summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2012-03-27 09:44:00 -0400
committerAnthony G. Basile <blueness@gentoo.org>2012-03-27 09:44:00 -0400
commitf9485db814f9d879537995025ddb683fc02cea52 (patch)
tree7b72ca2b0188dfc53b58d430ae611944de652ac1 /3.2.13/1012_linux-3.2.13.patch
parentscripts/just_fetch.pl: fetch both stable and testing branches (diff)
downloadhardened-patchset-f9485db814f9d879537995025ddb683fc02cea52.tar.gz
hardened-patchset-f9485db814f9d879537995025ddb683fc02cea52.tar.bz2
hardened-patchset-f9485db814f9d879537995025ddb683fc02cea52.zip
Grsec/PaX: 2.9-{2.6.32.59,3.2.13,3.3.0}-201203251921
Diffstat (limited to '3.2.13/1012_linux-3.2.13.patch')
-rw-r--r--3.2.13/1012_linux-3.2.13.patch433
1 files changed, 433 insertions, 0 deletions
diff --git a/3.2.13/1012_linux-3.2.13.patch b/3.2.13/1012_linux-3.2.13.patch
new file mode 100644
index 0000000..98feeb7
--- /dev/null
+++ b/3.2.13/1012_linux-3.2.13.patch
@@ -0,0 +1,433 @@
+diff --git a/arch/powerpc/platforms/powermac/smp.c b/arch/powerpc/platforms/powermac/smp.c
+index 9b6a820..3394254 100644
+--- a/arch/powerpc/platforms/powermac/smp.c
++++ b/arch/powerpc/platforms/powermac/smp.c
+@@ -414,7 +414,7 @@ static struct irqaction psurge_irqaction = {
+
+ static void __init smp_psurge_setup_cpu(int cpu_nr)
+ {
+- if (cpu_nr != 0)
++ if (cpu_nr != 0 || !psurge_start)
+ return;
+
+ /* reset the entry point so if we get another intr we won't
+diff --git a/drivers/net/wireless/iwlegacy/iwl-3945.c b/drivers/net/wireless/iwlegacy/iwl-3945.c
+index f7c0a74..7d1aa7c 100644
+--- a/drivers/net/wireless/iwlegacy/iwl-3945.c
++++ b/drivers/net/wireless/iwlegacy/iwl-3945.c
+@@ -1870,11 +1870,12 @@ static void iwl3945_bg_reg_txpower_periodic(struct work_struct *work)
+ struct iwl_priv *priv = container_of(work, struct iwl_priv,
+ _3945.thermal_periodic.work);
+
+- if (test_bit(STATUS_EXIT_PENDING, &priv->status))
+- return;
+-
+ mutex_lock(&priv->mutex);
++ if (test_bit(STATUS_EXIT_PENDING, &priv->status) || priv->txq == NULL)
++ goto out;
++
+ iwl3945_reg_txpower_periodic(priv);
++out:
+ mutex_unlock(&priv->mutex);
+ }
+
+diff --git a/drivers/net/wireless/iwlegacy/iwl3945-base.c b/drivers/net/wireless/iwlegacy/iwl3945-base.c
+index 05f2ad1..b3d9f3f 100644
+--- a/drivers/net/wireless/iwlegacy/iwl3945-base.c
++++ b/drivers/net/wireless/iwlegacy/iwl3945-base.c
+@@ -2513,7 +2513,7 @@ static void iwl3945_bg_alive_start(struct work_struct *data)
+ container_of(data, struct iwl_priv, alive_start.work);
+
+ mutex_lock(&priv->mutex);
+- if (test_bit(STATUS_EXIT_PENDING, &priv->status))
++ if (test_bit(STATUS_EXIT_PENDING, &priv->status) || priv->txq == NULL)
+ goto out;
+
+ iwl3945_alive_start(priv);
+diff --git a/fs/afs/internal.h b/fs/afs/internal.h
+index d2b0888..a306bb6 100644
+--- a/fs/afs/internal.h
++++ b/fs/afs/internal.h
+@@ -109,7 +109,7 @@ struct afs_call {
+ unsigned reply_size; /* current size of reply */
+ unsigned first_offset; /* offset into mapping[first] */
+ unsigned last_to; /* amount of mapping[last] */
+- unsigned short offset; /* offset into received data store */
++ unsigned offset; /* offset into received data store */
+ unsigned char unmarshall; /* unmarshalling phase */
+ bool incoming; /* T if incoming call */
+ bool send_pages; /* T if data from mapping should be sent */
+diff --git a/fs/afs/rxrpc.c b/fs/afs/rxrpc.c
+index e45a323..8ad8c2a 100644
+--- a/fs/afs/rxrpc.c
++++ b/fs/afs/rxrpc.c
+@@ -314,6 +314,7 @@ int afs_make_call(struct in_addr *addr, struct afs_call *call, gfp_t gfp,
+ struct msghdr msg;
+ struct kvec iov[1];
+ int ret;
++ struct sk_buff *skb;
+
+ _enter("%x,{%d},", addr->s_addr, ntohs(call->port));
+
+@@ -380,6 +381,8 @@ int afs_make_call(struct in_addr *addr, struct afs_call *call, gfp_t gfp,
+
+ error_do_abort:
+ rxrpc_kernel_abort_call(rxcall, RX_USER_ABORT);
++ while ((skb = skb_dequeue(&call->rx_queue)))
++ afs_free_skb(skb);
+ rxrpc_kernel_end_call(rxcall);
+ call->rxcall = NULL;
+ error_kill_call:
+diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c
+index d327140..35a8970 100644
+--- a/fs/nilfs2/the_nilfs.c
++++ b/fs/nilfs2/the_nilfs.c
+@@ -515,6 +515,7 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs,
+ brelse(sbh[1]);
+ sbh[1] = NULL;
+ sbp[1] = NULL;
++ valid[1] = 0;
+ swp = 0;
+ }
+ if (!valid[swp]) {
+diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
+index 90f6544..769c0e9 100644
+--- a/net/ipv4/syncookies.c
++++ b/net/ipv4/syncookies.c
+@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
+ struct rtable *rt;
+ __u8 rcv_wscale;
+ bool ecn_ok = false;
++ struct flowi4 fl4;
+
+ if (!sysctl_tcp_syncookies || !th->ack || th->rst)
+ goto out;
+@@ -346,20 +347,16 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
+ * hasn't changed since we received the original syn, but I see
+ * no easy way to do this.
+ */
+- {
+- struct flowi4 fl4;
+-
+- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
+- RT_SCOPE_UNIVERSE, IPPROTO_TCP,
+- inet_sk_flowi_flags(sk),
+- (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
+- ireq->loc_addr, th->source, th->dest);
+- security_req_classify_flow(req, flowi4_to_flowi(&fl4));
+- rt = ip_route_output_key(sock_net(sk), &fl4);
+- if (IS_ERR(rt)) {
+- reqsk_free(req);
+- goto out;
+- }
++ flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
++ RT_SCOPE_UNIVERSE, IPPROTO_TCP,
++ inet_sk_flowi_flags(sk),
++ (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
++ ireq->loc_addr, th->source, th->dest);
++ security_req_classify_flow(req, flowi4_to_flowi(&fl4));
++ rt = ip_route_output_key(sock_net(sk), &fl4);
++ if (IS_ERR(rt)) {
++ reqsk_free(req);
++ goto out;
+ }
+
+ /* Try to redo what tcp_v4_send_synack did. */
+@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
+ ireq->rcv_wscale = rcv_wscale;
+
+ ret = get_cookie_sock(sk, skb, req, &rt->dst);
++ /* ip_queue_xmit() depends on our flow being setup
++ * Normal sockets get it right from inet_csk_route_child_sock()
++ */
++ if (ret)
++ inet_sk(ret)->cork.fl.u.ip4 = fl4;
+ out: return ret;
+ }
+diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
+index eb90aa8..de69cec 100644
+--- a/net/ipv4/tcp_ipv4.c
++++ b/net/ipv4/tcp_ipv4.c
+@@ -1465,9 +1465,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
+ inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
+ newinet->inet_id = newtp->write_seq ^ jiffies;
+
+- if (!dst && (dst = inet_csk_route_child_sock(sk, newsk, req)) == NULL)
+- goto put_and_exit;
+-
++ if (!dst) {
++ dst = inet_csk_route_child_sock(sk, newsk, req);
++ if (!dst)
++ goto put_and_exit;
++ } else {
++ /* syncookie case : see end of cookie_v4_check() */
++ }
+ sk_setup_caps(newsk, dst);
+
+ tcp_mtup_init(newsk);
+diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
+index ee7839f..2257366 100644
+--- a/net/ipv6/mcast.c
++++ b/net/ipv6/mcast.c
+@@ -257,7 +257,6 @@ static struct inet6_dev *ip6_mc_find_dev_rcu(struct net *net,
+
+ if (rt) {
+ dev = rt->rt6i_dev;
+- dev_hold(dev);
+ dst_release(&rt->dst);
+ }
+ } else
+diff --git a/tools/perf/arch/powerpc/util/header.c b/tools/perf/arch/powerpc/util/header.c
+index eba80c2..2f7073d 100644
+--- a/tools/perf/arch/powerpc/util/header.c
++++ b/tools/perf/arch/powerpc/util/header.c
+@@ -25,7 +25,7 @@ get_cpuid(char *buffer, size_t sz)
+
+ pvr = mfspr(SPRN_PVR);
+
+- nb = snprintf(buffer, sz, "%lu,%lu$", PVR_VER(pvr), PVR_REV(pvr));
++ nb = scnprintf(buffer, sz, "%lu,%lu$", PVR_VER(pvr), PVR_REV(pvr));
+
+ /* look for end marker to ensure the entire data fit */
+ if (strchr(buffer, '$')) {
+diff --git a/tools/perf/arch/x86/util/header.c b/tools/perf/arch/x86/util/header.c
+index f940060..146d12a 100644
+--- a/tools/perf/arch/x86/util/header.c
++++ b/tools/perf/arch/x86/util/header.c
+@@ -48,7 +48,7 @@ get_cpuid(char *buffer, size_t sz)
+ if (family >= 0x6)
+ model += ((a >> 16) & 0xf) << 4;
+ }
+- nb = snprintf(buffer, sz, "%s,%u,%u,%u$", vendor, family, model, step);
++ nb = scnprintf(buffer, sz, "%s,%u,%u,%u$", vendor, family, model, step);
+
+ /* look for end marker to ensure the entire data fit */
+ if (strchr(buffer, '$')) {
+diff --git a/tools/perf/util/color.c b/tools/perf/util/color.c
+index 521c38a..11e46da1 100644
+--- a/tools/perf/util/color.c
++++ b/tools/perf/util/color.c
+@@ -1,3 +1,4 @@
++#include <linux/kernel.h>
+ #include "cache.h"
+ #include "color.h"
+
+@@ -182,12 +183,12 @@ static int __color_vsnprintf(char *bf, size_t size, const char *color,
+ }
+
+ if (perf_use_color_default && *color)
+- r += snprintf(bf, size, "%s", color);
+- r += vsnprintf(bf + r, size - r, fmt, args);
++ r += scnprintf(bf, size, "%s", color);
++ r += vscnprintf(bf + r, size - r, fmt, args);
+ if (perf_use_color_default && *color)
+- r += snprintf(bf + r, size - r, "%s", PERF_COLOR_RESET);
++ r += scnprintf(bf + r, size - r, "%s", PERF_COLOR_RESET);
+ if (trail)
+- r += snprintf(bf + r, size - r, "%s", trail);
++ r += scnprintf(bf + r, size - r, "%s", trail);
+ return r;
+ }
+
+diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
+index 33c17a2..2cd88c1 100644
+--- a/tools/perf/util/header.c
++++ b/tools/perf/util/header.c
+@@ -1227,7 +1227,7 @@ int build_id_cache__add_s(const char *sbuild_id, const char *debugdir,
+ if (realname == NULL || filename == NULL || linkname == NULL)
+ goto out_free;
+
+- len = snprintf(filename, size, "%s%s%s",
++ len = scnprintf(filename, size, "%s%s%s",
+ debugdir, is_kallsyms ? "/" : "", realname);
+ if (mkdir_p(filename, 0755))
+ goto out_free;
+@@ -1242,7 +1242,7 @@ int build_id_cache__add_s(const char *sbuild_id, const char *debugdir,
+ goto out_free;
+ }
+
+- len = snprintf(linkname, size, "%s/.build-id/%.2s",
++ len = scnprintf(linkname, size, "%s/.build-id/%.2s",
+ debugdir, sbuild_id);
+
+ if (access(linkname, X_OK) && mkdir_p(linkname, 0755))
+diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c
+index abef270..216e33a 100644
+--- a/tools/perf/util/hist.c
++++ b/tools/perf/util/hist.c
+@@ -767,7 +767,7 @@ static int hist_entry__pcnt_snprintf(struct hist_entry *self, char *s,
+ sep ? "%.2f" : " %6.2f%%",
+ (period * 100.0) / total);
+ else
+- ret = snprintf(s, size, sep ? "%.2f" : " %6.2f%%",
++ ret = scnprintf(s, size, sep ? "%.2f" : " %6.2f%%",
+ (period * 100.0) / total);
+ if (symbol_conf.show_cpu_utilization) {
+ ret += percent_color_snprintf(s + ret, size - ret,
+@@ -790,20 +790,20 @@ static int hist_entry__pcnt_snprintf(struct hist_entry *self, char *s,
+ }
+ }
+ } else
+- ret = snprintf(s, size, sep ? "%" PRIu64 : "%12" PRIu64 " ", period);
++ ret = scnprintf(s, size, sep ? "%" PRIu64 : "%12" PRIu64 " ", period);
+
+ if (symbol_conf.show_nr_samples) {
+ if (sep)
+- ret += snprintf(s + ret, size - ret, "%c%" PRIu64, *sep, nr_events);
++ ret += scnprintf(s + ret, size - ret, "%c%" PRIu64, *sep, nr_events);
+ else
+- ret += snprintf(s + ret, size - ret, "%11" PRIu64, nr_events);
++ ret += scnprintf(s + ret, size - ret, "%11" PRIu64, nr_events);
+ }
+
+ if (symbol_conf.show_total_period) {
+ if (sep)
+- ret += snprintf(s + ret, size - ret, "%c%" PRIu64, *sep, period);
++ ret += scnprintf(s + ret, size - ret, "%c%" PRIu64, *sep, period);
+ else
+- ret += snprintf(s + ret, size - ret, " %12" PRIu64, period);
++ ret += scnprintf(s + ret, size - ret, " %12" PRIu64, period);
+ }
+
+ if (pair_hists) {
+@@ -818,25 +818,25 @@ static int hist_entry__pcnt_snprintf(struct hist_entry *self, char *s,
+ diff = new_percent - old_percent;
+
+ if (fabs(diff) >= 0.01)
+- snprintf(bf, sizeof(bf), "%+4.2F%%", diff);
++ ret += scnprintf(bf, sizeof(bf), "%+4.2F%%", diff);
+ else
+- snprintf(bf, sizeof(bf), " ");
++ ret += scnprintf(bf, sizeof(bf), " ");
+
+ if (sep)
+- ret += snprintf(s + ret, size - ret, "%c%s", *sep, bf);
++ ret += scnprintf(s + ret, size - ret, "%c%s", *sep, bf);
+ else
+- ret += snprintf(s + ret, size - ret, "%11.11s", bf);
++ ret += scnprintf(s + ret, size - ret, "%11.11s", bf);
+
+ if (show_displacement) {
+ if (displacement)
+- snprintf(bf, sizeof(bf), "%+4ld", displacement);
++ ret += scnprintf(bf, sizeof(bf), "%+4ld", displacement);
+ else
+- snprintf(bf, sizeof(bf), " ");
++ ret += scnprintf(bf, sizeof(bf), " ");
+
+ if (sep)
+- ret += snprintf(s + ret, size - ret, "%c%s", *sep, bf);
++ ret += scnprintf(s + ret, size - ret, "%c%s", *sep, bf);
+ else
+- ret += snprintf(s + ret, size - ret, "%6.6s", bf);
++ ret += scnprintf(s + ret, size - ret, "%6.6s", bf);
+ }
+ }
+
+@@ -854,7 +854,7 @@ int hist_entry__snprintf(struct hist_entry *he, char *s, size_t size,
+ if (se->elide)
+ continue;
+
+- ret += snprintf(s + ret, size - ret, "%s", sep ?: " ");
++ ret += scnprintf(s + ret, size - ret, "%s", sep ?: " ");
+ ret += se->se_snprintf(he, s + ret, size - ret,
+ hists__col_len(hists, se->se_width_idx));
+ }
+diff --git a/tools/perf/util/sort.c b/tools/perf/util/sort.c
+index 16da30d..076c9d4 100644
+--- a/tools/perf/util/sort.c
++++ b/tools/perf/util/sort.c
+@@ -33,6 +33,9 @@ static int repsep_snprintf(char *bf, size_t size, const char *fmt, ...)
+ }
+ }
+ va_end(ap);
++
++ if (n >= (int)size)
++ return size - 1;
+ return n;
+ }
+
+diff --git a/tools/perf/util/strbuf.c b/tools/perf/util/strbuf.c
+index 92e0685..2eeb51b 100644
+--- a/tools/perf/util/strbuf.c
++++ b/tools/perf/util/strbuf.c
+@@ -1,4 +1,5 @@
+ #include "cache.h"
++#include <linux/kernel.h>
+
+ int prefixcmp(const char *str, const char *prefix)
+ {
+@@ -89,14 +90,14 @@ void strbuf_addf(struct strbuf *sb, const char *fmt, ...)
+ if (!strbuf_avail(sb))
+ strbuf_grow(sb, 64);
+ va_start(ap, fmt);
+- len = vsnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap);
++ len = vscnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap);
+ va_end(ap);
+ if (len < 0)
+- die("your vsnprintf is broken");
++ die("your vscnprintf is broken");
+ if (len > strbuf_avail(sb)) {
+ strbuf_grow(sb, len);
+ va_start(ap, fmt);
+- len = vsnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap);
++ len = vscnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap);
+ va_end(ap);
+ if (len > strbuf_avail(sb)) {
+ die("this should not happen, your snprintf is broken");
+diff --git a/tools/perf/util/ui/browsers/hists.c b/tools/perf/util/ui/browsers/hists.c
+index d0c94b4..81c9fa5 100644
+--- a/tools/perf/util/ui/browsers/hists.c
++++ b/tools/perf/util/ui/browsers/hists.c
+@@ -839,15 +839,15 @@ static int hists__browser_title(struct hists *self, char *bf, size_t size,
+ unsigned long nr_events = self->stats.nr_events[PERF_RECORD_SAMPLE];
+
+ nr_events = convert_unit(nr_events, &unit);
+- printed = snprintf(bf, size, "Events: %lu%c %s", nr_events, unit, ev_name);
++ printed = scnprintf(bf, size, "Events: %lu%c %s", nr_events, unit, ev_name);
+
+ if (thread)
+- printed += snprintf(bf + printed, size - printed,
++ printed += scnprintf(bf + printed, size - printed,
+ ", Thread: %s(%d)",
+ (thread->comm_set ? thread->comm : ""),
+ thread->pid);
+ if (dso)
+- printed += snprintf(bf + printed, size - printed,
++ printed += scnprintf(bf + printed, size - printed,
+ ", DSO: %s", dso->short_name);
+ return printed;
+ }
+@@ -1097,7 +1097,7 @@ static void perf_evsel_menu__write(struct ui_browser *browser,
+ HE_COLORSET_NORMAL);
+
+ nr_events = convert_unit(nr_events, &unit);
+- printed = snprintf(bf, sizeof(bf), "%lu%c%s%s", nr_events,
++ printed = scnprintf(bf, sizeof(bf), "%lu%c%s%s", nr_events,
+ unit, unit == ' ' ? "" : " ", ev_name);
+ slsmg_printf("%s", bf);
+
+@@ -1107,8 +1107,8 @@ static void perf_evsel_menu__write(struct ui_browser *browser,
+ if (!current_entry)
+ ui_browser__set_color(browser, HE_COLORSET_TOP);
+ nr_events = convert_unit(nr_events, &unit);
+- snprintf(bf, sizeof(bf), ": %ld%c%schunks LOST!", nr_events,
+- unit, unit == ' ' ? "" : " ");
++ printed += scnprintf(bf, sizeof(bf), ": %ld%c%schunks LOST!",
++ nr_events, unit, unit == ' ' ? "" : " ");
+ warn = bf;
+ }
+
+diff --git a/tools/perf/util/ui/helpline.c b/tools/perf/util/ui/helpline.c
+index 6ef3c56..f50f81c 100644
+--- a/tools/perf/util/ui/helpline.c
++++ b/tools/perf/util/ui/helpline.c
+@@ -65,7 +65,7 @@ int ui_helpline__show_help(const char *format, va_list ap)
+ static int backlog;
+
+ pthread_mutex_lock(&ui__lock);
+- ret = vsnprintf(ui_helpline__last_msg + backlog,
++ ret = vscnprintf(ui_helpline__last_msg + backlog,
+ sizeof(ui_helpline__last_msg) - backlog, format, ap);
+ backlog += ret;
+