diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-07-24 06:14:53 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-07-24 13:59:52 +0000 |
commit | 72b899d867d849f816edc9be0163938cfda9a1f4 (patch) | |
tree | e014ce41155f35d09a7560d8949e6551c414ee17 /main/linux-grsec | |
parent | 6639f67d4098c8ad47ebb401f4ac272974870256 (diff) | |
download | aports-72b899d867d849f816edc9be0163938cfda9a1f4.tar.bz2 aports-72b899d867d849f816edc9be0163938cfda9a1f4.tar.xz |
main/linux-grsec: upgrade to 3.14.13
Diffstat (limited to 'main/linux-grsec')
-rw-r--r-- | main/linux-grsec/APKBUILD | 18 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.14.13-201407232159.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.12-201407100035.patch) | 791 |
2 files changed, 654 insertions, 155 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 4a5c7b996a..70a6c22ec2 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,12 +2,12 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.14.12 +pkgver=3.14.13 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=1 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.14.12-201407100035.patch + grsecurity-3.0-3.14.13-201407232159.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -165,24 +165,24 @@ dev() { } md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -89a5af1f3609d0c27e63fea298dd80ed patch-3.14.12.xz -e8b97fb869a7c8267f2601b6a2c4ce0d grsecurity-3.0-3.14.12-201407100035.patch +132470897fc5d57f5ac7d658100cc430 patch-3.14.13.xz +a5ee03e4eb9c979a68214661ebf1dece grsecurity-3.0-3.14.13-201407232159.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch cd4f07e3d4b3aae163454fc2608530be kernelconfig.x86 f2d76b4a0e328957d56fbfb0250b7aad kernelconfig.x86_64 acbd5c6d745f3c733dc791999d8ad946 kernelconfig.armhf" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz -b50d9569bc2e47f3be996fdbcb043e7eace9c92cbcb77d825dd1493f2d399475 patch-3.14.12.xz -cda8726421ef4038b4883212efd1efd044f430929dfb74f29f1dc5f4e618a26d grsecurity-3.0-3.14.12-201407100035.patch +e6b1a87470ab9f749002959e2c9ca2f7229b4b34f313120b4800eb39f08c4698 patch-3.14.13.xz +8f892153ab184acec6575ceda7e2b5007aa2e934b193f059064d88b6a7f47477 grsecurity-3.0-3.14.13-201407232159.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch 1702432d9341568a7d9616c6768e200cbd0d6bbc7b627f7c3b7f340f0cb27b18 kernelconfig.x86 366bd930e453197985bf05c4f5e8c8a142c8c0c16a57cf1a4aad6714a76e035b kernelconfig.x86_64 761e3fdb5a84ae00cf4142634bf228b9a3c340dd180a14d5ffaa4e10a1fd6da0 kernelconfig.armhf" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz -d5be9e74c530f1b48fd7fb38c91d375fe60c1d71e165b0cd7a39f49e7b79c0261c8170607e6fd67ef154273601fb5a8f078ee6deb1f973c180e39762634126bf patch-3.14.12.xz -8b1d8048bd84697c729fcfbfb4c1356773cbdd73e47747db922ce1eff676c399208354c2bfe100f7548a296c33a6d294c6d5d99079a1dad6d195690a36f0b94b grsecurity-3.0-3.14.12-201407100035.patch +49ec8684af792696230c62960dd2e1623c5ed078de4954739c366cba404cb2e6d5fbd62a8173d48dc29627c9a38e99dbeb9e96fb4f6c6a2fa077e6c5f56535e8 patch-3.14.13.xz +17289ac3e3ffbd34785d9827cefbf6b7da829e1a878c5e16378b3bb681050fc07d4e94f29b9fcbfe74df21d2743377bc6462fdb25f0ee63f709864cb18060760 grsecurity-3.0-3.14.13-201407232159.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch 911e9ee3d8c38cf83ad187d66000f767cd440d0bb888768388b8fdcae762d3c38f5f000960dac58a50c342d338b0e84c87da009ab85effcb7d1acea070a656db kernelconfig.x86 diff --git a/main/linux-grsec/grsecurity-3.0-3.14.12-201407100035.patch b/main/linux-grsec/grsecurity-3.0-3.14.13-201407232159.patch index 3a245d4407..81dff0ffb4 100644 --- a/main/linux-grsec/grsecurity-3.0-3.14.12-201407100035.patch +++ b/main/linux-grsec/grsecurity-3.0-3.14.13-201407232159.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 13d8f32..a7a7b9b 100644 +index 7a2981c..9fadd78 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -7700,7 +7700,7 @@ index 50dfafc..b9fc230 100644 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n", me->arch.unwind_section, table, end, gp); diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c -index 31ffa9b..588a798 100644 +index e1ffea2..46ed66e 100644 --- a/arch/parisc/kernel/sys_parisc.c +++ b/arch/parisc/kernel/sys_parisc.c @@ -89,6 +89,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, @@ -7960,7 +7960,7 @@ index d72197f..c017c84 100644 /* * If for any reason at all we couldn't handle the fault, make diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig -index 957bf34..3430cc8 100644 +index 2156fa2..cc28613 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -393,6 +393,7 @@ config PPC64_SUPPORTS_MEMORY_FAILURE @@ -8567,7 +8567,7 @@ index 1d0848b..d74685f 100644 #endif } diff --git a/arch/powerpc/kernel/module_32.c b/arch/powerpc/kernel/module_32.c -index 6cff040..74ac5d1 100644 +index 6cff040..74ac5d1b 100644 --- a/arch/powerpc/kernel/module_32.c +++ b/arch/powerpc/kernel/module_32.c @@ -161,7 +161,7 @@ int module_frob_arch_sections(Elf32_Ehdr *hdr, @@ -33352,19 +33352,21 @@ index 7b179b4..6bd17777 100644 return (void *)vaddr; diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c -index 799580c..72f9fe0 100644 +index 94bd247..7e48391 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c -@@ -97,7 +97,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr, - for (pfn = phys_addr >> PAGE_SHIFT; pfn <= last_pfn; pfn++) { - int is_ram = page_is_ram(pfn); +@@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, + unsigned long i; + + for (i = 0; i < nr_pages; ++i) +- if (pfn_valid(start_pfn + i) && +- !PageReserved(pfn_to_page(start_pfn + i))) ++ if (pfn_valid(start_pfn + i) && (start_pfn + i >= 0x100 || ++ !PageReserved(pfn_to_page(start_pfn + i)))) + return 1; -- if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn))) -+ if (is_ram && pfn_valid(pfn) && (pfn >= 0x100 || !PageReserved(pfn_to_page(pfn)))) - return NULL; - WARN_ON_ONCE(is_ram); - } -@@ -256,7 +256,7 @@ EXPORT_SYMBOL(ioremap_prot); + WARN_ONCE(1, "ioremap on RAM pfn 0x%lx\n", start_pfn); +@@ -268,7 +268,7 @@ EXPORT_SYMBOL(ioremap_prot); * * Caller must ensure there is only one unmapping for the same pointer. */ @@ -33373,7 +33375,7 @@ index 799580c..72f9fe0 100644 { struct vm_struct *p, *o; -@@ -310,6 +310,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) +@@ -322,6 +322,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) /* If page is RAM, we can use __va. Otherwise ioremap and unmap. */ if (page_is_ram(start >> PAGE_SHIFT)) @@ -33383,7 +33385,7 @@ index 799580c..72f9fe0 100644 return __va(phys); addr = (void __force *)ioremap_cache(start, PAGE_SIZE); -@@ -322,6 +325,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) +@@ -334,6 +337,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) void unxlate_dev_mem_ptr(unsigned long phys, void *addr) { if (page_is_ram(phys >> PAGE_SHIFT)) @@ -33393,7 +33395,7 @@ index 799580c..72f9fe0 100644 return; iounmap((void __iomem *)((unsigned long)addr & PAGE_MASK)); -@@ -339,7 +345,7 @@ static int __init early_ioremap_debug_setup(char *str) +@@ -351,7 +357,7 @@ static int __init early_ioremap_debug_setup(char *str) early_param("early_ioremap_debug", early_ioremap_debug_setup); static __initdata int after_paging_init; @@ -33402,7 +33404,7 @@ index 799580c..72f9fe0 100644 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr) { -@@ -376,8 +382,7 @@ void __init early_ioremap_init(void) +@@ -388,8 +394,7 @@ void __init early_ioremap_init(void) slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i); pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN)); @@ -39664,7 +39666,7 @@ index 18d4091..434be15 100644 } EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler); diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c -index 6d98c37..a592321 100644 +index ae52c77..3d8f69b 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c @@ -125,10 +125,10 @@ struct pstate_funcs { @@ -39680,7 +39682,7 @@ index 6d98c37..a592321 100644 struct perf_limits { int no_turbo; -@@ -526,7 +526,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) +@@ -530,7 +530,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) cpu->pstate.current_pstate = pstate; @@ -39689,7 +39691,7 @@ index 6d98c37..a592321 100644 } static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps) -@@ -548,12 +548,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) +@@ -552,12 +552,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) { sprintf(cpu->name, "Intel 2nd generation core"); @@ -39707,7 +39709,7 @@ index 6d98c37..a592321 100644 intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate); } -@@ -835,9 +835,9 @@ static int intel_pstate_msrs_not_valid(void) +@@ -844,9 +844,9 @@ static int intel_pstate_msrs_not_valid(void) rdmsrl(MSR_IA32_APERF, aperf); rdmsrl(MSR_IA32_MPERF, mperf); @@ -39720,7 +39722,7 @@ index 6d98c37..a592321 100644 return -ENODEV; rdmsrl(MSR_IA32_APERF, tmp); -@@ -851,7 +851,7 @@ static int intel_pstate_msrs_not_valid(void) +@@ -860,7 +860,7 @@ static int intel_pstate_msrs_not_valid(void) return 0; } @@ -39729,7 +39731,7 @@ index 6d98c37..a592321 100644 { pid_params.sample_rate_ms = policy->sample_rate_ms; pid_params.p_gain_pct = policy->p_gain_pct; -@@ -863,11 +863,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) +@@ -872,11 +872,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) static void copy_cpu_funcs(struct pstate_funcs *funcs) { @@ -44543,10 +44545,10 @@ index b086a94..74cb67e 100644 pmd->bl_info.value_type.inc = data_block_inc; pmd->bl_info.value_type.dec = data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 8c53b09..f1fb2b0 100644 +index 65ee3a0..1852af9 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c -@@ -185,9 +185,9 @@ struct mapped_device { +@@ -187,9 +187,9 @@ struct mapped_device { /* * Event handling. */ @@ -44558,7 +44560,7 @@ index 8c53b09..f1fb2b0 100644 struct list_head uevent_list; spinlock_t uevent_lock; /* Protect access to uevent_list */ -@@ -1888,8 +1888,8 @@ static struct mapped_device *alloc_dev(int minor) +@@ -1899,8 +1899,8 @@ static struct mapped_device *alloc_dev(int minor) spin_lock_init(&md->deferred_lock); atomic_set(&md->holders, 1); atomic_set(&md->open_count, 0); @@ -44569,7 +44571,7 @@ index 8c53b09..f1fb2b0 100644 INIT_LIST_HEAD(&md->uevent_list); spin_lock_init(&md->uevent_lock); -@@ -2043,7 +2043,7 @@ static void event_callback(void *context) +@@ -2054,7 +2054,7 @@ static void event_callback(void *context) dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); @@ -44578,7 +44580,7 @@ index 8c53b09..f1fb2b0 100644 wake_up(&md->eventq); } -@@ -2736,18 +2736,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +@@ -2747,18 +2747,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, uint32_t dm_next_uevent_seq(struct mapped_device *md) { @@ -45265,6 +45267,79 @@ index a1c641e..3007da9 100644 static int dib7070_set_param_override(struct dvb_frontend *fe) { +diff --git a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c +index 733a7ff..f8b52e3 100644 +--- a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c ++++ b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c +@@ -35,42 +35,57 @@ static int usb_cypress_writemem(struct usb_device *udev,u16 addr,u8 *data, u8 le + + int usb_cypress_load_firmware(struct usb_device *udev, const struct firmware *fw, int type) + { +- struct hexline hx; +- u8 reset; ++ struct hexline *hx; ++ u8 *reset; + int ret,pos=0; + ++ reset = kmalloc(1, GFP_KERNEL); ++ if (reset == NULL) ++ return -ENOMEM; ++ ++ hx = kmalloc(sizeof(struct hexline), GFP_KERNEL); ++ if (hx == NULL) { ++ kfree(reset); ++ return -ENOMEM; ++ } ++ + /* stop the CPU */ +- reset = 1; +- if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1)) != 1) ++ reset[0] = 1; ++ if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1)) != 1) + err("could not stop the USB controller CPU."); + +- while ((ret = dvb_usb_get_hexline(fw,&hx,&pos)) > 0) { +- deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx.addr,hx.len,hx.chk); +- ret = usb_cypress_writemem(udev,hx.addr,hx.data,hx.len); ++ while ((ret = dvb_usb_get_hexline(fw,hx,&pos)) > 0) { ++ deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx->addr,hx->len,hx->chk); ++ ret = usb_cypress_writemem(udev,hx->addr,hx->data,hx->len); + +- if (ret != hx.len) { ++ if (ret != hx->len) { + err("error while transferring firmware " + "(transferred size: %d, block size: %d)", +- ret,hx.len); ++ ret,hx->len); + ret = -EINVAL; + break; + } + } + if (ret < 0) { + err("firmware download failed at %d with %d",pos,ret); ++ kfree(reset); ++ kfree(hx); + return ret; + } + + if (ret == 0) { + /* restart the CPU */ +- reset = 0; +- if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1) != 1) { ++ reset[0] = 0; ++ if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1) != 1) { + err("could not restart the USB controller CPU."); + ret = -EINVAL; + } + } else + ret = -EIO; + ++ kfree(reset); ++ kfree(hx); ++ + return ret; + } + EXPORT_SYMBOL(usb_cypress_load_firmware); diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c index ae0f56a..ec71784 100644 --- a/drivers/media/usb/dvb-usb/dw2102.c @@ -45278,6 +45353,212 @@ index ae0f56a..ec71784 100644 /* debug */ static int dvb_usb_dw2102_debug; +diff --git a/drivers/media/usb/dvb-usb/technisat-usb2.c b/drivers/media/usb/dvb-usb/technisat-usb2.c +index 98d24ae..bc22415 100644 +--- a/drivers/media/usb/dvb-usb/technisat-usb2.c ++++ b/drivers/media/usb/dvb-usb/technisat-usb2.c +@@ -87,8 +87,11 @@ struct technisat_usb2_state { + static int technisat_usb2_i2c_access(struct usb_device *udev, + u8 device_addr, u8 *tx, u8 txlen, u8 *rx, u8 rxlen) + { +- u8 b[64]; +- int ret, actual_length; ++ u8 *b = kmalloc(64, GFP_KERNEL); ++ int ret, actual_length, error = 0; ++ ++ if (b == NULL) ++ return -ENOMEM; + + deb_i2c("i2c-access: %02x, tx: ", device_addr); + debug_dump(tx, txlen, deb_i2c); +@@ -121,7 +124,8 @@ static int technisat_usb2_i2c_access(struct usb_device *udev, + + if (ret < 0) { + err("i2c-error: out failed %02x = %d", device_addr, ret); +- return -ENODEV; ++ error = -ENODEV; ++ goto out; + } + + ret = usb_bulk_msg(udev, +@@ -129,7 +133,8 @@ static int technisat_usb2_i2c_access(struct usb_device *udev, + b, 64, &actual_length, 1000); + if (ret < 0) { + err("i2c-error: in failed %02x = %d", device_addr, ret); +- return -ENODEV; ++ error = -ENODEV; ++ goto out; + } + + if (b[0] != I2C_STATUS_OK) { +@@ -137,8 +142,10 @@ static int technisat_usb2_i2c_access(struct usb_device *udev, + /* handle tuner-i2c-nak */ + if (!(b[0] == I2C_STATUS_NAK && + device_addr == 0x60 +- /* && device_is_technisat_usb2 */)) +- return -ENODEV; ++ /* && device_is_technisat_usb2 */)) { ++ error = -ENODEV; ++ goto out; ++ } + } + + deb_i2c("status: %d, ", b[0]); +@@ -152,7 +159,9 @@ static int technisat_usb2_i2c_access(struct usb_device *udev, + + deb_i2c("\n"); + +- return 0; ++out: ++ kfree(b); ++ return error; + } + + static int technisat_usb2_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msg, +@@ -224,14 +233,16 @@ static int technisat_usb2_set_led(struct dvb_usb_device *d, int red, enum techni + { + int ret; + +- u8 led[8] = { +- red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST, +- 0 +- }; ++ u8 *led = kzalloc(8, GFP_KERNEL); ++ ++ if (led == NULL) ++ return -ENOMEM; + + if (disable_led_control && state != LED_OFF) + return 0; + ++ led[0] = red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST; ++ + switch (state) { + case LED_ON: + led[1] = 0x82; +@@ -263,16 +274,22 @@ static int technisat_usb2_set_led(struct dvb_usb_device *d, int red, enum techni + red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST, + USB_TYPE_VENDOR | USB_DIR_OUT, + 0, 0, +- led, sizeof(led), 500); ++ led, 8, 500); + + mutex_unlock(&d->i2c_mutex); ++ ++ kfree(led); ++ + return ret; + } + + static int technisat_usb2_set_led_timer(struct dvb_usb_device *d, u8 red, u8 green) + { + int ret; +- u8 b = 0; ++ u8 *b = kzalloc(1, GFP_KERNEL); ++ ++ if (b == NULL) ++ return -ENOMEM; + + if (mutex_lock_interruptible(&d->i2c_mutex) < 0) + return -EAGAIN; +@@ -281,10 +298,12 @@ static int technisat_usb2_set_led_timer(struct dvb_usb_device *d, u8 red, u8 gre + SET_LED_TIMER_DIVIDER_VENDOR_REQUEST, + USB_TYPE_VENDOR | USB_DIR_OUT, + (red << 8) | green, 0, +- &b, 1, 500); ++ b, 1, 500); + + mutex_unlock(&d->i2c_mutex); + ++ kfree(b); ++ + return ret; + } + +@@ -328,7 +347,7 @@ static int technisat_usb2_identify_state(struct usb_device *udev, + struct dvb_usb_device_description **desc, int *cold) + { + int ret; +- u8 version[3]; ++ u8 *version = kmalloc(3, GFP_KERNEL); + + /* first select the interface */ + if (usb_set_interface(udev, 0, 1) != 0) +@@ -338,11 +357,14 @@ static int technisat_usb2_identify_state(struct usb_device *udev, + + *cold = 0; /* by default do not download a firmware - just in case something is wrong */ + ++ if (version == NULL) ++ return 0; ++ + ret = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0), + GET_VERSION_INFO_VENDOR_REQUEST, + USB_TYPE_VENDOR | USB_DIR_IN, + 0, 0, +- version, sizeof(version), 500); ++ version, 3, 500); + + if (ret < 0) + *cold = 1; +@@ -351,6 +373,8 @@ static int technisat_usb2_identify_state(struct usb_device *udev, + *cold = 0; + } + ++ kfree(version); ++ + return 0; + } + +@@ -591,10 +615,15 @@ static int technisat_usb2_frontend_attach(struct dvb_usb_adapter *a) + + static int technisat_usb2_get_ir(struct dvb_usb_device *d) + { +- u8 buf[62], *b; ++ u8 *buf, *b; + int ret; + struct ir_raw_event ev; + ++ buf = kmalloc(62, GFP_KERNEL); ++ ++ if (buf == NULL) ++ return -ENOMEM; ++ + buf[0] = GET_IR_DATA_VENDOR_REQUEST; + buf[1] = 0x08; + buf[2] = 0x8f; +@@ -617,16 +646,20 @@ static int technisat_usb2_get_ir(struct dvb_usb_device *d) + GET_IR_DATA_VENDOR_REQUEST, + USB_TYPE_VENDOR | USB_DIR_IN, + 0x8080, 0, +- buf, sizeof(buf), 500); ++ buf, 62, 500); + + unlock: + mutex_unlock(&d->i2c_mutex); + +- if (ret < 0) ++ if (ret < 0) { ++ kfree(buf); + return ret; ++ } + +- if (ret == 1) ++ if (ret == 1) { ++ kfree(buf); + return 0; /* no key pressed */ ++ } + + /* decoding */ + b = buf+1; +@@ -653,6 +686,8 @@ unlock: + + ir_raw_event_handle(d->rc_dev); + ++ kfree(buf); ++ + return 1; + } + diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index fca336b..fb70ab7 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -47224,6 +47505,24 @@ index 5920c99..ff2e4a5 100644 }; static void +diff --git a/drivers/net/wan/x25_asy.c b/drivers/net/wan/x25_asy.c +index 5895f19..fa9fdfa 100644 +--- a/drivers/net/wan/x25_asy.c ++++ b/drivers/net/wan/x25_asy.c +@@ -122,8 +122,12 @@ static int x25_asy_change_mtu(struct net_device *dev, int newmtu) + { + struct x25_asy *sl = netdev_priv(dev); + unsigned char *xbuff, *rbuff; +- int len = 2 * newmtu; ++ int len; + ++ if (newmtu > 65534) ++ return -EINVAL; ++ ++ len = 2 * newmtu; + xbuff = kmalloc(len + 4, GFP_ATOMIC); + rbuff = kmalloc(len + 4, GFP_ATOMIC); + diff --git a/drivers/net/wan/z85230.c b/drivers/net/wan/z85230.c index feacc3b..5bac0de 100644 --- a/drivers/net/wan/z85230.c @@ -51672,7 +51971,7 @@ index 9cd706d..6ff2de7 100644 if (cfg->uart_flags & UPF_CONS_FLOW) { diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index ece2049..fba2524 100644 +index ece2049b..fba2524 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1448,7 +1448,7 @@ static void uart_hangup(struct tty_struct *tty) @@ -52838,6 +53137,36 @@ index 7ae0c4d..35521b7 100644 retval = submit_single_step_set_feature(hcd, urb, 0); if (!retval && !wait_for_completion_timeout(&done, msecs_to_jiffies(2000))) { +diff --git a/drivers/usb/host/hwa-hc.c b/drivers/usb/host/hwa-hc.c +index e076699..6b3b875 100644 +--- a/drivers/usb/host/hwa-hc.c ++++ b/drivers/usb/host/hwa-hc.c +@@ -301,7 +301,10 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8 stream_index, + struct hwahc *hwahc = container_of(wusbhc, struct hwahc, wusbhc); + struct wahc *wa = &hwahc->wa; + struct device *dev = &wa->usb_iface->dev; +- u8 mas_le[UWB_NUM_MAS/8]; ++ u8 *mas_le = kmalloc(UWB_NUM_MAS/8, GFP_KERNEL); ++ ++ if (mas_le == NULL) ++ return -ENOMEM; + + /* Set the stream index */ + result = usb_control_msg(wa->usb_dev, usb_sndctrlpipe(wa->usb_dev, 0), +@@ -320,10 +323,12 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8 stream_index, + WUSB_REQ_SET_WUSB_MAS, + USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE, + 0, wa->usb_iface->cur_altsetting->desc.bInterfaceNumber, +- mas_le, 32, USB_CTRL_SET_TIMEOUT); ++ mas_le, UWB_NUM_MAS/8, USB_CTRL_SET_TIMEOUT); + if (result < 0) + dev_err(dev, "Cannot set WUSB MAS allocation: %d\n", result); + out: ++ kfree(mas_le); ++ + return result; + } + diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c index ba6a5d6..f88f7f3 100644 --- a/drivers/usb/misc/appledisplay.c @@ -59899,7 +60228,7 @@ index e6574d7..c30cbe2 100644 brelse(bh); bh = NULL; diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index 08ddfda..a48f3f6 100644 +index 502f0fd..bf3b3c1 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1880,7 +1880,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, @@ -60029,7 +60358,7 @@ index 04434ad..6404663 100644 "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 710fed2..a82e4e8 100644 +index 25b327e..56f169d 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1270,7 +1270,7 @@ static ext4_fsblk_t get_sb_block(void **data) @@ -60041,7 +60370,7 @@ index 710fed2..a82e4e8 100644 "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n"; #ifdef CONFIG_QUOTA -@@ -2450,7 +2450,7 @@ struct ext4_attr { +@@ -2448,7 +2448,7 @@ struct ext4_attr { int offset; int deprecated_val; } u; @@ -62048,7 +62377,7 @@ index b29e42f..5ea7fdf 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index 8274c8d..922e189 100644 +index 8274c8d..e242796 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -330,17 +330,34 @@ int generic_permission(struct inode *inode, int mask) @@ -62184,7 +62513,19 @@ index 8274c8d..922e189 100644 return retval; } -@@ -2557,6 +2590,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2247,9 +2280,10 @@ done: + goto out; + } + path->dentry = dentry; +- path->mnt = mntget(nd->path.mnt); ++ path->mnt = nd->path.mnt; + if (should_follow_link(dentry, nd->flags & LOOKUP_FOLLOW)) + return 1; ++ mntget(path->mnt); + follow_mount(path); + error = 0; + out: +@@ -2557,6 +2591,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -62198,7 +62539,7 @@ index 8274c8d..922e189 100644 return 0; } -@@ -2788,7 +2828,7 @@ looked_up: +@@ -2788,7 +2829,7 @@ looked_up: * cleared otherwise prior to returning. */ static int lookup_open(struct nameidata *nd, struct path *path, @@ -62207,7 +62548,7 @@ index 8274c8d..922e189 100644 const struct open_flags *op, bool got_write, int *opened) { -@@ -2823,6 +2863,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2823,6 +2864,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; @@ -62225,7 +62566,7 @@ index 8274c8d..922e189 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2844,6 +2895,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2844,6 +2896,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, nd->flags & LOOKUP_EXCL); if (error) goto out_dput; @@ -62234,7 +62575,7 @@ index 8274c8d..922e189 100644 } out_no_open: path->dentry = dentry; -@@ -2858,7 +2911,7 @@ out_dput: +@@ -2858,7 +2912,7 @@ out_dput: /* * Handle the last step of open() */ @@ -62243,7 +62584,7 @@ index 8274c8d..922e189 100644 struct file *file, const struct open_flags *op, int *opened, struct filename *name) { -@@ -2908,6 +2961,15 @@ static int do_last(struct nameidata *nd, struct path *path, +@@ -2908,6 +2962,15 @@ static int do_last(struct nameidata *nd, struct path *path, if (error) return error; @@ -62259,7 +62600,7 @@ index 8274c8d..922e189 100644 audit_inode(name, dir, LOOKUP_PARENT); error = -EISDIR; /* trailing slashes? */ -@@ -2927,7 +2989,7 @@ retry_lookup: +@@ -2927,7 +2990,7 @@ retry_lookup: */ } mutex_lock(&dir->d_inode->i_mutex); @@ -62268,7 +62609,7 @@ index 8274c8d..922e189 100644 mutex_unlock(&dir->d_inode->i_mutex); if (error <= 0) { -@@ -2951,11 +3013,28 @@ retry_lookup: +@@ -2951,11 +3014,28 @@ retry_lookup: goto finish_open_created; } @@ -62298,7 +62639,7 @@ index 8274c8d..922e189 100644 /* * If atomic_open() acquired write access it is dropped now due to -@@ -2996,6 +3075,11 @@ finish_lookup: +@@ -2996,6 +3076,11 @@ finish_lookup: } } BUG_ON(inode != path->dentry->d_inode); @@ -62310,7 +62651,7 @@ index 8274c8d..922e189 100644 return 1; } -@@ -3005,7 +3089,6 @@ finish_lookup: +@@ -3005,7 +3090,6 @@ finish_lookup: save_parent.dentry = nd->path.dentry; save_parent.mnt = mntget(path->mnt); nd->path.dentry = path->dentry; @@ -62318,7 +62659,7 @@ index 8274c8d..922e189 100644 } nd->inode = inode; /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ -@@ -3015,7 +3098,18 @@ finish_open: +@@ -3015,7 +3099,18 @@ finish_open: path_put(&save_parent); return error; } @@ -62337,7 +62678,7 @@ index 8274c8d..922e189 100644 error = -EISDIR; if ((open_flag & O_CREAT) && (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry))) -@@ -3179,7 +3273,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3179,7 +3274,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -62346,7 +62687,7 @@ index 8274c8d..922e189 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -3197,7 +3291,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3197,7 +3292,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -62355,7 +62696,7 @@ index 8274c8d..922e189 100644 put_link(nd, &link, cookie); } out: -@@ -3297,9 +3391,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3297,9 +3392,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -62369,7 +62710,7 @@ index 8274c8d..922e189 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3351,6 +3447,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3351,6 +3448,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -62390,7 +62731,7 @@ index 8274c8d..922e189 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3413,6 +3523,17 @@ retry: +@@ -3413,6 +3524,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -62408,7 +62749,7 @@ index 8274c8d..922e189 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3429,6 +3550,8 @@ retry: +@@ -3429,6 +3551,8 @@ retry: break; } out: @@ -62417,7 +62758,7 @@ index 8274c8d..922e189 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3481,9 +3604,16 @@ retry: +@@ -3481,9 +3605,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -62434,7 +62775,7 @@ index 8274c8d..922e189 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3564,6 +3694,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3564,6 +3695,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -62443,7 +62784,7 @@ index 8274c8d..922e189 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3596,10 +3728,21 @@ retry: +@@ -3596,10 +3729,21 @@ retry: error = -ENOENT; goto exit3; } @@ -62465,7 +62806,7 @@ index 8274c8d..922e189 100644 exit3: dput(dentry); exit2: -@@ -3689,6 +3832,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3689,6 +3833,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; @@ -62474,7 +62815,7 @@ index 8274c8d..922e189 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3715,10 +3860,22 @@ retry_deleg: +@@ -3715,10 +3861,22 @@ retry_deleg: if (d_is_negative(dentry)) goto slashes; ihold(inode); @@ -62497,7 +62838,7 @@ index 8274c8d..922e189 100644 exit2: dput(dentry); } -@@ -3806,9 +3963,17 @@ retry: +@@ -3806,9 +3964,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -62515,7 +62856,7 @@ index 8274c8d..922e189 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3911,6 +4076,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3911,6 +4077,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, struct dentry *new_dentry; struct path old_path, new_path; struct inode *delegated_inode = NULL; @@ -62523,7 +62864,7 @@ index 8274c8d..922e189 100644 int how = 0; int error; -@@ -3934,7 +4100,7 @@ retry: +@@ -3934,7 +4101,7 @@ retry: if (error) return error; @@ -62532,7 +62873,7 @@ index 8274c8d..922e189 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3946,11 +4112,28 @@ retry: +@@ -3946,11 +4113,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -62561,7 +62902,7 @@ index 8274c8d..922e189 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4237,6 +4420,12 @@ retry_deleg: +@@ -4237,6 +4421,12 @@ retry_deleg: if (new_dentry == trap) goto exit5; @@ -62574,7 +62915,7 @@ index 8274c8d..922e189 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry); if (error) -@@ -4244,6 +4433,9 @@ retry_deleg: +@@ -4244,6 +4434,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode); @@ -62584,7 +62925,7 @@ index 8274c8d..922e189 100644 exit5: dput(new_dentry); exit4: -@@ -4280,6 +4472,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -4280,6 +4473,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -62593,7 +62934,7 @@ index 8274c8d..922e189 100644 int len; len = PTR_ERR(link); -@@ -4289,7 +4483,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -4289,7 +4484,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -91378,7 +91719,7 @@ index 868633e..921dc41 100644 ftrace_graph_active++; diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index fc4da2d..f3e800b 100644 +index 04202d9..e3e4242 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -352,9 +352,9 @@ struct buffer_data_page { @@ -91404,7 +91745,7 @@ index fc4da2d..f3e800b 100644 local_t dropped_events; local_t committing; local_t commits; -@@ -992,8 +992,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -995,8 +995,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * * We add a counter to the write field to denote this. */ @@ -91415,7 +91756,7 @@ index fc4da2d..f3e800b 100644 /* * Just make sure we have seen our old_write and synchronize -@@ -1021,8 +1021,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -1024,8 +1024,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * cmpxchg to only update if an interrupt did not already * do it for us. If the cmpxchg fails, we don't care. */ @@ -91426,7 +91767,7 @@ index fc4da2d..f3e800b 100644 /* * No need to worry about races with clearing out the commit. -@@ -1386,12 +1386,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); +@@ -1389,12 +1389,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); static inline unsigned long rb_page_entries(struct buffer_page *bpage) { @@ -91441,7 +91782,7 @@ index fc4da2d..f3e800b 100644 } static int -@@ -1486,7 +1486,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) +@@ -1489,7 +1489,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) * bytes consumed in ring buffer from here. * Increment overrun to account for the lost events. */ @@ -91450,7 +91791,7 @@ index fc4da2d..f3e800b 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); } -@@ -2064,7 +2064,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2067,7 +2067,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, * it is our responsibility to update * the counters. */ @@ -91459,7 +91800,7 @@ index fc4da2d..f3e800b 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); /* -@@ -2214,7 +2214,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2217,7 +2217,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, if (tail == BUF_PAGE_SIZE) tail_page->real_end = 0; @@ -91468,7 +91809,7 @@ index fc4da2d..f3e800b 100644 return; } -@@ -2249,7 +2249,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2252,7 +2252,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, rb_event_set_padding(event); /* Set the write back to the previous setting */ @@ -91477,7 +91818,7 @@ index fc4da2d..f3e800b 100644 return; } -@@ -2261,7 +2261,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2264,7 +2264,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, /* Set write to end of buffer */ length = (tail + length) - BUF_PAGE_SIZE; @@ -91486,7 +91827,7 @@ index fc4da2d..f3e800b 100644 } /* -@@ -2287,7 +2287,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2290,7 +2290,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, * about it. */ if (unlikely(next_page == commit_page)) { @@ -91495,7 +91836,7 @@ index fc4da2d..f3e800b 100644 goto out_reset; } -@@ -2343,7 +2343,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2346,7 +2346,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, cpu_buffer->tail_page) && (cpu_buffer->commit_page == cpu_buffer->reader_page))) { @@ -91504,7 +91845,7 @@ index fc4da2d..f3e800b 100644 goto out_reset; } } -@@ -2391,7 +2391,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2394,7 +2394,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, length += RB_LEN_TIME_EXTEND; tail_page = cpu_buffer->tail_page; @@ -91513,7 +91854,7 @@ index fc4da2d..f3e800b 100644 /* set write to only the index of the write */ write &= RB_WRITE_MASK; -@@ -2415,7 +2415,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2418,7 +2418,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, kmemcheck_annotate_bitfield(event, bitfield); rb_update_event(cpu_buffer, event, length, add_timestamp, delta); @@ -91522,7 +91863,7 @@ index fc4da2d..f3e800b 100644 /* * If this is the first commit on the page, then update -@@ -2448,7 +2448,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2451,7 +2451,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) { unsigned long write_mask = @@ -91531,7 +91872,7 @@ index fc4da2d..f3e800b 100644 unsigned long event_length = rb_event_length(event); /* * This is on the tail page. It is possible that -@@ -2458,7 +2458,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2461,7 +2461,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, */ old_index += write_mask; new_index += write_mask; @@ -91540,7 +91881,7 @@ index fc4da2d..f3e800b 100644 if (index == old_index) { /* update counters */ local_sub(event_length, &cpu_buffer->entries_bytes); -@@ -2850,7 +2850,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2853,7 +2853,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, /* Do the likely case first */ if (likely(bpage->page == (void *)addr)) { @@ -91549,7 +91890,7 @@ index fc4da2d..f3e800b 100644 return; } -@@ -2862,7 +2862,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2865,7 +2865,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, start = bpage; do { if (bpage->page == (void *)addr) { @@ -91558,7 +91899,7 @@ index fc4da2d..f3e800b 100644 return; } rb_inc_page(cpu_buffer, &bpage); -@@ -3146,7 +3146,7 @@ static inline unsigned long +@@ -3149,7 +3149,7 @@ static inline unsigned long rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer) { return local_read(&cpu_buffer->entries) - @@ -91567,7 +91908,7 @@ index fc4da2d..f3e800b 100644 } /** -@@ -3235,7 +3235,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3238,7 +3238,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -91576,7 +91917,7 @@ index fc4da2d..f3e800b 100644 return ret; } -@@ -3258,7 +3258,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3261,7 +3261,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -91585,7 +91926,7 @@ index fc4da2d..f3e800b 100644 return ret; } -@@ -3343,7 +3343,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) +@@ -3346,7 +3346,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) /* if you care about this being correct, lock the buffer */ for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; @@ -91594,7 +91935,7 @@ index fc4da2d..f3e800b 100644 } return overruns; -@@ -3519,8 +3519,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3522,8 +3522,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -91605,7 +91946,7 @@ index fc4da2d..f3e800b 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3554,7 +3554,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3557,7 +3557,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -91614,7 +91955,7 @@ index fc4da2d..f3e800b 100644 /* * Here's the tricky part. -@@ -4124,8 +4124,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4127,8 +4127,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -91625,7 +91966,7 @@ index fc4da2d..f3e800b 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -4135,14 +4135,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4138,14 +4138,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -91644,7 +91985,7 @@ index fc4da2d..f3e800b 100644 local_set(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); -@@ -4547,8 +4547,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4550,8 +4550,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -91656,7 +91997,7 @@ index fc4da2d..f3e800b 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index fd21e60..eb47c25 100644 +index 922657f..3d229d9 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3398,7 +3398,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) @@ -91669,7 +92010,7 @@ index fd21e60..eb47c25 100644 /* do nothing if flag is already set */ if (!!(trace_flags & mask) == !!enabled) diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h -index 02b592f..f971546 100644 +index c8bd809..33d7539 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h @@ -1233,7 +1233,7 @@ extern const char *__stop___tracepoint_str[]; @@ -91862,10 +92203,10 @@ index c9b6f01..37781d9 100644 .thread_should_run = watchdog_should_run, .thread_fn = watchdog, diff --git a/kernel/workqueue.c b/kernel/workqueue.c -index b6a3941..b68f191 100644 +index b4defde..f092808 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c -@@ -4702,7 +4702,7 @@ static void rebind_workers(struct worker_pool *pool) +@@ -4703,7 +4703,7 @@ static void rebind_workers(struct worker_pool *pool) WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND)); worker_flags |= WORKER_REBOUND; worker_flags &= ~WORKER_UNBOUND; @@ -92641,7 +92982,7 @@ index 0000000..7cd6065 @@ -0,0 +1 @@ +-grsec diff --git a/mm/Kconfig b/mm/Kconfig -index 9b63c15..2ab509e 100644 +index 0862816..2e3a043 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -329,10 +329,11 @@ config KSM @@ -93911,7 +94252,7 @@ index 2121d8b8..fa1095a 100644 mm = get_task_mm(tsk); if (!mm) diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 9c6288a..b0ea97e 100644 +index 15a8ea0..cb50389 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -747,6 +747,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, @@ -96034,7 +96375,7 @@ index cdbd312..2e1e0b9 100644 /* diff --git a/mm/shmem.c b/mm/shmem.c -index 1f18c9d..b550bab 100644 +index 1f18c9d..6aa94ab 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -33,7 +33,7 @@ @@ -96062,19 +96403,73 @@ index 1f18c9d..b550bab 100644 + * a time): we would prefer not to enlarge the shmem inode just for that. */ struct shmem_falloc { -+ int mode; /* FALLOC_FL mode currently operating */ ++ wait_queue_head_t *waitq; /* faults into hole wait for punch to end */ pgoff_t start; /* start of range currently being fallocated */ pgoff_t next; /* the next page offset to be fallocated */ pgoff_t nr_falloced; /* how many new pages have been fallocated */ -@@ -824,6 +825,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc) +@@ -533,22 +534,19 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend, + return; + + index = start; +- for ( ; ; ) { ++ while (index < end) { + cond_resched(); + pvec.nr = shmem_find_get_pages_and_swap(mapping, index, + min(end - index, (pgoff_t)PAGEVEC_SIZE), + pvec.pages, indices); + if (!pvec.nr) { +- if (index == start || unfalloc) ++ /* If all gone or hole-punch or unfalloc, we're done */ ++ if (index == start || end != -1) + break; ++ /* But if truncating, restart to make sure all gone */ + index = start; + continue; + } +- if ((index == start || unfalloc) && indices[0] >= end) { +- shmem_deswap_pagevec(&pvec); +- pagevec_release(&pvec); +- break; +- } + mem_cgroup_uncharge_start(); + for (i = 0; i < pagevec_count(&pvec); i++) { + struct page *page = pvec.pages[i]; +@@ -560,8 +558,12 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend, + if (radix_tree_exceptional_entry(page)) { + if (unfalloc) + continue; +- nr_swaps_freed += !shmem_free_swap(mapping, +- index, page); ++ if (shmem_free_swap(mapping, index, page)) { ++ /* Swap was replaced by page: retry */ ++ index--; ++ break; ++ } ++ nr_swaps_freed++; + continue; + } + +@@ -570,6 +572,11 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend, + if (page->mapping == mapping) { + VM_BUG_ON_PAGE(PageWriteback(page), page); + truncate_inode_page(mapping, page); ++ } else { ++ /* Page was replaced by swap: retry */ ++ unlock_page(page); ++ index--; ++ break; + } + } + unlock_page(page); +@@ -824,6 +831,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc) spin_lock(&inode->i_lock); shmem_falloc = inode->i_private; if (shmem_falloc && -+ !shmem_falloc->mode && ++ !shmem_falloc->waitq && index >= shmem_falloc->start && index < shmem_falloc->next) shmem_falloc->nr_unswapped++; -@@ -1298,6 +1300,43 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf) +@@ -1298,6 +1306,64 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf) int error; int ret = VM_FAULT_LOCKED; @@ -96082,71 +96477,98 @@ index 1f18c9d..b550bab 100644 + * Trinity finds that probing a hole which tmpfs is punching can + * prevent the hole-punch from ever completing: which in turn + * locks writers out with its hold on i_mutex. So refrain from -+ * faulting pages into the hole while it's being punched, and -+ * wait on i_mutex to be released if vmf->flags permits, ++ * faulting pages into the hole while it's being punched. Although ++ * shmem_undo_range() does remove the additions, it may be unable to ++ * keep up, as each new page needs its own unmap_mapping_range() call, ++ * and the i_mmap tree grows ever slower to scan if new vmas are added. ++ * ++ * It does not matter if we sometimes reach this check just before the ++ * hole-punch begins, so that one fault then races with the punch: ++ * we just need to make racing faults a rare case. ++ * ++ * The implementation below would be much simpler if we just used a ++ * standard mutex or completion: but we cannot take i_mutex in fault, ++ * and bloating every shmem inode for this unlikely case would be sad. + */ + if (unlikely(inode->i_private)) { + struct shmem_falloc *shmem_falloc; ++ + spin_lock(&inode->i_lock); + shmem_falloc = inode->i_private; -+ if (!shmem_falloc || -+ shmem_falloc->mode != FALLOC_FL_PUNCH_HOLE || -+ vmf->pgoff < shmem_falloc->start || -+ vmf->pgoff >= shmem_falloc->next) -+ shmem_falloc = NULL; -+ spin_unlock(&inode->i_lock); -+ /* -+ * i_lock has protected us from taking shmem_falloc seriously -+ * once return from shmem_fallocate() went back up that stack. -+ * i_lock does not serialize with i_mutex at all, but it does -+ * not matter if sometimes we wait unnecessarily, or sometimes -+ * miss out on waiting: we just need to make those cases rare. -+ */ -+ if (shmem_falloc) { ++ if (shmem_falloc && ++ shmem_falloc->waitq && ++ vmf->pgoff >= shmem_falloc->start && ++ vmf->pgoff < shmem_falloc->next) { ++ wait_queue_head_t *shmem_falloc_waitq; ++ DEFINE_WAIT(shmem_fault_wait); ++ ++ ret = VM_FAULT_NOPAGE; + if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) && + !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) { ++ /* It's polite to up mmap_sem if we can */ + up_read(&vma->vm_mm->mmap_sem); -+ mutex_lock(&inode->i_mutex); -+ mutex_unlock(&inode->i_mutex); -+ return VM_FAULT_RETRY; ++ ret = VM_FAULT_RETRY; + } -+ /* cond_resched? Leave that to GUP or return to user */ -+ return VM_FAULT_NOPAGE; ++ ++ shmem_falloc_waitq = shmem_falloc->waitq; ++ prepare_to_wait(shmem_falloc_waitq, &shmem_fault_wait, ++ TASK_UNINTERRUPTIBLE); ++ spin_unlock(&inode->i_lock); ++ schedule(); ++ ++ /* ++ * shmem_falloc_waitq points into the shmem_fallocate() ++ * stack of the hole-punching task: shmem_falloc_waitq ++ * is usually invalid by the time we reach here, but ++ * finish_wait() does not dereference it in that case; ++ * though i_lock needed lest racing with wake_up_all(). ++ */ ++ spin_lock(&inode->i_lock); ++ finish_wait(shmem_falloc_waitq, &shmem_fault_wait); ++ spin_unlock(&inode->i_lock); ++ return ret; + } ++ spin_unlock(&inode->i_lock); + } + error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret); if (error) return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS); -@@ -1813,18 +1852,26 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, - - mutex_lock(&inode->i_mutex); - -+ shmem_falloc.mode = mode & ~FALLOC_FL_KEEP_SIZE; -+ - if (mode & FALLOC_FL_PUNCH_HOLE) { +@@ -1817,12 +1883,25 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, struct address_space *mapping = file->f_mapping; loff_t unmap_start = round_up(offset, PAGE_SIZE); loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1; - ++ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq); ++ ++ shmem_falloc.waitq = &shmem_falloc_waitq; + shmem_falloc.start = unmap_start >> PAGE_SHIFT; + shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT; + spin_lock(&inode->i_lock); + inode->i_private = &shmem_falloc; + spin_unlock(&inode->i_lock); -+ + if ((u64)unmap_end > (u64)unmap_start) unmap_mapping_range(mapping, unmap_start, 1 + unmap_end - unmap_start, 0); shmem_truncate_range(inode, offset, offset + len - 1); /* No need to unmap again: hole-punching leaves COWed pages */ ++ ++ spin_lock(&inode->i_lock); ++ inode->i_private = NULL; ++ wake_up_all(&shmem_falloc_waitq); ++ spin_unlock(&inode->i_lock); error = 0; -- goto out; -+ goto undone; + goto out; + } +@@ -1840,6 +1919,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, + goto out; } - /* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */ -@@ -2218,6 +2265,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { ++ shmem_falloc.waitq = NULL; + shmem_falloc.start = start; + shmem_falloc.next = start; + shmem_falloc.nr_falloced = 0; +@@ -2218,6 +2298,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -96158,7 +96580,7 @@ index 1f18c9d..b550bab 100644 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -2273,6 +2325,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, +@@ -2273,6 +2358,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, if (err) return err; @@ -96174,7 +96596,7 @@ index 1f18c9d..b550bab 100644 return simple_xattr_set(&info->xattrs, name, value, size, flags); } -@@ -2585,8 +2646,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) +@@ -2585,8 +2679,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) int err = -ENOMEM; /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -99357,6 +99779,21 @@ index 5325b54..a0d4d69 100644 return -EFAULT; *lenp = len; +diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c +index e7b6d53..f005cc7 100644 +--- a/net/dns_resolver/dns_query.c ++++ b/net/dns_resolver/dns_query.c +@@ -149,7 +149,9 @@ int dns_query(const char *type, const char *name, size_t namelen, + if (!*_result) + goto put; + +- memcpy(*_result, upayload->data, len + 1); ++ memcpy(*_result, upayload->data, len); ++ (*_result)[len] = '\0'; ++ + if (_expiry) + *_expiry = rkey->expiry; + diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 19ab78a..bf575c9 100644 --- a/net/ipv4/af_inet.c @@ -101440,6 +101877,28 @@ index 7932697..a13d158 100644 } while (!res); return res; } +diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c +index ec66063..1e05bbd 100644 +--- a/net/l2tp/l2tp_ppp.c ++++ b/net/l2tp/l2tp_ppp.c +@@ -1368,7 +1368,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname, + int err; + + if (level != SOL_PPPOL2TP) +- return udp_prot.setsockopt(sk, level, optname, optval, optlen); ++ return -EINVAL; + + if (optlen < sizeof(int)) + return -EINVAL; +@@ -1494,7 +1494,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, int optname, + struct pppol2tp_session *ps; + + if (level != SOL_PPPOL2TP) +- return udp_prot.getsockopt(sk, level, optname, optval, optlen); ++ return -EINVAL; + + if (get_user(len, optlen)) + return -EFAULT; diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c index 1a3c7e0..80f8b0c 100644 --- a/net/llc/llc_proc.c @@ -102827,6 +103286,18 @@ index f226709..0e735a8 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); +diff --git a/net/sctp/associola.c b/net/sctp/associola.c +index a4d5701..5d97d8f 100644 +--- a/net/sctp/associola.c ++++ b/net/sctp/associola.c +@@ -1151,6 +1151,7 @@ void sctp_assoc_update(struct sctp_association *asoc, + asoc->c = new->c; + asoc->peer.rwnd = new->peer.rwnd; + asoc->peer.sack_needed = new->peer.sack_needed; ++ asoc->peer.auth_capable = new->peer.auth_capable; + asoc->peer.i = new->peer.i; + sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, + asoc->peer.i.initial_tsn, GFP_ATOMIC); diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 2b1738e..a9d0fc9 100644 --- a/net/sctp/ipv6.c @@ -103057,6 +103528,26 @@ index c82fdc1..4ca1f95 100644 return 0; } +diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c +index 85c6465..879f3cd 100644 +--- a/net/sctp/ulpevent.c ++++ b/net/sctp/ulpevent.c +@@ -411,6 +411,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error( + * sre_type: + * It should be SCTP_REMOTE_ERROR. + */ ++ memset(sre, 0, sizeof(*sre)); + sre->sre_type = SCTP_REMOTE_ERROR; + + /* +@@ -916,6 +917,7 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event, + * For recvmsg() the SCTP stack places the message's stream number in + * this value. + */ ++ memset(&sinfo, 0, sizeof(sinfo)); + sinfo.sinfo_stream = event->stream; + /* sinfo_ssn: 16 bits (unsigned integer) + * diff --git a/net/socket.c b/net/socket.c index a19ae19..89554dc 100644 --- a/net/socket.c @@ -112196,10 +112687,10 @@ index 0000000..88469e9 + diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c new file mode 100644 -index 0000000..f8f5dd5 +index 0000000..715a590 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c -@@ -0,0 +1,1133 @@ +@@ -0,0 +1,1141 @@ +/* + * Copyright 2011-2014 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -112414,7 +112905,7 @@ index 0000000..f8f5dd5 +} + +enum conditions { -+ FROM_CONST, NOT_UNARY, CAST ++ FROM_CONST, NOT_UNARY, CAST, RET, PHI +}; + +// Search for constants, cast assignments and binary/ternary assignments @@ -112434,11 +112925,15 @@ index 0000000..f8f5dd5 + return; + + switch (gimple_code(def_stmt)) { -+ case GIMPLE_NOP: + case GIMPLE_CALL: ++ if (lhs == gimple_return_retval(def_stmt)) ++ interesting_conditions[RET] = true; ++ return; ++ case GIMPLE_NOP: + case GIMPLE_ASM: + return; + case GIMPLE_PHI: ++ interesting_conditions[PHI] = true; + return walk_phi_set_conditions(visited, interesting_conditions, lhs); + case GIMPLE_ASSIGN: + if (gimple_num_ops(def_stmt) == 2) { @@ -112656,11 +113151,11 @@ index 0000000..f8f5dd5 +/* If there is a mark_turn_off intentional attribute on the caller or the callee then there is no duplication and missing size_overflow attribute check anywhere. + * There is only missing size_overflow attribute checking if the intentional_overflow attribute is the mark_no type. + * Stmt duplication is unnecessary if there are no binary/ternary assignements or if the unary assignment isn't a cast. -+ * It skips the possible error codes too. If the def_stmts trace back to a constant and there are no binary/ternary assigments then we assume that it is some kind of error code. ++ * It skips the possible error codes too. + */ +static enum precond check_preconditions(struct interesting_node *cur_node) +{ -+ bool interesting_conditions[3] = {false, false, false}; ++ bool interesting_conditions[5] = {false, false, false, false, false}; + + set_last_nodes(cur_node); + @@ -112670,7 +113165,11 @@ index 0000000..f8f5dd5 + + search_interesting_conditions(cur_node, interesting_conditions); + -+ // error code ++ // error code: a phi, unary assign (not cast) and returns only ++ if (!interesting_conditions[NOT_UNARY] && interesting_conditions[PHI] && interesting_conditions[RET] && !interesting_conditions[CAST]) ++ return NO_ATTRIBUTE_SEARCH; ++ ++ // error code: def_stmts trace back to a constant and there are no binary/ternary assigments + if (interesting_conditions[CAST] && interesting_conditions[FROM_CONST] && !interesting_conditions[NOT_UNARY]) + return NO_ATTRIBUTE_SEARCH; + @@ -120774,7 +121273,7 @@ index 0000000..560cd7b +zpios_read_64734 zpios_read 3 64734 NULL diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c new file mode 100644 -index 0000000..e6fe17b +index 0000000..a15328d --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c @@ -0,0 +1,259 @@ @@ -120810,7 +121309,7 @@ index 0000000..e6fe17b +tree size_overflow_type_TI; + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20140517", ++ .version = "20140713", + .help = "no-size-overflow\tturn off size overflow checking\n", +}; + |