diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2014-04-07 11:22:13 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2014-04-07 11:22:13 -0400 |
| commit | 63d5e8a78d1e3c99b66c24475e0b672ff7fca5a6 (patch) | |
| tree | 40fd357ab446e4abb55665c62575d2b82c8dc7e3 | |
| parent | Grsec/PaX: 3.0-{3.2.56,3.13.8}-201404031157 (diff) | |
| download | hardened-patchset-63d5e8a78d1e3c99b66c24475e0b672ff7fca5a6.tar.gz hardened-patchset-63d5e8a78d1e3c99b66c24475e0b672ff7fca5a6.tar.bz2 hardened-patchset-63d5e8a78d1e3c99b66c24475e0b672ff7fca5a6.zip | |
Grsec/PaX: 3.0-{3.2.56,3.13.8}-20140406212720140406
| -rw-r--r-- | 3.13.8/0000_README | 2 | ||||
| -rw-r--r-- | 3.13.8/4420_grsecurity-3.0-3.13.9-201404062127.patch (renamed from 3.13.8/4420_grsecurity-3.0-3.13.8-201404031157.patch) | 1026 | ||||
| -rw-r--r-- | 3.2.56/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.56/4420_grsecurity-3.0-3.2.56-201404062126.patch (renamed from 3.2.56/4420_grsecurity-3.0-3.2.56-201404031155.patch) | 533 |
4 files changed, 1184 insertions, 379 deletions
diff --git a/3.13.8/0000_README b/3.13.8/0000_README index 261bc85..02b8064 100644 --- a/3.13.8/0000_README +++ b/3.13.8/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.13.8-201404031157.patch +Patch: 4420_grsecurity-3.0-3.13.9-201404062127.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.13.8/4420_grsecurity-3.0-3.13.8-201404031157.patch b/3.13.8/4420_grsecurity-3.0-3.13.9-201404062127.patch index 1ca327a..3408709 100644 --- a/3.13.8/4420_grsecurity-3.0-3.13.8-201404031157.patch +++ b/3.13.8/4420_grsecurity-3.0-3.13.9-201404062127.patch @@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 4cab13b..b7d5e41 100644 +index 652f972..20ef4fb 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -12500,9 +12500,18 @@ index c337422..2c5be72 100644 .quad 0x0000000000000000 /* TS continued */ gdt_end: diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c -index 434f077..b6b4b38 100644 +index 434f077..f20f3ff 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c +@@ -224,7 +224,7 @@ void __putstr(const char *s) + + void *memset(void *s, int c, size_t n) + { +- int i; ++ size_t i; + char *ss = s; + + for (i = 0; i < n; i++) @@ -283,7 +283,7 @@ static void handle_relocations(void *output, unsigned long output_len) * Calculate the delta between where vmlinux was linked to load * and where it was actually loaded. @@ -12512,7 +12521,16 @@ index 434f077..b6b4b38 100644 if (!delta) { debug_putstr("No relocation needed... "); return; -@@ -380,7 +380,7 @@ static void parse_elf(void *output) +@@ -353,7 +353,7 @@ static void parse_elf(void *output) + Elf32_Ehdr ehdr; + Elf32_Phdr *phdrs, *phdr; + #endif +- void *dest; ++ void *dest, *prev; + int i; + + memcpy(&ehdr, output, sizeof(ehdr)); +@@ -380,13 +380,16 @@ static void parse_elf(void *output) case PT_LOAD: #ifdef CONFIG_RELOCATABLE dest = output; @@ -12521,7 +12539,16 @@ index 434f077..b6b4b38 100644 #else dest = (void *)(phdr->p_paddr); #endif -@@ -432,7 +432,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap, + memcpy(dest, + output + phdr->p_offset, + phdr->p_filesz); ++ if (i) ++ memset(prev, 0xff, dest - prev); ++ prev = dest + phdr->p_filesz; + break; + default: /* Ignore other PT_* */ break; + } +@@ -432,7 +435,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap, error("Destination address too large"); #endif #ifndef CONFIG_RELOCATABLE @@ -17549,7 +17576,7 @@ index 81bb91b..9392125 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 5ad38ad..f228861 100644 +index bbc8b12..f228861 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -45,6 +45,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -17672,30 +17699,7 @@ index 5ad38ad..f228861 100644 #include <linux/mm_types.h> #include <linux/mmdebug.h> #include <linux/log2.h> -@@ -445,20 +520,10 @@ static inline int pte_same(pte_t a, pte_t b) - return a.pte == b.pte; - } - --static inline int pteval_present(pteval_t pteval) --{ -- /* -- * Yes Linus, _PAGE_PROTNONE == _PAGE_NUMA. Expressing it this -- * way clearly states that the intent is that protnone and numa -- * hinting ptes are considered present for the purposes of -- * pagetable operations like zapping, protection changes, gup etc. -- */ -- return pteval & (_PAGE_PRESENT | _PAGE_PROTNONE | _PAGE_NUMA); --} -- - static inline int pte_present(pte_t a) - { -- return pteval_present(pte_flags(a)); -+ return pte_flags(a) & (_PAGE_PRESENT | _PAGE_PROTNONE | -+ _PAGE_NUMA); - } - - #define pte_accessible pte_accessible -@@ -580,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) +@@ -570,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -17704,7 +17708,7 @@ index 5ad38ad..f228861 100644 /* Find an entry in the second-level page table.. */ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) -@@ -620,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) +@@ -610,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -17713,7 +17717,7 @@ index 5ad38ad..f228861 100644 /* to find an entry in a page-table-directory. */ static inline unsigned long pud_index(unsigned long address) -@@ -635,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -625,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -17722,7 +17726,7 @@ index 5ad38ad..f228861 100644 } static inline int pgd_none(pgd_t pgd) -@@ -658,7 +723,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -648,7 +723,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -17736,7 +17740,7 @@ index 5ad38ad..f228861 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -669,6 +739,23 @@ static inline int pgd_none(pgd_t pgd) +@@ -659,6 +739,23 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -17760,7 +17764,7 @@ index 5ad38ad..f228861 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -835,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -825,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -35432,30 +35436,18 @@ index fa6ade7..73da73a5 100644 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 3c76c3d..7327d91 100644 +index ce563be..7327d91 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c -@@ -365,7 +365,7 @@ void xen_ptep_modify_prot_commit(struct mm_struct *mm, unsigned long addr, - /* Assume pteval_t is equivalent to all the other *val_t types. */ - static pteval_t pte_mfn_to_pfn(pteval_t val) - { -- if (pteval_present(val)) { -+ if (val & _PAGE_PRESENT) { - unsigned long mfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT; - unsigned long pfn = mfn_to_pfn(mfn); - -@@ -379,9 +379,9 @@ static pteval_t pte_mfn_to_pfn(pteval_t val) +@@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val) return val; } -static pteval_t pte_pfn_to_mfn(pteval_t val) +static pteval_t __intentional_overflow(-1) pte_pfn_to_mfn(pteval_t val) { -- if (pteval_present(val)) { -+ if (val & _PAGE_PRESENT) { + if (val & _PAGE_PRESENT) { unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT; - pteval_t flags = val & PTE_FLAGS_MASK; - unsigned long mfn; @@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) /* L3_k[510] -> level2_kernel_pgt * L3_i[511] -> level2_fixmap_pgt */ @@ -40067,19 +40059,6 @@ index a3ba9a8..ee52ddd 100644 unsigned relocs_total = 0; unsigned relocs_max = UINT_MAX / sizeof(struct drm_i915_gem_relocation_entry); -diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c -index d3c3b5b..e79720d 100644 ---- a/drivers/gpu/drm/i915/i915_gem_gtt.c -+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c -@@ -828,7 +828,7 @@ void i915_gem_suspend_gtt_mappings(struct drm_device *dev) - dev_priv->gtt.base.clear_range(&dev_priv->gtt.base, - dev_priv->gtt.base.start / PAGE_SIZE, - dev_priv->gtt.base.total / PAGE_SIZE, -- false); -+ true); - } - - void i915_gem_restore_gtt_mappings(struct drm_device *dev) diff --git a/drivers/gpu/drm/i915/i915_ioc32.c b/drivers/gpu/drm/i915/i915_ioc32.c index 3c59584..500f2e9 100644 --- a/drivers/gpu/drm/i915/i915_ioc32.c @@ -42930,10 +42909,10 @@ index 2f0b39d..7370f13 100644 ssize_t psmouse_attr_show_helper(struct device *dev, struct device_attribute *attr, diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c -index 4c842c3..590b0bf 100644 +index b604564..3f14ae4 100644 --- a/drivers/input/mousedev.c +++ b/drivers/input/mousedev.c -@@ -738,7 +738,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer, +@@ -744,7 +744,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer, spin_unlock_irq(&client->packet_lock); @@ -43415,6 +43394,23 @@ index 53d487f..f020f41 100644 return -EFAULT; } else memcpy(msg, buf, count); +diff --git a/drivers/isdn/isdnloop/isdnloop.c b/drivers/isdn/isdnloop/isdnloop.c +index 02125e6..e1f8748 100644 +--- a/drivers/isdn/isdnloop/isdnloop.c ++++ b/drivers/isdn/isdnloop/isdnloop.c +@@ -1070,6 +1070,12 @@ isdnloop_start(isdnloop_card *card, isdnloop_sdef *sdefp) + return -EBUSY; + if (copy_from_user((char *) &sdef, (char *) sdefp, sizeof(sdef))) + return -EFAULT; ++ ++ for (i = 0; i < 3; i++) { ++ if (!memchr(sdef.num[i], 0, sizeof(sdef.num[i]))) ++ return -EINVAL; ++ } ++ + spin_lock_irqsave(&card->isdnloop_lock, flags); + switch (sdef.ptype) { + case ISDN_PTYPE_EURO: diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c index a4f05c5..1433bc5 100644 --- a/drivers/isdn/mISDN/dsp_cmx.c @@ -44026,6 +44022,28 @@ index 0095ec8..c89277a 100644 } struct md_personality +diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c +index 579b582..9fb6185 100644 +--- a/drivers/md/persistent-data/dm-space-map-metadata.c ++++ b/drivers/md/persistent-data/dm-space-map-metadata.c +@@ -679,7 +679,7 @@ static int sm_metadata_extend(struct dm_space_map *sm, dm_block_t extra_blocks) + * Flick into a mode where all blocks get allocated in the new area. + */ + smm->begin = old_len; +- memcpy(sm, &bootstrap_ops, sizeof(*sm)); ++ memcpy((void *)sm, &bootstrap_ops, sizeof(*sm)); + + /* + * Extend. +@@ -710,7 +710,7 @@ out: + /* + * Switch back to normal behaviour. + */ +- memcpy(sm, &ops, sizeof(*sm)); ++ memcpy((void *)sm, &ops, sizeof(*sm)); + return r; + } + diff --git a/drivers/md/persistent-data/dm-space-map.h b/drivers/md/persistent-data/dm-space-map.h index 3e6d115..ffecdeb 100644 --- a/drivers/md/persistent-data/dm-space-map.h @@ -47187,6 +47205,93 @@ index 84d94f5..bd6c61c 100644 u16 int_num; ZD_ASSERT(in_interrupt()); +diff --git a/drivers/net/xen-netback/common.h b/drivers/net/xen-netback/common.h +index c47794b..6668d03 100644 +--- a/drivers/net/xen-netback/common.h ++++ b/drivers/net/xen-netback/common.h +@@ -113,6 +113,11 @@ struct xenvif { + domid_t domid; + unsigned int handle; + ++ /* Is this interface disabled? True when backend discovers ++ * frontend is rogue. ++ */ ++ bool disabled; ++ + /* Use NAPI for guest TX */ + struct napi_struct napi; + /* When feature-split-event-channels = 0, tx_irq = rx_irq. */ +diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c +index fff8cddf..a2ef2e6 100644 +--- a/drivers/net/xen-netback/interface.c ++++ b/drivers/net/xen-netback/interface.c +@@ -67,6 +67,15 @@ static int xenvif_poll(struct napi_struct *napi, int budget) + struct xenvif *vif = container_of(napi, struct xenvif, napi); + int work_done; + ++ /* This vif is rogue, we pretend we've there is nothing to do ++ * for this vif to deschedule it from NAPI. But this interface ++ * will be turned off in thread context later. ++ */ ++ if (unlikely(vif->disabled)) { ++ napi_complete(napi); ++ return 0; ++ } ++ + work_done = xenvif_tx_action(vif, budget); + + if (work_done < budget) { +@@ -323,6 +332,8 @@ struct xenvif *xenvif_alloc(struct device *parent, domid_t domid, + vif->ip_csum = 1; + vif->dev = dev; + ++ vif->disabled = false; ++ + vif->credit_bytes = vif->remaining_credit = ~0UL; + vif->credit_usec = 0UL; + init_timer(&vif->credit_timeout); +diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c +index 7842555..c69d1ad 100644 +--- a/drivers/net/xen-netback/netback.c ++++ b/drivers/net/xen-netback/netback.c +@@ -756,7 +756,8 @@ static void xenvif_tx_err(struct xenvif *vif, + static void xenvif_fatal_tx_err(struct xenvif *vif) + { + netdev_err(vif->dev, "fatal error; disabling device\n"); +- xenvif_carrier_off(vif); ++ vif->disabled = true; ++ xenvif_kick_thread(vif); + } + + static int xenvif_count_requests(struct xenvif *vif, +@@ -1483,7 +1484,7 @@ static unsigned xenvif_tx_build_gops(struct xenvif *vif, int budget) + vif->tx.sring->req_prod, vif->tx.req_cons, + XEN_NETIF_TX_RING_SIZE); + xenvif_fatal_tx_err(vif); +- continue; ++ break; + } + + work_to_do = RING_HAS_UNCONSUMED_REQUESTS(&vif->tx); +@@ -1877,7 +1878,18 @@ int xenvif_kthread(void *data) + while (!kthread_should_stop()) { + wait_event_interruptible(vif->wq, + rx_work_todo(vif) || ++ vif->disabled || + kthread_should_stop()); ++ ++ /* This frontend is found to be rogue, disable it in ++ * kthread context. Currently this is only set when ++ * netback finds out frontend sends malformed packet, ++ * but we cannot disable the interface in softirq ++ * context so we defer it here. ++ */ ++ if (unlikely(vif->disabled && netif_carrier_ok(vif->dev))) ++ xenvif_carrier_off(vif); ++ + if (kthread_should_stop()) + break; + diff --git a/drivers/nfc/nfcwilink.c b/drivers/nfc/nfcwilink.c index 7130864..00e64de 100644 --- a/drivers/nfc/nfcwilink.c @@ -55638,54 +55743,6 @@ index 88714ae..16c2e11 100644 static inline u32 get_pll_internal_frequency(u32 ref_freq, -diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c -index 4c02e2b..2c85267 100644 ---- a/drivers/xen/balloon.c -+++ b/drivers/xen/balloon.c -@@ -406,12 +406,26 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp) - state = BP_EAGAIN; - break; - } -- -- pfn = page_to_pfn(page); -- frame_list[i] = pfn_to_mfn(pfn); -- - scrub_page(page); - -+ frame_list[i] = page_to_pfn(page); -+ } -+ -+ /* -+ * Ensure that ballooned highmem pages don't have kmaps. -+ * -+ * Do this before changing the p2m as kmap_flush_unused() -+ * reads PTEs to obtain pages (and hence needs the original -+ * p2m entry). -+ */ -+ kmap_flush_unused(); -+ -+ /* Update direct mapping, invalidate P2M, and add to balloon. */ -+ for (i = 0; i < nr_pages; i++) { -+ pfn = frame_list[i]; -+ frame_list[i] = pfn_to_mfn(pfn); -+ page = pfn_to_page(pfn); -+ - #ifdef CONFIG_XEN_HAVE_PVMMU - /* - * Ballooned out frames are effectively replaced with -@@ -436,11 +450,9 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp) - } - #endif - -- balloon_append(pfn_to_page(pfn)); -+ balloon_append(page); - } - -- /* Ensure that ballooned highmem pages don't have kmaps. */ -- kmap_flush_unused(); - flush_tlb_all(); - - set_xen_guest_handle(reservation.extent_start, frame_list); diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c index fef20db..d28b1ab 100644 --- a/drivers/xen/xenfs/xenstored.c @@ -58166,7 +58223,7 @@ index bc3fbcd..6031650 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index fdbe230..d852932 100644 +index f7ad6d7..d852932 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -1495,7 +1495,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) @@ -58178,18 +58235,6 @@ index fdbe230..d852932 100644 if (!dname) { kmem_cache_free(dentry_cache, dentry); return NULL; -@@ -2833,9 +2833,9 @@ static int prepend_name(char **buffer, int *buflen, struct qstr *name) - u32 dlen = ACCESS_ONCE(name->len); - char *p; - -- if (*buflen < dlen + 1) -- return -ENAMETOOLONG; - *buflen -= dlen + 1; -+ if (*buflen < 0) -+ return -ENAMETOOLONG; - p = *buffer -= dlen + 1; - *p++ = '/'; - while (dlen--) { @@ -3428,7 +3428,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; @@ -61162,7 +61207,7 @@ index 92a0f0a..45a48f0 100644 spin_lock(&inode->i_lock); diff --git a/fs/mount.h b/fs/mount.h -index a17458c..e69fb5b 100644 +index b29e42f..5ea7fdf 100644 --- a/fs/mount.h +++ b/fs/mount.h @@ -11,7 +11,7 @@ struct mnt_namespace { @@ -61184,7 +61229,7 @@ index a17458c..e69fb5b 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index cfe6608..a24748c 100644 +index 399f637..a24748c 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask) @@ -61260,57 +61305,7 @@ index cfe6608..a24748c 100644 nd->last_type = LAST_BIND; *p = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(*p); -@@ -1098,7 +1112,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, - return false; - - if (!d_mountpoint(path->dentry)) -- break; -+ return true; - - mounted = __lookup_mnt(path->mnt, path->dentry); - if (!mounted) -@@ -1114,20 +1128,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, - */ - *inode = path->dentry->d_inode; - } -- return true; --} -- --static void follow_mount_rcu(struct nameidata *nd) --{ -- while (d_mountpoint(nd->path.dentry)) { -- struct mount *mounted; -- mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry); -- if (!mounted) -- break; -- nd->path.mnt = &mounted->mnt; -- nd->path.dentry = mounted->mnt.mnt_root; -- nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); -- } -+ return read_seqretry(&mount_lock, nd->m_seq); - } - - static int follow_dotdot_rcu(struct nameidata *nd) -@@ -1155,7 +1156,17 @@ static int follow_dotdot_rcu(struct nameidata *nd) - break; - nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); - } -- follow_mount_rcu(nd); -+ while (d_mountpoint(nd->path.dentry)) { -+ struct mount *mounted; -+ mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry); -+ if (!mounted) -+ break; -+ nd->path.mnt = &mounted->mnt; -+ nd->path.dentry = mounted->mnt.mnt_root; -+ nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); -+ if (!read_seqretry(&mount_lock, nd->m_seq)) -+ goto failed; -+ } - nd->inode = nd->path.dentry->d_inode; - return 0; - -@@ -1582,6 +1593,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1579,6 +1593,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) if (res) break; res = walk_component(nd, path, LOOKUP_FOLLOW); @@ -61319,7 +61314,7 @@ index cfe6608..a24748c 100644 put_link(nd, &link, cookie); } while (res > 0); -@@ -1655,7 +1668,7 @@ EXPORT_SYMBOL(full_name_hash); +@@ -1652,7 +1668,7 @@ EXPORT_SYMBOL(full_name_hash); static inline unsigned long hash_name(const char *name, unsigned int *hashp) { unsigned long a, b, adata, bdata, mask, hash, len; @@ -61328,7 +61323,7 @@ index cfe6608..a24748c 100644 hash = a = 0; len = -sizeof(unsigned long); -@@ -1939,6 +1952,8 @@ static int path_lookupat(int dfd, const char *name, +@@ -1936,6 +1952,8 @@ static int path_lookupat(int dfd, const char *name, if (err) break; err = lookup_last(nd, &path); @@ -61337,7 +61332,7 @@ index cfe6608..a24748c 100644 put_link(nd, &link, cookie); } } -@@ -1946,6 +1961,13 @@ static int path_lookupat(int dfd, const char *name, +@@ -1943,6 +1961,13 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -61351,7 +61346,7 @@ index cfe6608..a24748c 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!d_is_directory(nd->path.dentry)) { path_put(&nd->path); -@@ -1973,8 +1995,15 @@ static int filename_lookup(int dfd, struct filename *name, +@@ -1970,8 +1995,15 @@ static int filename_lookup(int dfd, struct filename *name, retval = path_lookupat(dfd, name->name, flags | LOOKUP_REVAL, nd); @@ -61368,7 +61363,7 @@ index cfe6608..a24748c 100644 return retval; } -@@ -2548,6 +2577,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2545,6 +2577,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -61382,7 +61377,7 @@ index cfe6608..a24748c 100644 return 0; } -@@ -2779,7 +2815,7 @@ looked_up: +@@ -2776,7 +2815,7 @@ looked_up: * cleared otherwise prior to returning. */ static int lookup_open(struct nameidata *nd, struct path *path, @@ -61391,7 +61386,7 @@ index cfe6608..a24748c 100644 const struct open_flags *op, bool got_write, int *opened) { -@@ -2814,6 +2850,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2811,6 +2850,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; @@ -61409,7 +61404,7 @@ index cfe6608..a24748c 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2835,6 +2882,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2832,6 +2882,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, nd->flags & LOOKUP_EXCL); if (error) goto out_dput; @@ -61418,7 +61413,7 @@ index cfe6608..a24748c 100644 } out_no_open: path->dentry = dentry; -@@ -2849,7 +2898,7 @@ out_dput: +@@ -2846,7 +2898,7 @@ out_dput: /* * Handle the last step of open() */ @@ -61427,7 +61422,7 @@ index cfe6608..a24748c 100644 struct file *file, const struct open_flags *op, int *opened, struct filename *name) { -@@ -2899,6 +2948,15 @@ static int do_last(struct nameidata *nd, struct path *path, +@@ -2896,6 +2948,15 @@ static int do_last(struct nameidata *nd, struct path *path, if (error) return error; @@ -61443,7 +61438,7 @@ index cfe6608..a24748c 100644 audit_inode(name, dir, LOOKUP_PARENT); error = -EISDIR; /* trailing slashes? */ -@@ -2918,7 +2976,7 @@ retry_lookup: +@@ -2915,7 +2976,7 @@ retry_lookup: */ } mutex_lock(&dir->d_inode->i_mutex); @@ -61452,7 +61447,7 @@ index cfe6608..a24748c 100644 mutex_unlock(&dir->d_inode->i_mutex); if (error <= 0) { -@@ -2942,11 +3000,28 @@ retry_lookup: +@@ -2939,11 +3000,28 @@ retry_lookup: goto finish_open_created; } @@ -61482,7 +61477,7 @@ index cfe6608..a24748c 100644 /* * If atomic_open() acquired write access it is dropped now due to -@@ -2987,6 +3062,11 @@ finish_lookup: +@@ -2984,6 +3062,11 @@ finish_lookup: } } BUG_ON(inode != path->dentry->d_inode); @@ -61494,7 +61489,7 @@ index cfe6608..a24748c 100644 return 1; } -@@ -2996,7 +3076,6 @@ finish_lookup: +@@ -2993,7 +3076,6 @@ finish_lookup: save_parent.dentry = nd->path.dentry; save_parent.mnt = mntget(path->mnt); nd->path.dentry = path->dentry; @@ -61502,7 +61497,7 @@ index cfe6608..a24748c 100644 } nd->inode = inode; /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ -@@ -3006,7 +3085,18 @@ finish_open: +@@ -3003,7 +3085,18 @@ finish_open: path_put(&save_parent); return error; } @@ -61521,7 +61516,7 @@ index cfe6608..a24748c 100644 error = -EISDIR; if ((open_flag & O_CREAT) && (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry))) -@@ -3170,7 +3260,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3167,7 +3260,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -61530,7 +61525,7 @@ index cfe6608..a24748c 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -3188,7 +3278,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3185,7 +3278,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -61539,7 +61534,7 @@ index cfe6608..a24748c 100644 put_link(nd, &link, cookie); } out: -@@ -3288,9 +3378,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3285,9 +3378,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -61553,7 +61548,7 @@ index cfe6608..a24748c 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3342,6 +3434,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3339,6 +3434,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -61574,7 +61569,7 @@ index cfe6608..a24748c 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3404,6 +3510,17 @@ retry: +@@ -3401,6 +3510,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -61592,7 +61587,7 @@ index cfe6608..a24748c 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3420,6 +3537,8 @@ retry: +@@ -3417,6 +3537,8 @@ retry: break; } out: @@ -61601,7 +61596,7 @@ index cfe6608..a24748c 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3472,9 +3591,16 @@ retry: +@@ -3469,9 +3591,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -61618,7 +61613,7 @@ index cfe6608..a24748c 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3555,6 +3681,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3552,6 +3681,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -61627,7 +61622,7 @@ index cfe6608..a24748c 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3587,10 +3715,21 @@ retry: +@@ -3584,10 +3715,21 @@ retry: error = -ENOENT; goto exit3; } @@ -61649,7 +61644,7 @@ index cfe6608..a24748c 100644 exit3: dput(dentry); exit2: -@@ -3680,6 +3819,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3677,6 +3819,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; @@ -61658,7 +61653,7 @@ index cfe6608..a24748c 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3706,10 +3847,22 @@ retry_deleg: +@@ -3703,10 +3847,22 @@ retry_deleg: if (d_is_negative(dentry)) goto slashes; ihold(inode); @@ -61681,7 +61676,7 @@ index cfe6608..a24748c 100644 exit2: dput(dentry); } -@@ -3797,9 +3950,17 @@ retry: +@@ -3794,9 +3950,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -61699,7 +61694,7 @@ index cfe6608..a24748c 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3902,6 +4063,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3899,6 +4063,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, struct dentry *new_dentry; struct path old_path, new_path; struct inode *delegated_inode = NULL; @@ -61707,7 +61702,7 @@ index cfe6608..a24748c 100644 int how = 0; int error; -@@ -3925,7 +4087,7 @@ retry: +@@ -3922,7 +4087,7 @@ retry: if (error) return error; @@ -61716,7 +61711,7 @@ index cfe6608..a24748c 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3937,11 +4099,28 @@ retry: +@@ -3934,11 +4099,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -61745,7 +61740,7 @@ index cfe6608..a24748c 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4228,6 +4407,12 @@ retry_deleg: +@@ -4225,6 +4407,12 @@ retry_deleg: if (new_dentry == trap) goto exit5; @@ -61758,7 +61753,7 @@ index cfe6608..a24748c 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry); if (error) -@@ -4235,6 +4420,9 @@ retry_deleg: +@@ -4232,6 +4420,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode); @@ -61768,7 +61763,7 @@ index cfe6608..a24748c 100644 exit5: dput(new_dentry); exit4: -@@ -4271,6 +4459,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -4268,6 +4459,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -61777,7 +61772,7 @@ index cfe6608..a24748c 100644 int len; len = PTR_ERR(link); -@@ -4280,7 +4470,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -4277,7 +4470,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -61794,10 +61789,10 @@ index cfe6608..a24748c 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index be32ebc..c595734 100644 +index 6d0e54e..4c1f85e 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1293,6 +1293,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1339,6 +1339,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -61807,7 +61802,7 @@ index be32ebc..c595734 100644 return retval; } -@@ -1315,6 +1318,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1361,6 +1364,9 @@ static int do_umount(struct mount *mnt, int flags) } unlock_mount_hash(); namespace_unlock(); @@ -61817,7 +61812,7 @@ index be32ebc..c595734 100644 return retval; } -@@ -1334,7 +1340,7 @@ static inline bool may_mount(void) +@@ -1380,7 +1386,7 @@ static inline bool may_mount(void) * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD */ @@ -61826,7 +61821,7 @@ index be32ebc..c595734 100644 { struct path path; struct mount *mnt; -@@ -1376,7 +1382,7 @@ out: +@@ -1422,7 +1428,7 @@ out: /* * The 2.0 compatible umount. No flags. */ @@ -61835,7 +61830,7 @@ index be32ebc..c595734 100644 { return sys_umount(name, 0); } -@@ -2379,6 +2385,16 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2426,6 +2432,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -61852,7 +61847,7 @@ index be32ebc..c595734 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2393,6 +2409,9 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2440,6 +2456,9 @@ long do_mount(const char *dev_name, const char *dir_name, dev_name, data_page); dput_out: path_put(&path); @@ -61862,7 +61857,7 @@ index be32ebc..c595734 100644 return retval; } -@@ -2410,7 +2429,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) +@@ -2457,7 +2476,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) * number incrementing at 10Ghz will take 12,427 years to wrap which * is effectively never, so we can ignore the possibility. */ @@ -61871,7 +61866,7 @@ index be32ebc..c595734 100644 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) { -@@ -2425,7 +2444,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2472,7 +2491,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) kfree(new_ns); return ERR_PTR(ret); } @@ -61880,7 +61875,7 @@ index be32ebc..c595734 100644 atomic_set(&new_ns->count, 1); new_ns->root = NULL; INIT_LIST_HEAD(&new_ns->list); -@@ -2435,7 +2454,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2482,7 +2501,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) return new_ns; } @@ -61889,7 +61884,7 @@ index be32ebc..c595734 100644 struct user_namespace *user_ns, struct fs_struct *new_fs) { struct mnt_namespace *new_ns; -@@ -2556,8 +2575,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) +@@ -2603,8 +2622,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) } EXPORT_SYMBOL(mount_subtree); @@ -61900,7 +61895,7 @@ index be32ebc..c595734 100644 { int ret; char *kernel_type; -@@ -2670,6 +2689,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2717,6 +2736,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -61912,7 +61907,7 @@ index be32ebc..c595734 100644 get_fs_root(current->fs, &root); old_mp = lock_mount(&old); error = PTR_ERR(old_mp); -@@ -2930,7 +2954,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -2983,7 +3007,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; @@ -76946,9 +76941,18 @@ index bf1ef22..2a55e1b 100644 static inline kuid_t audit_get_loginuid(struct task_struct *tsk) { diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h -index fd8bf32..2cccd5a 100644 +index fd8bf32..49a5f5c 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h +@@ -45,7 +45,7 @@ struct linux_binprm { + unsigned interp_data; + unsigned long loader, exec; + char tcomm[TASK_COMM_LEN]; +-}; ++} __randomize_layout; + + #define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0 + #define BINPRM_FLAGS_ENFORCE_NONDUMP (1 << BINPRM_FLAGS_ENFORCE_NONDUMP_BIT) @@ -74,8 +74,10 @@ struct linux_binfmt { int (*load_binary)(struct linux_binprm *); int (*load_shlib)(struct file *); @@ -76957,12 +76961,12 @@ index fd8bf32..2cccd5a 100644 + void (*handle_mmap)(struct file *); unsigned long min_coredump; /* minimal dump size */ -}; -+} __do_const; ++} __do_const __randomize_layout; extern void __register_binfmt(struct linux_binfmt *fmt, int insert); diff --git a/include/linux/bitops.h b/include/linux/bitops.h -index abc9ca7..e54ee27 100644 +index be5fd38..d71192a 100644 --- a/include/linux/bitops.h +++ b/include/linux/bitops.h @@ -102,7 +102,7 @@ static inline __u64 ror64(__u64 word, unsigned int shift) @@ -79844,7 +79848,7 @@ index 9fe426b..8148be6 100644 static inline int vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst) diff --git a/include/linux/mm.h b/include/linux/mm.h -index 0ab5439..2859c61 100644 +index 5360b82..4eedf45 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -117,6 +117,11 @@ extern unsigned int kobjsize(const void *objp); @@ -79878,7 +79882,7 @@ index 0ab5439..2859c61 100644 struct mmu_gather; struct inode; -@@ -1064,8 +1070,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, +@@ -1074,8 +1080,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, unsigned long *pfn); int follow_phys(struct vm_area_struct *vma, unsigned long address, unsigned int flags, unsigned long *prot, resource_size_t *phys); @@ -79889,7 +79893,7 @@ index 0ab5439..2859c61 100644 static inline void unmap_shared_mapping_range(struct address_space *mapping, loff_t const holebegin, loff_t const holelen) -@@ -1104,9 +1110,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, +@@ -1114,9 +1120,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, } #endif @@ -79902,7 +79906,7 @@ index 0ab5439..2859c61 100644 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, unsigned long start, unsigned long nr_pages, -@@ -1138,34 +1144,6 @@ int set_page_dirty(struct page *page); +@@ -1148,34 +1154,6 @@ int set_page_dirty(struct page *page); int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); @@ -79937,7 +79941,7 @@ index 0ab5439..2859c61 100644 extern pid_t vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); -@@ -1265,6 +1243,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) +@@ -1275,6 +1253,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) } #endif @@ -79953,7 +79957,7 @@ index 0ab5439..2859c61 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1283,8 +1270,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1293,8 +1280,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -79969,7 +79973,7 @@ index 0ab5439..2859c61 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1293,8 +1287,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1303,8 +1297,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -79985,7 +79989,7 @@ index 0ab5439..2859c61 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1312,11 +1313,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1322,11 +1323,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -80009,7 +80013,7 @@ index 0ab5439..2859c61 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTE_PTLOCKS -@@ -1694,7 +1707,7 @@ extern int install_special_mapping(struct mm_struct *mm, +@@ -1704,7 +1717,7 @@ extern int install_special_mapping(struct mm_struct *mm, unsigned long addr, unsigned long len, unsigned long flags, struct page **pages); @@ -80018,7 +80022,7 @@ index 0ab5439..2859c61 100644 extern unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long len, vm_flags_t vm_flags, unsigned long pgoff); -@@ -1702,6 +1715,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1712,6 +1725,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long pgoff, unsigned long *populate); extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -80026,7 +80030,7 @@ index 0ab5439..2859c61 100644 #ifdef CONFIG_MMU extern int __mm_populate(unsigned long addr, unsigned long len, -@@ -1730,10 +1744,11 @@ struct vm_unmapped_area_info { +@@ -1740,10 +1754,11 @@ struct vm_unmapped_area_info { unsigned long high_limit; unsigned long align_mask; unsigned long align_offset; @@ -80040,7 +80044,7 @@ index 0ab5439..2859c61 100644 /* * Search for an unmapped address range. -@@ -1745,7 +1760,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); +@@ -1755,7 +1770,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); * - satisfies (begin_addr & align_mask) == (align_offset & align_mask) */ static inline unsigned long @@ -80049,7 +80053,7 @@ index 0ab5439..2859c61 100644 { if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN)) return unmapped_area(info); -@@ -1808,6 +1823,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1818,6 +1833,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -80060,7 +80064,7 @@ index 0ab5439..2859c61 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1836,15 +1855,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, +@@ -1846,15 +1865,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, return vma; } @@ -80076,7 +80080,7 @@ index 0ab5439..2859c61 100644 #ifdef CONFIG_ARCH_USES_NUMA_PROT_NONE unsigned long change_prot_numa(struct vm_area_struct *vma, unsigned long start, unsigned long end); -@@ -1896,6 +1906,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); +@@ -1906,6 +1916,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); static inline void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -80088,7 +80092,7 @@ index 0ab5439..2859c61 100644 mm->total_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -1977,7 +1992,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -1987,7 +2002,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -80097,7 +80101,7 @@ index 0ab5439..2859c61 100644 extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -2014,5 +2029,11 @@ void __init setup_nr_node_ids(void); +@@ -2024,5 +2039,11 @@ void __init setup_nr_node_ids(void); static inline void setup_nr_node_ids(void) {} #endif @@ -80601,6 +80605,27 @@ index 4386946..f50c615 100644 struct padata_cpumask cpumask; spinlock_t lock ____cacheline_aligned; unsigned int processed; +diff --git a/include/linux/path.h b/include/linux/path.h +index d137218..be0c176 100644 +--- a/include/linux/path.h ++++ b/include/linux/path.h +@@ -1,13 +1,15 @@ + #ifndef _LINUX_PATH_H + #define _LINUX_PATH_H + ++#include <linux/compiler.h> ++ + struct dentry; + struct vfsmount; + + struct path { + struct vfsmount *mnt; + struct dentry *dentry; +-}; ++} __randomize_layout; + + extern void path_get(const struct path *); + extern void path_put(const struct path *); diff --git a/include/linux/pci_hotplug.h b/include/linux/pci_hotplug.h index a2e2f1d..8a391d2 100644 --- a/include/linux/pci_hotplug.h @@ -81453,7 +81478,7 @@ index e3347c5..f682891 100644 extern unsigned int sysctl_sched_latency; extern unsigned int sysctl_sched_min_granularity; diff --git a/include/linux/security.h b/include/linux/security.h -index 5623a7f..b352409 100644 +index 5623a7f..7ae77be 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -27,6 +27,7 @@ @@ -81473,6 +81498,15 @@ index 5623a7f..b352409 100644 #ifdef CONFIG_MMU extern unsigned long mmap_min_addr; extern unsigned long dac_mmap_min_addr; +@@ -1718,7 +1717,7 @@ struct security_operations { + struct audit_context *actx); + void (*audit_rule_free) (void *lsmrule); + #endif /* CONFIG_AUDIT */ +-}; ++} __randomize_layout; + + /* prototypes */ + extern int security_init(void); diff --git a/include/linux/semaphore.h b/include/linux/semaphore.h index dc368b8..e895209 100644 --- a/include/linux/semaphore.h @@ -82101,7 +82135,7 @@ index 97d660e..6356755 100644 extern int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc); diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h -index 756a609..f61242d 100644 +index 756a609..89db85e 100644 --- a/include/linux/tty_driver.h +++ b/include/linux/tty_driver.h @@ -285,7 +285,7 @@ struct tty_operations { @@ -82109,7 +82143,7 @@ index 756a609..f61242d 100644 #endif const struct file_operations *proc_fops; -}; -+} __do_const; ++} __do_const __randomize_layout; struct tty_driver { int magic; /* magic number for this structure */ @@ -82565,6 +82599,19 @@ index 9a36d92..0aafe2a 100644 void v9fs_register_trans(struct p9_trans_module *m); void v9fs_unregister_trans(struct p9_trans_module *m); +diff --git a/include/net/af_unix.h b/include/net/af_unix.h +index a175ba4..196eb82 100644 +--- a/include/net/af_unix.h ++++ b/include/net/af_unix.h +@@ -36,7 +36,7 @@ struct unix_skb_parms { + u32 secid; /* Security ID */ + #endif + u32 consumed; +-}; ++} __randomize_layout; + + #define UNIXCB(skb) (*(struct unix_skb_parms *)&((skb)->cb)) + #define UNIXSID(skb) (&UNIXCB((skb)).secid) diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h index c853b16d..37fccb7 100644 --- a/include/net/bluetooth/l2cap.h @@ -83153,7 +83200,7 @@ index 0a248b3..4dcbe5c 100644 /* Structure to track chunk fragments that have been acked, but peer diff --git a/include/net/sock.h b/include/net/sock.h -index 2ef3c3e..e02013e 100644 +index 2ef3c3e..c89ee4c 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -348,7 +348,7 @@ struct sock { @@ -83165,6 +83212,15 @@ index 2ef3c3e..e02013e 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; +@@ -1022,7 +1022,7 @@ struct proto { + void (*destroy_cgroup)(struct mem_cgroup *memcg); + struct cg_proto *(*proto_cgroup)(struct mem_cgroup *memcg); + #endif +-}; ++} __randomize_layout; + + /* + * Bits in struct cg_proto.flags @@ -1209,7 +1209,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot) return ret >> PAGE_SHIFT; } @@ -83174,6 +83230,15 @@ index 2ef3c3e..e02013e 100644 sk_memory_allocated(const struct sock *sk) { struct proto *prot = sk->sk_prot; +@@ -1354,7 +1354,7 @@ struct sock_iocb { + struct scm_cookie *scm; + struct msghdr *msg, async_msg; + struct kiocb *kiocb; +-}; ++} __randomize_layout; + + static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb) + { @@ -1813,7 +1813,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } @@ -84807,7 +84872,7 @@ index 4e66bf9..cdccecf 100644 +} +EXPORT_SYMBOL(inode_capable_nolog); diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index 271acd8..54b70fe 100644 +index b44dd49..94c2826 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -5609,7 +5609,7 @@ static int cgroup_css_links_read(struct cgroup_subsys_state *css, @@ -87655,7 +87720,7 @@ index 9b9a266..c20ef80 100644 { struct pid *pid; diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c -index 06c62de..b08cc6c 100644 +index 06c62de..a0ca23f 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c @@ -253,7 +253,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write, @@ -87667,6 +87732,17 @@ index 06c62de..b08cc6c 100644 if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) return -EPERM; +@@ -318,7 +318,9 @@ static void *pidns_get(struct task_struct *task) + struct pid_namespace *ns; + + rcu_read_lock(); +- ns = get_pid_ns(task_active_pid_ns(task)); ++ ns = task_active_pid_ns(task); ++ if (ns) ++ get_pid_ns(ns); + rcu_read_unlock(); + + return ns; diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c index c7f31aa..2b44977 100644 --- a/kernel/posix-cpu-timers.c @@ -90979,6 +91055,28 @@ index c24c2f7..f0296f4 100644 + pax_close_kernel(); +} +EXPORT_SYMBOL(pax_list_del_rcu); +diff --git a/lib/nlattr.c b/lib/nlattr.c +index 18eca78..fc67547 100644 +--- a/lib/nlattr.c ++++ b/lib/nlattr.c +@@ -303,9 +303,15 @@ int nla_memcmp(const struct nlattr *nla, const void *data, + */ + int nla_strcmp(const struct nlattr *nla, const char *str) + { +- int len = strlen(str) + 1; +- int d = nla_len(nla) - len; ++ int len = strlen(str); ++ char *buf = nla_data(nla); ++ int attrlen = nla_len(nla); ++ int d; + ++ if (attrlen > 0 && buf[attrlen - 1] == '\0') ++ attrlen--; ++ ++ d = attrlen - len; + if (d == 0) + d = memcmp(nla_data(nla), str, len); + diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c index 1a53d49..ace934c 100644 --- a/lib/percpu-refcount.c @@ -91006,7 +91104,7 @@ index 7811ed3..f80ca19 100644 static inline void *ptr_to_indirect(void *ptr) { diff --git a/lib/random32.c b/lib/random32.c -index 1e5b2df..009bfe8 100644 +index 6148967..009bfe8 100644 --- a/lib/random32.c +++ b/lib/random32.c @@ -44,7 +44,7 @@ @@ -91018,27 +91116,6 @@ index 1e5b2df..009bfe8 100644 /** * prandom_u32_state - seeded pseudo-random number generator. -@@ -244,8 +244,19 @@ static void __prandom_reseed(bool late) - static bool latch = false; - static DEFINE_SPINLOCK(lock); - -+ /* Asking for random bytes might result in bytes getting -+ * moved into the nonblocking pool and thus marking it -+ * as initialized. In this case we would double back into -+ * this function and attempt to do a late reseed. -+ * Ignore the pointless attempt to reseed again if we're -+ * already waiting for bytes when the nonblocking pool -+ * got initialized. -+ */ -+ - /* only allow initial seeding (late == false) once */ -- spin_lock_irqsave(&lock, flags); -+ if (!spin_trylock_irqsave(&lock, flags)) -+ return; -+ - if (latch && !late) - goto out; - latch = true; diff --git a/lib/rbtree.c b/lib/rbtree.c index 65f4eff..2cfa167 100644 --- a/lib/rbtree.c @@ -91663,7 +91740,7 @@ index 539eeb9..e24a987 100644 if (end == start) return error; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index 90977ac..487ab84 100644 +index 4566e8f..46be98c 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; @@ -94314,7 +94391,7 @@ index 7106cb1..0805f48 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 56f268d..4d35ec4 100644 +index 589521d..314053a 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -94334,7 +94411,7 @@ index 56f268d..4d35ec4 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -712,6 +713,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -714,6 +715,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -94345,7 +94422,7 @@ index 56f268d..4d35ec4 100644 trace_mm_page_free(page, order); kmemcheck_free_shadow(page, order); -@@ -728,6 +733,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -730,6 +735,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -94358,7 +94435,7 @@ index 56f268d..4d35ec4 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); -@@ -750,6 +761,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) +@@ -752,6 +763,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) local_irq_restore(flags); } @@ -94379,7 +94456,7 @@ index 56f268d..4d35ec4 100644 void __init __free_pages_bootmem(struct page *page, unsigned int order) { unsigned int nr_pages = 1 << order; -@@ -765,6 +790,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) +@@ -767,6 +792,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) __ClearPageReserved(p); set_page_count(p, 0); @@ -94399,7 +94476,7 @@ index 56f268d..4d35ec4 100644 page_zone(page)->managed_pages += nr_pages; set_page_refcounted(page); __free_pages(page, order); -@@ -870,8 +908,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) +@@ -872,8 +910,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); @@ -95676,7 +95753,7 @@ index 8cc7be0..d0f7d7a 100644 } } diff --git a/mm/swap.c b/mm/swap.c -index 84b26aa..ce39899 100644 +index 7010cf4..f0a56a4 100644 --- a/mm/swap.c +++ b/mm/swap.c @@ -77,6 +77,8 @@ static void __put_compound_page(struct page *page) @@ -100255,18 +100332,9 @@ index ce30041..3861b5d 100644 { if (users > 0) diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c -index a99b6c3..cb372f9 100644 +index 59359be..cb372f9 100644 --- a/net/netfilter/nf_conntrack_proto_dccp.c +++ b/net/netfilter/nf_conntrack_proto_dccp.c -@@ -428,7 +428,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb, - const char *msg; - u_int8_t state; - -- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh); -+ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); - BUG_ON(dh == NULL); - - state = dccp_state_table[CT_DCCP_ROLE_CLIENT][dh->dccph_type][CT_DCCP_NONE]; @@ -457,7 +457,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb, out_invalid: if (LOG_INVALID(net, IPPROTO_DCCP)) @@ -100276,24 +100344,6 @@ index a99b6c3..cb372f9 100644 return false; } -@@ -486,7 +486,7 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb, - u_int8_t type, old_state, new_state; - enum ct_dccp_roles role; - -- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh); -+ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); - BUG_ON(dh == NULL); - type = dh->dccph_type; - -@@ -577,7 +577,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl, - unsigned int cscov; - const char *msg; - -- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh); -+ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); - if (dh == NULL) { - msg = "nf_ct_dccp: short packet "; - goto out_invalid; @@ -614,7 +614,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl, out_invalid: @@ -101324,7 +101374,7 @@ index b0565af..d135e6e 100644 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); diff --git a/net/socket.c b/net/socket.c -index e83c416..f87df4c 100644 +index e83c416..5b883e0 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -101499,6 +101549,15 @@ index e83c416..f87df4c 100644 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, unsigned int, flags, struct sockaddr __user *, addr, int, addr_len) +@@ -1825,7 +1891,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, + struct socket *sock; + struct iovec iov; + struct msghdr msg; +- struct sockaddr_storage address; ++ struct sockaddr_storage address = { }; + int err, err2; + int fput_needed; + @@ -1972,6 +2038,10 @@ static int copy_msghdr_from_user(struct msghdr *kmsg, { if (copy_from_user(kmsg, umsg, sizeof(struct msghdr))) @@ -101519,6 +101578,15 @@ index e83c416..f87df4c 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; +@@ -2198,7 +2268,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, + int err, total_len, len; + + /* kernel mode address */ +- struct sockaddr_storage addr; ++ struct sockaddr_storage addr = { }; + + /* user mode address pointers */ + struct sockaddr __user *uaddr; @@ -2227,7 +2297,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, /* Save the user-mode address (verify_iovec will change the * kernel msghdr to use the kernel address space) @@ -102593,14 +102661,14 @@ index 078fe1d..fbdb363 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..3c23999 +index 0000000..edcbc3a --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,16 @@ +#!/bin/bash +srctree=$(dirname "$0") -+gccplugins_dir=$("$3" -print-file-name=plugin) -+plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF ++gccplugins_dir=$($3 -print-file-name=plugin) ++plugincc=$($1 -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF +#include "gcc-common.h" +#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX) +#warning $2 @@ -103869,10 +103937,54 @@ index e9c6ac7..75578c4 100644 default 65536 help This is the portion of low virtual memory which should be protected +diff --git a/security/apparmor/file.c b/security/apparmor/file.c +index fdaa50c..2761dcb 100644 +--- a/security/apparmor/file.c ++++ b/security/apparmor/file.c +@@ -348,8 +348,8 @@ static inline bool xindex_is_subset(u32 link, u32 target) + int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, + struct path *new_dir, struct dentry *new_dentry) + { +- struct path link = { new_dir->mnt, new_dentry }; +- struct path target = { new_dir->mnt, old_dentry }; ++ struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry }; ++ struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry }; + struct path_cond cond = { + old_dentry->d_inode->i_uid, + old_dentry->d_inode->i_mode diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index 4257b7e..f0c9438 100644 +index 4257b7e..2d0732d 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c +@@ -186,7 +186,7 @@ static int common_perm_dir_dentry(int op, struct path *dir, + struct dentry *dentry, u32 mask, + struct path_cond *cond) + { +- struct path path = { dir->mnt, dentry }; ++ struct path path = { .mnt = dir->mnt, .dentry = dentry }; + + return common_perm(op, &path, mask, cond); + } +@@ -203,7 +203,7 @@ static int common_perm_dir_dentry(int op, struct path *dir, + static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, + struct dentry *dentry, u32 mask) + { +- struct path path = { mnt, dentry }; ++ struct path path = { .mnt = mnt, .dentry = dentry }; + struct path_cond cond = { dentry->d_inode->i_uid, + dentry->d_inode->i_mode + }; +@@ -325,8 +325,8 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, + + profile = aa_current_profile(); + if (!unconfined(profile)) { +- struct path old_path = { old_dir->mnt, old_dentry }; +- struct path new_path = { new_dir->mnt, new_dentry }; ++ struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry }; ++ struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry }; + struct path_cond cond = { old_dentry->d_inode->i_uid, + old_dentry->d_inode->i_mode + }; @@ -615,7 +615,7 @@ static int apparmor_task_setrlimit(struct task_struct *task, return error; } @@ -104276,6 +104388,57 @@ index b0be893..646bd94 100644 .name = "smack", .ptrace_access_check = smack_ptrace_access_check, +diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c +index 4003907..13a2b55 100644 +--- a/security/tomoyo/file.c ++++ b/security/tomoyo/file.c +@@ -692,7 +692,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path, + { + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int error = -ENOMEM; + struct tomoyo_path_info buf; +@@ -740,7 +740,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, + struct tomoyo_path_info buf; + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int idx; + +@@ -786,7 +786,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path, const char *target) + { + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int error; + struct tomoyo_path_info buf; +@@ -843,7 +843,7 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path, + { + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int error = -ENOMEM; + struct tomoyo_path_info buf; +@@ -890,8 +890,8 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1, + struct tomoyo_path_info buf2; + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path1, +- .path2 = *path2, ++ .path1 = { .mnt = path1->mnt, .dentry = path1->dentry }, ++ .path2 = { .mnt = path2->mnt, .dentry = path2->dentry } + }; + int idx; + diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index 390c646..f2f8db3 100644 --- a/security/tomoyo/mount.c @@ -104292,9 +104455,94 @@ index 390c646..f2f8db3 100644 if (!fstype) { error = -ENODEV; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c -index f0b756e..b129202 100644 +index f0b756e..8aa497b 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c +@@ -146,7 +146,7 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) + */ + static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) + { +- struct path path = { mnt, dentry }; ++ struct path path = { .mnt = mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL); + } + +@@ -172,7 +172,7 @@ static int tomoyo_path_truncate(struct path *path) + */ + static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); + } + +@@ -188,7 +188,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) + static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, + umode_t mode) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, + mode & S_IALLUGO); + } +@@ -203,7 +203,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, + */ + static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); + } + +@@ -219,7 +219,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) + static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, + const char *old_name) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name); + } + +@@ -236,7 +236,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, + static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, + umode_t mode, unsigned int dev) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + int type = TOMOYO_TYPE_CREATE; + const unsigned int perm = mode & S_IALLUGO; + +@@ -275,8 +275,8 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, + static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, + struct dentry *new_dentry) + { +- struct path path1 = { new_dir->mnt, old_dentry }; +- struct path path2 = { new_dir->mnt, new_dentry }; ++ struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry }; ++ struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry }; + return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2); + } + +@@ -295,8 +295,8 @@ static int tomoyo_path_rename(struct path *old_parent, + struct path *new_parent, + struct dentry *new_dentry) + { +- struct path path1 = { old_parent->mnt, old_dentry }; +- struct path path2 = { new_parent->mnt, new_dentry }; ++ struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry }; ++ struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry }; + return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2); + } + +@@ -424,7 +424,7 @@ static int tomoyo_sb_mount(const char *dev_name, struct path *path, + */ + static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) + { +- struct path path = { mnt, mnt->mnt_root }; ++ struct path path = { .mnt = mnt, .dentry = mnt->mnt_root }; + return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL); + } + @@ -503,7 +503,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -105068,10 +105316,10 @@ index 0000000..4c2c45c +size_overflow_hash.h diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile new file mode 100644 -index 0000000..b198b6d +index 0000000..d25d472 --- /dev/null +++ b/tools/gcc/Makefile -@@ -0,0 +1,54 @@ +@@ -0,0 +1,60 @@ +#CC := gcc +#PLUGIN_SOURCE_FILES := pax_plugin.c +#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) @@ -105110,22 +105358,28 @@ index 0000000..b198b6d +structleak_plugin-objs := structleak_plugin.o +randomize_layout_plugin-objs := randomize_layout_plugin.o + -+$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h ++$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h $(objtree)/$(obj)/size_overflow_hash_aux.h +$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h + +quiet_cmd_build_size_overflow_hash = GENHASH $@ + cmd_build_size_overflow_hash = \ -+ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -d $< -o $@ ++ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -s size_overflow_hash -d $< -o $@ +$(objtree)/$(obj)/size_overflow_hash.h: $(src)/size_overflow_hash.data FORCE + $(call if_changed,build_size_overflow_hash) + ++quiet_cmd_build_size_overflow_hash_aux = GENHASH $@ ++ cmd_build_size_overflow_hash_aux = \ ++ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -s size_overflow_hash_aux -d $< -o $@ ++$(objtree)/$(obj)/size_overflow_hash_aux.h: $(src)/size_overflow_hash_aux.data FORCE ++ $(call if_changed,build_size_overflow_hash_aux) ++ +quiet_cmd_create_randomize_layout_seed = GENSEED $@ + cmd_create_randomize_layout_seed = \ + $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h +$(objtree)/$(obj)/randomize_layout_seed.h: FORCE + $(call if_changed,create_randomize_layout_seed) + -+targets += size_overflow_hash.h randomize_layout_seed.h randomize_layout_hash.h ++targets += size_overflow_hash.h size_overflow_hash_aux.h randomize_layout_seed.h randomize_layout_hash.h diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c new file mode 100644 index 0000000..5452feea @@ -106017,10 +106271,10 @@ index 0000000..4f67ac1 +} diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h new file mode 100644 -index 0000000..6dbb502 +index 0000000..8af3693 --- /dev/null +++ b/tools/gcc/gcc-common.h -@@ -0,0 +1,286 @@ +@@ -0,0 +1,287 @@ +#ifndef GCC_COMMON_H_INCLUDED +#define GCC_COMMON_H_INCLUDED + @@ -106135,6 +106389,7 @@ index 0000000..6dbb502 +#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I) +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) +#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) ++#define TODO_rebuild_cgraph_edges 0 + +static inline bool gimple_call_builtin_p(gimple stmt, enum built_in_function code) +{ @@ -106323,10 +106578,10 @@ index 0000000..7514850 +fi diff --git a/tools/gcc/generate_size_overflow_hash.sh b/tools/gcc/generate_size_overflow_hash.sh new file mode 100644 -index 0000000..e518932 +index 0000000..791ca76 --- /dev/null +++ b/tools/gcc/generate_size_overflow_hash.sh -@@ -0,0 +1,94 @@ +@@ -0,0 +1,97 @@ +#!/bin/bash + +# This script generates the hash table (size_overflow_hash.h) for the size_overflow gcc plugin (size_overflow_plugin.c). @@ -106334,6 +106589,7 @@ index 0000000..e518932 +header1="size_overflow_hash.h" +database="size_overflow_hash.data" +n=65536 ++hashtable_name="size_overflow_hash" + +usage() { +cat <<EOF @@ -106343,6 +106599,7 @@ index 0000000..e518932 + -o header file + -d database file + -n hash array size ++ -s name of the hash table +EOF + return 0 +} @@ -106354,6 +106611,7 @@ index 0000000..e518932 + -n) n=$2; shift 2;; + -o) header1="$2"; shift 2;; + -d) database="$2"; shift 2;; ++ -s) hashtable_name="$2"; shift 2;; + --) shift 1; break ;; + *) break ;; + esac @@ -106395,7 +106653,7 @@ index 0000000..e518932 +} + +create_headers() { -+ echo "const struct size_overflow_hash * const size_overflow_hash[$n] = {" >> "$header1" ++ echo "const struct size_overflow_hash * const $hashtable_name[$n] = {" >> "$header1" +} + +create_array_elements() { @@ -114228,12 +114486,101 @@ index 0000000..9529806 +lookup_inline_extent_backref_65493 lookup_inline_extent_backref 9 65493 NULL +nvme_trans_standard_inquiry_page_65526 nvme_trans_standard_inquiry_page 4 65526 NULL +tree_mod_log_eb_copy_65535 tree_mod_log_eb_copy 6 65535 NULL +diff --git a/tools/gcc/size_overflow_hash_aux.data b/tools/gcc/size_overflow_hash_aux.data +new file mode 100644 +index 0000000..5dd8a8f +--- /dev/null ++++ b/tools/gcc/size_overflow_hash_aux.data +@@ -0,0 +1,83 @@ ++spa_set_aux_vdevs_746 spa_set_aux_vdevs 3 746 NULL ++mappedread_2627 mappedread 2 2627 NULL ++vdev_disk_dio_alloc_2957 vdev_disk_dio_alloc 1 2957 NULL ++nv_alloc_pushpage_spl_4286 nv_alloc_pushpage_spl 2 4286 NULL ++zpl_xattr_get_4574 zpl_xattr_get 0 4574 NULL ++sa_replace_all_by_template_5699 sa_replace_all_by_template 3 5699 NULL ++dmu_write_6048 dmu_write 4-3 6048 NULL ++dmu_buf_hold_array_6095 dmu_buf_hold_array 4-3 6095 NULL ++update_pages_6225 update_pages 2-3 6225 NULL ++bio_nr_pages_7117 bio_nr_pages 0-2 7117 NULL ++dmu_buf_hold_array_by_bonus_8562 dmu_buf_hold_array_by_bonus 3-2 8562 NULL ++zpios_dmu_write_8858 zpios_dmu_write 4-5 8858 NULL ++ddi_copyout_9401 ddi_copyout 3 9401 NULL ++avl_numnodes_12384 avl_numnodes 0 12384 NULL ++dmu_write_uio_dnode_12473 dmu_write_uio_dnode 3 12473 NULL ++dmu_xuio_init_12866 dmu_xuio_init 2 12866 NULL ++dmu_snapshot_realname_14632 dmu_snapshot_realname 4 14632 NULL ++kmem_alloc_debug_14852 kmem_alloc_debug 1 14852 NULL ++kmalloc_node_nofail_15151 kmalloc_node_nofail 1 15151 NULL ++dmu_write_uio_16351 dmu_write_uio 4 16351 NULL ++zfs_log_write_16524 zfs_log_write 6-5 16524 NULL ++sa_build_layouts_16910 sa_build_layouts 3 16910 NULL ++dsl_dir_namelen_17053 dsl_dir_namelen 0 17053 NULL ++sa_add_layout_entry_17507 sa_add_layout_entry 3 17507 NULL ++sa_attr_table_setup_18029 sa_attr_table_setup 3 18029 NULL ++uiocopy_18680 uiocopy 2 18680 NULL ++dmu_buf_hold_array_by_dnode_19125 dmu_buf_hold_array_by_dnode 2-3 19125 NULL ++zpl_acl_from_xattr_21141 zpl_acl_from_xattr 2 21141 NULL ++dsl_pool_tx_assign_init_22518 dsl_pool_tx_assign_init 2 22518 NULL ++sa_replace_all_by_template_locked_22533 sa_replace_all_by_template_locked 3 22533 NULL ++tsd_hash_table_init_22559 tsd_hash_table_init 1 22559 NULL ++spa_vdev_remove_aux_23966 spa_vdev_remove_aux 4 23966 NULL ++zpl_xattr_acl_set_access_24129 zpl_xattr_acl_set_access 4 24129 NULL ++dmu_assign_arcbuf_24622 dmu_assign_arcbuf 2 24622 NULL ++zap_lookup_norm_25166 zap_lookup_norm 9 25166 NULL ++dmu_prealloc_25456 dmu_prealloc 4-3 25456 NULL ++kmalloc_nofail_26347 kmalloc_nofail 1 26347 NULL ++zfsctl_snapshot_zpath_27578 zfsctl_snapshot_zpath 2 27578 NULL ++zpios_dmu_read_30015 zpios_dmu_read 4-5 30015 NULL ++splat_write_30943 splat_write 3 30943 NULL ++zpl_xattr_get_sa_31183 zpl_xattr_get_sa 0 31183 NULL ++dmu_read_uio_31467 dmu_read_uio 4 31467 NULL ++zfs_replay_fuids_31479 zfs_replay_fuids 4 31479 NULL ++spa_history_log_to_phys_31632 spa_history_log_to_phys 0-1 31632 NULL ++__zpl_xattr_get_32601 __zpl_xattr_get 0 32601 NULL ++proc_copyout_string_34049 proc_copyout_string 2 34049 NULL ++nv_alloc_sleep_spl_34544 nv_alloc_sleep_spl 2 34544 NULL ++nv_alloc_nosleep_spl_34761 nv_alloc_nosleep_spl 2 34761 NULL ++zap_leaf_array_match_36922 zap_leaf_array_match 4 36922 NULL ++copyinstr_36980 copyinstr 3 36980 NULL ++zpl_xattr_acl_set_default_37864 zpl_xattr_acl_set_default 4 37864 NULL ++splat_read_38116 splat_read 3 38116 NULL ++sa_setup_38756 sa_setup 4 38756 NULL ++vdev_disk_physio_39898 vdev_disk_physio 3 39898 NULL ++arc_buf_size_39982 arc_buf_size 0 39982 NULL ++kzalloc_nofail_40719 kzalloc_nofail 1 40719 NULL ++fuidstr_to_sid_40777 fuidstr_to_sid 4 40777 NULL ++vdev_raidz_matrix_reconstruct_40852 vdev_raidz_matrix_reconstruct 2-3 40852 NULL ++sa_find_layout_40892 sa_find_layout 4 40892 NULL ++zpl_xattr_get_dir_41918 zpl_xattr_get_dir 0 41918 NULL ++zpl_xattr_acl_set_42808 zpl_xattr_acl_set 4 42808 NULL ++xdr_dec_array_43091 xdr_dec_array 5 43091 NULL ++dsl_dataset_namelen_43136 dsl_dataset_namelen 0 43136 NULL ++uiomove_44355 uiomove 2 44355 NULL ++dmu_read_44418 dmu_read 4-3 44418 NULL ++ddi_copyin_44846 ddi_copyin 3 44846 NULL ++copyin_45945 copyin 3 45945 NULL ++zil_itx_create_46555 zil_itx_create 2 46555 NULL ++dmu_write_uio_dbuf_48064 dmu_write_uio_dbuf 3 48064 NULL ++spa_history_write_49650 spa_history_write 3 49650 NULL ++zfs_log_write_50162 zfs_log_write 6-5 50162 NULL ++i_fm_alloc_51038 i_fm_alloc 2 51038 NULL ++copyout_51409 copyout 3 51409 NULL ++zvol_log_write_54898 zvol_log_write 4-3 54898 NULL ++zfs_acl_node_alloc_55641 zfs_acl_node_alloc 1 55641 NULL ++get_nvlist_56685 get_nvlist 2 56685 NULL ++zprop_get_numprops_56820 zprop_get_numprops 0 56820 NULL ++splat_taskq_test4_common_59829 splat_taskq_test4_common 5 59829 NULL ++zfs_replay_domain_cnt_61399 zfs_replay_domain_cnt 0 61399 NULL ++zpios_write_61823 zpios_write 3 61823 NULL ++proc_copyin_string_62019 proc_copyin_string 4 62019 NULL ++random_get_pseudo_bytes_64611 random_get_pseudo_bytes 2 64611 NULL ++zpios_read_64734 zpios_read 3 64734 NULL diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..fa0524c +index 0000000..0a9dd22 --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,4101 @@ +@@ -0,0 +1,4110 @@ +/* + * Copyright 2011-2014 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -114262,7 +114609,7 @@ index 0000000..fa0524c +int plugin_is_GPL_compatible; + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20140317", ++ .version = "20140402", + .help = "no-size-overflow\tturn off size overflow checking\n", +}; + @@ -114290,6 +114637,7 @@ index 0000000..fa0524c +}; + +#include "size_overflow_hash.h" ++#include "size_overflow_hash_aux.h" + +enum mark { + MARK_NO, MARK_YES, MARK_NOT_INTENTIONAL, MARK_TURN_OFF @@ -114681,6 +115029,16 @@ index 0000000..fa0524c + set_node_codes(TREE_VALUE(arg), fn_hash_data); +} + ++static const struct size_overflow_hash *get_proper_hash_chain(const struct size_overflow_hash *entry, const char *func_name) ++{ ++ while (entry) { ++ if (!strcmp(entry->name, func_name)) ++ return entry; ++ entry = entry->next; ++ } ++ return NULL; ++} ++ +static const struct size_overflow_hash *get_function_hash(const_tree fndecl) +{ + const struct size_overflow_hash *entry; @@ -114701,13 +115059,11 @@ index 0000000..fa0524c + set_hash(func_name, &fn_hash_data); + + entry = size_overflow_hash[fn_hash_data.hash]; -+ -+ while (entry) { -+ if (!strcmp(entry->name, func_name)) -+ return entry; -+ entry = entry->next; -+ } -+ return NULL; ++ entry = get_proper_hash_chain(entry, func_name); ++ if (entry) ++ return entry; ++ entry = size_overflow_hash_aux[fn_hash_data.hash]; ++ return get_proper_hash_chain(entry, func_name); +} + +static void print_missing_msg(const_tree func, unsigned int argnum) diff --git a/3.2.56/0000_README b/3.2.56/0000_README index b2a75bc..0adc45a 100644 --- a/3.2.56/0000_README +++ b/3.2.56/0000_README @@ -142,7 +142,7 @@ Patch: 1055_linux-3.2.56.patch From: http://www.kernel.org Desc: Linux 3.2.56 -Patch: 4420_grsecurity-3.0-3.2.56-201404031155.patch +Patch: 4420_grsecurity-3.0-3.2.56-201404062126.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.56/4420_grsecurity-3.0-3.2.56-201404031155.patch b/3.2.56/4420_grsecurity-3.0-3.2.56-201404062126.patch index a7d359a..f93b78b 100644 --- a/3.2.56/4420_grsecurity-3.0-3.2.56-201404031155.patch +++ b/3.2.56/4420_grsecurity-3.0-3.2.56-201404062126.patch @@ -10275,10 +10275,28 @@ index 35af09d..99c9676 100644 /* Target address to relocate to for decompression */ diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c -index 3a19d04..7c1d55a 100644 +index 3a19d04..1bef1d5 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c -@@ -310,7 +310,7 @@ static void parse_elf(void *output) +@@ -226,7 +226,7 @@ void __putstr(int error, const char *s) + + void *memset(void *s, int c, size_t n) + { +- int i; ++ size_t i; + char *ss = s; + + for (i = 0; i < n; i++) +@@ -282,7 +282,7 @@ static void parse_elf(void *output) + Elf32_Ehdr ehdr; + Elf32_Phdr *phdrs, *phdr; + #endif +- void *dest; ++ void *dest, *prev; + int i; + + memcpy(&ehdr, output, sizeof(ehdr)); +@@ -310,13 +310,16 @@ static void parse_elf(void *output) case PT_LOAD: #ifdef CONFIG_RELOCATABLE dest = output; @@ -10287,7 +10305,16 @@ index 3a19d04..7c1d55a 100644 #else dest = (void *)(phdr->p_paddr); #endif -@@ -363,7 +363,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap, + memcpy(dest, + output + phdr->p_offset, + phdr->p_filesz); ++ if (i) ++ memset(prev, 0xff, dest - prev); ++ prev = dest + phdr->p_filesz; + break; + default: /* Ignore other PT_* */ break; + } +@@ -363,7 +366,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap, error("Destination address too large"); #endif #ifndef CONFIG_RELOCATABLE @@ -41280,6 +41307,23 @@ index 1f355bb..43f1fea 100644 return -EFAULT; } else memcpy(msg, buf, count); +diff --git a/drivers/isdn/isdnloop/isdnloop.c b/drivers/isdn/isdnloop/isdnloop.c +index 4df80fb..6a58169 100644 +--- a/drivers/isdn/isdnloop/isdnloop.c ++++ b/drivers/isdn/isdnloop/isdnloop.c +@@ -1070,6 +1070,12 @@ isdnloop_start(isdnloop_card * card, isdnloop_sdef * sdefp) + return -EBUSY; + if (copy_from_user((char *) &sdef, (char *) sdefp, sizeof(sdef))) + return -EFAULT; ++ ++ for (i = 0; i < 3; i++) { ++ if (!memchr(sdef.num[i], 0, sizeof(sdef.num[i]))) ++ return -EINVAL; ++ } ++ + spin_lock_irqsave(&card->isdnloop_lock, flags); + switch (sdef.ptype) { + case ISDN_PTYPE_EURO: diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c index 4d395de..c504763 100644 --- a/drivers/isdn/mISDN/dsp_cmx.c @@ -75385,7 +75429,7 @@ index 2f81c6f..225b4e4 100644 #define audit_get_loginuid(t) (-1) #define audit_get_sessionid(t) (-1) diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h -index d337419..c87c74b 100644 +index d337419..1d6a512f 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h @@ -18,7 +18,7 @@ struct pt_regs; @@ -75397,14 +75441,16 @@ index d337419..c87c74b 100644 #define CORENAME_MAX_SIZE 128 -@@ -58,6 +58,7 @@ struct linux_binprm { +@@ -58,7 +58,8 @@ struct linux_binprm { unsigned interp_flags; unsigned interp_data; unsigned long loader, exec; +-}; + char tcomm[TASK_COMM_LEN]; - }; ++} __randomize_layout; #define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0 + #define BINPRM_FLAGS_ENFORCE_NONDUMP (1 << BINPRM_FLAGS_ENFORCE_NONDUMP_BIT) @@ -86,8 +87,10 @@ struct linux_binfmt { int (*load_binary)(struct linux_binprm *, struct pt_regs * regs); int (*load_shlib)(struct file *); @@ -75413,7 +75459,7 @@ index d337419..c87c74b 100644 + void (*handle_mmap)(struct file *); unsigned long min_coredump; /* minimal dump size */ -}; -+} __do_const; ++} __do_const __randomize_layout; extern int __register_binfmt(struct linux_binfmt *fmt, int insert); @@ -76263,7 +76309,7 @@ index 82163c4..bd0f588 100644 extern struct kmem_cache *files_cachep; diff --git a/include/linux/filter.h b/include/linux/filter.h -index 8eeb205..13d571c 100644 +index 8eeb205..14c2a1c 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -10,6 +10,7 @@ @@ -76294,7 +76340,7 @@ index 8eeb205..13d571c 100644 struct sk_filter { -@@ -141,6 +153,9 @@ struct sk_filter +@@ -141,9 +153,12 @@ struct sk_filter unsigned int len; /* Number of filter blocks */ unsigned int (*bpf_func)(const struct sk_buff *skb, const struct sock_filter *filter); @@ -76303,7 +76349,11 @@ index 8eeb205..13d571c 100644 +#endif struct rcu_head rcu; struct sock_filter insns[0]; - }; +-}; ++} __randomize_layout; + + static inline unsigned int sk_filter_len(const struct sk_filter *fp) + { @@ -228,6 +243,7 @@ enum { BPF_S_ANC_HATYPE, BPF_S_ANC_RXHASH, @@ -79241,6 +79291,27 @@ index 4633b2f..988bc08 100644 atomic_t reorder_objects; atomic_t refcnt; unsigned int max_seq_nr; +diff --git a/include/linux/path.h b/include/linux/path.h +index edc98de..a2c707f 100644 +--- a/include/linux/path.h ++++ b/include/linux/path.h +@@ -1,13 +1,15 @@ + #ifndef _LINUX_PATH_H + #define _LINUX_PATH_H + ++#include <linux/compiler.h> ++ + struct dentry; + struct vfsmount; + + struct path { + struct vfsmount *mnt; + struct dentry *dentry; +-}; ++} __randomize_layout; + + extern void path_get(struct path *); + extern void path_put(struct path *); diff --git a/include/linux/pci_hotplug.h b/include/linux/pci_hotplug.h index 45fc162..01a4068 100644 --- a/include/linux/pci_hotplug.h @@ -80342,7 +80413,7 @@ index cc7a4e9..306733e 100644 +#endif /* __KERNEL__ */ #endif /* _LINUX_SECCOMP_H */ diff --git a/include/linux/security.h b/include/linux/security.h -index e8c619d..99d0f1f 100644 +index e8c619d..97e49a6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -37,6 +37,7 @@ @@ -80370,6 +80441,15 @@ index e8c619d..99d0f1f 100644 #ifdef CONFIG_MMU /* +@@ -1654,7 +1654,7 @@ struct security_operations { + struct audit_context *actx); + void (*audit_rule_free) (void *lsmrule); + #endif /* CONFIG_AUDIT */ +-}; ++} __randomize_layout; + + /* prototypes */ + extern int security_init(void); @@ -1676,6 +1676,8 @@ int security_capset(struct cred *new, const struct cred *old, const kernel_cap_t *permitted); int security_capable(struct user_namespace *ns, const struct cred *cred, @@ -81113,7 +81193,7 @@ index 5dbb3cb..a192962 100644 /* Each of a tty's open files has private_data pointing to tty_file_private */ struct tty_file_private { diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h -index ecdaeb9..a7e29ec 100644 +index ecdaeb9..e1484a7 100644 --- a/include/linux/tty_driver.h +++ b/include/linux/tty_driver.h @@ -286,7 +286,7 @@ struct tty_operations { @@ -81121,7 +81201,7 @@ index ecdaeb9..a7e29ec 100644 #endif const struct file_operations *proc_fops; -}; -+} __do_const; ++} __do_const __randomize_layout; struct tty_driver { int magic; /* magic number for this structure */ @@ -81607,6 +81687,19 @@ index adcbb20..62c2559 100644 void v9fs_register_trans(struct p9_trans_module *m); void v9fs_unregister_trans(struct p9_trans_module *m); +diff --git a/include/net/af_unix.h b/include/net/af_unix.h +index 91ab5b0..23e3e9b 100644 +--- a/include/net/af_unix.h ++++ b/include/net/af_unix.h +@@ -30,7 +30,7 @@ struct unix_skb_parms { + #ifdef CONFIG_SECURITY_NETWORK + u32 secid; /* Security ID */ + #endif +-}; ++} __randomize_layout; + + #define UNIXCB(skb) (*(struct unix_skb_parms *)&((skb)->cb)) + #define UNIXSID(skb) (&UNIXCB((skb)).secid) diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h index 6cc18f3..b0df15a 100644 --- a/include/net/bluetooth/l2cap.h @@ -82120,7 +82213,7 @@ index c2e542b..6ca975b 100644 extern __u32 secure_ipv6_id(const __be32 daddr[4]); extern u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport); diff --git a/include/net/sock.h b/include/net/sock.h -index e6454b6..cda5eaf 100644 +index e6454b6..7a6b6bc 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -278,7 +278,7 @@ struct sock { @@ -82132,6 +82225,24 @@ index e6454b6..cda5eaf 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; +@@ -849,7 +849,7 @@ struct proto { + #ifdef SOCK_REFCNT_DEBUG + atomic_t socks; + #endif +-}; ++} __randomize_layout; + + extern int proto_register(struct proto *prot, int alloc_slab); + extern void proto_unregister(struct proto *prot); +@@ -929,7 +929,7 @@ struct sock_iocb { + struct scm_cookie *scm; + struct msghdr *msg, async_msg; + struct kiocb *kiocb; +-}; ++} __randomize_layout; + + static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb) + { @@ -1416,7 +1416,7 @@ static inline void sk_nocaps_add(struct sock *sk, int flags) } @@ -90793,6 +90904,28 @@ index b8029a5..2b120e1 100644 + pax_close_kernel(); +} +EXPORT_SYMBOL(pax_list_del_rcu); +diff --git a/lib/nlattr.c b/lib/nlattr.c +index a8408b6..190ae10 100644 +--- a/lib/nlattr.c ++++ b/lib/nlattr.c +@@ -299,9 +299,15 @@ int nla_memcmp(const struct nlattr *nla, const void *data, + */ + int nla_strcmp(const struct nlattr *nla, const char *str) + { +- int len = strlen(str) + 1; +- int d = nla_len(nla) - len; ++ int len = strlen(str); ++ char *buf = nla_data(nla); ++ int attrlen = nla_len(nla); ++ int d; + ++ if (attrlen > 0 && buf[attrlen - 1] == '\0') ++ attrlen--; ++ ++ d = attrlen - len; + if (d == 0) + d = memcmp(nla_data(nla), str, len); + diff --git a/lib/radix-tree.c b/lib/radix-tree.c index d9df745..e73c2fe 100644 --- a/lib/radix-tree.c @@ -102698,7 +102831,7 @@ index 8da4481..d02565e 100644 + (rtt >> sctp_rto_alpha); } else { diff --git a/net/socket.c b/net/socket.c -index d4faade..002025a 100644 +index d4faade..3d43f20 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -102873,6 +103006,15 @@ index d4faade..002025a 100644 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, unsigned, flags, struct sockaddr __user *, addr, int, addr_len) +@@ -1737,7 +1803,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, + struct socket *sock; + struct iovec iov; + struct msghdr msg; +- struct sockaddr_storage address; ++ struct sockaddr_storage address = { }; + int err, err2; + int fput_needed; + @@ -1884,6 +1950,10 @@ static int copy_msghdr_from_user(struct msghdr *kmsg, { if (copy_from_user(kmsg, umsg, sizeof(struct msghdr))) @@ -102893,6 +103035,15 @@ index d4faade..002025a 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; +@@ -2117,7 +2187,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, + int err, iov_size, total_len, len; + + /* kernel mode address */ +- struct sockaddr_storage addr; ++ struct sockaddr_storage addr = { }; + + /* user mode address pointers */ + struct sockaddr __user *uaddr; @@ -2148,7 +2218,8 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, /* Save the user-mode address (verify_iovec will change the * kernel msghdr to use the kernel address space) @@ -104477,14 +104628,14 @@ index cb1f50c..cef2a7c 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..3c23999 +index 0000000..edcbc3a --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,16 @@ +#!/bin/bash +srctree=$(dirname "$0") -+gccplugins_dir=$("$3" -print-file-name=plugin) -+plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF ++gccplugins_dir=$($3 -print-file-name=plugin) ++plugincc=$($1 -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF +#include "gcc-common.h" +#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX) +#warning $2 @@ -106187,6 +106338,21 @@ index c1e18ba..7316d77 100644 if (ns_name) { /* released below */ ns = aa_find_namespace(profile->ns, ns_name); +diff --git a/security/apparmor/file.c b/security/apparmor/file.c +index 7312db7..faf3f03 100644 +--- a/security/apparmor/file.c ++++ b/security/apparmor/file.c +@@ -349,8 +349,8 @@ static inline bool xindex_is_subset(u32 link, u32 target) + int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, + struct path *new_dir, struct dentry *new_dentry) + { +- struct path link = { new_dir->mnt, new_dentry }; +- struct path target = { new_dir->mnt, old_dentry }; ++ struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry }; ++ struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry }; + struct path_cond cond = { + old_dentry->d_inode->i_uid, + old_dentry->d_inode->i_mode diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h index cb1e93a..14f955c 100644 --- a/security/apparmor/include/apparmorfs.h @@ -106277,7 +106443,7 @@ index aeda5cf..6776929 100644 }; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index 3783202..d70ae70 100644 +index 3783202..4cc8dbf 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -32,6 +32,7 @@ @@ -106288,6 +106454,35 @@ index 3783202..d70ae70 100644 #include "include/path.h" #include "include/policy.h" #include "include/procattr.h" +@@ -186,7 +187,7 @@ static int common_perm_dir_dentry(int op, struct path *dir, + struct dentry *dentry, u32 mask, + struct path_cond *cond) + { +- struct path path = { dir->mnt, dentry }; ++ struct path path = { .mnt = dir->mnt, .dentry = dentry }; + + return common_perm(op, &path, mask, cond); + } +@@ -203,7 +204,7 @@ static int common_perm_dir_dentry(int op, struct path *dir, + static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, + struct dentry *dentry, u32 mask) + { +- struct path path = { mnt, dentry }; ++ struct path path = { .mnt = mnt, .dentry = dentry }; + struct path_cond cond = { dentry->d_inode->i_uid, + dentry->d_inode->i_mode + }; +@@ -325,8 +326,8 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, + + profile = aa_current_profile(); + if (!unconfined(profile)) { +- struct path old_path = { old_dir->mnt, old_dentry }; +- struct path new_path = { new_dir->mnt, new_dentry }; ++ struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry }; ++ struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry }; + struct path_cond cond = { old_dentry->d_inode->i_uid, + old_dentry->d_inode->i_mode + }; @@ -621,7 +622,105 @@ static int apparmor_task_setrlimit(struct task_struct *task, return error; } @@ -107238,10 +107433,155 @@ index 7db62b4..ee4d949 100644 .name = "smack", .ptrace_access_check = smack_ptrace_access_check, +diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c +index 4003907..13a2b55 100644 +--- a/security/tomoyo/file.c ++++ b/security/tomoyo/file.c +@@ -692,7 +692,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path, + { + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int error = -ENOMEM; + struct tomoyo_path_info buf; +@@ -740,7 +740,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, + struct tomoyo_path_info buf; + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int idx; + +@@ -786,7 +786,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path, const char *target) + { + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int error; + struct tomoyo_path_info buf; +@@ -843,7 +843,7 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path, + { + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int error = -ENOMEM; + struct tomoyo_path_info buf; +@@ -890,8 +890,8 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1, + struct tomoyo_path_info buf2; + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path1, +- .path2 = *path2, ++ .path1 = { .mnt = path1->mnt, .dentry = path1->dentry }, ++ .path2 = { .mnt = path2->mnt, .dentry = path2->dentry } + }; + int idx; + diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c -index 4b327b6..646c57a2b 100644 +index 4b327b6..c1f0860 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c +@@ -146,7 +146,7 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) + */ + static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) + { +- struct path path = { mnt, dentry }; ++ struct path path = { .mnt = mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL); + } + +@@ -172,7 +172,7 @@ static int tomoyo_path_truncate(struct path *path) + */ + static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); + } + +@@ -188,7 +188,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) + static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, + int mode) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, + mode & S_IALLUGO); + } +@@ -203,7 +203,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, + */ + static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); + } + +@@ -219,7 +219,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) + static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, + const char *old_name) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name); + } + +@@ -236,7 +236,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, + static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, + int mode, unsigned int dev) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + int type = TOMOYO_TYPE_CREATE; + const unsigned int perm = mode & S_IALLUGO; + +@@ -275,8 +275,8 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, + static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, + struct dentry *new_dentry) + { +- struct path path1 = { new_dir->mnt, old_dentry }; +- struct path path2 = { new_dir->mnt, new_dentry }; ++ struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry }; ++ struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry }; + return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2); + } + +@@ -295,8 +295,8 @@ static int tomoyo_path_rename(struct path *old_parent, + struct path *new_parent, + struct dentry *new_dentry) + { +- struct path path1 = { old_parent->mnt, old_dentry }; +- struct path path2 = { new_parent->mnt, new_dentry }; ++ struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry }; ++ struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry }; + return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2); + } + +@@ -362,7 +362,7 @@ static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, + static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt, + mode_t mode) + { +- struct path path = { mnt, dentry }; ++ struct path path = { .mnt = mnt, .dentry = dentry }; + return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, &path, + mode & S_IALLUGO); + } +@@ -425,7 +425,7 @@ static int tomoyo_sb_mount(char *dev_name, struct path *path, + */ + static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) + { +- struct path path = { mnt, mnt->mnt_root }; ++ struct path path = { .mnt = mnt, .dentry = mnt->mnt_root }; + return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL); + } + @@ -504,7 +504,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -107942,10 +108282,10 @@ index 0000000..4c2c45c +size_overflow_hash.h diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile new file mode 100644 -index 0000000..b198b6d +index 0000000..d25d472 --- /dev/null +++ b/tools/gcc/Makefile -@@ -0,0 +1,54 @@ +@@ -0,0 +1,60 @@ +#CC := gcc +#PLUGIN_SOURCE_FILES := pax_plugin.c +#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) @@ -107984,22 +108324,28 @@ index 0000000..b198b6d +structleak_plugin-objs := structleak_plugin.o +randomize_layout_plugin-objs := randomize_layout_plugin.o + -+$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h ++$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h $(objtree)/$(obj)/size_overflow_hash_aux.h +$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h + +quiet_cmd_build_size_overflow_hash = GENHASH $@ + cmd_build_size_overflow_hash = \ -+ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -d $< -o $@ ++ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -s size_overflow_hash -d $< -o $@ +$(objtree)/$(obj)/size_overflow_hash.h: $(src)/size_overflow_hash.data FORCE + $(call if_changed,build_size_overflow_hash) + ++quiet_cmd_build_size_overflow_hash_aux = GENHASH $@ ++ cmd_build_size_overflow_hash_aux = \ ++ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -s size_overflow_hash_aux -d $< -o $@ ++$(objtree)/$(obj)/size_overflow_hash_aux.h: $(src)/size_overflow_hash_aux.data FORCE ++ $(call if_changed,build_size_overflow_hash_aux) ++ +quiet_cmd_create_randomize_layout_seed = GENSEED $@ + cmd_create_randomize_layout_seed = \ + $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h +$(objtree)/$(obj)/randomize_layout_seed.h: FORCE + $(call if_changed,create_randomize_layout_seed) + -+targets += size_overflow_hash.h randomize_layout_seed.h randomize_layout_hash.h ++targets += size_overflow_hash.h size_overflow_hash_aux.h randomize_layout_seed.h randomize_layout_hash.h diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c new file mode 100644 index 0000000..5452feea @@ -108891,10 +109237,10 @@ index 0000000..4f67ac1 +} diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h new file mode 100644 -index 0000000..6dbb502 +index 0000000..8af3693 --- /dev/null +++ b/tools/gcc/gcc-common.h -@@ -0,0 +1,286 @@ +@@ -0,0 +1,287 @@ +#ifndef GCC_COMMON_H_INCLUDED +#define GCC_COMMON_H_INCLUDED + @@ -109009,6 +109355,7 @@ index 0000000..6dbb502 +#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I) +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) +#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) ++#define TODO_rebuild_cgraph_edges 0 + +static inline bool gimple_call_builtin_p(gimple stmt, enum built_in_function code) +{ @@ -109197,10 +109544,10 @@ index 0000000..7514850 +fi diff --git a/tools/gcc/generate_size_overflow_hash.sh b/tools/gcc/generate_size_overflow_hash.sh new file mode 100644 -index 0000000..e518932 +index 0000000..791ca76 --- /dev/null +++ b/tools/gcc/generate_size_overflow_hash.sh -@@ -0,0 +1,94 @@ +@@ -0,0 +1,97 @@ +#!/bin/bash + +# This script generates the hash table (size_overflow_hash.h) for the size_overflow gcc plugin (size_overflow_plugin.c). @@ -109208,6 +109555,7 @@ index 0000000..e518932 +header1="size_overflow_hash.h" +database="size_overflow_hash.data" +n=65536 ++hashtable_name="size_overflow_hash" + +usage() { +cat <<EOF @@ -109217,6 +109565,7 @@ index 0000000..e518932 + -o header file + -d database file + -n hash array size ++ -s name of the hash table +EOF + return 0 +} @@ -109228,6 +109577,7 @@ index 0000000..e518932 + -n) n=$2; shift 2;; + -o) header1="$2"; shift 2;; + -d) database="$2"; shift 2;; ++ -s) hashtable_name="$2"; shift 2;; + --) shift 1; break ;; + *) break ;; + esac @@ -109269,7 +109619,7 @@ index 0000000..e518932 +} + +create_headers() { -+ echo "const struct size_overflow_hash * const size_overflow_hash[$n] = {" >> "$header1" ++ echo "const struct size_overflow_hash * const $hashtable_name[$n] = {" >> "$header1" +} + +create_array_elements() { @@ -111389,10 +111739,10 @@ index 0000000..8dafb22 +} diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data new file mode 100644 -index 0000000..7b67f2b +index 0000000..6111b9b --- /dev/null +++ b/tools/gcc/size_overflow_hash.data -@@ -0,0 +1,6001 @@ +@@ -0,0 +1,6002 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL @@ -116761,6 +117111,7 @@ index 0000000..7b67f2b +iscsi_decode_text_input_58292 iscsi_decode_text_input 4 58292 NULL +my_skb_head_push_58297 my_skb_head_push 2 58297 NULL +ieee80211_if_read_dot11MeshTTL_58307 ieee80211_if_read_dot11MeshTTL 3 58307 NULL ++ext4_ext_truncate_extend_restart_58331 ext4_ext_truncate_extend_restart 0 58331 NULL +next_pidmap_58347 next_pidmap 2-0 58347 NULL +vmalloc_to_sg_58354 vmalloc_to_sg 2 58354 NULL +sctp_make_init_58401 sctp_make_init 4 58401 NULL @@ -117394,12 +117745,101 @@ index 0000000..7b67f2b +ath_rx_edma_init_65483 ath_rx_edma_init 2 65483 NULL +alloc_dr_65495 alloc_dr 2 65495 NULL +selnl_msglen_65499 selnl_msglen 0 65499 NULL +diff --git a/tools/gcc/size_overflow_hash_aux.data b/tools/gcc/size_overflow_hash_aux.data +new file mode 100644 +index 0000000..5dd8a8f +--- /dev/null ++++ b/tools/gcc/size_overflow_hash_aux.data +@@ -0,0 +1,83 @@ ++spa_set_aux_vdevs_746 spa_set_aux_vdevs 3 746 NULL ++mappedread_2627 mappedread 2 2627 NULL ++vdev_disk_dio_alloc_2957 vdev_disk_dio_alloc 1 2957 NULL ++nv_alloc_pushpage_spl_4286 nv_alloc_pushpage_spl 2 4286 NULL ++zpl_xattr_get_4574 zpl_xattr_get 0 4574 NULL ++sa_replace_all_by_template_5699 sa_replace_all_by_template 3 5699 NULL ++dmu_write_6048 dmu_write 4-3 6048 NULL ++dmu_buf_hold_array_6095 dmu_buf_hold_array 4-3 6095 NULL ++update_pages_6225 update_pages 2-3 6225 NULL ++bio_nr_pages_7117 bio_nr_pages 0-2 7117 NULL ++dmu_buf_hold_array_by_bonus_8562 dmu_buf_hold_array_by_bonus 3-2 8562 NULL ++zpios_dmu_write_8858 zpios_dmu_write 4-5 8858 NULL ++ddi_copyout_9401 ddi_copyout 3 9401 NULL ++avl_numnodes_12384 avl_numnodes 0 12384 NULL ++dmu_write_uio_dnode_12473 dmu_write_uio_dnode 3 12473 NULL ++dmu_xuio_init_12866 dmu_xuio_init 2 12866 NULL ++dmu_snapshot_realname_14632 dmu_snapshot_realname 4 14632 NULL ++kmem_alloc_debug_14852 kmem_alloc_debug 1 14852 NULL ++kmalloc_node_nofail_15151 kmalloc_node_nofail 1 15151 NULL ++dmu_write_uio_16351 dmu_write_uio 4 16351 NULL ++zfs_log_write_16524 zfs_log_write 6-5 16524 NULL ++sa_build_layouts_16910 sa_build_layouts 3 16910 NULL ++dsl_dir_namelen_17053 dsl_dir_namelen 0 17053 NULL ++sa_add_layout_entry_17507 sa_add_layout_entry 3 17507 NULL ++sa_attr_table_setup_18029 sa_attr_table_setup 3 18029 NULL ++uiocopy_18680 uiocopy 2 18680 NULL ++dmu_buf_hold_array_by_dnode_19125 dmu_buf_hold_array_by_dnode 2-3 19125 NULL ++zpl_acl_from_xattr_21141 zpl_acl_from_xattr 2 21141 NULL ++dsl_pool_tx_assign_init_22518 dsl_pool_tx_assign_init 2 22518 NULL ++sa_replace_all_by_template_locked_22533 sa_replace_all_by_template_locked 3 22533 NULL ++tsd_hash_table_init_22559 tsd_hash_table_init 1 22559 NULL ++spa_vdev_remove_aux_23966 spa_vdev_remove_aux 4 23966 NULL ++zpl_xattr_acl_set_access_24129 zpl_xattr_acl_set_access 4 24129 NULL ++dmu_assign_arcbuf_24622 dmu_assign_arcbuf 2 24622 NULL ++zap_lookup_norm_25166 zap_lookup_norm 9 25166 NULL ++dmu_prealloc_25456 dmu_prealloc 4-3 25456 NULL ++kmalloc_nofail_26347 kmalloc_nofail 1 26347 NULL ++zfsctl_snapshot_zpath_27578 zfsctl_snapshot_zpath 2 27578 NULL ++zpios_dmu_read_30015 zpios_dmu_read 4-5 30015 NULL ++splat_write_30943 splat_write 3 30943 NULL ++zpl_xattr_get_sa_31183 zpl_xattr_get_sa 0 31183 NULL ++dmu_read_uio_31467 dmu_read_uio 4 31467 NULL ++zfs_replay_fuids_31479 zfs_replay_fuids 4 31479 NULL ++spa_history_log_to_phys_31632 spa_history_log_to_phys 0-1 31632 NULL ++__zpl_xattr_get_32601 __zpl_xattr_get 0 32601 NULL ++proc_copyout_string_34049 proc_copyout_string 2 34049 NULL ++nv_alloc_sleep_spl_34544 nv_alloc_sleep_spl 2 34544 NULL ++nv_alloc_nosleep_spl_34761 nv_alloc_nosleep_spl 2 34761 NULL ++zap_leaf_array_match_36922 zap_leaf_array_match 4 36922 NULL ++copyinstr_36980 copyinstr 3 36980 NULL ++zpl_xattr_acl_set_default_37864 zpl_xattr_acl_set_default 4 37864 NULL ++splat_read_38116 splat_read 3 38116 NULL ++sa_setup_38756 sa_setup 4 38756 NULL ++vdev_disk_physio_39898 vdev_disk_physio 3 39898 NULL ++arc_buf_size_39982 arc_buf_size 0 39982 NULL ++kzalloc_nofail_40719 kzalloc_nofail 1 40719 NULL ++fuidstr_to_sid_40777 fuidstr_to_sid 4 40777 NULL ++vdev_raidz_matrix_reconstruct_40852 vdev_raidz_matrix_reconstruct 2-3 40852 NULL ++sa_find_layout_40892 sa_find_layout 4 40892 NULL ++zpl_xattr_get_dir_41918 zpl_xattr_get_dir 0 41918 NULL ++zpl_xattr_acl_set_42808 zpl_xattr_acl_set 4 42808 NULL ++xdr_dec_array_43091 xdr_dec_array 5 43091 NULL ++dsl_dataset_namelen_43136 dsl_dataset_namelen 0 43136 NULL ++uiomove_44355 uiomove 2 44355 NULL ++dmu_read_44418 dmu_read 4-3 44418 NULL ++ddi_copyin_44846 ddi_copyin 3 44846 NULL ++copyin_45945 copyin 3 45945 NULL ++zil_itx_create_46555 zil_itx_create 2 46555 NULL ++dmu_write_uio_dbuf_48064 dmu_write_uio_dbuf 3 48064 NULL ++spa_history_write_49650 spa_history_write 3 49650 NULL ++zfs_log_write_50162 zfs_log_write 6-5 50162 NULL ++i_fm_alloc_51038 i_fm_alloc 2 51038 NULL ++copyout_51409 copyout 3 51409 NULL ++zvol_log_write_54898 zvol_log_write 4-3 54898 NULL ++zfs_acl_node_alloc_55641 zfs_acl_node_alloc 1 55641 NULL ++get_nvlist_56685 get_nvlist 2 56685 NULL ++zprop_get_numprops_56820 zprop_get_numprops 0 56820 NULL ++splat_taskq_test4_common_59829 splat_taskq_test4_common 5 59829 NULL ++zfs_replay_domain_cnt_61399 zfs_replay_domain_cnt 0 61399 NULL ++zpios_write_61823 zpios_write 3 61823 NULL ++proc_copyin_string_62019 proc_copyin_string 4 62019 NULL ++random_get_pseudo_bytes_64611 random_get_pseudo_bytes 2 64611 NULL ++zpios_read_64734 zpios_read 3 64734 NULL diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..fa0524c +index 0000000..0a9dd22 --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,4101 @@ +@@ -0,0 +1,4110 @@ +/* + * Copyright 2011-2014 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -117428,7 +117868,7 @@ index 0000000..fa0524c +int plugin_is_GPL_compatible; + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20140317", ++ .version = "20140402", + .help = "no-size-overflow\tturn off size overflow checking\n", +}; + @@ -117456,6 +117896,7 @@ index 0000000..fa0524c +}; + +#include "size_overflow_hash.h" ++#include "size_overflow_hash_aux.h" + +enum mark { + MARK_NO, MARK_YES, MARK_NOT_INTENTIONAL, MARK_TURN_OFF @@ -117847,6 +118288,16 @@ index 0000000..fa0524c + set_node_codes(TREE_VALUE(arg), fn_hash_data); +} + ++static const struct size_overflow_hash *get_proper_hash_chain(const struct size_overflow_hash *entry, const char *func_name) ++{ ++ while (entry) { ++ if (!strcmp(entry->name, func_name)) ++ return entry; ++ entry = entry->next; ++ } ++ return NULL; ++} ++ +static const struct size_overflow_hash *get_function_hash(const_tree fndecl) +{ + const struct size_overflow_hash *entry; @@ -117867,13 +118318,11 @@ index 0000000..fa0524c + set_hash(func_name, &fn_hash_data); + + entry = size_overflow_hash[fn_hash_data.hash]; -+ -+ while (entry) { -+ if (!strcmp(entry->name, func_name)) -+ return entry; -+ entry = entry->next; -+ } -+ return NULL; ++ entry = get_proper_hash_chain(entry, func_name); ++ if (entry) ++ return entry; ++ entry = size_overflow_hash_aux[fn_hash_data.hash]; ++ return get_proper_hash_chain(entry, func_name); +} + +static void print_missing_msg(const_tree func, unsigned int argnum) |