commit: 31d2e9dad6475db7495158a948214b524d774843
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 15 10:41:42 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Jul 15 10:41:42 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=31d2e9da
Grsec/PaX: 3.0-{3.2.60,3.14.12,3.15.5}-201407142248
---
3.14.12/0000_README | 2 +-
...4420_grsecurity-3.0-3.14.12-201407142243.patch} | 262 +++++++++++++-
3.15.5/0000_README | 2 +-
... 4420_grsecurity-3.0-3.15.5-201407142248.patch} | 394 ++++++++++++++++++++-
3.2.61/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.61-201407132023.patch} | 86 ++++-
6 files changed, 711 insertions(+), 37 deletions(-)
diff --git a/3.14.12/0000_README b/3.14.12/0000_README
index f71dcad..f32e676 100644
--- a/3.14.12/0000_README
+++ b/3.14.12/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.14.12-201407100035.patch
+Patch: 4420_grsecurity-3.0-3.14.12-201407142243.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.12/4420_grsecurity-3.0-3.14.12-201407100035.patch
b/3.14.12/4420_grsecurity-3.0-3.14.12-201407142243.patch
similarity index 99%
rename from 3.14.12/4420_grsecurity-3.0-3.14.12-201407100035.patch
rename to 3.14.12/4420_grsecurity-3.0-3.14.12-201407142243.patch
index 3a245d4..bf2b106 100644
--- a/3.14.12/4420_grsecurity-3.0-3.14.12-201407100035.patch
+++ b/3.14.12/4420_grsecurity-3.0-3.14.12-201407142243.patch
@@ -45278,6 +45278,212 @@ index ae0f56a..ec71784 100644
/* debug */
static int dvb_usb_dw2102_debug;
+diff --git a/drivers/media/usb/dvb-usb/technisat-usb2.c
b/drivers/media/usb/dvb-usb/technisat-usb2.c
+index 98d24ae..bc22415 100644
+--- a/drivers/media/usb/dvb-usb/technisat-usb2.c
++++ b/drivers/media/usb/dvb-usb/technisat-usb2.c
+@@ -87,8 +87,11 @@ struct technisat_usb2_state {
+ static int technisat_usb2_i2c_access(struct usb_device *udev,
+ u8 device_addr, u8 *tx, u8 txlen, u8 *rx, u8 rxlen)
+ {
+- u8 b[64];
+- int ret, actual_length;
++ u8 *b = kmalloc(64, GFP_KERNEL);
++ int ret, actual_length, error = 0;
++
++ if (b == NULL)
++ return -ENOMEM;
+
+ deb_i2c("i2c-access: %02x, tx: ", device_addr);
+ debug_dump(tx, txlen, deb_i2c);
+@@ -121,7 +124,8 @@ static int technisat_usb2_i2c_access(struct usb_device
*udev,
+
+ if (ret < 0) {
+ err("i2c-error: out failed %02x = %d", device_addr, ret);
+- return -ENODEV;
++ error = -ENODEV;
++ goto out;
+ }
+
+ ret = usb_bulk_msg(udev,
+@@ -129,7 +133,8 @@ static int technisat_usb2_i2c_access(struct usb_device
*udev,
+ b, 64, &actual_length, 1000);
+ if (ret < 0) {
+ err("i2c-error: in failed %02x = %d", device_addr, ret);
+- return -ENODEV;
++ error = -ENODEV;
++ goto out;
+ }
+
+ if (b[0] != I2C_STATUS_OK) {
+@@ -137,8 +142,10 @@ static int technisat_usb2_i2c_access(struct usb_device
*udev,
+ /* handle tuner-i2c-nak */
+ if (!(b[0] == I2C_STATUS_NAK &&
+ device_addr == 0x60
+- /* && device_is_technisat_usb2 */))
+- return -ENODEV;
++ /* && device_is_technisat_usb2 */)) {
++ error = -ENODEV;
++ goto out;
++ }
+ }
+
+ deb_i2c("status: %d, ", b[0]);
+@@ -152,7 +159,9 @@ static int technisat_usb2_i2c_access(struct usb_device
*udev,
+
+ deb_i2c("\n");
+
+- return 0;
++out:
++ kfree(b);
++ return error;
+ }
+
+ static int technisat_usb2_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg
*msg,
+@@ -224,14 +233,16 @@ static int technisat_usb2_set_led(struct dvb_usb_device
*d, int red, enum techni
+ {
+ int ret;
+
+- u8 led[8] = {
+- red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
+- 0
+- };
++ u8 *led = kzalloc(8, GFP_KERNEL);
++
++ if (led == NULL)
++ return -ENOMEM;
+
+ if (disable_led_control && state != LED_OFF)
+ return 0;
+
++ led[0] = red ? SET_RED_LED_VENDOR_REQUEST :
SET_GREEN_LED_VENDOR_REQUEST;
++
+ switch (state) {
+ case LED_ON:
+ led[1] = 0x82;
+@@ -263,16 +274,22 @@ static int technisat_usb2_set_led(struct dvb_usb_device
*d, int red, enum techni
+ red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
+ USB_TYPE_VENDOR | USB_DIR_OUT,
+ 0, 0,
+- led, sizeof(led), 500);
++ led, 8, 500);
+
+ mutex_unlock(&d->i2c_mutex);
++
++ kfree(led);
++
+ return ret;
+ }
+
+ static int technisat_usb2_set_led_timer(struct dvb_usb_device *d, u8 red, u8
green)
+ {
+ int ret;
+- u8 b = 0;
++ u8 *b = kzalloc(1, GFP_KERNEL);
++
++ if (b == NULL)
++ return -ENOMEM;
+
+ if (mutex_lock_interruptible(&d->i2c_mutex) < 0)
+ return -EAGAIN;
+@@ -281,10 +298,12 @@ static int technisat_usb2_set_led_timer(struct
dvb_usb_device *d, u8 red, u8 gre
+ SET_LED_TIMER_DIVIDER_VENDOR_REQUEST,
+ USB_TYPE_VENDOR | USB_DIR_OUT,
+ (red << 8) | green, 0,
+- &b, 1, 500);
++ b, 1, 500);
+
+ mutex_unlock(&d->i2c_mutex);
+
++ kfree(b);
++
+ return ret;
+ }
+
+@@ -328,7 +347,7 @@ static int technisat_usb2_identify_state(struct usb_device
*udev,
+ struct dvb_usb_device_description **desc, int *cold)
+ {
+ int ret;
+- u8 version[3];
++ u8 *version = kmalloc(3, GFP_KERNEL);
+
+ /* first select the interface */
+ if (usb_set_interface(udev, 0, 1) != 0)
+@@ -338,11 +357,14 @@ static int technisat_usb2_identify_state(struct
usb_device *udev,
+
+ *cold = 0; /* by default do not download a firmware - just in case
something is wrong */
+
++ if (version == NULL)
++ return 0;
++
+ ret = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
+ GET_VERSION_INFO_VENDOR_REQUEST,
+ USB_TYPE_VENDOR | USB_DIR_IN,
+ 0, 0,
+- version, sizeof(version), 500);
++ version, 3, 500);
+
+ if (ret < 0)
+ *cold = 1;
+@@ -351,6 +373,8 @@ static int technisat_usb2_identify_state(struct usb_device
*udev,
+ *cold = 0;
+ }
+
++ kfree(version);
++
+ return 0;
+ }
+
+@@ -591,10 +615,15 @@ static int technisat_usb2_frontend_attach(struct
dvb_usb_adapter *a)
+
+ static int technisat_usb2_get_ir(struct dvb_usb_device *d)
+ {
+- u8 buf[62], *b;
++ u8 *buf, *b;
+ int ret;
+ struct ir_raw_event ev;
+
++ buf = kmalloc(62, GFP_KERNEL);
++
++ if (buf == NULL)
++ return -ENOMEM;
++
+ buf[0] = GET_IR_DATA_VENDOR_REQUEST;
+ buf[1] = 0x08;
+ buf[2] = 0x8f;
+@@ -617,16 +646,20 @@ static int technisat_usb2_get_ir(struct dvb_usb_device
*d)
+ GET_IR_DATA_VENDOR_REQUEST,
+ USB_TYPE_VENDOR | USB_DIR_IN,
+ 0x8080, 0,
+- buf, sizeof(buf), 500);
++ buf, 62, 500);
+
+ unlock:
+ mutex_unlock(&d->i2c_mutex);
+
+- if (ret < 0)
++ if (ret < 0) {
++ kfree(buf);
+ return ret;
++ }
+
+- if (ret == 1)
++ if (ret == 1) {
++ kfree(buf);
+ return 0; /* no key pressed */
++ }
+
+ /* decoding */
+ b = buf+1;
+@@ -653,6 +686,8 @@ unlock:
+
+ ir_raw_event_handle(d->rc_dev);
+
++ kfree(buf);
++
+ return 1;
+ }
+
diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
index fca336b..fb70ab7 100644
--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -52838,6 +53044,36 @@ index 7ae0c4d..35521b7 100644
retval = submit_single_step_set_feature(hcd, urb, 0);
if (!retval && !wait_for_completion_timeout(&done,
msecs_to_jiffies(2000))) {
+diff --git a/drivers/usb/host/hwa-hc.c b/drivers/usb/host/hwa-hc.c
+index e076699..6b3b875 100644
+--- a/drivers/usb/host/hwa-hc.c
++++ b/drivers/usb/host/hwa-hc.c
+@@ -301,7 +301,10 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8
stream_index,
+ struct hwahc *hwahc = container_of(wusbhc, struct hwahc, wusbhc);
+ struct wahc *wa = &hwahc->wa;
+ struct device *dev = &wa->usb_iface->dev;
+- u8 mas_le[UWB_NUM_MAS/8];
++ u8 *mas_le = kmalloc(UWB_NUM_MAS/8, GFP_KERNEL);
++
++ if (mas_le == NULL)
++ return -ENOMEM;
+
+ /* Set the stream index */
+ result = usb_control_msg(wa->usb_dev, usb_sndctrlpipe(wa->usb_dev, 0),
+@@ -320,10 +323,12 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8
stream_index,
+ WUSB_REQ_SET_WUSB_MAS,
+ USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
+ 0, wa->usb_iface->cur_altsetting->desc.bInterfaceNumber,
+- mas_le, 32, USB_CTRL_SET_TIMEOUT);
++ mas_le, UWB_NUM_MAS/8, USB_CTRL_SET_TIMEOUT);
+ if (result < 0)
+ dev_err(dev, "Cannot set WUSB MAS allocation: %d\n", result);
+ out:
++ kfree(mas_le);
++
+ return result;
+ }
+
diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c
index ba6a5d6..f88f7f3 100644
--- a/drivers/usb/misc/appledisplay.c
@@ -112196,10 +112432,10 @@ index 0000000..88469e9
+
diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
new file mode 100644
-index 0000000..f8f5dd5
+index 0000000..715a590
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
-@@ -0,0 +1,1133 @@
+@@ -0,0 +1,1141 @@
+/*
+ * Copyright 2011-2014 by Emese Revfy <[email protected]>
+ * Licensed under the GPL v2, or (at your option) v3
@@ -112414,7 +112650,7 @@ index 0000000..f8f5dd5
+}
+
+enum conditions {
-+ FROM_CONST, NOT_UNARY, CAST
++ FROM_CONST, NOT_UNARY, CAST, RET, PHI
+};
+
+// Search for constants, cast assignments and binary/ternary assignments
@@ -112434,11 +112670,15 @@ index 0000000..f8f5dd5
+ return;
+
+ switch (gimple_code(def_stmt)) {
-+ case GIMPLE_NOP:
+ case GIMPLE_CALL:
++ if (lhs == gimple_return_retval(def_stmt))
++ interesting_conditions[RET] = true;
++ return;
++ case GIMPLE_NOP:
+ case GIMPLE_ASM:
+ return;
+ case GIMPLE_PHI:
++ interesting_conditions[PHI] = true;
+ return walk_phi_set_conditions(visited, interesting_conditions,
lhs);
+ case GIMPLE_ASSIGN:
+ if (gimple_num_ops(def_stmt) == 2) {
@@ -112656,11 +112896,11 @@ index 0000000..f8f5dd5
+/* If there is a mark_turn_off intentional attribute on the caller or the
callee then there is no duplication and missing size_overflow attribute check
anywhere.
+ * There is only missing size_overflow attribute checking if the
intentional_overflow attribute is the mark_no type.
+ * Stmt duplication is unnecessary if there are no binary/ternary
assignements or if the unary assignment isn't a cast.
-+ * It skips the possible error codes too. If the def_stmts trace back to a
constant and there are no binary/ternary assigments then we assume that it is
some kind of error code.
++ * It skips the possible error codes too.
+ */
+static enum precond check_preconditions(struct interesting_node *cur_node)
+{
-+ bool interesting_conditions[3] = {false, false, false};
++ bool interesting_conditions[5] = {false, false, false, false, false};
+
+ set_last_nodes(cur_node);
+
@@ -112670,7 +112910,11 @@ index 0000000..f8f5dd5
+
+ search_interesting_conditions(cur_node, interesting_conditions);
+
-+ // error code
++ // error code: a phi, unary assign (not cast) and returns only
++ if (!interesting_conditions[NOT_UNARY] && interesting_conditions[PHI]
&& interesting_conditions[RET] && !interesting_conditions[CAST])
++ return NO_ATTRIBUTE_SEARCH;
++
++ // error code: def_stmts trace back to a constant and there are no
binary/ternary assigments
+ if (interesting_conditions[CAST] && interesting_conditions[FROM_CONST]
&& !interesting_conditions[NOT_UNARY])
+ return NO_ATTRIBUTE_SEARCH;
+
@@ -120774,7 +121018,7 @@ index 0000000..560cd7b
+zpios_read_64734 zpios_read 3 64734 NULL
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
new file mode 100644
-index 0000000..e6fe17b
+index 0000000..a15328d
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
@@ -0,0 +1,259 @@
@@ -120810,7 +121054,7 @@ index 0000000..e6fe17b
+tree size_overflow_type_TI;
+
+static struct plugin_info size_overflow_plugin_info = {
-+ .version = "20140517",
++ .version = "20140713",
+ .help = "no-size-overflow\tturn off size overflow checking\n",
+};
+
diff --git a/3.15.5/0000_README b/3.15.5/0000_README
index a26acbb..9e0b7a5 100644
--- a/3.15.5/0000_README
+++ b/3.15.5/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_
+Patch: 4420_grsecurity-3.0-3.15.5-201407142248.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.15.5/4420_grsecurity-3.0-3.15.5-201407100036.patch
b/3.15.5/4420_grsecurity-3.0-3.15.5-201407142248.patch
similarity index 99%
rename from 3.15.5/4420_grsecurity-3.0-3.15.5-201407100036.patch
rename to 3.15.5/4420_grsecurity-3.0-3.15.5-201407142248.patch
index 9936204..7c383ca 100644
--- a/3.15.5/4420_grsecurity-3.0-3.15.5-201407100036.patch
+++ b/3.15.5/4420_grsecurity-3.0-3.15.5-201407142248.patch
@@ -38292,7 +38292,7 @@ index 51e75ad..39c4c76 100644
static int gdrom_bdops_open(struct block_device *bdev, fmode_t mode)
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
-index 6e9f74a..50c7ceae 100644
+index 6e9f74a..50c7cea 100644
--- a/drivers/char/Kconfig
+++ b/drivers/char/Kconfig
@@ -8,7 +8,8 @@ source "drivers/tty/Kconfig"
@@ -44619,6 +44619,212 @@ index ae0f56a..ec71784 100644
/* debug */
static int dvb_usb_dw2102_debug;
+diff --git a/drivers/media/usb/dvb-usb/technisat-usb2.c
b/drivers/media/usb/dvb-usb/technisat-usb2.c
+index 98d24ae..bc22415 100644
+--- a/drivers/media/usb/dvb-usb/technisat-usb2.c
++++ b/drivers/media/usb/dvb-usb/technisat-usb2.c
+@@ -87,8 +87,11 @@ struct technisat_usb2_state {
+ static int technisat_usb2_i2c_access(struct usb_device *udev,
+ u8 device_addr, u8 *tx, u8 txlen, u8 *rx, u8 rxlen)
+ {
+- u8 b[64];
+- int ret, actual_length;
++ u8 *b = kmalloc(64, GFP_KERNEL);
++ int ret, actual_length, error = 0;
++
++ if (b == NULL)
++ return -ENOMEM;
+
+ deb_i2c("i2c-access: %02x, tx: ", device_addr);
+ debug_dump(tx, txlen, deb_i2c);
+@@ -121,7 +124,8 @@ static int technisat_usb2_i2c_access(struct usb_device
*udev,
+
+ if (ret < 0) {
+ err("i2c-error: out failed %02x = %d", device_addr, ret);
+- return -ENODEV;
++ error = -ENODEV;
++ goto out;
+ }
+
+ ret = usb_bulk_msg(udev,
+@@ -129,7 +133,8 @@ static int technisat_usb2_i2c_access(struct usb_device
*udev,
+ b, 64, &actual_length, 1000);
+ if (ret < 0) {
+ err("i2c-error: in failed %02x = %d", device_addr, ret);
+- return -ENODEV;
++ error = -ENODEV;
++ goto out;
+ }
+
+ if (b[0] != I2C_STATUS_OK) {
+@@ -137,8 +142,10 @@ static int technisat_usb2_i2c_access(struct usb_device
*udev,
+ /* handle tuner-i2c-nak */
+ if (!(b[0] == I2C_STATUS_NAK &&
+ device_addr == 0x60
+- /* && device_is_technisat_usb2 */))
+- return -ENODEV;
++ /* && device_is_technisat_usb2 */)) {
++ error = -ENODEV;
++ goto out;
++ }
+ }
+
+ deb_i2c("status: %d, ", b[0]);
+@@ -152,7 +159,9 @@ static int technisat_usb2_i2c_access(struct usb_device
*udev,
+
+ deb_i2c("\n");
+
+- return 0;
++out:
++ kfree(b);
++ return error;
+ }
+
+ static int technisat_usb2_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg
*msg,
+@@ -224,14 +233,16 @@ static int technisat_usb2_set_led(struct dvb_usb_device
*d, int red, enum techni
+ {
+ int ret;
+
+- u8 led[8] = {
+- red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
+- 0
+- };
++ u8 *led = kzalloc(8, GFP_KERNEL);
++
++ if (led == NULL)
++ return -ENOMEM;
+
+ if (disable_led_control && state != LED_OFF)
+ return 0;
+
++ led[0] = red ? SET_RED_LED_VENDOR_REQUEST :
SET_GREEN_LED_VENDOR_REQUEST;
++
+ switch (state) {
+ case LED_ON:
+ led[1] = 0x82;
+@@ -263,16 +274,22 @@ static int technisat_usb2_set_led(struct dvb_usb_device
*d, int red, enum techni
+ red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
+ USB_TYPE_VENDOR | USB_DIR_OUT,
+ 0, 0,
+- led, sizeof(led), 500);
++ led, 8, 500);
+
+ mutex_unlock(&d->i2c_mutex);
++
++ kfree(led);
++
+ return ret;
+ }
+
+ static int technisat_usb2_set_led_timer(struct dvb_usb_device *d, u8 red, u8
green)
+ {
+ int ret;
+- u8 b = 0;
++ u8 *b = kzalloc(1, GFP_KERNEL);
++
++ if (b == NULL)
++ return -ENOMEM;
+
+ if (mutex_lock_interruptible(&d->i2c_mutex) < 0)
+ return -EAGAIN;
+@@ -281,10 +298,12 @@ static int technisat_usb2_set_led_timer(struct
dvb_usb_device *d, u8 red, u8 gre
+ SET_LED_TIMER_DIVIDER_VENDOR_REQUEST,
+ USB_TYPE_VENDOR | USB_DIR_OUT,
+ (red << 8) | green, 0,
+- &b, 1, 500);
++ b, 1, 500);
+
+ mutex_unlock(&d->i2c_mutex);
+
++ kfree(b);
++
+ return ret;
+ }
+
+@@ -328,7 +347,7 @@ static int technisat_usb2_identify_state(struct usb_device
*udev,
+ struct dvb_usb_device_description **desc, int *cold)
+ {
+ int ret;
+- u8 version[3];
++ u8 *version = kmalloc(3, GFP_KERNEL);
+
+ /* first select the interface */
+ if (usb_set_interface(udev, 0, 1) != 0)
+@@ -338,11 +357,14 @@ static int technisat_usb2_identify_state(struct
usb_device *udev,
+
+ *cold = 0; /* by default do not download a firmware - just in case
something is wrong */
+
++ if (version == NULL)
++ return 0;
++
+ ret = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
+ GET_VERSION_INFO_VENDOR_REQUEST,
+ USB_TYPE_VENDOR | USB_DIR_IN,
+ 0, 0,
+- version, sizeof(version), 500);
++ version, 3, 500);
+
+ if (ret < 0)
+ *cold = 1;
+@@ -351,6 +373,8 @@ static int technisat_usb2_identify_state(struct usb_device
*udev,
+ *cold = 0;
+ }
+
++ kfree(version);
++
+ return 0;
+ }
+
+@@ -591,10 +615,15 @@ static int technisat_usb2_frontend_attach(struct
dvb_usb_adapter *a)
+
+ static int technisat_usb2_get_ir(struct dvb_usb_device *d)
+ {
+- u8 buf[62], *b;
++ u8 *buf, *b;
+ int ret;
+ struct ir_raw_event ev;
+
++ buf = kmalloc(62, GFP_KERNEL);
++
++ if (buf == NULL)
++ return -ENOMEM;
++
+ buf[0] = GET_IR_DATA_VENDOR_REQUEST;
+ buf[1] = 0x08;
+ buf[2] = 0x8f;
+@@ -617,16 +646,20 @@ static int technisat_usb2_get_ir(struct dvb_usb_device
*d)
+ GET_IR_DATA_VENDOR_REQUEST,
+ USB_TYPE_VENDOR | USB_DIR_IN,
+ 0x8080, 0,
+- buf, sizeof(buf), 500);
++ buf, 62, 500);
+
+ unlock:
+ mutex_unlock(&d->i2c_mutex);
+
+- if (ret < 0)
++ if (ret < 0) {
++ kfree(buf);
+ return ret;
++ }
+
+- if (ret == 1)
++ if (ret == 1) {
++ kfree(buf);
+ return 0; /* no key pressed */
++ }
+
+ /* decoding */
+ b = buf+1;
+@@ -653,6 +686,8 @@ unlock:
+
+ ir_raw_event_handle(d->rc_dev);
+
++ kfree(buf);
++
+ return 1;
+ }
+
diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
index 7e2411c..cef73ca 100644
--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -52211,6 +52417,36 @@ index 7ae0c4d..35521b7 100644
retval = submit_single_step_set_feature(hcd, urb, 0);
if (!retval && !wait_for_completion_timeout(&done,
msecs_to_jiffies(2000))) {
+diff --git a/drivers/usb/host/hwa-hc.c b/drivers/usb/host/hwa-hc.c
+index d0d8fad..668ef7b 100644
+--- a/drivers/usb/host/hwa-hc.c
++++ b/drivers/usb/host/hwa-hc.c
+@@ -337,7 +337,10 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8
stream_index,
+ struct hwahc *hwahc = container_of(wusbhc, struct hwahc, wusbhc);
+ struct wahc *wa = &hwahc->wa;
+ struct device *dev = &wa->usb_iface->dev;
+- u8 mas_le[UWB_NUM_MAS/8];
++ u8 *mas_le = kmalloc(UWB_NUM_MAS/8, GFP_KERNEL);
++
++ if (mas_le == NULL)
++ return -ENOMEM;
+
+ /* Set the stream index */
+ result = usb_control_msg(wa->usb_dev, usb_sndctrlpipe(wa->usb_dev, 0),
+@@ -356,10 +359,12 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8
stream_index,
+ WUSB_REQ_SET_WUSB_MAS,
+ USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
+ 0, wa->usb_iface->cur_altsetting->desc.bInterfaceNumber,
+- mas_le, 32, USB_CTRL_SET_TIMEOUT);
++ mas_le, UWB_NUM_MAS/8, USB_CTRL_SET_TIMEOUT);
+ if (result < 0)
+ dev_err(dev, "Cannot set WUSB MAS allocation: %d\n", result);
+ out:
++ kfree(mas_le);
++
+ return result;
+ }
+
diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c
index ba6a5d6..f88f7f3 100644
--- a/drivers/usb/misc/appledisplay.c
@@ -59438,7 +59674,7 @@ index 04434ad..6404663 100644
"MMP failure info: last update time: %llu, last update "
"node: %s, last update device: %s\n",
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index 6f9e6fa..5431c02 100644
+index 6f9e6fa..d0ebdb7 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1275,7 +1275,7 @@ static ext4_fsblk_t get_sb_block(void **data)
@@ -59459,6 +59695,114 @@ index 6f9e6fa..5431c02 100644
static int parse_strtoull(const char *buf,
unsigned long long max, unsigned long long *value)
+@@ -3869,38 +3869,19 @@ static int ext4_fill_super(struct super_block *sb,
void *data, int silent)
+ goto failed_mount2;
+ }
+ }
+-
+- /*
+- * set up enough so that it can read an inode,
+- * and create new inode for buddy allocator
+- */
+- sbi->s_gdb_count = db_count;
+- if (!test_opt(sb, NOLOAD) &&
+- EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL))
+- sb->s_op = &ext4_sops;
+- else
+- sb->s_op = &ext4_nojournal_sops;
+-
+- ext4_ext_init(sb);
+- err = ext4_mb_init(sb);
+- if (err) {
+- ext4_msg(sb, KERN_ERR, "failed to initialize mballoc (%d)",
+- err);
+- goto failed_mount2;
+- }
+-
+ if (!ext4_check_descriptors(sb, &first_not_zeroed)) {
+ ext4_msg(sb, KERN_ERR, "group descriptors corrupted!");
+- goto failed_mount2a;
++ goto failed_mount2;
+ }
+ if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG))
+ if (!ext4_fill_flex_info(sb)) {
+ ext4_msg(sb, KERN_ERR,
+ "unable to initialize "
+ "flex_bg meta info!");
+- goto failed_mount2a;
++ goto failed_mount2;
+ }
+
++ sbi->s_gdb_count = db_count;
+ get_random_bytes(&sbi->s_next_generation, sizeof(u32));
+ spin_lock_init(&sbi->s_next_gen_lock);
+
+@@ -3935,6 +3916,14 @@ static int ext4_fill_super(struct super_block *sb, void
*data, int silent)
+ sbi->s_stripe = ext4_get_stripe_size(sbi);
+ sbi->s_extent_max_zeroout_kb = 32;
+
++ /*
++ * set up enough so that it can read an inode
++ */
++ if (!test_opt(sb, NOLOAD) &&
++ EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL))
++ sb->s_op = &ext4_sops;
++ else
++ sb->s_op = &ext4_nojournal_sops;
+ sb->s_export_op = &ext4_export_ops;
+ sb->s_xattr = ext4_xattr_handlers;
+ #ifdef CONFIG_QUOTA
+@@ -4124,13 +4113,21 @@ no_journal:
+ if (err) {
+ ext4_msg(sb, KERN_ERR, "failed to reserve %llu clusters for "
+ "reserved pool", ext4_calculate_resv_clusters(sb));
+- goto failed_mount5;
++ goto failed_mount4a;
+ }
+
+ err = ext4_setup_system_zone(sb);
+ if (err) {
+ ext4_msg(sb, KERN_ERR, "failed to initialize system "
+ "zone (%d)", err);
++ goto failed_mount4a;
++ }
++
++ ext4_ext_init(sb);
++ err = ext4_mb_init(sb);
++ if (err) {
++ ext4_msg(sb, KERN_ERR, "failed to initialize mballoc (%d)",
++ err);
+ goto failed_mount5;
+ }
+
+@@ -4207,8 +4204,11 @@ failed_mount8:
+ failed_mount7:
+ ext4_unregister_li_request(sb);
+ failed_mount6:
+- ext4_release_system_zone(sb);
++ ext4_mb_release(sb);
+ failed_mount5:
++ ext4_ext_release(sb);
++ ext4_release_system_zone(sb);
++failed_mount4a:
+ dput(sb->s_root);
+ sb->s_root = NULL;
+ failed_mount4:
+@@ -4232,14 +4232,11 @@ failed_mount3:
+ percpu_counter_destroy(&sbi->s_extent_cache_cnt);
+ if (sbi->s_mmp_tsk)
+ kthread_stop(sbi->s_mmp_tsk);
+-failed_mount2a:
+- ext4_mb_release(sb);
+ failed_mount2:
+ for (i = 0; i < db_count; i++)
+ brelse(sbi->s_group_desc[i]);
+ ext4_kvfree(sbi->s_group_desc);
+ failed_mount:
+- ext4_ext_release(sb);
+ if (sbi->s_chksum_driver)
+ crypto_free_shash(sbi->s_chksum_driver);
+ if (sbi->s_proc) {
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 4eec399..1d9444c 100644
--- a/fs/ext4/xattr.c
@@ -106719,6 +107063,13 @@ index 7778b8e..3d619fc 100644
};
+diff --git a/tools/gcc/.gitignore b/tools/gcc/.gitignore
+new file mode 100644
+index 0000000..de92ed9
+--- /dev/null
++++ b/tools/gcc/.gitignore
+@@ -0,0 +1 @@
++randomize_layout_seed.h
diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile
new file mode 100644
index 0000000..7b8921f
@@ -111977,10 +112328,10 @@ index 0000000..88469e9
+
diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
new file mode 100644
-index 0000000..f8f5dd5
+index 0000000..715a590
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
-@@ -0,0 +1,1133 @@
+@@ -0,0 +1,1141 @@
+/*
+ * Copyright 2011-2014 by Emese Revfy <[email protected]>
+ * Licensed under the GPL v2, or (at your option) v3
@@ -112195,7 +112546,7 @@ index 0000000..f8f5dd5
+}
+
+enum conditions {
-+ FROM_CONST, NOT_UNARY, CAST
++ FROM_CONST, NOT_UNARY, CAST, RET, PHI
+};
+
+// Search for constants, cast assignments and binary/ternary assignments
@@ -112215,11 +112566,15 @@ index 0000000..f8f5dd5
+ return;
+
+ switch (gimple_code(def_stmt)) {
-+ case GIMPLE_NOP:
+ case GIMPLE_CALL:
++ if (lhs == gimple_return_retval(def_stmt))
++ interesting_conditions[RET] = true;
++ return;
++ case GIMPLE_NOP:
+ case GIMPLE_ASM:
+ return;
+ case GIMPLE_PHI:
++ interesting_conditions[PHI] = true;
+ return walk_phi_set_conditions(visited, interesting_conditions,
lhs);
+ case GIMPLE_ASSIGN:
+ if (gimple_num_ops(def_stmt) == 2) {
@@ -112437,11 +112792,11 @@ index 0000000..f8f5dd5
+/* If there is a mark_turn_off intentional attribute on the caller or the
callee then there is no duplication and missing size_overflow attribute check
anywhere.
+ * There is only missing size_overflow attribute checking if the
intentional_overflow attribute is the mark_no type.
+ * Stmt duplication is unnecessary if there are no binary/ternary
assignements or if the unary assignment isn't a cast.
-+ * It skips the possible error codes too. If the def_stmts trace back to a
constant and there are no binary/ternary assigments then we assume that it is
some kind of error code.
++ * It skips the possible error codes too.
+ */
+static enum precond check_preconditions(struct interesting_node *cur_node)
+{
-+ bool interesting_conditions[3] = {false, false, false};
++ bool interesting_conditions[5] = {false, false, false, false, false};
+
+ set_last_nodes(cur_node);
+
@@ -112451,7 +112806,11 @@ index 0000000..f8f5dd5
+
+ search_interesting_conditions(cur_node, interesting_conditions);
+
-+ // error code
++ // error code: a phi, unary assign (not cast) and returns only
++ if (!interesting_conditions[NOT_UNARY] && interesting_conditions[PHI]
&& interesting_conditions[RET] && !interesting_conditions[CAST])
++ return NO_ATTRIBUTE_SEARCH;
++
++ // error code: def_stmts trace back to a constant and there are no
binary/ternary assigments
+ if (interesting_conditions[CAST] && interesting_conditions[FROM_CONST]
&& !interesting_conditions[NOT_UNARY])
+ return NO_ATTRIBUTE_SEARCH;
+
@@ -114463,10 +114822,10 @@ index 0000000..4378111
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data
b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..386f2d1
+index 0000000..386792a
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,5801 @@
+@@ -0,0 +1,5808 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
+compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL
@@ -115413,6 +115772,7 @@ index 0000000..386f2d1
+page_offset_11120 page_offset 0 11120 NULL
+cea_db_payload_len_11124 cea_db_payload_len 0 11124 NULL nohasharray
+tracing_buffers_read_11124 tracing_buffers_read 3 11124
&cea_db_payload_len_11124
++alloc_alien_cache_11127 alloc_alien_cache 2 11127 NULL
+snd_gf1_pcm_playback_silence_11172 snd_gf1_pcm_playback_silence 3-4 11172 NULL
+il_dbgfs_rx_queue_read_11221 il_dbgfs_rx_queue_read 3 11221 NULL
+comedi_alloc_spriv_11234 comedi_alloc_spriv 2 11234 NULL
@@ -115755,6 +116115,7 @@ index 0000000..386f2d1
+__kfifo_in_14797 __kfifo_in 3-0 14797 NULL
+hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray
+snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801
++do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL
+mrp_attr_create_14853 mrp_attr_create 3 14853 NULL
+lcd_write_14857 lcd_write 3 14857 NULL
+get_user_cpu_mask_14861 get_user_cpu_mask 2 14861 NULL
@@ -116065,6 +116426,7 @@ index 0000000..386f2d1
+__ceph_getxattr_18386 __ceph_getxattr 0 18386 NULL
+ci_role_write_18388 ci_role_write 3 18388 NULL
+adis16136_show_serial_18402 adis16136_show_serial 3 18402 NULL
++rtl8169_rx_fill_18416 rtl8169_rx_fill 0 18416 NULL
+memblock_virt_alloc_node_nopanic_18431 memblock_virt_alloc_node_nopanic 1
18431 NULL
+iscsi_create_flashnode_sess_18433 iscsi_create_flashnode_sess 4 18433 NULL
+snd_hda_get_connections_18437 snd_hda_get_connections 0 18437 NULL
@@ -116083,7 +116445,8 @@ index 0000000..386f2d1
+sas_change_queue_depth_18555 sas_change_queue_depth 2 18555 NULL
+smk_write_rules_list_18565 smk_write_rules_list 3 18565 NULL
+debug_output_18575 debug_output 3 18575 NULL
-+filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL
++filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL nohasharray
++slabinfo_write_18600 slabinfo_write 3 18600 &filemap_fdatawait_range_18600
+iowarrior_write_18604 iowarrior_write 3 18604 NULL
+from_buffer_18625 from_buffer 3 18625 NULL
+snd_pcm_oss_write3_18657 snd_pcm_oss_write3 0-3 18657 NULL
@@ -118644,6 +119007,7 @@ index 0000000..386f2d1
+mcp23s17_read_regs_47491 mcp23s17_read_regs 4 47491 NULL
+core_sys_select_47494 core_sys_select 1 47494 NULL
+as3722_block_write_47503 as3722_block_write 2-3 47503 NULL
++alloc_arraycache_47505 alloc_arraycache 2 47505 NULL
+unlink_simple_47506 unlink_simple 3 47506 NULL
+pstore_decompress_47510 pstore_decompress 0 47510 NULL
+__proc_lnet_portal_rotor_47529 __proc_lnet_portal_rotor 5 47529 NULL
@@ -119438,6 +119802,7 @@ index 0000000..386f2d1
+btrfs_clone_55977 btrfs_clone 5-3 55977 NULL
+wa_xfer_create_subset_sg_55992 wa_xfer_create_subset_sg 3-2 55992 NULL
+nvme_alloc_iod_56027 nvme_alloc_iod 1-2 56027 NULL
++rtl8169_init_ring_56028 rtl8169_init_ring 0 56028 NULL
+usb_ocp_write_56047 usb_ocp_write 4 56047 NULL
+dccp_sendmsg_56058 dccp_sendmsg 4 56058 NULL
+pscsi_get_bio_56103 pscsi_get_bio 1 56103 NULL
@@ -119946,6 +120311,7 @@ index 0000000..386f2d1
+snd_pcm_playback_avail_61671 snd_pcm_playback_avail 0 61671 NULL
+qib_format_hwmsg_61679 qib_format_hwmsg 2 61679 NULL
+lock_loop_61681 lock_loop 1 61681 NULL
++__do_tune_cpucache_61684 __do_tune_cpucache 2 61684 NULL
+filter_read_61692 filter_read 3 61692 NULL
+iov_length_61716 iov_length 0 61716 NULL
+fragmentation_threshold_read_61718 fragmentation_threshold_read 3 61718 NULL
@@ -120368,7 +120734,7 @@ index 0000000..560cd7b
+zpios_read_64734 zpios_read 3 64734 NULL
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
new file mode 100644
-index 0000000..e6fe17b
+index 0000000..a15328d
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
@@ -0,0 +1,259 @@
@@ -120404,7 +120770,7 @@ index 0000000..e6fe17b
+tree size_overflow_type_TI;
+
+static struct plugin_info size_overflow_plugin_info = {
-+ .version = "20140517",
++ .version = "20140713",
+ .help = "no-size-overflow\tturn off size overflow checking\n",
+};
+
diff --git a/3.2.61/0000_README b/3.2.61/0000_README
index bba0edb..cf7c1aa 100644
--- a/3.2.61/0000_README
+++ b/3.2.61/0000_README
@@ -162,7 +162,7 @@ Patch: 1060_linux-3.2.61.patch
From: http://www.kernel.org
Desc: Linux 3.2.61
-Patch: 4420_grsecurity-3.0-3.2.61-201407112156.patch
+Patch: 4420_grsecurity-3.0-3.2.61-201407132023.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.61/4420_grsecurity-3.0-3.2.61-201407112156.patch
b/3.2.61/4420_grsecurity-3.0-3.2.61-201407132023.patch
similarity index 99%
rename from 3.2.61/4420_grsecurity-3.0-3.2.61-201407112156.patch
rename to 3.2.61/4420_grsecurity-3.0-3.2.61-201407132023.patch
index 76786c9..936d3f8 100644
--- a/3.2.61/4420_grsecurity-3.0-3.2.61-201407112156.patch
+++ b/3.2.61/4420_grsecurity-3.0-3.2.61-201407132023.patch
@@ -44492,7 +44492,7 @@ index ee1aab0..7d4fd21 100644
if (copy_from_user(&ifr, argp, ifreq_len))
return -EFAULT;
diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
-index 304fe78..db112fa 100644
+index 304fe78..e505bdd 100644
--- a/drivers/net/usb/hso.c
+++ b/drivers/net/usb/hso.c
@@ -71,7 +71,7 @@
@@ -44582,7 +44582,33 @@ index 304fe78..db112fa 100644
/* Setup and send a ctrl req read on
* port i */
if (!serial->rx_urb_filled[0]) {
-@@ -3098,7 +3097,7 @@ static int hso_resume(struct usb_interface *iface)
+@@ -2857,13 +2856,16 @@ exit:
+ static int hso_get_config_data(struct usb_interface *interface)
+ {
+ struct usb_device *usbdev = interface_to_usbdev(interface);
+- u8 config_data[17];
++ u8 *config_data = kmalloc(17, GFP_KERNEL);
+ u32 if_num = interface->altsetting->desc.bInterfaceNumber;
+ s32 result;
+
++ if (!config_data)
++ return -ENOMEM;
+ if (usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
+ 0x86, 0xC0, 0, 0, config_data, 17,
+ USB_CTRL_SET_TIMEOUT) != 0x11) {
++ kfree(config_data);
+ return -EIO;
+ }
+
+@@ -2914,6 +2916,7 @@ static int hso_get_config_data(struct usb_interface
*interface)
+ if (config_data[16] & 0x1)
+ result |= HSO_INFO_CRC_BUG;
+
++ kfree(config_data);
+ return result;
+ }
+
+@@ -3098,7 +3101,7 @@ static int hso_resume(struct usb_interface *iface)
/* Start all serial ports */
for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) {
if (serial_table[i] && (serial_table[i]->interface == iface)) {
@@ -50281,6 +50307,36 @@ index 7138540..2370195 100644
/*----------------------------------------------------------------------*/
+diff --git a/drivers/usb/host/hwa-hc.c b/drivers/usb/host/hwa-hc.c
+index 9bfac65..0f874d1 100644
+--- a/drivers/usb/host/hwa-hc.c
++++ b/drivers/usb/host/hwa-hc.c
+@@ -291,7 +291,10 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8
stream_index,
+ struct hwahc *hwahc = container_of(wusbhc, struct hwahc, wusbhc);
+ struct wahc *wa = &hwahc->wa;
+ struct device *dev = &wa->usb_iface->dev;
+- u8 mas_le[UWB_NUM_MAS/8];
++ u8 *mas_le = kmalloc(UWB_NUM_MAS/8, GFP_KERNEL);
++
++ if (mas_le == NULL)
++ return -ENOMEM;
+
+ /* Set the stream index */
+ result = usb_control_msg(wa->usb_dev, usb_sndctrlpipe(wa->usb_dev, 0),
+@@ -310,10 +313,12 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8
stream_index,
+ WUSB_REQ_SET_WUSB_MAS,
+ USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
+ 0, wa->usb_iface->cur_altsetting->desc.bInterfaceNumber,
+- mas_le, 32, 1000 /* FIXME: arbitrary */);
++ mas_le, UWB_NUM_MAS/8, 1000 /* FIXME: arbitrary */);
+ if (result < 0)
+ dev_err(dev, "Cannot set WUSB MAS allocation: %d\n", result);
+ out:
++ kfree(mas_le);
++
+ return result;
+ }
+
diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c
index 9f7003e..b1db1b6 100644
--- a/drivers/usb/misc/appledisplay.c
@@ -115876,10 +115932,10 @@ index 0000000..88469e9
+
diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
new file mode 100644
-index 0000000..f8f5dd5
+index 0000000..715a590
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
-@@ -0,0 +1,1133 @@
+@@ -0,0 +1,1141 @@
+/*
+ * Copyright 2011-2014 by Emese Revfy <[email protected]>
+ * Licensed under the GPL v2, or (at your option) v3
@@ -116094,7 +116150,7 @@ index 0000000..f8f5dd5
+}
+
+enum conditions {
-+ FROM_CONST, NOT_UNARY, CAST
++ FROM_CONST, NOT_UNARY, CAST, RET, PHI
+};
+
+// Search for constants, cast assignments and binary/ternary assignments
@@ -116114,11 +116170,15 @@ index 0000000..f8f5dd5
+ return;
+
+ switch (gimple_code(def_stmt)) {
-+ case GIMPLE_NOP:
+ case GIMPLE_CALL:
++ if (lhs == gimple_return_retval(def_stmt))
++ interesting_conditions[RET] = true;
++ return;
++ case GIMPLE_NOP:
+ case GIMPLE_ASM:
+ return;
+ case GIMPLE_PHI:
++ interesting_conditions[PHI] = true;
+ return walk_phi_set_conditions(visited, interesting_conditions,
lhs);
+ case GIMPLE_ASSIGN:
+ if (gimple_num_ops(def_stmt) == 2) {
@@ -116336,11 +116396,11 @@ index 0000000..f8f5dd5
+/* If there is a mark_turn_off intentional attribute on the caller or the
callee then there is no duplication and missing size_overflow attribute check
anywhere.
+ * There is only missing size_overflow attribute checking if the
intentional_overflow attribute is the mark_no type.
+ * Stmt duplication is unnecessary if there are no binary/ternary
assignements or if the unary assignment isn't a cast.
-+ * It skips the possible error codes too. If the def_stmts trace back to a
constant and there are no binary/ternary assigments then we assume that it is
some kind of error code.
++ * It skips the possible error codes too.
+ */
+static enum precond check_preconditions(struct interesting_node *cur_node)
+{
-+ bool interesting_conditions[3] = {false, false, false};
++ bool interesting_conditions[5] = {false, false, false, false, false};
+
+ set_last_nodes(cur_node);
+
@@ -116350,7 +116410,11 @@ index 0000000..f8f5dd5
+
+ search_interesting_conditions(cur_node, interesting_conditions);
+
-+ // error code
++ // error code: a phi, unary assign (not cast) and returns only
++ if (!interesting_conditions[NOT_UNARY] && interesting_conditions[PHI]
&& interesting_conditions[RET] && !interesting_conditions[CAST])
++ return NO_ATTRIBUTE_SEARCH;
++
++ // error code: def_stmts trace back to a constant and there are no
binary/ternary assigments
+ if (interesting_conditions[CAST] && interesting_conditions[FROM_CONST]
&& !interesting_conditions[NOT_UNARY])
+ return NO_ATTRIBUTE_SEARCH;
+
@@ -123573,7 +123637,7 @@ index 0000000..4ad4525
+zpios_read_64734 zpios_read 3 64734 NULL
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
new file mode 100644
-index 0000000..e6fe17b
+index 0000000..a15328d
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
@@ -0,0 +1,259 @@
@@ -123609,7 +123673,7 @@ index 0000000..e6fe17b
+tree size_overflow_type_TI;
+
+static struct plugin_info size_overflow_plugin_info = {
-+ .version = "20140517",
++ .version = "20140713",
+ .help = "no-size-overflow\tturn off size overflow checking\n",
+};
+
