1 |
commit: 62e8f25d6636b09b18cb25cb1bb491cc026b5b08 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Nov 3 08:24:26 2015 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Nov 3 08:24:26 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=62e8f25d |
7 |
|
8 |
grsecurity-3.1-4.2.5-201511021814 |
9 |
|
10 |
4.2.5/0000_README | 2 +- |
11 |
...> 4420_grsecurity-3.1-4.2.5-201511021814.patch} | 318 +++++++++++++++------ |
12 |
2 files changed, 232 insertions(+), 88 deletions(-) |
13 |
|
14 |
diff --git a/4.2.5/0000_README b/4.2.5/0000_README |
15 |
index 0d8d90f..35d5d28 100644 |
16 |
--- a/4.2.5/0000_README |
17 |
+++ b/4.2.5/0000_README |
18 |
@@ -2,7 +2,7 @@ README |
19 |
----------------------------------------------------------------------------- |
20 |
Individual Patch Descriptions: |
21 |
----------------------------------------------------------------------------- |
22 |
-Patch: 4420_grsecurity-3.1-4.2.5-201510290852.patch |
23 |
+Patch: 4420_grsecurity-3.1-4.2.5-201511021814.patch |
24 |
From: http://www.grsecurity.net |
25 |
Desc: hardened-sources base patch from upstream grsecurity |
26 |
|
27 |
|
28 |
diff --git a/4.2.5/4420_grsecurity-3.1-4.2.5-201510290852.patch b/4.2.5/4420_grsecurity-3.1-4.2.5-201511021814.patch |
29 |
similarity index 99% |
30 |
rename from 4.2.5/4420_grsecurity-3.1-4.2.5-201510290852.patch |
31 |
rename to 4.2.5/4420_grsecurity-3.1-4.2.5-201511021814.patch |
32 |
index db09c8a..52245c5 100644 |
33 |
--- a/4.2.5/4420_grsecurity-3.1-4.2.5-201510290852.patch |
34 |
+++ b/4.2.5/4420_grsecurity-3.1-4.2.5-201511021814.patch |
35 |
@@ -25173,7 +25173,7 @@ index d25097c..e2df353 100644 |
36 |
return MXCSR_DEFAULT; |
37 |
} |
38 |
diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c |
39 |
-index d14e9ac..f1334f8 100644 |
40 |
+index d14e9ac..13442f0 100644 |
41 |
--- a/arch/x86/kernel/fpu/init.c |
42 |
+++ b/arch/x86/kernel/fpu/init.c |
43 |
@@ -42,7 +42,7 @@ static void fpu__init_cpu_generic(void) |
44 |
@@ -25229,17 +25229,7 @@ index d14e9ac..f1334f8 100644 |
45 |
|
46 |
/* |
47 |
* Set up the xstate_size based on the legacy FPU context size. |
48 |
-@@ -300,6 +265,9 @@ static void __init fpu__init_system_ctx_switch(void) |
49 |
- } |
50 |
- } |
51 |
- |
52 |
-+ /* XXX: Temporarily forcing eager FPU mode */ |
53 |
-+ eagerfpu = ENABLE; |
54 |
-+ |
55 |
- if (eagerfpu == ENABLE) |
56 |
- setup_force_cpu_cap(X86_FEATURE_EAGER_FPU); |
57 |
- |
58 |
-@@ -331,7 +299,6 @@ void __init fpu__init_system(struct cpuinfo_x86 *c) |
59 |
+@@ -331,7 +296,6 @@ void __init fpu__init_system(struct cpuinfo_x86 *c) |
60 |
fpu__init_system_generic(); |
61 |
fpu__init_system_xstate_size_legacy(); |
62 |
fpu__init_system_xstate(); |
63 |
@@ -27814,7 +27804,7 @@ index adf0392..88a7576 100644 |
64 |
dma_generic_free_coherent(dev, size, vaddr, dma_addr, attrs); |
65 |
} |
66 |
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c |
67 |
-index c27cad7..47e3f47 100644 |
68 |
+index c27cad7..cc494be 100644 |
69 |
--- a/arch/x86/kernel/process.c |
70 |
+++ b/arch/x86/kernel/process.c |
71 |
@@ -15,6 +15,7 @@ |
72 |
@@ -27843,7 +27833,7 @@ index c27cad7..47e3f47 100644 |
73 |
}; |
74 |
EXPORT_PER_CPU_SYMBOL(cpu_tss); |
75 |
|
76 |
-@@ -75,17 +78,35 @@ void idle_notifier_unregister(struct notifier_block *n) |
77 |
+@@ -75,17 +78,37 @@ void idle_notifier_unregister(struct notifier_block *n) |
78 |
EXPORT_SYMBOL_GPL(idle_notifier_unregister); |
79 |
#endif |
80 |
|
81 |
@@ -27866,8 +27856,10 @@ index c27cad7..47e3f47 100644 |
82 |
{ |
83 |
- memcpy(dst, src, arch_task_struct_size); |
84 |
+ *dst = *src; |
85 |
- |
86 |
++ |
87 |
+ dst->thread.fpu.state = kmem_cache_alloc_node(fpregs_state_cachep, GFP_KERNEL, tsk_fork_get_node(src)); |
88 |
++ memcpy(dst->thread.fpu.state, src->thread.fpu.state, xstate_size); |
89 |
+ |
90 |
return fpu__copy(&dst->thread.fpu, &src->thread.fpu); |
91 |
} |
92 |
|
93 |
@@ -27880,7 +27872,7 @@ index c27cad7..47e3f47 100644 |
94 |
/* |
95 |
* Free current thread data structures etc.. |
96 |
*/ |
97 |
-@@ -97,7 +118,7 @@ void exit_thread(void) |
98 |
+@@ -97,7 +120,7 @@ void exit_thread(void) |
99 |
struct fpu *fpu = &t->fpu; |
100 |
|
101 |
if (bp) { |
102 |
@@ -27889,7 +27881,7 @@ index c27cad7..47e3f47 100644 |
103 |
|
104 |
t->io_bitmap_ptr = NULL; |
105 |
clear_thread_flag(TIF_IO_BITMAP); |
106 |
-@@ -117,6 +138,9 @@ void flush_thread(void) |
107 |
+@@ -117,6 +140,9 @@ void flush_thread(void) |
108 |
{ |
109 |
struct task_struct *tsk = current; |
110 |
|
111 |
@@ -27899,7 +27891,7 @@ index c27cad7..47e3f47 100644 |
112 |
flush_ptrace_hw_breakpoint(tsk); |
113 |
memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array)); |
114 |
|
115 |
-@@ -258,7 +282,7 @@ static void __exit_idle(void) |
116 |
+@@ -258,7 +284,7 @@ static void __exit_idle(void) |
117 |
void exit_idle(void) |
118 |
{ |
119 |
/* idle loop has pid 0 */ |
120 |
@@ -27908,7 +27900,7 @@ index c27cad7..47e3f47 100644 |
121 |
return; |
122 |
__exit_idle(); |
123 |
} |
124 |
-@@ -311,7 +335,7 @@ bool xen_set_default_idle(void) |
125 |
+@@ -311,7 +337,7 @@ bool xen_set_default_idle(void) |
126 |
return ret; |
127 |
} |
128 |
#endif |
129 |
@@ -27917,7 +27909,7 @@ index c27cad7..47e3f47 100644 |
130 |
{ |
131 |
local_irq_disable(); |
132 |
/* |
133 |
-@@ -488,16 +512,40 @@ static int __init idle_setup(char *str) |
134 |
+@@ -488,16 +514,40 @@ static int __init idle_setup(char *str) |
135 |
} |
136 |
early_param("idle", idle_setup); |
137 |
|
138 |
@@ -49948,9 +49940,18 @@ index e8c96b8..516a96c 100644 |
139 |
Say Y here if you want to support for Freescale FlexCAN. |
140 |
|
141 |
diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c |
142 |
-index aede704..b516b4d 100644 |
143 |
+index aede704..ca734ed 100644 |
144 |
--- a/drivers/net/can/dev.c |
145 |
+++ b/drivers/net/can/dev.c |
146 |
+@@ -915,7 +915,7 @@ static int can_fill_info(struct sk_buff *skb, const struct net_device *dev) |
147 |
+ nla_put(skb, IFLA_CAN_BITTIMING_CONST, |
148 |
+ sizeof(*priv->bittiming_const), priv->bittiming_const)) || |
149 |
+ |
150 |
+- nla_put(skb, IFLA_CAN_CLOCK, sizeof(cm), &priv->clock) || |
151 |
++ nla_put(skb, IFLA_CAN_CLOCK, sizeof(priv->clock), &priv->clock) || |
152 |
+ nla_put_u32(skb, IFLA_CAN_STATE, state) || |
153 |
+ nla_put(skb, IFLA_CAN_CTRLMODE, sizeof(cm), &cm) || |
154 |
+ nla_put_u32(skb, IFLA_CAN_RESTART_MS, priv->restart_ms) || |
155 |
@@ -961,7 +961,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev, |
156 |
return -EOPNOTSUPP; |
157 |
} |
158 |
@@ -51028,6 +51029,19 @@ index e5ba040..d47531c 100644 |
159 |
smp_mb(); |
160 |
|
161 |
/* need lock to prevent incorrect read while modifying cyclecounter */ |
162 |
+diff --git a/drivers/net/ethernet/mellanox/mlx4/cmd.c b/drivers/net/ethernet/mellanox/mlx4/cmd.c |
163 |
+index 0a32020..2177e56 100644 |
164 |
+--- a/drivers/net/ethernet/mellanox/mlx4/cmd.c |
165 |
++++ b/drivers/net/ethernet/mellanox/mlx4/cmd.c |
166 |
+@@ -2398,7 +2398,7 @@ int mlx4_multi_func_init(struct mlx4_dev *dev) |
167 |
+ } |
168 |
+ } |
169 |
+ |
170 |
+- memset(&priv->mfunc.master.cmd_eqe, 0, dev->caps.eqe_size); |
171 |
++ memset(&priv->mfunc.master.cmd_eqe, 0, sizeof(struct mlx4_eqe)); |
172 |
+ priv->mfunc.master.cmd_eqe.type = MLX4_EVENT_TYPE_CMD; |
173 |
+ INIT_WORK(&priv->mfunc.master.comm_work, |
174 |
+ mlx4_master_comm_channel); |
175 |
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_tx.c b/drivers/net/ethernet/mellanox/mlx4/en_tx.c |
176 |
index c10d98f..72914c6 100644 |
177 |
--- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c |
178 |
@@ -51043,6 +51057,19 @@ index c10d98f..72914c6 100644 |
179 |
|
180 |
netdev_tx_completed_queue(ring->tx_queue, packets, bytes); |
181 |
|
182 |
+diff --git a/drivers/net/ethernet/mellanox/mlx4/eq.c b/drivers/net/ethernet/mellanox/mlx4/eq.c |
183 |
+index 8e81e53..ad8f95d 100644 |
184 |
+--- a/drivers/net/ethernet/mellanox/mlx4/eq.c |
185 |
++++ b/drivers/net/ethernet/mellanox/mlx4/eq.c |
186 |
+@@ -196,7 +196,7 @@ static void slave_event(struct mlx4_dev *dev, u8 slave, struct mlx4_eqe *eqe) |
187 |
+ return; |
188 |
+ } |
189 |
+ |
190 |
+- memcpy(s_eqe, eqe, dev->caps.eqe_size - 1); |
191 |
++ memcpy(s_eqe, eqe, sizeof(struct mlx4_eqe) - 1); |
192 |
+ s_eqe->slave_id = slave; |
193 |
+ /* ensure all information is written before setting the ownersip bit */ |
194 |
+ dma_wmb(); |
195 |
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c |
196 |
index 40206da..9d94643 100644 |
197 |
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c |
198 |
@@ -53012,9 +53039,18 @@ index f66be86..6cbcabb 100644 |
199 |
|
200 |
/** |
201 |
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c |
202 |
-index 312f23a..d21181c 100644 |
203 |
+index 312f23a..8c8b922 100644 |
204 |
--- a/drivers/pci/pci-sysfs.c |
205 |
+++ b/drivers/pci/pci-sysfs.c |
206 |
+@@ -216,7 +216,7 @@ static ssize_t numa_node_store(struct device *dev, |
207 |
+ if (ret) |
208 |
+ return ret; |
209 |
+ |
210 |
+- if (!node_online(node)) |
211 |
++ if (node >= MAX_NUMNODES || !node_online(node)) |
212 |
+ return -EINVAL; |
213 |
+ |
214 |
+ add_taint(TAINT_FIRMWARE_WORKAROUND, LOCKDEP_STILL_OK); |
215 |
@@ -1140,7 +1140,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine) |
216 |
{ |
217 |
/* allocate attribute structure, piggyback attribute name */ |
218 |
@@ -74263,7 +74299,7 @@ index 0000000..43d7c4f |
219 |
+:1095D00080000A8080000A00800009808000090065 |
220 |
+:00000001FF |
221 |
diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt |
222 |
-index 2d0cbbd..a6d6149 100644 |
223 |
+index 2d0cbbd..a6d61492 100644 |
224 |
--- a/fs/Kconfig.binfmt |
225 |
+++ b/fs/Kconfig.binfmt |
226 |
@@ -103,7 +103,7 @@ config HAVE_AOUT |
227 |
@@ -81535,8 +81571,35 @@ index e33dab2..cdbdad9 100644 |
228 |
} |
229 |
} |
230 |
putname(tmp); |
231 |
+diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c |
232 |
+index 84d693d..871fcb6 100644 |
233 |
+--- a/fs/overlayfs/copy_up.c |
234 |
++++ b/fs/overlayfs/copy_up.c |
235 |
+@@ -81,11 +81,11 @@ static int ovl_copy_up_data(struct path *old, struct path *new, loff_t len) |
236 |
+ if (len == 0) |
237 |
+ return 0; |
238 |
+ |
239 |
+- old_file = ovl_path_open(old, O_RDONLY); |
240 |
++ old_file = ovl_path_open(old, O_LARGEFILE | O_RDONLY); |
241 |
+ if (IS_ERR(old_file)) |
242 |
+ return PTR_ERR(old_file); |
243 |
+ |
244 |
+- new_file = ovl_path_open(new, O_WRONLY); |
245 |
++ new_file = ovl_path_open(new, O_LARGEFILE | O_WRONLY); |
246 |
+ if (IS_ERR(new_file)) { |
247 |
+ error = PTR_ERR(new_file); |
248 |
+ goto out_fput; |
249 |
+@@ -267,7 +267,7 @@ out: |
250 |
+ |
251 |
+ out_cleanup: |
252 |
+ ovl_cleanup(wdir, newdentry); |
253 |
+- goto out; |
254 |
++ goto out2; |
255 |
+ } |
256 |
+ |
257 |
+ /* |
258 |
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c |
259 |
-index d9da5a4..7ced3c7 100644 |
260 |
+index d9da5a4..f9b5b82 100644 |
261 |
--- a/fs/overlayfs/inode.c |
262 |
+++ b/fs/overlayfs/inode.c |
263 |
@@ -346,6 +346,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags) |
264 |
@@ -81549,8 +81612,18 @@ index d9da5a4..7ced3c7 100644 |
265 |
type = ovl_path_real(dentry, &realpath); |
266 |
if (ovl_open_need_copy_up(file_flags, type, realpath.dentry)) { |
267 |
err = ovl_want_write(dentry); |
268 |
+@@ -363,6 +366,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags) |
269 |
+ ovl_path_upper(dentry, &realpath); |
270 |
+ } |
271 |
+ |
272 |
++ if (realpath.dentry->d_flags & DCACHE_OP_SELECT_INODE) |
273 |
++ return realpath.dentry->d_op->d_select_inode(realpath.dentry, file_flags); |
274 |
++ |
275 |
+ return d_backing_inode(realpath.dentry); |
276 |
+ } |
277 |
+ |
278 |
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c |
279 |
-index 79073d6..0eb5c27 100644 |
280 |
+index 79073d6..6fc10e4 100644 |
281 |
--- a/fs/overlayfs/super.c |
282 |
+++ b/fs/overlayfs/super.c |
283 |
@@ -172,7 +172,7 @@ void ovl_path_lower(struct dentry *dentry, struct path *path) |
284 |
@@ -81562,7 +81635,15 @@ index 79073d6..0eb5c27 100644 |
285 |
} |
286 |
|
287 |
int ovl_want_write(struct dentry *dentry) |
288 |
-@@ -879,8 +879,8 @@ static unsigned int ovl_split_lowerdirs(char *str) |
289 |
+@@ -544,6 +544,7 @@ static void ovl_put_super(struct super_block *sb) |
290 |
+ mntput(ufs->upper_mnt); |
291 |
+ for (i = 0; i < ufs->numlower; i++) |
292 |
+ mntput(ufs->lower_mnt[i]); |
293 |
++ kfree(ufs->lower_mnt); |
294 |
+ |
295 |
+ kfree(ufs->config.lowerdir); |
296 |
+ kfree(ufs->config.upperdir); |
297 |
+@@ -879,8 +880,8 @@ static unsigned int ovl_split_lowerdirs(char *str) |
298 |
|
299 |
static int ovl_fill_super(struct super_block *sb, void *data, int silent) |
300 |
{ |
301 |
@@ -81573,6 +81654,14 @@ index 79073d6..0eb5c27 100644 |
302 |
struct dentry *root_dentry; |
303 |
struct ovl_entry *oe; |
304 |
struct ovl_fs *ufs; |
305 |
+@@ -1048,6 +1049,7 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent) |
306 |
+ oe->lowerstack[i].dentry = stack[i].dentry; |
307 |
+ oe->lowerstack[i].mnt = ufs->lower_mnt[i]; |
308 |
+ } |
309 |
++ kfree(stack); |
310 |
+ |
311 |
+ root_dentry->d_fsdata = oe; |
312 |
+ |
313 |
diff --git a/fs/pipe.c b/fs/pipe.c |
314 |
index 8865f79..bd2c79b 100644 |
315 |
--- a/fs/pipe.c |
316 |
@@ -82879,12 +82968,34 @@ index 92e6726..a600d4fa 100644 |
317 |
.priority = 0, |
318 |
}; |
319 |
diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c |
320 |
-index d3ebf2e..6ad42d1 100644 |
321 |
+index d3ebf2e..abe1823 100644 |
322 |
--- a/fs/proc/meminfo.c |
323 |
+++ b/fs/proc/meminfo.c |
324 |
-@@ -194,7 +194,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v) |
325 |
- vmi.used >> 10, |
326 |
- vmi.largest_chunk >> 10 |
327 |
+@@ -27,7 +27,6 @@ static int meminfo_proc_show(struct seq_file *m, void *v) |
328 |
+ { |
329 |
+ struct sysinfo i; |
330 |
+ unsigned long committed; |
331 |
+- struct vmalloc_info vmi; |
332 |
+ long cached; |
333 |
+ long available; |
334 |
+ unsigned long pagecache; |
335 |
+@@ -49,8 +48,6 @@ static int meminfo_proc_show(struct seq_file *m, void *v) |
336 |
+ if (cached < 0) |
337 |
+ cached = 0; |
338 |
+ |
339 |
+- get_vmalloc_info(&vmi); |
340 |
+- |
341 |
+ for (lru = LRU_BASE; lru < NR_LRU_LISTS; lru++) |
342 |
+ pages[lru] = global_page_state(NR_LRU_BASE + lru); |
343 |
+ |
344 |
+@@ -191,10 +188,10 @@ static int meminfo_proc_show(struct seq_file *m, void *v) |
345 |
+ K(vm_commit_limit()), |
346 |
+ K(committed), |
347 |
+ (unsigned long)VMALLOC_TOTAL >> 10, |
348 |
+- vmi.used >> 10, |
349 |
+- vmi.largest_chunk >> 10 |
350 |
++ 0ul, // used to be vmalloc 'used' |
351 |
++ 0ul // used to be vmalloc 'largest_chunk' |
352 |
#ifdef CONFIG_MEMORY_FAILURE |
353 |
- , atomic_long_read(&num_poisoned_pages) << (PAGE_SHIFT - 10) |
354 |
+ , atomic_long_read_unchecked(&num_poisoned_pages) << (PAGE_SHIFT - 10) |
355 |
@@ -97005,7 +97116,7 @@ index a76c917..63b52db 100644 |
356 |
asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, compat_size_t); |
357 |
/* |
358 |
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h |
359 |
-index dfaa7b3..d8bb2a0 100644 |
360 |
+index dfaa7b3..58cebfb 100644 |
361 |
--- a/include/linux/compiler-gcc.h |
362 |
+++ b/include/linux/compiler-gcc.h |
363 |
@@ -116,8 +116,8 @@ |
364 |
@@ -97058,17 +97169,6 @@ index dfaa7b3..d8bb2a0 100644 |
365 |
/* |
366 |
* Mark a position in code as unreachable. This can be used to |
367 |
* suppress control flow warnings after asm blocks that transfer |
368 |
-@@ -237,6 +266,10 @@ |
369 |
- #define KASAN_ABI_VERSION 3 |
370 |
- #endif |
371 |
- |
372 |
-+#if GCC_VERSION >= 50000 |
373 |
-+//#define CC_HAVE_BUILTIN_OVERFLOW |
374 |
-+#endif |
375 |
-+ |
376 |
- #endif /* gcc version >= 40000 specific checks */ |
377 |
- |
378 |
- #if !defined(__noclone) |
379 |
diff --git a/include/linux/compiler.h b/include/linux/compiler.h |
380 |
index e08a6ae..2e5e776 100644 |
381 |
--- a/include/linux/compiler.h |
382 |
@@ -100708,30 +100808,6 @@ index b2a0f15..4d7da32 100644 |
383 |
|
384 |
/** create a directory */ |
385 |
struct dentry *oprofilefs_mkdir(struct dentry *parent, char const *name); |
386 |
-diff --git a/include/linux/overflow-arith.h b/include/linux/overflow-arith.h |
387 |
-new file mode 100644 |
388 |
-index 0000000..e12ccf8 |
389 |
---- /dev/null |
390 |
-+++ b/include/linux/overflow-arith.h |
391 |
-@@ -0,0 +1,18 @@ |
392 |
-+#pragma once |
393 |
-+ |
394 |
-+#include <linux/kernel.h> |
395 |
-+ |
396 |
-+#ifdef CC_HAVE_BUILTIN_OVERFLOW |
397 |
-+ |
398 |
-+#define overflow_usub __builtin_usub_overflow |
399 |
-+ |
400 |
-+#else |
401 |
-+ |
402 |
-+static inline bool overflow_usub(unsigned int a, unsigned int b, |
403 |
-+ unsigned int *res) |
404 |
-+{ |
405 |
-+ *res = a - b; |
406 |
-+ return *res > a ? true : false; |
407 |
-+} |
408 |
-+ |
409 |
-+#endif |
410 |
diff --git a/include/linux/padata.h b/include/linux/padata.h |
411 |
index 4386946..f50c615 100644 |
412 |
--- a/include/linux/padata.h |
413 |
@@ -102802,7 +102878,7 @@ index b483abd..af305ad 100644 |
414 |
#endif |
415 |
#endif /* _LINUX_VGA_SWITCHEROO_H_ */ |
416 |
diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h |
417 |
-index 0ec5983..d5888bb 100644 |
418 |
+index 0ec5983..66d8171 100644 |
419 |
--- a/include/linux/vmalloc.h |
420 |
+++ b/include/linux/vmalloc.h |
421 |
@@ -18,6 +18,14 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */ |
422 |
@@ -102848,6 +102924,29 @@ index 0ec5983..d5888bb 100644 |
423 |
|
424 |
/* |
425 |
* Internals. Dont't use.. |
426 |
+@@ -182,22 +195,10 @@ pcpu_free_vm_areas(struct vm_struct **vms, int nr_vms) |
427 |
+ # endif |
428 |
+ #endif |
429 |
+ |
430 |
+-struct vmalloc_info { |
431 |
+- unsigned long used; |
432 |
+- unsigned long largest_chunk; |
433 |
+-}; |
434 |
+- |
435 |
+ #ifdef CONFIG_MMU |
436 |
+ #define VMALLOC_TOTAL (VMALLOC_END - VMALLOC_START) |
437 |
+-extern void get_vmalloc_info(struct vmalloc_info *vmi); |
438 |
+ #else |
439 |
+- |
440 |
+ #define VMALLOC_TOTAL 0UL |
441 |
+-#define get_vmalloc_info(vmi) \ |
442 |
+-do { \ |
443 |
+- (vmi)->used = 0; \ |
444 |
+- (vmi)->largest_chunk = 0; \ |
445 |
+-} while (0) |
446 |
+ #endif |
447 |
+ |
448 |
+ #endif /* _LINUX_VMALLOC_H */ |
449 |
diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h |
450 |
index 82e7db7..f8ce3d0 100644 |
451 |
--- a/include/linux/vmstat.h |
452 |
@@ -117219,7 +117318,7 @@ index 68ff8a5..40c7a70 100644 |
453 |
|
454 |
if (len > buflen) |
455 |
diff --git a/mm/vmalloc.c b/mm/vmalloc.c |
456 |
-index 2faaa29..c816cf4 100644 |
457 |
+index 2faaa29..7ac7a6d 100644 |
458 |
--- a/mm/vmalloc.c |
459 |
+++ b/mm/vmalloc.c |
460 |
@@ -40,20 +40,65 @@ struct vfree_deferred { |
461 |
@@ -117565,6 +117664,59 @@ index 2faaa29..c816cf4 100644 |
462 |
|
463 |
if (v->nr_pages) |
464 |
seq_printf(m, " pages=%d", v->nr_pages); |
465 |
+@@ -2688,52 +2844,5 @@ static int __init proc_vmalloc_init(void) |
466 |
+ } |
467 |
+ module_init(proc_vmalloc_init); |
468 |
+ |
469 |
+-void get_vmalloc_info(struct vmalloc_info *vmi) |
470 |
+-{ |
471 |
+- struct vmap_area *va; |
472 |
+- unsigned long free_area_size; |
473 |
+- unsigned long prev_end; |
474 |
+- |
475 |
+- vmi->used = 0; |
476 |
+- vmi->largest_chunk = 0; |
477 |
+- |
478 |
+- prev_end = VMALLOC_START; |
479 |
+- |
480 |
+- rcu_read_lock(); |
481 |
+- |
482 |
+- if (list_empty(&vmap_area_list)) { |
483 |
+- vmi->largest_chunk = VMALLOC_TOTAL; |
484 |
+- goto out; |
485 |
+- } |
486 |
+- |
487 |
+- list_for_each_entry_rcu(va, &vmap_area_list, list) { |
488 |
+- unsigned long addr = va->va_start; |
489 |
+- |
490 |
+- /* |
491 |
+- * Some archs keep another range for modules in vmalloc space |
492 |
+- */ |
493 |
+- if (addr < VMALLOC_START) |
494 |
+- continue; |
495 |
+- if (addr >= VMALLOC_END) |
496 |
+- break; |
497 |
+- |
498 |
+- if (va->flags & (VM_LAZY_FREE | VM_LAZY_FREEING)) |
499 |
+- continue; |
500 |
+- |
501 |
+- vmi->used += (va->va_end - va->va_start); |
502 |
+- |
503 |
+- free_area_size = addr - prev_end; |
504 |
+- if (vmi->largest_chunk < free_area_size) |
505 |
+- vmi->largest_chunk = free_area_size; |
506 |
+- |
507 |
+- prev_end = va->va_end; |
508 |
+- } |
509 |
+- |
510 |
+- if (VMALLOC_END - prev_end > vmi->largest_chunk) |
511 |
+- vmi->largest_chunk = VMALLOC_END - prev_end; |
512 |
+- |
513 |
+-out: |
514 |
+- rcu_read_unlock(); |
515 |
+-} |
516 |
+ #endif |
517 |
+ |
518 |
diff --git a/mm/vmstat.c b/mm/vmstat.c |
519 |
index 4f5cd97..9fb715a 100644 |
520 |
--- a/mm/vmstat.c |
521 |
@@ -120773,29 +120925,18 @@ index 69f4f68..1f97524 100644 |
522 |
.maxtype = IFLA_GRE_MAX, |
523 |
.policy = ip6gre_policy, |
524 |
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c |
525 |
-index d5f7716..b4b3821 100644 |
526 |
+index d5f7716..7da025a 100644 |
527 |
--- a/net/ipv6/ip6_output.c |
528 |
+++ b/net/ipv6/ip6_output.c |
529 |
-@@ -28,6 +28,7 @@ |
530 |
- |
531 |
- #include <linux/errno.h> |
532 |
- #include <linux/kernel.h> |
533 |
-+#include <linux/overflow-arith.h> |
534 |
- #include <linux/string.h> |
535 |
- #include <linux/socket.h> |
536 |
- #include <linux/net.h> |
537 |
-@@ -581,7 +582,10 @@ int ip6_fragment(struct sock *sk, struct sk_buff *skb, |
538 |
+@@ -581,6 +581,8 @@ int ip6_fragment(struct sock *sk, struct sk_buff *skb, |
539 |
if (np->frag_size) |
540 |
mtu = np->frag_size; |
541 |
} |
542 |
-- mtu -= hlen + sizeof(struct frag_hdr); |
543 |
-+ |
544 |
-+ if (overflow_usub(mtu, hlen + sizeof(struct frag_hdr), &mtu) || |
545 |
-+ mtu <= 7) |
546 |
++ if (mtu < hlen + sizeof(struct frag_hdr) + 8) |
547 |
+ goto fail_toobig; |
548 |
+ mtu -= hlen + sizeof(struct frag_hdr); |
549 |
|
550 |
frag_id = ipv6_select_ident(net, &ipv6_hdr(skb)->daddr, |
551 |
- &ipv6_hdr(skb)->saddr); |
552 |
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c |
553 |
index 2e67b66..b816b34 100644 |
554 |
--- a/net/ipv6/ip6_tunnel.c |
555 |
@@ -144927,10 +145068,10 @@ index 0000000..37e2e91 |
556 |
+#endif |
557 |
diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c |
558 |
new file mode 100644 |
559 |
-index 0000000..f888be6 |
560 |
+index 0000000..62eb578 |
561 |
--- /dev/null |
562 |
+++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c |
563 |
-@@ -0,0 +1,944 @@ |
564 |
+@@ -0,0 +1,947 @@ |
565 |
+/* |
566 |
+ * Copyright 2011-2015 by Emese Revfy <re.emese@×××××.com> |
567 |
+ * Licensed under the GPL v2, or (at your option) v3 |
568 |
@@ -145138,6 +145279,9 @@ index 0000000..f888be6 |
569 |
+ switch (TREE_CODE(node)) { |
570 |
+ case COMPONENT_REF: |
571 |
+ cur_decl = search_field_decl(node); |
572 |
++ // !!! temporarily ignore bitfield types |
573 |
++ if (DECL_BIT_FIELD_TYPE(cur_decl)) |
574 |
++ return MARK_YES; |
575 |
+ if (is_turn_off_intentional_attr(cur_decl)) |
576 |
+ return MARK_TURN_OFF; |
577 |
+ if (is_end_intentional_intentional_attr(cur_decl)) |
578 |
@@ -169141,7 +169285,7 @@ index 0000000..6075e8f |
579 |
+ |
580 |
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c |
581 |
new file mode 100644 |
582 |
-index 0000000..b6d179f |
583 |
+index 0000000..a82cc026 |
584 |
--- /dev/null |
585 |
+++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c |
586 |
@@ -0,0 +1,318 @@ |
587 |
@@ -169176,7 +169320,7 @@ index 0000000..b6d179f |
588 |
+tree size_overflow_type_TI; |
589 |
+ |
590 |
+static struct plugin_info size_overflow_plugin_info = { |
591 |
-+ .version = "20151026", |
592 |
++ .version = "20151029", |
593 |
+ .help = "no-size-overflow\tturn off size overflow checking\n", |
594 |
+}; |
595 |
+ |