diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2014-01-21 16:32:54 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2014-01-21 16:32:54 -0500 |
commit | 460567bd4695d06140d31ffc74dbe78ab9e5b519 (patch) | |
tree | 4892583d3e2c567959bc527e9d6d760110c566e7 /3.2.54 | |
parent | Grsec/PaX: 3.0-3.12.8-201401160931 (diff) | |
download | hardened-patchset-460567bd4695d06140d31ffc74dbe78ab9e5b519.tar.gz hardened-patchset-460567bd4695d06140d31ffc74dbe78ab9e5b519.tar.bz2 hardened-patchset-460567bd4695d06140d31ffc74dbe78ab9e5b519.zip |
Grsec/PaX: 3.0-{3.2.54,3.12.8}-20140119101520140119
Diffstat (limited to '3.2.54')
-rw-r--r-- | 3.2.54/0000_README | 2 | ||||
-rw-r--r-- | 3.2.54/4420_grsecurity-3.0-3.2.54-201401191012.patch (renamed from 3.2.54/4420_grsecurity-3.0-3.2.54-201401160931.patch) | 517 |
2 files changed, 362 insertions, 157 deletions
diff --git a/3.2.54/0000_README b/3.2.54/0000_README index 155b184..30d9794 100644 --- a/3.2.54/0000_README +++ b/3.2.54/0000_README @@ -134,7 +134,7 @@ Patch: 1053_linux-3.2.54.patch From: http://www.kernel.org Desc: Linux 3.2.54 -Patch: 4420_grsecurity-3.0-3.2.54-201401160931.patch +Patch: 4420_grsecurity-3.0-3.2.54-201401191012.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.54/4420_grsecurity-3.0-3.2.54-201401160931.patch b/3.2.54/4420_grsecurity-3.0-3.2.54-201401191012.patch index 6d2be70..ec718f0 100644 --- a/3.2.54/4420_grsecurity-3.0-3.2.54-201401160931.patch +++ b/3.2.54/4420_grsecurity-3.0-3.2.54-201401191012.patch @@ -23066,7 +23066,7 @@ index 09ff517..df19fbff 100644 .short 0 .quad 0x00cf9b000000ffff # __KERNEL32_CS diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index e6fbb94..75e9d8c 100644 +index e6fbb94..b372995 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -70,12 +70,6 @@ asmlinkage int system_call(void); @@ -23211,7 +23211,7 @@ index e6fbb94..75e9d8c 100644 { if (!fixup_exception(regs)) { task->thread.error_code = error_code; -@@ -576,8 +605,8 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void) +@@ -576,18 +605,19 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void) void __math_state_restore(struct task_struct *tsk) { /* We need a safe address that is cheap to find and that is already @@ -23222,6 +23222,23 @@ index e6fbb94..75e9d8c 100644 /* AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception is pending. Clear the x87 state here by setting it to fixed + values. safe_address is a random variable that should be in L1 */ +- alternative_input( +- ASM_NOP8 ASM_NOP2, +- "emms\n\t" /* clear stack tags */ +- "fildl %P[addr]", /* set F?P to defined value */ +- X86_FEATURE_FXSAVE_LEAK, +- [addr] "m" (safe_address)); ++ if (unlikely(static_cpu_has(X86_FEATURE_FXSAVE_LEAK))) { ++ asm volatile( ++ "fnclex\n\t" ++ "emms\n\t" ++ "fildl %P[addr]" /* set F?P to defined value */ ++ : : [addr] "m" (init_tss[raw_smp_processor_id()].x86_tss.sp0)); ++ } + + /* + * Paranoid restore. send a SIGSEGV if we fail to restore the state. diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S index b9242ba..50c5edd 100644 --- a/arch/x86/kernel/verify_cpu.S @@ -33960,7 +33977,7 @@ index da3cfee..a5a6606 100644 *ppos = i; diff --git a/drivers/char/random.c b/drivers/char/random.c -index c244f0e..fc574b2 100644 +index c244f0e..3f6ae58 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -255,10 +255,8 @@ @@ -34695,7 +34712,7 @@ index c244f0e..fc574b2 100644 } #endif -@@ -835,97 +916,109 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, +@@ -835,104 +916,127 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, * from the primary pool to the secondary extraction pool. We make * sure we pull enough for a 'catastrophic reseed'. */ @@ -34870,24 +34887,25 @@ index c244f0e..fc574b2 100644 } hash; __u32 workspace[SHA_WORKSPACE_WORDS]; __u8 extract[64]; -@@ -938,6 +1031,17 @@ static void extract_buf(struct entropy_store *r, __u8 *out) - sha_transform(hash.w, (__u8 *)(r->pool + i), workspace); + unsigned long flags; - /* +- /* Generate a hash across the pool, 16 words (512 bits) at a time */ ++ /* + * If we have an architectural hardware random number -+ * generator, mix that in, too. ++ * generator, use it for SHA's initial vector + */ + sha_init(hash.w); + for (i = 0; i < LONGS(20); i++) { + unsigned long v; + if (!arch_get_random_long(&v)) + break; -+ hash.l[i] ^= v; ++ hash.l[i] = v; + } + -+ /* - * We mix the hash back into the pool to prevent backtracking - * attacks (where the attacker knows the state of the pool - * plus the current outputs, and attempts to find previous ++ /* Generate a hash across the pool, 16 words (512 bits) at a time */ + spin_lock_irqsave(&r->lock, flags); + for (i = 0; i < r->poolinfo->poolwords; i += 16) + sha_transform(hash.w, (__u8 *)(r->pool + i), workspace); @@ -966,27 +1070,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out) hash.w[1] ^= hash.w[4]; hash.w[2] ^= rol32(hash.w[2], 16); @@ -40838,9 +40856,27 @@ index c706a7b..2cc7511 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 8bba438..f065cc3 100644 +index 8bba438..a579e8c 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c +@@ -997,7 +997,7 @@ read_again: + /* Could not read all from this device, so we will + * need another r10_bio. + */ +- sectors_handled = (r10_bio->sectors + max_sectors ++ sectors_handled = (r10_bio->sector + max_sectors + - bio->bi_sector); + r10_bio->sectors = max_sectors; + spin_lock_irq(&conf->device_lock); +@@ -1005,7 +1005,7 @@ read_again: + bio->bi_phys_segments = 2; + else + bio->bi_phys_segments++; +- spin_unlock(&conf->device_lock); ++ spin_unlock_irq(&conf->device_lock); + /* Cannot call generic_make_request directly + * as that will be queued in __generic_make_request + * and subsequent mempool_alloc might block @@ -1465,7 +1465,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc @@ -40900,6 +40936,28 @@ index 8bba438..f065cc3 100644 } rdev_dec_pending(rdev, mddev); +@@ -2563,10 +2563,6 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, + if (j == conf->copies) { + /* Cannot recover, so abort the recovery or + * record a bad block */ +- put_buf(r10_bio); +- if (rb2) +- atomic_dec(&rb2->remaining); +- r10_bio = rb2; + if (any_working) { + /* problem is that there are bad blocks + * on other device(s) +@@ -2590,6 +2586,10 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, + conf->mirrors[i].recovery_disabled + = mddev->recovery_disabled; + } ++ put_buf(r10_bio); ++ if (rb2) ++ atomic_dec(&rb2->remaining); ++ r10_bio = rb2; + break; + } + } diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c index 26ef63a..bd587cd 100644 --- a/drivers/md/raid5.c @@ -42829,6 +42887,18 @@ index a4a3516..3b3a7e0 100644 s->hdlctx.calibrate = bi.data.calibrate * s->par.bitrate / 16; return 0; +diff --git a/drivers/net/hamradio/yam.c b/drivers/net/hamradio/yam.c +index 96a98d2..e4260ab 100644 +--- a/drivers/net/hamradio/yam.c ++++ b/drivers/net/hamradio/yam.c +@@ -1060,6 +1060,7 @@ static int yam_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) + break; + + case SIOCYAMGCFG: ++ memset(&yi, 0, sizeof(yi)); + yi.cfg.mask = 0xffffffff; + yi.cfg.iobase = yp->iobase; + yi.cfg.irq = yp->irq; diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c index d0893e4..14b0d44 100644 --- a/drivers/net/loopback.c @@ -51597,7 +51667,7 @@ index a6395bd..f1e376a 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 8dd615c..cb7cd01 100644 +index 8dd615c..52ad259 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -51770,7 +51840,7 @@ index 8dd615c..cb7cd01 100644 } error = load_addr; -@@ -528,6 +559,315 @@ out: +@@ -528,6 +559,336 @@ out: return error; } @@ -51911,12 +51981,48 @@ index 8dd615c..cb7cd01 100644 +#endif + +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) -+static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex) ++static unsigned long pax_parse_defaults(void) +{ + unsigned long pax_flags = 0UL; + ++#ifdef CONFIG_PAX_SOFTMODE ++ if (pax_softmode) ++ return pax_flags; ++#endif ++ ++#ifdef CONFIG_PAX_PAGEEXEC ++ pax_flags |= MF_PAX_PAGEEXEC; ++#endif ++ ++#ifdef CONFIG_PAX_SEGMEXEC ++ pax_flags |= MF_PAX_SEGMEXEC; ++#endif ++ ++#ifdef CONFIG_PAX_MPROTECT ++ pax_flags |= MF_PAX_MPROTECT; ++#endif ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (randomize_va_space) ++ pax_flags |= MF_PAX_RANDMMAP; ++#endif ++ ++ return pax_flags; ++} ++ ++static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex) ++{ ++ unsigned long pax_flags = PAX_PARSE_FLAGS_FALLBACK; ++ +#ifdef CONFIG_PAX_EI_PAX + ++#ifdef CONFIG_PAX_SOFTMODE ++ if (pax_softmode) ++ return pax_flags; ++#endif ++ ++ pax_flags = 0UL; ++ +#ifdef CONFIG_PAX_PAGEEXEC + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC)) + pax_flags |= MF_PAX_PAGEEXEC; @@ -51942,28 +52048,10 @@ index 8dd615c..cb7cd01 100644 + pax_flags |= MF_PAX_RANDMMAP; +#endif + -+#else -+ -+#ifdef CONFIG_PAX_PAGEEXEC -+ pax_flags |= MF_PAX_PAGEEXEC; -+#endif -+ -+#ifdef CONFIG_PAX_SEGMEXEC -+ pax_flags |= MF_PAX_SEGMEXEC; -+#endif -+ -+#ifdef CONFIG_PAX_MPROTECT -+ pax_flags |= MF_PAX_MPROTECT; -+#endif -+ -+#ifdef CONFIG_PAX_RANDMMAP -+ if (randomize_va_space) -+ pax_flags |= MF_PAX_RANDMMAP; -+#endif -+ +#endif + + return pax_flags; ++ +} + +static unsigned long pax_parse_pt_pax(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata) @@ -51979,7 +52067,7 @@ index 8dd615c..cb7cd01 100644 + ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) || + ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) || + ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP))) -+ return ~0UL; ++ return PAX_PARSE_FLAGS_FALLBACK; + +#ifdef CONFIG_PAX_SOFTMODE + if (pax_softmode) @@ -51992,7 +52080,7 @@ index 8dd615c..cb7cd01 100644 + } +#endif + -+ return ~0UL; ++ return PAX_PARSE_FLAGS_FALLBACK; +} + +static unsigned long pax_parse_xattr_pax(struct file * const file) @@ -52004,23 +52092,23 @@ index 8dd615c..cb7cd01 100644 + unsigned long pax_flags_hardmode = 0UL, pax_flags_softmode = 0UL; + + xattr_size = pax_getxattr(file->f_path.dentry, xattr_value, sizeof xattr_value); -+ if (xattr_size <= 0 || xattr_size > sizeof xattr_value) -+ return ~0UL; ++ if (xattr_size < 0 || xattr_size > sizeof xattr_value) ++ return PAX_PARSE_FLAGS_FALLBACK; + + for (i = 0; i < xattr_size; i++) + switch (xattr_value[i]) { + default: -+ return ~0UL; ++ return PAX_PARSE_FLAGS_FALLBACK; + +#define parse_flag(option1, option2, flag) \ + case option1: \ + if (pax_flags_hardmode & MF_PAX_##flag) \ -+ return ~0UL; \ ++ return PAX_PARSE_FLAGS_FALLBACK;\ + pax_flags_hardmode |= MF_PAX_##flag; \ + break; \ + case option2: \ + if (pax_flags_softmode & MF_PAX_##flag) \ -+ return ~0UL; \ ++ return PAX_PARSE_FLAGS_FALLBACK;\ + pax_flags_softmode |= MF_PAX_##flag; \ + break; + @@ -52034,7 +52122,7 @@ index 8dd615c..cb7cd01 100644 + } + + if (pax_flags_hardmode & pax_flags_softmode) -+ return ~0UL; ++ return PAX_PARSE_FLAGS_FALLBACK; + +#ifdef CONFIG_PAX_SOFTMODE + if (pax_softmode) @@ -52044,27 +52132,30 @@ index 8dd615c..cb7cd01 100644 + + return pax_parse_xattr_pax_hardmode(pax_flags_hardmode); +#else -+ return ~0UL; ++ return PAX_PARSE_FLAGS_FALLBACK; +#endif + +} + +static long pax_parse_pax_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata, struct file * const file) +{ -+ unsigned long pax_flags, pt_pax_flags, xattr_pax_flags; ++ unsigned long pax_flags, ei_pax_flags, pt_pax_flags, xattr_pax_flags; + -+ pax_flags = pax_parse_ei_pax(elf_ex); ++ pax_flags = pax_parse_defaults(); ++ ei_pax_flags = pax_parse_ei_pax(elf_ex); + pt_pax_flags = pax_parse_pt_pax(elf_ex, elf_phdata); + xattr_pax_flags = pax_parse_xattr_pax(file); + -+ if (pt_pax_flags == ~0UL) -+ pt_pax_flags = xattr_pax_flags; -+ else if (xattr_pax_flags == ~0UL) -+ xattr_pax_flags = pt_pax_flags; -+ if (pt_pax_flags != xattr_pax_flags) ++ if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK && ++ xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK && ++ pt_pax_flags != xattr_pax_flags) + return -EINVAL; -+ if (pt_pax_flags != ~0UL) ++ if (xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK) ++ pax_flags = xattr_pax_flags; ++ else if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK) + pax_flags = pt_pax_flags; ++ else if (ei_pax_flags != PAX_PARSE_FLAGS_FALLBACK) ++ pax_flags = ei_pax_flags; + +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC) + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { @@ -52086,7 +52177,7 @@ index 8dd615c..cb7cd01 100644 /* * These are the functions used to load ELF style executables and shared * libraries. There is no binary dependent code anywhere else. -@@ -544,6 +884,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) +@@ -544,6 +905,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) { unsigned int random_variable = 0; @@ -52098,7 +52189,7 @@ index 8dd615c..cb7cd01 100644 if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable = get_random_int() & STACK_RND_MASK; -@@ -562,7 +907,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -562,7 +928,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -52107,7 +52198,7 @@ index 8dd615c..cb7cd01 100644 struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -572,11 +917,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -572,11 +938,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc __maybe_unused = 0; int executable_stack = EXSTACK_DEFAULT; @@ -52120,7 +52211,7 @@ index 8dd615c..cb7cd01 100644 loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -713,11 +1058,82 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -713,11 +1079,82 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) /* OK, This is the point of no return */ current->flags &= ~PF_FORKNOEXEC; @@ -52204,7 +52295,7 @@ index 8dd615c..cb7cd01 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -808,6 +1224,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -808,6 +1245,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -52225,7 +52316,7 @@ index 8dd615c..cb7cd01 100644 } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -840,9 +1270,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -840,9 +1291,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -52238,7 +52329,7 @@ index 8dd615c..cb7cd01 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -881,17 +1311,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -881,17 +1332,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -52289,7 +52380,7 @@ index 8dd615c..cb7cd01 100644 load_bias); if (!IS_ERR((void *)elf_entry)) { /* -@@ -1098,7 +1555,7 @@ out: +@@ -1098,7 +1576,7 @@ out: * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -52298,7 +52389,7 @@ index 8dd615c..cb7cd01 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1132,7 +1589,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1132,7 +1610,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -52307,7 +52398,7 @@ index 8dd615c..cb7cd01 100644 goto whole; /* -@@ -1354,9 +1811,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1354,9 +1832,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -52319,7 +52410,7 @@ index 8dd615c..cb7cd01 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1851,14 +2308,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -1851,14 +2329,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -52336,7 +52427,7 @@ index 8dd615c..cb7cd01 100644 return size; } -@@ -1952,7 +2409,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1952,7 +2430,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -52345,7 +52436,7 @@ index 8dd615c..cb7cd01 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -1966,10 +2423,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1966,10 +2444,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -52358,7 +52449,7 @@ index 8dd615c..cb7cd01 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -1983,7 +2442,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1983,7 +2463,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -52367,7 +52458,7 @@ index 8dd615c..cb7cd01 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -1994,6 +2453,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1994,6 +2474,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -52375,7 +52466,7 @@ index 8dd615c..cb7cd01 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2018,7 +2478,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2018,7 +2499,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -52384,7 +52475,7 @@ index 8dd615c..cb7cd01 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2027,6 +2487,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2027,6 +2508,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -52392,7 +52483,7 @@ index 8dd615c..cb7cd01 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2044,6 +2505,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2044,6 +2526,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -52400,7 +52491,7 @@ index 8dd615c..cb7cd01 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2064,6 +2526,167 @@ out: +@@ -2064,6 +2547,167 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -58300,6 +58391,34 @@ index 6a66fc0..cfdadae 100644 set_fs(oldfs); if (host_err < 0) +diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c +index 233d3ed..3ceaced 100644 +--- a/fs/nilfs2/segment.c ++++ b/fs/nilfs2/segment.c +@@ -1437,17 +1437,19 @@ static int nilfs_segctor_collect(struct nilfs_sc_info *sci, + + nilfs_clear_logs(&sci->sc_segbufs); + +- err = nilfs_segctor_extend_segments(sci, nilfs, nadd); +- if (unlikely(err)) +- return err; +- + if (sci->sc_stage.flags & NILFS_CF_SUFREED) { + err = nilfs_sufile_cancel_freev(nilfs->ns_sufile, + sci->sc_freesegs, + sci->sc_nfreesegs, + NULL); + WARN_ON(err); /* do not happen */ ++ sci->sc_stage.flags &= ~NILFS_CF_SUFREED; + } ++ ++ err = nilfs_segctor_extend_segments(sci, nilfs, nadd); ++ if (unlikely(err)) ++ return err; ++ + nadd = min_t(int, nadd << 1, SC_MAX_SEGDELTA); + sci->sc_stage = prev_stage; + } diff --git a/fs/nilfs2/super.c b/fs/nilfs2/super.c index 97bfbdd..e7f644a 100644 --- a/fs/nilfs2/super.c @@ -77627,7 +77746,7 @@ index 2148b12..519b820 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, diff --git a/include/linux/sched.h b/include/linux/sched.h -index 312d047..dbf4637 100644 +index 312d047..a4bff08 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -101,6 +101,7 @@ struct bio_list; @@ -77828,7 +77947,7 @@ index 312d047..dbf4637 100644 #ifdef CONFIG_FUNCTION_GRAPH_TRACER /* Index of current stored address in ret_stack */ int curr_ret_stack; -@@ -1582,6 +1652,52 @@ struct task_struct { +@@ -1582,6 +1652,53 @@ struct task_struct { #endif }; @@ -77844,6 +77963,7 @@ index 312d047..dbf4637 100644 +#endif + +extern int pax_check_flags(unsigned long *); ++#define PAX_PARSE_FLAGS_FALLBACK (~0UL) + +/* if tsk != current then task_lock must be held on it */ +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) @@ -77881,7 +78001,7 @@ index 312d047..dbf4637 100644 /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -2097,7 +2213,9 @@ void yield(void); +@@ -2097,7 +2214,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -77891,7 +78011,7 @@ index 312d047..dbf4637 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2130,6 +2248,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2130,6 +2249,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -77899,7 +78019,7 @@ index 312d047..dbf4637 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2251,6 +2370,12 @@ static inline void mmdrop(struct mm_struct * mm) +@@ -2251,6 +2371,12 @@ static inline void mmdrop(struct mm_struct * mm) extern void mmput(struct mm_struct *); /* Grab a reference to a task's mm, if it is not already going away */ extern struct mm_struct *get_task_mm(struct task_struct *task); @@ -77912,7 +78032,7 @@ index 312d047..dbf4637 100644 /* Remove the current tasks stale references to the old mm_struct */ extern void mm_release(struct task_struct *, struct mm_struct *); /* Allocate a new mm structure and copy contents from tsk->mm */ -@@ -2267,9 +2392,8 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2267,9 +2393,8 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -77923,7 +78043,7 @@ index 312d047..dbf4637 100644 extern int allow_signal(int); extern int disallow_signal(int); -@@ -2432,9 +2556,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2432,9 +2557,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -78680,23 +78800,19 @@ index 27b3b0b..e093dd9 100644 extern void register_syscore_ops(struct syscore_ops *ops); extern void unregister_syscore_ops(struct syscore_ops *ops); diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h -index 703cfa33..dff53c0 100644 +index 703cfa33..04ef3d7 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h -@@ -155,7 +155,11 @@ enum +@@ -155,8 +155,6 @@ enum KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */ }; - -+#ifdef CONFIG_PAX_SOFTMODE -+enum { -+ PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */ -+}; -+#endif - +- /* CTL_VM names: */ enum -@@ -961,13 +965,13 @@ extern void sysctl_head_finish(struct ctl_table_header *prev); + { +@@ -961,13 +959,13 @@ extern void sysctl_head_finish(struct ctl_table_header *prev); extern int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, int op); @@ -78712,7 +78828,7 @@ index 703cfa33..dff53c0 100644 extern int proc_dointvec(struct ctl_table *, int, void __user *, size_t *, loff_t *); extern int proc_dointvec_minmax(struct ctl_table *, int, -@@ -1045,7 +1049,9 @@ struct ctl_table +@@ -1045,7 +1043,9 @@ struct ctl_table struct ctl_table_poll *poll; void *extra1; void *extra2; @@ -96334,10 +96450,25 @@ index 99ec116..c5628fe 100644 return res; } diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c -index b5e64e4..4a9a5c4 100644 +index b5e64e4..69801fa 100644 --- a/net/ipv4/ipmr.c +++ b/net/ipv4/ipmr.c -@@ -1320,6 +1320,10 @@ int ip_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsi +@@ -155,9 +155,12 @@ static struct mr_table *ipmr_get_table(struct net *net, u32 id) + static int ipmr_fib_lookup(struct net *net, struct flowi4 *flp4, + struct mr_table **mrt) + { ++ int err; + struct ipmr_result res; +- struct fib_lookup_arg arg = { .result = &res, }; +- int err; ++ struct fib_lookup_arg arg = { ++ .result = &res, ++ .flags = FIB_LOOKUP_NOREF, ++ }; + + err = fib_rules_lookup(net->ipv4.mr_rules_ops, + flowi4_to_flowi(flp4), 0, &arg); +@@ -1320,6 +1323,10 @@ int ip_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsi if (get_user(v, (u32 __user *)optval)) return -EFAULT; @@ -97327,6 +97458,25 @@ index d3fde7e..f526e49 100644 } int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) +diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c +index f5af259..f96c96f 100644 +--- a/net/ipv6/ip6mr.c ++++ b/net/ipv6/ip6mr.c +@@ -139,9 +139,12 @@ static struct mr6_table *ip6mr_get_table(struct net *net, u32 id) + static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6, + struct mr6_table **mrt) + { ++ int err; + struct ip6mr_result res; +- struct fib_lookup_arg arg = { .result = &res, }; +- int err; ++ struct fib_lookup_arg arg = { ++ .result = &res, ++ .flags = FIB_LOOKUP_NOREF, ++ }; + + err = fib_rules_lookup(net->ipv6.mr6_rules_ops, + flowi6_to_flowi(flp6), 0, &arg); diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index b204df8..8f274f4 100644 --- a/net/ipv6/ipv6_sockglue.c @@ -99821,7 +99971,7 @@ index 8da4481..d02565e 100644 + (rtt >> sctp_rto_alpha); } else { diff --git a/net/socket.c b/net/socket.c -index d4faade..2492841 100644 +index d4faade..ab65211 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -99996,15 +100146,6 @@ index d4faade..2492841 100644 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, unsigned, flags, struct sockaddr __user *, addr, int, addr_len) -@@ -1737,7 +1803,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, - struct socket *sock; - struct iovec iov; - struct msghdr msg; -- struct sockaddr_storage address; -+ struct sockaddr_storage address = { }; - int err, err2; - int fput_needed; - @@ -1966,7 +2032,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ @@ -100014,15 +100155,6 @@ index d4faade..2492841 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2117,7 +2183,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, - int err, iov_size, total_len, len; - - /* kernel mode address */ -- struct sockaddr_storage addr; -+ struct sockaddr_storage addr = { }; - - /* user mode address pointers */ - struct sockaddr __user *uaddr; @@ -2148,7 +2214,8 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, /* Save the user-mode address (verify_iovec will change the * kernel msghdr to use the kernel address space) @@ -104196,7 +104328,7 @@ index dca1c22..4fa4591 100644 lock = &avc_cache.slots_lock[hvalue]; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 5898f34..f44199b 100644 +index 5898f34..04f8b47 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -95,8 +95,6 @@ @@ -104208,7 +104340,41 @@ index 5898f34..f44199b 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); -@@ -2001,6 +1999,13 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) +@@ -217,6 +215,14 @@ static int inode_alloc_security(struct inode *inode) + return 0; + } + ++static void inode_free_rcu(struct rcu_head *head) ++{ ++ struct inode_security_struct *isec; ++ ++ isec = container_of(head, struct inode_security_struct, rcu); ++ kmem_cache_free(sel_inode_cache, isec); ++} ++ + static void inode_free_security(struct inode *inode) + { + struct inode_security_struct *isec = inode->i_security; +@@ -227,8 +233,16 @@ static void inode_free_security(struct inode *inode) + list_del_init(&isec->list); + spin_unlock(&sbsec->isec_lock); + +- inode->i_security = NULL; +- kmem_cache_free(sel_inode_cache, isec); ++ /* ++ * The inode may still be referenced in a path walk and ++ * a call to selinux_inode_permission() can be made ++ * after inode_free_security() is called. Ideally, the VFS ++ * wouldn't do this, but fixing that is a much harder ++ * job. For now, simply free the i_security via RCU, and ++ * leave the current inode->i_security pointer intact. ++ * The inode will be freed after the RCU grace period too. ++ */ ++ call_rcu(&isec->rcu, inode_free_rcu); + } + + static int file_alloc_security(struct file *file) +@@ -2001,6 +2015,13 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) new_tsec->sid = old_tsec->exec_sid; /* Reset exec SID on execve. */ new_tsec->exec_sid = 0; @@ -104222,7 +104388,7 @@ index 5898f34..f44199b 100644 } else { /* Check for a default transition on this program. */ rc = security_transition_sid(old_tsec->sid, isec->sid, -@@ -2013,7 +2018,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) +@@ -2013,7 +2034,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) COMMON_AUDIT_DATA_INIT(&ad, PATH); ad.u.path = bprm->file->f_path; @@ -104232,7 +104398,7 @@ index 5898f34..f44199b 100644 new_tsec->sid = old_tsec->sid; if (new_tsec->sid == old_tsec->sid) { -@@ -4181,8 +4187,10 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -4181,8 +4203,10 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) } err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER, PEER__RECV, &ad); @@ -104244,7 +104410,7 @@ index 5898f34..f44199b 100644 } if (secmark_active) { -@@ -5372,11 +5380,11 @@ static int selinux_setprocattr(struct task_struct *p, +@@ -5372,11 +5396,11 @@ static int selinux_setprocattr(struct task_struct *p, /* Check for ptracing, and update the task SID if ok. Otherwise, leave SID unchanged and fail. */ ptsid = 0; @@ -104258,7 +104424,7 @@ index 5898f34..f44199b 100644 if (tracer) { error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, -@@ -5508,7 +5516,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) +@@ -5508,7 +5532,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -104267,7 +104433,7 @@ index 5898f34..f44199b 100644 .name = "selinux", .ptrace_access_check = selinux_ptrace_access_check, -@@ -5854,6 +5862,9 @@ static void selinux_nf_ip_exit(void) +@@ -5854,6 +5878,9 @@ static void selinux_nf_ip_exit(void) #ifdef CONFIG_SECURITY_SELINUX_DISABLE static int selinux_disabled; @@ -104277,7 +104443,7 @@ index 5898f34..f44199b 100644 int selinux_disable(void) { if (ss_initialized) { -@@ -5871,7 +5882,9 @@ int selinux_disable(void) +@@ -5871,7 +5898,9 @@ int selinux_disable(void) selinux_disabled = 1; selinux_enabled = 0; @@ -104288,6 +104454,22 @@ index 5898f34..f44199b 100644 /* Try to destroy the avc node cache */ avc_disable(); +diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h +index 26c7eee..7b1830b 100644 +--- a/security/selinux/include/objsec.h ++++ b/security/selinux/include/objsec.h +@@ -38,7 +38,10 @@ struct task_security_struct { + + struct inode_security_struct { + struct inode *inode; /* back pointer to inode object */ +- struct list_head list; /* list of inode_security_struct */ ++ union { ++ struct list_head list; /* list of inode_security_struct */ ++ struct rcu_head rcu; /* for freeing the inode_security_struct */ ++ }; + u32 task_sid; /* SID of creating task */ + u32 sid; /* SID of this object */ + u16 sclass; /* security class of this object */ diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h index b43813c..74be837 100644 --- a/security/selinux/include/xfrm.h @@ -105288,10 +105470,10 @@ index 0000000..414fe5e +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..3e46b2f +index 0000000..59bf839 --- /dev/null +++ b/tools/gcc/constify_plugin.c -@@ -0,0 +1,559 @@ +@@ -0,0 +1,557 @@ +/* + * Copyright 2011 by Emese Revfy <re.emese@gmail.com> + * Copyright 2011-2013 by PaX Team <pageexec@freemail.hu> @@ -105338,7 +105520,7 @@ index 0000000..3e46b2f +int plugin_is_GPL_compatible; + +static struct plugin_info const_plugin_info = { -+ .version = "201401121315", ++ .version = "201401140130", + .help = "no-constify\tturn off constification\n", +}; + @@ -105464,8 +105646,10 @@ index 0000000..3e46b2f + } + TYPE_READONLY(type) = 0; + C_TYPE_FIELDS_READONLY(type) = 0; -+ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) ++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) { ++ TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); + TYPE_ATTRIBUTES(type) = remove_attribute("do_const", TYPE_ATTRIBUTES(type)); ++ } +} + +static void deconstify_tree(tree node) @@ -105558,6 +105742,7 @@ index 0000000..3e46b2f + TYPE_READONLY(type) = 1; + C_TYPE_FIELDS_READONLY(type) = 1; + TYPE_CONSTIFY_VISITED(type) = 1; ++// TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); +// TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("do_const"), NULL_TREE, TYPE_ATTRIBUTES(type)); +} + @@ -105669,7 +105854,7 @@ index 0000000..3e46b2f + TYPE_CONSTIFY_VISITED(type) = 1; +} + -+static void check_global_variables(void) ++static void check_global_variables(void *event_data, void *data) +{ + struct varpool_node *node; + @@ -105742,21 +105927,15 @@ index 0000000..3e46b2f + return ret; +} + -+static unsigned int check_variables(void) -+{ -+ check_global_variables(); -+ return check_local_variables(); -+} -+ +static struct gimple_opt_pass pass_local_variable = { + { + .type = GIMPLE_PASS, -+ .name = "check_variables", ++ .name = "check_local_variables", +#if BUILDING_GCC_VERSION >= 4008 + .optinfo_flags = OPTGROUP_NONE, +#endif + .gate = NULL, -+ .execute = check_variables, ++ .execute = check_local_variables, + .sub = NULL, + .next = NULL, + .static_pass_number = 0, @@ -105843,6 +106022,7 @@ index 0000000..3e46b2f + + register_callback(plugin_name, PLUGIN_INFO, NULL, &const_plugin_info); + if (constify) { ++ register_callback(plugin_name, PLUGIN_ALL_IPA_PASSES_START, check_global_variables, NULL); + register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &local_variable_pass_info); + register_callback(plugin_name, PLUGIN_START_UNIT, constify_start_unit, NULL); @@ -106950,10 +107130,10 @@ index 0000000..679b9ef +} diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data new file mode 100644 -index 0000000..2d131cc +index 0000000..7b67f2b --- /dev/null +++ b/tools/gcc/size_overflow_hash.data -@@ -0,0 +1,5998 @@ +@@ -0,0 +1,6001 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL @@ -107612,6 +107792,7 @@ index 0000000..2d131cc +ext3_try_to_allocate_7590 ext3_try_to_allocate 3-5-0 7590 NULL +create_dir_7614 create_dir 0 7614 NULL nohasharray +groups_alloc_7614 groups_alloc 1 7614 &create_dir_7614 ++cpumask_first_7648 cpumask_first 0 7648 NULL +set_connectable_7649 set_connectable 4 7649 NULL +skb_copy_expand_7685 skb_copy_expand 3-2 7685 NULL nohasharray +acpi_ex_allocate_name_string_7685 acpi_ex_allocate_name_string 1-2 7685 &skb_copy_expand_7685 @@ -109798,6 +109979,7 @@ index 0000000..2d131cc +lbs_failcount_read_31063 lbs_failcount_read 3 31063 NULL +find_next_bit_le_31064 find_next_bit_le 0-2-3 31064 NULL +sys_mincore_31079 sys_mincore 2-1 31079 NULL ++scb_status_31084 scb_status 0 31084 NULL +sctp_setsockopt_context_31091 sctp_setsockopt_context 3 31091 NULL +find_mergeable_31093 find_mergeable 2 31093 NULL +compat_sys_get_mempolicy_31109 compat_sys_get_mempolicy 3 31109 NULL @@ -111385,6 +111567,7 @@ index 0000000..2d131cc +hash_setkey_48310 hash_setkey 3 48310 NULL +bcm_download_config_file_48313 bcm_download_config_file 0 48313 NULL +skb_add_data_48363 skb_add_data 3 48363 NULL ++eexp_start_irq_48364 eexp_start_irq 2 48364 NULL +iscsi_complete_pdu_48372 iscsi_complete_pdu 4 48372 NULL +lbs_debugfs_write_48413 lbs_debugfs_write 3 48413 NULL +snd_power_wait_48422 snd_power_wait 0 48422 NULL @@ -112954,10 +113137,10 @@ index 0000000..2d131cc +selnl_msglen_65499 selnl_msglen 0 65499 NULL diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..62a1ae8 +index 0000000..50f8464 --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,4050 @@ +@@ -0,0 +1,4072 @@ +/* + * Copyright 2011, 2012, 2013, 2014 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -113018,9 +113201,9 @@ index 0000000..62a1ae8 +#define MIN_CHECK true +#define MAX_CHECK false + -+#define TURN_OFF_ASM_STR "# size_overflow MARK_TURN_OFF\n\t" -+#define YES_ASM_STR "# size_overflow MARK_YES\n\t" -+#define OK_ASM_STR "# size_overflow\n\t" ++#define TURN_OFF_ASM_STR "# size_overflow MARK_TURN_OFF " ++#define YES_ASM_STR "# size_overflow MARK_YES " ++#define OK_ASM_STR "# size_overflow " + +#if BUILDING_GCC_VERSION == 4005 +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) @@ -113087,7 +113270,7 @@ index 0000000..62a1ae8 +static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, const_tree node, tree rhs1, tree rhs2, tree __unused rhs3); + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20140102beta", ++ .version = "20140111beta", + .help = "no-size-overflow\tturn off size overflow checking\n", +}; + @@ -115177,7 +115360,7 @@ index 0000000..62a1ae8 + str = get_asm_string(stmt); + if (!str) + return false; -+ return !strcmp(str, TURN_OFF_ASM_STR); ++ return !strncmp(str, TURN_OFF_ASM_STR, sizeof(TURN_OFF_ASM_STR) - 1); +} + +static bool is_size_overflow_intentional_asm_yes(const_gimple stmt) @@ -115187,7 +115370,7 @@ index 0000000..62a1ae8 + str = get_asm_string(stmt); + if (!str) + return false; -+ return !strcmp(str, YES_ASM_STR); ++ return !strncmp(str, YES_ASM_STR, sizeof(YES_ASM_STR) - 1); +} + +static bool is_size_overflow_asm(const_gimple stmt) @@ -115197,7 +115380,7 @@ index 0000000..62a1ae8 + str = get_asm_string(stmt); + if (!str) + return false; -+ return !strncmp(str, "# size_overflow", 15); ++ return !strncmp(str, OK_ASM_STR, sizeof(OK_ASM_STR) - 1); +} + +static void print_missing_intentional(enum mark callee_attr, enum mark caller_attr, const_tree decl, unsigned int argnum) @@ -116295,9 +116478,8 @@ index 0000000..62a1ae8 + + switch (cur_fndecl_attr) { + case MARK_NO: -+ return MARK_NO; + case MARK_TURN_OFF: -+ return MARK_TURN_OFF; ++ return cur_fndecl_attr; + default: + print_missing_intentional(decl_attr, cur_fndecl_attr, fndecl, argnum); + return MARK_YES; @@ -116437,6 +116619,23 @@ index 0000000..62a1ae8 + update_stmt(stmt); +} + ++static char *create_asm_comment(unsigned int argnum, const_gimple stmt , const char *mark_str) ++{ ++ const char *fn_name; ++ char *asm_comment; ++ unsigned int len; ++ ++ if (argnum == 0) ++ fn_name = NAME(current_function_decl); ++ else ++ fn_name = NAME(gimple_call_fndecl(stmt)); ++ ++ len = asprintf(&asm_comment, "%s %s %u", mark_str, fn_name, argnum); ++ gcc_assert(len > 0); ++ ++ return asm_comment; ++} ++ +static const char *convert_mark_to_str(enum mark mark) +{ + switch (mark) { @@ -116465,8 +116664,6 @@ index 0000000..62a1ae8 + return; + } + -+ gcc_assert(!is_size_overflow_intentional_asm_turn_off(asm_data->def_stmt)); -+ + asm_data->input = create_new_var(TREE_TYPE(asm_data->output)); + asm_data->input = make_ssa_name(asm_data->input, asm_data->def_stmt); + @@ -116480,16 +116677,20 @@ index 0000000..62a1ae8 + break; + case GIMPLE_NOP: { + enum mark mark; -+ const char *str; ++ const char *mark_str; ++ char *asm_comment; + + mark = check_intentional_attribute_gimple(asm_data->output, stmt, argnum); -+ str = convert_mark_to_str(mark); + + asm_data->input = asm_data->output; + asm_data->output = NULL; + asm_data->def_stmt = stmt; + -+ create_asm_stmt(str, build_string(2, "rm"), NULL, asm_data); ++ mark_str = convert_mark_to_str(mark); ++ asm_comment = create_asm_comment(argnum, stmt, mark_str); ++ ++ create_asm_stmt(asm_comment, build_string(2, "rm"), NULL, asm_data); ++ free(asm_comment); + asm_data->input = NULL_TREE; + break; + } @@ -116512,7 +116713,8 @@ index 0000000..62a1ae8 +static void create_size_overflow_asm(gimple stmt, tree output_node, unsigned int argnum) +{ + struct asm_data asm_data; -+ const char *str; ++ const char *mark_str; ++ char *asm_comment; + enum mark mark; + + if (is_gimple_constant(output_node)) @@ -116520,18 +116722,21 @@ index 0000000..62a1ae8 + + asm_data.output = output_node; + mark = check_intentional_attribute_gimple(asm_data.output, stmt, argnum); -+ if (mark == MARK_TURN_OFF) -+ return; -+ -+ search_missing_size_overflow_attribute_gimple(stmt, argnum); ++ if (mark != MARK_TURN_OFF) ++ search_missing_size_overflow_attribute_gimple(stmt, argnum); + + asm_data.def_stmt = get_def_stmt(asm_data.output); ++ if (is_size_overflow_intentional_asm_turn_off(asm_data.def_stmt)) ++ return; ++ + create_asm_input(stmt, argnum, &asm_data); + if (asm_data.input == NULL_TREE) + return; + -+ str = convert_mark_to_str(mark); -+ create_asm_stmt(str, build_string(1, "0"), build_string(3, "=rm"), &asm_data); ++ mark_str = convert_mark_to_str(mark); ++ asm_comment = create_asm_comment(argnum, stmt, mark_str); ++ create_asm_stmt(asm_comment, build_string(1, "0"), build_string(3, "=rm"), &asm_data); ++ free(asm_comment); +} + +// Insert an asm stmt with "MARK_TURN_OFF", "MARK_YES" or "MARK_NOT_INTENTIONAL". |