bpfire/src/patches/linux-3.7-disable-compat_vdso.patch

No need to wrap vdso calls as gentoo does not use any version of 
glibc <=2.3.3
---
From: Gordon Malm <gengor@gentoo.org>
From: Kerin Millar <kerframil@gmail.com>
From: Jory A. Pratt	<anarchy@gentoo.org>

COMPAT_VDSO is inappropriate for any modern Hardened Gentoo system. It
conflicts with various parts of PaX, crashing the system if enabled
while PaX's NOEXEC or UDEREF features are active. Moreover, it prevents
a number of important PaX options from appearing in the configuration
menu, including all PaX NOEXEC implementations. Unfortunately, the
reason for the disappearance of these PaX configuration options is
often far from obvious to inexperienced users.

Therefore, we disable the COMPAT_VDSO menu entry entirely. However,
COMPAT_VDSO operation can still be enabled via bootparam and sysctl
interfaces. Consequently, we must also disable the ability to select
COMPAT_VDSO operation at boot or runtime. Here we patch the kernel so
that selecting COMPAT_VDSO operation at boot/runtime has no effect if
conflicting PaX options are enabled, leaving VDSO_ENABLED operation
intact.

Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138

diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
--- a/arch/x86/Kconfig	2009-07-31 01:36:57.323857684 +0100
+++ b/arch/x86/Kconfig	2009-07-31 01:51:39.395749681 +0100
@@ -1651,17 +1651,8 @@
 
 config COMPAT_VDSO
 	def_bool n
-	prompt "Compat VDSO support"
 	depends on X86_32 || IA32_EMULATION
 	depends on !PAX_PAGEEXEC && !PAX_SEGMEXEC && !PAX_KERNEXEC && !PAX_MEMORY_UDEREF
-	---help---
-	  Map the 32-bit VDSO to the predictable old-style address too.
-
-	  Say N here if you are running a sufficiently recent glibc
-	  version (2.3.3 or later), to remove the high-mapped
-	  VDSO mapping and to exclusively use the randomized VDSO.
-
-	  If unsure, say Y.
 
 config CMDLINE_BOOL
 	bool "Built-in kernel command line"