From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QNPKU-0001Ls-2R for garchives@archives.gentoo.org; Fri, 20 May 2011 13:01:39 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DB6181C0B4; Fri, 20 May 2011 13:01:13 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id A6BCF1C0B4 for ; Fri, 20 May 2011 13:01:12 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 74D881B404C for ; Fri, 20 May 2011 13:01:11 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id CFDDD8001B for ; Fri, 20 May 2011 13:01:10 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <6221a948e775d07f1f279a23b3ff24d42e3c8a83.blueness@gentoo> Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 2.6.38/ X-VCS-Repository: proj/hardened-patchset X-VCS-Files: 2.6.32/0000_README 2.6.32/4420_grsecurity-2.2.2-2.6.32.40-201105111839.patch 2.6.32/4420_grsecurity-2.2.2-2.6.32.40-201105182052.patch 2.6.32/4422_grsec-mute-warnings.patch 2.6.38/0000_README 2.6.38/4420_grsecurity-2.2.2-2.6.38.6-201105111839.patch 2.6.38/4420_grsecurity-2.2.2-2.6.38.6-201105182052.patch 2.6.38/4422_grsec-mute-warnings.patch X-VCS-Directories: 2.6.32/ 2.6.38/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: 6221a948e775d07f1f279a23b3ff24d42e3c8a83 Date: Fri, 20 May 2011 13:01:10 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 90e24a932f7c78031b1c45505860b6a7 commit: 6221a948e775d07f1f279a23b3ff24d42e3c8a83 Author: Anthony G. Basile gentoo org> AuthorDate: Fri May 20 13:00:09 2011 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Fri May 20 13:00:09 2011 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-patc= hset.git;a=3Dcommit;h=3D6221a948 Update Grsec/PaX 2.2.2-2.6.32.40-201105182052 2.2.2-2.6.38.6-201105182052 --- 2.6.32/0000_README | 2 +- ..._grsecurity-2.2.2-2.6.32.40-201105182052.patch} | 3117 ++++++++++++++= +-- 2.6.32/4422_grsec-mute-warnings.patch | 8 +- 2.6.38/0000_README | 2 +- ...0_grsecurity-2.2.2-2.6.38.6-201105182052.patch} | 3703 ++++++++++++++= ++++-- 2.6.38/4422_grsec-mute-warnings.patch | 10 +- 6 files changed, 6118 insertions(+), 724 deletions(-) diff --git a/2.6.32/0000_README b/2.6.32/0000_README index f11f999..671630b 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,7 +3,7 @@ README =20 Individual Patch Descriptions: ------------------------------------------------------------------------= ----- -Patch: 4420_grsecurity-2.2.2-2.6.32.40-201105111839.patch +Patch: 4420_grsecurity-2.2.2-2.6.32.40-201105182052.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity =20 diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.40-201105111839.patch b/= 2.6.32/4420_grsecurity-2.2.2-2.6.32.40-201105182052.patch similarity index 95% rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.40-201105111839.patch rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.40-201105182052.patch index 21584b3..684a24c 100644 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.40-201105111839.patch +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.40-201105182052.patch @@ -3552,6 +3552,18 @@ diff -urNp linux-2.6.32.40/arch/sparc/include/asm/= atomic_64.h linux-2.6.32.40/ar } =20 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) +diff -urNp linux-2.6.32.40/arch/sparc/include/asm/cache.h linux-2.6.32.4= 0/arch/sparc/include/asm/cache.h +--- linux-2.6.32.40/arch/sparc/include/asm/cache.h 2011-03-27 14:31:47.0= 00000000 -0400 ++++ linux-2.6.32.40/arch/sparc/include/asm/cache.h 2011-05-17 19:26:34.0= 00000000 -0400 +@@ -8,7 +8,7 @@ + #define _SPARC_CACHE_H +=20 + #define L1_CACHE_SHIFT 5 +-#define L1_CACHE_BYTES 32 ++#define L1_CACHE_BYTES 32U + #define L1_CACHE_ALIGN(x) ((((x)+(L1_CACHE_BYTES-1))&~(L1_CACHE_BYTES-1= ))) +=20 + #ifdef CONFIG_SPARC32 diff -urNp linux-2.6.32.40/arch/sparc/include/asm/dma-mapping.h linux-2.= 6.32.40/arch/sparc/include/asm/dma-mapping.h --- linux-2.6.32.40/arch/sparc/include/asm/dma-mapping.h 2011-03-27 14:3= 1:47.000000000 -0400 +++ linux-2.6.32.40/arch/sparc/include/asm/dma-mapping.h 2011-04-17 15:5= 6:46.000000000 -0400 @@ -4613,6 +4625,18 @@ diff -urNp linux-2.6.32.40/arch/sparc/lib/ksyms.c = linux-2.6.32.40/arch/sparc/lib EXPORT_SYMBOL(atomic64_sub_ret); =20 /* Atomic bit operations. */ +diff -urNp linux-2.6.32.40/arch/sparc/lib/Makefile linux-2.6.32.40/arch/= sparc/lib/Makefile +--- linux-2.6.32.40/arch/sparc/lib/Makefile 2011-03-27 14:31:47.00000000= 0 -0400 ++++ linux-2.6.32.40/arch/sparc/lib/Makefile 2011-05-17 19:26:34.00000000= 0 -0400 +@@ -2,7 +2,7 @@ + # +=20 + asflags-y :=3D -ansi -DST_DIV0=3D0x02 +-ccflags-y :=3D -Werror ++#ccflags-y :=3D -Werror +=20 + lib-$(CONFIG_SPARC32) +=3D mul.o rem.o sdiv.o udiv.o umul.o urem.o ashr= di3.o + lib-$(CONFIG_SPARC32) +=3D memcpy.o memset.o diff -urNp linux-2.6.32.40/arch/sparc/lib/rwsem_64.S linux-2.6.32.40/arc= h/sparc/lib/rwsem_64.S --- linux-2.6.32.40/arch/sparc/lib/rwsem_64.S 2011-03-27 14:31:47.000000= 000 -0400 +++ linux-2.6.32.40/arch/sparc/lib/rwsem_64.S 2011-04-17 15:56:46.000000= 000 -0400 @@ -6246,7 +6270,7 @@ diff -urNp linux-2.6.32.40/arch/x86/ia32/ia32_aout.= c linux-2.6.32.40/arch/x86/ia return has_dumped; diff -urNp linux-2.6.32.40/arch/x86/ia32/ia32entry.S linux-2.6.32.40/arc= h/x86/ia32/ia32entry.S --- linux-2.6.32.40/arch/x86/ia32/ia32entry.S 2011-03-27 14:31:47.000000= 000 -0400 -+++ linux-2.6.32.40/arch/x86/ia32/ia32entry.S 2011-05-11 18:25:12.000000= 000 -0400 ++++ linux-2.6.32.40/arch/x86/ia32/ia32entry.S 2011-05-16 21:46:57.000000= 000 -0400 @@ -13,6 +13,7 @@ #include =09 #include @@ -6255,7 +6279,7 @@ diff -urNp linux-2.6.32.40/arch/x86/ia32/ia32entry.= S linux-2.6.32.40/arch/x86/ia #include =20 /* Avoid __ASSEMBLER__'ifying just for this. */ -@@ -93,6 +94,28 @@ ENTRY(native_irq_enable_sysexit) +@@ -93,6 +94,26 @@ ENTRY(native_irq_enable_sysexit) ENDPROC(native_irq_enable_sysexit) #endif =20 @@ -6270,21 +6294,19 @@ diff -urNp linux-2.6.32.40/arch/x86/ia32/ia32entr= y.S linux-2.6.32.40/arch/x86/ia + call pax_exit_kernel_user +#endif +#ifdef CONFIG_PAX_RANDKSTACK -+ push %rax ++ pushq %rax + call pax_randomize_kstack -+ pop %rax ++ popq %rax +#endif +#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+ push %rax + call pax_erase_kstack -+ pop %rax +#endif + .endm + /* * 32bit SYSENTER instruction entry. * -@@ -119,7 +142,7 @@ ENTRY(ia32_sysenter_target) +@@ -119,7 +140,7 @@ ENTRY(ia32_sysenter_target) CFI_REGISTER rsp,rbp SWAPGS_UNSAFE_STACK movq PER_CPU_VAR(kernel_stack), %rsp @@ -6293,7 +6315,7 @@ diff -urNp linux-2.6.32.40/arch/x86/ia32/ia32entry.= S linux-2.6.32.40/arch/x86/ia /* * No need to follow this irqs on/off section: the syscall * disabled irqs, here we enable it straight after entry: -@@ -135,7 +158,8 @@ ENTRY(ia32_sysenter_target) +@@ -135,7 +156,8 @@ ENTRY(ia32_sysenter_target) pushfq CFI_ADJUST_CFA_OFFSET 8 /*CFI_REL_OFFSET rflags,0*/ @@ -6303,7 +6325,7 @@ diff -urNp linux-2.6.32.40/arch/x86/ia32/ia32entry.= S linux-2.6.32.40/arch/x86/ia CFI_REGISTER rip,r10 pushq $__USER32_CS CFI_ADJUST_CFA_OFFSET 8 -@@ -150,6 +174,12 @@ ENTRY(ia32_sysenter_target) +@@ -150,6 +172,12 @@ ENTRY(ia32_sysenter_target) SAVE_ARGS 0,0,1 /* no need to do an access_ok check here because rbp has been 32bit zero extended */=20 @@ -6316,7 +6338,7 @@ diff -urNp linux-2.6.32.40/arch/x86/ia32/ia32entry.= S linux-2.6.32.40/arch/x86/ia 1: movl (%rbp),%ebp .section __ex_table,"a" .quad 1b,ia32_badarg -@@ -172,6 +202,7 @@ sysenter_dispatch: +@@ -172,6 +200,7 @@ sysenter_dispatch: testl $_TIF_ALLWORK_MASK,TI_flags(%r10) jnz sysexit_audit sysexit_from_sys_call: @@ -6324,7 +6346,7 @@ diff -urNp linux-2.6.32.40/arch/x86/ia32/ia32entry.= S linux-2.6.32.40/arch/x86/ia andl $~TS_COMPAT,TI_status(%r10) /* clear IF, that popfq doesn't enable interrupts early */ andl $~0x200,EFLAGS-R11(%rsp)=20 -@@ -283,19 +314,24 @@ ENDPROC(ia32_sysenter_target) +@@ -283,19 +312,24 @@ ENDPROC(ia32_sysenter_target) ENTRY(ia32_cstar_target) CFI_STARTPROC32 simple CFI_SIGNAL_FRAME @@ -6351,7 +6373,7 @@ diff -urNp linux-2.6.32.40/arch/x86/ia32/ia32entry.= S linux-2.6.32.40/arch/x86/ia movl %eax,%eax /* zero extension */ movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) -@@ -311,6 +347,12 @@ ENTRY(ia32_cstar_target) +@@ -311,6 +345,12 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */=20 /* hardware stack frame is complete now */=09 @@ -6364,7 +6386,7 @@ diff -urNp linux-2.6.32.40/arch/x86/ia32/ia32entry.= S linux-2.6.32.40/arch/x86/ia 1: movl (%r8),%r9d .section __ex_table,"a" .quad 1b,ia32_badarg -@@ -333,6 +375,7 @@ cstar_dispatch: +@@ -333,6 +373,7 @@ cstar_dispatch: testl $_TIF_ALLWORK_MASK,TI_flags(%r10) jnz sysretl_audit sysretl_from_sys_call: @@ -6372,7 +6394,7 @@ diff -urNp linux-2.6.32.40/arch/x86/ia32/ia32entry.= S linux-2.6.32.40/arch/x86/ia andl $~TS_COMPAT,TI_status(%r10) RESTORE_ARGS 1,-ARG_SKIP,1,1,1 movl RIP-ARGOFFSET(%rsp),%ecx -@@ -415,6 +458,7 @@ ENTRY(ia32_syscall) +@@ -415,6 +456,7 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS @@ -9837,7 +9859,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/sys= tem.h linux-2.6.32.40/arch/x8 void default_idle(void); diff -urNp linux-2.6.32.40/arch/x86/include/asm/thread_info.h linux-2.6.= 32.40/arch/x86/include/asm/thread_info.h --- linux-2.6.32.40/arch/x86/include/asm/thread_info.h 2011-03-27 14:31:= 47.000000000 -0400 -+++ linux-2.6.32.40/arch/x86/include/asm/thread_info.h 2011-05-04 17:56:= 20.000000000 -0400 ++++ linux-2.6.32.40/arch/x86/include/asm/thread_info.h 2011-05-17 19:26:= 34.000000000 -0400 @@ -10,6 +10,7 @@ #include #include @@ -9854,7 +9876,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/thr= ead_info.h linux-2.6.32.40/ar struct exec_domain *exec_domain; /* execution domain */ __u32 flags; /* low level flags */ __u32 status; /* thread synchronous flags */ -@@ -34,18 +34,11 @@ struct thread_info { +@@ -34,18 +34,12 @@ struct thread_info { mm_segment_t addr_limit; struct restart_block restart_block; void __user *sysenter_return; @@ -9864,6 +9886,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/thr= ead_info.h linux-2.6.32.40/ar - */ - __u8 supervisor_stack[0]; -#endif ++ unsigned long lowest_stack; int uaccess_err; }; =20 @@ -9874,7 +9897,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/thr= ead_info.h linux-2.6.32.40/ar .exec_domain =3D &default_exec_domain, \ .flags =3D 0, \ .cpu =3D 0, \ -@@ -56,7 +49,7 @@ struct thread_info { +@@ -56,7 +50,7 @@ struct thread_info { }, \ } =20 @@ -9883,7 +9906,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/thr= ead_info.h linux-2.6.32.40/ar #define init_stack (init_thread_union.stack) =20 #else /* !__ASSEMBLY__ */ -@@ -163,6 +156,23 @@ struct thread_info { +@@ -163,6 +157,23 @@ struct thread_info { #define alloc_thread_info(tsk) \ ((struct thread_info *)__get_free_pages(THREAD_FLAGS, THREAD_ORDER)) =20 @@ -9907,7 +9930,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/thr= ead_info.h linux-2.6.32.40/ar #ifdef CONFIG_X86_32 =20 #define STACK_WARN (THREAD_SIZE/8) -@@ -173,35 +183,13 @@ struct thread_info { +@@ -173,35 +184,13 @@ struct thread_info { */ #ifndef __ASSEMBLY__ =20 @@ -9943,7 +9966,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/thr= ead_info.h linux-2.6.32.40/ar /* * macros/functions for gaining access to the thread information struct= ure * preempt_count needs to be 1 initially, until the scheduler is functi= onal. -@@ -209,21 +197,6 @@ static inline struct thread_info *curren +@@ -209,21 +198,8 @@ static inline struct thread_info *curren #ifndef __ASSEMBLY__ DECLARE_PER_CPU(unsigned long, kernel_stack); =20 @@ -9962,10 +9985,12 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/t= hread_info.h linux-2.6.32.40/ar - movq PER_CPU_VAR(kernel_stack),reg ; \ - subq $(THREAD_SIZE-KERNEL_STACK_OFFSET),reg - ++/* how to get the current stack pointer from C */ ++register unsigned long current_stack_pointer asm("rsp") __used; #endif =20 #endif /* !X86_32 */ -@@ -260,5 +233,16 @@ extern void arch_task_cache_init(void); +@@ -260,5 +236,16 @@ extern void arch_task_cache_init(void); extern void free_thread_info(struct thread_info *ti); extern int arch_dup_task_struct(struct task_struct *dst, struct task_st= ruct *src); #define arch_task_cache_init arch_task_cache_init @@ -9984,18 +10009,20 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/= thread_info.h linux-2.6.32.40/ar #endif /* _ASM_X86_THREAD_INFO_H */ diff -urNp linux-2.6.32.40/arch/x86/include/asm/uaccess_32.h linux-2.6.3= 2.40/arch/x86/include/asm/uaccess_32.h --- linux-2.6.32.40/arch/x86/include/asm/uaccess_32.h 2011-03-27 14:31:4= 7.000000000 -0400 -+++ linux-2.6.32.40/arch/x86/include/asm/uaccess_32.h 2011-04-17 15:56:4= 6.000000000 -0400 -@@ -44,6 +44,9 @@ unsigned long __must_check __copy_from_u ++++ linux-2.6.32.40/arch/x86/include/asm/uaccess_32.h 2011-05-16 21:46:5= 7.000000000 -0400 +@@ -44,6 +44,11 @@ unsigned long __must_check __copy_from_u static __always_inline unsigned long __must_check __copy_to_user_inatomic(void __user *to, const void *from, unsigned lon= g n) { ++ pax_track_stack(); ++ + if ((long)n < 0) + return n; + if (__builtin_constant_p(n)) { unsigned long ret; =20 -@@ -62,6 +65,8 @@ __copy_to_user_inatomic(void __user *to, +@@ -62,6 +67,8 @@ __copy_to_user_inatomic(void __user *to, return ret; } } @@ -10004,7 +10031,14 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/= uaccess_32.h linux-2.6.32.40/arc return __copy_to_user_ll(to, from, n); } =20 -@@ -89,6 +94,9 @@ __copy_to_user(void __user *to, const vo +@@ -83,12 +90,16 @@ static __always_inline unsigned long __m + __copy_to_user(void __user *to, const void *from, unsigned long n) + { + might_fault(); ++ + return __copy_to_user_inatomic(to, from, n); + } +=20 static __always_inline unsigned long __copy_from_user_inatomic(void *to, const void __user *from, unsigned l= ong n) { @@ -10014,18 +10048,20 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm= /uaccess_32.h linux-2.6.32.40/arc /* Avoid zeroing the tail if the copy fails.. * If 'n' is constant and 1, 2, or 4, we do still zero on a failure, * but as the zeroing behaviour is only significant when n is not -@@ -138,6 +146,10 @@ static __always_inline unsigned long +@@ -138,6 +149,12 @@ static __always_inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) { might_fault(); + ++ pax_track_stack(); ++ + if ((long)n < 0) + return n; + if (__builtin_constant_p(n)) { unsigned long ret; =20 -@@ -153,6 +165,8 @@ __copy_from_user(void *to, const void __ +@@ -153,6 +170,8 @@ __copy_from_user(void *to, const void __ return ret; } } @@ -10034,7 +10070,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/u= access_32.h linux-2.6.32.40/arc return __copy_from_user_ll(to, from, n); } =20 -@@ -160,6 +174,10 @@ static __always_inline unsigned long __c +@@ -160,6 +179,10 @@ static __always_inline unsigned long __c const void __user *from, unsigned long n) { might_fault(); @@ -10045,7 +10081,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/u= access_32.h linux-2.6.32.40/arc if (__builtin_constant_p(n)) { unsigned long ret; =20 -@@ -182,14 +200,62 @@ static __always_inline unsigned long +@@ -182,14 +205,62 @@ static __always_inline unsigned long __copy_from_user_inatomic_nocache(void *to, const void __user *from, unsigned long n) { @@ -10116,7 +10152,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/u= access_32.h linux-2.6.32.40/arc long __must_check __strncpy_from_user(char *dst, diff -urNp linux-2.6.32.40/arch/x86/include/asm/uaccess_64.h linux-2.6.3= 2.40/arch/x86/include/asm/uaccess_64.h --- linux-2.6.32.40/arch/x86/include/asm/uaccess_64.h 2011-03-27 14:31:4= 7.000000000 -0400 -+++ linux-2.6.32.40/arch/x86/include/asm/uaccess_64.h 2011-05-04 17:56:2= 0.000000000 -0400 ++++ linux-2.6.32.40/arch/x86/include/asm/uaccess_64.h 2011-05-16 21:46:5= 7.000000000 -0400 @@ -9,6 +9,9 @@ #include #include @@ -10127,7 +10163,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/u= access_64.h linux-2.6.32.40/arc =20 /* * Copy To/From Userspace -@@ -19,113 +22,199 @@ __must_check unsigned long +@@ -19,113 +22,203 @@ __must_check unsigned long copy_user_generic(void *to, const void *from, unsigned len); =20 __must_check unsigned long @@ -10227,6 +10263,8 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/u= access_64.h linux-2.6.32.40/arc might_fault(); - if (!__builtin_constant_p(size)) + ++ pax_track_stack(); ++ + if ((int)size < 0) + return size; + @@ -10329,6 +10367,8 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/u= access_64.h linux-2.6.32.40/arc might_fault(); - if (!__builtin_constant_p(size)) + ++ pax_track_stack(); ++ + if ((int)size < 0) + return size; + @@ -10360,7 +10400,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/u= access_64.h linux-2.6.32.40/arc ret, "b", "b", "=3Dq", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -134,7 +223,7 @@ int __copy_in_user(void __user *dst, con +@@ -134,7 +227,7 @@ int __copy_in_user(void __user *dst, con } case 2: { u16 tmp; @@ -10369,7 +10409,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/u= access_64.h linux-2.6.32.40/arc ret, "w", "w", "=3Dr", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -144,7 +233,7 @@ int __copy_in_user(void __user *dst, con +@@ -144,7 +237,7 @@ int __copy_in_user(void __user *dst, con =20 case 4: { u32 tmp; @@ -10378,7 +10418,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/u= access_64.h linux-2.6.32.40/arc ret, "l", "k", "=3Dr", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -153,7 +242,7 @@ int __copy_in_user(void __user *dst, con +@@ -153,7 +246,7 @@ int __copy_in_user(void __user *dst, con } case 8: { u64 tmp; @@ -10387,7 +10427,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/u= access_64.h linux-2.6.32.40/arc ret, "q", "", "=3Dr", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -161,8 +250,16 @@ int __copy_in_user(void __user *dst, con +@@ -161,8 +254,16 @@ int __copy_in_user(void __user *dst, con return ret; } default: @@ -10405,7 +10445,7 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/u= access_64.h linux-2.6.32.40/arc } } =20 -@@ -176,33 +273,73 @@ __must_check long strlen_user(const char +@@ -176,33 +277,75 @@ __must_check long strlen_user(const char __must_check unsigned long clear_user(void __user *mem, unsigned long l= en); __must_check unsigned long __clear_user(void __user *mem, unsigned long= len); =20 @@ -10414,6 +10454,8 @@ diff -urNp linux-2.6.32.40/arch/x86/include/asm/u= access_64.h linux-2.6.32.40/arc +static __must_check __always_inline unsigned long +__copy_from_user_inatomic(void *dst, const void __user *src, unsigned s= ize) +{ ++ pax_track_stack(); ++ + if ((int)size < 0) + return size; =20 @@ -11095,7 +11137,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/amd_io= mmu.c linux-2.6.32.40/arch/x86/ .map_page =3D map_page, diff -urNp linux-2.6.32.40/arch/x86/kernel/apic/apic.c linux-2.6.32.40/a= rch/x86/kernel/apic/apic.c --- linux-2.6.32.40/arch/x86/kernel/apic/apic.c 2011-03-27 14:31:47.0000= 00000 -0400 -+++ linux-2.6.32.40/arch/x86/kernel/apic/apic.c 2011-05-04 17:56:28.0000= 00000 -0400 ++++ linux-2.6.32.40/arch/x86/kernel/apic/apic.c 2011-05-16 21:46:57.0000= 00000 -0400 @@ -1794,7 +1794,7 @@ void smp_error_interrupt(struct pt_regs=20 apic_write(APIC_ESR, 0); v1 =3D apic_read(APIC_ESR); @@ -11105,6 +11147,15 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/apic/= apic.c linux-2.6.32.40/arch/x86/ =20 /* * Here is what the APIC error bits mean: +@@ -2184,6 +2184,8 @@ static int __cpuinit apic_cluster_num(vo + u16 *bios_cpu_apicid; + DECLARE_BITMAP(clustermap, NUM_APIC_CLUSTERS); +=20 ++ pax_track_stack(); ++ + bios_cpu_apicid =3D early_per_cpu_ptr(x86_bios_cpu_apicid); + bitmap_zero(clustermap, NUM_APIC_CLUSTERS); +=20 diff -urNp linux-2.6.32.40/arch/x86/kernel/apic/io_apic.c linux-2.6.32.4= 0/arch/x86/kernel/apic/io_apic.c --- linux-2.6.32.40/arch/x86/kernel/apic/io_apic.c 2011-03-27 14:31:47.0= 00000000 -0400 +++ linux-2.6.32.40/arch/x86/kernel/apic/io_apic.c 2011-05-04 17:56:20.0= 00000000 -0400 @@ -11247,7 +11298,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/apm_32= .c linux-2.6.32.40/arch/x86/ker =20 diff -urNp linux-2.6.32.40/arch/x86/kernel/asm-offsets_32.c linux-2.6.32= .40/arch/x86/kernel/asm-offsets_32.c --- linux-2.6.32.40/arch/x86/kernel/asm-offsets_32.c 2011-03-27 14:31:47= .000000000 -0400 -+++ linux-2.6.32.40/arch/x86/kernel/asm-offsets_32.c 2011-05-11 18:25:24= .000000000 -0400 ++++ linux-2.6.32.40/arch/x86/kernel/asm-offsets_32.c 2011-05-16 21:46:57= .000000000 -0400 @@ -51,7 +51,6 @@ void foo(void) OFFSET(CPUINFO_x86_vendor_id, cpuinfo_x86, x86_vendor_id); BLANK(); @@ -11256,7 +11307,16 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/asm-o= ffsets_32.c linux-2.6.32.40/arch OFFSET(TI_exec_domain, thread_info, exec_domain); OFFSET(TI_flags, thread_info, flags); OFFSET(TI_status, thread_info, status); -@@ -99,6 +98,7 @@ void foo(void) +@@ -60,6 +59,8 @@ void foo(void) + OFFSET(TI_restart_block, thread_info, restart_block); + OFFSET(TI_sysenter_return, thread_info, sysenter_return); + OFFSET(TI_cpu, thread_info, cpu); ++ OFFSET(TI_lowest_stack, thread_info, lowest_stack); ++ DEFINE(TI_task_thread_sp0, offsetof(struct task_struct, thread.sp0) - = offsetof(struct task_struct, tinfo)); + BLANK(); +=20 + OFFSET(GDS_size, desc_ptr, size); +@@ -99,6 +100,7 @@ void foo(void) =20 DEFINE(PAGE_SIZE_asm, PAGE_SIZE); DEFINE(PAGE_SHIFT_asm, PAGE_SHIFT); @@ -11264,7 +11324,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/asm-of= fsets_32.c linux-2.6.32.40/arch DEFINE(PTRS_PER_PTE, PTRS_PER_PTE); DEFINE(PTRS_PER_PMD, PTRS_PER_PMD); DEFINE(PTRS_PER_PGD, PTRS_PER_PGD); -@@ -115,6 +115,11 @@ void foo(void) +@@ -115,6 +117,11 @@ void foo(void) OFFSET(PV_CPU_iret, pv_cpu_ops, iret); OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit); OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0); @@ -11278,8 +11338,17 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/asm-o= ffsets_32.c linux-2.6.32.40/arch #ifdef CONFIG_XEN diff -urNp linux-2.6.32.40/arch/x86/kernel/asm-offsets_64.c linux-2.6.32= .40/arch/x86/kernel/asm-offsets_64.c --- linux-2.6.32.40/arch/x86/kernel/asm-offsets_64.c 2011-03-27 14:31:47= .000000000 -0400 -+++ linux-2.6.32.40/arch/x86/kernel/asm-offsets_64.c 2011-05-04 17:56:20= .000000000 -0400 -@@ -63,6 +63,18 @@ int main(void) ++++ linux-2.6.32.40/arch/x86/kernel/asm-offsets_64.c 2011-05-16 21:46:57= .000000000 -0400 +@@ -44,6 +44,8 @@ int main(void) + ENTRY(addr_limit); + ENTRY(preempt_count); + ENTRY(status); ++ ENTRY(lowest_stack); ++ DEFINE(TI_task_thread_sp0, offsetof(struct task_struct, thread.sp0) - = offsetof(struct task_struct, tinfo)); + #ifdef CONFIG_IA32_EMULATION + ENTRY(sysenter_return); + #endif +@@ -63,6 +65,18 @@ int main(void) OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit); OFFSET(PV_CPU_swapgs, pv_cpu_ops, swapgs); OFFSET(PV_MMU_read_cr2, pv_mmu_ops, read_cr2); @@ -11298,7 +11367,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/asm-of= fsets_64.c linux-2.6.32.40/arch #endif =20 =20 -@@ -115,6 +127,7 @@ int main(void) +@@ -115,6 +129,7 @@ int main(void) ENTRY(cr8); BLANK(); #undef ENTRY @@ -11306,7 +11375,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/asm-of= fsets_64.c linux-2.6.32.40/arch DEFINE(TSS_ist, offsetof(struct tss_struct, x86_tss.ist)); BLANK(); DEFINE(crypto_tfm_ctx_offset, offsetof(struct crypto_tfm, __crt_ctx)); -@@ -130,6 +143,7 @@ int main(void) +@@ -130,6 +145,7 @@ int main(void) =20 BLANK(); DEFINE(PAGE_SIZE_asm, PAGE_SIZE); @@ -12138,6 +12207,26 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/e820.= c linux-2.6.32.40/arch/x86/kerne }; =20 static int __init find_overlapped_early(u64 start, u64 end) +diff -urNp linux-2.6.32.40/arch/x86/kernel/early_printk.c linux-2.6.32.4= 0/arch/x86/kernel/early_printk.c +--- linux-2.6.32.40/arch/x86/kernel/early_printk.c 2011-03-27 14:31:47.0= 00000000 -0400 ++++ linux-2.6.32.40/arch/x86/kernel/early_printk.c 2011-05-16 21:46:57.0= 00000000 -0400 +@@ -7,6 +7,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -170,6 +171,8 @@ asmlinkage void early_printk(const char=20 + int n; + va_list ap; +=20 ++ pax_track_stack(); ++ + va_start(ap, fmt); + n =3D vscnprintf(buf, sizeof(buf), fmt, ap); + early_console->write(early_console, buf, n); diff -urNp linux-2.6.32.40/arch/x86/kernel/efi_32.c linux-2.6.32.40/arch= /x86/kernel/efi_32.c --- linux-2.6.32.40/arch/x86/kernel/efi_32.c 2011-03-27 14:31:47.0000000= 00 -0400 +++ linux-2.6.32.40/arch/x86/kernel/efi_32.c 2011-04-17 15:56:46.0000000= 00 -0400 @@ -12324,8 +12413,8 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/efi_st= ub_32.S linux-2.6.32.40/arch/x8 efi_rt_function_ptr: diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_32.S linux-2.6.32.40/ar= ch/x86/kernel/entry_32.S --- linux-2.6.32.40/arch/x86/kernel/entry_32.S 2011-03-27 14:31:47.00000= 0000 -0400 -+++ linux-2.6.32.40/arch/x86/kernel/entry_32.S 2011-05-10 21:27:27.00000= 0000 -0400 -@@ -185,13 +185,139 @@ ++++ linux-2.6.32.40/arch/x86/kernel/entry_32.S 2011-05-16 22:11:55.00000= 0000 -0400 +@@ -185,13 +185,146 @@ /*CFI_REL_OFFSET gs, PT_GS*/ .endm .macro SET_KERNEL_GS reg @@ -12359,7 +12448,8 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k +#ifdef CONFIG_PAX_KERNEXEC +ENTRY(pax_enter_kernel) +#ifdef CONFIG_PARAVIRT -+ push %eax; push %ecx ++ pushl %eax ++ pushl %ecx + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0) + mov %eax, %esi +#else @@ -12381,14 +12471,16 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entr= y_32.S linux-2.6.32.40/arch/x86/k +#endif +3: +#ifdef CONFIG_PARAVIRT -+ pop %ecx; pop %eax ++ popl %ecx ++ popl %eax +#endif + ret +ENDPROC(pax_enter_kernel) + +ENTRY(pax_exit_kernel) +#ifdef CONFIG_PARAVIRT -+ push %eax; push %ecx ++ pushl %eax ++ pushl %ecx +#endif + mov %cs, %esi + cmp $__KERNEXEC_KERNEL_CS, %esi @@ -12410,7 +12502,8 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k +#endif +2: +#ifdef CONFIG_PARAVIRT -+ pop %ecx; pop %eax ++ popl %ecx ++ popl %eax +#endif + ret +ENDPROC(pax_exit_kernel) @@ -12423,41 +12516,44 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entr= y_32.S linux-2.6.32.40/arch/x86/k +.endm + +#ifdef CONFIG_PAX_MEMORY_STACKLEAK ++/* ++ * ebp: thread_info ++ * ecx, edx: can be clobbered ++ */ +ENTRY(pax_erase_kstack) -+ push %edi ++ pushl %edi ++ pushl %eax + -+ lea -64(%esp), %edi -+ and $-64, %edi ++ mov TI_lowest_stack(%ebp), %edi + mov $-0xBEEF, %eax + std -+1: -+ mov %edi, %ecx ++ ++1: mov %edi, %ecx + and $THREAD_SIZE_asm - 1, %ecx + shr $2, %ecx + repne scasl + jecxz 2f + -+ and $-64, %edi -+ and $-16, %ecx -+ -+ sub $128, %ecx ++ cmp $2*16, %ecx + jc 2f -+ mov $16, %ecx -+ repe scasl -+ jne 1b -+ sub $(512 - 64), %edi -+ mov $16, %ecx ++ ++ mov $2*16, %ecx + repe scasl + jecxz 2f + jne 1b -+2: -+ cld ++ ++2: cld + mov %esp, %ecx + sub %edi, %ecx + shr $2, %ecx + rep stosl + -+ pop %edi ++ mov TI_task_thread_sp0(%ebp), %edi ++ sub $128, %edi ++ mov %edi, TI_lowest_stack(%ebp) ++ ++ popl %eax ++ popl %edi + ret +ENDPROC(pax_erase_kstack) +#endif @@ -12466,7 +12562,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k cld PUSH_GS pushl %fs -@@ -224,7 +350,7 @@ +@@ -224,7 +357,7 @@ pushl %ebx CFI_ADJUST_CFA_OFFSET 4 CFI_REL_OFFSET ebx, 0 @@ -12475,7 +12571,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k movl %edx, %ds movl %edx, %es movl $(__KERNEL_PERCPU), %edx -@@ -232,6 +358,15 @@ +@@ -232,6 +365,15 @@ SET_KERNEL_GS %edx .endm =20 @@ -12491,7 +12587,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k .macro RESTORE_INT_REGS popl %ebx CFI_ADJUST_CFA_OFFSET -4 -@@ -352,7 +487,15 @@ check_userspace: +@@ -352,7 +494,15 @@ check_userspace: movb PT_CS(%esp), %al andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax cmpl $USER_RPL, %eax @@ -12507,7 +12603,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k =20 ENTRY(resume_userspace) LOCKDEP_SYS_EXIT -@@ -414,25 +557,36 @@ sysenter_past_esp: +@@ -414,25 +564,36 @@ sysenter_past_esp: /*CFI_REL_OFFSET cs, 0*/ /* * Push current_thread_info()->sysenter_return to the stack. @@ -12547,7 +12643,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k movl %ebp,PT_EBP(%esp) .section __ex_table,"a" .align 4 -@@ -455,12 +609,27 @@ sysenter_do_call: +@@ -455,12 +616,23 @@ sysenter_do_call: testl $_TIF_ALLWORK_MASK, %ecx jne sysexit_audit sysenter_exit: @@ -12558,11 +12654,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry= _32.S linux-2.6.32.40/arch/x86/k + popl_cfi %eax +#endif + -+#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+ pushl_cfi %eax -+ call pax_erase_kstack -+ popl_cfi %eax -+#endif ++ pax_erase_kstack + /* if something modifies registers it must also disable sysexit */ movl PT_EIP(%esp), %edx @@ -12575,7 +12667,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k PTGS_TO_GS ENABLE_INTERRUPTS_SYSEXIT =20 -@@ -504,11 +673,17 @@ sysexit_audit: +@@ -504,11 +676,17 @@ sysexit_audit: =20 CFI_ENDPROC .pushsection .fixup,"ax" @@ -12595,7 +12687,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k .popsection PTGS_TO_GS_EX ENDPROC(ia32_sysenter_target) -@@ -538,6 +713,14 @@ syscall_exit: +@@ -538,6 +716,12 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work =20 @@ -12603,14 +12695,12 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entr= y_32.S linux-2.6.32.40/arch/x86/k + call pax_randomize_kstack +#endif + -+#ifdef CONFIG_PAX_MEMORY_STACKLEAK + pax_erase_kstack -+#endif + restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -602,7 +785,13 @@ ldt_ss: +@@ -602,7 +786,13 @@ ldt_ss: mov PT_OLDESP(%esp), %eax /* load userspace esp */ mov %dx, %ax /* eax: new kernel esp */ sub %eax, %edx /* offset (low word is 0) */ @@ -12625,7 +12715,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k shr $16, %edx mov %dl, GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx) /* bits 16..23 */ mov %dh, GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx) /* bits 24..31 */ -@@ -642,25 +831,19 @@ work_resched: +@@ -642,25 +832,19 @@ work_resched: =20 work_notifysig: # deal with pending signals and # notify-resume requests @@ -12654,7 +12744,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k #endif xorl %edx, %edx call do_notify_resume -@@ -695,6 +878,10 @@ END(syscall_exit_work) +@@ -695,6 +879,10 @@ END(syscall_exit_work) =20 RING0_INT_FRAME # can't unwind into user space anyway syscall_fault: @@ -12665,7 +12755,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k GET_THREAD_INFO(%ebp) movl $-EFAULT,PT_EAX(%esp) jmp resume_userspace -@@ -726,6 +913,33 @@ PTREGSCALL(rt_sigreturn) +@@ -726,6 +914,33 @@ PTREGSCALL(rt_sigreturn) PTREGSCALL(vm86) PTREGSCALL(vm86old) =20 @@ -12699,7 +12789,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k .macro FIXUP_ESPFIX_STACK /* * Switch back for ESPFIX stack to the normal zerobased stack -@@ -735,7 +949,13 @@ PTREGSCALL(vm86old) +@@ -735,7 +950,13 @@ PTREGSCALL(vm86old) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -12714,7 +12804,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k mov GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx), %al /* bits 16..23 */ mov GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx), %ah /* bits 24..31 */ shl $16, %eax -@@ -1198,7 +1418,6 @@ return_to_handler: +@@ -1198,7 +1419,6 @@ return_to_handler: ret #endif =20 @@ -12722,7 +12812,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k #include "syscall_table_32.S" =20 syscall_table_size=3D(.-sys_call_table) -@@ -1255,9 +1474,12 @@ error_code: +@@ -1255,9 +1475,12 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -12736,7 +12826,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k TRACE_IRQS_OFF movl %esp,%eax # pt_regs pointer call *%edi -@@ -1351,6 +1573,9 @@ nmi_stack_correct: +@@ -1351,6 +1574,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -12746,7 +12836,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k jmp restore_all_notrace CFI_ENDPROC =20 -@@ -1391,6 +1616,9 @@ nmi_espfix_stack: +@@ -1391,6 +1617,9 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax =3D=3D %esp xorl %edx,%edx # zero error code call do_nmi @@ -12758,7 +12848,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 32.S linux-2.6.32.40/arch/x86/k CFI_ADJUST_CFA_OFFSET -24 diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_64.S linux-2.6.32.40/ar= ch/x86/kernel/entry_64.S --- linux-2.6.32.40/arch/x86/kernel/entry_64.S 2011-03-27 14:31:47.00000= 0000 -0400 -+++ linux-2.6.32.40/arch/x86/kernel/entry_64.S 2011-05-10 21:29:37.00000= 0000 -0400 ++++ linux-2.6.32.40/arch/x86/kernel/entry_64.S 2011-05-18 20:09:36.00000= 0000 -0400 @@ -53,6 +53,7 @@ #include #include @@ -12767,7 +12857,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k =20 /* Avoid __ASSEMBLER__'ifying just for this. */ #include -@@ -174,6 +175,251 @@ ENTRY(native_usergs_sysret64) +@@ -174,6 +175,253 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ =20 @@ -12779,8 +12869,8 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k + 1234: .quad \off; .word \sel + .popsection +#else -+ push $\sel -+ push $\off ++ pushq $\sel ++ pushq $\off + lretq +#endif + .endm @@ -12799,7 +12889,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k + +#ifdef CONFIG_PAX_KERNEXEC +ENTRY(pax_enter_kernel) -+ push %rdi ++ pushq %rdi + +#ifdef CONFIG_PARAVIRT + PV_SAVE_REGS(CLBR_RDI) @@ -12820,12 +12910,12 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entr= y_64.S linux-2.6.32.40/arch/x86/k + PV_RESTORE_REGS(CLBR_RDI) +#endif + -+ pop %rdi ++ popq %rdi + retq +ENDPROC(pax_enter_kernel) + +ENTRY(pax_exit_kernel) -+ push %rdi ++ pushq %rdi + +#ifdef CONFIG_PARAVIRT + PV_SAVE_REGS(CLBR_RDI) @@ -12844,7 +12934,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k + PV_RESTORE_REGS(CLBR_RDI); +#endif + -+ pop %rdi ++ popq %rdi + retq +ENDPROC(pax_exit_kernel) +#endif @@ -12865,16 +12955,14 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entr= y_64.S linux-2.6.32.40/arch/x86/k + pop %rax +#endif +#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+ push %rax + call pax_erase_kstack -+ pop %rax +#endif + .endm + +#ifdef CONFIG_PAX_MEMORY_UDEREF +ENTRY(pax_enter_kernel_user) -+ push %rdi -+ push %rbx ++ pushq %rdi ++ pushq %rbx + +#ifdef CONFIG_PARAVIRT + PV_SAVE_REGS(CLBR_RDI) @@ -12886,7 +12974,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k + sub phys_base(%rip),%rbx + +#ifdef CONFIG_PARAVIRT -+ push %rdi ++ pushq %rdi + cmpl $0, pv_info+PARAVIRT_enabled + jz 1f + i =3D 0 @@ -12908,7 +12996,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k + .endr + +#ifdef CONFIG_PARAVIRT -+2: pop %rdi ++2: popq %rdi +#endif + SET_RDI_INTO_CR3 + @@ -12922,8 +13010,8 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k + PV_RESTORE_REGS(CLBR_RDI) +#endif + -+ pop %rbx -+ pop %rdi ++ popq %rbx ++ popq %rdi + retq +ENDPROC(pax_enter_kernel_user) + @@ -12931,7 +13019,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k + push %rdi + +#ifdef CONFIG_PARAVIRT -+ push %rbx ++ pushq %rbx + PV_SAVE_REGS(CLBR_RDI) +#endif + @@ -12969,57 +13057,61 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entr= y_64.S linux-2.6.32.40/arch/x86/k + +#ifdef CONFIG_PARAVIRT +2: PV_RESTORE_REGS(CLBR_RDI) -+ pop %rbx ++ popq %rbx +#endif + -+ pop %rdi ++ popq %rdi + retq +ENDPROC(pax_exit_kernel_user) +#endif + +#ifdef CONFIG_PAX_MEMORY_STACKLEAK ++/* ++ * r10: thread_info ++ * rcx, rdx: can be clobbered ++ */ +ENTRY(pax_erase_kstack) -+ push %rdi ++ pushq %rdi ++ pushq %rax + -+ lea -128(%rsp), %rdi -+ and $-64, %rdi ++ GET_THREAD_INFO(%r10) ++ mov TI_lowest_stack(%r10), %rdi + mov $-0xBEEF, %rax + std -+1: -+ mov %edi, %ecx ++ ++1: mov %edi, %ecx + and $THREAD_SIZE_asm - 1, %ecx + shr $3, %ecx + repne scasq + jecxz 2f + -+ and $-64, %rdi -+ and $-8, %ecx -+ -+ sub $64, %ecx ++ cmp $2*8, %ecx + jc 2f -+ mov $8, %ecx -+ repe scasq -+ jne 1b -+ sub $(512 - 64), %rdi -+ mov $8, %ecx ++ ++ mov $2*8, %ecx + repe scasq + jecxz 2f + jne 1b -+2: -+ cld ++ ++2: cld + mov %esp, %ecx + sub %edi, %ecx + shr $3, %ecx + rep stosq + -+ pop %rdi ++ mov TI_task_thread_sp0(%r10), %rdi ++ sub $256, %rdi ++ mov %rdi, TI_lowest_stack(%r10) ++ ++ popq %rax ++ popq %rdi + ret +ENDPROC(pax_erase_kstack) +#endif =20 .macro TRACE_IRQS_IRETQ offset=3DARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -317,7 +563,7 @@ ENTRY(save_args) +@@ -317,7 +565,7 @@ ENTRY(save_args) leaq -ARGOFFSET+16(%rsp),%rdi /* arg1 for handler */ movq_cfi rbp, 8 /* push %rbp */ leaq 8(%rsp), %rbp /* mov %rsp, %ebp */ @@ -13028,7 +13120,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k je 1f SWAPGS /* -@@ -409,7 +655,7 @@ ENTRY(ret_from_fork) +@@ -409,7 +657,7 @@ ENTRY(ret_from_fork) =20 RESTORE_REST =20 @@ -13037,7 +13129,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k je int_ret_from_sys_call =20 testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -455,7 +701,7 @@ END(ret_from_fork) +@@ -455,7 +703,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -13046,7 +13138,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -468,12 +714,13 @@ ENTRY(system_call_after_swapgs) +@@ -468,12 +716,13 @@ ENTRY(system_call_after_swapgs) =20 movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -13061,7 +13153,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) CFI_REL_OFFSET rip,RIP-ARGOFFSET -@@ -502,6 +749,7 @@ sysret_check: +@@ -502,6 +751,7 @@ sysret_check: andl %edi,%edx jnz sysret_careful CFI_REMEMBER_STATE @@ -13069,7 +13161,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k /* * sysretq will re-enable interrupts: */ -@@ -613,7 +861,7 @@ tracesys: +@@ -613,7 +863,7 @@ tracesys: GLOBAL(int_ret_from_sys_call) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -13078,7 +13170,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k je retint_restore_args movl $_TIF_ALLWORK_MASK,%edi /* edi: mask to check */ -@@ -800,6 +1048,16 @@ END(interrupt) +@@ -800,6 +1050,16 @@ END(interrupt) CFI_ADJUST_CFA_OFFSET 10*8 call save_args PARTIAL_FRAME 0 @@ -13095,7 +13187,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k call \func .endm =20 -@@ -822,7 +1080,7 @@ ret_from_intr: +@@ -822,7 +1082,7 @@ ret_from_intr: CFI_ADJUST_CFA_OFFSET -8 exit_intr: GET_THREAD_INFO(%rcx) @@ -13104,7 +13196,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k je retint_kernel =20 /* Interrupt came from user space */ -@@ -844,12 +1102,14 @@ retint_swapgs: /* return to user-space=20 +@@ -844,12 +1104,14 @@ retint_swapgs: /* return to user-space=20 * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -13119,7 +13211,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k /* * The iretq could re-enable interrupts: */ -@@ -1032,6 +1292,16 @@ ENTRY(\sym) +@@ -1032,6 +1294,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET 15*8 call error_entry DEFAULT_FRAME 0 @@ -13136,7 +13228,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ call \do_sym -@@ -1049,6 +1319,16 @@ ENTRY(\sym) +@@ -1049,6 +1321,16 @@ ENTRY(\sym) subq $15*8, %rsp call save_paranoid TRACE_IRQS_OFF @@ -13153,7 +13245,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ call \do_sym -@@ -1066,9 +1346,24 @@ ENTRY(\sym) +@@ -1066,9 +1348,24 @@ ENTRY(\sym) subq $15*8, %rsp call save_paranoid TRACE_IRQS_OFF @@ -13179,7 +13271,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp) call \do_sym addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp) -@@ -1085,6 +1380,16 @@ ENTRY(\sym) +@@ -1085,6 +1382,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET 15*8 call error_entry DEFAULT_FRAME 0 @@ -13196,7 +13288,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k movq %rsp,%rdi /* pt_regs pointer */ movq ORIG_RAX(%rsp),%rsi /* get error code */ movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ -@@ -1104,6 +1409,16 @@ ENTRY(\sym) +@@ -1104,6 +1411,16 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -13213,7 +13305,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k movq %rsp,%rdi /* pt_regs pointer */ movq ORIG_RAX(%rsp),%rsi /* get error code */ movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ -@@ -1405,14 +1720,27 @@ ENTRY(paranoid_exit) +@@ -1405,14 +1722,27 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -13242,7 +13334,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k TRACE_IRQS_IRETQ 0 RESTORE_ALL 8 jmp irq_return -@@ -1470,7 +1798,7 @@ ENTRY(error_entry) +@@ -1470,7 +1800,7 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -13251,7 +13343,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k je error_kernelspace error_swapgs: SWAPGS -@@ -1529,6 +1857,16 @@ ENTRY(nmi) +@@ -1529,6 +1859,16 @@ ENTRY(nmi) CFI_ADJUST_CFA_OFFSET 15*8 call save_paranoid DEFAULT_FRAME 0 @@ -13268,7 +13360,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/entry_= 64.S linux-2.6.32.40/arch/x86/k /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1539,11 +1877,25 @@ ENTRY(nmi) +@@ -1539,11 +1879,25 @@ ENTRY(nmi) DISABLE_INTERRUPTS(CLBR_NONE) testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore @@ -14886,7 +14978,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/module= .c linux-2.6.32.40/arch/x86/ker goto overflow; diff -urNp linux-2.6.32.40/arch/x86/kernel/paravirt.c linux-2.6.32.40/ar= ch/x86/kernel/paravirt.c --- linux-2.6.32.40/arch/x86/kernel/paravirt.c 2011-03-27 14:31:47.00000= 0000 -0400 -+++ linux-2.6.32.40/arch/x86/kernel/paravirt.c 2011-04-17 15:56:46.00000= 0000 -0400 ++++ linux-2.6.32.40/arch/x86/kernel/paravirt.c 2011-05-16 21:46:57.00000= 0000 -0400 @@ -122,7 +122,7 @@ unsigned paravirt_patch_jmp(void *insnbu * corresponding structure. */ static void *get_call_destination(u8 type) @@ -14896,7 +14988,17 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/parav= irt.c linux-2.6.32.40/arch/x86/k .pv_init_ops =3D pv_init_ops, .pv_time_ops =3D pv_time_ops, .pv_cpu_ops =3D pv_cpu_ops, -@@ -145,14 +145,14 @@ unsigned paravirt_patch_default(u8 type, +@@ -133,6 +133,9 @@ static void *get_call_destination(u8 typ + .pv_lock_ops =3D pv_lock_ops, + #endif + }; ++ ++ pax_track_stack(); ++ + return *((void **)&tmpl + type); + } +=20 +@@ -145,14 +148,14 @@ unsigned paravirt_patch_default(u8 type, if (opfunc =3D=3D NULL) /* If there's no function, patch it with a ud2a (BUG) */ ret =3D paravirt_patch_insns(insnbuf, len, ud2a, ud2a+sizeof(ud2a)); @@ -14914,7 +15016,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/paravi= rt.c linux-2.6.32.40/arch/x86/k ret =3D paravirt_patch_ident_64(insnbuf, len); =20 else if (type =3D=3D PARAVIRT_PATCH(pv_cpu_ops.iret) || -@@ -178,7 +178,7 @@ unsigned paravirt_patch_insns(void *insn +@@ -178,7 +181,7 @@ unsigned paravirt_patch_insns(void *insn if (insn_len > len || start =3D=3D NULL) insn_len =3D len; else @@ -14923,7 +15025,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/paravi= rt.c linux-2.6.32.40/arch/x86/k =20 return insn_len; } -@@ -294,22 +294,22 @@ void arch_flush_lazy_mmu_mode(void) +@@ -294,22 +297,22 @@ void arch_flush_lazy_mmu_mode(void) preempt_enable(); } =20 @@ -14950,7 +15052,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/paravi= rt.c linux-2.6.32.40/arch/x86/k .save_fl =3D __PV_IS_CALLEE_SAVE(native_save_fl), .restore_fl =3D __PV_IS_CALLEE_SAVE(native_restore_fl), .irq_disable =3D __PV_IS_CALLEE_SAVE(native_irq_disable), -@@ -321,7 +321,7 @@ struct pv_irq_ops pv_irq_ops =3D { +@@ -321,7 +324,7 @@ struct pv_irq_ops pv_irq_ops =3D { #endif }; =20 @@ -14959,7 +15061,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/paravi= rt.c linux-2.6.32.40/arch/x86/k .cpuid =3D native_cpuid, .get_debugreg =3D native_get_debugreg, .set_debugreg =3D native_set_debugreg, -@@ -382,7 +382,7 @@ struct pv_cpu_ops pv_cpu_ops =3D { +@@ -382,7 +385,7 @@ struct pv_cpu_ops pv_cpu_ops =3D { .end_context_switch =3D paravirt_nop, }; =20 @@ -14968,7 +15070,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/paravi= rt.c linux-2.6.32.40/arch/x86/k #ifdef CONFIG_X86_LOCAL_APIC .startup_ipi_hook =3D paravirt_nop, #endif -@@ -396,7 +396,7 @@ struct pv_apic_ops pv_apic_ops =3D { +@@ -396,7 +399,7 @@ struct pv_apic_ops pv_apic_ops =3D { #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_64) #endif =20 @@ -14977,7 +15079,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/paravi= rt.c linux-2.6.32.40/arch/x86/k =20 .read_cr2 =3D native_read_cr2, .write_cr2 =3D native_write_cr2, -@@ -467,6 +467,12 @@ struct pv_mmu_ops pv_mmu_ops =3D { +@@ -467,6 +470,12 @@ struct pv_mmu_ops pv_mmu_ops =3D { }, =20 .set_fixmap =3D native_set_fixmap, @@ -15073,7 +15175,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/pci-sw= iotlb.c linux-2.6.32.40/arch/x8 .free_coherent =3D swiotlb_free_coherent, diff -urNp linux-2.6.32.40/arch/x86/kernel/process_32.c linux-2.6.32.40/= arch/x86/kernel/process_32.c --- linux-2.6.32.40/arch/x86/kernel/process_32.c 2011-03-27 14:31:47.000= 000000 -0400 -+++ linux-2.6.32.40/arch/x86/kernel/process_32.c 2011-04-17 15:56:46.000= 000000 -0400 ++++ linux-2.6.32.40/arch/x86/kernel/process_32.c 2011-05-16 21:46:57.000= 000000 -0400 @@ -67,6 +67,7 @@ asmlinkage void ret_from_fork(void) __as unsigned long thread_saved_pc(struct task_struct *tsk) { @@ -15114,7 +15216,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/proces= s_32.c linux-2.6.32.40/arch/x86 regs.orig_ax =3D -1; regs.ip =3D (unsigned long) kernel_thread_helper; regs.cs =3D __KERNEL_CS | get_kernel_rpl(); -@@ -247,7 +247,7 @@ int copy_thread(unsigned long clone_flag +@@ -247,13 +247,14 @@ int copy_thread(unsigned long clone_flag struct task_struct *tsk; int err; =20 @@ -15123,7 +15225,14 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/proce= ss_32.c linux-2.6.32.40/arch/x86 *childregs =3D *regs; childregs->ax =3D 0; childregs->sp =3D sp; -@@ -346,7 +346,7 @@ __switch_to(struct task_struct *prev_p,=20 +=20 + p->thread.sp =3D (unsigned long) childregs; + p->thread.sp0 =3D (unsigned long) (childregs+1); ++ p->tinfo.lowest_stack =3D (unsigned long)task_stack_page(p); +=20 + p->thread.ip =3D (unsigned long) ret_from_fork; +=20 +@@ -346,7 +347,7 @@ __switch_to(struct task_struct *prev_p,=20 struct thread_struct *prev =3D &prev_p->thread, *next =3D &next_p->thread; int cpu =3D smp_processor_id(); @@ -15132,7 +15241,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/proces= s_32.c linux-2.6.32.40/arch/x86 bool preload_fpu; =20 /* never put a printk in __switch_to... printk() calls wake_up*() indi= rectly */ -@@ -381,6 +381,10 @@ __switch_to(struct task_struct *prev_p,=20 +@@ -381,6 +382,10 @@ __switch_to(struct task_struct *prev_p,=20 */ lazy_save_gs(prev->gs); =20 @@ -15143,7 +15252,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/proces= s_32.c linux-2.6.32.40/arch/x86 /* * Load the per-thread Thread-Local Storage descriptor. */ -@@ -416,6 +420,9 @@ __switch_to(struct task_struct *prev_p,=20 +@@ -416,6 +421,9 @@ __switch_to(struct task_struct *prev_p,=20 */ arch_end_context_switch(next_p); =20 @@ -15153,7 +15262,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/proces= s_32.c linux-2.6.32.40/arch/x86 if (preload_fpu) __math_state_restore(); =20 -@@ -425,8 +432,6 @@ __switch_to(struct task_struct *prev_p,=20 +@@ -425,8 +433,6 @@ __switch_to(struct task_struct *prev_p,=20 if (prev->gs | next->gs) lazy_load_gs(next->gs); =20 @@ -15162,14 +15271,14 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/proc= ess_32.c linux-2.6.32.40/arch/x86 return prev_p; } =20 -@@ -496,4 +501,3 @@ unsigned long get_wchan(struct task_stru +@@ -496,4 +502,3 @@ unsigned long get_wchan(struct task_stru } while (count++ < 16); return 0; } - diff -urNp linux-2.6.32.40/arch/x86/kernel/process_64.c linux-2.6.32.40/= arch/x86/kernel/process_64.c --- linux-2.6.32.40/arch/x86/kernel/process_64.c 2011-03-27 14:31:47.000= 000000 -0400 -+++ linux-2.6.32.40/arch/x86/kernel/process_64.c 2011-05-11 18:25:15.000= 000000 -0400 ++++ linux-2.6.32.40/arch/x86/kernel/process_64.c 2011-05-16 21:46:57.000= 000000 -0400 @@ -91,7 +91,7 @@ static void __exit_idle(void) void exit_idle(void) { @@ -15198,7 +15307,15 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/proce= ss_64.c linux-2.6.32.40/arch/x86 *childregs =3D *regs; =20 childregs->ax =3D 0; -@@ -380,7 +379,7 @@ __switch_to(struct task_struct *prev_p,=20 +@@ -292,6 +291,7 @@ int copy_thread(unsigned long clone_flag + p->thread.sp =3D (unsigned long) childregs; + p->thread.sp0 =3D (unsigned long) (childregs+1); + p->thread.usersp =3D me->thread.usersp; ++ p->tinfo.lowest_stack =3D (unsigned long)task_stack_page(p); +=20 + set_tsk_thread_flag(p, TIF_FORK); +=20 +@@ -380,7 +380,7 @@ __switch_to(struct task_struct *prev_p,=20 struct thread_struct *prev =3D &prev_p->thread; struct thread_struct *next =3D &next_p->thread; int cpu =3D smp_processor_id(); @@ -15207,7 +15324,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/proces= s_64.c linux-2.6.32.40/arch/x86 unsigned fsindex, gsindex; bool preload_fpu; =20 -@@ -476,10 +475,9 @@ __switch_to(struct task_struct *prev_p,=20 +@@ -476,10 +476,9 @@ __switch_to(struct task_struct *prev_p,=20 prev->usersp =3D percpu_read(old_rsp); percpu_write(old_rsp, next->usersp); percpu_write(current_task, next_p); @@ -15220,7 +15337,7 @@ diff -urNp linux-2.6.32.40/arch/x86/kernel/proces= s_64.c linux-2.6.32.40/arch/x86 =20 /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -560,12 +558,11 @@ unsigned long get_wchan(struct task_stru +@@ -560,12 +559,11 @@ unsigned long get_wchan(struct task_stru if (!p || p =3D=3D current || p->state =3D=3D TASK_RUNNING) return 0; stack =3D (unsigned long)task_stack_page(p); @@ -17138,6 +17255,18 @@ diff -urNp linux-2.6.32.40/arch/x86/kvm/lapic.c = linux-2.6.32.40/arch/x86/kvm/lap =20 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ +diff -urNp linux-2.6.32.40/arch/x86/kvm/paging_tmpl.h linux-2.6.32.40/ar= ch/x86/kvm/paging_tmpl.h +--- linux-2.6.32.40/arch/x86/kvm/paging_tmpl.h 2011-03-27 14:31:47.00000= 0000 -0400 ++++ linux-2.6.32.40/arch/x86/kvm/paging_tmpl.h 2011-05-16 21:46:57.00000= 0000 -0400 +@@ -416,6 +416,8 @@ static int FNAME(page_fault)(struct kvm_ + int level =3D PT_PAGE_TABLE_LEVEL; + unsigned long mmu_seq; +=20 ++ pax_track_stack(); ++ + pgprintk("%s: addr %lx err %x\n", __func__, addr, error_code); + kvm_mmu_audit(vcpu, "pre page fault"); +=20 diff -urNp linux-2.6.32.40/arch/x86/kvm/svm.c linux-2.6.32.40/arch/x86/k= vm/svm.c --- linux-2.6.32.40/arch/x86/kvm/svm.c 2011-03-27 14:31:47.000000000 -04= 00 +++ linux-2.6.32.40/arch/x86/kvm/svm.c 2011-04-17 15:56:46.000000000 -04= 00 @@ -22534,18 +22663,39 @@ diff -urNp linux-2.6.32.40/block/scsi_ioctl.c l= inux-2.6.32.40/block/scsi_ioctl.c if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; =20 +diff -urNp linux-2.6.32.40/crypto/serpent.c linux-2.6.32.40/crypto/serpe= nt.c +--- linux-2.6.32.40/crypto/serpent.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/crypto/serpent.c 2011-05-16 21:46:57.000000000 -0400 +@@ -224,6 +224,8 @@ static int serpent_setkey(struct crypto_ + u32 r0,r1,r2,r3,r4; + int i; +=20 ++ pax_track_stack(); ++ + /* Copy key, add padding */ +=20 + for (i =3D 0; i < keylen; ++i) diff -urNp linux-2.6.32.40/Documentation/dontdiff linux-2.6.32.40/Docume= ntation/dontdiff --- linux-2.6.32.40/Documentation/dontdiff 2011-03-27 14:31:47.000000000= -0400 -+++ linux-2.6.32.40/Documentation/dontdiff 2011-04-17 15:56:45.000000000= -0400 -@@ -3,6 +3,7 @@ ++++ linux-2.6.32.40/Documentation/dontdiff 2011-05-18 20:09:36.000000000= -0400 +@@ -1,13 +1,16 @@ + *.a + *.aux *.bin ++*.cis *.cpio *.csp +*.dbg *.dsp *.dvi *.elf -@@ -38,8 +39,10 @@ + *.eps + *.fw ++*.gcno + *.gen.S + *.gif + *.grep +@@ -38,8 +41,10 @@ *.tab.h *.tex *.ver @@ -22556,7 +22706,7 @@ diff -urNp linux-2.6.32.40/Documentation/dontdiff= linux-2.6.32.40/Documentation/ *_vga16.c *~ *.9 -@@ -49,11 +52,16 @@ +@@ -49,11 +54,16 @@ 53c700_d.h CVS ChangeSet @@ -22573,10 +22723,11 @@ diff -urNp linux-2.6.32.40/Documentation/dontdi= ff linux-2.6.32.40/Documentation/ SCCS System.map* TAGS -@@ -76,7 +84,10 @@ btfixupprep +@@ -76,7 +86,11 @@ btfixupprep build bvmlinux bzImage* ++capability_names.h +capflags.c classlist.h* +clut_vga16.c @@ -22584,7 +22735,7 @@ diff -urNp linux-2.6.32.40/Documentation/dontdiff= linux-2.6.32.40/Documentation/ comp*.log compile.h* conf -@@ -103,13 +114,14 @@ gen_crc32table +@@ -103,13 +117,14 @@ gen_crc32table gen_init_cpio genksyms *_gray256.c @@ -22600,7 +22751,7 @@ diff -urNp linux-2.6.32.40/Documentation/dontdiff= linux-2.6.32.40/Documentation/ keywords.c ksym.c* ksym.h* -@@ -133,7 +145,9 @@ mkboot +@@ -133,7 +148,9 @@ mkboot mkbugboot mkcpustr mkdep @@ -22610,7 +22761,7 @@ diff -urNp linux-2.6.32.40/Documentation/dontdiff= linux-2.6.32.40/Documentation/ mktables mktree modpost -@@ -149,6 +163,7 @@ patches* +@@ -149,6 +166,7 @@ patches* pca200e.bin pca200e_ecd.bin2 piggy.gz @@ -22618,12 +22769,13 @@ diff -urNp linux-2.6.32.40/Documentation/dontdi= ff linux-2.6.32.40/Documentation/ piggyback pnmtologo ppc_defs.h* -@@ -157,12 +172,14 @@ qconf +@@ -157,12 +175,15 @@ qconf raid6altivec*.c raid6int*.c raid6tables.c +regdb.c relocs ++rlim_names.h series setup setup.bin @@ -22633,7 +22785,7 @@ diff -urNp linux-2.6.32.40/Documentation/dontdiff= linux-2.6.32.40/Documentation/ sm_tbl* split-include syscalltab.h -@@ -186,14 +203,20 @@ version.h* +@@ -186,14 +207,20 @@ version.h* vmlinux vmlinux-* vmlinux.aout @@ -23033,8 +23185,17 @@ diff -urNp linux-2.6.32.40/drivers/ata/libata-co= re.c linux-2.6.32.40/drivers/ata .error_handler =3D ata_dummy_error_handler, diff -urNp linux-2.6.32.40/drivers/ata/libata-eh.c linux-2.6.32.40/drive= rs/ata/libata-eh.c --- linux-2.6.32.40/drivers/ata/libata-eh.c 2011-03-27 14:31:47.00000000= 0 -0400 -+++ linux-2.6.32.40/drivers/ata/libata-eh.c 2011-04-17 15:56:46.00000000= 0 -0400 -@@ -3590,7 +3590,7 @@ void ata_do_eh(struct ata_port *ap, ata_ ++++ linux-2.6.32.40/drivers/ata/libata-eh.c 2011-05-16 21:46:57.00000000= 0 -0400 +@@ -2423,6 +2423,8 @@ void ata_eh_report(struct ata_port *ap) + { + struct ata_link *link; +=20 ++ pax_track_stack(); ++ + ata_for_each_link(link, ap, HOST_FIRST) + ata_eh_link_report(link); + } +@@ -3590,7 +3592,7 @@ void ata_do_eh(struct ata_port *ap, ata_ */ void ata_std_error_handler(struct ata_port *ap) { @@ -25286,7 +25447,7 @@ diff -urNp linux-2.6.32.40/drivers/atm/nicstar.c = linux-2.6.32.40/drivers/atm/nic =20 diff -urNp linux-2.6.32.40/drivers/atm/solos-pci.c linux-2.6.32.40/drive= rs/atm/solos-pci.c --- linux-2.6.32.40/drivers/atm/solos-pci.c 2011-04-17 17:00:52.00000000= 0 -0400 -+++ linux-2.6.32.40/drivers/atm/solos-pci.c 2011-04-17 17:03:05.00000000= 0 -0400 ++++ linux-2.6.32.40/drivers/atm/solos-pci.c 2011-05-16 21:46:57.00000000= 0 -0400 @@ -708,7 +708,7 @@ void solos_bh(unsigned long card_arg) } atm_charge(vcc, skb->truesize); @@ -25296,7 +25457,16 @@ diff -urNp linux-2.6.32.40/drivers/atm/solos-pci= .c linux-2.6.32.40/drivers/atm/s break; =20 case PKT_STATUS: -@@ -1023,7 +1023,7 @@ static uint32_t fpga_tx(struct solos_car +@@ -914,6 +914,8 @@ static int print_buffer(struct sk_buff * + char msg[500]; + char item[10]; +=20 ++ pax_track_stack(); ++ + len =3D buf->len; + for (i =3D 0; i < len; i++){ + if(i % 8 =3D=3D 0) +@@ -1023,7 +1025,7 @@ static uint32_t fpga_tx(struct solos_car vcc =3D SKB_CB(oldskb)->vcc; =20 if (vcc) { @@ -25504,6 +25674,51 @@ diff -urNp linux-2.6.32.40/drivers/block/cciss.c= linux-2.6.32.40/drivers/block/c err =3D 0; err |=3D copy_from_user(&arg64.LUN_info, &arg32->LUN_info, +diff -urNp linux-2.6.32.40/drivers/block/cpqarray.c linux-2.6.32.40/driv= ers/block/cpqarray.c +--- linux-2.6.32.40/drivers/block/cpqarray.c 2011-03-27 14:31:47.0000000= 00 -0400 ++++ linux-2.6.32.40/drivers/block/cpqarray.c 2011-05-16 21:46:57.0000000= 00 -0400 +@@ -896,6 +896,8 @@ static void do_ida_request(struct reques + struct scatterlist tmp_sg[SG_MAX]; + int i, dir, seg; +=20 ++ pax_track_stack(); ++ + if (blk_queue_plugged(q)) + goto startio; +=20 +diff -urNp linux-2.6.32.40/drivers/block/DAC960.c linux-2.6.32.40/driver= s/block/DAC960.c +--- linux-2.6.32.40/drivers/block/DAC960.c 2011-03-27 14:31:47.000000000= -0400 ++++ linux-2.6.32.40/drivers/block/DAC960.c 2011-05-16 21:46:57.000000000= -0400 +@@ -1973,6 +1973,8 @@ static bool DAC960_V1_ReadDeviceConfigur + unsigned long flags; + int Channel, TargetID; +=20 ++ pax_track_stack(); ++ + if (!init_dma_loaf(Controller->PCIDevice, &local_dma,=20 + DAC960_V1_MaxChannels*(sizeof(DAC960_V1_DCDB_T) + + sizeof(DAC960_SCSI_Inquiry_T) + +diff -urNp linux-2.6.32.40/drivers/block/nbd.c linux-2.6.32.40/drivers/b= lock/nbd.c +--- linux-2.6.32.40/drivers/block/nbd.c 2011-03-27 14:31:47.000000000 -0= 400 ++++ linux-2.6.32.40/drivers/block/nbd.c 2011-05-16 21:46:57.000000000 -0= 400 +@@ -155,6 +155,8 @@ static int sock_xmit(struct nbd_device * + struct kvec iov; + sigset_t blocked, oldset; +=20 ++ pax_track_stack(); ++ + if (unlikely(!sock)) { + printk(KERN_ERR "%s: Attempted %s on closed socket in sock_xmit\n", + lo->disk->disk_name, (send ? "send" : "recv")); +@@ -569,6 +571,8 @@ static void do_nbd_request(struct reques + static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *lo= , + unsigned int cmd, unsigned long arg) + { ++ pax_track_stack(); ++ + switch (cmd) { + case NBD_DISCONNECT: { + struct request sreq; diff -urNp linux-2.6.32.40/drivers/block/pktcdvd.c linux-2.6.32.40/drive= rs/block/pktcdvd.c --- linux-2.6.32.40/drivers/block/pktcdvd.c 2011-03-27 14:31:47.00000000= 0 -0400 +++ linux-2.6.32.40/drivers/block/pktcdvd.c 2011-04-17 15:56:46.00000000= 0 -0400 @@ -25865,7 +26080,7 @@ diff -urNp linux-2.6.32.40/drivers/char/hvc_xen.c= linux-2.6.32.40/drivers/char/h .notifier_add =3D notifier_add_irq, diff -urNp linux-2.6.32.40/drivers/char/ipmi/ipmi_msghandler.c linux-2.6= .32.40/drivers/char/ipmi/ipmi_msghandler.c --- linux-2.6.32.40/drivers/char/ipmi/ipmi_msghandler.c 2011-03-27 14:31= :47.000000000 -0400 -+++ linux-2.6.32.40/drivers/char/ipmi/ipmi_msghandler.c 2011-04-17 15:56= :46.000000000 -0400 ++++ linux-2.6.32.40/drivers/char/ipmi/ipmi_msghandler.c 2011-05-16 21:46= :57.000000000 -0400 @@ -414,7 +414,7 @@ struct ipmi_smi { struct proc_dir_entry *proc_dir; char proc_dir_name[10]; @@ -25896,6 +26111,15 @@ diff -urNp linux-2.6.32.40/drivers/char/ipmi/ipm= i_msghandler.c linux-2.6.32.40/d =20 intf->proc_dir =3D NULL; =20 +@@ -4160,6 +4160,8 @@ static void send_panic_events(char *str) + struct ipmi_smi_msg smi_msg; + struct ipmi_recv_msg recv_msg; +=20 ++ pax_track_stack(); ++ + si =3D (struct ipmi_system_interface_addr *) &addr; + si->addr_type =3D IPMI_SYSTEM_INTERFACE_ADDR_TYPE; + si->channel =3D IPMI_BMC_CHANNEL; diff -urNp linux-2.6.32.40/drivers/char/ipmi/ipmi_si_intf.c linux-2.6.32= .40/drivers/char/ipmi/ipmi_si_intf.c --- linux-2.6.32.40/drivers/char/ipmi/ipmi_si_intf.c 2011-03-27 14:31:47= .000000000 -0400 +++ linux-2.6.32.40/drivers/char/ipmi/ipmi_si_intf.c 2011-04-17 15:56:46= .000000000 -0400 @@ -25931,7 +26155,7 @@ diff -urNp linux-2.6.32.40/drivers/char/ipmi/ipmi= _si_intf.c linux-2.6.32.40/driv atomic_set(&new_smi->stop_operation, 0); diff -urNp linux-2.6.32.40/drivers/char/istallion.c linux-2.6.32.40/driv= ers/char/istallion.c --- linux-2.6.32.40/drivers/char/istallion.c 2011-03-27 14:31:47.0000000= 00 -0400 -+++ linux-2.6.32.40/drivers/char/istallion.c 2011-04-22 22:18:05.0000000= 00 -0400 ++++ linux-2.6.32.40/drivers/char/istallion.c 2011-05-16 21:46:57.0000000= 00 -0400 @@ -187,7 +187,6 @@ static struct ktermios stli_deftermios=20 * re-used for each stats call. */ @@ -25948,6 +26172,24 @@ diff -urNp linux-2.6.32.40/drivers/char/istallio= n.c linux-2.6.32.40/drivers/char =20 if (copy_from_user(&stli_brdstats, bp, sizeof(combrd_t))) return -EFAULT; +@@ -4269,6 +4269,8 @@ static int stli_getportstruct(struct stl + struct stliport stli_dummyport; + struct stliport *portp; +=20 ++ pax_track_stack(); ++ + if (copy_from_user(&stli_dummyport, arg, sizeof(struct stliport))) + return -EFAULT; + portp =3D stli_getport(stli_dummyport.brdnr, stli_dummyport.panelnr, +@@ -4291,6 +4293,8 @@ static int stli_getbrdstruct(struct stli + struct stlibrd stli_dummybrd; + struct stlibrd *brdp; +=20 ++ pax_track_stack(); ++ + if (copy_from_user(&stli_dummybrd, arg, sizeof(struct stlibrd))) + return -EFAULT; + if (stli_dummybrd.brdnr >=3D STL_MAXBRDS) diff -urNp linux-2.6.32.40/drivers/char/Kconfig linux-2.6.32.40/drivers/= char/Kconfig --- linux-2.6.32.40/drivers/char/Kconfig 2011-03-27 14:31:47.000000000 -= 0400 +++ linux-2.6.32.40/drivers/char/Kconfig 2011-04-18 19:20:15.000000000 -= 0400 @@ -26344,6 +26586,18 @@ diff -urNp linux-2.6.32.40/drivers/char/random.c= linux-2.6.32.40/drivers/char/ra static int max_write_thresh =3D INPUT_POOL_WORDS * 32; static char sysctl_bootid[16]; =20 +diff -urNp linux-2.6.32.40/drivers/char/rocket.c linux-2.6.32.40/drivers= /char/rocket.c +--- linux-2.6.32.40/drivers/char/rocket.c 2011-03-27 14:31:47.000000000 = -0400 ++++ linux-2.6.32.40/drivers/char/rocket.c 2011-05-16 21:46:57.000000000 = -0400 +@@ -1266,6 +1266,8 @@ static int get_ports(struct r_port *info + struct rocket_ports tmp; + int board; +=20 ++ pax_track_stack(); ++ + if (!retports) + return -EFAULT; + memset(&tmp, 0, sizeof (tmp)); diff -urNp linux-2.6.32.40/drivers/char/sonypi.c linux-2.6.32.40/drivers= /char/sonypi.c --- linux-2.6.32.40/drivers/char/sonypi.c 2011-03-27 14:31:47.000000000 = -0400 +++ linux-2.6.32.40/drivers/char/sonypi.c 2011-04-17 15:56:46.000000000 = -0400 @@ -26385,6 +26639,18 @@ diff -urNp linux-2.6.32.40/drivers/char/sonypi.c= linux-2.6.32.40/drivers/char/so mutex_unlock(&sonypi_device.lock); unlock_kernel(); return 0; +diff -urNp linux-2.6.32.40/drivers/char/stallion.c linux-2.6.32.40/drive= rs/char/stallion.c +--- linux-2.6.32.40/drivers/char/stallion.c 2011-03-27 14:31:47.00000000= 0 -0400 ++++ linux-2.6.32.40/drivers/char/stallion.c 2011-05-16 21:46:57.00000000= 0 -0400 +@@ -2448,6 +2448,8 @@ static int stl_getportstruct(struct stlp + struct stlport stl_dummyport; + struct stlport *portp; +=20 ++ pax_track_stack(); ++ + if (copy_from_user(&stl_dummyport, arg, sizeof(struct stlport))) + return -EFAULT; + portp =3D stl_getport(stl_dummyport.brdnr, stl_dummyport.panelnr, diff -urNp linux-2.6.32.40/drivers/char/tpm/tpm_bios.c linux-2.6.32.40/d= rivers/char/tpm/tpm_bios.c --- linux-2.6.32.40/drivers/char/tpm/tpm_bios.c 2011-03-27 14:31:47.0000= 00000 -0400 +++ linux-2.6.32.40/drivers/char/tpm/tpm_bios.c 2011-04-17 15:56:46.0000= 00000 -0400 @@ -26430,7 +26696,7 @@ diff -urNp linux-2.6.32.40/drivers/char/tpm/tpm_b= ios.c linux-2.6.32.40/drivers/c =20 diff -urNp linux-2.6.32.40/drivers/char/tpm/tpm.c linux-2.6.32.40/driver= s/char/tpm/tpm.c --- linux-2.6.32.40/drivers/char/tpm/tpm.c 2011-04-17 17:00:52.000000000= -0400 -+++ linux-2.6.32.40/drivers/char/tpm/tpm.c 2011-04-17 17:03:05.000000000= -0400 ++++ linux-2.6.32.40/drivers/char/tpm/tpm.c 2011-05-16 21:46:57.000000000= -0400 @@ -402,7 +402,7 @@ static ssize_t tpm_transmit(struct tpm_c chip->vendor.req_complete_val) goto out_recv; @@ -26440,6 +26706,15 @@ diff -urNp linux-2.6.32.40/drivers/char/tpm/tpm.= c linux-2.6.32.40/drivers/char/t dev_err(chip->dev, "Operation Canceled\n"); rc =3D -ECANCELED; goto out; +@@ -821,6 +821,8 @@ ssize_t tpm_show_pubek(struct device *de +=20 + struct tpm_chip *chip =3D dev_get_drvdata(dev); +=20 ++ pax_track_stack(); ++ + tpm_cmd.header.in =3D tpm_readpubek_header; + err =3D transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE, + "attempting to read the PUBEK"); diff -urNp linux-2.6.32.40/drivers/char/tty_io.c linux-2.6.32.40/drivers= /char/tty_io.c --- linux-2.6.32.40/drivers/char/tty_io.c 2011-03-27 14:31:47.000000000 = -0400 +++ linux-2.6.32.40/drivers/char/tty_io.c 2011-04-17 15:56:46.000000000 = -0400 @@ -26740,6 +27015,30 @@ diff -urNp linux-2.6.32.40/drivers/cpuidle/sysfs= .c linux-2.6.32.40/drivers/cpuid { kobject_put(&device->kobjs[i]->kobj); wait_for_completion(&device->kobjs[i]->kobj_unregister); +diff -urNp linux-2.6.32.40/drivers/crypto/hifn_795x.c linux-2.6.32.40/dr= ivers/crypto/hifn_795x.c +--- linux-2.6.32.40/drivers/crypto/hifn_795x.c 2011-03-27 14:31:47.00000= 0000 -0400 ++++ linux-2.6.32.40/drivers/crypto/hifn_795x.c 2011-05-16 21:46:57.00000= 0000 -0400 +@@ -1655,6 +1655,8 @@ static int hifn_test(struct hifn_device=20 + 0xCA, 0x34, 0x2B, 0x2E}; + struct scatterlist sg; +=20 ++ pax_track_stack(); ++ + memset(src, 0, sizeof(src)); + memset(ctx.key, 0, sizeof(ctx.key)); +=20 +diff -urNp linux-2.6.32.40/drivers/crypto/padlock-aes.c linux-2.6.32.40/= drivers/crypto/padlock-aes.c +--- linux-2.6.32.40/drivers/crypto/padlock-aes.c 2011-03-27 14:31:47.000= 000000 -0400 ++++ linux-2.6.32.40/drivers/crypto/padlock-aes.c 2011-05-16 21:46:57.000= 000000 -0400 +@@ -108,6 +108,8 @@ static int aes_set_key(struct crypto_tfm + struct crypto_aes_ctx gen_aes; + int cpu; +=20 ++ pax_track_stack(); ++ + if (key_len % 8) { + *flags |=3D CRYPTO_TFM_RES_BAD_KEY_LEN; + return -EINVAL; diff -urNp linux-2.6.32.40/drivers/dma/ioat/dma.c linux-2.6.32.40/driver= s/dma/ioat/dma.c --- linux-2.6.32.40/drivers/dma/ioat/dma.c 2011-03-27 14:31:47.000000000= -0400 +++ linux-2.6.32.40/drivers/dma/ioat/dma.c 2011-04-17 15:56:46.000000000= -0400 @@ -26932,6 +27231,26 @@ diff -urNp linux-2.6.32.40/drivers/firewire/core= -cdev.c linux-2.6.32.40/drivers/ return -EINVAL; =20 r =3D kmalloc(sizeof(*r), GFP_KERNEL); +diff -urNp linux-2.6.32.40/drivers/firewire/core-transaction.c linux-2.6= .32.40/drivers/firewire/core-transaction.c +--- linux-2.6.32.40/drivers/firewire/core-transaction.c 2011-03-27 14:31= :47.000000000 -0400 ++++ linux-2.6.32.40/drivers/firewire/core-transaction.c 2011-05-16 21:46= :57.000000000 -0400 +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include +=20 + #include +=20 +@@ -344,6 +345,8 @@ int fw_run_transaction(struct fw_card *c + struct transaction_callback_data d; + struct fw_transaction t; +=20 ++ pax_track_stack(); ++ + init_completion(&d.done); + d.payload =3D payload; + fw_send_request(card, &t, tcode, destination_id, generation, speed, diff -urNp linux-2.6.32.40/drivers/firmware/dmi_scan.c linux-2.6.32.40/d= rivers/firmware/dmi_scan.c --- linux-2.6.32.40/drivers/firmware/dmi_scan.c 2011-03-27 14:31:47.0000= 00000 -0400 +++ linux-2.6.32.40/drivers/firmware/dmi_scan.c 2011-04-17 15:56:46.0000= 00000 -0400 @@ -27009,7 +27328,7 @@ diff -urNp linux-2.6.32.40/drivers/gpio/vr41xx_gi= u.c linux-2.6.32.40/drivers/gpi } diff -urNp linux-2.6.32.40/drivers/gpu/drm/drm_crtc_helper.c linux-2.6.3= 2.40/drivers/gpu/drm/drm_crtc_helper.c --- linux-2.6.32.40/drivers/gpu/drm/drm_crtc_helper.c 2011-03-27 14:31:4= 7.000000000 -0400 -+++ linux-2.6.32.40/drivers/gpu/drm/drm_crtc_helper.c 2011-04-17 15:56:4= 6.000000000 -0400 ++++ linux-2.6.32.40/drivers/gpu/drm/drm_crtc_helper.c 2011-05-16 21:46:5= 7.000000000 -0400 @@ -573,7 +573,7 @@ static bool drm_encoder_crtc_ok(struct d struct drm_crtc *tmp; int crtc_mask =3D 1; @@ -27019,6 +27338,15 @@ diff -urNp linux-2.6.32.40/drivers/gpu/drm/drm_c= rtc_helper.c linux-2.6.32.40/dri =20 dev =3D crtc->dev; =20 +@@ -642,6 +642,8 @@ bool drm_crtc_helper_set_mode(struct drm +=20 + adjusted_mode =3D drm_mode_duplicate(dev, mode); +=20 ++ pax_track_stack(); ++ + crtc->enabled =3D drm_helper_crtc_in_use(crtc); +=20 + if (!crtc->enabled) diff -urNp linux-2.6.32.40/drivers/gpu/drm/drm_drv.c linux-2.6.32.40/dri= vers/gpu/drm/drm_drv.c --- linux-2.6.32.40/drivers/gpu/drm/drm_drv.c 2011-03-27 14:31:47.000000= 000 -0400 +++ linux-2.6.32.40/drivers/gpu/drm/drm_drv.c 2011-04-17 15:56:46.000000= 000 -0400 @@ -27707,6 +28035,18 @@ diff -urNp linux-2.6.32.40/drivers/gpu/drm/r128/= r128_state.c linux-2.6.32.40/dri } } =20 +diff -urNp linux-2.6.32.40/drivers/gpu/drm/radeon/atom.c linux-2.6.32.40= /drivers/gpu/drm/radeon/atom.c +--- linux-2.6.32.40/drivers/gpu/drm/radeon/atom.c 2011-05-10 22:12:01.00= 0000000 -0400 ++++ linux-2.6.32.40/drivers/gpu/drm/radeon/atom.c 2011-05-16 21:46:57.00= 0000000 -0400 +@@ -1115,6 +1115,8 @@ struct atom_context *atom_parse(struct c + char name[512]; + int i; +=20 ++ pax_track_stack(); ++ + ctx->card =3D card; + ctx->bios =3D bios; +=20 diff -urNp linux-2.6.32.40/drivers/gpu/drm/radeon/mkregtable.c linux-2.6= .32.40/drivers/gpu/drm/radeon/mkregtable.c --- linux-2.6.32.40/drivers/gpu/drm/radeon/mkregtable.c 2011-03-27 14:31= :47.000000000 -0400 +++ linux-2.6.32.40/drivers/gpu/drm/radeon/mkregtable.c 2011-04-17 15:56= :46.000000000 -0400 @@ -27729,8 +28069,17 @@ diff -urNp linux-2.6.32.40/drivers/gpu/drm/radeo= n/mkregtable.c linux-2.6.32.40/d (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff -urNp linux-2.6.32.40/drivers/gpu/drm/radeon/radeon_atombios.c linu= x-2.6.32.40/drivers/gpu/drm/radeon/radeon_atombios.c --- linux-2.6.32.40/drivers/gpu/drm/radeon/radeon_atombios.c 2011-03-27 = 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/drivers/gpu/drm/radeon/radeon_atombios.c 2011-04-17 = 15:56:46.000000000 -0400 -@@ -520,13 +520,13 @@ static uint16_t atombios_get_connector_o ++++ linux-2.6.32.40/drivers/gpu/drm/radeon/radeon_atombios.c 2011-05-16 = 21:46:57.000000000 -0400 +@@ -275,6 +275,8 @@ bool radeon_get_atom_connector_info_from + bool linkb; + struct radeon_i2c_bus_rec ddc_bus; +=20 ++ pax_track_stack(); ++ + atom_parse_data_header(ctx, index, &size, &frev, &crev, &data_offset); +=20 + if (data_offset =3D=3D 0) +@@ -520,13 +522,13 @@ static uint16_t atombios_get_connector_o } } =20 @@ -27746,7 +28095,7 @@ diff -urNp linux-2.6.32.40/drivers/gpu/drm/radeon= /radeon_atombios.c linux-2.6.32 =20 bool radeon_get_atom_connector_info_from_supported_devices_table(struct drm_device -@@ -542,7 +542,6 @@ bool radeon_get_atom_connector_info_from +@@ -542,7 +544,6 @@ bool radeon_get_atom_connector_info_from uint8_t dac; union atom_supported_devices *supported_devices; int i, j; @@ -28290,6 +28639,30 @@ diff -urNp linux-2.6.32.40/drivers/ide/ide-cd.c = linux-2.6.32.40/drivers/ide/ide- drive->dma =3D 0; } } +diff -urNp linux-2.6.32.40/drivers/ide/ide-floppy.c linux-2.6.32.40/driv= ers/ide/ide-floppy.c +--- linux-2.6.32.40/drivers/ide/ide-floppy.c 2011-03-27 14:31:47.0000000= 00 -0400 ++++ linux-2.6.32.40/drivers/ide/ide-floppy.c 2011-05-16 21:46:57.0000000= 00 -0400 +@@ -373,6 +373,8 @@ static int ide_floppy_get_capacity(ide_d + u8 pc_buf[256], header_len, desc_cnt; + int i, rc =3D 1, blocks, length; +=20 ++ pax_track_stack(); ++ + ide_debug_log(IDE_DBG_FUNC, "enter"); +=20 + drive->bios_cyl =3D 0; +diff -urNp linux-2.6.32.40/drivers/ide/setup-pci.c linux-2.6.32.40/drive= rs/ide/setup-pci.c +--- linux-2.6.32.40/drivers/ide/setup-pci.c 2011-03-27 14:31:47.00000000= 0 -0400 ++++ linux-2.6.32.40/drivers/ide/setup-pci.c 2011-05-16 21:46:57.00000000= 0 -0400 +@@ -542,6 +542,8 @@ int ide_pci_init_two(struct pci_dev *dev + int ret, i, n_ports =3D dev2 ? 4 : 2; + struct ide_hw hw[4], *hws[] =3D { NULL, NULL, NULL, NULL }; +=20 ++ pax_track_stack(); ++ + for (i =3D 0; i < n_ports / 2; i++) { + ret =3D ide_setup_pci_controller(pdev[i], d, !i); + if (ret < 0) diff -urNp linux-2.6.32.40/drivers/ieee1394/dv1394.c linux-2.6.32.40/dri= vers/ieee1394/dv1394.c --- linux-2.6.32.40/drivers/ieee1394/dv1394.c 2011-03-27 14:31:47.000000= 000 -0400 +++ linux-2.6.32.40/drivers/ieee1394/dv1394.c 2011-04-23 12:56:11.000000= 000 -0400 @@ -28613,6 +28986,18 @@ diff -urNp linux-2.6.32.40/drivers/infiniband/co= re/uverbs_marshall.c linux-2.6.3 } EXPORT_SYMBOL(ib_copy_qp_attr_to_user); =20 +diff -urNp linux-2.6.32.40/drivers/infiniband/hw/ipath/ipath_fs.c linux-= 2.6.32.40/drivers/infiniband/hw/ipath/ipath_fs.c +--- linux-2.6.32.40/drivers/infiniband/hw/ipath/ipath_fs.c 2011-03-27 14= :31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/infiniband/hw/ipath/ipath_fs.c 2011-05-16 21= :46:57.000000000 -0400 +@@ -110,6 +110,8 @@ static ssize_t atomic_counters_read(stru + struct infinipath_counters counters; + struct ipath_devdata *dd; +=20 ++ pax_track_stack(); ++ + dd =3D file->f_path.dentry->d_inode->i_private; + dd->ipath_f_read_counters(dd, &counters); +=20 diff -urNp linux-2.6.32.40/drivers/infiniband/hw/nes/nes.c linux-2.6.32.= 40/drivers/infiniband/hw/nes/nes.c --- linux-2.6.32.40/drivers/infiniband/hw/nes/nes.c 2011-03-27 14:31:47.= 000000000 -0400 +++ linux-2.6.32.40/drivers/infiniband/hw/nes/nes.c 2011-05-04 17:56:28.= 000000000 -0400 @@ -28982,6 +29367,26 @@ diff -urNp linux-2.6.32.40/drivers/input/input.c= linux-2.6.32.40/drivers/input/i =20 error =3D device_add(&dev->dev); if (error) +diff -urNp linux-2.6.32.40/drivers/input/joystick/sidewinder.c linux-2.6= .32.40/drivers/input/joystick/sidewinder.c +--- linux-2.6.32.40/drivers/input/joystick/sidewinder.c 2011-03-27 14:31= :47.000000000 -0400 ++++ linux-2.6.32.40/drivers/input/joystick/sidewinder.c 2011-05-18 20:09= :36.000000000 -0400 +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -428,6 +429,8 @@ static int sw_read(struct sw *sw) + unsigned char buf[SW_LENGTH]; + int i; +=20 ++ pax_track_stack(); ++ + i =3D sw_read_packet(sw->gameport, buf, sw->length, 0); +=20 + if (sw->type =3D=3D SW_ID_3DP && sw->length =3D=3D 66 && i !=3D 66) { = /* Broken packet, try to fix */ diff -urNp linux-2.6.32.40/drivers/input/joystick/xpad.c linux-2.6.32.40= /drivers/input/joystick/xpad.c --- linux-2.6.32.40/drivers/input/joystick/xpad.c 2011-03-27 14:31:47.00= 0000000 -0400 +++ linux-2.6.32.40/drivers/input/joystick/xpad.c 2011-05-04 17:56:28.00= 0000000 -0400 @@ -29167,6 +29572,128 @@ diff -urNp linux-2.6.32.40/drivers/isdn/hardwar= e/avm/b1.c linux-2.6.32.40/driver return -EFAULT; } else { memcpy(buf, dp, left); +diff -urNp linux-2.6.32.40/drivers/isdn/hardware/eicon/capidtmf.c linux-= 2.6.32.40/drivers/isdn/hardware/eicon/capidtmf.c +--- linux-2.6.32.40/drivers/isdn/hardware/eicon/capidtmf.c 2011-03-27 14= :31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/isdn/hardware/eicon/capidtmf.c 2011-05-16 21= :46:57.000000000 -0400 +@@ -498,6 +498,7 @@ void capidtmf_recv_block (t_capidtmf_sta + byte goertzel_result_buffer[CAPIDTMF_RECV_TOTAL_FREQUENCY_COUNT]; + short windowed_sample_buffer[CAPIDTMF_RECV_WINDOWED_SAMPLES]; +=20 ++ pax_track_stack(); +=20 + if (p_state->recv.state & CAPIDTMF_RECV_STATE_DTMF_ACTIVE) + { +diff -urNp linux-2.6.32.40/drivers/isdn/hardware/eicon/capifunc.c linux-= 2.6.32.40/drivers/isdn/hardware/eicon/capifunc.c +--- linux-2.6.32.40/drivers/isdn/hardware/eicon/capifunc.c 2011-03-27 14= :31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/isdn/hardware/eicon/capifunc.c 2011-05-16 21= :46:57.000000000 -0400 +@@ -1055,6 +1055,8 @@ static int divacapi_connect_didd(void) + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; +=20 ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); +=20 + for (x =3D 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.32.40/drivers/isdn/hardware/eicon/diddfunc.c linux-= 2.6.32.40/drivers/isdn/hardware/eicon/diddfunc.c +--- linux-2.6.32.40/drivers/isdn/hardware/eicon/diddfunc.c 2011-03-27 14= :31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/isdn/hardware/eicon/diddfunc.c 2011-05-16 21= :46:57.000000000 -0400 +@@ -54,6 +54,8 @@ static int DIVA_INIT_FUNCTION connect_di + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; +=20 ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); +=20 + for (x =3D 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.32.40/drivers/isdn/hardware/eicon/divasfunc.c linux= -2.6.32.40/drivers/isdn/hardware/eicon/divasfunc.c +--- linux-2.6.32.40/drivers/isdn/hardware/eicon/divasfunc.c 2011-03-27 1= 4:31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/isdn/hardware/eicon/divasfunc.c 2011-05-16 2= 1:46:57.000000000 -0400 +@@ -161,6 +161,8 @@ static int DIVA_INIT_FUNCTION connect_di + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; +=20 ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); +=20 + for (x =3D 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.32.40/drivers/isdn/hardware/eicon/idifunc.c linux-2= .6.32.40/drivers/isdn/hardware/eicon/idifunc.c +--- linux-2.6.32.40/drivers/isdn/hardware/eicon/idifunc.c 2011-03-27 14:= 31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/isdn/hardware/eicon/idifunc.c 2011-05-16 21:= 46:57.000000000 -0400 +@@ -188,6 +188,8 @@ static int DIVA_INIT_FUNCTION connect_di + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; +=20 ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); +=20 + for (x =3D 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.32.40/drivers/isdn/hardware/eicon/message.c linux-2= .6.32.40/drivers/isdn/hardware/eicon/message.c +--- linux-2.6.32.40/drivers/isdn/hardware/eicon/message.c 2011-03-27 14:= 31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/isdn/hardware/eicon/message.c 2011-05-16 21:= 46:57.000000000 -0400 +@@ -4889,6 +4889,8 @@ static void sig_ind(PLCI *plci) + dword d; + word w; +=20 ++ pax_track_stack(); ++ + a =3D plci->adapter; + Id =3D ((word)plci->Id<<8)|a->Id; + PUT_WORD(&SS_Ind[4],0x0000); +@@ -7484,6 +7486,8 @@ static word add_b1(PLCI *plci, API_PARSE + word j, n, w; + dword d; +=20 ++ pax_track_stack(); ++ +=20 + for(i=3D0;i<8;i++) bp_parms[i].length =3D 0; + for(i=3D0;i<2;i++) global_config[i].length =3D 0; +@@ -7958,6 +7962,8 @@ static word add_b23(PLCI *plci, API_PARS + const byte llc3[] =3D {4,3,2,2,6,6,0}; + const byte header[] =3D {0,2,3,3,0,0,0}; +=20 ++ pax_track_stack(); ++ + for(i=3D0;i<8;i++) bp_parms[i].length =3D 0; + for(i=3D0;i<6;i++) b2_config_parms[i].length =3D 0; + for(i=3D0;i<5;i++) b3_config_parms[i].length =3D 0; +@@ -14761,6 +14767,8 @@ static void group_optimization(DIVA_CAPI + word appl_number_group_type[MAX_APPL]; + PLCI *auxplci; +=20 ++ pax_track_stack(); ++ + set_group_ind_mask (plci); /* all APPLs within this inc. call are all= owed to dial in */ +=20 + if(!a->group_optimization_enabled) +diff -urNp linux-2.6.32.40/drivers/isdn/hardware/eicon/mntfunc.c linux-2= .6.32.40/drivers/isdn/hardware/eicon/mntfunc.c +--- linux-2.6.32.40/drivers/isdn/hardware/eicon/mntfunc.c 2011-03-27 14:= 31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/isdn/hardware/eicon/mntfunc.c 2011-05-16 21:= 46:57.000000000 -0400 +@@ -79,6 +79,8 @@ static int DIVA_INIT_FUNCTION connect_di + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; +=20 ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); +=20 + for (x =3D 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.32.40/drivers/isdn/i4l/isdn_common.c linux-2.6.32.4= 0/drivers/isdn/i4l/isdn_common.c +--- linux-2.6.32.40/drivers/isdn/i4l/isdn_common.c 2011-03-27 14:31:47.0= 00000000 -0400 ++++ linux-2.6.32.40/drivers/isdn/i4l/isdn_common.c 2011-05-16 21:46:57.0= 00000000 -0400 +@@ -1290,6 +1290,8 @@ isdn_ioctl(struct inode *inode, struct f + } iocpar; + void __user *argp =3D (void __user *)arg; +=20 ++ pax_track_stack(); ++ + #define name iocpar.name + #define bname iocpar.bname + #define iocts iocpar.iocts diff -urNp linux-2.6.32.40/drivers/isdn/icn/icn.c linux-2.6.32.40/driver= s/isdn/icn/icn.c --- linux-2.6.32.40/drivers/isdn/icn/icn.c 2011-03-27 14:31:47.000000000= -0400 +++ linux-2.6.32.40/drivers/isdn/icn/icn.c 2011-04-17 15:56:46.000000000= -0400 @@ -29826,7 +30353,7 @@ diff -urNp linux-2.6.32.40/drivers/md/raid1.c lin= ux-2.6.32.40/drivers/md/raid1.c "(%d sectors at %llu on %s)\n", diff -urNp linux-2.6.32.40/drivers/md/raid5.c linux-2.6.32.40/drivers/md= /raid5.c --- linux-2.6.32.40/drivers/md/raid5.c 2011-03-27 14:31:47.000000000 -04= 00 -+++ linux-2.6.32.40/drivers/md/raid5.c 2011-05-04 17:56:28.000000000 -04= 00 ++++ linux-2.6.32.40/drivers/md/raid5.c 2011-05-16 21:46:57.000000000 -04= 00 @@ -482,7 +482,7 @@ static void ops_run_io(struct stripe_hea bi->bi_next =3D NULL; if (rw =3D=3D WRITE && @@ -29864,6 +30391,47 @@ diff -urNp linux-2.6.32.40/drivers/md/raid5.c li= nux-2.6.32.40/drivers/md/raid5.c > conf->max_nr_stripes) printk(KERN_WARNING "raid5:%s: Too many read errors, failing device %s.\n", +@@ -1870,6 +1870,7 @@ static sector_t compute_blocknr(struct s + sector_t r_sector; + struct stripe_head sh2; +=20 ++ pax_track_stack(); +=20 + chunk_offset =3D sector_div(new_sector, sectors_per_chunk); + stripe =3D new_sector; +diff -urNp linux-2.6.32.40/drivers/media/common/saa7146_hlp.c linux-2.6.= 32.40/drivers/media/common/saa7146_hlp.c +--- linux-2.6.32.40/drivers/media/common/saa7146_hlp.c 2011-03-27 14:31:= 47.000000000 -0400 ++++ linux-2.6.32.40/drivers/media/common/saa7146_hlp.c 2011-05-16 21:46:= 57.000000000 -0400 +@@ -353,6 +353,8 @@ static void calculate_clipping_registers +=20 + int x[32], y[32], w[32], h[32]; +=20 ++ pax_track_stack(); ++ + /* clear out memory */ + memset(&line_list[0], 0x00, sizeof(u32)*32); + memset(&pixel_list[0], 0x00, sizeof(u32)*32); +diff -urNp linux-2.6.32.40/drivers/media/dvb/dvb-core/dvb_ca_en50221.c l= inux-2.6.32.40/drivers/media/dvb/dvb-core/dvb_ca_en50221.c +--- linux-2.6.32.40/drivers/media/dvb/dvb-core/dvb_ca_en50221.c 2011-03-= 27 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/media/dvb/dvb-core/dvb_ca_en50221.c 2011-05-= 16 21:46:57.000000000 -0400 +@@ -590,6 +590,8 @@ static int dvb_ca_en50221_read_data(stru + u8 buf[HOST_LINK_BUF_SIZE]; + int i; +=20 ++ pax_track_stack(); ++ + dprintk("%s\n", __func__); +=20 + /* check if we have space for a link buf in the rx_buffer */ +@@ -1285,6 +1287,8 @@ static ssize_t dvb_ca_en50221_io_write(s + unsigned long timeout; + int written; +=20 ++ pax_track_stack(); ++ + dprintk("%s\n", __func__); +=20 + /* Incoming packet has a 2 byte header. hdr[0] =3D slot_id, hdr[1] =3D= connection_id */ diff -urNp linux-2.6.32.40/drivers/media/dvb/dvb-core/dvbdev.c linux-2.6= .32.40/drivers/media/dvb/dvb-core/dvbdev.c --- linux-2.6.32.40/drivers/media/dvb/dvb-core/dvbdev.c 2011-03-27 14:31= :47.000000000 -0400 +++ linux-2.6.32.40/drivers/media/dvb/dvb-core/dvbdev.c 2011-04-17 15:56= :46.000000000 -0400 @@ -29875,6 +30443,30 @@ diff -urNp linux-2.6.32.40/drivers/media/dvb/dvb= -core/dvbdev.c linux-2.6.32.40/d struct file_operations *dvbdevfops; struct device *clsdev; int minor; +diff -urNp linux-2.6.32.40/drivers/media/dvb/dvb-usb/dib0700_core.c linu= x-2.6.32.40/drivers/media/dvb/dvb-usb/dib0700_core.c +--- linux-2.6.32.40/drivers/media/dvb/dvb-usb/dib0700_core.c 2011-03-27 = 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/media/dvb/dvb-usb/dib0700_core.c 2011-05-16 = 21:46:57.000000000 -0400 +@@ -332,6 +332,8 @@ int dib0700_download_firmware(struct usb +=20 + u8 buf[260]; +=20 ++ pax_track_stack(); ++ + while ((ret =3D dvb_usb_get_hexline(fw, &hx, &pos)) > 0) { + deb_fwdata("writing to address 0x%08x (buffer: 0x%02x %02x)\n",hx.add= r, hx.len, hx.chk); +=20 +diff -urNp linux-2.6.32.40/drivers/media/dvb/frontends/or51211.c linux-2= .6.32.40/drivers/media/dvb/frontends/or51211.c +--- linux-2.6.32.40/drivers/media/dvb/frontends/or51211.c 2011-03-27 14:= 31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/media/dvb/frontends/or51211.c 2011-05-16 21:= 46:57.000000000 -0400 +@@ -113,6 +113,8 @@ static int or51211_load_firmware (struct + u8 tudata[585]; + int i; +=20 ++ pax_track_stack(); ++ + dprintk("Firmware is %zd bytes\n",fw->size); +=20 + /* Get eprom data */ diff -urNp linux-2.6.32.40/drivers/media/radio/radio-cadet.c linux-2.6.3= 2.40/drivers/media/radio/radio-cadet.c --- linux-2.6.32.40/drivers/media/radio/radio-cadet.c 2011-03-27 14:31:4= 7.000000000 -0400 +++ linux-2.6.32.40/drivers/media/radio/radio-cadet.c 2011-04-17 15:56:4= 6.000000000 -0400 @@ -29889,7 +30481,7 @@ diff -urNp linux-2.6.32.40/drivers/media/radio/ra= dio-cadet.c linux-2.6.32.40/dri } diff -urNp linux-2.6.32.40/drivers/media/video/cx18/cx18-driver.c linux-= 2.6.32.40/drivers/media/video/cx18/cx18-driver.c --- linux-2.6.32.40/drivers/media/video/cx18/cx18-driver.c 2011-03-27 14= :31:47.000000000 -0400 -+++ linux-2.6.32.40/drivers/media/video/cx18/cx18-driver.c 2011-05-04 17= :56:28.000000000 -0400 ++++ linux-2.6.32.40/drivers/media/video/cx18/cx18-driver.c 2011-05-16 21= :46:57.000000000 -0400 @@ -56,7 +56,7 @@ static struct pci_device_id cx18_pci_tbl =20 MODULE_DEVICE_TABLE(pci, cx18_pci_tbl); @@ -29899,7 +30491,16 @@ diff -urNp linux-2.6.32.40/drivers/media/video/c= x18/cx18-driver.c linux-2.6.32.4 =20 /* Parameter declarations */ static int cardtype[CX18_MAX_CARDS]; -@@ -800,7 +800,7 @@ static int __devinit cx18_probe(struct p +@@ -288,6 +288,8 @@ void cx18_read_eeprom(struct cx18 *cx, s + struct i2c_client c; + u8 eedata[256]; +=20 ++ pax_track_stack(); ++ + memset(&c, 0, sizeof(c)); + strlcpy(c.name, "cx18 tveeprom tmp", sizeof(c.name)); + c.adapter =3D &cx->i2c_adap[0]; +@@ -800,7 +802,7 @@ static int __devinit cx18_probe(struct p struct cx18 *cx; =20 /* FIXME - module parameter arrays constrain max instances */ @@ -29944,6 +30545,51 @@ diff -urNp linux-2.6.32.40/drivers/media/video/o= map24xxcam.h linux-2.6.32.40/dri /* accessing cam here doesn't need serialisation: it's constant */ struct omap24xxcam_device *cam; }; +diff -urNp linux-2.6.32.40/drivers/media/video/pvrusb2/pvrusb2-eeprom.c = linux-2.6.32.40/drivers/media/video/pvrusb2/pvrusb2-eeprom.c +--- linux-2.6.32.40/drivers/media/video/pvrusb2/pvrusb2-eeprom.c 2011-03= -27 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/media/video/pvrusb2/pvrusb2-eeprom.c 2011-05= -16 21:46:57.000000000 -0400 +@@ -119,6 +119,8 @@ int pvr2_eeprom_analyze(struct pvr2_hdw=20 + u8 *eeprom; + struct tveeprom tvdata; +=20 ++ pax_track_stack(); ++ + memset(&tvdata,0,sizeof(tvdata)); +=20 + eeprom =3D pvr2_eeprom_fetch(hdw); +diff -urNp linux-2.6.32.40/drivers/media/video/saa7134/saa6752hs.c linux= -2.6.32.40/drivers/media/video/saa7134/saa6752hs.c +--- linux-2.6.32.40/drivers/media/video/saa7134/saa6752hs.c 2011-03-27 1= 4:31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/media/video/saa7134/saa6752hs.c 2011-05-16 2= 1:46:57.000000000 -0400 +@@ -683,6 +683,8 @@ static int saa6752hs_init(struct v4l2_su + unsigned char localPAT[256]; + unsigned char localPMT[256]; +=20 ++ pax_track_stack(); ++ + /* Set video format - must be done first as it resets other settings *= / + set_reg8(client, 0x41, h->video_format); +=20 +diff -urNp linux-2.6.32.40/drivers/media/video/saa7164/saa7164-cmd.c lin= ux-2.6.32.40/drivers/media/video/saa7164/saa7164-cmd.c +--- linux-2.6.32.40/drivers/media/video/saa7164/saa7164-cmd.c 2011-03-27= 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/media/video/saa7164/saa7164-cmd.c 2011-05-16= 21:46:57.000000000 -0400 +@@ -87,6 +87,8 @@ int saa7164_irq_dequeue(struct saa7164_d + wait_queue_head_t *q =3D 0; + dprintk(DBGLVL_CMD, "%s()\n", __func__); +=20 ++ pax_track_stack(); ++ + /* While any outstand message on the bus exists... */ + do { +=20 +@@ -126,6 +128,8 @@ int saa7164_cmd_dequeue(struct saa7164_d + u8 tmp[512]; + dprintk(DBGLVL_CMD, "%s()\n", __func__); +=20 ++ pax_track_stack(); ++ + while (loop) { +=20 + tmComResInfo_t tRsp =3D { 0, 0, 0, 0, 0, 0 }; diff -urNp linux-2.6.32.40/drivers/media/video/usbvideo/konicawc.c linux= -2.6.32.40/drivers/media/video/usbvideo/konicawc.c --- linux-2.6.32.40/drivers/media/video/usbvideo/konicawc.c 2011-03-27 1= 4:31:47.000000000 -0400 +++ linux-2.6.32.40/drivers/media/video/usbvideo/konicawc.c 2011-04-17 1= 5:56:46.000000000 -0400 @@ -29968,6 +30614,18 @@ diff -urNp linux-2.6.32.40/drivers/media/video/u= sbvideo/quickcam_messenger.c lin =20 cam->input =3D input_dev =3D input_allocate_device(); if (!input_dev) { +diff -urNp linux-2.6.32.40/drivers/media/video/usbvision/usbvision-core.= c linux-2.6.32.40/drivers/media/video/usbvision/usbvision-core.c +--- linux-2.6.32.40/drivers/media/video/usbvision/usbvision-core.c 2011-= 03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/media/video/usbvision/usbvision-core.c 2011-= 05-16 21:46:57.000000000 -0400 +@@ -820,6 +820,8 @@ static enum ParseState usbvision_parse_c + unsigned char rv, gv, bv; + static unsigned char *Y, *U, *V; +=20 ++ pax_track_stack(); ++ + frame =3D usbvision->curFrame; + imageSize =3D frame->frmwidth * frame->frmheight; + if ( (frame->v4l2_format.format =3D=3D V4L2_PIX_FMT_YUV422P) || diff -urNp linux-2.6.32.40/drivers/media/video/v4l2-device.c linux-2.6.3= 2.40/drivers/media/video/v4l2-device.c --- linux-2.6.32.40/drivers/media/video/v4l2-device.c 2011-03-27 14:31:4= 7.000000000 -0400 +++ linux-2.6.32.40/drivers/media/video/v4l2-device.c 2011-05-04 17:56:2= 8.000000000 -0400 @@ -29983,6 +30641,18 @@ diff -urNp linux-2.6.32.40/drivers/media/video/v= 4l2-device.c linux-2.6.32.40/dri int len =3D strlen(basename); =20 if (basename[len - 1] >=3D '0' && basename[len - 1] <=3D '9') +diff -urNp linux-2.6.32.40/drivers/media/video/videobuf-dma-sg.c linux-2= .6.32.40/drivers/media/video/videobuf-dma-sg.c +--- linux-2.6.32.40/drivers/media/video/videobuf-dma-sg.c 2011-03-27 14:= 31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/media/video/videobuf-dma-sg.c 2011-05-16 21:= 46:57.000000000 -0400 +@@ -693,6 +693,8 @@ void *videobuf_sg_alloc(size_t size) + { + struct videobuf_queue q; +=20 ++ pax_track_stack(); ++ + /* Required to make generic handler to call __videobuf_alloc */ + q.int_ops =3D &sg_ops; +=20 diff -urNp linux-2.6.32.40/drivers/message/fusion/mptbase.c linux-2.6.32= .40/drivers/message/fusion/mptbase.c --- linux-2.6.32.40/drivers/message/fusion/mptbase.c 2011-03-27 14:31:47= .000000000 -0400 +++ linux-2.6.32.40/drivers/message/fusion/mptbase.c 2011-04-17 15:56:46= .000000000 -0400 @@ -30080,6 +30750,18 @@ diff -urNp linux-2.6.32.40/drivers/message/fusio= n/mptscsih.c linux-2.6.32.40/dri =20 return h->info_kbuf; } +diff -urNp linux-2.6.32.40/drivers/message/i2o/i2o_config.c linux-2.6.32= .40/drivers/message/i2o/i2o_config.c +--- linux-2.6.32.40/drivers/message/i2o/i2o_config.c 2011-03-27 14:31:47= .000000000 -0400 ++++ linux-2.6.32.40/drivers/message/i2o/i2o_config.c 2011-05-16 21:46:57= .000000000 -0400 +@@ -787,6 +787,8 @@ static int i2o_cfg_passthru(unsigned lon + struct i2o_message *msg; + unsigned int iop; +=20 ++ pax_track_stack(); ++ + if (get_user(iop, &cmd->iop) || get_user(user_msg, &cmd->msg)) + return -EFAULT; +=20 diff -urNp linux-2.6.32.40/drivers/message/i2o/i2o_proc.c linux-2.6.32.4= 0/drivers/message/i2o/i2o_proc.c --- linux-2.6.32.40/drivers/message/i2o/i2o_proc.c 2011-03-27 14:31:47.0= 00000000 -0400 +++ linux-2.6.32.40/drivers/message/i2o/i2o_proc.c 2011-04-17 15:56:46.0= 00000000 -0400 @@ -30195,6 +30877,18 @@ diff -urNp linux-2.6.32.40/drivers/message/i2o/i= op.c linux-2.6.32.40/drivers/mes INIT_LIST_HEAD(&c->context_list); #endif =20 +diff -urNp linux-2.6.32.40/drivers/mfd/wm8350-i2c.c linux-2.6.32.40/driv= ers/mfd/wm8350-i2c.c +--- linux-2.6.32.40/drivers/mfd/wm8350-i2c.c 2011-03-27 14:31:47.0000000= 00 -0400 ++++ linux-2.6.32.40/drivers/mfd/wm8350-i2c.c 2011-05-16 21:46:57.0000000= 00 -0400 +@@ -43,6 +43,8 @@ static int wm8350_i2c_write_device(struc + u8 msg[(WM8350_MAX_REGISTER << 1) + 1]; + int ret; +=20 ++ pax_track_stack(); ++ + if (bytes > ((WM8350_MAX_REGISTER << 1) + 1)) + return -EINVAL; +=20 diff -urNp linux-2.6.32.40/drivers/misc/kgdbts.c linux-2.6.32.40/drivers= /misc/kgdbts.c --- linux-2.6.32.40/drivers/misc/kgdbts.c 2011-03-27 14:31:47.000000000 = -0400 +++ linux-2.6.32.40/drivers/misc/kgdbts.c 2011-04-17 15:56:46.000000000 = -0400 @@ -30442,6 +31136,84 @@ diff -urNp linux-2.6.32.40/drivers/misc/sgi-gru/= grutables.h linux-2.6.32.40/driv } while (0) =20 #ifdef CONFIG_SGI_GRU_DEBUG +diff -urNp linux-2.6.32.40/drivers/mtd/chips/cfi_cmdset_0001.c linux-2.6= .32.40/drivers/mtd/chips/cfi_cmdset_0001.c +--- linux-2.6.32.40/drivers/mtd/chips/cfi_cmdset_0001.c 2011-03-27 14:31= :47.000000000 -0400 ++++ linux-2.6.32.40/drivers/mtd/chips/cfi_cmdset_0001.c 2011-05-16 21:46= :57.000000000 -0400 +@@ -743,6 +743,8 @@ static int chip_ready (struct map_info * + struct cfi_pri_intelext *cfip =3D cfi->cmdset_priv; + unsigned long timeo =3D jiffies + HZ; +=20 ++ pax_track_stack(); ++ + /* Prevent setting state FL_SYNCING for chip in suspended state. */ + if (mode =3D=3D FL_SYNCING && chip->oldstate !=3D FL_READY) + goto sleep; +@@ -1642,6 +1644,8 @@ static int __xipram do_write_buffer(stru + unsigned long initial_adr; + int initial_len =3D len; +=20 ++ pax_track_stack(); ++ + wbufsize =3D cfi_interleave(cfi) << cfi->cfiq->MaxBufWriteSize; + adr +=3D chip->start; + initial_adr =3D adr; +@@ -1860,6 +1864,8 @@ static int __xipram do_erase_oneblock(st + int retries =3D 3; + int ret; +=20 ++ pax_track_stack(); ++ + adr +=3D chip->start; +=20 + retry: +diff -urNp linux-2.6.32.40/drivers/mtd/chips/cfi_cmdset_0020.c linux-2.6= .32.40/drivers/mtd/chips/cfi_cmdset_0020.c +--- linux-2.6.32.40/drivers/mtd/chips/cfi_cmdset_0020.c 2011-03-27 14:31= :47.000000000 -0400 ++++ linux-2.6.32.40/drivers/mtd/chips/cfi_cmdset_0020.c 2011-05-16 21:46= :57.000000000 -0400 +@@ -255,6 +255,8 @@ static inline int do_read_onechip(struct + unsigned long cmd_addr; + struct cfi_private *cfi =3D map->fldrv_priv; +=20 ++ pax_track_stack(); ++ + adr +=3D chip->start; +=20 + /* Ensure cmd read/writes are aligned. */ +@@ -428,6 +430,8 @@ static inline int do_write_buffer(struct + DECLARE_WAITQUEUE(wait, current); + int wbufsize, z; +=20 ++ pax_track_stack(); ++ + /* M58LW064A requires bus alignment for buffer wriets -- saw */ + if (adr & (map_bankwidth(map)-1)) + return -EINVAL; +@@ -742,6 +746,8 @@ static inline int do_erase_oneblock(stru + DECLARE_WAITQUEUE(wait, current); + int ret =3D 0; +=20 ++ pax_track_stack(); ++ + adr +=3D chip->start; +=20 + /* Let's determine this according to the interleave only once */ +@@ -1047,6 +1053,8 @@ static inline int do_lock_oneblock(struc + unsigned long timeo =3D jiffies + HZ; + DECLARE_WAITQUEUE(wait, current); +=20 ++ pax_track_stack(); ++ + adr +=3D chip->start; +=20 + /* Let's determine this according to the interleave only once */ +@@ -1196,6 +1204,8 @@ static inline int do_unlock_oneblock(str + unsigned long timeo =3D jiffies + HZ; + DECLARE_WAITQUEUE(wait, current); +=20 ++ pax_track_stack(); ++ + adr +=3D chip->start; +=20 + /* Let's determine this according to the interleave only once */ diff -urNp linux-2.6.32.40/drivers/mtd/devices/doc2000.c linux-2.6.32.40= /drivers/mtd/devices/doc2000.c --- linux-2.6.32.40/drivers/mtd/devices/doc2000.c 2011-03-27 14:31:47.00= 0000000 -0400 +++ linux-2.6.32.40/drivers/mtd/devices/doc2000.c 2011-04-17 15:56:46.00= 0000000 -0400 @@ -30466,6 +31238,98 @@ diff -urNp linux-2.6.32.40/drivers/mtd/devices/d= oc2001.c linux-2.6.32.40/drivers return -EINVAL; =20 /* Don't allow a single read to cross a 512-byte block boundary */ +diff -urNp linux-2.6.32.40/drivers/mtd/ftl.c linux-2.6.32.40/drivers/mtd= /ftl.c +--- linux-2.6.32.40/drivers/mtd/ftl.c 2011-03-27 14:31:47.000000000 -040= 0 ++++ linux-2.6.32.40/drivers/mtd/ftl.c 2011-05-16 21:46:57.000000000 -040= 0 +@@ -474,6 +474,8 @@ static int copy_erase_unit(partition_t * + loff_t offset; + uint16_t srcunitswap =3D cpu_to_le16(srcunit); +=20 ++ pax_track_stack(); ++ + eun =3D &part->EUNInfo[srcunit]; + xfer =3D &part->XferInfo[xferunit]; + DEBUG(2, "ftl_cs: copying block 0x%x to 0x%x\n", +diff -urNp linux-2.6.32.40/drivers/mtd/inftlcore.c linux-2.6.32.40/drive= rs/mtd/inftlcore.c +--- linux-2.6.32.40/drivers/mtd/inftlcore.c 2011-03-27 14:31:47.00000000= 0 -0400 ++++ linux-2.6.32.40/drivers/mtd/inftlcore.c 2011-05-16 21:46:57.00000000= 0 -0400 +@@ -260,6 +260,8 @@ static u16 INFTL_foldchain(struct INFTLr + struct inftl_oob oob; + size_t retlen; +=20 ++ pax_track_stack(); ++ + DEBUG(MTD_DEBUG_LEVEL3, "INFTL: INFTL_foldchain(inftl=3D%p,thisVUC=3D%= d," + "pending=3D%d)\n", inftl, thisVUC, pendingblock); +=20 +diff -urNp linux-2.6.32.40/drivers/mtd/inftlmount.c linux-2.6.32.40/driv= ers/mtd/inftlmount.c +--- linux-2.6.32.40/drivers/mtd/inftlmount.c 2011-03-27 14:31:47.0000000= 00 -0400 ++++ linux-2.6.32.40/drivers/mtd/inftlmount.c 2011-05-16 21:46:57.0000000= 00 -0400 +@@ -54,6 +54,8 @@ static int find_boot_record(struct INFTL + struct INFTLPartition *ip; + size_t retlen; +=20 ++ pax_track_stack(); ++ + DEBUG(MTD_DEBUG_LEVEL3, "INFTL: find_boot_record(inftl=3D%p)\n", inftl= ); +=20 + /* +diff -urNp linux-2.6.32.40/drivers/mtd/lpddr/qinfo_probe.c linux-2.6.32.= 40/drivers/mtd/lpddr/qinfo_probe.c +--- linux-2.6.32.40/drivers/mtd/lpddr/qinfo_probe.c 2011-03-27 14:31:47.= 000000000 -0400 ++++ linux-2.6.32.40/drivers/mtd/lpddr/qinfo_probe.c 2011-05-16 21:46:57.= 000000000 -0400 +@@ -106,6 +106,8 @@ static int lpddr_pfow_present(struct map + { + map_word pfow_val[4]; +=20 ++ pax_track_stack(); ++ + /* Check identification string */ + pfow_val[0] =3D map_read(map, map->pfow_base + PFOW_QUERY_STRING_P); + pfow_val[1] =3D map_read(map, map->pfow_base + PFOW_QUERY_STRING_F); +diff -urNp linux-2.6.32.40/drivers/mtd/mtdchar.c linux-2.6.32.40/drivers= /mtd/mtdchar.c +--- linux-2.6.32.40/drivers/mtd/mtdchar.c 2011-03-27 14:31:47.000000000 = -0400 ++++ linux-2.6.32.40/drivers/mtd/mtdchar.c 2011-05-16 21:46:57.000000000 = -0400 +@@ -460,6 +460,8 @@ static int mtd_ioctl(struct inode *inode + u_long size; + struct mtd_info_user info; +=20 ++ pax_track_stack(); ++ + DEBUG(MTD_DEBUG_LEVEL0, "MTD_ioctl\n"); +=20 + size =3D (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT; +diff -urNp linux-2.6.32.40/drivers/mtd/nftlcore.c linux-2.6.32.40/driver= s/mtd/nftlcore.c +--- linux-2.6.32.40/drivers/mtd/nftlcore.c 2011-03-27 14:31:47.000000000= -0400 ++++ linux-2.6.32.40/drivers/mtd/nftlcore.c 2011-05-16 21:46:57.000000000= -0400 +@@ -254,6 +254,8 @@ static u16 NFTL_foldchain (struct NFTLre + int inplace =3D 1; + size_t retlen; +=20 ++ pax_track_stack(); ++ + memset(BlockMap, 0xff, sizeof(BlockMap)); + memset(BlockFreeFound, 0, sizeof(BlockFreeFound)); +=20 +diff -urNp linux-2.6.32.40/drivers/mtd/nftlmount.c linux-2.6.32.40/drive= rs/mtd/nftlmount.c +--- linux-2.6.32.40/drivers/mtd/nftlmount.c 2011-03-27 14:31:47.00000000= 0 -0400 ++++ linux-2.6.32.40/drivers/mtd/nftlmount.c 2011-05-18 20:09:37.00000000= 0 -0400 +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -44,6 +45,8 @@ static int find_boot_record(struct NFTLr + struct mtd_info *mtd =3D nftl->mbd.mtd; + unsigned int i; +=20 ++ pax_track_stack(); ++ + /* Assume logical EraseSize =3D=3D physical erasesize for start= ing the scan. + We'll sort it out later if we find a MediaHeader which says otherwi= se */ + /* Actually, we won't. The new DiskOnChip driver has already scanned diff -urNp linux-2.6.32.40/drivers/mtd/ubi/build.c linux-2.6.32.40/drive= rs/mtd/ubi/build.c --- linux-2.6.32.40/drivers/mtd/ubi/build.c 2011-03-27 14:31:47.00000000= 0 -0400 +++ linux-2.6.32.40/drivers/mtd/ubi/build.c 2011-04-17 15:56:46.00000000= 0 -0400 @@ -30508,6 +31372,30 @@ diff -urNp linux-2.6.32.40/drivers/mtd/ubi/build= .c linux-2.6.32.40/drivers/mtd/u } =20 /** +diff -urNp linux-2.6.32.40/drivers/net/bnx2.c linux-2.6.32.40/drivers/ne= t/bnx2.c +--- linux-2.6.32.40/drivers/net/bnx2.c 2011-03-27 14:31:47.000000000 -04= 00 ++++ linux-2.6.32.40/drivers/net/bnx2.c 2011-05-16 21:46:57.000000000 -04= 00 +@@ -5809,6 +5809,8 @@ bnx2_test_nvram(struct bnx2 *bp) + int rc =3D 0; + u32 magic, csum; +=20 ++ pax_track_stack(); ++ + if ((rc =3D bnx2_nvram_read(bp, 0, data, 4)) !=3D 0) + goto test_nvram_done; +=20 +diff -urNp linux-2.6.32.40/drivers/net/cxgb3/t3_hw.c linux-2.6.32.40/dri= vers/net/cxgb3/t3_hw.c +--- linux-2.6.32.40/drivers/net/cxgb3/t3_hw.c 2011-03-27 14:31:47.000000= 000 -0400 ++++ linux-2.6.32.40/drivers/net/cxgb3/t3_hw.c 2011-05-16 21:46:57.000000= 000 -0400 +@@ -699,6 +699,8 @@ static int get_vpd_params(struct adapter + int i, addr, ret; + struct t3_vpd vpd; +=20 ++ pax_track_stack(); ++ + /* + * Card information is normally at VPD_BASE but some early cards had + * it at 0. diff -urNp linux-2.6.32.40/drivers/net/e1000e/82571.c linux-2.6.32.40/dr= ivers/net/e1000e/82571.c --- linux-2.6.32.40/drivers/net/e1000e/82571.c 2011-03-27 14:31:47.00000= 0000 -0400 +++ linux-2.6.32.40/drivers/net/e1000e/82571.c 2011-04-17 15:56:46.00000= 0000 -0400 @@ -30710,6 +31598,18 @@ diff -urNp linux-2.6.32.40/drivers/net/e1000e/ic= h8lan.c linux-2.6.32.40/drivers/ .acquire_nvm =3D e1000_acquire_nvm_ich8lan, .read_nvm =3D e1000_read_nvm_ich8lan, .release_nvm =3D e1000_release_nvm_ich8lan, +diff -urNp linux-2.6.32.40/drivers/net/hamradio/6pack.c linux-2.6.32.40/= drivers/net/hamradio/6pack.c +--- linux-2.6.32.40/drivers/net/hamradio/6pack.c 2011-03-27 14:31:47.000= 000000 -0400 ++++ linux-2.6.32.40/drivers/net/hamradio/6pack.c 2011-05-16 21:46:57.000= 000000 -0400 +@@ -461,6 +461,8 @@ static void sixpack_receive_buf(struct t + unsigned char buf[512]; + int count1; +=20 ++ pax_track_stack(); ++ + if (!count) + return; +=20 diff -urNp linux-2.6.32.40/drivers/net/ibmveth.c linux-2.6.32.40/drivers= /net/ibmveth.c --- linux-2.6.32.40/drivers/net/ibmveth.c 2011-03-27 14:31:47.000000000 = -0400 +++ linux-2.6.32.40/drivers/net/ibmveth.c 2011-04-17 15:56:46.000000000 = -0400 @@ -30799,6 +31699,63 @@ diff -urNp linux-2.6.32.40/drivers/net/iseries_v= eth.c linux-2.6.32.40/drivers/ne .show =3D veth_port_attribute_show }; =20 +diff -urNp linux-2.6.32.40/drivers/net/ixgb/ixgb_main.c linux-2.6.32.40/= drivers/net/ixgb/ixgb_main.c +--- linux-2.6.32.40/drivers/net/ixgb/ixgb_main.c 2011-03-27 14:31:47.000= 000000 -0400 ++++ linux-2.6.32.40/drivers/net/ixgb/ixgb_main.c 2011-05-16 21:46:57.000= 000000 -0400 +@@ -1052,6 +1052,8 @@ ixgb_set_multi(struct net_device *netdev + u32 rctl; + int i; +=20 ++ pax_track_stack(); ++ + /* Check for Promiscuous and All Multicast modes */ +=20 + rctl =3D IXGB_READ_REG(hw, RCTL); +diff -urNp linux-2.6.32.40/drivers/net/ixgb/ixgb_param.c linux-2.6.32.40= /drivers/net/ixgb/ixgb_param.c +--- linux-2.6.32.40/drivers/net/ixgb/ixgb_param.c 2011-03-27 14:31:47.00= 0000000 -0400 ++++ linux-2.6.32.40/drivers/net/ixgb/ixgb_param.c 2011-05-16 21:46:57.00= 0000000 -0400 +@@ -260,6 +260,9 @@ void __devinit + ixgb_check_options(struct ixgb_adapter *adapter) + { + int bd =3D adapter->bd_number; ++ ++ pax_track_stack(); ++ + if (bd >=3D IXGB_MAX_NIC) { + printk(KERN_NOTICE + "Warning: no configuration for board #%i\n", bd); +diff -urNp linux-2.6.32.40/drivers/net/mlx4/main.c linux-2.6.32.40/drive= rs/net/mlx4/main.c +--- linux-2.6.32.40/drivers/net/mlx4/main.c 2011-03-27 14:31:47.00000000= 0 -0400 ++++ linux-2.6.32.40/drivers/net/mlx4/main.c 2011-05-18 20:09:37.00000000= 0 -0400 +@@ -38,6 +38,7 @@ + #include + #include + #include ++#include +=20 + #include + #include +@@ -730,6 +731,8 @@ static int mlx4_init_hca(struct mlx4_dev + u64 icm_size; + int err; +=20 ++ pax_track_stack(); ++ + err =3D mlx4_QUERY_FW(dev); + if (err) { + if (err =3D=3D -EACCES) +diff -urNp linux-2.6.32.40/drivers/net/niu.c linux-2.6.32.40/drivers/net= /niu.c +--- linux-2.6.32.40/drivers/net/niu.c 2011-05-10 22:12:01.000000000 -040= 0 ++++ linux-2.6.32.40/drivers/net/niu.c 2011-05-16 21:46:57.000000000 -040= 0 +@@ -9128,6 +9128,8 @@ static void __devinit niu_try_msix(struc + int i, num_irqs, err; + u8 first_ldg; +=20 ++ pax_track_stack(); ++ + first_ldg =3D (NIU_NUM_LDG / parent->num_ports) * np->port; + for (i =3D 0; i < (NIU_NUM_LDG / parent->num_ports); i++) + ldg_num_map[i] =3D first_ldg + i; diff -urNp linux-2.6.32.40/drivers/net/pcnet32.c linux-2.6.32.40/drivers= /net/pcnet32.c --- linux-2.6.32.40/drivers/net/pcnet32.c 2011-03-27 14:31:47.000000000 = -0400 +++ linux-2.6.32.40/drivers/net/pcnet32.c 2011-04-17 15:56:46.000000000 = -0400 @@ -30822,6 +31779,18 @@ diff -urNp linux-2.6.32.40/drivers/net/tg3.h lin= ux-2.6.32.40/drivers/net/tg3.h #define CHIPREV_ID_5750_C2 0x4202 #define CHIPREV_ID_5752_A0_HW 0x5000 #define CHIPREV_ID_5752_A0 0x6000 +diff -urNp linux-2.6.32.40/drivers/net/tulip/de2104x.c linux-2.6.32.40/d= rivers/net/tulip/de2104x.c +--- linux-2.6.32.40/drivers/net/tulip/de2104x.c 2011-03-27 14:31:47.0000= 00000 -0400 ++++ linux-2.6.32.40/drivers/net/tulip/de2104x.c 2011-05-16 21:46:57.0000= 00000 -0400 +@@ -1785,6 +1785,8 @@ static void __devinit de21041_get_srom_i + struct de_srom_info_leaf *il; + void *bufp; +=20 ++ pax_track_stack(); ++ + /* download entire eeprom */ + for (i =3D 0; i < DE_EEPROM_WORDS; i++) + ((__le16 *)ee_data)[i] =3D diff -urNp linux-2.6.32.40/drivers/net/tulip/de4x5.c linux-2.6.32.40/dri= vers/net/tulip/de4x5.c --- linux-2.6.32.40/drivers/net/tulip/de4x5.c 2011-03-27 14:31:47.000000= 000 -0400 +++ linux-2.6.32.40/drivers/net/tulip/de4x5.c 2011-04-17 15:56:46.000000= 000 -0400 @@ -30933,6 +31902,150 @@ diff -urNp linux-2.6.32.40/drivers/net/usb/hso.= c linux-2.6.32.40/drivers/net/usb result =3D hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); +diff -urNp linux-2.6.32.40/drivers/net/vxge/vxge-main.c linux-2.6.32.40/= drivers/net/vxge/vxge-main.c +--- linux-2.6.32.40/drivers/net/vxge/vxge-main.c 2011-03-27 14:31:47.000= 000000 -0400 ++++ linux-2.6.32.40/drivers/net/vxge/vxge-main.c 2011-05-16 21:46:57.000= 000000 -0400 +@@ -93,6 +93,8 @@ static inline void VXGE_COMPLETE_VPATH_T + struct sk_buff *completed[NR_SKB_COMPLETED]; + int more; +=20 ++ pax_track_stack(); ++ + do { + more =3D 0; + skb_ptr =3D completed; +@@ -1779,6 +1781,8 @@ static enum vxge_hw_status vxge_rth_conf + u8 mtable[256] =3D {0}; /* CPU to vpath mapping */ + int index; +=20 ++ pax_track_stack(); ++ + /* + * Filling + * - itable with bucket numbers +diff -urNp linux-2.6.32.40/drivers/net/wan/cycx_x25.c linux-2.6.32.40/dr= ivers/net/wan/cycx_x25.c +--- linux-2.6.32.40/drivers/net/wan/cycx_x25.c 2011-03-27 14:31:47.00000= 0000 -0400 ++++ linux-2.6.32.40/drivers/net/wan/cycx_x25.c 2011-05-16 21:46:57.00000= 0000 -0400 +@@ -1017,6 +1017,8 @@ static void hex_dump(char *msg, unsigned + unsigned char hex[1024], + * phex =3D hex; +=20 ++ pax_track_stack(); ++ + if (len >=3D (sizeof(hex) / 2)) + len =3D (sizeof(hex) / 2) - 1; +=20 +diff -urNp linux-2.6.32.40/drivers/net/wimax/i2400m/usb-fw.c linux-2.6.3= 2.40/drivers/net/wimax/i2400m/usb-fw.c +--- linux-2.6.32.40/drivers/net/wimax/i2400m/usb-fw.c 2011-03-27 14:31:4= 7.000000000 -0400 ++++ linux-2.6.32.40/drivers/net/wimax/i2400m/usb-fw.c 2011-05-16 21:46:5= 7.000000000 -0400 +@@ -263,6 +263,8 @@ ssize_t i2400mu_bus_bm_wait_for_ack(stru + int do_autopm =3D 1; + DECLARE_COMPLETION_ONSTACK(notif_completion); +=20 ++ pax_track_stack(); ++ + d_fnstart(8, dev, "(i2400m %p ack %p size %zu)\n", + i2400m, ack, ack_size); + BUG_ON(_ack =3D=3D i2400m->bm_ack_buf); +diff -urNp linux-2.6.32.40/drivers/net/wireless/airo.c linux-2.6.32.40/d= rivers/net/wireless/airo.c +--- linux-2.6.32.40/drivers/net/wireless/airo.c 2011-03-27 14:31:47.0000= 00000 -0400 ++++ linux-2.6.32.40/drivers/net/wireless/airo.c 2011-05-16 21:46:57.0000= 00000 -0400 +@@ -3003,6 +3003,8 @@ static void airo_process_scan_results (s + BSSListElement * loop_net; + BSSListElement * tmp_net; +=20 ++ pax_track_stack(); ++ + /* Blow away current list of scan results */ + list_for_each_entry_safe (loop_net, tmp_net, &ai->network_list, list) = { + list_move_tail (&loop_net->list, &ai->network_free_list); +@@ -3783,6 +3785,8 @@ static u16 setup_card(struct airo_info * + WepKeyRid wkr; + int rc; +=20 ++ pax_track_stack(); ++ + memset( &mySsid, 0, sizeof( mySsid ) ); + kfree (ai->flash); + ai->flash =3D NULL; +@@ -4758,6 +4762,8 @@ static int proc_stats_rid_open( struct i + __le32 *vals =3D stats.vals; + int len; +=20 ++ pax_track_stack(); ++ + if ((file->private_data =3D kzalloc(sizeof(struct proc_data ), GFP_KER= NEL)) =3D=3D NULL) + return -ENOMEM; + data =3D (struct proc_data *)file->private_data; +@@ -5487,6 +5493,8 @@ static int proc_BSSList_open( struct ino + /* If doLoseSync is not 1, we won't do a Lose Sync */ + int doLoseSync =3D -1; +=20 ++ pax_track_stack(); ++ + if ((file->private_data =3D kzalloc(sizeof(struct proc_data ), GFP_KER= NEL)) =3D=3D NULL) + return -ENOMEM; + data =3D (struct proc_data *)file->private_data; +@@ -7193,6 +7201,8 @@ static int airo_get_aplist(struct net_de + int i; + int loseSync =3D capable(CAP_NET_ADMIN) ? 1: -1; +=20 ++ pax_track_stack(); ++ + qual =3D kmalloc(IW_MAX_AP * sizeof(*qual), GFP_KERNEL); + if (!qual) + return -ENOMEM; +@@ -7753,6 +7763,8 @@ static void airo_read_wireless_stats(str + CapabilityRid cap_rid; + __le32 *vals =3D stats_rid.vals; +=20 ++ pax_track_stack(); ++ + /* Get stats out of the card */ + clear_bit(JOB_WSTATS, &local->jobs); + if (local->power.event) { +diff -urNp linux-2.6.32.40/drivers/net/wireless/ath/ath5k/debug.c linux-= 2.6.32.40/drivers/net/wireless/ath/ath5k/debug.c +--- linux-2.6.32.40/drivers/net/wireless/ath/ath5k/debug.c 2011-03-27 14= :31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/net/wireless/ath/ath5k/debug.c 2011-05-16 21= :46:57.000000000 -0400 +@@ -205,6 +205,8 @@ static ssize_t read_file_beacon(struct f + unsigned int v; + u64 tsf; +=20 ++ pax_track_stack(); ++ + v =3D ath5k_hw_reg_read(sc->ah, AR5K_BEACON); + len +=3D snprintf(buf+len, sizeof(buf)-len, + "%-24s0x%08x\tintval: %d\tTIM: 0x%x\n", +@@ -318,6 +320,8 @@ static ssize_t read_file_debug(struct fi + unsigned int len =3D 0; + unsigned int i; +=20 ++ pax_track_stack(); ++ + len +=3D snprintf(buf+len, sizeof(buf)-len, + "DEBUG LEVEL: 0x%08x\n\n", sc->debug.level); +=20 +diff -urNp linux-2.6.32.40/drivers/net/wireless/ath/ath9k/debug.c linux-= 2.6.32.40/drivers/net/wireless/ath/ath9k/debug.c +--- linux-2.6.32.40/drivers/net/wireless/ath/ath9k/debug.c 2011-03-27 14= :31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/net/wireless/ath/ath9k/debug.c 2011-05-16 21= :46:57.000000000 -0400 +@@ -220,6 +220,8 @@ static ssize_t read_file_interrupt(struc + char buf[512]; + unsigned int len =3D 0; +=20 ++ pax_track_stack(); ++ + len +=3D snprintf(buf + len, sizeof(buf) - len, + "%8s: %10u\n", "RX", sc->debug.stats.istats.rxok); + len +=3D snprintf(buf + len, sizeof(buf) - len, +@@ -360,6 +362,8 @@ static ssize_t read_file_wiphy(struct fi + int i; + u8 addr[ETH_ALEN]; +=20 ++ pax_track_stack(); ++ + len +=3D snprintf(buf + len, sizeof(buf) - len, + "primary: %s (%s chan=3D%d ht=3D%d)\n", + wiphy_name(sc->pri_wiphy->hw->wiphy), diff -urNp linux-2.6.32.40/drivers/net/wireless/b43/debugfs.c linux-2.6.= 32.40/drivers/net/wireless/b43/debugfs.c --- linux-2.6.32.40/drivers/net/wireless/b43/debugfs.c 2011-03-27 14:31:= 47.000000000 -0400 +++ linux-2.6.32.40/drivers/net/wireless/b43/debugfs.c 2011-04-17 15:56:= 46.000000000 -0400 @@ -30957,6 +32070,39 @@ diff -urNp linux-2.6.32.40/drivers/net/wireless/= b43legacy/debugfs.c linux-2.6.32 /* Offset of struct b43legacy_dfs_file in struct b43legacy_dfsentry */ size_t file_struct_offset; /* Take wl->irq_lock before calling read/write? */ +diff -urNp linux-2.6.32.40/drivers/net/wireless/ipw2x00/ipw2100.c linux-= 2.6.32.40/drivers/net/wireless/ipw2x00/ipw2100.c +--- linux-2.6.32.40/drivers/net/wireless/ipw2x00/ipw2100.c 2011-03-27 14= :31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/net/wireless/ipw2x00/ipw2100.c 2011-05-16 21= :46:57.000000000 -0400 +@@ -2014,6 +2014,8 @@ static int ipw2100_set_essid(struct ipw2 + int err; + DECLARE_SSID_BUF(ssid); +=20 ++ pax_track_stack(); ++ + IPW_DEBUG_HC("SSID: '%s'\n", print_ssid(ssid, essid, ssid_len)); +=20 + if (ssid_len) +@@ -5380,6 +5382,8 @@ static int ipw2100_set_key(struct ipw210 + struct ipw2100_wep_key *wep_key =3D (void *)cmd.host_command_parameter= s; + int err; +=20 ++ pax_track_stack(); ++ + IPW_DEBUG_HC("WEP_KEY_INFO: index =3D %d, len =3D %d/%d\n", + idx, keylen, len); +=20 +diff -urNp linux-2.6.32.40/drivers/net/wireless/ipw2x00/libipw_rx.c linu= x-2.6.32.40/drivers/net/wireless/ipw2x00/libipw_rx.c +--- linux-2.6.32.40/drivers/net/wireless/ipw2x00/libipw_rx.c 2011-03-27 = 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/net/wireless/ipw2x00/libipw_rx.c 2011-05-16 = 21:46:57.000000000 -0400 +@@ -1566,6 +1566,8 @@ static void libipw_process_probe_respons + unsigned long flags; + DECLARE_SSID_BUF(ssid); +=20 ++ pax_track_stack(); ++ + LIBIPW_DEBUG_SCAN("'%s' (%pM" + "): %c%c%c%c %c%c%c%c-%c%c%c%c %c%c%c%c\n", + print_ssid(ssid, info_element->data, info_element->len), diff -urNp linux-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-1000.c linux= -2.6.32.40/drivers/net/wireless/iwlwifi/iwl-1000.c --- linux-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-1000.c 2011-03-27 1= 4:31:47.000000000 -0400 +++ linux-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-1000.c 2011-04-17 1= 5:56:46.000000000 -0400 @@ -31025,6 +32171,48 @@ diff -urNp linux-2.6.32.40/drivers/net/wireless/= iwlwifi/iwl-6000.c linux-2.6.32. .ucode =3D &iwl5000_ucode, .lib =3D &iwl6000_lib, .hcmd =3D &iwl5000_hcmd, +diff -urNp linux-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-agn-rs.c lin= ux-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-agn-rs.c +--- linux-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-agn-rs.c 2011-03-27= 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-agn-rs.c 2011-05-16= 21:46:57.000000000 -0400 +@@ -857,6 +857,8 @@ static void rs_tx_status(void *priv_r, s + u8 active_index =3D 0; + s32 tpt =3D 0; +=20 ++ pax_track_stack(); ++ + IWL_DEBUG_RATE_LIMIT(priv, "get frame ack response, update rate scale = window\n"); +=20 + if (!ieee80211_is_data(hdr->frame_control) || +@@ -2722,6 +2724,8 @@ static void rs_fill_link_cmd(struct iwl_ + u8 valid_tx_ant =3D 0; + struct iwl_link_quality_cmd *lq_cmd =3D &lq_sta->lq; +=20 ++ pax_track_stack(); ++ + /* Override starting rate (index 0) if needed for debug purposes */ + rs_dbgfs_set_mcs(lq_sta, &new_rate, index); +=20 +diff -urNp linux-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-debugfs.c li= nux-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-debugfs.c +--- linux-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-debugfs.c 2011-03-2= 7 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-debugfs.c 2011-05-1= 6 21:46:57.000000000 -0400 +@@ -524,6 +524,8 @@ static ssize_t iwl_dbgfs_status_read(str + int pos =3D 0; + const size_t bufsz =3D sizeof(buf); +=20 ++ pax_track_stack(); ++ + pos +=3D scnprintf(buf + pos, bufsz - pos, "STATUS_HCMD_ACTIVE:\t %d\n= ", + test_bit(STATUS_HCMD_ACTIVE, &priv->status)); + pos +=3D scnprintf(buf + pos, bufsz - pos, "STATUS_HCMD_SYNC_ACTIVE: %= d\n", +@@ -658,6 +660,8 @@ static ssize_t iwl_dbgfs_qos_read(struct + const size_t bufsz =3D sizeof(buf); + ssize_t ret; +=20 ++ pax_track_stack(); ++ + for (i =3D 0; i < AC_NUM; i++) { + pos +=3D scnprintf(buf + pos, bufsz - pos, + "\tcw_min\tcw_max\taifsn\ttxop\n"); diff -urNp linux-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-debug.h linu= x-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-debug.h --- linux-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-debug.h 2011-03-27 = 14:31:47.000000000 -0400 +++ linux-2.6.32.40/drivers/net/wireless/iwlwifi/iwl-debug.h 2011-04-17 = 15:56:46.000000000 -0400 @@ -31051,6 +32239,18 @@ diff -urNp linux-2.6.32.40/drivers/net/wireless/= iwlwifi/iwl-dev.h linux-2.6.32.4 extern struct iwl_ucode_ops iwl5000_ucode; extern struct iwl_lib_ops iwl5000_lib; extern struct iwl_hcmd_ops iwl5000_hcmd; +diff -urNp linux-2.6.32.40/drivers/net/wireless/iwmc3200wifi/debugfs.c l= inux-2.6.32.40/drivers/net/wireless/iwmc3200wifi/debugfs.c +--- linux-2.6.32.40/drivers/net/wireless/iwmc3200wifi/debugfs.c 2011-03-= 27 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/net/wireless/iwmc3200wifi/debugfs.c 2011-05-= 16 21:46:57.000000000 -0400 +@@ -299,6 +299,8 @@ static ssize_t iwm_debugfs_fw_err_read(s + int buf_len =3D 512; + size_t len =3D 0; +=20 ++ pax_track_stack(); ++ + if (*ppos !=3D 0) + return 0; + if (count < sizeof(buf)) diff -urNp linux-2.6.32.40/drivers/net/wireless/libertas/debugfs.c linux= -2.6.32.40/drivers/net/wireless/libertas/debugfs.c --- linux-2.6.32.40/drivers/net/wireless/libertas/debugfs.c 2011-03-27 1= 4:31:47.000000000 -0400 +++ linux-2.6.32.40/drivers/net/wireless/libertas/debugfs.c 2011-04-17 1= 5:56:46.000000000 -0400 @@ -31812,6 +33012,17 @@ diff -urNp linux-2.6.32.40/drivers/s390/cio/qdio= _perf.h linux-2.6.32.40/drivers/ } =20 int qdio_setup_perf_stats(void); +diff -urNp linux-2.6.32.40/drivers/scsi/aacraid/commctrl.c linux-2.6.32.= 40/drivers/scsi/aacraid/commctrl.c +--- linux-2.6.32.40/drivers/scsi/aacraid/commctrl.c 2011-03-27 14:31:47.= 000000000 -0400 ++++ linux-2.6.32.40/drivers/scsi/aacraid/commctrl.c 2011-05-16 21:46:57.= 000000000 -0400 +@@ -481,6 +481,7 @@ static int aac_send_raw_srb(struct aac_d + u32 actual_fibsize64, actual_fibsize =3D 0; + int i; +=20 ++ pax_track_stack(); +=20 + if (dev->in_reset) { + dprintk((KERN_DEBUG"aacraid: send raw srb -EBUSY\n")); diff -urNp linux-2.6.32.40/drivers/scsi/aic94xx/aic94xx_init.c linux-2.6= .32.40/drivers/scsi/aic94xx/aic94xx_init.c --- linux-2.6.32.40/drivers/scsi/aic94xx/aic94xx_init.c 2011-03-27 14:31= :47.000000000 -0400 +++ linux-2.6.32.40/drivers/scsi/aic94xx/aic94xx_init.c 2011-04-17 15:56= :46.000000000 -0400 @@ -31824,6 +33035,125 @@ diff -urNp linux-2.6.32.40/drivers/scsi/aic94xx= /aic94xx_init.c linux-2.6.32.40/d asd_show_update_bios, asd_store_update_bios); =20 static int asd_create_dev_attrs(struct asd_ha_struct *asd_ha) +diff -urNp linux-2.6.32.40/drivers/scsi/BusLogic.c linux-2.6.32.40/drive= rs/scsi/BusLogic.c +--- linux-2.6.32.40/drivers/scsi/BusLogic.c 2011-03-27 14:31:47.00000000= 0 -0400 ++++ linux-2.6.32.40/drivers/scsi/BusLogic.c 2011-05-16 21:46:57.00000000= 0 -0400 +@@ -961,6 +961,8 @@ static int __init BusLogic_InitializeFla + static void __init BusLogic_InitializeProbeInfoList(struct BusLogic_Hos= tAdapter + *PrototypeHostAdapter) + { ++ pax_track_stack(); ++ + /* + If a PCI BIOS is present, interrogate it for MultiMaster and FlashP= oint + Host Adapters; otherwise, default to the standard ISA MultiMaster p= robe. +diff -urNp linux-2.6.32.40/drivers/scsi/dpt_i2o.c linux-2.6.32.40/driver= s/scsi/dpt_i2o.c +--- linux-2.6.32.40/drivers/scsi/dpt_i2o.c 2011-03-27 14:31:47.000000000= -0400 ++++ linux-2.6.32.40/drivers/scsi/dpt_i2o.c 2011-05-16 21:46:57.000000000= -0400 +@@ -1804,6 +1804,8 @@ static int adpt_i2o_passthru(adpt_hba* p + dma_addr_t addr; + ulong flags =3D 0; +=20 ++ pax_track_stack(); ++ + memset(&msg, 0, MAX_MESSAGE_SIZE*4); + // get user msg size in u32s=20 + if(get_user(size, &user_msg[0])){ +@@ -2297,6 +2299,8 @@ static s32 adpt_scsi_to_i2o(adpt_hba* pH + s32 rcode; + dma_addr_t addr; +=20 ++ pax_track_stack(); ++ + memset(msg, 0 , sizeof(msg)); + len =3D scsi_bufflen(cmd); + direction =3D 0x00000000;=09 +diff -urNp linux-2.6.32.40/drivers/scsi/eata.c linux-2.6.32.40/drivers/s= csi/eata.c +--- linux-2.6.32.40/drivers/scsi/eata.c 2011-03-27 14:31:47.000000000 -0= 400 ++++ linux-2.6.32.40/drivers/scsi/eata.c 2011-05-16 21:46:57.000000000 -0= 400 +@@ -1087,6 +1087,8 @@ static int port_detect(unsigned long por + struct hostdata *ha; + char name[16]; +=20 ++ pax_track_stack(); ++ + sprintf(name, "%s%d", driver_name, j); +=20 + if (!request_region(port_base, REGION_SIZE, driver_name)) { +diff -urNp linux-2.6.32.40/drivers/scsi/fcoe/libfcoe.c linux-2.6.32.40/d= rivers/scsi/fcoe/libfcoe.c +--- linux-2.6.32.40/drivers/scsi/fcoe/libfcoe.c 2011-03-27 14:31:47.0000= 00000 -0400 ++++ linux-2.6.32.40/drivers/scsi/fcoe/libfcoe.c 2011-05-16 21:46:57.0000= 00000 -0400 +@@ -809,6 +809,8 @@ static void fcoe_ctlr_recv_els(struct fc + size_t rlen; + size_t dlen; +=20 ++ pax_track_stack(); ++ + fiph =3D (struct fip_header *)skb->data; + sub =3D fiph->fip_subcode; + if (sub !=3D FIP_SC_REQ && sub !=3D FIP_SC_REP) +diff -urNp linux-2.6.32.40/drivers/scsi/gdth.c linux-2.6.32.40/drivers/s= csi/gdth.c +--- linux-2.6.32.40/drivers/scsi/gdth.c 2011-03-27 14:31:47.000000000 -0= 400 ++++ linux-2.6.32.40/drivers/scsi/gdth.c 2011-05-16 21:46:57.000000000 -0= 400 +@@ -4102,6 +4102,8 @@ static int ioc_lockdrv(void __user *arg) + ulong flags; + gdth_ha_str *ha; +=20 ++ pax_track_stack(); ++ + if (copy_from_user(&ldrv, arg, sizeof(gdth_ioctl_lockdrv))) + return -EFAULT; + ha =3D gdth_find_ha(ldrv.ionode); +@@ -4134,6 +4136,8 @@ static int ioc_resetdrv(void __user *arg + gdth_ha_str *ha; + int rval; +=20 ++ pax_track_stack(); ++ + if (copy_from_user(&res, arg, sizeof(gdth_ioctl_reset)) || + res.number >=3D MAX_HDRIVES) + return -EFAULT; +@@ -4169,6 +4173,8 @@ static int ioc_general(void __user *arg, + gdth_ha_str *ha; + int rval; +=20 ++ pax_track_stack(); ++ + if (copy_from_user(&gen, arg, sizeof(gdth_ioctl_general))) + return -EFAULT; + ha =3D gdth_find_ha(gen.ionode); +@@ -4625,6 +4631,9 @@ static void gdth_flush(gdth_ha_str *ha) + int i; + gdth_cmd_str gdtcmd; + char cmnd[MAX_COMMAND_SIZE]; =20 ++ ++ pax_track_stack(); ++ + memset(cmnd, 0xff, MAX_COMMAND_SIZE); +=20 + TRACE2(("gdth_flush() hanum %d\n", ha->hanum)); +diff -urNp linux-2.6.32.40/drivers/scsi/gdth_proc.c linux-2.6.32.40/driv= ers/scsi/gdth_proc.c +--- linux-2.6.32.40/drivers/scsi/gdth_proc.c 2011-03-27 14:31:47.0000000= 00 -0400 ++++ linux-2.6.32.40/drivers/scsi/gdth_proc.c 2011-05-16 21:46:57.0000000= 00 -0400 +@@ -46,6 +46,9 @@ static int gdth_set_asc_info(struct Scsi + ulong64 paddr; +=20 + char cmnd[MAX_COMMAND_SIZE]; ++ ++ pax_track_stack(); ++ + memset(cmnd, 0xff, 12); + memset(&gdtcmd, 0, sizeof(gdth_cmd_str)); +=20 +@@ -174,6 +177,8 @@ static int gdth_get_info(char *buffer,ch + gdth_hget_str *phg; + char cmnd[MAX_COMMAND_SIZE]; +=20 ++ pax_track_stack(); ++ + gdtcmd =3D kmalloc(sizeof(*gdtcmd), GFP_KERNEL); + estr =3D kmalloc(sizeof(*estr), GFP_KERNEL); + if (!gdtcmd || !estr) diff -urNp linux-2.6.32.40/drivers/scsi/hosts.c linux-2.6.32.40/drivers/= scsi/hosts.c --- linux-2.6.32.40/drivers/scsi/hosts.c 2011-03-27 14:31:47.000000000 -= 0400 +++ linux-2.6.32.40/drivers/scsi/hosts.c 2011-05-04 17:56:28.000000000 -= 0400 @@ -31995,7 +33325,7 @@ diff -urNp linux-2.6.32.40/drivers/scsi/libsas/sa= s_ata.c linux-2.6.32.40/drivers .qc_defer =3D ata_std_qc_defer, diff -urNp linux-2.6.32.40/drivers/scsi/lpfc/lpfc_debugfs.c linux-2.6.32= .40/drivers/scsi/lpfc/lpfc_debugfs.c --- linux-2.6.32.40/drivers/scsi/lpfc/lpfc_debugfs.c 2011-03-27 14:31:47= .000000000 -0400 -+++ linux-2.6.32.40/drivers/scsi/lpfc/lpfc_debugfs.c 2011-05-04 17:56:28= .000000000 -0400 ++++ linux-2.6.32.40/drivers/scsi/lpfc/lpfc_debugfs.c 2011-05-16 21:46:57= .000000000 -0400 @@ -124,7 +124,7 @@ struct lpfc_debug { int len; }; @@ -32023,7 +33353,16 @@ diff -urNp linux-2.6.32.40/drivers/scsi/lpfc/lpf= c_debugfs.c linux-2.6.32.40/driv (lpfc_debugfs_max_slow_ring_trc - 1); for (i =3D index; i < lpfc_debugfs_max_slow_ring_trc; i++) { dtp =3D phba->slow_ring_trc + i; -@@ -634,14 +634,14 @@ lpfc_debugfs_disc_trc(struct lpfc_vport=20 +@@ -397,6 +397,8 @@ lpfc_debugfs_dumpHBASlim_data(struct lpf + uint32_t *ptr; + char buffer[1024]; +=20 ++ pax_track_stack(); ++ + off =3D 0; + spin_lock_irq(&phba->hbalock); +=20 +@@ -634,14 +636,14 @@ lpfc_debugfs_disc_trc(struct lpfc_vport=20 !vport || !vport->disc_trc) return; =20 @@ -32040,7 +33379,7 @@ diff -urNp linux-2.6.32.40/drivers/scsi/lpfc/lpfc= _debugfs.c linux-2.6.32.40/driv dtp->jif =3D jiffies; #endif return; -@@ -672,14 +672,14 @@ lpfc_debugfs_slow_ring_trc(struct lpfc_h +@@ -672,14 +674,14 @@ lpfc_debugfs_slow_ring_trc(struct lpfc_h !phba || !phba->slow_ring_trc) return; =20 @@ -32057,7 +33396,7 @@ diff -urNp linux-2.6.32.40/drivers/scsi/lpfc/lpfc= _debugfs.c linux-2.6.32.40/driv dtp->jif =3D jiffies; #endif return; -@@ -1364,7 +1364,7 @@ lpfc_debugfs_initialize(struct lpfc_vpor +@@ -1364,7 +1366,7 @@ lpfc_debugfs_initialize(struct lpfc_vpor "slow_ring buffer\n"); goto debug_failed; } @@ -32066,7 +33405,7 @@ diff -urNp linux-2.6.32.40/drivers/scsi/lpfc/lpfc= _debugfs.c linux-2.6.32.40/driv memset(phba->slow_ring_trc, 0, (sizeof(struct lpfc_debugfs_trc) * lpfc_debugfs_max_slow_ring_trc)); -@@ -1410,7 +1410,7 @@ lpfc_debugfs_initialize(struct lpfc_vpor +@@ -1410,7 +1412,7 @@ lpfc_debugfs_initialize(struct lpfc_vpor "buffer\n"); goto debug_failed; } @@ -32161,6 +33500,30 @@ diff -urNp linux-2.6.32.40/drivers/scsi/lpfc/lpf= c_scsi.c linux-2.6.32.40/drivers } =20 /** +diff -urNp linux-2.6.32.40/drivers/scsi/megaraid/megaraid_mbox.c linux-2= .6.32.40/drivers/scsi/megaraid/megaraid_mbox.c +--- linux-2.6.32.40/drivers/scsi/megaraid/megaraid_mbox.c 2011-03-27 14:= 31:47.000000000 -0400 ++++ linux-2.6.32.40/drivers/scsi/megaraid/megaraid_mbox.c 2011-05-16 21:= 46:57.000000000 -0400 +@@ -3503,6 +3503,8 @@ megaraid_cmm_register(adapter_t *adapter + int rval; + int i; +=20 ++ pax_track_stack(); ++ + // Allocate memory for the base list of scb for management module. + adapter->uscb_list =3D kcalloc(MBOX_MAX_USER_CMDS, sizeof(scb_t), GFP_= KERNEL); +=20 +diff -urNp linux-2.6.32.40/drivers/scsi/osd/osd_initiator.c linux-2.6.32= .40/drivers/scsi/osd/osd_initiator.c +--- linux-2.6.32.40/drivers/scsi/osd/osd_initiator.c 2011-03-27 14:31:47= .000000000 -0400 ++++ linux-2.6.32.40/drivers/scsi/osd/osd_initiator.c 2011-05-16 21:46:57= .000000000 -0400 +@@ -94,6 +94,8 @@ static int _osd_print_system_info(struct + int nelem =3D ARRAY_SIZE(get_attrs), a =3D 0; + int ret; +=20 ++ pax_track_stack(); ++ + or =3D osd_start_request(od, GFP_KERNEL); + if (!or) + return -ENOMEM; diff -urNp linux-2.6.32.40/drivers/scsi/pmcraid.c linux-2.6.32.40/driver= s/scsi/pmcraid.c --- linux-2.6.32.40/drivers/scsi/pmcraid.c 2011-05-10 22:12:01.000000000= -0400 +++ linux-2.6.32.40/drivers/scsi/pmcraid.c 2011-05-10 22:12:33.000000000= -0400 @@ -32301,6 +33664,27 @@ diff -urNp linux-2.6.32.40/drivers/scsi/scsi.c l= inux-2.6.32.40/drivers/scsi/scsi =20 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state =3D=3D SDEV_DEL)) { +diff -urNp linux-2.6.32.40/drivers/scsi/scsi_debug.c linux-2.6.32.40/dri= vers/scsi/scsi_debug.c +--- linux-2.6.32.40/drivers/scsi/scsi_debug.c 2011-03-27 14:31:47.000000= 000 -0400 ++++ linux-2.6.32.40/drivers/scsi/scsi_debug.c 2011-05-16 21:46:57.000000= 000 -0400 +@@ -1395,6 +1395,8 @@ static int resp_mode_select(struct scsi_ + unsigned char arr[SDEBUG_MAX_MSELECT_SZ]; + unsigned char *cmd =3D (unsigned char *)scp->cmnd; +=20 ++ pax_track_stack(); ++ + if ((errsts =3D check_readiness(scp, 1, devip))) + return errsts; + memset(arr, 0, sizeof(arr)); +@@ -1492,6 +1494,8 @@ static int resp_log_sense(struct scsi_cm + unsigned char arr[SDEBUG_MAX_LSENSE_SZ]; + unsigned char *cmd =3D (unsigned char *)scp->cmnd; +=20 ++ pax_track_stack(); ++ + if ((errsts =3D check_readiness(scp, 1, devip))) + return errsts; + memset(arr, 0, sizeof(arr)); diff -urNp linux-2.6.32.40/drivers/scsi/scsi_lib.c linux-2.6.32.40/drive= rs/scsi/scsi_lib.c --- linux-2.6.32.40/drivers/scsi/scsi_lib.c 2011-05-10 22:12:01.00000000= 0 -0400 +++ linux-2.6.32.40/drivers/scsi/scsi_lib.c 2011-05-10 22:12:33.00000000= 0 -0400 @@ -32448,6 +33832,18 @@ diff -urNp linux-2.6.32.40/drivers/scsi/sg.c lin= ux-2.6.32.40/drivers/scsi/sg.c =20 sg_proc_sgp =3D proc_mkdir(sg_proc_sg_dirname, NULL); if (!sg_proc_sgp) +diff -urNp linux-2.6.32.40/drivers/scsi/sym53c8xx_2/sym_glue.c linux-2.6= .32.40/drivers/scsi/sym53c8xx_2/sym_glue.c +--- linux-2.6.32.40/drivers/scsi/sym53c8xx_2/sym_glue.c 2011-03-27 14:31= :47.000000000 -0400 ++++ linux-2.6.32.40/drivers/scsi/sym53c8xx_2/sym_glue.c 2011-05-16 21:46= :57.000000000 -0400 +@@ -1754,6 +1754,8 @@ static int __devinit sym2_probe(struct p + int do_iounmap =3D 0; + int do_disable_device =3D 1; +=20 ++ pax_track_stack(); ++ + memset(&sym_dev, 0, sizeof(sym_dev)); + memset(&nvram, 0, sizeof(nvram)); + sym_dev.pdev =3D pdev; diff -urNp linux-2.6.32.40/drivers/serial/kgdboc.c linux-2.6.32.40/drive= rs/serial/kgdboc.c --- linux-2.6.32.40/drivers/serial/kgdboc.c 2011-03-27 14:31:47.00000000= 0 -0400 +++ linux-2.6.32.40/drivers/serial/kgdboc.c 2011-04-17 15:56:46.00000000= 0 -0400 @@ -33075,6 +34471,18 @@ diff -urNp linux-2.6.32.40/drivers/staging/vme/d= evices/vme_user.c linux-2.6.32.4 .open =3D vme_user_open, .release =3D vme_user_release, .read =3D vme_user_read, +diff -urNp linux-2.6.32.40/drivers/telephony/ixj.c linux-2.6.32.40/drive= rs/telephony/ixj.c +--- linux-2.6.32.40/drivers/telephony/ixj.c 2011-03-27 14:31:47.00000000= 0 -0400 ++++ linux-2.6.32.40/drivers/telephony/ixj.c 2011-05-16 21:46:57.00000000= 0 -0400 +@@ -4976,6 +4976,8 @@ static int ixj_daa_cid_read(IXJ *j) + bool mContinue; + char *pIn, *pOut; +=20 ++ pax_track_stack(); ++ + if (!SCI_Prepare(j)) + return 0; +=20 diff -urNp linux-2.6.32.40/drivers/uio/uio.c linux-2.6.32.40/drivers/uio= /uio.c --- linux-2.6.32.40/drivers/uio/uio.c 2011-03-27 14:31:47.000000000 -040= 0 +++ linux-2.6.32.40/drivers/uio/uio.c 2011-05-04 17:56:20.000000000 -040= 0 @@ -33731,7 +35139,7 @@ diff -urNp linux-2.6.32.40/drivers/video/fbcmap.c= linux-2.6.32.40/drivers/video/ } diff -urNp linux-2.6.32.40/drivers/video/fbmem.c linux-2.6.32.40/drivers= /video/fbmem.c --- linux-2.6.32.40/drivers/video/fbmem.c 2011-03-27 14:31:47.000000000 = -0400 -+++ linux-2.6.32.40/drivers/video/fbmem.c 2011-04-17 15:56:46.000000000 = -0400 ++++ linux-2.6.32.40/drivers/video/fbmem.c 2011-05-16 21:46:57.000000000 = -0400 @@ -403,7 +403,7 @@ static void fb_do_show_logo(struct fb_in image->dx +=3D image->width + 8; } @@ -33750,7 +35158,25 @@ diff -urNp linux-2.6.32.40/drivers/video/fbmem.c= linux-2.6.32.40/drivers/video/f info->fbops->fb_imageblit(info, image); image->dy -=3D image->height + 8; } -@@ -1119,7 +1119,7 @@ static long do_fb_ioctl(struct fb_info * +@@ -915,6 +915,8 @@ fb_set_var(struct fb_info *info, struct=20 + int flags =3D info->flags; + int ret =3D 0; +=20 ++ pax_track_stack(); ++ + if (var->activate & FB_ACTIVATE_INV_MODE) { + struct fb_videomode mode1, mode2; +=20 +@@ -1040,6 +1042,8 @@ static long do_fb_ioctl(struct fb_info * + void __user *argp =3D (void __user *)arg; + long ret =3D 0; +=20 ++ pax_track_stack(); ++ + switch (cmd) { + case FBIOGET_VSCREENINFO: + if (!lock_fb_info(info)) +@@ -1119,7 +1123,7 @@ static long do_fb_ioctl(struct fb_info * return -EFAULT; if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES) return -EINVAL; @@ -34004,7 +35430,7 @@ diff -urNp linux-2.6.32.40/fs/9p/vfs_inode.c linu= x-2.6.32.40/fs/9p/vfs_inode.c IS_ERR(s) ? "" : s); diff -urNp linux-2.6.32.40/fs/aio.c linux-2.6.32.40/fs/aio.c --- linux-2.6.32.40/fs/aio.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/fs/aio.c 2011-04-17 15:56:46.000000000 -0400 ++++ linux-2.6.32.40/fs/aio.c 2011-05-16 21:46:57.000000000 -0400 @@ -115,7 +115,7 @@ static int aio_setup_ring(struct kioctx=20 size +=3D sizeof(struct io_event) * nr_events; nr_pages =3D (size + PAGE_SIZE-1) >> PAGE_SHIFT; @@ -34014,6 +35440,15 @@ diff -urNp linux-2.6.32.40/fs/aio.c linux-2.6.32= .40/fs/aio.c return -EINVAL; =20 nr_events =3D (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeo= f(struct io_event); +@@ -1089,6 +1089,8 @@ static int read_events(struct kioctx *ct + struct aio_timeout to; + int retry =3D 0; +=20 ++ pax_track_stack(); ++ + /* needed to zero any padding within an entry (there shouldn't be=20 + * any, but C is fun! + */ diff -urNp linux-2.6.32.40/fs/attr.c linux-2.6.32.40/fs/attr.c --- linux-2.6.32.40/fs/attr.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.40/fs/attr.c 2011-04-17 15:56:46.000000000 -0400 @@ -34154,7 +35589,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_aout.c linux= -2.6.32.40/fs/binfmt_aout.c up_write(¤t->mm->mmap_sem); diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-2.6.32.40/fs/binfmt_elf= .c --- linux-2.6.32.40/fs/binfmt_elf.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/fs/binfmt_elf.c 2011-04-17 15:56:46.000000000 -0400 ++++ linux-2.6.32.40/fs/binfmt_elf.c 2011-05-16 21:46:57.000000000 -0400 @@ -50,6 +50,10 @@ static int elf_core_dump(long signr, str #define elf_core_dump NULL #endif @@ -34196,7 +35631,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c return 0; } =20 -@@ -148,12 +159,13 @@ create_elf_tables(struct linux_binprm *b +@@ -148,12 +159,15 @@ create_elf_tables(struct linux_binprm *b elf_addr_t __user *u_rand_bytes; const char *k_platform =3D ELF_PLATFORM; const char *k_base_platform =3D ELF_BASE_PLATFORM; @@ -34208,10 +35643,12 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linu= x-2.6.32.40/fs/binfmt_elf.c const struct cred *cred =3D current_cred(); struct vm_area_struct *vma; + unsigned long saved_auxv[AT_VECTOR_SIZE]; ++ ++ pax_track_stack(); =20 /* * In some cases (e.g. Hyper-Threading), we want to avoid L1 -@@ -195,8 +207,12 @@ create_elf_tables(struct linux_binprm *b +@@ -195,8 +209,12 @@ create_elf_tables(struct linux_binprm *b * Generate 16 random bytes for userspace PRNG seeding. */ get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); @@ -34226,7 +35663,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes))) return -EFAULT; =20 -@@ -308,9 +324,11 @@ create_elf_tables(struct linux_binprm *b +@@ -308,9 +326,11 @@ create_elf_tables(struct linux_binprm *b return -EFAULT; current->mm->env_end =3D p; =20 @@ -34239,7 +35676,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c return -EFAULT; return 0; } -@@ -385,10 +403,10 @@ static unsigned long load_elf_interp(str +@@ -385,10 +405,10 @@ static unsigned long load_elf_interp(str { struct elf_phdr *elf_phdata; struct elf_phdr *eppnt; @@ -34252,7 +35689,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c unsigned long total_size; int retval, i, size; =20 -@@ -434,6 +452,11 @@ static unsigned long load_elf_interp(str +@@ -434,6 +454,11 @@ static unsigned long load_elf_interp(str goto out_close; } =20 @@ -34264,7 +35701,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c eppnt =3D elf_phdata; for (i =3D 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { if (eppnt->p_type =3D=3D PT_LOAD) { -@@ -477,8 +500,8 @@ static unsigned long load_elf_interp(str +@@ -477,8 +502,8 @@ static unsigned long load_elf_interp(str k =3D load_addr + eppnt->p_vaddr; if (BAD_ADDR(k) || eppnt->p_filesz > eppnt->p_memsz || @@ -34275,7 +35712,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c error =3D -ENOMEM; goto out_close; } -@@ -532,6 +555,194 @@ out: +@@ -532,6 +557,194 @@ out: return error; } =20 @@ -34470,7 +35907,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c /* * These are the functions used to load ELF style executables and share= d * libraries. There is no binary dependent code anywhere else. -@@ -548,6 +759,11 @@ static unsigned long randomize_stack_top +@@ -548,6 +761,11 @@ static unsigned long randomize_stack_top { unsigned int random_variable =3D 0; =20 @@ -34482,7 +35919,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable =3D get_random_int() & STACK_RND_MASK; -@@ -566,7 +782,7 @@ static int load_elf_binary(struct linux_ +@@ -566,7 +784,7 @@ static int load_elf_binary(struct linux_ unsigned long load_addr =3D 0, load_bias =3D 0; int load_addr_set =3D 0; char * elf_interpreter =3D NULL; @@ -34491,7 +35928,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -576,11 +792,11 @@ static int load_elf_binary(struct linux_ +@@ -576,11 +794,11 @@ static int load_elf_binary(struct linux_ unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc =3D 0; int executable_stack =3D EXSTACK_DEFAULT; @@ -34504,7 +35941,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c =20 loc =3D kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -718,11 +934,80 @@ static int load_elf_binary(struct linux_ +@@ -718,11 +936,80 @@ static int load_elf_binary(struct linux_ =20 /* OK, This is the point of no return */ current->flags &=3D ~PF_FORKNOEXEC; @@ -34586,7 +36023,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |=3D READ_IMPLIES_EXEC; =20 -@@ -804,6 +1089,20 @@ static int load_elf_binary(struct linux_ +@@ -804,6 +1091,20 @@ static int load_elf_binary(struct linux_ #else load_bias =3D ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -34607,7 +36044,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c } =20 error =3D elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -836,9 +1135,9 @@ static int load_elf_binary(struct linux_ +@@ -836,9 +1137,9 @@ static int load_elf_binary(struct linux_ * allowed task size. Note that p_filesz must always be * <=3D p_memsz so it is only necessary to check p_memsz. */ @@ -34620,7 +36057,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval =3D -EINVAL; -@@ -866,6 +1165,11 @@ static int load_elf_binary(struct linux_ +@@ -866,6 +1167,11 @@ static int load_elf_binary(struct linux_ start_data +=3D load_bias; end_data +=3D load_bias; =20 @@ -34632,7 +36069,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c /* Calling set_brk effectively mmaps the pages that we need * for the bss and break sections. We must do this before * mapping in the interpreter, to make sure it doesn't wind -@@ -877,9 +1181,11 @@ static int load_elf_binary(struct linux_ +@@ -877,9 +1183,11 @@ static int load_elf_binary(struct linux_ goto out_free_dentry; } if (likely(elf_bss !=3D elf_brk) && unlikely(padzero(elf_bss))) { @@ -34647,7 +36084,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c } =20 if (elf_interpreter) { -@@ -1112,8 +1418,10 @@ static int dump_seek(struct file *file,=20 +@@ -1112,8 +1420,10 @@ static int dump_seek(struct file *file,=20 unsigned long n =3D off; if (n > PAGE_SIZE) n =3D PAGE_SIZE; @@ -34659,7 +36096,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c off -=3D n; } free_page((unsigned long)buf); -@@ -1125,7 +1433,7 @@ static int dump_seek(struct file *file,=20 +@@ -1125,7 +1435,7 @@ static int dump_seek(struct file *file,=20 * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -34668,7 +36105,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) =20 -@@ -1159,7 +1467,7 @@ static unsigned long vma_dump_size(struc +@@ -1159,7 +1469,7 @@ static unsigned long vma_dump_size(struc if (vma->vm_file =3D=3D NULL) return 0; =20 @@ -34677,7 +36114,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c goto whole; =20 /* -@@ -1255,8 +1563,11 @@ static int writenote(struct memelfnote * +@@ -1255,8 +1565,11 @@ static int writenote(struct memelfnote * #undef DUMP_WRITE =20 #define DUMP_WRITE(addr, nr) \ @@ -34690,7 +36127,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c =20 static void fill_elf_header(struct elfhdr *elf, int segs, u16 machine, u32 flags, u8 osabi) -@@ -1385,9 +1696,9 @@ static void fill_auxv_note(struct memelf +@@ -1385,9 +1698,9 @@ static void fill_auxv_note(struct memelf { elf_addr_t *auxv =3D (elf_addr_t *) mm->saved_auxv; int i =3D 0; @@ -34702,7 +36139,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } =20 -@@ -1973,7 +2284,7 @@ static int elf_core_dump(long signr, str +@@ -1973,7 +2286,7 @@ static int elf_core_dump(long signr, str phdr.p_offset =3D offset; phdr.p_vaddr =3D vma->vm_start; phdr.p_paddr =3D 0; @@ -34711,7 +36148,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c phdr.p_memsz =3D vma->vm_end - vma->vm_start; offset +=3D phdr.p_filesz; phdr.p_flags =3D vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2006,7 +2317,7 @@ static int elf_core_dump(long signr, str +@@ -2006,7 +2319,7 @@ static int elf_core_dump(long signr, str unsigned long addr; unsigned long end; =20 @@ -34720,7 +36157,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c =20 for (addr =3D vma->vm_start; addr < end; addr +=3D PAGE_SIZE) { struct page *page; -@@ -2015,6 +2326,7 @@ static int elf_core_dump(long signr, str +@@ -2015,6 +2328,7 @@ static int elf_core_dump(long signr, str page =3D get_dump_page(addr); if (page) { void *kaddr =3D kmap(page); @@ -34728,7 +36165,7 @@ diff -urNp linux-2.6.32.40/fs/binfmt_elf.c linux-= 2.6.32.40/fs/binfmt_elf.c stop =3D ((size +=3D PAGE_SIZE) > limit) || !dump_write(file, kaddr, PAGE_SIZE); kunmap(page); -@@ -2042,6 +2354,97 @@ out: +@@ -2042,6 +2356,97 @@ out: =20 #endif /* USE_ELF_CORE_DUMP */ =20 @@ -35499,7 +36936,7 @@ diff -urNp linux-2.6.32.40/fs/compat_binfmt_elf.c= linux-2.6.32.40/fs/compat_binf /* diff -urNp linux-2.6.32.40/fs/compat.c linux-2.6.32.40/fs/compat.c --- linux-2.6.32.40/fs/compat.c 2011-04-17 17:00:52.000000000 -0400 -+++ linux-2.6.32.40/fs/compat.c 2011-04-23 13:29:24.000000000 -0400 ++++ linux-2.6.32.40/fs/compat.c 2011-05-16 21:46:57.000000000 -0400 @@ -830,6 +830,7 @@ struct compat_old_linux_dirent { =20 struct compat_readdir_callback { @@ -35679,6 +37116,15 @@ diff -urNp linux-2.6.32.40/fs/compat.c linux-2.6= .32.40/fs/compat.c out: if (bprm->mm) { acct_arg_size(bprm, 0); +@@ -1711,6 +1786,8 @@ int compat_core_sys_select(int n, compat + struct fdtable *fdt; + long stack_fds[SELECT_STACK_ALLOC/sizeof(long)]; +=20 ++ pax_track_stack(); ++ + if (n < 0) + goto out_nofds; +=20 diff -urNp linux-2.6.32.40/fs/compat_ioctl.c linux-2.6.32.40/fs/compat_i= octl.c --- linux-2.6.32.40/fs/compat_ioctl.c 2011-03-27 14:31:47.000000000 -040= 0 +++ linux-2.6.32.40/fs/compat_ioctl.c 2011-04-23 12:56:11.000000000 -040= 0 @@ -36411,7 +37857,7 @@ diff -urNp linux-2.6.32.40/fs/ext4/ext4.h linux-2= .6.32.40/fs/ext4/ext4.h /* locality groups */ diff -urNp linux-2.6.32.40/fs/ext4/mballoc.c linux-2.6.32.40/fs/ext4/mba= lloc.c --- linux-2.6.32.40/fs/ext4/mballoc.c 2011-03-27 14:31:47.000000000 -040= 0 -+++ linux-2.6.32.40/fs/ext4/mballoc.c 2011-04-17 15:56:46.000000000 -040= 0 ++++ linux-2.6.32.40/fs/ext4/mballoc.c 2011-05-16 21:46:57.000000000 -040= 0 @@ -1753,7 +1753,7 @@ void ext4_mb_simple_scan_group(struct ex BUG_ON(ac->ac_b_ex.fe_len !=3D ac->ac_g_ex.fe_len); =20 @@ -36430,7 +37876,16 @@ diff -urNp linux-2.6.32.40/fs/ext4/mballoc.c lin= ux-2.6.32.40/fs/ext4/mballoc.c goto repeat; } } -@@ -2532,25 +2532,25 @@ int ext4_mb_release(struct super_block * +@@ -2172,6 +2172,8 @@ static int ext4_mb_seq_groups_show(struc + ext4_grpblk_t counters[16]; + } sg; +=20 ++ pax_track_stack(); ++ + group--; + if (group =3D=3D 0) + seq_printf(seq, "#%-5s: %-5s %-5s %-5s " +@@ -2532,25 +2534,25 @@ int ext4_mb_release(struct super_block * if (sbi->s_mb_stats) { printk(KERN_INFO "EXT4-fs: mballoc: %u blocks %u reqs (%u success)\n", @@ -36466,7 +37921,7 @@ diff -urNp linux-2.6.32.40/fs/ext4/mballoc.c linu= x-2.6.32.40/fs/ext4/mballoc.c } =20 free_percpu(sbi->s_locality_groups); -@@ -3032,16 +3032,16 @@ static void ext4_mb_collect_stats(struct +@@ -3032,16 +3034,16 @@ static void ext4_mb_collect_stats(struct struct ext4_sb_info *sbi =3D EXT4_SB(ac->ac_sb); =20 if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -36489,7 +37944,7 @@ diff -urNp linux-2.6.32.40/fs/ext4/mballoc.c linu= x-2.6.32.40/fs/ext4/mballoc.c } =20 if (ac->ac_op =3D=3D EXT4_MB_HISTORY_ALLOC) -@@ -3441,7 +3441,7 @@ ext4_mb_new_inode_pa(struct ext4_allocat +@@ -3441,7 +3443,7 @@ ext4_mb_new_inode_pa(struct ext4_allocat trace_ext4_mb_new_inode_pa(ac, pa); =20 ext4_mb_use_inode_pa(ac, pa); @@ -36498,7 +37953,7 @@ diff -urNp linux-2.6.32.40/fs/ext4/mballoc.c linu= x-2.6.32.40/fs/ext4/mballoc.c =20 ei =3D EXT4_I(ac->ac_inode); grp =3D ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3501,7 +3501,7 @@ ext4_mb_new_group_pa(struct ext4_allocat +@@ -3501,7 +3503,7 @@ ext4_mb_new_group_pa(struct ext4_allocat trace_ext4_mb_new_group_pa(ac, pa); =20 ext4_mb_use_group_pa(ac, pa); @@ -36507,7 +37962,7 @@ diff -urNp linux-2.6.32.40/fs/ext4/mballoc.c linu= x-2.6.32.40/fs/ext4/mballoc.c =20 grp =3D ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg =3D ac->ac_lg; -@@ -3605,7 +3605,7 @@ ext4_mb_release_inode_pa(struct ext4_bud +@@ -3605,7 +3607,7 @@ ext4_mb_release_inode_pa(struct ext4_bud * from the bitmap and continue. */ } @@ -36516,7 +37971,7 @@ diff -urNp linux-2.6.32.40/fs/ext4/mballoc.c linu= x-2.6.32.40/fs/ext4/mballoc.c =20 return err; } -@@ -3624,7 +3624,7 @@ ext4_mb_release_group_pa(struct ext4_bud +@@ -3624,7 +3626,7 @@ ext4_mb_release_group_pa(struct ext4_bud ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group !=3D e4b->bd_group && pa->pa_len !=3D 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -38251,6 +39706,18 @@ diff -urNp linux-2.6.32.40/fs/fuse/fuse_i.h linu= x-2.6.32.40/fs/fuse/fuse_i.h /** * Inode to nodeid comparison. */ +diff -urNp linux-2.6.32.40/fs/gfs2/ops_inode.c linux-2.6.32.40/fs/gfs2/o= ps_inode.c +--- linux-2.6.32.40/fs/gfs2/ops_inode.c 2011-03-27 14:31:47.000000000 -0= 400 ++++ linux-2.6.32.40/fs/gfs2/ops_inode.c 2011-05-16 21:46:57.000000000 -0= 400 +@@ -752,6 +752,8 @@ static int gfs2_rename(struct inode *odi + unsigned int x; + int error; +=20 ++ pax_track_stack(); ++ + if (ndentry->d_inode) { + nip =3D GFS2_I(ndentry->d_inode); + if (ip =3D=3D nip) diff -urNp linux-2.6.32.40/fs/gfs2/sys.c linux-2.6.32.40/fs/gfs2/sys.c --- linux-2.6.32.40/fs/gfs2/sys.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.40/fs/gfs2/sys.c 2011-04-17 15:56:46.000000000 -0400 @@ -38272,6 +39739,102 @@ diff -urNp linux-2.6.32.40/fs/gfs2/sys.c linux-= 2.6.32.40/fs/gfs2/sys.c .uevent =3D gfs2_uevent, }; =20 +diff -urNp linux-2.6.32.40/fs/hfsplus/catalog.c linux-2.6.32.40/fs/hfspl= us/catalog.c +--- linux-2.6.32.40/fs/hfsplus/catalog.c 2011-03-27 14:31:47.000000000 -= 0400 ++++ linux-2.6.32.40/fs/hfsplus/catalog.c 2011-05-16 21:46:57.000000000 -= 0400 +@@ -157,6 +157,8 @@ int hfsplus_find_cat(struct super_block=20 + int err; + u16 type; +=20 ++ pax_track_stack(); ++ + hfsplus_cat_build_key(sb, fd->search_key, cnid, NULL); + err =3D hfs_brec_read(fd, &tmp, sizeof(hfsplus_cat_entry)); + if (err) +@@ -186,6 +188,8 @@ int hfsplus_create_cat(u32 cnid, struct=20 + int entry_size; + int err; +=20 ++ pax_track_stack(); ++ + dprint(DBG_CAT_MOD, "create_cat: %s,%u(%d)\n", str->name, cnid, inode-= >i_nlink); + sb =3D dir->i_sb; + hfs_find_init(HFSPLUS_SB(sb).cat_tree, &fd); +@@ -318,6 +322,8 @@ int hfsplus_rename_cat(u32 cnid, + int entry_size, type; + int err =3D 0; +=20 ++ pax_track_stack(); ++ + dprint(DBG_CAT_MOD, "rename_cat: %u - %lu,%s - %lu,%s\n", cnid, src_di= r->i_ino, src_name->name, + dst_dir->i_ino, dst_name->name); + sb =3D src_dir->i_sb; +diff -urNp linux-2.6.32.40/fs/hfsplus/dir.c linux-2.6.32.40/fs/hfsplus/d= ir.c +--- linux-2.6.32.40/fs/hfsplus/dir.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/fs/hfsplus/dir.c 2011-05-16 21:46:57.000000000 -0400 +@@ -121,6 +121,8 @@ static int hfsplus_readdir(struct file * + struct hfsplus_readdir_data *rd; + u16 type; +=20 ++ pax_track_stack(); ++ + if (filp->f_pos >=3D inode->i_size) + return 0; +=20 +diff -urNp linux-2.6.32.40/fs/hfsplus/inode.c linux-2.6.32.40/fs/hfsplus= /inode.c +--- linux-2.6.32.40/fs/hfsplus/inode.c 2011-03-27 14:31:47.000000000 -04= 00 ++++ linux-2.6.32.40/fs/hfsplus/inode.c 2011-05-16 21:46:57.000000000 -04= 00 +@@ -399,6 +399,8 @@ int hfsplus_cat_read_inode(struct inode=20 + int res =3D 0; + u16 type; +=20 ++ pax_track_stack(); ++ + type =3D hfs_bnode_read_u16(fd->bnode, fd->entryoffset); +=20 + HFSPLUS_I(inode).dev =3D 0; +@@ -461,6 +463,8 @@ int hfsplus_cat_write_inode(struct inode + struct hfs_find_data fd; + hfsplus_cat_entry entry; +=20 ++ pax_track_stack(); ++ + if (HFSPLUS_IS_RSRC(inode)) + main_inode =3D HFSPLUS_I(inode).rsrc_inode; +=20 +diff -urNp linux-2.6.32.40/fs/hfsplus/ioctl.c linux-2.6.32.40/fs/hfsplus= /ioctl.c +--- linux-2.6.32.40/fs/hfsplus/ioctl.c 2011-03-27 14:31:47.000000000 -04= 00 ++++ linux-2.6.32.40/fs/hfsplus/ioctl.c 2011-05-16 21:46:57.000000000 -04= 00 +@@ -101,6 +101,8 @@ int hfsplus_setxattr(struct dentry *dent + struct hfsplus_cat_file *file; + int res; +=20 ++ pax_track_stack(); ++ + if (!S_ISREG(inode->i_mode) || HFSPLUS_IS_RSRC(inode)) + return -EOPNOTSUPP; +=20 +@@ -143,6 +145,8 @@ ssize_t hfsplus_getxattr(struct dentry * + struct hfsplus_cat_file *file; + ssize_t res =3D 0; +=20 ++ pax_track_stack(); ++ + if (!S_ISREG(inode->i_mode) || HFSPLUS_IS_RSRC(inode)) + return -EOPNOTSUPP; +=20 +diff -urNp linux-2.6.32.40/fs/hfsplus/super.c linux-2.6.32.40/fs/hfsplus= /super.c +--- linux-2.6.32.40/fs/hfsplus/super.c 2011-03-27 14:31:47.000000000 -04= 00 ++++ linux-2.6.32.40/fs/hfsplus/super.c 2011-05-16 21:46:57.000000000 -04= 00 +@@ -312,6 +312,8 @@ static int hfsplus_fill_super(struct sup + struct nls_table *nls =3D NULL; + int err =3D -EINVAL; +=20 ++ pax_track_stack(); ++ + sbi =3D kzalloc(sizeof(*sbi), GFP_KERNEL); + if (!sbi) + return -ENOMEM; diff -urNp linux-2.6.32.40/fs/hugetlbfs/inode.c linux-2.6.32.40/fs/huget= lbfs/inode.c --- linux-2.6.32.40/fs/hugetlbfs/inode.c 2011-03-27 14:31:47.000000000 -= 0400 +++ linux-2.6.32.40/fs/hugetlbfs/inode.c 2011-04-17 15:56:46.000000000 -= 0400 @@ -38314,6 +39877,51 @@ diff -urNp linux-2.6.32.40/fs/ioctl.c linux-2.6.= 32.40/fs/ioctl.c error =3D -EFAULT; =20 return error; +diff -urNp linux-2.6.32.40/fs/jbd/checkpoint.c linux-2.6.32.40/fs/jbd/ch= eckpoint.c +--- linux-2.6.32.40/fs/jbd/checkpoint.c 2011-03-27 14:31:47.000000000 -0= 400 ++++ linux-2.6.32.40/fs/jbd/checkpoint.c 2011-05-16 21:46:57.000000000 -0= 400 +@@ -348,6 +348,8 @@ int log_do_checkpoint(journal_t *journal + tid_t this_tid; + int result; +=20 ++ pax_track_stack(); ++ + jbd_debug(1, "Start checkpoint\n"); +=20 + /* +diff -urNp linux-2.6.32.40/fs/jffs2/compr_rtime.c linux-2.6.32.40/fs/jff= s2/compr_rtime.c +--- linux-2.6.32.40/fs/jffs2/compr_rtime.c 2011-03-27 14:31:47.000000000= -0400 ++++ linux-2.6.32.40/fs/jffs2/compr_rtime.c 2011-05-16 21:46:57.000000000= -0400 +@@ -37,6 +37,8 @@ static int jffs2_rtime_compress(unsigned + int outpos =3D 0; + int pos=3D0; +=20 ++ pax_track_stack(); ++ + memset(positions,0,sizeof(positions)); +=20 + while (pos < (*sourcelen) && outpos <=3D (*dstlen)-2) { +@@ -79,6 +81,8 @@ static int jffs2_rtime_decompress(unsign + int outpos =3D 0; + int pos=3D0; +=20 ++ pax_track_stack(); ++ + memset(positions,0,sizeof(positions)); +=20 + while (outposflags & JFFS2_SB_FLAG_BUILDING)); +=20 ++ pax_track_stack(); ++ + /* Phase.1 : Merge same xref */ + for (i=3D0; i < XREF_TMPHASH_SIZE; i++) + xref_tmphash[i] =3D NULL; diff -urNp linux-2.6.32.40/fs/Kconfig.binfmt linux-2.6.32.40/fs/Kconfig.= binfmt --- linux-2.6.32.40/fs/Kconfig.binfmt 2011-03-27 14:31:47.000000000 -040= 0 +++ linux-2.6.32.40/fs/Kconfig.binfmt 2011-04-17 15:56:46.000000000 -040= 0 @@ -38379,7 +39999,7 @@ diff -urNp linux-2.6.32.40/fs/libfs.c linux-2.6.3= 2.40/fs/libfs.c dt_type(next->d_inode)) < 0) diff -urNp linux-2.6.32.40/fs/lockd/clntproc.c linux-2.6.32.40/fs/lockd/= clntproc.c --- linux-2.6.32.40/fs/lockd/clntproc.c 2011-03-27 14:31:47.000000000 -0= 400 -+++ linux-2.6.32.40/fs/lockd/clntproc.c 2011-05-04 17:56:28.000000000 -0= 400 ++++ linux-2.6.32.40/fs/lockd/clntproc.c 2011-05-16 21:46:57.000000000 -0= 400 @@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt /* * Cookie counter for NLM requests @@ -38394,6 +40014,15 @@ diff -urNp linux-2.6.32.40/fs/lockd/clntproc.c l= inux-2.6.32.40/fs/lockd/clntproc =20 memcpy(c->data, &cookie, 4); c->len=3D4; +@@ -621,6 +621,8 @@ nlmclnt_reclaim(struct nlm_host *host, s + struct nlm_rqst reqst, *req; + int status; +=20 ++ pax_track_stack(); ++ + req =3D &reqst; + memset(req, 0, sizeof(*req)); + locks_init_lock(&req->a_args.lock.fl); diff -urNp linux-2.6.32.40/fs/lockd/svc.c linux-2.6.32.40/fs/lockd/svc.c --- linux-2.6.32.40/fs/lockd/svc.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.40/fs/lockd/svc.c 2011-04-17 15:56:46.000000000 -0400 @@ -38432,7 +40061,7 @@ diff -urNp linux-2.6.32.40/fs/locks.c linux-2.6.3= 2.40/fs/locks.c lock_kernel(); diff -urNp linux-2.6.32.40/fs/namei.c linux-2.6.32.40/fs/namei.c --- linux-2.6.32.40/fs/namei.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/fs/namei.c 2011-04-17 15:56:46.000000000 -0400 ++++ linux-2.6.32.40/fs/namei.c 2011-05-16 21:46:57.000000000 -0400 @@ -224,14 +224,6 @@ int generic_permission(struct inode *ino return ret; =20 @@ -38811,7 +40440,16 @@ diff -urNp linux-2.6.32.40/fs/namei.c linux-2.6.= 32.40/fs/namei.c out_drop_write: mnt_drop_write(nd.path.mnt); out_dput: -@@ -2764,6 +2916,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c +@@ -2708,6 +2860,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c + char *to; + int error; +=20 ++ pax_track_stack(); ++ + error =3D user_path_parent(olddfd, oldname, &oldnd, &from); + if (error) + goto exit; +@@ -2764,6 +2918,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c if (new_dentry =3D=3D trap) goto exit5; =20 @@ -38824,7 +40462,7 @@ diff -urNp linux-2.6.32.40/fs/namei.c linux-2.6.3= 2.40/fs/namei.c error =3D mnt_want_write(oldnd.path.mnt); if (error) goto exit5; -@@ -2773,6 +2931,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c +@@ -2773,6 +2933,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c goto exit6; error =3D vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry); @@ -38834,7 +40472,7 @@ diff -urNp linux-2.6.32.40/fs/namei.c linux-2.6.3= 2.40/fs/namei.c exit6: mnt_drop_write(oldnd.path.mnt); exit5: -@@ -2798,6 +2959,8 @@ SYSCALL_DEFINE2(rename, const char __use +@@ -2798,6 +2961,8 @@ SYSCALL_DEFINE2(rename, const char __use =20 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen= , const char *link) { @@ -38843,7 +40481,7 @@ diff -urNp linux-2.6.32.40/fs/namei.c linux-2.6.3= 2.40/fs/namei.c int len; =20 len =3D PTR_ERR(link); -@@ -2807,7 +2970,14 @@ int vfs_readlink(struct dentry *dentry,=20 +@@ -2807,7 +2972,14 @@ int vfs_readlink(struct dentry *dentry,=20 len =3D strlen(link); if (len > (unsigned) buflen) len =3D buflen; @@ -38922,6 +40560,80 @@ diff -urNp linux-2.6.32.40/fs/namespace.c linux-= 2.6.32.40/fs/namespace.c read_lock(¤t->fs->lock); root =3D current->fs->root; path_get(¤t->fs->root); +diff -urNp linux-2.6.32.40/fs/ncpfs/dir.c linux-2.6.32.40/fs/ncpfs/dir.c +--- linux-2.6.32.40/fs/ncpfs/dir.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/fs/ncpfs/dir.c 2011-05-16 21:46:57.000000000 -0400 +@@ -275,6 +275,8 @@ __ncp_lookup_validate(struct dentry *den + int res, val =3D 0, len; + __u8 __name[NCP_MAXPATHLEN + 1]; +=20 ++ pax_track_stack(); ++ + parent =3D dget_parent(dentry); + dir =3D parent->d_inode; +=20 +@@ -799,6 +801,8 @@ static struct dentry *ncp_lookup(struct=20 + int error, res, len; + __u8 __name[NCP_MAXPATHLEN + 1]; +=20 ++ pax_track_stack(); ++ + lock_kernel(); + error =3D -EIO; + if (!ncp_conn_valid(server)) +@@ -883,10 +887,12 @@ int ncp_create_new(struct inode *dir, st + int error, result, len; + int opmode; + __u8 __name[NCP_MAXPATHLEN + 1]; +-=09 ++ + PPRINTK("ncp_create_new: creating %s/%s, mode=3D%x\n", + dentry->d_parent->d_name.name, dentry->d_name.name, mode); +=20 ++ pax_track_stack(); ++ + error =3D -EIO; + lock_kernel(); + if (!ncp_conn_valid(server)) +@@ -952,6 +958,8 @@ static int ncp_mkdir(struct inode *dir,=20 + int error, len; + __u8 __name[NCP_MAXPATHLEN + 1]; +=20 ++ pax_track_stack(); ++ + DPRINTK("ncp_mkdir: making %s/%s\n", + dentry->d_parent->d_name.name, dentry->d_name.name); +=20 +@@ -960,6 +968,8 @@ static int ncp_mkdir(struct inode *dir,=20 + if (!ncp_conn_valid(server)) + goto out; +=20 ++ pax_track_stack(); ++ + ncp_age_dentry(server, dentry); + len =3D sizeof(__name); + error =3D ncp_io2vol(server, __name, &len, dentry->d_name.name, +@@ -1114,6 +1124,8 @@ static int ncp_rename(struct inode *old_ + int old_len, new_len; + __u8 __old_name[NCP_MAXPATHLEN + 1], __new_name[NCP_MAXPATHLEN + 1]; +=20 ++ pax_track_stack(); ++ + DPRINTK("ncp_rename: %s/%s to %s/%s\n", + old_dentry->d_parent->d_name.name, old_dentry->d_name.name, + new_dentry->d_parent->d_name.name, new_dentry->d_name.name); +diff -urNp linux-2.6.32.40/fs/ncpfs/inode.c linux-2.6.32.40/fs/ncpfs/ino= de.c +--- linux-2.6.32.40/fs/ncpfs/inode.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/fs/ncpfs/inode.c 2011-05-16 21:46:57.000000000 -0400 +@@ -445,6 +445,8 @@ static int ncp_fill_super(struct super_b + #endif + struct ncp_entry_info finfo; +=20 ++ pax_track_stack(); ++ + data.wdog_pid =3D NULL; + server =3D kzalloc(sizeof(struct ncp_server), GFP_KERNEL); + if (!server) diff -urNp linux-2.6.32.40/fs/nfs/inode.c linux-2.6.32.40/fs/nfs/inode.c --- linux-2.6.32.40/fs/nfs/inode.c 2011-05-10 22:12:01.000000000 -0400 +++ linux-2.6.32.40/fs/nfs/inode.c 2011-05-10 22:12:33.000000000 -0400 @@ -38957,6 +40669,30 @@ diff -urNp linux-2.6.32.40/fs/nfsd/lockd.c linux= -2.6.32.40/fs/nfsd/lockd.c .fopen =3D nlm_fopen, /* open file for locking */ .fclose =3D nlm_fclose, /* close file */ }; +diff -urNp linux-2.6.32.40/fs/nfsd/nfs4state.c linux-2.6.32.40/fs/nfsd/n= fs4state.c +--- linux-2.6.32.40/fs/nfsd/nfs4state.c 2011-03-27 14:31:47.000000000 -0= 400 ++++ linux-2.6.32.40/fs/nfsd/nfs4state.c 2011-05-16 21:46:57.000000000 -0= 400 +@@ -3457,6 +3457,8 @@ nfsd4_lock(struct svc_rqst *rqstp, struc + unsigned int cmd; + int err; +=20 ++ pax_track_stack(); ++ + dprintk("NFSD: nfsd4_lock: start=3D%Ld length=3D%Ld\n", + (long long) lock->lk_offset, + (long long) lock->lk_length); +diff -urNp linux-2.6.32.40/fs/nfsd/nfs4xdr.c linux-2.6.32.40/fs/nfsd/nfs= 4xdr.c +--- linux-2.6.32.40/fs/nfsd/nfs4xdr.c 2011-03-27 14:31:47.000000000 -040= 0 ++++ linux-2.6.32.40/fs/nfsd/nfs4xdr.c 2011-05-16 21:46:57.000000000 -040= 0 +@@ -1751,6 +1751,8 @@ nfsd4_encode_fattr(struct svc_fh *fhp, s + struct nfsd4_compoundres *resp =3D rqstp->rq_resp; + u32 minorversion =3D resp->cstate.minorversion; +=20 ++ pax_track_stack(); ++ + BUG_ON(bmval1 & NFSD_WRITEONLY_ATTRS_WORD1); + BUG_ON(bmval0 & ~nfsd_suppattrs0(minorversion)); + BUG_ON(bmval1 & ~nfsd_suppattrs1(minorversion)); diff -urNp linux-2.6.32.40/fs/nfsd/vfs.c linux-2.6.32.40/fs/nfsd/vfs.c --- linux-2.6.32.40/fs/nfsd/vfs.c 2011-05-10 22:12:01.000000000 -0400 +++ linux-2.6.32.40/fs/nfsd/vfs.c 2011-05-10 22:12:33.000000000 -0400 @@ -39080,6 +40816,18 @@ diff -urNp linux-2.6.32.40/fs/ocfs2/localalloc.c= linux-2.6.32.40/fs/ocfs2/locala =20 status =3D 0; bail: +diff -urNp linux-2.6.32.40/fs/ocfs2/namei.c linux-2.6.32.40/fs/ocfs2/nam= ei.c +--- linux-2.6.32.40/fs/ocfs2/namei.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/fs/ocfs2/namei.c 2011-05-16 21:46:57.000000000 -0400 +@@ -1043,6 +1043,8 @@ static int ocfs2_rename(struct inode *ol + struct ocfs2_dir_lookup_result orphan_insert =3D { NULL, }; + struct ocfs2_dir_lookup_result target_insert =3D { NULL, }; +=20 ++ pax_track_stack(); ++ + /* At some point it might be nice to break this function up a + * bit. */ +=20 diff -urNp linux-2.6.32.40/fs/ocfs2/ocfs2.h linux-2.6.32.40/fs/ocfs2/ocf= s2.h --- linux-2.6.32.40/fs/ocfs2/ocfs2.h 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.40/fs/ocfs2/ocfs2.h 2011-04-17 15:56:46.000000000 -0400 @@ -39536,7 +41284,7 @@ diff -urNp linux-2.6.32.40/fs/pipe.c linux-2.6.32= .40/fs/pipe.c /* diff -urNp linux-2.6.32.40/fs/proc/array.c linux-2.6.32.40/fs/proc/array= .c --- linux-2.6.32.40/fs/proc/array.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/fs/proc/array.c 2011-05-10 21:30:39.000000000 -0400 ++++ linux-2.6.32.40/fs/proc/array.c 2011-05-16 21:46:57.000000000 -0400 @@ -60,6 +60,7 @@ #include #include @@ -39592,7 +41340,7 @@ diff -urNp linux-2.6.32.40/fs/proc/array.c linux-= 2.6.32.40/fs/proc/array.c static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task, int whole) { -@@ -358,7 +389,7 @@ static int do_task_stat(struct seq_file=20 +@@ -358,9 +389,11 @@ static int do_task_stat(struct seq_file=20 cputime_t cutime, cstime, utime, stime; cputime_t cgtime, gtime; unsigned long rsslim =3D 0; @@ -39600,8 +41348,12 @@ diff -urNp linux-2.6.32.40/fs/proc/array.c linux= -2.6.32.40/fs/proc/array.c + char tcomm[sizeof(task->comm)] =3D { 0 }; unsigned long flags; =20 ++ pax_track_stack(); ++ state =3D *get_task_state(task); -@@ -433,6 +464,19 @@ static int do_task_stat(struct seq_file=20 + vsize =3D eip =3D esp =3D 0; + permitted =3D ptrace_may_access(task, PTRACE_MODE_READ); +@@ -433,6 +466,19 @@ static int do_task_stat(struct seq_file=20 gtime =3D task_gtime(task); } =20 @@ -39621,7 +41373,7 @@ diff -urNp linux-2.6.32.40/fs/proc/array.c linux-= 2.6.32.40/fs/proc/array.c /* scale priority and nice values from timeslices to -20..20 */ /* to make it look like a "normal" Unix priority/nice value */ priority =3D task_prio(task); -@@ -473,9 +517,15 @@ static int do_task_stat(struct seq_file=20 +@@ -473,9 +519,15 @@ static int do_task_stat(struct seq_file=20 vsize, mm ? get_mm_rss(mm) : 0, rsslim, @@ -39637,7 +41389,7 @@ diff -urNp linux-2.6.32.40/fs/proc/array.c linux-= 2.6.32.40/fs/proc/array.c esp, eip, /* The signal information here is obsolete. -@@ -528,3 +578,18 @@ int proc_pid_statm(struct seq_file *m, s +@@ -528,3 +580,18 @@ int proc_pid_statm(struct seq_file *m, s =20 return 0; } @@ -40174,8 +41926,17 @@ diff -urNp linux-2.6.32.40/fs/proc/Kconfig linux= -2.6.32.40/fs/proc/Kconfig Various /proc files exist to monitor process memory utilization: diff -urNp linux-2.6.32.40/fs/proc/kcore.c linux-2.6.32.40/fs/proc/kcore= .c --- linux-2.6.32.40/fs/proc/kcore.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/fs/proc/kcore.c 2011-04-17 15:56:46.000000000 -0400 -@@ -477,9 +477,10 @@ read_kcore(struct file *file, char __use ++++ linux-2.6.32.40/fs/proc/kcore.c 2011-05-16 21:46:57.000000000 -0400 +@@ -320,6 +320,8 @@ static void elf_kcore_store_hdr(char *bu + off_t offset =3D 0; + struct kcore_list *m; +=20 ++ pax_track_stack(); ++ + /* setup ELF header */ + elf =3D (struct elfhdr *) bufp; + bufp +=3D sizeof(struct elfhdr); +@@ -477,9 +479,10 @@ read_kcore(struct file *file, char __use * the addresses in the elf_phdr on our list. */ start =3D kc_offset_to_vaddr(*fpos - elf_buflen); @@ -40188,7 +41949,7 @@ diff -urNp linux-2.6.32.40/fs/proc/kcore.c linux-= 2.6.32.40/fs/proc/kcore.c while (buflen) { struct kcore_list *m; =20 -@@ -508,20 +509,23 @@ read_kcore(struct file *file, char __use +@@ -508,20 +511,23 @@ read_kcore(struct file *file, char __use kfree(elf_buf); } else { if (kern_addr_valid(start)) { @@ -40223,7 +41984,7 @@ diff -urNp linux-2.6.32.40/fs/proc/kcore.c linux-= 2.6.32.40/fs/proc/kcore.c } else { if (clear_user(buffer, tsz)) return -EFAULT; -@@ -541,6 +545,9 @@ read_kcore(struct file *file, char __use +@@ -541,6 +547,9 @@ read_kcore(struct file *file, char __use =20 static int open_kcore(struct inode *inode, struct file *filp) { @@ -40235,8 +41996,17 @@ diff -urNp linux-2.6.32.40/fs/proc/kcore.c linux= -2.6.32.40/fs/proc/kcore.c if (kcore_need_update) diff -urNp linux-2.6.32.40/fs/proc/meminfo.c linux-2.6.32.40/fs/proc/mem= info.c --- linux-2.6.32.40/fs/proc/meminfo.c 2011-03-27 14:31:47.000000000 -040= 0 -+++ linux-2.6.32.40/fs/proc/meminfo.c 2011-05-11 18:25:06.000000000 -040= 0 -@@ -149,7 +149,7 @@ static int meminfo_proc_show(struct seq_ ++++ linux-2.6.32.40/fs/proc/meminfo.c 2011-05-16 21:46:57.000000000 -040= 0 +@@ -29,6 +29,8 @@ static int meminfo_proc_show(struct seq_ + unsigned long pages[NR_LRU_LISTS]; + int lru; +=20 ++ pax_track_stack(); ++ + /* + * display in kilobytes. + */ +@@ -149,7 +151,7 @@ static int meminfo_proc_show(struct seq_ vmi.used >> 10, vmi.largest_chunk >> 10 #ifdef CONFIG_MEMORY_FAILURE @@ -40600,6 +42370,18 @@ diff -urNp linux-2.6.32.40/fs/readdir.c linux-2.= 6.32.40/fs/readdir.c buf.count =3D count; buf.error =3D 0; =20 +diff -urNp linux-2.6.32.40/fs/reiserfs/dir.c linux-2.6.32.40/fs/reiserfs= /dir.c +--- linux-2.6.32.40/fs/reiserfs/dir.c 2011-03-27 14:31:47.000000000 -040= 0 ++++ linux-2.6.32.40/fs/reiserfs/dir.c 2011-05-16 21:46:57.000000000 -040= 0 +@@ -66,6 +66,8 @@ int reiserfs_readdir_dentry(struct dentr + struct reiserfs_dir_entry de; + int ret =3D 0; +=20 ++ pax_track_stack(); ++ + reiserfs_write_lock(inode->i_sb); +=20 + reiserfs_check_lock_depth(inode->i_sb, "readdir"); diff -urNp linux-2.6.32.40/fs/reiserfs/do_balan.c linux-2.6.32.40/fs/rei= serfs/do_balan.c --- linux-2.6.32.40/fs/reiserfs/do_balan.c 2011-03-27 14:31:47.000000000= -0400 +++ linux-2.6.32.40/fs/reiserfs/do_balan.c 2011-04-17 15:56:46.000000000= -0400 @@ -40669,9 +42451,33 @@ diff -urNp linux-2.6.32.40/fs/reiserfs/item_ops.= c linux-2.6.32.40/fs/reiserfs/it &stat_data_ops, &indirect_ops, &direct_ops, +diff -urNp linux-2.6.32.40/fs/reiserfs/journal.c linux-2.6.32.40/fs/reis= erfs/journal.c +--- linux-2.6.32.40/fs/reiserfs/journal.c 2011-03-27 14:31:47.000000000 = -0400 ++++ linux-2.6.32.40/fs/reiserfs/journal.c 2011-05-16 21:46:57.000000000 = -0400 +@@ -2329,6 +2329,8 @@ static struct buffer_head *reiserfs_brea + struct buffer_head *bh; + int i, j; +=20 ++ pax_track_stack(); ++ + bh =3D __getblk(dev, block, bufsize); + if (buffer_uptodate(bh)) + return (bh); +diff -urNp linux-2.6.32.40/fs/reiserfs/namei.c linux-2.6.32.40/fs/reiser= fs/namei.c +--- linux-2.6.32.40/fs/reiserfs/namei.c 2011-03-27 14:31:47.000000000 -0= 400 ++++ linux-2.6.32.40/fs/reiserfs/namei.c 2011-05-16 21:46:57.000000000 -0= 400 +@@ -1214,6 +1214,8 @@ static int reiserfs_rename(struct inode=20 + unsigned long savelink =3D 1; + struct timespec ctime; +=20 ++ pax_track_stack(); ++ + /* three balancings: (1) old name removal, (2) new name insertion + and (3) maybe "save" link insertion + stat data updates: (1) old directory, diff -urNp linux-2.6.32.40/fs/reiserfs/procfs.c linux-2.6.32.40/fs/reise= rfs/procfs.c --- linux-2.6.32.40/fs/reiserfs/procfs.c 2011-03-27 14:31:47.000000000 -= 0400 -+++ linux-2.6.32.40/fs/reiserfs/procfs.c 2011-04-17 15:56:46.000000000 -= 0400 ++++ linux-2.6.32.40/fs/reiserfs/procfs.c 2011-05-16 21:46:57.000000000 -= 0400 @@ -123,7 +123,7 @@ static int show_super(struct seq_file *m "SMALL_TAILS " : "NO_TAILS ", replay_only(sb) ? "REPLAY_ONLY " : "", @@ -40681,9 +42487,78 @@ diff -urNp linux-2.6.32.40/fs/reiserfs/procfs.c = linux-2.6.32.40/fs/reiserfs/proc SF(s_disk_reads), SF(s_disk_writes), SF(s_fix_nodes), SF(s_do_balance), SF(s_unneeded_left_neighbor), SF(s_good_search_by_key_reada), SF(s_bmaps), +@@ -309,6 +309,8 @@ static int show_journal(struct seq_file=20 + struct journal_params *jp =3D &rs->s_v1.s_journal; + char b[BDEVNAME_SIZE]; +=20 ++ pax_track_stack(); ++ + seq_printf(m, /* on-disk fields */ + "jp_journal_1st_block: \t%i\n" + "jp_journal_dev: \t%s[%x]\n" +diff -urNp linux-2.6.32.40/fs/reiserfs/stree.c linux-2.6.32.40/fs/reiser= fs/stree.c +--- linux-2.6.32.40/fs/reiserfs/stree.c 2011-03-27 14:31:47.000000000 -0= 400 ++++ linux-2.6.32.40/fs/reiserfs/stree.c 2011-05-16 21:46:57.000000000 -0= 400 +@@ -1159,6 +1159,8 @@ int reiserfs_delete_item(struct reiserfs + int iter =3D 0; + #endif +=20 ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); +=20 + init_tb_struct(th, &s_del_balance, sb, path, +@@ -1296,6 +1298,8 @@ void reiserfs_delete_solid_item(struct r + int retval; + int quota_cut_bytes =3D 0; +=20 ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); +=20 + le_key2cpu_key(&cpu_key, key); +@@ -1525,6 +1529,8 @@ int reiserfs_cut_from_item(struct reiser + int quota_cut_bytes; + loff_t tail_pos =3D 0; +=20 ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); +=20 + init_tb_struct(th, &s_cut_balance, inode->i_sb, path, +@@ -1920,6 +1926,8 @@ int reiserfs_paste_into_item(struct reis + int retval; + int fs_gen; +=20 ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); +=20 + fs_gen =3D get_generation(inode->i_sb); +@@ -2007,6 +2015,8 @@ int reiserfs_insert_item(struct reiserfs + int fs_gen =3D 0; + int quota_bytes =3D 0; +=20 ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); +=20 + if (inode) { /* Do we count quotas for item? */ +diff -urNp linux-2.6.32.40/fs/reiserfs/super.c linux-2.6.32.40/fs/reiser= fs/super.c +--- linux-2.6.32.40/fs/reiserfs/super.c 2011-03-27 14:31:47.000000000 -0= 400 ++++ linux-2.6.32.40/fs/reiserfs/super.c 2011-05-16 21:46:57.000000000 -0= 400 +@@ -912,6 +912,8 @@ static int reiserfs_parse_options(struct + {.option_name =3D NULL} + }; +=20 ++ pax_track_stack(); ++ + *blocks =3D 0; + if (!options || !*options) + /* use default configuration: create tails, journaling on, no diff -urNp linux-2.6.32.40/fs/select.c linux-2.6.32.40/fs/select.c --- linux-2.6.32.40/fs/select.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/fs/select.c 2011-05-11 18:26:03.000000000 -0400 ++++ linux-2.6.32.40/fs/select.c 2011-05-16 21:46:57.000000000 -0400 @@ -20,6 +20,7 @@ #include #include @@ -40696,17 +42571,25 @@ diff -urNp linux-2.6.32.40/fs/select.c linux-2.= 6.32.40/fs/select.c int retval, i, timed_out =3D 0; unsigned long slack =3D 0; =20 -+ stackleak_probe(table); ++ pax_track_stack(); + rcu_read_lock(); retval =3D max_select_fd(n, fds); rcu_read_unlock(); -@@ -821,6 +824,10 @@ int do_sys_poll(struct pollfd __user *uf +@@ -529,6 +532,8 @@ int core_sys_select(int n, fd_set __user + /* Allocate small arguments on the stack to save memory and be faster = */ + long stack_fds[SELECT_STACK_ALLOC/sizeof(long)]; +=20 ++ pax_track_stack(); ++ + ret =3D -EINVAL; + if (n < 0) + goto out_nofds; +@@ -821,6 +826,9 @@ int do_sys_poll(struct pollfd __user *uf struct poll_list *walk =3D head; unsigned long todo =3D nfds; =20 -+ stackleak_probe(table); -+ stackleak_probe(stack_pps); ++ pax_track_stack(); + + gr_learn_resource(current, RLIMIT_NOFILE, nfds, 1); if (nfds > current->signal->rlim[RLIMIT_NOFILE].rlim_cur) @@ -40769,7 +42652,7 @@ diff -urNp linux-2.6.32.40/fs/smbfs/symlink.c lin= ux-2.6.32.40/fs/smbfs/symlink.c } diff -urNp linux-2.6.32.40/fs/splice.c linux-2.6.32.40/fs/splice.c --- linux-2.6.32.40/fs/splice.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/fs/splice.c 2011-05-11 18:25:15.000000000 -0400 ++++ linux-2.6.32.40/fs/splice.c 2011-05-16 21:46:57.000000000 -0400 @@ -185,7 +185,7 @@ ssize_t splice_to_pipe(struct pipe_inode pipe_lock(pipe); =20 @@ -40795,7 +42678,7 @@ diff -urNp linux-2.6.32.40/fs/splice.c linux-2.6.= 32.40/fs/splice.c .spd_release =3D spd_release_page, }; =20 -+ stackleak_probe(partial); ++ pax_track_stack(); + index =3D *ppos >> PAGE_CACHE_SHIFT; loff =3D *ppos & ~PAGE_CACHE_MASK; @@ -40822,7 +42705,7 @@ diff -urNp linux-2.6.32.40/fs/splice.c linux-2.6.= 32.40/fs/splice.c .spd_release =3D spd_release_page, }; =20 -+ stackleak_probe(partial); ++ pax_track_stack(); + index =3D *ppos >> PAGE_CACHE_SHIFT; offset =3D *ppos & ~PAGE_CACHE_MASK; @@ -40862,7 +42745,7 @@ diff -urNp linux-2.6.32.40/fs/splice.c linux-2.6.= 32.40/fs/splice.c .spd_release =3D spd_release_page, }; =20 -+ stackleak_probe(partial); ++ pax_track_stack(); + pipe =3D pipe_info(file->f_path.dentry->d_inode); if (!pipe) @@ -41071,6 +42954,18 @@ diff -urNp linux-2.6.32.40/fs/udf/balloc.c linux= -2.6.32.40/fs/udf/balloc.c udf_debug("%d < %d || %d + %d > %d\n", bloc.logicalBlockNum, 0, bloc.logicalBlockNum, count, partmap->s_partition_len); +diff -urNp linux-2.6.32.40/fs/udf/inode.c linux-2.6.32.40/fs/udf/inode.c +--- linux-2.6.32.40/fs/udf/inode.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/fs/udf/inode.c 2011-05-16 21:46:57.000000000 -0400 +@@ -484,6 +484,8 @@ static struct buffer_head *inode_getblk( + int goal =3D 0, pgoal =3D iinfo->i_location.logicalBlockNum; + int lastblock =3D 0; +=20 ++ pax_track_stack(); ++ + prev_epos.offset =3D udf_file_entry_alloc_offset(inode); + prev_epos.block =3D iinfo->i_location; + prev_epos.bh =3D NULL; diff -urNp linux-2.6.32.40/fs/udf/misc.c linux-2.6.32.40/fs/udf/misc.c --- linux-2.6.32.40/fs/udf/misc.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.40/fs/udf/misc.c 2011-04-23 12:56:11.000000000 -0400 @@ -41382,8 +43277,8 @@ diff -urNp linux-2.6.32.40/grsecurity/gracl_alloc= .c linux-2.6.32.40/grsecurity/g +} diff -urNp linux-2.6.32.40/grsecurity/gracl.c linux-2.6.32.40/grsecurity= /gracl.c --- linux-2.6.32.40/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -05= 00 -+++ linux-2.6.32.40/grsecurity/gracl.c 2011-04-17 15:56:46.000000000 -04= 00 -@@ -0,0 +1,4050 @@ ++++ linux-2.6.32.40/grsecurity/gracl.c 2011-05-17 17:29:53.000000000 -04= 00 +@@ -0,0 +1,4074 @@ +#include +#include +#include @@ -43642,6 +45537,8 @@ diff -urNp linux-2.6.32.40/grsecurity/gracl.c lin= ux-2.6.32.40/grsecurity/gracl.c + return; +} + ++extern int __gr_process_user_ban(struct user_struct *user); ++ +int +gr_check_user_change(int real, int effective, int fs) +{ @@ -43653,6 +45550,28 @@ diff -urNp linux-2.6.32.40/grsecurity/gracl.c li= nux-2.6.32.40/grsecurity/gracl.c + int effectiveok =3D 0; + int fsok =3D 0; + ++#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_= BRUTE) ++ struct user_struct *user; ++ ++ if (real =3D=3D -1) ++ goto skipit; ++ ++ user =3D find_user(real); ++ if (user =3D=3D NULL) ++ goto skipit; ++ ++ if (__gr_process_user_ban(user)) { ++ /* for find_user */ ++ free_uid(user); ++ return 1; ++ } ++ ++ /* for find_user */ ++ free_uid(user); ++ ++skipit: ++#endif ++ + if (unlikely(!(gr_status & GR_READY))) + return 0; + @@ -48893,8 +50812,8 @@ diff -urNp linux-2.6.32.40/grsecurity/grsec_ptrac= e.c linux-2.6.32.40/grsecurity/ +} diff -urNp linux-2.6.32.40/grsecurity/grsec_sig.c linux-2.6.32.40/grsecu= rity/grsec_sig.c --- linux-2.6.32.40/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000= -0500 -+++ linux-2.6.32.40/grsecurity/grsec_sig.c 2011-04-17 15:56:46.000000000= -0400 -@@ -0,0 +1,196 @@ ++++ linux-2.6.32.40/grsecurity/grsec_sig.c 2011-05-17 17:30:04.000000000= -0400 +@@ -0,0 +1,202 @@ +#include +#include +#include @@ -49075,11 +50994,10 @@ diff -urNp linux-2.6.32.40/grsecurity/grsec_sig= .c linux-2.6.32.40/grsecurity/grs +#endif +} + -+int gr_process_user_ban(void) ++int __gr_process_user_ban(struct user_struct *user) +{ +#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_= BRUTE) -+ if (unlikely(current->cred->user->banned)) { -+ struct user_struct *user =3D current->cred->user; ++ if (unlikely(user->banned)) { + if (user->ban_expires !=3D ~0UL && time_after_eq(get_seconds(), user-= >ban_expires)) { + user->banned =3D 0; + user->ban_expires =3D 0; @@ -49091,6 +51009,13 @@ diff -urNp linux-2.6.32.40/grsecurity/grsec_sig.= c linux-2.6.32.40/grsecurity/grs + return 0; +} + ++int gr_process_user_ban(void) ++{ ++#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_= BRUTE) ++ return __gr_process_user_ban(current->cred->user); ++#endif ++ return 0; ++} diff -urNp linux-2.6.32.40/grsecurity/grsec_sock.c linux-2.6.32.40/grsec= urity/grsec_sock.c --- linux-2.6.32.40/grsecurity/grsec_sock.c 1969-12-31 19:00:00.00000000= 0 -0500 +++ linux-2.6.32.40/grsecurity/grsec_sock.c 2011-04-17 15:56:46.00000000= 0 -0400 @@ -51097,7 +53022,7 @@ diff -urNp linux-2.6.32.40/include/acpi/acpi_driv= ers.h linux-2.6.32.40/include/a return -ENODEV; diff -urNp linux-2.6.32.40/include/asm-generic/atomic-long.h linux-2.6.3= 2.40/include/asm-generic/atomic-long.h --- linux-2.6.32.40/include/asm-generic/atomic-long.h 2011-03-27 14:31:4= 7.000000000 -0400 -+++ linux-2.6.32.40/include/asm-generic/atomic-long.h 2011-05-04 17:56:2= 0.000000000 -0400 ++++ linux-2.6.32.40/include/asm-generic/atomic-long.h 2011-05-16 21:46:5= 7.000000000 -0400 @@ -22,6 +22,12 @@ =20 typedef atomic64_t atomic_long_t; @@ -51348,7 +53273,7 @@ diff -urNp linux-2.6.32.40/include/asm-generic/at= omic-long.h linux-2.6.32.40/inc +#define atomic_add_unchecked(i, v) atomic_add((i), (v)) +#define atomic_sub_unchecked(i, v) atomic_sub((i), (v)) +#define atomic_inc_unchecked(v) atomic_inc(v) -+#define atomic_inc_and_test_unchecked(v) atomic_inc(v) ++#define atomic_inc_and_test_unchecked(v) atomic_inc_and_test(v) +#define atomic_inc_return_unchecked(v) atomic_inc_return(v) +#define atomic_add_return_unchecked(i, v) atomic_add_return((i), (v)) +#define atomic_dec_unchecked(v) atomic_dec(v) @@ -53485,32 +55410,21 @@ diff -urNp linux-2.6.32.40/include/linux/i2o.h = linux-2.6.32.40/include/linux/i2o #endif diff -urNp linux-2.6.32.40/include/linux/init_task.h linux-2.6.32.40/inc= lude/linux/init_task.h --- linux-2.6.32.40/include/linux/init_task.h 2011-03-27 14:31:47.000000= 000 -0400 -+++ linux-2.6.32.40/include/linux/init_task.h 2011-04-30 17:52:14.000000= 000 -0400 -@@ -83,6 +83,14 @@ extern struct group_info init_groups; ++++ linux-2.6.32.40/include/linux/init_task.h 2011-05-18 20:44:59.000000= 000 -0400 +@@ -83,6 +83,12 @@ extern struct group_info init_groups; #define INIT_IDS #endif =20 +#ifdef CONFIG_X86 +#define INIT_TASK_THREAD_INFO .tinfo =3D INIT_THREAD_INFO, -+#define INIT_TASK_STACK .stack =3D &init_thread_union, +#else +#define INIT_TASK_THREAD_INFO -+#define INIT_TASK_STACK .stack =3D &init_thread_info, +#endif + #ifdef CONFIG_SECURITY_FILE_CAPABILITIES /* * Because of the reduced scope of CAP_SETPCAP when filesystem -@@ -122,7 +130,7 @@ extern struct cred init_cred; - #define INIT_TASK(tsk) \ - { \ - .state =3D 0, \ -- .stack =3D &init_thread_info, \ -+ INIT_TASK_STACK \ - .usage =3D ATOMIC_INIT(2), \ - .flags =3D PF_KTHREAD, \ - .lock_depth =3D -1, \ -@@ -156,6 +164,7 @@ extern struct cred init_cred; +@@ -156,6 +162,7 @@ extern struct cred init_cred; __MUTEX_INITIALIZER(tsk.cred_guard_mutex), \ .comm =3D "swapper", \ .thread =3D INIT_THREAD, \ @@ -54349,7 +56263,7 @@ diff -urNp linux-2.6.32.40/include/linux/reiserfs= _fs_sb.h linux-2.6.32.40/includ on-disk FS format */ diff -urNp linux-2.6.32.40/include/linux/sched.h linux-2.6.32.40/include= /linux/sched.h --- linux-2.6.32.40/include/linux/sched.h 2011-03-27 14:31:47.000000000 = -0400 -+++ linux-2.6.32.40/include/linux/sched.h 2011-05-11 18:38:56.000000000 = -0400 ++++ linux-2.6.32.40/include/linux/sched.h 2011-05-18 20:09:37.000000000 = -0400 @@ -101,6 +101,7 @@ struct bio; struct fs_struct; struct bts_context; @@ -54496,7 +56410,7 @@ diff -urNp linux-2.6.32.40/include/linux/sched.h = linux-2.6.32.40/include/linux/s #ifdef CONFIG_FUNCTION_GRAPH_TRACER /* Index of current stored adress in ret_stack */ int curr_ret_stack; -@@ -1542,6 +1582,67 @@ struct task_struct { +@@ -1542,6 +1582,63 @@ struct task_struct { #endif /* CONFIG_TRACING */ }; =20 @@ -54545,26 +56459,22 @@ diff -urNp linux-2.6.32.40/include/linux/sched.= h linux-2.6.32.40/include/linux/s +void pax_report_refcount_overflow(struct pt_regs *regs); +void pax_report_usercopy(const void *ptr, unsigned long len, bool to, c= onst char *type); + ++static inline void pax_track_stack(void) ++{ ++ +#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+#define stackleak_probe(var) \ -+ do { \ -+ size_t maxidx =3D sizeof(var) / sizeof(long); \ -+ long *p =3D (long *)&var; \ -+ unsigned int i; \ -+ \ -+ BUILD_BUG_ON(sizeof(var) < 64); \ -+ \ -+ for (i =3D 0; i < maxidx; i +=3D 64 / sizeof(long)) \ -+ p[i] =3D 0; \ -+ } while (0) -+#else -+#define stackleak_probe(var) do { } while (0) ++ unsigned long sp =3D current_stack_pointer; ++ if (current_thread_info()->lowest_stack > sp && ++ (unsigned long)task_stack_page(current) < sp) ++ current_thread_info()->lowest_stack =3D sp; +#endif + ++} ++ /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpumask(tsk) (&(tsk)->cpus_allowed) =20 -@@ -1978,7 +2079,9 @@ void yield(void); +@@ -1978,7 +2075,9 @@ void yield(void); extern struct exec_domain default_exec_domain; =20 union thread_union { @@ -54574,7 +56484,7 @@ diff -urNp linux-2.6.32.40/include/linux/sched.h = linux-2.6.32.40/include/linux/s unsigned long stack[THREAD_SIZE/sizeof(long)]; }; =20 -@@ -2155,7 +2258,7 @@ extern void __cleanup_sighand(struct sig +@@ -2155,7 +2254,7 @@ extern void __cleanup_sighand(struct sig extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); =20 @@ -54583,7 +56493,7 @@ diff -urNp linux-2.6.32.40/include/linux/sched.h = linux-2.6.32.40/include/linux/s =20 extern void daemonize(const char *, ...); extern int allow_signal(int); -@@ -2284,13 +2387,17 @@ static inline unsigned long *end_of_stac +@@ -2284,13 +2383,17 @@ static inline unsigned long *end_of_stac =20 #endif =20 @@ -56124,12 +58034,12 @@ diff -urNp linux-2.6.32.40/ipc/mqueue.c linux-2= .6.32.40/ipc/mqueue.c u->mq_bytes + mq_bytes > diff -urNp linux-2.6.32.40/ipc/sem.c linux-2.6.32.40/ipc/sem.c --- linux-2.6.32.40/ipc/sem.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/ipc/sem.c 2011-05-11 18:25:15.000000000 -0400 ++++ linux-2.6.32.40/ipc/sem.c 2011-05-16 21:46:57.000000000 -0400 @@ -671,6 +671,8 @@ static int semctl_main(struct ipc_namesp ushort* sem_io =3D fast_sem_io; int nsems; =20 -+ stackleak_probe(fast_sem_io); ++ pax_track_stack(); + sma =3D sem_lock_check(ns, semid); if (IS_ERR(sma)) @@ -56138,7 +58048,7 @@ diff -urNp linux-2.6.32.40/ipc/sem.c linux-2.6.32= .40/ipc/sem.c unsigned long jiffies_left =3D 0; struct ipc_namespace *ns; =20 -+ stackleak_probe(fast_sops); ++ pax_track_stack(); + ns =3D current->nsproxy->ipc_ns; =20 @@ -56314,6 +58224,18 @@ diff -urNp linux-2.6.32.40/kernel/capability.c l= inux-2.6.32.40/kernel/capability + EXPORT_SYMBOL(capable); +EXPORT_SYMBOL(capable_nolog); +diff -urNp linux-2.6.32.40/kernel/cgroup.c linux-2.6.32.40/kernel/cgroup= .c +--- linux-2.6.32.40/kernel/cgroup.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/kernel/cgroup.c 2011-05-16 21:46:57.000000000 -0400 +@@ -536,6 +536,8 @@ static struct css_set *find_css_set( + struct hlist_head *hhead; + struct cg_cgroup_link *link; +=20 ++ pax_track_stack(); ++ + /* First see if we already have a cgroup group that matches + * the desired set */ + read_lock(&css_set_lock); diff -urNp linux-2.6.32.40/kernel/configs.c linux-2.6.32.40/kernel/confi= gs.c --- linux-2.6.32.40/kernel/configs.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.40/kernel/configs.c 2011-04-17 15:56:46.000000000 -0400 @@ -56351,8 +58273,80 @@ diff -urNp linux-2.6.32.40/kernel/cpu.c linux-2.= 6.32.40/kernel/cpu.c * Should always be manipulated under cpu_add_remove_lock diff -urNp linux-2.6.32.40/kernel/cred.c linux-2.6.32.40/kernel/cred.c --- linux-2.6.32.40/kernel/cred.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/kernel/cred.c 2011-04-17 15:56:46.000000000 -0400 -@@ -544,6 +544,8 @@ int commit_creds(struct cred *new) ++++ linux-2.6.32.40/kernel/cred.c 2011-05-17 19:26:34.000000000 -0400 +@@ -160,6 +160,8 @@ static void put_cred_rcu(struct rcu_head + */ + void __put_cred(struct cred *cred) + { ++ pax_track_stack(); ++ + kdebug("__put_cred(%p{%d,%d})", cred, + atomic_read(&cred->usage), + read_cred_subscribers(cred)); +@@ -184,6 +186,8 @@ void exit_creds(struct task_struct *tsk) + { + struct cred *cred; +=20 ++ pax_track_stack(); ++ + kdebug("exit_creds(%u,%p,%p,{%d,%d})", tsk->pid, tsk->real_cred, tsk->= cred, + atomic_read(&tsk->cred->usage), + read_cred_subscribers(tsk->cred)); +@@ -222,6 +226,8 @@ const struct cred *get_task_cred(struct=20 + { + const struct cred *cred; +=20 ++ pax_track_stack(); ++ + rcu_read_lock(); +=20 + do { +@@ -241,6 +247,8 @@ struct cred *cred_alloc_blank(void) + { + struct cred *new; +=20 ++ pax_track_stack(); ++ + new =3D kmem_cache_zalloc(cred_jar, GFP_KERNEL); + if (!new) + return NULL; +@@ -289,6 +297,8 @@ struct cred *prepare_creds(void) + const struct cred *old; + struct cred *new; +=20 ++ pax_track_stack(); ++ + validate_process_creds(); +=20 + new =3D kmem_cache_alloc(cred_jar, GFP_KERNEL); +@@ -335,6 +345,8 @@ struct cred *prepare_exec_creds(void) + struct thread_group_cred *tgcred =3D NULL; + struct cred *new; +=20 ++ pax_track_stack(); ++ + #ifdef CONFIG_KEYS + tgcred =3D kmalloc(sizeof(*tgcred), GFP_KERNEL); + if (!tgcred) +@@ -441,6 +453,8 @@ int copy_creds(struct task_struct *p, un + struct cred *new; + int ret; +=20 ++ pax_track_stack(); ++ + mutex_init(&p->cred_guard_mutex); +=20 + if ( +@@ -528,6 +542,8 @@ int commit_creds(struct cred *new) + struct task_struct *task =3D current; + const struct cred *old =3D task->real_cred; +=20 ++ pax_track_stack(); ++ + kdebug("commit_creds(%p{%d,%d})", new, + atomic_read(&new->usage), + read_cred_subscribers(new)); +@@ -544,6 +560,8 @@ int commit_creds(struct cred *new) =20 get_cred(new); /* we will require a ref for the subj creds too */ =20 @@ -56361,6 +58355,60 @@ diff -urNp linux-2.6.32.40/kernel/cred.c linux-2= .6.32.40/kernel/cred.c /* dumpability changes */ if (old->euid !=3D new->euid || old->egid !=3D new->egid || +@@ -606,6 +624,8 @@ EXPORT_SYMBOL(commit_creds); + */ + void abort_creds(struct cred *new) + { ++ pax_track_stack(); ++ + kdebug("abort_creds(%p{%d,%d})", new, + atomic_read(&new->usage), + read_cred_subscribers(new)); +@@ -629,6 +649,8 @@ const struct cred *override_creds(const=20 + { + const struct cred *old =3D current->cred; +=20 ++ pax_track_stack(); ++ + kdebug("override_creds(%p{%d,%d})", new, + atomic_read(&new->usage), + read_cred_subscribers(new)); +@@ -658,6 +680,8 @@ void revert_creds(const struct cred *old + { + const struct cred *override =3D current->cred; +=20 ++ pax_track_stack(); ++ + kdebug("revert_creds(%p{%d,%d})", old, + atomic_read(&old->usage), + read_cred_subscribers(old)); +@@ -704,6 +728,8 @@ struct cred *prepare_kernel_cred(struct=20 + const struct cred *old; + struct cred *new; +=20 ++ pax_track_stack(); ++ + new =3D kmem_cache_alloc(cred_jar, GFP_KERNEL); + if (!new) + return NULL; +@@ -758,6 +784,8 @@ EXPORT_SYMBOL(prepare_kernel_cred); + */ + int set_security_override(struct cred *new, u32 secid) + { ++ pax_track_stack(); ++ + return security_kernel_act_as(new, secid); + } + EXPORT_SYMBOL(set_security_override); +@@ -777,6 +805,8 @@ int set_security_override_from_ctx(struc + u32 secid; + int ret; +=20 ++ pax_track_stack(); ++ + ret =3D security_secctx_to_secid(secctx, strlen(secctx), &secid); + if (ret < 0) + return ret; diff -urNp linux-2.6.32.40/kernel/exit.c linux-2.6.32.40/kernel/exit.c --- linux-2.6.32.40/kernel/exit.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.40/kernel/exit.c 2011-04-17 15:56:46.000000000 -0400 @@ -56635,7 +58683,7 @@ diff -urNp linux-2.6.32.40/kernel/fork.c linux-2.= 6.32.40/kernel/fork.c new_fs =3D fs; diff -urNp linux-2.6.32.40/kernel/futex.c linux-2.6.32.40/kernel/futex.c --- linux-2.6.32.40/kernel/futex.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/kernel/futex.c 2011-04-17 15:56:46.000000000 -0400 ++++ linux-2.6.32.40/kernel/futex.c 2011-05-16 21:46:57.000000000 -0400 @@ -54,6 +54,7 @@ #include #include @@ -56656,7 +58704,16 @@ diff -urNp linux-2.6.32.40/kernel/futex.c linux-= 2.6.32.40/kernel/futex.c /* * The futex address must be "naturally" aligned. */ -@@ -1841,7 +1847,7 @@ retry: +@@ -1789,6 +1795,8 @@ static int futex_wait(u32 __user *uaddr, + struct futex_q q; + int ret; +=20 ++ pax_track_stack(); ++ + if (!bitset) + return -EINVAL; +=20 +@@ -1841,7 +1849,7 @@ retry: =20 restart =3D ¤t_thread_info()->restart_block; restart->fn =3D futex_wait_restart; @@ -56665,7 +58722,16 @@ diff -urNp linux-2.6.32.40/kernel/futex.c linux-= 2.6.32.40/kernel/futex.c restart->futex.val =3D val; restart->futex.time =3D abs_time->tv64; restart->futex.bitset =3D bitset; -@@ -2377,7 +2383,9 @@ SYSCALL_DEFINE3(get_robust_list, int, pi +@@ -2203,6 +2211,8 @@ static int futex_wait_requeue_pi(u32 __u + struct futex_q q; + int res, ret; +=20 ++ pax_track_stack(); ++ + if (!bitset) + return -EINVAL; +=20 +@@ -2377,7 +2387,9 @@ SYSCALL_DEFINE3(get_robust_list, int, pi { struct robust_list_head __user *head; unsigned long ret; @@ -56675,7 +58741,7 @@ diff -urNp linux-2.6.32.40/kernel/futex.c linux-2= .6.32.40/kernel/futex.c =20 if (!futex_cmpxchg_enabled) return -ENOSYS; -@@ -2393,11 +2401,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pi +@@ -2393,11 +2405,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pi if (!p) goto err_unlock; ret =3D -EPERM; @@ -56692,7 +58758,7 @@ diff -urNp linux-2.6.32.40/kernel/futex.c linux-2= .6.32.40/kernel/futex.c head =3D p->robust_list; rcu_read_unlock(); } -@@ -2459,7 +2472,7 @@ retry: +@@ -2459,7 +2476,7 @@ retry: */ static inline int fetch_robust_entry(struct robust_list __user **entry, struct robust_list __user * __user *head, @@ -56701,7 +58767,7 @@ diff -urNp linux-2.6.32.40/kernel/futex.c linux-2= .6.32.40/kernel/futex.c { unsigned long uentry; =20 -@@ -2640,6 +2653,7 @@ static int __init futex_init(void) +@@ -2640,6 +2657,7 @@ static int __init futex_init(void) { u32 curval; int i; @@ -56709,7 +58775,7 @@ diff -urNp linux-2.6.32.40/kernel/futex.c linux-2= .6.32.40/kernel/futex.c =20 /* * This will fail and we want it. Some arch implementations do -@@ -2651,7 +2665,10 @@ static int __init futex_init(void) +@@ -2651,7 +2669,10 @@ static int __init futex_init(void) * implementation, the non functional ones will return * -ENOSYS. */ @@ -58314,7 +60380,7 @@ diff -urNp linux-2.6.32.40/kernel/posix-cpu-timer= s.c linux-2.6.32.40/kernel/posi #include diff -urNp linux-2.6.32.40/kernel/posix-timers.c linux-2.6.32.40/kernel/= posix-timers.c --- linux-2.6.32.40/kernel/posix-timers.c 2011-03-27 14:31:47.000000000 = -0400 -+++ linux-2.6.32.40/kernel/posix-timers.c 2011-04-17 15:56:46.000000000 = -0400 ++++ linux-2.6.32.40/kernel/posix-timers.c 2011-05-16 21:46:57.000000000 = -0400 @@ -42,6 +42,7 @@ #include #include @@ -58323,7 +60389,16 @@ diff -urNp linux-2.6.32.40/kernel/posix-timers.c= linux-2.6.32.40/kernel/posix-ti #include #include #include -@@ -948,6 +949,13 @@ SYSCALL_DEFINE2(clock_settime, const clo +@@ -296,6 +297,8 @@ static __init int init_posix_timers(void + .nsleep =3D no_nsleep, + }; +=20 ++ pax_track_stack(); ++ + register_posix_clock(CLOCK_REALTIME, &clock_realtime); + register_posix_clock(CLOCK_MONOTONIC, &clock_monotonic); + register_posix_clock(CLOCK_MONOTONIC_RAW, &clock_monotonic_raw); +@@ -948,6 +951,13 @@ SYSCALL_DEFINE2(clock_settime, const clo if (copy_from_user(&new_tp, tp, sizeof (*tp))) return -EFAULT; =20 @@ -58840,7 +60915,7 @@ diff -urNp linux-2.6.32.40/kernel/rcutree_plugin.= h linux-2.6.32.40/kernel/rcutre } diff -urNp linux-2.6.32.40/kernel/relay.c linux-2.6.32.40/kernel/relay.c --- linux-2.6.32.40/kernel/relay.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/kernel/relay.c 2011-04-17 15:56:46.000000000 -0400 ++++ linux-2.6.32.40/kernel/relay.c 2011-05-16 21:46:57.000000000 -0400 @@ -1222,7 +1222,7 @@ static int subbuf_splice_actor(struct fi unsigned int flags, int *nonpad_ret) @@ -58850,11 +60925,13 @@ diff -urNp linux-2.6.32.40/kernel/relay.c linux= -2.6.32.40/kernel/relay.c struct rchan_buf *rbuf =3D in->private_data; unsigned int subbuf_size =3D rbuf->chan->subbuf_size; uint64_t pos =3D (uint64_t) *ppos; -@@ -1241,6 +1241,7 @@ static int subbuf_splice_actor(struct fi +@@ -1241,6 +1241,9 @@ static int subbuf_splice_actor(struct fi .ops =3D &relay_pipe_buf_ops, .spd_release =3D relay_page_release, }; + ssize_t ret; ++ ++ pax_track_stack(); =20 if (rbuf->subbufs_produced =3D=3D rbuf->subbufs_consumed) return 0; @@ -59922,8 +61999,26 @@ diff -urNp linux-2.6.32.40/kernel/trace/ring_buf= fer.c linux-2.6.32.40/kernel/tra { diff -urNp linux-2.6.32.40/kernel/trace/trace.c linux-2.6.32.40/kernel/t= race/trace.c --- linux-2.6.32.40/kernel/trace/trace.c 2011-03-27 14:31:47.000000000 -= 0400 -+++ linux-2.6.32.40/kernel/trace/trace.c 2011-04-17 15:56:46.000000000 -= 0400 -@@ -3816,10 +3816,9 @@ static const struct file_operations trac ++++ linux-2.6.32.40/kernel/trace/trace.c 2011-05-16 21:46:57.000000000 -= 0400 +@@ -3193,6 +3193,8 @@ static ssize_t tracing_splice_read_pipe( + size_t rem; + unsigned int i; +=20 ++ pax_track_stack(); ++ + /* copy the tracer to avoid using a global lock all around */ + mutex_lock(&trace_types_lock); + if (unlikely(old_tracer !=3D current_trace && current_trace)) { +@@ -3659,6 +3661,8 @@ tracing_buffers_splice_read(struct file=20 + int entries, size, i; + size_t ret; +=20 ++ pax_track_stack(); ++ + if (*ppos & (PAGE_SIZE - 1)) { + WARN_ONCE(1, "Ftrace: previous read must page-align\n"); + return -EINVAL; +@@ -3816,10 +3820,9 @@ static const struct file_operations trac }; #endif =20 @@ -59935,7 +62030,7 @@ diff -urNp linux-2.6.32.40/kernel/trace/trace.c l= inux-2.6.32.40/kernel/trace/tra static int once; =20 if (d_tracer) -@@ -3839,10 +3838,9 @@ struct dentry *tracing_init_dentry(void) +@@ -3839,10 +3842,9 @@ struct dentry *tracing_init_dentry(void) return d_tracer; } =20 @@ -60335,14 +62430,14 @@ diff -urNp linux-2.6.32.40/localversion-grsec l= inux-2.6.32.40/localversion-grsec +-grsec diff -urNp linux-2.6.32.40/Makefile linux-2.6.32.40/Makefile --- linux-2.6.32.40/Makefile 2011-05-10 22:12:01.000000000 -0400 -+++ linux-2.6.32.40/Makefile 2011-05-10 22:12:26.000000000 -0400 ++++ linux-2.6.32.40/Makefile 2011-05-16 22:06:44.000000000 -0400 @@ -221,8 +221,8 @@ CONFIG_SHELL :=3D $(shell if [ -x "$$BASH" =20 HOSTCC =3D gcc HOSTCXX =3D g++ -HOSTCFLAGS =3D -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fo= mit-frame-pointer -HOSTCXXFLAGS =3D -O2 -+HOSTCFLAGS =3D -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno= -empty-body -Wno-missing-field-initializers -Wno-unused-parameter -Wno-mi= ssing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointe= r-checks ++HOSTCFLAGS =3D -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno= -empty-body -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fo= mit-frame-pointer -fno-delete-null-pointer-checks +HOSTCXXFLAGS =3D -O2 -fno-delete-null-pointer-checks =20 # Decide whether to build built-in, modular, or both. @@ -61292,8 +63387,17 @@ diff -urNp linux-2.6.32.40/mm/mempolicy.c linux-= 2.6.32.40/mm/mempolicy.c } else if (vma->vm_start <=3D mm->start_stack && diff -urNp linux-2.6.32.40/mm/migrate.c linux-2.6.32.40/mm/migrate.c --- linux-2.6.32.40/mm/migrate.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/mm/migrate.c 2011-04-17 15:56:46.000000000 -0400 -@@ -1106,6 +1106,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,=20 ++++ linux-2.6.32.40/mm/migrate.c 2011-05-16 21:46:57.000000000 -0400 +@@ -916,6 +916,8 @@ static int do_pages_move(struct mm_struc + unsigned long chunk_start; + int err; +=20 ++ pax_track_stack(); ++ + task_nodes =3D cpuset_mems_allowed(task); +=20 + err =3D -ENOMEM; +@@ -1106,6 +1108,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,=20 if (!mm) return -EINVAL; =20 @@ -61308,7 +63412,7 @@ diff -urNp linux-2.6.32.40/mm/migrate.c linux-2.6= .32.40/mm/migrate.c /* * Check if this process has the right to modify the specified * process. The right exists if the process has administrative -@@ -1115,8 +1123,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,=20 +@@ -1115,8 +1125,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,=20 rcu_read_lock(); tcred =3D __task_cred(task); if (cred->euid !=3D tcred->suid && cred->euid !=3D tcred->uid && @@ -63011,7 +65115,7 @@ diff -urNp linux-2.6.32.40/mm/nommu.c linux-2.6.3= 2.40/mm/nommu.c */ diff -urNp linux-2.6.32.40/mm/page_alloc.c linux-2.6.32.40/mm/page_alloc= .c --- linux-2.6.32.40/mm/page_alloc.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/mm/page_alloc.c 2011-04-17 15:56:46.000000000 -0400 ++++ linux-2.6.32.40/mm/page_alloc.c 2011-05-16 21:46:57.000000000 -0400 @@ -587,6 +587,10 @@ static void __free_pages_ok(struct page=20 int bad =3D 0; int wasMlocked =3D __TestClearPageMlocked(page); @@ -63059,7 +65163,16 @@ diff -urNp linux-2.6.32.40/mm/page_alloc.c linux= -2.6.32.40/mm/page_alloc.c arch_free_page(page, 0); kernel_map_pages(page, 1, 0); =20 -@@ -3736,7 +3753,7 @@ static void __init setup_usemap(struct p +@@ -2179,6 +2196,8 @@ void show_free_areas(void) + int cpu; + struct zone *zone; +=20 ++ pax_track_stack(); ++ + for_each_populated_zone(zone) { + show_node(zone); + printk("%s per-cpu:\n", zone->name); +@@ -3736,7 +3755,7 @@ static void __init setup_usemap(struct p zone->pageblock_flags =3D alloc_bootmem_node(pgdat, usemapsize); } #else @@ -63103,7 +65216,7 @@ diff -urNp linux-2.6.32.40/mm/rmap.c linux-2.6.32= .40/mm/rmap.c allocated =3D NULL; diff -urNp linux-2.6.32.40/mm/shmem.c linux-2.6.32.40/mm/shmem.c --- linux-2.6.32.40/mm/shmem.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/mm/shmem.c 2011-05-04 17:56:20.000000000 -0400 ++++ linux-2.6.32.40/mm/shmem.c 2011-05-18 20:09:37.000000000 -0400 @@ -31,7 +31,7 @@ #include #include @@ -63122,16 +65235,25 @@ diff -urNp linux-2.6.32.40/mm/shmem.c linux-2.6= .32.40/mm/shmem.c if (entry->val) { /* * The more uptodate page coming down from a stacked -@@ -1962,7 +1964,7 @@ static int shmem_symlink(struct inode *d +@@ -1144,6 +1146,8 @@ static struct page *shmem_swapin(swp_ent + struct vm_area_struct pvma; + struct page *page; +=20 ++ pax_track_stack(); ++ + spol =3D mpol_cond_copy(&mpol, + mpol_shared_policy_lookup(&info->policy, idx)); +=20 +@@ -1962,7 +1966,7 @@ static int shmem_symlink(struct inode *d =20 info =3D SHMEM_I(inode); inode->i_size =3D len-1; - if (len <=3D (char *)inode - (char *)info) { -+ if (len <=3D min((char *)inode - (char *)info, 64)) { ++ if (len <=3D (char *)inode - (char *)info && len <=3D 64) { /* do it inline */ memcpy(info, symname, len); inode->i_op =3D &shmem_symlink_inline_operations; -@@ -2310,8 +2312,7 @@ int shmem_fill_super(struct super_block=20 +@@ -2310,8 +2314,7 @@ int shmem_fill_super(struct super_block=20 int err =3D -ENOMEM; =20 /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -64201,6 +66323,18 @@ diff -urNp linux-2.6.32.40/net/atm/atm_misc.c li= nux-2.6.32.40/net/atm/atm_misc.c __SONET_ITEMS #undef __HANDLE_ITEM } +diff -urNp linux-2.6.32.40/net/atm/mpoa_caches.c linux-2.6.32.40/net/atm= /mpoa_caches.c +--- linux-2.6.32.40/net/atm/mpoa_caches.c 2011-03-27 14:31:47.000000000 = -0400 ++++ linux-2.6.32.40/net/atm/mpoa_caches.c 2011-05-16 21:46:57.000000000 = -0400 +@@ -498,6 +498,8 @@ static void clear_expired(struct mpoa_cl + struct timeval now; + struct k_message msg; +=20 ++ pax_track_stack(); ++ + do_gettimeofday(&now); +=20 + write_lock_irq(&client->egress_lock); diff -urNp linux-2.6.32.40/net/atm/proc.c linux-2.6.32.40/net/atm/proc.c --- linux-2.6.32.40/net/atm/proc.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.40/net/atm/proc.c 2011-04-17 15:56:46.000000000 -0400 @@ -64299,6 +66433,18 @@ diff -urNp linux-2.6.32.40/net/bridge/br_sysfs_i= f.c linux-2.6.32.40/net/bridge/b .show =3D brport_show, .store =3D brport_store, }; +diff -urNp linux-2.6.32.40/net/bridge/netfilter/ebtables.c linux-2.6.32.= 40/net/bridge/netfilter/ebtables.c +--- linux-2.6.32.40/net/bridge/netfilter/ebtables.c 2011-04-17 17:00:52.= 000000000 -0400 ++++ linux-2.6.32.40/net/bridge/netfilter/ebtables.c 2011-05-16 21:46:57.= 000000000 -0400 +@@ -1337,6 +1337,8 @@ static int copy_everything_to_user(struc + unsigned int entries_size, nentries; + char *entries; +=20 ++ pax_track_stack(); ++ + if (cmd =3D=3D EBT_SO_GET_ENTRIES) { + entries_size =3D t->private->entries_size; + nentries =3D t->private->nentries; diff -urNp linux-2.6.32.40/net/can/bcm.c linux-2.6.32.40/net/can/bcm.c --- linux-2.6.32.40/net/can/bcm.c 2011-05-10 22:12:01.000000000 -0400 +++ linux-2.6.32.40/net/can/bcm.c 2011-05-10 22:12:34.000000000 -0400 @@ -64416,6 +66562,18 @@ diff -urNp linux-2.6.32.40/net/core/flow.c linux= -2.6.32.40/net/core/flow.c =20 if (!fle->object || fle->genid =3D=3D genid) continue; +diff -urNp linux-2.6.32.40/net/core/skbuff.c linux-2.6.32.40/net/core/sk= buff.c +--- linux-2.6.32.40/net/core/skbuff.c 2011-03-27 14:31:47.000000000 -040= 0 ++++ linux-2.6.32.40/net/core/skbuff.c 2011-05-16 21:46:57.000000000 -040= 0 +@@ -1544,6 +1544,8 @@ int skb_splice_bits(struct sk_buff *skb, + struct sk_buff *frag_iter; + struct sock *sk =3D skb->sk; +=20 ++ pax_track_stack(); ++ + /* + * __skb_splice_bits() only fails if the output has no room left, + * so no point in going over the frag_list for the error case. diff -urNp linux-2.6.32.40/net/core/sock.c linux-2.6.32.40/net/core/sock= .c --- linux-2.6.32.40/net/core/sock.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.40/net/core/sock.c 2011-05-04 17:56:20.000000000 -0400 @@ -64594,8 +66752,17 @@ diff -urNp linux-2.6.32.40/net/ipv4/inet_hashtab= les.c linux-2.6.32.40/net/ipv4/i inet_twsk_put(tw); diff -urNp linux-2.6.32.40/net/ipv4/inetpeer.c linux-2.6.32.40/net/ipv4/= inetpeer.c --- linux-2.6.32.40/net/ipv4/inetpeer.c 2011-03-27 14:31:47.000000000 -0= 400 -+++ linux-2.6.32.40/net/ipv4/inetpeer.c 2011-04-17 15:56:46.000000000 -0= 400 -@@ -389,7 +389,7 @@ struct inet_peer *inet_getpeer(__be32 da ++++ linux-2.6.32.40/net/ipv4/inetpeer.c 2011-05-16 21:46:57.000000000 -0= 400 +@@ -366,6 +366,8 @@ struct inet_peer *inet_getpeer(__be32 da + struct inet_peer *p, *n; + struct inet_peer **stack[PEER_MAXDEPTH], ***stackptr; +=20 ++ pax_track_stack(); ++ + /* Look up for the address quickly. */ + read_lock_bh(&peer_pool_lock); + p =3D lookup(daddr, NULL); +@@ -389,7 +391,7 @@ struct inet_peer *inet_getpeer(__be32 da return NULL; n->v4daddr =3D daddr; atomic_set(&n->refcnt, 1); @@ -64616,6 +66783,18 @@ diff -urNp linux-2.6.32.40/net/ipv4/ip_fragment.= c linux-2.6.32.40/net/ipv4/ip_fr qp->rid =3D end; =20 rc =3D qp->q.fragments && (end - start) > max; +diff -urNp linux-2.6.32.40/net/ipv4/ip_sockglue.c linux-2.6.32.40/net/ip= v4/ip_sockglue.c +--- linux-2.6.32.40/net/ipv4/ip_sockglue.c 2011-03-27 14:31:47.000000000= -0400 ++++ linux-2.6.32.40/net/ipv4/ip_sockglue.c 2011-05-16 21:46:57.000000000= -0400 +@@ -1015,6 +1015,8 @@ static int do_ip_getsockopt(struct sock=20 + int val; + int len; +=20 ++ pax_track_stack(); ++ + if (level !=3D SOL_IP) + return -EOPNOTSUPP; +=20 diff -urNp linux-2.6.32.40/net/ipv4/netfilter/arp_tables.c linux-2.6.32.= 40/net/ipv4/netfilter/arp_tables.c --- linux-2.6.32.40/net/ipv4/netfilter/arp_tables.c 2011-04-17 17:00:52.= 000000000 -0400 +++ linux-2.6.32.40/net/ipv4/netfilter/arp_tables.c 2011-04-17 17:04:18.= 000000000 -0400 @@ -64751,6 +66930,27 @@ diff -urNp linux-2.6.32.40/net/ipv4/route.c linu= x-2.6.32.40/net/ipv4/route.c (int) ((num_physpages ^ (num_physpages>>8)) ^ (jiffies ^ (jiffies >> 7)))); =20 +diff -urNp linux-2.6.32.40/net/ipv4/tcp.c linux-2.6.32.40/net/ipv4/tcp.c +--- linux-2.6.32.40/net/ipv4/tcp.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.40/net/ipv4/tcp.c 2011-05-16 21:46:57.000000000 -0400 +@@ -2085,6 +2085,8 @@ static int do_tcp_setsockopt(struct sock + int val; + int err =3D 0; +=20 ++ pax_track_stack(); ++ + /* This is a string value all the others are int's */ + if (optname =3D=3D TCP_CONGESTION) { + char name[TCP_CA_NAME_MAX]; +@@ -2355,6 +2357,8 @@ static int do_tcp_getsockopt(struct sock + struct tcp_sock *tp =3D tcp_sk(sk); + int val, len; +=20 ++ pax_track_stack(); ++ + if (get_user(len, optlen)) + return -EFAULT; +=20 diff -urNp linux-2.6.32.40/net/ipv4/tcp_ipv4.c linux-2.6.32.40/net/ipv4/= tcp_ipv4.c --- linux-2.6.32.40/net/ipv4/tcp_ipv4.c 2011-03-27 14:31:47.000000000 -0= 400 +++ linux-2.6.32.40/net/ipv4/tcp_ipv4.c 2011-04-17 15:56:46.000000000 -0= 400 @@ -64874,6 +67074,18 @@ diff -urNp linux-2.6.32.40/net/ipv4/tcp_minisock= s.c linux-2.6.32.40/net/ipv4/tcp if (!(flg & TCP_FLAG_RST)) req->rsk_ops->send_reset(sk, skb); =20 +diff -urNp linux-2.6.32.40/net/ipv4/tcp_output.c linux-2.6.32.40/net/ipv= 4/tcp_output.c +--- linux-2.6.32.40/net/ipv4/tcp_output.c 2011-03-27 14:31:47.000000000 = -0400 ++++ linux-2.6.32.40/net/ipv4/tcp_output.c 2011-05-16 21:46:57.000000000 = -0400 +@@ -2234,6 +2234,8 @@ struct sk_buff *tcp_make_synack(struct s + __u8 *md5_hash_location; + int mss; +=20 ++ pax_track_stack(); ++ + skb =3D sock_wmalloc(sk, MAX_TCP_HEADER + 15, 1, GFP_ATOMIC); + if (skb =3D=3D NULL) + return NULL; diff -urNp linux-2.6.32.40/net/ipv4/tcp_probe.c linux-2.6.32.40/net/ipv4= /tcp_probe.c --- linux-2.6.32.40/net/ipv4/tcp_probe.c 2011-03-27 14:31:47.000000000 -= 0400 +++ linux-2.6.32.40/net/ipv4/tcp_probe.c 2011-04-17 15:56:46.000000000 -= 0400 @@ -65044,6 +67256,27 @@ diff -urNp linux-2.6.32.40/net/ipv6/inet6_hashta= bles.c linux-2.6.32.40/net/ipv6/ const unsigned short hnum, const struct in6_addr *daddr, const int dif) +diff -urNp linux-2.6.32.40/net/ipv6/ipv6_sockglue.c linux-2.6.32.40/net/= ipv6/ipv6_sockglue.c +--- linux-2.6.32.40/net/ipv6/ipv6_sockglue.c 2011-03-27 14:31:47.0000000= 00 -0400 ++++ linux-2.6.32.40/net/ipv6/ipv6_sockglue.c 2011-05-16 21:46:57.0000000= 00 -0400 +@@ -130,6 +130,8 @@ static int do_ipv6_setsockopt(struct soc + int val, valbool; + int retv =3D -ENOPROTOOPT; +=20 ++ pax_track_stack(); ++ + if (optval =3D=3D NULL) + val=3D0; + else { +@@ -881,6 +883,8 @@ static int do_ipv6_getsockopt(struct soc + int len; + int val; +=20 ++ pax_track_stack(); ++ + if (ip6_mroute_opt(optname)) + return ip6_mroute_getsockopt(sk, optname, optval, optlen); +=20 diff -urNp linux-2.6.32.40/net/ipv6/netfilter/ip6_tables.c linux-2.6.32.= 40/net/ipv6/netfilter/ip6_tables.c --- linux-2.6.32.40/net/ipv6/netfilter/ip6_tables.c 2011-04-17 17:00:52.= 000000000 -0400 +++ linux-2.6.32.40/net/ipv6/netfilter/ip6_tables.c 2011-04-17 17:04:18.= 000000000 -0400 @@ -65057,7 +67290,7 @@ diff -urNp linux-2.6.32.40/net/ipv6/netfilter/ip6= _tables.c linux-2.6.32.40/net/i sizeof(info.hook_entry)); diff -urNp linux-2.6.32.40/net/ipv6/raw.c linux-2.6.32.40/net/ipv6/raw.c --- linux-2.6.32.40/net/ipv6/raw.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/net/ipv6/raw.c 2011-05-04 17:58:00.000000000 -0400 ++++ linux-2.6.32.40/net/ipv6/raw.c 2011-05-16 21:46:57.000000000 -0400 @@ -375,14 +375,14 @@ static inline int rawv6_rcv_skb(struct s { if ((raw6_sk(sk)->checksum || sk->sk_filter) && @@ -65111,7 +67344,16 @@ diff -urNp linux-2.6.32.40/net/ipv6/raw.c linux-= 2.6.32.40/net/ipv6/raw.c struct flowi *fl, struct rt6_info *rt, unsigned int flags) { -@@ -916,12 +916,17 @@ do_confirm: +@@ -738,6 +738,8 @@ static int rawv6_sendmsg(struct kiocb *i + u16 proto; + int err; +=20 ++ pax_track_stack(); ++ + /* Rough check on arithmetic overflow, + better check is made in ip6_append_data(). + */ +@@ -916,12 +918,17 @@ do_confirm: static int rawv6_seticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int optlen) { @@ -65130,7 +67372,7 @@ diff -urNp linux-2.6.32.40/net/ipv6/raw.c linux-2= .6.32.40/net/ipv6/raw.c return 0; default: return -ENOPROTOOPT; -@@ -933,6 +938,7 @@ static int rawv6_seticmpfilter(struct so +@@ -933,6 +940,7 @@ static int rawv6_seticmpfilter(struct so static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { @@ -65138,7 +67380,7 @@ diff -urNp linux-2.6.32.40/net/ipv6/raw.c linux-2= .6.32.40/net/ipv6/raw.c int len; =20 switch (optname) { -@@ -945,7 +951,8 @@ static int rawv6_geticmpfilter(struct so +@@ -945,7 +953,8 @@ static int rawv6_geticmpfilter(struct so len =3D sizeof(struct icmp6_filter); if (put_user(len, optlen)) return -EFAULT; @@ -65148,7 +67390,7 @@ diff -urNp linux-2.6.32.40/net/ipv6/raw.c linux-2= .6.32.40/net/ipv6/raw.c return -EFAULT; return 0; default: -@@ -1241,7 +1248,13 @@ static void raw6_sock_seq_show(struct se +@@ -1241,7 +1250,13 @@ static void raw6_sock_seq_show(struct se 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -65457,8 +67699,17 @@ diff -urNp linux-2.6.32.40/net/iucv/af_iucv.c li= nux-2.6.32.40/net/iucv/af_iucv.c write_unlock_bh(&iucv_sk_list.lock); diff -urNp linux-2.6.32.40/net/key/af_key.c linux-2.6.32.40/net/key/af_k= ey.c --- linux-2.6.32.40/net/key/af_key.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/net/key/af_key.c 2011-04-17 15:56:46.000000000 -0400 -@@ -3660,7 +3660,11 @@ static int pfkey_seq_show(struct seq_fil ++++ linux-2.6.32.40/net/key/af_key.c 2011-05-16 21:46:57.000000000 -0400 +@@ -2489,6 +2489,8 @@ static int pfkey_migrate(struct sock *sk + struct xfrm_migrate m[XFRM_MAX_DEPTH]; + struct xfrm_kmaddress k; +=20 ++ pax_track_stack(); ++ + if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1], + ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) || + !ext_hdrs[SADB_X_EXT_POLICY - 1]) { +@@ -3660,7 +3662,11 @@ static int pfkey_seq_show(struct seq_fil seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n"); else seq_printf(f ,"%p %-6d %-6u %-6u %-6u %-6lu\n", @@ -65511,6 +67762,18 @@ diff -urNp linux-2.6.32.40/net/mac80211/debugfs_= key.c linux-2.6.32.40/net/mac802 =20 for (i =3D 0; i < key->conf.keylen; i++) p +=3D scnprintf(p, bufsize + buf - p, "%02x", key->conf.key[i]); +diff -urNp linux-2.6.32.40/net/mac80211/debugfs_sta.c linux-2.6.32.40/ne= t/mac80211/debugfs_sta.c +--- linux-2.6.32.40/net/mac80211/debugfs_sta.c 2011-03-27 14:31:47.00000= 0000 -0400 ++++ linux-2.6.32.40/net/mac80211/debugfs_sta.c 2011-05-16 21:46:57.00000= 0000 -0400 +@@ -124,6 +124,8 @@ static ssize_t sta_agg_status_read(struc + int i; + struct sta_info *sta =3D file->private_data; +=20 ++ pax_track_stack(); ++ + spin_lock_bh(&sta->lock); + p +=3D scnprintf(p, sizeof(buf)+buf-p, "next dialog_token is %#02x\n", + sta->ampdu_mlme.dialog_token_allocator + 1); diff -urNp linux-2.6.32.40/net/mac80211/ieee80211_i.h linux-2.6.32.40/ne= t/mac80211/ieee80211_i.h --- linux-2.6.32.40/net/mac80211/ieee80211_i.h 2011-03-27 14:31:47.00000= 0000 -0400 +++ linux-2.6.32.40/net/mac80211/ieee80211_i.h 2011-04-17 15:56:46.00000= 0000 -0400 @@ -65600,6 +67863,18 @@ diff -urNp linux-2.6.32.40/net/mac80211/main.c l= inux-2.6.32.40/net/mac80211/main ret =3D drv_config(local, changed); /* * Goal: +diff -urNp linux-2.6.32.40/net/mac80211/mlme.c linux-2.6.32.40/net/mac80= 211/mlme.c +--- linux-2.6.32.40/net/mac80211/mlme.c 2011-03-27 14:31:47.000000000 -0= 400 ++++ linux-2.6.32.40/net/mac80211/mlme.c 2011-05-16 21:46:57.000000000 -0= 400 +@@ -1438,6 +1438,8 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee + bool have_higher_than_11mbit =3D false, newsta =3D false; + u16 ap_ht_cap_flags; +=20 ++ pax_track_stack(); ++ + /* + * AssocResp and ReassocResp have identical structure, so process both + * of them in this function. diff -urNp linux-2.6.32.40/net/mac80211/pm.c linux-2.6.32.40/net/mac8021= 1/pm.c --- linux-2.6.32.40/net/mac80211/pm.c 2011-03-27 14:31:47.000000000 -040= 0 +++ linux-2.6.32.40/net/mac80211/pm.c 2011-04-17 15:56:46.000000000 -040= 0 @@ -65648,9 +67923,21 @@ diff -urNp linux-2.6.32.40/net/mac80211/util.c l= inux-2.6.32.40/net/mac80211/util /* * Upon resume hardware can sometimes be goofy due to * various platform / driver / bus issues, so restarting +diff -urNp linux-2.6.32.40/net/netfilter/ipvs/ip_vs_app.c linux-2.6.32.4= 0/net/netfilter/ipvs/ip_vs_app.c +--- linux-2.6.32.40/net/netfilter/ipvs/ip_vs_app.c 2011-03-27 14:31:47.0= 00000000 -0400 ++++ linux-2.6.32.40/net/netfilter/ipvs/ip_vs_app.c 2011-05-17 19:26:34.0= 00000000 -0400 +@@ -564,7 +564,7 @@ static const struct file_operations ip_v + .open =3D ip_vs_app_open, + .read =3D seq_read, + .llseek =3D seq_lseek, +- .release =3D seq_release, ++ .release =3D seq_release_net, + }; + #endif +=20 diff -urNp linux-2.6.32.40/net/netfilter/ipvs/ip_vs_conn.c linux-2.6.32.= 40/net/netfilter/ipvs/ip_vs_conn.c --- linux-2.6.32.40/net/netfilter/ipvs/ip_vs_conn.c 2011-03-27 14:31:47.= 000000000 -0400 -+++ linux-2.6.32.40/net/netfilter/ipvs/ip_vs_conn.c 2011-05-04 17:56:28.= 000000000 -0400 ++++ linux-2.6.32.40/net/netfilter/ipvs/ip_vs_conn.c 2011-05-17 19:26:34.= 000000000 -0400 @@ -453,10 +453,10 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, s /* if the connection is not template and is created * by sync, preserve the activity flag. @@ -65673,6 +67960,24 @@ diff -urNp linux-2.6.32.40/net/netfilter/ipvs/ip= _vs_conn.c linux-2.6.32.40/net/n =20 atomic_inc(&ip_vs_conn_count); if (flags & IP_VS_CONN_F_NO_CPORT) +@@ -871,7 +871,7 @@ static const struct file_operations ip_v + .open =3D ip_vs_conn_open, + .read =3D seq_read, + .llseek =3D seq_lseek, +- .release =3D seq_release, ++ .release =3D seq_release_net, + }; +=20 + static const char *ip_vs_origin_name(unsigned flags) +@@ -934,7 +934,7 @@ static const struct file_operations ip_v + .open =3D ip_vs_conn_sync_open, + .read =3D seq_read, + .llseek =3D seq_lseek, +- .release =3D seq_release, ++ .release =3D seq_release_net, + }; +=20 + #endif @@ -961,7 +961,7 @@ static inline int todrop_entry(struct ip =20 /* Don't drop the entry if its number of incoming packets is not @@ -65705,7 +68010,7 @@ diff -urNp linux-2.6.32.40/net/netfilter/ipvs/ip_= vs_core.c linux-2.6.32.40/net/n (((cp->protocol !=3D IPPROTO_TCP || diff -urNp linux-2.6.32.40/net/netfilter/ipvs/ip_vs_ctl.c linux-2.6.32.4= 0/net/netfilter/ipvs/ip_vs_ctl.c --- linux-2.6.32.40/net/netfilter/ipvs/ip_vs_ctl.c 2011-03-27 14:31:47.0= 00000000 -0400 -+++ linux-2.6.32.40/net/netfilter/ipvs/ip_vs_ctl.c 2011-05-04 17:56:28.0= 00000000 -0400 ++++ linux-2.6.32.40/net/netfilter/ipvs/ip_vs_ctl.c 2011-05-17 19:26:34.0= 00000000 -0400 @@ -792,7 +792,7 @@ __ip_vs_update_dest(struct ip_vs_service ip_vs_rs_hash(dest); write_unlock_bh(&__ip_vs_rs_lock); @@ -65733,6 +68038,24 @@ diff -urNp linux-2.6.32.40/net/netfilter/ipvs/ip= _vs_ctl.c linux-2.6.32.40/net/ne atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); +@@ -1927,7 +1927,7 @@ static const struct file_operations ip_v + .open =3D ip_vs_info_open, + .read =3D seq_read, + .llseek =3D seq_lseek, +- .release =3D seq_release_private, ++ .release =3D seq_release_net, + }; +=20 + #endif +@@ -1976,7 +1976,7 @@ static const struct file_operations ip_v + .open =3D ip_vs_stats_seq_open, + .read =3D seq_read, + .llseek =3D seq_lseek, +- .release =3D single_release, ++ .release =3D single_release_net, + }; +=20 + #endif @@ -2292,7 +2292,7 @@ __ip_vs_get_dest_entries(const struct ip =20 entry.addr =3D dest->addr.ip; @@ -65742,7 +68065,16 @@ diff -urNp linux-2.6.32.40/net/netfilter/ipvs/ip= _vs_ctl.c linux-2.6.32.40/net/ne entry.weight =3D atomic_read(&dest->weight); entry.u_threshold =3D dest->u_threshold; entry.l_threshold =3D dest->l_threshold; -@@ -2802,7 +2802,7 @@ static int ip_vs_genl_fill_dest(struct s +@@ -2353,6 +2353,8 @@ do_ip_vs_get_ctl(struct sock *sk, int cm + unsigned char arg[128]; + int ret =3D 0; +=20 ++ pax_track_stack(); ++ + if (!capable(CAP_NET_ADMIN)) + return -EPERM; +=20 +@@ -2802,7 +2804,7 @@ static int ip_vs_genl_fill_dest(struct s NLA_PUT_U16(skb, IPVS_DEST_ATTR_PORT, dest->port); =20 NLA_PUT_U32(skb, IPVS_DEST_ATTR_FWD_METHOD, @@ -66083,6 +68415,18 @@ diff -urNp linux-2.6.32.40/net/rds/cong.c linux-= 2.6.32.40/net/rds/cong.c =20 if (likely(*recent =3D=3D gen)) return 0; +diff -urNp linux-2.6.32.40/net/rds/iw_rdma.c linux-2.6.32.40/net/rds/iw_= rdma.c +--- linux-2.6.32.40/net/rds/iw_rdma.c 2011-03-27 14:31:47.000000000 -040= 0 ++++ linux-2.6.32.40/net/rds/iw_rdma.c 2011-05-16 21:46:57.000000000 -040= 0 +@@ -181,6 +181,8 @@ int rds_iw_update_cm_id(struct rds_iw_de + struct rdma_cm_id *pcm_id; + int rc; +=20 ++ pax_track_stack(); ++ + src_addr =3D (struct sockaddr_in *)&cm_id->route.addr.src_addr; + dst_addr =3D (struct sockaddr_in *)&cm_id->route.addr.dst_addr; +=20 diff -urNp linux-2.6.32.40/net/rds/Kconfig linux-2.6.32.40/net/rds/Kconf= ig --- linux-2.6.32.40/net/rds/Kconfig 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.40/net/rds/Kconfig 2011-04-17 15:56:46.000000000 -0400 @@ -66109,7 +68453,7 @@ diff -urNp linux-2.6.32.40/net/rxrpc/af_rxrpc.c l= inux-2.6.32.40/net/rxrpc/af_rxr atomic_t rxrpc_n_skbs; diff -urNp linux-2.6.32.40/net/rxrpc/ar-ack.c linux-2.6.32.40/net/rxrpc/= ar-ack.c --- linux-2.6.32.40/net/rxrpc/ar-ack.c 2011-03-27 14:31:47.000000000 -04= 00 -+++ linux-2.6.32.40/net/rxrpc/ar-ack.c 2011-05-04 17:56:28.000000000 -04= 00 ++++ linux-2.6.32.40/net/rxrpc/ar-ack.c 2011-05-16 21:46:57.000000000 -04= 00 @@ -174,7 +174,7 @@ static void rxrpc_resend(struct rxrpc_ca =20 _enter("{%d,%d,%d,%d},", @@ -66146,7 +68490,16 @@ diff -urNp linux-2.6.32.40/net/rxrpc/ar-ack.c li= nux-2.6.32.40/net/rxrpc/ar-ack.c =20 _proto("Rx ACK %%%u { m=3D%hu f=3D#%u p=3D#%u s=3D%%%u r=3D%s n=3D%u = }", latest, -@@ -1159,7 +1159,7 @@ void rxrpc_process_call(struct work_stru +@@ -840,6 +840,8 @@ void rxrpc_process_call(struct work_stru + u32 abort_code =3D RX_PROTOCOL_ERROR; + u8 *acks =3D NULL; +=20 ++ pax_track_stack(); ++ + //printk("\n--------------------\n"); + _enter("{%d,%s,%lx} [%lu]", + call->debug_id, rxrpc_call_states[call->state], call->events, +@@ -1159,7 +1161,7 @@ void rxrpc_process_call(struct work_stru goto maybe_reschedule; =20 send_ACK_with_skew: @@ -66155,7 +68508,7 @@ diff -urNp linux-2.6.32.40/net/rxrpc/ar-ack.c lin= ux-2.6.32.40/net/rxrpc/ar-ack.c ntohl(ack.serial)); send_ACK: mtu =3D call->conn->trans->peer->if_mtu; -@@ -1171,7 +1171,7 @@ send_ACK: +@@ -1171,7 +1173,7 @@ send_ACK: ackinfo.rxMTU =3D htonl(5692); ackinfo.jumbo_max =3D htonl(4); =20 @@ -66164,7 +68517,7 @@ diff -urNp linux-2.6.32.40/net/rxrpc/ar-ack.c lin= ux-2.6.32.40/net/rxrpc/ar-ack.c _proto("Tx ACK %%%u { m=3D%hu f=3D#%u p=3D#%u s=3D%%%u r=3D%s n=3D%u }= ", ntohl(hdr.serial), ntohs(ack.maxSkew), -@@ -1189,7 +1189,7 @@ send_ACK: +@@ -1189,7 +1191,7 @@ send_ACK: send_message: _debug("send message"); =20 @@ -66353,8 +68706,26 @@ diff -urNp linux-2.6.32.40/net/rxrpc/ar-transpor= t.c linux-2.6.32.40/net/rxrpc/ar switch (peer->srx.transport_type) { diff -urNp linux-2.6.32.40/net/rxrpc/rxkad.c linux-2.6.32.40/net/rxrpc/r= xkad.c --- linux-2.6.32.40/net/rxrpc/rxkad.c 2011-03-27 14:31:47.000000000 -040= 0 -+++ linux-2.6.32.40/net/rxrpc/rxkad.c 2011-05-04 17:56:28.000000000 -040= 0 -@@ -609,7 +609,7 @@ static int rxkad_issue_challenge(struct=20 ++++ linux-2.6.32.40/net/rxrpc/rxkad.c 2011-05-16 21:46:57.000000000 -040= 0 +@@ -210,6 +210,8 @@ static int rxkad_secure_packet_encrypt(c + u16 check; + int nsg; +=20 ++ pax_track_stack(); ++ + sp =3D rxrpc_skb(skb); +=20 + _enter(""); +@@ -337,6 +339,8 @@ static int rxkad_verify_packet_auth(cons + u16 check; + int nsg; +=20 ++ pax_track_stack(); ++ + _enter(""); +=20 + sp =3D rxrpc_skb(skb); +@@ -609,7 +613,7 @@ static int rxkad_issue_challenge(struct=20 =20 len =3D iov[0].iov_len + iov[1].iov_len; =20 @@ -66363,7 +68734,7 @@ diff -urNp linux-2.6.32.40/net/rxrpc/rxkad.c linu= x-2.6.32.40/net/rxrpc/rxkad.c _proto("Tx CHALLENGE %%%u", ntohl(hdr.serial)); =20 ret =3D kernel_sendmsg(conn->trans->local->socket, &msg, iov, 2, len); -@@ -659,7 +659,7 @@ static int rxkad_send_response(struct rx +@@ -659,7 +663,7 @@ static int rxkad_send_response(struct rx =20 len =3D iov[0].iov_len + iov[1].iov_len + iov[2].iov_len; =20 @@ -66416,7 +68787,7 @@ diff -urNp linux-2.6.32.40/net/sctp/socket.c linu= x-2.6.32.40/net/sctp/socket.c if (pp->fastreuse && sk->sk_reuse && diff -urNp linux-2.6.32.40/net/socket.c linux-2.6.32.40/net/socket.c --- linux-2.6.32.40/net/socket.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.40/net/socket.c 2011-04-17 15:56:46.000000000 -0400 ++++ linux-2.6.32.40/net/socket.c 2011-05-16 21:46:57.000000000 -0400 @@ -87,6 +87,7 @@ #include #include @@ -66580,6 +68951,15 @@ diff -urNp linux-2.6.32.40/net/socket.c linux-2.= 6.32.40/net/socket.c err =3D security_socket_connect(sock, (struct sockaddr *)&address, addrlen= ); if (err) +@@ -1882,6 +1955,8 @@ SYSCALL_DEFINE3(sendmsg, int, fd, struct + int err, ctl_len, iov_size, total_len; + int fput_needed; +=20 ++ pax_track_stack(); ++ + err =3D -EFAULT; + if (MSG_CMSG_COMPAT & flags) { + if (get_compat_msghdr(&msg_sys, msg_compat)) diff -urNp linux-2.6.32.40/net/sunrpc/sched.c linux-2.6.32.40/net/sunrpc= /sched.c --- linux-2.6.32.40/net/sunrpc/sched.c 2011-03-27 14:31:47.000000000 -04= 00 +++ linux-2.6.32.40/net/sunrpc/sched.c 2011-04-17 15:56:46.000000000 -04= 00 @@ -67009,6 +69389,27 @@ diff -urNp linux-2.6.32.40/net/xfrm/xfrm_policy.= c linux-2.6.32.40/net/xfrm/xfrm_ xfrm_pols_put(pols, npols); goto restart; } +diff -urNp linux-2.6.32.40/net/xfrm/xfrm_user.c linux-2.6.32.40/net/xfrm= /xfrm_user.c +--- linux-2.6.32.40/net/xfrm/xfrm_user.c 2011-03-27 14:31:47.000000000 -= 0400 ++++ linux-2.6.32.40/net/xfrm/xfrm_user.c 2011-05-16 21:46:57.000000000 -= 0400 +@@ -1169,6 +1169,8 @@ static int copy_to_user_tmpl(struct xfrm + struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; + int i; +=20 ++ pax_track_stack(); ++ + if (xp->xfrm_nr =3D=3D 0) + return 0; +=20 +@@ -1784,6 +1786,8 @@ static int xfrm_do_migrate(struct sk_buf + int err; + int n =3D 0; +=20 ++ pax_track_stack(); ++ + if (attrs[XFRMA_MIGRATE] =3D=3D NULL) + return -EINVAL; +=20 diff -urNp linux-2.6.32.40/samples/kobject/kset-example.c linux-2.6.32.4= 0/samples/kobject/kset-example.c --- linux-2.6.32.40/samples/kobject/kset-example.c 2011-03-27 14:31:47.0= 00000000 -0400 +++ linux-2.6.32.40/samples/kobject/kset-example.c 2011-04-17 15:56:46.0= 00000000 -0400 @@ -68004,6 +70405,30 @@ diff -urNp linux-2.6.32.40/security/selinux/hook= s.c linux-2.6.32.40/security/sel =20 /* Unregister netfilter hooks. */ selinux_nf_ip_exit(); +diff -urNp linux-2.6.32.40/security/selinux/include/xfrm.h linux-2.6.32.= 40/security/selinux/include/xfrm.h +--- linux-2.6.32.40/security/selinux/include/xfrm.h 2011-03-27 14:31:47.= 000000000 -0400 ++++ linux-2.6.32.40/security/selinux/include/xfrm.h 2011-05-18 20:09:37.= 000000000 -0400 +@@ -48,7 +48,7 @@ int selinux_xfrm_decode_session(struct s +=20 + static inline void selinux_xfrm_notify_policyload(void) + { +- atomic_inc(&flow_cache_genid); ++ atomic_inc_unchecked(&flow_cache_genid); + } + #else + static inline int selinux_xfrm_enabled(void) +diff -urNp linux-2.6.32.40/security/selinux/ss/services.c linux-2.6.32.4= 0/security/selinux/ss/services.c +--- linux-2.6.32.40/security/selinux/ss/services.c 2011-03-27 14:31:47.0= 00000000 -0400 ++++ linux-2.6.32.40/security/selinux/ss/services.c 2011-05-16 21:46:57.0= 00000000 -0400 +@@ -1715,6 +1715,8 @@ int security_load_policy(void *data, siz + int rc =3D 0; + struct policy_file file =3D { data, len }, *fp =3D &file; +=20 ++ pax_track_stack(); ++ + if (!ss_initialized) { + avtab_cache_init(); + if (policydb_read(&policydb, fp)) { diff -urNp linux-2.6.32.40/security/smack/smack_lsm.c linux-2.6.32.40/se= curity/smack/smack_lsm.c --- linux-2.6.32.40/security/smack/smack_lsm.c 2011-03-27 14:31:47.00000= 0000 -0400 +++ linux-2.6.32.40/security/smack/smack_lsm.c 2011-04-17 15:56:46.00000= 0000 -0400 diff --git a/2.6.32/4422_grsec-mute-warnings.patch b/2.6.32/4422_grsec-mu= te-warnings.patch index e1915d9..c53f71f 100644 --- a/2.6.32/4422_grsec-mute-warnings.patch +++ b/2.6.32/4422_grsec-mute-warnings.patch @@ -29,14 +29,14 @@ warning flags of vanilla kernel versions. Acked-by: Christian Heim --- =20 ---- a/Makefile 2011-04-27 22:52:14.000000000 -0400 -+++ b/Makefile 2011-04-27 23:01:48.000000000 -0400 +--- a/Makefile 2011-05-20 08:34:33.000000000 -0400 ++++ b/Makefile 2011-05-20 08:43:48.000000000 -0400 @@ -221,7 +221,7 @@ =20 HOSTCC =3D gcc HOSTCXX =3D g++ --HOSTCFLAGS =3D -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno= -empty-body -Wno-missing-field-initializers -Wno-unused-parameter -Wno-mi= ssing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointe= r-checks -+HOSTCFLAGS =3D -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-em= pty-body -Wno-missing-field-initializers -Wno-unused-parameter -Wno-missi= ng-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-c= hecks +-HOSTCFLAGS =3D -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno= -empty-body -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fo= mit-frame-pointer -fno-delete-null-pointer-checks ++HOSTCFLAGS =3D -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-em= pty-body -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit= -frame-pointer -fno-delete-null-pointer-checks HOSTCXXFLAGS =3D -O2 -fno-delete-null-pointer-checks =20 # Decide whether to build built-in, modular, or both. diff --git a/2.6.38/0000_README b/2.6.38/0000_README index fb776db..57b3200 100644 --- a/2.6.38/0000_README +++ b/2.6.38/0000_README @@ -3,7 +3,7 @@ README =20 Individual Patch Descriptions: ------------------------------------------------------------------------= ----- -Patch: 4420_grsecurity-2.2.2-2.6.38.6-201105111839.patch +Patch: 4420_grsecurity-2.2.2-2.6.38.6-201105182052.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity =20 diff --git a/2.6.38/4420_grsecurity-2.2.2-2.6.38.6-201105111839.patch b/2= .6.38/4420_grsecurity-2.2.2-2.6.38.6-201105182052.patch similarity index 94% rename from 2.6.38/4420_grsecurity-2.2.2-2.6.38.6-201105111839.patch rename to 2.6.38/4420_grsecurity-2.2.2-2.6.38.6-201105182052.patch index 20cbc55..707cf4c 100644 --- a/2.6.38/4420_grsecurity-2.2.2-2.6.38.6-201105111839.patch +++ b/2.6.38/4420_grsecurity-2.2.2-2.6.38.6-201105182052.patch @@ -3780,6 +3780,18 @@ diff -urNp linux-2.6.38.6/arch/sparc/include/asm/a= tomic_64.h linux-2.6.38.6/arch } =20 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) +diff -urNp linux-2.6.38.6/arch/sparc/include/asm/cache.h linux-2.6.38.6/= arch/sparc/include/asm/cache.h +--- linux-2.6.38.6/arch/sparc/include/asm/cache.h 2011-03-14 21:20:32.00= 0000000 -0400 ++++ linux-2.6.38.6/arch/sparc/include/asm/cache.h 2011-05-17 19:31:43.00= 0000000 -0400 +@@ -10,7 +10,7 @@ + #define ARCH_SLAB_MINALIGN __alignof__(unsigned long long) +=20 + #define L1_CACHE_SHIFT 5 +-#define L1_CACHE_BYTES 32 ++#define L1_CACHE_BYTES 32U +=20 + #ifdef CONFIG_SPARC32 + #define SMP_CACHE_BYTES_SHIFT 5 diff -urNp linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h linux-2.6= .38.6/arch/sparc/include/asm/dma-mapping.h --- linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h 2011-03-14 21:20= :32.000000000 -0400 +++ linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h 2011-04-28 19:34= :14.000000000 -0400 @@ -4861,6 +4873,18 @@ diff -urNp linux-2.6.38.6/arch/sparc/lib/ksyms.c l= inux-2.6.38.6/arch/sparc/lib/k EXPORT_SYMBOL(atomic64_sub_ret); =20 /* Atomic bit operations. */ +diff -urNp linux-2.6.38.6/arch/sparc/lib/Makefile linux-2.6.38.6/arch/sp= arc/lib/Makefile +--- linux-2.6.38.6/arch/sparc/lib/Makefile 2011-03-14 21:20:32.000000000= -0400 ++++ linux-2.6.38.6/arch/sparc/lib/Makefile 2011-05-17 19:31:43.000000000= -0400 +@@ -2,7 +2,7 @@ + # +=20 + asflags-y :=3D -ansi -DST_DIV0=3D0x02 +-ccflags-y :=3D -Werror ++#ccflags-y :=3D -Werror +=20 + lib-$(CONFIG_SPARC32) +=3D mul.o rem.o sdiv.o udiv.o umul.o urem.o ashr= di3.o + lib-$(CONFIG_SPARC32) +=3D memcpy.o memset.o diff -urNp linux-2.6.38.6/arch/sparc/Makefile linux-2.6.38.6/arch/sparc/= Makefile --- linux-2.6.38.6/arch/sparc/Makefile 2011-03-14 21:20:32.000000000 -04= 00 +++ linux-2.6.38.6/arch/sparc/Makefile 2011-04-28 19:34:14.000000000 -04= 00 @@ -6362,7 +6386,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32_aout.c= linux-2.6.38.6/arch/x86/ia32 has_dumped =3D 1; diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S linux-2.6.38.6/arch/= x86/ia32/ia32entry.S --- linux-2.6.38.6/arch/x86/ia32/ia32entry.S 2011-03-14 21:20:32.0000000= 00 -0400 -+++ linux-2.6.38.6/arch/x86/ia32/ia32entry.S 2011-05-11 18:34:57.0000000= 00 -0400 ++++ linux-2.6.38.6/arch/x86/ia32/ia32entry.S 2011-05-16 21:47:08.0000000= 00 -0400 @@ -13,6 +13,7 @@ #include =09 #include @@ -6371,7 +6395,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S= linux-2.6.38.6/arch/x86/ia32 #include =20 /* Avoid __ASSEMBLER__'ifying just for this. */ -@@ -93,6 +94,28 @@ ENTRY(native_irq_enable_sysexit) +@@ -93,6 +94,26 @@ ENTRY(native_irq_enable_sysexit) ENDPROC(native_irq_enable_sysexit) #endif =20 @@ -6386,21 +6410,19 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry= .S linux-2.6.38.6/arch/x86/ia32 + call pax_exit_kernel_user +#endif +#ifdef CONFIG_PAX_RANDKSTACK -+ push %rax ++ pushq %rax + call pax_randomize_kstack -+ pop %rax ++ popq %rax +#endif +#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+ push %rax + call pax_erase_kstack -+ pop %rax +#endif + .endm + /* * 32bit SYSENTER instruction entry. * -@@ -119,7 +142,7 @@ ENTRY(ia32_sysenter_target) +@@ -119,7 +140,7 @@ ENTRY(ia32_sysenter_target) CFI_REGISTER rsp,rbp SWAPGS_UNSAFE_STACK movq PER_CPU_VAR(kernel_stack), %rsp @@ -6409,7 +6431,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S= linux-2.6.38.6/arch/x86/ia32 /* * No need to follow this irqs on/off section: the syscall * disabled irqs, here we enable it straight after entry: -@@ -135,7 +158,8 @@ ENTRY(ia32_sysenter_target) +@@ -135,7 +156,8 @@ ENTRY(ia32_sysenter_target) pushfq CFI_ADJUST_CFA_OFFSET 8 /*CFI_REL_OFFSET rflags,0*/ @@ -6419,7 +6441,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S= linux-2.6.38.6/arch/x86/ia32 CFI_REGISTER rip,r10 pushq $__USER32_CS CFI_ADJUST_CFA_OFFSET 8 -@@ -150,6 +174,12 @@ ENTRY(ia32_sysenter_target) +@@ -150,6 +172,12 @@ ENTRY(ia32_sysenter_target) SAVE_ARGS 0,0,1 /* no need to do an access_ok check here because rbp has been 32bit zero extended */=20 @@ -6432,7 +6454,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S= linux-2.6.38.6/arch/x86/ia32 1: movl (%rbp),%ebp .section __ex_table,"a" .quad 1b,ia32_badarg -@@ -172,6 +202,7 @@ sysenter_dispatch: +@@ -172,6 +200,7 @@ sysenter_dispatch: testl $_TIF_ALLWORK_MASK,TI_flags(%r10) jnz sysexit_audit sysexit_from_sys_call: @@ -6440,7 +6462,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S= linux-2.6.38.6/arch/x86/ia32 andl $~TS_COMPAT,TI_status(%r10) /* clear IF, that popfq doesn't enable interrupts early */ andl $~0x200,EFLAGS-R11(%rsp)=20 -@@ -283,19 +314,24 @@ ENDPROC(ia32_sysenter_target) +@@ -283,19 +312,24 @@ ENDPROC(ia32_sysenter_target) ENTRY(ia32_cstar_target) CFI_STARTPROC32 simple CFI_SIGNAL_FRAME @@ -6467,7 +6489,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S= linux-2.6.38.6/arch/x86/ia32 movl %eax,%eax /* zero extension */ movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) -@@ -311,6 +347,12 @@ ENTRY(ia32_cstar_target) +@@ -311,6 +345,12 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */=20 /* hardware stack frame is complete now */=09 @@ -6480,7 +6502,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S= linux-2.6.38.6/arch/x86/ia32 1: movl (%r8),%r9d .section __ex_table,"a" .quad 1b,ia32_badarg -@@ -333,6 +375,7 @@ cstar_dispatch: +@@ -333,6 +373,7 @@ cstar_dispatch: testl $_TIF_ALLWORK_MASK,TI_flags(%r10) jnz sysretl_audit sysretl_from_sys_call: @@ -6488,7 +6510,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S= linux-2.6.38.6/arch/x86/ia32 andl $~TS_COMPAT,TI_status(%r10) RESTORE_ARGS 1,-ARG_SKIP,1,1,1 movl RIP-ARGOFFSET(%rsp),%ecx -@@ -415,6 +458,7 @@ ENTRY(ia32_syscall) +@@ -415,6 +456,7 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS @@ -6735,7 +6757,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/atom= ic64_32.h linux-2.6.38.6/arch * @v: pointer to type atomic64_t diff -urNp linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h linux-2.6.3= 8.6/arch/x86/include/asm/atomic64_64.h --- linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h 2011-03-14 21:20:3= 2.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h 2011-04-28 19:34:1= 4.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h 2011-05-16 21:47:0= 8.000000000 -0400 @@ -18,7 +18,19 @@ */ static inline long atomic64_read(const atomic64_t *v) @@ -7010,7 +7032,19 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/ato= mic64_64.h linux-2.6.38.6/arch #define atomic64_dec_return(v) (atomic64_sub_return(1, (v))) =20 static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new) -@@ -206,17 +380,30 @@ static inline long atomic64_xchg(atomic6 +@@ -190,6 +364,11 @@ static inline long atomic64_cmpxchg(atom + return cmpxchg(&v->counter, old, new); + } +=20 ++static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, = long old, long new) ++{ ++ return cmpxchg(&v->counter, old, new); ++} ++ + static inline long atomic64_xchg(atomic64_t *v, long new) + { + return xchg(&v->counter, new); +@@ -206,17 +385,30 @@ static inline long atomic64_xchg(atomic6 */ static inline int atomic64_add_unless(atomic64_t *v, long a, long u) { @@ -9689,7 +9723,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/syst= em.h linux-2.6.38.6/arch/x86/ void default_idle(void); diff -urNp linux-2.6.38.6/arch/x86/include/asm/thread_info.h linux-2.6.3= 8.6/arch/x86/include/asm/thread_info.h --- linux-2.6.38.6/arch/x86/include/asm/thread_info.h 2011-03-14 21:20:3= 2.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/include/asm/thread_info.h 2011-04-30 19:58:4= 8.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/include/asm/thread_info.h 2011-05-17 19:31:4= 3.000000000 -0400 @@ -10,6 +10,7 @@ #include #include @@ -9706,7 +9740,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/thre= ad_info.h linux-2.6.38.6/arch struct exec_domain *exec_domain; /* execution domain */ __u32 flags; /* low level flags */ __u32 status; /* thread synchronous flags */ -@@ -34,18 +34,11 @@ struct thread_info { +@@ -34,18 +34,12 @@ struct thread_info { mm_segment_t addr_limit; struct restart_block restart_block; void __user *sysenter_return; @@ -9716,6 +9750,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/thre= ad_info.h linux-2.6.38.6/arch - */ - __u8 supervisor_stack[0]; -#endif ++ unsigned long lowest_stack; int uaccess_err; }; =20 @@ -9726,7 +9761,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/thre= ad_info.h linux-2.6.38.6/arch .exec_domain =3D &default_exec_domain, \ .flags =3D 0, \ .cpu =3D 0, \ -@@ -56,7 +49,7 @@ struct thread_info { +@@ -56,7 +50,7 @@ struct thread_info { }, \ } =20 @@ -9735,7 +9770,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/thre= ad_info.h linux-2.6.38.6/arch #define init_stack (init_thread_union.stack) =20 #else /* !__ASSEMBLY__ */ -@@ -164,6 +157,23 @@ struct thread_info { +@@ -164,6 +158,23 @@ struct thread_info { #define alloc_thread_info(tsk) \ ((struct thread_info *)__get_free_pages(THREAD_FLAGS, THREAD_ORDER)) =20 @@ -9759,7 +9794,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/thre= ad_info.h linux-2.6.38.6/arch #ifdef CONFIG_X86_32 =20 #define STACK_WARN (THREAD_SIZE/8) -@@ -174,35 +184,13 @@ struct thread_info { +@@ -174,35 +185,13 @@ struct thread_info { */ #ifndef __ASSEMBLY__ =20 @@ -9795,7 +9830,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/thre= ad_info.h linux-2.6.38.6/arch /* * macros/functions for gaining access to the thread information struct= ure * preempt_count needs to be 1 initially, until the scheduler is functi= onal. -@@ -210,21 +198,6 @@ static inline struct thread_info *curren +@@ -210,21 +199,8 @@ static inline struct thread_info *curren #ifndef __ASSEMBLY__ DECLARE_PER_CPU(unsigned long, kernel_stack); =20 @@ -9814,10 +9849,12 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/th= read_info.h linux-2.6.38.6/arch - movq PER_CPU_VAR(kernel_stack),reg ; \ - subq $(THREAD_SIZE-KERNEL_STACK_OFFSET),reg - ++/* how to get the current stack pointer from C */ ++register unsigned long current_stack_pointer asm("rsp") __used; #endif =20 #endif /* !X86_32 */ -@@ -260,5 +233,16 @@ extern void arch_task_cache_init(void); +@@ -260,5 +236,16 @@ extern void arch_task_cache_init(void); extern void free_thread_info(struct thread_info *ti); extern int arch_dup_task_struct(struct task_struct *dst, struct task_st= ruct *src); #define arch_task_cache_init arch_task_cache_init @@ -9836,18 +9873,20 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/th= read_info.h linux-2.6.38.6/arch #endif /* _ASM_X86_THREAD_INFO_H */ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h linux-2.6.38= .6/arch/x86/include/asm/uaccess_32.h --- linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h 2011-03-14 21:20:32= .000000000 -0400 -+++ linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h 2011-04-28 19:34:14= .000000000 -0400 -@@ -44,6 +44,9 @@ unsigned long __must_check __copy_from_u ++++ linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h 2011-05-16 21:47:08= .000000000 -0400 +@@ -44,6 +44,11 @@ unsigned long __must_check __copy_from_u static __always_inline unsigned long __must_check __copy_to_user_inatomic(void __user *to, const void *from, unsigned lon= g n) { ++ pax_track_stack(); ++ + if ((long)n < 0) + return n; + if (__builtin_constant_p(n)) { unsigned long ret; =20 -@@ -62,6 +65,8 @@ __copy_to_user_inatomic(void __user *to, +@@ -62,6 +67,8 @@ __copy_to_user_inatomic(void __user *to, return ret; } } @@ -9856,7 +9895,14 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uac= cess_32.h linux-2.6.38.6/arch/ return __copy_to_user_ll(to, from, n); } =20 -@@ -89,6 +94,9 @@ __copy_to_user(void __user *to, const vo +@@ -83,12 +90,16 @@ static __always_inline unsigned long __m + __copy_to_user(void __user *to, const void *from, unsigned long n) + { + might_fault(); ++ + return __copy_to_user_inatomic(to, from, n); + } +=20 static __always_inline unsigned long __copy_from_user_inatomic(void *to, const void __user *from, unsigned l= ong n) { @@ -9866,18 +9912,20 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/ua= ccess_32.h linux-2.6.38.6/arch/ /* Avoid zeroing the tail if the copy fails.. * If 'n' is constant and 1, 2, or 4, we do still zero on a failure, * but as the zeroing behaviour is only significant when n is not -@@ -138,6 +146,10 @@ static __always_inline unsigned long +@@ -138,6 +149,12 @@ static __always_inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) { might_fault(); + ++ pax_track_stack(); ++ + if ((long)n < 0) + return n; + if (__builtin_constant_p(n)) { unsigned long ret; =20 -@@ -153,6 +165,8 @@ __copy_from_user(void *to, const void __ +@@ -153,6 +170,8 @@ __copy_from_user(void *to, const void __ return ret; } } @@ -9886,7 +9934,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uacc= ess_32.h linux-2.6.38.6/arch/ return __copy_from_user_ll(to, from, n); } =20 -@@ -160,6 +174,10 @@ static __always_inline unsigned long __c +@@ -160,6 +179,10 @@ static __always_inline unsigned long __c const void __user *from, unsigned long n) { might_fault(); @@ -9897,7 +9945,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uacc= ess_32.h linux-2.6.38.6/arch/ if (__builtin_constant_p(n)) { unsigned long ret; =20 -@@ -182,15 +200,19 @@ static __always_inline unsigned long +@@ -182,15 +205,19 @@ static __always_inline unsigned long __copy_from_user_inatomic_nocache(void *to, const void __user *from, unsigned long n) { @@ -9924,7 +9972,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uacc= ess_32.h linux-2.6.38.6/arch/ =20 extern void copy_from_user_overflow(void) #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS -@@ -200,17 +222,61 @@ extern void copy_from_user_overflow(void +@@ -200,17 +227,61 @@ extern void copy_from_user_overflow(void #endif ; =20 @@ -9995,7 +10043,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uac= cess_32.h linux-2.6.38.6/arch/ =20 diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h linux-2.6.38= .6/arch/x86/include/asm/uaccess_64.h --- linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h 2011-03-14 21:20:32= .000000000 -0400 -+++ linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h 2011-04-28 19:57:25= .000000000 -0400 ++++ linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h 2011-05-16 21:47:08= .000000000 -0400 @@ -11,6 +11,9 @@ #include #include @@ -10046,7 +10094,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/ua= ccess_64.h linux-2.6.38.6/arch/ return n; } =20 -@@ -65,110 +68,194 @@ int copy_to_user(void __user *dst, const +@@ -65,110 +68,198 @@ int copy_to_user(void __user *dst, const { might_fault(); =20 @@ -10068,6 +10116,8 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/ua= ccess_64.h linux-2.6.38.6/arch/ - if (!__builtin_constant_p(size)) - return copy_user_generic(dst, (__force void *)src, size); + ++ pax_track_stack(); ++ + if ((int)size < 0) + return size; + @@ -10155,6 +10205,8 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/ua= ccess_64.h linux-2.6.38.6/arch/ might_fault(); - if (!__builtin_constant_p(size)) + ++ pax_track_stack(); ++ + if ((int)size < 0) + return size; + @@ -10271,7 +10323,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/ua= ccess_64.h linux-2.6.38.6/arch/ ret, "b", "b", "=3Dq", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -177,7 +264,7 @@ int __copy_in_user(void __user *dst, con +@@ -177,7 +268,7 @@ int __copy_in_user(void __user *dst, con } case 2: { u16 tmp; @@ -10280,7 +10332,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/ua= ccess_64.h linux-2.6.38.6/arch/ ret, "w", "w", "=3Dr", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -187,7 +274,7 @@ int __copy_in_user(void __user *dst, con +@@ -187,7 +278,7 @@ int __copy_in_user(void __user *dst, con =20 case 4: { u32 tmp; @@ -10289,7 +10341,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/ua= ccess_64.h linux-2.6.38.6/arch/ ret, "l", "k", "=3Dr", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -196,7 +283,7 @@ int __copy_in_user(void __user *dst, con +@@ -196,7 +287,7 @@ int __copy_in_user(void __user *dst, con } case 8: { u64 tmp; @@ -10298,7 +10350,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/ua= ccess_64.h linux-2.6.38.6/arch/ ret, "q", "", "=3Dr", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -204,8 +291,16 @@ int __copy_in_user(void __user *dst, con +@@ -204,8 +295,16 @@ int __copy_in_user(void __user *dst, con return ret; } default: @@ -10316,10 +10368,12 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/= uaccess_64.h linux-2.6.38.6/arch/ } } =20 -@@ -222,33 +317,70 @@ __must_check unsigned long __clear_user( +@@ -222,33 +321,72 @@ __must_check unsigned long __clear_user( static __must_check __always_inline int __copy_from_user_inatomic(void *dst, const void __user *src, unsigned s= ize) { ++ pax_track_stack(); ++ + if ((int)size < 0) + return size; + @@ -10995,7 +11049,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/amd_iom= mu.c linux-2.6.38.6/arch/x86/ke .map_page =3D map_page, diff -urNp linux-2.6.38.6/arch/x86/kernel/apic/apic.c linux-2.6.38.6/arc= h/x86/kernel/apic/apic.c --- linux-2.6.38.6/arch/x86/kernel/apic/apic.c 2011-03-14 21:20:32.00000= 0000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/apic/apic.c 2011-04-28 19:57:25.00000= 0000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/apic/apic.c 2011-05-16 21:47:08.00000= 0000 -0400 @@ -1819,7 +1819,7 @@ void smp_error_interrupt(struct pt_regs=20 apic_write(APIC_ESR, 0); v1 =3D apic_read(APIC_ESR); @@ -11005,6 +11059,15 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/apic/a= pic.c linux-2.6.38.6/arch/x86/ke =20 /* * Here is what the APIC error bits mean: +@@ -2209,6 +2209,8 @@ static int __cpuinit apic_cluster_num(vo + u16 *bios_cpu_apicid; + DECLARE_BITMAP(clustermap, NUM_APIC_CLUSTERS); +=20 ++ pax_track_stack(); ++ + bios_cpu_apicid =3D early_per_cpu_ptr(x86_bios_cpu_apicid); + bitmap_zero(clustermap, NUM_APIC_CLUSTERS); +=20 diff -urNp linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c linux-2.6.38.6/= arch/x86/kernel/apic/io_apic.c --- linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c 2011-03-14 21:20:32.00= 0000000 -0400 +++ linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c 2011-04-28 19:57:25.00= 0000000 -0400 @@ -11147,7 +11210,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/apm_32.= c linux-2.6.38.6/arch/x86/kerne =20 diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c linux-2.6.38.= 6/arch/x86/kernel/asm-offsets_32.c --- linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c 2011-03-14 21:20:32.= 000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c 2011-04-28 19:34:14.= 000000000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c 2011-05-16 21:47:08.= 000000000 -0400 @@ -51,7 +51,6 @@ void foo(void) OFFSET(CPUINFO_x86_vendor_id, cpuinfo_x86, x86_vendor_id); BLANK(); @@ -11156,7 +11219,16 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-of= fsets_32.c linux-2.6.38.6/arch/x OFFSET(TI_exec_domain, thread_info, exec_domain); OFFSET(TI_flags, thread_info, flags); OFFSET(TI_status, thread_info, status); -@@ -113,6 +112,11 @@ void foo(void) +@@ -60,6 +59,8 @@ void foo(void) + OFFSET(TI_restart_block, thread_info, restart_block); + OFFSET(TI_sysenter_return, thread_info, sysenter_return); + OFFSET(TI_cpu, thread_info, cpu); ++ OFFSET(TI_lowest_stack, thread_info, lowest_stack); ++ DEFINE(TI_task_thread_sp0, offsetof(struct task_struct, thread.sp0) - = offsetof(struct task_struct, tinfo)); + BLANK(); +=20 + OFFSET(GDS_size, desc_ptr, size); +@@ -113,6 +114,11 @@ void foo(void) OFFSET(PV_CPU_iret, pv_cpu_ops, iret); OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit); OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0); @@ -11170,8 +11242,17 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-of= fsets_32.c linux-2.6.38.6/arch/x #ifdef CONFIG_XEN diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c linux-2.6.38.= 6/arch/x86/kernel/asm-offsets_64.c --- linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c 2011-03-14 21:20:32.= 000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c 2011-04-30 11:45:06.= 000000000 -0400 -@@ -63,6 +63,18 @@ int main(void) ++++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c 2011-05-16 21:47:08.= 000000000 -0400 +@@ -44,6 +44,8 @@ int main(void) + ENTRY(addr_limit); + ENTRY(preempt_count); + ENTRY(status); ++ ENTRY(lowest_stack); ++ DEFINE(TI_task_thread_sp0, offsetof(struct task_struct, thread.sp0) - = offsetof(struct task_struct, tinfo)); + #ifdef CONFIG_IA32_EMULATION + ENTRY(sysenter_return); + #endif +@@ -63,6 +65,18 @@ int main(void) OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit); OFFSET(PV_CPU_swapgs, pv_cpu_ops, swapgs); OFFSET(PV_MMU_read_cr2, pv_mmu_ops, read_cr2); @@ -11190,7 +11271,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-off= sets_64.c linux-2.6.38.6/arch/x #endif =20 =20 -@@ -115,6 +127,7 @@ int main(void) +@@ -115,6 +129,7 @@ int main(void) ENTRY(cr8); BLANK(); #undef ENTRY @@ -11198,7 +11279,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-off= sets_64.c linux-2.6.38.6/arch/x DEFINE(TSS_ist, offsetof(struct tss_struct, x86_tss.ist)); BLANK(); DEFINE(crypto_tfm_ctx_offset, offsetof(struct crypto_tfm, __crt_ctx)); -@@ -130,6 +143,7 @@ int main(void) +@@ -130,6 +145,7 @@ int main(void) =20 BLANK(); DEFINE(PAGE_SIZE_asm, PAGE_SIZE); @@ -11550,8 +11631,17 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/cpu/mt= rr/mtrr.h linux-2.6.38.6/arch/x8 extern int generic_get_free_region(unsigned long base, unsigned long si= ze, diff -urNp linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c linux-2.6.38.= 6/arch/x86/kernel/cpu/perf_event.c --- linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c 2011-03-14 21:20:32.= 000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c 2011-04-28 19:34:14.= 000000000 -0400 -@@ -1781,7 +1781,7 @@ perf_callchain_user(struct perf_callchai ++++ linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c 2011-05-16 21:47:08.= 000000000 -0400 +@@ -674,6 +674,8 @@ static int x86_schedule_events(struct cp + int i, j, w, wmax, num =3D 0; + struct hw_perf_event *hwc; +=20 ++ pax_track_stack(); ++ + bitmap_zero(used_mask, X86_PMC_IDX_MAX); +=20 + for (i =3D 0; i < n; i++) { +@@ -1781,7 +1783,7 @@ perf_callchain_user(struct perf_callchai break; =20 perf_callchain_store(entry, frame.return_address); @@ -11882,10 +11972,30 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/dumps= tack.c linux-2.6.38.6/arch/x86/ke report_bug(regs->ip, regs); =20 if (__die(str, regs, err)) +diff -urNp linux-2.6.38.6/arch/x86/kernel/early_printk.c linux-2.6.38.6/= arch/x86/kernel/early_printk.c +--- linux-2.6.38.6/arch/x86/kernel/early_printk.c 2011-03-14 21:20:32.00= 0000000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/early_printk.c 2011-05-16 21:47:08.00= 0000000 -0400 +@@ -7,6 +7,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -179,6 +180,8 @@ asmlinkage void early_printk(const char=20 + int n; + va_list ap; +=20 ++ pax_track_stack(); ++ + va_start(ap, fmt); + n =3D vscnprintf(buf, sizeof(buf), fmt, ap); + early_console->write(early_console, buf, n); diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch= /x86/kernel/entry_32.S --- linux-2.6.38.6/arch/x86/kernel/entry_32.S 2011-04-18 17:27:16.000000= 000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/entry_32.S 2011-05-10 21:13:12.000000= 000 -0400 -@@ -183,13 +183,139 @@ ++++ linux-2.6.38.6/arch/x86/kernel/entry_32.S 2011-05-18 20:23:44.000000= 000 -0400 +@@ -183,13 +183,146 @@ /*CFI_REL_OFFSET gs, PT_GS*/ .endm .macro SET_KERNEL_GS reg @@ -11919,7 +12029,8 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker +#ifdef CONFIG_PAX_KERNEXEC +ENTRY(pax_enter_kernel) +#ifdef CONFIG_PARAVIRT -+ push %eax; push %ecx ++ pushl %eax ++ pushl %ecx + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0) + mov %eax, %esi +#else @@ -11941,14 +12052,16 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry= _32.S linux-2.6.38.6/arch/x86/ker +#endif +3: +#ifdef CONFIG_PARAVIRT -+ pop %ecx; pop %eax ++ popl %ecx ++ popl %eax +#endif + ret +ENDPROC(pax_enter_kernel) + +ENTRY(pax_exit_kernel) +#ifdef CONFIG_PARAVIRT -+ push %eax; push %ecx ++ pushl %eax ++ pushl %ecx +#endif + mov %cs, %esi + cmp $__KERNEXEC_KERNEL_CS, %esi @@ -11970,7 +12083,8 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker +#endif +2: +#ifdef CONFIG_PARAVIRT -+ pop %ecx; pop %eax ++ popl %ecx ++ popl %eax +#endif + ret +ENDPROC(pax_exit_kernel) @@ -11983,41 +12097,44 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry= _32.S linux-2.6.38.6/arch/x86/ker +.endm + +#ifdef CONFIG_PAX_MEMORY_STACKLEAK ++/* ++ * ebp: thread_info ++ * ecx, edx: can be clobbered ++ */ +ENTRY(pax_erase_kstack) -+ push %edi ++ pushl %edi ++ pushl %eax + -+ lea -64(%esp), %edi -+ and $-64, %edi ++ mov TI_lowest_stack(%ebp), %edi + mov $-0xBEEF, %eax + std -+1: -+ mov %edi, %ecx ++ ++1: mov %edi, %ecx + and $THREAD_SIZE_asm - 1, %ecx + shr $2, %ecx + repne scasl + jecxz 2f + -+ and $-64, %edi -+ and $-16, %ecx -+ -+ sub $128, %ecx ++ cmp $2*16, %ecx + jc 2f -+ mov $16, %ecx -+ repe scasl -+ jne 1b -+ sub $(512 - 64), %edi -+ mov $16, %ecx ++ ++ mov $2*16, %ecx + repe scasl + jecxz 2f + jne 1b -+2: -+ cld ++ ++2: cld + mov %esp, %ecx + sub %edi, %ecx + shr $2, %ecx + rep stosl + -+ pop %edi ++ mov TI_task_thread_sp0(%ebp), %edi ++ sub $128, %edi ++ mov %edi, TI_lowest_stack(%ebp) ++ ++ popl %eax ++ popl %edi + ret +ENDPROC(pax_erase_kstack) +#endif @@ -12026,7 +12143,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker cld PUSH_GS pushl_cfi %fs -@@ -212,7 +338,7 @@ +@@ -212,7 +345,7 @@ CFI_REL_OFFSET ecx, 0 pushl_cfi %ebx CFI_REL_OFFSET ebx, 0 @@ -12035,7 +12152,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker movl %edx, %ds movl %edx, %es movl $(__KERNEL_PERCPU), %edx -@@ -220,6 +346,15 @@ +@@ -220,6 +353,15 @@ SET_KERNEL_GS %edx .endm =20 @@ -12051,7 +12168,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker .macro RESTORE_INT_REGS popl_cfi %ebx CFI_RESTORE ebx -@@ -330,7 +465,15 @@ check_userspace: +@@ -330,7 +472,15 @@ check_userspace: movb PT_CS(%esp), %al andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax cmpl $USER_RPL, %eax @@ -12067,7 +12184,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker =20 ENTRY(resume_userspace) LOCKDEP_SYS_EXIT -@@ -392,23 +535,34 @@ sysenter_past_esp: +@@ -392,23 +542,34 @@ sysenter_past_esp: /*CFI_REL_OFFSET cs, 0*/ /* * Push current_thread_info()->sysenter_return to the stack. @@ -12105,7 +12222,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker movl %ebp,PT_EBP(%esp) .section __ex_table,"a" .align 4 -@@ -431,12 +585,27 @@ sysenter_do_call: +@@ -431,12 +592,23 @@ sysenter_do_call: testl $_TIF_ALLWORK_MASK, %ecx jne sysexit_audit sysenter_exit: @@ -12116,11 +12233,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_= 32.S linux-2.6.38.6/arch/x86/ker + popl_cfi %eax +#endif + -+#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+ pushl_cfi %eax -+ call pax_erase_kstack -+ popl_cfi %eax -+#endif ++ pax_erase_kstack + /* if something modifies registers it must also disable sysexit */ movl PT_EIP(%esp), %edx @@ -12133,7 +12246,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker PTGS_TO_GS ENABLE_INTERRUPTS_SYSEXIT =20 -@@ -479,11 +648,17 @@ sysexit_audit: +@@ -479,11 +651,17 @@ sysexit_audit: =20 CFI_ENDPROC .pushsection .fixup,"ax" @@ -12153,7 +12266,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker .popsection PTGS_TO_GS_EX ENDPROC(ia32_sysenter_target) -@@ -516,6 +691,14 @@ syscall_exit: +@@ -516,6 +694,12 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work =20 @@ -12161,14 +12274,12 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry= _32.S linux-2.6.38.6/arch/x86/ker + call pax_randomize_kstack +#endif + -+#ifdef CONFIG_PAX_MEMORY_STACKLEAK + pax_erase_kstack -+#endif + restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -575,14 +758,21 @@ ldt_ss: +@@ -575,14 +759,21 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -12193,7 +12304,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -617,23 +807,17 @@ work_resched: +@@ -617,23 +808,17 @@ work_resched: =20 work_notifysig: # deal with pending signals and # notify-resume requests @@ -12220,7 +12331,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker #endif xorl %edx, %edx call do_notify_resume -@@ -668,6 +852,10 @@ END(syscall_exit_work) +@@ -668,6 +853,10 @@ END(syscall_exit_work) =20 RING0_INT_FRAME # can't unwind into user space anyway syscall_fault: @@ -12231,7 +12342,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker GET_THREAD_INFO(%ebp) movl $-EFAULT,PT_EAX(%esp) jmp resume_userspace -@@ -750,6 +938,36 @@ ptregs_clone: +@@ -750,6 +939,36 @@ ptregs_clone: CFI_ENDPROC ENDPROC(ptregs_clone) =20 @@ -12268,7 +12379,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker .macro FIXUP_ESPFIX_STACK /* * Switch back for ESPFIX stack to the normal zerobased stack -@@ -759,8 +977,15 @@ ENDPROC(ptregs_clone) +@@ -759,8 +978,15 @@ ENDPROC(ptregs_clone) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -12286,7 +12397,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -1211,7 +1436,6 @@ return_to_handler: +@@ -1211,7 +1437,6 @@ return_to_handler: jmp *%ecx #endif =20 @@ -12294,7 +12405,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker #include "syscall_table_32.S" =20 syscall_table_size=3D(.-sys_call_table) -@@ -1257,9 +1481,12 @@ error_code: +@@ -1257,9 +1482,12 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -12308,7 +12419,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker TRACE_IRQS_OFF movl %esp,%eax # pt_regs pointer call *%edi -@@ -1344,6 +1571,9 @@ nmi_stack_correct: +@@ -1344,6 +1572,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -12318,7 +12429,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker jmp restore_all_notrace CFI_ENDPROC =20 -@@ -1380,6 +1610,9 @@ nmi_espfix_stack: +@@ -1380,6 +1611,9 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax =3D=3D %esp xorl %edx,%edx # zero error code call do_nmi @@ -12330,7 +12441,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_3= 2.S linux-2.6.38.6/arch/x86/ker CFI_ADJUST_CFA_OFFSET -24 diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch= /x86/kernel/entry_64.S --- linux-2.6.38.6/arch/x86/kernel/entry_64.S 2011-04-18 17:27:13.000000= 000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/entry_64.S 2011-05-10 21:12:16.000000= 000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/entry_64.S 2011-05-18 20:23:44.000000= 000 -0400 @@ -53,6 +53,7 @@ #include #include @@ -12339,7 +12450,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker =20 /* Avoid __ASSEMBLER__'ifying just for this. */ #include -@@ -174,6 +175,251 @@ ENTRY(native_usergs_sysret64) +@@ -174,6 +175,253 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ =20 @@ -12351,8 +12462,8 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker + 1234: .quad \off; .word \sel + .popsection +#else -+ push $\sel -+ push $\off ++ pushq $\sel ++ pushq $\off + lretq +#endif + .endm @@ -12371,7 +12482,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker + +#ifdef CONFIG_PAX_KERNEXEC +ENTRY(pax_enter_kernel) -+ push %rdi ++ pushq %rdi + +#ifdef CONFIG_PARAVIRT + PV_SAVE_REGS(CLBR_RDI) @@ -12392,12 +12503,12 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry= _64.S linux-2.6.38.6/arch/x86/ker + PV_RESTORE_REGS(CLBR_RDI) +#endif + -+ pop %rdi ++ popq %rdi + retq +ENDPROC(pax_enter_kernel) + +ENTRY(pax_exit_kernel) -+ push %rdi ++ pushq %rdi + +#ifdef CONFIG_PARAVIRT + PV_SAVE_REGS(CLBR_RDI) @@ -12416,7 +12527,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker + PV_RESTORE_REGS(CLBR_RDI); +#endif + -+ pop %rdi ++ popq %rdi + retq +ENDPROC(pax_exit_kernel) +#endif @@ -12437,56 +12548,14 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry= _64.S linux-2.6.38.6/arch/x86/ker + pop %rax +#endif +#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+ push %rax + call pax_erase_kstack -+ pop %rax +#endif + .endm + -+#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+ENTRY(pax_erase_kstack) -+ push %rdi -+ -+ lea -128(%rsp), %rdi -+ and $-64, %rdi -+ mov $-0xBEEF, %rax -+ std -+1: -+ mov %edi, %ecx -+ and $THREAD_SIZE_asm - 1, %ecx -+ shr $3, %ecx -+ repne scasq -+ jecxz 2f -+ -+ and $-64, %rdi -+ and $-8, %ecx -+ -+ sub $64, %ecx -+ jc 2f -+ mov $8, %ecx -+ repe scasq -+ jne 1b -+ sub $(512 - 64), %rdi -+ mov $8, %ecx -+ repe scasq -+ jecxz 2f -+ jne 1b -+2: -+ cld -+ mov %esp, %ecx -+ sub %edi, %ecx -+ shr $3, %ecx -+ rep stosq -+ -+ pop %rdi -+ ret -+ENDPROC(pax_erase_kstack) -+#endif -+ +#ifdef CONFIG_PAX_MEMORY_UDEREF +ENTRY(pax_enter_kernel_user) -+ push %rdi -+ push %rbx ++ pushq %rdi ++ pushq %rbx + +#ifdef CONFIG_PARAVIRT + PV_SAVE_REGS(CLBR_RDI) @@ -12498,7 +12567,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker + sub phys_base(%rip),%rbx + +#ifdef CONFIG_PARAVIRT -+ push %rdi ++ pushq %rdi + cmpl $0, pv_info+PARAVIRT_enabled + jz 1f + i =3D 0 @@ -12520,7 +12589,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker + .endr + +#ifdef CONFIG_PARAVIRT -+2: pop %rdi ++2: popq %rdi +#endif + SET_RDI_INTO_CR3 + @@ -12534,8 +12603,8 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker + PV_RESTORE_REGS(CLBR_RDI) +#endif + -+ pop %rbx -+ pop %rdi ++ popq %rbx ++ popq %rdi + retq +ENDPROC(pax_enter_kernel_user) + @@ -12543,7 +12612,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker + push %rdi + +#ifdef CONFIG_PARAVIRT -+ push %rbx ++ pushq %rbx + PV_SAVE_REGS(CLBR_RDI) +#endif + @@ -12581,17 +12650,61 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry= _64.S linux-2.6.38.6/arch/x86/ker + +#ifdef CONFIG_PARAVIRT +2: PV_RESTORE_REGS(CLBR_RDI) -+ pop %rbx ++ popq %rbx +#endif + -+ pop %rdi ++ popq %rdi + retq +ENDPROC(pax_exit_kernel_user) +#endif ++ ++#ifdef CONFIG_PAX_MEMORY_STACKLEAK ++/* ++ * r10: thread_info ++ * rcx, rdx: can be clobbered ++ */ ++ENTRY(pax_erase_kstack) ++ pushq %rdi ++ pushq %rax ++ ++ GET_THREAD_INFO(%r10) ++ mov TI_lowest_stack(%r10), %rdi ++ mov $-0xBEEF, %rax ++ std ++ ++1: mov %edi, %ecx ++ and $THREAD_SIZE_asm - 1, %ecx ++ shr $3, %ecx ++ repne scasq ++ jecxz 2f ++ ++ cmp $2*8, %ecx ++ jc 2f ++ ++ mov $2*8, %ecx ++ repe scasq ++ jecxz 2f ++ jne 1b ++ ++2: cld ++ mov %esp, %ecx ++ sub %edi, %ecx ++ shr $3, %ecx ++ rep stosq ++ ++ mov TI_task_thread_sp0(%r10), %rdi ++ sub $256, %rdi ++ mov %rdi, TI_lowest_stack(%r10) ++ ++ popq %rax ++ popq %rdi ++ ret ++ENDPROC(pax_erase_kstack) ++#endif =20 .macro TRACE_IRQS_IRETQ offset=3DARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -316,7 +562,7 @@ ENTRY(save_args) +@@ -316,7 +564,7 @@ ENTRY(save_args) leaq -RBP+8(%rsp),%rdi /* arg1 for handler */ movq_cfi rbp, 8 /* push %rbp */ leaq 8(%rsp), %rbp /* mov %rsp, %ebp */ @@ -12600,7 +12713,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker je 1f SWAPGS /* -@@ -407,7 +653,7 @@ ENTRY(ret_from_fork) +@@ -407,7 +655,7 @@ ENTRY(ret_from_fork) =20 RESTORE_REST =20 @@ -12609,7 +12722,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker je int_ret_from_sys_call =20 testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -453,7 +699,7 @@ END(ret_from_fork) +@@ -453,7 +701,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -12618,7 +12731,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -466,12 +712,13 @@ ENTRY(system_call_after_swapgs) +@@ -466,12 +714,13 @@ ENTRY(system_call_after_swapgs) =20 movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -12633,7 +12746,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) CFI_REL_OFFSET rip,RIP-ARGOFFSET -@@ -500,6 +747,7 @@ sysret_check: +@@ -500,6 +749,7 @@ sysret_check: andl %edi,%edx jnz sysret_careful CFI_REMEMBER_STATE @@ -12641,7 +12754,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker /* * sysretq will re-enable interrupts: */ -@@ -609,7 +857,7 @@ tracesys: +@@ -609,7 +859,7 @@ tracesys: GLOBAL(int_ret_from_sys_call) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -12650,7 +12763,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker je retint_restore_args movl $_TIF_ALLWORK_MASK,%edi /* edi: mask to check */ -@@ -791,6 +1039,16 @@ END(interrupt) +@@ -791,6 +1041,16 @@ END(interrupt) CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP call save_args PARTIAL_FRAME 0 @@ -12667,7 +12780,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker call \func .endm =20 -@@ -823,7 +1081,7 @@ ret_from_intr: +@@ -823,7 +1083,7 @@ ret_from_intr: CFI_ADJUST_CFA_OFFSET -8 exit_intr: GET_THREAD_INFO(%rcx) @@ -12676,7 +12789,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker je retint_kernel =20 /* Interrupt came from user space */ -@@ -845,12 +1103,14 @@ retint_swapgs: /* return to user-space=20 +@@ -845,12 +1105,14 @@ retint_swapgs: /* return to user-space=20 * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -12691,7 +12804,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker /* * The iretq could re-enable interrupts: */ -@@ -1022,6 +1282,16 @@ ENTRY(\sym) +@@ -1022,6 +1284,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -12708,7 +12821,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ call \do_sym -@@ -1039,6 +1309,16 @@ ENTRY(\sym) +@@ -1039,6 +1311,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -12725,7 +12838,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ call \do_sym -@@ -1047,7 +1327,7 @@ ENTRY(\sym) +@@ -1047,7 +1329,7 @@ ENTRY(\sym) END(\sym) .endm =20 @@ -12734,7 +12847,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1057,8 +1337,24 @@ ENTRY(\sym) +@@ -1057,8 +1339,24 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -12759,7 +12872,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker subq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist) call \do_sym addq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist) -@@ -1075,6 +1371,16 @@ ENTRY(\sym) +@@ -1075,6 +1373,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -12776,7 +12889,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker movq %rsp,%rdi /* pt_regs pointer */ movq ORIG_RAX(%rsp),%rsi /* get error code */ movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ -@@ -1094,6 +1400,16 @@ ENTRY(\sym) +@@ -1094,6 +1402,16 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -12793,7 +12906,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker movq %rsp,%rdi /* pt_regs pointer */ movq ORIG_RAX(%rsp),%rsi /* get error code */ movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ -@@ -1356,14 +1672,27 @@ ENTRY(paranoid_exit) +@@ -1356,14 +1674,27 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -12822,7 +12935,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker TRACE_IRQS_IRETQ 0 RESTORE_ALL 8 jmp irq_return -@@ -1421,7 +1750,7 @@ ENTRY(error_entry) +@@ -1421,7 +1752,7 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -12831,7 +12944,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker je error_kernelspace error_swapgs: SWAPGS -@@ -1485,6 +1814,16 @@ ENTRY(nmi) +@@ -1485,6 +1816,16 @@ ENTRY(nmi) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid DEFAULT_FRAME 0 @@ -12848,7 +12961,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_6= 4.S linux-2.6.38.6/arch/x86/ker /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1495,11 +1834,25 @@ ENTRY(nmi) +@@ -1495,11 +1836,25 @@ ENTRY(nmi) DISABLE_INTERRUPTS(CLBR_NONE) testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore @@ -14444,7 +14557,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/module.= c linux-2.6.38.6/arch/x86/kerne goto overflow; diff -urNp linux-2.6.38.6/arch/x86/kernel/paravirt.c linux-2.6.38.6/arch= /x86/kernel/paravirt.c --- linux-2.6.38.6/arch/x86/kernel/paravirt.c 2011-03-14 21:20:32.000000= 000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/paravirt.c 2011-04-28 19:34:14.000000= 000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/paravirt.c 2011-05-16 21:47:08.000000= 000 -0400 @@ -122,7 +122,7 @@ unsigned paravirt_patch_jmp(void *insnbu * corresponding structure. */ static void *get_call_destination(u8 type) @@ -14454,7 +14567,17 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/paravi= rt.c linux-2.6.38.6/arch/x86/ker .pv_init_ops =3D pv_init_ops, .pv_time_ops =3D pv_time_ops, .pv_cpu_ops =3D pv_cpu_ops, -@@ -145,14 +145,14 @@ unsigned paravirt_patch_default(u8 type, +@@ -133,6 +133,9 @@ static void *get_call_destination(u8 typ + .pv_lock_ops =3D pv_lock_ops, + #endif + }; ++ ++ pax_track_stack(); ++ + return *((void **)&tmpl + type); + } +=20 +@@ -145,14 +148,14 @@ unsigned paravirt_patch_default(u8 type, if (opfunc =3D=3D NULL) /* If there's no function, patch it with a ud2a (BUG) */ ret =3D paravirt_patch_insns(insnbuf, len, ud2a, ud2a+sizeof(ud2a)); @@ -14472,7 +14595,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/paravir= t.c linux-2.6.38.6/arch/x86/ker ret =3D paravirt_patch_ident_64(insnbuf, len); =20 else if (type =3D=3D PARAVIRT_PATCH(pv_cpu_ops.iret) || -@@ -178,7 +178,7 @@ unsigned paravirt_patch_insns(void *insn +@@ -178,7 +181,7 @@ unsigned paravirt_patch_insns(void *insn if (insn_len > len || start =3D=3D NULL) insn_len =3D len; else @@ -14481,7 +14604,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/paravir= t.c linux-2.6.38.6/arch/x86/ker =20 return insn_len; } -@@ -294,22 +294,22 @@ void arch_flush_lazy_mmu_mode(void) +@@ -294,22 +297,22 @@ void arch_flush_lazy_mmu_mode(void) preempt_enable(); } =20 @@ -14508,7 +14631,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/paravir= t.c linux-2.6.38.6/arch/x86/ker .save_fl =3D __PV_IS_CALLEE_SAVE(native_save_fl), .restore_fl =3D __PV_IS_CALLEE_SAVE(native_restore_fl), .irq_disable =3D __PV_IS_CALLEE_SAVE(native_irq_disable), -@@ -321,7 +321,7 @@ struct pv_irq_ops pv_irq_ops =3D { +@@ -321,7 +324,7 @@ struct pv_irq_ops pv_irq_ops =3D { #endif }; =20 @@ -14517,7 +14640,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/paravir= t.c linux-2.6.38.6/arch/x86/ker .cpuid =3D native_cpuid, .get_debugreg =3D native_get_debugreg, .set_debugreg =3D native_set_debugreg, -@@ -382,7 +382,7 @@ struct pv_cpu_ops pv_cpu_ops =3D { +@@ -382,7 +385,7 @@ struct pv_cpu_ops pv_cpu_ops =3D { .end_context_switch =3D paravirt_nop, }; =20 @@ -14526,7 +14649,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/paravir= t.c linux-2.6.38.6/arch/x86/ker #ifdef CONFIG_X86_LOCAL_APIC .startup_ipi_hook =3D paravirt_nop, #endif -@@ -396,7 +396,7 @@ struct pv_apic_ops pv_apic_ops =3D { +@@ -396,7 +399,7 @@ struct pv_apic_ops pv_apic_ops =3D { #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_64) #endif =20 @@ -14535,7 +14658,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/paravir= t.c linux-2.6.38.6/arch/x86/ker =20 .read_cr2 =3D native_read_cr2, .write_cr2 =3D native_write_cr2, -@@ -465,6 +465,12 @@ struct pv_mmu_ops pv_mmu_ops =3D { +@@ -465,6 +468,12 @@ struct pv_mmu_ops pv_mmu_ops =3D { }, =20 .set_fixmap =3D native_set_fixmap, @@ -14605,6 +14728,27 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/pci-ga= rt_64.c linux-2.6.38.6/arch/x86/ .map_sg =3D gart_map_sg, .unmap_sg =3D gart_unmap_sg, .map_page =3D gart_map_page, +diff -urNp linux-2.6.38.6/arch/x86/kernel/pci-iommu_table.c linux-2.6.38= .6/arch/x86/kernel/pci-iommu_table.c +--- linux-2.6.38.6/arch/x86/kernel/pci-iommu_table.c 2011-03-14 21:20:32= .000000000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/pci-iommu_table.c 2011-05-16 21:47:08= .000000000 -0400 +@@ -2,7 +2,7 @@ + #include + #include + #include +- ++#include +=20 + #define DEBUG 1 +=20 +@@ -53,6 +53,8 @@ void __init check_iommu_entries(struct i + char sym_p[KSYM_SYMBOL_LEN]; + char sym_q[KSYM_SYMBOL_LEN]; +=20 ++ pax_track_stack(); ++ + /* Simple cyclic dependency checker. */ + for (p =3D start; p < finish; p++) { + q =3D find_dependents_of(start, finish, p); diff -urNp linux-2.6.38.6/arch/x86/kernel/pci-nommu.c linux-2.6.38.6/arc= h/x86/kernel/pci-nommu.c --- linux-2.6.38.6/arch/x86/kernel/pci-nommu.c 2011-03-14 21:20:32.00000= 0000 -0400 +++ linux-2.6.38.6/arch/x86/kernel/pci-nommu.c 2011-04-28 19:34:14.00000= 0000 -0400 @@ -14631,7 +14775,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/pci-swi= otlb.c linux-2.6.38.6/arch/x86/ .free_coherent =3D swiotlb_free_coherent, diff -urNp linux-2.6.38.6/arch/x86/kernel/process_32.c linux-2.6.38.6/ar= ch/x86/kernel/process_32.c --- linux-2.6.38.6/arch/x86/kernel/process_32.c 2011-03-14 21:20:32.0000= 00000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/process_32.c 2011-04-28 19:34:14.0000= 00000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/process_32.c 2011-05-16 21:47:08.0000= 00000 -0400 @@ -65,6 +65,7 @@ asmlinkage void ret_from_fork(void) __as unsigned long thread_saved_pc(struct task_struct *tsk) { @@ -14658,7 +14802,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process= _32.c linux-2.6.38.6/arch/x86/k =20 show_regs_common(); =20 -@@ -196,7 +196,7 @@ int copy_thread(unsigned long clone_flag +@@ -196,13 +196,14 @@ int copy_thread(unsigned long clone_flag struct task_struct *tsk; int err; =20 @@ -14667,7 +14811,14 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/proces= s_32.c linux-2.6.38.6/arch/x86/k *childregs =3D *regs; childregs->ax =3D 0; childregs->sp =3D sp; -@@ -293,7 +293,7 @@ __switch_to(struct task_struct *prev_p,=20 +=20 + p->thread.sp =3D (unsigned long) childregs; + p->thread.sp0 =3D (unsigned long) (childregs+1); ++ p->tinfo.lowest_stack =3D (unsigned long)task_stack_page(p); +=20 + p->thread.ip =3D (unsigned long) ret_from_fork; +=20 +@@ -293,7 +294,7 @@ __switch_to(struct task_struct *prev_p,=20 struct thread_struct *prev =3D &prev_p->thread, *next =3D &next_p->thread; int cpu =3D smp_processor_id(); @@ -14676,7 +14827,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process= _32.c linux-2.6.38.6/arch/x86/k bool preload_fpu; =20 /* never put a printk in __switch_to... printk() calls wake_up*() indi= rectly */ -@@ -328,6 +328,10 @@ __switch_to(struct task_struct *prev_p,=20 +@@ -328,6 +329,10 @@ __switch_to(struct task_struct *prev_p,=20 */ lazy_save_gs(prev->gs); =20 @@ -14687,7 +14838,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process= _32.c linux-2.6.38.6/arch/x86/k /* * Load the per-thread Thread-Local Storage descriptor. */ -@@ -363,6 +367,9 @@ __switch_to(struct task_struct *prev_p,=20 +@@ -363,6 +368,9 @@ __switch_to(struct task_struct *prev_p,=20 */ arch_end_context_switch(next_p); =20 @@ -14697,7 +14848,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process= _32.c linux-2.6.38.6/arch/x86/k if (preload_fpu) __math_state_restore(); =20 -@@ -372,8 +379,6 @@ __switch_to(struct task_struct *prev_p,=20 +@@ -372,8 +380,6 @@ __switch_to(struct task_struct *prev_p,=20 if (prev->gs | next->gs) lazy_load_gs(next->gs); =20 @@ -14706,14 +14857,14 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/proce= ss_32.c linux-2.6.38.6/arch/x86/k return prev_p; } =20 -@@ -403,4 +408,3 @@ unsigned long get_wchan(struct task_stru +@@ -403,4 +409,3 @@ unsigned long get_wchan(struct task_stru } while (count++ < 16); return 0; } - diff -urNp linux-2.6.38.6/arch/x86/kernel/process_64.c linux-2.6.38.6/ar= ch/x86/kernel/process_64.c --- linux-2.6.38.6/arch/x86/kernel/process_64.c 2011-03-14 21:20:32.0000= 00000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/process_64.c 2011-05-11 18:34:57.0000= 00000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/process_64.c 2011-05-16 21:47:08.0000= 00000 -0400 @@ -87,7 +87,7 @@ static void __exit_idle(void) void exit_idle(void) { @@ -14733,7 +14884,15 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/proces= s_64.c linux-2.6.38.6/arch/x86/k *childregs =3D *regs; =20 childregs->ax =3D 0; -@@ -376,7 +375,7 @@ __switch_to(struct task_struct *prev_p,=20 +@@ -273,6 +272,7 @@ int copy_thread(unsigned long clone_flag + p->thread.sp =3D (unsigned long) childregs; + p->thread.sp0 =3D (unsigned long) (childregs+1); + p->thread.usersp =3D me->thread.usersp; ++ p->tinfo.lowest_stack =3D (unsigned long)task_stack_page(p); +=20 + set_tsk_thread_flag(p, TIF_FORK); +=20 +@@ -376,7 +376,7 @@ __switch_to(struct task_struct *prev_p,=20 struct thread_struct *prev =3D &prev_p->thread; struct thread_struct *next =3D &next_p->thread; int cpu =3D smp_processor_id(); @@ -14742,7 +14901,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process= _64.c linux-2.6.38.6/arch/x86/k unsigned fsindex, gsindex; bool preload_fpu; =20 -@@ -472,10 +471,9 @@ __switch_to(struct task_struct *prev_p,=20 +@@ -472,10 +472,9 @@ __switch_to(struct task_struct *prev_p,=20 prev->usersp =3D percpu_read(old_rsp); percpu_write(old_rsp, next->usersp); percpu_write(current_task, next_p); @@ -14755,7 +14914,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process= _64.c linux-2.6.38.6/arch/x86/k =20 /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -529,12 +527,11 @@ unsigned long get_wchan(struct task_stru +@@ -529,12 +528,11 @@ unsigned long get_wchan(struct task_stru if (!p || p =3D=3D current || p->state =3D=3D TASK_RUNNING) return 0; stack =3D (unsigned long)task_stack_page(p); @@ -16491,8 +16650,17 @@ diff -urNp linux-2.6.38.6/arch/x86/kvm/mmu.c lin= ux-2.6.38.6/arch/x86/kvm/mmu.c kvm_mmu_free_some_pages(vcpu); diff -urNp linux-2.6.38.6/arch/x86/kvm/paging_tmpl.h linux-2.6.38.6/arch= /x86/kvm/paging_tmpl.h --- linux-2.6.38.6/arch/x86/kvm/paging_tmpl.h 2011-03-14 21:20:32.000000= 000 -0400 -+++ linux-2.6.38.6/arch/x86/kvm/paging_tmpl.h 2011-04-28 19:57:25.000000= 000 -0400 -@@ -674,7 +674,7 @@ static void FNAME(invlpg)(struct kvm_vcp ++++ linux-2.6.38.6/arch/x86/kvm/paging_tmpl.h 2011-05-16 21:47:08.000000= 000 -0400 +@@ -554,6 +554,8 @@ static int FNAME(page_fault)(struct kvm_ + unsigned long mmu_seq; + bool map_writable; +=20 ++ pax_track_stack(); ++ + pgprintk("%s: addr %lx err %x\n", __func__, addr, error_code); +=20 + r =3D mmu_topup_memory_caches(vcpu); +@@ -674,7 +676,7 @@ static void FNAME(invlpg)(struct kvm_vcp if (need_flush) kvm_flush_remote_tlbs(vcpu->kvm); =20 @@ -21712,6 +21880,18 @@ diff -urNp linux-2.6.38.6/arch/x86/platform/efi/= efi_stub_32.S linux-2.6.38.6/arc saved_return_addr: .long 0 efi_rt_function_ptr: +diff -urNp linux-2.6.38.6/arch/x86/platform/uv/tlb_uv.c linux-2.6.38.6/a= rch/x86/platform/uv/tlb_uv.c +--- linux-2.6.38.6/arch/x86/platform/uv/tlb_uv.c 2011-03-14 21:20:32.000= 000000 -0400 ++++ linux-2.6.38.6/arch/x86/platform/uv/tlb_uv.c 2011-05-16 21:47:08.000= 000000 -0400 +@@ -341,6 +341,8 @@ static void uv_reset_with_ipi(struct bau + cpumask_t mask; + struct reset_args reset_args; +=20 ++ pax_track_stack(); ++ + reset_args.sender =3D sender; +=20 + cpus_clear(mask); diff -urNp linux-2.6.38.6/arch/x86/power/cpu.c linux-2.6.38.6/arch/x86/p= ower/cpu.c --- linux-2.6.38.6/arch/x86/power/cpu.c 2011-03-14 21:20:32.000000000 -0= 400 +++ linux-2.6.38.6/arch/x86/power/cpu.c 2011-04-28 19:34:15.000000000 -0= 400 @@ -22300,18 +22480,39 @@ diff -urNp linux-2.6.38.6/block/scsi_ioctl.c li= nux-2.6.38.6/block/scsi_ioctl.c if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; =20 +diff -urNp linux-2.6.38.6/crypto/serpent.c linux-2.6.38.6/crypto/serpent= .c +--- linux-2.6.38.6/crypto/serpent.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/crypto/serpent.c 2011-05-16 21:47:08.000000000 -0400 +@@ -224,6 +224,8 @@ static int serpent_setkey(struct crypto_ + u32 r0,r1,r2,r3,r4; + int i; +=20 ++ pax_track_stack(); ++ + /* Copy key, add padding */ +=20 + for (i =3D 0; i < keylen; ++i) diff -urNp linux-2.6.38.6/Documentation/dontdiff linux-2.6.38.6/Document= ation/dontdiff --- linux-2.6.38.6/Documentation/dontdiff 2011-03-14 21:20:32.000000000 = -0400 -+++ linux-2.6.38.6/Documentation/dontdiff 2011-04-28 19:34:15.000000000 = -0400 -@@ -3,6 +3,7 @@ ++++ linux-2.6.38.6/Documentation/dontdiff 2011-05-18 20:23:44.000000000 = -0400 +@@ -1,13 +1,16 @@ + *.a + *.aux *.bin ++*.cis *.cpio *.csp +*.dbg *.dsp *.dvi *.elf -@@ -38,8 +39,10 @@ + *.eps + *.fw ++*.gcno + *.gen.S + *.gif + *.grep +@@ -38,8 +41,10 @@ *.tab.h *.tex *.ver @@ -22322,7 +22523,7 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff = linux-2.6.38.6/Documentation/do *_vga16.c *~ *.9 -@@ -49,11 +52,16 @@ +@@ -49,11 +54,16 @@ 53c700_d.h CVS ChangeSet @@ -22339,8 +22540,11 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff= linux-2.6.38.6/Documentation/do SCCS System.map* TAGS -@@ -82,6 +90,8 @@ bvmlinux +@@ -80,8 +90,11 @@ btfixupprep + build + bvmlinux bzImage* ++capability_names.h capflags.c classlist.h* +clut_vga16.c @@ -22348,7 +22552,7 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff = linux-2.6.38.6/Documentation/do comp*.log compile.h* conf -@@ -106,16 +116,19 @@ fore200e_mkfirm +@@ -106,16 +119,19 @@ fore200e_mkfirm fore200e_pca_fw.c* gconf gen-devlist @@ -22368,7 +22572,7 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff = linux-2.6.38.6/Documentation/do initramfs_data.cpio.gz initramfs_list int16.c -@@ -125,7 +138,6 @@ int32.c +@@ -125,7 +141,6 @@ int32.c int4.c int8.c kallsyms @@ -22376,7 +22580,7 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff = linux-2.6.38.6/Documentation/do keywords.c ksym.c* ksym.h* -@@ -149,7 +161,9 @@ mkboot +@@ -149,7 +164,9 @@ mkboot mkbugboot mkcpustr mkdep @@ -22386,7 +22590,7 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff = linux-2.6.38.6/Documentation/do mktables mktree modpost -@@ -165,6 +179,7 @@ parse.h +@@ -165,6 +182,7 @@ parse.h patches* pca200e.bin pca200e_ecd.bin2 @@ -22394,15 +22598,17 @@ diff -urNp linux-2.6.38.6/Documentation/dontdif= f linux-2.6.38.6/Documentation/do piggy.gz piggyback piggy.S -@@ -180,6 +195,7 @@ r600_reg_safe.h +@@ -180,7 +198,9 @@ r600_reg_safe.h raid6altivec*.c raid6int*.c raid6tables.c +regdb.c relocs ++rlim_names.h rn50_reg_safe.h rs600_reg_safe.h -@@ -189,6 +205,7 @@ setup + rv515_reg_safe.h +@@ -189,6 +209,7 @@ setup setup.bin setup.elf sImage @@ -22410,7 +22616,7 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff = linux-2.6.38.6/Documentation/do sm_tbl* split-include syscalltab.h -@@ -213,13 +230,17 @@ version.h* +@@ -213,13 +234,17 @@ version.h* vmlinux vmlinux-* vmlinux.aout @@ -22798,8 +23004,26 @@ diff -urNp linux-2.6.38.6/drivers/ata/libata-cor= e.c linux-2.6.38.6/drivers/ata/l .error_handler =3D ata_dummy_error_handler, diff -urNp linux-2.6.38.6/drivers/ata/libata-eh.c linux-2.6.38.6/drivers= /ata/libata-eh.c --- linux-2.6.38.6/drivers/ata/libata-eh.c 2011-05-10 22:06:27.000000000= -0400 -+++ linux-2.6.38.6/drivers/ata/libata-eh.c 2011-05-10 22:06:52.000000000= -0400 -@@ -3882,7 +3882,7 @@ void ata_do_eh(struct ata_port *ap, ata_ ++++ linux-2.6.38.6/drivers/ata/libata-eh.c 2011-05-17 19:31:43.000000000= -0400 +@@ -2478,6 +2478,8 @@ void ata_eh_report(struct ata_port *ap) + { + struct ata_link *link; +=20 ++ pax_track_stack(); ++ + ata_for_each_link(link, ap, HOST_FIRST) + ata_eh_link_report(link); + } +@@ -3276,7 +3278,7 @@ static int ata_eh_set_lpm(struct ata_lin + struct ata_eh_context *ehc =3D &link->eh_context; + struct ata_device *dev, *link_dev =3D NULL, *lpm_dev =3D NULL; + enum ata_lpm_policy old_policy =3D link->lpm_policy; +- bool no_dipm =3D ap->flags & ATA_FLAG_NO_DIPM; ++ bool no_dipm =3D link->ap->flags & ATA_FLAG_NO_DIPM; + unsigned int hints =3D ATA_LPM_EMPTY | ATA_LPM_HIPM; + unsigned int err_mask; + int rc; +@@ -3882,7 +3884,7 @@ void ata_do_eh(struct ata_port *ap, ata_ */ void ata_std_error_handler(struct ata_port *ap) { @@ -25129,7 +25353,7 @@ diff -urNp linux-2.6.38.6/drivers/atm/nicstar.c l= inux-2.6.38.6/drivers/atm/nicst =20 diff -urNp linux-2.6.38.6/drivers/atm/solos-pci.c linux-2.6.38.6/drivers= /atm/solos-pci.c --- linux-2.6.38.6/drivers/atm/solos-pci.c 2011-04-18 17:27:18.000000000= -0400 -+++ linux-2.6.38.6/drivers/atm/solos-pci.c 2011-04-28 19:34:15.000000000= -0400 ++++ linux-2.6.38.6/drivers/atm/solos-pci.c 2011-05-16 21:47:08.000000000= -0400 @@ -715,7 +715,7 @@ void solos_bh(unsigned long card_arg) } atm_charge(vcc, skb->truesize); @@ -25139,7 +25363,16 @@ diff -urNp linux-2.6.38.6/drivers/atm/solos-pci.= c linux-2.6.38.6/drivers/atm/sol break; =20 case PKT_STATUS: -@@ -1009,7 +1009,7 @@ static uint32_t fpga_tx(struct solos_car +@@ -900,6 +900,8 @@ static int print_buffer(struct sk_buff * + char msg[500]; + char item[10]; +=20 ++ pax_track_stack(); ++ + len =3D buf->len; + for (i =3D 0; i < len; i++){ + if(i % 8 =3D=3D 0) +@@ -1009,7 +1011,7 @@ static uint32_t fpga_tx(struct solos_car vcc =3D SKB_CB(oldskb)->vcc; =20 if (vcc) { @@ -25299,6 +25532,30 @@ diff -urNp linux-2.6.38.6/drivers/block/cciss.c = linux-2.6.38.6/drivers/block/cci err =3D 0; err |=3D copy_from_user(&arg64.LUN_info, &arg32->LUN_info, +diff -urNp linux-2.6.38.6/drivers/block/cpqarray.c linux-2.6.38.6/driver= s/block/cpqarray.c +--- linux-2.6.38.6/drivers/block/cpqarray.c 2011-03-14 21:20:32.00000000= 0 -0400 ++++ linux-2.6.38.6/drivers/block/cpqarray.c 2011-05-16 21:47:08.00000000= 0 -0400 +@@ -911,6 +911,8 @@ static void do_ida_request(struct reques + struct scatterlist tmp_sg[SG_MAX]; + int i, dir, seg; +=20 ++ pax_track_stack(); ++ + if (blk_queue_plugged(q)) + goto startio; +=20 +diff -urNp linux-2.6.38.6/drivers/block/DAC960.c linux-2.6.38.6/drivers/= block/DAC960.c +--- linux-2.6.38.6/drivers/block/DAC960.c 2011-03-14 21:20:32.000000000 = -0400 ++++ linux-2.6.38.6/drivers/block/DAC960.c 2011-05-16 21:47:08.000000000 = -0400 +@@ -1979,6 +1979,8 @@ static bool DAC960_V1_ReadDeviceConfigur + unsigned long flags; + int Channel, TargetID; +=20 ++ pax_track_stack(); ++ + if (!init_dma_loaf(Controller->PCIDevice, &local_dma,=20 + DAC960_V1_MaxChannels*(sizeof(DAC960_V1_DCDB_T) + + sizeof(DAC960_SCSI_Inquiry_T) + diff -urNp linux-2.6.38.6/drivers/block/drbd/drbd_int.h linux-2.6.38.6/d= rivers/block/drbd/drbd_int.h --- linux-2.6.38.6/drivers/block/drbd/drbd_int.h 2011-03-14 21:20:32.000= 000000 -0400 +++ linux-2.6.38.6/drivers/block/drbd/drbd_int.h 2011-04-28 19:57:25.000= 000000 -0400 @@ -25506,6 +25763,27 @@ diff -urNp linux-2.6.38.6/drivers/block/drbd/drb= d_receiver.c linux-2.6.38.6/driv D_ASSERT(list_empty(&mdev->current_epoch->list)); } =20 +diff -urNp linux-2.6.38.6/drivers/block/nbd.c linux-2.6.38.6/drivers/blo= ck/nbd.c +--- linux-2.6.38.6/drivers/block/nbd.c 2011-03-14 21:20:32.000000000 -04= 00 ++++ linux-2.6.38.6/drivers/block/nbd.c 2011-05-16 21:47:08.000000000 -04= 00 +@@ -157,6 +157,8 @@ static int sock_xmit(struct nbd_device * + struct kvec iov; + sigset_t blocked, oldset; +=20 ++ pax_track_stack(); ++ + if (unlikely(!sock)) { + printk(KERN_ERR "%s: Attempted %s on closed socket in sock_xmit\n", + lo->disk->disk_name, (send ? "send" : "recv")); +@@ -571,6 +573,8 @@ static void do_nbd_request(struct reques + static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *lo= , + unsigned int cmd, unsigned long arg) + { ++ pax_track_stack(); ++ + switch (cmd) { + case NBD_DISCONNECT: { + struct request sreq; diff -urNp linux-2.6.38.6/drivers/char/agp/frontend.c linux-2.6.38.6/dri= vers/char/agp/frontend.c --- linux-2.6.38.6/drivers/char/agp/frontend.c 2011-03-14 21:20:32.00000= 0000 -0400 +++ linux-2.6.38.6/drivers/char/agp/frontend.c 2011-04-28 19:34:15.00000= 0000 -0400 @@ -25587,7 +25865,7 @@ diff -urNp linux-2.6.38.6/drivers/char/hpet.c lin= ux-2.6.38.6/drivers/char/hpet.c struct hpet_timer __iomem *timer; diff -urNp linux-2.6.38.6/drivers/char/ipmi/ipmi_msghandler.c linux-2.6.= 38.6/drivers/char/ipmi/ipmi_msghandler.c --- linux-2.6.38.6/drivers/char/ipmi/ipmi_msghandler.c 2011-03-14 21:20:= 32.000000000 -0400 -+++ linux-2.6.38.6/drivers/char/ipmi/ipmi_msghandler.c 2011-04-28 19:34:= 15.000000000 -0400 ++++ linux-2.6.38.6/drivers/char/ipmi/ipmi_msghandler.c 2011-05-16 21:47:= 08.000000000 -0400 @@ -414,7 +414,7 @@ struct ipmi_smi { struct proc_dir_entry *proc_dir; char proc_dir_name[10]; @@ -25618,6 +25896,15 @@ diff -urNp linux-2.6.38.6/drivers/char/ipmi/ipmi= _msghandler.c linux-2.6.38.6/dri =20 intf->proc_dir =3D NULL; =20 +@@ -4196,6 +4196,8 @@ static void send_panic_events(char *str) + struct ipmi_smi_msg smi_msg; + struct ipmi_recv_msg recv_msg; +=20 ++ pax_track_stack(); ++ + si =3D (struct ipmi_system_interface_addr *) &addr; + si->addr_type =3D IPMI_SYSTEM_INTERFACE_ADDR_TYPE; + si->channel =3D IPMI_BMC_CHANNEL; diff -urNp linux-2.6.38.6/drivers/char/ipmi/ipmi_si_intf.c linux-2.6.38.= 6/drivers/char/ipmi/ipmi_si_intf.c --- linux-2.6.38.6/drivers/char/ipmi/ipmi_si_intf.c 2011-03-14 21:20:32.= 000000000 -0400 +++ linux-2.6.38.6/drivers/char/ipmi/ipmi_si_intf.c 2011-04-28 19:34:15.= 000000000 -0400 @@ -25653,7 +25940,7 @@ diff -urNp linux-2.6.38.6/drivers/char/ipmi/ipmi_= si_intf.c linux-2.6.38.6/driver atomic_set(&new_smi->stop_operation, 0); diff -urNp linux-2.6.38.6/drivers/char/istallion.c linux-2.6.38.6/driver= s/char/istallion.c --- linux-2.6.38.6/drivers/char/istallion.c 2011-03-14 21:20:32.00000000= 0 -0400 -+++ linux-2.6.38.6/drivers/char/istallion.c 2011-04-28 19:34:15.00000000= 0 -0400 ++++ linux-2.6.38.6/drivers/char/istallion.c 2011-05-16 21:47:08.00000000= 0 -0400 @@ -186,7 +186,6 @@ static struct ktermios stli_deftermios=20 * re-used for each stats call. */ @@ -25670,6 +25957,24 @@ diff -urNp linux-2.6.38.6/drivers/char/istallion= .c linux-2.6.38.6/drivers/char/i =20 if (copy_from_user(&stli_brdstats, bp, sizeof(combrd_t))) return -EFAULT; +@@ -4226,6 +4226,8 @@ static int stli_getportstruct(struct stl + struct stliport stli_dummyport; + struct stliport *portp; +=20 ++ pax_track_stack(); ++ + if (copy_from_user(&stli_dummyport, arg, sizeof(struct stliport))) + return -EFAULT; + portp =3D stli_getport(stli_dummyport.brdnr, stli_dummyport.panelnr, +@@ -4248,6 +4250,8 @@ static int stli_getbrdstruct(struct stli + struct stlibrd stli_dummybrd; + struct stlibrd *brdp; +=20 ++ pax_track_stack(); ++ + if (copy_from_user(&stli_dummybrd, arg, sizeof(struct stlibrd))) + return -EFAULT; + if (stli_dummybrd.brdnr >=3D STL_MAXBRDS) diff -urNp linux-2.6.38.6/drivers/char/Kconfig linux-2.6.38.6/drivers/ch= ar/Kconfig --- linux-2.6.38.6/drivers/char/Kconfig 2011-03-14 21:20:32.000000000 -0= 400 +++ linux-2.6.38.6/drivers/char/Kconfig 2011-04-28 19:34:15.000000000 -0= 400 @@ -26016,6 +26321,18 @@ diff -urNp linux-2.6.38.6/drivers/char/random.c = linux-2.6.38.6/drivers/char/rand static int max_write_thresh =3D INPUT_POOL_WORDS * 32; static char sysctl_bootid[16]; =20 +diff -urNp linux-2.6.38.6/drivers/char/rocket.c linux-2.6.38.6/drivers/c= har/rocket.c +--- linux-2.6.38.6/drivers/char/rocket.c 2011-03-14 21:20:32.000000000 -= 0400 ++++ linux-2.6.38.6/drivers/char/rocket.c 2011-05-16 21:47:08.000000000 -= 0400 +@@ -1277,6 +1277,8 @@ static int get_ports(struct r_port *info + struct rocket_ports tmp; + int board; +=20 ++ pax_track_stack(); ++ + if (!retports) + return -EFAULT; + memset(&tmp, 0, sizeof (tmp)); diff -urNp linux-2.6.38.6/drivers/char/sonypi.c linux-2.6.38.6/drivers/c= har/sonypi.c --- linux-2.6.38.6/drivers/char/sonypi.c 2011-03-14 21:20:32.000000000 -= 0400 +++ linux-2.6.38.6/drivers/char/sonypi.c 2011-04-28 19:34:15.000000000 -= 0400 @@ -26057,6 +26374,18 @@ diff -urNp linux-2.6.38.6/drivers/char/sonypi.c = linux-2.6.38.6/drivers/char/sony mutex_unlock(&sonypi_device.lock); =20 return 0; +diff -urNp linux-2.6.38.6/drivers/char/stallion.c linux-2.6.38.6/drivers= /char/stallion.c +--- linux-2.6.38.6/drivers/char/stallion.c 2011-03-14 21:20:32.000000000= -0400 ++++ linux-2.6.38.6/drivers/char/stallion.c 2011-05-16 21:47:08.000000000= -0400 +@@ -2407,6 +2407,8 @@ static int stl_getportstruct(struct stlp + struct stlport stl_dummyport; + struct stlport *portp; +=20 ++ pax_track_stack(); ++ + if (copy_from_user(&stl_dummyport, arg, sizeof(struct stlport))) + return -EFAULT; + portp =3D stl_getport(stl_dummyport.brdnr, stl_dummyport.panelnr, diff -urNp linux-2.6.38.6/drivers/char/tpm/tpm_bios.c linux-2.6.38.6/dri= vers/char/tpm/tpm_bios.c --- linux-2.6.38.6/drivers/char/tpm/tpm_bios.c 2011-03-14 21:20:32.00000= 0000 -0400 +++ linux-2.6.38.6/drivers/char/tpm/tpm_bios.c 2011-04-28 19:34:15.00000= 0000 -0400 @@ -26102,7 +26431,7 @@ diff -urNp linux-2.6.38.6/drivers/char/tpm/tpm_bi= os.c linux-2.6.38.6/drivers/cha =20 diff -urNp linux-2.6.38.6/drivers/char/tpm/tpm.c linux-2.6.38.6/drivers/= char/tpm/tpm.c --- linux-2.6.38.6/drivers/char/tpm/tpm.c 2011-04-18 17:27:18.000000000 = -0400 -+++ linux-2.6.38.6/drivers/char/tpm/tpm.c 2011-04-28 19:34:15.000000000 = -0400 ++++ linux-2.6.38.6/drivers/char/tpm/tpm.c 2011-05-16 21:47:08.000000000 = -0400 @@ -411,7 +411,7 @@ static ssize_t tpm_transmit(struct tpm_c chip->vendor.req_complete_val) goto out_recv; @@ -26112,6 +26441,15 @@ diff -urNp linux-2.6.38.6/drivers/char/tpm/tpm.c= linux-2.6.38.6/drivers/char/tpm dev_err(chip->dev, "Operation Canceled\n"); rc =3D -ECANCELED; goto out; +@@ -844,6 +844,8 @@ ssize_t tpm_show_pubek(struct device *de +=20 + struct tpm_chip *chip =3D dev_get_drvdata(dev); +=20 ++ pax_track_stack(); ++ + tpm_cmd.header.in =3D tpm_readpubek_header; + err =3D transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE, + "attempting to read the PUBEK"); diff -urNp linux-2.6.38.6/drivers/cpuidle/sysfs.c linux-2.6.38.6/drivers= /cpuidle/sysfs.c --- linux-2.6.38.6/drivers/cpuidle/sysfs.c 2011-03-14 21:20:32.000000000= -0400 +++ linux-2.6.38.6/drivers/cpuidle/sysfs.c 2011-04-28 19:34:15.000000000= -0400 @@ -26124,6 +26462,30 @@ diff -urNp linux-2.6.38.6/drivers/cpuidle/sysfs.= c linux-2.6.38.6/drivers/cpuidle { kobject_put(&device->kobjs[i]->kobj); wait_for_completion(&device->kobjs[i]->kobj_unregister); +diff -urNp linux-2.6.38.6/drivers/crypto/hifn_795x.c linux-2.6.38.6/driv= ers/crypto/hifn_795x.c +--- linux-2.6.38.6/drivers/crypto/hifn_795x.c 2011-03-14 21:20:32.000000= 000 -0400 ++++ linux-2.6.38.6/drivers/crypto/hifn_795x.c 2011-05-16 21:47:08.000000= 000 -0400 +@@ -1655,6 +1655,8 @@ static int hifn_test(struct hifn_device=20 + 0xCA, 0x34, 0x2B, 0x2E}; + struct scatterlist sg; +=20 ++ pax_track_stack(); ++ + memset(src, 0, sizeof(src)); + memset(ctx.key, 0, sizeof(ctx.key)); +=20 +diff -urNp linux-2.6.38.6/drivers/crypto/padlock-aes.c linux-2.6.38.6/dr= ivers/crypto/padlock-aes.c +--- linux-2.6.38.6/drivers/crypto/padlock-aes.c 2011-03-14 21:20:32.0000= 00000 -0400 ++++ linux-2.6.38.6/drivers/crypto/padlock-aes.c 2011-05-16 21:47:08.0000= 00000 -0400 +@@ -109,6 +109,8 @@ static int aes_set_key(struct crypto_tfm + struct crypto_aes_ctx gen_aes; + int cpu; +=20 ++ pax_track_stack(); ++ + if (key_len % 8) { + *flags |=3D CRYPTO_TFM_RES_BAD_KEY_LEN; + return -EINVAL; diff -urNp linux-2.6.38.6/drivers/edac/edac_mc_sysfs.c linux-2.6.38.6/dr= ivers/edac/edac_mc_sysfs.c --- linux-2.6.38.6/drivers/edac/edac_mc_sysfs.c 2011-03-14 21:20:32.0000= 00000 -0400 +++ linux-2.6.38.6/drivers/edac/edac_mc_sysfs.c 2011-04-28 19:34:15.0000= 00000 -0400 @@ -26235,6 +26597,26 @@ diff -urNp linux-2.6.38.6/drivers/firewire/core-= cdev.c linux-2.6.38.6/drivers/fi return -EINVAL; =20 r =3D kmalloc(sizeof(*r), GFP_KERNEL); +diff -urNp linux-2.6.38.6/drivers/firewire/core-transaction.c linux-2.6.= 38.6/drivers/firewire/core-transaction.c +--- linux-2.6.38.6/drivers/firewire/core-transaction.c 2011-03-14 21:20:= 32.000000000 -0400 ++++ linux-2.6.38.6/drivers/firewire/core-transaction.c 2011-05-16 21:47:= 08.000000000 -0400 +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include +=20 + #include +=20 +@@ -420,6 +421,8 @@ int fw_run_transaction(struct fw_card *c + struct transaction_callback_data d; + struct fw_transaction t; +=20 ++ pax_track_stack(); ++ + init_timer_on_stack(&t.split_timeout_timer); + init_completion(&d.done); + d.payload =3D payload; diff -urNp linux-2.6.38.6/drivers/firmware/dmi_scan.c linux-2.6.38.6/dri= vers/firmware/dmi_scan.c --- linux-2.6.38.6/drivers/firmware/dmi_scan.c 2011-03-14 21:20:32.00000= 0000 -0400 +++ linux-2.6.38.6/drivers/firmware/dmi_scan.c 2011-04-28 19:34:15.00000= 0000 -0400 @@ -26264,7 +26646,7 @@ diff -urNp linux-2.6.38.6/drivers/gpio/vr41xx_giu= .c linux-2.6.38.6/drivers/gpio/ } diff -urNp linux-2.6.38.6/drivers/gpu/drm/drm_crtc_helper.c linux-2.6.38= .6/drivers/gpu/drm/drm_crtc_helper.c --- linux-2.6.38.6/drivers/gpu/drm/drm_crtc_helper.c 2011-03-14 21:20:32= .000000000 -0400 -+++ linux-2.6.38.6/drivers/gpu/drm/drm_crtc_helper.c 2011-04-28 19:34:15= .000000000 -0400 ++++ linux-2.6.38.6/drivers/gpu/drm/drm_crtc_helper.c 2011-05-16 21:47:08= .000000000 -0400 @@ -276,7 +276,7 @@ static bool drm_encoder_crtc_ok(struct d struct drm_crtc *tmp; int crtc_mask =3D 1; @@ -26274,6 +26656,15 @@ diff -urNp linux-2.6.38.6/drivers/gpu/drm/drm_cr= tc_helper.c linux-2.6.38.6/drive =20 dev =3D crtc->dev; =20 +@@ -343,6 +343,8 @@ bool drm_crtc_helper_set_mode(struct drm + struct drm_encoder *encoder; + bool ret =3D true; +=20 ++ pax_track_stack(); ++ + crtc->enabled =3D drm_helper_crtc_in_use(crtc); + if (!crtc->enabled) + return true; diff -urNp linux-2.6.38.6/drivers/gpu/drm/drm_drv.c linux-2.6.38.6/drive= rs/gpu/drm/drm_drv.c --- linux-2.6.38.6/drivers/gpu/drm/drm_drv.c 2011-03-14 21:20:32.0000000= 00 -0400 +++ linux-2.6.38.6/drivers/gpu/drm/drm_drv.c 2011-04-28 19:34:15.0000000= 00 -0400 @@ -27019,6 +27410,18 @@ diff -urNp linux-2.6.38.6/drivers/gpu/drm/r128/r= 128_state.c linux-2.6.38.6/drive } =20 #endif +diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon/atom.c linux-2.6.38.6/d= rivers/gpu/drm/radeon/atom.c +--- linux-2.6.38.6/drivers/gpu/drm/radeon/atom.c 2011-05-10 22:06:27.000= 000000 -0400 ++++ linux-2.6.38.6/drivers/gpu/drm/radeon/atom.c 2011-05-16 21:47:08.000= 000000 -0400 +@@ -1245,6 +1245,8 @@ struct atom_context *atom_parse(struct c + char name[512]; + int i; +=20 ++ pax_track_stack(); ++ + ctx->card =3D card; + ctx->bios =3D bios; +=20 diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon/mkregtable.c linux-2.6.= 38.6/drivers/gpu/drm/radeon/mkregtable.c --- linux-2.6.38.6/drivers/gpu/drm/radeon/mkregtable.c 2011-03-14 21:20:= 32.000000000 -0400 +++ linux-2.6.38.6/drivers/gpu/drm/radeon/mkregtable.c 2011-04-28 19:34:= 15.000000000 -0400 @@ -27039,6 +27442,18 @@ diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon= /mkregtable.c linux-2.6.38.6/dri =20 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { +diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_atombios.c linux= -2.6.38.6/drivers/gpu/drm/radeon/radeon_atombios.c +--- linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_atombios.c 2011-05-10 2= 2:06:29.000000000 -0400 ++++ linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_atombios.c 2011-05-16 2= 1:47:08.000000000 -0400 +@@ -545,6 +545,8 @@ bool radeon_get_atom_connector_info_from + struct radeon_gpio_rec gpio; + struct radeon_hpd hpd; +=20 ++ pax_track_stack(); ++ + if (!atom_parse_data_header(ctx, index, &size, &frev, &crev, &data_off= set)) + return false; +=20 diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_device.c linux-2= .6.38.6/drivers/gpu/drm/radeon/radeon_device.c --- linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_device.c 2011-03-14 21:= 20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_device.c 2011-04-28 19:= 34:15.000000000 -0400 @@ -27051,6 +27466,18 @@ diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon= /radeon_device.c linux-2.6.38.6/ spin_unlock(&dev->count_lock); return can_switch; } +diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_display.c linux-= 2.6.38.6/drivers/gpu/drm/radeon/radeon_display.c +--- linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_display.c 2011-03-14 21= :20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_display.c 2011-05-16 21= :47:08.000000000 -0400 +@@ -934,6 +934,8 @@ void radeon_compute_pll_legacy(struct ra + uint32_t post_div; + u32 pll_out_min, pll_out_max; +=20 ++ pax_track_stack(); ++ + DRM_DEBUG_KMS("PLL freq %llu %u %u\n", freq, pll->min_ref_div, pll->ma= x_ref_div); + freq =3D freq * 1000; +=20 diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_drv.h linux-2.6.= 38.6/drivers/gpu/drm/radeon/radeon_drv.h --- linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_drv.h 2011-03-14 21:20:= 32.000000000 -0400 +++ linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_drv.h 2011-04-28 19:57:= 25.000000000 -0400 @@ -27645,6 +28072,30 @@ diff -urNp linux-2.6.38.6/drivers/ide/ide-cd.c l= inux-2.6.38.6/drivers/ide/ide-cd drive->dma =3D 0; } } +diff -urNp linux-2.6.38.6/drivers/ide/ide-floppy.c linux-2.6.38.6/driver= s/ide/ide-floppy.c +--- linux-2.6.38.6/drivers/ide/ide-floppy.c 2011-03-14 21:20:32.00000000= 0 -0400 ++++ linux-2.6.38.6/drivers/ide/ide-floppy.c 2011-05-16 21:47:08.00000000= 0 -0400 +@@ -379,6 +379,8 @@ static int ide_floppy_get_capacity(ide_d + u8 pc_buf[256], header_len, desc_cnt; + int i, rc =3D 1, blocks, length; +=20 ++ pax_track_stack(); ++ + ide_debug_log(IDE_DBG_FUNC, "enter"); +=20 + drive->bios_cyl =3D 0; +diff -urNp linux-2.6.38.6/drivers/ide/setup-pci.c linux-2.6.38.6/drivers= /ide/setup-pci.c +--- linux-2.6.38.6/drivers/ide/setup-pci.c 2011-03-14 21:20:32.000000000= -0400 ++++ linux-2.6.38.6/drivers/ide/setup-pci.c 2011-05-16 21:47:08.000000000= -0400 +@@ -542,6 +542,8 @@ int ide_pci_init_two(struct pci_dev *dev + int ret, i, n_ports =3D dev2 ? 4 : 2; + struct ide_hw hw[4], *hws[] =3D { NULL, NULL, NULL, NULL }; +=20 ++ pax_track_stack(); ++ + for (i =3D 0; i < n_ports / 2; i++) { + ret =3D ide_setup_pci_controller(pdev[i], d, !i); + if (ret < 0) diff -urNp linux-2.6.38.6/drivers/infiniband/core/cm.c linux-2.6.38.6/dr= ivers/infiniband/core/cm.c --- linux-2.6.38.6/drivers/infiniband/core/cm.c 2011-04-18 17:27:14.0000= 00000 -0400 +++ linux-2.6.38.6/drivers/infiniband/core/cm.c 2011-04-28 19:34:15.0000= 00000 -0400 @@ -27878,6 +28329,18 @@ diff -urNp linux-2.6.38.6/drivers/infiniband/hw/= cxgb4/mem.c linux-2.6.38.6/drive } PDBG("%s stag_state 0x%0x type 0x%0x pdid 0x%0x, stag_idx 0x%x\n", __func__, stag_state, type, pdid, stag_idx); +diff -urNp linux-2.6.38.6/drivers/infiniband/hw/ipath/ipath_fs.c linux-2= .6.38.6/drivers/infiniband/hw/ipath/ipath_fs.c +--- linux-2.6.38.6/drivers/infiniband/hw/ipath/ipath_fs.c 2011-03-14 21:= 20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/infiniband/hw/ipath/ipath_fs.c 2011-05-16 21:= 47:08.000000000 -0400 +@@ -113,6 +113,8 @@ static ssize_t atomic_counters_read(stru + struct infinipath_counters counters; + struct ipath_devdata *dd; +=20 ++ pax_track_stack(); ++ + dd =3D file->f_path.dentry->d_inode->i_private; + dd->ipath_f_read_counters(dd, &counters); +=20 diff -urNp linux-2.6.38.6/drivers/infiniband/hw/ipath/ipath_rc.c linux-2= .6.38.6/drivers/infiniband/hw/ipath/ipath_rc.c --- linux-2.6.38.6/drivers/infiniband/hw/ipath/ipath_rc.c 2011-03-14 21:= 20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/infiniband/hw/ipath/ipath_rc.c 2011-05-11 18:= 35:16.000000000 -0400 @@ -28343,6 +28806,26 @@ diff -urNp linux-2.6.38.6/drivers/input/input.c = linux-2.6.38.6/drivers/input/inp =20 error =3D device_add(&dev->dev); if (error) +diff -urNp linux-2.6.38.6/drivers/input/joystick/sidewinder.c linux-2.6.= 38.6/drivers/input/joystick/sidewinder.c +--- linux-2.6.38.6/drivers/input/joystick/sidewinder.c 2011-03-14 21:20:= 32.000000000 -0400 ++++ linux-2.6.38.6/drivers/input/joystick/sidewinder.c 2011-05-18 20:23:= 44.000000000 -0400 +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -428,6 +429,8 @@ static int sw_read(struct sw *sw) + unsigned char buf[SW_LENGTH]; + int i; +=20 ++ pax_track_stack(); ++ + i =3D sw_read_packet(sw->gameport, buf, sw->length, 0); +=20 + if (sw->type =3D=3D SW_ID_3DP && sw->length =3D=3D 66 && i !=3D 66) { = /* Broken packet, try to fix */ diff -urNp linux-2.6.38.6/drivers/input/joystick/xpad.c linux-2.6.38.6/d= rivers/input/joystick/xpad.c --- linux-2.6.38.6/drivers/input/joystick/xpad.c 2011-03-14 21:20:32.000= 000000 -0400 +++ linux-2.6.38.6/drivers/input/joystick/xpad.c 2011-04-28 19:57:25.000= 000000 -0400 @@ -28580,6 +29063,128 @@ diff -urNp linux-2.6.38.6/drivers/isdn/hardware= /avm/b1.c linux-2.6.38.6/drivers/ return -EFAULT; } else { memcpy(buf, dp, left); +diff -urNp linux-2.6.38.6/drivers/isdn/hardware/eicon/capidtmf.c linux-2= .6.38.6/drivers/isdn/hardware/eicon/capidtmf.c +--- linux-2.6.38.6/drivers/isdn/hardware/eicon/capidtmf.c 2011-03-14 21:= 20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/hardware/eicon/capidtmf.c 2011-05-16 21:= 47:08.000000000 -0400 +@@ -498,6 +498,7 @@ void capidtmf_recv_block (t_capidtmf_sta + byte goertzel_result_buffer[CAPIDTMF_RECV_TOTAL_FREQUENCY_COUNT]; + short windowed_sample_buffer[CAPIDTMF_RECV_WINDOWED_SAMPLES]; +=20 ++ pax_track_stack(); +=20 + if (p_state->recv.state & CAPIDTMF_RECV_STATE_DTMF_ACTIVE) + { +diff -urNp linux-2.6.38.6/drivers/isdn/hardware/eicon/capifunc.c linux-2= .6.38.6/drivers/isdn/hardware/eicon/capifunc.c +--- linux-2.6.38.6/drivers/isdn/hardware/eicon/capifunc.c 2011-03-14 21:= 20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/hardware/eicon/capifunc.c 2011-05-16 21:= 47:08.000000000 -0400 +@@ -1055,6 +1055,8 @@ static int divacapi_connect_didd(void) + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; +=20 ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); +=20 + for (x =3D 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.38.6/drivers/isdn/hardware/eicon/diddfunc.c linux-2= .6.38.6/drivers/isdn/hardware/eicon/diddfunc.c +--- linux-2.6.38.6/drivers/isdn/hardware/eicon/diddfunc.c 2011-03-14 21:= 20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/hardware/eicon/diddfunc.c 2011-05-16 21:= 47:08.000000000 -0400 +@@ -54,6 +54,8 @@ static int DIVA_INIT_FUNCTION connect_di + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; +=20 ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); +=20 + for (x =3D 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.38.6/drivers/isdn/hardware/eicon/divasfunc.c linux-= 2.6.38.6/drivers/isdn/hardware/eicon/divasfunc.c +--- linux-2.6.38.6/drivers/isdn/hardware/eicon/divasfunc.c 2011-03-14 21= :20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/hardware/eicon/divasfunc.c 2011-05-16 21= :47:08.000000000 -0400 +@@ -161,6 +161,8 @@ static int DIVA_INIT_FUNCTION connect_di + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; +=20 ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); +=20 + for (x =3D 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.38.6/drivers/isdn/hardware/eicon/idifunc.c linux-2.= 6.38.6/drivers/isdn/hardware/eicon/idifunc.c +--- linux-2.6.38.6/drivers/isdn/hardware/eicon/idifunc.c 2011-03-14 21:2= 0:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/hardware/eicon/idifunc.c 2011-05-16 21:4= 7:08.000000000 -0400 +@@ -188,6 +188,8 @@ static int DIVA_INIT_FUNCTION connect_di + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; +=20 ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); +=20 + for (x =3D 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.38.6/drivers/isdn/hardware/eicon/message.c linux-2.= 6.38.6/drivers/isdn/hardware/eicon/message.c +--- linux-2.6.38.6/drivers/isdn/hardware/eicon/message.c 2011-03-14 21:2= 0:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/hardware/eicon/message.c 2011-05-16 21:4= 7:08.000000000 -0400 +@@ -4889,6 +4889,8 @@ static void sig_ind(PLCI *plci) + dword d; + word w; +=20 ++ pax_track_stack(); ++ + a =3D plci->adapter; + Id =3D ((word)plci->Id<<8)|a->Id; + PUT_WORD(&SS_Ind[4],0x0000); +@@ -7484,6 +7486,8 @@ static word add_b1(PLCI *plci, API_PARSE + word j, n, w; + dword d; +=20 ++ pax_track_stack(); ++ +=20 + for(i=3D0;i<8;i++) bp_parms[i].length =3D 0; + for(i=3D0;i<2;i++) global_config[i].length =3D 0; +@@ -7958,6 +7962,8 @@ static word add_b23(PLCI *plci, API_PARS + const byte llc3[] =3D {4,3,2,2,6,6,0}; + const byte header[] =3D {0,2,3,3,0,0,0}; +=20 ++ pax_track_stack(); ++ + for(i=3D0;i<8;i++) bp_parms[i].length =3D 0; + for(i=3D0;i<6;i++) b2_config_parms[i].length =3D 0; + for(i=3D0;i<5;i++) b3_config_parms[i].length =3D 0; +@@ -14760,6 +14766,8 @@ static void group_optimization(DIVA_CAPI + word appl_number_group_type[MAX_APPL]; + PLCI *auxplci; +=20 ++ pax_track_stack(); ++ + set_group_ind_mask (plci); /* all APPLs within this inc. call are all= owed to dial in */ +=20 + if(!a->group_optimization_enabled) +diff -urNp linux-2.6.38.6/drivers/isdn/hardware/eicon/mntfunc.c linux-2.= 6.38.6/drivers/isdn/hardware/eicon/mntfunc.c +--- linux-2.6.38.6/drivers/isdn/hardware/eicon/mntfunc.c 2011-03-14 21:2= 0:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/hardware/eicon/mntfunc.c 2011-05-16 21:4= 7:08.000000000 -0400 +@@ -79,6 +79,8 @@ static int DIVA_INIT_FUNCTION connect_di + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; +=20 ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); +=20 + for (x =3D 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.38.6/drivers/isdn/i4l/isdn_common.c linux-2.6.38.6/= drivers/isdn/i4l/isdn_common.c +--- linux-2.6.38.6/drivers/isdn/i4l/isdn_common.c 2011-03-14 21:20:32.00= 0000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/i4l/isdn_common.c 2011-05-16 21:47:08.00= 0000000 -0400 +@@ -1292,6 +1292,8 @@ isdn_ioctl(struct file *file, uint cmd,=20 + } iocpar; + void __user *argp =3D (void __user *)arg; +=20 ++ pax_track_stack(); ++ + #define name iocpar.name + #define bname iocpar.bname + #define iocts iocpar.iocts diff -urNp linux-2.6.38.6/drivers/isdn/icn/icn.c linux-2.6.38.6/drivers/= isdn/icn/icn.c --- linux-2.6.38.6/drivers/isdn/icn/icn.c 2011-03-14 21:20:32.000000000 = -0400 +++ linux-2.6.38.6/drivers/isdn/icn/icn.c 2011-04-28 19:34:15.000000000 = -0400 @@ -29145,7 +29750,7 @@ diff -urNp linux-2.6.38.6/drivers/md/raid1.c linu= x-2.6.38.6/drivers/md/raid1.c "(%d sectors at %llu on %s)\n", diff -urNp linux-2.6.38.6/drivers/md/raid5.c linux-2.6.38.6/drivers/md/r= aid5.c --- linux-2.6.38.6/drivers/md/raid5.c 2011-03-14 21:20:32.000000000 -040= 0 -+++ linux-2.6.38.6/drivers/md/raid5.c 2011-04-28 19:57:25.000000000 -040= 0 ++++ linux-2.6.38.6/drivers/md/raid5.c 2011-05-16 21:47:08.000000000 -040= 0 @@ -555,7 +555,7 @@ static void ops_run_io(struct stripe_hea bi->bi_next =3D NULL; if (rw =3D=3D WRITE && @@ -29183,6 +29788,47 @@ diff -urNp linux-2.6.38.6/drivers/md/raid5.c lin= ux-2.6.38.6/drivers/md/raid5.c > conf->max_nr_stripes) printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", +@@ -1953,6 +1953,7 @@ static sector_t compute_blocknr(struct s + sector_t r_sector; + struct stripe_head sh2; +=20 ++ pax_track_stack(); +=20 + chunk_offset =3D sector_div(new_sector, sectors_per_chunk); + stripe =3D new_sector; +diff -urNp linux-2.6.38.6/drivers/media/common/saa7146_hlp.c linux-2.6.3= 8.6/drivers/media/common/saa7146_hlp.c +--- linux-2.6.38.6/drivers/media/common/saa7146_hlp.c 2011-03-14 21:20:3= 2.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/common/saa7146_hlp.c 2011-05-16 21:47:0= 8.000000000 -0400 +@@ -353,6 +353,8 @@ static void calculate_clipping_registers +=20 + int x[32], y[32], w[32], h[32]; +=20 ++ pax_track_stack(); ++ + /* clear out memory */ + memset(&line_list[0], 0x00, sizeof(u32)*32); + memset(&pixel_list[0], 0x00, sizeof(u32)*32); +diff -urNp linux-2.6.38.6/drivers/media/dvb/dvb-core/dvb_ca_en50221.c li= nux-2.6.38.6/drivers/media/dvb/dvb-core/dvb_ca_en50221.c +--- linux-2.6.38.6/drivers/media/dvb/dvb-core/dvb_ca_en50221.c 2011-03-1= 4 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/dvb/dvb-core/dvb_ca_en50221.c 2011-05-1= 6 21:47:08.000000000 -0400 +@@ -590,6 +590,8 @@ static int dvb_ca_en50221_read_data(stru + u8 buf[HOST_LINK_BUF_SIZE]; + int i; +=20 ++ pax_track_stack(); ++ + dprintk("%s\n", __func__); +=20 + /* check if we have space for a link buf in the rx_buffer */ +@@ -1285,6 +1287,8 @@ static ssize_t dvb_ca_en50221_io_write(s + unsigned long timeout; + int written; +=20 ++ pax_track_stack(); ++ + dprintk("%s\n", __func__); +=20 + /* Incoming packet has a 2 byte header. hdr[0] =3D slot_id, hdr[1] =3D= connection_id */ diff -urNp linux-2.6.38.6/drivers/media/dvb/dvb-core/dvbdev.c linux-2.6.= 38.6/drivers/media/dvb/dvb-core/dvbdev.c --- linux-2.6.38.6/drivers/media/dvb/dvb-core/dvbdev.c 2011-03-14 21:20:= 32.000000000 -0400 +++ linux-2.6.38.6/drivers/media/dvb/dvb-core/dvbdev.c 2011-04-28 19:34:= 15.000000000 -0400 @@ -29195,6 +29841,62 @@ diff -urNp linux-2.6.38.6/drivers/media/dvb/dvb-= core/dvbdev.c linux-2.6.38.6/dri struct device *clsdev; int minor; int id; +diff -urNp linux-2.6.38.6/drivers/media/dvb/dvb-usb/dib0700_core.c linux= -2.6.38.6/drivers/media/dvb/dvb-usb/dib0700_core.c +--- linux-2.6.38.6/drivers/media/dvb/dvb-usb/dib0700_core.c 2011-03-14 2= 1:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/dvb/dvb-usb/dib0700_core.c 2011-05-16 2= 1:47:08.000000000 -0400 +@@ -366,6 +366,8 @@ int dib0700_download_firmware(struct usb +=20 + u8 buf[260]; +=20 ++ pax_track_stack(); ++ + while ((ret =3D dvb_usb_get_hexline(fw, &hx, &pos)) > 0) { + deb_fwdata("writing to address 0x%08x (buffer: 0x%02x %02x)\n", + hx.addr, hx.len, hx.chk); +diff -urNp linux-2.6.38.6/drivers/media/dvb/dvb-usb/lmedm04.c linux-2.6.= 38.6/drivers/media/dvb/dvb-usb/lmedm04.c +--- linux-2.6.38.6/drivers/media/dvb/dvb-usb/lmedm04.c 2011-03-14 21:20:= 32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/dvb/dvb-usb/lmedm04.c 2011-05-16 21:47:= 08.000000000 -0400 +@@ -611,6 +611,7 @@ static int lme2510_download_firmware(str + packet_size =3D 0x31; + len_in =3D 1; +=20 ++ pax_track_stack(); +=20 + info("FRM Starting Firmware Download"); +=20 +@@ -666,6 +667,8 @@ static void lme_coldreset(struct usb_dev + int ret =3D 0, len_in; + u8 data[512] =3D {0}; +=20 ++ pax_track_stack(); ++ + data[0] =3D 0x0a; + len_in =3D 1; + info("FRM Firmware Cold Reset"); +diff -urNp linux-2.6.38.6/drivers/media/dvb/frontends/mb86a16.c linux-2.= 6.38.6/drivers/media/dvb/frontends/mb86a16.c +--- linux-2.6.38.6/drivers/media/dvb/frontends/mb86a16.c 2011-03-14 21:2= 0:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/dvb/frontends/mb86a16.c 2011-05-16 21:4= 7:08.000000000 -0400 +@@ -1060,6 +1060,8 @@ static int mb86a16_set_fe(struct mb86a16 + int ret =3D -1; + int sync; +=20 ++ pax_track_stack(); ++ + dprintk(verbose, MB86A16_INFO, 1, "freq=3D%d Mhz, symbrt=3D%d Ksps", s= tate->frequency, state->srate); +=20 + fcp =3D 3000; +diff -urNp linux-2.6.38.6/drivers/media/dvb/frontends/or51211.c linux-2.= 6.38.6/drivers/media/dvb/frontends/or51211.c +--- linux-2.6.38.6/drivers/media/dvb/frontends/or51211.c 2011-03-14 21:2= 0:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/dvb/frontends/or51211.c 2011-05-16 21:4= 7:08.000000000 -0400 +@@ -113,6 +113,8 @@ static int or51211_load_firmware (struct + u8 tudata[585]; + int i; +=20 ++ pax_track_stack(); ++ + dprintk("Firmware is %zd bytes\n",fw->size); +=20 + /* Get eprom data */ diff -urNp linux-2.6.38.6/drivers/media/radio/radio-cadet.c linux-2.6.38= .6/drivers/media/radio/radio-cadet.c --- linux-2.6.38.6/drivers/media/radio/radio-cadet.c 2011-03-14 21:20:32= .000000000 -0400 +++ linux-2.6.38.6/drivers/media/radio/radio-cadet.c 2011-04-28 19:34:15= .000000000 -0400 @@ -29254,7 +29956,7 @@ diff -urNp linux-2.6.38.6/drivers/media/rc/rc-mai= n.c linux-2.6.38.6/drivers/medi rc =3D device_add(&dev->dev); diff -urNp linux-2.6.38.6/drivers/media/video/cx18/cx18-driver.c linux-2= .6.38.6/drivers/media/video/cx18/cx18-driver.c --- linux-2.6.38.6/drivers/media/video/cx18/cx18-driver.c 2011-03-14 21:= 20:32.000000000 -0400 -+++ linux-2.6.38.6/drivers/media/video/cx18/cx18-driver.c 2011-04-28 19:= 57:25.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/video/cx18/cx18-driver.c 2011-05-16 21:= 47:08.000000000 -0400 @@ -60,7 +60,7 @@ static struct pci_device_id cx18_pci_tbl =20 MODULE_DEVICE_TABLE(pci, cx18_pci_tbl); @@ -29264,7 +29966,16 @@ diff -urNp linux-2.6.38.6/drivers/media/video/cx= 18/cx18-driver.c linux-2.6.38.6/ =20 /* Parameter declarations */ static int cardtype[CX18_MAX_CARDS]; -@@ -884,7 +884,7 @@ static int __devinit cx18_probe(struct p +@@ -326,6 +326,8 @@ void cx18_read_eeprom(struct cx18 *cx, s + struct i2c_client c; + u8 eedata[256]; +=20 ++ pax_track_stack(); ++ + memset(&c, 0, sizeof(c)); + strlcpy(c.name, "cx18 tveeprom tmp", sizeof(c.name)); + c.adapter =3D &cx->i2c_adap[0]; +@@ -884,7 +886,7 @@ static int __devinit cx18_probe(struct p struct cx18 *cx; =20 /* FIXME - module parameter arrays constrain max instances */ @@ -29273,6 +29984,18 @@ diff -urNp linux-2.6.38.6/drivers/media/video/cx= 18/cx18-driver.c linux-2.6.38.6/ if (i >=3D CX18_MAX_CARDS) { printk(KERN_ERR "cx18: cannot manage card %d, driver has a " "limit of 0 - %d\n", i, CX18_MAX_CARDS - 1); +diff -urNp linux-2.6.38.6/drivers/media/video/cx23885/cx23885-input.c li= nux-2.6.38.6/drivers/media/video/cx23885/cx23885-input.c +--- linux-2.6.38.6/drivers/media/video/cx23885/cx23885-input.c 2011-03-1= 4 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/video/cx23885/cx23885-input.c 2011-05-1= 6 21:47:08.000000000 -0400 +@@ -53,6 +53,8 @@ static void cx23885_input_process_measur + bool handle =3D false; + struct ir_raw_event ir_core_event[64]; +=20 ++ pax_track_stack(); ++ + do { + num =3D 0; + v4l2_subdev_call(dev->sd_ir, ir, rx_read, (u8 *) ir_core_event, diff -urNp linux-2.6.38.6/drivers/media/video/ivtv/ivtv-driver.c linux-2= .6.38.6/drivers/media/video/ivtv/ivtv-driver.c --- linux-2.6.38.6/drivers/media/video/ivtv/ivtv-driver.c 2011-03-14 21:= 20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/media/video/ivtv/ivtv-driver.c 2011-04-28 19:= 57:25.000000000 -0400 @@ -29309,6 +30032,63 @@ diff -urNp linux-2.6.38.6/drivers/media/video/om= ap24xxcam.h linux-2.6.38.6/drive /* accessing cam here doesn't need serialisation: it's constant */ struct omap24xxcam_device *cam; }; +diff -urNp linux-2.6.38.6/drivers/media/video/pvrusb2/pvrusb2-eeprom.c l= inux-2.6.38.6/drivers/media/video/pvrusb2/pvrusb2-eeprom.c +--- linux-2.6.38.6/drivers/media/video/pvrusb2/pvrusb2-eeprom.c 2011-03-= 14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/video/pvrusb2/pvrusb2-eeprom.c 2011-05-= 16 21:47:08.000000000 -0400 +@@ -120,6 +120,8 @@ int pvr2_eeprom_analyze(struct pvr2_hdw=20 + u8 *eeprom; + struct tveeprom tvdata; +=20 ++ pax_track_stack(); ++ + memset(&tvdata,0,sizeof(tvdata)); +=20 + eeprom =3D pvr2_eeprom_fetch(hdw); +diff -urNp linux-2.6.38.6/drivers/media/video/saa7134/saa6752hs.c linux-= 2.6.38.6/drivers/media/video/saa7134/saa6752hs.c +--- linux-2.6.38.6/drivers/media/video/saa7134/saa6752hs.c 2011-03-14 21= :20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/video/saa7134/saa6752hs.c 2011-05-16 21= :47:08.000000000 -0400 +@@ -682,6 +682,8 @@ static int saa6752hs_init(struct v4l2_su + unsigned char localPAT[256]; + unsigned char localPMT[256]; +=20 ++ pax_track_stack(); ++ + /* Set video format - must be done first as it resets other settings *= / + set_reg8(client, 0x41, h->video_format); +=20 +diff -urNp linux-2.6.38.6/drivers/media/video/saa7164/saa7164-cmd.c linu= x-2.6.38.6/drivers/media/video/saa7164/saa7164-cmd.c +--- linux-2.6.38.6/drivers/media/video/saa7164/saa7164-cmd.c 2011-03-14 = 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/video/saa7164/saa7164-cmd.c 2011-05-16 = 21:47:08.000000000 -0400 +@@ -88,6 +88,8 @@ int saa7164_irq_dequeue(struct saa7164_d + u8 tmp[512]; + dprintk(DBGLVL_CMD, "%s()\n", __func__); +=20 ++ pax_track_stack(); ++ + /* While any outstand message on the bus exists... */ + do { +=20 +@@ -141,6 +143,8 @@ int saa7164_cmd_dequeue(struct saa7164_d + u8 tmp[512]; + dprintk(DBGLVL_CMD, "%s()\n", __func__); +=20 ++ pax_track_stack(); ++ + while (loop) { +=20 + struct tmComResInfo tRsp =3D { 0, 0, 0, 0, 0, 0 }; +diff -urNp linux-2.6.38.6/drivers/media/video/usbvision/usbvision-core.c= linux-2.6.38.6/drivers/media/video/usbvision/usbvision-core.c +--- linux-2.6.38.6/drivers/media/video/usbvision/usbvision-core.c 2011-0= 3-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/video/usbvision/usbvision-core.c 2011-0= 5-16 21:47:08.000000000 -0400 +@@ -799,6 +799,8 @@ static enum parse_state usbvision_parse_ + unsigned char rv, gv, bv; + static unsigned char *Y, *U, *V; +=20 ++ pax_track_stack(); ++ + frame =3D usbvision->cur_frame; + image_size =3D frame->frmwidth * frame->frmheight; + if ((frame->v4l2_format.format =3D=3D V4L2_PIX_FMT_YUV422P) || diff -urNp linux-2.6.38.6/drivers/media/video/v4l2-device.c linux-2.6.38= .6/drivers/media/video/v4l2-device.c --- linux-2.6.38.6/drivers/media/video/v4l2-device.c 2011-03-14 21:20:32= .000000000 -0400 +++ linux-2.6.38.6/drivers/media/video/v4l2-device.c 2011-04-28 19:57:25= .000000000 -0400 @@ -29324,6 +30104,18 @@ diff -urNp linux-2.6.38.6/drivers/media/video/v4= l2-device.c linux-2.6.38.6/drive int len =3D strlen(basename); =20 if (basename[len - 1] >=3D '0' && basename[len - 1] <=3D '9') +diff -urNp linux-2.6.38.6/drivers/media/video/videobuf-dma-sg.c linux-2.= 6.38.6/drivers/media/video/videobuf-dma-sg.c +--- linux-2.6.38.6/drivers/media/video/videobuf-dma-sg.c 2011-03-14 21:2= 0:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/video/videobuf-dma-sg.c 2011-05-16 21:4= 7:08.000000000 -0400 +@@ -606,6 +606,8 @@ void *videobuf_sg_alloc(size_t size) + { + struct videobuf_queue q; +=20 ++ pax_track_stack(); ++ + /* Required to make generic handler to call __videobuf_alloc */ + q.int_ops =3D &sg_ops; +=20 diff -urNp linux-2.6.38.6/drivers/message/fusion/mptbase.c linux-2.6.38.= 6/drivers/message/fusion/mptbase.c --- linux-2.6.38.6/drivers/message/fusion/mptbase.c 2011-03-14 21:20:32.= 000000000 -0400 +++ linux-2.6.38.6/drivers/message/fusion/mptbase.c 2011-04-28 19:34:15.= 000000000 -0400 @@ -29420,6 +30212,18 @@ diff -urNp linux-2.6.38.6/drivers/message/fusion= /mptscsih.c linux-2.6.38.6/drive =20 return h->info_kbuf; } +diff -urNp linux-2.6.38.6/drivers/message/i2o/i2o_config.c linux-2.6.38.= 6/drivers/message/i2o/i2o_config.c +--- linux-2.6.38.6/drivers/message/i2o/i2o_config.c 2011-03-14 21:20:32.= 000000000 -0400 ++++ linux-2.6.38.6/drivers/message/i2o/i2o_config.c 2011-05-16 21:47:08.= 000000000 -0400 +@@ -781,6 +781,8 @@ static int i2o_cfg_passthru(unsigned lon + struct i2o_message *msg; + unsigned int iop; +=20 ++ pax_track_stack(); ++ + if (get_user(iop, &cmd->iop) || get_user(user_msg, &cmd->msg)) + return -EFAULT; +=20 diff -urNp linux-2.6.38.6/drivers/message/i2o/i2o_proc.c linux-2.6.38.6/= drivers/message/i2o/i2o_proc.c --- linux-2.6.38.6/drivers/message/i2o/i2o_proc.c 2011-03-14 21:20:32.00= 0000000 -0400 +++ linux-2.6.38.6/drivers/message/i2o/i2o_proc.c 2011-04-28 19:34:15.00= 0000000 -0400 @@ -29546,6 +30350,18 @@ diff -urNp linux-2.6.38.6/drivers/mfd/janz-cmodi= o.c linux-2.6.38.6/drivers/mfd/j #include #include #include +diff -urNp linux-2.6.38.6/drivers/mfd/wm8350-i2c.c linux-2.6.38.6/driver= s/mfd/wm8350-i2c.c +--- linux-2.6.38.6/drivers/mfd/wm8350-i2c.c 2011-03-14 21:20:32.00000000= 0 -0400 ++++ linux-2.6.38.6/drivers/mfd/wm8350-i2c.c 2011-05-16 21:47:08.00000000= 0 -0400 +@@ -44,6 +44,8 @@ static int wm8350_i2c_write_device(struc + u8 msg[(WM8350_MAX_REGISTER << 1) + 1]; + int ret; +=20 ++ pax_track_stack(); ++ + if (bytes > ((WM8350_MAX_REGISTER << 1) + 1)) + return -EINVAL; +=20 diff -urNp linux-2.6.38.6/drivers/misc/kgdbts.c linux-2.6.38.6/drivers/m= isc/kgdbts.c --- linux-2.6.38.6/drivers/misc/kgdbts.c 2011-03-14 21:20:32.000000000 -= 0400 +++ linux-2.6.38.6/drivers/misc/kgdbts.c 2011-04-28 19:34:15.000000000 -= 0400 @@ -29789,6 +30605,84 @@ diff -urNp linux-2.6.38.6/drivers/misc/sgi-gru/g= rutables.h linux-2.6.38.6/driver } while (0) =20 #ifdef CONFIG_SGI_GRU_DEBUG +diff -urNp linux-2.6.38.6/drivers/mtd/chips/cfi_cmdset_0001.c linux-2.6.= 38.6/drivers/mtd/chips/cfi_cmdset_0001.c +--- linux-2.6.38.6/drivers/mtd/chips/cfi_cmdset_0001.c 2011-03-14 21:20:= 32.000000000 -0400 ++++ linux-2.6.38.6/drivers/mtd/chips/cfi_cmdset_0001.c 2011-05-16 21:47:= 08.000000000 -0400 +@@ -757,6 +757,8 @@ static int chip_ready (struct map_info * + struct cfi_pri_intelext *cfip =3D cfi->cmdset_priv; + unsigned long timeo =3D jiffies + HZ; +=20 ++ pax_track_stack(); ++ + /* Prevent setting state FL_SYNCING for chip in suspended state. */ + if (mode =3D=3D FL_SYNCING && chip->oldstate !=3D FL_READY) + goto sleep; +@@ -1657,6 +1659,8 @@ static int __xipram do_write_buffer(stru + unsigned long initial_adr; + int initial_len =3D len; +=20 ++ pax_track_stack(); ++ + wbufsize =3D cfi_interleave(cfi) << cfi->cfiq->MaxBufWriteSize; + adr +=3D chip->start; + initial_adr =3D adr; +@@ -1875,6 +1879,8 @@ static int __xipram do_erase_oneblock(st + int retries =3D 3; + int ret; +=20 ++ pax_track_stack(); ++ + adr +=3D chip->start; +=20 + retry: +diff -urNp linux-2.6.38.6/drivers/mtd/chips/cfi_cmdset_0020.c linux-2.6.= 38.6/drivers/mtd/chips/cfi_cmdset_0020.c +--- linux-2.6.38.6/drivers/mtd/chips/cfi_cmdset_0020.c 2011-03-14 21:20:= 32.000000000 -0400 ++++ linux-2.6.38.6/drivers/mtd/chips/cfi_cmdset_0020.c 2011-05-16 21:47:= 08.000000000 -0400 +@@ -255,6 +255,8 @@ static inline int do_read_onechip(struct + unsigned long cmd_addr; + struct cfi_private *cfi =3D map->fldrv_priv; +=20 ++ pax_track_stack(); ++ + adr +=3D chip->start; +=20 + /* Ensure cmd read/writes are aligned. */ +@@ -428,6 +430,8 @@ static inline int do_write_buffer(struct + DECLARE_WAITQUEUE(wait, current); + int wbufsize, z; +=20 ++ pax_track_stack(); ++ + /* M58LW064A requires bus alignment for buffer wriets -- saw */ + if (adr & (map_bankwidth(map)-1)) + return -EINVAL; +@@ -742,6 +746,8 @@ static inline int do_erase_oneblock(stru + DECLARE_WAITQUEUE(wait, current); + int ret =3D 0; +=20 ++ pax_track_stack(); ++ + adr +=3D chip->start; +=20 + /* Let's determine this according to the interleave only once */ +@@ -1047,6 +1053,8 @@ static inline int do_lock_oneblock(struc + unsigned long timeo =3D jiffies + HZ; + DECLARE_WAITQUEUE(wait, current); +=20 ++ pax_track_stack(); ++ + adr +=3D chip->start; +=20 + /* Let's determine this according to the interleave only once */ +@@ -1196,6 +1204,8 @@ static inline int do_unlock_oneblock(str + unsigned long timeo =3D jiffies + HZ; + DECLARE_WAITQUEUE(wait, current); +=20 ++ pax_track_stack(); ++ + adr +=3D chip->start; +=20 + /* Let's determine this according to the interleave only once */ diff -urNp linux-2.6.38.6/drivers/mtd/devices/doc2000.c linux-2.6.38.6/d= rivers/mtd/devices/doc2000.c --- linux-2.6.38.6/drivers/mtd/devices/doc2000.c 2011-03-14 21:20:32.000= 000000 -0400 +++ linux-2.6.38.6/drivers/mtd/devices/doc2000.c 2011-04-28 19:34:15.000= 000000 -0400 @@ -29813,6 +30707,66 @@ diff -urNp linux-2.6.38.6/drivers/mtd/devices/do= c2001.c linux-2.6.38.6/drivers/m return -EINVAL; =20 /* Don't allow a single read to cross a 512-byte block boundary */ +diff -urNp linux-2.6.38.6/drivers/mtd/ftl.c linux-2.6.38.6/drivers/mtd/f= tl.c +--- linux-2.6.38.6/drivers/mtd/ftl.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/mtd/ftl.c 2011-05-16 21:47:08.000000000 -0400 +@@ -474,6 +474,8 @@ static int copy_erase_unit(partition_t * + loff_t offset; + uint16_t srcunitswap =3D cpu_to_le16(srcunit); +=20 ++ pax_track_stack(); ++ + eun =3D &part->EUNInfo[srcunit]; + xfer =3D &part->XferInfo[xferunit]; + DEBUG(2, "ftl_cs: copying block 0x%x to 0x%x\n", +diff -urNp linux-2.6.38.6/drivers/mtd/inftlcore.c linux-2.6.38.6/drivers= /mtd/inftlcore.c +--- linux-2.6.38.6/drivers/mtd/inftlcore.c 2011-03-14 21:20:32.000000000= -0400 ++++ linux-2.6.38.6/drivers/mtd/inftlcore.c 2011-05-16 21:47:08.000000000= -0400 +@@ -259,6 +259,8 @@ static u16 INFTL_foldchain(struct INFTLr + struct inftl_oob oob; + size_t retlen; +=20 ++ pax_track_stack(); ++ + DEBUG(MTD_DEBUG_LEVEL3, "INFTL: INFTL_foldchain(inftl=3D%p,thisVUC=3D%= d," + "pending=3D%d)\n", inftl, thisVUC, pendingblock); +=20 +diff -urNp linux-2.6.38.6/drivers/mtd/inftlmount.c linux-2.6.38.6/driver= s/mtd/inftlmount.c +--- linux-2.6.38.6/drivers/mtd/inftlmount.c 2011-03-14 21:20:32.00000000= 0 -0400 ++++ linux-2.6.38.6/drivers/mtd/inftlmount.c 2011-05-16 21:47:08.00000000= 0 -0400 +@@ -53,6 +53,8 @@ static int find_boot_record(struct INFTL + struct INFTLPartition *ip; + size_t retlen; +=20 ++ pax_track_stack(); ++ + DEBUG(MTD_DEBUG_LEVEL3, "INFTL: find_boot_record(inftl=3D%p)\n", inftl= ); +=20 + /* +diff -urNp linux-2.6.38.6/drivers/mtd/lpddr/qinfo_probe.c linux-2.6.38.6= /drivers/mtd/lpddr/qinfo_probe.c +--- linux-2.6.38.6/drivers/mtd/lpddr/qinfo_probe.c 2011-03-14 21:20:32.0= 00000000 -0400 ++++ linux-2.6.38.6/drivers/mtd/lpddr/qinfo_probe.c 2011-05-16 21:47:08.0= 00000000 -0400 +@@ -106,6 +106,8 @@ static int lpddr_pfow_present(struct map + { + map_word pfow_val[4]; +=20 ++ pax_track_stack(); ++ + /* Check identification string */ + pfow_val[0] =3D map_read(map, map->pfow_base + PFOW_QUERY_STRING_P); + pfow_val[1] =3D map_read(map, map->pfow_base + PFOW_QUERY_STRING_F); +diff -urNp linux-2.6.38.6/drivers/mtd/mtdchar.c linux-2.6.38.6/drivers/m= td/mtdchar.c +--- linux-2.6.38.6/drivers/mtd/mtdchar.c 2011-03-14 21:20:32.000000000 -= 0400 ++++ linux-2.6.38.6/drivers/mtd/mtdchar.c 2011-05-16 21:47:08.000000000 -= 0400 +@@ -560,6 +560,8 @@ static int mtd_ioctl(struct file *file,=20 + u_long size; + struct mtd_info_user info; +=20 ++ pax_track_stack(); ++ + DEBUG(MTD_DEBUG_LEVEL0, "MTD_ioctl\n"); +=20 + size =3D (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT; diff -urNp linux-2.6.38.6/drivers/mtd/nand/denali.c linux-2.6.38.6/drive= rs/mtd/nand/denali.c --- linux-2.6.38.6/drivers/mtd/nand/denali.c 2011-03-14 21:20:32.0000000= 00 -0400 +++ linux-2.6.38.6/drivers/mtd/nand/denali.c 2011-04-28 19:34:15.0000000= 00 -0400 @@ -29824,6 +30778,38 @@ diff -urNp linux-2.6.38.6/drivers/mtd/nand/denal= i.c linux-2.6.38.6/drivers/mtd/n =20 #include "denali.h" =20 +diff -urNp linux-2.6.38.6/drivers/mtd/nftlcore.c linux-2.6.38.6/drivers/= mtd/nftlcore.c +--- linux-2.6.38.6/drivers/mtd/nftlcore.c 2011-03-14 21:20:32.000000000 = -0400 ++++ linux-2.6.38.6/drivers/mtd/nftlcore.c 2011-05-16 21:47:08.000000000 = -0400 +@@ -264,6 +264,8 @@ static u16 NFTL_foldchain (struct NFTLre + int inplace =3D 1; + size_t retlen; +=20 ++ pax_track_stack(); ++ + memset(BlockMap, 0xff, sizeof(BlockMap)); + memset(BlockFreeFound, 0, sizeof(BlockFreeFound)); +=20 +diff -urNp linux-2.6.38.6/drivers/mtd/nftlmount.c linux-2.6.38.6/drivers= /mtd/nftlmount.c +--- linux-2.6.38.6/drivers/mtd/nftlmount.c 2011-03-14 21:20:32.000000000= -0400 ++++ linux-2.6.38.6/drivers/mtd/nftlmount.c 2011-05-18 20:23:44.000000000= -0400 +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -45,6 +46,8 @@ static int find_boot_record(struct NFTLr + struct mtd_info *mtd =3D nftl->mbd.mtd; + unsigned int i; +=20 ++ pax_track_stack(); ++ + /* Assume logical EraseSize =3D=3D physical erasesize for start= ing the scan. + We'll sort it out later if we find a MediaHeader which says otherwi= se */ + /* Actually, we won't. The new DiskOnChip driver has already scanned diff -urNp linux-2.6.38.6/drivers/mtd/ubi/build.c linux-2.6.38.6/drivers= /mtd/ubi/build.c --- linux-2.6.38.6/drivers/mtd/ubi/build.c 2011-03-14 21:20:32.000000000= -0400 +++ linux-2.6.38.6/drivers/mtd/ubi/build.c 2011-04-28 19:34:15.000000000= -0400 @@ -29866,6 +30852,54 @@ diff -urNp linux-2.6.38.6/drivers/mtd/ubi/build.= c linux-2.6.38.6/drivers/mtd/ubi } =20 /** +diff -urNp linux-2.6.38.6/drivers/net/bnx2.c linux-2.6.38.6/drivers/net/= bnx2.c +--- linux-2.6.38.6/drivers/net/bnx2.c 2011-03-14 21:20:32.000000000 -040= 0 ++++ linux-2.6.38.6/drivers/net/bnx2.c 2011-05-16 21:47:08.000000000 -040= 0 +@@ -5826,6 +5826,8 @@ bnx2_test_nvram(struct bnx2 *bp) + int rc =3D 0; + u32 magic, csum; +=20 ++ pax_track_stack(); ++ + if ((rc =3D bnx2_nvram_read(bp, 0, data, 4)) !=3D 0) + goto test_nvram_done; +=20 +diff -urNp linux-2.6.38.6/drivers/net/bnx2x/bnx2x_ethtool.c linux-2.6.38= .6/drivers/net/bnx2x/bnx2x_ethtool.c +--- linux-2.6.38.6/drivers/net/bnx2x/bnx2x_ethtool.c 2011-03-14 21:20:32= .000000000 -0400 ++++ linux-2.6.38.6/drivers/net/bnx2x/bnx2x_ethtool.c 2011-05-16 21:47:08= .000000000 -0400 +@@ -1788,6 +1788,8 @@ static int bnx2x_test_nvram(struct bnx2x + int i, rc; + u32 magic, crc; +=20 ++ pax_track_stack(); ++ + if (BP_NOMCP(bp)) + return 0; +=20 +diff -urNp linux-2.6.38.6/drivers/net/cxgb4/cxgb4_main.c linux-2.6.38.6/= drivers/net/cxgb4/cxgb4_main.c +--- linux-2.6.38.6/drivers/net/cxgb4/cxgb4_main.c 2011-03-14 21:20:32.00= 0000000 -0400 ++++ linux-2.6.38.6/drivers/net/cxgb4/cxgb4_main.c 2011-05-16 21:47:08.00= 0000000 -0400 +@@ -3429,6 +3429,8 @@ static int __devinit enable_msix(struct=20 + unsigned int nchan =3D adap->params.nports; + struct msix_entry entries[MAX_INGQ + 1]; +=20 ++ pax_track_stack(); ++ + for (i =3D 0; i < ARRAY_SIZE(entries); ++i) + entries[i].entry =3D i; +=20 +diff -urNp linux-2.6.38.6/drivers/net/cxgb4/t4_hw.c linux-2.6.38.6/drive= rs/net/cxgb4/t4_hw.c +--- linux-2.6.38.6/drivers/net/cxgb4/t4_hw.c 2011-03-14 21:20:32.0000000= 00 -0400 ++++ linux-2.6.38.6/drivers/net/cxgb4/t4_hw.c 2011-05-16 21:47:08.0000000= 00 -0400 +@@ -362,6 +362,8 @@ static int get_vpd_params(struct adapter + u8 vpd[VPD_LEN], csum; + unsigned int vpdr_len, kw_offset, id_len; +=20 ++ pax_track_stack(); ++ + ret =3D pci_read_vpd(adapter->pdev, VPD_BASE, sizeof(vpd), vpd); + if (ret < 0) + return ret; diff -urNp linux-2.6.38.6/drivers/net/e1000e/82571.c linux-2.6.38.6/driv= ers/net/e1000e/82571.c --- linux-2.6.38.6/drivers/net/e1000e/82571.c 2011-03-14 21:20:32.000000= 000 -0400 +++ linux-2.6.38.6/drivers/net/e1000e/82571.c 2011-04-28 19:34:15.000000= 000 -0400 @@ -30052,6 +31086,18 @@ diff -urNp linux-2.6.38.6/drivers/net/e1000e/ich= 8lan.c linux-2.6.38.6/drivers/ne .acquire =3D e1000_acquire_nvm_ich8lan, .read =3D e1000_read_nvm_ich8lan, .release =3D e1000_release_nvm_ich8lan, +diff -urNp linux-2.6.38.6/drivers/net/hamradio/6pack.c linux-2.6.38.6/dr= ivers/net/hamradio/6pack.c +--- linux-2.6.38.6/drivers/net/hamradio/6pack.c 2011-03-14 21:20:32.0000= 00000 -0400 ++++ linux-2.6.38.6/drivers/net/hamradio/6pack.c 2011-05-16 21:47:08.0000= 00000 -0400 +@@ -463,6 +463,8 @@ static void sixpack_receive_buf(struct t + unsigned char buf[512]; + int count1; +=20 ++ pax_track_stack(); ++ + if (!count) + return; +=20 diff -urNp linux-2.6.38.6/drivers/net/igb/e1000_82575.c linux-2.6.38.6/d= rivers/net/igb/e1000_82575.c --- linux-2.6.38.6/drivers/net/igb/e1000_82575.c 2011-03-14 21:20:32.000= 000000 -0400 +++ linux-2.6.38.6/drivers/net/igb/e1000_82575.c 2011-04-28 19:34:15.000= 000000 -0400 @@ -30141,6 +31187,75 @@ diff -urNp linux-2.6.38.6/drivers/net/igbvf/vf.h= linux-2.6.38.6/drivers/net/igbv struct e1000_mac_operations ops; u8 addr[6]; u8 perm_addr[6]; +diff -urNp linux-2.6.38.6/drivers/net/ixgb/ixgb_main.c linux-2.6.38.6/dr= ivers/net/ixgb/ixgb_main.c +--- linux-2.6.38.6/drivers/net/ixgb/ixgb_main.c 2011-03-14 21:20:32.0000= 00000 -0400 ++++ linux-2.6.38.6/drivers/net/ixgb/ixgb_main.c 2011-05-16 21:47:08.0000= 00000 -0400 +@@ -1072,6 +1072,8 @@ ixgb_set_multi(struct net_device *netdev + u32 rctl; + int i; +=20 ++ pax_track_stack(); ++ + /* Check for Promiscuous and All Multicast modes */ +=20 + rctl =3D IXGB_READ_REG(hw, RCTL); +diff -urNp linux-2.6.38.6/drivers/net/ixgb/ixgb_param.c linux-2.6.38.6/d= rivers/net/ixgb/ixgb_param.c +--- linux-2.6.38.6/drivers/net/ixgb/ixgb_param.c 2011-03-14 21:20:32.000= 000000 -0400 ++++ linux-2.6.38.6/drivers/net/ixgb/ixgb_param.c 2011-05-16 21:47:08.000= 000000 -0400 +@@ -261,6 +261,9 @@ void __devinit + ixgb_check_options(struct ixgb_adapter *adapter) + { + int bd =3D adapter->bd_number; ++ ++ pax_track_stack(); ++ + if (bd >=3D IXGB_MAX_NIC) { + pr_notice("Warning: no configuration for board #%i\n", bd); + pr_notice("Using defaults for all values\n"); +diff -urNp linux-2.6.38.6/drivers/net/ksz884x.c linux-2.6.38.6/drivers/n= et/ksz884x.c +--- linux-2.6.38.6/drivers/net/ksz884x.c 2011-03-14 21:20:32.000000000 -= 0400 ++++ linux-2.6.38.6/drivers/net/ksz884x.c 2011-05-16 21:47:08.000000000 -= 0400 +@@ -6536,6 +6536,8 @@ static void netdev_get_ethtool_stats(str + int rc; + u64 counter[TOTAL_PORT_COUNTER_NUM]; +=20 ++ pax_track_stack(); ++ + mutex_lock(&hw_priv->lock); + n =3D SWITCH_PORT_NUM; + for (i =3D 0, p =3D port->first_port; i < port->mib_port_cnt; i++, p++= ) { +diff -urNp linux-2.6.38.6/drivers/net/mlx4/main.c linux-2.6.38.6/drivers= /net/mlx4/main.c +--- linux-2.6.38.6/drivers/net/mlx4/main.c 2011-03-14 21:20:32.000000000= -0400 ++++ linux-2.6.38.6/drivers/net/mlx4/main.c 2011-05-18 20:23:44.000000000= -0400 +@@ -39,6 +39,7 @@ + #include + #include + #include ++#include +=20 + #include + #include +@@ -737,6 +738,8 @@ static int mlx4_init_hca(struct mlx4_dev + u64 icm_size; + int err; +=20 ++ pax_track_stack(); ++ + err =3D mlx4_QUERY_FW(dev); + if (err) { + if (err =3D=3D -EACCES) +diff -urNp linux-2.6.38.6/drivers/net/niu.c linux-2.6.38.6/drivers/net/n= iu.c +--- linux-2.6.38.6/drivers/net/niu.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/niu.c 2011-05-16 21:47:08.000000000 -0400 +@@ -9067,6 +9067,8 @@ static void __devinit niu_try_msix(struc + int i, num_irqs, err; + u8 first_ldg; +=20 ++ pax_track_stack(); ++ + first_ldg =3D (NIU_NUM_LDG / parent->num_ports) * np->port; + for (i =3D 0; i < (NIU_NUM_LDG / parent->num_ports); i++) + ldg_num_map[i] =3D first_ldg + i; diff -urNp linux-2.6.38.6/drivers/net/pcnet32.c linux-2.6.38.6/drivers/n= et/pcnet32.c --- linux-2.6.38.6/drivers/net/pcnet32.c 2011-03-14 21:20:32.000000000 -= 0400 +++ linux-2.6.38.6/drivers/net/pcnet32.c 2011-04-28 19:34:15.000000000 -= 0400 @@ -30197,6 +31312,18 @@ diff -urNp linux-2.6.38.6/drivers/net/tg3.h linu= x-2.6.38.6/drivers/net/tg3.h #define CHIPREV_ID_5750_C2 0x4202 #define CHIPREV_ID_5752_A0_HW 0x5000 #define CHIPREV_ID_5752_A0 0x6000 +diff -urNp linux-2.6.38.6/drivers/net/tulip/de2104x.c linux-2.6.38.6/dri= vers/net/tulip/de2104x.c +--- linux-2.6.38.6/drivers/net/tulip/de2104x.c 2011-03-14 21:20:32.00000= 0000 -0400 ++++ linux-2.6.38.6/drivers/net/tulip/de2104x.c 2011-05-16 21:47:08.00000= 0000 -0400 +@@ -1817,6 +1817,8 @@ static void __devinit de21041_get_srom_i + struct de_srom_info_leaf *il; + void *bufp; +=20 ++ pax_track_stack(); ++ + /* download entire eeprom */ + for (i =3D 0; i < DE_EEPROM_WORDS; i++) + ((__le16 *)ee_data)[i] =3D diff -urNp linux-2.6.38.6/drivers/net/tulip/de4x5.c linux-2.6.38.6/drive= rs/net/tulip/de4x5.c --- linux-2.6.38.6/drivers/net/tulip/de4x5.c 2011-03-14 21:20:32.0000000= 00 -0400 +++ linux-2.6.38.6/drivers/net/tulip/de4x5.c 2011-04-28 19:34:15.0000000= 00 -0400 @@ -30330,6 +31457,258 @@ diff -urNp linux-2.6.38.6/drivers/net/vmxnet3/v= mxnet3_ethtool.c linux-2.6.38.6/d return -EINVAL; } =20 +diff -urNp linux-2.6.38.6/drivers/net/vxge/vxge-main.c linux-2.6.38.6/dr= ivers/net/vxge/vxge-main.c +--- linux-2.6.38.6/drivers/net/vxge/vxge-main.c 2011-03-14 21:20:32.0000= 00000 -0400 ++++ linux-2.6.38.6/drivers/net/vxge/vxge-main.c 2011-05-16 21:47:08.0000= 00000 -0400 +@@ -97,6 +97,8 @@ static inline void VXGE_COMPLETE_VPATH_T + struct sk_buff *completed[NR_SKB_COMPLETED]; + int more; +=20 ++ pax_track_stack(); ++ + do { + more =3D 0; + skb_ptr =3D completed; +@@ -1889,6 +1891,8 @@ static enum vxge_hw_status vxge_rth_conf + u8 mtable[256] =3D {0}; /* CPU to vpath mapping */ + int index; +=20 ++ pax_track_stack(); ++ + /* + * Filling + * - itable with bucket numbers +diff -urNp linux-2.6.38.6/drivers/net/wan/cycx_x25.c linux-2.6.38.6/driv= ers/net/wan/cycx_x25.c +--- linux-2.6.38.6/drivers/net/wan/cycx_x25.c 2011-03-14 21:20:32.000000= 000 -0400 ++++ linux-2.6.38.6/drivers/net/wan/cycx_x25.c 2011-05-16 21:47:08.000000= 000 -0400 +@@ -1018,6 +1018,8 @@ static void hex_dump(char *msg, unsigned + unsigned char hex[1024], + * phex =3D hex; +=20 ++ pax_track_stack(); ++ + if (len >=3D (sizeof(hex) / 2)) + len =3D (sizeof(hex) / 2) - 1; +=20 +diff -urNp linux-2.6.38.6/drivers/net/wimax/i2400m/usb-fw.c linux-2.6.38= .6/drivers/net/wimax/i2400m/usb-fw.c +--- linux-2.6.38.6/drivers/net/wimax/i2400m/usb-fw.c 2011-03-14 21:20:32= .000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wimax/i2400m/usb-fw.c 2011-05-16 21:47:08= .000000000 -0400 +@@ -287,6 +287,8 @@ ssize_t i2400mu_bus_bm_wait_for_ack(stru + int do_autopm =3D 1; + DECLARE_COMPLETION_ONSTACK(notif_completion); +=20 ++ pax_track_stack(); ++ + d_fnstart(8, dev, "(i2400m %p ack %p size %zu)\n", + i2400m, ack, ack_size); + BUG_ON(_ack =3D=3D i2400m->bm_ack_buf); +diff -urNp linux-2.6.38.6/drivers/net/wireless/airo.c linux-2.6.38.6/dri= vers/net/wireless/airo.c +--- linux-2.6.38.6/drivers/net/wireless/airo.c 2011-03-14 21:20:32.00000= 0000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/airo.c 2011-05-16 21:47:08.00000= 0000 -0400 +@@ -3001,6 +3001,8 @@ static void airo_process_scan_results (s + BSSListElement * loop_net; + BSSListElement * tmp_net; +=20 ++ pax_track_stack(); ++ + /* Blow away current list of scan results */ + list_for_each_entry_safe (loop_net, tmp_net, &ai->network_list, list) = { + list_move_tail (&loop_net->list, &ai->network_free_list); +@@ -3792,6 +3794,8 @@ static u16 setup_card(struct airo_info * + WepKeyRid wkr; + int rc; +=20 ++ pax_track_stack(); ++ + memset( &mySsid, 0, sizeof( mySsid ) ); + kfree (ai->flash); + ai->flash =3D NULL; +@@ -4760,6 +4764,8 @@ static int proc_stats_rid_open( struct i + __le32 *vals =3D stats.vals; + int len; +=20 ++ pax_track_stack(); ++ + if ((file->private_data =3D kzalloc(sizeof(struct proc_data ), GFP_KER= NEL)) =3D=3D NULL) + return -ENOMEM; + data =3D file->private_data; +@@ -5483,6 +5489,8 @@ static int proc_BSSList_open( struct ino + /* If doLoseSync is not 1, we won't do a Lose Sync */ + int doLoseSync =3D -1; +=20 ++ pax_track_stack(); ++ + if ((file->private_data =3D kzalloc(sizeof(struct proc_data ), GFP_KER= NEL)) =3D=3D NULL) + return -ENOMEM; + data =3D file->private_data; +@@ -7190,6 +7198,8 @@ static int airo_get_aplist(struct net_de + int i; + int loseSync =3D capable(CAP_NET_ADMIN) ? 1: -1; +=20 ++ pax_track_stack(); ++ + qual =3D kmalloc(IW_MAX_AP * sizeof(*qual), GFP_KERNEL); + if (!qual) + return -ENOMEM; +@@ -7750,6 +7760,8 @@ static void airo_read_wireless_stats(str + CapabilityRid cap_rid; + __le32 *vals =3D stats_rid.vals; +=20 ++ pax_track_stack(); ++ + /* Get stats out of the card */ + clear_bit(JOB_WSTATS, &local->jobs); + if (local->power.event) { +diff -urNp linux-2.6.38.6/drivers/net/wireless/ath/ath5k/debug.c linux-2= .6.38.6/drivers/net/wireless/ath/ath5k/debug.c +--- linux-2.6.38.6/drivers/net/wireless/ath/ath5k/debug.c 2011-03-14 21:= 20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/ath/ath5k/debug.c 2011-05-16 21:= 47:08.000000000 -0400 +@@ -204,6 +204,8 @@ static ssize_t read_file_beacon(struct f + unsigned int v; + u64 tsf; +=20 ++ pax_track_stack(); ++ + v =3D ath5k_hw_reg_read(sc->ah, AR5K_BEACON); + len +=3D snprintf(buf+len, sizeof(buf)-len, + "%-24s0x%08x\tintval: %d\tTIM: 0x%x\n", +@@ -325,6 +327,8 @@ static ssize_t read_file_debug(struct fi + unsigned int len =3D 0; + unsigned int i; +=20 ++ pax_track_stack(); ++ + len +=3D snprintf(buf+len, sizeof(buf)-len, + "DEBUG LEVEL: 0x%08x\n\n", sc->debug.level); +=20 +@@ -386,6 +390,8 @@ static ssize_t read_file_antenna(struct=20 + unsigned int i; + unsigned int v; +=20 ++ pax_track_stack(); ++ + len +=3D snprintf(buf+len, sizeof(buf)-len, "antenna mode\t%d\n", + sc->ah->ah_ant_mode); + len +=3D snprintf(buf+len, sizeof(buf)-len, "default antenna\t%d\n", +@@ -496,6 +502,8 @@ static ssize_t read_file_misc(struct fil + unsigned int len =3D 0; + u32 filt =3D ath5k_hw_get_rx_filter(sc->ah); +=20 ++ pax_track_stack(); ++ + len +=3D snprintf(buf+len, sizeof(buf)-len, "bssid-mask: %pM\n", + sc->bssidmask); + len +=3D snprintf(buf+len, sizeof(buf)-len, "filter-flags: 0x%x ", +@@ -552,6 +560,8 @@ static ssize_t read_file_frameerrors(str + unsigned int len =3D 0; + int i; +=20 ++ pax_track_stack(); ++ + len +=3D snprintf(buf+len, sizeof(buf)-len, + "RX\n---------------------\n"); + len +=3D snprintf(buf+len, sizeof(buf)-len, "CRC\t%u\t(%u%%)\n", +@@ -669,6 +679,8 @@ static ssize_t read_file_ani(struct file + char buf[700]; + unsigned int len =3D 0; +=20 ++ pax_track_stack(); ++ + len +=3D snprintf(buf+len, sizeof(buf)-len, + "HW has PHY error counters:\t%s\n", + sc->ah->ah_capabilities.cap_has_phyerr_counters ? +@@ -829,6 +841,8 @@ static ssize_t read_file_queue(struct fi + struct ath5k_buf *bf, *bf0; + int i, n; +=20 ++ pax_track_stack(); ++ + len +=3D snprintf(buf+len, sizeof(buf)-len, + "available txbuffers: %d\n", sc->txbuf_len); +=20 +diff -urNp linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_calib.c = linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_calib.c +--- linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_calib.c 2011-03= -14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_calib.c 2011-05= -16 21:47:08.000000000 -0400 +@@ -734,6 +734,8 @@ static void ar9003_hw_tx_iq_cal(struct a + s32 i, j, ip, im, nmeasurement; + u8 nchains =3D get_streams(common->tx_chainmask); +=20 ++ pax_track_stack(); ++ + for (ip =3D 0; ip < MPASS; ip++) { + REG_RMW_FIELD(ah, AR_PHY_TX_IQCAL_CONTROL_1, + AR_PHY_TX_IQCAQL_CONTROL_1_IQCORR_I_Q_COFF_DELPT, +@@ -856,6 +858,8 @@ static void ar9003_hw_tx_iq_cal_post_pro + int i, ip, im, j; + int nmeasurement; +=20 ++ pax_track_stack(); ++ + for (i =3D 0; i < AR9300_MAX_CHAINS; i++) { + if (ah->txchainmask & (1 << i)) + num_chains++; +diff -urNp linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_paprd.c = linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_paprd.c +--- linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_paprd.c 2011-03= -14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_paprd.c 2011-05= -16 21:47:08.000000000 -0400 +@@ -356,6 +356,8 @@ static bool create_pa_curve(u32 *data_L, + int theta_low_bin =3D 0; + int i; +=20 ++ pax_track_stack(); ++ + /* disregard any bin that contains <=3D 16 samples */ + thresh_accum_cnt =3D 16; + scale_factor =3D 5; +diff -urNp linux-2.6.38.6/drivers/net/wireless/ath/ath9k/debug.c linux-2= .6.38.6/drivers/net/wireless/ath/ath9k/debug.c +--- linux-2.6.38.6/drivers/net/wireless/ath/ath9k/debug.c 2011-03-14 21:= 20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/ath/ath9k/debug.c 2011-05-16 21:= 47:08.000000000 -0400 +@@ -321,6 +321,8 @@ static ssize_t read_file_interrupt(struc + char buf[512]; + unsigned int len =3D 0; +=20 ++ pax_track_stack(); ++ + if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_EDMA) { + len +=3D snprintf(buf + len, sizeof(buf) - len, + "%8s: %10u\n", "RXLP", sc->debug.stats.istats.rxlp); +@@ -410,6 +412,8 @@ static ssize_t read_file_wiphy(struct fi + u8 addr[ETH_ALEN]; + u32 tmp; +=20 ++ pax_track_stack(); ++ + len +=3D snprintf(buf + len, sizeof(buf) - len, + "primary: %s (%s chan=3D%d ht=3D%d)\n", + wiphy_name(sc->pri_wiphy->hw->wiphy), +diff -urNp linux-2.6.38.6/drivers/net/wireless/ath/ath9k/htc_drv_main.c = linux-2.6.38.6/drivers/net/wireless/ath/ath9k/htc_drv_main.c +--- linux-2.6.38.6/drivers/net/wireless/ath/ath9k/htc_drv_main.c 2011-03= -14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/ath/ath9k/htc_drv_main.c 2011-05= -16 21:47:08.000000000 -0400 +@@ -620,6 +620,8 @@ static ssize_t read_file_tgt_stats(struc + unsigned int len =3D 0; + int ret =3D 0; +=20 ++ pax_track_stack(); ++ + memset(&cmd_rsp, 0, sizeof(cmd_rsp)); +=20 + WMI_CMD(WMI_TGT_STATS_CMDID); +@@ -665,6 +667,8 @@ static ssize_t read_file_xmit(struct fil + char buf[512]; + unsigned int len =3D 0; +=20 ++ pax_track_stack(); ++ + len +=3D snprintf(buf + len, sizeof(buf) - len, + "%20s : %10u\n", "Buffers queued", + priv->debug.tx_stats.buf_queued); +@@ -714,6 +718,8 @@ static ssize_t read_file_recv(struct fil + char buf[512]; + unsigned int len =3D 0; +=20 ++ pax_track_stack(); ++ + len +=3D snprintf(buf + len, sizeof(buf) - len, + "%20s : %10u\n", "SKBs allocated", + priv->debug.rx_stats.skb_allocated); diff -urNp linux-2.6.38.6/drivers/net/wireless/b43/debugfs.c linux-2.6.3= 8.6/drivers/net/wireless/b43/debugfs.c --- linux-2.6.38.6/drivers/net/wireless/b43/debugfs.c 2011-03-14 21:20:3= 2.000000000 -0400 +++ linux-2.6.38.6/drivers/net/wireless/b43/debugfs.c 2011-04-28 19:34:1= 5.000000000 -0400 @@ -30354,6 +31733,81 @@ diff -urNp linux-2.6.38.6/drivers/net/wireless/b= 43legacy/debugfs.c linux-2.6.38. /* Offset of struct b43legacy_dfs_file in struct b43legacy_dfsentry */ size_t file_struct_offset; /* Take wl->irq_lock before calling read/write? */ +diff -urNp linux-2.6.38.6/drivers/net/wireless/ipw2x00/ipw2100.c linux-2= .6.38.6/drivers/net/wireless/ipw2x00/ipw2100.c +--- linux-2.6.38.6/drivers/net/wireless/ipw2x00/ipw2100.c 2011-03-14 21:= 20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/ipw2x00/ipw2100.c 2011-05-16 21:= 47:08.000000000 -0400 +@@ -2101,6 +2101,8 @@ static int ipw2100_set_essid(struct ipw2 + int err; + DECLARE_SSID_BUF(ssid); +=20 ++ pax_track_stack(); ++ + IPW_DEBUG_HC("SSID: '%s'\n", print_ssid(ssid, essid, ssid_len)); +=20 + if (ssid_len) +@@ -5455,6 +5457,8 @@ static int ipw2100_set_key(struct ipw210 + struct ipw2100_wep_key *wep_key =3D (void *)cmd.host_command_parameter= s; + int err; +=20 ++ pax_track_stack(); ++ + IPW_DEBUG_HC("WEP_KEY_INFO: index =3D %d, len =3D %d/%d\n", + idx, keylen, len); +=20 +diff -urNp linux-2.6.38.6/drivers/net/wireless/ipw2x00/libipw_rx.c linux= -2.6.38.6/drivers/net/wireless/ipw2x00/libipw_rx.c +--- linux-2.6.38.6/drivers/net/wireless/ipw2x00/libipw_rx.c 2011-03-14 2= 1:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/ipw2x00/libipw_rx.c 2011-05-16 2= 1:47:08.000000000 -0400 +@@ -1565,6 +1565,8 @@ static void libipw_process_probe_respons + unsigned long flags; + DECLARE_SSID_BUF(ssid); +=20 ++ pax_track_stack(); ++ + LIBIPW_DEBUG_SCAN("'%s' (%pM" + "): %c%c%c%c %c%c%c%c-%c%c%c%c %c%c%c%c\n", + print_ssid(ssid, info_element->data, info_element->len), +diff -urNp linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-agn-rs.c linu= x-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-agn-rs.c +--- linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-agn-rs.c 2011-03-14 = 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-agn-rs.c 2011-05-16 = 21:47:08.000000000 -0400 +@@ -883,6 +883,8 @@ static void rs_tx_status(void *priv_r, s + struct iwl_station_priv *sta_priv =3D (void *)sta->drv_priv; + struct iwl_rxon_context *ctx =3D sta_priv->common.ctx; +=20 ++ pax_track_stack(); ++ + IWL_DEBUG_RATE_LIMIT(priv, "get frame ack response, update rate scale = window\n"); +=20 + /* Treat uninitialized rate scaling data same as non-existing. */ +@@ -2892,6 +2894,8 @@ static void rs_fill_link_cmd(struct iwl_ + u8 valid_tx_ant =3D 0; + struct iwl_link_quality_cmd *lq_cmd =3D &lq_sta->lq; +=20 ++ pax_track_stack(); ++ + /* Override starting rate (index 0) if needed for debug purposes */ + rs_dbgfs_set_mcs(lq_sta, &new_rate, index); +=20 +diff -urNp linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debugfs.c lin= ux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debugfs.c +--- linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debugfs.c 2011-03-14= 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debugfs.c 2011-05-16= 21:47:08.000000000 -0400 +@@ -518,6 +518,8 @@ static ssize_t iwl_dbgfs_status_read(str + int pos =3D 0; + const size_t bufsz =3D sizeof(buf); +=20 ++ pax_track_stack(); ++ + pos +=3D scnprintf(buf + pos, bufsz - pos, "STATUS_HCMD_ACTIVE:\t %d\n= ", + test_bit(STATUS_HCMD_ACTIVE, &priv->status)); + pos +=3D scnprintf(buf + pos, bufsz - pos, "STATUS_INT_ENABLED:\t %d\n= ", +@@ -650,6 +652,8 @@ static ssize_t iwl_dbgfs_qos_read(struct + char buf[256 * NUM_IWL_RXON_CTX]; + const size_t bufsz =3D sizeof(buf); +=20 ++ pax_track_stack(); ++ + for_each_context(priv, ctx) { + pos +=3D scnprintf(buf + pos, bufsz - pos, "context %d:\n", + ctx->ctxid); diff -urNp linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debug.h linux= -2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debug.h --- linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debug.h 2011-03-14 2= 1:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debug.h 2011-04-28 1= 9:34:15.000000000 -0400 @@ -30368,6 +31822,18 @@ diff -urNp linux-2.6.38.6/drivers/net/wireless/i= wlwifi/iwl-debug.h linux-2.6.38. static inline void iwl_print_hex_dump(struct iwl_priv *priv, int level, const void *p, u32 len) {} +diff -urNp linux-2.6.38.6/drivers/net/wireless/iwmc3200wifi/debugfs.c li= nux-2.6.38.6/drivers/net/wireless/iwmc3200wifi/debugfs.c +--- linux-2.6.38.6/drivers/net/wireless/iwmc3200wifi/debugfs.c 2011-03-1= 4 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/iwmc3200wifi/debugfs.c 2011-05-1= 6 21:47:08.000000000 -0400 +@@ -327,6 +327,8 @@ static ssize_t iwm_debugfs_fw_err_read(s + int buf_len =3D 512; + size_t len =3D 0; +=20 ++ pax_track_stack(); ++ + if (*ppos !=3D 0) + return 0; + if (count < sizeof(buf)) diff -urNp linux-2.6.38.6/drivers/net/wireless/libertas/debugfs.c linux-= 2.6.38.6/drivers/net/wireless/libertas/debugfs.c --- linux-2.6.38.6/drivers/net/wireless/libertas/debugfs.c 2011-03-14 21= :20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/net/wireless/libertas/debugfs.c 2011-04-28 19= :34:15.000000000 -0400 @@ -30392,6 +31858,30 @@ diff -urNp linux-2.6.38.6/drivers/net/wireless/r= ndis_wlan.c linux-2.6.38.6/drive rts_threshold =3D 2347; =20 tmp =3D cpu_to_le32(rts_threshold); +diff -urNp linux-2.6.38.6/drivers/net/wireless/rtlwifi/rtl8192ce/phy.c l= inux-2.6.38.6/drivers/net/wireless/rtlwifi/rtl8192ce/phy.c +--- linux-2.6.38.6/drivers/net/wireless/rtlwifi/rtl8192ce/phy.c 2011-03-= 14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/rtlwifi/rtl8192ce/phy.c 2011-05-= 16 21:47:08.000000000 -0400 +@@ -1277,6 +1277,8 @@ static bool _rtl92c_phy_sw_chnl_step_by_ + u8 rfpath; + u8 num_total_rfpath =3D rtlphy->num_total_rfpath; +=20 ++ pax_track_stack(); ++ + precommoncmdcnt =3D 0; + _rtl92c_phy_set_sw_chnl_cmdarray(precommoncmd, precommoncmdcnt++, + MAX_PRECMD_CNT, +diff -urNp linux-2.6.38.6/drivers/net/wireless/wl12xx/spi.c linux-2.6.38= .6/drivers/net/wireless/wl12xx/spi.c +--- linux-2.6.38.6/drivers/net/wireless/wl12xx/spi.c 2011-03-14 21:20:32= .000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/wl12xx/spi.c 2011-05-16 21:47:08= .000000000 -0400 +@@ -279,6 +279,8 @@ static void wl1271_spi_raw_write(struct=20 + u32 chunk_len; + int i; +=20 ++ pax_track_stack(); ++ + WARN_ON(len > WL1271_AGGR_BUFFER_SIZE); +=20 + spi_message_init(&m); diff -urNp linux-2.6.38.6/drivers/oprofile/buffer_sync.c linux-2.6.38.6/= drivers/oprofile/buffer_sync.c --- linux-2.6.38.6/drivers/oprofile/buffer_sync.c 2011-03-14 21:20:32.00= 0000000 -0400 +++ linux-2.6.38.6/drivers/oprofile/buffer_sync.c 2011-04-28 19:34:15.00= 0000000 -0400 @@ -30633,6 +32123,54 @@ diff -urNp linux-2.6.38.6/drivers/pci/proc.c lin= ux-2.6.38.6/drivers/pci/proc.c proc_create("devices", 0, proc_bus_pci_dir, &proc_bus_pci_dev_operations); proc_initialized =3D 1; +diff -urNp linux-2.6.38.6/drivers/pci/xen-pcifront.c linux-2.6.38.6/driv= ers/pci/xen-pcifront.c +--- linux-2.6.38.6/drivers/pci/xen-pcifront.c 2011-03-14 21:20:32.000000= 000 -0400 ++++ linux-2.6.38.6/drivers/pci/xen-pcifront.c 2011-05-16 21:47:08.000000= 000 -0400 +@@ -187,6 +187,8 @@ static int pcifront_bus_read(struct pci_ + struct pcifront_sd *sd =3D bus->sysdata; + struct pcifront_device *pdev =3D pcifront_get_pdev(sd); +=20 ++ pax_track_stack(); ++ + if (verbose_request) + dev_info(&pdev->xdev->dev, + "read dev=3D%04x:%02x:%02x.%01x - offset %x size %d\n", +@@ -226,6 +228,8 @@ static int pcifront_bus_write(struct pci + struct pcifront_sd *sd =3D bus->sysdata; + struct pcifront_device *pdev =3D pcifront_get_pdev(sd); +=20 ++ pax_track_stack(); ++ + if (verbose_request) + dev_info(&pdev->xdev->dev, + "write dev=3D%04x:%02x:%02x.%01x - " +@@ -258,6 +262,8 @@ static int pci_frontend_enable_msix(stru + struct pcifront_device *pdev =3D pcifront_get_pdev(sd); + struct msi_desc *entry; +=20 ++ pax_track_stack(); ++ + if (nvec > SH_INFO_MAX_VEC) { + dev_err(&dev->dev, "too much vector for pci frontend: %x." + " Increase SH_INFO_MAX_VEC.\n", nvec); +@@ -303,6 +309,8 @@ static void pci_frontend_disable_msix(st + struct pcifront_sd *sd =3D dev->bus->sysdata; + struct pcifront_device *pdev =3D pcifront_get_pdev(sd); +=20 ++ pax_track_stack(); ++ + err =3D do_pci_op(pdev, &op); +=20 + /* What should do for error ? */ +@@ -322,6 +330,8 @@ static int pci_frontend_enable_msi(struc + struct pcifront_sd *sd =3D dev->bus->sysdata; + struct pcifront_device *pdev =3D pcifront_get_pdev(sd); +=20 ++ pax_track_stack(); ++ + err =3D do_pci_op(pdev, &op); + if (likely(!err)) { + *(*vector) =3D op.value; diff -urNp linux-2.6.38.6/drivers/platform/x86/asus-laptop.c linux-2.6.3= 8.6/drivers/platform/x86/asus-laptop.c --- linux-2.6.38.6/drivers/platform/x86/asus-laptop.c 2011-03-14 21:20:3= 2.000000000 -0400 +++ linux-2.6.38.6/drivers/platform/x86/asus-laptop.c 2011-04-28 19:34:1= 5.000000000 -0400 @@ -30756,6 +32294,17 @@ diff -urNp linux-2.6.38.6/drivers/s390/cio/qdio_= debug.c linux-2.6.38.6/drivers/s .owner =3D THIS_MODULE, .open =3D qperf_seq_open, .read =3D seq_read, +diff -urNp linux-2.6.38.6/drivers/scsi/aacraid/commctrl.c linux-2.6.38.6= /drivers/scsi/aacraid/commctrl.c +--- linux-2.6.38.6/drivers/scsi/aacraid/commctrl.c 2011-03-14 21:20:32.0= 00000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/aacraid/commctrl.c 2011-05-16 21:47:08.0= 00000000 -0400 +@@ -481,6 +481,7 @@ static int aac_send_raw_srb(struct aac_d + u32 actual_fibsize64, actual_fibsize =3D 0; + int i; +=20 ++ pax_track_stack(); +=20 + if (dev->in_reset) { + dprintk((KERN_DEBUG"aacraid: send raw srb -EBUSY\n")); diff -urNp linux-2.6.38.6/drivers/scsi/aic94xx/aic94xx_init.c linux-2.6.= 38.6/drivers/scsi/aic94xx/aic94xx_init.c --- linux-2.6.38.6/drivers/scsi/aic94xx/aic94xx_init.c 2011-03-14 21:20:= 32.000000000 -0400 +++ linux-2.6.38.6/drivers/scsi/aic94xx/aic94xx_init.c 2011-04-28 19:34:= 15.000000000 -0400 @@ -30768,6 +32317,170 @@ diff -urNp linux-2.6.38.6/drivers/scsi/aic94xx/= aic94xx_init.c linux-2.6.38.6/dri asd_show_update_bios, asd_store_update_bios); =20 static int asd_create_dev_attrs(struct asd_ha_struct *asd_ha) +diff -urNp linux-2.6.38.6/drivers/scsi/bfa/bfad.c linux-2.6.38.6/drivers= /scsi/bfa/bfad.c +--- linux-2.6.38.6/drivers/scsi/bfa/bfad.c 2011-03-14 21:20:32.000000000= -0400 ++++ linux-2.6.38.6/drivers/scsi/bfa/bfad.c 2011-05-16 21:47:08.000000000= -0400 +@@ -1027,6 +1027,8 @@ bfad_start_ops(struct bfad_s *bfad) { + struct bfad_vport_s *vport, *vport_new; + struct bfa_fcs_driver_info_s driver_info; +=20 ++ pax_track_stack(); ++ + /* Fill the driver_info info to fcs*/ + memset(&driver_info, 0, sizeof(driver_info)); + strncpy(driver_info.version, BFAD_DRIVER_VERSION, +diff -urNp linux-2.6.38.6/drivers/scsi/bfa/bfa_fcs_lport.c linux-2.6.38.= 6/drivers/scsi/bfa/bfa_fcs_lport.c +--- linux-2.6.38.6/drivers/scsi/bfa/bfa_fcs_lport.c 2011-03-14 21:20:32.= 000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/bfa/bfa_fcs_lport.c 2011-05-16 21:47:08.= 000000000 -0400 +@@ -1559,6 +1559,8 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc + u16 len, count; + u16 templen; +=20 ++ pax_track_stack(); ++ + /* + * get hba attributes + */ +@@ -1836,6 +1838,8 @@ bfa_fcs_lport_fdmi_build_portattr_block( + u8 count =3D 0; + u16 templen; +=20 ++ pax_track_stack(); ++ + /* + * get port attributes + */ +diff -urNp linux-2.6.38.6/drivers/scsi/bfa/bfa_fcs_rport.c linux-2.6.38.= 6/drivers/scsi/bfa/bfa_fcs_rport.c +--- linux-2.6.38.6/drivers/scsi/bfa/bfa_fcs_rport.c 2011-03-14 21:20:32.= 000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/bfa/bfa_fcs_rport.c 2011-05-16 21:47:08.= 000000000 -0400 +@@ -1844,6 +1844,8 @@ bfa_fcs_rport_process_rpsc(struct bfa_fc + struct fc_rpsc_speed_info_s speeds; + struct bfa_port_attr_s pport_attr; +=20 ++ pax_track_stack(); ++ + bfa_trc(port->fcs, rx_fchs->s_id); + bfa_trc(port->fcs, rx_fchs->d_id); +=20 +diff -urNp linux-2.6.38.6/drivers/scsi/BusLogic.c linux-2.6.38.6/drivers= /scsi/BusLogic.c +--- linux-2.6.38.6/drivers/scsi/BusLogic.c 2011-03-14 21:20:32.000000000= -0400 ++++ linux-2.6.38.6/drivers/scsi/BusLogic.c 2011-05-16 21:47:08.000000000= -0400 +@@ -962,6 +962,8 @@ static int __init BusLogic_InitializeFla + static void __init BusLogic_InitializeProbeInfoList(struct BusLogic_Hos= tAdapter + *PrototypeHostAdapter) + { ++ pax_track_stack(); ++ + /* + If a PCI BIOS is present, interrogate it for MultiMaster and FlashP= oint + Host Adapters; otherwise, default to the standard ISA MultiMaster p= robe. +diff -urNp linux-2.6.38.6/drivers/scsi/dpt_i2o.c linux-2.6.38.6/drivers/= scsi/dpt_i2o.c +--- linux-2.6.38.6/drivers/scsi/dpt_i2o.c 2011-03-14 21:20:32.000000000 = -0400 ++++ linux-2.6.38.6/drivers/scsi/dpt_i2o.c 2011-05-16 21:47:08.000000000 = -0400 +@@ -1811,6 +1811,8 @@ static int adpt_i2o_passthru(adpt_hba* p + dma_addr_t addr; + ulong flags =3D 0; +=20 ++ pax_track_stack(); ++ + memset(&msg, 0, MAX_MESSAGE_SIZE*4); + // get user msg size in u32s=20 + if(get_user(size, &user_msg[0])){ +@@ -2317,6 +2319,8 @@ static s32 adpt_scsi_to_i2o(adpt_hba* pH + s32 rcode; + dma_addr_t addr; +=20 ++ pax_track_stack(); ++ + memset(msg, 0 , sizeof(msg)); + len =3D scsi_bufflen(cmd); + direction =3D 0x00000000;=09 +diff -urNp linux-2.6.38.6/drivers/scsi/eata.c linux-2.6.38.6/drivers/scs= i/eata.c +--- linux-2.6.38.6/drivers/scsi/eata.c 2011-03-14 21:20:32.000000000 -04= 00 ++++ linux-2.6.38.6/drivers/scsi/eata.c 2011-05-16 21:47:08.000000000 -04= 00 +@@ -1087,6 +1087,8 @@ static int port_detect(unsigned long por + struct hostdata *ha; + char name[16]; +=20 ++ pax_track_stack(); ++ + sprintf(name, "%s%d", driver_name, j); +=20 + if (!request_region(port_base, REGION_SIZE, driver_name)) { +diff -urNp linux-2.6.38.6/drivers/scsi/fcoe/libfcoe.c linux-2.6.38.6/dri= vers/scsi/fcoe/libfcoe.c +--- linux-2.6.38.6/drivers/scsi/fcoe/libfcoe.c 2011-03-14 21:20:32.00000= 0000 -0400 ++++ linux-2.6.38.6/drivers/scsi/fcoe/libfcoe.c 2011-05-16 21:47:08.00000= 0000 -0400 +@@ -2484,6 +2484,8 @@ static int fcoe_ctlr_vn_recv(struct fcoe + } buf; + int rc; +=20 ++ pax_track_stack(); ++ + fiph =3D (struct fip_header *)skb->data; + sub =3D fiph->fip_subcode; +=20 +diff -urNp linux-2.6.38.6/drivers/scsi/gdth.c linux-2.6.38.6/drivers/scs= i/gdth.c +--- linux-2.6.38.6/drivers/scsi/gdth.c 2011-03-14 21:20:32.000000000 -04= 00 ++++ linux-2.6.38.6/drivers/scsi/gdth.c 2011-05-16 21:47:08.000000000 -04= 00 +@@ -4107,6 +4107,8 @@ static int ioc_lockdrv(void __user *arg) + unsigned long flags; + gdth_ha_str *ha; +=20 ++ pax_track_stack(); ++ + if (copy_from_user(&ldrv, arg, sizeof(gdth_ioctl_lockdrv))) + return -EFAULT; + ha =3D gdth_find_ha(ldrv.ionode); +@@ -4139,6 +4141,8 @@ static int ioc_resetdrv(void __user *arg + gdth_ha_str *ha; + int rval; +=20 ++ pax_track_stack(); ++ + if (copy_from_user(&res, arg, sizeof(gdth_ioctl_reset)) || + res.number >=3D MAX_HDRIVES) + return -EFAULT; +@@ -4174,6 +4178,8 @@ static int ioc_general(void __user *arg, + gdth_ha_str *ha; + int rval; +=20 ++ pax_track_stack(); ++ + if (copy_from_user(&gen, arg, sizeof(gdth_ioctl_general))) + return -EFAULT; + ha =3D gdth_find_ha(gen.ionode); +@@ -4642,6 +4648,9 @@ static void gdth_flush(gdth_ha_str *ha) + int i; + gdth_cmd_str gdtcmd; + char cmnd[MAX_COMMAND_SIZE]; =20 ++ ++ pax_track_stack(); ++ + memset(cmnd, 0xff, MAX_COMMAND_SIZE); +=20 + TRACE2(("gdth_flush() hanum %d\n", ha->hanum)); +diff -urNp linux-2.6.38.6/drivers/scsi/gdth_proc.c linux-2.6.38.6/driver= s/scsi/gdth_proc.c +--- linux-2.6.38.6/drivers/scsi/gdth_proc.c 2011-03-14 21:20:32.00000000= 0 -0400 ++++ linux-2.6.38.6/drivers/scsi/gdth_proc.c 2011-05-16 21:47:08.00000000= 0 -0400 +@@ -47,6 +47,9 @@ static int gdth_set_asc_info(struct Scsi + u64 paddr; +=20 + char cmnd[MAX_COMMAND_SIZE]; ++ ++ pax_track_stack(); ++ + memset(cmnd, 0xff, 12); + memset(&gdtcmd, 0, sizeof(gdth_cmd_str)); +=20 +@@ -175,6 +178,8 @@ static int gdth_get_info(char *buffer,ch + gdth_hget_str *phg; + char cmnd[MAX_COMMAND_SIZE]; +=20 ++ pax_track_stack(); ++ + gdtcmd =3D kmalloc(sizeof(*gdtcmd), GFP_KERNEL); + estr =3D kmalloc(sizeof(*estr), GFP_KERNEL); + if (!gdtcmd || !estr) diff -urNp linux-2.6.38.6/drivers/scsi/hosts.c linux-2.6.38.6/drivers/sc= si/hosts.c --- linux-2.6.38.6/drivers/scsi/hosts.c 2011-03-14 21:20:32.000000000 -0= 400 +++ linux-2.6.38.6/drivers/scsi/hosts.c 2011-04-28 19:57:25.000000000 -0= 400 @@ -30951,7 +32664,7 @@ diff -urNp linux-2.6.38.6/drivers/scsi/libsas/sas= _ata.c linux-2.6.38.6/drivers/s .qc_defer =3D ata_std_qc_defer, diff -urNp linux-2.6.38.6/drivers/scsi/lpfc/lpfc_debugfs.c linux-2.6.38.= 6/drivers/scsi/lpfc/lpfc_debugfs.c --- linux-2.6.38.6/drivers/scsi/lpfc/lpfc_debugfs.c 2011-03-14 21:20:32.= 000000000 -0400 -+++ linux-2.6.38.6/drivers/scsi/lpfc/lpfc_debugfs.c 2011-04-28 19:57:25.= 000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/lpfc/lpfc_debugfs.c 2011-05-16 21:47:08.= 000000000 -0400 @@ -125,7 +125,7 @@ struct lpfc_debug { int len; }; @@ -30979,7 +32692,16 @@ diff -urNp linux-2.6.38.6/drivers/scsi/lpfc/lpfc= _debugfs.c linux-2.6.38.6/driver (lpfc_debugfs_max_slow_ring_trc - 1); for (i =3D index; i < lpfc_debugfs_max_slow_ring_trc; i++) { dtp =3D phba->slow_ring_trc + i; -@@ -635,14 +635,14 @@ lpfc_debugfs_disc_trc(struct lpfc_vport=20 +@@ -398,6 +398,8 @@ lpfc_debugfs_dumpHBASlim_data(struct lpf + uint32_t *ptr; + char buffer[1024]; +=20 ++ pax_track_stack(); ++ + off =3D 0; + spin_lock_irq(&phba->hbalock); +=20 +@@ -635,14 +637,14 @@ lpfc_debugfs_disc_trc(struct lpfc_vport=20 !vport || !vport->disc_trc) return; =20 @@ -30996,7 +32718,7 @@ diff -urNp linux-2.6.38.6/drivers/scsi/lpfc/lpfc_= debugfs.c linux-2.6.38.6/driver dtp->jif =3D jiffies; #endif return; -@@ -673,14 +673,14 @@ lpfc_debugfs_slow_ring_trc(struct lpfc_h +@@ -673,14 +675,14 @@ lpfc_debugfs_slow_ring_trc(struct lpfc_h !phba || !phba->slow_ring_trc) return; =20 @@ -31013,7 +32735,7 @@ diff -urNp linux-2.6.38.6/drivers/scsi/lpfc/lpfc_= debugfs.c linux-2.6.38.6/driver dtp->jif =3D jiffies; #endif return; -@@ -1365,7 +1365,7 @@ lpfc_debugfs_initialize(struct lpfc_vpor +@@ -1365,7 +1367,7 @@ lpfc_debugfs_initialize(struct lpfc_vpor "slow_ring buffer\n"); goto debug_failed; } @@ -31022,7 +32744,7 @@ diff -urNp linux-2.6.38.6/drivers/scsi/lpfc/lpfc_= debugfs.c linux-2.6.38.6/driver memset(phba->slow_ring_trc, 0, (sizeof(struct lpfc_debugfs_trc) * lpfc_debugfs_max_slow_ring_trc)); -@@ -1411,7 +1411,7 @@ lpfc_debugfs_initialize(struct lpfc_vpor +@@ -1411,7 +1413,7 @@ lpfc_debugfs_initialize(struct lpfc_vpor "buffer\n"); goto debug_failed; } @@ -31117,6 +32839,30 @@ diff -urNp linux-2.6.38.6/drivers/scsi/lpfc/lpfc= _scsi.c linux-2.6.38.6/drivers/s } =20 /** +diff -urNp linux-2.6.38.6/drivers/scsi/megaraid/megaraid_mbox.c linux-2.= 6.38.6/drivers/scsi/megaraid/megaraid_mbox.c +--- linux-2.6.38.6/drivers/scsi/megaraid/megaraid_mbox.c 2011-03-14 21:2= 0:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/megaraid/megaraid_mbox.c 2011-05-16 21:4= 7:08.000000000 -0400 +@@ -3510,6 +3510,8 @@ megaraid_cmm_register(adapter_t *adapter + int rval; + int i; +=20 ++ pax_track_stack(); ++ + // Allocate memory for the base list of scb for management module. + adapter->uscb_list =3D kcalloc(MBOX_MAX_USER_CMDS, sizeof(scb_t), GFP_= KERNEL); +=20 +diff -urNp linux-2.6.38.6/drivers/scsi/osd/osd_initiator.c linux-2.6.38.= 6/drivers/scsi/osd/osd_initiator.c +--- linux-2.6.38.6/drivers/scsi/osd/osd_initiator.c 2011-03-14 21:20:32.= 000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/osd/osd_initiator.c 2011-05-16 21:47:08.= 000000000 -0400 +@@ -97,6 +97,8 @@ static int _osd_get_print_system_info(st + int nelem =3D ARRAY_SIZE(get_attrs), a =3D 0; + int ret; +=20 ++ pax_track_stack(); ++ + or =3D osd_start_request(od, GFP_KERNEL); + if (!or) + return -ENOMEM; diff -urNp linux-2.6.38.6/drivers/scsi/pmcraid.c linux-2.6.38.6/drivers/= scsi/pmcraid.c --- linux-2.6.38.6/drivers/scsi/pmcraid.c 2011-05-10 22:06:29.000000000 = -0400 +++ linux-2.6.38.6/drivers/scsi/pmcraid.c 2011-05-10 22:08:57.000000000 = -0400 @@ -31298,6 +33044,27 @@ diff -urNp linux-2.6.38.6/drivers/scsi/scsi.c li= nux-2.6.38.6/drivers/scsi/scsi.c =20 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state =3D=3D SDEV_DEL)) { +diff -urNp linux-2.6.38.6/drivers/scsi/scsi_debug.c linux-2.6.38.6/drive= rs/scsi/scsi_debug.c +--- linux-2.6.38.6/drivers/scsi/scsi_debug.c 2011-03-14 21:20:32.0000000= 00 -0400 ++++ linux-2.6.38.6/drivers/scsi/scsi_debug.c 2011-05-16 21:47:08.0000000= 00 -0400 +@@ -1476,6 +1476,8 @@ static int resp_mode_select(struct scsi_ + unsigned char arr[SDEBUG_MAX_MSELECT_SZ]; + unsigned char *cmd =3D (unsigned char *)scp->cmnd; +=20 ++ pax_track_stack(); ++ + if ((errsts =3D check_readiness(scp, 1, devip))) + return errsts; + memset(arr, 0, sizeof(arr)); +@@ -1573,6 +1575,8 @@ static int resp_log_sense(struct scsi_cm + unsigned char arr[SDEBUG_MAX_LSENSE_SZ]; + unsigned char *cmd =3D (unsigned char *)scp->cmnd; +=20 ++ pax_track_stack(); ++ + if ((errsts =3D check_readiness(scp, 1, devip))) + return errsts; + memset(arr, 0, sizeof(arr)); diff -urNp linux-2.6.38.6/drivers/scsi/scsi_lib.c linux-2.6.38.6/drivers= /scsi/scsi_lib.c --- linux-2.6.38.6/drivers/scsi/scsi_lib.c 2011-05-10 22:06:29.000000000= -0400 +++ linux-2.6.38.6/drivers/scsi/scsi_lib.c 2011-05-10 22:08:57.000000000= -0400 @@ -31454,6 +33221,30 @@ diff -urNp linux-2.6.38.6/drivers/scsi/sg.c linu= x-2.6.38.6/drivers/scsi/sg.c =20 sg_proc_sgp =3D proc_mkdir(sg_proc_sg_dirname, NULL); if (!sg_proc_sgp) +diff -urNp linux-2.6.38.6/drivers/scsi/sym53c8xx_2/sym_glue.c linux-2.6.= 38.6/drivers/scsi/sym53c8xx_2/sym_glue.c +--- linux-2.6.38.6/drivers/scsi/sym53c8xx_2/sym_glue.c 2011-03-14 21:20:= 32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/sym53c8xx_2/sym_glue.c 2011-05-16 21:47:= 08.000000000 -0400 +@@ -1756,6 +1756,8 @@ static int __devinit sym2_probe(struct p + int do_iounmap =3D 0; + int do_disable_device =3D 1; +=20 ++ pax_track_stack(); ++ + memset(&sym_dev, 0, sizeof(sym_dev)); + memset(&nvram, 0, sizeof(nvram)); + sym_dev.pdev =3D pdev; +diff -urNp linux-2.6.38.6/drivers/scsi/vmw_pvscsi.c linux-2.6.38.6/drive= rs/scsi/vmw_pvscsi.c +--- linux-2.6.38.6/drivers/scsi/vmw_pvscsi.c 2011-03-14 21:20:32.0000000= 00 -0400 ++++ linux-2.6.38.6/drivers/scsi/vmw_pvscsi.c 2011-05-16 21:47:08.0000000= 00 -0400 +@@ -447,6 +447,8 @@ static void pvscsi_setup_all_rings(const + dma_addr_t base; + unsigned i; +=20 ++ pax_track_stack(); ++ + cmd.ringsStatePPN =3D adapter->ringStatePA >> PAGE_SHIFT; + cmd.reqRingNumPages =3D adapter->req_pages; + cmd.cmpRingNumPages =3D adapter->cmp_pages; diff -urNp linux-2.6.38.6/drivers/spi/spi.c linux-2.6.38.6/drivers/spi/s= pi.c --- linux-2.6.38.6/drivers/spi/spi.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/spi/spi.c 2011-05-11 18:34:57.000000000 -0400 @@ -31950,6 +33741,81 @@ diff -urNp linux-2.6.38.6/drivers/staging/westbr= idge/astoria/block/cyasblkdev_bl .open =3D cyasblkdev_blk_open, .release =3D cyasblkdev_blk_release, .ioctl =3D cyasblkdev_blk_ioctl, +diff -urNp linux-2.6.38.6/drivers/target/target_core_alua.c linux-2.6.38= .6/drivers/target/target_core_alua.c +--- linux-2.6.38.6/drivers/target/target_core_alua.c 2011-03-14 21:20:32= .000000000 -0400 ++++ linux-2.6.38.6/drivers/target/target_core_alua.c 2011-05-16 21:47:08= .000000000 -0400 +@@ -675,6 +675,8 @@ static int core_alua_update_tpg_primary_ + char path[ALUA_METADATA_PATH_LEN]; + int len; +=20 ++ pax_track_stack(); ++ + memset(path, 0, ALUA_METADATA_PATH_LEN); +=20 + len =3D snprintf(md_buf, tg_pt_gp->tg_pt_gp_md_buf_len, +@@ -938,6 +940,8 @@ static int core_alua_update_tpg_secondar + char path[ALUA_METADATA_PATH_LEN], wwn[ALUA_SECONDARY_METADATA_WWN_LEN= ]; + int len; +=20 ++ pax_track_stack(); ++ + memset(path, 0, ALUA_METADATA_PATH_LEN); + memset(wwn, 0, ALUA_SECONDARY_METADATA_WWN_LEN); +=20 +diff -urNp linux-2.6.38.6/drivers/target/target_core_cdb.c linux-2.6.38.= 6/drivers/target/target_core_cdb.c +--- linux-2.6.38.6/drivers/target/target_core_cdb.c 2011-04-18 17:27:14.= 000000000 -0400 ++++ linux-2.6.38.6/drivers/target/target_core_cdb.c 2011-05-16 21:47:08.= 000000000 -0400 +@@ -838,6 +838,8 @@ target_emulate_modesense(struct se_cmd * + int length =3D 0; + unsigned char buf[SE_MODE_PAGE_BUF]; +=20 ++ pax_track_stack(); ++ + memset(buf, 0, SE_MODE_PAGE_BUF); +=20 + switch (cdb[2] & 0x3f) { +diff -urNp linux-2.6.38.6/drivers/target/target_core_configfs.c linux-2.= 6.38.6/drivers/target/target_core_configfs.c +--- linux-2.6.38.6/drivers/target/target_core_configfs.c 2011-03-14 21:2= 0:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/target/target_core_configfs.c 2011-05-16 21:4= 7:08.000000000 -0400 +@@ -1279,6 +1279,8 @@ static ssize_t target_core_dev_pr_show_a + ssize_t len =3D 0; + int reg_count =3D 0, prf_isid; +=20 ++ pax_track_stack(); ++ + if (!(su_dev->se_dev_ptr)) + return -ENODEV; +=20 +diff -urNp linux-2.6.38.6/drivers/target/target_core_pr.c linux-2.6.38.6= /drivers/target/target_core_pr.c +--- linux-2.6.38.6/drivers/target/target_core_pr.c 2011-03-14 21:20:32.0= 00000000 -0400 ++++ linux-2.6.38.6/drivers/target/target_core_pr.c 2011-05-16 21:47:08.0= 00000000 -0400 +@@ -918,6 +918,8 @@ static int __core_scsi3_check_aptpl_regi + unsigned char t_port[PR_APTPL_MAX_TPORT_LEN]; + u16 tpgt; +=20 ++ pax_track_stack(); ++ + memset(i_port, 0, PR_APTPL_MAX_IPORT_LEN); + memset(t_port, 0, PR_APTPL_MAX_TPORT_LEN); + /* +@@ -1861,6 +1863,8 @@ static int __core_scsi3_update_aptpl_buf + ssize_t len =3D 0; + int reg_count =3D 0; +=20 ++ pax_track_stack(); ++ + memset(buf, 0, pr_aptpl_buf_len); + /* + * Called to clear metadata once APTPL has been deactivated. +@@ -1983,6 +1987,8 @@ static int __core_scsi3_write_aptpl_to_f + char path[512]; + int ret; +=20 ++ pax_track_stack(); ++ + memset(iov, 0, sizeof(struct iovec)); + memset(path, 0, 512); +=20 diff -urNp linux-2.6.38.6/drivers/target/target_core_tmr.c linux-2.6.38.= 6/drivers/target/target_core_tmr.c --- linux-2.6.38.6/drivers/target/target_core_tmr.c 2011-03-14 21:20:32.= 000000000 -0400 +++ linux-2.6.38.6/drivers/target/target_core_tmr.c 2011-04-28 19:57:25.= 000000000 -0400 @@ -32058,6 +33924,18 @@ diff -urNp linux-2.6.38.6/drivers/target/target_= core_transport.c linux-2.6.38.6/ atomic_read(&T_TASK(cmd)->t_transport_active), atomic_read(&T_TASK(cmd)->t_transport_stop), atomic_read(&T_TASK(cmd)->t_transport_sent)); +diff -urNp linux-2.6.38.6/drivers/telephony/ixj.c linux-2.6.38.6/drivers= /telephony/ixj.c +--- linux-2.6.38.6/drivers/telephony/ixj.c 2011-03-14 21:20:32.000000000= -0400 ++++ linux-2.6.38.6/drivers/telephony/ixj.c 2011-05-16 21:47:08.000000000= -0400 +@@ -4976,6 +4976,8 @@ static int ixj_daa_cid_read(IXJ *j) + bool mContinue; + char *pIn, *pOut; +=20 ++ pax_track_stack(); ++ + if (!SCI_Prepare(j)) + return 0; +=20 diff -urNp linux-2.6.38.6/drivers/tty/hvc/hvc_console.h linux-2.6.38.6/d= rivers/tty/hvc/hvc_console.h --- linux-2.6.38.6/drivers/tty/hvc/hvc_console.h 2011-03-14 21:20:32.000= 000000 -0400 +++ linux-2.6.38.6/drivers/tty/hvc/hvc_console.h 2011-04-28 19:34:15.000= 000000 -0400 @@ -32292,6 +34170,18 @@ diff -urNp linux-2.6.38.6/drivers/tty/serial/kgd= boc.c linux-2.6.38.6/drivers/tty .name =3D "kgdboc", .read_char =3D kgdboc_get_char, .write_char =3D kgdboc_put_char, +diff -urNp linux-2.6.38.6/drivers/tty/serial/mrst_max3110.c linux-2.6.38= .6/drivers/tty/serial/mrst_max3110.c +--- linux-2.6.38.6/drivers/tty/serial/mrst_max3110.c 2011-04-18 17:27:14= .000000000 -0400 ++++ linux-2.6.38.6/drivers/tty/serial/mrst_max3110.c 2011-05-16 21:47:08= .000000000 -0400 +@@ -393,6 +393,8 @@ static void max3110_con_receive(struct u + int loop =3D 1, num, total =3D 0; + u8 recv_buf[512], *pbuf; +=20 ++ pax_track_stack(); ++ + pbuf =3D recv_buf; + do { + num =3D max3110_read_multi(max, pbuf); diff -urNp linux-2.6.38.6/drivers/tty/tty_io.c linux-2.6.38.6/drivers/tt= y/tty_io.c --- linux-2.6.38.6/drivers/tty/tty_io.c 2011-03-14 21:20:32.000000000 -0= 400 +++ linux-2.6.38.6/drivers/tty/tty_io.c 2011-04-28 19:34:15.000000000 -0= 400 @@ -32829,6 +34719,18 @@ diff -urNp linux-2.6.38.6/drivers/usb/early/ehci= -dbgp.c linux-2.6.38.6/drivers/u .name =3D "kgdbdbgp", .read_char =3D kgdbdbgp_read_char, .write_char =3D kgdbdbgp_write_char, +diff -urNp linux-2.6.38.6/drivers/usb/host/xhci-mem.c linux-2.6.38.6/dri= vers/usb/host/xhci-mem.c +--- linux-2.6.38.6/drivers/usb/host/xhci-mem.c 2011-04-22 19:20:59.00000= 0000 -0400 ++++ linux-2.6.38.6/drivers/usb/host/xhci-mem.c 2011-05-16 21:47:08.00000= 0000 -0400 +@@ -1616,6 +1616,8 @@ static int xhci_check_trb_in_td_math(str + unsigned int num_tests; + int i, ret; +=20 ++ pax_track_stack(); ++ + num_tests =3D ARRAY_SIZE(simple_test_vector); + for (i =3D 0; i < num_tests; i++) { + ret =3D xhci_test_trb_in_td(xhci, diff -urNp linux-2.6.38.6/drivers/usb/mon/mon_main.c linux-2.6.38.6/driv= ers/usb/mon/mon_main.c --- linux-2.6.38.6/drivers/usb/mon/mon_main.c 2011-03-14 21:20:32.000000= 000 -0400 +++ linux-2.6.38.6/drivers/usb/mon/mon_main.c 2011-04-28 19:34:15.000000= 000 -0400 @@ -32901,7 +34803,7 @@ diff -urNp linux-2.6.38.6/drivers/video/fbcmap.c = linux-2.6.38.6/drivers/video/fb } diff -urNp linux-2.6.38.6/drivers/video/fbmem.c linux-2.6.38.6/drivers/v= ideo/fbmem.c --- linux-2.6.38.6/drivers/video/fbmem.c 2011-03-14 21:20:32.000000000 -= 0400 -+++ linux-2.6.38.6/drivers/video/fbmem.c 2011-04-28 19:34:15.000000000 -= 0400 ++++ linux-2.6.38.6/drivers/video/fbmem.c 2011-05-16 21:47:08.000000000 -= 0400 @@ -403,7 +403,7 @@ static void fb_do_show_logo(struct fb_in image->dx +=3D image->width + 8; } @@ -32920,7 +34822,25 @@ diff -urNp linux-2.6.38.6/drivers/video/fbmem.c = linux-2.6.38.6/drivers/video/fbm info->fbops->fb_imageblit(info, image); image->dy -=3D image->height + 8; } -@@ -1101,7 +1101,7 @@ static long do_fb_ioctl(struct fb_info * +@@ -897,6 +897,8 @@ fb_set_var(struct fb_info *info, struct=20 + int flags =3D info->flags; + int ret =3D 0; +=20 ++ pax_track_stack(); ++ + if (var->activate & FB_ACTIVATE_INV_MODE) { + struct fb_videomode mode1, mode2; +=20 +@@ -1022,6 +1024,8 @@ static long do_fb_ioctl(struct fb_info * + void __user *argp =3D (void __user *)arg; + long ret =3D 0; +=20 ++ pax_track_stack(); ++ + switch (cmd) { + case FBIOGET_VSCREENINFO: + if (!lock_fb_info(info)) +@@ -1101,7 +1105,7 @@ static long do_fb_ioctl(struct fb_info * return -EFAULT; if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES) return -EINVAL; @@ -33222,6 +35142,18 @@ diff -urNp linux-2.6.38.6/drivers/video/vesafb.c= linux-2.6.38.6/drivers/video/ve if (info->screen_base) iounmap(info->screen_base); framebuffer_release(info); +diff -urNp linux-2.6.38.6/drivers/virtio/virtio_balloon.c linux-2.6.38.6= /drivers/virtio/virtio_balloon.c +--- linux-2.6.38.6/drivers/virtio/virtio_balloon.c 2011-03-14 21:20:32.0= 00000000 -0400 ++++ linux-2.6.38.6/drivers/virtio/virtio_balloon.c 2011-05-16 21:47:08.0= 00000000 -0400 +@@ -176,6 +176,8 @@ static void update_balloon_stats(struct=20 + struct sysinfo i; + int idx =3D 0; +=20 ++ pax_track_stack(); ++ + all_vm_events(events); + si_meminfo(&i); +=20 diff -urNp linux-2.6.38.6/fs/9p/vfs_inode.c linux-2.6.38.6/fs/9p/vfs_ino= de.c --- linux-2.6.38.6/fs/9p/vfs_inode.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/9p/vfs_inode.c 2011-04-28 19:34:15.000000000 -0400 @@ -33236,7 +35168,7 @@ diff -urNp linux-2.6.38.6/fs/9p/vfs_inode.c linux= -2.6.38.6/fs/9p/vfs_inode.c IS_ERR(s) ? "" : s); diff -urNp linux-2.6.38.6/fs/aio.c linux-2.6.38.6/fs/aio.c --- linux-2.6.38.6/fs/aio.c 2011-04-18 17:27:16.000000000 -0400 -+++ linux-2.6.38.6/fs/aio.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/fs/aio.c 2011-05-16 21:47:08.000000000 -0400 @@ -130,7 +130,7 @@ static int aio_setup_ring(struct kioctx=20 size +=3D sizeof(struct io_event) * nr_events; nr_pages =3D (size + PAGE_SIZE-1) >> PAGE_SHIFT; @@ -33246,6 +35178,15 @@ diff -urNp linux-2.6.38.6/fs/aio.c linux-2.6.38.= 6/fs/aio.c return -EINVAL; =20 nr_events =3D (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeo= f(struct io_event); +@@ -1099,6 +1099,8 @@ static int read_events(struct kioctx *ct + struct aio_timeout to; + int retry =3D 0; +=20 ++ pax_track_stack(); ++ + /* needed to zero any padding within an entry (there shouldn't be=20 + * any, but C is fun! + */ diff -urNp linux-2.6.38.6/fs/attr.c linux-2.6.38.6/fs/attr.c --- linux-2.6.38.6/fs/attr.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/attr.c 2011-04-28 19:34:15.000000000 -0400 @@ -33350,7 +35291,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_aout.c linux-= 2.6.38.6/fs/binfmt_aout.c up_write(¤t->mm->mmap_sem); diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c --- linux-2.6.38.6/fs/binfmt_elf.c 2011-04-22 19:20:59.000000000 -0400 -+++ linux-2.6.38.6/fs/binfmt_elf.c 2011-05-02 19:07:09.000000000 -0400 ++++ linux-2.6.38.6/fs/binfmt_elf.c 2011-05-16 21:47:08.000000000 -0400 @@ -51,6 +51,10 @@ static int elf_core_dump(struct coredump #define elf_core_dump NULL #endif @@ -33392,7 +35333,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c return 0; } =20 -@@ -148,12 +159,13 @@ create_elf_tables(struct linux_binprm *b +@@ -148,12 +159,15 @@ create_elf_tables(struct linux_binprm *b elf_addr_t __user *u_rand_bytes; const char *k_platform =3D ELF_PLATFORM; const char *k_base_platform =3D ELF_BASE_PLATFORM; @@ -33404,10 +35345,12 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux= -2.6.38.6/fs/binfmt_elf.c const struct cred *cred =3D current_cred(); struct vm_area_struct *vma; + unsigned long saved_auxv[AT_VECTOR_SIZE]; ++ ++ pax_track_stack(); =20 /* * In some cases (e.g. Hyper-Threading), we want to avoid L1 -@@ -195,8 +207,12 @@ create_elf_tables(struct linux_binprm *b +@@ -195,8 +209,12 @@ create_elf_tables(struct linux_binprm *b * Generate 16 random bytes for userspace PRNG seeding. */ get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); @@ -33422,7 +35365,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes))) return -EFAULT; =20 -@@ -308,9 +324,11 @@ create_elf_tables(struct linux_binprm *b +@@ -308,9 +326,11 @@ create_elf_tables(struct linux_binprm *b return -EFAULT; current->mm->env_end =3D p; =20 @@ -33435,7 +35378,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c return -EFAULT; return 0; } -@@ -381,10 +399,10 @@ static unsigned long load_elf_interp(str +@@ -381,10 +401,10 @@ static unsigned long load_elf_interp(str { struct elf_phdr *elf_phdata; struct elf_phdr *eppnt; @@ -33448,7 +35391,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c unsigned long total_size; int retval, i, size; =20 -@@ -430,6 +448,11 @@ static unsigned long load_elf_interp(str +@@ -430,6 +450,11 @@ static unsigned long load_elf_interp(str goto out_close; } =20 @@ -33460,7 +35403,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c eppnt =3D elf_phdata; for (i =3D 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { if (eppnt->p_type =3D=3D PT_LOAD) { -@@ -473,8 +496,8 @@ static unsigned long load_elf_interp(str +@@ -473,8 +498,8 @@ static unsigned long load_elf_interp(str k =3D load_addr + eppnt->p_vaddr; if (BAD_ADDR(k) || eppnt->p_filesz > eppnt->p_memsz || @@ -33471,7 +35414,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c error =3D -ENOMEM; goto out_close; } -@@ -528,6 +551,193 @@ out: +@@ -528,6 +553,193 @@ out: return error; } =20 @@ -33665,7 +35608,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c /* * These are the functions used to load ELF style executables and share= d * libraries. There is no binary dependent code anywhere else. -@@ -544,6 +754,11 @@ static unsigned long randomize_stack_top +@@ -544,6 +756,11 @@ static unsigned long randomize_stack_top { unsigned int random_variable =3D 0; =20 @@ -33677,7 +35620,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable =3D get_random_int() & STACK_RND_MASK; -@@ -562,7 +777,7 @@ static int load_elf_binary(struct linux_ +@@ -562,7 +779,7 @@ static int load_elf_binary(struct linux_ unsigned long load_addr =3D 0, load_bias =3D 0; int load_addr_set =3D 0; char * elf_interpreter =3D NULL; @@ -33686,7 +35629,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -572,11 +787,11 @@ static int load_elf_binary(struct linux_ +@@ -572,11 +789,11 @@ static int load_elf_binary(struct linux_ unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc =3D 0; int executable_stack =3D EXSTACK_DEFAULT; @@ -33699,7 +35642,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c =20 loc =3D kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -714,11 +929,81 @@ static int load_elf_binary(struct linux_ +@@ -714,11 +931,81 @@ static int load_elf_binary(struct linux_ =20 /* OK, This is the point of no return */ current->flags &=3D ~PF_FORKNOEXEC; @@ -33782,7 +35725,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |=3D READ_IMPLIES_EXEC; =20 -@@ -800,6 +1085,20 @@ static int load_elf_binary(struct linux_ +@@ -800,6 +1087,20 @@ static int load_elf_binary(struct linux_ #else load_bias =3D ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -33803,7 +35746,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c } =20 error =3D elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -832,9 +1131,9 @@ static int load_elf_binary(struct linux_ +@@ -832,9 +1133,9 @@ static int load_elf_binary(struct linux_ * allowed task size. Note that p_filesz must always be * <=3D p_memsz so it is only necessary to check p_memsz. */ @@ -33816,7 +35759,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval =3D -EINVAL; -@@ -862,6 +1161,11 @@ static int load_elf_binary(struct linux_ +@@ -862,6 +1163,11 @@ static int load_elf_binary(struct linux_ start_data +=3D load_bias; end_data +=3D load_bias; =20 @@ -33828,7 +35771,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c /* Calling set_brk effectively mmaps the pages that we need * for the bss and break sections. We must do this before * mapping in the interpreter, to make sure it doesn't wind -@@ -873,9 +1177,11 @@ static int load_elf_binary(struct linux_ +@@ -873,9 +1179,11 @@ static int load_elf_binary(struct linux_ goto out_free_dentry; } if (likely(elf_bss !=3D elf_brk) && unlikely(padzero(elf_bss))) { @@ -33843,7 +35786,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c } =20 if (elf_interpreter) { -@@ -1090,7 +1396,7 @@ out: +@@ -1090,7 +1398,7 @@ out: * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -33852,7 +35795,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) =20 -@@ -1124,7 +1430,7 @@ static unsigned long vma_dump_size(struc +@@ -1124,7 +1432,7 @@ static unsigned long vma_dump_size(struc if (vma->vm_file =3D=3D NULL) return 0; =20 @@ -33861,7 +35804,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c goto whole; =20 /* -@@ -1346,9 +1652,9 @@ static void fill_auxv_note(struct memelf +@@ -1346,9 +1654,9 @@ static void fill_auxv_note(struct memelf { elf_addr_t *auxv =3D (elf_addr_t *) mm->saved_auxv; int i =3D 0; @@ -33873,7 +35816,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } =20 -@@ -1854,14 +2160,14 @@ static void fill_extnum_info(struct elfh +@@ -1854,14 +2162,14 @@ static void fill_extnum_info(struct elfh } =20 static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -33890,7 +35833,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c return size; } =20 -@@ -1955,7 +2261,7 @@ static int elf_core_dump(struct coredump +@@ -1955,7 +2263,7 @@ static int elf_core_dump(struct coredump =20 dataoff =3D offset =3D roundup(offset, ELF_EXEC_PAGESIZE); =20 @@ -33899,7 +35842,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c offset +=3D elf_core_extra_data_size(); e_shoff =3D offset; =20 -@@ -1969,10 +2275,12 @@ static int elf_core_dump(struct coredump +@@ -1969,10 +2277,12 @@ static int elf_core_dump(struct coredump offset =3D dataoff; =20 size +=3D sizeof(*elf); @@ -33912,7 +35855,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -1986,7 +2294,7 @@ static int elf_core_dump(struct coredump +@@ -1986,7 +2296,7 @@ static int elf_core_dump(struct coredump phdr.p_offset =3D offset; phdr.p_vaddr =3D vma->vm_start; phdr.p_paddr =3D 0; @@ -33921,7 +35864,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c phdr.p_memsz =3D vma->vm_end - vma->vm_start; offset +=3D phdr.p_filesz; phdr.p_flags =3D vma->vm_flags & VM_READ ? PF_R : 0; -@@ -1997,6 +2305,7 @@ static int elf_core_dump(struct coredump +@@ -1997,6 +2307,7 @@ static int elf_core_dump(struct coredump phdr.p_align =3D ELF_EXEC_PAGESIZE; =20 size +=3D sizeof(phdr); @@ -33929,7 +35872,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2021,7 +2330,7 @@ static int elf_core_dump(struct coredump +@@ -2021,7 +2332,7 @@ static int elf_core_dump(struct coredump unsigned long addr; unsigned long end; =20 @@ -33938,7 +35881,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c =20 for (addr =3D vma->vm_start; addr < end; addr +=3D PAGE_SIZE) { struct page *page; -@@ -2030,6 +2339,7 @@ static int elf_core_dump(struct coredump +@@ -2030,6 +2341,7 @@ static int elf_core_dump(struct coredump page =3D get_dump_page(addr); if (page) { void *kaddr =3D kmap(page); @@ -33946,7 +35889,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c stop =3D ((size +=3D PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2047,6 +2357,7 @@ static int elf_core_dump(struct coredump +@@ -2047,6 +2359,7 @@ static int elf_core_dump(struct coredump =20 if (e_phnum =3D=3D PN_XNUM) { size +=3D sizeof(*shdr4extnum); @@ -33954,7 +35897,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2= .6.38.6/fs/binfmt_elf.c if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2067,6 +2378,97 @@ out: +@@ -2067,6 +2380,97 @@ out: =20 #endif /* CONFIG_ELF_CORE */ =20 @@ -34747,7 +36690,7 @@ diff -urNp linux-2.6.38.6/fs/compat_binfmt_elf.c = linux-2.6.38.6/fs/compat_binfmt /* diff -urNp linux-2.6.38.6/fs/compat.c linux-2.6.38.6/fs/compat.c --- linux-2.6.38.6/fs/compat.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/compat.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/fs/compat.c 2011-05-16 21:47:08.000000000 -0400 @@ -594,7 +594,7 @@ ssize_t compat_rw_copy_check_uvector(int goto out; =20 @@ -34927,6 +36870,15 @@ diff -urNp linux-2.6.38.6/fs/compat.c linux-2.6.= 38.6/fs/compat.c out: if (bprm->mm) { acct_arg_size(bprm, 0); +@@ -1712,6 +1787,8 @@ int compat_core_sys_select(int n, compat + struct fdtable *fdt; + long stack_fds[SELECT_STACK_ALLOC/sizeof(long)]; +=20 ++ pax_track_stack(); ++ + if (n < 0) + goto out_nofds; +=20 diff -urNp linux-2.6.38.6/fs/compat_ioctl.c linux-2.6.38.6/fs/compat_ioc= tl.c --- linux-2.6.38.6/fs/compat_ioctl.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/compat_ioctl.c 2011-04-28 19:34:15.000000000 -0400 @@ -35707,7 +37659,7 @@ diff -urNp linux-2.6.38.6/fs/ext4/ext4.h linux-2.= 6.38.6/fs/ext4/ext4.h /* locality groups */ diff -urNp linux-2.6.38.6/fs/ext4/mballoc.c linux-2.6.38.6/fs/ext4/mball= oc.c --- linux-2.6.38.6/fs/ext4/mballoc.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/ext4/mballoc.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/fs/ext4/mballoc.c 2011-05-16 21:47:08.000000000 -0400 @@ -1846,7 +1846,7 @@ void ext4_mb_simple_scan_group(struct ex BUG_ON(ac->ac_b_ex.fe_len !=3D ac->ac_g_ex.fe_len); =20 @@ -35726,7 +37678,16 @@ diff -urNp linux-2.6.38.6/fs/ext4/mballoc.c linu= x-2.6.38.6/fs/ext4/mballoc.c goto repeat; } } -@@ -2606,25 +2606,25 @@ int ext4_mb_release(struct super_block * +@@ -2183,6 +2183,8 @@ static int ext4_mb_seq_groups_show(struc + ext4_grpblk_t counters[16]; + } sg; +=20 ++ pax_track_stack(); ++ + group--; + if (group =3D=3D 0) + seq_printf(seq, "#%-5s: %-5s %-5s %-5s " +@@ -2606,25 +2608,25 @@ int ext4_mb_release(struct super_block * if (sbi->s_mb_stats) { printk(KERN_INFO "EXT4-fs: mballoc: %u blocks %u reqs (%u success)\n", @@ -35762,7 +37723,7 @@ diff -urNp linux-2.6.38.6/fs/ext4/mballoc.c linux= -2.6.38.6/fs/ext4/mballoc.c } =20 free_percpu(sbi->s_locality_groups); -@@ -3100,16 +3100,16 @@ static void ext4_mb_collect_stats(struct +@@ -3100,16 +3102,16 @@ static void ext4_mb_collect_stats(struct struct ext4_sb_info *sbi =3D EXT4_SB(ac->ac_sb); =20 if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -35785,7 +37746,7 @@ diff -urNp linux-2.6.38.6/fs/ext4/mballoc.c linux= -2.6.38.6/fs/ext4/mballoc.c } =20 if (ac->ac_op =3D=3D EXT4_MB_HISTORY_ALLOC) -@@ -3507,7 +3507,7 @@ ext4_mb_new_inode_pa(struct ext4_allocat +@@ -3507,7 +3509,7 @@ ext4_mb_new_inode_pa(struct ext4_allocat trace_ext4_mb_new_inode_pa(ac, pa); =20 ext4_mb_use_inode_pa(ac, pa); @@ -35794,7 +37755,7 @@ diff -urNp linux-2.6.38.6/fs/ext4/mballoc.c linux= -2.6.38.6/fs/ext4/mballoc.c =20 ei =3D EXT4_I(ac->ac_inode); grp =3D ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3567,7 +3567,7 @@ ext4_mb_new_group_pa(struct ext4_allocat +@@ -3567,7 +3569,7 @@ ext4_mb_new_group_pa(struct ext4_allocat trace_ext4_mb_new_group_pa(ac, pa); =20 ext4_mb_use_group_pa(ac, pa); @@ -35803,7 +37764,7 @@ diff -urNp linux-2.6.38.6/fs/ext4/mballoc.c linux= -2.6.38.6/fs/ext4/mballoc.c =20 grp =3D ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg =3D ac->ac_lg; -@@ -3654,7 +3654,7 @@ ext4_mb_release_inode_pa(struct ext4_bud +@@ -3654,7 +3656,7 @@ ext4_mb_release_inode_pa(struct ext4_bud * from the bitmap and continue. */ } @@ -35812,7 +37773,7 @@ diff -urNp linux-2.6.38.6/fs/ext4/mballoc.c linux= -2.6.38.6/fs/ext4/mballoc.c =20 return err; } -@@ -3672,7 +3672,7 @@ ext4_mb_release_group_pa(struct ext4_bud +@@ -3672,7 +3674,7 @@ ext4_mb_release_group_pa(struct ext4_bud ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group !=3D e4b->bd_group && pa->pa_len !=3D 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -37539,8 +39500,17 @@ diff -urNp linux-2.6.38.6/fs/fuse/fuse_i.h linux= -2.6.38.6/fs/fuse/fuse_i.h */ diff -urNp linux-2.6.38.6/fs/gfs2/ops_inode.c linux-2.6.38.6/fs/gfs2/ops= _inode.c --- linux-2.6.38.6/fs/gfs2/ops_inode.c 2011-03-14 21:20:32.000000000 -04= 00 -+++ linux-2.6.38.6/fs/gfs2/ops_inode.c 2011-05-11 18:34:57.000000000 -04= 00 -@@ -1019,7 +1019,7 @@ out: ++++ linux-2.6.38.6/fs/gfs2/ops_inode.c 2011-05-16 21:47:08.000000000 -04= 00 +@@ -740,6 +740,8 @@ static int gfs2_rename(struct inode *odi + unsigned int x; + int error; +=20 ++ pax_track_stack(); ++ + if (ndentry->d_inode) { + nip =3D GFS2_I(ndentry->d_inode); + if (ip =3D=3D nip) +@@ -1019,7 +1021,7 @@ out: =20 static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, = void *p) { @@ -37549,6 +39519,102 @@ diff -urNp linux-2.6.38.6/fs/gfs2/ops_inode.c l= inux-2.6.38.6/fs/gfs2/ops_inode.c if (!IS_ERR(s)) kfree(s); } +diff -urNp linux-2.6.38.6/fs/hfsplus/catalog.c linux-2.6.38.6/fs/hfsplus= /catalog.c +--- linux-2.6.38.6/fs/hfsplus/catalog.c 2011-03-14 21:20:32.000000000 -0= 400 ++++ linux-2.6.38.6/fs/hfsplus/catalog.c 2011-05-16 21:47:08.000000000 -0= 400 +@@ -179,6 +179,8 @@ int hfsplus_find_cat(struct super_block=20 + int err; + u16 type; +=20 ++ pax_track_stack(); ++ + hfsplus_cat_build_key(sb, fd->search_key, cnid, NULL); + err =3D hfs_brec_read(fd, &tmp, sizeof(hfsplus_cat_entry)); + if (err) +@@ -210,6 +212,8 @@ int hfsplus_create_cat(u32 cnid, struct=20 + int entry_size; + int err; +=20 ++ pax_track_stack(); ++ + dprint(DBG_CAT_MOD, "create_cat: %s,%u(%d)\n", + str->name, cnid, inode->i_nlink); + hfs_find_init(HFSPLUS_SB(sb)->cat_tree, &fd); +@@ -349,6 +353,8 @@ int hfsplus_rename_cat(u32 cnid, + int entry_size, type; + int err =3D 0; +=20 ++ pax_track_stack(); ++ + dprint(DBG_CAT_MOD, "rename_cat: %u - %lu,%s - %lu,%s\n", + cnid, src_dir->i_ino, src_name->name, + dst_dir->i_ino, dst_name->name); +diff -urNp linux-2.6.38.6/fs/hfsplus/dir.c linux-2.6.38.6/fs/hfsplus/dir= .c +--- linux-2.6.38.6/fs/hfsplus/dir.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/hfsplus/dir.c 2011-05-16 21:47:08.000000000 -0400 +@@ -129,6 +129,8 @@ static int hfsplus_readdir(struct file * + struct hfsplus_readdir_data *rd; + u16 type; +=20 ++ pax_track_stack(); ++ + if (filp->f_pos >=3D inode->i_size) + return 0; +=20 +diff -urNp linux-2.6.38.6/fs/hfsplus/inode.c linux-2.6.38.6/fs/hfsplus/i= node.c +--- linux-2.6.38.6/fs/hfsplus/inode.c 2011-03-14 21:20:32.000000000 -040= 0 ++++ linux-2.6.38.6/fs/hfsplus/inode.c 2011-05-16 21:47:08.000000000 -040= 0 +@@ -491,6 +491,8 @@ int hfsplus_cat_read_inode(struct inode=20 + int res =3D 0; + u16 type; +=20 ++ pax_track_stack(); ++ + type =3D hfs_bnode_read_u16(fd->bnode, fd->entryoffset); +=20 + HFSPLUS_I(inode)->linkid =3D 0; +@@ -554,6 +556,8 @@ int hfsplus_cat_write_inode(struct inode + struct hfs_find_data fd; + hfsplus_cat_entry entry; +=20 ++ pax_track_stack(); ++ + if (HFSPLUS_IS_RSRC(inode)) + main_inode =3D HFSPLUS_I(inode)->rsrc_inode; +=20 +diff -urNp linux-2.6.38.6/fs/hfsplus/ioctl.c linux-2.6.38.6/fs/hfsplus/i= octl.c +--- linux-2.6.38.6/fs/hfsplus/ioctl.c 2011-03-14 21:20:32.000000000 -040= 0 ++++ linux-2.6.38.6/fs/hfsplus/ioctl.c 2011-05-16 21:47:08.000000000 -040= 0 +@@ -122,6 +122,8 @@ int hfsplus_setxattr(struct dentry *dent + struct hfsplus_cat_file *file; + int res; +=20 ++ pax_track_stack(); ++ + if (!S_ISREG(inode->i_mode) || HFSPLUS_IS_RSRC(inode)) + return -EOPNOTSUPP; +=20 +@@ -166,6 +168,8 @@ ssize_t hfsplus_getxattr(struct dentry * + struct hfsplus_cat_file *file; + ssize_t res =3D 0; +=20 ++ pax_track_stack(); ++ + if (!S_ISREG(inode->i_mode) || HFSPLUS_IS_RSRC(inode)) + return -EOPNOTSUPP; +=20 +diff -urNp linux-2.6.38.6/fs/hfsplus/super.c linux-2.6.38.6/fs/hfsplus/s= uper.c +--- linux-2.6.38.6/fs/hfsplus/super.c 2011-03-14 21:20:32.000000000 -040= 0 ++++ linux-2.6.38.6/fs/hfsplus/super.c 2011-05-16 21:47:08.000000000 -040= 0 +@@ -340,6 +340,8 @@ static int hfsplus_fill_super(struct sup + struct nls_table *nls =3D NULL; + int err; +=20 ++ pax_track_stack(); ++ + err =3D -EINVAL; + sbi =3D kzalloc(sizeof(*sbi), GFP_KERNEL); + if (!sbi) diff -urNp linux-2.6.38.6/fs/hugetlbfs/inode.c linux-2.6.38.6/fs/hugetlb= fs/inode.c --- linux-2.6.38.6/fs/hugetlbfs/inode.c 2011-03-14 21:20:32.000000000 -0= 400 +++ linux-2.6.38.6/fs/hugetlbfs/inode.c 2011-04-28 19:34:15.000000000 -0= 400 @@ -37575,6 +39641,51 @@ diff -urNp linux-2.6.38.6/fs/inode.c linux-2.6.3= 8.6/fs/inode.c =20 res =3D next - LAST_INO_BATCH; } +diff -urNp linux-2.6.38.6/fs/jbd/checkpoint.c linux-2.6.38.6/fs/jbd/chec= kpoint.c +--- linux-2.6.38.6/fs/jbd/checkpoint.c 2011-03-14 21:20:32.000000000 -04= 00 ++++ linux-2.6.38.6/fs/jbd/checkpoint.c 2011-05-16 21:47:08.000000000 -04= 00 +@@ -350,6 +350,8 @@ int log_do_checkpoint(journal_t *journal + tid_t this_tid; + int result; +=20 ++ pax_track_stack(); ++ + jbd_debug(1, "Start checkpoint\n"); +=20 + /* +diff -urNp linux-2.6.38.6/fs/jffs2/compr_rtime.c linux-2.6.38.6/fs/jffs2= /compr_rtime.c +--- linux-2.6.38.6/fs/jffs2/compr_rtime.c 2011-03-14 21:20:32.000000000 = -0400 ++++ linux-2.6.38.6/fs/jffs2/compr_rtime.c 2011-05-16 21:47:08.000000000 = -0400 +@@ -37,6 +37,8 @@ static int jffs2_rtime_compress(unsigned + int outpos =3D 0; + int pos=3D0; +=20 ++ pax_track_stack(); ++ + memset(positions,0,sizeof(positions)); +=20 + while (pos < (*sourcelen) && outpos <=3D (*dstlen)-2) { +@@ -78,6 +80,8 @@ static int jffs2_rtime_decompress(unsign + int outpos =3D 0; + int pos=3D0; +=20 ++ pax_track_stack(); ++ + memset(positions,0,sizeof(positions)); +=20 + while (outposflags & JFFS2_SB_FLAG_BUILDING)); +=20 ++ pax_track_stack(); ++ + /* Phase.1 : Merge same xref */ + for (i=3D0; i < XREF_TMPHASH_SIZE; i++) + xref_tmphash[i] =3D NULL; diff -urNp linux-2.6.38.6/fs/Kconfig.binfmt linux-2.6.38.6/fs/Kconfig.bi= nfmt --- linux-2.6.38.6/fs/Kconfig.binfmt 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/Kconfig.binfmt 2011-04-28 19:34:15.000000000 -0400 @@ -37642,7 +39765,7 @@ diff -urNp linux-2.6.38.6/fs/libfs.c linux-2.6.38= .6/fs/libfs.c dt_type(next->d_inode)) < 0) diff -urNp linux-2.6.38.6/fs/lockd/clntproc.c linux-2.6.38.6/fs/lockd/cl= ntproc.c --- linux-2.6.38.6/fs/lockd/clntproc.c 2011-03-14 21:20:32.000000000 -04= 00 -+++ linux-2.6.38.6/fs/lockd/clntproc.c 2011-04-28 19:57:25.000000000 -04= 00 ++++ linux-2.6.38.6/fs/lockd/clntproc.c 2011-05-16 21:47:08.000000000 -04= 00 @@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt /* * Cookie counter for NLM requests @@ -37657,6 +39780,15 @@ diff -urNp linux-2.6.38.6/fs/lockd/clntproc.c li= nux-2.6.38.6/fs/lockd/clntproc.c =20 memcpy(c->data, &cookie, 4); c->len=3D4; +@@ -620,6 +620,8 @@ nlmclnt_reclaim(struct nlm_host *host, s + struct nlm_rqst reqst, *req; + int status; +=20 ++ pax_track_stack(); ++ + req =3D &reqst; + memset(req, 0, sizeof(*req)); + locks_init_lock(&req->a_args.lock.fl); diff -urNp linux-2.6.38.6/fs/lockd/svc.c linux-2.6.38.6/fs/lockd/svc.c --- linux-2.6.38.6/fs/lockd/svc.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/lockd/svc.c 2011-04-28 19:34:15.000000000 -0400 @@ -37693,9 +39825,21 @@ diff -urNp linux-2.6.38.6/fs/locks.c linux-2.6.3= 8.6/fs/locks.c } =20 lock_flocks(); +diff -urNp linux-2.6.38.6/fs/logfs/super.c linux-2.6.38.6/fs/logfs/super= .c +--- linux-2.6.38.6/fs/logfs/super.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/logfs/super.c 2011-05-16 21:47:08.000000000 -0400 +@@ -266,6 +266,8 @@ static int logfs_recover_sb(struct super + struct logfs_disk_super _ds1, *ds1 =3D &_ds1; + int err, valid0, valid1; +=20 ++ pax_track_stack(); ++ + /* read first superblock */ + err =3D wbuf_read(sb, super->s_sb_ofs[0], sizeof(*ds0), ds0); + if (err) diff -urNp linux-2.6.38.6/fs/namei.c linux-2.6.38.6/fs/namei.c --- linux-2.6.38.6/fs/namei.c 2011-04-22 19:20:59.000000000 -0400 -+++ linux-2.6.38.6/fs/namei.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/fs/namei.c 2011-05-16 21:47:08.000000000 -0400 @@ -226,14 +226,6 @@ int generic_permission(struct inode *ino return ret; =20 @@ -38131,7 +40275,16 @@ diff -urNp linux-2.6.38.6/fs/namei.c linux-2.6.3= 8.6/fs/namei.c out_drop_write: mnt_drop_write(nd.path.mnt); out_dput: -@@ -3404,6 +3556,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c +@@ -3348,6 +3500,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c + char *to; + int error; +=20 ++ pax_track_stack(); ++ + error =3D user_path_parent(olddfd, oldname, &oldnd, &from); + if (error) + goto exit; +@@ -3404,6 +3558,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c if (new_dentry =3D=3D trap) goto exit5; =20 @@ -38144,7 +40297,7 @@ diff -urNp linux-2.6.38.6/fs/namei.c linux-2.6.38= .6/fs/namei.c error =3D mnt_want_write(oldnd.path.mnt); if (error) goto exit5; -@@ -3413,6 +3571,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c +@@ -3413,6 +3573,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c goto exit6; error =3D vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry); @@ -38154,7 +40307,7 @@ diff -urNp linux-2.6.38.6/fs/namei.c linux-2.6.38= .6/fs/namei.c exit6: mnt_drop_write(oldnd.path.mnt); exit5: -@@ -3438,6 +3599,8 @@ SYSCALL_DEFINE2(rename, const char __use +@@ -3438,6 +3601,8 @@ SYSCALL_DEFINE2(rename, const char __use =20 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen= , const char *link) { @@ -38163,7 +40316,7 @@ diff -urNp linux-2.6.38.6/fs/namei.c linux-2.6.38= .6/fs/namei.c int len; =20 len =3D PTR_ERR(link); -@@ -3447,7 +3610,14 @@ int vfs_readlink(struct dentry *dentry,=20 +@@ -3447,7 +3612,14 @@ int vfs_readlink(struct dentry *dentry,=20 len =3D strlen(link); if (len > (unsigned) buflen) len =3D buflen; @@ -38242,6 +40395,66 @@ diff -urNp linux-2.6.38.6/fs/namespace.c linux-2= .6.38.6/fs/namespace.c get_fs_root(current->fs, &root); down_write(&namespace_sem); mutex_lock(&old.dentry->d_inode->i_mutex); +diff -urNp linux-2.6.38.6/fs/ncpfs/dir.c linux-2.6.38.6/fs/ncpfs/dir.c +--- linux-2.6.38.6/fs/ncpfs/dir.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/ncpfs/dir.c 2011-05-16 21:47:09.000000000 -0400 +@@ -299,6 +299,8 @@ ncp_lookup_validate(struct dentry *dentr + int res, val =3D 0, len; + __u8 __name[NCP_MAXPATHLEN + 1]; +=20 ++ pax_track_stack(); ++ + if (dentry =3D=3D dentry->d_sb->s_root) + return 1; +=20 +@@ -844,6 +846,8 @@ static struct dentry *ncp_lookup(struct=20 + int error, res, len; + __u8 __name[NCP_MAXPATHLEN + 1]; +=20 ++ pax_track_stack(); ++ + error =3D -EIO; + if (!ncp_conn_valid(server)) + goto finished; +@@ -931,6 +935,8 @@ int ncp_create_new(struct inode *dir, st + PPRINTK("ncp_create_new: creating %s/%s, mode=3D%x\n", + dentry->d_parent->d_name.name, dentry->d_name.name, mode); +=20 ++ pax_track_stack(); ++ + ncp_age_dentry(server, dentry); + len =3D sizeof(__name); + error =3D ncp_io2vol(server, __name, &len, dentry->d_name.name, +@@ -992,6 +998,8 @@ static int ncp_mkdir(struct inode *dir,=20 + int error, len; + __u8 __name[NCP_MAXPATHLEN + 1]; +=20 ++ pax_track_stack(); ++ + DPRINTK("ncp_mkdir: making %s/%s\n", + dentry->d_parent->d_name.name, dentry->d_name.name); +=20 +@@ -1135,6 +1143,8 @@ static int ncp_rename(struct inode *old_ + int old_len, new_len; + __u8 __old_name[NCP_MAXPATHLEN + 1], __new_name[NCP_MAXPATHLEN + 1]; +=20 ++ pax_track_stack(); ++ + DPRINTK("ncp_rename: %s/%s to %s/%s\n", + old_dentry->d_parent->d_name.name, old_dentry->d_name.name, + new_dentry->d_parent->d_name.name, new_dentry->d_name.name); +diff -urNp linux-2.6.38.6/fs/ncpfs/inode.c linux-2.6.38.6/fs/ncpfs/inode= .c +--- linux-2.6.38.6/fs/ncpfs/inode.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/ncpfs/inode.c 2011-05-16 21:47:09.000000000 -0400 +@@ -461,6 +461,8 @@ static int ncp_fill_super(struct super_b + #endif + struct ncp_entry_info finfo; +=20 ++ pax_track_stack(); ++ + data.wdog_pid =3D NULL; + server =3D kzalloc(sizeof(struct ncp_server), GFP_KERNEL); + if (!server) diff -urNp linux-2.6.38.6/fs/nfs/inode.c linux-2.6.38.6/fs/nfs/inode.c --- linux-2.6.38.6/fs/nfs/inode.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/nfs/inode.c 2011-04-28 19:34:15.000000000 -0400 @@ -38277,6 +40490,30 @@ diff -urNp linux-2.6.38.6/fs/nfsd/lockd.c linux-= 2.6.38.6/fs/nfsd/lockd.c .fopen =3D nlm_fopen, /* open file for locking */ .fclose =3D nlm_fclose, /* close file */ }; +diff -urNp linux-2.6.38.6/fs/nfsd/nfs4state.c linux-2.6.38.6/fs/nfsd/nfs= 4state.c +--- linux-2.6.38.6/fs/nfsd/nfs4state.c 2011-05-10 22:06:27.000000000 -04= 00 ++++ linux-2.6.38.6/fs/nfsd/nfs4state.c 2011-05-16 21:47:09.000000000 -04= 00 +@@ -3783,6 +3783,8 @@ nfsd4_lock(struct svc_rqst *rqstp, struc + unsigned int strhashval; + int err; +=20 ++ pax_track_stack(); ++ + dprintk("NFSD: nfsd4_lock: start=3D%Ld length=3D%Ld\n", + (long long) lock->lk_offset, + (long long) lock->lk_length); +diff -urNp linux-2.6.38.6/fs/nfsd/nfs4xdr.c linux-2.6.38.6/fs/nfsd/nfs4x= dr.c +--- linux-2.6.38.6/fs/nfsd/nfs4xdr.c 2011-04-18 17:27:16.000000000 -0400 ++++ linux-2.6.38.6/fs/nfsd/nfs4xdr.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1793,6 +1793,8 @@ nfsd4_encode_fattr(struct svc_fh *fhp, s + .dentry =3D dentry, + }; +=20 ++ pax_track_stack(); ++ + BUG_ON(bmval1 & NFSD_WRITEONLY_ATTRS_WORD1); + BUG_ON(bmval0 & ~nfsd_suppattrs0(minorversion)); + BUG_ON(bmval1 & ~nfsd_suppattrs1(minorversion)); diff -urNp linux-2.6.38.6/fs/nfsd/nfsctl.c linux-2.6.38.6/fs/nfsd/nfsctl= .c --- linux-2.6.38.6/fs/nfsd/nfsctl.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/nfsd/nfsctl.c 2011-04-28 19:34:15.000000000 -0400 @@ -38388,6 +40625,18 @@ diff -urNp linux-2.6.38.6/fs/ocfs2/localalloc.c = linux-2.6.38.6/fs/ocfs2/localall =20 bail: if (handle) +diff -urNp linux-2.6.38.6/fs/ocfs2/namei.c linux-2.6.38.6/fs/ocfs2/namei= .c +--- linux-2.6.38.6/fs/ocfs2/namei.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/ocfs2/namei.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1064,6 +1064,8 @@ static int ocfs2_rename(struct inode *ol + struct ocfs2_dir_lookup_result orphan_insert =3D { NULL, }; + struct ocfs2_dir_lookup_result target_insert =3D { NULL, }; +=20 ++ pax_track_stack(); ++ + /* At some point it might be nice to break this function up a + * bit. */ +=20 diff -urNp linux-2.6.38.6/fs/ocfs2/ocfs2.h linux-2.6.38.6/fs/ocfs2/ocfs2= .h --- linux-2.6.38.6/fs/ocfs2/ocfs2.h 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/ocfs2/ocfs2.h 2011-04-28 19:34:15.000000000 -0400 @@ -38802,7 +41051,7 @@ diff -urNp linux-2.6.38.6/fs/pipe.c linux-2.6.38.= 6/fs/pipe.c /* diff -urNp linux-2.6.38.6/fs/proc/array.c linux-2.6.38.6/fs/proc/array.c --- linux-2.6.38.6/fs/proc/array.c 2011-04-18 17:27:16.000000000 -0400 -+++ linux-2.6.38.6/fs/proc/array.c 2011-05-10 21:34:42.000000000 -0400 ++++ linux-2.6.38.6/fs/proc/array.c 2011-05-16 21:47:08.000000000 -0400 @@ -60,6 +60,7 @@ #include #include @@ -38858,7 +41107,7 @@ diff -urNp linux-2.6.38.6/fs/proc/array.c linux-2= .6.38.6/fs/proc/array.c static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task, int whole) { -@@ -375,7 +406,7 @@ static int do_task_stat(struct seq_file=20 +@@ -375,9 +406,11 @@ static int do_task_stat(struct seq_file=20 cputime_t cutime, cstime, utime, stime; cputime_t cgtime, gtime; unsigned long rsslim =3D 0; @@ -38866,8 +41115,12 @@ diff -urNp linux-2.6.38.6/fs/proc/array.c linux-= 2.6.38.6/fs/proc/array.c + char tcomm[sizeof(task->comm)] =3D { 0 }; unsigned long flags; =20 ++ pax_track_stack(); ++ state =3D *get_task_state(task); -@@ -449,6 +480,19 @@ static int do_task_stat(struct seq_file=20 + vsize =3D eip =3D esp =3D 0; + permitted =3D ptrace_may_access(task, PTRACE_MODE_READ); +@@ -449,6 +482,19 @@ static int do_task_stat(struct seq_file=20 gtime =3D task->gtime; } =20 @@ -38887,7 +41140,7 @@ diff -urNp linux-2.6.38.6/fs/proc/array.c linux-2= .6.38.6/fs/proc/array.c /* scale priority and nice values from timeslices to -20..20 */ /* to make it look like a "normal" Unix priority/nice value */ priority =3D task_prio(task); -@@ -489,9 +533,15 @@ static int do_task_stat(struct seq_file=20 +@@ -489,9 +535,15 @@ static int do_task_stat(struct seq_file=20 vsize, mm ? get_mm_rss(mm) : 0, rsslim, @@ -38903,7 +41156,7 @@ diff -urNp linux-2.6.38.6/fs/proc/array.c linux-2= .6.38.6/fs/proc/array.c esp, eip, /* The signal information here is obsolete. -@@ -544,3 +594,18 @@ int proc_pid_statm(struct seq_file *m, s +@@ -544,3 +596,18 @@ int proc_pid_statm(struct seq_file *m, s =20 return 0; } @@ -39443,8 +41696,17 @@ diff -urNp linux-2.6.38.6/fs/proc/Kconfig linux-= 2.6.38.6/fs/proc/Kconfig Various /proc files exist to monitor process memory utilization: diff -urNp linux-2.6.38.6/fs/proc/kcore.c linux-2.6.38.6/fs/proc/kcore.c --- linux-2.6.38.6/fs/proc/kcore.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/proc/kcore.c 2011-04-28 19:34:15.000000000 -0400 -@@ -478,9 +478,10 @@ read_kcore(struct file *file, char __use ++++ linux-2.6.38.6/fs/proc/kcore.c 2011-05-16 21:47:08.000000000 -0400 +@@ -321,6 +321,8 @@ static void elf_kcore_store_hdr(char *bu + off_t offset =3D 0; + struct kcore_list *m; +=20 ++ pax_track_stack(); ++ + /* setup ELF header */ + elf =3D (struct elfhdr *) bufp; + bufp +=3D sizeof(struct elfhdr); +@@ -478,9 +480,10 @@ read_kcore(struct file *file, char __use * the addresses in the elf_phdr on our list. */ start =3D kc_offset_to_vaddr(*fpos - elf_buflen); @@ -39457,7 +41719,7 @@ diff -urNp linux-2.6.38.6/fs/proc/kcore.c linux-2= .6.38.6/fs/proc/kcore.c while (buflen) { struct kcore_list *m; =20 -@@ -509,20 +510,23 @@ read_kcore(struct file *file, char __use +@@ -509,20 +512,23 @@ read_kcore(struct file *file, char __use kfree(elf_buf); } else { if (kern_addr_valid(start)) { @@ -39492,7 +41754,7 @@ diff -urNp linux-2.6.38.6/fs/proc/kcore.c linux-2= .6.38.6/fs/proc/kcore.c } else { if (clear_user(buffer, tsz)) return -EFAULT; -@@ -542,6 +546,9 @@ read_kcore(struct file *file, char __use +@@ -542,6 +548,9 @@ read_kcore(struct file *file, char __use =20 static int open_kcore(struct inode *inode, struct file *filp) { @@ -39504,8 +41766,17 @@ diff -urNp linux-2.6.38.6/fs/proc/kcore.c linux-= 2.6.38.6/fs/proc/kcore.c if (kcore_need_update) diff -urNp linux-2.6.38.6/fs/proc/meminfo.c linux-2.6.38.6/fs/proc/memin= fo.c --- linux-2.6.38.6/fs/proc/meminfo.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/proc/meminfo.c 2011-05-11 18:34:07.000000000 -0400 -@@ -157,7 +157,7 @@ static int meminfo_proc_show(struct seq_ ++++ linux-2.6.38.6/fs/proc/meminfo.c 2011-05-16 21:47:08.000000000 -0400 +@@ -29,6 +29,8 @@ static int meminfo_proc_show(struct seq_ + unsigned long pages[NR_LRU_LISTS]; + int lru; +=20 ++ pax_track_stack(); ++ + /* + * display in kilobytes. + */ +@@ -157,7 +159,7 @@ static int meminfo_proc_show(struct seq_ vmi.used >> 10, vmi.largest_chunk >> 10 #ifdef CONFIG_MEMORY_FAILURE @@ -39894,6 +42165,18 @@ diff -urNp linux-2.6.38.6/fs/readdir.c linux-2.6= .38.6/fs/readdir.c buf.count =3D count; buf.error =3D 0; =20 +diff -urNp linux-2.6.38.6/fs/reiserfs/dir.c linux-2.6.38.6/fs/reiserfs/d= ir.c +--- linux-2.6.38.6/fs/reiserfs/dir.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/reiserfs/dir.c 2011-05-16 21:47:09.000000000 -0400 +@@ -66,6 +66,8 @@ int reiserfs_readdir_dentry(struct dentr + struct reiserfs_dir_entry de; + int ret =3D 0; +=20 ++ pax_track_stack(); ++ + reiserfs_write_lock(inode->i_sb); +=20 + reiserfs_check_lock_depth(inode->i_sb, "readdir"); diff -urNp linux-2.6.38.6/fs/reiserfs/do_balan.c linux-2.6.38.6/fs/reise= rfs/do_balan.c --- linux-2.6.38.6/fs/reiserfs/do_balan.c 2011-03-14 21:20:32.000000000 = -0400 +++ linux-2.6.38.6/fs/reiserfs/do_balan.c 2011-04-28 19:34:15.000000000 = -0400 @@ -39963,9 +42246,33 @@ diff -urNp linux-2.6.38.6/fs/reiserfs/item_ops.c= linux-2.6.38.6/fs/reiserfs/item &stat_data_ops, &indirect_ops, &direct_ops, +diff -urNp linux-2.6.38.6/fs/reiserfs/journal.c linux-2.6.38.6/fs/reiser= fs/journal.c +--- linux-2.6.38.6/fs/reiserfs/journal.c 2011-03-14 21:20:32.000000000 -= 0400 ++++ linux-2.6.38.6/fs/reiserfs/journal.c 2011-05-16 21:47:09.000000000 -= 0400 +@@ -2299,6 +2299,8 @@ static struct buffer_head *reiserfs_brea + struct buffer_head *bh; + int i, j; +=20 ++ pax_track_stack(); ++ + bh =3D __getblk(dev, block, bufsize); + if (buffer_uptodate(bh)) + return (bh); +diff -urNp linux-2.6.38.6/fs/reiserfs/namei.c linux-2.6.38.6/fs/reiserfs= /namei.c +--- linux-2.6.38.6/fs/reiserfs/namei.c 2011-03-14 21:20:32.000000000 -04= 00 ++++ linux-2.6.38.6/fs/reiserfs/namei.c 2011-05-16 21:47:09.000000000 -04= 00 +@@ -1228,6 +1228,8 @@ static int reiserfs_rename(struct inode=20 + unsigned long savelink =3D 1; + struct timespec ctime; +=20 ++ pax_track_stack(); ++ + /* three balancings: (1) old name removal, (2) new name insertion + and (3) maybe "save" link insertion + stat data updates: (1) old directory, diff -urNp linux-2.6.38.6/fs/reiserfs/procfs.c linux-2.6.38.6/fs/reiserf= s/procfs.c --- linux-2.6.38.6/fs/reiserfs/procfs.c 2011-03-14 21:20:32.000000000 -0= 400 -+++ linux-2.6.38.6/fs/reiserfs/procfs.c 2011-04-28 19:34:15.000000000 -0= 400 ++++ linux-2.6.38.6/fs/reiserfs/procfs.c 2011-05-16 21:47:08.000000000 -0= 400 @@ -113,7 +113,7 @@ static int show_super(struct seq_file *m "SMALL_TAILS " : "NO_TAILS ", replay_only(sb) ? "REPLAY_ONLY " : "", @@ -39975,9 +42282,78 @@ diff -urNp linux-2.6.38.6/fs/reiserfs/procfs.c l= inux-2.6.38.6/fs/reiserfs/procfs SF(s_disk_reads), SF(s_disk_writes), SF(s_fix_nodes), SF(s_do_balance), SF(s_unneeded_left_neighbor), SF(s_good_search_by_key_reada), SF(s_bmaps), +@@ -299,6 +299,8 @@ static int show_journal(struct seq_file=20 + struct journal_params *jp =3D &rs->s_v1.s_journal; + char b[BDEVNAME_SIZE]; +=20 ++ pax_track_stack(); ++ + seq_printf(m, /* on-disk fields */ + "jp_journal_1st_block: \t%i\n" + "jp_journal_dev: \t%s[%x]\n" +diff -urNp linux-2.6.38.6/fs/reiserfs/stree.c linux-2.6.38.6/fs/reiserfs= /stree.c +--- linux-2.6.38.6/fs/reiserfs/stree.c 2011-03-14 21:20:32.000000000 -04= 00 ++++ linux-2.6.38.6/fs/reiserfs/stree.c 2011-05-16 21:47:09.000000000 -04= 00 +@@ -1196,6 +1196,8 @@ int reiserfs_delete_item(struct reiserfs + int iter =3D 0; + #endif +=20 ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); +=20 + init_tb_struct(th, &s_del_balance, sb, path, +@@ -1333,6 +1335,8 @@ void reiserfs_delete_solid_item(struct r + int retval; + int quota_cut_bytes =3D 0; +=20 ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); +=20 + le_key2cpu_key(&cpu_key, key); +@@ -1562,6 +1566,8 @@ int reiserfs_cut_from_item(struct reiser + int quota_cut_bytes; + loff_t tail_pos =3D 0; +=20 ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); +=20 + init_tb_struct(th, &s_cut_balance, inode->i_sb, path, +@@ -1957,6 +1963,8 @@ int reiserfs_paste_into_item(struct reis + int retval; + int fs_gen; +=20 ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); +=20 + fs_gen =3D get_generation(inode->i_sb); +@@ -2045,6 +2053,8 @@ int reiserfs_insert_item(struct reiserfs + int fs_gen =3D 0; + int quota_bytes =3D 0; +=20 ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); +=20 + if (inode) { /* Do we count quotas for item? */ +diff -urNp linux-2.6.38.6/fs/reiserfs/super.c linux-2.6.38.6/fs/reiserfs= /super.c +--- linux-2.6.38.6/fs/reiserfs/super.c 2011-03-14 21:20:32.000000000 -04= 00 ++++ linux-2.6.38.6/fs/reiserfs/super.c 2011-05-16 21:47:09.000000000 -04= 00 +@@ -927,6 +927,8 @@ static int reiserfs_parse_options(struct + {.option_name =3D NULL} + }; +=20 ++ pax_track_stack(); ++ + *blocks =3D 0; + if (!options || !*options) + /* use default configuration: create tails, journaling on, no diff -urNp linux-2.6.38.6/fs/select.c linux-2.6.38.6/fs/select.c --- linux-2.6.38.6/fs/select.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/select.c 2011-05-11 18:35:37.000000000 -0400 ++++ linux-2.6.38.6/fs/select.c 2011-05-16 21:47:08.000000000 -0400 @@ -20,6 +20,7 @@ #include #include @@ -39990,17 +42366,25 @@ diff -urNp linux-2.6.38.6/fs/select.c linux-2.6= .38.6/fs/select.c int retval, i, timed_out =3D 0; unsigned long slack =3D 0; =20 -+ stackleak_probe(table); ++ pax_track_stack(); + rcu_read_lock(); retval =3D max_select_fd(n, fds); rcu_read_unlock(); -@@ -840,6 +843,10 @@ int do_sys_poll(struct pollfd __user *uf +@@ -531,6 +534,8 @@ int core_sys_select(int n, fd_set __user + /* Allocate small arguments on the stack to save memory and be faster = */ + long stack_fds[SELECT_STACK_ALLOC/sizeof(long)]; +=20 ++ pax_track_stack(); ++ + ret =3D -EINVAL; + if (n < 0) + goto out_nofds; +@@ -840,6 +845,9 @@ int do_sys_poll(struct pollfd __user *uf struct poll_list *walk =3D head; unsigned long todo =3D nfds; =20 -+ stackleak_probe(table); -+ stackleak_probe(stack_pps); ++ pax_track_stack(); + + gr_learn_resource(current, RLIMIT_NOFILE, nfds, 1); if (nfds > rlimit(RLIMIT_NOFILE)) @@ -40051,7 +42435,7 @@ diff -urNp linux-2.6.38.6/fs/seq_file.c linux-2.6= .38.6/fs/seq_file.c m->count =3D 0; diff -urNp linux-2.6.38.6/fs/splice.c linux-2.6.38.6/fs/splice.c --- linux-2.6.38.6/fs/splice.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/splice.c 2011-05-11 18:34:57.000000000 -0400 ++++ linux-2.6.38.6/fs/splice.c 2011-05-16 21:47:08.000000000 -0400 @@ -186,7 +186,7 @@ ssize_t splice_to_pipe(struct pipe_inode pipe_lock(pipe); =20 @@ -40077,7 +42461,7 @@ diff -urNp linux-2.6.38.6/fs/splice.c linux-2.6.3= 8.6/fs/splice.c .spd_release =3D spd_release_page, }; =20 -+ stackleak_probe(partial); ++ pax_track_stack(); + if (splice_grow_spd(pipe, &spd)) return -ENOMEM; @@ -40104,7 +42488,7 @@ diff -urNp linux-2.6.38.6/fs/splice.c linux-2.6.3= 8.6/fs/splice.c .spd_release =3D spd_release_page, }; =20 -+ stackleak_probe(partial); ++ pax_track_stack(); + if (splice_grow_spd(pipe, &spd)) return -ENOMEM; @@ -40144,7 +42528,7 @@ diff -urNp linux-2.6.38.6/fs/splice.c linux-2.6.3= 8.6/fs/splice.c }; long ret; =20 -+ stackleak_probe(partial); ++ pax_track_stack(); + pipe =3D get_pipe_info(file); if (!pipe) @@ -40292,6 +42676,18 @@ diff -urNp linux-2.6.38.6/fs/sysfs/symlink.c lin= ux-2.6.38.6/fs/sysfs/symlink.c if (!IS_ERR(page)) free_page((unsigned long)page); } +diff -urNp linux-2.6.38.6/fs/udf/inode.c linux-2.6.38.6/fs/udf/inode.c +--- linux-2.6.38.6/fs/udf/inode.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/udf/inode.c 2011-05-16 21:47:09.000000000 -0400 +@@ -477,6 +477,8 @@ static struct buffer_head *inode_getblk( + int goal =3D 0, pgoal =3D iinfo->i_location.logicalBlockNum; + int lastblock =3D 0; +=20 ++ pax_track_stack(); ++ + prev_epos.offset =3D udf_file_entry_alloc_offset(inode); + prev_epos.block =3D iinfo->i_location; + prev_epos.bh =3D NULL; diff -urNp linux-2.6.38.6/fs/udf/misc.c linux-2.6.38.6/fs/udf/misc.c --- linux-2.6.38.6/fs/udf/misc.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/udf/misc.c 2011-04-28 19:34:15.000000000 -0400 @@ -40585,8 +42981,8 @@ diff -urNp linux-2.6.38.6/grsecurity/gracl_alloc.= c linux-2.6.38.6/grsecurity/gra +} diff -urNp linux-2.6.38.6/grsecurity/gracl.c linux-2.6.38.6/grsecurity/g= racl.c --- linux-2.6.38.6/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -050= 0 -+++ linux-2.6.38.6/grsecurity/gracl.c 2011-04-28 19:34:15.000000000 -040= 0 -@@ -0,0 +1,4074 @@ ++++ linux-2.6.38.6/grsecurity/gracl.c 2011-05-17 17:30:19.000000000 -040= 0 +@@ -0,0 +1,4098 @@ +#include +#include +#include @@ -42870,6 +45266,8 @@ diff -urNp linux-2.6.38.6/grsecurity/gracl.c linu= x-2.6.38.6/grsecurity/gracl.c + return; +} + ++extern int __gr_process_user_ban(struct user_struct *user); ++ +int +gr_check_user_change(int real, int effective, int fs) +{ @@ -42881,6 +45279,28 @@ diff -urNp linux-2.6.38.6/grsecurity/gracl.c lin= ux-2.6.38.6/grsecurity/gracl.c + int effectiveok =3D 0; + int fsok =3D 0; + ++#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_= BRUTE) ++ struct user_struct *user; ++ ++ if (real =3D=3D -1) ++ goto skipit; ++ ++ user =3D find_user(real); ++ if (user =3D=3D NULL) ++ goto skipit; ++ ++ if (__gr_process_user_ban(user)) { ++ /* for find_user */ ++ free_uid(user); ++ return 1; ++ } ++ ++ /* for find_user */ ++ free_uid(user); ++ ++skipit: ++#endif ++ + if (unlikely(!(gr_status & GR_READY))) + return 0; + @@ -48097,8 +50517,8 @@ diff -urNp linux-2.6.38.6/grsecurity/grsec_ptrace= .c linux-2.6.38.6/grsecurity/gr +} diff -urNp linux-2.6.38.6/grsecurity/grsec_sig.c linux-2.6.38.6/grsecuri= ty/grsec_sig.c --- linux-2.6.38.6/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000 = -0500 -+++ linux-2.6.38.6/grsecurity/grsec_sig.c 2011-04-28 19:34:15.000000000 = -0400 -@@ -0,0 +1,197 @@ ++++ linux-2.6.38.6/grsecurity/grsec_sig.c 2011-05-17 17:30:33.000000000 = -0400 +@@ -0,0 +1,203 @@ +#include +#include +#include @@ -48280,11 +50700,10 @@ diff -urNp linux-2.6.38.6/grsecurity/grsec_sig.= c linux-2.6.38.6/grsecurity/grsec +#endif +} + -+int gr_process_user_ban(void) ++int __gr_process_user_ban(struct user_struct *user) +{ +#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_= BRUTE) -+ if (unlikely(current->cred->user->banned)) { -+ struct user_struct *user =3D current->cred->user; ++ if (unlikely(user->banned)) { + if (user->ban_expires !=3D ~0UL && time_after_eq(get_seconds(), user-= >ban_expires)) { + user->banned =3D 0; + user->ban_expires =3D 0; @@ -48294,7 +50713,14 @@ diff -urNp linux-2.6.38.6/grsecurity/grsec_sig.c= linux-2.6.38.6/grsecurity/grsec + } +#endif + return 0; ++} + ++int gr_process_user_ban(void) ++{ ++#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_= BRUTE) ++ return __gr_process_user_ban(current->cred->user); ++#endif ++ return 0; +} diff -urNp linux-2.6.38.6/grsecurity/grsec_sock.c linux-2.6.38.6/grsecur= ity/grsec_sock.c --- linux-2.6.38.6/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000= -0500 @@ -50256,7 +52682,7 @@ diff -urNp linux-2.6.38.6/include/acpi/acpi_drive= rs.h linux-2.6.38.6/include/acp return -ENODEV; diff -urNp linux-2.6.38.6/include/asm-generic/atomic-long.h linux-2.6.38= .6/include/asm-generic/atomic-long.h --- linux-2.6.38.6/include/asm-generic/atomic-long.h 2011-03-14 21:20:32= .000000000 -0400 -+++ linux-2.6.38.6/include/asm-generic/atomic-long.h 2011-04-28 19:57:25= .000000000 -0400 ++++ linux-2.6.38.6/include/asm-generic/atomic-long.h 2011-05-16 21:47:08= .000000000 -0400 @@ -22,6 +22,12 @@ =20 typedef atomic64_t atomic_long_t; @@ -50540,7 +52966,7 @@ diff -urNp linux-2.6.38.6/include/asm-generic/ato= mic-long.h linux-2.6.38.6/inclu +#define atomic_add_unchecked(i, v) atomic_add((i), (v)) +#define atomic_sub_unchecked(i, v) atomic_sub((i), (v)) +#define atomic_inc_unchecked(v) atomic_inc(v) -+#define atomic_inc_and_test_unchecked(v) atomic_inc(v) ++#define atomic_inc_and_test_unchecked(v) atomic_inc_and_test(v) +#define atomic_inc_return_unchecked(v) atomic_inc_return(v) +#define atomic_add_return_unchecked(i, v) atomic_add_return((i), (v)) +#define atomic_dec_unchecked(v) atomic_dec(v) @@ -53441,7 +55867,7 @@ diff -urNp linux-2.6.38.6/include/linux/rmap.h li= nux-2.6.38.6/include/linux/rmap =20 diff -urNp linux-2.6.38.6/include/linux/sched.h linux-2.6.38.6/include/l= inux/sched.h --- linux-2.6.38.6/include/linux/sched.h 2011-04-22 19:20:59.000000000 -= 0400 -+++ linux-2.6.38.6/include/linux/sched.h 2011-05-11 18:39:40.000000000 -= 0400 ++++ linux-2.6.38.6/include/linux/sched.h 2011-05-18 20:23:44.000000000 -= 0400 @@ -99,6 +99,7 @@ struct robust_list_head; struct bio_list; struct fs_struct; @@ -53579,7 +56005,7 @@ diff -urNp linux-2.6.38.6/include/linux/sched.h l= inux-2.6.38.6/include/linux/sch #ifdef CONFIG_FUNCTION_GRAPH_TRACER /* Index of current stored address in ret_stack */ int curr_ret_stack; -@@ -1533,6 +1574,67 @@ struct task_struct { +@@ -1533,6 +1574,63 @@ struct task_struct { #endif }; =20 @@ -53628,26 +56054,22 @@ diff -urNp linux-2.6.38.6/include/linux/sched.h= linux-2.6.38.6/include/linux/sch +void pax_report_refcount_overflow(struct pt_regs *regs); +void pax_report_usercopy(const void *ptr, unsigned long len, bool to, c= onst char *type); + ++static inline void pax_track_stack(void) ++{ ++ +#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+#define stackleak_probe(var) \ -+ do { \ -+ size_t maxidx =3D sizeof(var) / sizeof(long); \ -+ long *p =3D (long *)&var; \ -+ unsigned int i; \ -+ \ -+ BUILD_BUG_ON(sizeof(var) < 64); \ -+ \ -+ for (i =3D 0; i < maxidx; i +=3D 64 / sizeof(long)) \ -+ p[i] =3D 0; \ -+ } while (0) -+#else -+#define stackleak_probe(var) do { } while (0) ++ unsigned long sp =3D current_stack_pointer; ++ if (current_thread_info()->lowest_stack > sp && ++ (unsigned long)task_stack_page(current) < sp) ++ current_thread_info()->lowest_stack =3D sp; +#endif + ++} ++ /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) =20 -@@ -2002,7 +2104,9 @@ void yield(void); +@@ -2002,7 +2100,9 @@ void yield(void); extern struct exec_domain default_exec_domain; =20 union thread_union { @@ -53657,7 +56079,7 @@ diff -urNp linux-2.6.38.6/include/linux/sched.h l= inux-2.6.38.6/include/linux/sch unsigned long stack[THREAD_SIZE/sizeof(long)]; }; =20 -@@ -2172,7 +2276,7 @@ extern void __cleanup_sighand(struct sig +@@ -2172,7 +2272,7 @@ extern void __cleanup_sighand(struct sig extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); =20 @@ -53666,7 +56088,7 @@ diff -urNp linux-2.6.38.6/include/linux/sched.h l= inux-2.6.38.6/include/linux/sch =20 extern void daemonize(const char *, ...); extern int allow_signal(int); -@@ -2313,13 +2417,17 @@ static inline unsigned long *end_of_stac +@@ -2313,13 +2413,17 @@ static inline unsigned long *end_of_stac =20 #endif =20 @@ -55177,12 +57599,12 @@ diff -urNp linux-2.6.38.6/ipc/mqueue.c linux-2.= 6.38.6/ipc/mqueue.c u->mq_bytes + mq_bytes > diff -urNp linux-2.6.38.6/ipc/sem.c linux-2.6.38.6/ipc/sem.c --- linux-2.6.38.6/ipc/sem.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/ipc/sem.c 2011-05-11 18:34:57.000000000 -0400 ++++ linux-2.6.38.6/ipc/sem.c 2011-05-16 21:47:08.000000000 -0400 @@ -854,6 +854,8 @@ static int semctl_main(struct ipc_namesp int nsems; struct list_head tasks; =20 -+ stackleak_probe(fast_sem_io); ++ pax_track_stack(); + sma =3D sem_lock_check(ns, semid); if (IS_ERR(sma)) @@ -55191,7 +57613,7 @@ diff -urNp linux-2.6.38.6/ipc/sem.c linux-2.6.38.= 6/ipc/sem.c struct ipc_namespace *ns; struct list_head tasks; =20 -+ stackleak_probe(fast_sops); ++ pax_track_stack(); + ns =3D current->nsproxy->ipc_ns; =20 @@ -55373,6 +57795,18 @@ diff -urNp linux-2.6.38.6/kernel/capability.c li= nux-2.6.38.6/kernel/capability.c + EXPORT_SYMBOL(capable); +EXPORT_SYMBOL(capable_nolog); +diff -urNp linux-2.6.38.6/kernel/cgroup.c linux-2.6.38.6/kernel/cgroup.c +--- linux-2.6.38.6/kernel/cgroup.c 2011-04-18 17:27:16.000000000 -0400 ++++ linux-2.6.38.6/kernel/cgroup.c 2011-05-16 21:47:09.000000000 -0400 +@@ -598,6 +598,8 @@ static struct css_set *find_css_set( + struct hlist_head *hhead; + struct cg_cgroup_link *link; +=20 ++ pax_track_stack(); ++ + /* First see if we already have a cgroup group that matches + * the desired set */ + read_lock(&css_set_lock); diff -urNp linux-2.6.38.6/kernel/compat.c linux-2.6.38.6/kernel/compat.c --- linux-2.6.38.6/kernel/compat.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/kernel/compat.c 2011-04-28 19:34:15.000000000 -0400 @@ -55409,8 +57843,80 @@ diff -urNp linux-2.6.38.6/kernel/configs.c linux= -2.6.38.6/kernel/configs.c =20 diff -urNp linux-2.6.38.6/kernel/cred.c linux-2.6.38.6/kernel/cred.c --- linux-2.6.38.6/kernel/cred.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/kernel/cred.c 2011-04-28 19:34:15.000000000 -0400 -@@ -483,6 +483,8 @@ int commit_creds(struct cred *new) ++++ linux-2.6.38.6/kernel/cred.c 2011-05-17 19:31:43.000000000 -0400 +@@ -157,6 +157,8 @@ static void put_cred_rcu(struct rcu_head + */ + void __put_cred(struct cred *cred) + { ++ pax_track_stack(); ++ + kdebug("__put_cred(%p{%d,%d})", cred, + atomic_read(&cred->usage), + read_cred_subscribers(cred)); +@@ -181,6 +183,8 @@ void exit_creds(struct task_struct *tsk) + { + struct cred *cred; +=20 ++ pax_track_stack(); ++ + kdebug("exit_creds(%u,%p,%p,{%d,%d})", tsk->pid, tsk->real_cred, tsk->= cred, + atomic_read(&tsk->cred->usage), + read_cred_subscribers(tsk->cred)); +@@ -219,6 +223,8 @@ const struct cred *get_task_cred(struct=20 + { + const struct cred *cred; +=20 ++ pax_track_stack(); ++ + rcu_read_lock(); +=20 + do { +@@ -238,6 +244,8 @@ struct cred *cred_alloc_blank(void) + { + struct cred *new; +=20 ++ pax_track_stack(); ++ + new =3D kmem_cache_zalloc(cred_jar, GFP_KERNEL); + if (!new) + return NULL; +@@ -286,6 +294,8 @@ struct cred *prepare_creds(void) + const struct cred *old; + struct cred *new; +=20 ++ pax_track_stack(); ++ + validate_process_creds(); +=20 + new =3D kmem_cache_alloc(cred_jar, GFP_KERNEL); +@@ -332,6 +342,8 @@ struct cred *prepare_exec_creds(void) + struct thread_group_cred *tgcred =3D NULL; + struct cred *new; +=20 ++ pax_track_stack(); ++ + #ifdef CONFIG_KEYS + tgcred =3D kmalloc(sizeof(*tgcred), GFP_KERNEL); + if (!tgcred) +@@ -384,6 +396,8 @@ int copy_creds(struct task_struct *p, un + struct cred *new; + int ret; +=20 ++ pax_track_stack(); ++ + if ( + #ifdef CONFIG_KEYS + !p->cred->thread_keyring && +@@ -469,6 +483,8 @@ int commit_creds(struct cred *new) + struct task_struct *task =3D current; + const struct cred *old =3D task->real_cred; +=20 ++ pax_track_stack(); ++ + kdebug("commit_creds(%p{%d,%d})", new, + atomic_read(&new->usage), + read_cred_subscribers(new)); +@@ -483,6 +499,8 @@ int commit_creds(struct cred *new) =20 get_cred(new); /* we will require a ref for the subj creds too */ =20 @@ -55419,6 +57925,60 @@ diff -urNp linux-2.6.38.6/kernel/cred.c linux-2.= 6.38.6/kernel/cred.c /* dumpability changes */ if (old->euid !=3D new->euid || old->egid !=3D new->egid || +@@ -545,6 +563,8 @@ EXPORT_SYMBOL(commit_creds); + */ + void abort_creds(struct cred *new) + { ++ pax_track_stack(); ++ + kdebug("abort_creds(%p{%d,%d})", new, + atomic_read(&new->usage), + read_cred_subscribers(new)); +@@ -568,6 +588,8 @@ const struct cred *override_creds(const=20 + { + const struct cred *old =3D current->cred; +=20 ++ pax_track_stack(); ++ + kdebug("override_creds(%p{%d,%d})", new, + atomic_read(&new->usage), + read_cred_subscribers(new)); +@@ -597,6 +619,8 @@ void revert_creds(const struct cred *old + { + const struct cred *override =3D current->cred; +=20 ++ pax_track_stack(); ++ + kdebug("revert_creds(%p{%d,%d})", old, + atomic_read(&old->usage), + read_cred_subscribers(old)); +@@ -643,6 +667,8 @@ struct cred *prepare_kernel_cred(struct=20 + const struct cred *old; + struct cred *new; +=20 ++ pax_track_stack(); ++ + new =3D kmem_cache_alloc(cred_jar, GFP_KERNEL); + if (!new) + return NULL; +@@ -697,6 +723,8 @@ EXPORT_SYMBOL(prepare_kernel_cred); + */ + int set_security_override(struct cred *new, u32 secid) + { ++ pax_track_stack(); ++ + return security_kernel_act_as(new, secid); + } + EXPORT_SYMBOL(set_security_override); +@@ -716,6 +744,8 @@ int set_security_override_from_ctx(struc + u32 secid; + int ret; +=20 ++ pax_track_stack(); ++ + ret =3D security_secctx_to_secid(secctx, strlen(secctx), &secid); + if (ret < 0) + return ret; diff -urNp linux-2.6.38.6/kernel/debug/debug_core.c linux-2.6.38.6/kerne= l/debug/debug_core.c --- linux-2.6.38.6/kernel/debug/debug_core.c 2011-03-14 21:20:32.0000000= 00 -0400 +++ linux-2.6.38.6/kernel/debug/debug_core.c 2011-04-28 19:57:25.0000000= 00 -0400 @@ -55953,7 +58513,7 @@ diff -urNp linux-2.6.38.6/kernel/fork.c linux-2.6= .38.6/kernel/fork.c new_fs =3D fs; diff -urNp linux-2.6.38.6/kernel/futex.c linux-2.6.38.6/kernel/futex.c --- linux-2.6.38.6/kernel/futex.c 2011-04-22 19:20:59.000000000 -0400 -+++ linux-2.6.38.6/kernel/futex.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/kernel/futex.c 2011-05-16 21:47:08.000000000 -0400 @@ -54,6 +54,7 @@ #include #include @@ -55974,7 +58534,25 @@ diff -urNp linux-2.6.38.6/kernel/futex.c linux-2= .6.38.6/kernel/futex.c /* * The futex address must be "naturally" aligned. */ -@@ -2404,7 +2410,9 @@ SYSCALL_DEFINE3(get_robust_list, int, pi +@@ -1833,6 +1839,8 @@ static int futex_wait(u32 __user *uaddr, + struct futex_q q =3D futex_q_init; + int ret; +=20 ++ pax_track_stack(); ++ + if (!bitset) + return -EINVAL; + q.bitset =3D bitset; +@@ -2232,6 +2240,8 @@ static int futex_wait_requeue_pi(u32 __u + struct futex_q q =3D futex_q_init; + int res, ret; +=20 ++ pax_track_stack(); ++ + if (!bitset) + return -EINVAL; +=20 +@@ -2404,7 +2414,9 @@ SYSCALL_DEFINE3(get_robust_list, int, pi { struct robust_list_head __user *head; unsigned long ret; @@ -55984,7 +58562,7 @@ diff -urNp linux-2.6.38.6/kernel/futex.c linux-2.= 6.38.6/kernel/futex.c =20 if (!futex_cmpxchg_enabled) return -ENOSYS; -@@ -2420,11 +2428,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pi +@@ -2420,11 +2432,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pi if (!p) goto err_unlock; ret =3D -EPERM; @@ -56001,7 +58579,7 @@ diff -urNp linux-2.6.38.6/kernel/futex.c linux-2.= 6.38.6/kernel/futex.c head =3D p->robust_list; rcu_read_unlock(); } -@@ -2667,6 +2680,7 @@ static int __init futex_init(void) +@@ -2667,6 +2684,7 @@ static int __init futex_init(void) { u32 curval; int i; @@ -56009,7 +58587,7 @@ diff -urNp linux-2.6.38.6/kernel/futex.c linux-2.= 6.38.6/kernel/futex.c =20 /* * This will fail and we want it. Some arch implementations do -@@ -2678,7 +2692,10 @@ static int __init futex_init(void) +@@ -2678,7 +2696,10 @@ static int __init futex_init(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -57452,7 +60030,7 @@ diff -urNp linux-2.6.38.6/kernel/posix-cpu-timers= .c linux-2.6.38.6/kernel/posix- #include diff -urNp linux-2.6.38.6/kernel/posix-timers.c linux-2.6.38.6/kernel/po= six-timers.c --- linux-2.6.38.6/kernel/posix-timers.c 2011-03-14 21:20:32.000000000 -= 0400 -+++ linux-2.6.38.6/kernel/posix-timers.c 2011-04-28 19:34:15.000000000 -= 0400 ++++ linux-2.6.38.6/kernel/posix-timers.c 2011-05-16 21:47:09.000000000 -= 0400 @@ -42,6 +42,7 @@ #include #include @@ -57461,7 +60039,16 @@ diff -urNp linux-2.6.38.6/kernel/posix-timers.c = linux-2.6.38.6/kernel/posix-time #include #include #include -@@ -955,6 +956,13 @@ SYSCALL_DEFINE2(clock_settime, const clo +@@ -302,6 +303,8 @@ static __init int init_posix_timers(void + .nsleep =3D no_nsleep, + }; +=20 ++ pax_track_stack(); ++ + register_posix_clock(CLOCK_REALTIME, &clock_realtime); + register_posix_clock(CLOCK_MONOTONIC, &clock_monotonic); + register_posix_clock(CLOCK_MONOTONIC_RAW, &clock_monotonic_raw); +@@ -955,6 +958,13 @@ SYSCALL_DEFINE2(clock_settime, const clo if (copy_from_user(&new_tp, tp, sizeof (*tp))) return -EFAULT; =20 @@ -58002,6 +60589,18 @@ diff -urNp linux-2.6.38.6/kernel/rcutree_plugin.= h linux-2.6.38.6/kernel/rcutree_ =20 put_online_cpus(); } +diff -urNp linux-2.6.38.6/kernel/relay.c linux-2.6.38.6/kernel/relay.c +--- linux-2.6.38.6/kernel/relay.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/kernel/relay.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1236,6 +1236,8 @@ static ssize_t subbuf_splice_actor(struc + }; + ssize_t ret; +=20 ++ pax_track_stack(); ++ + if (rbuf->subbufs_produced =3D=3D rbuf->subbufs_consumed) + return 0; + if (splice_grow_spd(pipe, &spd)) diff -urNp linux-2.6.38.6/kernel/resource.c linux-2.6.38.6/kernel/resour= ce.c --- linux-2.6.38.6/kernel/resource.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/kernel/resource.c 2011-04-28 19:34:15.000000000 -0400 @@ -59018,8 +61617,26 @@ diff -urNp linux-2.6.38.6/kernel/trace/ring_buff= er.c linux-2.6.38.6/kernel/trace { diff -urNp linux-2.6.38.6/kernel/trace/trace.c linux-2.6.38.6/kernel/tra= ce/trace.c --- linux-2.6.38.6/kernel/trace/trace.c 2011-03-14 21:20:32.000000000 -0= 400 -+++ linux-2.6.38.6/kernel/trace/trace.c 2011-04-28 19:34:15.000000000 -0= 400 -@@ -3967,10 +3967,9 @@ static const struct file_operations trac ++++ linux-2.6.38.6/kernel/trace/trace.c 2011-05-16 21:47:08.000000000 -0= 400 +@@ -3316,6 +3316,8 @@ static ssize_t tracing_splice_read_pipe( + size_t rem; + unsigned int i; +=20 ++ pax_track_stack(); ++ + if (splice_grow_spd(pipe, &spd)) + return -ENOMEM; +=20 +@@ -3799,6 +3801,8 @@ tracing_buffers_splice_read(struct file=20 + int entries, size, i; + size_t ret; +=20 ++ pax_track_stack(); ++ + if (splice_grow_spd(pipe, &spd)) + return -ENOMEM; +=20 +@@ -3967,10 +3971,9 @@ static const struct file_operations trac }; #endif =20 @@ -59031,7 +61648,7 @@ diff -urNp linux-2.6.38.6/kernel/trace/trace.c li= nux-2.6.38.6/kernel/trace/trace static int once; =20 if (d_tracer) -@@ -3990,10 +3989,9 @@ struct dentry *tracing_init_dentry(void) +@@ -3990,10 +3993,9 @@ struct dentry *tracing_init_dentry(void) return d_tracer; } =20 @@ -59340,14 +61957,14 @@ diff -urNp linux-2.6.38.6/localversion-grsec li= nux-2.6.38.6/localversion-grsec +-grsec diff -urNp linux-2.6.38.6/Makefile linux-2.6.38.6/Makefile --- linux-2.6.38.6/Makefile 2011-05-10 22:06:29.000000000 -0400 -+++ linux-2.6.38.6/Makefile 2011-05-10 22:08:57.000000000 -0400 ++++ linux-2.6.38.6/Makefile 2011-05-16 21:47:08.000000000 -0400 @@ -233,8 +233,8 @@ CONFIG_SHELL :=3D $(shell if [ -x "$$BASH" =20 HOSTCC =3D gcc HOSTCXX =3D g++ -HOSTCFLAGS =3D -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fo= mit-frame-pointer -HOSTCXXFLAGS =3D -O2 -+HOSTCFLAGS =3D -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno= -empty-body -Wno-missing-field-initializers -Wno-unused-parameter -Wno-mi= ssing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointe= r-checks ++HOSTCFLAGS =3D -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno= -empty-body -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fo= mit-frame-pointer -fno-delete-null-pointer-checks +HOSTCXXFLAGS =3D -O2 -fno-delete-null-pointer-checks =20 # Decide whether to build built-in, modular, or both. @@ -60441,8 +63058,17 @@ diff -urNp linux-2.6.38.6/mm/mempolicy.c linux-2= .6.38.6/mm/mempolicy.c } else if (vma->vm_start <=3D mm->start_stack && diff -urNp linux-2.6.38.6/mm/migrate.c linux-2.6.38.6/mm/migrate.c --- linux-2.6.38.6/mm/migrate.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/mm/migrate.c 2011-04-28 19:34:15.000000000 -0400 -@@ -1299,6 +1299,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,=20 ++++ linux-2.6.38.6/mm/migrate.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1115,6 +1115,8 @@ static int do_pages_move(struct mm_struc + unsigned long chunk_start; + int err; +=20 ++ pax_track_stack(); ++ + task_nodes =3D cpuset_mems_allowed(task); +=20 + err =3D -ENOMEM; +@@ -1299,6 +1301,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,=20 if (!mm) return -EINVAL; =20 @@ -60457,7 +63083,7 @@ diff -urNp linux-2.6.38.6/mm/migrate.c linux-2.6.= 38.6/mm/migrate.c /* * Check if this process has the right to modify the specified * process. The right exists if the process has administrative -@@ -1308,8 +1316,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,=20 +@@ -1308,8 +1318,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,=20 rcu_read_lock(); tcred =3D __task_cred(task); if (cred->euid !=3D tcred->suid && cred->euid !=3D tcred->uid && @@ -62181,7 +64807,7 @@ diff -urNp linux-2.6.38.6/mm/nommu.c linux-2.6.38= .6/mm/nommu.c =20 diff -urNp linux-2.6.38.6/mm/page_alloc.c linux-2.6.38.6/mm/page_alloc.c --- linux-2.6.38.6/mm/page_alloc.c 2011-04-18 17:27:16.000000000 -0400 -+++ linux-2.6.38.6/mm/page_alloc.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/mm/page_alloc.c 2011-05-16 21:47:08.000000000 -0400 @@ -644,6 +644,10 @@ static bool free_pages_prepare(struct pa int i; int bad =3D 0; @@ -62217,6 +64843,15 @@ diff -urNp linux-2.6.38.6/mm/page_alloc.c linux-= 2.6.38.6/mm/page_alloc.c =20 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); +@@ -2423,6 +2435,8 @@ void show_free_areas(void) + int cpu; + struct zone *zone; +=20 ++ pax_track_stack(); ++ + for_each_populated_zone(zone) { + show_node(zone); + printk("%s per-cpu:\n", zone->name); diff -urNp linux-2.6.38.6/mm/percpu.c linux-2.6.38.6/mm/percpu.c --- linux-2.6.38.6/mm/percpu.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/mm/percpu.c 2011-04-28 19:34:15.000000000 -0400 @@ -62323,7 +64958,7 @@ diff -urNp linux-2.6.38.6/mm/rmap.c linux-2.6.38.= 6/mm/rmap.c struct anon_vma *anon_vma; diff -urNp linux-2.6.38.6/mm/shmem.c linux-2.6.38.6/mm/shmem.c --- linux-2.6.38.6/mm/shmem.c 2011-04-18 17:27:16.000000000 -0400 -+++ linux-2.6.38.6/mm/shmem.c 2011-05-11 18:34:57.000000000 -0400 ++++ linux-2.6.38.6/mm/shmem.c 2011-05-18 20:23:44.000000000 -0400 @@ -31,7 +31,7 @@ #include #include @@ -62342,16 +64977,25 @@ diff -urNp linux-2.6.38.6/mm/shmem.c linux-2.6.= 38.6/mm/shmem.c if (entry->val) { /* * The more uptodate page coming down from a stacked -@@ -1995,7 +1997,7 @@ static int shmem_symlink(struct inode *d +@@ -1153,6 +1155,8 @@ static struct page *shmem_swapin(swp_ent + struct vm_area_struct pvma; + struct page *page; +=20 ++ pax_track_stack(); ++ + spol =3D mpol_cond_copy(&mpol, + mpol_shared_policy_lookup(&info->policy, idx)); +=20 +@@ -1995,7 +1999,7 @@ static int shmem_symlink(struct inode *d =20 info =3D SHMEM_I(inode); inode->i_size =3D len-1; - if (len <=3D (char *)inode - (char *)info) { -+ if (len <=3D min((char *)inode - (char *)info, 64)) { ++ if (len <=3D (char *)inode - (char *)info && len <=3D 64) { /* do it inline */ memcpy(info, symname, len); inode->i_op =3D &shmem_symlink_inline_operations; -@@ -2341,8 +2343,7 @@ int shmem_fill_super(struct super_block=20 +@@ -2341,8 +2345,7 @@ int shmem_fill_super(struct super_block=20 int err =3D -ENOMEM; =20 /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -63439,6 +66083,18 @@ diff -urNp linux-2.6.38.6/net/atm/atm_misc.c lin= ux-2.6.38.6/net/atm/atm_misc.c __SONET_ITEMS #undef __HANDLE_ITEM } +diff -urNp linux-2.6.38.6/net/atm/mpoa_caches.c linux-2.6.38.6/net/atm/m= poa_caches.c +--- linux-2.6.38.6/net/atm/mpoa_caches.c 2011-03-14 21:20:32.000000000 -= 0400 ++++ linux-2.6.38.6/net/atm/mpoa_caches.c 2011-05-16 21:47:09.000000000 -= 0400 +@@ -255,6 +255,8 @@ static void check_resolving_entries(stru + struct timeval now; + struct k_message msg; +=20 ++ pax_track_stack(); ++ + do_gettimeofday(&now); +=20 + read_lock_bh(&client->ingress_lock); diff -urNp linux-2.6.38.6/net/atm/proc.c linux-2.6.38.6/net/atm/proc.c --- linux-2.6.38.6/net/atm/proc.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/net/atm/proc.c 2011-04-28 19:34:15.000000000 -0400 @@ -63621,7 +66277,7 @@ diff -urNp linux-2.6.38.6/net/bridge/br_multicast= .c linux-2.6.38.6/net/bridge/br /* Okay, we found ICMPv6 header */ diff -urNp linux-2.6.38.6/net/bridge/netfilter/ebtables.c linux-2.6.38.6= /net/bridge/netfilter/ebtables.c --- linux-2.6.38.6/net/bridge/netfilter/ebtables.c 2011-04-18 17:27:18.0= 00000000 -0400 -+++ linux-2.6.38.6/net/bridge/netfilter/ebtables.c 2011-04-28 19:34:15.0= 00000000 -0400 ++++ linux-2.6.38.6/net/bridge/netfilter/ebtables.c 2011-05-16 21:47:08.0= 00000000 -0400 @@ -1512,7 +1512,7 @@ static int do_ebt_get_ctl(struct sock *s tmp.valid_hooks =3D t->table->valid_hooks; } @@ -63631,6 +66287,15 @@ diff -urNp linux-2.6.38.6/net/bridge/netfilter/e= btables.c linux-2.6.38.6/net/bri BUGPRINT("c2u Didn't work\n"); ret =3D -EFAULT; break; +@@ -1779,6 +1779,8 @@ static int compat_copy_everything_to_use + int ret; + void __user *pos; +=20 ++ pax_track_stack(); ++ + memset(&tinfo, 0, sizeof(tinfo)); +=20 + if (cmd =3D=3D EBT_SO_GET_ENTRIES) { diff -urNp linux-2.6.38.6/net/caif/caif_socket.c linux-2.6.38.6/net/caif= /caif_socket.c --- linux-2.6.38.6/net/caif/caif_socket.c 2011-03-14 21:20:32.000000000 = -0400 +++ linux-2.6.38.6/net/caif/caif_socket.c 2011-04-28 19:57:25.000000000 = -0400 @@ -63753,8 +66418,16 @@ diff -urNp linux-2.6.38.6/net/caif/caif_socket.c= linux-2.6.38.6/net/caif/caif_so debugfs_remove_recursive(cf_sk->debugfs_socket_dir); diff -urNp linux-2.6.38.6/net/caif/cfctrl.c linux-2.6.38.6/net/caif/cfct= rl.c --- linux-2.6.38.6/net/caif/cfctrl.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/net/caif/cfctrl.c 2011-04-28 19:57:25.000000000 -0400 -@@ -46,8 +46,8 @@ struct cflayer *cfctrl_create(void) ++++ linux-2.6.38.6/net/caif/cfctrl.c 2011-05-16 21:47:08.000000000 -0400 +@@ -9,6 +9,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -46,8 +47,8 @@ struct cflayer *cfctrl_create(void) dev_info.id =3D 0xff; memset(this, 0, sizeof(*this)); cfsrvl_init(&this->serv, 0, &dev_info, false); @@ -63765,7 +66438,7 @@ diff -urNp linux-2.6.38.6/net/caif/cfctrl.c linux= -2.6.38.6/net/caif/cfctrl.c this->serv.layer.receive =3D cfctrl_recv; sprintf(this->serv.layer.name, "ctrl"); this->serv.layer.ctrlcmd =3D cfctrl_ctrlcmd; -@@ -116,8 +116,8 @@ void cfctrl_insert_req(struct cfctrl *ct +@@ -116,8 +117,8 @@ void cfctrl_insert_req(struct cfctrl *ct struct cfctrl_request_info *req) { spin_lock(&ctrl->info_list_lock); @@ -63776,7 +66449,7 @@ diff -urNp linux-2.6.38.6/net/caif/cfctrl.c linux= -2.6.38.6/net/caif/cfctrl.c list_add_tail(&req->list, &ctrl->list); spin_unlock(&ctrl->info_list_lock); } -@@ -136,7 +136,7 @@ struct cfctrl_request_info *cfctrl_remov +@@ -136,7 +137,7 @@ struct cfctrl_request_info *cfctrl_remov if (p !=3D first) pr_warn("Requests are not received in order\n"); =20 @@ -63785,6 +66458,14 @@ diff -urNp linux-2.6.38.6/net/caif/cfctrl.c linu= x-2.6.38.6/net/caif/cfctrl.c p->sequence_no); list_del(&p->list); goto out; +@@ -385,6 +386,7 @@ static int cfctrl_recv(struct cflayer *l + struct cfctrl *cfctrl =3D container_obj(layer); + struct cfctrl_request_info rsp, *req; +=20 ++ pax_track_stack(); +=20 + cfpkt_extr_head(pkt, &cmdrsp, 1); + cmd =3D cmdrsp & CFCTRL_CMD_MASK; diff -urNp linux-2.6.38.6/net/can/bcm.c linux-2.6.38.6/net/can/bcm.c --- linux-2.6.38.6/net/can/bcm.c 2011-05-10 22:06:29.000000000 -0400 +++ linux-2.6.38.6/net/can/bcm.c 2011-05-10 22:09:01.000000000 -0400 @@ -63891,6 +66572,18 @@ diff -urNp linux-2.6.38.6/net/core/flow.c linux-= 2.6.38.6/net/core/flow.c if (!IS_ERR(flo)) fle->object =3D flo; else +diff -urNp linux-2.6.38.6/net/core/skbuff.c linux-2.6.38.6/net/core/skbu= ff.c +--- linux-2.6.38.6/net/core/skbuff.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/net/core/skbuff.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1543,6 +1543,8 @@ int skb_splice_bits(struct sk_buff *skb, + struct sock *sk =3D skb->sk; + int ret =3D 0; +=20 ++ pax_track_stack(); ++ + if (splice_grow_spd(pipe, &spd)) + return -ENOMEM; +=20 diff -urNp linux-2.6.38.6/net/core/sock.c linux-2.6.38.6/net/core/sock.c --- linux-2.6.38.6/net/core/sock.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/net/core/sock.c 2011-04-28 19:57:25.000000000 -0400 @@ -64092,8 +66785,17 @@ diff -urNp linux-2.6.38.6/net/ipv4/inet_hashtabl= es.c linux-2.6.38.6/net/ipv4/ine while (twrefcnt) { diff -urNp linux-2.6.38.6/net/ipv4/inetpeer.c linux-2.6.38.6/net/ipv4/in= etpeer.c --- linux-2.6.38.6/net/ipv4/inetpeer.c 2011-03-14 21:20:32.000000000 -04= 00 -+++ linux-2.6.38.6/net/ipv4/inetpeer.c 2011-04-28 19:34:15.000000000 -04= 00 -@@ -509,8 +509,8 @@ struct inet_peer *inet_getpeer(struct in ++++ linux-2.6.38.6/net/ipv4/inetpeer.c 2011-05-16 21:47:08.000000000 -04= 00 +@@ -478,6 +478,8 @@ struct inet_peer *inet_getpeer(struct in + struct inet_peer_base *base =3D family_to_base(daddr->family); + struct inet_peer *p; +=20 ++ pax_track_stack(); ++ + /* Look up for the address quickly, lockless. + * Because of a concurrent writer, we might not find an existing entry= . + */ +@@ -509,8 +511,8 @@ struct inet_peer *inet_getpeer(struct in if (p) { p->daddr =3D *daddr; atomic_set(&p->refcnt, 1); @@ -64116,6 +66818,18 @@ diff -urNp linux-2.6.38.6/net/ipv4/ip_fragment.c= linux-2.6.38.6/net/ipv4/ip_frag qp->rid =3D end; =20 rc =3D qp->q.fragments && (end - start) > max; +diff -urNp linux-2.6.38.6/net/ipv4/ip_sockglue.c linux-2.6.38.6/net/ipv4= /ip_sockglue.c +--- linux-2.6.38.6/net/ipv4/ip_sockglue.c 2011-03-14 21:20:32.000000000 = -0400 ++++ linux-2.6.38.6/net/ipv4/ip_sockglue.c 2011-05-16 21:47:09.000000000 = -0400 +@@ -1064,6 +1064,8 @@ static int do_ip_getsockopt(struct sock=20 + int val; + int len; +=20 ++ pax_track_stack(); ++ + if (level !=3D SOL_IP) + return -EOPNOTSUPP; +=20 diff -urNp linux-2.6.38.6/net/ipv4/netfilter/nf_nat_snmp_basic.c linux-2= .6.38.6/net/ipv4/netfilter/nf_nat_snmp_basic.c --- linux-2.6.38.6/net/ipv4/netfilter/nf_nat_snmp_basic.c 2011-03-14 21:= 20:32.000000000 -0400 +++ linux-2.6.38.6/net/ipv4/netfilter/nf_nat_snmp_basic.c 2011-04-28 19:= 34:15.000000000 -0400 @@ -64217,6 +66931,27 @@ diff -urNp linux-2.6.38.6/net/ipv4/route.c linux= -2.6.38.6/net/ipv4/route.c if (rt->peer->tcp_ts_stamp) { ts =3D rt->peer->tcp_ts; tsage =3D get_seconds() - rt->peer->tcp_ts_stamp; +diff -urNp linux-2.6.38.6/net/ipv4/tcp.c linux-2.6.38.6/net/ipv4/tcp.c +--- linux-2.6.38.6/net/ipv4/tcp.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/net/ipv4/tcp.c 2011-05-16 21:47:09.000000000 -0400 +@@ -2121,6 +2121,8 @@ static int do_tcp_setsockopt(struct sock + int val; + int err =3D 0; +=20 ++ pax_track_stack(); ++ + /* These are data/string values, all the others are ints */ + switch (optname) { + case TCP_CONGESTION: { +@@ -2500,6 +2502,8 @@ static int do_tcp_getsockopt(struct sock + struct tcp_sock *tp =3D tcp_sk(sk); + int val, len; +=20 ++ pax_track_stack(); ++ + if (get_user(len, optlen)) + return -EFAULT; +=20 diff -urNp linux-2.6.38.6/net/ipv4/tcp_ipv4.c linux-2.6.38.6/net/ipv4/tc= p_ipv4.c --- linux-2.6.38.6/net/ipv4/tcp_ipv4.c 2011-03-14 21:20:32.000000000 -04= 00 +++ linux-2.6.38.6/net/ipv4/tcp_ipv4.c 2011-04-28 19:34:15.000000000 -04= 00 @@ -64340,6 +67075,18 @@ diff -urNp linux-2.6.38.6/net/ipv4/tcp_minisocks= .c linux-2.6.38.6/net/ipv4/tcp_m if (!(flg & TCP_FLAG_RST)) req->rsk_ops->send_reset(sk, skb); =20 +diff -urNp linux-2.6.38.6/net/ipv4/tcp_output.c linux-2.6.38.6/net/ipv4/= tcp_output.c +--- linux-2.6.38.6/net/ipv4/tcp_output.c 2011-03-14 21:20:32.000000000 -= 0400 ++++ linux-2.6.38.6/net/ipv4/tcp_output.c 2011-05-16 21:47:09.000000000 -= 0400 +@@ -2420,6 +2420,8 @@ struct sk_buff *tcp_make_synack(struct s + int mss; + int s_data_desired =3D 0; +=20 ++ pax_track_stack(); ++ + if (cvp !=3D NULL && cvp->s_data_constant && cvp->s_data_desired) + s_data_desired =3D cvp->s_data_desired; + skb =3D sock_wmalloc(sk, MAX_TCP_HEADER + 15 + s_data_desired, 1, GFP_= ATOMIC); diff -urNp linux-2.6.38.6/net/ipv4/tcp_probe.c linux-2.6.38.6/net/ipv4/t= cp_probe.c --- linux-2.6.38.6/net/ipv4/tcp_probe.c 2011-03-14 21:20:32.000000000 -0= 400 +++ linux-2.6.38.6/net/ipv4/tcp_probe.c 2011-04-28 19:34:15.000000000 -0= 400 @@ -64528,9 +67275,30 @@ diff -urNp linux-2.6.38.6/net/ipv6/inet6_hashtab= les.c linux-2.6.38.6/net/ipv6/in const unsigned short hnum, const struct in6_addr *daddr, const int dif) +diff -urNp linux-2.6.38.6/net/ipv6/ipv6_sockglue.c linux-2.6.38.6/net/ip= v6/ipv6_sockglue.c +--- linux-2.6.38.6/net/ipv6/ipv6_sockglue.c 2011-03-14 21:20:32.00000000= 0 -0400 ++++ linux-2.6.38.6/net/ipv6/ipv6_sockglue.c 2011-05-16 21:47:09.00000000= 0 -0400 +@@ -129,6 +129,8 @@ static int do_ipv6_setsockopt(struct soc + int val, valbool; + int retv =3D -ENOPROTOOPT; +=20 ++ pax_track_stack(); ++ + if (optval =3D=3D NULL) + val=3D0; + else { +@@ -919,6 +921,8 @@ static int do_ipv6_getsockopt(struct soc + int len; + int val; +=20 ++ pax_track_stack(); ++ + if (ip6_mroute_opt(optname)) + return ip6_mroute_getsockopt(sk, optname, optval, optlen); +=20 diff -urNp linux-2.6.38.6/net/ipv6/raw.c linux-2.6.38.6/net/ipv6/raw.c --- linux-2.6.38.6/net/ipv6/raw.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/net/ipv6/raw.c 2011-04-28 20:08:36.000000000 -0400 ++++ linux-2.6.38.6/net/ipv6/raw.c 2011-05-16 21:47:08.000000000 -0400 @@ -376,7 +376,7 @@ static inline int rawv6_rcv_skb(struct s { if ((raw6_sk(sk)->checksum || rcu_dereference_raw(sk->sk_filter)) && @@ -64567,7 +67335,16 @@ diff -urNp linux-2.6.38.6/net/ipv6/raw.c linux-2= .6.38.6/net/ipv6/raw.c struct flowi *fl, struct dst_entry **dstp, unsigned int flags) { -@@ -919,12 +919,15 @@ do_confirm: +@@ -743,6 +743,8 @@ static int rawv6_sendmsg(struct kiocb *i + u16 proto; + int err; +=20 ++ pax_track_stack(); ++ + /* Rough check on arithmetic overflow, + better check is made in ip6_append_data(). + */ +@@ -919,12 +921,15 @@ do_confirm: static int rawv6_seticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int optlen) { @@ -64584,7 +67361,7 @@ diff -urNp linux-2.6.38.6/net/ipv6/raw.c linux-2.= 6.38.6/net/ipv6/raw.c return 0; default: return -ENOPROTOOPT; -@@ -936,6 +939,7 @@ static int rawv6_seticmpfilter(struct so +@@ -936,6 +941,7 @@ static int rawv6_seticmpfilter(struct so static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { @@ -64592,7 +67369,7 @@ diff -urNp linux-2.6.38.6/net/ipv6/raw.c linux-2.= 6.38.6/net/ipv6/raw.c int len; =20 switch (optname) { -@@ -948,7 +952,8 @@ static int rawv6_geticmpfilter(struct so +@@ -948,7 +954,8 @@ static int rawv6_geticmpfilter(struct so len =3D sizeof(struct icmp6_filter); if (put_user(len, optlen)) return -EFAULT; @@ -64602,7 +67379,7 @@ diff -urNp linux-2.6.38.6/net/ipv6/raw.c linux-2.= 6.38.6/net/ipv6/raw.c return -EFAULT; return 0; default: -@@ -1262,7 +1267,13 @@ static void raw6_sock_seq_show(struct se +@@ -1262,7 +1269,13 @@ static void raw6_sock_seq_show(struct se 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -64929,8 +67706,17 @@ diff -urNp linux-2.6.38.6/net/iucv/af_iucv.c lin= ux-2.6.38.6/net/iucv/af_iucv.c write_unlock_bh(&iucv_sk_list.lock); diff -urNp linux-2.6.38.6/net/key/af_key.c linux-2.6.38.6/net/key/af_key= .c --- linux-2.6.38.6/net/key/af_key.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/net/key/af_key.c 2011-04-28 19:57:25.000000000 -0400 -@@ -3003,10 +3003,10 @@ static int pfkey_send_policy_notify(stru ++++ linux-2.6.38.6/net/key/af_key.c 2011-05-16 21:47:08.000000000 -0400 +@@ -2470,6 +2470,8 @@ static int pfkey_migrate(struct sock *sk + struct xfrm_migrate m[XFRM_MAX_DEPTH]; + struct xfrm_kmaddress k; +=20 ++ pax_track_stack(); ++ + if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1], + ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) || + !ext_hdrs[SADB_X_EXT_POLICY - 1]) { +@@ -3003,10 +3005,10 @@ static int pfkey_send_policy_notify(stru static u32 get_acqseq(void) { u32 res; @@ -64943,7 +67729,7 @@ diff -urNp linux-2.6.38.6/net/key/af_key.c linux-= 2.6.38.6/net/key/af_key.c } while (!res); return res; } -@@ -3644,7 +3644,11 @@ static int pfkey_seq_show(struct seq_fil +@@ -3644,7 +3646,11 @@ static int pfkey_seq_show(struct seq_fil seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n"); else seq_printf(f ,"%p %-6d %-6u %-6u %-6u %-6lu\n", @@ -64978,6 +67764,27 @@ diff -urNp linux-2.6.38.6/net/mac80211/cfg.h lin= ux-2.6.38.6/net/mac80211/cfg.h +extern const struct cfg80211_ops mac80211_config_ops; =20 #endif /* __CFG_H */ +diff -urNp linux-2.6.38.6/net/mac80211/debugfs_sta.c linux-2.6.38.6/net/= mac80211/debugfs_sta.c +--- linux-2.6.38.6/net/mac80211/debugfs_sta.c 2011-03-14 21:20:32.000000= 000 -0400 ++++ linux-2.6.38.6/net/mac80211/debugfs_sta.c 2011-05-16 21:47:09.000000= 000 -0400 +@@ -115,6 +115,8 @@ static ssize_t sta_agg_status_read(struc + struct tid_ampdu_rx *tid_rx; + struct tid_ampdu_tx *tid_tx; +=20 ++ pax_track_stack(); ++ + rcu_read_lock(); +=20 + p +=3D scnprintf(p, sizeof(buf) + buf - p, "next dialog_token: %#02x\n= ", +@@ -215,6 +217,8 @@ static ssize_t sta_ht_capa_read(struct f + struct sta_info *sta =3D file->private_data; + struct ieee80211_sta_ht_cap *htc =3D &sta->sta.ht_cap; +=20 ++ pax_track_stack(); ++ + p +=3D scnprintf(p, sizeof(buf) + buf - p, "ht %ssupported\n", + htc->ht_supported ? "" : "not "); + if (htc->ht_supported) { diff -urNp linux-2.6.38.6/net/mac80211/ieee80211_i.h linux-2.6.38.6/net/= mac80211/ieee80211_i.h --- linux-2.6.38.6/net/mac80211/ieee80211_i.h 2011-03-14 21:20:32.000000= 000 -0400 +++ linux-2.6.38.6/net/mac80211/ieee80211_i.h 2011-04-28 19:34:15.000000= 000 -0400 @@ -65067,6 +67874,18 @@ diff -urNp linux-2.6.38.6/net/mac80211/main.c li= nux-2.6.38.6/net/mac80211/main.c ret =3D drv_config(local, changed); /* * Goal: +diff -urNp linux-2.6.38.6/net/mac80211/mlme.c linux-2.6.38.6/net/mac8021= 1/mlme.c +--- linux-2.6.38.6/net/mac80211/mlme.c 2011-03-14 21:20:32.000000000 -04= 00 ++++ linux-2.6.38.6/net/mac80211/mlme.c 2011-05-16 21:47:09.000000000 -04= 00 +@@ -1356,6 +1356,8 @@ static bool ieee80211_assoc_success(stru + bool have_higher_than_11mbit =3D false; + u16 ap_ht_cap_flags; +=20 ++ pax_track_stack(); ++ + /* AssocResp and ReassocResp have identical structure */ +=20 + aid =3D le16_to_cpu(mgmt->u.assoc_resp.aid); diff -urNp linux-2.6.38.6/net/mac80211/pm.c linux-2.6.38.6/net/mac80211/= pm.c --- linux-2.6.38.6/net/mac80211/pm.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/net/mac80211/pm.c 2011-04-28 19:34:15.000000000 -0400 @@ -65127,9 +67946,21 @@ diff -urNp linux-2.6.38.6/net/mac80211/util.c li= nux-2.6.38.6/net/mac80211/util.c /* * Upon resume hardware can sometimes be goofy due to * various platform / driver / bus issues, so restarting +diff -urNp linux-2.6.38.6/net/netfilter/ipvs/ip_vs_app.c linux-2.6.38.6/= net/netfilter/ipvs/ip_vs_app.c +--- linux-2.6.38.6/net/netfilter/ipvs/ip_vs_app.c 2011-03-14 21:20:32.00= 0000000 -0400 ++++ linux-2.6.38.6/net/netfilter/ipvs/ip_vs_app.c 2011-05-17 19:31:43.00= 0000000 -0400 +@@ -565,7 +565,7 @@ static const struct file_operations ip_v + .open =3D ip_vs_app_open, + .read =3D seq_read, + .llseek =3D seq_lseek, +- .release =3D seq_release, ++ .release =3D seq_release_net, + }; + #endif +=20 diff -urNp linux-2.6.38.6/net/netfilter/ipvs/ip_vs_conn.c linux-2.6.38.6= /net/netfilter/ipvs/ip_vs_conn.c --- linux-2.6.38.6/net/netfilter/ipvs/ip_vs_conn.c 2011-03-14 21:20:32.0= 00000000 -0400 -+++ linux-2.6.38.6/net/netfilter/ipvs/ip_vs_conn.c 2011-04-28 19:57:25.0= 00000000 -0400 ++++ linux-2.6.38.6/net/netfilter/ipvs/ip_vs_conn.c 2011-05-17 19:31:43.0= 00000000 -0400 @@ -553,7 +553,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, s /* Increase the refcnt counter of the dest */ atomic_inc(&dest->refcnt); @@ -65148,6 +67979,24 @@ diff -urNp linux-2.6.38.6/net/netfilter/ipvs/ip_= vs_conn.c linux-2.6.38.6/net/net =20 atomic_inc(&ip_vs_conn_count); if (flags & IP_VS_CONN_F_NO_CPORT) +@@ -1012,7 +1012,7 @@ static const struct file_operations ip_v + .open =3D ip_vs_conn_open, + .read =3D seq_read, + .llseek =3D seq_lseek, +- .release =3D seq_release, ++ .release =3D seq_release_net, + }; +=20 + static const char *ip_vs_origin_name(unsigned flags) +@@ -1075,7 +1075,7 @@ static const struct file_operations ip_v + .open =3D ip_vs_conn_sync_open, + .read =3D seq_read, + .llseek =3D seq_lseek, +- .release =3D seq_release, ++ .release =3D seq_release_net, + }; +=20 + #endif @@ -1102,7 +1102,7 @@ static inline int todrop_entry(struct ip =20 /* Don't drop the entry if its number of incoming packets is not @@ -65180,7 +68029,7 @@ diff -urNp linux-2.6.38.6/net/netfilter/ipvs/ip_v= s_core.c linux-2.6.38.6/net/net if ((cp->state =3D=3D IP_VS_SCTP_S_ESTABLISHED && diff -urNp linux-2.6.38.6/net/netfilter/ipvs/ip_vs_ctl.c linux-2.6.38.6/= net/netfilter/ipvs/ip_vs_ctl.c --- linux-2.6.38.6/net/netfilter/ipvs/ip_vs_ctl.c 2011-03-14 21:20:32.00= 0000000 -0400 -+++ linux-2.6.38.6/net/netfilter/ipvs/ip_vs_ctl.c 2011-04-28 19:57:25.00= 0000000 -0400 ++++ linux-2.6.38.6/net/netfilter/ipvs/ip_vs_ctl.c 2011-05-17 19:31:43.00= 0000000 -0400 @@ -787,7 +787,7 @@ __ip_vs_update_dest(struct ip_vs_service ip_vs_rs_hash(dest); write_unlock_bh(&__ip_vs_rs_lock); @@ -65208,6 +68057,24 @@ diff -urNp linux-2.6.38.6/net/netfilter/ipvs/ip_= vs_ctl.c linux-2.6.38.6/net/netf atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); +@@ -1944,7 +1944,7 @@ static const struct file_operations ip_v + .open =3D ip_vs_info_open, + .read =3D seq_read, + .llseek =3D seq_lseek, +- .release =3D seq_release_private, ++ .release =3D seq_release_net, + }; +=20 + #endif +@@ -1993,7 +1993,7 @@ static const struct file_operations ip_v + .open =3D ip_vs_stats_seq_open, + .read =3D seq_read, + .llseek =3D seq_lseek, +- .release =3D single_release, ++ .release =3D single_release_net, + }; +=20 + #endif @@ -2315,7 +2315,7 @@ __ip_vs_get_dest_entries(const struct ip =20 entry.addr =3D dest->addr.ip; @@ -65217,7 +68084,16 @@ diff -urNp linux-2.6.38.6/net/netfilter/ipvs/ip_= vs_ctl.c linux-2.6.38.6/net/netf entry.weight =3D atomic_read(&dest->weight); entry.u_threshold =3D dest->u_threshold; entry.l_threshold =3D dest->l_threshold; -@@ -2831,7 +2831,7 @@ static int ip_vs_genl_fill_dest(struct s +@@ -2376,6 +2376,8 @@ do_ip_vs_get_ctl(struct sock *sk, int cm + int ret =3D 0; + unsigned int copylen; +=20 ++ pax_track_stack(); ++ + if (!capable(CAP_NET_ADMIN)) + return -EPERM; +=20 +@@ -2831,7 +2833,7 @@ static int ip_vs_genl_fill_dest(struct s NLA_PUT_U16(skb, IPVS_DEST_ATTR_PORT, dest->port); =20 NLA_PUT_U32(skb, IPVS_DEST_ATTR_FWD_METHOD, @@ -65707,6 +68583,18 @@ diff -urNp linux-2.6.38.6/net/rds/iw.h linux-2.6= .38.6/net/rds/iw.h #else spinlock_t i_ack_lock; /* protect i_ack_next */ u64 i_ack_next; /* next ACK to send */ +diff -urNp linux-2.6.38.6/net/rds/iw_rdma.c linux-2.6.38.6/net/rds/iw_rd= ma.c +--- linux-2.6.38.6/net/rds/iw_rdma.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/net/rds/iw_rdma.c 2011-05-16 21:47:09.000000000 -0400 +@@ -182,6 +182,8 @@ int rds_iw_update_cm_id(struct rds_iw_de + struct rdma_cm_id *pcm_id; + int rc; +=20 ++ pax_track_stack(); ++ + src_addr =3D (struct sockaddr_in *)&cm_id->route.addr.src_addr; + dst_addr =3D (struct sockaddr_in *)&cm_id->route.addr.dst_addr; +=20 diff -urNp linux-2.6.38.6/net/rds/iw_recv.c linux-2.6.38.6/net/rds/iw_re= cv.c --- linux-2.6.38.6/net/rds/iw_recv.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/net/rds/iw_recv.c 2011-05-11 18:35:16.000000000 -0400 @@ -65742,7 +68630,7 @@ diff -urNp linux-2.6.38.6/net/rxrpc/af_rxrpc.c li= nux-2.6.38.6/net/rxrpc/af_rxrpc atomic_t rxrpc_n_skbs; diff -urNp linux-2.6.38.6/net/rxrpc/ar-ack.c linux-2.6.38.6/net/rxrpc/ar= -ack.c --- linux-2.6.38.6/net/rxrpc/ar-ack.c 2011-03-14 21:20:32.000000000 -040= 0 -+++ linux-2.6.38.6/net/rxrpc/ar-ack.c 2011-04-28 19:57:25.000000000 -040= 0 ++++ linux-2.6.38.6/net/rxrpc/ar-ack.c 2011-05-16 21:47:08.000000000 -040= 0 @@ -175,7 +175,7 @@ static void rxrpc_resend(struct rxrpc_ca =20 _enter("{%d,%d,%d,%d},", @@ -65779,7 +68667,16 @@ diff -urNp linux-2.6.38.6/net/rxrpc/ar-ack.c lin= ux-2.6.38.6/net/rxrpc/ar-ack.c =20 _proto("Rx ACK %%%u { m=3D%hu f=3D#%u p=3D#%u s=3D%%%u r=3D%s n=3D%u = }", latest, -@@ -1163,7 +1163,7 @@ void rxrpc_process_call(struct work_stru +@@ -844,6 +844,8 @@ void rxrpc_process_call(struct work_stru + u32 abort_code =3D RX_PROTOCOL_ERROR; + u8 *acks =3D NULL; +=20 ++ pax_track_stack(); ++ + //printk("\n--------------------\n"); + _enter("{%d,%s,%lx} [%lu]", + call->debug_id, rxrpc_call_states[call->state], call->events, +@@ -1163,7 +1165,7 @@ void rxrpc_process_call(struct work_stru goto maybe_reschedule; =20 send_ACK_with_skew: @@ -65788,7 +68685,7 @@ diff -urNp linux-2.6.38.6/net/rxrpc/ar-ack.c linu= x-2.6.38.6/net/rxrpc/ar-ack.c ntohl(ack.serial)); send_ACK: mtu =3D call->conn->trans->peer->if_mtu; -@@ -1175,7 +1175,7 @@ send_ACK: +@@ -1175,7 +1177,7 @@ send_ACK: ackinfo.rxMTU =3D htonl(5692); ackinfo.jumbo_max =3D htonl(4); =20 @@ -65797,7 +68694,7 @@ diff -urNp linux-2.6.38.6/net/rxrpc/ar-ack.c linu= x-2.6.38.6/net/rxrpc/ar-ack.c _proto("Tx ACK %%%u { m=3D%hu f=3D#%u p=3D#%u s=3D%%%u r=3D%s n=3D%u }= ", ntohl(hdr.serial), ntohs(ack.maxSkew), -@@ -1193,7 +1193,7 @@ send_ACK: +@@ -1193,7 +1195,7 @@ send_ACK: send_message: _debug("send message"); =20 @@ -65956,8 +68853,26 @@ diff -urNp linux-2.6.38.6/net/rxrpc/ar-transport= .c linux-2.6.38.6/net/rxrpc/ar-t switch (peer->srx.transport_type) { diff -urNp linux-2.6.38.6/net/rxrpc/rxkad.c linux-2.6.38.6/net/rxrpc/rxk= ad.c --- linux-2.6.38.6/net/rxrpc/rxkad.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/net/rxrpc/rxkad.c 2011-04-28 19:57:25.000000000 -0400 -@@ -610,7 +610,7 @@ static int rxkad_issue_challenge(struct=20 ++++ linux-2.6.38.6/net/rxrpc/rxkad.c 2011-05-16 21:47:08.000000000 -0400 +@@ -211,6 +211,8 @@ static int rxkad_secure_packet_encrypt(c + u16 check; + int nsg; +=20 ++ pax_track_stack(); ++ + sp =3D rxrpc_skb(skb); +=20 + _enter(""); +@@ -338,6 +340,8 @@ static int rxkad_verify_packet_auth(cons + u16 check; + int nsg; +=20 ++ pax_track_stack(); ++ + _enter(""); +=20 + sp =3D rxrpc_skb(skb); +@@ -610,7 +614,7 @@ static int rxkad_issue_challenge(struct=20 =20 len =3D iov[0].iov_len + iov[1].iov_len; =20 @@ -65966,7 +68881,7 @@ diff -urNp linux-2.6.38.6/net/rxrpc/rxkad.c linux= -2.6.38.6/net/rxrpc/rxkad.c _proto("Tx CHALLENGE %%%u", ntohl(hdr.serial)); =20 ret =3D kernel_sendmsg(conn->trans->local->socket, &msg, iov, 2, len); -@@ -660,7 +660,7 @@ static int rxkad_send_response(struct rx +@@ -660,7 +664,7 @@ static int rxkad_send_response(struct rx =20 len =3D iov[0].iov_len + iov[1].iov_len + iov[2].iov_len; =20 @@ -66020,7 +68935,7 @@ diff -urNp linux-2.6.38.6/net/sctp/socket.c linux= -2.6.38.6/net/sctp/socket.c cnt++; diff -urNp linux-2.6.38.6/net/socket.c linux-2.6.38.6/net/socket.c --- linux-2.6.38.6/net/socket.c 2011-04-18 17:27:16.000000000 -0400 -+++ linux-2.6.38.6/net/socket.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/net/socket.c 2011-05-16 21:47:09.000000000 -0400 @@ -88,6 +88,7 @@ #include #include @@ -66171,6 +69086,15 @@ diff -urNp linux-2.6.38.6/net/socket.c linux-2.6= .38.6/net/socket.c err =3D security_socket_connect(sock, (struct sockaddr *)&address, addrlen= ); if (err) +@@ -1877,6 +1937,8 @@ SYSCALL_DEFINE3(sendmsg, int, fd, struct + int err, ctl_len, iov_size, total_len; + int fput_needed; +=20 ++ pax_track_stack(); ++ + err =3D -EFAULT; + if (MSG_CMSG_COMPAT & flags) { + if (get_compat_msghdr(&msg_sys, msg_compat)) diff -urNp linux-2.6.38.6/net/sunrpc/sched.c linux-2.6.38.6/net/sunrpc/s= ched.c --- linux-2.6.38.6/net/sunrpc/sched.c 2011-04-18 17:27:14.000000000 -040= 0 +++ linux-2.6.38.6/net/sunrpc/sched.c 2011-04-28 19:34:15.000000000 -040= 0 @@ -66582,6 +69506,27 @@ diff -urNp linux-2.6.38.6/net/xfrm/xfrm_policy.c= linux-2.6.38.6/net/xfrm/xfrm_po } } =20 +diff -urNp linux-2.6.38.6/net/xfrm/xfrm_user.c linux-2.6.38.6/net/xfrm/x= frm_user.c +--- linux-2.6.38.6/net/xfrm/xfrm_user.c 2011-03-14 21:20:32.000000000 -0= 400 ++++ linux-2.6.38.6/net/xfrm/xfrm_user.c 2011-05-16 21:47:09.000000000 -0= 400 +@@ -1309,6 +1309,8 @@ static int copy_to_user_tmpl(struct xfrm + struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; + int i; +=20 ++ pax_track_stack(); ++ + if (xp->xfrm_nr =3D=3D 0) + return 0; +=20 +@@ -1957,6 +1959,8 @@ static int xfrm_do_migrate(struct sk_buf + int err; + int n =3D 0; +=20 ++ pax_track_stack(); ++ + if (attrs[XFRMA_MIGRATE] =3D=3D NULL) + return -EINVAL; +=20 diff -urNp linux-2.6.38.6/scripts/basic/fixdep.c linux-2.6.38.6/scripts/= basic/fixdep.c --- linux-2.6.38.6/scripts/basic/fixdep.c 2011-03-14 21:20:32.000000000 = -0400 +++ linux-2.6.38.6/scripts/basic/fixdep.c 2011-04-28 19:34:15.000000000 = -0400 @@ -67544,6 +70489,30 @@ diff -urNp linux-2.6.38.6/security/selinux/hooks= .c linux-2.6.38.6/security/selin .name =3D "selinux", =20 .ptrace_access_check =3D selinux_ptrace_access_check, +diff -urNp linux-2.6.38.6/security/selinux/include/xfrm.h linux-2.6.38.6= /security/selinux/include/xfrm.h +--- linux-2.6.38.6/security/selinux/include/xfrm.h 2011-03-14 21:20:32.0= 00000000 -0400 ++++ linux-2.6.38.6/security/selinux/include/xfrm.h 2011-05-18 20:23:44.0= 00000000 -0400 +@@ -48,7 +48,7 @@ int selinux_xfrm_decode_session(struct s +=20 + static inline void selinux_xfrm_notify_policyload(void) + { +- atomic_inc(&flow_cache_genid); ++ atomic_inc_unchecked(&flow_cache_genid); + } + #else + static inline int selinux_xfrm_enabled(void) +diff -urNp linux-2.6.38.6/security/selinux/ss/services.c linux-2.6.38.6/= security/selinux/ss/services.c +--- linux-2.6.38.6/security/selinux/ss/services.c 2011-03-14 21:20:32.00= 0000000 -0400 ++++ linux-2.6.38.6/security/selinux/ss/services.c 2011-05-16 21:47:09.00= 0000000 -0400 +@@ -1769,6 +1769,8 @@ int security_load_policy(void *data, siz + int rc =3D 0; + struct policy_file file =3D { data, len }, *fp =3D &file; +=20 ++ pax_track_stack(); ++ + if (!ss_initialized) { + avtab_cache_init(); + rc =3D policydb_read(&policydb, fp); diff -urNp linux-2.6.38.6/security/smack/smack_lsm.c linux-2.6.38.6/secu= rity/smack/smack_lsm.c --- linux-2.6.38.6/security/smack/smack_lsm.c 2011-03-14 21:20:32.000000= 000 -0400 +++ linux-2.6.38.6/security/smack/smack_lsm.c 2011-04-28 19:34:15.000000= 000 -0400 diff --git a/2.6.38/4422_grsec-mute-warnings.patch b/2.6.38/4422_grsec-mu= te-warnings.patch index 765b7b9..dc7c90f 100644 --- a/2.6.38/4422_grsec-mute-warnings.patch +++ b/2.6.38/4422_grsec-mute-warnings.patch @@ -1,5 +1,5 @@ From: Anthony G. Basile -Updated patch for 2.6.32.39. +Updated patch for 2.6.38.6 =20 The credits/description from the original version of this patch remain a= ccurate and are included below. @@ -29,14 +29,14 @@ warning flags of vanilla kernel versions. Acked-by: Christian Heim --- =20 ---- a/Makefile 2011-04-27 22:52:14.000000000 -0400 -+++ b/Makefile 2011-04-27 23:01:48.000000000 -0400 +--- a/Makefile 2011-05-20 08:12:41.000000000 -0400 ++++ b/Makefile 2011-05-20 08:18:18.000000000 -0400 @@ -233,7 +233,7 @@ =20 HOSTCC =3D gcc HOSTCXX =3D g++ --HOSTCFLAGS =3D -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno= -empty-body -Wno-missing-field-initializers -Wno-unused-parameter -Wno-mi= ssing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointe= r-checks -+HOSTCFLAGS =3D -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-em= pty-body -Wno-missing-field-initializers -Wno-unused-parameter -Wno-missi= ng-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-c= hecks +-HOSTCFLAGS =3D -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno= -empty-body -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fo= mit-frame-pointer -fno-delete-null-pointer-checks ++HOSTCFLAGS =3D -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-em= pty-body -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit= -frame-pointer -fno-delete-null-pointer-checks HOSTCXXFLAGS =3D -O2 -fno-delete-null-pointer-checks =20 # Decide whether to build built-in, modular, or both.