Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--2.6.32/0000_README2
-rw-r--r--2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310271545.patch)364
-rw-r--r--3.11.6/0000_README2
-rw-r--r--3.11.6/4420_grsecurity-2.9.1-3.11.6-201310292050.patch (renamed from 3.11.6/4420_grsecurity-2.9.1-3.11.6-201310271552.patch)133
-rw-r--r--3.2.52/0000_README2
-rw-r--r--3.2.52/4420_grsecurity-2.9.1-3.2.52-201310292049.patch (renamed from 3.2.52/4420_grsecurity-2.9.1-3.2.52-201310271550.patch)141
6 files changed, 602 insertions, 42 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 3fdf601..2e904e0 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -38,7 +38,7 @@ Patch: 1060_linux-2.6.32.61.patch
From: http://www.kernel.org
Desc: Linux 2.6.32.61
-Patch: 4420_grsecurity-2.9.1-2.6.32.61-201310271545.patch
+Patch: 4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310271545.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch
index 995d206..4220829 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310271545.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch
@@ -42556,10 +42556,38 @@ index 31e7c91..161afc0 100644
return -EINVAL;
else
diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c
-index 006466d..a2bb21c 100644
+index 006466d..b1acdc1 100644
--- a/drivers/char/hpet.c
+++ b/drivers/char/hpet.c
-@@ -430,7 +430,7 @@ static int hpet_release(struct inode *inode, struct file *file)
+@@ -355,26 +355,14 @@ static int hpet_mmap(struct file *file, struct vm_area_struct *vma)
+ struct hpet_dev *devp;
+ unsigned long addr;
+
+- if (((vma->vm_end - vma->vm_start) != PAGE_SIZE) || vma->vm_pgoff)
+- return -EINVAL;
+-
+ devp = file->private_data;
+ addr = devp->hd_hpets->hp_hpet_phys;
+
+ if (addr & (PAGE_SIZE - 1))
+ return -ENOSYS;
+
+- vma->vm_flags |= VM_IO;
+ vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+-
+- if (io_remap_pfn_range(vma, vma->vm_start, addr >> PAGE_SHIFT,
+- PAGE_SIZE, vma->vm_page_prot)) {
+- printk(KERN_ERR "%s: io_remap_pfn_range failed\n",
+- __func__);
+- return -EAGAIN;
+- }
+-
+- return 0;
++ return vm_iomap_memory(vma, addr, PAGE_SIZE);
+ #else
+ return -ENOSYS;
+ #endif
+@@ -430,7 +418,7 @@ static int hpet_release(struct inode *inode, struct file *file)
return 0;
}
@@ -42568,7 +42596,7 @@ index 006466d..a2bb21c 100644
static int
hpet_ioctl(struct inode *inode, struct file *file, unsigned int cmd,
-@@ -565,7 +565,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets,
+@@ -565,7 +553,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets,
}
static int
@@ -42577,7 +42605,7 @@ index 006466d..a2bb21c 100644
{
struct hpet_timer __iomem *timer;
struct hpet __iomem *hpet;
-@@ -608,11 +608,11 @@ hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg, int kernel)
+@@ -608,11 +596,11 @@ hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg, int kernel)
{
struct hpet_info info;
@@ -71406,7 +71434,7 @@ index 56eb6cc..fabe98a 100644
return 0;
diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
-index e941367..b631f5a 100644
+index e941367..d73efa7 100644
--- a/drivers/uio/uio.c
+++ b/drivers/uio/uio.c
@@ -23,6 +23,7 @@
@@ -71493,7 +71521,29 @@ index e941367..b631f5a 100644
if (event_count != listener->event_count) {
if (copy_to_user(buf, &event_count, count))
retval = -EFAULT;
-@@ -624,13 +625,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
+@@ -609,14 +610,16 @@ static ssize_t uio_write(struct file *filep, const char __user *buf,
+
+ static int uio_find_mem_index(struct vm_area_struct *vma)
+ {
+- int mi;
+ struct uio_device *idev = vma->vm_private_data;
++ unsigned long size;
+
+- for (mi = 0; mi < MAX_UIO_MAPS; mi++) {
+- if (idev->info->mem[mi].size == 0)
++ if (vma->vm_pgoff < MAX_UIO_MAPS) {
++ size = idev->info->mem[vma->vm_pgoff].size;
++ if (size == 0)
+ return -1;
+- if (vma->vm_pgoff == mi)
+- return mi;
++ if (vma->vm_end - vma->vm_start > size)
++ return -1;
++ return (int)vma->vm_pgoff;
+ }
+ return -1;
+ }
+@@ -624,13 +627,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
static void uio_vma_open(struct vm_area_struct *vma)
{
struct uio_device *idev = vma->vm_private_data;
@@ -71509,7 +71559,36 @@ index e941367..b631f5a 100644
}
static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
-@@ -840,7 +841,7 @@ int __uio_register_device(struct module *owner,
+@@ -669,16 +672,25 @@ static int uio_mmap_physical(struct vm_area_struct *vma)
+ {
+ struct uio_device *idev = vma->vm_private_data;
+ int mi = uio_find_mem_index(vma);
++ struct uio_mem *mem;
+ if (mi < 0)
+ return -EINVAL;
+-
+- vma->vm_flags |= VM_IO | VM_RESERVED;
++ mem = idev->info->mem + mi;
+
+ vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+
++ /*
++ * We cannot use the vm_iomap_memory() helper here,
++ * because vma->vm_pgoff is the map index we looked
++ * up above in uio_find_mem_index(), rather than an
++ * actual page offset into the mmap.
++ *
++ * So we just do the physical mmap without a page
++ * offset.
++ */
+ return remap_pfn_range(vma,
+ vma->vm_start,
+- idev->info->mem[mi].addr >> PAGE_SHIFT,
++ mem->addr >> PAGE_SHIFT,
+ vma->vm_end - vma->vm_start,
+ vma->vm_page_prot);
+ }
+@@ -840,7 +852,7 @@ int __uio_register_device(struct module *owner,
idev->owner = owner;
idev->info = info;
init_waitqueue_head(&idev->wait);
@@ -71932,6 +72011,99 @@ index 1a056ad..221bd6ae 100644
.get_brightness = radeon_bl_get_brightness,
.update_status = radeon_bl_update_status,
};
+diff --git a/drivers/video/au1100fb.c b/drivers/video/au1100fb.c
+index a699aab..3042400 100644
+--- a/drivers/video/au1100fb.c
++++ b/drivers/video/au1100fb.c
+@@ -392,39 +392,13 @@ void au1100fb_fb_rotate(struct fb_info *fbi, int angle)
+ int au1100fb_fb_mmap(struct fb_info *fbi, struct vm_area_struct *vma)
+ {
+ struct au1100fb_device *fbdev;
+- unsigned int len;
+- unsigned long start=0, off;
+
+ fbdev = to_au1100fb_device(fbi);
+
+- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
+- return -EINVAL;
+- }
+-
+- start = fbdev->fb_phys & PAGE_MASK;
+- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
+-
+- off = vma->vm_pgoff << PAGE_SHIFT;
+-
+- if ((vma->vm_end - vma->vm_start + off) > len) {
+- return -EINVAL;
+- }
+-
+- off += start;
+- vma->vm_pgoff = off >> PAGE_SHIFT;
+-
+ vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+ pgprot_val(vma->vm_page_prot) |= (6 << 9); //CCA=6
+
+- vma->vm_flags |= VM_IO;
+-
+- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
+- vma->vm_end - vma->vm_start,
+- vma->vm_page_prot)) {
+- return -EAGAIN;
+- }
+-
+- return 0;
++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
+ }
+
+ /* fb_cursor
+diff --git a/drivers/video/au1200fb.c b/drivers/video/au1200fb.c
+index 0d96f1d..1c33b79 100644
+--- a/drivers/video/au1200fb.c
++++ b/drivers/video/au1200fb.c
+@@ -1241,42 +1241,17 @@ static int au1200fb_fb_blank(int blank_mode, struct fb_info *fbi)
+ * method mainly to allow the use of the TLB streaming flag (CCA=6)
+ */
+ static int au1200fb_fb_mmap(struct fb_info *info, struct vm_area_struct *vma)
+-
+ {
+- unsigned int len;
+- unsigned long start=0, off;
+ struct au1200fb_device *fbdev = (struct au1200fb_device *) info;
+
+ #ifdef CONFIG_PM
+ au1xxx_pm_access(LCD_pm_dev);
+ #endif
+
+- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
+- return -EINVAL;
+- }
+-
+- start = fbdev->fb_phys & PAGE_MASK;
+- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
+-
+- off = vma->vm_pgoff << PAGE_SHIFT;
+-
+- if ((vma->vm_end - vma->vm_start + off) > len) {
+- return -EINVAL;
+- }
+-
+- off += start;
+- vma->vm_pgoff = off >> PAGE_SHIFT;
+-
+ vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+ pgprot_val(vma->vm_page_prot) |= _CACHE_MASK; /* CCA=7 */
+
+- vma->vm_flags |= VM_IO;
+-
+- return io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
+- vma->vm_end - vma->vm_start,
+- vma->vm_page_prot);
+-
+- return 0;
++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
+ }
+
+ static void set_global(u_int cmd, struct au1200_lcd_global_regs_t *pdata)
diff --git a/drivers/video/backlight/adp5520_bl.c b/drivers/video/backlight/adp5520_bl.c
index ad05da5..3cb2cb9 100644
--- a/drivers/video/backlight/adp5520_bl.c
@@ -72220,7 +72392,7 @@ index f53b9f1..958bf4e 100644
goto out1;
}
diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
-index 99bbd28..ad3829e 100644
+index 99bbd28..73f1778 100644
--- a/drivers/video/fbmem.c
+++ b/drivers/video/fbmem.c
@@ -403,7 +403,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image,
@@ -72268,6 +72440,73 @@ index 99bbd28..ad3829e 100644
return -EINVAL;
if (!registered_fb[con2fb.framebuffer])
request_module("fb%d", con2fb.framebuffer);
+@@ -1323,14 +1327,14 @@ fb_mmap(struct file *file, struct vm_area_struct * vma)
+ {
+ int fbidx = iminor(file->f_path.dentry->d_inode);
+ struct fb_info *info = registered_fb[fbidx];
+- struct fb_ops *fb = info->fbops;
+- unsigned long off;
++ struct fb_ops *fb;
++ unsigned long mmio_pgoff;
+ unsigned long start;
+ u32 len;
+
+- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT))
+- return -EINVAL;
+- off = vma->vm_pgoff << PAGE_SHIFT;
++ if (!info || info != file->private_data)
++ return -ENODEV;
++ fb = info->fbops;
+ if (!fb)
+ return -ENODEV;
+ mutex_lock(&info->mm_lock);
+@@ -1341,32 +1345,24 @@ fb_mmap(struct file *file, struct vm_area_struct * vma)
+ return res;
+ }
+
+- /* frame buffer memory */
++ /*
++ * Ugh. This can be either the frame buffer mapping, or
++ * if pgoff points past it, the mmio mapping.
++ */
+ start = info->fix.smem_start;
+- len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.smem_len);
+- if (off >= len) {
+- /* memory mapped io */
+- off -= len;
+- if (info->var.accel_flags) {
+- mutex_unlock(&info->mm_lock);
+- return -EINVAL;
+- }
++ len = info->fix.smem_len;
++ mmio_pgoff = PAGE_ALIGN((start & ~PAGE_MASK) + len) >> PAGE_SHIFT;
++ if (vma->vm_pgoff >= mmio_pgoff) {
++ vma->vm_pgoff -= mmio_pgoff;
+ start = info->fix.mmio_start;
+- len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.mmio_len);
++ len = info->fix.mmio_len;
+ }
+ mutex_unlock(&info->mm_lock);
+- start &= PAGE_MASK;
+- if ((vma->vm_end - vma->vm_start + off) > len)
+- return -EINVAL;
+- off += start;
+- vma->vm_pgoff = off >> PAGE_SHIFT;
+- /* This is an IO map - tell maydump to skip this VMA */
+- vma->vm_flags |= VM_IO | VM_RESERVED;
+- fb_pgprotect(file, vma, off);
+- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
+- vma->vm_end - vma->vm_start, vma->vm_page_prot))
+- return -EAGAIN;
+- return 0;
++
++ vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
++ fb_pgprotect(file, vma, start);
++
++ return vm_iomap_memory(vma, start, len);
+ }
+
+ static int
diff --git a/drivers/video/geode/gx1fb_core.c b/drivers/video/geode/gx1fb_core.c
index f20eff8..3e4f622 100644
--- a/drivers/video/geode/gx1fb_core.c
@@ -100222,7 +100461,7 @@ index 3797270..7765ede 100644
struct mca_bus {
u64 default_dma_mask;
diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 11e5be6..8a2af3a 100644
+index 11e5be6..947f41d 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -106,7 +106,14 @@ extern unsigned int kobjsize(const void *objp);
@@ -100345,7 +100584,16 @@ index 11e5be6..8a2af3a 100644
struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr);
int remap_pfn_range(struct vm_area_struct *, unsigned long addr,
unsigned long pfn, unsigned long size, pgprot_t);
-@@ -1263,6 +1296,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
+@@ -1243,6 +1276,8 @@ int vm_insert_pfn(struct vm_area_struct *vma, unsigned long addr,
+ unsigned long pfn);
+ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+ unsigned long pfn);
++int vm_iomap_memory(struct vm_area_struct *vma, phys_addr_t start, unsigned long len);
++
+
+ struct page *follow_page(struct vm_area_struct *, unsigned long address,
+ unsigned int foll_flags);
+@@ -1263,6 +1298,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
static inline void vm_stat_account(struct mm_struct *mm,
unsigned long flags, struct file *file, long pages)
{
@@ -100357,7 +100605,7 @@ index 11e5be6..8a2af3a 100644
}
#endif /* CONFIG_PROC_FS */
-@@ -1332,7 +1370,13 @@ extern void memory_failure(unsigned long pfn, int trapno);
+@@ -1332,7 +1372,13 @@ extern void memory_failure(unsigned long pfn, int trapno);
extern int __memory_failure(unsigned long pfn, int trapno, int ref);
extern int sysctl_memory_failure_early_kill;
extern int sysctl_memory_failure_recovery;
@@ -110754,7 +111002,7 @@ index 8aeba53..b4a4198 100644
/*
* We need/can do nothing about count=0 pages.
diff --git a/mm/memory.c b/mm/memory.c
-index 6c836d3..b2296e1 100644
+index 6c836d3..831af24 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -187,8 +187,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -110856,7 +111104,61 @@ index 6c836d3..b2296e1 100644
if (addr < vma->vm_start || addr >= vma->vm_end)
return -EFAULT;
-@@ -1855,7 +1879,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
+@@ -1811,6 +1835,53 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr,
+ }
+ EXPORT_SYMBOL(remap_pfn_range);
+
++/**
++ * vm_iomap_memory - remap memory to userspace
++ * @vma: user vma to map to
++ * @start: start of area
++ * @len: size of area
++ *
++ * This is a simplified io_remap_pfn_range() for common driver use. The
++ * driver just needs to give us the physical memory range to be mapped,
++ * we'll figure out the rest from the vma information.
++ *
++ * NOTE! Some drivers might want to tweak vma->vm_page_prot first to get
++ * whatever write-combining details or similar.
++ */
++int vm_iomap_memory(struct vm_area_struct *vma, phys_addr_t start, unsigned long len)
++{
++ unsigned long vm_len, pfn, pages;
++
++ /* Check that the physical memory area passed in looks valid */
++ if (start + len < start)
++ return -EINVAL;
++ /*
++ * You *really* shouldn't map things that aren't page-aligned,
++ * but we've historically allowed it because IO memory might
++ * just have smaller alignment.
++ */
++ len += start & ~PAGE_MASK;
++ pfn = start >> PAGE_SHIFT;
++ pages = (len + ~PAGE_MASK) >> PAGE_SHIFT;
++ if (pfn + pages < pfn)
++ return -EINVAL;
++
++ /* We start the mapping 'vm_pgoff' pages into the area */
++ if (vma->vm_pgoff > pages)
++ return -EINVAL;
++ pfn += vma->vm_pgoff;
++ pages -= vma->vm_pgoff;
++
++ /* Can we fit all of the mapping? */
++ vm_len = vma->vm_end - vma->vm_start;
++ if (vm_len >> PAGE_SHIFT > pages)
++ return -EINVAL;
++
++ /* Ok, let it rip */
++ return io_remap_pfn_range(vma, vma->vm_start, pfn, vm_len, vma->vm_page_prot);
++}
++EXPORT_SYMBOL(vm_iomap_memory);
++
+ static int apply_to_pte_range(struct mm_struct *mm, pmd_t *pmd,
+ unsigned long addr, unsigned long end,
+ pte_fn_t fn, void *data)
+@@ -1855,7 +1926,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
BUG_ON(pud_huge(*pud));
@@ -110867,7 +111169,7 @@ index 6c836d3..b2296e1 100644
if (!pmd)
return -ENOMEM;
do {
-@@ -1875,7 +1901,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
+@@ -1875,7 +1948,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
unsigned long next;
int err;
@@ -110878,7 +111180,7 @@ index 6c836d3..b2296e1 100644
if (!pud)
return -ENOMEM;
do {
-@@ -1977,6 +2005,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
+@@ -1977,6 +2052,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
copy_user_highpage(dst, src, va, vma);
}
@@ -111065,7 +111367,7 @@ index 6c836d3..b2296e1 100644
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2156,6 +2364,12 @@ gotten:
+@@ -2156,6 +2411,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
@@ -111078,7 +111380,7 @@ index 6c836d3..b2296e1 100644
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter(mm, file_rss);
-@@ -2207,6 +2421,10 @@ gotten:
+@@ -2207,6 +2468,10 @@ gotten:
page_remove_rmap(old_page);
}
@@ -111089,7 +111391,7 @@ index 6c836d3..b2296e1 100644
/* Free the old page.. */
new_page = old_page;
ret |= VM_FAULT_WRITE;
-@@ -2606,6 +2824,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2606,6 +2871,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
swap_free(entry);
if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
try_to_free_swap(page);
@@ -111101,7 +111403,7 @@ index 6c836d3..b2296e1 100644
unlock_page(page);
if (flags & FAULT_FLAG_WRITE) {
-@@ -2617,6 +2840,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2617,6 +2887,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, pte);
@@ -111113,7 +111415,7 @@ index 6c836d3..b2296e1 100644
unlock:
pte_unmap_unlock(page_table, ptl);
out:
-@@ -2632,40 +2860,6 @@ out_release:
+@@ -2632,40 +2907,6 @@ out_release:
}
/*
@@ -111154,7 +111456,7 @@ index 6c836d3..b2296e1 100644
* We enter with non-exclusive mmap_sem (to exclude vma changes,
* but allow concurrent faults), and pte mapped but not yet locked.
* We return with mmap_sem still held, but pte unmapped and unlocked.
-@@ -2674,27 +2868,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2674,27 +2915,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long address, pte_t *page_table, pmd_t *pmd,
unsigned int flags)
{
@@ -111187,7 +111489,7 @@ index 6c836d3..b2296e1 100644
if (unlikely(anon_vma_prepare(vma)))
goto oom;
page = alloc_zeroed_user_highpage_movable(vma, address);
-@@ -2713,6 +2903,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2713,6 +2950,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
if (!pte_none(*page_table))
goto release;
@@ -111199,7 +111501,7 @@ index 6c836d3..b2296e1 100644
inc_mm_counter(mm, anon_rss);
page_add_new_anon_rmap(page, vma, address);
setpte:
-@@ -2720,6 +2915,12 @@ setpte:
+@@ -2720,6 +2962,12 @@ setpte:
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, entry);
@@ -111212,7 +111514,7 @@ index 6c836d3..b2296e1 100644
unlock:
pte_unmap_unlock(page_table, ptl);
return 0;
-@@ -2862,6 +3063,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2862,6 +3110,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
*/
/* Only go through if we didn't race with anybody else... */
if (likely(pte_same(*page_table, orig_pte))) {
@@ -111225,7 +111527,7 @@ index 6c836d3..b2296e1 100644
flush_icache_page(vma, page);
entry = mk_pte(page, vma->vm_page_prot);
if (flags & FAULT_FLAG_WRITE)
-@@ -2881,6 +3088,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2881,6 +3135,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
/* no need to invalidate: a not-present page won't be cached */
update_mmu_cache(vma, address, entry);
@@ -111240,7 +111542,7 @@ index 6c836d3..b2296e1 100644
} else {
if (charged)
mem_cgroup_uncharge_page(page);
-@@ -3028,6 +3243,12 @@ static inline int handle_pte_fault(struct mm_struct *mm,
+@@ -3028,6 +3290,12 @@ static inline int handle_pte_fault(struct mm_struct *mm,
if (flags & FAULT_FLAG_WRITE)
flush_tlb_page(vma, address);
}
@@ -111253,7 +111555,7 @@ index 6c836d3..b2296e1 100644
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -3044,6 +3265,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3044,6 +3312,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
pmd_t *pmd;
pte_t *pte;
@@ -111264,7 +111566,7 @@ index 6c836d3..b2296e1 100644
__set_current_state(TASK_RUNNING);
count_vm_event(PGFAULT);
-@@ -3051,6 +3276,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3051,6 +3323,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
if (unlikely(is_vm_hugetlb_page(vma)))
return hugetlb_fault(mm, vma, address, flags);
@@ -111299,7 +111601,7 @@ index 6c836d3..b2296e1 100644
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
if (!pud)
-@@ -3086,6 +3339,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3086,6 +3386,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -111323,7 +111625,7 @@ index 6c836d3..b2296e1 100644
#endif /* __PAGETABLE_PUD_FOLDED */
#ifndef __PAGETABLE_PMD_FOLDED
-@@ -3116,6 +3386,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3116,6 +3433,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -111354,7 +111656,7 @@ index 6c836d3..b2296e1 100644
#endif /* __PAGETABLE_PMD_FOLDED */
int make_pages_present(unsigned long addr, unsigned long end)
-@@ -3148,7 +3442,7 @@ static int __init gate_vma_init(void)
+@@ -3148,7 +3489,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
diff --git a/3.11.6/0000_README b/3.11.6/0000_README
index 5611acb..2489326 100644
--- a/3.11.6/0000_README
+++ b/3.11.6/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.9.1-3.11.6-201310271552.patch
+Patch: 4420_grsecurity-2.9.1-3.11.6-201310292050.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310271552.patch b/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310292050.patch
index e291fc5..020c231 100644
--- a/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310271552.patch
+++ b/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310292050.patch
@@ -31217,7 +31217,7 @@ index 4287f1f..3b99c71 100644
printk(KERN_INFO "Write protecting the kernel text: %luk\n",
size >> 10);
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
-index 104d56a..62ba13f 100644
+index 104d56a..62ba13f1 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -151,7 +151,7 @@ early_param("gbpages", parse_direct_gbpages_on);
@@ -48722,7 +48722,7 @@ index a9af1b9a..1e08e7f 100644
ret = -EPERM;
goto reterr;
diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
-index 3b96f18..026a9bf 100644
+index 3b96f18..6f6a8f1 100644
--- a/drivers/uio/uio.c
+++ b/drivers/uio/uio.c
@@ -25,6 +25,7 @@
@@ -48791,7 +48791,22 @@ index 3b96f18..026a9bf 100644
if (event_count != listener->event_count) {
if (copy_to_user(buf, &event_count, count))
retval = -EFAULT;
-@@ -596,13 +597,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
+@@ -584,9 +585,13 @@ static ssize_t uio_write(struct file *filep, const char __user *buf,
+ static int uio_find_mem_index(struct vm_area_struct *vma)
+ {
+ struct uio_device *idev = vma->vm_private_data;
++ unsigned long size;
+
+ if (vma->vm_pgoff < MAX_UIO_MAPS) {
+- if (idev->info->mem[vma->vm_pgoff].size == 0)
++ size = idev->info->mem[vma->vm_pgoff].size;
++ if (size == 0)
++ return -1;
++ if (vma->vm_end - vma->vm_start > size)
+ return -1;
+ return (int)vma->vm_pgoff;
+ }
+@@ -596,13 +601,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
static void uio_vma_open(struct vm_area_struct *vma)
{
struct uio_device *idev = vma->vm_private_data;
@@ -48807,7 +48822,34 @@ index 3b96f18..026a9bf 100644
}
static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
-@@ -809,7 +810,7 @@ int __uio_register_device(struct module *owner,
+@@ -640,14 +645,25 @@ static int uio_mmap_physical(struct vm_area_struct *vma)
+ {
+ struct uio_device *idev = vma->vm_private_data;
+ int mi = uio_find_mem_index(vma);
++ struct uio_mem *mem;
+ if (mi < 0)
+ return -EINVAL;
++ mem = idev->info->mem + mi;
+
+ vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+
++ /*
++ * We cannot use the vm_iomap_memory() helper here,
++ * because vma->vm_pgoff is the map index we looked
++ * up above in uio_find_mem_index(), rather than an
++ * actual page offset into the mmap.
++ *
++ * So we just do the physical mmap without a page
++ * offset.
++ */
+ return remap_pfn_range(vma,
+ vma->vm_start,
+- idev->info->mem[mi].addr >> PAGE_SHIFT,
++ mem->addr >> PAGE_SHIFT,
+ vma->vm_end - vma->vm_start,
+ vma->vm_page_prot);
+ }
+@@ -809,7 +825,7 @@ int __uio_register_device(struct module *owner,
idev->owner = owner;
idev->info = info;
init_waitqueue_head(&idev->wait);
@@ -49350,6 +49392,89 @@ index 95ec042..e6affdd 100644
return 0;
}
+diff --git a/drivers/video/au1100fb.c b/drivers/video/au1100fb.c
+index a54ccdc..22ad8524 100644
+--- a/drivers/video/au1100fb.c
++++ b/drivers/video/au1100fb.c
+@@ -361,37 +361,13 @@ void au1100fb_fb_rotate(struct fb_info *fbi, int angle)
+ int au1100fb_fb_mmap(struct fb_info *fbi, struct vm_area_struct *vma)
+ {
+ struct au1100fb_device *fbdev;
+- unsigned int len;
+- unsigned long start=0, off;
+
+ fbdev = to_au1100fb_device(fbi);
+
+- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
+- return -EINVAL;
+- }
+-
+- start = fbdev->fb_phys & PAGE_MASK;
+- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
+-
+- off = vma->vm_pgoff << PAGE_SHIFT;
+-
+- if ((vma->vm_end - vma->vm_start + off) > len) {
+- return -EINVAL;
+- }
+-
+- off += start;
+- vma->vm_pgoff = off >> PAGE_SHIFT;
+-
+ vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+ pgprot_val(vma->vm_page_prot) |= (6 << 9); //CCA=6
+
+- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
+- vma->vm_end - vma->vm_start,
+- vma->vm_page_prot)) {
+- return -EAGAIN;
+- }
+-
+- return 0;
++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
+ }
+
+ static struct fb_ops au1100fb_ops =
+diff --git a/drivers/video/au1200fb.c b/drivers/video/au1200fb.c
+index 301224e..1d02897 100644
+--- a/drivers/video/au1200fb.c
++++ b/drivers/video/au1200fb.c
+@@ -1233,34 +1233,13 @@ static int au1200fb_fb_blank(int blank_mode, struct fb_info *fbi)
+ * method mainly to allow the use of the TLB streaming flag (CCA=6)
+ */
+ static int au1200fb_fb_mmap(struct fb_info *info, struct vm_area_struct *vma)
+-
+ {
+- unsigned int len;
+- unsigned long start=0, off;
+ struct au1200fb_device *fbdev = info->par;
+
+- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
+- return -EINVAL;
+- }
+-
+- start = fbdev->fb_phys & PAGE_MASK;
+- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
+-
+- off = vma->vm_pgoff << PAGE_SHIFT;
+-
+- if ((vma->vm_end - vma->vm_start + off) > len) {
+- return -EINVAL;
+- }
+-
+- off += start;
+- vma->vm_pgoff = off >> PAGE_SHIFT;
+-
+ vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+ pgprot_val(vma->vm_page_prot) |= _CACHE_MASK; /* CCA=7 */
+
+- return io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
+- vma->vm_end - vma->vm_start,
+- vma->vm_page_prot);
++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
+ }
+
+ static void set_global(u_int cmd, struct au1200_lcd_global_regs_t *pdata)
diff --git a/drivers/video/backlight/kb3886_bl.c b/drivers/video/backlight/kb3886_bl.c
index bca6ccc..252107e 100644
--- a/drivers/video/backlight/kb3886_bl.c
diff --git a/3.2.52/0000_README b/3.2.52/0000_README
index ec68a31..f3e1e87 100644
--- a/3.2.52/0000_README
+++ b/3.2.52/0000_README
@@ -126,7 +126,7 @@ Patch: 1051_linux-3.2.52.patch
From: http://www.kernel.org
Desc: Linux 3.2.52
-Patch: 4420_grsecurity-2.9.1-3.2.52-201310271550.patch
+Patch: 4420_grsecurity-2.9.1-3.2.52-201310292049.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.52/4420_grsecurity-2.9.1-3.2.52-201310271550.patch b/3.2.52/4420_grsecurity-2.9.1-3.2.52-201310292049.patch
index 82cc38f..e09de55 100644
--- a/3.2.52/4420_grsecurity-2.9.1-3.2.52-201310271550.patch
+++ b/3.2.52/4420_grsecurity-2.9.1-3.2.52-201310292049.patch
@@ -44674,7 +44674,7 @@ index 65447c5..0526f0a 100644
ret = -EPERM;
goto reterr;
diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
-index a783d53..cb30d94 100644
+index a783d53..45f96c9 100644
--- a/drivers/uio/uio.c
+++ b/drivers/uio/uio.c
@@ -25,6 +25,7 @@
@@ -44743,7 +44743,22 @@ index a783d53..cb30d94 100644
if (event_count != listener->event_count) {
if (copy_to_user(buf, &event_count, count))
retval = -EFAULT;
-@@ -606,13 +607,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
+@@ -594,9 +595,13 @@ static ssize_t uio_write(struct file *filep, const char __user *buf,
+ static int uio_find_mem_index(struct vm_area_struct *vma)
+ {
+ struct uio_device *idev = vma->vm_private_data;
++ unsigned long size;
+
+ if (vma->vm_pgoff < MAX_UIO_MAPS) {
+- if (idev->info->mem[vma->vm_pgoff].size == 0)
++ size = idev->info->mem[vma->vm_pgoff].size;
++ if (size == 0)
++ return -1;
++ if (vma->vm_end - vma->vm_start > size)
+ return -1;
+ return (int)vma->vm_pgoff;
+ }
+@@ -606,13 +611,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
static void uio_vma_open(struct vm_area_struct *vma)
{
struct uio_device *idev = vma->vm_private_data;
@@ -44759,7 +44774,36 @@ index a783d53..cb30d94 100644
}
static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
-@@ -821,7 +822,7 @@ int __uio_register_device(struct module *owner,
+@@ -650,16 +655,27 @@ static int uio_mmap_physical(struct vm_area_struct *vma)
+ {
+ struct uio_device *idev = vma->vm_private_data;
+ int mi = uio_find_mem_index(vma);
++ struct uio_mem *mem;
+ if (mi < 0)
+ return -EINVAL;
++ mem = idev->info->mem + mi;
+
+ vma->vm_flags |= VM_IO | VM_RESERVED;
+
+ vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+
++ /*
++ * We cannot use the vm_iomap_memory() helper here,
++ * because vma->vm_pgoff is the map index we looked
++ * up above in uio_find_mem_index(), rather than an
++ * actual page offset into the mmap.
++ *
++ * So we just do the physical mmap without a page
++ * offset.
++ */
+ return remap_pfn_range(vma,
+ vma->vm_start,
+- idev->info->mem[mi].addr >> PAGE_SHIFT,
++ mem->addr >> PAGE_SHIFT,
+ vma->vm_end - vma->vm_start,
+ vma->vm_page_prot);
+ }
+@@ -821,7 +837,7 @@ int __uio_register_device(struct module *owner,
idev->owner = owner;
idev->info = info;
init_waitqueue_head(&idev->wait);
@@ -45227,6 +45271,95 @@ index 46f72ed..107788d 100644
return 0;
}
+diff --git a/drivers/video/au1100fb.c b/drivers/video/au1100fb.c
+index 649cb35..1be8b5d 100644
+--- a/drivers/video/au1100fb.c
++++ b/drivers/video/au1100fb.c
+@@ -387,39 +387,13 @@ void au1100fb_fb_rotate(struct fb_info *fbi, int angle)
+ int au1100fb_fb_mmap(struct fb_info *fbi, struct vm_area_struct *vma)
+ {
+ struct au1100fb_device *fbdev;
+- unsigned int len;
+- unsigned long start=0, off;
+
+ fbdev = to_au1100fb_device(fbi);
+
+- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
+- return -EINVAL;
+- }
+-
+- start = fbdev->fb_phys & PAGE_MASK;
+- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
+-
+- off = vma->vm_pgoff << PAGE_SHIFT;
+-
+- if ((vma->vm_end - vma->vm_start + off) > len) {
+- return -EINVAL;
+- }
+-
+- off += start;
+- vma->vm_pgoff = off >> PAGE_SHIFT;
+-
+ vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+ pgprot_val(vma->vm_page_prot) |= (6 << 9); //CCA=6
+
+- vma->vm_flags |= VM_IO;
+-
+- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
+- vma->vm_end - vma->vm_start,
+- vma->vm_page_prot)) {
+- return -EAGAIN;
+- }
+-
+- return 0;
++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
+ }
+
+ static struct fb_ops au1100fb_ops =
+diff --git a/drivers/video/au1200fb.c b/drivers/video/au1200fb.c
+index 7200559..5bd7d88 100644
+--- a/drivers/video/au1200fb.c
++++ b/drivers/video/au1200fb.c
+@@ -1216,38 +1216,13 @@ static int au1200fb_fb_blank(int blank_mode, struct fb_info *fbi)
+ * method mainly to allow the use of the TLB streaming flag (CCA=6)
+ */
+ static int au1200fb_fb_mmap(struct fb_info *info, struct vm_area_struct *vma)
+-
+ {
+- unsigned int len;
+- unsigned long start=0, off;
+ struct au1200fb_device *fbdev = info->par;
+
+- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
+- return -EINVAL;
+- }
+-
+- start = fbdev->fb_phys & PAGE_MASK;
+- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
+-
+- off = vma->vm_pgoff << PAGE_SHIFT;
+-
+- if ((vma->vm_end - vma->vm_start + off) > len) {
+- return -EINVAL;
+- }
+-
+- off += start;
+- vma->vm_pgoff = off >> PAGE_SHIFT;
+-
+ vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+ pgprot_val(vma->vm_page_prot) |= _CACHE_MASK; /* CCA=7 */
+
+- vma->vm_flags |= VM_IO;
+-
+- return io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
+- vma->vm_end - vma->vm_start,
+- vma->vm_page_prot);
+-
+- return 0;
++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
+ }
+
+ static void set_global(u_int cmd, struct au1200_lcd_global_regs_t *pdata)
diff --git a/drivers/video/backlight/backlight.c b/drivers/video/backlight/backlight.c
index 7363c1b..b69ad66 100644
--- a/drivers/video/backlight/backlight.c
@@ -52737,7 +52870,7 @@ index 4c6992d..104cdea 100644
return -EMFILE;
diff --git a/fs/filesystems.c b/fs/filesystems.c
-index 0845f84..bf3fd05 100644
+index 0845f84..bf3fd0571 100644
--- a/fs/filesystems.c
+++ b/fs/filesystems.c
@@ -274,7 +274,12 @@ struct file_system_type *get_fs_type(const char *name)