Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.3.7/, 3.2.18/
Date: Sat, 02 Jun 2012 15:11:16
Message-Id: 1338649838.c45578be354c1ce6ae67b344e406fa59856eacec.blueness@gentoo
1 commit: c45578be354c1ce6ae67b344e406fa59856eacec
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sat Jun 2 15:10:38 2012 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sat Jun 2 15:10:38 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=c45578be
7
8 Grsec/PaX: 2.9-{2.6.32.59,3.2.18,3.3.7}-201206011935
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ...20_grsecurity-2.9-2.6.32.59-201206011934.patch} | 277 ++++++++--------
13 3.2.18/0000_README | 2 +-
14 ... 4420_grsecurity-2.9-3.2.18-201206011935.patch} | 357 +++++++++++---------
15 3.3.7/0000_README | 2 +-
16 ...> 4420_grsecurity-2.9-3.3.7-201206011935.patch} | 344 ++++++++++---------
17 6 files changed, 519 insertions(+), 465 deletions(-)
18
19 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
20 index 6bb8c69..4b5c6dc 100644
21 --- a/2.6.32/0000_README
22 +++ b/2.6.32/0000_README
23 @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch
24 From: http://www.kernel.org
25 Desc: Linux 2.6.32.59
26
27 -Patch: 4420_grsecurity-2.9-2.6.32.59-201205271952.patch
28 +Patch: 4420_grsecurity-2.9-2.6.32.59-201206011934.patch
29 From: http://www.grsecurity.net
30 Desc: hardened-sources base patch from upstream grsecurity
31
32
33 diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201205271952.patch b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201206011934.patch
34 similarity index 99%
35 rename from 2.6.32/4420_grsecurity-2.9-2.6.32.59-201205271952.patch
36 rename to 2.6.32/4420_grsecurity-2.9-2.6.32.59-201206011934.patch
37 index dc0f735..d2b4115 100644
38 --- a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201205271952.patch
39 +++ b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201206011934.patch
40 @@ -213,7 +213,7 @@ index 613da5d..4fe3eda 100644
41 M: Liam Girdwood <lrg@××××××××××××.uk>
42 M: Mark Brown <broonie@×××××××××××××××××××××××.com>
43 diff --git a/Makefile b/Makefile
44 -index 3a9a721..563f9e9 100644
45 +index 3a9a721..683dc09 100644
46 --- a/Makefile
47 +++ b/Makefile
48 @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
49 @@ -228,20 +228,7 @@ index 3a9a721..563f9e9 100644
50
51 # Decide whether to build built-in, modular, or both.
52 # Normally, just do built-in.
53 -@@ -334,9 +335,10 @@ CFLAGS_GCOV = -fprofile-arcs -ftest-coverage
54 -
55 - # Use LINUXINCLUDE when you must reference the include/ directory.
56 - # Needed to be compatible with the O= option
57 --LINUXINCLUDE := -Iinclude \
58 -+LINUXINCLUDE := -isystem include \
59 - $(if $(KBUILD_SRC),-Iinclude2 -I$(srctree)/include) \
60 -- -I$(srctree)/arch/$(hdr-arch)/include \
61 -+ -isystem arch/$(hdr-arch)/include \
62 -+ -isystem include/generated \
63 - -include include/linux/autoconf.h
64 -
65 - KBUILD_CPPFLAGS := -D__KERNEL__
66 -@@ -376,8 +378,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn --exc
67 +@@ -376,8 +377,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn --exc
68 # Rules shared between *config targets and build targets
69
70 # Basic helpers built in scripts/
71 @@ -252,32 +239,16 @@ index 3a9a721..563f9e9 100644
72 $(Q)$(MAKE) $(build)=scripts/basic
73
74 # To avoid any implicit rule to kick in, define an empty command.
75 -@@ -403,8 +405,8 @@ endif
76 +@@ -403,7 +404,7 @@ endif
77 # of make so .config is not included in this case either (for *config).
78
79 no-dot-config-targets := clean mrproper distclean \
80 - cscope TAGS tags help %docs check% \
81 -- include/linux/version.h headers_% \
82 + cscope gtags TAGS tags help %docs check% \
83 -+ include/generated/linux/version.h headers_% \
84 + include/linux/version.h headers_% \
85 kernelrelease kernelversion
86
87 - config-targets := 0
88 -@@ -447,11 +449,11 @@ include $(srctree)/arch/$(SRCARCH)/Makefile
89 - export KBUILD_DEFCONFIG KBUILD_KCONFIG
90 -
91 - config: scripts_basic outputmakefile FORCE
92 -- $(Q)mkdir -p include/linux include/config
93 -+ $(Q)mkdir -p include/generated/linux include/config
94 - $(Q)$(MAKE) $(build)=scripts/kconfig $@
95 -
96 - %config: scripts_basic outputmakefile FORCE
97 -- $(Q)mkdir -p include/linux include/config
98 -+ $(Q)mkdir -p include/generated/linux include/config
99 - $(Q)$(MAKE) $(build)=scripts/kconfig $@
100 -
101 - else
102 -@@ -526,6 +528,55 @@ else
103 +@@ -526,6 +527,55 @@ else
104 KBUILD_CFLAGS += -O2
105 endif
106
107 @@ -333,7 +304,7 @@ index 3a9a721..563f9e9 100644
108 include $(srctree)/arch/$(SRCARCH)/Makefile
109
110 ifneq ($(CONFIG_FRAME_WARN),0)
111 -@@ -647,7 +698,7 @@ export mod_strip_cmd
112 +@@ -647,7 +697,7 @@ export mod_strip_cmd
113
114
115 ifeq ($(KBUILD_EXTMOD),)
116 @@ -342,7 +313,7 @@ index 3a9a721..563f9e9 100644
117
118 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
119 $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
120 -@@ -868,6 +919,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
121 +@@ -868,6 +918,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
122
123 # The actual objects are generated when descending,
124 # make sure no implicit rule kicks in
125 @@ -351,7 +322,7 @@ index 3a9a721..563f9e9 100644
126 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
127
128 # Handle descending into subdirectories listed in $(vmlinux-dirs)
129 -@@ -877,7 +930,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
130 +@@ -877,7 +929,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
131 # Error messages still appears in the original language
132
133 PHONY += $(vmlinux-dirs)
134 @@ -360,23 +331,7 @@ index 3a9a721..563f9e9 100644
135 $(Q)$(MAKE) $(build)=$@
136
137 # Build the kernel release string
138 -@@ -970,12 +1023,14 @@ ifneq ($(KBUILD_SRC),)
139 - mkdir -p include2; \
140 - ln -fsn $(srctree)/include/asm-$(SRCARCH) include2/asm; \
141 - fi
142 -+ $(Q)for dir in $(srctree)/include/* ; do ln -fsn $$dir include/`basename $$dir` ; done
143 -+ $(Q)ln -fsn $(srctree)/arch/$(SRCARCH)/include/asm arch/$(SRCARCH)/include;
144 - endif
145 -
146 - # prepare2 creates a makefile if using a separate output directory
147 - prepare2: prepare3 outputmakefile
148 -
149 --prepare1: prepare2 include/linux/version.h include/linux/utsrelease.h \
150 -+prepare1: prepare2 include/generated/linux/version.h include/linux/utsrelease.h \
151 - include/asm include/config/auto.conf
152 - $(cmd_crmodverdir)
153 -
154 -@@ -986,6 +1041,7 @@ prepare0: archprepare FORCE
155 +@@ -986,6 +1038,7 @@ prepare0: archprepare FORCE
156 $(Q)$(MAKE) $(build)=. missing-syscalls
157
158 # All the preparing..
159 @@ -384,25 +339,7 @@ index 3a9a721..563f9e9 100644
160 prepare: prepare0
161
162 # The asm symlink changes when $(ARCH) changes.
163 -@@ -1045,7 +1101,7 @@ define filechk_version.h
164 - echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))';)
165 - endef
166 -
167 --include/linux/version.h: $(srctree)/Makefile FORCE
168 -+include/generated/linux/version.h: $(srctree)/Makefile FORCE
169 - $(call filechk,version.h)
170 -
171 - include/linux/utsrelease.h: include/config/kernel.release FORCE
172 -@@ -1088,7 +1144,7 @@ hdr-dir = $(strip \
173 - hdr-dst = $(if $(KBUILD_HEADERS), dst=include/asm-$(hdr-arch), dst=include/asm)
174 -
175 - PHONY += __headers
176 --__headers: include/linux/version.h scripts_basic FORCE
177 -+__headers: include/generated/linux/version.h scripts_basic FORCE
178 - $(Q)$(MAKE) $(build)=scripts scripts/unifdef
179 -
180 - PHONY += headers_install_all
181 -@@ -1127,6 +1183,8 @@ all: modules
182 +@@ -1127,6 +1180,8 @@ all: modules
183 # using awk while concatenating to the final file.
184
185 PHONY += modules
186 @@ -411,7 +348,7 @@ index 3a9a721..563f9e9 100644
187 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux)
188 $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
189 @$(kecho) ' Building modules, stage 2.';
190 -@@ -1136,7 +1194,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux)
191 +@@ -1136,7 +1191,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux)
192
193 # Target to prepare building external modules
194 PHONY += modules_prepare
195 @@ -420,12 +357,8 @@ index 3a9a721..563f9e9 100644
196
197 # Target to install modules
198 PHONY += modules_install
199 -@@ -1198,10 +1256,10 @@ CLEAN_FILES += vmlinux System.map \
200 - # Directories & files removed with 'make mrproper'
201 - MRPROPER_DIRS += include/config include2 usr/include include/generated
202 - MRPROPER_FILES += .config .config.old include/asm .version .old_version \
203 -- include/linux/autoconf.h include/linux/version.h \
204 -+ include/linux/autoconf.h include/generated/linux/version.h \
205 +@@ -1201,7 +1256,7 @@ MRPROPER_FILES += .config .config.old include/asm .version .old_version \
206 + include/linux/autoconf.h include/linux/version.h \
207 include/linux/utsrelease.h \
208 include/linux/bounds.h include/asm*/asm-offsets.h \
209 - Module.symvers Module.markers tags TAGS cscope*
210 @@ -433,7 +366,7 @@ index 3a9a721..563f9e9 100644
211
212 # clean - Delete most, but leave enough to build external modules
213 #
214 -@@ -1245,7 +1303,7 @@ distclean: mrproper
215 +@@ -1245,7 +1300,7 @@ distclean: mrproper
216 @find $(srctree) $(RCS_FIND_IGNORE) \
217 \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
218 -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
219 @@ -442,7 +375,7 @@ index 3a9a721..563f9e9 100644
220 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
221 -type f -print | xargs rm -f
222
223 -@@ -1292,6 +1350,7 @@ help:
224 +@@ -1292,6 +1347,7 @@ help:
225 @echo ' modules_prepare - Set up for building external modules'
226 @echo ' tags/TAGS - Generate tags file for editors'
227 @echo ' cscope - Generate cscope index'
228 @@ -450,7 +383,7 @@ index 3a9a721..563f9e9 100644
229 @echo ' kernelrelease - Output the release version string'
230 @echo ' kernelversion - Output the version stored in Makefile'
231 @echo ' headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \
232 -@@ -1393,6 +1452,8 @@ PHONY += $(module-dirs) modules
233 +@@ -1393,6 +1449,8 @@ PHONY += $(module-dirs) modules
234 $(module-dirs): crmodverdir $(objtree)/Module.symvers
235 $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
236
237 @@ -459,7 +392,7 @@ index 3a9a721..563f9e9 100644
238 modules: $(module-dirs)
239 @$(kecho) ' Building modules, stage 2.';
240 $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
241 -@@ -1448,7 +1509,7 @@ endif # KBUILD_EXTMOD
242 +@@ -1448,7 +1506,7 @@ endif # KBUILD_EXTMOD
243 quiet_cmd_tags = GEN $@
244 cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@
245
246 @@ -468,7 +401,7 @@ index 3a9a721..563f9e9 100644
247 $(call cmd,tags)
248
249 # Scripts to check various things for consistency
250 -@@ -1513,17 +1574,21 @@ else
251 +@@ -1513,17 +1571,21 @@ else
252 target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
253 endif
254
255 @@ -494,7 +427,7 @@ index 3a9a721..563f9e9 100644
256 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
257 %.symtypes: %.c prepare scripts FORCE
258 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
259 -@@ -1533,11 +1598,15 @@ endif
260 +@@ -1533,11 +1595,15 @@ endif
261 $(cmd_crmodverdir)
262 $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
263 $(build)=$(build-dir)
264 @@ -26865,7 +26798,7 @@ index f46c3407..f7e72b0 100644
265 }
266 if (mm->get_unmapped_area == arch_get_unmapped_area)
267 diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
268 -index 73ffd55..10ae23f 100644
269 +index 73ffd55..e2f0e1d 100644
270 --- a/arch/x86/mm/init.c
271 +++ b/arch/x86/mm/init.c
272 @@ -13,6 +13,7 @@
273 @@ -26931,7 +26864,7 @@ index 73ffd55..10ae23f 100644
274 if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
275 return 0;
276 if (!page_is_ram(pagenr))
277 -@@ -377,8 +396,116 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
278 +@@ -377,8 +396,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
279 #endif
280 }
281
282 @@ -26948,7 +26881,7 @@ index 73ffd55..10ae23f 100644
283 + }
284 + if (ebda_addr && ebda_size) {
285 + ebda_start = ebda_addr >> PAGE_SHIFT;
286 -+ ebda_end = min(PAGE_ALIGN(ebda_addr + ebda_size), 0xa0000) >> PAGE_SHIFT;
287 ++ ebda_end = min((unsigned int)PAGE_ALIGN(ebda_addr + ebda_size), (unsigned int)0xa0000) >> PAGE_SHIFT;
288 + } else {
289 + ebda_start = 0x9f000 >> PAGE_SHIFT;
290 + ebda_end = 0xa0000 >> PAGE_SHIFT;
291 @@ -26968,6 +26901,12 @@ index 73ffd55..10ae23f 100644
292 + int cpu;
293 +#endif
294 +#endif
295 ++#ifndef CONFIG_X86_PAE
296 ++ pgd_t *pgd;
297 ++ pud_t *pud;
298 ++ pmd_t *pmd;
299 ++ unsigned long addr, end;
300 ++#endif
301 +
302 + gr_init_ebda();
303 +
304 @@ -27011,11 +26950,6 @@ index 73ffd55..10ae23f 100644
305 +#endif
306 +
307 +#else
308 -+ pgd_t *pgd;
309 -+ pud_t *pud;
310 -+ pmd_t *pmd;
311 -+ unsigned long addr, end;
312 -+
313 + /* PaX: make kernel code/rodata read-only, rest non-executable */
314 + for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
315 + pgd = pgd_offset_k(addr);
316 @@ -32606,6 +32540,25 @@ index 989429c..2272b00 100644
317 .name = memory_uevent_name,
318 .uevent = memory_uevent,
319 };
320 +diff --git a/drivers/base/node.c b/drivers/base/node.c
321 +index 1fe5536..6c2ca13 100644
322 +--- a/drivers/base/node.c
323 ++++ b/drivers/base/node.c
324 +@@ -390,11 +390,9 @@ static ssize_t print_nodes_state(enum node_states state, char *buf)
325 + {
326 + int n;
327 +
328 +- n = nodelist_scnprintf(buf, PAGE_SIZE, node_states[state]);
329 +- if (n > 0 && PAGE_SIZE > n + 1) {
330 +- *(buf + n++) = '\n';
331 +- *(buf + n++) = '\0';
332 +- }
333 ++ n = nodelist_scnprintf(buf, PAGE_SIZE-2, node_states[state]);
334 ++ buf[n++] = '\n';
335 ++ buf[n] = '\0';
336 + return n;
337 + }
338 +
339 diff --git a/drivers/base/sys.c b/drivers/base/sys.c
340 index 3f202f7..61c4a6f 100644
341 --- a/drivers/base/sys.c
342 @@ -91654,7 +91607,7 @@ index 0f8fae3..66af9b1 100644
343 get_task_struct(p);
344 read_unlock(&tasklist_lock);
345 diff --git a/kernel/fork.c b/kernel/fork.c
346 -index 4bde56f..8976a8f 100644
347 +index 4bde56f..8f14dad 100644
348 --- a/kernel/fork.c
349 +++ b/kernel/fork.c
350 @@ -253,7 +253,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
351 @@ -91677,6 +91630,15 @@ index 4bde56f..8976a8f 100644
352 mm->map_count = 0;
353 cpumask_clear(mm_cpumask(mm));
354 mm->mm_rb = RB_ROOT;
355 +@@ -318,7 +318,7 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
356 + }
357 + charge = 0;
358 + if (mpnt->vm_flags & VM_ACCOUNT) {
359 +- unsigned int len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
360 ++ unsigned long len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
361 + if (security_vm_enough_memory(len))
362 + goto fail_nomem;
363 + charge = len;
364 @@ -335,6 +335,7 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
365 tmp->vm_flags &= ~VM_LOCKED;
366 tmp->vm_mm = mm;
367 @@ -96277,7 +96239,7 @@ index 9c1e627..5ca9447 100644
368 set_page_address(page, (void *)vaddr);
369
370 diff --git a/mm/hugetlb.c b/mm/hugetlb.c
371 -index 5e1e508..f6cc035 100644
372 +index 5e1e508..bd43b5e 100644
373 --- a/mm/hugetlb.c
374 +++ b/mm/hugetlb.c
375 @@ -1694,6 +1694,15 @@ static void hugetlb_vm_op_open(struct vm_area_struct *vma)
376 @@ -96414,12 +96376,13 @@ index 5e1e508..f6cc035 100644
377 }
378
379 /*
380 -@@ -2423,6 +2487,9 @@ int hugetlb_reserve_pages(struct inode *inode,
381 +@@ -2423,6 +2487,10 @@ int hugetlb_reserve_pages(struct inode *inode,
382 if (!vma || vma->vm_flags & VM_MAYSHARE)
383 region_add(&inode->i_mapping->private_list, from, to);
384 return 0;
385 +out_err:
386 -+ resv_map_put(vma);
387 ++ if (vma)
388 ++ resv_map_put(vma);
389 + return ret;
390 }
391
392 @@ -100145,7 +100108,7 @@ index e48b493..24a601d 100644
393 mm->unmap_area = arch_unmap_area;
394 }
395 diff --git a/mm/vmalloc.c b/mm/vmalloc.c
396 -index f34ffd0..1a7ff39 100644
397 +index f34ffd0..6a3753d 100644
398 --- a/mm/vmalloc.c
399 +++ b/mm/vmalloc.c
400 @@ -40,8 +40,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
401 @@ -100375,6 +100338,17 @@ index f34ffd0..1a7ff39 100644
402 if ((PAGE_SIZE-1) & (unsigned long)addr)
403 return -EINVAL;
404
405 +@@ -2250,8 +2323,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets,
406 + return NULL;
407 + }
408 +
409 +- vms = kzalloc(sizeof(vms[0]) * nr_vms, gfp_mask);
410 +- vas = kzalloc(sizeof(vas[0]) * nr_vms, gfp_mask);
411 ++ vms = kcalloc(nr_vms, sizeof(vms[0]), gfp_mask);
412 ++ vas = kcalloc(nr_vms, sizeof(vas[0]), gfp_mask);
413 + if (!vas || !vms)
414 + goto err_free;
415 +
416 diff --git a/mm/vmstat.c b/mm/vmstat.c
417 index 42d76c6..5643dc4 100644
418 --- a/mm/vmstat.c
419 @@ -101448,6 +101422,19 @@ index f095659..537313b 100644
420 if (get_user(len, optlen))
421 return -EFAULT;
422
423 +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
424 +index ce1ce82..8825bcd 100644
425 +--- a/net/ipv4/tcp_input.c
426 ++++ b/net/ipv4/tcp_input.c
427 +@@ -5632,6 +5632,8 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
428 + goto discard;
429 +
430 + if (th->syn) {
431 ++ if (th->fin)
432 ++ goto discard;
433 + if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
434 + return 1;
435 +
436 diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
437 index 6fc7961..33bad4a 100644
438 --- a/net/ipv4/tcp_ipv4.c
439 @@ -104255,29 +104242,6 @@ index 1ac414f..a1c1451 100644
440 # Remove .so files from "xxx-objs"
441 host-cobjs := $(filter-out %.so,$(host-cobjs))
442
443 -diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
444 -index ffdafb2..4a55d60 100644
445 ---- a/scripts/Makefile.lib
446 -+++ b/scripts/Makefile.lib
447 -@@ -145,15 +145,15 @@ __a_flags = $(call flags,_a_flags)
448 - __cpp_flags = $(call flags,_cpp_flags)
449 - endif
450 -
451 --c_flags = -Wp,-MD,$(depfile) $(NOSTDINC_FLAGS) $(LINUXINCLUDE) \
452 -+c_flags = -Wp,-MD,$(depfile) $(LINUXINCLUDE) $(NOSTDINC_FLAGS) \
453 - $(__c_flags) $(modkern_cflags) \
454 - -D"KBUILD_STR(s)=\#s" $(basename_flags) $(modname_flags) \
455 - $(debug_flags)
456 -
457 --a_flags = -Wp,-MD,$(depfile) $(NOSTDINC_FLAGS) $(LINUXINCLUDE) \
458 -+a_flags = -Wp,-MD,$(depfile) $(LINUXINCLUDE) $(NOSTDINC_FLAGS) \
459 - $(__a_flags) $(modkern_aflags)
460 -
461 --cpp_flags = -Wp,-MD,$(depfile) $(NOSTDINC_FLAGS) $(LINUXINCLUDE) \
462 -+cpp_flags = -Wp,-MD,$(depfile) $(LINUXINCLUDE) $(NOSTDINC_FLAGS) \
463 - $(__cpp_flags)
464 -
465 - ld_flags = $(LDFLAGS) $(ldflags-y)
466 diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c
467 index 6bf21f8..c0546b3 100644
468 --- a/scripts/basic/fixdep.c
469 @@ -106885,10 +106849,10 @@ index 0000000..ee950d0
470 +}
471 diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
472 new file mode 100644
473 -index 0000000..88a7438
474 +index 0000000..89b7f56
475 --- /dev/null
476 +++ b/tools/gcc/constify_plugin.c
477 -@@ -0,0 +1,303 @@
478 +@@ -0,0 +1,328 @@
479 +/*
480 + * Copyright 2011 by Emese Revfy <re.emese@×××××.com>
481 + * Copyright 2011 by PaX Team <pageexec@××××××××.hu>
482 @@ -106929,24 +106893,47 @@ index 0000000..88a7438
483 +int plugin_is_GPL_compatible;
484 +
485 +static struct plugin_info const_plugin_info = {
486 -+ .version = "201111150100",
487 ++ .version = "201205300030",
488 + .help = "no-constify\tturn off constification\n",
489 +};
490 +
491 -+static void constify_type(tree type);
492 -+static bool walk_struct(tree node);
493 ++static void deconstify_tree(tree node);
494 ++
495 ++static void deconstify_type(tree type)
496 ++{
497 ++ tree field;
498 ++
499 ++ for (field = TYPE_FIELDS(type); field; field = TREE_CHAIN(field)) {
500 ++ tree type = TREE_TYPE(field);
501 ++
502 ++ if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE)
503 ++ continue;
504 ++ if (!TYPE_READONLY(type))
505 ++ continue;
506 ++
507 ++ deconstify_tree(field);
508 ++ }
509 ++ TYPE_READONLY(type) = 0;
510 ++ C_TYPE_FIELDS_READONLY(type) = 0;
511 ++}
512 +
513 -+static tree deconstify_type(tree old_type)
514 ++static void deconstify_tree(tree node)
515 +{
516 -+ tree new_type, field;
517 ++ tree old_type, new_type, field;
518 ++
519 ++ old_type = TREE_TYPE(node);
520 ++
521 ++ gcc_assert(TYPE_READONLY(old_type) && (TYPE_QUALS(old_type) & TYPE_QUAL_CONST));
522 +
523 + new_type = build_qualified_type(old_type, TYPE_QUALS(old_type) & ~TYPE_QUAL_CONST);
524 + TYPE_FIELDS(new_type) = copy_list(TYPE_FIELDS(new_type));
525 + for (field = TYPE_FIELDS(new_type); field; field = TREE_CHAIN(field))
526 + DECL_FIELD_CONTEXT(field) = new_type;
527 -+ TYPE_READONLY(new_type) = 0;
528 -+ C_TYPE_FIELDS_READONLY(new_type) = 0;
529 -+ return new_type;
530 ++
531 ++ deconstify_type(new_type);
532 ++
533 ++ TREE_READONLY(node) = 0;
534 ++ TREE_TYPE(node) = new_type;
535 +}
536 +
537 +static tree handle_no_const_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
538 @@ -106990,14 +106977,19 @@ index 0000000..88a7438
539 + }
540 +
541 + if (TREE_CODE(*node) == TYPE_DECL) {
542 -+ TREE_TYPE(*node) = deconstify_type(type);
543 -+ TREE_READONLY(*node) = 0;
544 ++ deconstify_tree(*node);
545 + return NULL_TREE;
546 + }
547 +
548 + return NULL_TREE;
549 +}
550 +
551 ++static void constify_type(tree type)
552 ++{
553 ++ TYPE_READONLY(type) = 1;
554 ++ C_TYPE_FIELDS_READONLY(type) = 1;
555 ++}
556 ++
557 +static tree handle_do_const_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
558 +{
559 + *no_add_attrs = true;
560 @@ -107048,12 +107040,6 @@ index 0000000..88a7438
561 + register_attribute(&do_const_attr);
562 +}
563 +
564 -+static void constify_type(tree type)
565 -+{
566 -+ TYPE_READONLY(type) = 1;
567 -+ C_TYPE_FIELDS_READONLY(type) = 1;
568 -+}
569 -+
570 +static bool is_fptr(tree field)
571 +{
572 + tree ptr = TREE_TYPE(field);
573 @@ -107068,11 +107054,14 @@ index 0000000..88a7438
574 +{
575 + tree field;
576 +
577 -+ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(node)))
578 ++ if (TYPE_FIELDS(node) == NULL_TREE)
579 + return false;
580 +
581 -+ if (TYPE_FIELDS(node) == NULL_TREE)
582 ++ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(node))) {
583 ++ gcc_assert(!TYPE_READONLY(node));
584 ++ deconstify_type(node);
585 + return false;
586 ++ }
587 +
588 + for (field = TYPE_FIELDS(node); field; field = TREE_CHAIN(field)) {
589 + tree type = TREE_TYPE(field);
590 @@ -118457,7 +118446,7 @@ index 0000000..6e18418
591 +};
592 diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
593 new file mode 100644
594 -index 0000000..b378515
595 +index 0000000..555bf8d
596 --- /dev/null
597 +++ b/tools/gcc/size_overflow_plugin.c
598 @@ -0,0 +1,1185 @@
599 @@ -118680,7 +118669,7 @@ index 0000000..b378515
600 + const char *curfunc = NAME(func);
601 +
602 + new_hash = get_hash_num(curfunc, filename, 0);
603 -+ inform(loc, "Function %s is missing from the size_overflow hash table +%s+%d+%u+%s+", curfunc, curfunc, argnum, new_hash, filename);
604 ++// inform(loc, "Function %s is missing from the size_overflow hash table +%s+%d+%u+%s+", curfunc, curfunc, argnum, new_hash, filename);
605 +}
606 +
607 +static void check_missing_attribute(tree arg)
608
609 diff --git a/3.2.18/0000_README b/3.2.18/0000_README
610 index 54c0168..9daad3a 100644
611 --- a/3.2.18/0000_README
612 +++ b/3.2.18/0000_README
613 @@ -10,7 +10,7 @@ Patch: 1017_linux-3.2.18.patch
614 From: http://www.kernel.org
615 Desc: Linux 3.2.18
616
617 -Patch: 4420_grsecurity-2.9-3.2.18-201205271952.patch
618 +Patch: 4420_grsecurity-2.9-3.2.18-201206011935.patch
619 From: http://www.grsecurity.net
620 Desc: hardened-sources base patch from upstream grsecurity
621
622
623 diff --git a/3.2.18/4420_grsecurity-2.9-3.2.18-201205271952.patch b/3.2.18/4420_grsecurity-2.9-3.2.18-201206011935.patch
624 similarity index 99%
625 rename from 3.2.18/4420_grsecurity-2.9-3.2.18-201205271952.patch
626 rename to 3.2.18/4420_grsecurity-2.9-3.2.18-201206011935.patch
627 index 19b4d90..e73e583 100644
628 --- a/3.2.18/4420_grsecurity-2.9-3.2.18-201205271952.patch
629 +++ b/3.2.18/4420_grsecurity-2.9-3.2.18-201206011935.patch
630 @@ -195,7 +195,7 @@ index 81c287f..d456d02 100644
631
632 pcd. [PARIDE]
633 diff --git a/Makefile b/Makefile
634 -index add68f1..07ef80b 100644
635 +index add68f1..3fac8b3 100644
636 --- a/Makefile
637 +++ b/Makefile
638 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
639 @@ -210,19 +210,6 @@ index add68f1..07ef80b 100644
640
641 # Decide whether to build built-in, modular, or both.
642 # Normally, just do built-in.
643 -@@ -357,9 +358,9 @@ CFLAGS_GCOV = -fprofile-arcs -ftest-coverage
644 -
645 - # Use LINUXINCLUDE when you must reference the include/ directory.
646 - # Needed to be compatible with the O= option
647 --LINUXINCLUDE := -I$(srctree)/arch/$(hdr-arch)/include \
648 -- -Iarch/$(hdr-arch)/include/generated -Iinclude \
649 -- $(if $(KBUILD_SRC), -I$(srctree)/include) \
650 -+LINUXINCLUDE := -isystem arch/$(hdr-arch)/include \
651 -+ -isystem arch/$(hdr-arch)/include/generated -isystem include \
652 -+ -isystem include/generated \
653 - -include $(srctree)/include/linux/kconfig.h
654 -
655 - KBUILD_CPPFLAGS := -D__KERNEL__
656 @@ -407,8 +408,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn --exc
657 # Rules shared between *config targets and build targets
658
659 @@ -234,29 +221,6 @@ index add68f1..07ef80b 100644
660 $(Q)$(MAKE) $(build)=scripts/basic
661 $(Q)rm -f .tmp_quiet_recordmcount
662
663 -@@ -442,7 +443,7 @@ asm-generic:
664 -
665 - no-dot-config-targets := clean mrproper distclean \
666 - cscope gtags TAGS tags help %docs check% coccicheck \
667 -- include/linux/version.h headers_% \
668 -+ include/generated/linux/version.h headers_% \
669 - kernelversion %src-pkg
670 -
671 - config-targets := 0
672 -@@ -485,11 +486,11 @@ include $(srctree)/arch/$(SRCARCH)/Makefile
673 - export KBUILD_DEFCONFIG KBUILD_KCONFIG
674 -
675 - config: scripts_basic outputmakefile FORCE
676 -- $(Q)mkdir -p include/linux include/config
677 -+ $(Q)mkdir -p include/generated/linux include/config
678 - $(Q)$(MAKE) $(build)=scripts/kconfig $@
679 -
680 - %config: scripts_basic outputmakefile FORCE
681 -- $(Q)mkdir -p include/linux include/config
682 -+ $(Q)mkdir -p include/generated/linux include/config
683 - $(Q)$(MAKE) $(build)=scripts/kconfig $@
684 -
685 - else
686 @@ -564,6 +565,55 @@ else
687 KBUILD_CFLAGS += -O2
688 endif
689 @@ -340,23 +304,7 @@ index add68f1..07ef80b 100644
690 $(Q)$(MAKE) $(build)=$@
691
692 # Store (new) KERNELRELASE string in include/config/kernel.release
693 -@@ -970,12 +1022,14 @@ ifneq ($(KBUILD_SRC),)
694 - echo " in the '$(srctree)' directory.";\
695 - /bin/false; \
696 - fi;
697 -+ $(Q)for dir in $(srctree)/include/* ; do ln -fsn $$dir include/`basename $$dir` ; done
698 -+ $(Q)ln -fsn $(srctree)/arch/$(SRCARCH)/include/asm arch/$(SRCARCH)/include;
699 - endif
700 -
701 - # prepare2 creates a makefile if using a separate output directory
702 - prepare2: prepare3 outputmakefile asm-generic
703 -
704 --prepare1: prepare2 include/linux/version.h include/generated/utsrelease.h \
705 -+prepare1: prepare2 include/generated/linux/version.h include/generated/utsrelease.h \
706 - include/config/auto.conf
707 - $(cmd_crmodverdir)
708 -
709 -@@ -985,6 +1039,7 @@ prepare0: archprepare FORCE
710 +@@ -985,6 +1037,7 @@ prepare0: archprepare FORCE
711 $(Q)$(MAKE) $(build)=.
712
713 # All the preparing..
714 @@ -364,25 +312,7 @@ index add68f1..07ef80b 100644
715 prepare: prepare0
716
717 # Generate some files
718 -@@ -1008,7 +1063,7 @@ define filechk_version.h
719 - echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))';)
720 - endef
721 -
722 --include/linux/version.h: $(srctree)/Makefile FORCE
723 -+include/generated/linux/version.h: $(srctree)/Makefile FORCE
724 - $(call filechk,version.h)
725 -
726 - include/generated/utsrelease.h: include/config/kernel.release FORCE
727 -@@ -1047,7 +1102,7 @@ hdr-inst := -rR -f $(srctree)/scripts/Makefile.headersinst obj
728 - hdr-dst = $(if $(KBUILD_HEADERS), dst=include/asm-$(hdr-arch), dst=include/asm)
729 -
730 - PHONY += __headers
731 --__headers: include/linux/version.h scripts_basic asm-generic FORCE
732 -+__headers: include/generated/linux/version.h scripts_basic asm-generic FORCE
733 - $(Q)$(MAKE) $(build)=scripts build_unifdef
734 -
735 - PHONY += headers_install_all
736 -@@ -1086,6 +1141,8 @@ all: modules
737 +@@ -1086,6 +1139,8 @@ all: modules
738 # using awk while concatenating to the final file.
739
740 PHONY += modules
741 @@ -391,7 +321,7 @@ index add68f1..07ef80b 100644
742 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
743 $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
744 @$(kecho) ' Building modules, stage 2.';
745 -@@ -1101,7 +1158,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
746 +@@ -1101,7 +1156,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
747
748 # Target to prepare building external modules
749 PHONY += modules_prepare
750 @@ -400,16 +330,7 @@ index add68f1..07ef80b 100644
751
752 # Target to install modules
753 PHONY += modules_install
754 -@@ -1160,7 +1217,7 @@ CLEAN_FILES += vmlinux System.map \
755 - MRPROPER_DIRS += include/config usr/include include/generated \
756 - arch/*/include/generated
757 - MRPROPER_FILES += .config .config.old .version .old_version \
758 -- include/linux/version.h \
759 -+ include/generated/linux/version.h \
760 - Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS
761 -
762 - # clean - Delete most, but leave enough to build external modules
763 -@@ -1198,6 +1255,7 @@ distclean: mrproper
764 +@@ -1198,6 +1253,7 @@ distclean: mrproper
765 \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
766 -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
767 -o -name '.*.rej' \
768 @@ -417,7 +338,7 @@ index add68f1..07ef80b 100644
769 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
770 -type f -print | xargs rm -f
771
772 -@@ -1358,6 +1416,8 @@ PHONY += $(module-dirs) modules
773 +@@ -1358,6 +1414,8 @@ PHONY += $(module-dirs) modules
774 $(module-dirs): crmodverdir $(objtree)/Module.symvers
775 $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
776
777 @@ -426,7 +347,7 @@ index add68f1..07ef80b 100644
778 modules: $(module-dirs)
779 @$(kecho) ' Building modules, stage 2.';
780 $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
781 -@@ -1484,17 +1544,21 @@ else
782 +@@ -1484,17 +1542,21 @@ else
783 target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
784 endif
785
786 @@ -452,7 +373,7 @@ index add68f1..07ef80b 100644
787 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
788 %.symtypes: %.c prepare scripts FORCE
789 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
790 -@@ -1504,11 +1568,15 @@ endif
791 +@@ -1504,11 +1566,15 @@ endif
792 $(cmd_crmodverdir)
793 $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
794 $(build)=$(build-dir)
795 @@ -24812,7 +24733,7 @@ index f581a18..a269cab 100644
796 }
797 if (mm->get_unmapped_area == arch_get_unmapped_area)
798 diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
799 -index 87488b9..6371e97 100644
800 +index 87488b9..f6222dc 100644
801 --- a/arch/x86/mm/init.c
802 +++ b/arch/x86/mm/init.c
803 @@ -15,6 +15,8 @@
804 @@ -24872,7 +24793,7 @@ index 87488b9..6371e97 100644
805 if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
806 return 0;
807 if (!page_is_ram(pagenr))
808 -@@ -370,8 +399,116 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
809 +@@ -370,8 +399,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
810 #endif
811 }
812
813 @@ -24889,7 +24810,7 @@ index 87488b9..6371e97 100644
814 + }
815 + if (ebda_addr && ebda_size) {
816 + ebda_start = ebda_addr >> PAGE_SHIFT;
817 -+ ebda_end = min(PAGE_ALIGN(ebda_addr + ebda_size), 0xa0000) >> PAGE_SHIFT;
818 ++ ebda_end = min((unsigned int)PAGE_ALIGN(ebda_addr + ebda_size), (unsigned int)0xa0000) >> PAGE_SHIFT;
819 + } else {
820 + ebda_start = 0x9f000 >> PAGE_SHIFT;
821 + ebda_end = 0xa0000 >> PAGE_SHIFT;
822 @@ -24909,6 +24830,12 @@ index 87488b9..6371e97 100644
823 + int cpu;
824 +#endif
825 +#endif
826 ++#ifndef CONFIG_X86_PAE
827 ++ pgd_t *pgd;
828 ++ pud_t *pud;
829 ++ pmd_t *pmd;
830 ++ unsigned long addr, end;
831 ++#endif
832 +
833 + gr_init_ebda();
834 +
835 @@ -24952,11 +24879,6 @@ index 87488b9..6371e97 100644
836 +#endif
837 +
838 +#else
839 -+ pgd_t *pgd;
840 -+ pud_t *pud;
841 -+ pmd_t *pmd;
842 -+ unsigned long addr, end;
843 -+
844 + /* PaX: make kernel code/rodata read-only, rest non-executable */
845 + for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
846 + pgd = pgd_offset_k(addr);
847 @@ -28801,6 +28723,25 @@ index a4760e0..51283cf 100644
848 if (err)
849 printk(KERN_INFO "devtmpfs: error mounting %i\n", err);
850 else
851 +diff --git a/drivers/base/node.c b/drivers/base/node.c
852 +index 5693ece..ef7c1f9 100644
853 +--- a/drivers/base/node.c
854 ++++ b/drivers/base/node.c
855 +@@ -587,11 +587,9 @@ static ssize_t print_nodes_state(enum node_states state, char *buf)
856 + {
857 + int n;
858 +
859 +- n = nodelist_scnprintf(buf, PAGE_SIZE, node_states[state]);
860 +- if (n > 0 && PAGE_SIZE > n + 1) {
861 +- *(buf + n++) = '\n';
862 +- *(buf + n++) = '\0';
863 +- }
864 ++ n = nodelist_scnprintf(buf, PAGE_SIZE-2, node_states[state]);
865 ++ buf[n++] = '\n';
866 ++ buf[n] = '\0';
867 + return n;
868 + }
869 +
870 diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
871 index caf995f..6f76697 100644
872 --- a/drivers/base/power/wakeup.c
873 @@ -33422,6 +33363,19 @@ index 1f355bb..43f1fea 100644
874 return -EFAULT;
875 } else
876 memcpy(msg, buf, count);
877 +diff --git a/drivers/leds/leds-mc13783.c b/drivers/leds/leds-mc13783.c
878 +index b3393a9..33f6979 100644
879 +--- a/drivers/leds/leds-mc13783.c
880 ++++ b/drivers/leds/leds-mc13783.c
881 +@@ -280,7 +280,7 @@ static int __devinit mc13783_led_probe(struct platform_device *pdev)
882 + return -EINVAL;
883 + }
884 +
885 +- led = kzalloc(sizeof(*led) * pdata->num_leds, GFP_KERNEL);
886 ++ led = kcalloc(pdata->num_leds, sizeof(*led), GFP_KERNEL);
887 + if (led == NULL) {
888 + dev_err(&pdev->dev, "failed to alloc memory\n");
889 + return -ENOMEM;
890 diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c
891 index b5fdcb7..5b6c59f 100644
892 --- a/drivers/lguest/core.c
893 @@ -63573,6 +63527,27 @@ index 58969b2..ead129b 100644
894
895 /**
896 * preempt_notifier - key for installing preemption notifiers
897 +diff --git a/include/linux/printk.h b/include/linux/printk.h
898 +index f0e22f7..82dd544 100644
899 +--- a/include/linux/printk.h
900 ++++ b/include/linux/printk.h
901 +@@ -94,6 +94,8 @@ void early_printk(const char *fmt, ...);
902 + extern int printk_needs_cpu(int cpu);
903 + extern void printk_tick(void);
904 +
905 ++extern int kptr_restrict;
906 ++
907 + #ifdef CONFIG_PRINTK
908 + asmlinkage __printf(1, 0)
909 + int vprintk(const char *fmt, va_list args);
910 +@@ -112,7 +114,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies,
911 +
912 + extern int printk_delay_msec;
913 + extern int dmesg_restrict;
914 +-extern int kptr_restrict;
915 +
916 + void log_buf_kexec_setup(void);
917 + void __init setup_log_buf(int early);
918 diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
919 index 643b96c..ef55a9c 100644
920 --- a/include/linux/proc_fs.h
921 @@ -66792,7 +66767,7 @@ index 5a8a66e..ded4680 100644
922 {
923 struct signal_struct *sig = current->signal;
924 diff --git a/kernel/fork.c b/kernel/fork.c
925 -index 26f1ab0..e483ce2 100644
926 +index 26f1ab0..30d564b 100644
927 --- a/kernel/fork.c
928 +++ b/kernel/fork.c
929 @@ -282,7 +282,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
930 @@ -66817,7 +66792,7 @@ index 26f1ab0..e483ce2 100644
931 +
932 + charge = 0;
933 + if (mpnt->vm_flags & VM_ACCOUNT) {
934 -+ unsigned int len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
935 ++ unsigned long len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
936 + if (security_vm_enough_memory(len))
937 + goto fail_nomem;
938 + charge = len;
939 @@ -69873,7 +69848,7 @@ index 481611f..0754d86 100644
940 break;
941 }
942 diff --git a/kernel/sysctl.c b/kernel/sysctl.c
943 -index ea7ec7f..57501f0 100644
944 +index ea7ec7f..5b76fb9 100644
945 --- a/kernel/sysctl.c
946 +++ b/kernel/sysctl.c
947 @@ -86,6 +86,13 @@
948 @@ -69890,7 +69865,18 @@ index ea7ec7f..57501f0 100644
949
950 /* External variables not in a header file. */
951 extern int sysctl_overcommit_memory;
952 -@@ -191,6 +198,7 @@ static int sysrq_sysctl_handler(ctl_table *table, int write,
953 +@@ -165,10 +172,8 @@ static int proc_taint(struct ctl_table *table, int write,
954 + void __user *buffer, size_t *lenp, loff_t *ppos);
955 + #endif
956 +
957 +-#ifdef CONFIG_PRINTK
958 + static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
959 + void __user *buffer, size_t *lenp, loff_t *ppos);
960 +-#endif
961 +
962 + #ifdef CONFIG_MAGIC_SYSRQ
963 + /* Note: sysrq code uses it's own private copy */
964 +@@ -191,6 +196,7 @@ static int sysrq_sysctl_handler(ctl_table *table, int write,
965 }
966
967 #endif
968 @@ -69898,7 +69884,7 @@ index ea7ec7f..57501f0 100644
969
970 static struct ctl_table root_table[];
971 static struct ctl_table_root sysctl_table_root;
972 -@@ -220,6 +228,20 @@ extern struct ctl_table epoll_table[];
973 +@@ -220,6 +226,20 @@ extern struct ctl_table epoll_table[];
974 int sysctl_legacy_va_layout;
975 #endif
976
977 @@ -69919,7 +69905,7 @@ index ea7ec7f..57501f0 100644
978 /* The default sysctl tables: */
979
980 static struct ctl_table root_table[] = {
981 -@@ -266,6 +288,22 @@ static int max_extfrag_threshold = 1000;
982 +@@ -266,6 +286,22 @@ static int max_extfrag_threshold = 1000;
983 #endif
984
985 static struct ctl_table kern_table[] = {
986 @@ -69942,7 +69928,7 @@ index ea7ec7f..57501f0 100644
987 {
988 .procname = "sched_child_runs_first",
989 .data = &sysctl_sched_child_runs_first,
990 -@@ -550,7 +588,7 @@ static struct ctl_table kern_table[] = {
991 +@@ -550,7 +586,7 @@ static struct ctl_table kern_table[] = {
992 .data = &modprobe_path,
993 .maxlen = KMOD_PATH_LEN,
994 .mode = 0644,
995 @@ -69951,7 +69937,7 @@ index ea7ec7f..57501f0 100644
996 },
997 {
998 .procname = "modules_disabled",
999 -@@ -717,16 +755,20 @@ static struct ctl_table kern_table[] = {
1000 +@@ -717,16 +753,20 @@ static struct ctl_table kern_table[] = {
1001 .extra1 = &zero,
1002 .extra2 = &one,
1003 },
1004 @@ -69973,7 +69959,7 @@ index ea7ec7f..57501f0 100644
1005 {
1006 .procname = "ngroups_max",
1007 .data = &ngroups_max,
1008 -@@ -1216,6 +1258,13 @@ static struct ctl_table vm_table[] = {
1009 +@@ -1216,6 +1256,13 @@ static struct ctl_table vm_table[] = {
1010 .proc_handler = proc_dointvec_minmax,
1011 .extra1 = &zero,
1012 },
1013 @@ -69987,7 +69973,7 @@ index ea7ec7f..57501f0 100644
1014 #else
1015 {
1016 .procname = "nr_trim_pages",
1017 -@@ -1720,6 +1769,17 @@ static int test_perm(int mode, int op)
1018 +@@ -1720,6 +1767,17 @@ static int test_perm(int mode, int op)
1019 int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, int op)
1020 {
1021 int mode;
1022 @@ -70005,7 +69991,7 @@ index ea7ec7f..57501f0 100644
1023
1024 if (root->permissions)
1025 mode = root->permissions(root, current->nsproxy, table);
1026 -@@ -2124,6 +2184,16 @@ int proc_dostring(struct ctl_table *table, int write,
1027 +@@ -2124,6 +2182,16 @@ int proc_dostring(struct ctl_table *table, int write,
1028 buffer, lenp, ppos);
1029 }
1030
1031 @@ -70022,7 +70008,7 @@ index ea7ec7f..57501f0 100644
1032 static size_t proc_skip_spaces(char **buf)
1033 {
1034 size_t ret;
1035 -@@ -2229,6 +2299,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
1036 +@@ -2229,6 +2297,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
1037 len = strlen(tmp);
1038 if (len > *size)
1039 len = *size;
1040 @@ -70031,7 +70017,23 @@ index ea7ec7f..57501f0 100644
1041 if (copy_to_user(*buf, tmp, len))
1042 return -EFAULT;
1043 *size -= len;
1044 -@@ -2545,8 +2617,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
1045 +@@ -2421,7 +2491,6 @@ static int proc_taint(struct ctl_table *table, int write,
1046 + return err;
1047 + }
1048 +
1049 +-#ifdef CONFIG_PRINTK
1050 + static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
1051 + void __user *buffer, size_t *lenp, loff_t *ppos)
1052 + {
1053 +@@ -2430,7 +2499,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
1054 +
1055 + return proc_dointvec_minmax(table, write, buffer, lenp, ppos);
1056 + }
1057 +-#endif
1058 +
1059 + struct do_proc_dointvec_minmax_conv_param {
1060 + int *min;
1061 +@@ -2545,8 +2613,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
1062 *i = val;
1063 } else {
1064 val = convdiv * (*i) / convmul;
1065 @@ -70044,7 +70046,7 @@ index ea7ec7f..57501f0 100644
1066 err = proc_put_long(&buffer, &left, val, false);
1067 if (err)
1068 break;
1069 -@@ -2941,6 +3016,12 @@ int proc_dostring(struct ctl_table *table, int write,
1070 +@@ -2941,6 +3012,12 @@ int proc_dostring(struct ctl_table *table, int write,
1071 return -ENOSYS;
1072 }
1073
1074 @@ -70057,7 +70059,7 @@ index ea7ec7f..57501f0 100644
1075 int proc_dointvec(struct ctl_table *table, int write,
1076 void __user *buffer, size_t *lenp, loff_t *ppos)
1077 {
1078 -@@ -2997,6 +3078,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
1079 +@@ -2997,6 +3074,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
1080 EXPORT_SYMBOL(proc_dointvec_userhz_jiffies);
1081 EXPORT_SYMBOL(proc_dointvec_ms_jiffies);
1082 EXPORT_SYMBOL(proc_dostring);
1083 @@ -70978,7 +70980,7 @@ index 0000000..7cd6065
1084 @@ -0,0 +1 @@
1085 +-grsec
1086 diff --git a/mm/Kconfig b/mm/Kconfig
1087 -index 011b110..b492af2 100644
1088 +index 011b110..fad8776 100644
1089 --- a/mm/Kconfig
1090 +++ b/mm/Kconfig
1091 @@ -241,10 +241,10 @@ config KSM
1092 @@ -70995,6 +70997,15 @@ index 011b110..b492af2 100644
1093 This is the portion of low virtual memory which should be protected
1094 from userspace allocation. Keeping a user from writing to low pages
1095 can help reduce the impact of kernel NULL pointer bugs.
1096 +@@ -274,7 +274,7 @@ config MEMORY_FAILURE
1097 +
1098 + config HWPOISON_INJECT
1099 + tristate "HWPoison pages injector"
1100 +- depends on MEMORY_FAILURE && DEBUG_KERNEL && PROC_FS
1101 ++ depends on MEMORY_FAILURE && DEBUG_KERNEL && PROC_FS && !GRKERNSEC
1102 + select PROC_PAGE_MONITOR
1103 +
1104 + config NOMMU_INITIAL_TRIM_EXCESS
1105 diff --git a/mm/filemap.c b/mm/filemap.c
1106 index 03c5b0e..a01e793 100644
1107 --- a/mm/filemap.c
1108 @@ -71075,7 +71086,7 @@ index 8f005e9..1cb1036 100644
1109 /* if an huge pmd materialized from under us just retry later */
1110 if (unlikely(pmd_trans_huge(*pmd)))
1111 diff --git a/mm/hugetlb.c b/mm/hugetlb.c
1112 -index 7120c2e..be2947e 100644
1113 +index 7120c2e..c8312c8 100644
1114 --- a/mm/hugetlb.c
1115 +++ b/mm/hugetlb.c
1116 @@ -2068,6 +2068,15 @@ static void hugetlb_vm_op_open(struct vm_area_struct *vma)
1117 @@ -71222,12 +71233,13 @@ index 7120c2e..be2947e 100644
1118 }
1119
1120 /*
1121 -@@ -2915,6 +2982,9 @@ int hugetlb_reserve_pages(struct inode *inode,
1122 +@@ -2915,6 +2982,10 @@ int hugetlb_reserve_pages(struct inode *inode,
1123 if (!vma || vma->vm_flags & VM_MAYSHARE)
1124 region_add(&inode->i_mapping->private_list, from, to);
1125 return 0;
1126 +out_err:
1127 -+ resv_map_put(vma);
1128 ++ if (vma)
1129 ++ resv_map_put(vma);
1130 + return ret;
1131 }
1132
1133 @@ -75156,7 +75168,7 @@ index 136ac4f..f917fa9 100644
1134 mm->unmap_area = arch_unmap_area;
1135 }
1136 diff --git a/mm/vmalloc.c b/mm/vmalloc.c
1137 -index 27be2f0..8535fe1 100644
1138 +index 27be2f0..879f150 100644
1139 --- a/mm/vmalloc.c
1140 +++ b/mm/vmalloc.c
1141 @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
1142 @@ -75344,6 +75356,17 @@ index 27be2f0..8535fe1 100644
1143 if ((PAGE_SIZE-1) & (unsigned long)addr)
1144 return -EINVAL;
1145
1146 +@@ -2350,8 +2413,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets,
1147 + return NULL;
1148 + }
1149 +
1150 +- vms = kzalloc(sizeof(vms[0]) * nr_vms, GFP_KERNEL);
1151 +- vas = kzalloc(sizeof(vas[0]) * nr_vms, GFP_KERNEL);
1152 ++ vms = kcalloc(nr_vms, sizeof(vms[0]), GFP_KERNEL);
1153 ++ vas = kcalloc(nr_vms, sizeof(vas[0]), GFP_KERNEL);
1154 + if (!vas || !vms)
1155 + goto err_free;
1156 +
1157 diff --git a/mm/vmstat.c b/mm/vmstat.c
1158 index 8fd603b..cf0d930 100644
1159 --- a/mm/vmstat.c
1160 @@ -76687,6 +76710,19 @@ index 94cdbc5..0cb0063 100644
1161 if (peer->tcp_ts_stamp) {
1162 ts = peer->tcp_ts;
1163 tsage = get_seconds() - peer->tcp_ts_stamp;
1164 +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
1165 +index 9726927..32e6ca2 100644
1166 +--- a/net/ipv4/tcp_input.c
1167 ++++ b/net/ipv4/tcp_input.c
1168 +@@ -5836,6 +5836,8 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
1169 + goto discard;
1170 +
1171 + if (th->syn) {
1172 ++ if (th->fin)
1173 ++ goto discard;
1174 + if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
1175 + return 1;
1176 +
1177 diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
1178 index de69cec..74908e1 100644
1179 --- a/net/ipv4/tcp_ipv4.c
1180 @@ -79276,28 +79312,6 @@ index 1ac414f..a1c1451 100644
1181 # Remove .so files from "xxx-objs"
1182 host-cobjs := $(filter-out %.so,$(host-cobjs))
1183
1184 -diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
1185 -index 5d986d9..5fc5f79 100644
1186 ---- a/scripts/Makefile.lib
1187 -+++ b/scripts/Makefile.lib
1188 -@@ -144,14 +144,14 @@ __a_flags = $(call flags,_a_flags)
1189 - __cpp_flags = $(call flags,_cpp_flags)
1190 - endif
1191 -
1192 --c_flags = -Wp,-MD,$(depfile) $(NOSTDINC_FLAGS) $(LINUXINCLUDE) \
1193 -+c_flags = -Wp,-MD,$(depfile) $(LINUXINCLUDE) $(NOSTDINC_FLAGS) \
1194 - $(__c_flags) $(modkern_cflags) \
1195 - -D"KBUILD_STR(s)=\#s" $(basename_flags) $(modname_flags)
1196 -
1197 --a_flags = -Wp,-MD,$(depfile) $(NOSTDINC_FLAGS) $(LINUXINCLUDE) \
1198 -+a_flags = -Wp,-MD,$(depfile) $(LINUXINCLUDE) $(NOSTDINC_FLAGS) \
1199 - $(__a_flags) $(modkern_aflags)
1200 -
1201 --cpp_flags = -Wp,-MD,$(depfile) $(NOSTDINC_FLAGS) $(LINUXINCLUDE) \
1202 -+cpp_flags = -Wp,-MD,$(depfile) $(LINUXINCLUDE) $(NOSTDINC_FLAGS) \
1203 - $(__cpp_flags)
1204 -
1205 - ld_flags = $(LDFLAGS) $(ldflags-y)
1206 diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c
1207 index cb1f50c..cef2a7c 100644
1208 --- a/scripts/basic/fixdep.c
1209 @@ -81516,10 +81530,10 @@ index 0000000..ee950d0
1210 +}
1211 diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
1212 new file mode 100644
1213 -index 0000000..88a7438
1214 +index 0000000..89b7f56
1215 --- /dev/null
1216 +++ b/tools/gcc/constify_plugin.c
1217 -@@ -0,0 +1,303 @@
1218 +@@ -0,0 +1,328 @@
1219 +/*
1220 + * Copyright 2011 by Emese Revfy <re.emese@×××××.com>
1221 + * Copyright 2011 by PaX Team <pageexec@××××××××.hu>
1222 @@ -81560,24 +81574,47 @@ index 0000000..88a7438
1223 +int plugin_is_GPL_compatible;
1224 +
1225 +static struct plugin_info const_plugin_info = {
1226 -+ .version = "201111150100",
1227 ++ .version = "201205300030",
1228 + .help = "no-constify\tturn off constification\n",
1229 +};
1230 +
1231 -+static void constify_type(tree type);
1232 -+static bool walk_struct(tree node);
1233 ++static void deconstify_tree(tree node);
1234 +
1235 -+static tree deconstify_type(tree old_type)
1236 ++static void deconstify_type(tree type)
1237 +{
1238 -+ tree new_type, field;
1239 ++ tree field;
1240 ++
1241 ++ for (field = TYPE_FIELDS(type); field; field = TREE_CHAIN(field)) {
1242 ++ tree type = TREE_TYPE(field);
1243 ++
1244 ++ if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE)
1245 ++ continue;
1246 ++ if (!TYPE_READONLY(type))
1247 ++ continue;
1248 ++
1249 ++ deconstify_tree(field);
1250 ++ }
1251 ++ TYPE_READONLY(type) = 0;
1252 ++ C_TYPE_FIELDS_READONLY(type) = 0;
1253 ++}
1254 ++
1255 ++static void deconstify_tree(tree node)
1256 ++{
1257 ++ tree old_type, new_type, field;
1258 ++
1259 ++ old_type = TREE_TYPE(node);
1260 ++
1261 ++ gcc_assert(TYPE_READONLY(old_type) && (TYPE_QUALS(old_type) & TYPE_QUAL_CONST));
1262 +
1263 + new_type = build_qualified_type(old_type, TYPE_QUALS(old_type) & ~TYPE_QUAL_CONST);
1264 + TYPE_FIELDS(new_type) = copy_list(TYPE_FIELDS(new_type));
1265 + for (field = TYPE_FIELDS(new_type); field; field = TREE_CHAIN(field))
1266 + DECL_FIELD_CONTEXT(field) = new_type;
1267 -+ TYPE_READONLY(new_type) = 0;
1268 -+ C_TYPE_FIELDS_READONLY(new_type) = 0;
1269 -+ return new_type;
1270 ++
1271 ++ deconstify_type(new_type);
1272 ++
1273 ++ TREE_READONLY(node) = 0;
1274 ++ TREE_TYPE(node) = new_type;
1275 +}
1276 +
1277 +static tree handle_no_const_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
1278 @@ -81621,14 +81658,19 @@ index 0000000..88a7438
1279 + }
1280 +
1281 + if (TREE_CODE(*node) == TYPE_DECL) {
1282 -+ TREE_TYPE(*node) = deconstify_type(type);
1283 -+ TREE_READONLY(*node) = 0;
1284 ++ deconstify_tree(*node);
1285 + return NULL_TREE;
1286 + }
1287 +
1288 + return NULL_TREE;
1289 +}
1290 +
1291 ++static void constify_type(tree type)
1292 ++{
1293 ++ TYPE_READONLY(type) = 1;
1294 ++ C_TYPE_FIELDS_READONLY(type) = 1;
1295 ++}
1296 ++
1297 +static tree handle_do_const_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
1298 +{
1299 + *no_add_attrs = true;
1300 @@ -81679,12 +81721,6 @@ index 0000000..88a7438
1301 + register_attribute(&do_const_attr);
1302 +}
1303 +
1304 -+static void constify_type(tree type)
1305 -+{
1306 -+ TYPE_READONLY(type) = 1;
1307 -+ C_TYPE_FIELDS_READONLY(type) = 1;
1308 -+}
1309 -+
1310 +static bool is_fptr(tree field)
1311 +{
1312 + tree ptr = TREE_TYPE(field);
1313 @@ -81699,11 +81735,14 @@ index 0000000..88a7438
1314 +{
1315 + tree field;
1316 +
1317 -+ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(node)))
1318 ++ if (TYPE_FIELDS(node) == NULL_TREE)
1319 + return false;
1320 +
1321 -+ if (TYPE_FIELDS(node) == NULL_TREE)
1322 ++ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(node))) {
1323 ++ gcc_assert(!TYPE_READONLY(node));
1324 ++ deconstify_type(node);
1325 + return false;
1326 ++ }
1327 +
1328 + for (field = TYPE_FIELDS(node); field; field = TREE_CHAIN(field)) {
1329 + tree type = TREE_TYPE(field);
1330 @@ -96243,7 +96282,7 @@ index 0000000..2c6f298
1331 +};
1332 diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
1333 new file mode 100644
1334 -index 0000000..4154daf
1335 +index 0000000..92b8ee6
1336 --- /dev/null
1337 +++ b/tools/gcc/size_overflow_plugin.c
1338 @@ -0,0 +1,1188 @@
1339 @@ -96469,7 +96508,7 @@ index 0000000..4154daf
1340 + const char *curfunc = NAME(func);
1341 +
1342 + new_hash = get_hash_num(curfunc, filename, 0);
1343 -+ inform(loc, "Function %s is missing from the size_overflow hash table +%s+%d+%u+%s+", curfunc, curfunc, argnum, new_hash, filename);
1344 ++// inform(loc, "Function %s is missing from the size_overflow hash table +%s+%d+%u+%s+", curfunc, curfunc, argnum, new_hash, filename);
1345 +}
1346 +
1347 +static void check_missing_attribute(tree arg)
1348
1349 diff --git a/3.3.7/0000_README b/3.3.7/0000_README
1350 index 705a5d3..4499d08 100644
1351 --- a/3.3.7/0000_README
1352 +++ b/3.3.7/0000_README
1353 @@ -2,7 +2,7 @@ README
1354 -----------------------------------------------------------------------------
1355 Individual Patch Descriptions:
1356 -----------------------------------------------------------------------------
1357 -Patch: 4420_grsecurity-2.9-3.3.7-201205271953.patch
1358 +Patch: 4420_grsecurity-2.9-3.3.7-201206011935.patch
1359 From: http://www.grsecurity.net
1360 Desc: hardened-sources base patch from upstream grsecurity
1361
1362
1363 diff --git a/3.3.7/4420_grsecurity-2.9-3.3.7-201205271953.patch b/3.3.7/4420_grsecurity-2.9-3.3.7-201206011935.patch
1364 similarity index 99%
1365 rename from 3.3.7/4420_grsecurity-2.9-3.3.7-201205271953.patch
1366 rename to 3.3.7/4420_grsecurity-2.9-3.3.7-201206011935.patch
1367 index 07eb40a..8787b62 100644
1368 --- a/3.3.7/4420_grsecurity-2.9-3.3.7-201205271953.patch
1369 +++ b/3.3.7/4420_grsecurity-2.9-3.3.7-201206011935.patch
1370 @@ -195,7 +195,7 @@ index d99fd9c..8689fef 100644
1371
1372 pcd. [PARIDE]
1373 diff --git a/Makefile b/Makefile
1374 -index 073f74f..a689ddf 100644
1375 +index 073f74f..02aebe9 100644
1376 --- a/Makefile
1377 +++ b/Makefile
1378 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
1379 @@ -210,19 +210,6 @@ index 073f74f..a689ddf 100644
1380
1381 # Decide whether to build built-in, modular, or both.
1382 # Normally, just do built-in.
1383 -@@ -357,9 +358,9 @@ CFLAGS_GCOV = -fprofile-arcs -ftest-coverage
1384 -
1385 - # Use LINUXINCLUDE when you must reference the include/ directory.
1386 - # Needed to be compatible with the O= option
1387 --LINUXINCLUDE := -I$(srctree)/arch/$(hdr-arch)/include \
1388 -- -Iarch/$(hdr-arch)/include/generated -Iinclude \
1389 -- $(if $(KBUILD_SRC), -I$(srctree)/include) \
1390 -+LINUXINCLUDE := -isystem arch/$(hdr-arch)/include \
1391 -+ -isystem arch/$(hdr-arch)/include/generated -isystem include \
1392 -+ -isystem include/generated \
1393 - -include $(srctree)/include/linux/kconfig.h
1394 -
1395 - KBUILD_CPPFLAGS := -D__KERNEL__
1396 @@ -407,8 +408,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn --exc
1397 # Rules shared between *config targets and build targets
1398
1399 @@ -234,29 +221,6 @@ index 073f74f..a689ddf 100644
1400 $(Q)$(MAKE) $(build)=scripts/basic
1401 $(Q)rm -f .tmp_quiet_recordmcount
1402
1403 -@@ -442,7 +443,7 @@ asm-generic:
1404 -
1405 - no-dot-config-targets := clean mrproper distclean \
1406 - cscope gtags TAGS tags help %docs check% coccicheck \
1407 -- include/linux/version.h headers_% archheaders \
1408 -+ include/generated/linux/version.h headers_% archheaders \
1409 - kernelversion %src-pkg
1410 -
1411 - config-targets := 0
1412 -@@ -485,11 +486,11 @@ include $(srctree)/arch/$(SRCARCH)/Makefile
1413 - export KBUILD_DEFCONFIG KBUILD_KCONFIG
1414 -
1415 - config: scripts_basic outputmakefile FORCE
1416 -- $(Q)mkdir -p include/linux include/config
1417 -+ $(Q)mkdir -p include/generated/linux include/config
1418 - $(Q)$(MAKE) $(build)=scripts/kconfig $@
1419 -
1420 - %config: scripts_basic outputmakefile FORCE
1421 -- $(Q)mkdir -p include/linux include/config
1422 -+ $(Q)mkdir -p include/generated/linux include/config
1423 - $(Q)$(MAKE) $(build)=scripts/kconfig $@
1424 -
1425 - else
1426 @@ -564,6 +565,55 @@ else
1427 KBUILD_CFLAGS += -O2
1428 endif
1429 @@ -340,23 +304,7 @@ index 073f74f..a689ddf 100644
1430 $(Q)$(MAKE) $(build)=$@
1431
1432 # Store (new) KERNELRELASE string in include/config/kernel.release
1433 -@@ -970,12 +1022,14 @@ ifneq ($(KBUILD_SRC),)
1434 - echo " in the '$(srctree)' directory.";\
1435 - /bin/false; \
1436 - fi;
1437 -+ $(Q)for dir in $(srctree)/include/* ; do ln -fsn $$dir include/`basename $$dir` ; done
1438 -+ $(Q)ln -fsn $(srctree)/arch/$(SRCARCH)/include/asm arch/$(SRCARCH)/include;
1439 - endif
1440 -
1441 - # prepare2 creates a makefile if using a separate output directory
1442 - prepare2: prepare3 outputmakefile asm-generic
1443 -
1444 --prepare1: prepare2 include/linux/version.h include/generated/utsrelease.h \
1445 -+prepare1: prepare2 include/generated/linux/version.h include/generated/utsrelease.h \
1446 - include/config/auto.conf
1447 - $(cmd_crmodverdir)
1448 -
1449 -@@ -985,6 +1039,7 @@ prepare0: archprepare FORCE
1450 +@@ -985,6 +1037,7 @@ prepare0: archprepare FORCE
1451 $(Q)$(MAKE) $(build)=.
1452
1453 # All the preparing..
1454 @@ -364,25 +312,7 @@ index 073f74f..a689ddf 100644
1455 prepare: prepare0
1456
1457 # Generate some files
1458 -@@ -1008,7 +1063,7 @@ define filechk_version.h
1459 - echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))';)
1460 - endef
1461 -
1462 --include/linux/version.h: $(srctree)/Makefile FORCE
1463 -+include/generated/linux/version.h: $(srctree)/Makefile FORCE
1464 - $(call filechk,version.h)
1465 -
1466 - include/generated/utsrelease.h: include/config/kernel.release FORCE
1467 -@@ -1050,7 +1105,7 @@ PHONY += archheaders
1468 - archheaders:
1469 -
1470 - PHONY += __headers
1471 --__headers: include/linux/version.h scripts_basic asm-generic archheaders FORCE
1472 -+__headers: include/generated/linux/version.h scripts_basic asm-generic archheaders FORCE
1473 - $(Q)$(MAKE) $(build)=scripts build_unifdef
1474 -
1475 - PHONY += headers_install_all
1476 -@@ -1089,6 +1144,8 @@ all: modules
1477 +@@ -1089,6 +1142,8 @@ all: modules
1478 # using awk while concatenating to the final file.
1479
1480 PHONY += modules
1481 @@ -391,7 +321,7 @@ index 073f74f..a689ddf 100644
1482 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
1483 $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
1484 @$(kecho) ' Building modules, stage 2.';
1485 -@@ -1104,7 +1161,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
1486 +@@ -1104,7 +1159,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
1487
1488 # Target to prepare building external modules
1489 PHONY += modules_prepare
1490 @@ -400,16 +330,7 @@ index 073f74f..a689ddf 100644
1491
1492 # Target to install modules
1493 PHONY += modules_install
1494 -@@ -1163,7 +1220,7 @@ CLEAN_FILES += vmlinux System.map \
1495 - MRPROPER_DIRS += include/config usr/include include/generated \
1496 - arch/*/include/generated
1497 - MRPROPER_FILES += .config .config.old .version .old_version \
1498 -- include/linux/version.h \
1499 -+ include/generated/linux/version.h \
1500 - Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS
1501 -
1502 - # clean - Delete most, but leave enough to build external modules
1503 -@@ -1201,6 +1258,7 @@ distclean: mrproper
1504 +@@ -1201,6 +1256,7 @@ distclean: mrproper
1505 \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
1506 -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
1507 -o -name '.*.rej' \
1508 @@ -417,7 +338,7 @@ index 073f74f..a689ddf 100644
1509 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
1510 -type f -print | xargs rm -f
1511
1512 -@@ -1361,6 +1419,8 @@ PHONY += $(module-dirs) modules
1513 +@@ -1361,6 +1417,8 @@ PHONY += $(module-dirs) modules
1514 $(module-dirs): crmodverdir $(objtree)/Module.symvers
1515 $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
1516
1517 @@ -426,7 +347,7 @@ index 073f74f..a689ddf 100644
1518 modules: $(module-dirs)
1519 @$(kecho) ' Building modules, stage 2.';
1520 $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
1521 -@@ -1487,17 +1547,21 @@ else
1522 +@@ -1487,17 +1545,21 @@ else
1523 target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
1524 endif
1525
1526 @@ -452,7 +373,7 @@ index 073f74f..a689ddf 100644
1527 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
1528 %.symtypes: %.c prepare scripts FORCE
1529 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
1530 -@@ -1507,11 +1571,15 @@ endif
1531 +@@ -1507,11 +1569,15 @@ endif
1532 $(cmd_crmodverdir)
1533 $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
1534 $(build)=$(build-dir)
1535 @@ -24753,7 +24674,7 @@ index 8ecbb4b..a269cab 100644
1536 }
1537 if (mm->get_unmapped_area == arch_get_unmapped_area)
1538 diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
1539 -index 6cabf65..00139c4 100644
1540 +index 6cabf65..9976a56 100644
1541 --- a/arch/x86/mm/init.c
1542 +++ b/arch/x86/mm/init.c
1543 @@ -17,6 +17,8 @@
1544 @@ -24813,7 +24734,7 @@ index 6cabf65..00139c4 100644
1545 if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
1546 return 0;
1547 if (!page_is_ram(pagenr))
1548 -@@ -372,8 +401,116 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
1549 +@@ -372,8 +401,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
1550 #endif
1551 }
1552
1553 @@ -24830,7 +24751,7 @@ index 6cabf65..00139c4 100644
1554 + }
1555 + if (ebda_addr && ebda_size) {
1556 + ebda_start = ebda_addr >> PAGE_SHIFT;
1557 -+ ebda_end = min(PAGE_ALIGN(ebda_addr + ebda_size), 0xa0000) >> PAGE_SHIFT;
1558 ++ ebda_end = min((unsigned int)PAGE_ALIGN(ebda_addr + ebda_size), (unsigned int)0xa0000) >> PAGE_SHIFT;
1559 + } else {
1560 + ebda_start = 0x9f000 >> PAGE_SHIFT;
1561 + ebda_end = 0xa0000 >> PAGE_SHIFT;
1562 @@ -24850,6 +24771,12 @@ index 6cabf65..00139c4 100644
1563 + int cpu;
1564 +#endif
1565 +#endif
1566 ++#ifndef CONFIG_X86_PAE
1567 ++ pgd_t *pgd;
1568 ++ pud_t *pud;
1569 ++ pmd_t *pmd;
1570 ++ unsigned long addr, end;
1571 ++#endif
1572 +
1573 + gr_init_ebda();
1574 +
1575 @@ -24893,11 +24820,6 @@ index 6cabf65..00139c4 100644
1576 +#endif
1577 +
1578 +#else
1579 -+ pgd_t *pgd;
1580 -+ pud_t *pud;
1581 -+ pmd_t *pmd;
1582 -+ unsigned long addr, end;
1583 -+
1584 + /* PaX: make kernel code/rodata read-only, rest non-executable */
1585 + for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
1586 + pgd = pgd_offset_k(addr);
1587 @@ -28775,6 +28697,25 @@ index 8493536..31adee0 100644
1588 if (err)
1589 printk(KERN_INFO "devtmpfs: error mounting %i\n", err);
1590 else
1591 +diff --git a/drivers/base/node.c b/drivers/base/node.c
1592 +index 90aa2a1..af1a177 100644
1593 +--- a/drivers/base/node.c
1594 ++++ b/drivers/base/node.c
1595 +@@ -592,11 +592,9 @@ static ssize_t print_nodes_state(enum node_states state, char *buf)
1596 + {
1597 + int n;
1598 +
1599 +- n = nodelist_scnprintf(buf, PAGE_SIZE, node_states[state]);
1600 +- if (n > 0 && PAGE_SIZE > n + 1) {
1601 +- *(buf + n++) = '\n';
1602 +- *(buf + n++) = '\0';
1603 +- }
1604 ++ n = nodelist_scnprintf(buf, PAGE_SIZE-2, node_states[state]);
1605 ++ buf[n++] = '\n';
1606 ++ buf[n] = '\0';
1607 + return n;
1608 + }
1609 +
1610 diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
1611 index caf995f..6f76697 100644
1612 --- a/drivers/base/power/wakeup.c
1613 @@ -33275,6 +33216,19 @@ index 1f355bb..43f1fea 100644
1614 return -EFAULT;
1615 } else
1616 memcpy(msg, buf, count);
1617 +diff --git a/drivers/leds/leds-mc13783.c b/drivers/leds/leds-mc13783.c
1618 +index 8bc4915..4cc6a2e 100644
1619 +--- a/drivers/leds/leds-mc13783.c
1620 ++++ b/drivers/leds/leds-mc13783.c
1621 +@@ -280,7 +280,7 @@ static int __devinit mc13783_led_probe(struct platform_device *pdev)
1622 + return -EINVAL;
1623 + }
1624 +
1625 +- led = kzalloc(sizeof(*led) * pdata->num_leds, GFP_KERNEL);
1626 ++ led = kcalloc(pdata->num_leds, sizeof(*led), GFP_KERNEL);
1627 + if (led == NULL) {
1628 + dev_err(&pdev->dev, "failed to alloc memory\n");
1629 + return -ENOMEM;
1630 diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c
1631 index b5fdcb7..5b6c59f 100644
1632 --- a/drivers/lguest/core.c
1633 @@ -62840,6 +62794,27 @@ index 58969b2..ead129b 100644
1634
1635 /**
1636 * preempt_notifier - key for installing preemption notifiers
1637 +diff --git a/include/linux/printk.h b/include/linux/printk.h
1638 +index f0e22f7..82dd544 100644
1639 +--- a/include/linux/printk.h
1640 ++++ b/include/linux/printk.h
1641 +@@ -94,6 +94,8 @@ void early_printk(const char *fmt, ...);
1642 + extern int printk_needs_cpu(int cpu);
1643 + extern void printk_tick(void);
1644 +
1645 ++extern int kptr_restrict;
1646 ++
1647 + #ifdef CONFIG_PRINTK
1648 + asmlinkage __printf(1, 0)
1649 + int vprintk(const char *fmt, va_list args);
1650 +@@ -112,7 +114,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies,
1651 +
1652 + extern int printk_delay_msec;
1653 + extern int dmesg_restrict;
1654 +-extern int kptr_restrict;
1655 +
1656 + void log_buf_kexec_setup(void);
1657 + void __init setup_log_buf(int early);
1658 diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
1659 index 85c5073..51fac8b 100644
1660 --- a/include/linux/proc_fs.h
1661 @@ -65944,7 +65919,7 @@ index 46c8b14..d868958 100644
1662 {
1663 struct signal_struct *sig = current->signal;
1664 diff --git a/kernel/fork.c b/kernel/fork.c
1665 -index 423d5a4..4608ecf 100644
1666 +index 423d5a4..881923e 100644
1667 --- a/kernel/fork.c
1668 +++ b/kernel/fork.c
1669 @@ -285,7 +285,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
1670 @@ -65969,7 +65944,7 @@ index 423d5a4..4608ecf 100644
1671 +
1672 + charge = 0;
1673 + if (mpnt->vm_flags & VM_ACCOUNT) {
1674 -+ unsigned int len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
1675 ++ unsigned long len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
1676 + if (security_vm_enough_memory(len))
1677 + goto fail_nomem;
1678 + charge = len;
1679 @@ -68963,7 +68938,7 @@ index 888d227..f04b318 100644
1680 break;
1681 }
1682 diff --git a/kernel/sysctl.c b/kernel/sysctl.c
1683 -index f03a6ef..5fcc8af 100644
1684 +index f03a6ef..735d95c 100644
1685 --- a/kernel/sysctl.c
1686 +++ b/kernel/sysctl.c
1687 @@ -86,6 +86,13 @@
1688 @@ -68980,7 +68955,18 @@ index f03a6ef..5fcc8af 100644
1689
1690 /* External variables not in a header file. */
1691 extern int sysctl_overcommit_memory;
1692 -@@ -191,6 +198,7 @@ static int sysrq_sysctl_handler(ctl_table *table, int write,
1693 +@@ -165,10 +172,8 @@ static int proc_taint(struct ctl_table *table, int write,
1694 + void __user *buffer, size_t *lenp, loff_t *ppos);
1695 + #endif
1696 +
1697 +-#ifdef CONFIG_PRINTK
1698 + static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
1699 + void __user *buffer, size_t *lenp, loff_t *ppos);
1700 +-#endif
1701 +
1702 + #ifdef CONFIG_MAGIC_SYSRQ
1703 + /* Note: sysrq code uses it's own private copy */
1704 +@@ -191,6 +196,7 @@ static int sysrq_sysctl_handler(ctl_table *table, int write,
1705 }
1706
1707 #endif
1708 @@ -68988,7 +68974,7 @@ index f03a6ef..5fcc8af 100644
1709
1710 static struct ctl_table root_table[];
1711 static struct ctl_table_root sysctl_table_root;
1712 -@@ -220,6 +228,20 @@ extern struct ctl_table epoll_table[];
1713 +@@ -220,6 +226,20 @@ extern struct ctl_table epoll_table[];
1714 int sysctl_legacy_va_layout;
1715 #endif
1716
1717 @@ -69009,7 +68995,7 @@ index f03a6ef..5fcc8af 100644
1718 /* The default sysctl tables: */
1719
1720 static struct ctl_table root_table[] = {
1721 -@@ -266,6 +288,22 @@ static int max_extfrag_threshold = 1000;
1722 +@@ -266,6 +286,22 @@ static int max_extfrag_threshold = 1000;
1723 #endif
1724
1725 static struct ctl_table kern_table[] = {
1726 @@ -69032,7 +69018,7 @@ index f03a6ef..5fcc8af 100644
1727 {
1728 .procname = "sched_child_runs_first",
1729 .data = &sysctl_sched_child_runs_first,
1730 -@@ -550,7 +588,7 @@ static struct ctl_table kern_table[] = {
1731 +@@ -550,7 +586,7 @@ static struct ctl_table kern_table[] = {
1732 .data = &modprobe_path,
1733 .maxlen = KMOD_PATH_LEN,
1734 .mode = 0644,
1735 @@ -69041,7 +69027,7 @@ index f03a6ef..5fcc8af 100644
1736 },
1737 {
1738 .procname = "modules_disabled",
1739 -@@ -717,16 +755,20 @@ static struct ctl_table kern_table[] = {
1740 +@@ -717,16 +753,20 @@ static struct ctl_table kern_table[] = {
1741 .extra1 = &zero,
1742 .extra2 = &one,
1743 },
1744 @@ -69063,7 +69049,7 @@ index f03a6ef..5fcc8af 100644
1745 {
1746 .procname = "ngroups_max",
1747 .data = &ngroups_max,
1748 -@@ -1225,6 +1267,13 @@ static struct ctl_table vm_table[] = {
1749 +@@ -1225,6 +1265,13 @@ static struct ctl_table vm_table[] = {
1750 .proc_handler = proc_dointvec_minmax,
1751 .extra1 = &zero,
1752 },
1753 @@ -69077,7 +69063,7 @@ index f03a6ef..5fcc8af 100644
1754 #else
1755 {
1756 .procname = "nr_trim_pages",
1757 -@@ -1729,6 +1778,17 @@ static int test_perm(int mode, int op)
1758 +@@ -1729,6 +1776,17 @@ static int test_perm(int mode, int op)
1759 int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, int op)
1760 {
1761 int mode;
1762 @@ -69095,7 +69081,7 @@ index f03a6ef..5fcc8af 100644
1763
1764 if (root->permissions)
1765 mode = root->permissions(root, current->nsproxy, table);
1766 -@@ -2133,6 +2193,16 @@ int proc_dostring(struct ctl_table *table, int write,
1767 +@@ -2133,6 +2191,16 @@ int proc_dostring(struct ctl_table *table, int write,
1768 buffer, lenp, ppos);
1769 }
1770
1771 @@ -69112,7 +69098,7 @@ index f03a6ef..5fcc8af 100644
1772 static size_t proc_skip_spaces(char **buf)
1773 {
1774 size_t ret;
1775 -@@ -2238,6 +2308,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
1776 +@@ -2238,6 +2306,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
1777 len = strlen(tmp);
1778 if (len > *size)
1779 len = *size;
1780 @@ -69121,7 +69107,23 @@ index f03a6ef..5fcc8af 100644
1781 if (copy_to_user(*buf, tmp, len))
1782 return -EFAULT;
1783 *size -= len;
1784 -@@ -2554,8 +2626,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
1785 +@@ -2430,7 +2500,6 @@ static int proc_taint(struct ctl_table *table, int write,
1786 + return err;
1787 + }
1788 +
1789 +-#ifdef CONFIG_PRINTK
1790 + static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
1791 + void __user *buffer, size_t *lenp, loff_t *ppos)
1792 + {
1793 +@@ -2439,7 +2508,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
1794 +
1795 + return proc_dointvec_minmax(table, write, buffer, lenp, ppos);
1796 + }
1797 +-#endif
1798 +
1799 + struct do_proc_dointvec_minmax_conv_param {
1800 + int *min;
1801 +@@ -2554,8 +2622,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
1802 *i = val;
1803 } else {
1804 val = convdiv * (*i) / convmul;
1805 @@ -69134,7 +69136,7 @@ index f03a6ef..5fcc8af 100644
1806 err = proc_put_long(&buffer, &left, val, false);
1807 if (err)
1808 break;
1809 -@@ -2950,6 +3025,12 @@ int proc_dostring(struct ctl_table *table, int write,
1810 +@@ -2950,6 +3021,12 @@ int proc_dostring(struct ctl_table *table, int write,
1811 return -ENOSYS;
1812 }
1813
1814 @@ -69147,7 +69149,7 @@ index f03a6ef..5fcc8af 100644
1815 int proc_dointvec(struct ctl_table *table, int write,
1816 void __user *buffer, size_t *lenp, loff_t *ppos)
1817 {
1818 -@@ -3006,6 +3087,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
1819 +@@ -3006,6 +3083,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
1820 EXPORT_SYMBOL(proc_dointvec_userhz_jiffies);
1821 EXPORT_SYMBOL(proc_dointvec_ms_jiffies);
1822 EXPORT_SYMBOL(proc_dostring);
1823 @@ -70036,7 +70038,7 @@ index 0000000..7cd6065
1824 @@ -0,0 +1 @@
1825 +-grsec
1826 diff --git a/mm/Kconfig b/mm/Kconfig
1827 -index e338407..49b5b7a 100644
1828 +index e338407..4210331 100644
1829 --- a/mm/Kconfig
1830 +++ b/mm/Kconfig
1831 @@ -247,10 +247,10 @@ config KSM
1832 @@ -70053,6 +70055,15 @@ index e338407..49b5b7a 100644
1833 This is the portion of low virtual memory which should be protected
1834 from userspace allocation. Keeping a user from writing to low pages
1835 can help reduce the impact of kernel NULL pointer bugs.
1836 +@@ -280,7 +280,7 @@ config MEMORY_FAILURE
1837 +
1838 + config HWPOISON_INJECT
1839 + tristate "HWPoison pages injector"
1840 +- depends on MEMORY_FAILURE && DEBUG_KERNEL && PROC_FS
1841 ++ depends on MEMORY_FAILURE && DEBUG_KERNEL && PROC_FS && !GRKERNSEC
1842 + select PROC_PAGE_MONITOR
1843 +
1844 + config NOMMU_INITIAL_TRIM_EXCESS
1845 diff --git a/mm/filemap.c b/mm/filemap.c
1846 index b662757..3081ddd 100644
1847 --- a/mm/filemap.c
1848 @@ -70133,7 +70144,7 @@ index 8f7fc39..69bf1e9 100644
1849 /* if an huge pmd materialized from under us just retry later */
1850 if (unlikely(pmd_trans_huge(*pmd)))
1851 diff --git a/mm/hugetlb.c b/mm/hugetlb.c
1852 -index fece520..7fad868 100644
1853 +index fece520..e10da7f 100644
1854 --- a/mm/hugetlb.c
1855 +++ b/mm/hugetlb.c
1856 @@ -2146,6 +2146,15 @@ static void hugetlb_vm_op_open(struct vm_area_struct *vma)
1857 @@ -70280,12 +70291,13 @@ index fece520..7fad868 100644
1858 }
1859
1860 /*
1861 -@@ -3009,6 +3076,9 @@ int hugetlb_reserve_pages(struct inode *inode,
1862 +@@ -3009,6 +3076,10 @@ int hugetlb_reserve_pages(struct inode *inode,
1863 if (!vma || vma->vm_flags & VM_MAYSHARE)
1864 region_add(&inode->i_mapping->private_list, from, to);
1865 return 0;
1866 +out_err:
1867 -+ resv_map_put(vma);
1868 ++ if (vma)
1869 ++ resv_map_put(vma);
1870 + return ret;
1871 }
1872
1873 @@ -74088,7 +74100,7 @@ index 136ac4f..f917fa9 100644
1874 mm->unmap_area = arch_unmap_area;
1875 }
1876 diff --git a/mm/vmalloc.c b/mm/vmalloc.c
1877 -index 86ce9a5..fc9fb61 100644
1878 +index 86ce9a5..550d03c 100644
1879 --- a/mm/vmalloc.c
1880 +++ b/mm/vmalloc.c
1881 @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
1882 @@ -74287,6 +74299,17 @@ index 86ce9a5..fc9fb61 100644
1883 if ((PAGE_SIZE-1) & (unsigned long)addr)
1884 return -EINVAL;
1885
1886 +@@ -2375,8 +2442,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets,
1887 + return NULL;
1888 + }
1889 +
1890 +- vms = kzalloc(sizeof(vms[0]) * nr_vms, GFP_KERNEL);
1891 +- vas = kzalloc(sizeof(vas[0]) * nr_vms, GFP_KERNEL);
1892 ++ vms = kcalloc(nr_vms, sizeof(vms[0]), GFP_KERNEL);
1893 ++ vas = kcalloc(nr_vms, sizeof(vas[0]), GFP_KERNEL);
1894 + if (!vas || !vms)
1895 + goto err_free2;
1896 +
1897 diff --git a/mm/vmstat.c b/mm/vmstat.c
1898 index f600557..1459fc8 100644
1899 --- a/mm/vmstat.c
1900 @@ -78186,28 +78209,6 @@ index 1ac414f..a1c1451 100644
1901 # Remove .so files from "xxx-objs"
1902 host-cobjs := $(filter-out %.so,$(host-cobjs))
1903
1904 -diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
1905 -index 00c368c..bb3f3e9 100644
1906 ---- a/scripts/Makefile.lib
1907 -+++ b/scripts/Makefile.lib
1908 -@@ -144,14 +144,14 @@ __a_flags = $(call flags,_a_flags)
1909 - __cpp_flags = $(call flags,_cpp_flags)
1910 - endif
1911 -
1912 --c_flags = -Wp,-MD,$(depfile) $(NOSTDINC_FLAGS) $(LINUXINCLUDE) \
1913 -+c_flags = -Wp,-MD,$(depfile) $(LINUXINCLUDE) $(NOSTDINC_FLAGS) \
1914 - $(__c_flags) $(modkern_cflags) \
1915 - -D"KBUILD_STR(s)=\#s" $(basename_flags) $(modname_flags)
1916 -
1917 --a_flags = -Wp,-MD,$(depfile) $(NOSTDINC_FLAGS) $(LINUXINCLUDE) \
1918 -+a_flags = -Wp,-MD,$(depfile) $(LINUXINCLUDE) $(NOSTDINC_FLAGS) \
1919 - $(__a_flags) $(modkern_aflags)
1920 -
1921 --cpp_flags = -Wp,-MD,$(depfile) $(NOSTDINC_FLAGS) $(LINUXINCLUDE) \
1922 -+cpp_flags = -Wp,-MD,$(depfile) $(LINUXINCLUDE) $(NOSTDINC_FLAGS) \
1923 - $(__cpp_flags)
1924 -
1925 - ld_flags = $(LDFLAGS) $(ldflags-y)
1926 diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c
1927 index cb1f50c..cef2a7c 100644
1928 --- a/scripts/basic/fixdep.c
1929 @@ -80350,10 +80351,10 @@ index 0000000..ee950d0
1930 +}
1931 diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
1932 new file mode 100644
1933 -index 0000000..88a7438
1934 +index 0000000..89b7f56
1935 --- /dev/null
1936 +++ b/tools/gcc/constify_plugin.c
1937 -@@ -0,0 +1,303 @@
1938 +@@ -0,0 +1,328 @@
1939 +/*
1940 + * Copyright 2011 by Emese Revfy <re.emese@×××××.com>
1941 + * Copyright 2011 by PaX Team <pageexec@××××××××.hu>
1942 @@ -80394,24 +80395,47 @@ index 0000000..88a7438
1943 +int plugin_is_GPL_compatible;
1944 +
1945 +static struct plugin_info const_plugin_info = {
1946 -+ .version = "201111150100",
1947 ++ .version = "201205300030",
1948 + .help = "no-constify\tturn off constification\n",
1949 +};
1950 +
1951 -+static void constify_type(tree type);
1952 -+static bool walk_struct(tree node);
1953 ++static void deconstify_tree(tree node);
1954 +
1955 -+static tree deconstify_type(tree old_type)
1956 ++static void deconstify_type(tree type)
1957 +{
1958 -+ tree new_type, field;
1959 ++ tree field;
1960 ++
1961 ++ for (field = TYPE_FIELDS(type); field; field = TREE_CHAIN(field)) {
1962 ++ tree type = TREE_TYPE(field);
1963 ++
1964 ++ if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE)
1965 ++ continue;
1966 ++ if (!TYPE_READONLY(type))
1967 ++ continue;
1968 ++
1969 ++ deconstify_tree(field);
1970 ++ }
1971 ++ TYPE_READONLY(type) = 0;
1972 ++ C_TYPE_FIELDS_READONLY(type) = 0;
1973 ++}
1974 ++
1975 ++static void deconstify_tree(tree node)
1976 ++{
1977 ++ tree old_type, new_type, field;
1978 ++
1979 ++ old_type = TREE_TYPE(node);
1980 ++
1981 ++ gcc_assert(TYPE_READONLY(old_type) && (TYPE_QUALS(old_type) & TYPE_QUAL_CONST));
1982 +
1983 + new_type = build_qualified_type(old_type, TYPE_QUALS(old_type) & ~TYPE_QUAL_CONST);
1984 + TYPE_FIELDS(new_type) = copy_list(TYPE_FIELDS(new_type));
1985 + for (field = TYPE_FIELDS(new_type); field; field = TREE_CHAIN(field))
1986 + DECL_FIELD_CONTEXT(field) = new_type;
1987 -+ TYPE_READONLY(new_type) = 0;
1988 -+ C_TYPE_FIELDS_READONLY(new_type) = 0;
1989 -+ return new_type;
1990 ++
1991 ++ deconstify_type(new_type);
1992 ++
1993 ++ TREE_READONLY(node) = 0;
1994 ++ TREE_TYPE(node) = new_type;
1995 +}
1996 +
1997 +static tree handle_no_const_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
1998 @@ -80455,14 +80479,19 @@ index 0000000..88a7438
1999 + }
2000 +
2001 + if (TREE_CODE(*node) == TYPE_DECL) {
2002 -+ TREE_TYPE(*node) = deconstify_type(type);
2003 -+ TREE_READONLY(*node) = 0;
2004 ++ deconstify_tree(*node);
2005 + return NULL_TREE;
2006 + }
2007 +
2008 + return NULL_TREE;
2009 +}
2010 +
2011 ++static void constify_type(tree type)
2012 ++{
2013 ++ TYPE_READONLY(type) = 1;
2014 ++ C_TYPE_FIELDS_READONLY(type) = 1;
2015 ++}
2016 ++
2017 +static tree handle_do_const_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
2018 +{
2019 + *no_add_attrs = true;
2020 @@ -80513,12 +80542,6 @@ index 0000000..88a7438
2021 + register_attribute(&do_const_attr);
2022 +}
2023 +
2024 -+static void constify_type(tree type)
2025 -+{
2026 -+ TYPE_READONLY(type) = 1;
2027 -+ C_TYPE_FIELDS_READONLY(type) = 1;
2028 -+}
2029 -+
2030 +static bool is_fptr(tree field)
2031 +{
2032 + tree ptr = TREE_TYPE(field);
2033 @@ -80533,11 +80556,14 @@ index 0000000..88a7438
2034 +{
2035 + tree field;
2036 +
2037 -+ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(node)))
2038 ++ if (TYPE_FIELDS(node) == NULL_TREE)
2039 + return false;
2040 +
2041 -+ if (TYPE_FIELDS(node) == NULL_TREE)
2042 ++ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(node))) {
2043 ++ gcc_assert(!TYPE_READONLY(node));
2044 ++ deconstify_type(node);
2045 + return false;
2046 ++ }
2047 +
2048 + for (field = TYPE_FIELDS(node); field; field = TREE_CHAIN(field)) {
2049 + tree type = TREE_TYPE(field);
2050 @@ -95204,7 +95230,7 @@ index 0000000..ce7366b
2051 +};
2052 diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
2053 new file mode 100644
2054 -index 0000000..4154daf
2055 +index 0000000..92b8ee6
2056 --- /dev/null
2057 +++ b/tools/gcc/size_overflow_plugin.c
2058 @@ -0,0 +1,1188 @@
2059 @@ -95430,7 +95456,7 @@ index 0000000..4154daf
2060 + const char *curfunc = NAME(func);
2061 +
2062 + new_hash = get_hash_num(curfunc, filename, 0);
2063 -+ inform(loc, "Function %s is missing from the size_overflow hash table +%s+%d+%u+%s+", curfunc, curfunc, argnum, new_hash, filename);
2064 ++// inform(loc, "Function %s is missing from the size_overflow hash table +%s+%d+%u+%s+", curfunc, curfunc, argnum, new_hash, filename);
2065 +}
2066 +
2067 +static void check_missing_attribute(tree arg)
Report Message
Find on MARC Find on Google Groups