diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2013-01-27 21:35:12 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2013-01-27 21:35:12 -0500 |
| commit | 9702cf7ee1699958f6aa0d934e6915ba8959ac17 (patch) | |
| tree | 73b57c1f56761dc73cb9e13aaa2e7e348c5a43a5 | |
| parent | Grsec/PaX: 2.9.1-{2.6.32.60,3.2.37,3.7.4}-201301230048 (diff) | |
| download | hardened-patchset-9702cf7ee1699958f6aa0d934e6915ba8959ac17.tar.gz hardened-patchset-9702cf7ee1699958f6aa0d934e6915ba8959ac17.tar.bz2 hardened-patchset-9702cf7ee1699958f6aa0d934e6915ba8959ac17.zip | |
Grsec/PaX: 2.9.1-3.7.4-20130125222620130125
| -rw-r--r-- | 3.7.4/0000_README | 6 | ||||
| -rw-r--r-- | 3.7.4/1003_linux-3.7.4.patch | 1266 | ||||
| -rw-r--r-- | 3.7.4/4420_grsecurity-2.9.1-3.7.4-201301252226.patch (renamed from 3.7.4/4420_grsecurity-2.9.1-3.7.4-201301230048.patch) | 164 |
3 files changed, 120 insertions, 1316 deletions
diff --git a/3.7.4/0000_README b/3.7.4/0000_README index b3b6291..f410177 100644 --- a/3.7.4/0000_README +++ b/3.7.4/0000_README @@ -2,11 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1003_linux-3.7.4.patch -From: http://www.kernel.org -Desc: Linux 3.7.4 - -Patch: 4420_grsecurity-2.9.1-3.7.4-201301230048.patch +Patch: 4420_grsecurity-2.9.1-3.7.4-201301252226.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.7.4/1003_linux-3.7.4.patch b/3.7.4/1003_linux-3.7.4.patch deleted file mode 100644 index a0c6ff7..0000000 --- a/3.7.4/1003_linux-3.7.4.patch +++ /dev/null @@ -1,1266 +0,0 @@ -diff --git a/Makefile b/Makefile -index 51a9bda..f9196bc 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 3 - PATCHLEVEL = 7 --SUBLEVEL = 3 -+SUBLEVEL = 4 - EXTRAVERSION = - NAME = Terrified Chipmunk - -diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h -index 64b1339..7adf414 100644 ---- a/arch/arm64/include/asm/pgtable.h -+++ b/arch/arm64/include/asm/pgtable.h -@@ -132,9 +132,8 @@ extern struct page *empty_zero_page; - #define pte_write(pte) (!(pte_val(pte) & PTE_RDONLY)) - #define pte_exec(pte) (!(pte_val(pte) & PTE_UXN)) - --#define pte_present_exec_user(pte) \ -- ((pte_val(pte) & (PTE_VALID | PTE_USER | PTE_UXN)) == \ -- (PTE_VALID | PTE_USER)) -+#define pte_present_user(pte) \ -+ ((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER)) - - #define PTE_BIT_FUNC(fn,op) \ - static inline pte_t pte_##fn(pte_t pte) { pte_val(pte) op; return pte; } -@@ -157,10 +156,13 @@ extern void __sync_icache_dcache(pte_t pteval, unsigned long addr); - static inline void set_pte_at(struct mm_struct *mm, unsigned long addr, - pte_t *ptep, pte_t pte) - { -- if (pte_present_exec_user(pte)) -- __sync_icache_dcache(pte, addr); -- if (!pte_dirty(pte)) -- pte = pte_wrprotect(pte); -+ if (pte_present_user(pte)) { -+ if (pte_exec(pte)) -+ __sync_icache_dcache(pte, addr); -+ if (!pte_dirty(pte)) -+ pte = pte_wrprotect(pte); -+ } -+ - set_pte(ptep, pte); - } - -diff --git a/arch/s390/include/asm/timex.h b/arch/s390/include/asm/timex.h -index fba4d66..4c060bb 100644 ---- a/arch/s390/include/asm/timex.h -+++ b/arch/s390/include/asm/timex.h -@@ -128,4 +128,32 @@ static inline unsigned long long get_clock_monotonic(void) - return get_clock_xt() - sched_clock_base_cc; - } - -+/** -+ * tod_to_ns - convert a TOD format value to nanoseconds -+ * @todval: to be converted TOD format value -+ * Returns: number of nanoseconds that correspond to the TOD format value -+ * -+ * Converting a 64 Bit TOD format value to nanoseconds means that the value -+ * must be divided by 4.096. In order to achieve that we multiply with 125 -+ * and divide by 512: -+ * -+ * ns = (todval * 125) >> 9; -+ * -+ * In order to avoid an overflow with the multiplication we can rewrite this. -+ * With a split todval == 2^32 * th + tl (th upper 32 bits, tl lower 32 bits) -+ * we end up with -+ * -+ * ns = ((2^32 * th + tl) * 125 ) >> 9; -+ * -> ns = (2^23 * th * 125) + ((tl * 125) >> 9); -+ * -+ */ -+static inline unsigned long long tod_to_ns(unsigned long long todval) -+{ -+ unsigned long long ns; -+ -+ ns = ((todval >> 32) << 23) * 125; -+ ns += ((todval & 0xffffffff) * 125) >> 9; -+ return ns; -+} -+ - #endif -diff --git a/arch/s390/kernel/time.c b/arch/s390/kernel/time.c -index 7fcd690..b5d8a18 100644 ---- a/arch/s390/kernel/time.c -+++ b/arch/s390/kernel/time.c -@@ -63,7 +63,7 @@ static DEFINE_PER_CPU(struct clock_event_device, comparators); - */ - unsigned long long notrace __kprobes sched_clock(void) - { -- return (get_clock_monotonic() * 125) >> 9; -+ return tod_to_ns(get_clock_monotonic()); - } - - /* -diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c -index ff1e2f8..d533389 100644 ---- a/arch/s390/kvm/interrupt.c -+++ b/arch/s390/kvm/interrupt.c -@@ -408,7 +408,7 @@ int kvm_s390_handle_wait(struct kvm_vcpu *vcpu) - return 0; - } - -- sltime = ((vcpu->arch.sie_block->ckc - now)*125)>>9; -+ sltime = tod_to_ns(vcpu->arch.sie_block->ckc - now); - - hrtimer_start(&vcpu->arch.ckc_timer, ktime_set (0, sltime) , HRTIMER_MODE_REL); - VCPU_EVENT(vcpu, 5, "enabled wait via clock comparator: %llx ns", sltime); -diff --git a/arch/sh/include/asm/elf.h b/arch/sh/include/asm/elf.h -index 37924af..bf9f44f 100644 ---- a/arch/sh/include/asm/elf.h -+++ b/arch/sh/include/asm/elf.h -@@ -203,9 +203,9 @@ extern void __kernel_vsyscall; - if (vdso_enabled) \ - NEW_AUX_ENT(AT_SYSINFO_EHDR, VDSO_BASE); \ - else \ -- NEW_AUX_ENT(AT_IGNORE, 0); -+ NEW_AUX_ENT(AT_IGNORE, 0) - #else --#define VSYSCALL_AUX_ENT -+#define VSYSCALL_AUX_ENT NEW_AUX_ENT(AT_IGNORE, 0) - #endif /* CONFIG_VSYSCALL */ - - #ifdef CONFIG_SH_FPU -diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index 88b725a..cf8639b 100644 ---- a/arch/x86/kernel/entry_32.S -+++ b/arch/x86/kernel/entry_32.S -@@ -1084,7 +1084,6 @@ ENTRY(xen_failsafe_callback) - lea 16(%esp),%esp - CFI_ADJUST_CFA_OFFSET -16 - jz 5f -- addl $16,%esp - jmp iret_exc - 5: pushl_cfi $-1 /* orig_ax = -1 => not a system call */ - SAVE_ALL -diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index ca45696..86c524c 100644 ---- a/arch/x86/kernel/setup.c -+++ b/arch/x86/kernel/setup.c -@@ -614,6 +614,81 @@ static __init void reserve_ibft_region(void) - - static unsigned reserve_low = CONFIG_X86_RESERVE_LOW << 10; - -+static bool __init snb_gfx_workaround_needed(void) -+{ -+ int i; -+ u16 vendor, devid; -+ static const u16 snb_ids[] = { -+ 0x0102, -+ 0x0112, -+ 0x0122, -+ 0x0106, -+ 0x0116, -+ 0x0126, -+ 0x010a, -+ }; -+ -+ /* Assume no if something weird is going on with PCI */ -+ if (!early_pci_allowed()) -+ return false; -+ -+ vendor = read_pci_config_16(0, 2, 0, PCI_VENDOR_ID); -+ if (vendor != 0x8086) -+ return false; -+ -+ devid = read_pci_config_16(0, 2, 0, PCI_DEVICE_ID); -+ for (i = 0; i < ARRAY_SIZE(snb_ids); i++) -+ if (devid == snb_ids[i]) -+ return true; -+ -+ return false; -+} -+ -+/* -+ * Sandy Bridge graphics has trouble with certain ranges, exclude -+ * them from allocation. -+ */ -+static void __init trim_snb_memory(void) -+{ -+ static const unsigned long bad_pages[] = { -+ 0x20050000, -+ 0x20110000, -+ 0x20130000, -+ 0x20138000, -+ 0x40004000, -+ }; -+ int i; -+ -+ if (!snb_gfx_workaround_needed()) -+ return; -+ -+ printk(KERN_DEBUG "reserving inaccessible SNB gfx pages\n"); -+ -+ /* -+ * Reserve all memory below the 1 MB mark that has not -+ * already been reserved. -+ */ -+ memblock_reserve(0, 1<<20); -+ -+ for (i = 0; i < ARRAY_SIZE(bad_pages); i++) { -+ if (memblock_reserve(bad_pages[i], PAGE_SIZE)) -+ printk(KERN_WARNING "failed to reserve 0x%08lx\n", -+ bad_pages[i]); -+ } -+} -+ -+/* -+ * Here we put platform-specific memory range workarounds, i.e. -+ * memory known to be corrupt or otherwise in need to be reserved on -+ * specific platforms. -+ * -+ * If this gets used more widely it could use a real dispatch mechanism. -+ */ -+static void __init trim_platform_memory_ranges(void) -+{ -+ trim_snb_memory(); -+} -+ - static void __init trim_bios_range(void) - { - /* -@@ -634,6 +709,7 @@ static void __init trim_bios_range(void) - * take them out. - */ - e820_remove_range(BIOS_BEGIN, BIOS_END - BIOS_BEGIN, E820_RAM, 1); -+ - sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); - } - -@@ -912,6 +988,8 @@ void __init setup_arch(char **cmdline_p) - - setup_real_mode(); - -+ trim_platform_memory_ranges(); -+ - init_gbpages(); - - /* max_pfn_mapped is updated here */ -diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c -index be5f7aa..3724891 100644 ---- a/drivers/base/firmware_class.c -+++ b/drivers/base/firmware_class.c -@@ -295,7 +295,7 @@ static bool fw_read_file_contents(struct file *file, struct firmware_buf *fw_buf - char *buf; - - size = fw_file_size(file); -- if (size < 0) -+ if (size <= 0) - return false; - buf = vmalloc(size); - if (!buf) -diff --git a/drivers/gpu/drm/radeon/r600_cs.c b/drivers/gpu/drm/radeon/r600_cs.c -index 211c402..1a8594b 100644 ---- a/drivers/gpu/drm/radeon/r600_cs.c -+++ b/drivers/gpu/drm/radeon/r600_cs.c -@@ -2429,8 +2429,10 @@ static void r600_cs_parser_fini(struct radeon_cs_parser *parser, int error) - kfree(parser->relocs); - for (i = 0; i < parser->nchunks; i++) { - kfree(parser->chunks[i].kdata); -- kfree(parser->chunks[i].kpage[0]); -- kfree(parser->chunks[i].kpage[1]); -+ if (parser->rdev && (parser->rdev->flags & RADEON_IS_AGP)) { -+ kfree(parser->chunks[i].kpage[0]); -+ kfree(parser->chunks[i].kpage[1]); -+ } - } - kfree(parser->chunks); - kfree(parser->chunks_array); -diff --git a/drivers/gpu/drm/radeon/radeon_cs.c b/drivers/gpu/drm/radeon/radeon_cs.c -index 41672cc..dc8d15a 100644 ---- a/drivers/gpu/drm/radeon/radeon_cs.c -+++ b/drivers/gpu/drm/radeon/radeon_cs.c -@@ -266,7 +266,7 @@ int radeon_cs_parser_init(struct radeon_cs_parser *p, void *data) - p->chunks[p->chunk_ib_idx].length_dw); - return -EINVAL; - } -- if ((p->rdev->flags & RADEON_IS_AGP)) { -+ if (p->rdev && (p->rdev->flags & RADEON_IS_AGP)) { - p->chunks[p->chunk_ib_idx].kpage[0] = kmalloc(PAGE_SIZE, GFP_KERNEL); - p->chunks[p->chunk_ib_idx].kpage[1] = kmalloc(PAGE_SIZE, GFP_KERNEL); - if (p->chunks[p->chunk_ib_idx].kpage[0] == NULL || -@@ -570,7 +570,8 @@ static int radeon_cs_update_pages(struct radeon_cs_parser *p, int pg_idx) - struct radeon_cs_chunk *ibc = &p->chunks[p->chunk_ib_idx]; - int i; - int size = PAGE_SIZE; -- bool copy1 = (p->rdev->flags & RADEON_IS_AGP) ? false : true; -+ bool copy1 = (p->rdev && (p->rdev->flags & RADEON_IS_AGP)) ? -+ false : true; - - for (i = ibc->last_copied_page + 1; i < pg_idx; i++) { - if (DRM_COPY_FROM_USER(p->ib.ptr + (i * (PAGE_SIZE/4)), -diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c -index 9476c1b..c2c07a4 100644 ---- a/drivers/iommu/intel-iommu.c -+++ b/drivers/iommu/intel-iommu.c -@@ -2327,8 +2327,39 @@ static int domain_add_dev_info(struct dmar_domain *domain, - return 0; - } - -+static bool device_has_rmrr(struct pci_dev *dev) -+{ -+ struct dmar_rmrr_unit *rmrr; -+ int i; -+ -+ for_each_rmrr_units(rmrr) { -+ for (i = 0; i < rmrr->devices_cnt; i++) { -+ /* -+ * Return TRUE if this RMRR contains the device that -+ * is passed in. -+ */ -+ if (rmrr->devices[i] == dev) -+ return true; -+ } -+ } -+ return false; -+} -+ - static int iommu_should_identity_map(struct pci_dev *pdev, int startup) - { -+ -+ /* -+ * We want to prevent any device associated with an RMRR from -+ * getting placed into the SI Domain. This is done because -+ * problems exist when devices are moved in and out of domains -+ * and their respective RMRR info is lost. We exempt USB devices -+ * from this process due to their usage of RMRRs that are known -+ * to not be needed after BIOS hand-off to OS. -+ */ -+ if (device_has_rmrr(pdev) && -+ (pdev->class >> 8) != PCI_CLASS_SERIAL_USB) -+ return 0; -+ - if ((iommu_identity_mapping & IDENTMAP_AZALIA) && IS_AZALIA(pdev)) - return 1; - -diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c -index e1ceb37..9b178a3 100644 ---- a/drivers/net/ethernet/intel/igb/igb_main.c -+++ b/drivers/net/ethernet/intel/igb/igb_main.c -@@ -909,17 +909,18 @@ static int igb_request_msix(struct igb_adapter *adapter) - { - struct net_device *netdev = adapter->netdev; - struct e1000_hw *hw = &adapter->hw; -- int i, err = 0, vector = 0; -+ int i, err = 0, vector = 0, free_vector = 0; - - err = request_irq(adapter->msix_entries[vector].vector, - igb_msix_other, 0, netdev->name, adapter); - if (err) -- goto out; -- vector++; -+ goto err_out; - - for (i = 0; i < adapter->num_q_vectors; i++) { - struct igb_q_vector *q_vector = adapter->q_vector[i]; - -+ vector++; -+ - q_vector->itr_register = hw->hw_addr + E1000_EITR(vector); - - if (q_vector->rx.ring && q_vector->tx.ring) -@@ -938,13 +939,22 @@ static int igb_request_msix(struct igb_adapter *adapter) - igb_msix_ring, 0, q_vector->name, - q_vector); - if (err) -- goto out; -- vector++; -+ goto err_free; - } - - igb_configure_msix(adapter); - return 0; --out: -+ -+err_free: -+ /* free already assigned IRQs */ -+ free_irq(adapter->msix_entries[free_vector++].vector, adapter); -+ -+ vector--; -+ for (i = 0; i < vector; i++) { -+ free_irq(adapter->msix_entries[free_vector++].vector, -+ adapter->q_vector[i]); -+ } -+err_out: - return err; - } - -diff --git a/drivers/staging/vt6656/bssdb.h b/drivers/staging/vt6656/bssdb.h -index 6b2ec39..806cbf7 100644 ---- a/drivers/staging/vt6656/bssdb.h -+++ b/drivers/staging/vt6656/bssdb.h -@@ -90,7 +90,6 @@ typedef struct tagSRSNCapObject { - } SRSNCapObject, *PSRSNCapObject; - - // BSS info(AP) --#pragma pack(1) - typedef struct tagKnownBSS { - // BSS info - BOOL bActive; -diff --git a/drivers/staging/vt6656/int.h b/drivers/staging/vt6656/int.h -index 3734e2c..91ceb77 100644 ---- a/drivers/staging/vt6656/int.h -+++ b/drivers/staging/vt6656/int.h -@@ -34,7 +34,6 @@ - #include "device.h" - - /*--------------------- Export Definitions -------------------------*/ --#pragma pack(1) - typedef struct tagSINTData { - BYTE byTSR0; - BYTE byPkt0; -diff --git a/drivers/staging/vt6656/iocmd.h b/drivers/staging/vt6656/iocmd.h -index 22710ce..ae6e2d2 100644 ---- a/drivers/staging/vt6656/iocmd.h -+++ b/drivers/staging/vt6656/iocmd.h -@@ -95,13 +95,12 @@ typedef enum tagWZONETYPE { - // Ioctl interface structure - // Command structure - // --#pragma pack(1) - typedef struct tagSCmdRequest { - u8 name[16]; - void *data; - u16 wResult; - u16 wCmdCode; --} SCmdRequest, *PSCmdRequest; -+} __packed SCmdRequest, *PSCmdRequest; - - // - // Scan -@@ -111,7 +110,7 @@ typedef struct tagSCmdScan { - - u8 ssid[SSID_MAXLEN + 2]; - --} SCmdScan, *PSCmdScan; -+} __packed SCmdScan, *PSCmdScan; - - // - // BSS Join -@@ -126,7 +125,7 @@ typedef struct tagSCmdBSSJoin { - BOOL bPSEnable; - BOOL bShareKeyAuth; - --} SCmdBSSJoin, *PSCmdBSSJoin; -+} __packed SCmdBSSJoin, *PSCmdBSSJoin; - - // - // Zonetype Setting -@@ -137,7 +136,7 @@ typedef struct tagSCmdZoneTypeSet { - BOOL bWrite; - WZONETYPE ZoneType; - --} SCmdZoneTypeSet, *PSCmdZoneTypeSet; -+} __packed SCmdZoneTypeSet, *PSCmdZoneTypeSet; - - typedef struct tagSWPAResult { - char ifname[100]; -@@ -145,7 +144,7 @@ typedef struct tagSWPAResult { - u8 key_mgmt; - u8 eap_type; - BOOL authenticated; --} SWPAResult, *PSWPAResult; -+} __packed SWPAResult, *PSWPAResult; - - typedef struct tagSCmdStartAP { - -@@ -157,7 +156,7 @@ typedef struct tagSCmdStartAP { - BOOL bShareKeyAuth; - u8 byBasicRate; - --} SCmdStartAP, *PSCmdStartAP; -+} __packed SCmdStartAP, *PSCmdStartAP; - - typedef struct tagSCmdSetWEP { - -@@ -167,7 +166,7 @@ typedef struct tagSCmdSetWEP { - BOOL bWepKeyAvailable[WEP_NKEYS]; - u32 auWepKeyLength[WEP_NKEYS]; - --} SCmdSetWEP, *PSCmdSetWEP; -+} __packed SCmdSetWEP, *PSCmdSetWEP; - - typedef struct tagSBSSIDItem { - -@@ -180,14 +179,14 @@ typedef struct tagSBSSIDItem { - BOOL bWEPOn; - u32 uRSSI; - --} SBSSIDItem; -+} __packed SBSSIDItem; - - - typedef struct tagSBSSIDList { - - u32 uItem; - SBSSIDItem sBSSIDList[0]; --} SBSSIDList, *PSBSSIDList; -+} __packed SBSSIDList, *PSBSSIDList; - - - typedef struct tagSNodeItem { -@@ -208,7 +207,7 @@ typedef struct tagSNodeItem { - u32 uTxAttempts; - u16 wFailureRatio; - --} SNodeItem; -+} __packed SNodeItem; - - - typedef struct tagSNodeList { -@@ -216,7 +215,7 @@ typedef struct tagSNodeList { - u32 uItem; - SNodeItem sNodeList[0]; - --} SNodeList, *PSNodeList; -+} __packed SNodeList, *PSNodeList; - - - typedef struct tagSCmdLinkStatus { -@@ -229,7 +228,7 @@ typedef struct tagSCmdLinkStatus { - u32 uChannel; - u32 uLinkRate; - --} SCmdLinkStatus, *PSCmdLinkStatus; -+} __packed SCmdLinkStatus, *PSCmdLinkStatus; - - // - // 802.11 counter -@@ -247,7 +246,7 @@ typedef struct tagSDot11MIBCount { - u32 ReceivedFragmentCount; - u32 MulticastReceivedFrameCount; - u32 FCSErrorCount; --} SDot11MIBCount, *PSDot11MIBCount; -+} __packed SDot11MIBCount, *PSDot11MIBCount; - - - -@@ -355,13 +354,13 @@ typedef struct tagSStatMIBCount { - u32 ullTxBroadcastBytes[2]; - u32 ullTxMulticastBytes[2]; - u32 ullTxDirectedBytes[2]; --} SStatMIBCount, *PSStatMIBCount; -+} __packed SStatMIBCount, *PSStatMIBCount; - - typedef struct tagSCmdValue { - - u32 dwValue; - --} SCmdValue, *PSCmdValue; -+} __packed SCmdValue, *PSCmdValue; - - // - // hostapd & viawget ioctl related -@@ -431,7 +430,7 @@ struct viawget_hostapd_param { - u8 ssid[32]; - } scan_req; - } u; --}; -+} __packed; - - /*--------------------- Export Classes ----------------------------*/ - -diff --git a/drivers/staging/vt6656/iowpa.h b/drivers/staging/vt6656/iowpa.h -index 959c886..2522dde 100644 ---- a/drivers/staging/vt6656/iowpa.h -+++ b/drivers/staging/vt6656/iowpa.h -@@ -67,12 +67,11 @@ enum { - - - --#pragma pack(1) - typedef struct viawget_wpa_header { - u8 type; - u16 req_ie_len; - u16 resp_ie_len; --} viawget_wpa_header; -+} __packed viawget_wpa_header; - - struct viawget_wpa_param { - u32 cmd; -@@ -113,9 +112,8 @@ struct viawget_wpa_param { - u8 *buf; - } scan_results; - } u; --}; -+} __packed; - --#pragma pack(1) - struct viawget_scan_result { - u8 bssid[6]; - u8 ssid[32]; -@@ -130,7 +128,7 @@ struct viawget_scan_result { - int noise; - int level; - int maxrate; --}; -+} __packed; - - /*--------------------- Export Classes ----------------------------*/ - -diff --git a/drivers/staging/wlan-ng/prism2mgmt.c b/drivers/staging/wlan-ng/prism2mgmt.c -index 4efa9bc..89bfd85 100644 ---- a/drivers/staging/wlan-ng/prism2mgmt.c -+++ b/drivers/staging/wlan-ng/prism2mgmt.c -@@ -406,7 +406,7 @@ int prism2mgmt_scan_results(wlandevice_t *wlandev, void *msgp) - /* SSID */ - req->ssid.status = P80211ENUM_msgitem_status_data_ok; - req->ssid.data.len = le16_to_cpu(item->ssid.len); -- req->ssid.data.len = min_t(u16, req->ssid.data.len, WLAN_BSSID_LEN); -+ req->ssid.data.len = min_t(u16, req->ssid.data.len, WLAN_SSID_MAXLEN); - memcpy(req->ssid.data.data, item->ssid.data, req->ssid.data.len); - - /* supported rates */ -diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c -index 9abef9f..0943ff0 100644 ---- a/drivers/target/target_core_device.c -+++ b/drivers/target/target_core_device.c -@@ -1624,6 +1624,7 @@ int core_dev_setup_virtual_lun0(void) - ret = PTR_ERR(dev); - goto out; - } -+ dev->dev_link_magic = SE_DEV_LINK_MAGIC; - se_dev->se_dev_ptr = dev; - g_lun0_dev = dev; - -diff --git a/drivers/target/target_core_fabric_configfs.c b/drivers/target/target_core_fabric_configfs.c -index bca737b..a55f91a 100644 ---- a/drivers/target/target_core_fabric_configfs.c -+++ b/drivers/target/target_core_fabric_configfs.c -@@ -71,6 +71,12 @@ static int target_fabric_mappedlun_link( - struct se_portal_group *se_tpg; - struct config_item *nacl_ci, *tpg_ci, *tpg_ci_s, *wwn_ci, *wwn_ci_s; - int ret = 0, lun_access; -+ -+ if (lun->lun_link_magic != SE_LUN_LINK_MAGIC) { -+ pr_err("Bad lun->lun_link_magic, not a valid lun_ci pointer:" -+ " %p to struct lun: %p\n", lun_ci, lun); -+ return -EFAULT; -+ } - /* - * Ensure that the source port exists - */ -@@ -745,6 +751,12 @@ static int target_fabric_port_link( - struct target_fabric_configfs *tf; - int ret; - -+ if (dev->dev_link_magic != SE_DEV_LINK_MAGIC) { -+ pr_err("Bad dev->dev_link_magic, not a valid se_dev_ci pointer:" -+ " %p to struct se_device: %p\n", se_dev_ci, dev); -+ return -EFAULT; -+ } -+ - tpg_ci = &lun_ci->ci_parent->ci_group->cg_item; - se_tpg = container_of(to_config_group(tpg_ci), - struct se_portal_group, tpg_group); -diff --git a/drivers/target/target_core_tpg.c b/drivers/target/target_core_tpg.c -index a531fe2..4c34665 100644 ---- a/drivers/target/target_core_tpg.c -+++ b/drivers/target/target_core_tpg.c -@@ -672,6 +672,7 @@ int core_tpg_register( - for (i = 0; i < TRANSPORT_MAX_LUNS_PER_TPG; i++) { - lun = se_tpg->tpg_lun_list[i]; - lun->unpacked_lun = i; -+ lun->lun_link_magic = SE_LUN_LINK_MAGIC; - lun->lun_status = TRANSPORT_LUN_STATUS_FREE; - atomic_set(&lun->lun_acl_count, 0); - init_completion(&lun->lun_shutdown_comp); -diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index dcecbfb..13fe16c 100644 ---- a/drivers/target/target_core_transport.c -+++ b/drivers/target/target_core_transport.c -@@ -545,9 +545,6 @@ static void transport_lun_remove_cmd(struct se_cmd *cmd) - - void transport_cmd_finish_abort(struct se_cmd *cmd, int remove) - { -- if (!(cmd->se_cmd_flags & SCF_SCSI_TMR_CDB)) -- transport_lun_remove_cmd(cmd); -- - if (transport_cmd_check_stop_to_fabric(cmd)) - return; - if (remove) -@@ -1074,6 +1071,7 @@ struct se_device *transport_add_device_to_core_hba( - dev->se_hba = hba; - dev->se_sub_dev = se_dev; - dev->transport = transport; -+ dev->dev_link_magic = SE_DEV_LINK_MAGIC; - INIT_LIST_HEAD(&dev->dev_list); - INIT_LIST_HEAD(&dev->dev_sep_list); - INIT_LIST_HEAD(&dev->dev_tmr_list); -@@ -1616,6 +1614,8 @@ static void target_complete_tmr_failure(struct work_struct *work) - - se_cmd->se_tmr_req->response = TMR_LUN_DOES_NOT_EXIST; - se_cmd->se_tfo->queue_tm_rsp(se_cmd); -+ -+ transport_cmd_check_stop_to_fabric(se_cmd); - } - - /** -@@ -1853,6 +1853,7 @@ void target_execute_cmd(struct se_cmd *cmd) - } - - cmd->t_state = TRANSPORT_PROCESSING; -+ cmd->transport_state |= CMD_T_ACTIVE; - spin_unlock_irq(&cmd->t_state_lock); - - if (dev->dev_task_attr_type != SAM_TASK_ATTR_EMULATED) -@@ -3024,7 +3025,7 @@ int transport_send_check_condition_and_sense( - /* ILLEGAL REQUEST */ - buffer[SPC_SENSE_KEY_OFFSET] = ILLEGAL_REQUEST; - /* LOGICAL UNIT COMMUNICATION FAILURE */ -- buffer[SPC_ASC_KEY_OFFSET] = 0x80; -+ buffer[SPC_ASC_KEY_OFFSET] = 0x08; - break; - } - /* -@@ -3089,6 +3090,8 @@ void transport_send_task_abort(struct se_cmd *cmd) - } - cmd->scsi_status = SAM_STAT_TASK_ABORTED; - -+ transport_lun_remove_cmd(cmd); -+ - pr_debug("Setting SAM_STAT_TASK_ABORTED status for CDB: 0x%02x," - " ITT: 0x%08x\n", cmd->t_task_cdb[0], - cmd->se_tfo->get_task_tag(cmd)); -diff --git a/drivers/target/tcm_fc/tfc_sess.c b/drivers/target/tcm_fc/tfc_sess.c -index 12d6fa2..6659dd3 100644 ---- a/drivers/target/tcm_fc/tfc_sess.c -+++ b/drivers/target/tcm_fc/tfc_sess.c -@@ -355,11 +355,11 @@ static int ft_prli_locked(struct fc_rport_priv *rdata, u32 spp_len, - - tport = ft_tport_create(rdata->local_port); - if (!tport) -- return 0; /* not a target for this local port */ -+ goto not_target; /* not a target for this local port */ - - acl = ft_acl_get(tport->tpg, rdata); - if (!acl) -- return 0; -+ goto not_target; /* no target for this remote */ - - if (!rspp) - goto fill; -@@ -396,12 +396,18 @@ static int ft_prli_locked(struct fc_rport_priv *rdata, u32 spp_len, - - /* - * OR in our service parameters with other provider (initiator), if any. -- * TBD XXX - indicate RETRY capability? - */ - fill: - fcp_parm = ntohl(spp->spp_params); -+ fcp_parm &= ~FCP_SPPF_RETRY; - spp->spp_params = htonl(fcp_parm | FCP_SPPF_TARG_FCN); - return FC_SPP_RESP_ACK; -+ -+not_target: -+ fcp_parm = ntohl(spp->spp_params); -+ fcp_parm &= ~FCP_SPPF_TARG_FCN; -+ spp->spp_params = htonl(fcp_parm); -+ return 0; - } - - /** -diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index a82b399..8cf8d0a 100644 ---- a/drivers/tty/pty.c -+++ b/drivers/tty/pty.c -@@ -395,6 +395,8 @@ static int pty_bsd_ioctl(struct tty_struct *tty, - return pty_set_lock(tty, (int __user *) arg); - case TIOCSIG: /* Send signal to other side of pty */ - return pty_signal(tty, (int) arg); -+ case TIOCGPTN: /* TTY returns ENOTTY, but glibc expects EINVAL here */ -+ return -EINVAL; - } - return -ENOIOCTLCMD; - } -diff --git a/drivers/tty/serial/8250/8250.c b/drivers/tty/serial/8250/8250.c -index 3ba4234..2c09e64 100644 ---- a/drivers/tty/serial/8250/8250.c -+++ b/drivers/tty/serial/8250/8250.c -@@ -290,6 +290,12 @@ static const struct serial8250_config uart_config[] = { - UART_FCR_R_TRIG_00 | UART_FCR_T_TRIG_00, - .flags = UART_CAP_FIFO, - }, -+ [PORT_BRCM_TRUMANAGE] = { -+ .name = "TruManage", -+ .fifo_size = 1, -+ .tx_loadsz = 1024, -+ .flags = UART_CAP_HFIFO, -+ }, - [PORT_8250_CIR] = { - .name = "CIR port" - } -@@ -1441,6 +1447,11 @@ void serial8250_tx_chars(struct uart_8250_port *up) - port->icount.tx++; - if (uart_circ_empty(xmit)) - break; -+ if (up->capabilities & UART_CAP_HFIFO) { -+ if ((serial_port_in(port, UART_LSR) & BOTH_EMPTY) != -+ BOTH_EMPTY) -+ break; -+ } - } while (--count > 0); - - if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS) -diff --git a/drivers/tty/serial/8250/8250.h b/drivers/tty/serial/8250/8250.h -index 5a76f9c..c0be2fa 100644 ---- a/drivers/tty/serial/8250/8250.h -+++ b/drivers/tty/serial/8250/8250.h -@@ -40,6 +40,7 @@ struct serial8250_config { - #define UART_CAP_AFE (1 << 11) /* MCR-based hw flow control */ - #define UART_CAP_UUE (1 << 12) /* UART needs IER bit 6 set (Xscale) */ - #define UART_CAP_RTOIE (1 << 13) /* UART needs IER bit 4 set (Xscale, Tegra) */ -+#define UART_CAP_HFIFO (1 << 14) /* UART has a "hidden" FIFO */ - - #define UART_BUG_QUOT (1 << 0) /* UART has buggy quot LSB */ - #define UART_BUG_TXEN (1 << 1) /* UART has buggy TX IIR status */ -diff --git a/drivers/tty/serial/8250/8250_dw.c b/drivers/tty/serial/8250/8250_dw.c -index c3b2ec0..71ce540 100644 ---- a/drivers/tty/serial/8250/8250_dw.c -+++ b/drivers/tty/serial/8250/8250_dw.c -@@ -79,7 +79,7 @@ static int dw8250_handle_irq(struct uart_port *p) - } else if ((iir & UART_IIR_BUSY) == UART_IIR_BUSY) { - /* Clear the USR and write the LCR again. */ - (void)p->serial_in(p, UART_USR); -- p->serial_out(p, d->last_lcr, UART_LCR); -+ p->serial_out(p, UART_LCR, d->last_lcr); - - return 1; - } -diff --git a/drivers/tty/serial/8250/8250_pci.c b/drivers/tty/serial/8250/8250_pci.c -index 17b7d26..a29df69 100644 ---- a/drivers/tty/serial/8250/8250_pci.c -+++ b/drivers/tty/serial/8250/8250_pci.c -@@ -1085,6 +1085,18 @@ pci_omegapci_setup(struct serial_private *priv, - return setup_port(priv, port, 2, idx * 8, 0); - } - -+static int -+pci_brcm_trumanage_setup(struct serial_private *priv, -+ const struct pciserial_board *board, -+ struct uart_8250_port *port, int idx) -+{ -+ int ret = pci_default_setup(priv, board, port, idx); -+ -+ port->port.type = PORT_BRCM_TRUMANAGE; -+ port->port.flags = (port->port.flags | UPF_FIXED_PORT | UPF_FIXED_TYPE); -+ return ret; -+} -+ - static int skip_tx_en_setup(struct serial_private *priv, - const struct pciserial_board *board, - struct uart_8250_port *port, int idx) -@@ -1213,6 +1225,7 @@ pci_wch_ch353_setup(struct serial_private *priv, - #define PCI_VENDOR_ID_AGESTAR 0x5372 - #define PCI_DEVICE_ID_AGESTAR_9375 0x6872 - #define PCI_VENDOR_ID_ASIX 0x9710 -+#define PCI_DEVICE_ID_BROADCOM_TRUMANAGE 0x160a - - /* Unknown vendors/cards - this should not be in linux/pci_ids.h */ - #define PCI_SUBDEVICE_ID_UNKNOWN_0x1584 0x1584 -@@ -1788,6 +1801,17 @@ static struct pci_serial_quirk pci_serial_quirks[] __refdata = { - .setup = pci_asix_setup, - }, - /* -+ * Broadcom TruManage (NetXtreme) -+ */ -+ { -+ .vendor = PCI_VENDOR_ID_BROADCOM, -+ .device = PCI_DEVICE_ID_BROADCOM_TRUMANAGE, -+ .subvendor = PCI_ANY_ID, -+ .subdevice = PCI_ANY_ID, -+ .setup = pci_brcm_trumanage_setup, -+ }, -+ -+ /* - * Default "match everything" terminator entry - */ - { -@@ -1975,6 +1999,7 @@ enum pci_board_num_t { - pbn_ce4100_1_115200, - pbn_omegapci, - pbn_NETMOS9900_2s_115200, -+ pbn_brcm_trumanage, - }; - - /* -@@ -2674,6 +2699,12 @@ static struct pciserial_board pci_boards[] __devinitdata = { - .num_ports = 2, - .base_baud = 115200, - }, -+ [pbn_brcm_trumanage] = { -+ .flags = FL_BASE0, -+ .num_ports = 1, -+ .reg_shift = 2, -+ .base_baud = 115200, -+ }, - }; - - static const struct pci_device_id blacklist[] = { -@@ -4238,6 +4269,13 @@ static struct pci_device_id serial_pci_tbl[] = { - pbn_omegapci }, - - /* -+ * Broadcom TruManage -+ */ -+ { PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_BROADCOM_TRUMANAGE, -+ PCI_ANY_ID, PCI_ANY_ID, 0, 0, -+ pbn_brcm_trumanage }, -+ -+ /* - * AgeStar as-prs2-009 - */ - { PCI_VENDOR_ID_AGESTAR, PCI_DEVICE_ID_AGESTAR_9375, -diff --git a/drivers/tty/serial/ifx6x60.c b/drivers/tty/serial/ifx6x60.c -index 5b9bc19..f5e9666 100644 ---- a/drivers/tty/serial/ifx6x60.c -+++ b/drivers/tty/serial/ifx6x60.c -@@ -552,6 +552,7 @@ static void ifx_port_shutdown(struct tty_port *port) - container_of(port, struct ifx_spi_device, tty_port); - - mrdy_set_low(ifx_dev); -+ del_timer(&ifx_dev->spi_timer); - clear_bit(IFX_SPI_STATE_TIMER_PENDING, &ifx_dev->flags); - tasklet_kill(&ifx_dev->io_work_tasklet); - } -diff --git a/drivers/tty/serial/mxs-auart.c b/drivers/tty/serial/mxs-auart.c -index 6db3baa..ea513c9 100644 ---- a/drivers/tty/serial/mxs-auart.c -+++ b/drivers/tty/serial/mxs-auart.c -@@ -260,10 +260,12 @@ static void mxs_auart_set_mctrl(struct uart_port *u, unsigned mctrl) - - u32 ctrl = readl(u->membase + AUART_CTRL2); - -- ctrl &= ~AUART_CTRL2_RTSEN; -+ ctrl &= ~(AUART_CTRL2_RTSEN | AUART_CTRL2_RTS); - if (mctrl & TIOCM_RTS) { - if (tty_port_cts_enabled(&u->state->port)) - ctrl |= AUART_CTRL2_RTSEN; -+ else -+ ctrl |= AUART_CTRL2_RTS; - } - - s->ctrl = mctrl; -diff --git a/drivers/tty/serial/vt8500_serial.c b/drivers/tty/serial/vt8500_serial.c -index 205d4cf..f528cc2 100644 ---- a/drivers/tty/serial/vt8500_serial.c -+++ b/drivers/tty/serial/vt8500_serial.c -@@ -604,7 +604,7 @@ static int __devinit vt8500_serial_probe(struct platform_device *pdev) - vt8500_port->uart.flags = UPF_IOREMAP | UPF_BOOT_AUTOCONF; - - vt8500_port->clk = of_clk_get(pdev->dev.of_node, 0); -- if (vt8500_port->clk) { -+ if (!IS_ERR(vt8500_port->clk)) { - vt8500_port->uart.uartclk = clk_get_rate(vt8500_port->clk); - } else { - /* use the default of 24Mhz if not specified and warn */ -diff --git a/drivers/usb/chipidea/host.c b/drivers/usb/chipidea/host.c -index ebff9f4..7c212f5 100644 ---- a/drivers/usb/chipidea/host.c -+++ b/drivers/usb/chipidea/host.c -@@ -129,6 +129,9 @@ static int host_start(struct ci13xxx *ci) - else - ci->hcd = hcd; - -+ if (ci->platdata->flags & CI13XXX_DISABLE_STREAMING) -+ hw_write(ci, OP_USBMODE, USBMODE_CI_SDIS, USBMODE_CI_SDIS); -+ - return ret; - } - -diff --git a/drivers/usb/serial/io_ti.c b/drivers/usb/serial/io_ti.c -index 60023c2..ed83e7a 100644 ---- a/drivers/usb/serial/io_ti.c -+++ b/drivers/usb/serial/io_ti.c -@@ -534,6 +534,9 @@ static void chase_port(struct edgeport_port *port, unsigned long timeout, - wait_queue_t wait; - unsigned long flags; - -+ if (!tty) -+ return; -+ - if (!timeout) - timeout = (HZ * EDGE_CLOSING_WAIT)/100; - -diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c -index fd47369..f2727e4 100644 ---- a/drivers/usb/serial/option.c -+++ b/drivers/usb/serial/option.c -@@ -450,6 +450,10 @@ static void option_instat_callback(struct urb *urb); - #define PETATEL_VENDOR_ID 0x1ff4 - #define PETATEL_PRODUCT_NP10T 0x600e - -+/* TP-LINK Incorporated products */ -+#define TPLINK_VENDOR_ID 0x2357 -+#define TPLINK_PRODUCT_MA180 0x0201 -+ - /* some devices interfaces need special handling due to a number of reasons */ - enum option_blacklist_reason { - OPTION_BLACKLIST_NONE = 0, -@@ -931,7 +935,8 @@ static const struct usb_device_id option_ids[] = { - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0254, 0xff, 0xff, 0xff) }, - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0257, 0xff, 0xff, 0xff), /* ZTE MF821 */ - .driver_info = (kernel_ulong_t)&net_intf3_blacklist }, -- { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0265, 0xff, 0xff, 0xff) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0265, 0xff, 0xff, 0xff), /* ONDA MT8205 */ -+ .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0284, 0xff, 0xff, 0xff), /* ZTE MF880 */ - .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0317, 0xff, 0xff, 0xff) }, -@@ -1312,6 +1317,8 @@ static const struct usb_device_id option_ids[] = { - { USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_DC_4COM2, 0xff, 0x00, 0x00) }, - { USB_DEVICE(CELLIENT_VENDOR_ID, CELLIENT_PRODUCT_MEN200) }, - { USB_DEVICE(PETATEL_VENDOR_ID, PETATEL_PRODUCT_NP10T) }, -+ { USB_DEVICE(TPLINK_VENDOR_ID, TPLINK_PRODUCT_MA180), -+ .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, - { } /* Terminating entry */ - }; - MODULE_DEVICE_TABLE(usb, option_ids); -diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c -index b91f14e..95ce9d0 100644 ---- a/drivers/xen/grant-table.c -+++ b/drivers/xen/grant-table.c -@@ -56,10 +56,6 @@ - /* External tools reserve first few grant table entries. */ - #define NR_RESERVED_ENTRIES 8 - #define GNTTAB_LIST_END 0xffffffff --#define GREFS_PER_GRANT_FRAME \ --(grant_table_version == 1 ? \ --(PAGE_SIZE / sizeof(struct grant_entry_v1)) : \ --(PAGE_SIZE / sizeof(union grant_entry_v2))) - - static grant_ref_t **gnttab_list; - static unsigned int nr_grant_frames; -@@ -154,6 +150,7 @@ static struct gnttab_ops *gnttab_interface; - static grant_status_t *grstatus; - - static int grant_table_version; -+static int grefs_per_grant_frame; - - static struct gnttab_free_callback *gnttab_free_callback_list; - -@@ -767,12 +764,14 @@ static int grow_gnttab_list(unsigned int more_frames) - unsigned int new_nr_grant_frames, extra_entries, i; - unsigned int nr_glist_frames, new_nr_glist_frames; - -+ BUG_ON(grefs_per_grant_frame == 0); -+ - new_nr_grant_frames = nr_grant_frames + more_frames; -- extra_entries = more_frames * GREFS_PER_GRANT_FRAME; -+ extra_entries = more_frames * grefs_per_grant_frame; - -- nr_glist_frames = (nr_grant_frames * GREFS_PER_GRANT_FRAME + RPP - 1) / RPP; -+ nr_glist_frames = (nr_grant_frames * grefs_per_grant_frame + RPP - 1) / RPP; - new_nr_glist_frames = -- (new_nr_grant_frames * GREFS_PER_GRANT_FRAME + RPP - 1) / RPP; -+ (new_nr_grant_frames * grefs_per_grant_frame + RPP - 1) / RPP; - for (i = nr_glist_frames; i < new_nr_glist_frames; i++) { - gnttab_list[i] = (grant_ref_t *)__get_free_page(GFP_ATOMIC); - if (!gnttab_list[i]) -@@ -780,12 +779,12 @@ static int grow_gnttab_list(unsigned int more_frames) - } - - -- for (i = GREFS_PER_GRANT_FRAME * nr_grant_frames; -- i < GREFS_PER_GRANT_FRAME * new_nr_grant_frames - 1; i++) -+ for (i = grefs_per_grant_frame * nr_grant_frames; -+ i < grefs_per_grant_frame * new_nr_grant_frames - 1; i++) - gnttab_entry(i) = i + 1; - - gnttab_entry(i) = gnttab_free_head; -- gnttab_free_head = GREFS_PER_GRANT_FRAME * nr_grant_frames; -+ gnttab_free_head = grefs_per_grant_frame * nr_grant_frames; - gnttab_free_count += extra_entries; - - nr_grant_frames = new_nr_grant_frames; -@@ -957,7 +956,8 @@ EXPORT_SYMBOL_GPL(gnttab_unmap_refs); - - static unsigned nr_status_frames(unsigned nr_grant_frames) - { -- return (nr_grant_frames * GREFS_PER_GRANT_FRAME + SPP - 1) / SPP; -+ BUG_ON(grefs_per_grant_frame == 0); -+ return (nr_grant_frames * grefs_per_grant_frame + SPP - 1) / SPP; - } - - static int gnttab_map_frames_v1(xen_pfn_t *frames, unsigned int nr_gframes) -@@ -1115,6 +1115,7 @@ static void gnttab_request_version(void) - rc = HYPERVISOR_grant_table_op(GNTTABOP_set_version, &gsv, 1); - if (rc == 0 && gsv.version == 2) { - grant_table_version = 2; -+ grefs_per_grant_frame = PAGE_SIZE / sizeof(union grant_entry_v2); - gnttab_interface = &gnttab_v2_ops; - } else if (grant_table_version == 2) { - /* -@@ -1127,17 +1128,17 @@ static void gnttab_request_version(void) - panic("we need grant tables version 2, but only version 1 is available"); - } else { - grant_table_version = 1; -+ grefs_per_grant_frame = PAGE_SIZE / sizeof(struct grant_entry_v1); - gnttab_interface = &gnttab_v1_ops; - } - printk(KERN_INFO "Grant tables using version %d layout.\n", - grant_table_version); - } - --int gnttab_resume(void) -+static int gnttab_setup(void) - { - unsigned int max_nr_gframes; - -- gnttab_request_version(); - max_nr_gframes = gnttab_max_grant_frames(); - if (max_nr_gframes < nr_grant_frames) - return -ENOSYS; -@@ -1160,6 +1161,12 @@ int gnttab_resume(void) - return 0; - } - -+int gnttab_resume(void) -+{ -+ gnttab_request_version(); -+ return gnttab_setup(); -+} -+ - int gnttab_suspend(void) - { - gnttab_interface->unmap_frames(); -@@ -1171,9 +1178,10 @@ static int gnttab_expand(unsigned int req_entries) - int rc; - unsigned int cur, extra; - -+ BUG_ON(grefs_per_grant_frame == 0); - cur = nr_grant_frames; -- extra = ((req_entries + (GREFS_PER_GRANT_FRAME-1)) / -- GREFS_PER_GRANT_FRAME); -+ extra = ((req_entries + (grefs_per_grant_frame-1)) / -+ grefs_per_grant_frame); - if (cur + extra > gnttab_max_grant_frames()) - return -ENOSPC; - -@@ -1191,21 +1199,23 @@ int gnttab_init(void) - unsigned int nr_init_grefs; - int ret; - -+ gnttab_request_version(); - nr_grant_frames = 1; - boot_max_nr_grant_frames = __max_nr_grant_frames(); - - /* Determine the maximum number of frames required for the - * grant reference free list on the current hypervisor. - */ -+ BUG_ON(grefs_per_grant_frame == 0); - max_nr_glist_frames = (boot_max_nr_grant_frames * -- GREFS_PER_GRANT_FRAME / RPP); -+ grefs_per_grant_frame / RPP); - - gnttab_list = kmalloc(max_nr_glist_frames * sizeof(grant_ref_t *), - GFP_KERNEL); - if (gnttab_list == NULL) - return -ENOMEM; - -- nr_glist_frames = (nr_grant_frames * GREFS_PER_GRANT_FRAME + RPP - 1) / RPP; -+ nr_glist_frames = (nr_grant_frames * grefs_per_grant_frame + RPP - 1) / RPP; - for (i = 0; i < nr_glist_frames; i++) { - gnttab_list[i] = (grant_ref_t *)__get_free_page(GFP_KERNEL); - if (gnttab_list[i] == NULL) { -@@ -1214,12 +1224,12 @@ int gnttab_init(void) - } - } - -- if (gnttab_resume() < 0) { -+ if (gnttab_setup() < 0) { - ret = -ENODEV; - goto ini_nomem; - } - -- nr_init_grefs = nr_grant_frames * GREFS_PER_GRANT_FRAME; -+ nr_init_grefs = nr_grant_frames * grefs_per_grant_frame; - - for (i = NR_RESERVED_ENTRIES; i < nr_init_grefs - 1; i++) - gnttab_entry(i) = i + 1; -diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c -index b3c243b..f89c0e5 100644 ---- a/fs/ext4/inode.c -+++ b/fs/ext4/inode.c -@@ -1503,6 +1503,8 @@ static void ext4_da_block_invalidatepages(struct mpage_da_data *mpd) - - index = mpd->first_page; - end = mpd->next_page - 1; -+ -+ pagevec_init(&pvec, 0); - while (index <= end) { - nr_pages = pagevec_lookup(&pvec, mapping, index, PAGEVEC_SIZE); - if (nr_pages == 0) -diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index 5be8937..fca8bbe 100644 ---- a/include/target/target_core_base.h -+++ b/include/target/target_core_base.h -@@ -734,6 +734,8 @@ struct se_subsystem_dev { - }; - - struct se_device { -+#define SE_DEV_LINK_MAGIC 0xfeeddeef -+ u32 dev_link_magic; - /* RELATIVE TARGET PORT IDENTIFER Counter */ - u16 dev_rpti_counter; - /* Used for SAM Task Attribute ordering */ -@@ -820,6 +822,8 @@ struct se_port_stat_grps { - }; - - struct se_lun { -+#define SE_LUN_LINK_MAGIC 0xffff7771 -+ u32 lun_link_magic; - /* See transport_lun_status_table */ - enum transport_lun_status_table lun_status; - u32 lun_access; -diff --git a/include/uapi/linux/serial_core.h b/include/uapi/linux/serial_core.h -index 7e1ab20..dbb95db 100644 ---- a/include/uapi/linux/serial_core.h -+++ b/include/uapi/linux/serial_core.h -@@ -49,7 +49,9 @@ - #define PORT_XR17D15X 21 /* Exar XR17D15x UART */ - #define PORT_LPC3220 22 /* NXP LPC32xx SoC "Standard" UART */ - #define PORT_8250_CIR 23 /* CIR infrared port, has its own driver */ --#define PORT_MAX_8250 23 /* max port ID */ -+#define PORT_XR17V35X 24 /* Exar XR17V35x UARTs */ -+#define PORT_BRCM_TRUMANAGE 24 -+#define PORT_MAX_8250 25 /* max port ID */ - - /* - * ARM specific type numbers. These are not currently guaranteed -diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c -index 4642c68..a95e198 100644 ---- a/sound/pci/hda/patch_hdmi.c -+++ b/sound/pci/hda/patch_hdmi.c -@@ -1499,7 +1499,7 @@ static int hdmi_chmap_ctl_put(struct snd_kcontrol *kcontrol, - ctl_idx = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id); - substream = snd_pcm_chmap_substream(info, ctl_idx); - if (!substream || !substream->runtime) -- return -EBADFD; -+ return 0; /* just for avoiding error from alsactl restore */ - switch (substream->runtime->status->state) { - case SNDRV_PCM_STATE_OPEN: - case SNDRV_PCM_STATE_SETUP: -diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c -index 0f58b4b..b8d1ad1 100644 ---- a/sound/usb/quirks.c -+++ b/sound/usb/quirks.c -@@ -387,11 +387,13 @@ static int snd_usb_fasttrackpro_boot_quirk(struct usb_device *dev) - * rules - */ - err = usb_driver_set_configuration(dev, 2); -- if (err < 0) { -+ if (err < 0) - snd_printdd("error usb_driver_set_configuration: %d\n", - err); -- return -ENODEV; -- } -+ /* Always return an error, so that we stop creating a device -+ that will just be destroyed and recreated with a new -+ configuration */ -+ return -ENODEV; - } else - snd_printk(KERN_INFO "usb-audio: Fast Track Pro config OK\n"); - diff --git a/3.7.4/4420_grsecurity-2.9.1-3.7.4-201301230048.patch b/3.7.4/4420_grsecurity-2.9.1-3.7.4-201301252226.patch index 3577167..29e3b84 100644 --- a/3.7.4/4420_grsecurity-2.9.1-3.7.4-201301230048.patch +++ b/3.7.4/4420_grsecurity-2.9.1-3.7.4-201301252226.patch @@ -3975,7 +3975,7 @@ index ddcec1e..c7f983e 100644 * This routine handles page faults. It determines the address, * and the problem, and then passes it off to one of the appropriate diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c -index 302d779..ad1772c 100644 +index 302d779..ee9ffb5 100644 --- a/arch/mips/mm/mmap.c +++ b/arch/mips/mm/mmap.c @@ -71,6 +71,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, @@ -4026,7 +4026,19 @@ index 302d779..ad1772c 100644 /* cache the address as a hint for next time */ return mm->free_area_cache = addr - len; } -@@ -165,7 +170,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, +@@ -155,17 +160,17 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, + goto bottomup; + + addr = mm->mmap_base - len; +- if (do_color_align) +- addr = COLOUR_ALIGN_DOWN(addr, pgoff); + + do { ++ if (do_color_align) ++ addr = COLOUR_ALIGN_DOWN(addr, pgoff); + /* + * Lookup failure means no vma is above this address, + * else if new region fits below vma->vm_start, * return with success: */ vma = find_vma(mm, addr); @@ -4035,7 +4047,20 @@ index 302d779..ad1772c 100644 /* cache the address as a hint for next time */ return mm->free_area_cache = addr; } -@@ -242,30 +247,3 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -175,10 +180,8 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, + mm->cached_hole_size = vma->vm_start - addr; + + /* try just below the current vma->vm_start */ +- addr = vma->vm_start - len; +- if (do_color_align) +- addr = COLOUR_ALIGN_DOWN(addr, pgoff); +- } while (likely(len < vma->vm_start)); ++ addr = skip_heap_stack_gap(vma, len); ++ } while (!IS_ERR_VALUE(addr)); + + bottomup: + /* +@@ -242,30 +245,3 @@ void arch_pick_mmap_layout(struct mm_struct *mm) mm->unmap_area = arch_unmap_area_topdown; } } @@ -20012,7 +20037,7 @@ index 16c6365..5d32218 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 974b67e..044111b 100644 +index 974b67e..12cb2b5 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -183,14 +183,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs) @@ -20034,6 +20059,15 @@ index 974b67e..044111b 100644 return (unsigned long)regs; } +@@ -587,7 +586,7 @@ static void ptrace_triggered(struct perf_event *bp, + static unsigned long ptrace_get_dr7(struct perf_event *bp[]) + { + int i; +- int dr7 = 0; ++ unsigned long dr7 = 0; + struct arch_hw_breakpoint *info; + + for (i = 0; i < HBP_NUM; i++) { @@ -855,7 +854,7 @@ long arch_ptrace(struct task_struct *child, long request, unsigned long addr, unsigned long data) { @@ -29096,7 +29130,7 @@ index 7005ced..530d6eb 100644 + *(void **)&x86_io_apic_ops.read = xen_io_apic_read; } diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 586d838..7082fc8 100644 +index 586d838..9181904 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -99,8 +99,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -29108,16 +29142,27 @@ index 586d838..7082fc8 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -523,7 +521,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) +@@ -473,8 +471,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr) + { + unsigned long va = dtr->address; + unsigned int size = dtr->size + 1; +- unsigned pages = (size + PAGE_SIZE - 1) / PAGE_SIZE; +- unsigned long frames[pages]; ++ unsigned long frames[65536 / PAGE_SIZE]; + int f; + + /* +@@ -522,8 +519,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) + { unsigned long va = dtr->address; unsigned int size = dtr->size + 1; - unsigned pages = (size + PAGE_SIZE - 1) / PAGE_SIZE; +- unsigned pages = (size + PAGE_SIZE - 1) / PAGE_SIZE; - unsigned long frames[pages]; + unsigned long frames[65536 / PAGE_SIZE]; int f; /* -@@ -918,21 +916,21 @@ static u32 xen_safe_apic_wait_icr_idle(void) +@@ -918,21 +914,21 @@ static u32 xen_safe_apic_wait_icr_idle(void) static void set_xen_basic_apic_ops(void) { @@ -29152,7 +29197,7 @@ index 586d838..7082fc8 100644 #endif } -@@ -1222,30 +1220,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -1222,30 +1218,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -29190,7 +29235,7 @@ index 586d838..7082fc8 100644 { if (pm_power_off) pm_power_off(); -@@ -1290,14 +1288,14 @@ static const struct machine_ops xen_machine_ops __initconst = { +@@ -1290,14 +1286,14 @@ static const struct machine_ops xen_machine_ops __initconst = { */ static void __init xen_setup_stackprotector(void) { @@ -29209,7 +29254,7 @@ index 586d838..7082fc8 100644 } /* First C function to be called on Xen boot */ -@@ -1315,13 +1313,13 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1315,13 +1311,13 @@ asmlinkage void __init xen_start_kernel(void) /* Install Xen paravirt ops */ pv_info = xen_info; @@ -29229,7 +29274,7 @@ index 586d838..7082fc8 100644 xen_init_time_ops(); -@@ -1347,7 +1345,17 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1347,7 +1343,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -29248,7 +29293,7 @@ index 586d838..7082fc8 100644 xen_setup_features(); -@@ -1376,14 +1384,7 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1376,14 +1382,7 @@ asmlinkage void __init xen_start_kernel(void) pv_mmu_ops.ptep_modify_prot_commit = xen_ptep_modify_prot_commit; } @@ -29264,7 +29309,7 @@ index 586d838..7082fc8 100644 xen_smp_init(); -@@ -1450,7 +1451,7 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1450,7 +1449,7 @@ asmlinkage void __init xen_start_kernel(void) add_preferred_console("tty", 0, NULL); add_preferred_console("hvc", 0, NULL); if (pci_xen) @@ -29273,7 +29318,7 @@ index 586d838..7082fc8 100644 } else { const struct dom0_vga_console_info *info = (void *)((char *)xen_start_info + -@@ -1476,8 +1477,8 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1476,8 +1475,8 @@ asmlinkage void __init xen_start_kernel(void) xen_acpi_sleep_register(); /* Avoid searching for BIOS MP tables */ @@ -29284,7 +29329,7 @@ index 586d838..7082fc8 100644 } #ifdef CONFIG_PCI /* PCI BIOS service won't work from a PV guest. */ -@@ -1583,7 +1584,7 @@ static void __init xen_hvm_guest_init(void) +@@ -1583,7 +1582,7 @@ static void __init xen_hvm_guest_init(void) xen_hvm_smp_init(); register_cpu_notifier(&xen_hvm_cpu_notifier); xen_unplug_emulated_devices(); @@ -44267,7 +44312,7 @@ index 0e7a6f8..332b1ca 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) { diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index fbd9f60..d4edac0 100644 +index fbd9f60..0b845dd 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -33,6 +33,7 @@ @@ -44734,7 +44779,7 @@ index fbd9f60..d4edac0 100644 unsigned int random_variable = 0; +#ifdef CONFIG_PAX_RANDUSTACK -+ if (randomize_va_space) ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) + return stack_top - current->mm->delta_stack; +#endif + @@ -46349,16 +46394,17 @@ index b2a34a1..162fa69 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index c6e6de4..de6841c 100644 +index c6e6de4..fb98879 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -55,6 +55,16 @@ +@@ -55,6 +55,17 @@ #include <linux/pipe_fs_i.h> #include <linux/oom.h> #include <linux/compat.h> +#include <linux/random.h> +#include <linux/seq_file.h> +#include <linux/coredump.h> ++#include <linux/mman.h> + +#ifdef CONFIG_PAX_REFCOUNT +#include <linux/kallsyms.h> @@ -46369,7 +46415,7 @@ index c6e6de4..de6841c 100644 #include <asm/uaccess.h> #include <asm/mmu_context.h> -@@ -66,6 +76,18 @@ +@@ -66,6 +77,18 @@ #include <trace/events/sched.h> @@ -46388,7 +46434,7 @@ index c6e6de4..de6841c 100644 int suid_dumpable = 0; static LIST_HEAD(formats); -@@ -180,18 +202,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -180,18 +203,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, int write) { struct page *page; @@ -46410,7 +46456,7 @@ index c6e6de4..de6841c 100644 return NULL; if (write) { -@@ -207,6 +221,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -207,6 +222,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, if (size <= ARG_MAX) return page; @@ -46428,7 +46474,7 @@ index c6e6de4..de6841c 100644 /* * Limit to 1/4-th the stack size for the argv+env strings. * This ensures that: -@@ -266,6 +291,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -266,6 +292,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) vma->vm_end = STACK_TOP_MAX; vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; @@ -46440,7 +46486,7 @@ index c6e6de4..de6841c 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); INIT_LIST_HEAD(&vma->anon_vma_chain); -@@ -276,6 +306,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -276,6 +307,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) mm->stack_vm = mm->total_vm = 1; up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); @@ -46453,7 +46499,7 @@ index c6e6de4..de6841c 100644 return 0; err: up_write(&mm->mmap_sem); -@@ -384,19 +420,7 @@ err: +@@ -384,19 +421,7 @@ err: return err; } @@ -46474,7 +46520,7 @@ index c6e6de4..de6841c 100644 { const char __user *native; -@@ -405,14 +429,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) +@@ -405,14 +430,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) compat_uptr_t compat; if (get_user(compat, argv.ptr.compat + nr)) @@ -46491,7 +46537,7 @@ index c6e6de4..de6841c 100644 return native; } -@@ -431,11 +455,12 @@ static int count(struct user_arg_ptr argv, int max) +@@ -431,11 +456,12 @@ static int count(struct user_arg_ptr argv, int max) if (!p) break; @@ -46506,7 +46552,7 @@ index c6e6de4..de6841c 100644 if (fatal_signal_pending(current)) return -ERESTARTNOHAND; -@@ -465,7 +490,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, +@@ -465,7 +491,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, ret = -EFAULT; str = get_user_arg_ptr(argv, argc); @@ -46515,7 +46561,7 @@ index c6e6de4..de6841c 100644 goto out; len = strnlen_user(str, MAX_ARG_STRLEN); -@@ -547,7 +572,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, +@@ -547,7 +573,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, int r; mm_segment_t oldfs = get_fs(); struct user_arg_ptr argv = { @@ -46524,7 +46570,7 @@ index c6e6de4..de6841c 100644 }; set_fs(KERNEL_DS); -@@ -582,7 +607,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -582,7 +608,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather tlb; @@ -46534,7 +46580,7 @@ index c6e6de4..de6841c 100644 /* * ensure there are no vmas between where we want to go -@@ -591,6 +617,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -591,6 +618,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -46545,7 +46591,7 @@ index c6e6de4..de6841c 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -671,10 +701,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -671,10 +702,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -46556,7 +46602,7 @@ index c6e6de4..de6841c 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -686,8 +712,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -686,8 +713,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -46585,7 +46631,7 @@ index c6e6de4..de6841c 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -706,13 +752,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -706,13 +753,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev != vma); @@ -46599,7 +46645,35 @@ index c6e6de4..de6841c 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; -@@ -771,6 +810,8 @@ struct file *open_exec(const char *name) +@@ -736,6 +776,27 @@ int setup_arg_pages(struct linux_binprm *bprm, + #endif + current->mm->start_stack = bprm->p; + ret = expand_stack(vma, stack_base); ++ ++#if !defined(CONFIG_STACK_GROWSUP) && defined(CONFIG_PAX_ASLR) ++ if (!ret && (mm->pax_flags & MF_PAX_RANDMMAP) && STACK_TOP <= 0xFFFFFFFFU && STACK_TOP > vma->vm_end) { ++ unsigned long size, flags, vm_flags; ++ ++ size = STACK_TOP - vma->vm_end; ++ flags = MAP_FIXED | MAP_PRIVATE; ++ vm_flags = VM_NONE | VM_DONTEXPAND | VM_DONTDUMP; ++ ++ ret = vma->vm_end != mmap_region(NULL, vma->vm_end, size, flags, vm_flags, 0); ++ ++#ifdef CONFIG_X86 ++ if (!ret) { ++ size = mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT)); ++ ret = 0 != mmap_region(NULL, 0, size, flags, vm_flags, 0); ++ } ++#endif ++ ++ } ++#endif ++ + if (ret) + ret = -EFAULT; + +@@ -771,6 +832,8 @@ struct file *open_exec(const char *name) fsnotify_open(file); @@ -46608,7 +46682,7 @@ index c6e6de4..de6841c 100644 err = deny_write_access(file); if (err) goto exit; -@@ -794,7 +835,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -794,7 +857,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -46617,7 +46691,7 @@ index c6e6de4..de6841c 100644 set_fs(old_fs); return result; } -@@ -1246,7 +1287,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1246,7 +1309,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -46626,7 +46700,7 @@ index c6e6de4..de6841c 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1449,6 +1490,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) +@@ -1449,6 +1512,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) EXPORT_SYMBOL(search_binary_handler); @@ -46655,7 +46729,7 @@ index c6e6de4..de6841c 100644 /* * sys_execve() executes a new program. */ -@@ -1457,6 +1520,11 @@ static int do_execve_common(const char *filename, +@@ -1457,6 +1542,11 @@ static int do_execve_common(const char *filename, struct user_arg_ptr envp, struct pt_regs *regs) { @@ -46667,7 +46741,7 @@ index c6e6de4..de6841c 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1464,6 +1532,8 @@ static int do_execve_common(const char *filename, +@@ -1464,6 +1554,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred = current_cred(); @@ -46676,7 +46750,7 @@ index c6e6de4..de6841c 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1504,12 +1574,27 @@ static int do_execve_common(const char *filename, +@@ -1504,12 +1596,27 @@ static int do_execve_common(const char *filename, if (IS_ERR(file)) goto out_unmark; @@ -46704,7 +46778,7 @@ index c6e6de4..de6841c 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1526,24 +1611,65 @@ static int do_execve_common(const char *filename, +@@ -1526,24 +1633,65 @@ static int do_execve_common(const char *filename, if (retval < 0) goto out; @@ -46774,7 +46848,7 @@ index c6e6de4..de6841c 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1552,6 +1678,14 @@ static int do_execve_common(const char *filename, +@@ -1552,6 +1700,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; @@ -46789,7 +46863,7 @@ index c6e6de4..de6841c 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1727,3 +1861,253 @@ int kernel_execve(const char *filename, +@@ -1727,3 +1883,253 @@ int kernel_execve(const char *filename, ret_from_kernel_execve(p); } #endif |