODULES | |
46101 | -static inline int within(void *addr, void *start, unsigned long size) | |
46102 | -{ | |
46103 | - return ((addr >= start) && (addr < start + size)); | |
46104 | -} | |
46105 | - | |
46106 | /* Update list and generate events when modules are unloaded. */ | |
46107 | static int gcov_module_notifier(struct notifier_block *nb, unsigned long event, | |
46108 | void *data) | |
46109 | @@ -121,7 +116,7 @@ static int gcov_module_notifier(struct n | |
46110 | prev = NULL; | |
46111 | /* Remove entries located in module from linked list. */ | |
46112 | for (info = gcov_info_head; info; info = info->next) { | |
46113 | - if (within(info, mod->module_core, mod->core_size)) { | |
46114 | + if (within_module_core_rw((unsigned long)info, mod)) { | |
46115 | if (prev) | |
46116 | prev->next = info->next; | |
46117 | else | |
ae4e228f MT |
46118 | diff -urNp linux-2.6.33.1/kernel/hrtimer.c linux-2.6.33.1/kernel/hrtimer.c |
46119 | --- linux-2.6.33.1/kernel/hrtimer.c 2010-03-15 12:09:39.000000000 -0400 | |
46120 | +++ linux-2.6.33.1/kernel/hrtimer.c 2010-03-20 16:58:42.048537218 -0400 | |
46121 | @@ -1398,7 +1398,7 @@ void hrtimer_peek_ahead_timers(void) | |
46122 | local_irq_restore(flags); | |
46123 | } | |
46124 | ||
46125 | -static void run_hrtimer_softirq(struct softirq_action *h) | |
46126 | +static void run_hrtimer_softirq(void) | |
46127 | { | |
46128 | hrtimer_peek_ahead_timers(); | |
46129 | } | |
46130 | diff -urNp linux-2.6.33.1/kernel/kallsyms.c linux-2.6.33.1/kernel/kallsyms.c | |
46131 | --- linux-2.6.33.1/kernel/kallsyms.c 2010-03-15 12:09:39.000000000 -0400 | |
46132 | +++ linux-2.6.33.1/kernel/kallsyms.c 2010-03-20 16:58:42.064920323 -0400 | |
58c5fc13 MT |
46133 | @@ -11,6 +11,9 @@ |
46134 | * Changed the compression method from stem compression to "table lookup" | |
46135 | * compression (see scripts/kallsyms.c for a more complete description) | |
46136 | */ | |
46137 | +#ifdef CONFIG_GRKERNSEC_HIDESYM | |
46138 | +#define __INCLUDED_BY_HIDESYM 1 | |
46139 | +#endif | |
46140 | #include <linux/kallsyms.h> | |
46141 | #include <linux/module.h> | |
46142 | #include <linux/init.h> | |
46143 | @@ -51,6 +54,9 @@ extern const unsigned long kallsyms_mark | |
46144 | ||
46145 | static inline int is_kernel_inittext(unsigned long addr) | |
46146 | { | |
46147 | + if (system_state != SYSTEM_BOOTING) | |
46148 | + return 0; | |
46149 | + | |
46150 | if (addr >= (unsigned long)_sinittext | |
46151 | && addr <= (unsigned long)_einittext) | |
46152 | return 1; | |
ae4e228f | 46153 | @@ -67,6 +73,24 @@ static inline int is_kernel_text(unsigne |
58c5fc13 MT |
46154 | |
46155 | static inline int is_kernel(unsigned long addr) | |
46156 | { | |
ae4e228f MT |
46157 | + if (is_kernel_inittext(addr)) |
46158 | + return 1; | |
58c5fc13 | 46159 | + |
ae4e228f MT |
46160 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) |
46161 | + if ((unsigned long)MODULES_EXEC_VADDR <= ktla_ktva(addr) && ktla_ktva(addr) <= (unsigned long)MODULES_EXEC_END) | |
58c5fc13 | 46162 | + return 0; |
58c5fc13 | 46163 | + |
ae4e228f MT |
46164 | + if (is_kernel_text(addr)) |
46165 | + return 1; | |
46166 | + | |
46167 | + if (ktla_ktva((unsigned long)_stext) <= addr && addr < ktla_ktva((unsigned long)_etext)) | |
58c5fc13 | 46168 | + return 1; |
ae4e228f MT |
46169 | + |
46170 | + if ((addr >= (unsigned long)_sdata && addr <= (unsigned long)_end)) | |
46171 | + return 1; | |
46172 | + return in_gate_area_no_task(addr); | |
46173 | +#endif | |
58c5fc13 MT |
46174 | + |
46175 | if (addr >= (unsigned long)_stext && addr <= (unsigned long)_end) | |
46176 | return 1; | |
46177 | return in_gate_area_no_task(addr); | |
ae4e228f | 46178 | @@ -414,7 +438,6 @@ static unsigned long get_ksymbol_core(st |
58c5fc13 MT |
46179 | |
46180 | static void reset_iter(struct kallsym_iter *iter, loff_t new_pos) | |
46181 | { | |
46182 | - iter->name[0] = '\0'; | |
46183 | iter->nameoff = get_symbol_offset(new_pos); | |
46184 | iter->pos = new_pos; | |
46185 | } | |
ae4e228f MT |
46186 | @@ -462,6 +485,11 @@ static int s_show(struct seq_file *m, vo |
46187 | { | |
46188 | struct kallsym_iter *iter = m->private; | |
46189 | ||
46190 | +#ifdef CONFIG_GRKERNSEC_HIDESYM | |
46191 | + if (current_uid()) | |
46192 | + return 0; | |
46193 | +#endif | |
46194 | + | |
46195 | /* Some debugging symbols have no name. Ignore them. */ | |
46196 | if (!iter->name[0]) | |
46197 | return 0; | |
46198 | @@ -502,7 +530,7 @@ static int kallsyms_open(struct inode *i | |
58c5fc13 MT |
46199 | struct kallsym_iter *iter; |
46200 | int ret; | |
46201 | ||
46202 | - iter = kmalloc(sizeof(*iter), GFP_KERNEL); | |
46203 | + iter = kzalloc(sizeof(*iter), GFP_KERNEL); | |
46204 | if (!iter) | |
46205 | return -ENOMEM; | |
46206 | reset_iter(iter, 0); | |
ae4e228f MT |
46207 | diff -urNp linux-2.6.33.1/kernel/kgdb.c linux-2.6.33.1/kernel/kgdb.c |
46208 | --- linux-2.6.33.1/kernel/kgdb.c 2010-03-15 12:09:39.000000000 -0400 | |
46209 | +++ linux-2.6.33.1/kernel/kgdb.c 2010-03-20 16:58:42.068659558 -0400 | |
46210 | @@ -86,7 +86,7 @@ static int kgdb_io_module_registered; | |
46211 | /* Guard for recursive entry */ | |
46212 | static int exception_level; | |
46213 | ||
46214 | -static struct kgdb_io *kgdb_io_ops; | |
46215 | +static const struct kgdb_io *kgdb_io_ops; | |
46216 | static DEFINE_SPINLOCK(kgdb_registration_lock); | |
46217 | ||
46218 | /* kgdb console driver is loaded */ | |
46219 | @@ -1664,7 +1664,7 @@ static void kgdb_initial_breakpoint(void | |
46220 | * | |
46221 | * Register it with the KGDB core. | |
46222 | */ | |
46223 | -int kgdb_register_io_module(struct kgdb_io *new_kgdb_io_ops) | |
46224 | +int kgdb_register_io_module(const struct kgdb_io *new_kgdb_io_ops) | |
46225 | { | |
46226 | int err; | |
58c5fc13 | 46227 | |
ae4e228f MT |
46228 | @@ -1709,7 +1709,7 @@ EXPORT_SYMBOL_GPL(kgdb_register_io_modul |
46229 | * | |
46230 | * Unregister it with the KGDB core. | |
46231 | */ | |
46232 | -void kgdb_unregister_io_module(struct kgdb_io *old_kgdb_io_ops) | |
46233 | +void kgdb_unregister_io_module(const struct kgdb_io *old_kgdb_io_ops) | |
58c5fc13 | 46234 | { |
ae4e228f MT |
46235 | BUG_ON(kgdb_connected); |
46236 | ||
46237 | diff -urNp linux-2.6.33.1/kernel/kmod.c linux-2.6.33.1/kernel/kmod.c | |
46238 | --- linux-2.6.33.1/kernel/kmod.c 2010-03-15 12:09:39.000000000 -0400 | |
46239 | +++ linux-2.6.33.1/kernel/kmod.c 2010-03-20 16:58:42.068659558 -0400 | |
46240 | @@ -90,6 +90,18 @@ int __request_module(bool wait, const ch | |
46241 | if (ret) | |
46242 | return ret; | |
58c5fc13 MT |
46243 | |
46244 | +#ifdef CONFIG_GRKERNSEC_MODHARDEN | |
46245 | + /* we could do a tighter check here, but some distros | |
46246 | + are taking it upon themselves to remove CAP_SYS_MODULE | |
ae4e228f | 46247 | + from even root-running apps which cause modules to be |
58c5fc13 MT |
46248 | + auto-loaded |
46249 | + */ | |
46250 | + if (current_uid()) { | |
46251 | + gr_log_nonroot_mod_load(module_name); | |
46252 | + return -EPERM; | |
46253 | + } | |
46254 | +#endif | |
46255 | + | |
46256 | /* If modprobe needs a service that is in a module, we get a recursive | |
46257 | * loop. Limit the number of running kmod threads to max_threads/2 or | |
46258 | * MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method | |
ae4e228f MT |
46259 | diff -urNp linux-2.6.33.1/kernel/kprobes.c linux-2.6.33.1/kernel/kprobes.c |
46260 | --- linux-2.6.33.1/kernel/kprobes.c 2010-03-15 12:09:39.000000000 -0400 | |
46261 | +++ linux-2.6.33.1/kernel/kprobes.c 2010-03-20 16:58:42.068659558 -0400 | |
46262 | @@ -186,7 +186,7 @@ static kprobe_opcode_t __kprobes *__get_ | |
58c5fc13 MT |
46263 | * kernel image and loaded module images reside. This is required |
46264 | * so x86_64 can correctly handle the %rip-relative fixups. | |
46265 | */ | |
46266 | - kip->insns = module_alloc(PAGE_SIZE); | |
46267 | + kip->insns = module_alloc_exec(PAGE_SIZE); | |
46268 | if (!kip->insns) { | |
46269 | kfree(kip); | |
46270 | return NULL; | |
ae4e228f MT |
46271 | @@ -223,7 +223,7 @@ static int __kprobes collect_one_slot(st |
46272 | */ | |
46273 | if (!list_is_singular(&kprobe_insn_pages)) { | |
46274 | list_del(&kip->list); | |
58c5fc13 MT |
46275 | - module_free(NULL, kip->insns); |
46276 | + module_free_exec(NULL, kip->insns); | |
46277 | kfree(kip); | |
46278 | } | |
46279 | return 1; | |
ae4e228f MT |
46280 | diff -urNp linux-2.6.33.1/kernel/lockdep.c linux-2.6.33.1/kernel/lockdep.c |
46281 | --- linux-2.6.33.1/kernel/lockdep.c 2010-03-15 12:09:39.000000000 -0400 | |
46282 | +++ linux-2.6.33.1/kernel/lockdep.c 2010-03-20 16:58:42.072946288 -0400 | |
46283 | @@ -586,6 +586,10 @@ static int static_obj(void *obj) | |
58c5fc13 MT |
46284 | int i; |
46285 | #endif | |
46286 | ||
46287 | +#ifdef CONFIG_PAX_KERNEXEC | |
ae4e228f | 46288 | + start = ktla_ktva(start); |
58c5fc13 MT |
46289 | +#endif |
46290 | + | |
46291 | /* | |
46292 | * static variable? | |
46293 | */ | |
ae4e228f | 46294 | @@ -601,8 +605,7 @@ static int static_obj(void *obj) |
58c5fc13 MT |
46295 | */ |
46296 | for_each_possible_cpu(i) { | |
58c5fc13 MT |
46297 | start = (unsigned long) &__per_cpu_start + per_cpu_offset(i); |
46298 | - end = (unsigned long) &__per_cpu_start + PERCPU_ENOUGH_ROOM | |
46299 | - + per_cpu_offset(i); | |
58c5fc13 MT |
46300 | + end = start + PERCPU_ENOUGH_ROOM; |
46301 | ||
46302 | if ((addr >= start) && (addr < end)) | |
46303 | return 1; | |
ae4e228f MT |
46304 | @@ -719,6 +722,7 @@ register_lock_class(struct lockdep_map * |
46305 | if (!static_obj(lock->key)) { | |
46306 | debug_locks_off(); | |
46307 | printk("INFO: trying to register non-static key.\n"); | |
46308 | + printk("lock:%pS key:%pS.\n", lock, lock->key); | |
46309 | printk("the code is fine but needs lockdep annotation.\n"); | |
46310 | printk("turning off the locking correctness validator.\n"); | |
46311 | dump_stack(); | |
46312 | diff -urNp linux-2.6.33.1/kernel/module.c linux-2.6.33.1/kernel/module.c | |
46313 | --- linux-2.6.33.1/kernel/module.c 2010-03-15 12:09:39.000000000 -0400 | |
46314 | +++ linux-2.6.33.1/kernel/module.c 2010-03-20 16:58:42.072946288 -0400 | |
46315 | @@ -89,7 +89,8 @@ static DECLARE_WAIT_QUEUE_HEAD(module_wq | |
58c5fc13 MT |
46316 | static BLOCKING_NOTIFIER_HEAD(module_notify_list); |
46317 | ||
46318 | /* Bounds of module allocation, for speeding __module_address */ | |
46319 | -static unsigned long module_addr_min = -1UL, module_addr_max = 0; | |
46320 | +static unsigned long module_addr_min_rw = -1UL, module_addr_max_rw = 0; | |
46321 | +static unsigned long module_addr_min_rx = -1UL, module_addr_max_rx = 0; | |
46322 | ||
46323 | int register_module_notifier(struct notifier_block * nb) | |
46324 | { | |
ae4e228f | 46325 | @@ -245,7 +246,7 @@ bool each_symbol(bool (*fn)(const struct |
58c5fc13 MT |
46326 | return true; |
46327 | ||
46328 | list_for_each_entry_rcu(mod, &modules, list) { | |
46329 | - struct symsearch arr[] = { | |
46330 | + struct symsearch modarr[] = { | |
46331 | { mod->syms, mod->syms + mod->num_syms, mod->crcs, | |
46332 | NOT_GPL_ONLY, false }, | |
46333 | { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms, | |
ae4e228f | 46334 | @@ -267,7 +268,7 @@ bool each_symbol(bool (*fn)(const struct |
58c5fc13 MT |
46335 | #endif |
46336 | }; | |
46337 | ||
46338 | - if (each_symbol_in_section(arr, ARRAY_SIZE(arr), mod, fn, data)) | |
46339 | + if (each_symbol_in_section(modarr, ARRAY_SIZE(modarr), mod, fn, data)) | |
46340 | return true; | |
46341 | } | |
46342 | return false; | |
ae4e228f MT |
46343 | @@ -375,7 +376,7 @@ static void *percpu_modalloc(unsigned lo |
46344 | { | |
58c5fc13 | 46345 | void *ptr; |
58c5fc13 MT |
46346 | |
46347 | - if (align > PAGE_SIZE) { | |
46348 | + if (align-1 >= PAGE_SIZE) { | |
46349 | printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n", | |
46350 | name, align, PAGE_SIZE); | |
46351 | align = PAGE_SIZE; | |
ae4e228f | 46352 | @@ -1393,7 +1394,8 @@ static void free_module(struct module *m |
58c5fc13 MT |
46353 | destroy_params(mod->kp, mod->num_kp); |
46354 | ||
46355 | /* This may be NULL, but that's OK */ | |
46356 | - module_free(mod, mod->module_init); | |
46357 | + module_free(mod, mod->module_init_rw); | |
46358 | + module_free_exec(mod, mod->module_init_rx); | |
46359 | kfree(mod->args); | |
46360 | if (mod->percpu) | |
46361 | percpu_modfree(mod->percpu); | |
ae4e228f | 46362 | @@ -1402,10 +1404,12 @@ static void free_module(struct module *m |
58c5fc13 MT |
46363 | percpu_modfree(mod->refptr); |
46364 | #endif | |
46365 | /* Free lock-classes: */ | |
46366 | - lockdep_free_key_range(mod->module_core, mod->core_size); | |
46367 | + lockdep_free_key_range(mod->module_core_rx, mod->core_size_rx); | |
46368 | + lockdep_free_key_range(mod->module_core_rw, mod->core_size_rw); | |
46369 | ||
46370 | /* Finally, free the core (containing the module structure) */ | |
46371 | - module_free(mod, mod->module_core); | |
46372 | + module_free_exec(mod, mod->module_core_rx); | |
46373 | + module_free(mod, mod->module_core_rw); | |
58c5fc13 | 46374 | |
ae4e228f MT |
46375 | #ifdef CONFIG_MPU |
46376 | update_protections(current->mm); | |
46377 | @@ -1499,7 +1503,9 @@ static int simplify_symbols(Elf_Shdr *se | |
58c5fc13 MT |
46378 | strtab + sym[i].st_name, mod); |
46379 | /* Ok if resolved. */ | |
46380 | if (ksym) { | |
ae4e228f | 46381 | + pax_open_kernel(); |
58c5fc13 | 46382 | sym[i].st_value = ksym->value; |
ae4e228f | 46383 | + pax_close_kernel(); |
58c5fc13 MT |
46384 | break; |
46385 | } | |
46386 | ||
ae4e228f | 46387 | @@ -1518,7 +1524,9 @@ static int simplify_symbols(Elf_Shdr *se |
58c5fc13 MT |
46388 | secbase = (unsigned long)mod->percpu; |
46389 | else | |
46390 | secbase = sechdrs[sym[i].st_shndx].sh_addr; | |
ae4e228f | 46391 | + pax_open_kernel(); |
58c5fc13 | 46392 | sym[i].st_value += secbase; |
ae4e228f | 46393 | + pax_close_kernel(); |
58c5fc13 MT |
46394 | break; |
46395 | } | |
46396 | } | |
ae4e228f | 46397 | @@ -1579,11 +1587,12 @@ static void layout_sections(struct modul |
58c5fc13 MT |
46398 | || s->sh_entsize != ~0UL |
46399 | || strstarts(secstrings + s->sh_name, ".init")) | |
46400 | continue; | |
46401 | - s->sh_entsize = get_offset(mod, &mod->core_size, s, i); | |
46402 | + if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC)) | |
46403 | + s->sh_entsize = get_offset(mod, &mod->core_size_rw, s, i); | |
46404 | + else | |
46405 | + s->sh_entsize = get_offset(mod, &mod->core_size_rx, s, i); | |
46406 | DEBUGP("\t%s\n", secstrings + s->sh_name); | |
46407 | } | |
46408 | - if (m == 0) | |
46409 | - mod->core_text_size = mod->core_size; | |
46410 | } | |
46411 | ||
46412 | DEBUGP("Init section allocation order:\n"); | |
ae4e228f | 46413 | @@ -1596,12 +1605,13 @@ static void layout_sections(struct modul |
58c5fc13 MT |
46414 | || s->sh_entsize != ~0UL |
46415 | || !strstarts(secstrings + s->sh_name, ".init")) | |
46416 | continue; | |
46417 | - s->sh_entsize = (get_offset(mod, &mod->init_size, s, i) | |
46418 | - | INIT_OFFSET_MASK); | |
46419 | + if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC)) | |
46420 | + s->sh_entsize = get_offset(mod, &mod->init_size_rw, s, i); | |
46421 | + else | |
46422 | + s->sh_entsize = get_offset(mod, &mod->init_size_rx, s, i); | |
46423 | + s->sh_entsize |= INIT_OFFSET_MASK; | |
46424 | DEBUGP("\t%s\n", secstrings + s->sh_name); | |
46425 | } | |
46426 | - if (m == 0) | |
46427 | - mod->init_text_size = mod->init_size; | |
46428 | } | |
46429 | } | |
46430 | ||
ae4e228f MT |
46431 | @@ -1705,9 +1715,8 @@ static int is_exported(const char *name, |
46432 | ||
46433 | /* As per nm */ | |
46434 | static char elf_type(const Elf_Sym *sym, | |
46435 | - Elf_Shdr *sechdrs, | |
46436 | - const char *secstrings, | |
46437 | - struct module *mod) | |
46438 | + const Elf_Shdr *sechdrs, | |
46439 | + const char *secstrings) | |
58c5fc13 | 46440 | { |
ae4e228f MT |
46441 | if (ELF_ST_BIND(sym->st_info) == STB_WEAK) { |
46442 | if (ELF_ST_TYPE(sym->st_info) == STT_OBJECT) | |
46443 | @@ -1782,7 +1791,7 @@ static unsigned long layout_symtab(struc | |
58c5fc13 | 46444 | |
ae4e228f MT |
46445 | /* Put symbol section at end of init part of module. */ |
46446 | symsect->sh_flags |= SHF_ALLOC; | |
46447 | - symsect->sh_entsize = get_offset(mod, &mod->init_size, symsect, | |
46448 | + symsect->sh_entsize = get_offset(mod, &mod->init_size_rx, symsect, | |
46449 | symindex) | INIT_OFFSET_MASK; | |
46450 | DEBUGP("\t%s\n", secstrings + symsect->sh_name); | |
46451 | ||
46452 | @@ -1799,19 +1808,19 @@ static unsigned long layout_symtab(struc | |
46453 | } | |
46454 | ||
46455 | /* Append room for core symbols at end of core part. */ | |
46456 | - symoffs = ALIGN(mod->core_size, symsect->sh_addralign ?: 1); | |
46457 | - mod->core_size = symoffs + ndst * sizeof(Elf_Sym); | |
46458 | + symoffs = ALIGN(mod->core_size_rx, symsect->sh_addralign ?: 1); | |
46459 | + mod->core_size_rx = symoffs + ndst * sizeof(Elf_Sym); | |
46460 | ||
46461 | /* Put string table section at end of init part of module. */ | |
46462 | strsect->sh_flags |= SHF_ALLOC; | |
46463 | - strsect->sh_entsize = get_offset(mod, &mod->init_size, strsect, | |
46464 | + strsect->sh_entsize = get_offset(mod, &mod->init_size_rx, strsect, | |
46465 | strindex) | INIT_OFFSET_MASK; | |
46466 | DEBUGP("\t%s\n", secstrings + strsect->sh_name); | |
46467 | ||
46468 | /* Append room for core symbols' strings at end of core part. */ | |
46469 | - *pstroffs = mod->core_size; | |
46470 | + *pstroffs = mod->core_size_rx; | |
46471 | __set_bit(0, strmap); | |
46472 | - mod->core_size += bitmap_weight(strmap, strsect->sh_size); | |
46473 | + mod->core_size_rx += bitmap_weight(strmap, strsect->sh_size); | |
46474 | ||
46475 | return symoffs; | |
46476 | } | |
46477 | @@ -1835,12 +1844,14 @@ static void add_kallsyms(struct module * | |
58c5fc13 MT |
46478 | mod->num_symtab = sechdrs[symindex].sh_size / sizeof(Elf_Sym); |
46479 | mod->strtab = (void *)sechdrs[strindex].sh_addr; | |
46480 | ||
ae4e228f MT |
46481 | + pax_open_kernel(); |
46482 | + | |
58c5fc13 | 46483 | /* Set types up while we still have access to sections. */ |
ae4e228f MT |
46484 | for (i = 0; i < mod->num_symtab; i++) |
46485 | mod->symtab[i].st_info | |
58c5fc13 | 46486 | - = elf_type(&mod->symtab[i], sechdrs, secstrings, mod); |
ae4e228f MT |
46487 | + = elf_type(&mod->symtab[i], sechdrs, secstrings); |
46488 | ||
46489 | - mod->core_symtab = dst = mod->module_core + symoffs; | |
46490 | + mod->core_symtab = dst = mod->module_core_rx + symoffs; | |
46491 | src = mod->symtab; | |
46492 | *dst = *src; | |
46493 | for (ndst = i = 1; i < mod->num_symtab; ++i, ++src) { | |
46494 | @@ -1852,10 +1863,12 @@ static void add_kallsyms(struct module * | |
46495 | } | |
46496 | mod->core_num_syms = ndst; | |
46497 | ||
46498 | - mod->core_strtab = s = mod->module_core + stroffs; | |
46499 | + mod->core_strtab = s = mod->module_core_rx + stroffs; | |
46500 | for (*s = 0, i = 1; i < sechdrs[strindex].sh_size; ++i) | |
46501 | if (test_bit(i, strmap)) | |
46502 | *++s = mod->strtab[i]; | |
58c5fc13 | 46503 | + |
ae4e228f | 46504 | + pax_close_kernel(); |
58c5fc13 MT |
46505 | } |
46506 | #else | |
ae4e228f MT |
46507 | static inline unsigned long layout_symtab(struct module *mod, |
46508 | @@ -1892,16 +1905,30 @@ static void dynamic_debug_setup(struct _ | |
58c5fc13 MT |
46509 | #endif |
46510 | } | |
46511 | ||
46512 | -static void *module_alloc_update_bounds(unsigned long size) | |
46513 | +static void *module_alloc_update_bounds_rw(unsigned long size) | |
46514 | { | |
46515 | void *ret = module_alloc(size); | |
46516 | ||
46517 | if (ret) { | |
46518 | /* Update module bounds. */ | |
46519 | - if ((unsigned long)ret < module_addr_min) | |
46520 | - module_addr_min = (unsigned long)ret; | |
46521 | - if ((unsigned long)ret + size > module_addr_max) | |
46522 | - module_addr_max = (unsigned long)ret + size; | |
46523 | + if ((unsigned long)ret < module_addr_min_rw) | |
46524 | + module_addr_min_rw = (unsigned long)ret; | |
46525 | + if ((unsigned long)ret + size > module_addr_max_rw) | |
46526 | + module_addr_max_rw = (unsigned long)ret + size; | |
46527 | + } | |
46528 | + return ret; | |
46529 | +} | |
46530 | + | |
46531 | +static void *module_alloc_update_bounds_rx(unsigned long size) | |
46532 | +{ | |
46533 | + void *ret = module_alloc_exec(size); | |
46534 | + | |
46535 | + if (ret) { | |
46536 | + /* Update module bounds. */ | |
46537 | + if ((unsigned long)ret < module_addr_min_rx) | |
46538 | + module_addr_min_rx = (unsigned long)ret; | |
46539 | + if ((unsigned long)ret + size > module_addr_max_rx) | |
46540 | + module_addr_max_rx = (unsigned long)ret + size; | |
46541 | } | |
46542 | return ret; | |
46543 | } | |
ae4e228f MT |
46544 | @@ -2108,7 +2135,7 @@ static noinline struct module *load_modu |
46545 | secstrings, &stroffs, strmap); | |
58c5fc13 MT |
46546 | |
46547 | /* Do the allocs. */ | |
46548 | - ptr = module_alloc_update_bounds(mod->core_size); | |
46549 | + ptr = module_alloc_update_bounds_rw(mod->core_size_rw); | |
46550 | /* | |
46551 | * The pointer to this block is stored in the module structure | |
46552 | * which is inside the block. Just mark it as not being a | |
ae4e228f | 46553 | @@ -2119,23 +2146,47 @@ static noinline struct module *load_modu |
58c5fc13 MT |
46554 | err = -ENOMEM; |
46555 | goto free_percpu; | |
46556 | } | |
46557 | - memset(ptr, 0, mod->core_size); | |
46558 | - mod->module_core = ptr; | |
46559 | + memset(ptr, 0, mod->core_size_rw); | |
46560 | + mod->module_core_rw = ptr; | |
46561 | ||
46562 | - ptr = module_alloc_update_bounds(mod->init_size); | |
46563 | + ptr = module_alloc_update_bounds_rw(mod->init_size_rw); | |
46564 | /* | |
46565 | * The pointer to this block is stored in the module structure | |
46566 | * which is inside the block. This block doesn't need to be | |
46567 | * scanned as it contains data and code that will be freed | |
46568 | * after the module is initialized. | |
46569 | */ | |
46570 | - kmemleak_ignore(ptr); | |
46571 | - if (!ptr && mod->init_size) { | |
46572 | + kmemleak_not_leak(ptr); | |
46573 | + if (!ptr && mod->init_size_rw) { | |
ae4e228f | 46574 | + err = -ENOMEM; |
58c5fc13 | 46575 | + goto free_core_rw; |
ae4e228f | 46576 | + } |
58c5fc13 MT |
46577 | + memset(ptr, 0, mod->init_size_rw); |
46578 | + mod->module_init_rw = ptr; | |
46579 | + | |
46580 | + ptr = module_alloc_update_bounds_rx(mod->core_size_rx); | |
46581 | + kmemleak_not_leak(ptr); | |
46582 | + if (!ptr) { | |
ae4e228f MT |
46583 | err = -ENOMEM; |
46584 | - goto free_core; | |
58c5fc13 | 46585 | + goto free_init_rw; |
ae4e228f MT |
46586 | } |
46587 | - memset(ptr, 0, mod->init_size); | |
46588 | - mod->module_init = ptr; | |
58c5fc13 | 46589 | + |
ae4e228f | 46590 | + pax_open_kernel(); |
58c5fc13 | 46591 | + memset(ptr, 0, mod->core_size_rx); |
ae4e228f | 46592 | + pax_close_kernel(); |
58c5fc13 MT |
46593 | + mod->module_core_rx = ptr; |
46594 | + | |
46595 | + ptr = module_alloc_update_bounds_rx(mod->init_size_rx); | |
46596 | + kmemleak_not_leak(ptr); | |
46597 | + if (!ptr && mod->init_size_rx) { | |
46598 | + err = -ENOMEM; | |
46599 | + goto free_core_rx; | |
46600 | + } | |
46601 | + | |
ae4e228f | 46602 | + pax_open_kernel(); |
58c5fc13 | 46603 | + memset(ptr, 0, mod->init_size_rx); |
ae4e228f | 46604 | + pax_close_kernel(); |
58c5fc13 MT |
46605 | + mod->module_init_rx = ptr; |
46606 | ||
46607 | /* Transfer each section which specifies SHF_ALLOC */ | |
46608 | DEBUGP("final section addresses:\n"); | |
ae4e228f | 46609 | @@ -2145,17 +2196,41 @@ static noinline struct module *load_modu |
58c5fc13 MT |
46610 | if (!(sechdrs[i].sh_flags & SHF_ALLOC)) |
46611 | continue; | |
46612 | ||
46613 | - if (sechdrs[i].sh_entsize & INIT_OFFSET_MASK) | |
46614 | - dest = mod->module_init | |
46615 | - + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK); | |
46616 | - else | |
46617 | - dest = mod->module_core + sechdrs[i].sh_entsize; | |
46618 | + if (sechdrs[i].sh_entsize & INIT_OFFSET_MASK) { | |
46619 | + if ((sechdrs[i].sh_flags & SHF_WRITE) || !(sechdrs[i].sh_flags & SHF_ALLOC)) | |
46620 | + dest = mod->module_init_rw | |
46621 | + + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK); | |
46622 | + else | |
46623 | + dest = mod->module_init_rx | |
46624 | + + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK); | |
46625 | + } else { | |
46626 | + if ((sechdrs[i].sh_flags & SHF_WRITE) || !(sechdrs[i].sh_flags & SHF_ALLOC)) | |
46627 | + dest = mod->module_core_rw + sechdrs[i].sh_entsize; | |
46628 | + else | |
46629 | + dest = mod->module_core_rx + sechdrs[i].sh_entsize; | |
46630 | + } | |
46631 | + | |
46632 | + if (sechdrs[i].sh_type != SHT_NOBITS) { | |
ae4e228f | 46633 | + |
58c5fc13 MT |
46634 | +#ifdef CONFIG_PAX_KERNEXEC |
46635 | + if (!(sechdrs[i].sh_flags & SHF_WRITE) && (sechdrs[i].sh_flags & SHF_ALLOC)) { | |
ae4e228f | 46636 | + pax_open_kernel(); |
58c5fc13 | 46637 | + memcpy(dest, (void *)sechdrs[i].sh_addr, sechdrs[i].sh_size); |
ae4e228f | 46638 | + pax_close_kernel(); |
58c5fc13 MT |
46639 | + } else |
46640 | +#endif | |
ae4e228f MT |
46641 | |
46642 | - if (sechdrs[i].sh_type != SHT_NOBITS) | |
46643 | - memcpy(dest, (void *)sechdrs[i].sh_addr, | |
46644 | - sechdrs[i].sh_size); | |
58c5fc13 MT |
46645 | + memcpy(dest, (void *)sechdrs[i].sh_addr, sechdrs[i].sh_size); |
46646 | + } | |
46647 | /* Update sh_addr to point to copy in image. */ | |
46648 | - sechdrs[i].sh_addr = (unsigned long)dest; | |
46649 | + | |
46650 | +#ifdef CONFIG_PAX_KERNEXEC | |
46651 | + if (sechdrs[i].sh_flags & SHF_EXECINSTR) | |
46652 | + sechdrs[i].sh_addr = ktva_ktla((unsigned long)dest); | |
46653 | + else | |
46654 | +#endif | |
46655 | + | |
46656 | + sechdrs[i].sh_addr = (unsigned long)dest; | |
46657 | DEBUGP("\t0x%lx %s\n", sechdrs[i].sh_addr, secstrings + sechdrs[i].sh_name); | |
46658 | } | |
46659 | /* Module has been moved. */ | |
ae4e228f | 46660 | @@ -2167,7 +2242,7 @@ static noinline struct module *load_modu |
58c5fc13 MT |
46661 | mod->name); |
46662 | if (!mod->refptr) { | |
46663 | err = -ENOMEM; | |
46664 | - goto free_init; | |
46665 | + goto free_init_rx; | |
46666 | } | |
46667 | #endif | |
46668 | /* Now we've moved module, initialize linked lists, etc. */ | |
ae4e228f | 46669 | @@ -2282,8 +2357,8 @@ static noinline struct module *load_modu |
58c5fc13 MT |
46670 | |
46671 | /* Now do relocations. */ | |
46672 | for (i = 1; i < hdr->e_shnum; i++) { | |
46673 | - const char *strtab = (char *)sechdrs[strindex].sh_addr; | |
46674 | unsigned int info = sechdrs[i].sh_info; | |
46675 | + strtab = (char *)sechdrs[strindex].sh_addr; | |
46676 | ||
46677 | /* Not a valid relocation section? */ | |
46678 | if (info >= hdr->e_shnum) | |
ae4e228f | 46679 | @@ -2344,12 +2419,12 @@ static noinline struct module *load_modu |
58c5fc13 MT |
46680 | * Do it before processing of module parameters, so the module |
46681 | * can provide parameter accessor functions of its own. | |
46682 | */ | |
46683 | - if (mod->module_init) | |
46684 | - flush_icache_range((unsigned long)mod->module_init, | |
46685 | - (unsigned long)mod->module_init | |
46686 | - + mod->init_size); | |
46687 | - flush_icache_range((unsigned long)mod->module_core, | |
46688 | - (unsigned long)mod->module_core + mod->core_size); | |
46689 | + if (mod->module_init_rx) | |
46690 | + flush_icache_range((unsigned long)mod->module_init_rx, | |
46691 | + (unsigned long)mod->module_init_rx | |
46692 | + + mod->init_size_rx); | |
46693 | + flush_icache_range((unsigned long)mod->module_core_rx, | |
46694 | + (unsigned long)mod->module_core_rx + mod->core_size_rx); | |
46695 | ||
46696 | set_fs(old_fs); | |
46697 | ||
ae4e228f | 46698 | @@ -2397,12 +2472,16 @@ static noinline struct module *load_modu |
58c5fc13 MT |
46699 | free_unload: |
46700 | module_unload_free(mod); | |
46701 | #if defined(CONFIG_MODULE_UNLOAD) && defined(CONFIG_SMP) | |
58c5fc13 MT |
46702 | + free_init_rx: |
46703 | percpu_modfree(mod->refptr); | |
ae4e228f | 46704 | - free_init: |
58c5fc13 MT |
46705 | #endif |
46706 | - module_free(mod, mod->module_init); | |
46707 | - free_core: | |
46708 | - module_free(mod, mod->module_core); | |
46709 | + module_free_exec(mod, mod->module_init_rx); | |
46710 | + free_core_rx: | |
46711 | + module_free_exec(mod, mod->module_core_rx); | |
46712 | + free_init_rw: | |
46713 | + module_free(mod, mod->module_init_rw); | |
46714 | + free_core_rw: | |
46715 | + module_free(mod, mod->module_core_rw); | |
46716 | /* mod will be freed with core. Don't access it beyond this line! */ | |
46717 | free_percpu: | |
46718 | if (percpu) | |
ae4e228f MT |
46719 | @@ -2504,10 +2583,12 @@ SYSCALL_DEFINE3(init_module, void __user |
46720 | mod->symtab = mod->core_symtab; | |
46721 | mod->strtab = mod->core_strtab; | |
46722 | #endif | |
58c5fc13 MT |
46723 | - module_free(mod, mod->module_init); |
46724 | - mod->module_init = NULL; | |
46725 | - mod->init_size = 0; | |
46726 | - mod->init_text_size = 0; | |
46727 | + module_free(mod, mod->module_init_rw); | |
46728 | + module_free_exec(mod, mod->module_init_rx); | |
46729 | + mod->module_init_rw = NULL; | |
46730 | + mod->module_init_rx = NULL; | |
46731 | + mod->init_size_rw = 0; | |
46732 | + mod->init_size_rx = 0; | |
46733 | mutex_unlock(&module_mutex); | |
46734 | ||
46735 | return 0; | |
ae4e228f | 46736 | @@ -2538,10 +2619,16 @@ static const char *get_ksymbol(struct mo |
58c5fc13 MT |
46737 | unsigned long nextval; |
46738 | ||
46739 | /* At worse, next value is at end of module */ | |
46740 | - if (within_module_init(addr, mod)) | |
46741 | - nextval = (unsigned long)mod->module_init+mod->init_text_size; | |
46742 | + if (within_module_init_rx(addr, mod)) | |
46743 | + nextval = (unsigned long)mod->module_init_rx+mod->init_size_rx; | |
46744 | + else if (within_module_init_rw(addr, mod)) | |
46745 | + nextval = (unsigned long)mod->module_init_rw+mod->init_size_rw; | |
46746 | + else if (within_module_core_rx(addr, mod)) | |
46747 | + nextval = (unsigned long)mod->module_core_rx+mod->core_size_rx; | |
46748 | + else if (within_module_core_rw(addr, mod)) | |
46749 | + nextval = (unsigned long)mod->module_core_rw+mod->core_size_rw; | |
46750 | else | |
46751 | - nextval = (unsigned long)mod->module_core+mod->core_text_size; | |
46752 | + return NULL; | |
46753 | ||
46754 | /* Scan for closest preceeding symbol, and next symbol. (ELF | |
46755 | starts real symbols at 1). */ | |
ae4e228f | 46756 | @@ -2787,7 +2874,7 @@ static int m_show(struct seq_file *m, vo |
58c5fc13 MT |
46757 | char buf[8]; |
46758 | ||
46759 | seq_printf(m, "%s %u", | |
46760 | - mod->name, mod->init_size + mod->core_size); | |
46761 | + mod->name, mod->init_size_rx + mod->init_size_rw + mod->core_size_rx + mod->core_size_rw); | |
46762 | print_unload_info(m, mod); | |
46763 | ||
46764 | /* Informative for users. */ | |
ae4e228f | 46765 | @@ -2796,7 +2883,7 @@ static int m_show(struct seq_file *m, vo |
58c5fc13 MT |
46766 | mod->state == MODULE_STATE_COMING ? "Loading": |
46767 | "Live"); | |
46768 | /* Used by oprofile and other similar tools. */ | |
46769 | - seq_printf(m, " 0x%p", mod->module_core); | |
46770 | + seq_printf(m, " 0x%p 0x%p", mod->module_core_rx, mod->module_core_rw); | |
46771 | ||
46772 | /* Taints info */ | |
46773 | if (mod->taints) | |
ae4e228f | 46774 | @@ -2832,7 +2919,17 @@ static const struct file_operations proc |
58c5fc13 MT |
46775 | |
46776 | static int __init proc_modules_init(void) | |
46777 | { | |
46778 | +#ifndef CONFIG_GRKERNSEC_HIDESYM | |
46779 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
46780 | + proc_create("modules", S_IRUSR, NULL, &proc_modules_operations); | |
46781 | +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
46782 | + proc_create("modules", S_IRUSR | S_IRGRP, NULL, &proc_modules_operations); | |
46783 | +#else | |
46784 | proc_create("modules", 0, NULL, &proc_modules_operations); | |
46785 | +#endif | |
46786 | +#else | |
46787 | + proc_create("modules", S_IRUSR, NULL, &proc_modules_operations); | |
46788 | +#endif | |
46789 | return 0; | |
46790 | } | |
46791 | module_init(proc_modules_init); | |
ae4e228f | 46792 | @@ -2891,12 +2988,12 @@ struct module *__module_address(unsigned |
58c5fc13 MT |
46793 | { |
46794 | struct module *mod; | |
46795 | ||
46796 | - if (addr < module_addr_min || addr > module_addr_max) | |
46797 | + if ((addr < module_addr_min_rx || addr > module_addr_max_rx) && | |
46798 | + (addr < module_addr_min_rw || addr > module_addr_max_rw)) | |
46799 | return NULL; | |
46800 | ||
46801 | list_for_each_entry_rcu(mod, &modules, list) | |
46802 | - if (within_module_core(addr, mod) | |
46803 | - || within_module_init(addr, mod)) | |
46804 | + if (within_module_init(addr, mod) || within_module_core(addr, mod)) | |
46805 | return mod; | |
46806 | return NULL; | |
46807 | } | |
ae4e228f | 46808 | @@ -2930,11 +3027,20 @@ bool is_module_text_address(unsigned lon |
58c5fc13 MT |
46809 | */ |
46810 | struct module *__module_text_address(unsigned long addr) | |
46811 | { | |
46812 | - struct module *mod = __module_address(addr); | |
46813 | + struct module *mod; | |
46814 | + | |
46815 | +#ifdef CONFIG_X86_32 | |
46816 | + addr = ktla_ktva(addr); | |
46817 | +#endif | |
46818 | + | |
46819 | + if (addr < module_addr_min_rx || addr > module_addr_max_rx) | |
46820 | + return NULL; | |
46821 | + | |
46822 | + mod = __module_address(addr); | |
46823 | + | |
46824 | if (mod) { | |
46825 | /* Make sure it's within the text section. */ | |
46826 | - if (!within(addr, mod->module_init, mod->init_text_size) | |
46827 | - && !within(addr, mod->module_core, mod->core_text_size)) | |
46828 | + if (!within_module_init_rx(addr, mod) && !within_module_core_rx(addr, mod)) | |
46829 | mod = NULL; | |
46830 | } | |
46831 | return mod; | |
ae4e228f MT |
46832 | diff -urNp linux-2.6.33.1/kernel/panic.c linux-2.6.33.1/kernel/panic.c |
46833 | --- linux-2.6.33.1/kernel/panic.c 2010-03-15 12:09:39.000000000 -0400 | |
46834 | +++ linux-2.6.33.1/kernel/panic.c 2010-03-20 16:58:42.076969908 -0400 | |
46835 | @@ -396,7 +396,8 @@ EXPORT_SYMBOL(warn_slowpath_null); | |
58c5fc13 MT |
46836 | */ |
46837 | void __stack_chk_fail(void) | |
46838 | { | |
46839 | - panic("stack-protector: Kernel stack is corrupted in: %p\n", | |
46840 | + dump_stack(); | |
46841 | + panic("stack-protector: Kernel stack is corrupted in: %pS\n", | |
46842 | __builtin_return_address(0)); | |
46843 | } | |
46844 | EXPORT_SYMBOL(__stack_chk_fail); | |
ae4e228f MT |
46845 | diff -urNp linux-2.6.33.1/kernel/params.c linux-2.6.33.1/kernel/params.c |
46846 | --- linux-2.6.33.1/kernel/params.c 2010-03-15 12:09:39.000000000 -0400 | |
46847 | +++ linux-2.6.33.1/kernel/params.c 2010-03-20 16:58:42.088938657 -0400 | |
46848 | @@ -723,7 +723,7 @@ static ssize_t module_attr_store(struct | |
46849 | return ret; | |
58c5fc13 MT |
46850 | } |
46851 | ||
ae4e228f MT |
46852 | -static struct sysfs_ops module_sysfs_ops = { |
46853 | +static const struct sysfs_ops module_sysfs_ops = { | |
46854 | .show = module_attr_show, | |
46855 | .store = module_attr_store, | |
46856 | }; | |
46857 | @@ -737,7 +737,7 @@ static int uevent_filter(struct kset *ks | |
46858 | return 0; | |
58c5fc13 MT |
46859 | } |
46860 | ||
ae4e228f MT |
46861 | -static struct kset_uevent_ops module_uevent_ops = { |
46862 | +static const struct kset_uevent_ops module_uevent_ops = { | |
46863 | .filter = uevent_filter, | |
46864 | }; | |
58c5fc13 | 46865 | |
ae4e228f MT |
46866 | diff -urNp linux-2.6.33.1/kernel/pid.c linux-2.6.33.1/kernel/pid.c |
46867 | --- linux-2.6.33.1/kernel/pid.c 2010-03-15 12:09:39.000000000 -0400 | |
46868 | +++ linux-2.6.33.1/kernel/pid.c 2010-03-20 16:58:42.092540045 -0400 | |
58c5fc13 MT |
46869 | @@ -33,6 +33,7 @@ |
46870 | #include <linux/rculist.h> | |
46871 | #include <linux/bootmem.h> | |
46872 | #include <linux/hash.h> | |
46873 | +#include <linux/security.h> | |
46874 | #include <linux/pid_namespace.h> | |
46875 | #include <linux/init_task.h> | |
46876 | #include <linux/syscalls.h> | |
46877 | @@ -45,7 +46,7 @@ struct pid init_struct_pid = INIT_STRUCT | |
46878 | ||
46879 | int pid_max = PID_MAX_DEFAULT; | |
46880 | ||
46881 | -#define RESERVED_PIDS 300 | |
46882 | +#define RESERVED_PIDS 500 | |
46883 | ||
46884 | int pid_max_min = RESERVED_PIDS + 1; | |
46885 | int pid_max_max = PID_MAX_LIMIT; | |
46886 | @@ -380,7 +381,14 @@ EXPORT_SYMBOL(pid_task); | |
46887 | */ | |
46888 | struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns) | |
46889 | { | |
46890 | - return pid_task(find_pid_ns(nr, ns), PIDTYPE_PID); | |
46891 | + struct task_struct *task; | |
46892 | + | |
46893 | + task = pid_task(find_pid_ns(nr, ns), PIDTYPE_PID); | |
46894 | + | |
46895 | + if (gr_pid_is_chrooted(task)) | |
46896 | + return NULL; | |
46897 | + | |
46898 | + return task; | |
46899 | } | |
46900 | ||
46901 | struct task_struct *find_task_by_vpid(pid_t vnr) | |
ae4e228f MT |
46902 | diff -urNp linux-2.6.33.1/kernel/posix-cpu-timers.c linux-2.6.33.1/kernel/posix-cpu-timers.c |
46903 | --- linux-2.6.33.1/kernel/posix-cpu-timers.c 2010-03-15 12:09:39.000000000 -0400 | |
46904 | +++ linux-2.6.33.1/kernel/posix-cpu-timers.c 2010-03-20 16:58:42.092540045 -0400 | |
58c5fc13 MT |
46905 | @@ -6,6 +6,7 @@ |
46906 | #include <linux/posix-timers.h> | |
46907 | #include <linux/errno.h> | |
46908 | #include <linux/math64.h> | |
46909 | +#include <linux/security.h> | |
46910 | #include <asm/uaccess.h> | |
46911 | #include <linux/kernel_stat.h> | |
ae4e228f MT |
46912 | #include <trace/events/timer.h> |
46913 | @@ -1043,6 +1044,7 @@ static void check_thread_timers(struct t | |
58c5fc13 MT |
46914 | __group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk); |
46915 | return; | |
46916 | } | |
46917 | + gr_learn_resource(tsk, RLIMIT_RTTIME, tsk->rt.timeout, 1); | |
46918 | if (tsk->rt.timeout > DIV_ROUND_UP(*soft, USEC_PER_SEC/HZ)) { | |
46919 | /* | |
46920 | * At the soft limit, send a SIGXCPU every second. | |
ae4e228f | 46921 | @@ -1205,6 +1207,7 @@ static void check_process_timers(struct |
58c5fc13 MT |
46922 | __group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk); |
46923 | return; | |
46924 | } | |
46925 | + gr_learn_resource(tsk, RLIMIT_CPU, psecs, 0); | |
46926 | if (psecs >= sig->rlim[RLIMIT_CPU].rlim_cur) { | |
46927 | /* | |
46928 | * At the soft limit, send a SIGXCPU every second. | |
ae4e228f MT |
46929 | diff -urNp linux-2.6.33.1/kernel/power/hibernate.c linux-2.6.33.1/kernel/power/hibernate.c |
46930 | --- linux-2.6.33.1/kernel/power/hibernate.c 2010-03-15 12:09:39.000000000 -0400 | |
46931 | +++ linux-2.6.33.1/kernel/power/hibernate.c 2010-03-20 16:58:42.092540045 -0400 | |
46932 | @@ -49,14 +49,14 @@ enum { | |
46933 | ||
46934 | static int hibernation_mode = HIBERNATION_SHUTDOWN; | |
46935 | ||
46936 | -static struct platform_hibernation_ops *hibernation_ops; | |
46937 | +static const struct platform_hibernation_ops *hibernation_ops; | |
46938 | ||
46939 | /** | |
46940 | * hibernation_set_ops - set the global hibernate operations | |
46941 | * @ops: the hibernation operations to use in subsequent hibernation transitions | |
46942 | */ | |
46943 | ||
46944 | -void hibernation_set_ops(struct platform_hibernation_ops *ops) | |
46945 | +void hibernation_set_ops(const struct platform_hibernation_ops *ops) | |
46946 | { | |
46947 | if (ops && !(ops->begin && ops->end && ops->pre_snapshot | |
46948 | && ops->prepare && ops->finish && ops->enter && ops->pre_restore | |
46949 | diff -urNp linux-2.6.33.1/kernel/power/poweroff.c linux-2.6.33.1/kernel/power/poweroff.c | |
46950 | --- linux-2.6.33.1/kernel/power/poweroff.c 2010-03-15 12:09:39.000000000 -0400 | |
46951 | +++ linux-2.6.33.1/kernel/power/poweroff.c 2010-03-20 16:58:42.096640751 -0400 | |
58c5fc13 MT |
46952 | @@ -37,7 +37,7 @@ static struct sysrq_key_op sysrq_powerof |
46953 | .enable_mask = SYSRQ_ENABLE_BOOT, | |
46954 | }; | |
46955 | ||
46956 | -static int pm_sysrq_init(void) | |
46957 | +static int __init pm_sysrq_init(void) | |
46958 | { | |
46959 | register_sysrq_key('o', &sysrq_poweroff_op); | |
46960 | return 0; | |
ae4e228f MT |
46961 | diff -urNp linux-2.6.33.1/kernel/power/process.c linux-2.6.33.1/kernel/power/process.c |
46962 | --- linux-2.6.33.1/kernel/power/process.c 2010-03-15 12:09:39.000000000 -0400 | |
46963 | +++ linux-2.6.33.1/kernel/power/process.c 2010-03-20 16:58:42.096640751 -0400 | |
46964 | @@ -38,12 +38,15 @@ static int try_to_freeze_tasks(bool sig_ | |
58c5fc13 MT |
46965 | struct timeval start, end; |
46966 | u64 elapsed_csecs64; | |
46967 | unsigned int elapsed_csecs; | |
46968 | + bool timedout = false; | |
46969 | ||
46970 | do_gettimeofday(&start); | |
46971 | ||
46972 | end_time = jiffies + TIMEOUT; | |
ae4e228f | 46973 | while (true) { |
58c5fc13 MT |
46974 | todo = 0; |
46975 | + if (time_after(jiffies, end_time)) | |
46976 | + timedout = true; | |
46977 | read_lock(&tasklist_lock); | |
46978 | do_each_thread(g, p) { | |
46979 | if (frozen(p) || !freezeable(p)) | |
ae4e228f | 46980 | @@ -58,12 +61,16 @@ static int try_to_freeze_tasks(bool sig_ |
58c5fc13 MT |
46981 | * It is "frozen enough". If the task does wake |
46982 | * up, it will immediately call try_to_freeze. | |
46983 | */ | |
46984 | - if (!task_is_stopped_or_traced(p) && | |
46985 | - !freezer_should_skip(p)) | |
46986 | + if (!task_is_stopped_or_traced(p) && !freezer_should_skip(p)) { | |
46987 | todo++; | |
46988 | + if (timedout) { | |
46989 | + printk(KERN_ERR "Task refusing to freeze:\n"); | |
46990 | + sched_show_task(p); | |
46991 | + } | |
46992 | + } | |
46993 | } while_each_thread(g, p); | |
46994 | read_unlock(&tasklist_lock); | |
ae4e228f MT |
46995 | - if (!todo || time_after(jiffies, end_time)) |
46996 | + if (!todo || timedout) | |
46997 | break; | |
46998 | ||
46999 | /* | |
47000 | diff -urNp linux-2.6.33.1/kernel/power/suspend.c linux-2.6.33.1/kernel/power/suspend.c | |
47001 | --- linux-2.6.33.1/kernel/power/suspend.c 2010-03-15 12:09:39.000000000 -0400 | |
47002 | +++ linux-2.6.33.1/kernel/power/suspend.c 2010-03-20 16:58:42.096640751 -0400 | |
47003 | @@ -23,13 +23,13 @@ const char *const pm_states[PM_SUSPEND_M | |
47004 | [PM_SUSPEND_MEM] = "mem", | |
47005 | }; | |
47006 | ||
47007 | -static struct platform_suspend_ops *suspend_ops; | |
47008 | +static const struct platform_suspend_ops *suspend_ops; | |
47009 | ||
47010 | /** | |
47011 | * suspend_set_ops - Set the global suspend method table. | |
47012 | * @ops: Pointer to ops structure. | |
47013 | */ | |
47014 | -void suspend_set_ops(struct platform_suspend_ops *ops) | |
47015 | +void suspend_set_ops(const struct platform_suspend_ops *ops) | |
47016 | { | |
47017 | mutex_lock(&pm_mutex); | |
47018 | suspend_ops = ops; | |
47019 | diff -urNp linux-2.6.33.1/kernel/printk.c linux-2.6.33.1/kernel/printk.c | |
47020 | --- linux-2.6.33.1/kernel/printk.c 2010-03-15 12:09:39.000000000 -0400 | |
47021 | +++ linux-2.6.33.1/kernel/printk.c 2010-03-20 16:58:42.096640751 -0400 | |
47022 | @@ -280,6 +280,11 @@ int do_syslog(int type, char __user *buf | |
58c5fc13 MT |
47023 | char c; |
47024 | int error = 0; | |
47025 | ||
47026 | +#ifdef CONFIG_GRKERNSEC_DMESG | |
47027 | + if (grsec_enable_dmesg && !capable(CAP_SYS_ADMIN)) | |
47028 | + return -EPERM; | |
47029 | +#endif | |
47030 | + | |
47031 | error = security_syslog(type); | |
47032 | if (error) | |
47033 | return error; | |
ae4e228f MT |
47034 | diff -urNp linux-2.6.33.1/kernel/ptrace.c linux-2.6.33.1/kernel/ptrace.c |
47035 | --- linux-2.6.33.1/kernel/ptrace.c 2010-03-15 12:09:39.000000000 -0400 | |
47036 | +++ linux-2.6.33.1/kernel/ptrace.c 2010-03-20 16:58:42.104944311 -0400 | |
58c5fc13 MT |
47037 | @@ -141,7 +141,7 @@ int __ptrace_may_access(struct task_stru |
47038 | cred->gid != tcred->egid || | |
47039 | cred->gid != tcred->sgid || | |
47040 | cred->gid != tcred->gid) && | |
47041 | - !capable(CAP_SYS_PTRACE)) { | |
47042 | + !capable_nolog(CAP_SYS_PTRACE)) { | |
47043 | rcu_read_unlock(); | |
47044 | return -EPERM; | |
47045 | } | |
47046 | @@ -149,7 +149,7 @@ int __ptrace_may_access(struct task_stru | |
47047 | smp_rmb(); | |
47048 | if (task->mm) | |
47049 | dumpable = get_dumpable(task->mm); | |
47050 | - if (!dumpable && !capable(CAP_SYS_PTRACE)) | |
47051 | + if (!dumpable && !capable_nolog(CAP_SYS_PTRACE)) | |
47052 | return -EPERM; | |
47053 | ||
ae4e228f | 47054 | return security_ptrace_access_check(task, mode); |
58c5fc13 MT |
47055 | @@ -199,7 +199,7 @@ int ptrace_attach(struct task_struct *ta |
47056 | goto unlock_tasklist; | |
47057 | ||
47058 | task->ptrace = PT_PTRACED; | |
47059 | - if (capable(CAP_SYS_PTRACE)) | |
47060 | + if (capable_nolog(CAP_SYS_PTRACE)) | |
47061 | task->ptrace |= PT_PTRACE_CAP; | |
47062 | ||
47063 | __ptrace_link(task, current); | |
ae4e228f MT |
47064 | @@ -362,7 +362,7 @@ int ptrace_readdata(struct task_struct * |
47065 | break; | |
47066 | return -EIO; | |
47067 | } | |
47068 | - if (copy_to_user(dst, buf, retval)) | |
47069 | + if (retval > sizeof(buf) || copy_to_user(dst, buf, retval)) | |
47070 | return -EFAULT; | |
47071 | copied += retval; | |
47072 | src += retval; | |
47073 | @@ -532,18 +532,18 @@ int ptrace_request(struct task_struct *c | |
47074 | ret = ptrace_setoptions(child, data); | |
47075 | break; | |
47076 | case PTRACE_GETEVENTMSG: | |
47077 | - ret = put_user(child->ptrace_message, (unsigned long __user *) data); | |
47078 | + ret = put_user(child->ptrace_message, (__force unsigned long __user *) data); | |
47079 | break; | |
47080 | ||
47081 | case PTRACE_GETSIGINFO: | |
47082 | ret = ptrace_getsiginfo(child, &siginfo); | |
47083 | if (!ret) | |
47084 | - ret = copy_siginfo_to_user((siginfo_t __user *) data, | |
47085 | + ret = copy_siginfo_to_user((__force siginfo_t __user *) data, | |
47086 | &siginfo); | |
47087 | break; | |
47088 | ||
47089 | case PTRACE_SETSIGINFO: | |
47090 | - if (copy_from_user(&siginfo, (siginfo_t __user *) data, | |
47091 | + if (copy_from_user(&siginfo, (__force siginfo_t __user *) data, | |
47092 | sizeof siginfo)) | |
47093 | ret = -EFAULT; | |
47094 | else | |
47095 | @@ -621,14 +621,21 @@ SYSCALL_DEFINE4(ptrace, long, request, l | |
47096 | goto out; | |
47097 | } | |
58c5fc13 MT |
47098 | |
47099 | + if (gr_handle_ptrace(child, request)) { | |
47100 | + ret = -EPERM; | |
47101 | + goto out_put_task_struct; | |
47102 | + } | |
47103 | + | |
ae4e228f MT |
47104 | if (request == PTRACE_ATTACH) { |
47105 | ret = ptrace_attach(child); | |
47106 | /* | |
47107 | * Some architectures need to do book-keeping after | |
47108 | * a ptrace attach. | |
47109 | */ | |
47110 | - if (!ret) | |
47111 | + if (!ret) { | |
47112 | arch_ptrace_attach(child); | |
47113 | + gr_audit_ptrace(child); | |
47114 | + } | |
47115 | goto out_put_task_struct; | |
47116 | } | |
58c5fc13 | 47117 | |
ae4e228f MT |
47118 | @@ -653,7 +660,7 @@ int generic_ptrace_peekdata(struct task_ |
47119 | copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); | |
47120 | if (copied != sizeof(tmp)) | |
47121 | return -EIO; | |
47122 | - return put_user(tmp, (unsigned long __user *)data); | |
47123 | + return put_user(tmp, (__force unsigned long __user *)data); | |
58c5fc13 MT |
47124 | } |
47125 | ||
ae4e228f MT |
47126 | int generic_ptrace_pokedata(struct task_struct *tsk, long addr, long data) |
47127 | diff -urNp linux-2.6.33.1/kernel/rcutree.c linux-2.6.33.1/kernel/rcutree.c | |
47128 | --- linux-2.6.33.1/kernel/rcutree.c 2010-03-15 12:09:39.000000000 -0400 | |
47129 | +++ linux-2.6.33.1/kernel/rcutree.c 2010-03-20 16:58:42.108722969 -0400 | |
47130 | @@ -1315,7 +1315,7 @@ __rcu_process_callbacks(struct rcu_state | |
58c5fc13 | 47131 | /* |
ae4e228f | 47132 | * Do softirq processing for the current CPU. |
58c5fc13 | 47133 | */ |
ae4e228f MT |
47134 | -static void rcu_process_callbacks(struct softirq_action *unused) |
47135 | +static void rcu_process_callbacks(void) | |
47136 | { | |
47137 | /* | |
47138 | * Memory references from any prior RCU read-side critical sections | |
47139 | diff -urNp linux-2.6.33.1/kernel/relay.c linux-2.6.33.1/kernel/relay.c | |
47140 | --- linux-2.6.33.1/kernel/relay.c 2010-03-15 12:09:39.000000000 -0400 | |
47141 | +++ linux-2.6.33.1/kernel/relay.c 2010-03-20 16:58:42.108722969 -0400 | |
58c5fc13 MT |
47142 | @@ -1292,7 +1292,7 @@ static int subbuf_splice_actor(struct fi |
47143 | return 0; | |
47144 | ||
47145 | ret = *nonpad_ret = splice_to_pipe(pipe, &spd); | |
47146 | - if (ret < 0 || ret < total_len) | |
47147 | + if ((int)ret < 0 || ret < total_len) | |
47148 | return ret; | |
47149 | ||
47150 | if (read_start + ret == nonpad_end) | |
ae4e228f MT |
47151 | diff -urNp linux-2.6.33.1/kernel/resource.c linux-2.6.33.1/kernel/resource.c |
47152 | --- linux-2.6.33.1/kernel/resource.c 2010-03-15 12:09:39.000000000 -0400 | |
47153 | +++ linux-2.6.33.1/kernel/resource.c 2010-03-20 16:58:42.108722969 -0400 | |
58c5fc13 MT |
47154 | @@ -132,8 +132,18 @@ static const struct file_operations proc |
47155 | ||
47156 | static int __init ioresources_init(void) | |
47157 | { | |
47158 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
47159 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
47160 | + proc_create("ioports", S_IRUSR, NULL, &proc_ioports_operations); | |
47161 | + proc_create("iomem", S_IRUSR, NULL, &proc_iomem_operations); | |
47162 | +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
47163 | + proc_create("ioports", S_IRUSR | S_IRGRP, NULL, &proc_ioports_operations); | |
47164 | + proc_create("iomem", S_IRUSR | S_IRGRP, NULL, &proc_iomem_operations); | |
47165 | +#endif | |
47166 | +#else | |
47167 | proc_create("ioports", 0, NULL, &proc_ioports_operations); | |
47168 | proc_create("iomem", 0, NULL, &proc_iomem_operations); | |
47169 | +#endif | |
47170 | return 0; | |
47171 | } | |
47172 | __initcall(ioresources_init); | |
ae4e228f MT |
47173 | diff -urNp linux-2.6.33.1/kernel/sched.c linux-2.6.33.1/kernel/sched.c |
47174 | --- linux-2.6.33.1/kernel/sched.c 2010-03-15 12:09:39.000000000 -0400 | |
47175 | +++ linux-2.6.33.1/kernel/sched.c 2010-03-20 16:58:42.116976245 -0400 | |
47176 | @@ -4855,7 +4855,7 @@ out: | |
47177 | * In CONFIG_NO_HZ case, the idle load balance owner will do the | |
47178 | * rebalancing for all the cpus for whom scheduler ticks are stopped. | |
47179 | */ | |
47180 | -static void run_rebalance_domains(struct softirq_action *h) | |
47181 | +static void run_rebalance_domains(void) | |
47182 | { | |
47183 | int this_cpu = smp_processor_id(); | |
47184 | struct rq *this_rq = cpu_rq(this_cpu); | |
47185 | @@ -6158,6 +6158,8 @@ int can_nice(const struct task_struct *p | |
58c5fc13 MT |
47186 | /* convert nice value [19,-20] to rlimit style value [1,40] */ |
47187 | int nice_rlim = 20 - nice; | |
47188 | ||
47189 | + gr_learn_resource(p, RLIMIT_NICE, nice_rlim, 1); | |
47190 | + | |
47191 | return (nice_rlim <= p->signal->rlim[RLIMIT_NICE].rlim_cur || | |
47192 | capable(CAP_SYS_NICE)); | |
47193 | } | |
ae4e228f | 47194 | @@ -6191,7 +6193,8 @@ SYSCALL_DEFINE1(nice, int, increment) |
58c5fc13 MT |
47195 | if (nice > 19) |
47196 | nice = 19; | |
47197 | ||
47198 | - if (increment < 0 && !can_nice(current, nice)) | |
47199 | + if (increment < 0 && (!can_nice(current, nice) || | |
47200 | + gr_handle_chroot_nice())) | |
47201 | return -EPERM; | |
47202 | ||
47203 | retval = security_task_setnice(current, nice); | |
ae4e228f | 47204 | @@ -6333,6 +6336,8 @@ recheck: |
58c5fc13 MT |
47205 | if (rt_policy(policy)) { |
47206 | unsigned long rlim_rtprio; | |
47207 | ||
47208 | + gr_learn_resource(p, RLIMIT_RTPRIO, param->sched_priority, 1); | |
47209 | + | |
47210 | if (!lock_task_sighand(p, &flags)) | |
47211 | return -ESRCH; | |
47212 | rlim_rtprio = p->signal->rlim[RLIMIT_RTPRIO].rlim_cur; | |
ae4e228f MT |
47213 | diff -urNp linux-2.6.33.1/kernel/signal.c linux-2.6.33.1/kernel/signal.c |
47214 | --- linux-2.6.33.1/kernel/signal.c 2010-03-15 12:09:39.000000000 -0400 | |
47215 | +++ linux-2.6.33.1/kernel/signal.c 2010-03-20 16:58:42.116976245 -0400 | |
47216 | @@ -226,6 +226,9 @@ __sigqueue_alloc(int sig, struct task_st | |
58c5fc13 | 47217 | atomic_inc(&user->sigpending); |
ae4e228f MT |
47218 | rcu_read_unlock(); |
47219 | ||
58c5fc13 MT |
47220 | + if (!override_rlimit) |
47221 | + gr_learn_resource(t, RLIMIT_SIGPENDING, atomic_read(&user->sigpending), 1); | |
ae4e228f | 47222 | + |
58c5fc13 MT |
47223 | if (override_rlimit || |
47224 | atomic_read(&user->sigpending) <= | |
ae4e228f MT |
47225 | t->signal->rlim[RLIMIT_SIGPENDING].rlim_cur) { |
47226 | @@ -659,6 +662,9 @@ static int check_kill_permission(int sig | |
58c5fc13 MT |
47227 | } |
47228 | } | |
47229 | ||
47230 | + if (gr_handle_signal(t, sig)) | |
47231 | + return -EPERM; | |
47232 | + | |
47233 | return security_task_kill(t, info, sig, 0); | |
47234 | } | |
47235 | ||
ae4e228f | 47236 | @@ -1006,7 +1012,7 @@ __group_send_sig_info(int sig, struct si |
58c5fc13 MT |
47237 | return send_signal(sig, info, p, 1); |
47238 | } | |
47239 | ||
47240 | -static int | |
47241 | +int | |
47242 | specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) | |
47243 | { | |
47244 | return send_signal(sig, info, t, 0); | |
ae4e228f | 47245 | @@ -1060,6 +1066,9 @@ force_sig_info(int sig, struct siginfo * |
58c5fc13 MT |
47246 | ret = specific_send_sig_info(sig, info, t); |
47247 | spin_unlock_irqrestore(&t->sighand->siglock, flags); | |
47248 | ||
47249 | + gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, t); | |
47250 | + gr_handle_crash(t, sig); | |
47251 | + | |
47252 | return ret; | |
47253 | } | |
47254 | ||
ae4e228f MT |
47255 | @@ -1113,8 +1122,11 @@ int group_send_sig_info(int sig, struct |
47256 | { | |
47257 | int ret = check_kill_permission(sig, info, p); | |
47258 | ||
47259 | - if (!ret && sig) | |
47260 | + if (!ret && sig) { | |
47261 | ret = do_send_sig_info(sig, info, p, true); | |
58c5fc13 MT |
47262 | + if (!ret) |
47263 | + gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, p); | |
ae4e228f | 47264 | + } |
58c5fc13 MT |
47265 | |
47266 | return ret; | |
ae4e228f MT |
47267 | } |
47268 | diff -urNp linux-2.6.33.1/kernel/smp.c linux-2.6.33.1/kernel/smp.c | |
47269 | --- linux-2.6.33.1/kernel/smp.c 2010-03-15 12:09:39.000000000 -0400 | |
47270 | +++ linux-2.6.33.1/kernel/smp.c 2010-03-20 16:58:42.120938497 -0400 | |
47271 | @@ -498,22 +498,22 @@ int smp_call_function(void (*func)(void | |
47272 | } | |
47273 | EXPORT_SYMBOL(smp_call_function); | |
47274 | ||
47275 | -void ipi_call_lock(void) | |
47276 | +void ipi_call_lock(void) __acquires(call_function.lock) | |
47277 | { | |
47278 | raw_spin_lock(&call_function.lock); | |
47279 | } | |
47280 | ||
47281 | -void ipi_call_unlock(void) | |
47282 | +void ipi_call_unlock(void) __releases(call_function.lock) | |
47283 | { | |
47284 | raw_spin_unlock(&call_function.lock); | |
47285 | } | |
47286 | ||
47287 | -void ipi_call_lock_irq(void) | |
47288 | +void ipi_call_lock_irq(void) __acquires(call_function.lock) | |
47289 | { | |
47290 | raw_spin_lock_irq(&call_function.lock); | |
47291 | } | |
47292 | ||
47293 | -void ipi_call_unlock_irq(void) | |
47294 | +void ipi_call_unlock_irq(void) __releases(call_function.lock) | |
47295 | { | |
47296 | raw_spin_unlock_irq(&call_function.lock); | |
47297 | } | |
47298 | diff -urNp linux-2.6.33.1/kernel/softirq.c linux-2.6.33.1/kernel/softirq.c | |
47299 | --- linux-2.6.33.1/kernel/softirq.c 2010-03-15 12:09:39.000000000 -0400 | |
47300 | +++ linux-2.6.33.1/kernel/softirq.c 2010-03-20 16:58:42.120938497 -0400 | |
47301 | @@ -56,7 +56,7 @@ static struct softirq_action softirq_vec | |
47302 | ||
47303 | static DEFINE_PER_CPU(struct task_struct *, ksoftirqd); | |
47304 | ||
47305 | -char *softirq_to_name[NR_SOFTIRQS] = { | |
47306 | +const char * const softirq_to_name[NR_SOFTIRQS] = { | |
47307 | "HI", "TIMER", "NET_TX", "NET_RX", "BLOCK", "BLOCK_IOPOLL", | |
47308 | "TASKLET", "SCHED", "HRTIMER", "RCU" | |
47309 | }; | |
47310 | @@ -190,7 +190,7 @@ EXPORT_SYMBOL(local_bh_enable_ip); | |
47311 | ||
47312 | asmlinkage void __do_softirq(void) | |
47313 | { | |
47314 | - struct softirq_action *h; | |
47315 | + const struct softirq_action *h; | |
47316 | __u32 pending; | |
47317 | int max_restart = MAX_SOFTIRQ_RESTART; | |
47318 | int cpu; | |
47319 | @@ -216,7 +216,7 @@ restart: | |
47320 | kstat_incr_softirqs_this_cpu(h - softirq_vec); | |
47321 | ||
47322 | trace_softirq_entry(h, softirq_vec); | |
47323 | - h->action(h); | |
47324 | + h->action(); | |
47325 | trace_softirq_exit(h, softirq_vec); | |
47326 | if (unlikely(prev_count != preempt_count())) { | |
47327 | printk(KERN_ERR "huh, entered softirq %td %s %p" | |
47328 | @@ -340,7 +340,7 @@ void raise_softirq(unsigned int nr) | |
47329 | local_irq_restore(flags); | |
47330 | } | |
47331 | ||
47332 | -void open_softirq(int nr, void (*action)(struct softirq_action *)) | |
47333 | +void open_softirq(int nr, void (*action)(void)) | |
47334 | { | |
47335 | softirq_vec[nr].action = action; | |
47336 | } | |
47337 | @@ -396,7 +396,7 @@ void __tasklet_hi_schedule_first(struct | |
47338 | ||
47339 | EXPORT_SYMBOL(__tasklet_hi_schedule_first); | |
47340 | ||
47341 | -static void tasklet_action(struct softirq_action *a) | |
47342 | +static void tasklet_action(void) | |
47343 | { | |
47344 | struct tasklet_struct *list; | |
47345 | ||
47346 | @@ -431,7 +431,7 @@ static void tasklet_action(struct softir | |
47347 | } | |
47348 | } | |
47349 | ||
47350 | -static void tasklet_hi_action(struct softirq_action *a) | |
47351 | +static void tasklet_hi_action(void) | |
47352 | { | |
47353 | struct tasklet_struct *list; | |
47354 | ||
47355 | diff -urNp linux-2.6.33.1/kernel/sys.c linux-2.6.33.1/kernel/sys.c | |
47356 | --- linux-2.6.33.1/kernel/sys.c 2010-03-15 12:09:39.000000000 -0400 | |
47357 | +++ linux-2.6.33.1/kernel/sys.c 2010-03-20 16:58:42.128666983 -0400 | |
47358 | @@ -132,6 +132,12 @@ static int set_one_prio(struct task_stru | |
58c5fc13 MT |
47359 | error = -EACCES; |
47360 | goto out; | |
47361 | } | |
47362 | + | |
47363 | + if (gr_handle_chroot_setpriority(p, niceval)) { | |
47364 | + error = -EACCES; | |
47365 | + goto out; | |
47366 | + } | |
47367 | + | |
47368 | no_nice = security_task_setnice(p, niceval); | |
47369 | if (no_nice) { | |
47370 | error = no_nice; | |
ae4e228f | 47371 | @@ -513,6 +519,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, g |
58c5fc13 MT |
47372 | goto error; |
47373 | } | |
47374 | ||
47375 | + if (gr_check_group_change(new->gid, new->egid, -1)) | |
47376 | + goto error; | |
47377 | + | |
47378 | if (rgid != (gid_t) -1 || | |
47379 | (egid != (gid_t) -1 && egid != old->gid)) | |
47380 | new->sgid = new->egid; | |
ae4e228f | 47381 | @@ -546,6 +555,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid) |
58c5fc13 MT |
47382 | goto error; |
47383 | ||
47384 | retval = -EPERM; | |
47385 | + | |
47386 | + if (gr_check_group_change(gid, gid, gid)) | |
47387 | + goto error; | |
47388 | + | |
47389 | if (capable(CAP_SETGID)) | |
47390 | new->gid = new->egid = new->sgid = new->fsgid = gid; | |
47391 | else if (gid == old->gid || gid == old->sgid) | |
ae4e228f | 47392 | @@ -636,6 +649,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, u |
58c5fc13 MT |
47393 | goto error; |
47394 | } | |
47395 | ||
47396 | + if (gr_check_user_change(new->uid, new->euid, -1)) | |
47397 | + goto error; | |
47398 | + | |
47399 | if (new->uid != old->uid) { | |
47400 | retval = set_user(new); | |
47401 | if (retval < 0) | |
ae4e228f | 47402 | @@ -684,6 +700,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) |
58c5fc13 MT |
47403 | goto error; |
47404 | ||
47405 | retval = -EPERM; | |
47406 | + | |
47407 | + if (gr_check_crash_uid(uid)) | |
47408 | + goto error; | |
47409 | + if (gr_check_user_change(uid, uid, uid)) | |
47410 | + goto error; | |
47411 | + | |
47412 | if (capable(CAP_SETUID)) { | |
47413 | new->suid = new->uid = uid; | |
47414 | if (uid != old->uid) { | |
ae4e228f | 47415 | @@ -741,6 +763,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, |
58c5fc13 MT |
47416 | goto error; |
47417 | } | |
47418 | ||
47419 | + if (gr_check_user_change(ruid, euid, -1)) | |
47420 | + goto error; | |
47421 | + | |
47422 | if (ruid != (uid_t) -1) { | |
47423 | new->uid = ruid; | |
47424 | if (ruid != old->uid) { | |
ae4e228f | 47425 | @@ -809,6 +834,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, |
58c5fc13 MT |
47426 | goto error; |
47427 | } | |
47428 | ||
47429 | + if (gr_check_group_change(rgid, egid, -1)) | |
47430 | + goto error; | |
47431 | + | |
47432 | if (rgid != (gid_t) -1) | |
47433 | new->gid = rgid; | |
47434 | if (egid != (gid_t) -1) | |
ae4e228f | 47435 | @@ -858,6 +886,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) |
58c5fc13 MT |
47436 | if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0) |
47437 | goto error; | |
47438 | ||
47439 | + if (gr_check_user_change(-1, -1, uid)) | |
47440 | + goto error; | |
47441 | + | |
47442 | if (uid == old->uid || uid == old->euid || | |
47443 | uid == old->suid || uid == old->fsuid || | |
47444 | capable(CAP_SETUID)) { | |
ae4e228f | 47445 | @@ -898,6 +929,9 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) |
58c5fc13 MT |
47446 | if (gid == old->gid || gid == old->egid || |
47447 | gid == old->sgid || gid == old->fsgid || | |
47448 | capable(CAP_SETGID)) { | |
47449 | + if (gr_check_group_change(-1, -1, gid)) | |
47450 | + goto error; | |
47451 | + | |
47452 | if (gid != old_fsgid) { | |
47453 | new->fsgid = gid; | |
47454 | goto change_okay; | |
ae4e228f | 47455 | @@ -1460,7 +1494,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsi |
58c5fc13 MT |
47456 | error = get_dumpable(me->mm); |
47457 | break; | |
47458 | case PR_SET_DUMPABLE: | |
47459 | - if (arg2 < 0 || arg2 > 1) { | |
47460 | + if (arg2 > 1) { | |
47461 | error = -EINVAL; | |
47462 | break; | |
47463 | } | |
ae4e228f MT |
47464 | diff -urNp linux-2.6.33.1/kernel/sysctl.c linux-2.6.33.1/kernel/sysctl.c |
47465 | --- linux-2.6.33.1/kernel/sysctl.c 2010-03-15 12:09:39.000000000 -0400 | |
47466 | +++ linux-2.6.33.1/kernel/sysctl.c 2010-03-20 16:58:42.186495404 -0400 | |
47467 | @@ -62,6 +62,13 @@ | |
47468 | ||
58c5fc13 MT |
47469 | |
47470 | #if defined(CONFIG_SYSCTL) | |
47471 | +#include <linux/grsecurity.h> | |
47472 | +#include <linux/grinternal.h> | |
47473 | + | |
47474 | +extern __u32 gr_handle_sysctl(const ctl_table *table, const int op); | |
47475 | +extern int gr_handle_sysctl_mod(const char *dirname, const char *name, | |
47476 | + const int op); | |
47477 | +extern int gr_handle_chroot_sysctl(const int op); | |
47478 | ||
47479 | /* External variables not in a header file. */ | |
47480 | extern int C_A_D; | |
ae4e228f MT |
47481 | @@ -169,6 +176,7 @@ static int proc_do_cad_pid(struct ctl_ta |
47482 | static int proc_taint(struct ctl_table *table, int write, | |
58c5fc13 MT |
47483 | void __user *buffer, size_t *lenp, loff_t *ppos); |
47484 | #endif | |
47485 | +extern ctl_table grsecurity_table[]; | |
47486 | ||
47487 | static struct ctl_table root_table[]; | |
47488 | static struct ctl_table_root sysctl_table_root; | |
ae4e228f | 47489 | @@ -201,6 +209,20 @@ extern struct ctl_table epoll_table[]; |
58c5fc13 MT |
47490 | int sysctl_legacy_va_layout; |
47491 | #endif | |
47492 | ||
47493 | +#ifdef CONFIG_PAX_SOFTMODE | |
47494 | +static ctl_table pax_table[] = { | |
47495 | + { | |
58c5fc13 MT |
47496 | + .procname = "softmode", |
47497 | + .data = &pax_softmode, | |
47498 | + .maxlen = sizeof(unsigned int), | |
47499 | + .mode = 0600, | |
47500 | + .proc_handler = &proc_dointvec, | |
47501 | + }, | |
47502 | + | |
ae4e228f | 47503 | + { } |
58c5fc13 MT |
47504 | +}; |
47505 | +#endif | |
47506 | + | |
47507 | extern int prove_locking; | |
47508 | extern int lock_stat; | |
47509 | ||
ae4e228f | 47510 | @@ -251,6 +273,22 @@ static int max_sched_shares_ratelimit = |
58c5fc13 MT |
47511 | #endif |
47512 | ||
47513 | static struct ctl_table kern_table[] = { | |
ae4e228f | 47514 | +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS) |
58c5fc13 | 47515 | + { |
58c5fc13 MT |
47516 | + .procname = "grsecurity", |
47517 | + .mode = 0500, | |
47518 | + .child = grsecurity_table, | |
47519 | + }, | |
47520 | +#endif | |
47521 | + | |
47522 | +#ifdef CONFIG_PAX_SOFTMODE | |
47523 | + { | |
58c5fc13 MT |
47524 | + .procname = "pax", |
47525 | + .mode = 0500, | |
47526 | + .child = pax_table, | |
47527 | + }, | |
47528 | +#endif | |
47529 | + | |
58c5fc13 | 47530 | { |
ae4e228f MT |
47531 | .procname = "sched_child_runs_first", |
47532 | .data = &sysctl_sched_child_runs_first, | |
47533 | @@ -1629,6 +1667,16 @@ int sysctl_perm(struct ctl_table_root *r | |
58c5fc13 MT |
47534 | int error; |
47535 | int mode; | |
47536 | ||
47537 | + if (table->parent != NULL && table->parent->procname != NULL && | |
47538 | + table->procname != NULL && | |
47539 | + gr_handle_sysctl_mod(table->parent->procname, table->procname, op)) | |
47540 | + return -EACCES; | |
47541 | + if (gr_handle_chroot_sysctl(op)) | |
47542 | + return -EACCES; | |
47543 | + error = gr_handle_sysctl(table, op); | |
47544 | + if (error) | |
47545 | + return error; | |
58c5fc13 MT |
47546 | + |
47547 | error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC)); | |
47548 | if (error) | |
47549 | return error; | |
ae4e228f MT |
47550 | @@ -2137,6 +2185,8 @@ static int __do_proc_dointvec(void *tbl_ |
47551 | len = strlen(buf); | |
47552 | if (len > left) | |
47553 | len = left; | |
47554 | + if (len > sizeof(buf)) | |
47555 | + len = sizeof(buf); | |
47556 | if(copy_to_user(s, buf, len)) | |
47557 | return -EFAULT; | |
47558 | left -= len; | |
47559 | @@ -2362,6 +2412,8 @@ static int __do_proc_doulongvec_minmax(v | |
47560 | len = strlen(buf); | |
47561 | if (len > left) | |
47562 | len = left; | |
47563 | + if (len > sizeof(buf)) | |
47564 | + len = sizeof(buf); | |
47565 | if(copy_to_user(s, buf, len)) | |
47566 | return -EFAULT; | |
47567 | left -= len; | |
47568 | diff -urNp linux-2.6.33.1/kernel/taskstats.c linux-2.6.33.1/kernel/taskstats.c | |
47569 | --- linux-2.6.33.1/kernel/taskstats.c 2010-03-15 12:09:39.000000000 -0400 | |
47570 | +++ linux-2.6.33.1/kernel/taskstats.c 2010-03-20 16:58:42.186495404 -0400 | |
58c5fc13 MT |
47571 | @@ -26,9 +26,12 @@ |
47572 | #include <linux/cgroup.h> | |
47573 | #include <linux/fs.h> | |
47574 | #include <linux/file.h> | |
47575 | +#include <linux/grsecurity.h> | |
47576 | #include <net/genetlink.h> | |
47577 | #include <asm/atomic.h> | |
47578 | ||
47579 | +extern int gr_is_taskstats_denied(int pid); | |
47580 | + | |
47581 | /* | |
47582 | * Maximum length of a cpumask that can be specified in | |
47583 | * the TASKSTATS_CMD_ATTR_REGISTER/DEREGISTER_CPUMASK attribute | |
47584 | @@ -433,6 +436,9 @@ static int taskstats_user_cmd(struct sk_ | |
47585 | size_t size; | |
47586 | cpumask_var_t mask; | |
47587 | ||
47588 | + if (gr_is_taskstats_denied(current->pid)) | |
47589 | + return -EACCES; | |
47590 | + | |
47591 | if (!alloc_cpumask_var(&mask, GFP_KERNEL)) | |
47592 | return -ENOMEM; | |
47593 | ||
ae4e228f MT |
47594 | diff -urNp linux-2.6.33.1/kernel/time/tick-broadcast.c linux-2.6.33.1/kernel/time/tick-broadcast.c |
47595 | --- linux-2.6.33.1/kernel/time/tick-broadcast.c 2010-03-15 12:09:39.000000000 -0400 | |
47596 | +++ linux-2.6.33.1/kernel/time/tick-broadcast.c 2010-03-20 16:58:42.200972419 -0400 | |
58c5fc13 MT |
47597 | @@ -116,7 +116,7 @@ int tick_device_uses_broadcast(struct cl |
47598 | * then clear the broadcast bit. | |
47599 | */ | |
47600 | if (!(dev->features & CLOCK_EVT_FEAT_C3STOP)) { | |
47601 | - int cpu = smp_processor_id(); | |
47602 | + cpu = smp_processor_id(); | |
47603 | ||
47604 | cpumask_clear_cpu(cpu, tick_get_broadcast_mask()); | |
47605 | tick_broadcast_clear_oneshot(cpu); | |
ae4e228f MT |
47606 | diff -urNp linux-2.6.33.1/kernel/time.c linux-2.6.33.1/kernel/time.c |
47607 | --- linux-2.6.33.1/kernel/time.c 2010-03-15 12:09:39.000000000 -0400 | |
47608 | +++ linux-2.6.33.1/kernel/time.c 2010-03-20 16:58:42.200972419 -0400 | |
58c5fc13 MT |
47609 | @@ -94,6 +94,9 @@ SYSCALL_DEFINE1(stime, time_t __user *, |
47610 | return err; | |
47611 | ||
47612 | do_settimeofday(&tv); | |
47613 | + | |
47614 | + gr_log_timechange(); | |
47615 | + | |
47616 | return 0; | |
47617 | } | |
47618 | ||
47619 | @@ -202,6 +205,8 @@ SYSCALL_DEFINE2(settimeofday, struct tim | |
47620 | return -EFAULT; | |
47621 | } | |
47622 | ||
47623 | + gr_log_timechange(); | |
47624 | + | |
47625 | return do_sys_settimeofday(tv ? &new_ts : NULL, tz ? &new_tz : NULL); | |
47626 | } | |
47627 | ||
47628 | @@ -240,7 +245,7 @@ EXPORT_SYMBOL(current_fs_time); | |
47629 | * Avoid unnecessary multiplications/divisions in the | |
47630 | * two most common HZ cases: | |
47631 | */ | |
47632 | -unsigned int inline jiffies_to_msecs(const unsigned long j) | |
47633 | +inline unsigned int jiffies_to_msecs(const unsigned long j) | |
47634 | { | |
47635 | #if HZ <= MSEC_PER_SEC && !(MSEC_PER_SEC % HZ) | |
47636 | return (MSEC_PER_SEC / HZ) * j; | |
47637 | @@ -256,7 +261,7 @@ unsigned int inline jiffies_to_msecs(con | |
47638 | } | |
47639 | EXPORT_SYMBOL(jiffies_to_msecs); | |
47640 | ||
47641 | -unsigned int inline jiffies_to_usecs(const unsigned long j) | |
47642 | +inline unsigned int jiffies_to_usecs(const unsigned long j) | |
47643 | { | |
47644 | #if HZ <= USEC_PER_SEC && !(USEC_PER_SEC % HZ) | |
47645 | return (USEC_PER_SEC / HZ) * j; | |
ae4e228f MT |
47646 | diff -urNp linux-2.6.33.1/kernel/timer.c linux-2.6.33.1/kernel/timer.c |
47647 | --- linux-2.6.33.1/kernel/timer.c 2010-03-15 12:09:39.000000000 -0400 | |
47648 | +++ linux-2.6.33.1/kernel/timer.c 2010-03-20 16:58:42.212949807 -0400 | |
47649 | @@ -1206,7 +1206,7 @@ void update_process_times(int user_tick) | |
47650 | /* | |
47651 | * This function runs timers and the timer-tq in bottom half context. | |
47652 | */ | |
47653 | -static void run_timer_softirq(struct softirq_action *h) | |
47654 | +static void run_timer_softirq(void) | |
47655 | { | |
47656 | struct tvec_base *base = __get_cpu_var(tvec_bases); | |
58c5fc13 | 47657 | |
ae4e228f MT |
47658 | diff -urNp linux-2.6.33.1/kernel/trace/ftrace.c linux-2.6.33.1/kernel/trace/ftrace.c |
47659 | --- linux-2.6.33.1/kernel/trace/ftrace.c 2010-03-15 12:09:39.000000000 -0400 | |
47660 | +++ linux-2.6.33.1/kernel/trace/ftrace.c 2010-03-20 16:58:42.212949807 -0400 | |
47661 | @@ -1102,13 +1102,18 @@ ftrace_code_disable(struct module *mod, | |
47662 | ||
47663 | ip = rec->ip; | |
47664 | ||
47665 | + ret = ftrace_arch_code_modify_prepare(); | |
47666 | + FTRACE_WARN_ON(ret); | |
47667 | + if (ret) | |
47668 | + return 0; | |
47669 | + | |
47670 | ret = ftrace_make_nop(mod, rec, MCOUNT_ADDR); | |
47671 | + FTRACE_WARN_ON(ftrace_arch_code_modify_post_process()); | |
47672 | if (ret) { | |
47673 | ftrace_bug(ret, ip); | |
47674 | rec->flags |= FTRACE_FL_FAILED; | |
47675 | - return 0; | |
47676 | } | |
47677 | - return 1; | |
47678 | + return ret ? 0 : 1; | |
58c5fc13 MT |
47679 | } |
47680 | ||
ae4e228f MT |
47681 | /* |
47682 | diff -urNp linux-2.6.33.1/kernel/trace/Kconfig linux-2.6.33.1/kernel/trace/Kconfig | |
47683 | --- linux-2.6.33.1/kernel/trace/Kconfig 2010-03-15 12:09:39.000000000 -0400 | |
47684 | +++ linux-2.6.33.1/kernel/trace/Kconfig 2010-03-20 16:58:42.212949807 -0400 | |
47685 | @@ -124,6 +124,7 @@ if FTRACE | |
58c5fc13 MT |
47686 | config FUNCTION_TRACER |
47687 | bool "Kernel Function Tracer" | |
47688 | depends on HAVE_FUNCTION_TRACER | |
47689 | + depends on !PAX_KERNEXEC | |
47690 | select FRAME_POINTER | |
47691 | select KALLSYMS | |
47692 | select GENERIC_TRACER | |
ae4e228f | 47693 | @@ -362,6 +363,7 @@ config PROFILE_KSYM_TRACER |
58c5fc13 MT |
47694 | config STACK_TRACER |
47695 | bool "Trace max stack" | |
47696 | depends on HAVE_FUNCTION_TRACER | |
47697 | + depends on !PAX_KERNEXEC | |
47698 | select FUNCTION_TRACER | |
47699 | select STACKTRACE | |
47700 | select KALLSYMS | |
ae4e228f MT |
47701 | diff -urNp linux-2.6.33.1/kernel/trace/trace.c linux-2.6.33.1/kernel/trace/trace.c |
47702 | --- linux-2.6.33.1/kernel/trace/trace.c 2010-03-15 12:09:39.000000000 -0400 | |
47703 | +++ linux-2.6.33.1/kernel/trace/trace.c 2010-03-20 16:58:42.217937104 -0400 | |
47704 | @@ -3820,10 +3820,9 @@ static const struct file_operations trac | |
47705 | }; | |
47706 | #endif | |
58c5fc13 | 47707 | |
ae4e228f MT |
47708 | -static struct dentry *d_tracer; |
47709 | - | |
47710 | struct dentry *tracing_init_dentry(void) | |
47711 | { | |
47712 | + static struct dentry *d_tracer; | |
47713 | static int once; | |
47714 | ||
47715 | if (d_tracer) | |
47716 | @@ -3843,10 +3842,9 @@ struct dentry *tracing_init_dentry(void) | |
47717 | return d_tracer; | |
58c5fc13 MT |
47718 | } |
47719 | ||
ae4e228f MT |
47720 | -static struct dentry *d_percpu; |
47721 | - | |
47722 | struct dentry *tracing_dentry_percpu(void) | |
47723 | { | |
47724 | + static struct dentry *d_percpu; | |
47725 | static int once; | |
47726 | struct dentry *d_tracer; | |
47727 | ||
47728 | diff -urNp linux-2.6.33.1/kernel/trace/trace_output.c linux-2.6.33.1/kernel/trace/trace_output.c | |
47729 | --- linux-2.6.33.1/kernel/trace/trace_output.c 2010-03-15 12:09:39.000000000 -0400 | |
47730 | +++ linux-2.6.33.1/kernel/trace/trace_output.c 2010-03-20 16:58:42.220764190 -0400 | |
47731 | @@ -280,7 +280,7 @@ int trace_seq_path(struct trace_seq *s, | |
47732 | ||
58c5fc13 MT |
47733 | p = d_path(path, s->buffer + s->len, PAGE_SIZE - s->len); |
47734 | if (!IS_ERR(p)) { | |
47735 | - p = mangle_path(s->buffer + s->len, p, "\n"); | |
47736 | + p = mangle_path(s->buffer + s->len, p, "\n\\"); | |
47737 | if (p) { | |
47738 | s->len = p - s->buffer; | |
47739 | return 1; | |
ae4e228f MT |
47740 | diff -urNp linux-2.6.33.1/kernel/trace/trace_stack.c linux-2.6.33.1/kernel/trace/trace_stack.c |
47741 | --- linux-2.6.33.1/kernel/trace/trace_stack.c 2010-03-15 12:09:39.000000000 -0400 | |
47742 | +++ linux-2.6.33.1/kernel/trace/trace_stack.c 2010-03-20 16:58:42.220764190 -0400 | |
47743 | @@ -50,7 +50,7 @@ static inline void check_stack(void) | |
47744 | return; | |
58c5fc13 | 47745 | |
ae4e228f MT |
47746 | /* we do not handle interrupt stacks yet */ |
47747 | - if (!object_is_on_stack(&this_size)) | |
47748 | + if (!object_starts_on_stack(&this_size)) | |
47749 | return; | |
47750 | ||
47751 | local_irq_save(flags); | |
47752 | diff -urNp linux-2.6.33.1/lib/bug.c linux-2.6.33.1/lib/bug.c | |
47753 | --- linux-2.6.33.1/lib/bug.c 2010-03-15 12:09:39.000000000 -0400 | |
47754 | +++ linux-2.6.33.1/lib/bug.c 2010-03-20 16:58:42.225948146 -0400 | |
47755 | @@ -135,6 +135,8 @@ enum bug_trap_type report_bug(unsigned l | |
47756 | return BUG_TRAP_TYPE_NONE; | |
47757 | ||
47758 | bug = find_bug(bugaddr); | |
47759 | + if (!bug) | |
47760 | + return BUG_TRAP_TYPE_NONE; | |
47761 | ||
47762 | printk(KERN_EMERG "------------[ cut here ]------------\n"); | |
47763 | ||
47764 | diff -urNp linux-2.6.33.1/lib/debugobjects.c linux-2.6.33.1/lib/debugobjects.c | |
47765 | --- linux-2.6.33.1/lib/debugobjects.c 2010-03-15 12:09:39.000000000 -0400 | |
47766 | +++ linux-2.6.33.1/lib/debugobjects.c 2010-03-20 16:58:42.225948146 -0400 | |
47767 | @@ -277,7 +277,7 @@ static void debug_object_is_on_stack(voi | |
47768 | if (limit > 4) | |
47769 | return; | |
47770 | ||
47771 | - is_on_stack = object_is_on_stack(addr); | |
47772 | + is_on_stack = object_starts_on_stack(addr); | |
47773 | if (is_on_stack == onstack) | |
47774 | return; | |
47775 | ||
47776 | diff -urNp linux-2.6.33.1/lib/dma-debug.c linux-2.6.33.1/lib/dma-debug.c | |
47777 | --- linux-2.6.33.1/lib/dma-debug.c 2010-03-15 12:09:39.000000000 -0400 | |
47778 | +++ linux-2.6.33.1/lib/dma-debug.c 2010-03-20 16:58:42.240954646 -0400 | |
47779 | @@ -861,7 +861,7 @@ out: | |
58c5fc13 | 47780 | |
ae4e228f MT |
47781 | static void check_for_stack(struct device *dev, void *addr) |
47782 | { | |
47783 | - if (object_is_on_stack(addr)) | |
47784 | + if (object_starts_on_stack(addr)) | |
47785 | err_printk(dev, NULL, "DMA-API: device driver maps memory from" | |
47786 | "stack [addr=%p]\n", addr); | |
47787 | } | |
47788 | diff -urNp linux-2.6.33.1/lib/inflate.c linux-2.6.33.1/lib/inflate.c | |
47789 | --- linux-2.6.33.1/lib/inflate.c 2010-03-15 12:09:39.000000000 -0400 | |
47790 | +++ linux-2.6.33.1/lib/inflate.c 2010-03-20 16:58:42.240954646 -0400 | |
58c5fc13 MT |
47791 | @@ -266,7 +266,7 @@ static void free(void *where) |
47792 | malloc_ptr = free_mem_ptr; | |
47793 | } | |
47794 | #else | |
47795 | -#define malloc(a) kmalloc(a, GFP_KERNEL) | |
47796 | +#define malloc(a) kmalloc((a), GFP_KERNEL) | |
47797 | #define free(a) kfree(a) | |
47798 | #endif | |
47799 | ||
ae4e228f MT |
47800 | diff -urNp linux-2.6.33.1/lib/Kconfig.debug linux-2.6.33.1/lib/Kconfig.debug |
47801 | --- linux-2.6.33.1/lib/Kconfig.debug 2010-03-15 12:09:39.000000000 -0400 | |
47802 | +++ linux-2.6.33.1/lib/Kconfig.debug 2010-03-20 16:58:42.244515655 -0400 | |
47803 | @@ -914,7 +914,7 @@ config LATENCYTOP | |
58c5fc13 MT |
47804 | select STACKTRACE |
47805 | select SCHEDSTATS | |
47806 | select SCHED_DEBUG | |
47807 | - depends on HAVE_LATENCYTOP_SUPPORT | |
47808 | + depends on HAVE_LATENCYTOP_SUPPORT && !GRKERNSEC_HIDESYM | |
47809 | help | |
47810 | Enable this option if you want to use the LatencyTOP tool | |
47811 | to find out which userspace is blocking on what kernel operations. | |
ae4e228f MT |
47812 | diff -urNp linux-2.6.33.1/lib/kobject.c linux-2.6.33.1/lib/kobject.c |
47813 | --- linux-2.6.33.1/lib/kobject.c 2010-03-15 12:09:39.000000000 -0400 | |
47814 | +++ linux-2.6.33.1/lib/kobject.c 2010-03-20 16:58:42.244515655 -0400 | |
47815 | @@ -700,7 +700,7 @@ static ssize_t kobj_attr_store(struct ko | |
47816 | return ret; | |
47817 | } | |
47818 | ||
47819 | -struct sysfs_ops kobj_sysfs_ops = { | |
47820 | +const struct sysfs_ops kobj_sysfs_ops = { | |
47821 | .show = kobj_attr_show, | |
47822 | .store = kobj_attr_store, | |
47823 | }; | |
47824 | @@ -789,7 +789,7 @@ static struct kobj_type kset_ktype = { | |
47825 | * If the kset was not able to be created, NULL will be returned. | |
47826 | */ | |
47827 | static struct kset *kset_create(const char *name, | |
47828 | - struct kset_uevent_ops *uevent_ops, | |
47829 | + const struct kset_uevent_ops *uevent_ops, | |
47830 | struct kobject *parent_kobj) | |
47831 | { | |
47832 | struct kset *kset; | |
47833 | @@ -832,7 +832,7 @@ static struct kset *kset_create(const ch | |
47834 | * If the kset was not able to be created, NULL will be returned. | |
47835 | */ | |
47836 | struct kset *kset_create_and_add(const char *name, | |
47837 | - struct kset_uevent_ops *uevent_ops, | |
47838 | + const struct kset_uevent_ops *uevent_ops, | |
47839 | struct kobject *parent_kobj) | |
47840 | { | |
47841 | struct kset *kset; | |
47842 | diff -urNp linux-2.6.33.1/lib/kobject_uevent.c linux-2.6.33.1/lib/kobject_uevent.c | |
47843 | --- linux-2.6.33.1/lib/kobject_uevent.c 2010-03-15 12:09:39.000000000 -0400 | |
47844 | +++ linux-2.6.33.1/lib/kobject_uevent.c 2010-03-20 16:58:42.244515655 -0400 | |
47845 | @@ -95,7 +95,7 @@ int kobject_uevent_env(struct kobject *k | |
47846 | const char *subsystem; | |
47847 | struct kobject *top_kobj; | |
47848 | struct kset *kset; | |
47849 | - struct kset_uevent_ops *uevent_ops; | |
47850 | + const struct kset_uevent_ops *uevent_ops; | |
47851 | u64 seq; | |
47852 | int i = 0; | |
47853 | int retval = 0; | |
47854 | diff -urNp linux-2.6.33.1/lib/parser.c linux-2.6.33.1/lib/parser.c | |
47855 | --- linux-2.6.33.1/lib/parser.c 2010-03-15 12:09:39.000000000 -0400 | |
47856 | +++ linux-2.6.33.1/lib/parser.c 2010-03-20 16:58:42.244515655 -0400 | |
47857 | @@ -129,7 +129,7 @@ static int match_number(substring_t *s, | |
58c5fc13 MT |
47858 | char *buf; |
47859 | int ret; | |
47860 | ||
47861 | - buf = kmalloc(s->to - s->from + 1, GFP_KERNEL); | |
47862 | + buf = kmalloc((s->to - s->from) + 1, GFP_KERNEL); | |
47863 | if (!buf) | |
47864 | return -ENOMEM; | |
47865 | memcpy(buf, s->from, s->to - s->from); | |
ae4e228f MT |
47866 | diff -urNp linux-2.6.33.1/lib/radix-tree.c linux-2.6.33.1/lib/radix-tree.c |
47867 | --- linux-2.6.33.1/lib/radix-tree.c 2010-03-15 12:09:39.000000000 -0400 | |
47868 | +++ linux-2.6.33.1/lib/radix-tree.c 2010-03-20 16:58:42.253002352 -0400 | |
58c5fc13 MT |
47869 | @@ -81,7 +81,7 @@ struct radix_tree_preload { |
47870 | int nr; | |
47871 | struct radix_tree_node *nodes[RADIX_TREE_MAX_PATH]; | |
47872 | }; | |
47873 | -static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads) = { 0, }; | |
47874 | +static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads); | |
47875 | ||
47876 | static inline gfp_t root_gfp_mask(struct radix_tree_root *root) | |
47877 | { | |
ae4e228f MT |
47878 | diff -urNp linux-2.6.33.1/lib/random32.c linux-2.6.33.1/lib/random32.c |
47879 | --- linux-2.6.33.1/lib/random32.c 2010-03-15 12:09:39.000000000 -0400 | |
47880 | +++ linux-2.6.33.1/lib/random32.c 2010-03-20 16:58:42.256945498 -0400 | |
58c5fc13 MT |
47881 | @@ -61,7 +61,7 @@ static u32 __random32(struct rnd_state * |
47882 | */ | |
47883 | static inline u32 __seed(u32 x, u32 m) | |
47884 | { | |
47885 | - return (x < m) ? x + m : x; | |
47886 | + return (x <= m) ? x + m + 1 : x; | |
47887 | } | |
47888 | ||
47889 | /** | |
ae4e228f MT |
47890 | diff -urNp linux-2.6.33.1/localversion-grsec linux-2.6.33.1/localversion-grsec |
47891 | --- linux-2.6.33.1/localversion-grsec 1969-12-31 19:00:00.000000000 -0500 | |
47892 | +++ linux-2.6.33.1/localversion-grsec 2010-03-20 16:58:42.256945498 -0400 | |
58c5fc13 MT |
47893 | @@ -0,0 +1 @@ |
47894 | +-grsec | |
ae4e228f MT |
47895 | diff -urNp linux-2.6.33.1/Makefile linux-2.6.33.1/Makefile |
47896 | --- linux-2.6.33.1/Makefile 2010-03-15 12:09:39.000000000 -0400 | |
47897 | +++ linux-2.6.33.1/Makefile 2010-03-20 16:58:42.256945498 -0400 | |
47898 | @@ -227,8 +227,8 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" | |
58c5fc13 MT |
47899 | |
47900 | HOSTCC = gcc | |
47901 | HOSTCXX = g++ | |
ae4e228f | 47902 | -HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer |
58c5fc13 | 47903 | -HOSTCXXFLAGS = -O2 |
ae4e228f | 47904 | +HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks |
58c5fc13 MT |
47905 | +HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks |
47906 | ||
47907 | # Decide whether to build built-in, modular, or both. | |
47908 | # Normally, just do built-in. | |
ae4e228f | 47909 | @@ -650,7 +650,7 @@ export mod_strip_cmd |
58c5fc13 MT |
47910 | |
47911 | ||
47912 | ifeq ($(KBUILD_EXTMOD),) | |
47913 | -core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ | |
47914 | +core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/ | |
47915 | ||
47916 | vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ | |
47917 | $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ | |
ae4e228f MT |
47918 | diff -urNp linux-2.6.33.1/mm/filemap.c linux-2.6.33.1/mm/filemap.c |
47919 | --- linux-2.6.33.1/mm/filemap.c 2010-03-15 12:09:39.000000000 -0400 | |
47920 | +++ linux-2.6.33.1/mm/filemap.c 2010-03-20 16:58:42.256945498 -0400 | |
47921 | @@ -1601,7 +1601,7 @@ int generic_file_mmap(struct file * file | |
58c5fc13 MT |
47922 | struct address_space *mapping = file->f_mapping; |
47923 | ||
47924 | if (!mapping->a_ops->readpage) | |
47925 | - return -ENOEXEC; | |
47926 | + return -ENODEV; | |
47927 | file_accessed(file); | |
47928 | vma->vm_ops = &generic_file_vm_ops; | |
47929 | vma->vm_flags |= VM_CAN_NONLINEAR; | |
ae4e228f | 47930 | @@ -1997,6 +1997,7 @@ inline int generic_write_checks(struct f |
58c5fc13 MT |
47931 | *pos = i_size_read(inode); |
47932 | ||
47933 | if (limit != RLIM_INFINITY) { | |
47934 | + gr_learn_resource(current, RLIMIT_FSIZE,*pos, 0); | |
47935 | if (*pos >= limit) { | |
47936 | send_sig(SIGXFSZ, current, 0); | |
47937 | return -EFBIG; | |
ae4e228f MT |
47938 | diff -urNp linux-2.6.33.1/mm/fremap.c linux-2.6.33.1/mm/fremap.c |
47939 | --- linux-2.6.33.1/mm/fremap.c 2010-03-15 12:09:39.000000000 -0400 | |
47940 | +++ linux-2.6.33.1/mm/fremap.c 2010-03-20 16:58:42.256945498 -0400 | |
58c5fc13 MT |
47941 | @@ -153,6 +153,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsign |
47942 | retry: | |
47943 | vma = find_vma(mm, start); | |
47944 | ||
47945 | +#ifdef CONFIG_PAX_SEGMEXEC | |
47946 | + if (vma && (mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_MAYEXEC)) | |
47947 | + goto out; | |
47948 | +#endif | |
47949 | + | |
47950 | /* | |
47951 | * Make sure the vma is shared, that it supports prefaulting, | |
47952 | * and that the remapped range is valid and fully within | |
ae4e228f MT |
47953 | diff -urNp linux-2.6.33.1/mm/highmem.c linux-2.6.33.1/mm/highmem.c |
47954 | --- linux-2.6.33.1/mm/highmem.c 2010-03-15 12:09:39.000000000 -0400 | |
47955 | +++ linux-2.6.33.1/mm/highmem.c 2010-03-20 16:58:42.256945498 -0400 | |
47956 | @@ -116,9 +116,10 @@ static void flush_all_zero_pkmaps(void) | |
58c5fc13 MT |
47957 | * So no dangers, even with speculative execution. |
47958 | */ | |
47959 | page = pte_page(pkmap_page_table[i]); | |
ae4e228f | 47960 | + pax_open_kernel(); |
58c5fc13 MT |
47961 | pte_clear(&init_mm, (unsigned long)page_address(page), |
47962 | &pkmap_page_table[i]); | |
ae4e228f MT |
47963 | - |
47964 | + pax_close_kernel(); | |
58c5fc13 MT |
47965 | set_page_address(page, NULL); |
47966 | need_flush = 1; | |
47967 | } | |
ae4e228f | 47968 | @@ -177,9 +178,11 @@ start: |
58c5fc13 MT |
47969 | } |
47970 | } | |
47971 | vaddr = PKMAP_ADDR(last_pkmap_nr); | |
ae4e228f MT |
47972 | + |
47973 | + pax_open_kernel(); | |
58c5fc13 MT |
47974 | set_pte_at(&init_mm, vaddr, |
47975 | &(pkmap_page_table[last_pkmap_nr]), mk_pte(page, kmap_prot)); | |
ae4e228f MT |
47976 | - |
47977 | + pax_close_kernel(); | |
58c5fc13 MT |
47978 | pkmap_count[last_pkmap_nr] = 1; |
47979 | set_page_address(page, (void *)vaddr); | |
58c5fc13 | 47980 | |
ae4e228f MT |
47981 | diff -urNp linux-2.6.33.1/mm/hugetlb.c linux-2.6.33.1/mm/hugetlb.c |
47982 | --- linux-2.6.33.1/mm/hugetlb.c 2010-03-15 12:09:39.000000000 -0400 | |
47983 | +++ linux-2.6.33.1/mm/hugetlb.c 2010-03-20 16:58:42.256945498 -0400 | |
47984 | @@ -2267,6 +2267,26 @@ static int unmap_ref_private(struct mm_s | |
58c5fc13 MT |
47985 | return 1; |
47986 | } | |
47987 | ||
47988 | +#ifdef CONFIG_PAX_SEGMEXEC | |
47989 | +static void pax_mirror_huge_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m) | |
47990 | +{ | |
47991 | + struct mm_struct *mm = vma->vm_mm; | |
47992 | + struct vm_area_struct *vma_m; | |
47993 | + unsigned long address_m; | |
47994 | + pte_t *ptep_m; | |
47995 | + | |
47996 | + vma_m = pax_find_mirror_vma(vma); | |
47997 | + if (!vma_m) | |
47998 | + return; | |
47999 | + | |
48000 | + BUG_ON(address >= SEGMEXEC_TASK_SIZE); | |
48001 | + address_m = address + SEGMEXEC_TASK_SIZE; | |
48002 | + ptep_m = huge_pte_offset(mm, address_m & HPAGE_MASK); | |
48003 | + get_page(page_m); | |
48004 | + set_huge_pte_at(mm, address_m, ptep_m, make_huge_pte(vma_m, page_m, 0)); | |
48005 | +} | |
48006 | +#endif | |
48007 | + | |
48008 | static int hugetlb_cow(struct mm_struct *mm, struct vm_area_struct *vma, | |
48009 | unsigned long address, pte_t *ptep, pte_t pte, | |
48010 | struct page *pagecache_page) | |
ae4e228f | 48011 | @@ -2347,6 +2367,11 @@ retry_avoidcopy: |
58c5fc13 MT |
48012 | huge_ptep_clear_flush(vma, address, ptep); |
48013 | set_huge_pte_at(mm, address, ptep, | |
48014 | make_huge_pte(vma, new_page, 1)); | |
48015 | + | |
48016 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48017 | + pax_mirror_huge_pte(vma, address, new_page); | |
48018 | +#endif | |
48019 | + | |
48020 | /* Make the old page be freed below */ | |
48021 | new_page = old_page; | |
48022 | } | |
ae4e228f | 48023 | @@ -2476,6 +2501,10 @@ retry: |
58c5fc13 MT |
48024 | && (vma->vm_flags & VM_SHARED))); |
48025 | set_huge_pte_at(mm, address, ptep, new_pte); | |
48026 | ||
48027 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48028 | + pax_mirror_huge_pte(vma, address, page); | |
48029 | +#endif | |
48030 | + | |
48031 | if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { | |
48032 | /* Optimization, do the COW without a second fault */ | |
48033 | ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); | |
ae4e228f | 48034 | @@ -2504,6 +2533,28 @@ int hugetlb_fault(struct mm_struct *mm, |
58c5fc13 MT |
48035 | static DEFINE_MUTEX(hugetlb_instantiation_mutex); |
48036 | struct hstate *h = hstate_vma(vma); | |
48037 | ||
48038 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48039 | + struct vm_area_struct *vma_m; | |
48040 | + | |
48041 | + vma_m = pax_find_mirror_vma(vma); | |
48042 | + if (vma_m) { | |
48043 | + unsigned long address_m; | |
48044 | + | |
48045 | + if (vma->vm_start > vma_m->vm_start) { | |
48046 | + address_m = address; | |
48047 | + address -= SEGMEXEC_TASK_SIZE; | |
48048 | + vma = vma_m; | |
48049 | + h = hstate_vma(vma); | |
48050 | + } else | |
48051 | + address_m = address + SEGMEXEC_TASK_SIZE; | |
48052 | + | |
48053 | + if (!huge_pte_alloc(mm, address_m, huge_page_size(h))) | |
48054 | + return VM_FAULT_OOM; | |
48055 | + address_m &= HPAGE_MASK; | |
48056 | + unmap_hugepage_range(vma, address_m, address_m + HPAGE_SIZE, NULL); | |
48057 | + } | |
48058 | +#endif | |
48059 | + | |
48060 | ptep = huge_pte_alloc(mm, address, huge_page_size(h)); | |
48061 | if (!ptep) | |
48062 | return VM_FAULT_OOM; | |
ae4e228f MT |
48063 | diff -urNp linux-2.6.33.1/mm/Kconfig linux-2.6.33.1/mm/Kconfig |
48064 | --- linux-2.6.33.1/mm/Kconfig 2010-03-15 12:09:39.000000000 -0400 | |
48065 | +++ linux-2.6.33.1/mm/Kconfig 2010-03-20 16:58:42.256945498 -0400 | |
48066 | @@ -222,7 +222,7 @@ config KSM | |
58c5fc13 MT |
48067 | config DEFAULT_MMAP_MIN_ADDR |
48068 | int "Low address space to protect from user allocation" | |
ae4e228f | 48069 | depends on MMU |
58c5fc13 MT |
48070 | - default 4096 |
48071 | + default 65536 | |
48072 | help | |
48073 | This is the portion of low virtual memory which should be protected | |
48074 | from userspace allocation. Keeping a user from writing to low pages | |
ae4e228f MT |
48075 | diff -urNp linux-2.6.33.1/mm/maccess.c linux-2.6.33.1/mm/maccess.c |
48076 | --- linux-2.6.33.1/mm/maccess.c 2010-03-15 12:09:39.000000000 -0400 | |
48077 | +++ linux-2.6.33.1/mm/maccess.c 2010-03-20 16:58:42.256945498 -0400 | |
48078 | @@ -15,10 +15,10 @@ | |
48079 | * happens, handle that and return -EFAULT. | |
48080 | */ | |
48081 | ||
48082 | -long __weak probe_kernel_read(void *dst, void *src, size_t size) | |
48083 | +long __weak probe_kernel_read(void *dst, const void *src, size_t size) | |
48084 | __attribute__((alias("__probe_kernel_read"))); | |
48085 | ||
48086 | -long __probe_kernel_read(void *dst, void *src, size_t size) | |
48087 | +long __probe_kernel_read(void *dst, const void *src, size_t size) | |
48088 | { | |
48089 | long ret; | |
48090 | mm_segment_t old_fs = get_fs(); | |
48091 | @@ -43,10 +43,10 @@ EXPORT_SYMBOL_GPL(probe_kernel_read); | |
48092 | * Safely write to address @dst from the buffer at @src. If a kernel fault | |
48093 | * happens, handle that and return -EFAULT. | |
48094 | */ | |
48095 | -long __weak probe_kernel_write(void *dst, void *src, size_t size) | |
48096 | +long __weak probe_kernel_write(void *dst, const void *src, size_t size) | |
48097 | __attribute__((alias("__probe_kernel_write"))); | |
48098 | ||
48099 | -long __probe_kernel_write(void *dst, void *src, size_t size) | |
48100 | +long __probe_kernel_write(void *dst, const void *src, size_t size) | |
48101 | { | |
48102 | long ret; | |
48103 | mm_segment_t old_fs = get_fs(); | |
48104 | diff -urNp linux-2.6.33.1/mm/madvise.c linux-2.6.33.1/mm/madvise.c | |
48105 | --- linux-2.6.33.1/mm/madvise.c 2010-03-15 12:09:39.000000000 -0400 | |
48106 | +++ linux-2.6.33.1/mm/madvise.c 2010-03-20 16:58:42.256945498 -0400 | |
48107 | @@ -45,6 +45,10 @@ static long madvise_behavior(struct vm_a | |
58c5fc13 | 48108 | pgoff_t pgoff; |
ae4e228f | 48109 | unsigned long new_flags = vma->vm_flags; |
58c5fc13 MT |
48110 | |
48111 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48112 | + struct vm_area_struct *vma_m; | |
48113 | +#endif | |
48114 | + | |
48115 | switch (behavior) { | |
48116 | case MADV_NORMAL: | |
48117 | new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ; | |
ae4e228f | 48118 | @@ -104,6 +108,13 @@ success: |
58c5fc13 MT |
48119 | /* |
48120 | * vm_flags is protected by the mmap_sem held in write mode. | |
48121 | */ | |
48122 | + | |
48123 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48124 | + vma_m = pax_find_mirror_vma(vma); | |
48125 | + if (vma_m) | |
48126 | + vma_m->vm_flags = new_flags & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT); | |
48127 | +#endif | |
48128 | + | |
48129 | vma->vm_flags = new_flags; | |
48130 | ||
48131 | out: | |
ae4e228f MT |
48132 | @@ -162,6 +173,11 @@ static long madvise_dontneed(struct vm_a |
48133 | struct vm_area_struct ** prev, | |
48134 | unsigned long start, unsigned long end) | |
48135 | { | |
58c5fc13 MT |
48136 | + |
48137 | +#ifdef CONFIG_PAX_SEGMEXEC | |
ae4e228f MT |
48138 | + struct vm_area_struct *vma_m; |
48139 | +#endif | |
58c5fc13 | 48140 | + |
ae4e228f MT |
48141 | *prev = vma; |
48142 | if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP)) | |
48143 | return -EINVAL; | |
48144 | @@ -174,6 +190,21 @@ static long madvise_dontneed(struct vm_a | |
48145 | zap_page_range(vma, start, end - start, &details); | |
48146 | } else | |
48147 | zap_page_range(vma, start, end - start, NULL); | |
48148 | + | |
48149 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48150 | + vma_m = pax_find_mirror_vma(vma); | |
48151 | + if (vma_m) { | |
48152 | + if (unlikely(vma->vm_flags & VM_NONLINEAR)) { | |
48153 | + struct zap_details details = { | |
48154 | + .nonlinear_vma = vma_m, | |
48155 | + .last_index = ULONG_MAX, | |
48156 | + }; | |
48157 | + zap_page_range(vma, start + SEGMEXEC_TASK_SIZE, end - start, &details); | |
48158 | + } else | |
48159 | + zap_page_range(vma, start + SEGMEXEC_TASK_SIZE, end - start, NULL); | |
48160 | + } | |
58c5fc13 MT |
48161 | +#endif |
48162 | + | |
ae4e228f MT |
48163 | return 0; |
48164 | } | |
58c5fc13 | 48165 | |
ae4e228f | 48166 | @@ -366,6 +397,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, |
58c5fc13 MT |
48167 | if (end < start) |
48168 | goto out; | |
48169 | ||
48170 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48171 | + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) { | |
48172 | + if (end > SEGMEXEC_TASK_SIZE) | |
48173 | + goto out; | |
48174 | + } else | |
48175 | +#endif | |
48176 | + | |
48177 | + if (end > TASK_SIZE) | |
48178 | + goto out; | |
48179 | + | |
48180 | error = 0; | |
48181 | if (end == start) | |
48182 | goto out; | |
ae4e228f MT |
48183 | diff -urNp linux-2.6.33.1/mm/memory.c linux-2.6.33.1/mm/memory.c |
48184 | --- linux-2.6.33.1/mm/memory.c 2010-03-15 12:09:39.000000000 -0400 | |
48185 | +++ linux-2.6.33.1/mm/memory.c 2010-03-20 16:58:42.260726041 -0400 | |
48186 | @@ -48,6 +48,7 @@ | |
48187 | #include <linux/ksm.h> | |
58c5fc13 MT |
48188 | #include <linux/rmap.h> |
48189 | #include <linux/module.h> | |
48190 | +#include <linux/security.h> | |
48191 | #include <linux/delayacct.h> | |
48192 | #include <linux/init.h> | |
48193 | #include <linux/writeback.h> | |
ae4e228f MT |
48194 | @@ -1266,10 +1267,10 @@ int __get_user_pages(struct task_struct |
48195 | (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE); | |
58c5fc13 MT |
48196 | i = 0; |
48197 | ||
48198 | - do { | |
48199 | + while (nr_pages) { | |
48200 | struct vm_area_struct *vma; | |
58c5fc13 MT |
48201 | |
48202 | - vma = find_extend_vma(mm, start); | |
48203 | + vma = find_vma(mm, start); | |
48204 | if (!vma && in_gate_area(tsk, start)) { | |
48205 | unsigned long pg = start & PAGE_MASK; | |
48206 | struct vm_area_struct *gate_vma = get_gate_vma(tsk); | |
ae4e228f | 48207 | @@ -1311,7 +1312,7 @@ int __get_user_pages(struct task_struct |
58c5fc13 MT |
48208 | continue; |
48209 | } | |
48210 | ||
48211 | - if (!vma || | |
48212 | + if (!vma || start < vma->vm_start || | |
48213 | (vma->vm_flags & (VM_IO | VM_PFNMAP)) || | |
ae4e228f | 48214 | !(vm_flags & vma->vm_flags)) |
58c5fc13 | 48215 | return i ? : -EFAULT; |
ae4e228f | 48216 | @@ -1386,7 +1387,7 @@ int __get_user_pages(struct task_struct |
58c5fc13 MT |
48217 | start += PAGE_SIZE; |
48218 | nr_pages--; | |
48219 | } while (nr_pages && start < vma->vm_end); | |
48220 | - } while (nr_pages); | |
48221 | + } | |
48222 | return i; | |
48223 | } | |
48224 | ||
ae4e228f | 48225 | @@ -1982,6 +1983,186 @@ static inline void cow_user_page(struct |
58c5fc13 MT |
48226 | copy_user_highpage(dst, src, va, vma); |
48227 | } | |
48228 | ||
48229 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48230 | +static void pax_unmap_mirror_pte(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd) | |
48231 | +{ | |
48232 | + struct mm_struct *mm = vma->vm_mm; | |
48233 | + spinlock_t *ptl; | |
48234 | + pte_t *pte, entry; | |
48235 | + | |
48236 | + pte = pte_offset_map_lock(mm, pmd, address, &ptl); | |
48237 | + entry = *pte; | |
48238 | + if (!pte_present(entry)) { | |
48239 | + if (!pte_none(entry)) { | |
48240 | + BUG_ON(pte_file(entry)); | |
48241 | + free_swap_and_cache(pte_to_swp_entry(entry)); | |
48242 | + pte_clear_not_present_full(mm, address, pte, 0); | |
48243 | + } | |
48244 | + } else { | |
48245 | + struct page *page; | |
48246 | + | |
48247 | + flush_cache_page(vma, address, pte_pfn(entry)); | |
48248 | + entry = ptep_clear_flush(vma, address, pte); | |
48249 | + BUG_ON(pte_dirty(entry)); | |
48250 | + page = vm_normal_page(vma, address, entry); | |
48251 | + if (page) { | |
48252 | + update_hiwater_rss(mm); | |
48253 | + if (PageAnon(page)) | |
48254 | + dec_mm_counter(mm, anon_rss); | |
48255 | + else | |
48256 | + dec_mm_counter(mm, file_rss); | |
48257 | + page_remove_rmap(page); | |
48258 | + page_cache_release(page); | |
48259 | + } | |
48260 | + } | |
48261 | + pte_unmap_unlock(pte, ptl); | |
48262 | +} | |
48263 | + | |
48264 | +/* PaX: if vma is mirrored, synchronize the mirror's PTE | |
48265 | + * | |
48266 | + * the ptl of the lower mapped page is held on entry and is not released on exit | |
48267 | + * or inside to ensure atomic changes to the PTE states (swapout, mremap, munmap, etc) | |
48268 | + */ | |
48269 | +static void pax_mirror_anon_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl) | |
48270 | +{ | |
48271 | + struct mm_struct *mm = vma->vm_mm; | |
48272 | + unsigned long address_m; | |
48273 | + spinlock_t *ptl_m; | |
48274 | + struct vm_area_struct *vma_m; | |
48275 | + pmd_t *pmd_m; | |
48276 | + pte_t *pte_m, entry_m; | |
48277 | + | |
48278 | + BUG_ON(!page_m || !PageAnon(page_m)); | |
48279 | + | |
48280 | + vma_m = pax_find_mirror_vma(vma); | |
48281 | + if (!vma_m) | |
48282 | + return; | |
48283 | + | |
48284 | + BUG_ON(!PageLocked(page_m)); | |
48285 | + BUG_ON(address >= SEGMEXEC_TASK_SIZE); | |
48286 | + address_m = address + SEGMEXEC_TASK_SIZE; | |
48287 | + pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m); | |
48288 | + pte_m = pte_offset_map_nested(pmd_m, address_m); | |
48289 | + ptl_m = pte_lockptr(mm, pmd_m); | |
48290 | + if (ptl != ptl_m) { | |
48291 | + spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING); | |
48292 | + if (!pte_none(*pte_m)) | |
48293 | + goto out; | |
48294 | + } | |
48295 | + | |
48296 | + entry_m = pfn_pte(page_to_pfn(page_m), vma_m->vm_page_prot); | |
48297 | + page_cache_get(page_m); | |
48298 | + page_add_anon_rmap(page_m, vma_m, address_m); | |
48299 | + inc_mm_counter(mm, anon_rss); | |
48300 | + set_pte_at(mm, address_m, pte_m, entry_m); | |
48301 | + update_mmu_cache(vma_m, address_m, entry_m); | |
48302 | +out: | |
48303 | + if (ptl != ptl_m) | |
48304 | + spin_unlock(ptl_m); | |
48305 | + pte_unmap_nested(pte_m); | |
48306 | + unlock_page(page_m); | |
48307 | +} | |
48308 | + | |
48309 | +void pax_mirror_file_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl) | |
48310 | +{ | |
48311 | + struct mm_struct *mm = vma->vm_mm; | |
48312 | + unsigned long address_m; | |
48313 | + spinlock_t *ptl_m; | |
48314 | + struct vm_area_struct *vma_m; | |
48315 | + pmd_t *pmd_m; | |
48316 | + pte_t *pte_m, entry_m; | |
48317 | + | |
48318 | + BUG_ON(!page_m || PageAnon(page_m)); | |
48319 | + | |
48320 | + vma_m = pax_find_mirror_vma(vma); | |
48321 | + if (!vma_m) | |
48322 | + return; | |
48323 | + | |
48324 | + BUG_ON(address >= SEGMEXEC_TASK_SIZE); | |
48325 | + address_m = address + SEGMEXEC_TASK_SIZE; | |
48326 | + pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m); | |
48327 | + pte_m = pte_offset_map_nested(pmd_m, address_m); | |
48328 | + ptl_m = pte_lockptr(mm, pmd_m); | |
48329 | + if (ptl != ptl_m) { | |
48330 | + spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING); | |
48331 | + if (!pte_none(*pte_m)) | |
48332 | + goto out; | |
48333 | + } | |
48334 | + | |
48335 | + entry_m = pfn_pte(page_to_pfn(page_m), vma_m->vm_page_prot); | |
48336 | + page_cache_get(page_m); | |
48337 | + page_add_file_rmap(page_m); | |
48338 | + inc_mm_counter(mm, file_rss); | |
48339 | + set_pte_at(mm, address_m, pte_m, entry_m); | |
48340 | + update_mmu_cache(vma_m, address_m, entry_m); | |
48341 | +out: | |
48342 | + if (ptl != ptl_m) | |
48343 | + spin_unlock(ptl_m); | |
48344 | + pte_unmap_nested(pte_m); | |
48345 | +} | |
48346 | + | |
48347 | +static void pax_mirror_pfn_pte(struct vm_area_struct *vma, unsigned long address, unsigned long pfn_m, spinlock_t *ptl) | |
48348 | +{ | |
48349 | + struct mm_struct *mm = vma->vm_mm; | |
48350 | + unsigned long address_m; | |
48351 | + spinlock_t *ptl_m; | |
48352 | + struct vm_area_struct *vma_m; | |
48353 | + pmd_t *pmd_m; | |
48354 | + pte_t *pte_m, entry_m; | |
48355 | + | |
48356 | + vma_m = pax_find_mirror_vma(vma); | |
48357 | + if (!vma_m) | |
48358 | + return; | |
48359 | + | |
48360 | + BUG_ON(address >= SEGMEXEC_TASK_SIZE); | |
48361 | + address_m = address + SEGMEXEC_TASK_SIZE; | |
48362 | + pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m); | |
48363 | + pte_m = pte_offset_map_nested(pmd_m, address_m); | |
48364 | + ptl_m = pte_lockptr(mm, pmd_m); | |
48365 | + if (ptl != ptl_m) { | |
48366 | + spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING); | |
48367 | + if (!pte_none(*pte_m)) | |
48368 | + goto out; | |
48369 | + } | |
48370 | + | |
48371 | + entry_m = pfn_pte(pfn_m, vma_m->vm_page_prot); | |
48372 | + set_pte_at(mm, address_m, pte_m, entry_m); | |
48373 | +out: | |
48374 | + if (ptl != ptl_m) | |
48375 | + spin_unlock(ptl_m); | |
48376 | + pte_unmap_nested(pte_m); | |
48377 | +} | |
48378 | + | |
48379 | +static void pax_mirror_pte(struct vm_area_struct *vma, unsigned long address, pte_t *pte, pmd_t *pmd, spinlock_t *ptl) | |
48380 | +{ | |
48381 | + struct page *page_m; | |
48382 | + pte_t entry; | |
48383 | + | |
48384 | + if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC)) | |
48385 | + goto out; | |
48386 | + | |
48387 | + entry = *pte; | |
48388 | + page_m = vm_normal_page(vma, address, entry); | |
48389 | + if (!page_m) | |
48390 | + pax_mirror_pfn_pte(vma, address, pte_pfn(entry), ptl); | |
48391 | + else if (PageAnon(page_m)) { | |
48392 | + if (pax_find_mirror_vma(vma)) { | |
48393 | + pte_unmap_unlock(pte, ptl); | |
48394 | + lock_page(page_m); | |
48395 | + pte = pte_offset_map_lock(vma->vm_mm, pmd, address, &ptl); | |
48396 | + if (pte_same(entry, *pte)) | |
48397 | + pax_mirror_anon_pte(vma, address, page_m, ptl); | |
48398 | + else | |
48399 | + unlock_page(page_m); | |
48400 | + } | |
48401 | + } else | |
48402 | + pax_mirror_file_pte(vma, address, page_m, ptl); | |
48403 | + | |
48404 | +out: | |
48405 | + pte_unmap_unlock(pte, ptl); | |
48406 | +} | |
48407 | +#endif | |
48408 | + | |
48409 | /* | |
48410 | * This routine handles present pages, when users try to write | |
48411 | * to a shared page. It is done by copying the page to a new address | |
ae4e228f | 48412 | @@ -2161,6 +2342,12 @@ gotten: |
58c5fc13 MT |
48413 | */ |
48414 | page_table = pte_offset_map_lock(mm, pmd, address, &ptl); | |
48415 | if (likely(pte_same(*page_table, orig_pte))) { | |
48416 | + | |
48417 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48418 | + if (pax_find_mirror_vma(vma)) | |
48419 | + BUG_ON(!trylock_page(new_page)); | |
48420 | +#endif | |
48421 | + | |
48422 | if (old_page) { | |
48423 | if (!PageAnon(old_page)) { | |
48424 | dec_mm_counter(mm, file_rss); | |
ae4e228f | 48425 | @@ -2212,6 +2399,10 @@ gotten: |
58c5fc13 MT |
48426 | page_remove_rmap(old_page); |
48427 | } | |
48428 | ||
48429 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48430 | + pax_mirror_anon_pte(vma, address, new_page, ptl); | |
48431 | +#endif | |
48432 | + | |
48433 | /* Free the old page.. */ | |
48434 | new_page = old_page; | |
48435 | ret |= VM_FAULT_WRITE; | |
ae4e228f | 48436 | @@ -2619,6 +2810,11 @@ static int do_swap_page(struct mm_struct |
58c5fc13 MT |
48437 | swap_free(entry); |
48438 | if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) | |
48439 | try_to_free_swap(page); | |
48440 | + | |
48441 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48442 | + if ((flags & FAULT_FLAG_WRITE) || !pax_find_mirror_vma(vma)) | |
48443 | +#endif | |
48444 | + | |
48445 | unlock_page(page); | |
48446 | ||
48447 | if (flags & FAULT_FLAG_WRITE) { | |
ae4e228f | 48448 | @@ -2630,6 +2826,11 @@ static int do_swap_page(struct mm_struct |
58c5fc13 MT |
48449 | |
48450 | /* No need to invalidate - it was non-present before */ | |
48451 | update_mmu_cache(vma, address, pte); | |
48452 | + | |
48453 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48454 | + pax_mirror_anon_pte(vma, address, page, ptl); | |
48455 | +#endif | |
48456 | + | |
48457 | unlock: | |
48458 | pte_unmap_unlock(page_table, ptl); | |
48459 | out: | |
ae4e228f MT |
48460 | @@ -2653,7 +2854,7 @@ static int do_anonymous_page(struct mm_s |
48461 | unsigned long address, pte_t *page_table, pmd_t *pmd, | |
48462 | unsigned int flags) | |
48463 | { | |
48464 | - struct page *page; | |
48465 | + struct page *page = NULL; | |
48466 | spinlock_t *ptl; | |
48467 | pte_t entry; | |
48468 | ||
48469 | @@ -2688,6 +2889,11 @@ static int do_anonymous_page(struct mm_s | |
58c5fc13 MT |
48470 | if (!pte_none(*page_table)) |
48471 | goto release; | |
ae4e228f | 48472 | |
58c5fc13 MT |
48473 | +#ifdef CONFIG_PAX_SEGMEXEC |
48474 | + if (pax_find_mirror_vma(vma)) | |
48475 | + BUG_ON(!trylock_page(page)); | |
48476 | +#endif | |
48477 | + | |
48478 | inc_mm_counter(mm, anon_rss); | |
48479 | page_add_new_anon_rmap(page, vma, address); | |
ae4e228f MT |
48480 | setpte: |
48481 | @@ -2695,6 +2901,12 @@ setpte: | |
58c5fc13 MT |
48482 | |
48483 | /* No need to invalidate - it was non-present before */ | |
48484 | update_mmu_cache(vma, address, entry); | |
48485 | + | |
48486 | +#ifdef CONFIG_PAX_SEGMEXEC | |
ae4e228f MT |
48487 | + if (page) |
48488 | + pax_mirror_anon_pte(vma, address, page, ptl); | |
58c5fc13 MT |
48489 | +#endif |
48490 | + | |
48491 | unlock: | |
48492 | pte_unmap_unlock(page_table, ptl); | |
48493 | return 0; | |
ae4e228f | 48494 | @@ -2837,6 +3049,12 @@ static int __do_fault(struct mm_struct * |
58c5fc13 MT |
48495 | */ |
48496 | /* Only go through if we didn't race with anybody else... */ | |
48497 | if (likely(pte_same(*page_table, orig_pte))) { | |
48498 | + | |
48499 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48500 | + if (anon && pax_find_mirror_vma(vma)) | |
48501 | + BUG_ON(!trylock_page(page)); | |
48502 | +#endif | |
48503 | + | |
48504 | flush_icache_page(vma, page); | |
48505 | entry = mk_pte(page, vma->vm_page_prot); | |
48506 | if (flags & FAULT_FLAG_WRITE) | |
ae4e228f | 48507 | @@ -2856,6 +3074,14 @@ static int __do_fault(struct mm_struct * |
58c5fc13 MT |
48508 | |
48509 | /* no need to invalidate: a not-present page won't be cached */ | |
48510 | update_mmu_cache(vma, address, entry); | |
48511 | + | |
48512 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48513 | + if (anon) | |
48514 | + pax_mirror_anon_pte(vma, address, page, ptl); | |
48515 | + else | |
48516 | + pax_mirror_file_pte(vma, address, page, ptl); | |
48517 | +#endif | |
48518 | + | |
48519 | } else { | |
48520 | if (charged) | |
48521 | mem_cgroup_uncharge_page(page); | |
ae4e228f | 48522 | @@ -3003,6 +3229,12 @@ static inline int handle_pte_fault(struc |
58c5fc13 MT |
48523 | if (flags & FAULT_FLAG_WRITE) |
48524 | flush_tlb_page(vma, address); | |
48525 | } | |
48526 | + | |
48527 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48528 | + pax_mirror_pte(vma, address, pte, pmd, ptl); | |
48529 | + return 0; | |
48530 | +#endif | |
48531 | + | |
48532 | unlock: | |
48533 | pte_unmap_unlock(pte, ptl); | |
48534 | return 0; | |
ae4e228f | 48535 | @@ -3019,6 +3251,10 @@ int handle_mm_fault(struct mm_struct *mm |
58c5fc13 MT |
48536 | pmd_t *pmd; |
48537 | pte_t *pte; | |
48538 | ||
48539 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48540 | + struct vm_area_struct *vma_m; | |
48541 | +#endif | |
48542 | + | |
48543 | __set_current_state(TASK_RUNNING); | |
48544 | ||
48545 | count_vm_event(PGFAULT); | |
ae4e228f | 48546 | @@ -3026,6 +3262,34 @@ int handle_mm_fault(struct mm_struct *mm |
58c5fc13 MT |
48547 | if (unlikely(is_vm_hugetlb_page(vma))) |
48548 | return hugetlb_fault(mm, vma, address, flags); | |
48549 | ||
48550 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48551 | + vma_m = pax_find_mirror_vma(vma); | |
48552 | + if (vma_m) { | |
48553 | + unsigned long address_m; | |
48554 | + pgd_t *pgd_m; | |
48555 | + pud_t *pud_m; | |
48556 | + pmd_t *pmd_m; | |
48557 | + | |
48558 | + if (vma->vm_start > vma_m->vm_start) { | |
48559 | + address_m = address; | |
48560 | + address -= SEGMEXEC_TASK_SIZE; | |
48561 | + vma = vma_m; | |
48562 | + } else | |
48563 | + address_m = address + SEGMEXEC_TASK_SIZE; | |
48564 | + | |
48565 | + pgd_m = pgd_offset(mm, address_m); | |
48566 | + pud_m = pud_alloc(mm, pgd_m, address_m); | |
48567 | + if (!pud_m) | |
48568 | + return VM_FAULT_OOM; | |
48569 | + pmd_m = pmd_alloc(mm, pud_m, address_m); | |
48570 | + if (!pmd_m) | |
48571 | + return VM_FAULT_OOM; | |
48572 | + if (!pmd_present(*pmd_m) && __pte_alloc(mm, pmd_m, address_m)) | |
48573 | + return VM_FAULT_OOM; | |
48574 | + pax_unmap_mirror_pte(vma_m, address_m, pmd_m); | |
48575 | + } | |
48576 | +#endif | |
48577 | + | |
48578 | pgd = pgd_offset(mm, address); | |
48579 | pud = pud_alloc(mm, pgd, address); | |
48580 | if (!pud) | |
ae4e228f | 48581 | @@ -3123,7 +3387,7 @@ static int __init gate_vma_init(void) |
58c5fc13 MT |
48582 | gate_vma.vm_start = FIXADDR_USER_START; |
48583 | gate_vma.vm_end = FIXADDR_USER_END; | |
48584 | gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; | |
48585 | - gate_vma.vm_page_prot = __P101; | |
48586 | + gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags); | |
48587 | /* | |
48588 | * Make sure the vDSO gets into every core dump. | |
48589 | * Dumping its contents makes post-mortem fully interpretable later | |
ae4e228f MT |
48590 | diff -urNp linux-2.6.33.1/mm/memory-failure.c linux-2.6.33.1/mm/memory-failure.c |
48591 | --- linux-2.6.33.1/mm/memory-failure.c 2010-03-15 12:09:39.000000000 -0400 | |
48592 | +++ linux-2.6.33.1/mm/memory-failure.c 2010-03-20 16:58:42.260726041 -0400 | |
48593 | @@ -50,7 +50,7 @@ int sysctl_memory_failure_early_kill __r | |
48594 | ||
48595 | int sysctl_memory_failure_recovery __read_mostly = 1; | |
48596 | ||
48597 | -atomic_long_t mce_bad_pages __read_mostly = ATOMIC_LONG_INIT(0); | |
48598 | +atomic_long_unchecked_t mce_bad_pages __read_mostly = ATOMIC_LONG_INIT(0); | |
48599 | ||
48600 | #if defined(CONFIG_HWPOISON_INJECT) || defined(CONFIG_HWPOISON_INJECT_MODULE) | |
48601 | ||
48602 | @@ -935,7 +935,7 @@ int __memory_failure(unsigned long pfn, | |
48603 | return 0; | |
48604 | } | |
48605 | ||
48606 | - atomic_long_add(1, &mce_bad_pages); | |
48607 | + atomic_long_add_unchecked(1, &mce_bad_pages); | |
48608 | ||
48609 | /* | |
48610 | * We need/can do nothing about count=0 pages. | |
48611 | diff -urNp linux-2.6.33.1/mm/mempolicy.c linux-2.6.33.1/mm/mempolicy.c | |
48612 | --- linux-2.6.33.1/mm/mempolicy.c 2010-03-15 12:09:39.000000000 -0400 | |
48613 | +++ linux-2.6.33.1/mm/mempolicy.c 2010-03-20 16:58:42.260726041 -0400 | |
48614 | @@ -569,6 +569,10 @@ static int mbind_range(struct vm_area_st | |
58c5fc13 MT |
48615 | struct vm_area_struct *next; |
48616 | int err; | |
48617 | ||
48618 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48619 | + struct vm_area_struct *vma_m; | |
48620 | +#endif | |
48621 | + | |
48622 | err = 0; | |
48623 | for (; vma && vma->vm_start < end; vma = next) { | |
48624 | next = vma->vm_next; | |
ae4e228f | 48625 | @@ -580,6 +584,16 @@ static int mbind_range(struct vm_area_st |
58c5fc13 MT |
48626 | err = policy_vma(vma, new); |
48627 | if (err) | |
48628 | break; | |
48629 | + | |
48630 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48631 | + vma_m = pax_find_mirror_vma(vma); | |
48632 | + if (vma_m) { | |
48633 | + err = policy_vma(vma_m, new); | |
48634 | + if (err) | |
48635 | + break; | |
48636 | + } | |
48637 | +#endif | |
48638 | + | |
48639 | } | |
48640 | return err; | |
48641 | } | |
ae4e228f | 48642 | @@ -1000,6 +1014,17 @@ static long do_mbind(unsigned long start |
58c5fc13 MT |
48643 | |
48644 | if (end < start) | |
48645 | return -EINVAL; | |
48646 | + | |
48647 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48648 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) { | |
48649 | + if (end > SEGMEXEC_TASK_SIZE) | |
48650 | + return -EINVAL; | |
48651 | + } else | |
48652 | +#endif | |
48653 | + | |
48654 | + if (end > TASK_SIZE) | |
48655 | + return -EINVAL; | |
48656 | + | |
48657 | if (end == start) | |
48658 | return 0; | |
48659 | ||
ae4e228f | 48660 | @@ -1205,6 +1230,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pi |
58c5fc13 MT |
48661 | if (!mm) |
48662 | return -EINVAL; | |
48663 | ||
48664 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
48665 | + if (mm != current->mm && | |
48666 | + (mm->pax_flags & MF_PAX_RANDMMAP || mm->pax_flags & MF_PAX_SEGMEXEC)) { | |
48667 | + err = -EPERM; | |
48668 | + goto out; | |
48669 | + } | |
48670 | +#endif | |
48671 | + | |
48672 | /* | |
48673 | * Check if this process has the right to modify the specified | |
48674 | * process. The right exists if the process has administrative | |
ae4e228f | 48675 | @@ -1214,8 +1247,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pi |
58c5fc13 MT |
48676 | rcu_read_lock(); |
48677 | tcred = __task_cred(task); | |
48678 | if (cred->euid != tcred->suid && cred->euid != tcred->uid && | |
48679 | - cred->uid != tcred->suid && cred->uid != tcred->uid && | |
48680 | - !capable(CAP_SYS_NICE)) { | |
48681 | + cred->uid != tcred->suid && !capable(CAP_SYS_NICE)) { | |
48682 | rcu_read_unlock(); | |
48683 | err = -EPERM; | |
48684 | goto out; | |
ae4e228f | 48685 | @@ -2431,7 +2463,7 @@ int show_numa_map(struct seq_file *m, vo |
58c5fc13 MT |
48686 | |
48687 | if (file) { | |
48688 | seq_printf(m, " file="); | |
48689 | - seq_path(m, &file->f_path, "\n\t= "); | |
48690 | + seq_path(m, &file->f_path, "\n\t\\= "); | |
48691 | } else if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) { | |
48692 | seq_printf(m, " heap"); | |
48693 | } else if (vma->vm_start <= mm->start_stack && | |
ae4e228f MT |
48694 | diff -urNp linux-2.6.33.1/mm/migrate.c linux-2.6.33.1/mm/migrate.c |
48695 | --- linux-2.6.33.1/mm/migrate.c 2010-03-15 12:09:39.000000000 -0400 | |
48696 | +++ linux-2.6.33.1/mm/migrate.c 2010-03-20 16:58:42.260726041 -0400 | |
48697 | @@ -1059,6 +1059,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, | |
58c5fc13 MT |
48698 | if (!mm) |
48699 | return -EINVAL; | |
48700 | ||
48701 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
48702 | + if (mm != current->mm && | |
48703 | + (mm->pax_flags & MF_PAX_RANDMMAP || mm->pax_flags & MF_PAX_SEGMEXEC)) { | |
48704 | + err = -EPERM; | |
48705 | + goto out; | |
48706 | + } | |
48707 | +#endif | |
48708 | + | |
48709 | /* | |
48710 | * Check if this process has the right to modify the specified | |
48711 | * process. The right exists if the process has administrative | |
ae4e228f | 48712 | @@ -1068,8 +1076,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, |
58c5fc13 MT |
48713 | rcu_read_lock(); |
48714 | tcred = __task_cred(task); | |
48715 | if (cred->euid != tcred->suid && cred->euid != tcred->uid && | |
48716 | - cred->uid != tcred->suid && cred->uid != tcred->uid && | |
48717 | - !capable(CAP_SYS_NICE)) { | |
48718 | + cred->uid != tcred->suid && !capable(CAP_SYS_NICE)) { | |
48719 | rcu_read_unlock(); | |
48720 | err = -EPERM; | |
48721 | goto out; | |
ae4e228f MT |
48722 | diff -urNp linux-2.6.33.1/mm/mlock.c linux-2.6.33.1/mm/mlock.c |
48723 | --- linux-2.6.33.1/mm/mlock.c 2010-03-15 12:09:39.000000000 -0400 | |
48724 | +++ linux-2.6.33.1/mm/mlock.c 2010-03-20 16:58:42.264564412 -0400 | |
58c5fc13 MT |
48725 | @@ -13,6 +13,7 @@ |
48726 | #include <linux/pagemap.h> | |
48727 | #include <linux/mempolicy.h> | |
48728 | #include <linux/syscalls.h> | |
48729 | +#include <linux/security.h> | |
48730 | #include <linux/sched.h> | |
48731 | #include <linux/module.h> | |
48732 | #include <linux/rmap.h> | |
ae4e228f | 48733 | @@ -432,6 +433,17 @@ static int do_mlock(unsigned long start, |
58c5fc13 MT |
48734 | return -EINVAL; |
48735 | if (end == start) | |
48736 | return 0; | |
48737 | + | |
48738 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48739 | + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) { | |
48740 | + if (end > SEGMEXEC_TASK_SIZE) | |
48741 | + return -EINVAL; | |
48742 | + } else | |
48743 | +#endif | |
48744 | + | |
48745 | + if (end > TASK_SIZE) | |
48746 | + return -EINVAL; | |
48747 | + | |
48748 | vma = find_vma_prev(current->mm, start, &prev); | |
48749 | if (!vma || vma->vm_start > start) | |
48750 | return -ENOMEM; | |
ae4e228f | 48751 | @@ -491,6 +503,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, st |
58c5fc13 MT |
48752 | lock_limit >>= PAGE_SHIFT; |
48753 | ||
48754 | /* check against resource limits */ | |
48755 | + gr_learn_resource(current, RLIMIT_MEMLOCK, (current->mm->locked_vm << PAGE_SHIFT) + len, 1); | |
48756 | if ((locked <= lock_limit) || capable(CAP_IPC_LOCK)) | |
48757 | error = do_mlock(start, len, 1); | |
48758 | up_write(¤t->mm->mmap_sem); | |
ae4e228f | 48759 | @@ -512,10 +525,10 @@ SYSCALL_DEFINE2(munlock, unsigned long, |
58c5fc13 MT |
48760 | static int do_mlockall(int flags) |
48761 | { | |
48762 | struct vm_area_struct * vma, * prev = NULL; | |
48763 | - unsigned int def_flags = 0; | |
48764 | + unsigned int def_flags = current->mm->def_flags & ~VM_LOCKED; | |
48765 | ||
48766 | if (flags & MCL_FUTURE) | |
48767 | - def_flags = VM_LOCKED; | |
48768 | + def_flags |= VM_LOCKED; | |
48769 | current->mm->def_flags = def_flags; | |
48770 | if (flags == MCL_FUTURE) | |
48771 | goto out; | |
ae4e228f | 48772 | @@ -523,6 +536,12 @@ static int do_mlockall(int flags) |
58c5fc13 MT |
48773 | for (vma = current->mm->mmap; vma ; vma = prev->vm_next) { |
48774 | unsigned int newflags; | |
48775 | ||
48776 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48777 | + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE)) | |
48778 | + break; | |
48779 | +#endif | |
48780 | + | |
48781 | + BUG_ON(vma->vm_end > TASK_SIZE); | |
48782 | newflags = vma->vm_flags | VM_LOCKED; | |
48783 | if (!(flags & MCL_CURRENT)) | |
48784 | newflags &= ~VM_LOCKED; | |
ae4e228f | 48785 | @@ -554,6 +573,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) |
58c5fc13 MT |
48786 | lock_limit >>= PAGE_SHIFT; |
48787 | ||
48788 | ret = -ENOMEM; | |
48789 | + gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm, 1); | |
48790 | if (!(flags & MCL_CURRENT) || (current->mm->total_vm <= lock_limit) || | |
48791 | capable(CAP_IPC_LOCK)) | |
48792 | ret = do_mlockall(flags); | |
ae4e228f MT |
48793 | diff -urNp linux-2.6.33.1/mm/mmap.c linux-2.6.33.1/mm/mmap.c |
48794 | --- linux-2.6.33.1/mm/mmap.c 2010-03-15 12:09:39.000000000 -0400 | |
48795 | +++ linux-2.6.33.1/mm/mmap.c 2010-03-20 16:58:42.264564412 -0400 | |
48796 | @@ -44,6 +44,16 @@ | |
58c5fc13 MT |
48797 | #define arch_rebalance_pgtables(addr, len) (addr) |
48798 | #endif | |
48799 | ||
48800 | +static inline void verify_mm_writelocked(struct mm_struct *mm) | |
48801 | +{ | |
48802 | +#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAX) | |
48803 | + if (unlikely(down_read_trylock(&mm->mmap_sem))) { | |
48804 | + up_read(&mm->mmap_sem); | |
48805 | + BUG(); | |
48806 | + } | |
48807 | +#endif | |
48808 | +} | |
48809 | + | |
48810 | static void unmap_region(struct mm_struct *mm, | |
48811 | struct vm_area_struct *vma, struct vm_area_struct *prev, | |
48812 | unsigned long start, unsigned long end); | |
ae4e228f | 48813 | @@ -69,16 +79,25 @@ static void unmap_region(struct mm_struc |
58c5fc13 MT |
48814 | * x: (no) no x: (no) yes x: (no) yes x: (yes) yes |
48815 | * | |
48816 | */ | |
48817 | -pgprot_t protection_map[16] = { | |
48818 | +pgprot_t protection_map[16] __read_only = { | |
48819 | __P000, __P001, __P010, __P011, __P100, __P101, __P110, __P111, | |
48820 | __S000, __S001, __S010, __S011, __S100, __S101, __S110, __S111 | |
48821 | }; | |
48822 | ||
48823 | pgprot_t vm_get_page_prot(unsigned long vm_flags) | |
48824 | { | |
48825 | - return __pgprot(pgprot_val(protection_map[vm_flags & | |
48826 | + pgprot_t prot = __pgprot(pgprot_val(protection_map[vm_flags & | |
48827 | (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]) | | |
48828 | pgprot_val(arch_vm_get_page_prot(vm_flags))); | |
48829 | + | |
48830 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) | |
ae4e228f | 48831 | + if (!(__supported_pte_mask & _PAGE_NX) && |
58c5fc13 MT |
48832 | + (vm_flags & (VM_PAGEEXEC | VM_EXEC)) == VM_PAGEEXEC && |
48833 | + (vm_flags & (VM_READ | VM_WRITE))) | |
48834 | + prot = __pgprot(pte_val(pte_exprotect(__pte(pgprot_val(prot))))); | |
48835 | +#endif | |
48836 | + | |
48837 | + return prot; | |
48838 | } | |
48839 | EXPORT_SYMBOL(vm_get_page_prot); | |
48840 | ||
ae4e228f | 48841 | @@ -230,6 +249,7 @@ static struct vm_area_struct *remove_vma |
58c5fc13 MT |
48842 | struct vm_area_struct *next = vma->vm_next; |
48843 | ||
48844 | might_sleep(); | |
48845 | + BUG_ON(vma->vm_mirror); | |
48846 | if (vma->vm_ops && vma->vm_ops->close) | |
48847 | vma->vm_ops->close(vma); | |
48848 | if (vma->vm_file) { | |
ae4e228f | 48849 | @@ -266,6 +286,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) |
58c5fc13 MT |
48850 | * not page aligned -Ram Gupta |
48851 | */ | |
48852 | rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur; | |
48853 | + gr_learn_resource(current, RLIMIT_DATA, (brk - mm->start_brk) + (mm->end_data - mm->start_data), 1); | |
48854 | if (rlim < RLIM_INFINITY && (brk - mm->start_brk) + | |
48855 | (mm->end_data - mm->start_data) > rlim) | |
48856 | goto out; | |
ae4e228f | 48857 | @@ -693,6 +714,12 @@ static int |
58c5fc13 MT |
48858 | can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, |
48859 | struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) | |
48860 | { | |
48861 | + | |
48862 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48863 | + if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_start == SEGMEXEC_TASK_SIZE) | |
48864 | + return 0; | |
48865 | +#endif | |
48866 | + | |
48867 | if (is_mergeable_vma(vma, file, vm_flags) && | |
48868 | is_mergeable_anon_vma(anon_vma, vma->anon_vma)) { | |
48869 | if (vma->vm_pgoff == vm_pgoff) | |
ae4e228f | 48870 | @@ -712,6 +739,12 @@ static int |
58c5fc13 MT |
48871 | can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, |
48872 | struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) | |
48873 | { | |
48874 | + | |
48875 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48876 | + if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end == SEGMEXEC_TASK_SIZE) | |
48877 | + return 0; | |
48878 | +#endif | |
48879 | + | |
48880 | if (is_mergeable_vma(vma, file, vm_flags) && | |
48881 | is_mergeable_anon_vma(anon_vma, vma->anon_vma)) { | |
48882 | pgoff_t vm_pglen; | |
ae4e228f | 48883 | @@ -754,12 +787,19 @@ can_vma_merge_after(struct vm_area_struc |
58c5fc13 MT |
48884 | struct vm_area_struct *vma_merge(struct mm_struct *mm, |
48885 | struct vm_area_struct *prev, unsigned long addr, | |
48886 | unsigned long end, unsigned long vm_flags, | |
48887 | - struct anon_vma *anon_vma, struct file *file, | |
48888 | + struct anon_vma *anon_vma, struct file *file, | |
48889 | pgoff_t pgoff, struct mempolicy *policy) | |
48890 | { | |
48891 | pgoff_t pglen = (end - addr) >> PAGE_SHIFT; | |
48892 | struct vm_area_struct *area, *next; | |
48893 | ||
48894 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48895 | + unsigned long addr_m = addr + SEGMEXEC_TASK_SIZE, end_m = end + SEGMEXEC_TASK_SIZE; | |
48896 | + struct vm_area_struct *area_m = NULL, *next_m = NULL, *prev_m = NULL; | |
48897 | + | |
48898 | + BUG_ON((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE < end); | |
48899 | +#endif | |
48900 | + | |
48901 | /* | |
48902 | * We later require that vma->vm_flags == vm_flags, | |
48903 | * so this tests vma->vm_flags & VM_SPECIAL, too. | |
ae4e228f | 48904 | @@ -775,6 +815,15 @@ struct vm_area_struct *vma_merge(struct |
58c5fc13 MT |
48905 | if (next && next->vm_end == end) /* cases 6, 7, 8 */ |
48906 | next = next->vm_next; | |
48907 | ||
48908 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48909 | + if (prev) | |
48910 | + prev_m = pax_find_mirror_vma(prev); | |
48911 | + if (area) | |
48912 | + area_m = pax_find_mirror_vma(area); | |
48913 | + if (next) | |
48914 | + next_m = pax_find_mirror_vma(next); | |
48915 | +#endif | |
48916 | + | |
48917 | /* | |
48918 | * Can it merge with the predecessor? | |
48919 | */ | |
ae4e228f | 48920 | @@ -794,9 +843,24 @@ struct vm_area_struct *vma_merge(struct |
58c5fc13 MT |
48921 | /* cases 1, 6 */ |
48922 | vma_adjust(prev, prev->vm_start, | |
48923 | next->vm_end, prev->vm_pgoff, NULL); | |
48924 | - } else /* cases 2, 5, 7 */ | |
48925 | + | |
48926 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48927 | + if (prev_m) | |
48928 | + vma_adjust(prev_m, prev_m->vm_start, | |
48929 | + next_m->vm_end, prev_m->vm_pgoff, NULL); | |
48930 | +#endif | |
48931 | + | |
48932 | + } else { /* cases 2, 5, 7 */ | |
48933 | vma_adjust(prev, prev->vm_start, | |
48934 | end, prev->vm_pgoff, NULL); | |
48935 | + | |
48936 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48937 | + if (prev_m) | |
48938 | + vma_adjust(prev_m, prev_m->vm_start, | |
48939 | + end_m, prev_m->vm_pgoff, NULL); | |
48940 | +#endif | |
48941 | + | |
48942 | + } | |
48943 | return prev; | |
48944 | } | |
48945 | ||
ae4e228f | 48946 | @@ -807,12 +871,27 @@ struct vm_area_struct *vma_merge(struct |
58c5fc13 MT |
48947 | mpol_equal(policy, vma_policy(next)) && |
48948 | can_vma_merge_before(next, vm_flags, | |
48949 | anon_vma, file, pgoff+pglen)) { | |
48950 | - if (prev && addr < prev->vm_end) /* case 4 */ | |
48951 | + if (prev && addr < prev->vm_end) { /* case 4 */ | |
48952 | vma_adjust(prev, prev->vm_start, | |
48953 | addr, prev->vm_pgoff, NULL); | |
48954 | - else /* cases 3, 8 */ | |
48955 | + | |
48956 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48957 | + if (prev_m) | |
48958 | + vma_adjust(prev_m, prev_m->vm_start, | |
48959 | + addr_m, prev_m->vm_pgoff, NULL); | |
48960 | +#endif | |
48961 | + | |
48962 | + } else { /* cases 3, 8 */ | |
48963 | vma_adjust(area, addr, next->vm_end, | |
48964 | next->vm_pgoff - pglen, NULL); | |
48965 | + | |
48966 | +#ifdef CONFIG_PAX_SEGMEXEC | |
48967 | + if (area_m) | |
48968 | + vma_adjust(area_m, addr_m, next_m->vm_end, | |
48969 | + next_m->vm_pgoff - pglen, NULL); | |
48970 | +#endif | |
48971 | + | |
48972 | + } | |
48973 | return area; | |
48974 | } | |
48975 | ||
ae4e228f | 48976 | @@ -887,14 +966,11 @@ none: |
58c5fc13 MT |
48977 | void vm_stat_account(struct mm_struct *mm, unsigned long flags, |
48978 | struct file *file, long pages) | |
48979 | { | |
48980 | - const unsigned long stack_flags | |
48981 | - = VM_STACK_FLAGS & (VM_GROWSUP|VM_GROWSDOWN); | |
48982 | - | |
48983 | if (file) { | |
48984 | mm->shared_vm += pages; | |
48985 | if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC) | |
48986 | mm->exec_vm += pages; | |
48987 | - } else if (flags & stack_flags) | |
48988 | + } else if (flags & (VM_GROWSUP|VM_GROWSDOWN)) | |
48989 | mm->stack_vm += pages; | |
48990 | if (flags & (VM_RESERVED|VM_IO)) | |
48991 | mm->reserved_vm += pages; | |
ae4e228f | 48992 | @@ -921,7 +997,7 @@ unsigned long do_mmap_pgoff(struct file |
58c5fc13 MT |
48993 | * (the exception is when the underlying filesystem is noexec |
48994 | * mounted, in which case we dont add PROT_EXEC.) | |
48995 | */ | |
48996 | - if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC)) | |
48997 | + if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC)) | |
48998 | if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC))) | |
48999 | prot |= PROT_EXEC; | |
49000 | ||
ae4e228f | 49001 | @@ -947,7 +1023,7 @@ unsigned long do_mmap_pgoff(struct file |
58c5fc13 MT |
49002 | /* Obtain the address to map to. we verify (or select) it and ensure |
49003 | * that it represents a valid section of the address space. | |
49004 | */ | |
49005 | - addr = get_unmapped_area(file, addr, len, pgoff, flags); | |
49006 | + addr = get_unmapped_area(file, addr, len, pgoff, flags | ((prot & PROT_EXEC) ? MAP_EXECUTABLE : 0)); | |
49007 | if (addr & ~PAGE_MASK) | |
49008 | return addr; | |
49009 | ||
ae4e228f | 49010 | @@ -958,6 +1034,26 @@ unsigned long do_mmap_pgoff(struct file |
58c5fc13 MT |
49011 | vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | |
49012 | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; | |
49013 | ||
49014 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
49015 | + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { | |
49016 | + | |
49017 | +#ifdef CONFIG_PAX_MPROTECT | |
49018 | + if (mm->pax_flags & MF_PAX_MPROTECT) { | |
49019 | + if ((prot & (PROT_WRITE | PROT_EXEC)) != PROT_EXEC) | |
49020 | + vm_flags &= ~(VM_EXEC | VM_MAYEXEC); | |
49021 | + else | |
49022 | + vm_flags &= ~(VM_WRITE | VM_MAYWRITE); | |
49023 | + } | |
49024 | +#endif | |
49025 | + | |
49026 | + } | |
49027 | +#endif | |
49028 | + | |
49029 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) | |
49030 | + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && file) | |
49031 | + vm_flags &= ~VM_PAGEEXEC; | |
49032 | +#endif | |
49033 | + | |
ae4e228f | 49034 | if (flags & MAP_LOCKED) |
58c5fc13 MT |
49035 | if (!can_do_mlock()) |
49036 | return -EPERM; | |
ae4e228f | 49037 | @@ -969,6 +1065,7 @@ unsigned long do_mmap_pgoff(struct file |
58c5fc13 MT |
49038 | locked += mm->locked_vm; |
49039 | lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur; | |
49040 | lock_limit >>= PAGE_SHIFT; | |
49041 | + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1); | |
49042 | if (locked > lock_limit && !capable(CAP_IPC_LOCK)) | |
49043 | return -EAGAIN; | |
49044 | } | |
ae4e228f | 49045 | @@ -1039,6 +1136,9 @@ unsigned long do_mmap_pgoff(struct file |
58c5fc13 MT |
49046 | if (error) |
49047 | return error; | |
49048 | ||
49049 | + if (!gr_acl_handle_mmap(file, prot)) | |
49050 | + return -EACCES; | |
49051 | + | |
49052 | return mmap_region(file, addr, len, flags, vm_flags, pgoff); | |
49053 | } | |
49054 | EXPORT_SYMBOL(do_mmap_pgoff); | |
ae4e228f | 49055 | @@ -1091,10 +1191,10 @@ out: |
58c5fc13 MT |
49056 | */ |
49057 | int vma_wants_writenotify(struct vm_area_struct *vma) | |
49058 | { | |
49059 | - unsigned int vm_flags = vma->vm_flags; | |
49060 | + unsigned long vm_flags = vma->vm_flags; | |
49061 | ||
49062 | /* If it was private or non-writable, the write bit is already clear */ | |
49063 | - if ((vm_flags & (VM_WRITE|VM_SHARED)) != ((VM_WRITE|VM_SHARED))) | |
49064 | + if ((vm_flags & (VM_WRITE|VM_SHARED)) != (VM_WRITE|VM_SHARED)) | |
49065 | return 0; | |
49066 | ||
49067 | /* The backer wishes to know when pages are first written to? */ | |
ae4e228f | 49068 | @@ -1143,14 +1243,24 @@ unsigned long mmap_region(struct file *f |
58c5fc13 MT |
49069 | unsigned long charged = 0; |
49070 | struct inode *inode = file ? file->f_path.dentry->d_inode : NULL; | |
49071 | ||
49072 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49073 | + struct vm_area_struct *vma_m = NULL; | |
49074 | +#endif | |
49075 | + | |
49076 | + /* | |
49077 | + * mm->mmap_sem is required to protect against another thread | |
49078 | + * changing the mappings in case we sleep. | |
49079 | + */ | |
49080 | + verify_mm_writelocked(mm); | |
49081 | + | |
49082 | /* Clear old maps */ | |
49083 | error = -ENOMEM; | |
49084 | -munmap_back: | |
49085 | vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent); | |
49086 | if (vma && vma->vm_start < addr + len) { | |
49087 | if (do_munmap(mm, addr, len)) | |
49088 | return -ENOMEM; | |
49089 | - goto munmap_back; | |
49090 | + vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent); | |
49091 | + BUG_ON(vma && vma->vm_start < addr + len); | |
49092 | } | |
49093 | ||
49094 | /* Check against address space limit. */ | |
ae4e228f | 49095 | @@ -1199,6 +1309,16 @@ munmap_back: |
58c5fc13 MT |
49096 | goto unacct_error; |
49097 | } | |
49098 | ||
49099 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49100 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vm_flags & VM_EXEC)) { | |
49101 | + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); | |
49102 | + if (!vma_m) { | |
49103 | + error = -ENOMEM; | |
49104 | + goto free_vma; | |
49105 | + } | |
49106 | + } | |
49107 | +#endif | |
49108 | + | |
49109 | vma->vm_mm = mm; | |
49110 | vma->vm_start = addr; | |
49111 | vma->vm_end = addr + len; | |
ae4e228f | 49112 | @@ -1221,6 +1341,19 @@ munmap_back: |
58c5fc13 MT |
49113 | error = file->f_op->mmap(file, vma); |
49114 | if (error) | |
49115 | goto unmap_and_free_vma; | |
49116 | + | |
49117 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49118 | + if (vma_m && (vm_flags & VM_EXECUTABLE)) | |
49119 | + added_exe_file_vma(mm); | |
49120 | +#endif | |
49121 | + | |
49122 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) | |
49123 | + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && !(vma->vm_flags & VM_SPECIAL)) { | |
49124 | + vma->vm_flags |= VM_PAGEEXEC; | |
49125 | + vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); | |
49126 | + } | |
49127 | +#endif | |
49128 | + | |
49129 | if (vm_flags & VM_EXECUTABLE) | |
49130 | added_exe_file_vma(mm); | |
ae4e228f MT |
49131 | |
49132 | @@ -1256,6 +1389,11 @@ munmap_back: | |
58c5fc13 MT |
49133 | vma_link(mm, vma, prev, rb_link, rb_parent); |
49134 | file = vma->vm_file; | |
49135 | ||
49136 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49137 | + if (vma_m) | |
49138 | + pax_mirror_vma(vma_m, vma); | |
49139 | +#endif | |
49140 | + | |
49141 | /* Once vma denies write, undo our temporary denial count */ | |
49142 | if (correct_wcount) | |
49143 | atomic_inc(&inode->i_writecount); | |
ae4e228f | 49144 | @@ -1264,6 +1402,7 @@ out: |
58c5fc13 MT |
49145 | |
49146 | mm->total_vm += len >> PAGE_SHIFT; | |
49147 | vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); | |
49148 | + track_exec_limit(mm, addr, addr + len, vm_flags); | |
49149 | if (vm_flags & VM_LOCKED) { | |
49150 | /* | |
49151 | * makes pages present; downgrades, drops, reacquires mmap_sem | |
ae4e228f | 49152 | @@ -1286,6 +1425,12 @@ unmap_and_free_vma: |
58c5fc13 MT |
49153 | unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); |
49154 | charged = 0; | |
49155 | free_vma: | |
49156 | + | |
49157 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49158 | + if (vma_m) | |
49159 | + kmem_cache_free(vm_area_cachep, vma_m); | |
49160 | +#endif | |
49161 | + | |
49162 | kmem_cache_free(vm_area_cachep, vma); | |
49163 | unacct_error: | |
49164 | if (charged) | |
ae4e228f | 49165 | @@ -1319,6 +1464,10 @@ arch_get_unmapped_area(struct file *filp |
58c5fc13 MT |
49166 | if (flags & MAP_FIXED) |
49167 | return addr; | |
49168 | ||
49169 | +#ifdef CONFIG_PAX_RANDMMAP | |
49170 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP)) | |
49171 | +#endif | |
49172 | + | |
49173 | if (addr) { | |
49174 | addr = PAGE_ALIGN(addr); | |
49175 | vma = find_vma(mm, addr); | |
ae4e228f | 49176 | @@ -1327,10 +1476,10 @@ arch_get_unmapped_area(struct file *filp |
58c5fc13 MT |
49177 | return addr; |
49178 | } | |
49179 | if (len > mm->cached_hole_size) { | |
49180 | - start_addr = addr = mm->free_area_cache; | |
49181 | + start_addr = addr = mm->free_area_cache; | |
49182 | } else { | |
49183 | - start_addr = addr = TASK_UNMAPPED_BASE; | |
49184 | - mm->cached_hole_size = 0; | |
49185 | + start_addr = addr = mm->mmap_base; | |
49186 | + mm->cached_hole_size = 0; | |
49187 | } | |
49188 | ||
49189 | full_search: | |
ae4e228f | 49190 | @@ -1341,9 +1490,8 @@ full_search: |
58c5fc13 MT |
49191 | * Start a new search - just in case we missed |
49192 | * some holes. | |
49193 | */ | |
49194 | - if (start_addr != TASK_UNMAPPED_BASE) { | |
49195 | - addr = TASK_UNMAPPED_BASE; | |
49196 | - start_addr = addr; | |
49197 | + if (start_addr != mm->mmap_base) { | |
49198 | + start_addr = addr = mm->mmap_base; | |
49199 | mm->cached_hole_size = 0; | |
49200 | goto full_search; | |
49201 | } | |
ae4e228f | 49202 | @@ -1365,10 +1513,16 @@ full_search: |
58c5fc13 MT |
49203 | |
49204 | void arch_unmap_area(struct mm_struct *mm, unsigned long addr) | |
49205 | { | |
49206 | + | |
49207 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49208 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE <= addr) | |
49209 | + return; | |
49210 | +#endif | |
49211 | + | |
49212 | /* | |
49213 | * Is this a new hole at the lowest possible address? | |
49214 | */ | |
49215 | - if (addr >= TASK_UNMAPPED_BASE && addr < mm->free_area_cache) { | |
49216 | + if (addr >= mm->mmap_base && addr < mm->free_area_cache) { | |
49217 | mm->free_area_cache = addr; | |
49218 | mm->cached_hole_size = ~0UL; | |
49219 | } | |
ae4e228f | 49220 | @@ -1386,7 +1540,7 @@ arch_get_unmapped_area_topdown(struct fi |
58c5fc13 MT |
49221 | { |
49222 | struct vm_area_struct *vma; | |
49223 | struct mm_struct *mm = current->mm; | |
49224 | - unsigned long addr = addr0; | |
49225 | + unsigned long base = mm->mmap_base, addr = addr0; | |
49226 | ||
49227 | /* requested length too big for entire address space */ | |
49228 | if (len > TASK_SIZE) | |
ae4e228f | 49229 | @@ -1395,6 +1549,10 @@ arch_get_unmapped_area_topdown(struct fi |
58c5fc13 MT |
49230 | if (flags & MAP_FIXED) |
49231 | return addr; | |
49232 | ||
49233 | +#ifdef CONFIG_PAX_RANDMMAP | |
49234 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP)) | |
49235 | +#endif | |
49236 | + | |
49237 | /* requesting a specific address */ | |
49238 | if (addr) { | |
49239 | addr = PAGE_ALIGN(addr); | |
ae4e228f | 49240 | @@ -1452,13 +1610,21 @@ bottomup: |
58c5fc13 MT |
49241 | * can happen with large stack limits and large mmap() |
49242 | * allocations. | |
49243 | */ | |
49244 | + mm->mmap_base = TASK_UNMAPPED_BASE; | |
49245 | + | |
49246 | +#ifdef CONFIG_PAX_RANDMMAP | |
49247 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
49248 | + mm->mmap_base += mm->delta_mmap; | |
49249 | +#endif | |
49250 | + | |
49251 | + mm->free_area_cache = mm->mmap_base; | |
49252 | mm->cached_hole_size = ~0UL; | |
49253 | - mm->free_area_cache = TASK_UNMAPPED_BASE; | |
49254 | addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags); | |
49255 | /* | |
49256 | * Restore the topdown base: | |
49257 | */ | |
49258 | - mm->free_area_cache = mm->mmap_base; | |
49259 | + mm->mmap_base = base; | |
49260 | + mm->free_area_cache = base; | |
49261 | mm->cached_hole_size = ~0UL; | |
49262 | ||
49263 | return addr; | |
ae4e228f | 49264 | @@ -1467,6 +1633,12 @@ bottomup: |
58c5fc13 MT |
49265 | |
49266 | void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) | |
49267 | { | |
49268 | + | |
49269 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49270 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE <= addr) | |
49271 | + return; | |
49272 | +#endif | |
49273 | + | |
49274 | /* | |
49275 | * Is this a new hole at the highest possible address? | |
49276 | */ | |
ae4e228f | 49277 | @@ -1474,8 +1646,10 @@ void arch_unmap_area_topdown(struct mm_s |
58c5fc13 MT |
49278 | mm->free_area_cache = addr; |
49279 | ||
49280 | /* dont allow allocations above current base */ | |
49281 | - if (mm->free_area_cache > mm->mmap_base) | |
49282 | + if (mm->free_area_cache > mm->mmap_base) { | |
49283 | mm->free_area_cache = mm->mmap_base; | |
49284 | + mm->cached_hole_size = ~0UL; | |
49285 | + } | |
49286 | } | |
49287 | ||
49288 | unsigned long | |
ae4e228f | 49289 | @@ -1583,6 +1757,27 @@ out: |
58c5fc13 MT |
49290 | return prev ? prev->vm_next : vma; |
49291 | } | |
49292 | ||
49293 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49294 | +struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma) | |
49295 | +{ | |
49296 | + struct vm_area_struct *vma_m; | |
49297 | + | |
49298 | + BUG_ON(!vma || vma->vm_start >= vma->vm_end); | |
49299 | + if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)) { | |
49300 | + BUG_ON(vma->vm_mirror); | |
49301 | + return NULL; | |
49302 | + } | |
49303 | + BUG_ON(vma->vm_start < SEGMEXEC_TASK_SIZE && SEGMEXEC_TASK_SIZE < vma->vm_end); | |
49304 | + vma_m = vma->vm_mirror; | |
49305 | + BUG_ON(!vma_m || vma_m->vm_mirror != vma); | |
49306 | + BUG_ON(vma->vm_file != vma_m->vm_file); | |
49307 | + BUG_ON(vma->vm_end - vma->vm_start != vma_m->vm_end - vma_m->vm_start); | |
49308 | + BUG_ON(vma->vm_pgoff != vma_m->vm_pgoff || vma->anon_vma != vma_m->anon_vma); | |
49309 | + BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED)); | |
49310 | + return vma_m; | |
49311 | +} | |
49312 | +#endif | |
49313 | + | |
49314 | /* | |
49315 | * Verify that the stack growth is acceptable and | |
49316 | * update accounting. This is shared with both the | |
ae4e228f | 49317 | @@ -1599,6 +1794,7 @@ static int acct_stack_growth(struct vm_a |
58c5fc13 MT |
49318 | return -ENOMEM; |
49319 | ||
49320 | /* Stack limit test */ | |
49321 | + gr_learn_resource(current, RLIMIT_STACK, size, 1); | |
49322 | if (size > rlim[RLIMIT_STACK].rlim_cur) | |
49323 | return -ENOMEM; | |
49324 | ||
ae4e228f | 49325 | @@ -1608,6 +1804,7 @@ static int acct_stack_growth(struct vm_a |
58c5fc13 MT |
49326 | unsigned long limit; |
49327 | locked = mm->locked_vm + grow; | |
49328 | limit = rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT; | |
49329 | + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1); | |
49330 | if (locked > limit && !capable(CAP_IPC_LOCK)) | |
49331 | return -ENOMEM; | |
49332 | } | |
ae4e228f | 49333 | @@ -1643,35 +1840,40 @@ static |
58c5fc13 MT |
49334 | #endif |
49335 | int expand_upwards(struct vm_area_struct *vma, unsigned long address) | |
49336 | { | |
49337 | - int error; | |
49338 | + int error, locknext; | |
49339 | ||
49340 | if (!(vma->vm_flags & VM_GROWSUP)) | |
49341 | return -EFAULT; | |
49342 | ||
49343 | + /* Also guard against wrapping around to address 0. */ | |
49344 | + if (address < PAGE_ALIGN(address+1)) | |
49345 | + address = PAGE_ALIGN(address+1); | |
49346 | + else | |
49347 | + return -ENOMEM; | |
49348 | + | |
49349 | /* | |
49350 | * We must make sure the anon_vma is allocated | |
49351 | * so that the anon_vma locking is not a noop. | |
49352 | */ | |
49353 | if (unlikely(anon_vma_prepare(vma))) | |
49354 | return -ENOMEM; | |
49355 | + locknext = vma->vm_next && (vma->vm_next->vm_flags & VM_GROWSDOWN); | |
49356 | + if (locknext && unlikely(anon_vma_prepare(vma->vm_next))) | |
49357 | + return -ENOMEM; | |
49358 | anon_vma_lock(vma); | |
49359 | + if (locknext) | |
49360 | + anon_vma_lock(vma->vm_next); | |
49361 | ||
49362 | /* | |
49363 | * vma->vm_start/vm_end cannot change under us because the caller | |
49364 | * is required to hold the mmap_sem in read mode. We need the | |
49365 | - * anon_vma lock to serialize against concurrent expand_stacks. | |
49366 | - * Also guard against wrapping around to address 0. | |
49367 | + * anon_vma locks to serialize against concurrent expand_stacks | |
49368 | + * and expand_upwards. | |
49369 | */ | |
49370 | - if (address < PAGE_ALIGN(address+4)) | |
49371 | - address = PAGE_ALIGN(address+4); | |
49372 | - else { | |
49373 | - anon_vma_unlock(vma); | |
49374 | - return -ENOMEM; | |
49375 | - } | |
49376 | error = 0; | |
49377 | ||
49378 | /* Somebody else might have raced and expanded it already */ | |
49379 | - if (address > vma->vm_end) { | |
49380 | + if (address > vma->vm_end && (!locknext || vma->vm_next->vm_start >= address)) { | |
49381 | unsigned long size, grow; | |
49382 | ||
49383 | size = address - vma->vm_start; | |
ae4e228f | 49384 | @@ -1681,6 +1883,8 @@ int expand_upwards(struct vm_area_struct |
58c5fc13 MT |
49385 | if (!error) |
49386 | vma->vm_end = address; | |
49387 | } | |
49388 | + if (locknext) | |
49389 | + anon_vma_unlock(vma->vm_next); | |
49390 | anon_vma_unlock(vma); | |
49391 | return error; | |
49392 | } | |
ae4e228f | 49393 | @@ -1692,7 +1896,8 @@ int expand_upwards(struct vm_area_struct |
58c5fc13 MT |
49394 | static int expand_downwards(struct vm_area_struct *vma, |
49395 | unsigned long address) | |
49396 | { | |
49397 | - int error; | |
49398 | + int error, lockprev = 0; | |
49399 | + struct vm_area_struct *prev = NULL; | |
49400 | ||
49401 | /* | |
49402 | * We must make sure the anon_vma is allocated | |
ae4e228f | 49403 | @@ -1706,6 +1911,15 @@ static int expand_downwards(struct vm_ar |
58c5fc13 MT |
49404 | if (error) |
49405 | return error; | |
49406 | ||
49407 | +#if defined(CONFIG_STACK_GROWSUP) || defined(CONFIG_IA64) | |
49408 | + find_vma_prev(vma->vm_mm, address, &prev); | |
49409 | + lockprev = prev && (prev->vm_flags & VM_GROWSUP); | |
49410 | +#endif | |
49411 | + if (lockprev && unlikely(anon_vma_prepare(prev))) | |
49412 | + return -ENOMEM; | |
49413 | + if (lockprev) | |
49414 | + anon_vma_lock(prev); | |
49415 | + | |
49416 | anon_vma_lock(vma); | |
49417 | ||
49418 | /* | |
ae4e228f | 49419 | @@ -1715,9 +1929,15 @@ static int expand_downwards(struct vm_ar |
58c5fc13 MT |
49420 | */ |
49421 | ||
49422 | /* Somebody else might have raced and expanded it already */ | |
49423 | - if (address < vma->vm_start) { | |
49424 | + if (address < vma->vm_start && (!lockprev || prev->vm_end <= address)) { | |
49425 | unsigned long size, grow; | |
49426 | ||
49427 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49428 | + struct vm_area_struct *vma_m; | |
49429 | + | |
49430 | + vma_m = pax_find_mirror_vma(vma); | |
49431 | +#endif | |
49432 | + | |
49433 | size = vma->vm_end - address; | |
49434 | grow = (vma->vm_start - address) >> PAGE_SHIFT; | |
49435 | ||
ae4e228f | 49436 | @@ -1725,9 +1945,20 @@ static int expand_downwards(struct vm_ar |
58c5fc13 MT |
49437 | if (!error) { |
49438 | vma->vm_start = address; | |
49439 | vma->vm_pgoff -= grow; | |
49440 | + track_exec_limit(vma->vm_mm, vma->vm_start, vma->vm_end, vma->vm_flags); | |
49441 | + | |
49442 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49443 | + if (vma_m) { | |
49444 | + vma_m->vm_start -= grow << PAGE_SHIFT; | |
49445 | + vma_m->vm_pgoff -= grow; | |
49446 | + } | |
49447 | +#endif | |
49448 | + | |
49449 | } | |
49450 | } | |
49451 | anon_vma_unlock(vma); | |
49452 | + if (lockprev) | |
49453 | + anon_vma_unlock(prev); | |
49454 | return error; | |
49455 | } | |
49456 | ||
ae4e228f | 49457 | @@ -1803,6 +2034,13 @@ static void remove_vma_list(struct mm_st |
58c5fc13 MT |
49458 | do { |
49459 | long nrpages = vma_pages(vma); | |
49460 | ||
49461 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49462 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE)) { | |
49463 | + vma = remove_vma(vma); | |
49464 | + continue; | |
49465 | + } | |
49466 | +#endif | |
49467 | + | |
49468 | mm->total_vm -= nrpages; | |
49469 | vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); | |
49470 | vma = remove_vma(vma); | |
ae4e228f | 49471 | @@ -1847,6 +2085,16 @@ detach_vmas_to_be_unmapped(struct mm_str |
58c5fc13 MT |
49472 | |
49473 | insertion_point = (prev ? &prev->vm_next : &mm->mmap); | |
49474 | do { | |
49475 | + | |
49476 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49477 | + if (vma->vm_mirror) { | |
49478 | + BUG_ON(!vma->vm_mirror->vm_mirror || vma->vm_mirror->vm_mirror != vma); | |
49479 | + vma->vm_mirror->vm_mirror = NULL; | |
49480 | + vma->vm_mirror->vm_flags &= ~VM_EXEC; | |
49481 | + vma->vm_mirror = NULL; | |
49482 | + } | |
49483 | +#endif | |
49484 | + | |
49485 | rb_erase(&vma->vm_rb, &mm->mm_rb); | |
49486 | mm->map_count--; | |
49487 | tail_vma = vma; | |
ae4e228f MT |
49488 | @@ -1872,14 +2120,33 @@ static int __split_vma(struct mm_struct |
49489 | struct mempolicy *pol; | |
49490 | struct vm_area_struct *new; | |
49491 | ||
58c5fc13 | 49492 | +#ifdef CONFIG_PAX_SEGMEXEC |
ae4e228f | 49493 | + struct vm_area_struct *vma_m, *new_m = NULL; |
58c5fc13 | 49494 | + unsigned long addr_m = addr + SEGMEXEC_TASK_SIZE; |
ae4e228f | 49495 | +#endif |
58c5fc13 | 49496 | + |
ae4e228f MT |
49497 | if (is_vm_hugetlb_page(vma) && (addr & |
49498 | ~(huge_page_mask(hstate_vma(vma))))) | |
49499 | return -EINVAL; | |
49500 | ||
49501 | +#ifdef CONFIG_PAX_SEGMEXEC | |
58c5fc13 | 49502 | + vma_m = pax_find_mirror_vma(vma); |
ae4e228f | 49503 | +#endif |
58c5fc13 | 49504 | + |
ae4e228f MT |
49505 | new = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL); |
49506 | if (!new) | |
49507 | return -ENOMEM; | |
49508 | ||
49509 | +#ifdef CONFIG_PAX_SEGMEXEC | |
58c5fc13 MT |
49510 | + if (vma_m) { |
49511 | + new_m = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL); | |
49512 | + if (!new_m) { | |
49513 | + kmem_cache_free(vm_area_cachep, new); | |
49514 | + return -ENOMEM; | |
49515 | + } | |
49516 | + } | |
ae4e228f | 49517 | +#endif |
58c5fc13 | 49518 | + |
ae4e228f MT |
49519 | /* most fields are the same, copy all, and then fixup */ |
49520 | *new = *vma; | |
49521 | ||
49522 | @@ -1890,8 +2157,29 @@ static int __split_vma(struct mm_struct | |
49523 | new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); | |
49524 | } | |
49525 | ||
49526 | +#ifdef CONFIG_PAX_SEGMEXEC | |
58c5fc13 MT |
49527 | + if (vma_m) { |
49528 | + *new_m = *vma_m; | |
49529 | + new_m->vm_mirror = new; | |
49530 | + new->vm_mirror = new_m; | |
49531 | + | |
49532 | + if (new_below) | |
49533 | + new_m->vm_end = addr_m; | |
49534 | + else { | |
49535 | + new_m->vm_start = addr_m; | |
49536 | + new_m->vm_pgoff += ((addr_m - vma_m->vm_start) >> PAGE_SHIFT); | |
49537 | + } | |
49538 | + } | |
ae4e228f MT |
49539 | +#endif |
49540 | + | |
49541 | pol = mpol_dup(vma_policy(vma)); | |
49542 | if (IS_ERR(pol)) { | |
58c5fc13 | 49543 | + |
ae4e228f | 49544 | +#ifdef CONFIG_PAX_SEGMEXEC |
58c5fc13 MT |
49545 | + if (new_m) |
49546 | + kmem_cache_free(vm_area_cachep, new_m); | |
ae4e228f | 49547 | +#endif |
58c5fc13 | 49548 | + |
ae4e228f MT |
49549 | kmem_cache_free(vm_area_cachep, new); |
49550 | return PTR_ERR(pol); | |
49551 | } | |
49552 | @@ -1912,6 +2200,28 @@ static int __split_vma(struct mm_struct | |
49553 | else | |
49554 | vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); | |
49555 | ||
49556 | +#ifdef CONFIG_PAX_SEGMEXEC | |
58c5fc13 MT |
49557 | + if (vma_m) { |
49558 | + mpol_get(pol); | |
49559 | + vma_set_policy(new_m, pol); | |
49560 | + | |
49561 | + if (new_m->vm_file) { | |
49562 | + get_file(new_m->vm_file); | |
49563 | + if (vma_m->vm_flags & VM_EXECUTABLE) | |
49564 | + added_exe_file_vma(mm); | |
49565 | + } | |
49566 | + | |
49567 | + if (new_m->vm_ops && new_m->vm_ops->open) | |
49568 | + new_m->vm_ops->open(new_m); | |
49569 | + | |
49570 | + if (new_below) | |
49571 | + vma_adjust(vma_m, addr_m, vma_m->vm_end, vma_m->vm_pgoff + | |
49572 | + ((addr_m - new_m->vm_start) >> PAGE_SHIFT), new_m); | |
49573 | + else | |
49574 | + vma_adjust(vma_m, vma_m->vm_start, addr_m, vma_m->vm_pgoff, new_m); | |
49575 | + } | |
ae4e228f | 49576 | +#endif |
58c5fc13 | 49577 | + |
58c5fc13 MT |
49578 | return 0; |
49579 | } | |
ae4e228f MT |
49580 | |
49581 | @@ -1922,6 +2232,15 @@ static int __split_vma(struct mm_struct | |
49582 | int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, | |
49583 | unsigned long addr, int new_below) | |
49584 | { | |
49585 | + | |
49586 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49587 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) { | |
49588 | + BUG_ON(vma->vm_end > SEGMEXEC_TASK_SIZE); | |
49589 | + if (mm->map_count >= sysctl_max_map_count-1) | |
49590 | + return -ENOMEM; | |
49591 | + } else | |
58c5fc13 | 49592 | +#endif |
ae4e228f MT |
49593 | + |
49594 | if (mm->map_count >= sysctl_max_map_count) | |
49595 | return -ENOMEM; | |
58c5fc13 | 49596 | |
ae4e228f | 49597 | @@ -1933,11 +2252,30 @@ int split_vma(struct mm_struct *mm, stru |
58c5fc13 MT |
49598 | * work. This now handles partial unmappings. |
49599 | * Jeremy Fitzhardinge <jeremy@goop.org> | |
49600 | */ | |
49601 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49602 | int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) | |
49603 | { | |
49604 | + int ret = __do_munmap(mm, start, len); | |
49605 | + if (ret || !(mm->pax_flags & MF_PAX_SEGMEXEC)) | |
49606 | + return ret; | |
49607 | + | |
49608 | + return __do_munmap(mm, start + SEGMEXEC_TASK_SIZE, len); | |
49609 | +} | |
49610 | + | |
49611 | +int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len) | |
49612 | +#else | |
49613 | +int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) | |
49614 | +#endif | |
49615 | +{ | |
49616 | unsigned long end; | |
49617 | struct vm_area_struct *vma, *prev, *last; | |
49618 | ||
49619 | + /* | |
49620 | + * mm->mmap_sem is required to protect against another thread | |
49621 | + * changing the mappings in case we sleep. | |
49622 | + */ | |
49623 | + verify_mm_writelocked(mm); | |
49624 | + | |
49625 | if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) | |
49626 | return -EINVAL; | |
49627 | ||
ae4e228f | 49628 | @@ -2011,6 +2349,8 @@ int do_munmap(struct mm_struct *mm, unsi |
58c5fc13 MT |
49629 | /* Fix up all other VM information */ |
49630 | remove_vma_list(mm, vma); | |
49631 | ||
49632 | + track_exec_limit(mm, start, end, 0UL); | |
49633 | + | |
49634 | return 0; | |
49635 | } | |
49636 | ||
ae4e228f | 49637 | @@ -2023,22 +2363,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a |
58c5fc13 MT |
49638 | |
49639 | profile_munmap(addr); | |
49640 | ||
49641 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49642 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && | |
49643 | + (len > SEGMEXEC_TASK_SIZE || addr > SEGMEXEC_TASK_SIZE-len)) | |
49644 | + return -EINVAL; | |
49645 | +#endif | |
49646 | + | |
49647 | down_write(&mm->mmap_sem); | |
49648 | ret = do_munmap(mm, addr, len); | |
49649 | up_write(&mm->mmap_sem); | |
49650 | return ret; | |
49651 | } | |
49652 | ||
49653 | -static inline void verify_mm_writelocked(struct mm_struct *mm) | |
49654 | -{ | |
49655 | -#ifdef CONFIG_DEBUG_VM | |
49656 | - if (unlikely(down_read_trylock(&mm->mmap_sem))) { | |
49657 | - WARN_ON(1); | |
49658 | - up_read(&mm->mmap_sem); | |
49659 | - } | |
49660 | -#endif | |
49661 | -} | |
49662 | - | |
49663 | /* | |
49664 | * this is really a simplified "do_mmap". it only handles | |
49665 | * anonymous maps. eventually we may be able to do some | |
ae4e228f | 49666 | @@ -2052,6 +2388,11 @@ unsigned long do_brk(unsigned long addr, |
58c5fc13 MT |
49667 | struct rb_node ** rb_link, * rb_parent; |
49668 | pgoff_t pgoff = addr >> PAGE_SHIFT; | |
49669 | int error; | |
49670 | + unsigned long charged; | |
49671 | + | |
49672 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49673 | + struct vm_area_struct *vma_m = NULL; | |
49674 | +#endif | |
49675 | ||
49676 | len = PAGE_ALIGN(len); | |
49677 | if (!len) | |
ae4e228f | 49678 | @@ -2063,16 +2404,30 @@ unsigned long do_brk(unsigned long addr, |
58c5fc13 MT |
49679 | |
49680 | flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; | |
49681 | ||
49682 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
49683 | + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { | |
49684 | + flags &= ~VM_EXEC; | |
49685 | + | |
49686 | +#ifdef CONFIG_PAX_MPROTECT | |
49687 | + if (mm->pax_flags & MF_PAX_MPROTECT) | |
49688 | + flags &= ~VM_MAYEXEC; | |
49689 | +#endif | |
49690 | + | |
49691 | + } | |
49692 | +#endif | |
49693 | + | |
ae4e228f MT |
49694 | error = get_unmapped_area(NULL, addr, len, 0, MAP_FIXED); |
49695 | if (error & ~PAGE_MASK) | |
58c5fc13 MT |
49696 | return error; |
49697 | ||
49698 | + charged = len >> PAGE_SHIFT; | |
49699 | + | |
49700 | /* | |
49701 | * mlock MCL_FUTURE? | |
49702 | */ | |
49703 | if (mm->def_flags & VM_LOCKED) { | |
49704 | unsigned long locked, lock_limit; | |
49705 | - locked = len >> PAGE_SHIFT; | |
49706 | + locked = charged; | |
49707 | locked += mm->locked_vm; | |
49708 | lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur; | |
49709 | lock_limit >>= PAGE_SHIFT; | |
ae4e228f | 49710 | @@ -2089,22 +2444,22 @@ unsigned long do_brk(unsigned long addr, |
58c5fc13 MT |
49711 | /* |
49712 | * Clear old maps. this also does some error checking for us | |
49713 | */ | |
49714 | - munmap_back: | |
49715 | vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent); | |
49716 | if (vma && vma->vm_start < addr + len) { | |
49717 | if (do_munmap(mm, addr, len)) | |
49718 | return -ENOMEM; | |
49719 | - goto munmap_back; | |
49720 | + vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent); | |
49721 | + BUG_ON(vma && vma->vm_start < addr + len); | |
49722 | } | |
49723 | ||
49724 | /* Check against address space limits *after* clearing old maps... */ | |
49725 | - if (!may_expand_vm(mm, len >> PAGE_SHIFT)) | |
49726 | + if (!may_expand_vm(mm, charged)) | |
49727 | return -ENOMEM; | |
49728 | ||
49729 | if (mm->map_count > sysctl_max_map_count) | |
49730 | return -ENOMEM; | |
49731 | ||
49732 | - if (security_vm_enough_memory(len >> PAGE_SHIFT)) | |
49733 | + if (security_vm_enough_memory(charged)) | |
49734 | return -ENOMEM; | |
49735 | ||
49736 | /* Can we just expand an old private anonymous mapping? */ | |
ae4e228f | 49737 | @@ -2118,10 +2473,21 @@ unsigned long do_brk(unsigned long addr, |
58c5fc13 MT |
49738 | */ |
49739 | vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); | |
49740 | if (!vma) { | |
49741 | - vm_unacct_memory(len >> PAGE_SHIFT); | |
49742 | + vm_unacct_memory(charged); | |
49743 | return -ENOMEM; | |
49744 | } | |
49745 | ||
49746 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49747 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (flags & VM_EXEC)) { | |
49748 | + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); | |
49749 | + if (!vma_m) { | |
49750 | + kmem_cache_free(vm_area_cachep, vma); | |
49751 | + vm_unacct_memory(charged); | |
49752 | + return -ENOMEM; | |
49753 | + } | |
49754 | + } | |
49755 | +#endif | |
49756 | + | |
49757 | vma->vm_mm = mm; | |
49758 | vma->vm_start = addr; | |
49759 | vma->vm_end = addr + len; | |
ae4e228f | 49760 | @@ -2130,11 +2496,12 @@ unsigned long do_brk(unsigned long addr, |
58c5fc13 MT |
49761 | vma->vm_page_prot = vm_get_page_prot(flags); |
49762 | vma_link(mm, vma, prev, rb_link, rb_parent); | |
49763 | out: | |
49764 | - mm->total_vm += len >> PAGE_SHIFT; | |
49765 | + mm->total_vm += charged; | |
49766 | if (flags & VM_LOCKED) { | |
49767 | if (!mlock_vma_pages_range(vma, addr, addr + len)) | |
49768 | - mm->locked_vm += (len >> PAGE_SHIFT); | |
49769 | + mm->locked_vm += charged; | |
49770 | } | |
49771 | + track_exec_limit(mm, addr, addr + len, flags); | |
49772 | return addr; | |
49773 | } | |
49774 | ||
ae4e228f | 49775 | @@ -2181,8 +2548,10 @@ void exit_mmap(struct mm_struct *mm) |
58c5fc13 MT |
49776 | * Walk the list again, actually closing and freeing it, |
49777 | * with preemption enabled, without holding any MM locks. | |
49778 | */ | |
49779 | - while (vma) | |
49780 | + while (vma) { | |
49781 | + vma->vm_mirror = NULL; | |
49782 | vma = remove_vma(vma); | |
49783 | + } | |
49784 | ||
49785 | BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT); | |
49786 | } | |
ae4e228f | 49787 | @@ -2196,6 +2565,10 @@ int insert_vm_struct(struct mm_struct * |
58c5fc13 MT |
49788 | struct vm_area_struct * __vma, * prev; |
49789 | struct rb_node ** rb_link, * rb_parent; | |
49790 | ||
49791 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49792 | + struct vm_area_struct *vma_m = NULL; | |
49793 | +#endif | |
49794 | + | |
49795 | /* | |
49796 | * The vm_pgoff of a purely anonymous vma should be irrelevant | |
49797 | * until its first write fault, when page's anon_vma and index | |
ae4e228f | 49798 | @@ -2218,7 +2591,22 @@ int insert_vm_struct(struct mm_struct * |
58c5fc13 MT |
49799 | if ((vma->vm_flags & VM_ACCOUNT) && |
49800 | security_vm_enough_memory_mm(mm, vma_pages(vma))) | |
49801 | return -ENOMEM; | |
49802 | + | |
49803 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49804 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_EXEC)) { | |
49805 | + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); | |
49806 | + if (!vma_m) | |
49807 | + return -ENOMEM; | |
49808 | + } | |
49809 | +#endif | |
49810 | + | |
49811 | vma_link(mm, vma, prev, rb_link, rb_parent); | |
49812 | + | |
49813 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49814 | + if (vma_m) | |
49815 | + pax_mirror_vma(vma_m, vma); | |
49816 | +#endif | |
49817 | + | |
49818 | return 0; | |
49819 | } | |
49820 | ||
ae4e228f | 49821 | @@ -2236,6 +2624,8 @@ struct vm_area_struct *copy_vma(struct v |
58c5fc13 MT |
49822 | struct rb_node **rb_link, *rb_parent; |
49823 | struct mempolicy *pol; | |
49824 | ||
49825 | + BUG_ON(vma->vm_mirror); | |
49826 | + | |
49827 | /* | |
49828 | * If anonymous vma has not yet been faulted, update new pgoff | |
49829 | * to match new location, to increase its chance of merging. | |
ae4e228f | 49830 | @@ -2279,6 +2669,35 @@ struct vm_area_struct *copy_vma(struct v |
58c5fc13 MT |
49831 | return new_vma; |
49832 | } | |
49833 | ||
49834 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49835 | +void pax_mirror_vma(struct vm_area_struct *vma_m, struct vm_area_struct *vma) | |
49836 | +{ | |
49837 | + struct vm_area_struct *prev_m; | |
49838 | + struct rb_node **rb_link_m, *rb_parent_m; | |
49839 | + struct mempolicy *pol_m; | |
49840 | + | |
49841 | + BUG_ON(!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)); | |
49842 | + BUG_ON(vma->vm_mirror || vma_m->vm_mirror); | |
49843 | + BUG_ON(!mpol_equal(vma_policy(vma), vma_policy(vma_m))); | |
49844 | + *vma_m = *vma; | |
49845 | + pol_m = vma_policy(vma_m); | |
49846 | + mpol_get(pol_m); | |
49847 | + vma_set_policy(vma_m, pol_m); | |
49848 | + vma_m->vm_start += SEGMEXEC_TASK_SIZE; | |
49849 | + vma_m->vm_end += SEGMEXEC_TASK_SIZE; | |
49850 | + vma_m->vm_flags &= ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED); | |
49851 | + vma_m->vm_page_prot = vm_get_page_prot(vma_m->vm_flags); | |
49852 | + if (vma_m->vm_file) | |
49853 | + get_file(vma_m->vm_file); | |
49854 | + if (vma_m->vm_ops && vma_m->vm_ops->open) | |
49855 | + vma_m->vm_ops->open(vma_m); | |
49856 | + find_vma_prepare(vma->vm_mm, vma_m->vm_start, &prev_m, &rb_link_m, &rb_parent_m); | |
49857 | + vma_link(vma->vm_mm, vma_m, prev_m, rb_link_m, rb_parent_m); | |
49858 | + vma_m->vm_mirror = vma; | |
49859 | + vma->vm_mirror = vma_m; | |
49860 | +} | |
49861 | +#endif | |
49862 | + | |
49863 | /* | |
49864 | * Return true if the calling process may expand its vm space by the passed | |
49865 | * number of pages | |
ae4e228f | 49866 | @@ -2289,7 +2708,7 @@ int may_expand_vm(struct mm_struct *mm, |
58c5fc13 MT |
49867 | unsigned long lim; |
49868 | ||
49869 | lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT; | |
49870 | - | |
49871 | + gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1); | |
49872 | if (cur + npages > lim) | |
49873 | return 0; | |
49874 | return 1; | |
ae4e228f | 49875 | @@ -2358,6 +2777,15 @@ int install_special_mapping(struct mm_st |
58c5fc13 MT |
49876 | vma->vm_start = addr; |
49877 | vma->vm_end = addr + len; | |
49878 | ||
49879 | +#ifdef CONFIG_PAX_MPROTECT | |
49880 | + if (mm->pax_flags & MF_PAX_MPROTECT) { | |
49881 | + if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC) | |
49882 | + vm_flags &= ~(VM_EXEC | VM_MAYEXEC); | |
49883 | + else | |
49884 | + vm_flags &= ~(VM_WRITE | VM_MAYWRITE); | |
49885 | + } | |
49886 | +#endif | |
49887 | + | |
49888 | vma->vm_flags = vm_flags | mm->def_flags | VM_DONTEXPAND; | |
49889 | vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); | |
49890 | ||
ae4e228f MT |
49891 | diff -urNp linux-2.6.33.1/mm/mprotect.c linux-2.6.33.1/mm/mprotect.c |
49892 | --- linux-2.6.33.1/mm/mprotect.c 2010-03-15 12:09:39.000000000 -0400 | |
49893 | +++ linux-2.6.33.1/mm/mprotect.c 2010-03-20 16:58:42.264564412 -0400 | |
58c5fc13 MT |
49894 | @@ -24,10 +24,16 @@ |
49895 | #include <linux/mmu_notifier.h> | |
49896 | #include <linux/migrate.h> | |
ae4e228f | 49897 | #include <linux/perf_event.h> |
58c5fc13 MT |
49898 | + |
49899 | +#ifdef CONFIG_PAX_MPROTECT | |
49900 | +#include <linux/elf.h> | |
49901 | +#endif | |
49902 | + | |
49903 | #include <asm/uaccess.h> | |
49904 | #include <asm/pgtable.h> | |
49905 | #include <asm/cacheflush.h> | |
49906 | #include <asm/tlbflush.h> | |
49907 | +#include <asm/mmu_context.h> | |
49908 | ||
49909 | #ifndef pgprot_modify | |
49910 | static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot) | |
49911 | @@ -132,6 +138,48 @@ static void change_protection(struct vm_ | |
49912 | flush_tlb_range(vma, start, end); | |
49913 | } | |
49914 | ||
49915 | +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT | |
49916 | +/* called while holding the mmap semaphor for writing except stack expansion */ | |
49917 | +void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot) | |
49918 | +{ | |
49919 | + unsigned long oldlimit, newlimit = 0UL; | |
49920 | + | |
ae4e228f | 49921 | + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || (__supported_pte_mask & _PAGE_NX)) |
58c5fc13 MT |
49922 | + return; |
49923 | + | |
49924 | + spin_lock(&mm->page_table_lock); | |
49925 | + oldlimit = mm->context.user_cs_limit; | |
49926 | + if ((prot & VM_EXEC) && oldlimit < end) | |
49927 | + /* USER_CS limit moved up */ | |
49928 | + newlimit = end; | |
49929 | + else if (!(prot & VM_EXEC) && start < oldlimit && oldlimit <= end) | |
49930 | + /* USER_CS limit moved down */ | |
49931 | + newlimit = start; | |
49932 | + | |
49933 | + if (newlimit) { | |
49934 | + mm->context.user_cs_limit = newlimit; | |
49935 | + | |
49936 | +#ifdef CONFIG_SMP | |
49937 | + wmb(); | |
49938 | + cpus_clear(mm->context.cpu_user_cs_mask); | |
49939 | + cpu_set(smp_processor_id(), mm->context.cpu_user_cs_mask); | |
49940 | +#endif | |
49941 | + | |
49942 | + set_user_cs(mm->context.user_cs_base, mm->context.user_cs_limit, smp_processor_id()); | |
49943 | + } | |
49944 | + spin_unlock(&mm->page_table_lock); | |
49945 | + if (newlimit == end) { | |
49946 | + struct vm_area_struct *vma = find_vma(mm, oldlimit); | |
49947 | + | |
49948 | + for (; vma && vma->vm_start < end; vma = vma->vm_next) | |
49949 | + if (is_vm_hugetlb_page(vma)) | |
49950 | + hugetlb_change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot); | |
49951 | + else | |
49952 | + change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot, vma_wants_writenotify(vma)); | |
49953 | + } | |
49954 | +} | |
49955 | +#endif | |
49956 | + | |
49957 | int | |
49958 | mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, | |
49959 | unsigned long start, unsigned long end, unsigned long newflags) | |
49960 | @@ -144,6 +192,14 @@ mprotect_fixup(struct vm_area_struct *vm | |
49961 | int error; | |
49962 | int dirty_accountable = 0; | |
49963 | ||
49964 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49965 | + struct vm_area_struct *vma_m = NULL; | |
49966 | + unsigned long start_m, end_m; | |
49967 | + | |
49968 | + start_m = start + SEGMEXEC_TASK_SIZE; | |
49969 | + end_m = end + SEGMEXEC_TASK_SIZE; | |
49970 | +#endif | |
49971 | + | |
49972 | if (newflags == oldflags) { | |
49973 | *pprev = vma; | |
49974 | return 0; | |
49975 | @@ -165,6 +221,38 @@ mprotect_fixup(struct vm_area_struct *vm | |
49976 | } | |
49977 | } | |
49978 | ||
49979 | +#ifdef CONFIG_PAX_SEGMEXEC | |
49980 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && ((oldflags ^ newflags) & VM_EXEC)) { | |
49981 | + if (start != vma->vm_start) { | |
49982 | + error = split_vma(mm, vma, start, 1); | |
49983 | + if (error) | |
49984 | + goto fail; | |
49985 | + BUG_ON(!*pprev || (*pprev)->vm_next == vma); | |
49986 | + *pprev = (*pprev)->vm_next; | |
49987 | + } | |
49988 | + | |
49989 | + if (end != vma->vm_end) { | |
49990 | + error = split_vma(mm, vma, end, 0); | |
49991 | + if (error) | |
49992 | + goto fail; | |
49993 | + } | |
49994 | + | |
49995 | + if (pax_find_mirror_vma(vma)) { | |
49996 | + error = __do_munmap(mm, start_m, end_m - start_m); | |
49997 | + if (error) | |
49998 | + goto fail; | |
49999 | + } else { | |
50000 | + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); | |
50001 | + if (!vma_m) { | |
50002 | + error = -ENOMEM; | |
50003 | + goto fail; | |
50004 | + } | |
50005 | + vma->vm_flags = newflags; | |
50006 | + pax_mirror_vma(vma_m, vma); | |
50007 | + } | |
50008 | + } | |
50009 | +#endif | |
50010 | + | |
50011 | /* | |
50012 | * First try to merge with previous and/or next vma. | |
50013 | */ | |
50014 | @@ -196,8 +284,14 @@ success: | |
50015 | * held in write mode. | |
50016 | */ | |
50017 | vma->vm_flags = newflags; | |
50018 | + | |
50019 | +#ifdef CONFIG_PAX_MPROTECT | |
ae4e228f MT |
50020 | + if (mm->binfmt && mm->binfmt->handle_mprotect) |
50021 | + mm->binfmt->handle_mprotect(vma, newflags); | |
58c5fc13 MT |
50022 | +#endif |
50023 | + | |
50024 | vma->vm_page_prot = pgprot_modify(vma->vm_page_prot, | |
50025 | - vm_get_page_prot(newflags)); | |
50026 | + vm_get_page_prot(vma->vm_flags)); | |
50027 | ||
50028 | if (vma_wants_writenotify(vma)) { | |
50029 | vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED); | |
50030 | @@ -238,6 +332,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, | |
50031 | end = start + len; | |
50032 | if (end <= start) | |
50033 | return -ENOMEM; | |
50034 | + | |
50035 | +#ifdef CONFIG_PAX_SEGMEXEC | |
50036 | + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) { | |
50037 | + if (end > SEGMEXEC_TASK_SIZE) | |
50038 | + return -EINVAL; | |
50039 | + } else | |
50040 | +#endif | |
50041 | + | |
50042 | + if (end > TASK_SIZE) | |
50043 | + return -EINVAL; | |
50044 | + | |
50045 | if (!arch_validate_prot(prot)) | |
50046 | return -EINVAL; | |
50047 | ||
50048 | @@ -245,7 +350,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, | |
50049 | /* | |
50050 | * Does the application expect PROT_READ to imply PROT_EXEC: | |
50051 | */ | |
50052 | - if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC)) | |
50053 | + if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC)) | |
50054 | prot |= PROT_EXEC; | |
50055 | ||
50056 | vm_flags = calc_vm_prot_bits(prot); | |
50057 | @@ -277,6 +382,16 @@ SYSCALL_DEFINE3(mprotect, unsigned long, | |
50058 | if (start > vma->vm_start) | |
50059 | prev = vma; | |
50060 | ||
50061 | + if (!gr_acl_handle_mprotect(vma->vm_file, prot)) { | |
50062 | + error = -EACCES; | |
50063 | + goto out; | |
50064 | + } | |
50065 | + | |
50066 | +#ifdef CONFIG_PAX_MPROTECT | |
ae4e228f MT |
50067 | + if (current->mm->binfmt && current->mm->binfmt->handle_mprotect) |
50068 | + current->mm->binfmt->handle_mprotect(vma, vm_flags); | |
58c5fc13 MT |
50069 | +#endif |
50070 | + | |
50071 | for (nstart = start ; ; ) { | |
50072 | unsigned long newflags; | |
50073 | ||
50074 | @@ -301,6 +416,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, | |
50075 | if (error) | |
50076 | goto out; | |
ae4e228f | 50077 | perf_event_mmap(vma); |
58c5fc13 MT |
50078 | + |
50079 | + track_exec_limit(current->mm, nstart, tmp, vm_flags); | |
50080 | + | |
50081 | nstart = tmp; | |
50082 | ||
50083 | if (nstart < prev->vm_end) | |
ae4e228f MT |
50084 | diff -urNp linux-2.6.33.1/mm/mremap.c linux-2.6.33.1/mm/mremap.c |
50085 | --- linux-2.6.33.1/mm/mremap.c 2010-03-15 12:09:39.000000000 -0400 | |
50086 | +++ linux-2.6.33.1/mm/mremap.c 2010-03-20 16:58:42.264564412 -0400 | |
50087 | @@ -114,6 +114,12 @@ static void move_ptes(struct vm_area_str | |
58c5fc13 MT |
50088 | continue; |
50089 | pte = ptep_clear_flush(vma, old_addr, old_pte); | |
50090 | pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr); | |
50091 | + | |
50092 | +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT | |
ae4e228f | 50093 | + if (!(__supported_pte_mask & _PAGE_NX) && (new_vma->vm_flags & (VM_PAGEEXEC | VM_EXEC)) == VM_PAGEEXEC) |
58c5fc13 MT |
50094 | + pte = pte_exprotect(pte); |
50095 | +#endif | |
50096 | + | |
50097 | set_pte_at(mm, new_addr, new_pte, pte); | |
50098 | } | |
50099 | ||
ae4e228f MT |
50100 | @@ -273,6 +279,11 @@ static struct vm_area_struct *vma_to_res |
50101 | if (is_vm_hugetlb_page(vma)) | |
50102 | goto Einval; | |
50103 | ||
50104 | +#ifdef CONFIG_PAX_SEGMEXEC | |
50105 | + if (pax_find_mirror_vma(vma)) | |
50106 | + goto Einval; | |
50107 | +#endif | |
50108 | + | |
50109 | /* We can't remap across vm area boundaries */ | |
50110 | if (old_len > vma->vm_end - addr) | |
50111 | goto Efault; | |
50112 | @@ -322,20 +333,23 @@ static unsigned long mremap_to(unsigned | |
50113 | unsigned long ret = -EINVAL; | |
50114 | unsigned long charged = 0; | |
50115 | unsigned long map_flags; | |
50116 | + unsigned long pax_task_size = TASK_SIZE; | |
50117 | ||
50118 | if (new_addr & ~PAGE_MASK) | |
50119 | goto out; | |
50120 | ||
50121 | - if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len) | |
50122 | +#ifdef CONFIG_PAX_SEGMEXEC | |
50123 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
50124 | + pax_task_size = SEGMEXEC_TASK_SIZE; | |
50125 | +#endif | |
50126 | + | |
50127 | + if (new_len > TASK_SIZE || new_addr > pax_task_size - new_len) | |
50128 | goto out; | |
50129 | ||
50130 | /* Check if the location we're moving into overlaps the | |
50131 | * old location at all, and fail if it does. | |
50132 | */ | |
50133 | - if ((new_addr <= addr) && (new_addr+new_len) > addr) | |
50134 | - goto out; | |
50135 | - | |
50136 | - if ((addr <= new_addr) && (addr+old_len) > new_addr) | |
50137 | + if (addr + old_len > new_addr && new_addr + new_len > addr) | |
50138 | goto out; | |
50139 | ||
50140 | ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1); | |
50141 | @@ -407,6 +421,7 @@ unsigned long do_mremap(unsigned long ad | |
58c5fc13 MT |
50142 | struct vm_area_struct *vma; |
50143 | unsigned long ret = -EINVAL; | |
50144 | unsigned long charged = 0; | |
50145 | + unsigned long pax_task_size = TASK_SIZE; | |
50146 | ||
50147 | if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) | |
50148 | goto out; | |
ae4e228f | 50149 | @@ -425,6 +440,15 @@ unsigned long do_mremap(unsigned long ad |
58c5fc13 MT |
50150 | if (!new_len) |
50151 | goto out; | |
50152 | ||
50153 | +#ifdef CONFIG_PAX_SEGMEXEC | |
ae4e228f | 50154 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) |
58c5fc13 MT |
50155 | + pax_task_size = SEGMEXEC_TASK_SIZE; |
50156 | +#endif | |
50157 | + | |
50158 | + if (new_len > pax_task_size || addr > pax_task_size-new_len || | |
50159 | + old_len > pax_task_size || addr > pax_task_size-old_len) | |
50160 | + goto out; | |
50161 | + | |
58c5fc13 | 50162 | if (flags & MREMAP_FIXED) { |
ae4e228f MT |
50163 | if (flags & MREMAP_MAYMOVE) |
50164 | ret = mremap_to(addr, old_len, new_addr, new_len); | |
50165 | @@ -471,6 +495,7 @@ unsigned long do_mremap(unsigned long ad | |
58c5fc13 MT |
50166 | addr + new_len); |
50167 | } | |
50168 | ret = addr; | |
50169 | + track_exec_limit(vma->vm_mm, vma->vm_start, addr + new_len, vma->vm_flags); | |
50170 | goto out; | |
50171 | } | |
50172 | } | |
ae4e228f MT |
50173 | @@ -497,7 +522,13 @@ unsigned long do_mremap(unsigned long ad |
50174 | ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1); | |
50175 | if (ret) | |
50176 | goto out; | |
50177 | + | |
58c5fc13 MT |
50178 | + map_flags = vma->vm_flags; |
50179 | ret = move_vma(vma, addr, old_len, new_len, new_addr); | |
50180 | + if (!(ret & ~PAGE_MASK)) { | |
50181 | + track_exec_limit(current->mm, addr, addr + old_len, 0UL); | |
50182 | + track_exec_limit(current->mm, new_addr, new_addr + new_len, map_flags); | |
50183 | + } | |
50184 | } | |
50185 | out: | |
50186 | if (ret & ~PAGE_MASK) | |
ae4e228f MT |
50187 | diff -urNp linux-2.6.33.1/mm/nommu.c linux-2.6.33.1/mm/nommu.c |
50188 | --- linux-2.6.33.1/mm/nommu.c 2010-03-15 12:09:39.000000000 -0400 | |
50189 | +++ linux-2.6.33.1/mm/nommu.c 2010-03-20 16:58:42.268525965 -0400 | |
50190 | @@ -759,15 +759,6 @@ struct vm_area_struct *find_vma(struct m | |
58c5fc13 MT |
50191 | EXPORT_SYMBOL(find_vma); |
50192 | ||
50193 | /* | |
50194 | - * find a VMA | |
50195 | - * - we don't extend stack VMAs under NOMMU conditions | |
50196 | - */ | |
50197 | -struct vm_area_struct *find_extend_vma(struct mm_struct *mm, unsigned long addr) | |
50198 | -{ | |
50199 | - return find_vma(mm, addr); | |
50200 | -} | |
50201 | - | |
50202 | -/* | |
50203 | * expand a stack to a given address | |
50204 | * - not supported under NOMMU conditions | |
50205 | */ | |
ae4e228f MT |
50206 | diff -urNp linux-2.6.33.1/mm/page_alloc.c linux-2.6.33.1/mm/page_alloc.c |
50207 | --- linux-2.6.33.1/mm/page_alloc.c 2010-03-15 12:09:39.000000000 -0400 | |
50208 | +++ linux-2.6.33.1/mm/page_alloc.c 2010-03-20 16:58:42.272540377 -0400 | |
50209 | @@ -583,6 +583,10 @@ static void __free_pages_ok(struct page | |
58c5fc13 | 50210 | int bad = 0; |
ae4e228f | 50211 | int wasMlocked = __TestClearPageMlocked(page); |
58c5fc13 MT |
50212 | |
50213 | +#ifdef CONFIG_PAX_MEMORY_SANITIZE | |
50214 | + unsigned long index = 1UL << order; | |
50215 | +#endif | |
50216 | + | |
50217 | kmemcheck_free_shadow(page, order); | |
50218 | ||
50219 | for (i = 0 ; i < (1 << order) ; ++i) | |
ae4e228f | 50220 | @@ -595,6 +599,12 @@ static void __free_pages_ok(struct page |
58c5fc13 MT |
50221 | debug_check_no_obj_freed(page_address(page), |
50222 | PAGE_SIZE << order); | |
50223 | } | |
50224 | + | |
50225 | +#ifdef CONFIG_PAX_MEMORY_SANITIZE | |
50226 | + for (; index; --index) | |
50227 | + sanitize_highpage(page + index - 1); | |
50228 | +#endif | |
50229 | + | |
50230 | arch_free_page(page, order); | |
50231 | kernel_map_pages(page, 1 << order, 0); | |
50232 | ||
ae4e228f | 50233 | @@ -698,8 +708,10 @@ static int prep_new_page(struct page *pa |
58c5fc13 MT |
50234 | arch_alloc_page(page, order); |
50235 | kernel_map_pages(page, 1 << order, 1); | |
50236 | ||
50237 | +#ifndef CONFIG_PAX_MEMORY_SANITIZE | |
50238 | if (gfp_flags & __GFP_ZERO) | |
50239 | prep_zero_page(page, order, gfp_flags); | |
50240 | +#endif | |
50241 | ||
50242 | if (order && (gfp_flags & __GFP_COMP)) | |
50243 | prep_compound_page(page, order); | |
ae4e228f | 50244 | @@ -1093,6 +1105,11 @@ static void free_hot_cold_page(struct pa |
58c5fc13 MT |
50245 | debug_check_no_locks_freed(page_address(page), PAGE_SIZE); |
50246 | debug_check_no_obj_freed(page_address(page), PAGE_SIZE); | |
50247 | } | |
50248 | + | |
50249 | +#ifdef CONFIG_PAX_MEMORY_SANITIZE | |
50250 | + sanitize_highpage(page); | |
50251 | +#endif | |
50252 | + | |
50253 | arch_free_page(page, 0); | |
50254 | kernel_map_pages(page, 1, 0); | |
50255 | ||
ae4e228f MT |
50256 | diff -urNp linux-2.6.33.1/mm/percpu.c linux-2.6.33.1/mm/percpu.c |
50257 | --- linux-2.6.33.1/mm/percpu.c 2010-03-15 12:09:39.000000000 -0400 | |
50258 | +++ linux-2.6.33.1/mm/percpu.c 2010-03-20 16:58:42.272540377 -0400 | |
50259 | @@ -114,7 +114,7 @@ static unsigned int pcpu_first_unit_cpu | |
50260 | static unsigned int pcpu_last_unit_cpu __read_mostly; | |
58c5fc13 MT |
50261 | |
50262 | /* the address of the first chunk which starts with the kernel static area */ | |
50263 | -void *pcpu_base_addr __read_mostly; | |
50264 | +void *pcpu_base_addr __read_only; | |
50265 | EXPORT_SYMBOL_GPL(pcpu_base_addr); | |
50266 | ||
ae4e228f MT |
50267 | static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */ |
50268 | diff -urNp linux-2.6.33.1/mm/rmap.c linux-2.6.33.1/mm/rmap.c | |
50269 | --- linux-2.6.33.1/mm/rmap.c 2010-03-15 12:09:39.000000000 -0400 | |
50270 | +++ linux-2.6.33.1/mm/rmap.c 2010-03-20 16:58:42.272540377 -0400 | |
50271 | @@ -109,6 +109,10 @@ int anon_vma_prepare(struct vm_area_stru | |
58c5fc13 MT |
50272 | struct mm_struct *mm = vma->vm_mm; |
50273 | struct anon_vma *allocated; | |
50274 | ||
50275 | +#ifdef CONFIG_PAX_SEGMEXEC | |
50276 | + struct vm_area_struct *vma_m; | |
50277 | +#endif | |
50278 | + | |
50279 | anon_vma = find_mergeable_anon_vma(vma); | |
50280 | allocated = NULL; | |
50281 | if (!anon_vma) { | |
ae4e228f | 50282 | @@ -122,6 +126,15 @@ int anon_vma_prepare(struct vm_area_stru |
58c5fc13 MT |
50283 | /* page_table_lock to protect against threads */ |
50284 | spin_lock(&mm->page_table_lock); | |
50285 | if (likely(!vma->anon_vma)) { | |
50286 | + | |
50287 | +#ifdef CONFIG_PAX_SEGMEXEC | |
50288 | + vma_m = pax_find_mirror_vma(vma); | |
50289 | + if (vma_m) { | |
50290 | + vma_m->anon_vma = anon_vma; | |
50291 | + __anon_vma_link(vma_m); | |
50292 | + } | |
50293 | +#endif | |
50294 | + | |
50295 | vma->anon_vma = anon_vma; | |
50296 | list_add_tail(&vma->anon_vma_node, &anon_vma->head); | |
50297 | allocated = NULL; | |
ae4e228f MT |
50298 | diff -urNp linux-2.6.33.1/mm/shmem.c linux-2.6.33.1/mm/shmem.c |
50299 | --- linux-2.6.33.1/mm/shmem.c 2010-03-15 12:09:39.000000000 -0400 | |
50300 | +++ linux-2.6.33.1/mm/shmem.c 2010-03-20 16:58:42.272540377 -0400 | |
50301 | @@ -30,7 +30,7 @@ | |
50302 | #include <linux/module.h> | |
58c5fc13 | 50303 | #include <linux/swap.h> |
58c5fc13 MT |
50304 | |
50305 | -static struct vfsmount *shm_mnt; | |
50306 | +struct vfsmount *shm_mnt; | |
50307 | ||
50308 | #ifdef CONFIG_SHMEM | |
50309 | /* | |
ae4e228f MT |
50310 | diff -urNp linux-2.6.33.1/mm/slab.c linux-2.6.33.1/mm/slab.c |
50311 | --- linux-2.6.33.1/mm/slab.c 2010-03-15 12:09:39.000000000 -0400 | |
50312 | +++ linux-2.6.33.1/mm/slab.c 2010-03-20 16:58:42.276578221 -0400 | |
58c5fc13 MT |
50313 | @@ -308,7 +308,7 @@ struct kmem_list3 { |
50314 | * Need this for bootstrapping a per node allocator. | |
50315 | */ | |
50316 | #define NUM_INIT_LISTS (3 * MAX_NUMNODES) | |
50317 | -struct kmem_list3 __initdata initkmem_list3[NUM_INIT_LISTS]; | |
50318 | +struct kmem_list3 initkmem_list3[NUM_INIT_LISTS]; | |
50319 | #define CACHE_CACHE 0 | |
50320 | #define SIZE_AC MAX_NUMNODES | |
50321 | #define SIZE_L3 (2 * MAX_NUMNODES) | |
50322 | @@ -558,7 +558,7 @@ static inline void *index_to_obj(struct | |
50323 | * reciprocal_divide(offset, cache->reciprocal_buffer_size) | |
50324 | */ | |
50325 | static inline unsigned int obj_to_index(const struct kmem_cache *cache, | |
50326 | - const struct slab *slab, void *obj) | |
50327 | + const struct slab *slab, const void *obj) | |
50328 | { | |
50329 | u32 offset = (obj - slab->s_mem); | |
50330 | return reciprocal_divide(offset, cache->reciprocal_buffer_size); | |
50331 | @@ -584,14 +584,14 @@ struct cache_names { | |
50332 | static struct cache_names __initdata cache_names[] = { | |
50333 | #define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" }, | |
50334 | #include <linux/kmalloc_sizes.h> | |
50335 | - {NULL,} | |
50336 | + {NULL, NULL} | |
50337 | #undef CACHE | |
50338 | }; | |
50339 | ||
50340 | static struct arraycache_init initarray_cache __initdata = | |
50341 | - { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} }; | |
50342 | + { {0, BOOT_CPUCACHE_ENTRIES, 1, 0}, {NULL} }; | |
50343 | static struct arraycache_init initarray_generic = | |
50344 | - { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} }; | |
50345 | + { {0, BOOT_CPUCACHE_ENTRIES, 1, 0}, {NULL} }; | |
50346 | ||
50347 | /* internal cache of cache description objs */ | |
50348 | static struct kmem_cache cache_cache = { | |
ae4e228f MT |
50349 | @@ -4104,7 +4104,7 @@ out: |
50350 | schedule_delayed_work(work, round_jiffies_relative(REAPTIMEOUT_CPUC)); | |
50351 | } | |
58c5fc13 | 50352 | |
ae4e228f MT |
50353 | -#ifdef CONFIG_SLABINFO |
50354 | +#if defined(CONFIG_SLABINFO) && !defined(CONFIG_GRKERNSEC_PROC_ADD) | |
50355 | ||
50356 | static void print_slabinfo_header(struct seq_file *m) | |
58c5fc13 | 50357 | { |
ae4e228f | 50358 | @@ -4502,6 +4502,51 @@ static int __init slab_proc_init(void) |
58c5fc13 MT |
50359 | module_init(slab_proc_init); |
50360 | #endif | |
50361 | ||
50362 | +void check_object_size(const void *ptr, unsigned long n, bool to) | |
50363 | +{ | |
50364 | + | |
50365 | +#ifdef CONFIG_PAX_USERCOPY | |
50366 | + struct kmem_cache *cachep; | |
50367 | + struct slab *slabp; | |
50368 | + struct page *page; | |
50369 | + unsigned int objnr; | |
50370 | + unsigned long offset; | |
50371 | + | |
50372 | + if (!n) | |
50373 | + return; | |
50374 | + | |
50375 | + if (ZERO_OR_NULL_PTR(ptr)) | |
50376 | + goto report; | |
50377 | + | |
50378 | + if (!virt_addr_valid(ptr)) | |
50379 | + return; | |
50380 | + | |
50381 | + page = virt_to_head_page(ptr); | |
50382 | + | |
ae4e228f MT |
50383 | + if (!PageSlab(page)) { |
50384 | + if (object_is_on_stack(ptr, n) == -1) | |
50385 | + goto report; | |
58c5fc13 | 50386 | + return; |
ae4e228f | 50387 | + } |
58c5fc13 MT |
50388 | + |
50389 | + cachep = page_get_cache(page); | |
50390 | + slabp = page_get_slab(page); | |
50391 | + objnr = obj_to_index(cachep, slabp, ptr); | |
50392 | + BUG_ON(objnr >= cachep->num); | |
50393 | + offset = ptr - index_to_obj(cachep, slabp, objnr) - obj_offset(cachep); | |
50394 | + if (offset <= obj_size(cachep) && n <= obj_size(cachep) - offset) | |
50395 | + return; | |
50396 | + | |
50397 | +report: | |
50398 | + if (to) | |
50399 | + pax_report_leak_to_user(ptr, n); | |
50400 | + else | |
50401 | + pax_report_overflow_from_user(ptr, n); | |
50402 | +#endif | |
50403 | + | |
50404 | +} | |
50405 | +EXPORT_SYMBOL(check_object_size); | |
50406 | + | |
50407 | /** | |
50408 | * ksize - get the actual amount of memory allocated for a given object | |
50409 | * @objp: Pointer to the object | |
ae4e228f MT |
50410 | diff -urNp linux-2.6.33.1/mm/slob.c linux-2.6.33.1/mm/slob.c |
50411 | --- linux-2.6.33.1/mm/slob.c 2010-03-15 12:09:39.000000000 -0400 | |
50412 | +++ linux-2.6.33.1/mm/slob.c 2010-03-20 16:58:42.276578221 -0400 | |
58c5fc13 MT |
50413 | @@ -29,7 +29,7 @@ |
50414 | * If kmalloc is asked for objects of PAGE_SIZE or larger, it calls | |
50415 | * alloc_pages() directly, allocating compound pages so the page order | |
50416 | * does not have to be separately tracked, and also stores the exact | |
50417 | - * allocation size in page->private so that it can be used to accurately | |
50418 | + * allocation size in slob_page->size so that it can be used to accurately | |
50419 | * provide ksize(). These objects are detected in kfree() because slob_page() | |
50420 | * is false for them. | |
50421 | * | |
50422 | @@ -58,6 +58,7 @@ | |
50423 | */ | |
50424 | ||
50425 | #include <linux/kernel.h> | |
50426 | +#include <linux/sched.h> | |
50427 | #include <linux/slab.h> | |
50428 | #include <linux/mm.h> | |
50429 | #include <linux/swap.h> /* struct reclaim_state */ | |
50430 | @@ -100,7 +101,8 @@ struct slob_page { | |
50431 | unsigned long flags; /* mandatory */ | |
50432 | atomic_t _count; /* mandatory */ | |
50433 | slobidx_t units; /* free units left in page */ | |
50434 | - unsigned long pad[2]; | |
50435 | + unsigned long pad[1]; | |
50436 | + unsigned long size; /* size when >=PAGE_SIZE */ | |
50437 | slob_t *free; /* first free slob_t in page */ | |
50438 | struct list_head list; /* linked list of free pages */ | |
50439 | }; | |
50440 | @@ -133,7 +135,7 @@ static LIST_HEAD(free_slob_large); | |
50441 | */ | |
50442 | static inline int is_slob_page(struct slob_page *sp) | |
50443 | { | |
50444 | - return PageSlab((struct page *)sp); | |
50445 | + return PageSlab((struct page *)sp) && !sp->size; | |
50446 | } | |
50447 | ||
50448 | static inline void set_slob_page(struct slob_page *sp) | |
50449 | @@ -148,7 +150,7 @@ static inline void clear_slob_page(struc | |
50450 | ||
50451 | static inline struct slob_page *slob_page(const void *addr) | |
50452 | { | |
50453 | - return (struct slob_page *)virt_to_page(addr); | |
50454 | + return (struct slob_page *)virt_to_head_page(addr); | |
50455 | } | |
50456 | ||
50457 | /* | |
50458 | @@ -208,7 +210,7 @@ static void set_slob(slob_t *s, slobidx_ | |
50459 | /* | |
50460 | * Return the size of a slob block. | |
50461 | */ | |
50462 | -static slobidx_t slob_units(slob_t *s) | |
50463 | +static slobidx_t slob_units(const slob_t *s) | |
50464 | { | |
50465 | if (s->units > 0) | |
50466 | return s->units; | |
50467 | @@ -218,7 +220,7 @@ static slobidx_t slob_units(slob_t *s) | |
50468 | /* | |
50469 | * Return the next free slob block pointer after this one. | |
50470 | */ | |
50471 | -static slob_t *slob_next(slob_t *s) | |
50472 | +static slob_t *slob_next(const slob_t *s) | |
50473 | { | |
50474 | slob_t *base = (slob_t *)((unsigned long)s & PAGE_MASK); | |
50475 | slobidx_t next; | |
50476 | @@ -233,7 +235,7 @@ static slob_t *slob_next(slob_t *s) | |
50477 | /* | |
50478 | * Returns true if s is the last free block in its page. | |
50479 | */ | |
50480 | -static int slob_last(slob_t *s) | |
50481 | +static int slob_last(const slob_t *s) | |
50482 | { | |
50483 | return !((unsigned long)slob_next(s) & ~PAGE_MASK); | |
50484 | } | |
50485 | @@ -252,6 +254,7 @@ static void *slob_new_pages(gfp_t gfp, i | |
50486 | if (!page) | |
50487 | return NULL; | |
50488 | ||
50489 | + set_slob_page(page); | |
50490 | return page_address(page); | |
50491 | } | |
50492 | ||
50493 | @@ -368,11 +371,11 @@ static void *slob_alloc(size_t size, gfp | |
50494 | if (!b) | |
50495 | return NULL; | |
50496 | sp = slob_page(b); | |
50497 | - set_slob_page(sp); | |
50498 | ||
50499 | spin_lock_irqsave(&slob_lock, flags); | |
50500 | sp->units = SLOB_UNITS(PAGE_SIZE); | |
50501 | sp->free = b; | |
50502 | + sp->size = 0; | |
50503 | INIT_LIST_HEAD(&sp->list); | |
50504 | set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE)); | |
50505 | set_slob_page_free(sp, slob_list); | |
50506 | @@ -475,10 +478,9 @@ out: | |
50507 | #define ARCH_SLAB_MINALIGN __alignof__(unsigned long) | |
50508 | #endif | |
50509 | ||
50510 | -void *__kmalloc_node(size_t size, gfp_t gfp, int node) | |
50511 | +static void *__kmalloc_node_align(size_t size, gfp_t gfp, int node, int align) | |
50512 | { | |
50513 | - unsigned int *m; | |
50514 | - int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); | |
50515 | + slob_t *m; | |
50516 | void *ret; | |
50517 | ||
50518 | lockdep_trace_alloc(gfp); | |
50519 | @@ -491,7 +493,10 @@ void *__kmalloc_node(size_t size, gfp_t | |
50520 | ||
50521 | if (!m) | |
50522 | return NULL; | |
50523 | - *m = size; | |
50524 | + BUILD_BUG_ON(ARCH_KMALLOC_MINALIGN < 2 * SLOB_UNIT); | |
50525 | + BUILD_BUG_ON(ARCH_SLAB_MINALIGN < 2 * SLOB_UNIT); | |
50526 | + m[0].units = size; | |
50527 | + m[1].units = align; | |
50528 | ret = (void *)m + align; | |
50529 | ||
50530 | trace_kmalloc_node(_RET_IP_, ret, | |
50531 | @@ -501,9 +506,9 @@ void *__kmalloc_node(size_t size, gfp_t | |
50532 | ||
50533 | ret = slob_new_pages(gfp | __GFP_COMP, get_order(size), node); | |
50534 | if (ret) { | |
50535 | - struct page *page; | |
50536 | - page = virt_to_page(ret); | |
50537 | - page->private = size; | |
50538 | + struct slob_page *sp; | |
50539 | + sp = slob_page(ret); | |
50540 | + sp->size = size; | |
50541 | } | |
50542 | ||
50543 | trace_kmalloc_node(_RET_IP_, ret, | |
50544 | @@ -513,6 +518,13 @@ void *__kmalloc_node(size_t size, gfp_t | |
50545 | kmemleak_alloc(ret, size, 1, gfp); | |
50546 | return ret; | |
50547 | } | |
50548 | + | |
50549 | +void *__kmalloc_node(size_t size, gfp_t gfp, int node) | |
50550 | +{ | |
50551 | + int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); | |
50552 | + | |
50553 | + return __kmalloc_node_align(size, gfp, node, align); | |
50554 | +} | |
50555 | EXPORT_SYMBOL(__kmalloc_node); | |
50556 | ||
50557 | void kfree(const void *block) | |
ae4e228f | 50558 | @@ -528,13 +540,84 @@ void kfree(const void *block) |
58c5fc13 MT |
50559 | sp = slob_page(block); |
50560 | if (is_slob_page(sp)) { | |
50561 | int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); | |
50562 | - unsigned int *m = (unsigned int *)(block - align); | |
50563 | - slob_free(m, *m + align); | |
50564 | - } else | |
50565 | + slob_t *m = (slob_t *)(block - align); | |
50566 | + slob_free(m, m[0].units + align); | |
50567 | + } else { | |
50568 | + clear_slob_page(sp); | |
50569 | + free_slob_page(sp); | |
50570 | + sp->size = 0; | |
50571 | put_page(&sp->page); | |
50572 | + } | |
50573 | } | |
50574 | EXPORT_SYMBOL(kfree); | |
50575 | ||
50576 | +void check_object_size(const void *ptr, unsigned long n, bool to) | |
50577 | +{ | |
50578 | + | |
50579 | +#ifdef CONFIG_PAX_USERCOPY | |
50580 | + struct slob_page *sp; | |
50581 | + const slob_t *free; | |
50582 | + const void *base; | |
50583 | + | |
50584 | + if (!n) | |
50585 | + return; | |
50586 | + | |
50587 | + if (ZERO_OR_NULL_PTR(ptr)) | |
50588 | + goto report; | |
50589 | + | |
50590 | + if (!virt_addr_valid(ptr)) | |
50591 | + return; | |
50592 | + | |
50593 | + sp = slob_page(ptr); | |
ae4e228f MT |
50594 | + if (!PageSlab((struct page*)sp)) { |
50595 | + if (object_is_on_stack(ptr, n) == -1) | |
50596 | + goto report; | |
58c5fc13 | 50597 | + return; |
ae4e228f | 50598 | + } |
58c5fc13 MT |
50599 | + |
50600 | + if (sp->size) { | |
50601 | + base = page_address(&sp->page); | |
50602 | + if (base <= ptr && n <= sp->size - (ptr - base)) | |
50603 | + return; | |
50604 | + goto report; | |
50605 | + } | |
50606 | + | |
50607 | + /* some tricky double walking to find the chunk */ | |
50608 | + base = (void *)((unsigned long)ptr & PAGE_MASK); | |
50609 | + free = sp->free; | |
50610 | + | |
50611 | + while (!slob_last(free) && (void *)free <= ptr) { | |
50612 | + base = free + slob_units(free); | |
50613 | + free = slob_next(free); | |
50614 | + } | |
50615 | + | |
50616 | + while (base < (void *)free) { | |
50617 | + slobidx_t m = ((slob_t *)base)[0].units, align = ((slob_t *)base)[1].units; | |
50618 | + int size = SLOB_UNIT * SLOB_UNITS(m + align); | |
50619 | + int offset; | |
50620 | + | |
50621 | + if (ptr < base + align) | |
50622 | + goto report; | |
50623 | + | |
50624 | + offset = ptr - base - align; | |
50625 | + if (offset < m) { | |
50626 | + if (n <= m - offset) | |
50627 | + return; | |
50628 | + goto report; | |
50629 | + } | |
50630 | + base += size; | |
50631 | + } | |
50632 | + | |
50633 | +report: | |
50634 | + if (to) | |
50635 | + pax_report_leak_to_user(ptr, n); | |
50636 | + else | |
50637 | + pax_report_overflow_from_user(ptr, n); | |
50638 | +#endif | |
50639 | + | |
50640 | +} | |
50641 | +EXPORT_SYMBOL(check_object_size); | |
50642 | + | |
50643 | /* can't use ksize for kmem_cache_alloc memory, only kmalloc */ | |
50644 | size_t ksize(const void *block) | |
50645 | { | |
ae4e228f | 50646 | @@ -547,10 +630,10 @@ size_t ksize(const void *block) |
58c5fc13 MT |
50647 | sp = slob_page(block); |
50648 | if (is_slob_page(sp)) { | |
50649 | int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); | |
50650 | - unsigned int *m = (unsigned int *)(block - align); | |
50651 | - return SLOB_UNITS(*m) * SLOB_UNIT; | |
50652 | + slob_t *m = (slob_t *)(block - align); | |
50653 | + return SLOB_UNITS(m[0].units) * SLOB_UNIT; | |
50654 | } else | |
50655 | - return sp->page.private; | |
50656 | + return sp->size; | |
50657 | } | |
50658 | EXPORT_SYMBOL(ksize); | |
50659 | ||
ae4e228f | 50660 | @@ -605,17 +688,25 @@ void *kmem_cache_alloc_node(struct kmem_ |
58c5fc13 MT |
50661 | { |
50662 | void *b; | |
50663 | ||
50664 | +#ifdef CONFIG_PAX_USERCOPY | |
50665 | + b = __kmalloc_node_align(c->size, flags, node, c->align); | |
50666 | +#else | |
50667 | if (c->size < PAGE_SIZE) { | |
50668 | b = slob_alloc(c->size, flags, c->align, node); | |
50669 | trace_kmem_cache_alloc_node(_RET_IP_, b, c->size, | |
50670 | SLOB_UNITS(c->size) * SLOB_UNIT, | |
50671 | flags, node); | |
50672 | } else { | |
50673 | + struct slob_page *sp; | |
50674 | + | |
50675 | b = slob_new_pages(flags, get_order(c->size), node); | |
50676 | + sp = slob_page(b); | |
50677 | + sp->size = c->size; | |
50678 | trace_kmem_cache_alloc_node(_RET_IP_, b, c->size, | |
50679 | PAGE_SIZE << get_order(c->size), | |
50680 | flags, node); | |
50681 | } | |
50682 | +#endif | |
50683 | ||
50684 | if (c->ctor) | |
50685 | c->ctor(b); | |
ae4e228f | 50686 | @@ -627,10 +718,16 @@ EXPORT_SYMBOL(kmem_cache_alloc_node); |
58c5fc13 MT |
50687 | |
50688 | static void __kmem_cache_free(void *b, int size) | |
50689 | { | |
50690 | - if (size < PAGE_SIZE) | |
50691 | + struct slob_page *sp = slob_page(b); | |
50692 | + | |
50693 | + if (is_slob_page(sp)) | |
50694 | slob_free(b, size); | |
50695 | - else | |
50696 | + else { | |
50697 | + clear_slob_page(sp); | |
50698 | + free_slob_page(sp); | |
50699 | + sp->size = 0; | |
50700 | slob_free_pages(b, get_order(size)); | |
50701 | + } | |
50702 | } | |
50703 | ||
50704 | static void kmem_rcu_free(struct rcu_head *head) | |
ae4e228f | 50705 | @@ -643,15 +740,24 @@ static void kmem_rcu_free(struct rcu_hea |
58c5fc13 MT |
50706 | |
50707 | void kmem_cache_free(struct kmem_cache *c, void *b) | |
50708 | { | |
50709 | + int size = c->size; | |
50710 | + | |
50711 | +#ifdef CONFIG_PAX_USERCOPY | |
50712 | + if (size + c->align < PAGE_SIZE) { | |
50713 | + size += c->align; | |
50714 | + b -= c->align; | |
50715 | + } | |
50716 | +#endif | |
50717 | + | |
50718 | kmemleak_free_recursive(b, c->flags); | |
50719 | if (unlikely(c->flags & SLAB_DESTROY_BY_RCU)) { | |
50720 | struct slob_rcu *slob_rcu; | |
50721 | - slob_rcu = b + (c->size - sizeof(struct slob_rcu)); | |
50722 | + slob_rcu = b + (size - sizeof(struct slob_rcu)); | |
50723 | INIT_RCU_HEAD(&slob_rcu->head); | |
50724 | - slob_rcu->size = c->size; | |
50725 | + slob_rcu->size = size; | |
50726 | call_rcu(&slob_rcu->head, kmem_rcu_free); | |
50727 | } else { | |
50728 | - __kmem_cache_free(b, c->size); | |
50729 | + __kmem_cache_free(b, size); | |
50730 | } | |
50731 | ||
50732 | trace_kmem_cache_free(_RET_IP_, b); | |
ae4e228f MT |
50733 | diff -urNp linux-2.6.33.1/mm/slub.c linux-2.6.33.1/mm/slub.c |
50734 | --- linux-2.6.33.1/mm/slub.c 2010-03-15 12:09:39.000000000 -0400 | |
50735 | +++ linux-2.6.33.1/mm/slub.c 2010-03-20 16:58:42.280534479 -0400 | |
50736 | @@ -1893,6 +1893,8 @@ void kmem_cache_free(struct kmem_cache * | |
50737 | ||
50738 | page = virt_to_head_page(x); | |
50739 | ||
50740 | + BUG_ON(!PageSlab(page)); | |
50741 | + | |
50742 | slab_free(s, page, x, _RET_IP_); | |
50743 | ||
50744 | trace_kmem_cache_free(_RET_IP_, x); | |
50745 | @@ -1937,7 +1939,7 @@ static int slub_min_objects; | |
58c5fc13 MT |
50746 | * Merge control. If this is set then no merging of slab caches will occur. |
50747 | * (Could be removed. This was introduced to pacify the merge skeptics.) | |
50748 | */ | |
50749 | -static int slub_nomerge; | |
50750 | +static int slub_nomerge = 1; | |
50751 | ||
50752 | /* | |
50753 | * Calculate the order of allocation given an slab object size. | |
ae4e228f | 50754 | @@ -2493,7 +2495,7 @@ static int kmem_cache_open(struct kmem_c |
58c5fc13 MT |
50755 | * list to avoid pounding the page allocator excessively. |
50756 | */ | |
50757 | set_min_partial(s, ilog2(s->size)); | |
50758 | - s->refcount = 1; | |
50759 | + atomic_set(&s->refcount, 1); | |
50760 | #ifdef CONFIG_NUMA | |
50761 | s->remote_node_defrag_ratio = 1000; | |
50762 | #endif | |
ae4e228f | 50763 | @@ -2630,8 +2632,7 @@ static inline int kmem_cache_close(struc |
58c5fc13 MT |
50764 | void kmem_cache_destroy(struct kmem_cache *s) |
50765 | { | |
50766 | down_write(&slub_lock); | |
50767 | - s->refcount--; | |
50768 | - if (!s->refcount) { | |
50769 | + if (atomic_dec_and_test(&s->refcount)) { | |
50770 | list_del(&s->list); | |
50771 | up_write(&slub_lock); | |
50772 | if (kmem_cache_close(s)) { | |
ae4e228f | 50773 | @@ -2915,6 +2916,46 @@ void *__kmalloc_node(size_t size, gfp_t |
58c5fc13 MT |
50774 | EXPORT_SYMBOL(__kmalloc_node); |
50775 | #endif | |
50776 | ||
50777 | +void check_object_size(const void *ptr, unsigned long n, bool to) | |
50778 | +{ | |
50779 | + | |
50780 | +#ifdef CONFIG_PAX_USERCOPY | |
50781 | + struct page *page; | |
50782 | + struct kmem_cache *s; | |
50783 | + unsigned long offset; | |
50784 | + | |
50785 | + if (!n) | |
50786 | + return; | |
50787 | + | |
50788 | + if (ZERO_OR_NULL_PTR(ptr)) | |
50789 | + goto report; | |
50790 | + | |
50791 | + if (!virt_addr_valid(ptr)) | |
50792 | + return; | |
50793 | + | |
50794 | + page = get_object_page(ptr); | |
50795 | + | |
ae4e228f MT |
50796 | + if (!page) { |
50797 | + if (object_is_on_stack(ptr, n) == -1) | |
50798 | + goto report; | |
58c5fc13 | 50799 | + return; |
ae4e228f | 50800 | + } |
58c5fc13 MT |
50801 | + |
50802 | + s = page->slab; | |
50803 | + offset = (ptr - page_address(page)) % s->size; | |
50804 | + if (offset <= s->objsize && n <= s->objsize - offset) | |
50805 | + return; | |
50806 | + | |
50807 | +report: | |
50808 | + if (to) | |
50809 | + pax_report_leak_to_user(ptr, n); | |
50810 | + else | |
50811 | + pax_report_overflow_from_user(ptr, n); | |
50812 | +#endif | |
50813 | + | |
50814 | +} | |
50815 | +EXPORT_SYMBOL(check_object_size); | |
50816 | + | |
50817 | size_t ksize(const void *object) | |
50818 | { | |
50819 | struct page *page; | |
ae4e228f | 50820 | @@ -3186,7 +3227,7 @@ void __init kmem_cache_init(void) |
58c5fc13 MT |
50821 | */ |
50822 | create_kmalloc_cache(&kmalloc_caches[0], "kmem_cache_node", | |
50823 | sizeof(struct kmem_cache_node), GFP_NOWAIT); | |
50824 | - kmalloc_caches[0].refcount = -1; | |
50825 | + atomic_set(&kmalloc_caches[0].refcount, -1); | |
50826 | caches++; | |
50827 | ||
50828 | hotplug_memory_notifier(slab_memory_callback, SLAB_CALLBACK_PRI); | |
ae4e228f | 50829 | @@ -3293,7 +3334,7 @@ static int slab_unmergeable(struct kmem_ |
58c5fc13 MT |
50830 | /* |
50831 | * We may have set a slab to be unmergeable during bootstrap. | |
50832 | */ | |
50833 | - if (s->refcount < 0) | |
50834 | + if (atomic_read(&s->refcount) < 0) | |
50835 | return 1; | |
50836 | ||
50837 | return 0; | |
ae4e228f | 50838 | @@ -3353,7 +3394,7 @@ struct kmem_cache *kmem_cache_create(con |
58c5fc13 MT |
50839 | if (s) { |
50840 | int cpu; | |
50841 | ||
50842 | - s->refcount++; | |
50843 | + atomic_inc(&s->refcount); | |
50844 | /* | |
50845 | * Adjust the object sizes so that we clear | |
50846 | * the complete object on kzalloc. | |
ae4e228f | 50847 | @@ -3372,7 +3413,7 @@ struct kmem_cache *kmem_cache_create(con |
58c5fc13 MT |
50848 | |
50849 | if (sysfs_slab_alias(s, name)) { | |
50850 | down_write(&slub_lock); | |
50851 | - s->refcount--; | |
50852 | + atomic_dec(&s->refcount); | |
50853 | up_write(&slub_lock); | |
50854 | goto err; | |
50855 | } | |
ae4e228f | 50856 | @@ -4101,7 +4142,7 @@ SLAB_ATTR_RO(ctor); |
58c5fc13 MT |
50857 | |
50858 | static ssize_t aliases_show(struct kmem_cache *s, char *buf) | |
50859 | { | |
50860 | - return sprintf(buf, "%d\n", s->refcount - 1); | |
50861 | + return sprintf(buf, "%d\n", atomic_read(&s->refcount) - 1); | |
50862 | } | |
50863 | SLAB_ATTR_RO(aliases); | |
50864 | ||
ae4e228f MT |
50865 | @@ -4519,7 +4560,7 @@ static void kmem_cache_release(struct ko |
50866 | kfree(s); | |
50867 | } | |
58c5fc13 | 50868 | |
ae4e228f MT |
50869 | -static struct sysfs_ops slab_sysfs_ops = { |
50870 | +static const struct sysfs_ops slab_sysfs_ops = { | |
50871 | .show = slab_attr_show, | |
50872 | .store = slab_attr_store, | |
50873 | }; | |
50874 | @@ -4538,7 +4579,7 @@ static int uevent_filter(struct kset *ks | |
58c5fc13 MT |
50875 | return 0; |
50876 | } | |
ae4e228f MT |
50877 | |
50878 | -static struct kset_uevent_ops slab_uevent_ops = { | |
50879 | +static const struct kset_uevent_ops slab_uevent_ops = { | |
50880 | .filter = uevent_filter, | |
50881 | }; | |
50882 | ||
50883 | @@ -4712,7 +4753,7 @@ __initcall(slab_sysfs_init); | |
50884 | /* | |
50885 | * The /proc/slabinfo ABI | |
50886 | */ | |
50887 | -#ifdef CONFIG_SLABINFO | |
50888 | +#if defined(CONFIG_SLABINFO) && !defined(CONFIG_GRKERNSEC_PROC_ADD) | |
50889 | static void print_slabinfo_header(struct seq_file *m) | |
50890 | { | |
50891 | seq_puts(m, "slabinfo - version: 2.1\n"); | |
50892 | diff -urNp linux-2.6.33.1/mm/util.c linux-2.6.33.1/mm/util.c | |
50893 | --- linux-2.6.33.1/mm/util.c 2010-03-15 12:09:39.000000000 -0400 | |
50894 | +++ linux-2.6.33.1/mm/util.c 2010-03-20 16:58:42.280534479 -0400 | |
58c5fc13 MT |
50895 | @@ -224,6 +224,12 @@ EXPORT_SYMBOL(strndup_user); |
50896 | void arch_pick_mmap_layout(struct mm_struct *mm) | |
50897 | { | |
50898 | mm->mmap_base = TASK_UNMAPPED_BASE; | |
50899 | + | |
50900 | +#ifdef CONFIG_PAX_RANDMMAP | |
50901 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
50902 | + mm->mmap_base += mm->delta_mmap; | |
50903 | +#endif | |
50904 | + | |
50905 | mm->get_unmapped_area = arch_get_unmapped_area; | |
50906 | mm->unmap_area = arch_unmap_area; | |
50907 | } | |
ae4e228f MT |
50908 | diff -urNp linux-2.6.33.1/mm/vmalloc.c linux-2.6.33.1/mm/vmalloc.c |
50909 | --- linux-2.6.33.1/mm/vmalloc.c 2010-03-15 12:09:39.000000000 -0400 | |
50910 | +++ linux-2.6.33.1/mm/vmalloc.c 2010-03-20 16:58:42.280534479 -0400 | |
50911 | @@ -40,8 +40,19 @@ static void vunmap_pte_range(pmd_t *pmd, | |
50912 | ||
50913 | pte = pte_offset_kernel(pmd, addr); | |
50914 | do { | |
50915 | - pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte); | |
50916 | - WARN_ON(!pte_none(ptent) && !pte_present(ptent)); | |
50917 | + | |
50918 | +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) | |
50919 | + if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr < (unsigned long)MODULES_EXEC_END) { | |
50920 | + BUG_ON(!pte_exec(*pte)); | |
50921 | + set_pte_at(&init_mm, addr, pte, pfn_pte(__pa(addr) >> PAGE_SHIFT, PAGE_KERNEL_EXEC)); | |
50922 | + continue; | |
50923 | + } | |
50924 | +#endif | |
50925 | + | |
50926 | + { | |
50927 | + pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte); | |
50928 | + WARN_ON(!pte_none(ptent) && !pte_present(ptent)); | |
50929 | + } | |
50930 | } while (pte++, addr += PAGE_SIZE, addr != end); | |
50931 | } | |
50932 | ||
50933 | @@ -92,6 +103,7 @@ static int vmap_pte_range(pmd_t *pmd, un | |
58c5fc13 MT |
50934 | unsigned long end, pgprot_t prot, struct page **pages, int *nr) |
50935 | { | |
50936 | pte_t *pte; | |
50937 | + int ret = -ENOMEM; | |
58c5fc13 MT |
50938 | |
50939 | /* | |
50940 | * nr is a running index into the array which helps higher level | |
ae4e228f | 50941 | @@ -101,17 +113,30 @@ static int vmap_pte_range(pmd_t *pmd, un |
58c5fc13 MT |
50942 | pte = pte_alloc_kernel(pmd, addr); |
50943 | if (!pte) | |
50944 | return -ENOMEM; | |
50945 | + | |
ae4e228f | 50946 | + pax_open_kernel(); |
58c5fc13 MT |
50947 | do { |
50948 | struct page *page = pages[*nr]; | |
50949 | ||
50950 | - if (WARN_ON(!pte_none(*pte))) | |
50951 | - return -EBUSY; | |
50952 | - if (WARN_ON(!page)) | |
50953 | - return -ENOMEM; | |
ae4e228f MT |
50954 | +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) |
50955 | + if (pgprot_val(prot) & _PAGE_NX) | |
50956 | +#endif | |
50957 | + | |
58c5fc13 MT |
50958 | + if (WARN_ON(!pte_none(*pte))) { |
50959 | + ret = -EBUSY; | |
50960 | + goto out; | |
50961 | + } | |
50962 | + if (WARN_ON(!page)) { | |
50963 | + ret = -ENOMEM; | |
50964 | + goto out; | |
50965 | + } | |
50966 | set_pte_at(&init_mm, addr, pte, mk_pte(page, prot)); | |
50967 | (*nr)++; | |
50968 | } while (pte++, addr += PAGE_SIZE, addr != end); | |
50969 | - return 0; | |
50970 | + ret = 0; | |
50971 | +out: | |
ae4e228f MT |
50972 | + pax_close_kernel(); |
50973 | + return ret; | |
50974 | } | |
50975 | ||
50976 | static int vmap_pmd_range(pud_t *pud, unsigned long addr, | |
50977 | @@ -192,11 +217,20 @@ int is_vmalloc_or_module_addr(const void | |
50978 | * and fall back on vmalloc() if that fails. Others | |
50979 | * just put it in the vmalloc space. | |
50980 | */ | |
50981 | -#if defined(CONFIG_MODULES) && defined(MODULES_VADDR) | |
50982 | +#ifdef CONFIG_MODULES | |
50983 | +#ifdef MODULES_VADDR | |
50984 | unsigned long addr = (unsigned long)x; | |
50985 | if (addr >= MODULES_VADDR && addr < MODULES_END) | |
50986 | return 1; | |
50987 | #endif | |
58c5fc13 | 50988 | + |
ae4e228f MT |
50989 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) |
50990 | + if (x >= (const void *)MODULES_EXEC_VADDR && x < (const void *)MODULES_EXEC_END) | |
50991 | + return 1; | |
58c5fc13 MT |
50992 | +#endif |
50993 | + | |
ae4e228f MT |
50994 | +#endif |
50995 | + | |
50996 | return is_vmalloc_addr(x); | |
58c5fc13 MT |
50997 | } |
50998 | ||
ae4e228f MT |
50999 | @@ -292,13 +326,13 @@ static void __insert_vmap_area(struct vm |
51000 | struct rb_node *tmp; | |
51001 | ||
51002 | while (*p) { | |
51003 | - struct vmap_area *tmp; | |
51004 | + struct vmap_area *varea; | |
51005 | ||
51006 | parent = *p; | |
51007 | - tmp = rb_entry(parent, struct vmap_area, rb_node); | |
51008 | - if (va->va_start < tmp->va_end) | |
51009 | + varea = rb_entry(parent, struct vmap_area, rb_node); | |
51010 | + if (va->va_start < varea->va_end) | |
51011 | p = &(*p)->rb_left; | |
51012 | - else if (va->va_end > tmp->va_start) | |
51013 | + else if (va->va_end > varea->va_start) | |
51014 | p = &(*p)->rb_right; | |
51015 | else | |
51016 | BUG(); | |
51017 | @@ -1224,6 +1258,16 @@ static struct vm_struct *__get_vm_area_n | |
51018 | struct vm_struct *area; | |
58c5fc13 MT |
51019 | |
51020 | BUG_ON(in_interrupt()); | |
51021 | + | |
51022 | +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) | |
51023 | + if (flags & VM_KERNEXEC) { | |
51024 | + if (start != VMALLOC_START || end != VMALLOC_END) | |
51025 | + return NULL; | |
51026 | + start = (unsigned long)&MODULES_EXEC_VADDR; | |
51027 | + end = (unsigned long)&MODULES_EXEC_END; | |
51028 | + } | |
51029 | +#endif | |
51030 | + | |
51031 | if (flags & VM_IOREMAP) { | |
51032 | int bit = fls(size); | |
51033 | ||
ae4e228f MT |
51034 | @@ -1449,6 +1493,11 @@ void *vmap(struct page **pages, unsigned |
51035 | if (count > totalram_pages) | |
58c5fc13 MT |
51036 | return NULL; |
51037 | ||
51038 | +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) | |
51039 | + if (!(pgprot_val(prot) & _PAGE_NX)) | |
51040 | + flags |= VM_KERNEXEC; | |
51041 | +#endif | |
51042 | + | |
51043 | area = get_vm_area_caller((count << PAGE_SHIFT), flags, | |
51044 | __builtin_return_address(0)); | |
51045 | if (!area) | |
ae4e228f MT |
51046 | @@ -1558,6 +1607,13 @@ static void *__vmalloc_node(unsigned lon |
51047 | if (!size || (size >> PAGE_SHIFT) > totalram_pages) | |
58c5fc13 MT |
51048 | return NULL; |
51049 | ||
51050 | +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) | |
51051 | + if (!(pgprot_val(prot) & _PAGE_NX)) | |
ae4e228f | 51052 | + area = __get_vm_area_node(size, align, VM_ALLOC | VM_KERNEXEC, VMALLOC_START, VMALLOC_END, |
58c5fc13 MT |
51053 | + node, gfp_mask, caller); |
51054 | + else | |
51055 | +#endif | |
51056 | + | |
ae4e228f MT |
51057 | area = __get_vm_area_node(size, align, VM_ALLOC, VMALLOC_START, |
51058 | VMALLOC_END, node, gfp_mask, caller); | |
58c5fc13 | 51059 | |
ae4e228f | 51060 | @@ -1576,6 +1632,7 @@ static void *__vmalloc_node(unsigned lon |
58c5fc13 MT |
51061 | return addr; |
51062 | } | |
51063 | ||
51064 | +#undef __vmalloc | |
51065 | void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) | |
51066 | { | |
ae4e228f MT |
51067 | return __vmalloc_node(size, 1, gfp_mask, prot, -1, |
51068 | @@ -1592,6 +1649,7 @@ EXPORT_SYMBOL(__vmalloc); | |
58c5fc13 MT |
51069 | * For tight control over page level allocator and protection flags |
51070 | * use __vmalloc() instead. | |
51071 | */ | |
51072 | +#undef vmalloc | |
51073 | void *vmalloc(unsigned long size) | |
51074 | { | |
ae4e228f MT |
51075 | return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL, |
51076 | @@ -1606,6 +1664,7 @@ EXPORT_SYMBOL(vmalloc); | |
58c5fc13 MT |
51077 | * The resulting memory area is zeroed so it can be mapped to userspace |
51078 | * without leaking data. | |
51079 | */ | |
51080 | +#undef vmalloc_user | |
51081 | void *vmalloc_user(unsigned long size) | |
51082 | { | |
51083 | struct vm_struct *area; | |
ae4e228f | 51084 | @@ -1633,6 +1692,7 @@ EXPORT_SYMBOL(vmalloc_user); |
58c5fc13 MT |
51085 | * For tight control over page level allocator and protection flags |
51086 | * use __vmalloc() instead. | |
51087 | */ | |
51088 | +#undef vmalloc_node | |
51089 | void *vmalloc_node(unsigned long size, int node) | |
51090 | { | |
ae4e228f MT |
51091 | return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL, |
51092 | @@ -1655,10 +1715,10 @@ EXPORT_SYMBOL(vmalloc_node); | |
58c5fc13 MT |
51093 | * For tight control over page level allocator and protection flags |
51094 | * use __vmalloc() instead. | |
51095 | */ | |
51096 | - | |
51097 | +#undef vmalloc_exec | |
51098 | void *vmalloc_exec(unsigned long size) | |
51099 | { | |
ae4e228f MT |
51100 | - return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC, |
51101 | + return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL_EXEC, | |
58c5fc13 MT |
51102 | -1, __builtin_return_address(0)); |
51103 | } | |
51104 | ||
ae4e228f | 51105 | @@ -1677,6 +1737,7 @@ void *vmalloc_exec(unsigned long size) |
58c5fc13 MT |
51106 | * Allocate enough 32bit PA addressable pages to cover @size from the |
51107 | * page level allocator and map them into contiguous kernel virtual space. | |
51108 | */ | |
51109 | +#undef vmalloc_32 | |
51110 | void *vmalloc_32(unsigned long size) | |
51111 | { | |
ae4e228f MT |
51112 | return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL, |
51113 | @@ -1691,6 +1752,7 @@ EXPORT_SYMBOL(vmalloc_32); | |
58c5fc13 MT |
51114 | * The resulting memory area is 32bit addressable and zeroed so it can be |
51115 | * mapped to userspace without leaking data. | |
51116 | */ | |
51117 | +#undef vmalloc_32_user | |
51118 | void *vmalloc_32_user(unsigned long size) | |
51119 | { | |
51120 | struct vm_struct *area; | |
ae4e228f MT |
51121 | diff -urNp linux-2.6.33.1/net/atm/atm_misc.c linux-2.6.33.1/net/atm/atm_misc.c |
51122 | --- linux-2.6.33.1/net/atm/atm_misc.c 2010-03-15 12:09:39.000000000 -0400 | |
51123 | +++ linux-2.6.33.1/net/atm/atm_misc.c 2010-03-20 16:58:42.280534479 -0400 | |
58c5fc13 MT |
51124 | @@ -19,7 +19,7 @@ int atm_charge(struct atm_vcc *vcc,int t |
51125 | if (atomic_read(&sk_atm(vcc)->sk_rmem_alloc) <= sk_atm(vcc)->sk_rcvbuf) | |
51126 | return 1; | |
51127 | atm_return(vcc,truesize); | |
51128 | - atomic_inc(&vcc->stats->rx_drop); | |
51129 | + atomic_inc_unchecked(&vcc->stats->rx_drop); | |
51130 | return 0; | |
51131 | } | |
51132 | ||
51133 | @@ -41,7 +41,7 @@ struct sk_buff *atm_alloc_charge(struct | |
51134 | } | |
51135 | } | |
51136 | atm_return(vcc,guess); | |
51137 | - atomic_inc(&vcc->stats->rx_drop); | |
51138 | + atomic_inc_unchecked(&vcc->stats->rx_drop); | |
51139 | return NULL; | |
51140 | } | |
51141 | ||
51142 | @@ -88,7 +88,7 @@ int atm_pcr_goal(const struct atm_trafpr | |
51143 | ||
51144 | void sonet_copy_stats(struct k_sonet_stats *from,struct sonet_stats *to) | |
51145 | { | |
51146 | -#define __HANDLE_ITEM(i) to->i = atomic_read(&from->i) | |
51147 | +#define __HANDLE_ITEM(i) to->i = atomic_read_unchecked(&from->i) | |
51148 | __SONET_ITEMS | |
51149 | #undef __HANDLE_ITEM | |
51150 | } | |
51151 | @@ -96,7 +96,7 @@ void sonet_copy_stats(struct k_sonet_sta | |
51152 | ||
51153 | void sonet_subtract_stats(struct k_sonet_stats *from,struct sonet_stats *to) | |
51154 | { | |
51155 | -#define __HANDLE_ITEM(i) atomic_sub(to->i,&from->i) | |
51156 | +#define __HANDLE_ITEM(i) atomic_sub_unchecked(to->i,&from->i) | |
51157 | __SONET_ITEMS | |
51158 | #undef __HANDLE_ITEM | |
51159 | } | |
ae4e228f MT |
51160 | diff -urNp linux-2.6.33.1/net/atm/proc.c linux-2.6.33.1/net/atm/proc.c |
51161 | --- linux-2.6.33.1/net/atm/proc.c 2010-03-15 12:09:39.000000000 -0400 | |
51162 | +++ linux-2.6.33.1/net/atm/proc.c 2010-03-20 16:58:42.280534479 -0400 | |
58c5fc13 MT |
51163 | @@ -43,9 +43,9 @@ static void add_stats(struct seq_file *s |
51164 | const struct k_atm_aal_stats *stats) | |
51165 | { | |
51166 | seq_printf(seq, "%s ( %d %d %d %d %d )", aal, | |
51167 | - atomic_read(&stats->tx),atomic_read(&stats->tx_err), | |
51168 | - atomic_read(&stats->rx),atomic_read(&stats->rx_err), | |
51169 | - atomic_read(&stats->rx_drop)); | |
51170 | + atomic_read_unchecked(&stats->tx),atomic_read_unchecked(&stats->tx_err), | |
51171 | + atomic_read_unchecked(&stats->rx),atomic_read_unchecked(&stats->rx_err), | |
51172 | + atomic_read_unchecked(&stats->rx_drop)); | |
51173 | } | |
51174 | ||
51175 | static void atm_dev_info(struct seq_file *seq, const struct atm_dev *dev) | |
ae4e228f MT |
51176 | diff -urNp linux-2.6.33.1/net/atm/resources.c linux-2.6.33.1/net/atm/resources.c |
51177 | --- linux-2.6.33.1/net/atm/resources.c 2010-03-15 12:09:39.000000000 -0400 | |
51178 | +++ linux-2.6.33.1/net/atm/resources.c 2010-03-20 16:58:42.280534479 -0400 | |
58c5fc13 MT |
51179 | @@ -161,7 +161,7 @@ void atm_dev_deregister(struct atm_dev * |
51180 | static void copy_aal_stats(struct k_atm_aal_stats *from, | |
51181 | struct atm_aal_stats *to) | |
51182 | { | |
51183 | -#define __HANDLE_ITEM(i) to->i = atomic_read(&from->i) | |
51184 | +#define __HANDLE_ITEM(i) to->i = atomic_read_unchecked(&from->i) | |
51185 | __AAL_STAT_ITEMS | |
51186 | #undef __HANDLE_ITEM | |
51187 | } | |
51188 | @@ -170,7 +170,7 @@ static void copy_aal_stats(struct k_atm_ | |
51189 | static void subtract_aal_stats(struct k_atm_aal_stats *from, | |
51190 | struct atm_aal_stats *to) | |
51191 | { | |
51192 | -#define __HANDLE_ITEM(i) atomic_sub(to->i, &from->i) | |
51193 | +#define __HANDLE_ITEM(i) atomic_sub_unchecked(to->i, &from->i) | |
51194 | __AAL_STAT_ITEMS | |
51195 | #undef __HANDLE_ITEM | |
51196 | } | |
ae4e228f MT |
51197 | diff -urNp linux-2.6.33.1/net/bridge/br_private.h linux-2.6.33.1/net/bridge/br_private.h |
51198 | --- linux-2.6.33.1/net/bridge/br_private.h 2010-03-15 12:09:39.000000000 -0400 | |
51199 | +++ linux-2.6.33.1/net/bridge/br_private.h 2010-03-20 16:58:42.280534479 -0400 | |
51200 | @@ -254,7 +254,7 @@ extern void br_ifinfo_notify(int event, | |
51201 | ||
51202 | #ifdef CONFIG_SYSFS | |
51203 | /* br_sysfs_if.c */ | |
51204 | -extern struct sysfs_ops brport_sysfs_ops; | |
51205 | +extern const struct sysfs_ops brport_sysfs_ops; | |
51206 | extern int br_sysfs_addif(struct net_bridge_port *p); | |
51207 | ||
51208 | /* br_sysfs_br.c */ | |
51209 | diff -urNp linux-2.6.33.1/net/bridge/br_stp_if.c linux-2.6.33.1/net/bridge/br_stp_if.c | |
51210 | --- linux-2.6.33.1/net/bridge/br_stp_if.c 2010-03-15 12:09:39.000000000 -0400 | |
51211 | +++ linux-2.6.33.1/net/bridge/br_stp_if.c 2010-03-20 16:58:42.280534479 -0400 | |
58c5fc13 MT |
51212 | @@ -146,7 +146,7 @@ static void br_stp_stop(struct net_bridg |
51213 | char *envp[] = { NULL }; | |
51214 | ||
51215 | if (br->stp_enabled == BR_USER_STP) { | |
51216 | - r = call_usermodehelper(BR_STP_PROG, argv, envp, 1); | |
51217 | + r = call_usermodehelper(BR_STP_PROG, argv, envp, UMH_WAIT_PROC); | |
51218 | printk(KERN_INFO "%s: userspace STP stopped, return code %d\n", | |
51219 | br->dev->name, r); | |
51220 | ||
ae4e228f MT |
51221 | diff -urNp linux-2.6.33.1/net/bridge/br_sysfs_if.c linux-2.6.33.1/net/bridge/br_sysfs_if.c |
51222 | --- linux-2.6.33.1/net/bridge/br_sysfs_if.c 2010-03-15 12:09:39.000000000 -0400 | |
51223 | +++ linux-2.6.33.1/net/bridge/br_sysfs_if.c 2010-03-20 16:58:42.280534479 -0400 | |
51224 | @@ -220,7 +220,7 @@ static ssize_t brport_store(struct kobje | |
51225 | return ret; | |
51226 | } | |
51227 | ||
51228 | -struct sysfs_ops brport_sysfs_ops = { | |
51229 | +const struct sysfs_ops brport_sysfs_ops = { | |
51230 | .show = brport_show, | |
51231 | .store = brport_store, | |
51232 | }; | |
51233 | diff -urNp linux-2.6.33.1/net/bridge/netfilter/ebtables.c linux-2.6.33.1/net/bridge/netfilter/ebtables.c | |
51234 | --- linux-2.6.33.1/net/bridge/netfilter/ebtables.c 2010-03-15 12:09:39.000000000 -0400 | |
51235 | +++ linux-2.6.33.1/net/bridge/netfilter/ebtables.c 2010-03-20 16:58:42.284535154 -0400 | |
51236 | @@ -1456,7 +1456,7 @@ static int do_ebt_get_ctl(struct sock *s | |
51237 | tmp.valid_hooks = t->table->valid_hooks; | |
51238 | } | |
51239 | mutex_unlock(&ebt_mutex); | |
51240 | - if (copy_to_user(user, &tmp, *len) != 0){ | |
51241 | + if (*len > sizeof(tmp) || copy_to_user(user, &tmp, *len) != 0){ | |
51242 | BUGPRINT("c2u Didn't work\n"); | |
51243 | ret = -EFAULT; | |
51244 | break; | |
51245 | diff -urNp linux-2.6.33.1/net/core/dev.c linux-2.6.33.1/net/core/dev.c | |
51246 | --- linux-2.6.33.1/net/core/dev.c 2010-03-15 12:09:39.000000000 -0400 | |
51247 | +++ linux-2.6.33.1/net/core/dev.c 2010-03-20 16:58:42.284535154 -0400 | |
51248 | @@ -2183,7 +2183,7 @@ int netif_rx_ni(struct sk_buff *skb) | |
51249 | } | |
51250 | EXPORT_SYMBOL(netif_rx_ni); | |
51251 | ||
51252 | -static void net_tx_action(struct softirq_action *h) | |
51253 | +static void net_tx_action(void) | |
51254 | { | |
51255 | struct softnet_data *sd = &__get_cpu_var(softnet_data); | |
51256 | ||
51257 | @@ -2939,7 +2939,7 @@ void netif_napi_del(struct napi_struct * | |
51258 | EXPORT_SYMBOL(netif_napi_del); | |
51259 | ||
51260 | ||
51261 | -static void net_rx_action(struct softirq_action *h) | |
51262 | +static void net_rx_action(void) | |
51263 | { | |
51264 | struct list_head *list = &__get_cpu_var(softnet_data).poll_list; | |
51265 | unsigned long time_limit = jiffies + 2; | |
51266 | diff -urNp linux-2.6.33.1/net/core/flow.c linux-2.6.33.1/net/core/flow.c | |
51267 | --- linux-2.6.33.1/net/core/flow.c 2010-03-15 12:09:39.000000000 -0400 | |
51268 | +++ linux-2.6.33.1/net/core/flow.c 2010-03-20 16:58:42.284535154 -0400 | |
58c5fc13 MT |
51269 | @@ -39,7 +39,7 @@ atomic_t flow_cache_genid = ATOMIC_INIT( |
51270 | ||
51271 | static u32 flow_hash_shift; | |
51272 | #define flow_hash_size (1 << flow_hash_shift) | |
51273 | -static DEFINE_PER_CPU(struct flow_cache_entry **, flow_tables) = { NULL }; | |
51274 | +static DEFINE_PER_CPU(struct flow_cache_entry **, flow_tables); | |
51275 | ||
51276 | #define flow_table(cpu) (per_cpu(flow_tables, cpu)) | |
51277 | ||
51278 | @@ -52,7 +52,7 @@ struct flow_percpu_info { | |
51279 | u32 hash_rnd; | |
51280 | int count; | |
51281 | }; | |
51282 | -static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info) = { 0 }; | |
51283 | +static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info); | |
51284 | ||
51285 | #define flow_hash_rnd_recalc(cpu) \ | |
51286 | (per_cpu(flow_hash_info, cpu).hash_rnd_recalc) | |
51287 | @@ -69,7 +69,7 @@ struct flow_flush_info { | |
51288 | atomic_t cpuleft; | |
51289 | struct completion completion; | |
51290 | }; | |
51291 | -static DEFINE_PER_CPU(struct tasklet_struct, flow_flush_tasklets) = { NULL }; | |
51292 | +static DEFINE_PER_CPU(struct tasklet_struct, flow_flush_tasklets); | |
51293 | ||
51294 | #define flow_flush_tasklet(cpu) (&per_cpu(flow_flush_tasklets, cpu)) | |
51295 | ||
ae4e228f MT |
51296 | diff -urNp linux-2.6.33.1/net/core/sock.c linux-2.6.33.1/net/core/sock.c |
51297 | --- linux-2.6.33.1/net/core/sock.c 2010-03-15 12:09:39.000000000 -0400 | |
51298 | +++ linux-2.6.33.1/net/core/sock.c 2010-03-20 16:58:42.284535154 -0400 | |
51299 | @@ -896,7 +896,7 @@ int sock_getsockopt(struct socket *sock, | |
51300 | return -ENOTCONN; | |
51301 | if (lv < len) | |
51302 | return -EINVAL; | |
51303 | - if (copy_to_user(optval, address, len)) | |
51304 | + if (len > sizeof(address) || copy_to_user(optval, address, len)) | |
51305 | return -EFAULT; | |
51306 | goto lenout; | |
51307 | } | |
51308 | @@ -929,7 +929,7 @@ int sock_getsockopt(struct socket *sock, | |
51309 | ||
51310 | if (len > lv) | |
51311 | len = lv; | |
51312 | - if (copy_to_user(optval, &v, len)) | |
51313 | + if (len > sizeof(v) || copy_to_user(optval, &v, len)) | |
51314 | return -EFAULT; | |
51315 | lenout: | |
51316 | if (put_user(len, optlen)) | |
51317 | diff -urNp linux-2.6.33.1/net/dccp/ccids/ccid3.c linux-2.6.33.1/net/dccp/ccids/ccid3.c | |
51318 | --- linux-2.6.33.1/net/dccp/ccids/ccid3.c 2010-03-15 12:09:39.000000000 -0400 | |
51319 | +++ linux-2.6.33.1/net/dccp/ccids/ccid3.c 2010-03-20 16:58:42.284535154 -0400 | |
51320 | @@ -41,7 +41,7 @@ | |
58c5fc13 MT |
51321 | static int ccid3_debug; |
51322 | #define ccid3_pr_debug(format, a...) DCCP_PR_DEBUG(ccid3_debug, format, ##a) | |
51323 | #else | |
51324 | -#define ccid3_pr_debug(format, a...) | |
51325 | +#define ccid3_pr_debug(format, a...) do {} while (0) | |
51326 | #endif | |
51327 | ||
51328 | /* | |
ae4e228f MT |
51329 | diff -urNp linux-2.6.33.1/net/dccp/dccp.h linux-2.6.33.1/net/dccp/dccp.h |
51330 | --- linux-2.6.33.1/net/dccp/dccp.h 2010-03-15 12:09:39.000000000 -0400 | |
51331 | +++ linux-2.6.33.1/net/dccp/dccp.h 2010-03-20 16:58:42.284535154 -0400 | |
58c5fc13 MT |
51332 | @@ -44,9 +44,9 @@ extern int dccp_debug; |
51333 | #define dccp_pr_debug_cat(format, a...) DCCP_PRINTK(dccp_debug, format, ##a) | |
51334 | #define dccp_debug(fmt, a...) dccp_pr_debug_cat(KERN_DEBUG fmt, ##a) | |
51335 | #else | |
51336 | -#define dccp_pr_debug(format, a...) | |
51337 | -#define dccp_pr_debug_cat(format, a...) | |
51338 | -#define dccp_debug(format, a...) | |
51339 | +#define dccp_pr_debug(format, a...) do {} while (0) | |
51340 | +#define dccp_pr_debug_cat(format, a...) do {} while (0) | |
51341 | +#define dccp_debug(format, a...) do {} while (0) | |
51342 | #endif | |
51343 | ||
51344 | extern struct inet_hashinfo dccp_hashinfo; | |
ae4e228f MT |
51345 | diff -urNp linux-2.6.33.1/net/decnet/sysctl_net_decnet.c linux-2.6.33.1/net/decnet/sysctl_net_decnet.c |
51346 | --- linux-2.6.33.1/net/decnet/sysctl_net_decnet.c 2010-03-15 12:09:39.000000000 -0400 | |
51347 | +++ linux-2.6.33.1/net/decnet/sysctl_net_decnet.c 2010-03-20 16:58:42.284535154 -0400 | |
51348 | @@ -173,7 +173,7 @@ static int dn_node_address_handler(ctl_t | |
51349 | ||
51350 | if (len > *lenp) len = *lenp; | |
51351 | ||
51352 | - if (copy_to_user(buffer, addr, len)) | |
51353 | + if (len > sizeof(addr) || copy_to_user(buffer, addr, len)) | |
51354 | return -EFAULT; | |
51355 | ||
51356 | *lenp = len; | |
51357 | @@ -236,7 +236,7 @@ static int dn_def_dev_handler(ctl_table | |
51358 | ||
51359 | if (len > *lenp) len = *lenp; | |
51360 | ||
51361 | - if (copy_to_user(buffer, devname, len)) | |
51362 | + if (len > sizeof(devname) || copy_to_user(buffer, devname, len)) | |
51363 | return -EFAULT; | |
51364 | ||
51365 | *lenp = len; | |
51366 | diff -urNp linux-2.6.33.1/net/ipv4/inet_hashtables.c linux-2.6.33.1/net/ipv4/inet_hashtables.c | |
51367 | --- linux-2.6.33.1/net/ipv4/inet_hashtables.c 2010-03-15 12:09:39.000000000 -0400 | |
51368 | +++ linux-2.6.33.1/net/ipv4/inet_hashtables.c 2010-03-20 16:58:42.311008973 -0400 | |
58c5fc13 MT |
51369 | @@ -18,11 +18,14 @@ |
51370 | #include <linux/sched.h> | |
51371 | #include <linux/slab.h> | |
51372 | #include <linux/wait.h> | |
51373 | +#include <linux/security.h> | |
51374 | ||
51375 | #include <net/inet_connection_sock.h> | |
51376 | #include <net/inet_hashtables.h> | |
51377 | #include <net/ip.h> | |
51378 | ||
51379 | +extern void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet); | |
51380 | + | |
51381 | /* | |
51382 | * Allocate and initialize a new local port bind bucket. | |
51383 | * The bindhash mutex for snum's hash chain must be held here. | |
ae4e228f MT |
51384 | @@ -506,6 +509,8 @@ ok: |
51385 | twrefcnt += inet_twsk_bind_unhash(tw, hinfo); | |
58c5fc13 MT |
51386 | spin_unlock(&head->lock); |
51387 | ||
51388 | + gr_update_task_in_ip_table(current, inet_sk(sk)); | |
51389 | + | |
51390 | if (tw) { | |
51391 | inet_twsk_deschedule(tw, death_row); | |
ae4e228f MT |
51392 | while (twrefcnt) { |
51393 | diff -urNp linux-2.6.33.1/net/ipv4/netfilter/nf_nat_snmp_basic.c linux-2.6.33.1/net/ipv4/netfilter/nf_nat_snmp_basic.c | |
51394 | --- linux-2.6.33.1/net/ipv4/netfilter/nf_nat_snmp_basic.c 2010-03-15 12:09:39.000000000 -0400 | |
51395 | +++ linux-2.6.33.1/net/ipv4/netfilter/nf_nat_snmp_basic.c 2010-03-20 16:58:42.311008973 -0400 | |
58c5fc13 MT |
51396 | @@ -397,7 +397,7 @@ static unsigned char asn1_octets_decode( |
51397 | ||
51398 | *len = 0; | |
51399 | ||
51400 | - *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC); | |
51401 | + *octets = kmalloc((eoc - ctx->pointer), GFP_ATOMIC); | |
51402 | if (*octets == NULL) { | |
51403 | if (net_ratelimit()) | |
51404 | printk("OOM in bsalg (%d)\n", __LINE__); | |
ae4e228f MT |
51405 | diff -urNp linux-2.6.33.1/net/ipv4/tcp_ipv4.c linux-2.6.33.1/net/ipv4/tcp_ipv4.c |
51406 | --- linux-2.6.33.1/net/ipv4/tcp_ipv4.c 2010-03-15 12:09:39.000000000 -0400 | |
51407 | +++ linux-2.6.33.1/net/ipv4/tcp_ipv4.c 2010-03-20 17:00:48.140865901 -0400 | |
51408 | @@ -84,6 +84,9 @@ | |
51409 | int sysctl_tcp_tw_reuse __read_mostly; | |
51410 | int sysctl_tcp_low_latency __read_mostly; | |
58c5fc13 | 51411 | |
58c5fc13 | 51412 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE |
ae4e228f | 51413 | +extern int grsec_enable_blackhole; |
58c5fc13 | 51414 | +#endif |
ae4e228f MT |
51415 | |
51416 | #ifdef CONFIG_TCP_MD5SIG | |
51417 | static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, | |
51418 | @@ -1646,12 +1649,20 @@ int tcp_v4_rcv(struct sk_buff *skb) | |
51419 | TCP_SKB_CB(skb)->sacked = 0; | |
51420 | ||
51421 | sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); | |
51422 | - if (!sk) | |
51423 | + if (!sk) { | |
51424 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | |
51425 | + ret = 1; | |
51426 | +#endif | |
51427 | goto no_tcp_socket; | |
51428 | + } | |
51429 | ||
51430 | process: | |
51431 | - if (sk->sk_state == TCP_TIME_WAIT) | |
51432 | + if (sk->sk_state == TCP_TIME_WAIT) { | |
51433 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | |
51434 | + ret = 2; | |
51435 | +#endif | |
51436 | goto do_time_wait; | |
51437 | + } | |
51438 | ||
51439 | if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) | |
51440 | goto discard_and_relse; | |
51441 | @@ -1693,6 +1704,10 @@ no_tcp_socket: | |
58c5fc13 MT |
51442 | bad_packet: |
51443 | TCP_INC_STATS_BH(net, TCP_MIB_INERRS); | |
51444 | } else { | |
51445 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | |
ae4e228f MT |
51446 | + if (!grsec_enable_blackhole || (ret == 1 && |
51447 | + (skb->dev->flags & IFF_LOOPBACK))) | |
58c5fc13 MT |
51448 | +#endif |
51449 | tcp_v4_send_reset(NULL, skb); | |
51450 | } | |
51451 | ||
ae4e228f MT |
51452 | diff -urNp linux-2.6.33.1/net/ipv4/tcp_minisocks.c linux-2.6.33.1/net/ipv4/tcp_minisocks.c |
51453 | --- linux-2.6.33.1/net/ipv4/tcp_minisocks.c 2010-03-15 12:09:39.000000000 -0400 | |
51454 | +++ linux-2.6.33.1/net/ipv4/tcp_minisocks.c 2010-03-20 17:06:01.445852790 -0400 | |
51455 | @@ -26,6 +26,10 @@ | |
51456 | #include <net/inet_common.h> | |
51457 | #include <net/xfrm.h> | |
51458 | ||
51459 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | |
51460 | +extern int grsec_enable_blackhole; | |
51461 | +#endif | |
51462 | + | |
51463 | int sysctl_tcp_syncookies __read_mostly = 1; | |
51464 | EXPORT_SYMBOL(sysctl_tcp_syncookies); | |
51465 | ||
51466 | @@ -698,8 +702,11 @@ listen_overflow: | |
58c5fc13 MT |
51467 | |
51468 | embryonic_reset: | |
51469 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS); | |
ae4e228f | 51470 | - if (!(flg & TCP_FLAG_RST)) |
58c5fc13 MT |
51471 | + |
51472 | +#ifndef CONFIG_GRKERNSEC_BLACKHOLE | |
ae4e228f | 51473 | + if (!grsec_enable_blackhole || !(flg & TCP_FLAG_RST)) |
58c5fc13 MT |
51474 | req->rsk_ops->send_reset(sk, skb); |
51475 | +#endif | |
51476 | ||
51477 | inet_csk_reqsk_queue_drop(sk, req, prev); | |
51478 | return NULL; | |
ae4e228f MT |
51479 | diff -urNp linux-2.6.33.1/net/ipv4/tcp_probe.c linux-2.6.33.1/net/ipv4/tcp_probe.c |
51480 | --- linux-2.6.33.1/net/ipv4/tcp_probe.c 2010-03-15 12:09:39.000000000 -0400 | |
51481 | +++ linux-2.6.33.1/net/ipv4/tcp_probe.c 2010-03-20 16:58:42.312547376 -0400 | |
51482 | @@ -201,7 +201,7 @@ static ssize_t tcpprobe_read(struct file | |
51483 | if (cnt + width >= len) | |
51484 | break; | |
51485 | ||
51486 | - if (copy_to_user(buf + cnt, tbuf, width)) | |
51487 | + if (width > sizeof(tbuf) || copy_to_user(buf + cnt, tbuf, width)) | |
51488 | return -EFAULT; | |
51489 | cnt += width; | |
51490 | } | |
51491 | diff -urNp linux-2.6.33.1/net/ipv4/tcp_timer.c linux-2.6.33.1/net/ipv4/tcp_timer.c | |
51492 | --- linux-2.6.33.1/net/ipv4/tcp_timer.c 2010-03-15 12:09:39.000000000 -0400 | |
51493 | +++ linux-2.6.33.1/net/ipv4/tcp_timer.c 2010-03-20 17:00:48.145360815 -0400 | |
51494 | @@ -21,6 +21,10 @@ | |
51495 | #include <linux/module.h> | |
51496 | #include <net/tcp.h> | |
51497 | ||
51498 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | |
51499 | +extern int grsec_lastack_retries; | |
51500 | +#endif | |
51501 | + | |
51502 | int sysctl_tcp_syn_retries __read_mostly = TCP_SYN_RETRIES; | |
51503 | int sysctl_tcp_synack_retries __read_mostly = TCP_SYNACK_RETRIES; | |
51504 | int sysctl_tcp_keepalive_time __read_mostly = TCP_KEEPALIVE_TIME; | |
51505 | @@ -193,6 +197,13 @@ static int tcp_write_timeout(struct sock | |
51506 | } | |
51507 | } | |
51508 | ||
51509 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | |
51510 | + if ((sk->sk_state == TCP_LAST_ACK) && | |
51511 | + (grsec_lastack_retries > 0) && | |
51512 | + (grsec_lastack_retries < retry_until)) | |
51513 | + retry_until = grsec_lastack_retries; | |
51514 | +#endif | |
51515 | + | |
51516 | if (retransmits_timed_out(sk, retry_until)) { | |
51517 | /* Has it gone just too far? */ | |
51518 | tcp_write_err(sk); | |
51519 | diff -urNp linux-2.6.33.1/net/ipv4/udp.c linux-2.6.33.1/net/ipv4/udp.c | |
51520 | --- linux-2.6.33.1/net/ipv4/udp.c 2010-03-15 12:09:39.000000000 -0400 | |
51521 | +++ linux-2.6.33.1/net/ipv4/udp.c 2010-03-20 17:06:32.628937453 -0400 | |
58c5fc13 MT |
51522 | @@ -86,6 +86,7 @@ |
51523 | #include <linux/types.h> | |
51524 | #include <linux/fcntl.h> | |
51525 | #include <linux/module.h> | |
51526 | +#include <linux/security.h> | |
51527 | #include <linux/socket.h> | |
51528 | #include <linux/sockios.h> | |
51529 | #include <linux/igmp.h> | |
ae4e228f MT |
51530 | @@ -106,6 +107,10 @@ |
51531 | #include <net/xfrm.h> | |
51532 | #include "udp_impl.h" | |
51533 | ||
51534 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | |
51535 | +extern int grsec_enable_blackhole; | |
51536 | +#endif | |
51537 | + | |
51538 | struct udp_table udp_table __read_mostly; | |
51539 | EXPORT_SYMBOL(udp_table); | |
51540 | ||
51541 | @@ -562,6 +567,9 @@ found: | |
58c5fc13 MT |
51542 | return s; |
51543 | } | |
51544 | ||
51545 | +extern int gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb); | |
51546 | +extern int gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr); | |
51547 | + | |
51548 | /* | |
51549 | * This routine is called by the ICMP module when it gets some | |
51550 | * sort of error condition. If err < 0 then the socket should | |
ae4e228f | 51551 | @@ -830,9 +838,18 @@ int udp_sendmsg(struct kiocb *iocb, stru |
58c5fc13 MT |
51552 | dport = usin->sin_port; |
51553 | if (dport == 0) | |
51554 | return -EINVAL; | |
51555 | + | |
51556 | + err = gr_search_udp_sendmsg(sk, usin); | |
51557 | + if (err) | |
51558 | + return err; | |
51559 | } else { | |
51560 | if (sk->sk_state != TCP_ESTABLISHED) | |
51561 | return -EDESTADDRREQ; | |
51562 | + | |
51563 | + err = gr_search_udp_sendmsg(sk, NULL); | |
51564 | + if (err) | |
51565 | + return err; | |
51566 | + | |
ae4e228f MT |
51567 | daddr = inet->inet_daddr; |
51568 | dport = inet->inet_dport; | |
58c5fc13 | 51569 | /* Open fast path for connected socket. |
ae4e228f | 51570 | @@ -1137,6 +1154,10 @@ try_again: |
58c5fc13 MT |
51571 | if (!skb) |
51572 | goto out; | |
51573 | ||
51574 | + err = gr_search_udp_recvmsg(sk, skb); | |
51575 | + if (err) | |
51576 | + goto out_free; | |
51577 | + | |
51578 | ulen = skb->len - sizeof(struct udphdr); | |
51579 | copied = len; | |
51580 | if (copied > ulen) | |
ae4e228f | 51581 | @@ -1568,6 +1589,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, |
58c5fc13 MT |
51582 | goto csum_error; |
51583 | ||
51584 | UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); | |
51585 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | |
ae4e228f | 51586 | + if (!grsec_enable_blackhole || (skb->dev->flags & IFF_LOOPBACK)) |
58c5fc13 MT |
51587 | +#endif |
51588 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); | |
51589 | ||
51590 | /* | |
ae4e228f MT |
51591 | diff -urNp linux-2.6.33.1/net/ipv6/exthdrs.c linux-2.6.33.1/net/ipv6/exthdrs.c |
51592 | --- linux-2.6.33.1/net/ipv6/exthdrs.c 2010-03-15 12:09:39.000000000 -0400 | |
51593 | +++ linux-2.6.33.1/net/ipv6/exthdrs.c 2010-03-20 16:58:42.312547376 -0400 | |
51594 | @@ -635,7 +635,7 @@ static struct tlvtype_proc tlvprochopopt | |
58c5fc13 MT |
51595 | .type = IPV6_TLV_JUMBO, |
51596 | .func = ipv6_hop_jumbo, | |
51597 | }, | |
51598 | - { -1, } | |
51599 | + { -1, NULL } | |
51600 | }; | |
51601 | ||
51602 | int ipv6_parse_hopopts(struct sk_buff *skb) | |
ae4e228f MT |
51603 | diff -urNp linux-2.6.33.1/net/ipv6/raw.c linux-2.6.33.1/net/ipv6/raw.c |
51604 | --- linux-2.6.33.1/net/ipv6/raw.c 2010-03-15 12:09:39.000000000 -0400 | |
51605 | +++ linux-2.6.33.1/net/ipv6/raw.c 2010-03-20 16:58:42.312547376 -0400 | |
51606 | @@ -597,7 +597,7 @@ out: | |
58c5fc13 MT |
51607 | return err; |
51608 | } | |
51609 | ||
51610 | -static int rawv6_send_hdrinc(struct sock *sk, void *from, int length, | |
51611 | +static int rawv6_send_hdrinc(struct sock *sk, void *from, unsigned int length, | |
51612 | struct flowi *fl, struct rt6_info *rt, | |
51613 | unsigned int flags) | |
51614 | { | |
ae4e228f MT |
51615 | diff -urNp linux-2.6.33.1/net/ipv6/tcp_ipv6.c linux-2.6.33.1/net/ipv6/tcp_ipv6.c |
51616 | --- linux-2.6.33.1/net/ipv6/tcp_ipv6.c 2010-03-15 12:09:39.000000000 -0400 | |
51617 | +++ linux-2.6.33.1/net/ipv6/tcp_ipv6.c 2010-03-20 16:58:42.316527391 -0400 | |
51618 | @@ -1625,6 +1625,9 @@ static int tcp_v6_do_rcv(struct sock *sk | |
58c5fc13 MT |
51619 | return 0; |
51620 | ||
51621 | reset: | |
51622 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | |
51623 | + if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK)) | |
51624 | +#endif | |
51625 | tcp_v6_send_reset(sk, skb); | |
51626 | discard: | |
51627 | if (opt_skb) | |
ae4e228f | 51628 | @@ -1747,6 +1750,9 @@ no_tcp_socket: |
58c5fc13 MT |
51629 | bad_packet: |
51630 | TCP_INC_STATS_BH(net, TCP_MIB_INERRS); | |
51631 | } else { | |
51632 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | |
51633 | + if (skb->dev->flags & IFF_LOOPBACK) | |
51634 | +#endif | |
51635 | tcp_v6_send_reset(NULL, skb); | |
51636 | } | |
51637 | ||
ae4e228f MT |
51638 | diff -urNp linux-2.6.33.1/net/ipv6/udp.c linux-2.6.33.1/net/ipv6/udp.c |
51639 | --- linux-2.6.33.1/net/ipv6/udp.c 2010-03-15 12:09:39.000000000 -0400 | |
51640 | +++ linux-2.6.33.1/net/ipv6/udp.c 2010-03-20 16:58:42.316527391 -0400 | |
51641 | @@ -745,6 +745,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, | |
58c5fc13 MT |
51642 | UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, |
51643 | proto == IPPROTO_UDPLITE); | |
51644 | ||
51645 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | |
51646 | + if (skb->dev->flags & IFF_LOOPBACK) | |
51647 | +#endif | |
51648 | icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0, dev); | |
51649 | ||
51650 | kfree_skb(skb); | |
ae4e228f MT |
51651 | diff -urNp linux-2.6.33.1/net/irda/ircomm/ircomm_tty.c linux-2.6.33.1/net/irda/ircomm/ircomm_tty.c |
51652 | --- linux-2.6.33.1/net/irda/ircomm/ircomm_tty.c 2010-03-15 12:09:39.000000000 -0400 | |
51653 | +++ linux-2.6.33.1/net/irda/ircomm/ircomm_tty.c 2010-03-20 16:58:42.316527391 -0400 | |
58c5fc13 MT |
51654 | @@ -280,16 +280,16 @@ static int ircomm_tty_block_til_ready(st |
51655 | add_wait_queue(&self->open_wait, &wait); | |
51656 | ||
51657 | IRDA_DEBUG(2, "%s(%d):block_til_ready before block on %s open_count=%d\n", | |
51658 | - __FILE__,__LINE__, tty->driver->name, self->open_count ); | |
51659 | + __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count) ); | |
51660 | ||
51661 | /* As far as I can see, we protect open_count - Jean II */ | |
51662 | spin_lock_irqsave(&self->spinlock, flags); | |
51663 | if (!tty_hung_up_p(filp)) { | |
51664 | extra_count = 1; | |
51665 | - self->open_count--; | |
51666 | + atomic_dec(&self->open_count); | |
51667 | } | |
51668 | spin_unlock_irqrestore(&self->spinlock, flags); | |
51669 | - self->blocked_open++; | |
51670 | + atomic_inc(&self->blocked_open); | |
51671 | ||
51672 | while (1) { | |
51673 | if (tty->termios->c_cflag & CBAUD) { | |
51674 | @@ -329,7 +329,7 @@ static int ircomm_tty_block_til_ready(st | |
51675 | } | |
51676 | ||
51677 | IRDA_DEBUG(1, "%s(%d):block_til_ready blocking on %s open_count=%d\n", | |
51678 | - __FILE__,__LINE__, tty->driver->name, self->open_count ); | |
51679 | + __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count) ); | |
51680 | ||
51681 | schedule(); | |
51682 | } | |
51683 | @@ -340,13 +340,13 @@ static int ircomm_tty_block_til_ready(st | |
51684 | if (extra_count) { | |
51685 | /* ++ is not atomic, so this should be protected - Jean II */ | |
51686 | spin_lock_irqsave(&self->spinlock, flags); | |
51687 | - self->open_count++; | |
51688 | + atomic_inc(&self->open_count); | |
51689 | spin_unlock_irqrestore(&self->spinlock, flags); | |
51690 | } | |
51691 | - self->blocked_open--; | |
51692 | + atomic_dec(&self->blocked_open); | |
51693 | ||
51694 | IRDA_DEBUG(1, "%s(%d):block_til_ready after blocking on %s open_count=%d\n", | |
51695 | - __FILE__,__LINE__, tty->driver->name, self->open_count); | |
51696 | + __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count)); | |
51697 | ||
51698 | if (!retval) | |
51699 | self->flags |= ASYNC_NORMAL_ACTIVE; | |
51700 | @@ -415,14 +415,14 @@ static int ircomm_tty_open(struct tty_st | |
51701 | } | |
51702 | /* ++ is not atomic, so this should be protected - Jean II */ | |
51703 | spin_lock_irqsave(&self->spinlock, flags); | |
51704 | - self->open_count++; | |
51705 | + atomic_inc(&self->open_count); | |
51706 | ||
51707 | tty->driver_data = self; | |
51708 | self->tty = tty; | |
51709 | spin_unlock_irqrestore(&self->spinlock, flags); | |
51710 | ||
51711 | IRDA_DEBUG(1, "%s(), %s%d, count = %d\n", __func__ , tty->driver->name, | |
51712 | - self->line, self->open_count); | |
51713 | + self->line, atomic_read(&self->open_count)); | |
51714 | ||
51715 | /* Not really used by us, but lets do it anyway */ | |
51716 | self->tty->low_latency = (self->flags & ASYNC_LOW_LATENCY) ? 1 : 0; | |
51717 | @@ -511,7 +511,7 @@ static void ircomm_tty_close(struct tty_ | |
51718 | return; | |
51719 | } | |
51720 | ||
51721 | - if ((tty->count == 1) && (self->open_count != 1)) { | |
51722 | + if ((tty->count == 1) && (atomic_read(&self->open_count) != 1)) { | |
51723 | /* | |
51724 | * Uh, oh. tty->count is 1, which means that the tty | |
51725 | * structure will be freed. state->count should always | |
51726 | @@ -521,16 +521,16 @@ static void ircomm_tty_close(struct tty_ | |
51727 | */ | |
51728 | IRDA_DEBUG(0, "%s(), bad serial port count; " | |
51729 | "tty->count is 1, state->count is %d\n", __func__ , | |
51730 | - self->open_count); | |
51731 | - self->open_count = 1; | |
51732 | + atomic_read(&self->open_count)); | |
51733 | + atomic_set(&self->open_count, 1); | |
51734 | } | |
51735 | ||
51736 | - if (--self->open_count < 0) { | |
51737 | + if (atomic_dec_return(&self->open_count) < 0) { | |
51738 | IRDA_ERROR("%s(), bad serial port count for ttys%d: %d\n", | |
51739 | - __func__, self->line, self->open_count); | |
51740 | - self->open_count = 0; | |
51741 | + __func__, self->line, atomic_read(&self->open_count)); | |
51742 | + atomic_set(&self->open_count, 0); | |
51743 | } | |
51744 | - if (self->open_count) { | |
51745 | + if (atomic_read(&self->open_count)) { | |
51746 | spin_unlock_irqrestore(&self->spinlock, flags); | |
51747 | ||
51748 | IRDA_DEBUG(0, "%s(), open count > 0\n", __func__ ); | |
51749 | @@ -562,7 +562,7 @@ static void ircomm_tty_close(struct tty_ | |
51750 | tty->closing = 0; | |
51751 | self->tty = NULL; | |
51752 | ||
51753 | - if (self->blocked_open) { | |
51754 | + if (atomic_read(&self->blocked_open)) { | |
51755 | if (self->close_delay) | |
51756 | schedule_timeout_interruptible(self->close_delay); | |
51757 | wake_up_interruptible(&self->open_wait); | |
51758 | @@ -1017,7 +1017,7 @@ static void ircomm_tty_hangup(struct tty | |
51759 | spin_lock_irqsave(&self->spinlock, flags); | |
51760 | self->flags &= ~ASYNC_NORMAL_ACTIVE; | |
51761 | self->tty = NULL; | |
51762 | - self->open_count = 0; | |
51763 | + atomic_set(&self->open_count, 0); | |
51764 | spin_unlock_irqrestore(&self->spinlock, flags); | |
51765 | ||
51766 | wake_up_interruptible(&self->open_wait); | |
51767 | @@ -1369,7 +1369,7 @@ static void ircomm_tty_line_info(struct | |
51768 | seq_putc(m, '\n'); | |
51769 | ||
51770 | seq_printf(m, "Role: %s\n", self->client ? "client" : "server"); | |
51771 | - seq_printf(m, "Open count: %d\n", self->open_count); | |
51772 | + seq_printf(m, "Open count: %d\n", atomic_read(&self->open_count)); | |
51773 | seq_printf(m, "Max data size: %d\n", self->max_data_size); | |
51774 | seq_printf(m, "Max header size: %d\n", self->max_header_size); | |
51775 | ||
ae4e228f MT |
51776 | diff -urNp linux-2.6.33.1/net/mac80211/ieee80211_i.h linux-2.6.33.1/net/mac80211/ieee80211_i.h |
51777 | --- linux-2.6.33.1/net/mac80211/ieee80211_i.h 2010-03-15 12:09:39.000000000 -0400 | |
51778 | +++ linux-2.6.33.1/net/mac80211/ieee80211_i.h 2010-03-20 16:58:42.316527391 -0400 | |
51779 | @@ -574,7 +574,7 @@ struct ieee80211_local { | |
51780 | /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ | |
58c5fc13 MT |
51781 | spinlock_t queue_stop_reason_lock; |
51782 | ||
58c5fc13 MT |
51783 | - int open_count; |
51784 | + atomic_t open_count; | |
51785 | int monitors, cooked_mntrs; | |
51786 | /* number of interfaces with corresponding FIF_ flags */ | |
ae4e228f MT |
51787 | int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll; |
51788 | diff -urNp linux-2.6.33.1/net/mac80211/iface.c linux-2.6.33.1/net/mac80211/iface.c | |
51789 | --- linux-2.6.33.1/net/mac80211/iface.c 2010-03-15 12:09:39.000000000 -0400 | |
51790 | +++ linux-2.6.33.1/net/mac80211/iface.c 2010-03-20 16:58:42.316527391 -0400 | |
51791 | @@ -166,7 +166,7 @@ static int ieee80211_open(struct net_dev | |
58c5fc13 MT |
51792 | break; |
51793 | } | |
51794 | ||
51795 | - if (local->open_count == 0) { | |
51796 | + if (atomic_read(&local->open_count) == 0) { | |
51797 | res = drv_start(local); | |
51798 | if (res) | |
51799 | goto err_del_bss; | |
51800 | @@ -198,7 +198,7 @@ static int ieee80211_open(struct net_dev | |
51801 | * Validate the MAC address for this device. | |
51802 | */ | |
51803 | if (!is_valid_ether_addr(dev->dev_addr)) { | |
51804 | - if (!local->open_count) | |
51805 | + if (!atomic_read(&local->open_count)) | |
51806 | drv_stop(local); | |
51807 | return -EADDRNOTAVAIL; | |
51808 | } | |
ae4e228f | 51809 | @@ -294,7 +294,7 @@ static int ieee80211_open(struct net_dev |
58c5fc13 MT |
51810 | |
51811 | hw_reconf_flags |= __ieee80211_recalc_idle(local); | |
51812 | ||
51813 | - local->open_count++; | |
51814 | + atomic_inc(&local->open_count); | |
51815 | if (hw_reconf_flags) { | |
51816 | ieee80211_hw_config(local, hw_reconf_flags); | |
51817 | /* | |
ae4e228f | 51818 | @@ -322,7 +322,7 @@ static int ieee80211_open(struct net_dev |
58c5fc13 MT |
51819 | err_del_interface: |
51820 | drv_remove_interface(local, &conf); | |
51821 | err_stop: | |
51822 | - if (!local->open_count) | |
51823 | + if (!atomic_read(&local->open_count)) | |
51824 | drv_stop(local); | |
51825 | err_del_bss: | |
51826 | sdata->bss = NULL; | |
ae4e228f | 51827 | @@ -422,7 +422,7 @@ static int ieee80211_stop(struct net_dev |
58c5fc13 MT |
51828 | WARN_ON(!list_empty(&sdata->u.ap.vlans)); |
51829 | } | |
51830 | ||
51831 | - local->open_count--; | |
51832 | + atomic_dec(&local->open_count); | |
51833 | ||
51834 | switch (sdata->vif.type) { | |
51835 | case NL80211_IFTYPE_AP_VLAN: | |
ae4e228f | 51836 | @@ -528,7 +528,7 @@ static int ieee80211_stop(struct net_dev |
58c5fc13 MT |
51837 | |
51838 | ieee80211_recalc_ps(local, -1); | |
51839 | ||
51840 | - if (local->open_count == 0) { | |
51841 | + if (atomic_read(&local->open_count) == 0) { | |
ae4e228f MT |
51842 | ieee80211_clear_tx_pending(local); |
51843 | ieee80211_stop_device(local); | |
58c5fc13 | 51844 | |
ae4e228f MT |
51845 | diff -urNp linux-2.6.33.1/net/mac80211/main.c linux-2.6.33.1/net/mac80211/main.c |
51846 | --- linux-2.6.33.1/net/mac80211/main.c 2010-03-15 12:09:39.000000000 -0400 | |
51847 | +++ linux-2.6.33.1/net/mac80211/main.c 2010-03-20 16:58:42.316527391 -0400 | |
51848 | @@ -129,7 +129,7 @@ int ieee80211_hw_config(struct ieee80211 | |
58c5fc13 MT |
51849 | local->hw.conf.power_level = power; |
51850 | } | |
51851 | ||
51852 | - if (changed && local->open_count) { | |
51853 | + if (changed && atomic_read(&local->open_count)) { | |
51854 | ret = drv_config(local, changed); | |
51855 | /* | |
51856 | * Goal: | |
ae4e228f MT |
51857 | diff -urNp linux-2.6.33.1/net/mac80211/pm.c linux-2.6.33.1/net/mac80211/pm.c |
51858 | --- linux-2.6.33.1/net/mac80211/pm.c 2010-03-15 12:09:39.000000000 -0400 | |
51859 | +++ linux-2.6.33.1/net/mac80211/pm.c 2010-03-20 16:58:42.316527391 -0400 | |
51860 | @@ -107,7 +107,7 @@ int __ieee80211_suspend(struct ieee80211 | |
58c5fc13 MT |
51861 | } |
51862 | ||
51863 | /* stop hardware - this must stop RX */ | |
ae4e228f MT |
51864 | - if (local->open_count) |
51865 | + if (atomic_read(&local->open_count)) | |
51866 | ieee80211_stop_device(local); | |
51867 | ||
51868 | local->suspended = true; | |
51869 | diff -urNp linux-2.6.33.1/net/mac80211/rate.c linux-2.6.33.1/net/mac80211/rate.c | |
51870 | --- linux-2.6.33.1/net/mac80211/rate.c 2010-03-15 12:09:39.000000000 -0400 | |
51871 | +++ linux-2.6.33.1/net/mac80211/rate.c 2010-03-20 16:58:42.316527391 -0400 | |
51872 | @@ -288,7 +288,7 @@ int ieee80211_init_rate_ctrl_alg(struct | |
58c5fc13 MT |
51873 | |
51874 | ASSERT_RTNL(); | |
ae4e228f MT |
51875 | |
51876 | - if (local->open_count) | |
51877 | + if (atomic_read(&local->open_count)) | |
58c5fc13 MT |
51878 | return -EBUSY; |
51879 | ||
ae4e228f MT |
51880 | if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) { |
51881 | diff -urNp linux-2.6.33.1/net/mac80211/rc80211_pid_debugfs.c linux-2.6.33.1/net/mac80211/rc80211_pid_debugfs.c | |
51882 | --- linux-2.6.33.1/net/mac80211/rc80211_pid_debugfs.c 2010-03-15 12:09:39.000000000 -0400 | |
51883 | +++ linux-2.6.33.1/net/mac80211/rc80211_pid_debugfs.c 2010-03-20 16:58:42.323982192 -0400 | |
51884 | @@ -191,7 +191,7 @@ static ssize_t rate_control_pid_events_r | |
58c5fc13 | 51885 | |
ae4e228f | 51886 | spin_unlock_irqrestore(&events->lock, status); |
58c5fc13 | 51887 | |
ae4e228f MT |
51888 | - if (copy_to_user(buf, pb, p)) |
51889 | + if (p > sizeof(pb) || copy_to_user(buf, pb, p)) | |
51890 | return -EFAULT; | |
58c5fc13 | 51891 | |
ae4e228f MT |
51892 | return p; |
51893 | diff -urNp linux-2.6.33.1/net/mac80211/util.c linux-2.6.33.1/net/mac80211/util.c | |
51894 | --- linux-2.6.33.1/net/mac80211/util.c 2010-03-15 12:09:39.000000000 -0400 | |
51895 | +++ linux-2.6.33.1/net/mac80211/util.c 2010-03-20 16:58:42.329957671 -0400 | |
51896 | @@ -1050,14 +1050,14 @@ int ieee80211_reconfig(struct ieee80211_ | |
51897 | local->resuming = true; | |
58c5fc13 MT |
51898 | |
51899 | /* restart hardware */ | |
51900 | - if (local->open_count) { | |
51901 | + if (atomic_read(&local->open_count)) { | |
ae4e228f MT |
51902 | /* |
51903 | * Upon resume hardware can sometimes be goofy due to | |
51904 | * various platform / driver / bus issues, so restarting | |
51905 | * the device may at times not work immediately. Propagate | |
51906 | * the error. | |
51907 | */ | |
51908 | - res = drv_start(local); | |
51909 | + res = drv_start(local); | |
51910 | if (res) { | |
51911 | WARN(local->suspended, "Harware became unavailable " | |
51912 | "upon resume. This is could be a software issue" | |
51913 | diff -urNp linux-2.6.33.1/net/packet/af_packet.c linux-2.6.33.1/net/packet/af_packet.c | |
51914 | --- linux-2.6.33.1/net/packet/af_packet.c 2010-03-15 12:09:39.000000000 -0400 | |
51915 | +++ linux-2.6.33.1/net/packet/af_packet.c 2010-03-20 16:58:42.329957671 -0400 | |
51916 | @@ -1886,7 +1886,7 @@ static int packet_getsockopt(struct sock | |
51917 | case PACKET_HDRLEN: | |
51918 | if (len > sizeof(int)) | |
51919 | len = sizeof(int); | |
51920 | - if (copy_from_user(&val, optval, len)) | |
51921 | + if (len > sizeof(val) || copy_from_user(&val, optval, len)) | |
51922 | return -EFAULT; | |
51923 | switch (val) { | |
51924 | case TPACKET_V1: | |
51925 | @@ -1919,7 +1919,7 @@ static int packet_getsockopt(struct sock | |
58c5fc13 | 51926 | |
ae4e228f MT |
51927 | if (put_user(len, optlen)) |
51928 | return -EFAULT; | |
51929 | - if (copy_to_user(optval, data, len)) | |
51930 | + if (len > sizeof(st) || copy_to_user(optval, data, len)) | |
51931 | return -EFAULT; | |
51932 | return 0; | |
58c5fc13 | 51933 | } |
ae4e228f MT |
51934 | diff -urNp linux-2.6.33.1/net/sctp/socket.c linux-2.6.33.1/net/sctp/socket.c |
51935 | --- linux-2.6.33.1/net/sctp/socket.c 2010-03-15 12:09:39.000000000 -0400 | |
51936 | +++ linux-2.6.33.1/net/sctp/socket.c 2010-03-20 16:58:42.332512321 -0400 | |
51937 | @@ -1482,7 +1482,7 @@ SCTP_STATIC int sctp_sendmsg(struct kioc | |
58c5fc13 MT |
51938 | struct sctp_sndrcvinfo *sinfo; |
51939 | struct sctp_initmsg *sinit; | |
51940 | sctp_assoc_t associd = 0; | |
51941 | - sctp_cmsgs_t cmsgs = { NULL }; | |
51942 | + sctp_cmsgs_t cmsgs = { NULL, NULL }; | |
51943 | int err; | |
51944 | sctp_scope_t scope; | |
51945 | long timeo; | |
ae4e228f MT |
51946 | @@ -4386,7 +4386,7 @@ static int sctp_getsockopt_peer_addrs(st |
51947 | addrlen = sctp_get_af_specific(sk->sk_family)->sockaddr_len; | |
51948 | if (space_left < addrlen) | |
51949 | return -ENOMEM; | |
51950 | - if (copy_to_user(to, &temp, addrlen)) | |
51951 | + if (addrlen > sizeof(temp) || copy_to_user(to, &temp, addrlen)) | |
51952 | return -EFAULT; | |
51953 | to += addrlen; | |
51954 | cnt++; | |
51955 | @@ -5478,7 +5478,6 @@ pp_found: | |
58c5fc13 MT |
51956 | */ |
51957 | int reuse = sk->sk_reuse; | |
51958 | struct sock *sk2; | |
51959 | - struct hlist_node *node; | |
51960 | ||
51961 | SCTP_DEBUG_PRINTK("sctp_get_port() found a possible match\n"); | |
51962 | if (pp->fastreuse && sk->sk_reuse && | |
ae4e228f MT |
51963 | diff -urNp linux-2.6.33.1/net/socket.c linux-2.6.33.1/net/socket.c |
51964 | --- linux-2.6.33.1/net/socket.c 2010-03-15 12:09:39.000000000 -0400 | |
51965 | +++ linux-2.6.33.1/net/socket.c 2010-03-20 16:58:42.332512321 -0400 | |
51966 | @@ -87,6 +87,7 @@ | |
58c5fc13 MT |
51967 | #include <linux/wireless.h> |
51968 | #include <linux/nsproxy.h> | |
ae4e228f | 51969 | #include <linux/magic.h> |
58c5fc13 MT |
51970 | +#include <linux/in.h> |
51971 | ||
51972 | #include <asm/uaccess.h> | |
51973 | #include <asm/unistd.h> | |
ae4e228f MT |
51974 | @@ -103,6 +104,8 @@ |
51975 | #include <linux/sockios.h> | |
51976 | #include <linux/atalk.h> | |
58c5fc13 | 51977 | |
ae4e228f | 51978 | +#include <linux/grsock.h> |
58c5fc13 MT |
51979 | + |
51980 | static int sock_no_open(struct inode *irrelevant, struct file *dontcare); | |
51981 | static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, | |
51982 | unsigned long nr_segs, loff_t pos); | |
ae4e228f | 51983 | @@ -304,7 +307,7 @@ static int sockfs_get_sb(struct file_sys |
58c5fc13 MT |
51984 | mnt); |
51985 | } | |
51986 | ||
51987 | -static struct vfsmount *sock_mnt __read_mostly; | |
51988 | +struct vfsmount *sock_mnt __read_mostly; | |
51989 | ||
51990 | static struct file_system_type sock_fs_type = { | |
51991 | .name = "sockfs", | |
ae4e228f | 51992 | @@ -1310,6 +1313,16 @@ SYSCALL_DEFINE3(socket, int, family, int |
58c5fc13 MT |
51993 | if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK)) |
51994 | flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK; | |
51995 | ||
51996 | + if(!gr_search_socket(family, type, protocol)) { | |
51997 | + retval = -EACCES; | |
51998 | + goto out; | |
51999 | + } | |
52000 | + | |
52001 | + if (gr_handle_sock_all(family, type, protocol)) { | |
52002 | + retval = -EACCES; | |
52003 | + goto out; | |
52004 | + } | |
52005 | + | |
52006 | retval = sock_create(family, type, protocol, &sock); | |
52007 | if (retval < 0) | |
52008 | goto out; | |
ae4e228f | 52009 | @@ -1422,6 +1435,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct so |
58c5fc13 MT |
52010 | if (sock) { |
52011 | err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address); | |
52012 | if (err >= 0) { | |
52013 | + if (gr_handle_sock_server((struct sockaddr *)&address)) { | |
52014 | + err = -EACCES; | |
52015 | + goto error; | |
52016 | + } | |
52017 | + err = gr_search_bind(sock, (struct sockaddr_in *)&address); | |
52018 | + if (err) | |
52019 | + goto error; | |
52020 | + | |
52021 | err = security_socket_bind(sock, | |
52022 | (struct sockaddr *)&address, | |
52023 | addrlen); | |
ae4e228f | 52024 | @@ -1430,6 +1451,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct so |
58c5fc13 MT |
52025 | (struct sockaddr *) |
52026 | &address, addrlen); | |
52027 | } | |
52028 | +error: | |
52029 | fput_light(sock->file, fput_needed); | |
52030 | } | |
52031 | return err; | |
ae4e228f | 52032 | @@ -1453,10 +1475,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, ba |
58c5fc13 MT |
52033 | if ((unsigned)backlog > somaxconn) |
52034 | backlog = somaxconn; | |
52035 | ||
52036 | + if (gr_handle_sock_server_other(sock)) { | |
52037 | + err = -EPERM; | |
52038 | + goto error; | |
52039 | + } | |
52040 | + | |
52041 | + err = gr_search_listen(sock); | |
52042 | + if (err) | |
52043 | + goto error; | |
52044 | + | |
52045 | err = security_socket_listen(sock, backlog); | |
52046 | if (!err) | |
52047 | err = sock->ops->listen(sock, backlog); | |
52048 | ||
52049 | +error: | |
52050 | fput_light(sock->file, fput_needed); | |
52051 | } | |
52052 | return err; | |
ae4e228f | 52053 | @@ -1499,6 +1531,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
58c5fc13 MT |
52054 | newsock->type = sock->type; |
52055 | newsock->ops = sock->ops; | |
52056 | ||
52057 | + if (gr_handle_sock_server_other(sock)) { | |
52058 | + err = -EPERM; | |
52059 | + sock_release(newsock); | |
52060 | + goto out_put; | |
52061 | + } | |
52062 | + | |
52063 | + err = gr_search_accept(sock); | |
52064 | + if (err) { | |
52065 | + sock_release(newsock); | |
52066 | + goto out_put; | |
52067 | + } | |
52068 | + | |
52069 | /* | |
52070 | * We don't need try_module_get here, as the listening socket (sock) | |
52071 | * has the protocol module (sock->ops->owner) held. | |
ae4e228f | 52072 | @@ -1537,6 +1581,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
58c5fc13 MT |
52073 | fd_install(newfd, newfile); |
52074 | err = newfd; | |
52075 | ||
52076 | + gr_attach_curr_ip(newsock->sk); | |
52077 | + | |
52078 | out_put: | |
52079 | fput_light(sock->file, fput_needed); | |
52080 | out: | |
ae4e228f | 52081 | @@ -1569,6 +1615,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct |
58c5fc13 MT |
52082 | int, addrlen) |
52083 | { | |
52084 | struct socket *sock; | |
52085 | + struct sockaddr *sck; | |
52086 | struct sockaddr_storage address; | |
52087 | int err, fput_needed; | |
52088 | ||
ae4e228f | 52089 | @@ -1579,6 +1626,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct |
58c5fc13 MT |
52090 | if (err < 0) |
52091 | goto out_put; | |
52092 | ||
52093 | + sck = (struct sockaddr *)&address; | |
52094 | + | |
52095 | + if (gr_handle_sock_client(sck)) { | |
52096 | + err = -EACCES; | |
52097 | + goto out_put; | |
52098 | + } | |
52099 | + | |
52100 | + err = gr_search_connect(sock, (struct sockaddr_in *)sck); | |
52101 | + if (err) | |
52102 | + goto out_put; | |
52103 | + | |
52104 | err = | |
52105 | security_socket_connect(sock, (struct sockaddr *)&address, addrlen); | |
52106 | if (err) | |
ae4e228f MT |
52107 | diff -urNp linux-2.6.33.1/net/sunrpc/xprtrdma/svc_rdma.c linux-2.6.33.1/net/sunrpc/xprtrdma/svc_rdma.c |
52108 | --- linux-2.6.33.1/net/sunrpc/xprtrdma/svc_rdma.c 2010-03-15 12:09:39.000000000 -0400 | |
52109 | +++ linux-2.6.33.1/net/sunrpc/xprtrdma/svc_rdma.c 2010-03-20 16:58:42.332512321 -0400 | |
52110 | @@ -105,7 +105,7 @@ static int read_reset_stat(ctl_table *ta | |
52111 | len -= *ppos; | |
52112 | if (len > *lenp) | |
52113 | len = *lenp; | |
52114 | - if (len && copy_to_user(buffer, str_buf, len)) | |
52115 | + if (len > sizeof(str_buf) || (len && copy_to_user(buffer, str_buf, len))) | |
52116 | return -EFAULT; | |
52117 | *lenp = len; | |
52118 | *ppos += len; | |
52119 | diff -urNp linux-2.6.33.1/net/sysctl_net.c linux-2.6.33.1/net/sysctl_net.c | |
52120 | --- linux-2.6.33.1/net/sysctl_net.c 2010-03-15 12:09:39.000000000 -0400 | |
52121 | +++ linux-2.6.33.1/net/sysctl_net.c 2010-03-20 16:58:42.332512321 -0400 | |
52122 | @@ -46,7 +46,7 @@ static int net_ctl_permissions(struct ct | |
52123 | struct ctl_table *table) | |
52124 | { | |
52125 | /* Allow network administrator to have same access as root. */ | |
52126 | - if (capable(CAP_NET_ADMIN)) { | |
52127 | + if (capable_nolog(CAP_NET_ADMIN)) { | |
52128 | int mode = (table->mode >> 6) & 7; | |
52129 | return (mode << 6) | (mode << 3) | mode; | |
52130 | } | |
52131 | diff -urNp linux-2.6.33.1/net/unix/af_unix.c linux-2.6.33.1/net/unix/af_unix.c | |
52132 | --- linux-2.6.33.1/net/unix/af_unix.c 2010-03-15 12:09:39.000000000 -0400 | |
52133 | +++ linux-2.6.33.1/net/unix/af_unix.c 2010-03-20 16:58:42.332512321 -0400 | |
52134 | @@ -735,6 +735,12 @@ static struct sock *unix_find_other(stru | |
58c5fc13 MT |
52135 | err = -ECONNREFUSED; |
52136 | if (!S_ISSOCK(inode->i_mode)) | |
52137 | goto put_fail; | |
52138 | + | |
52139 | + if (!gr_acl_handle_unix(path.dentry, path.mnt)) { | |
52140 | + err = -EACCES; | |
52141 | + goto put_fail; | |
52142 | + } | |
52143 | + | |
52144 | u = unix_find_socket_byinode(net, inode); | |
52145 | if (!u) | |
52146 | goto put_fail; | |
ae4e228f | 52147 | @@ -755,6 +761,13 @@ static struct sock *unix_find_other(stru |
58c5fc13 MT |
52148 | if (u) { |
52149 | struct dentry *dentry; | |
52150 | dentry = unix_sk(u)->dentry; | |
52151 | + | |
52152 | + if (!gr_handle_chroot_unix(u->sk_peercred.pid)) { | |
52153 | + err = -EPERM; | |
52154 | + sock_put(u); | |
52155 | + goto fail; | |
52156 | + } | |
52157 | + | |
52158 | if (dentry) | |
52159 | touch_atime(unix_sk(u)->mnt, dentry); | |
52160 | } else | |
ae4e228f | 52161 | @@ -840,11 +853,18 @@ static int unix_bind(struct socket *sock |
58c5fc13 MT |
52162 | err = security_path_mknod(&nd.path, dentry, mode, 0); |
52163 | if (err) | |
52164 | goto out_mknod_drop_write; | |
52165 | + if (!gr_acl_handle_mknod(dentry, nd.path.dentry, nd.path.mnt, mode)) { | |
52166 | + err = -EACCES; | |
52167 | + goto out_mknod_drop_write; | |
52168 | + } | |
52169 | err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0); | |
52170 | out_mknod_drop_write: | |
52171 | mnt_drop_write(nd.path.mnt); | |
52172 | if (err) | |
52173 | goto out_mknod_dput; | |
52174 | + | |
52175 | + gr_handle_create(dentry, nd.path.mnt); | |
52176 | + | |
52177 | mutex_unlock(&nd.path.dentry->d_inode->i_mutex); | |
52178 | dput(nd.path.dentry); | |
52179 | nd.path.dentry = dentry; | |
ae4e228f | 52180 | @@ -862,6 +882,10 @@ out_mknod_drop_write: |
58c5fc13 MT |
52181 | goto out_unlock; |
52182 | } | |
52183 | ||
52184 | +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX | |
52185 | + sk->sk_peercred.pid = current->pid; | |
52186 | +#endif | |
52187 | + | |
52188 | list = &unix_socket_table[addr->hash]; | |
52189 | } else { | |
52190 | list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)]; | |
ae4e228f MT |
52191 | diff -urNp linux-2.6.33.1/samples/kobject/kset-example.c linux-2.6.33.1/samples/kobject/kset-example.c |
52192 | --- linux-2.6.33.1/samples/kobject/kset-example.c 2010-03-15 12:09:39.000000000 -0400 | |
52193 | +++ linux-2.6.33.1/samples/kobject/kset-example.c 2010-03-20 16:58:42.344967210 -0400 | |
52194 | @@ -87,7 +87,7 @@ static ssize_t foo_attr_store(struct kob | |
58c5fc13 MT |
52195 | } |
52196 | ||
ae4e228f MT |
52197 | /* Our custom sysfs_ops that we will associate with our ktype later on */ |
52198 | -static struct sysfs_ops foo_sysfs_ops = { | |
52199 | +static const struct sysfs_ops foo_sysfs_ops = { | |
52200 | .show = foo_attr_show, | |
52201 | .store = foo_attr_store, | |
58c5fc13 | 52202 | }; |
ae4e228f MT |
52203 | diff -urNp linux-2.6.33.1/scripts/basic/fixdep.c linux-2.6.33.1/scripts/basic/fixdep.c |
52204 | --- linux-2.6.33.1/scripts/basic/fixdep.c 2010-03-15 12:09:39.000000000 -0400 | |
52205 | +++ linux-2.6.33.1/scripts/basic/fixdep.c 2010-03-20 16:58:42.344967210 -0400 | |
52206 | @@ -222,9 +222,9 @@ static void use_config(char *m, int slen | |
58c5fc13 | 52207 | |
ae4e228f | 52208 | static void parse_config_file(char *map, size_t len) |
58c5fc13 MT |
52209 | { |
52210 | - int *end = (int *) (map + len); | |
52211 | + unsigned int *end = (unsigned int *) (map + len); | |
52212 | /* start at +1, so that p can never be < map */ | |
52213 | - int *m = (int *) map + 1; | |
52214 | + unsigned int *m = (unsigned int *) map + 1; | |
52215 | char *p, *q; | |
52216 | ||
52217 | for (; m < end; m++) { | |
ae4e228f MT |
52218 | @@ -371,7 +371,7 @@ static void print_deps(void) |
52219 | static void traps(void) | |
58c5fc13 MT |
52220 | { |
52221 | static char test[] __attribute__((aligned(sizeof(int)))) = "CONF"; | |
52222 | - int *p = (int *)test; | |
52223 | + unsigned int *p = (unsigned int *)test; | |
52224 | ||
52225 | if (*p != INT_CONF) { | |
52226 | fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", | |
ae4e228f MT |
52227 | diff -urNp linux-2.6.33.1/scripts/kallsyms.c linux-2.6.33.1/scripts/kallsyms.c |
52228 | --- linux-2.6.33.1/scripts/kallsyms.c 2010-03-15 12:09:39.000000000 -0400 | |
52229 | +++ linux-2.6.33.1/scripts/kallsyms.c 2010-03-20 16:58:42.344967210 -0400 | |
58c5fc13 MT |
52230 | @@ -43,10 +43,10 @@ struct text_range { |
52231 | ||
52232 | static unsigned long long _text; | |
52233 | static struct text_range text_ranges[] = { | |
52234 | - { "_stext", "_etext" }, | |
52235 | - { "_sinittext", "_einittext" }, | |
52236 | - { "_stext_l1", "_etext_l1" }, /* Blackfin on-chip L1 inst SRAM */ | |
52237 | - { "_stext_l2", "_etext_l2" }, /* Blackfin on-chip L2 SRAM */ | |
52238 | + { "_stext", "_etext", 0, 0 }, | |
52239 | + { "_sinittext", "_einittext", 0, 0 }, | |
52240 | + { "_stext_l1", "_etext_l1", 0, 0 }, /* Blackfin on-chip L1 inst SRAM */ | |
52241 | + { "_stext_l2", "_etext_l2", 0, 0 }, /* Blackfin on-chip L2 SRAM */ | |
52242 | }; | |
52243 | #define text_range_text (&text_ranges[0]) | |
52244 | #define text_range_inittext (&text_ranges[1]) | |
ae4e228f MT |
52245 | diff -urNp linux-2.6.33.1/scripts/mod/file2alias.c linux-2.6.33.1/scripts/mod/file2alias.c |
52246 | --- linux-2.6.33.1/scripts/mod/file2alias.c 2010-03-15 12:09:39.000000000 -0400 | |
52247 | +++ linux-2.6.33.1/scripts/mod/file2alias.c 2010-03-20 16:58:42.348544513 -0400 | |
58c5fc13 MT |
52248 | @@ -72,7 +72,7 @@ static void device_id_check(const char * |
52249 | unsigned long size, unsigned long id_size, | |
52250 | void *symval) | |
52251 | { | |
52252 | - int i; | |
52253 | + unsigned int i; | |
52254 | ||
52255 | if (size % id_size || size < id_size) { | |
52256 | if (cross_build != 0) | |
52257 | @@ -102,7 +102,7 @@ static void device_id_check(const char * | |
52258 | /* USB is special because the bcdDevice can be matched against a numeric range */ | |
52259 | /* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipN" */ | |
52260 | static void do_usb_entry(struct usb_device_id *id, | |
52261 | - unsigned int bcdDevice_initial, int bcdDevice_initial_digits, | |
52262 | + unsigned int bcdDevice_initial, unsigned int bcdDevice_initial_digits, | |
52263 | unsigned char range_lo, unsigned char range_hi, | |
ae4e228f | 52264 | unsigned char max, struct module *mod) |
58c5fc13 | 52265 | { |
ae4e228f | 52266 | @@ -437,7 +437,7 @@ static void do_pnp_device_entry(void *sy |
58c5fc13 MT |
52267 | for (i = 0; i < count; i++) { |
52268 | const char *id = (char *)devs[i].id; | |
52269 | char acpi_id[sizeof(devs[0].id)]; | |
52270 | - int j; | |
52271 | + unsigned int j; | |
52272 | ||
52273 | buf_printf(&mod->dev_table_buf, | |
52274 | "MODULE_ALIAS(\"pnp:d%s*\");\n", id); | |
ae4e228f | 52275 | @@ -467,7 +467,7 @@ static void do_pnp_card_entries(void *sy |
58c5fc13 MT |
52276 | |
52277 | for (j = 0; j < PNP_MAX_DEVICES; j++) { | |
52278 | const char *id = (char *)card->devs[j].id; | |
52279 | - int i2, j2; | |
52280 | + unsigned int i2, j2; | |
52281 | int dup = 0; | |
52282 | ||
52283 | if (!id[0]) | |
ae4e228f | 52284 | @@ -493,7 +493,7 @@ static void do_pnp_card_entries(void *sy |
58c5fc13 MT |
52285 | /* add an individual alias for every device entry */ |
52286 | if (!dup) { | |
52287 | char acpi_id[sizeof(card->devs[0].id)]; | |
52288 | - int k; | |
52289 | + unsigned int k; | |
52290 | ||
52291 | buf_printf(&mod->dev_table_buf, | |
52292 | "MODULE_ALIAS(\"pnp:d%s*\");\n", id); | |
ae4e228f | 52293 | @@ -768,7 +768,7 @@ static void dmi_ascii_filter(char *d, co |
58c5fc13 MT |
52294 | static int do_dmi_entry(const char *filename, struct dmi_system_id *id, |
52295 | char *alias) | |
52296 | { | |
52297 | - int i, j; | |
52298 | + unsigned int i, j; | |
52299 | ||
52300 | sprintf(alias, "dmi*"); | |
52301 | ||
ae4e228f MT |
52302 | diff -urNp linux-2.6.33.1/scripts/mod/modpost.c linux-2.6.33.1/scripts/mod/modpost.c |
52303 | --- linux-2.6.33.1/scripts/mod/modpost.c 2010-03-15 12:09:39.000000000 -0400 | |
52304 | +++ linux-2.6.33.1/scripts/mod/modpost.c 2010-03-20 16:58:42.348544513 -0400 | |
52305 | @@ -842,6 +842,7 @@ enum mismatch { | |
58c5fc13 MT |
52306 | INIT_TO_EXIT, |
52307 | EXIT_TO_INIT, | |
52308 | EXPORT_TO_INIT_EXIT, | |
52309 | + DATA_TO_TEXT | |
52310 | }; | |
52311 | ||
52312 | struct sectioncheck { | |
ae4e228f | 52313 | @@ -927,6 +928,12 @@ const struct sectioncheck sectioncheck[] |
58c5fc13 MT |
52314 | .fromsec = { "__ksymtab*", NULL }, |
52315 | .tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL }, | |
52316 | .mismatch = EXPORT_TO_INIT_EXIT | |
52317 | +}, | |
52318 | +/* Do not reference code from writable data */ | |
52319 | +{ | |
52320 | + .fromsec = { DATA_SECTIONS, NULL }, | |
52321 | + .tosec = { TEXT_SECTIONS, NULL }, | |
52322 | + .mismatch = DATA_TO_TEXT | |
52323 | } | |
52324 | }; | |
52325 | ||
ae4e228f | 52326 | @@ -1031,10 +1038,10 @@ static Elf_Sym *find_elf_symbol(struct e |
58c5fc13 MT |
52327 | continue; |
52328 | if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) | |
52329 | continue; | |
52330 | - if (sym->st_value == addr) | |
52331 | - return sym; | |
52332 | /* Find a symbol nearby - addr are maybe negative */ | |
52333 | d = sym->st_value - addr; | |
52334 | + if (d == 0) | |
52335 | + return sym; | |
52336 | if (d < 0) | |
52337 | d = addr - sym->st_value; | |
52338 | if (d < distance) { | |
ae4e228f | 52339 | @@ -1275,6 +1282,14 @@ static void report_sec_mismatch(const ch |
58c5fc13 MT |
52340 | "Fix this by removing the %sannotation of %s " |
52341 | "or drop the export.\n", | |
52342 | tosym, sec2annotation(tosec), sec2annotation(tosec), tosym); | |
52343 | + case DATA_TO_TEXT: | |
52344 | +/* | |
52345 | + fprintf(stderr, | |
52346 | + "The variable %s references\n" | |
52347 | + "the %s %s%s%s\n", | |
52348 | + fromsym, to, sec2annotation(tosec), tosym, to_p); | |
52349 | +*/ | |
52350 | + break; | |
52351 | case NO_MISMATCH: | |
52352 | /* To get warnings on missing members */ | |
52353 | break; | |
ae4e228f | 52354 | @@ -1600,7 +1615,7 @@ void __attribute__((format(printf, 2, 3) |
58c5fc13 MT |
52355 | va_end(ap); |
52356 | } | |
52357 | ||
52358 | -void buf_write(struct buffer *buf, const char *s, int len) | |
52359 | +void buf_write(struct buffer *buf, const char *s, unsigned int len) | |
52360 | { | |
52361 | if (buf->size - buf->pos < len) { | |
52362 | buf->size += len + SZ; | |
ae4e228f | 52363 | @@ -1812,7 +1827,7 @@ static void write_if_changed(struct buff |
58c5fc13 MT |
52364 | if (fstat(fileno(file), &st) < 0) |
52365 | goto close_write; | |
52366 | ||
52367 | - if (st.st_size != b->pos) | |
52368 | + if (st.st_size != (off_t)b->pos) | |
52369 | goto close_write; | |
52370 | ||
52371 | tmp = NOFAIL(malloc(b->pos)); | |
ae4e228f MT |
52372 | diff -urNp linux-2.6.33.1/scripts/mod/modpost.h linux-2.6.33.1/scripts/mod/modpost.h |
52373 | --- linux-2.6.33.1/scripts/mod/modpost.h 2010-03-15 12:09:39.000000000 -0400 | |
52374 | +++ linux-2.6.33.1/scripts/mod/modpost.h 2010-03-20 16:58:42.348544513 -0400 | |
58c5fc13 MT |
52375 | @@ -92,15 +92,15 @@ void *do_nofail(void *ptr, const char *e |
52376 | ||
52377 | struct buffer { | |
52378 | char *p; | |
52379 | - int pos; | |
52380 | - int size; | |
52381 | + unsigned int pos; | |
52382 | + unsigned int size; | |
52383 | }; | |
52384 | ||
52385 | void __attribute__((format(printf, 2, 3))) | |
52386 | buf_printf(struct buffer *buf, const char *fmt, ...); | |
52387 | ||
52388 | void | |
52389 | -buf_write(struct buffer *buf, const char *s, int len); | |
52390 | +buf_write(struct buffer *buf, const char *s, unsigned int len); | |
52391 | ||
52392 | struct module { | |
52393 | struct module *next; | |
ae4e228f MT |
52394 | diff -urNp linux-2.6.33.1/scripts/mod/sumversion.c linux-2.6.33.1/scripts/mod/sumversion.c |
52395 | --- linux-2.6.33.1/scripts/mod/sumversion.c 2010-03-15 12:09:39.000000000 -0400 | |
52396 | +++ linux-2.6.33.1/scripts/mod/sumversion.c 2010-03-20 16:58:42.348544513 -0400 | |
52397 | @@ -455,7 +455,7 @@ static void write_version(const char *fi | |
58c5fc13 MT |
52398 | goto out; |
52399 | } | |
52400 | ||
52401 | - if (write(fd, sum, strlen(sum)+1) != strlen(sum)+1) { | |
52402 | + if (write(fd, sum, strlen(sum)+1) != (ssize_t)strlen(sum)+1) { | |
52403 | warn("writing sum in %s failed: %s\n", | |
52404 | filename, strerror(errno)); | |
52405 | goto out; | |
ae4e228f MT |
52406 | diff -urNp linux-2.6.33.1/scripts/pnmtologo.c linux-2.6.33.1/scripts/pnmtologo.c |
52407 | --- linux-2.6.33.1/scripts/pnmtologo.c 2010-03-15 12:09:39.000000000 -0400 | |
52408 | +++ linux-2.6.33.1/scripts/pnmtologo.c 2010-03-20 16:58:42.348544513 -0400 | |
58c5fc13 MT |
52409 | @@ -237,14 +237,14 @@ static void write_header(void) |
52410 | fprintf(out, " * Linux logo %s\n", logoname); | |
52411 | fputs(" */\n\n", out); | |
52412 | fputs("#include <linux/linux_logo.h>\n\n", out); | |
52413 | - fprintf(out, "static unsigned char %s_data[] __initdata = {\n", | |
52414 | + fprintf(out, "static unsigned char %s_data[] = {\n", | |
52415 | logoname); | |
52416 | } | |
52417 | ||
52418 | static void write_footer(void) | |
52419 | { | |
52420 | fputs("\n};\n\n", out); | |
52421 | - fprintf(out, "const struct linux_logo %s __initconst = {\n", logoname); | |
52422 | + fprintf(out, "const struct linux_logo %s = {\n", logoname); | |
52423 | fprintf(out, "\t.type\t\t= %s,\n", logo_types[logo_type]); | |
52424 | fprintf(out, "\t.width\t\t= %d,\n", logo_width); | |
52425 | fprintf(out, "\t.height\t\t= %d,\n", logo_height); | |
52426 | @@ -374,7 +374,7 @@ static void write_logo_clut224(void) | |
52427 | fputs("\n};\n\n", out); | |
52428 | ||
52429 | /* write logo clut */ | |
52430 | - fprintf(out, "static unsigned char %s_clut[] __initdata = {\n", | |
52431 | + fprintf(out, "static unsigned char %s_clut[] = {\n", | |
52432 | logoname); | |
52433 | write_hex_cnt = 0; | |
52434 | for (i = 0; i < logo_clutsize; i++) { | |
ae4e228f MT |
52435 | diff -urNp linux-2.6.33.1/security/commoncap.c linux-2.6.33.1/security/commoncap.c |
52436 | --- linux-2.6.33.1/security/commoncap.c 2010-03-15 12:09:39.000000000 -0400 | |
52437 | +++ linux-2.6.33.1/security/commoncap.c 2010-03-20 16:58:42.348544513 -0400 | |
58c5fc13 MT |
52438 | @@ -27,7 +27,7 @@ |
52439 | #include <linux/sched.h> | |
52440 | #include <linux/prctl.h> | |
52441 | #include <linux/securebits.h> | |
52442 | - | |
52443 | +#include <net/sock.h> | |
52444 | /* | |
52445 | * If a non-root user executes a setuid-root binary in | |
52446 | * !secure(SECURE_NOROOT) mode, then we raise capabilities. | |
52447 | @@ -50,9 +50,11 @@ static void warn_setuid_and_fcaps_mixed( | |
52448 | } | |
52449 | } | |
52450 | ||
52451 | +extern kernel_cap_t gr_cap_rtnetlink(struct sock *sk); | |
52452 | + | |
52453 | int cap_netlink_send(struct sock *sk, struct sk_buff *skb) | |
52454 | { | |
52455 | - NETLINK_CB(skb).eff_cap = current_cap(); | |
52456 | + NETLINK_CB(skb).eff_cap = gr_cap_rtnetlink(sk); | |
52457 | return 0; | |
52458 | } | |
52459 | ||
ae4e228f MT |
52460 | diff -urNp linux-2.6.33.1/security/integrity/ima/ima_api.c linux-2.6.33.1/security/integrity/ima/ima_api.c |
52461 | --- linux-2.6.33.1/security/integrity/ima/ima_api.c 2010-03-15 12:09:39.000000000 -0400 | |
52462 | +++ linux-2.6.33.1/security/integrity/ima/ima_api.c 2010-03-20 16:58:42.348544513 -0400 | |
52463 | @@ -74,7 +74,7 @@ void ima_add_violation(struct inode *ino | |
52464 | int result; | |
58c5fc13 | 52465 | |
ae4e228f MT |
52466 | /* can overflow, only indicator */ |
52467 | - atomic_long_inc(&ima_htable.violations); | |
52468 | + atomic_long_inc_unchecked(&ima_htable.violations); | |
52469 | ||
52470 | entry = kmalloc(sizeof(*entry), GFP_KERNEL); | |
52471 | if (!entry) { | |
52472 | diff -urNp linux-2.6.33.1/security/integrity/ima/ima_fs.c linux-2.6.33.1/security/integrity/ima/ima_fs.c | |
52473 | --- linux-2.6.33.1/security/integrity/ima/ima_fs.c 2010-03-15 12:09:39.000000000 -0400 | |
52474 | +++ linux-2.6.33.1/security/integrity/ima/ima_fs.c 2010-03-20 16:58:42.348544513 -0400 | |
52475 | @@ -27,12 +27,12 @@ | |
52476 | static int valid_policy = 1; | |
52477 | #define TMPBUFLEN 12 | |
52478 | static ssize_t ima_show_htable_value(char __user *buf, size_t count, | |
52479 | - loff_t *ppos, atomic_long_t *val) | |
52480 | + loff_t *ppos, atomic_long_unchecked_t *val) | |
52481 | { | |
52482 | char tmpbuf[TMPBUFLEN]; | |
52483 | ssize_t len; | |
52484 | ||
52485 | - len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val)); | |
52486 | + len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read_unchecked(val)); | |
52487 | return simple_read_from_buffer(buf, count, ppos, tmpbuf, len); | |
52488 | } | |
52489 | ||
52490 | diff -urNp linux-2.6.33.1/security/integrity/ima/ima.h linux-2.6.33.1/security/integrity/ima/ima.h | |
52491 | --- linux-2.6.33.1/security/integrity/ima/ima.h 2010-03-15 12:09:39.000000000 -0400 | |
52492 | +++ linux-2.6.33.1/security/integrity/ima/ima.h 2010-03-20 16:58:42.348544513 -0400 | |
52493 | @@ -83,8 +83,8 @@ void ima_add_violation(struct inode *ino | |
52494 | extern spinlock_t ima_queue_lock; | |
52495 | ||
52496 | struct ima_h_table { | |
52497 | - atomic_long_t len; /* number of stored measurements in the list */ | |
52498 | - atomic_long_t violations; | |
52499 | + atomic_long_unchecked_t len; /* number of stored measurements in the list */ | |
52500 | + atomic_long_unchecked_t violations; | |
52501 | struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE]; | |
58c5fc13 | 52502 | }; |
ae4e228f MT |
52503 | extern struct ima_h_table ima_htable; |
52504 | diff -urNp linux-2.6.33.1/security/integrity/ima/ima_queue.c linux-2.6.33.1/security/integrity/ima/ima_queue.c | |
52505 | --- linux-2.6.33.1/security/integrity/ima/ima_queue.c 2010-03-15 12:09:39.000000000 -0400 | |
52506 | +++ linux-2.6.33.1/security/integrity/ima/ima_queue.c 2010-03-20 16:58:42.348544513 -0400 | |
52507 | @@ -78,7 +78,7 @@ static int ima_add_digest_entry(struct i | |
52508 | INIT_LIST_HEAD(&qe->later); | |
52509 | list_add_tail_rcu(&qe->later, &ima_measurements); | |
52510 | ||
52511 | - atomic_long_inc(&ima_htable.len); | |
52512 | + atomic_long_inc_unchecked(&ima_htable.len); | |
52513 | key = ima_hash_key(entry->digest); | |
52514 | hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]); | |
58c5fc13 | 52515 | return 0; |
ae4e228f MT |
52516 | diff -urNp linux-2.6.33.1/security/Kconfig linux-2.6.33.1/security/Kconfig |
52517 | --- linux-2.6.33.1/security/Kconfig 2010-03-15 12:09:39.000000000 -0400 | |
52518 | +++ linux-2.6.33.1/security/Kconfig 2010-03-20 17:07:22.208972401 -0400 | |
52519 | @@ -4,6 +4,488 @@ | |
58c5fc13 MT |
52520 | |
52521 | menu "Security options" | |
52522 | ||
52523 | +source grsecurity/Kconfig | |
52524 | + | |
52525 | +menu "PaX" | |
52526 | + | |
52527 | +config PAX | |
52528 | + bool "Enable various PaX features" | |
ae4e228f | 52529 | + depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS32 || MIPS64 || PARISC || PPC || SPARC || X86) |
58c5fc13 MT |
52530 | + help |
52531 | + This allows you to enable various PaX features. PaX adds | |
52532 | + intrusion prevention mechanisms to the kernel that reduce | |
52533 | + the risks posed by exploitable memory corruption bugs. | |
52534 | + | |
52535 | +menu "PaX Control" | |
52536 | + depends on PAX | |
52537 | + | |
52538 | +config PAX_SOFTMODE | |
52539 | + bool 'Support soft mode' | |
ae4e228f | 52540 | + select PAX_PT_PAX_FLAGS |
58c5fc13 MT |
52541 | + help |
52542 | + Enabling this option will allow you to run PaX in soft mode, that | |
52543 | + is, PaX features will not be enforced by default, only on executables | |
52544 | + marked explicitly. You must also enable PT_PAX_FLAGS support as it | |
52545 | + is the only way to mark executables for soft mode use. | |
52546 | + | |
52547 | + Soft mode can be activated by using the "pax_softmode=1" kernel command | |
52548 | + line option on boot. Furthermore you can control various PaX features | |
52549 | + at runtime via the entries in /proc/sys/kernel/pax. | |
52550 | + | |
52551 | +config PAX_EI_PAX | |
52552 | + bool 'Use legacy ELF header marking' | |
52553 | + help | |
52554 | + Enabling this option will allow you to control PaX features on | |
52555 | + a per executable basis via the 'chpax' utility available at | |
52556 | + http://pax.grsecurity.net/. The control flags will be read from | |
52557 | + an otherwise reserved part of the ELF header. This marking has | |
52558 | + numerous drawbacks (no support for soft-mode, toolchain does not | |
52559 | + know about the non-standard use of the ELF header) therefore it | |
52560 | + has been deprecated in favour of PT_PAX_FLAGS support. | |
52561 | + | |
52562 | + If you have applications not marked by the PT_PAX_FLAGS ELF | |
52563 | + program header then you MUST enable this option otherwise they | |
52564 | + will not get any protection. | |
52565 | + | |
52566 | + Note that if you enable PT_PAX_FLAGS marking support as well, | |
52567 | + the PT_PAX_FLAG marks will override the legacy EI_PAX marks. | |
52568 | + | |
52569 | +config PAX_PT_PAX_FLAGS | |
52570 | + bool 'Use ELF program header marking' | |
52571 | + help | |
52572 | + Enabling this option will allow you to control PaX features on | |
52573 | + a per executable basis via the 'paxctl' utility available at | |
52574 | + http://pax.grsecurity.net/. The control flags will be read from | |
52575 | + a PaX specific ELF program header (PT_PAX_FLAGS). This marking | |
52576 | + has the benefits of supporting both soft mode and being fully | |
52577 | + integrated into the toolchain (the binutils patch is available | |
52578 | + from http://pax.grsecurity.net). | |
52579 | + | |
52580 | + If you have applications not marked by the PT_PAX_FLAGS ELF | |
52581 | + program header then you MUST enable the EI_PAX marking support | |
52582 | + otherwise they will not get any protection. | |
52583 | + | |
52584 | + Note that if you enable the legacy EI_PAX marking support as well, | |
52585 | + the EI_PAX marks will be overridden by the PT_PAX_FLAGS marks. | |
52586 | + | |
52587 | +choice | |
52588 | + prompt 'MAC system integration' | |
52589 | + default PAX_HAVE_ACL_FLAGS | |
52590 | + help | |
52591 | + Mandatory Access Control systems have the option of controlling | |
52592 | + PaX flags on a per executable basis, choose the method supported | |
52593 | + by your particular system. | |
52594 | + | |
52595 | + - "none": if your MAC system does not interact with PaX, | |
52596 | + - "direct": if your MAC system defines pax_set_initial_flags() itself, | |
52597 | + - "hook": if your MAC system uses the pax_set_initial_flags_func callback. | |
52598 | + | |
52599 | + NOTE: this option is for developers/integrators only. | |
52600 | + | |
52601 | + config PAX_NO_ACL_FLAGS | |
52602 | + bool 'none' | |
52603 | + | |
52604 | + config PAX_HAVE_ACL_FLAGS | |
52605 | + bool 'direct' | |
52606 | + | |
52607 | + config PAX_HOOK_ACL_FLAGS | |
52608 | + bool 'hook' | |
52609 | +endchoice | |
52610 | + | |
52611 | +endmenu | |
52612 | + | |
52613 | +menu "Non-executable pages" | |
52614 | + depends on PAX | |
52615 | + | |
52616 | +config PAX_NOEXEC | |
52617 | + bool "Enforce non-executable pages" | |
ae4e228f | 52618 | + depends on (PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS) && (ALPHA || (ARM && (CPU_V6 || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86) |
58c5fc13 MT |
52619 | + help |
52620 | + By design some architectures do not allow for protecting memory | |
52621 | + pages against execution or even if they do, Linux does not make | |
52622 | + use of this feature. In practice this means that if a page is | |
52623 | + readable (such as the stack or heap) it is also executable. | |
52624 | + | |
52625 | + There is a well known exploit technique that makes use of this | |
52626 | + fact and a common programming mistake where an attacker can | |
52627 | + introduce code of his choice somewhere in the attacked program's | |
52628 | + memory (typically the stack or the heap) and then execute it. | |
52629 | + | |
52630 | + If the attacked program was running with different (typically | |
52631 | + higher) privileges than that of the attacker, then he can elevate | |
52632 | + his own privilege level (e.g. get a root shell, write to files for | |
52633 | + which he does not have write access to, etc). | |
52634 | + | |
52635 | + Enabling this option will let you choose from various features | |
52636 | + that prevent the injection and execution of 'foreign' code in | |
52637 | + a program. | |
52638 | + | |
52639 | + This will also break programs that rely on the old behaviour and | |
52640 | + expect that dynamically allocated memory via the malloc() family | |
52641 | + of functions is executable (which it is not). Notable examples | |
52642 | + are the XFree86 4.x server, the java runtime and wine. | |
52643 | + | |
52644 | +config PAX_PAGEEXEC | |
52645 | + bool "Paging based non-executable pages" | |
52646 | + depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7) | |
ae4e228f MT |
52647 | + select S390_SWITCH_AMODE if S390 |
52648 | + select S390_EXEC_PROTECT if S390 | |
58c5fc13 MT |
52649 | + help |
52650 | + This implementation is based on the paging feature of the CPU. | |
52651 | + On i386 without hardware non-executable bit support there is a | |
52652 | + variable but usually low performance impact, however on Intel's | |
52653 | + P4 core based CPUs it is very high so you should not enable this | |
52654 | + for kernels meant to be used on such CPUs. | |
52655 | + | |
52656 | + On alpha, avr32, ia64, parisc, sparc, sparc64, x86_64 and i386 | |
52657 | + with hardware non-executable bit support there is no performance | |
52658 | + impact, on ppc the impact is negligible. | |
52659 | + | |
52660 | + Note that several architectures require various emulations due to | |
52661 | + badly designed userland ABIs, this will cause a performance impact | |
52662 | + but will disappear as soon as userland is fixed. For example, ppc | |
52663 | + userland MUST have been built with secure-plt by a recent toolchain. | |
52664 | + | |
52665 | +config PAX_SEGMEXEC | |
52666 | + bool "Segmentation based non-executable pages" | |
52667 | + depends on PAX_NOEXEC && X86_32 | |
52668 | + help | |
52669 | + This implementation is based on the segmentation feature of the | |
52670 | + CPU and has a very small performance impact, however applications | |
52671 | + will be limited to a 1.5 GB address space instead of the normal | |
52672 | + 3 GB. | |
52673 | + | |
52674 | +config PAX_EMUTRAMP | |
52675 | + bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) | |
52676 | + default y if PARISC | |
52677 | + help | |
52678 | + There are some programs and libraries that for one reason or | |
52679 | + another attempt to execute special small code snippets from | |
52680 | + non-executable memory pages. Most notable examples are the | |
52681 | + signal handler return code generated by the kernel itself and | |
52682 | + the GCC trampolines. | |
52683 | + | |
52684 | + If you enabled CONFIG_PAX_PAGEEXEC or CONFIG_PAX_SEGMEXEC then | |
52685 | + such programs will no longer work under your kernel. | |
52686 | + | |
52687 | + As a remedy you can say Y here and use the 'chpax' or 'paxctl' | |
52688 | + utilities to enable trampoline emulation for the affected programs | |
52689 | + yet still have the protection provided by the non-executable pages. | |
52690 | + | |
52691 | + On parisc you MUST enable this option and EMUSIGRT as well, otherwise | |
52692 | + your system will not even boot. | |
52693 | + | |
52694 | + Alternatively you can say N here and use the 'chpax' or 'paxctl' | |
52695 | + utilities to disable CONFIG_PAX_PAGEEXEC and CONFIG_PAX_SEGMEXEC | |
52696 | + for the affected files. | |
52697 | + | |
52698 | + NOTE: enabling this feature *may* open up a loophole in the | |
52699 | + protection provided by non-executable pages that an attacker | |
52700 | + could abuse. Therefore the best solution is to not have any | |
52701 | + files on your system that would require this option. This can | |
52702 | + be achieved by not using libc5 (which relies on the kernel | |
52703 | + signal handler return code) and not using or rewriting programs | |
52704 | + that make use of the nested function implementation of GCC. | |
52705 | + Skilled users can just fix GCC itself so that it implements | |
52706 | + nested function calls in a way that does not interfere with PaX. | |
52707 | + | |
52708 | +config PAX_EMUSIGRT | |
52709 | + bool "Automatically emulate sigreturn trampolines" | |
52710 | + depends on PAX_EMUTRAMP && PARISC | |
52711 | + default y | |
52712 | + help | |
52713 | + Enabling this option will have the kernel automatically detect | |
52714 | + and emulate signal return trampolines executing on the stack | |
52715 | + that would otherwise lead to task termination. | |
52716 | + | |
52717 | + This solution is intended as a temporary one for users with | |
52718 | + legacy versions of libc (libc5, glibc 2.0, uClibc before 0.9.17, | |
52719 | + Modula-3 runtime, etc) or executables linked to such, basically | |
52720 | + everything that does not specify its own SA_RESTORER function in | |
52721 | + normal executable memory like glibc 2.1+ does. | |
52722 | + | |
52723 | + On parisc you MUST enable this option, otherwise your system will | |
52724 | + not even boot. | |
52725 | + | |
52726 | + NOTE: this feature cannot be disabled on a per executable basis | |
52727 | + and since it *does* open up a loophole in the protection provided | |
52728 | + by non-executable pages, the best solution is to not have any | |
52729 | + files on your system that would require this option. | |
52730 | + | |
52731 | +config PAX_MPROTECT | |
52732 | + bool "Restrict mprotect()" | |
52733 | + depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) | |
52734 | + help | |
52735 | + Enabling this option will prevent programs from | |
52736 | + - changing the executable status of memory pages that were | |
52737 | + not originally created as executable, | |
52738 | + - making read-only executable pages writable again, | |
52739 | + - creating executable pages from anonymous memory. | |
52740 | + | |
52741 | + You should say Y here to complete the protection provided by | |
52742 | + the enforcement of non-executable pages. | |
52743 | + | |
52744 | + NOTE: you can use the 'chpax' or 'paxctl' utilities to control | |
52745 | + this feature on a per file basis. | |
52746 | + | |
52747 | +config PAX_NOELFRELOCS | |
52748 | + bool "Disallow ELF text relocations" | |
52749 | + depends on PAX_MPROTECT && !PAX_ETEXECRELOCS && (IA64 || PPC || X86) | |
52750 | + help | |
52751 | + Non-executable pages and mprotect() restrictions are effective | |
52752 | + in preventing the introduction of new executable code into an | |
52753 | + attacked task's address space. There remain only two venues | |
52754 | + for this kind of attack: if the attacker can execute already | |
52755 | + existing code in the attacked task then he can either have it | |
52756 | + create and mmap() a file containing his code or have it mmap() | |
52757 | + an already existing ELF library that does not have position | |
52758 | + independent code in it and use mprotect() on it to make it | |
52759 | + writable and copy his code there. While protecting against | |
52760 | + the former approach is beyond PaX, the latter can be prevented | |
52761 | + by having only PIC ELF libraries on one's system (which do not | |
52762 | + need to relocate their code). If you are sure this is your case, | |
52763 | + then enable this option otherwise be careful as you may not even | |
52764 | + be able to boot or log on your system (for example, some PAM | |
52765 | + modules are erroneously compiled as non-PIC by default). | |
52766 | + | |
52767 | + NOTE: if you are using dynamic ELF executables (as suggested | |
52768 | + when using ASLR) then you must have made sure that you linked | |
52769 | + your files using the PIC version of crt1 (the et_dyn.tar.gz package | |
52770 | + referenced there has already been updated to support this). | |
52771 | + | |
52772 | +config PAX_ETEXECRELOCS | |
52773 | + bool "Allow ELF ET_EXEC text relocations" | |
52774 | + depends on PAX_MPROTECT && (ALPHA || IA64 || PARISC) | |
52775 | + default y | |
52776 | + help | |
52777 | + On some architectures there are incorrectly created applications | |
52778 | + that require text relocations and would not work without enabling | |
52779 | + this option. If you are an alpha, ia64 or parisc user, you should | |
52780 | + enable this option and disable it once you have made sure that | |
52781 | + none of your applications need it. | |
52782 | + | |
52783 | +config PAX_EMUPLT | |
52784 | + bool "Automatically emulate ELF PLT" | |
ae4e228f | 52785 | + depends on PAX_MPROTECT && (ALPHA || PARISC || SPARC) |
58c5fc13 MT |
52786 | + default y |
52787 | + help | |
52788 | + Enabling this option will have the kernel automatically detect | |
52789 | + and emulate the Procedure Linkage Table entries in ELF files. | |
52790 | + On some architectures such entries are in writable memory, and | |
52791 | + become non-executable leading to task termination. Therefore | |
52792 | + it is mandatory that you enable this option on alpha, parisc, | |
52793 | + sparc and sparc64, otherwise your system would not even boot. | |
52794 | + | |
52795 | + NOTE: this feature *does* open up a loophole in the protection | |
52796 | + provided by the non-executable pages, therefore the proper | |
52797 | + solution is to modify the toolchain to produce a PLT that does | |
52798 | + not need to be writable. | |
52799 | + | |
52800 | +config PAX_DLRESOLVE | |
52801 | + bool 'Emulate old glibc resolver stub' | |
ae4e228f | 52802 | + depends on PAX_EMUPLT && SPARC |
58c5fc13 MT |
52803 | + default n |
52804 | + help | |
52805 | + This option is needed if userland has an old glibc (before 2.4) | |
52806 | + that puts a 'save' instruction into the runtime generated resolver | |
52807 | + stub that needs special emulation. | |
52808 | + | |
52809 | +config PAX_KERNEXEC | |
52810 | + bool "Enforce non-executable kernel pages" | |
ae4e228f | 52811 | + depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN |
58c5fc13 MT |
52812 | + help |
52813 | + This is the kernel land equivalent of PAGEEXEC and MPROTECT, | |
52814 | + that is, enabling this option will make it harder to inject | |
52815 | + and execute 'foreign' code in kernel memory itself. | |
52816 | + | |
ae4e228f MT |
52817 | +config PAX_KERNEXEC_MODULE_TEXT |
52818 | + int "Minimum amount of memory reserved for module code" | |
52819 | + default "4" | |
52820 | + depends on PAX_KERNEXEC && X86_32 && MODULES | |
52821 | + help | |
52822 | + Due to implementation details the kernel must reserve a fixed | |
52823 | + amount of memory for module code at compile time that cannot be | |
52824 | + changed at runtime. Here you can specify the minimum amount | |
52825 | + in MB that will be reserved. Due to the same implementation | |
52826 | + details this size will always be rounded up to the next 2/4 MB | |
52827 | + boundary (depends on PAE) so the actually available memory for | |
52828 | + module code will usually be more than this minimum. | |
52829 | + | |
52830 | + The default 4 MB should be enough for most users but if you have | |
52831 | + an excessive number of modules (e.g., most distribution configs | |
52832 | + compile many drivers as modules) or use huge modules such as | |
52833 | + nvidia's kernel driver, you will need to adjust this amount. | |
52834 | + A good rule of thumb is to look at your currently loaded kernel | |
52835 | + modules and add up their sizes. | |
52836 | + | |
58c5fc13 MT |
52837 | +endmenu |
52838 | + | |
52839 | +menu "Address Space Layout Randomization" | |
52840 | + depends on PAX | |
52841 | + | |
52842 | +config PAX_ASLR | |
52843 | + bool "Address Space Layout Randomization" | |
52844 | + depends on PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS | |
52845 | + help | |
52846 | + Many if not most exploit techniques rely on the knowledge of | |
52847 | + certain addresses in the attacked program. The following options | |
52848 | + will allow the kernel to apply a certain amount of randomization | |
52849 | + to specific parts of the program thereby forcing an attacker to | |
52850 | + guess them in most cases. Any failed guess will most likely crash | |
52851 | + the attacked program which allows the kernel to detect such attempts | |
52852 | + and react on them. PaX itself provides no reaction mechanisms, | |
52853 | + instead it is strongly encouraged that you make use of Nergal's | |
52854 | + segvguard (ftp://ftp.pl.openwall.com/misc/segvguard/) or grsecurity's | |
52855 | + (http://www.grsecurity.net/) built-in crash detection features or | |
52856 | + develop one yourself. | |
52857 | + | |
52858 | + By saying Y here you can choose to randomize the following areas: | |
52859 | + - top of the task's kernel stack | |
52860 | + - top of the task's userland stack | |
52861 | + - base address for mmap() requests that do not specify one | |
52862 | + (this includes all libraries) | |
52863 | + - base address of the main executable | |
52864 | + | |
52865 | + It is strongly recommended to say Y here as address space layout | |
52866 | + randomization has negligible impact on performance yet it provides | |
52867 | + a very effective protection. | |
52868 | + | |
52869 | + NOTE: you can use the 'chpax' or 'paxctl' utilities to control | |
52870 | + this feature on a per file basis. | |
52871 | + | |
52872 | +config PAX_RANDKSTACK | |
52873 | + bool "Randomize kernel stack base" | |
52874 | + depends on PAX_ASLR && X86_TSC && X86_32 | |
52875 | + help | |
52876 | + By saying Y here the kernel will randomize every task's kernel | |
52877 | + stack on every system call. This will not only force an attacker | |
52878 | + to guess it but also prevent him from making use of possible | |
52879 | + leaked information about it. | |
52880 | + | |
52881 | + Since the kernel stack is a rather scarce resource, randomization | |
52882 | + may cause unexpected stack overflows, therefore you should very | |
52883 | + carefully test your system. Note that once enabled in the kernel | |
52884 | + configuration, this feature cannot be disabled on a per file basis. | |
52885 | + | |
52886 | +config PAX_RANDUSTACK | |
52887 | + bool "Randomize user stack base" | |
52888 | + depends on PAX_ASLR | |
52889 | + help | |
52890 | + By saying Y here the kernel will randomize every task's userland | |
52891 | + stack. The randomization is done in two steps where the second | |
52892 | + one may apply a big amount of shift to the top of the stack and | |
52893 | + cause problems for programs that want to use lots of memory (more | |
52894 | + than 2.5 GB if SEGMEXEC is not active, or 1.25 GB when it is). | |
52895 | + For this reason the second step can be controlled by 'chpax' or | |
52896 | + 'paxctl' on a per file basis. | |
52897 | + | |
52898 | +config PAX_RANDMMAP | |
52899 | + bool "Randomize mmap() base" | |
52900 | + depends on PAX_ASLR | |
52901 | + help | |
52902 | + By saying Y here the kernel will use a randomized base address for | |
52903 | + mmap() requests that do not specify one themselves. As a result | |
52904 | + all dynamically loaded libraries will appear at random addresses | |
52905 | + and therefore be harder to exploit by a technique where an attacker | |
52906 | + attempts to execute library code for his purposes (e.g. spawn a | |
52907 | + shell from an exploited program that is running at an elevated | |
52908 | + privilege level). | |
52909 | + | |
52910 | + Furthermore, if a program is relinked as a dynamic ELF file, its | |
52911 | + base address will be randomized as well, completing the full | |
52912 | + randomization of the address space layout. Attacking such programs | |
52913 | + becomes a guess game. You can find an example of doing this at | |
52914 | + http://pax.grsecurity.net/et_dyn.tar.gz and practical samples at | |
52915 | + http://www.grsecurity.net/grsec-gcc-specs.tar.gz . | |
52916 | + | |
52917 | + NOTE: you can use the 'chpax' or 'paxctl' utilities to control this | |
52918 | + feature on a per file basis. | |
52919 | + | |
52920 | +endmenu | |
52921 | + | |
52922 | +menu "Miscellaneous hardening features" | |
52923 | + | |
52924 | +config PAX_MEMORY_SANITIZE | |
52925 | + bool "Sanitize all freed memory" | |
52926 | + help | |
52927 | + By saying Y here the kernel will erase memory pages as soon as they | |
52928 | + are freed. This in turn reduces the lifetime of data stored in the | |
52929 | + pages, making it less likely that sensitive information such as | |
52930 | + passwords, cryptographic secrets, etc stay in memory for too long. | |
52931 | + | |
52932 | + This is especially useful for programs whose runtime is short, long | |
52933 | + lived processes and the kernel itself benefit from this as long as | |
52934 | + they operate on whole memory pages and ensure timely freeing of pages | |
52935 | + that may hold sensitive information. | |
52936 | + | |
52937 | + The tradeoff is performance impact, on a single CPU system kernel | |
52938 | + compilation sees a 3% slowdown, other systems and workloads may vary | |
52939 | + and you are advised to test this feature on your expected workload | |
52940 | + before deploying it. | |
52941 | + | |
52942 | + Note that this feature does not protect data stored in live pages, | |
52943 | + e.g., process memory swapped to disk may stay there for a long time. | |
52944 | + | |
52945 | +config PAX_MEMORY_UDEREF | |
52946 | + bool "Prevent invalid userland pointer dereference" | |
ae4e228f | 52947 | + depends on X86_32 && !UML_X86 && !XEN |
58c5fc13 MT |
52948 | + help |
52949 | + By saying Y here the kernel will be prevented from dereferencing | |
52950 | + userland pointers in contexts where the kernel expects only kernel | |
52951 | + pointers. This is both a useful runtime debugging feature and a | |
52952 | + security measure that prevents exploiting a class of kernel bugs. | |
52953 | + | |
52954 | + The tradeoff is that some virtualization solutions may experience | |
52955 | + a huge slowdown and therefore you should not enable this feature | |
52956 | + for kernels meant to run in such environments. Whether a given VM | |
52957 | + solution is affected or not is best determined by simply trying it | |
52958 | + out, the performance impact will be obvious right on boot as this | |
52959 | + mechanism engages from very early on. A good rule of thumb is that | |
52960 | + VMs running on CPUs without hardware virtualization support (i.e., | |
52961 | + the majority of IA-32 CPUs) will likely experience the slowdown. | |
52962 | + | |
52963 | +config PAX_REFCOUNT | |
52964 | + bool "Prevent various kernel object reference counter overflows" | |
52965 | + depends on GRKERNSEC && (X86 || SPARC64) | |
52966 | + help | |
52967 | + By saying Y here the kernel will detect and prevent overflowing | |
52968 | + various (but not all) kinds of object reference counters. Such | |
52969 | + overflows can normally occur due to bugs only and are often, if | |
52970 | + not always, exploitable. | |
52971 | + | |
52972 | + The tradeoff is that data structures protected by an overflowed | |
52973 | + refcount will never be freed and therefore will leak memory. Note | |
52974 | + that this leak also happens even without this protection but in | |
52975 | + that case the overflow can eventually trigger the freeing of the | |
52976 | + data structure while it is still being used elsewhere, resulting | |
52977 | + in the exploitable situation that this feature prevents. | |
52978 | + | |
52979 | + Since this has a negligible performance impact, you should enable | |
52980 | + this feature. | |
52981 | + | |
52982 | +config PAX_USERCOPY | |
52983 | + bool "Bounds check heap object copies between kernel and userland" | |
ae4e228f | 52984 | + depends on X86 || PPC || SPARC |
58c5fc13 MT |
52985 | + depends on GRKERNSEC && (SLAB || SLUB || SLOB) |
52986 | + help | |
52987 | + By saying Y here the kernel will enforce the size of heap objects | |
52988 | + when they are copied in either direction between the kernel and | |
52989 | + userland, even if only a part of the heap object is copied. | |
52990 | + | |
52991 | + Specifically, this checking prevents information leaking from the | |
52992 | + kernel heap during kernel to userland copies (if the kernel heap | |
52993 | + object is otherwise fully initialized) and prevents kernel heap | |
52994 | + overflows during userland to kernel copies. | |
52995 | + | |
52996 | + Note that the current implementation provides the strictest checks | |
52997 | + for the SLUB allocator. | |
52998 | + | |
52999 | + Since this has a negligible performance impact, you should enable | |
53000 | + this feature. | |
53001 | +endmenu | |
53002 | + | |
53003 | +endmenu | |
53004 | + | |
53005 | config KEYS | |
53006 | bool "Enable access key retention support" | |
53007 | help | |
ae4e228f MT |
53008 | @@ -124,7 +606,7 @@ config INTEL_TXT |
53009 | config LSM_MMAP_MIN_ADDR | |
53010 | int "Low address space for LSM to protect from user allocation" | |
53011 | depends on SECURITY && SECURITY_SELINUX | |
53012 | - default 65536 | |
53013 | + default 32768 | |
53014 | help | |
53015 | This is the portion of low virtual memory which should be protected | |
53016 | from userspace allocation. Keeping a user from writing to low pages | |
53017 | diff -urNp linux-2.6.33.1/security/min_addr.c linux-2.6.33.1/security/min_addr.c | |
53018 | --- linux-2.6.33.1/security/min_addr.c 2010-03-15 12:09:39.000000000 -0400 | |
53019 | +++ linux-2.6.33.1/security/min_addr.c 2010-03-20 16:58:42.348544513 -0400 | |
58c5fc13 MT |
53020 | @@ -14,6 +14,7 @@ unsigned long dac_mmap_min_addr = CONFIG |
53021 | */ | |
53022 | static void update_mmap_min_addr(void) | |
53023 | { | |
53024 | +#ifndef SPARC | |
53025 | #ifdef CONFIG_LSM_MMAP_MIN_ADDR | |
53026 | if (dac_mmap_min_addr > CONFIG_LSM_MMAP_MIN_ADDR) | |
53027 | mmap_min_addr = dac_mmap_min_addr; | |
53028 | @@ -22,6 +23,7 @@ static void update_mmap_min_addr(void) | |
53029 | #else | |
53030 | mmap_min_addr = dac_mmap_min_addr; | |
53031 | #endif | |
53032 | +#endif | |
53033 | } | |
53034 | ||
53035 | /* | |
ae4e228f MT |
53036 | diff -urNp linux-2.6.33.1/sound/aoa/codecs/onyx.c linux-2.6.33.1/sound/aoa/codecs/onyx.c |
53037 | --- linux-2.6.33.1/sound/aoa/codecs/onyx.c 2010-03-15 12:09:39.000000000 -0400 | |
53038 | +++ linux-2.6.33.1/sound/aoa/codecs/onyx.c 2010-03-20 16:58:42.365465627 -0400 | |
58c5fc13 MT |
53039 | @@ -53,7 +53,7 @@ struct onyx { |
53040 | spdif_locked:1, | |
53041 | analog_locked:1, | |
53042 | original_mute:2; | |
53043 | - int open_count; | |
53044 | + atomic_t open_count; | |
53045 | struct codec_info *codec_info; | |
53046 | ||
53047 | /* mutex serializes concurrent access to the device | |
53048 | @@ -752,7 +752,7 @@ static int onyx_open(struct codec_info_i | |
53049 | struct onyx *onyx = cii->codec_data; | |
53050 | ||
53051 | mutex_lock(&onyx->mutex); | |
53052 | - onyx->open_count++; | |
53053 | + atomic_inc(&onyx->open_count); | |
53054 | mutex_unlock(&onyx->mutex); | |
53055 | ||
53056 | return 0; | |
53057 | @@ -764,8 +764,7 @@ static int onyx_close(struct codec_info_ | |
53058 | struct onyx *onyx = cii->codec_data; | |
53059 | ||
53060 | mutex_lock(&onyx->mutex); | |
53061 | - onyx->open_count--; | |
53062 | - if (!onyx->open_count) | |
53063 | + if (atomic_dec_and_test(&onyx->open_count)) | |
53064 | onyx->spdif_locked = onyx->analog_locked = 0; | |
53065 | mutex_unlock(&onyx->mutex); | |
53066 | ||
ae4e228f MT |
53067 | diff -urNp linux-2.6.33.1/sound/core/oss/pcm_oss.c linux-2.6.33.1/sound/core/oss/pcm_oss.c |
53068 | --- linux-2.6.33.1/sound/core/oss/pcm_oss.c 2010-03-15 12:09:39.000000000 -0400 | |
53069 | +++ linux-2.6.33.1/sound/core/oss/pcm_oss.c 2010-03-20 16:58:42.372956563 -0400 | |
53070 | @@ -2949,8 +2949,8 @@ static void snd_pcm_oss_proc_done(struct | |
58c5fc13 MT |
53071 | } |
53072 | } | |
53073 | #else /* !CONFIG_SND_VERBOSE_PROCFS */ | |
53074 | -#define snd_pcm_oss_proc_init(pcm) | |
53075 | -#define snd_pcm_oss_proc_done(pcm) | |
53076 | +#define snd_pcm_oss_proc_init(pcm) do {} while (0) | |
53077 | +#define snd_pcm_oss_proc_done(pcm) do {} while (0) | |
53078 | #endif /* CONFIG_SND_VERBOSE_PROCFS */ | |
53079 | ||
53080 | /* | |
ae4e228f MT |
53081 | diff -urNp linux-2.6.33.1/sound/core/seq/seq_lock.h linux-2.6.33.1/sound/core/seq/seq_lock.h |
53082 | --- linux-2.6.33.1/sound/core/seq/seq_lock.h 2010-03-15 12:09:39.000000000 -0400 | |
53083 | +++ linux-2.6.33.1/sound/core/seq/seq_lock.h 2010-03-20 16:58:42.376941145 -0400 | |
58c5fc13 MT |
53084 | @@ -23,10 +23,10 @@ void snd_use_lock_sync_helper(snd_use_lo |
53085 | #else /* SMP || CONFIG_SND_DEBUG */ | |
53086 | ||
53087 | typedef spinlock_t snd_use_lock_t; /* dummy */ | |
53088 | -#define snd_use_lock_init(lockp) /**/ | |
53089 | -#define snd_use_lock_use(lockp) /**/ | |
53090 | -#define snd_use_lock_free(lockp) /**/ | |
53091 | -#define snd_use_lock_sync(lockp) /**/ | |
53092 | +#define snd_use_lock_init(lockp) do {} while (0) | |
53093 | +#define snd_use_lock_use(lockp) do {} while (0) | |
53094 | +#define snd_use_lock_free(lockp) do {} while (0) | |
53095 | +#define snd_use_lock_sync(lockp) do {} while (0) | |
53096 | ||
53097 | #endif /* SMP || CONFIG_SND_DEBUG */ | |
53098 | ||
ae4e228f MT |
53099 | diff -urNp linux-2.6.33.1/sound/drivers/mts64.c linux-2.6.33.1/sound/drivers/mts64.c |
53100 | --- linux-2.6.33.1/sound/drivers/mts64.c 2010-03-15 12:09:39.000000000 -0400 | |
53101 | +++ linux-2.6.33.1/sound/drivers/mts64.c 2010-03-20 16:58:42.380965540 -0400 | |
58c5fc13 MT |
53102 | @@ -65,7 +65,7 @@ struct mts64 { |
53103 | struct pardevice *pardev; | |
53104 | int pardev_claimed; | |
53105 | ||
53106 | - int open_count; | |
53107 | + atomic_t open_count; | |
53108 | int current_midi_output_port; | |
53109 | int current_midi_input_port; | |
53110 | u8 mode[MTS64_NUM_INPUT_PORTS]; | |
53111 | @@ -695,7 +695,7 @@ static int snd_mts64_rawmidi_open(struct | |
53112 | { | |
53113 | struct mts64 *mts = substream->rmidi->private_data; | |
53114 | ||
53115 | - if (mts->open_count == 0) { | |
53116 | + if (atomic_read(&mts->open_count) == 0) { | |
53117 | /* We don't need a spinlock here, because this is just called | |
53118 | if the device has not been opened before. | |
53119 | So there aren't any IRQs from the device */ | |
53120 | @@ -703,7 +703,7 @@ static int snd_mts64_rawmidi_open(struct | |
53121 | ||
53122 | msleep(50); | |
53123 | } | |
53124 | - ++(mts->open_count); | |
53125 | + atomic_inc(&mts->open_count); | |
53126 | ||
53127 | return 0; | |
53128 | } | |
53129 | @@ -713,8 +713,7 @@ static int snd_mts64_rawmidi_close(struc | |
53130 | struct mts64 *mts = substream->rmidi->private_data; | |
53131 | unsigned long flags; | |
53132 | ||
53133 | - --(mts->open_count); | |
53134 | - if (mts->open_count == 0) { | |
53135 | + if (atomic_dec_return(&mts->open_count) == 0) { | |
53136 | /* We need the spinlock_irqsave here because we can still | |
53137 | have IRQs at this point */ | |
53138 | spin_lock_irqsave(&mts->lock, flags); | |
53139 | @@ -723,8 +722,8 @@ static int snd_mts64_rawmidi_close(struc | |
53140 | ||
53141 | msleep(500); | |
53142 | ||
53143 | - } else if (mts->open_count < 0) | |
53144 | - mts->open_count = 0; | |
53145 | + } else if (atomic_read(&mts->open_count) < 0) | |
53146 | + atomic_set(&mts->open_count, 0); | |
53147 | ||
53148 | return 0; | |
53149 | } | |
ae4e228f MT |
53150 | diff -urNp linux-2.6.33.1/sound/drivers/portman2x4.c linux-2.6.33.1/sound/drivers/portman2x4.c |
53151 | --- linux-2.6.33.1/sound/drivers/portman2x4.c 2010-03-15 12:09:39.000000000 -0400 | |
53152 | +++ linux-2.6.33.1/sound/drivers/portman2x4.c 2010-03-20 16:58:42.396942474 -0400 | |
58c5fc13 MT |
53153 | @@ -83,7 +83,7 @@ struct portman { |
53154 | struct pardevice *pardev; | |
53155 | int pardev_claimed; | |
53156 | ||
53157 | - int open_count; | |
53158 | + atomic_t open_count; | |
53159 | int mode[PORTMAN_NUM_INPUT_PORTS]; | |
53160 | struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS]; | |
53161 | }; | |
ae4e228f MT |
53162 | diff -urNp linux-2.6.33.1/sound/oss/sb_audio.c linux-2.6.33.1/sound/oss/sb_audio.c |
53163 | --- linux-2.6.33.1/sound/oss/sb_audio.c 2010-03-15 12:09:39.000000000 -0400 | |
53164 | +++ linux-2.6.33.1/sound/oss/sb_audio.c 2010-03-20 16:58:42.404957454 -0400 | |
53165 | @@ -901,7 +901,7 @@ sb16_copy_from_user(int dev, | |
53166 | buf16 = (signed short *)(localbuf + localoffs); | |
53167 | while (c) | |
53168 | { | |
53169 | - locallen = (c >= LBUFCOPYSIZE ? LBUFCOPYSIZE : c); | |
53170 | + locallen = ((unsigned)c >= LBUFCOPYSIZE ? LBUFCOPYSIZE : c); | |
53171 | if (copy_from_user(lbuf8, | |
53172 | userbuf+useroffs + p, | |
53173 | locallen)) | |
53174 | diff -urNp linux-2.6.33.1/sound/pci/ac97/ac97_codec.c linux-2.6.33.1/sound/pci/ac97/ac97_codec.c | |
53175 | --- linux-2.6.33.1/sound/pci/ac97/ac97_codec.c 2010-03-15 12:09:39.000000000 -0400 | |
53176 | +++ linux-2.6.33.1/sound/pci/ac97/ac97_codec.c 2010-03-20 16:58:42.416962707 -0400 | |
53177 | @@ -1962,7 +1962,7 @@ static int snd_ac97_dev_disconnect(struc | |
53178 | } | |
53179 | ||
53180 | /* build_ops to do nothing */ | |
53181 | -static struct snd_ac97_build_ops null_build_ops; | |
53182 | +static const struct snd_ac97_build_ops null_build_ops; | |
53183 | ||
53184 | #ifdef CONFIG_SND_AC97_POWER_SAVE | |
53185 | static void do_update_power(struct work_struct *work) | |
53186 | diff -urNp linux-2.6.33.1/sound/pci/ac97/ac97_patch.c linux-2.6.33.1/sound/pci/ac97/ac97_patch.c | |
53187 | --- linux-2.6.33.1/sound/pci/ac97/ac97_patch.c 2010-03-15 12:09:39.000000000 -0400 | |
53188 | +++ linux-2.6.33.1/sound/pci/ac97/ac97_patch.c 2010-03-20 16:58:42.440672764 -0400 | |
53189 | @@ -371,7 +371,7 @@ static int patch_yamaha_ymf743_build_spd | |
53190 | return 0; | |
53191 | } | |
53192 | ||
53193 | -static struct snd_ac97_build_ops patch_yamaha_ymf743_ops = { | |
53194 | +static const struct snd_ac97_build_ops patch_yamaha_ymf743_ops = { | |
53195 | .build_spdif = patch_yamaha_ymf743_build_spdif, | |
53196 | .build_3d = patch_yamaha_ymf7x3_3d, | |
53197 | }; | |
53198 | @@ -455,7 +455,7 @@ static int patch_yamaha_ymf753_post_spdi | |
53199 | return 0; | |
53200 | } | |
53201 | ||
53202 | -static struct snd_ac97_build_ops patch_yamaha_ymf753_ops = { | |
53203 | +static const struct snd_ac97_build_ops patch_yamaha_ymf753_ops = { | |
53204 | .build_3d = patch_yamaha_ymf7x3_3d, | |
53205 | .build_post_spdif = patch_yamaha_ymf753_post_spdif | |
53206 | }; | |
53207 | @@ -502,7 +502,7 @@ static int patch_wolfson_wm9703_specific | |
53208 | return 0; | |
53209 | } | |
53210 | ||
53211 | -static struct snd_ac97_build_ops patch_wolfson_wm9703_ops = { | |
53212 | +static const struct snd_ac97_build_ops patch_wolfson_wm9703_ops = { | |
53213 | .build_specific = patch_wolfson_wm9703_specific, | |
53214 | }; | |
53215 | ||
53216 | @@ -533,7 +533,7 @@ static int patch_wolfson_wm9704_specific | |
53217 | return 0; | |
53218 | } | |
53219 | ||
53220 | -static struct snd_ac97_build_ops patch_wolfson_wm9704_ops = { | |
53221 | +static const struct snd_ac97_build_ops patch_wolfson_wm9704_ops = { | |
53222 | .build_specific = patch_wolfson_wm9704_specific, | |
53223 | }; | |
53224 | ||
53225 | @@ -555,7 +555,7 @@ static int patch_wolfson_wm9705_specific | |
53226 | return 0; | |
53227 | } | |
53228 | ||
53229 | -static struct snd_ac97_build_ops patch_wolfson_wm9705_ops = { | |
53230 | +static const struct snd_ac97_build_ops patch_wolfson_wm9705_ops = { | |
53231 | .build_specific = patch_wolfson_wm9705_specific, | |
53232 | }; | |
53233 | ||
53234 | @@ -692,7 +692,7 @@ static int patch_wolfson_wm9711_specific | |
53235 | return 0; | |
53236 | } | |
53237 | ||
53238 | -static struct snd_ac97_build_ops patch_wolfson_wm9711_ops = { | |
53239 | +static const struct snd_ac97_build_ops patch_wolfson_wm9711_ops = { | |
53240 | .build_specific = patch_wolfson_wm9711_specific, | |
53241 | }; | |
53242 | ||
53243 | @@ -886,7 +886,7 @@ static void patch_wolfson_wm9713_resume | |
53244 | } | |
53245 | #endif | |
53246 | ||
53247 | -static struct snd_ac97_build_ops patch_wolfson_wm9713_ops = { | |
53248 | +static const struct snd_ac97_build_ops patch_wolfson_wm9713_ops = { | |
53249 | .build_specific = patch_wolfson_wm9713_specific, | |
53250 | .build_3d = patch_wolfson_wm9713_3d, | |
53251 | #ifdef CONFIG_PM | |
53252 | @@ -991,7 +991,7 @@ static int patch_sigmatel_stac97xx_speci | |
53253 | return 0; | |
53254 | } | |
53255 | ||
53256 | -static struct snd_ac97_build_ops patch_sigmatel_stac9700_ops = { | |
53257 | +static const struct snd_ac97_build_ops patch_sigmatel_stac9700_ops = { | |
53258 | .build_3d = patch_sigmatel_stac9700_3d, | |
53259 | .build_specific = patch_sigmatel_stac97xx_specific | |
53260 | }; | |
53261 | @@ -1038,7 +1038,7 @@ static int patch_sigmatel_stac9708_speci | |
53262 | return patch_sigmatel_stac97xx_specific(ac97); | |
53263 | } | |
53264 | ||
53265 | -static struct snd_ac97_build_ops patch_sigmatel_stac9708_ops = { | |
53266 | +static const struct snd_ac97_build_ops patch_sigmatel_stac9708_ops = { | |
53267 | .build_3d = patch_sigmatel_stac9708_3d, | |
53268 | .build_specific = patch_sigmatel_stac9708_specific | |
53269 | }; | |
53270 | @@ -1267,7 +1267,7 @@ static int patch_sigmatel_stac9758_speci | |
53271 | return 0; | |
53272 | } | |
53273 | ||
53274 | -static struct snd_ac97_build_ops patch_sigmatel_stac9758_ops = { | |
53275 | +static const struct snd_ac97_build_ops patch_sigmatel_stac9758_ops = { | |
53276 | .build_3d = patch_sigmatel_stac9700_3d, | |
53277 | .build_specific = patch_sigmatel_stac9758_specific | |
53278 | }; | |
53279 | @@ -1342,7 +1342,7 @@ static int patch_cirrus_build_spdif(stru | |
53280 | return 0; | |
53281 | } | |
53282 | ||
53283 | -static struct snd_ac97_build_ops patch_cirrus_ops = { | |
53284 | +static const struct snd_ac97_build_ops patch_cirrus_ops = { | |
53285 | .build_spdif = patch_cirrus_build_spdif | |
53286 | }; | |
53287 | ||
53288 | @@ -1399,7 +1399,7 @@ static int patch_conexant_build_spdif(st | |
53289 | return 0; | |
53290 | } | |
53291 | ||
53292 | -static struct snd_ac97_build_ops patch_conexant_ops = { | |
53293 | +static const struct snd_ac97_build_ops patch_conexant_ops = { | |
53294 | .build_spdif = patch_conexant_build_spdif | |
53295 | }; | |
53296 | ||
58c5fc13 MT |
53297 | @@ -1501,7 +1501,7 @@ static const struct snd_ac97_res_table a |
53298 | { AC97_VIDEO, 0x9f1f }, | |
53299 | { AC97_AUX, 0x9f1f }, | |
53300 | { AC97_PCM, 0x9f1f }, | |
53301 | - { } /* terminator */ | |
53302 | + { 0, 0 } /* terminator */ | |
53303 | }; | |
53304 | ||
53305 | static int patch_ad1819(struct snd_ac97 * ac97) | |
ae4e228f MT |
53306 | @@ -1575,7 +1575,7 @@ static void patch_ad1881_chained(struct |
53307 | } | |
53308 | } | |
53309 | ||
53310 | -static struct snd_ac97_build_ops patch_ad1881_build_ops = { | |
53311 | +static const struct snd_ac97_build_ops patch_ad1881_build_ops = { | |
53312 | #ifdef CONFIG_PM | |
53313 | .resume = ad18xx_resume | |
53314 | #endif | |
53315 | @@ -1662,7 +1662,7 @@ static int patch_ad1885_specific(struct | |
53316 | return 0; | |
53317 | } | |
53318 | ||
53319 | -static struct snd_ac97_build_ops patch_ad1885_build_ops = { | |
53320 | +static const struct snd_ac97_build_ops patch_ad1885_build_ops = { | |
53321 | .build_specific = &patch_ad1885_specific, | |
53322 | #ifdef CONFIG_PM | |
53323 | .resume = ad18xx_resume | |
53324 | @@ -1689,7 +1689,7 @@ static int patch_ad1886_specific(struct | |
53325 | return 0; | |
53326 | } | |
53327 | ||
53328 | -static struct snd_ac97_build_ops patch_ad1886_build_ops = { | |
53329 | +static const struct snd_ac97_build_ops patch_ad1886_build_ops = { | |
53330 | .build_specific = &patch_ad1886_specific, | |
53331 | #ifdef CONFIG_PM | |
53332 | .resume = ad18xx_resume | |
53333 | @@ -1894,7 +1894,7 @@ static int patch_ad1981a_specific(struct | |
53334 | ARRAY_SIZE(snd_ac97_ad1981x_jack_sense)); | |
53335 | } | |
53336 | ||
53337 | -static struct snd_ac97_build_ops patch_ad1981a_build_ops = { | |
53338 | +static const struct snd_ac97_build_ops patch_ad1981a_build_ops = { | |
53339 | .build_post_spdif = patch_ad198x_post_spdif, | |
53340 | .build_specific = patch_ad1981a_specific, | |
53341 | #ifdef CONFIG_PM | |
53342 | @@ -1949,7 +1949,7 @@ static int patch_ad1981b_specific(struct | |
53343 | ARRAY_SIZE(snd_ac97_ad1981x_jack_sense)); | |
53344 | } | |
53345 | ||
53346 | -static struct snd_ac97_build_ops patch_ad1981b_build_ops = { | |
53347 | +static const struct snd_ac97_build_ops patch_ad1981b_build_ops = { | |
53348 | .build_post_spdif = patch_ad198x_post_spdif, | |
53349 | .build_specific = patch_ad1981b_specific, | |
53350 | #ifdef CONFIG_PM | |
53351 | @@ -2088,7 +2088,7 @@ static int patch_ad1888_specific(struct | |
53352 | return patch_build_controls(ac97, snd_ac97_ad1888_controls, ARRAY_SIZE(snd_ac97_ad1888_controls)); | |
53353 | } | |
53354 | ||
53355 | -static struct snd_ac97_build_ops patch_ad1888_build_ops = { | |
53356 | +static const struct snd_ac97_build_ops patch_ad1888_build_ops = { | |
53357 | .build_post_spdif = patch_ad198x_post_spdif, | |
53358 | .build_specific = patch_ad1888_specific, | |
53359 | #ifdef CONFIG_PM | |
53360 | @@ -2137,7 +2137,7 @@ static int patch_ad1980_specific(struct | |
53361 | return patch_build_controls(ac97, &snd_ac97_ad198x_2cmic, 1); | |
53362 | } | |
53363 | ||
53364 | -static struct snd_ac97_build_ops patch_ad1980_build_ops = { | |
53365 | +static const struct snd_ac97_build_ops patch_ad1980_build_ops = { | |
53366 | .build_post_spdif = patch_ad198x_post_spdif, | |
53367 | .build_specific = patch_ad1980_specific, | |
53368 | #ifdef CONFIG_PM | |
53369 | @@ -2252,7 +2252,7 @@ static int patch_ad1985_specific(struct | |
53370 | ARRAY_SIZE(snd_ac97_ad1985_controls)); | |
53371 | } | |
53372 | ||
53373 | -static struct snd_ac97_build_ops patch_ad1985_build_ops = { | |
53374 | +static const struct snd_ac97_build_ops patch_ad1985_build_ops = { | |
53375 | .build_post_spdif = patch_ad198x_post_spdif, | |
53376 | .build_specific = patch_ad1985_specific, | |
53377 | #ifdef CONFIG_PM | |
53378 | @@ -2544,7 +2544,7 @@ static int patch_ad1986_specific(struct | |
53379 | ARRAY_SIZE(snd_ac97_ad1985_controls)); | |
53380 | } | |
53381 | ||
53382 | -static struct snd_ac97_build_ops patch_ad1986_build_ops = { | |
53383 | +static const struct snd_ac97_build_ops patch_ad1986_build_ops = { | |
53384 | .build_post_spdif = patch_ad198x_post_spdif, | |
53385 | .build_specific = patch_ad1986_specific, | |
53386 | #ifdef CONFIG_PM | |
53387 | @@ -2649,7 +2649,7 @@ static int patch_alc650_specific(struct | |
53388 | return 0; | |
53389 | } | |
53390 | ||
53391 | -static struct snd_ac97_build_ops patch_alc650_ops = { | |
53392 | +static const struct snd_ac97_build_ops patch_alc650_ops = { | |
53393 | .build_specific = patch_alc650_specific, | |
53394 | .update_jacks = alc650_update_jacks | |
53395 | }; | |
53396 | @@ -2801,7 +2801,7 @@ static int patch_alc655_specific(struct | |
53397 | return 0; | |
53398 | } | |
53399 | ||
53400 | -static struct snd_ac97_build_ops patch_alc655_ops = { | |
53401 | +static const struct snd_ac97_build_ops patch_alc655_ops = { | |
53402 | .build_specific = patch_alc655_specific, | |
53403 | .update_jacks = alc655_update_jacks | |
53404 | }; | |
53405 | @@ -2913,7 +2913,7 @@ static int patch_alc850_specific(struct | |
53406 | return 0; | |
53407 | } | |
53408 | ||
53409 | -static struct snd_ac97_build_ops patch_alc850_ops = { | |
53410 | +static const struct snd_ac97_build_ops patch_alc850_ops = { | |
53411 | .build_specific = patch_alc850_specific, | |
53412 | .update_jacks = alc850_update_jacks | |
53413 | }; | |
53414 | @@ -2975,7 +2975,7 @@ static int patch_cm9738_specific(struct | |
53415 | return patch_build_controls(ac97, snd_ac97_cm9738_controls, ARRAY_SIZE(snd_ac97_cm9738_controls)); | |
53416 | } | |
53417 | ||
53418 | -static struct snd_ac97_build_ops patch_cm9738_ops = { | |
53419 | +static const struct snd_ac97_build_ops patch_cm9738_ops = { | |
53420 | .build_specific = patch_cm9738_specific, | |
53421 | .update_jacks = cm9738_update_jacks | |
53422 | }; | |
53423 | @@ -3066,7 +3066,7 @@ static int patch_cm9739_post_spdif(struc | |
53424 | return patch_build_controls(ac97, snd_ac97_cm9739_controls_spdif, ARRAY_SIZE(snd_ac97_cm9739_controls_spdif)); | |
53425 | } | |
53426 | ||
53427 | -static struct snd_ac97_build_ops patch_cm9739_ops = { | |
53428 | +static const struct snd_ac97_build_ops patch_cm9739_ops = { | |
53429 | .build_specific = patch_cm9739_specific, | |
53430 | .build_post_spdif = patch_cm9739_post_spdif, | |
53431 | .update_jacks = cm9739_update_jacks | |
53432 | @@ -3240,7 +3240,7 @@ static int patch_cm9761_specific(struct | |
53433 | return patch_build_controls(ac97, snd_ac97_cm9761_controls, ARRAY_SIZE(snd_ac97_cm9761_controls)); | |
53434 | } | |
53435 | ||
53436 | -static struct snd_ac97_build_ops patch_cm9761_ops = { | |
53437 | +static const struct snd_ac97_build_ops patch_cm9761_ops = { | |
53438 | .build_specific = patch_cm9761_specific, | |
53439 | .build_post_spdif = patch_cm9761_post_spdif, | |
53440 | .update_jacks = cm9761_update_jacks | |
53441 | @@ -3336,7 +3336,7 @@ static int patch_cm9780_specific(struct | |
53442 | return patch_build_controls(ac97, cm9780_controls, ARRAY_SIZE(cm9780_controls)); | |
53443 | } | |
53444 | ||
53445 | -static struct snd_ac97_build_ops patch_cm9780_ops = { | |
53446 | +static const struct snd_ac97_build_ops patch_cm9780_ops = { | |
53447 | .build_specific = patch_cm9780_specific, | |
53448 | .build_post_spdif = patch_cm9761_post_spdif /* identical with CM9761 */ | |
53449 | }; | |
53450 | @@ -3456,7 +3456,7 @@ static int patch_vt1616_specific(struct | |
53451 | return 0; | |
53452 | } | |
53453 | ||
53454 | -static struct snd_ac97_build_ops patch_vt1616_ops = { | |
53455 | +static const struct snd_ac97_build_ops patch_vt1616_ops = { | |
53456 | .build_specific = patch_vt1616_specific | |
53457 | }; | |
53458 | ||
53459 | @@ -3810,7 +3810,7 @@ static int patch_it2646_specific(struct | |
53460 | return 0; | |
53461 | } | |
53462 | ||
53463 | -static struct snd_ac97_build_ops patch_it2646_ops = { | |
53464 | +static const struct snd_ac97_build_ops patch_it2646_ops = { | |
53465 | .build_specific = patch_it2646_specific, | |
53466 | .update_jacks = it2646_update_jacks | |
53467 | }; | |
53468 | @@ -3844,7 +3844,7 @@ static int patch_si3036_specific(struct | |
53469 | return 0; | |
53470 | } | |
53471 | ||
53472 | -static struct snd_ac97_build_ops patch_si3036_ops = { | |
53473 | +static const struct snd_ac97_build_ops patch_si3036_ops = { | |
53474 | .build_specific = patch_si3036_specific, | |
53475 | }; | |
53476 | ||
53477 | @@ -3877,7 +3877,7 @@ static struct snd_ac97_res_table lm4550_ | |
58c5fc13 MT |
53478 | { AC97_AUX, 0x1f1f }, |
53479 | { AC97_PCM, 0x1f1f }, | |
53480 | { AC97_REC_GAIN, 0x0f0f }, | |
53481 | - { } /* terminator */ | |
53482 | + { 0, 0 } /* terminator */ | |
53483 | }; | |
53484 | ||
53485 | static int patch_lm4550(struct snd_ac97 *ac97) | |
ae4e228f MT |
53486 | @@ -3911,7 +3911,7 @@ static int patch_ucb1400_specific(struct |
53487 | return 0; | |
53488 | } | |
53489 | ||
53490 | -static struct snd_ac97_build_ops patch_ucb1400_ops = { | |
53491 | +static const struct snd_ac97_build_ops patch_ucb1400_ops = { | |
53492 | .build_specific = patch_ucb1400_specific, | |
53493 | }; | |
53494 | ||
53495 | diff -urNp linux-2.6.33.1/sound/pci/ens1370.c linux-2.6.33.1/sound/pci/ens1370.c | |
53496 | --- linux-2.6.33.1/sound/pci/ens1370.c 2010-03-15 12:09:39.000000000 -0400 | |
53497 | +++ linux-2.6.33.1/sound/pci/ens1370.c 2010-03-20 16:58:42.452959690 -0400 | |
58c5fc13 MT |
53498 | @@ -452,7 +452,7 @@ static struct pci_device_id snd_audiopci |
53499 | { PCI_VDEVICE(ENSONIQ, 0x5880), 0, }, /* ES1373 - CT5880 */ | |
53500 | { PCI_VDEVICE(ECTIVA, 0x8938), 0, }, /* Ectiva EV1938 */ | |
53501 | #endif | |
53502 | - { 0, } | |
53503 | + { 0, 0, 0, 0, 0, 0, 0 } | |
53504 | }; | |
53505 | ||
53506 | MODULE_DEVICE_TABLE(pci, snd_audiopci_ids); | |
ae4e228f MT |
53507 | diff -urNp linux-2.6.33.1/sound/pci/intel8x0.c linux-2.6.33.1/sound/pci/intel8x0.c |
53508 | --- linux-2.6.33.1/sound/pci/intel8x0.c 2010-03-15 12:09:39.000000000 -0400 | |
53509 | +++ linux-2.6.33.1/sound/pci/intel8x0.c 2010-03-20 16:58:42.464956802 -0400 | |
58c5fc13 MT |
53510 | @@ -444,7 +444,7 @@ static struct pci_device_id snd_intel8x0 |
53511 | { PCI_VDEVICE(AMD, 0x746d), DEVICE_INTEL }, /* AMD8111 */ | |
53512 | { PCI_VDEVICE(AMD, 0x7445), DEVICE_INTEL }, /* AMD768 */ | |
53513 | { PCI_VDEVICE(AL, 0x5455), DEVICE_ALI }, /* Ali5455 */ | |
53514 | - { 0, } | |
53515 | + { 0, 0, 0, 0, 0, 0, 0 } | |
53516 | }; | |
53517 | ||
53518 | MODULE_DEVICE_TABLE(pci, snd_intel8x0_ids); | |
ae4e228f | 53519 | @@ -2129,7 +2129,7 @@ static struct ac97_quirk ac97_quirks[] _ |
58c5fc13 MT |
53520 | .type = AC97_TUNE_HP_ONLY |
53521 | }, | |
53522 | #endif | |
53523 | - { } /* terminator */ | |
53524 | + { 0, 0, 0, 0, NULL, 0 } /* terminator */ | |
53525 | }; | |
53526 | ||
53527 | static int __devinit snd_intel8x0_mixer(struct intel8x0 *chip, int ac97_clock, | |
ae4e228f MT |
53528 | diff -urNp linux-2.6.33.1/sound/pci/intel8x0m.c linux-2.6.33.1/sound/pci/intel8x0m.c |
53529 | --- linux-2.6.33.1/sound/pci/intel8x0m.c 2010-03-15 12:09:39.000000000 -0400 | |
53530 | +++ linux-2.6.33.1/sound/pci/intel8x0m.c 2010-03-20 16:58:42.469451186 -0400 | |
58c5fc13 MT |
53531 | @@ -239,7 +239,7 @@ static struct pci_device_id snd_intel8x0 |
53532 | { PCI_VDEVICE(AMD, 0x746d), DEVICE_INTEL }, /* AMD8111 */ | |
53533 | { PCI_VDEVICE(AL, 0x5455), DEVICE_ALI }, /* Ali5455 */ | |
53534 | #endif | |
53535 | - { 0, } | |
53536 | + { 0, 0, 0, 0, 0, 0, 0 } | |
53537 | }; | |
53538 | ||
53539 | MODULE_DEVICE_TABLE(pci, snd_intel8x0m_ids); | |
53540 | @@ -1264,7 +1264,7 @@ static struct shortname_table { | |
53541 | { 0x5455, "ALi M5455" }, | |
53542 | { 0x746d, "AMD AMD8111" }, | |
53543 | #endif | |
53544 | - { 0 }, | |
53545 | + { 0, NULL }, | |
53546 | }; | |
53547 | ||
53548 | static int __devinit snd_intel8x0m_probe(struct pci_dev *pci, | |
ae4e228f MT |
53549 | diff -urNp linux-2.6.33.1/usr/gen_init_cpio.c linux-2.6.33.1/usr/gen_init_cpio.c |
53550 | --- linux-2.6.33.1/usr/gen_init_cpio.c 2010-03-15 12:09:39.000000000 -0400 | |
53551 | +++ linux-2.6.33.1/usr/gen_init_cpio.c 2010-03-20 16:58:42.469451186 -0400 | |
58c5fc13 MT |
53552 | @@ -299,7 +299,7 @@ static int cpio_mkfile(const char *name, |
53553 | int retval; | |
53554 | int rc = -1; | |
53555 | int namesize; | |
53556 | - int i; | |
53557 | + unsigned int i; | |
53558 | ||
53559 | mode |= S_IFREG; | |
53560 | ||
ae4e228f | 53561 | @@ -386,9 +386,10 @@ static char *cpio_replace_env(char *new_ |
58c5fc13 MT |
53562 | *env_var = *expanded = '\0'; |
53563 | strncat(env_var, start + 2, end - start - 2); | |
53564 | strncat(expanded, new_location, start - new_location); | |
53565 | - strncat(expanded, getenv(env_var), PATH_MAX); | |
53566 | - strncat(expanded, end + 1, PATH_MAX); | |
53567 | + strncat(expanded, getenv(env_var), PATH_MAX - strlen(expanded)); | |
53568 | + strncat(expanded, end + 1, PATH_MAX - strlen(expanded)); | |
53569 | strncpy(new_location, expanded, PATH_MAX); | |
53570 | + new_location[PATH_MAX] = 0; | |
53571 | } else | |
53572 | break; | |
53573 | } | |
ae4e228f MT |
53574 | diff -urNp linux-2.6.33.1/virt/kvm/kvm_main.c linux-2.6.33.1/virt/kvm/kvm_main.c |
53575 | --- linux-2.6.33.1/virt/kvm/kvm_main.c 2010-03-15 12:09:39.000000000 -0400 | |
53576 | +++ linux-2.6.33.1/virt/kvm/kvm_main.c 2010-03-20 16:58:42.489458390 -0400 | |
53577 | @@ -1168,6 +1168,7 @@ static int kvm_vcpu_release(struct inode | |
53578 | return 0; | |
53579 | } | |
53580 | ||
53581 | +/* cannot be const */ | |
53582 | static struct file_operations kvm_vcpu_fops = { | |
53583 | .release = kvm_vcpu_release, | |
53584 | .unlocked_ioctl = kvm_vcpu_ioctl, | |
53585 | @@ -1624,6 +1625,7 @@ static int kvm_vm_mmap(struct file *file | |
53586 | return 0; | |
53587 | } | |
53588 | ||
53589 | +/* cannot be const */ | |
53590 | static struct file_operations kvm_vm_fops = { | |
53591 | .release = kvm_vm_release, | |
53592 | .unlocked_ioctl = kvm_vm_ioctl, | |
53593 | @@ -1714,6 +1716,7 @@ out: | |
53594 | return r; | |
53595 | } | |
53596 | ||
53597 | +/* cannot be const */ | |
53598 | static struct file_operations kvm_chardev_ops = { | |
53599 | .unlocked_ioctl = kvm_dev_ioctl, | |
53600 | .compat_ioctl = kvm_dev_ioctl, | |
53601 | @@ -1723,6 +1726,9 @@ static struct miscdevice kvm_dev = { | |
58c5fc13 MT |
53602 | KVM_MINOR, |
53603 | "kvm", | |
53604 | &kvm_chardev_ops, | |
53605 | + {NULL, NULL}, | |
53606 | + NULL, | |
53607 | + NULL | |
53608 | }; | |
53609 | ||
53610 | static void hardware_enable(void *junk) | |
ae4e228f | 53611 | @@ -2050,7 +2056,7 @@ static void kvm_sched_out(struct preempt |
58c5fc13 MT |
53612 | kvm_arch_vcpu_put(vcpu); |
53613 | } | |
53614 | ||
53615 | -int kvm_init(void *opaque, unsigned int vcpu_size, | |
53616 | +int kvm_init(const void *opaque, unsigned int vcpu_size, | |
53617 | struct module *module) | |
53618 | { | |
53619 | int r; |