aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-grsec/APKBUILD6
-rw-r--r--main/linux-grsec/grsecurity-2.2.1-2.6.37.4-201103211735.patch (renamed from main/linux-grsec/grsecurity-2.2.1-2.6.37.4-201103181755.patch)452
2 files changed, 346 insertions, 112 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index b651428a5c..f16e5a398b 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.37.4
_kernver=2.6.37
-pkgrel=0
+pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
- grsecurity-2.2.1-2.6.37.4-201103181755.patch
+ grsecurity-2.2.1-2.6.37.4-201103211735.patch
0001-xfrm-use-gre-key-as-flow-upper-protocol-info.patch
xfrm-fix-gre-key-endianess.patch
@@ -139,7 +139,7 @@ dev() {
md5sums="c8ee37b4fdccdb651e0603d35350b434 linux-2.6.37.tar.bz2
5e5ad9a86f9a29cd2c1b8a171d89f9aa patch-2.6.37.4.bz2
-8eaf591770212b48784cfedba86924fa grsecurity-2.2.1-2.6.37.4-201103181755.patch
+c899986fc86ab17b6a1ffb34be54bfe5 grsecurity-2.2.1-2.6.37.4-201103211735.patch
3152851c31bfa8c54660dbb84d75b38d 0001-xfrm-use-gre-key-as-flow-upper-protocol-info.patch
ea7a7eb2775b71ae5ef24d029a4905bd xfrm-fix-gre-key-endianess.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
diff --git a/main/linux-grsec/grsecurity-2.2.1-2.6.37.4-201103181755.patch b/main/linux-grsec/grsecurity-2.2.1-2.6.37.4-201103211735.patch
index 23e0183059..d402c08e94 100644
--- a/main/linux-grsec/grsecurity-2.2.1-2.6.37.4-201103181755.patch
+++ b/main/linux-grsec/grsecurity-2.2.1-2.6.37.4-201103211735.patch
@@ -3223,7 +3223,7 @@ diff -urNp linux-2.6.37.4/arch/powerpc/mm/mmap_64.c linux-2.6.37.4/arch/powerpc/
}
diff -urNp linux-2.6.37.4/arch/powerpc/mm/slice.c linux-2.6.37.4/arch/powerpc/mm/slice.c
--- linux-2.6.37.4/arch/powerpc/mm/slice.c 2011-01-04 19:50:19.000000000 -0500
-+++ linux-2.6.37.4/arch/powerpc/mm/slice.c 2011-01-17 02:41:00.000000000 -0500
++++ linux-2.6.37.4/arch/powerpc/mm/slice.c 2011-03-21 17:35:08.000000000 -0400
@@ -98,7 +98,7 @@ static int slice_area_is_free(struct mm_
if ((mm->task_size - len) < addr)
return 0;
@@ -3242,7 +3242,25 @@ diff -urNp linux-2.6.37.4/arch/powerpc/mm/slice.c linux-2.6.37.4/arch/powerpc/mm
/*
* Remember the place where we stopped the search:
*/
-@@ -336,7 +336,7 @@ static unsigned long slice_find_area_top
+@@ -313,10 +313,14 @@ static unsigned long slice_find_area_top
+ }
+ }
+
+- addr = mm->mmap_base;
+- while (addr > len) {
++ if (mm->mmap_base < len)
++ addr = -ENOMEM;
++ else
++ addr = mm->mmap_base - len;
++
++ while (!IS_ERR_VALUE(addr)) {
+ /* Go down by chunk size */
+- addr = _ALIGN_DOWN(addr - len, 1ul << pshift);
++ addr = _ALIGN_DOWN(addr, 1ul << pshift);
+
+ /* Check for hit with different page size */
+ mask = slice_range_to_mask(addr, len);
+@@ -336,7 +340,7 @@ static unsigned long slice_find_area_top
* return with success:
*/
vma = find_vma(mm, addr);
@@ -3251,7 +3269,16 @@ diff -urNp linux-2.6.37.4/arch/powerpc/mm/slice.c linux-2.6.37.4/arch/powerpc/mm
/* remember the address as a hint for next time */
if (use_cache)
mm->free_area_cache = addr;
-@@ -426,6 +426,11 @@ unsigned long slice_get_unmapped_area(un
+@@ -348,7 +352,7 @@ static unsigned long slice_find_area_top
+ mm->cached_hole_size = vma->vm_start - addr;
+
+ /* try just below the current vma->vm_start */
+- addr = vma->vm_start;
++ addr = skip_heap_stack_gap(vma, len);
+ }
+
+ /*
+@@ -426,6 +430,11 @@ unsigned long slice_get_unmapped_area(un
if (fixed && addr > (mm->task_size - len))
return -EINVAL;
@@ -3762,7 +3789,7 @@ diff -urNp linux-2.6.37.4/arch/sh/mm/consistent.c linux-2.6.37.4/arch/sh/mm/cons
static int __init dma_init(void)
diff -urNp linux-2.6.37.4/arch/sh/mm/mmap.c linux-2.6.37.4/arch/sh/mm/mmap.c
--- linux-2.6.37.4/arch/sh/mm/mmap.c 2011-01-04 19:50:19.000000000 -0500
-+++ linux-2.6.37.4/arch/sh/mm/mmap.c 2011-01-17 02:41:00.000000000 -0500
++++ linux-2.6.37.4/arch/sh/mm/mmap.c 2011-03-21 17:35:08.000000000 -0400
@@ -74,8 +74,7 @@ unsigned long arch_get_unmapped_area(str
addr = PAGE_ALIGN(addr);
@@ -3801,7 +3828,21 @@ diff -urNp linux-2.6.37.4/arch/sh/mm/mmap.c linux-2.6.37.4/arch/sh/mm/mmap.c
/* remember the address as a hint for next time */
return (mm->free_area_cache = addr-len);
}
-@@ -199,7 +197,7 @@ arch_get_unmapped_area_topdown(struct fi
+@@ -188,18 +186,18 @@ arch_get_unmapped_area_topdown(struct fi
+ if (unlikely(mm->mmap_base < len))
+ goto bottomup;
+
+- addr = mm->mmap_base-len;
+- if (do_colour_align)
+- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
++ addr = mm->mmap_base - len;
+
+ do {
++ if (do_colour_align)
++ addr = COLOUR_ALIGN_DOWN(addr, pgoff);
+ /*
+ * Lookup failure means no vma is above this address,
+ * else if new region fits below vma->vm_start,
* return with success:
*/
vma = find_vma(mm, addr);
@@ -3810,6 +3851,19 @@ diff -urNp linux-2.6.37.4/arch/sh/mm/mmap.c linux-2.6.37.4/arch/sh/mm/mmap.c
/* remember the address as a hint for next time */
return (mm->free_area_cache = addr);
}
+@@ -209,10 +207,8 @@ arch_get_unmapped_area_topdown(struct fi
+ mm->cached_hole_size = vma->vm_start - addr;
+
+ /* try just below the current vma->vm_start */
+- addr = vma->vm_start-len;
+- if (do_colour_align)
+- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
+- } while (likely(len < vma->vm_start));
++ addr = skip_heap_stack_gap(vma, len);
++ } while (!IS_ERR_VALUE(addr));
+
+ bottomup:
+ /*
diff -urNp linux-2.6.37.4/arch/sparc/include/asm/atomic_64.h linux-2.6.37.4/arch/sparc/include/asm/atomic_64.h
--- linux-2.6.37.4/arch/sparc/include/asm/atomic_64.h 2011-01-04 19:50:19.000000000 -0500
+++ linux-2.6.37.4/arch/sparc/include/asm/atomic_64.h 2011-01-17 02:41:00.000000000 -0500
@@ -4458,7 +4512,7 @@ diff -urNp linux-2.6.37.4/arch/sparc/kernel/sys_sparc_32.c linux-2.6.37.4/arch/s
if (flags & MAP_SHARED)
diff -urNp linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c
--- linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c 2011-01-04 19:50:19.000000000 -0500
-+++ linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c 2011-01-17 02:41:00.000000000 -0500
++++ linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c 2011-03-21 17:35:08.000000000 -0400
@@ -124,7 +124,7 @@ unsigned long arch_get_unmapped_area(str
/* We do not accept a shared mapping if it would violate
* cache aliasing constraints.
@@ -4544,7 +4598,21 @@ diff -urNp linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c linux-2.6.37.4/arch/s
/* remember the address as a hint for next time */
return (mm->free_area_cache = addr-len);
}
-@@ -278,7 +280,7 @@ arch_get_unmapped_area_topdown(struct fi
+@@ -267,18 +269,18 @@ arch_get_unmapped_area_topdown(struct fi
+ if (unlikely(mm->mmap_base < len))
+ goto bottomup;
+
+- addr = mm->mmap_base-len;
+- if (do_color_align)
+- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
++ addr = mm->mmap_base - len;
+
+ do {
++ if (do_color_align)
++ addr = COLOUR_ALIGN_DOWN(addr, pgoff);
+ /*
+ * Lookup failure means no vma is above this address,
+ * else if new region fits below vma->vm_start,
* return with success:
*/
vma = find_vma(mm, addr);
@@ -4553,7 +4621,20 @@ diff -urNp linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c linux-2.6.37.4/arch/s
/* remember the address as a hint for next time */
return (mm->free_area_cache = addr);
}
-@@ -385,6 +387,12 @@ void arch_pick_mmap_layout(struct mm_str
+@@ -288,10 +290,8 @@ arch_get_unmapped_area_topdown(struct fi
+ mm->cached_hole_size = vma->vm_start - addr;
+
+ /* try just below the current vma->vm_start */
+- addr = vma->vm_start-len;
+- if (do_color_align)
+- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
+- } while (likely(len < vma->vm_start));
++ addr = skip_heap_stack_gap(vma, len);
++ } while (!IS_ERR_VALUE(addr));
+
+ bottomup:
+ /*
+@@ -385,6 +385,12 @@ void arch_pick_mmap_layout(struct mm_str
gap == RLIM_INFINITY ||
sysctl_legacy_va_layout) {
mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
@@ -4566,7 +4647,7 @@ diff -urNp linux-2.6.37.4/arch/sparc/kernel/sys_sparc_64.c linux-2.6.37.4/arch/s
mm->get_unmapped_area = arch_get_unmapped_area;
mm->unmap_area = arch_unmap_area;
} else {
-@@ -397,6 +405,12 @@ void arch_pick_mmap_layout(struct mm_str
+@@ -397,6 +403,12 @@ void arch_pick_mmap_layout(struct mm_str
gap = (task_size / 6 * 5);
mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor);
@@ -5811,7 +5892,7 @@ diff -urNp linux-2.6.37.4/arch/sparc/mm/fault_64.c linux-2.6.37.4/arch/sparc/mm/
* was no match. So in such a case we (carefully) read the
diff -urNp linux-2.6.37.4/arch/sparc/mm/hugetlbpage.c linux-2.6.37.4/arch/sparc/mm/hugetlbpage.c
--- linux-2.6.37.4/arch/sparc/mm/hugetlbpage.c 2011-01-04 19:50:19.000000000 -0500
-+++ linux-2.6.37.4/arch/sparc/mm/hugetlbpage.c 2011-01-17 02:41:00.000000000 -0500
++++ linux-2.6.37.4/arch/sparc/mm/hugetlbpage.c 2011-03-21 17:35:08.000000000 -0400
@@ -68,7 +68,7 @@ full_search:
}
return -ENOMEM;
@@ -5830,7 +5911,18 @@ diff -urNp linux-2.6.37.4/arch/sparc/mm/hugetlbpage.c linux-2.6.37.4/arch/sparc/
/* remember the address as a hint for next time */
return (mm->free_area_cache = addr-len);
}
-@@ -125,7 +125,7 @@ hugetlb_get_unmapped_area_topdown(struct
+@@ -116,16 +116,17 @@ hugetlb_get_unmapped_area_topdown(struct
+ if (unlikely(mm->mmap_base < len))
+ goto bottomup;
+
+- addr = (mm->mmap_base-len) & HPAGE_MASK;
++ addr = mm->mmap_base - len;
+
+ do {
++ addr &= HPAGE_MASK;
+ /*
+ * Lookup failure means no vma is above this address,
+ * else if new region fits below vma->vm_start,
* return with success:
*/
vma = find_vma(mm, addr);
@@ -5839,7 +5931,18 @@ diff -urNp linux-2.6.37.4/arch/sparc/mm/hugetlbpage.c linux-2.6.37.4/arch/sparc/
/* remember the address as a hint for next time */
return (mm->free_area_cache = addr);
}
-@@ -182,8 +182,7 @@ hugetlb_get_unmapped_area(struct file *f
+@@ -135,8 +136,8 @@ hugetlb_get_unmapped_area_topdown(struct
+ mm->cached_hole_size = vma->vm_start - addr;
+
+ /* try just below the current vma->vm_start */
+- addr = (vma->vm_start-len) & HPAGE_MASK;
+- } while (likely(len < vma->vm_start));
++ addr = skip_heap_stack_gap(vma, len);
++ } while (!IS_ERR_VALUE(addr));
+
+ bottomup:
+ /*
+@@ -182,8 +183,7 @@ hugetlb_get_unmapped_area(struct file *f
if (addr) {
addr = ALIGN(addr, HPAGE_SIZE);
vma = find_vma(mm, addr);
@@ -7463,7 +7566,7 @@ diff -urNp linux-2.6.37.4/arch/x86/include/asm/cpufeature.h linux-2.6.37.4/arch/
".previous\n"
diff -urNp linux-2.6.37.4/arch/x86/include/asm/desc_defs.h linux-2.6.37.4/arch/x86/include/asm/desc_defs.h
--- linux-2.6.37.4/arch/x86/include/asm/desc_defs.h 2011-01-04 19:50:19.000000000 -0500
-+++ linux-2.6.37.4/arch/x86/include/asm/desc_defs.h 2011-02-27 14:48:10.000000000 -0500
++++ linux-2.6.37.4/arch/x86/include/asm/desc_defs.h 2011-03-21 17:16:23.000000000 -0400
@@ -31,6 +31,12 @@ struct desc_struct {
unsigned base1: 8, type: 4, s: 1, dpl: 2, p: 1;
unsigned limit: 4, avl: 1, l: 1, d: 1, g: 1, base2: 8;
@@ -7473,13 +7576,13 @@ diff -urNp linux-2.6.37.4/arch/x86/include/asm/desc_defs.h linux-2.6.37.4/arch/x
+ u16 seg;
+ unsigned reserved: 8, type: 4, s: 1, dpl: 2, p: 1;
+ unsigned offset_high: 16;
-+ };
++ } gate;
};
} __attribute__((packed));
diff -urNp linux-2.6.37.4/arch/x86/include/asm/desc.h linux-2.6.37.4/arch/x86/include/asm/desc.h
--- linux-2.6.37.4/arch/x86/include/asm/desc.h 2011-01-04 19:50:19.000000000 -0500
-+++ linux-2.6.37.4/arch/x86/include/asm/desc.h 2011-02-27 14:48:10.000000000 -0500
++++ linux-2.6.37.4/arch/x86/include/asm/desc.h 2011-03-21 17:16:23.000000000 -0400
@@ -4,6 +4,7 @@
#include <asm/desc_defs.h>
#include <asm/ldt.h>
@@ -7523,14 +7626,14 @@ diff -urNp linux-2.6.37.4/arch/x86/include/asm/desc.h linux-2.6.37.4/arch/x86/in
- gate->a = (seg << 16) | (base & 0xffff);
- gate->b = (base & 0xffff0000) |
- (((0x80 | type | (dpl << 5)) & 0xff) << 8);
-+ gate->offset_low = base;
-+ gate->seg = seg;
-+ gate->reserved = 0;
-+ gate->type = type;
-+ gate->s = 0;
-+ gate->dpl = dpl;
-+ gate->p = 1;
-+ gate->offset_high = base >> 16;
++ gate->gate.offset_low = base;
++ gate->gate.seg = seg;
++ gate->gate.reserved = 0;
++ gate->gate.type = type;
++ gate->gate.s = 0;
++ gate->gate.dpl = dpl;
++ gate->gate.p = 1;
++ gate->gate.offset_high = base >> 16;
}
#endif
@@ -10418,7 +10521,7 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/acpi/wakeup_32.S linux-2.6.37.4/arch/x
jmp bogus_magic
diff -urNp linux-2.6.37.4/arch/x86/kernel/alternative.c linux-2.6.37.4/arch/x86/kernel/alternative.c
--- linux-2.6.37.4/arch/x86/kernel/alternative.c 2011-01-04 19:50:19.000000000 -0500
-+++ linux-2.6.37.4/arch/x86/kernel/alternative.c 2011-01-17 02:41:01.000000000 -0500
++++ linux-2.6.37.4/arch/x86/kernel/alternative.c 2011-03-21 17:35:08.000000000 -0400
@@ -248,7 +248,7 @@ static void alternatives_smp_lock(const
if (!*poff || ptr < text || ptr >= text_end)
continue;
@@ -10520,7 +10623,21 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/alternative.c linux-2.6.37.4/arch/x86/
return addr;
}
-@@ -645,9 +635,9 @@ void *__kprobes text_poke_smp(void *addr
+@@ -612,6 +602,13 @@ static int __kprobes stop_machine_text_p
+
+ flush_icache_range((unsigned long)tpp->addr,
+ (unsigned long)tpp->addr + tpp->len);
++
++ /*
++ * Intel Archiecture Software Developer's Manual section 7.1.3 specifies
++ * that a core serializing instruction such as "cpuid" should be
++ * executed on _each_ core before the new instruction is made visible.
++ */
++ sync_core();
+ return 0;
+ }
+
+@@ -645,9 +642,9 @@ void *__kprobes text_poke_smp(void *addr
#if defined(CONFIG_DYNAMIC_FTRACE) || defined(HAVE_JUMP_LABEL)
#ifdef CONFIG_X86_64
@@ -13861,7 +13978,7 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/process.c linux-2.6.37.4/arch/x86/kern
-
diff -urNp linux-2.6.37.4/arch/x86/kernel/ptrace.c linux-2.6.37.4/arch/x86/kernel/ptrace.c
--- linux-2.6.37.4/arch/x86/kernel/ptrace.c 2011-01-04 19:50:19.000000000 -0500
-+++ linux-2.6.37.4/arch/x86/kernel/ptrace.c 2011-01-17 02:41:01.000000000 -0500
++++ linux-2.6.37.4/arch/x86/kernel/ptrace.c 2011-03-21 17:16:23.000000000 -0400
@@ -805,7 +805,7 @@ long arch_ptrace(struct task_struct *chi
unsigned long addr, unsigned long data)
{
@@ -13897,6 +14014,24 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/ptrace.c linux-2.6.37.4/arch/x86/kerne
}
void user_single_step_siginfo(struct task_struct *tsk,
+@@ -1347,7 +1347,7 @@ void send_sigtrap(struct task_struct *ts
+ * We must return the syscall number to actually look up in the table.
+ * This can be -1L to skip running any syscall at all.
+ */
+-asmregparm long syscall_trace_enter(struct pt_regs *regs)
++long syscall_trace_enter(struct pt_regs *regs)
+ {
+ long ret = 0;
+
+@@ -1392,7 +1392,7 @@ asmregparm long syscall_trace_enter(stru
+ return ret ?: regs->orig_ax;
+ }
+
+-asmregparm void syscall_trace_leave(struct pt_regs *regs)
++void syscall_trace_leave(struct pt_regs *regs)
+ {
+ bool step;
+
diff -urNp linux-2.6.37.4/arch/x86/kernel/reboot.c linux-2.6.37.4/arch/x86/kernel/reboot.c
--- linux-2.6.37.4/arch/x86/kernel/reboot.c 2011-01-04 19:50:19.000000000 -0500
+++ linux-2.6.37.4/arch/x86/kernel/reboot.c 2011-01-17 02:41:01.000000000 -0500
@@ -14223,7 +14358,7 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/syscall_table_32.S linux-2.6.37.4/arch
.long sys_exit
diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_i386_32.c linux-2.6.37.4/arch/x86/kernel/sys_i386_32.c
--- linux-2.6.37.4/arch/x86/kernel/sys_i386_32.c 2011-01-04 19:50:19.000000000 -0500
-+++ linux-2.6.37.4/arch/x86/kernel/sys_i386_32.c 2011-01-17 02:41:01.000000000 -0500
++++ linux-2.6.37.4/arch/x86/kernel/sys_i386_32.c 2011-03-21 17:35:08.000000000 -0400
@@ -24,17 +24,224 @@
#include <asm/syscalls.h>
@@ -14425,8 +14560,8 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_i386_32.c linux-2.6.37.4/arch/x86/
+ mm->cached_hole_size = vma->vm_start - addr;
+
+ /* try just below the current vma->vm_start */
-+ addr = vma->vm_start-len;
-+ } while (len < vma->vm_start);
++ addr = skip_heap_stack_gap(vma, len);
++ } while (!IS_ERR_VALUE(addr));
+
+bottomup:
+ /*
@@ -14463,7 +14598,7 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_i386_32.c linux-2.6.37.4/arch/x86/
}
diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c
--- linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c 2011-01-04 19:50:19.000000000 -0500
-+++ linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c 2011-01-17 02:41:01.000000000 -0500
++++ linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c 2011-03-21 17:35:08.000000000 -0400
@@ -32,8 +32,8 @@ out:
return error;
}
@@ -14525,7 +14660,7 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c linux-2.6.37.4/arch/x86/k
/* requested length too big for entire address space */
if (len > TASK_SIZE)
-@@ -141,12 +144,15 @@ arch_get_unmapped_area_topdown(struct fi
+@@ -141,13 +144,18 @@ arch_get_unmapped_area_topdown(struct fi
if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT))
goto bottomup;
@@ -14536,14 +14671,19 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c linux-2.6.37.4/arch/x86/k
/* requesting a specific address */
if (addr) {
addr = PAGE_ALIGN(addr);
- vma = find_vma(mm, addr);
+- vma = find_vma(mm, addr);
- if (TASK_SIZE - len >= addr &&
- (!vma || addr + len <= vma->vm_start))
-+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len))
- return addr;
+- return addr;
++ if (TASK_SIZE - len >= addr) {
++ vma = find_vma(mm, addr);
++ if (check_heap_stack_gap(vma, addr, len))
++ return addr;
++ }
}
-@@ -162,7 +168,7 @@ arch_get_unmapped_area_topdown(struct fi
+ /* check if free_area_cache is useful for us */
+@@ -162,7 +170,7 @@ arch_get_unmapped_area_topdown(struct fi
/* make sure it can fit in the remaining address space */
if (addr > len) {
vma = find_vma(mm, addr-len);
@@ -14552,7 +14692,7 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c linux-2.6.37.4/arch/x86/k
/* remember the address as a hint for next time */
return mm->free_area_cache = addr-len;
}
-@@ -179,7 +185,7 @@ arch_get_unmapped_area_topdown(struct fi
+@@ -179,7 +187,7 @@ arch_get_unmapped_area_topdown(struct fi
* return with success:
*/
vma = find_vma(mm, addr);
@@ -14561,7 +14701,18 @@ diff -urNp linux-2.6.37.4/arch/x86/kernel/sys_x86_64.c linux-2.6.37.4/arch/x86/k
/* remember the address as a hint for next time */
return mm->free_area_cache = addr;
-@@ -198,13 +204,21 @@ bottomup:
+@@ -188,8 +196,8 @@ arch_get_unmapped_area_topdown(struct fi
+ mm->cached_hole_size = vma->vm_start - addr;
+
+ /* try just below the current vma->vm_start */
+- addr = vma->vm_start-len;
+- } while (len < vma->vm_start);
++ addr = skip_heap_stack_gap(vma, len);
++ } while (!IS_ERR_VALUE(addr));
+
+ bottomup:
+ /*
+@@ -198,13 +206,21 @@ bottomup:
* can happen with large stack limits and large mmap()
* allocations.
*/
@@ -18062,7 +18213,7 @@ diff -urNp linux-2.6.37.4/arch/x86/mm/highmem_32.c linux-2.6.37.4/arch/x86/mm/hi
}
diff -urNp linux-2.6.37.4/arch/x86/mm/hugetlbpage.c linux-2.6.37.4/arch/x86/mm/hugetlbpage.c
--- linux-2.6.37.4/arch/x86/mm/hugetlbpage.c 2011-01-04 19:50:19.000000000 -0500
-+++ linux-2.6.37.4/arch/x86/mm/hugetlbpage.c 2011-01-17 02:41:01.000000000 -0500
++++ linux-2.6.37.4/arch/x86/mm/hugetlbpage.c 2011-03-21 17:35:08.000000000 -0400
@@ -266,13 +266,20 @@ static unsigned long hugetlb_get_unmappe
struct hstate *h = hstate_file(file);
struct mm_struct *mm = current->mm;
@@ -18136,7 +18287,7 @@ diff -urNp linux-2.6.37.4/arch/x86/mm/hugetlbpage.c linux-2.6.37.4/arch/x86/mm/h
/* don't allow allocations above current base */
if (mm->free_area_cache > base)
-@@ -321,7 +328,7 @@ static unsigned long hugetlb_get_unmappe
+@@ -321,64 +328,63 @@ static unsigned long hugetlb_get_unmappe
largest_hole = 0;
mm->free_area_cache = base;
}
@@ -18145,10 +18296,12 @@ diff -urNp linux-2.6.37.4/arch/x86/mm/hugetlbpage.c linux-2.6.37.4/arch/x86/mm/h
/* make sure it can fit in the remaining address space */
if (mm->free_area_cache < len)
goto fail;
-@@ -329,33 +336,27 @@ try_again:
+
/* either no address requested or cant fit in requested address hole */
- addr = (mm->free_area_cache - len) & huge_page_mask(h);
+- addr = (mm->free_area_cache - len) & huge_page_mask(h);
++ addr = (mm->free_area_cache - len);
do {
++ addr &= huge_page_mask(h);
+ vma = find_vma(mm, addr);
/*
* Lookup failure means no vma is above this address,
@@ -18188,8 +18341,10 @@ diff -urNp linux-2.6.37.4/arch/x86/mm/hugetlbpage.c linux-2.6.37.4/arch/x86/mm/h
+ largest_hole = vma->vm_start - addr;
/* try just below the current vma->vm_start */
- addr = (vma->vm_start - len) & huge_page_mask(h);
-@@ -363,22 +364,26 @@ try_again:
+- addr = (vma->vm_start - len) & huge_page_mask(h);
+- } while (len <= vma->vm_start);
++ addr = skip_heap_stack_gap(vma, len);
++ } while (!IS_ERR_VALUE(addr));
fail:
/*
@@ -18227,7 +18382,7 @@ diff -urNp linux-2.6.37.4/arch/x86/mm/hugetlbpage.c linux-2.6.37.4/arch/x86/mm/h
mm->cached_hole_size = ~0UL;
addr = hugetlb_get_unmapped_area_bottomup(file, addr0,
len, pgoff, flags);
-@@ -386,6 +391,7 @@ fail:
+@@ -386,6 +392,7 @@ fail:
/*
* Restore the topdown base:
*/
@@ -18235,7 +18390,7 @@ diff -urNp linux-2.6.37.4/arch/x86/mm/hugetlbpage.c linux-2.6.37.4/arch/x86/mm/h
mm->free_area_cache = base;
mm->cached_hole_size = ~0UL;
-@@ -399,10 +405,19 @@ hugetlb_get_unmapped_area(struct file *f
+@@ -399,10 +406,19 @@ hugetlb_get_unmapped_area(struct file *f
struct hstate *h = hstate_file(file);
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
@@ -18256,7 +18411,7 @@ diff -urNp linux-2.6.37.4/arch/x86/mm/hugetlbpage.c linux-2.6.37.4/arch/x86/mm/h
return -ENOMEM;
if (flags & MAP_FIXED) {
-@@ -414,8 +429,7 @@ hugetlb_get_unmapped_area(struct file *f
+@@ -414,8 +430,7 @@ hugetlb_get_unmapped_area(struct file *f
if (addr) {
addr = ALIGN(addr, huge_page_size(h));
vma = find_vma(mm, addr);
@@ -24366,6 +24521,18 @@ diff -urNp linux-2.6.37.4/drivers/char/tpm/tpm_bios.c linux-2.6.37.4/drivers/cha
memcpy(log->bios_event_log, virt, len);
+diff -urNp linux-2.6.37.4/drivers/char/tpm/tpm.c linux-2.6.37.4/drivers/char/tpm/tpm.c
+--- linux-2.6.37.4/drivers/char/tpm/tpm.c 2011-02-27 14:49:17.000000000 -0500
++++ linux-2.6.37.4/drivers/char/tpm/tpm.c 2011-03-21 17:16:23.000000000 -0400
+@@ -413,7 +413,7 @@ static ssize_t tpm_transmit(struct tpm_c
+ chip->vendor.req_complete_val)
+ goto out_recv;
+
+- if ((status == chip->vendor.req_canceled)) {
++ if (status == chip->vendor.req_canceled) {
+ dev_err(chip->dev, "Operation Canceled\n");
+ rc = -ECANCELED;
+ goto out;
diff -urNp linux-2.6.37.4/drivers/cpuidle/sysfs.c linux-2.6.37.4/drivers/cpuidle/sysfs.c
--- linux-2.6.37.4/drivers/cpuidle/sysfs.c 2011-01-04 19:50:19.000000000 -0500
+++ linux-2.6.37.4/drivers/cpuidle/sysfs.c 2011-01-17 02:41:01.000000000 -0500
@@ -25912,6 +26079,18 @@ diff -urNp linux-2.6.37.4/drivers/md/bitmap.c linux-2.6.37.4/drivers/md/bitmap.c
# endif
#endif
+diff -urNp linux-2.6.37.4/drivers/md/dm-ioctl.c linux-2.6.37.4/drivers/md/dm-ioctl.c
+--- linux-2.6.37.4/drivers/md/dm-ioctl.c 2011-01-04 19:50:19.000000000 -0500
++++ linux-2.6.37.4/drivers/md/dm-ioctl.c 2011-03-21 17:16:23.000000000 -0400
+@@ -1488,7 +1488,7 @@ static int validate_params(uint cmd, str
+ cmd == DM_LIST_VERSIONS_CMD)
+ return 0;
+
+- if ((cmd == DM_DEV_CREATE_CMD)) {
++ if (cmd == DM_DEV_CREATE_CMD) {
+ if (!*param->name) {
+ DMWARN("name not supplied when creating device");
+ return -EINVAL;
diff -urNp linux-2.6.37.4/drivers/md/dm-table.c linux-2.6.37.4/drivers/md/dm-table.c
--- linux-2.6.37.4/drivers/md/dm-table.c 2011-01-04 19:50:19.000000000 -0500
+++ linux-2.6.37.4/drivers/md/dm-table.c 2011-01-17 02:41:01.000000000 -0500
@@ -27392,6 +27571,22 @@ diff -urNp linux-2.6.37.4/drivers/pci/intel-iommu.c linux-2.6.37.4/drivers/pci/i
.alloc_coherent = intel_alloc_coherent,
.free_coherent = intel_free_coherent,
.map_sg = intel_map_sg,
+diff -urNp linux-2.6.37.4/drivers/pci/pcie/aspm.c linux-2.6.37.4/drivers/pci/pcie/aspm.c
+--- linux-2.6.37.4/drivers/pci/pcie/aspm.c 2011-01-04 19:50:19.000000000 -0500
++++ linux-2.6.37.4/drivers/pci/pcie/aspm.c 2011-03-21 17:16:23.000000000 -0400
+@@ -27,9 +27,9 @@
+ #define MODULE_PARAM_PREFIX "pcie_aspm."
+
+ /* Note: those are not register definitions */
+-#define ASPM_STATE_L0S_UP (1) /* Upstream direction L0s state */
+-#define ASPM_STATE_L0S_DW (2) /* Downstream direction L0s state */
+-#define ASPM_STATE_L1 (4) /* L1 state */
++#define ASPM_STATE_L0S_UP (1U) /* Upstream direction L0s state */
++#define ASPM_STATE_L0S_DW (2U) /* Downstream direction L0s state */
++#define ASPM_STATE_L1 (4U) /* L1 state */
+ #define ASPM_STATE_L0S (ASPM_STATE_L0S_UP | ASPM_STATE_L0S_DW)
+ #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1)
+
diff -urNp linux-2.6.37.4/drivers/pci/pcie/portdrv_pci.c linux-2.6.37.4/drivers/pci/pcie/portdrv_pci.c
--- linux-2.6.37.4/drivers/pci/pcie/portdrv_pci.c 2011-01-04 19:50:19.000000000 -0500
+++ linux-2.6.37.4/drivers/pci/pcie/portdrv_pci.c 2011-01-17 02:41:01.000000000 -0500
@@ -28569,6 +28764,18 @@ diff -urNp linux-2.6.37.4/drivers/tty/vt/keyboard.c linux-2.6.37.4/drivers/tty/v
};
MODULE_DEVICE_TABLE(input, kbd_ids);
+diff -urNp linux-2.6.37.4/drivers/tty/vt/vt.c linux-2.6.37.4/drivers/tty/vt/vt.c
+--- linux-2.6.37.4/drivers/tty/vt/vt.c 2011-02-27 14:49:17.000000000 -0500
++++ linux-2.6.37.4/drivers/tty/vt/vt.c 2011-03-21 17:16:23.000000000 -0400
+@@ -254,7 +254,7 @@ EXPORT_SYMBOL_GPL(unregister_vt_notifier
+
+ static void notify_write(struct vc_data *vc, unsigned int unicode)
+ {
+- struct vt_notifier_param param = { .vc = vc, unicode = unicode };
++ struct vt_notifier_param param = { .vc = vc, .c = unicode };
+ atomic_notifier_call_chain(&vt_notifier_list, VT_WRITE, &param);
+ }
+
diff -urNp linux-2.6.37.4/drivers/tty/vt/vt_ioctl.c linux-2.6.37.4/drivers/tty/vt/vt_ioctl.c
--- linux-2.6.37.4/drivers/tty/vt/vt_ioctl.c 2011-01-04 19:50:19.000000000 -0500
+++ linux-2.6.37.4/drivers/tty/vt/vt_ioctl.c 2011-01-17 02:41:01.000000000 -0500
@@ -43913,8 +44120,8 @@ diff -urNp linux-2.6.37.4/grsecurity/grsum.c linux-2.6.37.4/grsecurity/grsum.c
+}
diff -urNp linux-2.6.37.4/grsecurity/Kconfig linux-2.6.37.4/grsecurity/Kconfig
--- linux-2.6.37.4/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.37.4/grsecurity/Kconfig 2011-03-11 19:17:02.000000000 -0500
-@@ -0,0 +1,1017 @@
++++ linux-2.6.37.4/grsecurity/Kconfig 2011-03-21 17:10:07.000000000 -0400
+@@ -0,0 +1,1021 @@
+#
+# grecurity configuration
+#
@@ -44251,6 +44458,10 @@ diff -urNp linux-2.6.37.4/grsecurity/Kconfig linux-2.6.37.4/grsecurity/Kconfig
+menu "Role Based Access Control Options"
+depends on GRKERNSEC
+
++config GRKERNSEC_RBAC_DEBUG
++ bool
++ default n
++
+config GRKERNSEC_NO_RBAC
+ bool "Disable RBAC system"
+ help
@@ -48159,7 +48370,7 @@ diff -urNp linux-2.6.37.4/include/linux/rmap.h linux-2.6.37.4/include/linux/rmap
diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sched.h
--- linux-2.6.37.4/include/linux/sched.h 2011-01-04 19:50:19.000000000 -0500
-+++ linux-2.6.37.4/include/linux/sched.h 2011-01-17 02:41:02.000000000 -0500
++++ linux-2.6.37.4/include/linux/sched.h 2011-03-21 17:35:08.000000000 -0400
@@ -100,6 +100,7 @@ struct robust_list_head;
struct bio_list;
struct fs_struct;
@@ -48168,7 +48379,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch
/*
* List of flags we want to share for kernel threads,
-@@ -377,10 +378,12 @@ struct user_namespace;
+@@ -377,10 +378,13 @@ struct user_namespace;
#define DEFAULT_MAX_MAP_COUNT (USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN)
extern int sysctl_max_map_count;
@@ -48177,11 +48388,12 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch
#include <linux/aio.h>
#ifdef CONFIG_MMU
-+extern bool check_heap_stack_gap(struct vm_area_struct *vma, unsigned long addr, unsigned long len);
++extern bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len);
++extern unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len);
extern void arch_pick_mmap_layout(struct mm_struct *mm);
extern unsigned long
arch_get_unmapped_area(struct file *, unsigned long, unsigned long,
-@@ -624,6 +627,16 @@ struct signal_struct {
+@@ -624,6 +628,16 @@ struct signal_struct {
struct tty_audit_buf *tty_audit_buf;
#endif
@@ -48198,7 +48410,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch
int oom_adj; /* OOM kill score adjustment (bit shift) */
int oom_score_adj; /* OOM kill score adjustment */
-@@ -1181,7 +1194,7 @@ enum perf_event_task_context {
+@@ -1181,7 +1195,7 @@ enum perf_event_task_context {
struct task_struct {
volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */
@@ -48207,7 +48419,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch
atomic_t usage;
unsigned int flags; /* per process flags, defined below */
unsigned int ptrace;
-@@ -1291,8 +1304,8 @@ struct task_struct {
+@@ -1291,8 +1305,8 @@ struct task_struct {
struct list_head thread_group;
struct completion *vfork_done; /* for vfork() */
@@ -48218,7 +48430,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch
cputime_t utime, stime, utimescaled, stimescaled;
cputime_t gtime;
-@@ -1308,13 +1321,6 @@ struct task_struct {
+@@ -1308,13 +1322,6 @@ struct task_struct {
struct task_cputime cputime_expires;
struct list_head cpu_timers[3];
@@ -48232,7 +48444,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch
char comm[TASK_COMM_LEN]; /* executable name excluding path
- access with [gs]et_task_comm (which lock
it with task_lock())
-@@ -1333,6 +1339,10 @@ struct task_struct {
+@@ -1333,6 +1340,10 @@ struct task_struct {
struct thread_struct thread;
/* filesystem information */
struct fs_struct *fs;
@@ -48243,7 +48455,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch
/* open file information */
struct files_struct *files;
/* namespaces */
-@@ -1379,6 +1389,11 @@ struct task_struct {
+@@ -1379,6 +1390,11 @@ struct task_struct {
struct rt_mutex_waiter *pi_blocked_on;
#endif
@@ -48255,7 +48467,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch
#ifdef CONFIG_DEBUG_MUTEXES
/* mutex deadlock detection */
struct mutex_waiter *blocked_on;
-@@ -1483,6 +1498,20 @@ struct task_struct {
+@@ -1483,6 +1499,20 @@ struct task_struct {
unsigned long default_timer_slack_ns;
struct list_head *scm_work_list;
@@ -48276,7 +48488,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
/* Index of current stored address in ret_stack */
int curr_ret_stack;
-@@ -1514,6 +1543,52 @@ struct task_struct {
+@@ -1514,6 +1544,52 @@ struct task_struct {
#endif
};
@@ -48329,7 +48541,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch
/* Future-safe accessor for struct task_struct's cpus_allowed. */
#define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
-@@ -2134,7 +2209,7 @@ extern void __cleanup_sighand(struct sig
+@@ -2134,7 +2210,7 @@ extern void __cleanup_sighand(struct sig
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
@@ -48338,7 +48550,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch
extern void daemonize(const char *, ...);
extern int allow_signal(int);
-@@ -2259,8 +2334,8 @@ static inline void unlock_task_sighand(s
+@@ -2259,8 +2335,8 @@ static inline void unlock_task_sighand(s
#ifndef __HAVE_THREAD_FUNCTIONS
@@ -48349,7 +48561,7 @@ diff -urNp linux-2.6.37.4/include/linux/sched.h linux-2.6.37.4/include/linux/sch
static inline void setup_thread_stack(struct task_struct *p, struct task_struct *org)
{
-@@ -2275,13 +2350,17 @@ static inline unsigned long *end_of_stac
+@@ -2275,13 +2351,17 @@ static inline unsigned long *end_of_stac
#endif
@@ -53788,7 +54000,7 @@ diff -urNp linux-2.6.37.4/mm/mlock.c linux-2.6.37.4/mm/mlock.c
ret = do_mlockall(flags);
diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
--- linux-2.6.37.4/mm/mmap.c 2011-01-04 19:50:19.000000000 -0500
-+++ linux-2.6.37.4/mm/mmap.c 2011-02-12 11:36:29.000000000 -0500
++++ linux-2.6.37.4/mm/mmap.c 2011-03-21 17:35:08.000000000 -0400
@@ -45,6 +45,16 @@
#define arch_rebalance_pgtables(addr, len) (addr)
#endif
@@ -54176,11 +54388,11 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
kmem_cache_free(vm_area_cachep, vma);
unacct_error:
if (charged)
-@@ -1372,6 +1528,33 @@ unacct_error:
+@@ -1372,6 +1528,44 @@ unacct_error:
return error;
}
-+bool check_heap_stack_gap(struct vm_area_struct *vma, unsigned long addr, unsigned long len)
++bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len)
+{
+ if (!vma) {
+#ifdef CONFIG_STACK_GROWSUP
@@ -54207,10 +54419,21 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
+ return true;
+}
+
++unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len)
++{
++ if (vma->vm_start < len)
++ return -ENOMEM;
++ if (!(vma->vm_flags & VM_GROWSDOWN))
++ return vma->vm_start - len;
++ if (sysctl_heap_stack_gap <= vma->vm_start - len)
++ return vma->vm_start - len - sysctl_heap_stack_gap;
++ return -ENOMEM;
++}
++
/* Get an address range which is currently unmapped.
* For shmat() with addr=0.
*
-@@ -1398,18 +1581,23 @@ arch_get_unmapped_area(struct file *filp
+@@ -1398,18 +1592,23 @@ arch_get_unmapped_area(struct file *filp
if (flags & MAP_FIXED)
return addr;
@@ -54241,7 +54464,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
}
full_search:
-@@ -1420,34 +1608,40 @@ full_search:
+@@ -1420,34 +1619,40 @@ full_search:
* Start a new search - just in case we missed
* some holes.
*/
@@ -54293,7 +54516,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
mm->free_area_cache = addr;
mm->cached_hole_size = ~0UL;
}
-@@ -1465,7 +1659,7 @@ arch_get_unmapped_area_topdown(struct fi
+@@ -1465,7 +1670,7 @@ arch_get_unmapped_area_topdown(struct fi
{
struct vm_area_struct *vma;
struct mm_struct *mm = current->mm;
@@ -54302,7 +54525,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
/* requested length too big for entire address space */
if (len > TASK_SIZE)
-@@ -1474,13 +1668,18 @@ arch_get_unmapped_area_topdown(struct fi
+@@ -1474,13 +1679,18 @@ arch_get_unmapped_area_topdown(struct fi
if (flags & MAP_FIXED)
return addr;
@@ -54325,7 +54548,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
}
/* check if free_area_cache is useful for us */
-@@ -1495,7 +1694,7 @@ arch_get_unmapped_area_topdown(struct fi
+@@ -1495,7 +1705,7 @@ arch_get_unmapped_area_topdown(struct fi
/* make sure it can fit in the remaining address space */
if (addr > len) {
vma = find_vma(mm, addr-len);
@@ -54334,7 +54557,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
/* remember the address as a hint for next time */
return (mm->free_area_cache = addr-len);
}
-@@ -1512,7 +1711,7 @@ arch_get_unmapped_area_topdown(struct fi
+@@ -1512,7 +1722,7 @@ arch_get_unmapped_area_topdown(struct fi
* return with success:
*/
vma = find_vma(mm, addr);
@@ -54343,7 +54566,18 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
/* remember the address as a hint for next time */
return (mm->free_area_cache = addr);
-@@ -1531,13 +1730,21 @@ bottomup:
+@@ -1521,8 +1731,8 @@ arch_get_unmapped_area_topdown(struct fi
+ mm->cached_hole_size = vma->vm_start - addr;
+
+ /* try just below the current vma->vm_start */
+- addr = vma->vm_start-len;
+- } while (len < vma->vm_start);
++ addr = skip_heap_stack_gap(vma, len);
++ } while (!IS_ERR_VALUE(addr));
+
+ bottomup:
+ /*
+@@ -1531,13 +1741,21 @@ bottomup:
* can happen with large stack limits and large mmap()
* allocations.
*/
@@ -54367,7 +54601,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
mm->cached_hole_size = ~0UL;
return addr;
-@@ -1546,6 +1753,12 @@ bottomup:
+@@ -1546,6 +1764,12 @@ bottomup:
void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
{
@@ -54380,7 +54614,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
/*
* Is this a new hole at the highest possible address?
*/
-@@ -1553,8 +1766,10 @@ void arch_unmap_area_topdown(struct mm_s
+@@ -1553,8 +1777,10 @@ void arch_unmap_area_topdown(struct mm_s
mm->free_area_cache = addr;
/* dont allow allocations above current base */
@@ -54392,7 +54626,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
}
unsigned long
-@@ -1662,6 +1877,28 @@ out:
+@@ -1662,6 +1888,28 @@ out:
return prev ? prev->vm_next : vma;
}
@@ -54421,7 +54655,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
/*
* Verify that the stack growth is acceptable and
* update accounting. This is shared with both the
-@@ -1678,6 +1915,7 @@ static int acct_stack_growth(struct vm_a
+@@ -1678,6 +1926,7 @@ static int acct_stack_growth(struct vm_a
return -ENOMEM;
/* Stack limit test */
@@ -54429,7 +54663,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
return -ENOMEM;
-@@ -1688,6 +1926,7 @@ static int acct_stack_growth(struct vm_a
+@@ -1688,6 +1937,7 @@ static int acct_stack_growth(struct vm_a
locked = mm->locked_vm + grow;
limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
limit >>= PAGE_SHIFT;
@@ -54437,7 +54671,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
if (locked > limit && !capable(CAP_IPC_LOCK))
return -ENOMEM;
}
-@@ -1718,37 +1957,48 @@ static int acct_stack_growth(struct vm_a
+@@ -1718,37 +1968,48 @@ static int acct_stack_growth(struct vm_a
* PA-RISC uses this for its stack; IA64 for its Register Backing Store.
* vma is the last one with address > vma->vm_end. Have to extend vma.
*/
@@ -54495,7 +54729,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
unsigned long size, grow;
size = address - vma->vm_start;
-@@ -1760,6 +2010,8 @@ int expand_upwards(struct vm_area_struct
+@@ -1760,6 +2021,8 @@ int expand_upwards(struct vm_area_struct
perf_event_mmap(vma);
}
}
@@ -54504,7 +54738,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
vma_unlock_anon_vma(vma);
return error;
}
-@@ -1772,6 +2024,8 @@ static int expand_downwards(struct vm_ar
+@@ -1772,6 +2035,8 @@ static int expand_downwards(struct vm_ar
unsigned long address)
{
int error;
@@ -54513,7 +54747,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
/*
* We must make sure the anon_vma is allocated
-@@ -1785,6 +2039,15 @@ static int expand_downwards(struct vm_ar
+@@ -1785,6 +2050,15 @@ static int expand_downwards(struct vm_ar
if (error)
return error;
@@ -54529,7 +54763,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
vma_lock_anon_vma(vma);
/*
-@@ -1794,9 +2057,17 @@ static int expand_downwards(struct vm_ar
+@@ -1794,9 +2068,17 @@ static int expand_downwards(struct vm_ar
*/
/* Somebody else might have raced and expanded it already */
@@ -54548,7 +54782,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
size = vma->vm_end - address;
grow = (vma->vm_start - address) >> PAGE_SHIFT;
-@@ -1804,10 +2075,21 @@ static int expand_downwards(struct vm_ar
+@@ -1804,10 +2086,21 @@ static int expand_downwards(struct vm_ar
if (!error) {
vma->vm_start = address;
vma->vm_pgoff -= grow;
@@ -54570,7 +54804,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
return error;
}
-@@ -1881,6 +2163,13 @@ static void remove_vma_list(struct mm_st
+@@ -1881,6 +2174,13 @@ static void remove_vma_list(struct mm_st
do {
long nrpages = vma_pages(vma);
@@ -54584,7 +54818,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
mm->total_vm -= nrpages;
vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
vma = remove_vma(vma);
-@@ -1926,6 +2215,16 @@ detach_vmas_to_be_unmapped(struct mm_str
+@@ -1926,6 +2226,16 @@ detach_vmas_to_be_unmapped(struct mm_str
insertion_point = (prev ? &prev->vm_next : &mm->mmap);
vma->vm_prev = NULL;
do {
@@ -54601,7 +54835,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
rb_erase(&vma->vm_rb, &mm->mm_rb);
mm->map_count--;
tail_vma = vma;
-@@ -1954,14 +2253,33 @@ static int __split_vma(struct mm_struct
+@@ -1954,14 +2264,33 @@ static int __split_vma(struct mm_struct
struct vm_area_struct *new;
int err = -ENOMEM;
@@ -54635,7 +54869,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
/* most fields are the same, copy all, and then fixup */
*new = *vma;
-@@ -1974,6 +2292,22 @@ static int __split_vma(struct mm_struct
+@@ -1974,6 +2303,22 @@ static int __split_vma(struct mm_struct
new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
}
@@ -54658,7 +54892,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
pol = mpol_dup(vma_policy(vma));
if (IS_ERR(pol)) {
err = PTR_ERR(pol);
-@@ -1999,6 +2333,42 @@ static int __split_vma(struct mm_struct
+@@ -1999,6 +2344,42 @@ static int __split_vma(struct mm_struct
else
err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
@@ -54701,7 +54935,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
/* Success. */
if (!err)
return 0;
-@@ -2011,10 +2381,18 @@ static int __split_vma(struct mm_struct
+@@ -2011,10 +2392,18 @@ static int __split_vma(struct mm_struct
removed_exe_file_vma(mm);
fput(new->vm_file);
}
@@ -54721,7 +54955,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
kmem_cache_free(vm_area_cachep, new);
out_err:
return err;
-@@ -2027,6 +2405,15 @@ static int __split_vma(struct mm_struct
+@@ -2027,6 +2416,15 @@ static int __split_vma(struct mm_struct
int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long addr, int new_below)
{
@@ -54737,13 +54971,13 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
if (mm->map_count >= sysctl_max_map_count)
return -ENOMEM;
-@@ -2038,11 +2425,30 @@ int split_vma(struct mm_struct *mm, stru
+@@ -2038,11 +2436,30 @@ int split_vma(struct mm_struct *mm, stru
* work. This now handles partial unmappings.
* Jeremy Fitzhardinge <jeremy@goop.org>
*/
+#ifdef CONFIG_PAX_SEGMEXEC
-+int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
-+{
+ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+ {
+ int ret = __do_munmap(mm, start, len);
+ if (ret || !(mm->pax_flags & MF_PAX_SEGMEXEC))
+ return ret;
@@ -54753,9 +54987,9 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
+
+int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+#else
- int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
++int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+#endif
- {
++{
unsigned long end;
struct vm_area_struct *vma, *prev, *last;
@@ -54768,7 +55002,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
return -EINVAL;
-@@ -2116,6 +2522,8 @@ int do_munmap(struct mm_struct *mm, unsi
+@@ -2116,6 +2533,8 @@ int do_munmap(struct mm_struct *mm, unsi
/* Fix up all other VM information */
remove_vma_list(mm, vma);
@@ -54777,7 +55011,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
return 0;
}
-@@ -2128,22 +2536,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a
+@@ -2128,22 +2547,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a
profile_munmap(addr);
@@ -54806,7 +55040,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
/*
* this is really a simplified "do_mmap". it only handles
* anonymous maps. eventually we may be able to do some
-@@ -2157,6 +2561,7 @@ unsigned long do_brk(unsigned long addr,
+@@ -2157,6 +2572,7 @@ unsigned long do_brk(unsigned long addr,
struct rb_node ** rb_link, * rb_parent;
pgoff_t pgoff = addr >> PAGE_SHIFT;
int error;
@@ -54814,7 +55048,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
len = PAGE_ALIGN(len);
if (!len)
-@@ -2168,16 +2573,30 @@ unsigned long do_brk(unsigned long addr,
+@@ -2168,16 +2584,30 @@ unsigned long do_brk(unsigned long addr,
flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
@@ -54846,7 +55080,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
locked += mm->locked_vm;
lock_limit = rlimit(RLIMIT_MEMLOCK);
lock_limit >>= PAGE_SHIFT;
-@@ -2194,22 +2613,22 @@ unsigned long do_brk(unsigned long addr,
+@@ -2194,22 +2624,22 @@ unsigned long do_brk(unsigned long addr,
/*
* Clear old maps. this also does some error checking for us
*/
@@ -54873,7 +55107,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
return -ENOMEM;
/* Can we just expand an old private anonymous mapping? */
-@@ -2223,7 +2642,7 @@ unsigned long do_brk(unsigned long addr,
+@@ -2223,7 +2653,7 @@ unsigned long do_brk(unsigned long addr,
*/
vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
if (!vma) {
@@ -54882,7 +55116,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
return -ENOMEM;
}
-@@ -2237,11 +2656,12 @@ unsigned long do_brk(unsigned long addr,
+@@ -2237,11 +2667,12 @@ unsigned long do_brk(unsigned long addr,
vma_link(mm, vma, prev, rb_link, rb_parent);
out:
perf_event_mmap(vma);
@@ -54897,7 +55131,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
return addr;
}
-@@ -2288,8 +2708,10 @@ void exit_mmap(struct mm_struct *mm)
+@@ -2288,8 +2719,10 @@ void exit_mmap(struct mm_struct *mm)
* Walk the list again, actually closing and freeing it,
* with preemption enabled, without holding any MM locks.
*/
@@ -54909,7 +55143,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT);
}
-@@ -2303,6 +2725,13 @@ int insert_vm_struct(struct mm_struct *
+@@ -2303,6 +2736,13 @@ int insert_vm_struct(struct mm_struct *
struct vm_area_struct * __vma, * prev;
struct rb_node ** rb_link, * rb_parent;
@@ -54923,7 +55157,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
/*
* The vm_pgoff of a purely anonymous vma should be irrelevant
* until its first write fault, when page's anon_vma and index
-@@ -2325,7 +2754,22 @@ int insert_vm_struct(struct mm_struct *
+@@ -2325,7 +2765,22 @@ int insert_vm_struct(struct mm_struct *
if ((vma->vm_flags & VM_ACCOUNT) &&
security_vm_enough_memory_mm(mm, vma_pages(vma)))
return -ENOMEM;
@@ -54946,7 +55180,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
return 0;
}
-@@ -2343,6 +2787,8 @@ struct vm_area_struct *copy_vma(struct v
+@@ -2343,6 +2798,8 @@ struct vm_area_struct *copy_vma(struct v
struct rb_node **rb_link, *rb_parent;
struct mempolicy *pol;
@@ -54955,7 +55189,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
/*
* If anonymous vma has not yet been faulted, update new pgoff
* to match new location, to increase its chance of merging.
-@@ -2392,6 +2838,39 @@ struct vm_area_struct *copy_vma(struct v
+@@ -2392,6 +2849,39 @@ struct vm_area_struct *copy_vma(struct v
kmem_cache_free(vm_area_cachep, new_vma);
return NULL;
}
@@ -54995,7 +55229,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
/*
* Return true if the calling process may expand its vm space by the passed
-@@ -2403,7 +2882,7 @@ int may_expand_vm(struct mm_struct *mm,
+@@ -2403,7 +2893,7 @@ int may_expand_vm(struct mm_struct *mm,
unsigned long lim;
lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
@@ -55004,7 +55238,7 @@ diff -urNp linux-2.6.37.4/mm/mmap.c linux-2.6.37.4/mm/mmap.c
if (cur + npages > lim)
return 0;
return 1;
-@@ -2474,6 +2953,22 @@ int install_special_mapping(struct mm_st
+@@ -2474,6 +2964,22 @@ int install_special_mapping(struct mm_st
vma->vm_start = addr;
vma->vm_end = addr + len;