* [gentoo-commits] proj/hardened-patchset:master commit in: 3.13.8/, 3.2.56/
@ 2014-04-04 15:23 Anthony G. Basile
0 siblings, 0 replies; 2+ messages in thread
From: Anthony G. Basile @ 2014-04-04 15:23 UTC (permalink / raw
To: gentoo-commits
commit: 8faf11a689dd695f6cf54cabb0705ee146b7f878
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 4 15:23:14 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Apr 4 15:23:14 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=8faf11a6
Grsec/PaX: 3.0-{3.2.56,3.13.8}-201404031157
---
3.13.8/0000_README | 2 +-
... 4420_grsecurity-3.0-3.13.8-201404031157.patch} | 69 +++++++++++++++-
3.2.56/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.56-201404031155.patch} | 95 ++++++++++++++++++++--
4 files changed, 157 insertions(+), 11 deletions(-)
diff --git a/3.13.8/0000_README b/3.13.8/0000_README
index c7f2d48..261bc85 100644
--- a/3.13.8/0000_README
+++ b/3.13.8/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.13.8-201404011912.patch
+Patch: 4420_grsecurity-3.0-3.13.8-201404031157.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.13.8/4420_grsecurity-3.0-3.13.8-201404011912.patch b/3.13.8/4420_grsecurity-3.0-3.13.8-201404031157.patch
similarity index 99%
rename from 3.13.8/4420_grsecurity-3.0-3.13.8-201404011912.patch
rename to 3.13.8/4420_grsecurity-3.0-3.13.8-201404031157.patch
index 9c4aaac..1ca327a 100644
--- a/3.13.8/4420_grsecurity-3.0-3.13.8-201404011912.patch
+++ b/3.13.8/4420_grsecurity-3.0-3.13.8-201404031157.patch
@@ -65163,10 +65163,10 @@ index 104455b..764c512 100644
kfree(s);
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..13b7885
+index 0000000..81a6826
--- /dev/null
+++ b/grsecurity/Kconfig
-@@ -0,0 +1,1155 @@
+@@ -0,0 +1,1160 @@
+#
+# grecurity configuration
+#
@@ -65647,6 +65647,11 @@ index 0000000..13b7885
+ encounter no software incompatibilities with the following options, it
+ is recommended that you enable each one.
+
++ Note that the chroot restrictions are not intended to apply to "chroots"
++ to directories that are simple bind mounts of the global root filesystem.
++ For several other reasons, a user shouldn't expect any significant
++ security by performing such a chroot.
++
+config GRKERNSEC_CHROOT_MOUNT
+ bool "Deny mounts"
+ default y if GRKERNSEC_CONFIG_AUTO
@@ -96923,10 +96928,66 @@ index 5b7d0e1..cb960fc 100644
}
EXPORT_SYMBOL(dev_load);
diff --git a/net/core/filter.c b/net/core/filter.c
-index ad30d62..c2757df 100644
+index ad30d62..821081f 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
-@@ -679,7 +679,7 @@ int sk_unattached_filter_create(struct sk_filter **pfp,
+@@ -126,7 +126,7 @@ unsigned int sk_run_filter(const struct sk_buff *skb,
+ void *ptr;
+ u32 A = 0; /* Accumulator */
+ u32 X = 0; /* Index Register */
+- u32 mem[BPF_MEMWORDS]; /* Scratch Memory Store */
++ u32 mem[BPF_MEMWORDS] = {}; /* Scratch Memory Store */
+ u32 tmp;
+ int k;
+
+@@ -292,10 +292,10 @@ load_b:
+ X = K;
+ continue;
+ case BPF_S_LD_MEM:
+- A = mem[K];
++ A = mem[K&15];
+ continue;
+ case BPF_S_LDX_MEM:
+- X = mem[K];
++ X = mem[K&15];
+ continue;
+ case BPF_S_MISC_TAX:
+ X = A;
+@@ -308,10 +308,10 @@ load_b:
+ case BPF_S_RET_A:
+ return A;
+ case BPF_S_ST:
+- mem[K] = A;
++ mem[K&15] = A;
+ continue;
+ case BPF_S_STX:
+- mem[K] = X;
++ mem[K&15] = X;
+ continue;
+ case BPF_S_ANC_PROTOCOL:
+ A = ntohs(skb->protocol);
+@@ -391,9 +391,10 @@ load_b:
+ continue;
+ #endif
+ default:
+- WARN_RATELIMIT(1, "Unknown code:%u jt:%u tf:%u k:%u\n",
++ WARN(1, KERN_ALERT "Unknown sock filter code:%u jt:%u tf:%u k:%u\n",
+ fentry->code, fentry->jt,
+ fentry->jf, fentry->k);
++ BUG();
+ return 0;
+ }
+ }
+@@ -416,7 +417,7 @@ static int check_load_and_stores(struct sock_filter *filter, int flen)
+ u16 *masks, memvalid = 0; /* one bit per cell, 16 cells */
+ int pc, ret = 0;
+
+- BUILD_BUG_ON(BPF_MEMWORDS > 16);
++ BUILD_BUG_ON(BPF_MEMWORDS != 16);
+ masks = kmalloc(flen * sizeof(*masks), GFP_KERNEL);
+ if (!masks)
+ return -ENOMEM;
+@@ -679,7 +680,7 @@ int sk_unattached_filter_create(struct sk_filter **pfp,
fp = kmalloc(sk_filter_size(fprog->len), GFP_KERNEL);
if (!fp)
return -ENOMEM;
diff --git a/3.2.56/0000_README b/3.2.56/0000_README
index ce219c9..b2a75bc 100644
--- a/3.2.56/0000_README
+++ b/3.2.56/0000_README
@@ -142,7 +142,7 @@ Patch: 1055_linux-3.2.56.patch
From: http://www.kernel.org
Desc: Linux 3.2.56
-Patch: 4420_grsecurity-3.0-3.2.56-201404012135.patch
+Patch: 4420_grsecurity-3.0-3.2.56-201404031155.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.56/4420_grsecurity-3.0-3.2.56-201404012135.patch b/3.2.56/4420_grsecurity-3.0-3.2.56-201404031155.patch
similarity index 99%
rename from 3.2.56/4420_grsecurity-3.0-3.2.56-201404012135.patch
rename to 3.2.56/4420_grsecurity-3.0-3.2.56-201404031155.patch
index 4f4f0f9..a7d359a 100644
--- a/3.2.56/4420_grsecurity-3.0-3.2.56-201404012135.patch
+++ b/3.2.56/4420_grsecurity-3.0-3.2.56-201404031155.patch
@@ -63410,10 +63410,10 @@ index 8a89949..6776861 100644
xfs_init_zones(void)
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..3dd4ae7
+index 0000000..d913d1e
--- /dev/null
+++ b/grsecurity/Kconfig
-@@ -0,0 +1,1141 @@
+@@ -0,0 +1,1146 @@
+#
+# grecurity configuration
+#
@@ -63880,6 +63880,11 @@ index 0000000..3dd4ae7
+ encounter no software incompatibilities with the following options, it
+ is recommended that you enable each one.
+
++ Note that the chroot restrictions are not intended to apply to "chroots"
++ to directories that are simple bind mounts of the global root filesystem.
++ For several other reasons, a user shouldn't expect any significant
++ security by performing such a chroot.
++
+config GRKERNSEC_CHROOT_MOUNT
+ bool "Deny mounts"
+ default y if GRKERNSEC_CONFIG_AUTO
@@ -97863,7 +97868,7 @@ index 2367246..4a0a677 100644
ret = -EFAULT;
goto out;
diff --git a/net/core/filter.c b/net/core/filter.c
-index 5dea452..d775edc 100644
+index 5dea452..e17caac 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -39,6 +39,7 @@
@@ -97874,7 +97879,42 @@ index 5dea452..d775edc 100644
/* No hurry in this branch */
static void *__load_pointer(const struct sk_buff *skb, int k, unsigned int size)
-@@ -350,6 +351,11 @@ load_b:
+@@ -115,7 +116,7 @@ unsigned int sk_run_filter(const struct sk_buff *skb,
+ void *ptr;
+ u32 A = 0; /* Accumulator */
+ u32 X = 0; /* Index Register */
+- u32 mem[BPF_MEMWORDS]; /* Scratch Memory Store */
++ u32 mem[BPF_MEMWORDS] = {}; /* Scratch Memory Store */
+ u32 tmp;
+ int k;
+
+@@ -266,10 +267,10 @@ load_b:
+ X = K;
+ continue;
+ case BPF_S_LD_MEM:
+- A = mem[K];
++ A = mem[K&15];
+ continue;
+ case BPF_S_LDX_MEM:
+- X = mem[K];
++ X = mem[K&15];
+ continue;
+ case BPF_S_MISC_TAX:
+ X = A;
+@@ -282,10 +283,10 @@ load_b:
+ case BPF_S_RET_A:
+ return A;
+ case BPF_S_ST:
+- mem[K] = A;
++ mem[K&15] = A;
+ continue;
+ case BPF_S_STX:
+- mem[K] = X;
++ mem[K&15] = X;
+ continue;
+ case BPF_S_ANC_PROTOCOL:
+ A = ntohs(skb->protocol);
+@@ -350,10 +351,16 @@ load_b:
A = 0;
continue;
}
@@ -97884,8 +97924,53 @@ index 5dea452..d775edc 100644
+ continue;
+#endif
default:
- WARN_RATELIMIT(1, "Unknown code:%u jt:%u tf:%u k:%u\n",
+- WARN_RATELIMIT(1, "Unknown code:%u jt:%u tf:%u k:%u\n",
++ WARN(1, KERN_ALERT "Unknown sock filter code:%u jt:%u tf:%u k:%u\n",
fentry->code, fentry->jt,
+ fentry->jf, fentry->k);
++ BUG();
+ return 0;
+ }
+ }
+@@ -376,7 +383,7 @@ static int check_load_and_stores(struct sock_filter *filter, int flen)
+ u16 *masks, memvalid = 0; /* one bit per cell, 16 cells */
+ int pc, ret = 0;
+
+- BUILD_BUG_ON(BPF_MEMWORDS > 16);
++ BUILD_BUG_ON(BPF_MEMWORDS != 16);
+ masks = kmalloc(flen * sizeof(*masks), GFP_KERNEL);
+ if (!masks)
+ return -ENOMEM;
+@@ -490,6 +497,7 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen)
+ [BPF_JMP|BPF_JSET|BPF_X] = BPF_S_JMP_JSET_X,
+ };
+ int pc;
++ bool anc_found;
+
+ if (flen == 0 || flen > BPF_MAXINSNS)
+ return -EINVAL;
+@@ -545,8 +553,10 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen)
+ case BPF_S_LD_W_ABS:
+ case BPF_S_LD_H_ABS:
+ case BPF_S_LD_B_ABS:
++ anc_found = false;
+ #define ANCILLARY(CODE) case SKF_AD_OFF + SKF_AD_##CODE: \
+ code = BPF_S_ANC_##CODE; \
++ anc_found = true; \
+ break
+ switch (ftest->k) {
+ ANCILLARY(PROTOCOL);
+@@ -560,6 +570,10 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen)
+ ANCILLARY(RXHASH);
+ ANCILLARY(CPU);
+ }
++
++ /* ancillary operation unknown or unsupported */
++ if (anc_found == false && ftest->k >= SKF_AD_OFF)
++ return -EINVAL;
+ }
+ ftest->code = code;
+ }
diff --git a/net/core/flow.c b/net/core/flow.c
index e318c7e..168b1d0 100644
--- a/net/core/flow.c
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 3.13.8/, 3.2.56/
@ 2014-04-07 15:22 Anthony G. Basile
0 siblings, 0 replies; 2+ messages in thread
From: Anthony G. Basile @ 2014-04-07 15:22 UTC (permalink / raw
To: gentoo-commits
commit: 63d5e8a78d1e3c99b66c24475e0b672ff7fca5a6
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 7 15:22:13 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Apr 7 15:22:13 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=63d5e8a7
Grsec/PaX: 3.0-{3.2.56,3.13.8}-201404062127
---
3.13.8/0000_README | 2 +-
... 4420_grsecurity-3.0-3.13.9-201404062127.patch} | 1026 +++++++++++++-------
3.2.56/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.56-201404062126.patch} | 533 +++++++++-
4 files changed, 1184 insertions(+), 379 deletions(-)
diff --git a/3.13.8/0000_README b/3.13.8/0000_README
index 261bc85..02b8064 100644
--- a/3.13.8/0000_README
+++ b/3.13.8/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.13.8-201404031157.patch
+Patch: 4420_grsecurity-3.0-3.13.9-201404062127.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.13.8/4420_grsecurity-3.0-3.13.8-201404031157.patch b/3.13.8/4420_grsecurity-3.0-3.13.9-201404062127.patch
similarity index 99%
rename from 3.13.8/4420_grsecurity-3.0-3.13.8-201404031157.patch
rename to 3.13.8/4420_grsecurity-3.0-3.13.9-201404062127.patch
index 1ca327a..3408709 100644
--- a/3.13.8/4420_grsecurity-3.0-3.13.8-201404031157.patch
+++ b/3.13.8/4420_grsecurity-3.0-3.13.9-201404062127.patch
@@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 4cab13b..b7d5e41 100644
+index 652f972..20ef4fb 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -12500,9 +12500,18 @@ index c337422..2c5be72 100644
.quad 0x0000000000000000 /* TS continued */
gdt_end:
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
-index 434f077..b6b4b38 100644
+index 434f077..f20f3ff 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
+@@ -224,7 +224,7 @@ void __putstr(const char *s)
+
+ void *memset(void *s, int c, size_t n)
+ {
+- int i;
++ size_t i;
+ char *ss = s;
+
+ for (i = 0; i < n; i++)
@@ -283,7 +283,7 @@ static void handle_relocations(void *output, unsigned long output_len)
* Calculate the delta between where vmlinux was linked to load
* and where it was actually loaded.
@@ -12512,7 +12521,16 @@ index 434f077..b6b4b38 100644
if (!delta) {
debug_putstr("No relocation needed... ");
return;
-@@ -380,7 +380,7 @@ static void parse_elf(void *output)
+@@ -353,7 +353,7 @@ static void parse_elf(void *output)
+ Elf32_Ehdr ehdr;
+ Elf32_Phdr *phdrs, *phdr;
+ #endif
+- void *dest;
++ void *dest, *prev;
+ int i;
+
+ memcpy(&ehdr, output, sizeof(ehdr));
+@@ -380,13 +380,16 @@ static void parse_elf(void *output)
case PT_LOAD:
#ifdef CONFIG_RELOCATABLE
dest = output;
@@ -12521,7 +12539,16 @@ index 434f077..b6b4b38 100644
#else
dest = (void *)(phdr->p_paddr);
#endif
-@@ -432,7 +432,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
+ memcpy(dest,
+ output + phdr->p_offset,
+ phdr->p_filesz);
++ if (i)
++ memset(prev, 0xff, dest - prev);
++ prev = dest + phdr->p_filesz;
+ break;
+ default: /* Ignore other PT_* */ break;
+ }
+@@ -432,7 +435,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
error("Destination address too large");
#endif
#ifndef CONFIG_RELOCATABLE
@@ -17549,7 +17576,7 @@ index 81bb91b..9392125 100644
/*
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index 5ad38ad..f228861 100644
+index bbc8b12..f228861 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -45,6 +45,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
@@ -17672,30 +17699,7 @@ index 5ad38ad..f228861 100644
#include <linux/mm_types.h>
#include <linux/mmdebug.h>
#include <linux/log2.h>
-@@ -445,20 +520,10 @@ static inline int pte_same(pte_t a, pte_t b)
- return a.pte == b.pte;
- }
-
--static inline int pteval_present(pteval_t pteval)
--{
-- /*
-- * Yes Linus, _PAGE_PROTNONE == _PAGE_NUMA. Expressing it this
-- * way clearly states that the intent is that protnone and numa
-- * hinting ptes are considered present for the purposes of
-- * pagetable operations like zapping, protection changes, gup etc.
-- */
-- return pteval & (_PAGE_PRESENT | _PAGE_PROTNONE | _PAGE_NUMA);
--}
--
- static inline int pte_present(pte_t a)
- {
-- return pteval_present(pte_flags(a));
-+ return pte_flags(a) & (_PAGE_PRESENT | _PAGE_PROTNONE |
-+ _PAGE_NUMA);
- }
-
- #define pte_accessible pte_accessible
-@@ -580,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
+@@ -570,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
* Currently stuck as a macro due to indirect forward reference to
* linux/mmzone.h's __section_mem_map_addr() definition:
*/
@@ -17704,7 +17708,7 @@ index 5ad38ad..f228861 100644
/* Find an entry in the second-level page table.. */
static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address)
-@@ -620,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
+@@ -610,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
* Currently stuck as a macro due to indirect forward reference to
* linux/mmzone.h's __section_mem_map_addr() definition:
*/
@@ -17713,7 +17717,7 @@ index 5ad38ad..f228861 100644
/* to find an entry in a page-table-directory. */
static inline unsigned long pud_index(unsigned long address)
-@@ -635,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
+@@ -625,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
static inline int pgd_bad(pgd_t pgd)
{
@@ -17722,7 +17726,7 @@ index 5ad38ad..f228861 100644
}
static inline int pgd_none(pgd_t pgd)
-@@ -658,7 +723,12 @@ static inline int pgd_none(pgd_t pgd)
+@@ -648,7 +723,12 @@ static inline int pgd_none(pgd_t pgd)
* pgd_offset() returns a (pgd_t *)
* pgd_index() is used get the offset into the pgd page's array of pgd_t's;
*/
@@ -17736,7 +17740,7 @@ index 5ad38ad..f228861 100644
/*
* a shortcut which implies the use of the kernel's pgd, instead
* of a process's
-@@ -669,6 +739,23 @@ static inline int pgd_none(pgd_t pgd)
+@@ -659,6 +739,23 @@ static inline int pgd_none(pgd_t pgd)
#define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET)
#define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
@@ -17760,7 +17764,7 @@ index 5ad38ad..f228861 100644
#ifndef __ASSEMBLY__
extern int direct_gbpages;
-@@ -835,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
+@@ -825,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
* dst and src can be on the same page, but the range must not overlap,
* and must not cross a page boundary.
*/
@@ -35432,30 +35436,18 @@ index fa6ade7..73da73a5 100644
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index 3c76c3d..7327d91 100644
+index ce563be..7327d91 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
-@@ -365,7 +365,7 @@ void xen_ptep_modify_prot_commit(struct mm_struct *mm, unsigned long addr,
- /* Assume pteval_t is equivalent to all the other *val_t types. */
- static pteval_t pte_mfn_to_pfn(pteval_t val)
- {
-- if (pteval_present(val)) {
-+ if (val & _PAGE_PRESENT) {
- unsigned long mfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
- unsigned long pfn = mfn_to_pfn(mfn);
-
-@@ -379,9 +379,9 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
+@@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
return val;
}
-static pteval_t pte_pfn_to_mfn(pteval_t val)
+static pteval_t __intentional_overflow(-1) pte_pfn_to_mfn(pteval_t val)
{
-- if (pteval_present(val)) {
-+ if (val & _PAGE_PRESENT) {
+ if (val & _PAGE_PRESENT) {
unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
- pteval_t flags = val & PTE_FLAGS_MASK;
- unsigned long mfn;
@@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
/* L3_k[510] -> level2_kernel_pgt
* L3_i[511] -> level2_fixmap_pgt */
@@ -40067,19 +40059,6 @@ index a3ba9a8..ee52ddd 100644
unsigned relocs_total = 0;
unsigned relocs_max = UINT_MAX / sizeof(struct drm_i915_gem_relocation_entry);
-diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
-index d3c3b5b..e79720d 100644
---- a/drivers/gpu/drm/i915/i915_gem_gtt.c
-+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
-@@ -828,7 +828,7 @@ void i915_gem_suspend_gtt_mappings(struct drm_device *dev)
- dev_priv->gtt.base.clear_range(&dev_priv->gtt.base,
- dev_priv->gtt.base.start / PAGE_SIZE,
- dev_priv->gtt.base.total / PAGE_SIZE,
-- false);
-+ true);
- }
-
- void i915_gem_restore_gtt_mappings(struct drm_device *dev)
diff --git a/drivers/gpu/drm/i915/i915_ioc32.c b/drivers/gpu/drm/i915/i915_ioc32.c
index 3c59584..500f2e9 100644
--- a/drivers/gpu/drm/i915/i915_ioc32.c
@@ -42930,10 +42909,10 @@ index 2f0b39d..7370f13 100644
ssize_t psmouse_attr_show_helper(struct device *dev, struct device_attribute *attr,
diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c
-index 4c842c3..590b0bf 100644
+index b604564..3f14ae4 100644
--- a/drivers/input/mousedev.c
+++ b/drivers/input/mousedev.c
-@@ -738,7 +738,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer,
+@@ -744,7 +744,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer,
spin_unlock_irq(&client->packet_lock);
@@ -43415,6 +43394,23 @@ index 53d487f..f020f41 100644
return -EFAULT;
} else
memcpy(msg, buf, count);
+diff --git a/drivers/isdn/isdnloop/isdnloop.c b/drivers/isdn/isdnloop/isdnloop.c
+index 02125e6..e1f8748 100644
+--- a/drivers/isdn/isdnloop/isdnloop.c
++++ b/drivers/isdn/isdnloop/isdnloop.c
+@@ -1070,6 +1070,12 @@ isdnloop_start(isdnloop_card *card, isdnloop_sdef *sdefp)
+ return -EBUSY;
+ if (copy_from_user((char *) &sdef, (char *) sdefp, sizeof(sdef)))
+ return -EFAULT;
++
++ for (i = 0; i < 3; i++) {
++ if (!memchr(sdef.num[i], 0, sizeof(sdef.num[i])))
++ return -EINVAL;
++ }
++
+ spin_lock_irqsave(&card->isdnloop_lock, flags);
+ switch (sdef.ptype) {
+ case ISDN_PTYPE_EURO:
diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c
index a4f05c5..1433bc5 100644
--- a/drivers/isdn/mISDN/dsp_cmx.c
@@ -44026,6 +44022,28 @@ index 0095ec8..c89277a 100644
}
struct md_personality
+diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c
+index 579b582..9fb6185 100644
+--- a/drivers/md/persistent-data/dm-space-map-metadata.c
++++ b/drivers/md/persistent-data/dm-space-map-metadata.c
+@@ -679,7 +679,7 @@ static int sm_metadata_extend(struct dm_space_map *sm, dm_block_t extra_blocks)
+ * Flick into a mode where all blocks get allocated in the new area.
+ */
+ smm->begin = old_len;
+- memcpy(sm, &bootstrap_ops, sizeof(*sm));
++ memcpy((void *)sm, &bootstrap_ops, sizeof(*sm));
+
+ /*
+ * Extend.
+@@ -710,7 +710,7 @@ out:
+ /*
+ * Switch back to normal behaviour.
+ */
+- memcpy(sm, &ops, sizeof(*sm));
++ memcpy((void *)sm, &ops, sizeof(*sm));
+ return r;
+ }
+
diff --git a/drivers/md/persistent-data/dm-space-map.h b/drivers/md/persistent-data/dm-space-map.h
index 3e6d115..ffecdeb 100644
--- a/drivers/md/persistent-data/dm-space-map.h
@@ -47187,6 +47205,93 @@ index 84d94f5..bd6c61c 100644
u16 int_num;
ZD_ASSERT(in_interrupt());
+diff --git a/drivers/net/xen-netback/common.h b/drivers/net/xen-netback/common.h
+index c47794b..6668d03 100644
+--- a/drivers/net/xen-netback/common.h
++++ b/drivers/net/xen-netback/common.h
+@@ -113,6 +113,11 @@ struct xenvif {
+ domid_t domid;
+ unsigned int handle;
+
++ /* Is this interface disabled? True when backend discovers
++ * frontend is rogue.
++ */
++ bool disabled;
++
+ /* Use NAPI for guest TX */
+ struct napi_struct napi;
+ /* When feature-split-event-channels = 0, tx_irq = rx_irq. */
+diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c
+index fff8cddf..a2ef2e6 100644
+--- a/drivers/net/xen-netback/interface.c
++++ b/drivers/net/xen-netback/interface.c
+@@ -67,6 +67,15 @@ static int xenvif_poll(struct napi_struct *napi, int budget)
+ struct xenvif *vif = container_of(napi, struct xenvif, napi);
+ int work_done;
+
++ /* This vif is rogue, we pretend we've there is nothing to do
++ * for this vif to deschedule it from NAPI. But this interface
++ * will be turned off in thread context later.
++ */
++ if (unlikely(vif->disabled)) {
++ napi_complete(napi);
++ return 0;
++ }
++
+ work_done = xenvif_tx_action(vif, budget);
+
+ if (work_done < budget) {
+@@ -323,6 +332,8 @@ struct xenvif *xenvif_alloc(struct device *parent, domid_t domid,
+ vif->ip_csum = 1;
+ vif->dev = dev;
+
++ vif->disabled = false;
++
+ vif->credit_bytes = vif->remaining_credit = ~0UL;
+ vif->credit_usec = 0UL;
+ init_timer(&vif->credit_timeout);
+diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c
+index 7842555..c69d1ad 100644
+--- a/drivers/net/xen-netback/netback.c
++++ b/drivers/net/xen-netback/netback.c
+@@ -756,7 +756,8 @@ static void xenvif_tx_err(struct xenvif *vif,
+ static void xenvif_fatal_tx_err(struct xenvif *vif)
+ {
+ netdev_err(vif->dev, "fatal error; disabling device\n");
+- xenvif_carrier_off(vif);
++ vif->disabled = true;
++ xenvif_kick_thread(vif);
+ }
+
+ static int xenvif_count_requests(struct xenvif *vif,
+@@ -1483,7 +1484,7 @@ static unsigned xenvif_tx_build_gops(struct xenvif *vif, int budget)
+ vif->tx.sring->req_prod, vif->tx.req_cons,
+ XEN_NETIF_TX_RING_SIZE);
+ xenvif_fatal_tx_err(vif);
+- continue;
++ break;
+ }
+
+ work_to_do = RING_HAS_UNCONSUMED_REQUESTS(&vif->tx);
+@@ -1877,7 +1878,18 @@ int xenvif_kthread(void *data)
+ while (!kthread_should_stop()) {
+ wait_event_interruptible(vif->wq,
+ rx_work_todo(vif) ||
++ vif->disabled ||
+ kthread_should_stop());
++
++ /* This frontend is found to be rogue, disable it in
++ * kthread context. Currently this is only set when
++ * netback finds out frontend sends malformed packet,
++ * but we cannot disable the interface in softirq
++ * context so we defer it here.
++ */
++ if (unlikely(vif->disabled && netif_carrier_ok(vif->dev)))
++ xenvif_carrier_off(vif);
++
+ if (kthread_should_stop())
+ break;
+
diff --git a/drivers/nfc/nfcwilink.c b/drivers/nfc/nfcwilink.c
index 7130864..00e64de 100644
--- a/drivers/nfc/nfcwilink.c
@@ -55638,54 +55743,6 @@ index 88714ae..16c2e11 100644
static inline u32 get_pll_internal_frequency(u32 ref_freq,
-diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
-index 4c02e2b..2c85267 100644
---- a/drivers/xen/balloon.c
-+++ b/drivers/xen/balloon.c
-@@ -406,12 +406,26 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp)
- state = BP_EAGAIN;
- break;
- }
--
-- pfn = page_to_pfn(page);
-- frame_list[i] = pfn_to_mfn(pfn);
--
- scrub_page(page);
-
-+ frame_list[i] = page_to_pfn(page);
-+ }
-+
-+ /*
-+ * Ensure that ballooned highmem pages don't have kmaps.
-+ *
-+ * Do this before changing the p2m as kmap_flush_unused()
-+ * reads PTEs to obtain pages (and hence needs the original
-+ * p2m entry).
-+ */
-+ kmap_flush_unused();
-+
-+ /* Update direct mapping, invalidate P2M, and add to balloon. */
-+ for (i = 0; i < nr_pages; i++) {
-+ pfn = frame_list[i];
-+ frame_list[i] = pfn_to_mfn(pfn);
-+ page = pfn_to_page(pfn);
-+
- #ifdef CONFIG_XEN_HAVE_PVMMU
- /*
- * Ballooned out frames are effectively replaced with
-@@ -436,11 +450,9 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp)
- }
- #endif
-
-- balloon_append(pfn_to_page(pfn));
-+ balloon_append(page);
- }
-
-- /* Ensure that ballooned highmem pages don't have kmaps. */
-- kmap_flush_unused();
- flush_tlb_all();
-
- set_xen_guest_handle(reservation.extent_start, frame_list);
diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c
index fef20db..d28b1ab 100644
--- a/drivers/xen/xenfs/xenstored.c
@@ -58166,7 +58223,7 @@ index bc3fbcd..6031650 100644
return 0;
while (nr) {
diff --git a/fs/dcache.c b/fs/dcache.c
-index fdbe230..d852932 100644
+index f7ad6d7..d852932 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1495,7 +1495,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
@@ -58178,18 +58235,6 @@ index fdbe230..d852932 100644
if (!dname) {
kmem_cache_free(dentry_cache, dentry);
return NULL;
-@@ -2833,9 +2833,9 @@ static int prepend_name(char **buffer, int *buflen, struct qstr *name)
- u32 dlen = ACCESS_ONCE(name->len);
- char *p;
-
-- if (*buflen < dlen + 1)
-- return -ENAMETOOLONG;
- *buflen -= dlen + 1;
-+ if (*buflen < 0)
-+ return -ENAMETOOLONG;
- p = *buffer -= dlen + 1;
- *p++ = '/';
- while (dlen--) {
@@ -3428,7 +3428,8 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
@@ -61162,7 +61207,7 @@ index 92a0f0a..45a48f0 100644
spin_lock(&inode->i_lock);
diff --git a/fs/mount.h b/fs/mount.h
-index a17458c..e69fb5b 100644
+index b29e42f..5ea7fdf 100644
--- a/fs/mount.h
+++ b/fs/mount.h
@@ -11,7 +11,7 @@ struct mnt_namespace {
@@ -61184,7 +61229,7 @@ index a17458c..e69fb5b 100644
#define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
diff --git a/fs/namei.c b/fs/namei.c
-index cfe6608..a24748c 100644
+index 399f637..a24748c 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask)
@@ -61260,57 +61305,7 @@ index cfe6608..a24748c 100644
nd->last_type = LAST_BIND;
*p = dentry->d_inode->i_op->follow_link(dentry, nd);
error = PTR_ERR(*p);
-@@ -1098,7 +1112,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
- return false;
-
- if (!d_mountpoint(path->dentry))
-- break;
-+ return true;
-
- mounted = __lookup_mnt(path->mnt, path->dentry);
- if (!mounted)
-@@ -1114,20 +1128,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
- */
- *inode = path->dentry->d_inode;
- }
-- return true;
--}
--
--static void follow_mount_rcu(struct nameidata *nd)
--{
-- while (d_mountpoint(nd->path.dentry)) {
-- struct mount *mounted;
-- mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry);
-- if (!mounted)
-- break;
-- nd->path.mnt = &mounted->mnt;
-- nd->path.dentry = mounted->mnt.mnt_root;
-- nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
-- }
-+ return read_seqretry(&mount_lock, nd->m_seq);
- }
-
- static int follow_dotdot_rcu(struct nameidata *nd)
-@@ -1155,7 +1156,17 @@ static int follow_dotdot_rcu(struct nameidata *nd)
- break;
- nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
- }
-- follow_mount_rcu(nd);
-+ while (d_mountpoint(nd->path.dentry)) {
-+ struct mount *mounted;
-+ mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry);
-+ if (!mounted)
-+ break;
-+ nd->path.mnt = &mounted->mnt;
-+ nd->path.dentry = mounted->mnt.mnt_root;
-+ nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
-+ if (!read_seqretry(&mount_lock, nd->m_seq))
-+ goto failed;
-+ }
- nd->inode = nd->path.dentry->d_inode;
- return 0;
-
-@@ -1582,6 +1593,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
+@@ -1579,6 +1593,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
if (res)
break;
res = walk_component(nd, path, LOOKUP_FOLLOW);
@@ -61319,7 +61314,7 @@ index cfe6608..a24748c 100644
put_link(nd, &link, cookie);
} while (res > 0);
-@@ -1655,7 +1668,7 @@ EXPORT_SYMBOL(full_name_hash);
+@@ -1652,7 +1668,7 @@ EXPORT_SYMBOL(full_name_hash);
static inline unsigned long hash_name(const char *name, unsigned int *hashp)
{
unsigned long a, b, adata, bdata, mask, hash, len;
@@ -61328,7 +61323,7 @@ index cfe6608..a24748c 100644
hash = a = 0;
len = -sizeof(unsigned long);
-@@ -1939,6 +1952,8 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1936,6 +1952,8 @@ static int path_lookupat(int dfd, const char *name,
if (err)
break;
err = lookup_last(nd, &path);
@@ -61337,7 +61332,7 @@ index cfe6608..a24748c 100644
put_link(nd, &link, cookie);
}
}
-@@ -1946,6 +1961,13 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1943,6 +1961,13 @@ static int path_lookupat(int dfd, const char *name,
if (!err)
err = complete_walk(nd);
@@ -61351,7 +61346,7 @@ index cfe6608..a24748c 100644
if (!err && nd->flags & LOOKUP_DIRECTORY) {
if (!d_is_directory(nd->path.dentry)) {
path_put(&nd->path);
-@@ -1973,8 +1995,15 @@ static int filename_lookup(int dfd, struct filename *name,
+@@ -1970,8 +1995,15 @@ static int filename_lookup(int dfd, struct filename *name,
retval = path_lookupat(dfd, name->name,
flags | LOOKUP_REVAL, nd);
@@ -61368,7 +61363,7 @@ index cfe6608..a24748c 100644
return retval;
}
-@@ -2548,6 +2577,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
+@@ -2545,6 +2577,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
if (flag & O_NOATIME && !inode_owner_or_capable(inode))
return -EPERM;
@@ -61382,7 +61377,7 @@ index cfe6608..a24748c 100644
return 0;
}
-@@ -2779,7 +2815,7 @@ looked_up:
+@@ -2776,7 +2815,7 @@ looked_up:
* cleared otherwise prior to returning.
*/
static int lookup_open(struct nameidata *nd, struct path *path,
@@ -61391,7 +61386,7 @@ index cfe6608..a24748c 100644
const struct open_flags *op,
bool got_write, int *opened)
{
-@@ -2814,6 +2850,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
+@@ -2811,6 +2850,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
/* Negative dentry, just create the file */
if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
umode_t mode = op->mode;
@@ -61409,7 +61404,7 @@ index cfe6608..a24748c 100644
if (!IS_POSIXACL(dir->d_inode))
mode &= ~current_umask();
/*
-@@ -2835,6 +2882,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
+@@ -2832,6 +2882,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
nd->flags & LOOKUP_EXCL);
if (error)
goto out_dput;
@@ -61418,7 +61413,7 @@ index cfe6608..a24748c 100644
}
out_no_open:
path->dentry = dentry;
-@@ -2849,7 +2898,7 @@ out_dput:
+@@ -2846,7 +2898,7 @@ out_dput:
/*
* Handle the last step of open()
*/
@@ -61427,7 +61422,7 @@ index cfe6608..a24748c 100644
struct file *file, const struct open_flags *op,
int *opened, struct filename *name)
{
-@@ -2899,6 +2948,15 @@ static int do_last(struct nameidata *nd, struct path *path,
+@@ -2896,6 +2948,15 @@ static int do_last(struct nameidata *nd, struct path *path,
if (error)
return error;
@@ -61443,7 +61438,7 @@ index cfe6608..a24748c 100644
audit_inode(name, dir, LOOKUP_PARENT);
error = -EISDIR;
/* trailing slashes? */
-@@ -2918,7 +2976,7 @@ retry_lookup:
+@@ -2915,7 +2976,7 @@ retry_lookup:
*/
}
mutex_lock(&dir->d_inode->i_mutex);
@@ -61452,7 +61447,7 @@ index cfe6608..a24748c 100644
mutex_unlock(&dir->d_inode->i_mutex);
if (error <= 0) {
-@@ -2942,11 +3000,28 @@ retry_lookup:
+@@ -2939,11 +3000,28 @@ retry_lookup:
goto finish_open_created;
}
@@ -61482,7 +61477,7 @@ index cfe6608..a24748c 100644
/*
* If atomic_open() acquired write access it is dropped now due to
-@@ -2987,6 +3062,11 @@ finish_lookup:
+@@ -2984,6 +3062,11 @@ finish_lookup:
}
}
BUG_ON(inode != path->dentry->d_inode);
@@ -61494,7 +61489,7 @@ index cfe6608..a24748c 100644
return 1;
}
-@@ -2996,7 +3076,6 @@ finish_lookup:
+@@ -2993,7 +3076,6 @@ finish_lookup:
save_parent.dentry = nd->path.dentry;
save_parent.mnt = mntget(path->mnt);
nd->path.dentry = path->dentry;
@@ -61502,7 +61497,7 @@ index cfe6608..a24748c 100644
}
nd->inode = inode;
/* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
-@@ -3006,7 +3085,18 @@ finish_open:
+@@ -3003,7 +3085,18 @@ finish_open:
path_put(&save_parent);
return error;
}
@@ -61521,7 +61516,7 @@ index cfe6608..a24748c 100644
error = -EISDIR;
if ((open_flag & O_CREAT) &&
(d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry)))
-@@ -3170,7 +3260,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
+@@ -3167,7 +3260,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
if (unlikely(error))
goto out;
@@ -61530,7 +61525,7 @@ index cfe6608..a24748c 100644
while (unlikely(error > 0)) { /* trailing symlink */
struct path link = path;
void *cookie;
-@@ -3188,7 +3278,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
+@@ -3185,7 +3278,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
error = follow_link(&link, nd, &cookie);
if (unlikely(error))
break;
@@ -61539,7 +61534,7 @@ index cfe6608..a24748c 100644
put_link(nd, &link, cookie);
}
out:
-@@ -3288,9 +3378,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
+@@ -3285,9 +3378,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
goto unlock;
error = -EEXIST;
@@ -61553,7 +61548,7 @@ index cfe6608..a24748c 100644
/*
* Special case - lookup gave negative, but... we had foo/bar/
* From the vfs_mknod() POV we just have a negative dentry -
-@@ -3342,6 +3434,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
+@@ -3339,6 +3434,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
}
EXPORT_SYMBOL(user_path_create);
@@ -61574,7 +61569,7 @@ index cfe6608..a24748c 100644
int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
{
int error = may_create(dir, dentry);
-@@ -3404,6 +3510,17 @@ retry:
+@@ -3401,6 +3510,17 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
@@ -61592,7 +61587,7 @@ index cfe6608..a24748c 100644
error = security_path_mknod(&path, dentry, mode, dev);
if (error)
goto out;
-@@ -3420,6 +3537,8 @@ retry:
+@@ -3417,6 +3537,8 @@ retry:
break;
}
out:
@@ -61601,7 +61596,7 @@ index cfe6608..a24748c 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3472,9 +3591,16 @@ retry:
+@@ -3469,9 +3591,16 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
@@ -61618,7 +61613,7 @@ index cfe6608..a24748c 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3555,6 +3681,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -3552,6 +3681,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
struct filename *name;
struct dentry *dentry;
struct nameidata nd;
@@ -61627,7 +61622,7 @@ index cfe6608..a24748c 100644
unsigned int lookup_flags = 0;
retry:
name = user_path_parent(dfd, pathname, &nd, lookup_flags);
-@@ -3587,10 +3715,21 @@ retry:
+@@ -3584,10 +3715,21 @@ retry:
error = -ENOENT;
goto exit3;
}
@@ -61649,7 +61644,7 @@ index cfe6608..a24748c 100644
exit3:
dput(dentry);
exit2:
-@@ -3680,6 +3819,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -3677,6 +3819,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
struct nameidata nd;
struct inode *inode = NULL;
struct inode *delegated_inode = NULL;
@@ -61658,7 +61653,7 @@ index cfe6608..a24748c 100644
unsigned int lookup_flags = 0;
retry:
name = user_path_parent(dfd, pathname, &nd, lookup_flags);
-@@ -3706,10 +3847,22 @@ retry_deleg:
+@@ -3703,10 +3847,22 @@ retry_deleg:
if (d_is_negative(dentry))
goto slashes;
ihold(inode);
@@ -61681,7 +61676,7 @@ index cfe6608..a24748c 100644
exit2:
dput(dentry);
}
-@@ -3797,9 +3950,17 @@ retry:
+@@ -3794,9 +3950,17 @@ retry:
if (IS_ERR(dentry))
goto out_putname;
@@ -61699,7 +61694,7 @@ index cfe6608..a24748c 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3902,6 +4063,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -3899,6 +4063,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
struct dentry *new_dentry;
struct path old_path, new_path;
struct inode *delegated_inode = NULL;
@@ -61707,7 +61702,7 @@ index cfe6608..a24748c 100644
int how = 0;
int error;
-@@ -3925,7 +4087,7 @@ retry:
+@@ -3922,7 +4087,7 @@ retry:
if (error)
return error;
@@ -61716,7 +61711,7 @@ index cfe6608..a24748c 100644
(how & LOOKUP_REVAL));
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
-@@ -3937,11 +4099,28 @@ retry:
+@@ -3934,11 +4099,28 @@ retry:
error = may_linkat(&old_path);
if (unlikely(error))
goto out_dput;
@@ -61745,7 +61740,7 @@ index cfe6608..a24748c 100644
done_path_create(&new_path, new_dentry);
if (delegated_inode) {
error = break_deleg_wait(&delegated_inode);
-@@ -4228,6 +4407,12 @@ retry_deleg:
+@@ -4225,6 +4407,12 @@ retry_deleg:
if (new_dentry == trap)
goto exit5;
@@ -61758,7 +61753,7 @@ index cfe6608..a24748c 100644
error = security_path_rename(&oldnd.path, old_dentry,
&newnd.path, new_dentry);
if (error)
-@@ -4235,6 +4420,9 @@ retry_deleg:
+@@ -4232,6 +4420,9 @@ retry_deleg:
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry,
&delegated_inode);
@@ -61768,7 +61763,7 @@ index cfe6608..a24748c 100644
exit5:
dput(new_dentry);
exit4:
-@@ -4271,6 +4459,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
+@@ -4268,6 +4459,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
{
@@ -61777,7 +61772,7 @@ index cfe6608..a24748c 100644
int len;
len = PTR_ERR(link);
-@@ -4280,7 +4470,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
+@@ -4277,7 +4470,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
@@ -61794,10 +61789,10 @@ index cfe6608..a24748c 100644
out:
return len;
diff --git a/fs/namespace.c b/fs/namespace.c
-index be32ebc..c595734 100644
+index 6d0e54e..4c1f85e 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
-@@ -1293,6 +1293,9 @@ static int do_umount(struct mount *mnt, int flags)
+@@ -1339,6 +1339,9 @@ static int do_umount(struct mount *mnt, int flags)
if (!(sb->s_flags & MS_RDONLY))
retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
up_write(&sb->s_umount);
@@ -61807,7 +61802,7 @@ index be32ebc..c595734 100644
return retval;
}
-@@ -1315,6 +1318,9 @@ static int do_umount(struct mount *mnt, int flags)
+@@ -1361,6 +1364,9 @@ static int do_umount(struct mount *mnt, int flags)
}
unlock_mount_hash();
namespace_unlock();
@@ -61817,7 +61812,7 @@ index be32ebc..c595734 100644
return retval;
}
-@@ -1334,7 +1340,7 @@ static inline bool may_mount(void)
+@@ -1380,7 +1386,7 @@ static inline bool may_mount(void)
* unixes. Our API is identical to OSF/1 to avoid making a mess of AMD
*/
@@ -61826,7 +61821,7 @@ index be32ebc..c595734 100644
{
struct path path;
struct mount *mnt;
-@@ -1376,7 +1382,7 @@ out:
+@@ -1422,7 +1428,7 @@ out:
/*
* The 2.0 compatible umount. No flags.
*/
@@ -61835,7 +61830,7 @@ index be32ebc..c595734 100644
{
return sys_umount(name, 0);
}
-@@ -2379,6 +2385,16 @@ long do_mount(const char *dev_name, const char *dir_name,
+@@ -2426,6 +2432,16 @@ long do_mount(const char *dev_name, const char *dir_name,
MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
MS_STRICTATIME);
@@ -61852,7 +61847,7 @@ index be32ebc..c595734 100644
if (flags & MS_REMOUNT)
retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
data_page);
-@@ -2393,6 +2409,9 @@ long do_mount(const char *dev_name, const char *dir_name,
+@@ -2440,6 +2456,9 @@ long do_mount(const char *dev_name, const char *dir_name,
dev_name, data_page);
dput_out:
path_put(&path);
@@ -61862,7 +61857,7 @@ index be32ebc..c595734 100644
return retval;
}
-@@ -2410,7 +2429,7 @@ static void free_mnt_ns(struct mnt_namespace *ns)
+@@ -2457,7 +2476,7 @@ static void free_mnt_ns(struct mnt_namespace *ns)
* number incrementing at 10Ghz will take 12,427 years to wrap which
* is effectively never, so we can ignore the possibility.
*/
@@ -61871,7 +61866,7 @@ index be32ebc..c595734 100644
static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
{
-@@ -2425,7 +2444,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
+@@ -2472,7 +2491,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
kfree(new_ns);
return ERR_PTR(ret);
}
@@ -61880,7 +61875,7 @@ index be32ebc..c595734 100644
atomic_set(&new_ns->count, 1);
new_ns->root = NULL;
INIT_LIST_HEAD(&new_ns->list);
-@@ -2435,7 +2454,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
+@@ -2482,7 +2501,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
return new_ns;
}
@@ -61889,7 +61884,7 @@ index be32ebc..c595734 100644
struct user_namespace *user_ns, struct fs_struct *new_fs)
{
struct mnt_namespace *new_ns;
-@@ -2556,8 +2575,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
+@@ -2603,8 +2622,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
}
EXPORT_SYMBOL(mount_subtree);
@@ -61900,7 +61895,7 @@ index be32ebc..c595734 100644
{
int ret;
char *kernel_type;
-@@ -2670,6 +2689,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
+@@ -2717,6 +2736,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
if (error)
goto out2;
@@ -61912,7 +61907,7 @@ index be32ebc..c595734 100644
get_fs_root(current->fs, &root);
old_mp = lock_mount(&old);
error = PTR_ERR(old_mp);
-@@ -2930,7 +2954,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
+@@ -2983,7 +3007,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
!ns_capable(current_user_ns(), CAP_SYS_ADMIN))
return -EPERM;
@@ -76946,9 +76941,18 @@ index bf1ef22..2a55e1b 100644
static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
{
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
-index fd8bf32..2cccd5a 100644
+index fd8bf32..49a5f5c 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
+@@ -45,7 +45,7 @@ struct linux_binprm {
+ unsigned interp_data;
+ unsigned long loader, exec;
+ char tcomm[TASK_COMM_LEN];
+-};
++} __randomize_layout;
+
+ #define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0
+ #define BINPRM_FLAGS_ENFORCE_NONDUMP (1 << BINPRM_FLAGS_ENFORCE_NONDUMP_BIT)
@@ -74,8 +74,10 @@ struct linux_binfmt {
int (*load_binary)(struct linux_binprm *);
int (*load_shlib)(struct file *);
@@ -76957,12 +76961,12 @@ index fd8bf32..2cccd5a 100644
+ void (*handle_mmap)(struct file *);
unsigned long min_coredump; /* minimal dump size */
-};
-+} __do_const;
++} __do_const __randomize_layout;
extern void __register_binfmt(struct linux_binfmt *fmt, int insert);
diff --git a/include/linux/bitops.h b/include/linux/bitops.h
-index abc9ca7..e54ee27 100644
+index be5fd38..d71192a 100644
--- a/include/linux/bitops.h
+++ b/include/linux/bitops.h
@@ -102,7 +102,7 @@ static inline __u64 ror64(__u64 word, unsigned int shift)
@@ -79844,7 +79848,7 @@ index 9fe426b..8148be6 100644
static inline int
vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst)
diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 0ab5439..2859c61 100644
+index 5360b82..4eedf45 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -117,6 +117,11 @@ extern unsigned int kobjsize(const void *objp);
@@ -79878,7 +79882,7 @@ index 0ab5439..2859c61 100644
struct mmu_gather;
struct inode;
-@@ -1064,8 +1070,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
+@@ -1074,8 +1080,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
unsigned long *pfn);
int follow_phys(struct vm_area_struct *vma, unsigned long address,
unsigned int flags, unsigned long *prot, resource_size_t *phys);
@@ -79889,7 +79893,7 @@ index 0ab5439..2859c61 100644
static inline void unmap_shared_mapping_range(struct address_space *mapping,
loff_t const holebegin, loff_t const holelen)
-@@ -1104,9 +1110,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
+@@ -1114,9 +1120,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
}
#endif
@@ -79902,7 +79906,7 @@ index 0ab5439..2859c61 100644
long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
unsigned long start, unsigned long nr_pages,
-@@ -1138,34 +1144,6 @@ int set_page_dirty(struct page *page);
+@@ -1148,34 +1154,6 @@ int set_page_dirty(struct page *page);
int set_page_dirty_lock(struct page *page);
int clear_page_dirty_for_io(struct page *page);
@@ -79937,7 +79941,7 @@ index 0ab5439..2859c61 100644
extern pid_t
vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group);
-@@ -1265,6 +1243,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
+@@ -1275,6 +1253,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
}
#endif
@@ -79953,7 +79957,7 @@ index 0ab5439..2859c61 100644
int vma_wants_writenotify(struct vm_area_struct *vma);
extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr,
-@@ -1283,8 +1270,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
+@@ -1293,8 +1280,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
{
return 0;
}
@@ -79969,7 +79973,7 @@ index 0ab5439..2859c61 100644
#endif
#ifdef __PAGETABLE_PMD_FOLDED
-@@ -1293,8 +1287,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
+@@ -1303,8 +1297,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
{
return 0;
}
@@ -79985,7 +79989,7 @@ index 0ab5439..2859c61 100644
#endif
int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,
-@@ -1312,11 +1313,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
+@@ -1322,11 +1323,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
NULL: pud_offset(pgd, address);
}
@@ -80009,7 +80013,7 @@ index 0ab5439..2859c61 100644
#endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */
#if USE_SPLIT_PTE_PTLOCKS
-@@ -1694,7 +1707,7 @@ extern int install_special_mapping(struct mm_struct *mm,
+@@ -1704,7 +1717,7 @@ extern int install_special_mapping(struct mm_struct *mm,
unsigned long addr, unsigned long len,
unsigned long flags, struct page **pages);
@@ -80018,7 +80022,7 @@ index 0ab5439..2859c61 100644
extern unsigned long mmap_region(struct file *file, unsigned long addr,
unsigned long len, vm_flags_t vm_flags, unsigned long pgoff);
-@@ -1702,6 +1715,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1712,6 +1725,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
unsigned long len, unsigned long prot, unsigned long flags,
unsigned long pgoff, unsigned long *populate);
extern int do_munmap(struct mm_struct *, unsigned long, size_t);
@@ -80026,7 +80030,7 @@ index 0ab5439..2859c61 100644
#ifdef CONFIG_MMU
extern int __mm_populate(unsigned long addr, unsigned long len,
-@@ -1730,10 +1744,11 @@ struct vm_unmapped_area_info {
+@@ -1740,10 +1754,11 @@ struct vm_unmapped_area_info {
unsigned long high_limit;
unsigned long align_mask;
unsigned long align_offset;
@@ -80040,7 +80044,7 @@ index 0ab5439..2859c61 100644
/*
* Search for an unmapped address range.
-@@ -1745,7 +1760,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
+@@ -1755,7 +1770,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
* - satisfies (begin_addr & align_mask) == (align_offset & align_mask)
*/
static inline unsigned long
@@ -80049,7 +80053,7 @@ index 0ab5439..2859c61 100644
{
if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN))
return unmapped_area(info);
-@@ -1808,6 +1823,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
+@@ -1818,6 +1833,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
struct vm_area_struct **pprev);
@@ -80060,7 +80064,7 @@ index 0ab5439..2859c61 100644
/* Look up the first VMA which intersects the interval start_addr..end_addr-1,
NULL if none. Assume start_addr < end_addr. */
static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
-@@ -1836,15 +1855,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
+@@ -1846,15 +1865,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
return vma;
}
@@ -80076,7 +80080,7 @@ index 0ab5439..2859c61 100644
#ifdef CONFIG_ARCH_USES_NUMA_PROT_NONE
unsigned long change_prot_numa(struct vm_area_struct *vma,
unsigned long start, unsigned long end);
-@@ -1896,6 +1906,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
+@@ -1906,6 +1916,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
static inline void vm_stat_account(struct mm_struct *mm,
unsigned long flags, struct file *file, long pages)
{
@@ -80088,7 +80092,7 @@ index 0ab5439..2859c61 100644
mm->total_vm += pages;
}
#endif /* CONFIG_PROC_FS */
-@@ -1977,7 +1992,7 @@ extern int unpoison_memory(unsigned long pfn);
+@@ -1987,7 +2002,7 @@ extern int unpoison_memory(unsigned long pfn);
extern int sysctl_memory_failure_early_kill;
extern int sysctl_memory_failure_recovery;
extern void shake_page(struct page *p, int access);
@@ -80097,7 +80101,7 @@ index 0ab5439..2859c61 100644
extern int soft_offline_page(struct page *page, int flags);
extern void dump_page(struct page *page);
-@@ -2014,5 +2029,11 @@ void __init setup_nr_node_ids(void);
+@@ -2024,5 +2039,11 @@ void __init setup_nr_node_ids(void);
static inline void setup_nr_node_ids(void) {}
#endif
@@ -80601,6 +80605,27 @@ index 4386946..f50c615 100644
struct padata_cpumask cpumask;
spinlock_t lock ____cacheline_aligned;
unsigned int processed;
+diff --git a/include/linux/path.h b/include/linux/path.h
+index d137218..be0c176 100644
+--- a/include/linux/path.h
++++ b/include/linux/path.h
+@@ -1,13 +1,15 @@
+ #ifndef _LINUX_PATH_H
+ #define _LINUX_PATH_H
+
++#include <linux/compiler.h>
++
+ struct dentry;
+ struct vfsmount;
+
+ struct path {
+ struct vfsmount *mnt;
+ struct dentry *dentry;
+-};
++} __randomize_layout;
+
+ extern void path_get(const struct path *);
+ extern void path_put(const struct path *);
diff --git a/include/linux/pci_hotplug.h b/include/linux/pci_hotplug.h
index a2e2f1d..8a391d2 100644
--- a/include/linux/pci_hotplug.h
@@ -81453,7 +81478,7 @@ index e3347c5..f682891 100644
extern unsigned int sysctl_sched_latency;
extern unsigned int sysctl_sched_min_granularity;
diff --git a/include/linux/security.h b/include/linux/security.h
-index 5623a7f..b352409 100644
+index 5623a7f..7ae77be 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -27,6 +27,7 @@
@@ -81473,6 +81498,15 @@ index 5623a7f..b352409 100644
#ifdef CONFIG_MMU
extern unsigned long mmap_min_addr;
extern unsigned long dac_mmap_min_addr;
+@@ -1718,7 +1717,7 @@ struct security_operations {
+ struct audit_context *actx);
+ void (*audit_rule_free) (void *lsmrule);
+ #endif /* CONFIG_AUDIT */
+-};
++} __randomize_layout;
+
+ /* prototypes */
+ extern int security_init(void);
diff --git a/include/linux/semaphore.h b/include/linux/semaphore.h
index dc368b8..e895209 100644
--- a/include/linux/semaphore.h
@@ -82101,7 +82135,7 @@ index 97d660e..6356755 100644
extern int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc);
diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h
-index 756a609..f61242d 100644
+index 756a609..89db85e 100644
--- a/include/linux/tty_driver.h
+++ b/include/linux/tty_driver.h
@@ -285,7 +285,7 @@ struct tty_operations {
@@ -82109,7 +82143,7 @@ index 756a609..f61242d 100644
#endif
const struct file_operations *proc_fops;
-};
-+} __do_const;
++} __do_const __randomize_layout;
struct tty_driver {
int magic; /* magic number for this structure */
@@ -82565,6 +82599,19 @@ index 9a36d92..0aafe2a 100644
void v9fs_register_trans(struct p9_trans_module *m);
void v9fs_unregister_trans(struct p9_trans_module *m);
+diff --git a/include/net/af_unix.h b/include/net/af_unix.h
+index a175ba4..196eb82 100644
+--- a/include/net/af_unix.h
++++ b/include/net/af_unix.h
+@@ -36,7 +36,7 @@ struct unix_skb_parms {
+ u32 secid; /* Security ID */
+ #endif
+ u32 consumed;
+-};
++} __randomize_layout;
+
+ #define UNIXCB(skb) (*(struct unix_skb_parms *)&((skb)->cb))
+ #define UNIXSID(skb) (&UNIXCB((skb)).secid)
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index c853b16d..37fccb7 100644
--- a/include/net/bluetooth/l2cap.h
@@ -83153,7 +83200,7 @@ index 0a248b3..4dcbe5c 100644
/* Structure to track chunk fragments that have been acked, but peer
diff --git a/include/net/sock.h b/include/net/sock.h
-index 2ef3c3e..e02013e 100644
+index 2ef3c3e..c89ee4c 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -348,7 +348,7 @@ struct sock {
@@ -83165,6 +83212,15 @@ index 2ef3c3e..e02013e 100644
int sk_rcvbuf;
struct sk_filter __rcu *sk_filter;
+@@ -1022,7 +1022,7 @@ struct proto {
+ void (*destroy_cgroup)(struct mem_cgroup *memcg);
+ struct cg_proto *(*proto_cgroup)(struct mem_cgroup *memcg);
+ #endif
+-};
++} __randomize_layout;
+
+ /*
+ * Bits in struct cg_proto.flags
@@ -1209,7 +1209,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot)
return ret >> PAGE_SHIFT;
}
@@ -83174,6 +83230,15 @@ index 2ef3c3e..e02013e 100644
sk_memory_allocated(const struct sock *sk)
{
struct proto *prot = sk->sk_prot;
+@@ -1354,7 +1354,7 @@ struct sock_iocb {
+ struct scm_cookie *scm;
+ struct msghdr *msg, async_msg;
+ struct kiocb *kiocb;
+-};
++} __randomize_layout;
+
+ static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb)
+ {
@@ -1813,7 +1813,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
}
@@ -84807,7 +84872,7 @@ index 4e66bf9..cdccecf 100644
+}
+EXPORT_SYMBOL(inode_capable_nolog);
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index 271acd8..54b70fe 100644
+index b44dd49..94c2826 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -5609,7 +5609,7 @@ static int cgroup_css_links_read(struct cgroup_subsys_state *css,
@@ -87655,7 +87720,7 @@ index 9b9a266..c20ef80 100644
{
struct pid *pid;
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
-index 06c62de..b08cc6c 100644
+index 06c62de..a0ca23f 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -253,7 +253,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write,
@@ -87667,6 +87732,17 @@ index 06c62de..b08cc6c 100644
if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN))
return -EPERM;
+@@ -318,7 +318,9 @@ static void *pidns_get(struct task_struct *task)
+ struct pid_namespace *ns;
+
+ rcu_read_lock();
+- ns = get_pid_ns(task_active_pid_ns(task));
++ ns = task_active_pid_ns(task);
++ if (ns)
++ get_pid_ns(ns);
+ rcu_read_unlock();
+
+ return ns;
diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c
index c7f31aa..2b44977 100644
--- a/kernel/posix-cpu-timers.c
@@ -90979,6 +91055,28 @@ index c24c2f7..f0296f4 100644
+ pax_close_kernel();
+}
+EXPORT_SYMBOL(pax_list_del_rcu);
+diff --git a/lib/nlattr.c b/lib/nlattr.c
+index 18eca78..fc67547 100644
+--- a/lib/nlattr.c
++++ b/lib/nlattr.c
+@@ -303,9 +303,15 @@ int nla_memcmp(const struct nlattr *nla, const void *data,
+ */
+ int nla_strcmp(const struct nlattr *nla, const char *str)
+ {
+- int len = strlen(str) + 1;
+- int d = nla_len(nla) - len;
++ int len = strlen(str);
++ char *buf = nla_data(nla);
++ int attrlen = nla_len(nla);
++ int d;
+
++ if (attrlen > 0 && buf[attrlen - 1] == '\0')
++ attrlen--;
++
++ d = attrlen - len;
+ if (d == 0)
+ d = memcmp(nla_data(nla), str, len);
+
diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c
index 1a53d49..ace934c 100644
--- a/lib/percpu-refcount.c
@@ -91006,7 +91104,7 @@ index 7811ed3..f80ca19 100644
static inline void *ptr_to_indirect(void *ptr)
{
diff --git a/lib/random32.c b/lib/random32.c
-index 1e5b2df..009bfe8 100644
+index 6148967..009bfe8 100644
--- a/lib/random32.c
+++ b/lib/random32.c
@@ -44,7 +44,7 @@
@@ -91018,27 +91116,6 @@ index 1e5b2df..009bfe8 100644
/**
* prandom_u32_state - seeded pseudo-random number generator.
-@@ -244,8 +244,19 @@ static void __prandom_reseed(bool late)
- static bool latch = false;
- static DEFINE_SPINLOCK(lock);
-
-+ /* Asking for random bytes might result in bytes getting
-+ * moved into the nonblocking pool and thus marking it
-+ * as initialized. In this case we would double back into
-+ * this function and attempt to do a late reseed.
-+ * Ignore the pointless attempt to reseed again if we're
-+ * already waiting for bytes when the nonblocking pool
-+ * got initialized.
-+ */
-+
- /* only allow initial seeding (late == false) once */
-- spin_lock_irqsave(&lock, flags);
-+ if (!spin_trylock_irqsave(&lock, flags))
-+ return;
-+
- if (latch && !late)
- goto out;
- latch = true;
diff --git a/lib/rbtree.c b/lib/rbtree.c
index 65f4eff..2cfa167 100644
--- a/lib/rbtree.c
@@ -91663,7 +91740,7 @@ index 539eeb9..e24a987 100644
if (end == start)
return error;
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index 90977ac..487ab84 100644
+index 4566e8f..46be98c 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -94314,7 +94391,7 @@ index 7106cb1..0805f48 100644
unsigned long bg_thresh,
unsigned long dirty,
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 56f268d..4d35ec4 100644
+index 589521d..314053a 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -61,6 +61,7 @@
@@ -94334,7 +94411,7 @@ index 56f268d..4d35ec4 100644
{
__free_pages_ok(page, compound_order(page));
}
-@@ -712,6 +713,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -714,6 +715,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
int i;
int bad = 0;
@@ -94345,7 +94422,7 @@ index 56f268d..4d35ec4 100644
trace_mm_page_free(page, order);
kmemcheck_free_shadow(page, order);
-@@ -728,6 +733,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -730,6 +735,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
debug_check_no_obj_freed(page_address(page),
PAGE_SIZE << order);
}
@@ -94358,7 +94435,7 @@ index 56f268d..4d35ec4 100644
arch_free_page(page, order);
kernel_map_pages(page, 1 << order, 0);
-@@ -750,6 +761,20 @@ static void __free_pages_ok(struct page *page, unsigned int order)
+@@ -752,6 +763,20 @@ static void __free_pages_ok(struct page *page, unsigned int order)
local_irq_restore(flags);
}
@@ -94379,7 +94456,7 @@ index 56f268d..4d35ec4 100644
void __init __free_pages_bootmem(struct page *page, unsigned int order)
{
unsigned int nr_pages = 1 << order;
-@@ -765,6 +790,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order)
+@@ -767,6 +792,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order)
__ClearPageReserved(p);
set_page_count(p, 0);
@@ -94399,7 +94476,7 @@ index 56f268d..4d35ec4 100644
page_zone(page)->managed_pages += nr_pages;
set_page_refcounted(page);
__free_pages(page, order);
-@@ -870,8 +908,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags)
+@@ -872,8 +910,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags)
arch_alloc_page(page, order);
kernel_map_pages(page, 1 << order, 1);
@@ -95676,7 +95753,7 @@ index 8cc7be0..d0f7d7a 100644
}
}
diff --git a/mm/swap.c b/mm/swap.c
-index 84b26aa..ce39899 100644
+index 7010cf4..f0a56a4 100644
--- a/mm/swap.c
+++ b/mm/swap.c
@@ -77,6 +77,8 @@ static void __put_compound_page(struct page *page)
@@ -100255,18 +100332,9 @@ index ce30041..3861b5d 100644
{
if (users > 0)
diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
-index a99b6c3..cb372f9 100644
+index 59359be..cb372f9 100644
--- a/net/netfilter/nf_conntrack_proto_dccp.c
+++ b/net/netfilter/nf_conntrack_proto_dccp.c
-@@ -428,7 +428,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
- const char *msg;
- u_int8_t state;
-
-- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
-+ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);
- BUG_ON(dh == NULL);
-
- state = dccp_state_table[CT_DCCP_ROLE_CLIENT][dh->dccph_type][CT_DCCP_NONE];
@@ -457,7 +457,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
out_invalid:
if (LOG_INVALID(net, IPPROTO_DCCP))
@@ -100276,24 +100344,6 @@ index a99b6c3..cb372f9 100644
return false;
}
-@@ -486,7 +486,7 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
- u_int8_t type, old_state, new_state;
- enum ct_dccp_roles role;
-
-- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
-+ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);
- BUG_ON(dh == NULL);
- type = dh->dccph_type;
-
-@@ -577,7 +577,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl,
- unsigned int cscov;
- const char *msg;
-
-- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
-+ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);
- if (dh == NULL) {
- msg = "nf_ct_dccp: short packet ";
- goto out_invalid;
@@ -614,7 +614,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl,
out_invalid:
@@ -101324,7 +101374,7 @@ index b0565af..d135e6e 100644
table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
diff --git a/net/socket.c b/net/socket.c
-index e83c416..f87df4c 100644
+index e83c416..5b883e0 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -88,6 +88,7 @@
@@ -101499,6 +101549,15 @@ index e83c416..f87df4c 100644
SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
unsigned int, flags, struct sockaddr __user *, addr,
int, addr_len)
+@@ -1825,7 +1891,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
+ struct socket *sock;
+ struct iovec iov;
+ struct msghdr msg;
+- struct sockaddr_storage address;
++ struct sockaddr_storage address = { };
+ int err, err2;
+ int fput_needed;
+
@@ -1972,6 +2038,10 @@ static int copy_msghdr_from_user(struct msghdr *kmsg,
{
if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
@@ -101519,6 +101578,15 @@ index e83c416..f87df4c 100644
ctl_len))
goto out_freectl;
msg_sys->msg_control = ctl_buf;
+@@ -2198,7 +2268,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+ int err, total_len, len;
+
+ /* kernel mode address */
+- struct sockaddr_storage addr;
++ struct sockaddr_storage addr = { };
+
+ /* user mode address pointers */
+ struct sockaddr __user *uaddr;
@@ -2227,7 +2297,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
/* Save the user-mode address (verify_iovec will change the
* kernel msghdr to use the kernel address space)
@@ -102593,14 +102661,14 @@ index 078fe1d..fbdb363 100644
fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n",
diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
new file mode 100644
-index 0000000..3c23999
+index 0000000..edcbc3a
--- /dev/null
+++ b/scripts/gcc-plugin.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+srctree=$(dirname "$0")
-+gccplugins_dir=$("$3" -print-file-name=plugin)
-+plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
++gccplugins_dir=$($3 -print-file-name=plugin)
++plugincc=$($1 -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
+#include "gcc-common.h"
+#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX)
+#warning $2
@@ -103869,10 +103937,54 @@ index e9c6ac7..75578c4 100644
default 65536
help
This is the portion of low virtual memory which should be protected
+diff --git a/security/apparmor/file.c b/security/apparmor/file.c
+index fdaa50c..2761dcb 100644
+--- a/security/apparmor/file.c
++++ b/security/apparmor/file.c
+@@ -348,8 +348,8 @@ static inline bool xindex_is_subset(u32 link, u32 target)
+ int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
+ struct path *new_dir, struct dentry *new_dentry)
+ {
+- struct path link = { new_dir->mnt, new_dentry };
+- struct path target = { new_dir->mnt, old_dentry };
++ struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry };
++ struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry };
+ struct path_cond cond = {
+ old_dentry->d_inode->i_uid,
+ old_dentry->d_inode->i_mode
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index 4257b7e..f0c9438 100644
+index 4257b7e..2d0732d 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
+@@ -186,7 +186,7 @@ static int common_perm_dir_dentry(int op, struct path *dir,
+ struct dentry *dentry, u32 mask,
+ struct path_cond *cond)
+ {
+- struct path path = { dir->mnt, dentry };
++ struct path path = { .mnt = dir->mnt, .dentry = dentry };
+
+ return common_perm(op, &path, mask, cond);
+ }
+@@ -203,7 +203,7 @@ static int common_perm_dir_dentry(int op, struct path *dir,
+ static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
+ struct dentry *dentry, u32 mask)
+ {
+- struct path path = { mnt, dentry };
++ struct path path = { .mnt = mnt, .dentry = dentry };
+ struct path_cond cond = { dentry->d_inode->i_uid,
+ dentry->d_inode->i_mode
+ };
+@@ -325,8 +325,8 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
+
+ profile = aa_current_profile();
+ if (!unconfined(profile)) {
+- struct path old_path = { old_dir->mnt, old_dentry };
+- struct path new_path = { new_dir->mnt, new_dentry };
++ struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry };
++ struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry };
+ struct path_cond cond = { old_dentry->d_inode->i_uid,
+ old_dentry->d_inode->i_mode
+ };
@@ -615,7 +615,7 @@ static int apparmor_task_setrlimit(struct task_struct *task,
return error;
}
@@ -104276,6 +104388,57 @@ index b0be893..646bd94 100644
.name = "smack",
.ptrace_access_check = smack_ptrace_access_check,
+diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
+index 4003907..13a2b55 100644
+--- a/security/tomoyo/file.c
++++ b/security/tomoyo/file.c
+@@ -692,7 +692,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
+ {
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path,
++ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
+ };
+ int error = -ENOMEM;
+ struct tomoyo_path_info buf;
+@@ -740,7 +740,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
+ struct tomoyo_path_info buf;
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path,
++ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
+ };
+ int idx;
+
+@@ -786,7 +786,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path, const char *target)
+ {
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path,
++ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
+ };
+ int error;
+ struct tomoyo_path_info buf;
+@@ -843,7 +843,7 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
+ {
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path,
++ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
+ };
+ int error = -ENOMEM;
+ struct tomoyo_path_info buf;
+@@ -890,8 +890,8 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
+ struct tomoyo_path_info buf2;
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path1,
+- .path2 = *path2,
++ .path1 = { .mnt = path1->mnt, .dentry = path1->dentry },
++ .path2 = { .mnt = path2->mnt, .dentry = path2->dentry }
+ };
+ int idx;
+
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 390c646..f2f8db3 100644
--- a/security/tomoyo/mount.c
@@ -104292,9 +104455,94 @@ index 390c646..f2f8db3 100644
if (!fstype) {
error = -ENODEV;
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
-index f0b756e..b129202 100644
+index f0b756e..8aa497b 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
+@@ -146,7 +146,7 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
+ */
+ static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
+ {
+- struct path path = { mnt, dentry };
++ struct path path = { .mnt = mnt, .dentry = dentry };
+ return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL);
+ }
+
+@@ -172,7 +172,7 @@ static int tomoyo_path_truncate(struct path *path)
+ */
+ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
+ }
+
+@@ -188,7 +188,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
+ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
+ umode_t mode)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
+ mode & S_IALLUGO);
+ }
+@@ -203,7 +203,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
+ */
+ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
+ }
+
+@@ -219,7 +219,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
+ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
+ const char *old_name)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
+ }
+
+@@ -236,7 +236,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
+ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
+ umode_t mode, unsigned int dev)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ int type = TOMOYO_TYPE_CREATE;
+ const unsigned int perm = mode & S_IALLUGO;
+
+@@ -275,8 +275,8 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
+ static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
+ struct dentry *new_dentry)
+ {
+- struct path path1 = { new_dir->mnt, old_dentry };
+- struct path path2 = { new_dir->mnt, new_dentry };
++ struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry };
++ struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry };
+ return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
+ }
+
+@@ -295,8 +295,8 @@ static int tomoyo_path_rename(struct path *old_parent,
+ struct path *new_parent,
+ struct dentry *new_dentry)
+ {
+- struct path path1 = { old_parent->mnt, old_dentry };
+- struct path path2 = { new_parent->mnt, new_dentry };
++ struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry };
++ struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry };
+ return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
+ }
+
+@@ -424,7 +424,7 @@ static int tomoyo_sb_mount(const char *dev_name, struct path *path,
+ */
+ static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
+ {
+- struct path path = { mnt, mnt->mnt_root };
++ struct path path = { .mnt = mnt, .dentry = mnt->mnt_root };
+ return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
+ }
+
@@ -503,7 +503,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
* tomoyo_security_ops is a "struct security_operations" which is used for
* registering TOMOYO.
@@ -105068,10 +105316,10 @@ index 0000000..4c2c45c
+size_overflow_hash.h
diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile
new file mode 100644
-index 0000000..b198b6d
+index 0000000..d25d472
--- /dev/null
+++ b/tools/gcc/Makefile
-@@ -0,0 +1,54 @@
+@@ -0,0 +1,60 @@
+#CC := gcc
+#PLUGIN_SOURCE_FILES := pax_plugin.c
+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
@@ -105110,22 +105358,28 @@ index 0000000..b198b6d
+structleak_plugin-objs := structleak_plugin.o
+randomize_layout_plugin-objs := randomize_layout_plugin.o
+
-+$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h
++$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h $(objtree)/$(obj)/size_overflow_hash_aux.h
+$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h
+
+quiet_cmd_build_size_overflow_hash = GENHASH $@
+ cmd_build_size_overflow_hash = \
-+ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -d $< -o $@
++ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -s size_overflow_hash -d $< -o $@
+$(objtree)/$(obj)/size_overflow_hash.h: $(src)/size_overflow_hash.data FORCE
+ $(call if_changed,build_size_overflow_hash)
+
++quiet_cmd_build_size_overflow_hash_aux = GENHASH $@
++ cmd_build_size_overflow_hash_aux = \
++ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -s size_overflow_hash_aux -d $< -o $@
++$(objtree)/$(obj)/size_overflow_hash_aux.h: $(src)/size_overflow_hash_aux.data FORCE
++ $(call if_changed,build_size_overflow_hash_aux)
++
+quiet_cmd_create_randomize_layout_seed = GENSEED $@
+ cmd_create_randomize_layout_seed = \
+ $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h
+$(objtree)/$(obj)/randomize_layout_seed.h: FORCE
+ $(call if_changed,create_randomize_layout_seed)
+
-+targets += size_overflow_hash.h randomize_layout_seed.h randomize_layout_hash.h
++targets += size_overflow_hash.h size_overflow_hash_aux.h randomize_layout_seed.h randomize_layout_hash.h
diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c
new file mode 100644
index 0000000..5452feea
@@ -106017,10 +106271,10 @@ index 0000000..4f67ac1
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..6dbb502
+index 0000000..8af3693
--- /dev/null
+++ b/tools/gcc/gcc-common.h
-@@ -0,0 +1,286 @@
+@@ -0,0 +1,287 @@
+#ifndef GCC_COMMON_H_INCLUDED
+#define GCC_COMMON_H_INCLUDED
+
@@ -106135,6 +106389,7 @@ index 0000000..6dbb502
+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I)
+#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
+#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I))
++#define TODO_rebuild_cgraph_edges 0
+
+static inline bool gimple_call_builtin_p(gimple stmt, enum built_in_function code)
+{
@@ -106323,10 +106578,10 @@ index 0000000..7514850
+fi
diff --git a/tools/gcc/generate_size_overflow_hash.sh b/tools/gcc/generate_size_overflow_hash.sh
new file mode 100644
-index 0000000..e518932
+index 0000000..791ca76
--- /dev/null
+++ b/tools/gcc/generate_size_overflow_hash.sh
-@@ -0,0 +1,94 @@
+@@ -0,0 +1,97 @@
+#!/bin/bash
+
+# This script generates the hash table (size_overflow_hash.h) for the size_overflow gcc plugin (size_overflow_plugin.c).
@@ -106334,6 +106589,7 @@ index 0000000..e518932
+header1="size_overflow_hash.h"
+database="size_overflow_hash.data"
+n=65536
++hashtable_name="size_overflow_hash"
+
+usage() {
+cat <<EOF
@@ -106343,6 +106599,7 @@ index 0000000..e518932
+ -o header file
+ -d database file
+ -n hash array size
++ -s name of the hash table
+EOF
+ return 0
+}
@@ -106354,6 +106611,7 @@ index 0000000..e518932
+ -n) n=$2; shift 2;;
+ -o) header1="$2"; shift 2;;
+ -d) database="$2"; shift 2;;
++ -s) hashtable_name="$2"; shift 2;;
+ --) shift 1; break ;;
+ *) break ;;
+ esac
@@ -106395,7 +106653,7 @@ index 0000000..e518932
+}
+
+create_headers() {
-+ echo "const struct size_overflow_hash * const size_overflow_hash[$n] = {" >> "$header1"
++ echo "const struct size_overflow_hash * const $hashtable_name[$n] = {" >> "$header1"
+}
+
+create_array_elements() {
@@ -114228,12 +114486,101 @@ index 0000000..9529806
+lookup_inline_extent_backref_65493 lookup_inline_extent_backref 9 65493 NULL
+nvme_trans_standard_inquiry_page_65526 nvme_trans_standard_inquiry_page 4 65526 NULL
+tree_mod_log_eb_copy_65535 tree_mod_log_eb_copy 6 65535 NULL
+diff --git a/tools/gcc/size_overflow_hash_aux.data b/tools/gcc/size_overflow_hash_aux.data
+new file mode 100644
+index 0000000..5dd8a8f
+--- /dev/null
++++ b/tools/gcc/size_overflow_hash_aux.data
+@@ -0,0 +1,83 @@
++spa_set_aux_vdevs_746 spa_set_aux_vdevs 3 746 NULL
++mappedread_2627 mappedread 2 2627 NULL
++vdev_disk_dio_alloc_2957 vdev_disk_dio_alloc 1 2957 NULL
++nv_alloc_pushpage_spl_4286 nv_alloc_pushpage_spl 2 4286 NULL
++zpl_xattr_get_4574 zpl_xattr_get 0 4574 NULL
++sa_replace_all_by_template_5699 sa_replace_all_by_template 3 5699 NULL
++dmu_write_6048 dmu_write 4-3 6048 NULL
++dmu_buf_hold_array_6095 dmu_buf_hold_array 4-3 6095 NULL
++update_pages_6225 update_pages 2-3 6225 NULL
++bio_nr_pages_7117 bio_nr_pages 0-2 7117 NULL
++dmu_buf_hold_array_by_bonus_8562 dmu_buf_hold_array_by_bonus 3-2 8562 NULL
++zpios_dmu_write_8858 zpios_dmu_write 4-5 8858 NULL
++ddi_copyout_9401 ddi_copyout 3 9401 NULL
++avl_numnodes_12384 avl_numnodes 0 12384 NULL
++dmu_write_uio_dnode_12473 dmu_write_uio_dnode 3 12473 NULL
++dmu_xuio_init_12866 dmu_xuio_init 2 12866 NULL
++dmu_snapshot_realname_14632 dmu_snapshot_realname 4 14632 NULL
++kmem_alloc_debug_14852 kmem_alloc_debug 1 14852 NULL
++kmalloc_node_nofail_15151 kmalloc_node_nofail 1 15151 NULL
++dmu_write_uio_16351 dmu_write_uio 4 16351 NULL
++zfs_log_write_16524 zfs_log_write 6-5 16524 NULL
++sa_build_layouts_16910 sa_build_layouts 3 16910 NULL
++dsl_dir_namelen_17053 dsl_dir_namelen 0 17053 NULL
++sa_add_layout_entry_17507 sa_add_layout_entry 3 17507 NULL
++sa_attr_table_setup_18029 sa_attr_table_setup 3 18029 NULL
++uiocopy_18680 uiocopy 2 18680 NULL
++dmu_buf_hold_array_by_dnode_19125 dmu_buf_hold_array_by_dnode 2-3 19125 NULL
++zpl_acl_from_xattr_21141 zpl_acl_from_xattr 2 21141 NULL
++dsl_pool_tx_assign_init_22518 dsl_pool_tx_assign_init 2 22518 NULL
++sa_replace_all_by_template_locked_22533 sa_replace_all_by_template_locked 3 22533 NULL
++tsd_hash_table_init_22559 tsd_hash_table_init 1 22559 NULL
++spa_vdev_remove_aux_23966 spa_vdev_remove_aux 4 23966 NULL
++zpl_xattr_acl_set_access_24129 zpl_xattr_acl_set_access 4 24129 NULL
++dmu_assign_arcbuf_24622 dmu_assign_arcbuf 2 24622 NULL
++zap_lookup_norm_25166 zap_lookup_norm 9 25166 NULL
++dmu_prealloc_25456 dmu_prealloc 4-3 25456 NULL
++kmalloc_nofail_26347 kmalloc_nofail 1 26347 NULL
++zfsctl_snapshot_zpath_27578 zfsctl_snapshot_zpath 2 27578 NULL
++zpios_dmu_read_30015 zpios_dmu_read 4-5 30015 NULL
++splat_write_30943 splat_write 3 30943 NULL
++zpl_xattr_get_sa_31183 zpl_xattr_get_sa 0 31183 NULL
++dmu_read_uio_31467 dmu_read_uio 4 31467 NULL
++zfs_replay_fuids_31479 zfs_replay_fuids 4 31479 NULL
++spa_history_log_to_phys_31632 spa_history_log_to_phys 0-1 31632 NULL
++__zpl_xattr_get_32601 __zpl_xattr_get 0 32601 NULL
++proc_copyout_string_34049 proc_copyout_string 2 34049 NULL
++nv_alloc_sleep_spl_34544 nv_alloc_sleep_spl 2 34544 NULL
++nv_alloc_nosleep_spl_34761 nv_alloc_nosleep_spl 2 34761 NULL
++zap_leaf_array_match_36922 zap_leaf_array_match 4 36922 NULL
++copyinstr_36980 copyinstr 3 36980 NULL
++zpl_xattr_acl_set_default_37864 zpl_xattr_acl_set_default 4 37864 NULL
++splat_read_38116 splat_read 3 38116 NULL
++sa_setup_38756 sa_setup 4 38756 NULL
++vdev_disk_physio_39898 vdev_disk_physio 3 39898 NULL
++arc_buf_size_39982 arc_buf_size 0 39982 NULL
++kzalloc_nofail_40719 kzalloc_nofail 1 40719 NULL
++fuidstr_to_sid_40777 fuidstr_to_sid 4 40777 NULL
++vdev_raidz_matrix_reconstruct_40852 vdev_raidz_matrix_reconstruct 2-3 40852 NULL
++sa_find_layout_40892 sa_find_layout 4 40892 NULL
++zpl_xattr_get_dir_41918 zpl_xattr_get_dir 0 41918 NULL
++zpl_xattr_acl_set_42808 zpl_xattr_acl_set 4 42808 NULL
++xdr_dec_array_43091 xdr_dec_array 5 43091 NULL
++dsl_dataset_namelen_43136 dsl_dataset_namelen 0 43136 NULL
++uiomove_44355 uiomove 2 44355 NULL
++dmu_read_44418 dmu_read 4-3 44418 NULL
++ddi_copyin_44846 ddi_copyin 3 44846 NULL
++copyin_45945 copyin 3 45945 NULL
++zil_itx_create_46555 zil_itx_create 2 46555 NULL
++dmu_write_uio_dbuf_48064 dmu_write_uio_dbuf 3 48064 NULL
++spa_history_write_49650 spa_history_write 3 49650 NULL
++zfs_log_write_50162 zfs_log_write 6-5 50162 NULL
++i_fm_alloc_51038 i_fm_alloc 2 51038 NULL
++copyout_51409 copyout 3 51409 NULL
++zvol_log_write_54898 zvol_log_write 4-3 54898 NULL
++zfs_acl_node_alloc_55641 zfs_acl_node_alloc 1 55641 NULL
++get_nvlist_56685 get_nvlist 2 56685 NULL
++zprop_get_numprops_56820 zprop_get_numprops 0 56820 NULL
++splat_taskq_test4_common_59829 splat_taskq_test4_common 5 59829 NULL
++zfs_replay_domain_cnt_61399 zfs_replay_domain_cnt 0 61399 NULL
++zpios_write_61823 zpios_write 3 61823 NULL
++proc_copyin_string_62019 proc_copyin_string 4 62019 NULL
++random_get_pseudo_bytes_64611 random_get_pseudo_bytes 2 64611 NULL
++zpios_read_64734 zpios_read 3 64734 NULL
diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
new file mode 100644
-index 0000000..fa0524c
+index 0000000..0a9dd22
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin.c
-@@ -0,0 +1,4101 @@
+@@ -0,0 +1,4110 @@
+/*
+ * Copyright 2011-2014 by Emese Revfy <re.emese@gmail.com>
+ * Licensed under the GPL v2, or (at your option) v3
@@ -114262,7 +114609,7 @@ index 0000000..fa0524c
+int plugin_is_GPL_compatible;
+
+static struct plugin_info size_overflow_plugin_info = {
-+ .version = "20140317",
++ .version = "20140402",
+ .help = "no-size-overflow\tturn off size overflow checking\n",
+};
+
@@ -114290,6 +114637,7 @@ index 0000000..fa0524c
+};
+
+#include "size_overflow_hash.h"
++#include "size_overflow_hash_aux.h"
+
+enum mark {
+ MARK_NO, MARK_YES, MARK_NOT_INTENTIONAL, MARK_TURN_OFF
@@ -114681,6 +115029,16 @@ index 0000000..fa0524c
+ set_node_codes(TREE_VALUE(arg), fn_hash_data);
+}
+
++static const struct size_overflow_hash *get_proper_hash_chain(const struct size_overflow_hash *entry, const char *func_name)
++{
++ while (entry) {
++ if (!strcmp(entry->name, func_name))
++ return entry;
++ entry = entry->next;
++ }
++ return NULL;
++}
++
+static const struct size_overflow_hash *get_function_hash(const_tree fndecl)
+{
+ const struct size_overflow_hash *entry;
@@ -114701,13 +115059,11 @@ index 0000000..fa0524c
+ set_hash(func_name, &fn_hash_data);
+
+ entry = size_overflow_hash[fn_hash_data.hash];
-+
-+ while (entry) {
-+ if (!strcmp(entry->name, func_name))
-+ return entry;
-+ entry = entry->next;
-+ }
-+ return NULL;
++ entry = get_proper_hash_chain(entry, func_name);
++ if (entry)
++ return entry;
++ entry = size_overflow_hash_aux[fn_hash_data.hash];
++ return get_proper_hash_chain(entry, func_name);
+}
+
+static void print_missing_msg(const_tree func, unsigned int argnum)
diff --git a/3.2.56/0000_README b/3.2.56/0000_README
index b2a75bc..0adc45a 100644
--- a/3.2.56/0000_README
+++ b/3.2.56/0000_README
@@ -142,7 +142,7 @@ Patch: 1055_linux-3.2.56.patch
From: http://www.kernel.org
Desc: Linux 3.2.56
-Patch: 4420_grsecurity-3.0-3.2.56-201404031155.patch
+Patch: 4420_grsecurity-3.0-3.2.56-201404062126.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.56/4420_grsecurity-3.0-3.2.56-201404031155.patch b/3.2.56/4420_grsecurity-3.0-3.2.56-201404062126.patch
similarity index 99%
rename from 3.2.56/4420_grsecurity-3.0-3.2.56-201404031155.patch
rename to 3.2.56/4420_grsecurity-3.0-3.2.56-201404062126.patch
index a7d359a..f93b78b 100644
--- a/3.2.56/4420_grsecurity-3.0-3.2.56-201404031155.patch
+++ b/3.2.56/4420_grsecurity-3.0-3.2.56-201404062126.patch
@@ -10275,10 +10275,28 @@ index 35af09d..99c9676 100644
/* Target address to relocate to for decompression */
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
-index 3a19d04..7c1d55a 100644
+index 3a19d04..1bef1d5 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
-@@ -310,7 +310,7 @@ static void parse_elf(void *output)
+@@ -226,7 +226,7 @@ void __putstr(int error, const char *s)
+
+ void *memset(void *s, int c, size_t n)
+ {
+- int i;
++ size_t i;
+ char *ss = s;
+
+ for (i = 0; i < n; i++)
+@@ -282,7 +282,7 @@ static void parse_elf(void *output)
+ Elf32_Ehdr ehdr;
+ Elf32_Phdr *phdrs, *phdr;
+ #endif
+- void *dest;
++ void *dest, *prev;
+ int i;
+
+ memcpy(&ehdr, output, sizeof(ehdr));
+@@ -310,13 +310,16 @@ static void parse_elf(void *output)
case PT_LOAD:
#ifdef CONFIG_RELOCATABLE
dest = output;
@@ -10287,7 +10305,16 @@ index 3a19d04..7c1d55a 100644
#else
dest = (void *)(phdr->p_paddr);
#endif
-@@ -363,7 +363,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
+ memcpy(dest,
+ output + phdr->p_offset,
+ phdr->p_filesz);
++ if (i)
++ memset(prev, 0xff, dest - prev);
++ prev = dest + phdr->p_filesz;
+ break;
+ default: /* Ignore other PT_* */ break;
+ }
+@@ -363,7 +366,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
error("Destination address too large");
#endif
#ifndef CONFIG_RELOCATABLE
@@ -41280,6 +41307,23 @@ index 1f355bb..43f1fea 100644
return -EFAULT;
} else
memcpy(msg, buf, count);
+diff --git a/drivers/isdn/isdnloop/isdnloop.c b/drivers/isdn/isdnloop/isdnloop.c
+index 4df80fb..6a58169 100644
+--- a/drivers/isdn/isdnloop/isdnloop.c
++++ b/drivers/isdn/isdnloop/isdnloop.c
+@@ -1070,6 +1070,12 @@ isdnloop_start(isdnloop_card * card, isdnloop_sdef * sdefp)
+ return -EBUSY;
+ if (copy_from_user((char *) &sdef, (char *) sdefp, sizeof(sdef)))
+ return -EFAULT;
++
++ for (i = 0; i < 3; i++) {
++ if (!memchr(sdef.num[i], 0, sizeof(sdef.num[i])))
++ return -EINVAL;
++ }
++
+ spin_lock_irqsave(&card->isdnloop_lock, flags);
+ switch (sdef.ptype) {
+ case ISDN_PTYPE_EURO:
diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c
index 4d395de..c504763 100644
--- a/drivers/isdn/mISDN/dsp_cmx.c
@@ -75385,7 +75429,7 @@ index 2f81c6f..225b4e4 100644
#define audit_get_loginuid(t) (-1)
#define audit_get_sessionid(t) (-1)
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
-index d337419..c87c74b 100644
+index d337419..1d6a512f 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -18,7 +18,7 @@ struct pt_regs;
@@ -75397,14 +75441,16 @@ index d337419..c87c74b 100644
#define CORENAME_MAX_SIZE 128
-@@ -58,6 +58,7 @@ struct linux_binprm {
+@@ -58,7 +58,8 @@ struct linux_binprm {
unsigned interp_flags;
unsigned interp_data;
unsigned long loader, exec;
+-};
+ char tcomm[TASK_COMM_LEN];
- };
++} __randomize_layout;
#define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0
+ #define BINPRM_FLAGS_ENFORCE_NONDUMP (1 << BINPRM_FLAGS_ENFORCE_NONDUMP_BIT)
@@ -86,8 +87,10 @@ struct linux_binfmt {
int (*load_binary)(struct linux_binprm *, struct pt_regs * regs);
int (*load_shlib)(struct file *);
@@ -75413,7 +75459,7 @@ index d337419..c87c74b 100644
+ void (*handle_mmap)(struct file *);
unsigned long min_coredump; /* minimal dump size */
-};
-+} __do_const;
++} __do_const __randomize_layout;
extern int __register_binfmt(struct linux_binfmt *fmt, int insert);
@@ -76263,7 +76309,7 @@ index 82163c4..bd0f588 100644
extern struct kmem_cache *files_cachep;
diff --git a/include/linux/filter.h b/include/linux/filter.h
-index 8eeb205..13d571c 100644
+index 8eeb205..14c2a1c 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -10,6 +10,7 @@
@@ -76294,7 +76340,7 @@ index 8eeb205..13d571c 100644
struct sk_filter
{
-@@ -141,6 +153,9 @@ struct sk_filter
+@@ -141,9 +153,12 @@ struct sk_filter
unsigned int len; /* Number of filter blocks */
unsigned int (*bpf_func)(const struct sk_buff *skb,
const struct sock_filter *filter);
@@ -76303,7 +76349,11 @@ index 8eeb205..13d571c 100644
+#endif
struct rcu_head rcu;
struct sock_filter insns[0];
- };
+-};
++} __randomize_layout;
+
+ static inline unsigned int sk_filter_len(const struct sk_filter *fp)
+ {
@@ -228,6 +243,7 @@ enum {
BPF_S_ANC_HATYPE,
BPF_S_ANC_RXHASH,
@@ -79241,6 +79291,27 @@ index 4633b2f..988bc08 100644
atomic_t reorder_objects;
atomic_t refcnt;
unsigned int max_seq_nr;
+diff --git a/include/linux/path.h b/include/linux/path.h
+index edc98de..a2c707f 100644
+--- a/include/linux/path.h
++++ b/include/linux/path.h
+@@ -1,13 +1,15 @@
+ #ifndef _LINUX_PATH_H
+ #define _LINUX_PATH_H
+
++#include <linux/compiler.h>
++
+ struct dentry;
+ struct vfsmount;
+
+ struct path {
+ struct vfsmount *mnt;
+ struct dentry *dentry;
+-};
++} __randomize_layout;
+
+ extern void path_get(struct path *);
+ extern void path_put(struct path *);
diff --git a/include/linux/pci_hotplug.h b/include/linux/pci_hotplug.h
index 45fc162..01a4068 100644
--- a/include/linux/pci_hotplug.h
@@ -80342,7 +80413,7 @@ index cc7a4e9..306733e 100644
+#endif /* __KERNEL__ */
#endif /* _LINUX_SECCOMP_H */
diff --git a/include/linux/security.h b/include/linux/security.h
-index e8c619d..99d0f1f 100644
+index e8c619d..97e49a6 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -37,6 +37,7 @@
@@ -80370,6 +80441,15 @@ index e8c619d..99d0f1f 100644
#ifdef CONFIG_MMU
/*
+@@ -1654,7 +1654,7 @@ struct security_operations {
+ struct audit_context *actx);
+ void (*audit_rule_free) (void *lsmrule);
+ #endif /* CONFIG_AUDIT */
+-};
++} __randomize_layout;
+
+ /* prototypes */
+ extern int security_init(void);
@@ -1676,6 +1676,8 @@ int security_capset(struct cred *new, const struct cred *old,
const kernel_cap_t *permitted);
int security_capable(struct user_namespace *ns, const struct cred *cred,
@@ -81113,7 +81193,7 @@ index 5dbb3cb..a192962 100644
/* Each of a tty's open files has private_data pointing to tty_file_private */
struct tty_file_private {
diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h
-index ecdaeb9..a7e29ec 100644
+index ecdaeb9..e1484a7 100644
--- a/include/linux/tty_driver.h
+++ b/include/linux/tty_driver.h
@@ -286,7 +286,7 @@ struct tty_operations {
@@ -81121,7 +81201,7 @@ index ecdaeb9..a7e29ec 100644
#endif
const struct file_operations *proc_fops;
-};
-+} __do_const;
++} __do_const __randomize_layout;
struct tty_driver {
int magic; /* magic number for this structure */
@@ -81607,6 +81687,19 @@ index adcbb20..62c2559 100644
void v9fs_register_trans(struct p9_trans_module *m);
void v9fs_unregister_trans(struct p9_trans_module *m);
+diff --git a/include/net/af_unix.h b/include/net/af_unix.h
+index 91ab5b0..23e3e9b 100644
+--- a/include/net/af_unix.h
++++ b/include/net/af_unix.h
+@@ -30,7 +30,7 @@ struct unix_skb_parms {
+ #ifdef CONFIG_SECURITY_NETWORK
+ u32 secid; /* Security ID */
+ #endif
+-};
++} __randomize_layout;
+
+ #define UNIXCB(skb) (*(struct unix_skb_parms *)&((skb)->cb))
+ #define UNIXSID(skb) (&UNIXCB((skb)).secid)
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index 6cc18f3..b0df15a 100644
--- a/include/net/bluetooth/l2cap.h
@@ -82120,7 +82213,7 @@ index c2e542b..6ca975b 100644
extern __u32 secure_ipv6_id(const __be32 daddr[4]);
extern u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport);
diff --git a/include/net/sock.h b/include/net/sock.h
-index e6454b6..cda5eaf 100644
+index e6454b6..7a6b6bc 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -278,7 +278,7 @@ struct sock {
@@ -82132,6 +82225,24 @@ index e6454b6..cda5eaf 100644
int sk_rcvbuf;
struct sk_filter __rcu *sk_filter;
+@@ -849,7 +849,7 @@ struct proto {
+ #ifdef SOCK_REFCNT_DEBUG
+ atomic_t socks;
+ #endif
+-};
++} __randomize_layout;
+
+ extern int proto_register(struct proto *prot, int alloc_slab);
+ extern void proto_unregister(struct proto *prot);
+@@ -929,7 +929,7 @@ struct sock_iocb {
+ struct scm_cookie *scm;
+ struct msghdr *msg, async_msg;
+ struct kiocb *kiocb;
+-};
++} __randomize_layout;
+
+ static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb)
+ {
@@ -1416,7 +1416,7 @@ static inline void sk_nocaps_add(struct sock *sk, int flags)
}
@@ -90793,6 +90904,28 @@ index b8029a5..2b120e1 100644
+ pax_close_kernel();
+}
+EXPORT_SYMBOL(pax_list_del_rcu);
+diff --git a/lib/nlattr.c b/lib/nlattr.c
+index a8408b6..190ae10 100644
+--- a/lib/nlattr.c
++++ b/lib/nlattr.c
+@@ -299,9 +299,15 @@ int nla_memcmp(const struct nlattr *nla, const void *data,
+ */
+ int nla_strcmp(const struct nlattr *nla, const char *str)
+ {
+- int len = strlen(str) + 1;
+- int d = nla_len(nla) - len;
++ int len = strlen(str);
++ char *buf = nla_data(nla);
++ int attrlen = nla_len(nla);
++ int d;
+
++ if (attrlen > 0 && buf[attrlen - 1] == '\0')
++ attrlen--;
++
++ d = attrlen - len;
+ if (d == 0)
+ d = memcmp(nla_data(nla), str, len);
+
diff --git a/lib/radix-tree.c b/lib/radix-tree.c
index d9df745..e73c2fe 100644
--- a/lib/radix-tree.c
@@ -102698,7 +102831,7 @@ index 8da4481..d02565e 100644
+ (rtt >> sctp_rto_alpha);
} else {
diff --git a/net/socket.c b/net/socket.c
-index d4faade..002025a 100644
+index d4faade..3d43f20 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -88,6 +88,7 @@
@@ -102873,6 +103006,15 @@ index d4faade..002025a 100644
SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
unsigned, flags, struct sockaddr __user *, addr,
int, addr_len)
+@@ -1737,7 +1803,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
+ struct socket *sock;
+ struct iovec iov;
+ struct msghdr msg;
+- struct sockaddr_storage address;
++ struct sockaddr_storage address = { };
+ int err, err2;
+ int fput_needed;
+
@@ -1884,6 +1950,10 @@ static int copy_msghdr_from_user(struct msghdr *kmsg,
{
if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
@@ -102893,6 +103035,15 @@ index d4faade..002025a 100644
ctl_len))
goto out_freectl;
msg_sys->msg_control = ctl_buf;
+@@ -2117,7 +2187,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+ int err, iov_size, total_len, len;
+
+ /* kernel mode address */
+- struct sockaddr_storage addr;
++ struct sockaddr_storage addr = { };
+
+ /* user mode address pointers */
+ struct sockaddr __user *uaddr;
@@ -2148,7 +2218,8 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
/* Save the user-mode address (verify_iovec will change the
* kernel msghdr to use the kernel address space)
@@ -104477,14 +104628,14 @@ index cb1f50c..cef2a7c 100644
fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n",
diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
new file mode 100644
-index 0000000..3c23999
+index 0000000..edcbc3a
--- /dev/null
+++ b/scripts/gcc-plugin.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+srctree=$(dirname "$0")
-+gccplugins_dir=$("$3" -print-file-name=plugin)
-+plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
++gccplugins_dir=$($3 -print-file-name=plugin)
++plugincc=$($1 -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
+#include "gcc-common.h"
+#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX)
+#warning $2
@@ -106187,6 +106338,21 @@ index c1e18ba..7316d77 100644
if (ns_name) {
/* released below */
ns = aa_find_namespace(profile->ns, ns_name);
+diff --git a/security/apparmor/file.c b/security/apparmor/file.c
+index 7312db7..faf3f03 100644
+--- a/security/apparmor/file.c
++++ b/security/apparmor/file.c
+@@ -349,8 +349,8 @@ static inline bool xindex_is_subset(u32 link, u32 target)
+ int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
+ struct path *new_dir, struct dentry *new_dentry)
+ {
+- struct path link = { new_dir->mnt, new_dentry };
+- struct path target = { new_dir->mnt, old_dentry };
++ struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry };
++ struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry };
+ struct path_cond cond = {
+ old_dentry->d_inode->i_uid,
+ old_dentry->d_inode->i_mode
diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index cb1e93a..14f955c 100644
--- a/security/apparmor/include/apparmorfs.h
@@ -106277,7 +106443,7 @@ index aeda5cf..6776929 100644
};
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index 3783202..d70ae70 100644
+index 3783202..4cc8dbf 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -32,6 +32,7 @@
@@ -106288,6 +106454,35 @@ index 3783202..d70ae70 100644
#include "include/path.h"
#include "include/policy.h"
#include "include/procattr.h"
+@@ -186,7 +187,7 @@ static int common_perm_dir_dentry(int op, struct path *dir,
+ struct dentry *dentry, u32 mask,
+ struct path_cond *cond)
+ {
+- struct path path = { dir->mnt, dentry };
++ struct path path = { .mnt = dir->mnt, .dentry = dentry };
+
+ return common_perm(op, &path, mask, cond);
+ }
+@@ -203,7 +204,7 @@ static int common_perm_dir_dentry(int op, struct path *dir,
+ static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
+ struct dentry *dentry, u32 mask)
+ {
+- struct path path = { mnt, dentry };
++ struct path path = { .mnt = mnt, .dentry = dentry };
+ struct path_cond cond = { dentry->d_inode->i_uid,
+ dentry->d_inode->i_mode
+ };
+@@ -325,8 +326,8 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
+
+ profile = aa_current_profile();
+ if (!unconfined(profile)) {
+- struct path old_path = { old_dir->mnt, old_dentry };
+- struct path new_path = { new_dir->mnt, new_dentry };
++ struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry };
++ struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry };
+ struct path_cond cond = { old_dentry->d_inode->i_uid,
+ old_dentry->d_inode->i_mode
+ };
@@ -621,7 +622,105 @@ static int apparmor_task_setrlimit(struct task_struct *task,
return error;
}
@@ -107238,10 +107433,155 @@ index 7db62b4..ee4d949 100644
.name = "smack",
.ptrace_access_check = smack_ptrace_access_check,
+diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
+index 4003907..13a2b55 100644
+--- a/security/tomoyo/file.c
++++ b/security/tomoyo/file.c
+@@ -692,7 +692,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
+ {
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path,
++ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
+ };
+ int error = -ENOMEM;
+ struct tomoyo_path_info buf;
+@@ -740,7 +740,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
+ struct tomoyo_path_info buf;
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path,
++ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
+ };
+ int idx;
+
+@@ -786,7 +786,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path, const char *target)
+ {
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path,
++ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
+ };
+ int error;
+ struct tomoyo_path_info buf;
+@@ -843,7 +843,7 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
+ {
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path,
++ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
+ };
+ int error = -ENOMEM;
+ struct tomoyo_path_info buf;
+@@ -890,8 +890,8 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
+ struct tomoyo_path_info buf2;
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path1,
+- .path2 = *path2,
++ .path1 = { .mnt = path1->mnt, .dentry = path1->dentry },
++ .path2 = { .mnt = path2->mnt, .dentry = path2->dentry }
+ };
+ int idx;
+
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
-index 4b327b6..646c57a2b 100644
+index 4b327b6..c1f0860 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
+@@ -146,7 +146,7 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
+ */
+ static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
+ {
+- struct path path = { mnt, dentry };
++ struct path path = { .mnt = mnt, .dentry = dentry };
+ return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL);
+ }
+
+@@ -172,7 +172,7 @@ static int tomoyo_path_truncate(struct path *path)
+ */
+ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
+ }
+
+@@ -188,7 +188,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
+ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
+ int mode)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
+ mode & S_IALLUGO);
+ }
+@@ -203,7 +203,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
+ */
+ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
+ }
+
+@@ -219,7 +219,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
+ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
+ const char *old_name)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
+ }
+
+@@ -236,7 +236,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
+ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
+ int mode, unsigned int dev)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ int type = TOMOYO_TYPE_CREATE;
+ const unsigned int perm = mode & S_IALLUGO;
+
+@@ -275,8 +275,8 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
+ static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
+ struct dentry *new_dentry)
+ {
+- struct path path1 = { new_dir->mnt, old_dentry };
+- struct path path2 = { new_dir->mnt, new_dentry };
++ struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry };
++ struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry };
+ return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
+ }
+
+@@ -295,8 +295,8 @@ static int tomoyo_path_rename(struct path *old_parent,
+ struct path *new_parent,
+ struct dentry *new_dentry)
+ {
+- struct path path1 = { old_parent->mnt, old_dentry };
+- struct path path2 = { new_parent->mnt, new_dentry };
++ struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry };
++ struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry };
+ return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
+ }
+
+@@ -362,7 +362,7 @@ static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
+ static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
+ mode_t mode)
+ {
+- struct path path = { mnt, dentry };
++ struct path path = { .mnt = mnt, .dentry = dentry };
+ return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, &path,
+ mode & S_IALLUGO);
+ }
+@@ -425,7 +425,7 @@ static int tomoyo_sb_mount(char *dev_name, struct path *path,
+ */
+ static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
+ {
+- struct path path = { mnt, mnt->mnt_root };
++ struct path path = { .mnt = mnt, .dentry = mnt->mnt_root };
+ return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
+ }
+
@@ -504,7 +504,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
* tomoyo_security_ops is a "struct security_operations" which is used for
* registering TOMOYO.
@@ -107942,10 +108282,10 @@ index 0000000..4c2c45c
+size_overflow_hash.h
diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile
new file mode 100644
-index 0000000..b198b6d
+index 0000000..d25d472
--- /dev/null
+++ b/tools/gcc/Makefile
-@@ -0,0 +1,54 @@
+@@ -0,0 +1,60 @@
+#CC := gcc
+#PLUGIN_SOURCE_FILES := pax_plugin.c
+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
@@ -107984,22 +108324,28 @@ index 0000000..b198b6d
+structleak_plugin-objs := structleak_plugin.o
+randomize_layout_plugin-objs := randomize_layout_plugin.o
+
-+$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h
++$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h $(objtree)/$(obj)/size_overflow_hash_aux.h
+$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h
+
+quiet_cmd_build_size_overflow_hash = GENHASH $@
+ cmd_build_size_overflow_hash = \
-+ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -d $< -o $@
++ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -s size_overflow_hash -d $< -o $@
+$(objtree)/$(obj)/size_overflow_hash.h: $(src)/size_overflow_hash.data FORCE
+ $(call if_changed,build_size_overflow_hash)
+
++quiet_cmd_build_size_overflow_hash_aux = GENHASH $@
++ cmd_build_size_overflow_hash_aux = \
++ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -s size_overflow_hash_aux -d $< -o $@
++$(objtree)/$(obj)/size_overflow_hash_aux.h: $(src)/size_overflow_hash_aux.data FORCE
++ $(call if_changed,build_size_overflow_hash_aux)
++
+quiet_cmd_create_randomize_layout_seed = GENSEED $@
+ cmd_create_randomize_layout_seed = \
+ $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h
+$(objtree)/$(obj)/randomize_layout_seed.h: FORCE
+ $(call if_changed,create_randomize_layout_seed)
+
-+targets += size_overflow_hash.h randomize_layout_seed.h randomize_layout_hash.h
++targets += size_overflow_hash.h size_overflow_hash_aux.h randomize_layout_seed.h randomize_layout_hash.h
diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c
new file mode 100644
index 0000000..5452feea
@@ -108891,10 +109237,10 @@ index 0000000..4f67ac1
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..6dbb502
+index 0000000..8af3693
--- /dev/null
+++ b/tools/gcc/gcc-common.h
-@@ -0,0 +1,286 @@
+@@ -0,0 +1,287 @@
+#ifndef GCC_COMMON_H_INCLUDED
+#define GCC_COMMON_H_INCLUDED
+
@@ -109009,6 +109355,7 @@ index 0000000..6dbb502
+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I)
+#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
+#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I))
++#define TODO_rebuild_cgraph_edges 0
+
+static inline bool gimple_call_builtin_p(gimple stmt, enum built_in_function code)
+{
@@ -109197,10 +109544,10 @@ index 0000000..7514850
+fi
diff --git a/tools/gcc/generate_size_overflow_hash.sh b/tools/gcc/generate_size_overflow_hash.sh
new file mode 100644
-index 0000000..e518932
+index 0000000..791ca76
--- /dev/null
+++ b/tools/gcc/generate_size_overflow_hash.sh
-@@ -0,0 +1,94 @@
+@@ -0,0 +1,97 @@
+#!/bin/bash
+
+# This script generates the hash table (size_overflow_hash.h) for the size_overflow gcc plugin (size_overflow_plugin.c).
@@ -109208,6 +109555,7 @@ index 0000000..e518932
+header1="size_overflow_hash.h"
+database="size_overflow_hash.data"
+n=65536
++hashtable_name="size_overflow_hash"
+
+usage() {
+cat <<EOF
@@ -109217,6 +109565,7 @@ index 0000000..e518932
+ -o header file
+ -d database file
+ -n hash array size
++ -s name of the hash table
+EOF
+ return 0
+}
@@ -109228,6 +109577,7 @@ index 0000000..e518932
+ -n) n=$2; shift 2;;
+ -o) header1="$2"; shift 2;;
+ -d) database="$2"; shift 2;;
++ -s) hashtable_name="$2"; shift 2;;
+ --) shift 1; break ;;
+ *) break ;;
+ esac
@@ -109269,7 +109619,7 @@ index 0000000..e518932
+}
+
+create_headers() {
-+ echo "const struct size_overflow_hash * const size_overflow_hash[$n] = {" >> "$header1"
++ echo "const struct size_overflow_hash * const $hashtable_name[$n] = {" >> "$header1"
+}
+
+create_array_elements() {
@@ -111389,10 +111739,10 @@ index 0000000..8dafb22
+}
diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data
new file mode 100644
-index 0000000..7b67f2b
+index 0000000..6111b9b
--- /dev/null
+++ b/tools/gcc/size_overflow_hash.data
-@@ -0,0 +1,6001 @@
+@@ -0,0 +1,6002 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
@@ -116761,6 +117111,7 @@ index 0000000..7b67f2b
+iscsi_decode_text_input_58292 iscsi_decode_text_input 4 58292 NULL
+my_skb_head_push_58297 my_skb_head_push 2 58297 NULL
+ieee80211_if_read_dot11MeshTTL_58307 ieee80211_if_read_dot11MeshTTL 3 58307 NULL
++ext4_ext_truncate_extend_restart_58331 ext4_ext_truncate_extend_restart 0 58331 NULL
+next_pidmap_58347 next_pidmap 2-0 58347 NULL
+vmalloc_to_sg_58354 vmalloc_to_sg 2 58354 NULL
+sctp_make_init_58401 sctp_make_init 4 58401 NULL
@@ -117394,12 +117745,101 @@ index 0000000..7b67f2b
+ath_rx_edma_init_65483 ath_rx_edma_init 2 65483 NULL
+alloc_dr_65495 alloc_dr 2 65495 NULL
+selnl_msglen_65499 selnl_msglen 0 65499 NULL
+diff --git a/tools/gcc/size_overflow_hash_aux.data b/tools/gcc/size_overflow_hash_aux.data
+new file mode 100644
+index 0000000..5dd8a8f
+--- /dev/null
++++ b/tools/gcc/size_overflow_hash_aux.data
+@@ -0,0 +1,83 @@
++spa_set_aux_vdevs_746 spa_set_aux_vdevs 3 746 NULL
++mappedread_2627 mappedread 2 2627 NULL
++vdev_disk_dio_alloc_2957 vdev_disk_dio_alloc 1 2957 NULL
++nv_alloc_pushpage_spl_4286 nv_alloc_pushpage_spl 2 4286 NULL
++zpl_xattr_get_4574 zpl_xattr_get 0 4574 NULL
++sa_replace_all_by_template_5699 sa_replace_all_by_template 3 5699 NULL
++dmu_write_6048 dmu_write 4-3 6048 NULL
++dmu_buf_hold_array_6095 dmu_buf_hold_array 4-3 6095 NULL
++update_pages_6225 update_pages 2-3 6225 NULL
++bio_nr_pages_7117 bio_nr_pages 0-2 7117 NULL
++dmu_buf_hold_array_by_bonus_8562 dmu_buf_hold_array_by_bonus 3-2 8562 NULL
++zpios_dmu_write_8858 zpios_dmu_write 4-5 8858 NULL
++ddi_copyout_9401 ddi_copyout 3 9401 NULL
++avl_numnodes_12384 avl_numnodes 0 12384 NULL
++dmu_write_uio_dnode_12473 dmu_write_uio_dnode 3 12473 NULL
++dmu_xuio_init_12866 dmu_xuio_init 2 12866 NULL
++dmu_snapshot_realname_14632 dmu_snapshot_realname 4 14632 NULL
++kmem_alloc_debug_14852 kmem_alloc_debug 1 14852 NULL
++kmalloc_node_nofail_15151 kmalloc_node_nofail 1 15151 NULL
++dmu_write_uio_16351 dmu_write_uio 4 16351 NULL
++zfs_log_write_16524 zfs_log_write 6-5 16524 NULL
++sa_build_layouts_16910 sa_build_layouts 3 16910 NULL
++dsl_dir_namelen_17053 dsl_dir_namelen 0 17053 NULL
++sa_add_layout_entry_17507 sa_add_layout_entry 3 17507 NULL
++sa_attr_table_setup_18029 sa_attr_table_setup 3 18029 NULL
++uiocopy_18680 uiocopy 2 18680 NULL
++dmu_buf_hold_array_by_dnode_19125 dmu_buf_hold_array_by_dnode 2-3 19125 NULL
++zpl_acl_from_xattr_21141 zpl_acl_from_xattr 2 21141 NULL
++dsl_pool_tx_assign_init_22518 dsl_pool_tx_assign_init 2 22518 NULL
++sa_replace_all_by_template_locked_22533 sa_replace_all_by_template_locked 3 22533 NULL
++tsd_hash_table_init_22559 tsd_hash_table_init 1 22559 NULL
++spa_vdev_remove_aux_23966 spa_vdev_remove_aux 4 23966 NULL
++zpl_xattr_acl_set_access_24129 zpl_xattr_acl_set_access 4 24129 NULL
++dmu_assign_arcbuf_24622 dmu_assign_arcbuf 2 24622 NULL
++zap_lookup_norm_25166 zap_lookup_norm 9 25166 NULL
++dmu_prealloc_25456 dmu_prealloc 4-3 25456 NULL
++kmalloc_nofail_26347 kmalloc_nofail 1 26347 NULL
++zfsctl_snapshot_zpath_27578 zfsctl_snapshot_zpath 2 27578 NULL
++zpios_dmu_read_30015 zpios_dmu_read 4-5 30015 NULL
++splat_write_30943 splat_write 3 30943 NULL
++zpl_xattr_get_sa_31183 zpl_xattr_get_sa 0 31183 NULL
++dmu_read_uio_31467 dmu_read_uio 4 31467 NULL
++zfs_replay_fuids_31479 zfs_replay_fuids 4 31479 NULL
++spa_history_log_to_phys_31632 spa_history_log_to_phys 0-1 31632 NULL
++__zpl_xattr_get_32601 __zpl_xattr_get 0 32601 NULL
++proc_copyout_string_34049 proc_copyout_string 2 34049 NULL
++nv_alloc_sleep_spl_34544 nv_alloc_sleep_spl 2 34544 NULL
++nv_alloc_nosleep_spl_34761 nv_alloc_nosleep_spl 2 34761 NULL
++zap_leaf_array_match_36922 zap_leaf_array_match 4 36922 NULL
++copyinstr_36980 copyinstr 3 36980 NULL
++zpl_xattr_acl_set_default_37864 zpl_xattr_acl_set_default 4 37864 NULL
++splat_read_38116 splat_read 3 38116 NULL
++sa_setup_38756 sa_setup 4 38756 NULL
++vdev_disk_physio_39898 vdev_disk_physio 3 39898 NULL
++arc_buf_size_39982 arc_buf_size 0 39982 NULL
++kzalloc_nofail_40719 kzalloc_nofail 1 40719 NULL
++fuidstr_to_sid_40777 fuidstr_to_sid 4 40777 NULL
++vdev_raidz_matrix_reconstruct_40852 vdev_raidz_matrix_reconstruct 2-3 40852 NULL
++sa_find_layout_40892 sa_find_layout 4 40892 NULL
++zpl_xattr_get_dir_41918 zpl_xattr_get_dir 0 41918 NULL
++zpl_xattr_acl_set_42808 zpl_xattr_acl_set 4 42808 NULL
++xdr_dec_array_43091 xdr_dec_array 5 43091 NULL
++dsl_dataset_namelen_43136 dsl_dataset_namelen 0 43136 NULL
++uiomove_44355 uiomove 2 44355 NULL
++dmu_read_44418 dmu_read 4-3 44418 NULL
++ddi_copyin_44846 ddi_copyin 3 44846 NULL
++copyin_45945 copyin 3 45945 NULL
++zil_itx_create_46555 zil_itx_create 2 46555 NULL
++dmu_write_uio_dbuf_48064 dmu_write_uio_dbuf 3 48064 NULL
++spa_history_write_49650 spa_history_write 3 49650 NULL
++zfs_log_write_50162 zfs_log_write 6-5 50162 NULL
++i_fm_alloc_51038 i_fm_alloc 2 51038 NULL
++copyout_51409 copyout 3 51409 NULL
++zvol_log_write_54898 zvol_log_write 4-3 54898 NULL
++zfs_acl_node_alloc_55641 zfs_acl_node_alloc 1 55641 NULL
++get_nvlist_56685 get_nvlist 2 56685 NULL
++zprop_get_numprops_56820 zprop_get_numprops 0 56820 NULL
++splat_taskq_test4_common_59829 splat_taskq_test4_common 5 59829 NULL
++zfs_replay_domain_cnt_61399 zfs_replay_domain_cnt 0 61399 NULL
++zpios_write_61823 zpios_write 3 61823 NULL
++proc_copyin_string_62019 proc_copyin_string 4 62019 NULL
++random_get_pseudo_bytes_64611 random_get_pseudo_bytes 2 64611 NULL
++zpios_read_64734 zpios_read 3 64734 NULL
diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
new file mode 100644
-index 0000000..fa0524c
+index 0000000..0a9dd22
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin.c
-@@ -0,0 +1,4101 @@
+@@ -0,0 +1,4110 @@
+/*
+ * Copyright 2011-2014 by Emese Revfy <re.emese@gmail.com>
+ * Licensed under the GPL v2, or (at your option) v3
@@ -117428,7 +117868,7 @@ index 0000000..fa0524c
+int plugin_is_GPL_compatible;
+
+static struct plugin_info size_overflow_plugin_info = {
-+ .version = "20140317",
++ .version = "20140402",
+ .help = "no-size-overflow\tturn off size overflow checking\n",
+};
+
@@ -117456,6 +117896,7 @@ index 0000000..fa0524c
+};
+
+#include "size_overflow_hash.h"
++#include "size_overflow_hash_aux.h"
+
+enum mark {
+ MARK_NO, MARK_YES, MARK_NOT_INTENTIONAL, MARK_TURN_OFF
@@ -117847,6 +118288,16 @@ index 0000000..fa0524c
+ set_node_codes(TREE_VALUE(arg), fn_hash_data);
+}
+
++static const struct size_overflow_hash *get_proper_hash_chain(const struct size_overflow_hash *entry, const char *func_name)
++{
++ while (entry) {
++ if (!strcmp(entry->name, func_name))
++ return entry;
++ entry = entry->next;
++ }
++ return NULL;
++}
++
+static const struct size_overflow_hash *get_function_hash(const_tree fndecl)
+{
+ const struct size_overflow_hash *entry;
@@ -117867,13 +118318,11 @@ index 0000000..fa0524c
+ set_hash(func_name, &fn_hash_data);
+
+ entry = size_overflow_hash[fn_hash_data.hash];
-+
-+ while (entry) {
-+ if (!strcmp(entry->name, func_name))
-+ return entry;
-+ entry = entry->next;
-+ }
-+ return NULL;
++ entry = get_proper_hash_chain(entry, func_name);
++ if (entry)
++ return entry;
++ entry = size_overflow_hash_aux[fn_hash_data.hash];
++ return get_proper_hash_chain(entry, func_name);
+}
+
+static void print_missing_msg(const_tree func, unsigned int argnum)
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-04-07 15:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-04-04 15:23 [gentoo-commits] proj/hardened-patchset:master commit in: 3.13.8/, 3.2.56/ Anthony G. Basile
-- strict thread matches above, loose matches on Subject: below --
2014-04-07 15:22 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox