diff options
-rw-r--r-- | main/linux-grsec/APKBUILD | 18 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.12.7-201401120824.patch (renamed from main/linux-grsec/grsecurity-3.0-3.12.6-201312221037.patch) | 1236 |
2 files changed, 904 insertions, 350 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index aff5e5219d..f47ffa8d94 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,12 +2,12 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.12.6 +pkgver=3.12.7 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=2 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.12.6-201312221037.patch + grsecurity-3.0-3.12.7-201401120824.patch fix-memory-map-for-PIE-applications.patch @@ -144,20 +144,20 @@ dev() { } md5sums="cc6ee608854e0da4b64f6c1ff8b6398c linux-3.12.tar.xz -9e75be8b127e58f1a76c0015eabb12ae patch-3.12.6.xz -08fb432729eecd94fbd97d2b413043a1 grsecurity-3.0-3.12.6-201312221037.patch +a158a29ecf49e768ebd2f34967991606 patch-3.12.7.xz +a90b0bcd0ece5c0bee4fa8155a0122fd grsecurity-3.0-3.12.7-201401120824.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 6dcd7940c137dadcd01a4e0f3fbc7446 kernelconfig.x86 22c5cf50df52d24d222473760a007869 kernelconfig.x86_64" sha256sums="2e120ec7fde19fa51dc6b6cc11c81860a0775defcad5a5bf910ed9a50e845a02 linux-3.12.tar.xz -d3f0fab91fa4f25b685ae087030252feedb0169061c2f486cdf38b399e4baf7a patch-3.12.6.xz -3db8444dda3eb2b6d41abd8f6d280303bbe2c57f3508b2537e2d3fe24aa7346a grsecurity-3.0-3.12.6-201312221037.patch +ac57d56064bb23dae55fe656c407c662e842c98a6a5411251d6bb79c9718f555 patch-3.12.7.xz +1ff99432fb966b8646bfa73f6828c8e25351afcfac2acbd3f019448926de9278 grsecurity-3.0-3.12.7-201401120824.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch ab5f8d000dae45616dad9857e24961b315bc5a43f86805875c051961152a9ee3 kernelconfig.x86 46739cf496107e88e8ccc648b90b7dd0a62738fda286f2908c9aecc8ee239c8a kernelconfig.x86_64" sha512sums="4ba5797e0772726d05c9f2eee66dc6dc2a5033c749ef44764c805a83da739ed5d0c6443b76785e38fe1ef74cc7ade787e48144faed0cfcb6f124f05248c700ff linux-3.12.tar.xz -dd386fa4ace7a2a63c788540fb4b76a621c2aa7ac874e2ebbf81014da255f6811584e93a4e92beffda88e33e848d8a69cdcb33cce81387b35c79ff49fc32563c patch-3.12.6.xz -f98a05fffdffee62cdb6ceaea1326d6231e391ba771f69c24e5ea0b7f3b83a1346530c48170c0fce9cf7681a247786d3324d1034c3f10e0fcf2db61429a16705 grsecurity-3.0-3.12.6-201312221037.patch +070536e1ed0911e91e96f32038b38efd8d531a306b09eb3074f68ebd7c582cf09574ea712666c3e3dff8443d66d054028a58497dd5e11f66d3bb5eb4570aee78 patch-3.12.7.xz +34475fd4f167492550f2cc0df7f0b4eb4f616e1a40d1e914128c20b0ec3a77d7c7a57f1fe7874316e4081ac15d06e4bf33b841477b69757409fe54c4f40d76ce grsecurity-3.0-3.12.7-201401120824.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch fd66d8704ef272c0d7b35237dcd297484afa39eeb8f1a820b6734e8e636c8db699116247a89dac99a59372d8dcf5125b04676d60c27eea5f65a2dbfa07aa39f8 kernelconfig.x86 3ff4b1d67975376a562624691d0ab03f4760ba8d9283719bbbfd281c49399a83feaefa70186cd1f1ca654f4e1110d9c2326f7a07bb862c59a92a7e93b9d99592 kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-3.0-3.12.6-201312221037.patch b/main/linux-grsec/grsecurity-3.0-3.12.7-201401120824.patch index 12c5249c45..6b060dc4d0 100644 --- a/main/linux-grsec/grsecurity-3.0-3.12.6-201312221037.patch +++ b/main/linux-grsec/grsecurity-3.0-3.12.7-201401120824.patch @@ -229,7 +229,7 @@ index b89a739..79768fb 100644 +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index fcbb736..5508d8c 100644 +index 4f7c57c..a2dc685 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -1031,6 +1031,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. @@ -243,7 +243,7 @@ index fcbb736..5508d8c 100644 hashdist= [KNL,NUMA] Large hashes allocated during boot are distributed across NUMA nodes. Defaults on for 64-bit NUMA, off otherwise. -@@ -1999,6 +2003,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2001,6 +2005,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. noexec=on: enable non-executable mappings (default) noexec=off: disable non-executable mappings @@ -254,7 +254,7 @@ index fcbb736..5508d8c 100644 nosmap [X86] Disable SMAP (Supervisor Mode Access Prevention) even if it is supported by processor. -@@ -2266,6 +2274,25 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2268,6 +2276,25 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -281,7 +281,7 @@ index fcbb736..5508d8c 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 2b23383..a66cff0 100644 +index c2f0b79..2e5e090 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -8003,7 +8003,7 @@ index 3a9ed6a..b534681 100644 addi r3,r1,STACK_FRAME_OVERHEAD lwz r4,_DAR(r1) diff --git a/arch/powerpc/kernel/module_32.c b/arch/powerpc/kernel/module_32.c -index 2e3200c..72095ce 100644 +index 2e3200c..7118986 100644 --- a/arch/powerpc/kernel/module_32.c +++ b/arch/powerpc/kernel/module_32.c @@ -162,7 +162,7 @@ int module_frob_arch_sections(Elf32_Ehdr *hdr, @@ -8035,6 +8035,15 @@ index 2e3200c..72095ce 100644 /* Find this entry, or if that fails, the next avail. entry */ while (entry->jump[0]) { +@@ -300,7 +305,7 @@ int apply_relocate_add(Elf32_Shdr *sechdrs, + } + #ifdef CONFIG_DYNAMIC_FTRACE + module->arch.tramp = +- do_plt_call(module->module_core, ++ do_plt_call(module->module_core_rx, + (unsigned long)ftrace_caller, + sechdrs, module); + #endif diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c index 96d2fdf..f6d10c8 100644 --- a/arch/powerpc/kernel/process.c @@ -16996,7 +17005,7 @@ index 81bb91b..9392125 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 3d19994..732a48c 100644 +index bbc8b12..f228861 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -45,6 +45,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -17119,7 +17128,7 @@ index 3d19994..732a48c 100644 #include <linux/mm_types.h> #include <linux/mmdebug.h> #include <linux/log2.h> -@@ -563,7 +638,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) +@@ -570,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -17128,7 +17137,7 @@ index 3d19994..732a48c 100644 /* Find an entry in the second-level page table.. */ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) -@@ -603,7 +678,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) +@@ -610,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -17137,7 +17146,7 @@ index 3d19994..732a48c 100644 /* to find an entry in a page-table-directory. */ static inline unsigned long pud_index(unsigned long address) -@@ -618,7 +693,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -625,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -17146,7 +17155,7 @@ index 3d19994..732a48c 100644 } static inline int pgd_none(pgd_t pgd) -@@ -641,7 +716,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -648,7 +723,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -17160,7 +17169,7 @@ index 3d19994..732a48c 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -652,6 +732,23 @@ static inline int pgd_none(pgd_t pgd) +@@ -659,6 +739,23 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -17184,7 +17193,7 @@ index 3d19994..732a48c 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -818,11 +915,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -825,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -27338,7 +27347,7 @@ index b110fe6..d9c19f2 100644 out: diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index dec48bf..f4d21f7 100644 +index 1673940..4bce95e 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -55,7 +55,7 @@ @@ -27391,7 +27400,7 @@ index c0bc803..6837a50 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 2b2fce1..da76be4 100644 +index 6128914..8be1dd2 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1316,12 +1316,12 @@ static void vmcs_write64(unsigned long field, u64 value) @@ -31195,10 +31204,10 @@ index 3aaeffc..42ea9fb 100644 + return ret ? -EFAULT : 0; +} diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c -index dd74e46..0970b01 100644 +index 0596e8e..9de0b1c 100644 --- a/arch/x86/mm/gup.c +++ b/arch/x86/mm/gup.c -@@ -255,7 +255,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, +@@ -268,7 +268,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, addr = start; len = (unsigned long) nr_pages << PAGE_SHIFT; end = start + len; @@ -31207,7 +31216,7 @@ index dd74e46..0970b01 100644 (void __user *)start, len))) return 0; -@@ -331,6 +331,10 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, +@@ -344,6 +344,10 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, goto slow_irqon; #endif @@ -35262,6 +35271,21 @@ index 9515f18..4b149c9 100644 { .callback = dmi_disable_osi_vista, .ident = "Fujitsu Siemens", +diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c +index 12b62f2..dc2aac8 100644 +--- a/drivers/acpi/custom_method.c ++++ b/drivers/acpi/custom_method.c +@@ -29,6 +29,10 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf, + struct acpi_table_header table; + acpi_status status; + ++#ifdef CONFIG_GRKERNSEC_KMEM ++ return -EPERM; ++#endif ++ + if (!(*ppos)) { + /* parse the table header to get the table length */ + if (count <= sizeof(struct acpi_table_header)) diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c index c7414a5..d5afd71 100644 --- a/drivers/acpi/processor_idle.c @@ -35307,7 +35331,7 @@ index cfb7447..98f2149 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 81a94a3..b711c74 100644 +index 2c2780a..5ebc310 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev); @@ -35319,7 +35343,7 @@ index 81a94a3..b711c74 100644 struct ata_force_param { const char *name; -@@ -4809,7 +4809,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4823,7 +4823,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -35328,7 +35352,7 @@ index 81a94a3..b711c74 100644 ap = qc->ap; qc->flags = 0; -@@ -4825,7 +4825,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4839,7 +4839,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -35337,7 +35361,7 @@ index 81a94a3..b711c74 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5944,6 +5944,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5958,6 +5958,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -35345,7 +35369,7 @@ index 81a94a3..b711c74 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5957,8 +5958,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5971,8 +5972,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -35356,7 +35380,7 @@ index 81a94a3..b711c74 100644 spin_unlock(&lock); } -@@ -6151,7 +6153,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht) +@@ -6165,7 +6167,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht) /* give ports names and add SCSI hosts */ for (i = 0; i < host->n_ports; i++) { @@ -35366,10 +35390,10 @@ index 81a94a3..b711c74 100644 } diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c -index ab58556..ed19dd2 100644 +index 377eb88..8591b44 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c -@@ -4114,7 +4114,7 @@ int ata_sas_port_init(struct ata_port *ap) +@@ -4135,7 +4135,7 @@ int ata_sas_port_init(struct ata_port *ap) if (rc) return rc; @@ -38919,10 +38943,10 @@ index a6f4cb5..6b2beb2 100644 if (IS_GEN6(dev) || IS_GEN7(dev)) { seq_printf(m, diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index d5c784d..06e5c36 100644 +index 5a25f24..5af2004 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c -@@ -1263,7 +1263,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1271,7 +1271,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -39090,7 +39114,7 @@ index 4b91228..590c643 100644 iir = I915_READ(IIR); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index f535670..bde09e2 100644 +index aad6f7b..dcc91447 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -10019,13 +10019,13 @@ struct intel_quirk { @@ -39800,10 +39824,10 @@ index 71245d6..94c556d 100644 return radeon_debugfs_add_files(rdev, radeon_mem_types_list, i); diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs690.c -index 1447d79..40b2a5b 100644 +index 3c38f0a..13816e3 100644 --- a/drivers/gpu/drm/radeon/rs690.c +++ b/drivers/gpu/drm/radeon/rs690.c -@@ -345,9 +345,11 @@ static void rs690_crtc_bandwidth_compute(struct radeon_device *rdev, +@@ -355,9 +355,11 @@ static void rs690_crtc_bandwidth_compute(struct radeon_device *rdev, if (max_bandwidth.full > rdev->pm.sideport_bandwidth.full && rdev->pm.sideport_bandwidth.full) max_bandwidth = rdev->pm.sideport_bandwidth; @@ -41501,7 +41525,7 @@ index 922a7fe..bb035db 100644 gameport->dev.release = gameport_release_port; if (gameport->parent) diff --git a/drivers/input/input.c b/drivers/input/input.c -index e75d015..57d1c28 100644 +index 74f4798..d9f7168 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -1734,7 +1734,7 @@ EXPORT_SYMBOL_GPL(input_class); @@ -42912,6 +42936,21 @@ index 3d13a63..da31bf1 100644 .release = mxr_vp_layer_release, .buffer_set = mxr_vp_buffer_set, .stream_set = mxr_vp_stream_set, +diff --git a/drivers/media/platform/vivi.c b/drivers/media/platform/vivi.c +index 1d3f119..75f40bb 100644 +--- a/drivers/media/platform/vivi.c ++++ b/drivers/media/platform/vivi.c +@@ -58,8 +58,8 @@ MODULE_AUTHOR("Mauro Carvalho Chehab, Ted Walther and John Sokol"); + MODULE_LICENSE("Dual BSD/GPL"); + MODULE_VERSION(VIVI_VERSION); + +-static unsigned video_nr = -1; +-module_param(video_nr, uint, 0644); ++static int video_nr = -1; ++module_param(video_nr, int, 0644); + MODULE_PARM_DESC(video_nr, "videoX start number, -1 is autodetect"); + + static unsigned n_devs = 1; diff --git a/drivers/media/radio/radio-cadet.c b/drivers/media/radio/radio-cadet.c index 545c04c..a14bded 100644 --- a/drivers/media/radio/radio-cadet.c @@ -44323,6 +44362,19 @@ index 50617c5..b13724c 100644 } /* To mask all all interrupts.*/ +diff --git a/drivers/net/hamradio/hdlcdrv.c b/drivers/net/hamradio/hdlcdrv.c +index 3169252..5d78c1d 100644 +--- a/drivers/net/hamradio/hdlcdrv.c ++++ b/drivers/net/hamradio/hdlcdrv.c +@@ -571,6 +571,8 @@ static int hdlcdrv_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) + case HDLCDRVCTL_CALIBRATE: + if(!capable(CAP_SYS_RAWIO)) + return -EPERM; ++ if (bi.data.calibrate > INT_MAX / s->par.bitrate) ++ return -EINVAL; + s->hdlctx.calibrate = bi.data.calibrate * s->par.bitrate / 16; + return 0; + diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h index e6fe0d8..2b7d752 100644 --- a/drivers/net/hyperv/hyperv_net.h @@ -44713,10 +44765,10 @@ index e1dd8c7..9f91b3f 100644 /* service connection information */ struct ath10k_htc_svc_conn_req { diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c -index 8d78253..bebbb68 100644 +index a366d6b..b6f28f8 100644 --- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c +++ b/drivers/net/wireless/ath/ath9k/ar9002_mac.c -@@ -184,8 +184,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) +@@ -218,8 +218,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) ads->ds_txstatus6 = ads->ds_txstatus7 = 0; ads->ds_txstatus8 = ads->ds_txstatus9 = 0; @@ -44727,7 +44779,7 @@ index 8d78253..bebbb68 100644 ctl1 = i->buf_len[0] | (i->is_last ? 0 : AR_TxMore); ctl6 = SM(i->keytype, AR_EncrType); -@@ -199,26 +199,26 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) +@@ -233,26 +233,26 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) if ((i->is_first || i->is_last) && i->aggr != AGGR_BUF_MIDDLE && i->aggr != AGGR_BUF_LAST) { @@ -44761,7 +44813,7 @@ index 8d78253..bebbb68 100644 return; } -@@ -243,7 +243,7 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) +@@ -277,7 +277,7 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) break; } @@ -44770,7 +44822,7 @@ index 8d78253..bebbb68 100644 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0) | SM(i->txpower, AR_XmitPower) | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0) -@@ -253,19 +253,19 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) +@@ -287,19 +287,19 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) | (i->flags & ATH9K_TXDESC_RTSENA ? AR_RTSEnable : (i->flags & ATH9K_TXDESC_CTSENA ? AR_CTSEnable : 0)); @@ -45739,6 +45791,43 @@ index cdc7836..528635c 100644 proc_create("devices", 0, proc_bus_pci_dir, &proc_bus_pci_dev_operations); proc_initialized = 1; +diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c +index 19c313b..ed28b38 100644 +--- a/drivers/platform/x86/asus-wmi.c ++++ b/drivers/platform/x86/asus-wmi.c +@@ -1618,6 +1618,10 @@ static int show_dsts(struct seq_file *m, void *data) + int err; + u32 retval = -1; + ++#ifdef CONFIG_GRKERNSEC_KMEM ++ return -EPERM; ++#endif ++ + err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval); + + if (err < 0) +@@ -1634,6 +1638,10 @@ static int show_devs(struct seq_file *m, void *data) + int err; + u32 retval = -1; + ++#ifdef CONFIG_GRKERNSEC_KMEM ++ return -EPERM; ++#endif ++ + err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param, + &retval); + +@@ -1658,6 +1666,10 @@ static int show_call(struct seq_file *m, void *data) + union acpi_object *obj; + acpi_status status; + ++#ifdef CONFIG_GRKERNSEC_KMEM ++ return -EPERM; ++#endif ++ + status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID, + 1, asus->debug.method_id, + &input, &output); diff --git a/drivers/platform/x86/chromeos_laptop.c b/drivers/platform/x86/chromeos_laptop.c index 3e5b4497..dcdfb70 100644 --- a/drivers/platform/x86/chromeos_laptop.c @@ -46062,7 +46151,7 @@ index cc439fd..8fa30df 100644 #endif /* CONFIG_SYSFS */ diff --git a/drivers/power/power_supply_core.c b/drivers/power/power_supply_core.c -index 00e6672..2642c08 100644 +index 557af94..84dc1fe 100644 --- a/drivers/power/power_supply_core.c +++ b/drivers/power/power_supply_core.c @@ -24,7 +24,10 @@ @@ -47788,10 +47877,10 @@ index e51b09a..5ebac31 100644 login->tgt_agt = sbp_target_agent_register(login); if (IS_ERR(login->tgt_agt)) { diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c -index d90dbb0..6cbe585 100644 +index e5e3965..a7b487c 100644 --- a/drivers/target/target_core_device.c +++ b/drivers/target/target_core_device.c -@@ -1431,7 +1431,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) +@@ -1436,7 +1436,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) spin_lock_init(&dev->se_tmr_lock); spin_lock_init(&dev->qf_cmd_lock); sema_init(&dev->caw_sem, 1); @@ -48236,10 +48325,19 @@ index c0f76da..d974c32 100644 dlci_get(dlci->gsm->dlci[0]); mux_get(dlci->gsm); diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index 4d6f430..0810fa9 100644 +index d4a89db..dbe8d8c 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c -@@ -2504,6 +2504,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) +@@ -114,7 +114,7 @@ struct n_tty_data { + int minimum_to_wake; + + /* consumer-published */ +- size_t read_tail; ++ size_t read_tail __intentional_overflow(-1); + size_t line_start; + + /* protected by output lock */ +@@ -2509,6 +2509,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) { *ops = tty_ldisc_N_TTY; ops->owner = NULL; @@ -49336,7 +49434,7 @@ index 2a3bbdf..91d72cf 100644 file->f_version = event_count; return POLLIN | POLLRDNORM; diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c -index 71dc5d7..300db0e 100644 +index 71dc5d7..d4c488f 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -187,7 +187,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, @@ -49348,7 +49446,7 @@ index 71dc5d7..300db0e 100644 loff_t pos; int i; -@@ -229,16 +229,16 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, +@@ -229,22 +229,22 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) { struct usb_config_descriptor *config = (struct usb_config_descriptor *)dev->rawdescriptors[i]; @@ -49368,6 +49466,13 @@ index 71dc5d7..300db0e 100644 if (len > nbytes) len = nbytes; + /* Simply don't write (skip over) unallocated parts */ + if (alloclen > (*ppos - pos)) { +- alloclen -= (*ppos - pos); ++ alloclen = alloclen + pos - *ppos; + if (copy_to_user(buf, + dev->rawdescriptors[i] + (*ppos - pos), + min(len, alloclen))) { diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c index f20a044..d1059aa 100644 --- a/drivers/usb/core/hcd.c @@ -53225,10 +53330,10 @@ index 789bc25..fafaeea 100644 &data); if (!inode) { diff --git a/fs/aio.c b/fs/aio.c -index 6efb7f6..37da952 100644 +index 062a5f6..e5618e0 100644 --- a/fs/aio.c +++ b/fs/aio.c -@@ -338,7 +338,7 @@ static int aio_setup_ring(struct kioctx *ctx) +@@ -374,7 +374,7 @@ static int aio_setup_ring(struct kioctx *ctx) size += sizeof(struct io_event) * nr_events; nr_pages = PFN_UP(size); @@ -54976,10 +55081,10 @@ index 7ddddf2..2e12dbc 100644 } retry: diff --git a/fs/cifs/link.c b/fs/cifs/link.c -index 7e36ceb..109252f 100644 +index 477e53b..7a32216 100644 --- a/fs/cifs/link.c +++ b/fs/cifs/link.c -@@ -624,7 +624,7 @@ symlink_exit: +@@ -620,7 +620,7 @@ symlink_exit: void cifs_put_link(struct dentry *direntry, struct nameidata *nd, void *cookie) { @@ -56572,10 +56677,10 @@ index dc5d572..4c21f8e 100644 if (free_clusters >= (nclusters + dirty_clusters + resv_clusters)) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index af815ea..99294a6 100644 +index 745faaa..a072816 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h -@@ -1256,19 +1256,19 @@ struct ext4_sb_info { +@@ -1266,19 +1266,19 @@ struct ext4_sb_info { unsigned long s_mb_last_start; /* stats for buddy allocator */ @@ -56606,7 +56711,7 @@ index af815ea..99294a6 100644 /* locality groups */ diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index a41e3ba..e574a00 100644 +index 04a5c75..09894fa 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1880,7 +1880,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, @@ -56686,7 +56791,7 @@ index a41e3ba..e574a00 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3578,7 +3578,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3583,7 +3583,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -56695,7 +56800,7 @@ index a41e3ba..e574a00 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3638,7 +3638,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3643,7 +3643,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -56704,7 +56809,7 @@ index a41e3ba..e574a00 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3727,7 +3727,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3732,7 +3732,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -56713,7 +56818,7 @@ index a41e3ba..e574a00 100644 return err; } -@@ -3745,7 +3745,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3750,7 +3750,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -56736,7 +56841,7 @@ index 214461e..3614c89 100644 "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 2c2e6cb..7c3ee62 100644 +index b947e0a..c102e3b 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1251,7 +1251,7 @@ static ext4_fsblk_t get_sb_block(void **data) @@ -60794,6 +60899,22 @@ index 651d09a..60c73ae 100644 /* * base.c +diff --git a/fs/proc/interrupts.c b/fs/proc/interrupts.c +index 05029c0..7ea1987 100644 +--- a/fs/proc/interrupts.c ++++ b/fs/proc/interrupts.c +@@ -47,7 +47,11 @@ static const struct file_operations proc_interrupts_operations = { + + static int __init proc_interrupts_init(void) + { ++#ifdef CONFIG_GRKERNSEC_PROC_ADD ++ proc_create_grsec("interrupts", 0, NULL, &proc_interrupts_operations); ++#else + proc_create("interrupts", 0, NULL, &proc_interrupts_operations); ++#endif + return 0; + } + module_init(proc_interrupts_init); diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c index 06ea155..9a798c7 100644 --- a/fs/proc/kcore.c @@ -61143,6 +61264,94 @@ index 6b6a993..807cccc 100644 if (!IS_ERR(s)) kfree(s); } +diff --git a/fs/proc/stat.c b/fs/proc/stat.c +index 1cf86c0..0ee1ca5 100644 +--- a/fs/proc/stat.c ++++ b/fs/proc/stat.c +@@ -11,6 +11,7 @@ + #include <linux/irqnr.h> + #include <asm/cputime.h> + #include <linux/tick.h> ++#include <linux/grsecurity.h> + + #ifndef arch_irq_stat_cpu + #define arch_irq_stat_cpu(cpu) 0 +@@ -87,6 +88,18 @@ static int show_stat(struct seq_file *p, void *v) + u64 sum_softirq = 0; + unsigned int per_softirq_sums[NR_SOFTIRQS] = {0}; + struct timespec boottime; ++ int unrestricted = 1; ++ ++#ifdef CONFIG_GRKERNSEC_PROC_ADD ++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) ++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID) ++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP ++ && !in_group_p(grsec_proc_gid) ++#endif ++ ) ++ unrestricted = 0; ++#endif ++#endif + + user = nice = system = idle = iowait = + irq = softirq = steal = 0; +@@ -94,6 +107,7 @@ static int show_stat(struct seq_file *p, void *v) + getboottime(&boottime); + jif = boottime.tv_sec; + ++ if (unrestricted) { + for_each_possible_cpu(i) { + user += kcpustat_cpu(i).cpustat[CPUTIME_USER]; + nice += kcpustat_cpu(i).cpustat[CPUTIME_NICE]; +@@ -116,6 +130,7 @@ static int show_stat(struct seq_file *p, void *v) + } + } + sum += arch_irq_stat(); ++ } + + seq_puts(p, "cpu "); + seq_put_decimal_ull(p, ' ', cputime64_to_clock_t(user)); +@@ -131,6 +146,7 @@ static int show_stat(struct seq_file *p, void *v) + seq_putc(p, '\n'); + + for_each_online_cpu(i) { ++ if (unrestricted) { + /* Copy values here to work around gcc-2.95.3, gcc-2.96 */ + user = kcpustat_cpu(i).cpustat[CPUTIME_USER]; + nice = kcpustat_cpu(i).cpustat[CPUTIME_NICE]; +@@ -142,6 +158,7 @@ static int show_stat(struct seq_file *p, void *v) + steal = kcpustat_cpu(i).cpustat[CPUTIME_STEAL]; + guest = kcpustat_cpu(i).cpustat[CPUTIME_GUEST]; + guest_nice = kcpustat_cpu(i).cpustat[CPUTIME_GUEST_NICE]; ++ } + seq_printf(p, "cpu%d", i); + seq_put_decimal_ull(p, ' ', cputime64_to_clock_t(user)); + seq_put_decimal_ull(p, ' ', cputime64_to_clock_t(nice)); +@@ -159,7 +176,7 @@ static int show_stat(struct seq_file *p, void *v) + + /* sum again ? it could be updated? */ + for_each_irq_nr(j) +- seq_put_decimal_ull(p, ' ', kstat_irqs(j)); ++ seq_put_decimal_ull(p, ' ', unrestricted ? kstat_irqs(j) : 0ULL); + + seq_printf(p, + "\nctxt %llu\n" +@@ -167,11 +184,11 @@ static int show_stat(struct seq_file *p, void *v) + "processes %lu\n" + "procs_running %lu\n" + "procs_blocked %lu\n", +- nr_context_switches(), ++ unrestricted ? nr_context_switches() : 0ULL, + (unsigned long)jif, +- total_forks, +- nr_running(), +- nr_iowait()); ++ unrestricted ? total_forks : 0UL, ++ unrestricted ? nr_running() : 0UL, ++ unrestricted ? nr_iowait() : 0UL); + + seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq); + diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 390bdab..83c1e8a 100644 --- a/fs/proc/task_mmu.c @@ -62097,7 +62306,7 @@ index f4fb7ec..3fe03c0 100644 error = notify_change(path->dentry, &newattrs); mutex_unlock(&inode->i_mutex); diff --git a/fs/xattr.c b/fs/xattr.c -index 3377dff..4d074d9 100644 +index 3377dff..f394815 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -227,6 +227,27 @@ int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name, @@ -62188,6 +62397,66 @@ index 3377dff..4d074d9 100644 mnt_drop_write_file(f.file); } fdput(f); +@@ -626,7 +650,7 @@ SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) + * Extended attribute REMOVE operations + */ + static long +-removexattr(struct dentry *d, const char __user *name) ++removexattr(struct path *path, const char __user *name) + { + int error; + char kname[XATTR_NAME_MAX + 1]; +@@ -637,7 +661,10 @@ removexattr(struct dentry *d, const char __user *name) + if (error < 0) + return error; + +- return vfs_removexattr(d, kname); ++ if (!gr_acl_handle_removexattr(path->dentry, path->mnt)) ++ return -EACCES; ++ ++ return vfs_removexattr(path->dentry, kname); + } + + SYSCALL_DEFINE2(removexattr, const char __user *, pathname, +@@ -652,7 +679,7 @@ retry: + return error; + error = mnt_want_write(path.mnt); + if (!error) { +- error = removexattr(path.dentry, name); ++ error = removexattr(&path, name); + mnt_drop_write(path.mnt); + } + path_put(&path); +@@ -675,7 +702,7 @@ retry: + return error; + error = mnt_want_write(path.mnt); + if (!error) { +- error = removexattr(path.dentry, name); ++ error = removexattr(&path, name); + mnt_drop_write(path.mnt); + } + path_put(&path); +@@ -689,16 +716,16 @@ retry: + SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) + { + struct fd f = fdget(fd); +- struct dentry *dentry; ++ struct path *path; + int error = -EBADF; + + if (!f.file) + return error; +- dentry = f.file->f_path.dentry; +- audit_inode(NULL, dentry, 0); ++ path = &f.file->f_path; ++ audit_inode(NULL, path->dentry, 0); + error = mnt_want_write_file(f.file); + if (!error) { +- error = removexattr(dentry, name); ++ error = removexattr(path, name); + mnt_drop_write_file(f.file); + } + fdput(f); diff --git a/fs/xattr_acl.c b/fs/xattr_acl.c index 9fbea87..6b19972 100644 --- a/fs/xattr_acl.c @@ -62262,10 +62531,10 @@ index 2b8952d..a60c6be 100644 kfree(s); diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..a78d810 +index 0000000..5b2538b --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1107 @@ +@@ -0,0 +1,1116 @@ +# +# grecurity configuration +# @@ -62684,7 +62953,12 @@ index 0000000..a78d810 + This option acts independently of grsec_lock: once it is set to 1, + it cannot be turned off. Therefore, please be mindful of the resulting + behavior if this option is enabled in an init script on a read-only -+ filesystem. This feature is mainly intended for secure embedded systems. ++ filesystem. ++ Also be aware that as with other root-focused features, GRKERNSEC_KMEM ++ and GRKERNSEC_IO should be enabled and module loading disabled via ++ config or at runtime. ++ This feature is mainly intended for secure embedded systems. ++ + +config GRKERNSEC_DEVICE_SIDECHANNEL + bool "Eliminate stat/notify-based device sidechannels" @@ -63056,15 +63330,19 @@ index 0000000..a78d810 + a sysctl option with name "consistent_setxid" is created. + +config GRKERNSEC_HARDEN_IPC -+ bool "Disallow access to world-accessible IPC objects" ++ bool "Disallow access to overly-permissive IPC objects" + default y if GRKERNSEC_CONFIG_AUTO + depends on SYSVIPC + help -+ If you say Y here, access to overly-permissive IPC (shared memory, -+ message queues, and semaphores) will be denied for processes whose -+ effective user or group would not grant them permission. It's a -+ common error to grant too much permission to these objects, with -+ impact ranging from denial of service and information leaking to ++ If you say Y here, access to overly-permissive IPC objects (shared ++ memory, message queues, and semaphores) will be denied for processes ++ given the following criteria beyond normal permission checks: ++ 1) If the IPC object is world-accessible and the euid doesn't match ++ that of the creator or current uid for the IPC object ++ 2) If the IPC object is group-accessible and the egid doesn't ++ match that of the creator or current gid for the IPC object ++ It's a common error to grant too much permission to these objects, ++ with impact ranging from denial of service and information leaking to + privilege escalation. This feature was developed in response to + research by Tim Brown: + http://labs.portcullis.co.uk/whitepapers/memory-squatting-attacks-on-system-v-shared-memory/ @@ -63424,7 +63702,7 @@ index 0000000..85beb79 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..6affeea +index 0000000..90f71ce --- /dev/null +++ b/grsecurity/gracl.c @@ -0,0 +1,2679 @@ @@ -63579,7 +63857,7 @@ index 0000000..6affeea +gr_handle_rawio(const struct inode *inode) +{ +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS -+ if (inode && S_ISBLK(inode->i_mode) && ++ if (inode && (S_ISBLK(inode->i_mode) || (S_ISCHR(inode->i_mode) && imajor(inode) == RAW_MAJOR)) && + grsec_enable_chroot_caps && proc_is_chrooted(current) && + !capable(CAP_SYS_RAWIO)) + return 1; @@ -66612,10 +66890,10 @@ index 0000000..ca25605 + diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c new file mode 100644 -index 0000000..a340c17 +index 0000000..deb6f3b --- /dev/null +++ b/grsecurity/gracl_fs.c -@@ -0,0 +1,431 @@ +@@ -0,0 +1,437 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/types.h> @@ -66857,6 +67135,12 @@ index 0000000..a340c17 +} + +__u32 ++gr_acl_handle_removexattr(const struct dentry *dentry, const struct vfsmount *mnt) ++{ ++ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_REMOVEXATTR_ACL_MSG); ++} ++ ++__u32 +gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt) +{ + return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG); @@ -70282,10 +70566,10 @@ index 0000000..e10b319 +} diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c new file mode 100644 -index 0000000..0866ab2 +index 0000000..52b3e30 --- /dev/null +++ b/grsecurity/grsec_disabled.c -@@ -0,0 +1,427 @@ +@@ -0,0 +1,433 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -70536,6 +70820,12 @@ index 0000000..0866ab2 + return 1; +} + ++__u32 ++gr_acl_handle_removexattr(const struct dentry * dentry, const struct vfsmount * mnt) ++{ ++ return 1; ++} ++ +void +grsecurity_init(void) +{ @@ -71245,10 +71535,10 @@ index 0000000..a88e901 +} diff --git a/grsecurity/grsec_ipc.c b/grsecurity/grsec_ipc.c new file mode 100644 -index 0000000..f365de0 +index 0000000..78d1680 --- /dev/null +++ b/grsecurity/grsec_ipc.c -@@ -0,0 +1,22 @@ +@@ -0,0 +1,48 @@ +#include <linux/kernel.h> +#include <linux/mm.h> +#include <linux/sched.h> @@ -71262,10 +71552,36 @@ index 0000000..f365de0 +gr_ipc_permitted(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, int requested_mode, int granted_mode) +{ +#ifdef CONFIG_GRKERNSEC_HARDEN_IPC -+ int write = (requested_mode & 00002); ++ int write; ++ int orig_granted_mode; ++ kuid_t euid; ++ kgid_t egid; ++ ++ if (!grsec_enable_harden_ipc) ++ return 0; + -+ if (grsec_enable_harden_ipc && !(requested_mode & ~granted_mode & 0007) && !ns_capable_nolog(ns->user_ns, CAP_IPC_OWNER)) { -+ gr_log_str2_int(GR_DONT_AUDIT, GR_IPC_DENIED_MSG, write ? "write" : "read", write ? "writ" : "read", GR_GLOBAL_UID(ipcp->cuid)); ++ euid = current_euid(); ++ egid = current_egid(); ++ ++ write = requested_mode & 00002; ++ orig_granted_mode = ipcp->mode; ++ ++ if (uid_eq(euid, ipcp->cuid) || uid_eq(euid, ipcp->uid)) ++ orig_granted_mode >>= 6; ++ else { ++ /* if likely wrong permissions, lock to user */ ++ if (orig_granted_mode & 0007) ++ orig_granted_mode = 0; ++ /* otherwise do a egid-only check */ ++ else if (gid_eq(egid, ipcp->cgid) || gid_eq(egid, ipcp->gid)) ++ orig_granted_mode >>= 3; ++ /* otherwise, no access */ ++ else ++ orig_granted_mode = 0; ++ } ++ if (!(requested_mode & ~granted_mode & 0007) && (requested_mode & ~orig_granted_mode & 0007) && ++ !ns_capable_nolog(ns->user_ns, CAP_IPC_OWNER)) { ++ gr_log_str_int(GR_DONT_AUDIT, GR_IPC_DENIED_MSG, write ? "write" : "read", GR_GLOBAL_UID(ipcp->cuid)); + return 0; + } +#endif @@ -71730,13 +72046,14 @@ index 0000000..f536303 +} diff --git a/grsecurity/grsec_mount.c b/grsecurity/grsec_mount.c new file mode 100644 -index 0000000..2131422 +index 0000000..cd9e124 --- /dev/null +++ b/grsecurity/grsec_mount.c -@@ -0,0 +1,62 @@ +@@ -0,0 +1,65 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/mount.h> ++#include <linux/major.h> +#include <linux/grsecurity.h> +#include <linux/grinternal.h> + @@ -71787,8 +72104,10 @@ index 0000000..2131422 +gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode) +{ +#ifdef CONFIG_GRKERNSEC_ROFS ++ struct inode *inode = dentry->d_inode; ++ + if (grsec_enable_rofs && (acc_mode & MAY_WRITE) && -+ dentry->d_inode && S_ISBLK(dentry->d_inode->i_mode)) { ++ inode && (S_ISBLK(inode->i_mode) || (S_ISCHR(inode->i_mode) && imajor(inode) == RAW_MAJOR))) { + gr_log_fs_generic(GR_DO_AUDIT, GR_ROFS_BLOCKWRITE_MSG, dentry, mnt); + return -EPERM; + } else @@ -73674,10 +73993,24 @@ index 810431d..0ec4804f 100644 * (puds are folded into pgds so this doesn't get actually called, * but the define is needed for a generic inline function.) diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h -index f330d28..83ce28f 100644 +index b12079a..86683e3 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h -@@ -737,6 +737,22 @@ static inline pmd_t pmd_mknuma(pmd_t pmd) +@@ -599,11 +599,10 @@ static inline int pmd_none_or_trans_huge_or_clear_bad(pmd_t *pmd) + #ifdef CONFIG_TRANSPARENT_HUGEPAGE + barrier(); + #endif +- if (pmd_none(pmdval)) ++ if (pmd_none(pmdval) || pmd_trans_huge(pmdval)) + return 1; + if (unlikely(pmd_bad(pmdval))) { +- if (!pmd_trans_huge(pmdval)) +- pmd_clear_bad(pmd); ++ pmd_clear_bad(pmd); + return 1; + } + return 0; +@@ -737,6 +736,22 @@ static inline pmd_t pmd_mknuma(pmd_t pmd) } #endif /* CONFIG_NUMA_BALANCING */ @@ -75740,10 +76073,10 @@ index 0000000..d25522e +#endif diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h new file mode 100644 -index 0000000..378a81a +index 0000000..195cbe4 --- /dev/null +++ b/include/linux/grmsg.h -@@ -0,0 +1,114 @@ +@@ -0,0 +1,115 @@ +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " @@ -75791,7 +76124,8 @@ index 0000000..378a81a +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by " +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by " +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by " -+#define GR_SETXATTR_ACL_MSG "%s setting extended attributes of %.950s by " ++#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by " ++#define GR_REMOVEXATTR_ACL_MSG "%s removing extended attribute of %.950s by " +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by " +#define GR_INITF_ACL_MSG "init_variables() failed %s by " +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader" @@ -75857,13 +76191,13 @@ index 0000000..378a81a +#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by " +#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for " +#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for " -+#define GR_IPC_DENIED_MSG "denied %s of globally-%sable IPC with creator uid %u by " ++#define GR_IPC_DENIED_MSG "denied %s of overly-permissive IPC object with creator uid %u by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..134860c +index 0000000..d8b5b48 --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,243 @@ +@@ -0,0 +1,245 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -75988,6 +76322,8 @@ index 0000000..134860c + const struct vfsmount *mnt); +__u32 gr_acl_handle_setxattr(const struct dentry *dentry, + const struct vfsmount *mnt); ++__u32 gr_acl_handle_removexattr(const struct dentry *dentry, ++ const struct vfsmount *mnt); +int gr_handle_ptrace(struct task_struct *task, const long request); +int gr_handle_proc_ptrace(struct task_struct *task); +__u32 gr_acl_handle_execve(const struct dentry *dentry, @@ -76558,10 +76894,10 @@ index 0fbbc7a..db081e3 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index 0e23c26..6ad8c33 100644 +index 9b50337..712d748 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h -@@ -972,7 +972,7 @@ struct ata_port_operations { +@@ -973,7 +973,7 @@ struct ata_port_operations { * fields must be pointers. */ const struct ata_port_operations *inherits; @@ -76956,7 +77292,7 @@ index 8b6e55e..c4edf39 100644 #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index d9851ee..619492d 100644 +index 8e082f1..f61f576 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -289,6 +289,8 @@ struct vm_area_struct { @@ -76968,8 +77304,8 @@ index d9851ee..619492d 100644 }; struct core_thread { -@@ -436,6 +438,24 @@ struct mm_struct { - int first_nid; +@@ -444,6 +446,24 @@ struct mm_struct { + bool tlb_flush_pending; #endif struct uprobes_state uprobes_state; + @@ -77847,13 +78183,13 @@ index 4106721..132d42c 100644 * hlist_del_init_rcu - deletes entry from hash list with re-initialization * @n: the element to delete from the hash list. diff --git a/include/linux/reboot.h b/include/linux/reboot.h -index 8e00f9f..9449b55 100644 +index 9e7db9e..7d4fd72 100644 --- a/include/linux/reboot.h +++ b/include/linux/reboot.h -@@ -43,9 +43,9 @@ extern int unregister_reboot_notifier(struct notifier_block *); - * Architecture-specific implementations of sys_reboot commands. +@@ -44,9 +44,9 @@ extern int unregister_reboot_notifier(struct notifier_block *); */ + extern void migrate_to_reboot_cpu(void); -extern void machine_restart(char *cmd); -extern void machine_halt(void); -extern void machine_power_off(void); @@ -77863,7 +78199,7 @@ index 8e00f9f..9449b55 100644 extern void machine_shutdown(void); struct pt_regs; -@@ -56,9 +56,9 @@ extern void machine_crash_shutdown(struct pt_regs *); +@@ -57,9 +57,9 @@ extern void machine_crash_shutdown(struct pt_regs *); */ extern void kernel_restart_prepare(char *cmd); @@ -77876,7 +78212,7 @@ index 8e00f9f..9449b55 100644 extern int C_A_D; /* for sysctl */ void ctrl_alt_del(void); -@@ -72,7 +72,7 @@ extern int orderly_poweroff(bool force); +@@ -73,7 +73,7 @@ extern int orderly_poweroff(bool force); * Emergency restart, callable from an interrupt handler. */ @@ -80055,10 +80391,10 @@ index d22cb0a..c6ba150 100644 struct snd_soc_platform { const char *name; diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index 5bdb8b7..bb1096c 100644 +index 23bfd10..1ff3e35 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h -@@ -663,7 +663,7 @@ struct se_device { +@@ -664,7 +664,7 @@ struct se_device { spinlock_t stats_lock; /* Active commands on this virtual SE device */ atomic_t simple_cmds; @@ -81202,7 +81538,7 @@ index 7a51443..3a257d8 100644 ipc_unlock_object(&shp->shm_perm); rcu_read_unlock(); diff --git a/ipc/util.c b/ipc/util.c -index 7684f41..f7da711 100644 +index 7684f41..5bf1880 100644 --- a/ipc/util.c +++ b/ipc/util.c @@ -71,6 +71,8 @@ struct ipc_proc_iface { @@ -81214,11 +81550,12 @@ index 7684f41..f7da711 100644 static void ipc_memory_notifier(struct work_struct *work) { ipcns_notify(IPCNS_MEMCHANGED); -@@ -560,6 +562,9 @@ int ipcperms(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, short flag) +@@ -560,6 +562,10 @@ int ipcperms(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, short flag) granted_mode >>= 6; else if (in_group_p(ipcp->cgid) || in_group_p(ipcp->gid)) granted_mode >>= 3; -+ else if (!gr_ipc_permitted(ns, ipcp, requested_mode, granted_mode)) ++ ++ if (!gr_ipc_permitted(ns, ipcp, requested_mode, granted_mode)) + return -1; + /* is there some bit set in requested_mode but not in granted_mode? */ @@ -81406,10 +81743,10 @@ index 4e66bf9..cdccecf 100644 +} +EXPORT_SYMBOL(inode_capable_nolog); diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index 5c9127d..f871169 100644 +index b6fd783..7f526b7 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c -@@ -5844,7 +5844,7 @@ static int cgroup_css_links_read(struct cgroup_subsys_state *css, +@@ -5855,7 +5855,7 @@ static int cgroup_css_links_read(struct cgroup_subsys_state *css, struct css_set *cset = link->cset; struct task_struct *task; int count = 0; @@ -82069,7 +82406,7 @@ index a949819..a5f127d 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 086fe73..72c1122 100644 +index 690cfac..3be2d98 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -319,7 +319,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) @@ -82271,7 +82608,7 @@ index 086fe73..72c1122 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -688,8 +733,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) +@@ -689,8 +734,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) return ERR_PTR(err); mm = get_task_mm(task); @@ -82282,7 +82619,7 @@ index 086fe73..72c1122 100644 mmput(mm); mm = ERR_PTR(-EACCES); } -@@ -911,13 +956,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -912,13 +957,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -82304,7 +82641,7 @@ index 086fe73..72c1122 100644 return 0; } -@@ -1128,7 +1180,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid) +@@ -1129,7 +1181,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid) * parts of the process environment (as per the clone * flags). The actual kick-off is left to the caller. */ @@ -82313,7 +82650,7 @@ index 086fe73..72c1122 100644 unsigned long stack_start, unsigned long stack_size, int __user *child_tidptr, -@@ -1200,6 +1252,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1201,6 +1253,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -82323,7 +82660,7 @@ index 086fe73..72c1122 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (p->real_cred->user != INIT_USER && -@@ -1449,6 +1504,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1450,6 +1505,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, goto bad_fork_free_pid; } @@ -82335,7 +82672,7 @@ index 086fe73..72c1122 100644 if (likely(p->pid)) { ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace); -@@ -1534,6 +1594,8 @@ bad_fork_cleanup_count: +@@ -1535,6 +1595,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -82344,7 +82681,7 @@ index 086fe73..72c1122 100644 return ERR_PTR(retval); } -@@ -1595,6 +1657,7 @@ long do_fork(unsigned long clone_flags, +@@ -1596,6 +1658,7 @@ long do_fork(unsigned long clone_flags, p = copy_process(clone_flags, stack_start, stack_size, child_tidptr, NULL, trace); @@ -82352,7 +82689,7 @@ index 086fe73..72c1122 100644 /* * Do this prior waking up the new thread - the thread pointer * might get invalid after that point, if the thread exits quickly. -@@ -1609,6 +1672,8 @@ long do_fork(unsigned long clone_flags, +@@ -1610,6 +1673,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -82361,7 +82698,7 @@ index 086fe73..72c1122 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1725,7 +1790,7 @@ void __init proc_caches_init(void) +@@ -1726,7 +1791,7 @@ void __init proc_caches_init(void) mm_cachep = kmem_cache_create("mm_struct", sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL); @@ -82370,7 +82707,7 @@ index 086fe73..72c1122 100644 mmap_init(); nsproxy_cache_init(); } -@@ -1765,7 +1830,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1766,7 +1831,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -82379,7 +82716,7 @@ index 086fe73..72c1122 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1872,7 +1937,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1873,7 +1938,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -82679,7 +83016,7 @@ index e30ac0f..3528cac 100644 /* diff --git a/kernel/kexec.c b/kernel/kexec.c -index ecd783d..9aa270c 100644 +index 355e13a..06b25d2 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c @@ -1044,7 +1044,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry, @@ -84230,6 +84567,19 @@ index 424c2d4..679242f 100644 return kc->clock_set(which_clock, &new_tp); } +diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig +index d444c4e..bc3de51 100644 +--- a/kernel/power/Kconfig ++++ b/kernel/power/Kconfig +@@ -24,6 +24,8 @@ config HIBERNATE_CALLBACKS + config HIBERNATION + bool "Hibernation (aka 'suspend to disk')" + depends on SWAP && ARCH_HIBERNATION_POSSIBLE ++ depends on !GRKERNSEC_KMEM ++ depends on !PAX_MEMORY_SANITIZE + select HIBERNATE_CALLBACKS + select LZO_COMPRESS + select LZO_DECOMPRESS diff --git a/kernel/power/process.c b/kernel/power/process.c index 06ec886..9dba35e 100644 --- a/kernel/power/process.c @@ -85484,7 +85834,7 @@ index 5ac63c9..d912786 100644 #else static void register_sched_domain_sysctl(void) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index 513fc2f..906a851 100644 +index 7765ad8..774519f 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -869,7 +869,7 @@ void task_numa_fault(int node, int pages, bool migrated) @@ -85496,7 +85846,7 @@ index 513fc2f..906a851 100644 p->mm->numa_scan_offset = 0; } -@@ -5840,7 +5840,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } +@@ -5847,7 +5847,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } * run_rebalance_domains is triggered when needed from the scheduler tick. * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ @@ -86422,7 +86772,7 @@ index b8b8560..75b1a09 100644 ret = -EIO; bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index f3bd09ee..9bb9586 100644 +index 1345d9f..db46efe 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1944,12 +1944,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) @@ -87798,7 +88148,7 @@ index ae4846f..b0acebe 100644 send_sig(SIGXFSZ, current, 0); return -EFBIG; diff --git a/mm/fremap.c b/mm/fremap.c -index 5bff081..bfa6e93 100644 +index bbc4d66..117b798 100644 --- a/mm/fremap.c +++ b/mm/fremap.c @@ -163,6 +163,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, @@ -87813,36 +88163,6 @@ index 5bff081..bfa6e93 100644 /* * Make sure the vma is shared, that it supports prefaulting, * and that the remapped range is valid and fully within -@@ -208,9 +213,10 @@ get_write_lock: - if (mapping_cap_account_dirty(mapping)) { - unsigned long addr; - struct file *file = get_file(vma->vm_file); -+ /* mmap_region may free vma; grab the info now */ -+ vm_flags = ACCESS_ONCE(vma->vm_flags); - -- addr = mmap_region(file, start, size, -- vma->vm_flags, pgoff); -+ addr = mmap_region(file, start, size, vm_flags, pgoff); - fput(file); - if (IS_ERR_VALUE(addr)) { - err = addr; -@@ -218,7 +224,7 @@ get_write_lock: - BUG_ON(addr != start); - err = 0; - } -- goto out; -+ goto out_freed; - } - mutex_lock(&mapping->i_mmap_mutex); - flush_dcache_mmap_lock(mapping); -@@ -253,6 +259,7 @@ get_write_lock: - out: - if (vma) - vm_flags = vma->vm_flags; -+out_freed: - if (likely(!has_write_lock)) - up_read(&mm->mmap_sem); - else diff --git a/mm/highmem.c b/mm/highmem.c index b32b70c..e512eb0 100644 --- a/mm/highmem.c @@ -88152,7 +88472,7 @@ index 539eeb9..e24a987 100644 if (end == start) return error; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index bf3351b..aea800d 100644 +index 9aea53f..f239c30 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; @@ -88182,7 +88502,7 @@ index bf3351b..aea800d 100644 { reserved, reserved, "reserved kernel", me_kernel }, /* * free pages are specially detected outside this table: -@@ -1053,7 +1053,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1063,7 +1063,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) nr_pages = 1 << compound_order(hpage); else /* normal page or thp */ nr_pages = 1; @@ -88191,7 +88511,7 @@ index bf3351b..aea800d 100644 /* * We need/can do nothing about count=0 pages. -@@ -1083,7 +1083,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1093,7 +1093,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) if (!PageHWPoison(hpage) || (hwpoison_filter(p) && TestClearPageHWPoison(p)) || (p != hpage && TestSetPageHWPoison(hpage))) { @@ -88200,7 +88520,7 @@ index bf3351b..aea800d 100644 return 0; } set_page_hwpoison_huge_page(hpage); -@@ -1152,7 +1152,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1162,7 +1162,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) } if (hwpoison_filter(p)) { if (TestClearPageHWPoison(p)) @@ -88209,7 +88529,7 @@ index bf3351b..aea800d 100644 unlock_page(hpage); put_page(hpage); return 0; -@@ -1370,7 +1370,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1380,7 +1380,7 @@ int unpoison_memory(unsigned long pfn) return 0; } if (TestClearPageHWPoison(p)) @@ -88218,7 +88538,7 @@ index bf3351b..aea800d 100644 pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn); return 0; } -@@ -1384,7 +1384,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1394,7 +1394,7 @@ int unpoison_memory(unsigned long pfn) */ if (TestClearPageHWPoison(page)) { pr_info("MCE: Software-unpoisoned page %#lx\n", pfn); @@ -88227,16 +88547,21 @@ index bf3351b..aea800d 100644 freeit = 1; if (PageHuge(page)) clear_page_hwpoison_huge_page(page); -@@ -1521,7 +1521,7 @@ static int soft_offline_huge_page(struct page *page, int flags) - } else { - set_page_hwpoison_huge_page(hpage); - dequeue_hwpoisoned_huge_page(hpage); -- atomic_long_add(1 << compound_order(hpage), -+ atomic_long_add_unchecked(1 << compound_order(hpage), - &num_poisoned_pages); +@@ -1533,11 +1533,11 @@ static int soft_offline_huge_page(struct page *page, int flags) + if (PageHuge(page)) { + set_page_hwpoison_huge_page(hpage); + dequeue_hwpoisoned_huge_page(hpage); +- atomic_long_add(1 << compound_order(hpage), ++ atomic_long_add_unchecked(1 << compound_order(hpage), + &num_poisoned_pages); + } else { + SetPageHWPoison(page); +- atomic_long_inc(&num_poisoned_pages); ++ atomic_long_inc_unchecked(&num_poisoned_pages); + } } return ret; -@@ -1560,7 +1560,7 @@ static int __soft_offline_page(struct page *page, int flags) +@@ -1576,7 +1576,7 @@ static int __soft_offline_page(struct page *page, int flags) put_page(page); pr_info("soft_offline: %#lx: invalidated\n", pfn); SetPageHWPoison(page); @@ -88245,7 +88570,7 @@ index bf3351b..aea800d 100644 return 0; } -@@ -1605,7 +1605,7 @@ static int __soft_offline_page(struct page *page, int flags) +@@ -1621,7 +1621,7 @@ static int __soft_offline_page(struct page *page, int flags) if (!is_free_buddy_page(page)) pr_info("soft offline: %#lx: page leaked\n", pfn); @@ -88254,7 +88579,7 @@ index bf3351b..aea800d 100644 } } else { pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n", -@@ -1666,11 +1666,11 @@ int soft_offline_page(struct page *page, int flags) +@@ -1682,11 +1682,11 @@ int soft_offline_page(struct page *page, int flags) if (PageHuge(page)) { set_page_hwpoison_huge_page(hpage); dequeue_hwpoisoned_huge_page(hpage); @@ -88964,7 +89289,7 @@ index d176154..cd1b387 100644 mm = get_task_mm(tsk); if (!mm) diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 0472964..7d5a0ea 100644 +index 6b22d8f9..8b5f6cf 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -746,6 +746,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, @@ -89040,10 +89365,10 @@ index 0472964..7d5a0ea 100644 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); diff --git a/mm/migrate.c b/mm/migrate.c -index c046927..6996b40 100644 +index e3cf71d..c94506c 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -1404,8 +1404,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1406,8 +1406,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -89054,7 +89379,7 @@ index c046927..6996b40 100644 err = -EPERM; goto out; diff --git a/mm/mlock.c b/mm/mlock.c -index d480cd6..0f98458 100644 +index 192e6ee..b044449 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -14,6 +14,7 @@ @@ -89065,7 +89390,7 @@ index d480cd6..0f98458 100644 #include <linux/sched.h> #include <linux/export.h> #include <linux/rmap.h> -@@ -568,7 +569,7 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -588,7 +589,7 @@ static int do_mlock(unsigned long start, size_t len, int on) { unsigned long nstart, end, tmp; struct vm_area_struct * vma, * prev; @@ -89074,7 +89399,7 @@ index d480cd6..0f98458 100644 VM_BUG_ON(start & ~PAGE_MASK); VM_BUG_ON(len != PAGE_ALIGN(len)); -@@ -577,6 +578,9 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -597,6 +598,9 @@ static int do_mlock(unsigned long start, size_t len, int on) return -EINVAL; if (end == start) return 0; @@ -89084,7 +89409,7 @@ index d480cd6..0f98458 100644 vma = find_vma(current->mm, start); if (!vma || vma->vm_start > start) return -ENOMEM; -@@ -588,6 +592,11 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -608,6 +612,11 @@ static int do_mlock(unsigned long start, size_t len, int on) for (nstart = start ; ; ) { vm_flags_t newflags; @@ -89096,7 +89421,7 @@ index d480cd6..0f98458 100644 /* Here we know that vma->vm_start <= nstart < vma->vm_end. */ newflags = vma->vm_flags & ~VM_LOCKED; -@@ -700,6 +709,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len) +@@ -720,6 +729,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len) lock_limit >>= PAGE_SHIFT; /* check against resource limits */ @@ -89104,7 +89429,7 @@ index d480cd6..0f98458 100644 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK)) error = do_mlock(start, len, 1); up_write(¤t->mm->mmap_sem); -@@ -734,6 +744,11 @@ static int do_mlockall(int flags) +@@ -754,6 +764,11 @@ static int do_mlockall(int flags) for (vma = current->mm->mmap; vma ; vma = prev->vm_next) { vm_flags_t newflags; @@ -89116,7 +89441,7 @@ index d480cd6..0f98458 100644 newflags = vma->vm_flags & ~VM_LOCKED; if (flags & MCL_CURRENT) newflags |= VM_LOCKED; -@@ -767,6 +782,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) +@@ -787,6 +802,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) lock_limit >>= PAGE_SHIFT; ret = -ENOMEM; @@ -90386,7 +90711,7 @@ index 362e5f1..8968e02 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); diff --git a/mm/mprotect.c b/mm/mprotect.c -index 6c3f56f..b2340b0 100644 +index 7651a57..d761c62 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -23,10 +23,18 @@ @@ -90408,7 +90733,7 @@ index 6c3f56f..b2340b0 100644 #ifndef pgprot_modify static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot) -@@ -241,6 +249,48 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start, +@@ -250,6 +258,48 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start, return pages; } @@ -90457,7 +90782,7 @@ index 6c3f56f..b2340b0 100644 int mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, unsigned long start, unsigned long end, unsigned long newflags) -@@ -253,11 +303,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, +@@ -262,11 +312,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, int error; int dirty_accountable = 0; @@ -90487,7 +90812,7 @@ index 6c3f56f..b2340b0 100644 /* * If we make a private mapping writable we increase our commit; * but (without finer accounting) cannot reduce our commit if we -@@ -274,6 +342,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, +@@ -283,6 +351,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, } } @@ -90530,7 +90855,7 @@ index 6c3f56f..b2340b0 100644 /* * First try to merge with previous and/or next vma. */ -@@ -304,9 +408,21 @@ success: +@@ -313,9 +417,21 @@ success: * vm_flags and vm_page_prot are protected by the mmap_sem * held in write mode. */ @@ -90553,7 +90878,7 @@ index 6c3f56f..b2340b0 100644 if (vma_wants_writenotify(vma)) { vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED); -@@ -345,6 +461,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -354,6 +470,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, end = start + len; if (end <= start) return -ENOMEM; @@ -90571,7 +90896,7 @@ index 6c3f56f..b2340b0 100644 if (!arch_validate_prot(prot)) return -EINVAL; -@@ -352,7 +479,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -361,7 +488,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, /* * Does the application expect PROT_READ to imply PROT_EXEC: */ @@ -90580,7 +90905,7 @@ index 6c3f56f..b2340b0 100644 prot |= PROT_EXEC; vm_flags = calc_vm_prot_bits(prot); -@@ -384,6 +511,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -393,6 +520,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, if (start > vma->vm_start) prev = vma; @@ -90592,7 +90917,7 @@ index 6c3f56f..b2340b0 100644 for (nstart = start ; ; ) { unsigned long newflags; -@@ -394,6 +526,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -403,6 +535,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, /* newflags >> 4 shift VM_MAY% in place of VM_% */ if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) { @@ -90607,7 +90932,7 @@ index 6c3f56f..b2340b0 100644 error = -EACCES; goto out; } -@@ -408,6 +548,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -417,6 +557,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, error = mprotect_fixup(vma, &prev, nstart, tmp, newflags); if (error) goto out; @@ -90805,7 +91130,7 @@ index 6380758..4064aec 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index dd886fa..7686339 100644 +index 317ea74..a4a1977 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -90979,7 +91304,7 @@ index fd26d04..0cea1b0 100644 if (!mm || IS_ERR(mm)) { rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index fd3ee7a..3613079 100644 +index b9d2222..e4baa1f 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) @@ -92430,10 +92755,18 @@ index 1074543..136dbe0 100644 if (v->nr_pages) seq_printf(m, " pages=%d", v->nr_pages); diff --git a/mm/vmstat.c b/mm/vmstat.c -index 5a442a7..5eb281e 100644 +index 5a442a7..dbbda4a 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c -@@ -79,7 +79,7 @@ void vm_events_fold_cpu(int cpu) +@@ -20,6 +20,7 @@ + #include <linux/writeback.h> + #include <linux/compaction.h> + #include <linux/mm_inline.h> ++#include <linux/grsecurity.h> + + #include "internal.h" + +@@ -79,7 +80,7 @@ void vm_events_fold_cpu(int cpu) * * vm_stat contains the global counters */ @@ -92442,7 +92775,7 @@ index 5a442a7..5eb281e 100644 EXPORT_SYMBOL(vm_stat); #ifdef CONFIG_SMP -@@ -423,7 +423,7 @@ static inline void fold_diff(int *diff) +@@ -423,7 +424,7 @@ static inline void fold_diff(int *diff) for (i = 0; i < NR_VM_ZONE_STAT_ITEMS; i++) if (diff[i]) @@ -92451,7 +92784,7 @@ index 5a442a7..5eb281e 100644 } /* -@@ -455,7 +455,7 @@ static void refresh_cpu_vm_stats(void) +@@ -455,7 +456,7 @@ static void refresh_cpu_vm_stats(void) v = this_cpu_xchg(p->vm_stat_diff[i], 0); if (v) { @@ -92460,7 +92793,7 @@ index 5a442a7..5eb281e 100644 global_diff[i] += v; #ifdef CONFIG_NUMA /* 3 seconds idle till flush */ -@@ -517,7 +517,7 @@ void cpu_vm_stats_fold(int cpu) +@@ -517,7 +518,7 @@ void cpu_vm_stats_fold(int cpu) v = p->vm_stat_diff[i]; p->vm_stat_diff[i] = 0; @@ -92469,7 +92802,7 @@ index 5a442a7..5eb281e 100644 global_diff[i] += v; } } -@@ -537,8 +537,8 @@ void drain_zonestat(struct zone *zone, struct per_cpu_pageset *pset) +@@ -537,8 +538,8 @@ void drain_zonestat(struct zone *zone, struct per_cpu_pageset *pset) if (pset->vm_stat_diff[i]) { int v = pset->vm_stat_diff[i]; pset->vm_stat_diff[i] = 0; @@ -92480,7 +92813,31 @@ index 5a442a7..5eb281e 100644 } } #endif -@@ -1281,10 +1281,20 @@ static int __init setup_vmstat(void) +@@ -1148,10 +1149,22 @@ static void *vmstat_start(struct seq_file *m, loff_t *pos) + stat_items_size += sizeof(struct vm_event_state); + #endif + +- v = kmalloc(stat_items_size, GFP_KERNEL); ++ v = kzalloc(stat_items_size, GFP_KERNEL); + m->private = v; + if (!v) + return ERR_PTR(-ENOMEM); ++ ++#ifdef CONFIG_GRKERNSEC_PROC_ADD ++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) ++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID) ++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP ++ && !in_group_p(grsec_proc_gid) ++#endif ++ ) ++ return (unsigned long *)m->private + *pos; ++#endif ++#endif ++ + for (i = 0; i < NR_VM_ZONE_STAT_ITEMS; i++) + v[i] = global_page_state(i); + v += NR_VM_ZONE_STAT_ITEMS; +@@ -1281,10 +1294,16 @@ static int __init setup_vmstat(void) start_cpu_timer(cpu); #endif #ifdef CONFIG_PROC_FS @@ -92495,11 +92852,7 @@ index 5a442a7..5eb281e 100644 +#endif + proc_create("buddyinfo", gr_mode, NULL, &fragmentation_file_operations); + proc_create("pagetypeinfo", gr_mode, NULL, &pagetypeinfo_file_ops); -+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP -+ proc_create("vmstat", gr_mode | S_IRGRP, NULL, &proc_vmstat_file_operations); -+#else -+ proc_create("vmstat", gr_mode, NULL, &proc_vmstat_file_operations); -+#endif ++ proc_create("vmstat", S_IRUGO, NULL, &proc_vmstat_file_operations); + proc_create("zoneinfo", gr_mode, NULL, &proc_zoneinfo_file_operations); + } #endif @@ -94055,6 +94408,55 @@ index 6acb541..9ea617d 100644 EXPORT_SYMBOL(sysctl_local_reserved_ports); void inet_get_local_port_range(int *low, int *high) +diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c +index 5f64875..31cf54d 100644 +--- a/net/ipv4/inet_diag.c ++++ b/net/ipv4/inet_diag.c +@@ -106,6 +106,10 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk, + + r->id.idiag_sport = inet->inet_sport; + r->id.idiag_dport = inet->inet_dport; ++ ++ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src)); ++ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst)); ++ + r->id.idiag_src[0] = inet->inet_rcv_saddr; + r->id.idiag_dst[0] = inet->inet_daddr; + +@@ -240,12 +244,19 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw, + + r->idiag_family = tw->tw_family; + r->idiag_retrans = 0; ++ + r->id.idiag_if = tw->tw_bound_dev_if; + sock_diag_save_cookie(tw, r->id.idiag_cookie); ++ + r->id.idiag_sport = tw->tw_sport; + r->id.idiag_dport = tw->tw_dport; ++ ++ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src)); ++ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst)); ++ + r->id.idiag_src[0] = tw->tw_rcv_saddr; + r->id.idiag_dst[0] = tw->tw_daddr; ++ + r->idiag_state = tw->tw_substate; + r->idiag_timer = 3; + r->idiag_expires = DIV_ROUND_UP(tmo * 1000, HZ); +@@ -732,8 +743,13 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk, + + r->id.idiag_sport = inet->inet_sport; + r->id.idiag_dport = ireq->rmt_port; ++ ++ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src)); ++ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst)); ++ + r->id.idiag_src[0] = ireq->loc_addr; + r->id.idiag_dst[0] = ireq->rmt_addr; ++ + r->idiag_expires = jiffies_to_msecs(tmo); + r->idiag_rqueue = 0; + r->idiag_wqueue = 0; diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index 96da9c7..b956690 100644 --- a/net/ipv4/inet_hashtables.c @@ -98597,21 +98999,10 @@ index 5de5660..d3deb89 100644 -e 's@^#include <linux/compiler.h>@@' \ -e 's/(^|[^a-zA-Z0-9])__packed([^a-zA-Z0-9_]|$)/\1__attribute__((packed))\2/g' \ diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh -index 32b10f5..64eeb30 100644 +index 2dcb377..a82c500 100644 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh -@@ -82,7 +82,9 @@ kallsyms() - kallsymopt="${kallsymopt} --all-symbols" - fi - -- kallsymopt="${kallsymopt} --page-offset=$CONFIG_PAGE_OFFSET" -+ if [ -z "${CONFIG_X86_32}" ] || [ -z "${CONFIG_PAX_KERNEXEC}" ]; then -+ kallsymopt="${kallsymopt} --page-offset=$CONFIG_PAGE_OFFSET" -+ fi - - local aflags="${KBUILD_AFLAGS} ${KBUILD_AFLAGS_KERNEL} \ - ${NOSTDINC_FLAGS} ${LINUXINCLUDE} ${KBUILD_CPPFLAGS}" -@@ -160,7 +162,7 @@ else +@@ -162,7 +162,7 @@ else fi; # final build of init/ @@ -98878,10 +99269,10 @@ index f5eb43d..1814de8 100644 shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff)); shstrtab_sec = shdr + r2(&ehdr->e_shstrndx); diff --git a/security/Kconfig b/security/Kconfig -index e9c6ac7..031a726 100644 +index e9c6ac7..9551ea7 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,960 @@ +@@ -4,6 +4,958 @@ menu "Security options" @@ -99192,7 +99583,6 @@ index e9c6ac7..031a726 100644 + select CIFS_XATTR if CIFS + select EXT2_FS_XATTR if EXT2_FS + select EXT3_FS_XATTR if EXT3_FS -+ select EXT4_FS_XATTR if EXT4_FS + select JFFS2_FS_XATTR if JFFS2_FS + select REISERFS_FS_XATTR if REISERFS_FS + select SQUASHFS_XATTR if SQUASHFS @@ -99616,7 +100006,6 @@ index e9c6ac7..031a726 100644 +config PAX_MEMORY_SANITIZE + bool "Sanitize all freed memory" + default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY) -+ depends on !HIBERNATION + help + By saying Y here the kernel will erase memory pages and slab objects + as soon as they are freed. This in turn reduces the lifetime of data @@ -99842,7 +100231,7 @@ index e9c6ac7..031a726 100644 source security/keys/Kconfig config SECURITY_DMESG_RESTRICT -@@ -103,7 +1057,7 @@ config INTEL_TXT +@@ -103,7 +1055,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -100197,10 +100586,10 @@ index fc3e662..7844c60 100644 lock = &avc_cache.slots_lock[hvalue]; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index d9a78fd..5038314 100644 +index 392a044..5e931be 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c -@@ -5662,7 +5662,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) +@@ -5693,7 +5693,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -100209,7 +100598,7 @@ index d9a78fd..5038314 100644 .name = "selinux", .ptrace_access_check = selinux_ptrace_access_check, -@@ -6014,6 +6014,9 @@ static void selinux_nf_ip_exit(void) +@@ -6045,6 +6045,9 @@ static void selinux_nf_ip_exit(void) #ifdef CONFIG_SECURITY_SELINUX_DISABLE static int selinux_disabled; @@ -100219,7 +100608,7 @@ index d9a78fd..5038314 100644 int selinux_disable(void) { if (ss_initialized) { -@@ -6031,7 +6034,9 @@ int selinux_disable(void) +@@ -6062,7 +6065,9 @@ int selinux_disable(void) selinux_disabled = 1; selinux_enabled = 0; @@ -100231,10 +100620,10 @@ index d9a78fd..5038314 100644 /* Try to destroy the avc node cache */ avc_disable(); diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h -index 6713f04..c57ecef 100644 +index c1af4e1..bcb003c 100644 --- a/security/selinux/include/xfrm.h +++ b/security/selinux/include/xfrm.h -@@ -52,7 +52,7 @@ static inline void selinux_xfrm_notify_policyload(void) +@@ -53,7 +53,7 @@ static inline void selinux_xfrm_notify_policyload(void) { struct net *net; @@ -102970,10 +103359,10 @@ index 0000000..679b9ef +} diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data new file mode 100644 -index 0000000..a0c9844 +index 0000000..3d6cc0f --- /dev/null +++ b/tools/gcc/size_overflow_hash.data -@@ -0,0 +1,7723 @@ +@@ -0,0 +1,7743 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL +batadv_orig_node_del_if_4 batadv_orig_node_del_if 2 4 NULL @@ -102988,8 +103377,8 @@ index 0000000..a0c9844 +snd_korg1212_copy_to_92 snd_korg1212_copy_to 6 92 NULL +load_msg_95 load_msg 2 95 NULL +device_flush_iotlb_115 device_flush_iotlb 2-3 115 NULL -+ipath_verbs_send_117 ipath_verbs_send 5-3 117 NULL nohasharray -+write_all_supers_117 write_all_supers 0 117 &ipath_verbs_send_117 ++write_all_supers_117 write_all_supers 0 117 NULL nohasharray ++ipath_verbs_send_117 ipath_verbs_send 5-3 117 &write_all_supers_117 +init_q_132 init_q 4 132 NULL +ocfs2_local_alloc_slide_window_134 ocfs2_local_alloc_slide_window 0 134 NULL +memstick_alloc_host_142 memstick_alloc_host 1 142 NULL @@ -103277,6 +103666,7 @@ index 0000000..a0c9844 +set_msr_hyperv_pw_2785 set_msr_hyperv_pw 3 2785 NULL +device_add_attrs_2789 device_add_attrs 0 2789 NULL +iwl_dbgfs_clear_ucode_statistics_write_2804 iwl_dbgfs_clear_ucode_statistics_write 3 2804 NULL ++vmemmap_pte_populate_2822 vmemmap_pte_populate 3 2822 NULL +sel_read_enforce_2828 sel_read_enforce 3 2828 NULL +vb2_dc_get_userptr_2829 vb2_dc_get_userptr 2-3 2829 NULL nohasharray +snd_pcm_reset_2829 snd_pcm_reset 0 2829 &vb2_dc_get_userptr_2829 @@ -103320,7 +103710,7 @@ index 0000000..a0c9844 +ocfs2_get_right_path_3097 ocfs2_get_right_path 0 3097 NULL +clone_bio_3100 clone_bio 6 3100 NULL nohasharray +ttusb2_msg_3100 ttusb2_msg 4 3100 &clone_bio_3100 -+rb_alloc_3102 rb_alloc 1 3102 NULL ++rb_alloc_3102 rb_alloc 1-3 3102 NULL +simple_write_to_buffer_3122 simple_write_to_buffer 2-5 3122 NULL +print_time_3132 print_time 0 3132 NULL +fill_write_buffer_3142 fill_write_buffer 3 3142 NULL @@ -103439,6 +103829,7 @@ index 0000000..a0c9844 +ext4_xattr_find_entry_4025 ext4_xattr_find_entry 0 4025 NULL +mtip_hw_read_registers_4037 mtip_hw_read_registers 3 4037 NULL +i915_gpu_idle_4062 i915_gpu_idle 0 4062 NULL ++vmemmap_pmd_populate_4071 vmemmap_pmd_populate 3 4071 NULL +read_file_queues_4078 read_file_queues 3 4078 NULL +fbcon_do_set_font_4079 fbcon_do_set_font 2-3 4079 NULL +btrfs_inc_ref_4084 btrfs_inc_ref 0 4084 NULL @@ -103988,8 +104379,8 @@ index 0000000..a0c9844 +usb_allocate_stream_buffers_8964 usb_allocate_stream_buffers 3 8964 NULL +qib_qsfp_dump_8966 qib_qsfp_dump 0-3 8966 NULL +venus_mkdir_8967 venus_mkdir 4 8967 NULL -+seq_open_net_8968 seq_open_net 4 8968 NULL nohasharray -+vol_cdev_read_8968 vol_cdev_read 3 8968 &seq_open_net_8968 ++vol_cdev_read_8968 vol_cdev_read 3 8968 NULL nohasharray ++seq_open_net_8968 seq_open_net 4 8968 &vol_cdev_read_8968 +bio_integrity_get_tag_8974 bio_integrity_get_tag 3 8974 NULL +btrfs_alloc_free_block_8986 btrfs_alloc_free_block 3-8 8986 NULL +jbd2_journal_blocks_per_page_9004 jbd2_journal_blocks_per_page 0 9004 NULL @@ -104033,6 +104424,7 @@ index 0000000..a0c9844 +sparse_early_usemaps_alloc_node_9269 sparse_early_usemaps_alloc_node 4 9269 NULL +hdpvr_read_9273 hdpvr_read 3 9273 NULL +flakey_status_9274 flakey_status 5 9274 NULL ++migrate_misplaced_transhuge_page_9298 migrate_misplaced_transhuge_page 7 9298 NULL +iwl_dbgfs_stations_read_9309 iwl_dbgfs_stations_read 3 9309 NULL +ceph_sync_setxattr_9310 ceph_sync_setxattr 4 9310 NULL +ieee80211_if_fmt_txpower_9334 ieee80211_if_fmt_txpower 3 9334 NULL @@ -104356,6 +104748,7 @@ index 0000000..a0c9844 +ecryptfs_copy_filename_11868 ecryptfs_copy_filename 4 11868 NULL +ieee80211_rx_bss_info_11887 ieee80211_rx_bss_info 3 11887 NULL +mdc_rename_11899 mdc_rename 4-6 11899 NULL ++perf_mmap_alloc_page_11904 perf_mmap_alloc_page 1 11904 NULL +xstateregs_get_11906 xstateregs_get 4 11906 NULL +ti_write_11916 ti_write 4 11916 NULL +fs_devrw_entry_11924 fs_devrw_entry 3 11924 NULL @@ -104405,8 +104798,8 @@ index 0000000..a0c9844 +shash_compat_setkey_12267 shash_compat_setkey 3 12267 NULL +add_sctp_bind_addr_12269 add_sctp_bind_addr 3 12269 NULL +note_last_dentry_12285 note_last_dentry 3 12285 NULL -+il_dbgfs_nvm_read_12288 il_dbgfs_nvm_read 3 12288 NULL nohasharray -+roundup_to_multiple_of_64_12288 roundup_to_multiple_of_64 0-1 12288 &il_dbgfs_nvm_read_12288 ++roundup_to_multiple_of_64_12288 roundup_to_multiple_of_64 0-1 12288 NULL nohasharray ++il_dbgfs_nvm_read_12288 il_dbgfs_nvm_read 3 12288 &roundup_to_multiple_of_64_12288 +wrap_min_12303 wrap_min 0-1-2 12303 NULL +bt_sock_recvmsg_12316 bt_sock_recvmsg 4 12316 NULL +pcbit_writecmd_12332 pcbit_writecmd 2 12332 NULL @@ -104445,7 +104838,7 @@ index 0000000..a0c9844 +rtw_android_get_link_speed_12655 rtw_android_get_link_speed 0 12655 NULL +ocfs2_read_block_12659 ocfs2_read_block 0 12659 NULL +sel_read_class_12669 sel_read_class 3 12669 NULL nohasharray -+sparse_mem_maps_populate_node_12669 sparse_mem_maps_populate_node 4 12669 &sel_read_class_12669 ++sparse_mem_maps_populate_node_12669 sparse_mem_maps_populate_node 4-5 12669 &sel_read_class_12669 +ext4_writepage_trans_blocks_12674 ext4_writepage_trans_blocks 0 12674 NULL +ext4_bg_num_gdb_meta_12702 ext4_bg_num_gdb_meta 0 12702 NULL +iwl_dbgfs_calib_disabled_write_12707 iwl_dbgfs_calib_disabled_write 3 12707 NULL @@ -104524,6 +104917,7 @@ index 0000000..a0c9844 +kvm_read_nested_guest_page_13337 kvm_read_nested_guest_page 5-2 13337 NULL +get_bits_13353 get_bits 0-2 13353 NULL +hscx_empty_fifo_13360 hscx_empty_fifo 2 13360 NULL ++snd_ctl_elem_info_13363 snd_ctl_elem_info 0 13363 NULL +iso_sched_alloc_13377 iso_sched_alloc 1 13377 NULL nohasharray +wep_key_not_found_read_13377 wep_key_not_found_read 3 13377 &iso_sched_alloc_13377 +ext4_meta_trans_blocks_13380 ext4_meta_trans_blocks 0-3-2 13380 NULL @@ -104665,8 +105059,8 @@ index 0000000..a0c9844 +efx_mdio_check_mmds_14486 efx_mdio_check_mmds 2 14486 NULL nohasharray +ieee80211_if_read_dot11MeshGateAnnouncementProtocol_14486 ieee80211_if_read_dot11MeshGateAnnouncementProtocol 3 14486 &efx_mdio_check_mmds_14486 +ocfs2_debug_read_14507 ocfs2_debug_read 3 14507 NULL -+ep0_write_14536 ep0_write 3 14536 NULL nohasharray -+dataflash_read_user_otp_14536 dataflash_read_user_otp 3-2 14536 &ep0_write_14536 ++dataflash_read_user_otp_14536 dataflash_read_user_otp 3-2 14536 NULL nohasharray ++ep0_write_14536 ep0_write 3 14536 &dataflash_read_user_otp_14536 +register_trace_sched_switch_14545 register_trace_sched_switch 0 14545 NULL +picolcd_debug_eeprom_read_14549 picolcd_debug_eeprom_read 3 14549 NULL +drm_vmalloc_dma_14550 drm_vmalloc_dma 1 14550 NULL @@ -104702,8 +105096,8 @@ index 0000000..a0c9844 +keys_proc_write_14792 keys_proc_write 3 14792 NULL +ext4_kvmalloc_14796 ext4_kvmalloc 1 14796 NULL +__kfifo_in_14797 __kfifo_in 3-0 14797 NULL -+hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray -+snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801 ++snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 NULL nohasharray ++hpet_readl_14801 hpet_readl 0 14801 &snd_als300_gcr_read_14801 +changed_cb_14819 changed_cb 0 14819 NULL +do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL +mrp_attr_create_14853 mrp_attr_create 3 14853 NULL @@ -105179,6 +105573,7 @@ index 0000000..a0c9844 +SyS_lsetxattr_18776 SyS_lsetxattr 4 18776 NULL +alloc_fcdev_18780 alloc_fcdev 1 18780 NULL +prealloc_18800 prealloc 0 18800 NULL ++alloc_pages_node_18809 alloc_pages_node 1 18809 NULL +madvise_hwpoison_18812 madvise_hwpoison 2 18812 NULL +setup_ioapic_irq_18813 setup_ioapic_irq 1 18813 NULL +dm_stats_print_18815 dm_stats_print 7 18815 NULL @@ -105396,8 +105791,8 @@ index 0000000..a0c9844 +cpulist_scnprintf_20648 cpulist_scnprintf 2-0 20648 NULL +oz_add_farewell_20652 oz_add_farewell 5 20652 NULL +oz_cdev_read_20659 oz_cdev_read 3 20659 NULL -+snd_hdsp_playback_copy_20676 snd_hdsp_playback_copy 5 20676 NULL nohasharray -+btrfs_qgroup_reserve_20676 btrfs_qgroup_reserve 0 20676 &snd_hdsp_playback_copy_20676 ++btrfs_qgroup_reserve_20676 btrfs_qgroup_reserve 0 20676 NULL nohasharray ++snd_hdsp_playback_copy_20676 snd_hdsp_playback_copy 5 20676 &btrfs_qgroup_reserve_20676 +get_user_page_nowait_20682 get_user_page_nowait 3 20682 NULL nohasharray +dvb_dmxdev_buffer_read_20682 dvb_dmxdev_buffer_read 0-4 20682 &get_user_page_nowait_20682 +cpumask_size_20683 cpumask_size 0 20683 NULL @@ -105738,6 +106133,7 @@ index 0000000..a0c9844 +iscsi_change_queue_depth_23416 iscsi_change_queue_depth 2 23416 NULL +vga_mm_r_23419 vga_mm_r 0 23419 NULL +vzalloc_node_23424 vzalloc_node 1-2 23424 NULL ++vmemmap_populate_basepages_23435 vmemmap_populate_basepages 3 23435 NULL +__ctzsi2_23444 __ctzsi2 1 23444 NULL +ocfs2_zero_tail_23447 ocfs2_zero_tail 3 23447 NULL +hidraw_send_report_23449 hidraw_send_report 3 23449 NULL @@ -106011,6 +106407,7 @@ index 0000000..a0c9844 +aircable_prepare_write_buffer_25669 aircable_prepare_write_buffer 3 25669 NULL +lpfc_idiag_cmd_get_25672 lpfc_idiag_cmd_get 2 25672 NULL +sta_inactive_ms_read_25690 sta_inactive_ms_read 3 25690 NULL ++sparse_mem_map_populate_25693 sparse_mem_map_populate 2 25693 NULL +ebitmap_start_positive_25703 ebitmap_start_positive 0 25703 NULL +wl1271_tx_enabled_rates_get_25712 wl1271_tx_enabled_rates_get 0 25712 NULL nohasharray +rx_filter_mc_filter_read_25712 rx_filter_mc_filter_read 3 25712 &wl1271_tx_enabled_rates_get_25712 @@ -106063,8 +106460,8 @@ index 0000000..a0c9844 +read_sb_page_26119 read_sb_page 5 26119 NULL +__fswab64_26155 __fswab64 0 26155 NULL +copy_oldmem_page_26164 copy_oldmem_page 3 26164 NULL -+gfs2_xattr_acl_get_26166 gfs2_xattr_acl_get 0 26166 NULL nohasharray -+ath6kl_roam_table_read_26166 ath6kl_roam_table_read 3 26166 &gfs2_xattr_acl_get_26166 ++ath6kl_roam_table_read_26166 ath6kl_roam_table_read 3 26166 NULL nohasharray ++gfs2_xattr_acl_get_26166 gfs2_xattr_acl_get 0 26166 &ath6kl_roam_table_read_26166 +disk_devt_26180 disk_devt 0 26180 NULL +cgroup_setxattr_26188 cgroup_setxattr 4 26188 NULL +ieee80211_if_fmt_dot11MeshTTL_26198 ieee80211_if_fmt_dot11MeshTTL 3 26198 NULL @@ -106206,6 +106603,7 @@ index 0000000..a0c9844 +ocfs2_refcount_cal_cow_clusters_27422 ocfs2_refcount_cal_cow_clusters 0-3-4 27422 NULL nohasharray +evm_inode_init_security_27422 evm_inode_init_security 0 27422 &ocfs2_refcount_cal_cow_clusters_27422 +cypress_write_27423 cypress_write 4 27423 NULL ++vmemmap_populate_27442 vmemmap_populate 3 27442 NULL +sddr09_read_data_27447 sddr09_read_data 3 27447 NULL +ktime_to_us_27455 ktime_to_us 0 27455 NULL +sk_extract_addr_27474 sk_extract_addr 0 27474 NULL @@ -106392,8 +106790,8 @@ index 0000000..a0c9844 +xz_dec_init_29029 xz_dec_init 2 29029 NULL +i915_gem_object_bind_to_vm_29035 i915_gem_object_bind_to_vm 0 29035 NULL +ieee80211_if_read_ht_opmode_29044 ieee80211_if_read_ht_opmode 3 29044 NULL -+ProcessGetHostMibs_29049 ProcessGetHostMibs 0 29049 NULL nohasharray -+rxrpc_sendmsg_29049 rxrpc_sendmsg 4 29049 &ProcessGetHostMibs_29049 ++rxrpc_sendmsg_29049 rxrpc_sendmsg 4 29049 NULL nohasharray ++ProcessGetHostMibs_29049 ProcessGetHostMibs 0 29049 &rxrpc_sendmsg_29049 +btrfs_root_bytenr_29058 btrfs_root_bytenr 0 29058 NULL +iso_packets_buffer_init_29061 iso_packets_buffer_init 3-4 29061 NULL +roundup_64_29066 roundup_64 2-0-1 29066 NULL @@ -106625,6 +107023,7 @@ index 0000000..a0c9844 +size_inside_page_31141 size_inside_page 0-1-2 31141 NULL +w9966_v4l_read_31148 w9966_v4l_read 3 31148 NULL +ch_do_scsi_31171 ch_do_scsi 4 31171 NULL ++crypto_rng_seedsize_31196 crypto_rng_seedsize 0 31196 NULL +r592_read_fifo_pio_31198 r592_read_fifo_pio 3 31198 NULL +mtdchar_readoob_31200 mtdchar_readoob 4 31200 NULL +__btrfs_free_reserved_extent_31207 __btrfs_free_reserved_extent 2 31207 NULL @@ -107005,8 +107404,8 @@ index 0000000..a0c9844 +av7110_vbi_write_34384 av7110_vbi_write 3 34384 NULL +usbvision_v4l2_read_34386 usbvision_v4l2_read 3 34386 NULL +read_rbu_image_type_34387 read_rbu_image_type 6 34387 NULL -+iwl_calib_set_34400 iwl_calib_set 3 34400 NULL nohasharray -+ivtv_read_pos_34400 ivtv_read_pos 3 34400 &iwl_calib_set_34400 ++ivtv_read_pos_34400 ivtv_read_pos 3 34400 NULL nohasharray ++iwl_calib_set_34400 iwl_calib_set 3 34400 &ivtv_read_pos_34400 +wd_exp_mode_write_34407 wd_exp_mode_write 3 34407 NULL +nl80211_send_disassoc_34424 nl80211_send_disassoc 4 34424 NULL +security_socket_create_34439 security_socket_create 0 34439 NULL @@ -107016,13 +107415,13 @@ index 0000000..a0c9844 +i2o_parm_field_get_34477 i2o_parm_field_get 5 34477 NULL +ocfs2_block_group_clear_bits_34484 ocfs2_block_group_clear_bits 0 34484 NULL +security_inode_permission_34488 security_inode_permission 0 34488 NULL -+SyS_pwritev_34494 SyS_pwritev 3 34494 NULL nohasharray -+__ffs64_34494 __ffs64 1-0 34494 &SyS_pwritev_34494 ++__ffs64_34494 __ffs64 1-0 34494 NULL nohasharray ++SyS_pwritev_34494 SyS_pwritev 3 34494 &__ffs64_34494 +qp_alloc_res_34496 qp_alloc_res 5 34496 NULL +lu_buf_check_and_alloc_34505 lu_buf_check_and_alloc 2 34505 NULL +snd_pcm_hw_param_value_34525 snd_pcm_hw_param_value 0 34525 NULL -+ext4_fallocate_34537 ext4_fallocate 4-3 34537 NULL nohasharray -+tracing_stats_read_34537 tracing_stats_read 3 34537 &ext4_fallocate_34537 ++tracing_stats_read_34537 tracing_stats_read 3 34537 NULL nohasharray ++ext4_fallocate_34537 ext4_fallocate 4-3 34537 &tracing_stats_read_34537 +hugetlbfs_read_actor_34547 hugetlbfs_read_actor 4-5-2-0 34547 NULL +dbBackSplit_34561 dbBackSplit 0 34561 NULL +alloc_ieee80211_rsl_34564 alloc_ieee80211_rsl 1 34564 NULL nohasharray @@ -107035,8 +107434,8 @@ index 0000000..a0c9844 +cw1200_queue_init_34599 cw1200_queue_init 4 34599 &ceph_msgpool_init_34599 +__add_prelim_ref_34600 __add_prelim_ref 0 34600 NULL +brcmf_cfg80211_mgmt_tx_34608 brcmf_cfg80211_mgmt_tx 7 34608 NULL -+__jffs2_ref_totlen_34609 __jffs2_ref_totlen 0 34609 NULL nohasharray -+mtd_write_34609 mtd_write 0 34609 &__jffs2_ref_totlen_34609 ++mtd_write_34609 mtd_write 0 34609 NULL nohasharray ++__jffs2_ref_totlen_34609 __jffs2_ref_totlen 0 34609 &mtd_write_34609 +apei_get_nvs_resources_34616 apei_get_nvs_resources 0 34616 NULL +__cfg80211_disconnected_34622 __cfg80211_disconnected 3 34622 NULL +cnic_alloc_dma_34641 cnic_alloc_dma 3 34641 NULL @@ -107090,6 +107489,7 @@ index 0000000..a0c9844 +ntfs_attr_extend_initialized_35084 ntfs_attr_extend_initialized 2 35084 NULL +store_ifalias_35088 store_ifalias 4 35088 NULL +__kfifo_uint_must_check_helper_35097 __kfifo_uint_must_check_helper 0-1 35097 NULL ++alloc_thread_info_node_35101 alloc_thread_info_node 2 35101 NULL +capi_write_35104 capi_write 3 35104 NULL nohasharray +tx_tx_done_template_read_35104 tx_tx_done_template_read 3 35104 &capi_write_35104 +ide_settings_proc_write_35110 ide_settings_proc_write 3 35110 NULL @@ -107209,7 +107609,8 @@ index 0000000..a0c9844 +ieee80211_if_fmt_peer_36071 ieee80211_if_fmt_peer 3 36071 NULL +ext3_new_blocks_36073 ext3_new_blocks 3-0 36073 NULL +ieee80211_if_write_tsf_36077 ieee80211_if_write_tsf 3 36077 NULL -+snd_pcm_plug_read_transfer_36080 snd_pcm_plug_read_transfer 0-3 36080 NULL ++vmemmap_pud_populate_36080 vmemmap_pud_populate 3 36080 NULL nohasharray ++snd_pcm_plug_read_transfer_36080 snd_pcm_plug_read_transfer 0-3 36080 &vmemmap_pud_populate_36080 +mtip_hw_read_device_status_36082 mtip_hw_read_device_status 3 36082 NULL +vga_arb_write_36112 vga_arb_write 3 36112 NULL +simple_xattr_alloc_36118 simple_xattr_alloc 2 36118 NULL @@ -107502,11 +107903,11 @@ index 0000000..a0c9844 +snd_pcm_playback_rewind_38249 snd_pcm_playback_rewind 0-2 38249 NULL +from_dblock_38256 from_dblock 0-1 38256 NULL +vmci_qp_broker_set_page_store_38260 vmci_qp_broker_set_page_store 3-2 38260 NULL -+SYSC_msgrcv_38268 SYSC_msgrcv 3 38268 NULL nohasharray -+ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 &SYSC_msgrcv_38268 nohasharray -+mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 &ieee80211_if_read_auto_open_plinks_38268 -+xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 NULL nohasharray -+xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 &xfs_bmdr_to_bmbt_38275 ++ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 NULL nohasharray ++SYSC_msgrcv_38268 SYSC_msgrcv 3 38268 &ieee80211_if_read_auto_open_plinks_38268 nohasharray ++mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 &SYSC_msgrcv_38268 ++xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray ++xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 &xfs_bmbt_to_bmdr_38275 +ftdi_process_packet_38281 ftdi_process_packet 4 38281 NULL +gpa_to_gfn_38291 gpa_to_gfn 0-1 38291 NULL +ucma_query_path_38305 ucma_query_path 3 38305 NULL @@ -107579,8 +107980,8 @@ index 0000000..a0c9844 +ext3_trim_all_free_38929 ext3_trim_all_free 4-3-2 38929 NULL +il_dbgfs_sram_write_38942 il_dbgfs_sram_write 3 38942 NULL +__ath6kl_wmi_send_mgmt_cmd_38971 __ath6kl_wmi_send_mgmt_cmd 7 38971 NULL -+C_SYSC_preadv64_38977 C_SYSC_preadv64 3 38977 NULL nohasharray -+usb_maxpacket_38977 usb_maxpacket 0 38977 &C_SYSC_preadv64_38977 ++usb_maxpacket_38977 usb_maxpacket 0 38977 NULL nohasharray ++C_SYSC_preadv64_38977 C_SYSC_preadv64 3 38977 &usb_maxpacket_38977 +OSDSetBlock_38986 OSDSetBlock 2-4 38986 NULL +lpfc_idiag_extacc_write_38998 lpfc_idiag_extacc_write 3 38998 NULL +udf_new_block_38999 udf_new_block 4 38999 NULL @@ -107644,8 +108045,8 @@ index 0000000..a0c9844 +ext_depth_39607 ext_depth 0 39607 NULL +nfs_idmap_get_key_39616 nfs_idmap_get_key 2 39616 NULL +sdio_readb_39618 sdio_readb 0 39618 NULL -+set_dev_class_39645 set_dev_class 4 39645 NULL nohasharray -+dm_exception_table_init_39645 dm_exception_table_init 2 39645 &set_dev_class_39645 ++dm_exception_table_init_39645 dm_exception_table_init 2 39645 NULL nohasharray ++set_dev_class_39645 set_dev_class 4 39645 &dm_exception_table_init_39645 +snd_rme32_capture_copy_39653 snd_rme32_capture_copy 5 39653 NULL +tcp_try_rmem_schedule_39657 tcp_try_rmem_schedule 3 39657 NULL +kvm_read_guest_cached_39666 kvm_read_guest_cached 4 39666 NULL @@ -107848,6 +108249,7 @@ index 0000000..a0c9844 +xfs_iext_add_41422 xfs_iext_add 3 41422 NULL +isdn_ppp_fill_rq_41428 isdn_ppp_fill_rq 2 41428 NULL +lbs_rdrf_read_41431 lbs_rdrf_read 3 41431 NULL ++vmemmap_populate_hugepages_41434 vmemmap_populate_hugepages 3 41434 NULL +iio_device_alloc_41440 iio_device_alloc 1 41440 NULL +ntfs_file_buffered_write_41442 ntfs_file_buffered_write 6-4 41442 NULL +pcpu_build_alloc_info_41443 pcpu_build_alloc_info 1-2-3 41443 NULL @@ -108068,7 +108470,7 @@ index 0000000..a0c9844 +ath10k_p2p_calc_noa_ie_len_43209 ath10k_p2p_calc_noa_ie_len 0 43209 NULL +f2fs_acl_from_disk_43210 f2fs_acl_from_disk 2 43210 NULL +atomic_long_add_return_43217 atomic_long_add_return 1-0 43217 NULL -+vmemmap_alloc_block_43245 vmemmap_alloc_block 1 43245 NULL ++vmemmap_alloc_block_43245 vmemmap_alloc_block 1-2 43245 NULL +fixup_leb_43256 fixup_leb 3 43256 NULL +ide_end_rq_43269 ide_end_rq 4 43269 NULL +nilfs_direct_IO_43271 nilfs_direct_IO 4 43271 NULL @@ -108089,8 +108491,8 @@ index 0000000..a0c9844 +usb_alloc_urb_43436 usb_alloc_urb 1 43436 NULL +ath6kl_wmi_roam_tbl_event_rx_43440 ath6kl_wmi_roam_tbl_event_rx 3 43440 NULL +ocfs2_rotate_tree_left_43442 ocfs2_rotate_tree_left 0 43442 NULL -+usemap_size_43443 usemap_size 0-2-1 43443 NULL nohasharray -+usb_string_43443 usb_string 0 43443 &usemap_size_43443 ++usb_string_43443 usb_string 0 43443 NULL nohasharray ++usemap_size_43443 usemap_size 0-2-1 43443 &usb_string_43443 +get_vm_area_size_43444 get_vm_area_size 0 43444 NULL +nvme_trans_device_id_page_43466 nvme_trans_device_id_page 4 43466 NULL +calculate_discard_block_size_43480 calculate_discard_block_size 0 43480 NULL nohasharray @@ -108399,8 +108801,8 @@ index 0000000..a0c9844 +dma_tx_errors_read_46060 dma_tx_errors_read 3 46060 &__ocfs2_move_extent_46060 +sel_commit_bools_write_46077 sel_commit_bools_write 3 46077 NULL +arizona_set_irq_wake_46101 arizona_set_irq_wake 2 46101 NULL -+memcg_update_array_size_46111 memcg_update_array_size 1 46111 NULL nohasharray -+il3945_ucode_general_stats_read_46111 il3945_ucode_general_stats_read 3 46111 &memcg_update_array_size_46111 ++il3945_ucode_general_stats_read_46111 il3945_ucode_general_stats_read 3 46111 NULL nohasharray ++memcg_update_array_size_46111 memcg_update_array_size 1 46111 &il3945_ucode_general_stats_read_46111 +C_SYSC_writev_46113 C_SYSC_writev 3 46113 NULL +mlx4_ib_alloc_fast_reg_page_list_46119 mlx4_ib_alloc_fast_reg_page_list 2 46119 NULL +paging32_walk_addr_nested_46121 paging32_walk_addr_nested 3 46121 NULL @@ -108409,6 +108811,7 @@ index 0000000..a0c9844 +vb2_dma_sg_get_userptr_46146 vb2_dma_sg_get_userptr 2-3 46146 NULL +__netlink_change_ngroups_46156 __netlink_change_ngroups 2 46156 NULL +alloc_iova_46160 alloc_iova 2 46160 NULL ++kmalloc_section_memmap_46168 kmalloc_section_memmap 2 46168 NULL +twl_direction_out_46182 twl_direction_out 2 46182 NULL +vxge_os_dma_malloc_46184 vxge_os_dma_malloc 2 46184 NULL +fq_resize_46195 fq_resize 2 46195 NULL @@ -108420,8 +108823,8 @@ index 0000000..a0c9844 +mpi_read_raw_data_46248 mpi_read_raw_data 2 46248 NULL +ReadReg_46277 ReadReg 0 46277 NULL +sg_proc_write_dressz_46316 sg_proc_write_dressz 3 46316 NULL -+__hwahc_dev_set_key_46328 __hwahc_dev_set_key 5 46328 NULL nohasharray -+compat_SyS_readv_46328 compat_SyS_readv 3 46328 &__hwahc_dev_set_key_46328 ++compat_SyS_readv_46328 compat_SyS_readv 3 46328 NULL nohasharray ++__hwahc_dev_set_key_46328 __hwahc_dev_set_key 5 46328 &compat_SyS_readv_46328 +iwl_dbgfs_chain_noise_read_46355 iwl_dbgfs_chain_noise_read 3 46355 NULL +smk_write_direct_46363 smk_write_direct 3 46363 NULL +__iommu_calculate_agaw_46366 __iommu_calculate_agaw 2 46366 NULL @@ -108641,8 +109044,8 @@ index 0000000..a0c9844 +set_discoverable_48141 set_discoverable 4 48141 NULL +dn_fib_count_nhs_48145 dn_fib_count_nhs 0 48145 NULL +get_cur_inode_state_48149 get_cur_inode_state 0 48149 NULL -+_add_to_r4w_48152 _add_to_r4w 4 48152 NULL nohasharray -+bitmap_onto_48152 bitmap_onto 4 48152 &_add_to_r4w_48152 ++bitmap_onto_48152 bitmap_onto 4 48152 NULL nohasharray ++_add_to_r4w_48152 _add_to_r4w 4 48152 &bitmap_onto_48152 +isr_dma1_done_read_48159 isr_dma1_done_read 3 48159 NULL +c4iw_id_table_alloc_48163 c4iw_id_table_alloc 3 48163 NULL +ocfs2_find_next_zero_bit_unaligned_48170 ocfs2_find_next_zero_bit_unaligned 2-3 48170 NULL nohasharray @@ -108724,8 +109127,8 @@ index 0000000..a0c9844 +vc_do_resize_48842 vc_do_resize 4-3 48842 NULL +comedi_buf_write_alloc_48846 comedi_buf_write_alloc 0-2 48846 NULL +suspend_dtim_interval_write_48854 suspend_dtim_interval_write 3 48854 NULL -+C_SYSC_pwritev64_48864 C_SYSC_pwritev64 3 48864 NULL nohasharray -+viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 &C_SYSC_pwritev64_48864 ++viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 NULL nohasharray ++C_SYSC_pwritev64_48864 C_SYSC_pwritev64 3 48864 &viafb_dvp1_proc_write_48864 +ide_port_alloc_devices_48866 ide_port_alloc_devices 2 48866 NULL +__ffs_ep0_read_events_48868 __ffs_ep0_read_events 3 48868 NULL +ext2_alloc_branch_48889 ext2_alloc_branch 4 48889 NULL @@ -108752,7 +109155,8 @@ index 0000000..a0c9844 +aic7xxx_rem_scb_from_disc_list_49041 aic7xxx_rem_scb_from_disc_list 0 49041 NULL +setup_msi_irq_49052 setup_msi_irq 3-4 49052 NULL +ubi_read_49061 ubi_read 0 49061 NULL -+scsi_register_49094 scsi_register 2 49094 NULL ++sparse_early_nid_49094 sparse_early_nid 0 49094 NULL nohasharray ++scsi_register_49094 scsi_register 2 49094 &sparse_early_nid_49094 +paging64_walk_addr_nested_49100 paging64_walk_addr_nested 3 49100 NULL +compat_do_readv_writev_49102 compat_do_readv_writev 4 49102 NULL +xfrm_replay_state_esn_len_49119 xfrm_replay_state_esn_len 0 49119 NULL @@ -108981,8 +109385,8 @@ index 0000000..a0c9844 +dpcm_show_state_50827 dpcm_show_state 0 50827 NULL +acpi_ev_install_gpe_block_50829 acpi_ev_install_gpe_block 2 50829 NULL +SetArea_50835 SetArea 4 50835 NULL nohasharray -+create_mem_extents_50835 create_mem_extents 0 50835 &SetArea_50835 nohasharray -+mask_from_50835 mask_from 0-1-2 50835 &create_mem_extents_50835 ++mask_from_50835 mask_from 0-1-2 50835 &SetArea_50835 nohasharray ++create_mem_extents_50835 create_mem_extents 0 50835 &mask_from_50835 +videobuf_dma_init_user_50839 videobuf_dma_init_user 3-4 50839 NULL +btrfs_search_slot_for_read_50843 btrfs_search_slot_for_read 0 50843 NULL +self_check_write_50856 self_check_write 0-5 50856 NULL @@ -109074,8 +109478,8 @@ index 0000000..a0c9844 +load_pdptrs_51541 load_pdptrs 3 51541 NULL +__alloc_eip_netdev_51549 __alloc_eip_netdev 1 51549 NULL +ixgb_get_eeprom_len_51586 ixgb_get_eeprom_len 0 51586 NULL -+get_cur_path_51589 get_cur_path 0 51589 NULL nohasharray -+snd_interval_refine_first_51589 snd_interval_refine_first 0 51589 &get_cur_path_51589 ++snd_interval_refine_first_51589 snd_interval_refine_first 0 51589 NULL nohasharray ++get_cur_path_51589 get_cur_path 0 51589 &snd_interval_refine_first_51589 +aac_convert_sgraw2_51598 aac_convert_sgraw2 4 51598 NULL +table_size_to_number_of_entries_51613 table_size_to_number_of_entries 0-1 51613 NULL +extent_fiemap_51621 extent_fiemap 3 51621 NULL @@ -109111,8 +109515,8 @@ index 0000000..a0c9844 +get_indirect_ea_51869 get_indirect_ea 4 51869 NULL +user_read_51881 user_read 3 51881 NULL +dbAdjCtl_51888 dbAdjCtl 0 51888 NULL -+SyS_mq_timedsend_51896 SyS_mq_timedsend 3 51896 NULL nohasharray -+virt_to_phys_51896 virt_to_phys 0 51896 &SyS_mq_timedsend_51896 ++virt_to_phys_51896 virt_to_phys 0 51896 NULL nohasharray ++SyS_mq_timedsend_51896 SyS_mq_timedsend 3 51896 &virt_to_phys_51896 +commit_fs_roots_51898 commit_fs_roots 0 51898 NULL +uvhub_to_first_node_51916 uvhub_to_first_node 0 51916 NULL +wmi_set_ie_51919 wmi_set_ie 3 51919 NULL @@ -109311,6 +109715,7 @@ index 0000000..a0c9844 +dbAllocNext_53506 dbAllocNext 0 53506 NULL +ocfs2_xattr_set_acl_53508 ocfs2_xattr_set_acl 4 53508 NULL +check_acl_53512 check_acl 0 53512 NULL ++alloc_pages_exact_nid_53515 alloc_pages_exact_nid 1 53515 NULL +send_utimes_53516 send_utimes 0 53516 NULL +SYSC_bind_53582 SYSC_bind 3 53582 NULL +cifs_utf16_bytes_53593 cifs_utf16_bytes 0 53593 NULL @@ -109324,8 +109729,8 @@ index 0000000..a0c9844 +nr_sendmsg_53656 nr_sendmsg 4 53656 NULL +fuse_fill_write_pages_53682 fuse_fill_write_pages 0-4 53682 NULL +v4l2_event_subscribe_53687 v4l2_event_subscribe 3 53687 NULL -+bdev_logical_block_size_53690 bdev_logical_block_size 0 53690 NULL nohasharray -+igb_alloc_q_vector_53690 igb_alloc_q_vector 6-4 53690 &bdev_logical_block_size_53690 ++igb_alloc_q_vector_53690 igb_alloc_q_vector 6-4 53690 NULL nohasharray ++bdev_logical_block_size_53690 bdev_logical_block_size 0 53690 &igb_alloc_q_vector_53690 +find_overflow_devnum_53711 find_overflow_devnum 0 53711 NULL +bio_integrity_split_53714 bio_integrity_split 3 53714 NULL +__ocfs2_resv_find_window_53721 __ocfs2_resv_find_window 3 53721 NULL @@ -109414,7 +109819,7 @@ index 0000000..a0c9844 +ll_ra_count_get_54410 ll_ra_count_get 3 54410 NULL +copy_gadget_strings_54417 copy_gadget_strings 3-2 54417 NULL +btrfs_inc_extent_ref_54442 btrfs_inc_extent_ref 0 54442 NULL -+sparse_early_mem_maps_alloc_node_54485 sparse_early_mem_maps_alloc_node 4 54485 NULL ++sparse_early_mem_maps_alloc_node_54485 sparse_early_mem_maps_alloc_node 4-5 54485 NULL +simple_strtoull_54493 simple_strtoull 0 54493 NULL +swiotlb_tbl_map_single_54495 swiotlb_tbl_map_single 0 54495 NULL +btrfs_ordered_sum_size_54509 btrfs_ordered_sum_size 0-2 54509 NULL @@ -109528,8 +109933,8 @@ index 0000000..a0c9844 +lov_get_stripecnt_55297 lov_get_stripecnt 0-3 55297 NULL +gsm_control_modem_55303 gsm_control_modem 3 55303 NULL +wimax_msg_len_55304 wimax_msg_len 0 55304 NULL -+__get_vm_area_node_55305 __get_vm_area_node 6 55305 NULL nohasharray -+qp_alloc_guest_work_55305 qp_alloc_guest_work 5-3 55305 &__get_vm_area_node_55305 ++qp_alloc_guest_work_55305 qp_alloc_guest_work 5-3 55305 NULL nohasharray ++__get_vm_area_node_55305 __get_vm_area_node 6 55305 &qp_alloc_guest_work_55305 +__vxge_hw_vpath_initialize_55328 __vxge_hw_vpath_initialize 2 55328 NULL +do_shmat_55336 do_shmat 5 55336 NULL +vme_user_read_55338 vme_user_read 3 55338 NULL @@ -109627,6 +110032,7 @@ index 0000000..a0c9844 +ocfs2_find_xe_in_bucket_56224 ocfs2_find_xe_in_bucket 0 56224 NULL +do_ipt_set_ctl_56238 do_ipt_set_ctl 4 56238 NULL +fd_copyin_56247 fd_copyin 3 56247 NULL ++svc_init_buffer_56249 svc_init_buffer 3 56249 NULL +sk_rmem_schedule_56255 sk_rmem_schedule 3 56255 NULL +p9pdu_vreadf_56271 p9pdu_vreadf 0 56271 NULL +il4965_ucode_general_stats_read_56277 il4965_ucode_general_stats_read 3 56277 NULL @@ -109713,8 +110119,8 @@ index 0000000..a0c9844 +__bitmap_clear_bits_56912 __bitmap_clear_bits 3 56912 NULL +strcspn_56913 strcspn 0 56913 NULL +__kfifo_out_56927 __kfifo_out 0-3 56927 NULL -+CopyBufferToControlPacket_56933 CopyBufferToControlPacket 0 56933 NULL nohasharray -+journal_init_revoke_56933 journal_init_revoke 2 56933 &CopyBufferToControlPacket_56933 ++journal_init_revoke_56933 journal_init_revoke 2 56933 NULL nohasharray ++CopyBufferToControlPacket_56933 CopyBufferToControlPacket 0 56933 &journal_init_revoke_56933 +nouveau_xtensa_create__56952 nouveau_xtensa_create_ 8 56952 NULL +diva_get_driver_info_56967 diva_get_driver_info 0 56967 NULL +nouveau_device_create__56984 nouveau_device_create_ 6 56984 NULL @@ -109830,8 +110236,8 @@ index 0000000..a0c9844 +kiblnd_create_tx_pool_57846 kiblnd_create_tx_pool 2 57846 NULL +process_all_new_xattrs_57881 process_all_new_xattrs 0 57881 NULL +xt_alloc_table_info_57903 xt_alloc_table_info 1 57903 NULL -+iio_read_first_n_kfifo_57910 iio_read_first_n_kfifo 2 57910 NULL nohasharray -+atomic_add_return_unchecked_57910 atomic_add_return_unchecked 0-1 57910 &iio_read_first_n_kfifo_57910 ++atomic_add_return_unchecked_57910 atomic_add_return_unchecked 0-1 57910 NULL nohasharray ++iio_read_first_n_kfifo_57910 iio_read_first_n_kfifo 2 57910 &atomic_add_return_unchecked_57910 +memcg_caches_array_size_57918 memcg_caches_array_size 0-1 57918 NULL +twl_i2c_write_57923 twl_i2c_write 3-4 57923 NULL +__snd_gf1_look16_57925 __snd_gf1_look16 0 57925 NULL @@ -109872,7 +110278,7 @@ index 0000000..a0c9844 +ieee80211_if_read_dot11MeshTTL_58307 ieee80211_if_read_dot11MeshTTL 3 58307 NULL +i915_wait_seqno_58309 i915_wait_seqno 0 58309 NULL +tx_tx_start_int_templates_read_58324 tx_tx_start_int_templates_read 3 58324 NULL -+ext4_ext_truncate_extend_restart_58331 ext4_ext_truncate_extend_restart 3 58331 NULL ++ext4_ext_truncate_extend_restart_58331 ext4_ext_truncate_extend_restart 3-0 58331 NULL +diva_init_dma_map_58336 diva_init_dma_map 3 58336 NULL +__copy_from_user_swizzled_58337 __copy_from_user_swizzled 2-4 58337 NULL +next_pidmap_58347 next_pidmap 2-0 58347 NULL @@ -110003,6 +110409,7 @@ index 0000000..a0c9844 +btrfs_del_dir_entries_in_log_59490 btrfs_del_dir_entries_in_log 0 59490 NULL +ib_copy_from_udata_59502 ib_copy_from_udata 3 59502 NULL +rds_pin_pages_59507 rds_pin_pages 1-2 59507 NULL ++kmalloc_large_node_59542 kmalloc_large_node 3 59542 NULL +ext4_resize_fs_59543 ext4_resize_fs 2 59543 NULL +mpi_get_nbits_59551 mpi_get_nbits 0 59551 NULL +tunables_write_59563 tunables_write 3 59563 NULL @@ -110071,8 +110478,8 @@ index 0000000..a0c9844 +xlog_bread_offset_60030 xlog_bread_offset 3 60030 NULL +bio_integrity_hw_sectors_60039 bio_integrity_hw_sectors 0-2 60039 NULL +do_ip6t_set_ctl_60040 do_ip6t_set_ctl 4 60040 NULL -+vcs_size_60050 vcs_size 0 60050 NULL nohasharray -+pin_2_irq_60050 pin_2_irq 0-3 60050 &vcs_size_60050 ++pin_2_irq_60050 pin_2_irq 0-3 60050 NULL nohasharray ++vcs_size_60050 vcs_size 0 60050 &pin_2_irq_60050 +gru_alloc_gts_60056 gru_alloc_gts 3-2 60056 NULL +open_cur_inode_file_60057 open_cur_inode_file 0 60057 NULL +compat_writev_60063 compat_writev 3 60063 NULL @@ -110180,7 +110587,7 @@ index 0000000..a0c9844 +i40e_calculate_l2fpm_size_61104 i40e_calculate_l2fpm_size 0-1-2-3-4 61104 NULL +alloc_chrdev_region_61112 alloc_chrdev_region 0 61112 NULL +__probe_kernel_read_61119 __probe_kernel_read 3 61119 NULL -+vmemmap_alloc_block_buf_61126 vmemmap_alloc_block_buf 1 61126 NULL ++vmemmap_alloc_block_buf_61126 vmemmap_alloc_block_buf 1-2 61126 NULL +afs_proc_cells_write_61139 afs_proc_cells_write 3 61139 NULL +brcmf_sdio_chip_cr4_exitdl_61143 brcmf_sdio_chip_cr4_exitdl 4 61143 NULL +__vmalloc_61168 __vmalloc 1 61168 NULL @@ -110232,6 +110639,7 @@ index 0000000..a0c9844 +trace_options_core_write_61551 trace_options_core_write 3 61551 NULL +o2hb_pop_count_61553 o2hb_pop_count 2 61553 NULL +dvb_net_ioctl_61559 dvb_net_ioctl 2 61559 NULL ++alloc_pgtable_page_61562 alloc_pgtable_page 1 61562 NULL +parport_pc_fifo_write_block_dma_61568 parport_pc_fifo_write_block_dma 3 61568 NULL +fan_proc_write_61569 fan_proc_write 3 61569 NULL +ieee80211_if_read_rc_rateidx_mask_2ghz_61570 ieee80211_if_read_rc_rateidx_mask_2ghz 3 61570 NULL @@ -110326,6 +110734,7 @@ index 0000000..a0c9844 +sparse_early_usemaps_alloc_pgdat_section_62304 sparse_early_usemaps_alloc_pgdat_section 2 62304 NULL +ocfs2_find_victim_alloc_group_62306 ocfs2_find_victim_alloc_group 0 62306 NULL +subsystem_filter_read_62310 subsystem_filter_read 3 62310 NULL ++vmemmap_pgd_populate_62315 vmemmap_pgd_populate 2 62315 NULL +timespec_to_jiffies_62321 timespec_to_jiffies 0 62321 NULL +Wb35Reg_BurstWrite_62327 Wb35Reg_BurstWrite 4 62327 NULL +subseq_list_62332 subseq_list 3-0 62332 NULL @@ -110699,12 +111108,12 @@ index 0000000..a0c9844 +nvme_trans_standard_inquiry_page_65526 nvme_trans_standard_inquiry_page 4 65526 NULL diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..5515dcb +index 0000000..50f8464 --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,3927 @@ +@@ -0,0 +1,4072 @@ +/* -+ * Copyright 2011, 2012, 2013 by Emese Revfy <re.emese@gmail.com> ++ * Copyright 2011, 2012, 2013, 2014 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 + * + * Homepage: @@ -110763,9 +111172,9 @@ index 0000000..5515dcb +#define MIN_CHECK true +#define MAX_CHECK false + -+#define TURN_OFF_ASM_STR "# size_overflow MARK_TURN_OFF\n\t" -+#define YES_ASM_STR "# size_overflow MARK_YES\n\t" -+#define OK_ASM_STR "# size_overflow\n\t" ++#define TURN_OFF_ASM_STR "# size_overflow MARK_TURN_OFF " ++#define YES_ASM_STR "# size_overflow MARK_YES " ++#define OK_ASM_STR "# size_overflow " + +#if BUILDING_GCC_VERSION == 4005 +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) @@ -110832,7 +111241,7 @@ index 0000000..5515dcb +static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, const_tree node, tree rhs1, tree rhs2, tree __unused rhs3); + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20131214beta", ++ .version = "20140111beta", + .help = "no-size-overflow\tturn off size overflow checking\n", +}; + @@ -112922,7 +113331,7 @@ index 0000000..5515dcb + str = get_asm_string(stmt); + if (!str) + return false; -+ return !strcmp(str, TURN_OFF_ASM_STR); ++ return !strncmp(str, TURN_OFF_ASM_STR, sizeof(TURN_OFF_ASM_STR) - 1); +} + +static bool is_size_overflow_intentional_asm_yes(const_gimple stmt) @@ -112932,7 +113341,7 @@ index 0000000..5515dcb + str = get_asm_string(stmt); + if (!str) + return false; -+ return !strcmp(str, YES_ASM_STR); ++ return !strncmp(str, YES_ASM_STR, sizeof(YES_ASM_STR) - 1); +} + +static bool is_size_overflow_asm(const_gimple stmt) @@ -112942,7 +113351,7 @@ index 0000000..5515dcb + str = get_asm_string(stmt); + if (!str) + return false; -+ return !strncmp(str, "# size_overflow", 15); ++ return !strncmp(str, OK_ASM_STR, sizeof(OK_ASM_STR) - 1); +} + +static void print_missing_intentional(enum mark callee_attr, enum mark caller_attr, const_tree decl, unsigned int argnum) @@ -114040,9 +114449,8 @@ index 0000000..5515dcb + + switch (cur_fndecl_attr) { + case MARK_NO: -+ return MARK_NO; + case MARK_TURN_OFF: -+ return MARK_TURN_OFF; ++ return cur_fndecl_attr; + default: + print_missing_intentional(decl_attr, cur_fndecl_attr, fndecl, argnum); + return MARK_YES; @@ -114182,6 +114590,23 @@ index 0000000..5515dcb + update_stmt(stmt); +} + ++static char *create_asm_comment(unsigned int argnum, const_gimple stmt , const char *mark_str) ++{ ++ const char *fn_name; ++ char *asm_comment; ++ unsigned int len; ++ ++ if (argnum == 0) ++ fn_name = NAME(current_function_decl); ++ else ++ fn_name = NAME(gimple_call_fndecl(stmt)); ++ ++ len = asprintf(&asm_comment, "%s %s %u", mark_str, fn_name, argnum); ++ gcc_assert(len > 0); ++ ++ return asm_comment; ++} ++ +static const char *convert_mark_to_str(enum mark mark) +{ + switch (mark) { @@ -114210,8 +114635,6 @@ index 0000000..5515dcb + return; + } + -+ gcc_assert(!is_size_overflow_intentional_asm_turn_off(asm_data->def_stmt)); -+ + asm_data->input = create_new_var(TREE_TYPE(asm_data->output)); + asm_data->input = make_ssa_name(asm_data->input, asm_data->def_stmt); + @@ -114225,16 +114648,20 @@ index 0000000..5515dcb + break; + case GIMPLE_NOP: { + enum mark mark; -+ const char *str; ++ const char *mark_str; ++ char *asm_comment; + + mark = check_intentional_attribute_gimple(asm_data->output, stmt, argnum); -+ str = convert_mark_to_str(mark); + + asm_data->input = asm_data->output; + asm_data->output = NULL; + asm_data->def_stmt = stmt; + -+ create_asm_stmt(str, build_string(2, "rm"), NULL, asm_data); ++ mark_str = convert_mark_to_str(mark); ++ asm_comment = create_asm_comment(argnum, stmt, mark_str); ++ ++ create_asm_stmt(asm_comment, build_string(2, "rm"), NULL, asm_data); ++ free(asm_comment); + asm_data->input = NULL_TREE; + break; + } @@ -114257,7 +114684,8 @@ index 0000000..5515dcb +static void create_size_overflow_asm(gimple stmt, tree output_node, unsigned int argnum) +{ + struct asm_data asm_data; -+ const char *str; ++ const char *mark_str; ++ char *asm_comment; + enum mark mark; + + if (is_gimple_constant(output_node)) @@ -114265,18 +114693,156 @@ index 0000000..5515dcb + + asm_data.output = output_node; + mark = check_intentional_attribute_gimple(asm_data.output, stmt, argnum); -+ if (mark == MARK_TURN_OFF) -+ return; -+ -+ search_missing_size_overflow_attribute_gimple(stmt, argnum); ++ if (mark != MARK_TURN_OFF) ++ search_missing_size_overflow_attribute_gimple(stmt, argnum); + + asm_data.def_stmt = get_def_stmt(asm_data.output); ++ if (is_size_overflow_intentional_asm_turn_off(asm_data.def_stmt)) ++ return; ++ + create_asm_input(stmt, argnum, &asm_data); + if (asm_data.input == NULL_TREE) + return; + -+ str = convert_mark_to_str(mark); -+ create_asm_stmt(str, build_string(1, "0"), build_string(3, "=rm"), &asm_data); ++ mark_str = convert_mark_to_str(mark); ++ asm_comment = create_asm_comment(argnum, stmt, mark_str); ++ create_asm_stmt(asm_comment, build_string(1, "0"), build_string(3, "=rm"), &asm_data); ++ free(asm_comment); ++} ++ ++// Insert an asm stmt with "MARK_TURN_OFF", "MARK_YES" or "MARK_NOT_INTENTIONAL". ++static bool create_mark_asm(gimple stmt, enum mark mark) ++{ ++ struct asm_data asm_data; ++ const char *asm_str; ++ ++ switch (mark) { ++ case MARK_TURN_OFF: ++ asm_str = TURN_OFF_ASM_STR; ++ break; ++ case MARK_NOT_INTENTIONAL: ++ case MARK_YES: ++ asm_str = YES_ASM_STR; ++ break; ++ default: ++ gcc_unreachable(); ++ } ++ ++ asm_data.def_stmt = stmt; ++ asm_data.output = gimple_call_lhs(stmt); ++ ++ if (asm_data.output == NULL_TREE) { ++ asm_data.input = gimple_call_arg(stmt, 0); ++ if (is_gimple_constant(asm_data.input)) ++ return false; ++ asm_data.output = NULL; ++ create_asm_stmt(asm_str, build_string(2, "rm"), NULL, &asm_data); ++ return true; ++ } ++ ++ create_asm_input(stmt, 0, &asm_data); ++ gcc_assert(asm_data.input != NULL_TREE); ++ ++ create_asm_stmt(asm_str, build_string(1, "0"), build_string(3, "=rm"), &asm_data); ++ return true; ++} ++ ++static bool is_from_cast(const_tree node) ++{ ++ gimple def_stmt = get_def_stmt(node); ++ ++ if (!def_stmt) ++ return false; ++ ++ if (gimple_assign_cast_p(def_stmt)) ++ return true; ++ ++ return false; ++} ++ ++// Skip duplication when there is a minus expr and the type of rhs1 or rhs2 is a pointer_type. ++static bool skip_ptr_minus(gimple stmt) ++{ ++ const_tree rhs1, rhs2, ptr1_rhs, ptr2_rhs; ++ ++ if (gimple_assign_rhs_code(stmt) != MINUS_EXPR) ++ return false; ++ ++ rhs1 = gimple_assign_rhs1(stmt); ++ if (!is_from_cast(rhs1)) ++ return false; ++ ++ rhs2 = gimple_assign_rhs2(stmt); ++ if (!is_from_cast(rhs2)) ++ return false; ++ ++ ptr1_rhs = gimple_assign_rhs1(get_def_stmt(rhs1)); ++ ptr2_rhs = gimple_assign_rhs1(get_def_stmt(rhs2)); ++ ++ if (TREE_CODE(TREE_TYPE(ptr1_rhs)) != POINTER_TYPE && TREE_CODE(TREE_TYPE(ptr2_rhs)) != POINTER_TYPE) ++ return false; ++ ++ create_mark_asm(stmt, MARK_YES); ++ return true; ++} ++ ++static void walk_use_def_ptr(struct pointer_set_t *visited, const_tree lhs) ++{ ++ gimple def_stmt; ++ ++ def_stmt = get_def_stmt(lhs); ++ if (!def_stmt) ++ return; ++ ++ if (pointer_set_insert(visited, def_stmt)) ++ return; ++ ++ switch (gimple_code(def_stmt)) { ++ case GIMPLE_NOP: ++ case GIMPLE_ASM: ++ case GIMPLE_CALL: ++ break; ++ case GIMPLE_PHI: { ++ unsigned int i, n = gimple_phi_num_args(def_stmt); ++ ++ pointer_set_insert(visited, def_stmt); ++ ++ for (i = 0; i < n; i++) { ++ tree arg = gimple_phi_arg_def(def_stmt, i); ++ ++ walk_use_def_ptr(visited, arg); ++ } ++ } ++ case GIMPLE_ASSIGN: ++ switch (gimple_num_ops(def_stmt)) { ++ case 2: ++ walk_use_def_ptr(visited, gimple_assign_rhs1(def_stmt)); ++ return; ++ case 3: ++ if (skip_ptr_minus(def_stmt)) ++ return; ++ ++ walk_use_def_ptr(visited, gimple_assign_rhs1(def_stmt)); ++ walk_use_def_ptr(visited, gimple_assign_rhs2(def_stmt)); ++ return; ++ default: ++ return; ++ } ++ default: ++ debug_gimple_stmt((gimple)def_stmt); ++ error("%s: unknown gimple code", __func__); ++ gcc_unreachable(); ++ } ++} ++ ++// Look for a ptr - ptr expression (e.g., cpuset_common_file_read() s - page) ++static void insert_mark_not_intentional_asm_at_ptr(const_tree arg) ++{ ++ struct pointer_set_t *visited; ++ ++ visited = pointer_set_create(); ++ walk_use_def_ptr(visited, arg); ++ pointer_set_destroy(visited); +} + +// Determine the return value and insert the asm stmt to mark the return stmt. @@ -114301,6 +114867,10 @@ index 0000000..5515dcb + + arg = gimple_call_arg(stmt, argnum - 1); + gcc_assert(arg != NULL_TREE); ++ ++ // skip all ptr - ptr expressions ++ insert_mark_not_intentional_asm_at_ptr(arg); ++ + create_size_overflow_asm(stmt, arg, argnum); +} + @@ -114360,35 +114930,17 @@ index 0000000..5515dcb + +/* + * Look up the intentional_overflow attribute that turns off ipa based duplication -+ * on the callee function, if found insert an asm stmt with "MARK_TURN_OFF". ++ * on the callee function. + */ -+static bool create_mark_turn_off_asm(gimple stmt) ++static bool is_mark_turn_off_attribute(gimple stmt) +{ + enum mark mark; -+ struct asm_data asm_data; + const_tree fndecl = gimple_call_fndecl(stmt); + + mark = get_intentional_attr_type(DECL_ORIGIN(fndecl)); -+ if (mark != MARK_TURN_OFF) -+ return false; -+ -+ asm_data.def_stmt = stmt; -+ asm_data.output = gimple_call_lhs(stmt); -+ -+ if (asm_data.output == NULL_TREE) { -+ asm_data.input = gimple_call_arg(stmt, 0); -+ if (is_gimple_constant(asm_data.input)) -+ return false; -+ asm_data.output = NULL; -+ create_asm_stmt(TURN_OFF_ASM_STR, build_string(2, "rm"), NULL, &asm_data); ++ if (mark == MARK_TURN_OFF) + return true; -+ } -+ -+ create_asm_input(stmt, 0, &asm_data); -+ gcc_assert(asm_data.input != NULL_TREE); -+ -+ create_asm_stmt(TURN_OFF_ASM_STR, build_string(1, "0"), build_string(3, "=rm"), &asm_data); -+ return true; ++ return false; +} + +// If the argument(s) of the callee function is/are in the hash table or are marked by an attribute then mark the call stmt with an asm stmt @@ -114405,8 +114957,10 @@ index 0000000..5515dcb + return; + fndecl = DECL_ORIGIN(fndecl); + -+ if (create_mark_turn_off_asm(stmt)) ++ if (is_mark_turn_off_attribute(stmt)) { ++ create_mark_asm(stmt, MARK_TURN_OFF); + return; ++ } + + search_interesting_args(fndecl, orig_argnums); + |