commit: 3db7f02c577b8b6e79b5f0926beed52f7ec501e8 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> AuthorDate: Mon Nov 30 00:03:26 2015 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Mon Nov 30 00:03:26 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=3db7f02c
grsecurity-3.1-4.2.6-201511282239 4.2.6/0000_README | 2 +- ...> 4420_grsecurity-3.1-4.2.6-201511282239.patch} | 699 +++++++++++++++------ 2 files changed, 500 insertions(+), 201 deletions(-) diff --git a/4.2.6/0000_README b/4.2.6/0000_README index 91bcf5d..ef0e3e5 100644 --- a/4.2.6/0000_README +++ b/4.2.6/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.2.6-201511232037.patch +Patch: 4420_grsecurity-3.1-4.2.6-201511282239.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.2.6/4420_grsecurity-3.1-4.2.6-201511232037.patch b/4.2.6/4420_grsecurity-3.1-4.2.6-201511282239.patch similarity index 99% rename from 4.2.6/4420_grsecurity-3.1-4.2.6-201511232037.patch rename to 4.2.6/4420_grsecurity-3.1-4.2.6-201511282239.patch index 32f511d..3903e3d 100644 --- a/4.2.6/4420_grsecurity-3.1-4.2.6-201511232037.patch +++ b/4.2.6/4420_grsecurity-3.1-4.2.6-201511282239.patch @@ -3356,7 +3356,7 @@ index 8b60fde..8d986dd 100644 # ifdef CONFIG_ARM_KERNMEM_PERMS . = ALIGN(1<<SECTION_SHIFT); diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c -index f9c341c..7430436 100644 +index f9c341c..c9cead1 100644 --- a/arch/arm/kvm/arm.c +++ b/arch/arm/kvm/arm.c @@ -57,7 +57,7 @@ static unsigned long hyp_default_vectors; @@ -3395,15 +3395,6 @@ index f9c341c..7430436 100644 kvm->arch.vmid = kvm_next_vmid; kvm_next_vmid++; -@@ -1110,7 +1110,7 @@ struct kvm_vcpu *kvm_mpidr_to_vcpu(struct kvm *kvm, unsigned long mpidr) - /** - * Initialize Hyp-mode and memory mappings on all CPUs. - */ --int kvm_arch_init(void *opaque) -+int kvm_arch_init(const void *opaque) - { - int err; - int ret, cpu; diff --git a/arch/arm/lib/clear_user.S b/arch/arm/lib/clear_user.S index 1710fd7..ec3e014 100644 --- a/arch/arm/lib/clear_user.S @@ -7113,19 +7104,6 @@ index 8ea28e6..c8873d5 100644 info.si_code = FPE_INTOVF; info.si_signo = SIGFPE; -diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c -index cd4c129..290c518 100644 ---- a/arch/mips/kvm/mips.c -+++ b/arch/mips/kvm/mips.c -@@ -1016,7 +1016,7 @@ long kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) - return r; - } - --int kvm_arch_init(void *opaque) -+int kvm_arch_init(const void *opaque) - { - if (kvm_mips_callbacks) { - kvm_err("kvm: module already exists\n"); diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c index 852a41c..75b9d38 100644 --- a/arch/mips/mm/fault.c @@ -9391,19 +9369,6 @@ index b457bfa..9018cde 100644 if (IS_ERR_VALUE(vdso_base)) { rc = vdso_base; goto fail_mmapsem; -diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c -index e5dde32..557af3d 100644 ---- a/arch/powerpc/kvm/powerpc.c -+++ b/arch/powerpc/kvm/powerpc.c -@@ -1404,7 +1404,7 @@ void kvmppc_init_lpid(unsigned long nr_lpids_param) - } - EXPORT_SYMBOL_GPL(kvmppc_init_lpid); - --int kvm_arch_init(void *opaque) -+int kvm_arch_init(const void *opaque) - { - return 0; - } diff --git a/arch/powerpc/lib/usercopy_64.c b/arch/powerpc/lib/usercopy_64.c index 5eea6f3..5d10396 100644 --- a/arch/powerpc/lib/usercopy_64.c @@ -22069,7 +22034,7 @@ index cd79194..6a9956f 100644 } diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index a8df874..ef0e34f 100644 +index a8df874..43b72d3 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -7,6 +7,7 @@ @@ -22117,7 +22082,7 @@ index a8df874..ef0e34f 100644 + _cond_resched(); \ + if (__get_user(__c_ao, (char __user *)__addr)) \ + break; \ -+ if (type != VERIFY_WRITE) { \ ++ if ((type) != VERIFY_WRITE) { \ + __addr = __addr_ao; \ + continue; \ + } \ @@ -30058,7 +30023,7 @@ index 0f67d7e..4b9fa11 100644 goto error; walker->ptep_user[walker->level - 1] = ptep_user; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index 2d32b67..06cac10 100644 +index 2d32b67..976f46e 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -1106,6 +1106,8 @@ static void init_vmcb(struct vcpu_svm *svm, bool init_event) @@ -30152,6 +30117,15 @@ index 2d32b67..06cac10 100644 reload_tss(vcpu); local_irq_disable(); +@@ -4355,7 +4363,7 @@ static void svm_sched_in(struct kvm_vcpu *vcpu, int cpu) + { + } + +-static struct kvm_x86_ops svm_x86_ops = { ++static struct kvm_x86_ops svm_x86_ops __read_only = { + .cpu_has_kvm_support = has_svm, + .disabled_by_bios = is_disabled, + .hardware_setup = svm_hardware_setup, @@ -4374,7 +4382,7 @@ static struct kvm_x86_ops svm_x86_ops = { .vcpu_load = svm_vcpu_load, .vcpu_put = svm_vcpu_put, @@ -30162,7 +30136,7 @@ index 2d32b67..06cac10 100644 .set_msr = svm_set_msr, .get_segment_base = svm_get_segment_base, diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index aa9e8229..6223041 100644 +index aa9e8229..5f643bf 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1440,12 +1440,12 @@ static void vmcs_write64(unsigned long field, u64 value) @@ -30256,40 +30230,32 @@ index aa9e8229..6223041 100644 * using the APIC_ACCESS_ADDR VMCS field. */ - if (!flexpriority_enabled) -- kvm_x86_ops->set_apic_access_page_addr = NULL; + if (!flexpriority_enabled) { + pax_open_kernel(); -+ *(void **)&kvm_x86_ops->set_apic_access_page_addr = NULL; + kvm_x86_ops->set_apic_access_page_addr = NULL; + pax_close_kernel(); + } - if (!cpu_has_vmx_tpr_shadow()) -- kvm_x86_ops->update_cr8_intercept = NULL; + if (!cpu_has_vmx_tpr_shadow()) { + pax_open_kernel(); -+ *(void **)&kvm_x86_ops->update_cr8_intercept = NULL; + kvm_x86_ops->update_cr8_intercept = NULL; + pax_close_kernel(); + } if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -6112,14 +6132,16 @@ static __init int hardware_setup(void) +@@ -6112,6 +6132,7 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_apicv()) enable_apicv = 0; + pax_open_kernel(); if (enable_apicv) -- kvm_x86_ops->update_cr8_intercept = NULL; -+ *(void **)&kvm_x86_ops->update_cr8_intercept = NULL; + kvm_x86_ops->update_cr8_intercept = NULL; else { -- kvm_x86_ops->hwapic_irr_update = NULL; -- kvm_x86_ops->hwapic_isr_update = NULL; -- kvm_x86_ops->deliver_posted_interrupt = NULL; -- kvm_x86_ops->sync_pir_to_irr = vmx_sync_pir_to_irr_dummy; -+ *(void **)&kvm_x86_ops->hwapic_irr_update = NULL; -+ *(void **)&kvm_x86_ops->hwapic_isr_update = NULL; -+ *(void **)&kvm_x86_ops->deliver_posted_interrupt = NULL; -+ *(void **)&kvm_x86_ops->sync_pir_to_irr = vmx_sync_pir_to_irr_dummy; +@@ -6120,6 +6141,7 @@ static __init int hardware_setup(void) + kvm_x86_ops->deliver_posted_interrupt = NULL; + kvm_x86_ops->sync_pir_to_irr = vmx_sync_pir_to_irr_dummy; } + pax_close_kernel(); @@ -30299,15 +30265,11 @@ index aa9e8229..6223041 100644 enable_pml = 0; if (!enable_pml) { -- kvm_x86_ops->slot_enable_log_dirty = NULL; -- kvm_x86_ops->slot_disable_log_dirty = NULL; -- kvm_x86_ops->flush_log_dirty = NULL; -- kvm_x86_ops->enable_log_dirty_pt_masked = NULL; + pax_open_kernel(); -+ *(void **)&kvm_x86_ops->slot_enable_log_dirty = NULL; -+ *(void **)&kvm_x86_ops->slot_disable_log_dirty = NULL; -+ *(void **)&kvm_x86_ops->flush_log_dirty = NULL; -+ *(void **)&kvm_x86_ops->enable_log_dirty_pt_masked = NULL; + kvm_x86_ops->slot_enable_log_dirty = NULL; + kvm_x86_ops->slot_disable_log_dirty = NULL; + kvm_x86_ops->flush_log_dirty = NULL; + kvm_x86_ops->enable_log_dirty_pt_masked = NULL; + pax_close_kernel(); } @@ -30367,8 +30329,17 @@ index aa9e8229..6223041 100644 #endif vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) +@@ -10309,7 +10354,7 @@ static void vmx_enable_log_dirty_pt_masked(struct kvm *kvm, + kvm_mmu_clear_dirty_pt_masked(kvm, memslot, offset, mask); + } + +-static struct kvm_x86_ops vmx_x86_ops = { ++static struct kvm_x86_ops vmx_x86_ops __read_only = { + .cpu_has_kvm_support = cpu_has_kvm_support, + .disabled_by_bios = vmx_disabled_by_bios, + .hardware_setup = hardware_setup, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 373328b7..ebd267f 100644 +index 373328b7..310cf2f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1842,8 +1842,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) @@ -30427,15 +30398,6 @@ index 373328b7..ebd267f 100644 guest_xsave->region, sizeof(struct fxregs_state)); } return 0; -@@ -5788,7 +5790,7 @@ static struct notifier_block pvclock_gtod_notifier = { - }; - #endif - --int kvm_arch_init(void *opaque) -+int kvm_arch_init(const void *opaque) - { - int r; - struct kvm_x86_ops *ops = opaque; @@ -7217,7 +7219,7 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu, int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu) { @@ -37754,7 +37716,7 @@ index ea5815c..5880da6 100644 scatterwalk_start(&walk, sg); diff --git a/crypto/zlib.c b/crypto/zlib.c -index d51a30a..fb1f8af 100644 +index d51a30a..b6891a3 100644 --- a/crypto/zlib.c +++ b/crypto/zlib.c @@ -95,10 +95,10 @@ static int zlib_compress_setup(struct crypto_pcomp *tfm, const void *params, @@ -37770,6 +37732,34 @@ index d51a30a..fb1f8af 100644 : DEF_MEM_LEVEL; workspacesize = zlib_deflate_workspacesize(window_bits, mem_level); +@@ -108,15 +108,15 @@ static int zlib_compress_setup(struct crypto_pcomp *tfm, const void *params, + + ret = zlib_deflateInit2(stream, + tb[ZLIB_COMP_LEVEL] +- ? nla_get_u32(tb[ZLIB_COMP_LEVEL]) ++ ? nla_get_s32(tb[ZLIB_COMP_LEVEL]) + : Z_DEFAULT_COMPRESSION, + tb[ZLIB_COMP_METHOD] +- ? nla_get_u32(tb[ZLIB_COMP_METHOD]) ++ ? nla_get_s32(tb[ZLIB_COMP_METHOD]) + : Z_DEFLATED, + window_bits, + mem_level, + tb[ZLIB_COMP_STRATEGY] +- ? nla_get_u32(tb[ZLIB_COMP_STRATEGY]) ++ ? nla_get_s32(tb[ZLIB_COMP_STRATEGY]) + : Z_DEFAULT_STRATEGY); + if (ret != Z_OK) { + vfree(stream->workspace); +@@ -224,7 +224,7 @@ static int zlib_decompress_setup(struct crypto_pcomp *tfm, const void *params, + zlib_decomp_exit(ctx); + + ctx->decomp_windowBits = tb[ZLIB_DECOMP_WINDOWBITS] +- ? nla_get_u32(tb[ZLIB_DECOMP_WINDOWBITS]) ++ ? nla_get_s32(tb[ZLIB_DECOMP_WINDOWBITS]) + : DEF_WBITS; + + stream->workspace = vzalloc(zlib_inflate_workspacesize()); diff --git a/drivers/acpi/acpi_video.c b/drivers/acpi/acpi_video.c index 8c2fe2f..fc47c12 100644 --- a/drivers/acpi/acpi_video.c @@ -47136,6 +47126,74 @@ index 4d9b195..455075c 100644 return -EFAULT; } else { memcpy(buf, dp, left); +diff --git a/drivers/isdn/hisax/config.c b/drivers/isdn/hisax/config.c +index b33f53b..bf04d2a 100644 +--- a/drivers/isdn/hisax/config.c ++++ b/drivers/isdn/hisax/config.c +@@ -1896,7 +1896,7 @@ static void EChannel_proc_rcv(struct hisax_d_if *d_if) + ptr--; + *ptr++ = '\n'; + *ptr = 0; +- HiSax_putstatus(cs, NULL, "%s", cs->dlog); ++ HiSax_putstatus(cs, NULL, cs->dlog); + } else + HiSax_putstatus(cs, "LogEcho: ", + "warning Frame too big (%d)", +diff --git a/drivers/isdn/hisax/hfc_pci.c b/drivers/isdn/hisax/hfc_pci.c +index 4a48255..90449e1 100644 +--- a/drivers/isdn/hisax/hfc_pci.c ++++ b/drivers/isdn/hisax/hfc_pci.c +@@ -901,7 +901,7 @@ Begin: + ptr--; + *ptr++ = '\n'; + *ptr = 0; +- HiSax_putstatus(cs, NULL, "%s", cs->dlog); ++ HiSax_putstatus(cs, NULL, cs->dlog); + } else + HiSax_putstatus(cs, "LogEcho: ", "warning Frame too big (%d)", total - 3); + } +diff --git a/drivers/isdn/hisax/hfc_sx.c b/drivers/isdn/hisax/hfc_sx.c +index b1fad81..13b2151 100644 +--- a/drivers/isdn/hisax/hfc_sx.c ++++ b/drivers/isdn/hisax/hfc_sx.c +@@ -674,7 +674,7 @@ receive_emsg(struct IsdnCardState *cs) + ptr--; + *ptr++ = '\n'; + *ptr = 0; +- HiSax_putstatus(cs, NULL, "%s", cs->dlog); ++ HiSax_putstatus(cs, NULL, cs->dlog); + } else + HiSax_putstatus(cs, "LogEcho: ", "warning Frame too big (%d)", skb->len); + } +diff --git a/drivers/isdn/hisax/q931.c b/drivers/isdn/hisax/q931.c +index b420f8b..ba4beb2 100644 +--- a/drivers/isdn/hisax/q931.c ++++ b/drivers/isdn/hisax/q931.c +@@ -1179,7 +1179,7 @@ LogFrame(struct IsdnCardState *cs, u_char *buf, int size) + dp--; + *dp++ = '\n'; + *dp = 0; +- HiSax_putstatus(cs, NULL, "%s", cs->dlog); ++ HiSax_putstatus(cs, NULL, cs->dlog); + } else + HiSax_putstatus(cs, "LogFrame: ", "warning Frame too big (%d)", size); + } +@@ -1246,7 +1246,7 @@ dlogframe(struct IsdnCardState *cs, struct sk_buff *skb, int dir) + } + if (finish) { + *dp = 0; +- HiSax_putstatus(cs, NULL, "%s", cs->dlog); ++ HiSax_putstatus(cs, NULL, cs->dlog); + return; + } + if ((0xfe & buf[0]) == PROTO_DIS_N0) { /* 1TR6 */ +@@ -1509,5 +1509,5 @@ dlogframe(struct IsdnCardState *cs, struct sk_buff *skb, int dir) + dp += sprintf(dp, "Unknown protocol %x!", buf[0]); + } + *dp = 0; +- HiSax_putstatus(cs, NULL, "%s", cs->dlog); ++ HiSax_putstatus(cs, NULL, cs->dlog); + } diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c index 9b856e1..fa03c92 100644 --- a/drivers/isdn/i4l/isdn_common.c @@ -47925,9 +47983,18 @@ index d10d300..6169233 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index d4b70d9..3e3bbb8 100644 +index d4b70d9..54d3a62 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c +@@ -1157,7 +1157,7 @@ static void __make_request(struct mddev *mddev, struct bio *bio) + struct md_rdev *blocked_rdev; + struct blk_plug_cb *cb; + struct raid10_plug_cb *plug = NULL; +- int sectors_handled; ++ sector_t sectors_handled; + int max_sectors; + int sectors; + @@ -1934,7 +1934,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc @@ -75933,10 +76000,113 @@ index b823fac..c5155de 100644 btrfs_end_transaction(trans, root); goto out; diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index b54e630..6ecf999 100644 +index b54e630..48bd25c 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c -@@ -5632,6 +5632,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) +@@ -4184,6 +4184,47 @@ static int truncate_space_check(struct btrfs_trans_handle *trans, + + } + ++static int truncate_inline_extent(struct inode *inode, ++ struct btrfs_path *path, ++ struct btrfs_key *found_key, ++ const u64 item_end, ++ const u64 new_size) ++{ ++ struct extent_buffer *leaf = path->nodes[0]; ++ int slot = path->slots[0]; ++ struct btrfs_file_extent_item *fi; ++ u32 size = (u32)(new_size - found_key->offset); ++ struct btrfs_root *root = BTRFS_I(inode)->root; ++ ++ fi = btrfs_item_ptr(leaf, slot, struct btrfs_file_extent_item); ++ ++ if (btrfs_file_extent_compression(leaf, fi) != BTRFS_COMPRESS_NONE) { ++ loff_t offset = new_size; ++ loff_t page_end = ALIGN(offset, PAGE_CACHE_SIZE); ++ ++ /* ++ * Zero out the remaining of the last page of our inline extent, ++ * instead of directly truncating our inline extent here - that ++ * would be much more complex (decompressing all the data, then ++ * compressing the truncated data, which might be bigger than ++ * the size of the inline extent, resize the extent, etc). ++ * We release the path because to get the page we might need to ++ * read the extent item from disk (data not in the page cache). ++ */ ++ btrfs_release_path(path); ++ return btrfs_truncate_page(inode, offset, page_end - offset, 0); ++ } ++ ++ btrfs_set_file_extent_ram_bytes(leaf, fi, size); ++ size = btrfs_file_extent_calc_inline_size(size); ++ btrfs_truncate_item(root, path, size, 1); ++ ++ if (test_bit(BTRFS_ROOT_REF_COWS, &root->state)) ++ inode_sub_bytes(inode, item_end + 1 - new_size); ++ ++ return 0; ++} ++ + /* + * this can truncate away extent items, csum items and directory items. + * It starts at a high offset and removes keys until it can't find +@@ -4378,27 +4419,40 @@ search_again: + * special encodings + */ + if (!del_item && +- btrfs_file_extent_compression(leaf, fi) == 0 && + btrfs_file_extent_encryption(leaf, fi) == 0 && + btrfs_file_extent_other_encoding(leaf, fi) == 0) { +- u32 size = new_size - found_key.offset; +- +- if (test_bit(BTRFS_ROOT_REF_COWS, &root->state)) +- inode_sub_bytes(inode, item_end + 1 - +- new_size); + + /* +- * update the ram bytes to properly reflect +- * the new size of our item ++ * Need to release path in order to truncate a ++ * compressed extent. So delete any accumulated ++ * extent items so far. + */ +- btrfs_set_file_extent_ram_bytes(leaf, fi, size); +- size = +- btrfs_file_extent_calc_inline_size(size); +- btrfs_truncate_item(root, path, size, 1); ++ if (btrfs_file_extent_compression(leaf, fi) != ++ BTRFS_COMPRESS_NONE && pending_del_nr) { ++ err = btrfs_del_items(trans, root, path, ++ pending_del_slot, ++ pending_del_nr); ++ if (err) { ++ btrfs_abort_transaction(trans, ++ root, ++ err); ++ goto error; ++ } ++ pending_del_nr = 0; ++ } ++ ++ err = truncate_inline_extent(inode, path, ++ &found_key, ++ item_end, ++ new_size); ++ if (err) { ++ btrfs_abort_transaction(trans, ++ root, err); ++ goto error; ++ } + } else if (test_bit(BTRFS_ROOT_REF_COWS, + &root->state)) { +- inode_sub_bytes(inode, item_end + 1 - +- found_key.offset); ++ inode_sub_bytes(inode, item_end + 1 - new_size); + } + } + delete: +@@ -5632,6 +5686,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) char *name_ptr; int name_len; int is_curr = 0; /* ctx->pos points to the current index? */ @@ -75944,7 +76114,7 @@ index b54e630..6ecf999 100644 /* FIXME, use a real flag for deciding about the key type */ if (root->fs_info->tree_root == root) -@@ -5660,6 +5661,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) +@@ -5660,6 +5715,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) if (ret < 0) goto err; @@ -75952,7 +76122,7 @@ index b54e630..6ecf999 100644 while (1) { leaf = path->nodes[0]; slot = path->slots[0]; -@@ -5739,6 +5741,7 @@ skip: +@@ -5739,6 +5795,7 @@ skip: if (over) goto nopos; @@ -75960,7 +76130,7 @@ index b54e630..6ecf999 100644 di_len = btrfs_dir_name_len(leaf, di) + btrfs_dir_data_len(leaf, di) + sizeof(*di); di_cur += di_len; -@@ -5751,11 +5754,20 @@ next: +@@ -5751,11 +5808,20 @@ next: if (key_type == BTRFS_DIR_INDEX_KEY) { if (is_curr) ctx->pos++; @@ -84430,7 +84600,7 @@ index ce9e39f..5c5a436 100644 { const struct seq_operations *op = ((struct seq_file *)file->private_data)->op; diff --git a/fs/splice.c b/fs/splice.c -index 5fc1e50..6ae8957 100644 +index 5fc1e50..fcc355d 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -192,7 +192,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, @@ -84499,9 +84669,17 @@ index 5fc1e50..6ae8957 100644 sd->need_wakeup = true; } -@@ -810,10 +810,10 @@ static int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_des +@@ -809,11 +809,18 @@ static int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_des + */ static int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd) { ++ /* ++ * Check for signal early to make process killable when there are ++ * always buffers available ++ */ ++ if (signal_pending(current)) ++ return -ERESTARTSYS; ++ while (!pipe->nrbufs) { - if (!pipe->writers) + if (!atomic_read(&pipe->writers)) @@ -84512,7 +84690,15 @@ index 5fc1e50..6ae8957 100644 return 0; if (sd->flags & SPLICE_F_NONBLOCK) -@@ -1028,7 +1028,7 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out, +@@ -884,6 +891,7 @@ ssize_t __splice_from_pipe(struct pipe_inode_info *pipe, struct splice_desc *sd, + + splice_from_pipe_begin(sd); + do { ++ cond_resched(); + ret = splice_from_pipe_next(pipe, sd); + if (ret > 0) + ret = splice_from_pipe_feed(pipe, sd, actor); +@@ -1028,7 +1036,7 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out, ops->release(pipe, buf); pipe->curbuf = (pipe->curbuf + 1) & (pipe->buffers - 1); pipe->nrbufs--; @@ -84521,7 +84707,7 @@ index 5fc1e50..6ae8957 100644 sd.need_wakeup = true; } else { buf->offset += ret; -@@ -1188,7 +1188,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1188,7 +1196,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, * out of the pipe right after the splice_to_pipe(). So set * PIPE_READERS appropriately. */ @@ -84530,7 +84716,7 @@ index 5fc1e50..6ae8957 100644 current->splice_pipe = pipe; } -@@ -1495,6 +1495,7 @@ static int get_iovec_page_array(const struct iovec __user *iov, +@@ -1495,6 +1503,7 @@ static int get_iovec_page_array(const struct iovec __user *iov, partial[buffers].offset = off; partial[buffers].len = plen; @@ -84538,7 +84724,7 @@ index 5fc1e50..6ae8957 100644 off = 0; len -= plen; -@@ -1726,9 +1727,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1726,9 +1735,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -84550,7 +84736,7 @@ index 5fc1e50..6ae8957 100644 if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; -@@ -1760,7 +1761,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1760,7 +1769,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) pipe_lock(pipe); while (pipe->nrbufs >= pipe->buffers) { @@ -84559,7 +84745,7 @@ index 5fc1e50..6ae8957 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; break; -@@ -1773,9 +1774,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1773,9 +1782,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -84571,7 +84757,7 @@ index 5fc1e50..6ae8957 100644 } pipe_unlock(pipe); -@@ -1811,14 +1812,14 @@ retry: +@@ -1811,14 +1820,14 @@ retry: pipe_double_lock(ipipe, opipe); do { @@ -84588,7 +84774,7 @@ index 5fc1e50..6ae8957 100644 break; /* -@@ -1915,7 +1916,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1915,7 +1924,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, pipe_double_lock(ipipe, opipe); do { @@ -84597,7 +84783,7 @@ index 5fc1e50..6ae8957 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -1960,7 +1961,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1960,7 +1969,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, * return EAGAIN if we have the potential of some data in the * future, otherwise just return 0 */ @@ -84752,6 +84938,28 @@ index 94374e4..b5da3a1 100644 return PTR_ERR(kn); } +diff --git a/fs/sysv/inode.c b/fs/sysv/inode.c +index 590ad92..02fa1dc 100644 +--- a/fs/sysv/inode.c ++++ b/fs/sysv/inode.c +@@ -162,15 +162,8 @@ void sysv_set_inode(struct inode *inode, dev_t rdev) + inode->i_fop = &sysv_dir_operations; + inode->i_mapping->a_ops = &sysv_aops; + } else if (S_ISLNK(inode->i_mode)) { +- if (inode->i_blocks) { +- inode->i_op = &sysv_symlink_inode_operations; +- inode->i_mapping->a_ops = &sysv_aops; +- } else { +- inode->i_op = &simple_symlink_inode_operations; +- inode->i_link = (char *)SYSV_I(inode)->i_data; +- nd_terminate_link(inode->i_link, inode->i_size, +- sizeof(SYSV_I(inode)->i_data) - 1); +- } ++ inode->i_op = &sysv_symlink_inode_operations; ++ inode->i_mapping->a_ops = &sysv_aops; + } else + init_special_inode(inode, inode->i_mode, rdev); + } diff --git a/fs/sysv/sysv.h b/fs/sysv/sysv.h index 6c21228..9afd5fe 100644 --- a/fs/sysv/sysv.h @@ -100227,28 +100435,6 @@ index 484604d..0f6c5b6 100644 if (atomic_sub_and_test((int) count, &kref->refcount)) { release(kref); -diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index 05e99b8..484b1f97 100644 ---- a/include/linux/kvm_host.h -+++ b/include/linux/kvm_host.h -@@ -468,7 +468,7 @@ static inline void kvm_irqfd_exit(void) - { - } - #endif --int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, -+int kvm_init(const void *opaque, unsigned vcpu_size, unsigned vcpu_align, - struct module *module); - void kvm_exit(void); - -@@ -678,7 +678,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, - struct kvm_guest_debug *dbg); - int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run); - --int kvm_arch_init(void *opaque); -+int kvm_arch_init(const void *opaque); - void kvm_arch_exit(void); - - int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h index c9cfbcd..46986db 100644 --- a/include/linux/libata.h @@ -108964,7 +109150,7 @@ index 04e91ff..2419384 100644 } EXPORT_SYMBOL(__stack_chk_fail); diff --git a/kernel/pid.c b/kernel/pid.c -index 4fd07d5..02bce4f 100644 +index 4fd07d5..856f804 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -33,6 +33,7 @@ @@ -109004,7 +109190,7 @@ index 4fd07d5..02bce4f 100644 } struct task_struct *find_task_by_vpid(pid_t vnr) -@@ -462,6 +471,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) +@@ -462,13 +471,21 @@ struct task_struct *find_task_by_vpid(pid_t vnr) return find_task_by_pid_ns(vnr, task_active_pid_ns(current)); } @@ -109019,6 +109205,23 @@ index 4fd07d5..02bce4f 100644 struct pid *get_task_pid(struct task_struct *task, enum pid_type type) { struct pid *pid; + rcu_read_lock(); + if (type != PIDTYPE_PID) + task = task->group_leader; +- pid = get_pid(task->pids[type].pid); ++ pid = get_pid(rcu_dereference(task->pids[type].pid)); + rcu_read_unlock(); + return pid; + } +@@ -529,7 +546,7 @@ pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, + if (likely(pid_alive(task))) { + if (type != PIDTYPE_PID) + task = task->group_leader; +- nr = pid_nr_ns(task->pids[type].pid, ns); ++ nr = pid_nr_ns(rcu_dereference(task->pids[type].pid), ns); + } + rcu_read_unlock(); + diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c index a65ba13..f600dbb 100644 --- a/kernel/pid_namespace.c @@ -112151,6 +112354,19 @@ index e2894b2..23751b3 100644 help If you want to debug problems which hang or crash the kernel early on boot and the crashing machine has a FireWire port, you can use +diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan +index 39f24d6..cf80221 100644 +--- a/lib/Kconfig.kasan ++++ b/lib/Kconfig.kasan +@@ -5,7 +5,7 @@ if HAVE_ARCH_KASAN + + config KASAN + bool "KASan: runtime memory debugger" +- depends on SLUB_DEBUG ++ depends on SLUB_DEBUG && !GRKERNSEC_KSTACKOVERFLOW + select CONSTRUCTORS + help + Enables kernel address sanitizer - runtime memory debugger, diff --git a/lib/Makefile b/lib/Makefile index 6897b52..466bda9 100644 --- a/lib/Makefile @@ -117868,7 +118084,7 @@ index 68ff8a5..40c7a70 100644 if (len > buflen) diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 2faaa29..7ac7a6d 100644 +index 2faaa29..b4893f8 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -40,20 +40,65 @@ struct vfree_deferred { @@ -118099,7 +118315,17 @@ index 2faaa29..7ac7a6d 100644 if (flags & VM_IOREMAP) align = 1ul << clamp_t(int, fls_long(size), PAGE_SHIFT, IOREMAP_MAX_ORDER); -@@ -1531,13 +1638,36 @@ EXPORT_SYMBOL(vfree); +@@ -1345,7 +1452,9 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, + if (unlikely(!area)) + return NULL; + ++#ifndef CONFIG_GRKERNSEC_KSTACKOVERFLOW + if (!(flags & VM_NO_GUARD)) ++#endif + size += PAGE_SIZE; + + va = alloc_vmap_area(size, align, start, end, node, gfp_mask); +@@ -1531,13 +1640,36 @@ EXPORT_SYMBOL(vfree); */ void vunmap(const void *addr) { @@ -118139,7 +118365,7 @@ index 2faaa29..7ac7a6d 100644 /** * vmap - map an array of pages into virtually contiguous space * @pages: array of page pointers -@@ -1558,6 +1688,11 @@ void *vmap(struct page **pages, unsigned int count, +@@ -1558,6 +1690,11 @@ void *vmap(struct page **pages, unsigned int count, if (count > totalram_pages) return NULL; @@ -118151,7 +118377,7 @@ index 2faaa29..7ac7a6d 100644 area = get_vm_area_caller((count << PAGE_SHIFT), flags, __builtin_return_address(0)); if (!area) -@@ -1662,6 +1797,14 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, +@@ -1662,6 +1799,14 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) goto fail; @@ -118166,7 +118392,7 @@ index 2faaa29..7ac7a6d 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNINITIALIZED | vm_flags, start, end, node, gfp_mask, caller); if (!area) -@@ -1715,6 +1858,14 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, +@@ -1715,6 +1860,14 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, gfp_mask, prot, 0, node, caller); } @@ -118181,7 +118407,7 @@ index 2faaa29..7ac7a6d 100644 void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) { return __vmalloc_node(size, 1, gfp_mask, prot, NUMA_NO_NODE, -@@ -1838,10 +1989,9 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1838,10 +1991,9 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -118193,7 +118419,7 @@ index 2faaa29..7ac7a6d 100644 NUMA_NO_NODE, __builtin_return_address(0)); } -@@ -2148,6 +2298,8 @@ int remap_vmalloc_range_partial(struct vm_area_struct *vma, unsigned long uaddr, +@@ -2148,6 +2300,8 @@ int remap_vmalloc_range_partial(struct vm_area_struct *vma, unsigned long uaddr, { struct vm_struct *area; @@ -118202,7 +118428,7 @@ index 2faaa29..7ac7a6d 100644 size = PAGE_ALIGN(size); if (!PAGE_ALIGNED(uaddr) || !PAGE_ALIGNED(kaddr)) -@@ -2630,7 +2782,11 @@ static int s_show(struct seq_file *m, void *p) +@@ -2630,7 +2784,11 @@ static int s_show(struct seq_file *m, void *p) v->addr, v->addr + v->size, v->size); if (v->caller) @@ -118214,7 +118440,7 @@ index 2faaa29..7ac7a6d 100644 if (v->nr_pages) seq_printf(m, " pages=%d", v->nr_pages); -@@ -2688,52 +2844,5 @@ static int __init proc_vmalloc_init(void) +@@ -2688,52 +2846,5 @@ static int __init proc_vmalloc_init(void) } module_init(proc_vmalloc_init); @@ -125374,10 +125600,10 @@ index 55c96cb..e4e88ab 100644 __clean-files := $(filter-out $(no-clean-files), $(__clean-files)) diff --git a/scripts/Makefile.host b/scripts/Makefile.host -index 133edfa..c9aa07f 100644 +index 133edfa..4d180d9 100644 --- a/scripts/Makefile.host +++ b/scripts/Makefile.host -@@ -20,7 +20,19 @@ +@@ -20,7 +20,25 @@ # Will compile qconf as a C++ program, and menu as a C program. # They are linked as C++ code to the executable qconf @@ -125391,13 +125617,19 @@ index 133edfa..c9aa07f 100644 +# libkconfig.so as the executable conf. +# Note: Shared libraries consisting of C++ files are not supported + ++# hostcc-option ++# Usage: cflags-y += $(call hostcc-option,-march=winchip-c6,-march=i586) ++ ++hostcc-option = $(call try-run,\ ++ $(HOSTCC) $(HOSTCFLAGS) $(HOST_EXTRACFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2)) ++ __hostprogs := $(sort $(hostprogs-y) $(hostprogs-m)) +__hostlibs := $(sort $(hostlibs-y) $(hostlibs-m)) +__hostcxxlibs := $(sort $(hostcxxlibs-y) $(hostcxxlibs-m)) # C code # Executables compiled from a single .c file -@@ -42,6 +54,19 @@ host-cxxmulti := $(foreach m,$(__hostprogs),$(if $($(m)-cxxobjs),$(m))) +@@ -42,6 +60,19 @@ host-cxxmulti := $(foreach m,$(__hostprogs),$(if $($(m)-cxxobjs),$(m))) # C++ Object (.o) files compiled from .cc files host-cxxobjs := $(sort $(foreach m,$(host-cxxmulti),$($(m)-cxxobjs))) @@ -125417,7 +125649,7 @@ index 133edfa..c9aa07f 100644 # output directory for programs/.o files # hostprogs-y := tools/build may have been specified. # Retrieve also directory of .o files from prog-objs or prog-cxxobjs notation -@@ -56,6 +81,10 @@ host-cmulti := $(addprefix $(obj)/,$(host-cmulti)) +@@ -56,6 +87,10 @@ host-cmulti := $(addprefix $(obj)/,$(host-cmulti)) host-cobjs := $(addprefix $(obj)/,$(host-cobjs)) host-cxxmulti := $(addprefix $(obj)/,$(host-cxxmulti)) host-cxxobjs := $(addprefix $(obj)/,$(host-cxxobjs)) @@ -125428,7 +125660,7 @@ index 133edfa..c9aa07f 100644 host-objdirs := $(addprefix $(obj)/,$(host-objdirs)) obj-dirs += $(host-objdirs) -@@ -124,5 +153,37 @@ quiet_cmd_host-cxxobjs = HOSTCXX $@ +@@ -124,5 +159,37 @@ quiet_cmd_host-cxxobjs = HOSTCXX $@ $(host-cxxobjs): $(obj)/%.o: $(src)/%.cc FORCE $(call if_changed_dep,host-cxxobjs) @@ -128792,10 +129024,10 @@ index 0000000..0c96d8a +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..b884a56 +index 0000000..0b98f34 --- /dev/null +++ b/tools/gcc/constify_plugin.c -@@ -0,0 +1,564 @@ +@@ -0,0 +1,571 @@ +/* + * Copyright 2011 by Emese Revfy <re.em...@gmail.com> + * Copyright 2011-2015 by PaX Team <pagee...@freemail.hu> @@ -128813,13 +129045,15 @@ index 0000000..b884a56 + +#include "gcc-common.h" + -+// unused C type flag in all versions 4.5-5.0 ++// unused C type flag in all versions 4.5-6 +#define TYPE_CONSTIFY_VISITED(TYPE) TYPE_LANG_FLAG_4(TYPE) + +int plugin_is_GPL_compatible; + ++static bool constify = true; ++ +static struct plugin_info const_plugin_info = { -+ .version = "201401270210", ++ .version = "201511290250", + .help = "no-constify\tturn off constification\n", +}; + @@ -128868,17 +129102,15 @@ index 0000000..b884a56 + + if (is_fptr(field)) + cinfo->has_fptr_field = true; -+ else if (!TREE_READONLY(field)) -+ cinfo->has_writable_field = true; -+ -+ if (code == RECORD_TYPE || code == UNION_TYPE) { ++ else if (code == RECORD_TYPE || code == UNION_TYPE) { + if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) + cinfo->has_do_const_field = true; + else if (lookup_attribute("no_const", TYPE_ATTRIBUTES(type))) + cinfo->has_no_const_field = true; + else + constifiable(type, cinfo); -+ } ++ } else if (!TREE_READONLY(field)) ++ cinfo->has_writable_field = true; + } +} + @@ -128904,7 +129136,7 @@ index 0000000..b884a56 + } + + constifiable(node, &cinfo); -+ if ((!cinfo.has_fptr_field || cinfo.has_writable_field) && !cinfo.has_do_const_field) ++ if ((!cinfo.has_fptr_field || cinfo.has_writable_field || cinfo.has_no_const_field) && !cinfo.has_do_const_field) + return false; + + return TYPE_READONLY(node); @@ -129028,13 +129260,21 @@ index 0000000..b884a56 + } + + constifiable(type, &cinfo); -+ if ((cinfo.has_fptr_field && !cinfo.has_writable_field) || lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) { -+ deconstify_tree(*node); -+ TYPE_CONSTIFY_VISITED(TREE_TYPE(*node)) = 1; ++ if ((cinfo.has_fptr_field && !cinfo.has_writable_field && !cinfo.has_no_const_field) || lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) { ++ if (constify) { ++ if TYPE_P(*node) ++ deconstify_type(*node); ++ else ++ deconstify_tree(*node); ++ } ++ if (TYPE_P(*node)) ++ TYPE_CONSTIFY_VISITED(*node) = 1; ++ else ++ TYPE_CONSTIFY_VISITED(TREE_TYPE(*node)) = 1; + return NULL_TREE; + } + -+ if (TYPE_FIELDS(type)) ++ if (constify && TYPE_FIELDS(type)) + error("%qE attribute used on type %qT that is not constified", name, type); + return NULL_TREE; +} @@ -129131,7 +129371,7 @@ index 0000000..b884a56 + constifiable(type, &cinfo); + + if (lookup_attribute("no_const", TYPE_ATTRIBUTES(type))) { -+ if ((cinfo.has_fptr_field && !cinfo.has_writable_field) || cinfo.has_do_const_field) { ++ if ((cinfo.has_fptr_field && !cinfo.has_writable_field && !cinfo.has_no_const_field) || cinfo.has_do_const_field) { + deconstify_type(type); + TYPE_CONSTIFY_VISITED(type) = 1; + } else @@ -129140,7 +129380,7 @@ index 0000000..b884a56 + } + + if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) { -+ if (!cinfo.has_writable_field) { ++ if (!cinfo.has_writable_field && !cinfo.has_no_const_field) { + error("'do_const' attribute used on type %qT that is%sconstified", type, cinfo.has_fptr_field ? " " : " not "); + return; + } @@ -129148,7 +129388,7 @@ index 0000000..b884a56 + return; + } + -+ if (cinfo.has_fptr_field && !cinfo.has_writable_field) { ++ if (cinfo.has_fptr_field && !cinfo.has_writable_field && !cinfo.has_no_const_field) { + if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) { + error("'do_const' attribute used on type %qT that is constified", type); + return; @@ -129322,7 +129562,6 @@ index 0000000..b884a56 + const int argc = plugin_info->argc; + const struct plugin_argument * const argv = plugin_info->argv; + int i; -+ bool constify = true; + + struct register_pass_info check_local_variables_pass_info; + @@ -130194,7 +130433,7 @@ index 0000000..7514850 +fi diff --git a/tools/gcc/initify_plugin.c b/tools/gcc/initify_plugin.c new file mode 100644 -index 0000000..b5684e8 +index 0000000..39c0731 --- /dev/null +++ b/tools/gcc/initify_plugin.c @@ -0,0 +1,552 @@ @@ -130218,7 +130457,7 @@ index 0000000..b5684e8 +int plugin_is_GPL_compatible; + +static struct plugin_info initify_plugin_info = { -+ .version = "20151113", ++ .version = "20151128", + .help = "initify_plugin\n", +}; + @@ -130504,7 +130743,7 @@ index 0000000..b5684e8 +{ + basic_block bb; + -+ FOR_ALL_BB_FN(bb, cfun) { ++ FOR_EACH_BB_FN(bb, cfun) { + gimple_stmt_iterator gsi; + + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { @@ -130618,7 +130857,7 @@ index 0000000..b5684e8 +{ + basic_block bb; + -+ FOR_ALL_BB_FN(bb, cfun) { ++ FOR_EACH_BB_FN(bb, cfun) { + gimple_stmt_iterator gsi; + + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { @@ -130946,10 +131185,10 @@ index 0000000..457d54e +} diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c new file mode 100644 -index 0000000..4838c8a +index 0000000..6b8ef9a --- /dev/null +++ b/tools/gcc/kernexec_plugin.c -@@ -0,0 +1,551 @@ +@@ -0,0 +1,549 @@ +/* + * Copyright 2011-2015 by the PaX Team <pagee...@freemail.hu> + * Licensed under the GPL v2 @@ -131150,6 +131389,8 @@ index 0000000..4838c8a + continue; + call_stmt = as_a_gcall(stmt); + fn = gimple_call_fn(call_stmt); ++ if (!fn) ++ continue; + if (TREE_CODE(fn) == ADDR_EXPR) + continue; + if (TREE_CODE(fn) != SSA_NAME) @@ -131185,14 +131426,12 @@ index 0000000..4838c8a +{ + rtx btsq; + rtvec argvec, constraintvec, labelvec; -+ int line; + + // create asm volatile("btsq $63,(%%rsp)":::) + argvec = rtvec_alloc(0); + constraintvec = rtvec_alloc(0); + labelvec = rtvec_alloc(0); -+ line = expand_location(RTL_LOCATION(insn)).line; -+ btsq = gen_rtx_ASM_OPERANDS(VOIDmode, "btsq $63,(%%rsp)", empty_string, 0, argvec, constraintvec, labelvec, line); ++ btsq = gen_rtx_ASM_OPERANDS(VOIDmode, "btsq $63,(%%rsp)", empty_string, 0, argvec, constraintvec, labelvec, RTL_LOCATION(insn)); + MEM_VOLATILE_P(btsq) = 1; +// RTX_FRAME_RELATED_P(btsq) = 1; // not for ASM_OPERANDS + emit_insn_before(btsq, insn); @@ -131203,14 +131442,12 @@ index 0000000..4838c8a +{ + rtx orq; + rtvec argvec, constraintvec, labelvec; -+ int line; + + // create asm volatile("orq %%r12,(%%rsp)":::) + argvec = rtvec_alloc(0); + constraintvec = rtvec_alloc(0); + labelvec = rtvec_alloc(0); -+ line = expand_location(RTL_LOCATION(insn)).line; -+ orq = gen_rtx_ASM_OPERANDS(VOIDmode, "orq %%r12,(%%rsp)", empty_string, 0, argvec, constraintvec, labelvec, line); ++ orq = gen_rtx_ASM_OPERANDS(VOIDmode, "orq %%r12,(%%rsp)", empty_string, 0, argvec, constraintvec, labelvec, RTL_LOCATION(insn)); + MEM_VOLATILE_P(orq) = 1; +// RTX_FRAME_RELATED_P(orq) = 1; // not for ASM_OPERANDS + emit_insn_before(orq, insn); @@ -131979,7 +132216,7 @@ index 0000000..f76c1c6 +} diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c new file mode 100644 -index 0000000..06a039c +index 0000000..444b8bd --- /dev/null +++ b/tools/gcc/randomize_layout_plugin.c @@ -0,0 +1,930 @@ @@ -132694,7 +132931,7 @@ index 0000000..06a039c + + handle_local_var_initializers(); + -+ FOR_ALL_BB_FN(bb, cfun) { ++ FOR_EACH_BB_FN(bb, cfun) { + gimple_stmt_iterator gsi; + + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { @@ -132924,10 +133161,12 @@ index 0000000..c4b24b9 +size_overflow_hash_aux.h diff --git a/tools/gcc/size_overflow_plugin/Makefile b/tools/gcc/size_overflow_plugin/Makefile new file mode 100644 -index 0000000..4c7f7c6 +index 0000000..f74d85a --- /dev/null +++ b/tools/gcc/size_overflow_plugin/Makefile -@@ -0,0 +1,26 @@ +@@ -0,0 +1,28 @@ ++HOST_EXTRACXXFLAGS += $(call hostcc-option, -fno-ipa-icf) ++ +$(HOSTLIBS)-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so +always := $($(HOSTLIBS)-y) + @@ -132956,10 +133195,10 @@ index 0000000..4c7f7c6 +targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data new file mode 100644 -index 0000000..b0e0cdf +index 0000000..8ce9ec1 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data -@@ -0,0 +1,12419 @@ +@@ -0,0 +1,12422 @@ +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL +disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray @@ -145379,6 +145618,9 @@ index 0000000..b0e0cdf +enable_so_exit_info_1_vmcb_control_area_20200 exit_info_1 vmcb_control_area 0 20200 NULL +enable_so_event_inj_vmcb_control_area_23434 event_inj vmcb_control_area 0 23434 NULL +enable_so_iopm_base_pa_vmcb_control_area_57998 iopm_base_pa vmcb_control_area 0 57998 NULL ++enable_so_i_size_lo_ext4_inode_40153 i_size_lo ext4_inode 0 40153 NULL ++enable_so_i_size_high_ext4_inode_18545 i_size_high ext4_inode 0 18545 NULL ++enable_so_nr_kvm_queued_interrupt_34927 nr kvm_queued_interrupt 0 34927 NULL diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh new file mode 100644 index 0000000..be9724d @@ -145490,7 +145732,7 @@ index 0000000..be9724d +exit 0 diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c new file mode 100644 -index 0000000..37e2e91 +index 0000000..cc20d48 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c @@ -0,0 +1,416 @@ @@ -145834,7 +146076,7 @@ index 0000000..37e2e91 +{ + basic_block bb; + -+ FOR_ALL_BB_FN(bb, cfun) { ++ FOR_EACH_BB_FN(bb, cfun) { + gimple_stmt_iterator gsi; + + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { @@ -145912,10 +146154,10 @@ index 0000000..37e2e91 +#endif diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c new file mode 100644 -index 0000000..a662b4b +index 0000000..3bf5a4e --- /dev/null +++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c -@@ -0,0 +1,947 @@ +@@ -0,0 +1,1010 @@ +/* + * Copyright 2011-2015 by Emese Revfy <re.em...@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -146291,6 +146533,9 @@ index 0000000..a662b4b + // handle MARK_TURN_OFF early on the caller + if (is_turn_off_intentional_attr(orig_cur_fndecl)) + return MARK_TURN_OFF; ++ // handle MARK_END_INTENTIONAL on the caller ++ if (is_end_intentional_intentional_attr(orig_cur_fndecl)) ++ return MARK_END_INTENTIONAL; + + switch (gimple_code(stmt)) { + case GIMPLE_RETURN: @@ -146863,6 +147108,66 @@ index 0000000..a662b4b + so_stmt = get_dup_stmt(visited, stmt); + create_up_and_down_cast(visited, so_stmt, lhs_type, gimple_assign_rhs1(so_stmt)); +} ++ ++/* gcc intentional overflow ++ * e.g., skb_set_network_header(), skb_set_mac_header() ++ * -, int offset + u16 network_header ++ * offset = -x->props.header_len ++ * skb->network_header += offset; ++ * ++ * SSA ++ * _141 = -_140; ++ * _154 = (short unsigned int) _141; ++ * _155 = (size_overflow_type_SI) _154; ++ * _156 = _154 + _155; ++ * _157 = (short unsigned int) _156; ++ */ ++static bool is_short_cast_neg(const_tree rhs) ++{ ++ const_tree cast_rhs; ++ const_gimple neg_stmt; ++ gimple neg_cast_stmt, cast_stmt = get_def_stmt(rhs); ++ ++ if (!cast_stmt || !gimple_assign_cast_p(cast_stmt)) ++ return false; ++ ++ cast_rhs = gimple_assign_rhs1(cast_stmt); ++ if (GET_MODE_BITSIZE(TYPE_MODE(TREE_TYPE(cast_rhs))) >= GET_MODE_BITSIZE(TYPE_MODE(TREE_TYPE(rhs)))) ++ return false; ++ ++ neg_cast_stmt = get_def_stmt(cast_rhs); ++ if (!neg_cast_stmt || !gimple_assign_cast_p(neg_cast_stmt)) ++ return false; ++ ++ neg_stmt = get_def_stmt(gimple_assign_rhs1(neg_cast_stmt)); ++ if (!neg_stmt || !is_gimple_assign(neg_stmt)) ++ return false; ++ return gimple_assign_rhs_code(neg_stmt) == NEGATE_EXPR; ++} ++ ++bool neg_short_add_intentional_overflow(gassign *unary_stmt) ++{ ++ const_tree rhs1, add_rhs1, add_rhs2, cast_rhs; ++ const_gimple add_stmt; ++ gimple cast_stmt; ++ ++ rhs1 = gimple_assign_rhs1(unary_stmt); ++ ++ cast_stmt = get_def_stmt(rhs1); ++ if (!cast_stmt || !gimple_assign_cast_p(cast_stmt)) ++ return false; ++ cast_rhs = gimple_assign_rhs1(cast_stmt); ++ if (GET_MODE_BITSIZE(TYPE_MODE(TREE_TYPE(cast_rhs))) <= GET_MODE_BITSIZE(TYPE_MODE(TREE_TYPE(rhs1)))) ++ return false; ++ ++ add_stmt = get_def_stmt(cast_rhs); ++ if (!add_stmt || !is_gimple_assign(add_stmt) || gimple_assign_rhs_code(add_stmt) != PLUS_EXPR) ++ return false; ++ ++ add_rhs1 = gimple_assign_rhs1(add_stmt); ++ add_rhs2 = gimple_assign_rhs2(add_stmt); ++ return is_short_cast_neg(add_rhs1) || is_short_cast_neg(add_rhs2); ++} diff --git a/tools/gcc/size_overflow_plugin/remove_unnecessary_dup.c b/tools/gcc/size_overflow_plugin/remove_unnecessary_dup.c new file mode 100644 index 0000000..5622b51 @@ -147008,10 +147313,10 @@ index 0000000..5622b51 + diff --git a/tools/gcc/size_overflow_plugin/size_overflow.h b/tools/gcc/size_overflow_plugin/size_overflow.h new file mode 100644 -index 0000000..2d733e1 +index 0000000..5fd6c28 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow.h -@@ -0,0 +1,322 @@ +@@ -0,0 +1,323 @@ +#ifndef SIZE_OVERFLOW_H +#define SIZE_OVERFLOW_H + @@ -147215,6 +147520,7 @@ index 0000000..2d733e1 +extern bool is_a_neg_overflow(const gassign *stmt, const_tree rhs); +extern enum intentional_overflow_type add_mul_intentional_overflow(const gassign *stmt); +extern void unsigned_signed_cast_intentional_overflow(struct visited *visited, gassign *stmt); ++extern bool neg_short_add_intentional_overflow(gassign *stmt); + + +// insert_size_overflow_asm.c @@ -147336,7 +147642,7 @@ index 0000000..2d733e1 +#endif diff --git a/tools/gcc/size_overflow_plugin/size_overflow_debug.c b/tools/gcc/size_overflow_plugin/size_overflow_debug.c new file mode 100644 -index 0000000..ab2d25a +index 0000000..fc58e16 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_debug.c @@ -0,0 +1,194 @@ @@ -147387,7 +147693,7 @@ index 0000000..ab2d25a + fprintf(file, "dump_function function_name: %s\n", cgraph_node_name(node)); + + fprintf(file, "\nstmts:\n"); -+ FOR_ALL_BB_FN(bb, DECL_STRUCT_FUNCTION(NODE_DECL(node))) { ++ FOR_EACH_BB_FN(bb, DECL_STRUCT_FUNCTION(NODE_DECL(node))) { + gimple_stmt_iterator si; + + fprintf(file, "<bb %u>:\n", bb->index); @@ -147536,10 +147842,10 @@ index 0000000..ab2d25a +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..b683d96 +index 0000000..2d4a6ed --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,20738 @@ +@@ -0,0 +1,20735 @@ +enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL +enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL +enable_so_size_ttm_mem_reg_8 size ttm_mem_reg 0 8 NULL @@ -153319,7 +153625,6 @@ index 0000000..b683d96 +enable_so_tomoyo_update_domain_fndecl_18537 tomoyo_update_domain fndecl 2 18537 NULL +enable_so_progress_kcopyd_job_18540 progress kcopyd_job 0 18540 NULL +enable_so_sect_floppy_struct_18543 sect floppy_struct 0 18543 NULL -+enable_so_i_size_high_ext4_inode_18545 i_size_high ext4_inode 0 18545 NULL +enable_so_ubi_leb_write_fndecl_18549 ubi_leb_write fndecl 5-4 18549 NULL +enable_so_xfs_efi_init_fndecl_18551 xfs_efi_init fndecl 2 18551 NULL +enable_so_inodes_squashfs_sb_info_18553 inodes squashfs_sb_info 0 18553 NULL nohasharray @@ -158580,7 +158885,6 @@ index 0000000..b683d96 +enable_so_consume_size_vmci_qp_alloc_info_34922 consume_size vmci_qp_alloc_info 0 34922 NULL +enable_so_rcc__DMABUFFERENTRY_34925 rcc _DMABUFFERENTRY 0 34925 NULL +enable_so_shared_secret_len_net_conf_34926 shared_secret_len net_conf 0 34926 NULL -+enable_so_nr_kvm_queued_interrupt_34927 nr kvm_queued_interrupt 0 34927 NULL +enable_so_port_fops_write_fndecl_34928 port_fops_write fndecl 3 34928 NULL +enable_so_len_wil6210_mbox_hdr_34930 len wil6210_mbox_hdr 0 34930 NULL +enable_so_swiotlb_init_with_tbl_fndecl_34935 swiotlb_init_with_tbl fndecl 2 34935 NULL @@ -160293,7 +160597,6 @@ index 0000000..b683d96 +enable_so_port_fops_read_fndecl_40137 port_fops_read fndecl 3 40137 &enable_so_num_jumbo_rxd_netxen_adapter_40137 +enable_so_off_fuse_notify_inval_inode_out_40142 off fuse_notify_inval_inode_out 0 40142 NULL +enable_so_isr_wakeups_read_fndecl_40148 isr_wakeups_read fndecl 3 40148 NULL -+enable_so_i_size_lo_ext4_inode_40153 i_size_lo ext4_inode 0 40153 NULL +enable_so_ftdi_elan_edset_single_fndecl_40157 ftdi_elan_edset_single fndecl 0 40157 NULL +enable_so_xfs_ialloc_get_rec_fndecl_40163 xfs_ialloc_get_rec fndecl 2 40163 NULL +enable_so_at24_bin_read_fndecl_40165 at24_bin_read fndecl 6 40165 NULL nohasharray @@ -168378,7 +168681,7 @@ index 0000000..17bc0d8 +enable_so_zpios_read_fndecl_64734 zpios_read fndecl 3 64734 NULL diff --git a/tools/gcc/size_overflow_plugin/size_overflow_ipa.c b/tools/gcc/size_overflow_plugin/size_overflow_ipa.c new file mode 100644 -index 0000000..c8ebf92 +index 0000000..d972178 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_ipa.c @@ -0,0 +1,1226 @@ @@ -169092,7 +169395,7 @@ index 0000000..c8ebf92 + + set_current_function_decl(cur_fndecl); + -+ FOR_ALL_BB_FN(bb, cfun) { ++ FOR_EACH_BB_FN(bb, cfun) { + gimple_stmt_iterator gsi; + + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { @@ -170121,7 +170424,7 @@ index 0000000..6075e8f + diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c new file mode 100644 -index 0000000..a82cc026 +index 0000000..29a5c26 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c @@ -0,0 +1,318 @@ @@ -170156,7 +170459,7 @@ index 0000000..a82cc026 +tree size_overflow_type_TI; + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20151029", ++ .version = "20151128", + .help = "no-size-overflow\tturn off size overflow checking\n", +}; + @@ -170803,10 +171106,10 @@ index 0000000..317cd6c + diff --git a/tools/gcc/size_overflow_plugin/size_overflow_transform.c b/tools/gcc/size_overflow_plugin/size_overflow_transform.c new file mode 100644 -index 0000000..a974b2d +index 0000000..8f42c7e --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_transform.c -@@ -0,0 +1,746 @@ +@@ -0,0 +1,749 @@ +/* + * Copyright 2011-2015 by Emese Revfy <re.em...@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -171291,6 +171594,9 @@ index 0000000..a974b2d + return decl; + + fnptr = gimple_call_fn(call_stmt); ++ if (fnptr == NULL_TREE) ++ return NULL_TREE; ++ + // !!! assertot kell irni 0-ra, mert csak az lehet ott + if (is_gimple_constant(fnptr)) + return NULL_TREE; @@ -171408,7 +171714,7 @@ index 0000000..a974b2d + + next_node_ret = get_interesting_function_next_node(current_function_decl, 0); + -+ FOR_ALL_BB_FN(bb, cfun) { ++ FOR_EACH_BB_FN(bb, cfun) { + gimple_stmt_iterator gsi; + + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { @@ -171517,7 +171823,7 @@ index 0000000..a974b2d +{ + basic_block bb; + -+ FOR_ALL_BB_FN(bb, cfun) { ++ FOR_EACH_BB_FN(bb, cfun) { + gimple_stmt_iterator si; + + for (si = gsi_start_bb(bb); !gsi_end_p(si); gsi_next(&si)) @@ -171555,10 +171861,10 @@ index 0000000..a974b2d +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_transform_core.c b/tools/gcc/size_overflow_plugin/size_overflow_transform_core.c new file mode 100644 -index 0000000..460c047 +index 0000000..8a30b3b --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_transform_core.c -@@ -0,0 +1,1008 @@ +@@ -0,0 +1,1010 @@ +/* + * Copyright 2011-2015 by Emese Revfy <re.em...@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -172113,6 +172419,8 @@ index 0000000..460c047 + + if (is_const_plus_unsigned_signed_truncation(rhs)) + return; ++ if (is_gimple_assign(stmt) && neg_short_add_intentional_overflow(as_a_gassign(stmt))) ++ return; + + type_max = cast_a_tree(size_overflow_type, TYPE_MAX_VALUE(rhs_type)); + // typemax (-1) < typemin (0) @@ -173011,7 +173319,7 @@ index 0000000..155e2c5 +} diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c new file mode 100644 -index 0000000..e9dbd4b +index 0000000..debe0cc --- /dev/null +++ b/tools/gcc/structleak_plugin.c @@ -0,0 +1,287 @@ @@ -173043,7 +173351,7 @@ index 0000000..e9dbd4b + +#include "gcc-common.h" + -+// unused C type flag in all versions 4.5-5.0 ++// unused C type flag in all versions 4.5-6 +#define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_5(TYPE) + +int plugin_is_GPL_compatible; @@ -173360,7 +173668,7 @@ index 0a578fe..b81f62d 100644 }) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 5a2a78a..4f322d3 100644 +index 5a2a78a..890e7fb 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -81,12 +81,17 @@ LIST_HEAD(vm_list); @@ -173461,15 +173769,6 @@ index 5a2a78a..4f322d3 100644 hardware_disable_all_nolock(); r = -EBUSY; } -@@ -3436,7 +3449,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, - kvm_arch_vcpu_put(vcpu); - } - --int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, -+int kvm_init(const void *opaque, unsigned vcpu_size, unsigned vcpu_align, - struct module *module) - { - int r; @@ -3483,7 +3496,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (!vcpu_align) vcpu_align = __alignof__(struct kvm_vcpu);
