1 From: Greg Kroah-Hartman <gregkh@suse.de>
2 Subject: Linux 2.6.27.37
4 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
6 diff --git a/Makefile b/Makefile
7 index e7046ea..e063536 100644
16 NAME = Trembling Tortoise
19 diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
20 index 5e65290..09b59b2 100644
21 --- a/arch/x86/ia32/ia32entry.S
22 +++ b/arch/x86/ia32/ia32entry.S
24 #define __AUDIT_ARCH_LE 0x40000000
26 #ifndef CONFIG_AUDITSYSCALL
27 -#define sysexit_audit int_ret_from_sys_call
28 -#define sysretl_audit int_ret_from_sys_call
29 +#define sysexit_audit ia32_ret_from_sys_call
30 +#define sysretl_audit ia32_ret_from_sys_call
33 #define IA32_NR_syscalls ((ia32_syscall_end - ia32_sys_call_table)/8)
39 + .macro CLEAR_RREGS offset=0, _r9=rax
45 + movq %rax,\offset+R11(%rsp)
46 + movq %rax,\offset+R10(%rsp)
47 + movq %\_r9,\offset+R9(%rsp)
48 + movq %rax,\offset+R8(%rsp)
53 * We don't reload %eax because syscall_trace_enter() returned
54 * the value it wants us to use in the table lookup.
56 - .macro LOAD_ARGS32 offset
57 - movl \offset(%rsp),%r11d
58 - movl \offset+8(%rsp),%r10d
59 + .macro LOAD_ARGS32 offset, _r9=0
61 movl \offset+16(%rsp),%r9d
62 - movl \offset+24(%rsp),%r8d
64 movl \offset+40(%rsp),%ecx
65 movl \offset+48(%rsp),%edx
66 movl \offset+56(%rsp),%esi
67 @@ -145,7 +144,7 @@ ENTRY(ia32_sysenter_target)
69 /* no need to do an access_ok check here because rbp has been
70 32bit zero extended */
73 .section __ex_table,"a"
76 @@ -157,7 +156,7 @@ ENTRY(ia32_sysenter_target)
77 cmpl $(IA32_NR_syscalls-1),%eax
83 call *ia32_sys_call_table(,%rax,8)
84 movq %rax,RAX-ARGOFFSET(%rsp)
85 @@ -173,6 +172,10 @@ sysexit_from_sys_call:
86 movl RIP-R11(%rsp),%edx /* User %eip */
88 RESTORE_ARGS 1,24,1,1,1,1
94 CFI_ADJUST_CFA_OFFSET -8
95 /*CFI_RESTORE rflags*/
96 @@ -203,7 +206,7 @@ sysexit_from_sys_call:
98 .macro auditsys_exit exit,ebpsave=RBP
99 testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
100 - jnz int_ret_from_sys_call
101 + jnz ia32_ret_from_sys_call
104 movl %eax,%esi /* second arg, syscall return value */
105 @@ -219,8 +222,9 @@ sysexit_from_sys_call:
108 testl %edi,TI_flags(%r10)
112 + CLEAR_RREGS -ARGOFFSET
117 @@ -234,20 +238,17 @@ sysexit_audit:
122 #ifdef CONFIG_AUDITSYSCALL
123 testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
129 movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */
130 movq %rsp,%rdi /* &pt_regs -> arg1 */
131 call syscall_trace_enter
132 LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
135 cmpl $(IA32_NR_syscalls-1),%eax
136 ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */
138 @@ -314,9 +315,9 @@ ENTRY(ia32_cstar_target)
139 testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10)
143 cmpl $IA32_NR_syscalls-1,%eax
148 call *ia32_sys_call_table(,%rax,8)
149 @@ -333,6 +334,9 @@ sysretl_from_sys_call:
151 movl EFLAGS-ARGOFFSET(%rsp),%r11d
152 /*CFI_REGISTER rflags,r11*/
157 movl RSP-ARGOFFSET(%rsp),%esp
159 @@ -357,15 +361,13 @@ cstar_tracesys:
166 movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
167 movq %rsp,%rdi /* &pt_regs -> arg1 */
168 call syscall_trace_enter
169 - LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
170 + LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */
173 - movl RSP-ARGOFFSET(%rsp), %r8d
174 cmpl $(IA32_NR_syscalls-1),%eax
175 ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */
177 @@ -431,6 +433,8 @@ ia32_do_call:
178 call *ia32_sys_call_table(,%rax,8) # xxx: rip relative
180 movq %rax,RAX-ARGOFFSET(%rsp)
181 +ia32_ret_from_sys_call:
182 + CLEAR_RREGS -ARGOFFSET
183 jmp int_ret_from_sys_call
186 @@ -448,8 +452,8 @@ END(ia32_syscall)
189 movq $0,ORIG_RAX-ARGOFFSET(%rsp)
190 - movq $-ENOSYS,RAX-ARGOFFSET(%rsp)
191 - jmp int_ret_from_sys_call
197 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
198 index f7c7142..60ebfd7 100644
199 --- a/arch/x86/kvm/x86.c
200 +++ b/arch/x86/kvm/x86.c
201 @@ -2571,6 +2571,11 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
205 + if (kvm_x86_ops->get_cpl(vcpu) != 0) {
211 case KVM_HC_VAPIC_POLL_IRQ:
213 @@ -2582,6 +2587,7 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
218 vcpu->arch.regs[VCPU_REGS_RAX] = ret;
219 kvm_x86_ops->decache_regs(vcpu);
220 ++vcpu->stat.hypercalls;
221 diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
222 index 56fe712..47dd8f5 100644
223 --- a/arch/x86/mm/mmap.c
224 +++ b/arch/x86/mm/mmap.c
226 #include <linux/random.h>
227 #include <linux/limits.h>
228 #include <linux/sched.h>
229 +#include <asm/elf.h>
231 +static unsigned int stack_maxrandom_size(void)
233 + unsigned int max = 0;
234 + if ((current->flags & PF_RANDOMIZE) &&
235 + !(current->personality & ADDR_NO_RANDOMIZE)) {
236 + max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT;
244 * Top of mmap area (just below the process stack).
246 - * Leave an at least ~128 MB hole.
247 + * Leave an at least ~128 MB hole with possible stack randomization.
249 -#define MIN_GAP (128*1024*1024)
250 +#define MIN_GAP (128*1024*1024UL + stack_maxrandom_size())
251 #define MAX_GAP (TASK_SIZE/6*5)
254 diff --git a/drivers/net/iseries_veth.c b/drivers/net/iseries_veth.c
255 index c46864d..e1db78a 100644
256 --- a/drivers/net/iseries_veth.c
257 +++ b/drivers/net/iseries_veth.c
258 @@ -495,7 +495,7 @@ static void veth_take_cap_ack(struct veth_lpar_connection *cnx,
261 memcpy(&cnx->cap_ack_event, event,
262 - sizeof(&cnx->cap_ack_event));
263 + sizeof(cnx->cap_ack_event));
264 cnx->state |= VETH_STATE_GOTCAPACK;
265 veth_kick_statemachine(cnx);
267 diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c
268 index 763c1ea..dad4fe6 100644
269 --- a/drivers/watchdog/hpwdt.c
270 +++ b/drivers/watchdog/hpwdt.c
272 #define PCI_BIOS32_PARAGRAPH_LEN 16
273 #define PCI_ROM_BASE1 0x000F0000
274 #define ROM_SIZE 0x10000
275 +#define HPWDT_VERSION "1.01"
277 struct bios32_service_dir {
279 @@ -130,12 +131,8 @@ static void *cru_rom_addr;
280 static struct cmn_registers cmn_regs;
282 static struct pci_device_id hpwdt_devices[] = {
284 - .vendor = PCI_VENDOR_ID_COMPAQ,
286 - .subvendor = PCI_ANY_ID,
287 - .subdevice = PCI_ANY_ID,
289 + { PCI_DEVICE(PCI_VENDOR_ID_COMPAQ, 0xB203) },
290 + { PCI_DEVICE(PCI_VENDOR_ID_HP, 0x3306) },
291 {0}, /* terminate list */
293 MODULE_DEVICE_TABLE(pci, hpwdt_devices);
294 @@ -704,10 +701,11 @@ static int __devinit hpwdt_init_one(struct pci_dev *dev,
298 - "hp Watchdog Timer Driver: 1.00"
299 + "hp Watchdog Timer Driver: %s"
300 ", timer margin: %d seconds (nowayout=%d)"
301 ", allow kernel dump: %s (default = 0/OFF).\n",
302 - soft_margin, nowayout, (allow_kdump == 0) ? "OFF" : "ON");
303 + HPWDT_VERSION, soft_margin, nowayout,
304 + (allow_kdump == 0) ? "OFF" : "ON");
308 @@ -757,6 +755,7 @@ static int __init hpwdt_init(void)
309 MODULE_AUTHOR("Tom Mingarelli");
310 MODULE_DESCRIPTION("hp watchdog driver");
311 MODULE_LICENSE("GPL");
312 +MODULE_VERSION(HPWDT_VERSION);
313 MODULE_ALIAS_MISCDEV(WATCHDOG_MINOR);
315 module_param(soft_margin, int, 0);
316 diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
317 index 5e78fc1..1c1220e 100644
318 --- a/fs/ecryptfs/inode.c
319 +++ b/fs/ecryptfs/inode.c
320 @@ -443,6 +443,7 @@ static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry)
321 struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);
322 struct dentry *lower_dir_dentry;
324 + dget(lower_dentry);
325 lower_dir_dentry = lock_parent(lower_dentry);
326 rc = vfs_unlink(lower_dir_inode, lower_dentry);
328 @@ -456,6 +457,7 @@ static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry)
331 unlock_dir(lower_dir_dentry);
332 + dput(lower_dentry);
336 diff --git a/include/asm-x86/elf.h b/include/asm-x86/elf.h
337 index 7be4733..36343b6 100644
338 --- a/include/asm-x86/elf.h
339 +++ b/include/asm-x86/elf.h
340 @@ -287,6 +287,8 @@ do { \
344 +#define STACK_RND_MASK (0x7ff)
346 #define VDSO_HIGH_BASE (__fix_to_virt(FIX_VDSO))
348 #define ARCH_DLINFO ARCH_DLINFO_IA32(vdso_enabled)
349 diff --git a/include/linux/kvm_para.h b/include/linux/kvm_para.h
350 index 3ddce03..d731092 100644
351 --- a/include/linux/kvm_para.h
352 +++ b/include/linux/kvm_para.h
354 #define KVM_ENOSYS 1000
355 #define KVM_EFAULT EFAULT
356 #define KVM_E2BIG E2BIG
357 +#define KVM_EPERM EPERM
359 #define KVM_HC_VAPIC_POLL_IRQ 1
360 #define KVM_HC_MMU_OP 2
361 diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
362 index 521960b..6e22c16 100644
363 --- a/kernel/time/timekeeping.c
364 +++ b/kernel/time/timekeeping.c
365 @@ -477,6 +477,28 @@ void update_wall_time(void)
366 /* correct the clock when NTP error is too big */
367 clocksource_adjust(offset);
370 + * Since in the loop above, we accumulate any amount of time
371 + * in xtime_nsec over a second into xtime.tv_sec, its possible for
372 + * xtime_nsec to be fairly small after the loop. Further, if we're
373 + * slightly speeding the clocksource up in clocksource_adjust(),
374 + * its possible the required corrective factor to xtime_nsec could
375 + * cause it to underflow.
377 + * Now, we cannot simply roll the accumulated second back, since
378 + * the NTP subsystem has been notified via second_overflow. So
379 + * instead we push xtime_nsec forward by the amount we underflowed,
380 + * and add that amount into the error.
382 + * We'll correct this error next time through this function, when
383 + * xtime_nsec is not as small.
385 + if (unlikely((s64)clock->xtime_nsec < 0)) {
386 + s64 neg = -(s64)clock->xtime_nsec;
387 + clock->xtime_nsec = 0;
388 + clock->error += neg << (NTP_SCALE_SHIFT - clock->shift);
391 /* store full nanoseconds into xtime */
392 xtime.tv_nsec = (s64)clock->xtime_nsec >> clock->shift;
393 clock->xtime_nsec -= (s64)xtime.tv_nsec << clock->shift;