Grsec/PaX: 2.9-{2.6.32.59,3.2.20,3.4.3}-201206182054

author: Anthony G. Basile <blueness@gentoo.org> 2012-06-20 05:11:29 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2012-06-20 05:11:29 -0400
commit: f1112c26befdbb95582dda975f112c92a01784a1 (patch)
tree: 05a9e0f156dab1f29d8ad24577a0e52d45abf761
parent: Grsec/PaX: 2.9-{2.6.32.59,3.2.20,3.4.3}-201206171836 (diff)
download: hardened-patchset-f1112c26befdbb95582dda975f112c92a01784a1.tar.gz
hardened-patchset-f1112c26befdbb95582dda975f112c92a01784a1.tar.bz2
hardened-patchset-f1112c26befdbb95582dda975f112c92a01784a1.zip
6 files changed, 170 insertions, 61 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index e239f2b..1bbfa68 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -30,7 +30,7 @@ Patch:	1058_linux-2.6.32.59.patch
 From:	http://www.kernel.org
 Desc:	Linux 2.6.32.59
 
-Patch:	4420_grsecurity-2.9.1-2.6.32.59-201206171956.patch
+Patch:	4420_grsecurity-2.9.1-2.6.32.59-201206182053.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206171956.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206182053.patch
index eff2b70..6c6bbd4 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206171956.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206182053.patch
@@ -14193,7 +14193,7 @@ index 61c5874..8a046e9 100644
  # include "uaccess_32.h"
  #else
 diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
-index 632fb44..9aef8c8 100644
+index 632fb44..5bc863e 100644
 --- a/arch/x86/include/asm/uaccess_32.h
 +++ b/arch/x86/include/asm/uaccess_32.h
 @@ -12,15 +12,15 @@
@@ -14331,9 +14331,9 @@ index 632fb44..9aef8c8 100644
 +static __always_inline unsigned long __must_check
 +copy_to_user(void __user *to, const void *from, unsigned long n)
 +{
-+	int sz = __compiletime_object_size(from);
++	size_t sz = __compiletime_object_size(from);
 +
-+	if (unlikely(sz != -1 && sz < n))
++	if (unlikely(sz != (size_t)-1 && sz < n))
 +		copy_to_user_overflow();
 +	else if (access_ok(VERIFY_WRITE, to, n))
 +		n = __copy_to_user(to, from, n);
@@ -14359,9 +14359,9 @@ index 632fb44..9aef8c8 100644
 +static __always_inline unsigned long __must_check
 +copy_from_user(void *to, const void __user *from, unsigned long n)
 +{
-+	int sz = __compiletime_object_size(to);
++	size_t sz = __compiletime_object_size(to);
 +
-+	if (unlikely(sz != -1 && sz < n))
++	if (unlikely(sz != (size_t)-1 && sz < n))
 +		copy_from_user_overflow();
 +	else if (access_ok(VERIFY_READ, from, n))
 +		n = __copy_from_user(to, from, n);
@@ -14392,7 +14392,7 @@ index 632fb44..9aef8c8 100644
  
  #endif /* _ASM_X86_UACCESS_32_H */
 diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index db24b21..443d022 100644
+index db24b21..52c8e0d 100644
 --- a/arch/x86/include/asm/uaccess_64.h
 +++ b/arch/x86/include/asm/uaccess_64.h
 @@ -9,6 +9,9 @@
@@ -14441,7 +14441,7 @@ index db24b21..443d022 100644
 +unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size)
  {
 -	int ret = 0;
-+	int sz = __compiletime_object_size(dst);
++	size_t sz = __compiletime_object_size(dst);
 +	unsigned ret = 0;
  
  	might_fault();
@@ -14456,7 +14456,7 @@ index db24b21..443d022 100644
 +		return size;
 +#endif
 +
-+	if (unlikely(sz != -1 && sz < size)) {
++	if (unlikely(sz != (size_t)-1 && sz < size)) {
 +		copy_from_user_overflow();
 +		return size;
 +	}
@@ -14527,7 +14527,7 @@ index db24b21..443d022 100644
 +unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size)
  {
 -	int ret = 0;
-+	int sz = __compiletime_object_size(dst);
++	size_t sz = __compiletime_object_size(dst);
 +	unsigned ret = 0;
  
  	might_fault();
@@ -14544,7 +14544,7 @@ index db24b21..443d022 100644
 +		return size;
 +#endif
 +
-+	if (unlikely(sz != -1 && sz < size)) {
++	if (unlikely(sz != (size_t)-1 && sz < size)) {
 +		copy_to_user_overflow();
 +		return size;
 +	}
@@ -121363,7 +121363,7 @@ index 0000000..604f3f0
 +};
 diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
 new file mode 100644
-index 0000000..273e66a
+index 0000000..8ec972e
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin.c
 @@ -0,0 +1,1203 @@
@@ -121458,7 +121458,7 @@ index 0000000..273e66a
 +	.decl_required			= false,
 +	.type_required			= true,
 +	.function_type_required		= true,
-+	.handler			= handle_size_overflow_attribute
++	.handler			= handle_size_overflow_attribute,
 +#if BUILDING_GCC_VERSION >= 4007
 +	.affects_type_identity		= false
 +#endif
diff --git a/3.2.20/0000_README b/3.2.20/0000_README
index 032419d..f77f218 100644
--- a/3.2.20/0000_README
+++ b/3.2.20/0000_README
@@ -6,7 +6,7 @@ Patch:	1019_linux-3.2.20.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.20
 
-Patch:	4420_grsecurity-2.9.1-3.2.20-201206171957.patch
+Patch:	4420_grsecurity-2.9.1-3.2.20-201206182053.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.20/4420_grsecurity-2.9.1-3.2.20-201206171957.patch b/3.2.20/4420_grsecurity-2.9.1-3.2.20-201206182053.patch
index e582270..cdef107 100644
--- a/3.2.20/4420_grsecurity-2.9.1-3.2.20-201206171957.patch
+++ b/3.2.20/4420_grsecurity-2.9.1-3.2.20-201206182053.patch
@@ -3329,6 +3329,23 @@ index 22dadeb..f6c2be4 100644
  #define PAGE_KERNEL	__pgprot(_PAGE_KERNEL)
  #define PAGE_KERNEL_EXEC	__pgprot(_PAGE_KERNEL_EXEC)
  #define PAGE_KERNEL_RWX	__pgprot(_PAGE_KERNEL_RWX)
+diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h
+index ff4cf9d..c0564bb 100644
+--- a/arch/parisc/include/asm/uaccess.h
++++ b/arch/parisc/include/asm/uaccess.h
+@@ -253,10 +253,10 @@ static inline unsigned long __must_check copy_from_user(void *to,
+                                           const void __user *from,
+                                           unsigned long n)
+ {
+-        int sz = __compiletime_object_size(to);
++        size_t sz = __compiletime_object_size(to);
+         int ret = -EFAULT;
+ 
+-        if (likely(sz == -1 || !__builtin_constant_p(n) || sz >= n))
++        if (likely(sz == (size_t)-1 || !__builtin_constant_p(n) || sz >= n))
+                 ret = __copy_from_user(to, from, n);
+         else
+                 copy_from_user_overflow();
 diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
 index 5e34ccf..672bc9c 100644
 --- a/arch/parisc/kernel/module.c
@@ -4734,7 +4751,7 @@ index ef573c1..75a1ce6 100644
  static inline int tprot(unsigned long addr)
  {
 diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h
-index 2b23885..e136e31 100644
+index 2b23885..e84d6ac 100644
 --- a/arch/s390/include/asm/uaccess.h
 +++ b/arch/s390/include/asm/uaccess.h
 @@ -235,6 +235,10 @@ static inline unsigned long __must_check
@@ -4758,17 +4775,23 @@ index 2b23885..e136e31 100644
  	if (__builtin_constant_p(n) && (n <= 256))
  		return uaccess.copy_from_user_small(n, from, to);
  	else
-@@ -294,6 +301,10 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
- 	unsigned int sz = __compiletime_object_size(to);
+@@ -291,10 +298,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct")
+ static inline unsigned long __must_check
+ copy_from_user(void *to, const void __user *from, unsigned long n)
+ {
+-	unsigned int sz = __compiletime_object_size(to);
++	size_t sz = __compiletime_object_size(to);
  
  	might_fault();
+-	if (unlikely(sz != -1 && sz < n)) {
 +
 +	if ((long)n < 0)
 +		return n;
 +
- 	if (unlikely(sz != -1 && sz < n)) {
++	if (unlikely(sz != (size_t)-1 && sz < n)) {
  		copy_from_user_overflow();
  		return n;
+ 	}
 diff --git a/arch/s390/kernel/module.c b/arch/s390/kernel/module.c
 index dfcb343..eda788a 100644
 --- a/arch/s390/kernel/module.c
@@ -7527,6 +7550,22 @@ index 392e533..536b092 100644
  
  /* bytes per L2 cache line */
  #define L2_CACHE_SHIFT		CHIP_L2_LOG_LINE_SIZE()
+diff --git a/arch/tile/include/asm/uaccess.h b/arch/tile/include/asm/uaccess.h
+index ef34d2c..d6ce60c 100644
+--- a/arch/tile/include/asm/uaccess.h
++++ b/arch/tile/include/asm/uaccess.h
+@@ -361,9 +361,9 @@ static inline unsigned long __must_check copy_from_user(void *to,
+ 					  const void __user *from,
+ 					  unsigned long n)
+ {
+-	int sz = __compiletime_object_size(to);
++	size_t sz = __compiletime_object_size(to);
+ 
+-	if (likely(sz == -1 || sz >= n))
++	if (likely(sz == (size_t)-1 || sz >= n))
+ 		n = _copy_from_user(to, from, n);
+ 	else
+ 		copy_from_user_overflow();
 diff --git a/arch/um/Makefile b/arch/um/Makefile
 index 7730af6..cce5b19 100644
 --- a/arch/um/Makefile
@@ -12789,7 +12828,7 @@ index 36361bf..324f262 100644
  
  #ifdef CONFIG_X86_WP_WORKS_OK
 diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
-index 566e803..ce99a01 100644
+index 566e803..4e55748 100644
 --- a/arch/x86/include/asm/uaccess_32.h
 +++ b/arch/x86/include/asm/uaccess_32.h
 @@ -11,15 +11,15 @@
@@ -12929,10 +12968,14 @@ index 566e803..ce99a01 100644
 + */
 +static inline unsigned long __must_check
 +copy_to_user(void __user *to, const void *from, unsigned long n)
-+{
-+	int sz = __compiletime_object_size(from);
-+
-+	if (unlikely(sz != -1 && sz < n))
+ {
+-	int sz = __compiletime_object_size(to);
++	size_t sz = __compiletime_object_size(from);
+ 
+-	if (likely(sz == -1 || sz >= n))
+-		n = _copy_from_user(to, from, n);
+-	else
++	if (unlikely(sz != (size_t)-1 && sz < n))
 +		copy_to_user_overflow();
 +	else if (access_ok(VERIFY_WRITE, to, n))
 +		n = __copy_to_user(to, from, n);
@@ -12957,13 +13000,10 @@ index 566e803..ce99a01 100644
 + */
 +static inline unsigned long __must_check
 +copy_from_user(void *to, const void __user *from, unsigned long n)
- {
- 	int sz = __compiletime_object_size(to);
- 
--	if (likely(sz == -1 || sz >= n))
--		n = _copy_from_user(to, from, n);
--	else
-+	if (unlikely(sz != -1 && sz < n))
++{
++	size_t sz = __compiletime_object_size(to);
++
++	if (unlikely(sz != (size_t)-1 && sz < n))
  		copy_from_user_overflow();
 -
 +	else if (access_ok(VERIFY_READ, from, n))
@@ -12977,7 +13017,7 @@ index 566e803..ce99a01 100644
  }
  
 diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index 1c66d30..d0f1634 100644
+index 1c66d30..f119bdd 100644
 --- a/arch/x86/include/asm/uaccess_64.h
 +++ b/arch/x86/include/asm/uaccess_64.h
 @@ -10,6 +10,9 @@
@@ -13086,7 +13126,7 @@ index 1c66d30..d0f1634 100644
 +unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size)
  {
 -	int ret = 0;
-+	int sz = __compiletime_object_size(dst);
++	size_t sz = __compiletime_object_size(dst);
 +	unsigned ret = 0;
  
  	might_fault();
@@ -13101,7 +13141,7 @@ index 1c66d30..d0f1634 100644
 +		return size;
 +#endif
 +
-+	if (unlikely(sz != -1 && sz < size)) {
++	if (unlikely(sz != (size_t)-1 && sz < size)) {
 +		copy_from_user_overflow();
 +		return size;
 +	}
@@ -13172,7 +13212,7 @@ index 1c66d30..d0f1634 100644
 +unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size)
  {
 -	int ret = 0;
-+	int sz = __compiletime_object_size(src);
++	size_t sz = __compiletime_object_size(src);
 +	unsigned ret = 0;
  
  	might_fault();
@@ -13187,7 +13227,7 @@ index 1c66d30..d0f1634 100644
 +		return size;
 +#endif
 +
-+	if (unlikely(sz != -1 && sz < size)) {
++	if (unlikely(sz != (size_t)-1 && sz < size)) {
 +		copy_to_user_overflow();
 +		return size;
 +	}
@@ -99190,7 +99230,7 @@ index 0000000..cd8690a
 +};
 diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
 new file mode 100644
-index 0000000..273e66a
+index 0000000..8ec972e
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin.c
 @@ -0,0 +1,1203 @@
@@ -99285,7 +99325,7 @@ index 0000000..273e66a
 +	.decl_required			= false,
 +	.type_required			= true,
 +	.function_type_required		= true,
-+	.handler			= handle_size_overflow_attribute
++	.handler			= handle_size_overflow_attribute,
 +#if BUILDING_GCC_VERSION >= 4007
 +	.affects_type_identity		= false
 +#endif
diff --git a/3.4.3/0000_README b/3.4.3/0000_README
index 510fb5d..51764d1 100644
--- a/3.4.3/0000_README
+++ b/3.4.3/0000_README
@@ -6,7 +6,7 @@ Patch:	1002_linux-3.4.3.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.4.3
 
-Patch:	4420_grsecurity-2.9.1-3.4.3-201206171836.patch
+Patch:	4420_grsecurity-2.9.1-3.4.3-201206182054.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.4.3/4420_grsecurity-2.9.1-3.4.3-201206171836.patch b/3.4.3/4420_grsecurity-2.9.1-3.4.3-201206182054.patch
index 57ad302..38512b9 100644
--- a/3.4.3/4420_grsecurity-2.9.1-3.4.3-201206171836.patch
+++ b/3.4.3/4420_grsecurity-2.9.1-3.4.3-201206182054.patch
@@ -3338,6 +3338,23 @@ index ee99f23..802b0a1 100644
  #define PAGE_KERNEL	__pgprot(_PAGE_KERNEL)
  #define PAGE_KERNEL_EXEC	__pgprot(_PAGE_KERNEL_EXEC)
  #define PAGE_KERNEL_RWX	__pgprot(_PAGE_KERNEL_RWX)
+diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h
+index 9ac0660..6ed15c4 100644
+--- a/arch/parisc/include/asm/uaccess.h
++++ b/arch/parisc/include/asm/uaccess.h
+@@ -252,10 +252,10 @@ static inline unsigned long __must_check copy_from_user(void *to,
+                                           const void __user *from,
+                                           unsigned long n)
+ {
+-        int sz = __compiletime_object_size(to);
++        size_t sz = __compiletime_object_size(to);
+         int ret = -EFAULT;
+ 
+-        if (likely(sz == -1 || !__builtin_constant_p(n) || sz >= n))
++        if (likely(sz == (size_t)-1 || !__builtin_constant_p(n) || sz >= n))
+                 ret = __copy_from_user(to, from, n);
+         else
+                 copy_from_user_overflow();
 diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
 index 5e34ccf..672bc9c 100644
 --- a/arch/parisc/kernel/module.c
@@ -4704,7 +4721,7 @@ index c4a93d6..4d2a9b4 100644
  
  #endif /* __ASM_EXEC_H */
 diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h
-index 8f2cada..1cddd55 100644
+index 8f2cada..43072c1 100644
 --- a/arch/s390/include/asm/uaccess.h
 +++ b/arch/s390/include/asm/uaccess.h
 @@ -236,6 +236,10 @@ static inline unsigned long __must_check
@@ -4728,17 +4745,23 @@ index 8f2cada..1cddd55 100644
  	if (__builtin_constant_p(n) && (n <= 256))
  		return uaccess.copy_from_user_small(n, from, to);
  	else
-@@ -295,6 +302,10 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
- 	unsigned int sz = __compiletime_object_size(to);
+@@ -292,10 +299,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct")
+ static inline unsigned long __must_check
+ copy_from_user(void *to, const void __user *from, unsigned long n)
+ {
+-	unsigned int sz = __compiletime_object_size(to);
++	size_t sz = __compiletime_object_size(to);
  
  	might_fault();
+-	if (unlikely(sz != -1 && sz < n)) {
 +
 +	if ((long)n < 0)
 +		return n;
 +
- 	if (unlikely(sz != -1 && sz < n)) {
++	if (unlikely(sz != (size_t)-1 && sz < n)) {
  		copy_from_user_overflow();
  		return n;
+ 	}
 diff --git a/arch/s390/kernel/module.c b/arch/s390/kernel/module.c
 index dfcb343..eda788a 100644
 --- a/arch/s390/kernel/module.c
@@ -7458,6 +7481,22 @@ index 392e533..536b092 100644
  
  /* bytes per L2 cache line */
  #define L2_CACHE_SHIFT		CHIP_L2_LOG_LINE_SIZE()
+diff --git a/arch/tile/include/asm/uaccess.h b/arch/tile/include/asm/uaccess.h
+index ef34d2c..d6ce60c 100644
+--- a/arch/tile/include/asm/uaccess.h
++++ b/arch/tile/include/asm/uaccess.h
+@@ -361,9 +361,9 @@ static inline unsigned long __must_check copy_from_user(void *to,
+ 					  const void __user *from,
+ 					  unsigned long n)
+ {
+-	int sz = __compiletime_object_size(to);
++	size_t sz = __compiletime_object_size(to);
+ 
+-	if (likely(sz == -1 || sz >= n))
++	if (likely(sz == (size_t)-1 || sz >= n))
+ 		n = _copy_from_user(to, from, n);
+ 	else
+ 		copy_from_user_overflow();
 diff --git a/arch/um/Makefile b/arch/um/Makefile
 index 55c0661..86ad413 100644
 --- a/arch/um/Makefile
@@ -12814,7 +12853,7 @@ index e054459..14bc8a7 100644
  
  #ifdef CONFIG_X86_WP_WORKS_OK
 diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
-index 8084bc7..cc139cb 100644
+index 8084bc7..3d6ec37 100644
 --- a/arch/x86/include/asm/uaccess_32.h
 +++ b/arch/x86/include/asm/uaccess_32.h
 @@ -11,15 +11,15 @@
@@ -12954,10 +12993,14 @@ index 8084bc7..cc139cb 100644
 + */
 +static inline unsigned long __must_check
 +copy_to_user(void __user *to, const void *from, unsigned long n)
-+{
-+	int sz = __compiletime_object_size(from);
-+
-+	if (unlikely(sz != -1 && sz < n))
+ {
+-	int sz = __compiletime_object_size(to);
++	size_t sz = __compiletime_object_size(from);
+ 
+-	if (likely(sz == -1 || sz >= n))
+-		n = _copy_from_user(to, from, n);
+-	else
++	if (unlikely(sz != (size_t)-1 && sz < n))
 +		copy_to_user_overflow();
 +	else if (access_ok(VERIFY_WRITE, to, n))
 +		n = __copy_to_user(to, from, n);
@@ -12982,13 +13025,10 @@ index 8084bc7..cc139cb 100644
 + */
 +static inline unsigned long __must_check
 +copy_from_user(void *to, const void __user *from, unsigned long n)
- {
- 	int sz = __compiletime_object_size(to);
- 
--	if (likely(sz == -1 || sz >= n))
--		n = _copy_from_user(to, from, n);
--	else
-+	if (unlikely(sz != -1 && sz < n))
++{
++	size_t sz = __compiletime_object_size(to);
++
++	if (unlikely(sz != (size_t)-1 && sz < n))
  		copy_from_user_overflow();
 -
 +	else if (access_ok(VERIFY_READ, from, n))
@@ -13012,7 +13052,7 @@ index 8084bc7..cc139cb 100644
  
  #endif /* _ASM_X86_UACCESS_32_H */
 diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index fcd4b6f..1d52af4 100644
+index fcd4b6f..ef04f8f 100644
 --- a/arch/x86/include/asm/uaccess_64.h
 +++ b/arch/x86/include/asm/uaccess_64.h
 @@ -10,6 +10,9 @@
@@ -13121,7 +13161,7 @@ index fcd4b6f..1d52af4 100644
 +unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size)
  {
 -	int ret = 0;
-+	int sz = __compiletime_object_size(dst);
++	size_t sz = __compiletime_object_size(dst);
 +	unsigned ret = 0;
  
  	might_fault();
@@ -13136,7 +13176,7 @@ index fcd4b6f..1d52af4 100644
 +		return size;
 +#endif
 +
-+	if (unlikely(sz != -1 && sz < size)) {
++	if (unlikely(sz != (size_t)-1 && sz < size)) {
 +		copy_from_user_overflow();
 +		return size;
 +	}
@@ -13207,7 +13247,7 @@ index fcd4b6f..1d52af4 100644
 +unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size)
  {
 -	int ret = 0;
-+	int sz = __compiletime_object_size(src);
++	size_t sz = __compiletime_object_size(src);
 +	unsigned ret = 0;
  
  	might_fault();
@@ -13222,7 +13262,7 @@ index fcd4b6f..1d52af4 100644
 +		return size;
 +#endif
 +
-+	if (unlikely(sz != -1 && sz < size)) {
++	if (unlikely(sz != (size_t)-1 && sz < size)) {
 +		copy_to_user_overflow();
 +		return size;
 +	}
@@ -35491,6 +35531,35 @@ index d66e298..55b0a89 100644
  		rts_threshold = 2347;
  
  	tmp = cpu_to_le32(rts_threshold);
+diff --git a/drivers/net/wireless/rt2x00/rt2x00.h b/drivers/net/wireless/rt2x00/rt2x00.h
+index c264dfa..08ee30e 100644
+--- a/drivers/net/wireless/rt2x00/rt2x00.h
++++ b/drivers/net/wireless/rt2x00/rt2x00.h
+@@ -396,7 +396,7 @@ struct rt2x00_intf {
+ 	 * for hardware which doesn't support hardware
+ 	 * sequence counting.
+ 	 */
+-	atomic_t seqno;
++	atomic_unchecked_t seqno;
+ };
+ 
+ static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif)
+diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c
+index 50f92d5..f3afc41 100644
+--- a/drivers/net/wireless/rt2x00/rt2x00queue.c
++++ b/drivers/net/wireless/rt2x00/rt2x00queue.c
+@@ -229,9 +229,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev,
+ 	 * sequence counter given by mac80211.
+ 	 */
+ 	if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags))
+-		seqno = atomic_add_return(0x10, &intf->seqno);
++		seqno = atomic_add_return_unchecked(0x10, &intf->seqno);
+ 	else
+-		seqno = atomic_read(&intf->seqno);
++		seqno = atomic_read_unchecked(&intf->seqno);
+ 
+ 	hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
+ 	hdr->seq_ctrl |= cpu_to_le16(seqno);
 diff --git a/drivers/net/wireless/wl1251/wl1251.h b/drivers/net/wireless/wl1251/wl1251.h
 index 9d8f581..0f6589e 100644
 --- a/drivers/net/wireless/wl1251/wl1251.h
@@ -97776,7 +97845,7 @@ index 0000000..c2eca90
 +};
 diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
 new file mode 100644
-index 0000000..273e66a
+index 0000000..8ec972e
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin.c
 @@ -0,0 +1,1203 @@
@@ -97871,7 +97940,7 @@ index 0000000..273e66a
 +	.decl_required			= false,
 +	.type_required			= true,
 +	.function_type_required		= true,
-+	.handler			= handle_size_overflow_attribute
++	.handler			= handle_size_overflow_attribute,
 +#if BUILDING_GCC_VERSION >= 4007
 +	.affects_type_identity		= false
 +#endif
author	Anthony G. Basile <blueness@gentoo.org>	2012-06-20 05:11:29 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2012-06-20 05:11:29 -0400
commit	f1112c26befdbb95582dda975f112c92a01784a1 (patch)
tree	05a9e0f156dab1f29d8ad24577a0e52d45abf761
parent	Grsec/PaX: 2.9-{2.6.32.59,3.2.20,3.4.3}-201206171836 (diff)
download	hardened-patchset-f1112c26befdbb95582dda975f112c92a01784a1.tar.gz hardened-patchset-f1112c26befdbb95582dda975f112c92a01784a1.tar.bz2 hardened-patchset-f1112c26befdbb95582dda975f112c92a01784a1.zip