summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2015-11-24 03:54:22 -0500
committerAnthony G. Basile <blueness@gentoo.org>2015-11-24 03:54:22 -0500
commit9417a236d9dfc4d648ce711a2fac162a6fe2a353 (patch)
tree8d3bb64d114b7966826c2b50ff3e9527a9e6648c
parentgrsecurity-3.1-4.2.6-201511182042 (diff)
downloadhardened-patchset-9417a236d9dfc4d648ce711a2fac162a6fe2a353.tar.gz
hardened-patchset-9417a236d9dfc4d648ce711a2fac162a6fe2a353.tar.bz2
hardened-patchset-9417a236d9dfc4d648ce711a2fac162a6fe2a353.zip
grsecurity-3.1-4.2.6-201511211841
-rw-r--r--4.2.6/0000_README2
-rw-r--r--4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch (renamed from 4.2.6/4420_grsecurity-3.1-4.2.6-201511182042.patch)338
2 files changed, 229 insertions, 111 deletions
diff --git a/4.2.6/0000_README b/4.2.6/0000_README
index 9ebf533..454ccd7 100644
--- a/4.2.6/0000_README
+++ b/4.2.6/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.2.6-201511182042.patch
+Patch: 4420_grsecurity-3.1-4.2.6-201511211841.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.2.6/4420_grsecurity-3.1-4.2.6-201511182042.patch b/4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch
index ec705cc..30663c2 100644
--- a/4.2.6/4420_grsecurity-3.1-4.2.6-201511182042.patch
+++ b/4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch
@@ -77233,7 +77233,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index 1977c2a..b6b953a 100644
+index 1977c2a..53bf9a0 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,8 +56,20 @@
@@ -77729,7 +77729,7 @@ index 1977c2a..b6b953a 100644
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1743,3 +1918,324 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
+@@ -1743,3 +1918,313 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
argv, envp, flags);
}
#endif
@@ -78035,22 +78035,11 @@ index 1977c2a..b6b953a 100644
+
+#ifdef CONFIG_PAX_SIZE_OVERFLOW
+
-+#ifdef CONFIG_PAX_SIZE_OVERFLOW_DISABLE_KILL
-+static DEFINE_RATELIMIT_STATE(size_overflow_ratelimit, 15 * HZ, 3);
-+#endif
-+
+void __nocapture(1, 3, 4) __used report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
+{
-+#ifdef CONFIG_PAX_SIZE_OVERFLOW_DISABLE_KILL
-+ if (__ratelimit(&size_overflow_ratelimit)) {
-+ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
-+ dump_stack();
-+ }
-+#else
+ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
+ dump_stack();
+ do_group_exit(SIGKILL);
-+#endif
+}
+EXPORT_SYMBOL(report_size_overflow);
+#endif
@@ -97435,7 +97424,7 @@ index dfaa7b3..58cebfb 100644
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
-index e08a6ae..2e5e776 100644
+index e08a6ae..8d965c5 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -5,11 +5,14 @@
@@ -97507,46 +97496,63 @@ index e08a6ae..2e5e776 100644
#endif
/* Indirect macros required for expanded argument pasting, eg. __LINE__. */
-@@ -201,27 +225,27 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
- static __always_inline void __read_once_size(const volatile void *p, void *res, int size)
- {
- switch (size) {
+@@ -198,34 +222,6 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
+
+ #include <uapi/linux/types.h>
+
+-static __always_inline void __read_once_size(const volatile void *p, void *res, int size)
+-{
+- switch (size) {
- case 1: *(__u8 *)res = *(volatile __u8 *)p; break;
- case 2: *(__u16 *)res = *(volatile __u16 *)p; break;
- case 4: *(__u32 *)res = *(volatile __u32 *)p; break;
- case 8: *(__u64 *)res = *(volatile __u64 *)p; break;
-+ case 1: *(__u8 *)res = *(const volatile __u8 *)p; break;
-+ case 2: *(__u16 *)res = *(const volatile __u16 *)p; break;
-+ case 4: *(__u32 *)res = *(const volatile __u32 *)p; break;
-+ case 8: *(__u64 *)res = *(const volatile __u64 *)p; break;
- default:
- barrier();
+- default:
+- barrier();
- __builtin_memcpy((void *)res, (const void *)p, size);
-+ __builtin_memcpy(res, (const void *)p, size);
- barrier();
- }
- }
-
+- barrier();
+- }
+-}
+-
-static __always_inline void __write_once_size(volatile void *p, void *res, int size)
-+static __always_inline void __write_once_size(volatile void *p, const void *res, int size)
- {
- switch (size) {
+-{
+- switch (size) {
- case 1: *(volatile __u8 *)p = *(__u8 *)res; break;
- case 2: *(volatile __u16 *)p = *(__u16 *)res; break;
- case 4: *(volatile __u32 *)p = *(__u32 *)res; break;
- case 8: *(volatile __u64 *)p = *(__u64 *)res; break;
-+ case 1: *(volatile __u8 *)p = *(const __u8 *)res; break;
-+ case 2: *(volatile __u16 *)p = *(const __u16 *)res; break;
-+ case 4: *(volatile __u32 *)p = *(const __u32 *)res; break;
-+ case 8: *(volatile __u64 *)p = *(const __u64 *)res; break;
- default:
- barrier();
+- default:
+- barrier();
- __builtin_memcpy((void *)p, (const void *)res, size);
-+ __builtin_memcpy((void *)p, res, size);
- barrier();
- }
- }
-@@ -370,6 +394,38 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
+- barrier();
+- }
+-}
+-
+ /*
+ * Prevent the compiler from merging or refetching reads or writes. The
+ * compiler is also forbidden from reordering successive instances of
+@@ -248,11 +244,16 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
+ * required ordering.
+ */
+
+-#define READ_ONCE(x) \
+- ({ union { typeof(x) __val; char __c[1]; } __u; __read_once_size(&(x), __u.__c, sizeof(x)); __u.__val; })
++#define READ_ONCE(x) ({ \
++ typeof(x) __val = *(volatile typeof(x) *)&(x); \
++ __val; \
++})
+
+-#define WRITE_ONCE(x, val) \
+- ({ union { typeof(x) __val; char __c[1]; } __u = { .__val = (val) }; __write_once_size(&(x), __u.__c, sizeof(x)); __u.__val; })
++#define WRITE_ONCE(x, val) ({ \
++ typeof(x) __val = (val); \
++ (x) = *(volatile typeof(x) *)&__val; \
++ __val; \
++})
+
+ /**
+ * READ_ONCE_CTRL - Read a value heading a control dependency
+@@ -370,6 +371,38 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
# define __attribute_const__ /* unimplemented */
#endif
@@ -97585,7 +97591,7 @@ index e08a6ae..2e5e776 100644
/*
* Tell gcc if a function is cold. The compiler will assume any path
* directly leading to the call is unlikely.
-@@ -379,6 +435,22 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
+@@ -379,6 +412,22 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
#define __cold
#endif
@@ -97608,7 +97614,7 @@ index e08a6ae..2e5e776 100644
/* Simple shorthand for a section definition */
#ifndef __section
# define __section(S) __attribute__ ((__section__(#S)))
-@@ -393,6 +465,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
+@@ -393,6 +442,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
# define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b))
#endif
@@ -97617,7 +97623,7 @@ index e08a6ae..2e5e776 100644
/* Is this type a native word size -- useful for atomic operations */
#ifndef __native_word
# define __native_word(t) (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long))
-@@ -472,8 +546,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
+@@ -472,8 +523,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
*/
#define __ACCESS_ONCE(x) ({ \
__maybe_unused typeof(x) __var = (__force typeof(x)) 0; \
@@ -103391,7 +103397,7 @@ index 5122b5e..598b440 100644
void v9fs_register_trans(struct p9_trans_module *m);
void v9fs_unregister_trans(struct p9_trans_module *m);
diff --git a/include/net/af_unix.h b/include/net/af_unix.h
-index cb1b9bb..56b3ee0 100644
+index cb1b9bb..deaf939 100644
--- a/include/net/af_unix.h
+++ b/include/net/af_unix.h
@@ -36,7 +36,7 @@ struct unix_skb_parms {
@@ -103403,6 +103409,14 @@ index cb1b9bb..56b3ee0 100644
#define UNIXCB(skb) (*(struct unix_skb_parms *)&((skb)->cb))
+@@ -62,6 +62,7 @@ struct unix_sock {
+ #define UNIX_GC_CANDIDATE 0
+ #define UNIX_GC_MAYBE_CYCLE 1
+ struct socket_wq peer_wq;
++ wait_queue_t wait;
+ };
+
+ static inline struct unix_sock *unix_sk(struct sock *sk)
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index 2239a37..a83461f 100644
--- a/include/net/bluetooth/l2cap.h
@@ -124572,10 +124586,19 @@ index 350cca3..a108fc5 100644
sub->evt.event = htohl(event, sub->swap);
sub->evt.found_lower = htohl(found_lower, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index 94f6582..2272bfc 100644
+index 94f6582..0883e68 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
-@@ -440,6 +440,7 @@ static void unix_release_sock(struct sock *sk, int embrion)
+@@ -420,6 +420,8 @@ static void unix_release_sock(struct sock *sk, int embrion)
+ skpair = unix_peer(sk);
+
+ if (skpair != NULL) {
++ if (sk->sk_type != SOCK_STREAM)
++ remove_wait_queue(&unix_sk(skpair)->peer_wait, &u->wait);
+ if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
+ unix_state_lock(skpair);
+ /* No more writes */
+@@ -440,6 +442,7 @@ static void unix_release_sock(struct sock *sk, int embrion)
if (state == TCP_LISTEN)
unix_release_sock(skb->sk, 1);
/* passed fds are erased in the kfree_skb hook */
@@ -124583,7 +124606,32 @@ index 94f6582..2272bfc 100644
kfree_skb(skb);
}
-@@ -802,6 +803,12 @@ static struct sock *unix_find_other(struct net *net,
+@@ -636,6 +639,16 @@ static struct proto unix_proto = {
+ */
+ static struct lock_class_key af_unix_sk_receive_queue_lock_key;
+
++static int peer_wake(wait_queue_t *wait, unsigned mode, int sync, void *key)
++{
++ struct unix_sock *u;
++
++ u = container_of(wait, struct unix_sock, wait);
++ wake_up_interruptible_sync_poll(sk_sleep(&u->sk), key);
++
++ return 0;
++}
++
+ static struct sock *unix_create1(struct net *net, struct socket *sock, int kern)
+ {
+ struct sock *sk = NULL;
+@@ -664,6 +677,7 @@ static struct sock *unix_create1(struct net *net, struct socket *sock, int kern)
+ INIT_LIST_HEAD(&u->link);
+ mutex_init(&u->readlock); /* single task reading lock */
+ init_waitqueue_head(&u->peer_wait);
++ init_waitqueue_func_entry(&u->wait, peer_wake);
+ unix_insert_socket(unix_sockets_unbound(sk), sk);
+ out:
+ if (sk == NULL)
+@@ -802,6 +816,12 @@ static struct sock *unix_find_other(struct net *net,
err = -ECONNREFUSED;
if (!S_ISSOCK(inode->i_mode))
goto put_fail;
@@ -124596,7 +124644,7 @@ index 94f6582..2272bfc 100644
u = unix_find_socket_byinode(inode);
if (!u)
goto put_fail;
-@@ -822,6 +829,13 @@ static struct sock *unix_find_other(struct net *net,
+@@ -822,6 +842,13 @@ static struct sock *unix_find_other(struct net *net,
if (u) {
struct dentry *dentry;
dentry = unix_sk(u)->path.dentry;
@@ -124610,7 +124658,7 @@ index 94f6582..2272bfc 100644
if (dentry)
touch_atime(&unix_sk(u)->path);
} else
-@@ -855,12 +869,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
+@@ -855,12 +882,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
*/
err = security_path_mknod(&path, dentry, mode, 0);
if (!err) {
@@ -124629,7 +124677,68 @@ index 94f6582..2272bfc 100644
done_path_create(&path, dentry);
return err;
}
-@@ -1798,6 +1818,7 @@ alloc_skb:
+@@ -1030,7 +1063,10 @@ restart:
+ */
+ if (unix_peer(sk)) {
+ struct sock *old_peer = unix_peer(sk);
++
++ remove_wait_queue(&unix_sk(old_peer)->peer_wait, &unix_sk(sk)->wait);
+ unix_peer(sk) = other;
++ add_wait_queue(&unix_sk(other)->peer_wait, &unix_sk(sk)->wait);
+ unix_state_double_unlock(sk, other);
+
+ if (other != old_peer)
+@@ -1038,8 +1074,12 @@ restart:
+ sock_put(old_peer);
+ } else {
+ unix_peer(sk) = other;
++ add_wait_queue(&unix_sk(other)->peer_wait, &unix_sk(sk)->wait);
+ unix_state_double_unlock(sk, other);
+ }
++ /* New remote may have created write space for us */
++ wake_up_interruptible_sync_poll(sk_sleep(sk),
++ POLLOUT | POLLWRNORM | POLLWRBAND);
+ return 0;
+
+ out_unlock:
+@@ -1194,6 +1234,8 @@ restart:
+
+ sock_hold(sk);
+ unix_peer(newsk) = sk;
++ if (sk->sk_type == SOCK_SEQPACKET)
++ add_wait_queue(&unix_sk(sk)->peer_wait, &unix_sk(newsk)->wait);
+ newsk->sk_state = TCP_ESTABLISHED;
+ newsk->sk_type = sk->sk_type;
+ init_peercred(newsk);
+@@ -1220,6 +1262,8 @@ restart:
+
+ smp_mb__after_atomic(); /* sock_hold() does an atomic_inc() */
+ unix_peer(sk) = newsk;
++ if (sk->sk_type == SOCK_SEQPACKET)
++ add_wait_queue(&unix_sk(newsk)->peer_wait, &unix_sk(sk)->wait);
+
+ unix_state_unlock(sk);
+
+@@ -1254,6 +1298,10 @@ static int unix_socketpair(struct socket *socka, struct socket *sockb)
+ sock_hold(skb);
+ unix_peer(ska) = skb;
+ unix_peer(skb) = ska;
++ if (ska->sk_type != SOCK_STREAM) {
++ add_wait_queue(&unix_sk(ska)->peer_wait, &unix_sk(skb)->wait);
++ add_wait_queue(&unix_sk(skb)->peer_wait, &unix_sk(ska)->wait);
++ }
+ init_peercred(ska);
+ init_peercred(skb);
+
+@@ -1565,6 +1613,7 @@ restart:
+ unix_state_lock(sk);
+ if (unix_peer(sk) == other) {
+ unix_peer(sk) = NULL;
++ remove_wait_queue(&unix_sk(other)->peer_wait, &u->wait);
+ unix_state_unlock(sk);
+
+ unix_dgram_disconnected(sk, other);
+@@ -1798,6 +1847,7 @@ alloc_skb:
* this - does no harm
*/
consume_skb(newskb);
@@ -124637,7 +124746,7 @@ index 94f6582..2272bfc 100644
}
if (skb_append_pagefrags(skb, page, offset, size)) {
-@@ -1810,8 +1831,11 @@ alloc_skb:
+@@ -1810,8 +1860,11 @@ alloc_skb:
skb->truesize += size;
atomic_add(size, &sk->sk_wmem_alloc);
@@ -124650,7 +124759,7 @@ index 94f6582..2272bfc 100644
unix_state_unlock(other);
mutex_unlock(&unix_sk(other)->readlock);
-@@ -2071,6 +2095,7 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state)
+@@ -2071,6 +2124,7 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state)
do {
int chunk;
@@ -124658,7 +124767,7 @@ index 94f6582..2272bfc 100644
struct sk_buff *skb, *last;
unix_state_lock(sk);
-@@ -2151,7 +2176,11 @@ unlock:
+@@ -2151,7 +2205,11 @@ unlock:
}
chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size);
@@ -124670,7 +124779,7 @@ index 94f6582..2272bfc 100644
if (chunk < 0) {
if (copied == 0)
copied = -EFAULT;
-@@ -2160,6 +2189,18 @@ unlock:
+@@ -2160,6 +2218,18 @@ unlock:
copied += chunk;
size -= chunk;
@@ -124689,24 +124798,15 @@ index 94f6582..2272bfc 100644
/* Mark read part of skb as used */
if (!(flags & MSG_PEEK)) {
UNIXCB(skb).consumed += chunk;
-@@ -2455,11 +2496,14 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
- writable = unix_writable(sk);
+@@ -2456,7 +2526,6 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
other = unix_peer_get(sk);
if (other) {
-- if (unix_peer(other) != sk) {
-+ unix_state_lock(other);
-+ if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) != sk) {
-+ unix_state_unlock(other);
- sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
+ if (unix_peer(other) != sk) {
+- sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
if (unix_recvq_full(other))
writable = 0;
-- }
-+ } else
-+ unix_state_unlock(other);
- sock_put(other);
- }
-
-@@ -2556,9 +2600,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+ }
+@@ -2556,9 +2625,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_puts(seq, "Num RefCount Protocol Flags Type St "
"Inode Path\n");
else {
@@ -124721,7 +124821,7 @@ index 94f6582..2272bfc 100644
seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
s,
-@@ -2583,10 +2631,29 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2583,10 +2656,29 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_putc(seq, '@');
i++;
}
@@ -125965,10 +126065,10 @@ index c0a932d..817c587 100755
# Find all available archs
find_all_archs()
diff --git a/security/Kconfig b/security/Kconfig
-index bf4ec46..faa8418 100644
+index bf4ec46..6748ce1 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,985 @@
+@@ -4,6 +4,980 @@
menu "Security options"
@@ -126914,11 +127014,6 @@ index bf4ec46..faa8418 100644
+ i.e., gcc 4.5 or newer. You may need to install the supporting
+ headers explicitly in addition to the normal gcc package.
+
-+config PAX_SIZE_OVERFLOW_DISABLE_KILL
-+ bool "Do not kill process on overflow detection"
-+ default n
-+ depends on PAX_SIZE_OVERFLOW
-+
+config PAX_LATENT_ENTROPY
+ bool "Generate some entropy during boot and runtime"
+ default y if GRKERNSEC_CONFIG_AUTO
@@ -126954,7 +127049,7 @@ index bf4ec46..faa8418 100644
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -104,7 +1083,7 @@ config INTEL_TXT
+@@ -104,7 +1078,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -129143,15 +129238,19 @@ index 0000000..b884a56
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..9660b09
+index 0000000..5f73f93
--- /dev/null
+++ b/tools/gcc/gcc-common.h
-@@ -0,0 +1,790 @@
+@@ -0,0 +1,813 @@
+#ifndef GCC_COMMON_H_INCLUDED
+#define GCC_COMMON_H_INCLUDED
+
-+#include "plugin.h"
+#include "bversion.h"
++#if BUILDING_GCC_VERSION >= 6000
++#include "gcc-plugin.h"
++#else
++#include "plugin.h"
++#endif
+#include "plugin-version.h"
+#include "config.h"
+#include "system.h"
@@ -129749,6 +129848,21 @@ index 0000000..9660b09
+#define NODE_IMPLICIT_ALIAS(node) (node)->cpp_implicit_alias
+#endif
+
++#if BUILDING_GCC_VERSION < 6000
++#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning)
++#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET(VOIDmode, (ARG0), (ARG1))
++#endif
++
++#if BUILDING_GCC_VERSION == 5000
++// gimple related
++template <>
++template <>
++inline bool is_a_helper<const gassign *>::test(const_gimple gs)
++{
++ return gs->code == GIMPLE_ASSIGN;
++}
++#endif
++
+#if BUILDING_GCC_VERSION >= 5000
+#define TODO_verify_ssa TODO_verify_il
+#define TODO_verify_flow TODO_verify_il
@@ -129851,6 +129965,13 @@ index 0000000..9660b09
+ symtab->remove_cgraph_duplication_hook(entry);
+}
+
++
++#if BUILDING_GCC_VERSION >= 6000
++typedef gimple *gimple_ptr;
++typedef const gimple *const_gimple;
++#define gimple gimple_ptr
++#endif
++
+// gimple related
+static inline gimple gimple_build_assign_with_ops(enum tree_code subcode, tree lhs, tree op1, tree op2 MEM_STAT_DECL)
+{
@@ -129859,13 +129980,6 @@ index 0000000..9660b09
+
+template <>
+template <>
-+inline bool is_a_helper<const gassign *>::test(const_gimple gs)
-+{
-+ return gs->code == GIMPLE_ASSIGN;
-+}
-+
-+template <>
-+template <>
+inline bool is_a_helper<const greturn *>::test(const_gimple gs)
+{
+ return gs->code == GIMPLE_RETURN;
@@ -129936,6 +130050,10 @@ index 0000000..9660b09
+}
+#endif
+
++#if BUILDING_GCC_VERSION >= 6000
++#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET((ARG0), (ARG1))
++#endif
++
+#endif
diff --git a/tools/gcc/gen-random-seed.sh b/tools/gcc/gen-random-seed.sh
new file mode 100644
@@ -129953,7 +130071,7 @@ index 0000000..7514850
+fi
diff --git a/tools/gcc/initify_plugin.c b/tools/gcc/initify_plugin.c
new file mode 100644
-index 0000000..2abfe4b
+index 0000000..b5684e8
--- /dev/null
+++ b/tools/gcc/initify_plugin.c
@@ -0,0 +1,552 @@
@@ -130166,7 +130284,7 @@ index 0000000..2abfe4b
+ tree decl, offset;
+ HOST_WIDE_INT bitsize, bitpos;
+ enum machine_mode mode;
-+ int unsignedp, volatilep;
++ int unsignedp, reversep, volatilep;
+ enum tree_code code = TREE_CODE(op);
+
+ if (TREE_CODE_CLASS(code) == tcc_exceptional && code != SSA_NAME)
@@ -130178,7 +130296,7 @@ index 0000000..2abfe4b
+ if (TREE_CODE(op) == COMPONENT_REF)
+ return false;
+
-+ decl = get_inner_reference(op, &bitsize, &bitpos, &offset, &mode, &unsignedp, &volatilep, true);
++ decl = get_inner_reference(op, &bitsize, &bitpos, &offset, &mode, &unsignedp, &reversep, &volatilep, true);
+
+ switch (TREE_CODE_CLASS(TREE_CODE(decl))) {
+ case tcc_constant:
@@ -132715,10 +132833,10 @@ index 0000000..4c7f7c6
+targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h
diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
new file mode 100644
-index 0000000..0adc842
+index 0000000..b0e0cdf
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
-@@ -0,0 +1,12414 @@
+@@ -0,0 +1,12419 @@
+disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL
+disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL
+disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray
@@ -144419,7 +144537,8 @@ index 0000000..0adc842
+disable_so_freq_offset_khz_uhf_dib0090_config_61716 freq_offset_khz_uhf dib0090_config 0 61716 NULL
+disable_so_sha1_generic_block_fn_fndecl_61724 sha1_generic_block_fn fndecl 3 61724 NULL
+disable_so_xc4000_get_signal_fndecl_61727 xc4000_get_signal fndecl 0 61727 NULL
-+disable_so_vf_addr_hi_bnx2x_vf_mbx_61734 vf_addr_hi bnx2x_vf_mbx 0 61734 NULL
++disable_so_vf_addr_hi_bnx2x_vf_mbx_61734 vf_addr_hi bnx2x_vf_mbx 0 61734 NULL nohasharray
++enable_so_exit_info_2_vmcb_control_area_61734 exit_info_2 vmcb_control_area 0 61734 &disable_so_vf_addr_hi_bnx2x_vf_mbx_61734
+disable_so_pcxhr_update_timer_pos_fndecl_61736 pcxhr_update_timer_pos fndecl 3 61736 NULL nohasharray
+disable_so_adis16480_set_filter_freq_fndecl_61736 adis16480_set_filter_freq fndecl 0 61736 &disable_so_pcxhr_update_timer_pos_fndecl_61736 nohasharray
+disable_so_xfs_daddr_to_agbno_fndecl_61736 xfs_daddr_to_agbno fndecl 0-2 61736 &disable_so_adis16480_set_filter_freq_fndecl_61736
@@ -145133,6 +145252,10 @@ index 0000000..0adc842
+enable_so_read_fw_status_reg_megasas_instance_template_13572 read_fw_status_reg megasas_instance_template 0 13572 NULL
+enable_so_eip_x86_emulate_ctxt_12354 eip x86_emulate_ctxt 0 12354 NULL
+enable_so_next_rip_x86_instruction_info_56868 next_rip x86_instruction_info 0 56868 NULL
++enable_so_exit_int_info_vmcb_control_area_18357 exit_int_info vmcb_control_area 0 18357 NULL
++enable_so_exit_info_1_vmcb_control_area_20200 exit_info_1 vmcb_control_area 0 20200 NULL
++enable_so_event_inj_vmcb_control_area_23434 event_inj vmcb_control_area 0 23434 NULL
++enable_so_iopm_base_pa_vmcb_control_area_57998 iopm_base_pa vmcb_control_area 0 57998 NULL
diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh
new file mode 100644
index 0000000..be9724d
@@ -145666,7 +145789,7 @@ index 0000000..37e2e91
+#endif
diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c
new file mode 100644
-index 0000000..62eb578
+index 0000000..a662b4b
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c
@@ -0,0 +1,947 @@
@@ -145908,10 +146031,10 @@ index 0000000..62eb578
+ break;
+ }
+ case FIELD_DECL:
-+ case VAR_DECL:
+ // !!! temporarily ignore bitfield types
+ if (DECL_BIT_FIELD_TYPE(node))
+ return MARK_YES;
++ case VAR_DECL:
+ if (is_end_intentional_intentional_attr(node))
+ return MARK_END_INTENTIONAL;
+ if (is_turn_off_intentional_attr(node))
@@ -147290,10 +147413,10 @@ index 0000000..ab2d25a
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..a883e73
+index 0000000..b683d96
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,20743 @@
+@@ -0,0 +1,20738 @@
+enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL
+enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL
+enable_so_size_ttm_mem_reg_8 size ttm_mem_reg 0 8 NULL
@@ -153024,8 +153147,7 @@ index 0000000..a883e73
+enable_so_rfcomm_send_frame_fndecl_18352 rfcomm_send_frame fndecl 3 18352 NULL
+enable_so_mgsl_load_tx_dma_buffer_fndecl_18355 mgsl_load_tx_dma_buffer fndecl 3 18355 NULL
+enable_so_vm_pgoff_vm_area_struct_18357 vm_pgoff vm_area_struct 0 18357 NULL nohasharray
-+enable_so_exit_int_info_vmcb_control_area_18357 exit_int_info vmcb_control_area 0 18357 &enable_so_vm_pgoff_vm_area_struct_18357 nohasharray
-+enable_so_elfnotes_sz_vardecl_vmcore_c_18357 elfnotes_sz vardecl_vmcore.c 0 18357 &enable_so_exit_int_info_vmcb_control_area_18357
++enable_so_elfnotes_sz_vardecl_vmcore_c_18357 elfnotes_sz vardecl_vmcore.c 0 18357 &enable_so_vm_pgoff_vm_area_struct_18357
+enable_so_lbs_rdrf_write_fndecl_18361 lbs_rdrf_write fndecl 3 18361 NULL
+enable_so_ascii2desc_fndecl_18370 ascii2desc fndecl 0-3 18370 NULL
+enable_so_ecryptfs_write_lower_fndecl_18373 ecryptfs_write_lower fndecl 4 18373 NULL
@@ -153596,7 +153718,6 @@ index 0000000..a883e73
+enable_so_iram_base_intel_sst_drv_20196 iram_base intel_sst_drv 0 20196 &enable_so_agp_memory_reserved_vardecl_20196
+enable_so_qxl_gem_object_create_with_handle_fndecl_20198 qxl_gem_object_create_with_handle fndecl 4 20198 NULL
+enable_so_fpage_size_genwqe_sgl_20199 fpage_size genwqe_sgl 0 20199 NULL
-+enable_so_exit_info_1_vmcb_control_area_20200 exit_info_1 vmcb_control_area 0 20200 NULL
+enable_so_sectors_per_block_bits_dm_bufio_client_20202 sectors_per_block_bits dm_bufio_client 0 20202 NULL
+enable_so_max_frame_size__mgslpc_info_20204 max_frame_size _mgslpc_info 0 20204 NULL
+enable_so_sbq_len_rx_ring_20205 sbq_len rx_ring 0 20205 NULL
@@ -154632,8 +154753,7 @@ index 0000000..a883e73
+enable_so_max_snd_interval_23422 max snd_interval 0 23422 NULL
+enable_so_configfs_read_file_fndecl_23424 configfs_read_file fndecl 3 23424 NULL
+enable_so___qib_get_user_pages_fndecl_23426 __qib_get_user_pages fndecl 1 23426 NULL
-+enable_so_event_inj_vmcb_control_area_23434 event_inj vmcb_control_area 0 23434 NULL nohasharray
-+enable_so_nilfs_attach_snapshot_fndecl_23434 nilfs_attach_snapshot fndecl 2 23434 &enable_so_event_inj_vmcb_control_area_23434
++enable_so_nilfs_attach_snapshot_fndecl_23434 nilfs_attach_snapshot fndecl 2 23434 NULL
+enable_so_ftdi_instances_vardecl_ftdi_elan_c_23438 ftdi_instances vardecl_ftdi-elan.c 0 23438 NULL
+enable_so_set_xfer_rate_fndecl_23440 set_xfer_rate fndecl 2 23440 NULL
+enable_so_mei_cl_recv_fndecl_23442 mei_cl_recv fndecl 0-3 23442 NULL
@@ -165673,7 +165793,6 @@ index 0000000..a883e73
+enable_so_faultin_page_fndecl_57994 faultin_page fndecl 3 57994 NULL
+enable_so_perf_sample_ustack_size_fndecl_57995 perf_sample_ustack_size fndecl 0-2-1 57995 NULL
+enable_so_max_idx_node_sz_ubifs_info_57997 max_idx_node_sz ubifs_info 0 57997 NULL
-+enable_so_iopm_base_pa_vmcb_control_area_57998 iopm_base_pa vmcb_control_area 0 57998 NULL
+enable_so_SSIDlen_StatusRid_58002 SSIDlen StatusRid 0 58002 NULL nohasharray
+enable_so_di_size_dinode_58002 di_size dinode 0 58002 &enable_so_SSIDlen_StatusRid_58002
+enable_so_set_alt_usb_function_58003 set_alt usb_function 0 58003 NULL
@@ -166843,7 +166962,6 @@ index 0000000..a883e73
+enable_so_do_lfb_size_fndecl_61720 do_lfb_size fndecl 0 61720 NULL
+enable_so_dm_bufio_new_fndecl_61727 dm_bufio_new fndecl 2 61727 NULL
+enable_so_btrfs_prev_leaf_fndecl_61728 btrfs_prev_leaf fndecl 0 61728 NULL
-+enable_so_exit_info_2_vmcb_control_area_61734 exit_info_2 vmcb_control_area 0 61734 NULL
+enable_so_n_patterns_cfg80211_wowlan_61737 n_patterns cfg80211_wowlan 0 61737 NULL
+enable_so_pci_msix_vec_count_fndecl_61742 pci_msix_vec_count fndecl 0 61742 NULL
+enable_so_count_nfs_pgio_args_61745 count nfs_pgio_args 0 61745 NULL nohasharray
@@ -170562,7 +170680,7 @@ index 0000000..317cd6c
+
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_transform.c b/tools/gcc/size_overflow_plugin/size_overflow_transform.c
new file mode 100644
-index 0000000..78e16db
+index 0000000..a974b2d
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_transform.c
@@ -0,0 +1,746 @@
@@ -170752,7 +170870,7 @@ index 0000000..78e16db
+ if (skip_types(orig_node))
+ return head;
+ // !!! temporarily ignore bitfield types
-+ if (DECL_BIT_FIELD_TYPE(orig_node))
++ if (orig_code == FIELD_DECL && DECL_BIT_FIELD_TYPE(orig_node))
+ return head;
+
+ // find a defining marked caller argument or struct field for arg
@@ -171110,7 +171228,7 @@ index 0000000..78e16db
+ return head;
+
+ // !!! temporarily ignore bitfield types
-+ if (DECL_BIT_FIELD_TYPE(decl))
++ if (TREE_CODE(decl) == FIELD_DECL && DECL_BIT_FIELD_TYPE(decl))
+ return head;
+
+ next_node = get_interesting_function_next_node(decl, 0);