use pre-36 version of exec argv oom patch

Per discussion on stable list (Apr 14, 2011):
 ----
   This only works starting from 2.6.36.

   before 2.6.36 kernel, oom-killer's badness() uses mm->total_vm. Please
   see the patch for pre2.6.36 kernel below.

   Oleg.
 ----

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

1 files changed, 19 insertions, 16 deletions

diff --git a/queue/exec-make-argv-envp-memory-visible-to-oom-killer.patch b/queue/exec-make-argv-envp-memory-visible-to-oom-killer.patch
index 1975989..4001275 100644
--- a/queue/exec-make-argv-envp-memory-visible-to-oom-killer.patch
+++ b/queue/exec-make-argv-envp-memory-visible-to-oom-killer.patch
@@ -1,9 +1,9 @@
-From e9875b9472a67ead4a1c1c13a99a4264d085b765 Mon Sep 17 00:00:00 2001
+From 00127771ad9835577fb77a47eafe363f59a46c8c Mon Sep 17 00:00:00 2001
 From: Oleg Nesterov <oleg@redhat.com>
-Date: Tue, 30 Nov 2010 20:55:34 +0100
+Date: Thu, 14 Apr 2011 20:19:36 +0200
 Subject: [PATCH] exec: make argv/envp memory visible to oom-killer
 
-commit 3c77f845722158206a7209c45ccddc264d19319c upstream
+commit 3c77f845722158206a7209c45ccddc264d19319c upstream.
 
 Brad Spengler published a local memory-allocation DoS that
 evades the OOM-killer (though not the virtual memory RLIMIT):
@@ -22,17 +22,24 @@ page is swapped out and turn MM_ANONPAGES into MM_SWAPENTS, but
 I don't think this really matters and everything becomes correct
 once exec changes ->mm or fails.
 
+Compared to upstream:
+
+	before 2.6.36 kernel, oom-killer's badness() takes
+	mm->total_vm into account and nothing else. So
+	acct_arg_size() has to play with this counter too.
+
 Reported-by: Brad Spengler <spender@grsecurity.net>
 Reviewed-and-discussed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
+---
 
 diff --git a/fs/exec.c b/fs/exec.c
-index afd9977..8d4912f 100644
+index afd9977..3ab279c 100644
 --- a/fs/exec.c
 +++ b/fs/exec.c
-@@ -158,6 +158,25 @@ out:
+@@ -158,6 +158,21 @@ out:
  
  #ifdef CONFIG_MMU
  
@@ -46,19 +53,15 @@ index afd9977..8d4912f 100644
 +
 +	bprm->vma_pages = pages;
 +
-+#ifdef SPLIT_RSS_COUNTING
-+	add_mm_counter(mm, MM_ANONPAGES, diff);
-+#else
-+	spin_lock(&mm->page_table_lock);
-+	add_mm_counter(mm, MM_ANONPAGES, diff);
-+	spin_unlock(&mm->page_table_lock);
-+#endif
++	down_write(&mm->mmap_sem);
++	mm->total_vm += diff;
++	up_write(&mm->mmap_sem);
 +}
 +
  static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
  		int write)
  {
-@@ -180,6 +199,8 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
+@@ -180,6 +195,8 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
  		unsigned long size = bprm->vma->vm_end - bprm->vma->vm_start;
  		struct rlimit *rlim;
  
@@ -67,7 +70,7 @@ index afd9977..8d4912f 100644
  		/*
  		 * We've historically supported up to 32 pages (ARG_MAX)
  		 * of argument strings even with small stacks
-@@ -269,6 +290,10 @@ static bool valid_arg_len(struct linux_binprm *bprm, long len)
+@@ -269,6 +286,10 @@ static bool valid_arg_len(struct linux_binprm *bprm, long len)
  
  #else
  
@@ -78,7 +81,7 @@ index afd9977..8d4912f 100644
  static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
  		int write)
  {
-@@ -987,6 +1012,7 @@ int flush_old_exec(struct linux_binprm * bprm)
+@@ -987,6 +1008,7 @@ int flush_old_exec(struct linux_binprm * bprm)
  	/*
  	 * Release all of the old mmap stuff
  	 */
@@ -86,7 +89,7 @@ index afd9977..8d4912f 100644
  	retval = exec_mmap(bprm->mm);
  	if (retval)
  		goto out;
-@@ -1411,8 +1437,10 @@ int do_execve(char * filename,
+@@ -1411,8 +1433,10 @@ int do_execve(char * filename,
  	return retval;
  
  out: