* [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.0.4/
@ 2011-09-04 12:34 Anthony G. Basile
0 siblings, 0 replies; 8+ messages in thread
From: Anthony G. Basile @ 2011-09-04 12:34 UTC (permalink / raw
To: gentoo-commits
commit: 4cf4ce297dfb5c629f33cfa08fbd7205b23bb3a7
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 4 12:33:08 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 4 12:33:08 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=4cf4ce29
Grsec/PaX: grsecurity-2.2.2-2.6.32.46-201109021814 + grsecurity-2.2.2-3.0.4-201109011725
---
2.6.32/0000_README | 2 +-
..._grsecurity-2.2.2-2.6.32.46-201109021814.patch} | 117 ++++++++++++++------
3.0.4/0000_README | 2 +-
...4420_grsecurity-2.2.2-3.0.4-201109011725.patch} | 108 +++++++++---------
4 files changed, 138 insertions(+), 91 deletions(-)
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 81874c9..ca3d4a1 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -11,7 +11,7 @@ Patch: 1044_linux-2.6.32.45.patch
From: http://www.kernel.org
Desc: Linux 2.6.39.45
-Patch: 4420_grsecurity-2.2.2-2.6.32.46-201108301903.patch
+Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109021814.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201108301903.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109021814.patch
similarity index 99%
rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201108301903.patch
rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109021814.patch
index abe67d0..505eaa4 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201108301903.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109021814.patch
@@ -37669,6 +37669,30 @@ diff -urNp linux-2.6.32.46/drivers/staging/vme/devices/vme_user.c linux-2.6.32.4
.open = vme_user_open,
.release = vme_user_release,
.read = vme_user_read,
+diff -urNp linux-2.6.32.46/drivers/staging/vt6655/hostap.c linux-2.6.32.46/drivers/staging/vt6655/hostap.c
+--- linux-2.6.32.46/drivers/staging/vt6655/hostap.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/drivers/staging/vt6655/hostap.c 2011-09-02 18:13:56.000000000 -0400
+@@ -84,7 +84,7 @@ static int hostap_enable_hostapd(PSDevic
+ PSDevice apdev_priv;
+ struct net_device *dev = pDevice->dev;
+ int ret;
+- const struct net_device_ops apdev_netdev_ops = {
++ static net_device_ops_no_const apdev_netdev_ops = {
+ .ndo_start_xmit = pDevice->tx_80211,
+ };
+
+diff -urNp linux-2.6.32.46/drivers/staging/vt6656/hostap.c linux-2.6.32.46/drivers/staging/vt6656/hostap.c
+--- linux-2.6.32.46/drivers/staging/vt6656/hostap.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/drivers/staging/vt6656/hostap.c 2011-09-02 18:13:35.000000000 -0400
+@@ -86,7 +86,7 @@ static int hostap_enable_hostapd(PSDevic
+ PSDevice apdev_priv;
+ struct net_device *dev = pDevice->dev;
+ int ret;
+- const struct net_device_ops apdev_netdev_ops = {
++ static net_device_ops_no_const apdev_netdev_ops = {
+ .ndo_start_xmit = pDevice->tx_80211,
+ };
+
diff -urNp linux-2.6.32.46/drivers/staging/wlan-ng/hfa384x_usb.c linux-2.6.32.46/drivers/staging/wlan-ng/hfa384x_usb.c
--- linux-2.6.32.46/drivers/staging/wlan-ng/hfa384x_usb.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/drivers/staging/wlan-ng/hfa384x_usb.c 2011-08-23 20:24:26.000000000 -0400
@@ -69459,7 +69483,7 @@ diff -urNp linux-2.6.32.46/localversion-grsec linux-2.6.32.46/localversion-grsec
+-grsec
diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
--- linux-2.6.32.46/Makefile 2011-08-29 22:24:44.000000000 -0400
-+++ linux-2.6.32.46/Makefile 2011-08-30 18:21:35.000000000 -0400
++++ linux-2.6.32.46/Makefile 2011-09-01 17:24:34.000000000 -0400
@@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
HOSTCC = gcc
@@ -69485,7 +69509,15 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
KBUILD_AFLAGS := -D__ASSEMBLY__
# Read KERNELRELEASE from include/config/kernel.release (if it exists)
-@@ -403,7 +406,7 @@ endif
+@@ -377,6 +380,7 @@ export RCS_TAR_IGNORE := --exclude SCCS
+
+ # Basic helpers built in scripts/
+ PHONY += scripts_basic
++scripts_basic: KBUILD_CFLAGS := $(filter-out $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN),$(KBUILD_CFLAGS))
+ scripts_basic:
+ $(Q)$(MAKE) $(build)=scripts/basic
+
+@@ -403,7 +407,7 @@ endif
# of make so .config is not included in this case either (for *config).
no-dot-config-targets := clean mrproper distclean \
@@ -69494,7 +69526,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
include/linux/version.h headers_% \
kernelrelease kernelversion
-@@ -526,6 +529,24 @@ else
+@@ -526,6 +530,24 @@ else
KBUILD_CFLAGS += -O2
endif
@@ -69504,7 +69536,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
+STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100
+endif
+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN
-+gcc-plugins: prepare
++gcc-plugins:
+ $(Q)$(MAKE) $(build)=tools/gcc
+else
+gcc-plugins:
@@ -69519,7 +69551,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
include $(srctree)/arch/$(SRCARCH)/Makefile
ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -644,7 +665,7 @@ export mod_strip_cmd
+@@ -644,7 +666,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -69528,7 +69560,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -840,6 +861,8 @@ define rule_vmlinux-modpost
+@@ -840,6 +862,8 @@ define rule_vmlinux-modpost
endef
# vmlinux image - including updated kernel symbols
@@ -69537,35 +69569,25 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
vmlinux: $(vmlinux-lds) $(vmlinux-init) $(vmlinux-main) vmlinux.o $(kallsyms.o) FORCE
ifdef CONFIG_HEADERS_CHECK
$(Q)$(MAKE) -f $(srctree)/Makefile headers_check
-@@ -865,7 +888,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-mai
-
- # The actual objects are generated when descending,
- # make sure no implicit rule kicks in
--$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
-+$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): prepare scripts $(vmlinux-dirs) ;
-
- # Handle descending into subdirectories listed in $(vmlinux-dirs)
- # Preset locale variables to speed up the build process. Limit locale
-@@ -874,7 +897,7 @@ $(sort $(vmlinux-init) $(vmlinux-main))
+@@ -874,7 +898,8 @@ $(sort $(vmlinux-init) $(vmlinux-main))
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
-$(vmlinux-dirs): prepare scripts
-+$(vmlinux-dirs): gcc-plugins
++$(vmlinux-dirs): KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++$(vmlinux-dirs): gcc-plugins prepare scripts
$(Q)$(MAKE) $(build)=$@
# Build the kernel release string
-@@ -1124,7 +1147,8 @@ all: modules
- # using awk while concatenating to the final file.
+@@ -983,6 +1008,7 @@ prepare0: archprepare FORCE
+ $(Q)$(MAKE) $(build)=. missing-syscalls
- PHONY += modules
--modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux)
-+$(vmlinux-dirs): KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
-+modules: prepare scripts $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux)
- $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
- @$(kecho) ' Building modules, stage 2.';
- $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1133,7 +1157,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_B
+ # All the preparing..
++prepare: KBUILD_CFLAGS := $(filter-out $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN),$(KBUILD_CFLAGS))
+ prepare: prepare0
+
+ # The asm symlink changes when $(ARCH) changes.
+@@ -1133,7 +1159,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_B
# Target to prepare building external modules
PHONY += modules_prepare
@@ -69574,7 +69596,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
# Target to install modules
PHONY += modules_install
-@@ -1198,7 +1222,7 @@ MRPROPER_FILES += .config .config.old in
+@@ -1198,7 +1224,7 @@ MRPROPER_FILES += .config .config.old in
include/linux/autoconf.h include/linux/version.h \
include/linux/utsrelease.h \
include/linux/bounds.h include/asm*/asm-offsets.h \
@@ -69583,7 +69605,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
# clean - Delete most, but leave enough to build external modules
#
-@@ -1242,7 +1266,7 @@ distclean: mrproper
+@@ -1242,7 +1268,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -69592,7 +69614,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1289,6 +1313,7 @@ help:
+@@ -1289,6 +1315,7 @@ help:
@echo ' modules_prepare - Set up for building external modules'
@echo ' tags/TAGS - Generate tags file for editors'
@echo ' cscope - Generate cscope index'
@@ -69600,7 +69622,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
@echo ' kernelrelease - Output the release version string'
@echo ' kernelversion - Output the version stored in Makefile'
@echo ' headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \
-@@ -1390,6 +1415,7 @@ PHONY += $(module-dirs) modules
+@@ -1390,6 +1417,7 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -69608,7 +69630,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1445,7 +1471,7 @@ endif # KBUILD_EXTMOD
+@@ -1445,7 +1473,7 @@ endif # KBUILD_EXTMOD
quiet_cmd_tags = GEN $@
cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@
@@ -69617,7 +69639,13 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
$(call cmd,tags)
# Scripts to check various things for consistency
-@@ -1514,13 +1540,14 @@ endif
+@@ -1510,17 +1538,19 @@ else
+ target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
+ endif
+
+-%.s: %.c prepare scripts FORCE
++%.s: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++%.s: %.c gcc-plugins prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.i: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
@@ -69627,13 +69655,30 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.lst: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
- %.s: %.S prepare scripts FORCE
+-%.s: %.S prepare scripts FORCE
++%.s: %.S gcc-plugins prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-%.o: %.S prepare scripts FORCE
+%.o: %.S gcc-plugins prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+@@ -1530,11 +1560,13 @@ endif
+ $(cmd_crmodverdir)
+ $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ $(build)=$(build-dir)
+-%/: prepare scripts FORCE
++%/: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++%/: gcc-plugins prepare scripts FORCE
+ $(cmd_crmodverdir)
+ $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ $(build)=$(build-dir)
+-%.ko: prepare scripts FORCE
++%.ko: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++%.ko: gcc-plugins prepare scripts FORCE
+ $(cmd_crmodverdir)
+ $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ $(build)=$(build-dir) $(@:.ko=.o)
diff -urNp linux-2.6.32.46/mm/backing-dev.c linux-2.6.32.46/mm/backing-dev.c
--- linux-2.6.32.46/mm/backing-dev.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/mm/backing-dev.c 2011-08-11 19:48:17.000000000 -0400
@@ -76938,10 +76983,10 @@ diff -urNp linux-2.6.32.46/scripts/basic/fixdep.c linux-2.6.32.46/scripts/basic/
fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n",
diff -urNp linux-2.6.32.46/scripts/gcc-plugin.sh linux-2.6.32.46/scripts/gcc-plugin.sh
--- linux-2.6.32.46/scripts/gcc-plugin.sh 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/scripts/gcc-plugin.sh 2011-08-23 20:24:19.000000000 -0400
++++ linux-2.6.32.46/scripts/gcc-plugin.sh 2011-08-31 18:38:41.000000000 -0400
@@ -0,0 +1,2 @@
+#!/bin/sh
-+echo "#include \"gcc-plugin.h\"" | $* -x c -shared - -o /dev/null -I`$* -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y"
++echo "#include \"gcc-plugin.h\"\n#include \"rtl.h\"" | $* -x c -shared - -o /dev/null -I`$* -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y"
diff -urNp linux-2.6.32.46/scripts/Makefile.build linux-2.6.32.46/scripts/Makefile.build
--- linux-2.6.32.46/scripts/Makefile.build 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/scripts/Makefile.build 2011-08-23 20:45:11.000000000 -0400
diff --git a/3.0.4/0000_README b/3.0.4/0000_README
index b6f610b..af75e4e 100644
--- a/3.0.4/0000_README
+++ b/3.0.4/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-3.0.4-201108301903.patch
+Patch: 4420_grsecurity-2.2.2-3.0.4-201109011725.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201108301903.patch b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109011725.patch
similarity index 99%
rename from 3.0.4/4420_grsecurity-2.2.2-3.0.4-201108301903.patch
rename to 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109011725.patch
index 8d93a7b..1e39265 100644
--- a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201108301903.patch
+++ b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109011725.patch
@@ -9898,17 +9898,6 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess.h linux-3.0.4/arch/x86/inclu
} while (0)
#ifdef CONFIG_X86_WP_WORKS_OK
-diff -urNp linux-3.0.4/arch/x86/include/asm/vgtod.h linux-3.0.4/arch/x86/include/asm/vgtod.h
---- linux-3.0.4/arch/x86/include/asm/vgtod.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/include/asm/vgtod.h 2011-08-23 21:47:55.000000000 -0400
-@@ -14,6 +14,7 @@ struct vsyscall_gtod_data {
- int sysctl_enabled;
- struct timezone sys_tz;
- struct { /* extract of a clocksource struct */
-+ char name[8];
- cycle_t (*vread)(void);
- cycle_t cycle_last;
- cycle_t mask;
diff -urNp linux-3.0.4/arch/x86/include/asm/x86_init.h linux-3.0.4/arch/x86/include/asm/x86_init.h
--- linux-3.0.4/arch/x86/include/asm/x86_init.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/include/asm/x86_init.h 2011-08-23 21:47:55.000000000 -0400
@@ -57814,16 +57803,8 @@ diff -urNp linux-3.0.4/include/net/lapb.h linux-3.0.4/include/net/lapb.h
struct lapb_frame frmr_data;
diff -urNp linux-3.0.4/include/net/neighbour.h linux-3.0.4/include/net/neighbour.h
--- linux-3.0.4/include/net/neighbour.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/include/net/neighbour.h 2011-08-26 19:49:56.000000000 -0400
-@@ -117,14 +117,14 @@ struct neighbour {
- };
-
- struct neigh_ops {
-- int family;
-+ const int family;
- void (*solicit)(struct neighbour *, struct sk_buff*);
- void (*error_report)(struct neighbour *, struct sk_buff*);
- int (*output)(struct sk_buff*);
++++ linux-3.0.4/include/net/neighbour.h 2011-08-31 18:39:25.000000000 -0400
+@@ -124,7 +124,7 @@ struct neigh_ops {
int (*connected_output)(struct sk_buff*);
int (*hh_output)(struct sk_buff*);
int (*queue_xmit)(struct sk_buff*);
@@ -63160,7 +63141,7 @@ diff -urNp linux-3.0.4/localversion-grsec linux-3.0.4/localversion-grsec
+-grsec
diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
--- linux-3.0.4/Makefile 2011-08-29 23:26:13.000000000 -0400
-+++ linux-3.0.4/Makefile 2011-08-30 18:24:49.000000000 -0400
++++ linux-3.0.4/Makefile 2011-09-01 17:26:49.000000000 -0400
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
HOSTCC = gcc
@@ -63186,7 +63167,15 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
KBUILD_AFLAGS_KERNEL :=
KBUILD_CFLAGS_KERNEL :=
KBUILD_AFLAGS := -D__ASSEMBLY__
-@@ -564,6 +567,24 @@ else
+@@ -408,6 +411,7 @@ export RCS_TAR_IGNORE := --exclude SCCS
+
+ # Basic helpers built in scripts/
+ PHONY += scripts_basic
++scripts_basic: KBUILD_CFLAGS := $(filter-out $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN),$(KBUILD_CFLAGS))
+ scripts_basic:
+ $(Q)$(MAKE) $(build)=scripts/basic
+ $(Q)rm -f .tmp_quiet_recordmcount
+@@ -564,6 +568,24 @@ else
KBUILD_CFLAGS += -O2
endif
@@ -63196,7 +63185,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
+STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100
+endif
+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN
-+gcc-plugins: prepare
++gcc-plugins:
+ $(Q)$(MAKE) $(build)=tools/gcc
+else
+gcc-plugins:
@@ -63211,7 +63200,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
include $(srctree)/arch/$(SRCARCH)/Makefile
ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -708,7 +729,7 @@ export mod_strip_cmd
+@@ -708,7 +730,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -63220,7 +63209,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -907,6 +928,8 @@ define rule_vmlinux-modpost
+@@ -907,6 +929,8 @@ define rule_vmlinux-modpost
endef
# vmlinux image - including updated kernel symbols
@@ -63229,35 +63218,25 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
vmlinux: $(vmlinux-lds) $(vmlinux-init) $(vmlinux-main) vmlinux.o $(kallsyms.o) FORCE
ifdef CONFIG_HEADERS_CHECK
$(Q)$(MAKE) -f $(srctree)/Makefile headers_check
-@@ -932,7 +955,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-mai
-
- # The actual objects are generated when descending,
- # make sure no implicit rule kicks in
--$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
-+$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): prepare scripts $(vmlinux-dirs) ;
-
- # Handle descending into subdirectories listed in $(vmlinux-dirs)
- # Preset locale variables to speed up the build process. Limit locale
-@@ -941,7 +964,7 @@ $(sort $(vmlinux-init) $(vmlinux-main))
+@@ -941,7 +965,8 @@ $(sort $(vmlinux-init) $(vmlinux-main))
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
-$(vmlinux-dirs): prepare scripts
-+$(vmlinux-dirs): gcc-plugins
++$(vmlinux-dirs): KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++$(vmlinux-dirs): gcc-plugins prepare scripts
$(Q)$(MAKE) $(build)=$@
# Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -1087,7 +1110,8 @@ all: modules
- # using awk while concatenating to the final file.
+@@ -986,6 +1011,7 @@ prepare0: archprepare FORCE
+ $(Q)$(MAKE) $(build)=. missing-syscalls
- PHONY += modules
--modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
-+$(vmlinux-dirs): KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
-+modules: prepare scripts $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
- $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
- @$(kecho) ' Building modules, stage 2.';
- $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1102,7 +1126,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
+ # All the preparing..
++prepare: KBUILD_CFLAGS := $(filter-out $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN),$(KBUILD_CFLAGS))
+ prepare: prepare0
+
+ # Generate some files
+@@ -1102,7 +1128,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
# Target to prepare building external modules
PHONY += modules_prepare
@@ -63266,7 +63245,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
# Target to install modules
PHONY += modules_install
-@@ -1198,7 +1222,7 @@ distclean: mrproper
+@@ -1198,7 +1224,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -63275,7 +63254,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1359,6 +1383,7 @@ PHONY += $(module-dirs) modules
+@@ -1359,6 +1385,7 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -63283,7 +63262,13 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1489,13 +1514,14 @@ endif
+@@ -1485,17 +1512,19 @@ else
+ target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
+ endif
+
+-%.s: %.c prepare scripts FORCE
++%.s: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++%.s: %.c gcc-plugins prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.i: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
@@ -63293,13 +63278,30 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.lst: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
- %.s: %.S prepare scripts FORCE
+-%.s: %.S prepare scripts FORCE
++%.s: %.S gcc-plugins prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-%.o: %.S prepare scripts FORCE
+%.o: %.S gcc-plugins prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+@@ -1505,11 +1534,13 @@ endif
+ $(cmd_crmodverdir)
+ $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ $(build)=$(build-dir)
+-%/: prepare scripts FORCE
++%/: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++%/: gcc-plugins prepare scripts FORCE
+ $(cmd_crmodverdir)
+ $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ $(build)=$(build-dir)
+-%.ko: prepare scripts FORCE
++%.ko: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++%.ko: gcc-plugins prepare scripts FORCE
+ $(cmd_crmodverdir)
+ $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ $(build)=$(build-dir) $(@:.ko=.o)
diff -urNp linux-3.0.4/mm/filemap.c linux-3.0.4/mm/filemap.c
--- linux-3.0.4/mm/filemap.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/mm/filemap.c 2011-08-23 21:48:14.000000000 -0400
@@ -70892,10 +70894,10 @@ diff -urNp linux-3.0.4/scripts/basic/fixdep.c linux-3.0.4/scripts/basic/fixdep.c
fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n",
diff -urNp linux-3.0.4/scripts/gcc-plugin.sh linux-3.0.4/scripts/gcc-plugin.sh
--- linux-3.0.4/scripts/gcc-plugin.sh 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/scripts/gcc-plugin.sh 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/scripts/gcc-plugin.sh 2011-08-31 18:39:25.000000000 -0400
@@ -0,0 +1,2 @@
+#!/bin/sh
-+echo "#include \"gcc-plugin.h\"" | $* -x c -shared - -o /dev/null -I`$* -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y"
++echo "#include \"gcc-plugin.h\"\n#include \"rtl.h\"" | $* -x c -shared - -o /dev/null -I`$* -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y"
diff -urNp linux-3.0.4/scripts/Makefile.build linux-3.0.4/scripts/Makefile.build
--- linux-3.0.4/scripts/Makefile.build 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/scripts/Makefile.build 2011-08-23 21:47:56.000000000 -0400
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.0.4/
@ 2011-09-15 17:57 Anthony G. Basile
0 siblings, 0 replies; 8+ messages in thread
From: Anthony G. Basile @ 2011-09-15 17:57 UTC (permalink / raw
To: gentoo-commits
commit: 2d55c386371d094e542fe96e90ba4ff3c2278fe3
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 15 17:56:05 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Sep 15 17:56:05 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=2d55c386
Grsec/PaX: grsecurity-2.2.2-2.6.32.46-201109150655 + grsecurity-2.2.2-3.0.4-201109150655
---
2.6.32/0000_README | 2 +-
..._grsecurity-2.2.2-2.6.32.46-201109150655.patch} | 264 ++++---
2.6.32/4423_grsec-remove-protected-paths.patch | 18 +-
3.0.4/0000_README | 2 +-
...4420_grsecurity-2.2.2-3.0.4-201109150655.patch} | 757 ++++++++++++++------
3.0.4/4423_grsec-remove-protected-paths.patch | 18 +-
6 files changed, 705 insertions(+), 356 deletions(-)
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index ca3d4a1..160c256 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -11,7 +11,7 @@ Patch: 1044_linux-2.6.32.45.patch
From: http://www.kernel.org
Desc: Linux 2.6.39.45
-Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109021814.patch
+Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109021814.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch
similarity index 99%
rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109021814.patch
rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch
index 505eaa4..bcff015 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109021814.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch
@@ -37671,25 +37671,25 @@ diff -urNp linux-2.6.32.46/drivers/staging/vme/devices/vme_user.c linux-2.6.32.4
.read = vme_user_read,
diff -urNp linux-2.6.32.46/drivers/staging/vt6655/hostap.c linux-2.6.32.46/drivers/staging/vt6655/hostap.c
--- linux-2.6.32.46/drivers/staging/vt6655/hostap.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/drivers/staging/vt6655/hostap.c 2011-09-02 18:13:56.000000000 -0400
++++ linux-2.6.32.46/drivers/staging/vt6655/hostap.c 2011-09-14 09:51:07.000000000 -0400
@@ -84,7 +84,7 @@ static int hostap_enable_hostapd(PSDevic
PSDevice apdev_priv;
struct net_device *dev = pDevice->dev;
int ret;
- const struct net_device_ops apdev_netdev_ops = {
-+ static net_device_ops_no_const apdev_netdev_ops = {
++ net_device_ops_no_const apdev_netdev_ops = {
.ndo_start_xmit = pDevice->tx_80211,
};
diff -urNp linux-2.6.32.46/drivers/staging/vt6656/hostap.c linux-2.6.32.46/drivers/staging/vt6656/hostap.c
--- linux-2.6.32.46/drivers/staging/vt6656/hostap.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/drivers/staging/vt6656/hostap.c 2011-09-02 18:13:35.000000000 -0400
++++ linux-2.6.32.46/drivers/staging/vt6656/hostap.c 2011-09-14 09:49:53.000000000 -0400
@@ -86,7 +86,7 @@ static int hostap_enable_hostapd(PSDevic
PSDevice apdev_priv;
struct net_device *dev = pDevice->dev;
int ret;
- const struct net_device_ops apdev_netdev_ops = {
-+ static net_device_ops_no_const apdev_netdev_ops = {
++ net_device_ops_no_const apdev_netdev_ops = {
.ndo_start_xmit = pDevice->tx_80211,
};
@@ -47045,7 +47045,7 @@ diff -urNp linux-2.6.32.46/fs/ocfs2/super.c linux-2.6.32.46/fs/ocfs2/super.c
osb->osb_ecc_stats = *stats;
diff -urNp linux-2.6.32.46/fs/open.c linux-2.6.32.46/fs/open.c
--- linux-2.6.32.46/fs/open.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/fs/open.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/fs/open.c 2011-09-13 16:03:56.000000000 -0400
@@ -275,6 +275,10 @@ static long do_sys_truncate(const char _
error = locks_verify_truncate(inode, NULL, length);
if (!error)
@@ -47090,18 +47090,13 @@ diff -urNp linux-2.6.32.46/fs/open.c linux-2.6.32.46/fs/open.c
if (!error)
set_fs_pwd(current->fs, &file->f_path);
out_putf:
-@@ -588,7 +604,18 @@ SYSCALL_DEFINE1(chroot, const char __use
+@@ -588,7 +604,13 @@ SYSCALL_DEFINE1(chroot, const char __use
if (!capable(CAP_SYS_CHROOT))
goto dput_and_out;
+ if (gr_handle_chroot_chroot(path.dentry, path.mnt))
+ goto dput_and_out;
+
-+ if (gr_handle_chroot_caps(&path)) {
-+ error = -ENOMEM;
-+ goto dput_and_out;
-+ }
-+
set_fs_root(current->fs, &path);
+
+ gr_handle_chroot_chdir(&path);
@@ -47109,7 +47104,7 @@ diff -urNp linux-2.6.32.46/fs/open.c linux-2.6.32.46/fs/open.c
error = 0;
dput_and_out:
path_put(&path);
-@@ -616,12 +643,27 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
+@@ -616,12 +638,27 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
err = mnt_want_write_file(file);
if (err)
goto out_putf;
@@ -47137,7 +47132,7 @@ diff -urNp linux-2.6.32.46/fs/open.c linux-2.6.32.46/fs/open.c
mutex_unlock(&inode->i_mutex);
mnt_drop_write(file->f_path.mnt);
out_putf:
-@@ -645,12 +687,27 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
+@@ -645,12 +682,27 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
error = mnt_want_write(path.mnt);
if (error)
goto dput_and_out;
@@ -47165,7 +47160,7 @@ diff -urNp linux-2.6.32.46/fs/open.c linux-2.6.32.46/fs/open.c
mutex_unlock(&inode->i_mutex);
mnt_drop_write(path.mnt);
dput_and_out:
-@@ -664,12 +721,15 @@ SYSCALL_DEFINE2(chmod, const char __user
+@@ -664,12 +716,15 @@ SYSCALL_DEFINE2(chmod, const char __user
return sys_fchmodat(AT_FDCWD, filename, mode);
}
@@ -47182,7 +47177,7 @@ diff -urNp linux-2.6.32.46/fs/open.c linux-2.6.32.46/fs/open.c
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
newattrs.ia_valid |= ATTR_UID;
-@@ -700,7 +760,7 @@ SYSCALL_DEFINE3(chown, const char __user
+@@ -700,7 +755,7 @@ SYSCALL_DEFINE3(chown, const char __user
error = mnt_want_write(path.mnt);
if (error)
goto out_release;
@@ -47191,7 +47186,7 @@ diff -urNp linux-2.6.32.46/fs/open.c linux-2.6.32.46/fs/open.c
mnt_drop_write(path.mnt);
out_release:
path_put(&path);
-@@ -725,7 +785,7 @@ SYSCALL_DEFINE5(fchownat, int, dfd, cons
+@@ -725,7 +780,7 @@ SYSCALL_DEFINE5(fchownat, int, dfd, cons
error = mnt_want_write(path.mnt);
if (error)
goto out_release;
@@ -47200,7 +47195,7 @@ diff -urNp linux-2.6.32.46/fs/open.c linux-2.6.32.46/fs/open.c
mnt_drop_write(path.mnt);
out_release:
path_put(&path);
-@@ -744,7 +804,7 @@ SYSCALL_DEFINE3(lchown, const char __use
+@@ -744,7 +799,7 @@ SYSCALL_DEFINE3(lchown, const char __use
error = mnt_want_write(path.mnt);
if (error)
goto out_release;
@@ -47209,7 +47204,7 @@ diff -urNp linux-2.6.32.46/fs/open.c linux-2.6.32.46/fs/open.c
mnt_drop_write(path.mnt);
out_release:
path_put(&path);
-@@ -767,7 +827,7 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd
+@@ -767,7 +822,7 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd
goto out_fput;
dentry = file->f_path.dentry;
audit_inode(NULL, dentry);
@@ -47218,7 +47213,7 @@ diff -urNp linux-2.6.32.46/fs/open.c linux-2.6.32.46/fs/open.c
mnt_drop_write(file->f_path.mnt);
out_fput:
fput(file);
-@@ -1036,7 +1096,10 @@ long do_sys_open(int dfd, const char __u
+@@ -1036,7 +1091,10 @@ long do_sys_open(int dfd, const char __u
if (!IS_ERR(tmp)) {
fd = get_unused_fd_flags(flags);
if (fd >= 0) {
@@ -47520,7 +47515,7 @@ diff -urNp linux-2.6.32.46/fs/proc/array.c linux-2.6.32.46/fs/proc/array.c
+#endif
diff -urNp linux-2.6.32.46/fs/proc/base.c linux-2.6.32.46/fs/proc/base.c
--- linux-2.6.32.46/fs/proc/base.c 2011-08-09 18:35:30.000000000 -0400
-+++ linux-2.6.32.46/fs/proc/base.c 2011-08-09 18:34:33.000000000 -0400
++++ linux-2.6.32.46/fs/proc/base.c 2011-09-13 14:51:06.000000000 -0400
@@ -102,6 +102,22 @@ struct pid_entry {
union proc_op op;
};
@@ -47586,7 +47581,7 @@ diff -urNp linux-2.6.32.46/fs/proc/base.c linux-2.6.32.46/fs/proc/base.c
+ if (PAX_RAND_FLAGS(mm) &&
+ (!(task->ptrace & PT_PTRACED) || (task->parent != current))) {
+ mmput(mm);
-+ return res;
++ return 0;
+ }
+#endif
+
@@ -53525,8 +53520,8 @@ diff -urNp linux-2.6.32.46/grsecurity/gracl.c linux-2.6.32.46/grsecurity/gracl.c
+
diff -urNp linux-2.6.32.46/grsecurity/gracl_cap.c linux-2.6.32.46/grsecurity/gracl_cap.c
--- linux-2.6.32.46/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/grsecurity/gracl_cap.c 2011-04-17 15:56:46.000000000 -0400
-@@ -0,0 +1,138 @@
++++ linux-2.6.32.46/grsecurity/gracl_cap.c 2011-09-14 08:53:50.000000000 -0400
+@@ -0,0 +1,101 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -53534,48 +53529,11 @@ diff -urNp linux-2.6.32.46/grsecurity/gracl_cap.c linux-2.6.32.46/grsecurity/gra
+#include <linux/grsecurity.h>
+#include <linux/grinternal.h>
+
-+static const char *captab_log[] = {
-+ "CAP_CHOWN",
-+ "CAP_DAC_OVERRIDE",
-+ "CAP_DAC_READ_SEARCH",
-+ "CAP_FOWNER",
-+ "CAP_FSETID",
-+ "CAP_KILL",
-+ "CAP_SETGID",
-+ "CAP_SETUID",
-+ "CAP_SETPCAP",
-+ "CAP_LINUX_IMMUTABLE",
-+ "CAP_NET_BIND_SERVICE",
-+ "CAP_NET_BROADCAST",
-+ "CAP_NET_ADMIN",
-+ "CAP_NET_RAW",
-+ "CAP_IPC_LOCK",
-+ "CAP_IPC_OWNER",
-+ "CAP_SYS_MODULE",
-+ "CAP_SYS_RAWIO",
-+ "CAP_SYS_CHROOT",
-+ "CAP_SYS_PTRACE",
-+ "CAP_SYS_PACCT",
-+ "CAP_SYS_ADMIN",
-+ "CAP_SYS_BOOT",
-+ "CAP_SYS_NICE",
-+ "CAP_SYS_RESOURCE",
-+ "CAP_SYS_TIME",
-+ "CAP_SYS_TTY_CONFIG",
-+ "CAP_MKNOD",
-+ "CAP_LEASE",
-+ "CAP_AUDIT_WRITE",
-+ "CAP_AUDIT_CONTROL",
-+ "CAP_SETFCAP",
-+ "CAP_MAC_OVERRIDE",
-+ "CAP_MAC_ADMIN"
-+};
-+
-+EXPORT_SYMBOL(gr_is_capable);
-+EXPORT_SYMBOL(gr_is_capable_nolog);
++extern const char *captab_log[];
++extern int captab_log_entries;
+
+int
-+gr_is_capable(const int cap)
++gr_acl_is_capable(const int cap)
+{
+ struct task_struct *task = current;
+ const struct cred *cred = current_cred();
@@ -53627,13 +53585,13 @@ diff -urNp linux-2.6.32.46/grsecurity/gracl_cap.c linux-2.6.32.46/grsecurity/gra
+ return 1;
+ }
+
-+ if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
++ if ((cap >= 0) && (cap < captab_log_entries) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
+ return 0;
+}
+
+int
-+gr_is_capable_nolog(const int cap)
++gr_acl_is_capable_nolog(const int cap)
+{
+ struct acl_subject_label *curracl;
+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
@@ -55126,8 +55084,8 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_chdir.c linux-2.6.32.46/grsecurity/g
+}
diff -urNp linux-2.6.32.46/grsecurity/grsec_chroot.c linux-2.6.32.46/grsecurity/grsec_chroot.c
--- linux-2.6.32.46/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/grsecurity/grsec_chroot.c 2011-07-18 17:14:10.000000000 -0400
-@@ -0,0 +1,384 @@
++++ linux-2.6.32.46/grsecurity/grsec_chroot.c 2011-09-15 06:48:16.000000000 -0400
+@@ -0,0 +1,386 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -55443,33 +55401,39 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_chroot.c linux-2.6.32.46/grsecurity/
+ return 0;
+}
+
++extern const char *captab_log[];
++extern int captab_log_entries;
++
+int
-+gr_handle_chroot_caps(struct path *path)
++gr_chroot_is_capable(const int cap)
+{
+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
-+ if (grsec_enable_chroot_caps && current->pid > 1 && current->fs != NULL &&
-+ (init_task.fs->root.dentry != path->dentry) &&
-+ (current->nsproxy->mnt_ns->root->mnt_root != path->dentry)) {
-+
++ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) {
+ kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
-+ const struct cred *old = current_cred();
-+ struct cred *new = prepare_creds();
-+ if (new == NULL)
-+ return 1;
-+
-+ new->cap_permitted = cap_drop(old->cap_permitted,
-+ chroot_caps);
-+ new->cap_inheritable = cap_drop(old->cap_inheritable,
-+ chroot_caps);
-+ new->cap_effective = cap_drop(old->cap_effective,
-+ chroot_caps);
-+
-+ commit_creds(new);
++ if (cap_raised(chroot_caps, cap)) {
++ const struct cred *creds = current_cred();
++ if (cap_raised(creds->cap_effective, cap) && cap < captab_log_entries) {
++ gr_log_cap(GR_DONT_AUDIT, GR_CAP_CHROOT_MSG, current, captab_log[cap]);
++ }
++ return 0;
++ }
++ }
++#endif
++ return 1;
++}
+
-+ return 0;
++int
++gr_chroot_is_capable_nolog(const int cap)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
++ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) {
++ kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
++ if (cap_raised(chroot_caps, cap)) {
++ return 0;
++ }
+ }
+#endif
-+ return 0;
++ return 1;
+}
+
+int
@@ -55508,10 +55472,6 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_chroot.c linux-2.6.32.46/grsecurity/
+#endif
+ return 0;
+}
-+
-+#ifdef CONFIG_SECURITY
-+EXPORT_SYMBOL(gr_handle_chroot_caps);
-+#endif
diff -urNp linux-2.6.32.46/grsecurity/grsec_disabled.c linux-2.6.32.46/grsecurity/grsec_disabled.c
--- linux-2.6.32.46/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-2.6.32.46/grsecurity/grsec_disabled.c 2011-04-17 15:56:46.000000000 -0400
@@ -55965,8 +55925,8 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_disabled.c linux-2.6.32.46/grsecurit
+#endif
diff -urNp linux-2.6.32.46/grsecurity/grsec_exec.c linux-2.6.32.46/grsecurity/grsec_exec.c
--- linux-2.6.32.46/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/grsecurity/grsec_exec.c 2011-08-11 19:57:19.000000000 -0400
-@@ -0,0 +1,132 @@
++++ linux-2.6.32.46/grsecurity/grsec_exec.c 2011-09-13 22:54:27.000000000 -0400
+@@ -0,0 +1,204 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -55978,6 +55938,7 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_exec.c linux-2.6.32.46/grsecurity/gr
+#include <linux/grinternal.h>
+#include <linux/capability.h>
+#include <linux/compat.h>
++#include <linux/module.h>
+
+#include <asm/uaccess.h>
+
@@ -56099,6 +56060,77 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_exec.c linux-2.6.32.46/grsecurity/gr
+ return;
+}
+#endif
++
++#ifdef CONFIG_GRKERNSEC
++extern int gr_acl_is_capable(const int cap);
++extern int gr_acl_is_capable_nolog(const int cap);
++extern int gr_chroot_is_capable(const int cap);
++extern int gr_chroot_is_capable_nolog(const int cap);
++#endif
++
++const char *captab_log[] = {
++ "CAP_CHOWN",
++ "CAP_DAC_OVERRIDE",
++ "CAP_DAC_READ_SEARCH",
++ "CAP_FOWNER",
++ "CAP_FSETID",
++ "CAP_KILL",
++ "CAP_SETGID",
++ "CAP_SETUID",
++ "CAP_SETPCAP",
++ "CAP_LINUX_IMMUTABLE",
++ "CAP_NET_BIND_SERVICE",
++ "CAP_NET_BROADCAST",
++ "CAP_NET_ADMIN",
++ "CAP_NET_RAW",
++ "CAP_IPC_LOCK",
++ "CAP_IPC_OWNER",
++ "CAP_SYS_MODULE",
++ "CAP_SYS_RAWIO",
++ "CAP_SYS_CHROOT",
++ "CAP_SYS_PTRACE",
++ "CAP_SYS_PACCT",
++ "CAP_SYS_ADMIN",
++ "CAP_SYS_BOOT",
++ "CAP_SYS_NICE",
++ "CAP_SYS_RESOURCE",
++ "CAP_SYS_TIME",
++ "CAP_SYS_TTY_CONFIG",
++ "CAP_MKNOD",
++ "CAP_LEASE",
++ "CAP_AUDIT_WRITE",
++ "CAP_AUDIT_CONTROL",
++ "CAP_SETFCAP",
++ "CAP_MAC_OVERRIDE",
++ "CAP_MAC_ADMIN"
++};
++
++int captab_log_entries = sizeof(captab_log)/sizeof(captab_log[0]);
++
++int gr_is_capable(const int cap)
++{
++#ifdef CONFIG_GRKERNSEC
++ if (gr_acl_is_capable(cap) && gr_chroot_is_capable(cap))
++ return 1;
++ return 0;
++#else
++ return 1;
++#endif
++}
++
++int gr_is_capable_nolog(const int cap)
++{
++#ifdef CONFIG_GRKERNSEC
++ if (gr_acl_is_capable_nolog(cap) && gr_chroot_is_capable_nolog(cap))
++ return 1;
++ return 0;
++#else
++ return 1;
++#endif
++}
++
++EXPORT_SYMBOL(gr_is_capable);
++EXPORT_SYMBOL(gr_is_capable_nolog);
diff -urNp linux-2.6.32.46/grsecurity/grsec_fifo.c linux-2.6.32.46/grsecurity/grsec_fifo.c
--- linux-2.6.32.46/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-2.6.32.46/grsecurity/grsec_fifo.c 2011-04-17 15:56:46.000000000 -0400
@@ -56477,8 +56509,8 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_link.c linux-2.6.32.46/grsecurity/gr
+}
diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grsec_log.c
--- linux-2.6.32.46/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/grsecurity/grsec_log.c 2011-05-10 21:58:49.000000000 -0400
-@@ -0,0 +1,310 @@
++++ linux-2.6.32.46/grsecurity/grsec_log.c 2011-09-14 23:16:01.000000000 -0400
+@@ -0,0 +1,313 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -56531,20 +56563,23 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grs
+ char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
+ char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
++ unsigned long curr_secs = get_seconds();
+
+ if (audit == GR_DO_AUDIT)
+ goto set_fmt;
+
-+ if (!grsec_alert_wtime || jiffies - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) {
-+ grsec_alert_wtime = jiffies;
++ if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
++ grsec_alert_wtime = curr_secs;
+ grsec_alert_fyet = 0;
-+ } else if ((jiffies - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
-+ grsec_alert_fyet++;
-+ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
-+ grsec_alert_wtime = jiffies;
-+ grsec_alert_fyet++;
-+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
-+ return FLOODING;
++ } else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
++ if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) {
++ grsec_alert_fyet++;
++ } else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
++ grsec_alert_wtime = curr_secs;
++ grsec_alert_fyet++;
++ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
++ return FLOODING;
++ }
+ } else return FLOODING;
+
+set_fmt:
@@ -58051,7 +58086,7 @@ diff -urNp linux-2.6.32.46/grsecurity/grsum.c linux-2.6.32.46/grsecurity/grsum.c
+}
diff -urNp linux-2.6.32.46/grsecurity/Kconfig linux-2.6.32.46/grsecurity/Kconfig
--- linux-2.6.32.46/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/grsecurity/Kconfig 2011-08-17 19:04:25.000000000 -0400
++++ linux-2.6.32.46/grsecurity/Kconfig 2011-09-15 00:00:38.000000000 -0400
@@ -0,0 +1,1037 @@
+#
+# grecurity configuration
@@ -58686,7 +58721,7 @@ diff -urNp linux-2.6.32.46/grsecurity/Kconfig linux-2.6.32.46/grsecurity/Kconfig
+ bool "Capability restrictions"
+ depends on GRKERNSEC_CHROOT
+ help
-+ If you say Y here, the capabilities on all root processes within a
++ If you say Y here, the capabilities on all processes within a
+ chroot jail will be lowered to stop module insertion, raw i/o,
+ system and net admin tasks, rebooting the system, modifying immutable
+ files, modifying IPC owned by another, and changing the system time.
@@ -59079,7 +59114,7 @@ diff -urNp linux-2.6.32.46/grsecurity/Kconfig linux-2.6.32.46/grsecurity/Kconfig
+
+config GRKERNSEC_FLOODBURST
+ int "Number of messages in a burst (maximum)"
-+ default 4
++ default 6
+ help
+ This option allows you to choose the maximum number of messages allowed
+ within the flood time interval you chose in a separate option. The
@@ -59092,8 +59127,8 @@ diff -urNp linux-2.6.32.46/grsecurity/Kconfig linux-2.6.32.46/grsecurity/Kconfig
+endmenu
diff -urNp linux-2.6.32.46/grsecurity/Makefile linux-2.6.32.46/grsecurity/Makefile
--- linux-2.6.32.46/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/grsecurity/Makefile 2011-08-21 18:54:34.000000000 -0400
-@@ -0,0 +1,34 @@
++++ linux-2.6.32.46/grsecurity/Makefile 2011-09-14 23:29:39.000000000 -0400
+@@ -0,0 +1,35 @@
+# grsecurity's ACL system was originally written in 2001 by Michael Dalton
+# during 2001-2009 it has been completely redesigned by Brad Spengler
+# into an RBAC system
@@ -59125,6 +59160,7 @@ diff -urNp linux-2.6.32.46/grsecurity/Makefile linux-2.6.32.46/grsecurity/Makefi
+$(obj)/grsec_hidesym.o:
+ @-chmod -f 500 /boot
+ @-chmod -f 500 /lib/modules
++ @-chmod -f 500 /lib64/modules
+ @-chmod -f 700 .
+ @echo ' grsec: protected kernel image paths'
+endif
@@ -61290,8 +61326,8 @@ diff -urNp linux-2.6.32.46/include/linux/grinternal.h linux-2.6.32.46/include/li
+#endif
diff -urNp linux-2.6.32.46/include/linux/grmsg.h linux-2.6.32.46/include/linux/grmsg.h
--- linux-2.6.32.46/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/include/linux/grmsg.h 2011-08-25 17:28:11.000000000 -0400
-@@ -0,0 +1,107 @@
++++ linux-2.6.32.46/include/linux/grmsg.h 2011-09-13 15:44:53.000000000 -0400
+@@ -0,0 +1,108 @@
+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
@@ -61384,6 +61420,7 @@ diff -urNp linux-2.6.32.46/include/linux/grmsg.h linux-2.6.32.46/include/linux/g
+#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4"
+#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
+#define GR_CAP_ACL_MSG "use of %s denied for "
++#define GR_CAP_CHROOT_MSG "use of %s in chroot denied for "
+#define GR_CAP_ACL_MSG2 "use of %s permitted for "
+#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
+#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
@@ -61401,8 +61438,8 @@ diff -urNp linux-2.6.32.46/include/linux/grmsg.h linux-2.6.32.46/include/linux/g
+#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
diff -urNp linux-2.6.32.46/include/linux/grsecurity.h linux-2.6.32.46/include/linux/grsecurity.h
--- linux-2.6.32.46/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/include/linux/grsecurity.h 2011-08-11 19:58:57.000000000 -0400
-@@ -0,0 +1,217 @@
++++ linux-2.6.32.46/include/linux/grsecurity.h 2011-09-13 16:03:42.000000000 -0400
+@@ -0,0 +1,216 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -61454,7 +61491,6 @@ diff -urNp linux-2.6.32.46/include/linux/grsecurity.h linux-2.6.32.46/include/li
+int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
+int gr_handle_chroot_chroot(const struct dentry *dentry,
+ const struct vfsmount *mnt);
-+int gr_handle_chroot_caps(struct path *path);
+void gr_handle_chroot_chdir(struct path *path);
+int gr_handle_chroot_chmod(const struct dentry *dentry,
+ const struct vfsmount *mnt, const int mode);
diff --git a/2.6.32/4423_grsec-remove-protected-paths.patch b/2.6.32/4423_grsec-remove-protected-paths.patch
index da4c861..abd9b99 100644
--- a/2.6.32/4423_grsec-remove-protected-paths.patch
+++ b/2.6.32/4423_grsec-remove-protected-paths.patch
@@ -1,20 +1,18 @@
-From: Anthony G. Basile <basile@opensource.dyc.edu>
+From: Anthony G. Basile <blueness@gentoo.org>
-We don't want to allow GRSEC's Makefile to change permissions on
-paths in the filesystem.
+We don't want GRSEC's Makefile to change permissions on paths in
+the filesystem.
---- a/grsecurity/Makefile 2010-05-21 06:52:24.000000000 -0400
-+++ b/grsecurity/Makefile 2010-05-21 06:54:54.000000000 -0400
-@@ -27,8 +27,8 @@
+diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile
+--- a/grsecurity/Makefile 2011-09-15 13:36:25.000000000 -0400
++++ b/grsecurity/Makefile 2011-09-15 13:44:58.000000000 -0400
+@@ -27,9 +27,4 @@
ifdef CONFIG_GRKERNSEC_HIDESYM
extra-y := grsec_hidesym.o
$(obj)/grsec_hidesym.o:
- @-chmod -f 500 /boot
- @-chmod -f 500 /lib/modules
+- @-chmod -f 500 /lib64/modules
- @-chmod -f 700 .
- @echo ' grsec: protected kernel image paths'
-+ # @-chmod -f 500 /boot
-+ # @-chmod -f 500 /lib/modules
-+ # @-chmod -f 700 .
-+ # @echo ' grsec: protected kernel image paths'
endif
diff --git a/3.0.4/0000_README b/3.0.4/0000_README
index af75e4e..2fff4cc 100644
--- a/3.0.4/0000_README
+++ b/3.0.4/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-3.0.4-201109011725.patch
+Patch: 4420_grsecurity-2.2.2-3.0.4-201109150655.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109011725.patch b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109150655.patch
similarity index 99%
rename from 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109011725.patch
rename to 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109150655.patch
index 1e39265..97156c7 100644
--- a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109011725.patch
+++ b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109150655.patch
@@ -3055,7 +3055,7 @@ diff -urNp linux-3.0.4/arch/sparc/include/asm/elf_32.h linux-3.0.4/arch/sparc/in
instruction set this cpu supports. This can NOT be done in userspace
on Sparc. */
diff -urNp linux-3.0.4/arch/sparc/include/asm/elf_64.h linux-3.0.4/arch/sparc/include/asm/elf_64.h
---- linux-3.0.4/arch/sparc/include/asm/elf_64.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/arch/sparc/include/asm/elf_64.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/arch/sparc/include/asm/elf_64.h 2011-08-23 21:47:55.000000000 -0400
@@ -180,6 +180,13 @@ typedef struct {
#define ELF_ET_DYN_BASE 0x0000010000000000UL
@@ -3794,7 +3794,7 @@ diff -urNp linux-3.0.4/arch/sparc/kernel/traps_64.c linux-3.0.4/arch/sparc/kerne
}
EXPORT_SYMBOL(die_if_kernel);
diff -urNp linux-3.0.4/arch/sparc/kernel/unaligned_64.c linux-3.0.4/arch/sparc/kernel/unaligned_64.c
---- linux-3.0.4/arch/sparc/kernel/unaligned_64.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/arch/sparc/kernel/unaligned_64.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/arch/sparc/kernel/unaligned_64.c 2011-08-23 21:48:14.000000000 -0400
@@ -279,7 +279,7 @@ static void log_unaligned(struct pt_regs
static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5);
@@ -4065,7 +4065,7 @@ diff -urNp linux-3.0.4/arch/sparc/lib/ksyms.c linux-3.0.4/arch/sparc/lib/ksyms.c
/* Atomic bit operations. */
diff -urNp linux-3.0.4/arch/sparc/lib/Makefile linux-3.0.4/arch/sparc/lib/Makefile
---- linux-3.0.4/arch/sparc/lib/Makefile 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/arch/sparc/lib/Makefile 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/arch/sparc/lib/Makefile 2011-08-23 21:47:55.000000000 -0400
@@ -2,7 +2,7 @@
#
@@ -10706,7 +10706,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/cpu/common.c linux-3.0.4/arch/x86/kernel/
if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) {
diff -urNp linux-3.0.4/arch/x86/kernel/cpu/intel.c linux-3.0.4/arch/x86/kernel/cpu/intel.c
---- linux-3.0.4/arch/x86/kernel/cpu/intel.c 2011-08-29 23:26:13.000000000 -0400
+--- linux-3.0.4/arch/x86/kernel/cpu/intel.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/arch/x86/kernel/cpu/intel.c 2011-08-29 23:30:14.000000000 -0400
@@ -172,7 +172,7 @@ static void __cpuinit trap_init_f00f_bug
* Update the IDT descriptor and reload the IDT so that
@@ -10850,7 +10850,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/cpu/mcheck/mce-inject.c linux-3.0.4/arch/
return 0;
}
diff -urNp linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c
---- linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c 2011-08-29 23:26:13.000000000 -0400
+--- linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c 2011-08-29 23:26:21.000000000 -0400
@@ -62,7 +62,7 @@ static DEFINE_MUTEX(mtrr_mutex);
u64 size_or_mask, size_and_mask;
@@ -20538,7 +20538,7 @@ diff -urNp linux-3.0.4/arch/x86/net/bpf_jit_comp.c linux-3.0.4/arch/x86/net/bpf_
sizeof(struct work_struct)));
if (!image)
diff -urNp linux-3.0.4/arch/x86/oprofile/backtrace.c linux-3.0.4/arch/x86/oprofile/backtrace.c
---- linux-3.0.4/arch/x86/oprofile/backtrace.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/arch/x86/oprofile/backtrace.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/arch/x86/oprofile/backtrace.c 2011-08-23 21:47:55.000000000 -0400
@@ -148,7 +148,7 @@ x86_backtrace(struct pt_regs * const reg
{
@@ -21313,7 +21313,7 @@ diff -urNp linux-3.0.4/arch/x86/vdso/vma.c linux-3.0.4/arch/x86/vdso/vma.c
-}
-__setup("vdso=", vdso_setup);
diff -urNp linux-3.0.4/arch/x86/xen/enlighten.c linux-3.0.4/arch/x86/xen/enlighten.c
---- linux-3.0.4/arch/x86/xen/enlighten.c 2011-08-29 23:26:13.000000000 -0400
+--- linux-3.0.4/arch/x86/xen/enlighten.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/arch/x86/xen/enlighten.c 2011-08-29 23:26:21.000000000 -0400
@@ -85,8 +85,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
@@ -21388,7 +21388,7 @@ diff -urNp linux-3.0.4/arch/x86/xen/enlighten.c linux-3.0.4/arch/x86/xen/enlight
#ifdef CONFIG_ACPI_NUMA
diff -urNp linux-3.0.4/arch/x86/xen/mmu.c linux-3.0.4/arch/x86/xen/mmu.c
---- linux-3.0.4/arch/x86/xen/mmu.c 2011-08-29 23:26:13.000000000 -0400
+--- linux-3.0.4/arch/x86/xen/mmu.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/arch/x86/xen/mmu.c 2011-08-29 23:26:21.000000000 -0400
@@ -1683,6 +1683,8 @@ pgd_t * __init xen_setup_kernel_pagetabl
convert_pfn_mfn(init_level4_pgt);
@@ -21427,7 +21427,7 @@ diff -urNp linux-3.0.4/arch/x86/xen/mmu.c linux-3.0.4/arch/x86/xen/mmu.c
.alloc_pud = xen_alloc_pmd_init,
.release_pud = xen_release_pmd_init,
diff -urNp linux-3.0.4/arch/x86/xen/smp.c linux-3.0.4/arch/x86/xen/smp.c
---- linux-3.0.4/arch/x86/xen/smp.c 2011-08-29 23:26:13.000000000 -0400
+--- linux-3.0.4/arch/x86/xen/smp.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/arch/x86/xen/smp.c 2011-08-29 23:26:21.000000000 -0400
@@ -193,11 +193,6 @@ static void __init xen_smp_prepare_boot_
{
@@ -21519,7 +21519,7 @@ diff -urNp linux-3.0.4/arch/x86/xen/xen-head.S linux-3.0.4/arch/x86/xen/xen-head
mov %rsi,xen_start_info
mov $init_thread_union+THREAD_SIZE,%rsp
diff -urNp linux-3.0.4/arch/x86/xen/xen-ops.h linux-3.0.4/arch/x86/xen/xen-ops.h
---- linux-3.0.4/arch/x86/xen/xen-ops.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/arch/x86/xen/xen-ops.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/arch/x86/xen/xen-ops.h 2011-08-23 21:47:55.000000000 -0400
@@ -10,8 +10,6 @@
extern const char xen_hypervisor_callback[];
@@ -23175,7 +23175,7 @@ diff -urNp linux-3.0.4/drivers/block/cciss.c linux-3.0.4/drivers/block/cciss.c
}
diff -urNp linux-3.0.4/drivers/block/cciss.h linux-3.0.4/drivers/block/cciss.h
---- linux-3.0.4/drivers/block/cciss.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/block/cciss.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/block/cciss.h 2011-08-23 21:47:55.000000000 -0400
@@ -100,7 +100,7 @@ struct ctlr_info
/* information about each logical volume */
@@ -23880,7 +23880,7 @@ diff -urNp linux-3.0.4/drivers/char/nvram.c linux-3.0.4/drivers/char/nvram.c
*ppos = i;
diff -urNp linux-3.0.4/drivers/char/random.c linux-3.0.4/drivers/char/random.c
---- linux-3.0.4/drivers/char/random.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/char/random.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/char/random.c 2011-08-23 21:48:14.000000000 -0400
@@ -261,8 +261,13 @@
/*
@@ -24172,7 +24172,7 @@ diff -urNp linux-3.0.4/drivers/firewire/core-card.c linux-3.0.4/drivers/firewire
card->driver->update_phy_reg(card, 4,
PHY_LINK_ACTIVE | PHY_CONTENDER, 0);
diff -urNp linux-3.0.4/drivers/firewire/core-cdev.c linux-3.0.4/drivers/firewire/core-cdev.c
---- linux-3.0.4/drivers/firewire/core-cdev.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/firewire/core-cdev.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/firewire/core-cdev.c 2011-08-23 21:47:55.000000000 -0400
@@ -1313,8 +1313,7 @@ static int init_iso_resource(struct clie
int ret;
@@ -24515,7 +24515,7 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_debugfs.c linux-3.0.4/drivers/g
if (IS_GEN6(dev)) {
seq_printf(m, "Graphics Interrupt mask (%s): %08x\n",
diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c
---- linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c 2011-08-23 21:47:55.000000000 -0400
@@ -1169,7 +1169,7 @@ static bool i915_switcheroo_can_switch(s
bool can_switch;
@@ -24578,7 +24578,7 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_gem_execbuffer.c linux-3.0.4/dr
/* The actual obj->write_domain will be updated with
* pending_write_domain after we emit the accumulated flush for all
diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c
---- linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c 2011-08-23 21:47:55.000000000 -0400
@@ -473,7 +473,7 @@ static irqreturn_t ivybridge_irq_handler
u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir;
@@ -24626,7 +24626,7 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c linux-3.0.4/drivers/gpu/d
INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func);
INIT_WORK(&dev_priv->error_work, i915_error_work_func);
diff -urNp linux-3.0.4/drivers/gpu/drm/i915/intel_display.c linux-3.0.4/drivers/gpu/drm/i915/intel_display.c
---- linux-3.0.4/drivers/gpu/drm/i915/intel_display.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/gpu/drm/i915/intel_display.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/gpu/drm/i915/intel_display.c 2011-08-23 21:47:55.000000000 -0400
@@ -1961,7 +1961,7 @@ intel_pipe_set_base(struct drm_crtc *crt
@@ -24974,7 +24974,7 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/radeon/radeon_atombios.c linux-3.0.4/driv
return false;
diff -urNp linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c
---- linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c 2011-08-23 21:47:55.000000000 -0400
@@ -678,7 +678,7 @@ static bool radeon_switcheroo_can_switch
bool can_switch;
@@ -24986,7 +24986,7 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c linux-3.0.4/driver
return can_switch;
}
diff -urNp linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c
---- linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c 2011-08-23 21:48:14.000000000 -0400
@@ -946,6 +946,8 @@ void radeon_compute_pll_legacy(struct ra
uint32_t post_div;
@@ -26766,7 +26766,7 @@ diff -urNp linux-3.0.4/drivers/lguest/x86/switcher_32.S linux-3.0.4/drivers/lgue
// Every interrupt can come to us here
// But we must truly tell each apart.
diff -urNp linux-3.0.4/drivers/md/dm.c linux-3.0.4/drivers/md/dm.c
---- linux-3.0.4/drivers/md/dm.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/md/dm.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/md/dm.c 2011-08-23 21:47:55.000000000 -0400
@@ -164,9 +164,9 @@ struct mapped_device {
/*
@@ -28836,7 +28836,7 @@ diff -urNp linux-3.0.4/drivers/net/mlx4/main.c linux-3.0.4/drivers/net/mlx4/main
if (err) {
if (err == -EACCES)
diff -urNp linux-3.0.4/drivers/net/niu.c linux-3.0.4/drivers/net/niu.c
---- linux-3.0.4/drivers/net/niu.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/net/niu.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/net/niu.c 2011-08-23 21:48:14.000000000 -0400
@@ -9056,6 +9056,8 @@ static void __devinit niu_try_msix(struc
int i, num_irqs, err;
@@ -29494,7 +29494,7 @@ diff -urNp linux-3.0.4/drivers/net/ppp_generic.c linux-3.0.4/drivers/net/ppp_gen
err = 0;
break;
diff -urNp linux-3.0.4/drivers/net/r8169.c linux-3.0.4/drivers/net/r8169.c
---- linux-3.0.4/drivers/net/r8169.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/net/r8169.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/net/r8169.c 2011-08-23 21:47:55.000000000 -0400
@@ -645,12 +645,12 @@ struct rtl8169_private {
struct mdio_ops {
@@ -29838,7 +29838,7 @@ diff -urNp linux-3.0.4/drivers/net/wimax/i2400m/usb-fw.c linux-3.0.4/drivers/net
i2400m, ack, ack_size);
BUG_ON(_ack == i2400m->bm_ack_buf);
diff -urNp linux-3.0.4/drivers/net/wireless/airo.c linux-3.0.4/drivers/net/wireless/airo.c
---- linux-3.0.4/drivers/net/wireless/airo.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/net/wireless/airo.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/net/wireless/airo.c 2011-08-23 21:48:14.000000000 -0400
@@ -3003,6 +3003,8 @@ static void airo_process_scan_results (s
BSSListElement * loop_net;
@@ -30063,7 +30063,7 @@ diff -urNp linux-3.0.4/drivers/net/wireless/ath/ath9k/htc_drv_debug.c linux-3.0.
"Mgmt endpoint", skb_queue_len(&priv->tx.mgmt_ep_queue));
diff -urNp linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h
---- linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h 2011-08-23 21:47:55.000000000 -0400
@@ -585,7 +585,7 @@ struct ath_hw_private_ops {
@@ -31061,7 +31061,7 @@ diff -urNp linux-3.0.4/drivers/scsi/hpsa.c linux-3.0.4/drivers/scsi/hpsa.c
}
diff -urNp linux-3.0.4/drivers/scsi/hpsa.h linux-3.0.4/drivers/scsi/hpsa.h
---- linux-3.0.4/drivers/scsi/hpsa.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/scsi/hpsa.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/scsi/hpsa.h 2011-08-23 21:47:55.000000000 -0400
@@ -73,7 +73,7 @@ struct ctlr_info {
unsigned int msix_vector;
@@ -31438,7 +31438,7 @@ diff -urNp linux-3.0.4/drivers/scsi/osd/osd_initiator.c linux-3.0.4/drivers/scsi
if (!or)
return -ENOMEM;
diff -urNp linux-3.0.4/drivers/scsi/pmcraid.c linux-3.0.4/drivers/scsi/pmcraid.c
---- linux-3.0.4/drivers/scsi/pmcraid.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/scsi/pmcraid.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/scsi/pmcraid.c 2011-08-23 21:47:56.000000000 -0400
@@ -201,8 +201,8 @@ static int pmcraid_slave_alloc(struct sc
res->scsi_dev = scsi_dev;
@@ -31640,7 +31640,7 @@ diff -urNp linux-3.0.4/drivers/scsi/scsi_debug.c linux-3.0.4/drivers/scsi/scsi_d
return errsts;
memset(arr, 0, sizeof(arr));
diff -urNp linux-3.0.4/drivers/scsi/scsi_lib.c linux-3.0.4/drivers/scsi/scsi_lib.c
---- linux-3.0.4/drivers/scsi/scsi_lib.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/scsi/scsi_lib.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/scsi/scsi_lib.c 2011-08-23 21:47:56.000000000 -0400
@@ -1412,7 +1412,7 @@ static void scsi_kill_request(struct req
shost = sdev->host;
@@ -31832,7 +31832,7 @@ diff -urNp linux-3.0.4/drivers/spi/spi.c linux-3.0.4/drivers/spi/spi.c
static u8 *buf;
diff -urNp linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c
---- linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c 2011-08-23 21:48:14.000000000 -0400
@@ -362,7 +362,7 @@ static struct ar_cookie s_ar_cookie_mem[
(((ar)->arTargetType == TARGET_TYPE_AR6003) ? AR6003_HOST_INTEREST_ITEM_ADDRESS(item) : 0))
@@ -31963,7 +31963,7 @@ diff -urNp linux-3.0.4/drivers/staging/et131x/et131x_adapter.h linux-3.0.4/drive
u32 noxmtbuf; /* # Tx packets discarded */
diff -urNp linux-3.0.4/drivers/staging/hv/channel.c linux-3.0.4/drivers/staging/hv/channel.c
---- linux-3.0.4/drivers/staging/hv/channel.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/staging/hv/channel.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/staging/hv/channel.c 2011-08-23 21:47:56.000000000 -0400
@@ -433,8 +433,8 @@ int vmbus_establish_gpadl(struct vmbus_c
int ret = 0;
@@ -32017,7 +32017,7 @@ diff -urNp linux-3.0.4/drivers/staging/hv/hyperv_vmbus.h linux-3.0.4/drivers/sta
/*
* Represents channel interrupts. Each bit position represents a
diff -urNp linux-3.0.4/drivers/staging/hv/rndis_filter.c linux-3.0.4/drivers/staging/hv/rndis_filter.c
---- linux-3.0.4/drivers/staging/hv/rndis_filter.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/staging/hv/rndis_filter.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/staging/hv/rndis_filter.c 2011-08-23 21:47:56.000000000 -0400
@@ -43,7 +43,7 @@ struct rndis_device {
@@ -32251,7 +32251,7 @@ diff -urNp linux-3.0.4/drivers/staging/usbip/vhci.h linux-3.0.4/drivers/staging/
/*
* NOTE:
diff -urNp linux-3.0.4/drivers/staging/usbip/vhci_hcd.c linux-3.0.4/drivers/staging/usbip/vhci_hcd.c
---- linux-3.0.4/drivers/staging/usbip/vhci_hcd.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/staging/usbip/vhci_hcd.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/staging/usbip/vhci_hcd.c 2011-08-23 21:47:56.000000000 -0400
@@ -511,7 +511,7 @@ static void vhci_tx_urb(struct urb *urb)
return;
@@ -32828,7 +32828,7 @@ diff -urNp linux-3.0.4/drivers/tty/ipwireless/tty.c linux-3.0.4/drivers/tty/ipwi
ipwireless_disassociate_network_ttys(network,
ttyj->channel_idx);
diff -urNp linux-3.0.4/drivers/tty/n_gsm.c linux-3.0.4/drivers/tty/n_gsm.c
---- linux-3.0.4/drivers/tty/n_gsm.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/tty/n_gsm.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/tty/n_gsm.c 2011-08-23 21:47:56.000000000 -0400
@@ -1589,7 +1589,7 @@ static struct gsm_dlci *gsm_dlci_alloc(s
return NULL;
@@ -36623,7 +36623,7 @@ diff -urNp linux-3.0.4/fs/attr.c linux-3.0.4/fs/attr.c
goto out_sig;
if (offset > inode->i_sb->s_maxbytes)
diff -urNp linux-3.0.4/fs/befs/linuxvfs.c linux-3.0.4/fs/befs/linuxvfs.c
---- linux-3.0.4/fs/befs/linuxvfs.c 2011-08-29 23:26:13.000000000 -0400
+--- linux-3.0.4/fs/befs/linuxvfs.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/fs/befs/linuxvfs.c 2011-08-29 23:26:27.000000000 -0400
@@ -503,7 +503,7 @@ static void befs_put_link(struct dentry
{
@@ -37856,7 +37856,7 @@ diff -urNp linux-3.0.4/fs/cifs/cifs_debug.c linux-3.0.4/fs/cifs/cifs_debug.c
}
}
diff -urNp linux-3.0.4/fs/cifs/cifsfs.c linux-3.0.4/fs/cifs/cifsfs.c
---- linux-3.0.4/fs/cifs/cifsfs.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/fs/cifs/cifsfs.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/fs/cifs/cifsfs.c 2011-08-25 17:18:05.000000000 -0400
@@ -994,7 +994,7 @@ cifs_init_request_bufs(void)
cifs_req_cachep = kmem_cache_create("cifs_request",
@@ -38223,7 +38223,7 @@ diff -urNp linux-3.0.4/fs/dcache.c linux-3.0.4/fs/dcache.c
dcache_init();
inode_init();
diff -urNp linux-3.0.4/fs/ecryptfs/inode.c linux-3.0.4/fs/ecryptfs/inode.c
---- linux-3.0.4/fs/ecryptfs/inode.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/fs/ecryptfs/inode.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/fs/ecryptfs/inode.c 2011-08-23 21:47:56.000000000 -0400
@@ -704,7 +704,7 @@ static int ecryptfs_readlink_lower(struc
old_fs = get_fs();
@@ -38945,7 +38945,7 @@ diff -urNp linux-3.0.4/fs/ext4/balloc.c linux-3.0.4/fs/ext4/balloc.c
if (free_blocks >= (nblocks + dirty_blocks))
return 1;
diff -urNp linux-3.0.4/fs/ext4/ext4.h linux-3.0.4/fs/ext4/ext4.h
---- linux-3.0.4/fs/ext4/ext4.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/fs/ext4/ext4.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/fs/ext4/ext4.h 2011-08-23 21:47:56.000000000 -0400
@@ -1177,19 +1177,19 @@ struct ext4_sb_info {
unsigned long s_mb_last_start;
@@ -38978,7 +38978,7 @@ diff -urNp linux-3.0.4/fs/ext4/ext4.h linux-3.0.4/fs/ext4/ext4.h
/* locality groups */
diff -urNp linux-3.0.4/fs/ext4/mballoc.c linux-3.0.4/fs/ext4/mballoc.c
---- linux-3.0.4/fs/ext4/mballoc.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/fs/ext4/mballoc.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/fs/ext4/mballoc.c 2011-08-23 21:48:14.000000000 -0400
@@ -1793,7 +1793,7 @@ void ext4_mb_simple_scan_group(struct ex
BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len);
@@ -40686,7 +40686,7 @@ diff -urNp linux-3.0.4/fs/fuse/cuse.c linux-3.0.4/fs/fuse/cuse.c
cuse_class = class_create(THIS_MODULE, "cuse");
if (IS_ERR(cuse_class))
diff -urNp linux-3.0.4/fs/fuse/dev.c linux-3.0.4/fs/fuse/dev.c
---- linux-3.0.4/fs/fuse/dev.c 2011-08-29 23:26:14.000000000 -0400
+--- linux-3.0.4/fs/fuse/dev.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/fs/fuse/dev.c 2011-08-29 23:26:27.000000000 -0400
@@ -1238,7 +1238,7 @@ static ssize_t fuse_dev_splice_read(stru
ret = 0;
@@ -41664,7 +41664,7 @@ diff -urNp linux-3.0.4/fs/nfs/inode.c linux-3.0.4/fs/nfs/inode.c
void nfs_fattr_init(struct nfs_fattr *fattr)
diff -urNp linux-3.0.4/fs/nfsd/nfs4state.c linux-3.0.4/fs/nfsd/nfs4state.c
---- linux-3.0.4/fs/nfsd/nfs4state.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/fs/nfsd/nfs4state.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/fs/nfsd/nfs4state.c 2011-08-23 21:48:14.000000000 -0400
@@ -3794,6 +3794,8 @@ nfsd4_lock(struct svc_rqst *rqstp, struc
unsigned int strhashval;
@@ -41927,7 +41927,7 @@ diff -urNp linux-3.0.4/fs/ocfs2/symlink.c linux-3.0.4/fs/ocfs2/symlink.c
}
diff -urNp linux-3.0.4/fs/open.c linux-3.0.4/fs/open.c
--- linux-3.0.4/fs/open.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/fs/open.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/fs/open.c 2011-09-14 09:16:46.000000000 -0400
@@ -112,6 +112,10 @@ static long do_sys_truncate(const char _
error = locks_verify_truncate(inode, NULL, length);
if (!error)
@@ -41972,18 +41972,13 @@ diff -urNp linux-3.0.4/fs/open.c linux-3.0.4/fs/open.c
if (!error)
set_fs_pwd(current->fs, &file->f_path);
out_putf:
-@@ -438,7 +454,18 @@ SYSCALL_DEFINE1(chroot, const char __use
+@@ -438,7 +454,13 @@ SYSCALL_DEFINE1(chroot, const char __use
if (error)
goto dput_and_out;
+ if (gr_handle_chroot_chroot(path.dentry, path.mnt))
+ goto dput_and_out;
+
-+ if (gr_handle_chroot_caps(&path)) {
-+ error = -ENOMEM;
-+ goto dput_and_out;
-+ }
-+
set_fs_root(current->fs, &path);
+
+ gr_handle_chroot_chdir(&path);
@@ -41991,7 +41986,7 @@ diff -urNp linux-3.0.4/fs/open.c linux-3.0.4/fs/open.c
error = 0;
dput_and_out:
path_put(&path);
-@@ -466,12 +493,25 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
+@@ -466,12 +488,25 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
err = mnt_want_write_file(file);
if (err)
goto out_putf;
@@ -42017,7 +42012,7 @@ diff -urNp linux-3.0.4/fs/open.c linux-3.0.4/fs/open.c
newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
err = notify_change(dentry, &newattrs);
-@@ -499,12 +539,25 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
+@@ -499,12 +534,25 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
error = mnt_want_write(path.mnt);
if (error)
goto dput_and_out;
@@ -42043,7 +42038,7 @@ diff -urNp linux-3.0.4/fs/open.c linux-3.0.4/fs/open.c
newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
error = notify_change(path.dentry, &newattrs);
-@@ -528,6 +581,9 @@ static int chown_common(struct path *pat
+@@ -528,6 +576,9 @@ static int chown_common(struct path *pat
int error;
struct iattr newattrs;
@@ -42053,7 +42048,7 @@ diff -urNp linux-3.0.4/fs/open.c linux-3.0.4/fs/open.c
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
newattrs.ia_valid |= ATTR_UID;
-@@ -998,7 +1054,10 @@ long do_sys_open(int dfd, const char __u
+@@ -998,7 +1049,10 @@ long do_sys_open(int dfd, const char __u
if (!IS_ERR(tmp)) {
fd = get_unused_fd_flags(flags);
if (fd >= 0) {
@@ -42338,8 +42333,8 @@ diff -urNp linux-3.0.4/fs/proc/array.c linux-3.0.4/fs/proc/array.c
+}
+#endif
diff -urNp linux-3.0.4/fs/proc/base.c linux-3.0.4/fs/proc/base.c
---- linux-3.0.4/fs/proc/base.c 2011-08-23 21:44:40.000000000 -0400
-+++ linux-3.0.4/fs/proc/base.c 2011-08-23 21:48:14.000000000 -0400
+--- linux-3.0.4/fs/proc/base.c 2011-09-02 18:11:21.000000000 -0400
++++ linux-3.0.4/fs/proc/base.c 2011-09-13 14:50:28.000000000 -0400
@@ -107,6 +107,22 @@ struct pid_entry {
union proc_op op;
};
@@ -42405,7 +42400,7 @@ diff -urNp linux-3.0.4/fs/proc/base.c linux-3.0.4/fs/proc/base.c
+ if (PAX_RAND_FLAGS(mm) &&
+ (!(task->ptrace & PT_PTRACED) || (task->parent != current))) {
+ mmput(mm);
-+ return res;
++ return 0;
+ }
+#endif
+
@@ -48198,8 +48193,8 @@ diff -urNp linux-3.0.4/grsecurity/gracl.c linux-3.0.4/grsecurity/gracl.c
+
diff -urNp linux-3.0.4/grsecurity/gracl_cap.c linux-3.0.4/grsecurity/gracl_cap.c
--- linux-3.0.4/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/gracl_cap.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,139 @@
++++ linux-3.0.4/grsecurity/gracl_cap.c 2011-09-14 09:21:24.000000000 -0400
+@@ -0,0 +1,101 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -48207,49 +48202,11 @@ diff -urNp linux-3.0.4/grsecurity/gracl_cap.c linux-3.0.4/grsecurity/gracl_cap.c
+#include <linux/grsecurity.h>
+#include <linux/grinternal.h>
+
-+static const char *captab_log[] = {
-+ "CAP_CHOWN",
-+ "CAP_DAC_OVERRIDE",
-+ "CAP_DAC_READ_SEARCH",
-+ "CAP_FOWNER",
-+ "CAP_FSETID",
-+ "CAP_KILL",
-+ "CAP_SETGID",
-+ "CAP_SETUID",
-+ "CAP_SETPCAP",
-+ "CAP_LINUX_IMMUTABLE",
-+ "CAP_NET_BIND_SERVICE",
-+ "CAP_NET_BROADCAST",
-+ "CAP_NET_ADMIN",
-+ "CAP_NET_RAW",
-+ "CAP_IPC_LOCK",
-+ "CAP_IPC_OWNER",
-+ "CAP_SYS_MODULE",
-+ "CAP_SYS_RAWIO",
-+ "CAP_SYS_CHROOT",
-+ "CAP_SYS_PTRACE",
-+ "CAP_SYS_PACCT",
-+ "CAP_SYS_ADMIN",
-+ "CAP_SYS_BOOT",
-+ "CAP_SYS_NICE",
-+ "CAP_SYS_RESOURCE",
-+ "CAP_SYS_TIME",
-+ "CAP_SYS_TTY_CONFIG",
-+ "CAP_MKNOD",
-+ "CAP_LEASE",
-+ "CAP_AUDIT_WRITE",
-+ "CAP_AUDIT_CONTROL",
-+ "CAP_SETFCAP",
-+ "CAP_MAC_OVERRIDE",
-+ "CAP_MAC_ADMIN",
-+ "CAP_SYSLOG"
-+};
-+
-+EXPORT_SYMBOL(gr_is_capable);
-+EXPORT_SYMBOL(gr_is_capable_nolog);
++extern const char *captab_log[];
++extern int captab_log_entries;
+
+int
-+gr_is_capable(const int cap)
++gr_acl_is_capable(const int cap)
+{
+ struct task_struct *task = current;
+ const struct cred *cred = current_cred();
@@ -48301,13 +48258,13 @@ diff -urNp linux-3.0.4/grsecurity/gracl_cap.c linux-3.0.4/grsecurity/gracl_cap.c
+ return 1;
+ }
+
-+ if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
++ if ((cap >= 0) && (cap < captab_log_entries) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
+ return 0;
+}
+
+int
-+gr_is_capable_nolog(const int cap)
++gr_acl_is_capable_nolog(const int cap)
+{
+ struct acl_subject_label *curracl;
+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
@@ -49814,8 +49771,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_chdir.c linux-3.0.4/grsecurity/grsec_chd
+}
diff -urNp linux-3.0.4/grsecurity/grsec_chroot.c linux-3.0.4/grsecurity/grsec_chroot.c
--- linux-3.0.4/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/grsec_chroot.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,349 @@
++++ linux-3.0.4/grsecurity/grsec_chroot.c 2011-09-15 06:47:48.000000000 -0400
+@@ -0,0 +1,351 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -50096,33 +50053,39 @@ diff -urNp linux-3.0.4/grsecurity/grsec_chroot.c linux-3.0.4/grsecurity/grsec_ch
+ return 0;
+}
+
++extern const char *captab_log[];
++extern int captab_log_entries;
++
+int
-+gr_handle_chroot_caps(struct path *path)
++gr_chroot_is_capable(const int cap)
+{
+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
-+ if (grsec_enable_chroot_caps && current->pid > 1 && current->fs != NULL &&
-+ (init_task.fs->root.dentry != path->dentry) &&
-+ (current->nsproxy->mnt_ns->root->mnt_root != path->dentry)) {
-+
++ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) {
+ kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
-+ const struct cred *old = current_cred();
-+ struct cred *new = prepare_creds();
-+ if (new == NULL)
-+ return 1;
-+
-+ new->cap_permitted = cap_drop(old->cap_permitted,
-+ chroot_caps);
-+ new->cap_inheritable = cap_drop(old->cap_inheritable,
-+ chroot_caps);
-+ new->cap_effective = cap_drop(old->cap_effective,
-+ chroot_caps);
-+
-+ commit_creds(new);
++ if (cap_raised(chroot_caps, cap)) {
++ const struct cred *creds = current_cred();
++ if (cap_raised(creds->cap_effective, cap) && cap < captab_log_entries) {
++ gr_log_cap(GR_DONT_AUDIT, GR_CAP_CHROOT_MSG, current, captab_log[cap]);
++ }
++ return 0;
++ }
++ }
++#endif
++ return 1;
++}
+
-+ return 0;
++int
++gr_chroot_is_capable_nolog(const int cap)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
++ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) {
++ kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
++ if (cap_raised(chroot_caps, cap)) {
++ return 0;
++ }
+ }
+#endif
-+ return 0;
++ return 1;
+}
+
+int
@@ -50161,10 +50124,6 @@ diff -urNp linux-3.0.4/grsecurity/grsec_chroot.c linux-3.0.4/grsecurity/grsec_ch
+#endif
+ return 0;
+}
-+
-+#ifdef CONFIG_SECURITY
-+EXPORT_SYMBOL(gr_handle_chroot_caps);
-+#endif
diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_disabled.c
--- linux-3.0.4/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-3.0.4/grsecurity/grsec_disabled.c 2011-08-23 21:48:14.000000000 -0400
@@ -50618,8 +50577,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_
+#endif
diff -urNp linux-3.0.4/grsecurity/grsec_exec.c linux-3.0.4/grsecurity/grsec_exec.c
--- linux-3.0.4/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/grsec_exec.c 2011-08-25 17:25:59.000000000 -0400
-@@ -0,0 +1,72 @@
++++ linux-3.0.4/grsecurity/grsec_exec.c 2011-09-14 09:20:28.000000000 -0400
+@@ -0,0 +1,145 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -50630,6 +50589,7 @@ diff -urNp linux-3.0.4/grsecurity/grsec_exec.c linux-3.0.4/grsecurity/grsec_exec
+#include <linux/grsecurity.h>
+#include <linux/grinternal.h>
+#include <linux/capability.h>
++#include <linux/module.h>
+
+#include <asm/uaccess.h>
+
@@ -50692,6 +50652,78 @@ diff -urNp linux-3.0.4/grsecurity/grsec_exec.c linux-3.0.4/grsecurity/grsec_exec
+#endif
+ return;
+}
++
++#ifdef CONFIG_GRKERNSEC
++extern int gr_acl_is_capable(const int cap);
++extern int gr_acl_is_capable_nolog(const int cap);
++extern int gr_chroot_is_capable(const int cap);
++extern int gr_chroot_is_capable_nolog(const int cap);
++#endif
++
++const char *captab_log[] = {
++ "CAP_CHOWN",
++ "CAP_DAC_OVERRIDE",
++ "CAP_DAC_READ_SEARCH",
++ "CAP_FOWNER",
++ "CAP_FSETID",
++ "CAP_KILL",
++ "CAP_SETGID",
++ "CAP_SETUID",
++ "CAP_SETPCAP",
++ "CAP_LINUX_IMMUTABLE",
++ "CAP_NET_BIND_SERVICE",
++ "CAP_NET_BROADCAST",
++ "CAP_NET_ADMIN",
++ "CAP_NET_RAW",
++ "CAP_IPC_LOCK",
++ "CAP_IPC_OWNER",
++ "CAP_SYS_MODULE",
++ "CAP_SYS_RAWIO",
++ "CAP_SYS_CHROOT",
++ "CAP_SYS_PTRACE",
++ "CAP_SYS_PACCT",
++ "CAP_SYS_ADMIN",
++ "CAP_SYS_BOOT",
++ "CAP_SYS_NICE",
++ "CAP_SYS_RESOURCE",
++ "CAP_SYS_TIME",
++ "CAP_SYS_TTY_CONFIG",
++ "CAP_MKNOD",
++ "CAP_LEASE",
++ "CAP_AUDIT_WRITE",
++ "CAP_AUDIT_CONTROL",
++ "CAP_SETFCAP",
++ "CAP_MAC_OVERRIDE",
++ "CAP_MAC_ADMIN",
++ "CAP_SYSLOG"
++};
++
++int captab_log_entries = sizeof(captab_log)/sizeof(captab_log[0]);
++
++int gr_is_capable(const int cap)
++{
++#ifdef CONFIG_GRKERNSEC
++ if (gr_acl_is_capable(cap) && gr_chroot_is_capable(cap))
++ return 1;
++ return 0;
++#else
++ return 1;
++#endif
++}
++
++int gr_is_capable_nolog(const int cap)
++{
++#ifdef CONFIG_GRKERNSEC
++ if (gr_acl_is_capable_nolog(cap) && gr_chroot_is_capable_nolog(cap))
++ return 1;
++ return 0;
++#else
++ return 1;
++#endif
++}
++
++EXPORT_SYMBOL(gr_is_capable);
++EXPORT_SYMBOL(gr_is_capable_nolog);
diff -urNp linux-3.0.4/grsecurity/grsec_fifo.c linux-3.0.4/grsecurity/grsec_fifo.c
--- linux-3.0.4/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-3.0.4/grsecurity/grsec_fifo.c 2011-08-23 21:48:14.000000000 -0400
@@ -51069,8 +51101,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_link.c linux-3.0.4/grsecurity/grsec_link
+}
diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
--- linux-3.0.4/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/grsec_log.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,310 @@
++++ linux-3.0.4/grsecurity/grsec_log.c 2011-09-14 23:17:55.000000000 -0400
+@@ -0,0 +1,313 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -51123,20 +51155,23 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
+ char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
+ char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
++ unsigned long curr_secs = get_seconds();
+
+ if (audit == GR_DO_AUDIT)
+ goto set_fmt;
+
-+ if (!grsec_alert_wtime || jiffies - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) {
-+ grsec_alert_wtime = jiffies;
++ if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
++ grsec_alert_wtime = curr_secs;
+ grsec_alert_fyet = 0;
-+ } else if ((jiffies - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
-+ grsec_alert_fyet++;
-+ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
-+ grsec_alert_wtime = jiffies;
-+ grsec_alert_fyet++;
-+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
-+ return FLOODING;
++ } else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
++ if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) {
++ grsec_alert_fyet++;
++ } else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
++ grsec_alert_wtime = curr_secs;
++ grsec_alert_fyet++;
++ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
++ return FLOODING;
++ }
+ } else return FLOODING;
+
+set_fmt:
@@ -52567,7 +52602,7 @@ diff -urNp linux-3.0.4/grsecurity/grsum.c linux-3.0.4/grsecurity/grsum.c
+}
diff -urNp linux-3.0.4/grsecurity/Kconfig linux-3.0.4/grsecurity/Kconfig
--- linux-3.0.4/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/Kconfig 2011-08-25 17:25:34.000000000 -0400
++++ linux-3.0.4/grsecurity/Kconfig 2011-09-15 00:00:57.000000000 -0400
@@ -0,0 +1,1038 @@
+#
+# grecurity configuration
@@ -53203,7 +53238,7 @@ diff -urNp linux-3.0.4/grsecurity/Kconfig linux-3.0.4/grsecurity/Kconfig
+ bool "Capability restrictions"
+ depends on GRKERNSEC_CHROOT
+ help
-+ If you say Y here, the capabilities on all root processes within a
++ If you say Y here, the capabilities on all processes within a
+ chroot jail will be lowered to stop module insertion, raw i/o,
+ system and net admin tasks, rebooting the system, modifying immutable
+ files, modifying IPC owned by another, and changing the system time.
@@ -53596,7 +53631,7 @@ diff -urNp linux-3.0.4/grsecurity/Kconfig linux-3.0.4/grsecurity/Kconfig
+
+config GRKERNSEC_FLOODBURST
+ int "Number of messages in a burst (maximum)"
-+ default 4
++ default 6
+ help
+ This option allows you to choose the maximum number of messages allowed
+ within the flood time interval you chose in a separate option. The
@@ -53609,8 +53644,8 @@ diff -urNp linux-3.0.4/grsecurity/Kconfig linux-3.0.4/grsecurity/Kconfig
+endmenu
diff -urNp linux-3.0.4/grsecurity/Makefile linux-3.0.4/grsecurity/Makefile
--- linux-3.0.4/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/Makefile 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,34 @@
++++ linux-3.0.4/grsecurity/Makefile 2011-09-14 23:29:56.000000000 -0400
+@@ -0,0 +1,35 @@
+# grsecurity's ACL system was originally written in 2001 by Michael Dalton
+# during 2001-2009 it has been completely redesigned by Brad Spengler
+# into an RBAC system
@@ -53642,6 +53677,7 @@ diff -urNp linux-3.0.4/grsecurity/Makefile linux-3.0.4/grsecurity/Makefile
+$(obj)/grsec_hidesym.o:
+ @-chmod -f 500 /boot
+ @-chmod -f 500 /lib/modules
++ @-chmod -f 500 /lib64/modules
+ @-chmod -f 700 .
+ @echo ' grsec: protected kernel image paths'
+endif
@@ -55417,8 +55453,8 @@ diff -urNp linux-3.0.4/include/linux/grinternal.h linux-3.0.4/include/linux/grin
+#endif
diff -urNp linux-3.0.4/include/linux/grmsg.h linux-3.0.4/include/linux/grmsg.h
--- linux-3.0.4/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/include/linux/grmsg.h 2011-08-25 17:27:26.000000000 -0400
-@@ -0,0 +1,107 @@
++++ linux-3.0.4/include/linux/grmsg.h 2011-09-14 09:16:54.000000000 -0400
+@@ -0,0 +1,108 @@
+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
@@ -55511,6 +55547,7 @@ diff -urNp linux-3.0.4/include/linux/grmsg.h linux-3.0.4/include/linux/grmsg.h
+#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4"
+#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
+#define GR_CAP_ACL_MSG "use of %s denied for "
++#define GR_CAP_CHROOT_MSG "use of %s in chroot denied for "
+#define GR_CAP_ACL_MSG2 "use of %s permitted for "
+#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
+#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
@@ -55528,8 +55565,8 @@ diff -urNp linux-3.0.4/include/linux/grmsg.h linux-3.0.4/include/linux/grmsg.h
+#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
diff -urNp linux-3.0.4/include/linux/grsecurity.h linux-3.0.4/include/linux/grsecurity.h
--- linux-3.0.4/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/include/linux/grsecurity.h 2011-08-25 17:27:36.000000000 -0400
-@@ -0,0 +1,227 @@
++++ linux-3.0.4/include/linux/grsecurity.h 2011-09-14 09:16:54.000000000 -0400
+@@ -0,0 +1,226 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -55594,7 +55631,6 @@ diff -urNp linux-3.0.4/include/linux/grsecurity.h linux-3.0.4/include/linux/grse
+int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
+int gr_handle_chroot_chroot(const struct dentry *dentry,
+ const struct vfsmount *mnt);
-+int gr_handle_chroot_caps(struct path *path);
+void gr_handle_chroot_chdir(struct path *path);
+int gr_handle_chroot_chmod(const struct dentry *dentry,
+ const struct vfsmount *mnt, const int mode);
@@ -56060,7 +56096,7 @@ diff -urNp linux-3.0.4/include/linux/mfd/abx500.h linux-3.0.4/include/linux/mfd/
int abx500_register_ops(struct device *core_dev, struct abx500_ops *ops);
void abx500_remove_ops(struct device *dev);
diff -urNp linux-3.0.4/include/linux/mm.h linux-3.0.4/include/linux/mm.h
---- linux-3.0.4/include/linux/mm.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/include/linux/mm.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/include/linux/mm.h 2011-08-23 21:47:56.000000000 -0400
@@ -113,7 +113,14 @@ extern unsigned int kobjsize(const void
@@ -56444,7 +56480,7 @@ diff -urNp linux-3.0.4/include/linux/namei.h linux-3.0.4/include/linux/namei.h
return nd->saved_names[nd->depth];
}
diff -urNp linux-3.0.4/include/linux/netdevice.h linux-3.0.4/include/linux/netdevice.h
---- linux-3.0.4/include/linux/netdevice.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/include/linux/netdevice.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/include/linux/netdevice.h 2011-08-23 21:47:56.000000000 -0400
@@ -979,6 +979,7 @@ struct net_device_ops {
int (*ndo_set_features)(struct net_device *dev,
@@ -56634,7 +56670,7 @@ diff -urNp linux-3.0.4/include/linux/ptrace.h linux-3.0.4/include/linux/ptrace.h
static inline int ptrace_reparented(struct task_struct *child)
{
diff -urNp linux-3.0.4/include/linux/random.h linux-3.0.4/include/linux/random.h
---- linux-3.0.4/include/linux/random.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/include/linux/random.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/include/linux/random.h 2011-08-23 21:47:56.000000000 -0400
@@ -69,12 +69,17 @@ void srandom32(u32 seed);
@@ -58580,7 +58616,7 @@ diff -urNp linux-3.0.4/ipc/msg.c linux-3.0.4/ipc/msg.c
msg_params.flg = msgflg;
diff -urNp linux-3.0.4/ipc/sem.c linux-3.0.4/ipc/sem.c
---- linux-3.0.4/ipc/sem.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/ipc/sem.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/ipc/sem.c 2011-08-23 21:48:14.000000000 -0400
@@ -318,10 +318,15 @@ static inline int sem_more_checks(struct
return 0;
@@ -59134,8 +59170,8 @@ diff -urNp linux-3.0.4/kernel/debug/kdb/kdb_main.c linux-3.0.4/kernel/debug/kdb/
#ifdef CONFIG_MODULE_UNLOAD
{
diff -urNp linux-3.0.4/kernel/events/core.c linux-3.0.4/kernel/events/core.c
---- linux-3.0.4/kernel/events/core.c 2011-08-23 21:44:40.000000000 -0400
-+++ linux-3.0.4/kernel/events/core.c 2011-08-23 21:47:56.000000000 -0400
+--- linux-3.0.4/kernel/events/core.c 2011-09-02 18:11:21.000000000 -0400
++++ linux-3.0.4/kernel/events/core.c 2011-09-14 09:08:05.000000000 -0400
@@ -170,7 +170,7 @@ int perf_proc_update_handler(struct ctl_
return 0;
}
@@ -59193,6 +59229,21 @@ diff -urNp linux-3.0.4/kernel/events/core.c linux-3.0.4/kernel/events/core.c
}
if (read_format & PERF_FORMAT_ID)
values[n++] = primary_event_id(event);
+@@ -4833,12 +4833,12 @@ static void perf_event_mmap_event(struct
+ * need to add enough zero bytes after the string to handle
+ * the 64bit alignment we do later.
+ */
+- buf = kzalloc(PATH_MAX + sizeof(u64), GFP_KERNEL);
++ buf = kzalloc(PATH_MAX, GFP_KERNEL);
+ if (!buf) {
+ name = strncpy(tmp, "//enomem", sizeof(tmp));
+ goto got_name;
+ }
+- name = d_path(&file->f_path, buf, PATH_MAX);
++ name = d_path(&file->f_path, buf, PATH_MAX - sizeof(u64));
+ if (IS_ERR(name)) {
+ name = strncpy(tmp, "//toolong", sizeof(tmp));
+ goto got_name;
@@ -6190,7 +6190,7 @@ perf_event_alloc(struct perf_event_attr
event->parent = parent_event;
@@ -59633,7 +59684,7 @@ diff -urNp linux-3.0.4/kernel/fork.c linux-3.0.4/kernel/fork.c
else
new_fs = fs;
diff -urNp linux-3.0.4/kernel/futex.c linux-3.0.4/kernel/futex.c
---- linux-3.0.4/kernel/futex.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/kernel/futex.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/kernel/futex.c 2011-08-23 21:48:14.000000000 -0400
@@ -54,6 +54,7 @@
#include <linux/mount.h>
@@ -61630,7 +61681,80 @@ diff -urNp linux-3.0.4/kernel/rcutorture.c linux-3.0.4/kernel/rcutorture.c
per_cpu(rcu_torture_count, cpu)[i] = 0;
diff -urNp linux-3.0.4/kernel/rcutree.c linux-3.0.4/kernel/rcutree.c
--- linux-3.0.4/kernel/rcutree.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/kernel/rcutree.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/kernel/rcutree.c 2011-09-14 09:08:05.000000000 -0400
+@@ -356,9 +356,9 @@ void rcu_enter_nohz(void)
+ }
+ /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */
+ smp_mb__before_atomic_inc(); /* See above. */
+- atomic_inc(&rdtp->dynticks);
++ atomic_inc_unchecked(&rdtp->dynticks);
+ smp_mb__after_atomic_inc(); /* Force ordering with next sojourn. */
+- WARN_ON_ONCE(atomic_read(&rdtp->dynticks) & 0x1);
++ WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1);
+ local_irq_restore(flags);
+
+ /* If the interrupt queued a callback, get out of dyntick mode. */
+@@ -387,10 +387,10 @@ void rcu_exit_nohz(void)
+ return;
+ }
+ smp_mb__before_atomic_inc(); /* Force ordering w/previous sojourn. */
+- atomic_inc(&rdtp->dynticks);
++ atomic_inc_unchecked(&rdtp->dynticks);
+ /* CPUs seeing atomic_inc() must see later RCU read-side crit sects */
+ smp_mb__after_atomic_inc(); /* See above. */
+- WARN_ON_ONCE(!(atomic_read(&rdtp->dynticks) & 0x1));
++ WARN_ON_ONCE(!(atomic_read_unchecked(&rdtp->dynticks) & 0x1));
+ local_irq_restore(flags);
+ }
+
+@@ -406,14 +406,14 @@ void rcu_nmi_enter(void)
+ struct rcu_dynticks *rdtp = &__get_cpu_var(rcu_dynticks);
+
+ if (rdtp->dynticks_nmi_nesting == 0 &&
+- (atomic_read(&rdtp->dynticks) & 0x1))
++ (atomic_read_unchecked(&rdtp->dynticks) & 0x1))
+ return;
+ rdtp->dynticks_nmi_nesting++;
+ smp_mb__before_atomic_inc(); /* Force delay from prior write. */
+- atomic_inc(&rdtp->dynticks);
++ atomic_inc_unchecked(&rdtp->dynticks);
+ /* CPUs seeing atomic_inc() must see later RCU read-side crit sects */
+ smp_mb__after_atomic_inc(); /* See above. */
+- WARN_ON_ONCE(!(atomic_read(&rdtp->dynticks) & 0x1));
++ WARN_ON_ONCE(!(atomic_read_unchecked(&rdtp->dynticks) & 0x1));
+ }
+
+ /**
+@@ -432,9 +432,9 @@ void rcu_nmi_exit(void)
+ return;
+ /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */
+ smp_mb__before_atomic_inc(); /* See above. */
+- atomic_inc(&rdtp->dynticks);
++ atomic_inc_unchecked(&rdtp->dynticks);
+ smp_mb__after_atomic_inc(); /* Force delay to next write. */
+- WARN_ON_ONCE(atomic_read(&rdtp->dynticks) & 0x1);
++ WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1);
+ }
+
+ /**
+@@ -469,7 +469,7 @@ void rcu_irq_exit(void)
+ */
+ static int dyntick_save_progress_counter(struct rcu_data *rdp)
+ {
+- rdp->dynticks_snap = atomic_add_return(0, &rdp->dynticks->dynticks);
++ rdp->dynticks_snap = atomic_add_return_unchecked(0, &rdp->dynticks->dynticks);
+ return 0;
+ }
+
+@@ -484,7 +484,7 @@ static int rcu_implicit_dynticks_qs(stru
+ unsigned long curr;
+ unsigned long snap;
+
+- curr = (unsigned long)atomic_add_return(0, &rdp->dynticks->dynticks);
++ curr = (unsigned long)atomic_add_return_unchecked(0, &rdp->dynticks->dynticks);
+ snap = (unsigned long)rdp->dynticks_snap;
+
+ /*
@@ -1470,7 +1470,7 @@ __rcu_process_callbacks(struct rcu_state
/*
* Do softirq processing for the current CPU.
@@ -61640,6 +61764,18 @@ diff -urNp linux-3.0.4/kernel/rcutree.c linux-3.0.4/kernel/rcutree.c
{
__rcu_process_callbacks(&rcu_sched_state,
&__get_cpu_var(rcu_sched_data));
+diff -urNp linux-3.0.4/kernel/rcutree.h linux-3.0.4/kernel/rcutree.h
+--- linux-3.0.4/kernel/rcutree.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/kernel/rcutree.h 2011-09-14 09:08:05.000000000 -0400
+@@ -86,7 +86,7 @@
+ struct rcu_dynticks {
+ int dynticks_nesting; /* Track irq/process nesting level. */
+ int dynticks_nmi_nesting; /* Track NMI nesting level. */
+- atomic_t dynticks; /* Even value for dynticks-idle, else odd. */
++ atomic_unchecked_t dynticks; /* Even value for dynticks-idle, else odd. */
+ };
+
+ /* RCU's kthread states for tracing. */
diff -urNp linux-3.0.4/kernel/rcutree_plugin.h linux-3.0.4/kernel/rcutree_plugin.h
--- linux-3.0.4/kernel/rcutree_plugin.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/kernel/rcutree_plugin.h 2011-08-23 21:47:56.000000000 -0400
@@ -62123,7 +62259,7 @@ diff -urNp linux-3.0.4/kernel/softirq.c linux-3.0.4/kernel/softirq.c
struct tasklet_struct *list;
diff -urNp linux-3.0.4/kernel/sys.c linux-3.0.4/kernel/sys.c
---- linux-3.0.4/kernel/sys.c 2011-08-29 23:26:14.000000000 -0400
+--- linux-3.0.4/kernel/sys.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/kernel/sys.c 2011-08-29 23:26:27.000000000 -0400
@@ -158,6 +158,12 @@ static int set_one_prio(struct task_stru
error = -EACCES;
@@ -62792,7 +62928,7 @@ diff -urNp linux-3.0.4/kernel/trace/trace.c linux-3.0.4/kernel/trace/trace.c
struct dentry *d_tracer;
diff -urNp linux-3.0.4/kernel/trace/trace_events.c linux-3.0.4/kernel/trace/trace_events.c
---- linux-3.0.4/kernel/trace/trace_events.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/kernel/trace/trace_events.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/kernel/trace/trace_events.c 2011-08-23 21:47:56.000000000 -0400
@@ -1318,10 +1318,6 @@ static LIST_HEAD(ftrace_module_file_list
struct ftrace_module_file_ops {
@@ -63140,8 +63276,8 @@ diff -urNp linux-3.0.4/localversion-grsec linux-3.0.4/localversion-grsec
@@ -0,0 +1 @@
+-grsec
diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
---- linux-3.0.4/Makefile 2011-08-29 23:26:13.000000000 -0400
-+++ linux-3.0.4/Makefile 2011-09-01 17:26:49.000000000 -0400
+--- linux-3.0.4/Makefile 2011-09-02 18:11:26.000000000 -0400
++++ linux-3.0.4/Makefile 2011-09-14 11:16:43.000000000 -0400
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
HOSTCC = gcc
@@ -63167,23 +63303,30 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
KBUILD_AFLAGS_KERNEL :=
KBUILD_CFLAGS_KERNEL :=
KBUILD_AFLAGS := -D__ASSEMBLY__
-@@ -408,6 +411,7 @@ export RCS_TAR_IGNORE := --exclude SCCS
+@@ -407,8 +410,8 @@ export RCS_TAR_IGNORE := --exclude SCCS
+ # Rules shared between *config targets and build targets
# Basic helpers built in scripts/
- PHONY += scripts_basic
-+scripts_basic: KBUILD_CFLAGS := $(filter-out $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN),$(KBUILD_CFLAGS))
- scripts_basic:
+-PHONY += scripts_basic
+-scripts_basic:
++PHONY += scripts_basic gcc-plugins
++scripts_basic: gcc-plugins
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -564,6 +568,24 @@ else
+
+@@ -564,6 +567,28 @@ else
KBUILD_CFLAGS += -O2
endif
-+ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh $(HOSTCC)), y)
++ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh $(HOSTCC) $(CC)), y)
+CONSTIFY_PLUGIN := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN
++ifdef CONFIG_KALLOCSTAT_PLUGIN
++KALLOCSTAT_PLUGIN := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so
++endif
+ifdef CONFIG_PAX_MEMORY_STACKLEAK
+STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100
+endif
++GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN)
+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN
+gcc-plugins:
+ $(Q)$(MAKE) $(build)=tools/gcc
@@ -63200,7 +63343,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
include $(srctree)/arch/$(SRCARCH)/Makefile
ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -708,7 +730,7 @@ export mod_strip_cmd
+@@ -708,7 +733,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -63209,34 +63352,34 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -907,6 +929,8 @@ define rule_vmlinux-modpost
+@@ -907,6 +932,8 @@ define rule_vmlinux-modpost
endef
# vmlinux image - including updated kernel symbols
-+$(vmlinux-all): KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++$(vmlinux-all): KBUILD_CFLAGS += $(GCC_PLUGINS)
+$(vmlinux-all): gcc-plugins
vmlinux: $(vmlinux-lds) $(vmlinux-init) $(vmlinux-main) vmlinux.o $(kallsyms.o) FORCE
ifdef CONFIG_HEADERS_CHECK
$(Q)$(MAKE) -f $(srctree)/Makefile headers_check
-@@ -941,7 +965,8 @@ $(sort $(vmlinux-init) $(vmlinux-main))
+@@ -941,7 +968,8 @@ $(sort $(vmlinux-init) $(vmlinux-main))
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
-$(vmlinux-dirs): prepare scripts
-+$(vmlinux-dirs): KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++$(vmlinux-dirs): KBUILD_CFLAGS += $(GCC_PLUGINS)
+$(vmlinux-dirs): gcc-plugins prepare scripts
$(Q)$(MAKE) $(build)=$@
# Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -986,6 +1011,7 @@ prepare0: archprepare FORCE
+@@ -986,6 +1014,7 @@ prepare0: archprepare FORCE
$(Q)$(MAKE) $(build)=. missing-syscalls
# All the preparing..
-+prepare: KBUILD_CFLAGS := $(filter-out $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN),$(KBUILD_CFLAGS))
++prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS),$(KBUILD_CFLAGS))
prepare: prepare0
# Generate some files
-@@ -1102,7 +1128,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
+@@ -1102,7 +1131,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
# Target to prepare building external modules
PHONY += modules_prepare
@@ -63245,7 +63388,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
# Target to install modules
PHONY += modules_install
-@@ -1198,7 +1224,7 @@ distclean: mrproper
+@@ -1198,7 +1227,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -63254,26 +63397,26 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1359,6 +1385,7 @@ PHONY += $(module-dirs) modules
+@@ -1359,6 +1388,7 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
-+modules: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++modules: KBUILD_CFLAGS += $(GCC_PLUGINS)
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1485,17 +1512,19 @@ else
+@@ -1485,17 +1515,19 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
-%.s: %.c prepare scripts FORCE
-+%.s: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++%.s: KBUILD_CFLAGS += $(GCC_PLUGINS)
+%.s: %.c gcc-plugins prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.i: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-%.o: %.c prepare scripts FORCE
-+%.o: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++%.o: KBUILD_CFLAGS += $(GCC_PLUGINS)
+%.o: %.c gcc-plugins prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.lst: %.c prepare scripts FORCE
@@ -63286,18 +63429,18 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1505,11 +1534,13 @@ endif
+@@ -1505,11 +1537,13 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
-%/: prepare scripts FORCE
-+%/: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++%/: KBUILD_CFLAGS += $(GCC_PLUGINS)
+%/: gcc-plugins prepare scripts FORCE
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
-%.ko: prepare scripts FORCE
-+%.ko: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS)
+%.ko: gcc-plugins prepare scripts FORCE
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
@@ -63584,7 +63727,7 @@ diff -urNp linux-3.0.4/mm/madvise.c linux-3.0.4/mm/madvise.c
if (end == start)
goto out;
diff -urNp linux-3.0.4/mm/memory.c linux-3.0.4/mm/memory.c
---- linux-3.0.4/mm/memory.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/mm/memory.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/mm/memory.c 2011-08-23 21:47:56.000000000 -0400
@@ -457,8 +457,12 @@ static inline void free_pmd_range(struct
return;
@@ -67084,7 +67227,7 @@ diff -urNp linux-3.0.4/mm/util.c linux-3.0.4/mm/util.c
mm->unmap_area = arch_unmap_area;
}
diff -urNp linux-3.0.4/mm/vmalloc.c linux-3.0.4/mm/vmalloc.c
---- linux-3.0.4/mm/vmalloc.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/mm/vmalloc.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/mm/vmalloc.c 2011-08-23 21:47:56.000000000 -0400
@@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd,
@@ -68157,7 +68300,7 @@ diff -urNp linux-3.0.4/net/ipv4/inet_diag.c linux-3.0.4/net/ipv4/inet_diag.c
tmo = req->expires - jiffies;
if (tmo < 0)
diff -urNp linux-3.0.4/net/ipv4/inet_hashtables.c linux-3.0.4/net/ipv4/inet_hashtables.c
---- linux-3.0.4/net/ipv4/inet_hashtables.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/net/ipv4/inet_hashtables.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/net/ipv4/inet_hashtables.c 2011-08-23 21:55:24.000000000 -0400
@@ -18,12 +18,15 @@
#include <linux/sched.h>
@@ -68185,7 +68328,7 @@ diff -urNp linux-3.0.4/net/ipv4/inet_hashtables.c linux-3.0.4/net/ipv4/inet_hash
inet_twsk_deschedule(tw, death_row);
while (twrefcnt) {
diff -urNp linux-3.0.4/net/ipv4/inetpeer.c linux-3.0.4/net/ipv4/inetpeer.c
---- linux-3.0.4/net/ipv4/inetpeer.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/net/ipv4/inetpeer.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/net/ipv4/inetpeer.c 2011-08-23 21:48:14.000000000 -0400
@@ -481,6 +481,8 @@ struct inet_peer *inet_getpeer(struct in
unsigned int sequence;
@@ -68327,7 +68470,7 @@ diff -urNp linux-3.0.4/net/ipv4/raw.c linux-3.0.4/net/ipv4/raw.c
static int raw_seq_show(struct seq_file *seq, void *v)
diff -urNp linux-3.0.4/net/ipv4/route.c linux-3.0.4/net/ipv4/route.c
---- linux-3.0.4/net/ipv4/route.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/net/ipv4/route.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/net/ipv4/route.c 2011-08-23 21:47:56.000000000 -0400
@@ -304,7 +304,7 @@ static inline unsigned int rt_hash(__be3
@@ -68378,7 +68521,7 @@ diff -urNp linux-3.0.4/net/ipv4/tcp.c linux-3.0.4/net/ipv4/tcp.c
return -EFAULT;
diff -urNp linux-3.0.4/net/ipv4/tcp_ipv4.c linux-3.0.4/net/ipv4/tcp_ipv4.c
---- linux-3.0.4/net/ipv4/tcp_ipv4.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/net/ipv4/tcp_ipv4.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/net/ipv4/tcp_ipv4.c 2011-08-23 21:48:14.000000000 -0400
@@ -87,6 +87,9 @@ int sysctl_tcp_tw_reuse __read_mostly;
int sysctl_tcp_low_latency __read_mostly;
@@ -68808,7 +68951,7 @@ diff -urNp linux-3.0.4/net/ipv6/raw.c linux-3.0.4/net/ipv6/raw.c
static int raw6_seq_show(struct seq_file *seq, void *v)
diff -urNp linux-3.0.4/net/ipv6/tcp_ipv6.c linux-3.0.4/net/ipv6/tcp_ipv6.c
---- linux-3.0.4/net/ipv6/tcp_ipv6.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/net/ipv6/tcp_ipv6.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/net/ipv6/tcp_ipv6.c 2011-08-23 21:48:14.000000000 -0400
@@ -93,6 +93,10 @@ static struct tcp_md5sig_key *tcp_v6_md5
}
@@ -68910,7 +69053,7 @@ diff -urNp linux-3.0.4/net/ipv6/tcp_ipv6.c linux-3.0.4/net/ipv6/tcp_ipv6.c
static int tcp6_seq_show(struct seq_file *seq, void *v)
diff -urNp linux-3.0.4/net/ipv6/udp.c linux-3.0.4/net/ipv6/udp.c
---- linux-3.0.4/net/ipv6/udp.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/net/ipv6/udp.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/net/ipv6/udp.c 2011-08-23 21:48:14.000000000 -0400
@@ -50,6 +50,10 @@
#include <linux/seq_file.h>
@@ -69250,7 +69393,7 @@ diff -urNp linux-3.0.4/net/mac80211/ieee80211_i.h linux-3.0.4/net/mac80211/ieee8
/* number of interfaces with corresponding FIF_ flags */
int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
diff -urNp linux-3.0.4/net/mac80211/iface.c linux-3.0.4/net/mac80211/iface.c
---- linux-3.0.4/net/mac80211/iface.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/net/mac80211/iface.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/net/mac80211/iface.c 2011-08-23 21:47:56.000000000 -0400
@@ -211,7 +211,7 @@ static int ieee80211_do_open(struct net_
break;
@@ -69319,7 +69462,7 @@ diff -urNp linux-3.0.4/net/mac80211/main.c linux-3.0.4/net/mac80211/main.c
/*
* Goal:
diff -urNp linux-3.0.4/net/mac80211/mlme.c linux-3.0.4/net/mac80211/mlme.c
---- linux-3.0.4/net/mac80211/mlme.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/net/mac80211/mlme.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/net/mac80211/mlme.c 2011-08-23 21:48:14.000000000 -0400
@@ -1444,6 +1444,8 @@ static bool ieee80211_assoc_success(stru
bool have_higher_than_11mbit = false;
@@ -69439,7 +69582,7 @@ diff -urNp linux-3.0.4/net/netfilter/ipvs/ip_vs_core.c linux-3.0.4/net/netfilter
if ((ipvs->sync_state & IP_VS_STATE_MASTER) &&
cp->protocol == IPPROTO_SCTP) {
diff -urNp linux-3.0.4/net/netfilter/ipvs/ip_vs_ctl.c linux-3.0.4/net/netfilter/ipvs/ip_vs_ctl.c
---- linux-3.0.4/net/netfilter/ipvs/ip_vs_ctl.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/net/netfilter/ipvs/ip_vs_ctl.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/net/netfilter/ipvs/ip_vs_ctl.c 2011-08-23 21:48:14.000000000 -0400
@@ -782,7 +782,7 @@ __ip_vs_update_dest(struct ip_vs_service
ip_vs_rs_hash(ipvs, dest);
@@ -70287,7 +70430,7 @@ diff -urNp linux-3.0.4/net/sctp/socket.c linux-3.0.4/net/sctp/socket.c
to += addrlen;
cnt++;
diff -urNp linux-3.0.4/net/socket.c linux-3.0.4/net/socket.c
---- linux-3.0.4/net/socket.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/net/socket.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/net/socket.c 2011-08-23 21:48:14.000000000 -0400
@@ -88,6 +88,7 @@
#include <linux/nsproxy.h>
@@ -70894,10 +71037,10 @@ diff -urNp linux-3.0.4/scripts/basic/fixdep.c linux-3.0.4/scripts/basic/fixdep.c
fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n",
diff -urNp linux-3.0.4/scripts/gcc-plugin.sh linux-3.0.4/scripts/gcc-plugin.sh
--- linux-3.0.4/scripts/gcc-plugin.sh 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/scripts/gcc-plugin.sh 2011-08-31 18:39:25.000000000 -0400
++++ linux-3.0.4/scripts/gcc-plugin.sh 2011-09-14 09:08:05.000000000 -0400
@@ -0,0 +1,2 @@
+#!/bin/sh
-+echo "#include \"gcc-plugin.h\"\n#include \"rtl.h\"" | $* -x c -shared - -o /dev/null -I`$* -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y"
++echo "#include \"gcc-plugin.h\"\n#include \"rtl.h\"" | $1 -x c -shared - -o /dev/null -I`$2 -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y"
diff -urNp linux-3.0.4/scripts/Makefile.build linux-3.0.4/scripts/Makefile.build
--- linux-3.0.4/scripts/Makefile.build 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/scripts/Makefile.build 2011-08-23 21:47:56.000000000 -0400
@@ -71142,7 +71285,7 @@ diff -urNp linux-3.0.4/scripts/pnmtologo.c linux-3.0.4/scripts/pnmtologo.c
write_hex_cnt = 0;
for (i = 0; i < logo_clutsize; i++) {
diff -urNp linux-3.0.4/security/apparmor/lsm.c linux-3.0.4/security/apparmor/lsm.c
---- linux-3.0.4/security/apparmor/lsm.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/security/apparmor/lsm.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/security/apparmor/lsm.c 2011-08-23 21:48:14.000000000 -0400
@@ -621,7 +621,7 @@ static int apparmor_task_setrlimit(struc
return error;
@@ -72351,7 +72494,7 @@ diff -urNp linux-3.0.4/sound/pci/ymfpci/ymfpci_main.c linux-3.0.4/sound/pci/ymfp
chip->pci = pci;
chip->irq = -1;
diff -urNp linux-3.0.4/sound/soc/soc-core.c linux-3.0.4/sound/soc/soc-core.c
---- linux-3.0.4/sound/soc/soc-core.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/sound/soc/soc-core.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/sound/soc/soc-core.c 2011-08-23 21:47:56.000000000 -0400
@@ -1021,7 +1021,7 @@ static snd_pcm_uframes_t soc_pcm_pointer
}
@@ -72687,10 +72830,177 @@ diff -urNp linux-3.0.4/tools/gcc/constify_plugin.c linux-3.0.4/tools/gcc/constif
+
+ return 0;
+}
+diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallocstat_plugin.c
+--- linux-3.0.4/tools/gcc/kallocstat_plugin.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-3.0.4/tools/gcc/kallocstat_plugin.c 2011-09-14 09:08:05.000000000 -0400
+@@ -0,0 +1,163 @@
++/*
++ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
++ * Licensed under the GPL v2
++ *
++ * Note: the choice of the license means that the compilation process is
++ * NOT 'eligible' as defined by gcc's library exception to the GPL v3,
++ * but for the kernel it doesn't matter since it doesn't link against
++ * any of the gcc libraries
++ *
++ * gcc plugin to find the distribution of k*alloc sizes
++ *
++ * TODO:
++ *
++ * BUGS:
++ * - none known
++ */
++#include "gcc-plugin.h"
++#include "config.h"
++#include "system.h"
++#include "coretypes.h"
++#include "tree.h"
++#include "tree-pass.h"
++#include "intl.h"
++#include "plugin-version.h"
++#include "tm.h"
++#include "toplev.h"
++#include "basic-block.h"
++#include "gimple.h"
++//#include "expr.h" where are you...
++#include "diagnostic.h"
++#include "rtl.h"
++#include "emit-rtl.h"
++#include "function.h"
++
++int plugin_is_GPL_compatible;
++
++static const char * const kalloc_functions[] = {
++ "__kmalloc",
++ "kmalloc",
++ "kmalloc_large",
++ "kmalloc_node",
++ "kmalloc_order",
++ "kmalloc_order_trace",
++ "kmalloc_slab",
++ "kzalloc",
++ "kzalloc_node",
++};
++
++static struct plugin_info kallocstat_plugin_info = {
++ .version = "201109121100",
++};
++
++static unsigned int execute_kallocstat(void);
++
++static struct gimple_opt_pass kallocstat_pass = {
++ .pass = {
++ .type = GIMPLE_PASS,
++ .name = "kallocstat",
++ .gate = NULL,
++ .execute = execute_kallocstat,
++ .sub = NULL,
++ .next = NULL,
++ .static_pass_number = 0,
++ .tv_id = TV_NONE,
++ .properties_required = 0,
++ .properties_provided = 0,
++ .properties_destroyed = 0,
++ .todo_flags_start = 0,
++ .todo_flags_finish = 0
++ }
++};
++
++static bool is_kalloc(const char *fnname)
++{
++ size_t i;
++
++ for (i = 0; i < ARRAY_SIZE(kalloc_functions); i++)
++ if (!strcmp(fnname, kalloc_functions[i]))
++ return true;
++ return false;
++}
++
++static unsigned int execute_kallocstat(void)
++{
++ basic_block bb;
++ gimple_stmt_iterator gsi;
++
++ // 1. loop through BBs and GIMPLE statements
++ FOR_EACH_BB(bb) {
++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
++ // gimple match:
++ tree fndecl, size;
++ gimple call_stmt;
++ const char *fnname;
++
++ // is it a call
++ call_stmt = gsi_stmt(gsi);
++ if (!is_gimple_call(call_stmt))
++ continue;
++ fndecl = gimple_call_fndecl(call_stmt);
++ if (fndecl == NULL_TREE)
++ continue;
++ if (TREE_CODE(fndecl) != FUNCTION_DECL)
++ continue;
++
++ // is it a call to k*alloc
++ fnname = IDENTIFIER_POINTER(DECL_NAME(fndecl));
++ if (!is_kalloc(fnname))
++ continue;
++
++ // is the size arg the result of a simple const assignment
++ size = gimple_call_arg(call_stmt, 0);
++ while (true) {
++ gimple def_stmt;
++ expanded_location xloc;
++ size_t size_val;
++
++ if (TREE_CODE(size) != SSA_NAME)
++ break;
++ def_stmt = SSA_NAME_DEF_STMT(size);
++ if (!def_stmt || !is_gimple_assign(def_stmt))
++ break;
++ if (gimple_num_ops(def_stmt) != 2)
++ break;
++ size = gimple_assign_rhs1(def_stmt);
++ if (!TREE_CONSTANT(size))
++ continue;
++ xloc = expand_location(gimple_location(def_stmt));
++ if (!xloc.file)
++ xloc = expand_location(DECL_SOURCE_LOCATION(current_function_decl));
++ size_val = TREE_INT_CST_LOW(size);
++ fprintf(stderr, "kallocsize: %8zu %8zx %s %s:%u\n", size_val, size_val, fnname, xloc.file, xloc.line);
++ break;
++ }
++//print_gimple_stmt(stderr, call_stmt, 0, TDF_LINENO);
++//debug_tree(gimple_call_fn(call_stmt));
++//print_node(stderr, "pax", fndecl, 4);
++ }
++ }
++
++ return 0;
++}
++
++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
++{
++ const char * const plugin_name = plugin_info->base_name;
++ struct register_pass_info kallocstat_pass_info = {
++ .pass = &kallocstat_pass.pass,
++ .reference_pass_name = "ssa",
++ .ref_pass_instance_number = 0,
++ .pos_op = PASS_POS_INSERT_AFTER
++ };
++
++ if (!plugin_default_version_check(version, &gcc_version)) {
++ error(G_("incompatible gcc/plugin versions"));
++ return 1;
++ }
++
++ register_callback(plugin_name, PLUGIN_INFO, NULL, &kallocstat_plugin_info);
++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kallocstat_pass_info);
++
++ return 0;
++}
diff -urNp linux-3.0.4/tools/gcc/Makefile linux-3.0.4/tools/gcc/Makefile
--- linux-3.0.4/tools/gcc/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/tools/gcc/Makefile 2011-08-23 21:47:56.000000000 -0400
-@@ -0,0 +1,12 @@
++++ linux-3.0.4/tools/gcc/Makefile 2011-09-14 09:08:05.000000000 -0400
+@@ -0,0 +1,13 @@
+#CC := gcc
+#PLUGIN_SOURCE_FILES := pax_plugin.c
+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
@@ -72699,14 +73009,15 @@ diff -urNp linux-3.0.4/tools/gcc/Makefile linux-3.0.4/tools/gcc/Makefile
+
+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include
+
-+hostlibs-y := stackleak_plugin.so constify_plugin.so
++hostlibs-y := stackleak_plugin.so constify_plugin.so kallocstat_plugin.so
+always := $(hostlibs-y)
+stackleak_plugin-objs := stackleak_plugin.o
+constify_plugin-objs := constify_plugin.o
++kallocstat_plugin-objs := kallocstat_plugin.o
diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackleak_plugin.c
--- linux-3.0.4/tools/gcc/stackleak_plugin.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/tools/gcc/stackleak_plugin.c 2011-08-23 21:47:56.000000000 -0400
-@@ -0,0 +1,243 @@
++++ linux-3.0.4/tools/gcc/stackleak_plugin.c 2011-09-14 09:08:05.000000000 -0400
+@@ -0,0 +1,249 @@
+/*
+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -72724,7 +73035,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
+ * - initialize all local variables
+ *
+ * BUGS:
-+ * - cloned functions are instrumented twice
++ * - none known
+ */
+#include "gcc-plugin.h"
+#include "config.h"
@@ -72751,7 +73062,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
+static bool init_locals;
+
+static struct plugin_info stackleak_plugin_info = {
-+ .version = "201106030000",
++ .version = "201109112100",
+ .help = "track-lowest-sp=nn\ttrack sp in functions whose frame size is at least nn bytes\n"
+// "initialize-locals\t\tforcibly initialize all stack frames\n"
+};
@@ -72804,13 +73115,13 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
+static void stackleak_add_instrumentation(gimple_stmt_iterator *gsi, bool before)
+{
+ gimple call;
-+ tree decl, type;
++ tree fndecl, type;
+
+ // insert call to void pax_track_stack(void)
+ type = build_function_type_list(void_type_node, NULL_TREE);
-+ decl = build_fn_decl(track_function, type);
-+ DECL_ASSEMBLER_NAME(decl); // for LTO
-+ call = gimple_build_call(decl, 0);
++ fndecl = build_fn_decl(track_function, type);
++ DECL_ASSEMBLER_NAME(fndecl); // for LTO
++ call = gimple_build_call(fndecl, 0);
+ if (before)
+ gsi_insert_before(gsi, call, GSI_CONTINUE_LINKING);
+ else
@@ -72819,40 +73130,46 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
+
+static unsigned int execute_stackleak_tree_instrument(void)
+{
-+ basic_block bb;
++ basic_block bb, entry_bb;
+ gimple_stmt_iterator gsi;
++ bool prologue_instrumented = false;
++
++ entry_bb = ENTRY_BLOCK_PTR_FOR_FUNCTION(cfun)->next_bb;
+
+ // 1. loop through BBs and GIMPLE statements
+ FOR_EACH_BB(bb) {
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
+ // gimple match: align 8 built-in BUILT_IN_NORMAL:BUILT_IN_ALLOCA attributes <tree_list 0xb7576450>
-+ tree decl;
++ tree fndecl;
+ gimple stmt = gsi_stmt(gsi);
+
+ if (!is_gimple_call(stmt))
+ continue;
-+ decl = gimple_call_fndecl(stmt);
-+ if (!decl)
++ fndecl = gimple_call_fndecl(stmt);
++ if (!fndecl)
+ continue;
-+ if (TREE_CODE(decl) != FUNCTION_DECL)
++ if (TREE_CODE(fndecl) != FUNCTION_DECL)
+ continue;
-+ if (!DECL_BUILT_IN(decl))
++ if (!DECL_BUILT_IN(fndecl))
+ continue;
-+ if (DECL_BUILT_IN_CLASS(decl) != BUILT_IN_NORMAL)
++ if (DECL_BUILT_IN_CLASS(fndecl) != BUILT_IN_NORMAL)
+ continue;
-+ if (DECL_FUNCTION_CODE(decl) != BUILT_IN_ALLOCA)
++ if (DECL_FUNCTION_CODE(fndecl) != BUILT_IN_ALLOCA)
+ continue;
+
+ // 2. insert track call after each __builtin_alloca call
+ stackleak_add_instrumentation(&gsi, false);
-+// print_node(stderr, "pax", decl, 4);
++ if (bb == entry_bb)
++ prologue_instrumented = true;
++// print_node(stderr, "pax", fndecl, 4);
+ }
+ }
+
+ // 3. insert track call at the beginning
-+ bb = ENTRY_BLOCK_PTR_FOR_FUNCTION(cfun)->next_bb;
-+ gsi = gsi_start_bb(bb);
-+ stackleak_add_instrumentation(&gsi, true);
++ if (!prologue_instrumented) {
++ gsi = gsi_start_bb(entry_bb);
++ stackleak_add_instrumentation(&gsi, true);
++ }
+
+ return 0;
+}
diff --git a/3.0.4/4423_grsec-remove-protected-paths.patch b/3.0.4/4423_grsec-remove-protected-paths.patch
index da4c861..abd9b99 100644
--- a/3.0.4/4423_grsec-remove-protected-paths.patch
+++ b/3.0.4/4423_grsec-remove-protected-paths.patch
@@ -1,20 +1,18 @@
-From: Anthony G. Basile <basile@opensource.dyc.edu>
+From: Anthony G. Basile <blueness@gentoo.org>
-We don't want to allow GRSEC's Makefile to change permissions on
-paths in the filesystem.
+We don't want GRSEC's Makefile to change permissions on paths in
+the filesystem.
---- a/grsecurity/Makefile 2010-05-21 06:52:24.000000000 -0400
-+++ b/grsecurity/Makefile 2010-05-21 06:54:54.000000000 -0400
-@@ -27,8 +27,8 @@
+diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile
+--- a/grsecurity/Makefile 2011-09-15 13:36:25.000000000 -0400
++++ b/grsecurity/Makefile 2011-09-15 13:44:58.000000000 -0400
+@@ -27,9 +27,4 @@
ifdef CONFIG_GRKERNSEC_HIDESYM
extra-y := grsec_hidesym.o
$(obj)/grsec_hidesym.o:
- @-chmod -f 500 /boot
- @-chmod -f 500 /lib/modules
+- @-chmod -f 500 /lib64/modules
- @-chmod -f 700 .
- @echo ' grsec: protected kernel image paths'
-+ # @-chmod -f 500 /boot
-+ # @-chmod -f 500 /lib/modules
-+ # @-chmod -f 700 .
-+ # @echo ' grsec: protected kernel image paths'
endif
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.0.4/
@ 2011-09-21 11:31 Anthony G. Basile
0 siblings, 0 replies; 8+ messages in thread
From: Anthony G. Basile @ 2011-09-21 11:31 UTC (permalink / raw
To: gentoo-commits
commit: fe9efb4e75bc2e6bc3db5dcfd574db7de1bdda1a
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 21 11:31:14 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Sep 21 11:31:14 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=fe9efb4e
Grsec/PaX: 2.2.2-3.0.4-201109190917
---
2.6.32/0000_README | 8 -
3.0.4/0000_README | 2 +-
...4420_grsecurity-2.2.2-3.0.4-201109190917.patch} | 1031 ++++++++++++++++++--
3.0.4/4435_grsec-kconfig-gentoo.patch | 18 +-
4 files changed, 951 insertions(+), 108 deletions(-)
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 160c256..8013d69 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,14 +3,6 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 1043_linux-2.6.32.44.patch
-From: http://www.kernel.org
-Desc: Linux 2.6.39.44
-
-Patch: 1044_linux-2.6.32.45.patch
-From: http://www.kernel.org
-Desc: Linux 2.6.39.45
-
Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.0.4/0000_README b/3.0.4/0000_README
index 2fff4cc..a44f871 100644
--- a/3.0.4/0000_README
+++ b/3.0.4/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-3.0.4-201109150655.patch
+Patch: 4420_grsecurity-2.2.2-3.0.4-201109190917.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109150655.patch b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch
similarity index 98%
rename from 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109150655.patch
rename to 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch
index 97156c7..ec88fda 100644
--- a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109150655.patch
+++ b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch
@@ -5589,6 +5589,74 @@ diff -urNp linux-3.0.4/arch/x86/boot/video-vesa.c linux-3.0.4/arch/x86/boot/vide
}
/*
+diff -urNp linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S
+--- linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -71,6 +71,12 @@ FUNC: movq r1,r2; \
+ je B192; \
+ leaq 32(r9),r9;
+
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++#define ret orb $0x80, 0x7(%rsp); ret
++#else
++#define ret ret
++#endif
++
+ #define epilogue(r1,r2,r3,r4,r5,r6,r7,r8,r9) \
+ movq r1,r2; \
+ movq r3,r4; \
+diff -urNp linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S
+--- linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -790,6 +790,9 @@ ECRYPT_encrypt_bytes:
+ add %r11,%rsp
+ mov %rdi,%rax
+ mov %rsi,%rdx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ # bytesatleast65:
+ ._bytesatleast65:
+@@ -891,6 +894,9 @@ ECRYPT_keysetup:
+ add %r11,%rsp
+ mov %rdi,%rax
+ mov %rsi,%rdx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ # enter ECRYPT_ivsetup
+ .text
+@@ -917,4 +923,7 @@ ECRYPT_ivsetup:
+ add %r11,%rsp
+ mov %rdi,%rax
+ mov %rsi,%rdx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+diff -urNp linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S
+--- linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -269,6 +269,9 @@ twofish_enc_blk:
+
+ popq R1
+ movq $1,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+
+ twofish_dec_blk:
+@@ -321,4 +324,7 @@ twofish_dec_blk:
+
+ popq R1
+ movq $1,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
diff -urNp linux-3.0.4/arch/x86/ia32/ia32_aout.c linux-3.0.4/arch/x86/ia32/ia32_aout.c
--- linux-3.0.4/arch/x86/ia32/ia32_aout.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/ia32/ia32_aout.c 2011-08-23 21:48:14.000000000 -0400
@@ -8676,8 +8744,8 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/rwsem.h linux-3.0.4/arch/x86/include
diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/include/asm/segment.h
--- linux-3.0.4/arch/x86/include/asm/segment.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/include/asm/segment.h 2011-08-23 21:47:55.000000000 -0400
-@@ -64,8 +64,8 @@
++++ linux-3.0.4/arch/x86/include/asm/segment.h 2011-09-17 00:53:42.000000000 -0400
+@@ -64,10 +64,15 @@
* 26 - ESPFIX small SS
* 27 - per-cpu [ offset to per-cpu data area ]
* 28 - stack_canary-20 [ for stack protector ]
@@ -8687,8 +8755,15 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
+ * 30 - PCI BIOS DS
* 31 - TSS for double fault handler
*/
++#define GDT_ENTRY_KERNEXEC_EFI_CS (1)
++#define GDT_ENTRY_KERNEXEC_EFI_DS (2)
++#define __KERNEXEC_EFI_CS (GDT_ENTRY_KERNEXEC_EFI_CS*8)
++#define __KERNEXEC_EFI_DS (GDT_ENTRY_KERNEXEC_EFI_DS*8)
++
#define GDT_ENTRY_TLS_MIN 6
-@@ -79,6 +79,8 @@
+ #define GDT_ENTRY_TLS_MAX (GDT_ENTRY_TLS_MIN + GDT_ENTRY_TLS_ENTRIES - 1)
+
+@@ -79,6 +84,8 @@
#define GDT_ENTRY_KERNEL_CS (GDT_ENTRY_KERNEL_BASE+0)
@@ -8697,7 +8772,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
#define GDT_ENTRY_KERNEL_DS (GDT_ENTRY_KERNEL_BASE+1)
#define GDT_ENTRY_TSS (GDT_ENTRY_KERNEL_BASE+4)
-@@ -104,6 +106,12 @@
+@@ -104,6 +111,12 @@
#define __KERNEL_STACK_CANARY 0
#endif
@@ -8710,7 +8785,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
#define GDT_ENTRY_DOUBLEFAULT_TSS 31
/*
-@@ -141,7 +149,7 @@
+@@ -141,7 +154,7 @@
*/
/* Matches PNP_CS32 and PNP_CS16 (they must be consecutive) */
@@ -8719,7 +8794,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
#else
-@@ -165,6 +173,8 @@
+@@ -165,6 +178,8 @@
#define __USER32_CS (GDT_ENTRY_DEFAULT_USER32_CS * 8 + 3)
#define __USER32_DS __USER_DS
@@ -8728,7 +8803,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
#define GDT_ENTRY_TSS 8 /* needs two entries */
#define GDT_ENTRY_LDT 10 /* needs two entries */
#define GDT_ENTRY_TLS_MIN 12
-@@ -185,6 +195,7 @@
+@@ -185,6 +200,7 @@
#endif
#define __KERNEL_CS (GDT_ENTRY_KERNEL_CS*8)
@@ -10047,7 +10122,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/xsave.h linux-3.0.4/arch/x86/include
".section .fixup,\"ax\"\n"
diff -urNp linux-3.0.4/arch/x86/Kconfig linux-3.0.4/arch/x86/Kconfig
--- linux-3.0.4/arch/x86/Kconfig 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/Kconfig 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/arch/x86/Kconfig 2011-09-17 00:58:36.000000000 -0400
@@ -229,7 +229,7 @@ config X86_HT
config X86_32_LAZY_GS
@@ -10084,15 +10159,6 @@ diff -urNp linux-3.0.4/arch/x86/Kconfig linux-3.0.4/arch/x86/Kconfig
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1453,7 +1453,7 @@ config ARCH_USES_PG_UNCACHED
-
- config EFI
- bool "EFI runtime service support"
-- depends on ACPI
-+ depends on ACPI && !PAX_KERNEXEC
- ---help---
- This enables the kernel to use EFI runtime services that are
- available (such as the EFI variable services).
@@ -1483,6 +1483,7 @@ config SECCOMP
config CC_STACKPROTECTOR
@@ -11728,7 +11794,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_32.S linux-3.0.4/arch/x86/kernel/en
CFI_ADJUST_CFA_OFFSET -24
diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/entry_64.S
--- linux-3.0.4/arch/x86/kernel/entry_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/kernel/entry_64.S 2011-08-26 19:49:56.000000000 -0400
++++ linux-3.0.4/arch/x86/kernel/entry_64.S 2011-09-17 18:31:51.000000000 -0400
@@ -53,6 +53,7 @@
#include <asm/paravirt.h>
#include <asm/ftrace.h>
@@ -12108,7 +12174,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
je retint_kernel
/* Interrupt came from user space */
-@@ -847,12 +1125,15 @@ retint_swapgs: /* return to user-space
+@@ -847,12 +1125,18 @@ retint_swapgs: /* return to user-space
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -12121,10 +12187,13 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
retint_restore_args: /* return to kernel space */
DISABLE_INTERRUPTS(CLBR_ANY)
+ pax_exit_kernel
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80,0x7+RIP-ARGOFFSET(%rsp)
++#endif
/*
* The iretq could re-enable interrupts:
*/
-@@ -1027,6 +1308,16 @@ ENTRY(\sym)
+@@ -1027,6 +1311,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -12141,7 +12210,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
call \do_sym
-@@ -1044,6 +1335,16 @@ ENTRY(\sym)
+@@ -1044,6 +1338,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -12158,7 +12227,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
call \do_sym
-@@ -1052,7 +1353,7 @@ ENTRY(\sym)
+@@ -1052,7 +1356,7 @@ ENTRY(\sym)
END(\sym)
.endm
@@ -12167,7 +12236,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1062,8 +1363,24 @@ ENTRY(\sym)
+@@ -1062,8 +1366,24 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -12192,7 +12261,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
subq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
call \do_sym
addq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
-@@ -1080,6 +1397,16 @@ ENTRY(\sym)
+@@ -1080,6 +1400,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -12209,7 +12278,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
-@@ -1099,6 +1426,16 @@ ENTRY(\sym)
+@@ -1099,6 +1429,16 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -12226,7 +12295,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
-@@ -1361,14 +1698,27 @@ ENTRY(paranoid_exit)
+@@ -1361,16 +1701,35 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
@@ -12238,6 +12307,9 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
+ TRACE_IRQS_IRETQ 0
+ SWAPGS_UNSAFE_STACK
+ RESTORE_ALL 8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80,0x7(%rsp)
++#endif
+ jmp irq_return
+#endif
paranoid_swapgs:
@@ -12254,8 +12326,13 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
+ pax_exit_kernel
TRACE_IRQS_IRETQ 0
RESTORE_ALL 8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80,0x7(%rsp)
++#endif
jmp irq_return
-@@ -1426,7 +1776,7 @@ ENTRY(error_entry)
+ paranoid_userspace:
+ GET_THREAD_INFO(%rcx)
+@@ -1426,7 +1785,7 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -12264,7 +12341,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
je error_kernelspace
error_swapgs:
SWAPGS
-@@ -1490,6 +1840,16 @@ ENTRY(nmi)
+@@ -1490,6 +1849,16 @@ ENTRY(nmi)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
DEFAULT_FRAME 0
@@ -12281,7 +12358,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1500,11 +1860,25 @@ ENTRY(nmi)
+@@ -1500,12 +1869,32 @@ ENTRY(nmi)
DISABLE_INTERRUPTS(CLBR_NONE)
testl %ebx,%ebx /* swapgs needed? */
jnz nmi_restore
@@ -12292,6 +12369,9 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
+ pax_exit_kernel
+ SWAPGS_UNSAFE_STACK
+ RESTORE_ALL 8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80,0x7(%rsp)
++#endif
+ jmp irq_return
+#endif
nmi_swapgs:
@@ -12306,8 +12386,12 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
nmi_restore:
+ pax_exit_kernel
RESTORE_ALL 8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80,0x7(%rsp)
++#endif
jmp irq_return
nmi_userspace:
+ GET_THREAD_INFO(%rcx)
diff -urNp linux-3.0.4/arch/x86/kernel/ftrace.c linux-3.0.4/arch/x86/kernel/ftrace.c
--- linux-3.0.4/arch/x86/kernel/ftrace.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/kernel/ftrace.c 2011-08-23 21:47:55.000000000 -0400
@@ -16528,8 +16612,15 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_386_32.S linux-3.0.4/arch/x86/lib/a
movl %edx, 4(v)
diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S
--- linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-08-23 21:47:55.000000000 -0400
-@@ -39,6 +39,14 @@ ENTRY(atomic64_read_cx8)
++++ linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-09-17 18:31:51.000000000 -0400
+@@ -35,10 +35,24 @@ ENTRY(atomic64_read_cx8)
+ CFI_STARTPROC
+
+ read64 %ecx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
CFI_ENDPROC
ENDPROC(atomic64_read_cx8)
@@ -16537,6 +16628,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
+ CFI_STARTPROC
+
+ read64 %ecx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ENDPROC(atomic64_read_unchecked_cx8)
@@ -16544,7 +16638,14 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
ENTRY(atomic64_set_cx8)
CFI_STARTPROC
-@@ -52,6 +60,19 @@ ENTRY(atomic64_set_cx8)
+@@ -48,10 +62,29 @@ ENTRY(atomic64_set_cx8)
+ cmpxchg8b (%esi)
+ jne 1b
+
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
CFI_ENDPROC
ENDPROC(atomic64_set_cx8)
@@ -16557,6 +16658,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
+ cmpxchg8b (%esi)
+ jne 1b
+
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ENDPROC(atomic64_set_unchecked_cx8)
@@ -16564,7 +16668,14 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
ENTRY(atomic64_xchg_cx8)
CFI_STARTPROC
-@@ -66,8 +87,8 @@ ENTRY(atomic64_xchg_cx8)
+@@ -62,12 +95,15 @@ ENTRY(atomic64_xchg_cx8)
+ cmpxchg8b (%esi)
+ jne 1b
+
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
CFI_ENDPROC
ENDPROC(atomic64_xchg_cx8)
@@ -16575,7 +16686,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
CFI_STARTPROC
SAVE ebp
SAVE ebx
-@@ -84,27 +105,43 @@ ENTRY(atomic64_\func\()_return_cx8)
+@@ -84,27 +120,46 @@ ENTRY(atomic64_\func\()_return_cx8)
movl %edx, %ecx
\ins\()l %esi, %ebx
\insc\()l %edi, %ecx
@@ -16606,6 +16717,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
RESTORE esi
RESTORE ebx
RESTORE ebp
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
ret
CFI_ENDPROC
-ENDPROC(atomic64_\func\()_return_cx8)
@@ -16624,7 +16738,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
CFI_STARTPROC
SAVE ebx
-@@ -114,21 +151,38 @@ ENTRY(atomic64_\func\()_return_cx8)
+@@ -114,21 +169,41 @@ ENTRY(atomic64_\func\()_return_cx8)
movl %edx, %ecx
\ins\()l $1, %ebx
\insc\()l $0, %ecx
@@ -16652,6 +16766,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
+.endif
+
RESTORE ebx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
ret
CFI_ENDPROC
-ENDPROC(atomic64_\func\()_return_cx8)
@@ -16665,7 +16782,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
ENTRY(atomic64_dec_if_positive_cx8)
CFI_STARTPROC
-@@ -140,6 +194,13 @@ ENTRY(atomic64_dec_if_positive_cx8)
+@@ -140,6 +215,13 @@ ENTRY(atomic64_dec_if_positive_cx8)
movl %edx, %ecx
subl $1, %ebx
sbb $0, %ecx
@@ -16679,7 +16796,17 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
js 2f
LOCK_PREFIX
cmpxchg8b (%esi)
-@@ -174,6 +235,13 @@ ENTRY(atomic64_add_unless_cx8)
+@@ -149,6 +231,9 @@ ENTRY(atomic64_dec_if_positive_cx8)
+ movl %ebx, %eax
+ movl %ecx, %edx
+ RESTORE ebx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(atomic64_dec_if_positive_cx8)
+@@ -174,6 +259,13 @@ ENTRY(atomic64_add_unless_cx8)
movl %edx, %ecx
addl %esi, %ebx
adcl %edi, %ecx
@@ -16693,7 +16820,17 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
LOCK_PREFIX
cmpxchg8b (%ebp)
jne 1b
-@@ -206,6 +274,13 @@ ENTRY(atomic64_inc_not_zero_cx8)
+@@ -184,6 +276,9 @@ ENTRY(atomic64_add_unless_cx8)
+ CFI_ADJUST_CFA_OFFSET -8
+ RESTORE ebx
+ RESTORE ebp
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ 4:
+ cmpl %edx, 4(%esp)
+@@ -206,6 +301,13 @@ ENTRY(atomic64_inc_not_zero_cx8)
movl %edx, %ecx
addl $1, %ebx
adcl $0, %ecx
@@ -16707,6 +16844,16 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
LOCK_PREFIX
cmpxchg8b (%esi)
jne 1b
+@@ -213,6 +315,9 @@ ENTRY(atomic64_inc_not_zero_cx8)
+ movl $1, %eax
+ 3:
+ RESTORE ebx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ 4:
+ testl %edx, %edx
diff -urNp linux-3.0.4/arch/x86/lib/checksum_32.S linux-3.0.4/arch/x86/lib/checksum_32.S
--- linux-3.0.4/arch/x86/lib/checksum_32.S 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/lib/checksum_32.S 2011-08-23 21:47:55.000000000 -0400
@@ -16956,8 +17103,38 @@ diff -urNp linux-3.0.4/arch/x86/lib/checksum_32.S linux-3.0.4/arch/x86/lib/check
#undef ROUND1
diff -urNp linux-3.0.4/arch/x86/lib/clear_page_64.S linux-3.0.4/arch/x86/lib/clear_page_64.S
--- linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-08-23 21:47:55.000000000 -0400
-@@ -58,7 +58,7 @@ ENDPROC(clear_page)
++++ linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -11,6 +11,9 @@ ENTRY(clear_page_c)
+ movl $4096/8,%ecx
+ xorl %eax,%eax
+ rep stosq
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(clear_page_c)
+@@ -20,6 +23,9 @@ ENTRY(clear_page_c_e)
+ movl $4096,%ecx
+ xorl %eax,%eax
+ rep stosb
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(clear_page_c_e)
+@@ -43,6 +49,9 @@ ENTRY(clear_page)
+ leaq 64(%rdi),%rdi
+ jnz .Lloop
+ nop
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ .Lclear_page_end:
+@@ -58,7 +67,7 @@ ENDPROC(clear_page)
#include <asm/cpufeature.h>
@@ -16968,8 +17145,28 @@ diff -urNp linux-3.0.4/arch/x86/lib/clear_page_64.S linux-3.0.4/arch/x86/lib/cle
2: .byte 0xeb /* jmp <disp8> */
diff -urNp linux-3.0.4/arch/x86/lib/copy_page_64.S linux-3.0.4/arch/x86/lib/copy_page_64.S
--- linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-08-23 21:47:55.000000000 -0400
-@@ -104,7 +104,7 @@ ENDPROC(copy_page)
++++ linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -8,6 +8,9 @@ copy_page_c:
+ CFI_STARTPROC
+ movl $4096/8,%ecx
+ rep movsq
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(copy_page_c)
+@@ -94,6 +97,9 @@ ENTRY(copy_page)
+ CFI_RESTORE r13
+ addq $3*8,%rsp
+ CFI_ADJUST_CFA_OFFSET -3*8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ .Lcopy_page_end:
+ CFI_ENDPROC
+@@ -104,7 +110,7 @@ ENDPROC(copy_page)
#include <asm/cpufeature.h>
@@ -16980,7 +17177,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_page_64.S linux-3.0.4/arch/x86/lib/copy
2:
diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy_user_64.S
--- linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-09-17 18:31:51.000000000 -0400
@@ -16,6 +16,7 @@
#include <asm/thread_info.h>
#include <asm/cpufeature.h>
@@ -16998,7 +17195,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy
2: .byte 0xe9 /* near jump with 32bit immediate */
.long \alt1-1b /* offset */ /* or alternatively to alt1 */
3: .byte 0xe9 /* near jump with 32bit immediate */
-@@ -71,41 +72,13 @@
+@@ -71,47 +72,22 @@
#endif
.endm
@@ -17042,9 +17239,48 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy
movl %edx,%ecx
xorl %eax,%eax
rep
+ stosb
+ bad_to_user:
+ movl %edx,%eax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(bad_from_user)
+@@ -179,6 +155,9 @@ ENTRY(copy_user_generic_unrolled)
+ decl %ecx
+ jnz 21b
+ 23: xor %eax,%eax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+
+ .section .fixup,"ax"
+@@ -251,6 +230,9 @@ ENTRY(copy_user_generic_string)
+ 3: rep
+ movsb
+ 4: xorl %eax,%eax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+
+ .section .fixup,"ax"
+@@ -287,6 +269,9 @@ ENTRY(copy_user_enhanced_fast_string)
+ 1: rep
+ movsb
+ 2: xorl %eax,%eax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+
+ .section .fixup,"ax"
diff -urNp linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S
--- linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-09-17 18:31:51.000000000 -0400
@@ -14,6 +14,7 @@
#include <asm/current.h>
#include <asm/asm-offsets.h>
@@ -17069,6 +17305,29 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S linux-3.0.4/arch/x86/
cmpl $8,%edx
jb 20f /* less then 8 bytes, go to byte copy loop */
ALIGN_DESTINATION
+@@ -98,6 +108,9 @@ ENTRY(__copy_user_nocache)
+ jnz 21b
+ 23: xorl %eax,%eax
+ sfence
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+
+ .section .fixup,"ax"
+diff -urNp linux-3.0.4/arch/x86/lib/csum-copy_64.S linux-3.0.4/arch/x86/lib/csum-copy_64.S
+--- linux-3.0.4/arch/x86/lib/csum-copy_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/csum-copy_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -228,6 +228,9 @@ ENTRY(csum_partial_copy_generic)
+ CFI_RESTORE rbp
+ addq $7*8, %rsp
+ CFI_ADJUST_CFA_OFFSET -7*8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_RESTORE_STATE
+
diff -urNp linux-3.0.4/arch/x86/lib/csum-wrappers_64.c linux-3.0.4/arch/x86/lib/csum-wrappers_64.c
--- linux-3.0.4/arch/x86/lib/csum-wrappers_64.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/lib/csum-wrappers_64.c 2011-08-23 21:47:55.000000000 -0400
@@ -17232,6 +17491,138 @@ diff -urNp linux-3.0.4/arch/x86/lib/insn.c linux-3.0.4/arch/x86/lib/insn.c
insn->x86_64 = x86_64 ? 1 : 0;
insn->opnd_bytes = 4;
if (x86_64)
+diff -urNp linux-3.0.4/arch/x86/lib/iomap_copy_64.S linux-3.0.4/arch/x86/lib/iomap_copy_64.S
+--- linux-3.0.4/arch/x86/lib/iomap_copy_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/iomap_copy_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -25,6 +25,9 @@ ENTRY(__iowrite32_copy)
+ CFI_STARTPROC
+ movl %edx,%ecx
+ rep movsd
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(__iowrite32_copy)
+diff -urNp linux-3.0.4/arch/x86/lib/memcpy_64.S linux-3.0.4/arch/x86/lib/memcpy_64.S
+--- linux-3.0.4/arch/x86/lib/memcpy_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/memcpy_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -34,6 +34,9 @@
+ rep movsq
+ movl %edx, %ecx
+ rep movsb
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ .Lmemcpy_e:
+ .previous
+@@ -51,6 +54,9 @@
+
+ movl %edx, %ecx
+ rep movsb
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ .Lmemcpy_e_e:
+ .previous
+@@ -141,6 +147,9 @@ ENTRY(memcpy)
+ movq %r9, 1*8(%rdi)
+ movq %r10, -2*8(%rdi, %rdx)
+ movq %r11, -1*8(%rdi, %rdx)
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ retq
+ .p2align 4
+ .Lless_16bytes:
+@@ -153,6 +162,9 @@ ENTRY(memcpy)
+ movq -1*8(%rsi, %rdx), %r9
+ movq %r8, 0*8(%rdi)
+ movq %r9, -1*8(%rdi, %rdx)
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ retq
+ .p2align 4
+ .Lless_8bytes:
+@@ -166,6 +178,9 @@ ENTRY(memcpy)
+ movl -4(%rsi, %rdx), %r8d
+ movl %ecx, (%rdi)
+ movl %r8d, -4(%rdi, %rdx)
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ retq
+ .p2align 4
+ .Lless_3bytes:
+@@ -183,6 +198,9 @@ ENTRY(memcpy)
+ jnz .Lloop_1
+
+ .Lend:
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ retq
+ CFI_ENDPROC
+ ENDPROC(memcpy)
+diff -urNp linux-3.0.4/arch/x86/lib/memmove_64.S linux-3.0.4/arch/x86/lib/memmove_64.S
+--- linux-3.0.4/arch/x86/lib/memmove_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/memmove_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -201,6 +201,9 @@ ENTRY(memmove)
+ movb (%rsi), %r11b
+ movb %r11b, (%rdi)
+ 13:
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ retq
+ CFI_ENDPROC
+
+@@ -209,6 +212,9 @@ ENTRY(memmove)
+ /* Forward moving data. */
+ movq %rdx, %rcx
+ rep movsb
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ retq
+ .Lmemmove_end_forward_efs:
+ .previous
+diff -urNp linux-3.0.4/arch/x86/lib/memset_64.S linux-3.0.4/arch/x86/lib/memset_64.S
+--- linux-3.0.4/arch/x86/lib/memset_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/memset_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -31,6 +31,9 @@
+ movl %r8d,%ecx
+ rep stosb
+ movq %r9,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ .Lmemset_e:
+ .previous
+@@ -53,6 +56,9 @@
+ movl %edx,%ecx
+ rep stosb
+ movq %r9,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ .Lmemset_e_e:
+ .previous
+@@ -121,6 +127,9 @@ ENTRY(__memset)
+
+ .Lende:
+ movq %r10,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+
+ CFI_RESTORE_STATE
diff -urNp linux-3.0.4/arch/x86/lib/mmx_32.c linux-3.0.4/arch/x86/lib/mmx_32.c
--- linux-3.0.4/arch/x86/lib/mmx_32.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/lib/mmx_32.c 2011-08-23 21:47:55.000000000 -0400
@@ -17690,6 +18081,84 @@ diff -urNp linux-3.0.4/arch/x86/lib/putuser.S linux-3.0.4/arch/x86/lib/putuser.S
#endif
xor %eax,%eax
EXIT
+diff -urNp linux-3.0.4/arch/x86/lib/rwlock_64.S linux-3.0.4/arch/x86/lib/rwlock_64.S
+--- linux-3.0.4/arch/x86/lib/rwlock_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/rwlock_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -17,6 +17,9 @@ ENTRY(__write_lock_failed)
+ LOCK_PREFIX
+ subl $RW_LOCK_BIAS,(%rdi)
+ jnz __write_lock_failed
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ END(__write_lock_failed)
+@@ -33,6 +36,9 @@ ENTRY(__read_lock_failed)
+ LOCK_PREFIX
+ decl (%rdi)
+ js __read_lock_failed
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ END(__read_lock_failed)
+diff -urNp linux-3.0.4/arch/x86/lib/rwsem_64.S linux-3.0.4/arch/x86/lib/rwsem_64.S
+--- linux-3.0.4/arch/x86/lib/rwsem_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/rwsem_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -51,6 +51,9 @@ ENTRY(call_rwsem_down_read_failed)
+ popq_cfi %rdx
+ CFI_RESTORE rdx
+ restore_common_regs
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(call_rwsem_down_read_failed)
+@@ -61,6 +64,9 @@ ENTRY(call_rwsem_down_write_failed)
+ movq %rax,%rdi
+ call rwsem_down_write_failed
+ restore_common_regs
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(call_rwsem_down_write_failed)
+@@ -73,6 +79,9 @@ ENTRY(call_rwsem_wake)
+ movq %rax,%rdi
+ call rwsem_wake
+ restore_common_regs
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ 1: ret
+ CFI_ENDPROC
+ ENDPROC(call_rwsem_wake)
+@@ -88,6 +97,9 @@ ENTRY(call_rwsem_downgrade_wake)
+ popq_cfi %rdx
+ CFI_RESTORE rdx
+ restore_common_regs
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(call_rwsem_downgrade_wake)
+diff -urNp linux-3.0.4/arch/x86/lib/thunk_64.S linux-3.0.4/arch/x86/lib/thunk_64.S
+--- linux-3.0.4/arch/x86/lib/thunk_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/thunk_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -50,5 +50,8 @@
+ SAVE_ARGS
+ restore:
+ RESTORE_ARGS
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
diff -urNp linux-3.0.4/arch/x86/lib/usercopy_32.c linux-3.0.4/arch/x86/lib/usercopy_32.c
--- linux-3.0.4/arch/x86/lib/usercopy_32.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/lib/usercopy_32.c 2011-08-23 21:47:55.000000000 -0400
@@ -20872,8 +21341,8 @@ diff -urNp linux-3.0.4/arch/x86/pci/pcbios.c linux-3.0.4/arch/x86/pci/pcbios.c
EXPORT_SYMBOL(pcibios_set_irq_routing);
diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platform/efi/efi_32.c
--- linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-08-23 21:47:55.000000000 -0400
-@@ -38,70 +38,37 @@
++++ linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-09-19 09:16:58.000000000 -0400
+@@ -38,70 +38,56 @@
*/
static unsigned long efi_rt_eflags;
@@ -20887,7 +21356,10 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
- unsigned long temp;
struct desc_ptr gdt_descr;
- local_irq_save(efi_rt_eflags);
+- local_irq_save(efi_rt_eflags);
++#ifdef CONFIG_PAX_KERNEXEC
++ struct desc_struct d;
++#endif
- /*
- * If I don't have PAE, I should just duplicate two entries in page
@@ -20895,7 +21367,8 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
- * page directory.
- */
- cr4 = read_cr4_safe();
--
++ local_irq_save(efi_rt_eflags);
+
- if (cr4 & X86_CR4_PAE) {
- efi_bak_pg_dir_pointer[0].pgd =
- swapper_pg_dir[pgd_index(0)].pgd;
@@ -20921,8 +21394,14 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
*/
__flush_tlb_all();
-- gdt_descr.address = __pa(get_cpu_gdt_table(0));
-+ gdt_descr.address = (struct desc_struct *)__pa(get_cpu_gdt_table(0));
++#ifdef CONFIG_PAX_KERNEXEC
++ pack_descriptor(&d, 0, 0xFFFFF, 0x9B, 0xC);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_CS, &d, DESCTYPE_S);
++ pack_descriptor(&d, 0, 0xFFFFF, 0x93, 0xC);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_DS, &d, DESCTYPE_S);
++#endif
++
+ gdt_descr.address = __pa(get_cpu_gdt_table(0));
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
}
@@ -20933,8 +21412,15 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
- unsigned long cr4;
struct desc_ptr gdt_descr;
-- gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
-+ gdt_descr.address = get_cpu_gdt_table(0);
++#ifdef CONFIG_PAX_KERNEXEC
++ struct desc_struct d;
++
++ memset(&d, 0, sizeof d);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_CS, &d, DESCTYPE_S);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_DS, &d, DESCTYPE_S);
++#endif
++
+ gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
@@ -20955,16 +21441,18 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
* After the lock is released, the original page table is restored.
diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S
--- linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S 2011-08-23 21:47:55.000000000 -0400
-@@ -6,6 +6,7 @@
++++ linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S 2011-09-19 09:16:58.000000000 -0400
+@@ -6,7 +6,9 @@
*/
#include <linux/linkage.h>
+#include <linux/init.h>
#include <asm/page_types.h>
++#include <asm/segment.h>
/*
-@@ -20,7 +21,7 @@
+ * efi_call_phys(void *, ...) is a function with variable parameters.
+@@ -20,7 +22,7 @@
* service functions will comply with gcc calling convention, too.
*/
@@ -20973,18 +21461,22 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
ENTRY(efi_call_phys)
/*
* 0. The function can only be called in Linux kernel. So CS has been
-@@ -36,9 +37,7 @@ ENTRY(efi_call_phys)
+@@ -36,9 +38,11 @@ ENTRY(efi_call_phys)
* The mapping of lower virtual memory has been created in prelog and
* epilog.
*/
- movl $1f, %edx
- subl $__PAGE_OFFSET, %edx
- jmp *%edx
-+ jmp 1f-__PAGE_OFFSET
++ movl $(__KERNEXEC_EFI_DS), %edx
++ mov %edx, %ds
++ mov %edx, %es
++ mov %edx, %ss
++ ljmp $(__KERNEXEC_EFI_CS),$1f-__PAGE_OFFSET
1:
/*
-@@ -47,14 +46,8 @@ ENTRY(efi_call_phys)
+@@ -47,14 +51,8 @@ ENTRY(efi_call_phys)
* parameter 2, ..., param n. To make things easy, we save the return
* address of efi_call_phys in a global variable.
*/
@@ -21001,7 +21493,7 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
/*
* 3. Clear PG bit in %CR0.
-@@ -73,9 +66,8 @@ ENTRY(efi_call_phys)
+@@ -73,9 +71,8 @@ ENTRY(efi_call_phys)
/*
* 5. Call the physical function.
*/
@@ -21012,7 +21504,7 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
/*
* 6. After EFI runtime service returns, control will return to
* following instruction. We'd better readjust stack pointer first.
-@@ -88,35 +80,28 @@ ENTRY(efi_call_phys)
+@@ -88,35 +85,32 @@ ENTRY(efi_call_phys)
movl %cr0, %edx
orl $0x80000000, %edx
movl %edx, %cr0
@@ -21025,8 +21517,12 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
*/
- movl $1f, %edx
- jmp *%edx
-+ jmp 1f+__PAGE_OFFSET
++ ljmp $(__KERNEL_CS),$1f+__PAGE_OFFSET
1:
++ movl $(__KERNEL_DS), %edx
++ mov %edx, %ds
++ mov %edx, %es
++ mov %edx, %ss
/*
* 9. Balance the stack. And because EAX contain the return value,
@@ -21054,6 +21550,78 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
saved_return_addr:
.long 0
efi_rt_function_ptr:
+diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S
+--- linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -40,6 +40,9 @@ ENTRY(efi_call0)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ ENDPROC(efi_call0)
+
+@@ -50,6 +53,9 @@ ENTRY(efi_call1)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ ENDPROC(efi_call1)
+
+@@ -60,6 +66,9 @@ ENTRY(efi_call2)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ ENDPROC(efi_call2)
+
+@@ -71,6 +80,9 @@ ENTRY(efi_call3)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ ENDPROC(efi_call3)
+
+@@ -83,6 +95,9 @@ ENTRY(efi_call4)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ ENDPROC(efi_call4)
+
+@@ -96,6 +111,9 @@ ENTRY(efi_call5)
+ call *%rdi
+ addq $48, %rsp
+ RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ ENDPROC(efi_call5)
+
+@@ -112,5 +130,8 @@ ENTRY(efi_call6)
+ call *%rdi
+ addq $48, %rsp
+ RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ ENDPROC(efi_call6)
diff -urNp linux-3.0.4/arch/x86/platform/mrst/mrst.c linux-3.0.4/arch/x86/platform/mrst/mrst.c
--- linux-3.0.4/arch/x86/platform/mrst/mrst.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/platform/mrst/mrst.c 2011-08-23 21:47:55.000000000 -0400
@@ -63277,7 +63845,7 @@ diff -urNp linux-3.0.4/localversion-grsec linux-3.0.4/localversion-grsec
+-grsec
diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
--- linux-3.0.4/Makefile 2011-09-02 18:11:26.000000000 -0400
-+++ linux-3.0.4/Makefile 2011-09-14 11:16:43.000000000 -0400
++++ linux-3.0.4/Makefile 2011-09-17 00:56:07.000000000 -0400
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
HOSTCC = gcc
@@ -63314,20 +63882,23 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -564,6 +567,28 @@ else
+@@ -564,6 +567,31 @@ else
KBUILD_CFLAGS += -O2
endif
-+ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh $(HOSTCC) $(CC)), y)
++ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y)
+CONSTIFY_PLUGIN := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN
++ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++KERNEXEC_PLUGIN := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so
++endif
+ifdef CONFIG_KALLOCSTAT_PLUGIN
+KALLOCSTAT_PLUGIN := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so
+endif
+ifdef CONFIG_PAX_MEMORY_STACKLEAK
+STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100
+endif
-+GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN)
-+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN
++GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN)
++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN
+gcc-plugins:
+ $(Q)$(MAKE) $(build)=tools/gcc
+else
@@ -63343,7 +63914,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
include $(srctree)/arch/$(SRCARCH)/Makefile
ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -708,7 +733,7 @@ export mod_strip_cmd
+@@ -708,7 +736,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -63352,7 +63923,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -907,6 +932,8 @@ define rule_vmlinux-modpost
+@@ -907,6 +935,8 @@ define rule_vmlinux-modpost
endef
# vmlinux image - including updated kernel symbols
@@ -63361,7 +63932,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
vmlinux: $(vmlinux-lds) $(vmlinux-init) $(vmlinux-main) vmlinux.o $(kallsyms.o) FORCE
ifdef CONFIG_HEADERS_CHECK
$(Q)$(MAKE) -f $(srctree)/Makefile headers_check
-@@ -941,7 +968,8 @@ $(sort $(vmlinux-init) $(vmlinux-main))
+@@ -941,7 +971,8 @@ $(sort $(vmlinux-init) $(vmlinux-main))
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -63371,7 +63942,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
$(Q)$(MAKE) $(build)=$@
# Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -986,6 +1014,7 @@ prepare0: archprepare FORCE
+@@ -986,6 +1017,7 @@ prepare0: archprepare FORCE
$(Q)$(MAKE) $(build)=. missing-syscalls
# All the preparing..
@@ -63379,7 +63950,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
prepare: prepare0
# Generate some files
-@@ -1102,7 +1131,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
+@@ -1102,7 +1134,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
# Target to prepare building external modules
PHONY += modules_prepare
@@ -63388,7 +63959,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
# Target to install modules
PHONY += modules_install
-@@ -1198,7 +1227,7 @@ distclean: mrproper
+@@ -1198,7 +1230,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -63397,7 +63968,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1359,6 +1388,7 @@ PHONY += $(module-dirs) modules
+@@ -1359,6 +1391,7 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -63405,7 +63976,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1485,17 +1515,19 @@ else
+@@ -1485,17 +1518,19 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -63429,7 +64000,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1505,11 +1537,13 @@ endif
+@@ -1505,11 +1540,13 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -71384,8 +71955,8 @@ diff -urNp linux-3.0.4/security/integrity/ima/ima_queue.c linux-3.0.4/security/i
return 0;
diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
--- linux-3.0.4/security/Kconfig 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/security/Kconfig 2011-08-23 21:48:14.000000000 -0400
-@@ -4,6 +4,554 @@
++++ linux-3.0.4/security/Kconfig 2011-09-17 00:58:04.000000000 -0400
+@@ -4,6 +4,558 @@
menu "Security options"
@@ -71396,6 +71967,9 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
+ config ARCH_TRACK_EXEC_LIMIT
+ bool
+
++ config PAX_KERNEXEC_PLUGIN
++ bool
++
+ config PAX_PER_CPU_PGD
+ bool
+
@@ -71706,6 +72280,7 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
+ bool "Enforce non-executable kernel pages"
+ depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
+ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
++ select PAX_KERNEXEC_PLUGIN if X86_64
+ help
+ This is the kernel land equivalent of PAGEEXEC and MPROTECT,
+ that is, enabling this option will make it harder to inject
@@ -71940,7 +72515,7 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
config KEYS
bool "Enable access key retention support"
help
-@@ -167,7 +715,7 @@ config INTEL_TXT
+@@ -167,7 +719,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -72832,8 +73407,8 @@ diff -urNp linux-3.0.4/tools/gcc/constify_plugin.c linux-3.0.4/tools/gcc/constif
+}
diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallocstat_plugin.c
--- linux-3.0.4/tools/gcc/kallocstat_plugin.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/tools/gcc/kallocstat_plugin.c 2011-09-14 09:08:05.000000000 -0400
-@@ -0,0 +1,163 @@
++++ linux-3.0.4/tools/gcc/kallocstat_plugin.c 2011-09-17 00:53:44.000000000 -0400
+@@ -0,0 +1,165 @@
+/*
+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -72868,6 +73443,8 @@ diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallo
+#include "emit-rtl.h"
+#include "function.h"
+
++extern void print_gimple_stmt(FILE *, gimple, int, int);
++
+int plugin_is_GPL_compatible;
+
+static const char * const kalloc_functions[] = {
@@ -72997,10 +73574,279 @@ diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallo
+
+ return 0;
+}
+diff -urNp linux-3.0.4/tools/gcc/kernexec_plugin.c linux-3.0.4/tools/gcc/kernexec_plugin.c
+--- linux-3.0.4/tools/gcc/kernexec_plugin.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-3.0.4/tools/gcc/kernexec_plugin.c 2011-09-19 09:16:58.000000000 -0400
+@@ -0,0 +1,265 @@
++/*
++ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
++ * Licensed under the GPL v2
++ *
++ * Note: the choice of the license means that the compilation process is
++ * NOT 'eligible' as defined by gcc's library exception to the GPL v3,
++ * but for the kernel it doesn't matter since it doesn't link against
++ * any of the gcc libraries
++ *
++ * gcc plugin to make KERNEXEC/amd64 almost as good as it is on i386
++ *
++ * TODO:
++ *
++ * BUGS:
++ * - none known
++ */
++#include "gcc-plugin.h"
++#include "config.h"
++#include "system.h"
++#include "coretypes.h"
++#include "tree.h"
++#include "tree-pass.h"
++#include "intl.h"
++#include "plugin-version.h"
++#include "tm.h"
++#include "toplev.h"
++#include "basic-block.h"
++#include "gimple.h"
++//#include "expr.h" where are you...
++#include "diagnostic.h"
++#include "rtl.h"
++#include "emit-rtl.h"
++#include "function.h"
++#include "tree-flow.h"
++
++extern void print_gimple_stmt(FILE *, gimple, int, int);
++
++int plugin_is_GPL_compatible;
++
++static struct plugin_info kernexec_plugin_info = {
++ .version = "201109191200",
++};
++
++static unsigned int execute_kernexec_fptr(void);
++static unsigned int execute_kernexec_retaddr(void);
++
++static struct gimple_opt_pass kernexec_fptr_pass = {
++ .pass = {
++ .type = GIMPLE_PASS,
++ .name = "kernexec_fptr",
++ .gate = NULL,
++ .execute = execute_kernexec_fptr,
++ .sub = NULL,
++ .next = NULL,
++ .static_pass_number = 0,
++ .tv_id = TV_NONE,
++ .properties_required = 0,
++ .properties_provided = 0,
++ .properties_destroyed = 0,
++ .todo_flags_start = 0,
++ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa_no_phi
++ }
++};
++
++static struct rtl_opt_pass kernexec_retaddr_pass = {
++ .pass = {
++ .type = RTL_PASS,
++ .name = "kernexec_retaddr",
++ .gate = NULL,
++ .execute = execute_kernexec_retaddr,
++ .sub = NULL,
++ .next = NULL,
++ .static_pass_number = 0,
++ .tv_id = TV_NONE,
++ .properties_required = 0,
++ .properties_provided = 0,
++ .properties_destroyed = 0,
++ .todo_flags_start = 0,
++ .todo_flags_finish = TODO_dump_func
++ }
++};
++
++/*
++ * add special KERNEXEC instrumentation: force MSB of fptr to 1, which will produce
++ * a non-canonical address from a userland ptr and will just trigger a GPF on dereference
++ */
++static void kernexec_instrument_fptr(gimple_stmt_iterator gsi)
++{
++ gimple assign_intptr, assign_new_fptr, call_stmt;
++ tree intptr, old_fptr, new_fptr, kernexec_mask;
++
++ call_stmt = gsi_stmt(gsi);
++ old_fptr = gimple_call_fn(call_stmt);
++
++ // create temporary unsigned long variable used for bitops and cast fptr to it
++ intptr = create_tmp_var(long_unsigned_type_node, NULL);
++ add_referenced_var(intptr);
++ mark_sym_for_renaming(intptr);
++ assign_intptr = gimple_build_assign(intptr, fold_convert(long_unsigned_type_node, old_fptr));
++ update_stmt(assign_intptr);
++ gsi_insert_before(&gsi, assign_intptr, GSI_NEW_STMT);
++
++ gsi_next(&gsi);
++
++ // apply logical or to temporary unsigned long and bitmask
++ kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0x8000000000000000LL);
++// kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0xffffffff80000000LL);
++ assign_intptr = gimple_build_assign(intptr, fold_build2(BIT_IOR_EXPR, long_long_unsigned_type_node, intptr, kernexec_mask));
++ update_stmt(assign_intptr);
++ gsi_insert_before(&gsi, assign_intptr, GSI_NEW_STMT);
++
++ gsi_next(&gsi);
++
++ // cast temporary unsigned long back to a temporary fptr variable
++ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), NULL);
++ add_referenced_var(new_fptr);
++ mark_sym_for_renaming(new_fptr);
++ assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr));
++ update_stmt(assign_new_fptr);
++ gsi_insert_before(&gsi, assign_new_fptr, GSI_NEW_STMT);
++
++ gsi_next(&gsi);
++
++ // replace call stmt fn with the new fptr
++ gimple_call_set_fn(call_stmt, new_fptr);
++ update_stmt(call_stmt);
++}
++
++/*
++ * find all C level function pointer dereferences and forcibly set the highest bit of the pointer
++ */
++static unsigned int execute_kernexec_fptr(void)
++{
++ basic_block bb;
++ gimple_stmt_iterator gsi;
++
++ // 1. loop through BBs and GIMPLE statements
++ FOR_EACH_BB(bb) {
++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
++ // gimple match: h_1 = get_fptr (); D.2709_3 = h_1 (x_2(D));
++ tree fn;
++ gimple call_stmt;
++
++ // is it a call ...
++ call_stmt = gsi_stmt(gsi);
++ if (!is_gimple_call(call_stmt))
++ continue;
++ fn = gimple_call_fn(call_stmt);
++ if (TREE_CODE(fn) == ADDR_EXPR)
++ continue;
++ if (TREE_CODE(fn) != SSA_NAME)
++ gcc_unreachable();
++
++ // ... through a function pointer
++ fn = SSA_NAME_VAR(fn);
++ if (TREE_CODE(fn) != VAR_DECL && TREE_CODE(fn) != PARM_DECL)
++ continue;
++ fn = TREE_TYPE(fn);
++ if (TREE_CODE(fn) != POINTER_TYPE)
++ continue;
++ fn = TREE_TYPE(fn);
++ if (TREE_CODE(fn) != FUNCTION_TYPE)
++ continue;
++
++ kernexec_instrument_fptr(gsi);
++
++//debug_tree(gimple_call_fn(call_stmt));
++//print_gimple_stmt(stderr, call_stmt, 0, TDF_LINENO);
++ }
++ }
++
++ return 0;
++}
++
++// add special KERNEXEC instrumentation: orb $0x80,7(%rsp) just before retn
++static void kernexec_instrument_retaddr(rtx insn)
++{
++ rtx ret_addr, clob, or;
++
++ start_sequence();
++
++ // compute 7(%rsp)
++ ret_addr = gen_rtx_MEM(QImode, gen_rtx_PLUS(Pmode, stack_pointer_rtx, GEN_INT(7)));
++ MEM_VOLATILE_P(ret_addr) = 1;
++
++ // create orb $0x80,7(%rsp)
++ or = gen_rtx_SET(VOIDmode, ret_addr, gen_rtx_IOR(QImode, ret_addr, GEN_INT(0xffffffffffffff80)));
++ clob = gen_rtx_CLOBBER(VOIDmode, gen_rtx_REG(CCmode, FLAGS_REG));
++
++ // put everything together
++ or = emit_insn(gen_rtx_PARALLEL(VOIDmode, gen_rtvec(2, or, clob)));
++ RTX_FRAME_RELATED_P(or) = 1;
++
++ end_sequence();
++
++ emit_insn_before(or, insn);
++}
++
++/*
++ * find all asm level function returns and forcibly set the highest bit of the return address
++ */
++static unsigned int execute_kernexec_retaddr(void)
++{
++ rtx insn;
++
++ // 1. find function returns
++ for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) {
++ // rtl match: (jump_insn 41 40 42 2 (return) fptr.c:42 634 {return_internal} (nil))
++ // (jump_insn 12 9 11 2 (parallel [ (return) (unspec [ (0) ] UNSPEC_REP) ]) fptr.c:46 635 {return_internal_long} (nil))
++ rtx body;
++
++ // is it a retn
++ if (!JUMP_P(insn))
++ continue;
++ body = PATTERN(insn);
++ if (GET_CODE(body) == PARALLEL)
++ body = XVECEXP(body, 0, 0);
++ if (GET_CODE(body) != RETURN)
++ continue;
++ kernexec_instrument_retaddr(insn);
++ }
++
++// print_simple_rtl(stderr, get_insns());
++// print_rtl(stderr, get_insns());
++
++ return 0;
++}
++
++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
++{
++ const char * const plugin_name = plugin_info->base_name;
++ const int argc = plugin_info->argc;
++ const struct plugin_argument * const argv = plugin_info->argv;
++ int i;
++ struct register_pass_info kernexec_fptr_pass_info = {
++ .pass = &kernexec_fptr_pass.pass,
++ .reference_pass_name = "ssa",
++ .ref_pass_instance_number = 0,
++ .pos_op = PASS_POS_INSERT_AFTER
++ };
++ struct register_pass_info kernexec_retaddr_pass_info = {
++ .pass = &kernexec_retaddr_pass.pass,
++ .reference_pass_name = "pro_and_epilogue",
++ .ref_pass_instance_number = 0,
++ .pos_op = PASS_POS_INSERT_AFTER
++ };
++
++ if (!plugin_default_version_check(version, &gcc_version)) {
++ error(G_("incompatible gcc/plugin versions"));
++ return 1;
++ }
++
++ register_callback(plugin_name, PLUGIN_INFO, NULL, &kernexec_plugin_info);
++
++ for (i = 0; i < argc; ++i)
++ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
++
++ if (TARGET_64BIT == 0 || ix86_cmodel != CM_KERNEL)
++ return 0;
++
++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_fptr_pass_info);
++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_retaddr_pass_info);
++
++ return 0;
++}
diff -urNp linux-3.0.4/tools/gcc/Makefile linux-3.0.4/tools/gcc/Makefile
--- linux-3.0.4/tools/gcc/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/tools/gcc/Makefile 2011-09-14 09:08:05.000000000 -0400
-@@ -0,0 +1,13 @@
++++ linux-3.0.4/tools/gcc/Makefile 2011-09-17 00:53:44.000000000 -0400
+@@ -0,0 +1,14 @@
+#CC := gcc
+#PLUGIN_SOURCE_FILES := pax_plugin.c
+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
@@ -73009,15 +73855,16 @@ diff -urNp linux-3.0.4/tools/gcc/Makefile linux-3.0.4/tools/gcc/Makefile
+
+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include
+
-+hostlibs-y := stackleak_plugin.so constify_plugin.so kallocstat_plugin.so
++hostlibs-y := stackleak_plugin.so constify_plugin.so kallocstat_plugin.so kernexec_plugin.so
+always := $(hostlibs-y)
+stackleak_plugin-objs := stackleak_plugin.o
+constify_plugin-objs := constify_plugin.o
+kallocstat_plugin-objs := kallocstat_plugin.o
++kernexec_plugin-objs := kernexec_plugin.o
diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackleak_plugin.c
--- linux-3.0.4/tools/gcc/stackleak_plugin.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/tools/gcc/stackleak_plugin.c 2011-09-14 09:08:05.000000000 -0400
-@@ -0,0 +1,249 @@
++++ linux-3.0.4/tools/gcc/stackleak_plugin.c 2011-09-17 00:53:44.000000000 -0400
+@@ -0,0 +1,251 @@
+/*
+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -73085,7 +73932,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
+ .properties_provided = 0,
+ .properties_destroyed = 0,
+ .todo_flags_start = 0, //TODO_verify_ssa | TODO_verify_flow | TODO_verify_stmts,
-+ .todo_flags_finish = TODO_verify_stmts // | TODO_dump_func
++ .todo_flags_finish = TODO_verify_stmts | TODO_dump_func
+ }
+};
+
@@ -73103,7 +73950,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
+ .properties_provided = 0,
+ .properties_destroyed = 0,
+ .todo_flags_start = 0,
-+ .todo_flags_finish = 0
++ .todo_flags_finish = TODO_dump_func
+ }
+};
+
@@ -73181,6 +74028,10 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
+ if (cfun->calls_alloca)
+ return 0;
+
++ // keep calls only if function frame is big enough
++ if (get_frame_size() >= track_frame_size)
++ return 0;
++
+ // 1. find pax_track_stack calls
+ for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) {
+ // rtl match: (call_insn 8 7 9 3 (call (mem (symbol_ref ("pax_track_stack") [flags 0x41] <function_decl 0xb7470e80 pax_track_stack>) [0 S1 A8]) (4)) -1 (nil) (nil))
@@ -73200,9 +74051,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
+ if (strcmp(XSTR(body, 0), track_function))
+ continue;
+// warning(0, "track_frame_size: %d %ld %d", cfun->calls_alloca, get_frame_size(), track_frame_size);
-+ // 2. delete call if function frame is not big enough
-+ if (get_frame_size() >= track_frame_size)
-+ continue;
++ // 2. delete call
+ delete_insn_and_edges(insn);
+ }
+
diff --git a/3.0.4/4435_grsec-kconfig-gentoo.patch b/3.0.4/4435_grsec-kconfig-gentoo.patch
index 6e1e60f..82d188e 100644
--- a/3.0.4/4435_grsec-kconfig-gentoo.patch
+++ b/3.0.4/4435_grsec-kconfig-gentoo.patch
@@ -15,9 +15,9 @@ and conflicts with some software and thus would be less suitable.
The original version of this patch was conceived and created by:
Ned Ludd <solar@gentoo.org>
-diff -Naur linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig linux-2.6.38-hardened-r1/grsecurity/Kconfig
---- linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
-+++ linux-2.6.38-hardened-r1/grsecurity/Kconfig 2011-04-17 19:27:46.000000000 -0400
+diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
+--- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
++++ b/grsecurity/Kconfig 2011-04-17 19:27:46.000000000 -0400
@@ -18,7 +18,7 @@
choice
prompt "Security Level"
@@ -286,21 +286,22 @@ diff -Naur linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig linux-2.6.38-hardene
config GRKERNSEC_CUSTOM
bool "Custom"
help
-diff -Naur linux-2.6.38-hardened-r1.orig/security/Kconfig linux-2.6.38-hardened-r1/security/Kconfig
---- linux-2.6.38-hardened-r1.orig/security/Kconfig 2011-04-17 19:25:02.000000000 -0400
-+++ linux-2.6.38-hardened-r1/security/Kconfig 2011-04-17 19:27:46.000000000 -0400
-@@ -319,8 +319,9 @@
+diff -Naur a/security/Kconfig b/security/Kconfig
+--- a/security/Kconfig 2011-09-21 07:20:02.000000000 -0400
++++ b/security/Kconfig 2011-09-21 07:25:50.000000000 -0400
+@@ -322,9 +322,10 @@
config PAX_KERNEXEC
bool "Enforce non-executable kernel pages"
- depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
+ depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN && !GRKERNSEC_HARDENED_VIRTUALIZATION
select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
+ select PAX_KERNEXEC_PLUGIN if X86_64
+ default y if GRKERNSEC_HARDENED_WORKSTATION
help
This is the kernel land equivalent of PAGEEXEC and MPROTECT,
that is, enabling this option will make it harder to inject
-@@ -483,8 +484,9 @@
+@@ -487,8 +488,9 @@
config PAX_MEMORY_UDEREF
bool "Prevent invalid userland pointer dereference"
@@ -311,3 +312,4 @@ diff -Naur linux-2.6.38-hardened-r1.orig/security/Kconfig linux-2.6.38-hardened-
help
By saying Y here the kernel will be prevented from dereferencing
userland pointers in contexts where the kernel expects only kernel
+
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.0.4/
@ 2011-09-25 13:29 Anthony G. Basile
0 siblings, 0 replies; 8+ messages in thread
From: Anthony G. Basile @ 2011-09-25 13:29 UTC (permalink / raw
To: gentoo-commits
commit: e53877b3d3c285ae1d6254b53ffb6d439aafd1ba
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 25 13:28:19 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 25 13:28:19 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=e53877b3
Grsec/PaX: 2.2.2-2.6.32.46-201109240842 + 2.2.2-3.0.4-201109240842.patch
---
2.6.32/0000_README | 2 +-
..._grsecurity-2.2.2-2.6.32.46-201109240842.patch} | 29 ++++------
2.6.32/4437-grsec-kconfig-proc-user.patch | 4 +-
2.6.32/4440_selinux-avc_audit-log-curr_ip.patch | 2 +-
3.0.4/0000_README | 2 +-
...4420_grsecurity-2.2.2-3.0.4-201109240842.patch} | 57 +++++++++++++-------
3.0.4/4425_grsec-pax-without-grsec.patch | 2 +-
3.0.4/4437-grsec-kconfig-proc-user.patch | 4 +-
3.0.4/4440_selinux-avc_audit-log-curr_ip.patch | 2 +-
9 files changed, 59 insertions(+), 45 deletions(-)
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 8013d69..e3aa423 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch
+Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
similarity index 99%
rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch
rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
index bcff015..0d9b6ae 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
@@ -55474,8 +55474,8 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_chroot.c linux-2.6.32.46/grsecurity/
+}
diff -urNp linux-2.6.32.46/grsecurity/grsec_disabled.c linux-2.6.32.46/grsecurity/grsec_disabled.c
--- linux-2.6.32.46/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/grsecurity/grsec_disabled.c 2011-04-17 15:56:46.000000000 -0400
-@@ -0,0 +1,447 @@
++++ linux-2.6.32.46/grsecurity/grsec_disabled.c 2011-09-24 08:13:29.000000000 -0400
+@@ -0,0 +1,433 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -55643,18 +55643,6 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_disabled.c linux-2.6.32.46/grsecurit
+ return 0;
+}
+
-+int
-+gr_is_capable(const int cap)
-+{
-+ return 1;
-+}
-+
-+int
-+gr_is_capable_nolog(const int cap)
-+{
-+ return 1;
-+}
-+
+void
+gr_handle_alertkill(struct task_struct *task)
+{
@@ -55915,8 +55903,6 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_disabled.c linux-2.6.32.46/grsecurit
+ return dentry->d_inode->i_sb->s_dev;
+}
+
-+EXPORT_SYMBOL(gr_is_capable);
-+EXPORT_SYMBOL(gr_is_capable_nolog);
+EXPORT_SYMBOL(gr_learn_resource);
+EXPORT_SYMBOL(gr_set_kernel_label);
+#ifdef CONFIG_SECURITY
@@ -73067,7 +73053,16 @@ diff -urNp linux-2.6.32.46/mm/slob.c linux-2.6.32.46/mm/slob.c
diff -urNp linux-2.6.32.46/mm/slub.c linux-2.6.32.46/mm/slub.c
--- linux-2.6.32.46/mm/slub.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/mm/slub.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/mm/slub.c 2011-09-24 08:36:34.000000000 -0400
+@@ -201,7 +201,7 @@ struct track {
+
+ enum track_item { TRACK_ALLOC, TRACK_FREE };
+
+-#ifdef CONFIG_SLUB_DEBUG
++#if defined(CONFIG_SLUB_DEBUG) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_add(struct kmem_cache *);
+ static int sysfs_slab_alias(struct kmem_cache *, const char *);
+ static void sysfs_slab_remove(struct kmem_cache *);
@@ -410,7 +410,7 @@ static void print_track(const char *s, s
if (!t->addr)
return;
diff --git a/2.6.32/4437-grsec-kconfig-proc-user.patch b/2.6.32/4437-grsec-kconfig-proc-user.patch
index 34d8596..368d10c 100644
--- a/2.6.32/4437-grsec-kconfig-proc-user.patch
+++ b/2.6.32/4437-grsec-kconfig-proc-user.patch
@@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre
diff -Naur linux-2.6.32-hardened-r54.orig//grsecurity/Kconfig linux-2.6.32-hardened-r54/grsecurity/Kconfig
--- a/grsecurity/Kconfig 2011-06-29 07:46:02.000000000 -0400
+++ b/grsecurity/Kconfig 2011-06-29 07:47:20.000000000 -0400
-@@ -668,7 +668,7 @@
+@@ -665,7 +665,7 @@
config GRKERNSEC_PROC_USER
bool "Restrict /proc to user only"
@@ -15,7 +15,7 @@ diff -Naur linux-2.6.32-hardened-r54.orig//grsecurity/Kconfig linux-2.6.32-harde
help
If you say Y here, non-root users will only be able to view their own
processes, and restricts them from viewing network-related information,
-@@ -676,7 +676,7 @@
+@@ -673,7 +673,7 @@
config GRKERNSEC_PROC_USERGROUP
bool "Allow special group"
diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
index b582401..003d903 100644
--- a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
+++ b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-hardened-r44/grsecurity/Kconfig
--- linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400
+++ linux-2.6.32-hardened-r44/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400
-@@ -1267,6 +1267,27 @@
+@@ -1264,6 +1264,27 @@
menu "Logging Options"
depends on GRKERNSEC
diff --git a/3.0.4/0000_README b/3.0.4/0000_README
index a44f871..6cdadcb 100644
--- a/3.0.4/0000_README
+++ b/3.0.4/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-3.0.4-201109190917.patch
+Patch: 4420_grsecurity-2.2.2-3.0.4-201109240842.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch
similarity index 99%
rename from 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch
rename to 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch
index ec88fda..5e86d2b 100644
--- a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch
+++ b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch
@@ -50694,8 +50694,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_chroot.c linux-3.0.4/grsecurity/grsec_ch
+}
diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_disabled.c
--- linux-3.0.4/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/grsec_disabled.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,447 @@
++++ linux-3.0.4/grsecurity/grsec_disabled.c 2011-09-24 08:13:01.000000000 -0400
+@@ -0,0 +1,433 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -50863,18 +50863,6 @@ diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_
+ return 0;
+}
+
-+int
-+gr_is_capable(const int cap)
-+{
-+ return 1;
-+}
-+
-+int
-+gr_is_capable_nolog(const int cap)
-+{
-+ return 1;
-+}
-+
+void
+gr_handle_alertkill(struct task_struct *task)
+{
@@ -51135,8 +51123,6 @@ diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_
+ return dentry->d_inode->i_sb->s_dev;
+}
+
-+EXPORT_SYMBOL(gr_is_capable);
-+EXPORT_SYMBOL(gr_is_capable_nolog);
+EXPORT_SYMBOL(gr_learn_resource);
+EXPORT_SYMBOL(gr_set_kernel_label);
+#ifdef CONFIG_SECURITY
@@ -55798,7 +55784,7 @@ diff -urNp linux-3.0.4/include/linux/grdefs.h linux-3.0.4/include/linux/grdefs.h
+#endif
diff -urNp linux-3.0.4/include/linux/grinternal.h linux-3.0.4/include/linux/grinternal.h
--- linux-3.0.4/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/include/linux/grinternal.h 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/include/linux/grinternal.h 2011-09-24 08:43:45.000000000 -0400
@@ -0,0 +1,219 @@
+#ifndef __GRINTERNAL_H
+#define __GRINTERNAL_H
@@ -55924,7 +55910,7 @@ diff -urNp linux-3.0.4/include/linux/grinternal.h linux-3.0.4/include/linux/grin
+ CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
+ CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
+ CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
-+ CAP_TO_MASK(CAP_IPC_OWNER) , 0 }}
++ CAP_TO_MASK(CAP_IPC_OWNER) , CAP_TO_MASK(CAP_SYSLOG) }}
+
+#define security_learn(normal_msg,args...) \
+({ \
@@ -67520,7 +67506,16 @@ diff -urNp linux-3.0.4/mm/slob.c linux-3.0.4/mm/slob.c
diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
--- linux-3.0.4/mm/slub.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/mm/slub.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/mm/slub.c 2011-09-24 08:37:26.000000000 -0400
+@@ -200,7 +200,7 @@ struct track {
+
+ enum track_item { TRACK_ALLOC, TRACK_FREE };
+
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_add(struct kmem_cache *);
+ static int sysfs_slab_alias(struct kmem_cache *, const char *);
+ static void sysfs_slab_remove(struct kmem_cache *);
@@ -442,7 +442,7 @@ static void print_track(const char *s, s
if (!t->addr)
return;
@@ -67671,6 +67666,30 @@ diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
goto err;
}
up_write(&slub_lock);
+@@ -3545,7 +3586,7 @@ void *__kmalloc_node_track_caller(size_t
+ }
+ #endif
+
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int count_inuse(struct page *page)
+ {
+ return page->inuse;
+@@ -3935,12 +3976,12 @@ static void resiliency_test(void)
+ validate_slab_cache(kmalloc_caches[9]);
+ }
+ #else
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static void resiliency_test(void) {};
+ #endif
+ #endif
+
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ enum slab_stat_type {
+ SL_ALL, /* All slabs */
+ SL_PARTIAL, /* Only partially allocated slabs */
@@ -4150,7 +4191,7 @@ SLAB_ATTR_RO(ctor);
static ssize_t aliases_show(struct kmem_cache *s, char *buf)
diff --git a/3.0.4/4425_grsec-pax-without-grsec.patch b/3.0.4/4425_grsec-pax-without-grsec.patch
index cdc33f2..41be0d0 100644
--- a/3.0.4/4425_grsec-pax-without-grsec.patch
+++ b/3.0.4/4425_grsec-pax-without-grsec.patch
@@ -77,7 +77,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c
diff -Naur a/security/Kconfig b/security/Kconfig
--- a/security/Kconfig 2011-04-17 19:05:03.000000000 -0400
+++ b/security/Kconfig 2011-04-17 19:20:30.000000000 -0400
-@@ -26,7 +26,7 @@
+@@ -29,7 +29,7 @@
config PAX
bool "Enable various PaX features"
diff --git a/3.0.4/4437-grsec-kconfig-proc-user.patch b/3.0.4/4437-grsec-kconfig-proc-user.patch
index 4e5acda..c588683 100644
--- a/3.0.4/4437-grsec-kconfig-proc-user.patch
+++ b/3.0.4/4437-grsec-kconfig-proc-user.patch
@@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre
diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-hardened-r4/grsecurity/Kconfig
--- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400
+++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400
-@@ -669,7 +669,7 @@
+@@ -666,7 +666,7 @@
config GRKERNSEC_PROC_USER
bool "Restrict /proc to user only"
@@ -15,7 +15,7 @@ diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-harden
help
If you say Y here, non-root users will only be able to view their own
processes, and restricts them from viewing network-related information,
-@@ -677,7 +677,7 @@
+@@ -674,7 +674,7 @@
config GRKERNSEC_PROC_USERGROUP
bool "Allow special group"
diff --git a/3.0.4/4440_selinux-avc_audit-log-curr_ip.patch b/3.0.4/4440_selinux-avc_audit-log-curr_ip.patch
index 3a991fb..0fd5d2d 100644
--- a/3.0.4/4440_selinux-avc_audit-log-curr_ip.patch
+++ b/3.0.4/4440_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
diff -Naur linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig linux-2.6.38-hardened-r1/grsecurity/Kconfig
--- linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
+++ linux-2.6.38-hardened-r1/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400
-@@ -1268,6 +1268,27 @@
+@@ -1265,6 +1265,27 @@
menu "Logging Options"
depends on GRKERNSEC
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.0.4/
@ 2011-09-25 13:32 Anthony G. Basile
0 siblings, 0 replies; 8+ messages in thread
From: Anthony G. Basile @ 2011-09-25 13:32 UTC (permalink / raw
To: gentoo-commits
commit: be81a9aea2d68648a0aa6b228105a930c83d57ae
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 25 13:28:19 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 25 13:32:14 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=be81a9ae
Grsec/PaX: 2.2.2-2.6.32.46-201109240842 + 2.2.2-3.0.4-201109240842
---
2.6.32/0000_README | 2 +-
..._grsecurity-2.2.2-2.6.32.46-201109240842.patch} | 29 ++++------
2.6.32/4437-grsec-kconfig-proc-user.patch | 4 +-
2.6.32/4440_selinux-avc_audit-log-curr_ip.patch | 2 +-
3.0.4/0000_README | 2 +-
...4420_grsecurity-2.2.2-3.0.4-201109240842.patch} | 57 +++++++++++++-------
3.0.4/4425_grsec-pax-without-grsec.patch | 2 +-
3.0.4/4437-grsec-kconfig-proc-user.patch | 4 +-
3.0.4/4440_selinux-avc_audit-log-curr_ip.patch | 2 +-
9 files changed, 59 insertions(+), 45 deletions(-)
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 8013d69..e3aa423 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch
+Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
similarity index 99%
rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch
rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
index bcff015..0d9b6ae 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
@@ -55474,8 +55474,8 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_chroot.c linux-2.6.32.46/grsecurity/
+}
diff -urNp linux-2.6.32.46/grsecurity/grsec_disabled.c linux-2.6.32.46/grsecurity/grsec_disabled.c
--- linux-2.6.32.46/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/grsecurity/grsec_disabled.c 2011-04-17 15:56:46.000000000 -0400
-@@ -0,0 +1,447 @@
++++ linux-2.6.32.46/grsecurity/grsec_disabled.c 2011-09-24 08:13:29.000000000 -0400
+@@ -0,0 +1,433 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -55643,18 +55643,6 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_disabled.c linux-2.6.32.46/grsecurit
+ return 0;
+}
+
-+int
-+gr_is_capable(const int cap)
-+{
-+ return 1;
-+}
-+
-+int
-+gr_is_capable_nolog(const int cap)
-+{
-+ return 1;
-+}
-+
+void
+gr_handle_alertkill(struct task_struct *task)
+{
@@ -55915,8 +55903,6 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_disabled.c linux-2.6.32.46/grsecurit
+ return dentry->d_inode->i_sb->s_dev;
+}
+
-+EXPORT_SYMBOL(gr_is_capable);
-+EXPORT_SYMBOL(gr_is_capable_nolog);
+EXPORT_SYMBOL(gr_learn_resource);
+EXPORT_SYMBOL(gr_set_kernel_label);
+#ifdef CONFIG_SECURITY
@@ -73067,7 +73053,16 @@ diff -urNp linux-2.6.32.46/mm/slob.c linux-2.6.32.46/mm/slob.c
diff -urNp linux-2.6.32.46/mm/slub.c linux-2.6.32.46/mm/slub.c
--- linux-2.6.32.46/mm/slub.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/mm/slub.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/mm/slub.c 2011-09-24 08:36:34.000000000 -0400
+@@ -201,7 +201,7 @@ struct track {
+
+ enum track_item { TRACK_ALLOC, TRACK_FREE };
+
+-#ifdef CONFIG_SLUB_DEBUG
++#if defined(CONFIG_SLUB_DEBUG) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_add(struct kmem_cache *);
+ static int sysfs_slab_alias(struct kmem_cache *, const char *);
+ static void sysfs_slab_remove(struct kmem_cache *);
@@ -410,7 +410,7 @@ static void print_track(const char *s, s
if (!t->addr)
return;
diff --git a/2.6.32/4437-grsec-kconfig-proc-user.patch b/2.6.32/4437-grsec-kconfig-proc-user.patch
index 34d8596..368d10c 100644
--- a/2.6.32/4437-grsec-kconfig-proc-user.patch
+++ b/2.6.32/4437-grsec-kconfig-proc-user.patch
@@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre
diff -Naur linux-2.6.32-hardened-r54.orig//grsecurity/Kconfig linux-2.6.32-hardened-r54/grsecurity/Kconfig
--- a/grsecurity/Kconfig 2011-06-29 07:46:02.000000000 -0400
+++ b/grsecurity/Kconfig 2011-06-29 07:47:20.000000000 -0400
-@@ -668,7 +668,7 @@
+@@ -665,7 +665,7 @@
config GRKERNSEC_PROC_USER
bool "Restrict /proc to user only"
@@ -15,7 +15,7 @@ diff -Naur linux-2.6.32-hardened-r54.orig//grsecurity/Kconfig linux-2.6.32-harde
help
If you say Y here, non-root users will only be able to view their own
processes, and restricts them from viewing network-related information,
-@@ -676,7 +676,7 @@
+@@ -673,7 +673,7 @@
config GRKERNSEC_PROC_USERGROUP
bool "Allow special group"
diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
index b582401..003d903 100644
--- a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
+++ b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-hardened-r44/grsecurity/Kconfig
--- linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400
+++ linux-2.6.32-hardened-r44/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400
-@@ -1267,6 +1267,27 @@
+@@ -1264,6 +1264,27 @@
menu "Logging Options"
depends on GRKERNSEC
diff --git a/3.0.4/0000_README b/3.0.4/0000_README
index a44f871..6cdadcb 100644
--- a/3.0.4/0000_README
+++ b/3.0.4/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-3.0.4-201109190917.patch
+Patch: 4420_grsecurity-2.2.2-3.0.4-201109240842.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch
similarity index 99%
rename from 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch
rename to 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch
index ec88fda..5e86d2b 100644
--- a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch
+++ b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch
@@ -50694,8 +50694,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_chroot.c linux-3.0.4/grsecurity/grsec_ch
+}
diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_disabled.c
--- linux-3.0.4/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/grsec_disabled.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,447 @@
++++ linux-3.0.4/grsecurity/grsec_disabled.c 2011-09-24 08:13:01.000000000 -0400
+@@ -0,0 +1,433 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -50863,18 +50863,6 @@ diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_
+ return 0;
+}
+
-+int
-+gr_is_capable(const int cap)
-+{
-+ return 1;
-+}
-+
-+int
-+gr_is_capable_nolog(const int cap)
-+{
-+ return 1;
-+}
-+
+void
+gr_handle_alertkill(struct task_struct *task)
+{
@@ -51135,8 +51123,6 @@ diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_
+ return dentry->d_inode->i_sb->s_dev;
+}
+
-+EXPORT_SYMBOL(gr_is_capable);
-+EXPORT_SYMBOL(gr_is_capable_nolog);
+EXPORT_SYMBOL(gr_learn_resource);
+EXPORT_SYMBOL(gr_set_kernel_label);
+#ifdef CONFIG_SECURITY
@@ -55798,7 +55784,7 @@ diff -urNp linux-3.0.4/include/linux/grdefs.h linux-3.0.4/include/linux/grdefs.h
+#endif
diff -urNp linux-3.0.4/include/linux/grinternal.h linux-3.0.4/include/linux/grinternal.h
--- linux-3.0.4/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/include/linux/grinternal.h 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/include/linux/grinternal.h 2011-09-24 08:43:45.000000000 -0400
@@ -0,0 +1,219 @@
+#ifndef __GRINTERNAL_H
+#define __GRINTERNAL_H
@@ -55924,7 +55910,7 @@ diff -urNp linux-3.0.4/include/linux/grinternal.h linux-3.0.4/include/linux/grin
+ CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
+ CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
+ CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
-+ CAP_TO_MASK(CAP_IPC_OWNER) , 0 }}
++ CAP_TO_MASK(CAP_IPC_OWNER) , CAP_TO_MASK(CAP_SYSLOG) }}
+
+#define security_learn(normal_msg,args...) \
+({ \
@@ -67520,7 +67506,16 @@ diff -urNp linux-3.0.4/mm/slob.c linux-3.0.4/mm/slob.c
diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
--- linux-3.0.4/mm/slub.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/mm/slub.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/mm/slub.c 2011-09-24 08:37:26.000000000 -0400
+@@ -200,7 +200,7 @@ struct track {
+
+ enum track_item { TRACK_ALLOC, TRACK_FREE };
+
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_add(struct kmem_cache *);
+ static int sysfs_slab_alias(struct kmem_cache *, const char *);
+ static void sysfs_slab_remove(struct kmem_cache *);
@@ -442,7 +442,7 @@ static void print_track(const char *s, s
if (!t->addr)
return;
@@ -67671,6 +67666,30 @@ diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
goto err;
}
up_write(&slub_lock);
+@@ -3545,7 +3586,7 @@ void *__kmalloc_node_track_caller(size_t
+ }
+ #endif
+
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int count_inuse(struct page *page)
+ {
+ return page->inuse;
+@@ -3935,12 +3976,12 @@ static void resiliency_test(void)
+ validate_slab_cache(kmalloc_caches[9]);
+ }
+ #else
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static void resiliency_test(void) {};
+ #endif
+ #endif
+
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ enum slab_stat_type {
+ SL_ALL, /* All slabs */
+ SL_PARTIAL, /* Only partially allocated slabs */
@@ -4150,7 +4191,7 @@ SLAB_ATTR_RO(ctor);
static ssize_t aliases_show(struct kmem_cache *s, char *buf)
diff --git a/3.0.4/4425_grsec-pax-without-grsec.patch b/3.0.4/4425_grsec-pax-without-grsec.patch
index cdc33f2..41be0d0 100644
--- a/3.0.4/4425_grsec-pax-without-grsec.patch
+++ b/3.0.4/4425_grsec-pax-without-grsec.patch
@@ -77,7 +77,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c
diff -Naur a/security/Kconfig b/security/Kconfig
--- a/security/Kconfig 2011-04-17 19:05:03.000000000 -0400
+++ b/security/Kconfig 2011-04-17 19:20:30.000000000 -0400
-@@ -26,7 +26,7 @@
+@@ -29,7 +29,7 @@
config PAX
bool "Enable various PaX features"
diff --git a/3.0.4/4437-grsec-kconfig-proc-user.patch b/3.0.4/4437-grsec-kconfig-proc-user.patch
index 4e5acda..c588683 100644
--- a/3.0.4/4437-grsec-kconfig-proc-user.patch
+++ b/3.0.4/4437-grsec-kconfig-proc-user.patch
@@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre
diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-hardened-r4/grsecurity/Kconfig
--- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400
+++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400
-@@ -669,7 +669,7 @@
+@@ -666,7 +666,7 @@
config GRKERNSEC_PROC_USER
bool "Restrict /proc to user only"
@@ -15,7 +15,7 @@ diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-harden
help
If you say Y here, non-root users will only be able to view their own
processes, and restricts them from viewing network-related information,
-@@ -677,7 +677,7 @@
+@@ -674,7 +674,7 @@
config GRKERNSEC_PROC_USERGROUP
bool "Allow special group"
diff --git a/3.0.4/4440_selinux-avc_audit-log-curr_ip.patch b/3.0.4/4440_selinux-avc_audit-log-curr_ip.patch
index 3a991fb..0fd5d2d 100644
--- a/3.0.4/4440_selinux-avc_audit-log-curr_ip.patch
+++ b/3.0.4/4440_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
diff -Naur linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig linux-2.6.38-hardened-r1/grsecurity/Kconfig
--- linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
+++ linux-2.6.38-hardened-r1/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400
-@@ -1268,6 +1268,27 @@
+@@ -1265,6 +1265,27 @@
menu "Logging Options"
depends on GRKERNSEC
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.0.4/
@ 2011-09-26 20:04 Anthony G. Basile
0 siblings, 0 replies; 8+ messages in thread
From: Anthony G. Basile @ 2011-09-26 20:04 UTC (permalink / raw
To: gentoo-commits
commit: e9e183a63e0e7ff5a02bf1d7feb68573b8c82276
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 26 20:03:27 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Sep 26 20:03:27 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=e9e183a6
Grsec/PaX: 2.2.2-2.6.32.46-201109261052 + 2.2.2-3.0.4-201109261052.patch
---
2.6.32/0000_README | 2 +-
..._grsecurity-2.2.2-2.6.32.46-201109261052.patch} | 62 +++++++++++++++-----
3.0.4/0000_README | 2 +-
...4420_grsecurity-2.2.2-3.0.4-201109261052.patch} | 62 +++++++++++++++-----
4 files changed, 98 insertions(+), 30 deletions(-)
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index e3aa423..4cb87d7 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
+Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch
similarity index 99%
rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch
index 0d9b6ae..bab9029 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch
@@ -56495,8 +56495,8 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_link.c linux-2.6.32.46/grsecurity/gr
+}
diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grsec_log.c
--- linux-2.6.32.46/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/grsecurity/grsec_log.c 2011-09-14 23:16:01.000000000 -0400
-@@ -0,0 +1,313 @@
++++ linux-2.6.32.46/grsecurity/grsec_log.c 2011-09-26 10:44:49.000000000 -0400
+@@ -0,0 +1,315 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -56549,6 +56549,7 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grs
+ char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
+ char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
++#if (CONFIG_GRKERNSEC_FLOODTIME > 0 && CONFIG_GRKERNSEC_FLOODBURST > 0)
+ unsigned long curr_secs = get_seconds();
+
+ if (audit == GR_DO_AUDIT)
@@ -56557,18 +56558,19 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grs
+ if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
+ grsec_alert_wtime = curr_secs;
+ grsec_alert_fyet = 0;
-+ } else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
-+ if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) {
-+ grsec_alert_fyet++;
-+ } else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
-+ grsec_alert_wtime = curr_secs;
-+ grsec_alert_fyet++;
-+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
-+ return FLOODING;
-+ }
-+ } else return FLOODING;
++ } else if (time_before_eq(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)
++ && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
++ grsec_alert_fyet++;
++ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
++ grsec_alert_wtime = curr_secs;
++ grsec_alert_fyet++;
++ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
++ return FLOODING;
++ }
++ else return FLOODING;
+
+set_fmt:
++#endif
+ memset(buf, 0, PAGE_SIZE);
+ if (current->signal->curr_ip && gr_acl_is_enabled()) {
+ sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) ");
@@ -73053,7 +73055,7 @@ diff -urNp linux-2.6.32.46/mm/slob.c linux-2.6.32.46/mm/slob.c
diff -urNp linux-2.6.32.46/mm/slub.c linux-2.6.32.46/mm/slub.c
--- linux-2.6.32.46/mm/slub.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/mm/slub.c 2011-09-24 08:36:34.000000000 -0400
++++ linux-2.6.32.46/mm/slub.c 2011-09-25 22:23:01.000000000 -0400
@@ -201,7 +201,7 @@ struct track {
enum track_item { TRACK_ALLOC, TRACK_FREE };
@@ -73258,7 +73260,39 @@ diff -urNp linux-2.6.32.46/mm/slub.c linux-2.6.32.46/mm/slub.c
.filter = uevent_filter,
};
-@@ -4785,7 +4824,13 @@ static const struct file_operations proc
+@@ -4564,6 +4603,7 @@ static char *create_unique_id(struct kme
+ return name;
+ }
+
++#if defined(CONFIG_SLUB_DEBUG) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_add(struct kmem_cache *s)
+ {
+ int err;
+@@ -4619,6 +4659,7 @@ static void sysfs_slab_remove(struct kme
+ kobject_del(&s->kobj);
+ kobject_put(&s->kobj);
+ }
++#endif
+
+ /*
+ * Need to buffer aliases during bootup until sysfs becomes
+@@ -4632,6 +4673,7 @@ struct saved_alias {
+
+ static struct saved_alias *alias_list;
+
++#if defined(CONFIG_SLUB_DEBUG) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
+ {
+ struct saved_alias *al;
+@@ -4654,6 +4696,7 @@ static int sysfs_slab_alias(struct kmem_
+ alias_list = al;
+ return 0;
+ }
++#endif
+
+ static int __init slab_sysfs_init(void)
+ {
+@@ -4785,7 +4828,13 @@ static const struct file_operations proc
static int __init slab_proc_init(void)
{
diff --git a/3.0.4/0000_README b/3.0.4/0000_README
index 6cdadcb..5afed8c 100644
--- a/3.0.4/0000_README
+++ b/3.0.4/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-3.0.4-201109240842.patch
+Patch: 4420_grsecurity-2.2.2-3.0.4-201109261052.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch
similarity index 99%
rename from 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch
rename to 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch
index 5e86d2b..cce98cf 100644
--- a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch
+++ b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch
@@ -51655,8 +51655,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_link.c linux-3.0.4/grsecurity/grsec_link
+}
diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
--- linux-3.0.4/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/grsec_log.c 2011-09-14 23:17:55.000000000 -0400
-@@ -0,0 +1,313 @@
++++ linux-3.0.4/grsecurity/grsec_log.c 2011-09-26 10:46:21.000000000 -0400
+@@ -0,0 +1,315 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -51709,6 +51709,7 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
+ char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
+ char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
++#if (CONFIG_GRKERNSEC_FLOODTIME > 0 && CONFIG_GRKERNSEC_FLOODBURST > 0)
+ unsigned long curr_secs = get_seconds();
+
+ if (audit == GR_DO_AUDIT)
@@ -51717,18 +51718,19 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
+ if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
+ grsec_alert_wtime = curr_secs;
+ grsec_alert_fyet = 0;
-+ } else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
-+ if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) {
-+ grsec_alert_fyet++;
-+ } else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
-+ grsec_alert_wtime = curr_secs;
-+ grsec_alert_fyet++;
-+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
-+ return FLOODING;
-+ }
-+ } else return FLOODING;
++ } else if (time_before_eq(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)
++ && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
++ grsec_alert_fyet++;
++ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
++ grsec_alert_wtime = curr_secs;
++ grsec_alert_fyet++;
++ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
++ return FLOODING;
++ }
++ else return FLOODING;
+
+set_fmt:
++#endif
+ memset(buf, 0, PAGE_SIZE);
+ if (current->signal->curr_ip && gr_acl_is_enabled()) {
+ sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) ");
@@ -67506,7 +67508,7 @@ diff -urNp linux-3.0.4/mm/slob.c linux-3.0.4/mm/slob.c
diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
--- linux-3.0.4/mm/slub.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/mm/slub.c 2011-09-24 08:37:26.000000000 -0400
++++ linux-3.0.4/mm/slub.c 2011-09-25 22:15:40.000000000 -0400
@@ -200,7 +200,7 @@ struct track {
enum track_item { TRACK_ALLOC, TRACK_FREE };
@@ -67699,7 +67701,39 @@ diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
}
SLAB_ATTR_RO(aliases);
-@@ -4894,7 +4935,13 @@ static const struct file_operations proc
+@@ -4662,6 +4703,7 @@ static char *create_unique_id(struct kme
+ return name;
+ }
+
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_add(struct kmem_cache *s)
+ {
+ int err;
+@@ -4724,6 +4766,7 @@ static void sysfs_slab_remove(struct kme
+ kobject_del(&s->kobj);
+ kobject_put(&s->kobj);
+ }
++#endif
+
+ /*
+ * Need to buffer aliases during bootup until sysfs becomes
+@@ -4737,6 +4780,7 @@ struct saved_alias {
+
+ static struct saved_alias *alias_list;
+
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
+ {
+ struct saved_alias *al;
+@@ -4759,6 +4803,7 @@ static int sysfs_slab_alias(struct kmem_
+ alias_list = al;
+ return 0;
+ }
++#endif
+
+ static int __init slab_sysfs_init(void)
+ {
+@@ -4894,7 +4939,13 @@ static const struct file_operations proc
static int __init slab_proc_init(void)
{
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.0.4/
@ 2011-10-08 13:57 Anthony G. Basile
0 siblings, 0 replies; 8+ messages in thread
From: Anthony G. Basile @ 2011-10-08 13:57 UTC (permalink / raw
To: gentoo-commits
commit: dcbd363977ec7e81dc743433e3e48cd24572528e
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 8 13:56:07 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Oct 8 13:56:07 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=dcbd3639
Grsec/PaX: 2.2.2-2.6.32.46-201110061013 + 2.2.2-3.0.4-201110060421
---
2.6.32/0000_README | 2 +-
..._grsecurity-2.2.2-2.6.32.46-201110061013.patch} | 2883 ++++++++++++++++--
2.6.32/4425_grsec-pax-without-grsec.patch | 2 +-
2.6.32/4435_grsec-kconfig-gentoo.patch | 21 +-
3.0.4/0000_README | 2 +-
...4420_grsecurity-2.2.2-3.0.4-201110060421.patch} | 3178 ++++++++++++++++----
3.0.4/4435_grsec-kconfig-gentoo.patch | 4 +-
7 files changed, 5234 insertions(+), 858 deletions(-)
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 4cb87d7..d9050ac 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch
+Patch: 4420_grsecurity-2.2.2-2.6.32.46-201110061013.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201110061013.patch
similarity index 96%
rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch
rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201110061013.patch
index bab9029..2e6cafe 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201110061013.patch
@@ -6727,6 +6727,83 @@ diff -urNp linux-2.6.32.46/arch/x86/boot/video-vesa.c linux-2.6.32.46/arch/x86/b
}
/*
+diff -urNp linux-2.6.32.46/arch/x86/crypto/aes-x86_64-asm_64.S linux-2.6.32.46/arch/x86/crypto/aes-x86_64-asm_64.S
+--- linux-2.6.32.46/arch/x86/crypto/aes-x86_64-asm_64.S 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/arch/x86/crypto/aes-x86_64-asm_64.S 2011-10-06 09:37:14.000000000 -0400
+@@ -8,6 +8,8 @@
+ * including this sentence is retained in full.
+ */
+
++#include <asm/alternative-asm.h>
++
+ .extern crypto_ft_tab
+ .extern crypto_it_tab
+ .extern crypto_fl_tab
+@@ -71,6 +73,8 @@ FUNC: movq r1,r2; \
+ je B192; \
+ leaq 32(r9),r9;
+
++#define ret pax_force_retaddr; ret
++
+ #define epilogue(r1,r2,r3,r4,r5,r6,r7,r8,r9) \
+ movq r1,r2; \
+ movq r3,r4; \
+diff -urNp linux-2.6.32.46/arch/x86/crypto/salsa20-x86_64-asm_64.S linux-2.6.32.46/arch/x86/crypto/salsa20-x86_64-asm_64.S
+--- linux-2.6.32.46/arch/x86/crypto/salsa20-x86_64-asm_64.S 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/arch/x86/crypto/salsa20-x86_64-asm_64.S 2011-10-06 09:37:14.000000000 -0400
+@@ -1,3 +1,5 @@
++#include <asm/alternative-asm.h>
++
+ # enter ECRYPT_encrypt_bytes
+ .text
+ .p2align 5
+@@ -790,6 +792,7 @@ ECRYPT_encrypt_bytes:
+ add %r11,%rsp
+ mov %rdi,%rax
+ mov %rsi,%rdx
++ pax_force_retaddr
+ ret
+ # bytesatleast65:
+ ._bytesatleast65:
+@@ -891,6 +894,7 @@ ECRYPT_keysetup:
+ add %r11,%rsp
+ mov %rdi,%rax
+ mov %rsi,%rdx
++ pax_force_retaddr
+ ret
+ # enter ECRYPT_ivsetup
+ .text
+@@ -917,4 +921,5 @@ ECRYPT_ivsetup:
+ add %r11,%rsp
+ mov %rdi,%rax
+ mov %rsi,%rdx
++ pax_force_retaddr
+ ret
+diff -urNp linux-2.6.32.46/arch/x86/crypto/twofish-x86_64-asm_64.S linux-2.6.32.46/arch/x86/crypto/twofish-x86_64-asm_64.S
+--- linux-2.6.32.46/arch/x86/crypto/twofish-x86_64-asm_64.S 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/arch/x86/crypto/twofish-x86_64-asm_64.S 2011-10-06 09:37:14.000000000 -0400
+@@ -21,6 +21,7 @@
+ .text
+
+ #include <asm/asm-offsets.h>
++#include <asm/alternative-asm.h>
+
+ #define a_offset 0
+ #define b_offset 4
+@@ -269,6 +270,7 @@ twofish_enc_blk:
+
+ popq R1
+ movq $1,%rax
++ pax_force_retaddr
+ ret
+
+ twofish_dec_blk:
+@@ -321,4 +323,5 @@ twofish_dec_blk:
+
+ popq R1
+ movq $1,%rax
++ pax_force_retaddr
+ ret
diff -urNp linux-2.6.32.46/arch/x86/ia32/ia32_aout.c linux-2.6.32.46/arch/x86/ia32/ia32_aout.c
--- linux-2.6.32.46/arch/x86/ia32/ia32_aout.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/arch/x86/ia32/ia32_aout.c 2011-04-17 15:56:46.000000000 -0400
@@ -6933,7 +7010,34 @@ diff -urNp linux-2.6.32.46/arch/x86/ia32/ia32entry.S linux-2.6.32.46/arch/x86/ia
cmpq $(IA32_NR_syscalls-1),%rax
diff -urNp linux-2.6.32.46/arch/x86/ia32/ia32_signal.c linux-2.6.32.46/arch/x86/ia32/ia32_signal.c
--- linux-2.6.32.46/arch/x86/ia32/ia32_signal.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/ia32/ia32_signal.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/arch/x86/ia32/ia32_signal.c 2011-10-06 09:37:08.000000000 -0400
+@@ -167,7 +167,7 @@ asmlinkage long sys32_sigaltstack(const
+ }
+ seg = get_fs();
+ set_fs(KERNEL_DS);
+- ret = do_sigaltstack(uss_ptr ? &uss : NULL, &uoss, regs->sp);
++ ret = do_sigaltstack(uss_ptr ? (const stack_t __force_user *)&uss : NULL, (stack_t __force_user *)&uoss, regs->sp);
+ set_fs(seg);
+ if (ret >= 0 && uoss_ptr) {
+ if (!access_ok(VERIFY_WRITE, uoss_ptr, sizeof(stack_ia32_t)))
+@@ -374,7 +374,7 @@ static int ia32_setup_sigcontext(struct
+ */
+ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs,
+ size_t frame_size,
+- void **fpstate)
++ void __user **fpstate)
+ {
+ unsigned long sp;
+
+@@ -395,7 +395,7 @@ static void __user *get_sigframe(struct
+
+ if (used_math()) {
+ sp = sp - sig_xstate_ia32_size;
+- *fpstate = (struct _fpstate_ia32 *) sp;
++ *fpstate = (struct _fpstate_ia32 __user *) sp;
+ if (save_i387_xstate_ia32(*fpstate) < 0)
+ return (void __user *) -1L;
+ }
@@ -403,7 +403,7 @@ static void __user *get_sigframe(struct
sp -= frame_size;
/* Align the stack pointer according to the i386 ABI,
@@ -6948,7 +7052,7 @@ diff -urNp linux-2.6.32.46/arch/x86/ia32/ia32_signal.c linux-2.6.32.46/arch/x86/
* gdb versions depend on them as a marker.
*/
- put_user_ex(*((u64 *)&code), (u64 *)frame->retcode);
-+ put_user_ex(*((const u64 *)&code), (u64 *)frame->retcode);
++ put_user_ex(*((const u64 *)&code), (u64 __user *)frame->retcode);
} put_user_catch(err);
if (err)
@@ -6979,10 +7083,88 @@ diff -urNp linux-2.6.32.46/arch/x86/ia32/ia32_signal.c linux-2.6.32.46/arch/x86/
* versions need it.
*/
- put_user_ex(*((u64 *)&code), (u64 *)frame->retcode);
-+ put_user_ex(*((const u64 *)&code), (u64 *)frame->retcode);
++ put_user_ex(*((const u64 *)&code), (u64 __user *)frame->retcode);
} put_user_catch(err);
if (err)
+diff -urNp linux-2.6.32.46/arch/x86/ia32/sys_ia32.c linux-2.6.32.46/arch/x86/ia32/sys_ia32.c
+--- linux-2.6.32.46/arch/x86/ia32/sys_ia32.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/arch/x86/ia32/sys_ia32.c 2011-10-06 09:37:14.000000000 -0400
+@@ -69,8 +69,8 @@ asmlinkage long sys32_ftruncate64(unsign
+ */
+ static int cp_stat64(struct stat64 __user *ubuf, struct kstat *stat)
+ {
+- typeof(ubuf->st_uid) uid = 0;
+- typeof(ubuf->st_gid) gid = 0;
++ typeof(((struct stat64 *)0)->st_uid) uid = 0;
++ typeof(((struct stat64 *)0)->st_gid) gid = 0;
+ SET_UID(uid, stat->uid);
+ SET_GID(gid, stat->gid);
+ if (!access_ok(VERIFY_WRITE, ubuf, sizeof(struct stat64)) ||
+@@ -308,8 +308,8 @@ asmlinkage long sys32_rt_sigprocmask(int
+ }
+ set_fs(KERNEL_DS);
+ ret = sys_rt_sigprocmask(how,
+- set ? (sigset_t __user *)&s : NULL,
+- oset ? (sigset_t __user *)&s : NULL,
++ set ? (sigset_t __force_user *)&s : NULL,
++ oset ? (sigset_t __force_user *)&s : NULL,
+ sigsetsize);
+ set_fs(old_fs);
+ if (ret)
+@@ -371,7 +371,7 @@ asmlinkage long sys32_sched_rr_get_inter
+ mm_segment_t old_fs = get_fs();
+
+ set_fs(KERNEL_DS);
+- ret = sys_sched_rr_get_interval(pid, (struct timespec __user *)&t);
++ ret = sys_sched_rr_get_interval(pid, (struct timespec __force_user *)&t);
+ set_fs(old_fs);
+ if (put_compat_timespec(&t, interval))
+ return -EFAULT;
+@@ -387,7 +387,7 @@ asmlinkage long sys32_rt_sigpending(comp
+ mm_segment_t old_fs = get_fs();
+
+ set_fs(KERNEL_DS);
+- ret = sys_rt_sigpending((sigset_t __user *)&s, sigsetsize);
++ ret = sys_rt_sigpending((sigset_t __force_user *)&s, sigsetsize);
+ set_fs(old_fs);
+ if (!ret) {
+ switch (_NSIG_WORDS) {
+@@ -412,7 +412,7 @@ asmlinkage long sys32_rt_sigqueueinfo(in
+ if (copy_siginfo_from_user32(&info, uinfo))
+ return -EFAULT;
+ set_fs(KERNEL_DS);
+- ret = sys_rt_sigqueueinfo(pid, sig, (siginfo_t __user *)&info);
++ ret = sys_rt_sigqueueinfo(pid, sig, (siginfo_t __force_user *)&info);
+ set_fs(old_fs);
+ return ret;
+ }
+@@ -513,7 +513,7 @@ asmlinkage long sys32_sendfile(int out_f
+ return -EFAULT;
+
+ set_fs(KERNEL_DS);
+- ret = sys_sendfile(out_fd, in_fd, offset ? (off_t __user *)&of : NULL,
++ ret = sys_sendfile(out_fd, in_fd, offset ? (off_t __force_user *)&of : NULL,
+ count);
+ set_fs(old_fs);
+
+diff -urNp linux-2.6.32.46/arch/x86/include/asm/alternative-asm.h linux-2.6.32.46/arch/x86/include/asm/alternative-asm.h
+--- linux-2.6.32.46/arch/x86/include/asm/alternative-asm.h 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/arch/x86/include/asm/alternative-asm.h 2011-10-06 09:37:14.000000000 -0400
+@@ -19,4 +19,13 @@
+ .endm
+ #endif
+
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ .macro pax_force_retaddr rip=0
++ btsq $63,\rip(%rsp)
++ .endm
++#else
++ .macro pax_force_retaddr rip=0
++ .endm
++#endif
++
+ #endif /* __ASSEMBLY__ */
diff -urNp linux-2.6.32.46/arch/x86/include/asm/alternative.h linux-2.6.32.46/arch/x86/include/asm/alternative.h
--- linux-2.6.32.46/arch/x86/include/asm/alternative.h 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/arch/x86/include/asm/alternative.h 2011-04-17 15:56:46.000000000 -0400
@@ -8279,6 +8461,63 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/cache.h linux-2.6.32.46/arch/x86
#ifdef CONFIG_X86_VSMP
/* vSMP Internode cacheline shift */
+diff -urNp linux-2.6.32.46/arch/x86/include/asm/calling.h linux-2.6.32.46/arch/x86/include/asm/calling.h
+--- linux-2.6.32.46/arch/x86/include/asm/calling.h 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/arch/x86/include/asm/calling.h 2011-10-06 10:08:42.000000000 -0400
+@@ -52,32 +52,32 @@ For 32-bit we have the following convent
+ * for assembly code:
+ */
+
+-#define R15 0
+-#define R14 8
+-#define R13 16
+-#define R12 24
+-#define RBP 32
+-#define RBX 40
++#define R15 (0)
++#define R14 (8)
++#define R13 (16)
++#define R12 (24)
++#define RBP (32)
++#define RBX (40)
+
+ /* arguments: interrupts/non tracing syscalls only save up to here: */
+-#define R11 48
+-#define R10 56
+-#define R9 64
+-#define R8 72
+-#define RAX 80
+-#define RCX 88
+-#define RDX 96
+-#define RSI 104
+-#define RDI 112
+-#define ORIG_RAX 120 /* + error_code */
++#define R11 (48)
++#define R10 (56)
++#define R9 (64)
++#define R8 (72)
++#define RAX (80)
++#define RCX (88)
++#define RDX (96)
++#define RSI (104)
++#define RDI (112)
++#define ORIG_RAX (120) /* + error_code */
+ /* end of arguments */
+
+ /* cpu exception frame or undefined in case of fast syscall: */
+-#define RIP 128
+-#define CS 136
+-#define EFLAGS 144
+-#define RSP 152
+-#define SS 160
++#define RIP (128)
++#define CS (136)
++#define EFLAGS (144)
++#define RSP (152)
++#define SS (160)
+
+ #define ARGOFFSET R11
+ #define SWFRAME ORIG_RAX
diff -urNp linux-2.6.32.46/arch/x86/include/asm/checksum_32.h linux-2.6.32.46/arch/x86/include/asm/checksum_32.h
--- linux-2.6.32.46/arch/x86/include/asm/checksum_32.h 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/arch/x86/include/asm/checksum_32.h 2011-04-17 15:56:46.000000000 -0400
@@ -8650,12 +8889,12 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/emergency-restart.h linux-2.6.32
#endif /* _ASM_X86_EMERGENCY_RESTART_H */
diff -urNp linux-2.6.32.46/arch/x86/include/asm/futex.h linux-2.6.32.46/arch/x86/include/asm/futex.h
--- linux-2.6.32.46/arch/x86/include/asm/futex.h 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/include/asm/futex.h 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/arch/x86/include/asm/futex.h 2011-10-06 09:37:08.000000000 -0400
@@ -12,16 +12,18 @@
#include <asm/system.h>
#define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg) \
-+ typecheck(u32 *, uaddr); \
++ typecheck(u32 __user *, uaddr); \
asm volatile("1:\t" insn "\n" \
"2:\t.section .fixup,\"ax\"\n" \
"3:\tmov\t%3, %1\n" \
@@ -8663,11 +8902,11 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/futex.h linux-2.6.32.46/arch/x86
"\t.previous\n" \
_ASM_EXTABLE(1b, 3b) \
- : "=r" (oldval), "=r" (ret), "+m" (*uaddr) \
-+ : "=r" (oldval), "=r" (ret), "+m" (*(u32 *)____m(uaddr))\
++ : "=r" (oldval), "=r" (ret), "+m" (*(u32 __user *)____m(uaddr))\
: "i" (-EFAULT), "0" (oparg), "1" (0))
#define __futex_atomic_op2(insn, ret, oldval, uaddr, oparg) \
-+ typecheck(u32 *, uaddr); \
++ typecheck(u32 __user *, uaddr); \
asm volatile("1:\tmovl %2, %0\n" \
"\tmovl\t%0, %3\n" \
"\t" insn "\n" \
@@ -8676,7 +8915,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/futex.h linux-2.6.32.46/arch/x86
_ASM_EXTABLE(2b, 4b) \
: "=&a" (oldval), "=&r" (ret), \
- "+m" (*uaddr), "=&r" (tem) \
-+ "+m" (*(u32 *)____m(uaddr)), "=&r" (tem) \
++ "+m" (*(u32 __user *)____m(uaddr)), "=&r" (tem) \
: "r" (oparg), "i" (-EFAULT), "1" (0))
-static inline int futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
@@ -9273,7 +9512,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/mmu.h linux-2.6.32.46/arch/x86/i
#ifdef CONFIG_SMP
diff -urNp linux-2.6.32.46/arch/x86/include/asm/module.h linux-2.6.32.46/arch/x86/include/asm/module.h
--- linux-2.6.32.46/arch/x86/include/asm/module.h 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/include/asm/module.h 2011-04-23 13:18:57.000000000 -0400
++++ linux-2.6.32.46/arch/x86/include/asm/module.h 2011-10-06 09:45:50.000000000 -0400
@@ -5,6 +5,7 @@
#ifdef CONFIG_X86_64
@@ -9282,7 +9521,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/module.h linux-2.6.32.46/arch/x8
#elif defined CONFIG_M386
#define MODULE_PROC_FAMILY "386 "
#elif defined CONFIG_M486
-@@ -59,13 +60,36 @@
+@@ -59,13 +60,42 @@
#error unknown processor family
#endif
@@ -9293,6 +9532,12 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/module.h linux-2.6.32.46/arch/x8
-# define MODULE_STACKSIZE ""
-# endif
-# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE
++#if defined(CONFIG_X86_32) && defined(CONFIG_4KSTACKS)
++#define MODULE_STACKSIZE "4KSTACKS "
++#else
++#define MODULE_STACKSIZE ""
+ #endif
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+#define MODULE_PAX_UDEREF "UDEREF "
+#else
@@ -9309,12 +9554,12 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/module.h linux-2.6.32.46/arch/x8
+#define MODULE_PAX_REFCOUNT "REFCOUNT "
+#else
+#define MODULE_PAX_REFCOUNT ""
- #endif
-
-+#if defined(CONFIG_X86_32) && defined(CONFIG_4KSTACKS)
-+#define MODULE_STACKSIZE "4KSTACKS "
++#endif
++
++#ifdef CONSTIFY_PLUGIN
++#define MODULE_CONSTIFY_PLUGIN "CONSTIFY_PLUGIN "
+#else
-+#define MODULE_STACKSIZE ""
++#define MODULE_CONSTIFY_PLUGIN ""
+#endif
+
+#ifdef CONFIG_GRKERNSEC
@@ -9323,7 +9568,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/module.h linux-2.6.32.46/arch/x8
+#define MODULE_GRSEC ""
+#endif
+
-+#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE MODULE_GRSEC MODULE_PAX_KERNEXEC MODULE_PAX_UDEREF MODULE_PAX_REFCOUNT
++#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE MODULE_GRSEC MODULE_PAX_KERNEXEC MODULE_PAX_UDEREF MODULE_PAX_REFCOUNT MODULE_CONSTIFY_PLUGIN
+
#endif /* _ASM_X86_MODULE_H */
diff -urNp linux-2.6.32.46/arch/x86/include/asm/page_64_types.h linux-2.6.32.46/arch/x86/include/asm/page_64_types.h
@@ -10313,8 +10558,8 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/rwsem.h linux-2.6.32.46/arch/x86
diff -urNp linux-2.6.32.46/arch/x86/include/asm/segment.h linux-2.6.32.46/arch/x86/include/asm/segment.h
--- linux-2.6.32.46/arch/x86/include/asm/segment.h 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/include/asm/segment.h 2011-04-17 15:56:46.000000000 -0400
-@@ -62,8 +62,8 @@
++++ linux-2.6.32.46/arch/x86/include/asm/segment.h 2011-10-06 09:37:08.000000000 -0400
+@@ -62,10 +62,15 @@
* 26 - ESPFIX small SS
* 27 - per-cpu [ offset to per-cpu data area ]
* 28 - stack_canary-20 [ for stack protector ]
@@ -10324,8 +10569,15 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/segment.h linux-2.6.32.46/arch/x
+ * 30 - PCI BIOS DS
* 31 - TSS for double fault handler
*/
++#define GDT_ENTRY_KERNEXEC_EFI_CS (1)
++#define GDT_ENTRY_KERNEXEC_EFI_DS (2)
++#define __KERNEXEC_EFI_CS (GDT_ENTRY_KERNEXEC_EFI_CS*8)
++#define __KERNEXEC_EFI_DS (GDT_ENTRY_KERNEXEC_EFI_DS*8)
++
#define GDT_ENTRY_TLS_MIN 6
-@@ -77,6 +77,8 @@
+ #define GDT_ENTRY_TLS_MAX (GDT_ENTRY_TLS_MIN + GDT_ENTRY_TLS_ENTRIES - 1)
+
+@@ -77,6 +82,8 @@
#define GDT_ENTRY_KERNEL_CS (GDT_ENTRY_KERNEL_BASE + 0)
@@ -10334,7 +10586,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/segment.h linux-2.6.32.46/arch/x
#define GDT_ENTRY_KERNEL_DS (GDT_ENTRY_KERNEL_BASE + 1)
#define GDT_ENTRY_TSS (GDT_ENTRY_KERNEL_BASE + 4)
-@@ -88,7 +90,7 @@
+@@ -88,7 +95,7 @@
#define GDT_ENTRY_ESPFIX_SS (GDT_ENTRY_KERNEL_BASE + 14)
#define __ESPFIX_SS (GDT_ENTRY_ESPFIX_SS * 8)
@@ -10343,7 +10595,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/segment.h linux-2.6.32.46/arch/x
#ifdef CONFIG_SMP
#define __KERNEL_PERCPU (GDT_ENTRY_PERCPU * 8)
#else
-@@ -102,6 +104,12 @@
+@@ -102,6 +109,12 @@
#define __KERNEL_STACK_CANARY 0
#endif
@@ -10356,7 +10608,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/segment.h linux-2.6.32.46/arch/x
#define GDT_ENTRY_DOUBLEFAULT_TSS 31
/*
-@@ -139,7 +147,7 @@
+@@ -139,7 +152,7 @@
*/
/* Matches PNP_CS32 and PNP_CS16 (they must be consecutive) */
@@ -10365,7 +10617,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/segment.h linux-2.6.32.46/arch/x
#else
-@@ -163,6 +171,8 @@
+@@ -163,6 +176,8 @@
#define __USER32_CS (GDT_ENTRY_DEFAULT_USER32_CS * 8 + 3)
#define __USER32_DS __USER_DS
@@ -10374,7 +10626,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/segment.h linux-2.6.32.46/arch/x
#define GDT_ENTRY_TSS 8 /* needs two entries */
#define GDT_ENTRY_LDT 10 /* needs two entries */
#define GDT_ENTRY_TLS_MIN 12
-@@ -183,6 +193,7 @@
+@@ -183,6 +198,7 @@
#endif
#define __KERNEL_CS (GDT_ENTRY_KERNEL_CS * 8)
@@ -10858,7 +11110,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_32.h linux-2.6.32.46/arc
long __must_check __strncpy_from_user(char *dst,
diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h
--- linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h 2011-05-16 21:46:57.000000000 -0400
++++ linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h 2011-10-06 09:37:08.000000000 -0400
@@ -9,6 +9,9 @@
#include <linux/prefetch.h>
#include <linux/lockdep.h>
@@ -10906,7 +11158,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arc
+ src += PAX_USER_SHADOW_BASE;
+#endif
+
-+ return copy_user_generic(dst, (__force const void *)src, size);
++ return copy_user_generic(dst, (__force_kernel const void *)src, size);
+ }
switch (size) {
- case 1:__get_user_asm(*(u8 *)dst, (u8 __user *)src,
@@ -10955,7 +11207,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arc
+ src += PAX_USER_SHADOW_BASE;
+#endif
+
-+ return copy_user_generic(dst, (__force const void *)src, size);
++ return copy_user_generic(dst, (__force_kernel const void *)src, size);
}
}
@@ -10968,6 +11220,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arc
might_fault();
- if (!__builtin_constant_p(size))
+- return copy_user_generic((__force void *)dst, src, size);
+
+ pax_track_stack();
+
@@ -10987,7 +11240,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arc
+ dst += PAX_USER_SHADOW_BASE;
+#endif
+
- return copy_user_generic((__force void *)dst, src, size);
++ return copy_user_generic((__force_kernel void *)dst, src, size);
+ }
switch (size) {
- case 1:__put_user_asm(*(u8 *)src, (u8 __user *)dst,
@@ -11029,18 +11282,18 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arc
ret, "q", "", "er", 8);
return ret;
default:
+- return copy_user_generic((__force void *)dst, src, size);
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ if ((unsigned long)dst < PAX_USER_SHADOW_BASE)
+ dst += PAX_USER_SHADOW_BASE;
+#endif
+
- return copy_user_generic((__force void *)dst, src, size);
- }
- }
-
- static __always_inline __must_check
--int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
++ return copy_user_generic((__force_kernel void *)dst, src, size);
++ }
++}
++
++static __always_inline __must_check
+unsigned long copy_to_user(void __user *to, const void *from, unsigned len)
+{
+ if (access_ok(VERIFY_WRITE, to, len))
@@ -11060,11 +11313,12 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arc
+ if (!__builtin_constant_p(len))
+ check_object_size(to, len, false);
+ memset(to, 0, len);
-+ }
+ }
+ return len;
-+}
-+
-+static __always_inline __must_check
+ }
+
+ static __always_inline __must_check
+-int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned size)
{
- int ret = 0;
@@ -11072,6 +11326,8 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arc
might_fault();
- if (!__builtin_constant_p(size))
+- return copy_user_generic((__force void *)dst,
+- (__force void *)src, size);
+
+ pax_track_stack();
+
@@ -11094,9 +11350,8 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arc
+ dst += PAX_USER_SHADOW_BASE;
+#endif
+
- return copy_user_generic((__force void *)dst,
-- (__force void *)src, size);
-+ (__force const void *)src, size);
++ return copy_user_generic((__force_kernel void *)dst,
++ (__force_kernel const void *)src, size);
+ }
switch (size) {
case 1: {
@@ -11137,6 +11392,8 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arc
return ret;
}
default:
+- return copy_user_generic((__force void *)dst,
+- (__force void *)src, size);
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ if ((unsigned long)src < PAX_USER_SHADOW_BASE)
@@ -11145,9 +11402,8 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arc
+ dst += PAX_USER_SHADOW_BASE;
+#endif
+
- return copy_user_generic((__force void *)dst,
-- (__force void *)src, size);
-+ (__force const void *)src, size);
++ return copy_user_generic((__force_kernel void *)dst,
++ (__force_kernel const void *)src, size);
}
}
@@ -11164,8 +11420,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arc
+
+ if ((int)size < 0)
+ return size;
-
--static __must_check __always_inline int
++
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ if (!__access_ok(VERIFY_READ, src, size))
+ return size;
@@ -11173,13 +11428,15 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arc
+ if ((unsigned long)src < PAX_USER_SHADOW_BASE)
+ src += PAX_USER_SHADOW_BASE;
+#endif
-+
-+ return copy_user_generic(dst, (__force const void *)src, size);
+
+-static __must_check __always_inline int
++ return copy_user_generic(dst, (__force_kernel const void *)src, size);
+}
+
+static __must_check __always_inline unsigned long
__copy_to_user_inatomic(void __user *dst, const void *src, unsigned size)
{
+- return copy_user_generic((__force void *)dst, src, size);
+ if ((int)size < 0)
+ return size;
+
@@ -11191,7 +11448,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arc
+ dst += PAX_USER_SHADOW_BASE;
+#endif
+
- return copy_user_generic((__force void *)dst, src, size);
++ return copy_user_generic((__force_kernel void *)dst, src, size);
}
-extern long __copy_user_nocache(void *dst, const void __user *src,
@@ -11232,13 +11489,14 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess_64.h linux-2.6.32.46/arc
}
-unsigned long
+-copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest);
+extern unsigned long
- copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest);
++copy_user_handle_tail(char __user *to, char __user *from, unsigned len, unsigned zerorest);
#endif /* _ASM_X86_UACCESS_64_H */
diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess.h linux-2.6.32.46/arch/x86/include/asm/uaccess.h
--- linux-2.6.32.46/arch/x86/include/asm/uaccess.h 2011-06-25 12:55:34.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/include/asm/uaccess.h 2011-06-25 12:56:37.000000000 -0400
++++ linux-2.6.32.46/arch/x86/include/asm/uaccess.h 2011-10-06 09:37:08.000000000 -0400
@@ -8,12 +8,15 @@
#include <linux/thread_info.h>
#include <linux/prefetch.h>
@@ -11338,6 +11596,15 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess.h linux-2.6.32.46/arch/x
"3:\n" \
_ASM_EXTABLE(1b, 2b - 1b) \
_ASM_EXTABLE(2b, 3b - 2b) \
+@@ -253,7 +295,7 @@ extern void __put_user_8(void);
+ __typeof__(*(ptr)) __pu_val; \
+ __chk_user_ptr(ptr); \
+ might_fault(); \
+- __pu_val = x; \
++ __pu_val = (x); \
+ switch (sizeof(*(ptr))) { \
+ case 1: \
+ __put_user_x(1, __pu_val, ptr, __ret_pu); \
@@ -374,7 +416,7 @@ do { \
} while (0)
@@ -11457,6 +11724,18 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/uaccess.h linux-2.6.32.46/arch/x
#ifdef CONFIG_X86_32
# include "uaccess_32.h"
#else
+diff -urNp linux-2.6.32.46/arch/x86/include/asm/vdso.h linux-2.6.32.46/arch/x86/include/asm/vdso.h
+--- linux-2.6.32.46/arch/x86/include/asm/vdso.h 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/arch/x86/include/asm/vdso.h 2011-10-06 09:37:14.000000000 -0400
+@@ -25,7 +25,7 @@ extern const char VDSO32_PRELINK[];
+ #define VDSO32_SYMBOL(base, name) \
+ ({ \
+ extern const char VDSO32_##name[]; \
+- (void *)(VDSO32_##name - VDSO32_PRELINK + (unsigned long)(base)); \
++ (void __user *)(VDSO32_##name - VDSO32_PRELINK + (unsigned long)(base)); \
+ })
+ #endif
+
diff -urNp linux-2.6.32.46/arch/x86/include/asm/vgtod.h linux-2.6.32.46/arch/x86/include/asm/vgtod.h
--- linux-2.6.32.46/arch/x86/include/asm/vgtod.h 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/arch/x86/include/asm/vgtod.h 2011-04-17 15:56:46.000000000 -0400
@@ -11610,7 +11889,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/x86_init.h linux-2.6.32.46/arch/
extern struct x86_cpuinit_ops x86_cpuinit;
diff -urNp linux-2.6.32.46/arch/x86/include/asm/xsave.h linux-2.6.32.46/arch/x86/include/asm/xsave.h
--- linux-2.6.32.46/arch/x86/include/asm/xsave.h 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/include/asm/xsave.h 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/arch/x86/include/asm/xsave.h 2011-10-06 09:37:08.000000000 -0400
@@ -56,6 +56,12 @@ static inline int xrstor_checking(struct
static inline int xsave_user(struct xsave_struct __user *buf)
{
@@ -11624,7 +11903,12 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/xsave.h linux-2.6.32.46/arch/x86
__asm__ __volatile__("1: .byte " REX_PREFIX "0x0f,0xae,0x27\n"
"2:\n"
".section .fixup,\"ax\"\n"
-@@ -82,6 +88,11 @@ static inline int xrestore_user(struct x
+@@ -78,10 +84,15 @@ static inline int xsave_user(struct xsav
+ static inline int xrestore_user(struct xsave_struct __user *buf, u64 mask)
+ {
+ int err;
+- struct xsave_struct *xstate = ((__force struct xsave_struct *)buf);
++ struct xsave_struct *xstate = ((__force_kernel struct xsave_struct *)buf);
u32 lmask = mask;
u32 hmask = mask >> 32;
@@ -13067,8 +13351,8 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/early_printk.c linux-2.6.32.46/arch/x
early_console->write(early_console, buf, n);
diff -urNp linux-2.6.32.46/arch/x86/kernel/efi_32.c linux-2.6.32.46/arch/x86/kernel/efi_32.c
--- linux-2.6.32.46/arch/x86/kernel/efi_32.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/kernel/efi_32.c 2011-04-17 15:56:46.000000000 -0400
-@@ -38,70 +38,38 @@
++++ linux-2.6.32.46/arch/x86/kernel/efi_32.c 2011-10-06 09:37:08.000000000 -0400
+@@ -38,70 +38,56 @@
*/
static unsigned long efi_rt_eflags;
@@ -13082,7 +13366,10 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/efi_32.c linux-2.6.32.46/arch/x86/ker
- unsigned long temp;
struct desc_ptr gdt_descr;
- local_irq_save(efi_rt_eflags);
+- local_irq_save(efi_rt_eflags);
++#ifdef CONFIG_PAX_KERNEXEC
++ struct desc_struct d;
++#endif
- /*
- * If I don't have PAE, I should just duplicate two entries in page
@@ -13090,6 +13377,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/efi_32.c linux-2.6.32.46/arch/x86/ker
- * page directory.
- */
- cr4 = read_cr4_safe();
++ local_irq_save(efi_rt_eflags);
- if (cr4 & X86_CR4_PAE) {
- efi_bak_pg_dir_pointer[0].pgd =
@@ -13116,8 +13404,14 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/efi_32.c linux-2.6.32.46/arch/x86/ker
*/
__flush_tlb_all();
-- gdt_descr.address = __pa(get_cpu_gdt_table(0));
-+ gdt_descr.address = (struct desc_struct *)__pa(get_cpu_gdt_table(0));
++#ifdef CONFIG_PAX_KERNEXEC
++ pack_descriptor(&d, 0, 0xFFFFF, 0x9B, 0xC);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_KERNEXEC_EFI_CS, &d, DESCTYPE_S);
++ pack_descriptor(&d, 0, 0xFFFFF, 0x93, 0xC);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_KERNEXEC_EFI_DS, &d, DESCTYPE_S);
++#endif
++
+ gdt_descr.address = __pa(get_cpu_gdt_table(0));
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
}
@@ -13128,8 +13422,15 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/efi_32.c linux-2.6.32.46/arch/x86/ker
- unsigned long cr4;
struct desc_ptr gdt_descr;
-- gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
-+ gdt_descr.address = get_cpu_gdt_table(0);
++#ifdef CONFIG_PAX_KERNEXEC
++ struct desc_struct d;
++
++ memset(&d, 0, sizeof d);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_KERNEXEC_EFI_CS, &d, DESCTYPE_S);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_KERNEXEC_EFI_DS, &d, DESCTYPE_S);
++#endif
++
+ gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
@@ -13150,16 +13451,18 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/efi_32.c linux-2.6.32.46/arch/x86/ker
* After the lock is released, the original page table is restored.
diff -urNp linux-2.6.32.46/arch/x86/kernel/efi_stub_32.S linux-2.6.32.46/arch/x86/kernel/efi_stub_32.S
--- linux-2.6.32.46/arch/x86/kernel/efi_stub_32.S 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/kernel/efi_stub_32.S 2011-04-17 15:56:46.000000000 -0400
-@@ -6,6 +6,7 @@
++++ linux-2.6.32.46/arch/x86/kernel/efi_stub_32.S 2011-10-06 09:37:08.000000000 -0400
+@@ -6,7 +6,9 @@
*/
#include <linux/linkage.h>
+#include <linux/init.h>
#include <asm/page_types.h>
++#include <asm/segment.h>
/*
-@@ -20,7 +21,7 @@
+ * efi_call_phys(void *, ...) is a function with variable parameters.
+@@ -20,7 +22,7 @@
* service functions will comply with gcc calling convention, too.
*/
@@ -13168,18 +13471,22 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/efi_stub_32.S linux-2.6.32.46/arch/x8
ENTRY(efi_call_phys)
/*
* 0. The function can only be called in Linux kernel. So CS has been
-@@ -36,9 +37,7 @@ ENTRY(efi_call_phys)
+@@ -36,9 +38,11 @@ ENTRY(efi_call_phys)
* The mapping of lower virtual memory has been created in prelog and
* epilog.
*/
- movl $1f, %edx
- subl $__PAGE_OFFSET, %edx
- jmp *%edx
-+ jmp 1f-__PAGE_OFFSET
++ movl $(__KERNEXEC_EFI_DS), %edx
++ mov %edx, %ds
++ mov %edx, %es
++ mov %edx, %ss
++ ljmp $(__KERNEXEC_EFI_CS),$1f-__PAGE_OFFSET
1:
/*
-@@ -47,14 +46,8 @@ ENTRY(efi_call_phys)
+@@ -47,14 +51,8 @@ ENTRY(efi_call_phys)
* parameter 2, ..., param n. To make things easy, we save the return
* address of efi_call_phys in a global variable.
*/
@@ -13196,7 +13503,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/efi_stub_32.S linux-2.6.32.46/arch/x8
/*
* 3. Clear PG bit in %CR0.
-@@ -73,9 +66,8 @@ ENTRY(efi_call_phys)
+@@ -73,9 +71,8 @@ ENTRY(efi_call_phys)
/*
* 5. Call the physical function.
*/
@@ -13207,7 +13514,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/efi_stub_32.S linux-2.6.32.46/arch/x8
/*
* 6. After EFI runtime service returns, control will return to
* following instruction. We'd better readjust stack pointer first.
-@@ -88,35 +80,28 @@ ENTRY(efi_call_phys)
+@@ -88,35 +85,32 @@ ENTRY(efi_call_phys)
movl %cr0, %edx
orl $0x80000000, %edx
movl %edx, %cr0
@@ -13220,8 +13527,12 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/efi_stub_32.S linux-2.6.32.46/arch/x8
*/
- movl $1f, %edx
- jmp *%edx
-+ jmp 1f+__PAGE_OFFSET
++ ljmp $(__KERNEL_CS),$1f+__PAGE_OFFSET
1:
++ movl $(__KERNEL_DS), %edx
++ mov %edx, %ds
++ mov %edx, %es
++ mov %edx, %ss
/*
* 9. Balance the stack. And because EAX contain the return value,
@@ -13249,6 +13560,72 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/efi_stub_32.S linux-2.6.32.46/arch/x8
saved_return_addr:
.long 0
efi_rt_function_ptr:
+diff -urNp linux-2.6.32.46/arch/x86/kernel/efi_stub_64.S linux-2.6.32.46/arch/x86/kernel/efi_stub_64.S
+--- linux-2.6.32.46/arch/x86/kernel/efi_stub_64.S 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/arch/x86/kernel/efi_stub_64.S 2011-10-06 09:37:14.000000000 -0400
+@@ -7,6 +7,7 @@
+ */
+
+ #include <linux/linkage.h>
++#include <asm/alternative-asm.h>
+
+ #define SAVE_XMM \
+ mov %rsp, %rax; \
+@@ -40,6 +41,7 @@ ENTRY(efi_call0)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++ pax_force_retaddr
+ ret
+ ENDPROC(efi_call0)
+
+@@ -50,6 +52,7 @@ ENTRY(efi_call1)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++ pax_force_retaddr
+ ret
+ ENDPROC(efi_call1)
+
+@@ -60,6 +63,7 @@ ENTRY(efi_call2)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++ pax_force_retaddr
+ ret
+ ENDPROC(efi_call2)
+
+@@ -71,6 +75,7 @@ ENTRY(efi_call3)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++ pax_force_retaddr
+ ret
+ ENDPROC(efi_call3)
+
+@@ -83,6 +88,7 @@ ENTRY(efi_call4)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++ pax_force_retaddr
+ ret
+ ENDPROC(efi_call4)
+
+@@ -96,6 +102,7 @@ ENTRY(efi_call5)
+ call *%rdi
+ addq $48, %rsp
+ RESTORE_XMM
++ pax_force_retaddr
+ ret
+ ENDPROC(efi_call5)
+
+@@ -112,5 +119,6 @@ ENTRY(efi_call6)
+ call *%rdi
+ addq $48, %rsp
+ RESTORE_XMM
++ pax_force_retaddr
+ ret
+ ENDPROC(efi_call6)
diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_32.S linux-2.6.32.46/arch/x86/kernel/entry_32.S
--- linux-2.6.32.46/arch/x86/kernel/entry_32.S 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/arch/x86/kernel/entry_32.S 2011-08-30 18:19:52.000000000 -0400
@@ -13742,16 +14119,17 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_32.S linux-2.6.32.46/arch/x86/k
CFI_ADJUST_CFA_OFFSET -24
diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/kernel/entry_64.S
--- linux-2.6.32.46/arch/x86/kernel/entry_64.S 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/kernel/entry_64.S 2011-08-26 20:19:09.000000000 -0400
-@@ -53,6 +53,7 @@
++++ linux-2.6.32.46/arch/x86/kernel/entry_64.S 2011-10-06 10:06:40.000000000 -0400
+@@ -53,6 +53,8 @@
#include <asm/paravirt.h>
#include <asm/ftrace.h>
#include <asm/percpu.h>
+#include <asm/pgtable.h>
++#include <asm/alternative-asm.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -174,6 +175,264 @@ ENTRY(native_usergs_sysret64)
+@@ -174,6 +176,264 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -14016,7 +14394,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -317,7 +576,7 @@ ENTRY(save_args)
+@@ -317,7 +577,7 @@ ENTRY(save_args)
leaq -ARGOFFSET+16(%rsp),%rdi /* arg1 for handler */
movq_cfi rbp, 8 /* push %rbp */
leaq 8(%rsp), %rbp /* mov %rsp, %ebp */
@@ -14025,7 +14403,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
je 1f
SWAPGS
/*
-@@ -409,7 +668,7 @@ ENTRY(ret_from_fork)
+@@ -409,7 +669,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -14034,7 +14412,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
je int_ret_from_sys_call
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -455,7 +714,7 @@ END(ret_from_fork)
+@@ -455,7 +715,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -14043,7 +14421,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -468,12 +727,13 @@ ENTRY(system_call_after_swapgs)
+@@ -468,12 +728,13 @@ ENTRY(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -14058,7 +14436,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
CFI_REL_OFFSET rip,RIP-ARGOFFSET
-@@ -502,6 +762,8 @@ sysret_check:
+@@ -502,6 +763,8 @@ sysret_check:
andl %edi,%edx
jnz sysret_careful
CFI_REMEMBER_STATE
@@ -14067,7 +14445,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
/*
* sysretq will re-enable interrupts:
*/
-@@ -562,6 +824,9 @@ auditsys:
+@@ -562,6 +825,9 @@ auditsys:
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
call audit_syscall_entry
@@ -14077,7 +14455,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
LOAD_ARGS 0 /* reload call-clobbered registers */
jmp system_call_fastpath
-@@ -592,6 +857,9 @@ tracesys:
+@@ -592,6 +858,9 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -14087,7 +14465,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
/*
* Reload arg registers from stack in case ptrace changed them.
* We don't reload %rax because syscall_trace_enter() returned
-@@ -613,7 +881,7 @@ tracesys:
+@@ -613,7 +882,7 @@ tracesys:
GLOBAL(int_ret_from_sys_call)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -14096,7 +14474,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
je retint_restore_args
movl $_TIF_ALLWORK_MASK,%edi
/* edi: mask to check */
-@@ -800,6 +1068,16 @@ END(interrupt)
+@@ -800,6 +1069,16 @@ END(interrupt)
CFI_ADJUST_CFA_OFFSET 10*8
call save_args
PARTIAL_FRAME 0
@@ -14113,7 +14491,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
call \func
.endm
-@@ -822,7 +1100,7 @@ ret_from_intr:
+@@ -822,7 +1101,7 @@ ret_from_intr:
CFI_ADJUST_CFA_OFFSET -8
exit_intr:
GET_THREAD_INFO(%rcx)
@@ -14122,7 +14500,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
je retint_kernel
/* Interrupt came from user space */
-@@ -844,12 +1122,15 @@ retint_swapgs: /* return to user-space
+@@ -844,12 +1123,16 @@ retint_swapgs: /* return to user-space
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -14135,10 +14513,11 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
retint_restore_args: /* return to kernel space */
DISABLE_INTERRUPTS(CLBR_ANY)
+ pax_exit_kernel
++ pax_force_retaddr RIP-ARGOFFSET
/*
* The iretq could re-enable interrupts:
*/
-@@ -1032,6 +1313,16 @@ ENTRY(\sym)
+@@ -1032,6 +1315,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET 15*8
call error_entry
DEFAULT_FRAME 0
@@ -14155,7 +14534,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
call \do_sym
-@@ -1049,6 +1340,16 @@ ENTRY(\sym)
+@@ -1049,6 +1342,16 @@ ENTRY(\sym)
subq $15*8, %rsp
call save_paranoid
TRACE_IRQS_OFF
@@ -14172,7 +14551,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
call \do_sym
-@@ -1066,9 +1367,24 @@ ENTRY(\sym)
+@@ -1066,9 +1369,24 @@ ENTRY(\sym)
subq $15*8, %rsp
call save_paranoid
TRACE_IRQS_OFF
@@ -14198,7 +14577,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
call \do_sym
addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
-@@ -1085,6 +1401,16 @@ ENTRY(\sym)
+@@ -1085,6 +1403,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET 15*8
call error_entry
DEFAULT_FRAME 0
@@ -14215,7 +14594,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
movq %rsp,%rdi /* pt_regs pointer */
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
-@@ -1104,6 +1430,16 @@ ENTRY(\sym)
+@@ -1104,6 +1432,16 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -14232,7 +14611,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
movq %rsp,%rdi /* pt_regs pointer */
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
-@@ -1405,14 +1741,27 @@ ENTRY(paranoid_exit)
+@@ -1405,16 +1743,31 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
@@ -14244,6 +14623,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
+ TRACE_IRQS_IRETQ 0
+ SWAPGS_UNSAFE_STACK
+ RESTORE_ALL 8
++ pax_force_retaddr
+ jmp irq_return
+#endif
paranoid_swapgs:
@@ -14260,8 +14640,11 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
+ pax_exit_kernel
TRACE_IRQS_IRETQ 0
RESTORE_ALL 8
++ pax_force_retaddr
jmp irq_return
-@@ -1470,7 +1819,7 @@ ENTRY(error_entry)
+ paranoid_userspace:
+ GET_THREAD_INFO(%rcx)
+@@ -1470,7 +1823,7 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -14270,7 +14653,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
je error_kernelspace
error_swapgs:
SWAPGS
-@@ -1529,6 +1878,16 @@ ENTRY(nmi)
+@@ -1529,6 +1882,16 @@ ENTRY(nmi)
CFI_ADJUST_CFA_OFFSET 15*8
call save_paranoid
DEFAULT_FRAME 0
@@ -14287,7 +14670,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1539,11 +1898,25 @@ ENTRY(nmi)
+@@ -1539,12 +1902,28 @@ ENTRY(nmi)
DISABLE_INTERRUPTS(CLBR_NONE)
testl %ebx,%ebx /* swapgs needed? */
jnz nmi_restore
@@ -14298,6 +14681,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
+ pax_exit_kernel
+ SWAPGS_UNSAFE_STACK
+ RESTORE_ALL 8
++ pax_force_retaddr
+ jmp irq_return
+#endif
nmi_swapgs:
@@ -14312,8 +14696,10 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
nmi_restore:
+ pax_exit_kernel
RESTORE_ALL 8
++ pax_force_retaddr
jmp irq_return
nmi_userspace:
+ GET_THREAD_INFO(%rcx)
diff -urNp linux-2.6.32.46/arch/x86/kernel/ftrace.c linux-2.6.32.46/arch/x86/kernel/ftrace.c
--- linux-2.6.32.46/arch/x86/kernel/ftrace.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/arch/x86/kernel/ftrace.c 2011-05-04 17:56:20.000000000 -0400
@@ -15786,20 +16172,20 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/microcode_core.c linux-2.6.32.46/arch
* Synchronization.
diff -urNp linux-2.6.32.46/arch/x86/kernel/microcode_intel.c linux-2.6.32.46/arch/x86/kernel/microcode_intel.c
--- linux-2.6.32.46/arch/x86/kernel/microcode_intel.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/kernel/microcode_intel.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/arch/x86/kernel/microcode_intel.c 2011-10-06 09:37:08.000000000 -0400
@@ -443,13 +443,13 @@ static enum ucode_state request_microcod
static int get_ucode_user(void *to, const void *from, size_t n)
{
- return copy_from_user(to, from, n);
-+ return copy_from_user(to, (__force const void __user *)from, n);
++ return copy_from_user(to, (const void __force_user *)from, n);
}
static enum ucode_state
request_microcode_user(int cpu, const void __user *buf, size_t size)
{
- return generic_load_microcode(cpu, (void *)buf, size, &get_ucode_user);
-+ return generic_load_microcode(cpu, (__force void *)buf, size, &get_ucode_user);
++ return generic_load_microcode(cpu, (__force_kernel void *)buf, size, &get_ucode_user);
}
static void microcode_fini_cpu(int cpu)
@@ -18588,7 +18974,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/x8664_ksyms_64.c linux-2.6.32.46/arch
EXPORT_SYMBOL(copy_page);
diff -urNp linux-2.6.32.46/arch/x86/kernel/xsave.c linux-2.6.32.46/arch/x86/kernel/xsave.c
--- linux-2.6.32.46/arch/x86/kernel/xsave.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/kernel/xsave.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/arch/x86/kernel/xsave.c 2011-10-06 09:37:08.000000000 -0400
@@ -54,7 +54,7 @@ int check_for_xstate(struct i387_fxsave_
fx_sw_user->xstate_size > fx_sw_user->extended_size)
return -1;
@@ -18603,7 +18989,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/xsave.c linux-2.6.32.46/arch/x86/kern
*/
xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE);
- return fxrstor_checking((__force struct i387_fxsave_struct *)buf);
-+ return fxrstor_checking((struct i387_fxsave_struct __user *)buf);
++ return fxrstor_checking((struct i387_fxsave_struct __force_kernel *)buf);
}
/*
@@ -19383,8 +19769,31 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/checksum_32.S linux-2.6.32.46/arch/x86/l
#undef ROUND1
diff -urNp linux-2.6.32.46/arch/x86/lib/clear_page_64.S linux-2.6.32.46/arch/x86/lib/clear_page_64.S
--- linux-2.6.32.46/arch/x86/lib/clear_page_64.S 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/lib/clear_page_64.S 2011-04-17 15:56:46.000000000 -0400
-@@ -43,7 +43,7 @@ ENDPROC(clear_page)
++++ linux-2.6.32.46/arch/x86/lib/clear_page_64.S 2011-10-06 09:37:08.000000000 -0400
+@@ -1,5 +1,6 @@
+ #include <linux/linkage.h>
+ #include <asm/dwarf2.h>
++#include <asm/alternative-asm.h>
+
+ /*
+ * Zero a page.
+@@ -10,6 +11,7 @@ ENTRY(clear_page_c)
+ movl $4096/8,%ecx
+ xorl %eax,%eax
+ rep stosq
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ ENDPROC(clear_page_c)
+@@ -33,6 +35,7 @@ ENTRY(clear_page)
+ leaq 64(%rdi),%rdi
+ jnz .Lloop
+ nop
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ .Lclear_page_end:
+@@ -43,7 +46,7 @@ ENDPROC(clear_page)
#include <asm/cpufeature.h>
@@ -19395,8 +19804,31 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/clear_page_64.S linux-2.6.32.46/arch/x86
2:
diff -urNp linux-2.6.32.46/arch/x86/lib/copy_page_64.S linux-2.6.32.46/arch/x86/lib/copy_page_64.S
--- linux-2.6.32.46/arch/x86/lib/copy_page_64.S 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/lib/copy_page_64.S 2011-04-17 15:56:46.000000000 -0400
-@@ -104,7 +104,7 @@ ENDPROC(copy_page)
++++ linux-2.6.32.46/arch/x86/lib/copy_page_64.S 2011-10-06 09:37:08.000000000 -0400
+@@ -2,12 +2,14 @@
+
+ #include <linux/linkage.h>
+ #include <asm/dwarf2.h>
++#include <asm/alternative-asm.h>
+
+ ALIGN
+ copy_page_c:
+ CFI_STARTPROC
+ movl $4096/8,%ecx
+ rep movsq
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ ENDPROC(copy_page_c)
+@@ -94,6 +96,7 @@ ENTRY(copy_page)
+ CFI_RESTORE r13
+ addq $3*8,%rsp
+ CFI_ADJUST_CFA_OFFSET -3*8
++ pax_force_retaddr
+ ret
+ .Lcopy_page_end:
+ CFI_ENDPROC
+@@ -104,7 +107,7 @@ ENDPROC(copy_page)
#include <asm/cpufeature.h>
@@ -19407,12 +19839,13 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/copy_page_64.S linux-2.6.32.46/arch/x86/
2:
diff -urNp linux-2.6.32.46/arch/x86/lib/copy_user_64.S linux-2.6.32.46/arch/x86/lib/copy_user_64.S
--- linux-2.6.32.46/arch/x86/lib/copy_user_64.S 2011-06-25 12:55:34.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/lib/copy_user_64.S 2011-06-25 12:56:37.000000000 -0400
-@@ -15,13 +15,14 @@
++++ linux-2.6.32.46/arch/x86/lib/copy_user_64.S 2011-10-06 10:12:52.000000000 -0400
+@@ -15,13 +15,15 @@
#include <asm/asm-offsets.h>
#include <asm/thread_info.h>
#include <asm/cpufeature.h>
+#include <asm/pgtable.h>
++#include <asm/alternative-asm.h>
.macro ALTERNATIVE_JUMP feature,orig,alt
0:
@@ -19424,7 +19857,7 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/copy_user_64.S linux-2.6.32.46/arch/x86/
2: .byte 0xe9 /* near jump with 32bit immediate */
.long \alt-1b /* offset */ /* or alternatively to alt */
.previous
-@@ -64,49 +65,19 @@
+@@ -64,55 +66,26 @@
#endif
.endm
@@ -19476,10 +19909,40 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/copy_user_64.S linux-2.6.32.46/arch/x86/
movl %edx,%ecx
xorl %eax,%eax
rep
+ stosb
+ bad_to_user:
+ movl %edx,%eax
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ ENDPROC(bad_from_user)
+@@ -180,6 +153,7 @@ ENTRY(copy_user_generic_unrolled)
+ decl %ecx
+ jnz 21b
+ 23: xor %eax,%eax
++ pax_force_retaddr
+ ret
+
+ .section .fixup,"ax"
+@@ -252,6 +226,7 @@ ENTRY(copy_user_generic_string)
+ 3: rep
+ movsb
+ 4: xorl %eax,%eax
++ pax_force_retaddr
+ ret
+
+ .section .fixup,"ax"
diff -urNp linux-2.6.32.46/arch/x86/lib/copy_user_nocache_64.S linux-2.6.32.46/arch/x86/lib/copy_user_nocache_64.S
--- linux-2.6.32.46/arch/x86/lib/copy_user_nocache_64.S 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/lib/copy_user_nocache_64.S 2011-04-17 15:56:46.000000000 -0400
-@@ -14,6 +14,7 @@
++++ linux-2.6.32.46/arch/x86/lib/copy_user_nocache_64.S 2011-10-06 09:37:08.000000000 -0400
+@@ -8,12 +8,14 @@
+
+ #include <linux/linkage.h>
+ #include <asm/dwarf2.h>
++#include <asm/alternative-asm.h>
+
+ #define FIX_ALIGNMENT 1
+
#include <asm/current.h>
#include <asm/asm-offsets.h>
#include <asm/thread_info.h>
@@ -19487,7 +19950,7 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/copy_user_nocache_64.S linux-2.6.32.46/a
.macro ALIGN_DESTINATION
#ifdef FIX_ALIGNMENT
-@@ -50,6 +51,15 @@
+@@ -50,6 +52,15 @@
*/
ENTRY(__copy_user_nocache)
CFI_STARTPROC
@@ -19503,35 +19966,66 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/copy_user_nocache_64.S linux-2.6.32.46/a
cmpl $8,%edx
jb 20f /* less then 8 bytes, go to byte copy loop */
ALIGN_DESTINATION
+@@ -98,6 +109,7 @@ ENTRY(__copy_user_nocache)
+ jnz 21b
+ 23: xorl %eax,%eax
+ sfence
++ pax_force_retaddr
+ ret
+
+ .section .fixup,"ax"
+diff -urNp linux-2.6.32.46/arch/x86/lib/csum-copy_64.S linux-2.6.32.46/arch/x86/lib/csum-copy_64.S
+--- linux-2.6.32.46/arch/x86/lib/csum-copy_64.S 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/arch/x86/lib/csum-copy_64.S 2011-10-06 09:37:14.000000000 -0400
+@@ -8,6 +8,7 @@
+ #include <linux/linkage.h>
+ #include <asm/dwarf2.h>
+ #include <asm/errno.h>
++#include <asm/alternative-asm.h>
+
+ /*
+ * Checksum copy with exception handling.
+@@ -228,6 +229,7 @@ ENTRY(csum_partial_copy_generic)
+ CFI_RESTORE rbp
+ addq $7*8,%rsp
+ CFI_ADJUST_CFA_OFFSET -7*8
++ pax_force_retaddr
+ ret
+ CFI_RESTORE_STATE
+
diff -urNp linux-2.6.32.46/arch/x86/lib/csum-wrappers_64.c linux-2.6.32.46/arch/x86/lib/csum-wrappers_64.c
--- linux-2.6.32.46/arch/x86/lib/csum-wrappers_64.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/lib/csum-wrappers_64.c 2011-05-04 17:56:20.000000000 -0400
-@@ -52,6 +52,12 @@ csum_partial_copy_from_user(const void _
++++ linux-2.6.32.46/arch/x86/lib/csum-wrappers_64.c 2011-10-06 09:37:08.000000000 -0400
+@@ -52,7 +52,13 @@ csum_partial_copy_from_user(const void _
len -= 2;
}
}
+- isum = csum_partial_copy_generic((__force const void *)src,
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ if ((unsigned long)src < PAX_USER_SHADOW_BASE)
+ src += PAX_USER_SHADOW_BASE;
+#endif
+
- isum = csum_partial_copy_generic((__force const void *)src,
++ isum = csum_partial_copy_generic((const void __force_kernel *)src,
dst, len, isum, errp, NULL);
if (unlikely(*errp))
-@@ -105,6 +111,12 @@ csum_partial_copy_to_user(const void *sr
+ goto out_err;
+@@ -105,7 +111,13 @@ csum_partial_copy_to_user(const void *sr
}
*errp = 0;
+- return csum_partial_copy_generic(src, (void __force *)dst,
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ if ((unsigned long)dst < PAX_USER_SHADOW_BASE)
+ dst += PAX_USER_SHADOW_BASE;
+#endif
+
- return csum_partial_copy_generic(src, (void __force *)dst,
++ return csum_partial_copy_generic(src, (void __force_kernel *)dst,
len, isum, NULL, errp);
}
+ EXPORT_SYMBOL(csum_partial_copy_to_user);
diff -urNp linux-2.6.32.46/arch/x86/lib/getuser.S linux-2.6.32.46/arch/x86/lib/getuser.S
--- linux-2.6.32.46/arch/x86/lib/getuser.S 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/arch/x86/lib/getuser.S 2011-04-17 15:56:46.000000000 -0400
@@ -19640,10 +20134,53 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/getuser.S linux-2.6.32.46/arch/x86/lib/g
4: movq -7(%_ASM_AX),%_ASM_DX
xor %eax,%eax
ret
+diff -urNp linux-2.6.32.46/arch/x86/lib/iomap_copy_64.S linux-2.6.32.46/arch/x86/lib/iomap_copy_64.S
+--- linux-2.6.32.46/arch/x86/lib/iomap_copy_64.S 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/arch/x86/lib/iomap_copy_64.S 2011-10-06 09:37:14.000000000 -0400
+@@ -17,6 +17,7 @@
+
+ #include <linux/linkage.h>
+ #include <asm/dwarf2.h>
++#include <asm/alternative-asm.h>
+
+ /*
+ * override generic version in lib/iomap_copy.c
+@@ -25,6 +26,7 @@ ENTRY(__iowrite32_copy)
+ CFI_STARTPROC
+ movl %edx,%ecx
+ rep movsd
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ ENDPROC(__iowrite32_copy)
diff -urNp linux-2.6.32.46/arch/x86/lib/memcpy_64.S linux-2.6.32.46/arch/x86/lib/memcpy_64.S
--- linux-2.6.32.46/arch/x86/lib/memcpy_64.S 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/lib/memcpy_64.S 2011-04-17 15:56:46.000000000 -0400
-@@ -128,7 +128,7 @@ ENDPROC(__memcpy)
++++ linux-2.6.32.46/arch/x86/lib/memcpy_64.S 2011-10-06 10:13:49.000000000 -0400
+@@ -4,6 +4,7 @@
+
+ #include <asm/cpufeature.h>
+ #include <asm/dwarf2.h>
++#include <asm/alternative-asm.h>
+
+ /*
+ * memcpy - Copy a memory block.
+@@ -34,6 +35,7 @@ memcpy_c:
+ rep movsq
+ movl %edx, %ecx
+ rep movsb
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ ENDPROC(memcpy_c)
+@@ -118,6 +120,7 @@ ENTRY(memcpy)
+ jnz .Lloop_1
+
+ .Lend:
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ ENDPROC(memcpy)
+@@ -128,7 +131,7 @@ ENDPROC(__memcpy)
* It is also a lot simpler. Use this when possible:
*/
@@ -19654,8 +20191,32 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/memcpy_64.S linux-2.6.32.46/arch/x86/lib
2:
diff -urNp linux-2.6.32.46/arch/x86/lib/memset_64.S linux-2.6.32.46/arch/x86/lib/memset_64.S
--- linux-2.6.32.46/arch/x86/lib/memset_64.S 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/lib/memset_64.S 2011-04-17 15:56:46.000000000 -0400
-@@ -118,7 +118,7 @@ ENDPROC(__memset)
++++ linux-2.6.32.46/arch/x86/lib/memset_64.S 2011-10-06 09:37:08.000000000 -0400
+@@ -2,6 +2,7 @@
+
+ #include <linux/linkage.h>
+ #include <asm/dwarf2.h>
++#include <asm/alternative-asm.h>
+
+ /*
+ * ISO C memset - set a memory block to a byte value.
+@@ -28,6 +29,7 @@ memset_c:
+ movl %r8d,%ecx
+ rep stosb
+ movq %r9,%rax
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ ENDPROC(memset_c)
+@@ -96,6 +98,7 @@ ENTRY(__memset)
+
+ .Lende:
+ movq %r10,%rax
++ pax_force_retaddr
+ ret
+
+ CFI_RESTORE_STATE
+@@ -118,7 +121,7 @@ ENDPROC(__memset)
#include <asm/cpufeature.h>
@@ -20122,6 +20683,89 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/putuser.S linux-2.6.32.46/arch/x86/lib/p
#endif
xor %eax,%eax
EXIT
+diff -urNp linux-2.6.32.46/arch/x86/lib/rwlock_64.S linux-2.6.32.46/arch/x86/lib/rwlock_64.S
+--- linux-2.6.32.46/arch/x86/lib/rwlock_64.S 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/arch/x86/lib/rwlock_64.S 2011-10-06 09:37:14.000000000 -0400
+@@ -17,6 +17,7 @@ ENTRY(__write_lock_failed)
+ LOCK_PREFIX
+ subl $RW_LOCK_BIAS,(%rdi)
+ jnz __write_lock_failed
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ END(__write_lock_failed)
+@@ -33,6 +34,7 @@ ENTRY(__read_lock_failed)
+ LOCK_PREFIX
+ decl (%rdi)
+ js __read_lock_failed
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ END(__read_lock_failed)
+diff -urNp linux-2.6.32.46/arch/x86/lib/rwsem_64.S linux-2.6.32.46/arch/x86/lib/rwsem_64.S
+--- linux-2.6.32.46/arch/x86/lib/rwsem_64.S 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/arch/x86/lib/rwsem_64.S 2011-10-06 09:37:14.000000000 -0400
+@@ -48,6 +48,7 @@ ENTRY(call_rwsem_down_read_failed)
+ call rwsem_down_read_failed
+ popq %rdx
+ restore_common_regs
++ pax_force_retaddr
+ ret
+ ENDPROC(call_rwsem_down_read_failed)
+
+@@ -56,6 +57,7 @@ ENTRY(call_rwsem_down_write_failed)
+ movq %rax,%rdi
+ call rwsem_down_write_failed
+ restore_common_regs
++ pax_force_retaddr
+ ret
+ ENDPROC(call_rwsem_down_write_failed)
+
+@@ -66,7 +68,8 @@ ENTRY(call_rwsem_wake)
+ movq %rax,%rdi
+ call rwsem_wake
+ restore_common_regs
+-1: ret
++1: pax_force_retaddr
++ ret
+ ENDPROC(call_rwsem_wake)
+
+ /* Fix up special calling conventions */
+@@ -77,5 +80,6 @@ ENTRY(call_rwsem_downgrade_wake)
+ call rwsem_downgrade_wake
+ popq %rdx
+ restore_common_regs
++ pax_force_retaddr
+ ret
+ ENDPROC(call_rwsem_downgrade_wake)
+diff -urNp linux-2.6.32.46/arch/x86/lib/thunk_64.S linux-2.6.32.46/arch/x86/lib/thunk_64.S
+--- linux-2.6.32.46/arch/x86/lib/thunk_64.S 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/arch/x86/lib/thunk_64.S 2011-10-06 09:37:14.000000000 -0400
+@@ -10,7 +10,8 @@
+ #include <asm/dwarf2.h>
+ #include <asm/calling.h>
+ #include <asm/rwlock.h>
+-
++ #include <asm/alternative-asm.h>
++
+ /* rdi: arg1 ... normal C conventions. rax is saved/restored. */
+ .macro thunk name,func
+ .globl \name
+@@ -70,6 +71,7 @@
+ SAVE_ARGS
+ restore:
+ RESTORE_ARGS
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+
+@@ -77,5 +79,6 @@ restore:
+ SAVE_ARGS
+ restore_norax:
+ RESTORE_ARGS 1
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
diff -urNp linux-2.6.32.46/arch/x86/lib/usercopy_32.c linux-2.6.32.46/arch/x86/lib/usercopy_32.c
--- linux-2.6.32.46/arch/x86/lib/usercopy_32.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/arch/x86/lib/usercopy_32.c 2011-04-23 21:12:28.000000000 -0400
@@ -20732,7 +21376,7 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/usercopy_32.c linux-2.6.32.46/arch/x86/l
+#endif
diff -urNp linux-2.6.32.46/arch/x86/lib/usercopy_64.c linux-2.6.32.46/arch/x86/lib/usercopy_64.c
--- linux-2.6.32.46/arch/x86/lib/usercopy_64.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/lib/usercopy_64.c 2011-05-04 17:56:20.000000000 -0400
++++ linux-2.6.32.46/arch/x86/lib/usercopy_64.c 2011-10-06 09:37:08.000000000 -0400
@@ -42,6 +42,12 @@ long
__strncpy_from_user(char *dst, const char __user *src, long count)
{
@@ -20764,6 +21408,9 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/usercopy_64.c linux-2.6.32.46/arch/x86/l
unsigned long copy_in_user(void __user *to, const void __user *from, unsigned len)
{
- if (access_ok(VERIFY_WRITE, to, len) && access_ok(VERIFY_READ, from, len)) {
+- return copy_user_generic((__force void *)to, (__force void *)from, len);
+- }
+- return len;
+ if (access_ok(VERIFY_WRITE, to, len) && access_ok(VERIFY_READ, from, len)) {
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
@@ -20773,14 +21420,21 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/usercopy_64.c linux-2.6.32.46/arch/x86/l
+ from += PAX_USER_SHADOW_BASE;
+#endif
+
- return copy_user_generic((__force void *)to, (__force void *)from, len);
-- }
-- return len;
++ return copy_user_generic((void __force_kernel *)to, (void __force_kernel *)from, len);
+ }
+ return len;
}
EXPORT_SYMBOL(copy_in_user);
+@@ -164,7 +184,7 @@ EXPORT_SYMBOL(copy_in_user);
+ * it is not necessary to optimize tail handling.
+ */
+ unsigned long
+-copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest)
++copy_user_handle_tail(char __user *to, char __user *from, unsigned len, unsigned zerorest)
+ {
+ char c;
+ unsigned zero_len;
diff -urNp linux-2.6.32.46/arch/x86/Makefile linux-2.6.32.46/arch/x86/Makefile
--- linux-2.6.32.46/arch/x86/Makefile 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/arch/x86/Makefile 2011-07-19 18:16:02.000000000 -0400
@@ -20883,7 +21537,7 @@ diff -urNp linux-2.6.32.46/arch/x86/mm/extable.c linux-2.6.32.46/arch/x86/mm/ext
pnp_bios_is_utter_crap = 1;
diff -urNp linux-2.6.32.46/arch/x86/mm/fault.c linux-2.6.32.46/arch/x86/mm/fault.c
--- linux-2.6.32.46/arch/x86/mm/fault.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/mm/fault.c 2011-08-17 20:06:44.000000000 -0400
++++ linux-2.6.32.46/arch/x86/mm/fault.c 2011-10-06 09:37:08.000000000 -0400
@@ -11,10 +11,19 @@
#include <linux/kprobes.h> /* __kprobes, ... */
#include <linux/mmiotrace.h> /* kmmio_handler, ... */
@@ -20919,7 +21573,7 @@ diff -urNp linux-2.6.32.46/arch/x86/mm/fault.c linux-2.6.32.46/arch/x86/mm/fault
/* Prefetch instruction is 0x0F0D or 0x0F18 */
- if (probe_kernel_address(instr, opcode))
+ if (user_mode(regs)) {
-+ if (__copy_from_user_inatomic(&opcode, (__force unsigned char __user *)(instr), 1))
++ if (__copy_from_user_inatomic(&opcode, (unsigned char __force_user *)(instr), 1))
+ return 0;
+ } else if (probe_kernel_address(instr, opcode))
return 0;
@@ -20931,7 +21585,7 @@ diff -urNp linux-2.6.32.46/arch/x86/mm/fault.c linux-2.6.32.46/arch/x86/mm/fault
- if (probe_kernel_address(instr, opcode))
+ if (user_mode(regs)) {
-+ if (__copy_from_user_inatomic(&opcode, (__force unsigned char __user *)(instr), 1))
++ if (__copy_from_user_inatomic(&opcode, (unsigned char __force_user *)(instr), 1))
+ break;
+ } else if (probe_kernel_address(instr, opcode))
break;
@@ -21523,7 +22177,7 @@ diff -urNp linux-2.6.32.46/arch/x86/mm/fault.c linux-2.6.32.46/arch/x86/mm/fault
+ printk(KERN_ERR "PAX: bytes at PC: ");
+ for (i = 0; i < 20; i++) {
+ unsigned char c;
-+ if (get_user(c, (__force unsigned char __user *)pc+i))
++ if (get_user(c, (unsigned char __force_user *)pc+i))
+ printk(KERN_CONT "?? ");
+ else
+ printk(KERN_CONT "%02x ", c);
@@ -21533,7 +22187,7 @@ diff -urNp linux-2.6.32.46/arch/x86/mm/fault.c linux-2.6.32.46/arch/x86/mm/fault
+ printk(KERN_ERR "PAX: bytes at SP-%lu: ", (unsigned long)sizeof(long));
+ for (i = -1; i < 80 / (long)sizeof(long); i++) {
+ unsigned long c;
-+ if (get_user(c, (__force unsigned long __user *)sp+i))
++ if (get_user(c, (unsigned long __force_user *)sp+i))
+#ifdef CONFIG_X86_32
+ printk(KERN_CONT "???????? ");
+#else
@@ -21563,7 +22217,7 @@ diff -urNp linux-2.6.32.46/arch/x86/mm/fault.c linux-2.6.32.46/arch/x86/mm/fault
+ set_fs(KERNEL_DS);
+ pagefault_disable();
+ pax_open_kernel();
-+ ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
++ ret = __copy_to_user_inatomic((void __force_user *)dst, src, size);
+ pax_close_kernel();
+ pagefault_enable();
+ set_fs(old_fs);
@@ -24158,7 +24812,7 @@ diff -urNp linux-2.6.32.46/block/blk-sysfs.c linux-2.6.32.46/block/blk-sysfs.c
};
diff -urNp linux-2.6.32.46/block/bsg.c linux-2.6.32.46/block/bsg.c
--- linux-2.6.32.46/block/bsg.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/block/bsg.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/block/bsg.c 2011-10-06 09:37:08.000000000 -0400
@@ -175,16 +175,24 @@ static int blk_fill_sgv4_hdr_rq(struct r
struct sg_io_v4 *hdr, struct bsg_device *bd,
fmode_t has_write_perm)
@@ -24176,7 +24830,7 @@ diff -urNp linux-2.6.32.46/block/bsg.c linux-2.6.32.46/block/bsg.c
+ cmdptr = tmpcmd;
- if (copy_from_user(rq->cmd, (void *)(unsigned long)hdr->request,
-+ if (copy_from_user(cmdptr, (void *)(unsigned long)hdr->request,
++ if (copy_from_user(cmdptr, (void __user *)(unsigned long)hdr->request,
hdr->request_len))
return -EFAULT;
@@ -24186,6 +24840,49 @@ diff -urNp linux-2.6.32.46/block/bsg.c linux-2.6.32.46/block/bsg.c
if (hdr->subprotocol == BSG_SUB_PROTOCOL_SCSI_CMD) {
if (blk_verify_command(rq->cmd, has_write_perm))
return -EPERM;
+@@ -282,7 +290,7 @@ bsg_map_hdr(struct bsg_device *bd, struc
+ rq->next_rq = next_rq;
+ next_rq->cmd_type = rq->cmd_type;
+
+- dxferp = (void*)(unsigned long)hdr->din_xferp;
++ dxferp = (void __user *)(unsigned long)hdr->din_xferp;
+ ret = blk_rq_map_user(q, next_rq, NULL, dxferp,
+ hdr->din_xfer_len, GFP_KERNEL);
+ if (ret)
+@@ -291,10 +299,10 @@ bsg_map_hdr(struct bsg_device *bd, struc
+
+ if (hdr->dout_xfer_len) {
+ dxfer_len = hdr->dout_xfer_len;
+- dxferp = (void*)(unsigned long)hdr->dout_xferp;
++ dxferp = (void __user *)(unsigned long)hdr->dout_xferp;
+ } else if (hdr->din_xfer_len) {
+ dxfer_len = hdr->din_xfer_len;
+- dxferp = (void*)(unsigned long)hdr->din_xferp;
++ dxferp = (void __user *)(unsigned long)hdr->din_xferp;
+ } else
+ dxfer_len = 0;
+
+@@ -436,7 +444,7 @@ static int blk_complete_sgv4_hdr_rq(stru
+ int len = min_t(unsigned int, hdr->max_response_len,
+ rq->sense_len);
+
+- ret = copy_to_user((void*)(unsigned long)hdr->response,
++ ret = copy_to_user((void __user *)(unsigned long)hdr->response,
+ rq->sense, len);
+ if (!ret)
+ hdr->response_len = len;
+diff -urNp linux-2.6.32.46/block/compat_ioctl.c linux-2.6.32.46/block/compat_ioctl.c
+--- linux-2.6.32.46/block/compat_ioctl.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/block/compat_ioctl.c 2011-10-06 09:37:14.000000000 -0400
+@@ -354,7 +354,7 @@ static int compat_fd_ioctl(struct block_
+ err |= __get_user(f->spec1, &uf->spec1);
+ err |= __get_user(f->fmt_gap, &uf->fmt_gap);
+ err |= __get_user(name, &uf->name);
+- f->name = compat_ptr(name);
++ f->name = (void __force_kernel *)compat_ptr(name);
+ if (err) {
+ err = -EFAULT;
+ goto out;
diff -urNp linux-2.6.32.46/block/elevator.c linux-2.6.32.46/block/elevator.c
--- linux-2.6.32.46/block/elevator.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/block/elevator.c 2011-04-17 15:56:46.000000000 -0400
@@ -27575,6 +28272,18 @@ diff -urNp linux-2.6.32.46/drivers/block/DAC960.c linux-2.6.32.46/drivers/block/
if (!init_dma_loaf(Controller->PCIDevice, &local_dma,
DAC960_V1_MaxChannels*(sizeof(DAC960_V1_DCDB_T) +
sizeof(DAC960_SCSI_Inquiry_T) +
+diff -urNp linux-2.6.32.46/drivers/block/loop.c linux-2.6.32.46/drivers/block/loop.c
+--- linux-2.6.32.46/drivers/block/loop.c 2011-06-25 12:55:34.000000000 -0400
++++ linux-2.6.32.46/drivers/block/loop.c 2011-10-06 09:37:14.000000000 -0400
+@@ -282,7 +282,7 @@ static int __do_lo_send_write(struct fil
+ mm_segment_t old_fs = get_fs();
+
+ set_fs(get_ds());
+- bw = file->f_op->write(file, buf, len, &pos);
++ bw = file->f_op->write(file, (const char __force_user *)buf, len, &pos);
+ set_fs(old_fs);
+ if (likely(bw == len))
+ return 0;
diff -urNp linux-2.6.32.46/drivers/block/nbd.c linux-2.6.32.46/drivers/block/nbd.c
--- linux-2.6.32.46/drivers/block/nbd.c 2011-06-25 12:55:34.000000000 -0400
+++ linux-2.6.32.46/drivers/block/nbd.c 2011-06-25 12:56:37.000000000 -0400
@@ -28512,7 +29221,7 @@ diff -urNp linux-2.6.32.46/drivers/char/stallion.c linux-2.6.32.46/drivers/char/
portp = stl_getport(stl_dummyport.brdnr, stl_dummyport.panelnr,
diff -urNp linux-2.6.32.46/drivers/char/tpm/tpm_bios.c linux-2.6.32.46/drivers/char/tpm/tpm_bios.c
--- linux-2.6.32.46/drivers/char/tpm/tpm_bios.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/drivers/char/tpm/tpm_bios.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/drivers/char/tpm/tpm_bios.c 2011-10-06 09:37:08.000000000 -0400
@@ -172,7 +172,7 @@ static void *tpm_bios_measurements_start
event = addr;
@@ -28541,7 +29250,7 @@ diff -urNp linux-2.6.32.46/drivers/char/tpm/tpm_bios.c linux-2.6.32.46/drivers/c
return 0;
}
-@@ -409,6 +410,11 @@ static int read_log(struct tpm_bios_log
+@@ -409,8 +410,13 @@ static int read_log(struct tpm_bios_log
log->bios_event_log_end = log->bios_event_log + len;
virt = acpi_os_map_memory(start, len);
@@ -28551,8 +29260,11 @@ diff -urNp linux-2.6.32.46/drivers/char/tpm/tpm_bios.c linux-2.6.32.46/drivers/c
+ return -EFAULT;
+ }
- memcpy(log->bios_event_log, virt, len);
+- memcpy(log->bios_event_log, virt, len);
++ memcpy(log->bios_event_log, (const char __force_kernel *)virt, len);
+ acpi_os_unmap_memory(virt, len);
+ return 0;
diff -urNp linux-2.6.32.46/drivers/char/tpm/tpm.c linux-2.6.32.46/drivers/char/tpm/tpm.c
--- linux-2.6.32.46/drivers/char/tpm/tpm.c 2011-04-17 17:00:52.000000000 -0400
+++ linux-2.6.32.46/drivers/char/tpm/tpm.c 2011-05-16 21:46:57.000000000 -0400
@@ -29049,7 +29761,7 @@ diff -urNp linux-2.6.32.46/drivers/firewire/core-transaction.c linux-2.6.32.46/d
fw_send_request(card, &t, tcode, destination_id, generation, speed,
diff -urNp linux-2.6.32.46/drivers/firmware/dmi_scan.c linux-2.6.32.46/drivers/firmware/dmi_scan.c
--- linux-2.6.32.46/drivers/firmware/dmi_scan.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/drivers/firmware/dmi_scan.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/drivers/firmware/dmi_scan.c 2011-10-06 09:37:08.000000000 -0400
@@ -391,11 +391,6 @@ void __init dmi_scan_machine(void)
}
}
@@ -29062,6 +29774,15 @@ diff -urNp linux-2.6.32.46/drivers/firmware/dmi_scan.c linux-2.6.32.46/drivers/f
p = dmi_ioremap(0xF0000, 0x10000);
if (p == NULL)
goto error;
+@@ -667,7 +662,7 @@ int dmi_walk(void (*decode)(const struct
+ if (buf == NULL)
+ return -1;
+
+- dmi_table(buf, dmi_len, dmi_num, decode, private_data);
++ dmi_table((char __force_kernel *)buf, dmi_len, dmi_num, decode, private_data);
+
+ iounmap(buf);
+ return 0;
diff -urNp linux-2.6.32.46/drivers/firmware/edd.c linux-2.6.32.46/drivers/firmware/edd.c
--- linux-2.6.32.46/drivers/firmware/edd.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/drivers/firmware/edd.c 2011-04-17 15:56:46.000000000 -0400
@@ -29122,6 +29843,83 @@ diff -urNp linux-2.6.32.46/drivers/gpio/vr41xx_giu.c linux-2.6.32.46/drivers/gpi
return -EINVAL;
}
+diff -urNp linux-2.6.32.46/drivers/gpu/drm/drm_crtc.c linux-2.6.32.46/drivers/gpu/drm/drm_crtc.c
+--- linux-2.6.32.46/drivers/gpu/drm/drm_crtc.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/drivers/gpu/drm/drm_crtc.c 2011-10-06 09:37:14.000000000 -0400
+@@ -1323,7 +1323,7 @@ int drm_mode_getconnector(struct drm_dev
+ */
+ if ((out_resp->count_modes >= mode_count) && mode_count) {
+ copied = 0;
+- mode_ptr = (struct drm_mode_modeinfo *)(unsigned long)out_resp->modes_ptr;
++ mode_ptr = (struct drm_mode_modeinfo __user *)(unsigned long)out_resp->modes_ptr;
+ list_for_each_entry(mode, &connector->modes, head) {
+ drm_crtc_convert_to_umode(&u_mode, mode);
+ if (copy_to_user(mode_ptr + copied,
+@@ -1338,8 +1338,8 @@ int drm_mode_getconnector(struct drm_dev
+
+ if ((out_resp->count_props >= props_count) && props_count) {
+ copied = 0;
+- prop_ptr = (uint32_t *)(unsigned long)(out_resp->props_ptr);
+- prop_values = (uint64_t *)(unsigned long)(out_resp->prop_values_ptr);
++ prop_ptr = (uint32_t __user *)(unsigned long)(out_resp->props_ptr);
++ prop_values = (uint64_t __user *)(unsigned long)(out_resp->prop_values_ptr);
+ for (i = 0; i < DRM_CONNECTOR_MAX_PROPERTY; i++) {
+ if (connector->property_ids[i] != 0) {
+ if (put_user(connector->property_ids[i],
+@@ -1361,7 +1361,7 @@ int drm_mode_getconnector(struct drm_dev
+
+ if ((out_resp->count_encoders >= encoders_count) && encoders_count) {
+ copied = 0;
+- encoder_ptr = (uint32_t *)(unsigned long)(out_resp->encoders_ptr);
++ encoder_ptr = (uint32_t __user *)(unsigned long)(out_resp->encoders_ptr);
+ for (i = 0; i < DRM_CONNECTOR_MAX_ENCODER; i++) {
+ if (connector->encoder_ids[i] != 0) {
+ if (put_user(connector->encoder_ids[i],
+@@ -1513,7 +1513,7 @@ int drm_mode_setcrtc(struct drm_device *
+ }
+
+ for (i = 0; i < crtc_req->count_connectors; i++) {
+- set_connectors_ptr = (uint32_t *)(unsigned long)crtc_req->set_connectors_ptr;
++ set_connectors_ptr = (uint32_t __user *)(unsigned long)crtc_req->set_connectors_ptr;
+ if (get_user(out_id, &set_connectors_ptr[i])) {
+ ret = -EFAULT;
+ goto out;
+@@ -2118,7 +2118,7 @@ int drm_mode_getproperty_ioctl(struct dr
+ out_resp->flags = property->flags;
+
+ if ((out_resp->count_values >= value_count) && value_count) {
+- values_ptr = (uint64_t *)(unsigned long)out_resp->values_ptr;
++ values_ptr = (uint64_t __user *)(unsigned long)out_resp->values_ptr;
+ for (i = 0; i < value_count; i++) {
+ if (copy_to_user(values_ptr + i, &property->values[i], sizeof(uint64_t))) {
+ ret = -EFAULT;
+@@ -2131,7 +2131,7 @@ int drm_mode_getproperty_ioctl(struct dr
+ if (property->flags & DRM_MODE_PROP_ENUM) {
+ if ((out_resp->count_enum_blobs >= enum_count) && enum_count) {
+ copied = 0;
+- enum_ptr = (struct drm_mode_property_enum *)(unsigned long)out_resp->enum_blob_ptr;
++ enum_ptr = (struct drm_mode_property_enum __user *)(unsigned long)out_resp->enum_blob_ptr;
+ list_for_each_entry(prop_enum, &property->enum_blob_list, head) {
+
+ if (copy_to_user(&enum_ptr[copied].value, &prop_enum->value, sizeof(uint64_t))) {
+@@ -2154,7 +2154,7 @@ int drm_mode_getproperty_ioctl(struct dr
+ if ((out_resp->count_enum_blobs >= blob_count) && blob_count) {
+ copied = 0;
+ blob_id_ptr = (uint32_t *)(unsigned long)out_resp->enum_blob_ptr;
+- blob_length_ptr = (uint32_t *)(unsigned long)out_resp->values_ptr;
++ blob_length_ptr = (uint32_t __user *)(unsigned long)out_resp->values_ptr;
+
+ list_for_each_entry(prop_blob, &property->enum_blob_list, head) {
+ if (put_user(prop_blob->base.id, blob_id_ptr + copied)) {
+@@ -2226,7 +2226,7 @@ int drm_mode_getblob_ioctl(struct drm_de
+ blob = obj_to_blob(obj);
+
+ if (out_resp->length == blob->length) {
+- blob_ptr = (void *)(unsigned long)out_resp->data;
++ blob_ptr = (void __user *)(unsigned long)out_resp->data;
+ if (copy_to_user(blob_ptr, blob->data, blob->length)){
+ ret = -EFAULT;
+ goto done;
diff -urNp linux-2.6.32.46/drivers/gpu/drm/drm_crtc_helper.c linux-2.6.32.46/drivers/gpu/drm/drm_crtc_helper.c
--- linux-2.6.32.46/drivers/gpu/drm/drm_crtc_helper.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/drivers/gpu/drm/drm_crtc_helper.c 2011-05-16 21:46:57.000000000 -0400
@@ -29327,6 +30125,27 @@ diff -urNp linux-2.6.32.46/drivers/gpu/drm/drm_info.c linux-2.6.32.46/drivers/gp
#if defined(__i386__)
pgprot = pgprot_val(vma->vm_page_prot);
+diff -urNp linux-2.6.32.46/drivers/gpu/drm/drm_ioc32.c linux-2.6.32.46/drivers/gpu/drm/drm_ioc32.c
+--- linux-2.6.32.46/drivers/gpu/drm/drm_ioc32.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/drivers/gpu/drm/drm_ioc32.c 2011-10-06 09:37:14.000000000 -0400
+@@ -463,7 +463,7 @@ static int compat_drm_infobufs(struct fi
+ request = compat_alloc_user_space(nbytes);
+ if (!access_ok(VERIFY_WRITE, request, nbytes))
+ return -EFAULT;
+- list = (struct drm_buf_desc *) (request + 1);
++ list = (struct drm_buf_desc __user *) (request + 1);
+
+ if (__put_user(count, &request->count)
+ || __put_user(list, &request->list))
+@@ -525,7 +525,7 @@ static int compat_drm_mapbufs(struct fil
+ request = compat_alloc_user_space(nbytes);
+ if (!access_ok(VERIFY_WRITE, request, nbytes))
+ return -EFAULT;
+- list = (struct drm_buf_pub *) (request + 1);
++ list = (struct drm_buf_pub __user *) (request + 1);
+
+ if (__put_user(count, &request->count)
+ || __put_user(list, &request->list))
diff -urNp linux-2.6.32.46/drivers/gpu/drm/drm_ioctl.c linux-2.6.32.46/drivers/gpu/drm/drm_ioctl.c
--- linux-2.6.32.46/drivers/gpu/drm/drm_ioctl.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/drivers/gpu/drm/drm_ioctl.c 2011-04-17 15:56:46.000000000 -0400
@@ -36883,6 +37702,18 @@ diff -urNp linux-2.6.32.46/drivers/scsi/scsi_sysfs.c linux-2.6.32.46/drivers/scs
return snprintf(buf, 20, "0x%llx\n", count); \
} \
static DEVICE_ATTR(field, S_IRUGO, show_iostat_##field, NULL)
+diff -urNp linux-2.6.32.46/drivers/scsi/scsi_tgt_lib.c linux-2.6.32.46/drivers/scsi/scsi_tgt_lib.c
+--- linux-2.6.32.46/drivers/scsi/scsi_tgt_lib.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/drivers/scsi/scsi_tgt_lib.c 2011-10-06 09:37:14.000000000 -0400
+@@ -362,7 +362,7 @@ static int scsi_map_user_pages(struct sc
+ int err;
+
+ dprintk("%lx %u\n", uaddr, len);
+- err = blk_rq_map_user(q, rq, NULL, (void *)uaddr, len, GFP_KERNEL);
++ err = blk_rq_map_user(q, rq, NULL, (void __user *)uaddr, len, GFP_KERNEL);
+ if (err) {
+ /*
+ * TODO: need to fixup sg_tablesize, max_segment_size,
diff -urNp linux-2.6.32.46/drivers/scsi/scsi_transport_fc.c linux-2.6.32.46/drivers/scsi/scsi_transport_fc.c
--- linux-2.6.32.46/drivers/scsi/scsi_transport_fc.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/drivers/scsi/scsi_transport_fc.c 2011-05-04 17:56:28.000000000 -0400
@@ -36975,7 +37806,16 @@ diff -urNp linux-2.6.32.46/drivers/scsi/scsi_transport_srp.c linux-2.6.32.46/dri
transport_setup_device(&rport->dev);
diff -urNp linux-2.6.32.46/drivers/scsi/sg.c linux-2.6.32.46/drivers/scsi/sg.c
--- linux-2.6.32.46/drivers/scsi/sg.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/drivers/scsi/sg.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/drivers/scsi/sg.c 2011-10-06 09:37:08.000000000 -0400
+@@ -1064,7 +1064,7 @@ sg_ioctl(struct inode *inode, struct fil
+ sdp->disk->disk_name,
+ MKDEV(SCSI_GENERIC_MAJOR, sdp->index),
+ NULL,
+- (char *)arg);
++ (char __user *)arg);
+ case BLKTRACESTART:
+ return blk_trace_startstop(sdp->device->request_queue, 1);
+ case BLKTRACESTOP:
@@ -2292,7 +2292,7 @@ struct sg_proc_leaf {
const struct file_operations * fops;
};
@@ -41466,6 +42306,18 @@ diff -urNp linux-2.6.32.46/fs/autofs4/symlink.c linux-2.6.32.46/fs/autofs4/symli
return NULL;
}
+diff -urNp linux-2.6.32.46/fs/autofs4/waitq.c linux-2.6.32.46/fs/autofs4/waitq.c
+--- linux-2.6.32.46/fs/autofs4/waitq.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/fs/autofs4/waitq.c 2011-10-06 09:37:14.000000000 -0400
+@@ -60,7 +60,7 @@ static int autofs4_write(struct file *fi
+ {
+ unsigned long sigpipe, flags;
+ mm_segment_t fs;
+- const char *data = (const char *)addr;
++ const char __user *data = (const char __force_user *)addr;
+ ssize_t wr = 0;
+
+ /** WARNING: this is not safe for writing more than PIPE_BUF bytes! **/
diff -urNp linux-2.6.32.46/fs/befs/linuxvfs.c linux-2.6.32.46/fs/befs/linuxvfs.c
--- linux-2.6.32.46/fs/befs/linuxvfs.c 2011-08-29 22:24:44.000000000 -0400
+++ linux-2.6.32.46/fs/befs/linuxvfs.c 2011-08-29 22:25:07.000000000 -0400
@@ -42281,7 +43133,7 @@ diff -urNp linux-2.6.32.46/fs/binfmt_flat.c linux-2.6.32.46/fs/binfmt_flat.c
}
diff -urNp linux-2.6.32.46/fs/bio.c linux-2.6.32.46/fs/bio.c
--- linux-2.6.32.46/fs/bio.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/fs/bio.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/fs/bio.c 2011-10-06 09:37:14.000000000 -0400
@@ -78,7 +78,7 @@ static struct kmem_cache *bio_find_or_cr
i = 0;
@@ -42296,7 +43148,7 @@ diff -urNp linux-2.6.32.46/fs/bio.c linux-2.6.32.46/fs/bio.c
struct bio_map_data *bmd = bio->bi_private;
int i;
- char *p = bmd->sgvecs[0].iov_base;
-+ char *p = (__force char *)bmd->sgvecs[0].iov_base;
++ char *p = (char __force_kernel *)bmd->sgvecs[0].iov_base;
__bio_for_each_segment(bvec, bio, i, 0) {
char *addr = page_address(bvec->bv_page);
@@ -42690,13 +43542,13 @@ diff -urNp linux-2.6.32.46/fs/cachefiles/proc.c linux-2.6.32.46/fs/cachefiles/pr
diff -urNp linux-2.6.32.46/fs/cachefiles/rdwr.c linux-2.6.32.46/fs/cachefiles/rdwr.c
--- linux-2.6.32.46/fs/cachefiles/rdwr.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/fs/cachefiles/rdwr.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/fs/cachefiles/rdwr.c 2011-10-06 09:37:14.000000000 -0400
@@ -946,7 +946,7 @@ int cachefiles_write_page(struct fscache
old_fs = get_fs();
set_fs(KERNEL_DS);
ret = file->f_op->write(
- file, (const void __user *) data, len, &pos);
-+ file, (__force const void __user *) data, len, &pos);
++ file, (const void __force_user *) data, len, &pos);
set_fs(old_fs);
kunmap(page);
if (ret != len)
@@ -43012,7 +43864,27 @@ diff -urNp linux-2.6.32.46/fs/compat_binfmt_elf.c linux-2.6.32.46/fs/compat_binf
/*
diff -urNp linux-2.6.32.46/fs/compat.c linux-2.6.32.46/fs/compat.c
--- linux-2.6.32.46/fs/compat.c 2011-04-17 17:00:52.000000000 -0400
-+++ linux-2.6.32.46/fs/compat.c 2011-08-11 19:56:56.000000000 -0400
++++ linux-2.6.32.46/fs/compat.c 2011-10-06 09:37:14.000000000 -0400
+@@ -133,8 +133,8 @@ asmlinkage long compat_sys_utimes(char _
+ static int cp_compat_stat(struct kstat *stat, struct compat_stat __user *ubuf)
+ {
+ compat_ino_t ino = stat->ino;
+- typeof(ubuf->st_uid) uid = 0;
+- typeof(ubuf->st_gid) gid = 0;
++ typeof(((struct compat_stat *)0)->st_uid) uid = 0;
++ typeof(((struct compat_stat *)0)->st_gid) gid = 0;
+ int err;
+
+ SET_UID(uid, stat->uid);
+@@ -533,7 +533,7 @@ compat_sys_io_setup(unsigned nr_reqs, u3
+
+ set_fs(KERNEL_DS);
+ /* The __user pointer cast is valid because of the set_fs() */
+- ret = sys_io_setup(nr_reqs, (aio_context_t __user *) &ctx64);
++ ret = sys_io_setup(nr_reqs, (aio_context_t __force_user *) &ctx64);
+ set_fs(oldfs);
+ /* truncating is ok because it's a user address */
+ if (!ret)
@@ -830,6 +830,7 @@ struct compat_old_linux_dirent {
struct compat_readdir_callback {
@@ -43086,7 +43958,7 @@ diff -urNp linux-2.6.32.46/fs/compat.c linux-2.6.32.46/fs/compat.c
dirent = buf->previous;
if (dirent) {
-@@ -1054,6 +1071,7 @@ asmlinkage long compat_sys_getdents64(un
+@@ -1054,13 +1071,14 @@ asmlinkage long compat_sys_getdents64(un
buf.previous = NULL;
buf.count = count;
buf.error = 0;
@@ -43094,6 +43966,14 @@ diff -urNp linux-2.6.32.46/fs/compat.c linux-2.6.32.46/fs/compat.c
error = vfs_readdir(file, compat_filldir64, &buf);
if (error >= 0)
+ error = buf.error;
+ lastdirent = buf.previous;
+ if (lastdirent) {
+- typeof(lastdirent->d_off) d_off = file->f_pos;
++ typeof(((struct linux_dirent64 *)0)->d_off) d_off = file->f_pos;
+ if (__put_user_unaligned(d_off, &lastdirent->d_off))
+ error = -EFAULT;
+ else
@@ -1098,7 +1116,7 @@ static ssize_t compat_do_readv_writev(in
* verify all the pointers
*/
@@ -43221,9 +44101,18 @@ diff -urNp linux-2.6.32.46/fs/compat.c linux-2.6.32.46/fs/compat.c
if (n < 0)
goto out_nofds;
+@@ -2151,7 +2243,7 @@ asmlinkage long compat_sys_nfsservctl(in
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ /* The __user pointer casts are valid because of the set_fs() */
+- err = sys_nfsservctl(cmd, (void __user *) karg, (void __user *) kres);
++ err = sys_nfsservctl(cmd, (void __force_user *) karg, (void __force_user *) kres);
+ set_fs(oldfs);
+
+ if (err)
diff -urNp linux-2.6.32.46/fs/compat_ioctl.c linux-2.6.32.46/fs/compat_ioctl.c
--- linux-2.6.32.46/fs/compat_ioctl.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/fs/compat_ioctl.c 2011-04-23 12:56:11.000000000 -0400
++++ linux-2.6.32.46/fs/compat_ioctl.c 2011-10-06 09:37:14.000000000 -0400
@@ -234,6 +234,8 @@ static int do_video_set_spu_palette(unsi
up = (struct compat_video_spu_palette __user *) arg;
err = get_user(palp, &up->palette);
@@ -43233,6 +44122,24 @@ diff -urNp linux-2.6.32.46/fs/compat_ioctl.c linux-2.6.32.46/fs/compat_ioctl.c
up_native = compat_alloc_user_space(sizeof(struct video_spu_palette));
err = put_user(compat_ptr(palp), &up_native->palette);
+@@ -1513,7 +1515,7 @@ static int serial_struct_ioctl(unsigned
+ return -EFAULT;
+ if (__get_user(udata, &ss32->iomem_base))
+ return -EFAULT;
+- ss.iomem_base = compat_ptr(udata);
++ ss.iomem_base = (unsigned char __force_kernel *)compat_ptr(udata);
+ if (__get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) ||
+ __get_user(ss.port_high, &ss32->port_high))
+ return -EFAULT;
+@@ -1809,7 +1811,7 @@ static int compat_ioctl_preallocate(stru
+ copy_in_user(&p->l_len, &p32->l_len, sizeof(s64)) ||
+ copy_in_user(&p->l_sysid, &p32->l_sysid, sizeof(s32)) ||
+ copy_in_user(&p->l_pid, &p32->l_pid, sizeof(u32)) ||
+- copy_in_user(&p->l_pad, &p32->l_pad, 4*sizeof(u32)))
++ copy_in_user(p->l_pad, &p32->l_pad, 4*sizeof(u32)))
+ return -EFAULT;
+
+ return ioctl_preallocate(file, p);
diff -urNp linux-2.6.32.46/fs/configfs/dir.c linux-2.6.32.46/fs/configfs/dir.c
--- linux-2.6.32.46/fs/configfs/dir.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/fs/configfs/dir.c 2011-05-11 18:25:15.000000000 -0400
@@ -43295,13 +44202,13 @@ diff -urNp linux-2.6.32.46/fs/dlm/lockspace.c linux-2.6.32.46/fs/dlm/lockspace.c
};
diff -urNp linux-2.6.32.46/fs/ecryptfs/inode.c linux-2.6.32.46/fs/ecryptfs/inode.c
--- linux-2.6.32.46/fs/ecryptfs/inode.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/fs/ecryptfs/inode.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/fs/ecryptfs/inode.c 2011-10-06 09:37:14.000000000 -0400
@@ -660,7 +660,7 @@ static int ecryptfs_readlink_lower(struc
old_fs = get_fs();
set_fs(get_ds());
rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
- (char __user *)lower_buf,
-+ (__force char __user *)lower_buf,
++ (char __force_user *)lower_buf,
lower_bufsiz);
set_fs(old_fs);
if (rc < 0)
@@ -43316,7 +44223,7 @@ diff -urNp linux-2.6.32.46/fs/ecryptfs/inode.c linux-2.6.32.46/fs/ecryptfs/inode
goto out_free;
diff -urNp linux-2.6.32.46/fs/exec.c linux-2.6.32.46/fs/exec.c
--- linux-2.6.32.46/fs/exec.c 2011-06-25 12:55:34.000000000 -0400
-+++ linux-2.6.32.46/fs/exec.c 2011-08-11 19:56:19.000000000 -0400
++++ linux-2.6.32.46/fs/exec.c 2011-10-06 09:37:14.000000000 -0400
@@ -56,12 +56,24 @@
#include <linux/fsnotify.h>
#include <linux/fs_struct.h>
@@ -43500,7 +44407,7 @@ diff -urNp linux-2.6.32.46/fs/exec.c linux-2.6.32.46/fs/exec.c
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
- result = vfs_read(file, (void __user *)addr, count, &pos);
-+ result = vfs_read(file, (__force void __user *)addr, count, &pos);
++ result = vfs_read(file, (void __force_user *)addr, count, &pos);
set_fs(old_fs);
return result;
}
@@ -44118,7 +45025,7 @@ diff -urNp linux-2.6.32.46/fs/ext4/super.c linux-2.6.32.46/fs/ext4/super.c
};
diff -urNp linux-2.6.32.46/fs/fcntl.c linux-2.6.32.46/fs/fcntl.c
--- linux-2.6.32.46/fs/fcntl.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/fs/fcntl.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/fs/fcntl.c 2011-10-06 09:37:14.000000000 -0400
@@ -223,6 +223,11 @@ int __f_setown(struct file *filp, struct
if (err)
return err;
@@ -44131,6 +45038,24 @@ diff -urNp linux-2.6.32.46/fs/fcntl.c linux-2.6.32.46/fs/fcntl.c
f_modown(filp, pid, type, force);
return 0;
}
+@@ -265,7 +270,7 @@ pid_t f_getown(struct file *filp)
+
+ static int f_setown_ex(struct file *filp, unsigned long arg)
+ {
+- struct f_owner_ex * __user owner_p = (void * __user)arg;
++ struct f_owner_ex __user *owner_p = (void __user *)arg;
+ struct f_owner_ex owner;
+ struct pid *pid;
+ int type;
+@@ -305,7 +310,7 @@ static int f_setown_ex(struct file *filp
+
+ static int f_getown_ex(struct file *filp, unsigned long arg)
+ {
+- struct f_owner_ex * __user owner_p = (void * __user)arg;
++ struct f_owner_ex __user *owner_p = (void __user *)arg;
+ struct f_owner_ex owner;
+ int ret = 0;
+
@@ -344,6 +349,7 @@ static long do_fcntl(int fd, unsigned in
switch (cmd) {
case F_DUPFD:
@@ -46162,7 +47087,7 @@ diff -urNp linux-2.6.32.46/fs/mbcache.c linux-2.6.32.46/fs/mbcache.c
#ifdef MB_CACHE_INDEXES_COUNT
diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
--- linux-2.6.32.46/fs/namei.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/fs/namei.c 2011-05-16 21:46:57.000000000 -0400
++++ linux-2.6.32.46/fs/namei.c 2011-10-06 03:36:41.000000000 -0400
@@ -224,14 +224,6 @@ int generic_permission(struct inode *ino
return ret;
@@ -46212,7 +47137,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
error = 0;
if (s)
error = __vfs_follow_link(nd, s);
-@@ -669,6 +670,13 @@ static inline int do_follow_link(struct
+@@ -669,6 +670,18 @@ static inline int do_follow_link(struct
err = security_inode_follow_link(path->dentry, nd);
if (err)
goto loop;
@@ -46223,10 +47148,15 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
+ goto loop;
+ }
+
++ if (!gr_acl_handle_hidden_file(path->dentry, nd->path.mnt)) {
++ err = -ENOENT;
++ goto loop;
++ }
++
current->link_count++;
current->total_link_count++;
nd->depth++;
-@@ -1016,11 +1024,18 @@ return_reval:
+@@ -1016,11 +1029,18 @@ return_reval:
break;
}
return_base:
@@ -46245,7 +47175,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
path_put(&nd->path);
return_err:
return err;
-@@ -1091,13 +1106,20 @@ static int do_path_lookup(int dfd, const
+@@ -1091,13 +1111,20 @@ static int do_path_lookup(int dfd, const
int retval = path_init(dfd, name, flags, nd);
if (!retval)
retval = path_walk(name, nd);
@@ -46269,7 +47199,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
return retval;
}
-@@ -1576,6 +1598,20 @@ int may_open(struct path *path, int acc_
+@@ -1576,6 +1603,20 @@ int may_open(struct path *path, int acc_
if (error)
goto err_out;
@@ -46290,7 +47220,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
if (flag & O_TRUNC) {
error = get_write_access(inode);
if (error)
-@@ -1621,12 +1657,19 @@ static int __open_namei_create(struct na
+@@ -1621,12 +1662,19 @@ static int __open_namei_create(struct na
int error;
struct dentry *dir = nd->path.dentry;
@@ -46310,7 +47240,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
out_unlock:
mutex_unlock(&dir->d_inode->i_mutex);
dput(nd->path.dentry);
-@@ -1709,6 +1752,22 @@ struct file *do_filp_open(int dfd, const
+@@ -1709,6 +1757,22 @@ struct file *do_filp_open(int dfd, const
&nd, flag);
if (error)
return ERR_PTR(error);
@@ -46333,7 +47263,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
goto ok;
}
-@@ -1795,6 +1854,14 @@ do_last:
+@@ -1795,6 +1859,14 @@ do_last:
/*
* It already exists.
*/
@@ -46348,7 +47278,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
mutex_unlock(&dir->d_inode->i_mutex);
audit_inode(pathname, path.dentry);
-@@ -1887,6 +1954,13 @@ do_link:
+@@ -1887,6 +1959,13 @@ do_link:
error = security_inode_follow_link(path.dentry, &nd);
if (error)
goto exit_dput;
@@ -46362,7 +47292,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
error = __do_follow_link(&path, &nd);
if (error) {
/* Does someone understand code flow here? Or it is only
-@@ -2061,6 +2135,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
+@@ -2061,6 +2140,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
error = may_mknod(mode);
if (error)
goto out_dput;
@@ -46380,7 +47310,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
error = mnt_want_write(nd.path.mnt);
if (error)
goto out_dput;
-@@ -2081,6 +2166,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
+@@ -2081,6 +2171,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
}
out_drop_write:
mnt_drop_write(nd.path.mnt);
@@ -46390,7 +47320,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
out_dput:
dput(dentry);
out_unlock:
-@@ -2134,6 +2222,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
+@@ -2134,6 +2227,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
if (IS_ERR(dentry))
goto out_unlock;
@@ -46402,7 +47332,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
if (!IS_POSIXACL(nd.path.dentry->d_inode))
mode &= ~current_umask();
error = mnt_want_write(nd.path.mnt);
-@@ -2145,6 +2238,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
+@@ -2145,6 +2243,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
out_drop_write:
mnt_drop_write(nd.path.mnt);
@@ -46413,7 +47343,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
out_dput:
dput(dentry);
out_unlock:
-@@ -2226,6 +2323,8 @@ static long do_rmdir(int dfd, const char
+@@ -2226,6 +2328,8 @@ static long do_rmdir(int dfd, const char
char * name;
struct dentry *dentry;
struct nameidata nd;
@@ -46422,7 +47352,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2250,6 +2349,19 @@ static long do_rmdir(int dfd, const char
+@@ -2250,6 +2354,19 @@ static long do_rmdir(int dfd, const char
error = PTR_ERR(dentry);
if (IS_ERR(dentry))
goto exit2;
@@ -46442,7 +47372,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit3;
-@@ -2257,6 +2369,8 @@ static long do_rmdir(int dfd, const char
+@@ -2257,6 +2374,8 @@ static long do_rmdir(int dfd, const char
if (error)
goto exit4;
error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
@@ -46451,7 +47381,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
exit4:
mnt_drop_write(nd.path.mnt);
exit3:
-@@ -2318,6 +2432,8 @@ static long do_unlinkat(int dfd, const c
+@@ -2318,6 +2437,8 @@ static long do_unlinkat(int dfd, const c
struct dentry *dentry;
struct nameidata nd;
struct inode *inode = NULL;
@@ -46460,7 +47390,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2337,8 +2453,19 @@ static long do_unlinkat(int dfd, const c
+@@ -2337,8 +2458,19 @@ static long do_unlinkat(int dfd, const c
if (nd.last.name[nd.last.len])
goto slashes;
inode = dentry->d_inode;
@@ -46481,7 +47411,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit2;
-@@ -2346,6 +2473,8 @@ static long do_unlinkat(int dfd, const c
+@@ -2346,6 +2478,8 @@ static long do_unlinkat(int dfd, const c
if (error)
goto exit3;
error = vfs_unlink(nd.path.dentry->d_inode, dentry);
@@ -46490,7 +47420,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
exit3:
mnt_drop_write(nd.path.mnt);
exit2:
-@@ -2424,6 +2553,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
+@@ -2424,6 +2558,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
if (IS_ERR(dentry))
goto out_unlock;
@@ -46502,7 +47432,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
error = mnt_want_write(nd.path.mnt);
if (error)
goto out_dput;
-@@ -2431,6 +2565,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
+@@ -2431,6 +2570,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
if (error)
goto out_drop_write;
error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
@@ -46511,7 +47441,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
out_drop_write:
mnt_drop_write(nd.path.mnt);
out_dput:
-@@ -2524,6 +2660,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
+@@ -2524,6 +2665,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
goto out_unlock;
@@ -46532,7 +47462,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
error = mnt_want_write(nd.path.mnt);
if (error)
goto out_dput;
-@@ -2531,6 +2681,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
+@@ -2531,6 +2686,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
if (error)
goto out_drop_write;
error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
@@ -46541,7 +47471,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
out_drop_write:
mnt_drop_write(nd.path.mnt);
out_dput:
-@@ -2708,6 +2860,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -2708,6 +2865,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
char *to;
int error;
@@ -46550,7 +47480,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
error = user_path_parent(olddfd, oldname, &oldnd, &from);
if (error)
goto exit;
-@@ -2764,6 +2918,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -2764,6 +2923,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
if (new_dentry == trap)
goto exit5;
@@ -46563,7 +47493,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
error = mnt_want_write(oldnd.path.mnt);
if (error)
goto exit5;
-@@ -2773,6 +2933,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -2773,6 +2938,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
goto exit6;
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry);
@@ -46573,7 +47503,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
exit6:
mnt_drop_write(oldnd.path.mnt);
exit5:
-@@ -2798,6 +2961,8 @@ SYSCALL_DEFINE2(rename, const char __use
+@@ -2798,6 +2966,8 @@ SYSCALL_DEFINE2(rename, const char __use
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
{
@@ -46582,7 +47512,7 @@ diff -urNp linux-2.6.32.46/fs/namei.c linux-2.6.32.46/fs/namei.c
int len;
len = PTR_ERR(link);
-@@ -2807,7 +2972,14 @@ int vfs_readlink(struct dentry *dentry,
+@@ -2807,7 +2977,14 @@ int vfs_readlink(struct dentry *dentry,
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
@@ -46805,13 +47735,13 @@ diff -urNp linux-2.6.32.46/fs/nfsd/nfs4xdr.c linux-2.6.32.46/fs/nfsd/nfs4xdr.c
BUG_ON(bmval1 & ~nfsd_suppattrs1(minorversion));
diff -urNp linux-2.6.32.46/fs/nfsd/vfs.c linux-2.6.32.46/fs/nfsd/vfs.c
--- linux-2.6.32.46/fs/nfsd/vfs.c 2011-05-10 22:12:01.000000000 -0400
-+++ linux-2.6.32.46/fs/nfsd/vfs.c 2011-05-10 22:12:33.000000000 -0400
++++ linux-2.6.32.46/fs/nfsd/vfs.c 2011-10-06 09:37:14.000000000 -0400
@@ -937,7 +937,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, st
} else {
oldfs = get_fs();
set_fs(KERNEL_DS);
- host_err = vfs_readv(file, (struct iovec __user *)vec, vlen, &offset);
-+ host_err = vfs_readv(file, (__force struct iovec __user *)vec, vlen, &offset);
++ host_err = vfs_readv(file, (struct iovec __force_user *)vec, vlen, &offset);
set_fs(oldfs);
}
@@ -46820,7 +47750,7 @@ diff -urNp linux-2.6.32.46/fs/nfsd/vfs.c linux-2.6.32.46/fs/nfsd/vfs.c
/* Write the data. */
oldfs = get_fs(); set_fs(KERNEL_DS);
- host_err = vfs_writev(file, (struct iovec __user *)vec, vlen, &offset);
-+ host_err = vfs_writev(file, (__force struct iovec __user *)vec, vlen, &offset);
++ host_err = vfs_writev(file, (struct iovec __force_user *)vec, vlen, &offset);
set_fs(oldfs);
if (host_err < 0)
goto out_nfserr;
@@ -46829,7 +47759,7 @@ diff -urNp linux-2.6.32.46/fs/nfsd/vfs.c linux-2.6.32.46/fs/nfsd/vfs.c
oldfs = get_fs(); set_fs(KERNEL_DS);
- host_err = inode->i_op->readlink(dentry, buf, *lenp);
-+ host_err = inode->i_op->readlink(dentry, (__force char __user *)buf, *lenp);
++ host_err = inode->i_op->readlink(dentry, (char __force_user *)buf, *lenp);
set_fs(oldfs);
if (host_err < 0)
@@ -48392,7 +49322,7 @@ diff -urNp linux-2.6.32.46/fs/proc/task_nommu.c linux-2.6.32.46/fs/proc/task_nom
seq_putc(m, '\n');
diff -urNp linux-2.6.32.46/fs/readdir.c linux-2.6.32.46/fs/readdir.c
--- linux-2.6.32.46/fs/readdir.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/fs/readdir.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/fs/readdir.c 2011-10-06 09:37:14.000000000 -0400
@@ -16,6 +16,7 @@
#include <linux/security.h>
#include <linux/syscalls.h>
@@ -48482,6 +49412,15 @@ diff -urNp linux-2.6.32.46/fs/readdir.c linux-2.6.32.46/fs/readdir.c
buf.count = count;
buf.error = 0;
+@@ -297,7 +316,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int
+ error = buf.error;
+ lastdirent = buf.previous;
+ if (lastdirent) {
+- typeof(lastdirent->d_off) d_off = file->f_pos;
++ typeof(((struct linux_dirent64 *)0)->d_off) d_off = file->f_pos;
+ if (__put_user(d_off, &lastdirent->d_off))
+ error = -EFAULT;
+ else
diff -urNp linux-2.6.32.46/fs/reiserfs/dir.c linux-2.6.32.46/fs/reiserfs/dir.c
--- linux-2.6.32.46/fs/reiserfs/dir.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/fs/reiserfs/dir.c 2011-05-16 21:46:57.000000000 -0400
@@ -48809,7 +49748,7 @@ diff -urNp linux-2.6.32.46/fs/smbfs/symlink.c linux-2.6.32.46/fs/smbfs/symlink.c
}
diff -urNp linux-2.6.32.46/fs/splice.c linux-2.6.32.46/fs/splice.c
--- linux-2.6.32.46/fs/splice.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/fs/splice.c 2011-05-16 21:46:57.000000000 -0400
++++ linux-2.6.32.46/fs/splice.c 2011-10-06 09:37:14.000000000 -0400
@@ -185,7 +185,7 @@ ssize_t splice_to_pipe(struct pipe_inode
pipe_lock(pipe);
@@ -48845,7 +49784,7 @@ diff -urNp linux-2.6.32.46/fs/splice.c linux-2.6.32.46/fs/splice.c
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
- res = vfs_readv(file, (const struct iovec __user *)vec, vlen, &pos);
-+ res = vfs_readv(file, (__force const struct iovec __user *)vec, vlen, &pos);
++ res = vfs_readv(file, (const struct iovec __force_user *)vec, vlen, &pos);
set_fs(old_fs);
return res;
@@ -48854,7 +49793,7 @@ diff -urNp linux-2.6.32.46/fs/splice.c linux-2.6.32.46/fs/splice.c
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
- res = vfs_write(file, (const char __user *)buf, count, &pos);
-+ res = vfs_write(file, (__force const char __user *)buf, count, &pos);
++ res = vfs_write(file, (const char __force_user *)buf, count, &pos);
set_fs(old_fs);
return res;
@@ -60125,8 +61064,58 @@ diff -urNp linux-2.6.32.46/include/linux/compiler-gcc4.h linux-2.6.32.46/include
#endif
diff -urNp linux-2.6.32.46/include/linux/compiler.h linux-2.6.32.46/include/linux/compiler.h
--- linux-2.6.32.46/include/linux/compiler.h 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/include/linux/compiler.h 2011-08-26 20:19:09.000000000 -0400
-@@ -247,6 +247,14 @@ void ftrace_likely_update(struct ftrace_
++++ linux-2.6.32.46/include/linux/compiler.h 2011-10-06 09:37:14.000000000 -0400
+@@ -5,11 +5,14 @@
+
+ #ifdef __CHECKER__
+ # define __user __attribute__((noderef, address_space(1)))
++# define __force_user __force __user
+ # define __kernel /* default address space */
++# define __force_kernel __force __kernel
+ # define __safe __attribute__((safe))
+ # define __force __attribute__((force))
+ # define __nocast __attribute__((nocast))
+ # define __iomem __attribute__((noderef, address_space(2)))
++# define __force_iomem __force __iomem
+ # define __acquires(x) __attribute__((context(x,0,1)))
+ # define __releases(x) __attribute__((context(x,1,0)))
+ # define __acquire(x) __context__(x,1)
+@@ -17,13 +20,34 @@
+ # define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0)
+ extern void __chk_user_ptr(const volatile void __user *);
+ extern void __chk_io_ptr(const volatile void __iomem *);
++#elif defined(CHECKER_PLUGIN)
++//# define __user
++//# define __force_user
++//# define __kernel
++//# define __force_kernel
++# define __safe
++# define __force
++# define __nocast
++# define __iomem
++# define __force_iomem
++# define __chk_user_ptr(x) (void)0
++# define __chk_io_ptr(x) (void)0
++# define __builtin_warning(x, y...) (1)
++# define __acquires(x)
++# define __releases(x)
++# define __acquire(x) (void)0
++# define __release(x) (void)0
++# define __cond_lock(x,c) (c)
+ #else
+ # define __user
++# define __force_user
+ # define __kernel
++# define __force_kernel
+ # define __safe
+ # define __force
+ # define __nocast
+ # define __iomem
++# define __force_iomem
+ # define __chk_user_ptr(x) (void)0
+ # define __chk_io_ptr(x) (void)0
+ # define __builtin_warning(x, y...) (1)
+@@ -247,6 +271,14 @@ void ftrace_likely_update(struct ftrace_
# define __attribute_const__ /* unimplemented */
#endif
@@ -60141,7 +61130,7 @@ diff -urNp linux-2.6.32.46/include/linux/compiler.h linux-2.6.32.46/include/linu
/*
* Tell gcc if a function is cold. The compiler will assume any path
* directly leading to the call is unlikely.
-@@ -256,6 +264,22 @@ void ftrace_likely_update(struct ftrace_
+@@ -256,6 +288,22 @@ void ftrace_likely_update(struct ftrace_
#define __cold
#endif
@@ -60164,7 +61153,7 @@ diff -urNp linux-2.6.32.46/include/linux/compiler.h linux-2.6.32.46/include/linu
/* Simple shorthand for a section definition */
#ifndef __section
# define __section(S) __attribute__ ((__section__(#S)))
-@@ -278,6 +302,7 @@ void ftrace_likely_update(struct ftrace_
+@@ -278,6 +326,7 @@ void ftrace_likely_update(struct ftrace_
* use is to mediate communication between process-level code and irq/NMI
* handlers, all running on the same CPU.
*/
@@ -63507,16 +64496,17 @@ diff -urNp linux-2.6.32.46/include/linux/types.h linux-2.6.32.46/include/linux/t
struct ustat {
diff -urNp linux-2.6.32.46/include/linux/uaccess.h linux-2.6.32.46/include/linux/uaccess.h
--- linux-2.6.32.46/include/linux/uaccess.h 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/include/linux/uaccess.h 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/include/linux/uaccess.h 2011-10-06 09:37:14.000000000 -0400
@@ -76,11 +76,11 @@ static inline unsigned long __copy_from_
long ret; \
mm_segment_t old_fs = get_fs(); \
\
- set_fs(KERNEL_DS); \
pagefault_disable(); \
-+ set_fs(KERNEL_DS); \
- ret = __copy_from_user_inatomic(&(retval), (__force typeof(retval) __user *)(addr), sizeof(retval)); \
+- ret = __copy_from_user_inatomic(&(retval), (__force typeof(retval) __user *)(addr), sizeof(retval)); \
- pagefault_enable(); \
++ set_fs(KERNEL_DS); \
++ ret = __copy_from_user_inatomic(&(retval), (typeof(retval) __force_user *)(addr), sizeof(retval)); \
set_fs(old_fs); \
+ pagefault_enable(); \
ret; \
@@ -64290,15 +65280,15 @@ diff -urNp linux-2.6.32.46/init/do_mounts.c linux-2.6.32.46/init/do_mounts.c
}
diff -urNp linux-2.6.32.46/init/do_mounts.h linux-2.6.32.46/init/do_mounts.h
--- linux-2.6.32.46/init/do_mounts.h 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/init/do_mounts.h 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/init/do_mounts.h 2011-10-06 09:37:14.000000000 -0400
@@ -15,15 +15,15 @@ extern int root_mountflags;
static inline int create_dev(char *name, dev_t dev)
{
- sys_unlink(name);
- return sys_mknod(name, S_IFBLK|0600, new_encode_dev(dev));
-+ sys_unlink((__force char __user *)name);
-+ return sys_mknod((__force char __user *)name, S_IFBLK|0600, new_encode_dev(dev));
++ sys_unlink((char __force_user *)name);
++ return sys_mknod((char __force_user *)name, S_IFBLK|0600, new_encode_dev(dev));
}
#if BITS_PER_LONG == 32
@@ -64306,13 +65296,22 @@ diff -urNp linux-2.6.32.46/init/do_mounts.h linux-2.6.32.46/init/do_mounts.h
{
struct stat64 stat;
- if (sys_stat64(name, &stat) != 0)
-+ if (sys_stat64((__force char __user *)name, (__force struct stat64 __user *)&stat) != 0)
++ if (sys_stat64((char __force_user *)name, (struct stat64 __force_user *)&stat) != 0)
+ return 0;
+ if (!S_ISBLK(stat.st_mode))
+ return 0;
+@@ -35,7 +35,7 @@ static inline u32 bstat(char *name)
+ static inline u32 bstat(char *name)
+ {
+ struct stat stat;
+- if (sys_newstat(name, &stat) != 0)
++ if (sys_newstat((const char __force_user *)name, (struct stat __force_user *)&stat) != 0)
return 0;
if (!S_ISBLK(stat.st_mode))
return 0;
diff -urNp linux-2.6.32.46/init/do_mounts_initrd.c linux-2.6.32.46/init/do_mounts_initrd.c
--- linux-2.6.32.46/init/do_mounts_initrd.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/init/do_mounts_initrd.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/init/do_mounts_initrd.c 2011-10-06 09:37:14.000000000 -0400
@@ -32,7 +32,7 @@ static int __init do_linuxrc(void * shel
sys_close(old_fd);sys_close(root_fd);
sys_close(0);sys_close(1);sys_close(2);
@@ -64329,16 +65328,16 @@ diff -urNp linux-2.6.32.46/init/do_mounts_initrd.c linux-2.6.32.46/init/do_mount
- sys_mkdir("/old", 0700);
- root_fd = sys_open("/", 0, 0);
- old_fd = sys_open("/old", 0, 0);
-+ sys_mkdir((__force const char __user *)"/old", 0700);
-+ root_fd = sys_open((__force const char __user *)"/", 0, 0);
-+ old_fd = sys_open((__force const char __user *)"/old", 0, 0);
++ sys_mkdir((const char __force_user *)"/old", 0700);
++ root_fd = sys_open((const char __force_user *)"/", 0, 0);
++ old_fd = sys_open((const char __force_user *)"/old", 0, 0);
/* move initrd over / and chdir/chroot in initrd root */
- sys_chdir("/root");
- sys_mount(".", "/", NULL, MS_MOVE, NULL);
- sys_chroot(".");
-+ sys_chdir((__force const char __user *)"/root");
-+ sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
-+ sys_chroot((__force const char __user *)".");
++ sys_chdir((const char __force_user *)"/root");
++ sys_mount((char __force_user *)".", (char __force_user *)"/", NULL, MS_MOVE, NULL);
++ sys_chroot((const char __force_user *)".");
/*
* In case that a resume from disk is carried out by linuxrc or one of
@@ -64347,17 +65346,17 @@ diff -urNp linux-2.6.32.46/init/do_mounts_initrd.c linux-2.6.32.46/init/do_mount
/* move initrd to rootfs' /old */
sys_fchdir(old_fd);
- sys_mount("/", ".", NULL, MS_MOVE, NULL);
-+ sys_mount((__force char __user *)"/", (__force char __user *)".", NULL, MS_MOVE, NULL);
++ sys_mount((char __force_user *)"/", (char __force_user *)".", NULL, MS_MOVE, NULL);
/* switch root and cwd back to / of rootfs */
sys_fchdir(root_fd);
- sys_chroot(".");
-+ sys_chroot((__force const char __user *)".");
++ sys_chroot((const char __force_user *)".");
sys_close(old_fd);
sys_close(root_fd);
if (new_decode_dev(real_root_dev) == Root_RAM0) {
- sys_chdir("/old");
-+ sys_chdir((__force const char __user *)"/old");
++ sys_chdir((const char __force_user *)"/old");
return;
}
@@ -64366,19 +65365,19 @@ diff -urNp linux-2.6.32.46/init/do_mounts_initrd.c linux-2.6.32.46/init/do_mount
printk(KERN_NOTICE "Trying to move old root to /initrd ... ");
- error = sys_mount("/old", "/root/initrd", NULL, MS_MOVE, NULL);
-+ error = sys_mount((__force char __user *)"/old", (__force char __user *)"/root/initrd", NULL, MS_MOVE, NULL);
++ error = sys_mount((char __force_user *)"/old", (char __force_user *)"/root/initrd", NULL, MS_MOVE, NULL);
if (!error)
printk("okay\n");
else {
- int fd = sys_open("/dev/root.old", O_RDWR, 0);
-+ int fd = sys_open((__force const char __user *)"/dev/root.old", O_RDWR, 0);
++ int fd = sys_open((const char __force_user *)"/dev/root.old", O_RDWR, 0);
if (error == -ENOENT)
printk("/initrd does not exist. Ignored.\n");
else
printk("failed\n");
printk(KERN_NOTICE "Unmounting old root\n");
- sys_umount("/old", MNT_DETACH);
-+ sys_umount((__force char __user *)"/old", MNT_DETACH);
++ sys_umount((char __force_user *)"/old", MNT_DETACH);
printk(KERN_NOTICE "Trying to free ramdisk memory ... ");
if (fd < 0) {
error = fd;
@@ -64387,24 +65386,24 @@ diff -urNp linux-2.6.32.46/init/do_mounts_initrd.c linux-2.6.32.46/init/do_mount
*/
if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) {
- sys_unlink("/initrd.image");
-+ sys_unlink((__force const char __user *)"/initrd.image");
++ sys_unlink((const char __force_user *)"/initrd.image");
handle_initrd();
return 1;
}
}
- sys_unlink("/initrd.image");
-+ sys_unlink((__force const char __user *)"/initrd.image");
++ sys_unlink((const char __force_user *)"/initrd.image");
return 0;
}
diff -urNp linux-2.6.32.46/init/do_mounts_md.c linux-2.6.32.46/init/do_mounts_md.c
--- linux-2.6.32.46/init/do_mounts_md.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/init/do_mounts_md.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/init/do_mounts_md.c 2011-10-06 09:37:14.000000000 -0400
@@ -170,7 +170,7 @@ static void __init md_setup_drive(void)
partitioned ? "_d" : "", minor,
md_setup_args[ent].device_names);
- fd = sys_open(name, 0, 0);
-+ fd = sys_open((__force char __user *)name, 0, 0);
++ fd = sys_open((char __force_user *)name, 0, 0);
if (fd < 0) {
printk(KERN_ERR "md: open failed - cannot start "
"array %s\n", name);
@@ -64413,7 +65412,7 @@ diff -urNp linux-2.6.32.46/init/do_mounts_md.c linux-2.6.32.46/init/do_mounts_md
*/
sys_close(fd);
- fd = sys_open(name, 0, 0);
-+ fd = sys_open((__force char __user *)name, 0, 0);
++ fd = sys_open((char __force_user *)name, 0, 0);
sys_ioctl(fd, BLKRRPART, 0);
}
sys_close(fd);
@@ -64428,7 +65427,7 @@ diff -urNp linux-2.6.32.46/init/do_mounts_md.c linux-2.6.32.46/init/do_mounts_md
sys_close(fd);
diff -urNp linux-2.6.32.46/init/initramfs.c linux-2.6.32.46/init/initramfs.c
--- linux-2.6.32.46/init/initramfs.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/init/initramfs.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/init/initramfs.c 2011-10-06 09:37:14.000000000 -0400
@@ -74,7 +74,7 @@ static void __init free_hash(void)
}
}
@@ -64443,7 +65442,7 @@ diff -urNp linux-2.6.32.46/init/initramfs.c linux-2.6.32.46/init/initramfs.c
list_for_each_entry_safe(de, tmp, &dir_list, list) {
list_del(&de->list);
- do_utime(de->name, de->mtime);
-+ do_utime((__force char __user *)de->name, de->mtime);
++ do_utime((char __force_user *)de->name, de->mtime);
kfree(de->name);
kfree(de);
}
@@ -64452,7 +65451,7 @@ diff -urNp linux-2.6.32.46/init/initramfs.c linux-2.6.32.46/init/initramfs.c
char *old = find_link(major, minor, ino, mode, collected);
if (old)
- return (sys_link(old, collected) < 0) ? -1 : 1;
-+ return (sys_link((__force char __user *)old, (__force char __user *)collected) < 0) ? -1 : 1;
++ return (sys_link((char __force_user *)old, (char __force_user *)collected) < 0) ? -1 : 1;
}
return 0;
}
@@ -64461,13 +65460,13 @@ diff -urNp linux-2.6.32.46/init/initramfs.c linux-2.6.32.46/init/initramfs.c
struct stat st;
- if (!sys_newlstat(path, &st) && (st.st_mode^mode) & S_IFMT) {
-+ if (!sys_newlstat((__force char __user *)path, (__force struct stat __user *)&st) && (st.st_mode^mode) & S_IFMT) {
++ if (!sys_newlstat((char __force_user *)path, (struct stat __force_user *)&st) && (st.st_mode^mode) & S_IFMT) {
if (S_ISDIR(st.st_mode))
- sys_rmdir(path);
-+ sys_rmdir((__force char __user *)path);
++ sys_rmdir((char __force_user *)path);
else
- sys_unlink(path);
-+ sys_unlink((__force char __user *)path);
++ sys_unlink((char __force_user *)path);
}
}
@@ -64476,7 +65475,7 @@ diff -urNp linux-2.6.32.46/init/initramfs.c linux-2.6.32.46/init/initramfs.c
if (ml != 1)
openflags |= O_TRUNC;
- wfd = sys_open(collected, openflags, mode);
-+ wfd = sys_open((__force char __user *)collected, openflags, mode);
++ wfd = sys_open((char __force_user *)collected, openflags, mode);
if (wfd >= 0) {
sys_fchown(wfd, uid, gid);
@@ -64487,9 +65486,9 @@ diff -urNp linux-2.6.32.46/init/initramfs.c linux-2.6.32.46/init/initramfs.c
- sys_mkdir(collected, mode);
- sys_chown(collected, uid, gid);
- sys_chmod(collected, mode);
-+ sys_mkdir((__force char __user *)collected, mode);
-+ sys_chown((__force char __user *)collected, uid, gid);
-+ sys_chmod((__force char __user *)collected, mode);
++ sys_mkdir((char __force_user *)collected, mode);
++ sys_chown((char __force_user *)collected, uid, gid);
++ sys_chmod((char __force_user *)collected, mode);
dir_add(collected, mtime);
} else if (S_ISBLK(mode) || S_ISCHR(mode) ||
S_ISFIFO(mode) || S_ISSOCK(mode)) {
@@ -64498,10 +65497,10 @@ diff -urNp linux-2.6.32.46/init/initramfs.c linux-2.6.32.46/init/initramfs.c
- sys_chown(collected, uid, gid);
- sys_chmod(collected, mode);
- do_utime(collected, mtime);
-+ sys_mknod((__force char __user *)collected, mode, rdev);
-+ sys_chown((__force char __user *)collected, uid, gid);
-+ sys_chmod((__force char __user *)collected, mode);
-+ do_utime((__force char __user *)collected, mtime);
++ sys_mknod((char __force_user *)collected, mode, rdev);
++ sys_chown((char __force_user *)collected, uid, gid);
++ sys_chmod((char __force_user *)collected, mode);
++ do_utime((char __force_user *)collected, mtime);
}
}
return 0;
@@ -64510,17 +65509,17 @@ diff -urNp linux-2.6.32.46/init/initramfs.c linux-2.6.32.46/init/initramfs.c
{
if (count >= body_len) {
- sys_write(wfd, victim, body_len);
-+ sys_write(wfd, (__force char __user *)victim, body_len);
++ sys_write(wfd, (char __force_user *)victim, body_len);
sys_close(wfd);
- do_utime(vcollected, mtime);
-+ do_utime((__force char __user *)vcollected, mtime);
++ do_utime((char __force_user *)vcollected, mtime);
kfree(vcollected);
eat(body_len);
state = SkipIt;
return 0;
} else {
- sys_write(wfd, victim, count);
-+ sys_write(wfd, (__force char __user *)victim, count);
++ sys_write(wfd, (char __force_user *)victim, count);
body_len -= count;
eat(count);
return 1;
@@ -64531,9 +65530,9 @@ diff -urNp linux-2.6.32.46/init/initramfs.c linux-2.6.32.46/init/initramfs.c
- sys_symlink(collected + N_ALIGN(name_len), collected);
- sys_lchown(collected, uid, gid);
- do_utime(collected, mtime);
-+ sys_symlink((__force char __user *)collected + N_ALIGN(name_len), (__force char __user *)collected);
-+ sys_lchown((__force char __user *)collected, uid, gid);
-+ do_utime((__force char __user *)collected, mtime);
++ sys_symlink((char __force_user *)collected + N_ALIGN(name_len), (char __force_user *)collected);
++ sys_lchown((char __force_user *)collected, uid, gid);
++ do_utime((char __force_user *)collected, mtime);
state = SkipIt;
next_state = Reset;
return 0;
@@ -64551,7 +65550,7 @@ diff -urNp linux-2.6.32.46/init/Kconfig linux-2.6.32.46/init/Kconfig
also breaks ancient binaries (including anything libc5 based).
diff -urNp linux-2.6.32.46/init/main.c linux-2.6.32.46/init/main.c
--- linux-2.6.32.46/init/main.c 2011-05-10 22:12:01.000000000 -0400
-+++ linux-2.6.32.46/init/main.c 2011-08-05 20:33:55.000000000 -0400
++++ linux-2.6.32.46/init/main.c 2011-10-06 09:37:14.000000000 -0400
@@ -97,6 +97,7 @@ static inline void mark_rodata_ro(void)
#ifdef CONFIG_TC
extern void tc_init(void);
@@ -64685,7 +65684,7 @@ diff -urNp linux-2.6.32.46/init/main.c linux-2.6.32.46/init/main.c
ramdisk_execute_command = "/init";
- if (sys_access((const char __user *) ramdisk_execute_command, 0) != 0) {
-+ if (sys_access((__force const char __user *) ramdisk_execute_command, 0) != 0) {
++ if (sys_access((const char __force_user *) ramdisk_execute_command, 0) != 0) {
ramdisk_execute_command = NULL;
prepare_namespace();
}
@@ -64886,13 +65885,13 @@ diff -urNp linux-2.6.32.46/ipc/shm.c linux-2.6.32.46/ipc/shm.c
diff -urNp linux-2.6.32.46/kernel/acct.c linux-2.6.32.46/kernel/acct.c
--- linux-2.6.32.46/kernel/acct.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/kernel/acct.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/kernel/acct.c 2011-10-06 09:37:14.000000000 -0400
@@ -579,7 +579,7 @@ static void do_acct_process(struct bsd_a
*/
flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
- file->f_op->write(file, (char *)&ac,
-+ file->f_op->write(file, (__force char __user *)&ac,
++ file->f_op->write(file, (char __force_user *)&ac,
sizeof(acct_t), &file->f_pos);
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
set_fs(fs);
@@ -65012,6 +66011,157 @@ diff -urNp linux-2.6.32.46/kernel/cgroup.c linux-2.6.32.46/kernel/cgroup.c
/* First see if we already have a cgroup group that matches
* the desired set */
read_lock(&css_set_lock);
+diff -urNp linux-2.6.32.46/kernel/compat.c linux-2.6.32.46/kernel/compat.c
+--- linux-2.6.32.46/kernel/compat.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/kernel/compat.c 2011-10-06 09:37:14.000000000 -0400
+@@ -108,7 +108,7 @@ static long compat_nanosleep_restart(str
+ mm_segment_t oldfs;
+ long ret;
+
+- restart->nanosleep.rmtp = (struct timespec __user *) &rmt;
++ restart->nanosleep.rmtp = (struct timespec __force_user *) &rmt;
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = hrtimer_nanosleep_restart(restart);
+@@ -140,7 +140,7 @@ asmlinkage long compat_sys_nanosleep(str
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = hrtimer_nanosleep(&tu,
+- rmtp ? (struct timespec __user *)&rmt : NULL,
++ rmtp ? (struct timespec __force_user *)&rmt : NULL,
+ HRTIMER_MODE_REL, CLOCK_MONOTONIC);
+ set_fs(oldfs);
+
+@@ -247,7 +247,7 @@ asmlinkage long compat_sys_sigpending(co
+ mm_segment_t old_fs = get_fs();
+
+ set_fs(KERNEL_DS);
+- ret = sys_sigpending((old_sigset_t __user *) &s);
++ ret = sys_sigpending((old_sigset_t __force_user *) &s);
+ set_fs(old_fs);
+ if (ret == 0)
+ ret = put_user(s, set);
+@@ -266,8 +266,8 @@ asmlinkage long compat_sys_sigprocmask(i
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = sys_sigprocmask(how,
+- set ? (old_sigset_t __user *) &s : NULL,
+- oset ? (old_sigset_t __user *) &s : NULL);
++ set ? (old_sigset_t __force_user *) &s : NULL,
++ oset ? (old_sigset_t __force_user *) &s : NULL);
+ set_fs(old_fs);
+ if (ret == 0)
+ if (oset)
+@@ -310,7 +310,7 @@ asmlinkage long compat_sys_old_getrlimit
+ mm_segment_t old_fs = get_fs();
+
+ set_fs(KERNEL_DS);
+- ret = sys_old_getrlimit(resource, &r);
++ ret = sys_old_getrlimit(resource, (struct rlimit __force_user *)&r);
+ set_fs(old_fs);
+
+ if (!ret) {
+@@ -385,7 +385,7 @@ asmlinkage long compat_sys_getrusage(int
+ mm_segment_t old_fs = get_fs();
+
+ set_fs(KERNEL_DS);
+- ret = sys_getrusage(who, (struct rusage __user *) &r);
++ ret = sys_getrusage(who, (struct rusage __force_user *) &r);
+ set_fs(old_fs);
+
+ if (ret)
+@@ -412,8 +412,8 @@ compat_sys_wait4(compat_pid_t pid, compa
+ set_fs (KERNEL_DS);
+ ret = sys_wait4(pid,
+ (stat_addr ?
+- (unsigned int __user *) &status : NULL),
+- options, (struct rusage __user *) &r);
++ (unsigned int __force_user *) &status : NULL),
++ options, (struct rusage __force_user *) &r);
+ set_fs (old_fs);
+
+ if (ret > 0) {
+@@ -438,8 +438,8 @@ asmlinkage long compat_sys_waitid(int wh
+ memset(&info, 0, sizeof(info));
+
+ set_fs(KERNEL_DS);
+- ret = sys_waitid(which, pid, (siginfo_t __user *)&info, options,
+- uru ? (struct rusage __user *)&ru : NULL);
++ ret = sys_waitid(which, pid, (siginfo_t __force_user *)&info, options,
++ uru ? (struct rusage __force_user *)&ru : NULL);
+ set_fs(old_fs);
+
+ if ((ret < 0) || (info.si_signo == 0))
+@@ -569,8 +569,8 @@ long compat_sys_timer_settime(timer_t ti
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ err = sys_timer_settime(timer_id, flags,
+- (struct itimerspec __user *) &newts,
+- (struct itimerspec __user *) &oldts);
++ (struct itimerspec __force_user *) &newts,
++ (struct itimerspec __force_user *) &oldts);
+ set_fs(oldfs);
+ if (!err && old && put_compat_itimerspec(old, &oldts))
+ return -EFAULT;
+@@ -587,7 +587,7 @@ long compat_sys_timer_gettime(timer_t ti
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ err = sys_timer_gettime(timer_id,
+- (struct itimerspec __user *) &ts);
++ (struct itimerspec __force_user *) &ts);
+ set_fs(oldfs);
+ if (!err && put_compat_itimerspec(setting, &ts))
+ return -EFAULT;
+@@ -606,7 +606,7 @@ long compat_sys_clock_settime(clockid_t
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ err = sys_clock_settime(which_clock,
+- (struct timespec __user *) &ts);
++ (struct timespec __force_user *) &ts);
+ set_fs(oldfs);
+ return err;
+ }
+@@ -621,7 +621,7 @@ long compat_sys_clock_gettime(clockid_t
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ err = sys_clock_gettime(which_clock,
+- (struct timespec __user *) &ts);
++ (struct timespec __force_user *) &ts);
+ set_fs(oldfs);
+ if (!err && put_compat_timespec(&ts, tp))
+ return -EFAULT;
+@@ -638,7 +638,7 @@ long compat_sys_clock_getres(clockid_t w
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ err = sys_clock_getres(which_clock,
+- (struct timespec __user *) &ts);
++ (struct timespec __force_user *) &ts);
+ set_fs(oldfs);
+ if (!err && tp && put_compat_timespec(&ts, tp))
+ return -EFAULT;
+@@ -650,9 +650,9 @@ static long compat_clock_nanosleep_resta
+ long err;
+ mm_segment_t oldfs;
+ struct timespec tu;
+- struct compat_timespec *rmtp = restart->nanosleep.compat_rmtp;
++ struct compat_timespec __user *rmtp = restart->nanosleep.compat_rmtp;
+
+- restart->nanosleep.rmtp = (struct timespec __user *) &tu;
++ restart->nanosleep.rmtp = (struct timespec __force_user *) &tu;
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ err = clock_nanosleep_restart(restart);
+@@ -684,8 +684,8 @@ long compat_sys_clock_nanosleep(clockid_
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ err = sys_clock_nanosleep(which_clock, flags,
+- (struct timespec __user *) &in,
+- (struct timespec __user *) &out);
++ (struct timespec __force_user *) &in,
++ (struct timespec __force_user *) &out);
+ set_fs(oldfs);
+
+ if ((err == -ERESTART_RESTARTBLOCK) && rmtp &&
diff -urNp linux-2.6.32.46/kernel/configs.c linux-2.6.32.46/kernel/configs.c
--- linux-2.6.32.46/kernel/configs.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/kernel/configs.c 2011-04-17 15:56:46.000000000 -0400
@@ -65761,6 +66911,19 @@ diff -urNp linux-2.6.32.46/kernel/kallsyms.c linux-2.6.32.46/kernel/kallsyms.c
if (!iter)
return -ENOMEM;
reset_iter(iter, 0);
+diff -urNp linux-2.6.32.46/kernel/kexec.c linux-2.6.32.46/kernel/kexec.c
+--- linux-2.6.32.46/kernel/kexec.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/kernel/kexec.c 2011-10-06 09:37:14.000000000 -0400
+@@ -1028,7 +1028,8 @@ asmlinkage long compat_sys_kexec_load(un
+ unsigned long flags)
+ {
+ struct compat_kexec_segment in;
+- struct kexec_segment out, __user *ksegments;
++ struct kexec_segment out;
++ struct kexec_segment __user *ksegments;
+ unsigned long i, result;
+
+ /* Don't allow clients that don't understand the native
diff -urNp linux-2.6.32.46/kernel/kgdb.c linux-2.6.32.46/kernel/kgdb.c
--- linux-2.6.32.46/kernel/kgdb.c 2011-04-17 17:00:52.000000000 -0400
+++ linux-2.6.32.46/kernel/kgdb.c 2011-05-04 17:56:20.000000000 -0400
@@ -65845,7 +67008,7 @@ diff -urNp linux-2.6.32.46/kernel/kgdb.c linux-2.6.32.46/kernel/kgdb.c
diff -urNp linux-2.6.32.46/kernel/kmod.c linux-2.6.32.46/kernel/kmod.c
--- linux-2.6.32.46/kernel/kmod.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/kernel/kmod.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/kernel/kmod.c 2011-10-06 09:37:14.000000000 -0400
@@ -65,13 +65,12 @@ char modprobe_path[KMOD_PATH_LEN] = "/sb
* If module auto-loading support is disabled then this function
* becomes a no-operation.
@@ -65939,6 +67102,15 @@ diff -urNp linux-2.6.32.46/kernel/kmod.c linux-2.6.32.46/kernel/kmod.c
EXPORT_SYMBOL(__request_module);
#endif /* CONFIG_MODULES */
+@@ -226,7 +279,7 @@ static int wait_for_helper(void *data)
+ *
+ * Thus the __user pointer cast is valid here.
+ */
+- sys_wait4(pid, (int __user *)&ret, 0, NULL);
++ sys_wait4(pid, (int __force_user *)&ret, 0, NULL);
+
+ /*
+ * If ret is 0, either ____call_usermodehelper failed and the
diff -urNp linux-2.6.32.46/kernel/kprobes.c linux-2.6.32.46/kernel/kprobes.c
--- linux-2.6.32.46/kernel/kprobes.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/kernel/kprobes.c 2011-04-17 15:56:46.000000000 -0400
@@ -66919,7 +68091,7 @@ diff -urNp linux-2.6.32.46/kernel/params.c linux-2.6.32.46/kernel/params.c
diff -urNp linux-2.6.32.46/kernel/perf_event.c linux-2.6.32.46/kernel/perf_event.c
--- linux-2.6.32.46/kernel/perf_event.c 2011-08-09 18:35:30.000000000 -0400
-+++ linux-2.6.32.46/kernel/perf_event.c 2011-08-09 18:34:01.000000000 -0400
++++ linux-2.6.32.46/kernel/perf_event.c 2011-10-06 09:37:14.000000000 -0400
@@ -77,7 +77,7 @@ int sysctl_perf_event_mlock __read_mostl
*/
int sysctl_perf_event_sample_rate __read_mostly = 100000;
@@ -67044,6 +68216,21 @@ diff -urNp linux-2.6.32.46/kernel/perf_event.c linux-2.6.32.46/kernel/perf_event
if (read_format & PERF_FORMAT_ID)
values[n++] = primary_event_id(sub);
+@@ -3525,12 +3525,12 @@ static void perf_event_mmap_event(struct
+ * need to add enough zero bytes after the string to handle
+ * the 64bit alignment we do later.
+ */
+- buf = kzalloc(PATH_MAX + sizeof(u64), GFP_KERNEL);
++ buf = kzalloc(PATH_MAX, GFP_KERNEL);
+ if (!buf) {
+ name = strncpy(tmp, "//enomem", sizeof(tmp));
+ goto got_name;
+ }
+- name = d_path(&file->f_path, buf, PATH_MAX);
++ name = d_path(&file->f_path, buf, PATH_MAX - sizeof(u64));
+ if (IS_ERR(name)) {
+ name = strncpy(tmp, "//toolong", sizeof(tmp));
+ goto got_name;
@@ -3783,7 +3783,7 @@ static void perf_swevent_add(struct perf
{
struct hw_perf_event *hwc = &event->hw;
@@ -69235,6 +70422,27 @@ diff -urNp linux-2.6.32.46/kernel/user.c linux-2.6.32.46/kernel/user.c
key_put(new->uid_keyring);
key_put(new->session_keyring);
kmem_cache_free(uid_cachep, new);
+diff -urNp linux-2.6.32.46/lib/bitmap.c linux-2.6.32.46/lib/bitmap.c
+--- linux-2.6.32.46/lib/bitmap.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/lib/bitmap.c 2011-10-06 09:37:14.000000000 -0400
+@@ -341,7 +341,7 @@ int __bitmap_parse(const char *buf, unsi
+ {
+ int c, old_c, totaldigits, ndigits, nchunks, nbits;
+ u32 chunk;
+- const char __user *ubuf = buf;
++ const char __user *ubuf = (const char __force_user *)buf;
+
+ bitmap_zero(maskp, nmaskbits);
+
+@@ -426,7 +426,7 @@ int bitmap_parse_user(const char __user
+ {
+ if (!access_ok(VERIFY_READ, ubuf, ulen))
+ return -EFAULT;
+- return __bitmap_parse((const char *)ubuf, ulen, 1, maskp, nmaskbits);
++ return __bitmap_parse((const char __force_kernel *)ubuf, ulen, 1, maskp, nmaskbits);
+ }
+ EXPORT_SYMBOL(bitmap_parse_user);
+
diff -urNp linux-2.6.32.46/lib/bug.c linux-2.6.32.46/lib/bug.c
--- linux-2.6.32.46/lib/bug.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/lib/bug.c 2011-04-17 15:56:46.000000000 -0400
@@ -69259,6 +70467,27 @@ diff -urNp linux-2.6.32.46/lib/debugobjects.c linux-2.6.32.46/lib/debugobjects.c
if (is_on_stack == onstack)
return;
+diff -urNp linux-2.6.32.46/lib/devres.c linux-2.6.32.46/lib/devres.c
+--- linux-2.6.32.46/lib/devres.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/lib/devres.c 2011-10-06 09:37:14.000000000 -0400
+@@ -80,7 +80,7 @@ void devm_iounmap(struct device *dev, vo
+ {
+ iounmap(addr);
+ WARN_ON(devres_destroy(dev, devm_ioremap_release, devm_ioremap_match,
+- (void *)addr));
++ (void __force *)addr));
+ }
+ EXPORT_SYMBOL(devm_iounmap);
+
+@@ -140,7 +140,7 @@ void devm_ioport_unmap(struct device *de
+ {
+ ioport_unmap(addr);
+ WARN_ON(devres_destroy(dev, devm_ioport_map_release,
+- devm_ioport_map_match, (void *)addr));
++ devm_ioport_map_match, (void __force *)addr));
+ }
+ EXPORT_SYMBOL(devm_ioport_unmap);
+
diff -urNp linux-2.6.32.46/lib/dma-debug.c linux-2.6.32.46/lib/dma-debug.c
--- linux-2.6.32.46/lib/dma-debug.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/lib/dma-debug.c 2011-04-17 15:56:46.000000000 -0400
@@ -69507,7 +70736,7 @@ diff -urNp linux-2.6.32.46/localversion-grsec linux-2.6.32.46/localversion-grsec
+-grsec
diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
--- linux-2.6.32.46/Makefile 2011-08-29 22:24:44.000000000 -0400
-+++ linux-2.6.32.46/Makefile 2011-09-01 17:24:34.000000000 -0400
++++ linux-2.6.32.46/Makefile 2011-10-06 09:43:36.000000000 -0400
@@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
HOSTCC = gcc
@@ -69533,15 +70762,18 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
KBUILD_AFLAGS := -D__ASSEMBLY__
# Read KERNELRELEASE from include/config/kernel.release (if it exists)
-@@ -377,6 +380,7 @@ export RCS_TAR_IGNORE := --exclude SCCS
+@@ -376,8 +379,8 @@ export RCS_TAR_IGNORE := --exclude SCCS
+ # Rules shared between *config targets and build targets
# Basic helpers built in scripts/
- PHONY += scripts_basic
-+scripts_basic: KBUILD_CFLAGS := $(filter-out $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN),$(KBUILD_CFLAGS))
- scripts_basic:
+-PHONY += scripts_basic
+-scripts_basic:
++PHONY += scripts_basic gcc-plugins
++scripts_basic: gcc-plugins
$(Q)$(MAKE) $(build)=scripts/basic
-@@ -403,7 +407,7 @@ endif
+ # To avoid any implicit rule to kick in, define an empty command.
+@@ -403,7 +406,7 @@ endif
# of make so .config is not included in this case either (for *config).
no-dot-config-targets := clean mrproper distclean \
@@ -69550,16 +70782,28 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
include/linux/version.h headers_% \
kernelrelease kernelversion
-@@ -526,6 +530,24 @@ else
+@@ -526,6 +529,36 @@ else
KBUILD_CFLAGS += -O2
endif
-+ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh $(HOSTCC)), y)
++ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y)
+CONSTIFY_PLUGIN := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN
+ifdef CONFIG_PAX_MEMORY_STACKLEAK
+STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100
+endif
-+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN
++ifdef CONFIG_KALLOCSTAT_PLUGIN
++KALLOCSTAT_PLUGIN := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so
++endif
++ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++KERNEXEC_PLUGIN := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so
++endif
++ifdef CONFIG_CHECKER_PLUGIN
++ifeq ($(call cc-ifversion, -ge, 0406, y), y)
++CHECKER_PLUGIN := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN
++endif
++endif
++GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN) $(CHECKER_PLUGIN)
++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN
+gcc-plugins:
+ $(Q)$(MAKE) $(build)=tools/gcc
+else
@@ -69575,7 +70819,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
include $(srctree)/arch/$(SRCARCH)/Makefile
ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -644,7 +666,7 @@ export mod_strip_cmd
+@@ -644,7 +677,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -69584,34 +70828,34 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -840,6 +862,8 @@ define rule_vmlinux-modpost
+@@ -840,6 +873,8 @@ define rule_vmlinux-modpost
endef
# vmlinux image - including updated kernel symbols
-+$(vmlinux-all): KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++$(vmlinux-all): KBUILD_CFLAGS += $(GCC_PLUGINS)
+$(vmlinux-all): gcc-plugins
vmlinux: $(vmlinux-lds) $(vmlinux-init) $(vmlinux-main) vmlinux.o $(kallsyms.o) FORCE
ifdef CONFIG_HEADERS_CHECK
$(Q)$(MAKE) -f $(srctree)/Makefile headers_check
-@@ -874,7 +898,8 @@ $(sort $(vmlinux-init) $(vmlinux-main))
+@@ -874,7 +909,8 @@ $(sort $(vmlinux-init) $(vmlinux-main))
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
-$(vmlinux-dirs): prepare scripts
-+$(vmlinux-dirs): KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++$(vmlinux-dirs): KBUILD_CFLAGS += $(GCC_PLUGINS)
+$(vmlinux-dirs): gcc-plugins prepare scripts
$(Q)$(MAKE) $(build)=$@
# Build the kernel release string
-@@ -983,6 +1008,7 @@ prepare0: archprepare FORCE
+@@ -983,6 +1019,7 @@ prepare0: archprepare FORCE
$(Q)$(MAKE) $(build)=. missing-syscalls
# All the preparing..
-+prepare: KBUILD_CFLAGS := $(filter-out $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN),$(KBUILD_CFLAGS))
++prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS),$(KBUILD_CFLAGS))
prepare: prepare0
# The asm symlink changes when $(ARCH) changes.
-@@ -1133,7 +1159,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_B
+@@ -1133,7 +1170,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_B
# Target to prepare building external modules
PHONY += modules_prepare
@@ -69620,7 +70864,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
# Target to install modules
PHONY += modules_install
-@@ -1198,7 +1224,7 @@ MRPROPER_FILES += .config .config.old in
+@@ -1198,7 +1235,7 @@ MRPROPER_FILES += .config .config.old in
include/linux/autoconf.h include/linux/version.h \
include/linux/utsrelease.h \
include/linux/bounds.h include/asm*/asm-offsets.h \
@@ -69629,7 +70873,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
# clean - Delete most, but leave enough to build external modules
#
-@@ -1242,7 +1268,7 @@ distclean: mrproper
+@@ -1242,7 +1279,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -69638,7 +70882,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1289,6 +1315,7 @@ help:
+@@ -1289,6 +1326,7 @@ help:
@echo ' modules_prepare - Set up for building external modules'
@echo ' tags/TAGS - Generate tags file for editors'
@echo ' cscope - Generate cscope index'
@@ -69646,15 +70890,15 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
@echo ' kernelrelease - Output the release version string'
@echo ' kernelversion - Output the version stored in Makefile'
@echo ' headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \
-@@ -1390,6 +1417,7 @@ PHONY += $(module-dirs) modules
+@@ -1390,6 +1428,7 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
-+modules: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++modules: KBUILD_CFLAGS += $(GCC_PLUGINS)
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1445,7 +1473,7 @@ endif # KBUILD_EXTMOD
+@@ -1445,7 +1484,7 @@ endif # KBUILD_EXTMOD
quiet_cmd_tags = GEN $@
cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@
@@ -69663,18 +70907,18 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
$(call cmd,tags)
# Scripts to check various things for consistency
-@@ -1510,17 +1538,19 @@ else
+@@ -1510,17 +1549,19 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
-%.s: %.c prepare scripts FORCE
-+%.s: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++%.s: KBUILD_CFLAGS += $(GCC_PLUGINS)
+%.s: %.c gcc-plugins prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.i: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-%.o: %.c prepare scripts FORCE
-+%.o: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++%.o: KBUILD_CFLAGS += $(GCC_PLUGINS)
+%.o: %.c gcc-plugins prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.lst: %.c prepare scripts FORCE
@@ -69687,18 +70931,18 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1530,11 +1560,13 @@ endif
+@@ -1530,11 +1571,13 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
-%/: prepare scripts FORCE
-+%/: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++%/: KBUILD_CFLAGS += $(GCC_PLUGINS)
+%/: gcc-plugins prepare scripts FORCE
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
-%.ko: prepare scripts FORCE
-+%.ko: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN)
++%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS)
+%.ko: gcc-plugins prepare scripts FORCE
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
@@ -69915,7 +71159,7 @@ diff -urNp linux-2.6.32.46/mm/kmemleak.c linux-2.6.32.46/mm/kmemleak.c
diff -urNp linux-2.6.32.46/mm/maccess.c linux-2.6.32.46/mm/maccess.c
--- linux-2.6.32.46/mm/maccess.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/mm/maccess.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/mm/maccess.c 2011-10-06 09:37:14.000000000 -0400
@@ -14,7 +14,7 @@
* Safely read from address @src to the buffer at @dst. If a kernel fault
* happens, handle that and return -EFAULT.
@@ -69925,7 +71169,16 @@ diff -urNp linux-2.6.32.46/mm/maccess.c linux-2.6.32.46/mm/maccess.c
{
long ret;
mm_segment_t old_fs = get_fs();
-@@ -39,7 +39,7 @@ EXPORT_SYMBOL_GPL(probe_kernel_read);
+@@ -22,7 +22,7 @@ long probe_kernel_read(void *dst, void *
+ set_fs(KERNEL_DS);
+ pagefault_disable();
+ ret = __copy_from_user_inatomic(dst,
+- (__force const void __user *)src, size);
++ (const void __force_user *)src, size);
+ pagefault_enable();
+ set_fs(old_fs);
+
+@@ -39,14 +39,14 @@ EXPORT_SYMBOL_GPL(probe_kernel_read);
* Safely write to address @dst from the buffer at @src. If a kernel fault
* happens, handle that and return -EFAULT.
*/
@@ -69934,6 +71187,14 @@ diff -urNp linux-2.6.32.46/mm/maccess.c linux-2.6.32.46/mm/maccess.c
{
long ret;
mm_segment_t old_fs = get_fs();
+
+ set_fs(KERNEL_DS);
+ pagefault_disable();
+- ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
++ ret = __copy_to_user_inatomic((void __force_user *)dst, src, size);
+ pagefault_enable();
+ set_fs(old_fs);
+
diff -urNp linux-2.6.32.46/mm/madvise.c linux-2.6.32.46/mm/madvise.c
--- linux-2.6.32.46/mm/madvise.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/mm/madvise.c 2011-04-17 15:56:46.000000000 -0400
@@ -70547,7 +71808,7 @@ diff -urNp linux-2.6.32.46/mm/memory.c linux-2.6.32.46/mm/memory.c
* Dumping its contents makes post-mortem fully interpretable later
diff -urNp linux-2.6.32.46/mm/memory-failure.c linux-2.6.32.46/mm/memory-failure.c
--- linux-2.6.32.46/mm/memory-failure.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/mm/memory-failure.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/mm/memory-failure.c 2011-10-06 09:37:14.000000000 -0400
@@ -46,7 +46,7 @@ int sysctl_memory_failure_early_kill __r
int sysctl_memory_failure_recovery __read_mostly = 1;
@@ -70557,6 +71818,15 @@ diff -urNp linux-2.6.32.46/mm/memory-failure.c linux-2.6.32.46/mm/memory-failure
/*
* Send all the processes who have the page mapped an ``action optional''
+@@ -64,7 +64,7 @@ static int kill_proc_ao(struct task_stru
+ si.si_signo = SIGBUS;
+ si.si_errno = 0;
+ si.si_code = BUS_MCEERR_AO;
+- si.si_addr = (void *)addr;
++ si.si_addr = (void __user *)addr;
+ #ifdef __ARCH_SI_TRAPNO
+ si.si_trapno = trapno;
+ #endif
@@ -745,7 +745,7 @@ int __memory_failure(unsigned long pfn,
return 0;
}
@@ -73650,6 +74920,18 @@ diff -urNp linux-2.6.32.46/net/8021q/vlan.c linux-2.6.32.46/net/8021q/vlan.c
struct vlan_net *vn;
vn = net_generic(net, vlan_net_id);
+diff -urNp linux-2.6.32.46/net/9p/trans_fd.c linux-2.6.32.46/net/9p/trans_fd.c
+--- linux-2.6.32.46/net/9p/trans_fd.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/net/9p/trans_fd.c 2011-10-06 09:37:14.000000000 -0400
+@@ -419,7 +419,7 @@ static int p9_fd_write(struct p9_client
+ oldfs = get_fs();
+ set_fs(get_ds());
+ /* The cast to a user pointer is valid due to the set_fs() */
+- ret = vfs_write(ts->wr, (__force void __user *)v, len, &ts->wr->f_pos);
++ ret = vfs_write(ts->wr, (void __force_user *)v, len, &ts->wr->f_pos);
+ set_fs(oldfs);
+
+ if (ret <= 0 && ret != -ERESTARTSYS && ret != -EAGAIN)
diff -urNp linux-2.6.32.46/net/atm/atm_misc.c linux-2.6.32.46/net/atm/atm_misc.c
--- linux-2.6.32.46/net/atm/atm_misc.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/net/atm/atm_misc.c 2011-04-17 15:56:46.000000000 -0400
@@ -73886,6 +75168,109 @@ diff -urNp linux-2.6.32.46/net/can/bcm.c linux-2.6.32.46/net/can/bcm.c
seq_printf(m, " / dropped %lu", bo->dropped_usr_msgs);
seq_printf(m, " / bound %s", bcm_proc_getifname(ifname, bo->ifindex));
seq_printf(m, " <<<\n");
+diff -urNp linux-2.6.32.46/net/compat.c linux-2.6.32.46/net/compat.c
+--- linux-2.6.32.46/net/compat.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/net/compat.c 2011-10-06 09:37:14.000000000 -0400
+@@ -69,9 +69,9 @@ int get_compat_msghdr(struct msghdr *kms
+ __get_user(kmsg->msg_controllen, &umsg->msg_controllen) ||
+ __get_user(kmsg->msg_flags, &umsg->msg_flags))
+ return -EFAULT;
+- kmsg->msg_name = compat_ptr(tmp1);
+- kmsg->msg_iov = compat_ptr(tmp2);
+- kmsg->msg_control = compat_ptr(tmp3);
++ kmsg->msg_name = (void __force_kernel *)compat_ptr(tmp1);
++ kmsg->msg_iov = (void __force_kernel *)compat_ptr(tmp2);
++ kmsg->msg_control = (void __force_kernel *)compat_ptr(tmp3);
+ return 0;
+ }
+
+@@ -94,7 +94,7 @@ int verify_compat_iovec(struct msghdr *k
+ kern_msg->msg_name = NULL;
+
+ tot_len = iov_from_user_compat_to_kern(kern_iov,
+- (struct compat_iovec __user *)kern_msg->msg_iov,
++ (struct compat_iovec __force_user *)kern_msg->msg_iov,
+ kern_msg->msg_iovlen);
+ if (tot_len >= 0)
+ kern_msg->msg_iov = kern_iov;
+@@ -114,20 +114,20 @@ int verify_compat_iovec(struct msghdr *k
+
+ #define CMSG_COMPAT_FIRSTHDR(msg) \
+ (((msg)->msg_controllen) >= sizeof(struct compat_cmsghdr) ? \
+- (struct compat_cmsghdr __user *)((msg)->msg_control) : \
++ (struct compat_cmsghdr __force_user *)((msg)->msg_control) : \
+ (struct compat_cmsghdr __user *)NULL)
+
+ #define CMSG_COMPAT_OK(ucmlen, ucmsg, mhdr) \
+ ((ucmlen) >= sizeof(struct compat_cmsghdr) && \
+ (ucmlen) <= (unsigned long) \
+ ((mhdr)->msg_controllen - \
+- ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
++ ((char __force_kernel *)(ucmsg) - (char *)(mhdr)->msg_control)))
+
+ static inline struct compat_cmsghdr __user *cmsg_compat_nxthdr(struct msghdr *msg,
+ struct compat_cmsghdr __user *cmsg, int cmsg_len)
+ {
+ char __user *ptr = (char __user *)cmsg + CMSG_COMPAT_ALIGN(cmsg_len);
+- if ((unsigned long)(ptr + 1 - (char __user *)msg->msg_control) >
++ if ((unsigned long)(ptr + 1 - (char __force_user *)msg->msg_control) >
+ msg->msg_controllen)
+ return NULL;
+ return (struct compat_cmsghdr __user *)ptr;
+@@ -219,7 +219,7 @@ int put_cmsg_compat(struct msghdr *kmsg,
+ {
+ struct compat_timeval ctv;
+ struct compat_timespec cts[3];
+- struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __user *) kmsg->msg_control;
++ struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __force_user *) kmsg->msg_control;
+ struct compat_cmsghdr cmhdr;
+ int cmlen;
+
+@@ -271,7 +271,7 @@ int put_cmsg_compat(struct msghdr *kmsg,
+
+ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
+ {
+- struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __user *) kmsg->msg_control;
++ struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __force_user *) kmsg->msg_control;
+ int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int);
+ int fdnum = scm->fp->count;
+ struct file **fp = scm->fp->fp;
+@@ -433,7 +433,7 @@ static int do_get_sock_timeout(struct so
+ len = sizeof(ktime);
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+- err = sock_getsockopt(sock, level, optname, (char *) &ktime, &len);
++ err = sock_getsockopt(sock, level, optname, (char __force_user *) &ktime, (int __force_user *)&len);
+ set_fs(old_fs);
+
+ if (!err) {
+@@ -570,7 +570,7 @@ int compat_mc_setsockopt(struct sock *so
+ case MCAST_JOIN_GROUP:
+ case MCAST_LEAVE_GROUP:
+ {
+- struct compat_group_req __user *gr32 = (void *)optval;
++ struct compat_group_req __user *gr32 = (void __user *)optval;
+ struct group_req __user *kgr =
+ compat_alloc_user_space(sizeof(struct group_req));
+ u32 interface;
+@@ -591,7 +591,7 @@ int compat_mc_setsockopt(struct sock *so
+ case MCAST_BLOCK_SOURCE:
+ case MCAST_UNBLOCK_SOURCE:
+ {
+- struct compat_group_source_req __user *gsr32 = (void *)optval;
++ struct compat_group_source_req __user *gsr32 = (void __user *)optval;
+ struct group_source_req __user *kgsr = compat_alloc_user_space(
+ sizeof(struct group_source_req));
+ u32 interface;
+@@ -612,7 +612,7 @@ int compat_mc_setsockopt(struct sock *so
+ }
+ case MCAST_MSFILTER:
+ {
+- struct compat_group_filter __user *gf32 = (void *)optval;
++ struct compat_group_filter __user *gf32 = (void __user *)optval;
+ struct group_filter __user *kgf;
+ u32 interface, fmode, numsrc;
+
diff -urNp linux-2.6.32.46/net/core/dev.c linux-2.6.32.46/net/core/dev.c
--- linux-2.6.32.46/net/core/dev.c 2011-04-17 17:00:52.000000000 -0400
+++ linux-2.6.32.46/net/core/dev.c 2011-08-05 20:33:55.000000000 -0400
@@ -74005,6 +75390,45 @@ diff -urNp linux-2.6.32.46/net/core/rtnetlink.c linux-2.6.32.46/net/core/rtnetli
static DEFINE_MUTEX(rtnl_mutex);
+diff -urNp linux-2.6.32.46/net/core/scm.c linux-2.6.32.46/net/core/scm.c
+--- linux-2.6.32.46/net/core/scm.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/net/core/scm.c 2011-10-06 09:37:14.000000000 -0400
+@@ -190,7 +190,7 @@ error:
+ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
+ {
+ struct cmsghdr __user *cm
+- = (__force struct cmsghdr __user *)msg->msg_control;
++ = (struct cmsghdr __force_user *)msg->msg_control;
+ struct cmsghdr cmhdr;
+ int cmlen = CMSG_LEN(len);
+ int err;
+@@ -213,7 +213,7 @@ int put_cmsg(struct msghdr * msg, int le
+ err = -EFAULT;
+ if (copy_to_user(cm, &cmhdr, sizeof cmhdr))
+ goto out;
+- if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr)))
++ if (copy_to_user((void __force_user *)CMSG_DATA((void __force_kernel *)cm), data, cmlen - sizeof(struct cmsghdr)))
+ goto out;
+ cmlen = CMSG_SPACE(len);
+ if (msg->msg_controllen < cmlen)
+@@ -228,7 +228,7 @@ out:
+ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
+ {
+ struct cmsghdr __user *cm
+- = (__force struct cmsghdr __user*)msg->msg_control;
++ = (struct cmsghdr __force_user *)msg->msg_control;
+
+ int fdmax = 0;
+ int fdnum = scm->fp->count;
+@@ -248,7 +248,7 @@ void scm_detach_fds(struct msghdr *msg,
+ if (fdnum < fdmax)
+ fdmax = fdnum;
+
+- for (i=0, cmfptr=(__force int __user *)CMSG_DATA(cm); i<fdmax;
++ for (i=0, cmfptr=(int __force_user *)CMSG_DATA((void __force_kernel *)cm); i<fdmax;
+ i++, cmfptr++)
+ {
+ int new_fd;
diff -urNp linux-2.6.32.46/net/core/secure_seq.c linux-2.6.32.46/net/core/secure_seq.c
--- linux-2.6.32.46/net/core/secure_seq.c 2011-08-16 20:37:25.000000000 -0400
+++ linux-2.6.32.46/net/core/secure_seq.c 2011-08-07 19:48:09.000000000 -0400
@@ -74235,6 +75659,36 @@ diff -urNp linux-2.6.32.46/net/ipv4/inetpeer.c linux-2.6.32.46/net/ipv4/inetpeer
n->ip_id_count = secure_ip_id(daddr);
n->tcp_ts_stamp = 0;
+diff -urNp linux-2.6.32.46/net/ipv4/ipconfig.c linux-2.6.32.46/net/ipv4/ipconfig.c
+--- linux-2.6.32.46/net/ipv4/ipconfig.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/net/ipv4/ipconfig.c 2011-10-06 09:37:14.000000000 -0400
+@@ -295,7 +295,7 @@ static int __init ic_devinet_ioctl(unsig
+
+ mm_segment_t oldfs = get_fs();
+ set_fs(get_ds());
+- res = devinet_ioctl(&init_net, cmd, (struct ifreq __user *) arg);
++ res = devinet_ioctl(&init_net, cmd, (struct ifreq __force_user *) arg);
+ set_fs(oldfs);
+ return res;
+ }
+@@ -306,7 +306,7 @@ static int __init ic_dev_ioctl(unsigned
+
+ mm_segment_t oldfs = get_fs();
+ set_fs(get_ds());
+- res = dev_ioctl(&init_net, cmd, (struct ifreq __user *) arg);
++ res = dev_ioctl(&init_net, cmd, (struct ifreq __force_user *) arg);
+ set_fs(oldfs);
+ return res;
+ }
+@@ -317,7 +317,7 @@ static int __init ic_route_ioctl(unsigne
+
+ mm_segment_t oldfs = get_fs();
+ set_fs(get_ds());
+- res = ip_rt_ioctl(&init_net, cmd, (void __user *) arg);
++ res = ip_rt_ioctl(&init_net, cmd, (void __force_user *) arg);
+ set_fs(oldfs);
+ return res;
+ }
diff -urNp linux-2.6.32.46/net/ipv4/ip_fragment.c linux-2.6.32.46/net/ipv4/ip_fragment.c
--- linux-2.6.32.46/net/ipv4/ip_fragment.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/net/ipv4/ip_fragment.c 2011-04-17 15:56:46.000000000 -0400
@@ -74249,7 +75703,7 @@ diff -urNp linux-2.6.32.46/net/ipv4/ip_fragment.c linux-2.6.32.46/net/ipv4/ip_fr
rc = qp->q.fragments && (end - start) > max;
diff -urNp linux-2.6.32.46/net/ipv4/ip_sockglue.c linux-2.6.32.46/net/ipv4/ip_sockglue.c
--- linux-2.6.32.46/net/ipv4/ip_sockglue.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/net/ipv4/ip_sockglue.c 2011-05-16 21:46:57.000000000 -0400
++++ linux-2.6.32.46/net/ipv4/ip_sockglue.c 2011-10-06 09:37:14.000000000 -0400
@@ -1015,6 +1015,8 @@ static int do_ip_getsockopt(struct sock
int val;
int len;
@@ -74259,6 +75713,15 @@ diff -urNp linux-2.6.32.46/net/ipv4/ip_sockglue.c linux-2.6.32.46/net/ipv4/ip_so
if (level != SOL_IP)
return -EOPNOTSUPP;
+@@ -1173,7 +1175,7 @@ static int do_ip_getsockopt(struct sock
+ if (sk->sk_type != SOCK_STREAM)
+ return -ENOPROTOOPT;
+
+- msg.msg_control = optval;
++ msg.msg_control = (void __force_kernel *)optval;
+ msg.msg_controllen = len;
+ msg.msg_flags = 0;
+
diff -urNp linux-2.6.32.46/net/ipv4/netfilter/arp_tables.c linux-2.6.32.46/net/ipv4/netfilter/arp_tables.c
--- linux-2.6.32.46/net/ipv4/netfilter/arp_tables.c 2011-04-17 17:00:52.000000000 -0400
+++ linux-2.6.32.46/net/ipv4/netfilter/arp_tables.c 2011-04-17 17:04:18.000000000 -0400
@@ -74712,6 +76175,18 @@ diff -urNp linux-2.6.32.46/net/ipv4/udp.c linux-2.6.32.46/net/ipv4/udp.c
}
int udp4_seq_show(struct seq_file *seq, void *v)
+diff -urNp linux-2.6.32.46/net/ipv6/addrconf.c linux-2.6.32.46/net/ipv6/addrconf.c
+--- linux-2.6.32.46/net/ipv6/addrconf.c 2011-05-10 22:12:02.000000000 -0400
++++ linux-2.6.32.46/net/ipv6/addrconf.c 2011-10-06 09:37:14.000000000 -0400
+@@ -2053,7 +2053,7 @@ int addrconf_set_dstaddr(struct net *net
+ p.iph.ihl = 5;
+ p.iph.protocol = IPPROTO_IPV6;
+ p.iph.ttl = 64;
+- ifr.ifr_ifru.ifru_data = (__force void __user *)&p;
++ ifr.ifr_ifru.ifru_data = (void __force_user *)&p;
+
+ if (ops->ndo_do_ioctl) {
+ mm_segment_t oldfs = get_fs();
diff -urNp linux-2.6.32.46/net/ipv6/inet6_connection_sock.c linux-2.6.32.46/net/ipv6/inet6_connection_sock.c
--- linux-2.6.32.46/net/ipv6/inet6_connection_sock.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/net/ipv6/inet6_connection_sock.c 2011-05-04 17:56:28.000000000 -0400
@@ -74768,7 +76243,7 @@ diff -urNp linux-2.6.32.46/net/ipv6/ip6_tunnel.c linux-2.6.32.46/net/ipv6/ip6_tu
}
diff -urNp linux-2.6.32.46/net/ipv6/ipv6_sockglue.c linux-2.6.32.46/net/ipv6/ipv6_sockglue.c
--- linux-2.6.32.46/net/ipv6/ipv6_sockglue.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/net/ipv6/ipv6_sockglue.c 2011-05-16 21:46:57.000000000 -0400
++++ linux-2.6.32.46/net/ipv6/ipv6_sockglue.c 2011-10-06 09:37:16.000000000 -0400
@@ -130,6 +130,8 @@ static int do_ipv6_setsockopt(struct soc
int val, valbool;
int retv = -ENOPROTOOPT;
@@ -74787,6 +76262,15 @@ diff -urNp linux-2.6.32.46/net/ipv6/ipv6_sockglue.c linux-2.6.32.46/net/ipv6/ipv
if (ip6_mroute_opt(optname))
return ip6_mroute_getsockopt(sk, optname, optval, optlen);
+@@ -922,7 +926,7 @@ static int do_ipv6_getsockopt(struct soc
+ if (sk->sk_type != SOCK_STREAM)
+ return -ENOPROTOOPT;
+
+- msg.msg_control = optval;
++ msg.msg_control = (void __force_kernel *)optval;
+ msg.msg_controllen = len;
+ msg.msg_flags = 0;
+
diff -urNp linux-2.6.32.46/net/ipv6/netfilter/ip6_queue.c linux-2.6.32.46/net/ipv6/netfilter/ip6_queue.c
--- linux-2.6.32.46/net/ipv6/netfilter/ip6_queue.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/net/ipv6/netfilter/ip6_queue.c 2011-08-21 18:43:32.000000000 -0400
@@ -76038,6 +77522,30 @@ diff -urNp linux-2.6.32.46/net/rds/Kconfig linux-2.6.32.46/net/rds/Kconfig
---help---
The RDS (Reliable Datagram Sockets) protocol provides reliable,
sequenced delivery of datagrams over Infiniband, iWARP,
+diff -urNp linux-2.6.32.46/net/rds/tcp.c linux-2.6.32.46/net/rds/tcp.c
+--- linux-2.6.32.46/net/rds/tcp.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/net/rds/tcp.c 2011-10-06 09:37:16.000000000 -0400
+@@ -57,7 +57,7 @@ void rds_tcp_nonagle(struct socket *sock
+ int val = 1;
+
+ set_fs(KERNEL_DS);
+- sock->ops->setsockopt(sock, SOL_TCP, TCP_NODELAY, (char __user *)&val,
++ sock->ops->setsockopt(sock, SOL_TCP, TCP_NODELAY, (char __force_user *)&val,
+ sizeof(val));
+ set_fs(oldfs);
+ }
+diff -urNp linux-2.6.32.46/net/rds/tcp_send.c linux-2.6.32.46/net/rds/tcp_send.c
+--- linux-2.6.32.46/net/rds/tcp_send.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/net/rds/tcp_send.c 2011-10-06 09:37:16.000000000 -0400
+@@ -43,7 +43,7 @@ static void rds_tcp_cork(struct socket *
+
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+- sock->ops->setsockopt(sock, SOL_TCP, TCP_CORK, (char __user *)&val,
++ sock->ops->setsockopt(sock, SOL_TCP, TCP_CORK, (char __force_user *)&val,
+ sizeof(val));
+ set_fs(oldfs);
+ }
diff -urNp linux-2.6.32.46/net/rxrpc/af_rxrpc.c linux-2.6.32.46/net/rxrpc/af_rxrpc.c
--- linux-2.6.32.46/net/rxrpc/af_rxrpc.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/net/rxrpc/af_rxrpc.c 2011-05-04 17:56:28.000000000 -0400
@@ -76386,7 +77894,7 @@ diff -urNp linux-2.6.32.46/net/sctp/socket.c linux-2.6.32.46/net/sctp/socket.c
if (pp->fastreuse && sk->sk_reuse &&
diff -urNp linux-2.6.32.46/net/socket.c linux-2.6.32.46/net/socket.c
--- linux-2.6.32.46/net/socket.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/net/socket.c 2011-05-16 21:46:57.000000000 -0400
++++ linux-2.6.32.46/net/socket.c 2011-10-06 09:37:16.000000000 -0400
@@ -87,6 +87,7 @@
#include <linux/wireless.h>
#include <linux/nsproxy.h>
@@ -76559,6 +78067,15 @@ diff -urNp linux-2.6.32.46/net/socket.c linux-2.6.32.46/net/socket.c
err = -EFAULT;
if (MSG_CMSG_COMPAT & flags) {
if (get_compat_msghdr(&msg_sys, msg_compat))
+@@ -2022,7 +2097,7 @@ SYSCALL_DEFINE3(recvmsg, int, fd, struct
+ * kernel msghdr to use the kernel address space)
+ */
+
+- uaddr = (__force void __user *)msg_sys.msg_name;
++ uaddr = (void __force_user *)msg_sys.msg_name;
+ uaddr_len = COMPAT_NAMELEN(msg);
+ if (MSG_CMSG_COMPAT & flags) {
+ err = verify_compat_iovec(&msg_sys, iov,
diff -urNp linux-2.6.32.46/net/sunrpc/sched.c linux-2.6.32.46/net/sunrpc/sched.c
--- linux-2.6.32.46/net/sunrpc/sched.c 2011-08-09 18:35:30.000000000 -0400
+++ linux-2.6.32.46/net/sunrpc/sched.c 2011-08-09 18:34:01.000000000 -0400
@@ -76787,6 +78304,39 @@ diff -urNp linux-2.6.32.46/net/sysctl_net.c linux-2.6.32.46/net/sysctl_net.c
int mode = (table->mode >> 6) & 7;
return (mode << 6) | (mode << 3) | mode;
}
+diff -urNp linux-2.6.32.46/net/tipc/link.c linux-2.6.32.46/net/tipc/link.c
+--- linux-2.6.32.46/net/tipc/link.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/net/tipc/link.c 2011-10-06 09:37:16.000000000 -0400
+@@ -1418,7 +1418,7 @@ again:
+
+ if (!sect_rest) {
+ sect_rest = msg_sect[++curr_sect].iov_len;
+- sect_crs = (const unchar *)msg_sect[curr_sect].iov_base;
++ sect_crs = (const unchar __user *)msg_sect[curr_sect].iov_base;
+ }
+
+ if (sect_rest < fragm_rest)
+@@ -1437,7 +1437,7 @@ error:
+ }
+ } else
+ skb_copy_to_linear_data_offset(buf, fragm_crs,
+- sect_crs, sz);
++ (const void __force_kernel *)sect_crs, sz);
+ sect_crs += sz;
+ sect_rest -= sz;
+ fragm_crs += sz;
+diff -urNp linux-2.6.32.46/net/tipc/subscr.c linux-2.6.32.46/net/tipc/subscr.c
+--- linux-2.6.32.46/net/tipc/subscr.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/net/tipc/subscr.c 2011-10-06 09:37:16.000000000 -0400
+@@ -104,7 +104,7 @@ static void subscr_send_event(struct sub
+ {
+ struct iovec msg_sect;
+
+- msg_sect.iov_base = (void *)&sub->evt;
++ msg_sect.iov_base = (void __force_user *)&sub->evt;
+ msg_sect.iov_len = sizeof(struct tipc_event);
+
+ sub->evt.event = htohl(event, sub->swap);
diff -urNp linux-2.6.32.46/net/unix/af_unix.c linux-2.6.32.46/net/unix/af_unix.c
--- linux-2.6.32.46/net/unix/af_unix.c 2011-05-10 22:12:02.000000000 -0400
+++ linux-2.6.32.46/net/unix/af_unix.c 2011-07-18 18:17:33.000000000 -0400
@@ -77024,7 +78574,25 @@ diff -urNp linux-2.6.32.46/samples/kobject/kset-example.c linux-2.6.32.46/sample
};
diff -urNp linux-2.6.32.46/scripts/basic/fixdep.c linux-2.6.32.46/scripts/basic/fixdep.c
--- linux-2.6.32.46/scripts/basic/fixdep.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/scripts/basic/fixdep.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/scripts/basic/fixdep.c 2011-10-06 09:37:14.000000000 -0400
+@@ -162,7 +162,7 @@ static void grow_config(int len)
+ /*
+ * Lookup a value in the configuration string.
+ */
+-static int is_defined_config(const char * name, int len)
++static int is_defined_config(const char * name, unsigned int len)
+ {
+ const char * pconfig;
+ const char * plast = str_config + len_config - len;
+@@ -199,7 +199,7 @@ static void clear_config(void)
+ /*
+ * Record the use of a CONFIG_* word.
+ */
+-static void use_config(char *m, int slen)
++static void use_config(char *m, unsigned int slen)
+ {
+ char s[PATH_MAX];
+ char *p;
@@ -222,9 +222,9 @@ static void use_config(char *m, int slen
static void parse_config_file(char *map, size_t len)
@@ -77048,10 +78616,10 @@ diff -urNp linux-2.6.32.46/scripts/basic/fixdep.c linux-2.6.32.46/scripts/basic/
fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n",
diff -urNp linux-2.6.32.46/scripts/gcc-plugin.sh linux-2.6.32.46/scripts/gcc-plugin.sh
--- linux-2.6.32.46/scripts/gcc-plugin.sh 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/scripts/gcc-plugin.sh 2011-08-31 18:38:41.000000000 -0400
++++ linux-2.6.32.46/scripts/gcc-plugin.sh 2011-10-06 09:37:14.000000000 -0400
@@ -0,0 +1,2 @@
+#!/bin/sh
-+echo "#include \"gcc-plugin.h\"\n#include \"rtl.h\"" | $* -x c -shared - -o /dev/null -I`$* -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y"
++echo "#include \"gcc-plugin.h\"\n#include \"rtl.h\"" | $1 -x c -shared - -o /dev/null -I`$2 -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y"
diff -urNp linux-2.6.32.46/scripts/Makefile.build linux-2.6.32.46/scripts/Makefile.build
--- linux-2.6.32.46/scripts/Makefile.build 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/scripts/Makefile.build 2011-08-23 20:45:11.000000000 -0400
@@ -77098,7 +78666,7 @@ diff -urNp linux-2.6.32.46/scripts/Makefile.host linux-2.6.32.46/scripts/Makefil
diff -urNp linux-2.6.32.46/scripts/mod/file2alias.c linux-2.6.32.46/scripts/mod/file2alias.c
--- linux-2.6.32.46/scripts/mod/file2alias.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/scripts/mod/file2alias.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/scripts/mod/file2alias.c 2011-10-06 09:37:14.000000000 -0400
@@ -72,7 +72,7 @@ static void device_id_check(const char *
unsigned long size, unsigned long id_size,
void *symval)
@@ -77117,6 +78685,15 @@ diff -urNp linux-2.6.32.46/scripts/mod/file2alias.c linux-2.6.32.46/scripts/mod/
unsigned char range_lo, unsigned char range_hi,
struct module *mod)
{
+@@ -151,7 +151,7 @@ static void do_usb_entry_multi(struct us
+ {
+ unsigned int devlo, devhi;
+ unsigned char chi, clo;
+- int ndigits;
++ unsigned int ndigits;
+
+ id->match_flags = TO_NATIVE(id->match_flags);
+ id->idVendor = TO_NATIVE(id->idVendor);
@@ -368,7 +368,7 @@ static void do_pnp_device_entry(void *sy
for (i = 0; i < count; i++) {
const char *id = (char *)devs[i].id;
@@ -77444,8 +79021,8 @@ diff -urNp linux-2.6.32.46/security/integrity/ima/ima_queue.c linux-2.6.32.46/se
return 0;
diff -urNp linux-2.6.32.46/security/Kconfig linux-2.6.32.46/security/Kconfig
--- linux-2.6.32.46/security/Kconfig 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/security/Kconfig 2011-07-06 19:58:11.000000000 -0400
-@@ -4,6 +4,555 @@
++++ linux-2.6.32.46/security/Kconfig 2011-10-06 09:38:20.000000000 -0400
+@@ -4,6 +4,559 @@
menu "Security options"
@@ -77456,6 +79033,9 @@ diff -urNp linux-2.6.32.46/security/Kconfig linux-2.6.32.46/security/Kconfig
+ config ARCH_TRACK_EXEC_LIMIT
+ bool
+
++ config PAX_KERNEXEC_PLUGIN
++ bool
++
+ config PAX_PER_CPU_PGD
+ bool
+
@@ -77764,8 +79344,9 @@ diff -urNp linux-2.6.32.46/security/Kconfig linux-2.6.32.46/security/Kconfig
+
+config PAX_KERNEXEC
+ bool "Enforce non-executable kernel pages"
-+ depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
++ depends on (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
+ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
++ select PAX_KERNEXEC_PLUGIN if X86_64
+ help
+ This is the kernel land equivalent of PAGEEXEC and MPROTECT,
+ that is, enabling this option will make it harder to inject
@@ -77831,7 +79412,7 @@ diff -urNp linux-2.6.32.46/security/Kconfig linux-2.6.32.46/security/Kconfig
+
+config PAX_RANDKSTACK
+ bool "Randomize kernel stack base"
-+ depends on PAX_ASLR && X86_TSC && X86
++ depends on X86_TSC && X86
+ help
+ By saying Y here the kernel will randomize every task's kernel
+ stack on every system call. This will not only force an attacker
@@ -78001,7 +79582,7 @@ diff -urNp linux-2.6.32.46/security/Kconfig linux-2.6.32.46/security/Kconfig
config KEYS
bool "Enable access key retention support"
help
-@@ -146,7 +695,7 @@ config INTEL_TXT
+@@ -146,7 +699,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -78205,6 +79786,56 @@ diff -urNp linux-2.6.32.46/sound/aoa/codecs/onyx.h linux-2.6.32.46/sound/aoa/cod
/* PCM3052 register definitions */
+diff -urNp linux-2.6.32.46/sound/core/oss/pcm_oss.c linux-2.6.32.46/sound/core/oss/pcm_oss.c
+--- linux-2.6.32.46/sound/core/oss/pcm_oss.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/sound/core/oss/pcm_oss.c 2011-10-06 09:37:16.000000000 -0400
+@@ -1395,7 +1395,7 @@ static ssize_t snd_pcm_oss_write1(struct
+ }
+ } else {
+ tmp = snd_pcm_oss_write2(substream,
+- (const char __force *)buf,
++ (const char __force_kernel *)buf,
+ runtime->oss.period_bytes, 0);
+ if (tmp <= 0)
+ goto err;
+@@ -1483,7 +1483,7 @@ static ssize_t snd_pcm_oss_read1(struct
+ xfer += tmp;
+ runtime->oss.buffer_used -= tmp;
+ } else {
+- tmp = snd_pcm_oss_read2(substream, (char __force *)buf,
++ tmp = snd_pcm_oss_read2(substream, (char __force_kernel *)buf,
+ runtime->oss.period_bytes, 0);
+ if (tmp <= 0)
+ goto err;
+diff -urNp linux-2.6.32.46/sound/core/pcm_compat.c linux-2.6.32.46/sound/core/pcm_compat.c
+--- linux-2.6.32.46/sound/core/pcm_compat.c 2011-08-09 18:35:30.000000000 -0400
++++ linux-2.6.32.46/sound/core/pcm_compat.c 2011-10-06 09:37:16.000000000 -0400
+@@ -30,7 +30,7 @@ static int snd_pcm_ioctl_delay_compat(st
+ int err;
+
+ fs = snd_enter_user();
+- err = snd_pcm_delay(substream, &delay);
++ err = snd_pcm_delay(substream, (snd_pcm_sframes_t __force_user *)&delay);
+ snd_leave_user(fs);
+ if (err < 0)
+ return err;
+diff -urNp linux-2.6.32.46/sound/core/pcm_native.c linux-2.6.32.46/sound/core/pcm_native.c
+--- linux-2.6.32.46/sound/core/pcm_native.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/sound/core/pcm_native.c 2011-10-06 09:37:16.000000000 -0400
+@@ -2747,11 +2747,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_
+ switch (substream->stream) {
+ case SNDRV_PCM_STREAM_PLAYBACK:
+ result = snd_pcm_playback_ioctl1(NULL, substream, cmd,
+- (void __user *)arg);
++ (void __force_user *)arg);
+ break;
+ case SNDRV_PCM_STREAM_CAPTURE:
+ result = snd_pcm_capture_ioctl1(NULL, substream, cmd,
+- (void __user *)arg);
++ (void __force_user *)arg);
+ break;
+ default:
+ result = -EINVAL;
diff -urNp linux-2.6.32.46/sound/core/seq/seq_device.c linux-2.6.32.46/sound/core/seq/seq_device.c
--- linux-2.6.32.46/sound/core/seq/seq_device.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/sound/core/seq/seq_device.c 2011-08-05 20:33:55.000000000 -0400
@@ -78970,6 +80601,179 @@ diff -urNp linux-2.6.32.46/sound/usb/usbaudio.c linux-2.6.32.46/sound/usb/usbaud
break;
}
}
+diff -urNp linux-2.6.32.46/tools/gcc/checker_plugin.c linux-2.6.32.46/tools/gcc/checker_plugin.c
+--- linux-2.6.32.46/tools/gcc/checker_plugin.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.32.46/tools/gcc/checker_plugin.c 2011-10-06 09:37:16.000000000 -0400
+@@ -0,0 +1,169 @@
++/*
++ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
++ * Licensed under the GPL v2
++ *
++ * Note: the choice of the license means that the compilation process is
++ * NOT 'eligible' as defined by gcc's library exception to the GPL v3,
++ * but for the kernel it doesn't matter since it doesn't link against
++ * any of the gcc libraries
++ *
++ * gcc plugin to implement various sparse (source code checker) features
++ *
++ * TODO:
++ * - define separate __iomem, __percpu and __rcu address spaces (lots of code to patch)
++ *
++ * BUGS:
++ * - none known
++ */
++#include "gcc-plugin.h"
++#include "config.h"
++#include "system.h"
++#include "coretypes.h"
++#include "tree.h"
++#include "tree-pass.h"
++#include "intl.h"
++#include "plugin-version.h"
++#include "tm.h"
++#include "toplev.h"
++#include "basic-block.h"
++#include "gimple.h"
++//#include "expr.h" where are you...
++#include "diagnostic.h"
++#include "rtl.h"
++#include "emit-rtl.h"
++#include "function.h"
++#include "tree-flow.h"
++#include "target.h"
++
++extern void c_register_addr_space (const char *str, addr_space_t as);
++extern enum machine_mode default_addr_space_pointer_mode (addr_space_t);
++extern enum machine_mode default_addr_space_address_mode (addr_space_t);
++extern bool default_addr_space_valid_pointer_mode(enum machine_mode mode, addr_space_t as);
++extern bool default_addr_space_legitimate_address_p(enum machine_mode mode, rtx mem, bool strict, addr_space_t as);
++extern rtx default_addr_space_legitimize_address(rtx x, rtx oldx, enum machine_mode mode, addr_space_t as);
++
++extern void print_gimple_stmt(FILE *, gimple, int, int);
++extern rtx emit_move_insn(rtx x, rtx y);
++
++int plugin_is_GPL_compatible;
++
++static struct plugin_info checker_plugin_info = {
++ .version = "201110031940",
++};
++
++#define ADDR_SPACE_KERNEL 0
++#define ADDR_SPACE_FORCE_KERNEL 1
++#define ADDR_SPACE_USER 2
++#define ADDR_SPACE_FORCE_USER 3
++#define ADDR_SPACE_IOMEM 0
++#define ADDR_SPACE_FORCE_IOMEM 0
++#define ADDR_SPACE_PERCPU 0
++#define ADDR_SPACE_FORCE_PERCPU 0
++#define ADDR_SPACE_RCU 0
++#define ADDR_SPACE_FORCE_RCU 0
++
++static enum machine_mode checker_addr_space_pointer_mode(addr_space_t addrspace)
++{
++ return default_addr_space_pointer_mode(ADDR_SPACE_GENERIC);
++}
++
++static enum machine_mode checker_addr_space_address_mode(addr_space_t addrspace)
++{
++ return default_addr_space_address_mode(ADDR_SPACE_GENERIC);
++}
++
++static bool checker_addr_space_valid_pointer_mode(enum machine_mode mode, addr_space_t as)
++{
++ return default_addr_space_valid_pointer_mode(mode, as);
++}
++
++static bool checker_addr_space_legitimate_address_p(enum machine_mode mode, rtx mem, bool strict, addr_space_t as)
++{
++ return default_addr_space_legitimate_address_p(mode, mem, strict, ADDR_SPACE_GENERIC);
++}
++
++static rtx checker_addr_space_legitimize_address(rtx x, rtx oldx, enum machine_mode mode, addr_space_t as)
++{
++ return default_addr_space_legitimize_address(x, oldx, mode, as);
++}
++
++static bool checker_addr_space_subset_p(addr_space_t subset, addr_space_t superset)
++{
++ if (subset == ADDR_SPACE_FORCE_KERNEL && superset == ADDR_SPACE_KERNEL)
++ return true;
++
++ if (subset == ADDR_SPACE_FORCE_USER && superset == ADDR_SPACE_USER)
++ return true;
++
++ if (subset == ADDR_SPACE_FORCE_IOMEM && superset == ADDR_SPACE_IOMEM)
++ return true;
++
++ if (subset == ADDR_SPACE_KERNEL && superset == ADDR_SPACE_FORCE_USER)
++ return true;
++
++ if (subset == ADDR_SPACE_KERNEL && superset == ADDR_SPACE_FORCE_IOMEM)
++ return true;
++
++ if (subset == ADDR_SPACE_USER && superset == ADDR_SPACE_FORCE_KERNEL)
++ return true;
++
++ if (subset == ADDR_SPACE_IOMEM && superset == ADDR_SPACE_FORCE_KERNEL)
++ return true;
++
++ return subset == superset;
++}
++
++static rtx checker_addr_space_convert(rtx op, tree from_type, tree to_type)
++{
++// addr_space_t from_as = TYPE_ADDR_SPACE(TREE_TYPE(from_type));
++// addr_space_t to_as = TYPE_ADDR_SPACE(TREE_TYPE(to_type));
++
++ return op;
++}
++
++static void register_checker_address_spaces(void *event_data, void *data)
++{
++ c_register_addr_space("__kernel", ADDR_SPACE_KERNEL);
++ c_register_addr_space("__force_kernel", ADDR_SPACE_FORCE_KERNEL);
++ c_register_addr_space("__user", ADDR_SPACE_USER);
++ c_register_addr_space("__force_user", ADDR_SPACE_FORCE_USER);
++// c_register_addr_space("__iomem", ADDR_SPACE_IOMEM);
++// c_register_addr_space("__force_iomem", ADDR_SPACE_FORCE_IOMEM);
++// c_register_addr_space("__percpu", ADDR_SPACE_PERCPU);
++// c_register_addr_space("__force_percpu", ADDR_SPACE_FORCE_PERCPU);
++// c_register_addr_space("__rcu", ADDR_SPACE_RCU);
++// c_register_addr_space("__force_rcu", ADDR_SPACE_FORCE_RCU);
++
++ targetm.addr_space.pointer_mode = checker_addr_space_pointer_mode;
++ targetm.addr_space.address_mode = checker_addr_space_address_mode;
++ targetm.addr_space.valid_pointer_mode = checker_addr_space_valid_pointer_mode;
++ targetm.addr_space.legitimate_address_p = checker_addr_space_legitimate_address_p;
++// targetm.addr_space.legitimize_address = checker_addr_space_legitimize_address;
++ targetm.addr_space.subset_p = checker_addr_space_subset_p;
++ targetm.addr_space.convert = checker_addr_space_convert;
++}
++
++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
++{
++ const char * const plugin_name = plugin_info->base_name;
++ const int argc = plugin_info->argc;
++ const struct plugin_argument * const argv = plugin_info->argv;
++ int i;
++
++ if (!plugin_default_version_check(version, &gcc_version)) {
++ error(G_("incompatible gcc/plugin versions"));
++ return 1;
++ }
++
++ register_callback(plugin_name, PLUGIN_INFO, NULL, &checker_plugin_info);
++
++ for (i = 0; i < argc; ++i)
++ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
++
++ if (TARGET_64BIT == 0)
++ return 0;
++
++ register_callback (plugin_name, PLUGIN_PRAGMAS, register_checker_address_spaces, NULL);
++
++ return 0;
++}
diff -urNp linux-2.6.32.46/tools/gcc/constify_plugin.c linux-2.6.32.46/tools/gcc/constify_plugin.c
--- linux-2.6.32.46/tools/gcc/constify_plugin.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-2.6.32.46/tools/gcc/constify_plugin.c 2011-08-30 18:19:52.000000000 -0400
@@ -79267,10 +81071,456 @@ diff -urNp linux-2.6.32.46/tools/gcc/constify_plugin.c linux-2.6.32.46/tools/gcc
+
+ return 0;
+}
+diff -urNp linux-2.6.32.46/tools/gcc/kallocstat_plugin.c linux-2.6.32.46/tools/gcc/kallocstat_plugin.c
+--- linux-2.6.32.46/tools/gcc/kallocstat_plugin.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.32.46/tools/gcc/kallocstat_plugin.c 2011-10-06 09:37:16.000000000 -0400
+@@ -0,0 +1,165 @@
++/*
++ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
++ * Licensed under the GPL v2
++ *
++ * Note: the choice of the license means that the compilation process is
++ * NOT 'eligible' as defined by gcc's library exception to the GPL v3,
++ * but for the kernel it doesn't matter since it doesn't link against
++ * any of the gcc libraries
++ *
++ * gcc plugin to find the distribution of k*alloc sizes
++ *
++ * TODO:
++ *
++ * BUGS:
++ * - none known
++ */
++#include "gcc-plugin.h"
++#include "config.h"
++#include "system.h"
++#include "coretypes.h"
++#include "tree.h"
++#include "tree-pass.h"
++#include "intl.h"
++#include "plugin-version.h"
++#include "tm.h"
++#include "toplev.h"
++#include "basic-block.h"
++#include "gimple.h"
++//#include "expr.h" where are you...
++#include "diagnostic.h"
++#include "rtl.h"
++#include "emit-rtl.h"
++#include "function.h"
++
++extern void print_gimple_stmt(FILE *, gimple, int, int);
++
++int plugin_is_GPL_compatible;
++
++static const char * const kalloc_functions[] = {
++ "__kmalloc",
++ "kmalloc",
++ "kmalloc_large",
++ "kmalloc_node",
++ "kmalloc_order",
++ "kmalloc_order_trace",
++ "kmalloc_slab",
++ "kzalloc",
++ "kzalloc_node",
++};
++
++static struct plugin_info kallocstat_plugin_info = {
++ .version = "201109121100",
++};
++
++static unsigned int execute_kallocstat(void);
++
++static struct gimple_opt_pass kallocstat_pass = {
++ .pass = {
++ .type = GIMPLE_PASS,
++ .name = "kallocstat",
++ .gate = NULL,
++ .execute = execute_kallocstat,
++ .sub = NULL,
++ .next = NULL,
++ .static_pass_number = 0,
++ .tv_id = TV_NONE,
++ .properties_required = 0,
++ .properties_provided = 0,
++ .properties_destroyed = 0,
++ .todo_flags_start = 0,
++ .todo_flags_finish = 0
++ }
++};
++
++static bool is_kalloc(const char *fnname)
++{
++ size_t i;
++
++ for (i = 0; i < ARRAY_SIZE(kalloc_functions); i++)
++ if (!strcmp(fnname, kalloc_functions[i]))
++ return true;
++ return false;
++}
++
++static unsigned int execute_kallocstat(void)
++{
++ basic_block bb;
++
++ // 1. loop through BBs and GIMPLE statements
++ FOR_EACH_BB(bb) {
++ gimple_stmt_iterator gsi;
++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
++ // gimple match:
++ tree fndecl, size;
++ gimple call_stmt;
++ const char *fnname;
++
++ // is it a call
++ call_stmt = gsi_stmt(gsi);
++ if (!is_gimple_call(call_stmt))
++ continue;
++ fndecl = gimple_call_fndecl(call_stmt);
++ if (fndecl == NULL_TREE)
++ continue;
++ if (TREE_CODE(fndecl) != FUNCTION_DECL)
++ continue;
++
++ // is it a call to k*alloc
++ fnname = IDENTIFIER_POINTER(DECL_NAME(fndecl));
++ if (!is_kalloc(fnname))
++ continue;
++
++ // is the size arg the result of a simple const assignment
++ size = gimple_call_arg(call_stmt, 0);
++ while (true) {
++ gimple def_stmt;
++ expanded_location xloc;
++ size_t size_val;
++
++ if (TREE_CODE(size) != SSA_NAME)
++ break;
++ def_stmt = SSA_NAME_DEF_STMT(size);
++ if (!def_stmt || !is_gimple_assign(def_stmt))
++ break;
++ if (gimple_num_ops(def_stmt) != 2)
++ break;
++ size = gimple_assign_rhs1(def_stmt);
++ if (!TREE_CONSTANT(size))
++ continue;
++ xloc = expand_location(gimple_location(def_stmt));
++ if (!xloc.file)
++ xloc = expand_location(DECL_SOURCE_LOCATION(current_function_decl));
++ size_val = TREE_INT_CST_LOW(size);
++ fprintf(stderr, "kallocsize: %8zu %8zx %s %s:%u\n", size_val, size_val, fnname, xloc.file, xloc.line);
++ break;
++ }
++//print_gimple_stmt(stderr, call_stmt, 0, TDF_LINENO);
++//debug_tree(gimple_call_fn(call_stmt));
++//print_node(stderr, "pax", fndecl, 4);
++ }
++ }
++
++ return 0;
++}
++
++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
++{
++ const char * const plugin_name = plugin_info->base_name;
++ struct register_pass_info kallocstat_pass_info = {
++ .pass = &kallocstat_pass.pass,
++ .reference_pass_name = "ssa",
++ .ref_pass_instance_number = 0,
++ .pos_op = PASS_POS_INSERT_AFTER
++ };
++
++ if (!plugin_default_version_check(version, &gcc_version)) {
++ error(G_("incompatible gcc/plugin versions"));
++ return 1;
++ }
++
++ register_callback(plugin_name, PLUGIN_INFO, NULL, &kallocstat_plugin_info);
++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kallocstat_pass_info);
++
++ return 0;
++}
+diff -urNp linux-2.6.32.46/tools/gcc/kernexec_plugin.c linux-2.6.32.46/tools/gcc/kernexec_plugin.c
+--- linux-2.6.32.46/tools/gcc/kernexec_plugin.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.32.46/tools/gcc/kernexec_plugin.c 2011-10-06 09:37:16.000000000 -0400
+@@ -0,0 +1,273 @@
++/*
++ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
++ * Licensed under the GPL v2
++ *
++ * Note: the choice of the license means that the compilation process is
++ * NOT 'eligible' as defined by gcc's library exception to the GPL v3,
++ * but for the kernel it doesn't matter since it doesn't link against
++ * any of the gcc libraries
++ *
++ * gcc plugin to make KERNEXEC/amd64 almost as good as it is on i386
++ *
++ * TODO:
++ *
++ * BUGS:
++ * - none known
++ */
++#include "gcc-plugin.h"
++#include "config.h"
++#include "system.h"
++#include "coretypes.h"
++#include "tree.h"
++#include "tree-pass.h"
++#include "intl.h"
++#include "plugin-version.h"
++#include "tm.h"
++#include "toplev.h"
++#include "basic-block.h"
++#include "gimple.h"
++//#include "expr.h" where are you...
++#include "diagnostic.h"
++#include "rtl.h"
++#include "emit-rtl.h"
++#include "function.h"
++#include "tree-flow.h"
++
++extern void print_gimple_stmt(FILE *, gimple, int, int);
++extern rtx emit_move_insn(rtx x, rtx y);
++
++int plugin_is_GPL_compatible;
++
++static struct plugin_info kernexec_plugin_info = {
++ .version = "201110032145",
++};
++
++static unsigned int execute_kernexec_fptr(void);
++static unsigned int execute_kernexec_retaddr(void);
++static bool kernexec_cmodel_check(void);
++
++static struct gimple_opt_pass kernexec_fptr_pass = {
++ .pass = {
++ .type = GIMPLE_PASS,
++ .name = "kernexec_fptr",
++ .gate = kernexec_cmodel_check,
++ .execute = execute_kernexec_fptr,
++ .sub = NULL,
++ .next = NULL,
++ .static_pass_number = 0,
++ .tv_id = TV_NONE,
++ .properties_required = 0,
++ .properties_provided = 0,
++ .properties_destroyed = 0,
++ .todo_flags_start = 0,
++ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa_no_phi
++ }
++};
++
++static struct rtl_opt_pass kernexec_retaddr_pass = {
++ .pass = {
++ .type = RTL_PASS,
++ .name = "kernexec_retaddr",
++ .gate = kernexec_cmodel_check,
++ .execute = execute_kernexec_retaddr,
++ .sub = NULL,
++ .next = NULL,
++ .static_pass_number = 0,
++ .tv_id = TV_NONE,
++ .properties_required = 0,
++ .properties_provided = 0,
++ .properties_destroyed = 0,
++ .todo_flags_start = 0,
++ .todo_flags_finish = TODO_dump_func | TODO_ggc_collect
++ }
++};
++
++static bool kernexec_cmodel_check(void)
++{
++ tree section;
++
++ if (ix86_cmodel != CM_KERNEL)
++ return false;
++
++ section = lookup_attribute("__section__", DECL_ATTRIBUTES(current_function_decl));
++ if (!section || !TREE_VALUE(section))
++ return true;
++
++ section = TREE_VALUE(TREE_VALUE(section));
++ if (strncmp(TREE_STRING_POINTER(section), ".vsyscall_", 10))
++ return true;
++
++ return false;
++}
++
++/*
++ * add special KERNEXEC instrumentation: force MSB of fptr to 1, which will produce
++ * a non-canonical address from a userland ptr and will just trigger a GPF on dereference
++ */
++static void kernexec_instrument_fptr(gimple_stmt_iterator gsi)
++{
++ gimple assign_intptr, assign_new_fptr, call_stmt;
++ tree intptr, old_fptr, new_fptr, kernexec_mask;
++
++ call_stmt = gsi_stmt(gsi);
++ old_fptr = gimple_call_fn(call_stmt);
++
++ // create temporary unsigned long variable used for bitops and cast fptr to it
++ intptr = create_tmp_var(long_unsigned_type_node, NULL);
++ add_referenced_var(intptr);
++ mark_sym_for_renaming(intptr);
++ assign_intptr = gimple_build_assign(intptr, fold_convert(long_unsigned_type_node, old_fptr));
++ update_stmt(assign_intptr);
++ gsi_insert_before(&gsi, assign_intptr, GSI_SAME_STMT);
++
++ // apply logical or to temporary unsigned long and bitmask
++ kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0x8000000000000000LL);
++// kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0xffffffff80000000LL);
++ assign_intptr = gimple_build_assign(intptr, fold_build2(BIT_IOR_EXPR, long_long_unsigned_type_node, intptr, kernexec_mask));
++ update_stmt(assign_intptr);
++ gsi_insert_before(&gsi, assign_intptr, GSI_SAME_STMT);
++
++ // cast temporary unsigned long back to a temporary fptr variable
++ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), NULL);
++ add_referenced_var(new_fptr);
++ mark_sym_for_renaming(new_fptr);
++ assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr));
++ update_stmt(assign_new_fptr);
++ gsi_insert_before(&gsi, assign_new_fptr, GSI_SAME_STMT);
++
++ // replace call stmt fn with the new fptr
++ gimple_call_set_fn(call_stmt, new_fptr);
++ update_stmt(call_stmt);
++}
++
++/*
++ * find all C level function pointer dereferences and forcibly set the highest bit of the pointer
++ */
++static unsigned int execute_kernexec_fptr(void)
++{
++ basic_block bb;
++ gimple_stmt_iterator gsi;
++
++ // 1. loop through BBs and GIMPLE statements
++ FOR_EACH_BB(bb) {
++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
++ // gimple match: h_1 = get_fptr (); D.2709_3 = h_1 (x_2(D));
++ tree fn;
++ gimple call_stmt;
++
++ // is it a call ...
++ call_stmt = gsi_stmt(gsi);
++ if (!is_gimple_call(call_stmt))
++ continue;
++ fn = gimple_call_fn(call_stmt);
++ if (TREE_CODE(fn) == ADDR_EXPR)
++ continue;
++ if (TREE_CODE(fn) != SSA_NAME)
++ gcc_unreachable();
++
++ // ... through a function pointer
++ fn = SSA_NAME_VAR(fn);
++ if (TREE_CODE(fn) != VAR_DECL && TREE_CODE(fn) != PARM_DECL)
++ continue;
++ fn = TREE_TYPE(fn);
++ if (TREE_CODE(fn) != POINTER_TYPE)
++ continue;
++ fn = TREE_TYPE(fn);
++ if (TREE_CODE(fn) != FUNCTION_TYPE)
++ continue;
++
++ kernexec_instrument_fptr(gsi);
++
++//debug_tree(gimple_call_fn(call_stmt));
++//print_gimple_stmt(stderr, call_stmt, 0, TDF_LINENO);
++ }
++ }
++
++ return 0;
++}
++
++// add special KERNEXEC instrumentation: btsq $63,(%rsp) just before retn
++static void kernexec_instrument_retaddr(rtx insn)
++{
++ rtx btsq;
++ rtvec argvec, constraintvec, labelvec;
++ int line;
++
++ // create asm volatile("btsq $63,(%%rsp)":::)
++ argvec = rtvec_alloc(0);
++ constraintvec = rtvec_alloc(0);
++ labelvec = rtvec_alloc(0);
++ line = expand_location(RTL_LOCATION(insn)).line;
++ btsq = gen_rtx_ASM_OPERANDS(VOIDmode, "btsq $63,(%%rsp)", empty_string, 0, argvec, constraintvec, labelvec, line);
++ MEM_VOLATILE_P(btsq) = 1;
++ RTX_FRAME_RELATED_P(btsq) = 1;
++ emit_insn_before(btsq, insn);
++}
++
++/*
++ * find all asm level function returns and forcibly set the highest bit of the return address
++ */
++static unsigned int execute_kernexec_retaddr(void)
++{
++ rtx insn;
++
++ // 1. find function returns
++ for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) {
++ // rtl match: (jump_insn 41 40 42 2 (return) fptr.c:42 634 {return_internal} (nil))
++ // (jump_insn 12 9 11 2 (parallel [ (return) (unspec [ (0) ] UNSPEC_REP) ]) fptr.c:46 635 {return_internal_long} (nil))
++ rtx body;
++
++ // is it a retn
++ if (!JUMP_P(insn))
++ continue;
++ body = PATTERN(insn);
++ if (GET_CODE(body) == PARALLEL)
++ body = XVECEXP(body, 0, 0);
++ if (GET_CODE(body) != RETURN)
++ continue;
++ kernexec_instrument_retaddr(insn);
++ }
++
++// print_simple_rtl(stderr, get_insns());
++// print_rtl(stderr, get_insns());
++
++ return 0;
++}
++
++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
++{
++ const char * const plugin_name = plugin_info->base_name;
++ const int argc = plugin_info->argc;
++ const struct plugin_argument * const argv = plugin_info->argv;
++ int i;
++ struct register_pass_info kernexec_fptr_pass_info = {
++ .pass = &kernexec_fptr_pass.pass,
++ .reference_pass_name = "ssa",
++ .ref_pass_instance_number = 0,
++ .pos_op = PASS_POS_INSERT_AFTER
++ };
++ struct register_pass_info kernexec_retaddr_pass_info = {
++ .pass = &kernexec_retaddr_pass.pass,
++ .reference_pass_name = "pro_and_epilogue",
++ .ref_pass_instance_number = 0,
++ .pos_op = PASS_POS_INSERT_AFTER
++ };
++
++ if (!plugin_default_version_check(version, &gcc_version)) {
++ error(G_("incompatible gcc/plugin versions"));
++ return 1;
++ }
++
++ register_callback(plugin_name, PLUGIN_INFO, NULL, &kernexec_plugin_info);
++
++ for (i = 0; i < argc; ++i)
++ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
++
++ if (TARGET_64BIT == 0)
++ return 0;
++
++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_fptr_pass_info);
++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_retaddr_pass_info);
++
++ return 0;
++}
diff -urNp linux-2.6.32.46/tools/gcc/Makefile linux-2.6.32.46/tools/gcc/Makefile
--- linux-2.6.32.46/tools/gcc/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/tools/gcc/Makefile 2011-08-05 20:33:55.000000000 -0400
-@@ -0,0 +1,12 @@
++++ linux-2.6.32.46/tools/gcc/Makefile 2011-10-06 09:37:14.000000000 -0400
+@@ -0,0 +1,21 @@
+#CC := gcc
+#PLUGIN_SOURCE_FILES := pax_plugin.c
+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
@@ -79279,14 +81529,23 @@ diff -urNp linux-2.6.32.46/tools/gcc/Makefile linux-2.6.32.46/tools/gcc/Makefile
+
+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include
+
-+hostlibs-y := stackleak_plugin.so constify_plugin.so
++hostlibs-y := constify_plugin.so
++hostlibs-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so
++hostlibs-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so
++hostlibs-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so
++hostlibs-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so
++
+always := $(hostlibs-y)
++
+stackleak_plugin-objs := stackleak_plugin.o
+constify_plugin-objs := constify_plugin.o
++kallocstat_plugin-objs := kallocstat_plugin.o
++kernexec_plugin-objs := kernexec_plugin.o
++checker_plugin-objs := checker_plugin.o
diff -urNp linux-2.6.32.46/tools/gcc/stackleak_plugin.c linux-2.6.32.46/tools/gcc/stackleak_plugin.c
--- linux-2.6.32.46/tools/gcc/stackleak_plugin.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/tools/gcc/stackleak_plugin.c 2011-08-23 20:24:26.000000000 -0400
-@@ -0,0 +1,243 @@
++++ linux-2.6.32.46/tools/gcc/stackleak_plugin.c 2011-10-06 09:37:14.000000000 -0400
+@@ -0,0 +1,251 @@
+/*
+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -79304,7 +81563,7 @@ diff -urNp linux-2.6.32.46/tools/gcc/stackleak_plugin.c linux-2.6.32.46/tools/gc
+ * - initialize all local variables
+ *
+ * BUGS:
-+ * - cloned functions are instrumented twice
++ * - none known
+ */
+#include "gcc-plugin.h"
+#include "config.h"
@@ -79331,7 +81590,7 @@ diff -urNp linux-2.6.32.46/tools/gcc/stackleak_plugin.c linux-2.6.32.46/tools/gc
+static bool init_locals;
+
+static struct plugin_info stackleak_plugin_info = {
-+ .version = "201106030000",
++ .version = "201109112100",
+ .help = "track-lowest-sp=nn\ttrack sp in functions whose frame size is at least nn bytes\n"
+// "initialize-locals\t\tforcibly initialize all stack frames\n"
+};
@@ -79354,7 +81613,7 @@ diff -urNp linux-2.6.32.46/tools/gcc/stackleak_plugin.c linux-2.6.32.46/tools/gc
+ .properties_provided = 0,
+ .properties_destroyed = 0,
+ .todo_flags_start = 0, //TODO_verify_ssa | TODO_verify_flow | TODO_verify_stmts,
-+ .todo_flags_finish = TODO_verify_stmts // | TODO_dump_func
++ .todo_flags_finish = TODO_verify_stmts | TODO_dump_func
+ }
+};
+
@@ -79372,7 +81631,7 @@ diff -urNp linux-2.6.32.46/tools/gcc/stackleak_plugin.c linux-2.6.32.46/tools/gc
+ .properties_provided = 0,
+ .properties_destroyed = 0,
+ .todo_flags_start = 0,
-+ .todo_flags_finish = 0
++ .todo_flags_finish = TODO_dump_func
+ }
+};
+
@@ -79384,13 +81643,13 @@ diff -urNp linux-2.6.32.46/tools/gcc/stackleak_plugin.c linux-2.6.32.46/tools/gc
+static void stackleak_add_instrumentation(gimple_stmt_iterator *gsi, bool before)
+{
+ gimple call;
-+ tree decl, type;
++ tree fndecl, type;
+
+ // insert call to void pax_track_stack(void)
+ type = build_function_type_list(void_type_node, NULL_TREE);
-+ decl = build_fn_decl(track_function, type);
-+ DECL_ASSEMBLER_NAME(decl); // for LTO
-+ call = gimple_build_call(decl, 0);
++ fndecl = build_fn_decl(track_function, type);
++ DECL_ASSEMBLER_NAME(fndecl); // for LTO
++ call = gimple_build_call(fndecl, 0);
+ if (before)
+ gsi_insert_before(gsi, call, GSI_CONTINUE_LINKING);
+ else
@@ -79399,40 +81658,46 @@ diff -urNp linux-2.6.32.46/tools/gcc/stackleak_plugin.c linux-2.6.32.46/tools/gc
+
+static unsigned int execute_stackleak_tree_instrument(void)
+{
-+ basic_block bb;
++ basic_block bb, entry_bb;
+ gimple_stmt_iterator gsi;
++ bool prologue_instrumented = false;
++
++ entry_bb = ENTRY_BLOCK_PTR_FOR_FUNCTION(cfun)->next_bb;
+
+ // 1. loop through BBs and GIMPLE statements
+ FOR_EACH_BB(bb) {
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
+ // gimple match: align 8 built-in BUILT_IN_NORMAL:BUILT_IN_ALLOCA attributes <tree_list 0xb7576450>
-+ tree decl;
++ tree fndecl;
+ gimple stmt = gsi_stmt(gsi);
+
+ if (!is_gimple_call(stmt))
+ continue;
-+ decl = gimple_call_fndecl(stmt);
-+ if (!decl)
++ fndecl = gimple_call_fndecl(stmt);
++ if (!fndecl)
+ continue;
-+ if (TREE_CODE(decl) != FUNCTION_DECL)
++ if (TREE_CODE(fndecl) != FUNCTION_DECL)
+ continue;
-+ if (!DECL_BUILT_IN(decl))
++ if (!DECL_BUILT_IN(fndecl))
+ continue;
-+ if (DECL_BUILT_IN_CLASS(decl) != BUILT_IN_NORMAL)
++ if (DECL_BUILT_IN_CLASS(fndecl) != BUILT_IN_NORMAL)
+ continue;
-+ if (DECL_FUNCTION_CODE(decl) != BUILT_IN_ALLOCA)
++ if (DECL_FUNCTION_CODE(fndecl) != BUILT_IN_ALLOCA)
+ continue;
+
+ // 2. insert track call after each __builtin_alloca call
+ stackleak_add_instrumentation(&gsi, false);
-+// print_node(stderr, "pax", decl, 4);
++ if (bb == entry_bb)
++ prologue_instrumented = true;
++// print_node(stderr, "pax", fndecl, 4);
+ }
+ }
+
+ // 3. insert track call at the beginning
-+ bb = ENTRY_BLOCK_PTR_FOR_FUNCTION(cfun)->next_bb;
-+ gsi = gsi_start_bb(bb);
-+ stackleak_add_instrumentation(&gsi, true);
++ if (!prologue_instrumented) {
++ gsi = gsi_start_bb(entry_bb);
++ stackleak_add_instrumentation(&gsi, true);
++ }
+
+ return 0;
+}
@@ -79444,6 +81709,10 @@ diff -urNp linux-2.6.32.46/tools/gcc/stackleak_plugin.c linux-2.6.32.46/tools/gc
+ if (cfun->calls_alloca)
+ return 0;
+
++ // keep calls only if function frame is big enough
++ if (get_frame_size() >= track_frame_size)
++ return 0;
++
+ // 1. find pax_track_stack calls
+ for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) {
+ // rtl match: (call_insn 8 7 9 3 (call (mem (symbol_ref ("pax_track_stack") [flags 0x41] <function_decl 0xb7470e80 pax_track_stack>) [0 S1 A8]) (4)) -1 (nil) (nil))
@@ -79463,9 +81732,7 @@ diff -urNp linux-2.6.32.46/tools/gcc/stackleak_plugin.c linux-2.6.32.46/tools/gc
+ if (strcmp(XSTR(body, 0), track_function))
+ continue;
+// warning(0, "track_frame_size: %d %ld %d", cfun->calls_alloca, get_frame_size(), track_frame_size);
-+ // 2. delete call if function frame is not big enough
-+ if (get_frame_size() >= track_frame_size)
-+ continue;
++ // 2. delete call
+ delete_insn_and_edges(insn);
+ }
+
diff --git a/2.6.32/4425_grsec-pax-without-grsec.patch b/2.6.32/4425_grsec-pax-without-grsec.patch
index cc3b6ca..96b85a3 100644
--- a/2.6.32/4425_grsec-pax-without-grsec.patch
+++ b/2.6.32/4425_grsec-pax-without-grsec.patch
@@ -77,7 +77,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/fs/exec.c linux-2.6.32-hardened-r44/fs
diff -Naur linux-2.6.32-hardened-r44.orig/security/Kconfig linux-2.6.32-hardened-r44/security/Kconfig
--- linux-2.6.32-hardened-r44.orig/security/Kconfig 2011-04-17 18:15:55.000000000 -0400
+++ linux-2.6.32-hardened-r44/security/Kconfig 2011-04-17 18:28:11.000000000 -0400
-@@ -26,7 +26,7 @@
+@@ -29,7 +29,7 @@
config PAX
bool "Enable various PaX features"
diff --git a/2.6.32/4435_grsec-kconfig-gentoo.patch b/2.6.32/4435_grsec-kconfig-gentoo.patch
index a2b16d6..0bb8941 100644
--- a/2.6.32/4435_grsec-kconfig-gentoo.patch
+++ b/2.6.32/4435_grsec-kconfig-gentoo.patch
@@ -15,9 +15,9 @@ and conflicts with some software and thus would be less suitable.
The original version of this patch was conceived and created by:
Ned Ludd <solar@gentoo.org>
-diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-hardened-r44/grsecurity/Kconfig
---- linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig 2011-04-17 18:41:22.000000000 -0400
-+++ linux-2.6.32-hardened-r44/grsecurity/Kconfig 2011-04-17 18:42:14.000000000 -0400
+diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
+--- a/grsecurity/Kconfig 2011-04-17 18:41:22.000000000 -0400
++++ b/grsecurity/Kconfig 2011-04-17 18:42:14.000000000 -0400
@@ -18,7 +18,7 @@
choice
prompt "Security Level"
@@ -286,21 +286,22 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden
config GRKERNSEC_CUSTOM
bool "Custom"
help
-diff -Naur linux-2.6.32-hardened-r44.orig/security/Kconfig linux-2.6.32-hardened-r44/security/Kconfig
---- linux-2.6.32-hardened-r44.orig/security/Kconfig 2011-04-17 18:36:55.000000000 -0400
-+++ linux-2.6.32-hardened-r44/security/Kconfig 2011-04-17 18:42:14.000000000 -0400
-@@ -319,8 +319,9 @@
+diff -Naur a/security/Kconfig b/security/Kconfig
+--- a/security/Kconfig 2011-04-17 18:36:55.000000000 -0400
++++ b/security/Kconfig 2011-04-17 18:42:14.000000000 -0400
+@@ -322,9 +322,10 @@
config PAX_KERNEXEC
bool "Enforce non-executable kernel pages"
-- depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
-+ depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN && !GRKERNSEC_HARDENED_VIRTUALIZATION
+- depends on (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
++ depends on (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN && !GRKERNSEC_HARDENED_VIRTUALIZATION
select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
+ select PAX_KERNEXEC_PLUGIN if X86_64
+ default y if GRKERNSEC_HARDENED_WORKSTATION
help
This is the kernel land equivalent of PAGEEXEC and MPROTECT,
that is, enabling this option will make it harder to inject
-@@ -483,8 +484,9 @@
+@@ -487,8 +488,9 @@
config PAX_MEMORY_UDEREF
bool "Prevent invalid userland pointer dereference"
diff --git a/3.0.4/0000_README b/3.0.4/0000_README
index 5afed8c..ccc36e4 100644
--- a/3.0.4/0000_README
+++ b/3.0.4/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-3.0.4-201109261052.patch
+Patch: 4420_grsecurity-2.2.2-3.0.4-201110060421.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201110060421.patch
similarity index 95%
rename from 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch
rename to 3.0.4/4420_grsecurity-2.2.2-3.0.4-201110060421.patch
index cce98cf..51e088f 100644
--- a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch
+++ b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201110060421.patch
@@ -5591,71 +5591,80 @@ diff -urNp linux-3.0.4/arch/x86/boot/video-vesa.c linux-3.0.4/arch/x86/boot/vide
/*
diff -urNp linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S
--- linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -71,6 +71,12 @@ FUNC: movq r1,r2; \
++++ linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -8,6 +8,8 @@
+ * including this sentence is retained in full.
+ */
+
++#include <asm/alternative-asm.h>
++
+ .extern crypto_ft_tab
+ .extern crypto_it_tab
+ .extern crypto_fl_tab
+@@ -71,6 +73,8 @@ FUNC: movq r1,r2; \
je B192; \
leaq 32(r9),r9;
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+#define ret orb $0x80, 0x7(%rsp); ret
-+#else
-+#define ret ret
-+#endif
++#define ret pax_force_retaddr; ret
+
#define epilogue(r1,r2,r3,r4,r5,r6,r7,r8,r9) \
movq r1,r2; \
movq r3,r4; \
diff -urNp linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S
--- linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -790,6 +790,9 @@ ECRYPT_encrypt_bytes:
++++ linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -1,3 +1,5 @@
++#include <asm/alternative-asm.h>
++
+ # enter ECRYPT_encrypt_bytes
+ .text
+ .p2align 5
+@@ -790,6 +792,7 @@ ECRYPT_encrypt_bytes:
add %r11,%rsp
mov %rdi,%rax
mov %rsi,%rdx
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
# bytesatleast65:
._bytesatleast65:
-@@ -891,6 +894,9 @@ ECRYPT_keysetup:
+@@ -891,6 +894,7 @@ ECRYPT_keysetup:
add %r11,%rsp
mov %rdi,%rax
mov %rsi,%rdx
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
# enter ECRYPT_ivsetup
.text
-@@ -917,4 +923,7 @@ ECRYPT_ivsetup:
+@@ -917,4 +921,5 @@ ECRYPT_ivsetup:
add %r11,%rsp
mov %rdi,%rax
mov %rsi,%rdx
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
diff -urNp linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S
--- linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -269,6 +269,9 @@ twofish_enc_blk:
++++ linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -21,6 +21,7 @@
+ .text
+
+ #include <asm/asm-offsets.h>
++#include <asm/alternative-asm.h>
+
+ #define a_offset 0
+ #define b_offset 4
+@@ -269,6 +270,7 @@ twofish_enc_blk:
popq R1
movq $1,%rax
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
twofish_dec_blk:
-@@ -321,4 +324,7 @@ twofish_dec_blk:
+@@ -321,4 +323,5 @@ twofish_dec_blk:
popq R1
movq $1,%rax
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
diff -urNp linux-3.0.4/arch/x86/ia32/ia32_aout.c linux-3.0.4/arch/x86/ia32/ia32_aout.c
--- linux-3.0.4/arch/x86/ia32/ia32_aout.c 2011-07-21 22:17:23.000000000 -0400
@@ -5850,7 +5859,34 @@ diff -urNp linux-3.0.4/arch/x86/ia32/ia32entry.S linux-3.0.4/arch/x86/ia32/ia32e
cmpq $(IA32_NR_syscalls-1),%rax
diff -urNp linux-3.0.4/arch/x86/ia32/ia32_signal.c linux-3.0.4/arch/x86/ia32/ia32_signal.c
--- linux-3.0.4/arch/x86/ia32/ia32_signal.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/ia32/ia32_signal.c 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/ia32/ia32_signal.c 2011-10-06 04:17:55.000000000 -0400
+@@ -167,7 +167,7 @@ asmlinkage long sys32_sigaltstack(const
+ }
+ seg = get_fs();
+ set_fs(KERNEL_DS);
+- ret = do_sigaltstack(uss_ptr ? &uss : NULL, &uoss, regs->sp);
++ ret = do_sigaltstack(uss_ptr ? (const stack_t __force_user *)&uss : NULL, (stack_t __force_user *)&uoss, regs->sp);
+ set_fs(seg);
+ if (ret >= 0 && uoss_ptr) {
+ if (!access_ok(VERIFY_WRITE, uoss_ptr, sizeof(stack_ia32_t)))
+@@ -374,7 +374,7 @@ static int ia32_setup_sigcontext(struct
+ */
+ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs,
+ size_t frame_size,
+- void **fpstate)
++ void __user **fpstate)
+ {
+ unsigned long sp;
+
+@@ -395,7 +395,7 @@ static void __user *get_sigframe(struct
+
+ if (used_math()) {
+ sp = sp - sig_xstate_ia32_size;
+- *fpstate = (struct _fpstate_ia32 *) sp;
++ *fpstate = (struct _fpstate_ia32 __user *) sp;
+ if (save_i387_xstate_ia32(*fpstate) < 0)
+ return (void __user *) -1L;
+ }
@@ -403,7 +403,7 @@ static void __user *get_sigframe(struct
sp -= frame_size;
/* Align the stack pointer according to the i386 ABI,
@@ -5865,7 +5901,7 @@ diff -urNp linux-3.0.4/arch/x86/ia32/ia32_signal.c linux-3.0.4/arch/x86/ia32/ia3
* gdb versions depend on them as a marker.
*/
- put_user_ex(*((u64 *)&code), (u64 *)frame->retcode);
-+ put_user_ex(*((const u64 *)&code), (u64 *)frame->retcode);
++ put_user_ex(*((const u64 *)&code), (u64 __user *)frame->retcode);
} put_user_catch(err);
if (err)
@@ -5896,10 +5932,99 @@ diff -urNp linux-3.0.4/arch/x86/ia32/ia32_signal.c linux-3.0.4/arch/x86/ia32/ia3
* versions need it.
*/
- put_user_ex(*((u64 *)&code), (u64 *)frame->retcode);
-+ put_user_ex(*((const u64 *)&code), (u64 *)frame->retcode);
++ put_user_ex(*((const u64 *)&code), (u64 __user *)frame->retcode);
} put_user_catch(err);
if (err)
+diff -urNp linux-3.0.4/arch/x86/ia32/sys_ia32.c linux-3.0.4/arch/x86/ia32/sys_ia32.c
+--- linux-3.0.4/arch/x86/ia32/sys_ia32.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/ia32/sys_ia32.c 2011-10-06 04:17:55.000000000 -0400
+@@ -69,8 +69,8 @@ asmlinkage long sys32_ftruncate64(unsign
+ */
+ static int cp_stat64(struct stat64 __user *ubuf, struct kstat *stat)
+ {
+- typeof(ubuf->st_uid) uid = 0;
+- typeof(ubuf->st_gid) gid = 0;
++ typeof(((struct stat64 *)0)->st_uid) uid = 0;
++ typeof(((struct stat64 *)0)->st_gid) gid = 0;
+ SET_UID(uid, stat->uid);
+ SET_GID(gid, stat->gid);
+ if (!access_ok(VERIFY_WRITE, ubuf, sizeof(struct stat64)) ||
+@@ -308,8 +308,8 @@ asmlinkage long sys32_rt_sigprocmask(int
+ }
+ set_fs(KERNEL_DS);
+ ret = sys_rt_sigprocmask(how,
+- set ? (sigset_t __user *)&s : NULL,
+- oset ? (sigset_t __user *)&s : NULL,
++ set ? (sigset_t __force_user *)&s : NULL,
++ oset ? (sigset_t __force_user *)&s : NULL,
+ sigsetsize);
+ set_fs(old_fs);
+ if (ret)
+@@ -332,7 +332,7 @@ asmlinkage long sys32_alarm(unsigned int
+ return alarm_setitimer(seconds);
+ }
+
+-asmlinkage long sys32_waitpid(compat_pid_t pid, unsigned int *stat_addr,
++asmlinkage long sys32_waitpid(compat_pid_t pid, unsigned int __user *stat_addr,
+ int options)
+ {
+ return compat_sys_wait4(pid, stat_addr, options, NULL);
+@@ -353,7 +353,7 @@ asmlinkage long sys32_sched_rr_get_inter
+ mm_segment_t old_fs = get_fs();
+
+ set_fs(KERNEL_DS);
+- ret = sys_sched_rr_get_interval(pid, (struct timespec __user *)&t);
++ ret = sys_sched_rr_get_interval(pid, (struct timespec __force_user *)&t);
+ set_fs(old_fs);
+ if (put_compat_timespec(&t, interval))
+ return -EFAULT;
+@@ -369,7 +369,7 @@ asmlinkage long sys32_rt_sigpending(comp
+ mm_segment_t old_fs = get_fs();
+
+ set_fs(KERNEL_DS);
+- ret = sys_rt_sigpending((sigset_t __user *)&s, sigsetsize);
++ ret = sys_rt_sigpending((sigset_t __force_user *)&s, sigsetsize);
+ set_fs(old_fs);
+ if (!ret) {
+ switch (_NSIG_WORDS) {
+@@ -394,7 +394,7 @@ asmlinkage long sys32_rt_sigqueueinfo(in
+ if (copy_siginfo_from_user32(&info, uinfo))
+ return -EFAULT;
+ set_fs(KERNEL_DS);
+- ret = sys_rt_sigqueueinfo(pid, sig, (siginfo_t __user *)&info);
++ ret = sys_rt_sigqueueinfo(pid, sig, (siginfo_t __force_user *)&info);
+ set_fs(old_fs);
+ return ret;
+ }
+@@ -439,7 +439,7 @@ asmlinkage long sys32_sendfile(int out_f
+ return -EFAULT;
+
+ set_fs(KERNEL_DS);
+- ret = sys_sendfile(out_fd, in_fd, offset ? (off_t __user *)&of : NULL,
++ ret = sys_sendfile(out_fd, in_fd, offset ? (off_t __force_user *)&of : NULL,
+ count);
+ set_fs(old_fs);
+
+diff -urNp linux-3.0.4/arch/x86/include/asm/alternative-asm.h linux-3.0.4/arch/x86/include/asm/alternative-asm.h
+--- linux-3.0.4/arch/x86/include/asm/alternative-asm.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/include/asm/alternative-asm.h 2011-10-06 04:17:55.000000000 -0400
+@@ -15,6 +15,15 @@
+ .endm
+ #endif
+
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ .macro pax_force_retaddr rip=0
++ btsq $63,\rip(%rsp)
++ .endm
++#else
++ .macro pax_force_retaddr rip=0
++ .endm
++#endif
++
+ .macro altinstruction_entry orig alt feature orig_len alt_len
+ .align 8
+ .quad \orig
diff -urNp linux-3.0.4/arch/x86/include/asm/alternative.h linux-3.0.4/arch/x86/include/asm/alternative.h
--- linux-3.0.4/arch/x86/include/asm/alternative.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/include/asm/alternative.h 2011-08-23 21:47:55.000000000 -0400
@@ -7226,12 +7351,12 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/emergency-restart.h linux-3.0.4/arch
#endif /* _ASM_X86_EMERGENCY_RESTART_H */
diff -urNp linux-3.0.4/arch/x86/include/asm/futex.h linux-3.0.4/arch/x86/include/asm/futex.h
--- linux-3.0.4/arch/x86/include/asm/futex.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/include/asm/futex.h 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/include/asm/futex.h 2011-10-06 04:17:55.000000000 -0400
@@ -12,16 +12,18 @@
#include <asm/system.h>
#define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg) \
-+ typecheck(u32 *, uaddr); \
++ typecheck(u32 __user *, uaddr); \
asm volatile("1:\t" insn "\n" \
"2:\t.section .fixup,\"ax\"\n" \
"3:\tmov\t%3, %1\n" \
@@ -7239,11 +7364,11 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/futex.h linux-3.0.4/arch/x86/include
"\t.previous\n" \
_ASM_EXTABLE(1b, 3b) \
- : "=r" (oldval), "=r" (ret), "+m" (*uaddr) \
-+ : "=r" (oldval), "=r" (ret), "+m" (*(u32 *)____m(uaddr))\
++ : "=r" (oldval), "=r" (ret), "+m" (*(u32 __user *)____m(uaddr))\
: "i" (-EFAULT), "0" (oparg), "1" (0))
#define __futex_atomic_op2(insn, ret, oldval, uaddr, oparg) \
-+ typecheck(u32 *, uaddr); \
++ typecheck(u32 __user *, uaddr); \
asm volatile("1:\tmovl %2, %0\n" \
"\tmovl\t%0, %3\n" \
"\t" insn "\n" \
@@ -7252,7 +7377,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/futex.h linux-3.0.4/arch/x86/include
_ASM_EXTABLE(2b, 4b) \
: "=&a" (oldval), "=&r" (ret), \
- "+m" (*uaddr), "=&r" (tem) \
-+ "+m" (*(u32 *)____m(uaddr)), "=&r" (tem) \
++ "+m" (*(u32 __user *)____m(uaddr)), "=&r" (tem) \
: "r" (oparg), "i" (-EFAULT), "1" (0))
static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
@@ -7281,7 +7406,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/futex.h linux-3.0.4/arch/x86/include
"\t.previous\n"
_ASM_EXTABLE(1b, 3b)
- : "+r" (ret), "=a" (oldval), "+m" (*uaddr)
-+ : "+r" (ret), "=a" (oldval), "+m" (*(u32 *)____m(uaddr))
++ : "+r" (ret), "=a" (oldval), "+m" (*(u32 __user *)____m(uaddr))
: "i" (-EFAULT), "r" (newval), "1" (oldval)
: "memory"
);
@@ -7301,14 +7426,14 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/hw_irq.h linux-3.0.4/arch/x86/includ
extern void eisa_set_level_irq(unsigned int irq);
diff -urNp linux-3.0.4/arch/x86/include/asm/i387.h linux-3.0.4/arch/x86/include/asm/i387.h
--- linux-3.0.4/arch/x86/include/asm/i387.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/include/asm/i387.h 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/include/asm/i387.h 2011-10-06 04:17:55.000000000 -0400
@@ -92,6 +92,11 @@ static inline int fxrstor_checking(struc
{
int err;
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
+ if ((unsigned long)fx < PAX_USER_SHADOW_BASE)
-+ fx = (struct i387_fxsave_struct *)((void *)fx + PAX_USER_SHADOW_BASE);
++ fx = (struct i387_fxsave_struct __user *)((void *)fx + PAX_USER_SHADOW_BASE);
+#endif
+
/* See comment in fxsave() below. */
@@ -7758,7 +7883,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/mmu.h linux-3.0.4/arch/x86/include/a
#ifdef CONFIG_SMP
diff -urNp linux-3.0.4/arch/x86/include/asm/module.h linux-3.0.4/arch/x86/include/asm/module.h
--- linux-3.0.4/arch/x86/include/asm/module.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/include/asm/module.h 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/arch/x86/include/asm/module.h 2011-10-06 04:21:18.000000000 -0400
@@ -5,6 +5,7 @@
#ifdef CONFIG_X86_64
@@ -7767,7 +7892,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/module.h linux-3.0.4/arch/x86/includ
#elif defined CONFIG_M386
#define MODULE_PROC_FAMILY "386 "
#elif defined CONFIG_M486
-@@ -59,8 +60,30 @@
+@@ -59,8 +60,36 @@
#error unknown processor family
#endif
@@ -7783,12 +7908,18 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/module.h linux-3.0.4/arch/x86/includ
+#define MODULE_PAX_KERNEXEC "KERNEXEC "
+#else
+#define MODULE_PAX_KERNEXEC ""
- #endif
-
++#endif
++
+#ifdef CONFIG_PAX_REFCOUNT
+#define MODULE_PAX_REFCOUNT "REFCOUNT "
+#else
+#define MODULE_PAX_REFCOUNT ""
+ #endif
+
++#ifdef CONSTIFY_PLUGIN
++#define MODULE_CONSTIFY_PLUGIN "CONSTIFY_PLUGIN "
++#else
++#define MODULE_CONSTIFY_PLUGIN ""
+#endif
+
+#ifdef CONFIG_GRKERNSEC
@@ -7797,7 +7928,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/module.h linux-3.0.4/arch/x86/includ
+#define MODULE_GRSEC ""
+#endif
+
-+#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_GRSEC MODULE_PAX_KERNEXEC MODULE_PAX_UDEREF MODULE_PAX_REFCOUNT
++#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_GRSEC MODULE_PAX_KERNEXEC MODULE_PAX_UDEREF MODULE_PAX_REFCOUNT MODULE_CONSTIFY_PLUGIN
+
#endif /* _ASM_X86_MODULE_H */
diff -urNp linux-3.0.4/arch/x86/include/asm/page_64_types.h linux-3.0.4/arch/x86/include/asm/page_64_types.h
@@ -8988,6 +9119,18 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/stacktrace.h linux-3.0.4/arch/x86/in
};
void dump_trace(struct task_struct *tsk, struct pt_regs *regs,
+diff -urNp linux-3.0.4/arch/x86/include/asm/sys_ia32.h linux-3.0.4/arch/x86/include/asm/sys_ia32.h
+--- linux-3.0.4/arch/x86/include/asm/sys_ia32.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/include/asm/sys_ia32.h 2011-10-06 04:17:55.000000000 -0400
+@@ -40,7 +40,7 @@ asmlinkage long sys32_rt_sigprocmask(int
+ compat_sigset_t __user *, unsigned int);
+ asmlinkage long sys32_alarm(unsigned int);
+
+-asmlinkage long sys32_waitpid(compat_pid_t, unsigned int *, int);
++asmlinkage long sys32_waitpid(compat_pid_t, unsigned int __user *, int);
+ asmlinkage long sys32_sysfs(int, u32, u32);
+
+ asmlinkage long sys32_sched_rr_get_interval(compat_pid_t,
diff -urNp linux-3.0.4/arch/x86/include/asm/system.h linux-3.0.4/arch/x86/include/asm/system.h
--- linux-3.0.4/arch/x86/include/asm/system.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/include/asm/system.h 2011-08-23 21:47:55.000000000 -0400
@@ -9355,7 +9498,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_32.h linux-3.0.4/arch/x86/in
diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_64.h linux-3.0.4/arch/x86/include/asm/uaccess_64.h
--- linux-3.0.4/arch/x86/include/asm/uaccess_64.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/include/asm/uaccess_64.h 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/arch/x86/include/asm/uaccess_64.h 2011-10-06 04:17:55.000000000 -0400
@@ -10,6 +10,9 @@
#include <asm/alternative.h>
#include <asm/cpufeature.h>
@@ -9453,7 +9596,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_64.h linux-3.0.4/arch/x86/in
+ src += PAX_USER_SHADOW_BASE;
+#endif
+
-+ return copy_user_generic(dst, (__force const void *)src, size);
++ return copy_user_generic(dst, (__force_kernel const void *)src, size);
+ }
switch (size) {
- case 1:__get_user_asm(*(u8 *)dst, (u8 __user *)src,
@@ -9502,7 +9645,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_64.h linux-3.0.4/arch/x86/in
+ src += PAX_USER_SHADOW_BASE;
+#endif
+
-+ return copy_user_generic(dst, (__force const void *)src, size);
++ return copy_user_generic(dst, (__force_kernel const void *)src, size);
}
}
@@ -9516,6 +9659,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_64.h linux-3.0.4/arch/x86/in
might_fault();
- if (!__builtin_constant_p(size))
+- return copy_user_generic((__force void *)dst, src, size);
+
+ pax_track_stack();
+
@@ -9542,7 +9686,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_64.h linux-3.0.4/arch/x86/in
+ dst += PAX_USER_SHADOW_BASE;
+#endif
+
- return copy_user_generic((__force void *)dst, src, size);
++ return copy_user_generic((__force_kernel void *)dst, src, size);
+ }
switch (size) {
- case 1:__put_user_asm(*(u8 *)src, (u8 __user *)dst,
@@ -9584,13 +9728,14 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_64.h linux-3.0.4/arch/x86/in
ret, "q", "", "er", 8);
return ret;
default:
+- return copy_user_generic((__force void *)dst, src, size);
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ if ((unsigned long)dst < PAX_USER_SHADOW_BASE)
+ dst += PAX_USER_SHADOW_BASE;
+#endif
+
- return copy_user_generic((__force void *)dst, src, size);
++ return copy_user_generic((__force_kernel void *)dst, src, size);
}
}
@@ -9603,6 +9748,8 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_64.h linux-3.0.4/arch/x86/in
might_fault();
- if (!__builtin_constant_p(size))
+- return copy_user_generic((__force void *)dst,
+- (__force void *)src, size);
+
+ if ((int)size < 0)
+ return size;
@@ -9623,9 +9770,8 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_64.h linux-3.0.4/arch/x86/in
+ dst += PAX_USER_SHADOW_BASE;
+#endif
+
- return copy_user_generic((__force void *)dst,
-- (__force void *)src, size);
-+ (__force const void *)src, size);
++ return copy_user_generic((__force_kernel void *)dst,
++ (__force_kernel const void *)src, size);
+ }
switch (size) {
case 1: {
@@ -9666,6 +9812,8 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_64.h linux-3.0.4/arch/x86/in
return ret;
}
default:
+- return copy_user_generic((__force void *)dst,
+- (__force void *)src, size);
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ if ((unsigned long)src < PAX_USER_SHADOW_BASE)
@@ -9674,9 +9822,8 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_64.h linux-3.0.4/arch/x86/in
+ dst += PAX_USER_SHADOW_BASE;
+#endif
+
- return copy_user_generic((__force void *)dst,
-- (__force void *)src, size);
-+ (__force const void *)src, size);
++ return copy_user_generic((__force_kernel void *)dst,
++ (__force_kernel const void *)src, size);
}
}
@@ -9684,6 +9831,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_64.h linux-3.0.4/arch/x86/in
static __must_check __always_inline int
__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size)
{
+- return copy_user_generic(dst, (__force const void *)src, size);
+ pax_track_stack();
+
+ if ((int)size < 0)
@@ -9697,13 +9845,14 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_64.h linux-3.0.4/arch/x86/in
+ src += PAX_USER_SHADOW_BASE;
+#endif
+
- return copy_user_generic(dst, (__force const void *)src, size);
++ return copy_user_generic(dst, (__force_kernel const void *)src, size);
}
-static __must_check __always_inline int
+static __must_check __always_inline unsigned long
__copy_to_user_inatomic(void __user *dst, const void *src, unsigned size)
{
+- return copy_user_generic((__force void *)dst, src, size);
+ if ((int)size < 0)
+ return size;
+
@@ -9715,7 +9864,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_64.h linux-3.0.4/arch/x86/in
+ dst += PAX_USER_SHADOW_BASE;
+#endif
+
- return copy_user_generic((__force void *)dst, src, size);
++ return copy_user_generic((__force_kernel void *)dst, src, size);
}
-extern long __copy_user_nocache(void *dst, const void __user *src,
@@ -9756,13 +9905,14 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess_64.h linux-3.0.4/arch/x86/in
}
-unsigned long
+-copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest);
+extern unsigned long
- copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest);
++copy_user_handle_tail(char __user *to, char __user *from, unsigned len, unsigned zerorest);
#endif /* _ASM_X86_UACCESS_64_H */
diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess.h linux-3.0.4/arch/x86/include/asm/uaccess.h
--- linux-3.0.4/arch/x86/include/asm/uaccess.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/include/asm/uaccess.h 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/include/asm/uaccess.h 2011-10-06 04:17:55.000000000 -0400
@@ -7,12 +7,15 @@
#include <linux/compiler.h>
#include <linux/thread_info.h>
@@ -9862,6 +10012,15 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess.h linux-3.0.4/arch/x86/inclu
"3:\n" \
_ASM_EXTABLE(1b, 2b - 1b) \
_ASM_EXTABLE(2b, 3b - 2b) \
+@@ -252,7 +294,7 @@ extern void __put_user_8(void);
+ __typeof__(*(ptr)) __pu_val; \
+ __chk_user_ptr(ptr); \
+ might_fault(); \
+- __pu_val = x; \
++ __pu_val = (x); \
+ switch (sizeof(*(ptr))) { \
+ case 1: \
+ __put_user_x(1, __pu_val, ptr, __ret_pu); \
@@ -373,7 +415,7 @@ do { \
} while (0)
@@ -9973,6 +10132,18 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/uaccess.h linux-3.0.4/arch/x86/inclu
} while (0)
#ifdef CONFIG_X86_WP_WORKS_OK
+diff -urNp linux-3.0.4/arch/x86/include/asm/vdso.h linux-3.0.4/arch/x86/include/asm/vdso.h
+--- linux-3.0.4/arch/x86/include/asm/vdso.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/include/asm/vdso.h 2011-10-06 04:17:55.000000000 -0400
+@@ -11,7 +11,7 @@ extern const char VDSO32_PRELINK[];
+ #define VDSO32_SYMBOL(base, name) \
+ ({ \
+ extern const char VDSO32_##name[]; \
+- (void *)(VDSO32_##name - VDSO32_PRELINK + (unsigned long)(base)); \
++ (void __user *)(VDSO32_##name - VDSO32_PRELINK + (unsigned long)(base)); \
+ })
+ #endif
+
diff -urNp linux-3.0.4/arch/x86/include/asm/x86_init.h linux-3.0.4/arch/x86/include/asm/x86_init.h
--- linux-3.0.4/arch/x86/include/asm/x86_init.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/include/asm/x86_init.h 2011-08-23 21:47:55.000000000 -0400
@@ -10095,7 +10266,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/x86_init.h linux-3.0.4/arch/x86/incl
extern struct x86_cpuinit_ops x86_cpuinit;
diff -urNp linux-3.0.4/arch/x86/include/asm/xsave.h linux-3.0.4/arch/x86/include/asm/xsave.h
--- linux-3.0.4/arch/x86/include/asm/xsave.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/include/asm/xsave.h 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/include/asm/xsave.h 2011-10-06 04:17:55.000000000 -0400
@@ -65,6 +65,11 @@ static inline int xsave_user(struct xsav
{
int err;
@@ -10108,7 +10279,12 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/xsave.h linux-3.0.4/arch/x86/include
/*
* Clear the xsave header first, so that reserved fields are
* initialized to zero.
-@@ -100,6 +105,11 @@ static inline int xrestore_user(struct x
+@@ -96,10 +101,15 @@ static inline int xsave_user(struct xsav
+ static inline int xrestore_user(struct xsave_struct __user *buf, u64 mask)
+ {
+ int err;
+- struct xsave_struct *xstate = ((__force struct xsave_struct *)buf);
++ struct xsave_struct *xstate = ((__force_kernel struct xsave_struct *)buf);
u32 lmask = mask;
u32 hmask = mask >> 32;
@@ -10941,7 +11117,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/cpu/mtrr/mtrr.h linux-3.0.4/arch/x86/kern
int replace_reg);
diff -urNp linux-3.0.4/arch/x86/kernel/cpu/perf_event.c linux-3.0.4/arch/x86/kernel/cpu/perf_event.c
--- linux-3.0.4/arch/x86/kernel/cpu/perf_event.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/kernel/cpu/perf_event.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/arch/x86/kernel/cpu/perf_event.c 2011-10-06 04:17:55.000000000 -0400
@@ -781,6 +781,8 @@ static int x86_schedule_events(struct cp
int i, j, w, wmax, num = 0;
struct hw_perf_event *hwc;
@@ -10956,7 +11132,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/cpu/perf_event.c linux-3.0.4/arch/x86/ker
perf_callchain_store(entry, frame.return_address);
- fp = frame.next_frame;
-+ fp = (__force const void __user *)frame.next_frame;
++ fp = (const void __force_user *)frame.next_frame;
}
}
@@ -11794,16 +11970,17 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_32.S linux-3.0.4/arch/x86/kernel/en
CFI_ADJUST_CFA_OFFSET -24
diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/entry_64.S
--- linux-3.0.4/arch/x86/kernel/entry_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/kernel/entry_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -53,6 +53,7 @@
++++ linux-3.0.4/arch/x86/kernel/entry_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -53,6 +53,8 @@
#include <asm/paravirt.h>
#include <asm/ftrace.h>
#include <asm/percpu.h>
+#include <asm/pgtable.h>
++#include <asm/alternative-asm.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -176,6 +177,264 @@ ENTRY(native_usergs_sysret64)
+@@ -176,6 +178,264 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -12068,7 +12245,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -318,7 +577,7 @@ ENTRY(save_args)
+@@ -318,7 +578,7 @@ ENTRY(save_args)
leaq -RBP+8(%rsp),%rdi /* arg1 for handler */
movq_cfi rbp, 8 /* push %rbp */
leaq 8(%rsp), %rbp /* mov %rsp, %ebp */
@@ -12077,7 +12254,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
je 1f
SWAPGS
/*
-@@ -409,7 +668,7 @@ ENTRY(ret_from_fork)
+@@ -409,7 +669,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -12086,7 +12263,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
je int_ret_from_sys_call
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -455,7 +714,7 @@ END(ret_from_fork)
+@@ -455,7 +715,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -12095,7 +12272,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -468,12 +727,13 @@ ENTRY(system_call_after_swapgs)
+@@ -468,12 +728,13 @@ ENTRY(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -12110,7 +12287,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
CFI_REL_OFFSET rip,RIP-ARGOFFSET
-@@ -502,6 +762,8 @@ sysret_check:
+@@ -502,6 +763,8 @@ sysret_check:
andl %edi,%edx
jnz sysret_careful
CFI_REMEMBER_STATE
@@ -12119,7 +12296,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
/*
* sysretq will re-enable interrupts:
*/
-@@ -560,6 +822,9 @@ auditsys:
+@@ -560,6 +823,9 @@ auditsys:
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
call audit_syscall_entry
@@ -12129,7 +12306,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
LOAD_ARGS 0 /* reload call-clobbered registers */
jmp system_call_fastpath
-@@ -590,6 +855,9 @@ tracesys:
+@@ -590,6 +856,9 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -12139,7 +12316,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
/*
* Reload arg registers from stack in case ptrace changed them.
* We don't reload %rax because syscall_trace_enter() returned
-@@ -611,7 +879,7 @@ tracesys:
+@@ -611,7 +880,7 @@ tracesys:
GLOBAL(int_ret_from_sys_call)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -12148,7 +12325,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
je retint_restore_args
movl $_TIF_ALLWORK_MASK,%edi
/* edi: mask to check */
-@@ -793,6 +1061,16 @@ END(interrupt)
+@@ -793,6 +1062,16 @@ END(interrupt)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
call save_args
PARTIAL_FRAME 0
@@ -12165,7 +12342,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
call \func
.endm
-@@ -825,7 +1103,7 @@ ret_from_intr:
+@@ -825,7 +1104,7 @@ ret_from_intr:
CFI_ADJUST_CFA_OFFSET -8
exit_intr:
GET_THREAD_INFO(%rcx)
@@ -12174,7 +12351,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
je retint_kernel
/* Interrupt came from user space */
-@@ -847,12 +1125,18 @@ retint_swapgs: /* return to user-space
+@@ -847,12 +1126,16 @@ retint_swapgs: /* return to user-space
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -12187,13 +12364,11 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
retint_restore_args: /* return to kernel space */
DISABLE_INTERRUPTS(CLBR_ANY)
+ pax_exit_kernel
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80,0x7+RIP-ARGOFFSET(%rsp)
-+#endif
++ pax_force_retaddr RIP-ARGOFFSET
/*
* The iretq could re-enable interrupts:
*/
-@@ -1027,6 +1311,16 @@ ENTRY(\sym)
+@@ -1027,6 +1310,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -12210,7 +12385,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
call \do_sym
-@@ -1044,6 +1338,16 @@ ENTRY(\sym)
+@@ -1044,6 +1337,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -12227,7 +12402,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
call \do_sym
-@@ -1052,7 +1356,7 @@ ENTRY(\sym)
+@@ -1052,7 +1355,7 @@ ENTRY(\sym)
END(\sym)
.endm
@@ -12236,7 +12411,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1062,8 +1366,24 @@ ENTRY(\sym)
+@@ -1062,8 +1365,24 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -12261,7 +12436,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
subq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
call \do_sym
addq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
-@@ -1080,6 +1400,16 @@ ENTRY(\sym)
+@@ -1080,6 +1399,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -12278,7 +12453,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
-@@ -1099,6 +1429,16 @@ ENTRY(\sym)
+@@ -1099,6 +1428,16 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -12295,7 +12470,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
-@@ -1361,16 +1701,35 @@ ENTRY(paranoid_exit)
+@@ -1361,16 +1700,31 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
@@ -12307,9 +12482,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
+ TRACE_IRQS_IRETQ 0
+ SWAPGS_UNSAFE_STACK
+ RESTORE_ALL 8
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80,0x7(%rsp)
-+#endif
++ pax_force_retaddr
+ jmp irq_return
+#endif
paranoid_swapgs:
@@ -12326,13 +12499,11 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
+ pax_exit_kernel
TRACE_IRQS_IRETQ 0
RESTORE_ALL 8
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80,0x7(%rsp)
-+#endif
++ pax_force_retaddr
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1426,7 +1785,7 @@ ENTRY(error_entry)
+@@ -1426,7 +1780,7 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -12341,7 +12512,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
je error_kernelspace
error_swapgs:
SWAPGS
-@@ -1490,6 +1849,16 @@ ENTRY(nmi)
+@@ -1490,6 +1844,16 @@ ENTRY(nmi)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
DEFAULT_FRAME 0
@@ -12358,7 +12529,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1500,12 +1869,32 @@ ENTRY(nmi)
+@@ -1500,12 +1864,28 @@ ENTRY(nmi)
DISABLE_INTERRUPTS(CLBR_NONE)
testl %ebx,%ebx /* swapgs needed? */
jnz nmi_restore
@@ -12369,9 +12540,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
+ pax_exit_kernel
+ SWAPGS_UNSAFE_STACK
+ RESTORE_ALL 8
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80,0x7(%rsp)
-+#endif
++ pax_force_retaddr
+ jmp irq_return
+#endif
nmi_swapgs:
@@ -12386,9 +12555,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
nmi_restore:
+ pax_exit_kernel
RESTORE_ALL 8
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80,0x7(%rsp)
-+#endif
++ pax_force_retaddr
jmp irq_return
nmi_userspace:
GET_THREAD_INFO(%rcx)
@@ -13750,20 +13917,20 @@ diff -urNp linux-3.0.4/arch/x86/kernel/machine_kexec_32.c linux-3.0.4/arch/x86/k
page_list[PA_CONTROL_PAGE] = __pa(control_page);
diff -urNp linux-3.0.4/arch/x86/kernel/microcode_intel.c linux-3.0.4/arch/x86/kernel/microcode_intel.c
--- linux-3.0.4/arch/x86/kernel/microcode_intel.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/kernel/microcode_intel.c 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/kernel/microcode_intel.c 2011-10-06 04:17:55.000000000 -0400
@@ -440,13 +440,13 @@ static enum ucode_state request_microcod
static int get_ucode_user(void *to, const void *from, size_t n)
{
- return copy_from_user(to, from, n);
-+ return copy_from_user(to, (__force const void __user *)from, n);
++ return copy_from_user(to, (const void __force_user *)from, n);
}
static enum ucode_state
request_microcode_user(int cpu, const void __user *buf, size_t size)
{
- return generic_load_microcode(cpu, (void *)buf, size, &get_ucode_user);
-+ return generic_load_microcode(cpu, (__force void *)buf, size, &get_ucode_user);
++ return generic_load_microcode(cpu, (__force_kernel void *)buf, size, &get_ucode_user);
}
static void microcode_fini_cpu(int cpu)
@@ -14593,7 +14760,16 @@ diff -urNp linux-3.0.4/arch/x86/kernel/reboot.c linux-3.0.4/arch/x86/kernel/rebo
struct machine_ops machine_ops = {
diff -urNp linux-3.0.4/arch/x86/kernel/setup.c linux-3.0.4/arch/x86/kernel/setup.c
--- linux-3.0.4/arch/x86/kernel/setup.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/kernel/setup.c 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/kernel/setup.c 2011-10-06 04:17:55.000000000 -0400
+@@ -447,7 +447,7 @@ static void __init parse_setup_data(void
+
+ switch (data->type) {
+ case SETUP_E820_EXT:
+- parse_e820_ext(data);
++ parse_e820_ext((struct setup_data __force_kernel *)data);
+ break;
+ case SETUP_DTB:
+ add_dtb(pa_data);
@@ -650,7 +650,7 @@ static void __init trim_bios_range(void)
* area (640->1Mb) as ram even though it is not.
* take them out.
@@ -15953,7 +16129,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/x8664_ksyms_64.c linux-3.0.4/arch/x86/ker
EXPORT_SYMBOL(clear_page);
diff -urNp linux-3.0.4/arch/x86/kernel/xsave.c linux-3.0.4/arch/x86/kernel/xsave.c
--- linux-3.0.4/arch/x86/kernel/xsave.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/kernel/xsave.c 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/kernel/xsave.c 2011-10-06 04:17:55.000000000 -0400
@@ -130,7 +130,7 @@ int check_for_xstate(struct i387_fxsave_
fx_sw_user->xstate_size > fx_sw_user->extended_size)
return -EINVAL;
@@ -15968,7 +16144,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/xsave.c linux-3.0.4/arch/x86/kernel/xsave
*/
xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE);
- return fxrstor_checking((__force struct i387_fxsave_struct *)buf);
-+ return fxrstor_checking((struct i387_fxsave_struct __user *)buf);
++ return fxrstor_checking((struct i387_fxsave_struct __force_kernel *)buf);
}
/*
@@ -15977,7 +16153,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/xsave.c linux-3.0.4/arch/x86/kernel/xsave
err = restore_user_xstate(buf);
else
- err = fxrstor_checking((__force struct i387_fxsave_struct *)
-+ err = fxrstor_checking((struct i387_fxsave_struct __user *)
++ err = fxrstor_checking((struct i387_fxsave_struct __force_kernel *)
buf);
if (unlikely(err)) {
/*
@@ -16053,7 +16229,16 @@ diff -urNp linux-3.0.4/arch/x86/kvm/mmu.c linux-3.0.4/arch/x86/kvm/mmu.c
++vcpu->kvm->stat.mmu_pte_write;
diff -urNp linux-3.0.4/arch/x86/kvm/paging_tmpl.h linux-3.0.4/arch/x86/kvm/paging_tmpl.h
--- linux-3.0.4/arch/x86/kvm/paging_tmpl.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/kvm/paging_tmpl.h 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/arch/x86/kvm/paging_tmpl.h 2011-10-06 04:17:55.000000000 -0400
+@@ -182,7 +182,7 @@ walk:
+ break;
+ }
+
+- ptep_user = (pt_element_t __user *)((void *)host_addr + offset);
++ ptep_user = (pt_element_t __force_user *)((void *)host_addr + offset);
+ if (unlikely(__copy_from_user(&pte, ptep_user, sizeof(pte)))) {
+ present = false;
+ break;
@@ -583,6 +583,8 @@ static int FNAME(page_fault)(struct kvm_
unsigned long mmu_seq;
bool map_writable;
@@ -16181,7 +16366,18 @@ diff -urNp linux-3.0.4/arch/x86/kvm/vmx.c linux-3.0.4/arch/x86/kvm/vmx.c
vmx->exit_reason = vmcs_read32(VM_EXIT_REASON);
diff -urNp linux-3.0.4/arch/x86/kvm/x86.c linux-3.0.4/arch/x86/kvm/x86.c
--- linux-3.0.4/arch/x86/kvm/x86.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/kvm/x86.c 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/kvm/x86.c 2011-10-06 04:17:55.000000000 -0400
+@@ -1313,8 +1313,8 @@ static int xen_hvm_config(struct kvm_vcp
+ {
+ struct kvm *kvm = vcpu->kvm;
+ int lm = is_long_mode(vcpu);
+- u8 *blob_addr = lm ? (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_64
+- : (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_32;
++ u8 __user *blob_addr = lm ? (u8 __user *)(long)kvm->arch.xen_hvm_config.blob_addr_64
++ : (u8 __user *)(long)kvm->arch.xen_hvm_config.blob_addr_32;
+ u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
+ : kvm->arch.xen_hvm_config.blob_size_32;
+ u32 page_num = data & ~PAGE_MASK;
@@ -2057,6 +2057,8 @@ long kvm_arch_dev_ioctl(struct file *fil
if (n < msr_list.nmsrs)
goto out;
@@ -16612,14 +16808,12 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_386_32.S linux-3.0.4/arch/x86/lib/a
movl %edx, 4(v)
diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S
--- linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-09-17 18:31:51.000000000 -0400
-@@ -35,10 +35,24 @@ ENTRY(atomic64_read_cx8)
++++ linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-10-06 04:17:55.000000000 -0400
+@@ -35,10 +35,20 @@ ENTRY(atomic64_read_cx8)
CFI_STARTPROC
read64 %ecx
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
ENDPROC(atomic64_read_cx8)
@@ -16628,9 +16822,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
+ CFI_STARTPROC
+
+ read64 %ecx
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ENDPROC(atomic64_read_unchecked_cx8)
@@ -16638,13 +16830,11 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
ENTRY(atomic64_set_cx8)
CFI_STARTPROC
-@@ -48,10 +62,29 @@ ENTRY(atomic64_set_cx8)
+@@ -48,10 +58,25 @@ ENTRY(atomic64_set_cx8)
cmpxchg8b (%esi)
jne 1b
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
ENDPROC(atomic64_set_cx8)
@@ -16658,9 +16848,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
+ cmpxchg8b (%esi)
+ jne 1b
+
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ENDPROC(atomic64_set_unchecked_cx8)
@@ -16668,13 +16856,11 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
ENTRY(atomic64_xchg_cx8)
CFI_STARTPROC
-@@ -62,12 +95,15 @@ ENTRY(atomic64_xchg_cx8)
+@@ -62,12 +87,13 @@ ENTRY(atomic64_xchg_cx8)
cmpxchg8b (%esi)
jne 1b
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
ENDPROC(atomic64_xchg_cx8)
@@ -16686,7 +16872,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
CFI_STARTPROC
SAVE ebp
SAVE ebx
-@@ -84,27 +120,46 @@ ENTRY(atomic64_\func\()_return_cx8)
+@@ -84,27 +110,44 @@ ENTRY(atomic64_\func\()_return_cx8)
movl %edx, %ecx
\ins\()l %esi, %ebx
\insc\()l %edi, %ecx
@@ -16717,9 +16903,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
RESTORE esi
RESTORE ebx
RESTORE ebp
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
-ENDPROC(atomic64_\func\()_return_cx8)
@@ -16738,7 +16922,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
CFI_STARTPROC
SAVE ebx
-@@ -114,21 +169,41 @@ ENTRY(atomic64_\func\()_return_cx8)
+@@ -114,21 +157,39 @@ ENTRY(atomic64_\func\()_return_cx8)
movl %edx, %ecx
\ins\()l $1, %ebx
\insc\()l $0, %ecx
@@ -16766,9 +16950,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
+.endif
+
RESTORE ebx
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
-ENDPROC(atomic64_\func\()_return_cx8)
@@ -16782,7 +16964,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
ENTRY(atomic64_dec_if_positive_cx8)
CFI_STARTPROC
-@@ -140,6 +215,13 @@ ENTRY(atomic64_dec_if_positive_cx8)
+@@ -140,6 +201,13 @@ ENTRY(atomic64_dec_if_positive_cx8)
movl %edx, %ecx
subl $1, %ebx
sbb $0, %ecx
@@ -16796,17 +16978,15 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
js 2f
LOCK_PREFIX
cmpxchg8b (%esi)
-@@ -149,6 +231,9 @@ ENTRY(atomic64_dec_if_positive_cx8)
+@@ -149,6 +217,7 @@ ENTRY(atomic64_dec_if_positive_cx8)
movl %ebx, %eax
movl %ecx, %edx
RESTORE ebx
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
ENDPROC(atomic64_dec_if_positive_cx8)
-@@ -174,6 +259,13 @@ ENTRY(atomic64_add_unless_cx8)
+@@ -174,6 +243,13 @@ ENTRY(atomic64_add_unless_cx8)
movl %edx, %ecx
addl %esi, %ebx
adcl %edi, %ecx
@@ -16820,17 +17000,15 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
LOCK_PREFIX
cmpxchg8b (%ebp)
jne 1b
-@@ -184,6 +276,9 @@ ENTRY(atomic64_add_unless_cx8)
+@@ -184,6 +260,7 @@ ENTRY(atomic64_add_unless_cx8)
CFI_ADJUST_CFA_OFFSET -8
RESTORE ebx
RESTORE ebp
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
4:
cmpl %edx, 4(%esp)
-@@ -206,6 +301,13 @@ ENTRY(atomic64_inc_not_zero_cx8)
+@@ -206,6 +283,13 @@ ENTRY(atomic64_inc_not_zero_cx8)
movl %edx, %ecx
addl $1, %ebx
adcl $0, %ecx
@@ -16844,13 +17022,11 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
LOCK_PREFIX
cmpxchg8b (%esi)
jne 1b
-@@ -213,6 +315,9 @@ ENTRY(atomic64_inc_not_zero_cx8)
+@@ -213,6 +297,7 @@ ENTRY(atomic64_inc_not_zero_cx8)
movl $1, %eax
3:
RESTORE ebx
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
4:
testl %edx, %edx
@@ -17103,38 +17279,32 @@ diff -urNp linux-3.0.4/arch/x86/lib/checksum_32.S linux-3.0.4/arch/x86/lib/check
#undef ROUND1
diff -urNp linux-3.0.4/arch/x86/lib/clear_page_64.S linux-3.0.4/arch/x86/lib/clear_page_64.S
--- linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -11,6 +11,9 @@ ENTRY(clear_page_c)
++++ linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -11,6 +11,7 @@ ENTRY(clear_page_c)
movl $4096/8,%ecx
xorl %eax,%eax
rep stosq
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
ENDPROC(clear_page_c)
-@@ -20,6 +23,9 @@ ENTRY(clear_page_c_e)
+@@ -20,6 +21,7 @@ ENTRY(clear_page_c_e)
movl $4096,%ecx
xorl %eax,%eax
rep stosb
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
ENDPROC(clear_page_c_e)
-@@ -43,6 +49,9 @@ ENTRY(clear_page)
+@@ -43,6 +45,7 @@ ENTRY(clear_page)
leaq 64(%rdi),%rdi
jnz .Lloop
nop
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
.Lclear_page_end:
-@@ -58,7 +67,7 @@ ENDPROC(clear_page)
+@@ -58,7 +61,7 @@ ENDPROC(clear_page)
#include <asm/cpufeature.h>
@@ -17145,28 +17315,31 @@ diff -urNp linux-3.0.4/arch/x86/lib/clear_page_64.S linux-3.0.4/arch/x86/lib/cle
2: .byte 0xeb /* jmp <disp8> */
diff -urNp linux-3.0.4/arch/x86/lib/copy_page_64.S linux-3.0.4/arch/x86/lib/copy_page_64.S
--- linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -8,6 +8,9 @@ copy_page_c:
++++ linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -2,12 +2,14 @@
+
+ #include <linux/linkage.h>
+ #include <asm/dwarf2.h>
++#include <asm/alternative-asm.h>
+
+ ALIGN
+ copy_page_c:
CFI_STARTPROC
movl $4096/8,%ecx
rep movsq
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
ENDPROC(copy_page_c)
-@@ -94,6 +97,9 @@ ENTRY(copy_page)
+@@ -94,6 +96,7 @@ ENTRY(copy_page)
CFI_RESTORE r13
addq $3*8,%rsp
CFI_ADJUST_CFA_OFFSET -3*8
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
.Lcopy_page_end:
CFI_ENDPROC
-@@ -104,7 +110,7 @@ ENDPROC(copy_page)
+@@ -104,7 +107,7 @@ ENDPROC(copy_page)
#include <asm/cpufeature.h>
@@ -17177,7 +17350,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_page_64.S linux-3.0.4/arch/x86/lib/copy
2:
diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy_user_64.S
--- linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-09-17 18:31:51.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-10-06 04:17:55.000000000 -0400
@@ -16,6 +16,7 @@
#include <asm/thread_info.h>
#include <asm/cpufeature.h>
@@ -17195,7 +17368,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy
2: .byte 0xe9 /* near jump with 32bit immediate */
.long \alt1-1b /* offset */ /* or alternatively to alt1 */
3: .byte 0xe9 /* near jump with 32bit immediate */
-@@ -71,47 +72,22 @@
+@@ -71,47 +72,20 @@
#endif
.endm
@@ -17242,46 +17415,45 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy
stosb
bad_to_user:
movl %edx,%eax
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
ENDPROC(bad_from_user)
-@@ -179,6 +155,9 @@ ENTRY(copy_user_generic_unrolled)
+@@ -179,6 +153,7 @@ ENTRY(copy_user_generic_unrolled)
decl %ecx
jnz 21b
23: xor %eax,%eax
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
.section .fixup,"ax"
-@@ -251,6 +230,9 @@ ENTRY(copy_user_generic_string)
+@@ -251,6 +226,7 @@ ENTRY(copy_user_generic_string)
3: rep
movsb
4: xorl %eax,%eax
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
.section .fixup,"ax"
-@@ -287,6 +269,9 @@ ENTRY(copy_user_enhanced_fast_string)
+@@ -287,6 +263,7 @@ ENTRY(copy_user_enhanced_fast_string)
1: rep
movsb
2: xorl %eax,%eax
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
.section .fixup,"ax"
diff -urNp linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S
--- linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -14,6 +14,7 @@
++++ linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -8,12 +8,14 @@
+
+ #include <linux/linkage.h>
+ #include <asm/dwarf2.h>
++#include <asm/alternative-asm.h>
+
+ #define FIX_ALIGNMENT 1
+
#include <asm/current.h>
#include <asm/asm-offsets.h>
#include <asm/thread_info.h>
@@ -17289,7 +17461,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S linux-3.0.4/arch/x86/
.macro ALIGN_DESTINATION
#ifdef FIX_ALIGNMENT
-@@ -50,6 +51,15 @@
+@@ -50,6 +52,15 @@
*/
ENTRY(__copy_user_nocache)
CFI_STARTPROC
@@ -17305,58 +17477,66 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S linux-3.0.4/arch/x86/
cmpl $8,%edx
jb 20f /* less then 8 bytes, go to byte copy loop */
ALIGN_DESTINATION
-@@ -98,6 +108,9 @@ ENTRY(__copy_user_nocache)
+@@ -98,6 +109,7 @@ ENTRY(__copy_user_nocache)
jnz 21b
23: xorl %eax,%eax
sfence
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
.section .fixup,"ax"
diff -urNp linux-3.0.4/arch/x86/lib/csum-copy_64.S linux-3.0.4/arch/x86/lib/csum-copy_64.S
--- linux-3.0.4/arch/x86/lib/csum-copy_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/csum-copy_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -228,6 +228,9 @@ ENTRY(csum_partial_copy_generic)
++++ linux-3.0.4/arch/x86/lib/csum-copy_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -8,6 +8,7 @@
+ #include <linux/linkage.h>
+ #include <asm/dwarf2.h>
+ #include <asm/errno.h>
++#include <asm/alternative-asm.h>
+
+ /*
+ * Checksum copy with exception handling.
+@@ -228,6 +229,7 @@ ENTRY(csum_partial_copy_generic)
CFI_RESTORE rbp
addq $7*8, %rsp
CFI_ADJUST_CFA_OFFSET -7*8
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_RESTORE_STATE
diff -urNp linux-3.0.4/arch/x86/lib/csum-wrappers_64.c linux-3.0.4/arch/x86/lib/csum-wrappers_64.c
--- linux-3.0.4/arch/x86/lib/csum-wrappers_64.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/csum-wrappers_64.c 2011-08-23 21:47:55.000000000 -0400
-@@ -52,6 +52,12 @@ csum_partial_copy_from_user(const void _
++++ linux-3.0.4/arch/x86/lib/csum-wrappers_64.c 2011-10-06 04:17:55.000000000 -0400
+@@ -52,7 +52,13 @@ csum_partial_copy_from_user(const void _
len -= 2;
}
}
+- isum = csum_partial_copy_generic((__force const void *)src,
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ if ((unsigned long)src < PAX_USER_SHADOW_BASE)
+ src += PAX_USER_SHADOW_BASE;
+#endif
+
- isum = csum_partial_copy_generic((__force const void *)src,
++ isum = csum_partial_copy_generic((const void __force_kernel *)src,
dst, len, isum, errp, NULL);
if (unlikely(*errp))
-@@ -105,6 +111,12 @@ csum_partial_copy_to_user(const void *sr
+ goto out_err;
+@@ -105,7 +111,13 @@ csum_partial_copy_to_user(const void *sr
}
*errp = 0;
+- return csum_partial_copy_generic(src, (void __force *)dst,
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ if ((unsigned long)dst < PAX_USER_SHADOW_BASE)
+ dst += PAX_USER_SHADOW_BASE;
+#endif
+
- return csum_partial_copy_generic(src, (void __force *)dst,
++ return csum_partial_copy_generic(src, (void __force_kernel *)dst,
len, isum, NULL, errp);
}
+ EXPORT_SYMBOL(csum_partial_copy_to_user);
diff -urNp linux-3.0.4/arch/x86/lib/getuser.S linux-3.0.4/arch/x86/lib/getuser.S
--- linux-3.0.4/arch/x86/lib/getuser.S 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/lib/getuser.S 2011-08-23 21:47:55.000000000 -0400
@@ -17493,133 +17673,125 @@ diff -urNp linux-3.0.4/arch/x86/lib/insn.c linux-3.0.4/arch/x86/lib/insn.c
if (x86_64)
diff -urNp linux-3.0.4/arch/x86/lib/iomap_copy_64.S linux-3.0.4/arch/x86/lib/iomap_copy_64.S
--- linux-3.0.4/arch/x86/lib/iomap_copy_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/iomap_copy_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -25,6 +25,9 @@ ENTRY(__iowrite32_copy)
++++ linux-3.0.4/arch/x86/lib/iomap_copy_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -17,6 +17,7 @@
+
+ #include <linux/linkage.h>
+ #include <asm/dwarf2.h>
++#include <asm/alternative-asm.h>
+
+ /*
+ * override generic version in lib/iomap_copy.c
+@@ -25,6 +26,7 @@ ENTRY(__iowrite32_copy)
CFI_STARTPROC
movl %edx,%ecx
rep movsd
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
ENDPROC(__iowrite32_copy)
diff -urNp linux-3.0.4/arch/x86/lib/memcpy_64.S linux-3.0.4/arch/x86/lib/memcpy_64.S
--- linux-3.0.4/arch/x86/lib/memcpy_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/memcpy_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -34,6 +34,9 @@
++++ linux-3.0.4/arch/x86/lib/memcpy_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -34,6 +34,7 @@
rep movsq
movl %edx, %ecx
rep movsb
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
.Lmemcpy_e:
.previous
-@@ -51,6 +54,9 @@
+@@ -51,6 +52,7 @@
movl %edx, %ecx
rep movsb
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
.Lmemcpy_e_e:
.previous
-@@ -141,6 +147,9 @@ ENTRY(memcpy)
+@@ -141,6 +143,7 @@ ENTRY(memcpy)
movq %r9, 1*8(%rdi)
movq %r10, -2*8(%rdi, %rdx)
movq %r11, -1*8(%rdi, %rdx)
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
retq
.p2align 4
.Lless_16bytes:
-@@ -153,6 +162,9 @@ ENTRY(memcpy)
+@@ -153,6 +156,7 @@ ENTRY(memcpy)
movq -1*8(%rsi, %rdx), %r9
movq %r8, 0*8(%rdi)
movq %r9, -1*8(%rdi, %rdx)
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
retq
.p2align 4
.Lless_8bytes:
-@@ -166,6 +178,9 @@ ENTRY(memcpy)
+@@ -166,6 +170,7 @@ ENTRY(memcpy)
movl -4(%rsi, %rdx), %r8d
movl %ecx, (%rdi)
movl %r8d, -4(%rdi, %rdx)
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
retq
.p2align 4
.Lless_3bytes:
-@@ -183,6 +198,9 @@ ENTRY(memcpy)
+@@ -183,6 +188,7 @@ ENTRY(memcpy)
jnz .Lloop_1
.Lend:
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
retq
CFI_ENDPROC
ENDPROC(memcpy)
diff -urNp linux-3.0.4/arch/x86/lib/memmove_64.S linux-3.0.4/arch/x86/lib/memmove_64.S
--- linux-3.0.4/arch/x86/lib/memmove_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/memmove_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -201,6 +201,9 @@ ENTRY(memmove)
++++ linux-3.0.4/arch/x86/lib/memmove_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -9,6 +9,7 @@
+ #include <linux/linkage.h>
+ #include <asm/dwarf2.h>
+ #include <asm/cpufeature.h>
++#include <asm/alternative-asm.h>
+
+ #undef memmove
+
+@@ -201,6 +202,7 @@ ENTRY(memmove)
movb (%rsi), %r11b
movb %r11b, (%rdi)
13:
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
retq
CFI_ENDPROC
-@@ -209,6 +212,9 @@ ENTRY(memmove)
+@@ -209,6 +211,7 @@ ENTRY(memmove)
/* Forward moving data. */
movq %rdx, %rcx
rep movsb
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
retq
.Lmemmove_end_forward_efs:
.previous
diff -urNp linux-3.0.4/arch/x86/lib/memset_64.S linux-3.0.4/arch/x86/lib/memset_64.S
--- linux-3.0.4/arch/x86/lib/memset_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/memset_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -31,6 +31,9 @@
++++ linux-3.0.4/arch/x86/lib/memset_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -31,6 +31,7 @@
movl %r8d,%ecx
rep stosb
movq %r9,%rax
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
.Lmemset_e:
.previous
-@@ -53,6 +56,9 @@
+@@ -53,6 +54,7 @@
movl %edx,%ecx
rep stosb
movq %r9,%rax
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
.Lmemset_e_e:
.previous
-@@ -121,6 +127,9 @@ ENTRY(__memset)
+@@ -121,6 +123,7 @@ ENTRY(__memset)
.Lende:
movq %r10,%rax
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_RESTORE_STATE
@@ -18083,81 +18255,78 @@ diff -urNp linux-3.0.4/arch/x86/lib/putuser.S linux-3.0.4/arch/x86/lib/putuser.S
EXIT
diff -urNp linux-3.0.4/arch/x86/lib/rwlock_64.S linux-3.0.4/arch/x86/lib/rwlock_64.S
--- linux-3.0.4/arch/x86/lib/rwlock_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/rwlock_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -17,6 +17,9 @@ ENTRY(__write_lock_failed)
++++ linux-3.0.4/arch/x86/lib/rwlock_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -17,6 +17,7 @@ ENTRY(__write_lock_failed)
LOCK_PREFIX
subl $RW_LOCK_BIAS,(%rdi)
jnz __write_lock_failed
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
END(__write_lock_failed)
-@@ -33,6 +36,9 @@ ENTRY(__read_lock_failed)
+@@ -33,6 +34,7 @@ ENTRY(__read_lock_failed)
LOCK_PREFIX
decl (%rdi)
js __read_lock_failed
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
END(__read_lock_failed)
diff -urNp linux-3.0.4/arch/x86/lib/rwsem_64.S linux-3.0.4/arch/x86/lib/rwsem_64.S
--- linux-3.0.4/arch/x86/lib/rwsem_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/rwsem_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -51,6 +51,9 @@ ENTRY(call_rwsem_down_read_failed)
++++ linux-3.0.4/arch/x86/lib/rwsem_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -51,6 +51,7 @@ ENTRY(call_rwsem_down_read_failed)
popq_cfi %rdx
CFI_RESTORE rdx
restore_common_regs
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
ENDPROC(call_rwsem_down_read_failed)
-@@ -61,6 +64,9 @@ ENTRY(call_rwsem_down_write_failed)
+@@ -61,6 +62,7 @@ ENTRY(call_rwsem_down_write_failed)
movq %rax,%rdi
call rwsem_down_write_failed
restore_common_regs
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
ENDPROC(call_rwsem_down_write_failed)
-@@ -73,6 +79,9 @@ ENTRY(call_rwsem_wake)
+@@ -73,6 +75,7 @@ ENTRY(call_rwsem_wake)
movq %rax,%rdi
call rwsem_wake
restore_common_regs
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
1: ret
CFI_ENDPROC
ENDPROC(call_rwsem_wake)
-@@ -88,6 +97,9 @@ ENTRY(call_rwsem_downgrade_wake)
+@@ -88,6 +91,7 @@ ENTRY(call_rwsem_downgrade_wake)
popq_cfi %rdx
CFI_RESTORE rdx
restore_common_regs
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
CFI_ENDPROC
ENDPROC(call_rwsem_downgrade_wake)
diff -urNp linux-3.0.4/arch/x86/lib/thunk_64.S linux-3.0.4/arch/x86/lib/thunk_64.S
--- linux-3.0.4/arch/x86/lib/thunk_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/thunk_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -50,5 +50,8 @@
++++ linux-3.0.4/arch/x86/lib/thunk_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -10,7 +10,8 @@
+ #include <asm/dwarf2.h>
+ #include <asm/calling.h>
+ #include <asm/rwlock.h>
+-
++ #include <asm/alternative-asm.h>
++
+ /* rdi: arg1 ... normal C conventions. rax is saved/restored. */
+ .macro thunk name,func
+ .globl \name
+@@ -50,5 +51,6 @@
SAVE_ARGS
restore:
RESTORE_ARGS
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
- ret
+- ret
++ pax_force_retaddr
++ ret
CFI_ENDPROC
diff -urNp linux-3.0.4/arch/x86/lib/usercopy_32.c linux-3.0.4/arch/x86/lib/usercopy_32.c
--- linux-3.0.4/arch/x86/lib/usercopy_32.c 2011-07-21 22:17:23.000000000 -0400
@@ -18784,7 +18953,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/usercopy_32.c linux-3.0.4/arch/x86/lib/userc
+#endif
diff -urNp linux-3.0.4/arch/x86/lib/usercopy_64.c linux-3.0.4/arch/x86/lib/usercopy_64.c
--- linux-3.0.4/arch/x86/lib/usercopy_64.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/usercopy_64.c 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/usercopy_64.c 2011-10-06 04:17:55.000000000 -0400
@@ -42,6 +42,12 @@ long
__strncpy_from_user(char *dst, const char __user *src, long count)
{
@@ -18816,6 +18985,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/usercopy_64.c linux-3.0.4/arch/x86/lib/userc
unsigned long copy_in_user(void __user *to, const void __user *from, unsigned len)
{
- if (access_ok(VERIFY_WRITE, to, len) && access_ok(VERIFY_READ, from, len)) {
+- return copy_user_generic((__force void *)to, (__force void *)from, len);
+- }
+- return len;
+ if (access_ok(VERIFY_WRITE, to, len) && access_ok(VERIFY_READ, from, len)) {
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
@@ -18825,14 +18997,21 @@ diff -urNp linux-3.0.4/arch/x86/lib/usercopy_64.c linux-3.0.4/arch/x86/lib/userc
+ from += PAX_USER_SHADOW_BASE;
+#endif
+
- return copy_user_generic((__force void *)to, (__force void *)from, len);
-- }
-- return len;
++ return copy_user_generic((void __force_kernel *)to, (void __force_kernel *)from, len);
+ }
+ return len;
}
EXPORT_SYMBOL(copy_in_user);
+@@ -164,7 +184,7 @@ EXPORT_SYMBOL(copy_in_user);
+ * it is not necessary to optimize tail handling.
+ */
+ unsigned long
+-copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest)
++copy_user_handle_tail(char __user *to, char __user *from, unsigned len, unsigned zerorest)
+ {
+ char c;
+ unsigned zero_len;
diff -urNp linux-3.0.4/arch/x86/Makefile linux-3.0.4/arch/x86/Makefile
--- linux-3.0.4/arch/x86/Makefile 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/Makefile 2011-08-23 21:48:14.000000000 -0400
@@ -18871,7 +19050,7 @@ diff -urNp linux-3.0.4/arch/x86/mm/extable.c linux-3.0.4/arch/x86/mm/extable.c
pnp_bios_is_utter_crap = 1;
diff -urNp linux-3.0.4/arch/x86/mm/fault.c linux-3.0.4/arch/x86/mm/fault.c
--- linux-3.0.4/arch/x86/mm/fault.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/mm/fault.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/arch/x86/mm/fault.c 2011-10-06 04:17:55.000000000 -0400
@@ -13,10 +13,18 @@
#include <linux/perf_event.h> /* perf_sw_event */
#include <linux/hugetlb.h> /* hstate_index_to_shift */
@@ -18906,7 +19085,7 @@ diff -urNp linux-3.0.4/arch/x86/mm/fault.c linux-3.0.4/arch/x86/mm/fault.c
/* Prefetch instruction is 0x0F0D or 0x0F18 */
- if (probe_kernel_address(instr, opcode))
+ if (user_mode(regs)) {
-+ if (__copy_from_user_inatomic(&opcode, (__force unsigned char __user *)(instr), 1))
++ if (__copy_from_user_inatomic(&opcode, (unsigned char __force_user *)(instr), 1))
+ return 0;
+ } else if (probe_kernel_address(instr, opcode))
return 0;
@@ -18918,7 +19097,7 @@ diff -urNp linux-3.0.4/arch/x86/mm/fault.c linux-3.0.4/arch/x86/mm/fault.c
- if (probe_kernel_address(instr, opcode))
+ if (user_mode(regs)) {
-+ if (__copy_from_user_inatomic(&opcode, (__force unsigned char __user *)(instr), 1))
++ if (__copy_from_user_inatomic(&opcode, (unsigned char __force_user *)(instr), 1))
+ break;
+ } else if (probe_kernel_address(instr, opcode))
break;
@@ -19491,7 +19670,7 @@ diff -urNp linux-3.0.4/arch/x86/mm/fault.c linux-3.0.4/arch/x86/mm/fault.c
+ printk(KERN_ERR "PAX: bytes at PC: ");
+ for (i = 0; i < 20; i++) {
+ unsigned char c;
-+ if (get_user(c, (__force unsigned char __user *)pc+i))
++ if (get_user(c, (unsigned char __force_user *)pc+i))
+ printk(KERN_CONT "?? ");
+ else
+ printk(KERN_CONT "%02x ", c);
@@ -19501,7 +19680,7 @@ diff -urNp linux-3.0.4/arch/x86/mm/fault.c linux-3.0.4/arch/x86/mm/fault.c
+ printk(KERN_ERR "PAX: bytes at SP-%lu: ", (unsigned long)sizeof(long));
+ for (i = -1; i < 80 / (long)sizeof(long); i++) {
+ unsigned long c;
-+ if (get_user(c, (__force unsigned long __user *)sp+i))
++ if (get_user(c, (unsigned long __force_user *)sp+i))
+#ifdef CONFIG_X86_32
+ printk(KERN_CONT "???????? ");
+#else
@@ -19531,7 +19710,7 @@ diff -urNp linux-3.0.4/arch/x86/mm/fault.c linux-3.0.4/arch/x86/mm/fault.c
+ set_fs(KERNEL_DS);
+ pagefault_disable();
+ pax_open_kernel();
-+ ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
++ ret = __copy_to_user_inatomic((void __force_user *)dst, src, size);
+ pax_close_kernel();
+ pagefault_enable();
+ set_fs(old_fs);
@@ -20053,7 +20232,7 @@ diff -urNp linux-3.0.4/arch/x86/mm/init_32.c linux-3.0.4/arch/x86/mm/init_32.c
size >> 10);
diff -urNp linux-3.0.4/arch/x86/mm/init_64.c linux-3.0.4/arch/x86/mm/init_64.c
--- linux-3.0.4/arch/x86/mm/init_64.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/mm/init_64.c 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/mm/init_64.c 2011-10-06 04:17:55.000000000 -0400
@@ -75,7 +75,7 @@ early_param("gbpages", parse_direct_gbpa
* around without checking the pgd every time.
*/
@@ -20132,6 +20311,24 @@ diff -urNp linux-3.0.4/arch/x86/mm/init_64.c linux-3.0.4/arch/x86/mm/init_64.c
}
pmd = pmd_offset(pud, phys);
BUG_ON(!pmd_none(*pmd));
+@@ -330,7 +344,7 @@ static __ref void *alloc_low_page(unsign
+ if (pfn >= pgt_buf_top)
+ panic("alloc_low_page: ran out of memory");
+
+- adr = early_memremap(pfn * PAGE_SIZE, PAGE_SIZE);
++ adr = (void __force_kernel *)early_memremap(pfn * PAGE_SIZE, PAGE_SIZE);
+ clear_page(adr);
+ *phys = pfn * PAGE_SIZE;
+ return adr;
+@@ -346,7 +360,7 @@ static __ref void *map_low_page(void *vi
+
+ phys = __pa(virt);
+ left = phys & (PAGE_SIZE - 1);
+- adr = early_memremap(phys & PAGE_MASK, PAGE_SIZE);
++ adr = (void __force_kernel *)early_memremap(phys & PAGE_MASK, PAGE_SIZE);
+ adr = (void *)(((unsigned long)adr) | left);
+
+ return adr;
@@ -693,6 +707,12 @@ void __init mem_init(void)
pci_iommu_alloc();
@@ -21008,7 +21205,30 @@ diff -urNp linux-3.0.4/arch/x86/net/bpf_jit_comp.c linux-3.0.4/arch/x86/net/bpf_
if (!image)
diff -urNp linux-3.0.4/arch/x86/oprofile/backtrace.c linux-3.0.4/arch/x86/oprofile/backtrace.c
--- linux-3.0.4/arch/x86/oprofile/backtrace.c 2011-09-02 18:11:21.000000000 -0400
-+++ linux-3.0.4/arch/x86/oprofile/backtrace.c 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/oprofile/backtrace.c 2011-10-06 04:17:55.000000000 -0400
+@@ -83,11 +83,11 @@ dump_user_backtrace_32(struct stack_fram
+ struct stack_frame_ia32 *fp;
+ unsigned long bytes;
+
+- bytes = copy_from_user_nmi(bufhead, head, sizeof(bufhead));
++ bytes = copy_from_user_nmi(bufhead, (const char __force_user *)head, sizeof(bufhead));
+ if (bytes != sizeof(bufhead))
+ return NULL;
+
+- fp = (struct stack_frame_ia32 *) compat_ptr(bufhead[0].next_frame);
++ fp = (struct stack_frame_ia32 __force_kernel *) compat_ptr(bufhead[0].next_frame);
+
+ oprofile_add_trace(bufhead[0].return_address);
+
+@@ -129,7 +129,7 @@ static struct stack_frame *dump_user_bac
+ struct stack_frame bufhead[2];
+ unsigned long bytes;
+
+- bytes = copy_from_user_nmi(bufhead, head, sizeof(bufhead));
++ bytes = copy_from_user_nmi(bufhead, (const char __force_user *)head, sizeof(bufhead));
+ if (bytes != sizeof(bufhead))
+ return NULL;
+
@@ -148,7 +148,7 @@ x86_backtrace(struct pt_regs * const reg
{
struct stack_frame *head = (struct stack_frame *)frame_pointer(regs);
@@ -21341,7 +21561,7 @@ diff -urNp linux-3.0.4/arch/x86/pci/pcbios.c linux-3.0.4/arch/x86/pci/pcbios.c
EXPORT_SYMBOL(pcibios_set_irq_routing);
diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platform/efi/efi_32.c
--- linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-09-19 09:16:58.000000000 -0400
++++ linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-10-06 04:17:55.000000000 -0400
@@ -38,70 +38,56 @@
*/
@@ -21396,9 +21616,9 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
+#ifdef CONFIG_PAX_KERNEXEC
+ pack_descriptor(&d, 0, 0xFFFFF, 0x9B, 0xC);
-+ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_CS, &d, DESCTYPE_S);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_KERNEXEC_EFI_CS, &d, DESCTYPE_S);
+ pack_descriptor(&d, 0, 0xFFFFF, 0x93, 0xC);
-+ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_DS, &d, DESCTYPE_S);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_KERNEXEC_EFI_DS, &d, DESCTYPE_S);
+#endif
+
gdt_descr.address = __pa(get_cpu_gdt_table(0));
@@ -21416,8 +21636,8 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
+ struct desc_struct d;
+
+ memset(&d, 0, sizeof d);
-+ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_CS, &d, DESCTYPE_S);
-+ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_DS, &d, DESCTYPE_S);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_KERNEXEC_EFI_CS, &d, DESCTYPE_S);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_KERNEXEC_EFI_DS, &d, DESCTYPE_S);
+#endif
+
gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
@@ -21552,74 +21772,68 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
efi_rt_function_ptr:
diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S
--- linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S 2011-09-17 18:31:51.000000000 -0400
-@@ -40,6 +40,9 @@ ENTRY(efi_call0)
++++ linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S 2011-10-06 04:17:55.000000000 -0400
+@@ -7,6 +7,7 @@
+ */
+
+ #include <linux/linkage.h>
++#include <asm/alternative-asm.h>
+
+ #define SAVE_XMM \
+ mov %rsp, %rax; \
+@@ -40,6 +41,7 @@ ENTRY(efi_call0)
call *%rdi
addq $32, %rsp
RESTORE_XMM
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
ENDPROC(efi_call0)
-@@ -50,6 +53,9 @@ ENTRY(efi_call1)
+@@ -50,6 +52,7 @@ ENTRY(efi_call1)
call *%rdi
addq $32, %rsp
RESTORE_XMM
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
ENDPROC(efi_call1)
-@@ -60,6 +66,9 @@ ENTRY(efi_call2)
+@@ -60,6 +63,7 @@ ENTRY(efi_call2)
call *%rdi
addq $32, %rsp
RESTORE_XMM
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
ENDPROC(efi_call2)
-@@ -71,6 +80,9 @@ ENTRY(efi_call3)
+@@ -71,6 +75,7 @@ ENTRY(efi_call3)
call *%rdi
addq $32, %rsp
RESTORE_XMM
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
ENDPROC(efi_call3)
-@@ -83,6 +95,9 @@ ENTRY(efi_call4)
+@@ -83,6 +88,7 @@ ENTRY(efi_call4)
call *%rdi
addq $32, %rsp
RESTORE_XMM
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
ENDPROC(efi_call4)
-@@ -96,6 +111,9 @@ ENTRY(efi_call5)
+@@ -96,6 +102,7 @@ ENTRY(efi_call5)
call *%rdi
addq $48, %rsp
RESTORE_XMM
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
ENDPROC(efi_call5)
-@@ -112,5 +130,8 @@ ENTRY(efi_call6)
+@@ -112,5 +119,6 @@ ENTRY(efi_call6)
call *%rdi
addq $48, %rsp
RESTORE_XMM
-+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+ orb $0x80, 0x7(%rsp)
-+#endif
++ pax_force_retaddr
ret
ENDPROC(efi_call6)
diff -urNp linux-3.0.4/arch/x86/platform/mrst/mrst.c linux-3.0.4/arch/x86/platform/mrst/mrst.c
@@ -22136,7 +22350,7 @@ diff -urNp linux-3.0.4/block/blk-softirq.c linux-3.0.4/block/blk-softirq.c
diff -urNp linux-3.0.4/block/bsg.c linux-3.0.4/block/bsg.c
--- linux-3.0.4/block/bsg.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/block/bsg.c 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/block/bsg.c 2011-10-06 04:17:55.000000000 -0400
@@ -176,16 +176,24 @@ static int blk_fill_sgv4_hdr_rq(struct r
struct sg_io_v4 *hdr, struct bsg_device *bd,
fmode_t has_write_perm)
@@ -22154,7 +22368,7 @@ diff -urNp linux-3.0.4/block/bsg.c linux-3.0.4/block/bsg.c
+ cmdptr = tmpcmd;
- if (copy_from_user(rq->cmd, (void *)(unsigned long)hdr->request,
-+ if (copy_from_user(cmdptr, (void *)(unsigned long)hdr->request,
++ if (copy_from_user(cmdptr, (void __user *)(unsigned long)hdr->request,
hdr->request_len))
return -EFAULT;
@@ -22164,6 +22378,58 @@ diff -urNp linux-3.0.4/block/bsg.c linux-3.0.4/block/bsg.c
if (hdr->subprotocol == BSG_SUB_PROTOCOL_SCSI_CMD) {
if (blk_verify_command(rq->cmd, has_write_perm))
return -EPERM;
+@@ -249,7 +257,7 @@ bsg_map_hdr(struct bsg_device *bd, struc
+ struct request *rq, *next_rq = NULL;
+ int ret, rw;
+ unsigned int dxfer_len;
+- void *dxferp = NULL;
++ void __user *dxferp = NULL;
+ struct bsg_class_device *bcd = &q->bsg_dev;
+
+ /* if the LLD has been removed then the bsg_unregister_queue will
+@@ -291,7 +299,7 @@ bsg_map_hdr(struct bsg_device *bd, struc
+ rq->next_rq = next_rq;
+ next_rq->cmd_type = rq->cmd_type;
+
+- dxferp = (void*)(unsigned long)hdr->din_xferp;
++ dxferp = (void __user *)(unsigned long)hdr->din_xferp;
+ ret = blk_rq_map_user(q, next_rq, NULL, dxferp,
+ hdr->din_xfer_len, GFP_KERNEL);
+ if (ret)
+@@ -300,10 +308,10 @@ bsg_map_hdr(struct bsg_device *bd, struc
+
+ if (hdr->dout_xfer_len) {
+ dxfer_len = hdr->dout_xfer_len;
+- dxferp = (void*)(unsigned long)hdr->dout_xferp;
++ dxferp = (void __user *)(unsigned long)hdr->dout_xferp;
+ } else if (hdr->din_xfer_len) {
+ dxfer_len = hdr->din_xfer_len;
+- dxferp = (void*)(unsigned long)hdr->din_xferp;
++ dxferp = (void __user *)(unsigned long)hdr->din_xferp;
+ } else
+ dxfer_len = 0;
+
+@@ -445,7 +453,7 @@ static int blk_complete_sgv4_hdr_rq(stru
+ int len = min_t(unsigned int, hdr->max_response_len,
+ rq->sense_len);
+
+- ret = copy_to_user((void*)(unsigned long)hdr->response,
++ ret = copy_to_user((void __user *)(unsigned long)hdr->response,
+ rq->sense, len);
+ if (!ret)
+ hdr->response_len = len;
+diff -urNp linux-3.0.4/block/compat_ioctl.c linux-3.0.4/block/compat_ioctl.c
+--- linux-3.0.4/block/compat_ioctl.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/block/compat_ioctl.c 2011-10-06 04:17:55.000000000 -0400
+@@ -354,7 +354,7 @@ static int compat_fd_ioctl(struct block_
+ err |= __get_user(f->spec1, &uf->spec1);
+ err |= __get_user(f->fmt_gap, &uf->fmt_gap);
+ err |= __get_user(name, &uf->name);
+- f->name = compat_ptr(name);
++ f->name = (void __force_kernel *)compat_ptr(name);
+ if (err) {
+ err = -EFAULT;
+ goto out;
diff -urNp linux-3.0.4/block/scsi_ioctl.c linux-3.0.4/block/scsi_ioctl.c
--- linux-3.0.4/block/scsi_ioctl.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/block/scsi_ioctl.c 2011-08-23 21:47:55.000000000 -0400
@@ -23578,6 +23844,18 @@ diff -urNp linux-3.0.4/drivers/atm/zatm.c linux-3.0.4/drivers/atm/zatm.c
wake_up(&zatm_vcc->tx_wait);
}
+diff -urNp linux-3.0.4/drivers/base/devtmpfs.c linux-3.0.4/drivers/base/devtmpfs.c
+--- linux-3.0.4/drivers/base/devtmpfs.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/drivers/base/devtmpfs.c 2011-10-06 04:17:55.000000000 -0400
+@@ -357,7 +357,7 @@ int devtmpfs_mount(const char *mntdir)
+ if (!dev_mnt)
+ return 0;
+
+- err = sys_mount("devtmpfs", (char *)mntdir, "devtmpfs", MS_SILENT, NULL);
++ err = sys_mount((char __force_user *)"devtmpfs", (char __force_user *)mntdir, (char __force_user *)"devtmpfs", MS_SILENT, NULL);
+ if (err)
+ printk(KERN_INFO "devtmpfs: error mounting %i\n", err);
+ else
diff -urNp linux-3.0.4/drivers/base/power/wakeup.c linux-3.0.4/drivers/base/power/wakeup.c
--- linux-3.0.4/drivers/base/power/wakeup.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/drivers/base/power/wakeup.c 2011-08-23 21:47:55.000000000 -0400
@@ -23908,7 +24186,7 @@ diff -urNp linux-3.0.4/drivers/block/DAC960.c linux-3.0.4/drivers/block/DAC960.c
sizeof(DAC960_SCSI_Inquiry_T) +
diff -urNp linux-3.0.4/drivers/block/drbd/drbd_int.h linux-3.0.4/drivers/block/drbd/drbd_int.h
--- linux-3.0.4/drivers/block/drbd/drbd_int.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/drivers/block/drbd/drbd_int.h 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/drivers/block/drbd/drbd_int.h 2011-10-06 04:17:55.000000000 -0400
@@ -737,7 +737,7 @@ struct drbd_request;
struct drbd_epoch {
struct list_head list;
@@ -23927,6 +24205,45 @@ diff -urNp linux-3.0.4/drivers/block/drbd/drbd_int.h linux-3.0.4/drivers/block/d
unsigned int peer_seq;
spinlock_t peer_seq_lock;
unsigned int minor;
+@@ -1618,30 +1618,30 @@ static inline int drbd_setsockopt(struct
+
+ static inline void drbd_tcp_cork(struct socket *sock)
+ {
+- int __user val = 1;
++ int val = 1;
+ (void) drbd_setsockopt(sock, SOL_TCP, TCP_CORK,
+- (char __user *)&val, sizeof(val));
++ (char __force_user *)&val, sizeof(val));
+ }
+
+ static inline void drbd_tcp_uncork(struct socket *sock)
+ {
+- int __user val = 0;
++ int val = 0;
+ (void) drbd_setsockopt(sock, SOL_TCP, TCP_CORK,
+- (char __user *)&val, sizeof(val));
++ (char __force_user *)&val, sizeof(val));
+ }
+
+ static inline void drbd_tcp_nodelay(struct socket *sock)
+ {
+- int __user val = 1;
++ int val = 1;
+ (void) drbd_setsockopt(sock, SOL_TCP, TCP_NODELAY,
+- (char __user *)&val, sizeof(val));
++ (char __force_user *)&val, sizeof(val));
+ }
+
+ static inline void drbd_tcp_quickack(struct socket *sock)
+ {
+- int __user val = 2;
++ int val = 2;
+ (void) drbd_setsockopt(sock, SOL_TCP, TCP_QUICKACK,
+- (char __user *)&val, sizeof(val));
++ (char __force_user *)&val, sizeof(val));
+ }
+
+ void drbd_bump_write_ordering(struct drbd_conf *mdev, enum write_ordering_e wo);
diff -urNp linux-3.0.4/drivers/block/drbd/drbd_main.c linux-3.0.4/drivers/block/drbd/drbd_main.c
--- linux-3.0.4/drivers/block/drbd/drbd_main.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/drivers/block/drbd/drbd_main.c 2011-08-23 21:47:55.000000000 -0400
@@ -24104,6 +24421,18 @@ diff -urNp linux-3.0.4/drivers/block/drbd/drbd_receiver.c linux-3.0.4/drivers/bl
D_ASSERT(list_empty(&mdev->current_epoch->list));
}
+diff -urNp linux-3.0.4/drivers/block/loop.c linux-3.0.4/drivers/block/loop.c
+--- linux-3.0.4/drivers/block/loop.c 2011-09-02 18:11:26.000000000 -0400
++++ linux-3.0.4/drivers/block/loop.c 2011-10-06 04:17:55.000000000 -0400
+@@ -283,7 +283,7 @@ static int __do_lo_send_write(struct fil
+ mm_segment_t old_fs = get_fs();
+
+ set_fs(get_ds());
+- bw = file->f_op->write(file, buf, len, &pos);
++ bw = file->f_op->write(file, (const char __force_user *)buf, len, &pos);
+ set_fs(old_fs);
+ if (likely(bw == len))
+ return 0;
diff -urNp linux-3.0.4/drivers/block/nbd.c linux-3.0.4/drivers/block/nbd.c
--- linux-3.0.4/drivers/block/nbd.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/drivers/block/nbd.c 2011-08-23 21:48:14.000000000 -0400
@@ -24543,7 +24872,7 @@ diff -urNp linux-3.0.4/drivers/char/sonypi.c linux-3.0.4/drivers/char/sonypi.c
return 0;
diff -urNp linux-3.0.4/drivers/char/tpm/tpm_bios.c linux-3.0.4/drivers/char/tpm/tpm_bios.c
--- linux-3.0.4/drivers/char/tpm/tpm_bios.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/drivers/char/tpm/tpm_bios.c 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/drivers/char/tpm/tpm_bios.c 2011-10-06 04:17:55.000000000 -0400
@@ -173,7 +173,7 @@ static void *tpm_bios_measurements_start
event = addr;
@@ -24572,7 +24901,7 @@ diff -urNp linux-3.0.4/drivers/char/tpm/tpm_bios.c linux-3.0.4/drivers/char/tpm/
return 0;
}
-@@ -410,6 +411,11 @@ static int read_log(struct tpm_bios_log
+@@ -410,8 +411,13 @@ static int read_log(struct tpm_bios_log
log->bios_event_log_end = log->bios_event_log + len;
virt = acpi_os_map_memory(start, len);
@@ -24582,8 +24911,11 @@ diff -urNp linux-3.0.4/drivers/char/tpm/tpm_bios.c linux-3.0.4/drivers/char/tpm/
+ return -EFAULT;
+ }
- memcpy(log->bios_event_log, virt, len);
+- memcpy(log->bios_event_log, virt, len);
++ memcpy(log->bios_event_log, (const char __force_kernel *)virt, len);
+ acpi_os_unmap_memory(virt, len);
+ return 0;
diff -urNp linux-3.0.4/drivers/char/tpm/tpm.c linux-3.0.4/drivers/char/tpm/tpm.c
--- linux-3.0.4/drivers/char/tpm/tpm.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/drivers/char/tpm/tpm.c 2011-08-23 21:48:14.000000000 -0400
@@ -24605,6 +24937,27 @@ diff -urNp linux-3.0.4/drivers/char/tpm/tpm.c linux-3.0.4/drivers/char/tpm/tpm.c
tpm_cmd.header.in = tpm_readpubek_header;
err = transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE,
"attempting to read the PUBEK");
+diff -urNp linux-3.0.4/drivers/char/virtio_console.c linux-3.0.4/drivers/char/virtio_console.c
+--- linux-3.0.4/drivers/char/virtio_console.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/drivers/char/virtio_console.c 2011-10-06 04:17:55.000000000 -0400
+@@ -555,7 +555,7 @@ static ssize_t fill_readbuf(struct port
+ if (to_user) {
+ ssize_t ret;
+
+- ret = copy_to_user(out_buf, buf->buf + buf->offset, out_count);
++ ret = copy_to_user((char __force_user *)out_buf, buf->buf + buf->offset, out_count);
+ if (ret)
+ return -EFAULT;
+ } else {
+@@ -654,7 +654,7 @@ static ssize_t port_fops_read(struct fil
+ if (!port_has_data(port) && !port->host_connected)
+ return 0;
+
+- return fill_readbuf(port, ubuf, count, true);
++ return fill_readbuf(port, (char __force_kernel *)ubuf, count, true);
+ }
+
+ static ssize_t port_fops_write(struct file *filp, const char __user *ubuf,
diff -urNp linux-3.0.4/drivers/crypto/hifn_795x.c linux-3.0.4/drivers/crypto/hifn_795x.c
--- linux-3.0.4/drivers/crypto/hifn_795x.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/drivers/crypto/hifn_795x.c 2011-08-23 21:48:14.000000000 -0400
@@ -24785,7 +25138,7 @@ diff -urNp linux-3.0.4/drivers/firewire/core-transaction.c linux-3.0.4/drivers/f
d.payload = payload;
diff -urNp linux-3.0.4/drivers/firmware/dmi_scan.c linux-3.0.4/drivers/firmware/dmi_scan.c
--- linux-3.0.4/drivers/firmware/dmi_scan.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/drivers/firmware/dmi_scan.c 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/drivers/firmware/dmi_scan.c 2011-10-06 04:17:55.000000000 -0400
@@ -449,11 +449,6 @@ void __init dmi_scan_machine(void)
}
}
@@ -24798,6 +25151,15 @@ diff -urNp linux-3.0.4/drivers/firmware/dmi_scan.c linux-3.0.4/drivers/firmware/
p = dmi_ioremap(0xF0000, 0x10000);
if (p == NULL)
goto error;
+@@ -725,7 +720,7 @@ int dmi_walk(void (*decode)(const struct
+ if (buf == NULL)
+ return -1;
+
+- dmi_table(buf, dmi_len, dmi_num, decode, private_data);
++ dmi_table((char __force_kernel *)buf, dmi_len, dmi_num, decode, private_data);
+
+ iounmap(buf);
+ return 0;
diff -urNp linux-3.0.4/drivers/gpio/vr41xx_giu.c linux-3.0.4/drivers/gpio/vr41xx_giu.c
--- linux-3.0.4/drivers/gpio/vr41xx_giu.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/drivers/gpio/vr41xx_giu.c 2011-08-23 21:47:55.000000000 -0400
@@ -24810,6 +25172,101 @@ diff -urNp linux-3.0.4/drivers/gpio/vr41xx_giu.c linux-3.0.4/drivers/gpio/vr41xx
return -EINVAL;
}
+diff -urNp linux-3.0.4/drivers/gpu/drm/drm_crtc.c linux-3.0.4/drivers/gpu/drm/drm_crtc.c
+--- linux-3.0.4/drivers/gpu/drm/drm_crtc.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/drivers/gpu/drm/drm_crtc.c 2011-10-06 04:17:55.000000000 -0400
+@@ -1372,7 +1372,7 @@ int drm_mode_getconnector(struct drm_dev
+ */
+ if ((out_resp->count_modes >= mode_count) && mode_count) {
+ copied = 0;
+- mode_ptr = (struct drm_mode_modeinfo *)(unsigned long)out_resp->modes_ptr;
++ mode_ptr = (struct drm_mode_modeinfo __user *)(unsigned long)out_resp->modes_ptr;
+ list_for_each_entry(mode, &connector->modes, head) {
+ drm_crtc_convert_to_umode(&u_mode, mode);
+ if (copy_to_user(mode_ptr + copied,
+@@ -1387,8 +1387,8 @@ int drm_mode_getconnector(struct drm_dev
+
+ if ((out_resp->count_props >= props_count) && props_count) {
+ copied = 0;
+- prop_ptr = (uint32_t *)(unsigned long)(out_resp->props_ptr);
+- prop_values = (uint64_t *)(unsigned long)(out_resp->prop_values_ptr);
++ prop_ptr = (uint32_t __user *)(unsigned long)(out_resp->props_ptr);
++ prop_values = (uint64_t __user *)(unsigned long)(out_resp->prop_values_ptr);
+ for (i = 0; i < DRM_CONNECTOR_MAX_PROPERTY; i++) {
+ if (connector->property_ids[i] != 0) {
+ if (put_user(connector->property_ids[i],
+@@ -1410,7 +1410,7 @@ int drm_mode_getconnector(struct drm_dev
+
+ if ((out_resp->count_encoders >= encoders_count) && encoders_count) {
+ copied = 0;
+- encoder_ptr = (uint32_t *)(unsigned long)(out_resp->encoders_ptr);
++ encoder_ptr = (uint32_t __user *)(unsigned long)(out_resp->encoders_ptr);
+ for (i = 0; i < DRM_CONNECTOR_MAX_ENCODER; i++) {
+ if (connector->encoder_ids[i] != 0) {
+ if (put_user(connector->encoder_ids[i],
+@@ -1569,7 +1569,7 @@ int drm_mode_setcrtc(struct drm_device *
+ }
+
+ for (i = 0; i < crtc_req->count_connectors; i++) {
+- set_connectors_ptr = (uint32_t *)(unsigned long)crtc_req->set_connectors_ptr;
++ set_connectors_ptr = (uint32_t __user *)(unsigned long)crtc_req->set_connectors_ptr;
+ if (get_user(out_id, &set_connectors_ptr[i])) {
+ ret = -EFAULT;
+ goto out;
+@@ -1850,7 +1850,7 @@ int drm_mode_dirtyfb_ioctl(struct drm_de
+ fb = obj_to_fb(obj);
+
+ num_clips = r->num_clips;
+- clips_ptr = (struct drm_clip_rect *)(unsigned long)r->clips_ptr;
++ clips_ptr = (struct drm_clip_rect __user *)(unsigned long)r->clips_ptr;
+
+ if (!num_clips != !clips_ptr) {
+ ret = -EINVAL;
+@@ -2270,7 +2270,7 @@ int drm_mode_getproperty_ioctl(struct dr
+ out_resp->flags = property->flags;
+
+ if ((out_resp->count_values >= value_count) && value_count) {
+- values_ptr = (uint64_t *)(unsigned long)out_resp->values_ptr;
++ values_ptr = (uint64_t __user *)(unsigned long)out_resp->values_ptr;
+ for (i = 0; i < value_count; i++) {
+ if (copy_to_user(values_ptr + i, &property->values[i], sizeof(uint64_t))) {
+ ret = -EFAULT;
+@@ -2283,7 +2283,7 @@ int drm_mode_getproperty_ioctl(struct dr
+ if (property->flags & DRM_MODE_PROP_ENUM) {
+ if ((out_resp->count_enum_blobs >= enum_count) && enum_count) {
+ copied = 0;
+- enum_ptr = (struct drm_mode_property_enum *)(unsigned long)out_resp->enum_blob_ptr;
++ enum_ptr = (struct drm_mode_property_enum __user *)(unsigned long)out_resp->enum_blob_ptr;
+ list_for_each_entry(prop_enum, &property->enum_blob_list, head) {
+
+ if (copy_to_user(&enum_ptr[copied].value, &prop_enum->value, sizeof(uint64_t))) {
+@@ -2306,7 +2306,7 @@ int drm_mode_getproperty_ioctl(struct dr
+ if ((out_resp->count_enum_blobs >= blob_count) && blob_count) {
+ copied = 0;
+ blob_id_ptr = (uint32_t *)(unsigned long)out_resp->enum_blob_ptr;
+- blob_length_ptr = (uint32_t *)(unsigned long)out_resp->values_ptr;
++ blob_length_ptr = (uint32_t __user *)(unsigned long)out_resp->values_ptr;
+
+ list_for_each_entry(prop_blob, &property->enum_blob_list, head) {
+ if (put_user(prop_blob->base.id, blob_id_ptr + copied)) {
+@@ -2367,7 +2367,7 @@ int drm_mode_getblob_ioctl(struct drm_de
+ struct drm_mode_get_blob *out_resp = data;
+ struct drm_property_blob *blob;
+ int ret = 0;
+- void *blob_ptr;
++ void __user *blob_ptr;
+
+ if (!drm_core_check_feature(dev, DRIVER_MODESET))
+ return -EINVAL;
+@@ -2381,7 +2381,7 @@ int drm_mode_getblob_ioctl(struct drm_de
+ blob = obj_to_blob(obj);
+
+ if (out_resp->length == blob->length) {
+- blob_ptr = (void *)(unsigned long)out_resp->data;
++ blob_ptr = (void __user *)(unsigned long)out_resp->data;
+ if (copy_to_user(blob_ptr, blob->data, blob->length)){
+ ret = -EFAULT;
+ goto done;
diff -urNp linux-3.0.4/drivers/gpu/drm/drm_crtc_helper.c linux-3.0.4/drivers/gpu/drm/drm_crtc_helper.c
--- linux-3.0.4/drivers/gpu/drm/drm_crtc_helper.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/drivers/gpu/drm/drm_crtc_helper.c 2011-08-23 21:48:14.000000000 -0400
@@ -24833,7 +25290,16 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/drm_crtc_helper.c linux-3.0.4/drivers/gpu
return true;
diff -urNp linux-3.0.4/drivers/gpu/drm/drm_drv.c linux-3.0.4/drivers/gpu/drm/drm_drv.c
--- linux-3.0.4/drivers/gpu/drm/drm_drv.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/drivers/gpu/drm/drm_drv.c 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/drivers/gpu/drm/drm_drv.c 2011-10-06 04:17:55.000000000 -0400
+@@ -307,7 +307,7 @@ module_exit(drm_core_exit);
+ /**
+ * Copy and IOCTL return string to user space
+ */
+-static int drm_copy_field(char *buf, size_t *buf_len, const char *value)
++static int drm_copy_field(char __user *buf, size_t *buf_len, const char *value)
+ {
+ int len;
+
@@ -386,7 +386,7 @@ long drm_ioctl(struct file *filp,
dev = file_priv->minor->dev;
@@ -24998,6 +25464,27 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/drm_info.c linux-3.0.4/drivers/gpu/drm/dr
#if defined(__i386__)
pgprot = pgprot_val(vma->vm_page_prot);
+diff -urNp linux-3.0.4/drivers/gpu/drm/drm_ioc32.c linux-3.0.4/drivers/gpu/drm/drm_ioc32.c
+--- linux-3.0.4/drivers/gpu/drm/drm_ioc32.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/drivers/gpu/drm/drm_ioc32.c 2011-10-06 04:17:55.000000000 -0400
+@@ -455,7 +455,7 @@ static int compat_drm_infobufs(struct fi
+ request = compat_alloc_user_space(nbytes);
+ if (!access_ok(VERIFY_WRITE, request, nbytes))
+ return -EFAULT;
+- list = (struct drm_buf_desc *) (request + 1);
++ list = (struct drm_buf_desc __user *) (request + 1);
+
+ if (__put_user(count, &request->count)
+ || __put_user(list, &request->list))
+@@ -516,7 +516,7 @@ static int compat_drm_mapbufs(struct fil
+ request = compat_alloc_user_space(nbytes);
+ if (!access_ok(VERIFY_WRITE, request, nbytes))
+ return -EFAULT;
+- list = (struct drm_buf_pub *) (request + 1);
++ list = (struct drm_buf_pub __user *) (request + 1);
+
+ if (__put_user(count, &request->count)
+ || __put_user(list, &request->list))
diff -urNp linux-3.0.4/drivers/gpu/drm/drm_ioctl.c linux-3.0.4/drivers/gpu/drm/drm_ioctl.c
--- linux-3.0.4/drivers/gpu/drm/drm_ioctl.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/drivers/gpu/drm/drm_ioctl.c 2011-08-23 21:47:55.000000000 -0400
@@ -25072,7 +25559,7 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/i810/i810_drv.h linux-3.0.4/drivers/gpu/d
} drm_i810_private_t;
diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_debugfs.c linux-3.0.4/drivers/gpu/drm/i915/i915_debugfs.c
--- linux-3.0.4/drivers/gpu/drm/i915/i915_debugfs.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/drivers/gpu/drm/i915/i915_debugfs.c 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/drivers/gpu/drm/i915/i915_debugfs.c 2011-10-06 04:17:55.000000000 -0400
@@ -497,7 +497,7 @@ static int i915_interrupt_info(struct se
I915_READ(GTIMR));
}
@@ -25082,6 +25569,15 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_debugfs.c linux-3.0.4/drivers/g
for (i = 0; i < I915_NUM_RINGS; i++) {
if (IS_GEN6(dev)) {
seq_printf(m, "Graphics Interrupt mask (%s): %08x\n",
+@@ -1147,7 +1147,7 @@ static int i915_opregion(struct seq_file
+ return ret;
+
+ if (opregion->header)
+- seq_write(m, opregion->header, OPREGION_SIZE);
++ seq_write(m, (const void __force_kernel *)opregion->header, OPREGION_SIZE);
+
+ mutex_unlock(&dev->struct_mutex);
+
diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c
--- linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c 2011-08-23 21:47:55.000000000 -0400
@@ -25828,6 +26324,18 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h linux-3.0.4/drivers/g
wait_queue_head_t fence_queue;
wait_queue_head_t fifo_queue;
atomic_t fence_queue_waiters;
+diff -urNp linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
+--- linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c 2011-10-06 04:17:55.000000000 -0400
+@@ -610,7 +610,7 @@ int vmw_execbuf_ioctl(struct drm_device
+ struct drm_vmw_fence_rep fence_rep;
+ struct drm_vmw_fence_rep __user *user_fence_rep;
+ int ret;
+- void *user_cmd;
++ void __user *user_cmd;
+ void *cmd;
+ uint32_t sequence;
+ struct vmw_sw_context *sw_context = &dev_priv->ctx;
diff -urNp linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c
--- linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c 2011-08-23 21:47:55.000000000 -0400
@@ -25842,7 +26350,7 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c linux-3.0.4/drivers
struct vmw_fence, head);
diff -urNp linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c
--- linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c 2011-10-06 04:17:55.000000000 -0400
@@ -137,7 +137,7 @@ int vmw_fifo_init(struct vmw_private *de
(unsigned int) min,
(unsigned int) fifo->capabilities);
@@ -25852,6 +26360,15 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c linux-3.0.4/drivers/
iowrite32(dev_priv->last_read_sequence, fifo_mem + SVGA_FIFO_FENCE);
vmw_fence_queue_init(&fifo->fence_queue);
return vmw_fifo_send_fence(dev_priv, &dummy);
+@@ -356,7 +356,7 @@ void *vmw_fifo_reserve(struct vmw_privat
+ if (reserveable)
+ iowrite32(bytes, fifo_mem +
+ SVGA_FIFO_RESERVED);
+- return fifo_mem + (next_cmd >> 2);
++ return (__le32 __force_kernel *)fifo_mem + (next_cmd >> 2);
+ } else {
+ need_bounce = true;
+ }
@@ -476,7 +476,7 @@ int vmw_fifo_send_fence(struct vmw_priva
fm = vmw_fifo_reserve(dev_priv, bytes);
@@ -32243,6 +32760,18 @@ diff -urNp linux-3.0.4/drivers/scsi/scsi_sysfs.c linux-3.0.4/drivers/scsi/scsi_s
return snprintf(buf, 20, "0x%llx\n", count); \
} \
static DEVICE_ATTR(field, S_IRUGO, show_iostat_##field, NULL)
+diff -urNp linux-3.0.4/drivers/scsi/scsi_tgt_lib.c linux-3.0.4/drivers/scsi/scsi_tgt_lib.c
+--- linux-3.0.4/drivers/scsi/scsi_tgt_lib.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/drivers/scsi/scsi_tgt_lib.c 2011-10-06 04:17:55.000000000 -0400
+@@ -362,7 +362,7 @@ static int scsi_map_user_pages(struct sc
+ int err;
+
+ dprintk("%lx %u\n", uaddr, len);
+- err = blk_rq_map_user(q, rq, NULL, (void *)uaddr, len, GFP_KERNEL);
++ err = blk_rq_map_user(q, rq, NULL, (void __user *)uaddr, len, GFP_KERNEL);
+ if (err) {
+ /*
+ * TODO: need to fixup sg_tablesize, max_segment_size,
diff -urNp linux-3.0.4/drivers/scsi/scsi_transport_fc.c linux-3.0.4/drivers/scsi/scsi_transport_fc.c
--- linux-3.0.4/drivers/scsi/scsi_transport_fc.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/drivers/scsi/scsi_transport_fc.c 2011-08-23 21:47:56.000000000 -0400
@@ -32344,7 +32873,16 @@ diff -urNp linux-3.0.4/drivers/scsi/scsi_transport_srp.c linux-3.0.4/drivers/scs
transport_setup_device(&rport->dev);
diff -urNp linux-3.0.4/drivers/scsi/sg.c linux-3.0.4/drivers/scsi/sg.c
--- linux-3.0.4/drivers/scsi/sg.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/drivers/scsi/sg.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/drivers/scsi/sg.c 2011-10-06 04:17:55.000000000 -0400
+@@ -1075,7 +1075,7 @@ sg_ioctl(struct file *filp, unsigned int
+ sdp->disk->disk_name,
+ MKDEV(SCSI_GENERIC_MAJOR, sdp->index),
+ NULL,
+- (char *)arg);
++ (char __user *)arg);
+ case BLKTRACESTART:
+ return blk_trace_startstop(sdp->device->request_queue, 1);
+ case BLKTRACESTOP:
@@ -2310,7 +2310,7 @@ struct sg_proc_leaf {
const struct file_operations * fops;
};
@@ -37190,6 +37728,18 @@ diff -urNp linux-3.0.4/fs/attr.c linux-3.0.4/fs/attr.c
if (limit != RLIM_INFINITY && offset > limit)
goto out_sig;
if (offset > inode->i_sb->s_maxbytes)
+diff -urNp linux-3.0.4/fs/autofs4/waitq.c linux-3.0.4/fs/autofs4/waitq.c
+--- linux-3.0.4/fs/autofs4/waitq.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/fs/autofs4/waitq.c 2011-10-06 04:17:55.000000000 -0400
+@@ -60,7 +60,7 @@ static int autofs4_write(struct file *fi
+ {
+ unsigned long sigpipe, flags;
+ mm_segment_t fs;
+- const char *data = (const char *)addr;
++ const char __user *data = (const char __force_user *)addr;
+ ssize_t wr = 0;
+
+ /** WARNING: this is not safe for writing more than PIPE_BUF bytes! **/
diff -urNp linux-3.0.4/fs/befs/linuxvfs.c linux-3.0.4/fs/befs/linuxvfs.c
--- linux-3.0.4/fs/befs/linuxvfs.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/fs/befs/linuxvfs.c 2011-08-29 23:26:27.000000000 -0400
@@ -38024,13 +38574,13 @@ diff -urNp linux-3.0.4/fs/binfmt_flat.c linux-3.0.4/fs/binfmt_flat.c
}
diff -urNp linux-3.0.4/fs/bio.c linux-3.0.4/fs/bio.c
--- linux-3.0.4/fs/bio.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/fs/bio.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/fs/bio.c 2011-10-06 04:17:55.000000000 -0400
@@ -1233,7 +1233,7 @@ static void bio_copy_kern_endio(struct b
const int read = bio_data_dir(bio) == READ;
struct bio_map_data *bmd = bio->bi_private;
int i;
- char *p = bmd->sgvecs[0].iov_base;
-+ char *p = (__force char *)bmd->sgvecs[0].iov_base;
++ char *p = (char __force_kernel *)bmd->sgvecs[0].iov_base;
__bio_for_each_segment(bvec, bio, i, 0) {
char *addr = page_address(bvec->bv_page);
@@ -38094,7 +38644,7 @@ diff -urNp linux-3.0.4/fs/btrfs/inode.c linux-3.0.4/fs/btrfs/inode.c
* directory.
diff -urNp linux-3.0.4/fs/btrfs/ioctl.c linux-3.0.4/fs/btrfs/ioctl.c
--- linux-3.0.4/fs/btrfs/ioctl.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/fs/btrfs/ioctl.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/fs/btrfs/ioctl.c 2011-10-06 04:17:55.000000000 -0400
@@ -2676,9 +2676,12 @@ long btrfs_ioctl_space_info(struct btrfs
for (i = 0; i < num_types; i++) {
struct btrfs_space_info *tmp;
@@ -38108,7 +38658,7 @@ diff -urNp linux-3.0.4/fs/btrfs/ioctl.c linux-3.0.4/fs/btrfs/ioctl.c
info = NULL;
rcu_read_lock();
list_for_each_entry_rcu(tmp, &root->fs_info->space_info,
-@@ -2700,10 +2703,7 @@ long btrfs_ioctl_space_info(struct btrfs
+@@ -2700,15 +2703,12 @@ long btrfs_ioctl_space_info(struct btrfs
memcpy(dest, &space, sizeof(space));
dest++;
space_args.total_spaces++;
@@ -38119,6 +38669,12 @@ diff -urNp linux-3.0.4/fs/btrfs/ioctl.c linux-3.0.4/fs/btrfs/ioctl.c
}
up_read(&info->groups_sem);
}
+
+- user_dest = (struct btrfs_ioctl_space_info *)
++ user_dest = (struct btrfs_ioctl_space_info __user *)
+ (arg + sizeof(struct btrfs_ioctl_space_args));
+
+ if (copy_to_user(user_dest, dest_orig, alloc_size))
diff -urNp linux-3.0.4/fs/btrfs/relocation.c linux-3.0.4/fs/btrfs/relocation.c
--- linux-3.0.4/fs/btrfs/relocation.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/fs/btrfs/relocation.c 2011-08-23 21:47:56.000000000 -0400
@@ -38269,13 +38825,13 @@ diff -urNp linux-3.0.4/fs/cachefiles/proc.c linux-3.0.4/fs/cachefiles/proc.c
diff -urNp linux-3.0.4/fs/cachefiles/rdwr.c linux-3.0.4/fs/cachefiles/rdwr.c
--- linux-3.0.4/fs/cachefiles/rdwr.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/fs/cachefiles/rdwr.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/fs/cachefiles/rdwr.c 2011-10-06 04:17:55.000000000 -0400
@@ -945,7 +945,7 @@ int cachefiles_write_page(struct fscache
old_fs = get_fs();
set_fs(KERNEL_DS);
ret = file->f_op->write(
- file, (const void __user *) data, len, &pos);
-+ file, (__force const void __user *) data, len, &pos);
++ file, (const void __force_user *) data, len, &pos);
set_fs(old_fs);
kunmap(page);
if (ret != len)
@@ -38628,7 +39184,27 @@ diff -urNp linux-3.0.4/fs/compat_binfmt_elf.c linux-3.0.4/fs/compat_binfmt_elf.c
/*
diff -urNp linux-3.0.4/fs/compat.c linux-3.0.4/fs/compat.c
--- linux-3.0.4/fs/compat.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/fs/compat.c 2011-08-23 22:49:33.000000000 -0400
++++ linux-3.0.4/fs/compat.c 2011-10-06 04:17:55.000000000 -0400
+@@ -133,8 +133,8 @@ asmlinkage long compat_sys_utimes(const
+ static int cp_compat_stat(struct kstat *stat, struct compat_stat __user *ubuf)
+ {
+ compat_ino_t ino = stat->ino;
+- typeof(ubuf->st_uid) uid = 0;
+- typeof(ubuf->st_gid) gid = 0;
++ typeof(((struct compat_stat *)0)->st_uid) uid = 0;
++ typeof(((struct compat_stat *)0)->st_gid) gid = 0;
+ int err;
+
+ SET_UID(uid, stat->uid);
+@@ -508,7 +508,7 @@ compat_sys_io_setup(unsigned nr_reqs, u3
+
+ set_fs(KERNEL_DS);
+ /* The __user pointer cast is valid because of the set_fs() */
+- ret = sys_io_setup(nr_reqs, (aio_context_t __user *) &ctx64);
++ ret = sys_io_setup(nr_reqs, (aio_context_t __force_user *) &ctx64);
+ set_fs(oldfs);
+ /* truncating is ok because it's a user address */
+ if (!ret)
@@ -566,7 +566,7 @@ ssize_t compat_rw_copy_check_uvector(int
goto out;
@@ -38711,7 +39287,7 @@ diff -urNp linux-3.0.4/fs/compat.c linux-3.0.4/fs/compat.c
dirent = buf->previous;
if (dirent) {
-@@ -1073,6 +1090,7 @@ asmlinkage long compat_sys_getdents64(un
+@@ -1073,13 +1090,14 @@ asmlinkage long compat_sys_getdents64(un
buf.previous = NULL;
buf.count = count;
buf.error = 0;
@@ -38719,6 +39295,14 @@ diff -urNp linux-3.0.4/fs/compat.c linux-3.0.4/fs/compat.c
error = vfs_readdir(file, compat_filldir64, &buf);
if (error >= 0)
+ error = buf.error;
+ lastdirent = buf.previous;
+ if (lastdirent) {
+- typeof(lastdirent->d_off) d_off = file->f_pos;
++ typeof(((struct linux_dirent64 *)0)->d_off) d_off = file->f_pos;
+ if (__put_user_unaligned(d_off, &lastdirent->d_off))
+ error = -EFAULT;
+ else
@@ -1446,6 +1464,8 @@ int compat_core_sys_select(int n, compat
struct fdtable *fdt;
long stack_fds[SELECT_STACK_ALLOC/sizeof(long)];
@@ -38728,9 +39312,18 @@ diff -urNp linux-3.0.4/fs/compat.c linux-3.0.4/fs/compat.c
if (n < 0)
goto out_nofds;
+@@ -1904,7 +1924,7 @@ asmlinkage long compat_sys_nfsservctl(in
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ /* The __user pointer casts are valid because of the set_fs() */
+- err = sys_nfsservctl(cmd, (void __user *) karg, (void __user *) kres);
++ err = sys_nfsservctl(cmd, (void __force_user *) karg, (void __force_user *) kres);
+ set_fs(oldfs);
+
+ if (err)
diff -urNp linux-3.0.4/fs/compat_ioctl.c linux-3.0.4/fs/compat_ioctl.c
--- linux-3.0.4/fs/compat_ioctl.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/fs/compat_ioctl.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/fs/compat_ioctl.c 2011-10-06 04:17:55.000000000 -0400
@@ -208,6 +208,8 @@ static int do_video_set_spu_palette(unsi
err = get_user(palp, &up->palette);
@@ -38740,6 +39333,24 @@ diff -urNp linux-3.0.4/fs/compat_ioctl.c linux-3.0.4/fs/compat_ioctl.c
up_native = compat_alloc_user_space(sizeof(struct video_spu_palette));
err = put_user(compat_ptr(palp), &up_native->palette);
+@@ -619,7 +621,7 @@ static int serial_struct_ioctl(unsigned
+ return -EFAULT;
+ if (__get_user(udata, &ss32->iomem_base))
+ return -EFAULT;
+- ss.iomem_base = compat_ptr(udata);
++ ss.iomem_base = (unsigned char __force_kernel *)compat_ptr(udata);
+ if (__get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) ||
+ __get_user(ss.port_high, &ss32->port_high))
+ return -EFAULT;
+@@ -794,7 +796,7 @@ static int compat_ioctl_preallocate(stru
+ copy_in_user(&p->l_len, &p32->l_len, sizeof(s64)) ||
+ copy_in_user(&p->l_sysid, &p32->l_sysid, sizeof(s32)) ||
+ copy_in_user(&p->l_pid, &p32->l_pid, sizeof(u32)) ||
+- copy_in_user(&p->l_pad, &p32->l_pad, 4*sizeof(u32)))
++ copy_in_user(p->l_pad, &p32->l_pad, 4*sizeof(u32)))
+ return -EFAULT;
+
+ return ioctl_preallocate(file, p);
@@ -1638,8 +1640,8 @@ asmlinkage long compat_sys_ioctl(unsigne
static int __init init_sys32_ioctl_cmp(const void *p, const void *q)
{
@@ -38792,13 +39403,13 @@ diff -urNp linux-3.0.4/fs/dcache.c linux-3.0.4/fs/dcache.c
inode_init();
diff -urNp linux-3.0.4/fs/ecryptfs/inode.c linux-3.0.4/fs/ecryptfs/inode.c
--- linux-3.0.4/fs/ecryptfs/inode.c 2011-09-02 18:11:21.000000000 -0400
-+++ linux-3.0.4/fs/ecryptfs/inode.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/fs/ecryptfs/inode.c 2011-10-06 04:17:55.000000000 -0400
@@ -704,7 +704,7 @@ static int ecryptfs_readlink_lower(struc
old_fs = get_fs();
set_fs(get_ds());
rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
- (char __user *)lower_buf,
-+ (__force char __user *)lower_buf,
++ (char __force_user *)lower_buf,
lower_bufsiz);
set_fs(old_fs);
if (rc < 0)
@@ -38807,7 +39418,7 @@ diff -urNp linux-3.0.4/fs/ecryptfs/inode.c linux-3.0.4/fs/ecryptfs/inode.c
old_fs = get_fs();
set_fs(get_ds());
- rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
-+ rc = dentry->d_inode->i_op->readlink(dentry, (__force char __user *)buf, len);
++ rc = dentry->d_inode->i_op->readlink(dentry, (char __force_user *)buf, len);
set_fs(old_fs);
if (rc < 0) {
kfree(buf);
@@ -38832,9 +39443,30 @@ diff -urNp linux-3.0.4/fs/ecryptfs/miscdev.c linux-3.0.4/fs/ecryptfs/miscdev.c
goto out_unlock_msg_ctx;
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
+diff -urNp linux-3.0.4/fs/ecryptfs/read_write.c linux-3.0.4/fs/ecryptfs/read_write.c
+--- linux-3.0.4/fs/ecryptfs/read_write.c 2011-09-02 18:11:21.000000000 -0400
++++ linux-3.0.4/fs/ecryptfs/read_write.c 2011-10-06 04:17:55.000000000 -0400
+@@ -48,7 +48,7 @@ int ecryptfs_write_lower(struct inode *e
+ return -EIO;
+ fs_save = get_fs();
+ set_fs(get_ds());
+- rc = vfs_write(lower_file, data, size, &offset);
++ rc = vfs_write(lower_file, (const char __force_user *)data, size, &offset);
+ set_fs(fs_save);
+ mark_inode_dirty_sync(ecryptfs_inode);
+ return rc;
+@@ -235,7 +235,7 @@ int ecryptfs_read_lower(char *data, loff
+ return -EIO;
+ fs_save = get_fs();
+ set_fs(get_ds());
+- rc = vfs_read(lower_file, data, size, &offset);
++ rc = vfs_read(lower_file, (char __force_user *)data, size, &offset);
+ set_fs(fs_save);
+ return rc;
+ }
diff -urNp linux-3.0.4/fs/exec.c linux-3.0.4/fs/exec.c
--- linux-3.0.4/fs/exec.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/fs/exec.c 2011-08-25 17:26:58.000000000 -0400
++++ linux-3.0.4/fs/exec.c 2011-10-06 04:17:55.000000000 -0400
@@ -55,12 +55,24 @@
#include <linux/pipe_fs_i.h>
#include <linux/oom.h>
@@ -38946,12 +39578,47 @@ diff -urNp linux-3.0.4/fs/exec.c linux-3.0.4/fs/exec.c
{
const char __user *native;
+@@ -424,14 +427,14 @@ static const char __user *get_user_arg_p
+ compat_uptr_t compat;
+
+ if (get_user(compat, argv.ptr.compat + nr))
+- return ERR_PTR(-EFAULT);
++ return (const char __force_user *)ERR_PTR(-EFAULT);
+
+ return compat_ptr(compat);
+ }
+ #endif
+
+ if (get_user(native, argv.ptr.native + nr))
+- return ERR_PTR(-EFAULT);
++ return (const char __force_user *)ERR_PTR(-EFAULT);
+
+ return native;
+ }
+@@ -450,7 +453,7 @@ static int count(struct user_arg_ptr arg
+ if (!p)
+ break;
+
+- if (IS_ERR(p))
++ if (IS_ERR((const char __force_kernel *)p))
+ return -EFAULT;
+
+ if (i++ >= max)
+@@ -484,7 +487,7 @@ static int copy_strings(int argc, struct
+
+ ret = -EFAULT;
+ str = get_user_arg_ptr(argv, argc);
+- if (IS_ERR(str))
++ if (IS_ERR((const char __force_kernel *)str))
+ goto out;
+
+ len = strnlen_user(str, MAX_ARG_STRLEN);
@@ -566,7 +569,7 @@ int copy_strings_kernel(int argc, const
int r;
mm_segment_t oldfs = get_fs();
struct user_arg_ptr argv = {
- .ptr.native = (const char __user *const __user *)__argv,
-+ .ptr.native = (__force const char __user *const __user *)__argv,
++ .ptr.native = (const char __force_user *const __force_user *)__argv,
};
set_fs(KERNEL_DS);
@@ -39044,7 +39711,7 @@ diff -urNp linux-3.0.4/fs/exec.c linux-3.0.4/fs/exec.c
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
- result = vfs_read(file, (void __user *)addr, count, &pos);
-+ result = vfs_read(file, (__force void __user *)addr, count, &pos);
++ result = vfs_read(file, (void __force_user *)addr, count, &pos);
set_fs(old_fs);
return result;
}
@@ -39474,6 +40141,15 @@ diff -urNp linux-3.0.4/fs/exec.c linux-3.0.4/fs/exec.c
fail_unlock:
kfree(cn.corename);
fail_corename:
+@@ -2211,7 +2519,7 @@ fail:
+ */
+ int dump_write(struct file *file, const void *addr, int nr)
+ {
+- return access_ok(VERIFY_READ, addr, nr) && file->f_op->write(file, addr, nr, &file->f_pos) == nr;
++ return access_ok(VERIFY_READ, addr, nr) && file->f_op->write(file, (const char __force_user *)addr, nr, &file->f_pos) == nr;
+ }
+ EXPORT_SYMBOL(dump_write);
+
diff -urNp linux-3.0.4/fs/ext2/balloc.c linux-3.0.4/fs/ext2/balloc.c
--- linux-3.0.4/fs/ext2/balloc.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/fs/ext2/balloc.c 2011-08-23 21:48:14.000000000 -0400
@@ -39498,6 +40174,27 @@ diff -urNp linux-3.0.4/fs/ext3/balloc.c linux-3.0.4/fs/ext3/balloc.c
sbi->s_resuid != current_fsuid() &&
(sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
return 0;
+diff -urNp linux-3.0.4/fs/ext3/ioctl.c linux-3.0.4/fs/ext3/ioctl.c
+--- linux-3.0.4/fs/ext3/ioctl.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/fs/ext3/ioctl.c 2011-10-06 04:17:55.000000000 -0400
+@@ -285,7 +285,7 @@ group_add_out:
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
+
+- if (copy_from_user(&range, (struct fstrim_range *)arg,
++ if (copy_from_user(&range, (struct fstrim_range __user *)arg,
+ sizeof(range)))
+ return -EFAULT;
+
+@@ -293,7 +293,7 @@ group_add_out:
+ if (ret < 0)
+ return ret;
+
+- if (copy_to_user((struct fstrim_range *)arg, &range,
++ if (copy_to_user((struct fstrim_range __user *)arg, &range,
+ sizeof(range)))
+ return -EFAULT;
+
diff -urNp linux-3.0.4/fs/ext4/balloc.c linux-3.0.4/fs/ext4/balloc.c
--- linux-3.0.4/fs/ext4/balloc.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/fs/ext4/balloc.c 2011-08-23 21:48:14.000000000 -0400
@@ -39545,6 +40242,27 @@ diff -urNp linux-3.0.4/fs/ext4/ext4.h linux-3.0.4/fs/ext4/ext4.h
atomic_t s_lock_busy;
/* locality groups */
+diff -urNp linux-3.0.4/fs/ext4/ioctl.c linux-3.0.4/fs/ext4/ioctl.c
+--- linux-3.0.4/fs/ext4/ioctl.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/fs/ext4/ioctl.c 2011-10-06 04:17:55.000000000 -0400
+@@ -344,7 +344,7 @@ mext_out:
+ if (!blk_queue_discard(q))
+ return -EOPNOTSUPP;
+
+- if (copy_from_user(&range, (struct fstrim_range *)arg,
++ if (copy_from_user(&range, (struct fstrim_range __user *)arg,
+ sizeof(range)))
+ return -EFAULT;
+
+@@ -354,7 +354,7 @@ mext_out:
+ if (ret < 0)
+ return ret;
+
+- if (copy_to_user((struct fstrim_range *)arg, &range,
++ if (copy_to_user((struct fstrim_range __user *)arg, &range,
+ sizeof(range)))
+ return -EFAULT;
+
diff -urNp linux-3.0.4/fs/ext4/mballoc.c linux-3.0.4/fs/ext4/mballoc.c
--- linux-3.0.4/fs/ext4/mballoc.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/fs/ext4/mballoc.c 2011-08-23 21:48:14.000000000 -0400
@@ -39672,7 +40390,7 @@ diff -urNp linux-3.0.4/fs/ext4/mballoc.c linux-3.0.4/fs/ext4/mballoc.c
return 0;
diff -urNp linux-3.0.4/fs/fcntl.c linux-3.0.4/fs/fcntl.c
--- linux-3.0.4/fs/fcntl.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/fs/fcntl.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/fs/fcntl.c 2011-10-06 04:17:55.000000000 -0400
@@ -224,6 +224,11 @@ int __f_setown(struct file *filp, struct
if (err)
return err;
@@ -39685,6 +40403,24 @@ diff -urNp linux-3.0.4/fs/fcntl.c linux-3.0.4/fs/fcntl.c
f_modown(filp, pid, type, force);
return 0;
}
+@@ -266,7 +271,7 @@ pid_t f_getown(struct file *filp)
+
+ static int f_setown_ex(struct file *filp, unsigned long arg)
+ {
+- struct f_owner_ex * __user owner_p = (void * __user)arg;
++ struct f_owner_ex __user *owner_p = (void __user *)arg;
+ struct f_owner_ex owner;
+ struct pid *pid;
+ int type;
+@@ -306,7 +311,7 @@ static int f_setown_ex(struct file *filp
+
+ static int f_getown_ex(struct file *filp, unsigned long arg)
+ {
+- struct f_owner_ex * __user owner_p = (void * __user)arg;
++ struct f_owner_ex __user *owner_p = (void __user *)arg;
+ struct f_owner_ex owner;
+ int ret = 0;
+
@@ -348,6 +353,7 @@ static long do_fcntl(int fd, unsigned in
switch (cmd) {
case F_DUPFD:
@@ -41609,7 +42345,7 @@ diff -urNp linux-3.0.4/fs/logfs/super.c linux-3.0.4/fs/logfs/super.c
if (err)
diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
--- linux-3.0.4/fs/namei.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/fs/namei.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/fs/namei.c 2011-10-06 03:40:11.000000000 -0400
@@ -237,21 +237,31 @@ int generic_permission(struct inode *ino
return ret;
@@ -41680,7 +42416,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
return ret;
ok:
-@@ -703,11 +723,19 @@ follow_link(struct path *link, struct na
+@@ -703,11 +723,26 @@ follow_link(struct path *link, struct na
return error;
}
@@ -41692,6 +42428,13 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
+ return error;
+ }
+
++ if (!gr_acl_handle_hidden_file(dentry, nd->path.mnt)) {
++ error = -ENOENT;
++ *p = ERR_PTR(error); /* no ->put_link(), please */
++ path_put(&nd->path);
++ return error;
++ }
++
nd->last_type = LAST_BIND;
*p = dentry->d_inode->i_op->follow_link(dentry, nd);
error = PTR_ERR(*p);
@@ -41701,7 +42444,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
error = 0;
if (s)
error = __vfs_follow_link(nd, s);
-@@ -1625,6 +1653,9 @@ static int do_path_lookup(int dfd, const
+@@ -1625,6 +1660,9 @@ static int do_path_lookup(int dfd, const
retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
if (likely(!retval)) {
@@ -41711,7 +42454,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
if (unlikely(!audit_dummy_context())) {
if (nd->path.dentry && nd->inode)
audit_inode(name, nd->path.dentry);
-@@ -1935,6 +1966,30 @@ int vfs_create(struct inode *dir, struct
+@@ -1935,6 +1973,30 @@ int vfs_create(struct inode *dir, struct
return error;
}
@@ -41742,7 +42485,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
static int may_open(struct path *path, int acc_mode, int flag)
{
struct dentry *dentry = path->dentry;
-@@ -1987,7 +2042,27 @@ static int may_open(struct path *path, i
+@@ -1987,7 +2049,27 @@ static int may_open(struct path *path, i
/*
* Ensure there are no outstanding leases on the file.
*/
@@ -41771,7 +42514,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
}
static int handle_truncate(struct file *filp)
-@@ -2013,30 +2088,6 @@ static int handle_truncate(struct file *
+@@ -2013,30 +2095,6 @@ static int handle_truncate(struct file *
}
/*
@@ -41802,7 +42545,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
* Handle the last step of open()
*/
static struct file *do_last(struct nameidata *nd, struct path *path,
-@@ -2045,6 +2096,7 @@ static struct file *do_last(struct namei
+@@ -2045,6 +2103,7 @@ static struct file *do_last(struct namei
struct dentry *dir = nd->path.dentry;
struct dentry *dentry;
int open_flag = op->open_flag;
@@ -41810,7 +42553,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
int will_truncate = open_flag & O_TRUNC;
int want_write = 0;
int acc_mode = op->acc_mode;
-@@ -2132,6 +2184,12 @@ static struct file *do_last(struct namei
+@@ -2132,6 +2191,12 @@ static struct file *do_last(struct namei
/* Negative dentry, just create the file */
if (!dentry->d_inode) {
int mode = op->mode;
@@ -41823,7 +42566,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
if (!IS_POSIXACL(dir->d_inode))
mode &= ~current_umask();
/*
-@@ -2155,6 +2213,8 @@ static struct file *do_last(struct namei
+@@ -2155,6 +2220,8 @@ static struct file *do_last(struct namei
error = vfs_create(dir->d_inode, dentry, mode, nd);
if (error)
goto exit_mutex_unlock;
@@ -41832,7 +42575,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
mutex_unlock(&dir->d_inode->i_mutex);
dput(nd->path.dentry);
nd->path.dentry = dentry;
-@@ -2164,6 +2224,14 @@ static struct file *do_last(struct namei
+@@ -2164,6 +2231,14 @@ static struct file *do_last(struct namei
/*
* It already exists.
*/
@@ -41847,7 +42590,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
mutex_unlock(&dir->d_inode->i_mutex);
audit_inode(pathname, path->dentry);
-@@ -2450,6 +2518,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
+@@ -2450,6 +2525,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
error = may_mknod(mode);
if (error)
goto out_dput;
@@ -41865,7 +42608,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
error = mnt_want_write(nd.path.mnt);
if (error)
goto out_dput;
-@@ -2470,6 +2549,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
+@@ -2470,6 +2556,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
}
out_drop_write:
mnt_drop_write(nd.path.mnt);
@@ -41875,7 +42618,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
out_dput:
dput(dentry);
out_unlock:
-@@ -2522,6 +2604,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
+@@ -2522,6 +2611,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
if (IS_ERR(dentry))
goto out_unlock;
@@ -41887,7 +42630,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
if (!IS_POSIXACL(nd.path.dentry->d_inode))
mode &= ~current_umask();
error = mnt_want_write(nd.path.mnt);
-@@ -2533,6 +2620,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
+@@ -2533,6 +2627,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
out_drop_write:
mnt_drop_write(nd.path.mnt);
@@ -41898,7 +42641,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
out_dput:
dput(dentry);
out_unlock:
-@@ -2613,6 +2704,8 @@ static long do_rmdir(int dfd, const char
+@@ -2613,6 +2711,8 @@ static long do_rmdir(int dfd, const char
char * name;
struct dentry *dentry;
struct nameidata nd;
@@ -41907,7 +42650,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2641,6 +2734,17 @@ static long do_rmdir(int dfd, const char
+@@ -2641,6 +2741,17 @@ static long do_rmdir(int dfd, const char
error = -ENOENT;
goto exit3;
}
@@ -41925,7 +42668,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit3;
-@@ -2648,6 +2752,8 @@ static long do_rmdir(int dfd, const char
+@@ -2648,6 +2759,8 @@ static long do_rmdir(int dfd, const char
if (error)
goto exit4;
error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
@@ -41934,7 +42677,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
exit4:
mnt_drop_write(nd.path.mnt);
exit3:
-@@ -2710,6 +2816,8 @@ static long do_unlinkat(int dfd, const c
+@@ -2710,6 +2823,8 @@ static long do_unlinkat(int dfd, const c
struct dentry *dentry;
struct nameidata nd;
struct inode *inode = NULL;
@@ -41943,7 +42686,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2732,6 +2840,16 @@ static long do_unlinkat(int dfd, const c
+@@ -2732,6 +2847,16 @@ static long do_unlinkat(int dfd, const c
if (!inode)
goto slashes;
ihold(inode);
@@ -41960,7 +42703,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit2;
-@@ -2739,6 +2857,8 @@ static long do_unlinkat(int dfd, const c
+@@ -2739,6 +2864,8 @@ static long do_unlinkat(int dfd, const c
if (error)
goto exit3;
error = vfs_unlink(nd.path.dentry->d_inode, dentry);
@@ -41969,7 +42712,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
exit3:
mnt_drop_write(nd.path.mnt);
exit2:
-@@ -2816,6 +2936,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
+@@ -2816,6 +2943,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
if (IS_ERR(dentry))
goto out_unlock;
@@ -41981,7 +42724,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
error = mnt_want_write(nd.path.mnt);
if (error)
goto out_dput;
-@@ -2823,6 +2948,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
+@@ -2823,6 +2955,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
if (error)
goto out_drop_write;
error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
@@ -41990,7 +42733,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
out_drop_write:
mnt_drop_write(nd.path.mnt);
out_dput:
-@@ -2931,6 +3058,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
+@@ -2931,6 +3065,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
goto out_unlock;
@@ -42011,7 +42754,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
error = mnt_want_write(nd.path.mnt);
if (error)
goto out_dput;
-@@ -2938,6 +3079,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
+@@ -2938,6 +3086,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
if (error)
goto out_drop_write;
error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
@@ -42020,7 +42763,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
out_drop_write:
mnt_drop_write(nd.path.mnt);
out_dput:
-@@ -3113,6 +3256,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -3113,6 +3263,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
char *to;
int error;
@@ -42029,7 +42772,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
error = user_path_parent(olddfd, oldname, &oldnd, &from);
if (error)
goto exit;
-@@ -3169,6 +3314,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -3169,6 +3321,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
if (new_dentry == trap)
goto exit5;
@@ -42042,7 +42785,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
error = mnt_want_write(oldnd.path.mnt);
if (error)
goto exit5;
-@@ -3178,6 +3329,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -3178,6 +3336,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
goto exit6;
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry);
@@ -42052,7 +42795,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
exit6:
mnt_drop_write(oldnd.path.mnt);
exit5:
-@@ -3203,6 +3357,8 @@ SYSCALL_DEFINE2(rename, const char __use
+@@ -3203,6 +3364,8 @@ SYSCALL_DEFINE2(rename, const char __use
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
{
@@ -42061,7 +42804,7 @@ diff -urNp linux-3.0.4/fs/namei.c linux-3.0.4/fs/namei.c
int len;
len = PTR_ERR(link);
-@@ -3212,7 +3368,14 @@ int vfs_readlink(struct dentry *dentry,
+@@ -3212,7 +3375,14 @@ int vfs_readlink(struct dentry *dentry,
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
@@ -42257,13 +43000,13 @@ diff -urNp linux-3.0.4/fs/nfsd/nfs4xdr.c linux-3.0.4/fs/nfsd/nfs4xdr.c
BUG_ON(bmval1 & ~nfsd_suppattrs1(minorversion));
diff -urNp linux-3.0.4/fs/nfsd/vfs.c linux-3.0.4/fs/nfsd/vfs.c
--- linux-3.0.4/fs/nfsd/vfs.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/fs/nfsd/vfs.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/fs/nfsd/vfs.c 2011-10-06 04:17:55.000000000 -0400
@@ -896,7 +896,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, st
} else {
oldfs = get_fs();
set_fs(KERNEL_DS);
- host_err = vfs_readv(file, (struct iovec __user *)vec, vlen, &offset);
-+ host_err = vfs_readv(file, (__force struct iovec __user *)vec, vlen, &offset);
++ host_err = vfs_readv(file, (struct iovec __force_user *)vec, vlen, &offset);
set_fs(oldfs);
}
@@ -42272,7 +43015,7 @@ diff -urNp linux-3.0.4/fs/nfsd/vfs.c linux-3.0.4/fs/nfsd/vfs.c
/* Write the data. */
oldfs = get_fs(); set_fs(KERNEL_DS);
- host_err = vfs_writev(file, (struct iovec __user *)vec, vlen, &offset);
-+ host_err = vfs_writev(file, (__force struct iovec __user *)vec, vlen, &offset);
++ host_err = vfs_writev(file, (struct iovec __force_user *)vec, vlen, &offset);
set_fs(oldfs);
if (host_err < 0)
goto out_nfserr;
@@ -42281,7 +43024,7 @@ diff -urNp linux-3.0.4/fs/nfsd/vfs.c linux-3.0.4/fs/nfsd/vfs.c
oldfs = get_fs(); set_fs(KERNEL_DS);
- host_err = inode->i_op->readlink(dentry, buf, *lenp);
-+ host_err = inode->i_op->readlink(dentry, (__force char __user *)buf, *lenp);
++ host_err = inode->i_op->readlink(dentry, (char __force_user *)buf, *lenp);
set_fs(oldfs);
if (host_err < 0)
@@ -43793,7 +44536,7 @@ diff -urNp linux-3.0.4/fs/quota/netlink.c linux-3.0.4/fs/quota/netlink.c
printk(KERN_ERR
diff -urNp linux-3.0.4/fs/readdir.c linux-3.0.4/fs/readdir.c
--- linux-3.0.4/fs/readdir.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/fs/readdir.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/fs/readdir.c 2011-10-06 04:17:55.000000000 -0400
@@ -17,6 +17,7 @@
#include <linux/security.h>
#include <linux/syscalls.h>
@@ -43883,6 +44626,15 @@ diff -urNp linux-3.0.4/fs/readdir.c linux-3.0.4/fs/readdir.c
buf.count = count;
buf.error = 0;
+@@ -299,7 +318,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int
+ error = buf.error;
+ lastdirent = buf.previous;
+ if (lastdirent) {
+- typeof(lastdirent->d_off) d_off = file->f_pos;
++ typeof(((struct linux_dirent64 *)0)->d_off) d_off = file->f_pos;
+ if (__put_user(d_off, &lastdirent->d_off))
+ error = -EFAULT;
+ else
diff -urNp linux-3.0.4/fs/reiserfs/dir.c linux-3.0.4/fs/reiserfs/dir.c
--- linux-3.0.4/fs/reiserfs/dir.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/fs/reiserfs/dir.c 2011-08-23 21:48:14.000000000 -0400
@@ -44105,7 +44857,7 @@ diff -urNp linux-3.0.4/fs/seq_file.c linux-3.0.4/fs/seq_file.c
if (op) {
diff -urNp linux-3.0.4/fs/splice.c linux-3.0.4/fs/splice.c
--- linux-3.0.4/fs/splice.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/fs/splice.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/fs/splice.c 2011-10-06 04:17:55.000000000 -0400
@@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode
pipe_lock(pipe);
@@ -44141,7 +44893,7 @@ diff -urNp linux-3.0.4/fs/splice.c linux-3.0.4/fs/splice.c
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
- res = vfs_readv(file, (const struct iovec __user *)vec, vlen, &pos);
-+ res = vfs_readv(file, (__force const struct iovec __user *)vec, vlen, &pos);
++ res = vfs_readv(file, (const struct iovec __force_user *)vec, vlen, &pos);
set_fs(old_fs);
return res;
@@ -44150,7 +44902,7 @@ diff -urNp linux-3.0.4/fs/splice.c linux-3.0.4/fs/splice.c
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
- res = vfs_write(file, (const char __user *)buf, count, &pos);
-+ res = vfs_write(file, (__force const char __user *)buf, count, &pos);
++ res = vfs_write(file, (const char __force_user *)buf, count, &pos);
set_fs(old_fs);
return res;
@@ -44168,7 +44920,7 @@ diff -urNp linux-3.0.4/fs/splice.c linux-3.0.4/fs/splice.c
this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset);
- vec[i].iov_base = (void __user *) page_address(page);
-+ vec[i].iov_base = (__force void __user *) page_address(page);
++ vec[i].iov_base = (void __force_user *) page_address(page);
vec[i].iov_len = this_len;
spd.pages[i] = page;
spd.nr_pages++;
@@ -54992,8 +55744,81 @@ diff -urNp linux-3.0.4/include/linux/compiler-gcc4.h linux-3.0.4/include/linux/c
#if __GNUC_MINOR__ > 0
diff -urNp linux-3.0.4/include/linux/compiler.h linux-3.0.4/include/linux/compiler.h
--- linux-3.0.4/include/linux/compiler.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/include/linux/compiler.h 2011-08-26 19:49:56.000000000 -0400
-@@ -264,6 +264,14 @@ void ftrace_likely_update(struct ftrace_
++++ linux-3.0.4/include/linux/compiler.h 2011-10-06 04:17:55.000000000 -0400
+@@ -5,31 +5,62 @@
+
+ #ifdef __CHECKER__
+ # define __user __attribute__((noderef, address_space(1)))
++# define __force_user __force __user
+ # define __kernel __attribute__((address_space(0)))
++# define __force_kernel __force __kernel
+ # define __safe __attribute__((safe))
+ # define __force __attribute__((force))
+ # define __nocast __attribute__((nocast))
+ # define __iomem __attribute__((noderef, address_space(2)))
++# define __force_iomem __force __iomem
+ # define __acquires(x) __attribute__((context(x,0,1)))
+ # define __releases(x) __attribute__((context(x,1,0)))
+ # define __acquire(x) __context__(x,1)
+ # define __release(x) __context__(x,-1)
+ # define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0)
+ # define __percpu __attribute__((noderef, address_space(3)))
++# define __force_percpu __force __percpu
+ #ifdef CONFIG_SPARSE_RCU_POINTER
+ # define __rcu __attribute__((noderef, address_space(4)))
++# define __force_rcu __force __rcu
+ #else
+ # define __rcu
++# define __force_rcu
+ #endif
+ extern void __chk_user_ptr(const volatile void __user *);
+ extern void __chk_io_ptr(const volatile void __iomem *);
++#elif defined(CHECKER_PLUGIN)
++//# define __user
++//# define __force_user
++//# define __kernel
++//# define __force_kernel
++# define __safe
++# define __force
++# define __nocast
++# define __iomem
++# define __force_iomem
++# define __chk_user_ptr(x) (void)0
++# define __chk_io_ptr(x) (void)0
++# define __builtin_warning(x, y...) (1)
++# define __acquires(x)
++# define __releases(x)
++# define __acquire(x) (void)0
++# define __release(x) (void)0
++# define __cond_lock(x,c) (c)
++# define __percpu
++# define __force_percpu
++# define __rcu
++# define __force_rcu
+ #else
+ # define __user
++# define __force_user
+ # define __kernel
++# define __force_kernel
+ # define __safe
+ # define __force
+ # define __nocast
+ # define __iomem
++# define __force_iomem
+ # define __chk_user_ptr(x) (void)0
+ # define __chk_io_ptr(x) (void)0
+ # define __builtin_warning(x, y...) (1)
+@@ -39,7 +70,9 @@ extern void __chk_io_ptr(const volatile
+ # define __release(x) (void)0
+ # define __cond_lock(x,c) (c)
+ # define __percpu
++# define __force_percpu
+ # define __rcu
++# define __force_rcu
+ #endif
+
+ #ifdef __KERNEL__
+@@ -264,6 +297,14 @@ void ftrace_likely_update(struct ftrace_
# define __attribute_const__ /* unimplemented */
#endif
@@ -55008,7 +55833,7 @@ diff -urNp linux-3.0.4/include/linux/compiler.h linux-3.0.4/include/linux/compil
/*
* Tell gcc if a function is cold. The compiler will assume any path
* directly leading to the call is unlikely.
-@@ -273,6 +281,22 @@ void ftrace_likely_update(struct ftrace_
+@@ -273,6 +314,22 @@ void ftrace_likely_update(struct ftrace_
#define __cold
#endif
@@ -55031,7 +55856,7 @@ diff -urNp linux-3.0.4/include/linux/compiler.h linux-3.0.4/include/linux/compil
/* Simple shorthand for a section definition */
#ifndef __section
# define __section(S) __attribute__ ((__section__(#S)))
-@@ -306,6 +330,7 @@ void ftrace_likely_update(struct ftrace_
+@@ -306,6 +363,7 @@ void ftrace_likely_update(struct ftrace_
* use is to mediate communication between process-level code and irq/NMI
* handlers, all running on the same CPU.
*/
@@ -57980,16 +58805,17 @@ diff -urNp linux-3.0.4/include/linux/types.h linux-3.0.4/include/linux/types.h
struct list_head {
diff -urNp linux-3.0.4/include/linux/uaccess.h linux-3.0.4/include/linux/uaccess.h
--- linux-3.0.4/include/linux/uaccess.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/include/linux/uaccess.h 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/include/linux/uaccess.h 2011-10-06 04:17:55.000000000 -0400
@@ -76,11 +76,11 @@ static inline unsigned long __copy_from_
long ret; \
mm_segment_t old_fs = get_fs(); \
\
- set_fs(KERNEL_DS); \
pagefault_disable(); \
-+ set_fs(KERNEL_DS); \
- ret = __copy_from_user_inatomic(&(retval), (__force typeof(retval) __user *)(addr), sizeof(retval)); \
+- ret = __copy_from_user_inatomic(&(retval), (__force typeof(retval) __user *)(addr), sizeof(retval)); \
- pagefault_enable(); \
++ set_fs(KERNEL_DS); \
++ ret = __copy_from_user_inatomic(&(retval), (typeof(retval) __force_user *)(addr), sizeof(retval)); \
set_fs(old_fs); \
+ pagefault_enable(); \
ret; \
@@ -58735,16 +59561,21 @@ diff -urNp linux-3.0.4/include/video/uvesafb.h linux-3.0.4/include/video/uvesafb
u8 *vbe_state_orig; /*
diff -urNp linux-3.0.4/init/do_mounts.c linux-3.0.4/init/do_mounts.c
--- linux-3.0.4/init/do_mounts.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/init/do_mounts.c 2011-08-23 21:47:56.000000000 -0400
-@@ -287,7 +287,7 @@ static void __init get_fs_names(char *pa
++++ linux-3.0.4/init/do_mounts.c 2011-10-06 04:17:55.000000000 -0400
+@@ -287,11 +287,11 @@ static void __init get_fs_names(char *pa
static int __init do_mount_root(char *name, char *fs, int flags, void *data)
{
- int err = sys_mount(name, "/root", fs, flags, data);
-+ int err = sys_mount((__force char __user *)name, (__force char __user *)"/root", (__force char __user *)fs, flags, (__force void __user *)data);
++ int err = sys_mount((char __force_user *)name, (char __force_user *)"/root", (char __force_user *)fs, flags, (void __force_user *)data);
if (err)
return err;
+- sys_chdir((const char __user __force *)"/root");
++ sys_chdir((const char __force_user*)"/root");
+ ROOT_DEV = current->fs->pwd.mnt->mnt_sb->s_dev;
+ printk(KERN_INFO
+ "VFS: Mounted root (%s filesystem)%s on device %u:%u.\n",
@@ -383,18 +383,18 @@ void __init change_floppy(char *fmt, ...
va_start(args, fmt);
vsprintf(buf, fmt, args);
@@ -58772,20 +59603,21 @@ diff -urNp linux-3.0.4/init/do_mounts.c linux-3.0.4/init/do_mounts.c
out:
devtmpfs_mount("dev");
- sys_mount(".", "/", NULL, MS_MOVE, NULL);
-+ sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
- sys_chroot((const char __user __force *)".");
+- sys_chroot((const char __user __force *)".");
++ sys_mount((char __force_user *)".", (char __force_user *)"/", NULL, MS_MOVE, NULL);
++ sys_chroot((const char __force_user *)".");
}
diff -urNp linux-3.0.4/init/do_mounts.h linux-3.0.4/init/do_mounts.h
--- linux-3.0.4/init/do_mounts.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/init/do_mounts.h 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/init/do_mounts.h 2011-10-06 04:17:55.000000000 -0400
@@ -15,15 +15,15 @@ extern int root_mountflags;
static inline int create_dev(char *name, dev_t dev)
{
- sys_unlink(name);
- return sys_mknod(name, S_IFBLK|0600, new_encode_dev(dev));
-+ sys_unlink((__force char __user *)name);
-+ return sys_mknod((__force char __user *)name, S_IFBLK|0600, new_encode_dev(dev));
++ sys_unlink((char __force_user *)name);
++ return sys_mknod((char __force_user *)name, S_IFBLK|0600, new_encode_dev(dev));
}
#if BITS_PER_LONG == 32
@@ -58793,13 +59625,22 @@ diff -urNp linux-3.0.4/init/do_mounts.h linux-3.0.4/init/do_mounts.h
{
struct stat64 stat;
- if (sys_stat64(name, &stat) != 0)
-+ if (sys_stat64((__force char __user *)name, (__force struct stat64 __user *)&stat) != 0)
++ if (sys_stat64((char __force_user *)name, (struct stat64 __force_user *)&stat) != 0)
+ return 0;
+ if (!S_ISBLK(stat.st_mode))
+ return 0;
+@@ -35,7 +35,7 @@ static inline u32 bstat(char *name)
+ static inline u32 bstat(char *name)
+ {
+ struct stat stat;
+- if (sys_newstat(name, &stat) != 0)
++ if (sys_newstat((const char __force_user *)name, (struct stat __force_user *)&stat) != 0)
return 0;
if (!S_ISBLK(stat.st_mode))
return 0;
diff -urNp linux-3.0.4/init/do_mounts_initrd.c linux-3.0.4/init/do_mounts_initrd.c
--- linux-3.0.4/init/do_mounts_initrd.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/init/do_mounts_initrd.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/init/do_mounts_initrd.c 2011-10-06 04:17:55.000000000 -0400
@@ -44,13 +44,13 @@ static void __init handle_initrd(void)
create_dev("/dev/root.old", Root_RAM0);
/* mount initrd on rootfs' /root */
@@ -58807,16 +59648,16 @@ diff -urNp linux-3.0.4/init/do_mounts_initrd.c linux-3.0.4/init/do_mounts_initrd
- sys_mkdir("/old", 0700);
- root_fd = sys_open("/", 0, 0);
- old_fd = sys_open("/old", 0, 0);
-+ sys_mkdir((__force const char __user *)"/old", 0700);
-+ root_fd = sys_open((__force const char __user *)"/", 0, 0);
-+ old_fd = sys_open((__force const char __user *)"/old", 0, 0);
++ sys_mkdir((const char __force_user *)"/old", 0700);
++ root_fd = sys_open((const char __force_user *)"/", 0, 0);
++ old_fd = sys_open((const char __force_user *)"/old", 0, 0);
/* move initrd over / and chdir/chroot in initrd root */
- sys_chdir("/root");
- sys_mount(".", "/", NULL, MS_MOVE, NULL);
- sys_chroot(".");
-+ sys_chdir((__force const char __user *)"/root");
-+ sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
-+ sys_chroot((__force const char __user *)".");
++ sys_chdir((const char __force_user *)"/root");
++ sys_mount((char __force_user *)".", (char __force_user *)"/", NULL, MS_MOVE, NULL);
++ sys_chroot((const char __force_user *)".");
/*
* In case that a resume from disk is carried out by linuxrc or one of
@@ -58825,17 +59666,17 @@ diff -urNp linux-3.0.4/init/do_mounts_initrd.c linux-3.0.4/init/do_mounts_initrd
/* move initrd to rootfs' /old */
sys_fchdir(old_fd);
- sys_mount("/", ".", NULL, MS_MOVE, NULL);
-+ sys_mount((__force char __user *)"/", (__force char __user *)".", NULL, MS_MOVE, NULL);
++ sys_mount((char __force_user *)"/", (char __force_user *)".", NULL, MS_MOVE, NULL);
/* switch root and cwd back to / of rootfs */
sys_fchdir(root_fd);
- sys_chroot(".");
-+ sys_chroot((__force const char __user *)".");
++ sys_chroot((const char __force_user *)".");
sys_close(old_fd);
sys_close(root_fd);
if (new_decode_dev(real_root_dev) == Root_RAM0) {
- sys_chdir("/old");
-+ sys_chdir((__force const char __user *)"/old");
++ sys_chdir((const char __force_user *)"/old");
return;
}
@@ -58844,19 +59685,19 @@ diff -urNp linux-3.0.4/init/do_mounts_initrd.c linux-3.0.4/init/do_mounts_initrd
printk(KERN_NOTICE "Trying to move old root to /initrd ... ");
- error = sys_mount("/old", "/root/initrd", NULL, MS_MOVE, NULL);
-+ error = sys_mount((__force char __user *)"/old", (__force char __user *)"/root/initrd", NULL, MS_MOVE, NULL);
++ error = sys_mount((char __force_user *)"/old", (char __force_user *)"/root/initrd", NULL, MS_MOVE, NULL);
if (!error)
printk("okay\n");
else {
- int fd = sys_open("/dev/root.old", O_RDWR, 0);
-+ int fd = sys_open((__force const char __user *)"/dev/root.old", O_RDWR, 0);
++ int fd = sys_open((const char __force_user *)"/dev/root.old", O_RDWR, 0);
if (error == -ENOENT)
printk("/initrd does not exist. Ignored.\n");
else
printk("failed\n");
printk(KERN_NOTICE "Unmounting old root\n");
- sys_umount("/old", MNT_DETACH);
-+ sys_umount((__force char __user *)"/old", MNT_DETACH);
++ sys_umount((char __force_user *)"/old", MNT_DETACH);
printk(KERN_NOTICE "Trying to free ramdisk memory ... ");
if (fd < 0) {
error = fd;
@@ -58865,24 +59706,24 @@ diff -urNp linux-3.0.4/init/do_mounts_initrd.c linux-3.0.4/init/do_mounts_initrd
*/
if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) {
- sys_unlink("/initrd.image");
-+ sys_unlink((__force const char __user *)"/initrd.image");
++ sys_unlink((const char __force_user *)"/initrd.image");
handle_initrd();
return 1;
}
}
- sys_unlink("/initrd.image");
-+ sys_unlink((__force const char __user *)"/initrd.image");
++ sys_unlink((const char __force_user *)"/initrd.image");
return 0;
}
diff -urNp linux-3.0.4/init/do_mounts_md.c linux-3.0.4/init/do_mounts_md.c
--- linux-3.0.4/init/do_mounts_md.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/init/do_mounts_md.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/init/do_mounts_md.c 2011-10-06 04:17:55.000000000 -0400
@@ -170,7 +170,7 @@ static void __init md_setup_drive(void)
partitioned ? "_d" : "", minor,
md_setup_args[ent].device_names);
- fd = sys_open(name, 0, 0);
-+ fd = sys_open((__force char __user *)name, 0, 0);
++ fd = sys_open((char __force_user *)name, 0, 0);
if (fd < 0) {
printk(KERN_ERR "md: open failed - cannot start "
"array %s\n", name);
@@ -58891,13 +59732,22 @@ diff -urNp linux-3.0.4/init/do_mounts_md.c linux-3.0.4/init/do_mounts_md.c
*/
sys_close(fd);
- fd = sys_open(name, 0, 0);
-+ fd = sys_open((__force char __user *)name, 0, 0);
++ fd = sys_open((char __force_user *)name, 0, 0);
sys_ioctl(fd, BLKRRPART, 0);
}
sys_close(fd);
+@@ -283,7 +283,7 @@ static void __init autodetect_raid(void)
+
+ wait_for_device_probe();
+
+- fd = sys_open((const char __user __force *) "/dev/md0", 0, 0);
++ fd = sys_open((const char __force_user *) "/dev/md0", 0, 0);
+ if (fd >= 0) {
+ sys_ioctl(fd, RAID_AUTORUN, raid_autopart);
+ sys_close(fd);
diff -urNp linux-3.0.4/init/initramfs.c linux-3.0.4/init/initramfs.c
--- linux-3.0.4/init/initramfs.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/init/initramfs.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/init/initramfs.c 2011-10-06 04:17:55.000000000 -0400
@@ -74,7 +74,7 @@ static void __init free_hash(void)
}
}
@@ -58912,7 +59762,7 @@ diff -urNp linux-3.0.4/init/initramfs.c linux-3.0.4/init/initramfs.c
list_for_each_entry_safe(de, tmp, &dir_list, list) {
list_del(&de->list);
- do_utime(de->name, de->mtime);
-+ do_utime((__force char __user *)de->name, de->mtime);
++ do_utime((char __force_user *)de->name, de->mtime);
kfree(de->name);
kfree(de);
}
@@ -58921,7 +59771,7 @@ diff -urNp linux-3.0.4/init/initramfs.c linux-3.0.4/init/initramfs.c
char *old = find_link(major, minor, ino, mode, collected);
if (old)
- return (sys_link(old, collected) < 0) ? -1 : 1;
-+ return (sys_link((__force char __user *)old, (__force char __user *)collected) < 0) ? -1 : 1;
++ return (sys_link((char __force_user *)old, (char __force_user *)collected) < 0) ? -1 : 1;
}
return 0;
}
@@ -58930,13 +59780,13 @@ diff -urNp linux-3.0.4/init/initramfs.c linux-3.0.4/init/initramfs.c
struct stat st;
- if (!sys_newlstat(path, &st) && (st.st_mode^mode) & S_IFMT) {
-+ if (!sys_newlstat((__force char __user *)path, (__force struct stat __user *)&st) && (st.st_mode^mode) & S_IFMT) {
++ if (!sys_newlstat((char __force_user *)path, (struct stat __force_user *)&st) && (st.st_mode^mode) & S_IFMT) {
if (S_ISDIR(st.st_mode))
- sys_rmdir(path);
-+ sys_rmdir((__force char __user *)path);
++ sys_rmdir((char __force_user *)path);
else
- sys_unlink(path);
-+ sys_unlink((__force char __user *)path);
++ sys_unlink((char __force_user *)path);
}
}
@@ -58945,7 +59795,7 @@ diff -urNp linux-3.0.4/init/initramfs.c linux-3.0.4/init/initramfs.c
if (ml != 1)
openflags |= O_TRUNC;
- wfd = sys_open(collected, openflags, mode);
-+ wfd = sys_open((__force char __user *)collected, openflags, mode);
++ wfd = sys_open((char __force_user *)collected, openflags, mode);
if (wfd >= 0) {
sys_fchown(wfd, uid, gid);
@@ -58956,9 +59806,9 @@ diff -urNp linux-3.0.4/init/initramfs.c linux-3.0.4/init/initramfs.c
- sys_mkdir(collected, mode);
- sys_chown(collected, uid, gid);
- sys_chmod(collected, mode);
-+ sys_mkdir((__force char __user *)collected, mode);
-+ sys_chown((__force char __user *)collected, uid, gid);
-+ sys_chmod((__force char __user *)collected, mode);
++ sys_mkdir((char __force_user *)collected, mode);
++ sys_chown((char __force_user *)collected, uid, gid);
++ sys_chmod((char __force_user *)collected, mode);
dir_add(collected, mtime);
} else if (S_ISBLK(mode) || S_ISCHR(mode) ||
S_ISFIFO(mode) || S_ISSOCK(mode)) {
@@ -58967,10 +59817,10 @@ diff -urNp linux-3.0.4/init/initramfs.c linux-3.0.4/init/initramfs.c
- sys_chown(collected, uid, gid);
- sys_chmod(collected, mode);
- do_utime(collected, mtime);
-+ sys_mknod((__force char __user *)collected, mode, rdev);
-+ sys_chown((__force char __user *)collected, uid, gid);
-+ sys_chmod((__force char __user *)collected, mode);
-+ do_utime((__force char __user *)collected, mtime);
++ sys_mknod((char __force_user *)collected, mode, rdev);
++ sys_chown((char __force_user *)collected, uid, gid);
++ sys_chmod((char __force_user *)collected, mode);
++ do_utime((char __force_user *)collected, mtime);
}
}
return 0;
@@ -58979,17 +59829,17 @@ diff -urNp linux-3.0.4/init/initramfs.c linux-3.0.4/init/initramfs.c
{
if (count >= body_len) {
- sys_write(wfd, victim, body_len);
-+ sys_write(wfd, (__force char __user *)victim, body_len);
++ sys_write(wfd, (char __force_user *)victim, body_len);
sys_close(wfd);
- do_utime(vcollected, mtime);
-+ do_utime((__force char __user *)vcollected, mtime);
++ do_utime((char __force_user *)vcollected, mtime);
kfree(vcollected);
eat(body_len);
state = SkipIt;
return 0;
} else {
- sys_write(wfd, victim, count);
-+ sys_write(wfd, (__force char __user *)victim, count);
++ sys_write(wfd, (char __force_user *)victim, count);
body_len -= count;
eat(count);
return 1;
@@ -59000,9 +59850,9 @@ diff -urNp linux-3.0.4/init/initramfs.c linux-3.0.4/init/initramfs.c
- sys_symlink(collected + N_ALIGN(name_len), collected);
- sys_lchown(collected, uid, gid);
- do_utime(collected, mtime);
-+ sys_symlink((__force char __user *)collected + N_ALIGN(name_len), (__force char __user *)collected);
-+ sys_lchown((__force char __user *)collected, uid, gid);
-+ do_utime((__force char __user *)collected, mtime);
++ sys_symlink((char __force_user *)collected + N_ALIGN(name_len), (char __force_user *)collected);
++ sys_lchown((char __force_user *)collected, uid, gid);
++ do_utime((char __force_user *)collected, mtime);
state = SkipIt;
next_state = Reset;
return 0;
@@ -59020,7 +59870,7 @@ diff -urNp linux-3.0.4/init/Kconfig linux-3.0.4/init/Kconfig
also breaks ancient binaries (including anything libc5 based).
diff -urNp linux-3.0.4/init/main.c linux-3.0.4/init/main.c
--- linux-3.0.4/init/main.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/init/main.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/init/main.c 2011-10-06 04:17:55.000000000 -0400
@@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void)
extern void tc_init(void);
#endif
@@ -59113,7 +59963,7 @@ diff -urNp linux-3.0.4/init/main.c linux-3.0.4/init/main.c
/* Open the /dev/console on the rootfs, this should never fail */
- if (sys_open((const char __user *) "/dev/console", O_RDWR, 0) < 0)
-+ if (sys_open((__force const char __user *) "/dev/console", O_RDWR, 0) < 0)
++ if (sys_open((const char __force_user *) "/dev/console", O_RDWR, 0) < 0)
printk(KERN_WARNING "Warning: unable to open an initial console.\n");
(void) sys_dup(0);
@@ -59122,7 +59972,7 @@ diff -urNp linux-3.0.4/init/main.c linux-3.0.4/init/main.c
ramdisk_execute_command = "/init";
- if (sys_access((const char __user *) ramdisk_execute_command, 0) != 0) {
-+ if (sys_access((__force const char __user *) ramdisk_execute_command, 0) != 0) {
++ if (sys_access((const char __force_user *) ramdisk_execute_command, 0) != 0) {
ramdisk_execute_command = NULL;
prepare_namespace();
}
@@ -59311,13 +60161,13 @@ diff -urNp linux-3.0.4/ipc/shm.c linux-3.0.4/ipc/shm.c
diff -urNp linux-3.0.4/kernel/acct.c linux-3.0.4/kernel/acct.c
--- linux-3.0.4/kernel/acct.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/kernel/acct.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/kernel/acct.c 2011-10-06 04:17:55.000000000 -0400
@@ -570,7 +570,7 @@ static void do_acct_process(struct bsd_a
*/
flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
- file->f_op->write(file, (char *)&ac,
-+ file->f_op->write(file, (__force char __user *)&ac,
++ file->f_op->write(file, (char __force_user *)&ac,
sizeof(acct_t), &file->f_pos);
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
set_fs(fs);
@@ -59458,7 +60308,7 @@ diff -urNp linux-3.0.4/kernel/cgroup.c linux-3.0.4/kernel/cgroup.c
read_lock(&css_set_lock);
diff -urNp linux-3.0.4/kernel/compat.c linux-3.0.4/kernel/compat.c
--- linux-3.0.4/kernel/compat.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/kernel/compat.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/kernel/compat.c 2011-10-06 04:17:55.000000000 -0400
@@ -13,6 +13,7 @@
#include <linux/linkage.h>
@@ -59467,6 +60317,163 @@ diff -urNp linux-3.0.4/kernel/compat.c linux-3.0.4/kernel/compat.c
#include <linux/errno.h>
#include <linux/time.h>
#include <linux/signal.h>
+@@ -166,7 +167,7 @@ static long compat_nanosleep_restart(str
+ mm_segment_t oldfs;
+ long ret;
+
+- restart->nanosleep.rmtp = (struct timespec __user *) &rmt;
++ restart->nanosleep.rmtp = (struct timespec __force_user *) &rmt;
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = hrtimer_nanosleep_restart(restart);
+@@ -198,7 +199,7 @@ asmlinkage long compat_sys_nanosleep(str
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = hrtimer_nanosleep(&tu,
+- rmtp ? (struct timespec __user *)&rmt : NULL,
++ rmtp ? (struct timespec __force_user *)&rmt : NULL,
+ HRTIMER_MODE_REL, CLOCK_MONOTONIC);
+ set_fs(oldfs);
+
+@@ -307,7 +308,7 @@ asmlinkage long compat_sys_sigpending(co
+ mm_segment_t old_fs = get_fs();
+
+ set_fs(KERNEL_DS);
+- ret = sys_sigpending((old_sigset_t __user *) &s);
++ ret = sys_sigpending((old_sigset_t __force_user *) &s);
+ set_fs(old_fs);
+ if (ret == 0)
+ ret = put_user(s, set);
+@@ -330,8 +331,8 @@ asmlinkage long compat_sys_sigprocmask(i
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = sys_sigprocmask(how,
+- set ? (old_sigset_t __user *) &s : NULL,
+- oset ? (old_sigset_t __user *) &s : NULL);
++ set ? (old_sigset_t __force_user *) &s : NULL,
++ oset ? (old_sigset_t __force_user *) &s : NULL);
+ set_fs(old_fs);
+ if (ret == 0)
+ if (oset)
+@@ -368,7 +369,7 @@ asmlinkage long compat_sys_old_getrlimit
+ mm_segment_t old_fs = get_fs();
+
+ set_fs(KERNEL_DS);
+- ret = sys_old_getrlimit(resource, &r);
++ ret = sys_old_getrlimit(resource, (struct rlimit __force_user *)&r);
+ set_fs(old_fs);
+
+ if (!ret) {
+@@ -440,7 +441,7 @@ asmlinkage long compat_sys_getrusage(int
+ mm_segment_t old_fs = get_fs();
+
+ set_fs(KERNEL_DS);
+- ret = sys_getrusage(who, (struct rusage __user *) &r);
++ ret = sys_getrusage(who, (struct rusage __force_user *) &r);
+ set_fs(old_fs);
+
+ if (ret)
+@@ -467,8 +468,8 @@ compat_sys_wait4(compat_pid_t pid, compa
+ set_fs (KERNEL_DS);
+ ret = sys_wait4(pid,
+ (stat_addr ?
+- (unsigned int __user *) &status : NULL),
+- options, (struct rusage __user *) &r);
++ (unsigned int __force_user *) &status : NULL),
++ options, (struct rusage __force_user *) &r);
+ set_fs (old_fs);
+
+ if (ret > 0) {
+@@ -493,8 +494,8 @@ asmlinkage long compat_sys_waitid(int wh
+ memset(&info, 0, sizeof(info));
+
+ set_fs(KERNEL_DS);
+- ret = sys_waitid(which, pid, (siginfo_t __user *)&info, options,
+- uru ? (struct rusage __user *)&ru : NULL);
++ ret = sys_waitid(which, pid, (siginfo_t __force_user *)&info, options,
++ uru ? (struct rusage __force_user *)&ru : NULL);
+ set_fs(old_fs);
+
+ if ((ret < 0) || (info.si_signo == 0))
+@@ -624,8 +625,8 @@ long compat_sys_timer_settime(timer_t ti
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ err = sys_timer_settime(timer_id, flags,
+- (struct itimerspec __user *) &newts,
+- (struct itimerspec __user *) &oldts);
++ (struct itimerspec __force_user *) &newts,
++ (struct itimerspec __force_user *) &oldts);
+ set_fs(oldfs);
+ if (!err && old && put_compat_itimerspec(old, &oldts))
+ return -EFAULT;
+@@ -642,7 +643,7 @@ long compat_sys_timer_gettime(timer_t ti
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ err = sys_timer_gettime(timer_id,
+- (struct itimerspec __user *) &ts);
++ (struct itimerspec __force_user *) &ts);
+ set_fs(oldfs);
+ if (!err && put_compat_itimerspec(setting, &ts))
+ return -EFAULT;
+@@ -661,7 +662,7 @@ long compat_sys_clock_settime(clockid_t
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ err = sys_clock_settime(which_clock,
+- (struct timespec __user *) &ts);
++ (struct timespec __force_user *) &ts);
+ set_fs(oldfs);
+ return err;
+ }
+@@ -676,7 +677,7 @@ long compat_sys_clock_gettime(clockid_t
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ err = sys_clock_gettime(which_clock,
+- (struct timespec __user *) &ts);
++ (struct timespec __force_user *) &ts);
+ set_fs(oldfs);
+ if (!err && put_compat_timespec(&ts, tp))
+ return -EFAULT;
+@@ -696,7 +697,7 @@ long compat_sys_clock_adjtime(clockid_t
+
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+- ret = sys_clock_adjtime(which_clock, (struct timex __user *) &txc);
++ ret = sys_clock_adjtime(which_clock, (struct timex __force_user *) &txc);
+ set_fs(oldfs);
+
+ err = compat_put_timex(utp, &txc);
+@@ -716,7 +717,7 @@ long compat_sys_clock_getres(clockid_t w
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ err = sys_clock_getres(which_clock,
+- (struct timespec __user *) &ts);
++ (struct timespec __force_user *) &ts);
+ set_fs(oldfs);
+ if (!err && tp && put_compat_timespec(&ts, tp))
+ return -EFAULT;
+@@ -728,9 +729,9 @@ static long compat_clock_nanosleep_resta
+ long err;
+ mm_segment_t oldfs;
+ struct timespec tu;
+- struct compat_timespec *rmtp = restart->nanosleep.compat_rmtp;
++ struct compat_timespec __user *rmtp = restart->nanosleep.compat_rmtp;
+
+- restart->nanosleep.rmtp = (struct timespec __user *) &tu;
++ restart->nanosleep.rmtp = (struct timespec __force_user *) &tu;
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ err = clock_nanosleep_restart(restart);
+@@ -762,8 +763,8 @@ long compat_sys_clock_nanosleep(clockid_
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ err = sys_clock_nanosleep(which_clock, flags,
+- (struct timespec __user *) &in,
+- (struct timespec __user *) &out);
++ (struct timespec __force_user *) &in,
++ (struct timespec __force_user *) &out);
+ set_fs(oldfs);
+
+ if ((err == -ERESTART_RESTARTBLOCK) && rmtp &&
diff -urNp linux-3.0.4/kernel/configs.c linux-3.0.4/kernel/configs.c
--- linux-3.0.4/kernel/configs.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/kernel/configs.c 2011-08-23 21:48:14.000000000 -0400
@@ -60538,9 +61545,22 @@ diff -urNp linux-3.0.4/kernel/kallsyms.c linux-3.0.4/kernel/kallsyms.c
if (!iter)
return -ENOMEM;
reset_iter(iter, 0);
+diff -urNp linux-3.0.4/kernel/kexec.c linux-3.0.4/kernel/kexec.c
+--- linux-3.0.4/kernel/kexec.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/kernel/kexec.c 2011-10-06 04:17:55.000000000 -0400
+@@ -1033,7 +1033,8 @@ asmlinkage long compat_sys_kexec_load(un
+ unsigned long flags)
+ {
+ struct compat_kexec_segment in;
+- struct kexec_segment out, __user *ksegments;
++ struct kexec_segment out;
++ struct kexec_segment __user *ksegments;
+ unsigned long i, result;
+
+ /* Don't allow clients that don't understand the native
diff -urNp linux-3.0.4/kernel/kmod.c linux-3.0.4/kernel/kmod.c
--- linux-3.0.4/kernel/kmod.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/kernel/kmod.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/kernel/kmod.c 2011-10-06 04:17:55.000000000 -0400
@@ -73,13 +73,12 @@ char modprobe_path[KMOD_PATH_LEN] = "/sb
* If module auto-loading support is disabled then this function
* becomes a no-operation.
@@ -60637,6 +61657,15 @@ diff -urNp linux-3.0.4/kernel/kmod.c linux-3.0.4/kernel/kmod.c
EXPORT_SYMBOL(__request_module);
#endif /* CONFIG_MODULES */
+@@ -220,7 +272,7 @@ static int wait_for_helper(void *data)
+ *
+ * Thus the __user pointer cast is valid here.
+ */
+- sys_wait4(pid, (int __user *)&ret, 0, NULL);
++ sys_wait4(pid, (int __force_user *)&ret, 0, NULL);
+
+ /*
+ * If ret is 0, either ____call_usermodehelper failed and the
diff -urNp linux-3.0.4/kernel/kprobes.c linux-3.0.4/kernel/kprobes.c
--- linux-3.0.4/kernel/kprobes.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/kernel/kprobes.c 2011-08-23 21:47:56.000000000 -0400
@@ -62816,7 +63845,7 @@ diff -urNp linux-3.0.4/kernel/softirq.c linux-3.0.4/kernel/softirq.c
diff -urNp linux-3.0.4/kernel/sys.c linux-3.0.4/kernel/sys.c
--- linux-3.0.4/kernel/sys.c 2011-09-02 18:11:26.000000000 -0400
-+++ linux-3.0.4/kernel/sys.c 2011-08-29 23:26:27.000000000 -0400
++++ linux-3.0.4/kernel/sys.c 2011-10-06 04:17:55.000000000 -0400
@@ -158,6 +158,12 @@ static int set_one_prio(struct task_stru
error = -EACCES;
goto out;
@@ -62952,6 +63981,31 @@ diff -urNp linux-3.0.4/kernel/sys.c linux-3.0.4/kernel/sys.c
abort_creds(new);
return old_fsgid;
+@@ -1205,19 +1248,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_
+ return -EFAULT;
+
+ down_read(&uts_sem);
+- error = __copy_to_user(&name->sysname, &utsname()->sysname,
++ error = __copy_to_user(name->sysname, &utsname()->sysname,
+ __OLD_UTS_LEN);
+ error |= __put_user(0, name->sysname + __OLD_UTS_LEN);
+- error |= __copy_to_user(&name->nodename, &utsname()->nodename,
++ error |= __copy_to_user(name->nodename, &utsname()->nodename,
+ __OLD_UTS_LEN);
+ error |= __put_user(0, name->nodename + __OLD_UTS_LEN);
+- error |= __copy_to_user(&name->release, &utsname()->release,
++ error |= __copy_to_user(name->release, &utsname()->release,
+ __OLD_UTS_LEN);
+ error |= __put_user(0, name->release + __OLD_UTS_LEN);
+- error |= __copy_to_user(&name->version, &utsname()->version,
++ error |= __copy_to_user(name->version, &utsname()->version,
+ __OLD_UTS_LEN);
+ error |= __put_user(0, name->version + __OLD_UTS_LEN);
+- error |= __copy_to_user(&name->machine, &utsname()->machine,
++ error |= __copy_to_user(name->machine, &utsname()->machine,
+ __OLD_UTS_LEN);
+ error |= __put_user(0, name->machine + __OLD_UTS_LEN);
+ up_read(&uts_sem);
@@ -1680,7 +1723,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsi
error = get_dumpable(me->mm);
break;
@@ -62961,6 +64015,72 @@ diff -urNp linux-3.0.4/kernel/sys.c linux-3.0.4/kernel/sys.c
error = -EINVAL;
break;
}
+diff -urNp linux-3.0.4/kernel/sysctl_binary.c linux-3.0.4/kernel/sysctl_binary.c
+--- linux-3.0.4/kernel/sysctl_binary.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/kernel/sysctl_binary.c 2011-10-06 04:17:55.000000000 -0400
+@@ -989,7 +989,7 @@ static ssize_t bin_intvec(struct file *f
+ int i;
+
+ set_fs(KERNEL_DS);
+- result = vfs_read(file, buffer, BUFSZ - 1, &pos);
++ result = vfs_read(file, (char __force_user *)buffer, BUFSZ - 1, &pos);
+ set_fs(old_fs);
+ if (result < 0)
+ goto out_kfree;
+@@ -1034,7 +1034,7 @@ static ssize_t bin_intvec(struct file *f
+ }
+
+ set_fs(KERNEL_DS);
+- result = vfs_write(file, buffer, str - buffer, &pos);
++ result = vfs_write(file, (const char __force_user *)buffer, str - buffer, &pos);
+ set_fs(old_fs);
+ if (result < 0)
+ goto out_kfree;
+@@ -1067,7 +1067,7 @@ static ssize_t bin_ulongvec(struct file
+ int i;
+
+ set_fs(KERNEL_DS);
+- result = vfs_read(file, buffer, BUFSZ - 1, &pos);
++ result = vfs_read(file, (char __force_user *)buffer, BUFSZ - 1, &pos);
+ set_fs(old_fs);
+ if (result < 0)
+ goto out_kfree;
+@@ -1112,7 +1112,7 @@ static ssize_t bin_ulongvec(struct file
+ }
+
+ set_fs(KERNEL_DS);
+- result = vfs_write(file, buffer, str - buffer, &pos);
++ result = vfs_write(file, (const char __force_user *)buffer, str - buffer, &pos);
+ set_fs(old_fs);
+ if (result < 0)
+ goto out_kfree;
+@@ -1138,7 +1138,7 @@ static ssize_t bin_uuid(struct file *fil
+ int i;
+
+ set_fs(KERNEL_DS);
+- result = vfs_read(file, buf, sizeof(buf) - 1, &pos);
++ result = vfs_read(file, (char __force_user *)buf, sizeof(buf) - 1, &pos);
+ set_fs(old_fs);
+ if (result < 0)
+ goto out;
+@@ -1185,7 +1185,7 @@ static ssize_t bin_dn_node_address(struc
+ __le16 dnaddr;
+
+ set_fs(KERNEL_DS);
+- result = vfs_read(file, buf, sizeof(buf) - 1, &pos);
++ result = vfs_read(file, (char __force_user *)buf, sizeof(buf) - 1, &pos);
+ set_fs(old_fs);
+ if (result < 0)
+ goto out;
+@@ -1233,7 +1233,7 @@ static ssize_t bin_dn_node_address(struc
+ le16_to_cpu(dnaddr) & 0x3ff);
+
+ set_fs(KERNEL_DS);
+- result = vfs_write(file, buf, len, &pos);
++ result = vfs_write(file, (const char __force_user *)buf, len, &pos);
+ set_fs(old_fs);
+ if (result < 0)
+ goto out;
diff -urNp linux-3.0.4/kernel/sysctl.c linux-3.0.4/kernel/sysctl.c
--- linux-3.0.4/kernel/sysctl.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/kernel/sysctl.c 2011-08-23 21:48:14.000000000 -0400
@@ -63532,6 +64652,45 @@ diff -urNp linux-3.0.4/kernel/trace/trace_events.c linux-3.0.4/kernel/trace/trac
}
}
+diff -urNp linux-3.0.4/kernel/trace/trace_kprobe.c linux-3.0.4/kernel/trace/trace_kprobe.c
+--- linux-3.0.4/kernel/trace/trace_kprobe.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/kernel/trace/trace_kprobe.c 2011-10-06 04:17:55.000000000 -0400
+@@ -217,7 +217,7 @@ static __kprobes void FETCH_FUNC_NAME(me
+ long ret;
+ int maxlen = get_rloc_len(*(u32 *)dest);
+ u8 *dst = get_rloc_data(dest);
+- u8 *src = addr;
++ const u8 __user *src = (const u8 __force_user *)addr;
+ mm_segment_t old_fs = get_fs();
+ if (!maxlen)
+ return;
+@@ -229,7 +229,7 @@ static __kprobes void FETCH_FUNC_NAME(me
+ pagefault_disable();
+ do
+ ret = __copy_from_user_inatomic(dst++, src++, 1);
+- while (dst[-1] && ret == 0 && src - (u8 *)addr < maxlen);
++ while (dst[-1] && ret == 0 && src - (const u8 __force_user *)addr < maxlen);
+ dst[-1] = '\0';
+ pagefault_enable();
+ set_fs(old_fs);
+@@ -238,7 +238,7 @@ static __kprobes void FETCH_FUNC_NAME(me
+ ((u8 *)get_rloc_data(dest))[0] = '\0';
+ *(u32 *)dest = make_data_rloc(0, get_rloc_offs(*(u32 *)dest));
+ } else
+- *(u32 *)dest = make_data_rloc(src - (u8 *)addr,
++ *(u32 *)dest = make_data_rloc(src - (const u8 __force_user *)addr,
+ get_rloc_offs(*(u32 *)dest));
+ }
+ /* Return the length of string -- including null terminal byte */
+@@ -252,7 +252,7 @@ static __kprobes void FETCH_FUNC_NAME(me
+ set_fs(KERNEL_DS);
+ pagefault_disable();
+ do {
+- ret = __copy_from_user_inatomic(&c, (u8 *)addr + len, 1);
++ ret = __copy_from_user_inatomic(&c, (const u8 __force_user *)addr + len, 1);
+ len++;
+ } while (c && ret == 0 && len < MAX_STRING_SIZE);
+ pagefault_enable();
diff -urNp linux-3.0.4/kernel/trace/trace_mmiotrace.c linux-3.0.4/kernel/trace/trace_mmiotrace.c
--- linux-3.0.4/kernel/trace/trace_mmiotrace.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/kernel/trace/trace_mmiotrace.c 2011-08-23 21:47:56.000000000 -0400
@@ -63625,6 +64784,45 @@ diff -urNp linux-3.0.4/kernel/trace/trace_workqueue.c linux-3.0.4/kernel/trace/t
tsk->comm);
put_task_struct(tsk);
}
+diff -urNp linux-3.0.4/lib/bitmap.c linux-3.0.4/lib/bitmap.c
+--- linux-3.0.4/lib/bitmap.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/lib/bitmap.c 2011-10-06 04:17:55.000000000 -0400
+@@ -421,7 +421,7 @@ int __bitmap_parse(const char *buf, unsi
+ {
+ int c, old_c, totaldigits, ndigits, nchunks, nbits;
+ u32 chunk;
+- const char __user *ubuf = buf;
++ const char __user *ubuf = (const char __force_user *)buf;
+
+ bitmap_zero(maskp, nmaskbits);
+
+@@ -506,7 +506,7 @@ int bitmap_parse_user(const char __user
+ {
+ if (!access_ok(VERIFY_READ, ubuf, ulen))
+ return -EFAULT;
+- return __bitmap_parse((const char *)ubuf, ulen, 1, maskp, nmaskbits);
++ return __bitmap_parse((const char __force_kernel *)ubuf, ulen, 1, maskp, nmaskbits);
+ }
+ EXPORT_SYMBOL(bitmap_parse_user);
+
+@@ -596,7 +596,7 @@ static int __bitmap_parselist(const char
+ {
+ unsigned a, b;
+ int c, old_c, totaldigits;
+- const char __user *ubuf = buf;
++ const char __user *ubuf = (const char __force_user *)buf;
+ int exp_digit, in_range;
+
+ totaldigits = c = 0;
+@@ -696,7 +696,7 @@ int bitmap_parselist_user(const char __u
+ {
+ if (!access_ok(VERIFY_READ, ubuf, ulen))
+ return -EFAULT;
+- return __bitmap_parselist((const char *)ubuf,
++ return __bitmap_parselist((const char __force_kernel *)ubuf,
+ ulen, 1, maskp, nmaskbits);
+ }
+ EXPORT_SYMBOL(bitmap_parselist_user);
diff -urNp linux-3.0.4/lib/bug.c linux-3.0.4/lib/bug.c
--- linux-3.0.4/lib/bug.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/lib/bug.c 2011-08-23 21:47:56.000000000 -0400
@@ -63649,6 +64847,27 @@ diff -urNp linux-3.0.4/lib/debugobjects.c linux-3.0.4/lib/debugobjects.c
if (is_on_stack == onstack)
return;
+diff -urNp linux-3.0.4/lib/devres.c linux-3.0.4/lib/devres.c
+--- linux-3.0.4/lib/devres.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/lib/devres.c 2011-10-06 04:17:55.000000000 -0400
+@@ -81,7 +81,7 @@ void devm_iounmap(struct device *dev, vo
+ {
+ iounmap(addr);
+ WARN_ON(devres_destroy(dev, devm_ioremap_release, devm_ioremap_match,
+- (void *)addr));
++ (void __force *)addr));
+ }
+ EXPORT_SYMBOL(devm_iounmap);
+
+@@ -141,7 +141,7 @@ void devm_ioport_unmap(struct device *de
+ {
+ ioport_unmap(addr);
+ WARN_ON(devres_destroy(dev, devm_ioport_map_release,
+- devm_ioport_map_match, (void *)addr));
++ devm_ioport_map_match, (void __force *)addr));
+ }
+ EXPORT_SYMBOL(devm_ioport_unmap);
+
diff -urNp linux-3.0.4/lib/dma-debug.c linux-3.0.4/lib/dma-debug.c
--- linux-3.0.4/lib/dma-debug.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/lib/dma-debug.c 2011-08-23 21:47:56.000000000 -0400
@@ -63833,7 +65052,7 @@ diff -urNp linux-3.0.4/localversion-grsec linux-3.0.4/localversion-grsec
+-grsec
diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
--- linux-3.0.4/Makefile 2011-09-02 18:11:26.000000000 -0400
-+++ linux-3.0.4/Makefile 2011-09-17 00:56:07.000000000 -0400
++++ linux-3.0.4/Makefile 2011-10-06 04:17:55.000000000 -0400
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
HOSTCC = gcc
@@ -63870,23 +65089,28 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -564,6 +567,31 @@ else
+@@ -564,6 +567,36 @@ else
KBUILD_CFLAGS += -O2
endif
+ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y)
+CONSTIFY_PLUGIN := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN
-+ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+KERNEXEC_PLUGIN := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so
++ifdef CONFIG_PAX_MEMORY_STACKLEAK
++STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100
+endif
+ifdef CONFIG_KALLOCSTAT_PLUGIN
+KALLOCSTAT_PLUGIN := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so
+endif
-+ifdef CONFIG_PAX_MEMORY_STACKLEAK
-+STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100
++ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++KERNEXEC_PLUGIN := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so
++endif
++ifdef CONFIG_CHECKER_PLUGIN
++ifeq ($(call cc-ifversion, -ge, 0406, y), y)
++CHECKER_PLUGIN := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN
++endif
+endif
-+GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN)
-+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN
++GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN) $(CHECKER_PLUGIN)
++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN
+gcc-plugins:
+ $(Q)$(MAKE) $(build)=tools/gcc
+else
@@ -63902,7 +65126,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
include $(srctree)/arch/$(SRCARCH)/Makefile
ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -708,7 +736,7 @@ export mod_strip_cmd
+@@ -708,7 +741,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -63911,7 +65135,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -907,6 +935,8 @@ define rule_vmlinux-modpost
+@@ -907,6 +940,8 @@ define rule_vmlinux-modpost
endef
# vmlinux image - including updated kernel symbols
@@ -63920,7 +65144,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
vmlinux: $(vmlinux-lds) $(vmlinux-init) $(vmlinux-main) vmlinux.o $(kallsyms.o) FORCE
ifdef CONFIG_HEADERS_CHECK
$(Q)$(MAKE) -f $(srctree)/Makefile headers_check
-@@ -941,7 +971,8 @@ $(sort $(vmlinux-init) $(vmlinux-main))
+@@ -941,7 +976,8 @@ $(sort $(vmlinux-init) $(vmlinux-main))
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -63930,7 +65154,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
$(Q)$(MAKE) $(build)=$@
# Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -986,6 +1017,7 @@ prepare0: archprepare FORCE
+@@ -986,6 +1022,7 @@ prepare0: archprepare FORCE
$(Q)$(MAKE) $(build)=. missing-syscalls
# All the preparing..
@@ -63938,7 +65162,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
prepare: prepare0
# Generate some files
-@@ -1102,7 +1134,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
+@@ -1102,7 +1139,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
# Target to prepare building external modules
PHONY += modules_prepare
@@ -63947,7 +65171,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
# Target to install modules
PHONY += modules_install
-@@ -1198,7 +1230,7 @@ distclean: mrproper
+@@ -1198,7 +1235,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -63956,7 +65180,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1359,6 +1391,7 @@ PHONY += $(module-dirs) modules
+@@ -1359,6 +1396,7 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -63964,7 +65188,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1485,17 +1518,19 @@ else
+@@ -1485,17 +1523,19 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -63988,7 +65212,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1505,11 +1540,13 @@ endif
+@@ -1505,11 +1545,13 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -64206,6 +65430,27 @@ diff -urNp linux-3.0.4/mm/kmemleak.c linux-3.0.4/mm/kmemleak.c
}
}
+diff -urNp linux-3.0.4/mm/maccess.c linux-3.0.4/mm/maccess.c
+--- linux-3.0.4/mm/maccess.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/mm/maccess.c 2011-10-06 04:17:55.000000000 -0400
+@@ -26,7 +26,7 @@ long __probe_kernel_read(void *dst, cons
+ set_fs(KERNEL_DS);
+ pagefault_disable();
+ ret = __copy_from_user_inatomic(dst,
+- (__force const void __user *)src, size);
++ (const void __force_user *)src, size);
+ pagefault_enable();
+ set_fs(old_fs);
+
+@@ -53,7 +53,7 @@ long __probe_kernel_write(void *dst, con
+
+ set_fs(KERNEL_DS);
+ pagefault_disable();
+- ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
++ ret = __copy_to_user_inatomic((void __force_user *)dst, src, size);
+ pagefault_enable();
+ set_fs(old_fs);
+
diff -urNp linux-3.0.4/mm/madvise.c linux-3.0.4/mm/madvise.c
--- linux-3.0.4/mm/madvise.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/mm/madvise.c 2011-08-23 21:47:56.000000000 -0400
@@ -64853,7 +66098,7 @@ diff -urNp linux-3.0.4/mm/memory.c linux-3.0.4/mm/memory.c
* Dumping its contents makes post-mortem fully interpretable later
diff -urNp linux-3.0.4/mm/memory-failure.c linux-3.0.4/mm/memory-failure.c
--- linux-3.0.4/mm/memory-failure.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/mm/memory-failure.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/mm/memory-failure.c 2011-10-06 04:17:55.000000000 -0400
@@ -59,7 +59,7 @@ int sysctl_memory_failure_early_kill __r
int sysctl_memory_failure_recovery __read_mostly = 1;
@@ -64863,6 +66108,15 @@ diff -urNp linux-3.0.4/mm/memory-failure.c linux-3.0.4/mm/memory-failure.c
#if defined(CONFIG_HWPOISON_INJECT) || defined(CONFIG_HWPOISON_INJECT_MODULE)
+@@ -200,7 +200,7 @@ static int kill_proc_ao(struct task_stru
+ si.si_signo = SIGBUS;
+ si.si_errno = 0;
+ si.si_code = BUS_MCEERR_AO;
+- si.si_addr = (void *)addr;
++ si.si_addr = (void __user *)addr;
+ #ifdef __ARCH_SI_TRAPNO
+ si.si_trapno = trapno;
+ #endif
@@ -1008,7 +1008,7 @@ int __memory_failure(unsigned long pfn,
}
@@ -68153,6 +69407,39 @@ diff -urNp linux-3.0.4/net/8021q/vlan.c linux-3.0.4/net/8021q/vlan.c
struct vlan_net *vn;
vn = net_generic(net, vlan_net_id);
+diff -urNp linux-3.0.4/net/9p/trans_fd.c linux-3.0.4/net/9p/trans_fd.c
+--- linux-3.0.4/net/9p/trans_fd.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/net/9p/trans_fd.c 2011-10-06 04:17:55.000000000 -0400
+@@ -423,7 +423,7 @@ static int p9_fd_write(struct p9_client
+ oldfs = get_fs();
+ set_fs(get_ds());
+ /* The cast to a user pointer is valid due to the set_fs() */
+- ret = vfs_write(ts->wr, (__force void __user *)v, len, &ts->wr->f_pos);
++ ret = vfs_write(ts->wr, (void __force_user *)v, len, &ts->wr->f_pos);
+ set_fs(oldfs);
+
+ if (ret <= 0 && ret != -ERESTARTSYS && ret != -EAGAIN)
+diff -urNp linux-3.0.4/net/9p/trans_virtio.c linux-3.0.4/net/9p/trans_virtio.c
+--- linux-3.0.4/net/9p/trans_virtio.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/net/9p/trans_virtio.c 2011-10-06 04:17:55.000000000 -0400
+@@ -328,7 +328,7 @@ req_retry_pinned:
+ } else {
+ char *pbuf;
+ if (req->tc->pubuf)
+- pbuf = (__force char *) req->tc->pubuf;
++ pbuf = (char __force_kernel *) req->tc->pubuf;
+ else
+ pbuf = req->tc->pkbuf;
+ outp = pack_sg_list(chan->sg, out, VIRTQUEUE_NUM, pbuf,
+@@ -357,7 +357,7 @@ req_retry_pinned:
+ } else {
+ char *pbuf;
+ if (req->tc->pubuf)
+- pbuf = (__force char *) req->tc->pubuf;
++ pbuf = (char __force_kernel *) req->tc->pubuf;
+ else
+ pbuf = req->tc->pkbuf;
+
diff -urNp linux-3.0.4/net/atm/atm_misc.c linux-3.0.4/net/atm/atm_misc.c
--- linux-3.0.4/net/atm/atm_misc.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/net/atm/atm_misc.c 2011-08-23 21:47:56.000000000 -0400
@@ -68583,6 +69870,136 @@ diff -urNp linux-3.0.4/net/caif/cfctrl.c linux-3.0.4/net/caif/cfctrl.c
cfpkt_extr_head(pkt, &cmdrsp, 1);
cmd = cmdrsp & CFCTRL_CMD_MASK;
+diff -urNp linux-3.0.4/net/compat.c linux-3.0.4/net/compat.c
+--- linux-3.0.4/net/compat.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/net/compat.c 2011-10-06 04:17:55.000000000 -0400
+@@ -70,9 +70,9 @@ int get_compat_msghdr(struct msghdr *kms
+ __get_user(kmsg->msg_controllen, &umsg->msg_controllen) ||
+ __get_user(kmsg->msg_flags, &umsg->msg_flags))
+ return -EFAULT;
+- kmsg->msg_name = compat_ptr(tmp1);
+- kmsg->msg_iov = compat_ptr(tmp2);
+- kmsg->msg_control = compat_ptr(tmp3);
++ kmsg->msg_name = (void __force_kernel *)compat_ptr(tmp1);
++ kmsg->msg_iov = (void __force_kernel *)compat_ptr(tmp2);
++ kmsg->msg_control = (void __force_kernel *)compat_ptr(tmp3);
+ return 0;
+ }
+
+@@ -84,7 +84,7 @@ int verify_compat_iovec(struct msghdr *k
+
+ if (kern_msg->msg_namelen) {
+ if (mode == VERIFY_READ) {
+- int err = move_addr_to_kernel(kern_msg->msg_name,
++ int err = move_addr_to_kernel((void __force_user *)kern_msg->msg_name,
+ kern_msg->msg_namelen,
+ kern_address);
+ if (err < 0)
+@@ -95,7 +95,7 @@ int verify_compat_iovec(struct msghdr *k
+ kern_msg->msg_name = NULL;
+
+ tot_len = iov_from_user_compat_to_kern(kern_iov,
+- (struct compat_iovec __user *)kern_msg->msg_iov,
++ (struct compat_iovec __force_user *)kern_msg->msg_iov,
+ kern_msg->msg_iovlen);
+ if (tot_len >= 0)
+ kern_msg->msg_iov = kern_iov;
+@@ -115,20 +115,20 @@ int verify_compat_iovec(struct msghdr *k
+
+ #define CMSG_COMPAT_FIRSTHDR(msg) \
+ (((msg)->msg_controllen) >= sizeof(struct compat_cmsghdr) ? \
+- (struct compat_cmsghdr __user *)((msg)->msg_control) : \
++ (struct compat_cmsghdr __force_user *)((msg)->msg_control) : \
+ (struct compat_cmsghdr __user *)NULL)
+
+ #define CMSG_COMPAT_OK(ucmlen, ucmsg, mhdr) \
+ ((ucmlen) >= sizeof(struct compat_cmsghdr) && \
+ (ucmlen) <= (unsigned long) \
+ ((mhdr)->msg_controllen - \
+- ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
++ ((char __force_kernel *)(ucmsg) - (char *)(mhdr)->msg_control)))
+
+ static inline struct compat_cmsghdr __user *cmsg_compat_nxthdr(struct msghdr *msg,
+ struct compat_cmsghdr __user *cmsg, int cmsg_len)
+ {
+ char __user *ptr = (char __user *)cmsg + CMSG_COMPAT_ALIGN(cmsg_len);
+- if ((unsigned long)(ptr + 1 - (char __user *)msg->msg_control) >
++ if ((unsigned long)(ptr + 1 - (char __force_user *)msg->msg_control) >
+ msg->msg_controllen)
+ return NULL;
+ return (struct compat_cmsghdr __user *)ptr;
+@@ -220,7 +220,7 @@ int put_cmsg_compat(struct msghdr *kmsg,
+ {
+ struct compat_timeval ctv;
+ struct compat_timespec cts[3];
+- struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __user *) kmsg->msg_control;
++ struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __force_user *) kmsg->msg_control;
+ struct compat_cmsghdr cmhdr;
+ int cmlen;
+
+@@ -272,7 +272,7 @@ int put_cmsg_compat(struct msghdr *kmsg,
+
+ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
+ {
+- struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __user *) kmsg->msg_control;
++ struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __force_user *) kmsg->msg_control;
+ int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int);
+ int fdnum = scm->fp->count;
+ struct file **fp = scm->fp->fp;
+@@ -369,7 +369,7 @@ static int do_set_sock_timeout(struct so
+ return -EFAULT;
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+- err = sock_setsockopt(sock, level, optname, (char *)&ktime, sizeof(ktime));
++ err = sock_setsockopt(sock, level, optname, (char __force_user *)&ktime, sizeof(ktime));
+ set_fs(old_fs);
+
+ return err;
+@@ -430,7 +430,7 @@ static int do_get_sock_timeout(struct so
+ len = sizeof(ktime);
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+- err = sock_getsockopt(sock, level, optname, (char *) &ktime, &len);
++ err = sock_getsockopt(sock, level, optname, (char __force_user *) &ktime, (int __force_user *)&len);
+ set_fs(old_fs);
+
+ if (!err) {
+@@ -565,7 +565,7 @@ int compat_mc_setsockopt(struct sock *so
+ case MCAST_JOIN_GROUP:
+ case MCAST_LEAVE_GROUP:
+ {
+- struct compat_group_req __user *gr32 = (void *)optval;
++ struct compat_group_req __user *gr32 = (void __user *)optval;
+ struct group_req __user *kgr =
+ compat_alloc_user_space(sizeof(struct group_req));
+ u32 interface;
+@@ -586,7 +586,7 @@ int compat_mc_setsockopt(struct sock *so
+ case MCAST_BLOCK_SOURCE:
+ case MCAST_UNBLOCK_SOURCE:
+ {
+- struct compat_group_source_req __user *gsr32 = (void *)optval;
++ struct compat_group_source_req __user *gsr32 = (void __user *)optval;
+ struct group_source_req __user *kgsr = compat_alloc_user_space(
+ sizeof(struct group_source_req));
+ u32 interface;
+@@ -607,7 +607,7 @@ int compat_mc_setsockopt(struct sock *so
+ }
+ case MCAST_MSFILTER:
+ {
+- struct compat_group_filter __user *gf32 = (void *)optval;
++ struct compat_group_filter __user *gf32 = (void __user *)optval;
+ struct group_filter __user *kgf;
+ u32 interface, fmode, numsrc;
+
+@@ -645,7 +645,7 @@ int compat_mc_getsockopt(struct sock *so
+ char __user *optval, int __user *optlen,
+ int (*getsockopt)(struct sock *, int, int, char __user *, int __user *))
+ {
+- struct compat_group_filter __user *gf32 = (void *)optval;
++ struct compat_group_filter __user *gf32 = (void __user *)optval;
+ struct group_filter __user *kgf;
+ int __user *koptlen;
+ u32 interface, fmode, numsrc;
diff -urNp linux-3.0.4/net/core/datagram.c linux-3.0.4/net/core/datagram.c
--- linux-3.0.4/net/core/datagram.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/net/core/datagram.c 2011-08-23 21:47:56.000000000 -0400
@@ -68679,6 +70096,27 @@ diff -urNp linux-3.0.4/net/core/flow.c linux-3.0.4/net/core/flow.c
if (!IS_ERR(flo))
fle->object = flo;
else
+diff -urNp linux-3.0.4/net/core/iovec.c linux-3.0.4/net/core/iovec.c
+--- linux-3.0.4/net/core/iovec.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/net/core/iovec.c 2011-10-06 04:17:55.000000000 -0400
+@@ -42,7 +42,7 @@ int verify_iovec(struct msghdr *m, struc
+ if (m->msg_namelen) {
+ if (mode == VERIFY_READ) {
+ void __user *namep;
+- namep = (void __user __force *) m->msg_name;
++ namep = (void __force_user *) m->msg_name;
+ err = move_addr_to_kernel(namep, m->msg_namelen,
+ address);
+ if (err < 0)
+@@ -54,7 +54,7 @@ int verify_iovec(struct msghdr *m, struc
+ }
+
+ size = m->msg_iovlen * sizeof(struct iovec);
+- if (copy_from_user(iov, (void __user __force *) m->msg_iov, size))
++ if (copy_from_user(iov, (void __force_user *) m->msg_iov, size))
+ return -EFAULT;
+
+ m->msg_iov = iov;
diff -urNp linux-3.0.4/net/core/rtnetlink.c linux-3.0.4/net/core/rtnetlink.c
--- linux-3.0.4/net/core/rtnetlink.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/net/core/rtnetlink.c 2011-08-23 21:47:56.000000000 -0400
@@ -68691,6 +70129,45 @@ diff -urNp linux-3.0.4/net/core/rtnetlink.c linux-3.0.4/net/core/rtnetlink.c
static DEFINE_MUTEX(rtnl_mutex);
+diff -urNp linux-3.0.4/net/core/scm.c linux-3.0.4/net/core/scm.c
+--- linux-3.0.4/net/core/scm.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/net/core/scm.c 2011-10-06 04:17:55.000000000 -0400
+@@ -218,7 +218,7 @@ EXPORT_SYMBOL(__scm_send);
+ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
+ {
+ struct cmsghdr __user *cm
+- = (__force struct cmsghdr __user *)msg->msg_control;
++ = (struct cmsghdr __force_user *)msg->msg_control;
+ struct cmsghdr cmhdr;
+ int cmlen = CMSG_LEN(len);
+ int err;
+@@ -241,7 +241,7 @@ int put_cmsg(struct msghdr * msg, int le
+ err = -EFAULT;
+ if (copy_to_user(cm, &cmhdr, sizeof cmhdr))
+ goto out;
+- if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr)))
++ if (copy_to_user((void __force_user *)CMSG_DATA((void __force_kernel *)cm), data, cmlen - sizeof(struct cmsghdr)))
+ goto out;
+ cmlen = CMSG_SPACE(len);
+ if (msg->msg_controllen < cmlen)
+@@ -257,7 +257,7 @@ EXPORT_SYMBOL(put_cmsg);
+ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
+ {
+ struct cmsghdr __user *cm
+- = (__force struct cmsghdr __user*)msg->msg_control;
++ = (struct cmsghdr __force_user *)msg->msg_control;
+
+ int fdmax = 0;
+ int fdnum = scm->fp->count;
+@@ -277,7 +277,7 @@ void scm_detach_fds(struct msghdr *msg,
+ if (fdnum < fdmax)
+ fdmax = fdnum;
+
+- for (i=0, cmfptr=(__force int __user *)CMSG_DATA(cm); i<fdmax;
++ for (i=0, cmfptr=(int __force_user *)CMSG_DATA((void __force_kernel *)cm); i<fdmax;
+ i++, cmfptr++)
+ {
+ int new_fd;
diff -urNp linux-3.0.4/net/core/skbuff.c linux-3.0.4/net/core/skbuff.c
--- linux-3.0.4/net/core/skbuff.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/net/core/skbuff.c 2011-08-23 21:48:14.000000000 -0400
@@ -68974,6 +70451,36 @@ diff -urNp linux-3.0.4/net/ipv4/inetpeer.c linux-3.0.4/net/ipv4/inetpeer.c
p->tcp_ts_stamp = 0;
p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW;
p->rate_tokens = 0;
+diff -urNp linux-3.0.4/net/ipv4/ipconfig.c linux-3.0.4/net/ipv4/ipconfig.c
+--- linux-3.0.4/net/ipv4/ipconfig.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/net/ipv4/ipconfig.c 2011-10-06 04:17:55.000000000 -0400
+@@ -313,7 +313,7 @@ static int __init ic_devinet_ioctl(unsig
+
+ mm_segment_t oldfs = get_fs();
+ set_fs(get_ds());
+- res = devinet_ioctl(&init_net, cmd, (struct ifreq __user *) arg);
++ res = devinet_ioctl(&init_net, cmd, (struct ifreq __force_user *) arg);
+ set_fs(oldfs);
+ return res;
+ }
+@@ -324,7 +324,7 @@ static int __init ic_dev_ioctl(unsigned
+
+ mm_segment_t oldfs = get_fs();
+ set_fs(get_ds());
+- res = dev_ioctl(&init_net, cmd, (struct ifreq __user *) arg);
++ res = dev_ioctl(&init_net, cmd, (struct ifreq __force_user *) arg);
+ set_fs(oldfs);
+ return res;
+ }
+@@ -335,7 +335,7 @@ static int __init ic_route_ioctl(unsigne
+
+ mm_segment_t oldfs = get_fs();
+ set_fs(get_ds());
+- res = ip_rt_ioctl(&init_net, cmd, (void __user *) arg);
++ res = ip_rt_ioctl(&init_net, cmd, (void __force_user *) arg);
+ set_fs(oldfs);
+ return res;
+ }
diff -urNp linux-3.0.4/net/ipv4/ip_fragment.c linux-3.0.4/net/ipv4/ip_fragment.c
--- linux-3.0.4/net/ipv4/ip_fragment.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/net/ipv4/ip_fragment.c 2011-08-23 21:47:56.000000000 -0400
@@ -68988,7 +70495,7 @@ diff -urNp linux-3.0.4/net/ipv4/ip_fragment.c linux-3.0.4/net/ipv4/ip_fragment.c
rc = qp->q.fragments && (end - start) > max;
diff -urNp linux-3.0.4/net/ipv4/ip_sockglue.c linux-3.0.4/net/ipv4/ip_sockglue.c
--- linux-3.0.4/net/ipv4/ip_sockglue.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/net/ipv4/ip_sockglue.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/net/ipv4/ip_sockglue.c 2011-10-06 04:17:55.000000000 -0400
@@ -1073,6 +1073,8 @@ static int do_ip_getsockopt(struct sock
int val;
int len;
@@ -69008,6 +70515,15 @@ diff -urNp linux-3.0.4/net/ipv4/ip_sockglue.c linux-3.0.4/net/ipv4/ip_sockglue.c
return -EFAULT;
return 0;
}
+@@ -1238,7 +1241,7 @@ static int do_ip_getsockopt(struct sock
+ if (sk->sk_type != SOCK_STREAM)
+ return -ENOPROTOOPT;
+
+- msg.msg_control = optval;
++ msg.msg_control = (void __force_kernel *)optval;
+ msg.msg_controllen = len;
+ msg.msg_flags = 0;
+
diff -urNp linux-3.0.4/net/ipv4/netfilter/nf_nat_snmp_basic.c linux-3.0.4/net/ipv4/netfilter/nf_nat_snmp_basic.c
--- linux-3.0.4/net/ipv4/netfilter/nf_nat_snmp_basic.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/net/ipv4/netfilter/nf_nat_snmp_basic.c 2011-08-23 21:47:56.000000000 -0400
@@ -69434,6 +70950,18 @@ diff -urNp linux-3.0.4/net/ipv4/udp.c linux-3.0.4/net/ipv4/udp.c
}
int udp4_seq_show(struct seq_file *seq, void *v)
+diff -urNp linux-3.0.4/net/ipv6/addrconf.c linux-3.0.4/net/ipv6/addrconf.c
+--- linux-3.0.4/net/ipv6/addrconf.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/net/ipv6/addrconf.c 2011-10-06 04:17:55.000000000 -0400
+@@ -2072,7 +2072,7 @@ int addrconf_set_dstaddr(struct net *net
+ p.iph.ihl = 5;
+ p.iph.protocol = IPPROTO_IPV6;
+ p.iph.ttl = 64;
+- ifr.ifr_ifru.ifru_data = (__force void __user *)&p;
++ ifr.ifr_ifru.ifru_data = (void __force_user *)&p;
+
+ if (ops->ndo_do_ioctl) {
+ mm_segment_t oldfs = get_fs();
diff -urNp linux-3.0.4/net/ipv6/inet6_connection_sock.c linux-3.0.4/net/ipv6/inet6_connection_sock.c
--- linux-3.0.4/net/ipv6/inet6_connection_sock.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/net/ipv6/inet6_connection_sock.c 2011-08-23 21:47:56.000000000 -0400
@@ -69457,7 +70985,7 @@ diff -urNp linux-3.0.4/net/ipv6/inet6_connection_sock.c linux-3.0.4/net/ipv6/ine
}
diff -urNp linux-3.0.4/net/ipv6/ipv6_sockglue.c linux-3.0.4/net/ipv6/ipv6_sockglue.c
--- linux-3.0.4/net/ipv6/ipv6_sockglue.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/net/ipv6/ipv6_sockglue.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/net/ipv6/ipv6_sockglue.c 2011-10-06 04:17:55.000000000 -0400
@@ -129,6 +129,8 @@ static int do_ipv6_setsockopt(struct soc
int val, valbool;
int retv = -ENOPROTOOPT;
@@ -69476,6 +71004,15 @@ diff -urNp linux-3.0.4/net/ipv6/ipv6_sockglue.c linux-3.0.4/net/ipv6/ipv6_sockgl
if (ip6_mroute_opt(optname))
return ip6_mroute_getsockopt(sk, optname, optval, optlen);
+@@ -960,7 +964,7 @@ static int do_ipv6_getsockopt(struct soc
+ if (sk->sk_type != SOCK_STREAM)
+ return -ENOPROTOOPT;
+
+- msg.msg_control = optval;
++ msg.msg_control = (void __force_kernel *)optval;
+ msg.msg_controllen = len;
+ msg.msg_flags = 0;
+
diff -urNp linux-3.0.4/net/ipv6/raw.c linux-3.0.4/net/ipv6/raw.c
--- linux-3.0.4/net/ipv6/raw.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/net/ipv6/raw.c 2011-08-23 21:48:14.000000000 -0400
@@ -70754,6 +72291,30 @@ diff -urNp linux-3.0.4/net/rds/iw_recv.c linux-3.0.4/net/rds/iw_recv.c
}
#endif
+diff -urNp linux-3.0.4/net/rds/tcp.c linux-3.0.4/net/rds/tcp.c
+--- linux-3.0.4/net/rds/tcp.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/net/rds/tcp.c 2011-10-06 04:17:55.000000000 -0400
+@@ -58,7 +58,7 @@ void rds_tcp_nonagle(struct socket *sock
+ int val = 1;
+
+ set_fs(KERNEL_DS);
+- sock->ops->setsockopt(sock, SOL_TCP, TCP_NODELAY, (char __user *)&val,
++ sock->ops->setsockopt(sock, SOL_TCP, TCP_NODELAY, (char __force_user *)&val,
+ sizeof(val));
+ set_fs(oldfs);
+ }
+diff -urNp linux-3.0.4/net/rds/tcp_send.c linux-3.0.4/net/rds/tcp_send.c
+--- linux-3.0.4/net/rds/tcp_send.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/net/rds/tcp_send.c 2011-10-06 04:17:55.000000000 -0400
+@@ -43,7 +43,7 @@ static void rds_tcp_cork(struct socket *
+
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
+- sock->ops->setsockopt(sock, SOL_TCP, TCP_CORK, (char __user *)&val,
++ sock->ops->setsockopt(sock, SOL_TCP, TCP_CORK, (char __force_user *)&val,
+ sizeof(val));
+ set_fs(oldfs);
+ }
diff -urNp linux-3.0.4/net/rxrpc/af_rxrpc.c linux-3.0.4/net/rxrpc/af_rxrpc.c
--- linux-3.0.4/net/rxrpc/af_rxrpc.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/net/rxrpc/af_rxrpc.c 2011-08-23 21:47:56.000000000 -0400
@@ -71055,7 +72616,7 @@ diff -urNp linux-3.0.4/net/sctp/socket.c linux-3.0.4/net/sctp/socket.c
cnt++;
diff -urNp linux-3.0.4/net/socket.c linux-3.0.4/net/socket.c
--- linux-3.0.4/net/socket.c 2011-09-02 18:11:21.000000000 -0400
-+++ linux-3.0.4/net/socket.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/net/socket.c 2011-10-06 04:17:55.000000000 -0400
@@ -88,6 +88,7 @@
#include <linux/nsproxy.h>
#include <linux/magic.h>
@@ -71215,6 +72776,114 @@ diff -urNp linux-3.0.4/net/socket.c linux-3.0.4/net/socket.c
err = -EFAULT;
if (MSG_CMSG_COMPAT & flags) {
if (get_compat_msghdr(msg_sys, msg_compat))
+@@ -1950,7 +2012,7 @@ static int __sys_sendmsg(struct socket *
+ * checking falls down on this.
+ */
+ if (copy_from_user(ctl_buf,
+- (void __user __force *)msg_sys->msg_control,
++ (void __force_user *)msg_sys->msg_control,
+ ctl_len))
+ goto out_freectl;
+ msg_sys->msg_control = ctl_buf;
+@@ -2118,7 +2180,7 @@ static int __sys_recvmsg(struct socket *
+ * kernel msghdr to use the kernel address space)
+ */
+
+- uaddr = (__force void __user *)msg_sys->msg_name;
++ uaddr = (void __force_user *)msg_sys->msg_name;
+ uaddr_len = COMPAT_NAMELEN(msg);
+ if (MSG_CMSG_COMPAT & flags) {
+ err = verify_compat_iovec(msg_sys, iov,
+@@ -2746,7 +2808,7 @@ static int ethtool_ioctl(struct net *net
+ }
+
+ ifr = compat_alloc_user_space(buf_size);
+- rxnfc = (void *)ifr + ALIGN(sizeof(struct ifreq), 8);
++ rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8);
+
+ if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
+ return -EFAULT;
+@@ -2770,12 +2832,12 @@ static int ethtool_ioctl(struct net *net
+ offsetof(struct ethtool_rxnfc, fs.ring_cookie));
+
+ if (copy_in_user(rxnfc, compat_rxnfc,
+- (void *)(&rxnfc->fs.m_ext + 1) -
+- (void *)rxnfc) ||
++ (void __user *)(&rxnfc->fs.m_ext + 1) -
++ (void __user *)rxnfc) ||
+ copy_in_user(&rxnfc->fs.ring_cookie,
+ &compat_rxnfc->fs.ring_cookie,
+- (void *)(&rxnfc->fs.location + 1) -
+- (void *)&rxnfc->fs.ring_cookie) ||
++ (void __user *)(&rxnfc->fs.location + 1) -
++ (void __user *)&rxnfc->fs.ring_cookie) ||
+ copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt,
+ sizeof(rxnfc->rule_cnt)))
+ return -EFAULT;
+@@ -2787,12 +2849,12 @@ static int ethtool_ioctl(struct net *net
+
+ if (convert_out) {
+ if (copy_in_user(compat_rxnfc, rxnfc,
+- (const void *)(&rxnfc->fs.m_ext + 1) -
+- (const void *)rxnfc) ||
++ (const void __user *)(&rxnfc->fs.m_ext + 1) -
++ (const void __user *)rxnfc) ||
+ copy_in_user(&compat_rxnfc->fs.ring_cookie,
+ &rxnfc->fs.ring_cookie,
+- (const void *)(&rxnfc->fs.location + 1) -
+- (const void *)&rxnfc->fs.ring_cookie) ||
++ (const void __user *)(&rxnfc->fs.location + 1) -
++ (const void __user *)&rxnfc->fs.ring_cookie) ||
+ copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
+ sizeof(rxnfc->rule_cnt)))
+ return -EFAULT;
+@@ -2862,7 +2924,7 @@ static int bond_ioctl(struct net *net, u
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ err = dev_ioctl(net, cmd,
+- (struct ifreq __user __force *) &kifr);
++ (struct ifreq __force_user *) &kifr);
+ set_fs(old_fs);
+
+ return err;
+@@ -2971,7 +3033,7 @@ static int compat_sioc_ifmap(struct net
+
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+- err = dev_ioctl(net, cmd, (void __user __force *)&ifr);
++ err = dev_ioctl(net, cmd, (void __force_user *)&ifr);
+ set_fs(old_fs);
+
+ if (cmd == SIOCGIFMAP && !err) {
+@@ -3076,7 +3138,7 @@ static int routing_ioctl(struct net *net
+ ret |= __get_user(rtdev, &(ur4->rt_dev));
+ if (rtdev) {
+ ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
+- r4.rt_dev = (char __user __force *)devname;
++ r4.rt_dev = (char __force_user *)devname;
+ devname[15] = 0;
+ } else
+ r4.rt_dev = NULL;
+@@ -3316,8 +3378,8 @@ int kernel_getsockopt(struct socket *soc
+ int __user *uoptlen;
+ int err;
+
+- uoptval = (char __user __force *) optval;
+- uoptlen = (int __user __force *) optlen;
++ uoptval = (char __force_user *) optval;
++ uoptlen = (int __force_user *) optlen;
+
+ set_fs(KERNEL_DS);
+ if (level == SOL_SOCKET)
+@@ -3337,7 +3399,7 @@ int kernel_setsockopt(struct socket *soc
+ char __user *uoptval;
+ int err;
+
+- uoptval = (char __user __force *) optval;
++ uoptval = (char __force_user *) optval;
+
+ set_fs(KERNEL_DS);
+ if (level == SOL_SOCKET)
diff -urNp linux-3.0.4/net/sunrpc/sched.c linux-3.0.4/net/sunrpc/sched.c
--- linux-3.0.4/net/sunrpc/sched.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/net/sunrpc/sched.c 2011-08-23 21:47:56.000000000 -0400
@@ -71230,6 +72899,18 @@ diff -urNp linux-3.0.4/net/sunrpc/sched.c linux-3.0.4/net/sunrpc/sched.c
}
#else
static inline void rpc_task_set_debuginfo(struct rpc_task *task)
+diff -urNp linux-3.0.4/net/sunrpc/svcsock.c linux-3.0.4/net/sunrpc/svcsock.c
+--- linux-3.0.4/net/sunrpc/svcsock.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/net/sunrpc/svcsock.c 2011-10-06 04:17:55.000000000 -0400
+@@ -392,7 +392,7 @@ static int svc_partial_recvfrom(struct s
+ int buflen, unsigned int base)
+ {
+ size_t save_iovlen;
+- void __user *save_iovbase;
++ void *save_iovbase;
+ unsigned int i;
+ int ret;
+
diff -urNp linux-3.0.4/net/sunrpc/xprtrdma/svc_rdma.c linux-3.0.4/net/sunrpc/xprtrdma/svc_rdma.c
--- linux-3.0.4/net/sunrpc/xprtrdma/svc_rdma.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/net/sunrpc/xprtrdma/svc_rdma.c 2011-08-23 21:47:56.000000000 -0400
@@ -71442,6 +73123,60 @@ diff -urNp linux-3.0.4/net/sysctl_net.c linux-3.0.4/net/sysctl_net.c
int mode = (table->mode >> 6) & 7;
return (mode << 6) | (mode << 3) | mode;
}
+diff -urNp linux-3.0.4/net/tipc/link.c linux-3.0.4/net/tipc/link.c
+--- linux-3.0.4/net/tipc/link.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/net/tipc/link.c 2011-10-06 04:17:55.000000000 -0400
+@@ -1170,7 +1170,7 @@ static int link_send_sections_long(struc
+ struct tipc_msg fragm_hdr;
+ struct sk_buff *buf, *buf_chain, *prev;
+ u32 fragm_crs, fragm_rest, hsz, sect_rest;
+- const unchar *sect_crs;
++ const unchar __user *sect_crs;
+ int curr_sect;
+ u32 fragm_no;
+
+@@ -1214,7 +1214,7 @@ again:
+
+ if (!sect_rest) {
+ sect_rest = msg_sect[++curr_sect].iov_len;
+- sect_crs = (const unchar *)msg_sect[curr_sect].iov_base;
++ sect_crs = (const unchar __user *)msg_sect[curr_sect].iov_base;
+ }
+
+ if (sect_rest < fragm_rest)
+@@ -1233,7 +1233,7 @@ error:
+ }
+ } else
+ skb_copy_to_linear_data_offset(buf, fragm_crs,
+- sect_crs, sz);
++ (const void __force_kernel *)sect_crs, sz);
+ sect_crs += sz;
+ sect_rest -= sz;
+ fragm_crs += sz;
+diff -urNp linux-3.0.4/net/tipc/msg.c linux-3.0.4/net/tipc/msg.c
+--- linux-3.0.4/net/tipc/msg.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/net/tipc/msg.c 2011-10-06 04:17:55.000000000 -0400
+@@ -101,7 +101,7 @@ int tipc_msg_build(struct tipc_msg *hdr,
+ msg_sect[cnt].iov_len);
+ else
+ skb_copy_to_linear_data_offset(*buf, pos,
+- msg_sect[cnt].iov_base,
++ (const void __force_kernel *)msg_sect[cnt].iov_base,
+ msg_sect[cnt].iov_len);
+ pos += msg_sect[cnt].iov_len;
+ }
+diff -urNp linux-3.0.4/net/tipc/subscr.c linux-3.0.4/net/tipc/subscr.c
+--- linux-3.0.4/net/tipc/subscr.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/net/tipc/subscr.c 2011-10-06 04:17:55.000000000 -0400
+@@ -101,7 +101,7 @@ static void subscr_send_event(struct sub
+ {
+ struct iovec msg_sect;
+
+- msg_sect.iov_base = (void *)&sub->evt;
++ msg_sect.iov_base = (void __force_user *)&sub->evt;
+ msg_sect.iov_len = sizeof(struct tipc_event);
+
+ sub->evt.event = htohl(event, sub->swap);
diff -urNp linux-3.0.4/net/unix/af_unix.c linux-3.0.4/net/unix/af_unix.c
--- linux-3.0.4/net/unix/af_unix.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/net/unix/af_unix.c 2011-08-23 21:48:14.000000000 -0400
@@ -71637,7 +73372,29 @@ diff -urNp linux-3.0.4/net/xfrm/xfrm_user.c linux-3.0.4/net/xfrm/xfrm_user.c
diff -urNp linux-3.0.4/scripts/basic/fixdep.c linux-3.0.4/scripts/basic/fixdep.c
--- linux-3.0.4/scripts/basic/fixdep.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/scripts/basic/fixdep.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/scripts/basic/fixdep.c 2011-10-06 04:17:55.000000000 -0400
+@@ -161,7 +161,7 @@ static unsigned int strhash(const char *
+ /*
+ * Lookup a value in the configuration string.
+ */
+-static int is_defined_config(const char *name, int len, unsigned int hash)
++static int is_defined_config(const char *name, unsigned int len, unsigned int hash)
+ {
+ struct item *aux;
+
+@@ -211,10 +211,10 @@ static void clear_config(void)
+ /*
+ * Record the use of a CONFIG_* word.
+ */
+-static void use_config(const char *m, int slen)
++static void use_config(const char *m, unsigned int slen)
+ {
+ unsigned int hash = strhash(m, slen);
+- int c, i;
++ unsigned int c, i;
+
+ if (is_defined_config(m, slen, hash))
+ return;
@@ -235,9 +235,9 @@ static void use_config(const char *m, in
static void parse_config_file(const char *map, size_t len)
@@ -71711,7 +73468,7 @@ diff -urNp linux-3.0.4/scripts/Makefile.host linux-3.0.4/scripts/Makefile.host
diff -urNp linux-3.0.4/scripts/mod/file2alias.c linux-3.0.4/scripts/mod/file2alias.c
--- linux-3.0.4/scripts/mod/file2alias.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/scripts/mod/file2alias.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.4/scripts/mod/file2alias.c 2011-10-06 04:17:55.000000000 -0400
@@ -72,7 +72,7 @@ static void device_id_check(const char *
unsigned long size, unsigned long id_size,
void *symval)
@@ -71730,6 +73487,15 @@ diff -urNp linux-3.0.4/scripts/mod/file2alias.c linux-3.0.4/scripts/mod/file2ali
unsigned char range_lo, unsigned char range_hi,
unsigned char max, struct module *mod)
{
+@@ -203,7 +203,7 @@ static void do_usb_entry_multi(struct us
+ {
+ unsigned int devlo, devhi;
+ unsigned char chi, clo, max;
+- int ndigits;
++ unsigned int ndigits;
+
+ id->match_flags = TO_NATIVE(id->match_flags);
+ id->idVendor = TO_NATIVE(id->idVendor);
@@ -437,7 +437,7 @@ static void do_pnp_device_entry(void *sy
for (i = 0; i < count; i++) {
const char *id = (char *)devs[i].id;
@@ -72008,7 +73774,7 @@ diff -urNp linux-3.0.4/security/integrity/ima/ima_queue.c linux-3.0.4/security/i
return 0;
diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
--- linux-3.0.4/security/Kconfig 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/security/Kconfig 2011-09-17 00:58:04.000000000 -0400
++++ linux-3.0.4/security/Kconfig 2011-10-06 04:19:25.000000000 -0400
@@ -4,6 +4,558 @@
menu "Security options"
@@ -72331,7 +74097,7 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
+
+config PAX_KERNEXEC
+ bool "Enforce non-executable kernel pages"
-+ depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
++ depends on (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
+ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
+ select PAX_KERNEXEC_PLUGIN if X86_64
+ help
@@ -72399,7 +74165,7 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
+
+config PAX_RANDKSTACK
+ bool "Randomize kernel stack base"
-+ depends on PAX_ASLR && X86_TSC && X86
++ depends on X86_TSC && X86
+ help
+ By saying Y here the kernel will randomize every task's kernel
+ stack on every system call. This will not only force an attacker
@@ -72577,6 +74343,57 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
default 65536
help
This is the portion of low virtual memory which should be protected
+diff -urNp linux-3.0.4/security/keys/compat.c linux-3.0.4/security/keys/compat.c
+--- linux-3.0.4/security/keys/compat.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/security/keys/compat.c 2011-10-06 04:17:55.000000000 -0400
+@@ -44,7 +44,7 @@ long compat_keyctl_instantiate_key_iov(
+ if (ret == 0)
+ goto no_payload_free;
+
+- ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid);
++ ret = keyctl_instantiate_key_common(id, (const struct iovec __force_user *)iov, ioc, ret, ringid);
+
+ if (iov != iovstack)
+ kfree(iov);
+diff -urNp linux-3.0.4/security/keys/keyctl.c linux-3.0.4/security/keys/keyctl.c
+--- linux-3.0.4/security/keys/keyctl.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/security/keys/keyctl.c 2011-10-06 04:17:55.000000000 -0400
+@@ -921,7 +921,7 @@ static int keyctl_change_reqkey_auth(str
+ /*
+ * Copy the iovec data from userspace
+ */
+-static long copy_from_user_iovec(void *buffer, const struct iovec *iov,
++static long copy_from_user_iovec(void *buffer, const struct iovec __user *iov,
+ unsigned ioc)
+ {
+ for (; ioc > 0; ioc--) {
+@@ -943,7 +943,7 @@ static long copy_from_user_iovec(void *b
+ * If successful, 0 will be returned.
+ */
+ long keyctl_instantiate_key_common(key_serial_t id,
+- const struct iovec *payload_iov,
++ const struct iovec __user *payload_iov,
+ unsigned ioc,
+ size_t plen,
+ key_serial_t ringid)
+@@ -1038,7 +1038,7 @@ long keyctl_instantiate_key(key_serial_t
+ [0].iov_len = plen
+ };
+
+- return keyctl_instantiate_key_common(id, iov, 1, plen, ringid);
++ return keyctl_instantiate_key_common(id, (const struct iovec __force_user *)iov, 1, plen, ringid);
+ }
+
+ return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid);
+@@ -1071,7 +1071,7 @@ long keyctl_instantiate_key_iov(key_seri
+ if (ret == 0)
+ goto no_payload_free;
+
+- ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid);
++ ret = keyctl_instantiate_key_common(id, (const struct iovec __force_user *)iov, ioc, ret, ringid);
+
+ if (iov != iovstack)
+ kfree(iov);
diff -urNp linux-3.0.4/security/keys/keyring.c linux-3.0.4/security/keys/keyring.c
--- linux-3.0.4/security/keys/keyring.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/security/keys/keyring.c 2011-08-23 21:47:56.000000000 -0400
@@ -72752,6 +74569,109 @@ diff -urNp linux-3.0.4/sound/aoa/codecs/onyx.h linux-3.0.4/sound/aoa/codecs/onyx
/* PCM3052 register definitions */
+diff -urNp linux-3.0.4/sound/core/oss/pcm_oss.c linux-3.0.4/sound/core/oss/pcm_oss.c
+--- linux-3.0.4/sound/core/oss/pcm_oss.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/sound/core/oss/pcm_oss.c 2011-10-06 04:17:55.000000000 -0400
+@@ -1189,10 +1189,10 @@ snd_pcm_sframes_t snd_pcm_oss_write3(str
+ if (in_kernel) {
+ mm_segment_t fs;
+ fs = snd_enter_user();
+- ret = snd_pcm_lib_write(substream, (void __force __user *)ptr, frames);
++ ret = snd_pcm_lib_write(substream, (void __force_user *)ptr, frames);
+ snd_leave_user(fs);
+ } else {
+- ret = snd_pcm_lib_write(substream, (void __force __user *)ptr, frames);
++ ret = snd_pcm_lib_write(substream, (void __force_user *)ptr, frames);
+ }
+ if (ret != -EPIPE && ret != -ESTRPIPE)
+ break;
+@@ -1234,10 +1234,10 @@ snd_pcm_sframes_t snd_pcm_oss_read3(stru
+ if (in_kernel) {
+ mm_segment_t fs;
+ fs = snd_enter_user();
+- ret = snd_pcm_lib_read(substream, (void __force __user *)ptr, frames);
++ ret = snd_pcm_lib_read(substream, (void __force_user *)ptr, frames);
+ snd_leave_user(fs);
+ } else {
+- ret = snd_pcm_lib_read(substream, (void __force __user *)ptr, frames);
++ ret = snd_pcm_lib_read(substream, (void __force_user *)ptr, frames);
+ }
+ if (ret == -EPIPE) {
+ if (runtime->status->state == SNDRV_PCM_STATE_DRAINING) {
+@@ -1337,7 +1337,7 @@ static ssize_t snd_pcm_oss_write2(struct
+ struct snd_pcm_plugin_channel *channels;
+ size_t oss_frame_bytes = (runtime->oss.plugin_first->src_width * runtime->oss.plugin_first->src_format.channels) / 8;
+ if (!in_kernel) {
+- if (copy_from_user(runtime->oss.buffer, (const char __force __user *)buf, bytes))
++ if (copy_from_user(runtime->oss.buffer, (const char __force_user *)buf, bytes))
+ return -EFAULT;
+ buf = runtime->oss.buffer;
+ }
+@@ -1407,7 +1407,7 @@ static ssize_t snd_pcm_oss_write1(struct
+ }
+ } else {
+ tmp = snd_pcm_oss_write2(substream,
+- (const char __force *)buf,
++ (const char __force_kernel *)buf,
+ runtime->oss.period_bytes, 0);
+ if (tmp <= 0)
+ goto err;
+@@ -1433,7 +1433,7 @@ static ssize_t snd_pcm_oss_read2(struct
+ struct snd_pcm_runtime *runtime = substream->runtime;
+ snd_pcm_sframes_t frames, frames1;
+ #ifdef CONFIG_SND_PCM_OSS_PLUGINS
+- char __user *final_dst = (char __force __user *)buf;
++ char __user *final_dst = (char __force_user *)buf;
+ if (runtime->oss.plugin_first) {
+ struct snd_pcm_plugin_channel *channels;
+ size_t oss_frame_bytes = (runtime->oss.plugin_last->dst_width * runtime->oss.plugin_last->dst_format.channels) / 8;
+@@ -1495,7 +1495,7 @@ static ssize_t snd_pcm_oss_read1(struct
+ xfer += tmp;
+ runtime->oss.buffer_used -= tmp;
+ } else {
+- tmp = snd_pcm_oss_read2(substream, (char __force *)buf,
++ tmp = snd_pcm_oss_read2(substream, (char __force_kernel *)buf,
+ runtime->oss.period_bytes, 0);
+ if (tmp <= 0)
+ goto err;
+@@ -1663,7 +1663,7 @@ static int snd_pcm_oss_sync(struct snd_p
+ size1);
+ size1 /= runtime->channels; /* frames */
+ fs = snd_enter_user();
+- snd_pcm_lib_write(substream, (void __force __user *)runtime->oss.buffer, size1);
++ snd_pcm_lib_write(substream, (void __force_user *)runtime->oss.buffer, size1);
+ snd_leave_user(fs);
+ }
+ } else if (runtime->access == SNDRV_PCM_ACCESS_RW_NONINTERLEAVED) {
+diff -urNp linux-3.0.4/sound/core/pcm_compat.c linux-3.0.4/sound/core/pcm_compat.c
+--- linux-3.0.4/sound/core/pcm_compat.c 2011-09-02 18:11:21.000000000 -0400
++++ linux-3.0.4/sound/core/pcm_compat.c 2011-10-06 04:17:55.000000000 -0400
+@@ -31,7 +31,7 @@ static int snd_pcm_ioctl_delay_compat(st
+ int err;
+
+ fs = snd_enter_user();
+- err = snd_pcm_delay(substream, &delay);
++ err = snd_pcm_delay(substream, (snd_pcm_sframes_t __force_user *)&delay);
+ snd_leave_user(fs);
+ if (err < 0)
+ return err;
+diff -urNp linux-3.0.4/sound/core/pcm_native.c linux-3.0.4/sound/core/pcm_native.c
+--- linux-3.0.4/sound/core/pcm_native.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/sound/core/pcm_native.c 2011-10-06 04:17:55.000000000 -0400
+@@ -2770,11 +2770,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_
+ switch (substream->stream) {
+ case SNDRV_PCM_STREAM_PLAYBACK:
+ result = snd_pcm_playback_ioctl1(NULL, substream, cmd,
+- (void __user *)arg);
++ (void __force_user *)arg);
+ break;
+ case SNDRV_PCM_STREAM_CAPTURE:
+ result = snd_pcm_capture_ioctl1(NULL, substream, cmd,
+- (void __user *)arg);
++ (void __force_user *)arg);
+ break;
+ default:
+ result = -EINVAL;
diff -urNp linux-3.0.4/sound/core/seq/seq_device.c linux-3.0.4/sound/core/seq/seq_device.c
--- linux-3.0.4/sound/core/seq/seq_device.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/sound/core/seq/seq_device.c 2011-08-23 21:47:56.000000000 -0400
@@ -73161,6 +75081,179 @@ diff -urNp linux-3.0.4/sound/usb/card.h linux-3.0.4/sound/usb/card.h
};
struct snd_usb_stream {
+diff -urNp linux-3.0.4/tools/gcc/checker_plugin.c linux-3.0.4/tools/gcc/checker_plugin.c
+--- linux-3.0.4/tools/gcc/checker_plugin.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-3.0.4/tools/gcc/checker_plugin.c 2011-10-06 04:17:55.000000000 -0400
+@@ -0,0 +1,169 @@
++/*
++ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
++ * Licensed under the GPL v2
++ *
++ * Note: the choice of the license means that the compilation process is
++ * NOT 'eligible' as defined by gcc's library exception to the GPL v3,
++ * but for the kernel it doesn't matter since it doesn't link against
++ * any of the gcc libraries
++ *
++ * gcc plugin to implement various sparse (source code checker) features
++ *
++ * TODO:
++ * - define separate __iomem, __percpu and __rcu address spaces (lots of code to patch)
++ *
++ * BUGS:
++ * - none known
++ */
++#include "gcc-plugin.h"
++#include "config.h"
++#include "system.h"
++#include "coretypes.h"
++#include "tree.h"
++#include "tree-pass.h"
++#include "intl.h"
++#include "plugin-version.h"
++#include "tm.h"
++#include "toplev.h"
++#include "basic-block.h"
++#include "gimple.h"
++//#include "expr.h" where are you...
++#include "diagnostic.h"
++#include "rtl.h"
++#include "emit-rtl.h"
++#include "function.h"
++#include "tree-flow.h"
++#include "target.h"
++
++extern void c_register_addr_space (const char *str, addr_space_t as);
++extern enum machine_mode default_addr_space_pointer_mode (addr_space_t);
++extern enum machine_mode default_addr_space_address_mode (addr_space_t);
++extern bool default_addr_space_valid_pointer_mode(enum machine_mode mode, addr_space_t as);
++extern bool default_addr_space_legitimate_address_p(enum machine_mode mode, rtx mem, bool strict, addr_space_t as);
++extern rtx default_addr_space_legitimize_address(rtx x, rtx oldx, enum machine_mode mode, addr_space_t as);
++
++extern void print_gimple_stmt(FILE *, gimple, int, int);
++extern rtx emit_move_insn(rtx x, rtx y);
++
++int plugin_is_GPL_compatible;
++
++static struct plugin_info checker_plugin_info = {
++ .version = "201110031940",
++};
++
++#define ADDR_SPACE_KERNEL 0
++#define ADDR_SPACE_FORCE_KERNEL 1
++#define ADDR_SPACE_USER 2
++#define ADDR_SPACE_FORCE_USER 3
++#define ADDR_SPACE_IOMEM 0
++#define ADDR_SPACE_FORCE_IOMEM 0
++#define ADDR_SPACE_PERCPU 0
++#define ADDR_SPACE_FORCE_PERCPU 0
++#define ADDR_SPACE_RCU 0
++#define ADDR_SPACE_FORCE_RCU 0
++
++static enum machine_mode checker_addr_space_pointer_mode(addr_space_t addrspace)
++{
++ return default_addr_space_pointer_mode(ADDR_SPACE_GENERIC);
++}
++
++static enum machine_mode checker_addr_space_address_mode(addr_space_t addrspace)
++{
++ return default_addr_space_address_mode(ADDR_SPACE_GENERIC);
++}
++
++static bool checker_addr_space_valid_pointer_mode(enum machine_mode mode, addr_space_t as)
++{
++ return default_addr_space_valid_pointer_mode(mode, as);
++}
++
++static bool checker_addr_space_legitimate_address_p(enum machine_mode mode, rtx mem, bool strict, addr_space_t as)
++{
++ return default_addr_space_legitimate_address_p(mode, mem, strict, ADDR_SPACE_GENERIC);
++}
++
++static rtx checker_addr_space_legitimize_address(rtx x, rtx oldx, enum machine_mode mode, addr_space_t as)
++{
++ return default_addr_space_legitimize_address(x, oldx, mode, as);
++}
++
++static bool checker_addr_space_subset_p(addr_space_t subset, addr_space_t superset)
++{
++ if (subset == ADDR_SPACE_FORCE_KERNEL && superset == ADDR_SPACE_KERNEL)
++ return true;
++
++ if (subset == ADDR_SPACE_FORCE_USER && superset == ADDR_SPACE_USER)
++ return true;
++
++ if (subset == ADDR_SPACE_FORCE_IOMEM && superset == ADDR_SPACE_IOMEM)
++ return true;
++
++ if (subset == ADDR_SPACE_KERNEL && superset == ADDR_SPACE_FORCE_USER)
++ return true;
++
++ if (subset == ADDR_SPACE_KERNEL && superset == ADDR_SPACE_FORCE_IOMEM)
++ return true;
++
++ if (subset == ADDR_SPACE_USER && superset == ADDR_SPACE_FORCE_KERNEL)
++ return true;
++
++ if (subset == ADDR_SPACE_IOMEM && superset == ADDR_SPACE_FORCE_KERNEL)
++ return true;
++
++ return subset == superset;
++}
++
++static rtx checker_addr_space_convert(rtx op, tree from_type, tree to_type)
++{
++// addr_space_t from_as = TYPE_ADDR_SPACE(TREE_TYPE(from_type));
++// addr_space_t to_as = TYPE_ADDR_SPACE(TREE_TYPE(to_type));
++
++ return op;
++}
++
++static void register_checker_address_spaces(void *event_data, void *data)
++{
++ c_register_addr_space("__kernel", ADDR_SPACE_KERNEL);
++ c_register_addr_space("__force_kernel", ADDR_SPACE_FORCE_KERNEL);
++ c_register_addr_space("__user", ADDR_SPACE_USER);
++ c_register_addr_space("__force_user", ADDR_SPACE_FORCE_USER);
++// c_register_addr_space("__iomem", ADDR_SPACE_IOMEM);
++// c_register_addr_space("__force_iomem", ADDR_SPACE_FORCE_IOMEM);
++// c_register_addr_space("__percpu", ADDR_SPACE_PERCPU);
++// c_register_addr_space("__force_percpu", ADDR_SPACE_FORCE_PERCPU);
++// c_register_addr_space("__rcu", ADDR_SPACE_RCU);
++// c_register_addr_space("__force_rcu", ADDR_SPACE_FORCE_RCU);
++
++ targetm.addr_space.pointer_mode = checker_addr_space_pointer_mode;
++ targetm.addr_space.address_mode = checker_addr_space_address_mode;
++ targetm.addr_space.valid_pointer_mode = checker_addr_space_valid_pointer_mode;
++ targetm.addr_space.legitimate_address_p = checker_addr_space_legitimate_address_p;
++// targetm.addr_space.legitimize_address = checker_addr_space_legitimize_address;
++ targetm.addr_space.subset_p = checker_addr_space_subset_p;
++ targetm.addr_space.convert = checker_addr_space_convert;
++}
++
++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
++{
++ const char * const plugin_name = plugin_info->base_name;
++ const int argc = plugin_info->argc;
++ const struct plugin_argument * const argv = plugin_info->argv;
++ int i;
++
++ if (!plugin_default_version_check(version, &gcc_version)) {
++ error(G_("incompatible gcc/plugin versions"));
++ return 1;
++ }
++
++ register_callback(plugin_name, PLUGIN_INFO, NULL, &checker_plugin_info);
++
++ for (i = 0; i < argc; ++i)
++ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
++
++ if (TARGET_64BIT == 0)
++ return 0;
++
++ register_callback (plugin_name, PLUGIN_PRAGMAS, register_checker_address_spaces, NULL);
++
++ return 0;
++}
diff -urNp linux-3.0.4/tools/gcc/constify_plugin.c linux-3.0.4/tools/gcc/constify_plugin.c
--- linux-3.0.4/tools/gcc/constify_plugin.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-3.0.4/tools/gcc/constify_plugin.c 2011-08-30 18:23:52.000000000 -0400
@@ -73460,7 +75553,7 @@ diff -urNp linux-3.0.4/tools/gcc/constify_plugin.c linux-3.0.4/tools/gcc/constif
+}
diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallocstat_plugin.c
--- linux-3.0.4/tools/gcc/kallocstat_plugin.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/tools/gcc/kallocstat_plugin.c 2011-09-17 00:53:44.000000000 -0400
++++ linux-3.0.4/tools/gcc/kallocstat_plugin.c 2011-10-06 04:17:55.000000000 -0400
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
@@ -73549,10 +75642,10 @@ diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallo
+static unsigned int execute_kallocstat(void)
+{
+ basic_block bb;
-+ gimple_stmt_iterator gsi;
+
+ // 1. loop through BBs and GIMPLE statements
+ FOR_EACH_BB(bb) {
++ gimple_stmt_iterator gsi;
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
+ // gimple match:
+ tree fndecl, size;
@@ -73629,8 +75722,8 @@ diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallo
+}
diff -urNp linux-3.0.4/tools/gcc/kernexec_plugin.c linux-3.0.4/tools/gcc/kernexec_plugin.c
--- linux-3.0.4/tools/gcc/kernexec_plugin.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/tools/gcc/kernexec_plugin.c 2011-09-19 09:16:58.000000000 -0400
-@@ -0,0 +1,265 @@
++++ linux-3.0.4/tools/gcc/kernexec_plugin.c 2011-10-06 04:17:55.000000000 -0400
+@@ -0,0 +1,273 @@
+/*
+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -73667,21 +75760,23 @@ diff -urNp linux-3.0.4/tools/gcc/kernexec_plugin.c linux-3.0.4/tools/gcc/kernexe
+#include "tree-flow.h"
+
+extern void print_gimple_stmt(FILE *, gimple, int, int);
++extern rtx emit_move_insn(rtx x, rtx y);
+
+int plugin_is_GPL_compatible;
+
+static struct plugin_info kernexec_plugin_info = {
-+ .version = "201109191200",
++ .version = "201110032145",
+};
+
+static unsigned int execute_kernexec_fptr(void);
+static unsigned int execute_kernexec_retaddr(void);
++static bool kernexec_cmodel_check(void);
+
+static struct gimple_opt_pass kernexec_fptr_pass = {
+ .pass = {
+ .type = GIMPLE_PASS,
+ .name = "kernexec_fptr",
-+ .gate = NULL,
++ .gate = kernexec_cmodel_check,
+ .execute = execute_kernexec_fptr,
+ .sub = NULL,
+ .next = NULL,
@@ -73699,7 +75794,7 @@ diff -urNp linux-3.0.4/tools/gcc/kernexec_plugin.c linux-3.0.4/tools/gcc/kernexe
+ .pass = {
+ .type = RTL_PASS,
+ .name = "kernexec_retaddr",
-+ .gate = NULL,
++ .gate = kernexec_cmodel_check,
+ .execute = execute_kernexec_retaddr,
+ .sub = NULL,
+ .next = NULL,
@@ -73709,10 +75804,28 @@ diff -urNp linux-3.0.4/tools/gcc/kernexec_plugin.c linux-3.0.4/tools/gcc/kernexe
+ .properties_provided = 0,
+ .properties_destroyed = 0,
+ .todo_flags_start = 0,
-+ .todo_flags_finish = TODO_dump_func
++ .todo_flags_finish = TODO_dump_func | TODO_ggc_collect
+ }
+};
+
++static bool kernexec_cmodel_check(void)
++{
++ tree section;
++
++ if (ix86_cmodel != CM_KERNEL)
++ return false;
++
++ section = lookup_attribute("__section__", DECL_ATTRIBUTES(current_function_decl));
++ if (!section || !TREE_VALUE(section))
++ return true;
++
++ section = TREE_VALUE(TREE_VALUE(section));
++ if (strncmp(TREE_STRING_POINTER(section), ".vsyscall_", 10))
++ return true;
++
++ return false;
++}
++
+/*
+ * add special KERNEXEC instrumentation: force MSB of fptr to 1, which will produce
+ * a non-canonical address from a userland ptr and will just trigger a GPF on dereference
@@ -73731,18 +75844,14 @@ diff -urNp linux-3.0.4/tools/gcc/kernexec_plugin.c linux-3.0.4/tools/gcc/kernexe
+ mark_sym_for_renaming(intptr);
+ assign_intptr = gimple_build_assign(intptr, fold_convert(long_unsigned_type_node, old_fptr));
+ update_stmt(assign_intptr);
-+ gsi_insert_before(&gsi, assign_intptr, GSI_NEW_STMT);
-+
-+ gsi_next(&gsi);
++ gsi_insert_before(&gsi, assign_intptr, GSI_SAME_STMT);
+
+ // apply logical or to temporary unsigned long and bitmask
+ kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0x8000000000000000LL);
+// kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0xffffffff80000000LL);
+ assign_intptr = gimple_build_assign(intptr, fold_build2(BIT_IOR_EXPR, long_long_unsigned_type_node, intptr, kernexec_mask));
+ update_stmt(assign_intptr);
-+ gsi_insert_before(&gsi, assign_intptr, GSI_NEW_STMT);
-+
-+ gsi_next(&gsi);
++ gsi_insert_before(&gsi, assign_intptr, GSI_SAME_STMT);
+
+ // cast temporary unsigned long back to a temporary fptr variable
+ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), NULL);
@@ -73750,9 +75859,7 @@ diff -urNp linux-3.0.4/tools/gcc/kernexec_plugin.c linux-3.0.4/tools/gcc/kernexe
+ mark_sym_for_renaming(new_fptr);
+ assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr));
+ update_stmt(assign_new_fptr);
-+ gsi_insert_before(&gsi, assign_new_fptr, GSI_NEW_STMT);
-+
-+ gsi_next(&gsi);
++ gsi_insert_before(&gsi, assign_new_fptr, GSI_SAME_STMT);
+
+ // replace call stmt fn with the new fptr
+ gimple_call_set_fn(call_stmt, new_fptr);
@@ -73805,28 +75912,22 @@ diff -urNp linux-3.0.4/tools/gcc/kernexec_plugin.c linux-3.0.4/tools/gcc/kernexe
+ return 0;
+}
+
-+// add special KERNEXEC instrumentation: orb $0x80,7(%rsp) just before retn
++// add special KERNEXEC instrumentation: btsq $63,(%rsp) just before retn
+static void kernexec_instrument_retaddr(rtx insn)
+{
-+ rtx ret_addr, clob, or;
++ rtx btsq;
++ rtvec argvec, constraintvec, labelvec;
++ int line;
+
-+ start_sequence();
-+
-+ // compute 7(%rsp)
-+ ret_addr = gen_rtx_MEM(QImode, gen_rtx_PLUS(Pmode, stack_pointer_rtx, GEN_INT(7)));
-+ MEM_VOLATILE_P(ret_addr) = 1;
-+
-+ // create orb $0x80,7(%rsp)
-+ or = gen_rtx_SET(VOIDmode, ret_addr, gen_rtx_IOR(QImode, ret_addr, GEN_INT(0xffffffffffffff80)));
-+ clob = gen_rtx_CLOBBER(VOIDmode, gen_rtx_REG(CCmode, FLAGS_REG));
-+
-+ // put everything together
-+ or = emit_insn(gen_rtx_PARALLEL(VOIDmode, gen_rtvec(2, or, clob)));
-+ RTX_FRAME_RELATED_P(or) = 1;
-+
-+ end_sequence();
-+
-+ emit_insn_before(or, insn);
++ // create asm volatile("btsq $63,(%%rsp)":::)
++ argvec = rtvec_alloc(0);
++ constraintvec = rtvec_alloc(0);
++ labelvec = rtvec_alloc(0);
++ line = expand_location(RTL_LOCATION(insn)).line;
++ btsq = gen_rtx_ASM_OPERANDS(VOIDmode, "btsq $63,(%%rsp)", empty_string, 0, argvec, constraintvec, labelvec, line);
++ MEM_VOLATILE_P(btsq) = 1;
++ RTX_FRAME_RELATED_P(btsq) = 1;
++ emit_insn_before(btsq, insn);
+}
+
+/*
@@ -73888,7 +75989,7 @@ diff -urNp linux-3.0.4/tools/gcc/kernexec_plugin.c linux-3.0.4/tools/gcc/kernexe
+ for (i = 0; i < argc; ++i)
+ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
+
-+ if (TARGET_64BIT == 0 || ix86_cmodel != CM_KERNEL)
++ if (TARGET_64BIT == 0)
+ return 0;
+
+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_fptr_pass_info);
@@ -73898,8 +75999,8 @@ diff -urNp linux-3.0.4/tools/gcc/kernexec_plugin.c linux-3.0.4/tools/gcc/kernexe
+}
diff -urNp linux-3.0.4/tools/gcc/Makefile linux-3.0.4/tools/gcc/Makefile
--- linux-3.0.4/tools/gcc/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/tools/gcc/Makefile 2011-09-17 00:53:44.000000000 -0400
-@@ -0,0 +1,14 @@
++++ linux-3.0.4/tools/gcc/Makefile 2011-10-06 04:17:55.000000000 -0400
+@@ -0,0 +1,21 @@
+#CC := gcc
+#PLUGIN_SOURCE_FILES := pax_plugin.c
+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
@@ -73908,12 +76009,19 @@ diff -urNp linux-3.0.4/tools/gcc/Makefile linux-3.0.4/tools/gcc/Makefile
+
+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include
+
-+hostlibs-y := stackleak_plugin.so constify_plugin.so kallocstat_plugin.so kernexec_plugin.so
++hostlibs-y := constify_plugin.so
++hostlibs-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so
++hostlibs-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so
++hostlibs-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so
++hostlibs-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so
++
+always := $(hostlibs-y)
++
+stackleak_plugin-objs := stackleak_plugin.o
+constify_plugin-objs := constify_plugin.o
+kallocstat_plugin-objs := kallocstat_plugin.o
+kernexec_plugin-objs := kernexec_plugin.o
++checker_plugin-objs := checker_plugin.o
diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackleak_plugin.c
--- linux-3.0.4/tools/gcc/stackleak_plugin.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-3.0.4/tools/gcc/stackleak_plugin.c 2011-09-17 00:53:44.000000000 -0400
diff --git a/3.0.4/4435_grsec-kconfig-gentoo.patch b/3.0.4/4435_grsec-kconfig-gentoo.patch
index 82d188e..1bc9742 100644
--- a/3.0.4/4435_grsec-kconfig-gentoo.patch
+++ b/3.0.4/4435_grsec-kconfig-gentoo.patch
@@ -293,8 +293,8 @@ diff -Naur a/security/Kconfig b/security/Kconfig
config PAX_KERNEXEC
bool "Enforce non-executable kernel pages"
-- depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
-+ depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN && !GRKERNSEC_HARDENED_VIRTUALIZATION
+- depends on (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
++ depends on (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN && !GRKERNSEC_HARDENED_VIRTUALIZATION
select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
select PAX_KERNEXEC_PLUGIN if X86_64
+ default y if GRKERNSEC_HARDENED_WORKSTATION
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.0.4/
@ 2011-10-08 17:34 Anthony G. Basile
0 siblings, 0 replies; 8+ messages in thread
From: Anthony G. Basile @ 2011-10-08 17:34 UTC (permalink / raw
To: gentoo-commits
commit: f7defdf61069cfadcaaacf0dd7fbe2f8d6efc69f
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 8 17:33:17 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Oct 8 17:33:17 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=f7defdf6
Grsec/PaX: 2.2.2-2.6.32.46-201110080819 + 2.2.2-3.0.4-201110080819
---
2.6.32/0000_README | 2 +-
..._grsecurity-2.2.2-2.6.32.46-201110080819.patch} | 377 ++++++++++++----
3.0.4/0000_README | 2 +-
...4420_grsecurity-2.2.2-3.0.4-201110080819.patch} | 483 ++++++++++++++++----
4 files changed, 685 insertions(+), 179 deletions(-)
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index d9050ac..2d691bc 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-2.6.32.46-201110061013.patch
+Patch: 4420_grsecurity-2.2.2-2.6.32.46-201110080819.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201110061013.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201110080819.patch
similarity index 99%
rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201110061013.patch
rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201110080819.patch
index 2e6cafe..e1d04bf 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201110061013.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201110080819.patch
@@ -7150,8 +7150,8 @@ diff -urNp linux-2.6.32.46/arch/x86/ia32/sys_ia32.c linux-2.6.32.46/arch/x86/ia3
diff -urNp linux-2.6.32.46/arch/x86/include/asm/alternative-asm.h linux-2.6.32.46/arch/x86/include/asm/alternative-asm.h
--- linux-2.6.32.46/arch/x86/include/asm/alternative-asm.h 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/include/asm/alternative-asm.h 2011-10-06 09:37:14.000000000 -0400
-@@ -19,4 +19,13 @@
++++ linux-2.6.32.46/arch/x86/include/asm/alternative-asm.h 2011-10-08 08:14:37.000000000 -0400
+@@ -19,4 +19,18 @@
.endm
#endif
@@ -7159,9 +7159,14 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/alternative-asm.h linux-2.6.32.4
+ .macro pax_force_retaddr rip=0
+ btsq $63,\rip(%rsp)
+ .endm
++ .macro pax_force_fptr ptr
++ btsq $63,\ptr
++ .endm
+#else
+ .macro pax_force_retaddr rip=0
+ .endm
++ .macro pax_force_fptr ptr
++ .endm
+#endif
+
#endif /* __ASSEMBLY__ */
@@ -9512,7 +9517,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/mmu.h linux-2.6.32.46/arch/x86/i
#ifdef CONFIG_SMP
diff -urNp linux-2.6.32.46/arch/x86/include/asm/module.h linux-2.6.32.46/arch/x86/include/asm/module.h
--- linux-2.6.32.46/arch/x86/include/asm/module.h 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/include/asm/module.h 2011-10-06 09:45:50.000000000 -0400
++++ linux-2.6.32.46/arch/x86/include/asm/module.h 2011-10-08 08:16:59.000000000 -0400
@@ -5,6 +5,7 @@
#ifdef CONFIG_X86_64
@@ -9521,7 +9526,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/module.h linux-2.6.32.46/arch/x8
#elif defined CONFIG_M386
#define MODULE_PROC_FAMILY "386 "
#elif defined CONFIG_M486
-@@ -59,13 +60,42 @@
+@@ -59,13 +60,24 @@
#error unknown processor family
#endif
@@ -9536,39 +9541,21 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/module.h linux-2.6.32.46/arch/x8
+#define MODULE_STACKSIZE "4KSTACKS "
+#else
+#define MODULE_STACKSIZE ""
- #endif
-
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+#define MODULE_PAX_UDEREF "UDEREF "
-+#else
-+#define MODULE_PAX_UDEREF ""
+#endif
+
+#ifdef CONFIG_PAX_KERNEXEC
+#define MODULE_PAX_KERNEXEC "KERNEXEC "
+#else
+#define MODULE_PAX_KERNEXEC ""
-+#endif
-+
-+#ifdef CONFIG_PAX_REFCOUNT
-+#define MODULE_PAX_REFCOUNT "REFCOUNT "
-+#else
-+#define MODULE_PAX_REFCOUNT ""
-+#endif
-+
-+#ifdef CONSTIFY_PLUGIN
-+#define MODULE_CONSTIFY_PLUGIN "CONSTIFY_PLUGIN "
-+#else
-+#define MODULE_CONSTIFY_PLUGIN ""
-+#endif
-+
-+#ifdef CONFIG_GRKERNSEC
-+#define MODULE_GRSEC "GRSECURITY "
+ #endif
+
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++#define MODULE_PAX_UDEREF "UDEREF "
+#else
-+#define MODULE_GRSEC ""
++#define MODULE_PAX_UDEREF ""
+#endif
+
-+#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE MODULE_GRSEC MODULE_PAX_KERNEXEC MODULE_PAX_UDEREF MODULE_PAX_REFCOUNT MODULE_CONSTIFY_PLUGIN
++#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE MODULE_PAX_KERNEXEC MODULE_PAX_UDEREF
+
#endif /* _ASM_X86_MODULE_H */
diff -urNp linux-2.6.32.46/arch/x86/include/asm/page_64_types.h linux-2.6.32.46/arch/x86/include/asm/page_64_types.h
@@ -11922,7 +11909,7 @@ diff -urNp linux-2.6.32.46/arch/x86/include/asm/xsave.h linux-2.6.32.46/arch/x86
".section .fixup,\"ax\"\n"
diff -urNp linux-2.6.32.46/arch/x86/Kconfig linux-2.6.32.46/arch/x86/Kconfig
--- linux-2.6.32.46/arch/x86/Kconfig 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/Kconfig 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/arch/x86/Kconfig 2011-10-07 08:11:49.000000000 -0400
@@ -223,7 +223,7 @@ config X86_TRAMPOLINE
config X86_32_LAZY_GS
@@ -11959,15 +11946,6 @@ diff -urNp linux-2.6.32.46/arch/x86/Kconfig linux-2.6.32.46/arch/x86/Kconfig
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1430,7 +1430,7 @@ config ARCH_USES_PG_UNCACHED
-
- config EFI
- bool "EFI runtime service support"
-- depends on ACPI
-+ depends on ACPI && !PAX_KERNEXEC
- ---help---
- This enables the kernel to use EFI runtime services that are
- available (such as the EFI variable services).
@@ -1460,6 +1460,7 @@ config SECCOMP
config CC_STACKPROTECTOR
@@ -14119,7 +14097,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_32.S linux-2.6.32.46/arch/x86/k
CFI_ADJUST_CFA_OFFSET -24
diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/kernel/entry_64.S
--- linux-2.6.32.46/arch/x86/kernel/entry_64.S 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/kernel/entry_64.S 2011-10-06 10:06:40.000000000 -0400
++++ linux-2.6.32.46/arch/x86/kernel/entry_64.S 2011-10-08 08:14:37.000000000 -0400
@@ -53,6 +53,8 @@
#include <asm/paravirt.h>
#include <asm/ftrace.h>
@@ -14129,7 +14107,55 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -174,6 +176,264 @@ ENTRY(native_usergs_sysret64)
+@@ -64,6 +66,7 @@
+ #ifdef CONFIG_FUNCTION_TRACER
+ #ifdef CONFIG_DYNAMIC_FTRACE
+ ENTRY(mcount)
++ pax_force_retaddr
+ retq
+ END(mcount)
+
+@@ -88,6 +91,7 @@ GLOBAL(ftrace_graph_call)
+ #endif
+
+ GLOBAL(ftrace_stub)
++ pax_force_retaddr
+ retq
+ END(ftrace_caller)
+
+@@ -108,6 +112,7 @@ ENTRY(mcount)
+ #endif
+
+ GLOBAL(ftrace_stub)
++ pax_force_retaddr
+ retq
+
+ trace:
+@@ -117,6 +122,7 @@ trace:
+ movq 8(%rbp), %rsi
+ subq $MCOUNT_INSN_SIZE, %rdi
+
++ pax_force_fptr ftrace_trace_function
+ call *ftrace_trace_function
+
+ MCOUNT_RESTORE_FRAME
+@@ -142,6 +148,7 @@ ENTRY(ftrace_graph_caller)
+
+ MCOUNT_RESTORE_FRAME
+
++ pax_force_retaddr
+ retq
+ END(ftrace_graph_caller)
+
+@@ -159,6 +166,7 @@ GLOBAL(return_to_handler)
+ movq 8(%rsp), %rdx
+ movq (%rsp), %rax
+ addq $16, %rsp
++ pax_force_retaddr
+ retq
+ #endif
+
+@@ -174,6 +182,269 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -14183,6 +14209,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
+#endif
+
+ popq %rdi
++ pax_force_retaddr
+ retq
+ENDPROC(pax_enter_kernel)
+
@@ -14207,6 +14234,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
+#endif
+
+ popq %rdi
++ pax_force_retaddr
+ retq
+ENDPROC(pax_exit_kernel)
+#endif
@@ -14281,6 +14309,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
+
+ popq %rbx
+ popq %rdi
++ pax_force_retaddr
+ retq
+ENDPROC(pax_enter_kernel_user)
+
@@ -14330,6 +14359,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
+#endif
+
+ popq %rdi
++ pax_force_retaddr
+ retq
+ENDPROC(pax_exit_kernel_user)
+#endif
@@ -14388,13 +14418,14 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
+ popq %r10
+ popq %rax
+ popq %rdi
++ pax_force_retaddr
+ ret
+ENDPROC(pax_erase_kstack)
+#endif
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -317,7 +577,7 @@ ENTRY(save_args)
+@@ -317,7 +588,7 @@ ENTRY(save_args)
leaq -ARGOFFSET+16(%rsp),%rdi /* arg1 for handler */
movq_cfi rbp, 8 /* push %rbp */
leaq 8(%rsp), %rbp /* mov %rsp, %ebp */
@@ -14403,7 +14434,33 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
je 1f
SWAPGS
/*
-@@ -409,7 +669,7 @@ ENTRY(ret_from_fork)
+@@ -337,6 +608,7 @@ ENTRY(save_args)
+ * We entered an interrupt context - irqs are off:
+ */
+ 2: TRACE_IRQS_OFF
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ END(save_args)
+@@ -352,6 +624,7 @@ ENTRY(save_rest)
+ movq_cfi r15, R15+16
+ movq %r11, 8(%rsp) /* return address */
+ FIXUP_TOP_OF_STACK %r11, 16
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ END(save_rest)
+@@ -383,7 +656,8 @@ ENTRY(save_paranoid)
+ js 1f /* negative -> in kernel */
+ SWAPGS
+ xorl %ebx,%ebx
+-1: ret
++1: pax_force_retaddr
++ ret
+ CFI_ENDPROC
+ END(save_paranoid)
+ .popsection
+@@ -409,7 +683,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -14412,7 +14469,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
je int_ret_from_sys_call
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -455,7 +715,7 @@ END(ret_from_fork)
+@@ -455,7 +729,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -14421,7 +14478,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -468,12 +728,13 @@ ENTRY(system_call_after_swapgs)
+@@ -468,12 +742,13 @@ ENTRY(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -14436,7 +14493,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
CFI_REL_OFFSET rip,RIP-ARGOFFSET
-@@ -502,6 +763,8 @@ sysret_check:
+@@ -502,6 +777,8 @@ sysret_check:
andl %edi,%edx
jnz sysret_careful
CFI_REMEMBER_STATE
@@ -14445,7 +14502,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
/*
* sysretq will re-enable interrupts:
*/
-@@ -562,6 +825,9 @@ auditsys:
+@@ -562,6 +839,9 @@ auditsys:
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
call audit_syscall_entry
@@ -14455,7 +14512,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
LOAD_ARGS 0 /* reload call-clobbered registers */
jmp system_call_fastpath
-@@ -592,6 +858,9 @@ tracesys:
+@@ -592,6 +872,9 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -14465,7 +14522,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
/*
* Reload arg registers from stack in case ptrace changed them.
* We don't reload %rax because syscall_trace_enter() returned
-@@ -613,7 +882,7 @@ tracesys:
+@@ -613,7 +896,7 @@ tracesys:
GLOBAL(int_ret_from_sys_call)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -14474,7 +14531,15 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
je retint_restore_args
movl $_TIF_ALLWORK_MASK,%edi
/* edi: mask to check */
-@@ -800,6 +1069,16 @@ END(interrupt)
+@@ -708,6 +991,7 @@ ENTRY(ptregscall_common)
+ movq_cfi_restore R12+8, r12
+ movq_cfi_restore RBP+8, rbp
+ movq_cfi_restore RBX+8, rbx
++ pax_force_retaddr
+ ret $REST_SKIP /* pop extended registers */
+ CFI_ENDPROC
+ END(ptregscall_common)
+@@ -800,6 +1084,16 @@ END(interrupt)
CFI_ADJUST_CFA_OFFSET 10*8
call save_args
PARTIAL_FRAME 0
@@ -14491,7 +14556,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
call \func
.endm
-@@ -822,7 +1101,7 @@ ret_from_intr:
+@@ -822,7 +1116,7 @@ ret_from_intr:
CFI_ADJUST_CFA_OFFSET -8
exit_intr:
GET_THREAD_INFO(%rcx)
@@ -14500,7 +14565,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
je retint_kernel
/* Interrupt came from user space */
-@@ -844,12 +1123,16 @@ retint_swapgs: /* return to user-space
+@@ -844,12 +1138,16 @@ retint_swapgs: /* return to user-space
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -14517,7 +14582,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
/*
* The iretq could re-enable interrupts:
*/
-@@ -1032,6 +1315,16 @@ ENTRY(\sym)
+@@ -1032,6 +1330,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET 15*8
call error_entry
DEFAULT_FRAME 0
@@ -14534,7 +14599,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
call \do_sym
-@@ -1049,6 +1342,16 @@ ENTRY(\sym)
+@@ -1049,6 +1357,16 @@ ENTRY(\sym)
subq $15*8, %rsp
call save_paranoid
TRACE_IRQS_OFF
@@ -14551,7 +14616,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
call \do_sym
-@@ -1066,9 +1369,24 @@ ENTRY(\sym)
+@@ -1066,9 +1384,24 @@ ENTRY(\sym)
subq $15*8, %rsp
call save_paranoid
TRACE_IRQS_OFF
@@ -14577,7 +14642,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
call \do_sym
addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
-@@ -1085,6 +1403,16 @@ ENTRY(\sym)
+@@ -1085,6 +1418,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET 15*8
call error_entry
DEFAULT_FRAME 0
@@ -14594,7 +14659,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
movq %rsp,%rdi /* pt_regs pointer */
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
-@@ -1104,6 +1432,16 @@ ENTRY(\sym)
+@@ -1104,6 +1447,16 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -14611,7 +14676,47 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
movq %rsp,%rdi /* pt_regs pointer */
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
-@@ -1405,16 +1743,31 @@ ENTRY(paranoid_exit)
+@@ -1141,6 +1494,7 @@ gs_change:
+ SWAPGS
+ popf
+ CFI_ADJUST_CFA_OFFSET -8
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ END(native_load_gs_index)
+@@ -1195,6 +1549,7 @@ ENTRY(kernel_thread)
+ */
+ RESTORE_ALL
+ UNFAKE_STACK_FRAME
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ END(kernel_thread)
+@@ -1208,6 +1563,7 @@ ENTRY(child_rip)
+ */
+ movq %rdi, %rax
+ movq %rsi, %rdi
++ pax_force_fptr %rax
+ call *%rax
+ # exit
+ mov %eax, %edi
+@@ -1243,6 +1599,7 @@ ENTRY(kernel_execve)
+ je int_ret_from_sys_call
+ RESTORE_ARGS
+ UNFAKE_STACK_FRAME
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ END(kernel_execve)
+@@ -1263,6 +1620,7 @@ ENTRY(call_softirq)
+ CFI_DEF_CFA_REGISTER rsp
+ CFI_ADJUST_CFA_OFFSET -8
+ decl PER_CPU_VAR(irq_count)
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ END(call_softirq)
+@@ -1405,16 +1763,31 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
@@ -14644,7 +14749,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1470,7 +1823,7 @@ ENTRY(error_entry)
+@@ -1470,12 +1843,13 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -14653,7 +14758,13 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
je error_kernelspace
error_swapgs:
SWAPGS
-@@ -1529,6 +1882,16 @@ ENTRY(nmi)
+ error_sti:
+ TRACE_IRQS_OFF
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+
+@@ -1529,6 +1903,16 @@ ENTRY(nmi)
CFI_ADJUST_CFA_OFFSET 15*8
call save_paranoid
DEFAULT_FRAME 0
@@ -14670,7 +14781,7 @@ diff -urNp linux-2.6.32.46/arch/x86/kernel/entry_64.S linux-2.6.32.46/arch/x86/k
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1539,12 +1902,28 @@ ENTRY(nmi)
+@@ -1539,12 +1923,28 @@ ENTRY(nmi)
DISABLE_INTERRUPTS(CLBR_NONE)
testl %ebx,%ebx /* swapgs needed? */
jnz nmi_restore
@@ -20028,13 +20139,14 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/csum-wrappers_64.c linux-2.6.32.46/arch/
EXPORT_SYMBOL(csum_partial_copy_to_user);
diff -urNp linux-2.6.32.46/arch/x86/lib/getuser.S linux-2.6.32.46/arch/x86/lib/getuser.S
--- linux-2.6.32.46/arch/x86/lib/getuser.S 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/lib/getuser.S 2011-04-17 15:56:46.000000000 -0400
-@@ -33,14 +33,35 @@
++++ linux-2.6.32.46/arch/x86/lib/getuser.S 2011-10-08 08:14:37.000000000 -0400
+@@ -33,15 +33,38 @@
#include <asm/asm-offsets.h>
#include <asm/thread_info.h>
#include <asm/asm.h>
+#include <asm/segment.h>
+#include <asm/pgtable.h>
++#include <asm/alternative-asm.h>
+
+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
+#define __copyuser_seg gs;
@@ -20064,9 +20176,11 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/getuser.S linux-2.6.32.46/arch/x86/lib/g
+
+1: __copyuser_seg movzb (%_ASM_AX),%edx
xor %eax,%eax
++ pax_force_retaddr
ret
CFI_ENDPROC
-@@ -49,11 +70,24 @@ ENDPROC(__get_user_1)
+ ENDPROC(__get_user_1)
+@@ -49,12 +72,26 @@ ENDPROC(__get_user_1)
ENTRY(__get_user_2)
CFI_STARTPROC
add $1,%_ASM_AX
@@ -20090,9 +20204,11 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/getuser.S linux-2.6.32.46/arch/x86/lib/g
+
+2: __copyuser_seg movzwl -1(%_ASM_AX),%edx
xor %eax,%eax
++ pax_force_retaddr
ret
CFI_ENDPROC
-@@ -62,11 +96,24 @@ ENDPROC(__get_user_2)
+ ENDPROC(__get_user_2)
+@@ -62,12 +99,26 @@ ENDPROC(__get_user_2)
ENTRY(__get_user_4)
CFI_STARTPROC
add $3,%_ASM_AX
@@ -20116,9 +20232,11 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/getuser.S linux-2.6.32.46/arch/x86/lib/g
+
+3: __copyuser_seg mov -3(%_ASM_AX),%edx
xor %eax,%eax
++ pax_force_retaddr
ret
CFI_ENDPROC
-@@ -80,6 +127,15 @@ ENTRY(__get_user_8)
+ ENDPROC(__get_user_4)
+@@ -80,8 +131,18 @@ ENTRY(__get_user_8)
GET_THREAD_INFO(%_ASM_DX)
cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
jae bad_get_user
@@ -20133,7 +20251,18 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/getuser.S linux-2.6.32.46/arch/x86/lib/g
+
4: movq -7(%_ASM_AX),%_ASM_DX
xor %eax,%eax
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ ENDPROC(__get_user_8)
+@@ -91,6 +152,7 @@ bad_get_user:
+ CFI_STARTPROC
+ xor %edx,%edx
+ mov $(-EFAULT),%_ASM_AX
++ pax_force_retaddr
ret
+ CFI_ENDPROC
+ END(bad_get_user)
diff -urNp linux-2.6.32.46/arch/x86/lib/iomap_copy_64.S linux-2.6.32.46/arch/x86/lib/iomap_copy_64.S
--- linux-2.6.32.46/arch/x86/lib/iomap_copy_64.S 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/arch/x86/lib/iomap_copy_64.S 2011-10-06 09:37:14.000000000 -0400
@@ -20543,27 +20672,48 @@ diff -urNp linux-2.6.32.46/arch/x86/lib/mmx_32.c linux-2.6.32.46/arch/x86/lib/mm
from += 64;
to += 64;
+diff -urNp linux-2.6.32.46/arch/x86/lib/msr-reg.S linux-2.6.32.46/arch/x86/lib/msr-reg.S
+--- linux-2.6.32.46/arch/x86/lib/msr-reg.S 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/arch/x86/lib/msr-reg.S 2011-10-08 08:14:40.000000000 -0400
+@@ -3,6 +3,7 @@
+ #include <asm/dwarf2.h>
+ #include <asm/asm.h>
+ #include <asm/msr.h>
++#include <asm/alternative-asm.h>
+
+ #ifdef CONFIG_X86_64
+ /*
+@@ -37,6 +38,7 @@ ENTRY(native_\op\()_safe_regs)
+ movl %edi, 28(%r10)
+ popq_cfi %rbp
+ popq_cfi %rbx
++ pax_force_retaddr
+ ret
+ 3:
+ CFI_RESTORE_STATE
diff -urNp linux-2.6.32.46/arch/x86/lib/putuser.S linux-2.6.32.46/arch/x86/lib/putuser.S
--- linux-2.6.32.46/arch/x86/lib/putuser.S 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/arch/x86/lib/putuser.S 2011-04-17 15:56:46.000000000 -0400
-@@ -15,7 +15,8 @@
++++ linux-2.6.32.46/arch/x86/lib/putuser.S 2011-10-08 08:14:40.000000000 -0400
+@@ -15,7 +15,9 @@
#include <asm/thread_info.h>
#include <asm/errno.h>
#include <asm/asm.h>
-
+#include <asm/segment.h>
+#include <asm/pgtable.h>
++#include <asm/alternative-asm.h>
/*
* __put_user_X
-@@ -29,52 +30,119 @@
+@@ -29,52 +31,119 @@
* as they get called from within inline assembly.
*/
-#define ENTER CFI_STARTPROC ; \
- GET_THREAD_INFO(%_ASM_BX)
+-#define EXIT ret ; \
+#define ENTER CFI_STARTPROC
- #define EXIT ret ; \
++#define EXIT pax_force_retaddr; ret ; \
CFI_ENDPROC
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
@@ -64571,6 +64721,39 @@ diff -urNp linux-2.6.32.46/include/linux/unaligned/access_ok.h linux-2.6.32.46/i
}
static inline void put_unaligned_le16(u16 val, void *p)
+diff -urNp linux-2.6.32.46/include/linux/vermagic.h linux-2.6.32.46/include/linux/vermagic.h
+--- linux-2.6.32.46/include/linux/vermagic.h 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.46/include/linux/vermagic.h 2011-10-08 08:17:48.000000000 -0400
+@@ -26,9 +26,28 @@
+ #define MODULE_ARCH_VERMAGIC ""
+ #endif
+
++#ifdef CONFIG_PAX_REFCOUNT
++#define MODULE_PAX_REFCOUNT "REFCOUNT "
++#else
++#define MODULE_PAX_REFCOUNT ""
++#endif
++
++#ifdef CONSTIFY_PLUGIN
++#define MODULE_CONSTIFY_PLUGIN "CONSTIFY_PLUGIN "
++#else
++#define MODULE_CONSTIFY_PLUGIN ""
++#endif
++
++#ifdef CONFIG_GRKERNSEC
++#define MODULE_GRSEC "GRSEC "
++#else
++#define MODULE_GRSEC ""
++#endif
++
+ #define VERMAGIC_STRING \
+ UTS_RELEASE " " \
+ MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT \
+ MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS \
+- MODULE_ARCH_VERMAGIC
++ MODULE_ARCH_VERMAGIC \
++ MODULE_PAX_REFCOUNT MODULE_CONSTIFY_PLUGIN MODULE_GRSEC
+
diff -urNp linux-2.6.32.46/include/linux/vmalloc.h linux-2.6.32.46/include/linux/vmalloc.h
--- linux-2.6.32.46/include/linux/vmalloc.h 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/include/linux/vmalloc.h 2011-04-17 15:56:46.000000000 -0400
@@ -64748,7 +64931,7 @@ diff -urNp linux-2.6.32.46/include/media/saa7146_vv.h linux-2.6.32.46/include/me
diff -urNp linux-2.6.32.46/include/media/v4l2-dev.h linux-2.6.32.46/include/media/v4l2-dev.h
--- linux-2.6.32.46/include/media/v4l2-dev.h 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/include/media/v4l2-dev.h 2011-08-05 20:33:55.000000000 -0400
++++ linux-2.6.32.46/include/media/v4l2-dev.h 2011-10-08 08:14:40.000000000 -0400
@@ -34,7 +34,7 @@ struct v4l2_device;
#define V4L2_FL_UNREGISTERED (0)
@@ -64758,6 +64941,14 @@ diff -urNp linux-2.6.32.46/include/media/v4l2-dev.h linux-2.6.32.46/include/medi
ssize_t (*read) (struct file *, char __user *, size_t, loff_t *);
ssize_t (*write) (struct file *, const char __user *, size_t, loff_t *);
unsigned int (*poll) (struct file *, struct poll_table_struct *);
+@@ -46,6 +46,7 @@ struct v4l2_file_operations {
+ int (*open) (struct file *);
+ int (*release) (struct file *);
+ };
++typedef struct v4l2_file_operations __no_const v4l2_file_operations_no_const;
+
+ /*
+ * Newer version of video_device, handled by videodev2.c
diff -urNp linux-2.6.32.46/include/media/v4l2-device.h linux-2.6.32.46/include/media/v4l2-device.h
--- linux-2.6.32.46/include/media/v4l2-device.h 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.46/include/media/v4l2-device.h 2011-05-04 17:56:28.000000000 -0400
@@ -70736,7 +70927,7 @@ diff -urNp linux-2.6.32.46/localversion-grsec linux-2.6.32.46/localversion-grsec
+-grsec
diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
--- linux-2.6.32.46/Makefile 2011-08-29 22:24:44.000000000 -0400
-+++ linux-2.6.32.46/Makefile 2011-10-06 09:43:36.000000000 -0400
++++ linux-2.6.32.46/Makefile 2011-10-08 08:14:40.000000000 -0400
@@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
HOSTCC = gcc
@@ -70828,26 +71019,24 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -840,6 +873,8 @@ define rule_vmlinux-modpost
- endef
+@@ -865,6 +898,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-mai
- # vmlinux image - including updated kernel symbols
-+$(vmlinux-all): KBUILD_CFLAGS += $(GCC_PLUGINS)
-+$(vmlinux-all): gcc-plugins
- vmlinux: $(vmlinux-lds) $(vmlinux-init) $(vmlinux-main) vmlinux.o $(kallsyms.o) FORCE
- ifdef CONFIG_HEADERS_CHECK
- $(Q)$(MAKE) -f $(srctree)/Makefile headers_check
-@@ -874,7 +909,8 @@ $(sort $(vmlinux-init) $(vmlinux-main))
+ # The actual objects are generated when descending,
+ # make sure no implicit rule kicks in
++$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): KBUILD_CFLAGS += $(GCC_PLUGINS)
+ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
+
+ # Handle descending into subdirectories listed in $(vmlinux-dirs)
+@@ -874,7 +908,7 @@ $(sort $(vmlinux-init) $(vmlinux-main))
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
-$(vmlinux-dirs): prepare scripts
-+$(vmlinux-dirs): KBUILD_CFLAGS += $(GCC_PLUGINS)
+$(vmlinux-dirs): gcc-plugins prepare scripts
$(Q)$(MAKE) $(build)=$@
# Build the kernel release string
-@@ -983,6 +1019,7 @@ prepare0: archprepare FORCE
+@@ -983,6 +1017,7 @@ prepare0: archprepare FORCE
$(Q)$(MAKE) $(build)=. missing-syscalls
# All the preparing..
@@ -70855,7 +71044,15 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
prepare: prepare0
# The asm symlink changes when $(ARCH) changes.
-@@ -1133,7 +1170,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_B
+@@ -1124,6 +1159,7 @@ all: modules
+ # using awk while concatenating to the final file.
+
+ PHONY += modules
++modules: KBUILD_CFLAGS += $(GCC_PLUGINS)
+ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux)
+ $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
+ @$(kecho) ' Building modules, stage 2.';
+@@ -1133,7 +1169,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_B
# Target to prepare building external modules
PHONY += modules_prepare
@@ -70864,7 +71061,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
# Target to install modules
PHONY += modules_install
-@@ -1198,7 +1235,7 @@ MRPROPER_FILES += .config .config.old in
+@@ -1198,7 +1234,7 @@ MRPROPER_FILES += .config .config.old in
include/linux/autoconf.h include/linux/version.h \
include/linux/utsrelease.h \
include/linux/bounds.h include/asm*/asm-offsets.h \
@@ -70873,7 +71070,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
# clean - Delete most, but leave enough to build external modules
#
-@@ -1242,7 +1279,7 @@ distclean: mrproper
+@@ -1242,7 +1278,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -70882,7 +71079,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1289,6 +1326,7 @@ help:
+@@ -1289,6 +1325,7 @@ help:
@echo ' modules_prepare - Set up for building external modules'
@echo ' tags/TAGS - Generate tags file for editors'
@echo ' cscope - Generate cscope index'
@@ -70890,7 +71087,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
@echo ' kernelrelease - Output the release version string'
@echo ' kernelversion - Output the version stored in Makefile'
@echo ' headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \
-@@ -1390,6 +1428,7 @@ PHONY += $(module-dirs) modules
+@@ -1390,6 +1427,7 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -70898,7 +71095,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1445,7 +1484,7 @@ endif # KBUILD_EXTMOD
+@@ -1445,7 +1483,7 @@ endif # KBUILD_EXTMOD
quiet_cmd_tags = GEN $@
cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@
@@ -70907,7 +71104,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
$(call cmd,tags)
# Scripts to check various things for consistency
-@@ -1510,17 +1549,19 @@ else
+@@ -1510,17 +1548,19 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -70931,7 +71128,7 @@ diff -urNp linux-2.6.32.46/Makefile linux-2.6.32.46/Makefile
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1530,11 +1571,13 @@ endif
+@@ -1530,11 +1570,13 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
diff --git a/3.0.4/0000_README b/3.0.4/0000_README
index ccc36e4..eee11e1 100644
--- a/3.0.4/0000_README
+++ b/3.0.4/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-3.0.4-201110060421.patch
+Patch: 4420_grsecurity-2.2.2-3.0.4-201110080819.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201110060421.patch b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201110080819.patch
similarity index 99%
rename from 3.0.4/4420_grsecurity-2.2.2-3.0.4-201110060421.patch
rename to 3.0.4/4420_grsecurity-2.2.2-3.0.4-201110080819.patch
index 51e088f..1cf43ab 100644
--- a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201110060421.patch
+++ b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201110080819.patch
@@ -6008,8 +6008,8 @@ diff -urNp linux-3.0.4/arch/x86/ia32/sys_ia32.c linux-3.0.4/arch/x86/ia32/sys_ia
diff -urNp linux-3.0.4/arch/x86/include/asm/alternative-asm.h linux-3.0.4/arch/x86/include/asm/alternative-asm.h
--- linux-3.0.4/arch/x86/include/asm/alternative-asm.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/include/asm/alternative-asm.h 2011-10-06 04:17:55.000000000 -0400
-@@ -15,6 +15,15 @@
++++ linux-3.0.4/arch/x86/include/asm/alternative-asm.h 2011-10-07 19:07:23.000000000 -0400
+@@ -15,6 +15,20 @@
.endm
#endif
@@ -6017,9 +6017,14 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/alternative-asm.h linux-3.0.4/arch/x
+ .macro pax_force_retaddr rip=0
+ btsq $63,\rip(%rsp)
+ .endm
++ .macro pax_force_fptr ptr
++ btsq $63,\ptr
++ .endm
+#else
+ .macro pax_force_retaddr rip=0
+ .endm
++ .macro pax_force_fptr ptr
++ .endm
+#endif
+
.macro altinstruction_entry orig alt feature orig_len alt_len
@@ -7883,7 +7888,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/mmu.h linux-3.0.4/arch/x86/include/a
#ifdef CONFIG_SMP
diff -urNp linux-3.0.4/arch/x86/include/asm/module.h linux-3.0.4/arch/x86/include/asm/module.h
--- linux-3.0.4/arch/x86/include/asm/module.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/include/asm/module.h 2011-10-06 04:21:18.000000000 -0400
++++ linux-3.0.4/arch/x86/include/asm/module.h 2011-10-07 19:24:31.000000000 -0400
@@ -5,6 +5,7 @@
#ifdef CONFIG_X86_64
@@ -7892,43 +7897,25 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/module.h linux-3.0.4/arch/x86/includ
#elif defined CONFIG_M386
#define MODULE_PROC_FAMILY "386 "
#elif defined CONFIG_M486
-@@ -59,8 +60,36 @@
+@@ -59,8 +60,18 @@
#error unknown processor family
#endif
-#ifdef CONFIG_X86_32
-# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+#define MODULE_PAX_UDEREF "UDEREF "
-+#else
-+#define MODULE_PAX_UDEREF ""
-+#endif
-+
+#ifdef CONFIG_PAX_KERNEXEC
+#define MODULE_PAX_KERNEXEC "KERNEXEC "
+#else
+#define MODULE_PAX_KERNEXEC ""
-+#endif
-+
-+#ifdef CONFIG_PAX_REFCOUNT
-+#define MODULE_PAX_REFCOUNT "REFCOUNT "
-+#else
-+#define MODULE_PAX_REFCOUNT ""
#endif
-+#ifdef CONSTIFY_PLUGIN
-+#define MODULE_CONSTIFY_PLUGIN "CONSTIFY_PLUGIN "
-+#else
-+#define MODULE_CONSTIFY_PLUGIN ""
-+#endif
-+
-+#ifdef CONFIG_GRKERNSEC
-+#define MODULE_GRSEC "GRSECURITY "
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++#define MODULE_PAX_UDEREF "UDEREF "
+#else
-+#define MODULE_GRSEC ""
++#define MODULE_PAX_UDEREF ""
+#endif
+
-+#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_GRSEC MODULE_PAX_KERNEXEC MODULE_PAX_UDEREF MODULE_PAX_REFCOUNT MODULE_CONSTIFY_PLUGIN
++#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_PAX_KERNEXEC MODULE_PAX_UDEREF
+
#endif /* _ASM_X86_MODULE_H */
diff -urNp linux-3.0.4/arch/x86/include/asm/page_64_types.h linux-3.0.4/arch/x86/include/asm/page_64_types.h
@@ -11970,7 +11957,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_32.S linux-3.0.4/arch/x86/kernel/en
CFI_ADJUST_CFA_OFFSET -24
diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/entry_64.S
--- linux-3.0.4/arch/x86/kernel/entry_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/kernel/entry_64.S 2011-10-06 04:17:55.000000000 -0400
++++ linux-3.0.4/arch/x86/kernel/entry_64.S 2011-10-07 19:07:23.000000000 -0400
@@ -53,6 +53,8 @@
#include <asm/paravirt.h>
#include <asm/ftrace.h>
@@ -11980,7 +11967,55 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -176,6 +178,264 @@ ENTRY(native_usergs_sysret64)
+@@ -66,6 +68,7 @@
+ #ifdef CONFIG_FUNCTION_TRACER
+ #ifdef CONFIG_DYNAMIC_FTRACE
+ ENTRY(mcount)
++ pax_force_retaddr
+ retq
+ END(mcount)
+
+@@ -90,6 +93,7 @@ GLOBAL(ftrace_graph_call)
+ #endif
+
+ GLOBAL(ftrace_stub)
++ pax_force_retaddr
+ retq
+ END(ftrace_caller)
+
+@@ -110,6 +114,7 @@ ENTRY(mcount)
+ #endif
+
+ GLOBAL(ftrace_stub)
++ pax_force_retaddr
+ retq
+
+ trace:
+@@ -119,6 +124,7 @@ trace:
+ movq 8(%rbp), %rsi
+ subq $MCOUNT_INSN_SIZE, %rdi
+
++ pax_force_fptr ftrace_trace_function
+ call *ftrace_trace_function
+
+ MCOUNT_RESTORE_FRAME
+@@ -144,6 +150,7 @@ ENTRY(ftrace_graph_caller)
+
+ MCOUNT_RESTORE_FRAME
+
++ pax_force_retaddr
+ retq
+ END(ftrace_graph_caller)
+
+@@ -161,6 +168,7 @@ GLOBAL(return_to_handler)
+ movq 8(%rsp), %rdx
+ movq (%rsp), %rax
+ addq $24, %rsp
++ pax_force_fptr %rdi
+ jmp *%rdi
+ #endif
+
+@@ -176,6 +184,269 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -12034,6 +12069,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
+#endif
+
+ popq %rdi
++ pax_force_retaddr
+ retq
+ENDPROC(pax_enter_kernel)
+
@@ -12058,6 +12094,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
+#endif
+
+ popq %rdi
++ pax_force_retaddr
+ retq
+ENDPROC(pax_exit_kernel)
+#endif
@@ -12132,6 +12169,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
+
+ popq %rbx
+ popq %rdi
++ pax_force_retaddr
+ retq
+ENDPROC(pax_enter_kernel_user)
+
@@ -12181,6 +12219,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
+#endif
+
+ popq %rdi
++ pax_force_retaddr
+ retq
+ENDPROC(pax_exit_kernel_user)
+#endif
@@ -12239,13 +12278,14 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
+ popq %r10
+ popq %rax
+ popq %rdi
++ pax_force_retaddr
+ ret
+ENDPROC(pax_erase_kstack)
+#endif
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -318,7 +578,7 @@ ENTRY(save_args)
+@@ -318,7 +589,7 @@ ENTRY(save_args)
leaq -RBP+8(%rsp),%rdi /* arg1 for handler */
movq_cfi rbp, 8 /* push %rbp */
leaq 8(%rsp), %rbp /* mov %rsp, %ebp */
@@ -12254,7 +12294,33 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
je 1f
SWAPGS
/*
-@@ -409,7 +669,7 @@ ENTRY(ret_from_fork)
+@@ -338,6 +609,7 @@ ENTRY(save_args)
+ * We entered an interrupt context - irqs are off:
+ */
+ 2: TRACE_IRQS_OFF
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ END(save_args)
+@@ -354,6 +626,7 @@ ENTRY(save_rest)
+ movq_cfi r15, R15+16
+ movq %r11, 8(%rsp) /* return address */
+ FIXUP_TOP_OF_STACK %r11, 16
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ END(save_rest)
+@@ -385,7 +658,8 @@ ENTRY(save_paranoid)
+ js 1f /* negative -> in kernel */
+ SWAPGS
+ xorl %ebx,%ebx
+-1: ret
++1: pax_force_retaddr
++ ret
+ CFI_ENDPROC
+ END(save_paranoid)
+ .popsection
+@@ -409,7 +683,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -12263,7 +12329,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
je int_ret_from_sys_call
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -455,7 +715,7 @@ END(ret_from_fork)
+@@ -455,7 +729,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -12272,7 +12338,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -468,12 +728,13 @@ ENTRY(system_call_after_swapgs)
+@@ -468,12 +742,13 @@ ENTRY(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -12287,7 +12353,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
CFI_REL_OFFSET rip,RIP-ARGOFFSET
-@@ -502,6 +763,8 @@ sysret_check:
+@@ -502,6 +777,8 @@ sysret_check:
andl %edi,%edx
jnz sysret_careful
CFI_REMEMBER_STATE
@@ -12296,7 +12362,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
/*
* sysretq will re-enable interrupts:
*/
-@@ -560,6 +823,9 @@ auditsys:
+@@ -560,6 +837,9 @@ auditsys:
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
call audit_syscall_entry
@@ -12306,7 +12372,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
LOAD_ARGS 0 /* reload call-clobbered registers */
jmp system_call_fastpath
-@@ -590,6 +856,9 @@ tracesys:
+@@ -590,6 +870,9 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -12316,7 +12382,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
/*
* Reload arg registers from stack in case ptrace changed them.
* We don't reload %rax because syscall_trace_enter() returned
-@@ -611,7 +880,7 @@ tracesys:
+@@ -611,7 +894,7 @@ tracesys:
GLOBAL(int_ret_from_sys_call)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -12325,7 +12391,15 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
je retint_restore_args
movl $_TIF_ALLWORK_MASK,%edi
/* edi: mask to check */
-@@ -793,6 +1062,16 @@ END(interrupt)
+@@ -702,6 +985,7 @@ ENTRY(ptregscall_common)
+ movq_cfi_restore R12+8, r12
+ movq_cfi_restore RBP+8, rbp
+ movq_cfi_restore RBX+8, rbx
++ pax_force_retaddr
+ ret $REST_SKIP /* pop extended registers */
+ CFI_ENDPROC
+ END(ptregscall_common)
+@@ -793,6 +1077,16 @@ END(interrupt)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
call save_args
PARTIAL_FRAME 0
@@ -12342,7 +12416,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
call \func
.endm
-@@ -825,7 +1104,7 @@ ret_from_intr:
+@@ -825,7 +1119,7 @@ ret_from_intr:
CFI_ADJUST_CFA_OFFSET -8
exit_intr:
GET_THREAD_INFO(%rcx)
@@ -12351,7 +12425,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
je retint_kernel
/* Interrupt came from user space */
-@@ -847,12 +1126,16 @@ retint_swapgs: /* return to user-space
+@@ -847,12 +1141,16 @@ retint_swapgs: /* return to user-space
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -12368,7 +12442,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
/*
* The iretq could re-enable interrupts:
*/
-@@ -1027,6 +1310,16 @@ ENTRY(\sym)
+@@ -1027,6 +1325,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -12385,7 +12459,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
call \do_sym
-@@ -1044,6 +1337,16 @@ ENTRY(\sym)
+@@ -1044,6 +1352,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -12402,7 +12476,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
call \do_sym
-@@ -1052,7 +1355,7 @@ ENTRY(\sym)
+@@ -1052,7 +1370,7 @@ ENTRY(\sym)
END(\sym)
.endm
@@ -12411,7 +12485,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1062,8 +1365,24 @@ ENTRY(\sym)
+@@ -1062,8 +1380,24 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -12436,7 +12510,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
subq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
call \do_sym
addq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
-@@ -1080,6 +1399,16 @@ ENTRY(\sym)
+@@ -1080,6 +1414,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -12453,7 +12527,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
-@@ -1099,6 +1428,16 @@ ENTRY(\sym)
+@@ -1099,6 +1443,16 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -12470,7 +12544,31 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
-@@ -1361,16 +1700,31 @@ ENTRY(paranoid_exit)
+@@ -1134,6 +1488,7 @@ gs_change:
+ 2: mfence /* workaround */
+ SWAPGS
+ popfq_cfi
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ END(native_load_gs_index)
+@@ -1158,6 +1513,7 @@ ENTRY(kernel_thread_helper)
+ * Here we are in the child and the registers are set as they were
+ * at kernel_thread() invocation in the parent.
+ */
++ pax_force_fptr %rsi
+ call *%rsi
+ # exit
+ mov %eax, %edi
+@@ -1213,6 +1569,7 @@ ENTRY(call_softirq)
+ CFI_DEF_CFA_REGISTER rsp
+ CFI_ADJUST_CFA_OFFSET -8
+ decl PER_CPU_VAR(irq_count)
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ END(call_softirq)
+@@ -1361,16 +1718,31 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
@@ -12503,7 +12601,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1426,7 +1780,7 @@ ENTRY(error_entry)
+@@ -1426,12 +1798,13 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -12512,7 +12610,13 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
je error_kernelspace
error_swapgs:
SWAPGS
-@@ -1490,6 +1844,16 @@ ENTRY(nmi)
+ error_sti:
+ TRACE_IRQS_OFF
++ pax_force_retaddr
+ ret
+
+ /*
+@@ -1490,6 +1863,16 @@ ENTRY(nmi)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
DEFAULT_FRAME 0
@@ -12529,7 +12633,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1500,12 +1864,28 @@ ENTRY(nmi)
+@@ -1500,12 +1883,28 @@ ENTRY(nmi)
DISABLE_INTERRUPTS(CLBR_NONE)
testl %ebx,%ebx /* swapgs needed? */
jnz nmi_restore
@@ -17313,6 +17417,23 @@ diff -urNp linux-3.0.4/arch/x86/lib/clear_page_64.S linux-3.0.4/arch/x86/lib/cle
1: .byte 0xeb /* jmp <disp8> */
.byte (clear_page_c - clear_page) - (2f - 1b) /* offset */
2: .byte 0xeb /* jmp <disp8> */
+diff -urNp linux-3.0.4/arch/x86/lib/cmpxchg16b_emu.S linux-3.0.4/arch/x86/lib/cmpxchg16b_emu.S
+--- linux-3.0.4/arch/x86/lib/cmpxchg16b_emu.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/cmpxchg16b_emu.S 2011-10-07 19:07:28.000000000 -0400
+@@ -53,11 +53,13 @@ this_cpu_cmpxchg16b_emu:
+
+ popf
+ mov $1, %al
++ pax_force_retaddr
+ ret
+
+ not_same:
+ popf
+ xor %al,%al
++ pax_force_retaddr
+ ret
+
+ CFI_ENDPROC
diff -urNp linux-3.0.4/arch/x86/lib/copy_page_64.S linux-3.0.4/arch/x86/lib/copy_page_64.S
--- linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-10-06 04:17:55.000000000 -0400
@@ -17539,13 +17660,14 @@ diff -urNp linux-3.0.4/arch/x86/lib/csum-wrappers_64.c linux-3.0.4/arch/x86/lib/
EXPORT_SYMBOL(csum_partial_copy_to_user);
diff -urNp linux-3.0.4/arch/x86/lib/getuser.S linux-3.0.4/arch/x86/lib/getuser.S
--- linux-3.0.4/arch/x86/lib/getuser.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/getuser.S 2011-08-23 21:47:55.000000000 -0400
-@@ -33,14 +33,35 @@
++++ linux-3.0.4/arch/x86/lib/getuser.S 2011-10-07 19:07:23.000000000 -0400
+@@ -33,15 +33,38 @@
#include <asm/asm-offsets.h>
#include <asm/thread_info.h>
#include <asm/asm.h>
+#include <asm/segment.h>
+#include <asm/pgtable.h>
++#include <asm/alternative-asm.h>
+
+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
+#define __copyuser_seg gs;
@@ -17575,9 +17697,11 @@ diff -urNp linux-3.0.4/arch/x86/lib/getuser.S linux-3.0.4/arch/x86/lib/getuser.S
+
+1: __copyuser_seg movzb (%_ASM_AX),%edx
xor %eax,%eax
++ pax_force_retaddr
ret
CFI_ENDPROC
-@@ -49,11 +70,24 @@ ENDPROC(__get_user_1)
+ ENDPROC(__get_user_1)
+@@ -49,12 +72,26 @@ ENDPROC(__get_user_1)
ENTRY(__get_user_2)
CFI_STARTPROC
add $1,%_ASM_AX
@@ -17601,9 +17725,11 @@ diff -urNp linux-3.0.4/arch/x86/lib/getuser.S linux-3.0.4/arch/x86/lib/getuser.S
+
+2: __copyuser_seg movzwl -1(%_ASM_AX),%edx
xor %eax,%eax
++ pax_force_retaddr
ret
CFI_ENDPROC
-@@ -62,11 +96,24 @@ ENDPROC(__get_user_2)
+ ENDPROC(__get_user_2)
+@@ -62,12 +99,26 @@ ENDPROC(__get_user_2)
ENTRY(__get_user_4)
CFI_STARTPROC
add $3,%_ASM_AX
@@ -17627,9 +17753,11 @@ diff -urNp linux-3.0.4/arch/x86/lib/getuser.S linux-3.0.4/arch/x86/lib/getuser.S
+
+3: __copyuser_seg mov -3(%_ASM_AX),%edx
xor %eax,%eax
++ pax_force_retaddr
ret
CFI_ENDPROC
-@@ -80,6 +127,15 @@ ENTRY(__get_user_8)
+ ENDPROC(__get_user_4)
+@@ -80,8 +131,18 @@ ENTRY(__get_user_8)
GET_THREAD_INFO(%_ASM_DX)
cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
jae bad_get_user
@@ -17644,7 +17772,18 @@ diff -urNp linux-3.0.4/arch/x86/lib/getuser.S linux-3.0.4/arch/x86/lib/getuser.S
+
4: movq -7(%_ASM_AX),%_ASM_DX
xor %eax,%eax
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ ENDPROC(__get_user_8)
+@@ -91,6 +152,7 @@ bad_get_user:
+ CFI_STARTPROC
+ xor %edx,%edx
+ mov $(-EFAULT),%_ASM_AX
++ pax_force_retaddr
ret
+ CFI_ENDPROC
+ END(bad_get_user)
diff -urNp linux-3.0.4/arch/x86/lib/insn.c linux-3.0.4/arch/x86/lib/insn.c
--- linux-3.0.4/arch/x86/lib/insn.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/lib/insn.c 2011-08-23 21:47:55.000000000 -0400
@@ -18113,27 +18252,48 @@ diff -urNp linux-3.0.4/arch/x86/lib/mmx_32.c linux-3.0.4/arch/x86/lib/mmx_32.c
from += 64;
to += 64;
+diff -urNp linux-3.0.4/arch/x86/lib/msr-reg.S linux-3.0.4/arch/x86/lib/msr-reg.S
+--- linux-3.0.4/arch/x86/lib/msr-reg.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/msr-reg.S 2011-10-07 19:07:28.000000000 -0400
+@@ -3,6 +3,7 @@
+ #include <asm/dwarf2.h>
+ #include <asm/asm.h>
+ #include <asm/msr.h>
++#include <asm/alternative-asm.h>
+
+ #ifdef CONFIG_X86_64
+ /*
+@@ -37,6 +38,7 @@ ENTRY(native_\op\()_safe_regs)
+ movl %edi, 28(%r10)
+ popq_cfi %rbp
+ popq_cfi %rbx
++ pax_force_retaddr
+ ret
+ 3:
+ CFI_RESTORE_STATE
diff -urNp linux-3.0.4/arch/x86/lib/putuser.S linux-3.0.4/arch/x86/lib/putuser.S
--- linux-3.0.4/arch/x86/lib/putuser.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/putuser.S 2011-08-23 21:47:55.000000000 -0400
-@@ -15,7 +15,8 @@
++++ linux-3.0.4/arch/x86/lib/putuser.S 2011-10-07 19:07:23.000000000 -0400
+@@ -15,7 +15,9 @@
#include <asm/thread_info.h>
#include <asm/errno.h>
#include <asm/asm.h>
-
+#include <asm/segment.h>
+#include <asm/pgtable.h>
++#include <asm/alternative-asm.h>
/*
* __put_user_X
-@@ -29,52 +30,119 @@
+@@ -29,52 +31,119 @@
* as they get called from within inline assembly.
*/
-#define ENTER CFI_STARTPROC ; \
- GET_THREAD_INFO(%_ASM_BX)
+-#define EXIT ret ; \
+#define ENTER CFI_STARTPROC
- #define EXIT ret ; \
++#define EXIT pax_force_retaddr; ret ; \
CFI_ENDPROC
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
@@ -18274,7 +18434,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/rwlock_64.S linux-3.0.4/arch/x86/lib/rwlock_
END(__read_lock_failed)
diff -urNp linux-3.0.4/arch/x86/lib/rwsem_64.S linux-3.0.4/arch/x86/lib/rwsem_64.S
--- linux-3.0.4/arch/x86/lib/rwsem_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/rwsem_64.S 2011-10-06 04:17:55.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/rwsem_64.S 2011-10-07 10:46:47.000000000 -0400
@@ -51,6 +51,7 @@ ENTRY(call_rwsem_down_read_failed)
popq_cfi %rdx
CFI_RESTORE rdx
@@ -18291,14 +18451,16 @@ diff -urNp linux-3.0.4/arch/x86/lib/rwsem_64.S linux-3.0.4/arch/x86/lib/rwsem_64
ret
CFI_ENDPROC
ENDPROC(call_rwsem_down_write_failed)
-@@ -73,6 +75,7 @@ ENTRY(call_rwsem_wake)
+@@ -73,7 +75,8 @@ ENTRY(call_rwsem_wake)
movq %rax,%rdi
call rwsem_wake
restore_common_regs
-+ pax_force_retaddr
- 1: ret
+-1: ret
++1: pax_force_retaddr
++ ret
CFI_ENDPROC
ENDPROC(call_rwsem_wake)
+
@@ -88,6 +91,7 @@ ENTRY(call_rwsem_downgrade_wake)
popq_cfi %rdx
CFI_RESTORE rdx
@@ -21203,6 +21365,86 @@ diff -urNp linux-3.0.4/arch/x86/net/bpf_jit_comp.c linux-3.0.4/arch/x86/net/bpf_
proglen,
sizeof(struct work_struct)));
if (!image)
+diff -urNp linux-3.0.4/arch/x86/net/bpf_jit.S linux-3.0.4/arch/x86/net/bpf_jit.S
+--- linux-3.0.4/arch/x86/net/bpf_jit.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/net/bpf_jit.S 2011-10-07 19:07:28.000000000 -0400
+@@ -9,6 +9,7 @@
+ */
+ #include <linux/linkage.h>
+ #include <asm/dwarf2.h>
++#include <asm/alternative-asm.h>
+
+ /*
+ * Calling convention :
+@@ -35,6 +36,7 @@ sk_load_word:
+ jle bpf_slow_path_word
+ mov (SKBDATA,%rsi),%eax
+ bswap %eax /* ntohl() */
++ pax_force_retaddr
+ ret
+
+
+@@ -53,6 +55,7 @@ sk_load_half:
+ jle bpf_slow_path_half
+ movzwl (SKBDATA,%rsi),%eax
+ rol $8,%ax # ntohs()
++ pax_force_retaddr
+ ret
+
+ sk_load_byte_ind:
+@@ -66,6 +69,7 @@ sk_load_byte:
+ cmp %esi,%r9d /* if (offset >= hlen) goto bpf_slow_path_byte */
+ jle bpf_slow_path_byte
+ movzbl (SKBDATA,%rsi),%eax
++ pax_force_retaddr
+ ret
+
+ /**
+@@ -82,6 +86,7 @@ ENTRY(sk_load_byte_msh)
+ movzbl (SKBDATA,%rsi),%ebx
+ and $15,%bl
+ shl $2,%bl
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ ENDPROC(sk_load_byte_msh)
+@@ -91,6 +96,7 @@ bpf_error:
+ xor %eax,%eax
+ mov -8(%rbp),%rbx
+ leaveq
++ pax_force_retaddr
+ ret
+
+ /* rsi contains offset and can be scratched */
+@@ -113,6 +119,7 @@ bpf_slow_path_word:
+ js bpf_error
+ mov -12(%rbp),%eax
+ bswap %eax
++ pax_force_retaddr
+ ret
+
+ bpf_slow_path_half:
+@@ -121,12 +128,14 @@ bpf_slow_path_half:
+ mov -12(%rbp),%ax
+ rol $8,%ax
+ movzwl %ax,%eax
++ pax_force_retaddr
+ ret
+
+ bpf_slow_path_byte:
+ bpf_slow_path_common(1)
+ js bpf_error
+ movzbl -12(%rbp),%eax
++ pax_force_retaddr
+ ret
+
+ bpf_slow_path_byte_msh:
+@@ -137,4 +146,5 @@ bpf_slow_path_byte_msh:
+ and $15,%al
+ shl $2,%al
+ xchg %eax,%ebx
++ pax_force_retaddr
+ ret
diff -urNp linux-3.0.4/arch/x86/oprofile/backtrace.c linux-3.0.4/arch/x86/oprofile/backtrace.c
--- linux-3.0.4/arch/x86/oprofile/backtrace.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/arch/x86/oprofile/backtrace.c 2011-10-06 04:17:55.000000000 -0400
@@ -22540,7 +22782,7 @@ diff -urNp linux-3.0.4/crypto/serpent.c linux-3.0.4/crypto/serpent.c
for (i = 0; i < keylen; ++i)
diff -urNp linux-3.0.4/Documentation/dontdiff linux-3.0.4/Documentation/dontdiff
--- linux-3.0.4/Documentation/dontdiff 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/Documentation/dontdiff 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/Documentation/dontdiff 2011-10-07 19:07:23.000000000 -0400
@@ -5,6 +5,7 @@
*.cis
*.cpio
@@ -22609,7 +22851,15 @@ diff -urNp linux-3.0.4/Documentation/dontdiff linux-3.0.4/Documentation/dontdiff
logo_*.c
logo_*_clut224.c
logo_*_mono.c
-@@ -174,6 +180,7 @@ mkboot
+@@ -166,7 +172,6 @@ machtypes.h
+ map
+ map_hugetlb
+ maui_boot.h
+-media
+ mconf
+ miboot*
+ mk_elfconfig
+@@ -174,6 +179,7 @@ mkboot
mkbugboot
mkcpustr
mkdep
@@ -22617,7 +22867,7 @@ diff -urNp linux-3.0.4/Documentation/dontdiff linux-3.0.4/Documentation/dontdiff
mkprep
mkregtable
mktables
-@@ -209,6 +216,7 @@ r300_reg_safe.h
+@@ -209,6 +215,7 @@ r300_reg_safe.h
r420_reg_safe.h
r600_reg_safe.h
recordmcount
@@ -22625,7 +22875,7 @@ diff -urNp linux-3.0.4/Documentation/dontdiff linux-3.0.4/Documentation/dontdiff
relocs
rlim_names.h
rn50_reg_safe.h
-@@ -219,6 +227,7 @@ setup
+@@ -219,6 +226,7 @@ setup
setup.bin
setup.elf
sImage
@@ -22633,7 +22883,7 @@ diff -urNp linux-3.0.4/Documentation/dontdiff linux-3.0.4/Documentation/dontdiff
sm_tbl*
split-include
syscalltab.h
-@@ -246,7 +255,9 @@ vmlinux
+@@ -246,7 +254,9 @@ vmlinux
vmlinux-*
vmlinux.aout
vmlinux.bin.all
@@ -22643,7 +22893,7 @@ diff -urNp linux-3.0.4/Documentation/dontdiff linux-3.0.4/Documentation/dontdiff
vmlinuz
voffset.h
vsyscall.lds
-@@ -254,6 +265,7 @@ vsyscall_32.lds
+@@ -254,6 +264,7 @@ vsyscall_32.lds
wanxlfw.inc
uImage
unifdef
@@ -28456,7 +28706,7 @@ diff -urNp linux-3.0.4/drivers/media/dvb/dvb-usb/lmedm04.c linux-3.0.4/drivers/m
info("FRM Firmware Cold Reset");
diff -urNp linux-3.0.4/drivers/media/dvb/frontends/dib3000.h linux-3.0.4/drivers/media/dvb/frontends/dib3000.h
--- linux-3.0.4/drivers/media/dvb/frontends/dib3000.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/drivers/media/dvb/frontends/dib3000.h 2011-08-24 18:28:18.000000000 -0400
++++ linux-3.0.4/drivers/media/dvb/frontends/dib3000.h 2011-10-07 19:07:39.000000000 -0400
@@ -40,10 +40,11 @@ struct dib_fe_xfer_ops
int (*pid_ctrl)(struct dvb_frontend *fe, int index, int pid, int onoff);
int (*tuner_pass_ctrl)(struct dvb_frontend *fe, int onoff, u8 pll_ctrl);
@@ -58863,6 +59113,39 @@ diff -urNp linux-3.0.4/include/linux/unaligned/access_ok.h linux-3.0.4/include/l
}
static inline void put_unaligned_le16(u16 val, void *p)
+diff -urNp linux-3.0.4/include/linux/vermagic.h linux-3.0.4/include/linux/vermagic.h
+--- linux-3.0.4/include/linux/vermagic.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/include/linux/vermagic.h 2011-10-07 19:25:35.000000000 -0400
+@@ -26,9 +26,28 @@
+ #define MODULE_ARCH_VERMAGIC ""
+ #endif
+
++#ifdef CONFIG_PAX_REFCOUNT
++#define MODULE_PAX_REFCOUNT "REFCOUNT "
++#else
++#define MODULE_PAX_REFCOUNT ""
++#endif
++
++#ifdef CONSTIFY_PLUGIN
++#define MODULE_CONSTIFY_PLUGIN "CONSTIFY_PLUGIN "
++#else
++#define MODULE_CONSTIFY_PLUGIN ""
++#endif
++
++#ifdef CONFIG_GRKERNSEC
++#define MODULE_GRSEC "GRSEC "
++#else
++#define MODULE_GRSEC ""
++#endif
++
+ #define VERMAGIC_STRING \
+ UTS_RELEASE " " \
+ MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT \
+ MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS \
+- MODULE_ARCH_VERMAGIC
++ MODULE_ARCH_VERMAGIC \
++ MODULE_PAX_REFCOUNT MODULE_CONSTIFY_PLUGIN MODULE_GRSEC
+
diff -urNp linux-3.0.4/include/linux/vmalloc.h linux-3.0.4/include/linux/vmalloc.h
--- linux-3.0.4/include/linux/vmalloc.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/include/linux/vmalloc.h 2011-08-23 21:47:56.000000000 -0400
@@ -59050,7 +59333,7 @@ diff -urNp linux-3.0.4/include/linux/vmstat.h linux-3.0.4/include/linux/vmstat.h
static inline void __dec_zone_page_state(struct page *page,
diff -urNp linux-3.0.4/include/media/saa7146_vv.h linux-3.0.4/include/media/saa7146_vv.h
--- linux-3.0.4/include/media/saa7146_vv.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/include/media/saa7146_vv.h 2011-08-24 18:26:09.000000000 -0400
++++ linux-3.0.4/include/media/saa7146_vv.h 2011-10-07 19:07:40.000000000 -0400
@@ -163,7 +163,7 @@ struct saa7146_ext_vv
int (*std_callback)(struct saa7146_dev*, struct saa7146_standard *);
@@ -59060,6 +59343,26 @@ diff -urNp linux-3.0.4/include/media/saa7146_vv.h linux-3.0.4/include/media/saa7
/* pointer to the saa7146 core ops */
const struct v4l2_ioctl_ops *core_ops;
+diff -urNp linux-3.0.4/include/media/v4l2-dev.h linux-3.0.4/include/media/v4l2-dev.h
+--- linux-3.0.4/include/media/v4l2-dev.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/include/media/v4l2-dev.h 2011-10-07 19:07:40.000000000 -0400
+@@ -56,7 +56,7 @@ int v4l2_prio_check(struct v4l2_prio_sta
+
+
+ struct v4l2_file_operations {
+- struct module *owner;
++ struct module * const owner;
+ ssize_t (*read) (struct file *, char __user *, size_t, loff_t *);
+ ssize_t (*write) (struct file *, const char __user *, size_t, loff_t *);
+ unsigned int (*poll) (struct file *, struct poll_table_struct *);
+@@ -68,6 +68,7 @@ struct v4l2_file_operations {
+ int (*open) (struct file *);
+ int (*release) (struct file *);
+ };
++typedef struct v4l2_file_operations __no_const v4l2_file_operations_no_const;
+
+ /*
+ * Newer version of video_device, handled by videodev2.c
diff -urNp linux-3.0.4/include/media/v4l2-ioctl.h linux-3.0.4/include/media/v4l2-ioctl.h
--- linux-3.0.4/include/media/v4l2-ioctl.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/include/media/v4l2-ioctl.h 2011-08-24 18:25:45.000000000 -0400
@@ -65052,7 +65355,7 @@ diff -urNp linux-3.0.4/localversion-grsec linux-3.0.4/localversion-grsec
+-grsec
diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
--- linux-3.0.4/Makefile 2011-09-02 18:11:26.000000000 -0400
-+++ linux-3.0.4/Makefile 2011-10-06 04:17:55.000000000 -0400
++++ linux-3.0.4/Makefile 2011-10-07 19:29:57.000000000 -0400
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
HOSTCC = gcc
@@ -65135,26 +65438,24 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -907,6 +940,8 @@ define rule_vmlinux-modpost
- endef
+@@ -932,6 +965,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-mai
+
+ # The actual objects are generated when descending,
+ # make sure no implicit rule kicks in
++$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): KBUILD_CFLAGS += $(GCC_PLUGINS)
+ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
- # vmlinux image - including updated kernel symbols
-+$(vmlinux-all): KBUILD_CFLAGS += $(GCC_PLUGINS)
-+$(vmlinux-all): gcc-plugins
- vmlinux: $(vmlinux-lds) $(vmlinux-init) $(vmlinux-main) vmlinux.o $(kallsyms.o) FORCE
- ifdef CONFIG_HEADERS_CHECK
- $(Q)$(MAKE) -f $(srctree)/Makefile headers_check
-@@ -941,7 +976,8 @@ $(sort $(vmlinux-init) $(vmlinux-main))
+ # Handle descending into subdirectories listed in $(vmlinux-dirs)
+@@ -941,7 +975,7 @@ $(sort $(vmlinux-init) $(vmlinux-main))
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
-$(vmlinux-dirs): prepare scripts
-+$(vmlinux-dirs): KBUILD_CFLAGS += $(GCC_PLUGINS)
+$(vmlinux-dirs): gcc-plugins prepare scripts
$(Q)$(MAKE) $(build)=$@
# Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -986,6 +1022,7 @@ prepare0: archprepare FORCE
+@@ -986,6 +1020,7 @@ prepare0: archprepare FORCE
$(Q)$(MAKE) $(build)=. missing-syscalls
# All the preparing..
@@ -65162,7 +65463,15 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
prepare: prepare0
# Generate some files
-@@ -1102,7 +1139,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
+@@ -1087,6 +1122,7 @@ all: modules
+ # using awk while concatenating to the final file.
+
+ PHONY += modules
++modules: KBUILD_CFLAGS += $(GCC_PLUGINS)
+ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
+ $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
+ @$(kecho) ' Building modules, stage 2.';
+@@ -1102,7 +1138,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
# Target to prepare building external modules
PHONY += modules_prepare
@@ -65171,7 +65480,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
# Target to install modules
PHONY += modules_install
-@@ -1198,7 +1235,7 @@ distclean: mrproper
+@@ -1198,7 +1234,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -65180,7 +65489,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1359,6 +1396,7 @@ PHONY += $(module-dirs) modules
+@@ -1359,6 +1395,7 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -65188,7 +65497,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1485,17 +1523,19 @@ else
+@@ -1485,17 +1522,19 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -65212,7 +65521,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1505,11 +1545,13 @@ endif
+@@ -1505,11 +1544,13 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2011-10-08 17:34 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-09-25 13:29 [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.0.4/ Anthony G. Basile
-- strict thread matches above, loose matches on Subject: below --
2011-10-08 17:34 Anthony G. Basile
2011-10-08 13:57 Anthony G. Basile
2011-09-26 20:04 Anthony G. Basile
2011-09-25 13:32 Anthony G. Basile
2011-09-21 11:31 Anthony G. Basile
2011-09-15 17:57 Anthony G. Basile
2011-09-04 12:34 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox