diff options
| author | Francesco Colista <francesco.colista@gmail.com> | 2011-09-22 14:49:40 +0000 |
|---|---|---|
| committer | Francesco Colista <francesco.colista@gmail.com> | 2011-09-22 14:49:40 +0000 |
| commit | e6b89219780843eacc1f6b14b61b53a41d8819fc (patch) | |
| tree | afc0a7f08c65c3c7d511de5c45568be27de7ea09 | |
| parent | 6be6c0f3cd362b4db306104cc0478814743724c0 (diff) | |
| parent | 967ed15c5aa5cc735536e24b5b5cc6eb1b16e808 (diff) | |
| download | aports-e6b89219780843eacc1f6b14b61b53a41d8819fc.tar.bz2 aports-e6b89219780843eacc1f6b14b61b53a41d8819fc.tar.xz | |
Merge git://dev.alpinelinux.org/aports
36 files changed, 1697 insertions, 420 deletions
diff --git a/main/acf-openssl/APKBUILD b/main/acf-openssl/APKBUILD index 98669a16d..05fac0ebf 100644 --- a/main/acf-openssl/APKBUILD +++ b/main/acf-openssl/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Ted Trask <ttrask01@yahoo.com> # Maintainer: Ted Trask <ttrask01@yahoo.com> pkgname=acf-openssl -pkgver=0.3.2 +pkgver=0.4.1 pkgrel=0 pkgdesc="A web-based system administration interface for openssl" url="http://git.alpinelinux.org/cgit/acf-openssl" @@ -20,4 +20,4 @@ package() { } -md5sums="9f073d837b27450e4ef6bd6478798d46 acf-openssl-0.3.2.tar.bz2" +md5sums="9f332730cd2b21ec92d172e0c13dda81 acf-openssl-0.4.1.tar.bz2" diff --git a/main/ack/APKBUILD b/main/ack/APKBUILD index d68456dde..d939a78bc 100644 --- a/main/ack/APKBUILD +++ b/main/ack/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Kiyoshi Aman <kiyoshi.aman@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=ack -pkgver=1.94 -pkgrel=1 +pkgver=1.96 +pkgrel=0 pkgdesc="A Perl-powered replacement for grep" url="http://betterthangrep.com/" arch="noarch" @@ -25,4 +25,4 @@ package() { find "$pkgdir" -name perllocal.pod -delete } -md5sums="dcf68e56bab0d394370fa102c7f08cb0 ack-1.94.tar.gz" +md5sums="21701fb5f4670181dbf6ebe47984634b ack-1.96.tar.gz" diff --git a/main/db/APKBUILD b/main/db/APKBUILD index f262a103b..fc51b1518 100644 --- a/main/db/APKBUILD +++ b/main/db/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=db -pkgver=5.2.28 +pkgver=5.2.36 _ver=${pkgver} pkgrel=0 pkgdesc="The Berkeley DB embedded database system 4.8" @@ -45,4 +45,4 @@ package() { "$pkgdir"/usr/share/licenses/$pkgname/LICENSE } -md5sums="c0130828427d7ab179027185d09fda66 db-5.2.28.tar.gz" +md5sums="88466dd6c13d5d8cddb406be8a1d4d92 db-5.2.36.tar.gz" diff --git a/main/dovecot/APKBUILD b/main/dovecot/APKBUILD index 7a42614e6..1312fb130 100644 --- a/main/dovecot/APKBUILD +++ b/main/dovecot/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Michael Mason <ms13sp@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=dovecot -pkgver=2.0.14 -pkgrel=1 +pkgver=2.0.15 +pkgrel=0 pkgdesc="IMAP and POP3 server" url="http://www.dovecot.org/" arch="all" @@ -116,7 +116,7 @@ config() { mkdir -p "$subpkgdir"/etc/dovecot/conf.d } -md5sums="92a10a6ca341921db9e35c6753e8de0b dovecot-2.0.14.tar.gz +md5sums="16a08dfd24422d482440a8b03d6f7f6c dovecot-2.0.15.tar.gz aec5cc797ab2acf72ce3b6bb1030345f dovecot.logrotate 01067b40dfd74dfb79b946af1e680745 dovecot.initd 95cf57ecc835882228bbbb019ce3abf8 dovecot-sample-config.post-install" diff --git a/main/ffmpeg/APKBUILD b/main/ffmpeg/APKBUILD index 2be83ea21..899460532 100644 --- a/main/ffmpeg/APKBUILD +++ b/main/ffmpeg/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=ffmpeg -pkgver=0.8.3 +pkgver=0.8.4 pkgrel=0 pkgdesc="Complete and free Internet live audio and video broadcasting solution for Linux/Unix" url="http://ffmpeg.org/" @@ -59,5 +59,5 @@ package() { install -D -m755 tools/qt-faststart "$pkgdir/usr/bin/qt-faststart" || return 1 # strip --strip-debug "$pkgdir"/usr/lib/*.a || return 1 } -md5sums="556870ccfd6c9c0426c7dd86dd5beb62 ffmpeg-0.8.3.tar.bz2 +md5sums="0f53495b6642ef10f0eb22f9564ba2cb ffmpeg-0.8.4.tar.bz2 2cdc11a99bf97c63c7cca27b073cb47c configure-dlvsym.patch" diff --git a/main/file/APKBUILD b/main/file/APKBUILD index 9d9665d8f..e198c3032 100644 --- a/main/file/APKBUILD +++ b/main/file/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=file -pkgver=5.08 +pkgver=5.09 pkgrel=0 pkgdesc="File type identification utility" url="http://www.darwinsys.com/file/" @@ -21,4 +21,4 @@ package() { make DESTDIR="$pkgdir" install || return 1 rm "$pkgdir"/usr/lib/*.la || return 1 } -md5sums="6a2a263c20278f01fe3bb0f720b27d4e file-5.08.tar.gz" +md5sums="6fd7cd6c4281e68fe9ec6644ce0fac6f file-5.09.tar.gz" diff --git a/main/freeradius/APKBUILD b/main/freeradius/APKBUILD index b2c33908b..642249be4 100644 --- a/main/freeradius/APKBUILD +++ b/main/freeradius/APKBUILD @@ -2,20 +2,20 @@ # Maintainer: Leonardo Arena <rnalrd@gmail.com> pkgname=freeradius pkgver=2.1.10 -pkgrel=20 +pkgrel=23 pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server" url="http://freeradius.org/" arch="all" license="GPL" -depends= +depends="freeradius-lib freeradius-radclient" makedepends="openssl-dev pth-dev mysql-dev postgresql-dev gdbm-dev readline-dev bash libtool autoconf automake perl-dev python-dev openldap-dev unixodbc-dev" pkggroups="radiusd" pkgusers="radiusd" install="freeradius.pre-install" -subpackages="$pkgname-doc $pkgname-dev $pkgname-ldap $pkgname-mssql \ - $pkgname-mysql $pkgname-oracle $pkgname-perl $pkgname-postgresql \ - $pkgname-python $pkgname-unixodbc" +subpackages="$pkgname-doc $pkgname-dev $pkgname-ldap $pkgname-lib + $pkgname-mssql $pkgname-mysql $pkgname-oracle $pkgname-perl + $pkgname-postgresql $pkgname-python $pkgname-radclient $pkgname-unixodbc" source="ftp://ftp.freeradius.org/pub/freeradius/$pkgname-server-$pkgver.tar.gz freeradius.confd freeradius.initd @@ -84,10 +84,11 @@ package() { install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/radiusd install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/radiusd install -m644 -D scripts/logrotate.freeradius "$pkgdir"/etc/lorotate.d/$pkgname + find $pkgdir -iname *.la -delete } ldap() { - depends="freeradius" + depends="freeradius freeradius-lib" mkdir -p $subpkgdir/etc/raddb mv $pkgdir/etc/raddb/ldap.attrmap $subpkgdir/etc/raddb mkdir -p $subpkgdir/etc/raddb/modules @@ -96,8 +97,18 @@ ldap() { mv $pkgdir/usr/lib/freeradius/rlm_ldap* $subpkgdir/usr/lib/freeradius } +lib() { + replaces="freeradius" + mkdir -p $subpkgdir/usr/lib/freeradius $subpkgdir/etc/raddb \ + $subpkgdir/usr/share + mv $pkgdir/usr/lib/freeradius/libfreeradius-radius-${pkgver}.so \ + $subpkgdir/usr/lib/freeradius + mv $pkgdir/etc/raddb/dictionary $subpkgdir/etc/raddb/dictionary + mv $pkgdir/usr/share/freeradius $subpkgdir/usr/share/freeradius +} + mysql() { - depends="freeradius" + depends="freeradius freeradius-lib" mkdir -p $subpkgdir/etc/raddb/sql mv $pkgdir/etc/raddb/sql/mysql $subpkgdir/etc/raddb/sql mv $pkgdir/etc/raddb/sql/ndb $subpkgdir/etc/raddb/sql @@ -106,21 +117,21 @@ mysql() { } mssql() { - depends="freeradius" + depends="freeradius freeradius-lib" arch="noarch" mkdir -p $subpkgdir/etc/raddb/sql mv $pkgdir/etc/raddb/sql/mssql $subpkgdir/etc/raddb/sql } oracle() { - depends="freeradius" + depends="freeradius freeradius-lib" arch="noarch" mkdir -p $subpkgdir/etc/raddb/sql mv $pkgdir/etc/raddb/sql/oracle $subpkgdir/etc/raddb/sql } perl() { - depends="freeradius perl" + depends="freeradius freeradius-lib perl" mkdir -p $subpkgdir/usr/lib/freeradius mv $pkgdir/usr/lib/freeradius/rlm_perl* $subpkgdir/usr/lib/freeradius mkdir -p $subpkgdir/usr/bin @@ -130,7 +141,7 @@ perl() { } postgresql() { - depends="freeradius" + depends="freeradius freeradius-lib" mkdir -p $subpkgdir/etc/raddb/sql mv $pkgdir/etc/raddb/sql/postgresql $subpkgdir/etc/raddb/sql mkdir -p $subpkgdir/usr/lib/freeradius @@ -138,13 +149,19 @@ postgresql() { } python() { - depends="freeradius python" + depends="freeradius freeradius-lib python" mkdir -p $subpkgdir/usr/lib/freeradius mv $pkgdir/usr/lib/freeradius/rlm_python* $subpkgdir/usr/lib/freeradius } +radclient() { + depends="freeradius-lib" + mkdir -p $subpkgdir/usr/bin + mv $pkgdir/usr/bin/radclient $subpkgdir/usr/bin/radclient +} + unixodbc() { - depends="freeradius" + depends="freeradius freeradius-lib" mkdir -p $subpkgdir/usr/lib/freeradius mv $pkgdir/usr/lib/freeradius/rlm_sql_unixodbc* $subpkgdir/usr/lib/freeradius } diff --git a/main/garcon/APKBUILD b/main/garcon/APKBUILD index 1e9bee68d..1601844d4 100644 --- a/main/garcon/APKBUILD +++ b/main/garcon/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=garcon -pkgver=0.1.8 +pkgver=0.1.9 pkgrel=0 pkgdesc="a freedesktop.org compliant menu implementation based on GLib and GIO" url="http://www.xfce.org/" @@ -8,7 +8,7 @@ arch="all" license="GPL-2" subpackages="$pkgname-dev $pkgname-doc" depends= -makedepends="glib-dev intltool" +makedepends="glib-dev intltool libxfce4util-dev" install= source="http://archive.xfce.org/src/libs/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.bz2" depends_dev="glib-dev" @@ -30,4 +30,4 @@ package() { rm "$pkgdir"/usr/lib/*.la } -md5sums="18fbf523ed2865dfaccdfb40b4b20b05 garcon-0.1.8.tar.bz2" +md5sums="a3ca1e54ad731c98f688900f6398fc20 garcon-0.1.9.tar.bz2" diff --git a/main/gparted/APKBUILD b/main/gparted/APKBUILD index 83378aa86..5e77c85b8 100644 --- a/main/gparted/APKBUILD +++ b/main/gparted/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=gparted -pkgver=0.9.0 -pkgrel=1 +pkgver=0.9.1 +pkgrel=0 pkgdesc="a graphical partition editor for creating, reorganizing, and deleting disk partitions" url="http://gparted.sourceforge.net/" arch="all" @@ -34,4 +34,4 @@ package() { make DESTDIR="$pkgdir" install } -md5sums="56ec9c80413ba2d8ad0193bfc2b5a99f gparted-0.9.0.tar.bz2" +md5sums="f35785099994c7c9b7b2e842840f8b72 gparted-0.9.1.tar.bz2" diff --git a/main/gtk-xfce-engine/APKBUILD b/main/gtk-xfce-engine/APKBUILD index 1f7e2cd2a..b1606e484 100644 --- a/main/gtk-xfce-engine/APKBUILD +++ b/main/gtk-xfce-engine/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=gtk-xfce-engine -pkgver=2.8.1 -pkgrel=1 +pkgver=2.9.0 +pkgrel=0 pkgdesc="A port of Xfce engine to GTK+-2.0" url="http://www.xfce.org/" arch="all" @@ -26,4 +26,4 @@ package() { make DESTDIR="$pkgdir" install || return 1 find "$pkgdir"/ -name '*.la' -delete } -md5sums="8a6527b61b0554cda11d06f66a567314 gtk-xfce-engine-2.8.1.tar.bz2" +md5sums="e2bc76ab5093ff8472e728e6d6ad5da2 gtk-xfce-engine-2.9.0.tar.bz2" diff --git a/main/imagemagick/APKBUILD b/main/imagemagick/APKBUILD index d0bf3145f..2c4df9f36 100644 --- a/main/imagemagick/APKBUILD +++ b/main/imagemagick/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=imagemagick -pkgver=6.7.2.2 +pkgver=6.7.2.7 _pkgver=${pkgver%.*}-${pkgver##*.} pkgrel=0 pkgdesc="A collection of tools and libraries for many image formats" @@ -57,4 +57,4 @@ _cxx() { mv "$pkgdir"/usr/lib/libMagick++.so.* "$subpkgdir"/usr/lib/ } -md5sums="22b4aaecf2bd9430c43aa1c8703dad43 ImageMagick-6.7.2-2.tar.gz" +md5sums="8c7ff0941fde6d27363c3414fec306d7 ImageMagick-6.7.2-7.tar.gz" diff --git a/main/libraw/APKBUILD b/main/libraw/APKBUILD index ca374d8f8..c1bb9dd5a 100644 --- a/main/libraw/APKBUILD +++ b/main/libraw/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libraw -pkgver=0.13.7 +pkgver=0.13.8 pkgrel=0 pkgdesc="Library for reading RAW files obtained from digital photo cameras" url="http://www.libraw.org/" @@ -35,4 +35,4 @@ package() { } -md5sums="5c189e16d61f423162da57333b7c8873 LibRaw-0.13.7.tar.gz" +md5sums="62cd5fee94915add0c43a97ec6909bbb LibRaw-0.13.8.tar.gz" diff --git a/main/libssh/APKBUILD b/main/libssh/APKBUILD index c0bf90a98..8f15a4e98 100644 --- a/main/libssh/APKBUILD +++ b/main/libssh/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Carlo Landmeter # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libssh -pkgver=0.5.1 +pkgver=0.5.2 pkgrel=0 pkgdesc="Library for accessing ssh client services through C libraries" url="http://www.libssh.org/" @@ -41,4 +41,4 @@ package() { make DESTDIR="$pkgdir" install } -md5sums="0cd8bc9336398e23a76f4e25c1412eb4 libssh-0.5.1.tar.gz" +md5sums="38b67c48af7a9204660a3e08f97ceba6 libssh-0.5.2.tar.gz" diff --git a/main/libxfce4ui/APKBUILD b/main/libxfce4ui/APKBUILD index 6626d681f..4ce21b8f6 100644 --- a/main/libxfce4ui/APKBUILD +++ b/main/libxfce4ui/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libxfce4ui pkgver=4.8.0 -pkgrel=2 +pkgrel=3 pkgdesc="Widgets library for the Xfce desktop environment" url="http://www.xfce.org/" arch="all" @@ -9,7 +9,8 @@ license="GPL2" subpackages="$pkgname-dev $pkgname-doc" depends= replaces="libxfcegui4" -makedepends="gtk+-dev xfconf-dev libxfce4util-dev startup-notification-dev" +makedepends="gtk+-dev xfconf-dev libxfce4util-dev startup-notification-dev + glade3-dev" source="http://archive.xfce.org/src/xfce/${pkgname}/${pkgver%.*}/${pkgname}-${pkgver}.tar.bz2" depends_dev="gtk+-dev libxfce4util-dev xfconf-dev startup-notification-dev" @@ -19,6 +20,7 @@ build() { --sysconfdir=/etc \ --libexecdir=/usr/lib \ --localstatedir=/var \ + --enable-gladeui \ --disable-static make || return 1 } @@ -26,7 +28,16 @@ build() { package() { cd "$srcdir"/$pkgname-$pkgver make DESTDIR="$pkgdir" install || return 1 - rm -f "$pkgdir"/usr/lib/*.la + rm "$pkgdir"/usr/lib/*.la \ + "$pkgdir"/usr/lib/glade3/modules/*.la \ + || return 1 +} + +dev() { + default_dev + mkdir -p "$subpkgdir"/usr/lib "$subpkgdir"/usr/share + mv "$pkgdir"/usr/lib/glade3 "$subpkgdir"/usr/lib/ || return 1 + mv "$pkgdir"/usr/share/glade3 "$subpkgdir"/usr/share/ || return 1 } md5sums="df9acb3328dff905bd0777b84532b69f libxfce4ui-4.8.0.tar.bz2" diff --git a/main/libxfce4util/APKBUILD b/main/libxfce4util/APKBUILD index ec75d245e..87b3a6cd4 100644 --- a/main/libxfce4util/APKBUILD +++ b/main/libxfce4util/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libxfce4util -pkgver=4.8.1 -pkgrel=1 +pkgver=4.8.2 +pkgrel=0 pkgdesc="Basic utility non-GUI functions for Xfce" url="http://www.xfce.org/" arch="all" @@ -27,4 +27,4 @@ package() { make DESTDIR="$pkgdir" install || return 1 rm "$pkgdir"/usr/lib/*.la } -md5sums="2be3af4c7db5ad293a7525e1021e6f0f libxfce4util-4.8.1.tar.bz2" +md5sums="3376a77637a4292a863027d595548ee2 libxfce4util-4.8.2.tar.bz2" diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index feaee5114..77438b074 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=3.0.4 _kernver=3.0 -pkgrel=4 +pkgrel=6 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2 - grsecurity-2.2.2-3.0.4-201109011725.patch + grsecurity-2.2.2-3.0.4-201109190917.patch 0004-arp-flush-arp-cache-on-device-change.patch @@ -138,7 +138,7 @@ dev() { md5sums="398e95866794def22b12dfbc15ce89c0 linux-3.0.tar.bz2 62ca5f3caed233617127b2b3b7a87d15 patch-3.0.4.bz2 -a9343c3253aec2ca3accb8539eb44148 grsecurity-2.2.2-3.0.4-201109011725.patch +475c1129df5aca0d82587640b878109d grsecurity-2.2.2-3.0.4-201109190917.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch 9a2c88b20d296158cdcd01f843898415 kernelconfig.x86 6957efc9f017c59b05aa0a2e4167255e kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109011725.patch b/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109190917.patch index 1e39265b0..ec88fda16 100644 --- a/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109011725.patch +++ b/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109190917.patch @@ -3055,7 +3055,7 @@ diff -urNp linux-3.0.4/arch/sparc/include/asm/elf_32.h linux-3.0.4/arch/sparc/in instruction set this cpu supports. This can NOT be done in userspace on Sparc. */ diff -urNp linux-3.0.4/arch/sparc/include/asm/elf_64.h linux-3.0.4/arch/sparc/include/asm/elf_64.h ---- linux-3.0.4/arch/sparc/include/asm/elf_64.h 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/arch/sparc/include/asm/elf_64.h 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/arch/sparc/include/asm/elf_64.h 2011-08-23 21:47:55.000000000 -0400 @@ -180,6 +180,13 @@ typedef struct { #define ELF_ET_DYN_BASE 0x0000010000000000UL @@ -3794,7 +3794,7 @@ diff -urNp linux-3.0.4/arch/sparc/kernel/traps_64.c linux-3.0.4/arch/sparc/kerne } EXPORT_SYMBOL(die_if_kernel); diff -urNp linux-3.0.4/arch/sparc/kernel/unaligned_64.c linux-3.0.4/arch/sparc/kernel/unaligned_64.c ---- linux-3.0.4/arch/sparc/kernel/unaligned_64.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/arch/sparc/kernel/unaligned_64.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/arch/sparc/kernel/unaligned_64.c 2011-08-23 21:48:14.000000000 -0400 @@ -279,7 +279,7 @@ static void log_unaligned(struct pt_regs static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5); @@ -4065,7 +4065,7 @@ diff -urNp linux-3.0.4/arch/sparc/lib/ksyms.c linux-3.0.4/arch/sparc/lib/ksyms.c /* Atomic bit operations. */ diff -urNp linux-3.0.4/arch/sparc/lib/Makefile linux-3.0.4/arch/sparc/lib/Makefile ---- linux-3.0.4/arch/sparc/lib/Makefile 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/arch/sparc/lib/Makefile 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/arch/sparc/lib/Makefile 2011-08-23 21:47:55.000000000 -0400 @@ -2,7 +2,7 @@ # @@ -5589,6 +5589,74 @@ diff -urNp linux-3.0.4/arch/x86/boot/video-vesa.c linux-3.0.4/arch/x86/boot/vide } /* +diff -urNp linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S +--- linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -71,6 +71,12 @@ FUNC: movq r1,r2; \ + je B192; \ + leaq 32(r9),r9; + ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++#define ret orb $0x80, 0x7(%rsp); ret ++#else ++#define ret ret ++#endif ++ + #define epilogue(r1,r2,r3,r4,r5,r6,r7,r8,r9) \ + movq r1,r2; \ + movq r3,r4; \ +diff -urNp linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S +--- linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -790,6 +790,9 @@ ECRYPT_encrypt_bytes: + add %r11,%rsp + mov %rdi,%rax + mov %rsi,%rdx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + # bytesatleast65: + ._bytesatleast65: +@@ -891,6 +894,9 @@ ECRYPT_keysetup: + add %r11,%rsp + mov %rdi,%rax + mov %rsi,%rdx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + # enter ECRYPT_ivsetup + .text +@@ -917,4 +923,7 @@ ECRYPT_ivsetup: + add %r11,%rsp + mov %rdi,%rax + mov %rsi,%rdx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret +diff -urNp linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S +--- linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -269,6 +269,9 @@ twofish_enc_blk: + + popq R1 + movq $1,%rax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + + twofish_dec_blk: +@@ -321,4 +324,7 @@ twofish_dec_blk: + + popq R1 + movq $1,%rax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret diff -urNp linux-3.0.4/arch/x86/ia32/ia32_aout.c linux-3.0.4/arch/x86/ia32/ia32_aout.c --- linux-3.0.4/arch/x86/ia32/ia32_aout.c 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/arch/x86/ia32/ia32_aout.c 2011-08-23 21:48:14.000000000 -0400 @@ -8676,8 +8744,8 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/rwsem.h linux-3.0.4/arch/x86/include diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/include/asm/segment.h --- linux-3.0.4/arch/x86/include/asm/segment.h 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/include/asm/segment.h 2011-08-23 21:47:55.000000000 -0400 -@@ -64,8 +64,8 @@ ++++ linux-3.0.4/arch/x86/include/asm/segment.h 2011-09-17 00:53:42.000000000 -0400 +@@ -64,10 +64,15 @@ * 26 - ESPFIX small SS * 27 - per-cpu [ offset to per-cpu data area ] * 28 - stack_canary-20 [ for stack protector ] @@ -8687,8 +8755,15 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu + * 30 - PCI BIOS DS * 31 - TSS for double fault handler */ ++#define GDT_ENTRY_KERNEXEC_EFI_CS (1) ++#define GDT_ENTRY_KERNEXEC_EFI_DS (2) ++#define __KERNEXEC_EFI_CS (GDT_ENTRY_KERNEXEC_EFI_CS*8) ++#define __KERNEXEC_EFI_DS (GDT_ENTRY_KERNEXEC_EFI_DS*8) ++ #define GDT_ENTRY_TLS_MIN 6 -@@ -79,6 +79,8 @@ + #define GDT_ENTRY_TLS_MAX (GDT_ENTRY_TLS_MIN + GDT_ENTRY_TLS_ENTRIES - 1) + +@@ -79,6 +84,8 @@ #define GDT_ENTRY_KERNEL_CS (GDT_ENTRY_KERNEL_BASE+0) @@ -8697,7 +8772,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu #define GDT_ENTRY_KERNEL_DS (GDT_ENTRY_KERNEL_BASE+1) #define GDT_ENTRY_TSS (GDT_ENTRY_KERNEL_BASE+4) -@@ -104,6 +106,12 @@ +@@ -104,6 +111,12 @@ #define __KERNEL_STACK_CANARY 0 #endif @@ -8710,7 +8785,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu #define GDT_ENTRY_DOUBLEFAULT_TSS 31 /* -@@ -141,7 +149,7 @@ +@@ -141,7 +154,7 @@ */ /* Matches PNP_CS32 and PNP_CS16 (they must be consecutive) */ @@ -8719,7 +8794,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu #else -@@ -165,6 +173,8 @@ +@@ -165,6 +178,8 @@ #define __USER32_CS (GDT_ENTRY_DEFAULT_USER32_CS * 8 + 3) #define __USER32_DS __USER_DS @@ -8728,7 +8803,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu #define GDT_ENTRY_TSS 8 /* needs two entries */ #define GDT_ENTRY_LDT 10 /* needs two entries */ #define GDT_ENTRY_TLS_MIN 12 -@@ -185,6 +195,7 @@ +@@ -185,6 +200,7 @@ #endif #define __KERNEL_CS (GDT_ENTRY_KERNEL_CS*8) @@ -10047,7 +10122,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/xsave.h linux-3.0.4/arch/x86/include ".section .fixup,\"ax\"\n" diff -urNp linux-3.0.4/arch/x86/Kconfig linux-3.0.4/arch/x86/Kconfig --- linux-3.0.4/arch/x86/Kconfig 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/Kconfig 2011-08-23 21:48:14.000000000 -0400 ++++ linux-3.0.4/arch/x86/Kconfig 2011-09-17 00:58:36.000000000 -0400 @@ -229,7 +229,7 @@ config X86_HT config X86_32_LAZY_GS @@ -10084,15 +10159,6 @@ diff -urNp linux-3.0.4/arch/x86/Kconfig linux-3.0.4/arch/x86/Kconfig default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1453,7 +1453,7 @@ config ARCH_USES_PG_UNCACHED - - config EFI - bool "EFI runtime service support" -- depends on ACPI -+ depends on ACPI && !PAX_KERNEXEC - ---help--- - This enables the kernel to use EFI runtime services that are - available (such as the EFI variable services). @@ -1483,6 +1483,7 @@ config SECCOMP config CC_STACKPROTECTOR @@ -10706,7 +10772,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/cpu/common.c linux-3.0.4/arch/x86/kernel/ if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) { diff -urNp linux-3.0.4/arch/x86/kernel/cpu/intel.c linux-3.0.4/arch/x86/kernel/cpu/intel.c ---- linux-3.0.4/arch/x86/kernel/cpu/intel.c 2011-08-29 23:26:13.000000000 -0400 +--- linux-3.0.4/arch/x86/kernel/cpu/intel.c 2011-09-02 18:11:26.000000000 -0400 +++ linux-3.0.4/arch/x86/kernel/cpu/intel.c 2011-08-29 23:30:14.000000000 -0400 @@ -172,7 +172,7 @@ static void __cpuinit trap_init_f00f_bug * Update the IDT descriptor and reload the IDT so that @@ -10850,7 +10916,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/cpu/mcheck/mce-inject.c linux-3.0.4/arch/ return 0; } diff -urNp linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c ---- linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c 2011-08-29 23:26:13.000000000 -0400 +--- linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c 2011-09-02 18:11:26.000000000 -0400 +++ linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c 2011-08-29 23:26:21.000000000 -0400 @@ -62,7 +62,7 @@ static DEFINE_MUTEX(mtrr_mutex); u64 size_or_mask, size_and_mask; @@ -11728,7 +11794,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_32.S linux-3.0.4/arch/x86/kernel/en CFI_ADJUST_CFA_OFFSET -24 diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/entry_64.S --- linux-3.0.4/arch/x86/kernel/entry_64.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/kernel/entry_64.S 2011-08-26 19:49:56.000000000 -0400 ++++ linux-3.0.4/arch/x86/kernel/entry_64.S 2011-09-17 18:31:51.000000000 -0400 @@ -53,6 +53,7 @@ #include <asm/paravirt.h> #include <asm/ftrace.h> @@ -12108,7 +12174,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en je retint_kernel /* Interrupt came from user space */ -@@ -847,12 +1125,15 @@ retint_swapgs: /* return to user-space +@@ -847,12 +1125,18 @@ retint_swapgs: /* return to user-space * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -12121,10 +12187,13 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en retint_restore_args: /* return to kernel space */ DISABLE_INTERRUPTS(CLBR_ANY) + pax_exit_kernel ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80,0x7+RIP-ARGOFFSET(%rsp) ++#endif /* * The iretq could re-enable interrupts: */ -@@ -1027,6 +1308,16 @@ ENTRY(\sym) +@@ -1027,6 +1311,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -12141,7 +12210,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ call \do_sym -@@ -1044,6 +1335,16 @@ ENTRY(\sym) +@@ -1044,6 +1338,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -12158,7 +12227,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ call \do_sym -@@ -1052,7 +1353,7 @@ ENTRY(\sym) +@@ -1052,7 +1356,7 @@ ENTRY(\sym) END(\sym) .endm @@ -12167,7 +12236,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1062,8 +1363,24 @@ ENTRY(\sym) +@@ -1062,8 +1366,24 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -12192,7 +12261,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en subq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist) call \do_sym addq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist) -@@ -1080,6 +1397,16 @@ ENTRY(\sym) +@@ -1080,6 +1400,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -12209,7 +12278,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en movq %rsp,%rdi /* pt_regs pointer */ movq ORIG_RAX(%rsp),%rsi /* get error code */ movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ -@@ -1099,6 +1426,16 @@ ENTRY(\sym) +@@ -1099,6 +1429,16 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -12226,7 +12295,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en movq %rsp,%rdi /* pt_regs pointer */ movq ORIG_RAX(%rsp),%rsi /* get error code */ movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ -@@ -1361,14 +1698,27 @@ ENTRY(paranoid_exit) +@@ -1361,16 +1701,35 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -12238,6 +12307,9 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en + TRACE_IRQS_IRETQ 0 + SWAPGS_UNSAFE_STACK + RESTORE_ALL 8 ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80,0x7(%rsp) ++#endif + jmp irq_return +#endif paranoid_swapgs: @@ -12254,8 +12326,13 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en + pax_exit_kernel TRACE_IRQS_IRETQ 0 RESTORE_ALL 8 ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80,0x7(%rsp) ++#endif jmp irq_return -@@ -1426,7 +1776,7 @@ ENTRY(error_entry) + paranoid_userspace: + GET_THREAD_INFO(%rcx) +@@ -1426,7 +1785,7 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -12264,7 +12341,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en je error_kernelspace error_swapgs: SWAPGS -@@ -1490,6 +1840,16 @@ ENTRY(nmi) +@@ -1490,6 +1849,16 @@ ENTRY(nmi) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid DEFAULT_FRAME 0 @@ -12281,7 +12358,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1500,11 +1860,25 @@ ENTRY(nmi) +@@ -1500,12 +1869,32 @@ ENTRY(nmi) DISABLE_INTERRUPTS(CLBR_NONE) testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore @@ -12292,6 +12369,9 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en + pax_exit_kernel + SWAPGS_UNSAFE_STACK + RESTORE_ALL 8 ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80,0x7(%rsp) ++#endif + jmp irq_return +#endif nmi_swapgs: @@ -12306,8 +12386,12 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en nmi_restore: + pax_exit_kernel RESTORE_ALL 8 ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80,0x7(%rsp) ++#endif jmp irq_return nmi_userspace: + GET_THREAD_INFO(%rcx) diff -urNp linux-3.0.4/arch/x86/kernel/ftrace.c linux-3.0.4/arch/x86/kernel/ftrace.c --- linux-3.0.4/arch/x86/kernel/ftrace.c 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/arch/x86/kernel/ftrace.c 2011-08-23 21:47:55.000000000 -0400 @@ -16528,8 +16612,15 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_386_32.S linux-3.0.4/arch/x86/lib/a movl %edx, 4(v) diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S --- linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-08-23 21:47:55.000000000 -0400 -@@ -39,6 +39,14 @@ ENTRY(atomic64_read_cx8) ++++ linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-09-17 18:31:51.000000000 -0400 +@@ -35,10 +35,24 @@ ENTRY(atomic64_read_cx8) + CFI_STARTPROC + + read64 %ecx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret CFI_ENDPROC ENDPROC(atomic64_read_cx8) @@ -16537,6 +16628,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a + CFI_STARTPROC + + read64 %ecx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC +ENDPROC(atomic64_read_unchecked_cx8) @@ -16544,7 +16638,14 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a ENTRY(atomic64_set_cx8) CFI_STARTPROC -@@ -52,6 +60,19 @@ ENTRY(atomic64_set_cx8) +@@ -48,10 +62,29 @@ ENTRY(atomic64_set_cx8) + cmpxchg8b (%esi) + jne 1b + ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret CFI_ENDPROC ENDPROC(atomic64_set_cx8) @@ -16557,6 +16658,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a + cmpxchg8b (%esi) + jne 1b + ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC +ENDPROC(atomic64_set_unchecked_cx8) @@ -16564,7 +16668,14 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a ENTRY(atomic64_xchg_cx8) CFI_STARTPROC -@@ -66,8 +87,8 @@ ENTRY(atomic64_xchg_cx8) +@@ -62,12 +95,15 @@ ENTRY(atomic64_xchg_cx8) + cmpxchg8b (%esi) + jne 1b + ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret CFI_ENDPROC ENDPROC(atomic64_xchg_cx8) @@ -16575,7 +16686,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a CFI_STARTPROC SAVE ebp SAVE ebx -@@ -84,27 +105,43 @@ ENTRY(atomic64_\func\()_return_cx8) +@@ -84,27 +120,46 @@ ENTRY(atomic64_\func\()_return_cx8) movl %edx, %ecx \ins\()l %esi, %ebx \insc\()l %edi, %ecx @@ -16606,6 +16717,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a RESTORE esi RESTORE ebx RESTORE ebp ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif ret CFI_ENDPROC -ENDPROC(atomic64_\func\()_return_cx8) @@ -16624,7 +16738,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a CFI_STARTPROC SAVE ebx -@@ -114,21 +151,38 @@ ENTRY(atomic64_\func\()_return_cx8) +@@ -114,21 +169,41 @@ ENTRY(atomic64_\func\()_return_cx8) movl %edx, %ecx \ins\()l $1, %ebx \insc\()l $0, %ecx @@ -16652,6 +16766,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a +.endif + RESTORE ebx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif ret CFI_ENDPROC -ENDPROC(atomic64_\func\()_return_cx8) @@ -16665,7 +16782,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a ENTRY(atomic64_dec_if_positive_cx8) CFI_STARTPROC -@@ -140,6 +194,13 @@ ENTRY(atomic64_dec_if_positive_cx8) +@@ -140,6 +215,13 @@ ENTRY(atomic64_dec_if_positive_cx8) movl %edx, %ecx subl $1, %ebx sbb $0, %ecx @@ -16679,7 +16796,17 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a js 2f LOCK_PREFIX cmpxchg8b (%esi) -@@ -174,6 +235,13 @@ ENTRY(atomic64_add_unless_cx8) +@@ -149,6 +231,9 @@ ENTRY(atomic64_dec_if_positive_cx8) + movl %ebx, %eax + movl %ecx, %edx + RESTORE ebx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(atomic64_dec_if_positive_cx8) +@@ -174,6 +259,13 @@ ENTRY(atomic64_add_unless_cx8) movl %edx, %ecx addl %esi, %ebx adcl %edi, %ecx @@ -16693,7 +16820,17 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a LOCK_PREFIX cmpxchg8b (%ebp) jne 1b -@@ -206,6 +274,13 @@ ENTRY(atomic64_inc_not_zero_cx8) +@@ -184,6 +276,9 @@ ENTRY(atomic64_add_unless_cx8) + CFI_ADJUST_CFA_OFFSET -8 + RESTORE ebx + RESTORE ebp ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + 4: + cmpl %edx, 4(%esp) +@@ -206,6 +301,13 @@ ENTRY(atomic64_inc_not_zero_cx8) movl %edx, %ecx addl $1, %ebx adcl $0, %ecx @@ -16707,6 +16844,16 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a LOCK_PREFIX cmpxchg8b (%esi) jne 1b +@@ -213,6 +315,9 @@ ENTRY(atomic64_inc_not_zero_cx8) + movl $1, %eax + 3: + RESTORE ebx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + 4: + testl %edx, %edx diff -urNp linux-3.0.4/arch/x86/lib/checksum_32.S linux-3.0.4/arch/x86/lib/checksum_32.S --- linux-3.0.4/arch/x86/lib/checksum_32.S 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/arch/x86/lib/checksum_32.S 2011-08-23 21:47:55.000000000 -0400 @@ -16956,8 +17103,38 @@ diff -urNp linux-3.0.4/arch/x86/lib/checksum_32.S linux-3.0.4/arch/x86/lib/check #undef ROUND1 diff -urNp linux-3.0.4/arch/x86/lib/clear_page_64.S linux-3.0.4/arch/x86/lib/clear_page_64.S --- linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-08-23 21:47:55.000000000 -0400 -@@ -58,7 +58,7 @@ ENDPROC(clear_page) ++++ linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -11,6 +11,9 @@ ENTRY(clear_page_c) + movl $4096/8,%ecx + xorl %eax,%eax + rep stosq ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(clear_page_c) +@@ -20,6 +23,9 @@ ENTRY(clear_page_c_e) + movl $4096,%ecx + xorl %eax,%eax + rep stosb ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(clear_page_c_e) +@@ -43,6 +49,9 @@ ENTRY(clear_page) + leaq 64(%rdi),%rdi + jnz .Lloop + nop ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + .Lclear_page_end: +@@ -58,7 +67,7 @@ ENDPROC(clear_page) #include <asm/cpufeature.h> @@ -16968,8 +17145,28 @@ diff -urNp linux-3.0.4/arch/x86/lib/clear_page_64.S linux-3.0.4/arch/x86/lib/cle 2: .byte 0xeb /* jmp <disp8> */ diff -urNp linux-3.0.4/arch/x86/lib/copy_page_64.S linux-3.0.4/arch/x86/lib/copy_page_64.S --- linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-08-23 21:47:55.000000000 -0400 -@@ -104,7 +104,7 @@ ENDPROC(copy_page) ++++ linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -8,6 +8,9 @@ copy_page_c: + CFI_STARTPROC + movl $4096/8,%ecx + rep movsq ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(copy_page_c) +@@ -94,6 +97,9 @@ ENTRY(copy_page) + CFI_RESTORE r13 + addq $3*8,%rsp + CFI_ADJUST_CFA_OFFSET -3*8 ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + .Lcopy_page_end: + CFI_ENDPROC +@@ -104,7 +110,7 @@ ENDPROC(copy_page) #include <asm/cpufeature.h> @@ -16980,7 +17177,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_page_64.S linux-3.0.4/arch/x86/lib/copy 2: diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy_user_64.S --- linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-08-23 21:47:55.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-09-17 18:31:51.000000000 -0400 @@ -16,6 +16,7 @@ #include <asm/thread_info.h> #include <asm/cpufeature.h> @@ -16998,7 +17195,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy 2: .byte 0xe9 /* near jump with 32bit immediate */ .long \alt1-1b /* offset */ /* or alternatively to alt1 */ 3: .byte 0xe9 /* near jump with 32bit immediate */ -@@ -71,41 +72,13 @@ +@@ -71,47 +72,22 @@ #endif .endm @@ -17042,9 +17239,48 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy movl %edx,%ecx xorl %eax,%eax rep + stosb + bad_to_user: + movl %edx,%eax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(bad_from_user) +@@ -179,6 +155,9 @@ ENTRY(copy_user_generic_unrolled) + decl %ecx + jnz 21b + 23: xor %eax,%eax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + + .section .fixup,"ax" +@@ -251,6 +230,9 @@ ENTRY(copy_user_generic_string) + 3: rep + movsb + 4: xorl %eax,%eax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + + .section .fixup,"ax" +@@ -287,6 +269,9 @@ ENTRY(copy_user_enhanced_fast_string) + 1: rep + movsb + 2: xorl %eax,%eax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + + .section .fixup,"ax" diff -urNp linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S --- linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-08-23 21:47:55.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-09-17 18:31:51.000000000 -0400 @@ -14,6 +14,7 @@ #include <asm/current.h> #include <asm/asm-offsets.h> @@ -17069,6 +17305,29 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S linux-3.0.4/arch/x86/ cmpl $8,%edx jb 20f /* less then 8 bytes, go to byte copy loop */ ALIGN_DESTINATION +@@ -98,6 +108,9 @@ ENTRY(__copy_user_nocache) + jnz 21b + 23: xorl %eax,%eax + sfence ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + + .section .fixup,"ax" +diff -urNp linux-3.0.4/arch/x86/lib/csum-copy_64.S linux-3.0.4/arch/x86/lib/csum-copy_64.S +--- linux-3.0.4/arch/x86/lib/csum-copy_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/csum-copy_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -228,6 +228,9 @@ ENTRY(csum_partial_copy_generic) + CFI_RESTORE rbp + addq $7*8, %rsp + CFI_ADJUST_CFA_OFFSET -7*8 ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_RESTORE_STATE + diff -urNp linux-3.0.4/arch/x86/lib/csum-wrappers_64.c linux-3.0.4/arch/x86/lib/csum-wrappers_64.c --- linux-3.0.4/arch/x86/lib/csum-wrappers_64.c 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/arch/x86/lib/csum-wrappers_64.c 2011-08-23 21:47:55.000000000 -0400 @@ -17232,6 +17491,138 @@ diff -urNp linux-3.0.4/arch/x86/lib/insn.c linux-3.0.4/arch/x86/lib/insn.c insn->x86_64 = x86_64 ? 1 : 0; insn->opnd_bytes = 4; if (x86_64) +diff -urNp linux-3.0.4/arch/x86/lib/iomap_copy_64.S linux-3.0.4/arch/x86/lib/iomap_copy_64.S +--- linux-3.0.4/arch/x86/lib/iomap_copy_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/iomap_copy_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -25,6 +25,9 @@ ENTRY(__iowrite32_copy) + CFI_STARTPROC + movl %edx,%ecx + rep movsd ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(__iowrite32_copy) +diff -urNp linux-3.0.4/arch/x86/lib/memcpy_64.S linux-3.0.4/arch/x86/lib/memcpy_64.S +--- linux-3.0.4/arch/x86/lib/memcpy_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/memcpy_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -34,6 +34,9 @@ + rep movsq + movl %edx, %ecx + rep movsb ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + .Lmemcpy_e: + .previous +@@ -51,6 +54,9 @@ + + movl %edx, %ecx + rep movsb ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + .Lmemcpy_e_e: + .previous +@@ -141,6 +147,9 @@ ENTRY(memcpy) + movq %r9, 1*8(%rdi) + movq %r10, -2*8(%rdi, %rdx) + movq %r11, -1*8(%rdi, %rdx) ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + retq + .p2align 4 + .Lless_16bytes: +@@ -153,6 +162,9 @@ ENTRY(memcpy) + movq -1*8(%rsi, %rdx), %r9 + movq %r8, 0*8(%rdi) + movq %r9, -1*8(%rdi, %rdx) ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + retq + .p2align 4 + .Lless_8bytes: +@@ -166,6 +178,9 @@ ENTRY(memcpy) + movl -4(%rsi, %rdx), %r8d + movl %ecx, (%rdi) + movl %r8d, -4(%rdi, %rdx) ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + retq + .p2align 4 + .Lless_3bytes: +@@ -183,6 +198,9 @@ ENTRY(memcpy) + jnz .Lloop_1 + + .Lend: ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + retq + CFI_ENDPROC + ENDPROC(memcpy) +diff -urNp linux-3.0.4/arch/x86/lib/memmove_64.S linux-3.0.4/arch/x86/lib/memmove_64.S +--- linux-3.0.4/arch/x86/lib/memmove_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/memmove_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -201,6 +201,9 @@ ENTRY(memmove) + movb (%rsi), %r11b + movb %r11b, (%rdi) + 13: ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + retq + CFI_ENDPROC + +@@ -209,6 +212,9 @@ ENTRY(memmove) + /* Forward moving data. */ + movq %rdx, %rcx + rep movsb ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + retq + .Lmemmove_end_forward_efs: + .previous +diff -urNp linux-3.0.4/arch/x86/lib/memset_64.S linux-3.0.4/arch/x86/lib/memset_64.S +--- linux-3.0.4/arch/x86/lib/memset_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/memset_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -31,6 +31,9 @@ + movl %r8d,%ecx + rep stosb + movq %r9,%rax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + .Lmemset_e: + .previous +@@ -53,6 +56,9 @@ + movl %edx,%ecx + rep stosb + movq %r9,%rax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + .Lmemset_e_e: + .previous +@@ -121,6 +127,9 @@ ENTRY(__memset) + + .Lende: + movq %r10,%rax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + + CFI_RESTORE_STATE diff -urNp linux-3.0.4/arch/x86/lib/mmx_32.c linux-3.0.4/arch/x86/lib/mmx_32.c --- linux-3.0.4/arch/x86/lib/mmx_32.c 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/arch/x86/lib/mmx_32.c 2011-08-23 21:47:55.000000000 -0400 @@ -17690,6 +18081,84 @@ diff -urNp linux-3.0.4/arch/x86/lib/putuser.S linux-3.0.4/arch/x86/lib/putuser.S #endif xor %eax,%eax EXIT +diff -urNp linux-3.0.4/arch/x86/lib/rwlock_64.S linux-3.0.4/arch/x86/lib/rwlock_64.S +--- linux-3.0.4/arch/x86/lib/rwlock_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/rwlock_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -17,6 +17,9 @@ ENTRY(__write_lock_failed) + LOCK_PREFIX + subl $RW_LOCK_BIAS,(%rdi) + jnz __write_lock_failed ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + END(__write_lock_failed) +@@ -33,6 +36,9 @@ ENTRY(__read_lock_failed) + LOCK_PREFIX + decl (%rdi) + js __read_lock_failed ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + END(__read_lock_failed) +diff -urNp linux-3.0.4/arch/x86/lib/rwsem_64.S linux-3.0.4/arch/x86/lib/rwsem_64.S +--- linux-3.0.4/arch/x86/lib/rwsem_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/rwsem_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -51,6 +51,9 @@ ENTRY(call_rwsem_down_read_failed) + popq_cfi %rdx + CFI_RESTORE rdx + restore_common_regs ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(call_rwsem_down_read_failed) +@@ -61,6 +64,9 @@ ENTRY(call_rwsem_down_write_failed) + movq %rax,%rdi + call rwsem_down_write_failed + restore_common_regs ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(call_rwsem_down_write_failed) +@@ -73,6 +79,9 @@ ENTRY(call_rwsem_wake) + movq %rax,%rdi + call rwsem_wake + restore_common_regs ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + 1: ret + CFI_ENDPROC + ENDPROC(call_rwsem_wake) +@@ -88,6 +97,9 @@ ENTRY(call_rwsem_downgrade_wake) + popq_cfi %rdx + CFI_RESTORE rdx + restore_common_regs ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(call_rwsem_downgrade_wake) +diff -urNp linux-3.0.4/arch/x86/lib/thunk_64.S linux-3.0.4/arch/x86/lib/thunk_64.S +--- linux-3.0.4/arch/x86/lib/thunk_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/thunk_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -50,5 +50,8 @@ + SAVE_ARGS + restore: + RESTORE_ARGS ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC diff -urNp linux-3.0.4/arch/x86/lib/usercopy_32.c linux-3.0.4/arch/x86/lib/usercopy_32.c --- linux-3.0.4/arch/x86/lib/usercopy_32.c 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/arch/x86/lib/usercopy_32.c 2011-08-23 21:47:55.000000000 -0400 @@ -20538,7 +21007,7 @@ diff -urNp linux-3.0.4/arch/x86/net/bpf_jit_comp.c linux-3.0.4/arch/x86/net/bpf_ sizeof(struct work_struct))); if (!image) diff -urNp linux-3.0.4/arch/x86/oprofile/backtrace.c linux-3.0.4/arch/x86/oprofile/backtrace.c ---- linux-3.0.4/arch/x86/oprofile/backtrace.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/arch/x86/oprofile/backtrace.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/arch/x86/oprofile/backtrace.c 2011-08-23 21:47:55.000000000 -0400 @@ -148,7 +148,7 @@ x86_backtrace(struct pt_regs * const reg { @@ -20872,8 +21341,8 @@ diff -urNp linux-3.0.4/arch/x86/pci/pcbios.c linux-3.0.4/arch/x86/pci/pcbios.c EXPORT_SYMBOL(pcibios_set_irq_routing); diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platform/efi/efi_32.c --- linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-08-23 21:47:55.000000000 -0400 -@@ -38,70 +38,37 @@ ++++ linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-09-19 09:16:58.000000000 -0400 +@@ -38,70 +38,56 @@ */ static unsigned long efi_rt_eflags; @@ -20887,7 +21356,10 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf - unsigned long temp; struct desc_ptr gdt_descr; - local_irq_save(efi_rt_eflags); +- local_irq_save(efi_rt_eflags); ++#ifdef CONFIG_PAX_KERNEXEC ++ struct desc_struct d; ++#endif - /* - * If I don't have PAE, I should just duplicate two entries in page @@ -20895,7 +21367,8 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf - * page directory. - */ - cr4 = read_cr4_safe(); -- ++ local_irq_save(efi_rt_eflags); + - if (cr4 & X86_CR4_PAE) { - efi_bak_pg_dir_pointer[0].pgd = - swapper_pg_dir[pgd_index(0)].pgd; @@ -20921,8 +21394,14 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf */ __flush_tlb_all(); -- gdt_descr.address = __pa(get_cpu_gdt_table(0)); -+ gdt_descr.address = (struct desc_struct *)__pa(get_cpu_gdt_table(0)); ++#ifdef CONFIG_PAX_KERNEXEC ++ pack_descriptor(&d, 0, 0xFFFFF, 0x9B, 0xC); ++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_CS, &d, DESCTYPE_S); ++ pack_descriptor(&d, 0, 0xFFFFF, 0x93, 0xC); ++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_DS, &d, DESCTYPE_S); ++#endif ++ + gdt_descr.address = __pa(get_cpu_gdt_table(0)); gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); } @@ -20933,8 +21412,15 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf - unsigned long cr4; struct desc_ptr gdt_descr; -- gdt_descr.address = (unsigned long)get_cpu_gdt_table(0); -+ gdt_descr.address = get_cpu_gdt_table(0); ++#ifdef CONFIG_PAX_KERNEXEC ++ struct desc_struct d; ++ ++ memset(&d, 0, sizeof d); ++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_CS, &d, DESCTYPE_S); ++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_DS, &d, DESCTYPE_S); ++#endif ++ + gdt_descr.address = (unsigned long)get_cpu_gdt_table(0); gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); @@ -20955,16 +21441,18 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf * After the lock is released, the original page table is restored. diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S --- linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S 2011-08-23 21:47:55.000000000 -0400 -@@ -6,6 +6,7 @@ ++++ linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S 2011-09-19 09:16:58.000000000 -0400 +@@ -6,7 +6,9 @@ */ #include <linux/linkage.h> +#include <linux/init.h> #include <asm/page_types.h> ++#include <asm/segment.h> /* -@@ -20,7 +21,7 @@ + * efi_call_phys(void *, ...) is a function with variable parameters. +@@ -20,7 +22,7 @@ * service functions will comply with gcc calling convention, too. */ @@ -20973,18 +21461,22 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/ ENTRY(efi_call_phys) /* * 0. The function can only be called in Linux kernel. So CS has been -@@ -36,9 +37,7 @@ ENTRY(efi_call_phys) +@@ -36,9 +38,11 @@ ENTRY(efi_call_phys) * The mapping of lower virtual memory has been created in prelog and * epilog. */ - movl $1f, %edx - subl $__PAGE_OFFSET, %edx - jmp *%edx -+ jmp 1f-__PAGE_OFFSET ++ movl $(__KERNEXEC_EFI_DS), %edx ++ mov %edx, %ds ++ mov %edx, %es ++ mov %edx, %ss ++ ljmp $(__KERNEXEC_EFI_CS),$1f-__PAGE_OFFSET 1: /* -@@ -47,14 +46,8 @@ ENTRY(efi_call_phys) +@@ -47,14 +51,8 @@ ENTRY(efi_call_phys) * parameter 2, ..., param n. To make things easy, we save the return * address of efi_call_phys in a global variable. */ @@ -21001,7 +21493,7 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/ /* * 3. Clear PG bit in %CR0. -@@ -73,9 +66,8 @@ ENTRY(efi_call_phys) +@@ -73,9 +71,8 @@ ENTRY(efi_call_phys) /* * 5. Call the physical function. */ @@ -21012,7 +21504,7 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/ /* * 6. After EFI runtime service returns, control will return to * following instruction. We'd better readjust stack pointer first. -@@ -88,35 +80,28 @@ ENTRY(efi_call_phys) +@@ -88,35 +85,32 @@ ENTRY(efi_call_phys) movl %cr0, %edx orl $0x80000000, %edx movl %edx, %cr0 @@ -21025,8 +21517,12 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/ */ - movl $1f, %edx - jmp *%edx -+ jmp 1f+__PAGE_OFFSET ++ ljmp $(__KERNEL_CS),$1f+__PAGE_OFFSET 1: ++ movl $(__KERNEL_DS), %edx ++ mov %edx, %ds ++ mov %edx, %es ++ mov %edx, %ss /* * 9. Balance the stack. And because EAX contain the return value, @@ -21054,6 +21550,78 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/ saved_return_addr: .long 0 efi_rt_function_ptr: +diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S +--- linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -40,6 +40,9 @@ ENTRY(efi_call0) + call *%rdi + addq $32, %rsp + RESTORE_XMM ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + ENDPROC(efi_call0) + +@@ -50,6 +53,9 @@ ENTRY(efi_call1) + call *%rdi + addq $32, %rsp + RESTORE_XMM ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + ENDPROC(efi_call1) + +@@ -60,6 +66,9 @@ ENTRY(efi_call2) + call *%rdi + addq $32, %rsp + RESTORE_XMM ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + ENDPROC(efi_call2) + +@@ -71,6 +80,9 @@ ENTRY(efi_call3) + call *%rdi + addq $32, %rsp + RESTORE_XMM ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + ENDPROC(efi_call3) + +@@ -83,6 +95,9 @@ ENTRY(efi_call4) + call *%rdi + addq $32, %rsp + RESTORE_XMM ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + ENDPROC(efi_call4) + +@@ -96,6 +111,9 @@ ENTRY(efi_call5) + call *%rdi + addq $48, %rsp + RESTORE_XMM ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + ENDPROC(efi_call5) + +@@ -112,5 +130,8 @@ ENTRY(efi_call6) + call *%rdi + addq $48, %rsp + RESTORE_XMM ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + ENDPROC(efi_call6) diff -urNp linux-3.0.4/arch/x86/platform/mrst/mrst.c linux-3.0.4/arch/x86/platform/mrst/mrst.c --- linux-3.0.4/arch/x86/platform/mrst/mrst.c 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/arch/x86/platform/mrst/mrst.c 2011-08-23 21:47:55.000000000 -0400 @@ -21313,7 +21881,7 @@ diff -urNp linux-3.0.4/arch/x86/vdso/vma.c linux-3.0.4/arch/x86/vdso/vma.c -} -__setup("vdso=", vdso_setup); diff -urNp linux-3.0.4/arch/x86/xen/enlighten.c linux-3.0.4/arch/x86/xen/enlighten.c ---- linux-3.0.4/arch/x86/xen/enlighten.c 2011-08-29 23:26:13.000000000 -0400 +--- linux-3.0.4/arch/x86/xen/enlighten.c 2011-09-02 18:11:26.000000000 -0400 +++ linux-3.0.4/arch/x86/xen/enlighten.c 2011-08-29 23:26:21.000000000 -0400 @@ -85,8 +85,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -21388,7 +21956,7 @@ diff -urNp linux-3.0.4/arch/x86/xen/enlighten.c linux-3.0.4/arch/x86/xen/enlight #ifdef CONFIG_ACPI_NUMA diff -urNp linux-3.0.4/arch/x86/xen/mmu.c linux-3.0.4/arch/x86/xen/mmu.c ---- linux-3.0.4/arch/x86/xen/mmu.c 2011-08-29 23:26:13.000000000 -0400 +--- linux-3.0.4/arch/x86/xen/mmu.c 2011-09-02 18:11:26.000000000 -0400 +++ linux-3.0.4/arch/x86/xen/mmu.c 2011-08-29 23:26:21.000000000 -0400 @@ -1683,6 +1683,8 @@ pgd_t * __init xen_setup_kernel_pagetabl convert_pfn_mfn(init_level4_pgt); @@ -21427,7 +21995,7 @@ diff -urNp linux-3.0.4/arch/x86/xen/mmu.c linux-3.0.4/arch/x86/xen/mmu.c .alloc_pud = xen_alloc_pmd_init, .release_pud = xen_release_pmd_init, diff -urNp linux-3.0.4/arch/x86/xen/smp.c linux-3.0.4/arch/x86/xen/smp.c ---- linux-3.0.4/arch/x86/xen/smp.c 2011-08-29 23:26:13.000000000 -0400 +--- linux-3.0.4/arch/x86/xen/smp.c 2011-09-02 18:11:26.000000000 -0400 +++ linux-3.0.4/arch/x86/xen/smp.c 2011-08-29 23:26:21.000000000 -0400 @@ -193,11 +193,6 @@ static void __init xen_smp_prepare_boot_ { @@ -21519,7 +22087,7 @@ diff -urNp linux-3.0.4/arch/x86/xen/xen-head.S linux-3.0.4/arch/x86/xen/xen-head mov %rsi,xen_start_info mov $init_thread_union+THREAD_SIZE,%rsp diff -urNp linux-3.0.4/arch/x86/xen/xen-ops.h linux-3.0.4/arch/x86/xen/xen-ops.h ---- linux-3.0.4/arch/x86/xen/xen-ops.h 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/arch/x86/xen/xen-ops.h 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/arch/x86/xen/xen-ops.h 2011-08-23 21:47:55.000000000 -0400 @@ -10,8 +10,6 @@ extern const char xen_hypervisor_callback[]; @@ -23175,7 +23743,7 @@ diff -urNp linux-3.0.4/drivers/block/cciss.c linux-3.0.4/drivers/block/cciss.c } diff -urNp linux-3.0.4/drivers/block/cciss.h linux-3.0.4/drivers/block/cciss.h ---- linux-3.0.4/drivers/block/cciss.h 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/block/cciss.h 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/block/cciss.h 2011-08-23 21:47:55.000000000 -0400 @@ -100,7 +100,7 @@ struct ctlr_info /* information about each logical volume */ @@ -23880,7 +24448,7 @@ diff -urNp linux-3.0.4/drivers/char/nvram.c linux-3.0.4/drivers/char/nvram.c *ppos = i; diff -urNp linux-3.0.4/drivers/char/random.c linux-3.0.4/drivers/char/random.c ---- linux-3.0.4/drivers/char/random.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/char/random.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/char/random.c 2011-08-23 21:48:14.000000000 -0400 @@ -261,8 +261,13 @@ /* @@ -24172,7 +24740,7 @@ diff -urNp linux-3.0.4/drivers/firewire/core-card.c linux-3.0.4/drivers/firewire card->driver->update_phy_reg(card, 4, PHY_LINK_ACTIVE | PHY_CONTENDER, 0); diff -urNp linux-3.0.4/drivers/firewire/core-cdev.c linux-3.0.4/drivers/firewire/core-cdev.c ---- linux-3.0.4/drivers/firewire/core-cdev.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/firewire/core-cdev.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/firewire/core-cdev.c 2011-08-23 21:47:55.000000000 -0400 @@ -1313,8 +1313,7 @@ static int init_iso_resource(struct clie int ret; @@ -24515,7 +25083,7 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_debugfs.c linux-3.0.4/drivers/g if (IS_GEN6(dev)) { seq_printf(m, "Graphics Interrupt mask (%s): %08x\n", diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c ---- linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c 2011-08-23 21:47:55.000000000 -0400 @@ -1169,7 +1169,7 @@ static bool i915_switcheroo_can_switch(s bool can_switch; @@ -24578,7 +25146,7 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_gem_execbuffer.c linux-3.0.4/dr /* The actual obj->write_domain will be updated with * pending_write_domain after we emit the accumulated flush for all diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c ---- linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c 2011-08-23 21:47:55.000000000 -0400 @@ -473,7 +473,7 @@ static irqreturn_t ivybridge_irq_handler u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir; @@ -24626,7 +25194,7 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c linux-3.0.4/drivers/gpu/d INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff -urNp linux-3.0.4/drivers/gpu/drm/i915/intel_display.c linux-3.0.4/drivers/gpu/drm/i915/intel_display.c ---- linux-3.0.4/drivers/gpu/drm/i915/intel_display.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/gpu/drm/i915/intel_display.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/gpu/drm/i915/intel_display.c 2011-08-23 21:47:55.000000000 -0400 @@ -1961,7 +1961,7 @@ intel_pipe_set_base(struct drm_crtc *crt @@ -24974,7 +25542,7 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/radeon/radeon_atombios.c linux-3.0.4/driv return false; diff -urNp linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c ---- linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c 2011-08-23 21:47:55.000000000 -0400 @@ -678,7 +678,7 @@ static bool radeon_switcheroo_can_switch bool can_switch; @@ -24986,7 +25554,7 @@ diff -urNp linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c linux-3.0.4/driver return can_switch; } diff -urNp linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c ---- linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c 2011-08-23 21:48:14.000000000 -0400 @@ -946,6 +946,8 @@ void radeon_compute_pll_legacy(struct ra uint32_t post_div; @@ -26766,7 +27334,7 @@ diff -urNp linux-3.0.4/drivers/lguest/x86/switcher_32.S linux-3.0.4/drivers/lgue // Every interrupt can come to us here // But we must truly tell each apart. diff -urNp linux-3.0.4/drivers/md/dm.c linux-3.0.4/drivers/md/dm.c ---- linux-3.0.4/drivers/md/dm.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/md/dm.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/md/dm.c 2011-08-23 21:47:55.000000000 -0400 @@ -164,9 +164,9 @@ struct mapped_device { /* @@ -28836,7 +29404,7 @@ diff -urNp linux-3.0.4/drivers/net/mlx4/main.c linux-3.0.4/drivers/net/mlx4/main if (err) { if (err == -EACCES) diff -urNp linux-3.0.4/drivers/net/niu.c linux-3.0.4/drivers/net/niu.c ---- linux-3.0.4/drivers/net/niu.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/net/niu.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/net/niu.c 2011-08-23 21:48:14.000000000 -0400 @@ -9056,6 +9056,8 @@ static void __devinit niu_try_msix(struc int i, num_irqs, err; @@ -29494,7 +30062,7 @@ diff -urNp linux-3.0.4/drivers/net/ppp_generic.c linux-3.0.4/drivers/net/ppp_gen err = 0; break; diff -urNp linux-3.0.4/drivers/net/r8169.c linux-3.0.4/drivers/net/r8169.c ---- linux-3.0.4/drivers/net/r8169.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/net/r8169.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/net/r8169.c 2011-08-23 21:47:55.000000000 -0400 @@ -645,12 +645,12 @@ struct rtl8169_private { struct mdio_ops { @@ -29838,7 +30406,7 @@ diff -urNp linux-3.0.4/drivers/net/wimax/i2400m/usb-fw.c linux-3.0.4/drivers/net i2400m, ack, ack_size); BUG_ON(_ack == i2400m->bm_ack_buf); diff -urNp linux-3.0.4/drivers/net/wireless/airo.c linux-3.0.4/drivers/net/wireless/airo.c ---- linux-3.0.4/drivers/net/wireless/airo.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/net/wireless/airo.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/net/wireless/airo.c 2011-08-23 21:48:14.000000000 -0400 @@ -3003,6 +3003,8 @@ static void airo_process_scan_results (s BSSListElement * loop_net; @@ -30063,7 +30631,7 @@ diff -urNp linux-3.0.4/drivers/net/wireless/ath/ath9k/htc_drv_debug.c linux-3.0. "Mgmt endpoint", skb_queue_len(&priv->tx.mgmt_ep_queue)); diff -urNp linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h ---- linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h 2011-08-23 21:47:55.000000000 -0400 @@ -585,7 +585,7 @@ struct ath_hw_private_ops { @@ -31061,7 +31629,7 @@ diff -urNp linux-3.0.4/drivers/scsi/hpsa.c linux-3.0.4/drivers/scsi/hpsa.c } diff -urNp linux-3.0.4/drivers/scsi/hpsa.h linux-3.0.4/drivers/scsi/hpsa.h ---- linux-3.0.4/drivers/scsi/hpsa.h 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/scsi/hpsa.h 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/scsi/hpsa.h 2011-08-23 21:47:55.000000000 -0400 @@ -73,7 +73,7 @@ struct ctlr_info { unsigned int msix_vector; @@ -31438,7 +32006,7 @@ diff -urNp linux-3.0.4/drivers/scsi/osd/osd_initiator.c linux-3.0.4/drivers/scsi if (!or) return -ENOMEM; diff -urNp linux-3.0.4/drivers/scsi/pmcraid.c linux-3.0.4/drivers/scsi/pmcraid.c ---- linux-3.0.4/drivers/scsi/pmcraid.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/scsi/pmcraid.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/scsi/pmcraid.c 2011-08-23 21:47:56.000000000 -0400 @@ -201,8 +201,8 @@ static int pmcraid_slave_alloc(struct sc res->scsi_dev = scsi_dev; @@ -31640,7 +32208,7 @@ diff -urNp linux-3.0.4/drivers/scsi/scsi_debug.c linux-3.0.4/drivers/scsi/scsi_d return errsts; memset(arr, 0, sizeof(arr)); diff -urNp linux-3.0.4/drivers/scsi/scsi_lib.c linux-3.0.4/drivers/scsi/scsi_lib.c ---- linux-3.0.4/drivers/scsi/scsi_lib.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/scsi/scsi_lib.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/scsi/scsi_lib.c 2011-08-23 21:47:56.000000000 -0400 @@ -1412,7 +1412,7 @@ static void scsi_kill_request(struct req shost = sdev->host; @@ -31832,7 +32400,7 @@ diff -urNp linux-3.0.4/drivers/spi/spi.c linux-3.0.4/drivers/spi/spi.c static u8 *buf; diff -urNp linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c ---- linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c 2011-08-23 21:48:14.000000000 -0400 @@ -362,7 +362,7 @@ static struct ar_cookie s_ar_cookie_mem[ (((ar)->arTargetType == TARGET_TYPE_AR6003) ? AR6003_HOST_INTEREST_ITEM_ADDRESS(item) : 0)) @@ -31963,7 +32531,7 @@ diff -urNp linux-3.0.4/drivers/staging/et131x/et131x_adapter.h linux-3.0.4/drive u32 noxmtbuf; /* # Tx packets discarded */ diff -urNp linux-3.0.4/drivers/staging/hv/channel.c linux-3.0.4/drivers/staging/hv/channel.c ---- linux-3.0.4/drivers/staging/hv/channel.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/staging/hv/channel.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/staging/hv/channel.c 2011-08-23 21:47:56.000000000 -0400 @@ -433,8 +433,8 @@ int vmbus_establish_gpadl(struct vmbus_c int ret = 0; @@ -32017,7 +32585,7 @@ diff -urNp linux-3.0.4/drivers/staging/hv/hyperv_vmbus.h linux-3.0.4/drivers/sta /* * Represents channel interrupts. Each bit position represents a diff -urNp linux-3.0.4/drivers/staging/hv/rndis_filter.c linux-3.0.4/drivers/staging/hv/rndis_filter.c ---- linux-3.0.4/drivers/staging/hv/rndis_filter.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/staging/hv/rndis_filter.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/staging/hv/rndis_filter.c 2011-08-23 21:47:56.000000000 -0400 @@ -43,7 +43,7 @@ struct rndis_device { @@ -32251,7 +32819,7 @@ diff -urNp linux-3.0.4/drivers/staging/usbip/vhci.h linux-3.0.4/drivers/staging/ /* * NOTE: diff -urNp linux-3.0.4/drivers/staging/usbip/vhci_hcd.c linux-3.0.4/drivers/staging/usbip/vhci_hcd.c ---- linux-3.0.4/drivers/staging/usbip/vhci_hcd.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/staging/usbip/vhci_hcd.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/staging/usbip/vhci_hcd.c 2011-08-23 21:47:56.000000000 -0400 @@ -511,7 +511,7 @@ static void vhci_tx_urb(struct urb *urb) return; @@ -32828,7 +33396,7 @@ diff -urNp linux-3.0.4/drivers/tty/ipwireless/tty.c linux-3.0.4/drivers/tty/ipwi ipwireless_disassociate_network_ttys(network, ttyj->channel_idx); diff -urNp linux-3.0.4/drivers/tty/n_gsm.c linux-3.0.4/drivers/tty/n_gsm.c ---- linux-3.0.4/drivers/tty/n_gsm.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/drivers/tty/n_gsm.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/drivers/tty/n_gsm.c 2011-08-23 21:47:56.000000000 -0400 @@ -1589,7 +1589,7 @@ static struct gsm_dlci *gsm_dlci_alloc(s return NULL; @@ -36623,7 +37191,7 @@ diff -urNp linux-3.0.4/fs/attr.c linux-3.0.4/fs/attr.c goto out_sig; if (offset > inode->i_sb->s_maxbytes) diff -urNp linux-3.0.4/fs/befs/linuxvfs.c linux-3.0.4/fs/befs/linuxvfs.c ---- linux-3.0.4/fs/befs/linuxvfs.c 2011-08-29 23:26:13.000000000 -0400 +--- linux-3.0.4/fs/befs/linuxvfs.c 2011-09-02 18:11:26.000000000 -0400 +++ linux-3.0.4/fs/befs/linuxvfs.c 2011-08-29 23:26:27.000000000 -0400 @@ -503,7 +503,7 @@ static void befs_put_link(struct dentry { @@ -37856,7 +38424,7 @@ diff -urNp linux-3.0.4/fs/cifs/cifs_debug.c linux-3.0.4/fs/cifs/cifs_debug.c } } diff -urNp linux-3.0.4/fs/cifs/cifsfs.c linux-3.0.4/fs/cifs/cifsfs.c ---- linux-3.0.4/fs/cifs/cifsfs.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/fs/cifs/cifsfs.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/fs/cifs/cifsfs.c 2011-08-25 17:18:05.000000000 -0400 @@ -994,7 +994,7 @@ cifs_init_request_bufs(void) cifs_req_cachep = kmem_cache_create("cifs_request", @@ -38223,7 +38791,7 @@ diff -urNp linux-3.0.4/fs/dcache.c linux-3.0.4/fs/dcache.c dcache_init(); inode_init(); diff -urNp linux-3.0.4/fs/ecryptfs/inode.c linux-3.0.4/fs/ecryptfs/inode.c ---- linux-3.0.4/fs/ecryptfs/inode.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/fs/ecryptfs/inode.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/fs/ecryptfs/inode.c 2011-08-23 21:47:56.000000000 -0400 @@ -704,7 +704,7 @@ static int ecryptfs_readlink_lower(struc old_fs = get_fs(); @@ -38945,7 +39513,7 @@ diff -urNp linux-3.0.4/fs/ext4/balloc.c linux-3.0.4/fs/ext4/balloc.c if (free_blocks >= (nblocks + dirty_blocks)) return 1; diff -urNp linux-3.0.4/fs/ext4/ext4.h linux-3.0.4/fs/ext4/ext4.h ---- linux-3.0.4/fs/ext4/ext4.h 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/fs/ext4/ext4.h 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/fs/ext4/ext4.h 2011-08-23 21:47:56.000000000 -0400 @@ -1177,19 +1177,19 @@ struct ext4_sb_info { unsigned long s_mb_last_start; @@ -38978,7 +39546,7 @@ diff -urNp linux-3.0.4/fs/ext4/ext4.h linux-3.0.4/fs/ext4/ext4.h /* locality groups */ diff -urNp linux-3.0.4/fs/ext4/mballoc.c linux-3.0.4/fs/ext4/mballoc.c ---- linux-3.0.4/fs/ext4/mballoc.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/fs/ext4/mballoc.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/fs/ext4/mballoc.c 2011-08-23 21:48:14.000000000 -0400 @@ -1793,7 +1793,7 @@ void ext4_mb_simple_scan_group(struct ex BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len); @@ -40686,7 +41254,7 @@ diff -urNp linux-3.0.4/fs/fuse/cuse.c linux-3.0.4/fs/fuse/cuse.c cuse_class = class_create(THIS_MODULE, "cuse"); if (IS_ERR(cuse_class)) diff -urNp linux-3.0.4/fs/fuse/dev.c linux-3.0.4/fs/fuse/dev.c ---- linux-3.0.4/fs/fuse/dev.c 2011-08-29 23:26:14.000000000 -0400 +--- linux-3.0.4/fs/fuse/dev.c 2011-09-02 18:11:26.000000000 -0400 +++ linux-3.0.4/fs/fuse/dev.c 2011-08-29 23:26:27.000000000 -0400 @@ -1238,7 +1238,7 @@ static ssize_t fuse_dev_splice_read(stru ret = 0; @@ -41664,7 +42232,7 @@ diff -urNp linux-3.0.4/fs/nfs/inode.c linux-3.0.4/fs/nfs/inode.c void nfs_fattr_init(struct nfs_fattr *fattr) diff -urNp linux-3.0.4/fs/nfsd/nfs4state.c linux-3.0.4/fs/nfsd/nfs4state.c ---- linux-3.0.4/fs/nfsd/nfs4state.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/fs/nfsd/nfs4state.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/fs/nfsd/nfs4state.c 2011-08-23 21:48:14.000000000 -0400 @@ -3794,6 +3794,8 @@ nfsd4_lock(struct svc_rqst *rqstp, struc unsigned int strhashval; @@ -41927,7 +42495,7 @@ diff -urNp linux-3.0.4/fs/ocfs2/symlink.c linux-3.0.4/fs/ocfs2/symlink.c } diff -urNp linux-3.0.4/fs/open.c linux-3.0.4/fs/open.c --- linux-3.0.4/fs/open.c 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/fs/open.c 2011-08-23 21:48:14.000000000 -0400 ++++ linux-3.0.4/fs/open.c 2011-09-14 09:16:46.000000000 -0400 @@ -112,6 +112,10 @@ static long do_sys_truncate(const char _ error = locks_verify_truncate(inode, NULL, length); if (!error) @@ -41972,18 +42540,13 @@ diff -urNp linux-3.0.4/fs/open.c linux-3.0.4/fs/open.c if (!error) set_fs_pwd(current->fs, &file->f_path); out_putf: -@@ -438,7 +454,18 @@ SYSCALL_DEFINE1(chroot, const char __use +@@ -438,7 +454,13 @@ SYSCALL_DEFINE1(chroot, const char __use if (error) goto dput_and_out; + if (gr_handle_chroot_chroot(path.dentry, path.mnt)) + goto dput_and_out; + -+ if (gr_handle_chroot_caps(&path)) { -+ error = -ENOMEM; -+ goto dput_and_out; -+ } -+ set_fs_root(current->fs, &path); + + gr_handle_chroot_chdir(&path); @@ -41991,7 +42554,7 @@ diff -urNp linux-3.0.4/fs/open.c linux-3.0.4/fs/open.c error = 0; dput_and_out: path_put(&path); -@@ -466,12 +493,25 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd +@@ -466,12 +488,25 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd err = mnt_want_write_file(file); if (err) goto out_putf; @@ -42017,7 +42580,7 @@ diff -urNp linux-3.0.4/fs/open.c linux-3.0.4/fs/open.c newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; err = notify_change(dentry, &newattrs); -@@ -499,12 +539,25 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons +@@ -499,12 +534,25 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons error = mnt_want_write(path.mnt); if (error) goto dput_and_out; @@ -42043,7 +42606,7 @@ diff -urNp linux-3.0.4/fs/open.c linux-3.0.4/fs/open.c newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; error = notify_change(path.dentry, &newattrs); -@@ -528,6 +581,9 @@ static int chown_common(struct path *pat +@@ -528,6 +576,9 @@ static int chown_common(struct path *pat int error; struct iattr newattrs; @@ -42053,7 +42616,7 @@ diff -urNp linux-3.0.4/fs/open.c linux-3.0.4/fs/open.c newattrs.ia_valid = ATTR_CTIME; if (user != (uid_t) -1) { newattrs.ia_valid |= ATTR_UID; -@@ -998,7 +1054,10 @@ long do_sys_open(int dfd, const char __u +@@ -998,7 +1049,10 @@ long do_sys_open(int dfd, const char __u if (!IS_ERR(tmp)) { fd = get_unused_fd_flags(flags); if (fd >= 0) { @@ -42338,8 +42901,8 @@ diff -urNp linux-3.0.4/fs/proc/array.c linux-3.0.4/fs/proc/array.c +} +#endif diff -urNp linux-3.0.4/fs/proc/base.c linux-3.0.4/fs/proc/base.c ---- linux-3.0.4/fs/proc/base.c 2011-08-23 21:44:40.000000000 -0400 -+++ linux-3.0.4/fs/proc/base.c 2011-08-23 21:48:14.000000000 -0400 +--- linux-3.0.4/fs/proc/base.c 2011-09-02 18:11:21.000000000 -0400 ++++ linux-3.0.4/fs/proc/base.c 2011-09-13 14:50:28.000000000 -0400 @@ -107,6 +107,22 @@ struct pid_entry { union proc_op op; }; @@ -42405,7 +42968,7 @@ diff -urNp linux-3.0.4/fs/proc/base.c linux-3.0.4/fs/proc/base.c + if (PAX_RAND_FLAGS(mm) && + (!(task->ptrace & PT_PTRACED) || (task->parent != current))) { + mmput(mm); -+ return res; ++ return 0; + } +#endif + @@ -48198,8 +48761,8 @@ diff -urNp linux-3.0.4/grsecurity/gracl.c linux-3.0.4/grsecurity/gracl.c + diff -urNp linux-3.0.4/grsecurity/gracl_cap.c linux-3.0.4/grsecurity/gracl_cap.c --- linux-3.0.4/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/grsecurity/gracl_cap.c 2011-08-23 21:48:14.000000000 -0400 -@@ -0,0 +1,139 @@ ++++ linux-3.0.4/grsecurity/gracl_cap.c 2011-09-14 09:21:24.000000000 -0400 +@@ -0,0 +1,101 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -48207,49 +48770,11 @@ diff -urNp linux-3.0.4/grsecurity/gracl_cap.c linux-3.0.4/grsecurity/gracl_cap.c +#include <linux/grsecurity.h> +#include <linux/grinternal.h> + -+static const char *captab_log[] = { -+ "CAP_CHOWN", -+ "CAP_DAC_OVERRIDE", -+ "CAP_DAC_READ_SEARCH", -+ "CAP_FOWNER", -+ "CAP_FSETID", -+ "CAP_KILL", -+ "CAP_SETGID", -+ "CAP_SETUID", -+ "CAP_SETPCAP", -+ "CAP_LINUX_IMMUTABLE", -+ "CAP_NET_BIND_SERVICE", -+ "CAP_NET_BROADCAST", -+ "CAP_NET_ADMIN", -+ "CAP_NET_RAW", -+ "CAP_IPC_LOCK", -+ "CAP_IPC_OWNER", -+ "CAP_SYS_MODULE", -+ "CAP_SYS_RAWIO", -+ "CAP_SYS_CHROOT", -+ "CAP_SYS_PTRACE", -+ "CAP_SYS_PACCT", -+ "CAP_SYS_ADMIN", -+ "CAP_SYS_BOOT", -+ "CAP_SYS_NICE", -+ "CAP_SYS_RESOURCE", -+ "CAP_SYS_TIME", -+ "CAP_SYS_TTY_CONFIG", -+ "CAP_MKNOD", -+ "CAP_LEASE", -+ "CAP_AUDIT_WRITE", -+ "CAP_AUDIT_CONTROL", -+ "CAP_SETFCAP", -+ "CAP_MAC_OVERRIDE", -+ "CAP_MAC_ADMIN", -+ "CAP_SYSLOG" -+}; -+ -+EXPORT_SYMBOL(gr_is_capable); -+EXPORT_SYMBOL(gr_is_capable_nolog); ++extern const char *captab_log[]; ++extern int captab_log_entries; + +int -+gr_is_capable(const int cap) ++gr_acl_is_capable(const int cap) +{ + struct task_struct *task = current; + const struct cred *cred = current_cred(); @@ -48301,13 +48826,13 @@ diff -urNp linux-3.0.4/grsecurity/gracl_cap.c linux-3.0.4/grsecurity/gracl_cap.c + return 1; + } + -+ if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap)) ++ if ((cap >= 0) && (cap < captab_log_entries) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap)) + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]); + return 0; +} + +int -+gr_is_capable_nolog(const int cap) ++gr_acl_is_capable_nolog(const int cap) +{ + struct acl_subject_label *curracl; + kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set; @@ -49814,8 +50339,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_chdir.c linux-3.0.4/grsecurity/grsec_chd +} diff -urNp linux-3.0.4/grsecurity/grsec_chroot.c linux-3.0.4/grsecurity/grsec_chroot.c --- linux-3.0.4/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/grsecurity/grsec_chroot.c 2011-08-23 21:48:14.000000000 -0400 -@@ -0,0 +1,349 @@ ++++ linux-3.0.4/grsecurity/grsec_chroot.c 2011-09-15 06:47:48.000000000 -0400 +@@ -0,0 +1,351 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -50096,33 +50621,39 @@ diff -urNp linux-3.0.4/grsecurity/grsec_chroot.c linux-3.0.4/grsecurity/grsec_ch + return 0; +} + ++extern const char *captab_log[]; ++extern int captab_log_entries; ++ +int -+gr_handle_chroot_caps(struct path *path) ++gr_chroot_is_capable(const int cap) +{ +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS -+ if (grsec_enable_chroot_caps && current->pid > 1 && current->fs != NULL && -+ (init_task.fs->root.dentry != path->dentry) && -+ (current->nsproxy->mnt_ns->root->mnt_root != path->dentry)) { -+ ++ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) { + kernel_cap_t chroot_caps = GR_CHROOT_CAPS; -+ const struct cred *old = current_cred(); -+ struct cred *new = prepare_creds(); -+ if (new == NULL) -+ return 1; -+ -+ new->cap_permitted = cap_drop(old->cap_permitted, -+ chroot_caps); -+ new->cap_inheritable = cap_drop(old->cap_inheritable, -+ chroot_caps); -+ new->cap_effective = cap_drop(old->cap_effective, -+ chroot_caps); -+ -+ commit_creds(new); ++ if (cap_raised(chroot_caps, cap)) { ++ const struct cred *creds = current_cred(); ++ if (cap_raised(creds->cap_effective, cap) && cap < captab_log_entries) { ++ gr_log_cap(GR_DONT_AUDIT, GR_CAP_CHROOT_MSG, current, captab_log[cap]); ++ } ++ return 0; ++ } ++ } ++#endif ++ return 1; ++} + -+ return 0; ++int ++gr_chroot_is_capable_nolog(const int cap) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS ++ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) { ++ kernel_cap_t chroot_caps = GR_CHROOT_CAPS; ++ if (cap_raised(chroot_caps, cap)) { ++ return 0; ++ } + } +#endif -+ return 0; ++ return 1; +} + +int @@ -50161,10 +50692,6 @@ diff -urNp linux-3.0.4/grsecurity/grsec_chroot.c linux-3.0.4/grsecurity/grsec_ch +#endif + return 0; +} -+ -+#ifdef CONFIG_SECURITY -+EXPORT_SYMBOL(gr_handle_chroot_caps); -+#endif diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_disabled.c --- linux-3.0.4/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.4/grsecurity/grsec_disabled.c 2011-08-23 21:48:14.000000000 -0400 @@ -50618,8 +51145,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_ +#endif diff -urNp linux-3.0.4/grsecurity/grsec_exec.c linux-3.0.4/grsecurity/grsec_exec.c --- linux-3.0.4/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/grsecurity/grsec_exec.c 2011-08-25 17:25:59.000000000 -0400 -@@ -0,0 +1,72 @@ ++++ linux-3.0.4/grsecurity/grsec_exec.c 2011-09-14 09:20:28.000000000 -0400 +@@ -0,0 +1,145 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/file.h> @@ -50630,6 +51157,7 @@ diff -urNp linux-3.0.4/grsecurity/grsec_exec.c linux-3.0.4/grsecurity/grsec_exec +#include <linux/grsecurity.h> +#include <linux/grinternal.h> +#include <linux/capability.h> ++#include <linux/module.h> + +#include <asm/uaccess.h> + @@ -50692,6 +51220,78 @@ diff -urNp linux-3.0.4/grsecurity/grsec_exec.c linux-3.0.4/grsecurity/grsec_exec +#endif + return; +} ++ ++#ifdef CONFIG_GRKERNSEC ++extern int gr_acl_is_capable(const int cap); ++extern int gr_acl_is_capable_nolog(const int cap); ++extern int gr_chroot_is_capable(const int cap); ++extern int gr_chroot_is_capable_nolog(const int cap); ++#endif ++ ++const char *captab_log[] = { ++ "CAP_CHOWN", ++ "CAP_DAC_OVERRIDE", ++ "CAP_DAC_READ_SEARCH", ++ "CAP_FOWNER", ++ "CAP_FSETID", ++ "CAP_KILL", ++ "CAP_SETGID", ++ "CAP_SETUID", ++ "CAP_SETPCAP", ++ "CAP_LINUX_IMMUTABLE", ++ "CAP_NET_BIND_SERVICE", ++ "CAP_NET_BROADCAST", ++ "CAP_NET_ADMIN", ++ "CAP_NET_RAW", ++ "CAP_IPC_LOCK", ++ "CAP_IPC_OWNER", ++ "CAP_SYS_MODULE", ++ "CAP_SYS_RAWIO", ++ "CAP_SYS_CHROOT", ++ "CAP_SYS_PTRACE", ++ "CAP_SYS_PACCT", ++ "CAP_SYS_ADMIN", ++ "CAP_SYS_BOOT", ++ "CAP_SYS_NICE", ++ "CAP_SYS_RESOURCE", ++ "CAP_SYS_TIME", ++ "CAP_SYS_TTY_CONFIG", ++ "CAP_MKNOD", ++ "CAP_LEASE", ++ "CAP_AUDIT_WRITE", ++ "CAP_AUDIT_CONTROL", ++ "CAP_SETFCAP", ++ "CAP_MAC_OVERRIDE", ++ "CAP_MAC_ADMIN", ++ "CAP_SYSLOG" ++}; ++ ++int captab_log_entries = sizeof(captab_log)/sizeof(captab_log[0]); ++ ++int gr_is_capable(const int cap) ++{ ++#ifdef CONFIG_GRKERNSEC ++ if (gr_acl_is_capable(cap) && gr_chroot_is_capable(cap)) ++ return 1; ++ return 0; ++#else ++ return 1; ++#endif ++} ++ ++int gr_is_capable_nolog(const int cap) ++{ ++#ifdef CONFIG_GRKERNSEC ++ if (gr_acl_is_capable_nolog(cap) && gr_chroot_is_capable_nolog(cap)) ++ return 1; ++ return 0; ++#else ++ return 1; ++#endif ++} ++ ++EXPORT_SYMBOL(gr_is_capable); ++EXPORT_SYMBOL(gr_is_capable_nolog); diff -urNp linux-3.0.4/grsecurity/grsec_fifo.c linux-3.0.4/grsecurity/grsec_fifo.c --- linux-3.0.4/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.4/grsecurity/grsec_fifo.c 2011-08-23 21:48:14.000000000 -0400 @@ -51069,8 +51669,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_link.c linux-3.0.4/grsecurity/grsec_link +} diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c --- linux-3.0.4/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/grsecurity/grsec_log.c 2011-08-23 21:48:14.000000000 -0400 -@@ -0,0 +1,310 @@ ++++ linux-3.0.4/grsecurity/grsec_log.c 2011-09-14 23:17:55.000000000 -0400 +@@ -0,0 +1,313 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/file.h> @@ -51123,20 +51723,23 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c + char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT; + char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt; + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf; ++ unsigned long curr_secs = get_seconds(); + + if (audit == GR_DO_AUDIT) + goto set_fmt; + -+ if (!grsec_alert_wtime || jiffies - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) { -+ grsec_alert_wtime = jiffies; ++ if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) { ++ grsec_alert_wtime = curr_secs; + grsec_alert_fyet = 0; -+ } else if ((jiffies - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { -+ grsec_alert_fyet++; -+ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { -+ grsec_alert_wtime = jiffies; -+ grsec_alert_fyet++; -+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); -+ return FLOODING; ++ } else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) { ++ if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) { ++ grsec_alert_fyet++; ++ } else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { ++ grsec_alert_wtime = curr_secs; ++ grsec_alert_fyet++; ++ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); ++ return FLOODING; ++ } + } else return FLOODING; + +set_fmt: @@ -52567,7 +53170,7 @@ diff -urNp linux-3.0.4/grsecurity/grsum.c linux-3.0.4/grsecurity/grsum.c +} diff -urNp linux-3.0.4/grsecurity/Kconfig linux-3.0.4/grsecurity/Kconfig --- linux-3.0.4/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/grsecurity/Kconfig 2011-08-25 17:25:34.000000000 -0400 ++++ linux-3.0.4/grsecurity/Kconfig 2011-09-15 00:00:57.000000000 -0400 @@ -0,0 +1,1038 @@ +# +# grecurity configuration @@ -53203,7 +53806,7 @@ diff -urNp linux-3.0.4/grsecurity/Kconfig linux-3.0.4/grsecurity/Kconfig + bool "Capability restrictions" + depends on GRKERNSEC_CHROOT + help -+ If you say Y here, the capabilities on all root processes within a ++ If you say Y here, the capabilities on all processes within a + chroot jail will be lowered to stop module insertion, raw i/o, + system and net admin tasks, rebooting the system, modifying immutable + files, modifying IPC owned by another, and changing the system time. @@ -53596,7 +54199,7 @@ diff -urNp linux-3.0.4/grsecurity/Kconfig linux-3.0.4/grsecurity/Kconfig + +config GRKERNSEC_FLOODBURST + int "Number of messages in a burst (maximum)" -+ default 4 ++ default 6 + help + This option allows you to choose the maximum number of messages allowed + within the flood time interval you chose in a separate option. The @@ -53609,8 +54212,8 @@ diff -urNp linux-3.0.4/grsecurity/Kconfig linux-3.0.4/grsecurity/Kconfig +endmenu diff -urNp linux-3.0.4/grsecurity/Makefile linux-3.0.4/grsecurity/Makefile --- linux-3.0.4/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/grsecurity/Makefile 2011-08-23 21:48:14.000000000 -0400 -@@ -0,0 +1,34 @@ ++++ linux-3.0.4/grsecurity/Makefile 2011-09-14 23:29:56.000000000 -0400 +@@ -0,0 +1,35 @@ +# grsecurity's ACL system was originally written in 2001 by Michael Dalton +# during 2001-2009 it has been completely redesigned by Brad Spengler +# into an RBAC system @@ -53642,6 +54245,7 @@ diff -urNp linux-3.0.4/grsecurity/Makefile linux-3.0.4/grsecurity/Makefile +$(obj)/grsec_hidesym.o: + @-chmod -f 500 /boot + @-chmod -f 500 /lib/modules ++ @-chmod -f 500 /lib64/modules + @-chmod -f 700 . + @echo ' grsec: protected kernel image paths' +endif @@ -55417,8 +56021,8 @@ diff -urNp linux-3.0.4/include/linux/grinternal.h linux-3.0.4/include/linux/grin +#endif diff -urNp linux-3.0.4/include/linux/grmsg.h linux-3.0.4/include/linux/grmsg.h --- linux-3.0.4/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/include/linux/grmsg.h 2011-08-25 17:27:26.000000000 -0400 -@@ -0,0 +1,107 @@ ++++ linux-3.0.4/include/linux/grmsg.h 2011-09-14 09:16:54.000000000 -0400 +@@ -0,0 +1,108 @@ +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " @@ -55511,6 +56115,7 @@ diff -urNp linux-3.0.4/include/linux/grmsg.h linux-3.0.4/include/linux/grmsg.h +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4" +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process " +#define GR_CAP_ACL_MSG "use of %s denied for " ++#define GR_CAP_CHROOT_MSG "use of %s in chroot denied for " +#define GR_CAP_ACL_MSG2 "use of %s permitted for " +#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for " +#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for " @@ -55528,8 +56133,8 @@ diff -urNp linux-3.0.4/include/linux/grmsg.h linux-3.0.4/include/linux/grmsg.h +#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by " diff -urNp linux-3.0.4/include/linux/grsecurity.h linux-3.0.4/include/linux/grsecurity.h --- linux-3.0.4/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/include/linux/grsecurity.h 2011-08-25 17:27:36.000000000 -0400 -@@ -0,0 +1,227 @@ ++++ linux-3.0.4/include/linux/grsecurity.h 2011-09-14 09:16:54.000000000 -0400 +@@ -0,0 +1,226 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -55594,7 +56199,6 @@ diff -urNp linux-3.0.4/include/linux/grsecurity.h linux-3.0.4/include/linux/grse +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt); +int gr_handle_chroot_chroot(const struct dentry *dentry, + const struct vfsmount *mnt); -+int gr_handle_chroot_caps(struct path *path); +void gr_handle_chroot_chdir(struct path *path); +int gr_handle_chroot_chmod(const struct dentry *dentry, + const struct vfsmount *mnt, const int mode); @@ -56060,7 +56664,7 @@ diff -urNp linux-3.0.4/include/linux/mfd/abx500.h linux-3.0.4/include/linux/mfd/ int abx500_register_ops(struct device *core_dev, struct abx500_ops *ops); void abx500_remove_ops(struct device *dev); diff -urNp linux-3.0.4/include/linux/mm.h linux-3.0.4/include/linux/mm.h ---- linux-3.0.4/include/linux/mm.h 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/include/linux/mm.h 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/include/linux/mm.h 2011-08-23 21:47:56.000000000 -0400 @@ -113,7 +113,14 @@ extern unsigned int kobjsize(const void @@ -56444,7 +57048,7 @@ diff -urNp linux-3.0.4/include/linux/namei.h linux-3.0.4/include/linux/namei.h return nd->saved_names[nd->depth]; } diff -urNp linux-3.0.4/include/linux/netdevice.h linux-3.0.4/include/linux/netdevice.h ---- linux-3.0.4/include/linux/netdevice.h 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/include/linux/netdevice.h 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/include/linux/netdevice.h 2011-08-23 21:47:56.000000000 -0400 @@ -979,6 +979,7 @@ struct net_device_ops { int (*ndo_set_features)(struct net_device *dev, @@ -56634,7 +57238,7 @@ diff -urNp linux-3.0.4/include/linux/ptrace.h linux-3.0.4/include/linux/ptrace.h static inline int ptrace_reparented(struct task_struct *child) { diff -urNp linux-3.0.4/include/linux/random.h linux-3.0.4/include/linux/random.h ---- linux-3.0.4/include/linux/random.h 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/include/linux/random.h 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/include/linux/random.h 2011-08-23 21:47:56.000000000 -0400 @@ -69,12 +69,17 @@ void srandom32(u32 seed); @@ -58580,7 +59184,7 @@ diff -urNp linux-3.0.4/ipc/msg.c linux-3.0.4/ipc/msg.c msg_params.flg = msgflg; diff -urNp linux-3.0.4/ipc/sem.c linux-3.0.4/ipc/sem.c ---- linux-3.0.4/ipc/sem.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/ipc/sem.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/ipc/sem.c 2011-08-23 21:48:14.000000000 -0400 @@ -318,10 +318,15 @@ static inline int sem_more_checks(struct return 0; @@ -59134,8 +59738,8 @@ diff -urNp linux-3.0.4/kernel/debug/kdb/kdb_main.c linux-3.0.4/kernel/debug/kdb/ #ifdef CONFIG_MODULE_UNLOAD { diff -urNp linux-3.0.4/kernel/events/core.c linux-3.0.4/kernel/events/core.c ---- linux-3.0.4/kernel/events/core.c 2011-08-23 21:44:40.000000000 -0400 -+++ linux-3.0.4/kernel/events/core.c 2011-08-23 21:47:56.000000000 -0400 +--- linux-3.0.4/kernel/events/core.c 2011-09-02 18:11:21.000000000 -0400 ++++ linux-3.0.4/kernel/events/core.c 2011-09-14 09:08:05.000000000 -0400 @@ -170,7 +170,7 @@ int perf_proc_update_handler(struct ctl_ return 0; } @@ -59193,6 +59797,21 @@ diff -urNp linux-3.0.4/kernel/events/core.c linux-3.0.4/kernel/events/core.c } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); +@@ -4833,12 +4833,12 @@ static void perf_event_mmap_event(struct + * need to add enough zero bytes after the string to handle + * the 64bit alignment we do later. + */ +- buf = kzalloc(PATH_MAX + sizeof(u64), GFP_KERNEL); ++ buf = kzalloc(PATH_MAX, GFP_KERNEL); + if (!buf) { + name = strncpy(tmp, "//enomem", sizeof(tmp)); + goto got_name; + } +- name = d_path(&file->f_path, buf, PATH_MAX); ++ name = d_path(&file->f_path, buf, PATH_MAX - sizeof(u64)); + if (IS_ERR(name)) { + name = strncpy(tmp, "//toolong", sizeof(tmp)); + goto got_name; @@ -6190,7 +6190,7 @@ perf_event_alloc(struct perf_event_attr event->parent = parent_event; @@ -59633,7 +60252,7 @@ diff -urNp linux-3.0.4/kernel/fork.c linux-3.0.4/kernel/fork.c else new_fs = fs; diff -urNp linux-3.0.4/kernel/futex.c linux-3.0.4/kernel/futex.c ---- linux-3.0.4/kernel/futex.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/kernel/futex.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/kernel/futex.c 2011-08-23 21:48:14.000000000 -0400 @@ -54,6 +54,7 @@ #include <linux/mount.h> @@ -61630,7 +62249,80 @@ diff -urNp linux-3.0.4/kernel/rcutorture.c linux-3.0.4/kernel/rcutorture.c per_cpu(rcu_torture_count, cpu)[i] = 0; diff -urNp linux-3.0.4/kernel/rcutree.c linux-3.0.4/kernel/rcutree.c --- linux-3.0.4/kernel/rcutree.c 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/kernel/rcutree.c 2011-08-23 21:47:56.000000000 -0400 ++++ linux-3.0.4/kernel/rcutree.c 2011-09-14 09:08:05.000000000 -0400 +@@ -356,9 +356,9 @@ void rcu_enter_nohz(void) + } + /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ + smp_mb__before_atomic_inc(); /* See above. */ +- atomic_inc(&rdtp->dynticks); ++ atomic_inc_unchecked(&rdtp->dynticks); + smp_mb__after_atomic_inc(); /* Force ordering with next sojourn. */ +- WARN_ON_ONCE(atomic_read(&rdtp->dynticks) & 0x1); ++ WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1); + local_irq_restore(flags); + + /* If the interrupt queued a callback, get out of dyntick mode. */ +@@ -387,10 +387,10 @@ void rcu_exit_nohz(void) + return; + } + smp_mb__before_atomic_inc(); /* Force ordering w/previous sojourn. */ +- atomic_inc(&rdtp->dynticks); ++ atomic_inc_unchecked(&rdtp->dynticks); + /* CPUs seeing atomic_inc() must see later RCU read-side crit sects */ + smp_mb__after_atomic_inc(); /* See above. */ +- WARN_ON_ONCE(!(atomic_read(&rdtp->dynticks) & 0x1)); ++ WARN_ON_ONCE(!(atomic_read_unchecked(&rdtp->dynticks) & 0x1)); + local_irq_restore(flags); + } + +@@ -406,14 +406,14 @@ void rcu_nmi_enter(void) + struct rcu_dynticks *rdtp = &__get_cpu_var(rcu_dynticks); + + if (rdtp->dynticks_nmi_nesting == 0 && +- (atomic_read(&rdtp->dynticks) & 0x1)) ++ (atomic_read_unchecked(&rdtp->dynticks) & 0x1)) + return; + rdtp->dynticks_nmi_nesting++; + smp_mb__before_atomic_inc(); /* Force delay from prior write. */ +- atomic_inc(&rdtp->dynticks); ++ atomic_inc_unchecked(&rdtp->dynticks); + /* CPUs seeing atomic_inc() must see later RCU read-side crit sects */ + smp_mb__after_atomic_inc(); /* See above. */ +- WARN_ON_ONCE(!(atomic_read(&rdtp->dynticks) & 0x1)); ++ WARN_ON_ONCE(!(atomic_read_unchecked(&rdtp->dynticks) & 0x1)); + } + + /** +@@ -432,9 +432,9 @@ void rcu_nmi_exit(void) + return; + /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ + smp_mb__before_atomic_inc(); /* See above. */ +- atomic_inc(&rdtp->dynticks); ++ atomic_inc_unchecked(&rdtp->dynticks); + smp_mb__after_atomic_inc(); /* Force delay to next write. */ +- WARN_ON_ONCE(atomic_read(&rdtp->dynticks) & 0x1); ++ WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1); + } + + /** +@@ -469,7 +469,7 @@ void rcu_irq_exit(void) + */ + static int dyntick_save_progress_counter(struct rcu_data *rdp) + { +- rdp->dynticks_snap = atomic_add_return(0, &rdp->dynticks->dynticks); ++ rdp->dynticks_snap = atomic_add_return_unchecked(0, &rdp->dynticks->dynticks); + return 0; + } + +@@ -484,7 +484,7 @@ static int rcu_implicit_dynticks_qs(stru + unsigned long curr; + unsigned long snap; + +- curr = (unsigned long)atomic_add_return(0, &rdp->dynticks->dynticks); ++ curr = (unsigned long)atomic_add_return_unchecked(0, &rdp->dynticks->dynticks); + snap = (unsigned long)rdp->dynticks_snap; + + /* @@ -1470,7 +1470,7 @@ __rcu_process_callbacks(struct rcu_state /* * Do softirq processing for the current CPU. @@ -61640,6 +62332,18 @@ diff -urNp linux-3.0.4/kernel/rcutree.c linux-3.0.4/kernel/rcutree.c { __rcu_process_callbacks(&rcu_sched_state, &__get_cpu_var(rcu_sched_data)); +diff -urNp linux-3.0.4/kernel/rcutree.h linux-3.0.4/kernel/rcutree.h +--- linux-3.0.4/kernel/rcutree.h 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/kernel/rcutree.h 2011-09-14 09:08:05.000000000 -0400 +@@ -86,7 +86,7 @@ + struct rcu_dynticks { + int dynticks_nesting; /* Track irq/process nesting level. */ + int dynticks_nmi_nesting; /* Track NMI nesting level. */ +- atomic_t dynticks; /* Even value for dynticks-idle, else odd. */ ++ atomic_unchecked_t dynticks; /* Even value for dynticks-idle, else odd. */ + }; + + /* RCU's kthread states for tracing. */ diff -urNp linux-3.0.4/kernel/rcutree_plugin.h linux-3.0.4/kernel/rcutree_plugin.h --- linux-3.0.4/kernel/rcutree_plugin.h 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/kernel/rcutree_plugin.h 2011-08-23 21:47:56.000000000 -0400 @@ -62123,7 +62827,7 @@ diff -urNp linux-3.0.4/kernel/softirq.c linux-3.0.4/kernel/softirq.c struct tasklet_struct *list; diff -urNp linux-3.0.4/kernel/sys.c linux-3.0.4/kernel/sys.c ---- linux-3.0.4/kernel/sys.c 2011-08-29 23:26:14.000000000 -0400 +--- linux-3.0.4/kernel/sys.c 2011-09-02 18:11:26.000000000 -0400 +++ linux-3.0.4/kernel/sys.c 2011-08-29 23:26:27.000000000 -0400 @@ -158,6 +158,12 @@ static int set_one_prio(struct task_stru error = -EACCES; @@ -62792,7 +63496,7 @@ diff -urNp linux-3.0.4/kernel/trace/trace.c linux-3.0.4/kernel/trace/trace.c struct dentry *d_tracer; diff -urNp linux-3.0.4/kernel/trace/trace_events.c linux-3.0.4/kernel/trace/trace_events.c ---- linux-3.0.4/kernel/trace/trace_events.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/kernel/trace/trace_events.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/kernel/trace/trace_events.c 2011-08-23 21:47:56.000000000 -0400 @@ -1318,10 +1318,6 @@ static LIST_HEAD(ftrace_module_file_list struct ftrace_module_file_ops { @@ -63140,8 +63844,8 @@ diff -urNp linux-3.0.4/localversion-grsec linux-3.0.4/localversion-grsec @@ -0,0 +1 @@ +-grsec diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile ---- linux-3.0.4/Makefile 2011-08-29 23:26:13.000000000 -0400 -+++ linux-3.0.4/Makefile 2011-09-01 17:26:49.000000000 -0400 +--- linux-3.0.4/Makefile 2011-09-02 18:11:26.000000000 -0400 ++++ linux-3.0.4/Makefile 2011-09-17 00:56:07.000000000 -0400 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" HOSTCC = gcc @@ -63167,24 +63871,34 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile KBUILD_AFLAGS_KERNEL := KBUILD_CFLAGS_KERNEL := KBUILD_AFLAGS := -D__ASSEMBLY__ -@@ -408,6 +411,7 @@ export RCS_TAR_IGNORE := --exclude SCCS +@@ -407,8 +410,8 @@ export RCS_TAR_IGNORE := --exclude SCCS + # Rules shared between *config targets and build targets # Basic helpers built in scripts/ - PHONY += scripts_basic -+scripts_basic: KBUILD_CFLAGS := $(filter-out $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN),$(KBUILD_CFLAGS)) - scripts_basic: +-PHONY += scripts_basic +-scripts_basic: ++PHONY += scripts_basic gcc-plugins ++scripts_basic: gcc-plugins $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +568,24 @@ else + +@@ -564,6 +567,31 @@ else KBUILD_CFLAGS += -O2 endif -+ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh $(HOSTCC)), y) ++ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y) +CONSTIFY_PLUGIN := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN ++ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++KERNEXEC_PLUGIN := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so ++endif ++ifdef CONFIG_KALLOCSTAT_PLUGIN ++KALLOCSTAT_PLUGIN := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so ++endif +ifdef CONFIG_PAX_MEMORY_STACKLEAK +STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100 +endif -+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN ++GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN) ++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN +gcc-plugins: + $(Q)$(MAKE) $(build)=tools/gcc +else @@ -63200,7 +63914,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +730,7 @@ export mod_strip_cmd +@@ -708,7 +736,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -63209,34 +63923,34 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -907,6 +929,8 @@ define rule_vmlinux-modpost +@@ -907,6 +935,8 @@ define rule_vmlinux-modpost endef # vmlinux image - including updated kernel symbols -+$(vmlinux-all): KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) ++$(vmlinux-all): KBUILD_CFLAGS += $(GCC_PLUGINS) +$(vmlinux-all): gcc-plugins vmlinux: $(vmlinux-lds) $(vmlinux-init) $(vmlinux-main) vmlinux.o $(kallsyms.o) FORCE ifdef CONFIG_HEADERS_CHECK $(Q)$(MAKE) -f $(srctree)/Makefile headers_check -@@ -941,7 +965,8 @@ $(sort $(vmlinux-init) $(vmlinux-main)) +@@ -941,7 +971,8 @@ $(sort $(vmlinux-init) $(vmlinux-main)) # Error messages still appears in the original language PHONY += $(vmlinux-dirs) -$(vmlinux-dirs): prepare scripts -+$(vmlinux-dirs): KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) ++$(vmlinux-dirs): KBUILD_CFLAGS += $(GCC_PLUGINS) +$(vmlinux-dirs): gcc-plugins prepare scripts $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -986,6 +1011,7 @@ prepare0: archprepare FORCE +@@ -986,6 +1017,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. missing-syscalls # All the preparing.. -+prepare: KBUILD_CFLAGS := $(filter-out $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN),$(KBUILD_CFLAGS)) ++prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS),$(KBUILD_CFLAGS)) prepare: prepare0 # Generate some files -@@ -1102,7 +1128,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu +@@ -1102,7 +1134,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu # Target to prepare building external modules PHONY += modules_prepare @@ -63245,7 +63959,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile # Target to install modules PHONY += modules_install -@@ -1198,7 +1224,7 @@ distclean: mrproper +@@ -1198,7 +1230,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -63254,26 +63968,26 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1359,6 +1385,7 @@ PHONY += $(module-dirs) modules +@@ -1359,6 +1391,7 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) -+modules: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) ++modules: KBUILD_CFLAGS += $(GCC_PLUGINS) modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1485,17 +1512,19 @@ else +@@ -1485,17 +1518,19 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif -%.s: %.c prepare scripts FORCE -+%.s: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) ++%.s: KBUILD_CFLAGS += $(GCC_PLUGINS) +%.s: %.c gcc-plugins prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.i: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -%.o: %.c prepare scripts FORCE -+%.o: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) ++%.o: KBUILD_CFLAGS += $(GCC_PLUGINS) +%.o: %.c gcc-plugins prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.lst: %.c prepare scripts FORCE @@ -63286,18 +64000,18 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1505,11 +1534,13 @@ endif +@@ -1505,11 +1540,13 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) -%/: prepare scripts FORCE -+%/: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) ++%/: KBUILD_CFLAGS += $(GCC_PLUGINS) +%/: gcc-plugins prepare scripts FORCE $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) -%.ko: prepare scripts FORCE -+%.ko: KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) ++%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS) +%.ko: gcc-plugins prepare scripts FORCE $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ @@ -63584,7 +64298,7 @@ diff -urNp linux-3.0.4/mm/madvise.c linux-3.0.4/mm/madvise.c if (end == start) goto out; diff -urNp linux-3.0.4/mm/memory.c linux-3.0.4/mm/memory.c ---- linux-3.0.4/mm/memory.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/mm/memory.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/mm/memory.c 2011-08-23 21:47:56.000000000 -0400 @@ -457,8 +457,12 @@ static inline void free_pmd_range(struct return; @@ -67084,7 +67798,7 @@ diff -urNp linux-3.0.4/mm/util.c linux-3.0.4/mm/util.c mm->unmap_area = arch_unmap_area; } diff -urNp linux-3.0.4/mm/vmalloc.c linux-3.0.4/mm/vmalloc.c ---- linux-3.0.4/mm/vmalloc.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/mm/vmalloc.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/mm/vmalloc.c 2011-08-23 21:47:56.000000000 -0400 @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, @@ -68157,7 +68871,7 @@ diff -urNp linux-3.0.4/net/ipv4/inet_diag.c linux-3.0.4/net/ipv4/inet_diag.c tmo = req->expires - jiffies; if (tmo < 0) diff -urNp linux-3.0.4/net/ipv4/inet_hashtables.c linux-3.0.4/net/ipv4/inet_hashtables.c ---- linux-3.0.4/net/ipv4/inet_hashtables.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/net/ipv4/inet_hashtables.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/net/ipv4/inet_hashtables.c 2011-08-23 21:55:24.000000000 -0400 @@ -18,12 +18,15 @@ #include <linux/sched.h> @@ -68185,7 +68899,7 @@ diff -urNp linux-3.0.4/net/ipv4/inet_hashtables.c linux-3.0.4/net/ipv4/inet_hash inet_twsk_deschedule(tw, death_row); while (twrefcnt) { diff -urNp linux-3.0.4/net/ipv4/inetpeer.c linux-3.0.4/net/ipv4/inetpeer.c ---- linux-3.0.4/net/ipv4/inetpeer.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/net/ipv4/inetpeer.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/net/ipv4/inetpeer.c 2011-08-23 21:48:14.000000000 -0400 @@ -481,6 +481,8 @@ struct inet_peer *inet_getpeer(struct in unsigned int sequence; @@ -68327,7 +69041,7 @@ diff -urNp linux-3.0.4/net/ipv4/raw.c linux-3.0.4/net/ipv4/raw.c static int raw_seq_show(struct seq_file *seq, void *v) diff -urNp linux-3.0.4/net/ipv4/route.c linux-3.0.4/net/ipv4/route.c ---- linux-3.0.4/net/ipv4/route.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/net/ipv4/route.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/net/ipv4/route.c 2011-08-23 21:47:56.000000000 -0400 @@ -304,7 +304,7 @@ static inline unsigned int rt_hash(__be3 @@ -68378,7 +69092,7 @@ diff -urNp linux-3.0.4/net/ipv4/tcp.c linux-3.0.4/net/ipv4/tcp.c return -EFAULT; diff -urNp linux-3.0.4/net/ipv4/tcp_ipv4.c linux-3.0.4/net/ipv4/tcp_ipv4.c ---- linux-3.0.4/net/ipv4/tcp_ipv4.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/net/ipv4/tcp_ipv4.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/net/ipv4/tcp_ipv4.c 2011-08-23 21:48:14.000000000 -0400 @@ -87,6 +87,9 @@ int sysctl_tcp_tw_reuse __read_mostly; int sysctl_tcp_low_latency __read_mostly; @@ -68808,7 +69522,7 @@ diff -urNp linux-3.0.4/net/ipv6/raw.c linux-3.0.4/net/ipv6/raw.c static int raw6_seq_show(struct seq_file *seq, void *v) diff -urNp linux-3.0.4/net/ipv6/tcp_ipv6.c linux-3.0.4/net/ipv6/tcp_ipv6.c ---- linux-3.0.4/net/ipv6/tcp_ipv6.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/net/ipv6/tcp_ipv6.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/net/ipv6/tcp_ipv6.c 2011-08-23 21:48:14.000000000 -0400 @@ -93,6 +93,10 @@ static struct tcp_md5sig_key *tcp_v6_md5 } @@ -68910,7 +69624,7 @@ diff -urNp linux-3.0.4/net/ipv6/tcp_ipv6.c linux-3.0.4/net/ipv6/tcp_ipv6.c static int tcp6_seq_show(struct seq_file *seq, void *v) diff -urNp linux-3.0.4/net/ipv6/udp.c linux-3.0.4/net/ipv6/udp.c ---- linux-3.0.4/net/ipv6/udp.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/net/ipv6/udp.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/net/ipv6/udp.c 2011-08-23 21:48:14.000000000 -0400 @@ -50,6 +50,10 @@ #include <linux/seq_file.h> @@ -69250,7 +69964,7 @@ diff -urNp linux-3.0.4/net/mac80211/ieee80211_i.h linux-3.0.4/net/mac80211/ieee8 /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff -urNp linux-3.0.4/net/mac80211/iface.c linux-3.0.4/net/mac80211/iface.c ---- linux-3.0.4/net/mac80211/iface.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/net/mac80211/iface.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/net/mac80211/iface.c 2011-08-23 21:47:56.000000000 -0400 @@ -211,7 +211,7 @@ static int ieee80211_do_open(struct net_ break; @@ -69319,7 +70033,7 @@ diff -urNp linux-3.0.4/net/mac80211/main.c linux-3.0.4/net/mac80211/main.c /* * Goal: diff -urNp linux-3.0.4/net/mac80211/mlme.c linux-3.0.4/net/mac80211/mlme.c ---- linux-3.0.4/net/mac80211/mlme.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/net/mac80211/mlme.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/net/mac80211/mlme.c 2011-08-23 21:48:14.000000000 -0400 @@ -1444,6 +1444,8 @@ static bool ieee80211_assoc_success(stru bool have_higher_than_11mbit = false; @@ -69439,7 +70153,7 @@ diff -urNp linux-3.0.4/net/netfilter/ipvs/ip_vs_core.c linux-3.0.4/net/netfilter if ((ipvs->sync_state & IP_VS_STATE_MASTER) && cp->protocol == IPPROTO_SCTP) { diff -urNp linux-3.0.4/net/netfilter/ipvs/ip_vs_ctl.c linux-3.0.4/net/netfilter/ipvs/ip_vs_ctl.c ---- linux-3.0.4/net/netfilter/ipvs/ip_vs_ctl.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/net/netfilter/ipvs/ip_vs_ctl.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/net/netfilter/ipvs/ip_vs_ctl.c 2011-08-23 21:48:14.000000000 -0400 @@ -782,7 +782,7 @@ __ip_vs_update_dest(struct ip_vs_service ip_vs_rs_hash(ipvs, dest); @@ -70287,7 +71001,7 @@ diff -urNp linux-3.0.4/net/sctp/socket.c linux-3.0.4/net/sctp/socket.c to += addrlen; cnt++; diff -urNp linux-3.0.4/net/socket.c linux-3.0.4/net/socket.c ---- linux-3.0.4/net/socket.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/net/socket.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/net/socket.c 2011-08-23 21:48:14.000000000 -0400 @@ -88,6 +88,7 @@ #include <linux/nsproxy.h> @@ -70894,10 +71608,10 @@ diff -urNp linux-3.0.4/scripts/basic/fixdep.c linux-3.0.4/scripts/basic/fixdep.c fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", diff -urNp linux-3.0.4/scripts/gcc-plugin.sh linux-3.0.4/scripts/gcc-plugin.sh --- linux-3.0.4/scripts/gcc-plugin.sh 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/scripts/gcc-plugin.sh 2011-08-31 18:39:25.000000000 -0400 ++++ linux-3.0.4/scripts/gcc-plugin.sh 2011-09-14 09:08:05.000000000 -0400 @@ -0,0 +1,2 @@ +#!/bin/sh -+echo "#include \"gcc-plugin.h\"\n#include \"rtl.h\"" | $* -x c -shared - -o /dev/null -I`$* -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y" ++echo "#include \"gcc-plugin.h\"\n#include \"rtl.h\"" | $1 -x c -shared - -o /dev/null -I`$2 -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y" diff -urNp linux-3.0.4/scripts/Makefile.build linux-3.0.4/scripts/Makefile.build --- linux-3.0.4/scripts/Makefile.build 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/scripts/Makefile.build 2011-08-23 21:47:56.000000000 -0400 @@ -71142,7 +71856,7 @@ diff -urNp linux-3.0.4/scripts/pnmtologo.c linux-3.0.4/scripts/pnmtologo.c write_hex_cnt = 0; for (i = 0; i < logo_clutsize; i++) { diff -urNp linux-3.0.4/security/apparmor/lsm.c linux-3.0.4/security/apparmor/lsm.c ---- linux-3.0.4/security/apparmor/lsm.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/security/apparmor/lsm.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/security/apparmor/lsm.c 2011-08-23 21:48:14.000000000 -0400 @@ -621,7 +621,7 @@ static int apparmor_task_setrlimit(struc return error; @@ -71241,8 +71955,8 @@ diff -urNp linux-3.0.4/security/integrity/ima/ima_queue.c linux-3.0.4/security/i return 0; diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig --- linux-3.0.4/security/Kconfig 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/security/Kconfig 2011-08-23 21:48:14.000000000 -0400 -@@ -4,6 +4,554 @@ ++++ linux-3.0.4/security/Kconfig 2011-09-17 00:58:04.000000000 -0400 +@@ -4,6 +4,558 @@ menu "Security options" @@ -71253,6 +71967,9 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig + config ARCH_TRACK_EXEC_LIMIT + bool + ++ config PAX_KERNEXEC_PLUGIN ++ bool ++ + config PAX_PER_CPU_PGD + bool + @@ -71563,6 +72280,7 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig + bool "Enforce non-executable kernel pages" + depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN + select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) ++ select PAX_KERNEXEC_PLUGIN if X86_64 + help + This is the kernel land equivalent of PAGEEXEC and MPROTECT, + that is, enabling this option will make it harder to inject @@ -71797,7 +72515,7 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig config KEYS bool "Enable access key retention support" help -@@ -167,7 +715,7 @@ config INTEL_TXT +@@ -167,7 +719,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -72351,7 +73069,7 @@ diff -urNp linux-3.0.4/sound/pci/ymfpci/ymfpci_main.c linux-3.0.4/sound/pci/ymfp chip->pci = pci; chip->irq = -1; diff -urNp linux-3.0.4/sound/soc/soc-core.c linux-3.0.4/sound/soc/soc-core.c ---- linux-3.0.4/sound/soc/soc-core.c 2011-08-23 21:44:40.000000000 -0400 +--- linux-3.0.4/sound/soc/soc-core.c 2011-09-02 18:11:21.000000000 -0400 +++ linux-3.0.4/sound/soc/soc-core.c 2011-08-23 21:47:56.000000000 -0400 @@ -1021,7 +1021,7 @@ static snd_pcm_uframes_t soc_pcm_pointer } @@ -72687,10 +73405,448 @@ diff -urNp linux-3.0.4/tools/gcc/constify_plugin.c linux-3.0.4/tools/gcc/constif + + return 0; +} +diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallocstat_plugin.c +--- linux-3.0.4/tools/gcc/kallocstat_plugin.c 1969-12-31 19:00:00.000000000 -0500 ++++ linux-3.0.4/tools/gcc/kallocstat_plugin.c 2011-09-17 00:53:44.000000000 -0400 +@@ -0,0 +1,165 @@ ++/* ++ * Copyright 2011 by the PaX Team <pageexec@freemail.hu> ++ * Licensed under the GPL v2 ++ * ++ * Note: the choice of the license means that the compilation process is ++ * NOT 'eligible' as defined by gcc's library exception to the GPL v3, ++ * but for the kernel it doesn't matter since it doesn't link against ++ * any of the gcc libraries ++ * ++ * gcc plugin to find the distribution of k*alloc sizes ++ * ++ * TODO: ++ * ++ * BUGS: ++ * - none known ++ */ ++#include "gcc-plugin.h" ++#include "config.h" ++#include "system.h" ++#include "coretypes.h" ++#include "tree.h" ++#include "tree-pass.h" ++#include "intl.h" ++#include "plugin-version.h" ++#include "tm.h" ++#include "toplev.h" ++#include "basic-block.h" ++#include "gimple.h" ++//#include "expr.h" where are you... ++#include "diagnostic.h" ++#include "rtl.h" ++#include "emit-rtl.h" ++#include "function.h" ++ ++extern void print_gimple_stmt(FILE *, gimple, int, int); ++ ++int plugin_is_GPL_compatible; ++ ++static const char * const kalloc_functions[] = { ++ "__kmalloc", ++ "kmalloc", ++ "kmalloc_large", ++ "kmalloc_node", ++ "kmalloc_order", ++ "kmalloc_order_trace", ++ "kmalloc_slab", ++ "kzalloc", ++ "kzalloc_node", ++}; ++ ++static struct plugin_info kallocstat_plugin_info = { ++ .version = "201109121100", ++}; ++ ++static unsigned int execute_kallocstat(void); ++ ++static struct gimple_opt_pass kallocstat_pass = { ++ .pass = { ++ .type = GIMPLE_PASS, ++ .name = "kallocstat", ++ .gate = NULL, ++ .execute = execute_kallocstat, ++ .sub = NULL, ++ .next = NULL, ++ .static_pass_number = 0, ++ .tv_id = TV_NONE, ++ .properties_required = 0, ++ .properties_provided = 0, ++ .properties_destroyed = 0, ++ .todo_flags_start = 0, ++ .todo_flags_finish = 0 ++ } ++}; ++ ++static bool is_kalloc(const char *fnname) ++{ ++ size_t i; ++ ++ for (i = 0; i < ARRAY_SIZE(kalloc_functions); i++) ++ if (!strcmp(fnname, kalloc_functions[i])) ++ return true; ++ return false; ++} ++ ++static unsigned int execute_kallocstat(void) ++{ ++ basic_block bb; ++ gimple_stmt_iterator gsi; ++ ++ // 1. loop through BBs and GIMPLE statements ++ FOR_EACH_BB(bb) { ++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { ++ // gimple match: ++ tree fndecl, size; ++ gimple call_stmt; ++ const char *fnname; ++ ++ // is it a call ++ call_stmt = gsi_stmt(gsi); ++ if (!is_gimple_call(call_stmt)) ++ continue; ++ fndecl = gimple_call_fndecl(call_stmt); ++ if (fndecl == NULL_TREE) ++ continue; ++ if (TREE_CODE(fndecl) != FUNCTION_DECL) ++ continue; ++ ++ // is it a call to k*alloc ++ fnname = IDENTIFIER_POINTER(DECL_NAME(fndecl)); ++ if (!is_kalloc(fnname)) ++ continue; ++ ++ // is the size arg the result of a simple const assignment ++ size = gimple_call_arg(call_stmt, 0); ++ while (true) { ++ gimple def_stmt; ++ expanded_location xloc; ++ size_t size_val; ++ ++ if (TREE_CODE(size) != SSA_NAME) ++ break; ++ def_stmt = SSA_NAME_DEF_STMT(size); ++ if (!def_stmt || !is_gimple_assign(def_stmt)) ++ break; ++ if (gimple_num_ops(def_stmt) != 2) ++ break; ++ size = gimple_assign_rhs1(def_stmt); ++ if (!TREE_CONSTANT(size)) ++ continue; ++ xloc = expand_location(gimple_location(def_stmt)); ++ if (!xloc.file) ++ xloc = expand_location(DECL_SOURCE_LOCATION(current_function_decl)); ++ size_val = TREE_INT_CST_LOW(size); ++ fprintf(stderr, "kallocsize: %8zu %8zx %s %s:%u\n", size_val, size_val, fnname, xloc.file, xloc.line); ++ break; ++ } ++//print_gimple_stmt(stderr, call_stmt, 0, TDF_LINENO); ++//debug_tree(gimple_call_fn(call_stmt)); ++//print_node(stderr, "pax", fndecl, 4); ++ } ++ } ++ ++ return 0; ++} ++ ++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) ++{ ++ const char * const plugin_name = plugin_info->base_name; ++ struct register_pass_info kallocstat_pass_info = { ++ .pass = &kallocstat_pass.pass, ++ .reference_pass_name = "ssa", ++ .ref_pass_instance_number = 0, ++ .pos_op = PASS_POS_INSERT_AFTER ++ }; ++ ++ if (!plugin_default_version_check(version, &gcc_version)) { ++ error(G_("incompatible gcc/plugin versions")); ++ return 1; ++ } ++ ++ register_callback(plugin_name, PLUGIN_INFO, NULL, &kallocstat_plugin_info); ++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kallocstat_pass_info); ++ ++ return 0; ++} +diff -urNp linux-3.0.4/tools/gcc/kernexec_plugin.c linux-3.0.4/tools/gcc/kernexec_plugin.c +--- linux-3.0.4/tools/gcc/kernexec_plugin.c 1969-12-31 19:00:00.000000000 -0500 ++++ linux-3.0.4/tools/gcc/kernexec_plugin.c 2011-09-19 09:16:58.000000000 -0400 +@@ -0,0 +1,265 @@ ++/* ++ * Copyright 2011 by the PaX Team <pageexec@freemail.hu> ++ * Licensed under the GPL v2 ++ * ++ * Note: the choice of the license means that the compilation process is ++ * NOT 'eligible' as defined by gcc's library exception to the GPL v3, ++ * but for the kernel it doesn't matter since it doesn't link against ++ * any of the gcc libraries ++ * ++ * gcc plugin to make KERNEXEC/amd64 almost as good as it is on i386 ++ * ++ * TODO: ++ * ++ * BUGS: ++ * - none known ++ */ ++#include "gcc-plugin.h" ++#include "config.h" ++#include "system.h" ++#include "coretypes.h" ++#include "tree.h" ++#include "tree-pass.h" ++#include "intl.h" ++#include "plugin-version.h" ++#include "tm.h" ++#include "toplev.h" ++#include "basic-block.h" ++#include "gimple.h" ++//#include "expr.h" where are you... ++#include "diagnostic.h" ++#include "rtl.h" ++#include "emit-rtl.h" ++#include "function.h" ++#include "tree-flow.h" ++ ++extern void print_gimple_stmt(FILE *, gimple, int, int); ++ ++int plugin_is_GPL_compatible; ++ ++static struct plugin_info kernexec_plugin_info = { ++ .version = "201109191200", ++}; ++ ++static unsigned int execute_kernexec_fptr(void); ++static unsigned int execute_kernexec_retaddr(void); ++ ++static struct gimple_opt_pass kernexec_fptr_pass = { ++ .pass = { ++ .type = GIMPLE_PASS, ++ .name = "kernexec_fptr", ++ .gate = NULL, ++ .execute = execute_kernexec_fptr, ++ .sub = NULL, ++ .next = NULL, ++ .static_pass_number = 0, ++ .tv_id = TV_NONE, ++ .properties_required = 0, ++ .properties_provided = 0, ++ .properties_destroyed = 0, ++ .todo_flags_start = 0, ++ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa_no_phi ++ } ++}; ++ ++static struct rtl_opt_pass kernexec_retaddr_pass = { ++ .pass = { ++ .type = RTL_PASS, ++ .name = "kernexec_retaddr", ++ .gate = NULL, ++ .execute = execute_kernexec_retaddr, ++ .sub = NULL, ++ .next = NULL, ++ .static_pass_number = 0, ++ .tv_id = TV_NONE, ++ .properties_required = 0, ++ .properties_provided = 0, ++ .properties_destroyed = 0, ++ .todo_flags_start = 0, ++ .todo_flags_finish = TODO_dump_func ++ } ++}; ++ ++/* ++ * add special KERNEXEC instrumentation: force MSB of fptr to 1, which will produce ++ * a non-canonical address from a userland ptr and will just trigger a GPF on dereference ++ */ ++static void kernexec_instrument_fptr(gimple_stmt_iterator gsi) ++{ ++ gimple assign_intptr, assign_new_fptr, call_stmt; ++ tree intptr, old_fptr, new_fptr, kernexec_mask; ++ ++ call_stmt = gsi_stmt(gsi); ++ old_fptr = gimple_call_fn(call_stmt); ++ ++ // create temporary unsigned long variable used for bitops and cast fptr to it ++ intptr = create_tmp_var(long_unsigned_type_node, NULL); ++ add_referenced_var(intptr); ++ mark_sym_for_renaming(intptr); ++ assign_intptr = gimple_build_assign(intptr, fold_convert(long_unsigned_type_node, old_fptr)); ++ update_stmt(assign_intptr); ++ gsi_insert_before(&gsi, assign_intptr, GSI_NEW_STMT); ++ ++ gsi_next(&gsi); ++ ++ // apply logical or to temporary unsigned long and bitmask ++ kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0x8000000000000000LL); ++// kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0xffffffff80000000LL); ++ assign_intptr = gimple_build_assign(intptr, fold_build2(BIT_IOR_EXPR, long_long_unsigned_type_node, intptr, kernexec_mask)); ++ update_stmt(assign_intptr); ++ gsi_insert_before(&gsi, assign_intptr, GSI_NEW_STMT); ++ ++ gsi_next(&gsi); ++ ++ // cast temporary unsigned long back to a temporary fptr variable ++ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), NULL); ++ add_referenced_var(new_fptr); ++ mark_sym_for_renaming(new_fptr); ++ assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr)); ++ update_stmt(assign_new_fptr); ++ gsi_insert_before(&gsi, assign_new_fptr, GSI_NEW_STMT); ++ ++ gsi_next(&gsi); ++ ++ // replace call stmt fn with the new fptr ++ gimple_call_set_fn(call_stmt, new_fptr); ++ update_stmt(call_stmt); ++} ++ ++/* ++ * find all C level function pointer dereferences and forcibly set the highest bit of the pointer ++ */ ++static unsigned int execute_kernexec_fptr(void) ++{ ++ basic_block bb; ++ gimple_stmt_iterator gsi; ++ ++ // 1. loop through BBs and GIMPLE statements ++ FOR_EACH_BB(bb) { ++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { ++ // gimple match: h_1 = get_fptr (); D.2709_3 = h_1 (x_2(D)); ++ tree fn; ++ gimple call_stmt; ++ ++ // is it a call ... ++ call_stmt = gsi_stmt(gsi); ++ if (!is_gimple_call(call_stmt)) ++ continue; ++ fn = gimple_call_fn(call_stmt); ++ if (TREE_CODE(fn) == ADDR_EXPR) ++ continue; ++ if (TREE_CODE(fn) != SSA_NAME) ++ gcc_unreachable(); ++ ++ // ... through a function pointer ++ fn = SSA_NAME_VAR(fn); ++ if (TREE_CODE(fn) != VAR_DECL && TREE_CODE(fn) != PARM_DECL) ++ continue; ++ fn = TREE_TYPE(fn); ++ if (TREE_CODE(fn) != POINTER_TYPE) ++ continue; ++ fn = TREE_TYPE(fn); ++ if (TREE_CODE(fn) != FUNCTION_TYPE) ++ continue; ++ ++ kernexec_instrument_fptr(gsi); ++ ++//debug_tree(gimple_call_fn(call_stmt)); ++//print_gimple_stmt(stderr, call_stmt, 0, TDF_LINENO); ++ } ++ } ++ ++ return 0; ++} ++ ++// add special KERNEXEC instrumentation: orb $0x80,7(%rsp) just before retn ++static void kernexec_instrument_retaddr(rtx insn) ++{ ++ rtx ret_addr, clob, or; ++ ++ start_sequence(); ++ ++ // compute 7(%rsp) ++ ret_addr = gen_rtx_MEM(QImode, gen_rtx_PLUS(Pmode, stack_pointer_rtx, GEN_INT(7))); ++ MEM_VOLATILE_P(ret_addr) = 1; ++ ++ // create orb $0x80,7(%rsp) ++ or = gen_rtx_SET(VOIDmode, ret_addr, gen_rtx_IOR(QImode, ret_addr, GEN_INT(0xffffffffffffff80))); ++ clob = gen_rtx_CLOBBER(VOIDmode, gen_rtx_REG(CCmode, FLAGS_REG)); ++ ++ // put everything together ++ or = emit_insn(gen_rtx_PARALLEL(VOIDmode, gen_rtvec(2, or, clob))); ++ RTX_FRAME_RELATED_P(or) = 1; ++ ++ end_sequence(); ++ ++ emit_insn_before(or, insn); ++} ++ ++/* ++ * find all asm level function returns and forcibly set the highest bit of the return address ++ */ ++static unsigned int execute_kernexec_retaddr(void) ++{ ++ rtx insn; ++ ++ // 1. find function returns ++ for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) { ++ // rtl match: (jump_insn 41 40 42 2 (return) fptr.c:42 634 {return_internal} (nil)) ++ // (jump_insn 12 9 11 2 (parallel [ (return) (unspec [ (0) ] UNSPEC_REP) ]) fptr.c:46 635 {return_internal_long} (nil)) ++ rtx body; ++ ++ // is it a retn ++ if (!JUMP_P(insn)) ++ continue; ++ body = PATTERN(insn); ++ if (GET_CODE(body) == PARALLEL) ++ body = XVECEXP(body, 0, 0); ++ if (GET_CODE(body) != RETURN) ++ continue; ++ kernexec_instrument_retaddr(insn); ++ } ++ ++// print_simple_rtl(stderr, get_insns()); ++// print_rtl(stderr, get_insns()); ++ ++ return 0; ++} ++ ++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) ++{ ++ const char * const plugin_name = plugin_info->base_name; ++ const int argc = plugin_info->argc; ++ const struct plugin_argument * const argv = plugin_info->argv; ++ int i; ++ struct register_pass_info kernexec_fptr_pass_info = { ++ .pass = &kernexec_fptr_pass.pass, ++ .reference_pass_name = "ssa", ++ .ref_pass_instance_number = 0, ++ .pos_op = PASS_POS_INSERT_AFTER ++ }; ++ struct register_pass_info kernexec_retaddr_pass_info = { ++ .pass = &kernexec_retaddr_pass.pass, ++ .reference_pass_name = "pro_and_epilogue", ++ .ref_pass_instance_number = 0, ++ .pos_op = PASS_POS_INSERT_AFTER ++ }; ++ ++ if (!plugin_default_version_check(version, &gcc_version)) { ++ error(G_("incompatible gcc/plugin versions")); ++ return 1; ++ } ++ ++ register_callback(plugin_name, PLUGIN_INFO, NULL, &kernexec_plugin_info); ++ ++ for (i = 0; i < argc; ++i) ++ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); ++ ++ if (TARGET_64BIT == 0 || ix86_cmodel != CM_KERNEL) ++ return 0; ++ ++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_fptr_pass_info); ++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_retaddr_pass_info); ++ ++ return 0; ++} diff -urNp linux-3.0.4/tools/gcc/Makefile linux-3.0.4/tools/gcc/Makefile --- linux-3.0.4/tools/gcc/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/tools/gcc/Makefile 2011-08-23 21:47:56.000000000 -0400 -@@ -0,0 +1,12 @@ ++++ linux-3.0.4/tools/gcc/Makefile 2011-09-17 00:53:44.000000000 -0400 +@@ -0,0 +1,14 @@ +#CC := gcc +#PLUGIN_SOURCE_FILES := pax_plugin.c +#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) @@ -72699,14 +73855,16 @@ diff -urNp linux-3.0.4/tools/gcc/Makefile linux-3.0.4/tools/gcc/Makefile + +HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include + -+hostlibs-y := stackleak_plugin.so constify_plugin.so ++hostlibs-y := stackleak_plugin.so constify_plugin.so kallocstat_plugin.so kernexec_plugin.so +always := $(hostlibs-y) +stackleak_plugin-objs := stackleak_plugin.o +constify_plugin-objs := constify_plugin.o ++kallocstat_plugin-objs := kallocstat_plugin.o ++kernexec_plugin-objs := kernexec_plugin.o diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackleak_plugin.c --- linux-3.0.4/tools/gcc/stackleak_plugin.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/tools/gcc/stackleak_plugin.c 2011-08-23 21:47:56.000000000 -0400 -@@ -0,0 +1,243 @@ ++++ linux-3.0.4/tools/gcc/stackleak_plugin.c 2011-09-17 00:53:44.000000000 -0400 +@@ -0,0 +1,251 @@ +/* + * Copyright 2011 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -72724,7 +73882,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl + * - initialize all local variables + * + * BUGS: -+ * - cloned functions are instrumented twice ++ * - none known + */ +#include "gcc-plugin.h" +#include "config.h" @@ -72751,7 +73909,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl +static bool init_locals; + +static struct plugin_info stackleak_plugin_info = { -+ .version = "201106030000", ++ .version = "201109112100", + .help = "track-lowest-sp=nn\ttrack sp in functions whose frame size is at least nn bytes\n" +// "initialize-locals\t\tforcibly initialize all stack frames\n" +}; @@ -72774,7 +73932,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl + .properties_provided = 0, + .properties_destroyed = 0, + .todo_flags_start = 0, //TODO_verify_ssa | TODO_verify_flow | TODO_verify_stmts, -+ .todo_flags_finish = TODO_verify_stmts // | TODO_dump_func ++ .todo_flags_finish = TODO_verify_stmts | TODO_dump_func + } +}; + @@ -72792,7 +73950,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl + .properties_provided = 0, + .properties_destroyed = 0, + .todo_flags_start = 0, -+ .todo_flags_finish = 0 ++ .todo_flags_finish = TODO_dump_func + } +}; + @@ -72804,13 +73962,13 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl +static void stackleak_add_instrumentation(gimple_stmt_iterator *gsi, bool before) +{ + gimple call; -+ tree decl, type; ++ tree fndecl, type; + + // insert call to void pax_track_stack(void) + type = build_function_type_list(void_type_node, NULL_TREE); -+ decl = build_fn_decl(track_function, type); -+ DECL_ASSEMBLER_NAME(decl); // for LTO -+ call = gimple_build_call(decl, 0); ++ fndecl = build_fn_decl(track_function, type); ++ DECL_ASSEMBLER_NAME(fndecl); // for LTO ++ call = gimple_build_call(fndecl, 0); + if (before) + gsi_insert_before(gsi, call, GSI_CONTINUE_LINKING); + else @@ -72819,40 +73977,46 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl + +static unsigned int execute_stackleak_tree_instrument(void) +{ -+ basic_block bb; ++ basic_block bb, entry_bb; + gimple_stmt_iterator gsi; ++ bool prologue_instrumented = false; ++ ++ entry_bb = ENTRY_BLOCK_PTR_FOR_FUNCTION(cfun)->next_bb; + + // 1. loop through BBs and GIMPLE statements + FOR_EACH_BB(bb) { + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { + // gimple match: align 8 built-in BUILT_IN_NORMAL:BUILT_IN_ALLOCA attributes <tree_list 0xb7576450> -+ tree decl; ++ tree fndecl; + gimple stmt = gsi_stmt(gsi); + + if (!is_gimple_call(stmt)) + continue; -+ decl = gimple_call_fndecl(stmt); -+ if (!decl) ++ fndecl = gimple_call_fndecl(stmt); ++ if (!fndecl) + continue; -+ if (TREE_CODE(decl) != FUNCTION_DECL) ++ if (TREE_CODE(fndecl) != FUNCTION_DECL) + continue; -+ if (!DECL_BUILT_IN(decl)) ++ if (!DECL_BUILT_IN(fndecl)) + continue; -+ if (DECL_BUILT_IN_CLASS(decl) != BUILT_IN_NORMAL) ++ if (DECL_BUILT_IN_CLASS(fndecl) != BUILT_IN_NORMAL) + continue; -+ if (DECL_FUNCTION_CODE(decl) != BUILT_IN_ALLOCA) ++ if (DECL_FUNCTION_CODE(fndecl) != BUILT_IN_ALLOCA) + continue; + + // 2. insert track call after each __builtin_alloca call + stackleak_add_instrumentation(&gsi, false); -+// print_node(stderr, "pax", decl, 4); ++ if (bb == entry_bb) ++ prologue_instrumented = true; ++// print_node(stderr, "pax", fndecl, 4); + } + } + + // 3. insert track call at the beginning -+ bb = ENTRY_BLOCK_PTR_FOR_FUNCTION(cfun)->next_bb; -+ gsi = gsi_start_bb(bb); -+ stackleak_add_instrumentation(&gsi, true); ++ if (!prologue_instrumented) { ++ gsi = gsi_start_bb(entry_bb); ++ stackleak_add_instrumentation(&gsi, true); ++ } + + return 0; +} @@ -72864,6 +74028,10 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl + if (cfun->calls_alloca) + return 0; + ++ // keep calls only if function frame is big enough ++ if (get_frame_size() >= track_frame_size) ++ return 0; ++ + // 1. find pax_track_stack calls + for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) { + // rtl match: (call_insn 8 7 9 3 (call (mem (symbol_ref ("pax_track_stack") [flags 0x41] <function_decl 0xb7470e80 pax_track_stack>) [0 S1 A8]) (4)) -1 (nil) (nil)) @@ -72883,9 +74051,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl + if (strcmp(XSTR(body, 0), track_function)) + continue; +// warning(0, "track_frame_size: %d %ld %d", cfun->calls_alloca, get_frame_size(), track_frame_size); -+ // 2. delete call if function frame is not big enough -+ if (get_frame_size() >= track_frame_size) -+ continue; ++ // 2. delete call + delete_insn_and_edges(insn); + } + diff --git a/main/linux-headers/APKBUILD b/main/linux-headers/APKBUILD index 536fb7827..472e08cdb 100644 --- a/main/linux-headers/APKBUILD +++ b/main/linux-headers/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=linux-headers -pkgver=2.6.38.2 -_kernver=2.6.38 +pkgver=3.0.4 +_kernver=3.0 pkgrel=0 pkgdesc="Linux system headers" url="http://kernel.org" @@ -42,5 +42,5 @@ package() { rm -rf "$pkgdir"/usr/include/drm } -md5sums="7d471477bfa67546f902da62227fa976 linux-2.6.38.tar.bz2 -599badab31c4920d4122133208c810d7 patch-2.6.38.2.bz2" +md5sums="398e95866794def22b12dfbc15ce89c0 linux-3.0.tar.bz2 +62ca5f3caed233617127b2b3b7a87d15 patch-3.0.4.bz2" diff --git a/main/lua-stdlib/APKBUILD b/main/lua-stdlib/APKBUILD index 685b1d1c9..f9115674e 100644 --- a/main/lua-stdlib/APKBUILD +++ b/main/lua-stdlib/APKBUILD @@ -1,29 +1,33 @@ # Maintainer: Natnae pkgname=lua-stdlib -pkgver=13 -pkgrel=1 +pkgver=24 +pkgrel=0 pkgdesc="Lua library of modules for common programming tasks" url="http://luaforge.net/projects/stdlib/" arch="noarch" license="MIT/X" depends= -makedepends= +makedepends="lua-dev" install= subpackages="$pkgname-doc" -source="http://luaforge.net/frs/download.php/4581/stdlib-13.tar.gz" +source="http://luaforge.net/frs/download.php/4847/lua-stdlib-24.zip" -_builddir="$srcdir"/stdlib +_builddir="$srcdir"/lua-stdlib-$pkgver _luashare=/usr/share/lua/5.1 build() { cd "$_builddir" + ./configure --prefix=/usr \ + --datadir="$_luashare" \ + || return 1 + make || return 1 } package() { cd "$_builddir" - install -d "$pkgdir"/$_luashare - install -m644 modules/*.lua "$pkgdir"/$_luashare/ - mkdir -p "$pkgdir"/usr/share/doc/$pkgname - install -m644 modules/*.html "$pkgdir"/usr/share/doc/$pkgname/ + make install DESTDIR="$pkgdir" || return 1 + mkdir -p "$pkgdir"/usr/share/doc/$pkgname || return 1 + cd "$_builddir"/src + cp -r files modules index.html "$pkgdir"/usr/share/doc/$pkgname/ } -md5sums="592cbfb622a0a9a7d8c6d7ca6657bc05 stdlib-13.tar.gz" +md5sums="f768ac3b793e8498e20906d19bf2ef48 lua-stdlib-24.zip" diff --git a/main/mysql/APKBUILD b/main/mysql/APKBUILD index 1c568521c..c54b4f5c1 100644 --- a/main/mysql/APKBUILD +++ b/main/mysql/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=mysql -pkgver=5.5.15 +pkgver=5.5.16 pkgrel=0 pkgdesc="A fast SQL database server" url="http://www.mysql.com/" @@ -13,7 +13,7 @@ depends="mysql-common" depends_dev="openssl-dev zlib-dev" makedepends="libtool readline-dev openssl-dev ncurses-dev zlib-dev cmake bison perl libaio-dev" source="ftp://mirror.switch.ch/mirror/mysql/Downloads/MySQL-5.5/mysql-$pkgver.tar.gz - 0001-prefer-dynamic-library.patch + mysql-prefer-dynamic-library.patch $pkgname.initd " subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-test:mytest @@ -187,6 +187,6 @@ bench() { mv "$pkgdir"/usr/share/sql-bench "$subpkgdir"/usr/share/ } -md5sums="306b5549c7bd72e8e705a890db0da82b mysql-5.5.15.tar.gz -4e07e045a3abcb457c9c148dfd929ed6 0001-prefer-dynamic-library.patch +md5sums="462ab3752dd666ec06ca32f92673b59e mysql-5.5.16.tar.gz +b2b038b1905fa5b80f6723d0ee2f811f mysql-prefer-dynamic-library.patch d46df8ab94cb5686862ff90c0a6bf707 mysql.initd" diff --git a/main/mysql/0001-prefer-dynamic-library.patch b/main/mysql/mysql-prefer-dynamic-library.patch index f2ff4da62..49435d1da 100644 --- a/main/mysql/0001-prefer-dynamic-library.patch +++ b/main/mysql/mysql-prefer-dynamic-library.patch @@ -1,21 +1,6 @@ -From 7c79a4adc72407b7265bc1508f6950d505ab1a17 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Fri, 1 Apr 2011 12:58:59 +0000 -Subject: [PATCH] prefer dynamic library - -we link to the dynamic library *and* the static so we get all used -symbols in the client apps. - -Linking to dynamic will make mysql client 300k instead of 3M ---- - client/CMakeLists.txt | 20 ++++++++++---------- - 1 files changed, 10 insertions(+), 10 deletions(-) - -diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt -index 80c5bbd..21c6a58 100644 ---- a/client/CMakeLists.txt -+++ b/client/CMakeLists.txt -@@ -28,41 +28,41 @@ INCLUDE_DIRECTORIES( +--- ./client/CMakeLists.txt.orig ++++ ./client/CMakeLists.txt +@@ -28,44 +28,44 @@ ADD_DEFINITIONS(${READLINE_DEFINES}) ADD_DEFINITIONS(${SSL_DEFINES}) MYSQL_ADD_EXECUTABLE(mysql completion_hash.cc mysql.cc readline.cc sql_string.cc) @@ -52,6 +37,10 @@ index 80c5bbd..21c6a58 100644 -TARGET_LINK_LIBRARIES(mysqlshow mysqlclient) +TARGET_LINK_LIBRARIES(mysqlshow libmysql mysqlclient) + MYSQL_ADD_EXECUTABLE(mysql_plugin mysql_plugin.c) +-TARGET_LINK_LIBRARIES(mysql_plugin mysqlclient) ++TARGET_LINK_LIBRARIES(mysql_plugin libmysql mysqlclient) + MYSQL_ADD_EXECUTABLE(mysqlbinlog mysqlbinlog.cc) -TARGET_LINK_LIBRARIES(mysqlbinlog mysqlclient) +TARGET_LINK_LIBRARIES(mysqlbinlog libmysql mysqlclient) @@ -67,6 +56,3 @@ index 80c5bbd..21c6a58 100644 # "WIN32" also covers 64 bit. "echo" is used in some files below "mysql-test/". IF(WIN32) --- -1.7.4.2 - diff --git a/main/orage/APKBUILD b/main/orage/APKBUILD index 16e88c394..ccfec0fe6 100644 --- a/main/orage/APKBUILD +++ b/main/orage/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=orage -pkgver=4.8.1 +pkgver=4.8.2 pkgrel=0 pkgdesc="A simple calendar application with reminders for Xfce" url="http://www.xfce.org/projects/orage/" @@ -32,4 +32,4 @@ package() { make DESTDIR="$pkgdir" install || return 1 } -md5sums="9c1139ce03e9f309240e712cf31b6a49 orage-4.8.1.tar.bz2" +md5sums="950397c716c31e1aa5db83d35ddf6047 orage-4.8.2.tar.bz2" diff --git a/main/ruby-rmagick/APKBUILD b/main/ruby-rmagick/APKBUILD index 53a4c61c2..976b03233 100644 --- a/main/ruby-rmagick/APKBUILD +++ b/main/ruby-rmagick/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Carlo Landmeter <clandmeter@alpinelinux.org> # Maintainer: pkgname=ruby-rmagick -_realname=rmagick +_gemname=rmagick pkgver=2.13.1 -pkgrel=0 +pkgrel=1 pkgdesc="Ruby ImageMagick interface" url="http://rmagick.rubyforge.org" arch="all" @@ -13,19 +13,27 @@ depends_dev="ruby-dev imagemagick-dev freetype-dev jpeg-dev zlib-dev" makedepends="$depends_dev ruby rubygems" install="" subpackages="" -source="" +source="http://gems.rubyforge.org/gems/$_gemname-$pkgver.gem" _builddir="$srcdir"/$_realname-$pkgver build() { - mkdir -p "$_builddir" || return 1 - local _gemdir="$(ruby -rubygems -e'puts Gem.default_dir')" - gem install $_realname -v $pkgver -i "$_builddir"$_gemdir \ - --ignore-dependencies --verbose \ - --no-rdoc --no-ri || return 1 - rm -rf "$_builddir"$_gemdir/cache/ + return 0 } package() { + local _gemdir="$(ruby -rubygems -e'puts Gem.default_dir')" + local _geminstdir=$_gemdir/gems/$_gemname-$pkgver + local _ruby_archdir=$(ruby -rrbconfig -e "puts Config::CONFIG['archdir']") mkdir -p "$pkgdir" || return 1 - cp -ra "$_builddir"/* "$pkgdir"/ || return 1 + mkdir -p "$pkgdir"/$_ruby_archdir || return 1 + + gem install --local --install-dir "$pkgdir"/$_gemdir \ + --ignore-dependencies --verbose --no-rdoc --no-ri \ + "$srcdir"/$_gemname-$pkgver.gem || return 1 + mv "$pkgdir"/$_geminstdir/lib/*.so "$pkgdir"/$_ruby_archdir/ + rm -rf "$pkgdir"/$_gemdir/cache \ + "$pkgdir"/$_geminstdir/ext \ + "$pkgdir"/$_geminstdir/.require_paths } + +md5sums="f528a83789c5abbe540b6227c08b2f5a rmagick-2.13.1.gem" diff --git a/main/ruby/APKBUILD b/main/ruby/APKBUILD index a7aabd970..cbbe23984 100644 --- a/main/ruby/APKBUILD +++ b/main/ruby/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=ruby -pkgver=1.8.7_p299 -_pkgver=1.8.7-p299 -pkgrel=2 +pkgver=1.8.7_p352 +_pkgver=${pkgver/_/-} +pkgrel=0 pkgdesc="An object-oriented language for quick and easy programming" url="http://www.ruby-lang.org/en/" arch="all" @@ -33,6 +33,9 @@ build() { # http://bugs.alpinelinux.org/issues/show/1 export CC=gcc + # ruby saves path to install. we want use $PATH + export INSTALL=install + ./configure --build=${CHOST:-i486-alpine-linux-uclibc} \ --prefix=/usr \ --sysconfdir=/etc \ @@ -53,4 +56,4 @@ package() { } -md5sums="244439a87d75ab24170a9c2b451ce351 ruby-1.8.7-p299.tar.bz2" +md5sums="0c61ea41d1b1183b219b9afe97f18f52 ruby-1.8.7-p352.tar.bz2" diff --git a/main/rubygems/APKBUILD b/main/rubygems/APKBUILD index 285ad7d08..054588dc6 100644 --- a/main/rubygems/APKBUILD +++ b/main/rubygems/APKBUILD @@ -2,10 +2,10 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=rubygems pkgver=1.3.5 -pkgrel=4 +pkgrel=5 pkgdesc="Ruby package manager" url="http://docs.rubygems.org" -arch="all" +arch="noarch" license="GPL" depends="ruby" makedepends="ruby" diff --git a/main/shotwell/APKBUILD b/main/shotwell/APKBUILD index dd34f78f7..c752749c8 100644 --- a/main/shotwell/APKBUILD +++ b/main/shotwell/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=shotwell -pkgver=0.11.1 +pkgver=0.11.2 pkgrel=0 pkgdesc="A digital photo organizer designed for the GNOME desktop environment" url="http://yorba.org/shotwell/" @@ -42,4 +42,4 @@ package() { make DESTDIR="$pkgdir" install || return 1 } -md5sums="e2c388bfce992b5437281c4fc29357d9 shotwell-0.11.1.tar.bz2" +md5sums="bbb479eaa4bbcf67d8ff454b406ed249 shotwell-0.11.2.tar.bz2" diff --git a/main/sqlite/APKBUILD b/main/sqlite/APKBUILD index 696295791..e7b6fb580 100644 --- a/main/sqlite/APKBUILD +++ b/main/sqlite/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=sqlite -pkgver=3.7.7.1 +pkgver=3.7.8 _a=${pkgver%%.*} _b=${pkgver#${_a}.} _b=${_b%%.*} @@ -74,5 +74,5 @@ package() { install -Dm644 ${srcdir}/license.txt ${pkgdir}/usr/share/licenses/${pkgname}/license.txt } -md5sums="554026fe7fac47b1cf61c18d5fe43419 sqlite-autoconf-3070701.tar.gz +md5sums="6bfb46d73caaa1bbbcd2b52184b6c542 sqlite-autoconf-3070800.tar.gz c1cdbc5544034d9012e421e75a5e4890 license.txt" diff --git a/main/tumbler/APKBUILD b/main/tumbler/APKBUILD index c1698b561..f8431e787 100644 --- a/main/tumbler/APKBUILD +++ b/main/tumbler/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=tumbler -pkgver=0.1.21 -pkgrel=1 +pkgver=0.1.22 +pkgrel=0 pkgdesc="D-Bus service for applications to request thumbnails" url="http://git.xfce.org/apps/tumbler/" arch="all" @@ -41,4 +41,4 @@ package() { find "$pkgdir" -name '*.la' -delete } -md5sums="2ef0d30750f95efe345de4655049d4f6 tumbler-0.1.21.tar.bz2" +md5sums="e7ba3b8f21f8f7e736f1e214906b4ca9 tumbler-0.1.22.tar.bz2" diff --git a/main/wget/APKBUILD b/main/wget/APKBUILD index e12adb41d..ff6a8582b 100644 --- a/main/wget/APKBUILD +++ b/main/wget/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=wget -pkgver=1.13.3 +pkgver=1.13.4 pkgrel=0 pkgdesc="A network utility to retrieve files from the Web" url="http://www.gnu.org/software/wget/wget.html" @@ -30,4 +30,4 @@ package() { make DESTDIR="$pkgdir" install } -md5sums="2524f82296d51ef444e96e3a28bb4fbb wget-1.13.3.tar.gz" +md5sums="1df489976a118b9cbe1b03502adbfc27 wget-1.13.4.tar.gz" diff --git a/main/xfce4-session/APKBUILD b/main/xfce4-session/APKBUILD index d79baa82b..218847912 100644 --- a/main/xfce4-session/APKBUILD +++ b/main/xfce4-session/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=xfce4-session -pkgver=4.8.1 -pkgrel=1 +pkgver=4.8.2 +pkgrel=0 pkgdesc="A session manager for Xfce" url="http://www.xfce.org/" arch="all" @@ -45,5 +45,5 @@ package() { find "$pkgdir" -name '*.la' -delete } -md5sums="478080ff666fdd36786a243829663efd xfce4-session-4.8.1.tar.bz2 +md5sums="48780cbcf784ab64debc9312f17765f2 xfce4-session-4.8.2.tar.bz2 bfd9132f08f4a92efbe982fb911c511c busybox-shutdown.patch" diff --git a/main/xfwm4/xfwm4.post-deinstall b/main/xfwm4/xfwm4.post-deinstall deleted file mode 120000 index 822a58d8c..000000000 --- a/main/xfwm4/xfwm4.post-deinstall +++ /dev/null @@ -1 +0,0 @@ -xfwm4.post-install
\ No newline at end of file diff --git a/main/xfwm4/xfwm4.post-install b/main/xfwm4/xfwm4.post-install deleted file mode 100644 index c523d78da..000000000 --- a/main/xfwm4/xfwm4.post-install +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -gtk-update-icon-cache -q -t -f usr/share/icons/hicolor - diff --git a/main/xfwm4/xfwm4.post-upgrade b/main/xfwm4/xfwm4.post-upgrade deleted file mode 120000 index 822a58d8c..000000000 --- a/main/xfwm4/xfwm4.post-upgrade +++ /dev/null @@ -1 +0,0 @@ -xfwm4.post-install
\ No newline at end of file diff --git a/testing/lxpolkit/APKBUILD b/testing/lxpolkit/APKBUILD new file mode 100644 index 000000000..b9a309e5e --- /dev/null +++ b/testing/lxpolkit/APKBUILD @@ -0,0 +1,44 @@ +# Contributor: Natanael Copa <ncopa@alpinelinux.org> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=lxpolkit +pkgver=0.1.0 +pkgrel=0 +pkgdesc="Simple PolicyKit authentication agent" +url="http://lxde.org/" +arch="all" +license="GPLv2+" +depends="" +makedepends="gtk+-dev polkit-dev" +install="" +subpackages="" +source="http://downloads.sourceforge.net/lxde/lxpolkit-$pkgver.tar.gz" + +_builddir="$srcdir"/lxpolkit-$pkgver +prepare() { + local i + cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} + +build() { + cd "$_builddir" + ./configure --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --localstatedir=/var \ + || return 1 + make || return 1 +} + +package() { + cd "$_builddir" + make DESTDIR="$pkgdir" INSTALL="install -p" install || return 1 + rm -f "$pkgdir"/usr/lib/*.la +} + +md5sums="2597b00035fe1d695219e0f9bfa8c26f lxpolkit-0.1.0.tar.gz" diff --git a/testing/lxsession/APKBUILD b/testing/lxsession/APKBUILD new file mode 100644 index 000000000..08c96c74f --- /dev/null +++ b/testing/lxsession/APKBUILD @@ -0,0 +1,44 @@ +# Contributor: Natanael Copa <ncopa@alpinelinux.org> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=lxsession +pkgver=0.4.5 +pkgrel=0 +pkgdesc="Lightweight X11 session manager" +url="http://lxde.sourceforge.net/" +arch="all" +license="GPLv2+" +depends="" +makedepends="gtk+-dev dbus-glib-dev" +install="" +subpackages="$pkgname-doc" +source="http://downloads.sourceforge.net/sourceforge/lxde/lxsession-$pkgver.tar.gz" + +_builddir="$srcdir"/lxsession-$pkgver +prepare() { + local i + cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} + +build() { + cd "$_builddir" + ./configure --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --localstatedir=/var \ + || return 1 + make || return 1 +} + +package() { + cd "$_builddir" + make DESTDIR="$pkgdir" install || return 1 + rm -f "$pkgdir"/usr/lib/*.la +} + +md5sums="d5cd0cb733748191b2c7371c9efda155 lxsession-0.4.5.tar.gz" diff --git a/testing/rsyslog/APKBUILD b/testing/rsyslog/APKBUILD index fdf9c7b07..c0335e9fd 100644 --- a/testing/rsyslog/APKBUILD +++ b/testing/rsyslog/APKBUILD @@ -1,8 +1,8 @@ # Contributor: cbanta@gmail.com # Maintainer: cbanta@gmail.com pkgname=rsyslog -pkgver=5.8.0 -pkgrel=1 +pkgver=5.8.5 +pkgrel=0 pkgdesc="Enhanced multi-threaded syslogd with database support and more." url="http://www.rsyslog.com/" arch="all" @@ -79,7 +79,7 @@ snmp() { mv "$pkgdir"/usr/lib/rsyslog/omsnmp.so "$subpkgdir"/usr/lib/rsyslog/ } -md5sums="37562d0e71a24938a9ed7f242bd32d35 rsyslog-5.8.0.tar.gz +md5sums="a73cb577cb4bc5b9c8f0d217eb054ad2 rsyslog-5.8.5.tar.gz 06f6e1ef8a05d3b6b49c06b0b99d3064 rsyslog.initd 0a0aef98f677364e6178c34274df7723 rsyslog.confd bc43debc9ffdf66bc1409025fd3d1176 rsyslog.logrotate |