diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2011-05-18 11:40:10 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2011-05-18 11:41:38 +0000 |
| commit | 8cfe285d1c25851a791884237ba2063328959754 (patch) | |
| tree | 4e2409102c536c673325e0f26a9153c5d16619d7 | |
| parent | efbec8b1c77865b6162ea57c36dc81119626281d (diff) | |
| download | aports-8cfe285d1c25851a791884237ba2063328959754.tar.bz2 aports-8cfe285d1c25851a791884237ba2063328959754.tar.xz | |
testing/linux-grsec: upgrade to grsecurity-2.2.2-2.6.38.6-201105171931
| -rw-r--r-- | testing/linux-grsec/APKBUILD | 10 | ||||
| -rw-r--r-- | testing/linux-grsec/grsecurity-2.2.2-2.6.38.6-201105171931.patch (renamed from testing/linux-grsec/grsecurity-2.2.2-2.6.38.6-201105111839.patch) | 3633 | ||||
| -rw-r--r-- | testing/linux-grsec/pax_track_stack.patch | 10 |
3 files changed, 3295 insertions, 358 deletions
diff --git a/testing/linux-grsec/APKBUILD b/testing/linux-grsec/APKBUILD index d5d10502e..71a4f37e1 100644 --- a/testing/linux-grsec/APKBUILD +++ b/testing/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=2.6.38.6 _kernver=2.6.38 -pkgrel=1 +pkgrel=2 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -14,7 +14,8 @@ _config=${config:-kernelconfig.${CARCH}} install= source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 - grsecurity-2.2.2-2.6.38.6-201105111839.patch + grsecurity-2.2.2-2.6.38.6-201105171931.patch + pax_track_stack.patch 0004-arp-flush-arp-cache-on-device-change.patch net-gre-provide-multicast-mappings-for-ipv4-and-ipv6.patch @@ -23,7 +24,7 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 kernelconfig.x86_64 " subpackages="$pkgname-dev" -arch="x86 arm" +arch="x86 x86_64 arm" license="GPL-2" _abi_release=${pkgver}-${_flavor} @@ -138,7 +139,8 @@ dev() { md5sums="7d471477bfa67546f902da62227fa976 linux-2.6.38.tar.bz2 527fab8162c682ad849eb21fc30d28ef patch-2.6.38.6.bz2 -a43f9eec728708af59fa08ed0e0f3391 grsecurity-2.2.2-2.6.38.6-201105111839.patch +39e6e86e7b2534975f68914a8b022ba1 grsecurity-2.2.2-2.6.38.6-201105171931.patch +137fe947ed6b482ab7689f3bf7dfcffc pax_track_stack.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch aa1b82da0cabfb41c5e6da5bddf60bab net-gre-provide-multicast-mappings-for-ipv4-and-ipv6.patch ac8deebf46b61ae9dc041a013a5b80d4 kernelconfig.x86 diff --git a/testing/linux-grsec/grsecurity-2.2.2-2.6.38.6-201105111839.patch b/testing/linux-grsec/grsecurity-2.2.2-2.6.38.6-201105171931.patch index 20cbc551e..d61a414c2 100644 --- a/testing/linux-grsec/grsecurity-2.2.2-2.6.38.6-201105111839.patch +++ b/testing/linux-grsec/grsecurity-2.2.2-2.6.38.6-201105171931.patch @@ -3780,6 +3780,18 @@ diff -urNp linux-2.6.38.6/arch/sparc/include/asm/atomic_64.h linux-2.6.38.6/arch } #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) +diff -urNp linux-2.6.38.6/arch/sparc/include/asm/cache.h linux-2.6.38.6/arch/sparc/include/asm/cache.h +--- linux-2.6.38.6/arch/sparc/include/asm/cache.h 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/arch/sparc/include/asm/cache.h 2011-05-17 19:31:43.000000000 -0400 +@@ -10,7 +10,7 @@ + #define ARCH_SLAB_MINALIGN __alignof__(unsigned long long) + + #define L1_CACHE_SHIFT 5 +-#define L1_CACHE_BYTES 32 ++#define L1_CACHE_BYTES 32U + + #ifdef CONFIG_SPARC32 + #define SMP_CACHE_BYTES_SHIFT 5 diff -urNp linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h --- linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h 2011-04-28 19:34:14.000000000 -0400 @@ -4861,6 +4873,18 @@ diff -urNp linux-2.6.38.6/arch/sparc/lib/ksyms.c linux-2.6.38.6/arch/sparc/lib/k EXPORT_SYMBOL(atomic64_sub_ret); /* Atomic bit operations. */ +diff -urNp linux-2.6.38.6/arch/sparc/lib/Makefile linux-2.6.38.6/arch/sparc/lib/Makefile +--- linux-2.6.38.6/arch/sparc/lib/Makefile 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/arch/sparc/lib/Makefile 2011-05-17 19:31:43.000000000 -0400 +@@ -2,7 +2,7 @@ + # + + asflags-y := -ansi -DST_DIV0=0x02 +-ccflags-y := -Werror ++#ccflags-y := -Werror + + lib-$(CONFIG_SPARC32) += mul.o rem.o sdiv.o udiv.o umul.o urem.o ashrdi3.o + lib-$(CONFIG_SPARC32) += memcpy.o memset.o diff -urNp linux-2.6.38.6/arch/sparc/Makefile linux-2.6.38.6/arch/sparc/Makefile --- linux-2.6.38.6/arch/sparc/Makefile 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/arch/sparc/Makefile 2011-04-28 19:34:14.000000000 -0400 @@ -6362,7 +6386,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32_aout.c linux-2.6.38.6/arch/x86/ia32 has_dumped = 1; diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S linux-2.6.38.6/arch/x86/ia32/ia32entry.S --- linux-2.6.38.6/arch/x86/ia32/ia32entry.S 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/ia32/ia32entry.S 2011-05-11 18:34:57.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/ia32/ia32entry.S 2011-05-16 21:47:08.000000000 -0400 @@ -13,6 +13,7 @@ #include <asm/thread_info.h> #include <asm/segment.h> @@ -6371,7 +6395,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S linux-2.6.38.6/arch/x86/ia32 #include <linux/linkage.h> /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ -@@ -93,6 +94,28 @@ ENTRY(native_irq_enable_sysexit) +@@ -93,6 +94,26 @@ ENTRY(native_irq_enable_sysexit) ENDPROC(native_irq_enable_sysexit) #endif @@ -6386,21 +6410,19 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S linux-2.6.38.6/arch/x86/ia32 + call pax_exit_kernel_user +#endif +#ifdef CONFIG_PAX_RANDKSTACK -+ push %rax ++ pushq %rax + call pax_randomize_kstack -+ pop %rax ++ popq %rax +#endif +#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+ push %rax + call pax_erase_kstack -+ pop %rax +#endif + .endm + /* * 32bit SYSENTER instruction entry. * -@@ -119,7 +142,7 @@ ENTRY(ia32_sysenter_target) +@@ -119,7 +140,7 @@ ENTRY(ia32_sysenter_target) CFI_REGISTER rsp,rbp SWAPGS_UNSAFE_STACK movq PER_CPU_VAR(kernel_stack), %rsp @@ -6409,7 +6431,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S linux-2.6.38.6/arch/x86/ia32 /* * No need to follow this irqs on/off section: the syscall * disabled irqs, here we enable it straight after entry: -@@ -135,7 +158,8 @@ ENTRY(ia32_sysenter_target) +@@ -135,7 +156,8 @@ ENTRY(ia32_sysenter_target) pushfq CFI_ADJUST_CFA_OFFSET 8 /*CFI_REL_OFFSET rflags,0*/ @@ -6419,7 +6441,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S linux-2.6.38.6/arch/x86/ia32 CFI_REGISTER rip,r10 pushq $__USER32_CS CFI_ADJUST_CFA_OFFSET 8 -@@ -150,6 +174,12 @@ ENTRY(ia32_sysenter_target) +@@ -150,6 +172,12 @@ ENTRY(ia32_sysenter_target) SAVE_ARGS 0,0,1 /* no need to do an access_ok check here because rbp has been 32bit zero extended */ @@ -6432,7 +6454,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S linux-2.6.38.6/arch/x86/ia32 1: movl (%rbp),%ebp .section __ex_table,"a" .quad 1b,ia32_badarg -@@ -172,6 +202,7 @@ sysenter_dispatch: +@@ -172,6 +200,7 @@ sysenter_dispatch: testl $_TIF_ALLWORK_MASK,TI_flags(%r10) jnz sysexit_audit sysexit_from_sys_call: @@ -6440,7 +6462,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S linux-2.6.38.6/arch/x86/ia32 andl $~TS_COMPAT,TI_status(%r10) /* clear IF, that popfq doesn't enable interrupts early */ andl $~0x200,EFLAGS-R11(%rsp) -@@ -283,19 +314,24 @@ ENDPROC(ia32_sysenter_target) +@@ -283,19 +312,24 @@ ENDPROC(ia32_sysenter_target) ENTRY(ia32_cstar_target) CFI_STARTPROC32 simple CFI_SIGNAL_FRAME @@ -6467,7 +6489,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S linux-2.6.38.6/arch/x86/ia32 movl %eax,%eax /* zero extension */ movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) -@@ -311,6 +347,12 @@ ENTRY(ia32_cstar_target) +@@ -311,6 +345,12 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */ /* hardware stack frame is complete now */ @@ -6480,7 +6502,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S linux-2.6.38.6/arch/x86/ia32 1: movl (%r8),%r9d .section __ex_table,"a" .quad 1b,ia32_badarg -@@ -333,6 +375,7 @@ cstar_dispatch: +@@ -333,6 +373,7 @@ cstar_dispatch: testl $_TIF_ALLWORK_MASK,TI_flags(%r10) jnz sysretl_audit sysretl_from_sys_call: @@ -6488,7 +6510,7 @@ diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S linux-2.6.38.6/arch/x86/ia32 andl $~TS_COMPAT,TI_status(%r10) RESTORE_ARGS 1,-ARG_SKIP,1,1,1 movl RIP-ARGOFFSET(%rsp),%ecx -@@ -415,6 +458,7 @@ ENTRY(ia32_syscall) +@@ -415,6 +456,7 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS @@ -6735,7 +6757,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/atomic64_32.h linux-2.6.38.6/arch * @v: pointer to type atomic64_t diff -urNp linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h --- linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h 2011-04-28 19:34:14.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h 2011-05-16 21:47:08.000000000 -0400 @@ -18,7 +18,19 @@ */ static inline long atomic64_read(const atomic64_t *v) @@ -7010,7 +7032,19 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h linux-2.6.38.6/arch #define atomic64_dec_return(v) (atomic64_sub_return(1, (v))) static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new) -@@ -206,17 +380,30 @@ static inline long atomic64_xchg(atomic6 +@@ -190,6 +364,11 @@ static inline long atomic64_cmpxchg(atom + return cmpxchg(&v->counter, old, new); + } + ++static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old, long new) ++{ ++ return cmpxchg(&v->counter, old, new); ++} ++ + static inline long atomic64_xchg(atomic64_t *v, long new) + { + return xchg(&v->counter, new); +@@ -206,17 +385,30 @@ static inline long atomic64_xchg(atomic6 */ static inline int atomic64_add_unless(atomic64_t *v, long a, long u) { @@ -9689,7 +9723,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/system.h linux-2.6.38.6/arch/x86/ void default_idle(void); diff -urNp linux-2.6.38.6/arch/x86/include/asm/thread_info.h linux-2.6.38.6/arch/x86/include/asm/thread_info.h --- linux-2.6.38.6/arch/x86/include/asm/thread_info.h 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/include/asm/thread_info.h 2011-04-30 19:58:48.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/include/asm/thread_info.h 2011-05-17 19:31:43.000000000 -0400 @@ -10,6 +10,7 @@ #include <linux/compiler.h> #include <asm/page.h> @@ -9706,7 +9740,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/thread_info.h linux-2.6.38.6/arch struct exec_domain *exec_domain; /* execution domain */ __u32 flags; /* low level flags */ __u32 status; /* thread synchronous flags */ -@@ -34,18 +34,11 @@ struct thread_info { +@@ -34,18 +34,12 @@ struct thread_info { mm_segment_t addr_limit; struct restart_block restart_block; void __user *sysenter_return; @@ -9716,6 +9750,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/thread_info.h linux-2.6.38.6/arch - */ - __u8 supervisor_stack[0]; -#endif ++ unsigned long lowest_stack; int uaccess_err; }; @@ -9726,7 +9761,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/thread_info.h linux-2.6.38.6/arch .exec_domain = &default_exec_domain, \ .flags = 0, \ .cpu = 0, \ -@@ -56,7 +49,7 @@ struct thread_info { +@@ -56,7 +50,7 @@ struct thread_info { }, \ } @@ -9735,7 +9770,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/thread_info.h linux-2.6.38.6/arch #define init_stack (init_thread_union.stack) #else /* !__ASSEMBLY__ */ -@@ -164,6 +157,23 @@ struct thread_info { +@@ -164,6 +158,23 @@ struct thread_info { #define alloc_thread_info(tsk) \ ((struct thread_info *)__get_free_pages(THREAD_FLAGS, THREAD_ORDER)) @@ -9759,7 +9794,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/thread_info.h linux-2.6.38.6/arch #ifdef CONFIG_X86_32 #define STACK_WARN (THREAD_SIZE/8) -@@ -174,35 +184,13 @@ struct thread_info { +@@ -174,35 +185,13 @@ struct thread_info { */ #ifndef __ASSEMBLY__ @@ -9795,7 +9830,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/thread_info.h linux-2.6.38.6/arch /* * macros/functions for gaining access to the thread information structure * preempt_count needs to be 1 initially, until the scheduler is functional. -@@ -210,21 +198,6 @@ static inline struct thread_info *curren +@@ -210,21 +199,8 @@ static inline struct thread_info *curren #ifndef __ASSEMBLY__ DECLARE_PER_CPU(unsigned long, kernel_stack); @@ -9814,10 +9849,12 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/thread_info.h linux-2.6.38.6/arch - movq PER_CPU_VAR(kernel_stack),reg ; \ - subq $(THREAD_SIZE-KERNEL_STACK_OFFSET),reg - ++/* how to get the current stack pointer from C */ ++register unsigned long current_stack_pointer asm("rsp") __used; #endif #endif /* !X86_32 */ -@@ -260,5 +233,16 @@ extern void arch_task_cache_init(void); +@@ -260,5 +236,16 @@ extern void arch_task_cache_init(void); extern void free_thread_info(struct thread_info *ti); extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src); #define arch_task_cache_init arch_task_cache_init @@ -9836,18 +9873,20 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/thread_info.h linux-2.6.38.6/arch #endif /* _ASM_X86_THREAD_INFO_H */ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h --- linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h 2011-04-28 19:34:14.000000000 -0400 -@@ -44,6 +44,9 @@ unsigned long __must_check __copy_from_u ++++ linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h 2011-05-16 21:47:08.000000000 -0400 +@@ -44,6 +44,11 @@ unsigned long __must_check __copy_from_u static __always_inline unsigned long __must_check __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) { ++ pax_track_stack(); ++ + if ((long)n < 0) + return n; + if (__builtin_constant_p(n)) { unsigned long ret; -@@ -62,6 +65,8 @@ __copy_to_user_inatomic(void __user *to, +@@ -62,6 +67,8 @@ __copy_to_user_inatomic(void __user *to, return ret; } } @@ -9856,7 +9895,14 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h linux-2.6.38.6/arch/ return __copy_to_user_ll(to, from, n); } -@@ -89,6 +94,9 @@ __copy_to_user(void __user *to, const vo +@@ -83,12 +90,16 @@ static __always_inline unsigned long __m + __copy_to_user(void __user *to, const void *from, unsigned long n) + { + might_fault(); ++ + return __copy_to_user_inatomic(to, from, n); + } + static __always_inline unsigned long __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) { @@ -9866,18 +9912,20 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h linux-2.6.38.6/arch/ /* Avoid zeroing the tail if the copy fails.. * If 'n' is constant and 1, 2, or 4, we do still zero on a failure, * but as the zeroing behaviour is only significant when n is not -@@ -138,6 +146,10 @@ static __always_inline unsigned long +@@ -138,6 +149,12 @@ static __always_inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) { might_fault(); + ++ pax_track_stack(); ++ + if ((long)n < 0) + return n; + if (__builtin_constant_p(n)) { unsigned long ret; -@@ -153,6 +165,8 @@ __copy_from_user(void *to, const void __ +@@ -153,6 +170,8 @@ __copy_from_user(void *to, const void __ return ret; } } @@ -9886,7 +9934,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h linux-2.6.38.6/arch/ return __copy_from_user_ll(to, from, n); } -@@ -160,6 +174,10 @@ static __always_inline unsigned long __c +@@ -160,6 +179,10 @@ static __always_inline unsigned long __c const void __user *from, unsigned long n) { might_fault(); @@ -9897,7 +9945,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h linux-2.6.38.6/arch/ if (__builtin_constant_p(n)) { unsigned long ret; -@@ -182,15 +200,19 @@ static __always_inline unsigned long +@@ -182,15 +205,19 @@ static __always_inline unsigned long __copy_from_user_inatomic_nocache(void *to, const void __user *from, unsigned long n) { @@ -9924,7 +9972,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h linux-2.6.38.6/arch/ extern void copy_from_user_overflow(void) #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS -@@ -200,17 +222,61 @@ extern void copy_from_user_overflow(void +@@ -200,17 +227,61 @@ extern void copy_from_user_overflow(void #endif ; @@ -9995,7 +10043,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h linux-2.6.38.6/arch/ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h --- linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h 2011-04-28 19:57:25.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h 2011-05-16 21:47:08.000000000 -0400 @@ -11,6 +11,9 @@ #include <asm/alternative.h> #include <asm/cpufeature.h> @@ -10046,7 +10094,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h linux-2.6.38.6/arch/ return n; } -@@ -65,110 +68,194 @@ int copy_to_user(void __user *dst, const +@@ -65,110 +68,198 @@ int copy_to_user(void __user *dst, const { might_fault(); @@ -10068,6 +10116,8 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h linux-2.6.38.6/arch/ - if (!__builtin_constant_p(size)) - return copy_user_generic(dst, (__force void *)src, size); + ++ pax_track_stack(); ++ + if ((int)size < 0) + return size; + @@ -10155,6 +10205,8 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h linux-2.6.38.6/arch/ might_fault(); - if (!__builtin_constant_p(size)) + ++ pax_track_stack(); ++ + if ((int)size < 0) + return size; + @@ -10271,7 +10323,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h linux-2.6.38.6/arch/ ret, "b", "b", "=q", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -177,7 +264,7 @@ int __copy_in_user(void __user *dst, con +@@ -177,7 +268,7 @@ int __copy_in_user(void __user *dst, con } case 2: { u16 tmp; @@ -10280,7 +10332,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h linux-2.6.38.6/arch/ ret, "w", "w", "=r", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -187,7 +274,7 @@ int __copy_in_user(void __user *dst, con +@@ -187,7 +278,7 @@ int __copy_in_user(void __user *dst, con case 4: { u32 tmp; @@ -10289,7 +10341,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h linux-2.6.38.6/arch/ ret, "l", "k", "=r", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -196,7 +283,7 @@ int __copy_in_user(void __user *dst, con +@@ -196,7 +287,7 @@ int __copy_in_user(void __user *dst, con } case 8: { u64 tmp; @@ -10298,7 +10350,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h linux-2.6.38.6/arch/ ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -204,8 +291,16 @@ int __copy_in_user(void __user *dst, con +@@ -204,8 +295,16 @@ int __copy_in_user(void __user *dst, con return ret; } default: @@ -10316,10 +10368,12 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h linux-2.6.38.6/arch/ } } -@@ -222,33 +317,70 @@ __must_check unsigned long __clear_user( +@@ -222,33 +321,72 @@ __must_check unsigned long __clear_user( static __must_check __always_inline int __copy_from_user_inatomic(void *dst, const void __user *src, unsigned size) { ++ pax_track_stack(); ++ + if ((int)size < 0) + return size; + @@ -10995,7 +11049,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/amd_iommu.c linux-2.6.38.6/arch/x86/ke .map_page = map_page, diff -urNp linux-2.6.38.6/arch/x86/kernel/apic/apic.c linux-2.6.38.6/arch/x86/kernel/apic/apic.c --- linux-2.6.38.6/arch/x86/kernel/apic/apic.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/apic/apic.c 2011-04-28 19:57:25.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/apic/apic.c 2011-05-16 21:47:08.000000000 -0400 @@ -1819,7 +1819,7 @@ void smp_error_interrupt(struct pt_regs apic_write(APIC_ESR, 0); v1 = apic_read(APIC_ESR); @@ -11005,6 +11059,15 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/apic/apic.c linux-2.6.38.6/arch/x86/ke /* * Here is what the APIC error bits mean: +@@ -2209,6 +2209,8 @@ static int __cpuinit apic_cluster_num(vo + u16 *bios_cpu_apicid; + DECLARE_BITMAP(clustermap, NUM_APIC_CLUSTERS); + ++ pax_track_stack(); ++ + bios_cpu_apicid = early_per_cpu_ptr(x86_bios_cpu_apicid); + bitmap_zero(clustermap, NUM_APIC_CLUSTERS); + diff -urNp linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c --- linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c 2011-04-28 19:57:25.000000000 -0400 @@ -11147,7 +11210,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/apm_32.c linux-2.6.38.6/arch/x86/kerne diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c --- linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c 2011-04-28 19:34:14.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c 2011-05-16 21:47:08.000000000 -0400 @@ -51,7 +51,6 @@ void foo(void) OFFSET(CPUINFO_x86_vendor_id, cpuinfo_x86, x86_vendor_id); BLANK(); @@ -11156,7 +11219,16 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c linux-2.6.38.6/arch/x OFFSET(TI_exec_domain, thread_info, exec_domain); OFFSET(TI_flags, thread_info, flags); OFFSET(TI_status, thread_info, status); -@@ -113,6 +112,11 @@ void foo(void) +@@ -60,6 +59,8 @@ void foo(void) + OFFSET(TI_restart_block, thread_info, restart_block); + OFFSET(TI_sysenter_return, thread_info, sysenter_return); + OFFSET(TI_cpu, thread_info, cpu); ++ OFFSET(TI_lowest_stack, thread_info, lowest_stack); ++ DEFINE(TI_task_thread_sp0, offsetof(struct task_struct, thread.sp0) - offsetof(struct task_struct, tinfo)); + BLANK(); + + OFFSET(GDS_size, desc_ptr, size); +@@ -113,6 +114,11 @@ void foo(void) OFFSET(PV_CPU_iret, pv_cpu_ops, iret); OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit); OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0); @@ -11170,8 +11242,17 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c linux-2.6.38.6/arch/x #ifdef CONFIG_XEN diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c --- linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c 2011-04-30 11:45:06.000000000 -0400 -@@ -63,6 +63,18 @@ int main(void) ++++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c 2011-05-16 21:47:08.000000000 -0400 +@@ -44,6 +44,8 @@ int main(void) + ENTRY(addr_limit); + ENTRY(preempt_count); + ENTRY(status); ++ ENTRY(lowest_stack); ++ DEFINE(TI_task_thread_sp0, offsetof(struct task_struct, thread.sp0) - offsetof(struct task_struct, tinfo)); + #ifdef CONFIG_IA32_EMULATION + ENTRY(sysenter_return); + #endif +@@ -63,6 +65,18 @@ int main(void) OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit); OFFSET(PV_CPU_swapgs, pv_cpu_ops, swapgs); OFFSET(PV_MMU_read_cr2, pv_mmu_ops, read_cr2); @@ -11190,7 +11271,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c linux-2.6.38.6/arch/x #endif -@@ -115,6 +127,7 @@ int main(void) +@@ -115,6 +129,7 @@ int main(void) ENTRY(cr8); BLANK(); #undef ENTRY @@ -11198,7 +11279,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c linux-2.6.38.6/arch/x DEFINE(TSS_ist, offsetof(struct tss_struct, x86_tss.ist)); BLANK(); DEFINE(crypto_tfm_ctx_offset, offsetof(struct crypto_tfm, __crt_ctx)); -@@ -130,6 +143,7 @@ int main(void) +@@ -130,6 +145,7 @@ int main(void) BLANK(); DEFINE(PAGE_SIZE_asm, PAGE_SIZE); @@ -11550,8 +11631,17 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/cpu/mtrr/mtrr.h linux-2.6.38.6/arch/x8 extern int generic_get_free_region(unsigned long base, unsigned long size, diff -urNp linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c --- linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c 2011-04-28 19:34:14.000000000 -0400 -@@ -1781,7 +1781,7 @@ perf_callchain_user(struct perf_callchai ++++ linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c 2011-05-16 21:47:08.000000000 -0400 +@@ -674,6 +674,8 @@ static int x86_schedule_events(struct cp + int i, j, w, wmax, num = 0; + struct hw_perf_event *hwc; + ++ pax_track_stack(); ++ + bitmap_zero(used_mask, X86_PMC_IDX_MAX); + + for (i = 0; i < n; i++) { +@@ -1781,7 +1783,7 @@ perf_callchain_user(struct perf_callchai break; perf_callchain_store(entry, frame.return_address); @@ -11882,10 +11972,30 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/dumpstack.c linux-2.6.38.6/arch/x86/ke report_bug(regs->ip, regs); if (__die(str, regs, err)) +diff -urNp linux-2.6.38.6/arch/x86/kernel/early_printk.c linux-2.6.38.6/arch/x86/kernel/early_printk.c +--- linux-2.6.38.6/arch/x86/kernel/early_printk.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/early_printk.c 2011-05-16 21:47:08.000000000 -0400 +@@ -7,6 +7,7 @@ + #include <linux/pci_regs.h> + #include <linux/pci_ids.h> + #include <linux/errno.h> ++#include <linux/sched.h> + #include <asm/io.h> + #include <asm/processor.h> + #include <asm/fcntl.h> +@@ -179,6 +180,8 @@ asmlinkage void early_printk(const char + int n; + va_list ap; + ++ pax_track_stack(); ++ + va_start(ap, fmt); + n = vscnprintf(buf, sizeof(buf), fmt, ap); + early_console->write(early_console, buf, n); diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/kernel/entry_32.S --- linux-2.6.38.6/arch/x86/kernel/entry_32.S 2011-04-18 17:27:16.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/entry_32.S 2011-05-10 21:13:12.000000000 -0400 -@@ -183,13 +183,139 @@ ++++ linux-2.6.38.6/arch/x86/kernel/entry_32.S 2011-05-16 21:55:51.000000000 -0400 +@@ -183,13 +183,154 @@ /*CFI_REL_OFFSET gs, PT_GS*/ .endm .macro SET_KERNEL_GS reg @@ -11919,7 +12029,10 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker +#ifdef CONFIG_PAX_KERNEXEC +ENTRY(pax_enter_kernel) +#ifdef CONFIG_PARAVIRT -+ push %eax; push %ecx ++ pushl %eax ++ CFI_REL_OFFSET eax, 0 ++ pushl %ecx ++ CFI_REL_OFFSET ecx, 0 + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0) + mov %eax, %esi +#else @@ -11941,14 +12054,20 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker +#endif +3: +#ifdef CONFIG_PARAVIRT -+ pop %ecx; pop %eax ++ popl %ecx ++ CFI_RESTORE ecx ++ popl %eax ++ CFI_RESTORE eax +#endif + ret +ENDPROC(pax_enter_kernel) + +ENTRY(pax_exit_kernel) +#ifdef CONFIG_PARAVIRT -+ push %eax; push %ecx ++ pushl %eax ++ CFI_REL_OFFSET eax, 0 ++ pushl %ecx ++ CFI_REL_OFFSET ecx, 0 +#endif + mov %cs, %esi + cmp $__KERNEXEC_KERNEL_CS, %esi @@ -11970,7 +12089,10 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker +#endif +2: +#ifdef CONFIG_PARAVIRT -+ pop %ecx; pop %eax ++ popl %ecx ++ CFI_RESTORE ecx ++ popl %eax ++ CFI_RESTORE eax +#endif + ret +ENDPROC(pax_exit_kernel) @@ -11983,41 +12105,44 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker +.endm + +#ifdef CONFIG_PAX_MEMORY_STACKLEAK ++/* ++ * ebp: thread_info ++ * ecx, edx: can be clobbered ++ */ +ENTRY(pax_erase_kstack) -+ push %edi ++ pushl %edi ++ pushl %eax + -+ lea -64(%esp), %edi -+ and $-64, %edi ++ mov TI_lowest_stack(%ebp), %edi + mov $-0xBEEF, %eax + std -+1: -+ mov %edi, %ecx ++ ++1: mov %edi, %ecx + and $THREAD_SIZE_asm - 1, %ecx + shr $2, %ecx + repne scasl + jecxz 2f + -+ and $-64, %edi -+ and $-16, %ecx -+ -+ sub $128, %ecx ++ cmp $2*16, %ecx + jc 2f -+ mov $16, %ecx -+ repe scasl -+ jne 1b -+ sub $(512 - 64), %edi -+ mov $16, %ecx ++ ++ mov $2*16, %ecx + repe scasl + jecxz 2f + jne 1b -+2: -+ cld ++ ++2: cld + mov %esp, %ecx + sub %edi, %ecx + shr $2, %ecx + rep stosl + -+ pop %edi ++ mov TI_task_thread_sp0(%ebp), %edi ++ sub $128, %edi ++ mov %edi, TI_lowest_stack(%ebp) ++ ++ popl %eax ++ popl %edi + ret +ENDPROC(pax_erase_kstack) +#endif @@ -12026,7 +12151,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker cld PUSH_GS pushl_cfi %fs -@@ -212,7 +338,7 @@ +@@ -212,7 +353,7 @@ CFI_REL_OFFSET ecx, 0 pushl_cfi %ebx CFI_REL_OFFSET ebx, 0 @@ -12035,7 +12160,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker movl %edx, %ds movl %edx, %es movl $(__KERNEL_PERCPU), %edx -@@ -220,6 +346,15 @@ +@@ -220,6 +361,15 @@ SET_KERNEL_GS %edx .endm @@ -12051,7 +12176,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker .macro RESTORE_INT_REGS popl_cfi %ebx CFI_RESTORE ebx -@@ -330,7 +465,15 @@ check_userspace: +@@ -330,7 +480,15 @@ check_userspace: movb PT_CS(%esp), %al andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax cmpl $USER_RPL, %eax @@ -12067,7 +12192,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker ENTRY(resume_userspace) LOCKDEP_SYS_EXIT -@@ -392,23 +535,34 @@ sysenter_past_esp: +@@ -392,23 +550,34 @@ sysenter_past_esp: /*CFI_REL_OFFSET cs, 0*/ /* * Push current_thread_info()->sysenter_return to the stack. @@ -12105,7 +12230,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker movl %ebp,PT_EBP(%esp) .section __ex_table,"a" .align 4 -@@ -431,12 +585,27 @@ sysenter_do_call: +@@ -431,12 +600,23 @@ sysenter_do_call: testl $_TIF_ALLWORK_MASK, %ecx jne sysexit_audit sysenter_exit: @@ -12116,11 +12241,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker + popl_cfi %eax +#endif + -+#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+ pushl_cfi %eax -+ call pax_erase_kstack -+ popl_cfi %eax -+#endif ++ pax_erase_kstack + /* if something modifies registers it must also disable sysexit */ movl PT_EIP(%esp), %edx @@ -12133,7 +12254,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker PTGS_TO_GS ENABLE_INTERRUPTS_SYSEXIT -@@ -479,11 +648,17 @@ sysexit_audit: +@@ -479,11 +659,17 @@ sysexit_audit: CFI_ENDPROC .pushsection .fixup,"ax" @@ -12153,7 +12274,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker .popsection PTGS_TO_GS_EX ENDPROC(ia32_sysenter_target) -@@ -516,6 +691,14 @@ syscall_exit: +@@ -516,6 +702,12 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work @@ -12161,14 +12282,12 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker + call pax_randomize_kstack +#endif + -+#ifdef CONFIG_PAX_MEMORY_STACKLEAK + pax_erase_kstack -+#endif + restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -575,14 +758,21 @@ ldt_ss: +@@ -575,14 +767,21 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -12193,7 +12312,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -617,23 +807,17 @@ work_resched: +@@ -617,23 +816,17 @@ work_resched: work_notifysig: # deal with pending signals and # notify-resume requests @@ -12220,7 +12339,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker #endif xorl %edx, %edx call do_notify_resume -@@ -668,6 +852,10 @@ END(syscall_exit_work) +@@ -668,6 +861,10 @@ END(syscall_exit_work) RING0_INT_FRAME # can't unwind into user space anyway syscall_fault: @@ -12231,7 +12350,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker GET_THREAD_INFO(%ebp) movl $-EFAULT,PT_EAX(%esp) jmp resume_userspace -@@ -750,6 +938,36 @@ ptregs_clone: +@@ -750,6 +947,36 @@ ptregs_clone: CFI_ENDPROC ENDPROC(ptregs_clone) @@ -12268,7 +12387,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker .macro FIXUP_ESPFIX_STACK /* * Switch back for ESPFIX stack to the normal zerobased stack -@@ -759,8 +977,15 @@ ENDPROC(ptregs_clone) +@@ -759,8 +986,15 @@ ENDPROC(ptregs_clone) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -12286,7 +12405,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -1211,7 +1436,6 @@ return_to_handler: +@@ -1211,7 +1445,6 @@ return_to_handler: jmp *%ecx #endif @@ -12294,7 +12413,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker #include "syscall_table_32.S" syscall_table_size=(.-sys_call_table) -@@ -1257,9 +1481,12 @@ error_code: +@@ -1257,9 +1490,12 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -12308,7 +12427,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker TRACE_IRQS_OFF movl %esp,%eax # pt_regs pointer call *%edi -@@ -1344,6 +1571,9 @@ nmi_stack_correct: +@@ -1344,6 +1580,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -12318,7 +12437,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker jmp restore_all_notrace CFI_ENDPROC -@@ -1380,6 +1610,9 @@ nmi_espfix_stack: +@@ -1380,6 +1619,9 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -12330,7 +12449,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker CFI_ADJUST_CFA_OFFSET -24 diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/kernel/entry_64.S --- linux-2.6.38.6/arch/x86/kernel/entry_64.S 2011-04-18 17:27:13.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/entry_64.S 2011-05-10 21:12:16.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/entry_64.S 2011-05-16 22:04:15.000000000 -0400 @@ -53,6 +53,7 @@ #include <asm/paravirt.h> #include <asm/ftrace.h> @@ -12339,7 +12458,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ #include <linux/elf-em.h> -@@ -174,6 +175,251 @@ ENTRY(native_usergs_sysret64) +@@ -174,6 +175,252 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -12351,8 +12470,8 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker + 1234: .quad \off; .word \sel + .popsection +#else -+ push $\sel -+ push $\off ++ pushq $\sel ++ pushq $\off + lretq +#endif + .endm @@ -12371,7 +12490,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker + +#ifdef CONFIG_PAX_KERNEXEC +ENTRY(pax_enter_kernel) -+ push %rdi ++ pushq %rdi + +#ifdef CONFIG_PARAVIRT + PV_SAVE_REGS(CLBR_RDI) @@ -12392,12 +12511,12 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker + PV_RESTORE_REGS(CLBR_RDI) +#endif + -+ pop %rdi ++ popq %rdi + retq +ENDPROC(pax_enter_kernel) + +ENTRY(pax_exit_kernel) -+ push %rdi ++ pushq %rdi + +#ifdef CONFIG_PARAVIRT + PV_SAVE_REGS(CLBR_RDI) @@ -12416,7 +12535,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker + PV_RESTORE_REGS(CLBR_RDI); +#endif + -+ pop %rdi ++ popq %rdi + retq +ENDPROC(pax_exit_kernel) +#endif @@ -12437,56 +12556,14 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker + pop %rax +#endif +#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+ push %rax + call pax_erase_kstack -+ pop %rax +#endif + .endm + -+#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+ENTRY(pax_erase_kstack) -+ push %rdi -+ -+ lea -128(%rsp), %rdi -+ and $-64, %rdi -+ mov $-0xBEEF, %rax -+ std -+1: -+ mov %edi, %ecx -+ and $THREAD_SIZE_asm - 1, %ecx -+ shr $3, %ecx -+ repne scasq -+ jecxz 2f -+ -+ and $-64, %rdi -+ and $-8, %ecx -+ -+ sub $64, %ecx -+ jc 2f -+ mov $8, %ecx -+ repe scasq -+ jne 1b -+ sub $(512 - 64), %rdi -+ mov $8, %ecx -+ repe scasq -+ jecxz 2f -+ jne 1b -+2: -+ cld -+ mov %esp, %ecx -+ sub %edi, %ecx -+ shr $3, %ecx -+ rep stosq -+ -+ pop %rdi -+ ret -+ENDPROC(pax_erase_kstack) -+#endif -+ +#ifdef CONFIG_PAX_MEMORY_UDEREF +ENTRY(pax_enter_kernel_user) -+ push %rdi -+ push %rbx ++ pushq %rdi ++ pushq %rbx + +#ifdef CONFIG_PARAVIRT + PV_SAVE_REGS(CLBR_RDI) @@ -12498,7 +12575,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker + sub phys_base(%rip),%rbx + +#ifdef CONFIG_PARAVIRT -+ push %rdi ++ pushq %rdi + cmpl $0, pv_info+PARAVIRT_enabled + jz 1f + i = 0 @@ -12520,7 +12597,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker + .endr + +#ifdef CONFIG_PARAVIRT -+2: pop %rdi ++2: popq %rdi +#endif + SET_RDI_INTO_CR3 + @@ -12534,8 +12611,8 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker + PV_RESTORE_REGS(CLBR_RDI) +#endif + -+ pop %rbx -+ pop %rdi ++ popq %rbx ++ popq %rdi + retq +ENDPROC(pax_enter_kernel_user) + @@ -12543,7 +12620,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker + push %rdi + +#ifdef CONFIG_PARAVIRT -+ push %rbx ++ pushq %rbx + PV_SAVE_REGS(CLBR_RDI) +#endif + @@ -12581,17 +12658,60 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker + +#ifdef CONFIG_PARAVIRT +2: PV_RESTORE_REGS(CLBR_RDI) -+ pop %rbx ++ popq %rbx +#endif + -+ pop %rdi ++ popq %rdi + retq +ENDPROC(pax_exit_kernel_user) +#endif ++ ++#ifdef CONFIG_PAX_MEMORY_STACKLEAK ++/* ++ * r10: thread_info ++ * rcx, rdx: can be clobbered ++ */ ++ENTRY(pax_erase_kstack) ++ pushq %rdi ++ pushq %rax ++ ++ mov TI_lowest_stack(%r10), %rdi ++ mov $-0xBEEF, %rax ++ std ++ ++1: mov %edi, %ecx ++ and $THREAD_SIZE_asm - 1, %ecx ++ shr $3, %ecx ++ repne scasq ++ jecxz 2f ++ ++ cmp $2*8, %ecx ++ jc 2f ++ ++ mov $2*8, %ecx ++ repe scasq ++ jecxz 2f ++ jne 1b ++ ++2: cld ++ mov %esp, %ecx ++ sub %edi, %ecx ++ shr $3, %ecx ++ rep stosq ++ ++ mov TI_task_thread_sp0(%r10), %rdi ++ sub $256, %rdi ++ mov %rdi, TI_lowest_stack(%r10) ++ ++ popq %rax ++ popq %rdi ++ ret ++ENDPROC(pax_erase_kstack) ++#endif .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -316,7 +562,7 @@ ENTRY(save_args) +@@ -316,7 +563,7 @@ ENTRY(save_args) leaq -RBP+8(%rsp),%rdi /* arg1 for handler */ movq_cfi rbp, 8 /* push %rbp */ leaq 8(%rsp), %rbp /* mov %rsp, %ebp */ @@ -12600,7 +12720,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker je 1f SWAPGS /* -@@ -407,7 +653,7 @@ ENTRY(ret_from_fork) +@@ -407,7 +654,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -12609,7 +12729,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker je int_ret_from_sys_call testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -453,7 +699,7 @@ END(ret_from_fork) +@@ -453,7 +700,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -12618,7 +12738,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -466,12 +712,13 @@ ENTRY(system_call_after_swapgs) +@@ -466,12 +713,13 @@ ENTRY(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -12633,7 +12753,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) CFI_REL_OFFSET rip,RIP-ARGOFFSET -@@ -500,6 +747,7 @@ sysret_check: +@@ -500,6 +748,7 @@ sysret_check: andl %edi,%edx jnz sysret_careful CFI_REMEMBER_STATE @@ -12641,7 +12761,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker /* * sysretq will re-enable interrupts: */ -@@ -609,7 +857,7 @@ tracesys: +@@ -609,7 +858,7 @@ tracesys: GLOBAL(int_ret_from_sys_call) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -12650,7 +12770,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker je retint_restore_args movl $_TIF_ALLWORK_MASK,%edi /* edi: mask to check */ -@@ -791,6 +1039,16 @@ END(interrupt) +@@ -791,6 +1040,16 @@ END(interrupt) CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP call save_args PARTIAL_FRAME 0 @@ -12667,7 +12787,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker call \func .endm -@@ -823,7 +1081,7 @@ ret_from_intr: +@@ -823,7 +1082,7 @@ ret_from_intr: CFI_ADJUST_CFA_OFFSET -8 exit_intr: GET_THREAD_INFO(%rcx) @@ -12676,7 +12796,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker je retint_kernel /* Interrupt came from user space */ -@@ -845,12 +1103,14 @@ retint_swapgs: /* return to user-space +@@ -845,12 +1104,14 @@ retint_swapgs: /* return to user-space * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -12691,7 +12811,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker /* * The iretq could re-enable interrupts: */ -@@ -1022,6 +1282,16 @@ ENTRY(\sym) +@@ -1022,6 +1283,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -12708,7 +12828,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ call \do_sym -@@ -1039,6 +1309,16 @@ ENTRY(\sym) +@@ -1039,6 +1310,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -12725,7 +12845,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ call \do_sym -@@ -1047,7 +1327,7 @@ ENTRY(\sym) +@@ -1047,7 +1328,7 @@ ENTRY(\sym) END(\sym) .endm @@ -12734,7 +12854,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1057,8 +1337,24 @@ ENTRY(\sym) +@@ -1057,8 +1338,24 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -12759,7 +12879,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker subq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist) call \do_sym addq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist) -@@ -1075,6 +1371,16 @@ ENTRY(\sym) +@@ -1075,6 +1372,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -12776,7 +12896,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker movq %rsp,%rdi /* pt_regs pointer */ movq ORIG_RAX(%rsp),%rsi /* get error code */ movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ -@@ -1094,6 +1400,16 @@ ENTRY(\sym) +@@ -1094,6 +1401,16 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -12793,7 +12913,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker movq %rsp,%rdi /* pt_regs pointer */ movq ORIG_RAX(%rsp),%rsi /* get error code */ movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ -@@ -1356,14 +1672,27 @@ ENTRY(paranoid_exit) +@@ -1356,14 +1673,27 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -12822,7 +12942,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker TRACE_IRQS_IRETQ 0 RESTORE_ALL 8 jmp irq_return -@@ -1421,7 +1750,7 @@ ENTRY(error_entry) +@@ -1421,7 +1751,7 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -12831,7 +12951,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker je error_kernelspace error_swapgs: SWAPGS -@@ -1485,6 +1814,16 @@ ENTRY(nmi) +@@ -1485,6 +1815,16 @@ ENTRY(nmi) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid DEFAULT_FRAME 0 @@ -12848,7 +12968,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1495,11 +1834,25 @@ ENTRY(nmi) +@@ -1495,11 +1835,25 @@ ENTRY(nmi) DISABLE_INTERRUPTS(CLBR_NONE) testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore @@ -14444,7 +14564,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/module.c linux-2.6.38.6/arch/x86/kerne goto overflow; diff -urNp linux-2.6.38.6/arch/x86/kernel/paravirt.c linux-2.6.38.6/arch/x86/kernel/paravirt.c --- linux-2.6.38.6/arch/x86/kernel/paravirt.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/paravirt.c 2011-04-28 19:34:14.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/paravirt.c 2011-05-16 21:47:08.000000000 -0400 @@ -122,7 +122,7 @@ unsigned paravirt_patch_jmp(void *insnbu * corresponding structure. */ static void *get_call_destination(u8 type) @@ -14454,7 +14574,17 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/paravirt.c linux-2.6.38.6/arch/x86/ker .pv_init_ops = pv_init_ops, .pv_time_ops = pv_time_ops, .pv_cpu_ops = pv_cpu_ops, -@@ -145,14 +145,14 @@ unsigned paravirt_patch_default(u8 type, +@@ -133,6 +133,9 @@ static void *get_call_destination(u8 typ + .pv_lock_ops = pv_lock_ops, + #endif + }; ++ ++ pax_track_stack(); ++ + return *((void **)&tmpl + type); + } + +@@ -145,14 +148,14 @@ unsigned paravirt_patch_default(u8 type, if (opfunc == NULL) /* If there's no function, patch it with a ud2a (BUG) */ ret = paravirt_patch_insns(insnbuf, len, ud2a, ud2a+sizeof(ud2a)); @@ -14472,7 +14602,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/paravirt.c linux-2.6.38.6/arch/x86/ker ret = paravirt_patch_ident_64(insnbuf, len); else if (type == PARAVIRT_PATCH(pv_cpu_ops.iret) || -@@ -178,7 +178,7 @@ unsigned paravirt_patch_insns(void *insn +@@ -178,7 +181,7 @@ unsigned paravirt_patch_insns(void *insn if (insn_len > len || start == NULL) insn_len = len; else @@ -14481,7 +14611,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/paravirt.c linux-2.6.38.6/arch/x86/ker return insn_len; } -@@ -294,22 +294,22 @@ void arch_flush_lazy_mmu_mode(void) +@@ -294,22 +297,22 @@ void arch_flush_lazy_mmu_mode(void) preempt_enable(); } @@ -14508,7 +14638,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/paravirt.c linux-2.6.38.6/arch/x86/ker .save_fl = __PV_IS_CALLEE_SAVE(native_save_fl), .restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl), .irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable), -@@ -321,7 +321,7 @@ struct pv_irq_ops pv_irq_ops = { +@@ -321,7 +324,7 @@ struct pv_irq_ops pv_irq_ops = { #endif }; @@ -14517,7 +14647,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/paravirt.c linux-2.6.38.6/arch/x86/ker .cpuid = native_cpuid, .get_debugreg = native_get_debugreg, .set_debugreg = native_set_debugreg, -@@ -382,7 +382,7 @@ struct pv_cpu_ops pv_cpu_ops = { +@@ -382,7 +385,7 @@ struct pv_cpu_ops pv_cpu_ops = { .end_context_switch = paravirt_nop, }; @@ -14526,7 +14656,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/paravirt.c linux-2.6.38.6/arch/x86/ker #ifdef CONFIG_X86_LOCAL_APIC .startup_ipi_hook = paravirt_nop, #endif -@@ -396,7 +396,7 @@ struct pv_apic_ops pv_apic_ops = { +@@ -396,7 +399,7 @@ struct pv_apic_ops pv_apic_ops = { #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_64) #endif @@ -14535,7 +14665,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/paravirt.c linux-2.6.38.6/arch/x86/ker .read_cr2 = native_read_cr2, .write_cr2 = native_write_cr2, -@@ -465,6 +465,12 @@ struct pv_mmu_ops pv_mmu_ops = { +@@ -465,6 +468,12 @@ struct pv_mmu_ops pv_mmu_ops = { }, .set_fixmap = native_set_fixmap, @@ -14605,6 +14735,27 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/pci-gart_64.c linux-2.6.38.6/arch/x86/ .map_sg = gart_map_sg, .unmap_sg = gart_unmap_sg, .map_page = gart_map_page, +diff -urNp linux-2.6.38.6/arch/x86/kernel/pci-iommu_table.c linux-2.6.38.6/arch/x86/kernel/pci-iommu_table.c +--- linux-2.6.38.6/arch/x86/kernel/pci-iommu_table.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/pci-iommu_table.c 2011-05-16 21:47:08.000000000 -0400 +@@ -2,7 +2,7 @@ + #include <asm/iommu_table.h> + #include <linux/string.h> + #include <linux/kallsyms.h> +- ++#include <linux/sched.h> + + #define DEBUG 1 + +@@ -53,6 +53,8 @@ void __init check_iommu_entries(struct i + char sym_p[KSYM_SYMBOL_LEN]; + char sym_q[KSYM_SYMBOL_LEN]; + ++ pax_track_stack(); ++ + /* Simple cyclic dependency checker. */ + for (p = start; p < finish; p++) { + q = find_dependents_of(start, finish, p); diff -urNp linux-2.6.38.6/arch/x86/kernel/pci-nommu.c linux-2.6.38.6/arch/x86/kernel/pci-nommu.c --- linux-2.6.38.6/arch/x86/kernel/pci-nommu.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/arch/x86/kernel/pci-nommu.c 2011-04-28 19:34:14.000000000 -0400 @@ -14631,7 +14782,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/pci-swiotlb.c linux-2.6.38.6/arch/x86/ .free_coherent = swiotlb_free_coherent, diff -urNp linux-2.6.38.6/arch/x86/kernel/process_32.c linux-2.6.38.6/arch/x86/kernel/process_32.c --- linux-2.6.38.6/arch/x86/kernel/process_32.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/process_32.c 2011-04-28 19:34:14.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/process_32.c 2011-05-16 21:47:08.000000000 -0400 @@ -65,6 +65,7 @@ asmlinkage void ret_from_fork(void) __as unsigned long thread_saved_pc(struct task_struct *tsk) { @@ -14658,7 +14809,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process_32.c linux-2.6.38.6/arch/x86/k show_regs_common(); -@@ -196,7 +196,7 @@ int copy_thread(unsigned long clone_flag +@@ -196,13 +196,14 @@ int copy_thread(unsigned long clone_flag struct task_struct *tsk; int err; @@ -14667,7 +14818,14 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process_32.c linux-2.6.38.6/arch/x86/k *childregs = *regs; childregs->ax = 0; childregs->sp = sp; -@@ -293,7 +293,7 @@ __switch_to(struct task_struct *prev_p, + + p->thread.sp = (unsigned long) childregs; + p->thread.sp0 = (unsigned long) (childregs+1); ++ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p); + + p->thread.ip = (unsigned long) ret_from_fork; + +@@ -293,7 +294,7 @@ __switch_to(struct task_struct *prev_p, struct thread_struct *prev = &prev_p->thread, *next = &next_p->thread; int cpu = smp_processor_id(); @@ -14676,7 +14834,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process_32.c linux-2.6.38.6/arch/x86/k bool preload_fpu; /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ -@@ -328,6 +328,10 @@ __switch_to(struct task_struct *prev_p, +@@ -328,6 +329,10 @@ __switch_to(struct task_struct *prev_p, */ lazy_save_gs(prev->gs); @@ -14687,7 +14845,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process_32.c linux-2.6.38.6/arch/x86/k /* * Load the per-thread Thread-Local Storage descriptor. */ -@@ -363,6 +367,9 @@ __switch_to(struct task_struct *prev_p, +@@ -363,6 +368,9 @@ __switch_to(struct task_struct *prev_p, */ arch_end_context_switch(next_p); @@ -14697,7 +14855,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process_32.c linux-2.6.38.6/arch/x86/k if (preload_fpu) __math_state_restore(); -@@ -372,8 +379,6 @@ __switch_to(struct task_struct *prev_p, +@@ -372,8 +380,6 @@ __switch_to(struct task_struct *prev_p, if (prev->gs | next->gs) lazy_load_gs(next->gs); @@ -14706,14 +14864,14 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process_32.c linux-2.6.38.6/arch/x86/k return prev_p; } -@@ -403,4 +408,3 @@ unsigned long get_wchan(struct task_stru +@@ -403,4 +409,3 @@ unsigned long get_wchan(struct task_stru } while (count++ < 16); return 0; } - diff -urNp linux-2.6.38.6/arch/x86/kernel/process_64.c linux-2.6.38.6/arch/x86/kernel/process_64.c --- linux-2.6.38.6/arch/x86/kernel/process_64.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/process_64.c 2011-05-11 18:34:57.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/process_64.c 2011-05-16 21:47:08.000000000 -0400 @@ -87,7 +87,7 @@ static void __exit_idle(void) void exit_idle(void) { @@ -14733,7 +14891,15 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process_64.c linux-2.6.38.6/arch/x86/k *childregs = *regs; childregs->ax = 0; -@@ -376,7 +375,7 @@ __switch_to(struct task_struct *prev_p, +@@ -273,6 +272,7 @@ int copy_thread(unsigned long clone_flag + p->thread.sp = (unsigned long) childregs; + p->thread.sp0 = (unsigned long) (childregs+1); + p->thread.usersp = me->thread.usersp; ++ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p); + + set_tsk_thread_flag(p, TIF_FORK); + +@@ -376,7 +376,7 @@ __switch_to(struct task_struct *prev_p, struct thread_struct *prev = &prev_p->thread; struct thread_struct *next = &next_p->thread; int cpu = smp_processor_id(); @@ -14742,7 +14908,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process_64.c linux-2.6.38.6/arch/x86/k unsigned fsindex, gsindex; bool preload_fpu; -@@ -472,10 +471,9 @@ __switch_to(struct task_struct *prev_p, +@@ -472,10 +472,9 @@ __switch_to(struct task_struct *prev_p, prev->usersp = percpu_read(old_rsp); percpu_write(old_rsp, next->usersp); percpu_write(current_task, next_p); @@ -14755,7 +14921,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/process_64.c linux-2.6.38.6/arch/x86/k /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -529,12 +527,11 @@ unsigned long get_wchan(struct task_stru +@@ -529,12 +528,11 @@ unsigned long get_wchan(struct task_stru if (!p || p == current || p->state == TASK_RUNNING) return 0; stack = (unsigned long)task_stack_page(p); @@ -16491,8 +16657,17 @@ diff -urNp linux-2.6.38.6/arch/x86/kvm/mmu.c linux-2.6.38.6/arch/x86/kvm/mmu.c kvm_mmu_free_some_pages(vcpu); diff -urNp linux-2.6.38.6/arch/x86/kvm/paging_tmpl.h linux-2.6.38.6/arch/x86/kvm/paging_tmpl.h --- linux-2.6.38.6/arch/x86/kvm/paging_tmpl.h 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kvm/paging_tmpl.h 2011-04-28 19:57:25.000000000 -0400 -@@ -674,7 +674,7 @@ static void FNAME(invlpg)(struct kvm_vcp ++++ linux-2.6.38.6/arch/x86/kvm/paging_tmpl.h 2011-05-16 21:47:08.000000000 -0400 +@@ -554,6 +554,8 @@ static int FNAME(page_fault)(struct kvm_ + unsigned long mmu_seq; + bool map_writable; + ++ pax_track_stack(); ++ + pgprintk("%s: addr %lx err %x\n", __func__, addr, error_code); + + r = mmu_topup_memory_caches(vcpu); +@@ -674,7 +676,7 @@ static void FNAME(invlpg)(struct kvm_vcp if (need_flush) kvm_flush_remote_tlbs(vcpu->kvm); @@ -21712,6 +21887,18 @@ diff -urNp linux-2.6.38.6/arch/x86/platform/efi/efi_stub_32.S linux-2.6.38.6/arc saved_return_addr: .long 0 efi_rt_function_ptr: +diff -urNp linux-2.6.38.6/arch/x86/platform/uv/tlb_uv.c linux-2.6.38.6/arch/x86/platform/uv/tlb_uv.c +--- linux-2.6.38.6/arch/x86/platform/uv/tlb_uv.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/platform/uv/tlb_uv.c 2011-05-16 21:47:08.000000000 -0400 +@@ -341,6 +341,8 @@ static void uv_reset_with_ipi(struct bau + cpumask_t mask; + struct reset_args reset_args; + ++ pax_track_stack(); ++ + reset_args.sender = sender; + + cpus_clear(mask); diff -urNp linux-2.6.38.6/arch/x86/power/cpu.c linux-2.6.38.6/arch/x86/power/cpu.c --- linux-2.6.38.6/arch/x86/power/cpu.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/arch/x86/power/cpu.c 2011-04-28 19:34:15.000000000 -0400 @@ -22300,6 +22487,18 @@ diff -urNp linux-2.6.38.6/block/scsi_ioctl.c linux-2.6.38.6/block/scsi_ioctl.c if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; +diff -urNp linux-2.6.38.6/crypto/serpent.c linux-2.6.38.6/crypto/serpent.c +--- linux-2.6.38.6/crypto/serpent.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/crypto/serpent.c 2011-05-16 21:47:08.000000000 -0400 +@@ -224,6 +224,8 @@ static int serpent_setkey(struct crypto_ + u32 r0,r1,r2,r3,r4; + int i; + ++ pax_track_stack(); ++ + /* Copy key, add padding */ + + for (i = 0; i < keylen; ++i) diff -urNp linux-2.6.38.6/Documentation/dontdiff linux-2.6.38.6/Documentation/dontdiff --- linux-2.6.38.6/Documentation/dontdiff 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/Documentation/dontdiff 2011-04-28 19:34:15.000000000 -0400 @@ -22798,8 +22997,26 @@ diff -urNp linux-2.6.38.6/drivers/ata/libata-core.c linux-2.6.38.6/drivers/ata/l .error_handler = ata_dummy_error_handler, diff -urNp linux-2.6.38.6/drivers/ata/libata-eh.c linux-2.6.38.6/drivers/ata/libata-eh.c --- linux-2.6.38.6/drivers/ata/libata-eh.c 2011-05-10 22:06:27.000000000 -0400 -+++ linux-2.6.38.6/drivers/ata/libata-eh.c 2011-05-10 22:06:52.000000000 -0400 -@@ -3882,7 +3882,7 @@ void ata_do_eh(struct ata_port *ap, ata_ ++++ linux-2.6.38.6/drivers/ata/libata-eh.c 2011-05-17 19:31:43.000000000 -0400 +@@ -2478,6 +2478,8 @@ void ata_eh_report(struct ata_port *ap) + { + struct ata_link *link; + ++ pax_track_stack(); ++ + ata_for_each_link(link, ap, HOST_FIRST) + ata_eh_link_report(link); + } +@@ -3276,7 +3278,7 @@ static int ata_eh_set_lpm(struct ata_lin + struct ata_eh_context *ehc = &link->eh_context; + struct ata_device *dev, *link_dev = NULL, *lpm_dev = NULL; + enum ata_lpm_policy old_policy = link->lpm_policy; +- bool no_dipm = ap->flags & ATA_FLAG_NO_DIPM; ++ bool no_dipm = link->ap->flags & ATA_FLAG_NO_DIPM; + unsigned int hints = ATA_LPM_EMPTY | ATA_LPM_HIPM; + unsigned int err_mask; + int rc; +@@ -3882,7 +3884,7 @@ void ata_do_eh(struct ata_port *ap, ata_ */ void ata_std_error_handler(struct ata_port *ap) { @@ -25129,7 +25346,7 @@ diff -urNp linux-2.6.38.6/drivers/atm/nicstar.c linux-2.6.38.6/drivers/atm/nicst diff -urNp linux-2.6.38.6/drivers/atm/solos-pci.c linux-2.6.38.6/drivers/atm/solos-pci.c --- linux-2.6.38.6/drivers/atm/solos-pci.c 2011-04-18 17:27:18.000000000 -0400 -+++ linux-2.6.38.6/drivers/atm/solos-pci.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/drivers/atm/solos-pci.c 2011-05-16 21:47:08.000000000 -0400 @@ -715,7 +715,7 @@ void solos_bh(unsigned long card_arg) } atm_charge(vcc, skb->truesize); @@ -25139,7 +25356,16 @@ diff -urNp linux-2.6.38.6/drivers/atm/solos-pci.c linux-2.6.38.6/drivers/atm/sol break; case PKT_STATUS: -@@ -1009,7 +1009,7 @@ static uint32_t fpga_tx(struct solos_car +@@ -900,6 +900,8 @@ static int print_buffer(struct sk_buff * + char msg[500]; + char item[10]; + ++ pax_track_stack(); ++ + len = buf->len; + for (i = 0; i < len; i++){ + if(i % 8 == 0) +@@ -1009,7 +1011,7 @@ static uint32_t fpga_tx(struct solos_car vcc = SKB_CB(oldskb)->vcc; if (vcc) { @@ -25299,6 +25525,30 @@ diff -urNp linux-2.6.38.6/drivers/block/cciss.c linux-2.6.38.6/drivers/block/cci err = 0; err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, +diff -urNp linux-2.6.38.6/drivers/block/cpqarray.c linux-2.6.38.6/drivers/block/cpqarray.c +--- linux-2.6.38.6/drivers/block/cpqarray.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/block/cpqarray.c 2011-05-16 21:47:08.000000000 -0400 +@@ -911,6 +911,8 @@ static void do_ida_request(struct reques + struct scatterlist tmp_sg[SG_MAX]; + int i, dir, seg; + ++ pax_track_stack(); ++ + if (blk_queue_plugged(q)) + goto startio; + +diff -urNp linux-2.6.38.6/drivers/block/DAC960.c linux-2.6.38.6/drivers/block/DAC960.c +--- linux-2.6.38.6/drivers/block/DAC960.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/block/DAC960.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1979,6 +1979,8 @@ static bool DAC960_V1_ReadDeviceConfigur + unsigned long flags; + int Channel, TargetID; + ++ pax_track_stack(); ++ + if (!init_dma_loaf(Controller->PCIDevice, &local_dma, + DAC960_V1_MaxChannels*(sizeof(DAC960_V1_DCDB_T) + + sizeof(DAC960_SCSI_Inquiry_T) + diff -urNp linux-2.6.38.6/drivers/block/drbd/drbd_int.h linux-2.6.38.6/drivers/block/drbd/drbd_int.h --- linux-2.6.38.6/drivers/block/drbd/drbd_int.h 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/block/drbd/drbd_int.h 2011-04-28 19:57:25.000000000 -0400 @@ -25506,6 +25756,27 @@ diff -urNp linux-2.6.38.6/drivers/block/drbd/drbd_receiver.c linux-2.6.38.6/driv D_ASSERT(list_empty(&mdev->current_epoch->list)); } +diff -urNp linux-2.6.38.6/drivers/block/nbd.c linux-2.6.38.6/drivers/block/nbd.c +--- linux-2.6.38.6/drivers/block/nbd.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/block/nbd.c 2011-05-16 21:47:08.000000000 -0400 +@@ -157,6 +157,8 @@ static int sock_xmit(struct nbd_device * + struct kvec iov; + sigset_t blocked, oldset; + ++ pax_track_stack(); ++ + if (unlikely(!sock)) { + printk(KERN_ERR "%s: Attempted %s on closed socket in sock_xmit\n", + lo->disk->disk_name, (send ? "send" : "recv")); +@@ -571,6 +573,8 @@ static void do_nbd_request(struct reques + static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *lo, + unsigned int cmd, unsigned long arg) + { ++ pax_track_stack(); ++ + switch (cmd) { + case NBD_DISCONNECT: { + struct request sreq; diff -urNp linux-2.6.38.6/drivers/char/agp/frontend.c linux-2.6.38.6/drivers/char/agp/frontend.c --- linux-2.6.38.6/drivers/char/agp/frontend.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/char/agp/frontend.c 2011-04-28 19:34:15.000000000 -0400 @@ -25587,7 +25858,7 @@ diff -urNp linux-2.6.38.6/drivers/char/hpet.c linux-2.6.38.6/drivers/char/hpet.c struct hpet_timer __iomem *timer; diff -urNp linux-2.6.38.6/drivers/char/ipmi/ipmi_msghandler.c linux-2.6.38.6/drivers/char/ipmi/ipmi_msghandler.c --- linux-2.6.38.6/drivers/char/ipmi/ipmi_msghandler.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/drivers/char/ipmi/ipmi_msghandler.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/drivers/char/ipmi/ipmi_msghandler.c 2011-05-16 21:47:08.000000000 -0400 @@ -414,7 +414,7 @@ struct ipmi_smi { struct proc_dir_entry *proc_dir; char proc_dir_name[10]; @@ -25618,6 +25889,15 @@ diff -urNp linux-2.6.38.6/drivers/char/ipmi/ipmi_msghandler.c linux-2.6.38.6/dri intf->proc_dir = NULL; +@@ -4196,6 +4196,8 @@ static void send_panic_events(char *str) + struct ipmi_smi_msg smi_msg; + struct ipmi_recv_msg recv_msg; + ++ pax_track_stack(); ++ + si = (struct ipmi_system_interface_addr *) &addr; + si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; + si->channel = IPMI_BMC_CHANNEL; diff -urNp linux-2.6.38.6/drivers/char/ipmi/ipmi_si_intf.c linux-2.6.38.6/drivers/char/ipmi/ipmi_si_intf.c --- linux-2.6.38.6/drivers/char/ipmi/ipmi_si_intf.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/char/ipmi/ipmi_si_intf.c 2011-04-28 19:34:15.000000000 -0400 @@ -25653,7 +25933,7 @@ diff -urNp linux-2.6.38.6/drivers/char/ipmi/ipmi_si_intf.c linux-2.6.38.6/driver atomic_set(&new_smi->stop_operation, 0); diff -urNp linux-2.6.38.6/drivers/char/istallion.c linux-2.6.38.6/drivers/char/istallion.c --- linux-2.6.38.6/drivers/char/istallion.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/drivers/char/istallion.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/drivers/char/istallion.c 2011-05-16 21:47:08.000000000 -0400 @@ -186,7 +186,6 @@ static struct ktermios stli_deftermios * re-used for each stats call. */ @@ -25670,6 +25950,24 @@ diff -urNp linux-2.6.38.6/drivers/char/istallion.c linux-2.6.38.6/drivers/char/i if (copy_from_user(&stli_brdstats, bp, sizeof(combrd_t))) return -EFAULT; +@@ -4226,6 +4226,8 @@ static int stli_getportstruct(struct stl + struct stliport stli_dummyport; + struct stliport *portp; + ++ pax_track_stack(); ++ + if (copy_from_user(&stli_dummyport, arg, sizeof(struct stliport))) + return -EFAULT; + portp = stli_getport(stli_dummyport.brdnr, stli_dummyport.panelnr, +@@ -4248,6 +4250,8 @@ static int stli_getbrdstruct(struct stli + struct stlibrd stli_dummybrd; + struct stlibrd *brdp; + ++ pax_track_stack(); ++ + if (copy_from_user(&stli_dummybrd, arg, sizeof(struct stlibrd))) + return -EFAULT; + if (stli_dummybrd.brdnr >= STL_MAXBRDS) diff -urNp linux-2.6.38.6/drivers/char/Kconfig linux-2.6.38.6/drivers/char/Kconfig --- linux-2.6.38.6/drivers/char/Kconfig 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/char/Kconfig 2011-04-28 19:34:15.000000000 -0400 @@ -26016,6 +26314,18 @@ diff -urNp linux-2.6.38.6/drivers/char/random.c linux-2.6.38.6/drivers/char/rand static int max_write_thresh = INPUT_POOL_WORDS * 32; static char sysctl_bootid[16]; +diff -urNp linux-2.6.38.6/drivers/char/rocket.c linux-2.6.38.6/drivers/char/rocket.c +--- linux-2.6.38.6/drivers/char/rocket.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/char/rocket.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1277,6 +1277,8 @@ static int get_ports(struct r_port *info + struct rocket_ports tmp; + int board; + ++ pax_track_stack(); ++ + if (!retports) + return -EFAULT; + memset(&tmp, 0, sizeof (tmp)); diff -urNp linux-2.6.38.6/drivers/char/sonypi.c linux-2.6.38.6/drivers/char/sonypi.c --- linux-2.6.38.6/drivers/char/sonypi.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/char/sonypi.c 2011-04-28 19:34:15.000000000 -0400 @@ -26057,6 +26367,18 @@ diff -urNp linux-2.6.38.6/drivers/char/sonypi.c linux-2.6.38.6/drivers/char/sony mutex_unlock(&sonypi_device.lock); return 0; +diff -urNp linux-2.6.38.6/drivers/char/stallion.c linux-2.6.38.6/drivers/char/stallion.c +--- linux-2.6.38.6/drivers/char/stallion.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/char/stallion.c 2011-05-16 21:47:08.000000000 -0400 +@@ -2407,6 +2407,8 @@ static int stl_getportstruct(struct stlp + struct stlport stl_dummyport; + struct stlport *portp; + ++ pax_track_stack(); ++ + if (copy_from_user(&stl_dummyport, arg, sizeof(struct stlport))) + return -EFAULT; + portp = stl_getport(stl_dummyport.brdnr, stl_dummyport.panelnr, diff -urNp linux-2.6.38.6/drivers/char/tpm/tpm_bios.c linux-2.6.38.6/drivers/char/tpm/tpm_bios.c --- linux-2.6.38.6/drivers/char/tpm/tpm_bios.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/char/tpm/tpm_bios.c 2011-04-28 19:34:15.000000000 -0400 @@ -26102,7 +26424,7 @@ diff -urNp linux-2.6.38.6/drivers/char/tpm/tpm_bios.c linux-2.6.38.6/drivers/cha diff -urNp linux-2.6.38.6/drivers/char/tpm/tpm.c linux-2.6.38.6/drivers/char/tpm/tpm.c --- linux-2.6.38.6/drivers/char/tpm/tpm.c 2011-04-18 17:27:18.000000000 -0400 -+++ linux-2.6.38.6/drivers/char/tpm/tpm.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/drivers/char/tpm/tpm.c 2011-05-16 21:47:08.000000000 -0400 @@ -411,7 +411,7 @@ static ssize_t tpm_transmit(struct tpm_c chip->vendor.req_complete_val) goto out_recv; @@ -26112,6 +26434,15 @@ diff -urNp linux-2.6.38.6/drivers/char/tpm/tpm.c linux-2.6.38.6/drivers/char/tpm dev_err(chip->dev, "Operation Canceled\n"); rc = -ECANCELED; goto out; +@@ -844,6 +844,8 @@ ssize_t tpm_show_pubek(struct device *de + + struct tpm_chip *chip = dev_get_drvdata(dev); + ++ pax_track_stack(); ++ + tpm_cmd.header.in = tpm_readpubek_header; + err = transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE, + "attempting to read the PUBEK"); diff -urNp linux-2.6.38.6/drivers/cpuidle/sysfs.c linux-2.6.38.6/drivers/cpuidle/sysfs.c --- linux-2.6.38.6/drivers/cpuidle/sysfs.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/cpuidle/sysfs.c 2011-04-28 19:34:15.000000000 -0400 @@ -26124,6 +26455,30 @@ diff -urNp linux-2.6.38.6/drivers/cpuidle/sysfs.c linux-2.6.38.6/drivers/cpuidle { kobject_put(&device->kobjs[i]->kobj); wait_for_completion(&device->kobjs[i]->kobj_unregister); +diff -urNp linux-2.6.38.6/drivers/crypto/hifn_795x.c linux-2.6.38.6/drivers/crypto/hifn_795x.c +--- linux-2.6.38.6/drivers/crypto/hifn_795x.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/crypto/hifn_795x.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1655,6 +1655,8 @@ static int hifn_test(struct hifn_device + 0xCA, 0x34, 0x2B, 0x2E}; + struct scatterlist sg; + ++ pax_track_stack(); ++ + memset(src, 0, sizeof(src)); + memset(ctx.key, 0, sizeof(ctx.key)); + +diff -urNp linux-2.6.38.6/drivers/crypto/padlock-aes.c linux-2.6.38.6/drivers/crypto/padlock-aes.c +--- linux-2.6.38.6/drivers/crypto/padlock-aes.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/crypto/padlock-aes.c 2011-05-16 21:47:08.000000000 -0400 +@@ -109,6 +109,8 @@ static int aes_set_key(struct crypto_tfm + struct crypto_aes_ctx gen_aes; + int cpu; + ++ pax_track_stack(); ++ + if (key_len % 8) { + *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; + return -EINVAL; diff -urNp linux-2.6.38.6/drivers/edac/edac_mc_sysfs.c linux-2.6.38.6/drivers/edac/edac_mc_sysfs.c --- linux-2.6.38.6/drivers/edac/edac_mc_sysfs.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/edac/edac_mc_sysfs.c 2011-04-28 19:34:15.000000000 -0400 @@ -26235,6 +26590,26 @@ diff -urNp linux-2.6.38.6/drivers/firewire/core-cdev.c linux-2.6.38.6/drivers/fi return -EINVAL; r = kmalloc(sizeof(*r), GFP_KERNEL); +diff -urNp linux-2.6.38.6/drivers/firewire/core-transaction.c linux-2.6.38.6/drivers/firewire/core-transaction.c +--- linux-2.6.38.6/drivers/firewire/core-transaction.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/firewire/core-transaction.c 2011-05-16 21:47:08.000000000 -0400 +@@ -36,6 +36,7 @@ + #include <linux/string.h> + #include <linux/timer.h> + #include <linux/types.h> ++#include <linux/sched.h> + + #include <asm/byteorder.h> + +@@ -420,6 +421,8 @@ int fw_run_transaction(struct fw_card *c + struct transaction_callback_data d; + struct fw_transaction t; + ++ pax_track_stack(); ++ + init_timer_on_stack(&t.split_timeout_timer); + init_completion(&d.done); + d.payload = payload; diff -urNp linux-2.6.38.6/drivers/firmware/dmi_scan.c linux-2.6.38.6/drivers/firmware/dmi_scan.c --- linux-2.6.38.6/drivers/firmware/dmi_scan.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/firmware/dmi_scan.c 2011-04-28 19:34:15.000000000 -0400 @@ -26264,7 +26639,7 @@ diff -urNp linux-2.6.38.6/drivers/gpio/vr41xx_giu.c linux-2.6.38.6/drivers/gpio/ } diff -urNp linux-2.6.38.6/drivers/gpu/drm/drm_crtc_helper.c linux-2.6.38.6/drivers/gpu/drm/drm_crtc_helper.c --- linux-2.6.38.6/drivers/gpu/drm/drm_crtc_helper.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/drivers/gpu/drm/drm_crtc_helper.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/drivers/gpu/drm/drm_crtc_helper.c 2011-05-16 21:47:08.000000000 -0400 @@ -276,7 +276,7 @@ static bool drm_encoder_crtc_ok(struct d struct drm_crtc *tmp; int crtc_mask = 1; @@ -26274,6 +26649,15 @@ diff -urNp linux-2.6.38.6/drivers/gpu/drm/drm_crtc_helper.c linux-2.6.38.6/drive dev = crtc->dev; +@@ -343,6 +343,8 @@ bool drm_crtc_helper_set_mode(struct drm + struct drm_encoder *encoder; + bool ret = true; + ++ pax_track_stack(); ++ + crtc->enabled = drm_helper_crtc_in_use(crtc); + if (!crtc->enabled) + return true; diff -urNp linux-2.6.38.6/drivers/gpu/drm/drm_drv.c linux-2.6.38.6/drivers/gpu/drm/drm_drv.c --- linux-2.6.38.6/drivers/gpu/drm/drm_drv.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/gpu/drm/drm_drv.c 2011-04-28 19:34:15.000000000 -0400 @@ -27019,6 +27403,18 @@ diff -urNp linux-2.6.38.6/drivers/gpu/drm/r128/r128_state.c linux-2.6.38.6/drive } #endif +diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon/atom.c linux-2.6.38.6/drivers/gpu/drm/radeon/atom.c +--- linux-2.6.38.6/drivers/gpu/drm/radeon/atom.c 2011-05-10 22:06:27.000000000 -0400 ++++ linux-2.6.38.6/drivers/gpu/drm/radeon/atom.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1245,6 +1245,8 @@ struct atom_context *atom_parse(struct c + char name[512]; + int i; + ++ pax_track_stack(); ++ + ctx->card = card; + ctx->bios = bios; + diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon/mkregtable.c linux-2.6.38.6/drivers/gpu/drm/radeon/mkregtable.c --- linux-2.6.38.6/drivers/gpu/drm/radeon/mkregtable.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/gpu/drm/radeon/mkregtable.c 2011-04-28 19:34:15.000000000 -0400 @@ -27039,6 +27435,18 @@ diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon/mkregtable.c linux-2.6.38.6/dri if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { +diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_atombios.c linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_atombios.c +--- linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_atombios.c 2011-05-10 22:06:29.000000000 -0400 ++++ linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_atombios.c 2011-05-16 21:47:08.000000000 -0400 +@@ -545,6 +545,8 @@ bool radeon_get_atom_connector_info_from + struct radeon_gpio_rec gpio; + struct radeon_hpd hpd; + ++ pax_track_stack(); ++ + if (!atom_parse_data_header(ctx, index, &size, &frev, &crev, &data_offset)) + return false; + diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_device.c linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_device.c --- linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_device.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_device.c 2011-04-28 19:34:15.000000000 -0400 @@ -27051,6 +27459,18 @@ diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_device.c linux-2.6.38.6/ spin_unlock(&dev->count_lock); return can_switch; } +diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_display.c linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_display.c +--- linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_display.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_display.c 2011-05-16 21:47:08.000000000 -0400 +@@ -934,6 +934,8 @@ void radeon_compute_pll_legacy(struct ra + uint32_t post_div; + u32 pll_out_min, pll_out_max; + ++ pax_track_stack(); ++ + DRM_DEBUG_KMS("PLL freq %llu %u %u\n", freq, pll->min_ref_div, pll->max_ref_div); + freq = freq * 1000; + diff -urNp linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_drv.h linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_drv.h --- linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_drv.h 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/gpu/drm/radeon/radeon_drv.h 2011-04-28 19:57:25.000000000 -0400 @@ -27645,6 +28065,30 @@ diff -urNp linux-2.6.38.6/drivers/ide/ide-cd.c linux-2.6.38.6/drivers/ide/ide-cd drive->dma = 0; } } +diff -urNp linux-2.6.38.6/drivers/ide/ide-floppy.c linux-2.6.38.6/drivers/ide/ide-floppy.c +--- linux-2.6.38.6/drivers/ide/ide-floppy.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/ide/ide-floppy.c 2011-05-16 21:47:08.000000000 -0400 +@@ -379,6 +379,8 @@ static int ide_floppy_get_capacity(ide_d + u8 pc_buf[256], header_len, desc_cnt; + int i, rc = 1, blocks, length; + ++ pax_track_stack(); ++ + ide_debug_log(IDE_DBG_FUNC, "enter"); + + drive->bios_cyl = 0; +diff -urNp linux-2.6.38.6/drivers/ide/setup-pci.c linux-2.6.38.6/drivers/ide/setup-pci.c +--- linux-2.6.38.6/drivers/ide/setup-pci.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/ide/setup-pci.c 2011-05-16 21:47:08.000000000 -0400 +@@ -542,6 +542,8 @@ int ide_pci_init_two(struct pci_dev *dev + int ret, i, n_ports = dev2 ? 4 : 2; + struct ide_hw hw[4], *hws[] = { NULL, NULL, NULL, NULL }; + ++ pax_track_stack(); ++ + for (i = 0; i < n_ports / 2; i++) { + ret = ide_setup_pci_controller(pdev[i], d, !i); + if (ret < 0) diff -urNp linux-2.6.38.6/drivers/infiniband/core/cm.c linux-2.6.38.6/drivers/infiniband/core/cm.c --- linux-2.6.38.6/drivers/infiniband/core/cm.c 2011-04-18 17:27:14.000000000 -0400 +++ linux-2.6.38.6/drivers/infiniband/core/cm.c 2011-04-28 19:34:15.000000000 -0400 @@ -27878,6 +28322,18 @@ diff -urNp linux-2.6.38.6/drivers/infiniband/hw/cxgb4/mem.c linux-2.6.38.6/drive } PDBG("%s stag_state 0x%0x type 0x%0x pdid 0x%0x, stag_idx 0x%x\n", __func__, stag_state, type, pdid, stag_idx); +diff -urNp linux-2.6.38.6/drivers/infiniband/hw/ipath/ipath_fs.c linux-2.6.38.6/drivers/infiniband/hw/ipath/ipath_fs.c +--- linux-2.6.38.6/drivers/infiniband/hw/ipath/ipath_fs.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/infiniband/hw/ipath/ipath_fs.c 2011-05-16 21:47:08.000000000 -0400 +@@ -113,6 +113,8 @@ static ssize_t atomic_counters_read(stru + struct infinipath_counters counters; + struct ipath_devdata *dd; + ++ pax_track_stack(); ++ + dd = file->f_path.dentry->d_inode->i_private; + dd->ipath_f_read_counters(dd, &counters); + diff -urNp linux-2.6.38.6/drivers/infiniband/hw/ipath/ipath_rc.c linux-2.6.38.6/drivers/infiniband/hw/ipath/ipath_rc.c --- linux-2.6.38.6/drivers/infiniband/hw/ipath/ipath_rc.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/infiniband/hw/ipath/ipath_rc.c 2011-05-11 18:35:16.000000000 -0400 @@ -28343,6 +28799,18 @@ diff -urNp linux-2.6.38.6/drivers/input/input.c linux-2.6.38.6/drivers/input/inp error = device_add(&dev->dev); if (error) +diff -urNp linux-2.6.38.6/drivers/input/joystick/sidewinder.c linux-2.6.38.6/drivers/input/joystick/sidewinder.c +--- linux-2.6.38.6/drivers/input/joystick/sidewinder.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/input/joystick/sidewinder.c 2011-05-16 21:47:08.000000000 -0400 +@@ -428,6 +428,8 @@ static int sw_read(struct sw *sw) + unsigned char buf[SW_LENGTH]; + int i; + ++ pax_track_stack(); ++ + i = sw_read_packet(sw->gameport, buf, sw->length, 0); + + if (sw->type == SW_ID_3DP && sw->length == 66 && i != 66) { /* Broken packet, try to fix */ diff -urNp linux-2.6.38.6/drivers/input/joystick/xpad.c linux-2.6.38.6/drivers/input/joystick/xpad.c --- linux-2.6.38.6/drivers/input/joystick/xpad.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/input/joystick/xpad.c 2011-04-28 19:57:25.000000000 -0400 @@ -28580,6 +29048,128 @@ diff -urNp linux-2.6.38.6/drivers/isdn/hardware/avm/b1.c linux-2.6.38.6/drivers/ return -EFAULT; } else { memcpy(buf, dp, left); +diff -urNp linux-2.6.38.6/drivers/isdn/hardware/eicon/capidtmf.c linux-2.6.38.6/drivers/isdn/hardware/eicon/capidtmf.c +--- linux-2.6.38.6/drivers/isdn/hardware/eicon/capidtmf.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/hardware/eicon/capidtmf.c 2011-05-16 21:47:08.000000000 -0400 +@@ -498,6 +498,7 @@ void capidtmf_recv_block (t_capidtmf_sta + byte goertzel_result_buffer[CAPIDTMF_RECV_TOTAL_FREQUENCY_COUNT]; + short windowed_sample_buffer[CAPIDTMF_RECV_WINDOWED_SAMPLES]; + ++ pax_track_stack(); + + if (p_state->recv.state & CAPIDTMF_RECV_STATE_DTMF_ACTIVE) + { +diff -urNp linux-2.6.38.6/drivers/isdn/hardware/eicon/capifunc.c linux-2.6.38.6/drivers/isdn/hardware/eicon/capifunc.c +--- linux-2.6.38.6/drivers/isdn/hardware/eicon/capifunc.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/hardware/eicon/capifunc.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1055,6 +1055,8 @@ static int divacapi_connect_didd(void) + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; + ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); + + for (x = 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.38.6/drivers/isdn/hardware/eicon/diddfunc.c linux-2.6.38.6/drivers/isdn/hardware/eicon/diddfunc.c +--- linux-2.6.38.6/drivers/isdn/hardware/eicon/diddfunc.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/hardware/eicon/diddfunc.c 2011-05-16 21:47:08.000000000 -0400 +@@ -54,6 +54,8 @@ static int DIVA_INIT_FUNCTION connect_di + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; + ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); + + for (x = 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.38.6/drivers/isdn/hardware/eicon/divasfunc.c linux-2.6.38.6/drivers/isdn/hardware/eicon/divasfunc.c +--- linux-2.6.38.6/drivers/isdn/hardware/eicon/divasfunc.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/hardware/eicon/divasfunc.c 2011-05-16 21:47:08.000000000 -0400 +@@ -161,6 +161,8 @@ static int DIVA_INIT_FUNCTION connect_di + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; + ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); + + for (x = 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.38.6/drivers/isdn/hardware/eicon/idifunc.c linux-2.6.38.6/drivers/isdn/hardware/eicon/idifunc.c +--- linux-2.6.38.6/drivers/isdn/hardware/eicon/idifunc.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/hardware/eicon/idifunc.c 2011-05-16 21:47:08.000000000 -0400 +@@ -188,6 +188,8 @@ static int DIVA_INIT_FUNCTION connect_di + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; + ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); + + for (x = 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.38.6/drivers/isdn/hardware/eicon/message.c linux-2.6.38.6/drivers/isdn/hardware/eicon/message.c +--- linux-2.6.38.6/drivers/isdn/hardware/eicon/message.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/hardware/eicon/message.c 2011-05-16 21:47:08.000000000 -0400 +@@ -4889,6 +4889,8 @@ static void sig_ind(PLCI *plci) + dword d; + word w; + ++ pax_track_stack(); ++ + a = plci->adapter; + Id = ((word)plci->Id<<8)|a->Id; + PUT_WORD(&SS_Ind[4],0x0000); +@@ -7484,6 +7486,8 @@ static word add_b1(PLCI *plci, API_PARSE + word j, n, w; + dword d; + ++ pax_track_stack(); ++ + + for(i=0;i<8;i++) bp_parms[i].length = 0; + for(i=0;i<2;i++) global_config[i].length = 0; +@@ -7958,6 +7962,8 @@ static word add_b23(PLCI *plci, API_PARS + const byte llc3[] = {4,3,2,2,6,6,0}; + const byte header[] = {0,2,3,3,0,0,0}; + ++ pax_track_stack(); ++ + for(i=0;i<8;i++) bp_parms[i].length = 0; + for(i=0;i<6;i++) b2_config_parms[i].length = 0; + for(i=0;i<5;i++) b3_config_parms[i].length = 0; +@@ -14760,6 +14766,8 @@ static void group_optimization(DIVA_CAPI + word appl_number_group_type[MAX_APPL]; + PLCI *auxplci; + ++ pax_track_stack(); ++ + set_group_ind_mask (plci); /* all APPLs within this inc. call are allowed to dial in */ + + if(!a->group_optimization_enabled) +diff -urNp linux-2.6.38.6/drivers/isdn/hardware/eicon/mntfunc.c linux-2.6.38.6/drivers/isdn/hardware/eicon/mntfunc.c +--- linux-2.6.38.6/drivers/isdn/hardware/eicon/mntfunc.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/hardware/eicon/mntfunc.c 2011-05-16 21:47:08.000000000 -0400 +@@ -79,6 +79,8 @@ static int DIVA_INIT_FUNCTION connect_di + IDI_SYNC_REQ req; + DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; + ++ pax_track_stack(); ++ + DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); + + for (x = 0; x < MAX_DESCRIPTORS; x++) { +diff -urNp linux-2.6.38.6/drivers/isdn/i4l/isdn_common.c linux-2.6.38.6/drivers/isdn/i4l/isdn_common.c +--- linux-2.6.38.6/drivers/isdn/i4l/isdn_common.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/isdn/i4l/isdn_common.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1292,6 +1292,8 @@ isdn_ioctl(struct file *file, uint cmd, + } iocpar; + void __user *argp = (void __user *)arg; + ++ pax_track_stack(); ++ + #define name iocpar.name + #define bname iocpar.bname + #define iocts iocpar.iocts diff -urNp linux-2.6.38.6/drivers/isdn/icn/icn.c linux-2.6.38.6/drivers/isdn/icn/icn.c --- linux-2.6.38.6/drivers/isdn/icn/icn.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/isdn/icn/icn.c 2011-04-28 19:34:15.000000000 -0400 @@ -29145,7 +29735,7 @@ diff -urNp linux-2.6.38.6/drivers/md/raid1.c linux-2.6.38.6/drivers/md/raid1.c "(%d sectors at %llu on %s)\n", diff -urNp linux-2.6.38.6/drivers/md/raid5.c linux-2.6.38.6/drivers/md/raid5.c --- linux-2.6.38.6/drivers/md/raid5.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/drivers/md/raid5.c 2011-04-28 19:57:25.000000000 -0400 ++++ linux-2.6.38.6/drivers/md/raid5.c 2011-05-16 21:47:08.000000000 -0400 @@ -555,7 +555,7 @@ static void ops_run_io(struct stripe_hea bi->bi_next = NULL; if (rw == WRITE && @@ -29183,6 +29773,47 @@ diff -urNp linux-2.6.38.6/drivers/md/raid5.c linux-2.6.38.6/drivers/md/raid5.c > conf->max_nr_stripes) printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", +@@ -1953,6 +1953,7 @@ static sector_t compute_blocknr(struct s + sector_t r_sector; + struct stripe_head sh2; + ++ pax_track_stack(); + + chunk_offset = sector_div(new_sector, sectors_per_chunk); + stripe = new_sector; +diff -urNp linux-2.6.38.6/drivers/media/common/saa7146_hlp.c linux-2.6.38.6/drivers/media/common/saa7146_hlp.c +--- linux-2.6.38.6/drivers/media/common/saa7146_hlp.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/common/saa7146_hlp.c 2011-05-16 21:47:08.000000000 -0400 +@@ -353,6 +353,8 @@ static void calculate_clipping_registers + + int x[32], y[32], w[32], h[32]; + ++ pax_track_stack(); ++ + /* clear out memory */ + memset(&line_list[0], 0x00, sizeof(u32)*32); + memset(&pixel_list[0], 0x00, sizeof(u32)*32); +diff -urNp linux-2.6.38.6/drivers/media/dvb/dvb-core/dvb_ca_en50221.c linux-2.6.38.6/drivers/media/dvb/dvb-core/dvb_ca_en50221.c +--- linux-2.6.38.6/drivers/media/dvb/dvb-core/dvb_ca_en50221.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/dvb/dvb-core/dvb_ca_en50221.c 2011-05-16 21:47:08.000000000 -0400 +@@ -590,6 +590,8 @@ static int dvb_ca_en50221_read_data(stru + u8 buf[HOST_LINK_BUF_SIZE]; + int i; + ++ pax_track_stack(); ++ + dprintk("%s\n", __func__); + + /* check if we have space for a link buf in the rx_buffer */ +@@ -1285,6 +1287,8 @@ static ssize_t dvb_ca_en50221_io_write(s + unsigned long timeout; + int written; + ++ pax_track_stack(); ++ + dprintk("%s\n", __func__); + + /* Incoming packet has a 2 byte header. hdr[0] = slot_id, hdr[1] = connection_id */ diff -urNp linux-2.6.38.6/drivers/media/dvb/dvb-core/dvbdev.c linux-2.6.38.6/drivers/media/dvb/dvb-core/dvbdev.c --- linux-2.6.38.6/drivers/media/dvb/dvb-core/dvbdev.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/media/dvb/dvb-core/dvbdev.c 2011-04-28 19:34:15.000000000 -0400 @@ -29195,6 +29826,62 @@ diff -urNp linux-2.6.38.6/drivers/media/dvb/dvb-core/dvbdev.c linux-2.6.38.6/dri struct device *clsdev; int minor; int id; +diff -urNp linux-2.6.38.6/drivers/media/dvb/dvb-usb/dib0700_core.c linux-2.6.38.6/drivers/media/dvb/dvb-usb/dib0700_core.c +--- linux-2.6.38.6/drivers/media/dvb/dvb-usb/dib0700_core.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/dvb/dvb-usb/dib0700_core.c 2011-05-16 21:47:08.000000000 -0400 +@@ -366,6 +366,8 @@ int dib0700_download_firmware(struct usb + + u8 buf[260]; + ++ pax_track_stack(); ++ + while ((ret = dvb_usb_get_hexline(fw, &hx, &pos)) > 0) { + deb_fwdata("writing to address 0x%08x (buffer: 0x%02x %02x)\n", + hx.addr, hx.len, hx.chk); +diff -urNp linux-2.6.38.6/drivers/media/dvb/dvb-usb/lmedm04.c linux-2.6.38.6/drivers/media/dvb/dvb-usb/lmedm04.c +--- linux-2.6.38.6/drivers/media/dvb/dvb-usb/lmedm04.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/dvb/dvb-usb/lmedm04.c 2011-05-16 21:47:08.000000000 -0400 +@@ -611,6 +611,7 @@ static int lme2510_download_firmware(str + packet_size = 0x31; + len_in = 1; + ++ pax_track_stack(); + + info("FRM Starting Firmware Download"); + +@@ -666,6 +667,8 @@ static void lme_coldreset(struct usb_dev + int ret = 0, len_in; + u8 data[512] = {0}; + ++ pax_track_stack(); ++ + data[0] = 0x0a; + len_in = 1; + info("FRM Firmware Cold Reset"); +diff -urNp linux-2.6.38.6/drivers/media/dvb/frontends/mb86a16.c linux-2.6.38.6/drivers/media/dvb/frontends/mb86a16.c +--- linux-2.6.38.6/drivers/media/dvb/frontends/mb86a16.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/dvb/frontends/mb86a16.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1060,6 +1060,8 @@ static int mb86a16_set_fe(struct mb86a16 + int ret = -1; + int sync; + ++ pax_track_stack(); ++ + dprintk(verbose, MB86A16_INFO, 1, "freq=%d Mhz, symbrt=%d Ksps", state->frequency, state->srate); + + fcp = 3000; +diff -urNp linux-2.6.38.6/drivers/media/dvb/frontends/or51211.c linux-2.6.38.6/drivers/media/dvb/frontends/or51211.c +--- linux-2.6.38.6/drivers/media/dvb/frontends/or51211.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/dvb/frontends/or51211.c 2011-05-16 21:47:08.000000000 -0400 +@@ -113,6 +113,8 @@ static int or51211_load_firmware (struct + u8 tudata[585]; + int i; + ++ pax_track_stack(); ++ + dprintk("Firmware is %zd bytes\n",fw->size); + + /* Get eprom data */ diff -urNp linux-2.6.38.6/drivers/media/radio/radio-cadet.c linux-2.6.38.6/drivers/media/radio/radio-cadet.c --- linux-2.6.38.6/drivers/media/radio/radio-cadet.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/media/radio/radio-cadet.c 2011-04-28 19:34:15.000000000 -0400 @@ -29254,7 +29941,7 @@ diff -urNp linux-2.6.38.6/drivers/media/rc/rc-main.c linux-2.6.38.6/drivers/medi rc = device_add(&dev->dev); diff -urNp linux-2.6.38.6/drivers/media/video/cx18/cx18-driver.c linux-2.6.38.6/drivers/media/video/cx18/cx18-driver.c --- linux-2.6.38.6/drivers/media/video/cx18/cx18-driver.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/drivers/media/video/cx18/cx18-driver.c 2011-04-28 19:57:25.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/video/cx18/cx18-driver.c 2011-05-16 21:47:08.000000000 -0400 @@ -60,7 +60,7 @@ static struct pci_device_id cx18_pci_tbl MODULE_DEVICE_TABLE(pci, cx18_pci_tbl); @@ -29264,7 +29951,16 @@ diff -urNp linux-2.6.38.6/drivers/media/video/cx18/cx18-driver.c linux-2.6.38.6/ /* Parameter declarations */ static int cardtype[CX18_MAX_CARDS]; -@@ -884,7 +884,7 @@ static int __devinit cx18_probe(struct p +@@ -326,6 +326,8 @@ void cx18_read_eeprom(struct cx18 *cx, s + struct i2c_client c; + u8 eedata[256]; + ++ pax_track_stack(); ++ + memset(&c, 0, sizeof(c)); + strlcpy(c.name, "cx18 tveeprom tmp", sizeof(c.name)); + c.adapter = &cx->i2c_adap[0]; +@@ -884,7 +886,7 @@ static int __devinit cx18_probe(struct p struct cx18 *cx; /* FIXME - module parameter arrays constrain max instances */ @@ -29273,6 +29969,18 @@ diff -urNp linux-2.6.38.6/drivers/media/video/cx18/cx18-driver.c linux-2.6.38.6/ if (i >= CX18_MAX_CARDS) { printk(KERN_ERR "cx18: cannot manage card %d, driver has a " "limit of 0 - %d\n", i, CX18_MAX_CARDS - 1); +diff -urNp linux-2.6.38.6/drivers/media/video/cx23885/cx23885-input.c linux-2.6.38.6/drivers/media/video/cx23885/cx23885-input.c +--- linux-2.6.38.6/drivers/media/video/cx23885/cx23885-input.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/video/cx23885/cx23885-input.c 2011-05-16 21:47:08.000000000 -0400 +@@ -53,6 +53,8 @@ static void cx23885_input_process_measur + bool handle = false; + struct ir_raw_event ir_core_event[64]; + ++ pax_track_stack(); ++ + do { + num = 0; + v4l2_subdev_call(dev->sd_ir, ir, rx_read, (u8 *) ir_core_event, diff -urNp linux-2.6.38.6/drivers/media/video/ivtv/ivtv-driver.c linux-2.6.38.6/drivers/media/video/ivtv/ivtv-driver.c --- linux-2.6.38.6/drivers/media/video/ivtv/ivtv-driver.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/media/video/ivtv/ivtv-driver.c 2011-04-28 19:57:25.000000000 -0400 @@ -29309,6 +30017,63 @@ diff -urNp linux-2.6.38.6/drivers/media/video/omap24xxcam.h linux-2.6.38.6/drive /* accessing cam here doesn't need serialisation: it's constant */ struct omap24xxcam_device *cam; }; +diff -urNp linux-2.6.38.6/drivers/media/video/pvrusb2/pvrusb2-eeprom.c linux-2.6.38.6/drivers/media/video/pvrusb2/pvrusb2-eeprom.c +--- linux-2.6.38.6/drivers/media/video/pvrusb2/pvrusb2-eeprom.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/video/pvrusb2/pvrusb2-eeprom.c 2011-05-16 21:47:08.000000000 -0400 +@@ -120,6 +120,8 @@ int pvr2_eeprom_analyze(struct pvr2_hdw + u8 *eeprom; + struct tveeprom tvdata; + ++ pax_track_stack(); ++ + memset(&tvdata,0,sizeof(tvdata)); + + eeprom = pvr2_eeprom_fetch(hdw); +diff -urNp linux-2.6.38.6/drivers/media/video/saa7134/saa6752hs.c linux-2.6.38.6/drivers/media/video/saa7134/saa6752hs.c +--- linux-2.6.38.6/drivers/media/video/saa7134/saa6752hs.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/video/saa7134/saa6752hs.c 2011-05-16 21:47:08.000000000 -0400 +@@ -682,6 +682,8 @@ static int saa6752hs_init(struct v4l2_su + unsigned char localPAT[256]; + unsigned char localPMT[256]; + ++ pax_track_stack(); ++ + /* Set video format - must be done first as it resets other settings */ + set_reg8(client, 0x41, h->video_format); + +diff -urNp linux-2.6.38.6/drivers/media/video/saa7164/saa7164-cmd.c linux-2.6.38.6/drivers/media/video/saa7164/saa7164-cmd.c +--- linux-2.6.38.6/drivers/media/video/saa7164/saa7164-cmd.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/video/saa7164/saa7164-cmd.c 2011-05-16 21:47:08.000000000 -0400 +@@ -88,6 +88,8 @@ int saa7164_irq_dequeue(struct saa7164_d + u8 tmp[512]; + dprintk(DBGLVL_CMD, "%s()\n", __func__); + ++ pax_track_stack(); ++ + /* While any outstand message on the bus exists... */ + do { + +@@ -141,6 +143,8 @@ int saa7164_cmd_dequeue(struct saa7164_d + u8 tmp[512]; + dprintk(DBGLVL_CMD, "%s()\n", __func__); + ++ pax_track_stack(); ++ + while (loop) { + + struct tmComResInfo tRsp = { 0, 0, 0, 0, 0, 0 }; +diff -urNp linux-2.6.38.6/drivers/media/video/usbvision/usbvision-core.c linux-2.6.38.6/drivers/media/video/usbvision/usbvision-core.c +--- linux-2.6.38.6/drivers/media/video/usbvision/usbvision-core.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/video/usbvision/usbvision-core.c 2011-05-16 21:47:08.000000000 -0400 +@@ -799,6 +799,8 @@ static enum parse_state usbvision_parse_ + unsigned char rv, gv, bv; + static unsigned char *Y, *U, *V; + ++ pax_track_stack(); ++ + frame = usbvision->cur_frame; + image_size = frame->frmwidth * frame->frmheight; + if ((frame->v4l2_format.format == V4L2_PIX_FMT_YUV422P) || diff -urNp linux-2.6.38.6/drivers/media/video/v4l2-device.c linux-2.6.38.6/drivers/media/video/v4l2-device.c --- linux-2.6.38.6/drivers/media/video/v4l2-device.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/media/video/v4l2-device.c 2011-04-28 19:57:25.000000000 -0400 @@ -29324,6 +30089,18 @@ diff -urNp linux-2.6.38.6/drivers/media/video/v4l2-device.c linux-2.6.38.6/drive int len = strlen(basename); if (basename[len - 1] >= '0' && basename[len - 1] <= '9') +diff -urNp linux-2.6.38.6/drivers/media/video/videobuf-dma-sg.c linux-2.6.38.6/drivers/media/video/videobuf-dma-sg.c +--- linux-2.6.38.6/drivers/media/video/videobuf-dma-sg.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/media/video/videobuf-dma-sg.c 2011-05-16 21:47:08.000000000 -0400 +@@ -606,6 +606,8 @@ void *videobuf_sg_alloc(size_t size) + { + struct videobuf_queue q; + ++ pax_track_stack(); ++ + /* Required to make generic handler to call __videobuf_alloc */ + q.int_ops = &sg_ops; + diff -urNp linux-2.6.38.6/drivers/message/fusion/mptbase.c linux-2.6.38.6/drivers/message/fusion/mptbase.c --- linux-2.6.38.6/drivers/message/fusion/mptbase.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/message/fusion/mptbase.c 2011-04-28 19:34:15.000000000 -0400 @@ -29420,6 +30197,18 @@ diff -urNp linux-2.6.38.6/drivers/message/fusion/mptscsih.c linux-2.6.38.6/drive return h->info_kbuf; } +diff -urNp linux-2.6.38.6/drivers/message/i2o/i2o_config.c linux-2.6.38.6/drivers/message/i2o/i2o_config.c +--- linux-2.6.38.6/drivers/message/i2o/i2o_config.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/message/i2o/i2o_config.c 2011-05-16 21:47:08.000000000 -0400 +@@ -781,6 +781,8 @@ static int i2o_cfg_passthru(unsigned lon + struct i2o_message *msg; + unsigned int iop; + ++ pax_track_stack(); ++ + if (get_user(iop, &cmd->iop) || get_user(user_msg, &cmd->msg)) + return -EFAULT; + diff -urNp linux-2.6.38.6/drivers/message/i2o/i2o_proc.c linux-2.6.38.6/drivers/message/i2o/i2o_proc.c --- linux-2.6.38.6/drivers/message/i2o/i2o_proc.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/message/i2o/i2o_proc.c 2011-04-28 19:34:15.000000000 -0400 @@ -29546,6 +30335,18 @@ diff -urNp linux-2.6.38.6/drivers/mfd/janz-cmodio.c linux-2.6.38.6/drivers/mfd/j #include <linux/init.h> #include <linux/pci.h> #include <linux/interrupt.h> +diff -urNp linux-2.6.38.6/drivers/mfd/wm8350-i2c.c linux-2.6.38.6/drivers/mfd/wm8350-i2c.c +--- linux-2.6.38.6/drivers/mfd/wm8350-i2c.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/mfd/wm8350-i2c.c 2011-05-16 21:47:08.000000000 -0400 +@@ -44,6 +44,8 @@ static int wm8350_i2c_write_device(struc + u8 msg[(WM8350_MAX_REGISTER << 1) + 1]; + int ret; + ++ pax_track_stack(); ++ + if (bytes > ((WM8350_MAX_REGISTER << 1) + 1)) + return -EINVAL; + diff -urNp linux-2.6.38.6/drivers/misc/kgdbts.c linux-2.6.38.6/drivers/misc/kgdbts.c --- linux-2.6.38.6/drivers/misc/kgdbts.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/misc/kgdbts.c 2011-04-28 19:34:15.000000000 -0400 @@ -29789,6 +30590,84 @@ diff -urNp linux-2.6.38.6/drivers/misc/sgi-gru/grutables.h linux-2.6.38.6/driver } while (0) #ifdef CONFIG_SGI_GRU_DEBUG +diff -urNp linux-2.6.38.6/drivers/mtd/chips/cfi_cmdset_0001.c linux-2.6.38.6/drivers/mtd/chips/cfi_cmdset_0001.c +--- linux-2.6.38.6/drivers/mtd/chips/cfi_cmdset_0001.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/mtd/chips/cfi_cmdset_0001.c 2011-05-16 21:47:08.000000000 -0400 +@@ -757,6 +757,8 @@ static int chip_ready (struct map_info * + struct cfi_pri_intelext *cfip = cfi->cmdset_priv; + unsigned long timeo = jiffies + HZ; + ++ pax_track_stack(); ++ + /* Prevent setting state FL_SYNCING for chip in suspended state. */ + if (mode == FL_SYNCING && chip->oldstate != FL_READY) + goto sleep; +@@ -1657,6 +1659,8 @@ static int __xipram do_write_buffer(stru + unsigned long initial_adr; + int initial_len = len; + ++ pax_track_stack(); ++ + wbufsize = cfi_interleave(cfi) << cfi->cfiq->MaxBufWriteSize; + adr += chip->start; + initial_adr = adr; +@@ -1875,6 +1879,8 @@ static int __xipram do_erase_oneblock(st + int retries = 3; + int ret; + ++ pax_track_stack(); ++ + adr += chip->start; + + retry: +diff -urNp linux-2.6.38.6/drivers/mtd/chips/cfi_cmdset_0020.c linux-2.6.38.6/drivers/mtd/chips/cfi_cmdset_0020.c +--- linux-2.6.38.6/drivers/mtd/chips/cfi_cmdset_0020.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/mtd/chips/cfi_cmdset_0020.c 2011-05-16 21:47:08.000000000 -0400 +@@ -255,6 +255,8 @@ static inline int do_read_onechip(struct + unsigned long cmd_addr; + struct cfi_private *cfi = map->fldrv_priv; + ++ pax_track_stack(); ++ + adr += chip->start; + + /* Ensure cmd read/writes are aligned. */ +@@ -428,6 +430,8 @@ static inline int do_write_buffer(struct + DECLARE_WAITQUEUE(wait, current); + int wbufsize, z; + ++ pax_track_stack(); ++ + /* M58LW064A requires bus alignment for buffer wriets -- saw */ + if (adr & (map_bankwidth(map)-1)) + return -EINVAL; +@@ -742,6 +746,8 @@ static inline int do_erase_oneblock(stru + DECLARE_WAITQUEUE(wait, current); + int ret = 0; + ++ pax_track_stack(); ++ + adr += chip->start; + + /* Let's determine this according to the interleave only once */ +@@ -1047,6 +1053,8 @@ static inline int do_lock_oneblock(struc + unsigned long timeo = jiffies + HZ; + DECLARE_WAITQUEUE(wait, current); + ++ pax_track_stack(); ++ + adr += chip->start; + + /* Let's determine this according to the interleave only once */ +@@ -1196,6 +1204,8 @@ static inline int do_unlock_oneblock(str + unsigned long timeo = jiffies + HZ; + DECLARE_WAITQUEUE(wait, current); + ++ pax_track_stack(); ++ + adr += chip->start; + + /* Let's determine this according to the interleave only once */ diff -urNp linux-2.6.38.6/drivers/mtd/devices/doc2000.c linux-2.6.38.6/drivers/mtd/devices/doc2000.c --- linux-2.6.38.6/drivers/mtd/devices/doc2000.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/mtd/devices/doc2000.c 2011-04-28 19:34:15.000000000 -0400 @@ -29813,6 +30692,66 @@ diff -urNp linux-2.6.38.6/drivers/mtd/devices/doc2001.c linux-2.6.38.6/drivers/m return -EINVAL; /* Don't allow a single read to cross a 512-byte block boundary */ +diff -urNp linux-2.6.38.6/drivers/mtd/ftl.c linux-2.6.38.6/drivers/mtd/ftl.c +--- linux-2.6.38.6/drivers/mtd/ftl.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/mtd/ftl.c 2011-05-16 21:47:08.000000000 -0400 +@@ -474,6 +474,8 @@ static int copy_erase_unit(partition_t * + loff_t offset; + uint16_t srcunitswap = cpu_to_le16(srcunit); + ++ pax_track_stack(); ++ + eun = &part->EUNInfo[srcunit]; + xfer = &part->XferInfo[xferunit]; + DEBUG(2, "ftl_cs: copying block 0x%x to 0x%x\n", +diff -urNp linux-2.6.38.6/drivers/mtd/inftlcore.c linux-2.6.38.6/drivers/mtd/inftlcore.c +--- linux-2.6.38.6/drivers/mtd/inftlcore.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/mtd/inftlcore.c 2011-05-16 21:47:08.000000000 -0400 +@@ -259,6 +259,8 @@ static u16 INFTL_foldchain(struct INFTLr + struct inftl_oob oob; + size_t retlen; + ++ pax_track_stack(); ++ + DEBUG(MTD_DEBUG_LEVEL3, "INFTL: INFTL_foldchain(inftl=%p,thisVUC=%d," + "pending=%d)\n", inftl, thisVUC, pendingblock); + +diff -urNp linux-2.6.38.6/drivers/mtd/inftlmount.c linux-2.6.38.6/drivers/mtd/inftlmount.c +--- linux-2.6.38.6/drivers/mtd/inftlmount.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/mtd/inftlmount.c 2011-05-16 21:47:08.000000000 -0400 +@@ -53,6 +53,8 @@ static int find_boot_record(struct INFTL + struct INFTLPartition *ip; + size_t retlen; + ++ pax_track_stack(); ++ + DEBUG(MTD_DEBUG_LEVEL3, "INFTL: find_boot_record(inftl=%p)\n", inftl); + + /* +diff -urNp linux-2.6.38.6/drivers/mtd/lpddr/qinfo_probe.c linux-2.6.38.6/drivers/mtd/lpddr/qinfo_probe.c +--- linux-2.6.38.6/drivers/mtd/lpddr/qinfo_probe.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/mtd/lpddr/qinfo_probe.c 2011-05-16 21:47:08.000000000 -0400 +@@ -106,6 +106,8 @@ static int lpddr_pfow_present(struct map + { + map_word pfow_val[4]; + ++ pax_track_stack(); ++ + /* Check identification string */ + pfow_val[0] = map_read(map, map->pfow_base + PFOW_QUERY_STRING_P); + pfow_val[1] = map_read(map, map->pfow_base + PFOW_QUERY_STRING_F); +diff -urNp linux-2.6.38.6/drivers/mtd/mtdchar.c linux-2.6.38.6/drivers/mtd/mtdchar.c +--- linux-2.6.38.6/drivers/mtd/mtdchar.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/mtd/mtdchar.c 2011-05-16 21:47:08.000000000 -0400 +@@ -560,6 +560,8 @@ static int mtd_ioctl(struct file *file, + u_long size; + struct mtd_info_user info; + ++ pax_track_stack(); ++ + DEBUG(MTD_DEBUG_LEVEL0, "MTD_ioctl\n"); + + size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT; diff -urNp linux-2.6.38.6/drivers/mtd/nand/denali.c linux-2.6.38.6/drivers/mtd/nand/denali.c --- linux-2.6.38.6/drivers/mtd/nand/denali.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/mtd/nand/denali.c 2011-04-28 19:34:15.000000000 -0400 @@ -29824,6 +30763,30 @@ diff -urNp linux-2.6.38.6/drivers/mtd/nand/denali.c linux-2.6.38.6/drivers/mtd/n #include "denali.h" +diff -urNp linux-2.6.38.6/drivers/mtd/nftlcore.c linux-2.6.38.6/drivers/mtd/nftlcore.c +--- linux-2.6.38.6/drivers/mtd/nftlcore.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/mtd/nftlcore.c 2011-05-16 21:47:08.000000000 -0400 +@@ -264,6 +264,8 @@ static u16 NFTL_foldchain (struct NFTLre + int inplace = 1; + size_t retlen; + ++ pax_track_stack(); ++ + memset(BlockMap, 0xff, sizeof(BlockMap)); + memset(BlockFreeFound, 0, sizeof(BlockFreeFound)); + +diff -urNp linux-2.6.38.6/drivers/mtd/nftlmount.c linux-2.6.38.6/drivers/mtd/nftlmount.c +--- linux-2.6.38.6/drivers/mtd/nftlmount.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/mtd/nftlmount.c 2011-05-16 21:47:08.000000000 -0400 +@@ -45,6 +45,8 @@ static int find_boot_record(struct NFTLr + struct mtd_info *mtd = nftl->mbd.mtd; + unsigned int i; + ++ pax_track_stack(); ++ + /* Assume logical EraseSize == physical erasesize for starting the scan. + We'll sort it out later if we find a MediaHeader which says otherwise */ + /* Actually, we won't. The new DiskOnChip driver has already scanned diff -urNp linux-2.6.38.6/drivers/mtd/ubi/build.c linux-2.6.38.6/drivers/mtd/ubi/build.c --- linux-2.6.38.6/drivers/mtd/ubi/build.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/mtd/ubi/build.c 2011-04-28 19:34:15.000000000 -0400 @@ -29866,6 +30829,54 @@ diff -urNp linux-2.6.38.6/drivers/mtd/ubi/build.c linux-2.6.38.6/drivers/mtd/ubi } /** +diff -urNp linux-2.6.38.6/drivers/net/bnx2.c linux-2.6.38.6/drivers/net/bnx2.c +--- linux-2.6.38.6/drivers/net/bnx2.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/bnx2.c 2011-05-16 21:47:08.000000000 -0400 +@@ -5826,6 +5826,8 @@ bnx2_test_nvram(struct bnx2 *bp) + int rc = 0; + u32 magic, csum; + ++ pax_track_stack(); ++ + if ((rc = bnx2_nvram_read(bp, 0, data, 4)) != 0) + goto test_nvram_done; + +diff -urNp linux-2.6.38.6/drivers/net/bnx2x/bnx2x_ethtool.c linux-2.6.38.6/drivers/net/bnx2x/bnx2x_ethtool.c +--- linux-2.6.38.6/drivers/net/bnx2x/bnx2x_ethtool.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/bnx2x/bnx2x_ethtool.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1788,6 +1788,8 @@ static int bnx2x_test_nvram(struct bnx2x + int i, rc; + u32 magic, crc; + ++ pax_track_stack(); ++ + if (BP_NOMCP(bp)) + return 0; + +diff -urNp linux-2.6.38.6/drivers/net/cxgb4/cxgb4_main.c linux-2.6.38.6/drivers/net/cxgb4/cxgb4_main.c +--- linux-2.6.38.6/drivers/net/cxgb4/cxgb4_main.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/cxgb4/cxgb4_main.c 2011-05-16 21:47:08.000000000 -0400 +@@ -3429,6 +3429,8 @@ static int __devinit enable_msix(struct + unsigned int nchan = adap->params.nports; + struct msix_entry entries[MAX_INGQ + 1]; + ++ pax_track_stack(); ++ + for (i = 0; i < ARRAY_SIZE(entries); ++i) + entries[i].entry = i; + +diff -urNp linux-2.6.38.6/drivers/net/cxgb4/t4_hw.c linux-2.6.38.6/drivers/net/cxgb4/t4_hw.c +--- linux-2.6.38.6/drivers/net/cxgb4/t4_hw.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/cxgb4/t4_hw.c 2011-05-16 21:47:08.000000000 -0400 +@@ -362,6 +362,8 @@ static int get_vpd_params(struct adapter + u8 vpd[VPD_LEN], csum; + unsigned int vpdr_len, kw_offset, id_len; + ++ pax_track_stack(); ++ + ret = pci_read_vpd(adapter->pdev, VPD_BASE, sizeof(vpd), vpd); + if (ret < 0) + return ret; diff -urNp linux-2.6.38.6/drivers/net/e1000e/82571.c linux-2.6.38.6/drivers/net/e1000e/82571.c --- linux-2.6.38.6/drivers/net/e1000e/82571.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/net/e1000e/82571.c 2011-04-28 19:34:15.000000000 -0400 @@ -30052,6 +31063,18 @@ diff -urNp linux-2.6.38.6/drivers/net/e1000e/ich8lan.c linux-2.6.38.6/drivers/ne .acquire = e1000_acquire_nvm_ich8lan, .read = e1000_read_nvm_ich8lan, .release = e1000_release_nvm_ich8lan, +diff -urNp linux-2.6.38.6/drivers/net/hamradio/6pack.c linux-2.6.38.6/drivers/net/hamradio/6pack.c +--- linux-2.6.38.6/drivers/net/hamradio/6pack.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/hamradio/6pack.c 2011-05-16 21:47:08.000000000 -0400 +@@ -463,6 +463,8 @@ static void sixpack_receive_buf(struct t + unsigned char buf[512]; + int count1; + ++ pax_track_stack(); ++ + if (!count) + return; + diff -urNp linux-2.6.38.6/drivers/net/igb/e1000_82575.c linux-2.6.38.6/drivers/net/igb/e1000_82575.c --- linux-2.6.38.6/drivers/net/igb/e1000_82575.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/net/igb/e1000_82575.c 2011-04-28 19:34:15.000000000 -0400 @@ -30141,6 +31164,67 @@ diff -urNp linux-2.6.38.6/drivers/net/igbvf/vf.h linux-2.6.38.6/drivers/net/igbv struct e1000_mac_operations ops; u8 addr[6]; u8 perm_addr[6]; +diff -urNp linux-2.6.38.6/drivers/net/ixgb/ixgb_main.c linux-2.6.38.6/drivers/net/ixgb/ixgb_main.c +--- linux-2.6.38.6/drivers/net/ixgb/ixgb_main.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/ixgb/ixgb_main.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1072,6 +1072,8 @@ ixgb_set_multi(struct net_device *netdev + u32 rctl; + int i; + ++ pax_track_stack(); ++ + /* Check for Promiscuous and All Multicast modes */ + + rctl = IXGB_READ_REG(hw, RCTL); +diff -urNp linux-2.6.38.6/drivers/net/ixgb/ixgb_param.c linux-2.6.38.6/drivers/net/ixgb/ixgb_param.c +--- linux-2.6.38.6/drivers/net/ixgb/ixgb_param.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/ixgb/ixgb_param.c 2011-05-16 21:47:08.000000000 -0400 +@@ -261,6 +261,9 @@ void __devinit + ixgb_check_options(struct ixgb_adapter *adapter) + { + int bd = adapter->bd_number; ++ ++ pax_track_stack(); ++ + if (bd >= IXGB_MAX_NIC) { + pr_notice("Warning: no configuration for board #%i\n", bd); + pr_notice("Using defaults for all values\n"); +diff -urNp linux-2.6.38.6/drivers/net/ksz884x.c linux-2.6.38.6/drivers/net/ksz884x.c +--- linux-2.6.38.6/drivers/net/ksz884x.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/ksz884x.c 2011-05-16 21:47:08.000000000 -0400 +@@ -6536,6 +6536,8 @@ static void netdev_get_ethtool_stats(str + int rc; + u64 counter[TOTAL_PORT_COUNTER_NUM]; + ++ pax_track_stack(); ++ + mutex_lock(&hw_priv->lock); + n = SWITCH_PORT_NUM; + for (i = 0, p = port->first_port; i < port->mib_port_cnt; i++, p++) { +diff -urNp linux-2.6.38.6/drivers/net/mlx4/main.c linux-2.6.38.6/drivers/net/mlx4/main.c +--- linux-2.6.38.6/drivers/net/mlx4/main.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/mlx4/main.c 2011-05-16 21:47:08.000000000 -0400 +@@ -737,6 +737,8 @@ static int mlx4_init_hca(struct mlx4_dev + u64 icm_size; + int err; + ++ pax_track_stack(); ++ + err = mlx4_QUERY_FW(dev); + if (err) { + if (err == -EACCES) +diff -urNp linux-2.6.38.6/drivers/net/niu.c linux-2.6.38.6/drivers/net/niu.c +--- linux-2.6.38.6/drivers/net/niu.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/niu.c 2011-05-16 21:47:08.000000000 -0400 +@@ -9067,6 +9067,8 @@ static void __devinit niu_try_msix(struc + int i, num_irqs, err; + u8 first_ldg; + ++ pax_track_stack(); ++ + first_ldg = (NIU_NUM_LDG / parent->num_ports) * np->port; + for (i = 0; i < (NIU_NUM_LDG / parent->num_ports); i++) + ldg_num_map[i] = first_ldg + i; diff -urNp linux-2.6.38.6/drivers/net/pcnet32.c linux-2.6.38.6/drivers/net/pcnet32.c --- linux-2.6.38.6/drivers/net/pcnet32.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/net/pcnet32.c 2011-04-28 19:34:15.000000000 -0400 @@ -30197,6 +31281,18 @@ diff -urNp linux-2.6.38.6/drivers/net/tg3.h linux-2.6.38.6/drivers/net/tg3.h #define CHIPREV_ID_5750_C2 0x4202 #define CHIPREV_ID_5752_A0_HW 0x5000 #define CHIPREV_ID_5752_A0 0x6000 +diff -urNp linux-2.6.38.6/drivers/net/tulip/de2104x.c linux-2.6.38.6/drivers/net/tulip/de2104x.c +--- linux-2.6.38.6/drivers/net/tulip/de2104x.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/tulip/de2104x.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1817,6 +1817,8 @@ static void __devinit de21041_get_srom_i + struct de_srom_info_leaf *il; + void *bufp; + ++ pax_track_stack(); ++ + /* download entire eeprom */ + for (i = 0; i < DE_EEPROM_WORDS; i++) + ((__le16 *)ee_data)[i] = diff -urNp linux-2.6.38.6/drivers/net/tulip/de4x5.c linux-2.6.38.6/drivers/net/tulip/de4x5.c --- linux-2.6.38.6/drivers/net/tulip/de4x5.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/net/tulip/de4x5.c 2011-04-28 19:34:15.000000000 -0400 @@ -30330,6 +31426,258 @@ diff -urNp linux-2.6.38.6/drivers/net/vmxnet3/vmxnet3_ethtool.c linux-2.6.38.6/d return -EINVAL; } +diff -urNp linux-2.6.38.6/drivers/net/vxge/vxge-main.c linux-2.6.38.6/drivers/net/vxge/vxge-main.c +--- linux-2.6.38.6/drivers/net/vxge/vxge-main.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/vxge/vxge-main.c 2011-05-16 21:47:08.000000000 -0400 +@@ -97,6 +97,8 @@ static inline void VXGE_COMPLETE_VPATH_T + struct sk_buff *completed[NR_SKB_COMPLETED]; + int more; + ++ pax_track_stack(); ++ + do { + more = 0; + skb_ptr = completed; +@@ -1889,6 +1891,8 @@ static enum vxge_hw_status vxge_rth_conf + u8 mtable[256] = {0}; /* CPU to vpath mapping */ + int index; + ++ pax_track_stack(); ++ + /* + * Filling + * - itable with bucket numbers +diff -urNp linux-2.6.38.6/drivers/net/wan/cycx_x25.c linux-2.6.38.6/drivers/net/wan/cycx_x25.c +--- linux-2.6.38.6/drivers/net/wan/cycx_x25.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wan/cycx_x25.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1018,6 +1018,8 @@ static void hex_dump(char *msg, unsigned + unsigned char hex[1024], + * phex = hex; + ++ pax_track_stack(); ++ + if (len >= (sizeof(hex) / 2)) + len = (sizeof(hex) / 2) - 1; + +diff -urNp linux-2.6.38.6/drivers/net/wimax/i2400m/usb-fw.c linux-2.6.38.6/drivers/net/wimax/i2400m/usb-fw.c +--- linux-2.6.38.6/drivers/net/wimax/i2400m/usb-fw.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wimax/i2400m/usb-fw.c 2011-05-16 21:47:08.000000000 -0400 +@@ -287,6 +287,8 @@ ssize_t i2400mu_bus_bm_wait_for_ack(stru + int do_autopm = 1; + DECLARE_COMPLETION_ONSTACK(notif_completion); + ++ pax_track_stack(); ++ + d_fnstart(8, dev, "(i2400m %p ack %p size %zu)\n", + i2400m, ack, ack_size); + BUG_ON(_ack == i2400m->bm_ack_buf); +diff -urNp linux-2.6.38.6/drivers/net/wireless/airo.c linux-2.6.38.6/drivers/net/wireless/airo.c +--- linux-2.6.38.6/drivers/net/wireless/airo.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/airo.c 2011-05-16 21:47:08.000000000 -0400 +@@ -3001,6 +3001,8 @@ static void airo_process_scan_results (s + BSSListElement * loop_net; + BSSListElement * tmp_net; + ++ pax_track_stack(); ++ + /* Blow away current list of scan results */ + list_for_each_entry_safe (loop_net, tmp_net, &ai->network_list, list) { + list_move_tail (&loop_net->list, &ai->network_free_list); +@@ -3792,6 +3794,8 @@ static u16 setup_card(struct airo_info * + WepKeyRid wkr; + int rc; + ++ pax_track_stack(); ++ + memset( &mySsid, 0, sizeof( mySsid ) ); + kfree (ai->flash); + ai->flash = NULL; +@@ -4760,6 +4764,8 @@ static int proc_stats_rid_open( struct i + __le32 *vals = stats.vals; + int len; + ++ pax_track_stack(); ++ + if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL) + return -ENOMEM; + data = file->private_data; +@@ -5483,6 +5489,8 @@ static int proc_BSSList_open( struct ino + /* If doLoseSync is not 1, we won't do a Lose Sync */ + int doLoseSync = -1; + ++ pax_track_stack(); ++ + if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL) + return -ENOMEM; + data = file->private_data; +@@ -7190,6 +7198,8 @@ static int airo_get_aplist(struct net_de + int i; + int loseSync = capable(CAP_NET_ADMIN) ? 1: -1; + ++ pax_track_stack(); ++ + qual = kmalloc(IW_MAX_AP * sizeof(*qual), GFP_KERNEL); + if (!qual) + return -ENOMEM; +@@ -7750,6 +7760,8 @@ static void airo_read_wireless_stats(str + CapabilityRid cap_rid; + __le32 *vals = stats_rid.vals; + ++ pax_track_stack(); ++ + /* Get stats out of the card */ + clear_bit(JOB_WSTATS, &local->jobs); + if (local->power.event) { +diff -urNp linux-2.6.38.6/drivers/net/wireless/ath/ath5k/debug.c linux-2.6.38.6/drivers/net/wireless/ath/ath5k/debug.c +--- linux-2.6.38.6/drivers/net/wireless/ath/ath5k/debug.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/ath/ath5k/debug.c 2011-05-16 21:47:08.000000000 -0400 +@@ -204,6 +204,8 @@ static ssize_t read_file_beacon(struct f + unsigned int v; + u64 tsf; + ++ pax_track_stack(); ++ + v = ath5k_hw_reg_read(sc->ah, AR5K_BEACON); + len += snprintf(buf+len, sizeof(buf)-len, + "%-24s0x%08x\tintval: %d\tTIM: 0x%x\n", +@@ -325,6 +327,8 @@ static ssize_t read_file_debug(struct fi + unsigned int len = 0; + unsigned int i; + ++ pax_track_stack(); ++ + len += snprintf(buf+len, sizeof(buf)-len, + "DEBUG LEVEL: 0x%08x\n\n", sc->debug.level); + +@@ -386,6 +390,8 @@ static ssize_t read_file_antenna(struct + unsigned int i; + unsigned int v; + ++ pax_track_stack(); ++ + len += snprintf(buf+len, sizeof(buf)-len, "antenna mode\t%d\n", + sc->ah->ah_ant_mode); + len += snprintf(buf+len, sizeof(buf)-len, "default antenna\t%d\n", +@@ -496,6 +502,8 @@ static ssize_t read_file_misc(struct fil + unsigned int len = 0; + u32 filt = ath5k_hw_get_rx_filter(sc->ah); + ++ pax_track_stack(); ++ + len += snprintf(buf+len, sizeof(buf)-len, "bssid-mask: %pM\n", + sc->bssidmask); + len += snprintf(buf+len, sizeof(buf)-len, "filter-flags: 0x%x ", +@@ -552,6 +560,8 @@ static ssize_t read_file_frameerrors(str + unsigned int len = 0; + int i; + ++ pax_track_stack(); ++ + len += snprintf(buf+len, sizeof(buf)-len, + "RX\n---------------------\n"); + len += snprintf(buf+len, sizeof(buf)-len, "CRC\t%u\t(%u%%)\n", +@@ -669,6 +679,8 @@ static ssize_t read_file_ani(struct file + char buf[700]; + unsigned int len = 0; + ++ pax_track_stack(); ++ + len += snprintf(buf+len, sizeof(buf)-len, + "HW has PHY error counters:\t%s\n", + sc->ah->ah_capabilities.cap_has_phyerr_counters ? +@@ -829,6 +841,8 @@ static ssize_t read_file_queue(struct fi + struct ath5k_buf *bf, *bf0; + int i, n; + ++ pax_track_stack(); ++ + len += snprintf(buf+len, sizeof(buf)-len, + "available txbuffers: %d\n", sc->txbuf_len); + +diff -urNp linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_calib.c linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_calib.c +--- linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_calib.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_calib.c 2011-05-16 21:47:08.000000000 -0400 +@@ -734,6 +734,8 @@ static void ar9003_hw_tx_iq_cal(struct a + s32 i, j, ip, im, nmeasurement; + u8 nchains = get_streams(common->tx_chainmask); + ++ pax_track_stack(); ++ + for (ip = 0; ip < MPASS; ip++) { + REG_RMW_FIELD(ah, AR_PHY_TX_IQCAL_CONTROL_1, + AR_PHY_TX_IQCAQL_CONTROL_1_IQCORR_I_Q_COFF_DELPT, +@@ -856,6 +858,8 @@ static void ar9003_hw_tx_iq_cal_post_pro + int i, ip, im, j; + int nmeasurement; + ++ pax_track_stack(); ++ + for (i = 0; i < AR9300_MAX_CHAINS; i++) { + if (ah->txchainmask & (1 << i)) + num_chains++; +diff -urNp linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_paprd.c linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_paprd.c +--- linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_paprd.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/ath/ath9k/ar9003_paprd.c 2011-05-16 21:47:08.000000000 -0400 +@@ -356,6 +356,8 @@ static bool create_pa_curve(u32 *data_L, + int theta_low_bin = 0; + int i; + ++ pax_track_stack(); ++ + /* disregard any bin that contains <= 16 samples */ + thresh_accum_cnt = 16; + scale_factor = 5; +diff -urNp linux-2.6.38.6/drivers/net/wireless/ath/ath9k/debug.c linux-2.6.38.6/drivers/net/wireless/ath/ath9k/debug.c +--- linux-2.6.38.6/drivers/net/wireless/ath/ath9k/debug.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/ath/ath9k/debug.c 2011-05-16 21:47:08.000000000 -0400 +@@ -321,6 +321,8 @@ static ssize_t read_file_interrupt(struc + char buf[512]; + unsigned int len = 0; + ++ pax_track_stack(); ++ + if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_EDMA) { + len += snprintf(buf + len, sizeof(buf) - len, + "%8s: %10u\n", "RXLP", sc->debug.stats.istats.rxlp); +@@ -410,6 +412,8 @@ static ssize_t read_file_wiphy(struct fi + u8 addr[ETH_ALEN]; + u32 tmp; + ++ pax_track_stack(); ++ + len += snprintf(buf + len, sizeof(buf) - len, + "primary: %s (%s chan=%d ht=%d)\n", + wiphy_name(sc->pri_wiphy->hw->wiphy), +diff -urNp linux-2.6.38.6/drivers/net/wireless/ath/ath9k/htc_drv_main.c linux-2.6.38.6/drivers/net/wireless/ath/ath9k/htc_drv_main.c +--- linux-2.6.38.6/drivers/net/wireless/ath/ath9k/htc_drv_main.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/ath/ath9k/htc_drv_main.c 2011-05-16 21:47:08.000000000 -0400 +@@ -620,6 +620,8 @@ static ssize_t read_file_tgt_stats(struc + unsigned int len = 0; + int ret = 0; + ++ pax_track_stack(); ++ + memset(&cmd_rsp, 0, sizeof(cmd_rsp)); + + WMI_CMD(WMI_TGT_STATS_CMDID); +@@ -665,6 +667,8 @@ static ssize_t read_file_xmit(struct fil + char buf[512]; + unsigned int len = 0; + ++ pax_track_stack(); ++ + len += snprintf(buf + len, sizeof(buf) - len, + "%20s : %10u\n", "Buffers queued", + priv->debug.tx_stats.buf_queued); +@@ -714,6 +718,8 @@ static ssize_t read_file_recv(struct fil + char buf[512]; + unsigned int len = 0; + ++ pax_track_stack(); ++ + len += snprintf(buf + len, sizeof(buf) - len, + "%20s : %10u\n", "SKBs allocated", + priv->debug.rx_stats.skb_allocated); diff -urNp linux-2.6.38.6/drivers/net/wireless/b43/debugfs.c linux-2.6.38.6/drivers/net/wireless/b43/debugfs.c --- linux-2.6.38.6/drivers/net/wireless/b43/debugfs.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/net/wireless/b43/debugfs.c 2011-04-28 19:34:15.000000000 -0400 @@ -30354,6 +31702,81 @@ diff -urNp linux-2.6.38.6/drivers/net/wireless/b43legacy/debugfs.c linux-2.6.38. /* Offset of struct b43legacy_dfs_file in struct b43legacy_dfsentry */ size_t file_struct_offset; /* Take wl->irq_lock before calling read/write? */ +diff -urNp linux-2.6.38.6/drivers/net/wireless/ipw2x00/ipw2100.c linux-2.6.38.6/drivers/net/wireless/ipw2x00/ipw2100.c +--- linux-2.6.38.6/drivers/net/wireless/ipw2x00/ipw2100.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/ipw2x00/ipw2100.c 2011-05-16 21:47:08.000000000 -0400 +@@ -2101,6 +2101,8 @@ static int ipw2100_set_essid(struct ipw2 + int err; + DECLARE_SSID_BUF(ssid); + ++ pax_track_stack(); ++ + IPW_DEBUG_HC("SSID: '%s'\n", print_ssid(ssid, essid, ssid_len)); + + if (ssid_len) +@@ -5455,6 +5457,8 @@ static int ipw2100_set_key(struct ipw210 + struct ipw2100_wep_key *wep_key = (void *)cmd.host_command_parameters; + int err; + ++ pax_track_stack(); ++ + IPW_DEBUG_HC("WEP_KEY_INFO: index = %d, len = %d/%d\n", + idx, keylen, len); + +diff -urNp linux-2.6.38.6/drivers/net/wireless/ipw2x00/libipw_rx.c linux-2.6.38.6/drivers/net/wireless/ipw2x00/libipw_rx.c +--- linux-2.6.38.6/drivers/net/wireless/ipw2x00/libipw_rx.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/ipw2x00/libipw_rx.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1565,6 +1565,8 @@ static void libipw_process_probe_respons + unsigned long flags; + DECLARE_SSID_BUF(ssid); + ++ pax_track_stack(); ++ + LIBIPW_DEBUG_SCAN("'%s' (%pM" + "): %c%c%c%c %c%c%c%c-%c%c%c%c %c%c%c%c\n", + print_ssid(ssid, info_element->data, info_element->len), +diff -urNp linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-agn-rs.c linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-agn-rs.c +--- linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-agn-rs.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-agn-rs.c 2011-05-16 21:47:08.000000000 -0400 +@@ -883,6 +883,8 @@ static void rs_tx_status(void *priv_r, s + struct iwl_station_priv *sta_priv = (void *)sta->drv_priv; + struct iwl_rxon_context *ctx = sta_priv->common.ctx; + ++ pax_track_stack(); ++ + IWL_DEBUG_RATE_LIMIT(priv, "get frame ack response, update rate scale window\n"); + + /* Treat uninitialized rate scaling data same as non-existing. */ +@@ -2892,6 +2894,8 @@ static void rs_fill_link_cmd(struct iwl_ + u8 valid_tx_ant = 0; + struct iwl_link_quality_cmd *lq_cmd = &lq_sta->lq; + ++ pax_track_stack(); ++ + /* Override starting rate (index 0) if needed for debug purposes */ + rs_dbgfs_set_mcs(lq_sta, &new_rate, index); + +diff -urNp linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debugfs.c linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debugfs.c +--- linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debugfs.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debugfs.c 2011-05-16 21:47:08.000000000 -0400 +@@ -518,6 +518,8 @@ static ssize_t iwl_dbgfs_status_read(str + int pos = 0; + const size_t bufsz = sizeof(buf); + ++ pax_track_stack(); ++ + pos += scnprintf(buf + pos, bufsz - pos, "STATUS_HCMD_ACTIVE:\t %d\n", + test_bit(STATUS_HCMD_ACTIVE, &priv->status)); + pos += scnprintf(buf + pos, bufsz - pos, "STATUS_INT_ENABLED:\t %d\n", +@@ -650,6 +652,8 @@ static ssize_t iwl_dbgfs_qos_read(struct + char buf[256 * NUM_IWL_RXON_CTX]; + const size_t bufsz = sizeof(buf); + ++ pax_track_stack(); ++ + for_each_context(priv, ctx) { + pos += scnprintf(buf + pos, bufsz - pos, "context %d:\n", + ctx->ctxid); diff -urNp linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debug.h linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debug.h --- linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debug.h 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debug.h 2011-04-28 19:34:15.000000000 -0400 @@ -30368,6 +31791,18 @@ diff -urNp linux-2.6.38.6/drivers/net/wireless/iwlwifi/iwl-debug.h linux-2.6.38. static inline void iwl_print_hex_dump(struct iwl_priv *priv, int level, const void *p, u32 len) {} +diff -urNp linux-2.6.38.6/drivers/net/wireless/iwmc3200wifi/debugfs.c linux-2.6.38.6/drivers/net/wireless/iwmc3200wifi/debugfs.c +--- linux-2.6.38.6/drivers/net/wireless/iwmc3200wifi/debugfs.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/iwmc3200wifi/debugfs.c 2011-05-16 21:47:08.000000000 -0400 +@@ -327,6 +327,8 @@ static ssize_t iwm_debugfs_fw_err_read(s + int buf_len = 512; + size_t len = 0; + ++ pax_track_stack(); ++ + if (*ppos != 0) + return 0; + if (count < sizeof(buf)) diff -urNp linux-2.6.38.6/drivers/net/wireless/libertas/debugfs.c linux-2.6.38.6/drivers/net/wireless/libertas/debugfs.c --- linux-2.6.38.6/drivers/net/wireless/libertas/debugfs.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/net/wireless/libertas/debugfs.c 2011-04-28 19:34:15.000000000 -0400 @@ -30392,6 +31827,30 @@ diff -urNp linux-2.6.38.6/drivers/net/wireless/rndis_wlan.c linux-2.6.38.6/drive rts_threshold = 2347; tmp = cpu_to_le32(rts_threshold); +diff -urNp linux-2.6.38.6/drivers/net/wireless/rtlwifi/rtl8192ce/phy.c linux-2.6.38.6/drivers/net/wireless/rtlwifi/rtl8192ce/phy.c +--- linux-2.6.38.6/drivers/net/wireless/rtlwifi/rtl8192ce/phy.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/rtlwifi/rtl8192ce/phy.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1277,6 +1277,8 @@ static bool _rtl92c_phy_sw_chnl_step_by_ + u8 rfpath; + u8 num_total_rfpath = rtlphy->num_total_rfpath; + ++ pax_track_stack(); ++ + precommoncmdcnt = 0; + _rtl92c_phy_set_sw_chnl_cmdarray(precommoncmd, precommoncmdcnt++, + MAX_PRECMD_CNT, +diff -urNp linux-2.6.38.6/drivers/net/wireless/wl12xx/spi.c linux-2.6.38.6/drivers/net/wireless/wl12xx/spi.c +--- linux-2.6.38.6/drivers/net/wireless/wl12xx/spi.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/net/wireless/wl12xx/spi.c 2011-05-16 21:47:08.000000000 -0400 +@@ -279,6 +279,8 @@ static void wl1271_spi_raw_write(struct + u32 chunk_len; + int i; + ++ pax_track_stack(); ++ + WARN_ON(len > WL1271_AGGR_BUFFER_SIZE); + + spi_message_init(&m); diff -urNp linux-2.6.38.6/drivers/oprofile/buffer_sync.c linux-2.6.38.6/drivers/oprofile/buffer_sync.c --- linux-2.6.38.6/drivers/oprofile/buffer_sync.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/oprofile/buffer_sync.c 2011-04-28 19:34:15.000000000 -0400 @@ -30633,6 +32092,54 @@ diff -urNp linux-2.6.38.6/drivers/pci/proc.c linux-2.6.38.6/drivers/pci/proc.c proc_create("devices", 0, proc_bus_pci_dir, &proc_bus_pci_dev_operations); proc_initialized = 1; +diff -urNp linux-2.6.38.6/drivers/pci/xen-pcifront.c linux-2.6.38.6/drivers/pci/xen-pcifront.c +--- linux-2.6.38.6/drivers/pci/xen-pcifront.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/pci/xen-pcifront.c 2011-05-16 21:47:08.000000000 -0400 +@@ -187,6 +187,8 @@ static int pcifront_bus_read(struct pci_ + struct pcifront_sd *sd = bus->sysdata; + struct pcifront_device *pdev = pcifront_get_pdev(sd); + ++ pax_track_stack(); ++ + if (verbose_request) + dev_info(&pdev->xdev->dev, + "read dev=%04x:%02x:%02x.%01x - offset %x size %d\n", +@@ -226,6 +228,8 @@ static int pcifront_bus_write(struct pci + struct pcifront_sd *sd = bus->sysdata; + struct pcifront_device *pdev = pcifront_get_pdev(sd); + ++ pax_track_stack(); ++ + if (verbose_request) + dev_info(&pdev->xdev->dev, + "write dev=%04x:%02x:%02x.%01x - " +@@ -258,6 +262,8 @@ static int pci_frontend_enable_msix(stru + struct pcifront_device *pdev = pcifront_get_pdev(sd); + struct msi_desc *entry; + ++ pax_track_stack(); ++ + if (nvec > SH_INFO_MAX_VEC) { + dev_err(&dev->dev, "too much vector for pci frontend: %x." + " Increase SH_INFO_MAX_VEC.\n", nvec); +@@ -303,6 +309,8 @@ static void pci_frontend_disable_msix(st + struct pcifront_sd *sd = dev->bus->sysdata; + struct pcifront_device *pdev = pcifront_get_pdev(sd); + ++ pax_track_stack(); ++ + err = do_pci_op(pdev, &op); + + /* What should do for error ? */ +@@ -322,6 +330,8 @@ static int pci_frontend_enable_msi(struc + struct pcifront_sd *sd = dev->bus->sysdata; + struct pcifront_device *pdev = pcifront_get_pdev(sd); + ++ pax_track_stack(); ++ + err = do_pci_op(pdev, &op); + if (likely(!err)) { + *(*vector) = op.value; diff -urNp linux-2.6.38.6/drivers/platform/x86/asus-laptop.c linux-2.6.38.6/drivers/platform/x86/asus-laptop.c --- linux-2.6.38.6/drivers/platform/x86/asus-laptop.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/platform/x86/asus-laptop.c 2011-04-28 19:34:15.000000000 -0400 @@ -30756,6 +32263,17 @@ diff -urNp linux-2.6.38.6/drivers/s390/cio/qdio_debug.c linux-2.6.38.6/drivers/s .owner = THIS_MODULE, .open = qperf_seq_open, .read = seq_read, +diff -urNp linux-2.6.38.6/drivers/scsi/aacraid/commctrl.c linux-2.6.38.6/drivers/scsi/aacraid/commctrl.c +--- linux-2.6.38.6/drivers/scsi/aacraid/commctrl.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/aacraid/commctrl.c 2011-05-16 21:47:08.000000000 -0400 +@@ -481,6 +481,7 @@ static int aac_send_raw_srb(struct aac_d + u32 actual_fibsize64, actual_fibsize = 0; + int i; + ++ pax_track_stack(); + + if (dev->in_reset) { + dprintk((KERN_DEBUG"aacraid: send raw srb -EBUSY\n")); diff -urNp linux-2.6.38.6/drivers/scsi/aic94xx/aic94xx_init.c linux-2.6.38.6/drivers/scsi/aic94xx/aic94xx_init.c --- linux-2.6.38.6/drivers/scsi/aic94xx/aic94xx_init.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/scsi/aic94xx/aic94xx_init.c 2011-04-28 19:34:15.000000000 -0400 @@ -30768,6 +32286,170 @@ diff -urNp linux-2.6.38.6/drivers/scsi/aic94xx/aic94xx_init.c linux-2.6.38.6/dri asd_show_update_bios, asd_store_update_bios); static int asd_create_dev_attrs(struct asd_ha_struct *asd_ha) +diff -urNp linux-2.6.38.6/drivers/scsi/bfa/bfad.c linux-2.6.38.6/drivers/scsi/bfa/bfad.c +--- linux-2.6.38.6/drivers/scsi/bfa/bfad.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/bfa/bfad.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1027,6 +1027,8 @@ bfad_start_ops(struct bfad_s *bfad) { + struct bfad_vport_s *vport, *vport_new; + struct bfa_fcs_driver_info_s driver_info; + ++ pax_track_stack(); ++ + /* Fill the driver_info info to fcs*/ + memset(&driver_info, 0, sizeof(driver_info)); + strncpy(driver_info.version, BFAD_DRIVER_VERSION, +diff -urNp linux-2.6.38.6/drivers/scsi/bfa/bfa_fcs_lport.c linux-2.6.38.6/drivers/scsi/bfa/bfa_fcs_lport.c +--- linux-2.6.38.6/drivers/scsi/bfa/bfa_fcs_lport.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/bfa/bfa_fcs_lport.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1559,6 +1559,8 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc + u16 len, count; + u16 templen; + ++ pax_track_stack(); ++ + /* + * get hba attributes + */ +@@ -1836,6 +1838,8 @@ bfa_fcs_lport_fdmi_build_portattr_block( + u8 count = 0; + u16 templen; + ++ pax_track_stack(); ++ + /* + * get port attributes + */ +diff -urNp linux-2.6.38.6/drivers/scsi/bfa/bfa_fcs_rport.c linux-2.6.38.6/drivers/scsi/bfa/bfa_fcs_rport.c +--- linux-2.6.38.6/drivers/scsi/bfa/bfa_fcs_rport.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/bfa/bfa_fcs_rport.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1844,6 +1844,8 @@ bfa_fcs_rport_process_rpsc(struct bfa_fc + struct fc_rpsc_speed_info_s speeds; + struct bfa_port_attr_s pport_attr; + ++ pax_track_stack(); ++ + bfa_trc(port->fcs, rx_fchs->s_id); + bfa_trc(port->fcs, rx_fchs->d_id); + +diff -urNp linux-2.6.38.6/drivers/scsi/BusLogic.c linux-2.6.38.6/drivers/scsi/BusLogic.c +--- linux-2.6.38.6/drivers/scsi/BusLogic.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/BusLogic.c 2011-05-16 21:47:08.000000000 -0400 +@@ -962,6 +962,8 @@ static int __init BusLogic_InitializeFla + static void __init BusLogic_InitializeProbeInfoList(struct BusLogic_HostAdapter + *PrototypeHostAdapter) + { ++ pax_track_stack(); ++ + /* + If a PCI BIOS is present, interrogate it for MultiMaster and FlashPoint + Host Adapters; otherwise, default to the standard ISA MultiMaster probe. +diff -urNp linux-2.6.38.6/drivers/scsi/dpt_i2o.c linux-2.6.38.6/drivers/scsi/dpt_i2o.c +--- linux-2.6.38.6/drivers/scsi/dpt_i2o.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/dpt_i2o.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1811,6 +1811,8 @@ static int adpt_i2o_passthru(adpt_hba* p + dma_addr_t addr; + ulong flags = 0; + ++ pax_track_stack(); ++ + memset(&msg, 0, MAX_MESSAGE_SIZE*4); + // get user msg size in u32s + if(get_user(size, &user_msg[0])){ +@@ -2317,6 +2319,8 @@ static s32 adpt_scsi_to_i2o(adpt_hba* pH + s32 rcode; + dma_addr_t addr; + ++ pax_track_stack(); ++ + memset(msg, 0 , sizeof(msg)); + len = scsi_bufflen(cmd); + direction = 0x00000000; +diff -urNp linux-2.6.38.6/drivers/scsi/eata.c linux-2.6.38.6/drivers/scsi/eata.c +--- linux-2.6.38.6/drivers/scsi/eata.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/eata.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1087,6 +1087,8 @@ static int port_detect(unsigned long por + struct hostdata *ha; + char name[16]; + ++ pax_track_stack(); ++ + sprintf(name, "%s%d", driver_name, j); + + if (!request_region(port_base, REGION_SIZE, driver_name)) { +diff -urNp linux-2.6.38.6/drivers/scsi/fcoe/libfcoe.c linux-2.6.38.6/drivers/scsi/fcoe/libfcoe.c +--- linux-2.6.38.6/drivers/scsi/fcoe/libfcoe.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/fcoe/libfcoe.c 2011-05-16 21:47:08.000000000 -0400 +@@ -2484,6 +2484,8 @@ static int fcoe_ctlr_vn_recv(struct fcoe + } buf; + int rc; + ++ pax_track_stack(); ++ + fiph = (struct fip_header *)skb->data; + sub = fiph->fip_subcode; + +diff -urNp linux-2.6.38.6/drivers/scsi/gdth.c linux-2.6.38.6/drivers/scsi/gdth.c +--- linux-2.6.38.6/drivers/scsi/gdth.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/gdth.c 2011-05-16 21:47:08.000000000 -0400 +@@ -4107,6 +4107,8 @@ static int ioc_lockdrv(void __user *arg) + unsigned long flags; + gdth_ha_str *ha; + ++ pax_track_stack(); ++ + if (copy_from_user(&ldrv, arg, sizeof(gdth_ioctl_lockdrv))) + return -EFAULT; + ha = gdth_find_ha(ldrv.ionode); +@@ -4139,6 +4141,8 @@ static int ioc_resetdrv(void __user *arg + gdth_ha_str *ha; + int rval; + ++ pax_track_stack(); ++ + if (copy_from_user(&res, arg, sizeof(gdth_ioctl_reset)) || + res.number >= MAX_HDRIVES) + return -EFAULT; +@@ -4174,6 +4178,8 @@ static int ioc_general(void __user *arg, + gdth_ha_str *ha; + int rval; + ++ pax_track_stack(); ++ + if (copy_from_user(&gen, arg, sizeof(gdth_ioctl_general))) + return -EFAULT; + ha = gdth_find_ha(gen.ionode); +@@ -4642,6 +4648,9 @@ static void gdth_flush(gdth_ha_str *ha) + int i; + gdth_cmd_str gdtcmd; + char cmnd[MAX_COMMAND_SIZE]; ++ ++ pax_track_stack(); ++ + memset(cmnd, 0xff, MAX_COMMAND_SIZE); + + TRACE2(("gdth_flush() hanum %d\n", ha->hanum)); +diff -urNp linux-2.6.38.6/drivers/scsi/gdth_proc.c linux-2.6.38.6/drivers/scsi/gdth_proc.c +--- linux-2.6.38.6/drivers/scsi/gdth_proc.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/gdth_proc.c 2011-05-16 21:47:08.000000000 -0400 +@@ -47,6 +47,9 @@ static int gdth_set_asc_info(struct Scsi + u64 paddr; + + char cmnd[MAX_COMMAND_SIZE]; ++ ++ pax_track_stack(); ++ + memset(cmnd, 0xff, 12); + memset(&gdtcmd, 0, sizeof(gdth_cmd_str)); + +@@ -175,6 +178,8 @@ static int gdth_get_info(char *buffer,ch + gdth_hget_str *phg; + char cmnd[MAX_COMMAND_SIZE]; + ++ pax_track_stack(); ++ + gdtcmd = kmalloc(sizeof(*gdtcmd), GFP_KERNEL); + estr = kmalloc(sizeof(*estr), GFP_KERNEL); + if (!gdtcmd || !estr) diff -urNp linux-2.6.38.6/drivers/scsi/hosts.c linux-2.6.38.6/drivers/scsi/hosts.c --- linux-2.6.38.6/drivers/scsi/hosts.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/scsi/hosts.c 2011-04-28 19:57:25.000000000 -0400 @@ -30951,7 +32633,7 @@ diff -urNp linux-2.6.38.6/drivers/scsi/libsas/sas_ata.c linux-2.6.38.6/drivers/s .qc_defer = ata_std_qc_defer, diff -urNp linux-2.6.38.6/drivers/scsi/lpfc/lpfc_debugfs.c linux-2.6.38.6/drivers/scsi/lpfc/lpfc_debugfs.c --- linux-2.6.38.6/drivers/scsi/lpfc/lpfc_debugfs.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/drivers/scsi/lpfc/lpfc_debugfs.c 2011-04-28 19:57:25.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/lpfc/lpfc_debugfs.c 2011-05-16 21:47:08.000000000 -0400 @@ -125,7 +125,7 @@ struct lpfc_debug { int len; }; @@ -30979,7 +32661,16 @@ diff -urNp linux-2.6.38.6/drivers/scsi/lpfc/lpfc_debugfs.c linux-2.6.38.6/driver (lpfc_debugfs_max_slow_ring_trc - 1); for (i = index; i < lpfc_debugfs_max_slow_ring_trc; i++) { dtp = phba->slow_ring_trc + i; -@@ -635,14 +635,14 @@ lpfc_debugfs_disc_trc(struct lpfc_vport +@@ -398,6 +398,8 @@ lpfc_debugfs_dumpHBASlim_data(struct lpf + uint32_t *ptr; + char buffer[1024]; + ++ pax_track_stack(); ++ + off = 0; + spin_lock_irq(&phba->hbalock); + +@@ -635,14 +637,14 @@ lpfc_debugfs_disc_trc(struct lpfc_vport !vport || !vport->disc_trc) return; @@ -30996,7 +32687,7 @@ diff -urNp linux-2.6.38.6/drivers/scsi/lpfc/lpfc_debugfs.c linux-2.6.38.6/driver dtp->jif = jiffies; #endif return; -@@ -673,14 +673,14 @@ lpfc_debugfs_slow_ring_trc(struct lpfc_h +@@ -673,14 +675,14 @@ lpfc_debugfs_slow_ring_trc(struct lpfc_h !phba || !phba->slow_ring_trc) return; @@ -31013,7 +32704,7 @@ diff -urNp linux-2.6.38.6/drivers/scsi/lpfc/lpfc_debugfs.c linux-2.6.38.6/driver dtp->jif = jiffies; #endif return; -@@ -1365,7 +1365,7 @@ lpfc_debugfs_initialize(struct lpfc_vpor +@@ -1365,7 +1367,7 @@ lpfc_debugfs_initialize(struct lpfc_vpor "slow_ring buffer\n"); goto debug_failed; } @@ -31022,7 +32713,7 @@ diff -urNp linux-2.6.38.6/drivers/scsi/lpfc/lpfc_debugfs.c linux-2.6.38.6/driver memset(phba->slow_ring_trc, 0, (sizeof(struct lpfc_debugfs_trc) * lpfc_debugfs_max_slow_ring_trc)); -@@ -1411,7 +1411,7 @@ lpfc_debugfs_initialize(struct lpfc_vpor +@@ -1411,7 +1413,7 @@ lpfc_debugfs_initialize(struct lpfc_vpor "buffer\n"); goto debug_failed; } @@ -31117,6 +32808,30 @@ diff -urNp linux-2.6.38.6/drivers/scsi/lpfc/lpfc_scsi.c linux-2.6.38.6/drivers/s } /** +diff -urNp linux-2.6.38.6/drivers/scsi/megaraid/megaraid_mbox.c linux-2.6.38.6/drivers/scsi/megaraid/megaraid_mbox.c +--- linux-2.6.38.6/drivers/scsi/megaraid/megaraid_mbox.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/megaraid/megaraid_mbox.c 2011-05-16 21:47:08.000000000 -0400 +@@ -3510,6 +3510,8 @@ megaraid_cmm_register(adapter_t *adapter + int rval; + int i; + ++ pax_track_stack(); ++ + // Allocate memory for the base list of scb for management module. + adapter->uscb_list = kcalloc(MBOX_MAX_USER_CMDS, sizeof(scb_t), GFP_KERNEL); + +diff -urNp linux-2.6.38.6/drivers/scsi/osd/osd_initiator.c linux-2.6.38.6/drivers/scsi/osd/osd_initiator.c +--- linux-2.6.38.6/drivers/scsi/osd/osd_initiator.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/osd/osd_initiator.c 2011-05-16 21:47:08.000000000 -0400 +@@ -97,6 +97,8 @@ static int _osd_get_print_system_info(st + int nelem = ARRAY_SIZE(get_attrs), a = 0; + int ret; + ++ pax_track_stack(); ++ + or = osd_start_request(od, GFP_KERNEL); + if (!or) + return -ENOMEM; diff -urNp linux-2.6.38.6/drivers/scsi/pmcraid.c linux-2.6.38.6/drivers/scsi/pmcraid.c --- linux-2.6.38.6/drivers/scsi/pmcraid.c 2011-05-10 22:06:29.000000000 -0400 +++ linux-2.6.38.6/drivers/scsi/pmcraid.c 2011-05-10 22:08:57.000000000 -0400 @@ -31298,6 +33013,27 @@ diff -urNp linux-2.6.38.6/drivers/scsi/scsi.c linux-2.6.38.6/drivers/scsi/scsi.c /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { +diff -urNp linux-2.6.38.6/drivers/scsi/scsi_debug.c linux-2.6.38.6/drivers/scsi/scsi_debug.c +--- linux-2.6.38.6/drivers/scsi/scsi_debug.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/scsi_debug.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1476,6 +1476,8 @@ static int resp_mode_select(struct scsi_ + unsigned char arr[SDEBUG_MAX_MSELECT_SZ]; + unsigned char *cmd = (unsigned char *)scp->cmnd; + ++ pax_track_stack(); ++ + if ((errsts = check_readiness(scp, 1, devip))) + return errsts; + memset(arr, 0, sizeof(arr)); +@@ -1573,6 +1575,8 @@ static int resp_log_sense(struct scsi_cm + unsigned char arr[SDEBUG_MAX_LSENSE_SZ]; + unsigned char *cmd = (unsigned char *)scp->cmnd; + ++ pax_track_stack(); ++ + if ((errsts = check_readiness(scp, 1, devip))) + return errsts; + memset(arr, 0, sizeof(arr)); diff -urNp linux-2.6.38.6/drivers/scsi/scsi_lib.c linux-2.6.38.6/drivers/scsi/scsi_lib.c --- linux-2.6.38.6/drivers/scsi/scsi_lib.c 2011-05-10 22:06:29.000000000 -0400 +++ linux-2.6.38.6/drivers/scsi/scsi_lib.c 2011-05-10 22:08:57.000000000 -0400 @@ -31454,6 +33190,30 @@ diff -urNp linux-2.6.38.6/drivers/scsi/sg.c linux-2.6.38.6/drivers/scsi/sg.c sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL); if (!sg_proc_sgp) +diff -urNp linux-2.6.38.6/drivers/scsi/sym53c8xx_2/sym_glue.c linux-2.6.38.6/drivers/scsi/sym53c8xx_2/sym_glue.c +--- linux-2.6.38.6/drivers/scsi/sym53c8xx_2/sym_glue.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/sym53c8xx_2/sym_glue.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1756,6 +1756,8 @@ static int __devinit sym2_probe(struct p + int do_iounmap = 0; + int do_disable_device = 1; + ++ pax_track_stack(); ++ + memset(&sym_dev, 0, sizeof(sym_dev)); + memset(&nvram, 0, sizeof(nvram)); + sym_dev.pdev = pdev; +diff -urNp linux-2.6.38.6/drivers/scsi/vmw_pvscsi.c linux-2.6.38.6/drivers/scsi/vmw_pvscsi.c +--- linux-2.6.38.6/drivers/scsi/vmw_pvscsi.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/scsi/vmw_pvscsi.c 2011-05-16 21:47:08.000000000 -0400 +@@ -447,6 +447,8 @@ static void pvscsi_setup_all_rings(const + dma_addr_t base; + unsigned i; + ++ pax_track_stack(); ++ + cmd.ringsStatePPN = adapter->ringStatePA >> PAGE_SHIFT; + cmd.reqRingNumPages = adapter->req_pages; + cmd.cmpRingNumPages = adapter->cmp_pages; diff -urNp linux-2.6.38.6/drivers/spi/spi.c linux-2.6.38.6/drivers/spi/spi.c --- linux-2.6.38.6/drivers/spi/spi.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/spi/spi.c 2011-05-11 18:34:57.000000000 -0400 @@ -31950,6 +33710,81 @@ diff -urNp linux-2.6.38.6/drivers/staging/westbridge/astoria/block/cyasblkdev_bl .open = cyasblkdev_blk_open, .release = cyasblkdev_blk_release, .ioctl = cyasblkdev_blk_ioctl, +diff -urNp linux-2.6.38.6/drivers/target/target_core_alua.c linux-2.6.38.6/drivers/target/target_core_alua.c +--- linux-2.6.38.6/drivers/target/target_core_alua.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/target/target_core_alua.c 2011-05-16 21:47:08.000000000 -0400 +@@ -675,6 +675,8 @@ static int core_alua_update_tpg_primary_ + char path[ALUA_METADATA_PATH_LEN]; + int len; + ++ pax_track_stack(); ++ + memset(path, 0, ALUA_METADATA_PATH_LEN); + + len = snprintf(md_buf, tg_pt_gp->tg_pt_gp_md_buf_len, +@@ -938,6 +940,8 @@ static int core_alua_update_tpg_secondar + char path[ALUA_METADATA_PATH_LEN], wwn[ALUA_SECONDARY_METADATA_WWN_LEN]; + int len; + ++ pax_track_stack(); ++ + memset(path, 0, ALUA_METADATA_PATH_LEN); + memset(wwn, 0, ALUA_SECONDARY_METADATA_WWN_LEN); + +diff -urNp linux-2.6.38.6/drivers/target/target_core_cdb.c linux-2.6.38.6/drivers/target/target_core_cdb.c +--- linux-2.6.38.6/drivers/target/target_core_cdb.c 2011-04-18 17:27:14.000000000 -0400 ++++ linux-2.6.38.6/drivers/target/target_core_cdb.c 2011-05-16 21:47:08.000000000 -0400 +@@ -838,6 +838,8 @@ target_emulate_modesense(struct se_cmd * + int length = 0; + unsigned char buf[SE_MODE_PAGE_BUF]; + ++ pax_track_stack(); ++ + memset(buf, 0, SE_MODE_PAGE_BUF); + + switch (cdb[2] & 0x3f) { +diff -urNp linux-2.6.38.6/drivers/target/target_core_configfs.c linux-2.6.38.6/drivers/target/target_core_configfs.c +--- linux-2.6.38.6/drivers/target/target_core_configfs.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/target/target_core_configfs.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1279,6 +1279,8 @@ static ssize_t target_core_dev_pr_show_a + ssize_t len = 0; + int reg_count = 0, prf_isid; + ++ pax_track_stack(); ++ + if (!(su_dev->se_dev_ptr)) + return -ENODEV; + +diff -urNp linux-2.6.38.6/drivers/target/target_core_pr.c linux-2.6.38.6/drivers/target/target_core_pr.c +--- linux-2.6.38.6/drivers/target/target_core_pr.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/target/target_core_pr.c 2011-05-16 21:47:08.000000000 -0400 +@@ -918,6 +918,8 @@ static int __core_scsi3_check_aptpl_regi + unsigned char t_port[PR_APTPL_MAX_TPORT_LEN]; + u16 tpgt; + ++ pax_track_stack(); ++ + memset(i_port, 0, PR_APTPL_MAX_IPORT_LEN); + memset(t_port, 0, PR_APTPL_MAX_TPORT_LEN); + /* +@@ -1861,6 +1863,8 @@ static int __core_scsi3_update_aptpl_buf + ssize_t len = 0; + int reg_count = 0; + ++ pax_track_stack(); ++ + memset(buf, 0, pr_aptpl_buf_len); + /* + * Called to clear metadata once APTPL has been deactivated. +@@ -1983,6 +1987,8 @@ static int __core_scsi3_write_aptpl_to_f + char path[512]; + int ret; + ++ pax_track_stack(); ++ + memset(iov, 0, sizeof(struct iovec)); + memset(path, 0, 512); + diff -urNp linux-2.6.38.6/drivers/target/target_core_tmr.c linux-2.6.38.6/drivers/target/target_core_tmr.c --- linux-2.6.38.6/drivers/target/target_core_tmr.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/target/target_core_tmr.c 2011-04-28 19:57:25.000000000 -0400 @@ -32058,6 +33893,18 @@ diff -urNp linux-2.6.38.6/drivers/target/target_core_transport.c linux-2.6.38.6/ atomic_read(&T_TASK(cmd)->t_transport_active), atomic_read(&T_TASK(cmd)->t_transport_stop), atomic_read(&T_TASK(cmd)->t_transport_sent)); +diff -urNp linux-2.6.38.6/drivers/telephony/ixj.c linux-2.6.38.6/drivers/telephony/ixj.c +--- linux-2.6.38.6/drivers/telephony/ixj.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/telephony/ixj.c 2011-05-16 21:47:08.000000000 -0400 +@@ -4976,6 +4976,8 @@ static int ixj_daa_cid_read(IXJ *j) + bool mContinue; + char *pIn, *pOut; + ++ pax_track_stack(); ++ + if (!SCI_Prepare(j)) + return 0; + diff -urNp linux-2.6.38.6/drivers/tty/hvc/hvc_console.h linux-2.6.38.6/drivers/tty/hvc/hvc_console.h --- linux-2.6.38.6/drivers/tty/hvc/hvc_console.h 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/tty/hvc/hvc_console.h 2011-04-28 19:34:15.000000000 -0400 @@ -32292,6 +34139,18 @@ diff -urNp linux-2.6.38.6/drivers/tty/serial/kgdboc.c linux-2.6.38.6/drivers/tty .name = "kgdboc", .read_char = kgdboc_get_char, .write_char = kgdboc_put_char, +diff -urNp linux-2.6.38.6/drivers/tty/serial/mrst_max3110.c linux-2.6.38.6/drivers/tty/serial/mrst_max3110.c +--- linux-2.6.38.6/drivers/tty/serial/mrst_max3110.c 2011-04-18 17:27:14.000000000 -0400 ++++ linux-2.6.38.6/drivers/tty/serial/mrst_max3110.c 2011-05-16 21:47:08.000000000 -0400 +@@ -393,6 +393,8 @@ static void max3110_con_receive(struct u + int loop = 1, num, total = 0; + u8 recv_buf[512], *pbuf; + ++ pax_track_stack(); ++ + pbuf = recv_buf; + do { + num = max3110_read_multi(max, pbuf); diff -urNp linux-2.6.38.6/drivers/tty/tty_io.c linux-2.6.38.6/drivers/tty/tty_io.c --- linux-2.6.38.6/drivers/tty/tty_io.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/tty/tty_io.c 2011-04-28 19:34:15.000000000 -0400 @@ -32829,6 +34688,18 @@ diff -urNp linux-2.6.38.6/drivers/usb/early/ehci-dbgp.c linux-2.6.38.6/drivers/u .name = "kgdbdbgp", .read_char = kgdbdbgp_read_char, .write_char = kgdbdbgp_write_char, +diff -urNp linux-2.6.38.6/drivers/usb/host/xhci-mem.c linux-2.6.38.6/drivers/usb/host/xhci-mem.c +--- linux-2.6.38.6/drivers/usb/host/xhci-mem.c 2011-04-22 19:20:59.000000000 -0400 ++++ linux-2.6.38.6/drivers/usb/host/xhci-mem.c 2011-05-16 21:47:08.000000000 -0400 +@@ -1616,6 +1616,8 @@ static int xhci_check_trb_in_td_math(str + unsigned int num_tests; + int i, ret; + ++ pax_track_stack(); ++ + num_tests = ARRAY_SIZE(simple_test_vector); + for (i = 0; i < num_tests; i++) { + ret = xhci_test_trb_in_td(xhci, diff -urNp linux-2.6.38.6/drivers/usb/mon/mon_main.c linux-2.6.38.6/drivers/usb/mon/mon_main.c --- linux-2.6.38.6/drivers/usb/mon/mon_main.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/drivers/usb/mon/mon_main.c 2011-04-28 19:34:15.000000000 -0400 @@ -32901,7 +34772,7 @@ diff -urNp linux-2.6.38.6/drivers/video/fbcmap.c linux-2.6.38.6/drivers/video/fb } diff -urNp linux-2.6.38.6/drivers/video/fbmem.c linux-2.6.38.6/drivers/video/fbmem.c --- linux-2.6.38.6/drivers/video/fbmem.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/drivers/video/fbmem.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/drivers/video/fbmem.c 2011-05-16 21:47:08.000000000 -0400 @@ -403,7 +403,7 @@ static void fb_do_show_logo(struct fb_in image->dx += image->width + 8; } @@ -32920,7 +34791,25 @@ diff -urNp linux-2.6.38.6/drivers/video/fbmem.c linux-2.6.38.6/drivers/video/fbm info->fbops->fb_imageblit(info, image); image->dy -= image->height + 8; } -@@ -1101,7 +1101,7 @@ static long do_fb_ioctl(struct fb_info * +@@ -897,6 +897,8 @@ fb_set_var(struct fb_info *info, struct + int flags = info->flags; + int ret = 0; + ++ pax_track_stack(); ++ + if (var->activate & FB_ACTIVATE_INV_MODE) { + struct fb_videomode mode1, mode2; + +@@ -1022,6 +1024,8 @@ static long do_fb_ioctl(struct fb_info * + void __user *argp = (void __user *)arg; + long ret = 0; + ++ pax_track_stack(); ++ + switch (cmd) { + case FBIOGET_VSCREENINFO: + if (!lock_fb_info(info)) +@@ -1101,7 +1105,7 @@ static long do_fb_ioctl(struct fb_info * return -EFAULT; if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES) return -EINVAL; @@ -33222,6 +35111,18 @@ diff -urNp linux-2.6.38.6/drivers/video/vesafb.c linux-2.6.38.6/drivers/video/ve if (info->screen_base) iounmap(info->screen_base); framebuffer_release(info); +diff -urNp linux-2.6.38.6/drivers/virtio/virtio_balloon.c linux-2.6.38.6/drivers/virtio/virtio_balloon.c +--- linux-2.6.38.6/drivers/virtio/virtio_balloon.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/drivers/virtio/virtio_balloon.c 2011-05-16 21:47:08.000000000 -0400 +@@ -176,6 +176,8 @@ static void update_balloon_stats(struct + struct sysinfo i; + int idx = 0; + ++ pax_track_stack(); ++ + all_vm_events(events); + si_meminfo(&i); + diff -urNp linux-2.6.38.6/fs/9p/vfs_inode.c linux-2.6.38.6/fs/9p/vfs_inode.c --- linux-2.6.38.6/fs/9p/vfs_inode.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/9p/vfs_inode.c 2011-04-28 19:34:15.000000000 -0400 @@ -33236,7 +35137,7 @@ diff -urNp linux-2.6.38.6/fs/9p/vfs_inode.c linux-2.6.38.6/fs/9p/vfs_inode.c IS_ERR(s) ? "<error>" : s); diff -urNp linux-2.6.38.6/fs/aio.c linux-2.6.38.6/fs/aio.c --- linux-2.6.38.6/fs/aio.c 2011-04-18 17:27:16.000000000 -0400 -+++ linux-2.6.38.6/fs/aio.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/fs/aio.c 2011-05-16 21:47:08.000000000 -0400 @@ -130,7 +130,7 @@ static int aio_setup_ring(struct kioctx size += sizeof(struct io_event) * nr_events; nr_pages = (size + PAGE_SIZE-1) >> PAGE_SHIFT; @@ -33246,6 +35147,15 @@ diff -urNp linux-2.6.38.6/fs/aio.c linux-2.6.38.6/fs/aio.c return -EINVAL; nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event); +@@ -1099,6 +1099,8 @@ static int read_events(struct kioctx *ct + struct aio_timeout to; + int retry = 0; + ++ pax_track_stack(); ++ + /* needed to zero any padding within an entry (there shouldn't be + * any, but C is fun! + */ diff -urNp linux-2.6.38.6/fs/attr.c linux-2.6.38.6/fs/attr.c --- linux-2.6.38.6/fs/attr.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/attr.c 2011-04-28 19:34:15.000000000 -0400 @@ -33350,7 +35260,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_aout.c linux-2.6.38.6/fs/binfmt_aout.c up_write(¤t->mm->mmap_sem); diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c --- linux-2.6.38.6/fs/binfmt_elf.c 2011-04-22 19:20:59.000000000 -0400 -+++ linux-2.6.38.6/fs/binfmt_elf.c 2011-05-02 19:07:09.000000000 -0400 ++++ linux-2.6.38.6/fs/binfmt_elf.c 2011-05-16 21:47:08.000000000 -0400 @@ -51,6 +51,10 @@ static int elf_core_dump(struct coredump #define elf_core_dump NULL #endif @@ -33392,7 +35302,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c return 0; } -@@ -148,12 +159,13 @@ create_elf_tables(struct linux_binprm *b +@@ -148,12 +159,15 @@ create_elf_tables(struct linux_binprm *b elf_addr_t __user *u_rand_bytes; const char *k_platform = ELF_PLATFORM; const char *k_base_platform = ELF_BASE_PLATFORM; @@ -33404,10 +35314,12 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c const struct cred *cred = current_cred(); struct vm_area_struct *vma; + unsigned long saved_auxv[AT_VECTOR_SIZE]; ++ ++ pax_track_stack(); /* * In some cases (e.g. Hyper-Threading), we want to avoid L1 -@@ -195,8 +207,12 @@ create_elf_tables(struct linux_binprm *b +@@ -195,8 +209,12 @@ create_elf_tables(struct linux_binprm *b * Generate 16 random bytes for userspace PRNG seeding. */ get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); @@ -33422,7 +35334,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes))) return -EFAULT; -@@ -308,9 +324,11 @@ create_elf_tables(struct linux_binprm *b +@@ -308,9 +326,11 @@ create_elf_tables(struct linux_binprm *b return -EFAULT; current->mm->env_end = p; @@ -33435,7 +35347,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c return -EFAULT; return 0; } -@@ -381,10 +399,10 @@ static unsigned long load_elf_interp(str +@@ -381,10 +401,10 @@ static unsigned long load_elf_interp(str { struct elf_phdr *elf_phdata; struct elf_phdr *eppnt; @@ -33448,7 +35360,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c unsigned long total_size; int retval, i, size; -@@ -430,6 +448,11 @@ static unsigned long load_elf_interp(str +@@ -430,6 +450,11 @@ static unsigned long load_elf_interp(str goto out_close; } @@ -33460,7 +35372,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c eppnt = elf_phdata; for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { if (eppnt->p_type == PT_LOAD) { -@@ -473,8 +496,8 @@ static unsigned long load_elf_interp(str +@@ -473,8 +498,8 @@ static unsigned long load_elf_interp(str k = load_addr + eppnt->p_vaddr; if (BAD_ADDR(k) || eppnt->p_filesz > eppnt->p_memsz || @@ -33471,7 +35383,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c error = -ENOMEM; goto out_close; } -@@ -528,6 +551,193 @@ out: +@@ -528,6 +553,193 @@ out: return error; } @@ -33665,7 +35577,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c /* * These are the functions used to load ELF style executables and shared * libraries. There is no binary dependent code anywhere else. -@@ -544,6 +754,11 @@ static unsigned long randomize_stack_top +@@ -544,6 +756,11 @@ static unsigned long randomize_stack_top { unsigned int random_variable = 0; @@ -33677,7 +35589,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable = get_random_int() & STACK_RND_MASK; -@@ -562,7 +777,7 @@ static int load_elf_binary(struct linux_ +@@ -562,7 +779,7 @@ static int load_elf_binary(struct linux_ unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -33686,7 +35598,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -572,11 +787,11 @@ static int load_elf_binary(struct linux_ +@@ -572,11 +789,11 @@ static int load_elf_binary(struct linux_ unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc = 0; int executable_stack = EXSTACK_DEFAULT; @@ -33699,7 +35611,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -714,11 +929,81 @@ static int load_elf_binary(struct linux_ +@@ -714,11 +931,81 @@ static int load_elf_binary(struct linux_ /* OK, This is the point of no return */ current->flags &= ~PF_FORKNOEXEC; @@ -33782,7 +35694,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -800,6 +1085,20 @@ static int load_elf_binary(struct linux_ +@@ -800,6 +1087,20 @@ static int load_elf_binary(struct linux_ #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -33803,7 +35715,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -832,9 +1131,9 @@ static int load_elf_binary(struct linux_ +@@ -832,9 +1133,9 @@ static int load_elf_binary(struct linux_ * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -33816,7 +35728,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -862,6 +1161,11 @@ static int load_elf_binary(struct linux_ +@@ -862,6 +1163,11 @@ static int load_elf_binary(struct linux_ start_data += load_bias; end_data += load_bias; @@ -33828,7 +35740,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c /* Calling set_brk effectively mmaps the pages that we need * for the bss and break sections. We must do this before * mapping in the interpreter, to make sure it doesn't wind -@@ -873,9 +1177,11 @@ static int load_elf_binary(struct linux_ +@@ -873,9 +1179,11 @@ static int load_elf_binary(struct linux_ goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -33843,7 +35755,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c } if (elf_interpreter) { -@@ -1090,7 +1396,7 @@ out: +@@ -1090,7 +1398,7 @@ out: * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -33852,7 +35764,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1124,7 +1430,7 @@ static unsigned long vma_dump_size(struc +@@ -1124,7 +1432,7 @@ static unsigned long vma_dump_size(struc if (vma->vm_file == NULL) return 0; @@ -33861,7 +35773,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c goto whole; /* -@@ -1346,9 +1652,9 @@ static void fill_auxv_note(struct memelf +@@ -1346,9 +1654,9 @@ static void fill_auxv_note(struct memelf { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -33873,7 +35785,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1854,14 +2160,14 @@ static void fill_extnum_info(struct elfh +@@ -1854,14 +2162,14 @@ static void fill_extnum_info(struct elfh } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -33890,7 +35802,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c return size; } -@@ -1955,7 +2261,7 @@ static int elf_core_dump(struct coredump +@@ -1955,7 +2263,7 @@ static int elf_core_dump(struct coredump dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -33899,7 +35811,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -1969,10 +2275,12 @@ static int elf_core_dump(struct coredump +@@ -1969,10 +2277,12 @@ static int elf_core_dump(struct coredump offset = dataoff; size += sizeof(*elf); @@ -33912,7 +35824,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -1986,7 +2294,7 @@ static int elf_core_dump(struct coredump +@@ -1986,7 +2296,7 @@ static int elf_core_dump(struct coredump phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -33921,7 +35833,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -1997,6 +2305,7 @@ static int elf_core_dump(struct coredump +@@ -1997,6 +2307,7 @@ static int elf_core_dump(struct coredump phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -33929,7 +35841,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2021,7 +2330,7 @@ static int elf_core_dump(struct coredump +@@ -2021,7 +2332,7 @@ static int elf_core_dump(struct coredump unsigned long addr; unsigned long end; @@ -33938,7 +35850,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2030,6 +2339,7 @@ static int elf_core_dump(struct coredump +@@ -2030,6 +2341,7 @@ static int elf_core_dump(struct coredump page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -33946,7 +35858,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2047,6 +2357,7 @@ static int elf_core_dump(struct coredump +@@ -2047,6 +2359,7 @@ static int elf_core_dump(struct coredump if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -33954,7 +35866,7 @@ diff -urNp linux-2.6.38.6/fs/binfmt_elf.c linux-2.6.38.6/fs/binfmt_elf.c if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2067,6 +2378,97 @@ out: +@@ -2067,6 +2380,97 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -34747,7 +36659,7 @@ diff -urNp linux-2.6.38.6/fs/compat_binfmt_elf.c linux-2.6.38.6/fs/compat_binfmt /* diff -urNp linux-2.6.38.6/fs/compat.c linux-2.6.38.6/fs/compat.c --- linux-2.6.38.6/fs/compat.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/compat.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/fs/compat.c 2011-05-16 21:47:08.000000000 -0400 @@ -594,7 +594,7 @@ ssize_t compat_rw_copy_check_uvector(int goto out; @@ -34927,6 +36839,15 @@ diff -urNp linux-2.6.38.6/fs/compat.c linux-2.6.38.6/fs/compat.c out: if (bprm->mm) { acct_arg_size(bprm, 0); +@@ -1712,6 +1787,8 @@ int compat_core_sys_select(int n, compat + struct fdtable *fdt; + long stack_fds[SELECT_STACK_ALLOC/sizeof(long)]; + ++ pax_track_stack(); ++ + if (n < 0) + goto out_nofds; + diff -urNp linux-2.6.38.6/fs/compat_ioctl.c linux-2.6.38.6/fs/compat_ioctl.c --- linux-2.6.38.6/fs/compat_ioctl.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/compat_ioctl.c 2011-04-28 19:34:15.000000000 -0400 @@ -35707,7 +37628,7 @@ diff -urNp linux-2.6.38.6/fs/ext4/ext4.h linux-2.6.38.6/fs/ext4/ext4.h /* locality groups */ diff -urNp linux-2.6.38.6/fs/ext4/mballoc.c linux-2.6.38.6/fs/ext4/mballoc.c --- linux-2.6.38.6/fs/ext4/mballoc.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/ext4/mballoc.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/fs/ext4/mballoc.c 2011-05-16 21:47:08.000000000 -0400 @@ -1846,7 +1846,7 @@ void ext4_mb_simple_scan_group(struct ex BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len); @@ -35726,7 +37647,16 @@ diff -urNp linux-2.6.38.6/fs/ext4/mballoc.c linux-2.6.38.6/fs/ext4/mballoc.c goto repeat; } } -@@ -2606,25 +2606,25 @@ int ext4_mb_release(struct super_block * +@@ -2183,6 +2183,8 @@ static int ext4_mb_seq_groups_show(struc + ext4_grpblk_t counters[16]; + } sg; + ++ pax_track_stack(); ++ + group--; + if (group == 0) + seq_printf(seq, "#%-5s: %-5s %-5s %-5s " +@@ -2606,25 +2608,25 @@ int ext4_mb_release(struct super_block * if (sbi->s_mb_stats) { printk(KERN_INFO "EXT4-fs: mballoc: %u blocks %u reqs (%u success)\n", @@ -35762,7 +37692,7 @@ diff -urNp linux-2.6.38.6/fs/ext4/mballoc.c linux-2.6.38.6/fs/ext4/mballoc.c } free_percpu(sbi->s_locality_groups); -@@ -3100,16 +3100,16 @@ static void ext4_mb_collect_stats(struct +@@ -3100,16 +3102,16 @@ static void ext4_mb_collect_stats(struct struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -35785,7 +37715,7 @@ diff -urNp linux-2.6.38.6/fs/ext4/mballoc.c linux-2.6.38.6/fs/ext4/mballoc.c } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3507,7 +3507,7 @@ ext4_mb_new_inode_pa(struct ext4_allocat +@@ -3507,7 +3509,7 @@ ext4_mb_new_inode_pa(struct ext4_allocat trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -35794,7 +37724,7 @@ diff -urNp linux-2.6.38.6/fs/ext4/mballoc.c linux-2.6.38.6/fs/ext4/mballoc.c ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3567,7 +3567,7 @@ ext4_mb_new_group_pa(struct ext4_allocat +@@ -3567,7 +3569,7 @@ ext4_mb_new_group_pa(struct ext4_allocat trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -35803,7 +37733,7 @@ diff -urNp linux-2.6.38.6/fs/ext4/mballoc.c linux-2.6.38.6/fs/ext4/mballoc.c grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3654,7 +3654,7 @@ ext4_mb_release_inode_pa(struct ext4_bud +@@ -3654,7 +3656,7 @@ ext4_mb_release_inode_pa(struct ext4_bud * from the bitmap and continue. */ } @@ -35812,7 +37742,7 @@ diff -urNp linux-2.6.38.6/fs/ext4/mballoc.c linux-2.6.38.6/fs/ext4/mballoc.c return err; } -@@ -3672,7 +3672,7 @@ ext4_mb_release_group_pa(struct ext4_bud +@@ -3672,7 +3674,7 @@ ext4_mb_release_group_pa(struct ext4_bud ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -37539,8 +39469,17 @@ diff -urNp linux-2.6.38.6/fs/fuse/fuse_i.h linux-2.6.38.6/fs/fuse/fuse_i.h */ diff -urNp linux-2.6.38.6/fs/gfs2/ops_inode.c linux-2.6.38.6/fs/gfs2/ops_inode.c --- linux-2.6.38.6/fs/gfs2/ops_inode.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/gfs2/ops_inode.c 2011-05-11 18:34:57.000000000 -0400 -@@ -1019,7 +1019,7 @@ out: ++++ linux-2.6.38.6/fs/gfs2/ops_inode.c 2011-05-16 21:47:08.000000000 -0400 +@@ -740,6 +740,8 @@ static int gfs2_rename(struct inode *odi + unsigned int x; + int error; + ++ pax_track_stack(); ++ + if (ndentry->d_inode) { + nip = GFS2_I(ndentry->d_inode); + if (ip == nip) +@@ -1019,7 +1021,7 @@ out: static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, void *p) { @@ -37549,6 +39488,102 @@ diff -urNp linux-2.6.38.6/fs/gfs2/ops_inode.c linux-2.6.38.6/fs/gfs2/ops_inode.c if (!IS_ERR(s)) kfree(s); } +diff -urNp linux-2.6.38.6/fs/hfsplus/catalog.c linux-2.6.38.6/fs/hfsplus/catalog.c +--- linux-2.6.38.6/fs/hfsplus/catalog.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/hfsplus/catalog.c 2011-05-16 21:47:08.000000000 -0400 +@@ -179,6 +179,8 @@ int hfsplus_find_cat(struct super_block + int err; + u16 type; + ++ pax_track_stack(); ++ + hfsplus_cat_build_key(sb, fd->search_key, cnid, NULL); + err = hfs_brec_read(fd, &tmp, sizeof(hfsplus_cat_entry)); + if (err) +@@ -210,6 +212,8 @@ int hfsplus_create_cat(u32 cnid, struct + int entry_size; + int err; + ++ pax_track_stack(); ++ + dprint(DBG_CAT_MOD, "create_cat: %s,%u(%d)\n", + str->name, cnid, inode->i_nlink); + hfs_find_init(HFSPLUS_SB(sb)->cat_tree, &fd); +@@ -349,6 +353,8 @@ int hfsplus_rename_cat(u32 cnid, + int entry_size, type; + int err = 0; + ++ pax_track_stack(); ++ + dprint(DBG_CAT_MOD, "rename_cat: %u - %lu,%s - %lu,%s\n", + cnid, src_dir->i_ino, src_name->name, + dst_dir->i_ino, dst_name->name); +diff -urNp linux-2.6.38.6/fs/hfsplus/dir.c linux-2.6.38.6/fs/hfsplus/dir.c +--- linux-2.6.38.6/fs/hfsplus/dir.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/hfsplus/dir.c 2011-05-16 21:47:08.000000000 -0400 +@@ -129,6 +129,8 @@ static int hfsplus_readdir(struct file * + struct hfsplus_readdir_data *rd; + u16 type; + ++ pax_track_stack(); ++ + if (filp->f_pos >= inode->i_size) + return 0; + +diff -urNp linux-2.6.38.6/fs/hfsplus/inode.c linux-2.6.38.6/fs/hfsplus/inode.c +--- linux-2.6.38.6/fs/hfsplus/inode.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/hfsplus/inode.c 2011-05-16 21:47:08.000000000 -0400 +@@ -491,6 +491,8 @@ int hfsplus_cat_read_inode(struct inode + int res = 0; + u16 type; + ++ pax_track_stack(); ++ + type = hfs_bnode_read_u16(fd->bnode, fd->entryoffset); + + HFSPLUS_I(inode)->linkid = 0; +@@ -554,6 +556,8 @@ int hfsplus_cat_write_inode(struct inode + struct hfs_find_data fd; + hfsplus_cat_entry entry; + ++ pax_track_stack(); ++ + if (HFSPLUS_IS_RSRC(inode)) + main_inode = HFSPLUS_I(inode)->rsrc_inode; + +diff -urNp linux-2.6.38.6/fs/hfsplus/ioctl.c linux-2.6.38.6/fs/hfsplus/ioctl.c +--- linux-2.6.38.6/fs/hfsplus/ioctl.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/hfsplus/ioctl.c 2011-05-16 21:47:08.000000000 -0400 +@@ -122,6 +122,8 @@ int hfsplus_setxattr(struct dentry *dent + struct hfsplus_cat_file *file; + int res; + ++ pax_track_stack(); ++ + if (!S_ISREG(inode->i_mode) || HFSPLUS_IS_RSRC(inode)) + return -EOPNOTSUPP; + +@@ -166,6 +168,8 @@ ssize_t hfsplus_getxattr(struct dentry * + struct hfsplus_cat_file *file; + ssize_t res = 0; + ++ pax_track_stack(); ++ + if (!S_ISREG(inode->i_mode) || HFSPLUS_IS_RSRC(inode)) + return -EOPNOTSUPP; + +diff -urNp linux-2.6.38.6/fs/hfsplus/super.c linux-2.6.38.6/fs/hfsplus/super.c +--- linux-2.6.38.6/fs/hfsplus/super.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/hfsplus/super.c 2011-05-16 21:47:08.000000000 -0400 +@@ -340,6 +340,8 @@ static int hfsplus_fill_super(struct sup + struct nls_table *nls = NULL; + int err; + ++ pax_track_stack(); ++ + err = -EINVAL; + sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); + if (!sbi) diff -urNp linux-2.6.38.6/fs/hugetlbfs/inode.c linux-2.6.38.6/fs/hugetlbfs/inode.c --- linux-2.6.38.6/fs/hugetlbfs/inode.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/hugetlbfs/inode.c 2011-04-28 19:34:15.000000000 -0400 @@ -37575,6 +39610,51 @@ diff -urNp linux-2.6.38.6/fs/inode.c linux-2.6.38.6/fs/inode.c res = next - LAST_INO_BATCH; } +diff -urNp linux-2.6.38.6/fs/jbd/checkpoint.c linux-2.6.38.6/fs/jbd/checkpoint.c +--- linux-2.6.38.6/fs/jbd/checkpoint.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/jbd/checkpoint.c 2011-05-16 21:47:08.000000000 -0400 +@@ -350,6 +350,8 @@ int log_do_checkpoint(journal_t *journal + tid_t this_tid; + int result; + ++ pax_track_stack(); ++ + jbd_debug(1, "Start checkpoint\n"); + + /* +diff -urNp linux-2.6.38.6/fs/jffs2/compr_rtime.c linux-2.6.38.6/fs/jffs2/compr_rtime.c +--- linux-2.6.38.6/fs/jffs2/compr_rtime.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/jffs2/compr_rtime.c 2011-05-16 21:47:08.000000000 -0400 +@@ -37,6 +37,8 @@ static int jffs2_rtime_compress(unsigned + int outpos = 0; + int pos=0; + ++ pax_track_stack(); ++ + memset(positions,0,sizeof(positions)); + + while (pos < (*sourcelen) && outpos <= (*dstlen)-2) { +@@ -78,6 +80,8 @@ static int jffs2_rtime_decompress(unsign + int outpos = 0; + int pos=0; + ++ pax_track_stack(); ++ + memset(positions,0,sizeof(positions)); + + while (outpos<destlen) { +diff -urNp linux-2.6.38.6/fs/jffs2/compr_rubin.c linux-2.6.38.6/fs/jffs2/compr_rubin.c +--- linux-2.6.38.6/fs/jffs2/compr_rubin.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/jffs2/compr_rubin.c 2011-05-16 21:47:08.000000000 -0400 +@@ -314,6 +314,8 @@ static int jffs2_dynrubin_compress(unsig + int ret; + uint32_t mysrclen, mydstlen; + ++ pax_track_stack(); ++ + mysrclen = *sourcelen; + mydstlen = *dstlen - 8; + diff -urNp linux-2.6.38.6/fs/jffs2/erase.c linux-2.6.38.6/fs/jffs2/erase.c --- linux-2.6.38.6/fs/jffs2/erase.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/jffs2/erase.c 2011-04-28 19:34:15.000000000 -0400 @@ -37601,6 +39681,18 @@ diff -urNp linux-2.6.38.6/fs/jffs2/wbuf.c linux-2.6.38.6/fs/jffs2/wbuf.c }; /* +diff -urNp linux-2.6.38.6/fs/jffs2/xattr.c linux-2.6.38.6/fs/jffs2/xattr.c +--- linux-2.6.38.6/fs/jffs2/xattr.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/jffs2/xattr.c 2011-05-16 21:47:08.000000000 -0400 +@@ -773,6 +773,8 @@ void jffs2_build_xattr_subsystem(struct + + BUG_ON(!(c->flags & JFFS2_SB_FLAG_BUILDING)); + ++ pax_track_stack(); ++ + /* Phase.1 : Merge same xref */ + for (i=0; i < XREF_TMPHASH_SIZE; i++) + xref_tmphash[i] = NULL; diff -urNp linux-2.6.38.6/fs/Kconfig.binfmt linux-2.6.38.6/fs/Kconfig.binfmt --- linux-2.6.38.6/fs/Kconfig.binfmt 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/Kconfig.binfmt 2011-04-28 19:34:15.000000000 -0400 @@ -37642,7 +39734,7 @@ diff -urNp linux-2.6.38.6/fs/libfs.c linux-2.6.38.6/fs/libfs.c dt_type(next->d_inode)) < 0) diff -urNp linux-2.6.38.6/fs/lockd/clntproc.c linux-2.6.38.6/fs/lockd/clntproc.c --- linux-2.6.38.6/fs/lockd/clntproc.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/lockd/clntproc.c 2011-04-28 19:57:25.000000000 -0400 ++++ linux-2.6.38.6/fs/lockd/clntproc.c 2011-05-16 21:47:08.000000000 -0400 @@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt /* * Cookie counter for NLM requests @@ -37657,6 +39749,15 @@ diff -urNp linux-2.6.38.6/fs/lockd/clntproc.c linux-2.6.38.6/fs/lockd/clntproc.c memcpy(c->data, &cookie, 4); c->len=4; +@@ -620,6 +620,8 @@ nlmclnt_reclaim(struct nlm_host *host, s + struct nlm_rqst reqst, *req; + int status; + ++ pax_track_stack(); ++ + req = &reqst; + memset(req, 0, sizeof(*req)); + locks_init_lock(&req->a_args.lock.fl); diff -urNp linux-2.6.38.6/fs/lockd/svc.c linux-2.6.38.6/fs/lockd/svc.c --- linux-2.6.38.6/fs/lockd/svc.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/lockd/svc.c 2011-04-28 19:34:15.000000000 -0400 @@ -37693,9 +39794,21 @@ diff -urNp linux-2.6.38.6/fs/locks.c linux-2.6.38.6/fs/locks.c } lock_flocks(); +diff -urNp linux-2.6.38.6/fs/logfs/super.c linux-2.6.38.6/fs/logfs/super.c +--- linux-2.6.38.6/fs/logfs/super.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/logfs/super.c 2011-05-16 21:47:08.000000000 -0400 +@@ -266,6 +266,8 @@ static int logfs_recover_sb(struct super + struct logfs_disk_super _ds1, *ds1 = &_ds1; + int err, valid0, valid1; + ++ pax_track_stack(); ++ + /* read first superblock */ + err = wbuf_read(sb, super->s_sb_ofs[0], sizeof(*ds0), ds0); + if (err) diff -urNp linux-2.6.38.6/fs/namei.c linux-2.6.38.6/fs/namei.c --- linux-2.6.38.6/fs/namei.c 2011-04-22 19:20:59.000000000 -0400 -+++ linux-2.6.38.6/fs/namei.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/fs/namei.c 2011-05-16 21:47:08.000000000 -0400 @@ -226,14 +226,6 @@ int generic_permission(struct inode *ino return ret; @@ -38131,7 +40244,16 @@ diff -urNp linux-2.6.38.6/fs/namei.c linux-2.6.38.6/fs/namei.c out_drop_write: mnt_drop_write(nd.path.mnt); out_dput: -@@ -3404,6 +3556,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c +@@ -3348,6 +3500,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c + char *to; + int error; + ++ pax_track_stack(); ++ + error = user_path_parent(olddfd, oldname, &oldnd, &from); + if (error) + goto exit; +@@ -3404,6 +3558,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c if (new_dentry == trap) goto exit5; @@ -38144,7 +40266,7 @@ diff -urNp linux-2.6.38.6/fs/namei.c linux-2.6.38.6/fs/namei.c error = mnt_want_write(oldnd.path.mnt); if (error) goto exit5; -@@ -3413,6 +3571,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c +@@ -3413,6 +3573,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c goto exit6; error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry); @@ -38154,7 +40276,7 @@ diff -urNp linux-2.6.38.6/fs/namei.c linux-2.6.38.6/fs/namei.c exit6: mnt_drop_write(oldnd.path.mnt); exit5: -@@ -3438,6 +3599,8 @@ SYSCALL_DEFINE2(rename, const char __use +@@ -3438,6 +3601,8 @@ SYSCALL_DEFINE2(rename, const char __use int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -38163,7 +40285,7 @@ diff -urNp linux-2.6.38.6/fs/namei.c linux-2.6.38.6/fs/namei.c int len; len = PTR_ERR(link); -@@ -3447,7 +3610,14 @@ int vfs_readlink(struct dentry *dentry, +@@ -3447,7 +3612,14 @@ int vfs_readlink(struct dentry *dentry, len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -38242,6 +40364,66 @@ diff -urNp linux-2.6.38.6/fs/namespace.c linux-2.6.38.6/fs/namespace.c get_fs_root(current->fs, &root); down_write(&namespace_sem); mutex_lock(&old.dentry->d_inode->i_mutex); +diff -urNp linux-2.6.38.6/fs/ncpfs/dir.c linux-2.6.38.6/fs/ncpfs/dir.c +--- linux-2.6.38.6/fs/ncpfs/dir.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/ncpfs/dir.c 2011-05-16 21:47:09.000000000 -0400 +@@ -299,6 +299,8 @@ ncp_lookup_validate(struct dentry *dentr + int res, val = 0, len; + __u8 __name[NCP_MAXPATHLEN + 1]; + ++ pax_track_stack(); ++ + if (dentry == dentry->d_sb->s_root) + return 1; + +@@ -844,6 +846,8 @@ static struct dentry *ncp_lookup(struct + int error, res, len; + __u8 __name[NCP_MAXPATHLEN + 1]; + ++ pax_track_stack(); ++ + error = -EIO; + if (!ncp_conn_valid(server)) + goto finished; +@@ -931,6 +935,8 @@ int ncp_create_new(struct inode *dir, st + PPRINTK("ncp_create_new: creating %s/%s, mode=%x\n", + dentry->d_parent->d_name.name, dentry->d_name.name, mode); + ++ pax_track_stack(); ++ + ncp_age_dentry(server, dentry); + len = sizeof(__name); + error = ncp_io2vol(server, __name, &len, dentry->d_name.name, +@@ -992,6 +998,8 @@ static int ncp_mkdir(struct inode *dir, + int error, len; + __u8 __name[NCP_MAXPATHLEN + 1]; + ++ pax_track_stack(); ++ + DPRINTK("ncp_mkdir: making %s/%s\n", + dentry->d_parent->d_name.name, dentry->d_name.name); + +@@ -1135,6 +1143,8 @@ static int ncp_rename(struct inode *old_ + int old_len, new_len; + __u8 __old_name[NCP_MAXPATHLEN + 1], __new_name[NCP_MAXPATHLEN + 1]; + ++ pax_track_stack(); ++ + DPRINTK("ncp_rename: %s/%s to %s/%s\n", + old_dentry->d_parent->d_name.name, old_dentry->d_name.name, + new_dentry->d_parent->d_name.name, new_dentry->d_name.name); +diff -urNp linux-2.6.38.6/fs/ncpfs/inode.c linux-2.6.38.6/fs/ncpfs/inode.c +--- linux-2.6.38.6/fs/ncpfs/inode.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/ncpfs/inode.c 2011-05-16 21:47:09.000000000 -0400 +@@ -461,6 +461,8 @@ static int ncp_fill_super(struct super_b + #endif + struct ncp_entry_info finfo; + ++ pax_track_stack(); ++ + data.wdog_pid = NULL; + server = kzalloc(sizeof(struct ncp_server), GFP_KERNEL); + if (!server) diff -urNp linux-2.6.38.6/fs/nfs/inode.c linux-2.6.38.6/fs/nfs/inode.c --- linux-2.6.38.6/fs/nfs/inode.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/nfs/inode.c 2011-04-28 19:34:15.000000000 -0400 @@ -38277,6 +40459,30 @@ diff -urNp linux-2.6.38.6/fs/nfsd/lockd.c linux-2.6.38.6/fs/nfsd/lockd.c .fopen = nlm_fopen, /* open file for locking */ .fclose = nlm_fclose, /* close file */ }; +diff -urNp linux-2.6.38.6/fs/nfsd/nfs4state.c linux-2.6.38.6/fs/nfsd/nfs4state.c +--- linux-2.6.38.6/fs/nfsd/nfs4state.c 2011-05-10 22:06:27.000000000 -0400 ++++ linux-2.6.38.6/fs/nfsd/nfs4state.c 2011-05-16 21:47:09.000000000 -0400 +@@ -3783,6 +3783,8 @@ nfsd4_lock(struct svc_rqst *rqstp, struc + unsigned int strhashval; + int err; + ++ pax_track_stack(); ++ + dprintk("NFSD: nfsd4_lock: start=%Ld length=%Ld\n", + (long long) lock->lk_offset, + (long long) lock->lk_length); +diff -urNp linux-2.6.38.6/fs/nfsd/nfs4xdr.c linux-2.6.38.6/fs/nfsd/nfs4xdr.c +--- linux-2.6.38.6/fs/nfsd/nfs4xdr.c 2011-04-18 17:27:16.000000000 -0400 ++++ linux-2.6.38.6/fs/nfsd/nfs4xdr.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1793,6 +1793,8 @@ nfsd4_encode_fattr(struct svc_fh *fhp, s + .dentry = dentry, + }; + ++ pax_track_stack(); ++ + BUG_ON(bmval1 & NFSD_WRITEONLY_ATTRS_WORD1); + BUG_ON(bmval0 & ~nfsd_suppattrs0(minorversion)); + BUG_ON(bmval1 & ~nfsd_suppattrs1(minorversion)); diff -urNp linux-2.6.38.6/fs/nfsd/nfsctl.c linux-2.6.38.6/fs/nfsd/nfsctl.c --- linux-2.6.38.6/fs/nfsd/nfsctl.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/nfsd/nfsctl.c 2011-04-28 19:34:15.000000000 -0400 @@ -38388,6 +40594,18 @@ diff -urNp linux-2.6.38.6/fs/ocfs2/localalloc.c linux-2.6.38.6/fs/ocfs2/localall bail: if (handle) +diff -urNp linux-2.6.38.6/fs/ocfs2/namei.c linux-2.6.38.6/fs/ocfs2/namei.c +--- linux-2.6.38.6/fs/ocfs2/namei.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/ocfs2/namei.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1064,6 +1064,8 @@ static int ocfs2_rename(struct inode *ol + struct ocfs2_dir_lookup_result orphan_insert = { NULL, }; + struct ocfs2_dir_lookup_result target_insert = { NULL, }; + ++ pax_track_stack(); ++ + /* At some point it might be nice to break this function up a + * bit. */ + diff -urNp linux-2.6.38.6/fs/ocfs2/ocfs2.h linux-2.6.38.6/fs/ocfs2/ocfs2.h --- linux-2.6.38.6/fs/ocfs2/ocfs2.h 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/ocfs2/ocfs2.h 2011-04-28 19:34:15.000000000 -0400 @@ -38802,7 +41020,7 @@ diff -urNp linux-2.6.38.6/fs/pipe.c linux-2.6.38.6/fs/pipe.c /* diff -urNp linux-2.6.38.6/fs/proc/array.c linux-2.6.38.6/fs/proc/array.c --- linux-2.6.38.6/fs/proc/array.c 2011-04-18 17:27:16.000000000 -0400 -+++ linux-2.6.38.6/fs/proc/array.c 2011-05-10 21:34:42.000000000 -0400 ++++ linux-2.6.38.6/fs/proc/array.c 2011-05-16 21:47:08.000000000 -0400 @@ -60,6 +60,7 @@ #include <linux/tty.h> #include <linux/string.h> @@ -38858,7 +41076,7 @@ diff -urNp linux-2.6.38.6/fs/proc/array.c linux-2.6.38.6/fs/proc/array.c static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task, int whole) { -@@ -375,7 +406,7 @@ static int do_task_stat(struct seq_file +@@ -375,9 +406,11 @@ static int do_task_stat(struct seq_file cputime_t cutime, cstime, utime, stime; cputime_t cgtime, gtime; unsigned long rsslim = 0; @@ -38866,8 +41084,12 @@ diff -urNp linux-2.6.38.6/fs/proc/array.c linux-2.6.38.6/fs/proc/array.c + char tcomm[sizeof(task->comm)] = { 0 }; unsigned long flags; ++ pax_track_stack(); ++ state = *get_task_state(task); -@@ -449,6 +480,19 @@ static int do_task_stat(struct seq_file + vsize = eip = esp = 0; + permitted = ptrace_may_access(task, PTRACE_MODE_READ); +@@ -449,6 +482,19 @@ static int do_task_stat(struct seq_file gtime = task->gtime; } @@ -38887,7 +41109,7 @@ diff -urNp linux-2.6.38.6/fs/proc/array.c linux-2.6.38.6/fs/proc/array.c /* scale priority and nice values from timeslices to -20..20 */ /* to make it look like a "normal" Unix priority/nice value */ priority = task_prio(task); -@@ -489,9 +533,15 @@ static int do_task_stat(struct seq_file +@@ -489,9 +535,15 @@ static int do_task_stat(struct seq_file vsize, mm ? get_mm_rss(mm) : 0, rsslim, @@ -38903,7 +41125,7 @@ diff -urNp linux-2.6.38.6/fs/proc/array.c linux-2.6.38.6/fs/proc/array.c esp, eip, /* The signal information here is obsolete. -@@ -544,3 +594,18 @@ int proc_pid_statm(struct seq_file *m, s +@@ -544,3 +596,18 @@ int proc_pid_statm(struct seq_file *m, s return 0; } @@ -39443,8 +41665,17 @@ diff -urNp linux-2.6.38.6/fs/proc/Kconfig linux-2.6.38.6/fs/proc/Kconfig Various /proc files exist to monitor process memory utilization: diff -urNp linux-2.6.38.6/fs/proc/kcore.c linux-2.6.38.6/fs/proc/kcore.c --- linux-2.6.38.6/fs/proc/kcore.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/proc/kcore.c 2011-04-28 19:34:15.000000000 -0400 -@@ -478,9 +478,10 @@ read_kcore(struct file *file, char __use ++++ linux-2.6.38.6/fs/proc/kcore.c 2011-05-16 21:47:08.000000000 -0400 +@@ -321,6 +321,8 @@ static void elf_kcore_store_hdr(char *bu + off_t offset = 0; + struct kcore_list *m; + ++ pax_track_stack(); ++ + /* setup ELF header */ + elf = (struct elfhdr *) bufp; + bufp += sizeof(struct elfhdr); +@@ -478,9 +480,10 @@ read_kcore(struct file *file, char __use * the addresses in the elf_phdr on our list. */ start = kc_offset_to_vaddr(*fpos - elf_buflen); @@ -39457,7 +41688,7 @@ diff -urNp linux-2.6.38.6/fs/proc/kcore.c linux-2.6.38.6/fs/proc/kcore.c while (buflen) { struct kcore_list *m; -@@ -509,20 +510,23 @@ read_kcore(struct file *file, char __use +@@ -509,20 +512,23 @@ read_kcore(struct file *file, char __use kfree(elf_buf); } else { if (kern_addr_valid(start)) { @@ -39492,7 +41723,7 @@ diff -urNp linux-2.6.38.6/fs/proc/kcore.c linux-2.6.38.6/fs/proc/kcore.c } else { if (clear_user(buffer, tsz)) return -EFAULT; -@@ -542,6 +546,9 @@ read_kcore(struct file *file, char __use +@@ -542,6 +548,9 @@ read_kcore(struct file *file, char __use static int open_kcore(struct inode *inode, struct file *filp) { @@ -39504,8 +41735,17 @@ diff -urNp linux-2.6.38.6/fs/proc/kcore.c linux-2.6.38.6/fs/proc/kcore.c if (kcore_need_update) diff -urNp linux-2.6.38.6/fs/proc/meminfo.c linux-2.6.38.6/fs/proc/meminfo.c --- linux-2.6.38.6/fs/proc/meminfo.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/proc/meminfo.c 2011-05-11 18:34:07.000000000 -0400 -@@ -157,7 +157,7 @@ static int meminfo_proc_show(struct seq_ ++++ linux-2.6.38.6/fs/proc/meminfo.c 2011-05-16 21:47:08.000000000 -0400 +@@ -29,6 +29,8 @@ static int meminfo_proc_show(struct seq_ + unsigned long pages[NR_LRU_LISTS]; + int lru; + ++ pax_track_stack(); ++ + /* + * display in kilobytes. + */ +@@ -157,7 +159,7 @@ static int meminfo_proc_show(struct seq_ vmi.used >> 10, vmi.largest_chunk >> 10 #ifdef CONFIG_MEMORY_FAILURE @@ -39894,6 +42134,18 @@ diff -urNp linux-2.6.38.6/fs/readdir.c linux-2.6.38.6/fs/readdir.c buf.count = count; buf.error = 0; +diff -urNp linux-2.6.38.6/fs/reiserfs/dir.c linux-2.6.38.6/fs/reiserfs/dir.c +--- linux-2.6.38.6/fs/reiserfs/dir.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/reiserfs/dir.c 2011-05-16 21:47:09.000000000 -0400 +@@ -66,6 +66,8 @@ int reiserfs_readdir_dentry(struct dentr + struct reiserfs_dir_entry de; + int ret = 0; + ++ pax_track_stack(); ++ + reiserfs_write_lock(inode->i_sb); + + reiserfs_check_lock_depth(inode->i_sb, "readdir"); diff -urNp linux-2.6.38.6/fs/reiserfs/do_balan.c linux-2.6.38.6/fs/reiserfs/do_balan.c --- linux-2.6.38.6/fs/reiserfs/do_balan.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/reiserfs/do_balan.c 2011-04-28 19:34:15.000000000 -0400 @@ -39963,9 +42215,33 @@ diff -urNp linux-2.6.38.6/fs/reiserfs/item_ops.c linux-2.6.38.6/fs/reiserfs/item &stat_data_ops, &indirect_ops, &direct_ops, +diff -urNp linux-2.6.38.6/fs/reiserfs/journal.c linux-2.6.38.6/fs/reiserfs/journal.c +--- linux-2.6.38.6/fs/reiserfs/journal.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/reiserfs/journal.c 2011-05-16 21:47:09.000000000 -0400 +@@ -2299,6 +2299,8 @@ static struct buffer_head *reiserfs_brea + struct buffer_head *bh; + int i, j; + ++ pax_track_stack(); ++ + bh = __getblk(dev, block, bufsize); + if (buffer_uptodate(bh)) + return (bh); +diff -urNp linux-2.6.38.6/fs/reiserfs/namei.c linux-2.6.38.6/fs/reiserfs/namei.c +--- linux-2.6.38.6/fs/reiserfs/namei.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/reiserfs/namei.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1228,6 +1228,8 @@ static int reiserfs_rename(struct inode + unsigned long savelink = 1; + struct timespec ctime; + ++ pax_track_stack(); ++ + /* three balancings: (1) old name removal, (2) new name insertion + and (3) maybe "save" link insertion + stat data updates: (1) old directory, diff -urNp linux-2.6.38.6/fs/reiserfs/procfs.c linux-2.6.38.6/fs/reiserfs/procfs.c --- linux-2.6.38.6/fs/reiserfs/procfs.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/reiserfs/procfs.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/fs/reiserfs/procfs.c 2011-05-16 21:47:08.000000000 -0400 @@ -113,7 +113,7 @@ static int show_super(struct seq_file *m "SMALL_TAILS " : "NO_TAILS ", replay_only(sb) ? "REPLAY_ONLY " : "", @@ -39975,9 +42251,78 @@ diff -urNp linux-2.6.38.6/fs/reiserfs/procfs.c linux-2.6.38.6/fs/reiserfs/procfs SF(s_disk_reads), SF(s_disk_writes), SF(s_fix_nodes), SF(s_do_balance), SF(s_unneeded_left_neighbor), SF(s_good_search_by_key_reada), SF(s_bmaps), +@@ -299,6 +299,8 @@ static int show_journal(struct seq_file + struct journal_params *jp = &rs->s_v1.s_journal; + char b[BDEVNAME_SIZE]; + ++ pax_track_stack(); ++ + seq_printf(m, /* on-disk fields */ + "jp_journal_1st_block: \t%i\n" + "jp_journal_dev: \t%s[%x]\n" +diff -urNp linux-2.6.38.6/fs/reiserfs/stree.c linux-2.6.38.6/fs/reiserfs/stree.c +--- linux-2.6.38.6/fs/reiserfs/stree.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/reiserfs/stree.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1196,6 +1196,8 @@ int reiserfs_delete_item(struct reiserfs + int iter = 0; + #endif + ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); + + init_tb_struct(th, &s_del_balance, sb, path, +@@ -1333,6 +1335,8 @@ void reiserfs_delete_solid_item(struct r + int retval; + int quota_cut_bytes = 0; + ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); + + le_key2cpu_key(&cpu_key, key); +@@ -1562,6 +1566,8 @@ int reiserfs_cut_from_item(struct reiser + int quota_cut_bytes; + loff_t tail_pos = 0; + ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); + + init_tb_struct(th, &s_cut_balance, inode->i_sb, path, +@@ -1957,6 +1963,8 @@ int reiserfs_paste_into_item(struct reis + int retval; + int fs_gen; + ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); + + fs_gen = get_generation(inode->i_sb); +@@ -2045,6 +2053,8 @@ int reiserfs_insert_item(struct reiserfs + int fs_gen = 0; + int quota_bytes = 0; + ++ pax_track_stack(); ++ + BUG_ON(!th->t_trans_id); + + if (inode) { /* Do we count quotas for item? */ +diff -urNp linux-2.6.38.6/fs/reiserfs/super.c linux-2.6.38.6/fs/reiserfs/super.c +--- linux-2.6.38.6/fs/reiserfs/super.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/reiserfs/super.c 2011-05-16 21:47:09.000000000 -0400 +@@ -927,6 +927,8 @@ static int reiserfs_parse_options(struct + {.option_name = NULL} + }; + ++ pax_track_stack(); ++ + *blocks = 0; + if (!options || !*options) + /* use default configuration: create tails, journaling on, no diff -urNp linux-2.6.38.6/fs/select.c linux-2.6.38.6/fs/select.c --- linux-2.6.38.6/fs/select.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/select.c 2011-05-11 18:35:37.000000000 -0400 ++++ linux-2.6.38.6/fs/select.c 2011-05-16 21:47:08.000000000 -0400 @@ -20,6 +20,7 @@ #include <linux/module.h> #include <linux/slab.h> @@ -39990,17 +42335,25 @@ diff -urNp linux-2.6.38.6/fs/select.c linux-2.6.38.6/fs/select.c int retval, i, timed_out = 0; unsigned long slack = 0; -+ stackleak_probe(table); ++ pax_track_stack(); + rcu_read_lock(); retval = max_select_fd(n, fds); rcu_read_unlock(); -@@ -840,6 +843,10 @@ int do_sys_poll(struct pollfd __user *uf +@@ -531,6 +534,8 @@ int core_sys_select(int n, fd_set __user + /* Allocate small arguments on the stack to save memory and be faster */ + long stack_fds[SELECT_STACK_ALLOC/sizeof(long)]; + ++ pax_track_stack(); ++ + ret = -EINVAL; + if (n < 0) + goto out_nofds; +@@ -840,6 +845,9 @@ int do_sys_poll(struct pollfd __user *uf struct poll_list *walk = head; unsigned long todo = nfds; -+ stackleak_probe(table); -+ stackleak_probe(stack_pps); ++ pax_track_stack(); + + gr_learn_resource(current, RLIMIT_NOFILE, nfds, 1); if (nfds > rlimit(RLIMIT_NOFILE)) @@ -40051,7 +42404,7 @@ diff -urNp linux-2.6.38.6/fs/seq_file.c linux-2.6.38.6/fs/seq_file.c m->count = 0; diff -urNp linux-2.6.38.6/fs/splice.c linux-2.6.38.6/fs/splice.c --- linux-2.6.38.6/fs/splice.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/fs/splice.c 2011-05-11 18:34:57.000000000 -0400 ++++ linux-2.6.38.6/fs/splice.c 2011-05-16 21:47:08.000000000 -0400 @@ -186,7 +186,7 @@ ssize_t splice_to_pipe(struct pipe_inode pipe_lock(pipe); @@ -40077,7 +42430,7 @@ diff -urNp linux-2.6.38.6/fs/splice.c linux-2.6.38.6/fs/splice.c .spd_release = spd_release_page, }; -+ stackleak_probe(partial); ++ pax_track_stack(); + if (splice_grow_spd(pipe, &spd)) return -ENOMEM; @@ -40104,7 +42457,7 @@ diff -urNp linux-2.6.38.6/fs/splice.c linux-2.6.38.6/fs/splice.c .spd_release = spd_release_page, }; -+ stackleak_probe(partial); ++ pax_track_stack(); + if (splice_grow_spd(pipe, &spd)) return -ENOMEM; @@ -40144,7 +42497,7 @@ diff -urNp linux-2.6.38.6/fs/splice.c linux-2.6.38.6/fs/splice.c }; long ret; -+ stackleak_probe(partial); ++ pax_track_stack(); + pipe = get_pipe_info(file); if (!pipe) @@ -40292,6 +42645,18 @@ diff -urNp linux-2.6.38.6/fs/sysfs/symlink.c linux-2.6.38.6/fs/sysfs/symlink.c if (!IS_ERR(page)) free_page((unsigned long)page); } +diff -urNp linux-2.6.38.6/fs/udf/inode.c linux-2.6.38.6/fs/udf/inode.c +--- linux-2.6.38.6/fs/udf/inode.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/fs/udf/inode.c 2011-05-16 21:47:09.000000000 -0400 +@@ -477,6 +477,8 @@ static struct buffer_head *inode_getblk( + int goal = 0, pgoal = iinfo->i_location.logicalBlockNum; + int lastblock = 0; + ++ pax_track_stack(); ++ + prev_epos.offset = udf_file_entry_alloc_offset(inode); + prev_epos.block = iinfo->i_location; + prev_epos.bh = NULL; diff -urNp linux-2.6.38.6/fs/udf/misc.c linux-2.6.38.6/fs/udf/misc.c --- linux-2.6.38.6/fs/udf/misc.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/fs/udf/misc.c 2011-04-28 19:34:15.000000000 -0400 @@ -40585,8 +42950,8 @@ diff -urNp linux-2.6.38.6/grsecurity/gracl_alloc.c linux-2.6.38.6/grsecurity/gra +} diff -urNp linux-2.6.38.6/grsecurity/gracl.c linux-2.6.38.6/grsecurity/gracl.c --- linux-2.6.38.6/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.38.6/grsecurity/gracl.c 2011-04-28 19:34:15.000000000 -0400 -@@ -0,0 +1,4074 @@ ++++ linux-2.6.38.6/grsecurity/gracl.c 2011-05-17 17:30:19.000000000 -0400 +@@ -0,0 +1,4098 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -42870,6 +45235,8 @@ diff -urNp linux-2.6.38.6/grsecurity/gracl.c linux-2.6.38.6/grsecurity/gracl.c + return; +} + ++extern int __gr_process_user_ban(struct user_struct *user); ++ +int +gr_check_user_change(int real, int effective, int fs) +{ @@ -42881,6 +45248,28 @@ diff -urNp linux-2.6.38.6/grsecurity/gracl.c linux-2.6.38.6/grsecurity/gracl.c + int effectiveok = 0; + int fsok = 0; + ++#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_BRUTE) ++ struct user_struct *user; ++ ++ if (real == -1) ++ goto skipit; ++ ++ user = find_user(real); ++ if (user == NULL) ++ goto skipit; ++ ++ if (__gr_process_user_ban(user)) { ++ /* for find_user */ ++ free_uid(user); ++ return 1; ++ } ++ ++ /* for find_user */ ++ free_uid(user); ++ ++skipit: ++#endif ++ + if (unlikely(!(gr_status & GR_READY))) + return 0; + @@ -48097,8 +50486,8 @@ diff -urNp linux-2.6.38.6/grsecurity/grsec_ptrace.c linux-2.6.38.6/grsecurity/gr +} diff -urNp linux-2.6.38.6/grsecurity/grsec_sig.c linux-2.6.38.6/grsecurity/grsec_sig.c --- linux-2.6.38.6/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.38.6/grsecurity/grsec_sig.c 2011-04-28 19:34:15.000000000 -0400 -@@ -0,0 +1,197 @@ ++++ linux-2.6.38.6/grsecurity/grsec_sig.c 2011-05-17 17:30:33.000000000 -0400 +@@ -0,0 +1,203 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/delay.h> @@ -48280,11 +50669,10 @@ diff -urNp linux-2.6.38.6/grsecurity/grsec_sig.c linux-2.6.38.6/grsecurity/grsec +#endif +} + -+int gr_process_user_ban(void) ++int __gr_process_user_ban(struct user_struct *user) +{ +#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_BRUTE) -+ if (unlikely(current->cred->user->banned)) { -+ struct user_struct *user = current->cred->user; ++ if (unlikely(user->banned)) { + if (user->ban_expires != ~0UL && time_after_eq(get_seconds(), user->ban_expires)) { + user->banned = 0; + user->ban_expires = 0; @@ -48294,7 +50682,14 @@ diff -urNp linux-2.6.38.6/grsecurity/grsec_sig.c linux-2.6.38.6/grsecurity/grsec + } +#endif + return 0; ++} + ++int gr_process_user_ban(void) ++{ ++#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_BRUTE) ++ return __gr_process_user_ban(current->cred->user); ++#endif ++ return 0; +} diff -urNp linux-2.6.38.6/grsecurity/grsec_sock.c linux-2.6.38.6/grsecurity/grsec_sock.c --- linux-2.6.38.6/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000 -0500 @@ -50256,7 +52651,7 @@ diff -urNp linux-2.6.38.6/include/acpi/acpi_drivers.h linux-2.6.38.6/include/acp return -ENODEV; diff -urNp linux-2.6.38.6/include/asm-generic/atomic-long.h linux-2.6.38.6/include/asm-generic/atomic-long.h --- linux-2.6.38.6/include/asm-generic/atomic-long.h 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/include/asm-generic/atomic-long.h 2011-04-28 19:57:25.000000000 -0400 ++++ linux-2.6.38.6/include/asm-generic/atomic-long.h 2011-05-16 21:47:08.000000000 -0400 @@ -22,6 +22,12 @@ typedef atomic64_t atomic_long_t; @@ -50540,7 +52935,7 @@ diff -urNp linux-2.6.38.6/include/asm-generic/atomic-long.h linux-2.6.38.6/inclu +#define atomic_add_unchecked(i, v) atomic_add((i), (v)) +#define atomic_sub_unchecked(i, v) atomic_sub((i), (v)) +#define atomic_inc_unchecked(v) atomic_inc(v) -+#define atomic_inc_and_test_unchecked(v) atomic_inc(v) ++#define atomic_inc_and_test_unchecked(v) atomic_inc_and_test(v) +#define atomic_inc_return_unchecked(v) atomic_inc_return(v) +#define atomic_add_return_unchecked(i, v) atomic_add_return((i), (v)) +#define atomic_dec_unchecked(v) atomic_dec(v) @@ -53441,7 +55836,7 @@ diff -urNp linux-2.6.38.6/include/linux/rmap.h linux-2.6.38.6/include/linux/rmap diff -urNp linux-2.6.38.6/include/linux/sched.h linux-2.6.38.6/include/linux/sched.h --- linux-2.6.38.6/include/linux/sched.h 2011-04-22 19:20:59.000000000 -0400 -+++ linux-2.6.38.6/include/linux/sched.h 2011-05-11 18:39:40.000000000 -0400 ++++ linux-2.6.38.6/include/linux/sched.h 2011-05-16 21:50:36.000000000 -0400 @@ -99,6 +99,7 @@ struct robust_list_head; struct bio_list; struct fs_struct; @@ -53579,7 +55974,7 @@ diff -urNp linux-2.6.38.6/include/linux/sched.h linux-2.6.38.6/include/linux/sch #ifdef CONFIG_FUNCTION_GRAPH_TRACER /* Index of current stored address in ret_stack */ int curr_ret_stack; -@@ -1533,6 +1574,67 @@ struct task_struct { +@@ -1533,6 +1574,62 @@ struct task_struct { #endif }; @@ -53628,26 +56023,21 @@ diff -urNp linux-2.6.38.6/include/linux/sched.h linux-2.6.38.6/include/linux/sch +void pax_report_refcount_overflow(struct pt_regs *regs); +void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type); + ++static inline void pax_track_stack(void) ++{ ++ +#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+#define stackleak_probe(var) \ -+ do { \ -+ size_t maxidx = sizeof(var) / sizeof(long); \ -+ long *p = (long *)&var; \ -+ unsigned int i; \ -+ \ -+ BUILD_BUG_ON(sizeof(var) < 64); \ -+ \ -+ for (i = 0; i < maxidx; i += 64 / sizeof(long)) \ -+ p[i] = 0; \ -+ } while (0) -+#else -+#define stackleak_probe(var) do { } while (0) ++ if (current_thread_info()->lowest_stack > current_stack_pointer && ++ (unsigned long)task_stack_page(current) < current_stack_pointer) ++ current_thread_info()->lowest_stack = current_stack_pointer; +#endif + ++} ++ /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -2002,7 +2104,9 @@ void yield(void); +@@ -2002,7 +2099,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -53657,7 +56047,7 @@ diff -urNp linux-2.6.38.6/include/linux/sched.h linux-2.6.38.6/include/linux/sch unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2172,7 +2276,7 @@ extern void __cleanup_sighand(struct sig +@@ -2172,7 +2271,7 @@ extern void __cleanup_sighand(struct sig extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -53666,7 +56056,7 @@ diff -urNp linux-2.6.38.6/include/linux/sched.h linux-2.6.38.6/include/linux/sch extern void daemonize(const char *, ...); extern int allow_signal(int); -@@ -2313,13 +2417,17 @@ static inline unsigned long *end_of_stac +@@ -2313,13 +2412,17 @@ static inline unsigned long *end_of_stac #endif @@ -55177,12 +57567,12 @@ diff -urNp linux-2.6.38.6/ipc/mqueue.c linux-2.6.38.6/ipc/mqueue.c u->mq_bytes + mq_bytes > diff -urNp linux-2.6.38.6/ipc/sem.c linux-2.6.38.6/ipc/sem.c --- linux-2.6.38.6/ipc/sem.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/ipc/sem.c 2011-05-11 18:34:57.000000000 -0400 ++++ linux-2.6.38.6/ipc/sem.c 2011-05-16 21:47:08.000000000 -0400 @@ -854,6 +854,8 @@ static int semctl_main(struct ipc_namesp int nsems; struct list_head tasks; -+ stackleak_probe(fast_sem_io); ++ pax_track_stack(); + sma = sem_lock_check(ns, semid); if (IS_ERR(sma)) @@ -55191,7 +57581,7 @@ diff -urNp linux-2.6.38.6/ipc/sem.c linux-2.6.38.6/ipc/sem.c struct ipc_namespace *ns; struct list_head tasks; -+ stackleak_probe(fast_sops); ++ pax_track_stack(); + ns = current->nsproxy->ipc_ns; @@ -55373,6 +57763,18 @@ diff -urNp linux-2.6.38.6/kernel/capability.c linux-2.6.38.6/kernel/capability.c + EXPORT_SYMBOL(capable); +EXPORT_SYMBOL(capable_nolog); +diff -urNp linux-2.6.38.6/kernel/cgroup.c linux-2.6.38.6/kernel/cgroup.c +--- linux-2.6.38.6/kernel/cgroup.c 2011-04-18 17:27:16.000000000 -0400 ++++ linux-2.6.38.6/kernel/cgroup.c 2011-05-16 21:47:09.000000000 -0400 +@@ -598,6 +598,8 @@ static struct css_set *find_css_set( + struct hlist_head *hhead; + struct cg_cgroup_link *link; + ++ pax_track_stack(); ++ + /* First see if we already have a cgroup group that matches + * the desired set */ + read_lock(&css_set_lock); diff -urNp linux-2.6.38.6/kernel/compat.c linux-2.6.38.6/kernel/compat.c --- linux-2.6.38.6/kernel/compat.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/kernel/compat.c 2011-04-28 19:34:15.000000000 -0400 @@ -55409,8 +57811,80 @@ diff -urNp linux-2.6.38.6/kernel/configs.c linux-2.6.38.6/kernel/configs.c diff -urNp linux-2.6.38.6/kernel/cred.c linux-2.6.38.6/kernel/cred.c --- linux-2.6.38.6/kernel/cred.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/kernel/cred.c 2011-04-28 19:34:15.000000000 -0400 -@@ -483,6 +483,8 @@ int commit_creds(struct cred *new) ++++ linux-2.6.38.6/kernel/cred.c 2011-05-17 19:31:43.000000000 -0400 +@@ -157,6 +157,8 @@ static void put_cred_rcu(struct rcu_head + */ + void __put_cred(struct cred *cred) + { ++ pax_track_stack(); ++ + kdebug("__put_cred(%p{%d,%d})", cred, + atomic_read(&cred->usage), + read_cred_subscribers(cred)); +@@ -181,6 +183,8 @@ void exit_creds(struct task_struct *tsk) + { + struct cred *cred; + ++ pax_track_stack(); ++ + kdebug("exit_creds(%u,%p,%p,{%d,%d})", tsk->pid, tsk->real_cred, tsk->cred, + atomic_read(&tsk->cred->usage), + read_cred_subscribers(tsk->cred)); +@@ -219,6 +223,8 @@ const struct cred *get_task_cred(struct + { + const struct cred *cred; + ++ pax_track_stack(); ++ + rcu_read_lock(); + + do { +@@ -238,6 +244,8 @@ struct cred *cred_alloc_blank(void) + { + struct cred *new; + ++ pax_track_stack(); ++ + new = kmem_cache_zalloc(cred_jar, GFP_KERNEL); + if (!new) + return NULL; +@@ -286,6 +294,8 @@ struct cred *prepare_creds(void) + const struct cred *old; + struct cred *new; + ++ pax_track_stack(); ++ + validate_process_creds(); + + new = kmem_cache_alloc(cred_jar, GFP_KERNEL); +@@ -332,6 +342,8 @@ struct cred *prepare_exec_creds(void) + struct thread_group_cred *tgcred = NULL; + struct cred *new; + ++ pax_track_stack(); ++ + #ifdef CONFIG_KEYS + tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL); + if (!tgcred) +@@ -384,6 +396,8 @@ int copy_creds(struct task_struct *p, un + struct cred *new; + int ret; + ++ pax_track_stack(); ++ + if ( + #ifdef CONFIG_KEYS + !p->cred->thread_keyring && +@@ -469,6 +483,8 @@ int commit_creds(struct cred *new) + struct task_struct *task = current; + const struct cred *old = task->real_cred; + ++ pax_track_stack(); ++ + kdebug("commit_creds(%p{%d,%d})", new, + atomic_read(&new->usage), + read_cred_subscribers(new)); +@@ -483,6 +499,8 @@ int commit_creds(struct cred *new) get_cred(new); /* we will require a ref for the subj creds too */ @@ -55419,6 +57893,60 @@ diff -urNp linux-2.6.38.6/kernel/cred.c linux-2.6.38.6/kernel/cred.c /* dumpability changes */ if (old->euid != new->euid || old->egid != new->egid || +@@ -545,6 +563,8 @@ EXPORT_SYMBOL(commit_creds); + */ + void abort_creds(struct cred *new) + { ++ pax_track_stack(); ++ + kdebug("abort_creds(%p{%d,%d})", new, + atomic_read(&new->usage), + read_cred_subscribers(new)); +@@ -568,6 +588,8 @@ const struct cred *override_creds(const + { + const struct cred *old = current->cred; + ++ pax_track_stack(); ++ + kdebug("override_creds(%p{%d,%d})", new, + atomic_read(&new->usage), + read_cred_subscribers(new)); +@@ -597,6 +619,8 @@ void revert_creds(const struct cred *old + { + const struct cred *override = current->cred; + ++ pax_track_stack(); ++ + kdebug("revert_creds(%p{%d,%d})", old, + atomic_read(&old->usage), + read_cred_subscribers(old)); +@@ -643,6 +667,8 @@ struct cred *prepare_kernel_cred(struct + const struct cred *old; + struct cred *new; + ++ pax_track_stack(); ++ + new = kmem_cache_alloc(cred_jar, GFP_KERNEL); + if (!new) + return NULL; +@@ -697,6 +723,8 @@ EXPORT_SYMBOL(prepare_kernel_cred); + */ + int set_security_override(struct cred *new, u32 secid) + { ++ pax_track_stack(); ++ + return security_kernel_act_as(new, secid); + } + EXPORT_SYMBOL(set_security_override); +@@ -716,6 +744,8 @@ int set_security_override_from_ctx(struc + u32 secid; + int ret; + ++ pax_track_stack(); ++ + ret = security_secctx_to_secid(secctx, strlen(secctx), &secid); + if (ret < 0) + return ret; diff -urNp linux-2.6.38.6/kernel/debug/debug_core.c linux-2.6.38.6/kernel/debug/debug_core.c --- linux-2.6.38.6/kernel/debug/debug_core.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/kernel/debug/debug_core.c 2011-04-28 19:57:25.000000000 -0400 @@ -55953,7 +58481,7 @@ diff -urNp linux-2.6.38.6/kernel/fork.c linux-2.6.38.6/kernel/fork.c new_fs = fs; diff -urNp linux-2.6.38.6/kernel/futex.c linux-2.6.38.6/kernel/futex.c --- linux-2.6.38.6/kernel/futex.c 2011-04-22 19:20:59.000000000 -0400 -+++ linux-2.6.38.6/kernel/futex.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/kernel/futex.c 2011-05-16 21:47:08.000000000 -0400 @@ -54,6 +54,7 @@ #include <linux/mount.h> #include <linux/pagemap.h> @@ -55974,7 +58502,25 @@ diff -urNp linux-2.6.38.6/kernel/futex.c linux-2.6.38.6/kernel/futex.c /* * The futex address must be "naturally" aligned. */ -@@ -2404,7 +2410,9 @@ SYSCALL_DEFINE3(get_robust_list, int, pi +@@ -1833,6 +1839,8 @@ static int futex_wait(u32 __user *uaddr, + struct futex_q q = futex_q_init; + int ret; + ++ pax_track_stack(); ++ + if (!bitset) + return -EINVAL; + q.bitset = bitset; +@@ -2232,6 +2240,8 @@ static int futex_wait_requeue_pi(u32 __u + struct futex_q q = futex_q_init; + int res, ret; + ++ pax_track_stack(); ++ + if (!bitset) + return -EINVAL; + +@@ -2404,7 +2414,9 @@ SYSCALL_DEFINE3(get_robust_list, int, pi { struct robust_list_head __user *head; unsigned long ret; @@ -55984,7 +58530,7 @@ diff -urNp linux-2.6.38.6/kernel/futex.c linux-2.6.38.6/kernel/futex.c if (!futex_cmpxchg_enabled) return -ENOSYS; -@@ -2420,11 +2428,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pi +@@ -2420,11 +2432,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pi if (!p) goto err_unlock; ret = -EPERM; @@ -56001,7 +58547,7 @@ diff -urNp linux-2.6.38.6/kernel/futex.c linux-2.6.38.6/kernel/futex.c head = p->robust_list; rcu_read_unlock(); } -@@ -2667,6 +2680,7 @@ static int __init futex_init(void) +@@ -2667,6 +2684,7 @@ static int __init futex_init(void) { u32 curval; int i; @@ -56009,7 +58555,7 @@ diff -urNp linux-2.6.38.6/kernel/futex.c linux-2.6.38.6/kernel/futex.c /* * This will fail and we want it. Some arch implementations do -@@ -2678,7 +2692,10 @@ static int __init futex_init(void) +@@ -2678,7 +2696,10 @@ static int __init futex_init(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -57452,7 +59998,7 @@ diff -urNp linux-2.6.38.6/kernel/posix-cpu-timers.c linux-2.6.38.6/kernel/posix- #include <trace/events/timer.h> diff -urNp linux-2.6.38.6/kernel/posix-timers.c linux-2.6.38.6/kernel/posix-timers.c --- linux-2.6.38.6/kernel/posix-timers.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/kernel/posix-timers.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/kernel/posix-timers.c 2011-05-16 21:47:09.000000000 -0400 @@ -42,6 +42,7 @@ #include <linux/compiler.h> #include <linux/idr.h> @@ -57461,7 +60007,16 @@ diff -urNp linux-2.6.38.6/kernel/posix-timers.c linux-2.6.38.6/kernel/posix-time #include <linux/syscalls.h> #include <linux/wait.h> #include <linux/workqueue.h> -@@ -955,6 +956,13 @@ SYSCALL_DEFINE2(clock_settime, const clo +@@ -302,6 +303,8 @@ static __init int init_posix_timers(void + .nsleep = no_nsleep, + }; + ++ pax_track_stack(); ++ + register_posix_clock(CLOCK_REALTIME, &clock_realtime); + register_posix_clock(CLOCK_MONOTONIC, &clock_monotonic); + register_posix_clock(CLOCK_MONOTONIC_RAW, &clock_monotonic_raw); +@@ -955,6 +958,13 @@ SYSCALL_DEFINE2(clock_settime, const clo if (copy_from_user(&new_tp, tp, sizeof (*tp))) return -EFAULT; @@ -58002,6 +60557,18 @@ diff -urNp linux-2.6.38.6/kernel/rcutree_plugin.h linux-2.6.38.6/kernel/rcutree_ put_online_cpus(); } +diff -urNp linux-2.6.38.6/kernel/relay.c linux-2.6.38.6/kernel/relay.c +--- linux-2.6.38.6/kernel/relay.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/kernel/relay.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1236,6 +1236,8 @@ static ssize_t subbuf_splice_actor(struc + }; + ssize_t ret; + ++ pax_track_stack(); ++ + if (rbuf->subbufs_produced == rbuf->subbufs_consumed) + return 0; + if (splice_grow_spd(pipe, &spd)) diff -urNp linux-2.6.38.6/kernel/resource.c linux-2.6.38.6/kernel/resource.c --- linux-2.6.38.6/kernel/resource.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/kernel/resource.c 2011-04-28 19:34:15.000000000 -0400 @@ -59018,8 +61585,26 @@ diff -urNp linux-2.6.38.6/kernel/trace/ring_buffer.c linux-2.6.38.6/kernel/trace { diff -urNp linux-2.6.38.6/kernel/trace/trace.c linux-2.6.38.6/kernel/trace/trace.c --- linux-2.6.38.6/kernel/trace/trace.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/kernel/trace/trace.c 2011-04-28 19:34:15.000000000 -0400 -@@ -3967,10 +3967,9 @@ static const struct file_operations trac ++++ linux-2.6.38.6/kernel/trace/trace.c 2011-05-16 21:47:08.000000000 -0400 +@@ -3316,6 +3316,8 @@ static ssize_t tracing_splice_read_pipe( + size_t rem; + unsigned int i; + ++ pax_track_stack(); ++ + if (splice_grow_spd(pipe, &spd)) + return -ENOMEM; + +@@ -3799,6 +3801,8 @@ tracing_buffers_splice_read(struct file + int entries, size, i; + size_t ret; + ++ pax_track_stack(); ++ + if (splice_grow_spd(pipe, &spd)) + return -ENOMEM; + +@@ -3967,10 +3971,9 @@ static const struct file_operations trac }; #endif @@ -59031,7 +61616,7 @@ diff -urNp linux-2.6.38.6/kernel/trace/trace.c linux-2.6.38.6/kernel/trace/trace static int once; if (d_tracer) -@@ -3990,10 +3989,9 @@ struct dentry *tracing_init_dentry(void) +@@ -3990,10 +3993,9 @@ struct dentry *tracing_init_dentry(void) return d_tracer; } @@ -59340,14 +61925,14 @@ diff -urNp linux-2.6.38.6/localversion-grsec linux-2.6.38.6/localversion-grsec +-grsec diff -urNp linux-2.6.38.6/Makefile linux-2.6.38.6/Makefile --- linux-2.6.38.6/Makefile 2011-05-10 22:06:29.000000000 -0400 -+++ linux-2.6.38.6/Makefile 2011-05-10 22:08:57.000000000 -0400 ++++ linux-2.6.38.6/Makefile 2011-05-16 21:47:08.000000000 -0400 @@ -233,8 +233,8 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" HOSTCC = gcc HOSTCXX = g++ -HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -HOSTCXXFLAGS = -O2 -+HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-empty-body -Wno-missing-field-initializers -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks ++HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-empty-body -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks +HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks # Decide whether to build built-in, modular, or both. @@ -60441,8 +63026,17 @@ diff -urNp linux-2.6.38.6/mm/mempolicy.c linux-2.6.38.6/mm/mempolicy.c } else if (vma->vm_start <= mm->start_stack && diff -urNp linux-2.6.38.6/mm/migrate.c linux-2.6.38.6/mm/migrate.c --- linux-2.6.38.6/mm/migrate.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/mm/migrate.c 2011-04-28 19:34:15.000000000 -0400 -@@ -1299,6 +1299,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, ++++ linux-2.6.38.6/mm/migrate.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1115,6 +1115,8 @@ static int do_pages_move(struct mm_struc + unsigned long chunk_start; + int err; + ++ pax_track_stack(); ++ + task_nodes = cpuset_mems_allowed(task); + + err = -ENOMEM; +@@ -1299,6 +1301,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, if (!mm) return -EINVAL; @@ -60457,7 +63051,7 @@ diff -urNp linux-2.6.38.6/mm/migrate.c linux-2.6.38.6/mm/migrate.c /* * Check if this process has the right to modify the specified * process. The right exists if the process has administrative -@@ -1308,8 +1316,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, +@@ -1308,8 +1318,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, rcu_read_lock(); tcred = __task_cred(task); if (cred->euid != tcred->suid && cred->euid != tcred->uid && @@ -62181,7 +64775,7 @@ diff -urNp linux-2.6.38.6/mm/nommu.c linux-2.6.38.6/mm/nommu.c diff -urNp linux-2.6.38.6/mm/page_alloc.c linux-2.6.38.6/mm/page_alloc.c --- linux-2.6.38.6/mm/page_alloc.c 2011-04-18 17:27:16.000000000 -0400 -+++ linux-2.6.38.6/mm/page_alloc.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/mm/page_alloc.c 2011-05-16 21:47:08.000000000 -0400 @@ -644,6 +644,10 @@ static bool free_pages_prepare(struct pa int i; int bad = 0; @@ -62217,6 +64811,15 @@ diff -urNp linux-2.6.38.6/mm/page_alloc.c linux-2.6.38.6/mm/page_alloc.c if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); +@@ -2423,6 +2435,8 @@ void show_free_areas(void) + int cpu; + struct zone *zone; + ++ pax_track_stack(); ++ + for_each_populated_zone(zone) { + show_node(zone); + printk("%s per-cpu:\n", zone->name); diff -urNp linux-2.6.38.6/mm/percpu.c linux-2.6.38.6/mm/percpu.c --- linux-2.6.38.6/mm/percpu.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/mm/percpu.c 2011-04-28 19:34:15.000000000 -0400 @@ -62323,7 +64926,7 @@ diff -urNp linux-2.6.38.6/mm/rmap.c linux-2.6.38.6/mm/rmap.c struct anon_vma *anon_vma; diff -urNp linux-2.6.38.6/mm/shmem.c linux-2.6.38.6/mm/shmem.c --- linux-2.6.38.6/mm/shmem.c 2011-04-18 17:27:16.000000000 -0400 -+++ linux-2.6.38.6/mm/shmem.c 2011-05-11 18:34:57.000000000 -0400 ++++ linux-2.6.38.6/mm/shmem.c 2011-05-16 21:47:08.000000000 -0400 @@ -31,7 +31,7 @@ #include <linux/percpu_counter.h> #include <linux/swap.h> @@ -62342,7 +64945,16 @@ diff -urNp linux-2.6.38.6/mm/shmem.c linux-2.6.38.6/mm/shmem.c if (entry->val) { /* * The more uptodate page coming down from a stacked -@@ -1995,7 +1997,7 @@ static int shmem_symlink(struct inode *d +@@ -1153,6 +1155,8 @@ static struct page *shmem_swapin(swp_ent + struct vm_area_struct pvma; + struct page *page; + ++ pax_track_stack(); ++ + spol = mpol_cond_copy(&mpol, + mpol_shared_policy_lookup(&info->policy, idx)); + +@@ -1995,7 +1999,7 @@ static int shmem_symlink(struct inode *d info = SHMEM_I(inode); inode->i_size = len-1; @@ -62351,7 +64963,7 @@ diff -urNp linux-2.6.38.6/mm/shmem.c linux-2.6.38.6/mm/shmem.c /* do it inline */ memcpy(info, symname, len); inode->i_op = &shmem_symlink_inline_operations; -@@ -2341,8 +2343,7 @@ int shmem_fill_super(struct super_block +@@ -2341,8 +2345,7 @@ int shmem_fill_super(struct super_block int err = -ENOMEM; /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -63439,6 +66051,18 @@ diff -urNp linux-2.6.38.6/net/atm/atm_misc.c linux-2.6.38.6/net/atm/atm_misc.c __SONET_ITEMS #undef __HANDLE_ITEM } +diff -urNp linux-2.6.38.6/net/atm/mpoa_caches.c linux-2.6.38.6/net/atm/mpoa_caches.c +--- linux-2.6.38.6/net/atm/mpoa_caches.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/net/atm/mpoa_caches.c 2011-05-16 21:47:09.000000000 -0400 +@@ -255,6 +255,8 @@ static void check_resolving_entries(stru + struct timeval now; + struct k_message msg; + ++ pax_track_stack(); ++ + do_gettimeofday(&now); + + read_lock_bh(&client->ingress_lock); diff -urNp linux-2.6.38.6/net/atm/proc.c linux-2.6.38.6/net/atm/proc.c --- linux-2.6.38.6/net/atm/proc.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/net/atm/proc.c 2011-04-28 19:34:15.000000000 -0400 @@ -63621,7 +66245,7 @@ diff -urNp linux-2.6.38.6/net/bridge/br_multicast.c linux-2.6.38.6/net/bridge/br /* Okay, we found ICMPv6 header */ diff -urNp linux-2.6.38.6/net/bridge/netfilter/ebtables.c linux-2.6.38.6/net/bridge/netfilter/ebtables.c --- linux-2.6.38.6/net/bridge/netfilter/ebtables.c 2011-04-18 17:27:18.000000000 -0400 -+++ linux-2.6.38.6/net/bridge/netfilter/ebtables.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/net/bridge/netfilter/ebtables.c 2011-05-16 21:47:08.000000000 -0400 @@ -1512,7 +1512,7 @@ static int do_ebt_get_ctl(struct sock *s tmp.valid_hooks = t->table->valid_hooks; } @@ -63631,6 +66255,15 @@ diff -urNp linux-2.6.38.6/net/bridge/netfilter/ebtables.c linux-2.6.38.6/net/bri BUGPRINT("c2u Didn't work\n"); ret = -EFAULT; break; +@@ -1779,6 +1779,8 @@ static int compat_copy_everything_to_use + int ret; + void __user *pos; + ++ pax_track_stack(); ++ + memset(&tinfo, 0, sizeof(tinfo)); + + if (cmd == EBT_SO_GET_ENTRIES) { diff -urNp linux-2.6.38.6/net/caif/caif_socket.c linux-2.6.38.6/net/caif/caif_socket.c --- linux-2.6.38.6/net/caif/caif_socket.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/net/caif/caif_socket.c 2011-04-28 19:57:25.000000000 -0400 @@ -63753,8 +66386,16 @@ diff -urNp linux-2.6.38.6/net/caif/caif_socket.c linux-2.6.38.6/net/caif/caif_so debugfs_remove_recursive(cf_sk->debugfs_socket_dir); diff -urNp linux-2.6.38.6/net/caif/cfctrl.c linux-2.6.38.6/net/caif/cfctrl.c --- linux-2.6.38.6/net/caif/cfctrl.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/net/caif/cfctrl.c 2011-04-28 19:57:25.000000000 -0400 -@@ -46,8 +46,8 @@ struct cflayer *cfctrl_create(void) ++++ linux-2.6.38.6/net/caif/cfctrl.c 2011-05-16 21:47:08.000000000 -0400 +@@ -9,6 +9,7 @@ + #include <linux/stddef.h> + #include <linux/spinlock.h> + #include <linux/slab.h> ++#include <linux/sched.h> + #include <net/caif/caif_layer.h> + #include <net/caif/cfpkt.h> + #include <net/caif/cfctrl.h> +@@ -46,8 +47,8 @@ struct cflayer *cfctrl_create(void) dev_info.id = 0xff; memset(this, 0, sizeof(*this)); cfsrvl_init(&this->serv, 0, &dev_info, false); @@ -63765,7 +66406,7 @@ diff -urNp linux-2.6.38.6/net/caif/cfctrl.c linux-2.6.38.6/net/caif/cfctrl.c this->serv.layer.receive = cfctrl_recv; sprintf(this->serv.layer.name, "ctrl"); this->serv.layer.ctrlcmd = cfctrl_ctrlcmd; -@@ -116,8 +116,8 @@ void cfctrl_insert_req(struct cfctrl *ct +@@ -116,8 +117,8 @@ void cfctrl_insert_req(struct cfctrl *ct struct cfctrl_request_info *req) { spin_lock(&ctrl->info_list_lock); @@ -63776,7 +66417,7 @@ diff -urNp linux-2.6.38.6/net/caif/cfctrl.c linux-2.6.38.6/net/caif/cfctrl.c list_add_tail(&req->list, &ctrl->list); spin_unlock(&ctrl->info_list_lock); } -@@ -136,7 +136,7 @@ struct cfctrl_request_info *cfctrl_remov +@@ -136,7 +137,7 @@ struct cfctrl_request_info *cfctrl_remov if (p != first) pr_warn("Requests are not received in order\n"); @@ -63785,6 +66426,14 @@ diff -urNp linux-2.6.38.6/net/caif/cfctrl.c linux-2.6.38.6/net/caif/cfctrl.c p->sequence_no); list_del(&p->list); goto out; +@@ -385,6 +386,7 @@ static int cfctrl_recv(struct cflayer *l + struct cfctrl *cfctrl = container_obj(layer); + struct cfctrl_request_info rsp, *req; + ++ pax_track_stack(); + + cfpkt_extr_head(pkt, &cmdrsp, 1); + cmd = cmdrsp & CFCTRL_CMD_MASK; diff -urNp linux-2.6.38.6/net/can/bcm.c linux-2.6.38.6/net/can/bcm.c --- linux-2.6.38.6/net/can/bcm.c 2011-05-10 22:06:29.000000000 -0400 +++ linux-2.6.38.6/net/can/bcm.c 2011-05-10 22:09:01.000000000 -0400 @@ -63891,6 +66540,18 @@ diff -urNp linux-2.6.38.6/net/core/flow.c linux-2.6.38.6/net/core/flow.c if (!IS_ERR(flo)) fle->object = flo; else +diff -urNp linux-2.6.38.6/net/core/skbuff.c linux-2.6.38.6/net/core/skbuff.c +--- linux-2.6.38.6/net/core/skbuff.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/net/core/skbuff.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1543,6 +1543,8 @@ int skb_splice_bits(struct sk_buff *skb, + struct sock *sk = skb->sk; + int ret = 0; + ++ pax_track_stack(); ++ + if (splice_grow_spd(pipe, &spd)) + return -ENOMEM; + diff -urNp linux-2.6.38.6/net/core/sock.c linux-2.6.38.6/net/core/sock.c --- linux-2.6.38.6/net/core/sock.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/net/core/sock.c 2011-04-28 19:57:25.000000000 -0400 @@ -64092,8 +66753,17 @@ diff -urNp linux-2.6.38.6/net/ipv4/inet_hashtables.c linux-2.6.38.6/net/ipv4/ine while (twrefcnt) { diff -urNp linux-2.6.38.6/net/ipv4/inetpeer.c linux-2.6.38.6/net/ipv4/inetpeer.c --- linux-2.6.38.6/net/ipv4/inetpeer.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/net/ipv4/inetpeer.c 2011-04-28 19:34:15.000000000 -0400 -@@ -509,8 +509,8 @@ struct inet_peer *inet_getpeer(struct in ++++ linux-2.6.38.6/net/ipv4/inetpeer.c 2011-05-16 21:47:08.000000000 -0400 +@@ -478,6 +478,8 @@ struct inet_peer *inet_getpeer(struct in + struct inet_peer_base *base = family_to_base(daddr->family); + struct inet_peer *p; + ++ pax_track_stack(); ++ + /* Look up for the address quickly, lockless. + * Because of a concurrent writer, we might not find an existing entry. + */ +@@ -509,8 +511,8 @@ struct inet_peer *inet_getpeer(struct in if (p) { p->daddr = *daddr; atomic_set(&p->refcnt, 1); @@ -64116,6 +66786,18 @@ diff -urNp linux-2.6.38.6/net/ipv4/ip_fragment.c linux-2.6.38.6/net/ipv4/ip_frag qp->rid = end; rc = qp->q.fragments && (end - start) > max; +diff -urNp linux-2.6.38.6/net/ipv4/ip_sockglue.c linux-2.6.38.6/net/ipv4/ip_sockglue.c +--- linux-2.6.38.6/net/ipv4/ip_sockglue.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/net/ipv4/ip_sockglue.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1064,6 +1064,8 @@ static int do_ip_getsockopt(struct sock + int val; + int len; + ++ pax_track_stack(); ++ + if (level != SOL_IP) + return -EOPNOTSUPP; + diff -urNp linux-2.6.38.6/net/ipv4/netfilter/nf_nat_snmp_basic.c linux-2.6.38.6/net/ipv4/netfilter/nf_nat_snmp_basic.c --- linux-2.6.38.6/net/ipv4/netfilter/nf_nat_snmp_basic.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/net/ipv4/netfilter/nf_nat_snmp_basic.c 2011-04-28 19:34:15.000000000 -0400 @@ -64217,6 +66899,27 @@ diff -urNp linux-2.6.38.6/net/ipv4/route.c linux-2.6.38.6/net/ipv4/route.c if (rt->peer->tcp_ts_stamp) { ts = rt->peer->tcp_ts; tsage = get_seconds() - rt->peer->tcp_ts_stamp; +diff -urNp linux-2.6.38.6/net/ipv4/tcp.c linux-2.6.38.6/net/ipv4/tcp.c +--- linux-2.6.38.6/net/ipv4/tcp.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/net/ipv4/tcp.c 2011-05-16 21:47:09.000000000 -0400 +@@ -2121,6 +2121,8 @@ static int do_tcp_setsockopt(struct sock + int val; + int err = 0; + ++ pax_track_stack(); ++ + /* These are data/string values, all the others are ints */ + switch (optname) { + case TCP_CONGESTION: { +@@ -2500,6 +2502,8 @@ static int do_tcp_getsockopt(struct sock + struct tcp_sock *tp = tcp_sk(sk); + int val, len; + ++ pax_track_stack(); ++ + if (get_user(len, optlen)) + return -EFAULT; + diff -urNp linux-2.6.38.6/net/ipv4/tcp_ipv4.c linux-2.6.38.6/net/ipv4/tcp_ipv4.c --- linux-2.6.38.6/net/ipv4/tcp_ipv4.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/net/ipv4/tcp_ipv4.c 2011-04-28 19:34:15.000000000 -0400 @@ -64340,6 +67043,18 @@ diff -urNp linux-2.6.38.6/net/ipv4/tcp_minisocks.c linux-2.6.38.6/net/ipv4/tcp_m if (!(flg & TCP_FLAG_RST)) req->rsk_ops->send_reset(sk, skb); +diff -urNp linux-2.6.38.6/net/ipv4/tcp_output.c linux-2.6.38.6/net/ipv4/tcp_output.c +--- linux-2.6.38.6/net/ipv4/tcp_output.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/net/ipv4/tcp_output.c 2011-05-16 21:47:09.000000000 -0400 +@@ -2420,6 +2420,8 @@ struct sk_buff *tcp_make_synack(struct s + int mss; + int s_data_desired = 0; + ++ pax_track_stack(); ++ + if (cvp != NULL && cvp->s_data_constant && cvp->s_data_desired) + s_data_desired = cvp->s_data_desired; + skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15 + s_data_desired, 1, GFP_ATOMIC); diff -urNp linux-2.6.38.6/net/ipv4/tcp_probe.c linux-2.6.38.6/net/ipv4/tcp_probe.c --- linux-2.6.38.6/net/ipv4/tcp_probe.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/net/ipv4/tcp_probe.c 2011-04-28 19:34:15.000000000 -0400 @@ -64528,9 +67243,30 @@ diff -urNp linux-2.6.38.6/net/ipv6/inet6_hashtables.c linux-2.6.38.6/net/ipv6/in const unsigned short hnum, const struct in6_addr *daddr, const int dif) +diff -urNp linux-2.6.38.6/net/ipv6/ipv6_sockglue.c linux-2.6.38.6/net/ipv6/ipv6_sockglue.c +--- linux-2.6.38.6/net/ipv6/ipv6_sockglue.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/net/ipv6/ipv6_sockglue.c 2011-05-16 21:47:09.000000000 -0400 +@@ -129,6 +129,8 @@ static int do_ipv6_setsockopt(struct soc + int val, valbool; + int retv = -ENOPROTOOPT; + ++ pax_track_stack(); ++ + if (optval == NULL) + val=0; + else { +@@ -919,6 +921,8 @@ static int do_ipv6_getsockopt(struct soc + int len; + int val; + ++ pax_track_stack(); ++ + if (ip6_mroute_opt(optname)) + return ip6_mroute_getsockopt(sk, optname, optval, optlen); + diff -urNp linux-2.6.38.6/net/ipv6/raw.c linux-2.6.38.6/net/ipv6/raw.c --- linux-2.6.38.6/net/ipv6/raw.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/net/ipv6/raw.c 2011-04-28 20:08:36.000000000 -0400 ++++ linux-2.6.38.6/net/ipv6/raw.c 2011-05-16 21:47:08.000000000 -0400 @@ -376,7 +376,7 @@ static inline int rawv6_rcv_skb(struct s { if ((raw6_sk(sk)->checksum || rcu_dereference_raw(sk->sk_filter)) && @@ -64567,7 +67303,16 @@ diff -urNp linux-2.6.38.6/net/ipv6/raw.c linux-2.6.38.6/net/ipv6/raw.c struct flowi *fl, struct dst_entry **dstp, unsigned int flags) { -@@ -919,12 +919,15 @@ do_confirm: +@@ -743,6 +743,8 @@ static int rawv6_sendmsg(struct kiocb *i + u16 proto; + int err; + ++ pax_track_stack(); ++ + /* Rough check on arithmetic overflow, + better check is made in ip6_append_data(). + */ +@@ -919,12 +921,15 @@ do_confirm: static int rawv6_seticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int optlen) { @@ -64584,7 +67329,7 @@ diff -urNp linux-2.6.38.6/net/ipv6/raw.c linux-2.6.38.6/net/ipv6/raw.c return 0; default: return -ENOPROTOOPT; -@@ -936,6 +939,7 @@ static int rawv6_seticmpfilter(struct so +@@ -936,6 +941,7 @@ static int rawv6_seticmpfilter(struct so static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { @@ -64592,7 +67337,7 @@ diff -urNp linux-2.6.38.6/net/ipv6/raw.c linux-2.6.38.6/net/ipv6/raw.c int len; switch (optname) { -@@ -948,7 +952,8 @@ static int rawv6_geticmpfilter(struct so +@@ -948,7 +954,8 @@ static int rawv6_geticmpfilter(struct so len = sizeof(struct icmp6_filter); if (put_user(len, optlen)) return -EFAULT; @@ -64602,7 +67347,7 @@ diff -urNp linux-2.6.38.6/net/ipv6/raw.c linux-2.6.38.6/net/ipv6/raw.c return -EFAULT; return 0; default: -@@ -1262,7 +1267,13 @@ static void raw6_sock_seq_show(struct se +@@ -1262,7 +1269,13 @@ static void raw6_sock_seq_show(struct se 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -64929,8 +67674,17 @@ diff -urNp linux-2.6.38.6/net/iucv/af_iucv.c linux-2.6.38.6/net/iucv/af_iucv.c write_unlock_bh(&iucv_sk_list.lock); diff -urNp linux-2.6.38.6/net/key/af_key.c linux-2.6.38.6/net/key/af_key.c --- linux-2.6.38.6/net/key/af_key.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/net/key/af_key.c 2011-04-28 19:57:25.000000000 -0400 -@@ -3003,10 +3003,10 @@ static int pfkey_send_policy_notify(stru ++++ linux-2.6.38.6/net/key/af_key.c 2011-05-16 21:47:08.000000000 -0400 +@@ -2470,6 +2470,8 @@ static int pfkey_migrate(struct sock *sk + struct xfrm_migrate m[XFRM_MAX_DEPTH]; + struct xfrm_kmaddress k; + ++ pax_track_stack(); ++ + if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1], + ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) || + !ext_hdrs[SADB_X_EXT_POLICY - 1]) { +@@ -3003,10 +3005,10 @@ static int pfkey_send_policy_notify(stru static u32 get_acqseq(void) { u32 res; @@ -64943,7 +67697,7 @@ diff -urNp linux-2.6.38.6/net/key/af_key.c linux-2.6.38.6/net/key/af_key.c } while (!res); return res; } -@@ -3644,7 +3644,11 @@ static int pfkey_seq_show(struct seq_fil +@@ -3644,7 +3646,11 @@ static int pfkey_seq_show(struct seq_fil seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n"); else seq_printf(f ,"%p %-6d %-6u %-6u %-6u %-6lu\n", @@ -64978,6 +67732,27 @@ diff -urNp linux-2.6.38.6/net/mac80211/cfg.h linux-2.6.38.6/net/mac80211/cfg.h +extern const struct cfg80211_ops mac80211_config_ops; #endif /* __CFG_H */ +diff -urNp linux-2.6.38.6/net/mac80211/debugfs_sta.c linux-2.6.38.6/net/mac80211/debugfs_sta.c +--- linux-2.6.38.6/net/mac80211/debugfs_sta.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/net/mac80211/debugfs_sta.c 2011-05-16 21:47:09.000000000 -0400 +@@ -115,6 +115,8 @@ static ssize_t sta_agg_status_read(struc + struct tid_ampdu_rx *tid_rx; + struct tid_ampdu_tx *tid_tx; + ++ pax_track_stack(); ++ + rcu_read_lock(); + + p += scnprintf(p, sizeof(buf) + buf - p, "next dialog_token: %#02x\n", +@@ -215,6 +217,8 @@ static ssize_t sta_ht_capa_read(struct f + struct sta_info *sta = file->private_data; + struct ieee80211_sta_ht_cap *htc = &sta->sta.ht_cap; + ++ pax_track_stack(); ++ + p += scnprintf(p, sizeof(buf) + buf - p, "ht %ssupported\n", + htc->ht_supported ? "" : "not "); + if (htc->ht_supported) { diff -urNp linux-2.6.38.6/net/mac80211/ieee80211_i.h linux-2.6.38.6/net/mac80211/ieee80211_i.h --- linux-2.6.38.6/net/mac80211/ieee80211_i.h 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/net/mac80211/ieee80211_i.h 2011-04-28 19:34:15.000000000 -0400 @@ -65067,6 +67842,18 @@ diff -urNp linux-2.6.38.6/net/mac80211/main.c linux-2.6.38.6/net/mac80211/main.c ret = drv_config(local, changed); /* * Goal: +diff -urNp linux-2.6.38.6/net/mac80211/mlme.c linux-2.6.38.6/net/mac80211/mlme.c +--- linux-2.6.38.6/net/mac80211/mlme.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/net/mac80211/mlme.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1356,6 +1356,8 @@ static bool ieee80211_assoc_success(stru + bool have_higher_than_11mbit = false; + u16 ap_ht_cap_flags; + ++ pax_track_stack(); ++ + /* AssocResp and ReassocResp have identical structure */ + + aid = le16_to_cpu(mgmt->u.assoc_resp.aid); diff -urNp linux-2.6.38.6/net/mac80211/pm.c linux-2.6.38.6/net/mac80211/pm.c --- linux-2.6.38.6/net/mac80211/pm.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/net/mac80211/pm.c 2011-04-28 19:34:15.000000000 -0400 @@ -65127,9 +67914,21 @@ diff -urNp linux-2.6.38.6/net/mac80211/util.c linux-2.6.38.6/net/mac80211/util.c /* * Upon resume hardware can sometimes be goofy due to * various platform / driver / bus issues, so restarting +diff -urNp linux-2.6.38.6/net/netfilter/ipvs/ip_vs_app.c linux-2.6.38.6/net/netfilter/ipvs/ip_vs_app.c +--- linux-2.6.38.6/net/netfilter/ipvs/ip_vs_app.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/net/netfilter/ipvs/ip_vs_app.c 2011-05-17 19:31:43.000000000 -0400 +@@ -565,7 +565,7 @@ static const struct file_operations ip_v + .open = ip_vs_app_open, + .read = seq_read, + .llseek = seq_lseek, +- .release = seq_release, ++ .release = seq_release_net, + }; + #endif + diff -urNp linux-2.6.38.6/net/netfilter/ipvs/ip_vs_conn.c linux-2.6.38.6/net/netfilter/ipvs/ip_vs_conn.c --- linux-2.6.38.6/net/netfilter/ipvs/ip_vs_conn.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/net/netfilter/ipvs/ip_vs_conn.c 2011-04-28 19:57:25.000000000 -0400 ++++ linux-2.6.38.6/net/netfilter/ipvs/ip_vs_conn.c 2011-05-17 19:31:43.000000000 -0400 @@ -553,7 +553,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, s /* Increase the refcnt counter of the dest */ atomic_inc(&dest->refcnt); @@ -65148,6 +67947,24 @@ diff -urNp linux-2.6.38.6/net/netfilter/ipvs/ip_vs_conn.c linux-2.6.38.6/net/net atomic_inc(&ip_vs_conn_count); if (flags & IP_VS_CONN_F_NO_CPORT) +@@ -1012,7 +1012,7 @@ static const struct file_operations ip_v + .open = ip_vs_conn_open, + .read = seq_read, + .llseek = seq_lseek, +- .release = seq_release, ++ .release = seq_release_net, + }; + + static const char *ip_vs_origin_name(unsigned flags) +@@ -1075,7 +1075,7 @@ static const struct file_operations ip_v + .open = ip_vs_conn_sync_open, + .read = seq_read, + .llseek = seq_lseek, +- .release = seq_release, ++ .release = seq_release_net, + }; + + #endif @@ -1102,7 +1102,7 @@ static inline int todrop_entry(struct ip /* Don't drop the entry if its number of incoming packets is not @@ -65180,7 +67997,7 @@ diff -urNp linux-2.6.38.6/net/netfilter/ipvs/ip_vs_core.c linux-2.6.38.6/net/net if ((cp->state == IP_VS_SCTP_S_ESTABLISHED && diff -urNp linux-2.6.38.6/net/netfilter/ipvs/ip_vs_ctl.c linux-2.6.38.6/net/netfilter/ipvs/ip_vs_ctl.c --- linux-2.6.38.6/net/netfilter/ipvs/ip_vs_ctl.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/net/netfilter/ipvs/ip_vs_ctl.c 2011-04-28 19:57:25.000000000 -0400 ++++ linux-2.6.38.6/net/netfilter/ipvs/ip_vs_ctl.c 2011-05-17 19:31:43.000000000 -0400 @@ -787,7 +787,7 @@ __ip_vs_update_dest(struct ip_vs_service ip_vs_rs_hash(dest); write_unlock_bh(&__ip_vs_rs_lock); @@ -65208,6 +68025,24 @@ diff -urNp linux-2.6.38.6/net/netfilter/ipvs/ip_vs_ctl.c linux-2.6.38.6/net/netf atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); +@@ -1944,7 +1944,7 @@ static const struct file_operations ip_v + .open = ip_vs_info_open, + .read = seq_read, + .llseek = seq_lseek, +- .release = seq_release_private, ++ .release = seq_release_net, + }; + + #endif +@@ -1993,7 +1993,7 @@ static const struct file_operations ip_v + .open = ip_vs_stats_seq_open, + .read = seq_read, + .llseek = seq_lseek, +- .release = single_release, ++ .release = single_release_net, + }; + + #endif @@ -2315,7 +2315,7 @@ __ip_vs_get_dest_entries(const struct ip entry.addr = dest->addr.ip; @@ -65217,7 +68052,16 @@ diff -urNp linux-2.6.38.6/net/netfilter/ipvs/ip_vs_ctl.c linux-2.6.38.6/net/netf entry.weight = atomic_read(&dest->weight); entry.u_threshold = dest->u_threshold; entry.l_threshold = dest->l_threshold; -@@ -2831,7 +2831,7 @@ static int ip_vs_genl_fill_dest(struct s +@@ -2376,6 +2376,8 @@ do_ip_vs_get_ctl(struct sock *sk, int cm + int ret = 0; + unsigned int copylen; + ++ pax_track_stack(); ++ + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + +@@ -2831,7 +2833,7 @@ static int ip_vs_genl_fill_dest(struct s NLA_PUT_U16(skb, IPVS_DEST_ATTR_PORT, dest->port); NLA_PUT_U32(skb, IPVS_DEST_ATTR_FWD_METHOD, @@ -65707,6 +68551,18 @@ diff -urNp linux-2.6.38.6/net/rds/iw.h linux-2.6.38.6/net/rds/iw.h #else spinlock_t i_ack_lock; /* protect i_ack_next */ u64 i_ack_next; /* next ACK to send */ +diff -urNp linux-2.6.38.6/net/rds/iw_rdma.c linux-2.6.38.6/net/rds/iw_rdma.c +--- linux-2.6.38.6/net/rds/iw_rdma.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/net/rds/iw_rdma.c 2011-05-16 21:47:09.000000000 -0400 +@@ -182,6 +182,8 @@ int rds_iw_update_cm_id(struct rds_iw_de + struct rdma_cm_id *pcm_id; + int rc; + ++ pax_track_stack(); ++ + src_addr = (struct sockaddr_in *)&cm_id->route.addr.src_addr; + dst_addr = (struct sockaddr_in *)&cm_id->route.addr.dst_addr; + diff -urNp linux-2.6.38.6/net/rds/iw_recv.c linux-2.6.38.6/net/rds/iw_recv.c --- linux-2.6.38.6/net/rds/iw_recv.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/net/rds/iw_recv.c 2011-05-11 18:35:16.000000000 -0400 @@ -65742,7 +68598,7 @@ diff -urNp linux-2.6.38.6/net/rxrpc/af_rxrpc.c linux-2.6.38.6/net/rxrpc/af_rxrpc atomic_t rxrpc_n_skbs; diff -urNp linux-2.6.38.6/net/rxrpc/ar-ack.c linux-2.6.38.6/net/rxrpc/ar-ack.c --- linux-2.6.38.6/net/rxrpc/ar-ack.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/net/rxrpc/ar-ack.c 2011-04-28 19:57:25.000000000 -0400 ++++ linux-2.6.38.6/net/rxrpc/ar-ack.c 2011-05-16 21:47:08.000000000 -0400 @@ -175,7 +175,7 @@ static void rxrpc_resend(struct rxrpc_ca _enter("{%d,%d,%d,%d},", @@ -65779,7 +68635,16 @@ diff -urNp linux-2.6.38.6/net/rxrpc/ar-ack.c linux-2.6.38.6/net/rxrpc/ar-ack.c _proto("Rx ACK %%%u { m=%hu f=#%u p=#%u s=%%%u r=%s n=%u }", latest, -@@ -1163,7 +1163,7 @@ void rxrpc_process_call(struct work_stru +@@ -844,6 +844,8 @@ void rxrpc_process_call(struct work_stru + u32 abort_code = RX_PROTOCOL_ERROR; + u8 *acks = NULL; + ++ pax_track_stack(); ++ + //printk("\n--------------------\n"); + _enter("{%d,%s,%lx} [%lu]", + call->debug_id, rxrpc_call_states[call->state], call->events, +@@ -1163,7 +1165,7 @@ void rxrpc_process_call(struct work_stru goto maybe_reschedule; send_ACK_with_skew: @@ -65788,7 +68653,7 @@ diff -urNp linux-2.6.38.6/net/rxrpc/ar-ack.c linux-2.6.38.6/net/rxrpc/ar-ack.c ntohl(ack.serial)); send_ACK: mtu = call->conn->trans->peer->if_mtu; -@@ -1175,7 +1175,7 @@ send_ACK: +@@ -1175,7 +1177,7 @@ send_ACK: ackinfo.rxMTU = htonl(5692); ackinfo.jumbo_max = htonl(4); @@ -65797,7 +68662,7 @@ diff -urNp linux-2.6.38.6/net/rxrpc/ar-ack.c linux-2.6.38.6/net/rxrpc/ar-ack.c _proto("Tx ACK %%%u { m=%hu f=#%u p=#%u s=%%%u r=%s n=%u }", ntohl(hdr.serial), ntohs(ack.maxSkew), -@@ -1193,7 +1193,7 @@ send_ACK: +@@ -1193,7 +1195,7 @@ send_ACK: send_message: _debug("send message"); @@ -65956,8 +68821,26 @@ diff -urNp linux-2.6.38.6/net/rxrpc/ar-transport.c linux-2.6.38.6/net/rxrpc/ar-t switch (peer->srx.transport_type) { diff -urNp linux-2.6.38.6/net/rxrpc/rxkad.c linux-2.6.38.6/net/rxrpc/rxkad.c --- linux-2.6.38.6/net/rxrpc/rxkad.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/net/rxrpc/rxkad.c 2011-04-28 19:57:25.000000000 -0400 -@@ -610,7 +610,7 @@ static int rxkad_issue_challenge(struct ++++ linux-2.6.38.6/net/rxrpc/rxkad.c 2011-05-16 21:47:08.000000000 -0400 +@@ -211,6 +211,8 @@ static int rxkad_secure_packet_encrypt(c + u16 check; + int nsg; + ++ pax_track_stack(); ++ + sp = rxrpc_skb(skb); + + _enter(""); +@@ -338,6 +340,8 @@ static int rxkad_verify_packet_auth(cons + u16 check; + int nsg; + ++ pax_track_stack(); ++ + _enter(""); + + sp = rxrpc_skb(skb); +@@ -610,7 +614,7 @@ static int rxkad_issue_challenge(struct len = iov[0].iov_len + iov[1].iov_len; @@ -65966,7 +68849,7 @@ diff -urNp linux-2.6.38.6/net/rxrpc/rxkad.c linux-2.6.38.6/net/rxrpc/rxkad.c _proto("Tx CHALLENGE %%%u", ntohl(hdr.serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 2, len); -@@ -660,7 +660,7 @@ static int rxkad_send_response(struct rx +@@ -660,7 +664,7 @@ static int rxkad_send_response(struct rx len = iov[0].iov_len + iov[1].iov_len + iov[2].iov_len; @@ -66020,7 +68903,7 @@ diff -urNp linux-2.6.38.6/net/sctp/socket.c linux-2.6.38.6/net/sctp/socket.c cnt++; diff -urNp linux-2.6.38.6/net/socket.c linux-2.6.38.6/net/socket.c --- linux-2.6.38.6/net/socket.c 2011-04-18 17:27:16.000000000 -0400 -+++ linux-2.6.38.6/net/socket.c 2011-04-28 19:34:15.000000000 -0400 ++++ linux-2.6.38.6/net/socket.c 2011-05-16 21:47:09.000000000 -0400 @@ -88,6 +88,7 @@ #include <linux/nsproxy.h> #include <linux/magic.h> @@ -66171,6 +69054,15 @@ diff -urNp linux-2.6.38.6/net/socket.c linux-2.6.38.6/net/socket.c err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); if (err) +@@ -1877,6 +1937,8 @@ SYSCALL_DEFINE3(sendmsg, int, fd, struct + int err, ctl_len, iov_size, total_len; + int fput_needed; + ++ pax_track_stack(); ++ + err = -EFAULT; + if (MSG_CMSG_COMPAT & flags) { + if (get_compat_msghdr(&msg_sys, msg_compat)) diff -urNp linux-2.6.38.6/net/sunrpc/sched.c linux-2.6.38.6/net/sunrpc/sched.c --- linux-2.6.38.6/net/sunrpc/sched.c 2011-04-18 17:27:14.000000000 -0400 +++ linux-2.6.38.6/net/sunrpc/sched.c 2011-04-28 19:34:15.000000000 -0400 @@ -66582,6 +69474,27 @@ diff -urNp linux-2.6.38.6/net/xfrm/xfrm_policy.c linux-2.6.38.6/net/xfrm/xfrm_po } } +diff -urNp linux-2.6.38.6/net/xfrm/xfrm_user.c linux-2.6.38.6/net/xfrm/xfrm_user.c +--- linux-2.6.38.6/net/xfrm/xfrm_user.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/net/xfrm/xfrm_user.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1309,6 +1309,8 @@ static int copy_to_user_tmpl(struct xfrm + struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; + int i; + ++ pax_track_stack(); ++ + if (xp->xfrm_nr == 0) + return 0; + +@@ -1957,6 +1959,8 @@ static int xfrm_do_migrate(struct sk_buf + int err; + int n = 0; + ++ pax_track_stack(); ++ + if (attrs[XFRMA_MIGRATE] == NULL) + return -EINVAL; + diff -urNp linux-2.6.38.6/scripts/basic/fixdep.c linux-2.6.38.6/scripts/basic/fixdep.c --- linux-2.6.38.6/scripts/basic/fixdep.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/scripts/basic/fixdep.c 2011-04-28 19:34:15.000000000 -0400 @@ -67544,6 +70457,18 @@ diff -urNp linux-2.6.38.6/security/selinux/hooks.c linux-2.6.38.6/security/selin .name = "selinux", .ptrace_access_check = selinux_ptrace_access_check, +diff -urNp linux-2.6.38.6/security/selinux/ss/services.c linux-2.6.38.6/security/selinux/ss/services.c +--- linux-2.6.38.6/security/selinux/ss/services.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/security/selinux/ss/services.c 2011-05-16 21:47:09.000000000 -0400 +@@ -1769,6 +1769,8 @@ int security_load_policy(void *data, siz + int rc = 0; + struct policy_file file = { data, len }, *fp = &file; + ++ pax_track_stack(); ++ + if (!ss_initialized) { + avtab_cache_init(); + rc = policydb_read(&policydb, fp); diff -urNp linux-2.6.38.6/security/smack/smack_lsm.c linux-2.6.38.6/security/smack/smack_lsm.c --- linux-2.6.38.6/security/smack/smack_lsm.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/security/smack/smack_lsm.c 2011-04-28 19:34:15.000000000 -0400 diff --git a/testing/linux-grsec/pax_track_stack.patch b/testing/linux-grsec/pax_track_stack.patch new file mode 100644 index 000000000..f4d8d7827 --- /dev/null +++ b/testing/linux-grsec/pax_track_stack.patch @@ -0,0 +1,10 @@ +--- ./drivers/net/mlx4/main.c.orig ++++ ./drivers/net/mlx4/main.c +@@ -39,6 +39,7 @@ + #include <linux/pci.h> + #include <linux/dma-mapping.h> + #include <linux/slab.h> ++#include <linux/sched.h> + + #include <linux/mlx4/device.h> + #include <linux/mlx4/doorbell.h> |