Annotation of /trunk/kernel26-alx/patches-2.6.27-r3/0136-2.6.27.37-all-fixes.patch
Parent Directory | Revision Log
Revision 1176 -
(hide annotations)
(download)
Thu Oct 14 15:11:06 2010 UTC (13 years, 11 months ago) by niro
File size: 10897 byte(s)
Thu Oct 14 15:11:06 2010 UTC (13 years, 11 months ago) by niro
File size: 10897 byte(s)
-2.6.27-alx-r3: new magellan 0.5.2 kernel
1 | niro | 1176 | diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S |
2 | index 5e65290..09b59b2 100644 | ||
3 | --- a/arch/x86/ia32/ia32entry.S | ||
4 | +++ b/arch/x86/ia32/ia32entry.S | ||
5 | @@ -21,8 +21,8 @@ | ||
6 | #define __AUDIT_ARCH_LE 0x40000000 | ||
7 | |||
8 | #ifndef CONFIG_AUDITSYSCALL | ||
9 | -#define sysexit_audit int_ret_from_sys_call | ||
10 | -#define sysretl_audit int_ret_from_sys_call | ||
11 | +#define sysexit_audit ia32_ret_from_sys_call | ||
12 | +#define sysretl_audit ia32_ret_from_sys_call | ||
13 | #endif | ||
14 | |||
15 | #define IA32_NR_syscalls ((ia32_syscall_end - ia32_sys_call_table)/8) | ||
16 | @@ -39,12 +39,12 @@ | ||
17 | .endm | ||
18 | |||
19 | /* clobbers %eax */ | ||
20 | - .macro CLEAR_RREGS | ||
21 | + .macro CLEAR_RREGS offset=0, _r9=rax | ||
22 | xorl %eax,%eax | ||
23 | - movq %rax,R11(%rsp) | ||
24 | - movq %rax,R10(%rsp) | ||
25 | - movq %rax,R9(%rsp) | ||
26 | - movq %rax,R8(%rsp) | ||
27 | + movq %rax,\offset+R11(%rsp) | ||
28 | + movq %rax,\offset+R10(%rsp) | ||
29 | + movq %\_r9,\offset+R9(%rsp) | ||
30 | + movq %rax,\offset+R8(%rsp) | ||
31 | .endm | ||
32 | |||
33 | /* | ||
34 | @@ -52,11 +52,10 @@ | ||
35 | * We don't reload %eax because syscall_trace_enter() returned | ||
36 | * the value it wants us to use in the table lookup. | ||
37 | */ | ||
38 | - .macro LOAD_ARGS32 offset | ||
39 | - movl \offset(%rsp),%r11d | ||
40 | - movl \offset+8(%rsp),%r10d | ||
41 | + .macro LOAD_ARGS32 offset, _r9=0 | ||
42 | + .if \_r9 | ||
43 | movl \offset+16(%rsp),%r9d | ||
44 | - movl \offset+24(%rsp),%r8d | ||
45 | + .endif | ||
46 | movl \offset+40(%rsp),%ecx | ||
47 | movl \offset+48(%rsp),%edx | ||
48 | movl \offset+56(%rsp),%esi | ||
49 | @@ -145,7 +144,7 @@ ENTRY(ia32_sysenter_target) | ||
50 | SAVE_ARGS 0,0,1 | ||
51 | /* no need to do an access_ok check here because rbp has been | ||
52 | 32bit zero extended */ | ||
53 | -1: movl (%rbp),%r9d | ||
54 | +1: movl (%rbp),%ebp | ||
55 | .section __ex_table,"a" | ||
56 | .quad 1b,ia32_badarg | ||
57 | .previous | ||
58 | @@ -157,7 +156,7 @@ ENTRY(ia32_sysenter_target) | ||
59 | cmpl $(IA32_NR_syscalls-1),%eax | ||
60 | ja ia32_badsys | ||
61 | sysenter_do_call: | ||
62 | - IA32_ARG_FIXUP 1 | ||
63 | + IA32_ARG_FIXUP | ||
64 | sysenter_dispatch: | ||
65 | call *ia32_sys_call_table(,%rax,8) | ||
66 | movq %rax,RAX-ARGOFFSET(%rsp) | ||
67 | @@ -173,6 +172,10 @@ sysexit_from_sys_call: | ||
68 | movl RIP-R11(%rsp),%edx /* User %eip */ | ||
69 | CFI_REGISTER rip,rdx | ||
70 | RESTORE_ARGS 1,24,1,1,1,1 | ||
71 | + xorq %r8,%r8 | ||
72 | + xorq %r9,%r9 | ||
73 | + xorq %r10,%r10 | ||
74 | + xorq %r11,%r11 | ||
75 | popfq | ||
76 | CFI_ADJUST_CFA_OFFSET -8 | ||
77 | /*CFI_RESTORE rflags*/ | ||
78 | @@ -203,7 +206,7 @@ sysexit_from_sys_call: | ||
79 | |||
80 | .macro auditsys_exit exit,ebpsave=RBP | ||
81 | testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) | ||
82 | - jnz int_ret_from_sys_call | ||
83 | + jnz ia32_ret_from_sys_call | ||
84 | TRACE_IRQS_ON | ||
85 | sti | ||
86 | movl %eax,%esi /* second arg, syscall return value */ | ||
87 | @@ -219,8 +222,9 @@ sysexit_from_sys_call: | ||
88 | cli | ||
89 | TRACE_IRQS_OFF | ||
90 | testl %edi,TI_flags(%r10) | ||
91 | - jnz int_with_check | ||
92 | - jmp \exit | ||
93 | + jz \exit | ||
94 | + CLEAR_RREGS -ARGOFFSET | ||
95 | + jmp int_with_check | ||
96 | .endm | ||
97 | |||
98 | sysenter_auditsys: | ||
99 | @@ -234,20 +238,17 @@ sysexit_audit: | ||
100 | #endif | ||
101 | |||
102 | sysenter_tracesys: | ||
103 | - xchgl %r9d,%ebp | ||
104 | #ifdef CONFIG_AUDITSYSCALL | ||
105 | testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) | ||
106 | jz sysenter_auditsys | ||
107 | #endif | ||
108 | SAVE_REST | ||
109 | CLEAR_RREGS | ||
110 | - movq %r9,R9(%rsp) | ||
111 | movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */ | ||
112 | movq %rsp,%rdi /* &pt_regs -> arg1 */ | ||
113 | call syscall_trace_enter | ||
114 | LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ | ||
115 | RESTORE_REST | ||
116 | - xchgl %ebp,%r9d | ||
117 | cmpl $(IA32_NR_syscalls-1),%eax | ||
118 | ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */ | ||
119 | jmp sysenter_do_call | ||
120 | @@ -314,9 +315,9 @@ ENTRY(ia32_cstar_target) | ||
121 | testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) | ||
122 | CFI_REMEMBER_STATE | ||
123 | jnz cstar_tracesys | ||
124 | -cstar_do_call: | ||
125 | cmpl $IA32_NR_syscalls-1,%eax | ||
126 | ja ia32_badsys | ||
127 | +cstar_do_call: | ||
128 | IA32_ARG_FIXUP 1 | ||
129 | cstar_dispatch: | ||
130 | call *ia32_sys_call_table(,%rax,8) | ||
131 | @@ -333,6 +334,9 @@ sysretl_from_sys_call: | ||
132 | CFI_REGISTER rip,rcx | ||
133 | movl EFLAGS-ARGOFFSET(%rsp),%r11d | ||
134 | /*CFI_REGISTER rflags,r11*/ | ||
135 | + xorq %r10,%r10 | ||
136 | + xorq %r9,%r9 | ||
137 | + xorq %r8,%r8 | ||
138 | TRACE_IRQS_ON | ||
139 | movl RSP-ARGOFFSET(%rsp),%esp | ||
140 | CFI_RESTORE rsp | ||
141 | @@ -357,15 +361,13 @@ cstar_tracesys: | ||
142 | #endif | ||
143 | xchgl %r9d,%ebp | ||
144 | SAVE_REST | ||
145 | - CLEAR_RREGS | ||
146 | - movq %r9,R9(%rsp) | ||
147 | + CLEAR_RREGS 0, r9 | ||
148 | movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ | ||
149 | movq %rsp,%rdi /* &pt_regs -> arg1 */ | ||
150 | call syscall_trace_enter | ||
151 | - LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ | ||
152 | + LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */ | ||
153 | RESTORE_REST | ||
154 | xchgl %ebp,%r9d | ||
155 | - movl RSP-ARGOFFSET(%rsp), %r8d | ||
156 | cmpl $(IA32_NR_syscalls-1),%eax | ||
157 | ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */ | ||
158 | jmp cstar_do_call | ||
159 | @@ -431,6 +433,8 @@ ia32_do_call: | ||
160 | call *ia32_sys_call_table(,%rax,8) # xxx: rip relative | ||
161 | ia32_sysret: | ||
162 | movq %rax,RAX-ARGOFFSET(%rsp) | ||
163 | +ia32_ret_from_sys_call: | ||
164 | + CLEAR_RREGS -ARGOFFSET | ||
165 | jmp int_ret_from_sys_call | ||
166 | |||
167 | ia32_tracesys: | ||
168 | @@ -448,8 +452,8 @@ END(ia32_syscall) | ||
169 | |||
170 | ia32_badsys: | ||
171 | movq $0,ORIG_RAX-ARGOFFSET(%rsp) | ||
172 | - movq $-ENOSYS,RAX-ARGOFFSET(%rsp) | ||
173 | - jmp int_ret_from_sys_call | ||
174 | + movq $-ENOSYS,%rax | ||
175 | + jmp ia32_sysret | ||
176 | |||
177 | quiet_ni_syscall: | ||
178 | movq $-ENOSYS,%rax | ||
179 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c | ||
180 | index f7c7142..60ebfd7 100644 | ||
181 | --- a/arch/x86/kvm/x86.c | ||
182 | +++ b/arch/x86/kvm/x86.c | ||
183 | @@ -2571,6 +2571,11 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) | ||
184 | a3 &= 0xFFFFFFFF; | ||
185 | } | ||
186 | |||
187 | + if (kvm_x86_ops->get_cpl(vcpu) != 0) { | ||
188 | + ret = -KVM_EPERM; | ||
189 | + goto out; | ||
190 | + } | ||
191 | + | ||
192 | switch (nr) { | ||
193 | case KVM_HC_VAPIC_POLL_IRQ: | ||
194 | ret = 0; | ||
195 | @@ -2582,6 +2587,7 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) | ||
196 | ret = -KVM_ENOSYS; | ||
197 | break; | ||
198 | } | ||
199 | +out: | ||
200 | vcpu->arch.regs[VCPU_REGS_RAX] = ret; | ||
201 | kvm_x86_ops->decache_regs(vcpu); | ||
202 | ++vcpu->stat.hypercalls; | ||
203 | diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c | ||
204 | index 56fe712..47dd8f5 100644 | ||
205 | --- a/arch/x86/mm/mmap.c | ||
206 | +++ b/arch/x86/mm/mmap.c | ||
207 | @@ -29,13 +29,26 @@ | ||
208 | #include <linux/random.h> | ||
209 | #include <linux/limits.h> | ||
210 | #include <linux/sched.h> | ||
211 | +#include <asm/elf.h> | ||
212 | + | ||
213 | +static unsigned int stack_maxrandom_size(void) | ||
214 | +{ | ||
215 | + unsigned int max = 0; | ||
216 | + if ((current->flags & PF_RANDOMIZE) && | ||
217 | + !(current->personality & ADDR_NO_RANDOMIZE)) { | ||
218 | + max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT; | ||
219 | + } | ||
220 | + | ||
221 | + return max; | ||
222 | +} | ||
223 | + | ||
224 | |||
225 | /* | ||
226 | * Top of mmap area (just below the process stack). | ||
227 | * | ||
228 | - * Leave an at least ~128 MB hole. | ||
229 | + * Leave an at least ~128 MB hole with possible stack randomization. | ||
230 | */ | ||
231 | -#define MIN_GAP (128*1024*1024) | ||
232 | +#define MIN_GAP (128*1024*1024UL + stack_maxrandom_size()) | ||
233 | #define MAX_GAP (TASK_SIZE/6*5) | ||
234 | |||
235 | /* | ||
236 | diff --git a/drivers/net/iseries_veth.c b/drivers/net/iseries_veth.c | ||
237 | index c46864d..e1db78a 100644 | ||
238 | --- a/drivers/net/iseries_veth.c | ||
239 | +++ b/drivers/net/iseries_veth.c | ||
240 | @@ -495,7 +495,7 @@ static void veth_take_cap_ack(struct veth_lpar_connection *cnx, | ||
241 | cnx->remote_lp); | ||
242 | } else { | ||
243 | memcpy(&cnx->cap_ack_event, event, | ||
244 | - sizeof(&cnx->cap_ack_event)); | ||
245 | + sizeof(cnx->cap_ack_event)); | ||
246 | cnx->state |= VETH_STATE_GOTCAPACK; | ||
247 | veth_kick_statemachine(cnx); | ||
248 | } | ||
249 | diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c | ||
250 | index 763c1ea..dad4fe6 100644 | ||
251 | --- a/drivers/watchdog/hpwdt.c | ||
252 | +++ b/drivers/watchdog/hpwdt.c | ||
253 | @@ -47,6 +47,7 @@ | ||
254 | #define PCI_BIOS32_PARAGRAPH_LEN 16 | ||
255 | #define PCI_ROM_BASE1 0x000F0000 | ||
256 | #define ROM_SIZE 0x10000 | ||
257 | +#define HPWDT_VERSION "1.01" | ||
258 | |||
259 | struct bios32_service_dir { | ||
260 | u32 signature; | ||
261 | @@ -130,12 +131,8 @@ static void *cru_rom_addr; | ||
262 | static struct cmn_registers cmn_regs; | ||
263 | |||
264 | static struct pci_device_id hpwdt_devices[] = { | ||
265 | - { | ||
266 | - .vendor = PCI_VENDOR_ID_COMPAQ, | ||
267 | - .device = 0xB203, | ||
268 | - .subvendor = PCI_ANY_ID, | ||
269 | - .subdevice = PCI_ANY_ID, | ||
270 | - }, | ||
271 | + { PCI_DEVICE(PCI_VENDOR_ID_COMPAQ, 0xB203) }, | ||
272 | + { PCI_DEVICE(PCI_VENDOR_ID_HP, 0x3306) }, | ||
273 | {0}, /* terminate list */ | ||
274 | }; | ||
275 | MODULE_DEVICE_TABLE(pci, hpwdt_devices); | ||
276 | @@ -704,10 +701,11 @@ static int __devinit hpwdt_init_one(struct pci_dev *dev, | ||
277 | } | ||
278 | |||
279 | printk(KERN_INFO | ||
280 | - "hp Watchdog Timer Driver: 1.00" | ||
281 | + "hp Watchdog Timer Driver: %s" | ||
282 | ", timer margin: %d seconds (nowayout=%d)" | ||
283 | ", allow kernel dump: %s (default = 0/OFF).\n", | ||
284 | - soft_margin, nowayout, (allow_kdump == 0) ? "OFF" : "ON"); | ||
285 | + HPWDT_VERSION, soft_margin, nowayout, | ||
286 | + (allow_kdump == 0) ? "OFF" : "ON"); | ||
287 | |||
288 | return 0; | ||
289 | |||
290 | @@ -757,6 +755,7 @@ static int __init hpwdt_init(void) | ||
291 | MODULE_AUTHOR("Tom Mingarelli"); | ||
292 | MODULE_DESCRIPTION("hp watchdog driver"); | ||
293 | MODULE_LICENSE("GPL"); | ||
294 | +MODULE_VERSION(HPWDT_VERSION); | ||
295 | MODULE_ALIAS_MISCDEV(WATCHDOG_MINOR); | ||
296 | |||
297 | module_param(soft_margin, int, 0); | ||
298 | diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c | ||
299 | index 5e78fc1..1c1220e 100644 | ||
300 | --- a/fs/ecryptfs/inode.c | ||
301 | +++ b/fs/ecryptfs/inode.c | ||
302 | @@ -443,6 +443,7 @@ static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry) | ||
303 | struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir); | ||
304 | struct dentry *lower_dir_dentry; | ||
305 | |||
306 | + dget(lower_dentry); | ||
307 | lower_dir_dentry = lock_parent(lower_dentry); | ||
308 | rc = vfs_unlink(lower_dir_inode, lower_dentry); | ||
309 | if (rc) { | ||
310 | @@ -456,6 +457,7 @@ static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry) | ||
311 | d_drop(dentry); | ||
312 | out_unlock: | ||
313 | unlock_dir(lower_dir_dentry); | ||
314 | + dput(lower_dentry); | ||
315 | return rc; | ||
316 | } | ||
317 | |||
318 | diff --git a/include/asm-x86/elf.h b/include/asm-x86/elf.h | ||
319 | index 7be4733..36343b6 100644 | ||
320 | --- a/include/asm-x86/elf.h | ||
321 | +++ b/include/asm-x86/elf.h | ||
322 | @@ -287,6 +287,8 @@ do { \ | ||
323 | |||
324 | #ifdef CONFIG_X86_32 | ||
325 | |||
326 | +#define STACK_RND_MASK (0x7ff) | ||
327 | + | ||
328 | #define VDSO_HIGH_BASE (__fix_to_virt(FIX_VDSO)) | ||
329 | |||
330 | #define ARCH_DLINFO ARCH_DLINFO_IA32(vdso_enabled) | ||
331 | diff --git a/include/linux/kvm_para.h b/include/linux/kvm_para.h | ||
332 | index 3ddce03..d731092 100644 | ||
333 | --- a/include/linux/kvm_para.h | ||
334 | +++ b/include/linux/kvm_para.h | ||
335 | @@ -13,6 +13,7 @@ | ||
336 | #define KVM_ENOSYS 1000 | ||
337 | #define KVM_EFAULT EFAULT | ||
338 | #define KVM_E2BIG E2BIG | ||
339 | +#define KVM_EPERM EPERM | ||
340 | |||
341 | #define KVM_HC_VAPIC_POLL_IRQ 1 | ||
342 | #define KVM_HC_MMU_OP 2 | ||
343 | diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c | ||
344 | index 521960b..6e22c16 100644 | ||
345 | --- a/kernel/time/timekeeping.c | ||
346 | +++ b/kernel/time/timekeeping.c | ||
347 | @@ -477,6 +477,28 @@ void update_wall_time(void) | ||
348 | /* correct the clock when NTP error is too big */ | ||
349 | clocksource_adjust(offset); | ||
350 | |||
351 | + /* | ||
352 | + * Since in the loop above, we accumulate any amount of time | ||
353 | + * in xtime_nsec over a second into xtime.tv_sec, its possible for | ||
354 | + * xtime_nsec to be fairly small after the loop. Further, if we're | ||
355 | + * slightly speeding the clocksource up in clocksource_adjust(), | ||
356 | + * its possible the required corrective factor to xtime_nsec could | ||
357 | + * cause it to underflow. | ||
358 | + * | ||
359 | + * Now, we cannot simply roll the accumulated second back, since | ||
360 | + * the NTP subsystem has been notified via second_overflow. So | ||
361 | + * instead we push xtime_nsec forward by the amount we underflowed, | ||
362 | + * and add that amount into the error. | ||
363 | + * | ||
364 | + * We'll correct this error next time through this function, when | ||
365 | + * xtime_nsec is not as small. | ||
366 | + */ | ||
367 | + if (unlikely((s64)clock->xtime_nsec < 0)) { | ||
368 | + s64 neg = -(s64)clock->xtime_nsec; | ||
369 | + clock->xtime_nsec = 0; | ||
370 | + clock->error += neg << (NTP_SCALE_SHIFT - clock->shift); | ||
371 | + } | ||
372 | + | ||
373 | /* store full nanoseconds into xtime */ | ||
374 | xtime.tv_nsec = (s64)clock->xtime_nsec >> clock->shift; | ||
375 | clock->xtime_nsec -= (s64)xtime.tv_nsec << clock->shift; |