---- kernel-maemo-2.6.28.orig/arch/arm/boot/compressed/head.S
-+++ kernel-maemo-2.6.28/arch/arm/boot/compressed/head.S
+diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S
+index 7b1f312..4a9a275 100644
+--- a/arch/arm/boot/compressed/head.S
++++ b/arch/arm/boot/compressed/head.S
@@ -27,6 +27,14 @@
.macro writeb, ch, rb
mcr p14, 0, \ch, c0, c5, 0
#else
.macro loadsp, rb
.endm
---- kernel-maemo-2.6.28.orig/arch/arm/boot/compressed/misc.c
-+++ kernel-maemo-2.6.28/arch/arm/boot/compressed/misc.c
-@@ -47,6 +47,17 @@
+diff --git a/arch/arm/boot/compressed/misc.c b/arch/arm/boot/compressed/misc.c
+index 65ce8ff..c74fc24 100644
+--- a/arch/arm/boot/compressed/misc.c
++++ b/arch/arm/boot/compressed/misc.c
+@@ -47,6 +47,17 @@ static void icedcc_putc(int ch)
asm("mcr p14, 0, %0, c0, c5, 0" : : "r" (ch));
}
#else
static void icedcc_putc(int ch)
---- kernel-maemo-2.6.28.orig/arch/arm/include/asm/cacheflush.h
-+++ kernel-maemo-2.6.28/arch/arm/include/asm/cacheflush.h
-@@ -138,16 +138,16 @@
- * Please note that the implementation of these, and the required
- * effects are cache-type (VIVT/VIPT/PIPT) specific.
- *
-- * flush_cache_kern_all()
-+ * flush_kern_all()
- *
- * Unconditionally clean and invalidate the entire cache.
- *
-- * flush_cache_user_mm(mm)
-+ * flush_user_all()
- *
- * Clean and invalidate all user space cache entries
- * before a change of page tables.
- *
-- * flush_cache_user_range(start, end, flags)
-+ * flush_user_range(start, end, flags)
- *
- * Clean and invalidate a range of cache entries in the
- * specified address space before a change of page tables.
-@@ -163,6 +163,20 @@
- * - start - virtual start address
- * - end - virtual end address
- *
-+ * coherent_user_range(start, end)
-+ *
-+ * Ensure coherency between the Icache and the Dcache in the
-+ * region described by start, end. If you have non-snooping
-+ * Harvard caches, you need to implement this function.
-+ * - start - virtual start address
-+ * - end - virtual end address
-+ *
-+ * flush_kern_dcache_area(kaddr, size)
-+ *
-+ * Ensure that the data held in page is written back.
-+ * - kaddr - page address
-+ * - size - region size
-+ *
- * DMA Cache Coherency
- * ===================
- *
---- kernel-maemo-2.6.28.orig/arch/arm/kernel/debug.S
-+++ kernel-maemo-2.6.28/arch/arm/kernel/debug.S
+diff --git a/arch/arm/kernel/debug.S b/arch/arm/kernel/debug.S
+index f53c582..e1866bf 100644
+--- a/arch/arm/kernel/debug.S
++++ b/arch/arm/kernel/debug.S
@@ -49,6 +49,26 @@
1002:
.endm
#else
.macro addruart, rx
---- kernel-maemo-2.6.28.orig/arch/arm/mm/mmu.c
-+++ kernel-maemo-2.6.28/arch/arm/mm/mmu.c
-@@ -953,4 +953,6 @@
- pmd[1] = __pmd(pmdval + (1 << (PGDIR_SHIFT - 1)));
- flush_pmd_entry(pmd);
- }
+diff --git a/arch/arm/include/asm/setup.h b/arch/arm/include/asm/setup.h
+index 5ccce0a..3ca36bb 100644
+--- a/arch/arm/include/asm/setup.h
++++ b/arch/arm/include/asm/setup.h
+@@ -21,6 +21,11 @@
+ /* The list ends with an ATAG_NONE node. */
+ #define ATAG_NONE 0x00000000
+
++/* Some sanity checks are needed */
++#define ATAG_MAX_SZ PAGE_SIZE
++#define atag_valid(tag) \
++ ((tag)->hdr.size && ((tag)->hdr.size <= ATAG_MAX_SZ))
+
-+ local_flush_tlb_all();
- }
---- kernel-maemo-2.6.28.orig/arch/arm/mm/proc-v6.S
-+++ kernel-maemo-2.6.28/arch/arm/mm/proc-v6.S
-@@ -56,8 +56,6 @@
- * to what would be the reset vector.
- *
- * - loc - location to jump to for soft reset
-- *
-- * It is assumed that:
- */
- .align 5
- ENTRY(cpu_v6_reset)
---- kernel-maemo-2.6.28.orig/arch/arm/mm/proc-v7.S
-+++ kernel-maemo-2.6.28/arch/arm/mm/proc-v7.S
-@@ -28,7 +28,14 @@
- ENDPROC(cpu_v7_proc_init)
+ struct tag_header {
+ __u32 size;
+ __u32 tag;
+@@ -173,9 +178,10 @@ struct tagtable {
+ int (*parse)(const struct tag *);
+ };
+
+-#define tag_member_present(tag,member) \
+- ((unsigned long)(&((struct tag *)0L)->member + 1) \
+- <= (tag)->hdr.size * 4)
++#define tag_member_present(tag,member) \
++ (atag_valid(tag) && \
++ (((unsigned long)(&((struct tag *)0L)->member + 1) \
++ <= (tag)->hdr.size * 4))
- ENTRY(cpu_v7_proc_fin)
-- mov pc, lr
-+ stmfd sp!, {lr}
-+ cpsid if @ disable interrupts
-+ bl v7_flush_kern_cache_all
-+ mrc p15, 0, r0, c1, c0, 0 @ ctrl register
-+ bic r0, r0, #0x1000 @ ...i............
-+ bic r0, r0, #0x0006 @ .............ca.
-+ mcr p15, 0, r0, c1, c0, 0 @ disable caches
-+ ldmfd sp!, {pc}
- ENDPROC(cpu_v7_proc_fin)
+ #define tag_next(t) ((struct tag *)((__u32 *)(t) + (t)->hdr.size))
+ #define tag_size(type) ((sizeof(struct tag_header) + sizeof(struct type)) >> 2)
+diff --git a/arch/arm/kernel/atags.c b/arch/arm/kernel/atags.c
+index 42a1a14..14d0993 100644
+--- a/arch/arm/kernel/atags.c
++++ b/arch/arm/kernel/atags.c
+@@ -51,7 +51,7 @@ static int __init init_atags_procfs(void)
+ return -EINVAL;
+ }
+
+- for (; tag->hdr.size; tag = tag_next(tag))
++ for (; atag_valid(tag); tag = tag_next(tag))
+ ;
+
+ /* include the terminating ATAG_NONE */
+diff --git a/arch/arm/kernel/compat.c b/arch/arm/kernel/compat.c
+index 0a13854..3e63ee1 100644
+--- a/arch/arm/kernel/compat.c
++++ b/arch/arm/kernel/compat.c
+@@ -220,7 +220,7 @@ void __init convert_to_tag_list(struct tag *tags)
- /*
-@@ -39,8 +46,6 @@
- * to what would be the reset vector.
- *
- * - loc - location to jump to for soft reset
-- *
-- * It is assumed that:
+ void __init squash_mem_tags(struct tag *tag)
+ {
+- for (; tag->hdr.size; tag = tag_next(tag))
++ for (; atag_valid(tag); tag = tag_next(tag))
+ if (tag->hdr.tag == ATAG_MEM)
+ tag->hdr.tag = ATAG_NONE;
+ }
+diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
+index c6c57b6..53d7181 100644
+--- a/arch/arm/kernel/setup.c
++++ b/arch/arm/kernel/setup.c
+@@ -556,7 +556,7 @@ request_standard_resources(struct meminfo *mi, struct machine_desc *mdesc)
+ */
+ static int __init parse_tag_core(const struct tag *tag)
+ {
+- if (tag->hdr.size > 2) {
++ if ((atag_valid(tag) && (tag->hdr.size > 2))) {
+ if ((tag->u.core.flags & 1) == 0)
+ root_mountflags &= ~MS_RDONLY;
+ ROOT_DEV = old_decode_dev(tag->u.core.rootdev);
+@@ -660,7 +660,7 @@ static int __init parse_tag(const struct tag *tag)
*/
- .align 5
- ENTRY(cpu_v7_reset)
+ static void __init parse_tags(const struct tag *t)
+ {
+- for (; t->hdr.size; t = tag_next(t))
++ for (; atag_valid(t); t = tag_next(t))
+ if (!parse_tag(t))
+ printk(KERN_WARNING
+ "Ignoring unrecognised tag 0x%08x\n",
+diff --git a/arch/arm/mach-orion5x/common.c b/arch/arm/mach-orion5x/common.c
+index f87fa12..8afee34 100644
+--- a/arch/arm/mach-orion5x/common.c
++++ b/arch/arm/mach-orion5x/common.c
+@@ -717,7 +717,7 @@ void __init orion5x_init(void)
+ void __init tag_fixup_mem32(struct machine_desc *mdesc, struct tag *t,
+ char **from, struct meminfo *meminfo)
+ {
+- for (; t->hdr.size; t = tag_next(t))
++ for (; atag_valid(t); t = tag_next(t))
+ if (t->hdr.tag == ATAG_MEM &&
+ (!t->u.mem.size || t->u.mem.size & ~PAGE_MASK ||
+ t->u.mem.start & ~PAGE_MASK)) {
projects / kernel-power / blobdiff