From f9485db814f9d879537995025ddb683fc02cea52 Mon Sep 17 00:00:00 2001
From: "Anthony G. Basile" <blueness@gentoo.org>
Date: Tue, 27 Mar 2012 09:44:00 -0400
Subject: Grsec/PaX: 2.9-{2.6.32.59,3.2.13,3.3.0}-201203251921

---
 3.2.13/1012_linux-3.2.13.patch | 433 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 433 insertions(+)
 create mode 100644 3.2.13/1012_linux-3.2.13.patch

(limited to '3.2.13/1012_linux-3.2.13.patch')

diff --git a/3.2.13/1012_linux-3.2.13.patch b/3.2.13/1012_linux-3.2.13.patch
new file mode 100644
index 0000000..98feeb7
--- /dev/null
+++ b/3.2.13/1012_linux-3.2.13.patch
@@ -0,0 +1,433 @@
+diff --git a/arch/powerpc/platforms/powermac/smp.c b/arch/powerpc/platforms/powermac/smp.c
+index 9b6a820..3394254 100644
+--- a/arch/powerpc/platforms/powermac/smp.c
++++ b/arch/powerpc/platforms/powermac/smp.c
+@@ -414,7 +414,7 @@ static struct irqaction psurge_irqaction = {
+ 
+ static void __init smp_psurge_setup_cpu(int cpu_nr)
+ {
+-	if (cpu_nr != 0)
++	if (cpu_nr != 0 || !psurge_start)
+ 		return;
+ 
+ 	/* reset the entry point so if we get another intr we won't
+diff --git a/drivers/net/wireless/iwlegacy/iwl-3945.c b/drivers/net/wireless/iwlegacy/iwl-3945.c
+index f7c0a74..7d1aa7c 100644
+--- a/drivers/net/wireless/iwlegacy/iwl-3945.c
++++ b/drivers/net/wireless/iwlegacy/iwl-3945.c
+@@ -1870,11 +1870,12 @@ static void iwl3945_bg_reg_txpower_periodic(struct work_struct *work)
+ 	struct iwl_priv *priv = container_of(work, struct iwl_priv,
+ 					     _3945.thermal_periodic.work);
+ 
+-	if (test_bit(STATUS_EXIT_PENDING, &priv->status))
+-		return;
+-
+ 	mutex_lock(&priv->mutex);
++	if (test_bit(STATUS_EXIT_PENDING, &priv->status) || priv->txq == NULL)
++		goto out;
++
+ 	iwl3945_reg_txpower_periodic(priv);
++out:
+ 	mutex_unlock(&priv->mutex);
+ }
+ 
+diff --git a/drivers/net/wireless/iwlegacy/iwl3945-base.c b/drivers/net/wireless/iwlegacy/iwl3945-base.c
+index 05f2ad1..b3d9f3f 100644
+--- a/drivers/net/wireless/iwlegacy/iwl3945-base.c
++++ b/drivers/net/wireless/iwlegacy/iwl3945-base.c
+@@ -2513,7 +2513,7 @@ static void iwl3945_bg_alive_start(struct work_struct *data)
+ 	    container_of(data, struct iwl_priv, alive_start.work);
+ 
+ 	mutex_lock(&priv->mutex);
+-	if (test_bit(STATUS_EXIT_PENDING, &priv->status))
++	if (test_bit(STATUS_EXIT_PENDING, &priv->status) || priv->txq == NULL)
+ 		goto out;
+ 
+ 	iwl3945_alive_start(priv);
+diff --git a/fs/afs/internal.h b/fs/afs/internal.h
+index d2b0888..a306bb6 100644
+--- a/fs/afs/internal.h
++++ b/fs/afs/internal.h
+@@ -109,7 +109,7 @@ struct afs_call {
+ 	unsigned		reply_size;	/* current size of reply */
+ 	unsigned		first_offset;	/* offset into mapping[first] */
+ 	unsigned		last_to;	/* amount of mapping[last] */
+-	unsigned short		offset;		/* offset into received data store */
++	unsigned		offset;		/* offset into received data store */
+ 	unsigned char		unmarshall;	/* unmarshalling phase */
+ 	bool			incoming;	/* T if incoming call */
+ 	bool			send_pages;	/* T if data from mapping should be sent */
+diff --git a/fs/afs/rxrpc.c b/fs/afs/rxrpc.c
+index e45a323..8ad8c2a 100644
+--- a/fs/afs/rxrpc.c
++++ b/fs/afs/rxrpc.c
+@@ -314,6 +314,7 @@ int afs_make_call(struct in_addr *addr, struct afs_call *call, gfp_t gfp,
+ 	struct msghdr msg;
+ 	struct kvec iov[1];
+ 	int ret;
++	struct sk_buff *skb;
+ 
+ 	_enter("%x,{%d},", addr->s_addr, ntohs(call->port));
+ 
+@@ -380,6 +381,8 @@ int afs_make_call(struct in_addr *addr, struct afs_call *call, gfp_t gfp,
+ 
+ error_do_abort:
+ 	rxrpc_kernel_abort_call(rxcall, RX_USER_ABORT);
++	while ((skb = skb_dequeue(&call->rx_queue)))
++		afs_free_skb(skb);
+ 	rxrpc_kernel_end_call(rxcall);
+ 	call->rxcall = NULL;
+ error_kill_call:
+diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c
+index d327140..35a8970 100644
+--- a/fs/nilfs2/the_nilfs.c
++++ b/fs/nilfs2/the_nilfs.c
+@@ -515,6 +515,7 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs,
+ 		brelse(sbh[1]);
+ 		sbh[1] = NULL;
+ 		sbp[1] = NULL;
++		valid[1] = 0;
+ 		swp = 0;
+ 	}
+ 	if (!valid[swp]) {
+diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
+index 90f6544..769c0e9 100644
+--- a/net/ipv4/syncookies.c
++++ b/net/ipv4/syncookies.c
+@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
+ 	struct rtable *rt;
+ 	__u8 rcv_wscale;
+ 	bool ecn_ok = false;
++	struct flowi4 fl4;
+ 
+ 	if (!sysctl_tcp_syncookies || !th->ack || th->rst)
+ 		goto out;
+@@ -346,20 +347,16 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
+ 	 * hasn't changed since we received the original syn, but I see
+ 	 * no easy way to do this.
+ 	 */
+-	{
+-		struct flowi4 fl4;
+-
+-		flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
+-				   RT_SCOPE_UNIVERSE, IPPROTO_TCP,
+-				   inet_sk_flowi_flags(sk),
+-				   (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
+-				   ireq->loc_addr, th->source, th->dest);
+-		security_req_classify_flow(req, flowi4_to_flowi(&fl4));
+-		rt = ip_route_output_key(sock_net(sk), &fl4);
+-		if (IS_ERR(rt)) {
+-			reqsk_free(req);
+-			goto out;
+-		}
++	flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
++			   RT_SCOPE_UNIVERSE, IPPROTO_TCP,
++			   inet_sk_flowi_flags(sk),
++			   (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
++			   ireq->loc_addr, th->source, th->dest);
++	security_req_classify_flow(req, flowi4_to_flowi(&fl4));
++	rt = ip_route_output_key(sock_net(sk), &fl4);
++	if (IS_ERR(rt)) {
++		reqsk_free(req);
++		goto out;
+ 	}
+ 
+ 	/* Try to redo what tcp_v4_send_synack did. */
+@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
+ 	ireq->rcv_wscale  = rcv_wscale;
+ 
+ 	ret = get_cookie_sock(sk, skb, req, &rt->dst);
++	/* ip_queue_xmit() depends on our flow being setup
++	 * Normal sockets get it right from inet_csk_route_child_sock()
++	 */
++	if (ret)
++		inet_sk(ret)->cork.fl.u.ip4 = fl4;
+ out:	return ret;
+ }
+diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
+index eb90aa8..de69cec 100644
+--- a/net/ipv4/tcp_ipv4.c
++++ b/net/ipv4/tcp_ipv4.c
+@@ -1465,9 +1465,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
+ 		inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
+ 	newinet->inet_id = newtp->write_seq ^ jiffies;
+ 
+-	if (!dst && (dst = inet_csk_route_child_sock(sk, newsk, req)) == NULL)
+-		goto put_and_exit;
+-
++	if (!dst) {
++		dst = inet_csk_route_child_sock(sk, newsk, req);
++		if (!dst)
++			goto put_and_exit;
++	} else {
++		/* syncookie case : see end of cookie_v4_check() */
++	}
+ 	sk_setup_caps(newsk, dst);
+ 
+ 	tcp_mtup_init(newsk);
+diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
+index ee7839f..2257366 100644
+--- a/net/ipv6/mcast.c
++++ b/net/ipv6/mcast.c
+@@ -257,7 +257,6 @@ static struct inet6_dev *ip6_mc_find_dev_rcu(struct net *net,
+ 
+ 		if (rt) {
+ 			dev = rt->rt6i_dev;
+-			dev_hold(dev);
+ 			dst_release(&rt->dst);
+ 		}
+ 	} else
+diff --git a/tools/perf/arch/powerpc/util/header.c b/tools/perf/arch/powerpc/util/header.c
+index eba80c2..2f7073d 100644
+--- a/tools/perf/arch/powerpc/util/header.c
++++ b/tools/perf/arch/powerpc/util/header.c
+@@ -25,7 +25,7 @@ get_cpuid(char *buffer, size_t sz)
+ 
+ 	pvr = mfspr(SPRN_PVR);
+ 
+-	nb = snprintf(buffer, sz, "%lu,%lu$", PVR_VER(pvr), PVR_REV(pvr));
++	nb = scnprintf(buffer, sz, "%lu,%lu$", PVR_VER(pvr), PVR_REV(pvr));
+ 
+ 	/* look for end marker to ensure the entire data fit */
+ 	if (strchr(buffer, '$')) {
+diff --git a/tools/perf/arch/x86/util/header.c b/tools/perf/arch/x86/util/header.c
+index f940060..146d12a 100644
+--- a/tools/perf/arch/x86/util/header.c
++++ b/tools/perf/arch/x86/util/header.c
+@@ -48,7 +48,7 @@ get_cpuid(char *buffer, size_t sz)
+ 		if (family >= 0x6)
+ 			model += ((a >> 16) & 0xf) << 4;
+ 	}
+-	nb = snprintf(buffer, sz, "%s,%u,%u,%u$", vendor, family, model, step);
++	nb = scnprintf(buffer, sz, "%s,%u,%u,%u$", vendor, family, model, step);
+ 
+ 	/* look for end marker to ensure the entire data fit */
+ 	if (strchr(buffer, '$')) {
+diff --git a/tools/perf/util/color.c b/tools/perf/util/color.c
+index 521c38a..11e46da1 100644
+--- a/tools/perf/util/color.c
++++ b/tools/perf/util/color.c
+@@ -1,3 +1,4 @@
++#include <linux/kernel.h>
+ #include "cache.h"
+ #include "color.h"
+ 
+@@ -182,12 +183,12 @@ static int __color_vsnprintf(char *bf, size_t size, const char *color,
+ 	}
+ 
+ 	if (perf_use_color_default && *color)
+-		r += snprintf(bf, size, "%s", color);
+-	r += vsnprintf(bf + r, size - r, fmt, args);
++		r += scnprintf(bf, size, "%s", color);
++	r += vscnprintf(bf + r, size - r, fmt, args);
+ 	if (perf_use_color_default && *color)
+-		r += snprintf(bf + r, size - r, "%s", PERF_COLOR_RESET);
++		r += scnprintf(bf + r, size - r, "%s", PERF_COLOR_RESET);
+ 	if (trail)
+-		r += snprintf(bf + r, size - r, "%s", trail);
++		r += scnprintf(bf + r, size - r, "%s", trail);
+ 	return r;
+ }
+ 
+diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
+index 33c17a2..2cd88c1 100644
+--- a/tools/perf/util/header.c
++++ b/tools/perf/util/header.c
+@@ -1227,7 +1227,7 @@ int build_id_cache__add_s(const char *sbuild_id, const char *debugdir,
+ 	if (realname == NULL || filename == NULL || linkname == NULL)
+ 		goto out_free;
+ 
+-	len = snprintf(filename, size, "%s%s%s",
++	len = scnprintf(filename, size, "%s%s%s",
+ 		       debugdir, is_kallsyms ? "/" : "", realname);
+ 	if (mkdir_p(filename, 0755))
+ 		goto out_free;
+@@ -1242,7 +1242,7 @@ int build_id_cache__add_s(const char *sbuild_id, const char *debugdir,
+ 			goto out_free;
+ 	}
+ 
+-	len = snprintf(linkname, size, "%s/.build-id/%.2s",
++	len = scnprintf(linkname, size, "%s/.build-id/%.2s",
+ 		       debugdir, sbuild_id);
+ 
+ 	if (access(linkname, X_OK) && mkdir_p(linkname, 0755))
+diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c
+index abef270..216e33a 100644
+--- a/tools/perf/util/hist.c
++++ b/tools/perf/util/hist.c
+@@ -767,7 +767,7 @@ static int hist_entry__pcnt_snprintf(struct hist_entry *self, char *s,
+ 						     sep ? "%.2f" : "   %6.2f%%",
+ 						     (period * 100.0) / total);
+ 		else
+-			ret = snprintf(s, size, sep ? "%.2f" : "   %6.2f%%",
++			ret = scnprintf(s, size, sep ? "%.2f" : "   %6.2f%%",
+ 				       (period * 100.0) / total);
+ 		if (symbol_conf.show_cpu_utilization) {
+ 			ret += percent_color_snprintf(s + ret, size - ret,
+@@ -790,20 +790,20 @@ static int hist_entry__pcnt_snprintf(struct hist_entry *self, char *s,
+ 			}
+ 		}
+ 	} else
+-		ret = snprintf(s, size, sep ? "%" PRIu64 : "%12" PRIu64 " ", period);
++		ret = scnprintf(s, size, sep ? "%" PRIu64 : "%12" PRIu64 " ", period);
+ 
+ 	if (symbol_conf.show_nr_samples) {
+ 		if (sep)
+-			ret += snprintf(s + ret, size - ret, "%c%" PRIu64, *sep, nr_events);
++			ret += scnprintf(s + ret, size - ret, "%c%" PRIu64, *sep, nr_events);
+ 		else
+-			ret += snprintf(s + ret, size - ret, "%11" PRIu64, nr_events);
++			ret += scnprintf(s + ret, size - ret, "%11" PRIu64, nr_events);
+ 	}
+ 
+ 	if (symbol_conf.show_total_period) {
+ 		if (sep)
+-			ret += snprintf(s + ret, size - ret, "%c%" PRIu64, *sep, period);
++			ret += scnprintf(s + ret, size - ret, "%c%" PRIu64, *sep, period);
+ 		else
+-			ret += snprintf(s + ret, size - ret, " %12" PRIu64, period);
++			ret += scnprintf(s + ret, size - ret, " %12" PRIu64, period);
+ 	}
+ 
+ 	if (pair_hists) {
+@@ -818,25 +818,25 @@ static int hist_entry__pcnt_snprintf(struct hist_entry *self, char *s,
+ 		diff = new_percent - old_percent;
+ 
+ 		if (fabs(diff) >= 0.01)
+-			snprintf(bf, sizeof(bf), "%+4.2F%%", diff);
++			ret += scnprintf(bf, sizeof(bf), "%+4.2F%%", diff);
+ 		else
+-			snprintf(bf, sizeof(bf), " ");
++			ret += scnprintf(bf, sizeof(bf), " ");
+ 
+ 		if (sep)
+-			ret += snprintf(s + ret, size - ret, "%c%s", *sep, bf);
++			ret += scnprintf(s + ret, size - ret, "%c%s", *sep, bf);
+ 		else
+-			ret += snprintf(s + ret, size - ret, "%11.11s", bf);
++			ret += scnprintf(s + ret, size - ret, "%11.11s", bf);
+ 
+ 		if (show_displacement) {
+ 			if (displacement)
+-				snprintf(bf, sizeof(bf), "%+4ld", displacement);
++				ret += scnprintf(bf, sizeof(bf), "%+4ld", displacement);
+ 			else
+-				snprintf(bf, sizeof(bf), " ");
++				ret += scnprintf(bf, sizeof(bf), " ");
+ 
+ 			if (sep)
+-				ret += snprintf(s + ret, size - ret, "%c%s", *sep, bf);
++				ret += scnprintf(s + ret, size - ret, "%c%s", *sep, bf);
+ 			else
+-				ret += snprintf(s + ret, size - ret, "%6.6s", bf);
++				ret += scnprintf(s + ret, size - ret, "%6.6s", bf);
+ 		}
+ 	}
+ 
+@@ -854,7 +854,7 @@ int hist_entry__snprintf(struct hist_entry *he, char *s, size_t size,
+ 		if (se->elide)
+ 			continue;
+ 
+-		ret += snprintf(s + ret, size - ret, "%s", sep ?: "  ");
++		ret += scnprintf(s + ret, size - ret, "%s", sep ?: "  ");
+ 		ret += se->se_snprintf(he, s + ret, size - ret,
+ 				       hists__col_len(hists, se->se_width_idx));
+ 	}
+diff --git a/tools/perf/util/sort.c b/tools/perf/util/sort.c
+index 16da30d..076c9d4 100644
+--- a/tools/perf/util/sort.c
++++ b/tools/perf/util/sort.c
+@@ -33,6 +33,9 @@ static int repsep_snprintf(char *bf, size_t size, const char *fmt, ...)
+ 		}
+ 	}
+ 	va_end(ap);
++
++	if (n >= (int)size)
++		return size - 1;
+ 	return n;
+ }
+ 
+diff --git a/tools/perf/util/strbuf.c b/tools/perf/util/strbuf.c
+index 92e0685..2eeb51b 100644
+--- a/tools/perf/util/strbuf.c
++++ b/tools/perf/util/strbuf.c
+@@ -1,4 +1,5 @@
+ #include "cache.h"
++#include <linux/kernel.h>
+ 
+ int prefixcmp(const char *str, const char *prefix)
+ {
+@@ -89,14 +90,14 @@ void strbuf_addf(struct strbuf *sb, const char *fmt, ...)
+ 	if (!strbuf_avail(sb))
+ 		strbuf_grow(sb, 64);
+ 	va_start(ap, fmt);
+-	len = vsnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap);
++	len = vscnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap);
+ 	va_end(ap);
+ 	if (len < 0)
+-		die("your vsnprintf is broken");
++		die("your vscnprintf is broken");
+ 	if (len > strbuf_avail(sb)) {
+ 		strbuf_grow(sb, len);
+ 		va_start(ap, fmt);
+-		len = vsnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap);
++		len = vscnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap);
+ 		va_end(ap);
+ 		if (len > strbuf_avail(sb)) {
+ 			die("this should not happen, your snprintf is broken");
+diff --git a/tools/perf/util/ui/browsers/hists.c b/tools/perf/util/ui/browsers/hists.c
+index d0c94b4..81c9fa5 100644
+--- a/tools/perf/util/ui/browsers/hists.c
++++ b/tools/perf/util/ui/browsers/hists.c
+@@ -839,15 +839,15 @@ static int hists__browser_title(struct hists *self, char *bf, size_t size,
+ 	unsigned long nr_events = self->stats.nr_events[PERF_RECORD_SAMPLE];
+ 
+ 	nr_events = convert_unit(nr_events, &unit);
+-	printed = snprintf(bf, size, "Events: %lu%c %s", nr_events, unit, ev_name);
++	printed = scnprintf(bf, size, "Events: %lu%c %s", nr_events, unit, ev_name);
+ 
+ 	if (thread)
+-		printed += snprintf(bf + printed, size - printed,
++		printed += scnprintf(bf + printed, size - printed,
+ 				    ", Thread: %s(%d)",
+ 				    (thread->comm_set ? thread->comm : ""),
+ 				    thread->pid);
+ 	if (dso)
+-		printed += snprintf(bf + printed, size - printed,
++		printed += scnprintf(bf + printed, size - printed,
+ 				    ", DSO: %s", dso->short_name);
+ 	return printed;
+ }
+@@ -1097,7 +1097,7 @@ static void perf_evsel_menu__write(struct ui_browser *browser,
+ 						       HE_COLORSET_NORMAL);
+ 
+ 	nr_events = convert_unit(nr_events, &unit);
+-	printed = snprintf(bf, sizeof(bf), "%lu%c%s%s", nr_events,
++	printed = scnprintf(bf, sizeof(bf), "%lu%c%s%s", nr_events,
+ 			   unit, unit == ' ' ? "" : " ", ev_name);
+ 	slsmg_printf("%s", bf);
+ 
+@@ -1107,8 +1107,8 @@ static void perf_evsel_menu__write(struct ui_browser *browser,
+ 		if (!current_entry)
+ 			ui_browser__set_color(browser, HE_COLORSET_TOP);
+ 		nr_events = convert_unit(nr_events, &unit);
+-		snprintf(bf, sizeof(bf), ": %ld%c%schunks LOST!", nr_events,
+-			 unit, unit == ' ' ? "" : " ");
++		printed += scnprintf(bf, sizeof(bf), ": %ld%c%schunks LOST!",
++				     nr_events, unit, unit == ' ' ? "" : " ");
+ 		warn = bf;
+ 	}
+ 
+diff --git a/tools/perf/util/ui/helpline.c b/tools/perf/util/ui/helpline.c
+index 6ef3c56..f50f81c 100644
+--- a/tools/perf/util/ui/helpline.c
++++ b/tools/perf/util/ui/helpline.c
+@@ -65,7 +65,7 @@ int ui_helpline__show_help(const char *format, va_list ap)
+ 	static int backlog;
+ 
+ 	pthread_mutex_lock(&ui__lock);
+-	ret = vsnprintf(ui_helpline__last_msg + backlog,
++	ret = vscnprintf(ui_helpline__last_msg + backlog,
+ 			sizeof(ui_helpline__last_msg) - backlog, format, ap);
+ 	backlog += ret;
+ 
-- 
cgit v1.2.3-65-gdbad