Contents of /trunk/kernel26-alx/patches-2.6.27-r3/0136-2.6.27.37-all-fixes.patch
Parent Directory
| 
Revision Log
Revision 1176 -
(show annotations)
(download)
Thu Oct 14 15:11:06 2010 UTC (13 years, 6 months ago) by niro
File size: 10897 byte(s)
Thu Oct 14 15:11:06 2010 UTC (13 years, 6 months ago) by niro
File size: 10897 byte(s)
-2.6.27-alx-r3: new magellan 0.5.2 kernel
| 1 | diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S |
| 2 | index 5e65290..09b59b2 100644 |
| 3 | --- a/arch/x86/ia32/ia32entry.S |
| 4 | +++ b/arch/x86/ia32/ia32entry.S |
| 5 | @@ -21,8 +21,8 @@ |
| 6 | #define __AUDIT_ARCH_LE 0x40000000 |
| 7 | |
| 8 | #ifndef CONFIG_AUDITSYSCALL |
| 9 | -#define sysexit_audit int_ret_from_sys_call |
| 10 | -#define sysretl_audit int_ret_from_sys_call |
| 11 | +#define sysexit_audit ia32_ret_from_sys_call |
| 12 | +#define sysretl_audit ia32_ret_from_sys_call |
| 13 | #endif |
| 14 | |
| 15 | #define IA32_NR_syscalls ((ia32_syscall_end - ia32_sys_call_table)/8) |
| 16 | @@ -39,12 +39,12 @@ |
| 17 | .endm |
| 18 | |
| 19 | /* clobbers %eax */ |
| 20 | - .macro CLEAR_RREGS |
| 21 | + .macro CLEAR_RREGS offset=0, _r9=rax |
| 22 | xorl %eax,%eax |
| 23 | - movq %rax,R11(%rsp) |
| 24 | - movq %rax,R10(%rsp) |
| 25 | - movq %rax,R9(%rsp) |
| 26 | - movq %rax,R8(%rsp) |
| 27 | + movq %rax,\offset+R11(%rsp) |
| 28 | + movq %rax,\offset+R10(%rsp) |
| 29 | + movq %\_r9,\offset+R9(%rsp) |
| 30 | + movq %rax,\offset+R8(%rsp) |
| 31 | .endm |
| 32 | |
| 33 | /* |
| 34 | @@ -52,11 +52,10 @@ |
| 35 | * We don't reload %eax because syscall_trace_enter() returned |
| 36 | * the value it wants us to use in the table lookup. |
| 37 | */ |
| 38 | - .macro LOAD_ARGS32 offset |
| 39 | - movl \offset(%rsp),%r11d |
| 40 | - movl \offset+8(%rsp),%r10d |
| 41 | + .macro LOAD_ARGS32 offset, _r9=0 |
| 42 | + .if \_r9 |
| 43 | movl \offset+16(%rsp),%r9d |
| 44 | - movl \offset+24(%rsp),%r8d |
| 45 | + .endif |
| 46 | movl \offset+40(%rsp),%ecx |
| 47 | movl \offset+48(%rsp),%edx |
| 48 | movl \offset+56(%rsp),%esi |
| 49 | @@ -145,7 +144,7 @@ ENTRY(ia32_sysenter_target) |
| 50 | SAVE_ARGS 0,0,1 |
| 51 | /* no need to do an access_ok check here because rbp has been |
| 52 | 32bit zero extended */ |
| 53 | -1: movl (%rbp),%r9d |
| 54 | +1: movl (%rbp),%ebp |
| 55 | .section __ex_table,"a" |
| 56 | .quad 1b,ia32_badarg |
| 57 | .previous |
| 58 | @@ -157,7 +156,7 @@ ENTRY(ia32_sysenter_target) |
| 59 | cmpl $(IA32_NR_syscalls-1),%eax |
| 60 | ja ia32_badsys |
| 61 | sysenter_do_call: |
| 62 | - IA32_ARG_FIXUP 1 |
| 63 | + IA32_ARG_FIXUP |
| 64 | sysenter_dispatch: |
| 65 | call *ia32_sys_call_table(,%rax,8) |
| 66 | movq %rax,RAX-ARGOFFSET(%rsp) |
| 67 | @@ -173,6 +172,10 @@ sysexit_from_sys_call: |
| 68 | movl RIP-R11(%rsp),%edx /* User %eip */ |
| 69 | CFI_REGISTER rip,rdx |
| 70 | RESTORE_ARGS 1,24,1,1,1,1 |
| 71 | + xorq %r8,%r8 |
| 72 | + xorq %r9,%r9 |
| 73 | + xorq %r10,%r10 |
| 74 | + xorq %r11,%r11 |
| 75 | popfq |
| 76 | CFI_ADJUST_CFA_OFFSET -8 |
| 77 | /*CFI_RESTORE rflags*/ |
| 78 | @@ -203,7 +206,7 @@ sysexit_from_sys_call: |
| 79 | |
| 80 | .macro auditsys_exit exit,ebpsave=RBP |
| 81 | testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) |
| 82 | - jnz int_ret_from_sys_call |
| 83 | + jnz ia32_ret_from_sys_call |
| 84 | TRACE_IRQS_ON |
| 85 | sti |
| 86 | movl %eax,%esi /* second arg, syscall return value */ |
| 87 | @@ -219,8 +222,9 @@ sysexit_from_sys_call: |
| 88 | cli |
| 89 | TRACE_IRQS_OFF |
| 90 | testl %edi,TI_flags(%r10) |
| 91 | - jnz int_with_check |
| 92 | - jmp \exit |
| 93 | + jz \exit |
| 94 | + CLEAR_RREGS -ARGOFFSET |
| 95 | + jmp int_with_check |
| 96 | .endm |
| 97 | |
| 98 | sysenter_auditsys: |
| 99 | @@ -234,20 +238,17 @@ sysexit_audit: |
| 100 | #endif |
| 101 | |
| 102 | sysenter_tracesys: |
| 103 | - xchgl %r9d,%ebp |
| 104 | #ifdef CONFIG_AUDITSYSCALL |
| 105 | testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) |
| 106 | jz sysenter_auditsys |
| 107 | #endif |
| 108 | SAVE_REST |
| 109 | CLEAR_RREGS |
| 110 | - movq %r9,R9(%rsp) |
| 111 | movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */ |
| 112 | movq %rsp,%rdi /* &pt_regs -> arg1 */ |
| 113 | call syscall_trace_enter |
| 114 | LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ |
| 115 | RESTORE_REST |
| 116 | - xchgl %ebp,%r9d |
| 117 | cmpl $(IA32_NR_syscalls-1),%eax |
| 118 | ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */ |
| 119 | jmp sysenter_do_call |
| 120 | @@ -314,9 +315,9 @@ ENTRY(ia32_cstar_target) |
| 121 | testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) |
| 122 | CFI_REMEMBER_STATE |
| 123 | jnz cstar_tracesys |
| 124 | -cstar_do_call: |
| 125 | cmpl $IA32_NR_syscalls-1,%eax |
| 126 | ja ia32_badsys |
| 127 | +cstar_do_call: |
| 128 | IA32_ARG_FIXUP 1 |
| 129 | cstar_dispatch: |
| 130 | call *ia32_sys_call_table(,%rax,8) |
| 131 | @@ -333,6 +334,9 @@ sysretl_from_sys_call: |
| 132 | CFI_REGISTER rip,rcx |
| 133 | movl EFLAGS-ARGOFFSET(%rsp),%r11d |
| 134 | /*CFI_REGISTER rflags,r11*/ |
| 135 | + xorq %r10,%r10 |
| 136 | + xorq %r9,%r9 |
| 137 | + xorq %r8,%r8 |
| 138 | TRACE_IRQS_ON |
| 139 | movl RSP-ARGOFFSET(%rsp),%esp |
| 140 | CFI_RESTORE rsp |
| 141 | @@ -357,15 +361,13 @@ cstar_tracesys: |
| 142 | #endif |
| 143 | xchgl %r9d,%ebp |
| 144 | SAVE_REST |
| 145 | - CLEAR_RREGS |
| 146 | - movq %r9,R9(%rsp) |
| 147 | + CLEAR_RREGS 0, r9 |
| 148 | movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ |
| 149 | movq %rsp,%rdi /* &pt_regs -> arg1 */ |
| 150 | call syscall_trace_enter |
| 151 | - LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ |
| 152 | + LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */ |
| 153 | RESTORE_REST |
| 154 | xchgl %ebp,%r9d |
| 155 | - movl RSP-ARGOFFSET(%rsp), %r8d |
| 156 | cmpl $(IA32_NR_syscalls-1),%eax |
| 157 | ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */ |
| 158 | jmp cstar_do_call |
| 159 | @@ -431,6 +433,8 @@ ia32_do_call: |
| 160 | call *ia32_sys_call_table(,%rax,8) # xxx: rip relative |
| 161 | ia32_sysret: |
| 162 | movq %rax,RAX-ARGOFFSET(%rsp) |
| 163 | +ia32_ret_from_sys_call: |
| 164 | + CLEAR_RREGS -ARGOFFSET |
| 165 | jmp int_ret_from_sys_call |
| 166 | |
| 167 | ia32_tracesys: |
| 168 | @@ -448,8 +452,8 @@ END(ia32_syscall) |
| 169 | |
| 170 | ia32_badsys: |
| 171 | movq $0,ORIG_RAX-ARGOFFSET(%rsp) |
| 172 | - movq $-ENOSYS,RAX-ARGOFFSET(%rsp) |
| 173 | - jmp int_ret_from_sys_call |
| 174 | + movq $-ENOSYS,%rax |
| 175 | + jmp ia32_sysret |
| 176 | |
| 177 | quiet_ni_syscall: |
| 178 | movq $-ENOSYS,%rax |
| 179 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
| 180 | index f7c7142..60ebfd7 100644 |
| 181 | --- a/arch/x86/kvm/x86.c |
| 182 | +++ b/arch/x86/kvm/x86.c |
| 183 | @@ -2571,6 +2571,11 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) |
| 184 | a3 &= 0xFFFFFFFF; |
| 185 | } |
| 186 | |
| 187 | + if (kvm_x86_ops->get_cpl(vcpu) != 0) { |
| 188 | + ret = -KVM_EPERM; |
| 189 | + goto out; |
| 190 | + } |
| 191 | + |
| 192 | switch (nr) { |
| 193 | case KVM_HC_VAPIC_POLL_IRQ: |
| 194 | ret = 0; |
| 195 | @@ -2582,6 +2587,7 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) |
| 196 | ret = -KVM_ENOSYS; |
| 197 | break; |
| 198 | } |
| 199 | +out: |
| 200 | vcpu->arch.regs[VCPU_REGS_RAX] = ret; |
| 201 | kvm_x86_ops->decache_regs(vcpu); |
| 202 | ++vcpu->stat.hypercalls; |
| 203 | diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c |
| 204 | index 56fe712..47dd8f5 100644 |
| 205 | --- a/arch/x86/mm/mmap.c |
| 206 | +++ b/arch/x86/mm/mmap.c |
| 207 | @@ -29,13 +29,26 @@ |
| 208 | #include <linux/random.h> |
| 209 | #include <linux/limits.h> |
| 210 | #include <linux/sched.h> |
| 211 | +#include <asm/elf.h> |
| 212 | + |
| 213 | +static unsigned int stack_maxrandom_size(void) |
| 214 | +{ |
| 215 | + unsigned int max = 0; |
| 216 | + if ((current->flags & PF_RANDOMIZE) && |
| 217 | + !(current->personality & ADDR_NO_RANDOMIZE)) { |
| 218 | + max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT; |
| 219 | + } |
| 220 | + |
| 221 | + return max; |
| 222 | +} |
| 223 | + |
| 224 | |
| 225 | /* |
| 226 | * Top of mmap area (just below the process stack). |
| 227 | * |
| 228 | - * Leave an at least ~128 MB hole. |
| 229 | + * Leave an at least ~128 MB hole with possible stack randomization. |
| 230 | */ |
| 231 | -#define MIN_GAP (128*1024*1024) |
| 232 | +#define MIN_GAP (128*1024*1024UL + stack_maxrandom_size()) |
| 233 | #define MAX_GAP (TASK_SIZE/6*5) |
| 234 | |
| 235 | /* |
| 236 | diff --git a/drivers/net/iseries_veth.c b/drivers/net/iseries_veth.c |
| 237 | index c46864d..e1db78a 100644 |
| 238 | --- a/drivers/net/iseries_veth.c |
| 239 | +++ b/drivers/net/iseries_veth.c |
| 240 | @@ -495,7 +495,7 @@ static void veth_take_cap_ack(struct veth_lpar_connection *cnx, |
| 241 | cnx->remote_lp); |
| 242 | } else { |
| 243 | memcpy(&cnx->cap_ack_event, event, |
| 244 | - sizeof(&cnx->cap_ack_event)); |
| 245 | + sizeof(cnx->cap_ack_event)); |
| 246 | cnx->state |= VETH_STATE_GOTCAPACK; |
| 247 | veth_kick_statemachine(cnx); |
| 248 | } |
| 249 | diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c |
| 250 | index 763c1ea..dad4fe6 100644 |
| 251 | --- a/drivers/watchdog/hpwdt.c |
| 252 | +++ b/drivers/watchdog/hpwdt.c |
| 253 | @@ -47,6 +47,7 @@ |
| 254 | #define PCI_BIOS32_PARAGRAPH_LEN 16 |
| 255 | #define PCI_ROM_BASE1 0x000F0000 |
| 256 | #define ROM_SIZE 0x10000 |
| 257 | +#define HPWDT_VERSION "1.01" |
| 258 | |
| 259 | struct bios32_service_dir { |
| 260 | u32 signature; |
| 261 | @@ -130,12 +131,8 @@ static void *cru_rom_addr; |
| 262 | static struct cmn_registers cmn_regs; |
| 263 | |
| 264 | static struct pci_device_id hpwdt_devices[] = { |
| 265 | - { |
| 266 | - .vendor = PCI_VENDOR_ID_COMPAQ, |
| 267 | - .device = 0xB203, |
| 268 | - .subvendor = PCI_ANY_ID, |
| 269 | - .subdevice = PCI_ANY_ID, |
| 270 | - }, |
| 271 | + { PCI_DEVICE(PCI_VENDOR_ID_COMPAQ, 0xB203) }, |
| 272 | + { PCI_DEVICE(PCI_VENDOR_ID_HP, 0x3306) }, |
| 273 | {0}, /* terminate list */ |
| 274 | }; |
| 275 | MODULE_DEVICE_TABLE(pci, hpwdt_devices); |
| 276 | @@ -704,10 +701,11 @@ static int __devinit hpwdt_init_one(struct pci_dev *dev, |
| 277 | } |
| 278 | |
| 279 | printk(KERN_INFO |
| 280 | - "hp Watchdog Timer Driver: 1.00" |
| 281 | + "hp Watchdog Timer Driver: %s" |
| 282 | ", timer margin: %d seconds (nowayout=%d)" |
| 283 | ", allow kernel dump: %s (default = 0/OFF).\n", |
| 284 | - soft_margin, nowayout, (allow_kdump == 0) ? "OFF" : "ON"); |
| 285 | + HPWDT_VERSION, soft_margin, nowayout, |
| 286 | + (allow_kdump == 0) ? "OFF" : "ON"); |
| 287 | |
| 288 | return 0; |
| 289 | |
| 290 | @@ -757,6 +755,7 @@ static int __init hpwdt_init(void) |
| 291 | MODULE_AUTHOR("Tom Mingarelli"); |
| 292 | MODULE_DESCRIPTION("hp watchdog driver"); |
| 293 | MODULE_LICENSE("GPL"); |
| 294 | +MODULE_VERSION(HPWDT_VERSION); |
| 295 | MODULE_ALIAS_MISCDEV(WATCHDOG_MINOR); |
| 296 | |
| 297 | module_param(soft_margin, int, 0); |
| 298 | diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c |
| 299 | index 5e78fc1..1c1220e 100644 |
| 300 | --- a/fs/ecryptfs/inode.c |
| 301 | +++ b/fs/ecryptfs/inode.c |
| 302 | @@ -443,6 +443,7 @@ static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry) |
| 303 | struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir); |
| 304 | struct dentry *lower_dir_dentry; |
| 305 | |
| 306 | + dget(lower_dentry); |
| 307 | lower_dir_dentry = lock_parent(lower_dentry); |
| 308 | rc = vfs_unlink(lower_dir_inode, lower_dentry); |
| 309 | if (rc) { |
| 310 | @@ -456,6 +457,7 @@ static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry) |
| 311 | d_drop(dentry); |
| 312 | out_unlock: |
| 313 | unlock_dir(lower_dir_dentry); |
| 314 | + dput(lower_dentry); |
| 315 | return rc; |
| 316 | } |
| 317 | |
| 318 | diff --git a/include/asm-x86/elf.h b/include/asm-x86/elf.h |
| 319 | index 7be4733..36343b6 100644 |
| 320 | --- a/include/asm-x86/elf.h |
| 321 | +++ b/include/asm-x86/elf.h |
| 322 | @@ -287,6 +287,8 @@ do { \ |
| 323 | |
| 324 | #ifdef CONFIG_X86_32 |
| 325 | |
| 326 | +#define STACK_RND_MASK (0x7ff) |
| 327 | + |
| 328 | #define VDSO_HIGH_BASE (__fix_to_virt(FIX_VDSO)) |
| 329 | |
| 330 | #define ARCH_DLINFO ARCH_DLINFO_IA32(vdso_enabled) |
| 331 | diff --git a/include/linux/kvm_para.h b/include/linux/kvm_para.h |
| 332 | index 3ddce03..d731092 100644 |
| 333 | --- a/include/linux/kvm_para.h |
| 334 | +++ b/include/linux/kvm_para.h |
| 335 | @@ -13,6 +13,7 @@ |
| 336 | #define KVM_ENOSYS 1000 |
| 337 | #define KVM_EFAULT EFAULT |
| 338 | #define KVM_E2BIG E2BIG |
| 339 | +#define KVM_EPERM EPERM |
| 340 | |
| 341 | #define KVM_HC_VAPIC_POLL_IRQ 1 |
| 342 | #define KVM_HC_MMU_OP 2 |
| 343 | diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c |
| 344 | index 521960b..6e22c16 100644 |
| 345 | --- a/kernel/time/timekeeping.c |
| 346 | +++ b/kernel/time/timekeeping.c |
| 347 | @@ -477,6 +477,28 @@ void update_wall_time(void) |
| 348 | /* correct the clock when NTP error is too big */ |
| 349 | clocksource_adjust(offset); |
| 350 | |
| 351 | + /* |
| 352 | + * Since in the loop above, we accumulate any amount of time |
| 353 | + * in xtime_nsec over a second into xtime.tv_sec, its possible for |
| 354 | + * xtime_nsec to be fairly small after the loop. Further, if we're |
| 355 | + * slightly speeding the clocksource up in clocksource_adjust(), |
| 356 | + * its possible the required corrective factor to xtime_nsec could |
| 357 | + * cause it to underflow. |
| 358 | + * |
| 359 | + * Now, we cannot simply roll the accumulated second back, since |
| 360 | + * the NTP subsystem has been notified via second_overflow. So |
| 361 | + * instead we push xtime_nsec forward by the amount we underflowed, |
| 362 | + * and add that amount into the error. |
| 363 | + * |
| 364 | + * We'll correct this error next time through this function, when |
| 365 | + * xtime_nsec is not as small. |
| 366 | + */ |
| 367 | + if (unlikely((s64)clock->xtime_nsec < 0)) { |
| 368 | + s64 neg = -(s64)clock->xtime_nsec; |
| 369 | + clock->xtime_nsec = 0; |
| 370 | + clock->error += neg << (NTP_SCALE_SHIFT - clock->shift); |
| 371 | + } |
| 372 | + |
| 373 | /* store full nanoseconds into xtime */ |
| 374 | xtime.tv_nsec = (s64)clock->xtime_nsec >> clock->shift; |
| 375 | clock->xtime_nsec -= (s64)xtime.tv_nsec << clock->shift; |