diff options
author | Anthony G. Basile <basile@opensource.dyc.edu> | 2011-02-13 11:41:40 -0500 |
---|---|---|
committer | Anthony G. Basile <basile@opensource.dyc.edu> | 2011-02-13 11:41:40 -0500 |
commit | 3654e93df322afa3fdc41646d253584ba0207241 (patch) | |
tree | 34b87a130c4fa6e3fea3813f8d7c0f0969af96dd /2.6.32 | |
parent | Separated Workastation and Virtualization predefined security levels (diff) | |
download | hardened-patchset-3654e93df322afa3fdc41646d253584ba0207241.tar.gz hardened-patchset-3654e93df322afa3fdc41646d253584ba0207241.tar.bz2 hardened-patchset-3654e93df322afa3fdc41646d253584ba0207241.zip |
Update Grsec/PaX
2.2.1-2.6.32.28-201102121148
2.2.1-2.6.37-201102121148.patch
Diffstat (limited to '2.6.32')
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch (renamed from 2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201101170305.patch) | 990 | ||||
-rw-r--r-- | 2.6.32/4440_selinux-avc_audit-log-curr_ip.patch | 2 |
3 files changed, 737 insertions, 257 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index ebbdde9..c1feb8d 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.1-2.6.32.28-201101170305.patch +Patch: 4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201101170305.patch b/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch index ead21d1..b1b6990 100644 --- a/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201101170305.patch +++ b/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch @@ -7603,7 +7603,7 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/elf.h linux-2.6.32.28/arch/x86/i #endif /* _ASM_X86_ELF_H */ diff -urNp linux-2.6.32.28/arch/x86/include/asm/futex.h linux-2.6.32.28/arch/x86/include/asm/futex.h --- linux-2.6.32.28/arch/x86/include/asm/futex.h 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/arch/x86/include/asm/futex.h 2010-12-31 14:47:00.000000000 -0500 ++++ linux-2.6.32.28/arch/x86/include/asm/futex.h 2011-01-25 20:24:47.000000000 -0500 @@ -12,16 +12,18 @@ #include <asm/system.h> @@ -7616,7 +7616,7 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/futex.h linux-2.6.32.28/arch/x86 "\t.previous\n" \ _ASM_EXTABLE(1b, 3b) \ - : "=r" (oldval), "=r" (ret), "+m" (*uaddr) \ -+ : "=r" (oldval), "=r" (ret), "+m" (*____m(uaddr))\ ++ : "=r" (oldval), "=r" (ret), "+m" (*(u32 *)____m(uaddr))\ : "i" (-EFAULT), "0" (oparg), "1" (0)) #define __futex_atomic_op2(insn, ret, oldval, uaddr, oparg) \ @@ -7629,7 +7629,7 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/futex.h linux-2.6.32.28/arch/x86 _ASM_EXTABLE(2b, 4b) \ : "=&a" (oldval), "=&r" (ret), \ - "+m" (*uaddr), "=&r" (tem) \ -+ "+m" (*(____m(uaddr))), "=&r" (tem) \ ++ "+m" (*(u32 *)____m(uaddr)), "=&r" (tem) \ : "r" (oparg), "i" (-EFAULT), "1" (0)) -static inline int futex_atomic_op_inuser(int encoded_op, int __user *uaddr) @@ -7675,7 +7675,7 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/futex.h linux-2.6.32.28/arch/x86 "\t.previous\n" _ASM_EXTABLE(1b, 3b) - : "=a" (oldval), "+m" (*uaddr) -+ : "=a" (oldval), "+m" (*____m(uaddr)) ++ : "=a" (oldval), "+m" (*(u32 *)____m(uaddr)) : "i" (-EFAULT), "r" (newval), "0" (oldval) : "memory" ); @@ -7722,9 +7722,38 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/i387.h linux-2.6.32.28/arch/x86/ /* * These must be called with preempt disabled +diff -urNp linux-2.6.32.28/arch/x86/include/asm/io_32.h linux-2.6.32.28/arch/x86/include/asm/io_32.h +--- linux-2.6.32.28/arch/x86/include/asm/io_32.h 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.28/arch/x86/include/asm/io_32.h 2011-01-27 22:39:52.000000000 -0500 +@@ -3,6 +3,7 @@ + + #include <linux/string.h> + #include <linux/compiler.h> ++#include <asm/processor.h> + + /* + * This file contains the definitions for the x86 IO instructions +@@ -42,6 +43,17 @@ + + #ifdef __KERNEL__ + ++#define ARCH_HAS_VALID_PHYS_ADDR_RANGE ++static inline int valid_phys_addr_range(unsigned long addr, size_t count) ++{ ++ return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1ULL << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0; ++} ++ ++static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t count) ++{ ++ return (pfn + (count >> PAGE_SHIFT)) < (1ULL << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0; ++} ++ + #include <asm-generic/iomap.h> + + #include <linux/vmalloc.h> diff -urNp linux-2.6.32.28/arch/x86/include/asm/io_64.h linux-2.6.32.28/arch/x86/include/asm/io_64.h --- linux-2.6.32.28/arch/x86/include/asm/io_64.h 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/arch/x86/include/asm/io_64.h 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/arch/x86/include/asm/io_64.h 2011-01-27 22:39:52.000000000 -0500 @@ -140,6 +140,17 @@ __OUTS(l) #include <linux/vmalloc.h> @@ -7732,12 +7761,12 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/io_64.h linux-2.6.32.28/arch/x86 +#define ARCH_HAS_VALID_PHYS_ADDR_RANGE +static inline int valid_phys_addr_range(unsigned long addr, size_t count) +{ -+ return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0; ++ return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1ULL << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0; +} + +static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t count) +{ -+ return (pfn + (count >> PAGE_SHIFT)) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0; ++ return (pfn + (count >> PAGE_SHIFT)) < (1ULL << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0; +} + #include <asm-generic/iomap.h> @@ -8014,7 +8043,7 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/mman.h linux-2.6.32.28/arch/x86/ #endif /* _ASM_X86_MMAN_H */ diff -urNp linux-2.6.32.28/arch/x86/include/asm/mmu_context.h linux-2.6.32.28/arch/x86/include/asm/mmu_context.h --- linux-2.6.32.28/arch/x86/include/asm/mmu_context.h 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/arch/x86/include/asm/mmu_context.h 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/arch/x86/include/asm/mmu_context.h 2011-02-12 11:05:01.000000000 -0500 @@ -24,6 +24,21 @@ void destroy_context(struct mm_struct *m static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk) @@ -8046,8 +8075,8 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/mmu_context.h linux-2.6.32.28/ar +#endif if (likely(prev != next)) { - /* stop flush ipis for the previous mm */ - cpumask_clear_cpu(cpu, mm_cpumask(prev)); +- /* stop flush ipis for the previous mm */ +- cpumask_clear_cpu(cpu, mm_cpumask(prev)); #ifdef CONFIG_SMP +#ifdef CONFIG_X86_32 + tlbstate = percpu_read(cpu_tlbstate.state); @@ -8067,6 +8096,8 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/mmu_context.h linux-2.6.32.28/ar +#else load_cr3(next->pgd); +#endif ++ /* stop flush ipis for the previous mm */ ++ cpumask_clear_cpu(cpu, mm_cpumask(prev)); /* * load the LDT, if the LDT is different: @@ -10724,8 +10755,16 @@ diff -urNp linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce_amd.c linux-2.6.32.28/ }; diff -urNp linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce.c linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce.c --- linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce.c 2010-12-31 14:46:53.000000000 -0500 -@@ -187,7 +187,7 @@ static void print_mce(struct mce *m) ++++ linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce.c 2011-01-25 20:24:47.000000000 -0500 +@@ -43,6 +43,7 @@ + #include <asm/ipi.h> + #include <asm/mce.h> + #include <asm/msr.h> ++#include <asm/local.h> + + #include "mce-internal.h" + +@@ -187,7 +188,7 @@ static void print_mce(struct mce *m) !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "", m->cs, m->ip); @@ -10734,12 +10773,12 @@ diff -urNp linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce.c linux-2.6.32.28/arch print_symbol("{%s}", m->ip); pr_cont("\n"); } -@@ -1429,14 +1429,14 @@ void __cpuinit mcheck_init(struct cpuinf +@@ -1429,14 +1430,14 @@ void __cpuinit mcheck_init(struct cpuinf */ static DEFINE_SPINLOCK(mce_state_lock); -static int open_count; /* #times opened */ -+static atomic_t open_count; /* #times opened */ ++static local_t open_count; /* #times opened */ static int open_exclu; /* already open exclusive? */ static int mce_open(struct inode *inode, struct file *file) @@ -10747,29 +10786,29 @@ diff -urNp linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce.c linux-2.6.32.28/arch spin_lock(&mce_state_lock); - if (open_exclu || (open_count && (file->f_flags & O_EXCL))) { -+ if (open_exclu || (atomic_read(&open_count) && (file->f_flags & O_EXCL))) { ++ if (open_exclu || (local_read(&open_count) && (file->f_flags & O_EXCL))) { spin_unlock(&mce_state_lock); return -EBUSY; -@@ -1444,7 +1444,7 @@ static int mce_open(struct inode *inode, +@@ -1444,7 +1445,7 @@ static int mce_open(struct inode *inode, if (file->f_flags & O_EXCL) open_exclu = 1; - open_count++; -+ atomic_inc(&open_count); ++ local_inc(&open_count); spin_unlock(&mce_state_lock); -@@ -1455,7 +1455,7 @@ static int mce_release(struct inode *ino +@@ -1455,7 +1456,7 @@ static int mce_release(struct inode *ino { spin_lock(&mce_state_lock); - open_count--; -+ atomic_dec(&open_count); ++ local_dec(&open_count); open_exclu = 0; spin_unlock(&mce_state_lock); -@@ -1595,6 +1595,7 @@ static struct miscdevice mce_log_device +@@ -1595,6 +1596,7 @@ static struct miscdevice mce_log_device MISC_MCELOG_MINOR, "mcelog", &mce_chrdev_ops, @@ -23970,98 +24009,106 @@ diff -urNp linux-2.6.32.28/drivers/char/hvc_rtas.c linux-2.6.32.28/drivers/char/ }; diff -urNp linux-2.6.32.28/drivers/char/hvcs.c linux-2.6.32.28/drivers/char/hvcs.c --- linux-2.6.32.28/drivers/char/hvcs.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/drivers/char/hvcs.c 2010-12-31 14:46:53.000000000 -0500 -@@ -269,7 +269,7 @@ struct hvcs_struct { ++++ linux-2.6.32.28/drivers/char/hvcs.c 2011-01-25 20:24:47.000000000 -0500 +@@ -82,6 +82,7 @@ + #include <asm/hvcserver.h> + #include <asm/uaccess.h> + #include <asm/vio.h> ++#include <asm/local.h> + + /* + * 1.3.0 -> 1.3.1 In hvcs_open memset(..,0x00,..) instead of memset(..,0x3F,00). +@@ -269,7 +270,7 @@ struct hvcs_struct { unsigned int index; struct tty_struct *tty; - int open_count; -+ atomic_t open_count; ++ local_t open_count; /* * Used to tell the driver kernel_thread what operations need to take -@@ -419,7 +419,7 @@ static ssize_t hvcs_vterm_state_store(st +@@ -419,7 +420,7 @@ static ssize_t hvcs_vterm_state_store(st spin_lock_irqsave(&hvcsd->lock, flags); - if (hvcsd->open_count > 0) { -+ if (atomic_read(&hvcsd->open_count) > 0) { ++ if (local_read(&hvcsd->open_count) > 0) { spin_unlock_irqrestore(&hvcsd->lock, flags); printk(KERN_INFO "HVCS: vterm state unchanged. " "The hvcs device node is still in use.\n"); -@@ -1135,7 +1135,7 @@ static int hvcs_open(struct tty_struct * +@@ -1135,7 +1136,7 @@ static int hvcs_open(struct tty_struct * if ((retval = hvcs_partner_connect(hvcsd))) goto error_release; - hvcsd->open_count = 1; -+ atomic_set(&hvcsd->open_count, 1); ++ local_set(&hvcsd->open_count, 1); hvcsd->tty = tty; tty->driver_data = hvcsd; -@@ -1169,7 +1169,7 @@ fast_open: +@@ -1169,7 +1170,7 @@ fast_open: spin_lock_irqsave(&hvcsd->lock, flags); kref_get(&hvcsd->kref); - hvcsd->open_count++; -+ atomic_inc(&hvcsd->open_count); ++ local_inc(&hvcsd->open_count); hvcsd->todo_mask |= HVCS_SCHED_READ; spin_unlock_irqrestore(&hvcsd->lock, flags); -@@ -1213,7 +1213,7 @@ static void hvcs_close(struct tty_struct +@@ -1213,7 +1214,7 @@ static void hvcs_close(struct tty_struct hvcsd = tty->driver_data; spin_lock_irqsave(&hvcsd->lock, flags); - if (--hvcsd->open_count == 0) { -+ if (atomic_dec_and_test(&hvcsd->open_count)) { ++ if (local_dec_and_test(&hvcsd->open_count)) { vio_disable_interrupts(hvcsd->vdev); -@@ -1239,10 +1239,10 @@ static void hvcs_close(struct tty_struct +@@ -1239,10 +1240,10 @@ static void hvcs_close(struct tty_struct free_irq(irq, hvcsd); kref_put(&hvcsd->kref, destroy_hvcs_struct); return; - } else if (hvcsd->open_count < 0) { -+ } else if (atomic_read(&hvcsd->open_count) < 0) { ++ } else if (local_read(&hvcsd->open_count) < 0) { printk(KERN_ERR "HVCS: vty-server@%X open_count: %d" " is missmanaged.\n", - hvcsd->vdev->unit_address, hvcsd->open_count); -+ hvcsd->vdev->unit_address, atomic_read(&hvcsd->open_count)); ++ hvcsd->vdev->unit_address, local_read(&hvcsd->open_count)); } spin_unlock_irqrestore(&hvcsd->lock, flags); -@@ -1258,7 +1258,7 @@ static void hvcs_hangup(struct tty_struc +@@ -1258,7 +1259,7 @@ static void hvcs_hangup(struct tty_struc spin_lock_irqsave(&hvcsd->lock, flags); /* Preserve this so that we know how many kref refs to put */ - temp_open_count = hvcsd->open_count; -+ temp_open_count = atomic_read(&hvcsd->open_count); ++ temp_open_count = local_read(&hvcsd->open_count); /* * Don't kref put inside the spinlock because the destruction -@@ -1273,7 +1273,7 @@ static void hvcs_hangup(struct tty_struc +@@ -1273,7 +1274,7 @@ static void hvcs_hangup(struct tty_struc hvcsd->tty->driver_data = NULL; hvcsd->tty = NULL; - hvcsd->open_count = 0; -+ atomic_set(&hvcsd->open_count, 0); ++ local_set(&hvcsd->open_count, 0); /* This will drop any buffered data on the floor which is OK in a hangup * scenario. */ -@@ -1344,7 +1344,7 @@ static int hvcs_write(struct tty_struct +@@ -1344,7 +1345,7 @@ static int hvcs_write(struct tty_struct * the middle of a write operation? This is a crummy place to do this * but we want to keep it all in the spinlock. */ - if (hvcsd->open_count <= 0) { -+ if (atomic_read(&hvcsd->open_count) <= 0) { ++ if (local_read(&hvcsd->open_count) <= 0) { spin_unlock_irqrestore(&hvcsd->lock, flags); return -ENODEV; } -@@ -1418,7 +1418,7 @@ static int hvcs_write_room(struct tty_st +@@ -1418,7 +1419,7 @@ static int hvcs_write_room(struct tty_st { struct hvcs_struct *hvcsd = tty->driver_data; - if (!hvcsd || hvcsd->open_count <= 0) -+ if (!hvcsd || atomic_read(&hvcsd->open_count) <= 0) ++ if (!hvcsd || local_read(&hvcsd->open_count) <= 0) return 0; return HVCS_BUFF_LEN - hvcsd->chars_in_buffer; @@ -24392,118 +24439,126 @@ diff -urNp linux-2.6.32.28/drivers/char/nvram.c linux-2.6.32.28/drivers/char/nvr static int __init nvram_init(void) diff -urNp linux-2.6.32.28/drivers/char/pcmcia/ipwireless/tty.c linux-2.6.32.28/drivers/char/pcmcia/ipwireless/tty.c --- linux-2.6.32.28/drivers/char/pcmcia/ipwireless/tty.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/drivers/char/pcmcia/ipwireless/tty.c 2010-12-31 14:46:53.000000000 -0500 -@@ -51,7 +51,7 @@ struct ipw_tty { ++++ linux-2.6.32.28/drivers/char/pcmcia/ipwireless/tty.c 2011-01-25 20:24:47.000000000 -0500 +@@ -29,6 +29,7 @@ + #include <linux/tty_driver.h> + #include <linux/tty_flip.h> + #include <linux/uaccess.h> ++#include <asm/local.h> + + #include "tty.h" + #include "network.h" +@@ -51,7 +52,7 @@ struct ipw_tty { int tty_type; struct ipw_network *network; struct tty_struct *linux_tty; - int open_count; -+ atomic_t open_count; ++ local_t open_count; unsigned int control_lines; struct mutex ipw_tty_mutex; int tx_bytes_queued; -@@ -127,10 +127,10 @@ static int ipw_open(struct tty_struct *l +@@ -127,10 +128,10 @@ static int ipw_open(struct tty_struct *l mutex_unlock(&tty->ipw_tty_mutex); return -ENODEV; } - if (tty->open_count == 0) -+ if (atomic_read(&tty->open_count) == 0) ++ if (local_read(&tty->open_count) == 0) tty->tx_bytes_queued = 0; - tty->open_count++; -+ atomic_inc(&tty->open_count); ++ local_inc(&tty->open_count); tty->linux_tty = linux_tty; linux_tty->driver_data = tty; -@@ -146,9 +146,7 @@ static int ipw_open(struct tty_struct *l +@@ -146,9 +147,7 @@ static int ipw_open(struct tty_struct *l static void do_ipw_close(struct ipw_tty *tty) { - tty->open_count--; - - if (tty->open_count == 0) { -+ if (atomic_dec_return(&tty->open_count) == 0) { ++ if (local_dec_return(&tty->open_count) == 0) { struct tty_struct *linux_tty = tty->linux_tty; if (linux_tty != NULL) { -@@ -169,7 +167,7 @@ static void ipw_hangup(struct tty_struct +@@ -169,7 +168,7 @@ static void ipw_hangup(struct tty_struct return; mutex_lock(&tty->ipw_tty_mutex); - if (tty->open_count == 0) { -+ if (atomic_read(&tty->open_count) == 0) { ++ if (local_read(&tty->open_count) == 0) { mutex_unlock(&tty->ipw_tty_mutex); return; } -@@ -198,7 +196,7 @@ void ipwireless_tty_received(struct ipw_ +@@ -198,7 +197,7 @@ void ipwireless_tty_received(struct ipw_ return; } - if (!tty->open_count) { -+ if (!atomic_read(&tty->open_count)) { ++ if (!local_read(&tty->open_count)) { mutex_unlock(&tty->ipw_tty_mutex); return; } -@@ -240,7 +238,7 @@ static int ipw_write(struct tty_struct * +@@ -240,7 +239,7 @@ static int ipw_write(struct tty_struct * return -ENODEV; mutex_lock(&tty->ipw_tty_mutex); - if (!tty->open_count) { -+ if (!atomic_read(&tty->open_count)) { ++ if (!local_read(&tty->open_count)) { mutex_unlock(&tty->ipw_tty_mutex); return -EINVAL; } -@@ -280,7 +278,7 @@ static int ipw_write_room(struct tty_str +@@ -280,7 +279,7 @@ static int ipw_write_room(struct tty_str if (!tty) return -ENODEV; - if (!tty->open_count) -+ if (!atomic_read(&tty->open_count)) ++ if (!local_read(&tty->open_count)) return -EINVAL; room = IPWIRELESS_TX_QUEUE_SIZE - tty->tx_bytes_queued; -@@ -322,7 +320,7 @@ static int ipw_chars_in_buffer(struct tt +@@ -322,7 +321,7 @@ static int ipw_chars_in_buffer(struct tt if (!tty) return 0; - if (!tty->open_count) -+ if (!atomic_read(&tty->open_count)) ++ if (!local_read(&tty->open_count)) return 0; return tty->tx_bytes_queued; -@@ -403,7 +401,7 @@ static int ipw_tiocmget(struct tty_struc +@@ -403,7 +402,7 @@ static int ipw_tiocmget(struct tty_struc if (!tty) return -ENODEV; - if (!tty->open_count) -+ if (!atomic_read(&tty->open_count)) ++ if (!local_read(&tty->open_count)) return -EINVAL; return get_control_lines(tty); -@@ -419,7 +417,7 @@ ipw_tiocmset(struct tty_struct *linux_tt +@@ -419,7 +418,7 @@ ipw_tiocmset(struct tty_struct *linux_tt if (!tty) return -ENODEV; - if (!tty->open_count) -+ if (!atomic_read(&tty->open_count)) ++ if (!local_read(&tty->open_count)) return -EINVAL; return set_control_lines(tty, set, clear); -@@ -433,7 +431,7 @@ static int ipw_ioctl(struct tty_struct * +@@ -433,7 +432,7 @@ static int ipw_ioctl(struct tty_struct * if (!tty) return -ENODEV; - if (!tty->open_count) -+ if (!atomic_read(&tty->open_count)) ++ if (!local_read(&tty->open_count)) return -EINVAL; /* FIXME: Exactly how is the tty object locked here .. */ -@@ -591,7 +589,7 @@ void ipwireless_tty_free(struct ipw_tty +@@ -591,7 +590,7 @@ void ipwireless_tty_free(struct ipw_tty against a parallel ioctl etc */ mutex_lock(&ttyj->ipw_tty_mutex); } - while (ttyj->open_count) -+ while (atomic_read(&ttyj->open_count)) ++ while (local_read(&ttyj->open_count)) do_ipw_close(ttyj); ipwireless_disassociate_network_ttys(network, ttyj->channel_idx); @@ -24586,34 +24641,42 @@ diff -urNp linux-2.6.32.28/drivers/char/random.c linux-2.6.32.28/drivers/char/ra diff -urNp linux-2.6.32.28/drivers/char/sonypi.c linux-2.6.32.28/drivers/char/sonypi.c --- linux-2.6.32.28/drivers/char/sonypi.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/drivers/char/sonypi.c 2010-12-31 14:46:53.000000000 -0500 -@@ -491,7 +491,7 @@ static struct sonypi_device { ++++ linux-2.6.32.28/drivers/char/sonypi.c 2011-01-25 20:24:47.000000000 -0500 +@@ -55,6 +55,7 @@ + #include <asm/uaccess.h> + #include <asm/io.h> + #include <asm/system.h> ++#include <asm/local.h> + + #include <linux/sonypi.h> + +@@ -491,7 +492,7 @@ static struct sonypi_device { spinlock_t fifo_lock; wait_queue_head_t fifo_proc_list; struct fasync_struct *fifo_async; - int open_count; -+ atomic_t open_count; ++ local_t open_count; int model; struct input_dev *input_jog_dev; struct input_dev *input_key_dev; -@@ -895,7 +895,7 @@ static int sonypi_misc_fasync(int fd, st +@@ -895,7 +896,7 @@ static int sonypi_misc_fasync(int fd, st static int sonypi_misc_release(struct inode *inode, struct file *file) { mutex_lock(&sonypi_device.lock); - sonypi_device.open_count--; -+ atomic_dec(&sonypi_device.open_count); ++ local_dec(&sonypi_device.open_count); mutex_unlock(&sonypi_device.lock); return 0; } -@@ -905,9 +905,9 @@ static int sonypi_misc_open(struct inode +@@ -905,9 +906,9 @@ static int sonypi_misc_open(struct inode lock_kernel(); mutex_lock(&sonypi_device.lock); /* Flush input queue on first open */ - if (!sonypi_device.open_count) -+ if (!atomic_read(&sonypi_device.open_count)) ++ if (!local_read(&sonypi_device.open_count)) kfifo_reset(sonypi_device.fifo); - sonypi_device.open_count++; -+ atomic_inc(&sonypi_device.open_count); ++ local_inc(&sonypi_device.open_count); mutex_unlock(&sonypi_device.lock); unlock_kernel(); return 0; @@ -25166,7 +25229,7 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_drv.c linux-2.6.32.28/drivers/gpu DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n", diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_fops.c linux-2.6.32.28/drivers/gpu/drm/drm_fops.c --- linux-2.6.32.28/drivers/gpu/drm/drm_fops.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/drivers/gpu/drm/drm_fops.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/drivers/gpu/drm/drm_fops.c 2011-01-24 18:05:30.000000000 -0500 @@ -66,7 +66,7 @@ static int drm_setup(struct drm_device * } @@ -25184,7 +25247,7 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_fops.c linux-2.6.32.28/drivers/gp + atomic_inc_unchecked(&dev->counts[_DRM_STAT_OPENS]); spin_lock(&dev->count_lock); - if (!dev->open_count++) { -+ if (atomic_inc_return(&dev->open_count) == 1) { ++ if (local_inc_return(&dev->open_count) == 1) { spin_unlock(&dev->count_lock); retcode = drm_setup(dev); goto out; @@ -25193,7 +25256,7 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_fops.c linux-2.6.32.28/drivers/gp lock_kernel(); - DRM_DEBUG("open_count = %d\n", dev->open_count); -+ DRM_DEBUG("open_count = %d\n", atomic_read(&dev->open_count)); ++ DRM_DEBUG("open_count = %d\n", local_read(&dev->open_count)); if (dev->driver->preclose) dev->driver->preclose(dev, file_priv); @@ -25202,7 +25265,7 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_fops.c linux-2.6.32.28/drivers/gp task_pid_nr(current), (long)old_encode_dev(file_priv->minor->device), - dev->open_count); -+ atomic_read(&dev->open_count)); ++ local_read(&dev->open_count)); /* if the master has gone away we can't do anything with the lock */ if (file_priv->minor->master) @@ -25214,13 +25277,49 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_fops.c linux-2.6.32.28/drivers/gp + atomic_inc_unchecked(&dev->counts[_DRM_STAT_CLOSES]); spin_lock(&dev->count_lock); - if (!--dev->open_count) { -+ if (atomic_dec_and_test(&dev->open_count)) { ++ if (local_dec_and_test(&dev->open_count)) { if (atomic_read(&dev->ioctl_count)) { DRM_ERROR("Device busy: %d\n", atomic_read(&dev->ioctl_count)); +diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_gem.c linux-2.6.32.28/drivers/gpu/drm/drm_gem.c +--- linux-2.6.32.28/drivers/gpu/drm/drm_gem.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.28/drivers/gpu/drm/drm_gem.c 2011-01-24 18:05:37.000000000 -0500 +@@ -83,11 +83,11 @@ drm_gem_init(struct drm_device *dev) + spin_lock_init(&dev->object_name_lock); + idr_init(&dev->object_name_idr); + atomic_set(&dev->object_count, 0); +- atomic_set(&dev->object_memory, 0); ++ atomic_set_unchecked(&dev->object_memory, 0); + atomic_set(&dev->pin_count, 0); +- atomic_set(&dev->pin_memory, 0); ++ atomic_set_unchecked(&dev->pin_memory, 0); + atomic_set(&dev->gtt_count, 0); +- atomic_set(&dev->gtt_memory, 0); ++ atomic_set_unchecked(&dev->gtt_memory, 0); + + mm = kzalloc(sizeof(struct drm_gem_mm), GFP_KERNEL); + if (!mm) { +@@ -150,7 +150,7 @@ drm_gem_object_alloc(struct drm_device * + goto fput; + } + atomic_inc(&dev->object_count); +- atomic_add(obj->size, &dev->object_memory); ++ atomic_add_unchecked(obj->size, &dev->object_memory); + return obj; + fput: + fput(obj->filp); +@@ -429,7 +429,7 @@ drm_gem_object_free(struct kref *kref) + + fput(obj->filp); + atomic_dec(&dev->object_count); +- atomic_sub(obj->size, &dev->object_memory); ++ atomic_sub_unchecked(obj->size, &dev->object_memory); + kfree(obj); + } + EXPORT_SYMBOL(drm_gem_object_free); diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_info.c linux-2.6.32.28/drivers/gpu/drm/drm_info.c --- linux-2.6.32.28/drivers/gpu/drm/drm_info.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/drivers/gpu/drm/drm_info.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/drivers/gpu/drm/drm_info.c 2011-01-24 18:05:30.000000000 -0500 @@ -75,10 +75,14 @@ int drm_vm_info(struct seq_file *m, void struct drm_local_map *map; struct drm_map_list *r_list; @@ -25249,6 +25348,20 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_info.c linux-2.6.32.28/drivers/gp type = "??"; else type = types[map->type]; +@@ -265,10 +269,10 @@ int drm_gem_object_info(struct seq_file + struct drm_device *dev = node->minor->dev; + + seq_printf(m, "%d objects\n", atomic_read(&dev->object_count)); +- seq_printf(m, "%d object bytes\n", atomic_read(&dev->object_memory)); ++ seq_printf(m, "%d object bytes\n", atomic_read_unchecked(&dev->object_memory)); + seq_printf(m, "%d pinned\n", atomic_read(&dev->pin_count)); +- seq_printf(m, "%d pin bytes\n", atomic_read(&dev->pin_memory)); +- seq_printf(m, "%d gtt bytes\n", atomic_read(&dev->gtt_memory)); ++ seq_printf(m, "%d pin bytes\n", atomic_read_unchecked(&dev->pin_memory)); ++ seq_printf(m, "%d gtt bytes\n", atomic_read_unchecked(&dev->gtt_memory)); + seq_printf(m, "%d gtt total\n", dev->gtt_total); + return 0; + } diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_ioctl.c linux-2.6.32.28/drivers/gpu/drm/drm_ioctl.c --- linux-2.6.32.28/drivers/gpu/drm/drm_ioctl.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.28/drivers/gpu/drm/drm_ioctl.c 2010-12-31 14:46:53.000000000 -0500 @@ -25416,7 +25529,16 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/i915/i915_drv.c linux-2.6.32.28/drive .close = drm_gem_vm_close, diff -urNp linux-2.6.32.28/drivers/gpu/drm/i915/i915_gem.c linux-2.6.32.28/drivers/gpu/drm/i915/i915_gem.c --- linux-2.6.32.28/drivers/gpu/drm/i915/i915_gem.c 2010-09-20 17:26:42.000000000 -0400 -+++ linux-2.6.32.28/drivers/gpu/drm/i915/i915_gem.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/drivers/gpu/drm/i915/i915_gem.c 2011-01-24 18:05:30.000000000 -0500 +@@ -102,7 +102,7 @@ i915_gem_get_aperture_ioctl(struct drm_d + + args->aper_size = dev->gtt_total; + args->aper_available_size = (args->aper_size - +- atomic_read(&dev->pin_memory)); ++ atomic_read_unchecked(&dev->pin_memory)); + + return 0; + } @@ -492,6 +492,11 @@ i915_gem_pread_ioctl(struct drm_device * return -EINVAL; } @@ -25441,6 +25563,55 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/i915/i915_gem.c linux-2.6.32.28/drive /* We can only do the GTT pwrite on untiled buffers, as otherwise * it would end up going through the fenced access, and we'll get * different detiling behavior between reading and writing. +@@ -2054,7 +2064,7 @@ i915_gem_object_unbind(struct drm_gem_ob + + if (obj_priv->gtt_space) { + atomic_dec(&dev->gtt_count); +- atomic_sub(obj->size, &dev->gtt_memory); ++ atomic_sub_unchecked(obj->size, &dev->gtt_memory); + + drm_mm_put_block(obj_priv->gtt_space); + obj_priv->gtt_space = NULL; +@@ -2697,7 +2707,7 @@ i915_gem_object_bind_to_gtt(struct drm_g + goto search_free; + } + atomic_inc(&dev->gtt_count); +- atomic_add(obj->size, &dev->gtt_memory); ++ atomic_add_unchecked(obj->size, &dev->gtt_memory); + + /* Assert that the object is not currently in any GPU domain. As it + * wasn't in the GTT, there shouldn't be any way it could have been in +@@ -3751,9 +3761,9 @@ i915_gem_execbuffer(struct drm_device *d + "%d/%d gtt bytes\n", + atomic_read(&dev->object_count), + atomic_read(&dev->pin_count), +- atomic_read(&dev->object_memory), +- atomic_read(&dev->pin_memory), +- atomic_read(&dev->gtt_memory), ++ atomic_read_unchecked(&dev->object_memory), ++ atomic_read_unchecked(&dev->pin_memory), ++ atomic_read_unchecked(&dev->gtt_memory), + dev->gtt_total); + } + goto err; +@@ -3985,7 +3995,7 @@ i915_gem_object_pin(struct drm_gem_objec + */ + if (obj_priv->pin_count == 1) { + atomic_inc(&dev->pin_count); +- atomic_add(obj->size, &dev->pin_memory); ++ atomic_add_unchecked(obj->size, &dev->pin_memory); + if (!obj_priv->active && + (obj->write_domain & I915_GEM_GPU_DOMAINS) == 0 && + !list_empty(&obj_priv->list)) +@@ -4018,7 +4028,7 @@ i915_gem_object_unpin(struct drm_gem_obj + list_move_tail(&obj_priv->list, + &dev_priv->mm.inactive_list); + atomic_dec(&dev->pin_count); +- atomic_sub(obj->size, &dev->pin_memory); ++ atomic_sub_unchecked(obj->size, &dev->pin_memory); + } + i915_verify_inactive(dev, __FILE__, __LINE__); + } diff -urNp linux-2.6.32.28/drivers/gpu/drm/radeon/mkregtable.c linux-2.6.32.28/drivers/gpu/drm/radeon/mkregtable.c --- linux-2.6.32.28/drivers/gpu/drm/radeon/mkregtable.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.28/drivers/gpu/drm/radeon/mkregtable.c 2010-12-31 14:46:53.000000000 -0500 @@ -26279,31 +26450,39 @@ diff -urNp linux-2.6.32.28/drivers/input/serio/serio_raw.c linux-2.6.32.28/drive MODULE_DEVICE_TABLE(serio, serio_raw_serio_ids); diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/common.c linux-2.6.32.28/drivers/isdn/gigaset/common.c --- linux-2.6.32.28/drivers/isdn/gigaset/common.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/drivers/isdn/gigaset/common.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/drivers/isdn/gigaset/common.c 2011-01-24 18:05:30.000000000 -0500 @@ -712,7 +712,7 @@ struct cardstate *gigaset_initcs(struct cs->commands_pending = 0; cs->cur_at_seq = 0; cs->gotfwver = -1; - cs->open_count = 0; -+ atomic_set(&cs->open_count, 0); ++ local_set(&cs->open_count, 0); cs->dev = NULL; cs->tty = NULL; cs->tty_dev = NULL; diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/gigaset.h linux-2.6.32.28/drivers/isdn/gigaset/gigaset.h --- linux-2.6.32.28/drivers/isdn/gigaset/gigaset.h 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/drivers/isdn/gigaset/gigaset.h 2010-12-31 14:46:53.000000000 -0500 -@@ -446,7 +446,7 @@ struct cardstate { ++++ linux-2.6.32.28/drivers/isdn/gigaset/gigaset.h 2011-01-25 20:24:47.000000000 -0500 +@@ -34,6 +34,7 @@ + #include <linux/tty_driver.h> + #include <linux/list.h> + #include <asm/atomic.h> ++#include <asm/local.h> + + #define GIG_VERSION {0,5,0,0} + #define GIG_COMPAT {0,4,0,0} +@@ -446,7 +447,7 @@ struct cardstate { spinlock_t cmdlock; unsigned curlen, cmdbytes; - unsigned open_count; -+ atomic_t open_count; ++ local_t open_count; struct tty_struct *tty; struct tasklet_struct if_wake_tasklet; unsigned control_state; diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/drivers/isdn/gigaset/interface.c --- linux-2.6.32.28/drivers/isdn/gigaset/interface.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/drivers/isdn/gigaset/interface.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/drivers/isdn/gigaset/interface.c 2011-01-24 18:05:30.000000000 -0500 @@ -165,9 +165,7 @@ static int if_open(struct tty_struct *tt return -ERESTARTSYS; // FIXME -EINTR? tty->driver_data = cs; @@ -26311,7 +26490,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv - ++cs->open_count; - - if (cs->open_count == 1) { -+ if (atomic_inc_return(&cs->open_count) == 1) { ++ if (local_inc_return(&cs->open_count) == 1) { spin_lock_irqsave(&cs->lock, flags); cs->tty = tty; spin_unlock_irqrestore(&cs->lock, flags); @@ -26320,11 +26499,11 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv if (!cs->connected) gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */ - else if (!cs->open_count) -+ else if (!atomic_read(&cs->open_count)) ++ else if (!local_read(&cs->open_count)) dev_warn(cs->dev, "%s: device not opened\n", __func__); else { - if (!--cs->open_count) { -+ if (!atomic_dec_return(&cs->open_count)) { ++ if (!local_dec_return(&cs->open_count)) { spin_lock_irqsave(&cs->lock, flags); cs->tty = NULL; spin_unlock_irqrestore(&cs->lock, flags); @@ -26333,7 +26512,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv gig_dbg(DEBUG_IF, "not connected"); retval = -ENODEV; - } else if (!cs->open_count) -+ } else if (!atomic_read(&cs->open_count)) ++ } else if (!local_read(&cs->open_count)) dev_warn(cs->dev, "%s: device not opened\n", __func__); else { retval = 0; @@ -26342,7 +26521,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv gig_dbg(DEBUG_IF, "not connected"); retval = -ENODEV; - } else if (!cs->open_count) -+ } else if (!atomic_read(&cs->open_count)) ++ } else if (!local_read(&cs->open_count)) dev_warn(cs->dev, "%s: device not opened\n", __func__); else if (cs->mstate != MS_LOCKED) { dev_warn(cs->dev, "can't write to unlocked device\n"); @@ -26351,7 +26530,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv gig_dbg(DEBUG_IF, "not connected"); retval = -ENODEV; - } else if (!cs->open_count) -+ } else if (!atomic_read(&cs->open_count)) ++ } else if (!local_read(&cs->open_count)) dev_warn(cs->dev, "%s: device not opened\n", __func__); else if (cs->mstate != MS_LOCKED) { dev_warn(cs->dev, "can't write to unlocked device\n"); @@ -26360,7 +26539,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv if (!cs->connected) gig_dbg(DEBUG_IF, "not connected"); - else if (!cs->open_count) -+ else if (!atomic_read(&cs->open_count)) ++ else if (!local_read(&cs->open_count)) dev_warn(cs->dev, "%s: device not opened\n", __func__); else if (cs->mstate != MS_LOCKED) dev_warn(cs->dev, "can't write to unlocked device\n"); @@ -26369,7 +26548,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv if (!cs->connected) gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */ - else if (!cs->open_count) -+ else if (!atomic_read(&cs->open_count)) ++ else if (!local_read(&cs->open_count)) dev_warn(cs->dev, "%s: device not opened\n", __func__); else { //FIXME @@ -26378,7 +26557,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv if (!cs->connected) gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */ - else if (!cs->open_count) -+ else if (!atomic_read(&cs->open_count)) ++ else if (!local_read(&cs->open_count)) dev_warn(cs->dev, "%s: device not opened\n", __func__); else { //FIXME @@ -26387,7 +26566,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv } - if (!cs->open_count) { -+ if (!atomic_read(&cs->open_count)) { ++ if (!local_read(&cs->open_count)) { dev_warn(cs->dev, "%s: device not opened\n", __func__); goto out; } @@ -26756,6 +26935,18 @@ diff -urNp linux-2.6.32.28/drivers/media/dvb/dvb-core/dvbdev.c linux-2.6.32.28/d struct file_operations *dvbdevfops; struct device *clsdev; int minor; +diff -urNp linux-2.6.32.28/drivers/media/dvb/ttpci/av7110_ca.c linux-2.6.32.28/drivers/media/dvb/ttpci/av7110_ca.c +--- linux-2.6.32.28/drivers/media/dvb/ttpci/av7110_ca.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.28/drivers/media/dvb/ttpci/av7110_ca.c 2011-01-24 18:12:30.000000000 -0500 +@@ -277,7 +277,7 @@ static int dvb_ca_ioctl(struct inode *in + { + ca_slot_info_t *info=(ca_slot_info_t *)parg; + +- if (info->num > 1) ++ if (info->num < 0 || info->num > 1) + return -EINVAL; + av7110->ci_slot[info->num].num = info->num; + av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? diff -urNp linux-2.6.32.28/drivers/media/radio/radio-cadet.c linux-2.6.32.28/drivers/media/radio/radio-cadet.c --- linux-2.6.32.28/drivers/media/radio/radio-cadet.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.28/drivers/media/radio/radio-cadet.c 2010-12-31 14:46:53.000000000 -0500 @@ -27692,13 +27883,22 @@ diff -urNp linux-2.6.32.28/drivers/net/tulip/de4x5.c linux-2.6.32.28/drivers/net #define DE4X5_DUMP 0x0f /* Dump the DE4X5 Status */ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb/hso.c --- linux-2.6.32.28/drivers/net/usb/hso.c 2010-09-26 17:26:05.000000000 -0400 -+++ linux-2.6.32.28/drivers/net/usb/hso.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/drivers/net/usb/hso.c 2011-01-24 18:05:30.000000000 -0500 +@@ -71,7 +71,7 @@ + #include <asm/byteorder.h> + #include <linux/serial_core.h> + #include <linux/serial.h> +- ++#include <asm/local.h> + + #define DRIVER_VERSION "1.2" + #define MOD_AUTHOR "Option Wireless" @@ -258,7 +258,7 @@ struct hso_serial { /* from usb_serial_port */ struct tty_struct *tty; - int open_count; -+ atomic_t open_count; ++ local_t open_count; spinlock_t serial_lock; int (*write_data) (struct hso_serial *serial); @@ -27707,7 +27907,7 @@ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb urb = serial->rx_urb[0]; - if (serial->open_count > 0) { -+ if (atomic_read(&serial->open_count) > 0) { ++ if (local_read(&serial->open_count) > 0) { count = put_rxbuf_data(urb, serial); if (count == -1) return; @@ -27716,7 +27916,7 @@ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb /* Anyone listening? */ - if (serial->open_count == 0) -+ if (atomic_read(&serial->open_count) == 0) ++ if (local_read(&serial->open_count) == 0) return; if (status == 0) { @@ -27726,7 +27926,7 @@ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb /* check for port already opened, if not set the termios */ - serial->open_count++; - if (serial->open_count == 1) { -+ if (atomic_inc_return(&serial->open_count) == 1) { ++ if (local_inc_return(&serial->open_count) == 1) { tty->low_latency = 1; serial->rx_state = RX_IDLE; /* Force default termio settings */ @@ -27735,7 +27935,7 @@ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb if (result) { hso_stop_serial_device(serial->parent); - serial->open_count--; -+ atomic_dec(&serial->open_count); ++ local_dec(&serial->open_count); kref_put(&serial->parent->ref, hso_serial_ref_free); } } else { @@ -27744,12 +27944,12 @@ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb /* reset the rts and dtr */ /* do the actual close */ - serial->open_count--; -+ atomic_dec(&serial->open_count); ++ local_dec(&serial->open_count); - if (serial->open_count <= 0) { - serial->open_count = 0; -+ if (atomic_read(&serial->open_count) <= 0) { -+ atomic_set(&serial->open_count, 0); ++ if (local_read(&serial->open_count) <= 0) { ++ local_set(&serial->open_count, 0); spin_lock_irq(&serial->serial_lock); if (serial->tty == tty) { serial->tty->driver_data = NULL; @@ -27758,7 +27958,7 @@ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb /* the actual setup */ spin_lock_irqsave(&serial->serial_lock, flags); - if (serial->open_count) -+ if (atomic_read(&serial->open_count)) ++ if (local_read(&serial->open_count)) _hso_serial_set_termios(tty, old); else tty->termios = old; @@ -27781,7 +27981,7 @@ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) { if (serial_table[i] && (serial_table[i]->interface == iface)) { - if (dev2ser(serial_table[i])->open_count) { -+ if (atomic_read(&dev2ser(serial_table[i])->open_count)) { ++ if (local_read(&dev2ser(serial_table[i])->open_count)) { result = hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); @@ -29306,8 +29506,25 @@ diff -urNp linux-2.6.32.28/drivers/staging/vme/devices/vme_user.c linux-2.6.32.2 .read = vme_user_read, diff -urNp linux-2.6.32.28/drivers/uio/uio.c linux-2.6.32.28/drivers/uio/uio.c --- linux-2.6.32.28/drivers/uio/uio.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/drivers/uio/uio.c 2010-12-31 14:46:53.000000000 -0500 -@@ -129,7 +129,7 @@ static ssize_t map_type_show(struct kobj ++++ linux-2.6.32.28/drivers/uio/uio.c 2011-01-24 18:05:34.000000000 -0500 +@@ -23,6 +23,7 @@ + #include <linux/string.h> + #include <linux/kobject.h> + #include <linux/uio_driver.h> ++#include <asm/local.h> + + #define UIO_MAX_DEVICES 255 + +@@ -33,7 +34,7 @@ struct uio_device { + atomic_t event; + struct fasync_struct *async_queue; + wait_queue_head_t wait; +- int vma_count; ++ local_t vma_count; + struct uio_info *info; + struct kobject *map_dir; + struct kobject *portio_dir; +@@ -129,7 +130,7 @@ static ssize_t map_type_show(struct kobj return entry->show(mem, buf); } @@ -29316,7 +29533,7 @@ diff -urNp linux-2.6.32.28/drivers/uio/uio.c linux-2.6.32.28/drivers/uio/uio.c .show = map_type_show, }; -@@ -217,7 +217,7 @@ static ssize_t portio_type_show(struct k +@@ -217,7 +218,7 @@ static ssize_t portio_type_show(struct k return entry->show(port, buf); } @@ -29325,6 +29542,22 @@ diff -urNp linux-2.6.32.28/drivers/uio/uio.c linux-2.6.32.28/drivers/uio/uio.c .show = portio_type_show, }; +@@ -624,13 +625,13 @@ static int uio_find_mem_index(struct vm_ + static void uio_vma_open(struct vm_area_struct *vma) + { + struct uio_device *idev = vma->vm_private_data; +- idev->vma_count++; ++ local_inc(&idev->vma_count); + } + + static void uio_vma_close(struct vm_area_struct *vma) + { + struct uio_device *idev = vma->vm_private_data; +- idev->vma_count--; ++ local_dec(&idev->vma_count); + } + + static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf) diff -urNp linux-2.6.32.28/drivers/usb/atm/usbatm.c linux-2.6.32.28/drivers/usb/atm/usbatm.c --- linux-2.6.32.28/drivers/usb/atm/usbatm.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.28/drivers/usb/atm/usbatm.c 2010-12-31 14:46:53.000000000 -0500 @@ -29565,6 +29798,18 @@ diff -urNp linux-2.6.32.28/drivers/usb/misc/appledisplay.c linux-2.6.32.28/drive .get_brightness = appledisplay_bl_get_brightness, .update_status = appledisplay_bl_update_status, }; +diff -urNp linux-2.6.32.28/drivers/usb/misc/iowarrior.c linux-2.6.32.28/drivers/usb/misc/iowarrior.c +--- linux-2.6.32.28/drivers/usb/misc/iowarrior.c 2010-12-09 18:13:03.000000000 -0500 ++++ linux-2.6.32.28/drivers/usb/misc/iowarrior.c 2011-01-25 17:27:31.000000000 -0500 +@@ -373,7 +373,7 @@ static ssize_t iowarrior_write(struct fi + case USB_DEVICE_ID_CODEMERCS_IOWPV2: + case USB_DEVICE_ID_CODEMERCS_IOW40: + /* IOW24 and IOW40 use a synchronous call */ +- buf = kmalloc(8, GFP_KERNEL); /* 8 bytes are enough for both products */ ++ buf = kmalloc(count, GFP_KERNEL); + if (!buf) { + retval = -ENOMEM; + goto exit; diff -urNp linux-2.6.32.28/drivers/usb/mon/mon_main.c linux-2.6.32.28/drivers/usb/mon/mon_main.c --- linux-2.6.32.28/drivers/usb/mon/mon_main.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.28/drivers/usb/mon/mon_main.c 2010-12-31 14:46:53.000000000 -0500 @@ -32011,7 +32256,7 @@ diff -urNp linux-2.6.32.28/fs/ecryptfs/inode.c linux-2.6.32.28/fs/ecryptfs/inode goto out_free; diff -urNp linux-2.6.32.28/fs/exec.c linux-2.6.32.28/fs/exec.c --- linux-2.6.32.28/fs/exec.c 2011-01-11 23:55:35.000000000 -0500 -+++ linux-2.6.32.28/fs/exec.c 2011-01-11 23:56:03.000000000 -0500 ++++ linux-2.6.32.28/fs/exec.c 2011-02-12 11:21:23.000000000 -0500 @@ -56,12 +56,24 @@ #include <linux/fsnotify.h> #include <linux/fs_struct.h> @@ -32596,7 +32841,7 @@ diff -urNp linux-2.6.32.28/fs/exec.c linux-2.6.32.28/fs/exec.c */ clear_thread_flag(TIF_SIGPENDING); -+ if (signr == SIGKILL || signr == SIGILL) ++ if (signr == SIGSEGV || signr == SIGBUS || signr == SIGKILL || signr == SIGILL) + gr_handle_brute_attach(current); + gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1); + @@ -46729,8 +46974,16 @@ diff -urNp linux-2.6.32.28/include/drm/drm_pciids.h linux-2.6.32.28/include/drm/ + {0, 0, 0, 0, 0, 0} diff -urNp linux-2.6.32.28/include/drm/drmP.h linux-2.6.32.28/include/drm/drmP.h --- linux-2.6.32.28/include/drm/drmP.h 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/include/drm/drmP.h 2010-12-31 14:46:53.000000000 -0500 -@@ -814,7 +814,7 @@ struct drm_driver { ++++ linux-2.6.32.28/include/drm/drmP.h 2011-01-24 18:05:37.000000000 -0500 +@@ -71,6 +71,7 @@ + #include <linux/workqueue.h> + #include <linux/poll.h> + #include <asm/pgalloc.h> ++#include <asm/local.h> + #include "drm.h" + + #include <linux/idr.h> +@@ -814,7 +815,7 @@ struct drm_driver { void (*vgaarb_irq)(struct drm_device *dev, bool state); /* Driver private ops for this object */ @@ -46739,16 +46992,16 @@ diff -urNp linux-2.6.32.28/include/drm/drmP.h linux-2.6.32.28/include/drm/drmP.h int major; int minor; -@@ -917,7 +917,7 @@ struct drm_device { +@@ -917,7 +918,7 @@ struct drm_device { /** \name Usage Counters */ /*@{ */ - int open_count; /**< Outstanding files open */ -+ atomic_t open_count; /**< Outstanding files open */ ++ local_t open_count; /**< Outstanding files open */ atomic_t ioctl_count; /**< Outstanding IOCTLs pending */ atomic_t vma_count; /**< Outstanding vma areas open */ int buf_use; /**< Buffers in use -- cannot alloc */ -@@ -928,7 +928,7 @@ struct drm_device { +@@ -928,7 +929,7 @@ struct drm_device { /*@{ */ unsigned long counters; enum drm_stat_type types[15]; @@ -46757,6 +47010,21 @@ diff -urNp linux-2.6.32.28/include/drm/drmP.h linux-2.6.32.28/include/drm/drmP.h /*@} */ struct list_head filelist; +@@ -1042,11 +1043,11 @@ struct drm_device { + spinlock_t object_name_lock; + struct idr object_name_idr; + atomic_t object_count; +- atomic_t object_memory; ++ atomic_unchecked_t object_memory; + atomic_t pin_count; +- atomic_t pin_memory; ++ atomic_unchecked_t pin_memory; + atomic_t gtt_count; +- atomic_t gtt_memory; ++ atomic_unchecked_t gtt_memory; + uint32_t gtt_total; + uint32_t invalidate_domains; /* domains pending invalidation */ + uint32_t flush_domains; /* domains pending flush */ diff -urNp linux-2.6.32.28/include/linux/a.out.h linux-2.6.32.28/include/linux/a.out.h --- linux-2.6.32.28/include/linux/a.out.h 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.28/include/linux/a.out.h 2010-12-31 14:46:53.000000000 -0500 @@ -48479,6 +48747,23 @@ diff -urNp linux-2.6.32.28/include/linux/interrupt.h linux-2.6.32.28/include/lin extern void softirq_init(void); #define __raise_softirq_irqoff(nr) do { or_softirq_pending(1UL << (nr)); } while (0) extern void raise_softirq_irqoff(unsigned int nr); +diff -urNp linux-2.6.32.28/include/linux/irq.h linux-2.6.32.28/include/linux/irq.h +--- linux-2.6.32.28/include/linux/irq.h 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.28/include/linux/irq.h 2011-01-24 18:05:37.000000000 -0500 +@@ -438,12 +438,12 @@ extern int set_irq_msi(unsigned int irq, + static inline bool alloc_desc_masks(struct irq_desc *desc, int node, + bool boot) + { ++#ifdef CONFIG_CPUMASK_OFFSTACK + gfp_t gfp = GFP_ATOMIC; + + if (boot) + gfp = GFP_NOWAIT; + +-#ifdef CONFIG_CPUMASK_OFFSTACK + if (!alloc_cpumask_var_node(&desc->affinity, gfp, node)) + return false; + diff -urNp linux-2.6.32.28/include/linux/jbd2.h linux-2.6.32.28/include/linux/jbd2.h --- linux-2.6.32.28/include/linux/jbd2.h 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.28/include/linux/jbd2.h 2010-12-31 14:46:53.000000000 -0500 @@ -50119,15 +50404,23 @@ diff -urNp linux-2.6.32.28/include/net/inetpeer.h linux-2.6.32.28/include/net/in }; diff -urNp linux-2.6.32.28/include/net/irda/ircomm_tty.h linux-2.6.32.28/include/net/irda/ircomm_tty.h --- linux-2.6.32.28/include/net/irda/ircomm_tty.h 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/include/net/irda/ircomm_tty.h 2010-12-31 14:46:53.000000000 -0500 -@@ -105,8 +105,8 @@ struct ircomm_tty_cb { ++++ linux-2.6.32.28/include/net/irda/ircomm_tty.h 2011-01-25 20:24:47.000000000 -0500 +@@ -35,6 +35,7 @@ + #include <linux/termios.h> + #include <linux/timer.h> + #include <linux/tty.h> /* struct tty_struct */ ++#include <asm/local.h> + + #include <net/irda/irias_object.h> + #include <net/irda/ircomm_core.h> +@@ -105,8 +106,8 @@ struct ircomm_tty_cb { unsigned short close_delay; unsigned short closing_wait; /* time to wait before closing */ - int open_count; - int blocked_open; /* # of blocked opens */ -+ atomic_t open_count; -+ atomic_t blocked_open; /* # of blocked opens */ ++ local_t open_count; ++ local_t blocked_open; /* # of blocked opens */ /* Protect concurent access to : * o self->open_count @@ -50943,7 +51236,24 @@ diff -urNp linux-2.6.32.28/kernel/cpu.c linux-2.6.32.28/kernel/cpu.c * Should always be manipulated under cpu_add_remove_lock diff -urNp linux-2.6.32.28/kernel/cred.c linux-2.6.32.28/kernel/cred.c --- linux-2.6.32.28/kernel/cred.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/kernel/cred.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/kernel/cred.c 2011-02-12 10:44:11.000000000 -0500 +@@ -231,13 +231,13 @@ struct cred *cred_alloc_blank(void) + #endif + + atomic_set(&new->usage, 1); ++#ifdef CONFIG_DEBUG_CREDENTIALS ++ new->magic = CRED_MAGIC; ++#endif + + if (security_cred_alloc_blank(new, GFP_KERNEL) < 0) + goto error; + +-#ifdef CONFIG_DEBUG_CREDENTIALS +- new->magic = CRED_MAGIC; +-#endif + return new; + + error: @@ -520,6 +520,8 @@ int commit_creds(struct cred *new) get_cred(new); /* we will require a ref for the subj creds too */ @@ -50953,6 +51263,37 @@ diff -urNp linux-2.6.32.28/kernel/cred.c linux-2.6.32.28/kernel/cred.c /* dumpability changes */ if (old->euid != new->euid || old->egid != new->egid || +@@ -696,6 +698,8 @@ struct cred *prepare_kernel_cred(struct + validate_creds(old); + + *new = *old; ++ atomic_set(&new->usage, 1); ++ set_cred_subscribers(new, 0); + get_uid(new->user); + get_group_info(new->group_info); + +@@ -713,8 +717,6 @@ struct cred *prepare_kernel_cred(struct + if (security_prepare_creds(new, old, GFP_KERNEL) < 0) + goto error; + +- atomic_set(&new->usage, 1); +- set_cred_subscribers(new, 0); + put_cred(old); + validate_creds(new); + return new; +@@ -787,7 +789,11 @@ bool creds_are_invalid(const struct cred + if (cred->magic != CRED_MAGIC) + return true; + #ifdef CONFIG_SECURITY_SELINUX +- if (selinux_is_enabled()) { ++ /* ++ * cred->security == NULL if security_cred_alloc_blank() or ++ * security_prepare_creds() returned an error. ++ */ ++ if (selinux_is_enabled() && cred->security) { + if ((unsigned long) cred->security < PAGE_SIZE) + return true; + if ((*(u32 *)cred->security & 0xffffff00) == diff -urNp linux-2.6.32.28/kernel/exit.c linux-2.6.32.28/kernel/exit.c --- linux-2.6.32.28/kernel/exit.c 2011-01-11 23:55:35.000000000 -0500 +++ linux-2.6.32.28/kernel/exit.c 2010-12-31 14:46:53.000000000 -0500 @@ -51525,8 +51866,8 @@ diff -urNp linux-2.6.32.28/kernel/kgdb.c linux-2.6.32.28/kernel/kgdb.c diff -urNp linux-2.6.32.28/kernel/kmod.c linux-2.6.32.28/kernel/kmod.c --- linux-2.6.32.28/kernel/kmod.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/kernel/kmod.c 2010-12-31 14:46:53.000000000 -0500 -@@ -90,6 +90,18 @@ int __request_module(bool wait, const ch ++++ linux-2.6.32.28/kernel/kmod.c 2011-02-12 10:58:19.000000000 -0500 +@@ -90,6 +90,28 @@ int __request_module(bool wait, const ch if (ret >= MODULE_NAME_LEN) return -ENAMETOOLONG; @@ -51537,7 +51878,17 @@ diff -urNp linux-2.6.32.28/kernel/kmod.c linux-2.6.32.28/kernel/kmod.c + auto-loaded + */ + if (current_uid()) { -+ gr_log_nonroot_mod_load(module_name); ++#if !defined(CONFIG_IPV6) && !defined(CONFIG_IPV6_MODULE) ++ /* There are known knowns. These are things we know ++ that we know. There are known unknowns. That is to say, ++ there are things that we know we don't know. But there are ++ also unknown unknowns. There are things we don't know ++ we don't know. ++ This here is a known unknown. ++ */ ++ if (strcmp(module_name, "net-pf-10")) ++#endif ++ gr_log_nonroot_mod_load(module_name); + return -EPERM; + } +#endif @@ -51724,7 +52075,7 @@ diff -urNp linux-2.6.32.28/kernel/lockdep_proc.c linux-2.6.32.28/kernel/lockdep_ if (!name) { diff -urNp linux-2.6.32.28/kernel/module.c linux-2.6.32.28/kernel/module.c --- linux-2.6.32.28/kernel/module.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/kernel/module.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/kernel/module.c 2011-02-02 20:27:32.000000000 -0500 @@ -89,7 +89,8 @@ static DECLARE_WAIT_QUEUE_HEAD(module_wq static BLOCKING_NOTIFIER_HEAD(module_notify_list); @@ -51762,6 +52113,15 @@ diff -urNp linux-2.6.32.28/kernel/module.c linux-2.6.32.28/kernel/module.c printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n", name, align, PAGE_SIZE); align = PAGE_SIZE; +@@ -1158,7 +1159,7 @@ static const struct kernel_symbol *resol + * /sys/module/foo/sections stuff + * J. Corbet <corbet@lwn.net> + */ +-#if defined(CONFIG_KALLSYMS) && defined(CONFIG_SYSFS) ++#if defined(CONFIG_KALLSYMS) && defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_HIDESYM) + + static inline bool sect_empty(const Elf_Shdr *sect) + { @@ -1545,7 +1546,8 @@ static void free_module(struct module *m destroy_params(mod->kp, mod->num_kp); @@ -52493,7 +52853,7 @@ diff -urNp linux-2.6.32.28/kernel/printk.c linux-2.6.32.28/kernel/printk.c return error; diff -urNp linux-2.6.32.28/kernel/ptrace.c linux-2.6.32.28/kernel/ptrace.c --- linux-2.6.32.28/kernel/ptrace.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/kernel/ptrace.c 2011-01-01 00:19:08.000000000 -0500 ++++ linux-2.6.32.28/kernel/ptrace.c 2011-02-12 10:37:47.000000000 -0500 @@ -141,7 +141,7 @@ int __ptrace_may_access(struct task_stru cred->gid != tcred->egid || cred->gid != tcred->sgid || @@ -52521,6 +52881,15 @@ diff -urNp linux-2.6.32.28/kernel/ptrace.c linux-2.6.32.28/kernel/ptrace.c task->ptrace |= PT_PTRACE_CAP; __ptrace_link(task, current); +@@ -314,7 +314,7 @@ int ptrace_detach(struct task_struct *ch + child->exit_code = data; + dead = __ptrace_detach(current, child); + if (!child->exit_state) +- wake_up_process(child); ++ wake_up_state(child, TASK_TRACED | TASK_STOPPED); + } + write_unlock_irq(&tasklist_lock); + @@ -532,18 +532,18 @@ int ptrace_request(struct task_struct *c ret = ptrace_setoptions(child, data); break; @@ -52745,7 +53114,7 @@ diff -urNp linux-2.6.32.28/kernel/sched.c linux-2.6.32.28/kernel/sched.c return; diff -urNp linux-2.6.32.28/kernel/signal.c linux-2.6.32.28/kernel/signal.c --- linux-2.6.32.28/kernel/signal.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/kernel/signal.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/kernel/signal.c 2011-02-12 11:22:46.000000000 -0500 @@ -41,12 +41,12 @@ static struct kmem_cache *sigqueue_cachep; @@ -52808,17 +53177,34 @@ diff -urNp linux-2.6.32.28/kernel/signal.c linux-2.6.32.28/kernel/signal.c specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) { return send_signal(sig, info, t, 0); -@@ -1022,6 +1028,9 @@ force_sig_info(int sig, struct siginfo * +@@ -1005,6 +1011,7 @@ force_sig_info(int sig, struct siginfo * + unsigned long int flags; + int ret, blocked, ignored; + struct k_sigaction *action; ++ int is_unhandled = 0; + + spin_lock_irqsave(&t->sighand->siglock, flags); + action = &t->sighand->action[sig-1]; +@@ -1019,9 +1026,18 @@ force_sig_info(int sig, struct siginfo * + } + if (action->sa.sa_handler == SIG_DFL) + t->signal->flags &= ~SIGNAL_UNKILLABLE; ++ if (action->sa.sa_handler == SIG_IGN || action->sa.sa_handler == SIG_DFL) ++ is_unhandled = 1; ret = specific_send_sig_info(sig, info, t); spin_unlock_irqrestore(&t->sighand->siglock, flags); -+ gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, t); -+ gr_handle_crash(t, sig); ++ /* only deal with unhandled signals, java etc trigger SIGSEGV during ++ normal operation */ ++ if (is_unhandled) { ++ gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, t); ++ gr_handle_crash(t, sig); ++ } + return ret; } -@@ -1081,8 +1090,11 @@ int group_send_sig_info(int sig, struct +@@ -1081,8 +1097,11 @@ int group_send_sig_info(int sig, struct { int ret = check_kill_permission(sig, info, p); @@ -54853,7 +55239,7 @@ diff -urNp linux-2.6.32.28/mm/migrate.c linux-2.6.32.28/mm/migrate.c goto out; diff -urNp linux-2.6.32.28/mm/mlock.c linux-2.6.32.28/mm/mlock.c --- linux-2.6.32.28/mm/mlock.c 2010-10-31 16:44:11.000000000 -0400 -+++ linux-2.6.32.28/mm/mlock.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/mm/mlock.c 2011-01-24 18:05:37.000000000 -0500 @@ -13,6 +13,7 @@ #include <linux/pagemap.h> #include <linux/mempolicy.h> @@ -54889,6 +55275,15 @@ diff -urNp linux-2.6.32.28/mm/mlock.c linux-2.6.32.28/mm/mlock.c while (nr_pages > 0) { int i; +@@ -440,7 +428,7 @@ static int do_mlock(unsigned long start, + { + unsigned long nstart, end, tmp; + struct vm_area_struct * vma, * prev; +- int error; ++ int error = -EINVAL; + + len = PAGE_ALIGN(len); + end = start + len; @@ -448,6 +436,9 @@ static int do_mlock(unsigned long start, return -EINVAL; if (end == start) @@ -54957,7 +55352,7 @@ diff -urNp linux-2.6.32.28/mm/mlock.c linux-2.6.32.28/mm/mlock.c ret = do_mlockall(flags); diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c --- linux-2.6.32.28/mm/mmap.c 2011-01-11 23:55:35.000000000 -0500 -+++ linux-2.6.32.28/mm/mmap.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/mm/mmap.c 2011-02-12 11:38:46.000000000 -0500 @@ -45,6 +45,16 @@ #define arch_rebalance_pgtables(addr, len) (addr) #endif @@ -55179,12 +55574,13 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c if (addr & ~PAGE_MASK) return addr; -@@ -969,6 +1046,31 @@ unsigned long do_mmap_pgoff(struct file +@@ -969,6 +1046,36 @@ unsigned long do_mmap_pgoff(struct file vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; +#ifdef CONFIG_PAX_MPROTECT + if (mm->pax_flags & MF_PAX_MPROTECT) { ++#ifndef CONFIG_PAX_MPROTECT_COMPAT + if ((vm_flags & (VM_WRITE | VM_EXEC)) == (VM_WRITE | VM_EXEC)) { + gr_log_rwxmmap(file); + @@ -55198,6 +55594,10 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c + + if (!(vm_flags & VM_EXEC)) + vm_flags &= ~VM_MAYEXEC; ++#else ++ if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC) ++ vm_flags &= ~(VM_EXEC | VM_MAYEXEC); ++#endif + else + vm_flags &= ~VM_MAYWRITE; + } @@ -55211,7 +55611,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c if (flags & MAP_LOCKED) if (!can_do_mlock()) return -EPERM; -@@ -980,6 +1082,7 @@ unsigned long do_mmap_pgoff(struct file +@@ -980,6 +1087,7 @@ unsigned long do_mmap_pgoff(struct file locked += mm->locked_vm; lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur; lock_limit >>= PAGE_SHIFT; @@ -55219,7 +55619,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } -@@ -1053,6 +1156,9 @@ unsigned long do_mmap_pgoff(struct file +@@ -1053,6 +1161,9 @@ unsigned long do_mmap_pgoff(struct file if (error) return error; @@ -55229,7 +55629,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c return mmap_region(file, addr, len, flags, vm_flags, pgoff); } EXPORT_SYMBOL(do_mmap_pgoff); -@@ -1065,10 +1171,10 @@ EXPORT_SYMBOL(do_mmap_pgoff); +@@ -1065,10 +1176,10 @@ EXPORT_SYMBOL(do_mmap_pgoff); */ int vma_wants_writenotify(struct vm_area_struct *vma) { @@ -55242,7 +55642,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c return 0; /* The backer wishes to know when pages are first written to? */ -@@ -1117,14 +1223,24 @@ unsigned long mmap_region(struct file *f +@@ -1117,14 +1228,24 @@ unsigned long mmap_region(struct file *f unsigned long charged = 0; struct inode *inode = file ? file->f_path.dentry->d_inode : NULL; @@ -55269,7 +55669,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c } /* Check against address space limit. */ -@@ -1173,6 +1289,16 @@ munmap_back: +@@ -1173,6 +1294,16 @@ munmap_back: goto unacct_error; } @@ -55286,7 +55686,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1195,6 +1321,19 @@ munmap_back: +@@ -1195,6 +1326,19 @@ munmap_back: error = file->f_op->mmap(file, vma); if (error) goto unmap_and_free_vma; @@ -55306,7 +55706,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c if (vm_flags & VM_EXECUTABLE) added_exe_file_vma(mm); -@@ -1218,6 +1357,11 @@ munmap_back: +@@ -1218,6 +1362,11 @@ munmap_back: vma_link(mm, vma, prev, rb_link, rb_parent); file = vma->vm_file; @@ -55318,7 +55718,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c /* Once vma denies write, undo our temporary denial count */ if (correct_wcount) atomic_inc(&inode->i_writecount); -@@ -1226,6 +1370,7 @@ out: +@@ -1226,6 +1375,7 @@ out: mm->total_vm += len >> PAGE_SHIFT; vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -55326,7 +55726,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c if (vm_flags & VM_LOCKED) { /* * makes pages present; downgrades, drops, reacquires mmap_sem -@@ -1248,6 +1393,12 @@ unmap_and_free_vma: +@@ -1248,6 +1398,12 @@ unmap_and_free_vma: unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); charged = 0; free_vma: @@ -55339,7 +55739,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1255,6 +1406,33 @@ unacct_error: +@@ -1255,6 +1411,33 @@ unacct_error: return error; } @@ -55373,7 +55773,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c /* Get an address range which is currently unmapped. * For shmat() with addr=0. * -@@ -1281,18 +1459,23 @@ arch_get_unmapped_area(struct file *filp +@@ -1281,18 +1464,23 @@ arch_get_unmapped_area(struct file *filp if (flags & MAP_FIXED) return addr; @@ -55404,7 +55804,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c } full_search: -@@ -1303,34 +1486,40 @@ full_search: +@@ -1303,34 +1491,40 @@ full_search: * Start a new search - just in case we missed * some holes. */ @@ -55456,7 +55856,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c mm->free_area_cache = addr; mm->cached_hole_size = ~0UL; } -@@ -1348,7 +1537,7 @@ arch_get_unmapped_area_topdown(struct fi +@@ -1348,7 +1542,7 @@ arch_get_unmapped_area_topdown(struct fi { struct vm_area_struct *vma; struct mm_struct *mm = current->mm; @@ -55465,7 +55865,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c /* requested length too big for entire address space */ if (len > TASK_SIZE) -@@ -1357,13 +1546,18 @@ arch_get_unmapped_area_topdown(struct fi +@@ -1357,13 +1551,18 @@ arch_get_unmapped_area_topdown(struct fi if (flags & MAP_FIXED) return addr; @@ -55488,7 +55888,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c } /* check if free_area_cache is useful for us */ -@@ -1378,7 +1572,7 @@ arch_get_unmapped_area_topdown(struct fi +@@ -1378,7 +1577,7 @@ arch_get_unmapped_area_topdown(struct fi /* make sure it can fit in the remaining address space */ if (addr > len) { vma = find_vma(mm, addr-len); @@ -55497,7 +55897,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c /* remember the address as a hint for next time */ return (mm->free_area_cache = addr-len); } -@@ -1395,7 +1589,7 @@ arch_get_unmapped_area_topdown(struct fi +@@ -1395,7 +1594,7 @@ arch_get_unmapped_area_topdown(struct fi * return with success: */ vma = find_vma(mm, addr); @@ -55506,7 +55906,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c /* remember the address as a hint for next time */ return (mm->free_area_cache = addr); -@@ -1414,13 +1608,21 @@ bottomup: +@@ -1414,13 +1613,21 @@ bottomup: * can happen with large stack limits and large mmap() * allocations. */ @@ -55530,7 +55930,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c mm->cached_hole_size = ~0UL; return addr; -@@ -1429,6 +1631,12 @@ bottomup: +@@ -1429,6 +1636,12 @@ bottomup: void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) { @@ -55543,7 +55943,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c /* * Is this a new hole at the highest possible address? */ -@@ -1436,8 +1644,10 @@ void arch_unmap_area_topdown(struct mm_s +@@ -1436,8 +1649,10 @@ void arch_unmap_area_topdown(struct mm_s mm->free_area_cache = addr; /* dont allow allocations above current base */ @@ -55555,7 +55955,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c } unsigned long -@@ -1545,6 +1755,27 @@ out: +@@ -1545,6 +1760,27 @@ out: return prev ? prev->vm_next : vma; } @@ -55583,7 +55983,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -1561,6 +1792,7 @@ static int acct_stack_growth(struct vm_a +@@ -1561,6 +1797,7 @@ static int acct_stack_growth(struct vm_a return -ENOMEM; /* Stack limit test */ @@ -55591,7 +55991,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c if (size > rlim[RLIMIT_STACK].rlim_cur) return -ENOMEM; -@@ -1570,6 +1802,7 @@ static int acct_stack_growth(struct vm_a +@@ -1570,6 +1807,7 @@ static int acct_stack_growth(struct vm_a unsigned long limit; locked = mm->locked_vm + grow; limit = rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT; @@ -55599,7 +55999,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -1600,37 +1833,48 @@ static int acct_stack_growth(struct vm_a +@@ -1600,37 +1838,48 @@ static int acct_stack_growth(struct vm_a * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -55657,7 +56057,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c unsigned long size, grow; size = address - vma->vm_start; -@@ -1640,6 +1884,8 @@ int expand_upwards(struct vm_area_struct +@@ -1640,6 +1889,8 @@ int expand_upwards(struct vm_area_struct if (!error) vma->vm_end = address; } @@ -55666,7 +56066,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c anon_vma_unlock(vma); return error; } -@@ -1652,6 +1898,8 @@ static int expand_downwards(struct vm_ar +@@ -1652,6 +1903,8 @@ static int expand_downwards(struct vm_ar unsigned long address) { int error; @@ -55675,7 +56075,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c /* * We must make sure the anon_vma is allocated -@@ -1665,6 +1913,15 @@ static int expand_downwards(struct vm_ar +@@ -1665,6 +1918,15 @@ static int expand_downwards(struct vm_ar if (error) return error; @@ -55691,7 +56091,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c anon_vma_lock(vma); /* -@@ -1674,9 +1931,17 @@ static int expand_downwards(struct vm_ar +@@ -1674,9 +1936,17 @@ static int expand_downwards(struct vm_ar */ /* Somebody else might have raced and expanded it already */ @@ -55710,7 +56110,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -1684,9 +1949,20 @@ static int expand_downwards(struct vm_ar +@@ -1684,9 +1954,20 @@ static int expand_downwards(struct vm_ar if (!error) { vma->vm_start = address; vma->vm_pgoff -= grow; @@ -55731,7 +56131,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c return error; } -@@ -1762,6 +2038,13 @@ static void remove_vma_list(struct mm_st +@@ -1762,6 +2043,13 @@ static void remove_vma_list(struct mm_st do { long nrpages = vma_pages(vma); @@ -55745,7 +56145,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c mm->total_vm -= nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); vma = remove_vma(vma); -@@ -1807,6 +2090,16 @@ detach_vmas_to_be_unmapped(struct mm_str +@@ -1807,6 +2095,16 @@ detach_vmas_to_be_unmapped(struct mm_str insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -55762,7 +56162,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c rb_erase(&vma->vm_rb, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -1834,10 +2127,25 @@ int split_vma(struct mm_struct * mm, str +@@ -1834,10 +2132,25 @@ int split_vma(struct mm_struct * mm, str struct mempolicy *pol; struct vm_area_struct *new; @@ -55788,7 +56188,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -1845,6 +2153,16 @@ int split_vma(struct mm_struct * mm, str +@@ -1845,6 +2158,16 @@ int split_vma(struct mm_struct * mm, str if (!new) return -ENOMEM; @@ -55805,7 +56205,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -1855,8 +2173,29 @@ int split_vma(struct mm_struct * mm, str +@@ -1855,8 +2178,29 @@ int split_vma(struct mm_struct * mm, str new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -55835,7 +56235,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c kmem_cache_free(vm_area_cachep, new); return PTR_ERR(pol); } -@@ -1877,6 +2216,28 @@ int split_vma(struct mm_struct * mm, str +@@ -1877,6 +2221,28 @@ int split_vma(struct mm_struct * mm, str else vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -55864,13 +56264,13 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c return 0; } -@@ -1885,11 +2246,30 @@ int split_vma(struct mm_struct * mm, str +@@ -1885,11 +2251,30 @@ int split_vma(struct mm_struct * mm, str * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ +#ifdef CONFIG_PAX_SEGMEXEC - int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) - { ++int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) ++{ + int ret = __do_munmap(mm, start, len); + if (ret || !(mm->pax_flags & MF_PAX_SEGMEXEC)) + return ret; @@ -55880,9 +56280,9 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c + +int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +#else -+int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) + int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +#endif -+{ + { unsigned long end; struct vm_area_struct *vma, *prev, *last; @@ -55895,7 +56295,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -1953,6 +2333,8 @@ int do_munmap(struct mm_struct *mm, unsi +@@ -1953,6 +2338,8 @@ int do_munmap(struct mm_struct *mm, unsi /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -55904,7 +56304,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c return 0; } -@@ -1965,22 +2347,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a +@@ -1965,22 +2352,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a profile_munmap(addr); @@ -55933,7 +56333,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -1994,6 +2372,7 @@ unsigned long do_brk(unsigned long addr, +@@ -1994,6 +2377,7 @@ unsigned long do_brk(unsigned long addr, struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -55941,7 +56341,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c len = PAGE_ALIGN(len); if (!len) -@@ -2005,16 +2384,30 @@ unsigned long do_brk(unsigned long addr, +@@ -2005,16 +2389,30 @@ unsigned long do_brk(unsigned long addr, flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -55973,7 +56373,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c locked += mm->locked_vm; lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur; lock_limit >>= PAGE_SHIFT; -@@ -2031,22 +2424,22 @@ unsigned long do_brk(unsigned long addr, +@@ -2031,22 +2429,22 @@ unsigned long do_brk(unsigned long addr, /* * Clear old maps. this also does some error checking for us */ @@ -56000,7 +56400,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2060,7 +2453,7 @@ unsigned long do_brk(unsigned long addr, +@@ -2060,7 +2458,7 @@ unsigned long do_brk(unsigned long addr, */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -56009,7 +56409,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c return -ENOMEM; } -@@ -2072,11 +2465,12 @@ unsigned long do_brk(unsigned long addr, +@@ -2072,11 +2470,12 @@ unsigned long do_brk(unsigned long addr, vma->vm_page_prot = vm_get_page_prot(flags); vma_link(mm, vma, prev, rb_link, rb_parent); out: @@ -56024,7 +56424,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c return addr; } -@@ -2123,8 +2517,10 @@ void exit_mmap(struct mm_struct *mm) +@@ -2123,8 +2522,10 @@ void exit_mmap(struct mm_struct *mm) * Walk the list again, actually closing and freeing it, * with preemption enabled, without holding any MM locks. */ @@ -56036,7 +56436,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT); } -@@ -2138,6 +2534,10 @@ int insert_vm_struct(struct mm_struct * +@@ -2138,6 +2539,10 @@ int insert_vm_struct(struct mm_struct * struct vm_area_struct * __vma, * prev; struct rb_node ** rb_link, * rb_parent; @@ -56047,7 +56447,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2160,7 +2560,22 @@ int insert_vm_struct(struct mm_struct * +@@ -2160,7 +2565,22 @@ int insert_vm_struct(struct mm_struct * if ((vma->vm_flags & VM_ACCOUNT) && security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -56070,7 +56470,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c return 0; } -@@ -2178,6 +2593,8 @@ struct vm_area_struct *copy_vma(struct v +@@ -2178,6 +2598,8 @@ struct vm_area_struct *copy_vma(struct v struct rb_node **rb_link, *rb_parent; struct mempolicy *pol; @@ -56079,7 +56479,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2221,6 +2638,35 @@ struct vm_area_struct *copy_vma(struct v +@@ -2221,6 +2643,35 @@ struct vm_area_struct *copy_vma(struct v return new_vma; } @@ -56115,7 +56515,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2231,7 +2677,7 @@ int may_expand_vm(struct mm_struct *mm, +@@ -2231,7 +2682,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long lim; lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT; @@ -56124,16 +56524,21 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c if (cur + npages > lim) return 0; return 1; -@@ -2301,6 +2747,17 @@ int install_special_mapping(struct mm_st +@@ -2301,6 +2752,22 @@ int install_special_mapping(struct mm_st vma->vm_start = addr; vma->vm_end = addr + len; +#ifdef CONFIG_PAX_MPROTECT + if (mm->pax_flags & MF_PAX_MPROTECT) { ++#ifndef CONFIG_PAX_MPROTECT_COMPAT + if ((vm_flags & (VM_WRITE | VM_EXEC)) == (VM_WRITE | VM_EXEC)) + return -EPERM; + if (!(vm_flags & VM_EXEC)) + vm_flags &= ~VM_MAYEXEC; ++#else ++ if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC) ++ vm_flags &= ~(VM_EXEC | VM_MAYEXEC); ++#endif + else + vm_flags &= ~VM_MAYWRITE; + } @@ -56595,7 +57000,7 @@ diff -urNp linux-2.6.32.28/mm/rmap.c linux-2.6.32.28/mm/rmap.c allocated = NULL; diff -urNp linux-2.6.32.28/mm/shmem.c linux-2.6.32.28/mm/shmem.c --- linux-2.6.32.28/mm/shmem.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/mm/shmem.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/mm/shmem.c 2011-01-24 18:05:37.000000000 -0500 @@ -31,7 +31,7 @@ #include <linux/swap.h> #include <linux/ima.h> @@ -56605,6 +57010,15 @@ diff -urNp linux-2.6.32.28/mm/shmem.c linux-2.6.32.28/mm/shmem.c #ifdef CONFIG_SHMEM /* +@@ -1061,6 +1061,8 @@ static int shmem_writepage(struct page * + goto unlock; + } + entry = shmem_swp_entry(info, index, NULL); ++ if (!entry) ++ goto unlock; + if (entry->val) { + /* + * The more uptodate page coming down from a stacked diff -urNp linux-2.6.32.28/mm/slab.c linux-2.6.32.28/mm/slab.c --- linux-2.6.32.28/mm/slab.c 2010-08-29 21:08:20.000000000 -0400 +++ linux-2.6.32.28/mm/slab.c 2010-12-31 14:46:53.000000000 -0500 @@ -58424,24 +58838,24 @@ diff -urNp linux-2.6.32.28/net/irda/af_irda.c linux-2.6.32.28/net/irda/af_irda.c { diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c --- linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c 2011-01-24 18:05:37.000000000 -0500 @@ -280,16 +280,16 @@ static int ircomm_tty_block_til_ready(st add_wait_queue(&self->open_wait, &wait); IRDA_DEBUG(2, "%s(%d):block_til_ready before block on %s open_count=%d\n", - __FILE__,__LINE__, tty->driver->name, self->open_count ); -+ __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count) ); ++ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count) ); /* As far as I can see, we protect open_count - Jean II */ spin_lock_irqsave(&self->spinlock, flags); if (!tty_hung_up_p(filp)) { extra_count = 1; - self->open_count--; -+ atomic_dec(&self->open_count); ++ local_dec(&self->open_count); } spin_unlock_irqrestore(&self->spinlock, flags); - self->blocked_open++; -+ atomic_inc(&self->blocked_open); ++ local_inc(&self->blocked_open); while (1) { if (tty->termios->c_cflag & CBAUD) { @@ -58450,7 +58864,7 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda IRDA_DEBUG(1, "%s(%d):block_til_ready blocking on %s open_count=%d\n", - __FILE__,__LINE__, tty->driver->name, self->open_count ); -+ __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count) ); ++ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count) ); schedule(); } @@ -58459,15 +58873,15 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda /* ++ is not atomic, so this should be protected - Jean II */ spin_lock_irqsave(&self->spinlock, flags); - self->open_count++; -+ atomic_inc(&self->open_count); ++ local_inc(&self->open_count); spin_unlock_irqrestore(&self->spinlock, flags); } - self->blocked_open--; -+ atomic_dec(&self->blocked_open); ++ local_dec(&self->blocked_open); IRDA_DEBUG(1, "%s(%d):block_til_ready after blocking on %s open_count=%d\n", - __FILE__,__LINE__, tty->driver->name, self->open_count); -+ __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count)); ++ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count)); if (!retval) self->flags |= ASYNC_NORMAL_ACTIVE; @@ -58476,7 +58890,7 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda /* ++ is not atomic, so this should be protected - Jean II */ spin_lock_irqsave(&self->spinlock, flags); - self->open_count++; -+ atomic_inc(&self->open_count); ++ local_inc(&self->open_count); tty->driver_data = self; self->tty = tty; @@ -58484,7 +58898,7 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda IRDA_DEBUG(1, "%s(), %s%d, count = %d\n", __func__ , tty->driver->name, - self->line, self->open_count); -+ self->line, atomic_read(&self->open_count)); ++ self->line, local_read(&self->open_count)); /* Not really used by us, but lets do it anyway */ self->tty->low_latency = (self->flags & ASYNC_LOW_LATENCY) ? 1 : 0; @@ -58493,7 +58907,7 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda } - if ((tty->count == 1) && (self->open_count != 1)) { -+ if ((tty->count == 1) && (atomic_read(&self->open_count) != 1)) { ++ if ((tty->count == 1) && (local_read(&self->open_count) != 1)) { /* * Uh, oh. tty->count is 1, which means that the tty * structure will be freed. state->count should always @@ -58503,20 +58917,20 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda "tty->count is 1, state->count is %d\n", __func__ , - self->open_count); - self->open_count = 1; -+ atomic_read(&self->open_count)); -+ atomic_set(&self->open_count, 1); ++ local_read(&self->open_count)); ++ local_set(&self->open_count, 1); } - if (--self->open_count < 0) { -+ if (atomic_dec_return(&self->open_count) < 0) { ++ if (local_dec_return(&self->open_count) < 0) { IRDA_ERROR("%s(), bad serial port count for ttys%d: %d\n", - __func__, self->line, self->open_count); - self->open_count = 0; -+ __func__, self->line, atomic_read(&self->open_count)); -+ atomic_set(&self->open_count, 0); ++ __func__, self->line, local_read(&self->open_count)); ++ local_set(&self->open_count, 0); } - if (self->open_count) { -+ if (atomic_read(&self->open_count)) { ++ if (local_read(&self->open_count)) { spin_unlock_irqrestore(&self->spinlock, flags); IRDA_DEBUG(0, "%s(), open count > 0\n", __func__ ); @@ -58525,7 +58939,7 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda self->tty = NULL; - if (self->blocked_open) { -+ if (atomic_read(&self->blocked_open)) { ++ if (local_read(&self->blocked_open)) { if (self->close_delay) schedule_timeout_interruptible(self->close_delay); wake_up_interruptible(&self->open_wait); @@ -58534,7 +58948,7 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda self->flags &= ~ASYNC_NORMAL_ACTIVE; self->tty = NULL; - self->open_count = 0; -+ atomic_set(&self->open_count, 0); ++ local_set(&self->open_count, 0); spin_unlock_irqrestore(&self->spinlock, flags); wake_up_interruptible(&self->open_wait); @@ -58543,7 +58957,7 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda seq_printf(m, "Role: %s\n", self->client ? "client" : "server"); - seq_printf(m, "Open count: %d\n", self->open_count); -+ seq_printf(m, "Open count: %d\n", atomic_read(&self->open_count)); ++ seq_printf(m, "Open count: %d\n", local_read(&self->open_count)); seq_printf(m, "Max data size: %d\n", self->max_data_size); seq_printf(m, "Max header size: %d\n", self->max_header_size); @@ -58582,25 +58996,33 @@ diff -urNp linux-2.6.32.28/net/mac80211/debugfs_key.c linux-2.6.32.28/net/mac802 p += scnprintf(p, bufsize + buf - p, "%02x", key->conf.key[i]); diff -urNp linux-2.6.32.28/net/mac80211/ieee80211_i.h linux-2.6.32.28/net/mac80211/ieee80211_i.h --- linux-2.6.32.28/net/mac80211/ieee80211_i.h 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/net/mac80211/ieee80211_i.h 2010-12-31 14:46:53.000000000 -0500 -@@ -635,7 +635,7 @@ struct ieee80211_local { ++++ linux-2.6.32.28/net/mac80211/ieee80211_i.h 2011-01-24 18:05:37.000000000 -0500 +@@ -25,6 +25,7 @@ + #include <linux/etherdevice.h> + #include <net/cfg80211.h> + #include <net/mac80211.h> ++#include <asm/local.h> + #include "key.h" + #include "sta_info.h" + +@@ -635,7 +636,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; - int open_count; -+ atomic_t open_count; ++ local_t open_count; int monitors, cooked_mntrs; /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll; diff -urNp linux-2.6.32.28/net/mac80211/iface.c linux-2.6.32.28/net/mac80211/iface.c --- linux-2.6.32.28/net/mac80211/iface.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/net/mac80211/iface.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/net/mac80211/iface.c 2011-01-24 18:05:37.000000000 -0500 @@ -166,7 +166,7 @@ static int ieee80211_open(struct net_dev break; } - if (local->open_count == 0) { -+ if (atomic_read(&local->open_count) == 0) { ++ if (local_read(&local->open_count) == 0) { res = drv_start(local); if (res) goto err_del_bss; @@ -58609,7 +59031,7 @@ diff -urNp linux-2.6.32.28/net/mac80211/iface.c linux-2.6.32.28/net/mac80211/ifa */ if (!is_valid_ether_addr(dev->dev_addr)) { - if (!local->open_count) -+ if (!atomic_read(&local->open_count)) ++ if (!local_read(&local->open_count)) drv_stop(local); return -EADDRNOTAVAIL; } @@ -58618,7 +59040,7 @@ diff -urNp linux-2.6.32.28/net/mac80211/iface.c linux-2.6.32.28/net/mac80211/ifa hw_reconf_flags |= __ieee80211_recalc_idle(local); - local->open_count++; -+ atomic_inc(&local->open_count); ++ local_inc(&local->open_count); if (hw_reconf_flags) { ieee80211_hw_config(local, hw_reconf_flags); /* @@ -58627,7 +59049,7 @@ diff -urNp linux-2.6.32.28/net/mac80211/iface.c linux-2.6.32.28/net/mac80211/ifa drv_remove_interface(local, &conf); err_stop: - if (!local->open_count) -+ if (!atomic_read(&local->open_count)) ++ if (!local_read(&local->open_count)) drv_stop(local); err_del_bss: sdata->bss = NULL; @@ -58636,7 +59058,7 @@ diff -urNp linux-2.6.32.28/net/mac80211/iface.c linux-2.6.32.28/net/mac80211/ifa } - local->open_count--; -+ atomic_dec(&local->open_count); ++ local_dec(&local->open_count); switch (sdata->vif.type) { case NL80211_IFTYPE_AP_VLAN: @@ -58645,43 +59067,43 @@ diff -urNp linux-2.6.32.28/net/mac80211/iface.c linux-2.6.32.28/net/mac80211/ifa ieee80211_recalc_ps(local, -1); - if (local->open_count == 0) { -+ if (atomic_read(&local->open_count) == 0) { ++ if (local_read(&local->open_count) == 0) { ieee80211_clear_tx_pending(local); ieee80211_stop_device(local); diff -urNp linux-2.6.32.28/net/mac80211/main.c linux-2.6.32.28/net/mac80211/main.c --- linux-2.6.32.28/net/mac80211/main.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/net/mac80211/main.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/net/mac80211/main.c 2011-01-24 18:05:37.000000000 -0500 @@ -145,7 +145,7 @@ int ieee80211_hw_config(struct ieee80211 local->hw.conf.power_level = power; } - if (changed && local->open_count) { -+ if (changed && atomic_read(&local->open_count)) { ++ if (changed && local_read(&local->open_count)) { ret = drv_config(local, changed); /* * Goal: diff -urNp linux-2.6.32.28/net/mac80211/pm.c linux-2.6.32.28/net/mac80211/pm.c --- linux-2.6.32.28/net/mac80211/pm.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/net/mac80211/pm.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/net/mac80211/pm.c 2011-01-24 18:05:37.000000000 -0500 @@ -107,7 +107,7 @@ int __ieee80211_suspend(struct ieee80211 } /* stop hardware - this must stop RX */ - if (local->open_count) -+ if (atomic_read(&local->open_count)) ++ if (local_read(&local->open_count)) ieee80211_stop_device(local); local->suspended = true; diff -urNp linux-2.6.32.28/net/mac80211/rate.c linux-2.6.32.28/net/mac80211/rate.c --- linux-2.6.32.28/net/mac80211/rate.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/net/mac80211/rate.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/net/mac80211/rate.c 2011-01-24 18:05:37.000000000 -0500 @@ -287,7 +287,7 @@ int ieee80211_init_rate_ctrl_alg(struct struct rate_control_ref *ref, *old; ASSERT_RTNL(); - if (local->open_count) -+ if (atomic_read(&local->open_count)) ++ if (local_read(&local->open_count)) return -EBUSY; ref = rate_control_alloc(name, local); @@ -58699,13 +59121,13 @@ diff -urNp linux-2.6.32.28/net/mac80211/tx.c linux-2.6.32.28/net/mac80211/tx.c return local == wdev_priv(dev->ieee80211_ptr); diff -urNp linux-2.6.32.28/net/mac80211/util.c linux-2.6.32.28/net/mac80211/util.c --- linux-2.6.32.28/net/mac80211/util.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/net/mac80211/util.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/net/mac80211/util.c 2011-01-24 18:05:37.000000000 -0500 @@ -1042,7 +1042,7 @@ int ieee80211_reconfig(struct ieee80211_ local->resuming = true; /* restart hardware */ - if (local->open_count) { -+ if (atomic_read(&local->open_count)) { ++ if (local_read(&local->open_count)) { /* * Upon resume hardware can sometimes be goofy due to * various platform / driver / bus issues, so restarting @@ -59747,8 +60169,8 @@ diff -urNp linux-2.6.32.28/security/integrity/ima/ima_queue.c linux-2.6.32.28/se return 0; diff -urNp linux-2.6.32.28/security/Kconfig linux-2.6.32.28/security/Kconfig --- linux-2.6.32.28/security/Kconfig 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/security/Kconfig 2011-01-04 17:43:17.000000000 -0500 -@@ -4,6 +4,509 @@ ++++ linux-2.6.32.28/security/Kconfig 2011-02-12 11:33:55.000000000 -0500 +@@ -4,6 +4,527 @@ menu "Security options" @@ -59994,6 +60416,24 @@ diff -urNp linux-2.6.32.28/security/Kconfig linux-2.6.32.28/security/Kconfig + NOTE: you can use the 'chpax' or 'paxctl' utilities to control + this feature on a per file basis. + ++config PAX_MPROTECT_COMPAT ++ bool "Use legacy/compat protection demoting (read help)" ++ depends on PAX_MPROTECT ++ default n ++ help ++ The current implementation of PAX_MPROTECT denies RWX allocations/mprotects ++ by sending the proper error code to the application. For some broken ++ userland, this can cause problems with Python or other applications. The ++ current implementation however allows for applications like clamav to ++ detect if JIT compilation/execution is allowed and to fall back gracefully ++ to an interpreter-based mode if it does not. While we encourage everyone ++ to use the current implementation as-is and push upstream to fix broken ++ userland (note that the RWX logging option can assist with this), in some ++ environments this may not be possible. Having to disable MPROTECT ++ completely on certain binaries reduces the security benefit of PaX, ++ so this option is provided for those environments to revert to the old ++ behavior. ++ +config PAX_ELFRELOCS + bool "Allow ELF text relocations (read help)" + depends on PAX_MPROTECT @@ -60258,7 +60698,7 @@ diff -urNp linux-2.6.32.28/security/Kconfig linux-2.6.32.28/security/Kconfig config KEYS bool "Enable access key retention support" help -@@ -146,7 +649,7 @@ config INTEL_TXT +@@ -146,7 +667,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -60321,7 +60761,7 @@ diff -urNp linux-2.6.32.28/security/security.c linux-2.6.32.28/security/security printk(KERN_DEBUG "%s could not verify " diff -urNp linux-2.6.32.28/security/selinux/hooks.c linux-2.6.32.28/security/selinux/hooks.c --- linux-2.6.32.28/security/selinux/hooks.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/security/selinux/hooks.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/security/selinux/hooks.c 2011-02-12 11:03:00.000000000 -0500 @@ -131,7 +131,7 @@ int selinux_enabled = 1; * Minimal support for a secondary security module, * just to allow the use of the capability module. @@ -60331,7 +60771,20 @@ diff -urNp linux-2.6.32.28/security/selinux/hooks.c linux-2.6.32.28/security/sel /* Lists of inode and superblock security structures initialized before the policy was loaded. */ -@@ -5450,7 +5450,7 @@ static int selinux_key_getsecurity(struc +@@ -3259,7 +3259,11 @@ static void selinux_cred_free(struct cre + { + struct task_security_struct *tsec = cred->security; + +- BUG_ON((unsigned long) cred->security < PAGE_SIZE); ++ /* ++ * cred->security == NULL if security_cred_alloc_blank() or ++ * security_prepare_creds() returned an error. ++ */ ++ BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE); + cred->security = (void *) 0x7UL; + kfree(tsec); + } +@@ -5450,7 +5454,7 @@ static int selinux_key_getsecurity(struc #endif @@ -60340,7 +60793,7 @@ diff -urNp linux-2.6.32.28/security/selinux/hooks.c linux-2.6.32.28/security/sel .name = "selinux", .ptrace_access_check = selinux_ptrace_access_check, -@@ -5834,7 +5834,9 @@ int selinux_disable(void) +@@ -5834,7 +5838,9 @@ int selinux_disable(void) avc_disable(); /* Reset security_ops to the secondary module, dummy or capability. */ @@ -60376,13 +60829,13 @@ diff -urNp linux-2.6.32.28/security/tomoyo/tomoyo.c linux-2.6.32.28/security/tom .cred_prepare = tomoyo_cred_prepare, diff -urNp linux-2.6.32.28/sound/aoa/codecs/onyx.c linux-2.6.32.28/sound/aoa/codecs/onyx.c --- linux-2.6.32.28/sound/aoa/codecs/onyx.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/sound/aoa/codecs/onyx.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/sound/aoa/codecs/onyx.c 2011-01-24 18:05:37.000000000 -0500 @@ -53,7 +53,7 @@ struct onyx { spdif_locked:1, analog_locked:1, original_mute:2; - int open_count; -+ atomic_t open_count; ++ local_t open_count; struct codec_info *codec_info; /* mutex serializes concurrent access to the device @@ -60391,7 +60844,7 @@ diff -urNp linux-2.6.32.28/sound/aoa/codecs/onyx.c linux-2.6.32.28/sound/aoa/cod mutex_lock(&onyx->mutex); - onyx->open_count++; -+ atomic_inc(&onyx->open_count); ++ local_inc(&onyx->open_count); mutex_unlock(&onyx->mutex); return 0; @@ -60401,10 +60854,21 @@ diff -urNp linux-2.6.32.28/sound/aoa/codecs/onyx.c linux-2.6.32.28/sound/aoa/cod mutex_lock(&onyx->mutex); - onyx->open_count--; - if (!onyx->open_count) -+ if (atomic_dec_and_test(&onyx->open_count)) ++ if (local_dec_and_test(&onyx->open_count)) onyx->spdif_locked = onyx->analog_locked = 0; mutex_unlock(&onyx->mutex); +diff -urNp linux-2.6.32.28/sound/aoa/codecs/onyx.h linux-2.6.32.28/sound/aoa/codecs/onyx.h +--- linux-2.6.32.28/sound/aoa/codecs/onyx.h 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.28/sound/aoa/codecs/onyx.h 2011-01-25 20:24:47.000000000 -0500 +@@ -11,6 +11,7 @@ + #include <linux/i2c.h> + #include <asm/pmac_low_i2c.h> + #include <asm/prom.h> ++#include <asm/local.h> + + /* PCM3052 register definitions */ + diff -urNp linux-2.6.32.28/sound/core/oss/pcm_oss.c linux-2.6.32.28/sound/core/oss/pcm_oss.c --- linux-2.6.32.28/sound/core/oss/pcm_oss.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.28/sound/core/oss/pcm_oss.c 2010-12-31 14:46:53.000000000 -0500 @@ -60439,64 +60903,80 @@ diff -urNp linux-2.6.32.28/sound/core/seq/seq_lock.h linux-2.6.32.28/sound/core/ diff -urNp linux-2.6.32.28/sound/drivers/mts64.c linux-2.6.32.28/sound/drivers/mts64.c --- linux-2.6.32.28/sound/drivers/mts64.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/sound/drivers/mts64.c 2010-12-31 14:46:53.000000000 -0500 -@@ -65,7 +65,7 @@ struct mts64 { ++++ linux-2.6.32.28/sound/drivers/mts64.c 2011-01-25 22:35:30.000000000 -0500 +@@ -27,6 +27,7 @@ + #include <sound/initval.h> + #include <sound/rawmidi.h> + #include <sound/control.h> ++#include <asm/local.h> + + #define CARD_NAME "Miditerminal 4140" + #define DRIVER_NAME "MTS64" +@@ -65,7 +66,7 @@ struct mts64 { struct pardevice *pardev; int pardev_claimed; - int open_count; -+ atomic_t open_count; ++ local_t open_count; int current_midi_output_port; int current_midi_input_port; u8 mode[MTS64_NUM_INPUT_PORTS]; -@@ -695,7 +695,7 @@ static int snd_mts64_rawmidi_open(struct +@@ -695,7 +696,7 @@ static int snd_mts64_rawmidi_open(struct { struct mts64 *mts = substream->rmidi->private_data; - if (mts->open_count == 0) { -+ if (atomic_read(&mts->open_count) == 0) { ++ if (local_read(&mts->open_count) == 0) { /* We don't need a spinlock here, because this is just called if the device has not been opened before. So there aren't any IRQs from the device */ -@@ -703,7 +703,7 @@ static int snd_mts64_rawmidi_open(struct +@@ -703,7 +704,7 @@ static int snd_mts64_rawmidi_open(struct msleep(50); } - ++(mts->open_count); -+ atomic_inc(&mts->open_count); ++ local_inc(&mts->open_count); return 0; } -@@ -713,8 +713,7 @@ static int snd_mts64_rawmidi_close(struc +@@ -713,8 +714,7 @@ static int snd_mts64_rawmidi_close(struc struct mts64 *mts = substream->rmidi->private_data; unsigned long flags; - --(mts->open_count); - if (mts->open_count == 0) { -+ if (atomic_dec_return(&mts->open_count) == 0) { ++ if (local_dec_return(&mts->open_count) == 0) { /* We need the spinlock_irqsave here because we can still have IRQs at this point */ spin_lock_irqsave(&mts->lock, flags); -@@ -723,8 +722,8 @@ static int snd_mts64_rawmidi_close(struc +@@ -723,8 +723,8 @@ static int snd_mts64_rawmidi_close(struc msleep(500); - } else if (mts->open_count < 0) - mts->open_count = 0; -+ } else if (atomic_read(&mts->open_count) < 0) -+ atomic_set(&mts->open_count, 0); ++ } else if (local_read(&mts->open_count) < 0) ++ local_set(&mts->open_count, 0); return 0; } diff -urNp linux-2.6.32.28/sound/drivers/portman2x4.c linux-2.6.32.28/sound/drivers/portman2x4.c --- linux-2.6.32.28/sound/drivers/portman2x4.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.28/sound/drivers/portman2x4.c 2010-12-31 14:46:53.000000000 -0500 -@@ -83,7 +83,7 @@ struct portman { ++++ linux-2.6.32.28/sound/drivers/portman2x4.c 2011-01-25 20:24:47.000000000 -0500 +@@ -46,6 +46,7 @@ + #include <sound/initval.h> + #include <sound/rawmidi.h> + #include <sound/control.h> ++#include <asm/local.h> + + #define CARD_NAME "Portman 2x4" + #define DRIVER_NAME "portman" +@@ -83,7 +84,7 @@ struct portman { struct pardevice *pardev; int pardev_claimed; - int open_count; -+ atomic_t open_count; ++ local_t open_count; int mode[PORTMAN_NUM_INPUT_PORTS]; struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS]; }; diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch index 0049a17..5592c67 100644 --- a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch @@ -27,7 +27,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> --- a/grsecurity/Kconfig +++ b/grsecurity/Kconfig -@@ -1385,6 +1385,27 @@ +@@ -1230,6 +1230,27 @@ menu "Logging Options" depends on GRKERNSEC |