diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2011-02-28 08:08:36 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2011-02-28 08:08:36 -0500 |
commit | ea252fb85a5dd67b1f530e61d70828409e7836e4 (patch) | |
tree | 532857127f8909a13f017e232d6730e6055dde75 /2.6.32 | |
parent | Merge branch 'experimental' (diff) | |
download | hardened-patchset-ea252fb85a5dd67b1f530e61d70828409e7836e4.tar.gz hardened-patchset-ea252fb85a5dd67b1f530e61d70828409e7836e4.tar.bz2 hardened-patchset-ea252fb85a5dd67b1f530e61d70828409e7836e4.zip |
Update Grsec/PaX
2.2.1-2.6.32.29-201102271552
2.2.1-2.6.37.2-201102271552
Diffstat (limited to '2.6.32')
-rw-r--r-- | 2.6.32/0000_README | 10 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.2.1-2.6.32.29-201102271552.patch (renamed from 2.6.32/4420_grsecurity-2.2.1-2.6.32.29-201102221638.patch) | 567 |
2 files changed, 465 insertions, 112 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index c8824fb..8e2aed5 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.1-2.6.32.29-201102221638.patch +Patch: 4420_grsecurity-2.2.1-2.6.32.29-201102271552.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity @@ -18,7 +18,7 @@ Desc: Removes verbose compile warning settings from grsecurity, restores mainline Linux kernel behavior Patch: 4423_grsec-remove-protected-paths.patch -From: Anthony G. Basile, Ph. D. <basile@opensource.dyc.edu> +From: Anthony G. Basile <blueness@gentoo.org> Desc: Removes chmod statements from grsecurity/Makefile Patch: 4425_grsec-pax-without-grsec.patch @@ -33,11 +33,13 @@ Desc: Sets sane(r) default GIDs on various grsecurity group-dependent Patch: 4435_grsec-kconfig-gentoo.patch From: Gordon Malm <gengor@gentoo.org> Kerin Millar <kerframil@gmail.com> -Desc: Adds Hardened Gentoo [server/workstation] security levels, sets - Hardened Gentoo [workstation] as default + Anthony G. Basile <blueness@gentoo.org> +Desc: Adds Hardened Gentoo [server/workstation/virtualization] security levels, + sets Hardened Gentoo [workstation] as default Patch: 4440_selinux-avc_audit-log-curr_ip.patch From: Gordon Malm <gengor@gentoo.org> + Anthony G. Basile <blueness@gentoo.org> Desc: Configurable option to add src IP address to SELinux log messages Patch: 4445_disable-compat_vdso.patch diff --git a/2.6.32/4420_grsecurity-2.2.1-2.6.32.29-201102221638.patch b/2.6.32/4420_grsecurity-2.2.1-2.6.32.29-201102271552.patch index b491451..a9fbc08 100644 --- a/2.6.32/4420_grsecurity-2.2.1-2.6.32.29-201102221638.patch +++ b/2.6.32/4420_grsecurity-2.2.1-2.6.32.29-201102271552.patch @@ -863,6 +863,18 @@ diff -urNp linux-2.6.32.29/arch/ia64/include/asm/pgtable.h linux-2.6.32.29/arch/ #define PAGE_GATE __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX) #define PAGE_KERNEL __pgprot(__DIRTY_BITS | _PAGE_PL_0 | _PAGE_AR_RWX) #define PAGE_KERNELRX __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX) +diff -urNp linux-2.6.32.29/arch/ia64/include/asm/spinlock.h linux-2.6.32.29/arch/ia64/include/asm/spinlock.h +--- linux-2.6.32.29/arch/ia64/include/asm/spinlock.h 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.29/arch/ia64/include/asm/spinlock.h 2011-02-27 14:53:10.000000000 -0500 +@@ -72,7 +72,7 @@ static __always_inline void __ticket_spi + unsigned short *p = (unsigned short *)&lock->lock + 1, tmp; + + asm volatile ("ld2.bias %0=[%1]" : "=r"(tmp) : "r"(p)); +- ACCESS_ONCE(*p) = (tmp + 2) & ~1; ++ ACCESS_ONCE_RW(*p) = (tmp + 2) & ~1; + } + + static __always_inline void __ticket_spin_unlock_wait(raw_spinlock_t *lock) diff -urNp linux-2.6.32.29/arch/ia64/include/asm/uaccess.h linux-2.6.32.29/arch/ia64/include/asm/uaccess.h --- linux-2.6.32.29/arch/ia64/include/asm/uaccess.h 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.29/arch/ia64/include/asm/uaccess.h 2010-12-31 14:46:53.000000000 -0500 @@ -1989,6 +2001,17 @@ diff -urNp linux-2.6.32.29/arch/powerpc/include/asm/pci.h linux-2.6.32.29/arch/p #else /* CONFIG_PCI */ #define set_pci_dma_ops(d) #define get_pci_dma_ops() NULL +diff -urNp linux-2.6.32.29/arch/powerpc/include/asm/pgtable.h linux-2.6.32.29/arch/powerpc/include/asm/pgtable.h +--- linux-2.6.32.29/arch/powerpc/include/asm/pgtable.h 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.29/arch/powerpc/include/asm/pgtable.h 2011-02-27 14:53:10.000000000 -0500 +@@ -2,6 +2,7 @@ + #define _ASM_POWERPC_PGTABLE_H + #ifdef __KERNEL__ + ++#include <linux/const.h> + #ifndef __ASSEMBLY__ + #include <asm/processor.h> /* For TASK_SIZE */ + #include <asm/mmu.h> diff -urNp linux-2.6.32.29/arch/powerpc/include/asm/pte-hash32.h linux-2.6.32.29/arch/powerpc/include/asm/pte-hash32.h --- linux-2.6.32.29/arch/powerpc/include/asm/pte-hash32.h 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.29/arch/powerpc/include/asm/pte-hash32.h 2010-12-31 14:46:53.000000000 -0500 @@ -6145,7 +6168,7 @@ diff -urNp linux-2.6.32.29/arch/x86/ia32/ia32_aout.c linux-2.6.32.29/arch/x86/ia return has_dumped; diff -urNp linux-2.6.32.29/arch/x86/ia32/ia32entry.S linux-2.6.32.29/arch/x86/ia32/ia32entry.S --- linux-2.6.32.29/arch/x86/ia32/ia32entry.S 2010-09-20 17:26:42.000000000 -0400 -+++ linux-2.6.32.29/arch/x86/ia32/ia32entry.S 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.29/arch/x86/ia32/ia32entry.S 2011-02-27 14:53:10.000000000 -0500 @@ -13,6 +13,7 @@ #include <asm/thread_info.h> #include <asm/segment.h> @@ -6154,19 +6177,34 @@ diff -urNp linux-2.6.32.29/arch/x86/ia32/ia32entry.S linux-2.6.32.29/arch/x86/ia #include <linux/linkage.h> /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ -@@ -120,6 +121,11 @@ ENTRY(ia32_sysenter_target) - SWAPGS_UNSAFE_STACK - movq PER_CPU_VAR(kernel_stack), %rsp - addq $(KERNEL_STACK_OFFSET),%rsp -+ +@@ -93,6 +94,18 @@ ENTRY(native_irq_enable_sysexit) + ENDPROC(native_irq_enable_sysexit) + #endif + ++ .macro pax_enter_kernel_user +#ifdef CONFIG_PAX_MEMORY_UDEREF + call pax_enter_kernel_user +#endif ++ .endm + ++ .macro pax_exit_kernel_user ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ call pax_exit_kernel_user ++#endif ++ .endm ++ + /* + * 32bit SYSENTER instruction entry. + * +@@ -120,6 +133,7 @@ ENTRY(ia32_sysenter_target) + SWAPGS_UNSAFE_STACK + movq PER_CPU_VAR(kernel_stack), %rsp + addq $(KERNEL_STACK_OFFSET),%rsp ++ pax_enter_kernel_user /* * No need to follow this irqs on/off section: the syscall * disabled irqs, here we enable it straight after entry: -@@ -150,6 +156,12 @@ ENTRY(ia32_sysenter_target) +@@ -150,6 +164,12 @@ ENTRY(ia32_sysenter_target) SAVE_ARGS 0,0,1 /* no need to do an access_ok check here because rbp has been 32bit zero extended */ @@ -6179,31 +6217,27 @@ diff -urNp linux-2.6.32.29/arch/x86/ia32/ia32entry.S linux-2.6.32.29/arch/x86/ia 1: movl (%rbp),%ebp .section __ex_table,"a" .quad 1b,ia32_badarg -@@ -172,6 +184,11 @@ sysenter_dispatch: +@@ -172,6 +192,7 @@ sysenter_dispatch: testl $_TIF_ALLWORK_MASK,TI_flags(%r10) jnz sysexit_audit sysexit_from_sys_call: -+ -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ call pax_exit_kernel_user -+#endif -+ ++ pax_exit_kernel_user andl $~TS_COMPAT,TI_status(%r10) /* clear IF, that popfq doesn't enable interrupts early */ andl $~0x200,EFLAGS-R11(%rsp) -@@ -290,6 +307,11 @@ ENTRY(ia32_cstar_target) +@@ -290,6 +311,11 @@ ENTRY(ia32_cstar_target) movl %esp,%r8d CFI_REGISTER rsp,r8 movq PER_CPU_VAR(kernel_stack),%rsp + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ call pax_enter_kernel_user ++ pax_enter_kernel_user +#endif + /* * No need to follow this irqs on/off section: the syscall * disabled irqs and here we enable it straight after entry: -@@ -311,6 +333,12 @@ ENTRY(ia32_cstar_target) +@@ -311,6 +337,12 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */ /* hardware stack frame is complete now */ @@ -6216,27 +6250,19 @@ diff -urNp linux-2.6.32.29/arch/x86/ia32/ia32entry.S linux-2.6.32.29/arch/x86/ia 1: movl (%r8),%r9d .section __ex_table,"a" .quad 1b,ia32_badarg -@@ -333,6 +361,11 @@ cstar_dispatch: +@@ -333,6 +365,7 @@ cstar_dispatch: testl $_TIF_ALLWORK_MASK,TI_flags(%r10) jnz sysretl_audit sysretl_from_sys_call: -+ -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ call pax_exit_kernel_user -+#endif -+ ++ pax_exit_kernel_user andl $~TS_COMPAT,TI_status(%r10) RESTORE_ARGS 1,-ARG_SKIP,1,1,1 movl RIP-ARGOFFSET(%rsp),%ecx -@@ -415,6 +448,11 @@ ENTRY(ia32_syscall) +@@ -415,6 +448,7 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS -+ -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ call pax_enter_kernel_user -+#endif -+ ++ pax_enter_kernel_user /* * No need to follow this irqs on/off section: the syscall * disabled irqs and here we enable it straight after entry: @@ -7369,9 +7395,25 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/checksum_32.h linux-2.6.32.29/ar len, sum, NULL, err_ptr); if (len) +diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc_defs.h linux-2.6.32.29/arch/x86/include/asm/desc_defs.h +--- linux-2.6.32.29/arch/x86/include/asm/desc_defs.h 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.29/arch/x86/include/asm/desc_defs.h 2011-02-27 14:53:10.000000000 -0500 +@@ -31,6 +31,12 @@ struct desc_struct { + unsigned base1: 8, type: 4, s: 1, dpl: 2, p: 1; + unsigned limit: 4, avl: 1, l: 1, d: 1, g: 1, base2: 8; + }; ++ struct { ++ u16 offset_low; ++ u16 seg; ++ unsigned reserved: 8, type: 4, s: 1, dpl: 2, p: 1; ++ unsigned offset_high: 16; ++ } gate; + }; + } __attribute__((packed)); + diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/include/asm/desc.h --- linux-2.6.32.29/arch/x86/include/asm/desc.h 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.29/arch/x86/include/asm/desc.h 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.29/arch/x86/include/asm/desc.h 2011-02-27 14:53:10.000000000 -0500 @@ -4,6 +4,7 @@ #include <asm/desc_defs.h> #include <asm/ldt.h> @@ -7408,7 +7450,25 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/ } #ifdef CONFIG_X86_64 -@@ -115,19 +113,24 @@ static inline void paravirt_free_ldt(str +@@ -65,9 +63,14 @@ static inline void pack_gate(gate_desc * + unsigned long base, unsigned dpl, unsigned flags, + unsigned short seg) + { +- gate->a = (seg << 16) | (base & 0xffff); +- gate->b = (base & 0xffff0000) | +- (((0x80 | type | (dpl << 5)) & 0xff) << 8); ++ gate->gate.offset_low = base; ++ gate->gate.seg = seg; ++ gate->gate.reserved = 0; ++ gate->gate.type = type; ++ gate->gate.s = 0; ++ gate->gate.dpl = dpl; ++ gate->gate.p = 1; ++ gate->gate.offset_high = base >> 16; + } + + #endif +@@ -115,19 +118,24 @@ static inline void paravirt_free_ldt(str static inline void native_write_idt_entry(gate_desc *idt, int entry, const gate_desc *gate) { @@ -7433,7 +7493,7 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/ switch (type) { case DESC_TSS: size = sizeof(tss_desc); -@@ -139,7 +142,10 @@ static inline void native_write_gdt_entr +@@ -139,7 +147,10 @@ static inline void native_write_gdt_entr size = sizeof(struct desc_struct); break; } @@ -7444,7 +7504,7 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/ } static inline void pack_descriptor(struct desc_struct *desc, unsigned long base, -@@ -211,7 +217,9 @@ static inline void native_set_ldt(const +@@ -211,7 +222,9 @@ static inline void native_set_ldt(const static inline void native_load_tr_desc(void) { @@ -7454,7 +7514,7 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/ } static inline void native_load_gdt(const struct desc_ptr *dtr) -@@ -246,8 +254,10 @@ static inline void native_load_tls(struc +@@ -246,8 +259,10 @@ static inline void native_load_tls(struc unsigned int i; struct desc_struct *gdt = get_cpu_gdt_table(cpu); @@ -7465,7 +7525,7 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/ } #define _LDT_empty(info) \ -@@ -309,7 +319,7 @@ static inline void set_desc_limit(struct +@@ -309,7 +324,7 @@ static inline void set_desc_limit(struct desc->limit = (limit >> 16) & 0xf; } @@ -7474,7 +7534,7 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/ unsigned dpl, unsigned ist, unsigned seg) { gate_desc s; -@@ -327,7 +337,7 @@ static inline void _set_gate(int gate, u +@@ -327,7 +342,7 @@ static inline void _set_gate(int gate, u * Pentium F0 0F bugfix can have resulted in the mapped * IDT being write-protected. */ @@ -7483,7 +7543,7 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/ { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_INTERRUPT, addr, 0, 0, __KERNEL_CS); -@@ -356,19 +366,19 @@ static inline void alloc_intr_gate(unsig +@@ -356,19 +371,19 @@ static inline void alloc_intr_gate(unsig /* * This routine sets up an interrupt gate at directory privilege level 3. */ @@ -7506,7 +7566,7 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/ { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS); -@@ -377,19 +387,31 @@ static inline void set_trap_gate(unsigne +@@ -377,19 +392,31 @@ static inline void set_trap_gate(unsigne static inline void set_task_gate(unsigned int n, unsigned int gdt_entry) { BUG_ON((unsigned)n > 0xFF); @@ -10611,6 +10671,18 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/asm-offsets_64.c linux-2.6.32.29/arch DEFINE(TSS_ist, offsetof(struct tss_struct, x86_tss.ist)); BLANK(); DEFINE(crypto_tfm_ctx_offset, offsetof(struct crypto_tfm, __crt_ctx)); +diff -urNp linux-2.6.32.29/arch/x86/kernel/cpu/amd.c linux-2.6.32.29/arch/x86/kernel/cpu/amd.c +--- linux-2.6.32.29/arch/x86/kernel/cpu/amd.c 2011-01-11 23:55:35.000000000 -0500 ++++ linux-2.6.32.29/arch/x86/kernel/cpu/amd.c 2011-02-27 14:53:10.000000000 -0500 +@@ -573,7 +573,7 @@ static unsigned int __cpuinit amd_size_c + unsigned int size) + { + /* AMD errata T13 (order #21922) */ +- if ((c->x86 == 6)) { ++ if (c->x86 == 6) { + /* Duron Rev A0 */ + if (c->x86_model == 3 && c->x86_mask == 0) + size = 64; diff -urNp linux-2.6.32.29/arch/x86/kernel/cpu/common.c linux-2.6.32.29/arch/x86/kernel/cpu/common.c --- linux-2.6.32.29/arch/x86/kernel/cpu/common.c 2010-10-31 16:44:11.000000000 -0400 +++ linux-2.6.32.29/arch/x86/kernel/cpu/common.c 2010-12-31 14:47:01.000000000 -0500 @@ -11756,7 +11828,7 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_32.S linux-2.6.32.29/arch/x86/k CFI_ADJUST_CFA_OFFSET -24 diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/kernel/entry_64.S --- linux-2.6.32.29/arch/x86/kernel/entry_64.S 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.29/arch/x86/kernel/entry_64.S 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.29/arch/x86/kernel/entry_64.S 2011-02-27 14:53:10.000000000 -0500 @@ -53,6 +53,7 @@ #include <asm/paravirt.h> #include <asm/ftrace.h> @@ -11765,7 +11837,7 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ #include <linux/elf-em.h> -@@ -174,6 +175,189 @@ ENTRY(native_usergs_sysret64) +@@ -174,6 +175,201 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -11783,9 +11855,20 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k +#endif + .endm + -+ENTRY(pax_enter_kernel) ++ .macro pax_enter_kernel ++#ifdef CONFIG_PAX_KERNEXEC ++ call pax_enter_kernel ++#endif ++ .endm ++ ++ .macro pax_exit_kernel ++#ifdef CONFIG_PAX_KERNEXEC ++ call pax_exit_kernel ++#endif ++ .endm + +#ifdef CONFIG_PAX_KERNEXEC ++ENTRY(pax_enter_kernel) + push %rdi + +#ifdef CONFIG_PARAVIRT @@ -11808,14 +11891,10 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k +#endif + + pop %rdi -+#endif -+ + retq +ENDPROC(pax_enter_kernel) + +ENTRY(pax_exit_kernel) -+ -+#ifdef CONFIG_PAX_KERNEXEC + push %rdi + +#ifdef CONFIG_PARAVIRT @@ -11836,14 +11915,24 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k +#endif + + pop %rdi -+#endif -+ + retq +ENDPROC(pax_exit_kernel) ++#endif + -+ENTRY(pax_enter_kernel_user) ++ .macro pax_enter_kernel_user ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ call pax_enter_kernel_user ++#endif ++ .endm + ++ .macro pax_exit_kernel_user +#ifdef CONFIG_PAX_MEMORY_UDEREF ++ call pax_exit_kernel_user ++#endif ++ .endm ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ENTRY(pax_enter_kernel_user) + push %rdi + push %rbx + @@ -11895,14 +11984,10 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k + + pop %rbx + pop %rdi -+#endif -+ + retq +ENDPROC(pax_enter_kernel_user) + +ENTRY(pax_exit_kernel_user) -+ -+#ifdef CONFIG_PAX_MEMORY_UDEREF + push %rdi + +#ifdef CONFIG_PARAVIRT @@ -11948,14 +12033,13 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k +#endif + + pop %rdi -+#endif -+ + retq +ENDPROC(pax_exit_kernel_user) ++#endif .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -317,7 +501,7 @@ ENTRY(save_args) +@@ -317,7 +513,7 @@ ENTRY(save_args) leaq -ARGOFFSET+16(%rsp),%rdi /* arg1 for handler */ movq_cfi rbp, 8 /* push %rbp */ leaq 8(%rsp), %rbp /* mov %rsp, %ebp */ @@ -11964,7 +12048,7 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k je 1f SWAPGS /* -@@ -409,7 +593,7 @@ ENTRY(ret_from_fork) +@@ -409,7 +605,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -11973,31 +12057,23 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k je int_ret_from_sys_call testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -468,6 +652,11 @@ ENTRY(system_call_after_swapgs) +@@ -468,6 +664,7 @@ ENTRY(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp -+ -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ call pax_enter_kernel_user -+#endif -+ ++ pax_enter_kernel_user /* * No need to follow this irqs off/on section - it's straight * and short: -@@ -502,6 +691,11 @@ sysret_check: +@@ -502,6 +699,7 @@ sysret_check: andl %edi,%edx jnz sysret_careful CFI_REMEMBER_STATE -+ -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ call pax_exit_kernel_user -+#endif -+ ++ pax_exit_kernel_user /* * sysretq will re-enable interrupts: */ -@@ -613,7 +807,7 @@ tracesys: +@@ -613,7 +811,7 @@ tracesys: GLOBAL(int_ret_from_sys_call) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -12006,24 +12082,24 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k je retint_restore_args movl $_TIF_ALLWORK_MASK,%edi /* edi: mask to check */ -@@ -800,6 +994,16 @@ END(interrupt) +@@ -800,6 +998,16 @@ END(interrupt) CFI_ADJUST_CFA_OFFSET 10*8 call save_args PARTIAL_FRAME 0 +#ifdef CONFIG_PAX_MEMORY_UDEREF + testb $3, CS(%rdi) + jnz 1f -+ call pax_enter_kernel ++ pax_enter_kernel + jmp 2f -+1: call pax_enter_kernel_user ++1: pax_enter_kernel_user +2: +#else -+ call pax_enter_kernel ++ pax_enter_kernel +#endif call \func .endm -@@ -822,7 +1026,7 @@ ret_from_intr: +@@ -822,7 +1030,7 @@ ret_from_intr: CFI_ADJUST_CFA_OFFSET -8 exit_intr: GET_THREAD_INFO(%rcx) @@ -12032,22 +12108,18 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k je retint_kernel /* Interrupt came from user space */ -@@ -844,12 +1048,18 @@ retint_swapgs: /* return to user-space +@@ -844,12 +1052,14 @@ retint_swapgs: /* return to user-space * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) -+ -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ call pax_exit_kernel_user -+#endif -+ ++ pax_exit_kernel_user TRACE_IRQS_IRETQ SWAPGS jmp restore_args retint_restore_args: /* return to kernel space */ DISABLE_INTERRUPTS(CLBR_ANY) -+ call pax_exit_kernel ++ pax_exit_kernel /* * The iretq could re-enable interrupts: */ @@ -12058,12 +12130,12 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k +#ifdef CONFIG_PAX_MEMORY_UDEREF + testb $3, CS(%rsp) + jnz 1f -+ call pax_enter_kernel ++ pax_enter_kernel + jmp 2f -+1: call pax_enter_kernel_user ++1: pax_enter_kernel_user +2: +#else -+ call pax_enter_kernel ++ pax_enter_kernel +#endif movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ @@ -12075,12 +12147,12 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k +#ifdef CONFIG_PAX_MEMORY_UDEREF + testb $3, CS(%rsp) + jnz 1f -+ call pax_enter_kernel ++ pax_enter_kernel + jmp 2f -+1: call pax_enter_kernel_user ++1: pax_enter_kernel_user +2: +#else -+ call pax_enter_kernel ++ pax_enter_kernel +#endif movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ @@ -12092,12 +12164,12 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k +#ifdef CONFIG_PAX_MEMORY_UDEREF + testb $3, CS(%rsp) + jnz 1f -+ call pax_enter_kernel ++ pax_enter_kernel + jmp 2f -+1: call pax_enter_kernel_user ++1: pax_enter_kernel_user +2: +#else -+ call pax_enter_kernel ++ pax_enter_kernel +#endif movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ @@ -12118,12 +12190,12 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k +#ifdef CONFIG_PAX_MEMORY_UDEREF + testb $3, CS(%rsp) + jnz 1f -+ call pax_enter_kernel ++ pax_enter_kernel + jmp 2f -+1: call pax_enter_kernel_user ++1: pax_enter_kernel_user +2: +#else -+ call pax_enter_kernel ++ pax_enter_kernel +#endif movq %rsp,%rdi /* pt_regs pointer */ movq ORIG_RAX(%rsp),%rsi /* get error code */ @@ -12135,12 +12207,12 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k +#ifdef CONFIG_PAX_MEMORY_UDEREF + testb $3, CS(%rsp) + jnz 1f -+ call pax_enter_kernel ++ pax_enter_kernel + jmp 2f -+1: call pax_enter_kernel_user ++1: pax_enter_kernel_user +2: +#else -+ call pax_enter_kernel ++ pax_enter_kernel +#endif movq %rsp,%rdi /* pt_regs pointer */ movq ORIG_RAX(%rsp),%rsi /* get error code */ @@ -12153,7 +12225,7 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k + testb $3,CS(%rsp) jnz paranoid_userspace +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ call pax_exit_kernel ++ pax_exit_kernel + TRACE_IRQS_IRETQ 0 + SWAPGS_UNSAFE_STACK + RESTORE_ALL 8 @@ -12161,16 +12233,16 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k +#endif paranoid_swapgs: +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ call pax_exit_kernel_user ++ pax_exit_kernel_user +#else -+ call pax_exit_kernel ++ pax_exit_kernel +#endif TRACE_IRQS_IRETQ 0 SWAPGS_UNSAFE_STACK RESTORE_ALL 8 jmp irq_return paranoid_restore: -+ call pax_exit_kernel ++ pax_exit_kernel TRACE_IRQS_IRETQ 0 RESTORE_ALL 8 jmp irq_return @@ -12190,27 +12262,40 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k +#ifdef CONFIG_PAX_MEMORY_UDEREF + testb $3, CS(%rsp) + jnz 1f -+ call pax_enter_kernel ++ pax_enter_kernel + jmp 2f -+1: call pax_enter_kernel_user ++1: pax_enter_kernel_user +2: +#else -+ call pax_enter_kernel ++ pax_enter_kernel +#endif /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1539,11 +1827,12 @@ ENTRY(nmi) +@@ -1539,11 +1827,25 @@ ENTRY(nmi) DISABLE_INTERRUPTS(CLBR_NONE) testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore - testl $3,CS(%rsp) + testb $3,CS(%rsp) jnz nmi_userspace ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ pax_exit_kernel ++ SWAPGS_UNSAFE_STACK ++ RESTORE_ALL 8 ++ jmp irq_return ++#endif nmi_swapgs: ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ pax_exit_kernel_user ++#else ++ pax_exit_kernel ++#endif SWAPGS_UNSAFE_STACK ++ RESTORE_ALL 8 ++ jmp irq_return nmi_restore: -+ call pax_exit_kernel ++ pax_exit_kernel RESTORE_ALL 8 jmp irq_return nmi_userspace: @@ -13983,7 +14068,7 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/process.c linux-2.6.32.29/arch/x86/ke - diff -urNp linux-2.6.32.29/arch/x86/kernel/ptrace.c linux-2.6.32.29/arch/x86/kernel/ptrace.c --- linux-2.6.32.29/arch/x86/kernel/ptrace.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.29/arch/x86/kernel/ptrace.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.29/arch/x86/kernel/ptrace.c 2011-02-27 14:53:10.000000000 -0500 @@ -925,7 +925,7 @@ static const struct user_regset_view use long arch_ptrace(struct task_struct *child, long request, long addr, long data) { @@ -14052,6 +14137,24 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/ptrace.c linux-2.6.32.29/arch/x86/ker /* Send us the fake SIGTRAP */ force_sig_info(SIGTRAP, &info, tsk); +@@ -1469,7 +1469,7 @@ void send_sigtrap(struct task_struct *ts + * We must return the syscall number to actually look up in the table. + * This can be -1L to skip running any syscall at all. + */ +-asmregparm long syscall_trace_enter(struct pt_regs *regs) ++long syscall_trace_enter(struct pt_regs *regs) + { + long ret = 0; + +@@ -1514,7 +1514,7 @@ asmregparm long syscall_trace_enter(stru + return ret ?: regs->orig_ax; + } + +-asmregparm void syscall_trace_leave(struct pt_regs *regs) ++void syscall_trace_leave(struct pt_regs *regs) + { + if (unlikely(current->audit_context)) + audit_syscall_exit(AUDITSC_RESULT(regs->ax), regs->ax); diff -urNp linux-2.6.32.29/arch/x86/kernel/reboot.c linux-2.6.32.29/arch/x86/kernel/reboot.c --- linux-2.6.32.29/arch/x86/kernel/reboot.c 2010-11-26 18:22:29.000000000 -0500 +++ linux-2.6.32.29/arch/x86/kernel/reboot.c 2010-12-31 14:46:53.000000000 -0500 @@ -24783,6 +24886,18 @@ diff -urNp linux-2.6.32.29/drivers/char/tpm/tpm_bios.c linux-2.6.32.29/drivers/c memcpy(log->bios_event_log, virt, len); +diff -urNp linux-2.6.32.29/drivers/char/tpm/tpm.c linux-2.6.32.29/drivers/char/tpm/tpm.c +--- linux-2.6.32.29/drivers/char/tpm/tpm.c 2011-02-22 15:56:54.000000000 -0500 ++++ linux-2.6.32.29/drivers/char/tpm/tpm.c 2011-02-27 14:53:10.000000000 -0500 +@@ -402,7 +402,7 @@ static ssize_t tpm_transmit(struct tpm_c + chip->vendor.req_complete_val) + goto out_recv; + +- if ((status == chip->vendor.req_canceled)) { ++ if (status == chip->vendor.req_canceled) { + dev_err(chip->dev, "Operation Canceled\n"); + rc = -ECANCELED; + goto out; diff -urNp linux-2.6.32.29/drivers/char/tty_io.c linux-2.6.32.29/drivers/char/tty_io.c --- linux-2.6.32.29/drivers/char/tty_io.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.29/drivers/char/tty_io.c 2010-12-31 14:46:53.000000000 -0500 @@ -24983,6 +25098,18 @@ diff -urNp linux-2.6.32.29/drivers/char/virtio_console.c linux-2.6.32.29/drivers static struct hv_ops virtio_cons; /* The hvc device */ +diff -urNp linux-2.6.32.29/drivers/char/vt.c linux-2.6.32.29/drivers/char/vt.c +--- linux-2.6.32.29/drivers/char/vt.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.29/drivers/char/vt.c 2011-02-27 14:53:10.000000000 -0500 +@@ -243,7 +243,7 @@ EXPORT_SYMBOL_GPL(unregister_vt_notifier + + static void notify_write(struct vc_data *vc, unsigned int unicode) + { +- struct vt_notifier_param param = { .vc = vc, unicode = unicode }; ++ struct vt_notifier_param param = { .vc = vc, .c = unicode }; + atomic_notifier_call_chain(&vt_notifier_list, VT_WRITE, ¶m); + } + diff -urNp linux-2.6.32.29/drivers/char/vt_ioctl.c linux-2.6.32.29/drivers/char/vt_ioctl.c --- linux-2.6.32.29/drivers/char/vt_ioctl.c 2010-12-09 18:13:03.000000000 -0500 +++ linux-2.6.32.29/drivers/char/vt_ioctl.c 2010-12-31 14:46:53.000000000 -0500 @@ -26100,6 +26227,18 @@ diff -urNp linux-2.6.32.29/drivers/ieee1394/hosts.c linux-2.6.32.29/drivers/ieee .transmit_packet = dummy_transmit_packet, .devctl = dummy_devctl, .isoctl = dummy_isoctl +diff -urNp linux-2.6.32.29/drivers/ieee1394/init_ohci1394_dma.c linux-2.6.32.29/drivers/ieee1394/init_ohci1394_dma.c +--- linux-2.6.32.29/drivers/ieee1394/init_ohci1394_dma.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.29/drivers/ieee1394/init_ohci1394_dma.c 2011-02-27 14:53:10.000000000 -0500 +@@ -257,7 +257,7 @@ void __init init_ohci1394_dma_on_all_con + for (func = 0; func < 8; func++) { + u32 class = read_pci_config(num,slot,func, + PCI_CLASS_REVISION); +- if ((class == 0xffffffff)) ++ if (class == 0xffffffff) + continue; /* No device at this func */ + + if (class>>8 != PCI_CLASS_SERIAL_FIREWIRE_OHCI) diff -urNp linux-2.6.32.29/drivers/ieee1394/ohci1394.c linux-2.6.32.29/drivers/ieee1394/ohci1394.c --- linux-2.6.32.29/drivers/ieee1394/ohci1394.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.29/drivers/ieee1394/ohci1394.c 2010-12-31 14:46:53.000000000 -0500 @@ -26899,6 +27038,18 @@ diff -urNp linux-2.6.32.29/drivers/md/bitmap.c linux-2.6.32.29/drivers/md/bitmap # endif #endif +diff -urNp linux-2.6.32.29/drivers/md/dm-ioctl.c linux-2.6.32.29/drivers/md/dm-ioctl.c +--- linux-2.6.32.29/drivers/md/dm-ioctl.c 2010-08-29 21:08:20.000000000 -0400 ++++ linux-2.6.32.29/drivers/md/dm-ioctl.c 2011-02-27 14:53:10.000000000 -0500 +@@ -1437,7 +1437,7 @@ static int validate_params(uint cmd, str + cmd == DM_LIST_VERSIONS_CMD) + return 0; + +- if ((cmd == DM_DEV_CREATE_CMD)) { ++ if (cmd == DM_DEV_CREATE_CMD) { + if (!*param->name) { + DMWARN("name not supplied when creating device"); + return -EINVAL; diff -urNp linux-2.6.32.29/drivers/md/dm-sysfs.c linux-2.6.32.29/drivers/md/dm-sysfs.c --- linux-2.6.32.29/drivers/md/dm-sysfs.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.29/drivers/md/dm-sysfs.c 2010-12-31 14:46:53.000000000 -0500 @@ -27019,6 +27170,22 @@ diff -urNp linux-2.6.32.29/drivers/media/radio/radio-cadet.c linux-2.6.32.29/dri return -EFAULT; return i; } +diff -urNp linux-2.6.32.29/drivers/media/video/sn9c102/sn9c102_core.c linux-2.6.32.29/drivers/media/video/sn9c102/sn9c102_core.c +--- linux-2.6.32.29/drivers/media/video/sn9c102/sn9c102_core.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.29/drivers/media/video/sn9c102/sn9c102_core.c 2011-02-27 15:19:00.000000000 -0500 +@@ -1430,9 +1430,9 @@ static DEVICE_ATTR(i2c_reg, S_IRUGO | S_ + sn9c102_show_i2c_reg, sn9c102_store_i2c_reg); + static DEVICE_ATTR(i2c_val, S_IRUGO | S_IWUSR, + sn9c102_show_i2c_val, sn9c102_store_i2c_val); +-static DEVICE_ATTR(green, S_IWUGO, NULL, sn9c102_store_green); +-static DEVICE_ATTR(blue, S_IWUGO, NULL, sn9c102_store_blue); +-static DEVICE_ATTR(red, S_IWUGO, NULL, sn9c102_store_red); ++static DEVICE_ATTR(green, S_IWUSR, NULL, sn9c102_store_green); ++static DEVICE_ATTR(blue, S_IWUSR, NULL, sn9c102_store_blue); ++static DEVICE_ATTR(red, S_IWUSR, NULL, sn9c102_store_red); + static DEVICE_ATTR(frame_header, S_IRUGO, sn9c102_show_frame_header, NULL); + + diff -urNp linux-2.6.32.29/drivers/media/video/usbvideo/konicawc.c linux-2.6.32.29/drivers/media/video/usbvideo/konicawc.c --- linux-2.6.32.29/drivers/media/video/usbvideo/konicawc.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.29/drivers/media/video/usbvideo/konicawc.c 2010-12-31 14:46:53.000000000 -0500 @@ -27241,6 +27408,45 @@ diff -urNp linux-2.6.32.29/drivers/message/i2o/i2o_proc.c linux-2.6.32.29/driver return 0; } +diff -urNp linux-2.6.32.29/drivers/mfd/ab3100-core.c linux-2.6.32.29/drivers/mfd/ab3100-core.c +--- linux-2.6.32.29/drivers/mfd/ab3100-core.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.29/drivers/mfd/ab3100-core.c 2011-02-27 15:32:18.000000000 -0500 +@@ -591,7 +591,7 @@ static void ab3100_setup_debugfs(struct + ab3100_get_priv.ab3100 = ab3100; + ab3100_get_priv.mode = false; + ab3100_get_reg_file = debugfs_create_file("get_reg", +- S_IWUGO, ab3100_dir, &ab3100_get_priv, ++ S_IWUSR, ab3100_dir, &ab3100_get_priv, + &ab3100_get_set_reg_fops); + if (!ab3100_get_reg_file) { + err = -ENOMEM; +@@ -601,7 +601,7 @@ static void ab3100_setup_debugfs(struct + ab3100_set_priv.ab3100 = ab3100; + ab3100_set_priv.mode = true; + ab3100_set_reg_file = debugfs_create_file("set_reg", +- S_IWUGO, ab3100_dir, &ab3100_set_priv, ++ S_IWUSR, ab3100_dir, &ab3100_set_priv, + &ab3100_get_set_reg_fops); + if (!ab3100_set_reg_file) { + err = -ENOMEM; +diff -urNp linux-2.6.32.29/drivers/misc/ep93xx_pwm.c linux-2.6.32.29/drivers/misc/ep93xx_pwm.c +--- linux-2.6.32.29/drivers/misc/ep93xx_pwm.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.29/drivers/misc/ep93xx_pwm.c 2011-02-27 15:23:39.000000000 -0500 +@@ -248,11 +248,11 @@ static ssize_t ep93xx_pwm_set_invert(str + + static DEVICE_ATTR(min_freq, S_IRUGO, ep93xx_pwm_get_min_freq, NULL); + static DEVICE_ATTR(max_freq, S_IRUGO, ep93xx_pwm_get_max_freq, NULL); +-static DEVICE_ATTR(freq, S_IWUGO | S_IRUGO, ++static DEVICE_ATTR(freq, S_IWUSR | S_IRUGO, + ep93xx_pwm_get_freq, ep93xx_pwm_set_freq); +-static DEVICE_ATTR(duty_percent, S_IWUGO | S_IRUGO, ++static DEVICE_ATTR(duty_percent, S_IWUSR | S_IRUGO, + ep93xx_pwm_get_duty_percent, ep93xx_pwm_set_duty_percent); +-static DEVICE_ATTR(invert, S_IWUGO | S_IRUGO, ++static DEVICE_ATTR(invert, S_IWUSR | S_IRUGO, + ep93xx_pwm_get_invert, ep93xx_pwm_set_invert); + + static struct attribute *ep93xx_pwm_attrs[] = { diff -urNp linux-2.6.32.29/drivers/misc/kgdbts.c linux-2.6.32.29/drivers/misc/kgdbts.c --- linux-2.6.32.29/drivers/misc/kgdbts.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.29/drivers/misc/kgdbts.c 2010-12-31 14:46:53.000000000 -0500 @@ -28447,6 +28653,22 @@ diff -urNp linux-2.6.32.29/drivers/pci/intel-iommu.c linux-2.6.32.29/drivers/pci .alloc_coherent = intel_alloc_coherent, .free_coherent = intel_free_coherent, .map_sg = intel_map_sg, +diff -urNp linux-2.6.32.29/drivers/pci/pcie/aspm.c linux-2.6.32.29/drivers/pci/pcie/aspm.c +--- linux-2.6.32.29/drivers/pci/pcie/aspm.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.29/drivers/pci/pcie/aspm.c 2011-02-27 14:53:10.000000000 -0500 +@@ -27,9 +27,9 @@ + #define MODULE_PARAM_PREFIX "pcie_aspm." + + /* Note: those are not register definitions */ +-#define ASPM_STATE_L0S_UP (1) /* Upstream direction L0s state */ +-#define ASPM_STATE_L0S_DW (2) /* Downstream direction L0s state */ +-#define ASPM_STATE_L1 (4) /* L1 state */ ++#define ASPM_STATE_L0S_UP (1U) /* Upstream direction L0s state */ ++#define ASPM_STATE_L0S_DW (2U) /* Downstream direction L0s state */ ++#define ASPM_STATE_L1 (4U) /* L1 state */ + #define ASPM_STATE_L0S (ASPM_STATE_L0S_UP | ASPM_STATE_L0S_DW) + #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) + diff -urNp linux-2.6.32.29/drivers/pci/pcie/portdrv_pci.c linux-2.6.32.29/drivers/pci/pcie/portdrv_pci.c --- linux-2.6.32.29/drivers/pci/pcie/portdrv_pci.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.29/drivers/pci/pcie/portdrv_pci.c 2010-12-31 14:46:53.000000000 -0500 @@ -28549,7 +28771,7 @@ diff -urNp linux-2.6.32.29/drivers/pcmcia/yenta_socket.c linux-2.6.32.29/drivers diff -urNp linux-2.6.32.29/drivers/platform/x86/acer-wmi.c linux-2.6.32.29/drivers/platform/x86/acer-wmi.c --- linux-2.6.32.29/drivers/platform/x86/acer-wmi.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.29/drivers/platform/x86/acer-wmi.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.29/drivers/platform/x86/acer-wmi.c 2011-02-27 15:22:41.000000000 -0500 @@ -918,7 +918,7 @@ static int update_bl_status(struct backl return 0; } @@ -28559,10 +28781,35 @@ diff -urNp linux-2.6.32.29/drivers/platform/x86/acer-wmi.c linux-2.6.32.29/drive .get_brightness = read_brightness, .update_status = update_bl_status, }; +@@ -1065,7 +1065,7 @@ static ssize_t set_bool_threeg(struct de + return -EINVAL; + return count; + } +-static DEVICE_ATTR(threeg, S_IWUGO | S_IRUGO | S_IWUSR, show_bool_threeg, ++static DEVICE_ATTR(threeg, S_IRUGO | S_IWUSR, show_bool_threeg, + set_bool_threeg); + + static ssize_t show_interface(struct device *dev, struct device_attribute *attr, diff -urNp linux-2.6.32.29/drivers/platform/x86/asus_acpi.c linux-2.6.32.29/drivers/platform/x86/asus_acpi.c --- linux-2.6.32.29/drivers/platform/x86/asus_acpi.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.29/drivers/platform/x86/asus_acpi.c 2010-12-31 14:46:53.000000000 -0500 -@@ -1402,7 +1402,7 @@ static int asus_hotk_remove(struct acpi_ ++++ linux-2.6.32.29/drivers/platform/x86/asus_acpi.c 2011-02-27 15:16:00.000000000 -0500 +@@ -1001,14 +1001,8 @@ static int asus_hotk_add_fs(struct acpi_ + struct proc_dir_entry *proc; + mode_t mode; + +- /* +- * If parameter uid or gid is not changed, keep the default setting for +- * our proc entries (-rw-rw-rw-) else, it means we care about security, +- * and then set to -rw-rw---- +- */ +- + if ((asus_uid == 0) && (asus_gid == 0)) { +- mode = S_IFREG | S_IRUGO | S_IWUGO; ++ mode = S_IFREG | S_IRUGO | S_IWUSR | S_IWGRP; + } else { + mode = S_IFREG | S_IRUSR | S_IRGRP | S_IWUSR | S_IWGRP; + printk(KERN_WARNING " asus_uid and asus_gid parameters are " +@@ -1402,7 +1396,7 @@ static int asus_hotk_remove(struct acpi_ return 0; } @@ -28803,6 +29050,18 @@ diff -urNp linux-2.6.32.29/drivers/rtc/rtc-dev.c linux-2.6.32.29/drivers/rtc/rtc return rtc_set_time(rtc, &tm); case RTC_PIE_ON: +diff -urNp linux-2.6.32.29/drivers/rtc/rtc-ds1511.c linux-2.6.32.29/drivers/rtc/rtc-ds1511.c +--- linux-2.6.32.29/drivers/rtc/rtc-ds1511.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.29/drivers/rtc/rtc-ds1511.c 2011-02-27 15:20:55.000000000 -0500 +@@ -480,7 +480,7 @@ ds1511_nvram_write(struct kobject *kobj, + static struct bin_attribute ds1511_nvram_attr = { + .attr = { + .name = "nvram", +- .mode = S_IRUGO | S_IWUGO, ++ .mode = S_IRUGO | S_IWUSR, + }, + .size = DS1511_RAM_MAX, + .read = ds1511_nvram_read, diff -urNp linux-2.6.32.29/drivers/s390/cio/qdio_perf.c linux-2.6.32.29/drivers/s390/cio/qdio_perf.c --- linux-2.6.32.29/drivers/s390/cio/qdio_perf.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.29/drivers/s390/cio/qdio_perf.c 2010-12-31 14:46:53.000000000 -0500 @@ -28956,6 +29215,18 @@ diff -urNp linux-2.6.32.29/drivers/s390/cio/qdio_perf.h linux-2.6.32.29/drivers/ } int qdio_setup_perf_stats(void); +diff -urNp linux-2.6.32.29/drivers/scsi/aic94xx/aic94xx_init.c linux-2.6.32.29/drivers/scsi/aic94xx/aic94xx_init.c +--- linux-2.6.32.29/drivers/scsi/aic94xx/aic94xx_init.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.29/drivers/scsi/aic94xx/aic94xx_init.c 2011-02-27 15:21:24.000000000 -0500 +@@ -485,7 +485,7 @@ static ssize_t asd_show_update_bios(stru + flash_error_table[i].reason); + } + +-static DEVICE_ATTR(update_bios, S_IRUGO|S_IWUGO, ++static DEVICE_ATTR(update_bios, S_IRUGO|S_IWUSR, + asd_show_update_bios, asd_store_update_bios); + + static int asd_create_dev_attrs(struct asd_ha_struct *asd_ha) diff -urNp linux-2.6.32.29/drivers/scsi/ipr.c linux-2.6.32.29/drivers/scsi/ipr.c --- linux-2.6.32.29/drivers/scsi/ipr.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.29/drivers/scsi/ipr.c 2010-12-31 14:46:53.000000000 -0500 @@ -35023,6 +35294,30 @@ diff -urNp linux-2.6.32.29/fs/open.c linux-2.6.32.29/fs/open.c if (IS_ERR(f)) { put_unused_fd(fd); fd = PTR_ERR(f); +diff -urNp linux-2.6.32.29/fs/partitions/ldm.c linux-2.6.32.29/fs/partitions/ldm.c +--- linux-2.6.32.29/fs/partitions/ldm.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.29/fs/partitions/ldm.c 2011-02-27 15:46:41.000000000 -0500 +@@ -251,6 +251,11 @@ static bool ldm_parse_vmdb (const u8 *da + } + + vm->vblk_size = get_unaligned_be32(data + 0x08); ++ if (vm->vblk_size == 0) { ++ ldm_error ("Illegal VBLK size"); ++ return false; ++ } ++ + vm->vblk_offset = get_unaligned_be32(data + 0x0C); + vm->last_vblk_seq = get_unaligned_be32(data + 0x04); + +@@ -1308,7 +1313,7 @@ static bool ldm_frag_add (const u8 *data + goto found; + } + +- f = kmalloc (sizeof (*f) + size*num, GFP_KERNEL); ++ f = kmalloc (size*num + sizeof (*f), GFP_KERNEL); + if (!f) { + ldm_crit ("Out of memory."); + return false; diff -urNp linux-2.6.32.29/fs/partitions/mac.c linux-2.6.32.29/fs/partitions/mac.c --- linux-2.6.32.29/fs/partitions/mac.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.29/fs/partitions/mac.c 2011-02-22 16:30:44.000000000 -0500 @@ -36546,6 +36841,32 @@ diff -urNp linux-2.6.32.29/fs/sysfs/symlink.c linux-2.6.32.29/fs/sysfs/symlink.c if (!IS_ERR(page)) free_page((unsigned long)page); } +diff -urNp linux-2.6.32.29/fs/ubifs/debug.c linux-2.6.32.29/fs/ubifs/debug.c +--- linux-2.6.32.29/fs/ubifs/debug.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.29/fs/ubifs/debug.c 2011-02-27 15:31:34.000000000 -0500 +@@ -2660,19 +2660,19 @@ int dbg_debugfs_init_fs(struct ubifs_inf + } + + fname = "dump_lprops"; +- dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops); ++ dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops); + if (IS_ERR(dent)) + goto out_remove; + d->dfs_dump_lprops = dent; + + fname = "dump_budg"; +- dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops); ++ dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops); + if (IS_ERR(dent)) + goto out_remove; + d->dfs_dump_budg = dent; + + fname = "dump_tnc"; +- dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops); ++ dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops); + if (IS_ERR(dent)) + goto out_remove; + d->dfs_dump_tnc = dent; diff -urNp linux-2.6.32.29/fs/udf/balloc.c linux-2.6.32.29/fs/udf/balloc.c --- linux-2.6.32.29/fs/udf/balloc.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.29/fs/udf/balloc.c 2010-12-31 14:46:53.000000000 -0500 @@ -59471,6 +59792,36 @@ diff -urNp linux-2.6.32.29/net/rds/Kconfig linux-2.6.32.29/net/rds/Kconfig ---help--- The RDS (Reliable Datagram Sockets) protocol provides reliable, sequenced delivery of datagrams over Infiniband, iWARP, +diff -urNp linux-2.6.32.29/net/rxrpc/ar-key.c linux-2.6.32.29/net/rxrpc/ar-key.c +--- linux-2.6.32.29/net/rxrpc/ar-key.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.29/net/rxrpc/ar-key.c 2011-02-27 15:01:43.000000000 -0500 +@@ -88,11 +88,11 @@ static int rxrpc_instantiate_xdr_rxkad(s + return ret; + + plen -= sizeof(*token); +- token = kmalloc(sizeof(*token), GFP_KERNEL); ++ token = kzalloc(sizeof(*token), GFP_KERNEL); + if (!token) + return -ENOMEM; + +- token->kad = kmalloc(plen, GFP_KERNEL); ++ token->kad = kzalloc(plen, GFP_KERNEL); + if (!token->kad) { + kfree(token); + return -ENOMEM; +@@ -730,10 +730,10 @@ static int rxrpc_instantiate(struct key + goto error; + + ret = -ENOMEM; +- token = kmalloc(sizeof(*token), GFP_KERNEL); ++ token = kzalloc(sizeof(*token), GFP_KERNEL); + if (!token) + goto error; +- token->kad = kmalloc(plen, GFP_KERNEL); ++ token->kad = kzalloc(plen, GFP_KERNEL); + if (!token->kad) + goto error_free; + diff -urNp linux-2.6.32.29/net/sctp/auth.c linux-2.6.32.29/net/sctp/auth.c --- linux-2.6.32.29/net/sctp/auth.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.29/net/sctp/auth.c 2010-12-31 14:46:53.000000000 -0500 |