Author: cieciwa Date: Thu Apr 20 08:29:26 2006 GMT Module: SOURCES Tag: LINUX_2_6 ---- Log message: - grsecurity patch from 2.6.16.2 fixed for 2.6.16.9
---- Files affected: SOURCES: grsecurity-2.1.9-2.6.16.9.patch (NONE -> 1.1.2.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/grsecurity-2.1.9-2.6.16.9.patch diff -u /dev/null SOURCES/grsecurity-2.1.9-2.6.16.9.patch:1.1.2.1 --- /dev/null Thu Apr 20 10:29:26 2006 +++ SOURCES/grsecurity-2.1.9-2.6.16.9.patch Thu Apr 20 10:29:21 2006 @@ -0,0 +1,24434 @@ +diff -urNp linux-2.6.16.2/arch/alpha/kernel/module.c linux-2.6.16.2/arch/alpha/kernel/module.c +--- linux-2.6.16.2/arch/alpha/kernel/module.c 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/alpha/kernel/module.c 2006-04-09 21:23:54.000000000 -0400 +@@ -177,7 +177,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs, + + /* The small sections were sorted to the end of the segment. + The following should definitely cover them. */ +- gp = (u64)me->module_core + me->core_size - 0x8000; ++ gp = (u64)me->module_core_rw + me->core_size_rw - 0x8000; + got = sechdrs[me->arch.gotsecindex].sh_addr; + + for (i = 0; i < n; i++) { +diff -urNp linux-2.6.16.2/arch/alpha/kernel/osf_sys.c linux-2.6.16.2/arch/alpha/kernel/osf_sys.c +--- linux-2.6.16.2/arch/alpha/kernel/osf_sys.c 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/alpha/kernel/osf_sys.c 2006-04-09 21:23:54.000000000 -0400 +@@ -1274,6 +1274,10 @@ arch_get_unmapped_area(struct file *filp + merely specific addresses, but regions of memory -- perhaps + this feature should be incorporated into all ports? */ + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP) || !filp) ++#endif ++ + if (addr) { + addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit); + if (addr != (unsigned long) -ENOMEM) +@@ -1281,8 +1285,8 @@ arch_get_unmapped_area(struct file *filp + } + + /* Next, try allocating at TASK_UNMAPPED_BASE. */ +- addr = arch_get_unmapped_area_1 (PAGE_ALIGN(TASK_UNMAPPED_BASE), +- len, limit); ++ addr = arch_get_unmapped_area_1 (PAGE_ALIGN(current->mm->mmap_base), len, limit); ++ + if (addr != (unsigned long) -ENOMEM) + return addr; + +diff -urNp linux-2.6.16.2/arch/alpha/kernel/ptrace.c linux-2.6.16.2/arch/alpha/kernel/ptrace.c +--- linux-2.6.16.2/arch/alpha/kernel/ptrace.c 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/alpha/kernel/ptrace.c 2006-04-09 21:23:54.000000000 -0400 +@@ -15,6 +15,7 @@ + #include <linux/slab.h> + #include <linux/security.h> + #include <linux/signal.h> ++#include <linux/grsecurity.h> + + #include <asm/uaccess.h> + #include <asm/pgtable.h> +@@ -283,6 +284,9 @@ do_sys_ptrace(long request, long pid, lo + goto out_notsk; + } + ++ if (gr_handle_ptrace(child, request)) ++ goto out; ++ + if (request == PTRACE_ATTACH) { + ret = ptrace_attach(child); + goto out; +diff -urNp linux-2.6.16.2/arch/alpha/mm/fault.c linux-2.6.16.2/arch/alpha/mm/fault.c +--- linux-2.6.16.2/arch/alpha/mm/fault.c 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/alpha/mm/fault.c 2006-04-09 21:23:54.000000000 -0400 +@@ -25,6 +25,7 @@ + #include <linux/smp_lock.h> + #include <linux/interrupt.h> + #include <linux/module.h> ++#include <linux/binfmts.h> + + #include <asm/system.h> + #include <asm/uaccess.h> +@@ -56,6 +57,124 @@ __load_new_mm_context(struct mm_struct * + __reload_thread(pcb); + } + ++#ifdef CONFIG_PAX_PAGEEXEC ++/* ++ * PaX: decide what to do with offenders (regs->pc = fault address) ++ * ++ * returns 1 when task should be killed ++ * 2 when patched PLT trampoline was detected ++ * 3 when unpatched PLT trampoline was detected ++ */ ++static int pax_handle_fetch_fault(struct pt_regs *regs) ++{ ++ ++#ifdef CONFIG_PAX_EMUPLT ++ int err; ++ ++ do { /* PaX: patched PLT emulation #1 */ ++ unsigned int ldah, ldq, jmp; ++ ++ err = get_user(ldah, (unsigned int *)regs->pc); ++ err |= get_user(ldq, (unsigned int *)(regs->pc+4)); ++ err |= get_user(jmp, (unsigned int *)(regs->pc+8)); ++ ++ if (err) ++ break; ++ ++ if ((ldah & 0xFFFF0000U) == 0x277B0000U && ++ (ldq & 0xFFFF0000U) == 0xA77B0000U && ++ jmp == 0x6BFB0000U) ++ { ++ unsigned long r27, addr; ++ unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16; ++ unsigned long addrl = ldq | 0xFFFFFFFFFFFF0000UL; ++ ++ addr = regs->r27 + ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL); ++ err = get_user(r27, (unsigned long*)addr); ++ if (err) ++ break; ++ ++ regs->r27 = r27; ++ regs->pc = r27; ++ return 2; ++ } ++ } while (0); ++ ++ do { /* PaX: patched PLT emulation #2 */ ++ unsigned int ldah, lda, br; ++ ++ err = get_user(ldah, (unsigned int *)regs->pc); ++ err |= get_user(lda, (unsigned int *)(regs->pc+4)); ++ err |= get_user(br, (unsigned int *)(regs->pc+8)); ++ ++ if (err) ++ break; ++ ++ if ((ldah & 0xFFFF0000U)== 0x277B0000U && ++ (lda & 0xFFFF0000U) == 0xA77B0000U && ++ (br & 0xFFE00000U) == 0xC3E00000U) ++ { ++ unsigned long addr = br | 0xFFFFFFFFFFE00000UL; ++ unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16; ++ unsigned long addrl = lda | 0xFFFFFFFFFFFF0000UL; ++ ++ regs->r27 += ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL); ++ regs->pc += 12 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2); ++ return 2; ++ } ++ } while (0); ++ ++ do { /* PaX: unpatched PLT emulation */ ++ unsigned int br; ++ ++ err = get_user(br, (unsigned int *)regs->pc); ++ ++ if (!err && (br & 0xFFE00000U) == 0xC3800000U) { ++ unsigned int br2, ldq, nop, jmp; ++ unsigned long addr = br | 0xFFFFFFFFFFE00000UL, resolver; ++ ++ addr = regs->pc + 4 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2); ++ err = get_user(br2, (unsigned int *)addr); ++ err |= get_user(ldq, (unsigned int *)(addr+4)); ++ err |= get_user(nop, (unsigned int *)(addr+8)); ++ err |= get_user(jmp, (unsigned int *)(addr+12)); ++ err |= get_user(resolver, (unsigned long *)(addr+16)); ++ ++ if (err) ++ break; ++ ++ if (br2 == 0xC3600000U && ++ ldq == 0xA77B000CU && ++ nop == 0x47FF041FU && ++ jmp == 0x6B7B0000U) ++ { ++ regs->r28 = regs->pc+4; ++ regs->r27 = addr+16; ++ regs->pc = resolver; ++ return 3; ++ } ++ } ++ } while (0); ++#endif ++ ++ return 1; ++} ++ ++void pax_report_insns(void *pc, void *sp) ++{ ++ unsigned long i; ++ ++ printk(KERN_ERR "PAX: bytes at PC: "); ++ for (i = 0; i < 5; i++) { ++ unsigned int c; ++ if (get_user(c, (unsigned int*)pc+i)) ++ printk("???????? "); ++ else ++ printk("%08x ", c); ++ } ++ printk("\n"); ++} ++#endif + + /* + * This routine handles page faults. It determines the address, +@@ -133,8 +252,29 @@ do_page_fault(unsigned long address, uns + good_area: + si_code = SEGV_ACCERR; + if (cause < 0) { +- if (!(vma->vm_flags & VM_EXEC)) ++ if (!(vma->vm_flags & VM_EXEC)) { ++ ++#ifdef CONFIG_PAX_PAGEEXEC ++ if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->pc) ++ goto bad_area; ++ ++ up_read(&mm->mmap_sem); ++ switch(pax_handle_fetch_fault(regs)) { ++ ++#ifdef CONFIG_PAX_EMUPLT ++ case 2: ++ case 3: ++ return; ++#endif ++ ++ } ++ pax_report_fault(regs, (void*)regs->pc, (void*)rdusp()); ++ do_exit(SIGKILL); ++#else + goto bad_area; ++#endif ++ ++ } + } else if (!cause) { + /* Allow reads even for write-only mappings */ + if (!(vma->vm_flags & (VM_READ | VM_WRITE))) +diff -urNp linux-2.6.16.2/arch/arm/mm/mmap.c linux-2.6.16.2/arch/arm/mm/mmap.c +--- linux-2.6.16.2/arch/arm/mm/mmap.c 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/arm/mm/mmap.c 2006-04-09 21:23:54.000000000 -0400 +@@ -62,6 +62,10 @@ arch_get_unmapped_area(struct file *filp + if (len > TASK_SIZE) + return -ENOMEM; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP) || !filp) ++#endif ++ + if (addr) { + if (do_align) + addr = COLOUR_ALIGN(addr, pgoff); +@@ -76,7 +80,7 @@ arch_get_unmapped_area(struct file *filp + if (len > mm->cached_hole_size) { + start_addr = addr = mm->free_area_cache; + } else { +- start_addr = addr = TASK_UNMAPPED_BASE; ++ start_addr = addr = mm->mmap_base; + mm->cached_hole_size = 0; + } + +@@ -93,8 +97,8 @@ full_search: + * Start a new search - just in case we missed + * some holes. + */ +- if (start_addr != TASK_UNMAPPED_BASE) { +- start_addr = addr = TASK_UNMAPPED_BASE; ++ if (start_addr != mm->mmap_base) { ++ start_addr = addr = mm->mmap_base; + mm->cached_hole_size = 0; + goto full_search; + } +diff -urNp linux-2.6.16.2/arch/i386/boot/compressed/head.S linux-2.6.16.2/arch/i386/boot/compressed/head.S +--- linux-2.6.16.2/arch/i386/boot/compressed/head.S 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/i386/boot/compressed/head.S 2006-04-09 21:23:54.000000000 -0400 +@@ -39,11 +39,13 @@ startup_32: + movl %eax,%gs + + lss stack_start,%esp ++ movl 0x000000,%ecx + xorl %eax,%eax + 1: incl %eax # check that A20 really IS enabled + movl %eax,0x000000 # loop forever if it isn't + cmpl %eax,0x100000 + je 1b ++ movl %ecx,0x000000 + + /* + * Initialize eflags. Some BIOS's leave bits like NT set. This would +diff -urNp linux-2.6.16.2/arch/i386/Kconfig linux-2.6.16.2/arch/i386/Kconfig +--- linux-2.6.16.2/arch/i386/Kconfig 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/i386/Kconfig 2006-04-09 21:23:54.000000000 -0400 +@@ -963,7 +963,7 @@ endchoice + + config PCI_BIOS + bool +- depends on !X86_VISWS && PCI && (PCI_GOBIOS || PCI_GOANY) ++ depends on !X86_VISWS && PCI && PCI_GOBIOS + default y + + config PCI_DIRECT +diff -urNp linux-2.6.16.2/arch/i386/Kconfig.cpu linux-2.6.16.2/arch/i386/Kconfig.cpu +--- linux-2.6.16.2/arch/i386/Kconfig.cpu 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/i386/Kconfig.cpu 2006-04-09 21:23:54.000000000 -0400 +@@ -251,7 +251,7 @@ config X86_PPRO_FENCE + + config X86_F00F_BUG + bool +- depends on M586MMX || M586TSC || M586 || M486 || M386 ++ depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC + default y + + config X86_WP_WORKS_OK +@@ -281,7 +281,7 @@ config X86_CMPXCHG64 + + config X86_ALIGNMENT_16 + bool +- depends on MWINCHIP3D || MWINCHIP2 || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1 ++ depends on MWINCHIP3D || MWINCHIP2 || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK8 || MK7 || MK6 || MPENTIUM4 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1 + default y + + config X86_GOOD_APIC +diff -urNp linux-2.6.16.2/arch/i386/Kconfig.debug linux-2.6.16.2/arch/i386/Kconfig.debug +--- linux-2.6.16.2/arch/i386/Kconfig.debug 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/i386/Kconfig.debug 2006-04-09 21:24:03.000000000 -0400 +@@ -44,7 +44,7 @@ config DEBUG_PAGEALLOC + + config DEBUG_RODATA + bool "Write protect kernel read-only data structures" +- depends on DEBUG_KERNEL ++ depends on DEBUG_KERNEL && 0 + help + Mark the kernel read-only data as write-protected in the pagetables, + in order to catch accidental (and incorrect) writes to such const +diff -urNp linux-2.6.16.2/arch/i386/kernel/acpi/sleep.c linux-2.6.16.2/arch/i386/kernel/acpi/sleep.c +--- linux-2.6.16.2/arch/i386/kernel/acpi/sleep.c 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/i386/kernel/acpi/sleep.c 2006-04-09 21:23:54.000000000 -0400 +@@ -10,6 +10,7 @@ + #include <linux/dmi.h> + #include <asm/smp.h> + #include <asm/tlbflush.h> ++#include <asm/desc.h> + + /* address in low memory of the wakeup routine. */ + unsigned long acpi_wakeup_address = 0; +@@ -24,11 +25,22 @@ static void init_low_mapping(pgd_t * pgd + { + int pgd_ofs = 0; + ++#ifdef CONFIG_PAX_KERNEXEC ++ unsigned long cr0; ++ ++ pax_open_kernel(cr0); ++#endif ++ + while ((pgd_ofs < pgd_limit) + && (pgd_ofs + USER_PTRS_PER_PGD < PTRS_PER_PGD)) { + set_pgd(pgd, *(pgd + USER_PTRS_PER_PGD)); + pgd_ofs++, pgd++; + } ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ pax_close_kernel(cr0); ++#endif ++ + flush_tlb_all(); + } + +@@ -55,7 +67,18 @@ int acpi_save_state_mem(void) + */ + void acpi_restore_state_mem(void) + { ++#ifdef CONFIG_PAX_KERNEXEC ++ unsigned long cr0; ++ ++ pax_open_kernel(cr0); ++#endif ++ + zap_low_mappings(); ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ pax_close_kernel(cr0); ++#endif ++ + } + + /** +diff -urNp linux-2.6.16.2/arch/i386/kernel/apic.c linux-2.6.16.2/arch/i386/kernel/apic.c +--- linux-2.6.16.2/arch/i386/kernel/apic.c 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/i386/kernel/apic.c 2006-04-09 21:23:54.000000000 -0400 +@@ -1150,7 +1150,7 @@ inline void smp_local_timer_interrupt(st + { + profile_tick(CPU_PROFILING, regs); + #ifdef CONFIG_SMP +- update_process_times(user_mode_vm(regs)); ++ update_process_times(user_mode(regs)); + #endif + + /* +diff -urNp linux-2.6.16.2/arch/i386/kernel/apm.c linux-2.6.16.2/arch/i386/kernel/apm.c +--- linux-2.6.16.2/arch/i386/kernel/apm.c 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/i386/kernel/apm.c 2006-04-09 21:23:54.000000000 -0400 +@@ -589,9 +589,18 @@ static u8 apm_bios_call(u32 func, u32 eb + struct desc_struct save_desc_40; + struct desc_struct *gdt; + ++#ifdef CONFIG_PAX_KERNEXEC ++ unsigned long cr0; ++#endif ++ + cpus = apm_save_cpus(); + + cpu = get_cpu(); ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ pax_open_kernel(cr0); ++#endif ++ + gdt = get_cpu_gdt_table(cpu); + save_desc_40 = gdt[0x40 / 8]; + gdt[0x40 / 8] = bad_bios_desc; +@@ -603,6 +612,11 @@ static u8 apm_bios_call(u32 func, u32 eb + APM_DO_RESTORE_SEGS; + local_irq_restore(flags); + gdt[0x40 / 8] = save_desc_40; ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ pax_close_kernel(cr0); ++#endif ++ + put_cpu(); + apm_restore_cpus(cpus); + +@@ -633,9 +647,18 @@ static u8 apm_bios_call_simple(u32 func, + struct desc_struct save_desc_40; + struct desc_struct *gdt; + ++#ifdef CONFIG_PAX_KERNEXEC ++ unsigned long cr0; ++#endif ++ + cpus = apm_save_cpus(); + + cpu = get_cpu(); ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ pax_open_kernel(cr0); ++#endif ++ + gdt = get_cpu_gdt_table(cpu); + save_desc_40 = gdt[0x40 / 8]; + gdt[0x40 / 8] = bad_bios_desc; +@@ -647,6 +670,11 @@ static u8 apm_bios_call_simple(u32 func, + APM_DO_RESTORE_SEGS; + local_irq_restore(flags); + gdt[0x40 / 8] = save_desc_40; ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ pax_close_kernel(cr0); ++#endif ++ + put_cpu(); + apm_restore_cpus(cpus); + return error; +diff -urNp linux-2.6.16.2/arch/i386/kernel/asm-offsets.c linux-2.6.16.2/arch/i386/kernel/asm-offsets.c +--- linux-2.6.16.2/arch/i386/kernel/asm-offsets.c 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/i386/kernel/asm-offsets.c 2006-04-09 21:23:54.000000000 -0400 +@@ -68,5 +68,6 @@ void foo(void) + sizeof(struct tss_struct)); + + DEFINE(PAGE_SIZE_asm, PAGE_SIZE); ++ DEFINE(PTRS_PER_PTE_asm, PTRS_PER_PTE); + DEFINE(VSYSCALL_BASE, __fix_to_virt(FIX_VSYSCALL)); + } +diff -urNp linux-2.6.16.2/arch/i386/kernel/cpu/common.c linux-2.6.16.2/arch/i386/kernel/cpu/common.c +--- linux-2.6.16.2/arch/i386/kernel/cpu/common.c 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/i386/kernel/cpu/common.c 2006-04-09 21:23:54.000000000 -0400 +@@ -4,7 +4,6 @@ + #include <linux/smp.h> + #include <linux/module.h> + #include <linux/percpu.h> +-#include <linux/bootmem.h> + #include <asm/semaphore.h> + #include <asm/processor.h> + #include <asm/i387.h> +@@ -19,9 +18,6 @@ + + #include "cpu.h" + +-DEFINE_PER_CPU(struct Xgt_desc_struct, cpu_gdt_descr); +-EXPORT_PER_CPU_SYMBOL(cpu_gdt_descr); +- + DEFINE_PER_CPU(unsigned char, cpu_16bit_stack[CPU_16BIT_STACK_SIZE]); + EXPORT_PER_CPU_SYMBOL(cpu_16bit_stack); + +@@ -387,6 +383,10 @@ void __devinit identify_cpu(struct cpuin + if (this_cpu->c_init) + this_cpu->c_init(c); + ++#if defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_NOVSYSCALL) ++ clear_bit(X86_FEATURE_SEP, c->x86_capability); ++#endif ++ + /* Disable the PN if appropriate */ + squash_the_stupid_serial_number(c); + +@@ -573,11 +573,10 @@ void __init early_cpu_init(void) + void __devinit cpu_init(void) + { + int cpu = smp_processor_id(); +- struct tss_struct * t = &per_cpu(init_tss, cpu); ++ struct tss_struct * t = init_tss + cpu; + struct thread_struct *thread = ¤t->thread; +- struct desc_struct *gdt; ++ struct desc_struct *gdt = get_cpu_gdt_table(cpu); + __u32 stk16_off = (__u32)&per_cpu(cpu_16bit_stack, cpu); +- struct Xgt_desc_struct *cpu_gdt_descr = &per_cpu(cpu_gdt_descr, cpu); + + if (cpu_test_and_set(cpu, cpu_initialized)) { + printk(KERN_WARNING "CPU#%d already initialized!\n", cpu); +@@ -595,29 +594,11 @@ void __devinit cpu_init(void) + } + + /* +- * This is a horrible hack to allocate the GDT. The problem +- * is that cpu_init() is called really early for the boot CPU +- * (and hence needs bootmem) but much later for the secondary +- * CPUs, when bootmem will have gone away +- */ +- if (NODE_DATA(0)->bdata->node_bootmem_map) { +- gdt = (struct desc_struct *)alloc_bootmem_pages(PAGE_SIZE); +- /* alloc_bootmem_pages panics on failure, so no check */ +- memset(gdt, 0, PAGE_SIZE); +- } else { +- gdt = (struct desc_struct *)get_zeroed_page(GFP_KERNEL); +- if (unlikely(!gdt)) { +- printk(KERN_CRIT "CPU%d failed to allocate GDT\n", cpu); +- for (;;) +- local_irq_enable(); +- } +- } +- +- /* + * Initialize the per-CPU GDT with the boot GDT, + * and set up the GDT descriptor: + */ +- memcpy(gdt, cpu_gdt_table, GDT_SIZE); ++ if (cpu) ++ memcpy(gdt, cpu_gdt_table, GDT_SIZE); + + /* Set up GDT entry for 16bit stack */ + *(__u64 *)(&gdt[GDT_ENTRY_ESPFIX_SS]) |= +@@ -625,10 +606,10 @@ void __devinit cpu_init(void) + ((((__u64)stk16_off) << 32) & 0xff00000000000000ULL) | + (CPU_16BIT_STACK_SIZE - 1); + +- cpu_gdt_descr->size = GDT_SIZE - 1; +- cpu_gdt_descr->address = (unsigned long)gdt; ++ cpu_gdt_descr[cpu].size = GDT_SIZE - 1; ++ cpu_gdt_descr[cpu].address = (unsigned long)gdt; + +- load_gdt(cpu_gdt_descr); ++ load_gdt(&cpu_gdt_descr[cpu]); + load_idt(&idt_descr); + + /* +@@ -643,7 +624,7 @@ void __devinit cpu_init(void) + load_esp0(t, thread); + set_tss_desc(cpu,t); + load_TR_desc(); +- load_LDT(&init_mm.context); ++ _load_LDT(&init_mm.context); + + #ifdef CONFIG_DOUBLEFAULT + /* Set up doublefault TSS pointer in the GDT */ +diff -urNp linux-2.6.16.2/arch/i386/kernel/doublefault.c linux-2.6.16.2/arch/i386/kernel/doublefault.c +--- linux-2.6.16.2/arch/i386/kernel/doublefault.c 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/i386/kernel/doublefault.c 2006-04-09 21:23:54.000000000 -0400 +@@ -11,7 +11,7 @@ + + #define DOUBLEFAULT_STACKSIZE (1024) + static unsigned long doublefault_stack[DOUBLEFAULT_STACKSIZE]; +-#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE) ++#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE-2) + + #define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + 0x1000000) + +diff -urNp linux-2.6.16.2/arch/i386/kernel/efi.c linux-2.6.16.2/arch/i386/kernel/efi.c +--- linux-2.6.16.2/arch/i386/kernel/efi.c 2006-04-07 12:56:47.000000000 -0400 ++++ linux-2.6.16.2/arch/i386/kernel/efi.c 2006-04-09 21:23:54.000000000 -0400 +@@ -64,82 +64,58 @@ extern void * boot_ioremap(unsigned long + + static unsigned long efi_rt_eflags; + static DEFINE_SPINLOCK(efi_rt_lock); +-static pgd_t efi_bak_pg_dir_pointer[2]; ++static pgd_t __initdata efi_bak_pg_dir_pointer[4]; + +-static void efi_call_phys_prelog(void) ++static void __init efi_call_phys_prelog(void) + { +- unsigned long cr4; +- unsigned long temp; +- struct Xgt_desc_struct *cpu_gdt_descr; +- <<Diff was trimmed, longer than 597 lines>> _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit