diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2011-03-22 10:49:26 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2011-03-22 10:49:26 +0000 |
commit | 5002b2448f71b396b396d20c61e94923c4ddf67c (patch) | |
tree | 36e3b1da70629b14b4d89d1efa42df1b20b2a033 | |
parent | c2035a9e763d1241d8dc49d8d4421d6575c9e424 (diff) | |
download | aports-5002b2448f71b396b396d20c61e94923c4ddf67c.tar.bz2 aports-5002b2448f71b396b396d20c61e94923c4ddf67c.tar.xz |
main/linux-grsec: upgrade to 2.2.1-2.6.37.4-201103211735
-rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.2.1-2.6.37.4-201103211735.patch (renamed from main/linux-grsec/grsecurity-2.2.1-2.6.37.4-201103181755.patch) | 452 |
2 files changed, 346 insertions, 112 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index b651428a5c..f16e5a398b 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=2.6.37.4 _kernver=2.6.37 -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 - grsecurity-2.2.1-2.6.37.4-201103181755.patch + grsecurity-2.2.1-2.6.37.4-201103211735.patch 0001-xfrm-use-gre-key-as-flow-upper-protocol-info.patch xfrm-fix-gre-key-endianess.patch @@ -139,7 +139,7 @@ dev() { md5sums="c8ee37b4fdccdb651e0603d35350b434 linux-2.6.37.tar.bz2 5e5ad9a86f9a29cd2c1b8a171d89f9aa patch-2.6.37.4.bz2 -8eaf591770212b48784cfedba86924fa grsecurity-2.2.1-2.6.37.4-201103181755.patch +c899986fc86ab17b6a1ffb34be54bfe5 grsecurity-2.2.1-2.6.37.4-201103211735.patch 3152851c31bfa8c54660dbb84d75b38d 0001-xfrm-use-gre-key-as-flow-upper-protocol-info.patch ea7a7eb2775b71ae5ef24d029a4905bd xfrm-fix-gre-key-endianess.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch diff --git a/main/linux-grsec/grsecurity-2.2.1-2.6.37.4-201103181755.patch b/main/linux-grsec/grsecurity-2.2.1-2.6.37.4-201103211735.patch index 23e0183059..d402c08e94 100644 --- a/main/linux-grsec/grsecurity-2.2.1-2.6.37.4-201103181755.patch +++ b/main/linux-grsec/grsecurity-2.2.1-2.6.37.4-201103211735.patch @@ -3223,7 +3223,7 @@ diff -urNp linux-2.6.37.4/arch/powerpc/mm/mmap_64.c linux-2.6.37.4/arch/powerpc/ } diff -urNp linux-2.6.37.4/arch/powerpc/mm/slice.c linux-2.6.37.4/arch/powerpc/mm/slice.c --- linux-2.6.37.4/arch/powerpc/mm/slice.c 2011-01-04 19:50:19.000000000 -0500 -+++ linux-2.6.37.4/arch/powerpc/mm/slice.c 2011-01-17 02:41:00.000000000 -0500 ++++ linux-2.6.37.4/arch/powerpc/mm/slice.c 2011-03-21 17:35:08.000000000 -0400 @@ -98,7 +98,7 @@ static int slice_area_is_free(struct mm_ if ((mm->task_size - len) < addr) return 0; @@ -3242,7 +3242,25 @@ diff -urNp linux-2.6.37.4/arch/powerpc/mm/slice.c linux-2.6.37.4/arch/powerpc/mm /* * Remember the place where we stopped the search: */ -@@ -336,7 +336,7 @@ static unsigned long slice_find_area_top +@@ -313,10 +313,14 @@ static unsigned long slice_find_area_top + } + } + +- addr = mm->mmap_base; +- while (addr > len) { ++ if (mm->mmap_base < len) ++ addr = -ENOMEM; ++ else ++ addr = mm->mmap_base - len; ++ ++ while (!IS_ERR_VALUE(addr)) { + /* Go down by chunk size */ +- addr = _ALIGN_DOWN(addr - len, 1ul << pshift); ++ addr = _ALIGN_DOWN(addr, 1ul << pshift); + + /* Check for hit with different page size */ + mask = slice_range_to_mask(addr, len); +@@ -336,7 +340,7 @@ static unsigned long slice_find_area_top * return with success: */ vma = find_vma(mm, addr); @@ -3251,7 +3269,16 @@ diff -urNp linux-2.6.37.4/arch/powerpc/mm/slice.c linux-2.6.37.4/arch/powerpc/mm /* remember the address as a hint for next time */ if (use_cache) mm->free_area_cache = addr; -@@ -426,6 +426,11 @@ unsigned long slice_get_unmapped_area(un +@@ -348,7 +352,7 @@ static unsigned long slice_find_area_top + mm->cached_hole_size = vma->vm_start - addr; + + /* try just below the current vma->vm_start */ +- addr = vma->vm_start; ++ addr = skip_heap_stack_gap(vma, len); + } + + /* +@@ -426,6 +430,11 @@ unsigned long slice_get_unmapped_area(un if (fixed && addr > (mm->task_size - len)) return -EINVAL; @@ -3762,7 +3789,7 @@ diff -urNp linux-2.6.37.4/arch/sh/mm/consistent.c linux-2.6.37.4/arch/sh/mm/cons static int __init dma_init(void) diff -urNp linux-2.6.37.4/arch/sh/mm/mmap.c linux-2.6.37.4/arch/sh/mm/mmap.c --- linux-2.6.37.4/arch/sh/mm/mmap.c 2011-01-04 19:50:19.000000000 -0500 -+++ linux-2.6.37.4/arch/sh/mm/mmap.c 2011-01-17 02:41:00.000000000 -0500 ++++ linux-2.6.37.4/arch/sh/mm/mmap.c 2011-03-21 17:35:08.000000000 -0400 @@ -74,8 +74,7 @@ unsigned long arch_get_unmapped_area(str addr = PAGE_ALIGN(addr); @@ -3801,7 +3828,21 @@ diff -urNp linux-2.6.37.4/arch/sh/mm/mmap.c linux-2.6.37.4/arch/sh/mm/mmap.c /* remember the address as a hint for next time */ return (mm->free_area_cache = addr-len); } -@@ -199,7 +197,7 @@ arch_get_unmapped_area_topdown(struct fi +@@ -188,18 +186,18 @@ arch_get_unmapped_area_topdown(struct fi + if (unlikely(mm->mmap_base < len)) + goto bottomup; + +- addr = mm->mmap_base-len; +- if (do_colour_align) +- addr = COLOUR_ALIGN_DOWN(addr, pgoff); ++ addr = mm->mmap_base - len; + + do { ++ if (do_colour_align) ++ addr = COLOUR_ALIGN_DOWN(addr, pgoff); + /* + * Lookup failure means no vma is above this address, + * else if new region fits below vma->vm_start, * return with success: */ vma = find_vma(mm, addr); @@ -3810,6 +3851,19 @@ diff -urNp linux-2.6.37.4/arch/sh/mm/mmap.c linux-2.6.37.4/arch/sh/mm/mmap.c /* remember the address as a hint for next time */ return (mm->free_area_cache = addr); } +@@ -209,10 +207,8 @@ arch_get_unmapped_area_topdown(struct fi + mm->cached_hole_size = vma->vm_start - addr; + + /* try just below the current vma->vm_start */ +- addr = vma->vm_start-len; +- if (do_colour_align) +- addr = COLOUR_ALIGN_DOWN(addr, pgoff); +- } while (likely(len < vma->vm_start)); ++ addr = skip_heap_stack_gap(vma, len); ++ } while (!IS_ERR_VALUE(addr)); + + bottomup: + /* diff -urNp linux-2.6.37.4/arch/sparc/include/asm/atomic_64.h linux-2.6.37.4/arch/sparc/include/asm/atomic_64.h --- linux-2.6.37.4/arch/sparc/include/asm/atomic_64.h 2011-01-04 19:50:19.000000000 -0500 +++ linux-2.6.37.4/arch/sparc/include/asm/atomic_64.h 2011-01-17 02:41:00.000000000 -0500 @@ -4458,7 +4512,7 @@ diff -urNp linux-2.6.37.4/arch/sparc/kernel/sys_sparc_32.c linux-2.6.37.4/arch/s if (flags & MAP_SHARED) diff -urNp linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c --- linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c 2011-01-04 19:50:19.000000000 -0500 -+++ linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c 2011-01-17 02:41:00.000000000 -0500 ++++ linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c 2011-03-21 17:35:08.000000000 -0400 @@ -124,7 +124,7 @@ unsigned long arch_get_unmapped_area(str /* We do not accept a shared mapping if it would violate * cache aliasing constraints. @@ -4544,7 +4598,21 @@ diff -urNp linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c linux-2.6.37.4/arch/s /* remember the address as a hint for next time */ return (mm->free_area_cache = addr-len); } -@@ -278,7 +280,7 @@ arch_get_unmapped_area_topdown(struct fi +@@ -267,18 +269,18 @@ arch_get_unmapped_area_topdown(struct fi + if (unlikely(mm->mmap_base < len)) + goto bottomup; + +- addr = mm->mmap_base-len; +- if (do_color_align) +- addr = COLOUR_ALIGN_DOWN(addr, pgoff); ++ addr = mm->mmap_base - len; + + do { ++ if (do_color_align) ++ addr = COLOUR_ALIGN_DOWN(addr, pgoff); + /* + * Lookup failure means no vma is above this address, + * else if new region fits below vma->vm_start, * return with success: */ vma = find_vma(mm, addr); @@ -4553,7 +4621,20 @@ diff -urNp linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c linux-2.6.37.4/arch/s /* remember the address as a hint for next time */ return (mm->free_area_cache = addr); } -@@ -385,6 +387,12 @@ void arch_pick_mmap_layout(struct mm_str +@@ -288,10 +290,8 @@ arch_get_unmapped_area_topdown(struct fi + mm->cached_hole_size = vma->vm_start - addr; + + /* try just below the current vma->vm_start */ +- addr = vma->vm_start-len; +- if (do_color_align) +- addr = COLOUR_ALIGN_DOWN(addr, pgoff); +- } while (likely(len < vma->vm_start)); ++ addr = skip_heap_stack_gap(vma, len); ++ } while (!IS_ERR_VALUE(addr)); + + bottomup: + /* +@@ -385,6 +385,12 @@ void arch_pick_mmap_layout(struct mm_str gap == RLIM_INFINITY || sysctl_legacy_va_layout) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; @@ -4566,7 +4647,7 @@ diff -urNp linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c linux-2.6.37.4/arch/s mm->get_unmapped_area = arch_get_unmapped_area; mm->unmap_area = arch_unmap_area; } else { -@@ -397,6 +405,12 @@ void arch_pick_mmap_layout(struct mm_str +@@ -397,6 +403,12 @@ void arch_pick_mmap_layout(struct mm_str gap = (task_size / 6 * 5); mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor); @@ -5811,7 +5892,7 @@ diff -urNp linux-2.6.37.4/arch/sparc/mm/fault_64.c linux-2.6.37.4/arch/sparc/mm/ * was no match. So in such a case we (carefully) read the diff -urNp linux-2.6.37.4/arch/sparc/mm/hugetlbpage.c linux-2.6.37.4/arch/sparc/mm/hugetlbpage.c --- linux-2.6.37.4/arch/sparc/mm/hugetlbpage.c 2011-01-04 19:50:19.000000000 -0500 -+++ linux-2.6.37.4/arch/sparc/mm/hugetlbpage.c 2011-01-17 02:41:00.000000000 -0500 ++++ linux-2.6.37.4/arch/sparc/mm/hugetlbpage.c 2011-03-21 17:35:08.000000000 -0400 @@ -68,7 +68,7 @@ full_search: } return -ENOMEM; @@ -5830,7 +5911,18 @@ diff -urNp linux-2.6.37.4/arch/sparc/mm/hugetlbpage.c linux-2.6.37.4/arch/sparc/ /* remember the address as a hint for next time */ return (mm->free_area_cache = addr-len); } -@@ -125,7 +125,7 @@ hugetlb_get_unmapped_area_topdown(struct +@@ -116,16 +116,17 @@ hugetlb_get_unmapped_area_topdown(struct + if (unlikely(mm->mmap_base < len)) + goto bottomup; + +- addr = (mm->mmap_base-len) & HPAGE_MASK; ++ addr = mm->mmap_base - len; + + do { ++ addr &= HPAGE_MASK; + /* + * Lookup failure means no vma is above this address, + * else if new region fits below vma->vm_start, * return with success: */ vma = find_vma(mm, addr); @@ -5839,7 +5931,18 @@ diff -urNp linux-2.6.37.4/arch/sparc/mm/hugetlbpage.c linux-2.6.37.4/arch/sparc/ /* remember the address as a hint for next time */ return (mm->free_area_cache = addr); } -@@ -182,8 +182,7 @@ hugetlb_get_unmapped_area(struct file *f +@@ -135,8 +136,8 @@ hugetlb_get_unmapped_area_topdown(struct + mm->cached_hole_size = vma->vm_start - addr; + + /* try just below the current vma->vm_start */ +- addr = (vma->vm_start-len) & HPAGE_MASK; +- } while (likely(len < vma->vm_start)); ++ addr = skip_heap_stack_gap(vma, len); ++ } while (!IS_ERR_VALUE(addr)); + + bottomup: + /* +@@ -182,8 +183,7 @@ hugetlb_get_unmapped_area(struct file *f if (addr) { addr = ALIGN(addr, HPAGE_SIZE); vma = find_vma(mm, addr); @@ -7463,7 +7566,7 @@ diff -urNp linux-2.6.37.4/arch/x86/include/asm/cpufeature.h linux-2.6.37.4/arch/ ".previous\n" diff -urNp linux-2.6.37.4/arch/x86/include/asm/desc_defs.h linux-2.6.37.4/arch/x86/include/asm/desc_defs.h --- linux-2.6.37.4/arch/x86/include/asm/desc_defs.h 2011-01-04 19:50:19.000000000 -0500 -+++ linux-2.6.37.4/arch/x86/include/asm/desc_defs.h 2011-02-27 14:48:10.000000000 -0500 ++++ linux-2.6.37.4/arch/x86/include/asm/desc_defs.h 2011-03-21 17:16:23.000000000 -0400 @@ -31,6 +31,12 @@ struct desc_struct { unsigned base1: 8, type: 4, s: 1, dpl: 2, p: 1; unsigned limit: 4, avl: 1, l: 1, d: 1, g: 1, base2: 8; @@ -7473,13 +7576,13 @@ diff -urNp linux-2.6.37.4/arch/x86/include/asm/desc_defs.h linux-2.6.37.4/arch/x + u16 seg; + unsigned reserved: 8, type: 4, s: 1, dpl: 2, p: 1; + unsigned offset_high: 16; -+ }; ++ } gate; }; } __attribute__((packed)); diff -urNp linux-2.6.37.4/arch/x86/include/asm/desc.h linux-2.6.37.4/arch/x86/include/asm/desc.h --- linux-2.6.37.4/arch/x86/include/asm/desc.h 2011-01-04 19:50:19.000000000 -0500 -+++ linux-2.6.37.4/arch/x86/include/asm/desc.h 2011-02-27 14:48:10.000000000 -0500 ++++ linux-2.6.37.4/arch/x86/include/asm/desc.h 2011-03-21 17:16:23.000000000 -0400 @@ -4,6 +4,7 @@ #include <asm/desc_defs.h> #include <asm/ldt.h> @@ -7523,14 +7626,14 @@ diff -urNp linux-2.6.37.4/arch/x86/include/asm/desc.h linux-2.6.37.4/arch/x86/in - gate->a = (seg << 16) | (base & 0xffff); - gate->b = (base & 0xffff0000) | - (((0x80 | type | (dpl << 5)) & 0xff) << 8); -+ gate->offset_low = base; -+ gate->seg = seg; -+ gate->reserved = 0; -+ gate->type = type; -+ gate->s = 0; -+ gate->dpl = dpl; -+ gate->p = 1; -+ gate->offset_high = base >> 16; ++ gate->gate.offset_low = base; ++ gate->gate.seg = seg; ++ gate->gate.reserved = 0; ++ gate->gate.type = type; ++ gate->gate.s = 0; ++ gate->gate.dpl = dpl; ++ gate->gate.p = 1; ++ gate->gate.offset_high = base >> 16; } #endif @@ -10418,7 +10521,7 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/acpi/wakeup_32.S linux-2.6.37.4/arch/x jmp bogus_magic diff -urNp linux-2.6.37.4/arch/x86/kernel/alternative.c linux-2.6.37.4/arch/x86/kernel/alternative.c --- linux-2.6.37.4/arch/x86/kernel/alternative.c 2011-01-04 19:50:19.000000000 -0500 -+++ linux-2.6.37.4/arch/x86/kernel/alternative.c 2011-01-17 02:41:01.000000000 -0500 ++++ linux-2.6.37.4/arch/x86/kernel/alternative.c 2011-03-21 17:35:08.000000000 -0400 @@ -248,7 +248,7 @@ static void alternatives_smp_lock(const if (!*poff || ptr < text || ptr >= text_end) continue; @@ -10520,7 +10623,21 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/alternative.c linux-2.6.37.4/arch/x86/ return addr; } -@@ -645,9 +635,9 @@ void *__kprobes text_poke_smp(void *addr +@@ -612,6 +602,13 @@ static int __kprobes stop_machine_text_p + + flush_icache_range((unsigned long)tpp->addr, + (unsigned long)tpp->addr + tpp->len); ++ ++ /* ++ * Intel Archiecture Software Developer's Manual section 7.1.3 specifies ++ * that a core serializing instruction such as "cpuid" should be ++ * executed on _each_ core before the new instruction is made visible. ++ */ ++ sync_core(); + return 0; + } + +@@ -645,9 +642,9 @@ void *__kprobes text_poke_smp(void *addr #if defined(CONFIG_DYNAMIC_FTRACE) || defined(HAVE_JUMP_LABEL) #ifdef CONFIG_X86_64 @@ -13861,7 +13978,7 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/process.c linux-2.6.37.4/arch/x86/kern - diff -urNp linux-2.6.37.4/arch/x86/kernel/ptrace.c linux-2.6.37.4/arch/x86/kernel/ptrace.c --- linux-2.6.37.4/arch/x86/kernel/ptrace.c 2011-01-04 19:50:19.000000000 -0500 -+++ linux-2.6.37.4/arch/x86/kernel/ptrace.c 2011-01-17 02:41:01.000000000 -0500 ++++ linux-2.6.37.4/arch/x86/kernel/ptrace.c 2011-03-21 17:16:23.000000000 -0400 @@ -805,7 +805,7 @@ long arch_ptrace(struct task_struct *chi unsigned long addr, unsigned long data) { @@ -13897,6 +14014,24 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/ptrace.c linux-2.6.37.4/arch/x86/kerne } void user_single_step_siginfo(struct task_struct *tsk, +@@ -1347,7 +1347,7 @@ void send_sigtrap(struct task_struct *ts + * We must return the syscall number to actually look up in the table. + * This can be -1L to skip running any syscall at all. + */ +-asmregparm long syscall_trace_enter(struct pt_regs *regs) ++long syscall_trace_enter(struct pt_regs *regs) + { + long ret = 0; + +@@ -1392,7 +1392,7 @@ asmregparm long syscall_trace_enter(stru + return ret ?: regs->orig_ax; + } + +-asmregparm void syscall_trace_leave(struct pt_regs *regs) ++void syscall_trace_leave(struct pt_regs *regs) + { + bool step; + diff -urNp linux-2.6.37.4/arch/x86/kernel/reboot.c linux-2.6.37.4/arch/x86/kernel/reboot.c --- linux-2.6.37.4/arch/x86/kernel/reboot.c 2011-01-04 19:50:19.000000000 -0500 +++ linux-2.6.37.4/arch/x86/kernel/reboot.c 2011-01-17 02:41:01.000000000 -0500 @@ -14223,7 +14358,7 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/syscall_table_32.S linux-2.6.37.4/arch .long sys_exit diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_i386_32.c linux-2.6.37.4/arch/x86/kernel/sys_i386_32.c --- linux-2.6.37.4/arch/x86/kernel/sys_i386_32.c 2011-01-04 19:50:19.000000000 -0500 -+++ linux-2.6.37.4/arch/x86/kernel/sys_i386_32.c 2011-01-17 02:41:01.000000000 -0500 ++++ linux-2.6.37.4/arch/x86/kernel/sys_i386_32.c 2011-03-21 17:35:08.000000000 -0400 @@ -24,17 +24,224 @@ #include <asm/syscalls.h> @@ -14425,8 +14560,8 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_i386_32.c linux-2.6.37.4/arch/x86/ + mm->cached_hole_size = vma->vm_start - addr; + + /* try just below the current vma->vm_start */ -+ addr = vma->vm_start-len; -+ } while (len < vma->vm_start); ++ addr = skip_heap_stack_gap(vma, len); ++ } while (!IS_ERR_VALUE(addr)); + +bottomup: + /* @@ -14463,7 +14598,7 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_i386_32.c linux-2.6.37.4/arch/x86/ } diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c --- linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c 2011-01-04 19:50:19.000000000 -0500 -+++ linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c 2011-01-17 02:41:01.000000000 -0500 ++++ linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c 2011-03-21 17:35:08.000000000 -0400 @@ -32,8 +32,8 @@ out: return error; } @@ -14525,7 +14660,7 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c linux-2.6.37.4/arch/x86/k /* requested length too big for entire address space */ if (len > TASK_SIZE) -@@ -141,12 +144,15 @@ arch_get_unmapped_area_topdown(struct fi +@@ -141,13 +144,18 @@ arch_get_unmapped_area_topdown(struct fi if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) goto bottomup; @@ -14536,14 +14671,19 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c linux-2.6.37.4/arch/x86/k /* requesting a specific address */ if (addr) { addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); +- vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) -+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len)) - return addr; +- return addr; ++ if (TASK_SIZE - len >= addr) { ++ vma = find_vma(mm, addr); ++ if (check_heap_stack_gap(vma, addr, len)) ++ return addr; ++ } } -@@ -162,7 +168,7 @@ arch_get_unmapped_area_topdown(struct fi + /* check if free_area_cache is useful for us */ +@@ -162,7 +170,7 @@ arch_get_unmapped_area_topdown(struct fi /* make sure it can fit in the remaining address space */ if (addr > len) { vma = find_vma(mm, addr-len); @@ -14552,7 +14692,7 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c linux-2.6.37.4/arch/x86/k /* remember the address as a hint for next time */ return mm->free_area_cache = addr-len; } -@@ -179,7 +185,7 @@ arch_get_unmapped_area_topdown(struct fi +@@ -179,7 +187,7 @@ arch_get_unmapped_area_topdown(struct fi * return with success: */ vma = find_vma(mm, addr); @@ -14561,7 +14701,18 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c linux-2.6.37.4/arch/x86/k /* remember the address as a hint for next time */ return mm->free_area_cache = addr; -@@ -198,13 +204,21 @@ bottomup: +@@ -188,8 +196,8 @@ arch_get_unmapped_area_topdown(struct fi + mm->cached_hole_size = vma->vm_start - addr; + + /* try just below the current vma->vm_start */ +- addr = vma->vm_start-len; +- } while (len < vma->vm_start); ++ addr = skip_heap_stack_gap(vma, len); ++ } while (!IS_ERR_VALUE(addr)); + + bottomup: + /* +@@ -198,13 +206,21 @@ bottomup: * can happen with large stack limits and large mmap() * allocations. */ @@ -18062,7 +18213,7 @@ diff -urNp linux-2.6.37.4/arch/x86/mm/highmem_32.c linux-2.6.37.4/arch/x86/mm/hi } diff -urNp linux-2.6.37.4/arch/x86/mm/hugetlbpage.c linux-2.6.37.4/arch/x86/mm/hugetlbpage.c --- linux-2.6.37.4/arch/x86/mm/hugetlbpage.c 2011-01-04 19:50:19.000000000 -0500 -+++ linux-2.6.37.4/arch/x86/mm/hugetlbpage.c 2011-01-17 02:41:01.000000000 -0500 ++++ linux-2.6.37.4/arch/x86/mm/hugetlbpage.c 2011-03-21 17:35:08.000000000 -0400 @@ -266,13 +266,20 @@ static unsigned long hugetlb_get_unmappe struct hstate *h = hstate_file(file); struct mm_struct *mm = current->mm; @@ -18136,7 +18287,7 @@ diff -urNp linux-2.6.37.4/arch/x86/mm/hugetlbpage.c linux-2.6.37.4/arch/x86/mm/h /* don't allow allocations above current base */ if (mm->free_area_cache > base) -@@ -321,7 +328,7 @@ static unsigned long hugetlb_get_unmappe +@@ -321,64 +328,63 @@ static unsigned long hugetlb_get_unmappe largest_hole = 0; mm->free_area_cache = base; } @@ -18145,10 +18296,12 @@ diff -urNp linux-2.6.37.4/arch/x86/mm/hugetlbpage.c linux-2.6.37.4/arch/x86/mm/h /* make sure it can fit in the remaining address space */ if (mm->free_area_cache < len) goto fail; -@@ -329,33 +336,27 @@ try_again: + /* either no address requested or cant fit in requested address hole */ - addr = (mm->free_area_cache - len) & huge_page_mask(h); +- addr = (mm->free_area_cache - len) & huge_page_mask(h); ++ addr = (mm->free_area_cache - len); do { ++ addr &= huge_page_mask(h); + vma = find_vma(mm, addr); /* * Lookup failure means no vma is above this address, @@ -18188,8 +18341,10 @@ diff -urNp linux-2.6.37.4/arch/x86/mm/hugetlbpage.c linux-2.6.37.4/arch/x86/mm/h + largest_hole = vma->vm_start - addr; /* try just below the current vma->vm_start */ - addr = (vma->vm_start - len) & huge_page_mask(h); -@@ -363,22 +364,26 @@ try_again: +- addr = (vma->vm_start - len) & huge_page_mask(h); +- } while (len <= vma->vm_start); ++ addr = skip_heap_stack_gap(vma, len); ++ } while (!IS_ERR_VALUE(addr)); fail: /* @@ -18227,7 +18382,7 @@ diff -urNp linux-2.6.37.4/arch/x86/mm/hugetlbpage.c linux-2.6.37.4/arch/x86/mm/h mm->cached_hole_size = ~0UL; addr = hugetlb_get_unmapped_area_bottomup(file, addr0, len, pgoff, flags); -@@ -386,6 +391,7 @@ fail: +@@ -386,6 +392,7 @@ fail: /* * Restore the topdown base: */ @@ -18235,7 +18390,7 @@ diff -urNp linux-2.6.37.4/arch/x86/mm/hugetlbpage.c linux-2.6.37.4/arch/x86/mm/h mm->free_area_cache = base; mm->cached_hole_size = ~0UL; -@@ -399,10 +405,19 @@ hugetlb_get_unmapped_area(struct file *f +@@ -399,10 +406,19 @@ hugetlb_get_unmapped_area(struct file *f struct hstate *h = hstate_file(file); struct mm_struct *mm = current->mm; struct vm_area_struct *vma; @@ -18256,7 +18411,7 @@ diff -urNp linux-2.6.37.4/arch/x86/mm/hugetlbpage.c linux-2.6.37.4/arch/x86/mm/h return -ENOMEM; if (flags & MAP_FIXED) { -@@ -414,8 +429,7 @@ hugetlb_get_unmapped_area(struct file *f +@@ -414,8 +430,7 @@ hugetlb_get_unmapped_area(struct file *f if (addr) { addr = ALIGN(addr, huge_page_size(h)); vma = find_vma(mm, addr); @@ -24366,6 +24521,18 @@ diff -urNp linux-2.6.37.4/drivers/char/tpm/tpm_bios.c linux-2.6.37.4/drivers/cha memcpy(log->bios_event_log, virt, len); +diff -urNp linux-2.6.37.4/drivers/char/tpm/tpm.c linux-2.6.37.4/drivers/char/tpm/tpm.c +--- linux-2.6.37.4/drivers/char/tpm/tpm.c 2011-02-27 14:49:17.000000000 -0500 ++++ linux-2.6.37.4/drivers/char/tpm/tpm.c 2011-03-21 17:16:23.000000000 -0400 +@@ -413,7 +413,7 @@ static ssize_t tpm_transmit(struct tpm_c + chip->vendor.req_complete_val) + goto out_recv; + +- if ((status == chip->vendor.req_canceled)) { ++ if (status == chip->vendor.req_canceled) { + dev_err(chip->dev, "Operation Canceled\n"); + rc = -ECANCELED; + goto out; diff -urNp linux-2.6.37.4/drivers/cpuidle/sysfs.c linux-2.6.37.4/drivers/cpuidle/sysfs.c --- linux-2.6.37.4/drivers/cpuidle/sysfs.c 2011-01-04 19:50:19.000000000 -0500 +++ linux-2.6.37.4/drivers/cpuidle/sysfs.c 2011-01-17 02:41:01.000000000 -0500 @@ -25912,6 +26079,18 @@ diff -urNp linux-2.6.37.4/drivers/md/bitmap.c linux-2.6.37.4/drivers/md/bitmap.c # endif #endif +diff -urNp linux-2.6.37.4/drivers/md/dm-ioctl.c linux-2.6.37.4/drivers/md/dm-ioctl.c +--- linux-2.6.37.4/drivers/md/dm-ioctl.c 2011-01-04 19:50:19.000000000 -0500 ++++ linux-2.6.37.4/drivers/md/dm-ioctl.c 2011-03-21 17:16:23.000000000 -0400 +@@ -1488,7 +1488,7 @@ static int validate_params(uint cmd, str + cmd == DM_LIST_VERSIONS_CMD) + return 0; + +- if ((cmd == DM_DEV_CREATE_CMD)) { ++ if (cmd == DM_DEV_CREATE_CMD) { + if (!*param->name) { + DMWARN("name not supplied when creating device"); + return -EINVAL; diff -urNp linux-2.6.37.4/drivers/md/dm-table.c linux-2.6.37.4/drivers/md/dm-table.c --- linux-2.6.37.4/drivers/md/dm-table.c 2011-01-04 19:50:19.000000000 -0500 +++ linux-2.6.37.4/drivers/md/dm-table.c 2011-01-17 02:41:01.000000000 -0500 @@ -27392,6 +27571,22 @@ diff -urNp linux-2.6.37.4/drivers/pci/intel-iommu.c linux-2.6.37.4/drivers/pci/i .alloc_coherent = intel_alloc_coherent, .free_coherent = intel_free_coherent, .map_sg = intel_map_sg, +diff -urNp linux-2.6.37.4/drivers/pci/pcie/aspm.c linux-2.6.37.4/drivers/pci/pcie/aspm.c +--- linux-2.6.37.4/drivers/pci/pcie/aspm.c 2011-01-04 19:50:19.000000000 -0500 ++++ linux-2.6.37.4/drivers/pci/pcie/aspm.c 2011-03-21 17:16:23.000000000 -0400 +@@ -27,9 +27,9 @@ + #define MODULE_PARAM_PREFIX "pcie_aspm." + + /* Note: those are not register definitions */ +-#define ASPM_STATE_L0S_UP (1) /* Upstream direction L0s state */ +-#define ASPM_STATE_L0S_DW (2) /* Downstream direction L0s state */ +-#define ASPM_STATE_L1 (4) /* L1 state */ ++#define ASPM_STATE_L0S_UP (1U) /* Upstream direction L0s state */ ++#define ASPM_STATE_L0S_DW (2U) /* Downstream direction L0s state */ ++#define ASPM_STATE_L1 (4U) /* L1 state */ + #define ASPM_STATE_L0S (ASPM_STATE_L0S_UP | ASPM_STATE_L0S_DW) + #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) + diff -urNp linux-2.6.37.4/drivers/pci/pcie/portdrv_pci.c linux-2.6.37.4/drivers/pci/pcie/portdrv_pci.c --- linux-2.6.37.4/drivers/pci/pcie/portdrv_pci.c 2011-01-04 19:50:19.000000000 -0500 +++ linux-2.6.37.4/drivers/pci/pcie/portdrv_pci.c 2011-01-17 02:41:01.000000000 -0500 @@ -28569,6 +28764,18 @@ diff -urNp linux-2.6.37.4/drivers/tty/vt/keyboard.c linux-2.6.37.4/drivers/tty/v }; MODULE_DEVICE_TABLE(input, kbd_ids); +diff -urNp linux-2.6.37.4/drivers/tty/vt/vt.c linux-2.6.37.4/drivers/tty/vt/vt.c +--- linux-2.6.37.4/drivers/tty/vt/vt.c 2011-02-27 14:49:17.000000000 -0500 ++++ linux-2.6.37.4/drivers/tty/vt/vt.c 2011-03-21 17:16:23.000000000 -0400 +@@ -254,7 +254,7 @@ EXPORT_SYMBOL_GPL(unregister_vt_notifier + + static void notify_write(struct vc_data *vc, unsigned int unicode) + { +- struct vt_notifier_param param = { .vc = vc, unicode = unicode }; ++ struct vt_notifier_param param = { .vc = vc, .c = unicode }; + atomic_notifier_call_chain(&vt_notifier_list, VT_WRITE, ¶m); + } + diff -urNp linux-2.6.37.4/drivers/tty/vt/vt_ioctl.c linux-2.6.37.4/drivers/tty/vt/vt_ioctl.c --- linux-2.6.37.4/drivers/tty/vt/vt_ioctl.c 2011-01-04 19:50:19.000000000 -0500 +++ linux-2.6.37.4/drivers/tty/vt/vt_ioctl.c 2011-01-17 02:41:01.000000000 -0500 @@ -43913,8 +44120,8 @@ diff -urNp linux-2.6.37.4/grsecurity/grsum.c linux-2.6.37.4/grsecurity/grsum.c +} diff -urNp linux-2.6.37.4/grsecurity/Kconfig linux-2.6.37.4/grsecurity/Kconfig --- linux-2.6.37.4/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.37.4/grsecurity/Kconfig 2011-03-11 19:17:02.000000000 -0500 -@@ -0,0 +1,1017 @@ ++++ linux-2.6.37.4/grsecurity/Kconfig 2011-03-21 17:10:07.000000000 -0400 +@@ -0,0 +1,1021 @@ +# +# grecurity configuration +# @@ -44251,6 +44458,10 @@ diff -urNp linux-2.6.37.4/grsecurity/Kconfig linux-2.6.37.4/grsecurity/Kconfig +menu "Role Based Access Control Options" +depends on GRKERNSEC + ++config GRKERNSEC_RBAC_DEBUG ++ bool ++ default n ++ +config GRKERNSEC_NO_RBAC + bool "Disable RBAC system" + help @@ -48159,7 +48370,7 @@ diff -urNp linux-2.6.37.4/include/linux/rmap.h linux-2.6.37.4/include/linux/rmap diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sched.h --- linux-2.6.37.4/include/linux/sched.h 2011-01-04 19:50:19.000000000 -0500 -+++ linux-2.6.37.4/include/linux/sched.h 2011-01-17 02:41:02.000000000 -0500 ++++ linux-2.6.37.4/include/linux/sched.h 2011-03-21 17:35:08.000000000 -0400 @@ -100,6 +100,7 @@ struct robust_list_head; struct bio_list; struct fs_struct; @@ -48168,7 +48379,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch /* * List of flags we want to share for kernel threads, -@@ -377,10 +378,12 @@ struct user_namespace; +@@ -377,10 +378,13 @@ struct user_namespace; #define DEFAULT_MAX_MAP_COUNT (USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN) extern int sysctl_max_map_count; @@ -48177,11 +48388,12 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch #include <linux/aio.h> #ifdef CONFIG_MMU -+extern bool check_heap_stack_gap(struct vm_area_struct *vma, unsigned long addr, unsigned long len); ++extern bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len); ++extern unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len); extern void arch_pick_mmap_layout(struct mm_struct *mm); extern unsigned long arch_get_unmapped_area(struct file *, unsigned long, unsigned long, -@@ -624,6 +627,16 @@ struct signal_struct { +@@ -624,6 +628,16 @@ struct signal_struct { struct tty_audit_buf *tty_audit_buf; #endif @@ -48198,7 +48410,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch int oom_adj; /* OOM kill score adjustment (bit shift) */ int oom_score_adj; /* OOM kill score adjustment */ -@@ -1181,7 +1194,7 @@ enum perf_event_task_context { +@@ -1181,7 +1195,7 @@ enum perf_event_task_context { struct task_struct { volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */ @@ -48207,7 +48419,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch atomic_t usage; unsigned int flags; /* per process flags, defined below */ unsigned int ptrace; -@@ -1291,8 +1304,8 @@ struct task_struct { +@@ -1291,8 +1305,8 @@ struct task_struct { struct list_head thread_group; struct completion *vfork_done; /* for vfork() */ @@ -48218,7 +48430,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch cputime_t utime, stime, utimescaled, stimescaled; cputime_t gtime; -@@ -1308,13 +1321,6 @@ struct task_struct { +@@ -1308,13 +1322,6 @@ struct task_struct { struct task_cputime cputime_expires; struct list_head cpu_timers[3]; @@ -48232,7 +48444,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch char comm[TASK_COMM_LEN]; /* executable name excluding path - access with [gs]et_task_comm (which lock it with task_lock()) -@@ -1333,6 +1339,10 @@ struct task_struct { +@@ -1333,6 +1340,10 @@ struct task_struct { struct thread_struct thread; /* filesystem information */ struct fs_struct *fs; @@ -48243,7 +48455,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch /* open file information */ struct files_struct *files; /* namespaces */ -@@ -1379,6 +1389,11 @@ struct task_struct { +@@ -1379,6 +1390,11 @@ struct task_struct { struct rt_mutex_waiter *pi_blocked_on; #endif @@ -48255,7 +48467,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch #ifdef CONFIG_DEBUG_MUTEXES /* mutex deadlock detection */ struct mutex_waiter *blocked_on; -@@ -1483,6 +1498,20 @@ struct task_struct { +@@ -1483,6 +1499,20 @@ struct task_struct { unsigned long default_timer_slack_ns; struct list_head *scm_work_list; @@ -48276,7 +48488,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch #ifdef CONFIG_FUNCTION_GRAPH_TRACER /* Index of current stored address in ret_stack */ int curr_ret_stack; -@@ -1514,6 +1543,52 @@ struct task_struct { +@@ -1514,6 +1544,52 @@ struct task_struct { #endif }; @@ -48329,7 +48541,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -2134,7 +2209,7 @@ extern void __cleanup_sighand(struct sig +@@ -2134,7 +2210,7 @@ extern void __cleanup_sighand(struct sig extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -48338,7 +48550,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch extern void daemonize(const char *, ...); extern int allow_signal(int); -@@ -2259,8 +2334,8 @@ static inline void unlock_task_sighand(s +@@ -2259,8 +2335,8 @@ static inline void unlock_task_sighand(s #ifndef __HAVE_THREAD_FUNCTIONS @@ -48349,7 +48561,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch static inline void setup_thread_stack(struct task_struct *p, struct task_struct *org) { -@@ -2275,13 +2350,17 @@ static inline unsigned long *end_of_stac +@@ -2275,13 +2351,17 @@ static inline unsigned long *end_of_stac #endif @@ -53788,7 +54000,7 @@ diff -urNp linux-2.6.37.4/mm/mlock.c linux-2.6.37.4/mm/mlock.c ret = do_mlockall(flags); diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c --- linux-2.6.37.4/mm/mmap.c 2011-01-04 19:50:19.000000000 -0500 -+++ linux-2.6.37.4/mm/mmap.c 2011-02-12 11:36:29.000000000 -0500 ++++ linux-2.6.37.4/mm/mmap.c 2011-03-21 17:35:08.000000000 -0400 @@ -45,6 +45,16 @@ #define arch_rebalance_pgtables(addr, len) (addr) #endif @@ -54176,11 +54388,11 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1372,6 +1528,33 @@ unacct_error: +@@ -1372,6 +1528,44 @@ unacct_error: return error; } -+bool check_heap_stack_gap(struct vm_area_struct *vma, unsigned long addr, unsigned long len) ++bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len) +{ + if (!vma) { +#ifdef CONFIG_STACK_GROWSUP @@ -54207,10 +54419,21 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c + return true; +} + ++unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len) ++{ ++ if (vma->vm_start < len) ++ return -ENOMEM; ++ if (!(vma->vm_flags & VM_GROWSDOWN)) ++ return vma->vm_start - len; ++ if (sysctl_heap_stack_gap <= vma->vm_start - len) ++ return vma->vm_start - len - sysctl_heap_stack_gap; ++ return -ENOMEM; ++} ++ /* Get an address range which is currently unmapped. * For shmat() with addr=0. * -@@ -1398,18 +1581,23 @@ arch_get_unmapped_area(struct file *filp +@@ -1398,18 +1592,23 @@ arch_get_unmapped_area(struct file *filp if (flags & MAP_FIXED) return addr; @@ -54241,7 +54464,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c } full_search: -@@ -1420,34 +1608,40 @@ full_search: +@@ -1420,34 +1619,40 @@ full_search: * Start a new search - just in case we missed * some holes. */ @@ -54293,7 +54516,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c mm->free_area_cache = addr; mm->cached_hole_size = ~0UL; } -@@ -1465,7 +1659,7 @@ arch_get_unmapped_area_topdown(struct fi +@@ -1465,7 +1670,7 @@ arch_get_unmapped_area_topdown(struct fi { struct vm_area_struct *vma; struct mm_struct *mm = current->mm; @@ -54302,7 +54525,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c /* requested length too big for entire address space */ if (len > TASK_SIZE) -@@ -1474,13 +1668,18 @@ arch_get_unmapped_area_topdown(struct fi +@@ -1474,13 +1679,18 @@ arch_get_unmapped_area_topdown(struct fi if (flags & MAP_FIXED) return addr; @@ -54325,7 +54548,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c } /* check if free_area_cache is useful for us */ -@@ -1495,7 +1694,7 @@ arch_get_unmapped_area_topdown(struct fi +@@ -1495,7 +1705,7 @@ arch_get_unmapped_area_topdown(struct fi /* make sure it can fit in the remaining address space */ if (addr > len) { vma = find_vma(mm, addr-len); @@ -54334,7 +54557,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c /* remember the address as a hint for next time */ return (mm->free_area_cache = addr-len); } -@@ -1512,7 +1711,7 @@ arch_get_unmapped_area_topdown(struct fi +@@ -1512,7 +1722,7 @@ arch_get_unmapped_area_topdown(struct fi * return with success: */ vma = find_vma(mm, addr); @@ -54343,7 +54566,18 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c /* remember the address as a hint for next time */ return (mm->free_area_cache = addr); -@@ -1531,13 +1730,21 @@ bottomup: +@@ -1521,8 +1731,8 @@ arch_get_unmapped_area_topdown(struct fi + mm->cached_hole_size = vma->vm_start - addr; + + /* try just below the current vma->vm_start */ +- addr = vma->vm_start-len; +- } while (len < vma->vm_start); ++ addr = skip_heap_stack_gap(vma, len); ++ } while (!IS_ERR_VALUE(addr)); + + bottomup: + /* +@@ -1531,13 +1741,21 @@ bottomup: * can happen with large stack limits and large mmap() * allocations. */ @@ -54367,7 +54601,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c mm->cached_hole_size = ~0UL; return addr; -@@ -1546,6 +1753,12 @@ bottomup: +@@ -1546,6 +1764,12 @@ bottomup: void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) { @@ -54380,7 +54614,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c /* * Is this a new hole at the highest possible address? */ -@@ -1553,8 +1766,10 @@ void arch_unmap_area_topdown(struct mm_s +@@ -1553,8 +1777,10 @@ void arch_unmap_area_topdown(struct mm_s mm->free_area_cache = addr; /* dont allow allocations above current base */ @@ -54392,7 +54626,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c } unsigned long -@@ -1662,6 +1877,28 @@ out: +@@ -1662,6 +1888,28 @@ out: return prev ? prev->vm_next : vma; } @@ -54421,7 +54655,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -1678,6 +1915,7 @@ static int acct_stack_growth(struct vm_a +@@ -1678,6 +1926,7 @@ static int acct_stack_growth(struct vm_a return -ENOMEM; /* Stack limit test */ @@ -54429,7 +54663,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -1688,6 +1926,7 @@ static int acct_stack_growth(struct vm_a +@@ -1688,6 +1937,7 @@ static int acct_stack_growth(struct vm_a locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -54437,7 +54671,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -1718,37 +1957,48 @@ static int acct_stack_growth(struct vm_a +@@ -1718,37 +1968,48 @@ static int acct_stack_growth(struct vm_a * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -54495,7 +54729,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c unsigned long size, grow; size = address - vma->vm_start; -@@ -1760,6 +2010,8 @@ int expand_upwards(struct vm_area_struct +@@ -1760,6 +2021,8 @@ int expand_upwards(struct vm_area_struct perf_event_mmap(vma); } } @@ -54504,7 +54738,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c vma_unlock_anon_vma(vma); return error; } -@@ -1772,6 +2024,8 @@ static int expand_downwards(struct vm_ar +@@ -1772,6 +2035,8 @@ static int expand_downwards(struct vm_ar unsigned long address) { int error; @@ -54513,7 +54747,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c /* * We must make sure the anon_vma is allocated -@@ -1785,6 +2039,15 @@ static int expand_downwards(struct vm_ar +@@ -1785,6 +2050,15 @@ static int expand_downwards(struct vm_ar if (error) return error; @@ -54529,7 +54763,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c vma_lock_anon_vma(vma); /* -@@ -1794,9 +2057,17 @@ static int expand_downwards(struct vm_ar +@@ -1794,9 +2068,17 @@ static int expand_downwards(struct vm_ar */ /* Somebody else might have raced and expanded it already */ @@ -54548,7 +54782,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -1804,10 +2075,21 @@ static int expand_downwards(struct vm_ar +@@ -1804,10 +2086,21 @@ static int expand_downwards(struct vm_ar if (!error) { vma->vm_start = address; vma->vm_pgoff -= grow; @@ -54570,7 +54804,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c return error; } -@@ -1881,6 +2163,13 @@ static void remove_vma_list(struct mm_st +@@ -1881,6 +2174,13 @@ static void remove_vma_list(struct mm_st do { long nrpages = vma_pages(vma); @@ -54584,7 +54818,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c mm->total_vm -= nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); vma = remove_vma(vma); -@@ -1926,6 +2215,16 @@ detach_vmas_to_be_unmapped(struct mm_str +@@ -1926,6 +2226,16 @@ detach_vmas_to_be_unmapped(struct mm_str insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -54601,7 +54835,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c rb_erase(&vma->vm_rb, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -1954,14 +2253,33 @@ static int __split_vma(struct mm_struct +@@ -1954,14 +2264,33 @@ static int __split_vma(struct mm_struct struct vm_area_struct *new; int err = -ENOMEM; @@ -54635,7 +54869,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -1974,6 +2292,22 @@ static int __split_vma(struct mm_struct +@@ -1974,6 +2303,22 @@ static int __split_vma(struct mm_struct new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -54658,7 +54892,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c pol = mpol_dup(vma_policy(vma)); if (IS_ERR(pol)) { err = PTR_ERR(pol); -@@ -1999,6 +2333,42 @@ static int __split_vma(struct mm_struct +@@ -1999,6 +2344,42 @@ static int __split_vma(struct mm_struct else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -54701,7 +54935,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c /* Success. */ if (!err) return 0; -@@ -2011,10 +2381,18 @@ static int __split_vma(struct mm_struct +@@ -2011,10 +2392,18 @@ static int __split_vma(struct mm_struct removed_exe_file_vma(mm); fput(new->vm_file); } @@ -54721,7 +54955,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2027,6 +2405,15 @@ static int __split_vma(struct mm_struct +@@ -2027,6 +2416,15 @@ static int __split_vma(struct mm_struct int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -54737,13 +54971,13 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2038,11 +2425,30 @@ int split_vma(struct mm_struct *mm, stru +@@ -2038,11 +2436,30 @@ int split_vma(struct mm_struct *mm, stru * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ +#ifdef CONFIG_PAX_SEGMEXEC -+int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) -+{ + int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) + { + int ret = __do_munmap(mm, start, len); + if (ret || !(mm->pax_flags & MF_PAX_SEGMEXEC)) + return ret; @@ -54753,9 +54987,9 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c + +int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +#else - int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) ++int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +#endif - { ++{ unsigned long end; struct vm_area_struct *vma, *prev, *last; @@ -54768,7 +55002,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2116,6 +2522,8 @@ int do_munmap(struct mm_struct *mm, unsi +@@ -2116,6 +2533,8 @@ int do_munmap(struct mm_struct *mm, unsi /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -54777,7 +55011,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c return 0; } -@@ -2128,22 +2536,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a +@@ -2128,22 +2547,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a profile_munmap(addr); @@ -54806,7 +55040,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2157,6 +2561,7 @@ unsigned long do_brk(unsigned long addr, +@@ -2157,6 +2572,7 @@ unsigned long do_brk(unsigned long addr, struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -54814,7 +55048,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c len = PAGE_ALIGN(len); if (!len) -@@ -2168,16 +2573,30 @@ unsigned long do_brk(unsigned long addr, +@@ -2168,16 +2584,30 @@ unsigned long do_brk(unsigned long addr, flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -54846,7 +55080,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; -@@ -2194,22 +2613,22 @@ unsigned long do_brk(unsigned long addr, +@@ -2194,22 +2624,22 @@ unsigned long do_brk(unsigned long addr, /* * Clear old maps. this also does some error checking for us */ @@ -54873,7 +55107,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2223,7 +2642,7 @@ unsigned long do_brk(unsigned long addr, +@@ -2223,7 +2653,7 @@ unsigned long do_brk(unsigned long addr, */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -54882,7 +55116,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c return -ENOMEM; } -@@ -2237,11 +2656,12 @@ unsigned long do_brk(unsigned long addr, +@@ -2237,11 +2667,12 @@ unsigned long do_brk(unsigned long addr, vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -54897,7 +55131,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c return addr; } -@@ -2288,8 +2708,10 @@ void exit_mmap(struct mm_struct *mm) +@@ -2288,8 +2719,10 @@ void exit_mmap(struct mm_struct *mm) * Walk the list again, actually closing and freeing it, * with preemption enabled, without holding any MM locks. */ @@ -54909,7 +55143,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT); } -@@ -2303,6 +2725,13 @@ int insert_vm_struct(struct mm_struct * +@@ -2303,6 +2736,13 @@ int insert_vm_struct(struct mm_struct * struct vm_area_struct * __vma, * prev; struct rb_node ** rb_link, * rb_parent; @@ -54923,7 +55157,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2325,7 +2754,22 @@ int insert_vm_struct(struct mm_struct * +@@ -2325,7 +2765,22 @@ int insert_vm_struct(struct mm_struct * if ((vma->vm_flags & VM_ACCOUNT) && security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -54946,7 +55180,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c return 0; } -@@ -2343,6 +2787,8 @@ struct vm_area_struct *copy_vma(struct v +@@ -2343,6 +2798,8 @@ struct vm_area_struct *copy_vma(struct v struct rb_node **rb_link, *rb_parent; struct mempolicy *pol; @@ -54955,7 +55189,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2392,6 +2838,39 @@ struct vm_area_struct *copy_vma(struct v +@@ -2392,6 +2849,39 @@ struct vm_area_struct *copy_vma(struct v kmem_cache_free(vm_area_cachep, new_vma); return NULL; } @@ -54995,7 +55229,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c /* * Return true if the calling process may expand its vm space by the passed -@@ -2403,7 +2882,7 @@ int may_expand_vm(struct mm_struct *mm, +@@ -2403,7 +2893,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long lim; lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -55004,7 +55238,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c if (cur + npages > lim) return 0; return 1; -@@ -2474,6 +2953,22 @@ int install_special_mapping(struct mm_st +@@ -2474,6 +2964,22 @@ int install_special_mapping(struct mm_st vma->vm_start = addr; vma->vm_end = addr + len; |