summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2012-08-18 09:03:46 -0400
committerAnthony G. Basile <blueness@gentoo.org>2012-08-18 09:03:46 -0400
commit4f1c87dabdf07e6f285b3c3f99d46007b78e942a (patch)
tree69a9e85da54801e7f17e0db9295bc60f7e5b951f
parentGrsec/PaX: 2.9.1-{2.6.32.59,3.2.27,3.5.1}-201208132030 (diff)
downloadhardened-patchset-4f1c87dabdf07e6f285b3c3f99d46007b78e942a.tar.gz
hardened-patchset-4f1c87dabdf07e6f285b3c3f99d46007b78e942a.tar.bz2
hardened-patchset-4f1c87dabdf07e6f285b3c3f99d46007b78e942a.zip
Grsec/PaX: 2.9.1-{2.6.32.59,3.2.27,3.5.2}-20120815195120120815
-rw-r--r--2.6.32/0000_README2
-rw-r--r--2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208151950.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208132029.patch)47
-rw-r--r--3.2.27/0000_README2
-rw-r--r--3.2.27/4420_grsecurity-2.9.1-3.2.27-201208151951.patch (renamed from 3.2.27/4420_grsecurity-2.9.1-3.2.27-201208132029.patch)47
-rw-r--r--3.5.2/0000_README (renamed from 3.5.1/0000_README)2
-rw-r--r--3.5.2/4420_grsecurity-2.9.1-3.5.2-201208151951.patch (renamed from 3.5.1/4420_grsecurity-2.9.1-3.5.1-201208132030.patch)216
-rw-r--r--3.5.2/4430_grsec-remove-localversion-grsec.patch (renamed from 3.5.1/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--3.5.2/4435_grsec-mute-warnings.patch (renamed from 3.5.1/4435_grsec-mute-warnings.patch)0
-rw-r--r--3.5.2/4440_grsec-remove-protected-paths.patch (renamed from 3.5.1/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--3.5.2/4450_grsec-kconfig-default-gids.patch (renamed from 3.5.1/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--3.5.2/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.5.1/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--3.5.2/4470_disable-compat_vdso.patch (renamed from 3.5.1/4470_disable-compat_vdso.patch)0
12 files changed, 180 insertions, 136 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index df11424..1250ead 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch
From: http://www.kernel.org
Desc: Linux 2.6.32.59
-Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208132029.patch
+Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208151950.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208132029.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208151950.patch
index 1d2b332..ad50ae4 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208132029.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208151950.patch
@@ -69106,7 +69106,7 @@ index f539204..068db1f 100644
fput(tfile);
diff --git a/fs/exec.c b/fs/exec.c
-index 86fafc6..a9275f4 100644
+index 86fafc6..25f0d1a 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,12 +56,33 @@
@@ -69838,9 +69838,9 @@ index 86fafc6..a9275f4 100644
+#endif
+
+#ifdef CONFIG_PAX_SIZE_OVERFLOW
-+void report_size_overflow(const char *file, unsigned int line, const char *func)
++void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
+{
-+ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u\n", func, file, line);
++ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
+ dump_stack();
+ do_group_exit(SIGKILL);
+}
@@ -113560,10 +113560,10 @@ index 0000000..42bbc4f
+_002415_hash acl_alloc_num 1-2 60778 _002415_hash NULL
diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
new file mode 100644
-index 0000000..5af42b5
+index 0000000..41e11e1
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin.c
-@@ -0,0 +1,1558 @@
+@@ -0,0 +1,1579 @@
+/*
+ * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com>
+ * Licensed under the GPL v2, or (at your option) v3
@@ -113632,7 +113632,7 @@ index 0000000..5af42b5
+static tree get_size_overflow_type(gimple stmt, tree node);
+
+static struct plugin_info size_overflow_plugin_info = {
-+ .version = "20120811beta",
++ .version = "20120815beta",
+ .help = "no-size-overflow\tturn off size overflow checking\n",
+};
+
@@ -114309,6 +114309,27 @@ index 0000000..5af42b5
+ return true;
+}
+
++static bool is_a_cast_and_const_overflow(tree no_const_rhs)
++{
++ tree rhs1, lhs, rhs1_type, lhs_type;
++ enum machine_mode lhs_mode, rhs_mode;
++ gimple def_stmt = get_def_stmt(no_const_rhs);
++
++ if (!gimple_assign_cast_p(def_stmt))
++ return false;
++
++ rhs1 = gimple_assign_rhs1(def_stmt);
++ lhs = gimple_get_lhs(def_stmt);
++ rhs1_type = TREE_TYPE(rhs1);
++ lhs_type = TREE_TYPE(lhs);
++ rhs_mode = TYPE_MODE(rhs1_type);
++ lhs_mode = TYPE_MODE(lhs_type);
++ if (TYPE_UNSIGNED(lhs_type) == TYPE_UNSIGNED(rhs1_type) || lhs_mode != rhs_mode)
++ return false;
++
++ return true;
++}
++
+static tree handle_unary_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt)
+{
+ tree size_overflow_type, lhs = gimple_get_lhs(stmt);
@@ -114350,8 +114371,10 @@ index 0000000..5af42b5
+ change_rhs1(stmt, new_rhs1);
+ check_size_overflow(stmt, size_overflow_type, new_rhs1, rhs1, potentionally_overflowed, BEFORE_STMT);
+
++ rhs1 = gimple_assign_rhs1(stmt);
++ rhs1_type = TREE_TYPE(rhs1);
+ if (TYPE_UNSIGNED(rhs1_type) != TYPE_UNSIGNED(lhs_type))
-+ return create_assign(visited, potentionally_overflowed, stmt, lhs, AFTER_STMT);
++ return create_assign(visited, potentionally_overflowed, stmt, rhs1, AFTER_STMT);
+
+ if (!check_mode_type(stmt))
+ return create_assign(visited, potentionally_overflowed, stmt, lhs, AFTER_STMT);
@@ -114448,11 +114471,8 @@ index 0000000..5af42b5
+ current_func = build_string(NAME_LEN(current_function_decl) + 1, NAME(current_function_decl));
+ current_func = create_string_param(current_func);
+
-+ if (min)
-+ snprintf(ssa_name_buf, 100, "%s_%u (min)\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg));
-+ else
-+ snprintf(ssa_name_buf, 100, "%s_%u (max)\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg));
-+ ssa_name = build_string(100, ssa_name_buf);
++ snprintf(ssa_name_buf, sizeof(ssa_name_buf), "%s_%u (%s)\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg), min ? "min" : "max");
++ ssa_name = build_string(sizeof(ssa_name_buf), ssa_name_buf);
+ ssa_name = create_string_param(ssa_name);
+
+ // void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
@@ -114589,7 +114609,8 @@ index 0000000..5af42b5
+ if (gimple_assign_rhs_code(def_stmt) == MIN_EXPR)
+ return dup_assign(visited, potentionally_overflowed, def_stmt, size_overflow_type, new_rhs1, new_rhs2, NULL_TREE);
+
-+ check_size_overflow(def_stmt, size_overflow_type, var_rhs, orig_rhs, potentionally_overflowed, BEFORE_STMT);
++ if (!is_a_cast_and_const_overflow(orig_rhs))
++ check_size_overflow(def_stmt, size_overflow_type, var_rhs, orig_rhs, potentionally_overflowed, BEFORE_STMT);
+
+ new_rhs = change_assign_rhs(def_stmt, orig_rhs, var_rhs);
+ gimple_assign_set_rhs(def_stmt, new_rhs);
diff --git a/3.2.27/0000_README b/3.2.27/0000_README
index a31279f..bf13cdb 100644
--- a/3.2.27/0000_README
+++ b/3.2.27/0000_README
@@ -26,7 +26,7 @@ Patch: 1026_linux-3.2.27.patch
From: http://www.kernel.org
Desc: Linux 3.2.27
-Patch: 4420_grsecurity-2.9.1-3.2.27-201208132029.patch
+Patch: 4420_grsecurity-2.9.1-3.2.27-201208151951.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.27/4420_grsecurity-2.9.1-3.2.27-201208132029.patch b/3.2.27/4420_grsecurity-2.9.1-3.2.27-201208151951.patch
index 7fcc3aa..77e6914 100644
--- a/3.2.27/4420_grsecurity-2.9.1-3.2.27-201208132029.patch
+++ b/3.2.27/4420_grsecurity-2.9.1-3.2.27-201208151951.patch
@@ -44551,7 +44551,7 @@ index 608c1c3..7d040a8 100644
return rc;
}
diff --git a/fs/exec.c b/fs/exec.c
-index 160cd2f..78b8d86 100644
+index 160cd2f..7f5ba47 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,12 +55,33 @@
@@ -45310,9 +45310,9 @@ index 160cd2f..78b8d86 100644
+#endif
+
+#ifdef CONFIG_PAX_SIZE_OVERFLOW
-+void report_size_overflow(const char *file, unsigned int line, const char *func)
++void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
+{
-+ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u\n", func, file, line);
++ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
+ dump_stack();
+ do_group_exit(SIGKILL);
+}
@@ -87207,10 +87207,10 @@ index 0000000..a898f84
+_003150_hash acl_alloc_num 1-2 60778 _003150_hash NULL
diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
new file mode 100644
-index 0000000..5af42b5
+index 0000000..41e11e1
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin.c
-@@ -0,0 +1,1558 @@
+@@ -0,0 +1,1579 @@
+/*
+ * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com>
+ * Licensed under the GPL v2, or (at your option) v3
@@ -87279,7 +87279,7 @@ index 0000000..5af42b5
+static tree get_size_overflow_type(gimple stmt, tree node);
+
+static struct plugin_info size_overflow_plugin_info = {
-+ .version = "20120811beta",
++ .version = "20120815beta",
+ .help = "no-size-overflow\tturn off size overflow checking\n",
+};
+
@@ -87956,6 +87956,27 @@ index 0000000..5af42b5
+ return true;
+}
+
++static bool is_a_cast_and_const_overflow(tree no_const_rhs)
++{
++ tree rhs1, lhs, rhs1_type, lhs_type;
++ enum machine_mode lhs_mode, rhs_mode;
++ gimple def_stmt = get_def_stmt(no_const_rhs);
++
++ if (!gimple_assign_cast_p(def_stmt))
++ return false;
++
++ rhs1 = gimple_assign_rhs1(def_stmt);
++ lhs = gimple_get_lhs(def_stmt);
++ rhs1_type = TREE_TYPE(rhs1);
++ lhs_type = TREE_TYPE(lhs);
++ rhs_mode = TYPE_MODE(rhs1_type);
++ lhs_mode = TYPE_MODE(lhs_type);
++ if (TYPE_UNSIGNED(lhs_type) == TYPE_UNSIGNED(rhs1_type) || lhs_mode != rhs_mode)
++ return false;
++
++ return true;
++}
++
+static tree handle_unary_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt)
+{
+ tree size_overflow_type, lhs = gimple_get_lhs(stmt);
@@ -87997,8 +88018,10 @@ index 0000000..5af42b5
+ change_rhs1(stmt, new_rhs1);
+ check_size_overflow(stmt, size_overflow_type, new_rhs1, rhs1, potentionally_overflowed, BEFORE_STMT);
+
++ rhs1 = gimple_assign_rhs1(stmt);
++ rhs1_type = TREE_TYPE(rhs1);
+ if (TYPE_UNSIGNED(rhs1_type) != TYPE_UNSIGNED(lhs_type))
-+ return create_assign(visited, potentionally_overflowed, stmt, lhs, AFTER_STMT);
++ return create_assign(visited, potentionally_overflowed, stmt, rhs1, AFTER_STMT);
+
+ if (!check_mode_type(stmt))
+ return create_assign(visited, potentionally_overflowed, stmt, lhs, AFTER_STMT);
@@ -88095,11 +88118,8 @@ index 0000000..5af42b5
+ current_func = build_string(NAME_LEN(current_function_decl) + 1, NAME(current_function_decl));
+ current_func = create_string_param(current_func);
+
-+ if (min)
-+ snprintf(ssa_name_buf, 100, "%s_%u (min)\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg));
-+ else
-+ snprintf(ssa_name_buf, 100, "%s_%u (max)\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg));
-+ ssa_name = build_string(100, ssa_name_buf);
++ snprintf(ssa_name_buf, sizeof(ssa_name_buf), "%s_%u (%s)\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg), min ? "min" : "max");
++ ssa_name = build_string(sizeof(ssa_name_buf), ssa_name_buf);
+ ssa_name = create_string_param(ssa_name);
+
+ // void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
@@ -88236,7 +88256,8 @@ index 0000000..5af42b5
+ if (gimple_assign_rhs_code(def_stmt) == MIN_EXPR)
+ return dup_assign(visited, potentionally_overflowed, def_stmt, size_overflow_type, new_rhs1, new_rhs2, NULL_TREE);
+
-+ check_size_overflow(def_stmt, size_overflow_type, var_rhs, orig_rhs, potentionally_overflowed, BEFORE_STMT);
++ if (!is_a_cast_and_const_overflow(orig_rhs))
++ check_size_overflow(def_stmt, size_overflow_type, var_rhs, orig_rhs, potentionally_overflowed, BEFORE_STMT);
+
+ new_rhs = change_assign_rhs(def_stmt, orig_rhs, var_rhs);
+ gimple_assign_set_rhs(def_stmt, new_rhs);
diff --git a/3.5.1/0000_README b/3.5.2/0000_README
index c4d6ba4..f134d6f 100644
--- a/3.5.1/0000_README
+++ b/3.5.2/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.9.1-3.5.1-201208132030.patch
+Patch: 4420_grsecurity-2.9.1-3.5.2-201208151951.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.5.1/4420_grsecurity-2.9.1-3.5.1-201208132030.patch b/3.5.2/4420_grsecurity-2.9.1-3.5.2-201208151951.patch
index 9cc5a66..6ced4b1 100644
--- a/3.5.1/4420_grsecurity-2.9.1-3.5.1-201208132030.patch
+++ b/3.5.2/4420_grsecurity-2.9.1-3.5.2-201208151951.patch
@@ -275,7 +275,7 @@ index 13d6166..8c235b6 100644
==============================================================
diff --git a/Makefile b/Makefile
-index d7ee1cb..bf3389b 100644
+index 5caa2fa..5fc9329 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -1442,7 +1442,7 @@ index 75fe66b..2255c86 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h
-index 004c1bc..d9d6d91 100644
+index e4448e1..7bc86b7 100644
--- a/arch/arm/include/asm/cacheflush.h
+++ b/arch/arm/include/asm/cacheflush.h
@@ -108,7 +108,7 @@ struct cpu_cache_fns {
@@ -1663,7 +1663,7 @@ index b57c75e..ed2d6b2 100644
EXPORT_SYMBOL(__get_user_1);
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
-index 19c95ea..7160f7c 100644
+index 693b744..e684262 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -28,7 +28,6 @@
@@ -1674,7 +1674,7 @@ index 19c95ea..7160f7c 100644
#include <linux/hw_breakpoint.h>
#include <linux/cpuidle.h>
-@@ -255,9 +254,10 @@ void machine_power_off(void)
+@@ -256,9 +255,10 @@ void machine_power_off(void)
machine_shutdown();
if (pm_power_off)
pm_power_off();
@@ -1686,7 +1686,7 @@ index 19c95ea..7160f7c 100644
{
machine_shutdown();
-@@ -499,12 +499,6 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -501,12 +501,6 @@ unsigned long get_wchan(struct task_struct *p)
return 0;
}
@@ -1745,7 +1745,7 @@ index e15d83b..8c466dd 100644
#endif
diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
-index 3647170..065e1cd 100644
+index c7cae6b..e1e523c 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
@@ -264,6 +264,8 @@ static int __die(const char *str, int err, struct thread_info *thread, struct pt
@@ -2326,7 +2326,7 @@ index 0f01de2..d37d309 100644
#define __cacheline_aligned __aligned(L1_CACHE_BYTES)
#define ____cacheline_aligned __aligned(L1_CACHE_BYTES)
diff --git a/arch/ia64/include/asm/atomic.h b/arch/ia64/include/asm/atomic.h
-index 7d91166..88ab87e 100644
+index 6e6fe18..a6ae668 100644
--- a/arch/ia64/include/asm/atomic.h
+++ b/arch/ia64/include/asm/atomic.h
@@ -208,6 +208,16 @@ atomic64_add_negative (__s64 i, atomic64_t *v)
@@ -13672,7 +13672,7 @@ index 7261083..5c12053 100644
bogus_magic:
jmp bogus_magic
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
-index 1f84794..e23f862 100644
+index 73ef56c..0238021 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -276,6 +276,13 @@ void __init_or_module apply_alternatives(struct alt_instr *start,
@@ -27605,7 +27605,7 @@ index 251c7b62..000462d 100644
bool enable = !device_may_wakeup(&dev->dev);
device_set_wakeup_enable(&dev->dev, enable);
diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c
-index 0734086..3ad3e4c 100644
+index bbac51e..4c094f9 100644
--- a/drivers/acpi/processor_driver.c
+++ b/drivers/acpi/processor_driver.c
@@ -556,7 +556,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device)
@@ -29623,10 +29623,10 @@ index 0a484b4..f48ccd1 100644
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 4ec04a7..9918387 100644
+index d98b2a6..f0ceb97 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
-@@ -261,8 +261,13 @@
+@@ -272,8 +272,13 @@
/*
* Configuration information
*/
@@ -29640,7 +29640,7 @@ index 4ec04a7..9918387 100644
#define SEC_XFER_SIZE 512
#define EXTRACT_SIZE 10
-@@ -300,10 +305,17 @@ static struct poolinfo {
+@@ -313,10 +318,17 @@ static struct poolinfo {
int poolwords;
int tap1, tap2, tap3, tap4, tap5;
} poolinfo_table[] = {
@@ -29658,7 +29658,18 @@ index 4ec04a7..9918387 100644
#if 0
/* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
{ 2048, 1638, 1231, 819, 411, 1 },
-@@ -726,6 +738,17 @@ void add_disk_randomness(struct gendisk *disk)
+@@ -527,8 +539,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
+ input_rotate += i ? 7 : 14;
+ }
+
+- ACCESS_ONCE(r->input_rotate) = input_rotate;
+- ACCESS_ONCE(r->add_ptr) = i;
++ ACCESS_ONCE_RW(r->input_rotate) = input_rotate;
++ ACCESS_ONCE_RW(r->add_ptr) = i;
+ smp_wmb();
+
+ if (out)
+@@ -799,6 +811,17 @@ void add_disk_randomness(struct gendisk *disk)
}
#endif
@@ -29667,8 +29678,8 @@ index 4ec04a7..9918387 100644
+
+__init void transfer_latent_entropy(void)
+{
-+ mix_pool_bytes(&input_pool, &latent_entropy, sizeof(latent_entropy));
-+ mix_pool_bytes(&nonblocking_pool, &latent_entropy, sizeof(latent_entropy));
++ mix_pool_bytes(&input_pool, &latent_entropy, sizeof(latent_entropy), NULL);
++ mix_pool_bytes(&nonblocking_pool, &latent_entropy, sizeof(latent_entropy), NULL);
+// printk(KERN_INFO "PAX: transferring latent entropy: %16llx\n", latent_entropy);
+}
+#endif
@@ -29676,7 +29687,7 @@ index 4ec04a7..9918387 100644
/*********************************************************************
*
* Entropy extraction routines
-@@ -913,7 +936,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -1008,7 +1031,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
i = min_t(int, nbytes, EXTRACT_SIZE);
@@ -29685,7 +29696,7 @@ index 4ec04a7..9918387 100644
ret = -EFAULT;
break;
}
-@@ -1238,7 +1261,7 @@ EXPORT_SYMBOL(generate_random_uuid);
+@@ -1342,7 +1365,7 @@ EXPORT_SYMBOL(generate_random_uuid);
#include <linux/sysctl.h>
static int min_read_thresh = 8, min_write_thresh;
@@ -29970,10 +29981,10 @@ index 515a42c..5ecf3ba 100644
void fw_card_initialize(struct fw_card *card,
const struct fw_card_driver *driver, struct device *device);
diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
-index 153980b..4b4d046 100644
+index b298158..7ed8432 100644
--- a/drivers/firmware/dmi_scan.c
+++ b/drivers/firmware/dmi_scan.c
-@@ -449,11 +449,6 @@ void __init dmi_scan_machine(void)
+@@ -452,11 +452,6 @@ void __init dmi_scan_machine(void)
}
}
else {
@@ -29985,7 +29996,7 @@ index 153980b..4b4d046 100644
p = dmi_ioremap(0xF0000, 0x10000);
if (p == NULL)
goto error;
-@@ -723,7 +718,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *),
+@@ -726,7 +721,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *),
if (buf == NULL)
return -1;
@@ -31156,10 +31167,10 @@ index 8a8725c..afed796 100644
marker = list_first_entry(&queue->head,
struct vmw_marker, head);
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index 4c87276..9ecc3c7 100644
+index 1f6957c..b579481 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
-@@ -2151,7 +2151,7 @@ static bool hid_ignore(struct hid_device *hdev)
+@@ -2153,7 +2153,7 @@ static bool hid_ignore(struct hid_device *hdev)
int hid_add_device(struct hid_device *hdev)
{
@@ -31168,7 +31179,7 @@ index 4c87276..9ecc3c7 100644
int ret;
if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2186,7 +2186,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2188,7 +2188,7 @@ int hid_add_device(struct hid_device *hdev)
/* XXX hack, any other cleaner solution after the driver core
* is converted to allow more than 20 bytes as the device name? */
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
@@ -33506,7 +33517,7 @@ index 1cbfc6b..56e1dbb 100644
/*----------------------------------------------------------------*/
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index cacd008..2823610 100644
+index 53aec45..250851c 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -1685,7 +1685,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
@@ -35419,10 +35430,10 @@ index d9e0824..1a874e7 100644
static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
-index b620c55..a76cd49 100644
+index 02f5007..bd0bd8f 100644
--- a/drivers/net/wireless/ath/ath9k/hw.h
+++ b/drivers/net/wireless/ath/ath9k/hw.h
-@@ -609,7 +609,7 @@ struct ath_hw_private_ops {
+@@ -610,7 +610,7 @@ struct ath_hw_private_ops {
/* ANI */
void (*ani_cache_ini_regs)(struct ath_hw *ah);
@@ -35431,7 +35442,7 @@ index b620c55..a76cd49 100644
/**
* struct ath_hw_ops - callbacks used by hardware code and driver code
-@@ -639,7 +639,7 @@ struct ath_hw_ops {
+@@ -640,7 +640,7 @@ struct ath_hw_ops {
void (*antdiv_comb_conf_set)(struct ath_hw *ah,
struct ath_hw_antcomb_conf *antconf);
@@ -35440,7 +35451,7 @@ index b620c55..a76cd49 100644
struct ath_nf_limits {
s16 max;
-@@ -659,7 +659,7 @@ enum ath_cal_list {
+@@ -660,7 +660,7 @@ enum ath_cal_list {
#define AH_FASTCC 0x4
struct ath_hw {
@@ -44147,7 +44158,7 @@ index b2a34a1..162fa69 100644
return rc;
}
diff --git a/fs/exec.c b/fs/exec.c
-index e95aeed..9c7b4c2 100644
+index e95aeed..a943469 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,6 +55,15 @@
@@ -44846,9 +44857,9 @@ index e95aeed..9c7b4c2 100644
+#endif
+
+#ifdef CONFIG_PAX_SIZE_OVERFLOW
-+void report_size_overflow(const char *file, unsigned int line, const char *func)
++void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
+{
-+ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u\n", func, file, line);
++ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
+ dump_stack();
+ do_group_exit(SIGKILL);
+}
@@ -63283,20 +63294,20 @@ index 3fd2e87..d93a721 100644
struct ctl_table_header;
struct ctl_table;
diff --git a/include/linux/random.h b/include/linux/random.h
-index 8f74538..de61694 100644
+index ac621ce..c1215f3 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
-@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigned int type, unsigned int code,
+@@ -53,6 +53,10 @@ extern void add_input_randomness(unsigned int type, unsigned int code,
unsigned int value);
- extern void add_interrupt_randomness(int irq);
+ extern void add_interrupt_randomness(int irq, int irq_flags);
+#ifdef CONFIG_PAX_LATENT_ENTROPY
+extern void transfer_latent_entropy(void);
+#endif
+
extern void get_random_bytes(void *buf, int nbytes);
+ extern void get_random_bytes_arch(void *buf, int nbytes);
void generate_random_uuid(unsigned char uuid_out[16]);
-
@@ -69,12 +73,17 @@ void srandom32(u32 seed);
u32 prandom32(struct rnd_state *);
@@ -63663,7 +63674,7 @@ index 899fbb4..1cb4138 100644
#define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */
diff --git a/include/linux/security.h b/include/linux/security.h
-index 4e5a73c..a5784a1 100644
+index 3dea6a9..81fd81f 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -26,6 +26,7 @@
@@ -68397,7 +68408,7 @@ index 19db29f..33b52b6 100644
if (pm_wakeup_pending()) {
diff --git a/kernel/printk.c b/kernel/printk.c
-index 21bea76..f55ef3e 100644
+index 146827f..a501fec 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
@@ -782,6 +782,11 @@ static int check_syslog_permissions(int type, bool from_file)
@@ -70528,7 +70539,7 @@ index e796429..6e38f9f 100644
static inline void *ptr_to_indirect(void *ptr)
{
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
-index c3f36d41..5c5aeb5 100644
+index 598a73e..5c5aeb5 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -16,6 +16,9 @@
@@ -70600,7 +70611,7 @@ index c3f36d41..5c5aeb5 100644
case 'B':
return symbol_string(buf, end, ptr, spec, *fmt);
case 'R':
-@@ -1025,12 +1041,15 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -1025,6 +1041,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
va_end(va);
return buf;
}
@@ -70609,15 +70620,7 @@ index c3f36d41..5c5aeb5 100644
case 'K':
/*
* %pK cannot be used in IRQ context because its test
- * for CAP_SYSLOG would be meaningless.
- */
-- if (in_irq() || in_serving_softirq() || in_nmi()) {
-+ if (kptr_restrict && (in_irq() || in_serving_softirq() ||
-+ in_nmi())) {
- if (spec.field_width == -1)
- spec.field_width = default_width;
- return string(buf, end, "pK-error", spec);
-@@ -1047,6 +1066,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -1048,6 +1066,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
}
break;
}
@@ -70639,7 +70642,7 @@ index c3f36d41..5c5aeb5 100644
spec.flags |= SMALL;
if (spec.field_width == -1) {
spec.field_width = default_width;
-@@ -1758,11 +1792,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
+@@ -1759,11 +1792,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
typeof(type) value; \
if (sizeof(type) == 8) { \
args = PTR_ALIGN(args, sizeof(u32)); \
@@ -70654,7 +70657,7 @@ index c3f36d41..5c5aeb5 100644
} \
args += sizeof(type); \
value; \
-@@ -1825,7 +1859,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
+@@ -1826,7 +1859,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
case FORMAT_TYPE_STR: {
const char *str_arg = args;
args += strlen(str_arg) + 1;
@@ -70777,10 +70780,10 @@ index 57c4b93..24b8f59 100644
/* if an huge pmd materialized from under us just retry later */
if (unlikely(pmd_trans_huge(*pmd)))
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index e198831..38d524f 100644
+index 19558df..f7743b3 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
-@@ -2447,6 +2447,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2463,6 +2463,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
return 1;
}
@@ -70808,7 +70811,7 @@ index e198831..38d524f 100644
/*
* Hugetlb_cow() should be called with page lock of the original hugepage held.
* Called with hugetlb_instantiation_mutex held and pte_page locked so we
-@@ -2559,6 +2580,11 @@ retry_avoidcopy:
+@@ -2575,6 +2596,11 @@ retry_avoidcopy:
make_huge_pte(vma, new_page, 1));
page_remove_rmap(old_page);
hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -70820,7 +70823,7 @@ index e198831..38d524f 100644
/* Make the old page be freed below */
new_page = old_page;
mmu_notifier_invalidate_range_end(mm,
-@@ -2713,6 +2739,10 @@ retry:
+@@ -2729,6 +2755,10 @@ retry:
&& (vma->vm_flags & VM_SHARED)));
set_huge_pte_at(mm, address, ptep, new_pte);
@@ -70831,7 +70834,7 @@ index e198831..38d524f 100644
if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
/* Optimization, do the COW without a second fault */
ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
-@@ -2742,6 +2772,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2758,6 +2788,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
static DEFINE_MUTEX(hugetlb_instantiation_mutex);
struct hstate *h = hstate_vma(vma);
@@ -70842,7 +70845,7 @@ index e198831..38d524f 100644
address &= huge_page_mask(h);
ptep = huge_pte_offset(mm, address);
-@@ -2755,6 +2789,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2771,6 +2805,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
VM_FAULT_SET_HINDEX(h - hstates);
}
@@ -70870,7 +70873,7 @@ index e198831..38d524f 100644
if (!ptep)
return VM_FAULT_OOM;
diff --git a/mm/internal.h b/mm/internal.h
-index 2ba87fb..7f451e2 100644
+index 8052379..47029d1 100644
--- a/mm/internal.h
+++ b/mm/internal.h
@@ -95,6 +95,7 @@ extern void putback_lru_page(struct page *page);
@@ -70997,7 +71000,7 @@ index 14d260f..b2a80fd 100644
if (end == start)
goto out;
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index de4ce70..3629c7d 100644
+index 6de0d61..da836cf 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -73517,7 +73520,7 @@ index d4b0c10..ed421b5 100644
new->vm_region = region;
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 4a4f921..eaa5e3a 100644
+index 201b508..1fb51ca 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -336,7 +336,7 @@ out:
@@ -74722,7 +74725,7 @@ index 8c7265a..c96d884 100644
mm->unmap_area = arch_unmap_area;
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index 2aad499..a8a740e 100644
+index 2aad499..4006a74 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
@@ -74851,7 +74854,7 @@ index 2aad499..a8a740e 100644
* vstart and vend.
*/
-static struct vmap_area *alloc_vmap_area(unsigned long size,
-+static struct __size_overflow(1) vmap_area *alloc_vmap_area(unsigned long size,
++static __size_overflow(1) struct vmap_area *alloc_vmap_area(unsigned long size,
unsigned long align,
unsigned long vstart, unsigned long vend,
int node, gfp_t gfp_mask)
@@ -75498,7 +75501,7 @@ index ae6acf6..d5c8f66 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 1cb0d8a..0427dd9 100644
+index a000840..566cee1 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1135,9 +1135,13 @@ void dev_load(struct net *net, const char *name)
@@ -75515,7 +75518,7 @@ index 1cb0d8a..0427dd9 100644
}
}
EXPORT_SYMBOL(dev_load);
-@@ -1601,7 +1605,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+@@ -1602,7 +1606,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
{
if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
if (skb_copy_ubufs(skb, GFP_ATOMIC)) {
@@ -75524,7 +75527,7 @@ index 1cb0d8a..0427dd9 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -1611,7 +1615,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+@@ -1612,7 +1616,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
nf_reset(skb);
if (unlikely(!is_skb_forwardable(dev, skb))) {
@@ -75533,7 +75536,7 @@ index 1cb0d8a..0427dd9 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -2040,7 +2044,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
+@@ -2041,7 +2045,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
struct dev_gso_cb {
void (*destructor)(struct sk_buff *skb);
@@ -75542,7 +75545,7 @@ index 1cb0d8a..0427dd9 100644
#define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
-@@ -2875,7 +2879,7 @@ enqueue:
+@@ -2876,7 +2880,7 @@ enqueue:
local_irq_restore(flags);
@@ -75551,7 +75554,7 @@ index 1cb0d8a..0427dd9 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -2947,7 +2951,7 @@ int netif_rx_ni(struct sk_buff *skb)
+@@ -2948,7 +2952,7 @@ int netif_rx_ni(struct sk_buff *skb)
}
EXPORT_SYMBOL(netif_rx_ni);
@@ -75560,7 +75563,7 @@ index 1cb0d8a..0427dd9 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
-@@ -3234,7 +3238,7 @@ ncls:
+@@ -3235,7 +3239,7 @@ ncls:
if (pt_prev) {
ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
} else {
@@ -75569,7 +75572,7 @@ index 1cb0d8a..0427dd9 100644
kfree_skb(skb);
/* Jamal, now you will not able to escape explaining
* me how you were going to use this. :-)
-@@ -3799,7 +3803,7 @@ void netif_napi_del(struct napi_struct *napi)
+@@ -3800,7 +3804,7 @@ void netif_napi_del(struct napi_struct *napi)
}
EXPORT_SYMBOL(netif_napi_del);
@@ -75578,7 +75581,7 @@ index 1cb0d8a..0427dd9 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
unsigned long time_limit = jiffies + 2;
-@@ -4269,8 +4273,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
+@@ -4270,8 +4274,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
else
seq_printf(seq, "%04x", ntohs(pt->type));
@@ -75592,7 +75595,7 @@ index 1cb0d8a..0427dd9 100644
}
return 0;
-@@ -5820,7 +5829,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+@@ -5823,7 +5832,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
} else {
netdev_stats_to_stats64(storage, &dev->stats);
}
@@ -75664,7 +75667,7 @@ index 7e7aeb0..2a998cb 100644
m->msg_iov = iov;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 23e3f66..f78041f 100644
+index 6c50ac0..6b4c038 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -58,7 +58,7 @@ struct rtnl_link {
@@ -78593,7 +78596,7 @@ index 641f2e4..a63f5e1 100644
dput(path.dentry);
path.dentry = dentry;
diff --git a/net/wireless/core.h b/net/wireless/core.h
-index 8523f38..79f6091 100644
+index bc686ef..27845e6 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -27,7 +27,7 @@ struct cfg80211_registered_device {
@@ -80253,7 +80256,7 @@ index 860aeb3..45765c0 100644
/* Save user chosen LSM */
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index daaa4ed..99a640f 100644
+index db10db2..99a640f 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -95,8 +95,6 @@
@@ -80265,29 +80268,7 @@ index daaa4ed..99a640f 100644
/* SECMARK reference count */
static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
-@@ -2792,11 +2790,16 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
-
- /* We strip a nul only if it is at the end, otherwise the
- * context contains a nul and we should audit that */
-- str = value;
-- if (str[size - 1] == '\0')
-- audit_size = size - 1;
-- else
-- audit_size = size;
-+ if (value) {
-+ str = value;
-+ if (str[size - 1] == '\0')
-+ audit_size = size - 1;
-+ else
-+ audit_size = size;
-+ } else {
-+ str = "";
-+ audit_size = 0;
-+ }
- ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
- audit_log_format(ab, "op=setxattr invalid_context=");
- audit_log_n_untrustedstring(ab, value, audit_size);
-@@ -5506,7 +5509,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
+@@ -5511,7 +5509,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
#endif
@@ -85672,10 +85653,10 @@ index 0000000..036c9c6
+_003255_hash acl_alloc_num 1-2 60778 _003255_hash NULL
diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
new file mode 100644
-index 0000000..5af42b5
+index 0000000..41e11e1
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin.c
-@@ -0,0 +1,1558 @@
+@@ -0,0 +1,1579 @@
+/*
+ * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com>
+ * Licensed under the GPL v2, or (at your option) v3
@@ -85744,7 +85725,7 @@ index 0000000..5af42b5
+static tree get_size_overflow_type(gimple stmt, tree node);
+
+static struct plugin_info size_overflow_plugin_info = {
-+ .version = "20120811beta",
++ .version = "20120815beta",
+ .help = "no-size-overflow\tturn off size overflow checking\n",
+};
+
@@ -86421,6 +86402,27 @@ index 0000000..5af42b5
+ return true;
+}
+
++static bool is_a_cast_and_const_overflow(tree no_const_rhs)
++{
++ tree rhs1, lhs, rhs1_type, lhs_type;
++ enum machine_mode lhs_mode, rhs_mode;
++ gimple def_stmt = get_def_stmt(no_const_rhs);
++
++ if (!gimple_assign_cast_p(def_stmt))
++ return false;
++
++ rhs1 = gimple_assign_rhs1(def_stmt);
++ lhs = gimple_get_lhs(def_stmt);
++ rhs1_type = TREE_TYPE(rhs1);
++ lhs_type = TREE_TYPE(lhs);
++ rhs_mode = TYPE_MODE(rhs1_type);
++ lhs_mode = TYPE_MODE(lhs_type);
++ if (TYPE_UNSIGNED(lhs_type) == TYPE_UNSIGNED(rhs1_type) || lhs_mode != rhs_mode)
++ return false;
++
++ return true;
++}
++
+static tree handle_unary_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt)
+{
+ tree size_overflow_type, lhs = gimple_get_lhs(stmt);
@@ -86462,8 +86464,10 @@ index 0000000..5af42b5
+ change_rhs1(stmt, new_rhs1);
+ check_size_overflow(stmt, size_overflow_type, new_rhs1, rhs1, potentionally_overflowed, BEFORE_STMT);
+
++ rhs1 = gimple_assign_rhs1(stmt);
++ rhs1_type = TREE_TYPE(rhs1);
+ if (TYPE_UNSIGNED(rhs1_type) != TYPE_UNSIGNED(lhs_type))
-+ return create_assign(visited, potentionally_overflowed, stmt, lhs, AFTER_STMT);
++ return create_assign(visited, potentionally_overflowed, stmt, rhs1, AFTER_STMT);
+
+ if (!check_mode_type(stmt))
+ return create_assign(visited, potentionally_overflowed, stmt, lhs, AFTER_STMT);
@@ -86560,11 +86564,8 @@ index 0000000..5af42b5
+ current_func = build_string(NAME_LEN(current_function_decl) + 1, NAME(current_function_decl));
+ current_func = create_string_param(current_func);
+
-+ if (min)
-+ snprintf(ssa_name_buf, 100, "%s_%u (min)\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg));
-+ else
-+ snprintf(ssa_name_buf, 100, "%s_%u (max)\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg));
-+ ssa_name = build_string(100, ssa_name_buf);
++ snprintf(ssa_name_buf, sizeof(ssa_name_buf), "%s_%u (%s)\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg), min ? "min" : "max");
++ ssa_name = build_string(sizeof(ssa_name_buf), ssa_name_buf);
+ ssa_name = create_string_param(ssa_name);
+
+ // void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
@@ -86701,7 +86702,8 @@ index 0000000..5af42b5
+ if (gimple_assign_rhs_code(def_stmt) == MIN_EXPR)
+ return dup_assign(visited, potentionally_overflowed, def_stmt, size_overflow_type, new_rhs1, new_rhs2, NULL_TREE);
+
-+ check_size_overflow(def_stmt, size_overflow_type, var_rhs, orig_rhs, potentionally_overflowed, BEFORE_STMT);
++ if (!is_a_cast_and_const_overflow(orig_rhs))
++ check_size_overflow(def_stmt, size_overflow_type, var_rhs, orig_rhs, potentionally_overflowed, BEFORE_STMT);
+
+ new_rhs = change_assign_rhs(def_stmt, orig_rhs, var_rhs);
+ gimple_assign_set_rhs(def_stmt, new_rhs);
diff --git a/3.5.1/4430_grsec-remove-localversion-grsec.patch b/3.5.2/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.5.1/4430_grsec-remove-localversion-grsec.patch
+++ b/3.5.2/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.5.1/4435_grsec-mute-warnings.patch b/3.5.2/4435_grsec-mute-warnings.patch
index e1a7a3c..e1a7a3c 100644
--- a/3.5.1/4435_grsec-mute-warnings.patch
+++ b/3.5.2/4435_grsec-mute-warnings.patch
diff --git a/3.5.1/4440_grsec-remove-protected-paths.patch b/3.5.2/4440_grsec-remove-protected-paths.patch
index 637934a..637934a 100644
--- a/3.5.1/4440_grsec-remove-protected-paths.patch
+++ b/3.5.2/4440_grsec-remove-protected-paths.patch
diff --git a/3.5.1/4450_grsec-kconfig-default-gids.patch b/3.5.2/4450_grsec-kconfig-default-gids.patch
index eb5154a..eb5154a 100644
--- a/3.5.1/4450_grsec-kconfig-default-gids.patch
+++ b/3.5.2/4450_grsec-kconfig-default-gids.patch
diff --git a/3.5.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.5.2/4465_selinux-avc_audit-log-curr_ip.patch
index fd7ab67..fd7ab67 100644
--- a/3.5.1/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.5.2/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.5.1/4470_disable-compat_vdso.patch b/3.5.2/4470_disable-compat_vdso.patch
index 68af025..68af025 100644
--- a/3.5.1/4470_disable-compat_vdso.patch
+++ b/3.5.2/4470_disable-compat_vdso.patch