Contents of /trunk/kernel26-alx/patches-2.6.27-r3/0136-2.6.27.37-all-fixes.patch
Parent Directory | Revision Log
Revision 1176 -
(show annotations)
(download)
Thu Oct 14 15:11:06 2010 UTC (13 years, 11 months ago) by niro
File size: 10897 byte(s)
Thu Oct 14 15:11:06 2010 UTC (13 years, 11 months ago) by niro
File size: 10897 byte(s)
-2.6.27-alx-r3: new magellan 0.5.2 kernel
1 | diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S |
2 | index 5e65290..09b59b2 100644 |
3 | --- a/arch/x86/ia32/ia32entry.S |
4 | +++ b/arch/x86/ia32/ia32entry.S |
5 | @@ -21,8 +21,8 @@ |
6 | #define __AUDIT_ARCH_LE 0x40000000 |
7 | |
8 | #ifndef CONFIG_AUDITSYSCALL |
9 | -#define sysexit_audit int_ret_from_sys_call |
10 | -#define sysretl_audit int_ret_from_sys_call |
11 | +#define sysexit_audit ia32_ret_from_sys_call |
12 | +#define sysretl_audit ia32_ret_from_sys_call |
13 | #endif |
14 | |
15 | #define IA32_NR_syscalls ((ia32_syscall_end - ia32_sys_call_table)/8) |
16 | @@ -39,12 +39,12 @@ |
17 | .endm |
18 | |
19 | /* clobbers %eax */ |
20 | - .macro CLEAR_RREGS |
21 | + .macro CLEAR_RREGS offset=0, _r9=rax |
22 | xorl %eax,%eax |
23 | - movq %rax,R11(%rsp) |
24 | - movq %rax,R10(%rsp) |
25 | - movq %rax,R9(%rsp) |
26 | - movq %rax,R8(%rsp) |
27 | + movq %rax,\offset+R11(%rsp) |
28 | + movq %rax,\offset+R10(%rsp) |
29 | + movq %\_r9,\offset+R9(%rsp) |
30 | + movq %rax,\offset+R8(%rsp) |
31 | .endm |
32 | |
33 | /* |
34 | @@ -52,11 +52,10 @@ |
35 | * We don't reload %eax because syscall_trace_enter() returned |
36 | * the value it wants us to use in the table lookup. |
37 | */ |
38 | - .macro LOAD_ARGS32 offset |
39 | - movl \offset(%rsp),%r11d |
40 | - movl \offset+8(%rsp),%r10d |
41 | + .macro LOAD_ARGS32 offset, _r9=0 |
42 | + .if \_r9 |
43 | movl \offset+16(%rsp),%r9d |
44 | - movl \offset+24(%rsp),%r8d |
45 | + .endif |
46 | movl \offset+40(%rsp),%ecx |
47 | movl \offset+48(%rsp),%edx |
48 | movl \offset+56(%rsp),%esi |
49 | @@ -145,7 +144,7 @@ ENTRY(ia32_sysenter_target) |
50 | SAVE_ARGS 0,0,1 |
51 | /* no need to do an access_ok check here because rbp has been |
52 | 32bit zero extended */ |
53 | -1: movl (%rbp),%r9d |
54 | +1: movl (%rbp),%ebp |
55 | .section __ex_table,"a" |
56 | .quad 1b,ia32_badarg |
57 | .previous |
58 | @@ -157,7 +156,7 @@ ENTRY(ia32_sysenter_target) |
59 | cmpl $(IA32_NR_syscalls-1),%eax |
60 | ja ia32_badsys |
61 | sysenter_do_call: |
62 | - IA32_ARG_FIXUP 1 |
63 | + IA32_ARG_FIXUP |
64 | sysenter_dispatch: |
65 | call *ia32_sys_call_table(,%rax,8) |
66 | movq %rax,RAX-ARGOFFSET(%rsp) |
67 | @@ -173,6 +172,10 @@ sysexit_from_sys_call: |
68 | movl RIP-R11(%rsp),%edx /* User %eip */ |
69 | CFI_REGISTER rip,rdx |
70 | RESTORE_ARGS 1,24,1,1,1,1 |
71 | + xorq %r8,%r8 |
72 | + xorq %r9,%r9 |
73 | + xorq %r10,%r10 |
74 | + xorq %r11,%r11 |
75 | popfq |
76 | CFI_ADJUST_CFA_OFFSET -8 |
77 | /*CFI_RESTORE rflags*/ |
78 | @@ -203,7 +206,7 @@ sysexit_from_sys_call: |
79 | |
80 | .macro auditsys_exit exit,ebpsave=RBP |
81 | testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) |
82 | - jnz int_ret_from_sys_call |
83 | + jnz ia32_ret_from_sys_call |
84 | TRACE_IRQS_ON |
85 | sti |
86 | movl %eax,%esi /* second arg, syscall return value */ |
87 | @@ -219,8 +222,9 @@ sysexit_from_sys_call: |
88 | cli |
89 | TRACE_IRQS_OFF |
90 | testl %edi,TI_flags(%r10) |
91 | - jnz int_with_check |
92 | - jmp \exit |
93 | + jz \exit |
94 | + CLEAR_RREGS -ARGOFFSET |
95 | + jmp int_with_check |
96 | .endm |
97 | |
98 | sysenter_auditsys: |
99 | @@ -234,20 +238,17 @@ sysexit_audit: |
100 | #endif |
101 | |
102 | sysenter_tracesys: |
103 | - xchgl %r9d,%ebp |
104 | #ifdef CONFIG_AUDITSYSCALL |
105 | testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) |
106 | jz sysenter_auditsys |
107 | #endif |
108 | SAVE_REST |
109 | CLEAR_RREGS |
110 | - movq %r9,R9(%rsp) |
111 | movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */ |
112 | movq %rsp,%rdi /* &pt_regs -> arg1 */ |
113 | call syscall_trace_enter |
114 | LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ |
115 | RESTORE_REST |
116 | - xchgl %ebp,%r9d |
117 | cmpl $(IA32_NR_syscalls-1),%eax |
118 | ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */ |
119 | jmp sysenter_do_call |
120 | @@ -314,9 +315,9 @@ ENTRY(ia32_cstar_target) |
121 | testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) |
122 | CFI_REMEMBER_STATE |
123 | jnz cstar_tracesys |
124 | -cstar_do_call: |
125 | cmpl $IA32_NR_syscalls-1,%eax |
126 | ja ia32_badsys |
127 | +cstar_do_call: |
128 | IA32_ARG_FIXUP 1 |
129 | cstar_dispatch: |
130 | call *ia32_sys_call_table(,%rax,8) |
131 | @@ -333,6 +334,9 @@ sysretl_from_sys_call: |
132 | CFI_REGISTER rip,rcx |
133 | movl EFLAGS-ARGOFFSET(%rsp),%r11d |
134 | /*CFI_REGISTER rflags,r11*/ |
135 | + xorq %r10,%r10 |
136 | + xorq %r9,%r9 |
137 | + xorq %r8,%r8 |
138 | TRACE_IRQS_ON |
139 | movl RSP-ARGOFFSET(%rsp),%esp |
140 | CFI_RESTORE rsp |
141 | @@ -357,15 +361,13 @@ cstar_tracesys: |
142 | #endif |
143 | xchgl %r9d,%ebp |
144 | SAVE_REST |
145 | - CLEAR_RREGS |
146 | - movq %r9,R9(%rsp) |
147 | + CLEAR_RREGS 0, r9 |
148 | movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ |
149 | movq %rsp,%rdi /* &pt_regs -> arg1 */ |
150 | call syscall_trace_enter |
151 | - LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ |
152 | + LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */ |
153 | RESTORE_REST |
154 | xchgl %ebp,%r9d |
155 | - movl RSP-ARGOFFSET(%rsp), %r8d |
156 | cmpl $(IA32_NR_syscalls-1),%eax |
157 | ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */ |
158 | jmp cstar_do_call |
159 | @@ -431,6 +433,8 @@ ia32_do_call: |
160 | call *ia32_sys_call_table(,%rax,8) # xxx: rip relative |
161 | ia32_sysret: |
162 | movq %rax,RAX-ARGOFFSET(%rsp) |
163 | +ia32_ret_from_sys_call: |
164 | + CLEAR_RREGS -ARGOFFSET |
165 | jmp int_ret_from_sys_call |
166 | |
167 | ia32_tracesys: |
168 | @@ -448,8 +452,8 @@ END(ia32_syscall) |
169 | |
170 | ia32_badsys: |
171 | movq $0,ORIG_RAX-ARGOFFSET(%rsp) |
172 | - movq $-ENOSYS,RAX-ARGOFFSET(%rsp) |
173 | - jmp int_ret_from_sys_call |
174 | + movq $-ENOSYS,%rax |
175 | + jmp ia32_sysret |
176 | |
177 | quiet_ni_syscall: |
178 | movq $-ENOSYS,%rax |
179 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
180 | index f7c7142..60ebfd7 100644 |
181 | --- a/arch/x86/kvm/x86.c |
182 | +++ b/arch/x86/kvm/x86.c |
183 | @@ -2571,6 +2571,11 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) |
184 | a3 &= 0xFFFFFFFF; |
185 | } |
186 | |
187 | + if (kvm_x86_ops->get_cpl(vcpu) != 0) { |
188 | + ret = -KVM_EPERM; |
189 | + goto out; |
190 | + } |
191 | + |
192 | switch (nr) { |
193 | case KVM_HC_VAPIC_POLL_IRQ: |
194 | ret = 0; |
195 | @@ -2582,6 +2587,7 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) |
196 | ret = -KVM_ENOSYS; |
197 | break; |
198 | } |
199 | +out: |
200 | vcpu->arch.regs[VCPU_REGS_RAX] = ret; |
201 | kvm_x86_ops->decache_regs(vcpu); |
202 | ++vcpu->stat.hypercalls; |
203 | diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c |
204 | index 56fe712..47dd8f5 100644 |
205 | --- a/arch/x86/mm/mmap.c |
206 | +++ b/arch/x86/mm/mmap.c |
207 | @@ -29,13 +29,26 @@ |
208 | #include <linux/random.h> |
209 | #include <linux/limits.h> |
210 | #include <linux/sched.h> |
211 | +#include <asm/elf.h> |
212 | + |
213 | +static unsigned int stack_maxrandom_size(void) |
214 | +{ |
215 | + unsigned int max = 0; |
216 | + if ((current->flags & PF_RANDOMIZE) && |
217 | + !(current->personality & ADDR_NO_RANDOMIZE)) { |
218 | + max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT; |
219 | + } |
220 | + |
221 | + return max; |
222 | +} |
223 | + |
224 | |
225 | /* |
226 | * Top of mmap area (just below the process stack). |
227 | * |
228 | - * Leave an at least ~128 MB hole. |
229 | + * Leave an at least ~128 MB hole with possible stack randomization. |
230 | */ |
231 | -#define MIN_GAP (128*1024*1024) |
232 | +#define MIN_GAP (128*1024*1024UL + stack_maxrandom_size()) |
233 | #define MAX_GAP (TASK_SIZE/6*5) |
234 | |
235 | /* |
236 | diff --git a/drivers/net/iseries_veth.c b/drivers/net/iseries_veth.c |
237 | index c46864d..e1db78a 100644 |
238 | --- a/drivers/net/iseries_veth.c |
239 | +++ b/drivers/net/iseries_veth.c |
240 | @@ -495,7 +495,7 @@ static void veth_take_cap_ack(struct veth_lpar_connection *cnx, |
241 | cnx->remote_lp); |
242 | } else { |
243 | memcpy(&cnx->cap_ack_event, event, |
244 | - sizeof(&cnx->cap_ack_event)); |
245 | + sizeof(cnx->cap_ack_event)); |
246 | cnx->state |= VETH_STATE_GOTCAPACK; |
247 | veth_kick_statemachine(cnx); |
248 | } |
249 | diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c |
250 | index 763c1ea..dad4fe6 100644 |
251 | --- a/drivers/watchdog/hpwdt.c |
252 | +++ b/drivers/watchdog/hpwdt.c |
253 | @@ -47,6 +47,7 @@ |
254 | #define PCI_BIOS32_PARAGRAPH_LEN 16 |
255 | #define PCI_ROM_BASE1 0x000F0000 |
256 | #define ROM_SIZE 0x10000 |
257 | +#define HPWDT_VERSION "1.01" |
258 | |
259 | struct bios32_service_dir { |
260 | u32 signature; |
261 | @@ -130,12 +131,8 @@ static void *cru_rom_addr; |
262 | static struct cmn_registers cmn_regs; |
263 | |
264 | static struct pci_device_id hpwdt_devices[] = { |
265 | - { |
266 | - .vendor = PCI_VENDOR_ID_COMPAQ, |
267 | - .device = 0xB203, |
268 | - .subvendor = PCI_ANY_ID, |
269 | - .subdevice = PCI_ANY_ID, |
270 | - }, |
271 | + { PCI_DEVICE(PCI_VENDOR_ID_COMPAQ, 0xB203) }, |
272 | + { PCI_DEVICE(PCI_VENDOR_ID_HP, 0x3306) }, |
273 | {0}, /* terminate list */ |
274 | }; |
275 | MODULE_DEVICE_TABLE(pci, hpwdt_devices); |
276 | @@ -704,10 +701,11 @@ static int __devinit hpwdt_init_one(struct pci_dev *dev, |
277 | } |
278 | |
279 | printk(KERN_INFO |
280 | - "hp Watchdog Timer Driver: 1.00" |
281 | + "hp Watchdog Timer Driver: %s" |
282 | ", timer margin: %d seconds (nowayout=%d)" |
283 | ", allow kernel dump: %s (default = 0/OFF).\n", |
284 | - soft_margin, nowayout, (allow_kdump == 0) ? "OFF" : "ON"); |
285 | + HPWDT_VERSION, soft_margin, nowayout, |
286 | + (allow_kdump == 0) ? "OFF" : "ON"); |
287 | |
288 | return 0; |
289 | |
290 | @@ -757,6 +755,7 @@ static int __init hpwdt_init(void) |
291 | MODULE_AUTHOR("Tom Mingarelli"); |
292 | MODULE_DESCRIPTION("hp watchdog driver"); |
293 | MODULE_LICENSE("GPL"); |
294 | +MODULE_VERSION(HPWDT_VERSION); |
295 | MODULE_ALIAS_MISCDEV(WATCHDOG_MINOR); |
296 | |
297 | module_param(soft_margin, int, 0); |
298 | diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c |
299 | index 5e78fc1..1c1220e 100644 |
300 | --- a/fs/ecryptfs/inode.c |
301 | +++ b/fs/ecryptfs/inode.c |
302 | @@ -443,6 +443,7 @@ static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry) |
303 | struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir); |
304 | struct dentry *lower_dir_dentry; |
305 | |
306 | + dget(lower_dentry); |
307 | lower_dir_dentry = lock_parent(lower_dentry); |
308 | rc = vfs_unlink(lower_dir_inode, lower_dentry); |
309 | if (rc) { |
310 | @@ -456,6 +457,7 @@ static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry) |
311 | d_drop(dentry); |
312 | out_unlock: |
313 | unlock_dir(lower_dir_dentry); |
314 | + dput(lower_dentry); |
315 | return rc; |
316 | } |
317 | |
318 | diff --git a/include/asm-x86/elf.h b/include/asm-x86/elf.h |
319 | index 7be4733..36343b6 100644 |
320 | --- a/include/asm-x86/elf.h |
321 | +++ b/include/asm-x86/elf.h |
322 | @@ -287,6 +287,8 @@ do { \ |
323 | |
324 | #ifdef CONFIG_X86_32 |
325 | |
326 | +#define STACK_RND_MASK (0x7ff) |
327 | + |
328 | #define VDSO_HIGH_BASE (__fix_to_virt(FIX_VDSO)) |
329 | |
330 | #define ARCH_DLINFO ARCH_DLINFO_IA32(vdso_enabled) |
331 | diff --git a/include/linux/kvm_para.h b/include/linux/kvm_para.h |
332 | index 3ddce03..d731092 100644 |
333 | --- a/include/linux/kvm_para.h |
334 | +++ b/include/linux/kvm_para.h |
335 | @@ -13,6 +13,7 @@ |
336 | #define KVM_ENOSYS 1000 |
337 | #define KVM_EFAULT EFAULT |
338 | #define KVM_E2BIG E2BIG |
339 | +#define KVM_EPERM EPERM |
340 | |
341 | #define KVM_HC_VAPIC_POLL_IRQ 1 |
342 | #define KVM_HC_MMU_OP 2 |
343 | diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c |
344 | index 521960b..6e22c16 100644 |
345 | --- a/kernel/time/timekeeping.c |
346 | +++ b/kernel/time/timekeeping.c |
347 | @@ -477,6 +477,28 @@ void update_wall_time(void) |
348 | /* correct the clock when NTP error is too big */ |
349 | clocksource_adjust(offset); |
350 | |
351 | + /* |
352 | + * Since in the loop above, we accumulate any amount of time |
353 | + * in xtime_nsec over a second into xtime.tv_sec, its possible for |
354 | + * xtime_nsec to be fairly small after the loop. Further, if we're |
355 | + * slightly speeding the clocksource up in clocksource_adjust(), |
356 | + * its possible the required corrective factor to xtime_nsec could |
357 | + * cause it to underflow. |
358 | + * |
359 | + * Now, we cannot simply roll the accumulated second back, since |
360 | + * the NTP subsystem has been notified via second_overflow. So |
361 | + * instead we push xtime_nsec forward by the amount we underflowed, |
362 | + * and add that amount into the error. |
363 | + * |
364 | + * We'll correct this error next time through this function, when |
365 | + * xtime_nsec is not as small. |
366 | + */ |
367 | + if (unlikely((s64)clock->xtime_nsec < 0)) { |
368 | + s64 neg = -(s64)clock->xtime_nsec; |
369 | + clock->xtime_nsec = 0; |
370 | + clock->error += neg << (NTP_SCALE_SHIFT - clock->shift); |
371 | + } |
372 | + |
373 | /* store full nanoseconds into xtime */ |
374 | xtime.tv_nsec = (s64)clock->xtime_nsec >> clock->shift; |
375 | clock->xtime_nsec -= (s64)xtime.tv_nsec << clock->shift; |