Grsec/PaX: 3.0-{3.2.60,3.14.12,3.15.5}-20140714224820140714

author: Anthony G. Basile <blueness@gentoo.org> 2014-07-15 06:41:42 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2014-07-15 06:41:42 -0400
commit: 31d2e9dad6475db7495158a948214b524d774843 (patch)
tree: 44b7ccb856d40d294246737036afd01318d15357
parent: Grsec/PaX: 3.0-3.2.61-201407112156 (diff)
download: hardened-patchset-31d2e9dad6475db7495158a948214b524d774843.tar.gz
hardened-patchset-31d2e9dad6475db7495158a948214b524d774843.tar.bz2
hardened-patchset-31d2e9dad6475db7495158a948214b524d774843.zip
6 files changed, 711 insertions, 37 deletions
diff --git a/3.14.12/0000_README b/3.14.12/0000_README
index f71dcad..f32e676 100644
--- a/3.14.12/0000_README
+++ b/3.14.12/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.0-3.14.12-201407100035.patch
+Patch:	4420_grsecurity-3.0-3.14.12-201407142243.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.14.12/4420_grsecurity-3.0-3.14.12-201407100035.patch b/3.14.12/4420_grsecurity-3.0-3.14.12-201407142243.patch
index 3a245d4..bf2b106 100644
--- a/3.14.12/4420_grsecurity-3.0-3.14.12-201407100035.patch
+++ b/3.14.12/4420_grsecurity-3.0-3.14.12-201407142243.patch
@@ -45278,6 +45278,212 @@ index ae0f56a..ec71784 100644
  
  /* debug */
  static int dvb_usb_dw2102_debug;
+diff --git a/drivers/media/usb/dvb-usb/technisat-usb2.c b/drivers/media/usb/dvb-usb/technisat-usb2.c
+index 98d24ae..bc22415 100644
+--- a/drivers/media/usb/dvb-usb/technisat-usb2.c
++++ b/drivers/media/usb/dvb-usb/technisat-usb2.c
+@@ -87,8 +87,11 @@ struct technisat_usb2_state {
+ static int technisat_usb2_i2c_access(struct usb_device *udev,
+ 		u8 device_addr, u8 *tx, u8 txlen, u8 *rx, u8 rxlen)
+ {
+-	u8 b[64];
+-	int ret, actual_length;
++	u8 *b = kmalloc(64, GFP_KERNEL);
++	int ret, actual_length, error = 0;
++
++	if (b == NULL)
++		return -ENOMEM;
+ 
+ 	deb_i2c("i2c-access: %02x, tx: ", device_addr);
+ 	debug_dump(tx, txlen, deb_i2c);
+@@ -121,7 +124,8 @@ static int technisat_usb2_i2c_access(struct usb_device *udev,
+ 
+ 	if (ret < 0) {
+ 		err("i2c-error: out failed %02x = %d", device_addr, ret);
+-		return -ENODEV;
++		error = -ENODEV;
++		goto out;
+ 	}
+ 
+ 	ret = usb_bulk_msg(udev,
+@@ -129,7 +133,8 @@ static int technisat_usb2_i2c_access(struct usb_device *udev,
+ 			b, 64, &actual_length, 1000);
+ 	if (ret < 0) {
+ 		err("i2c-error: in failed %02x = %d", device_addr, ret);
+-		return -ENODEV;
++		error = -ENODEV;
++		goto out;
+ 	}
+ 
+ 	if (b[0] != I2C_STATUS_OK) {
+@@ -137,8 +142,10 @@ static int technisat_usb2_i2c_access(struct usb_device *udev,
+ 		/* handle tuner-i2c-nak */
+ 		if (!(b[0] == I2C_STATUS_NAK &&
+ 				device_addr == 0x60
+-				/* && device_is_technisat_usb2 */))
+-			return -ENODEV;
++				/* && device_is_technisat_usb2 */)) {
++			error = -ENODEV;
++			goto out;
++		}
+ 	}
+ 
+ 	deb_i2c("status: %d, ", b[0]);
+@@ -152,7 +159,9 @@ static int technisat_usb2_i2c_access(struct usb_device *udev,
+ 
+ 	deb_i2c("\n");
+ 
+-	return 0;
++out:
++	kfree(b);
++	return error;
+ }
+ 
+ static int technisat_usb2_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msg,
+@@ -224,14 +233,16 @@ static int technisat_usb2_set_led(struct dvb_usb_device *d, int red, enum techni
+ {
+ 	int ret;
+ 
+-	u8 led[8] = {
+-		red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
+-		0
+-	};
++	u8 *led = kzalloc(8, GFP_KERNEL);
++
++	if (led == NULL)
++		return -ENOMEM;
+ 
+ 	if (disable_led_control && state != LED_OFF)
+ 		return 0;
+ 
++	led[0] = red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST;
++
+ 	switch (state) {
+ 	case LED_ON:
+ 		led[1] = 0x82;
+@@ -263,16 +274,22 @@ static int technisat_usb2_set_led(struct dvb_usb_device *d, int red, enum techni
+ 		red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
+ 		USB_TYPE_VENDOR | USB_DIR_OUT,
+ 		0, 0,
+-		led, sizeof(led), 500);
++		led, 8, 500);
+ 
+ 	mutex_unlock(&d->i2c_mutex);
++
++	kfree(led);
++
+ 	return ret;
+ }
+ 
+ static int technisat_usb2_set_led_timer(struct dvb_usb_device *d, u8 red, u8 green)
+ {
+ 	int ret;
+-	u8 b = 0;
++	u8 *b = kzalloc(1, GFP_KERNEL);
++
++	if (b == NULL)
++		return -ENOMEM;
+ 
+ 	if (mutex_lock_interruptible(&d->i2c_mutex) < 0)
+ 		return -EAGAIN;
+@@ -281,10 +298,12 @@ static int technisat_usb2_set_led_timer(struct dvb_usb_device *d, u8 red, u8 gre
+ 		SET_LED_TIMER_DIVIDER_VENDOR_REQUEST,
+ 		USB_TYPE_VENDOR | USB_DIR_OUT,
+ 		(red << 8) | green, 0,
+-		&b, 1, 500);
++		b, 1, 500);
+ 
+ 	mutex_unlock(&d->i2c_mutex);
+ 
++	kfree(b);
++
+ 	return ret;
+ }
+ 
+@@ -328,7 +347,7 @@ static int technisat_usb2_identify_state(struct usb_device *udev,
+ 		struct dvb_usb_device_description **desc, int *cold)
+ {
+ 	int ret;
+-	u8 version[3];
++	u8 *version = kmalloc(3, GFP_KERNEL);
+ 
+ 	/* first select the interface */
+ 	if (usb_set_interface(udev, 0, 1) != 0)
+@@ -338,11 +357,14 @@ static int technisat_usb2_identify_state(struct usb_device *udev,
+ 
+ 	*cold = 0; /* by default do not download a firmware - just in case something is wrong */
+ 
++	if (version == NULL)
++		return 0;
++
+ 	ret = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
+ 		GET_VERSION_INFO_VENDOR_REQUEST,
+ 		USB_TYPE_VENDOR | USB_DIR_IN,
+ 		0, 0,
+-		version, sizeof(version), 500);
++		version, 3, 500);
+ 
+ 	if (ret < 0)
+ 		*cold = 1;
+@@ -351,6 +373,8 @@ static int technisat_usb2_identify_state(struct usb_device *udev,
+ 		*cold = 0;
+ 	}
+ 
++	kfree(version);
++
+ 	return 0;
+ }
+ 
+@@ -591,10 +615,15 @@ static int technisat_usb2_frontend_attach(struct dvb_usb_adapter *a)
+ 
+ static int technisat_usb2_get_ir(struct dvb_usb_device *d)
+ {
+-	u8 buf[62], *b;
++	u8 *buf, *b;
+ 	int ret;
+ 	struct ir_raw_event ev;
+ 
++	buf = kmalloc(62, GFP_KERNEL);
++
++	if (buf == NULL)
++		return -ENOMEM;
++
+ 	buf[0] = GET_IR_DATA_VENDOR_REQUEST;
+ 	buf[1] = 0x08;
+ 	buf[2] = 0x8f;
+@@ -617,16 +646,20 @@ static int technisat_usb2_get_ir(struct dvb_usb_device *d)
+ 			GET_IR_DATA_VENDOR_REQUEST,
+ 			USB_TYPE_VENDOR | USB_DIR_IN,
+ 			0x8080, 0,
+-			buf, sizeof(buf), 500);
++			buf, 62, 500);
+ 
+ unlock:
+ 	mutex_unlock(&d->i2c_mutex);
+ 
+-	if (ret < 0)
++	if (ret < 0) {
++		kfree(buf);
+ 		return ret;
++	}
+ 
+-	if (ret == 1)
++	if (ret == 1) {
++		kfree(buf);
+ 		return 0; /* no key pressed */
++	}
+ 
+ 	/* decoding */
+ 	b = buf+1;
+@@ -653,6 +686,8 @@ unlock:
+ 
+ 	ir_raw_event_handle(d->rc_dev);
+ 
++	kfree(buf);
++
+ 	return 1;
+ }
+ 
 diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
 index fca336b..fb70ab7 100644
 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -52838,6 +53044,36 @@ index 7ae0c4d..35521b7 100644
  	retval = submit_single_step_set_feature(hcd, urb, 0);
  	if (!retval && !wait_for_completion_timeout(&done,
  						msecs_to_jiffies(2000))) {
+diff --git a/drivers/usb/host/hwa-hc.c b/drivers/usb/host/hwa-hc.c
+index e076699..6b3b875 100644
+--- a/drivers/usb/host/hwa-hc.c
++++ b/drivers/usb/host/hwa-hc.c
+@@ -301,7 +301,10 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8 stream_index,
+ 	struct hwahc *hwahc = container_of(wusbhc, struct hwahc, wusbhc);
+ 	struct wahc *wa = &hwahc->wa;
+ 	struct device *dev = &wa->usb_iface->dev;
+-	u8 mas_le[UWB_NUM_MAS/8];
++	u8 *mas_le = kmalloc(UWB_NUM_MAS/8, GFP_KERNEL);
++
++	if (mas_le == NULL)
++		return -ENOMEM;
+ 
+ 	/* Set the stream index */
+ 	result = usb_control_msg(wa->usb_dev, usb_sndctrlpipe(wa->usb_dev, 0),
+@@ -320,10 +323,12 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8 stream_index,
+ 			WUSB_REQ_SET_WUSB_MAS,
+ 			USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
+ 			0, wa->usb_iface->cur_altsetting->desc.bInterfaceNumber,
+-			mas_le, 32, USB_CTRL_SET_TIMEOUT);
++			mas_le, UWB_NUM_MAS/8, USB_CTRL_SET_TIMEOUT);
+ 	if (result < 0)
+ 		dev_err(dev, "Cannot set WUSB MAS allocation: %d\n", result);
+ out:
++	kfree(mas_le);
++
+ 	return result;
+ }
+ 
 diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c
 index ba6a5d6..f88f7f3 100644
 --- a/drivers/usb/misc/appledisplay.c
@@ -112196,10 +112432,10 @@ index 0000000..88469e9
 +
 diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
 new file mode 100644
-index 0000000..f8f5dd5
+index 0000000..715a590
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
-@@ -0,0 +1,1133 @@
+@@ -0,0 +1,1141 @@
 +/*
 + * Copyright 2011-2014 by Emese Revfy <re.emese@gmail.com>
 + * Licensed under the GPL v2, or (at your option) v3
@@ -112414,7 +112650,7 @@ index 0000000..f8f5dd5
 +}
 +
 +enum conditions {
-+	FROM_CONST, NOT_UNARY, CAST
++	FROM_CONST, NOT_UNARY, CAST, RET, PHI
 +};
 +
 +// Search for constants, cast assignments and binary/ternary assignments
@@ -112434,11 +112670,15 @@ index 0000000..f8f5dd5
 +		return;
 +
 +	switch (gimple_code(def_stmt)) {
-+	case GIMPLE_NOP:
 +	case GIMPLE_CALL:
++		if (lhs == gimple_return_retval(def_stmt))
++			interesting_conditions[RET] = true;
++		return;
++	case GIMPLE_NOP:
 +	case GIMPLE_ASM:
 +		return;
 +	case GIMPLE_PHI:
++		interesting_conditions[PHI] = true;
 +		return walk_phi_set_conditions(visited, interesting_conditions, lhs);
 +	case GIMPLE_ASSIGN:
 +		if (gimple_num_ops(def_stmt) == 2) {
@@ -112656,11 +112896,11 @@ index 0000000..f8f5dd5
 +/* If there is a mark_turn_off intentional attribute on the caller or the callee then there is no duplication and missing size_overflow attribute check anywhere.
 + * There is only missing size_overflow attribute checking if the intentional_overflow attribute is the mark_no type.
 + * Stmt duplication is unnecessary if there are no binary/ternary assignements or if the unary assignment isn't a cast.
-+ * It skips the possible error codes too. If the def_stmts trace back to a constant and there are no binary/ternary assigments then we assume that it is some kind of error code.
++ * It skips the possible error codes too.
 + */
 +static enum precond check_preconditions(struct interesting_node *cur_node)
 +{
-+	bool interesting_conditions[3] = {false, false, false};
++	bool interesting_conditions[5] = {false, false, false, false, false};
 +
 +	set_last_nodes(cur_node);
 +
@@ -112670,7 +112910,11 @@ index 0000000..f8f5dd5
 +
 +	search_interesting_conditions(cur_node, interesting_conditions);
 +
-+	// error code
++	// error code: a phi, unary assign (not cast) and returns only
++	if (!interesting_conditions[NOT_UNARY] && interesting_conditions[PHI] && interesting_conditions[RET] && !interesting_conditions[CAST])
++		return NO_ATTRIBUTE_SEARCH;
++
++	// error code: def_stmts trace back to a constant and there are no binary/ternary assigments
 +	if (interesting_conditions[CAST] && interesting_conditions[FROM_CONST] && !interesting_conditions[NOT_UNARY])
 +		return NO_ATTRIBUTE_SEARCH;
 +
@@ -120774,7 +121018,7 @@ index 0000000..560cd7b
 +zpios_read_64734 zpios_read 3 64734 NULL
 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
 new file mode 100644
-index 0000000..e6fe17b
+index 0000000..a15328d
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
 @@ -0,0 +1,259 @@
@@ -120810,7 +121054,7 @@ index 0000000..e6fe17b
 +tree size_overflow_type_TI;
 +
 +static struct plugin_info size_overflow_plugin_info = {
-+	.version	= "20140517",
++	.version	= "20140713",
 +	.help		= "no-size-overflow\tturn off size overflow checking\n",
 +};
 +
diff --git a/3.15.5/0000_README b/3.15.5/0000_README
index a26acbb..9e0b7a5 100644
--- a/3.15.5/0000_README
+++ b/3.15.5/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_
+Patch:	4420_grsecurity-3.0-3.15.5-201407142248.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.15.5/4420_grsecurity-3.0-3.15.5-201407100036.patch b/3.15.5/4420_grsecurity-3.0-3.15.5-201407142248.patch
index 9936204..7c383ca 100644
--- a/3.15.5/4420_grsecurity-3.0-3.15.5-201407100036.patch
+++ b/3.15.5/4420_grsecurity-3.0-3.15.5-201407142248.patch
@@ -38292,7 +38292,7 @@ index 51e75ad..39c4c76 100644
  
  static int gdrom_bdops_open(struct block_device *bdev, fmode_t mode)
 diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
-index 6e9f74a..50c7ceae 100644
+index 6e9f74a..50c7cea 100644
 --- a/drivers/char/Kconfig
 +++ b/drivers/char/Kconfig
 @@ -8,7 +8,8 @@ source "drivers/tty/Kconfig"
@@ -44619,6 +44619,212 @@ index ae0f56a..ec71784 100644
  
  /* debug */
  static int dvb_usb_dw2102_debug;
+diff --git a/drivers/media/usb/dvb-usb/technisat-usb2.c b/drivers/media/usb/dvb-usb/technisat-usb2.c
+index 98d24ae..bc22415 100644
+--- a/drivers/media/usb/dvb-usb/technisat-usb2.c
++++ b/drivers/media/usb/dvb-usb/technisat-usb2.c
+@@ -87,8 +87,11 @@ struct technisat_usb2_state {
+ static int technisat_usb2_i2c_access(struct usb_device *udev,
+ 		u8 device_addr, u8 *tx, u8 txlen, u8 *rx, u8 rxlen)
+ {
+-	u8 b[64];
+-	int ret, actual_length;
++	u8 *b = kmalloc(64, GFP_KERNEL);
++	int ret, actual_length, error = 0;
++
++	if (b == NULL)
++		return -ENOMEM;
+ 
+ 	deb_i2c("i2c-access: %02x, tx: ", device_addr);
+ 	debug_dump(tx, txlen, deb_i2c);
+@@ -121,7 +124,8 @@ static int technisat_usb2_i2c_access(struct usb_device *udev,
+ 
+ 	if (ret < 0) {
+ 		err("i2c-error: out failed %02x = %d", device_addr, ret);
+-		return -ENODEV;
++		error = -ENODEV;
++		goto out;
+ 	}
+ 
+ 	ret = usb_bulk_msg(udev,
+@@ -129,7 +133,8 @@ static int technisat_usb2_i2c_access(struct usb_device *udev,
+ 			b, 64, &actual_length, 1000);
+ 	if (ret < 0) {
+ 		err("i2c-error: in failed %02x = %d", device_addr, ret);
+-		return -ENODEV;
++		error = -ENODEV;
++		goto out;
+ 	}
+ 
+ 	if (b[0] != I2C_STATUS_OK) {
+@@ -137,8 +142,10 @@ static int technisat_usb2_i2c_access(struct usb_device *udev,
+ 		/* handle tuner-i2c-nak */
+ 		if (!(b[0] == I2C_STATUS_NAK &&
+ 				device_addr == 0x60
+-				/* && device_is_technisat_usb2 */))
+-			return -ENODEV;
++				/* && device_is_technisat_usb2 */)) {
++			error = -ENODEV;
++			goto out;
++		}
+ 	}
+ 
+ 	deb_i2c("status: %d, ", b[0]);
+@@ -152,7 +159,9 @@ static int technisat_usb2_i2c_access(struct usb_device *udev,
+ 
+ 	deb_i2c("\n");
+ 
+-	return 0;
++out:
++	kfree(b);
++	return error;
+ }
+ 
+ static int technisat_usb2_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msg,
+@@ -224,14 +233,16 @@ static int technisat_usb2_set_led(struct dvb_usb_device *d, int red, enum techni
+ {
+ 	int ret;
+ 
+-	u8 led[8] = {
+-		red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
+-		0
+-	};
++	u8 *led = kzalloc(8, GFP_KERNEL);
++
++	if (led == NULL)
++		return -ENOMEM;
+ 
+ 	if (disable_led_control && state != LED_OFF)
+ 		return 0;
+ 
++	led[0] = red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST;
++
+ 	switch (state) {
+ 	case LED_ON:
+ 		led[1] = 0x82;
+@@ -263,16 +274,22 @@ static int technisat_usb2_set_led(struct dvb_usb_device *d, int red, enum techni
+ 		red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
+ 		USB_TYPE_VENDOR | USB_DIR_OUT,
+ 		0, 0,
+-		led, sizeof(led), 500);
++		led, 8, 500);
+ 
+ 	mutex_unlock(&d->i2c_mutex);
++
++	kfree(led);
++
+ 	return ret;
+ }
+ 
+ static int technisat_usb2_set_led_timer(struct dvb_usb_device *d, u8 red, u8 green)
+ {
+ 	int ret;
+-	u8 b = 0;
++	u8 *b = kzalloc(1, GFP_KERNEL);
++
++	if (b == NULL)
++		return -ENOMEM;
+ 
+ 	if (mutex_lock_interruptible(&d->i2c_mutex) < 0)
+ 		return -EAGAIN;
+@@ -281,10 +298,12 @@ static int technisat_usb2_set_led_timer(struct dvb_usb_device *d, u8 red, u8 gre
+ 		SET_LED_TIMER_DIVIDER_VENDOR_REQUEST,
+ 		USB_TYPE_VENDOR | USB_DIR_OUT,
+ 		(red << 8) | green, 0,
+-		&b, 1, 500);
++		b, 1, 500);
+ 
+ 	mutex_unlock(&d->i2c_mutex);
+ 
++	kfree(b);
++
+ 	return ret;
+ }
+ 
+@@ -328,7 +347,7 @@ static int technisat_usb2_identify_state(struct usb_device *udev,
+ 		struct dvb_usb_device_description **desc, int *cold)
+ {
+ 	int ret;
+-	u8 version[3];
++	u8 *version = kmalloc(3, GFP_KERNEL);
+ 
+ 	/* first select the interface */
+ 	if (usb_set_interface(udev, 0, 1) != 0)
+@@ -338,11 +357,14 @@ static int technisat_usb2_identify_state(struct usb_device *udev,
+ 
+ 	*cold = 0; /* by default do not download a firmware - just in case something is wrong */
+ 
++	if (version == NULL)
++		return 0;
++
+ 	ret = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
+ 		GET_VERSION_INFO_VENDOR_REQUEST,
+ 		USB_TYPE_VENDOR | USB_DIR_IN,
+ 		0, 0,
+-		version, sizeof(version), 500);
++		version, 3, 500);
+ 
+ 	if (ret < 0)
+ 		*cold = 1;
+@@ -351,6 +373,8 @@ static int technisat_usb2_identify_state(struct usb_device *udev,
+ 		*cold = 0;
+ 	}
+ 
++	kfree(version);
++
+ 	return 0;
+ }
+ 
+@@ -591,10 +615,15 @@ static int technisat_usb2_frontend_attach(struct dvb_usb_adapter *a)
+ 
+ static int technisat_usb2_get_ir(struct dvb_usb_device *d)
+ {
+-	u8 buf[62], *b;
++	u8 *buf, *b;
+ 	int ret;
+ 	struct ir_raw_event ev;
+ 
++	buf = kmalloc(62, GFP_KERNEL);
++
++	if (buf == NULL)
++		return -ENOMEM;
++
+ 	buf[0] = GET_IR_DATA_VENDOR_REQUEST;
+ 	buf[1] = 0x08;
+ 	buf[2] = 0x8f;
+@@ -617,16 +646,20 @@ static int technisat_usb2_get_ir(struct dvb_usb_device *d)
+ 			GET_IR_DATA_VENDOR_REQUEST,
+ 			USB_TYPE_VENDOR | USB_DIR_IN,
+ 			0x8080, 0,
+-			buf, sizeof(buf), 500);
++			buf, 62, 500);
+ 
+ unlock:
+ 	mutex_unlock(&d->i2c_mutex);
+ 
+-	if (ret < 0)
++	if (ret < 0) {
++		kfree(buf);
+ 		return ret;
++	}
+ 
+-	if (ret == 1)
++	if (ret == 1) {
++		kfree(buf);
+ 		return 0; /* no key pressed */
++	}
+ 
+ 	/* decoding */
+ 	b = buf+1;
+@@ -653,6 +686,8 @@ unlock:
+ 
+ 	ir_raw_event_handle(d->rc_dev);
+ 
++	kfree(buf);
++
+ 	return 1;
+ }
+ 
 diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
 index 7e2411c..cef73ca 100644
 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -52211,6 +52417,36 @@ index 7ae0c4d..35521b7 100644
  	retval = submit_single_step_set_feature(hcd, urb, 0);
  	if (!retval && !wait_for_completion_timeout(&done,
  						msecs_to_jiffies(2000))) {
+diff --git a/drivers/usb/host/hwa-hc.c b/drivers/usb/host/hwa-hc.c
+index d0d8fad..668ef7b 100644
+--- a/drivers/usb/host/hwa-hc.c
++++ b/drivers/usb/host/hwa-hc.c
+@@ -337,7 +337,10 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8 stream_index,
+ 	struct hwahc *hwahc = container_of(wusbhc, struct hwahc, wusbhc);
+ 	struct wahc *wa = &hwahc->wa;
+ 	struct device *dev = &wa->usb_iface->dev;
+-	u8 mas_le[UWB_NUM_MAS/8];
++	u8 *mas_le = kmalloc(UWB_NUM_MAS/8, GFP_KERNEL);
++
++	if (mas_le == NULL)
++		return -ENOMEM;
+ 
+ 	/* Set the stream index */
+ 	result = usb_control_msg(wa->usb_dev, usb_sndctrlpipe(wa->usb_dev, 0),
+@@ -356,10 +359,12 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8 stream_index,
+ 			WUSB_REQ_SET_WUSB_MAS,
+ 			USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
+ 			0, wa->usb_iface->cur_altsetting->desc.bInterfaceNumber,
+-			mas_le, 32, USB_CTRL_SET_TIMEOUT);
++			mas_le, UWB_NUM_MAS/8, USB_CTRL_SET_TIMEOUT);
+ 	if (result < 0)
+ 		dev_err(dev, "Cannot set WUSB MAS allocation: %d\n", result);
+ out:
++	kfree(mas_le);
++
+ 	return result;
+ }
+ 
 diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c
 index ba6a5d6..f88f7f3 100644
 --- a/drivers/usb/misc/appledisplay.c
@@ -59438,7 +59674,7 @@ index 04434ad..6404663 100644
  		       "MMP failure info: last update time: %llu, last update "
  		       "node: %s, last update device: %s\n",
 diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index 6f9e6fa..5431c02 100644
+index 6f9e6fa..d0ebdb7 100644
 --- a/fs/ext4/super.c
 +++ b/fs/ext4/super.c
 @@ -1275,7 +1275,7 @@ static ext4_fsblk_t get_sb_block(void **data)
@@ -59459,6 +59695,114 @@ index 6f9e6fa..5431c02 100644
  
  static int parse_strtoull(const char *buf,
  		unsigned long long max, unsigned long long *value)
+@@ -3869,38 +3869,19 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
+ 			goto failed_mount2;
+ 		}
+ 	}
+-
+-	/*
+-	 * set up enough so that it can read an inode,
+-	 * and create new inode for buddy allocator
+-	 */
+-	sbi->s_gdb_count = db_count;
+-	if (!test_opt(sb, NOLOAD) &&
+-	    EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL))
+-		sb->s_op = &ext4_sops;
+-	else
+-		sb->s_op = &ext4_nojournal_sops;
+-
+-	ext4_ext_init(sb);
+-	err = ext4_mb_init(sb);
+-	if (err) {
+-		ext4_msg(sb, KERN_ERR, "failed to initialize mballoc (%d)",
+-			 err);
+-		goto failed_mount2;
+-	}
+-
+ 	if (!ext4_check_descriptors(sb, &first_not_zeroed)) {
+ 		ext4_msg(sb, KERN_ERR, "group descriptors corrupted!");
+-		goto failed_mount2a;
++		goto failed_mount2;
+ 	}
+ 	if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG))
+ 		if (!ext4_fill_flex_info(sb)) {
+ 			ext4_msg(sb, KERN_ERR,
+ 			       "unable to initialize "
+ 			       "flex_bg meta info!");
+-			goto failed_mount2a;
++			goto failed_mount2;
+ 		}
+ 
++	sbi->s_gdb_count = db_count;
+ 	get_random_bytes(&sbi->s_next_generation, sizeof(u32));
+ 	spin_lock_init(&sbi->s_next_gen_lock);
+ 
+@@ -3935,6 +3916,14 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
+ 	sbi->s_stripe = ext4_get_stripe_size(sbi);
+ 	sbi->s_extent_max_zeroout_kb = 32;
+ 
++	/*
++	 * set up enough so that it can read an inode
++	 */
++	if (!test_opt(sb, NOLOAD) &&
++	    EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL))
++		sb->s_op = &ext4_sops;
++	else
++		sb->s_op = &ext4_nojournal_sops;
+ 	sb->s_export_op = &ext4_export_ops;
+ 	sb->s_xattr = ext4_xattr_handlers;
+ #ifdef CONFIG_QUOTA
+@@ -4124,13 +4113,21 @@ no_journal:
+ 	if (err) {
+ 		ext4_msg(sb, KERN_ERR, "failed to reserve %llu clusters for "
+ 			 "reserved pool", ext4_calculate_resv_clusters(sb));
+-		goto failed_mount5;
++		goto failed_mount4a;
+ 	}
+ 
+ 	err = ext4_setup_system_zone(sb);
+ 	if (err) {
+ 		ext4_msg(sb, KERN_ERR, "failed to initialize system "
+ 			 "zone (%d)", err);
++		goto failed_mount4a;
++	}
++
++	ext4_ext_init(sb);
++	err = ext4_mb_init(sb);
++	if (err) {
++		ext4_msg(sb, KERN_ERR, "failed to initialize mballoc (%d)",
++			 err);
+ 		goto failed_mount5;
+ 	}
+ 
+@@ -4207,8 +4204,11 @@ failed_mount8:
+ failed_mount7:
+ 	ext4_unregister_li_request(sb);
+ failed_mount6:
+-	ext4_release_system_zone(sb);
++	ext4_mb_release(sb);
+ failed_mount5:
++	ext4_ext_release(sb);
++	ext4_release_system_zone(sb);
++failed_mount4a:
+ 	dput(sb->s_root);
+ 	sb->s_root = NULL;
+ failed_mount4:
+@@ -4232,14 +4232,11 @@ failed_mount3:
+ 	percpu_counter_destroy(&sbi->s_extent_cache_cnt);
+ 	if (sbi->s_mmp_tsk)
+ 		kthread_stop(sbi->s_mmp_tsk);
+-failed_mount2a:
+-	ext4_mb_release(sb);
+ failed_mount2:
+ 	for (i = 0; i < db_count; i++)
+ 		brelse(sbi->s_group_desc[i]);
+ 	ext4_kvfree(sbi->s_group_desc);
+ failed_mount:
+-	ext4_ext_release(sb);
+ 	if (sbi->s_chksum_driver)
+ 		crypto_free_shash(sbi->s_chksum_driver);
+ 	if (sbi->s_proc) {
 diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
 index 4eec399..1d9444c 100644
 --- a/fs/ext4/xattr.c
@@ -106719,6 +107063,13 @@ index 7778b8e..3d619fc 100644
  };
  
  
+diff --git a/tools/gcc/.gitignore b/tools/gcc/.gitignore
+new file mode 100644
+index 0000000..de92ed9
+--- /dev/null
++++ b/tools/gcc/.gitignore
+@@ -0,0 +1 @@
++randomize_layout_seed.h
 diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile
 new file mode 100644
 index 0000000..7b8921f
@@ -111977,10 +112328,10 @@ index 0000000..88469e9
 +
 diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
 new file mode 100644
-index 0000000..f8f5dd5
+index 0000000..715a590
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
-@@ -0,0 +1,1133 @@
+@@ -0,0 +1,1141 @@
 +/*
 + * Copyright 2011-2014 by Emese Revfy <re.emese@gmail.com>
 + * Licensed under the GPL v2, or (at your option) v3
@@ -112195,7 +112546,7 @@ index 0000000..f8f5dd5
 +}
 +
 +enum conditions {
-+	FROM_CONST, NOT_UNARY, CAST
++	FROM_CONST, NOT_UNARY, CAST, RET, PHI
 +};
 +
 +// Search for constants, cast assignments and binary/ternary assignments
@@ -112215,11 +112566,15 @@ index 0000000..f8f5dd5
 +		return;
 +
 +	switch (gimple_code(def_stmt)) {
-+	case GIMPLE_NOP:
 +	case GIMPLE_CALL:
++		if (lhs == gimple_return_retval(def_stmt))
++			interesting_conditions[RET] = true;
++		return;
++	case GIMPLE_NOP:
 +	case GIMPLE_ASM:
 +		return;
 +	case GIMPLE_PHI:
++		interesting_conditions[PHI] = true;
 +		return walk_phi_set_conditions(visited, interesting_conditions, lhs);
 +	case GIMPLE_ASSIGN:
 +		if (gimple_num_ops(def_stmt) == 2) {
@@ -112437,11 +112792,11 @@ index 0000000..f8f5dd5
 +/* If there is a mark_turn_off intentional attribute on the caller or the callee then there is no duplication and missing size_overflow attribute check anywhere.
 + * There is only missing size_overflow attribute checking if the intentional_overflow attribute is the mark_no type.
 + * Stmt duplication is unnecessary if there are no binary/ternary assignements or if the unary assignment isn't a cast.
-+ * It skips the possible error codes too. If the def_stmts trace back to a constant and there are no binary/ternary assigments then we assume that it is some kind of error code.
++ * It skips the possible error codes too.
 + */
 +static enum precond check_preconditions(struct interesting_node *cur_node)
 +{
-+	bool interesting_conditions[3] = {false, false, false};
++	bool interesting_conditions[5] = {false, false, false, false, false};
 +
 +	set_last_nodes(cur_node);
 +
@@ -112451,7 +112806,11 @@ index 0000000..f8f5dd5
 +
 +	search_interesting_conditions(cur_node, interesting_conditions);
 +
-+	// error code
++	// error code: a phi, unary assign (not cast) and returns only
++	if (!interesting_conditions[NOT_UNARY] && interesting_conditions[PHI] && interesting_conditions[RET] && !interesting_conditions[CAST])
++		return NO_ATTRIBUTE_SEARCH;
++
++	// error code: def_stmts trace back to a constant and there are no binary/ternary assigments
 +	if (interesting_conditions[CAST] && interesting_conditions[FROM_CONST] && !interesting_conditions[NOT_UNARY])
 +		return NO_ATTRIBUTE_SEARCH;
 +
@@ -114463,10 +114822,10 @@ index 0000000..4378111
 +}
 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
 new file mode 100644
-index 0000000..386f2d1
+index 0000000..386792a
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,5801 @@
+@@ -0,0 +1,5808 @@
 +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
 +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
 +compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL
@@ -115413,6 +115772,7 @@ index 0000000..386f2d1
 +page_offset_11120 page_offset 0 11120 NULL
 +cea_db_payload_len_11124 cea_db_payload_len 0 11124 NULL nohasharray
 +tracing_buffers_read_11124 tracing_buffers_read 3 11124 &cea_db_payload_len_11124
++alloc_alien_cache_11127 alloc_alien_cache 2 11127 NULL
 +snd_gf1_pcm_playback_silence_11172 snd_gf1_pcm_playback_silence 3-4 11172 NULL
 +il_dbgfs_rx_queue_read_11221 il_dbgfs_rx_queue_read 3 11221 NULL
 +comedi_alloc_spriv_11234 comedi_alloc_spriv 2 11234 NULL
@@ -115755,6 +116115,7 @@ index 0000000..386f2d1
 +__kfifo_in_14797 __kfifo_in 3-0 14797 NULL
 +hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray
 +snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801
++do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL
 +mrp_attr_create_14853 mrp_attr_create 3 14853 NULL
 +lcd_write_14857 lcd_write 3 14857 NULL
 +get_user_cpu_mask_14861 get_user_cpu_mask 2 14861 NULL
@@ -116065,6 +116426,7 @@ index 0000000..386f2d1
 +__ceph_getxattr_18386 __ceph_getxattr 0 18386 NULL
 +ci_role_write_18388 ci_role_write 3 18388 NULL
 +adis16136_show_serial_18402 adis16136_show_serial 3 18402 NULL
++rtl8169_rx_fill_18416 rtl8169_rx_fill 0 18416 NULL
 +memblock_virt_alloc_node_nopanic_18431 memblock_virt_alloc_node_nopanic 1 18431 NULL
 +iscsi_create_flashnode_sess_18433 iscsi_create_flashnode_sess 4 18433 NULL
 +snd_hda_get_connections_18437 snd_hda_get_connections 0 18437 NULL
@@ -116083,7 +116445,8 @@ index 0000000..386f2d1
 +sas_change_queue_depth_18555 sas_change_queue_depth 2 18555 NULL
 +smk_write_rules_list_18565 smk_write_rules_list 3 18565 NULL
 +debug_output_18575 debug_output 3 18575 NULL
-+filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL
++filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL nohasharray
++slabinfo_write_18600 slabinfo_write 3 18600 &filemap_fdatawait_range_18600
 +iowarrior_write_18604 iowarrior_write 3 18604 NULL
 +from_buffer_18625 from_buffer 3 18625 NULL
 +snd_pcm_oss_write3_18657 snd_pcm_oss_write3 0-3 18657 NULL
@@ -118644,6 +119007,7 @@ index 0000000..386f2d1
 +mcp23s17_read_regs_47491 mcp23s17_read_regs 4 47491 NULL
 +core_sys_select_47494 core_sys_select 1 47494 NULL
 +as3722_block_write_47503 as3722_block_write 2-3 47503 NULL
++alloc_arraycache_47505 alloc_arraycache 2 47505 NULL
 +unlink_simple_47506 unlink_simple 3 47506 NULL
 +pstore_decompress_47510 pstore_decompress 0 47510 NULL
 +__proc_lnet_portal_rotor_47529 __proc_lnet_portal_rotor 5 47529 NULL
@@ -119438,6 +119802,7 @@ index 0000000..386f2d1
 +btrfs_clone_55977 btrfs_clone 5-3 55977 NULL
 +wa_xfer_create_subset_sg_55992 wa_xfer_create_subset_sg 3-2 55992 NULL
 +nvme_alloc_iod_56027 nvme_alloc_iod 1-2 56027 NULL
++rtl8169_init_ring_56028 rtl8169_init_ring 0 56028 NULL
 +usb_ocp_write_56047 usb_ocp_write 4 56047 NULL
 +dccp_sendmsg_56058 dccp_sendmsg 4 56058 NULL
 +pscsi_get_bio_56103 pscsi_get_bio 1 56103 NULL
@@ -119946,6 +120311,7 @@ index 0000000..386f2d1
 +snd_pcm_playback_avail_61671 snd_pcm_playback_avail 0 61671 NULL
 +qib_format_hwmsg_61679 qib_format_hwmsg 2 61679 NULL
 +lock_loop_61681 lock_loop 1 61681 NULL
++__do_tune_cpucache_61684 __do_tune_cpucache 2 61684 NULL
 +filter_read_61692 filter_read 3 61692 NULL
 +iov_length_61716 iov_length 0 61716 NULL
 +fragmentation_threshold_read_61718 fragmentation_threshold_read 3 61718 NULL
@@ -120368,7 +120734,7 @@ index 0000000..560cd7b
 +zpios_read_64734 zpios_read 3 64734 NULL
 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
 new file mode 100644
-index 0000000..e6fe17b
+index 0000000..a15328d
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
 @@ -0,0 +1,259 @@
@@ -120404,7 +120770,7 @@ index 0000000..e6fe17b
 +tree size_overflow_type_TI;
 +
 +static struct plugin_info size_overflow_plugin_info = {
-+	.version	= "20140517",
++	.version	= "20140713",
 +	.help		= "no-size-overflow\tturn off size overflow checking\n",
 +};
 +
diff --git a/3.2.61/0000_README b/3.2.61/0000_README
index bba0edb..cf7c1aa 100644
--- a/3.2.61/0000_README
+++ b/3.2.61/0000_README
@@ -162,7 +162,7 @@ Patch:	1060_linux-3.2.61.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.61
 
-Patch:	4420_grsecurity-3.0-3.2.61-201407112156.patch
+Patch:	4420_grsecurity-3.0-3.2.61-201407132023.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.61/4420_grsecurity-3.0-3.2.61-201407112156.patch b/3.2.61/4420_grsecurity-3.0-3.2.61-201407132023.patch
index 76786c9..936d3f8 100644
--- a/3.2.61/4420_grsecurity-3.0-3.2.61-201407112156.patch
+++ b/3.2.61/4420_grsecurity-3.0-3.2.61-201407132023.patch
@@ -44492,7 +44492,7 @@ index ee1aab0..7d4fd21 100644
  		if (copy_from_user(&ifr, argp, ifreq_len))
  			return -EFAULT;
 diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
-index 304fe78..db112fa 100644
+index 304fe78..e505bdd 100644
 --- a/drivers/net/usb/hso.c
 +++ b/drivers/net/usb/hso.c
 @@ -71,7 +71,7 @@
@@ -44582,7 +44582,33 @@ index 304fe78..db112fa 100644
  					/* Setup and send a ctrl req read on
  					 * port i */
  					if (!serial->rx_urb_filled[0]) {
-@@ -3098,7 +3097,7 @@ static int hso_resume(struct usb_interface *iface)
+@@ -2857,13 +2856,16 @@ exit:
+ static int hso_get_config_data(struct usb_interface *interface)
+ {
+ 	struct usb_device *usbdev = interface_to_usbdev(interface);
+-	u8 config_data[17];
++	u8 *config_data = kmalloc(17, GFP_KERNEL);
+ 	u32 if_num = interface->altsetting->desc.bInterfaceNumber;
+ 	s32 result;
+ 
++	if (!config_data)
++		return -ENOMEM;
+ 	if (usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
+ 			    0x86, 0xC0, 0, 0, config_data, 17,
+ 			    USB_CTRL_SET_TIMEOUT) != 0x11) {
++		kfree(config_data);
+ 		return -EIO;
+ 	}
+ 
+@@ -2914,6 +2916,7 @@ static int hso_get_config_data(struct usb_interface *interface)
+ 	if (config_data[16] & 0x1)
+ 		result |= HSO_INFO_CRC_BUG;
+ 
++	kfree(config_data);
+ 	return result;
+ }
+ 
+@@ -3098,7 +3101,7 @@ static int hso_resume(struct usb_interface *iface)
  	/* Start all serial ports */
  	for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) {
  		if (serial_table[i] && (serial_table[i]->interface == iface)) {
@@ -50281,6 +50307,36 @@ index 7138540..2370195 100644
  
  /*----------------------------------------------------------------------*/
  
+diff --git a/drivers/usb/host/hwa-hc.c b/drivers/usb/host/hwa-hc.c
+index 9bfac65..0f874d1 100644
+--- a/drivers/usb/host/hwa-hc.c
++++ b/drivers/usb/host/hwa-hc.c
+@@ -291,7 +291,10 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8 stream_index,
+ 	struct hwahc *hwahc = container_of(wusbhc, struct hwahc, wusbhc);
+ 	struct wahc *wa = &hwahc->wa;
+ 	struct device *dev = &wa->usb_iface->dev;
+-	u8 mas_le[UWB_NUM_MAS/8];
++	u8 *mas_le = kmalloc(UWB_NUM_MAS/8, GFP_KERNEL);
++
++	if (mas_le == NULL)
++		return -ENOMEM;
+ 
+ 	/* Set the stream index */
+ 	result = usb_control_msg(wa->usb_dev, usb_sndctrlpipe(wa->usb_dev, 0),
+@@ -310,10 +313,12 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8 stream_index,
+ 			WUSB_REQ_SET_WUSB_MAS,
+ 			USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
+ 			0, wa->usb_iface->cur_altsetting->desc.bInterfaceNumber,
+-			mas_le, 32, 1000 /* FIXME: arbitrary */);
++			mas_le, UWB_NUM_MAS/8, 1000 /* FIXME: arbitrary */);
+ 	if (result < 0)
+ 		dev_err(dev, "Cannot set WUSB MAS allocation: %d\n", result);
+ out:
++	kfree(mas_le);
++
+ 	return result;
+ }
+ 
 diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c
 index 9f7003e..b1db1b6 100644
 --- a/drivers/usb/misc/appledisplay.c
@@ -115876,10 +115932,10 @@ index 0000000..88469e9
 +
 diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
 new file mode 100644
-index 0000000..f8f5dd5
+index 0000000..715a590
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
-@@ -0,0 +1,1133 @@
+@@ -0,0 +1,1141 @@
 +/*
 + * Copyright 2011-2014 by Emese Revfy <re.emese@gmail.com>
 + * Licensed under the GPL v2, or (at your option) v3
@@ -116094,7 +116150,7 @@ index 0000000..f8f5dd5
 +}
 +
 +enum conditions {
-+	FROM_CONST, NOT_UNARY, CAST
++	FROM_CONST, NOT_UNARY, CAST, RET, PHI
 +};
 +
 +// Search for constants, cast assignments and binary/ternary assignments
@@ -116114,11 +116170,15 @@ index 0000000..f8f5dd5
 +		return;
 +
 +	switch (gimple_code(def_stmt)) {
-+	case GIMPLE_NOP:
 +	case GIMPLE_CALL:
++		if (lhs == gimple_return_retval(def_stmt))
++			interesting_conditions[RET] = true;
++		return;
++	case GIMPLE_NOP:
 +	case GIMPLE_ASM:
 +		return;
 +	case GIMPLE_PHI:
++		interesting_conditions[PHI] = true;
 +		return walk_phi_set_conditions(visited, interesting_conditions, lhs);
 +	case GIMPLE_ASSIGN:
 +		if (gimple_num_ops(def_stmt) == 2) {
@@ -116336,11 +116396,11 @@ index 0000000..f8f5dd5
 +/* If there is a mark_turn_off intentional attribute on the caller or the callee then there is no duplication and missing size_overflow attribute check anywhere.
 + * There is only missing size_overflow attribute checking if the intentional_overflow attribute is the mark_no type.
 + * Stmt duplication is unnecessary if there are no binary/ternary assignements or if the unary assignment isn't a cast.
-+ * It skips the possible error codes too. If the def_stmts trace back to a constant and there are no binary/ternary assigments then we assume that it is some kind of error code.
++ * It skips the possible error codes too.
 + */
 +static enum precond check_preconditions(struct interesting_node *cur_node)
 +{
-+	bool interesting_conditions[3] = {false, false, false};
++	bool interesting_conditions[5] = {false, false, false, false, false};
 +
 +	set_last_nodes(cur_node);
 +
@@ -116350,7 +116410,11 @@ index 0000000..f8f5dd5
 +
 +	search_interesting_conditions(cur_node, interesting_conditions);
 +
-+	// error code
++	// error code: a phi, unary assign (not cast) and returns only
++	if (!interesting_conditions[NOT_UNARY] && interesting_conditions[PHI] && interesting_conditions[RET] && !interesting_conditions[CAST])
++		return NO_ATTRIBUTE_SEARCH;
++
++	// error code: def_stmts trace back to a constant and there are no binary/ternary assigments
 +	if (interesting_conditions[CAST] && interesting_conditions[FROM_CONST] && !interesting_conditions[NOT_UNARY])
 +		return NO_ATTRIBUTE_SEARCH;
 +
@@ -123573,7 +123637,7 @@ index 0000000..4ad4525
 +zpios_read_64734 zpios_read 3 64734 NULL
 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
 new file mode 100644
-index 0000000..e6fe17b
+index 0000000..a15328d
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
 @@ -0,0 +1,259 @@
@@ -123609,7 +123673,7 @@ index 0000000..e6fe17b
 +tree size_overflow_type_TI;
 +
 +static struct plugin_info size_overflow_plugin_info = {
-+	.version	= "20140517",
++	.version	= "20140713",
 +	.help		= "no-size-overflow\tturn off size overflow checking\n",
 +};
 +
author	Anthony G. Basile <blueness@gentoo.org>	2014-07-15 06:41:42 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2014-07-15 06:41:42 -0400
commit	31d2e9dad6475db7495158a948214b524d774843 (patch)
tree	44b7ccb856d40d294246737036afd01318d15357
parent	Grsec/PaX: 3.0-3.2.61-201407112156 (diff)
download	hardened-patchset-31d2e9dad6475db7495158a948214b524d774843.tar.gz hardened-patchset-31d2e9dad6475db7495158a948214b524d774843.tar.bz2 hardened-patchset-31d2e9dad6475db7495158a948214b524d774843.zip