From e84ca6ddec75daa2179261653e783d23c95c3be8 Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Tue, 12 Jul 2005 17:36:49 -0700 Subject: [PATCH] Add next batch of patches: queue/x86_64-TASK_SIZE-fix.patch queue/tty_ldisc_ref-null-check.patch queue/uml-fix-tt-mode.patch queue/netfilter-conntrack-fix-fix.patch And drop first netfilter connection tracking patch from series. --- queue/netfilter-conntrack-fix-fix.patch | 76 ++++++++ queue/series | 5 +- queue/tty_ldisc_ref-null-check.patch | 52 +++++ queue/uml-fix-tt-mode.patch | 210 ++++++++++++++++++++ queue/x86_64-TASK_SIZE-fix.patch | 243 ++++++++++++++++++++++++ 5 files changed, 585 insertions(+), 1 deletion(-) create mode 100644 queue/netfilter-conntrack-fix-fix.patch create mode 100644 queue/tty_ldisc_ref-null-check.patch create mode 100644 queue/uml-fix-tt-mode.patch create mode 100644 queue/x86_64-TASK_SIZE-fix.patch diff --git a/queue/netfilter-conntrack-fix-fix.patch b/queue/netfilter-conntrack-fix-fix.patch new file mode 100644 index 00000000000..abe7443507c --- /dev/null +++ b/queue/netfilter-conntrack-fix-fix.patch @@ -0,0 +1,76 @@ +From linux-kernel-owner+chrisw=40osdl.org-S261374AbVGLL7s@vger.kernel.org Tue Jul 12 05:04:39 2005 +Date: Tue, 12 Jul 2005 13:58:27 +0200 +From: Patrick McHardy +To: Daniel Drake +CC: linux-kernel@vger.kernel.org, netfilter-devel@lists.netfilter.org +Subject: [PATCH] [NETFILTER]: revert nf_reset change + +[NETFILTER]: Revert nf_reset change + +Revert the nf_reset change that caused so much trouble, drop conntrack +references manually before packets are queued to packet sockets. + +Adapted for 2.6.12 by Daniel Drake + +Signed-off-by: Phil Oester +Signed-off-by: Patrick McHardy +Signed-off-by: Chris Wright +--- + +--- linux-2.6.12/net/ipv4/ip_output.c_orig 2005-07-12 13:42:56.000000000 +0100 ++++ linux-2.6.12/net/ipv4/ip_output.c 2005-07-12 13:46:03.000000000 +0100 +@@ -111,7 +111,6 @@ static int ip_dev_loopback_xmit(struct s + #ifdef CONFIG_NETFILTER_DEBUG + nf_debug_ip_loopback_xmit(newskb); + #endif +- nf_reset(newskb); + netif_rx(newskb); + return 0; + } +@@ -196,8 +195,6 @@ static inline int ip_finish_output2(stru + nf_debug_ip_finish_output2(skb); + #endif /*CONFIG_NETFILTER_DEBUG*/ + +- nf_reset(skb); +- + if (hh) { + int hh_alen; + +--- linux-2.6.12/net/ipv4/netfilter/ip_conntrack_standalone.c_orig 2005-07-12 13:43:16.000000000 +0100 ++++ linux-2.6.12/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-07-12 13:47:44.000000000 +0100 +@@ -432,6 +432,13 @@ static unsigned int ip_conntrack_defrag( + const struct net_device *out, + int (*okfn)(struct sk_buff *)) + { ++#if !defined(CONFIG_IP_NF_NAT) && !defined(CONFIG_IP_NF_NAT_MODULE) ++ /* Previously seen (loopback)? Ignore. Do this before ++ fragment check. */ ++ if ((*pskb)->nfct) ++ return NF_ACCEPT; ++#endif ++ + /* Gather fragments. */ + if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { + *pskb = ip_ct_gather_frags(*pskb, +--- linux-2.6.12/net/packet/af_packet.c_orig 2005-07-12 13:47:38.000000000 +0100 ++++ linux-2.6.12/net/packet/af_packet.c 2005-07-12 13:47:44.000000000 +0100 +@@ -274,6 +274,9 @@ static int packet_rcv_spkt(struct sk_buf + dst_release(skb->dst); + skb->dst = NULL; + ++ /* drop conntrack reference */ ++ nf_reset(skb); ++ + spkt = (struct sockaddr_pkt*)skb->cb; + + skb_push(skb, skb->data-skb->mac.raw); +@@ -517,6 +520,9 @@ static int packet_rcv(struct sk_buff *sk + dst_release(skb->dst); + skb->dst = NULL; + ++ /* drop conntrack reference */ ++ nf_reset(skb); ++ + spin_lock(&sk->sk_receive_queue.lock); + po->stats.tp_packets++; + __skb_queue_tail(&sk->sk_receive_queue, skb); diff --git a/queue/series b/queue/series index 2330176c5c9..bcb95eaa50a 100644 --- a/queue/series +++ b/queue/series @@ -1,4 +1,3 @@ -netfilter-connection-tracking.patch unregister_chrdev_region-semaphore-fix.patch trivial-v4l-cx88-video-hue-offset-fix.patch ppc32-stop-misusing-ntps-time_offset-value.patch @@ -6,3 +5,7 @@ tpm-init-fixes.patch acpi-pci-irq-fix-fix.patch smp-fix-for-6pack.patch shaper-driver-lock-fix.patch +x86_64-TASK_SIZE-fix.patch +tty_ldisc_ref-null-check.patch +uml-fix-tt-mode.patch +netfilter-conntrack-fix-fix.patch diff --git a/queue/tty_ldisc_ref-null-check.patch b/queue/tty_ldisc_ref-null-check.patch new file mode 100644 index 00000000000..a537616274e --- /dev/null +++ b/queue/tty_ldisc_ref-null-check.patch @@ -0,0 +1,52 @@ +From stable-bounces@linux.kernel.org Wed Jun 29 18:12:57 2005 +To: stable@kernel.org +From: akpm@osdl.org +Date: Wed, 29 Jun 2005 18:12:05 -0700 +Cc: akpm@osdl.org, kambarov@berkeley.edu, alan@lxorguk.ukuu.org.uk, + zkambarov@coverity.com +Subject: [patch] coverity: tty_ldisc_ref return null check + +From: KAMBAROV, ZAUR + +We add a check of the return value of tty_ldisc_ref(), which +is checked 7 out of 8 times, e.g.: + +149 ld = tty_ldisc_ref(tty); +150 if (ld != NULL) { +151 if (ld->set_termios) +152 (ld->set_termios)(tty, &old_termios); +153 tty_ldisc_deref(ld); +154 } + +This defect was found automatically by Coverity Prevent, a static analysis +tool. + +(akpm: presumably `ld' is never NULL. Oh well) + +Signed-off-by: Zaur Kambarov +Acked-by: Alan Cox +Signed-off-by: Andrew Morton +Signed-off-by: Chris Wright +--- + + drivers/char/tty_ioctl.c | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff -puN drivers/char/tty_ioctl.c~coverity-tty_ldisc_ref-return-null-check drivers/char/tty_ioctl.c +--- stable/drivers/char/tty_ioctl.c~coverity-tty_ldisc_ref-return-null-check 2005-06-29 18:11:16.000000000 -0700 ++++ stable-akpm/drivers/char/tty_ioctl.c 2005-06-29 18:11:16.000000000 -0700 +@@ -476,11 +476,11 @@ int n_tty_ioctl(struct tty_struct * tty, + ld = tty_ldisc_ref(tty); + switch (arg) { + case TCIFLUSH: +- if (ld->flush_buffer) ++ if (ld && ld->flush_buffer) + ld->flush_buffer(tty); + break; + case TCIOFLUSH: +- if (ld->flush_buffer) ++ if (ld && ld->flush_buffer) + ld->flush_buffer(tty); + /* fall through */ + case TCOFLUSH: +_ diff --git a/queue/uml-fix-tt-mode.patch b/queue/uml-fix-tt-mode.patch new file mode 100644 index 00000000000..9908c0fb6d8 --- /dev/null +++ b/queue/uml-fix-tt-mode.patch @@ -0,0 +1,210 @@ +From stable-bounces@linux.kernel.org Tue Jul 12 10:21:54 2005 +To: stable@kernel.org +From: blaisorblade@yahoo.it +Date: Tue, 12 Jul 2005 19:28:37 +0200 +Cc: jdike@addtoit.com, blaisorblade@yahoo.it, linux-kernel@vger.kernel.org, + user-mode-linux-devel@lists.sourceforge.net +Subject: [patch] uml: fix TT mode by reverting "use fork instead of clone" + +From: Jeff Dike , Paolo 'Blaisorblade' Giarrusso + +Revert the following patch, because of miscompilation problems in different +environments leading to UML not working *at all* in TT mode; it was merged +lately in 2.6 development cycle, a little after being written, and has caused +problems to lots of people; I know it's a bit too long, but it shouldn't have +been merged in first place, so I still apply for inclusion in the -stable +tree. Anyone using this feature currently is either using some older kernel +(some reports even used 2.6.12-rc4-mm2) or using this patch, as included in my +-bs patchset. + +For now there's not yet a fix for this patch, so for now the best thing is to +drop it (which was widely reported to give a working kernel). + +"Convert the boot-time host ptrace testing from clone to fork. They were +essentially doing fork anyway. This cleans up the code a bit, and makes +valgrind a bit happier about grinding it." + +URL: +http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=98fdffccea6cc3fe9dba32c0fcc310bcb5d71529 + +Signed-off-by: Jeff Dike +Signed-off-by: Paolo 'Blaisorblade' Giarrusso +Signed-off-by: Chris Wright +--- + + vanilla-linux-2.6.12-paolo/arch/um/kernel/process.c | 48 ++++++++++++-------- + 1 files changed, 29 insertions(+), 19 deletions(-) + +diff -puN arch/um/kernel/process.c~uml-revert-fork-instead-of-clone arch/um/kernel/process.c +--- vanilla-linux-2.6.12/arch/um/kernel/process.c~uml-revert-fork-instead-of-clone 2005-07-12 18:22:03.000000000 +0200 ++++ vanilla-linux-2.6.12-paolo/arch/um/kernel/process.c 2005-07-12 18:22:03.000000000 +0200 +@@ -130,7 +130,7 @@ int start_fork_tramp(void *thread_arg, u + return(arg.pid); + } + +-static int ptrace_child(void) ++static int ptrace_child(void *arg) + { + int ret; + int pid = os_getpid(), ppid = getppid(); +@@ -159,16 +159,20 @@ static int ptrace_child(void) + _exit(ret); + } + +-static int start_ptraced_child(void) ++static int start_ptraced_child(void **stack_out) + { ++ void *stack; ++ unsigned long sp; + int pid, n, status; + +- pid = fork(); +- if(pid == 0) +- ptrace_child(); +- ++ stack = mmap(NULL, PAGE_SIZE, PROT_READ | PROT_WRITE | PROT_EXEC, ++ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); ++ if(stack == MAP_FAILED) ++ panic("check_ptrace : mmap failed, errno = %d", errno); ++ sp = (unsigned long) stack + PAGE_SIZE - sizeof(void *); ++ pid = clone(ptrace_child, (void *) sp, SIGCHLD, NULL); + if(pid < 0) +- panic("check_ptrace : fork failed, errno = %d", errno); ++ panic("check_ptrace : clone failed, errno = %d", errno); + CATCH_EINTR(n = waitpid(pid, &status, WUNTRACED)); + if(n < 0) + panic("check_ptrace : wait failed, errno = %d", errno); +@@ -176,6 +180,7 @@ static int start_ptraced_child(void) + panic("check_ptrace : expected SIGSTOP, got status = %d", + status); + ++ *stack_out = stack; + return(pid); + } + +@@ -183,12 +188,12 @@ static int start_ptraced_child(void) + * just avoid using sysemu, not panic, but only if SYSEMU features are broken. + * So only for SYSEMU features we test mustpanic, while normal host features + * must work anyway!*/ +-static int stop_ptraced_child(int pid, int exitcode, int mustexit) ++static int stop_ptraced_child(int pid, void *stack, int exitcode, int mustpanic) + { + int status, n, ret = 0; + + if(ptrace(PTRACE_CONT, pid, 0, 0) < 0) +- panic("stop_ptraced_child : ptrace failed, errno = %d", errno); ++ panic("check_ptrace : ptrace failed, errno = %d", errno); + CATCH_EINTR(n = waitpid(pid, &status, 0)); + if(!WIFEXITED(status) || (WEXITSTATUS(status) != exitcode)) { + int exit_with = WEXITSTATUS(status); +@@ -199,13 +204,15 @@ static int stop_ptraced_child(int pid, i + printk("check_ptrace : child exited with exitcode %d, while " + "expecting %d; status 0x%x", exit_with, + exitcode, status); +- if (mustexit) ++ if (mustpanic) + panic("\n"); + else + printk("\n"); + ret = -1; + } + ++ if(munmap(stack, PAGE_SIZE) < 0) ++ panic("check_ptrace : munmap failed, errno = %d", errno); + return ret; + } + +@@ -227,11 +234,12 @@ __uml_setup("nosysemu", nosysemu_cmd_par + + static void __init check_sysemu(void) + { ++ void *stack; + int pid, syscall, n, status, count=0; + + printk("Checking syscall emulation patch for ptrace..."); + sysemu_supported = 0; +- pid = start_ptraced_child(); ++ pid = start_ptraced_child(&stack); + + if(ptrace(PTRACE_SYSEMU, pid, 0, 0) < 0) + goto fail; +@@ -249,7 +257,7 @@ static void __init check_sysemu(void) + panic("check_sysemu : failed to modify system " + "call return, errno = %d", errno); + +- if (stop_ptraced_child(pid, 0, 0) < 0) ++ if (stop_ptraced_child(pid, stack, 0, 0) < 0) + goto fail_stopped; + + sysemu_supported = 1; +@@ -257,7 +265,7 @@ static void __init check_sysemu(void) + set_using_sysemu(!force_sysemu_disabled); + + printk("Checking advanced syscall emulation patch for ptrace..."); +- pid = start_ptraced_child(); ++ pid = start_ptraced_child(&stack); + while(1){ + count++; + if(ptrace(PTRACE_SYSEMU_SINGLESTEP, pid, 0, 0) < 0) +@@ -282,7 +290,7 @@ static void __init check_sysemu(void) + break; + } + } +- if (stop_ptraced_child(pid, 0, 0) < 0) ++ if (stop_ptraced_child(pid, stack, 0, 0) < 0) + goto fail_stopped; + + sysemu_supported = 2; +@@ -293,17 +301,18 @@ static void __init check_sysemu(void) + return; + + fail: +- stop_ptraced_child(pid, 1, 0); ++ stop_ptraced_child(pid, stack, 1, 0); + fail_stopped: + printk("missing\n"); + } + + void __init check_ptrace(void) + { ++ void *stack; + int pid, syscall, n, status; + + printk("Checking that ptrace can change system call numbers..."); +- pid = start_ptraced_child(); ++ pid = start_ptraced_child(&stack); + + if (ptrace(PTRACE_OLDSETOPTIONS, pid, 0, (void *)PTRACE_O_TRACESYSGOOD) < 0) + panic("check_ptrace: PTRACE_SETOPTIONS failed, errno = %d", errno); +@@ -330,7 +339,7 @@ void __init check_ptrace(void) + break; + } + } +- stop_ptraced_child(pid, 0, 1); ++ stop_ptraced_child(pid, stack, 0, 1); + printk("OK\n"); + check_sysemu(); + } +@@ -362,10 +371,11 @@ void forward_pending_sigio(int target) + static inline int check_skas3_ptrace_support(void) + { + struct ptrace_faultinfo fi; ++ void *stack; + int pid, n, ret = 1; + + printf("Checking for the skas3 patch in the host..."); +- pid = start_ptraced_child(); ++ pid = start_ptraced_child(&stack); + + n = ptrace(PTRACE_FAULTINFO, pid, 0, &fi); + if (n < 0) { +@@ -380,7 +390,7 @@ static inline int check_skas3_ptrace_sup + } + + init_registers(pid); +- stop_ptraced_child(pid, 1, 1); ++ stop_ptraced_child(pid, stack, 1, 1); + + return(ret); + } +_ diff --git a/queue/x86_64-TASK_SIZE-fix.patch b/queue/x86_64-TASK_SIZE-fix.patch new file mode 100644 index 00000000000..951b519af46 --- /dev/null +++ b/queue/x86_64-TASK_SIZE-fix.patch @@ -0,0 +1,243 @@ +From stable-bounces@linux.kernel.org Wed Jun 29 18:12:49 2005 +To: stable@kernel.org +From: akpm@osdl.org +Date: Wed, 29 Jun 2005 18:12:01 -0700 +Cc: akpm@osdl.org, ak@muc.de, nanhai.zou@intel.com, suresh.b.siddha@intel.com +Subject: [patch x86_64: TASK_SIZE fixes for compatibility mode processes + +From: Suresh Siddha + +Appended patch will setup compatibility mode TASK_SIZE properly. This will +fix atleast three known bugs that can be encountered while running +compatibility mode apps. + +a) A malicious 32bit app can have an elf section at 0xffffe000. During + exec of this app, we will have a memory leak as insert_vm_struct() is + not checking for return value in syscall32_setup_pages() and thus not + freeing the vma allocated for the vsyscall page. And instead of exec + failing (as it has addresses > TASK_SIZE), we were allowing it to + succeed previously. + +b) With a 32bit app, hugetlb_get_unmapped_area/arch_get_unmapped_area + may return addresses beyond 32bits, ultimately causing corruption + because of wrap-around and resulting in SEGFAULT, instead of returning + ENOMEM. + +c) 32bit app doing this below mmap will now fail. + + mmap((void *)(0xFFFFE000UL), 0x10000UL, PROT_READ|PROT_WRITE, + MAP_FIXED|MAP_PRIVATE|MAP_ANON, 0, 0); + +Signed-off-by: Zou Nan hai +Signed-off-by: Suresh Siddha +Cc: Andi Kleen +Signed-off-by: Andrew Morton +Signed-off-by: Chris Wright +--- + + arch/x86_64/ia32/ia32_binfmt.c | 5 +---- + arch/x86_64/kernel/process.c | 4 ++-- + arch/x86_64/kernel/ptrace.c | 17 ++++++++++------- + arch/x86_64/kernel/sys_x86_64.c | 14 ++++---------- + arch/x86_64/mm/fault.c | 2 +- + include/asm-x86_64/a.out.h | 2 +- + include/asm-x86_64/processor.h | 11 ++++++----- + 7 files changed, 25 insertions(+), 30 deletions(-) + +diff -puN arch/x86_64/ia32/ia32_binfmt.c~x86_64-task_size-fixes-for-compatibility-mode-processes arch/x86_64/ia32/ia32_binfmt.c +--- stable/arch/x86_64/ia32/ia32_binfmt.c~x86_64-task_size-fixes-for-compatibility-mode-processes 2005-06-29 18:11:13.000000000 -0700 ++++ stable-akpm/arch/x86_64/ia32/ia32_binfmt.c 2005-06-29 18:11:13.000000000 -0700 +@@ -46,7 +46,7 @@ struct elf_phdr; + + #define IA32_EMULATOR 1 + +-#define ELF_ET_DYN_BASE (TASK_UNMAPPED_32 + 0x1000000) ++#define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000) + + #undef ELF_ARCH + #define ELF_ARCH EM_386 +@@ -307,9 +307,6 @@ MODULE_AUTHOR("Eric Youngdale, Andi Klee + + #define elf_addr_t __u32 + +-#undef TASK_SIZE +-#define TASK_SIZE 0xffffffff +- + static void elf32_init(struct pt_regs *); + + #define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1 +diff -puN arch/x86_64/kernel/process.c~x86_64-task_size-fixes-for-compatibility-mode-processes arch/x86_64/kernel/process.c +--- stable/arch/x86_64/kernel/process.c~x86_64-task_size-fixes-for-compatibility-mode-processes 2005-06-29 18:11:13.000000000 -0700 ++++ stable-akpm/arch/x86_64/kernel/process.c 2005-06-29 18:11:13.000000000 -0700 +@@ -656,7 +656,7 @@ long do_arch_prctl(struct task_struct *t + + switch (code) { + case ARCH_SET_GS: +- if (addr >= TASK_SIZE) ++ if (addr >= TASK_SIZE_OF(task)) + return -EPERM; + cpu = get_cpu(); + /* handle small bases via the GDT because that's faster to +@@ -682,7 +682,7 @@ long do_arch_prctl(struct task_struct *t + case ARCH_SET_FS: + /* Not strictly needed for fs, but do it for symmetry + with gs */ +- if (addr >= TASK_SIZE) ++ if (addr >= TASK_SIZE_OF(task)) + return -EPERM; + cpu = get_cpu(); + /* handle small bases via the GDT because that's faster to +diff -puN arch/x86_64/kernel/ptrace.c~x86_64-task_size-fixes-for-compatibility-mode-processes arch/x86_64/kernel/ptrace.c +--- stable/arch/x86_64/kernel/ptrace.c~x86_64-task_size-fixes-for-compatibility-mode-processes 2005-06-29 18:11:13.000000000 -0700 ++++ stable-akpm/arch/x86_64/kernel/ptrace.c 2005-06-29 18:11:13.000000000 -0700 +@@ -257,12 +257,12 @@ static int putreg(struct task_struct *ch + value &= 0xffff; + return 0; + case offsetof(struct user_regs_struct,fs_base): +- if (value >= TASK_SIZE) ++ if (value >= TASK_SIZE_OF(child)) + return -EIO; + child->thread.fs = value; + return 0; + case offsetof(struct user_regs_struct,gs_base): +- if (value >= TASK_SIZE) ++ if (value >= TASK_SIZE_OF(child)) + return -EIO; + child->thread.gs = value; + return 0; +@@ -279,7 +279,7 @@ static int putreg(struct task_struct *ch + break; + case offsetof(struct user_regs_struct, rip): + /* Check if the new RIP address is canonical */ +- if (value >= TASK_SIZE) ++ if (value >= TASK_SIZE_OF(child)) + return -EIO; + break; + } +@@ -419,6 +419,8 @@ asmlinkage long sys_ptrace(long request, + break; + + case PTRACE_POKEUSR: /* write the word at location addr in the USER area */ ++ { ++ int dsize = test_tsk_thread_flag(child, TIF_IA32) ? 3 : 7; + ret = -EIO; + if ((addr & 7) || + addr > sizeof(struct user) - 7) +@@ -430,22 +432,22 @@ asmlinkage long sys_ptrace(long request, + break; + /* Disallows to set a breakpoint into the vsyscall */ + case offsetof(struct user, u_debugreg[0]): +- if (data >= TASK_SIZE-7) break; ++ if (data >= TASK_SIZE_OF(child) - dsize) break; + child->thread.debugreg0 = data; + ret = 0; + break; + case offsetof(struct user, u_debugreg[1]): +- if (data >= TASK_SIZE-7) break; ++ if (data >= TASK_SIZE_OF(child) - dsize) break; + child->thread.debugreg1 = data; + ret = 0; + break; + case offsetof(struct user, u_debugreg[2]): +- if (data >= TASK_SIZE-7) break; ++ if (data >= TASK_SIZE_OF(child) - dsize) break; + child->thread.debugreg2 = data; + ret = 0; + break; + case offsetof(struct user, u_debugreg[3]): +- if (data >= TASK_SIZE-7) break; ++ if (data >= TASK_SIZE_OF(child) - dsize) break; + child->thread.debugreg3 = data; + ret = 0; + break; +@@ -469,6 +471,7 @@ asmlinkage long sys_ptrace(long request, + break; + } + break; ++ } + case PTRACE_SYSCALL: /* continue and stop at next (return from) syscall */ + case PTRACE_CONT: /* restart after signal. */ + +diff -puN arch/x86_64/kernel/sys_x86_64.c~x86_64-task_size-fixes-for-compatibility-mode-processes arch/x86_64/kernel/sys_x86_64.c +--- stable/arch/x86_64/kernel/sys_x86_64.c~x86_64-task_size-fixes-for-compatibility-mode-processes 2005-06-29 18:11:13.000000000 -0700 ++++ stable-akpm/arch/x86_64/kernel/sys_x86_64.c 2005-06-29 18:11:13.000000000 -0700 +@@ -68,13 +68,7 @@ out: + static void find_start_end(unsigned long flags, unsigned long *begin, + unsigned long *end) + { +-#ifdef CONFIG_IA32_EMULATION +- if (test_thread_flag(TIF_IA32)) { +- *begin = TASK_UNMAPPED_32; +- *end = IA32_PAGE_OFFSET; +- } else +-#endif +- if (flags & MAP_32BIT) { ++ if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) { + /* This is usually used needed to map code in small + model, so it needs to be in the first 31bit. Limit + it to that. This means we need to move the +@@ -84,10 +78,10 @@ static void find_start_end(unsigned long + of playground for now. -AK */ + *begin = 0x40000000; + *end = 0x80000000; +- } else { +- *begin = TASK_UNMAPPED_64; ++ } else { ++ *begin = TASK_UNMAPPED_BASE; + *end = TASK_SIZE; +- } ++ } + } + + unsigned long +diff -puN arch/x86_64/mm/fault.c~x86_64-task_size-fixes-for-compatibility-mode-processes arch/x86_64/mm/fault.c +--- stable/arch/x86_64/mm/fault.c~x86_64-task_size-fixes-for-compatibility-mode-processes 2005-06-29 18:11:13.000000000 -0700 ++++ stable-akpm/arch/x86_64/mm/fault.c 2005-06-29 18:11:13.000000000 -0700 +@@ -350,7 +350,7 @@ asmlinkage void do_page_fault(struct pt_ + * (error_code & 4) == 0, and that the fault was not a + * protection error (error_code & 1) == 0. + */ +- if (unlikely(address >= TASK_SIZE)) { ++ if (unlikely(address >= TASK_SIZE64)) { + if (!(error_code & 5) && + ((address >= VMALLOC_START && address < VMALLOC_END) || + (address >= MODULES_VADDR && address < MODULES_END))) { +diff -puN include/asm-x86_64/a.out.h~x86_64-task_size-fixes-for-compatibility-mode-processes include/asm-x86_64/a.out.h +--- stable/include/asm-x86_64/a.out.h~x86_64-task_size-fixes-for-compatibility-mode-processes 2005-06-29 18:11:13.000000000 -0700 ++++ stable-akpm/include/asm-x86_64/a.out.h 2005-06-29 18:11:13.000000000 -0700 +@@ -21,7 +21,7 @@ struct exec + + #ifdef __KERNEL__ + #include +-#define STACK_TOP (test_thread_flag(TIF_IA32) ? IA32_PAGE_OFFSET : TASK_SIZE) ++#define STACK_TOP TASK_SIZE + #endif + + #endif /* __A_OUT_GNU_H__ */ +diff -puN include/asm-x86_64/processor.h~x86_64-task_size-fixes-for-compatibility-mode-processes include/asm-x86_64/processor.h +--- stable/include/asm-x86_64/processor.h~x86_64-task_size-fixes-for-compatibility-mode-processes 2005-06-29 18:11:13.000000000 -0700 ++++ stable-akpm/include/asm-x86_64/processor.h 2005-06-29 18:11:13.000000000 -0700 +@@ -160,16 +160,17 @@ static inline void clear_in_cr4 (unsigne + /* + * User space process size. 47bits minus one guard page. + */ +-#define TASK_SIZE (0x800000000000UL - 4096) ++#define TASK_SIZE64 (0x800000000000UL - 4096) + + /* This decides where the kernel will search for a free chunk of vm + * space during mmap's. + */ + #define IA32_PAGE_OFFSET ((current->personality & ADDR_LIMIT_3GB) ? 0xc0000000 : 0xFFFFe000) +-#define TASK_UNMAPPED_32 PAGE_ALIGN(IA32_PAGE_OFFSET/3) +-#define TASK_UNMAPPED_64 PAGE_ALIGN(TASK_SIZE/3) +-#define TASK_UNMAPPED_BASE \ +- (test_thread_flag(TIF_IA32) ? TASK_UNMAPPED_32 : TASK_UNMAPPED_64) ++ ++#define TASK_SIZE (test_thread_flag(TIF_IA32) ? IA32_PAGE_OFFSET : TASK_SIZE64) ++#define TASK_SIZE_OF(child) ((test_tsk_thread_flag(child, TIF_IA32)) ? IA32_PAGE_OFFSET : TASK_SIZE64) ++ ++#define TASK_UNMAPPED_BASE PAGE_ALIGN(TASK_SIZE/3) + + /* + * Size of io_bitmap. +_ -- 2.47.3