1 |
commit: 4522d04d4ebc959b9a4fc09ff531cb49027c6d6b |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Apr 29 01:17:45 2015 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Apr 29 01:17:45 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=4522d04d |
7 |
|
8 |
Grsec/PaX: 3.1-{3.2.68,3.14.39,3.19.5}-201504270827 |
9 |
|
10 |
3.14.39/0000_README | 2 +- |
11 |
...4420_grsecurity-3.1-3.14.39-201504270826.patch} | 384 ++++++++++++--- |
12 |
3.19.5/0000_README | 2 +- |
13 |
... 4420_grsecurity-3.1-3.19.5-201504270827.patch} | 516 +++++++++++++++++---- |
14 |
3.2.68/0000_README | 2 +- |
15 |
... 4420_grsecurity-3.1-3.2.68-201504270825.patch} | 409 ++++++++++++---- |
16 |
6 files changed, 1034 insertions(+), 281 deletions(-) |
17 |
|
18 |
diff --git a/3.14.39/0000_README b/3.14.39/0000_README |
19 |
index df5ef6d..7ed8450 100644 |
20 |
--- a/3.14.39/0000_README |
21 |
+++ b/3.14.39/0000_README |
22 |
@@ -2,7 +2,7 @@ README |
23 |
----------------------------------------------------------------------------- |
24 |
Individual Patch Descriptions: |
25 |
----------------------------------------------------------------------------- |
26 |
-Patch: 4420_grsecurity-3.1-3.14.39-201504190814.patch |
27 |
+Patch: 4420_grsecurity-3.1-3.14.39-201504270826.patch |
28 |
From: http://www.grsecurity.net |
29 |
Desc: hardened-sources base patch from upstream grsecurity |
30 |
|
31 |
|
32 |
diff --git a/3.14.39/4420_grsecurity-3.1-3.14.39-201504190814.patch b/3.14.39/4420_grsecurity-3.1-3.14.39-201504270826.patch |
33 |
similarity index 99% |
34 |
rename from 3.14.39/4420_grsecurity-3.1-3.14.39-201504190814.patch |
35 |
rename to 3.14.39/4420_grsecurity-3.1-3.14.39-201504270826.patch |
36 |
index 71f78fb..3fbeaa8 100644 |
37 |
--- a/3.14.39/4420_grsecurity-3.1-3.14.39-201504190814.patch |
38 |
+++ b/3.14.39/4420_grsecurity-3.1-3.14.39-201504270826.patch |
39 |
@@ -45938,7 +45938,7 @@ index 2fd9009..278cc1e 100644 |
40 |
radio = devm_kzalloc(&pdev->dev, sizeof(*radio), GFP_KERNEL); |
41 |
if (!radio) |
42 |
diff --git a/drivers/media/radio/wl128x/fmdrv_common.c b/drivers/media/radio/wl128x/fmdrv_common.c |
43 |
-index 4b2e9e8..c2900d9 100644 |
44 |
+index 4b2e9e8..c2900d99 100644 |
45 |
--- a/drivers/media/radio/wl128x/fmdrv_common.c |
46 |
+++ b/drivers/media/radio/wl128x/fmdrv_common.c |
47 |
@@ -71,7 +71,7 @@ module_param(default_rds_buf, uint, 0444); |
48 |
@@ -48304,6 +48304,19 @@ index d7a3682..9ce272a 100644 |
49 |
rc = efx_mcdi_rpc_start(efx, MC_CMD_PTP, synch_buf, |
50 |
MC_CMD_PTP_IN_SYNCHRONIZE_LEN); |
51 |
EFX_BUG_ON_PARANOID(rc); |
52 |
+diff --git a/drivers/net/ethernet/sfc/selftest.c b/drivers/net/ethernet/sfc/selftest.c |
53 |
+index 2664181..c9fcf6f 100644 |
54 |
+--- a/drivers/net/ethernet/sfc/selftest.c |
55 |
++++ b/drivers/net/ethernet/sfc/selftest.c |
56 |
+@@ -46,7 +46,7 @@ struct efx_loopback_payload { |
57 |
+ struct iphdr ip; |
58 |
+ struct udphdr udp; |
59 |
+ __be16 iteration; |
60 |
+- const char msg[64]; |
61 |
++ char msg[64]; |
62 |
+ } __packed; |
63 |
+ |
64 |
+ /* Loopback test source MAC address */ |
65 |
diff --git a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c |
66 |
index 50617c5..b13724c 100644 |
67 |
--- a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c |
68 |
@@ -61108,7 +61121,7 @@ index e4141f2..d8263e8 100644 |
69 |
i += packet_length_size; |
70 |
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) |
71 |
diff --git a/fs/exec.c b/fs/exec.c |
72 |
-index ea4449d..c3fd55e 100644 |
73 |
+index ea4449d..747fc21 100644 |
74 |
--- a/fs/exec.c |
75 |
+++ b/fs/exec.c |
76 |
@@ -56,8 +56,20 @@ |
77 |
@@ -61425,7 +61438,23 @@ index ea4449d..c3fd55e 100644 |
78 |
tsk->mm->vmacache_seqnum = 0; |
79 |
vmacache_flush(tsk); |
80 |
task_unlock(tsk); |
81 |
-@@ -1261,7 +1340,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm) |
82 |
+@@ -913,10 +992,14 @@ static int de_thread(struct task_struct *tsk) |
83 |
+ if (!thread_group_leader(tsk)) { |
84 |
+ struct task_struct *leader = tsk->group_leader; |
85 |
+ |
86 |
+- sig->notify_count = -1; /* for exit_notify() */ |
87 |
+ for (;;) { |
88 |
+ threadgroup_change_begin(tsk); |
89 |
+ write_lock_irq(&tasklist_lock); |
90 |
++ /* |
91 |
++ * Do this under tasklist_lock to ensure that |
92 |
++ * exit_notify() can't miss ->group_exit_task |
93 |
++ */ |
94 |
++ sig->notify_count = -1; |
95 |
+ if (likely(leader->exit_state)) |
96 |
+ break; |
97 |
+ __set_current_state(TASK_KILLABLE); |
98 |
+@@ -1261,13 +1344,60 @@ static void check_unsafe_exec(struct linux_binprm *bprm) |
99 |
} |
100 |
rcu_read_unlock(); |
101 |
|
102 |
@@ -61434,7 +61463,98 @@ index ea4449d..c3fd55e 100644 |
103 |
bprm->unsafe |= LSM_UNSAFE_SHARE; |
104 |
else |
105 |
p->fs->in_exec = 1; |
106 |
-@@ -1437,6 +1516,31 @@ static int exec_binprm(struct linux_binprm *bprm) |
107 |
+ spin_unlock(&p->fs->lock); |
108 |
+ } |
109 |
+ |
110 |
++static void bprm_fill_uid(struct linux_binprm *bprm) |
111 |
++{ |
112 |
++ struct inode *inode; |
113 |
++ unsigned int mode; |
114 |
++ kuid_t uid; |
115 |
++ kgid_t gid; |
116 |
++ |
117 |
++ /* clear any previous set[ug]id data from a previous binary */ |
118 |
++ bprm->cred->euid = current_euid(); |
119 |
++ bprm->cred->egid = current_egid(); |
120 |
++ |
121 |
++ if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) |
122 |
++ return; |
123 |
++ |
124 |
++ if (current->no_new_privs) |
125 |
++ return; |
126 |
++ |
127 |
++ inode = file_inode(bprm->file); |
128 |
++ mode = ACCESS_ONCE(inode->i_mode); |
129 |
++ if (!(mode & (S_ISUID|S_ISGID))) |
130 |
++ return; |
131 |
++ |
132 |
++ /* Be careful if suid/sgid is set */ |
133 |
++ mutex_lock(&inode->i_mutex); |
134 |
++ |
135 |
++ /* reload atomically mode/uid/gid now that lock held */ |
136 |
++ mode = inode->i_mode; |
137 |
++ uid = inode->i_uid; |
138 |
++ gid = inode->i_gid; |
139 |
++ mutex_unlock(&inode->i_mutex); |
140 |
++ |
141 |
++ /* We ignore suid/sgid if there are no mappings for them in the ns */ |
142 |
++ if (!kuid_has_mapping(bprm->cred->user_ns, uid) || |
143 |
++ !kgid_has_mapping(bprm->cred->user_ns, gid)) |
144 |
++ return; |
145 |
++ |
146 |
++ if (mode & S_ISUID) { |
147 |
++ bprm->per_clear |= PER_CLEAR_ON_SETID; |
148 |
++ bprm->cred->euid = uid; |
149 |
++ } |
150 |
++ |
151 |
++ if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { |
152 |
++ bprm->per_clear |= PER_CLEAR_ON_SETID; |
153 |
++ bprm->cred->egid = gid; |
154 |
++ } |
155 |
++} |
156 |
++ |
157 |
+ /* |
158 |
+ * Fill the binprm structure from the inode. |
159 |
+ * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes |
160 |
+@@ -1276,36 +1406,9 @@ static void check_unsafe_exec(struct linux_binprm *bprm) |
161 |
+ */ |
162 |
+ int prepare_binprm(struct linux_binprm *bprm) |
163 |
+ { |
164 |
+- struct inode *inode = file_inode(bprm->file); |
165 |
+- umode_t mode = inode->i_mode; |
166 |
+ int retval; |
167 |
+ |
168 |
+- |
169 |
+- /* clear any previous set[ug]id data from a previous binary */ |
170 |
+- bprm->cred->euid = current_euid(); |
171 |
+- bprm->cred->egid = current_egid(); |
172 |
+- |
173 |
+- if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) && |
174 |
+- !current->no_new_privs && |
175 |
+- kuid_has_mapping(bprm->cred->user_ns, inode->i_uid) && |
176 |
+- kgid_has_mapping(bprm->cred->user_ns, inode->i_gid)) { |
177 |
+- /* Set-uid? */ |
178 |
+- if (mode & S_ISUID) { |
179 |
+- bprm->per_clear |= PER_CLEAR_ON_SETID; |
180 |
+- bprm->cred->euid = inode->i_uid; |
181 |
+- } |
182 |
+- |
183 |
+- /* Set-gid? */ |
184 |
+- /* |
185 |
+- * If setgid is set but no group execute bit then this |
186 |
+- * is a candidate for mandatory locking, not a setgid |
187 |
+- * executable. |
188 |
+- */ |
189 |
+- if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { |
190 |
+- bprm->per_clear |= PER_CLEAR_ON_SETID; |
191 |
+- bprm->cred->egid = inode->i_gid; |
192 |
+- } |
193 |
+- } |
194 |
++ bprm_fill_uid(bprm); |
195 |
+ |
196 |
+ /* fill in binprm security blob */ |
197 |
+ retval = security_bprm_set_creds(bprm); |
198 |
+@@ -1437,6 +1540,31 @@ static int exec_binprm(struct linux_binprm *bprm) |
199 |
return ret; |
200 |
} |
201 |
|
202 |
@@ -61466,7 +61586,7 @@ index ea4449d..c3fd55e 100644 |
203 |
/* |
204 |
* sys_execve() executes a new program. |
205 |
*/ |
206 |
-@@ -1444,6 +1548,11 @@ static int do_execve_common(struct filename *filename, |
207 |
+@@ -1444,6 +1572,11 @@ static int do_execve_common(struct filename *filename, |
208 |
struct user_arg_ptr argv, |
209 |
struct user_arg_ptr envp) |
210 |
{ |
211 |
@@ -61478,7 +61598,7 @@ index ea4449d..c3fd55e 100644 |
212 |
struct linux_binprm *bprm; |
213 |
struct file *file; |
214 |
struct files_struct *displaced; |
215 |
-@@ -1452,6 +1561,8 @@ static int do_execve_common(struct filename *filename, |
216 |
+@@ -1452,6 +1585,8 @@ static int do_execve_common(struct filename *filename, |
217 |
if (IS_ERR(filename)) |
218 |
return PTR_ERR(filename); |
219 |
|
220 |
@@ -61487,7 +61607,7 @@ index ea4449d..c3fd55e 100644 |
221 |
/* |
222 |
* We move the actual failure in case of RLIMIT_NPROC excess from |
223 |
* set*uid() to execve() because too many poorly written programs |
224 |
-@@ -1489,11 +1600,21 @@ static int do_execve_common(struct filename *filename, |
225 |
+@@ -1489,11 +1624,21 @@ static int do_execve_common(struct filename *filename, |
226 |
if (IS_ERR(file)) |
227 |
goto out_unmark; |
228 |
|
229 |
@@ -61509,7 +61629,7 @@ index ea4449d..c3fd55e 100644 |
230 |
retval = bprm_mm_init(bprm); |
231 |
if (retval) |
232 |
goto out_unmark; |
233 |
-@@ -1510,24 +1631,70 @@ static int do_execve_common(struct filename *filename, |
234 |
+@@ -1510,24 +1655,70 @@ static int do_execve_common(struct filename *filename, |
235 |
if (retval < 0) |
236 |
goto out; |
237 |
|
238 |
@@ -61584,7 +61704,7 @@ index ea4449d..c3fd55e 100644 |
239 |
current->fs->in_exec = 0; |
240 |
current->in_execve = 0; |
241 |
acct_update_integrals(current); |
242 |
-@@ -1538,6 +1705,14 @@ static int do_execve_common(struct filename *filename, |
243 |
+@@ -1538,6 +1729,14 @@ static int do_execve_common(struct filename *filename, |
244 |
put_files_struct(displaced); |
245 |
return retval; |
246 |
|
247 |
@@ -61599,7 +61719,7 @@ index ea4449d..c3fd55e 100644 |
248 |
out: |
249 |
if (bprm->mm) { |
250 |
acct_arg_size(bprm, 0); |
251 |
-@@ -1629,3 +1804,312 @@ asmlinkage long compat_sys_execve(const char __user * filename, |
252 |
+@@ -1629,3 +1828,312 @@ asmlinkage long compat_sys_execve(const char __user * filename, |
253 |
return compat_do_execve(getname(filename), argv, envp); |
254 |
} |
255 |
#endif |
256 |
@@ -65576,6 +65696,19 @@ index 553f53c..aaf5133 100644 |
257 |
}; |
258 |
|
259 |
enum ocfs2_local_alloc_state |
260 |
+diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c |
261 |
+index 6ba4bcb..88a6f7d 100644 |
262 |
+--- a/fs/ocfs2/refcounttree.c |
263 |
++++ b/fs/ocfs2/refcounttree.c |
264 |
+@@ -4279,7 +4279,7 @@ static int ocfs2_reflink(struct dentry *old_dentry, struct inode *dir, |
265 |
+ error = posix_acl_create(dir, &mode, &default_acl, &acl); |
266 |
+ if (error) { |
267 |
+ mlog_errno(error); |
268 |
+- goto out; |
269 |
++ return error; |
270 |
+ } |
271 |
+ |
272 |
+ error = ocfs2_create_inode_in_orphan(dir, mode, |
273 |
diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c |
274 |
index 47ae266..6e8b793 100644 |
275 |
--- a/fs/ocfs2/suballoc.c |
276 |
@@ -81734,10 +81867,10 @@ index 2507fd2..55203f8 100644 |
277 |
* Mark a position in code as unreachable. This can be used to |
278 |
* suppress control flow warnings after asm blocks that transfer |
279 |
diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h |
280 |
-index cdd1cc2..59dc542 100644 |
281 |
+index cdd1cc2..2401b2e 100644 |
282 |
--- a/include/linux/compiler-gcc5.h |
283 |
+++ b/include/linux/compiler-gcc5.h |
284 |
-@@ -28,6 +28,28 @@ |
285 |
+@@ -28,6 +28,26 @@ |
286 |
# define __compiletime_error(message) __attribute__((error(message))) |
287 |
#endif /* __CHECKER__ */ |
288 |
|
289 |
@@ -81747,7 +81880,6 @@ index cdd1cc2..59dc542 100644 |
290 |
+#define __bos1(ptr) __bos((ptr), 1) |
291 |
+ |
292 |
+#ifdef CONSTIFY_PLUGIN |
293 |
-+#error not yet |
294 |
+#define __no_const __attribute__((no_const)) |
295 |
+#define __do_const __attribute__((do_const)) |
296 |
+#endif |
297 |
@@ -81759,13 +81891,20 @@ index cdd1cc2..59dc542 100644 |
298 |
+#endif |
299 |
+ |
300 |
+#ifdef LATENT_ENTROPY_PLUGIN |
301 |
-+#error not yet |
302 |
+#define __latent_entropy __attribute__((latent_entropy)) |
303 |
+#endif |
304 |
+ |
305 |
/* |
306 |
* Mark a position in code as unreachable. This can be used to |
307 |
* suppress control flow warnings after asm blocks that transfer |
308 |
+@@ -53,7 +73,6 @@ |
309 |
+ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670 |
310 |
+ * |
311 |
+ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek. |
312 |
+- * Fixed in GCC 4.8.2 and later versions. |
313 |
+ * |
314 |
+ * (asm goto is automatically volatile - the naming reflects this.) |
315 |
+ */ |
316 |
diff --git a/include/linux/compiler.h b/include/linux/compiler.h |
317 |
index 2472740..4857634 100644 |
318 |
--- a/include/linux/compiler.h |
319 |
@@ -109509,6 +109648,9 @@ index 0000000..eaa4fce |
320 |
+ exit 0 |
321 |
+fi |
322 |
+exit 1 |
323 |
+diff --git a/scripts/gcc-version.sh b/scripts/gcc-version.sh |
324 |
+old mode 100644 |
325 |
+new mode 100755 |
326 |
diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh |
327 |
index 5de5660..d3deb89 100644 |
328 |
--- a/scripts/headers_install.sh |
329 |
@@ -112499,12 +112641,12 @@ index 0000000..5452feea |
330 |
+} |
331 |
diff --git a/tools/gcc/colorize_plugin.c b/tools/gcc/colorize_plugin.c |
332 |
new file mode 100644 |
333 |
-index 0000000..d44bd9f |
334 |
+index 0000000..0c96d8a |
335 |
--- /dev/null |
336 |
+++ b/tools/gcc/colorize_plugin.c |
337 |
@@ -0,0 +1,215 @@ |
338 |
+/* |
339 |
-+ * Copyright 2012-2014 by PaX Team <pageexec@××××××××.hu> |
340 |
++ * Copyright 2012-2015 by PaX Team <pageexec@××××××××.hu> |
341 |
+ * Licensed under the GPL v2 |
342 |
+ * |
343 |
+ * Note: the choice of the license means that the compilation process is |
344 |
@@ -112597,6 +112739,7 @@ index 0000000..d44bd9f |
345 |
+} |
346 |
+ |
347 |
+#if BUILDING_GCC_VERSION >= 4009 |
348 |
++namespace { |
349 |
+static const struct pass_data colorize_rearm_pass_data = { |
350 |
+#else |
351 |
+struct simple_ipa_opt_pass colorize_rearm_pass = { |
352 |
@@ -112630,7 +112773,6 @@ index 0000000..d44bd9f |
353 |
+}; |
354 |
+ |
355 |
+#if BUILDING_GCC_VERSION >= 4009 |
356 |
-+namespace { |
357 |
+class colorize_rearm_pass : public simple_ipa_opt_pass { |
358 |
+public: |
359 |
+ colorize_rearm_pass() : simple_ipa_opt_pass(colorize_rearm_pass_data, g) {} |
360 |
@@ -112720,13 +112862,13 @@ index 0000000..d44bd9f |
361 |
+} |
362 |
diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c |
363 |
new file mode 100644 |
364 |
-index 0000000..3b5af59 |
365 |
+index 0000000..93b181d |
366 |
--- /dev/null |
367 |
+++ b/tools/gcc/constify_plugin.c |
368 |
-@@ -0,0 +1,558 @@ |
369 |
+@@ -0,0 +1,563 @@ |
370 |
+/* |
371 |
+ * Copyright 2011 by Emese Revfy <re.emese@×××××.com> |
372 |
-+ * Copyright 2011-2014 by PaX Team <pageexec@××××××××.hu> |
373 |
++ * Copyright 2011-2015 by PaX Team <pageexec@××××××××.hu> |
374 |
+ * Licensed under the GPL v2, or (at your option) v3 |
375 |
+ * |
376 |
+ * This gcc plugin constifies all structures which contain only function pointers or are explicitly marked for constification. |
377 |
@@ -112741,7 +112883,7 @@ index 0000000..3b5af59 |
378 |
+ |
379 |
+#include "gcc-common.h" |
380 |
+ |
381 |
-+// unused C type flag in all versions 4.5-4.9 |
382 |
++// unused C type flag in all versions 4.5-5.0 |
383 |
+#define TYPE_CONSTIFY_VISITED(TYPE) TYPE_LANG_FLAG_4(TYPE) |
384 |
+ |
385 |
+int plugin_is_GPL_compatible; |
386 |
@@ -113047,6 +113189,11 @@ index 0000000..3b5af59 |
387 |
+ if (type == NULL_TREE || type == error_mark_node) |
388 |
+ return; |
389 |
+ |
390 |
++#if BUILDING_GCC_VERSION >= 5000 |
391 |
++ if (TREE_CODE(type) == ENUMERAL_TYPE) |
392 |
++ return; |
393 |
++#endif |
394 |
++ |
395 |
+ if (TYPE_FIELDS(type) == NULL_TREE || TYPE_CONSTIFY_VISITED(type)) |
396 |
+ return; |
397 |
+ |
398 |
@@ -113147,6 +113294,7 @@ index 0000000..3b5af59 |
399 |
+} |
400 |
+ |
401 |
+#if BUILDING_GCC_VERSION >= 4009 |
402 |
++namespace { |
403 |
+static const struct pass_data check_local_variables_pass_data = { |
404 |
+#else |
405 |
+static struct gimple_opt_pass check_local_variables_pass = { |
406 |
@@ -113180,7 +113328,6 @@ index 0000000..3b5af59 |
407 |
+}; |
408 |
+ |
409 |
+#if BUILDING_GCC_VERSION >= 4009 |
410 |
-+namespace { |
411 |
+class check_local_variables_pass : public gimple_opt_pass { |
412 |
+public: |
413 |
+ check_local_variables_pass() : gimple_opt_pass(check_local_variables_pass_data, g) {} |
414 |
@@ -113284,10 +113431,10 @@ index 0000000..3b5af59 |
415 |
+} |
416 |
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h |
417 |
new file mode 100644 |
418 |
-index 0000000..14ec226 |
419 |
+index 0000000..19fedf2 |
420 |
--- /dev/null |
421 |
+++ b/tools/gcc/gcc-common.h |
422 |
-@@ -0,0 +1,520 @@ |
423 |
+@@ -0,0 +1,540 @@ |
424 |
+#ifndef GCC_COMMON_H_INCLUDED |
425 |
+#define GCC_COMMON_H_INCLUDED |
426 |
+ |
427 |
@@ -113389,11 +113536,13 @@ index 0000000..14ec226 |
428 |
+//#include "diagnostic-color.h" |
429 |
+#include "context.h" |
430 |
+#include "tree-ssa-alias.h" |
431 |
++#include "tree-ssa.h" |
432 |
+#include "stringpool.h" |
433 |
+#include "tree-ssanames.h" |
434 |
+#include "print-tree.h" |
435 |
+#include "tree-eh.h" |
436 |
+#include "stmt.h" |
437 |
++#include "gimplify.h" |
438 |
+#endif |
439 |
+ |
440 |
+#include "gimple.h" |
441 |
@@ -113416,6 +113565,7 @@ index 0000000..14ec226 |
442 |
+//#include "lto-compress.h" |
443 |
+#if BUILDING_GCC_VERSION >= 5000 |
444 |
+//#include "lto-section-names.h" |
445 |
++#include "builtins.h" |
446 |
+#endif |
447 |
+ |
448 |
+//#include "expr.h" where are you... |
449 |
@@ -113643,6 +113793,7 @@ index 0000000..14ec226 |
450 |
+typedef union gimple_statement_d gasm; |
451 |
+typedef union gimple_statement_d gassign; |
452 |
+typedef union gimple_statement_d gcall; |
453 |
++typedef union gimple_statement_d gdebug; |
454 |
+typedef union gimple_statement_d gphi; |
455 |
+typedef union gimple_statement_d greturn; |
456 |
+#endif |
457 |
@@ -113669,6 +113820,7 @@ index 0000000..14ec226 |
458 |
+typedef struct gimple_statement_base gasm; |
459 |
+typedef struct gimple_statement_base gassign; |
460 |
+typedef struct gimple_statement_base gcall; |
461 |
++typedef struct gimple_statement_base gdebug; |
462 |
+typedef struct gimple_statement_base gphi; |
463 |
+typedef struct gimple_statement_base greturn; |
464 |
+#endif |
465 |
@@ -113685,6 +113837,11 @@ index 0000000..14ec226 |
466 |
+{ |
467 |
+ return stmt; |
468 |
+} |
469 |
++ |
470 |
++static inline greturn *as_a_greturn(gimple stmt) |
471 |
++{ |
472 |
++ return stmt; |
473 |
++} |
474 |
+#endif |
475 |
+ |
476 |
+#if BUILDING_GCC_VERSION >= 4009 |
477 |
@@ -113705,16 +113862,16 @@ index 0000000..14ec226 |
478 |
+ |
479 |
+#define INSN_DELETED_P(insn) (insn)->deleted() |
480 |
+ |
481 |
-+extern bool is_simple_builtin(tree); |
482 |
-+ |
483 |
+// symtab/cgraph related |
484 |
+#define debug_cgraph_node(node) (node)->debug() |
485 |
+#define cgraph_get_node(decl) cgraph_node::get(decl) |
486 |
+#define cgraph_n_nodes symtab->cgraph_count |
487 |
+#define cgraph_max_uid symtab->cgraph_max_uid |
488 |
++#define varpool_get_node(decl) varpool_node::get(decl) |
489 |
+ |
490 |
+typedef struct cgraph_node *cgraph_node_ptr; |
491 |
+typedef struct cgraph_edge *cgraph_edge_p; |
492 |
++typedef struct varpool_node *varpool_node_ptr; |
493 |
+ |
494 |
+static inline void change_decl_assembler_name(tree decl, tree name) |
495 |
+{ |
496 |
@@ -113792,11 +113949,21 @@ index 0000000..14ec226 |
497 |
+ return as_a<gasm *>(stmt); |
498 |
+} |
499 |
+ |
500 |
++static inline const gasm *as_a_gasm(const_gimple stmt) |
501 |
++{ |
502 |
++ return as_a<const gasm *>(stmt); |
503 |
++} |
504 |
++ |
505 |
+static inline gcall *as_a_gcall(gimple stmt) |
506 |
+{ |
507 |
+ return as_a<gcall *>(stmt); |
508 |
+} |
509 |
+ |
510 |
++static inline greturn *as_a_greturn(gimple stmt) |
511 |
++{ |
512 |
++ return as_a<greturn *>(stmt); |
513 |
++} |
514 |
++ |
515 |
+// IPA/LTO related |
516 |
+#define ipa_ref_list_referring_iterate(L,I,P) (L)->referring.iterate((I), &(P)) |
517 |
+#define ipa_ref_list_reference_iterate(L,I,P) (L)->reference.iterate((I), &(P)) |
518 |
@@ -113824,12 +113991,12 @@ index 0000000..7514850 |
519 |
+fi |
520 |
diff --git a/tools/gcc/kallocstat_plugin.c b/tools/gcc/kallocstat_plugin.c |
521 |
new file mode 100644 |
522 |
-index 0000000..d81c094 |
523 |
+index 0000000..457d54e |
524 |
--- /dev/null |
525 |
+++ b/tools/gcc/kallocstat_plugin.c |
526 |
-@@ -0,0 +1,183 @@ |
527 |
+@@ -0,0 +1,188 @@ |
528 |
+/* |
529 |
-+ * Copyright 2011-2014 by the PaX Team <pageexec@××××××××.hu> |
530 |
++ * Copyright 2011-2015 by the PaX Team <pageexec@××××××××.hu> |
531 |
+ * Licensed under the GPL v2 |
532 |
+ * |
533 |
+ * Note: the choice of the license means that the compilation process is |
534 |
@@ -113940,6 +114107,7 @@ index 0000000..d81c094 |
535 |
+} |
536 |
+ |
537 |
+#if BUILDING_GCC_VERSION >= 4009 |
538 |
++namespace { |
539 |
+static const struct pass_data kallocstat_pass_data = { |
540 |
+#else |
541 |
+static struct gimple_opt_pass kallocstat_pass = { |
542 |
@@ -113950,7 +114118,8 @@ index 0000000..d81c094 |
543 |
+#if BUILDING_GCC_VERSION >= 4008 |
544 |
+ .optinfo_flags = OPTGROUP_NONE, |
545 |
+#endif |
546 |
-+#if BUILDING_GCC_VERSION >= 4009 |
547 |
++#if BUILDING_GCC_VERSION >= 5000 |
548 |
++#elif BUILDING_GCC_VERSION == 4009 |
549 |
+ .has_gate = false, |
550 |
+ .has_execute = true, |
551 |
+#else |
552 |
@@ -113972,11 +114141,14 @@ index 0000000..d81c094 |
553 |
+}; |
554 |
+ |
555 |
+#if BUILDING_GCC_VERSION >= 4009 |
556 |
-+namespace { |
557 |
+class kallocstat_pass : public gimple_opt_pass { |
558 |
+public: |
559 |
+ kallocstat_pass() : gimple_opt_pass(kallocstat_pass_data, g) {} |
560 |
++#if BUILDING_GCC_VERSION >= 5000 |
561 |
++ virtual unsigned int execute(function *) { return execute_kallocstat(); } |
562 |
++#else |
563 |
+ unsigned int execute() { return execute_kallocstat(); } |
564 |
++#endif |
565 |
+}; |
566 |
+} |
567 |
+ |
568 |
@@ -114013,12 +114185,12 @@ index 0000000..d81c094 |
569 |
+} |
570 |
diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c |
571 |
new file mode 100644 |
572 |
-index 0000000..89f256d |
573 |
+index 0000000..71716e7 |
574 |
--- /dev/null |
575 |
+++ b/tools/gcc/kernexec_plugin.c |
576 |
-@@ -0,0 +1,522 @@ |
577 |
+@@ -0,0 +1,547 @@ |
578 |
+/* |
579 |
-+ * Copyright 2011-2014 by the PaX Team <pageexec@××××××××.hu> |
580 |
++ * Copyright 2011-2015 by the PaX Team <pageexec@××××××××.hu> |
581 |
+ * Licensed under the GPL v2 |
582 |
+ * |
583 |
+ * Note: the choice of the license means that the compilation process is |
584 |
@@ -114051,7 +114223,7 @@ index 0000000..89f256d |
585 |
+ */ |
586 |
+static void kernexec_reload_fptr_mask(gimple_stmt_iterator *gsi) |
587 |
+{ |
588 |
-+ gimple asm_movabs_stmt; |
589 |
++ gasm *asm_movabs_stmt; |
590 |
+ |
591 |
+ // build asm volatile("movabs $0x8000000000000000, %%r12\n\t" : : : ); |
592 |
+ asm_movabs_stmt = gimple_build_asm_vec("movabs $0x8000000000000000, %%r12\n\t", NULL, NULL, NULL, NULL); |
593 |
@@ -114073,14 +114245,17 @@ index 0000000..89f256d |
594 |
+ |
595 |
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { |
596 |
+ // gimple match: __asm__ ("" : : : "r12"); |
597 |
-+ gimple asm_stmt; |
598 |
++ gimple stmt; |
599 |
++ gasm *asm_stmt; |
600 |
+ size_t nclobbers; |
601 |
+ |
602 |
+ // is it an asm ... |
603 |
-+ asm_stmt = gsi_stmt(gsi); |
604 |
-+ if (gimple_code(asm_stmt) != GIMPLE_ASM) |
605 |
++ stmt = gsi_stmt(gsi); |
606 |
++ if (gimple_code(stmt) != GIMPLE_ASM) |
607 |
+ continue; |
608 |
+ |
609 |
++ asm_stmt = as_a_gasm(stmt); |
610 |
++ |
611 |
+ // ... clobbering r12 |
612 |
+ nclobbers = gimple_asm_nclobbers(asm_stmt); |
613 |
+ while (nclobbers--) { |
614 |
@@ -114103,10 +114278,11 @@ index 0000000..89f256d |
615 |
+ */ |
616 |
+static void kernexec_instrument_fptr_bts(gimple_stmt_iterator *gsi) |
617 |
+{ |
618 |
-+ gimple assign_intptr, assign_new_fptr, call_stmt; |
619 |
++ gimple assign_intptr, assign_new_fptr; |
620 |
++ gcall *call_stmt; |
621 |
+ tree intptr, orptr, old_fptr, new_fptr, kernexec_mask; |
622 |
+ |
623 |
-+ call_stmt = gsi_stmt(*gsi); |
624 |
++ call_stmt = as_a_gcall(gsi_stmt(*gsi)); |
625 |
+ old_fptr = gimple_call_fn(call_stmt); |
626 |
+ |
627 |
+ // create temporary unsigned long variable used for bitops and cast fptr to it |
628 |
@@ -114144,7 +114320,8 @@ index 0000000..89f256d |
629 |
+ |
630 |
+static void kernexec_instrument_fptr_or(gimple_stmt_iterator *gsi) |
631 |
+{ |
632 |
-+ gimple asm_or_stmt, call_stmt; |
633 |
++ gasm *asm_or_stmt; |
634 |
++ gcall *call_stmt; |
635 |
+ tree old_fptr, new_fptr, input, output; |
636 |
+#if BUILDING_GCC_VERSION <= 4007 |
637 |
+ VEC(tree, gc) *inputs = NULL; |
638 |
@@ -114154,7 +114331,7 @@ index 0000000..89f256d |
639 |
+ vec<tree, va_gc> *outputs = NULL; |
640 |
+#endif |
641 |
+ |
642 |
-+ call_stmt = gsi_stmt(*gsi); |
643 |
++ call_stmt = as_a_gcall(gsi_stmt(*gsi)); |
644 |
+ old_fptr = gimple_call_fn(call_stmt); |
645 |
+ |
646 |
+ // create temporary fptr variable |
647 |
@@ -114199,12 +114376,14 @@ index 0000000..89f256d |
648 |
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { |
649 |
+ // gimple match: h_1 = get_fptr (); D.2709_3 = h_1 (x_2(D)); |
650 |
+ tree fn; |
651 |
-+ gimple call_stmt; |
652 |
++ gimple stmt; |
653 |
++ gcall *call_stmt; |
654 |
+ |
655 |
+ // is it a call ... |
656 |
-+ call_stmt = gsi_stmt(gsi); |
657 |
-+ if (!is_gimple_call(call_stmt)) |
658 |
++ stmt = gsi_stmt(gsi); |
659 |
++ if (!is_gimple_call(stmt)) |
660 |
+ continue; |
661 |
++ call_stmt = as_a_gcall(stmt); |
662 |
+ fn = gimple_call_fn(call_stmt); |
663 |
+ if (TREE_CODE(fn) == ADDR_EXPR) |
664 |
+ continue; |
665 |
@@ -114277,7 +114456,7 @@ index 0000000..89f256d |
666 |
+ */ |
667 |
+static unsigned int execute_kernexec_retaddr(void) |
668 |
+{ |
669 |
-+ rtx insn; |
670 |
++ rtx_insn *insn; |
671 |
+ |
672 |
+// if (stack_realign_drap) |
673 |
+// inform(DECL_SOURCE_LOCATION(current_function_decl), "drap detected in %s\n", IDENTIFIER_POINTER(DECL_NAME(current_function_decl))); |
674 |
@@ -114325,6 +114504,7 @@ index 0000000..89f256d |
675 |
+} |
676 |
+ |
677 |
+#if BUILDING_GCC_VERSION >= 4009 |
678 |
++namespace { |
679 |
+static const struct pass_data kernexec_reload_pass_data = { |
680 |
+#else |
681 |
+static struct gimple_opt_pass kernexec_reload_pass = { |
682 |
@@ -114335,7 +114515,8 @@ index 0000000..89f256d |
683 |
+#if BUILDING_GCC_VERSION >= 4008 |
684 |
+ .optinfo_flags = OPTGROUP_NONE, |
685 |
+#endif |
686 |
-+#if BUILDING_GCC_VERSION >= 4009 |
687 |
++#if BUILDING_GCC_VERSION >= 5000 |
688 |
++#elif BUILDING_GCC_VERSION == 4009 |
689 |
+ .has_gate = true, |
690 |
+ .has_execute = true, |
691 |
+#else |
692 |
@@ -114367,7 +114548,8 @@ index 0000000..89f256d |
693 |
+#if BUILDING_GCC_VERSION >= 4008 |
694 |
+ .optinfo_flags = OPTGROUP_NONE, |
695 |
+#endif |
696 |
-+#if BUILDING_GCC_VERSION >= 4009 |
697 |
++#if BUILDING_GCC_VERSION >= 5000 |
698 |
++#elif BUILDING_GCC_VERSION == 4009 |
699 |
+ .has_gate = true, |
700 |
+ .has_execute = true, |
701 |
+#else |
702 |
@@ -114399,7 +114581,8 @@ index 0000000..89f256d |
703 |
+#if BUILDING_GCC_VERSION >= 4008 |
704 |
+ .optinfo_flags = OPTGROUP_NONE, |
705 |
+#endif |
706 |
-+#if BUILDING_GCC_VERSION >= 4009 |
707 |
++#if BUILDING_GCC_VERSION >= 5000 |
708 |
++#elif BUILDING_GCC_VERSION == 4009 |
709 |
+ .has_gate = true, |
710 |
+ .has_execute = true, |
711 |
+#else |
712 |
@@ -114421,26 +114604,40 @@ index 0000000..89f256d |
713 |
+}; |
714 |
+ |
715 |
+#if BUILDING_GCC_VERSION >= 4009 |
716 |
-+namespace { |
717 |
+class kernexec_reload_pass : public gimple_opt_pass { |
718 |
+public: |
719 |
+ kernexec_reload_pass() : gimple_opt_pass(kernexec_reload_pass_data, g) {} |
720 |
++#if BUILDING_GCC_VERSION >= 5000 |
721 |
++ virtual bool gate(function *) { return kernexec_cmodel_check(); } |
722 |
++ virtual unsigned int execute(function *) { return execute_kernexec_reload(); } |
723 |
++#else |
724 |
+ bool gate() { return kernexec_cmodel_check(); } |
725 |
+ unsigned int execute() { return execute_kernexec_reload(); } |
726 |
++#endif |
727 |
+}; |
728 |
+ |
729 |
+class kernexec_fptr_pass : public gimple_opt_pass { |
730 |
+public: |
731 |
+ kernexec_fptr_pass() : gimple_opt_pass(kernexec_fptr_pass_data, g) {} |
732 |
++#if BUILDING_GCC_VERSION >= 5000 |
733 |
++ virtual bool gate(function *) { return kernexec_cmodel_check(); } |
734 |
++ virtual unsigned int execute(function *) { return execute_kernexec_fptr(); } |
735 |
++#else |
736 |
+ bool gate() { return kernexec_cmodel_check(); } |
737 |
+ unsigned int execute() { return execute_kernexec_fptr(); } |
738 |
++#endif |
739 |
+}; |
740 |
+ |
741 |
+class kernexec_retaddr_pass : public rtl_opt_pass { |
742 |
+public: |
743 |
+ kernexec_retaddr_pass() : rtl_opt_pass(kernexec_retaddr_pass_data, g) {} |
744 |
++#if BUILDING_GCC_VERSION >= 5000 |
745 |
++ virtual bool gate(function *) { return kernexec_cmodel_check(); } |
746 |
++ virtual unsigned int execute(function *) { return execute_kernexec_retaddr(); } |
747 |
++#else |
748 |
+ bool gate() { return kernexec_cmodel_check(); } |
749 |
+ unsigned int execute() { return execute_kernexec_retaddr(); } |
750 |
++#endif |
751 |
+}; |
752 |
+} |
753 |
+ |
754 |
@@ -114541,12 +114738,12 @@ index 0000000..89f256d |
755 |
+} |
756 |
diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c |
757 |
new file mode 100644 |
758 |
-index 0000000..2a39357 |
759 |
+index 0000000..d383708 |
760 |
--- /dev/null |
761 |
+++ b/tools/gcc/latent_entropy_plugin.c |
762 |
-@@ -0,0 +1,467 @@ |
763 |
+@@ -0,0 +1,473 @@ |
764 |
+/* |
765 |
-+ * Copyright 2012-2014 by the PaX Team <pageexec@××××××××.hu> |
766 |
++ * Copyright 2012-2015 by the PaX Team <pageexec@××××××××.hu> |
767 |
+ * Licensed under the GPL v2 |
768 |
+ * |
769 |
+ * Note: the choice of the license means that the compilation process is |
770 |
@@ -114926,6 +115123,7 @@ index 0000000..2a39357 |
771 |
+} |
772 |
+ |
773 |
+#if BUILDING_GCC_VERSION >= 4009 |
774 |
++namespace { |
775 |
+static const struct pass_data latent_entropy_pass_data = { |
776 |
+#else |
777 |
+static struct gimple_opt_pass latent_entropy_pass = { |
778 |
@@ -114936,7 +115134,8 @@ index 0000000..2a39357 |
779 |
+#if BUILDING_GCC_VERSION >= 4008 |
780 |
+ .optinfo_flags = OPTGROUP_NONE, |
781 |
+#endif |
782 |
-+#if BUILDING_GCC_VERSION >= 4009 |
783 |
++#if BUILDING_GCC_VERSION >= 5000 |
784 |
++#elif BUILDING_GCC_VERSION == 4009 |
785 |
+ .has_gate = true, |
786 |
+ .has_execute = true, |
787 |
+#else |
788 |
@@ -114958,12 +115157,16 @@ index 0000000..2a39357 |
789 |
+}; |
790 |
+ |
791 |
+#if BUILDING_GCC_VERSION >= 4009 |
792 |
-+namespace { |
793 |
+class latent_entropy_pass : public gimple_opt_pass { |
794 |
+public: |
795 |
+ latent_entropy_pass() : gimple_opt_pass(latent_entropy_pass_data, g) {} |
796 |
++#if BUILDING_GCC_VERSION >= 5000 |
797 |
++ virtual bool gate(function *) { return gate_latent_entropy(); } |
798 |
++ virtual unsigned int execute(function *) { return execute_latent_entropy(); } |
799 |
++#else |
800 |
+ bool gate() { return gate_latent_entropy(); } |
801 |
+ unsigned int execute() { return execute_latent_entropy(); } |
802 |
++#endif |
803 |
+}; |
804 |
+} |
805 |
+ |
806 |
@@ -115014,12 +115217,12 @@ index 0000000..2a39357 |
807 |
+} |
808 |
diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c |
809 |
new file mode 100644 |
810 |
-index 0000000..a5cb46b |
811 |
+index 0000000..e1983c0 |
812 |
--- /dev/null |
813 |
+++ b/tools/gcc/randomize_layout_plugin.c |
814 |
-@@ -0,0 +1,915 @@ |
815 |
+@@ -0,0 +1,917 @@ |
816 |
+/* |
817 |
-+ * Copyright 2014 by Open Source Security, Inc., Brad Spengler <spender@××××××××××.net> |
818 |
++ * Copyright 2014,2015 by Open Source Security, Inc., Brad Spengler <spender@××××××××××.net> |
819 |
+ * and PaX Team <pageexec@××××××××.hu> |
820 |
+ * Licensed under the GPL v2 |
821 |
+ * |
822 |
@@ -115034,7 +115237,8 @@ index 0000000..a5cb46b |
823 |
+#include "gcc-common.h" |
824 |
+#include "randomize_layout_seed.h" |
825 |
+ |
826 |
-+#if BUILDING_GCC_MAJOR < 4 || BUILDING_GCC_MINOR < 6 || (BUILDING_GCC_MINOR == 6 && BUILDING_GCC_PATCHLEVEL < 4) |
827 |
++#if BUILDING_GCC_MAJOR < 4 || (BUILDING_GCC_MAJOR == 4 && BUILDING_GCC_MINOR < 6) || \ |
828 |
++ (BUILDING_GCC_MAJOR == 4 && BUILDING_GCC_MINOR == 6 && BUILDING_GCC_PATCHLEVEL < 4) |
829 |
+#error "The RANDSTRUCT plugin requires GCC 4.6.4 or newer." |
830 |
+#endif |
831 |
+ |
832 |
@@ -115834,7 +116038,8 @@ index 0000000..a5cb46b |
833 |
+#if BUILDING_GCC_VERSION >= 4008 |
834 |
+ .optinfo_flags = OPTGROUP_NONE, |
835 |
+#endif |
836 |
-+#if BUILDING_GCC_VERSION >= 4009 |
837 |
++#if BUILDING_GCC_VERSION >= 5000 |
838 |
++#elif BUILDING_GCC_VERSION >= 4009 |
839 |
+ .has_gate = false, |
840 |
+ .has_execute = true, |
841 |
+#else |
842 |
@@ -115894,8 +116099,8 @@ index 0000000..a5cb46b |
843 |
+ return 1; |
844 |
+ } |
845 |
+ |
846 |
-+ if (strcmp(lang_hooks.name, "GNU C")) { |
847 |
-+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name); |
848 |
++ if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) { |
849 |
++ inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name); |
850 |
+ enable = false; |
851 |
+ } |
852 |
+ |
853 |
@@ -127073,12 +127278,12 @@ index 0000000..0888f6c |
854 |
+ |
855 |
diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c |
856 |
new file mode 100644 |
857 |
-index 0000000..90125d6 |
858 |
+index 0000000..51dc09d |
859 |
--- /dev/null |
860 |
+++ b/tools/gcc/stackleak_plugin.c |
861 |
-@@ -0,0 +1,396 @@ |
862 |
+@@ -0,0 +1,408 @@ |
863 |
+/* |
864 |
-+ * Copyright 2011-2014 by the PaX Team <pageexec@××××××××.hu> |
865 |
++ * Copyright 2011-2015 by the PaX Team <pageexec@××××××××.hu> |
866 |
+ * Licensed under the GPL v2 |
867 |
+ * |
868 |
+ * Note: the choice of the license means that the compilation process is |
869 |
@@ -127205,7 +127410,7 @@ index 0000000..90125d6 |
870 |
+ |
871 |
+static unsigned int execute_stackleak_final(void) |
872 |
+{ |
873 |
-+ rtx insn, next; |
874 |
++ rtx_insn *insn, *next; |
875 |
+ |
876 |
+ if (cfun->calls_alloca) |
877 |
+ return 0; |
878 |
@@ -127299,6 +127504,7 @@ index 0000000..90125d6 |
879 |
+} |
880 |
+ |
881 |
+#if BUILDING_GCC_VERSION >= 4009 |
882 |
++namespace { |
883 |
+static const struct pass_data stackleak_tree_instrument_pass_data = { |
884 |
+#else |
885 |
+static struct gimple_opt_pass stackleak_tree_instrument_pass = { |
886 |
@@ -127309,7 +127515,8 @@ index 0000000..90125d6 |
887 |
+#if BUILDING_GCC_VERSION >= 4008 |
888 |
+ .optinfo_flags = OPTGROUP_NONE, |
889 |
+#endif |
890 |
-+#if BUILDING_GCC_VERSION >= 4009 |
891 |
++#if BUILDING_GCC_VERSION >= 5000 |
892 |
++#elif BUILDING_GCC_VERSION == 4009 |
893 |
+ .has_gate = true, |
894 |
+ .has_execute = true, |
895 |
+#else |
896 |
@@ -127341,7 +127548,8 @@ index 0000000..90125d6 |
897 |
+#if BUILDING_GCC_VERSION >= 4008 |
898 |
+ .optinfo_flags = OPTGROUP_NONE, |
899 |
+#endif |
900 |
-+#if BUILDING_GCC_VERSION >= 4009 |
901 |
++#if BUILDING_GCC_VERSION >= 5000 |
902 |
++#elif BUILDING_GCC_VERSION == 4009 |
903 |
+ .has_gate = true, |
904 |
+ .has_execute = true, |
905 |
+#else |
906 |
@@ -127363,19 +127571,28 @@ index 0000000..90125d6 |
907 |
+}; |
908 |
+ |
909 |
+#if BUILDING_GCC_VERSION >= 4009 |
910 |
-+namespace { |
911 |
+class stackleak_tree_instrument_pass : public gimple_opt_pass { |
912 |
+public: |
913 |
+ stackleak_tree_instrument_pass() : gimple_opt_pass(stackleak_tree_instrument_pass_data, g) {} |
914 |
++#if BUILDING_GCC_VERSION >= 5000 |
915 |
++ virtual bool gate(function *) { return gate_stackleak_track_stack(); } |
916 |
++ virtual unsigned int execute(function *) { return execute_stackleak_tree_instrument(); } |
917 |
++#else |
918 |
+ bool gate() { return gate_stackleak_track_stack(); } |
919 |
+ unsigned int execute() { return execute_stackleak_tree_instrument(); } |
920 |
++#endif |
921 |
+}; |
922 |
+ |
923 |
+class stackleak_final_rtl_opt_pass : public rtl_opt_pass { |
924 |
+public: |
925 |
+ stackleak_final_rtl_opt_pass() : rtl_opt_pass(stackleak_final_rtl_opt_pass_data, g) {} |
926 |
++#if BUILDING_GCC_VERSION >= 5000 |
927 |
++ virtual bool gate(function *) { return gate_stackleak_track_stack(); } |
928 |
++ virtual unsigned int execute(function *) { return execute_stackleak_final(); } |
929 |
++#else |
930 |
+ bool gate() { return gate_stackleak_track_stack(); } |
931 |
+ unsigned int execute() { return execute_stackleak_final(); } |
932 |
++#endif |
933 |
+}; |
934 |
+} |
935 |
+ |
936 |
@@ -127475,12 +127692,12 @@ index 0000000..90125d6 |
937 |
+} |
938 |
diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c |
939 |
new file mode 100644 |
940 |
-index 0000000..4ee2231 |
941 |
+index 0000000..4436cbe |
942 |
--- /dev/null |
943 |
+++ b/tools/gcc/structleak_plugin.c |
944 |
-@@ -0,0 +1,274 @@ |
945 |
+@@ -0,0 +1,287 @@ |
946 |
+/* |
947 |
-+ * Copyright 2013-2014 by PaX Team <pageexec@××××××××.hu> |
948 |
++ * Copyright 2013-2015 by PaX Team <pageexec@××××××××.hu> |
949 |
+ * Licensed under the GPL v2 |
950 |
+ * |
951 |
+ * Note: the choice of the license means that the compilation process is |
952 |
@@ -127507,8 +127724,8 @@ index 0000000..4ee2231 |
953 |
+ |
954 |
+#include "gcc-common.h" |
955 |
+ |
956 |
-+// unused C type flag in all versions 4.5-4.9 |
957 |
-+#define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_3(TYPE) |
958 |
++// unused C type flag in all versions 4.5-5.0 |
959 |
++#define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_5(TYPE) |
960 |
+ |
961 |
+int plugin_is_GPL_compatible; |
962 |
+ |
963 |
@@ -127575,6 +127792,14 @@ index 0000000..4ee2231 |
964 |
+{ |
965 |
+ tree type = (tree)event_data; |
966 |
+ |
967 |
++ if (type == NULL_TREE || type == error_mark_node) |
968 |
++ return; |
969 |
++ |
970 |
++#if BUILDING_GCC_VERSION >= 5000 |
971 |
++ if (TREE_CODE(type) == ENUMERAL_TYPE) |
972 |
++ return; |
973 |
++#endif |
974 |
++ |
975 |
+ if (TYPE_USERSPACE(type)) |
976 |
+ return; |
977 |
+ |
978 |
@@ -127661,6 +127886,7 @@ index 0000000..4ee2231 |
979 |
+} |
980 |
+ |
981 |
+#if BUILDING_GCC_VERSION >= 4009 |
982 |
++namespace { |
983 |
+static const struct pass_data structleak_pass_data = { |
984 |
+#else |
985 |
+static struct gimple_opt_pass structleak_pass = { |
986 |
@@ -127671,7 +127897,8 @@ index 0000000..4ee2231 |
987 |
+#if BUILDING_GCC_VERSION >= 4008 |
988 |
+ .optinfo_flags = OPTGROUP_NONE, |
989 |
+#endif |
990 |
-+#if BUILDING_GCC_VERSION >= 4009 |
991 |
++#if BUILDING_GCC_VERSION >= 5000 |
992 |
++#elif BUILDING_GCC_VERSION == 4009 |
993 |
+ .has_gate = false, |
994 |
+ .has_execute = true, |
995 |
+#else |
996 |
@@ -127693,11 +127920,14 @@ index 0000000..4ee2231 |
997 |
+}; |
998 |
+ |
999 |
+#if BUILDING_GCC_VERSION >= 4009 |
1000 |
-+namespace { |
1001 |
+class structleak_pass : public gimple_opt_pass { |
1002 |
+public: |
1003 |
+ structleak_pass() : gimple_opt_pass(structleak_pass_data, g) {} |
1004 |
++#if BUILDING_GCC_VERSION >= 5000 |
1005 |
++ virtual unsigned int execute(function *) { return handle_function(); } |
1006 |
++#else |
1007 |
+ unsigned int execute() { return handle_function(); } |
1008 |
++#endif |
1009 |
+}; |
1010 |
+} |
1011 |
+ |
1012 |
@@ -127731,7 +127961,7 @@ index 0000000..4ee2231 |
1013 |
+ return 1; |
1014 |
+ } |
1015 |
+ |
1016 |
-+ if (strcmp(lang_hooks.name, "GNU C")) { |
1017 |
++ if (strncmp(lang_hooks.name, "GNU C", 5) || !strncmp(lang_hooks.name, "GNU C+", 6)) { |
1018 |
+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name); |
1019 |
+ enable = false; |
1020 |
+ } |
1021 |
|
1022 |
diff --git a/3.19.5/0000_README b/3.19.5/0000_README |
1023 |
index fe57086..4fd49ef 100644 |
1024 |
--- a/3.19.5/0000_README |
1025 |
+++ b/3.19.5/0000_README |
1026 |
@@ -2,7 +2,7 @@ README |
1027 |
----------------------------------------------------------------------------- |
1028 |
Individual Patch Descriptions: |
1029 |
----------------------------------------------------------------------------- |
1030 |
-Patch: 4420_grsecurity-3.1-3.19.5-201504190814.patch |
1031 |
+Patch: 4420_grsecurity-3.1-3.19.5-201504270827.patch |
1032 |
From: http://www.grsecurity.net |
1033 |
Desc: hardened-sources base patch from upstream grsecurity |
1034 |
|
1035 |
|
1036 |
diff --git a/3.19.5/4420_grsecurity-3.1-3.19.5-201504190814.patch b/3.19.5/4420_grsecurity-3.1-3.19.5-201504270827.patch |
1037 |
similarity index 99% |
1038 |
rename from 3.19.5/4420_grsecurity-3.1-3.19.5-201504190814.patch |
1039 |
rename to 3.19.5/4420_grsecurity-3.1-3.19.5-201504270827.patch |
1040 |
index 6ae0a6e..2036ebb 100644 |
1041 |
--- a/3.19.5/4420_grsecurity-3.1-3.19.5-201504190814.patch |
1042 |
+++ b/3.19.5/4420_grsecurity-3.1-3.19.5-201504270827.patch |
1043 |
@@ -965,7 +965,7 @@ index 97d07ed..2931f2b 100644 |
1044 |
kexec is a system call that implements the ability to shutdown your |
1045 |
current kernel, and to start another kernel. It is like a reboot |
1046 |
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h |
1047 |
-index e22c119..eaa807d 100644 |
1048 |
+index e22c119..abe7041 100644 |
1049 |
--- a/arch/arm/include/asm/atomic.h |
1050 |
+++ b/arch/arm/include/asm/atomic.h |
1051 |
@@ -18,17 +18,41 @@ |
1052 |
@@ -1059,8 +1059,8 @@ index e22c119..eaa807d 100644 |
1053 |
|
1054 |
-#define ATOMIC_OP_RETURN(op, c_op, asm_op) \ |
1055 |
-static inline int atomic_##op##_return(int i, atomic_t *v) \ |
1056 |
-+#define ATOMIC_OP(op, c_op, asm_op) __ATOMIC_OP(op, , c_op, asm_op, , )\ |
1057 |
-+ __ATOMIC_OP(op, _unchecked, c_op, asm_op##s, __OVERFLOW_POST, __OVERFLOW_EXTABLE) |
1058 |
++#define ATOMIC_OP(op, c_op, asm_op) __ATOMIC_OP(op, _unchecked, c_op, asm_op, , )\ |
1059 |
++ __ATOMIC_OP(op, , c_op, asm_op##s, __OVERFLOW_POST, __OVERFLOW_EXTABLE) |
1060 |
+ |
1061 |
+#define __ATOMIC_OP_RETURN(op, suffix, c_op, asm_op, post_op, extable) \ |
1062 |
+static inline int atomic_##op##_return##suffix(int i, atomic##suffix##_t *v)\ |
1063 |
@@ -1088,8 +1088,8 @@ index e22c119..eaa807d 100644 |
1064 |
return result; \ |
1065 |
} |
1066 |
|
1067 |
-+#define ATOMIC_OP_RETURN(op, c_op, asm_op) __ATOMIC_OP_RETURN(op, , c_op, asm_op, , )\ |
1068 |
-+ __ATOMIC_OP_RETURN(op, _unchecked, c_op, asm_op##s, __OVERFLOW_POST_RETURN, __OVERFLOW_EXTABLE) |
1069 |
++#define ATOMIC_OP_RETURN(op, c_op, asm_op) __ATOMIC_OP_RETURN(op, _unchecked, c_op, asm_op, , )\ |
1070 |
++ __ATOMIC_OP_RETURN(op, , c_op, asm_op##s, __OVERFLOW_POST_RETURN, __OVERFLOW_EXTABLE) |
1071 |
+ |
1072 |
static inline int atomic_cmpxchg(atomic_t *ptr, int old, int new) |
1073 |
{ |
1074 |
@@ -1363,8 +1363,8 @@ index e22c119..eaa807d 100644 |
1075 |
|
1076 |
-#define ATOMIC64_OP_RETURN(op, op1, op2) \ |
1077 |
-static inline long long atomic64_##op##_return(long long i, atomic64_t *v) \ |
1078 |
-+#define ATOMIC64_OP(op, op1, op2) __ATOMIC64_OP(op, , op1, op2, , ) \ |
1079 |
-+ __ATOMIC64_OP(op, _unchecked, op1, op2##s, __OVERFLOW_POST, __OVERFLOW_EXTABLE) |
1080 |
++#define ATOMIC64_OP(op, op1, op2) __ATOMIC64_OP(op, _unchecked, op1, op2, , ) \ |
1081 |
++ __ATOMIC64_OP(op, , op1, op2##s, __OVERFLOW_POST, __OVERFLOW_EXTABLE) |
1082 |
+ |
1083 |
+#define __ATOMIC64_OP_RETURN(op, suffix, op1, op2, post_op, extable) \ |
1084 |
+static inline long long atomic64_##op##_return##suffix(long long i, atomic64##suffix##_t *v) \ |
1085 |
@@ -1393,8 +1393,8 @@ index e22c119..eaa807d 100644 |
1086 |
return result; \ |
1087 |
} |
1088 |
|
1089 |
-+#define ATOMIC64_OP_RETURN(op, op1, op2) __ATOMIC64_OP_RETURN(op, , op1, op2, , ) \ |
1090 |
-+ __ATOMIC64_OP_RETURN(op, _unchecked, op1, op2##s, __OVERFLOW_POST_RETURN, __OVERFLOW_EXTABLE) |
1091 |
++#define ATOMIC64_OP_RETURN(op, op1, op2) __ATOMIC64_OP_RETURN(op, _unchecked, op1, op2, , ) \ |
1092 |
++ __ATOMIC64_OP_RETURN(op, , op1, op2##s, __OVERFLOW_POST_RETURN, __OVERFLOW_EXTABLE) |
1093 |
+ |
1094 |
#define ATOMIC64_OPS(op, op1, op2) \ |
1095 |
ATOMIC64_OP(op, op1, op2) \ |
1096 |
@@ -5747,7 +5747,7 @@ index 3778655..1dff0a9 100644 |
1097 |
|
1098 |
static dma_addr_t octeon_unity_phys_to_dma(struct device *dev, phys_addr_t paddr) |
1099 |
diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h |
1100 |
-index 857da84..3f4458b 100644 |
1101 |
+index 857da84..0fee5e2 100644 |
1102 |
--- a/arch/mips/include/asm/atomic.h |
1103 |
+++ b/arch/mips/include/asm/atomic.h |
1104 |
@@ -22,15 +22,39 @@ |
1105 |
@@ -5880,8 +5880,8 @@ index 857da84..3f4458b 100644 |
1106 |
|
1107 |
-#define ATOMIC_OP_RETURN(op, c_op, asm_op) \ |
1108 |
-static __inline__ int atomic_##op##_return(int i, atomic_t * v) \ |
1109 |
-+#define ATOMIC_OP(op, asm_op) __ATOMIC_OP(op, , asm_op##u) \ |
1110 |
-+ __ATOMIC_OP(op, _unchecked, asm_op) |
1111 |
++#define ATOMIC_OP(op, asm_op) __ATOMIC_OP(op, _unchecked, asm_op##u, ) \ |
1112 |
++ __ATOMIC_OP(op, , asm_op, __OVERFLOW_EXTABLE) |
1113 |
+ |
1114 |
+#define __ATOMIC_OP_RETURN(op, suffix, asm_op, post_op, extable) \ |
1115 |
+static inline int atomic_##op##_return##suffix(int i, atomic##suffix##_t * v) \ |
1116 |
@@ -5963,8 +5963,8 @@ index 857da84..3f4458b 100644 |
1117 |
-#define ATOMIC_OPS(op, c_op, asm_op) \ |
1118 |
- ATOMIC_OP(op, c_op, asm_op) \ |
1119 |
- ATOMIC_OP_RETURN(op, c_op, asm_op) |
1120 |
-+#define ATOMIC_OP_RETURN(op, asm_op) __ATOMIC_OP_RETURN(op, , asm_op##u, , __OVERFLOW_EXTABLE) \ |
1121 |
-+ __ATOMIC_OP_RETURN(op, _unchecked, asm_op, __OVERFLOW_POST, __OVERFLOW_EXTABLE) |
1122 |
++#define ATOMIC_OP_RETURN(op, asm_op) __ATOMIC_OP_RETURN(op, _unchecked, asm_op##u, , ) \ |
1123 |
++ __ATOMIC_OP_RETURN(op, , asm_op, __OVERFLOW_POST, __OVERFLOW_EXTABLE) |
1124 |
|
1125 |
-ATOMIC_OPS(add, +=, addu) |
1126 |
-ATOMIC_OPS(sub, -=, subu) |
1127 |
@@ -6155,8 +6155,8 @@ index 857da84..3f4458b 100644 |
1128 |
|
1129 |
-#define ATOMIC64_OP_RETURN(op, c_op, asm_op) \ |
1130 |
-static __inline__ long atomic64_##op##_return(long i, atomic64_t * v) \ |
1131 |
-+#define ATOMIC64_OP(op, asm_op) __ATOMIC64_OP(op, , asm_op##u) \ |
1132 |
-+ __ATOMIC64_OP(op, _unchecked, asm_op) |
1133 |
++#define ATOMIC64_OP(op, asm_op) __ATOMIC64_OP(op, _unchecked, asm_op##u, ) \ |
1134 |
++ __ATOMIC64_OP(op, , asm_op, __OVERFLOW_EXTABLE) |
1135 |
+ |
1136 |
+#define __ATOMIC64_OP_RETURN(op, suffix, asm_op, post_op, extable) \ |
1137 |
+static inline long atomic64_##op##_return##suffix(long i, atomic64##suffix##_t * v)\ |
1138 |
@@ -6240,8 +6240,8 @@ index 857da84..3f4458b 100644 |
1139 |
-#define ATOMIC64_OPS(op, c_op, asm_op) \ |
1140 |
- ATOMIC64_OP(op, c_op, asm_op) \ |
1141 |
- ATOMIC64_OP_RETURN(op, c_op, asm_op) |
1142 |
-+#define ATOMIC64_OP_RETURN(op, asm_op) __ATOMIC64_OP_RETURN(op, , asm_op##u, , __OVERFLOW_EXTABLE) \ |
1143 |
-+ __ATOMIC64_OP_RETURN(op, _unchecked, asm_op, __OVERFLOW_POST, __OVERFLOW_EXTABLE) |
1144 |
++#define ATOMIC64_OP_RETURN(op, asm_op) __ATOMIC64_OP_RETURN(op, _unchecked, asm_op##u, , ) \ |
1145 |
++ __ATOMIC64_OP_RETURN(op, , asm_op, __OVERFLOW_POST, __OVERFLOW_EXTABLE) |
1146 |
|
1147 |
-ATOMIC64_OPS(add, +=, daddu) |
1148 |
-ATOMIC64_OPS(sub, -=, dsubu) |
1149 |
@@ -48232,6 +48232,19 @@ index 6b861e3..204ac86 100644 |
1150 |
rc = efx_mcdi_rpc_start(efx, MC_CMD_PTP, synch_buf, |
1151 |
MC_CMD_PTP_IN_SYNCHRONIZE_LEN); |
1152 |
EFX_BUG_ON_PARANOID(rc); |
1153 |
+diff --git a/drivers/net/ethernet/sfc/selftest.c b/drivers/net/ethernet/sfc/selftest.c |
1154 |
+index 10b6173..b605dfd5 100644 |
1155 |
+--- a/drivers/net/ethernet/sfc/selftest.c |
1156 |
++++ b/drivers/net/ethernet/sfc/selftest.c |
1157 |
+@@ -46,7 +46,7 @@ struct efx_loopback_payload { |
1158 |
+ struct iphdr ip; |
1159 |
+ struct udphdr udp; |
1160 |
+ __be16 iteration; |
1161 |
+- const char msg[64]; |
1162 |
++ char msg[64]; |
1163 |
+ } __packed; |
1164 |
+ |
1165 |
+ /* Loopback test source MAC address */ |
1166 |
diff --git a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c |
1167 |
index 08c483b..2c4a553 100644 |
1168 |
--- a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c |
1169 |
@@ -60679,7 +60692,7 @@ index e4141f2..d8263e8 100644 |
1170 |
i += packet_length_size; |
1171 |
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) |
1172 |
diff --git a/fs/exec.c b/fs/exec.c |
1173 |
-index ad8798e..5f872c9 100644 |
1174 |
+index ad8798e..e3f50ec 100644 |
1175 |
--- a/fs/exec.c |
1176 |
+++ b/fs/exec.c |
1177 |
@@ -56,8 +56,20 @@ |
1178 |
@@ -60999,7 +61012,23 @@ index ad8798e..5f872c9 100644 |
1179 |
tsk->mm->vmacache_seqnum = 0; |
1180 |
vmacache_flush(tsk); |
1181 |
task_unlock(tsk); |
1182 |
-@@ -1252,7 +1331,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm) |
1183 |
+@@ -920,10 +999,14 @@ static int de_thread(struct task_struct *tsk) |
1184 |
+ if (!thread_group_leader(tsk)) { |
1185 |
+ struct task_struct *leader = tsk->group_leader; |
1186 |
+ |
1187 |
+- sig->notify_count = -1; /* for exit_notify() */ |
1188 |
+ for (;;) { |
1189 |
+ threadgroup_change_begin(tsk); |
1190 |
+ write_lock_irq(&tasklist_lock); |
1191 |
++ /* |
1192 |
++ * Do this under tasklist_lock to ensure that |
1193 |
++ * exit_notify() can't miss ->group_exit_task |
1194 |
++ */ |
1195 |
++ sig->notify_count = -1; |
1196 |
+ if (likely(leader->exit_state)) |
1197 |
+ break; |
1198 |
+ __set_current_state(TASK_KILLABLE); |
1199 |
+@@ -1252,13 +1335,60 @@ static void check_unsafe_exec(struct linux_binprm *bprm) |
1200 |
} |
1201 |
rcu_read_unlock(); |
1202 |
|
1203 |
@@ -61008,7 +61037,98 @@ index ad8798e..5f872c9 100644 |
1204 |
bprm->unsafe |= LSM_UNSAFE_SHARE; |
1205 |
else |
1206 |
p->fs->in_exec = 1; |
1207 |
-@@ -1433,6 +1512,31 @@ static int exec_binprm(struct linux_binprm *bprm) |
1208 |
+ spin_unlock(&p->fs->lock); |
1209 |
+ } |
1210 |
+ |
1211 |
++static void bprm_fill_uid(struct linux_binprm *bprm) |
1212 |
++{ |
1213 |
++ struct inode *inode; |
1214 |
++ unsigned int mode; |
1215 |
++ kuid_t uid; |
1216 |
++ kgid_t gid; |
1217 |
++ |
1218 |
++ /* clear any previous set[ug]id data from a previous binary */ |
1219 |
++ bprm->cred->euid = current_euid(); |
1220 |
++ bprm->cred->egid = current_egid(); |
1221 |
++ |
1222 |
++ if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) |
1223 |
++ return; |
1224 |
++ |
1225 |
++ if (task_no_new_privs(current)) |
1226 |
++ return; |
1227 |
++ |
1228 |
++ inode = file_inode(bprm->file); |
1229 |
++ mode = READ_ONCE(inode->i_mode); |
1230 |
++ if (!(mode & (S_ISUID|S_ISGID))) |
1231 |
++ return; |
1232 |
++ |
1233 |
++ /* Be careful if suid/sgid is set */ |
1234 |
++ mutex_lock(&inode->i_mutex); |
1235 |
++ |
1236 |
++ /* reload atomically mode/uid/gid now that lock held */ |
1237 |
++ mode = inode->i_mode; |
1238 |
++ uid = inode->i_uid; |
1239 |
++ gid = inode->i_gid; |
1240 |
++ mutex_unlock(&inode->i_mutex); |
1241 |
++ |
1242 |
++ /* We ignore suid/sgid if there are no mappings for them in the ns */ |
1243 |
++ if (!kuid_has_mapping(bprm->cred->user_ns, uid) || |
1244 |
++ !kgid_has_mapping(bprm->cred->user_ns, gid)) |
1245 |
++ return; |
1246 |
++ |
1247 |
++ if (mode & S_ISUID) { |
1248 |
++ bprm->per_clear |= PER_CLEAR_ON_SETID; |
1249 |
++ bprm->cred->euid = uid; |
1250 |
++ } |
1251 |
++ |
1252 |
++ if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { |
1253 |
++ bprm->per_clear |= PER_CLEAR_ON_SETID; |
1254 |
++ bprm->cred->egid = gid; |
1255 |
++ } |
1256 |
++} |
1257 |
++ |
1258 |
+ /* |
1259 |
+ * Fill the binprm structure from the inode. |
1260 |
+ * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes |
1261 |
+@@ -1267,36 +1397,9 @@ static void check_unsafe_exec(struct linux_binprm *bprm) |
1262 |
+ */ |
1263 |
+ int prepare_binprm(struct linux_binprm *bprm) |
1264 |
+ { |
1265 |
+- struct inode *inode = file_inode(bprm->file); |
1266 |
+- umode_t mode = inode->i_mode; |
1267 |
+ int retval; |
1268 |
+ |
1269 |
+- |
1270 |
+- /* clear any previous set[ug]id data from a previous binary */ |
1271 |
+- bprm->cred->euid = current_euid(); |
1272 |
+- bprm->cred->egid = current_egid(); |
1273 |
+- |
1274 |
+- if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) && |
1275 |
+- !task_no_new_privs(current) && |
1276 |
+- kuid_has_mapping(bprm->cred->user_ns, inode->i_uid) && |
1277 |
+- kgid_has_mapping(bprm->cred->user_ns, inode->i_gid)) { |
1278 |
+- /* Set-uid? */ |
1279 |
+- if (mode & S_ISUID) { |
1280 |
+- bprm->per_clear |= PER_CLEAR_ON_SETID; |
1281 |
+- bprm->cred->euid = inode->i_uid; |
1282 |
+- } |
1283 |
+- |
1284 |
+- /* Set-gid? */ |
1285 |
+- /* |
1286 |
+- * If setgid is set but no group execute bit then this |
1287 |
+- * is a candidate for mandatory locking, not a setgid |
1288 |
+- * executable. |
1289 |
+- */ |
1290 |
+- if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { |
1291 |
+- bprm->per_clear |= PER_CLEAR_ON_SETID; |
1292 |
+- bprm->cred->egid = inode->i_gid; |
1293 |
+- } |
1294 |
+- } |
1295 |
++ bprm_fill_uid(bprm); |
1296 |
+ |
1297 |
+ /* fill in binprm security blob */ |
1298 |
+ retval = security_bprm_set_creds(bprm); |
1299 |
+@@ -1433,6 +1536,31 @@ static int exec_binprm(struct linux_binprm *bprm) |
1300 |
return ret; |
1301 |
} |
1302 |
|
1303 |
@@ -61040,7 +61160,7 @@ index ad8798e..5f872c9 100644 |
1304 |
/* |
1305 |
* sys_execve() executes a new program. |
1306 |
*/ |
1307 |
-@@ -1441,6 +1545,11 @@ static int do_execveat_common(int fd, struct filename *filename, |
1308 |
+@@ -1441,6 +1569,11 @@ static int do_execveat_common(int fd, struct filename *filename, |
1309 |
struct user_arg_ptr envp, |
1310 |
int flags) |
1311 |
{ |
1312 |
@@ -61052,7 +61172,7 @@ index ad8798e..5f872c9 100644 |
1313 |
char *pathbuf = NULL; |
1314 |
struct linux_binprm *bprm; |
1315 |
struct file *file; |
1316 |
-@@ -1450,6 +1559,8 @@ static int do_execveat_common(int fd, struct filename *filename, |
1317 |
+@@ -1450,6 +1583,8 @@ static int do_execveat_common(int fd, struct filename *filename, |
1318 |
if (IS_ERR(filename)) |
1319 |
return PTR_ERR(filename); |
1320 |
|
1321 |
@@ -61061,7 +61181,7 @@ index ad8798e..5f872c9 100644 |
1322 |
/* |
1323 |
* We move the actual failure in case of RLIMIT_NPROC excess from |
1324 |
* set*uid() to execve() because too many poorly written programs |
1325 |
-@@ -1487,6 +1598,11 @@ static int do_execveat_common(int fd, struct filename *filename, |
1326 |
+@@ -1487,6 +1622,11 @@ static int do_execveat_common(int fd, struct filename *filename, |
1327 |
if (IS_ERR(file)) |
1328 |
goto out_unmark; |
1329 |
|
1330 |
@@ -61073,7 +61193,7 @@ index ad8798e..5f872c9 100644 |
1331 |
sched_exec(); |
1332 |
|
1333 |
bprm->file = file; |
1334 |
-@@ -1513,6 +1629,11 @@ static int do_execveat_common(int fd, struct filename *filename, |
1335 |
+@@ -1513,6 +1653,11 @@ static int do_execveat_common(int fd, struct filename *filename, |
1336 |
} |
1337 |
bprm->interp = bprm->filename; |
1338 |
|
1339 |
@@ -61085,7 +61205,7 @@ index ad8798e..5f872c9 100644 |
1340 |
retval = bprm_mm_init(bprm); |
1341 |
if (retval) |
1342 |
goto out_unmark; |
1343 |
-@@ -1529,24 +1650,70 @@ static int do_execveat_common(int fd, struct filename *filename, |
1344 |
+@@ -1529,24 +1674,70 @@ static int do_execveat_common(int fd, struct filename *filename, |
1345 |
if (retval < 0) |
1346 |
goto out; |
1347 |
|
1348 |
@@ -61160,7 +61280,7 @@ index ad8798e..5f872c9 100644 |
1349 |
current->fs->in_exec = 0; |
1350 |
current->in_execve = 0; |
1351 |
acct_update_integrals(current); |
1352 |
-@@ -1558,6 +1725,14 @@ static int do_execveat_common(int fd, struct filename *filename, |
1353 |
+@@ -1558,6 +1749,14 @@ static int do_execveat_common(int fd, struct filename *filename, |
1354 |
put_files_struct(displaced); |
1355 |
return retval; |
1356 |
|
1357 |
@@ -61175,7 +61295,7 @@ index ad8798e..5f872c9 100644 |
1358 |
out: |
1359 |
if (bprm->mm) { |
1360 |
acct_arg_size(bprm, 0); |
1361 |
-@@ -1704,3 +1879,312 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, |
1362 |
+@@ -1704,3 +1903,312 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, |
1363 |
argv, envp, flags); |
1364 |
} |
1365 |
#endif |
1366 |
@@ -65002,6 +65122,19 @@ index 7d6b7d0..5fb529a 100644 |
1367 |
}; |
1368 |
|
1369 |
enum ocfs2_local_alloc_state |
1370 |
+diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c |
1371 |
+index d81f6e2..e794c38 100644 |
1372 |
+--- a/fs/ocfs2/refcounttree.c |
1373 |
++++ b/fs/ocfs2/refcounttree.c |
1374 |
+@@ -4278,7 +4278,7 @@ static int ocfs2_reflink(struct dentry *old_dentry, struct inode *dir, |
1375 |
+ error = posix_acl_create(dir, &mode, &default_acl, &acl); |
1376 |
+ if (error) { |
1377 |
+ mlog_errno(error); |
1378 |
+- goto out; |
1379 |
++ return error; |
1380 |
+ } |
1381 |
+ |
1382 |
+ error = ocfs2_create_inode_in_orphan(dir, mode, |
1383 |
diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c |
1384 |
index 0cb889a..6a26b24 100644 |
1385 |
--- a/fs/ocfs2/suballoc.c |
1386 |
@@ -80413,10 +80546,10 @@ index d1a5582..4424efa 100644 |
1387 |
* Mark a position in code as unreachable. This can be used to |
1388 |
* suppress control flow warnings after asm blocks that transfer |
1389 |
diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h |
1390 |
-index c8c5659..d09f2ad 100644 |
1391 |
+index c8c5659..2401b2e 100644 |
1392 |
--- a/include/linux/compiler-gcc5.h |
1393 |
+++ b/include/linux/compiler-gcc5.h |
1394 |
-@@ -28,6 +28,28 @@ |
1395 |
+@@ -28,6 +28,26 @@ |
1396 |
# define __compiletime_error(message) __attribute__((error(message))) |
1397 |
#endif /* __CHECKER__ */ |
1398 |
|
1399 |
@@ -80426,7 +80559,6 @@ index c8c5659..d09f2ad 100644 |
1400 |
+#define __bos1(ptr) __bos((ptr), 1) |
1401 |
+ |
1402 |
+#ifdef CONSTIFY_PLUGIN |
1403 |
-+#error not yet |
1404 |
+#define __no_const __attribute__((no_const)) |
1405 |
+#define __do_const __attribute__((do_const)) |
1406 |
+#endif |
1407 |
@@ -80438,7 +80570,6 @@ index c8c5659..d09f2ad 100644 |
1408 |
+#endif |
1409 |
+ |
1410 |
+#ifdef LATENT_ENTROPY_PLUGIN |
1411 |
-+#error not yet |
1412 |
+#define __latent_entropy __attribute__((latent_entropy)) |
1413 |
+#endif |
1414 |
+ |
1415 |
@@ -83621,6 +83752,19 @@ index 6d34aa2..d73d848 100644 |
1416 |
|
1417 |
static inline void mm_init_cpumask(struct mm_struct *mm) |
1418 |
{ |
1419 |
+diff --git a/include/linux/mmc/core.h b/include/linux/mmc/core.h |
1420 |
+index cb2b040..f3c9f5c 100644 |
1421 |
+--- a/include/linux/mmc/core.h |
1422 |
++++ b/include/linux/mmc/core.h |
1423 |
+@@ -79,7 +79,7 @@ struct mmc_command { |
1424 |
+ #define mmc_cmd_type(cmd) ((cmd)->flags & MMC_CMD_MASK) |
1425 |
+ |
1426 |
+ unsigned int retries; /* max number of retries */ |
1427 |
+- unsigned int error; /* command error */ |
1428 |
++ int error; /* command error */ |
1429 |
+ |
1430 |
+ /* |
1431 |
+ * Standard errno values are used for errors, but some have specific |
1432 |
diff --git a/include/linux/mmiotrace.h b/include/linux/mmiotrace.h |
1433 |
index c5d5278..f0b68c8 100644 |
1434 |
--- a/include/linux/mmiotrace.h |
1435 |
@@ -88279,6 +88423,20 @@ index 536edc2..d28c85d 100644 |
1436 |
|
1437 |
if (!access_ok(VERIFY_READ, uattr, 1)) |
1438 |
return -EFAULT; |
1439 |
+diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c |
1440 |
+index a28e09c..36508e6 100644 |
1441 |
+--- a/kernel/bpf/verifier.c |
1442 |
++++ b/kernel/bpf/verifier.c |
1443 |
+@@ -1380,7 +1380,8 @@ peek_stack: |
1444 |
+ /* tell verifier to check for equivalent states |
1445 |
+ * after every call and jump |
1446 |
+ */ |
1447 |
+- env->explored_states[t + 1] = STATE_LIST_MARK; |
1448 |
++ if (t + 1 < insn_cnt) |
1449 |
++ env->explored_states[t + 1] = STATE_LIST_MARK; |
1450 |
+ } else { |
1451 |
+ /* conditional jump with two edges */ |
1452 |
+ ret = push_insn(t, t + 1, FALLTHROUGH, env); |
1453 |
diff --git a/kernel/capability.c b/kernel/capability.c |
1454 |
index 989f5bf..d317ca0 100644 |
1455 |
--- a/kernel/capability.c |
1456 |
@@ -101995,7 +102153,7 @@ index 3b6899b..cf36238 100644 |
1457 |
{ |
1458 |
struct socket *sock; |
1459 |
diff --git a/net/core/skbuff.c b/net/core/skbuff.c |
1460 |
-index 62c67be..01893a0a 100644 |
1461 |
+index 62c67be..361c354 100644 |
1462 |
--- a/net/core/skbuff.c |
1463 |
+++ b/net/core/skbuff.c |
1464 |
@@ -2123,7 +2123,7 @@ EXPORT_SYMBOL(__skb_checksum); |
1465 |
@@ -102024,6 +102182,31 @@ index 62c67be..01893a0a 100644 |
1466 |
NULL); |
1467 |
} |
1468 |
|
1469 |
+@@ -4141,18 +4143,20 @@ EXPORT_SYMBOL(skb_try_coalesce); |
1470 |
+ */ |
1471 |
+ void skb_scrub_packet(struct sk_buff *skb, bool xnet) |
1472 |
+ { |
1473 |
+- if (xnet) |
1474 |
+- skb_orphan(skb); |
1475 |
+ skb->tstamp.tv64 = 0; |
1476 |
+ skb->pkt_type = PACKET_HOST; |
1477 |
+ skb->skb_iif = 0; |
1478 |
+ skb->ignore_df = 0; |
1479 |
+ skb_dst_drop(skb); |
1480 |
+- skb->mark = 0; |
1481 |
+- skb_init_secmark(skb); |
1482 |
+ secpath_reset(skb); |
1483 |
+ nf_reset(skb); |
1484 |
+ nf_reset_trace(skb); |
1485 |
++ |
1486 |
++ if (!xnet) |
1487 |
++ return; |
1488 |
++ |
1489 |
++ skb_orphan(skb); |
1490 |
++ skb->mark = 0; |
1491 |
+ } |
1492 |
+ EXPORT_SYMBOL_GPL(skb_scrub_packet); |
1493 |
+ |
1494 |
diff --git a/net/core/sock.c b/net/core/sock.c |
1495 |
index 1c7a33d..a3817e2 100644 |
1496 |
--- a/net/core/sock.c |
1497 |
@@ -103269,8 +103452,24 @@ index e0ee384..e2688d9 100644 |
1498 |
if (net->ipv4.ipv4_hdr == NULL) |
1499 |
goto err_reg; |
1500 |
|
1501 |
+diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c |
1502 |
+index 3075723..aa6f6e5 100644 |
1503 |
+--- a/net/ipv4/tcp.c |
1504 |
++++ b/net/ipv4/tcp.c |
1505 |
+@@ -520,8 +520,10 @@ unsigned int tcp_poll(struct file *file, struct socket *sock, poll_table *wait) |
1506 |
+ |
1507 |
+ /* Race breaker. If space is freed after |
1508 |
+ * wspace test but before the flags are set, |
1509 |
+- * IO signal will be lost. |
1510 |
++ * IO signal will be lost. Memory barrier |
1511 |
++ * pairs with the input side. |
1512 |
+ */ |
1513 |
++ smp_mb__after_atomic(); |
1514 |
+ if (sk_stream_is_writeable(sk)) |
1515 |
+ mask |= POLLOUT | POLLWRNORM; |
1516 |
+ } |
1517 |
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
1518 |
-index 075ab4d..623bb9d 100644 |
1519 |
+index 075ab4d..8d0580a 100644 |
1520 |
--- a/net/ipv4/tcp_input.c |
1521 |
+++ b/net/ipv4/tcp_input.c |
1522 |
@@ -766,7 +766,7 @@ static void tcp_update_pacing_rate(struct sock *sk) |
1523 |
@@ -103291,7 +103490,16 @@ index 075ab4d..623bb9d 100644 |
1524 |
struct sk_buff *head, struct sk_buff *tail, |
1525 |
u32 start, u32 end) |
1526 |
{ |
1527 |
-@@ -5506,6 +5506,7 @@ discard: |
1528 |
+@@ -4786,6 +4786,8 @@ static void tcp_check_space(struct sock *sk) |
1529 |
+ { |
1530 |
+ if (sock_flag(sk, SOCK_QUEUE_SHRUNK)) { |
1531 |
+ sock_reset_flag(sk, SOCK_QUEUE_SHRUNK); |
1532 |
++ /* pairs with tcp_poll() */ |
1533 |
++ smp_mb__after_atomic(); |
1534 |
+ if (sk->sk_socket && |
1535 |
+ test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) |
1536 |
+ tcp_new_space(sk); |
1537 |
+@@ -5506,6 +5508,7 @@ discard: |
1538 |
tcp_paws_reject(&tp->rx_opt, 0)) |
1539 |
goto discard_and_undo; |
1540 |
|
1541 |
@@ -103299,7 +103507,7 @@ index 075ab4d..623bb9d 100644 |
1542 |
if (th->syn) { |
1543 |
/* We see SYN without ACK. It is attempt of |
1544 |
* simultaneous connect with crossed SYNs. |
1545 |
-@@ -5556,6 +5557,7 @@ discard: |
1546 |
+@@ -5556,6 +5559,7 @@ discard: |
1547 |
goto discard; |
1548 |
#endif |
1549 |
} |
1550 |
@@ -103307,7 +103515,7 @@ index 075ab4d..623bb9d 100644 |
1551 |
/* "fifth, if neither of the SYN or RST bits is set then |
1552 |
* drop the segment and return." |
1553 |
*/ |
1554 |
-@@ -5602,7 +5604,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, |
1555 |
+@@ -5602,7 +5606,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, |
1556 |
goto discard; |
1557 |
|
1558 |
if (th->syn) { |
1559 |
@@ -105245,6 +105453,26 @@ index 11d85b3..7fcc420 100644 |
1560 |
goto nla_put_failure; |
1561 |
|
1562 |
if (data_len) { |
1563 |
+diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c |
1564 |
+index b636486..9898807 100644 |
1565 |
+--- a/net/netfilter/nft_compat.c |
1566 |
++++ b/net/netfilter/nft_compat.c |
1567 |
+@@ -274,14 +274,7 @@ static void nft_match_eval(const struct nft_expr *expr, |
1568 |
+ return; |
1569 |
+ } |
1570 |
+ |
1571 |
+- switch(ret) { |
1572 |
+- case true: |
1573 |
+- data[NFT_REG_VERDICT].verdict = NFT_CONTINUE; |
1574 |
+- break; |
1575 |
+- case false: |
1576 |
+- data[NFT_REG_VERDICT].verdict = NFT_BREAK; |
1577 |
+- break; |
1578 |
+- } |
1579 |
++ data[NFT_REG_VERDICT].verdict = ret ? NFT_CONTINUE : NFT_BREAK; |
1580 |
+ } |
1581 |
+ |
1582 |
+ static const struct nla_policy nft_match_policy[NFTA_MATCH_MAX + 1] = { |
1583 |
diff --git a/net/netfilter/xt_gradm.c b/net/netfilter/xt_gradm.c |
1584 |
new file mode 100644 |
1585 |
index 0000000..c566332 |
1586 |
@@ -110585,12 +110813,12 @@ index 0000000..5452feea |
1587 |
+} |
1588 |
diff --git a/tools/gcc/colorize_plugin.c b/tools/gcc/colorize_plugin.c |
1589 |
new file mode 100644 |
1590 |
-index 0000000..d44bd9f |
1591 |
+index 0000000..0c96d8a |
1592 |
--- /dev/null |
1593 |
+++ b/tools/gcc/colorize_plugin.c |
1594 |
@@ -0,0 +1,215 @@ |
1595 |
+/* |
1596 |
-+ * Copyright 2012-2014 by PaX Team <pageexec@××××××××.hu> |
1597 |
++ * Copyright 2012-2015 by PaX Team <pageexec@××××××××.hu> |
1598 |
+ * Licensed under the GPL v2 |
1599 |
+ * |
1600 |
+ * Note: the choice of the license means that the compilation process is |
1601 |
@@ -110683,6 +110911,7 @@ index 0000000..d44bd9f |
1602 |
+} |
1603 |
+ |
1604 |
+#if BUILDING_GCC_VERSION >= 4009 |
1605 |
++namespace { |
1606 |
+static const struct pass_data colorize_rearm_pass_data = { |
1607 |
+#else |
1608 |
+struct simple_ipa_opt_pass colorize_rearm_pass = { |
1609 |
@@ -110716,7 +110945,6 @@ index 0000000..d44bd9f |
1610 |
+}; |
1611 |
+ |
1612 |
+#if BUILDING_GCC_VERSION >= 4009 |
1613 |
-+namespace { |
1614 |
+class colorize_rearm_pass : public simple_ipa_opt_pass { |
1615 |
+public: |
1616 |
+ colorize_rearm_pass() : simple_ipa_opt_pass(colorize_rearm_pass_data, g) {} |
1617 |
@@ -110806,13 +111034,13 @@ index 0000000..d44bd9f |
1618 |
+} |
1619 |
diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c |
1620 |
new file mode 100644 |
1621 |
-index 0000000..3b5af59 |
1622 |
+index 0000000..93b181d |
1623 |
--- /dev/null |
1624 |
+++ b/tools/gcc/constify_plugin.c |
1625 |
-@@ -0,0 +1,558 @@ |
1626 |
+@@ -0,0 +1,563 @@ |
1627 |
+/* |
1628 |
+ * Copyright 2011 by Emese Revfy <re.emese@×××××.com> |
1629 |
-+ * Copyright 2011-2014 by PaX Team <pageexec@××××××××.hu> |
1630 |
++ * Copyright 2011-2015 by PaX Team <pageexec@××××××××.hu> |
1631 |
+ * Licensed under the GPL v2, or (at your option) v3 |
1632 |
+ * |
1633 |
+ * This gcc plugin constifies all structures which contain only function pointers or are explicitly marked for constification. |
1634 |
@@ -110827,7 +111055,7 @@ index 0000000..3b5af59 |
1635 |
+ |
1636 |
+#include "gcc-common.h" |
1637 |
+ |
1638 |
-+// unused C type flag in all versions 4.5-4.9 |
1639 |
++// unused C type flag in all versions 4.5-5.0 |
1640 |
+#define TYPE_CONSTIFY_VISITED(TYPE) TYPE_LANG_FLAG_4(TYPE) |
1641 |
+ |
1642 |
+int plugin_is_GPL_compatible; |
1643 |
@@ -111133,6 +111361,11 @@ index 0000000..3b5af59 |
1644 |
+ if (type == NULL_TREE || type == error_mark_node) |
1645 |
+ return; |
1646 |
+ |
1647 |
++#if BUILDING_GCC_VERSION >= 5000 |
1648 |
++ if (TREE_CODE(type) == ENUMERAL_TYPE) |
1649 |
++ return; |
1650 |
++#endif |
1651 |
++ |
1652 |
+ if (TYPE_FIELDS(type) == NULL_TREE || TYPE_CONSTIFY_VISITED(type)) |
1653 |
+ return; |
1654 |
+ |
1655 |
@@ -111233,6 +111466,7 @@ index 0000000..3b5af59 |
1656 |
+} |
1657 |
+ |
1658 |
+#if BUILDING_GCC_VERSION >= 4009 |
1659 |
++namespace { |
1660 |
+static const struct pass_data check_local_variables_pass_data = { |
1661 |
+#else |
1662 |
+static struct gimple_opt_pass check_local_variables_pass = { |
1663 |
@@ -111266,7 +111500,6 @@ index 0000000..3b5af59 |
1664 |
+}; |
1665 |
+ |
1666 |
+#if BUILDING_GCC_VERSION >= 4009 |
1667 |
-+namespace { |
1668 |
+class check_local_variables_pass : public gimple_opt_pass { |
1669 |
+public: |
1670 |
+ check_local_variables_pass() : gimple_opt_pass(check_local_variables_pass_data, g) {} |
1671 |
@@ -111370,10 +111603,10 @@ index 0000000..3b5af59 |
1672 |
+} |
1673 |
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h |
1674 |
new file mode 100644 |
1675 |
-index 0000000..14ec226 |
1676 |
+index 0000000..19fedf2 |
1677 |
--- /dev/null |
1678 |
+++ b/tools/gcc/gcc-common.h |
1679 |
-@@ -0,0 +1,520 @@ |
1680 |
+@@ -0,0 +1,540 @@ |
1681 |
+#ifndef GCC_COMMON_H_INCLUDED |
1682 |
+#define GCC_COMMON_H_INCLUDED |
1683 |
+ |
1684 |
@@ -111475,11 +111708,13 @@ index 0000000..14ec226 |
1685 |
+//#include "diagnostic-color.h" |
1686 |
+#include "context.h" |
1687 |
+#include "tree-ssa-alias.h" |
1688 |
++#include "tree-ssa.h" |
1689 |
+#include "stringpool.h" |
1690 |
+#include "tree-ssanames.h" |
1691 |
+#include "print-tree.h" |
1692 |
+#include "tree-eh.h" |
1693 |
+#include "stmt.h" |
1694 |
++#include "gimplify.h" |
1695 |
+#endif |
1696 |
+ |
1697 |
+#include "gimple.h" |
1698 |
@@ -111502,6 +111737,7 @@ index 0000000..14ec226 |
1699 |
+//#include "lto-compress.h" |
1700 |
+#if BUILDING_GCC_VERSION >= 5000 |
1701 |
+//#include "lto-section-names.h" |
1702 |
++#include "builtins.h" |
1703 |
+#endif |
1704 |
+ |
1705 |
+//#include "expr.h" where are you... |
1706 |
@@ -111729,6 +111965,7 @@ index 0000000..14ec226 |
1707 |
+typedef union gimple_statement_d gasm; |
1708 |
+typedef union gimple_statement_d gassign; |
1709 |
+typedef union gimple_statement_d gcall; |
1710 |
++typedef union gimple_statement_d gdebug; |
1711 |
+typedef union gimple_statement_d gphi; |
1712 |
+typedef union gimple_statement_d greturn; |
1713 |
+#endif |
1714 |
@@ -111755,6 +111992,7 @@ index 0000000..14ec226 |
1715 |
+typedef struct gimple_statement_base gasm; |
1716 |
+typedef struct gimple_statement_base gassign; |
1717 |
+typedef struct gimple_statement_base gcall; |
1718 |
++typedef struct gimple_statement_base gdebug; |
1719 |
+typedef struct gimple_statement_base gphi; |
1720 |
+typedef struct gimple_statement_base greturn; |
1721 |
+#endif |
1722 |
@@ -111771,6 +112009,11 @@ index 0000000..14ec226 |
1723 |
+{ |
1724 |
+ return stmt; |
1725 |
+} |
1726 |
++ |
1727 |
++static inline greturn *as_a_greturn(gimple stmt) |
1728 |
++{ |
1729 |
++ return stmt; |
1730 |
++} |
1731 |
+#endif |
1732 |
+ |
1733 |
+#if BUILDING_GCC_VERSION >= 4009 |
1734 |
@@ -111791,16 +112034,16 @@ index 0000000..14ec226 |
1735 |
+ |
1736 |
+#define INSN_DELETED_P(insn) (insn)->deleted() |
1737 |
+ |
1738 |
-+extern bool is_simple_builtin(tree); |
1739 |
-+ |
1740 |
+// symtab/cgraph related |
1741 |
+#define debug_cgraph_node(node) (node)->debug() |
1742 |
+#define cgraph_get_node(decl) cgraph_node::get(decl) |
1743 |
+#define cgraph_n_nodes symtab->cgraph_count |
1744 |
+#define cgraph_max_uid symtab->cgraph_max_uid |
1745 |
++#define varpool_get_node(decl) varpool_node::get(decl) |
1746 |
+ |
1747 |
+typedef struct cgraph_node *cgraph_node_ptr; |
1748 |
+typedef struct cgraph_edge *cgraph_edge_p; |
1749 |
++typedef struct varpool_node *varpool_node_ptr; |
1750 |
+ |
1751 |
+static inline void change_decl_assembler_name(tree decl, tree name) |
1752 |
+{ |
1753 |
@@ -111878,11 +112121,21 @@ index 0000000..14ec226 |
1754 |
+ return as_a<gasm *>(stmt); |
1755 |
+} |
1756 |
+ |
1757 |
++static inline const gasm *as_a_gasm(const_gimple stmt) |
1758 |
++{ |
1759 |
++ return as_a<const gasm *>(stmt); |
1760 |
++} |
1761 |
++ |
1762 |
+static inline gcall *as_a_gcall(gimple stmt) |
1763 |
+{ |
1764 |
+ return as_a<gcall *>(stmt); |
1765 |
+} |
1766 |
+ |
1767 |
++static inline greturn *as_a_greturn(gimple stmt) |
1768 |
++{ |
1769 |
++ return as_a<greturn *>(stmt); |
1770 |
++} |
1771 |
++ |
1772 |
+// IPA/LTO related |
1773 |
+#define ipa_ref_list_referring_iterate(L,I,P) (L)->referring.iterate((I), &(P)) |
1774 |
+#define ipa_ref_list_reference_iterate(L,I,P) (L)->reference.iterate((I), &(P)) |
1775 |
@@ -111910,12 +112163,12 @@ index 0000000..7514850 |
1776 |
+fi |
1777 |
diff --git a/tools/gcc/kallocstat_plugin.c b/tools/gcc/kallocstat_plugin.c |
1778 |
new file mode 100644 |
1779 |
-index 0000000..d81c094 |
1780 |
+index 0000000..457d54e |
1781 |
--- /dev/null |
1782 |
+++ b/tools/gcc/kallocstat_plugin.c |
1783 |
-@@ -0,0 +1,183 @@ |
1784 |
+@@ -0,0 +1,188 @@ |
1785 |
+/* |
1786 |
-+ * Copyright 2011-2014 by the PaX Team <pageexec@××××××××.hu> |
1787 |
++ * Copyright 2011-2015 by the PaX Team <pageexec@××××××××.hu> |
1788 |
+ * Licensed under the GPL v2 |
1789 |
+ * |
1790 |
+ * Note: the choice of the license means that the compilation process is |
1791 |
@@ -112026,6 +112279,7 @@ index 0000000..d81c094 |
1792 |
+} |
1793 |
+ |
1794 |
+#if BUILDING_GCC_VERSION >= 4009 |
1795 |
++namespace { |
1796 |
+static const struct pass_data kallocstat_pass_data = { |
1797 |
+#else |
1798 |
+static struct gimple_opt_pass kallocstat_pass = { |
1799 |
@@ -112036,7 +112290,8 @@ index 0000000..d81c094 |
1800 |
+#if BUILDING_GCC_VERSION >= 4008 |
1801 |
+ .optinfo_flags = OPTGROUP_NONE, |
1802 |
+#endif |
1803 |
-+#if BUILDING_GCC_VERSION >= 4009 |
1804 |
++#if BUILDING_GCC_VERSION >= 5000 |
1805 |
++#elif BUILDING_GCC_VERSION == 4009 |
1806 |
+ .has_gate = false, |
1807 |
+ .has_execute = true, |
1808 |
+#else |
1809 |
@@ -112058,11 +112313,14 @@ index 0000000..d81c094 |
1810 |
+}; |
1811 |
+ |
1812 |
+#if BUILDING_GCC_VERSION >= 4009 |
1813 |
-+namespace { |
1814 |
+class kallocstat_pass : public gimple_opt_pass { |
1815 |
+public: |
1816 |
+ kallocstat_pass() : gimple_opt_pass(kallocstat_pass_data, g) {} |
1817 |
++#if BUILDING_GCC_VERSION >= 5000 |
1818 |
++ virtual unsigned int execute(function *) { return execute_kallocstat(); } |
1819 |
++#else |
1820 |
+ unsigned int execute() { return execute_kallocstat(); } |
1821 |
++#endif |
1822 |
+}; |
1823 |
+} |
1824 |
+ |
1825 |
@@ -112099,12 +112357,12 @@ index 0000000..d81c094 |
1826 |
+} |
1827 |
diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c |
1828 |
new file mode 100644 |
1829 |
-index 0000000..89f256d |
1830 |
+index 0000000..71716e7 |
1831 |
--- /dev/null |
1832 |
+++ b/tools/gcc/kernexec_plugin.c |
1833 |
-@@ -0,0 +1,522 @@ |
1834 |
+@@ -0,0 +1,547 @@ |
1835 |
+/* |
1836 |
-+ * Copyright 2011-2014 by the PaX Team <pageexec@××××××××.hu> |
1837 |
++ * Copyright 2011-2015 by the PaX Team <pageexec@××××××××.hu> |
1838 |
+ * Licensed under the GPL v2 |
1839 |
+ * |
1840 |
+ * Note: the choice of the license means that the compilation process is |
1841 |
@@ -112137,7 +112395,7 @@ index 0000000..89f256d |
1842 |
+ */ |
1843 |
+static void kernexec_reload_fptr_mask(gimple_stmt_iterator *gsi) |
1844 |
+{ |
1845 |
-+ gimple asm_movabs_stmt; |
1846 |
++ gasm *asm_movabs_stmt; |
1847 |
+ |
1848 |
+ // build asm volatile("movabs $0x8000000000000000, %%r12\n\t" : : : ); |
1849 |
+ asm_movabs_stmt = gimple_build_asm_vec("movabs $0x8000000000000000, %%r12\n\t", NULL, NULL, NULL, NULL); |
1850 |
@@ -112159,14 +112417,17 @@ index 0000000..89f256d |
1851 |
+ |
1852 |
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { |
1853 |
+ // gimple match: __asm__ ("" : : : "r12"); |
1854 |
-+ gimple asm_stmt; |
1855 |
++ gimple stmt; |
1856 |
++ gasm *asm_stmt; |
1857 |
+ size_t nclobbers; |
1858 |
+ |
1859 |
+ // is it an asm ... |
1860 |
-+ asm_stmt = gsi_stmt(gsi); |
1861 |
-+ if (gimple_code(asm_stmt) != GIMPLE_ASM) |
1862 |
++ stmt = gsi_stmt(gsi); |
1863 |
++ if (gimple_code(stmt) != GIMPLE_ASM) |
1864 |
+ continue; |
1865 |
+ |
1866 |
++ asm_stmt = as_a_gasm(stmt); |
1867 |
++ |
1868 |
+ // ... clobbering r12 |
1869 |
+ nclobbers = gimple_asm_nclobbers(asm_stmt); |
1870 |
+ while (nclobbers--) { |
1871 |
@@ -112189,10 +112450,11 @@ index 0000000..89f256d |
1872 |
+ */ |
1873 |
+static void kernexec_instrument_fptr_bts(gimple_stmt_iterator *gsi) |
1874 |
+{ |
1875 |
-+ gimple assign_intptr, assign_new_fptr, call_stmt; |
1876 |
++ gimple assign_intptr, assign_new_fptr; |
1877 |
++ gcall *call_stmt; |
1878 |
+ tree intptr, orptr, old_fptr, new_fptr, kernexec_mask; |
1879 |
+ |
1880 |
-+ call_stmt = gsi_stmt(*gsi); |
1881 |
++ call_stmt = as_a_gcall(gsi_stmt(*gsi)); |
1882 |
+ old_fptr = gimple_call_fn(call_stmt); |
1883 |
+ |
1884 |
+ // create temporary unsigned long variable used for bitops and cast fptr to it |
1885 |
@@ -112230,7 +112492,8 @@ index 0000000..89f256d |
1886 |
+ |
1887 |
+static void kernexec_instrument_fptr_or(gimple_stmt_iterator *gsi) |
1888 |
+{ |
1889 |
-+ gimple asm_or_stmt, call_stmt; |
1890 |
++ gasm *asm_or_stmt; |
1891 |
++ gcall *call_stmt; |
1892 |
+ tree old_fptr, new_fptr, input, output; |
1893 |
+#if BUILDING_GCC_VERSION <= 4007 |
1894 |
+ VEC(tree, gc) *inputs = NULL; |
1895 |
@@ -112240,7 +112503,7 @@ index 0000000..89f256d |
1896 |
+ vec<tree, va_gc> *outputs = NULL; |
1897 |
+#endif |
1898 |
+ |
1899 |
-+ call_stmt = gsi_stmt(*gsi); |
1900 |
++ call_stmt = as_a_gcall(gsi_stmt(*gsi)); |
1901 |
+ old_fptr = gimple_call_fn(call_stmt); |
1902 |
+ |
1903 |
+ // create temporary fptr variable |
1904 |
@@ -112285,12 +112548,14 @@ index 0000000..89f256d |
1905 |
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { |
1906 |
+ // gimple match: h_1 = get_fptr (); D.2709_3 = h_1 (x_2(D)); |
1907 |
+ tree fn; |
1908 |
-+ gimple call_stmt; |
1909 |
++ gimple stmt; |
1910 |
++ gcall *call_stmt; |
1911 |
+ |
1912 |
+ // is it a call ... |
1913 |
-+ call_stmt = gsi_stmt(gsi); |
1914 |
-+ if (!is_gimple_call(call_stmt)) |
1915 |
++ stmt = gsi_stmt(gsi); |
1916 |
++ if (!is_gimple_call(stmt)) |
1917 |
+ continue; |
1918 |
++ call_stmt = as_a_gcall(stmt); |
1919 |
+ fn = gimple_call_fn(call_stmt); |
1920 |
+ if (TREE_CODE(fn) == ADDR_EXPR) |
1921 |
+ continue; |
1922 |
@@ -112363,7 +112628,7 @@ index 0000000..89f256d |
1923 |
+ */ |
1924 |
+static unsigned int execute_kernexec_retaddr(void) |
1925 |
+{ |
1926 |
-+ rtx insn; |
1927 |
++ rtx_insn *insn; |
1928 |
+ |
1929 |
+// if (stack_realign_drap) |
1930 |
+// inform(DECL_SOURCE_LOCATION(current_function_decl), "drap detected in %s\n", IDENTIFIER_POINTER(DECL_NAME(current_function_decl))); |
1931 |
@@ -112411,6 +112676,7 @@ index 0000000..89f256d |
1932 |
+} |
1933 |
+ |
1934 |
+#if BUILDING_GCC_VERSION >= 4009 |
1935 |
++namespace { |
1936 |
+static const struct pass_data kernexec_reload_pass_data = { |
1937 |
+#else |
1938 |
+static struct gimple_opt_pass kernexec_reload_pass = { |
1939 |
@@ -112421,7 +112687,8 @@ index 0000000..89f256d |
1940 |
+#if BUILDING_GCC_VERSION >= 4008 |
1941 |
+ .optinfo_flags = OPTGROUP_NONE, |
1942 |
+#endif |
1943 |
-+#if BUILDING_GCC_VERSION >= 4009 |
1944 |
++#if BUILDING_GCC_VERSION >= 5000 |
1945 |
++#elif BUILDING_GCC_VERSION == 4009 |
1946 |
+ .has_gate = true, |
1947 |
+ .has_execute = true, |
1948 |
+#else |
1949 |
@@ -112453,7 +112720,8 @@ index 0000000..89f256d |
1950 |
+#if BUILDING_GCC_VERSION >= 4008 |
1951 |
+ .optinfo_flags = OPTGROUP_NONE, |
1952 |
+#endif |
1953 |
-+#if BUILDING_GCC_VERSION >= 4009 |
1954 |
++#if BUILDING_GCC_VERSION >= 5000 |
1955 |
++#elif BUILDING_GCC_VERSION == 4009 |
1956 |
+ .has_gate = true, |
1957 |
+ .has_execute = true, |
1958 |
+#else |
1959 |
@@ -112485,7 +112753,8 @@ index 0000000..89f256d |
1960 |
+#if BUILDING_GCC_VERSION >= 4008 |
1961 |
+ .optinfo_flags = OPTGROUP_NONE, |
1962 |
+#endif |
1963 |
-+#if BUILDING_GCC_VERSION >= 4009 |
1964 |
++#if BUILDING_GCC_VERSION >= 5000 |
1965 |
++#elif BUILDING_GCC_VERSION == 4009 |
1966 |
+ .has_gate = true, |
1967 |
+ .has_execute = true, |
1968 |
+#else |
1969 |
@@ -112507,26 +112776,40 @@ index 0000000..89f256d |
1970 |
+}; |
1971 |
+ |
1972 |
+#if BUILDING_GCC_VERSION >= 4009 |
1973 |
-+namespace { |
1974 |
+class kernexec_reload_pass : public gimple_opt_pass { |
1975 |
+public: |
1976 |
+ kernexec_reload_pass() : gimple_opt_pass(kernexec_reload_pass_data, g) {} |
1977 |
++#if BUILDING_GCC_VERSION >= 5000 |
1978 |
++ virtual bool gate(function *) { return kernexec_cmodel_check(); } |
1979 |
++ virtual unsigned int execute(function *) { return execute_kernexec_reload(); } |
1980 |
++#else |
1981 |
+ bool gate() { return kernexec_cmodel_check(); } |
1982 |
+ unsigned int execute() { return execute_kernexec_reload(); } |
1983 |
++#endif |
1984 |
+}; |
1985 |
+ |
1986 |
+class kernexec_fptr_pass : public gimple_opt_pass { |
1987 |
+public: |
1988 |
+ kernexec_fptr_pass() : gimple_opt_pass(kernexec_fptr_pass_data, g) {} |
1989 |
++#if BUILDING_GCC_VERSION >= 5000 |
1990 |
++ virtual bool gate(function *) { return kernexec_cmodel_check(); } |
1991 |
++ virtual unsigned int execute(function *) { return execute_kernexec_fptr(); } |
1992 |
++#else |
1993 |
+ bool gate() { return kernexec_cmodel_check(); } |
1994 |
+ unsigned int execute() { return execute_kernexec_fptr(); } |
1995 |
++#endif |
1996 |
+}; |
1997 |
+ |
1998 |
+class kernexec_retaddr_pass : public rtl_opt_pass { |
1999 |
+public: |
2000 |
+ kernexec_retaddr_pass() : rtl_opt_pass(kernexec_retaddr_pass_data, g) {} |
2001 |
++#if BUILDING_GCC_VERSION >= 5000 |
2002 |
++ virtual bool gate(function *) { return kernexec_cmodel_check(); } |
2003 |
++ virtual unsigned int execute(function *) { return execute_kernexec_retaddr(); } |
2004 |
++#else |
2005 |
+ bool gate() { return kernexec_cmodel_check(); } |
2006 |
+ unsigned int execute() { return execute_kernexec_retaddr(); } |
2007 |
++#endif |
2008 |
+}; |
2009 |
+} |
2010 |
+ |
2011 |
@@ -112627,12 +112910,12 @@ index 0000000..89f256d |
2012 |
+} |
2013 |
diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c |
2014 |
new file mode 100644 |
2015 |
-index 0000000..2a39357 |
2016 |
+index 0000000..d383708 |
2017 |
--- /dev/null |
2018 |
+++ b/tools/gcc/latent_entropy_plugin.c |
2019 |
-@@ -0,0 +1,467 @@ |
2020 |
+@@ -0,0 +1,473 @@ |
2021 |
+/* |
2022 |
-+ * Copyright 2012-2014 by the PaX Team <pageexec@××××××××.hu> |
2023 |
++ * Copyright 2012-2015 by the PaX Team <pageexec@××××××××.hu> |
2024 |
+ * Licensed under the GPL v2 |
2025 |
+ * |
2026 |
+ * Note: the choice of the license means that the compilation process is |
2027 |
@@ -113012,6 +113295,7 @@ index 0000000..2a39357 |
2028 |
+} |
2029 |
+ |
2030 |
+#if BUILDING_GCC_VERSION >= 4009 |
2031 |
++namespace { |
2032 |
+static const struct pass_data latent_entropy_pass_data = { |
2033 |
+#else |
2034 |
+static struct gimple_opt_pass latent_entropy_pass = { |
2035 |
@@ -113022,7 +113306,8 @@ index 0000000..2a39357 |
2036 |
+#if BUILDING_GCC_VERSION >= 4008 |
2037 |
+ .optinfo_flags = OPTGROUP_NONE, |
2038 |
+#endif |
2039 |
-+#if BUILDING_GCC_VERSION >= 4009 |
2040 |
++#if BUILDING_GCC_VERSION >= 5000 |
2041 |
++#elif BUILDING_GCC_VERSION == 4009 |
2042 |
+ .has_gate = true, |
2043 |
+ .has_execute = true, |
2044 |
+#else |
2045 |
@@ -113044,12 +113329,16 @@ index 0000000..2a39357 |
2046 |
+}; |
2047 |
+ |
2048 |
+#if BUILDING_GCC_VERSION >= 4009 |
2049 |
-+namespace { |
2050 |
+class latent_entropy_pass : public gimple_opt_pass { |
2051 |
+public: |
2052 |
+ latent_entropy_pass() : gimple_opt_pass(latent_entropy_pass_data, g) {} |
2053 |
++#if BUILDING_GCC_VERSION >= 5000 |
2054 |
++ virtual bool gate(function *) { return gate_latent_entropy(); } |
2055 |
++ virtual unsigned int execute(function *) { return execute_latent_entropy(); } |
2056 |
++#else |
2057 |
+ bool gate() { return gate_latent_entropy(); } |
2058 |
+ unsigned int execute() { return execute_latent_entropy(); } |
2059 |
++#endif |
2060 |
+}; |
2061 |
+} |
2062 |
+ |
2063 |
@@ -113100,12 +113389,12 @@ index 0000000..2a39357 |
2064 |
+} |
2065 |
diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c |
2066 |
new file mode 100644 |
2067 |
-index 0000000..a5cb46b |
2068 |
+index 0000000..e1983c0 |
2069 |
--- /dev/null |
2070 |
+++ b/tools/gcc/randomize_layout_plugin.c |
2071 |
-@@ -0,0 +1,915 @@ |
2072 |
+@@ -0,0 +1,917 @@ |
2073 |
+/* |
2074 |
-+ * Copyright 2014 by Open Source Security, Inc., Brad Spengler <spender@××××××××××.net> |
2075 |
++ * Copyright 2014,2015 by Open Source Security, Inc., Brad Spengler <spender@××××××××××.net> |
2076 |
+ * and PaX Team <pageexec@××××××××.hu> |
2077 |
+ * Licensed under the GPL v2 |
2078 |
+ * |
2079 |
@@ -113120,7 +113409,8 @@ index 0000000..a5cb46b |
2080 |
+#include "gcc-common.h" |
2081 |
+#include "randomize_layout_seed.h" |
2082 |
+ |
2083 |
-+#if BUILDING_GCC_MAJOR < 4 || BUILDING_GCC_MINOR < 6 || (BUILDING_GCC_MINOR == 6 && BUILDING_GCC_PATCHLEVEL < 4) |
2084 |
++#if BUILDING_GCC_MAJOR < 4 || (BUILDING_GCC_MAJOR == 4 && BUILDING_GCC_MINOR < 6) || \ |
2085 |
++ (BUILDING_GCC_MAJOR == 4 && BUILDING_GCC_MINOR == 6 && BUILDING_GCC_PATCHLEVEL < 4) |
2086 |
+#error "The RANDSTRUCT plugin requires GCC 4.6.4 or newer." |
2087 |
+#endif |
2088 |
+ |
2089 |
@@ -113920,7 +114210,8 @@ index 0000000..a5cb46b |
2090 |
+#if BUILDING_GCC_VERSION >= 4008 |
2091 |
+ .optinfo_flags = OPTGROUP_NONE, |
2092 |
+#endif |
2093 |
-+#if BUILDING_GCC_VERSION >= 4009 |
2094 |
++#if BUILDING_GCC_VERSION >= 5000 |
2095 |
++#elif BUILDING_GCC_VERSION >= 4009 |
2096 |
+ .has_gate = false, |
2097 |
+ .has_execute = true, |
2098 |
+#else |
2099 |
@@ -113980,8 +114271,8 @@ index 0000000..a5cb46b |
2100 |
+ return 1; |
2101 |
+ } |
2102 |
+ |
2103 |
-+ if (strcmp(lang_hooks.name, "GNU C")) { |
2104 |
-+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name); |
2105 |
++ if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) { |
2106 |
++ inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name); |
2107 |
+ enable = false; |
2108 |
+ } |
2109 |
+ |
2110 |
@@ -147228,12 +147519,12 @@ index 0000000..fd4aa92 |
2111 |
+} |
2112 |
diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c |
2113 |
new file mode 100644 |
2114 |
-index 0000000..90125d6 |
2115 |
+index 0000000..51dc09d |
2116 |
--- /dev/null |
2117 |
+++ b/tools/gcc/stackleak_plugin.c |
2118 |
-@@ -0,0 +1,396 @@ |
2119 |
+@@ -0,0 +1,408 @@ |
2120 |
+/* |
2121 |
-+ * Copyright 2011-2014 by the PaX Team <pageexec@××××××××.hu> |
2122 |
++ * Copyright 2011-2015 by the PaX Team <pageexec@××××××××.hu> |
2123 |
+ * Licensed under the GPL v2 |
2124 |
+ * |
2125 |
+ * Note: the choice of the license means that the compilation process is |
2126 |
@@ -147360,7 +147651,7 @@ index 0000000..90125d6 |
2127 |
+ |
2128 |
+static unsigned int execute_stackleak_final(void) |
2129 |
+{ |
2130 |
-+ rtx insn, next; |
2131 |
++ rtx_insn *insn, *next; |
2132 |
+ |
2133 |
+ if (cfun->calls_alloca) |
2134 |
+ return 0; |
2135 |
@@ -147454,6 +147745,7 @@ index 0000000..90125d6 |
2136 |
+} |
2137 |
+ |
2138 |
+#if BUILDING_GCC_VERSION >= 4009 |
2139 |
++namespace { |
2140 |
+static const struct pass_data stackleak_tree_instrument_pass_data = { |
2141 |
+#else |
2142 |
+static struct gimple_opt_pass stackleak_tree_instrument_pass = { |
2143 |
@@ -147464,7 +147756,8 @@ index 0000000..90125d6 |
2144 |
+#if BUILDING_GCC_VERSION >= 4008 |
2145 |
+ .optinfo_flags = OPTGROUP_NONE, |
2146 |
+#endif |
2147 |
-+#if BUILDING_GCC_VERSION >= 4009 |
2148 |
++#if BUILDING_GCC_VERSION >= 5000 |
2149 |
++#elif BUILDING_GCC_VERSION == 4009 |
2150 |
+ .has_gate = true, |
2151 |
+ .has_execute = true, |
2152 |
+#else |
2153 |
@@ -147496,7 +147789,8 @@ index 0000000..90125d6 |
2154 |
+#if BUILDING_GCC_VERSION >= 4008 |
2155 |
+ .optinfo_flags = OPTGROUP_NONE, |
2156 |
+#endif |
2157 |
-+#if BUILDING_GCC_VERSION >= 4009 |
2158 |
++#if BUILDING_GCC_VERSION >= 5000 |
2159 |
++#elif BUILDING_GCC_VERSION == 4009 |
2160 |
+ .has_gate = true, |
2161 |
+ .has_execute = true, |
2162 |
+#else |
2163 |
@@ -147518,19 +147812,28 @@ index 0000000..90125d6 |
2164 |
+}; |
2165 |
+ |
2166 |
+#if BUILDING_GCC_VERSION >= 4009 |
2167 |
-+namespace { |
2168 |
+class stackleak_tree_instrument_pass : public gimple_opt_pass { |
2169 |
+public: |
2170 |
+ stackleak_tree_instrument_pass() : gimple_opt_pass(stackleak_tree_instrument_pass_data, g) {} |
2171 |
++#if BUILDING_GCC_VERSION >= 5000 |
2172 |
++ virtual bool gate(function *) { return gate_stackleak_track_stack(); } |
2173 |
++ virtual unsigned int execute(function *) { return execute_stackleak_tree_instrument(); } |
2174 |
++#else |
2175 |
+ bool gate() { return gate_stackleak_track_stack(); } |
2176 |
+ unsigned int execute() { return execute_stackleak_tree_instrument(); } |
2177 |
++#endif |
2178 |
+}; |
2179 |
+ |
2180 |
+class stackleak_final_rtl_opt_pass : public rtl_opt_pass { |
2181 |
+public: |
2182 |
+ stackleak_final_rtl_opt_pass() : rtl_opt_pass(stackleak_final_rtl_opt_pass_data, g) {} |
2183 |
++#if BUILDING_GCC_VERSION >= 5000 |
2184 |
++ virtual bool gate(function *) { return gate_stackleak_track_stack(); } |
2185 |
++ virtual unsigned int execute(function *) { return execute_stackleak_final(); } |
2186 |
++#else |
2187 |
+ bool gate() { return gate_stackleak_track_stack(); } |
2188 |
+ unsigned int execute() { return execute_stackleak_final(); } |
2189 |
++#endif |
2190 |
+}; |
2191 |
+} |
2192 |
+ |
2193 |
@@ -147630,12 +147933,12 @@ index 0000000..90125d6 |
2194 |
+} |
2195 |
diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c |
2196 |
new file mode 100644 |
2197 |
-index 0000000..4ee2231 |
2198 |
+index 0000000..4436cbe |
2199 |
--- /dev/null |
2200 |
+++ b/tools/gcc/structleak_plugin.c |
2201 |
-@@ -0,0 +1,274 @@ |
2202 |
+@@ -0,0 +1,287 @@ |
2203 |
+/* |
2204 |
-+ * Copyright 2013-2014 by PaX Team <pageexec@××××××××.hu> |
2205 |
++ * Copyright 2013-2015 by PaX Team <pageexec@××××××××.hu> |
2206 |
+ * Licensed under the GPL v2 |
2207 |
+ * |
2208 |
+ * Note: the choice of the license means that the compilation process is |
2209 |
@@ -147662,8 +147965,8 @@ index 0000000..4ee2231 |
2210 |
+ |
2211 |
+#include "gcc-common.h" |
2212 |
+ |
2213 |
-+// unused C type flag in all versions 4.5-4.9 |
2214 |
-+#define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_3(TYPE) |
2215 |
++// unused C type flag in all versions 4.5-5.0 |
2216 |
++#define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_5(TYPE) |
2217 |
+ |
2218 |
+int plugin_is_GPL_compatible; |
2219 |
+ |
2220 |
@@ -147730,6 +148033,14 @@ index 0000000..4ee2231 |
2221 |
+{ |
2222 |
+ tree type = (tree)event_data; |
2223 |
+ |
2224 |
++ if (type == NULL_TREE || type == error_mark_node) |
2225 |
++ return; |
2226 |
++ |
2227 |
++#if BUILDING_GCC_VERSION >= 5000 |
2228 |
++ if (TREE_CODE(type) == ENUMERAL_TYPE) |
2229 |
++ return; |
2230 |
++#endif |
2231 |
++ |
2232 |
+ if (TYPE_USERSPACE(type)) |
2233 |
+ return; |
2234 |
+ |
2235 |
@@ -147816,6 +148127,7 @@ index 0000000..4ee2231 |
2236 |
+} |
2237 |
+ |
2238 |
+#if BUILDING_GCC_VERSION >= 4009 |
2239 |
++namespace { |
2240 |
+static const struct pass_data structleak_pass_data = { |
2241 |
+#else |
2242 |
+static struct gimple_opt_pass structleak_pass = { |
2243 |
@@ -147826,7 +148138,8 @@ index 0000000..4ee2231 |
2244 |
+#if BUILDING_GCC_VERSION >= 4008 |
2245 |
+ .optinfo_flags = OPTGROUP_NONE, |
2246 |
+#endif |
2247 |
-+#if BUILDING_GCC_VERSION >= 4009 |
2248 |
++#if BUILDING_GCC_VERSION >= 5000 |
2249 |
++#elif BUILDING_GCC_VERSION == 4009 |
2250 |
+ .has_gate = false, |
2251 |
+ .has_execute = true, |
2252 |
+#else |
2253 |
@@ -147848,11 +148161,14 @@ index 0000000..4ee2231 |
2254 |
+}; |
2255 |
+ |
2256 |
+#if BUILDING_GCC_VERSION >= 4009 |
2257 |
-+namespace { |
2258 |
+class structleak_pass : public gimple_opt_pass { |
2259 |
+public: |
2260 |
+ structleak_pass() : gimple_opt_pass(structleak_pass_data, g) {} |
2261 |
++#if BUILDING_GCC_VERSION >= 5000 |
2262 |
++ virtual unsigned int execute(function *) { return handle_function(); } |
2263 |
++#else |
2264 |
+ unsigned int execute() { return handle_function(); } |
2265 |
++#endif |
2266 |
+}; |
2267 |
+} |
2268 |
+ |
2269 |
@@ -147886,7 +148202,7 @@ index 0000000..4ee2231 |
2270 |
+ return 1; |
2271 |
+ } |
2272 |
+ |
2273 |
-+ if (strcmp(lang_hooks.name, "GNU C")) { |
2274 |
++ if (strncmp(lang_hooks.name, "GNU C", 5) || !strncmp(lang_hooks.name, "GNU C+", 6)) { |
2275 |
+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name); |
2276 |
+ enable = false; |
2277 |
+ } |
2278 |
|
2279 |
diff --git a/3.2.68/0000_README b/3.2.68/0000_README |
2280 |
index 1221adb..15188a5 100644 |
2281 |
--- a/3.2.68/0000_README |
2282 |
+++ b/3.2.68/0000_README |
2283 |
@@ -190,7 +190,7 @@ Patch: 1067_linux-3.2.68.patch |
2284 |
From: http://www.kernel.org |
2285 |
Desc: Linux 3.2.68 |
2286 |
|
2287 |
-Patch: 4420_grsecurity-3.1-3.2.68-201504142258.patch |
2288 |
+Patch: 4420_grsecurity-3.1-3.2.68-201504270825.patch |
2289 |
From: http://www.grsecurity.net |
2290 |
Desc: hardened-sources base patch from upstream grsecurity |
2291 |
|
2292 |
|
2293 |
diff --git a/3.2.68/4420_grsecurity-3.1-3.2.68-201504142258.patch b/3.2.68/4420_grsecurity-3.1-3.2.68-201504270825.patch |
2294 |
similarity index 99% |
2295 |
rename from 3.2.68/4420_grsecurity-3.1-3.2.68-201504142258.patch |
2296 |
rename to 3.2.68/4420_grsecurity-3.1-3.2.68-201504270825.patch |
2297 |
index 6147d13..5f8c996 100644 |
2298 |
--- a/3.2.68/4420_grsecurity-3.1-3.2.68-201504142258.patch |
2299 |
+++ b/3.2.68/4420_grsecurity-3.1-3.2.68-201504270825.patch |
2300 |
@@ -45874,6 +45874,19 @@ index a3bd0ba..8a34a90 100644 |
2301 |
|
2302 |
int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv); |
2303 |
int (*get_settings)(struct net_device *, struct ethtool_cmd *); |
2304 |
+diff --git a/drivers/net/ethernet/sfc/selftest.c b/drivers/net/ethernet/sfc/selftest.c |
2305 |
+index 4907885..af3d197 100644 |
2306 |
+--- a/drivers/net/ethernet/sfc/selftest.c |
2307 |
++++ b/drivers/net/ethernet/sfc/selftest.c |
2308 |
+@@ -37,7 +37,7 @@ struct efx_loopback_payload { |
2309 |
+ struct iphdr ip; |
2310 |
+ struct udphdr udp; |
2311 |
+ __be16 iteration; |
2312 |
+- const char msg[64]; |
2313 |
++ char msg[64]; |
2314 |
+ } __packed; |
2315 |
+ |
2316 |
+ /* Loopback test source MAC address */ |
2317 |
diff --git a/drivers/net/ethernet/sis/sis190.c b/drivers/net/ethernet/sis/sis190.c |
2318 |
index 1b4658c..a30dabb 100644 |
2319 |
--- a/drivers/net/ethernet/sis/sis190.c |
2320 |
@@ -58869,7 +58882,7 @@ index 451b9b8..12e5a03 100644 |
2321 |
|
2322 |
out_free_fd: |
2323 |
diff --git a/fs/exec.c b/fs/exec.c |
2324 |
-index 78199eb..abce65a 100644 |
2325 |
+index 78199eb..ffeac65 100644 |
2326 |
--- a/fs/exec.c |
2327 |
+++ b/fs/exec.c |
2328 |
@@ -55,12 +55,35 @@ |
2329 |
@@ -59203,7 +59216,22 @@ index 78199eb..abce65a 100644 |
2330 |
task_unlock(tsk); |
2331 |
arch_pick_mmap_layout(mm); |
2332 |
if (old_mm) { |
2333 |
-@@ -1070,6 +1149,21 @@ void set_task_comm(struct task_struct *tsk, char *buf) |
2334 |
+@@ -903,9 +982,13 @@ static int de_thread(struct task_struct *tsk) |
2335 |
+ if (!thread_group_leader(tsk)) { |
2336 |
+ struct task_struct *leader = tsk->group_leader; |
2337 |
+ |
2338 |
+- sig->notify_count = -1; /* for exit_notify() */ |
2339 |
+ for (;;) { |
2340 |
+ write_lock_irq(&tasklist_lock); |
2341 |
++ /* |
2342 |
++ * Do this under tasklist_lock to ensure that |
2343 |
++ * exit_notify() can't miss ->group_exit_task |
2344 |
++ */ |
2345 |
++ sig->notify_count = -1; |
2346 |
+ if (likely(leader->exit_state)) |
2347 |
+ break; |
2348 |
+ __set_current_state(TASK_UNINTERRUPTIBLE); |
2349 |
+@@ -1070,6 +1153,21 @@ void set_task_comm(struct task_struct *tsk, char *buf) |
2350 |
perf_event_comm(tsk); |
2351 |
} |
2352 |
|
2353 |
@@ -59225,7 +59253,7 @@ index 78199eb..abce65a 100644 |
2354 |
int flush_old_exec(struct linux_binprm * bprm) |
2355 |
{ |
2356 |
int retval; |
2357 |
-@@ -1084,6 +1178,7 @@ int flush_old_exec(struct linux_binprm * bprm) |
2358 |
+@@ -1084,6 +1182,7 @@ int flush_old_exec(struct linux_binprm * bprm) |
2359 |
|
2360 |
set_mm_exe_file(bprm->mm, bprm->file); |
2361 |
|
2362 |
@@ -59233,7 +59261,7 @@ index 78199eb..abce65a 100644 |
2363 |
/* |
2364 |
* Release all of the old mmap stuff |
2365 |
*/ |
2366 |
-@@ -1116,10 +1211,6 @@ EXPORT_SYMBOL(would_dump); |
2367 |
+@@ -1116,10 +1215,6 @@ EXPORT_SYMBOL(would_dump); |
2368 |
|
2369 |
void setup_new_exec(struct linux_binprm * bprm) |
2370 |
{ |
2371 |
@@ -59244,7 +59272,7 @@ index 78199eb..abce65a 100644 |
2372 |
arch_pick_mmap_layout(current->mm); |
2373 |
|
2374 |
/* This is the point of no return */ |
2375 |
-@@ -1130,18 +1221,7 @@ void setup_new_exec(struct linux_binprm * bprm) |
2376 |
+@@ -1130,18 +1225,7 @@ void setup_new_exec(struct linux_binprm * bprm) |
2377 |
else |
2378 |
set_dumpable(current->mm, suid_dumpable); |
2379 |
|
2380 |
@@ -59264,7 +59292,7 @@ index 78199eb..abce65a 100644 |
2381 |
|
2382 |
/* Set the new mm task size. We have to do that late because it may |
2383 |
* depend on TIF_32BIT which is only updated in flush_thread() on |
2384 |
-@@ -1229,7 +1309,7 @@ void install_exec_creds(struct linux_binprm *bprm) |
2385 |
+@@ -1229,7 +1313,7 @@ void install_exec_creds(struct linux_binprm *bprm) |
2386 |
* wait until new credentials are committed |
2387 |
* by commit_creds() above |
2388 |
*/ |
2389 |
@@ -59273,7 +59301,7 @@ index 78199eb..abce65a 100644 |
2390 |
perf_event_exit_task(current); |
2391 |
/* |
2392 |
* cred_guard_mutex must be held at least to this point to prevent |
2393 |
-@@ -1259,6 +1339,13 @@ int check_unsafe_exec(struct linux_binprm *bprm) |
2394 |
+@@ -1259,6 +1343,13 @@ int check_unsafe_exec(struct linux_binprm *bprm) |
2395 |
bprm->unsafe |= LSM_UNSAFE_PTRACE; |
2396 |
} |
2397 |
|
2398 |
@@ -59287,7 +59315,7 @@ index 78199eb..abce65a 100644 |
2399 |
n_fs = 1; |
2400 |
spin_lock(&p->fs->lock); |
2401 |
rcu_read_lock(); |
2402 |
-@@ -1268,7 +1355,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) |
2403 |
+@@ -1268,7 +1359,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) |
2404 |
} |
2405 |
rcu_read_unlock(); |
2406 |
|
2407 |
@@ -59296,17 +59324,99 @@ index 78199eb..abce65a 100644 |
2408 |
bprm->unsafe |= LSM_UNSAFE_SHARE; |
2409 |
} else { |
2410 |
res = -EAGAIN; |
2411 |
-@@ -1302,7 +1389,8 @@ int prepare_binprm(struct linux_binprm *bprm) |
2412 |
+@@ -1282,45 +1373,60 @@ int check_unsafe_exec(struct linux_binprm *bprm) |
2413 |
+ return res; |
2414 |
+ } |
2415 |
+ |
2416 |
+-/* |
2417 |
+- * Fill the binprm structure from the inode. |
2418 |
+- * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes |
2419 |
+- * |
2420 |
+- * This may be called multiple times for binary chains (scripts for example). |
2421 |
+- */ |
2422 |
+-int prepare_binprm(struct linux_binprm *bprm) |
2423 |
++static void bprm_fill_uid(struct linux_binprm *bprm) |
2424 |
+ { |
2425 |
+- umode_t mode; |
2426 |
+- struct inode * inode = bprm->file->f_path.dentry->d_inode; |
2427 |
+- int retval; |
2428 |
+- |
2429 |
+- mode = inode->i_mode; |
2430 |
+- if (bprm->file->f_op == NULL) |
2431 |
+- return -EACCES; |
2432 |
++ struct inode *inode; |
2433 |
++ unsigned int mode; |
2434 |
++ uid_t uid; |
2435 |
++ gid_t gid; |
2436 |
+ |
2437 |
+ /* clear any previous set[ug]id data from a previous binary */ |
2438 |
bprm->cred->euid = current_euid(); |
2439 |
bprm->cred->egid = current_egid(); |
2440 |
|
2441 |
- if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) { |
2442 |
-+ if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) && |
2443 |
-+ !current->no_new_privs) { |
2444 |
- /* Set-uid? */ |
2445 |
- if (mode & S_ISUID) { |
2446 |
- bprm->per_clear |= PER_CLEAR_ON_SETID; |
2447 |
-@@ -1463,6 +1551,31 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) |
2448 |
+- /* Set-uid? */ |
2449 |
+- if (mode & S_ISUID) { |
2450 |
+- bprm->per_clear |= PER_CLEAR_ON_SETID; |
2451 |
+- bprm->cred->euid = inode->i_uid; |
2452 |
+- } |
2453 |
+- |
2454 |
+- /* Set-gid? */ |
2455 |
+- /* |
2456 |
+- * If setgid is set but no group execute bit then this |
2457 |
+- * is a candidate for mandatory locking, not a setgid |
2458 |
+- * executable. |
2459 |
+- */ |
2460 |
+- if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { |
2461 |
+- bprm->per_clear |= PER_CLEAR_ON_SETID; |
2462 |
+- bprm->cred->egid = inode->i_gid; |
2463 |
+- } |
2464 |
++ if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) |
2465 |
++ return; |
2466 |
++ |
2467 |
++ if (current->no_new_privs) |
2468 |
++ return; |
2469 |
++ |
2470 |
++ inode = bprm->file->f_path.dentry->d_inode; |
2471 |
++ mode = ACCESS_ONCE(inode->i_mode); |
2472 |
++ if (!(mode & (S_ISUID|S_ISGID))) |
2473 |
++ return; |
2474 |
++ |
2475 |
++ /* Be careful if suid/sgid is set */ |
2476 |
++ mutex_lock(&inode->i_mutex); |
2477 |
++ |
2478 |
++ /* reload atomically mode/uid/gid now that lock held */ |
2479 |
++ mode = inode->i_mode; |
2480 |
++ uid = inode->i_uid; |
2481 |
++ gid = inode->i_gid; |
2482 |
++ mutex_unlock(&inode->i_mutex); |
2483 |
++ |
2484 |
++ if (mode & S_ISUID) { |
2485 |
++ bprm->per_clear |= PER_CLEAR_ON_SETID; |
2486 |
++ bprm->cred->euid = uid; |
2487 |
+ } |
2488 |
+ |
2489 |
++ if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { |
2490 |
++ bprm->per_clear |= PER_CLEAR_ON_SETID; |
2491 |
++ bprm->cred->egid = gid; |
2492 |
++ } |
2493 |
++} |
2494 |
++ |
2495 |
++/* |
2496 |
++ * Fill the binprm structure from the inode. |
2497 |
++ * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes |
2498 |
++ * |
2499 |
++ * This may be called multiple times for binary chains (scripts for example). |
2500 |
++ */ |
2501 |
++int prepare_binprm(struct linux_binprm *bprm) |
2502 |
++{ |
2503 |
++ int retval; |
2504 |
++ |
2505 |
++ bprm_fill_uid(bprm); |
2506 |
++ |
2507 |
+ /* fill in binprm security blob */ |
2508 |
+ retval = security_bprm_set_creds(bprm); |
2509 |
+ if (retval) |
2510 |
+@@ -1463,6 +1569,31 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) |
2511 |
|
2512 |
EXPORT_SYMBOL(search_binary_handler); |
2513 |
|
2514 |
@@ -59338,7 +59448,7 @@ index 78199eb..abce65a 100644 |
2515 |
/* |
2516 |
* sys_execve() executes a new program. |
2517 |
*/ |
2518 |
-@@ -1471,6 +1584,11 @@ static int do_execve_common(const char *filename, |
2519 |
+@@ -1471,6 +1602,11 @@ static int do_execve_common(const char *filename, |
2520 |
struct user_arg_ptr envp, |
2521 |
struct pt_regs *regs) |
2522 |
{ |
2523 |
@@ -59350,7 +59460,7 @@ index 78199eb..abce65a 100644 |
2524 |
struct linux_binprm *bprm; |
2525 |
struct file *file; |
2526 |
struct files_struct *displaced; |
2527 |
-@@ -1478,6 +1596,8 @@ static int do_execve_common(const char *filename, |
2528 |
+@@ -1478,6 +1614,8 @@ static int do_execve_common(const char *filename, |
2529 |
int retval; |
2530 |
const struct cred *cred = current_cred(); |
2531 |
|
2532 |
@@ -59359,7 +59469,7 @@ index 78199eb..abce65a 100644 |
2533 |
/* |
2534 |
* We move the actual failure in case of RLIMIT_NPROC excess from |
2535 |
* set*uid() to execve() because too many poorly written programs |
2536 |
-@@ -1518,12 +1638,22 @@ static int do_execve_common(const char *filename, |
2537 |
+@@ -1518,12 +1656,22 @@ static int do_execve_common(const char *filename, |
2538 |
if (IS_ERR(file)) |
2539 |
goto out_unmark; |
2540 |
|
2541 |
@@ -59382,7 +59492,7 @@ index 78199eb..abce65a 100644 |
2542 |
retval = bprm_mm_init(bprm); |
2543 |
if (retval) |
2544 |
goto out_file; |
2545 |
-@@ -1540,24 +1670,70 @@ static int do_execve_common(const char *filename, |
2546 |
+@@ -1540,24 +1688,70 @@ static int do_execve_common(const char *filename, |
2547 |
if (retval < 0) |
2548 |
goto out; |
2549 |
|
2550 |
@@ -59457,7 +59567,7 @@ index 78199eb..abce65a 100644 |
2551 |
current->fs->in_exec = 0; |
2552 |
current->in_execve = 0; |
2553 |
acct_update_integrals(current); |
2554 |
-@@ -1566,6 +1742,14 @@ static int do_execve_common(const char *filename, |
2555 |
+@@ -1566,6 +1760,14 @@ static int do_execve_common(const char *filename, |
2556 |
put_files_struct(displaced); |
2557 |
return retval; |
2558 |
|
2559 |
@@ -59472,7 +59582,7 @@ index 78199eb..abce65a 100644 |
2560 |
out: |
2561 |
if (bprm->mm) { |
2562 |
acct_arg_size(bprm, 0); |
2563 |
-@@ -1639,7 +1823,7 @@ static int expand_corename(struct core_name *cn) |
2564 |
+@@ -1639,7 +1841,7 @@ static int expand_corename(struct core_name *cn) |
2565 |
{ |
2566 |
char *old_corename = cn->corename; |
2567 |
|
2568 |
@@ -59481,7 +59591,7 @@ index 78199eb..abce65a 100644 |
2569 |
cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); |
2570 |
|
2571 |
if (!cn->corename) { |
2572 |
-@@ -1736,7 +1920,7 @@ static int format_corename(struct core_name *cn, long signr) |
2573 |
+@@ -1736,7 +1938,7 @@ static int format_corename(struct core_name *cn, long signr) |
2574 |
int pid_in_pattern = 0; |
2575 |
int err = 0; |
2576 |
|
2577 |
@@ -59490,7 +59600,7 @@ index 78199eb..abce65a 100644 |
2578 |
cn->corename = kmalloc(cn->size, GFP_KERNEL); |
2579 |
cn->used = 0; |
2580 |
|
2581 |
-@@ -1833,6 +2017,309 @@ out: |
2582 |
+@@ -1833,6 +2035,309 @@ out: |
2583 |
return ispipe; |
2584 |
} |
2585 |
|
2586 |
@@ -59800,7 +59910,7 @@ index 78199eb..abce65a 100644 |
2587 |
static int zap_process(struct task_struct *start, int exit_code) |
2588 |
{ |
2589 |
struct task_struct *t; |
2590 |
-@@ -2006,17 +2493,17 @@ static void coredump_finish(struct mm_struct *mm) |
2591 |
+@@ -2006,17 +2511,17 @@ static void coredump_finish(struct mm_struct *mm) |
2592 |
void set_dumpable(struct mm_struct *mm, int value) |
2593 |
{ |
2594 |
switch (value) { |
2595 |
@@ -59821,7 +59931,7 @@ index 78199eb..abce65a 100644 |
2596 |
set_bit(MMF_DUMP_SECURELY, &mm->flags); |
2597 |
smp_wmb(); |
2598 |
set_bit(MMF_DUMPABLE, &mm->flags); |
2599 |
-@@ -2029,7 +2516,7 @@ static int __get_dumpable(unsigned long mm_flags) |
2600 |
+@@ -2029,7 +2534,7 @@ static int __get_dumpable(unsigned long mm_flags) |
2601 |
int ret; |
2602 |
|
2603 |
ret = mm_flags & MMF_DUMPABLE_MASK; |
2604 |
@@ -59830,7 +59940,7 @@ index 78199eb..abce65a 100644 |
2605 |
} |
2606 |
|
2607 |
/* |
2608 |
-@@ -2050,17 +2537,17 @@ static void wait_for_dump_helpers(struct file *file) |
2609 |
+@@ -2050,17 +2555,17 @@ static void wait_for_dump_helpers(struct file *file) |
2610 |
pipe = file->f_path.dentry->d_inode->i_pipe; |
2611 |
|
2612 |
pipe_lock(pipe); |
2613 |
@@ -59853,7 +59963,7 @@ index 78199eb..abce65a 100644 |
2614 |
pipe_unlock(pipe); |
2615 |
|
2616 |
} |
2617 |
-@@ -2121,7 +2608,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) |
2618 |
+@@ -2121,7 +2626,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) |
2619 |
int retval = 0; |
2620 |
int flag = 0; |
2621 |
int ispipe; |
2622 |
@@ -59863,7 +59973,7 @@ index 78199eb..abce65a 100644 |
2623 |
struct coredump_params cprm = { |
2624 |
.signr = signr, |
2625 |
.regs = regs, |
2626 |
-@@ -2136,6 +2624,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) |
2627 |
+@@ -2136,6 +2642,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) |
2628 |
|
2629 |
audit_core_dumps(signr); |
2630 |
|
2631 |
@@ -59873,7 +59983,7 @@ index 78199eb..abce65a 100644 |
2632 |
binfmt = mm->binfmt; |
2633 |
if (!binfmt || !binfmt->core_dump) |
2634 |
goto fail; |
2635 |
-@@ -2146,14 +2637,16 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) |
2636 |
+@@ -2146,14 +2655,16 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) |
2637 |
if (!cred) |
2638 |
goto fail; |
2639 |
/* |
2640 |
@@ -59894,7 +60004,7 @@ index 78199eb..abce65a 100644 |
2641 |
} |
2642 |
|
2643 |
retval = coredump_wait(exit_code, &core_state); |
2644 |
-@@ -2203,7 +2696,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) |
2645 |
+@@ -2203,7 +2714,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) |
2646 |
} |
2647 |
cprm.limit = RLIM_INFINITY; |
2648 |
|
2649 |
@@ -59903,7 +60013,7 @@ index 78199eb..abce65a 100644 |
2650 |
if (core_pipe_limit && (core_pipe_limit < dump_count)) { |
2651 |
printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", |
2652 |
task_tgid_vnr(current), current->comm); |
2653 |
-@@ -2230,9 +2723,19 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) |
2654 |
+@@ -2230,9 +2741,19 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) |
2655 |
} else { |
2656 |
struct inode *inode; |
2657 |
|
2658 |
@@ -59923,7 +60033,7 @@ index 78199eb..abce65a 100644 |
2659 |
cprm.file = filp_open(cn.corename, |
2660 |
O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag, |
2661 |
0600); |
2662 |
-@@ -2273,7 +2776,7 @@ close_fail: |
2663 |
+@@ -2273,7 +2794,7 @@ close_fail: |
2664 |
filp_close(cprm.file, NULL); |
2665 |
fail_dropcount: |
2666 |
if (ispipe) |
2667 |
@@ -59932,7 +60042,7 @@ index 78199eb..abce65a 100644 |
2668 |
fail_unlock: |
2669 |
kfree(cn.corename); |
2670 |
fail_corename: |
2671 |
-@@ -2292,7 +2795,7 @@ fail: |
2672 |
+@@ -2292,7 +2813,7 @@ fail: |
2673 |
*/ |
2674 |
int dump_write(struct file *file, const void *addr, int nr) |
2675 |
{ |
2676 |
@@ -80307,10 +80417,10 @@ index e2a360a..1d61efb 100644 |
2677 |
|
2678 |
#if __GNUC_MINOR__ > 0 |
2679 |
diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h |
2680 |
-index cdd1cc2..59dc542 100644 |
2681 |
+index cdd1cc2..2401b2e 100644 |
2682 |
--- a/include/linux/compiler-gcc5.h |
2683 |
+++ b/include/linux/compiler-gcc5.h |
2684 |
-@@ -28,6 +28,28 @@ |
2685 |
+@@ -28,6 +28,26 @@ |
2686 |
# define __compiletime_error(message) __attribute__((error(message))) |
2687 |
#endif /* __CHECKER__ */ |
2688 |
|
2689 |
@@ -80320,7 +80430,6 @@ index cdd1cc2..59dc542 100644 |
2690 |
+#define __bos1(ptr) __bos((ptr), 1) |
2691 |
+ |
2692 |
+#ifdef CONSTIFY_PLUGIN |
2693 |
-+#error not yet |
2694 |
+#define __no_const __attribute__((no_const)) |
2695 |
+#define __do_const __attribute__((do_const)) |
2696 |
+#endif |
2697 |
@@ -80332,13 +80441,20 @@ index cdd1cc2..59dc542 100644 |
2698 |
+#endif |
2699 |
+ |
2700 |
+#ifdef LATENT_ENTROPY_PLUGIN |
2701 |
-+#error not yet |
2702 |
+#define __latent_entropy __attribute__((latent_entropy)) |
2703 |
+#endif |
2704 |
+ |
2705 |
/* |
2706 |
* Mark a position in code as unreachable. This can be used to |
2707 |
* suppress control flow warnings after asm blocks that transfer |
2708 |
+@@ -53,7 +73,6 @@ |
2709 |
+ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670 |
2710 |
+ * |
2711 |
+ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek. |
2712 |
+- * Fixed in GCC 4.8.2 and later versions. |
2713 |
+ * |
2714 |
+ * (asm goto is automatically volatile - the naming reflects this.) |
2715 |
+ */ |
2716 |
diff --git a/include/linux/compiler.h b/include/linux/compiler.h |
2717 |
index 7c7546b..92ea3ae 100644 |
2718 |
--- a/include/linux/compiler.h |
2719 |
@@ -82714,7 +82830,7 @@ index 9146f39..536519a 100644 |
2720 |
#define __meminitconst __section(.meminit.rodata) |
2721 |
#define __memexit __section(.memexit.text) __exitused __cold notrace |
2722 |
diff --git a/include/linux/init_task.h b/include/linux/init_task.h |
2723 |
-index cdde2b3..d782954 100644 |
2724 |
+index cdde2b37..d782954 100644 |
2725 |
--- a/include/linux/init_task.h |
2726 |
+++ b/include/linux/init_task.h |
2727 |
@@ -144,6 +144,12 @@ extern struct task_group root_task_group; |
2728 |
@@ -111376,6 +111492,9 @@ index 0000000..eaa4fce |
2729 |
+ exit 0 |
2730 |
+fi |
2731 |
+exit 1 |
2732 |
+diff --git a/scripts/gcc-version.sh b/scripts/gcc-version.sh |
2733 |
+old mode 100644 |
2734 |
+new mode 100755 |
2735 |
diff --git a/scripts/headers_install.pl b/scripts/headers_install.pl |
2736 |
index 48462be..3e08f94 100644 |
2737 |
--- a/scripts/headers_install.pl |
2738 |
@@ -115394,12 +115513,12 @@ index 0000000..5452feea |
2739 |
+} |
2740 |
diff --git a/tools/gcc/colorize_plugin.c b/tools/gcc/colorize_plugin.c |
2741 |
new file mode 100644 |
2742 |
-index 0000000..d44bd9f |
2743 |
+index 0000000..0c96d8a |
2744 |
--- /dev/null |
2745 |
+++ b/tools/gcc/colorize_plugin.c |
2746 |
@@ -0,0 +1,215 @@ |
2747 |
+/* |
2748 |
-+ * Copyright 2012-2014 by PaX Team <pageexec@××××××××.hu> |
2749 |
++ * Copyright 2012-2015 by PaX Team <pageexec@××××××××.hu> |
2750 |
+ * Licensed under the GPL v2 |
2751 |
+ * |
2752 |
+ * Note: the choice of the license means that the compilation process is |
2753 |
@@ -115492,6 +115611,7 @@ index 0000000..d44bd9f |
2754 |
+} |
2755 |
+ |
2756 |
+#if BUILDING_GCC_VERSION >= 4009 |
2757 |
++namespace { |
2758 |
+static const struct pass_data colorize_rearm_pass_data = { |
2759 |
+#else |
2760 |
+struct simple_ipa_opt_pass colorize_rearm_pass = { |
2761 |
@@ -115525,7 +115645,6 @@ index 0000000..d44bd9f |
2762 |
+}; |
2763 |
+ |
2764 |
+#if BUILDING_GCC_VERSION >= 4009 |
2765 |
-+namespace { |
2766 |
+class colorize_rearm_pass : public simple_ipa_opt_pass { |
2767 |
+public: |
2768 |
+ colorize_rearm_pass() : simple_ipa_opt_pass(colorize_rearm_pass_data, g) {} |
2769 |
@@ -115615,13 +115734,13 @@ index 0000000..d44bd9f |
2770 |
+} |
2771 |
diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c |
2772 |
new file mode 100644 |
2773 |
-index 0000000..3b5af59 |
2774 |
+index 0000000..93b181d |
2775 |
--- /dev/null |
2776 |
+++ b/tools/gcc/constify_plugin.c |
2777 |
-@@ -0,0 +1,558 @@ |
2778 |
+@@ -0,0 +1,563 @@ |
2779 |
+/* |
2780 |
+ * Copyright 2011 by Emese Revfy <re.emese@×××××.com> |
2781 |
-+ * Copyright 2011-2014 by PaX Team <pageexec@××××××××.hu> |
2782 |
++ * Copyright 2011-2015 by PaX Team <pageexec@××××××××.hu> |
2783 |
+ * Licensed under the GPL v2, or (at your option) v3 |
2784 |
+ * |
2785 |
+ * This gcc plugin constifies all structures which contain only function pointers or are explicitly marked for constification. |
2786 |
@@ -115636,7 +115755,7 @@ index 0000000..3b5af59 |
2787 |
+ |
2788 |
+#include "gcc-common.h" |
2789 |
+ |
2790 |
-+// unused C type flag in all versions 4.5-4.9 |
2791 |
++// unused C type flag in all versions 4.5-5.0 |
2792 |
+#define TYPE_CONSTIFY_VISITED(TYPE) TYPE_LANG_FLAG_4(TYPE) |
2793 |
+ |
2794 |
+int plugin_is_GPL_compatible; |
2795 |
@@ -115942,6 +116061,11 @@ index 0000000..3b5af59 |
2796 |
+ if (type == NULL_TREE || type == error_mark_node) |
2797 |
+ return; |
2798 |
+ |
2799 |
++#if BUILDING_GCC_VERSION >= 5000 |
2800 |
++ if (TREE_CODE(type) == ENUMERAL_TYPE) |
2801 |
++ return; |
2802 |
++#endif |
2803 |
++ |
2804 |
+ if (TYPE_FIELDS(type) == NULL_TREE || TYPE_CONSTIFY_VISITED(type)) |
2805 |
+ return; |
2806 |
+ |
2807 |
@@ -116042,6 +116166,7 @@ index 0000000..3b5af59 |
2808 |
+} |
2809 |
+ |
2810 |
+#if BUILDING_GCC_VERSION >= 4009 |
2811 |
++namespace { |
2812 |
+static const struct pass_data check_local_variables_pass_data = { |
2813 |
+#else |
2814 |
+static struct gimple_opt_pass check_local_variables_pass = { |
2815 |
@@ -116075,7 +116200,6 @@ index 0000000..3b5af59 |
2816 |
+}; |
2817 |
+ |
2818 |
+#if BUILDING_GCC_VERSION >= 4009 |
2819 |
-+namespace { |
2820 |
+class check_local_variables_pass : public gimple_opt_pass { |
2821 |
+public: |
2822 |
+ check_local_variables_pass() : gimple_opt_pass(check_local_variables_pass_data, g) {} |
2823 |
@@ -116179,10 +116303,10 @@ index 0000000..3b5af59 |
2824 |
+} |
2825 |
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h |
2826 |
new file mode 100644 |
2827 |
-index 0000000..14ec226 |
2828 |
+index 0000000..19fedf2 |
2829 |
--- /dev/null |
2830 |
+++ b/tools/gcc/gcc-common.h |
2831 |
-@@ -0,0 +1,520 @@ |
2832 |
+@@ -0,0 +1,540 @@ |
2833 |
+#ifndef GCC_COMMON_H_INCLUDED |
2834 |
+#define GCC_COMMON_H_INCLUDED |
2835 |
+ |
2836 |
@@ -116284,11 +116408,13 @@ index 0000000..14ec226 |
2837 |
+//#include "diagnostic-color.h" |
2838 |
+#include "context.h" |
2839 |
+#include "tree-ssa-alias.h" |
2840 |
++#include "tree-ssa.h" |
2841 |
+#include "stringpool.h" |
2842 |
+#include "tree-ssanames.h" |
2843 |
+#include "print-tree.h" |
2844 |
+#include "tree-eh.h" |
2845 |
+#include "stmt.h" |
2846 |
++#include "gimplify.h" |
2847 |
+#endif |
2848 |
+ |
2849 |
+#include "gimple.h" |
2850 |
@@ -116311,6 +116437,7 @@ index 0000000..14ec226 |
2851 |
+//#include "lto-compress.h" |
2852 |
+#if BUILDING_GCC_VERSION >= 5000 |
2853 |
+//#include "lto-section-names.h" |
2854 |
++#include "builtins.h" |
2855 |
+#endif |
2856 |
+ |
2857 |
+//#include "expr.h" where are you... |
2858 |
@@ -116538,6 +116665,7 @@ index 0000000..14ec226 |
2859 |
+typedef union gimple_statement_d gasm; |
2860 |
+typedef union gimple_statement_d gassign; |
2861 |
+typedef union gimple_statement_d gcall; |
2862 |
++typedef union gimple_statement_d gdebug; |
2863 |
+typedef union gimple_statement_d gphi; |
2864 |
+typedef union gimple_statement_d greturn; |
2865 |
+#endif |
2866 |
@@ -116564,6 +116692,7 @@ index 0000000..14ec226 |
2867 |
+typedef struct gimple_statement_base gasm; |
2868 |
+typedef struct gimple_statement_base gassign; |
2869 |
+typedef struct gimple_statement_base gcall; |
2870 |
++typedef struct gimple_statement_base gdebug; |
2871 |
+typedef struct gimple_statement_base gphi; |
2872 |
+typedef struct gimple_statement_base greturn; |
2873 |
+#endif |
2874 |
@@ -116580,6 +116709,11 @@ index 0000000..14ec226 |
2875 |
+{ |
2876 |
+ return stmt; |
2877 |
+} |
2878 |
++ |
2879 |
++static inline greturn *as_a_greturn(gimple stmt) |
2880 |
++{ |
2881 |
++ return stmt; |
2882 |
++} |
2883 |
+#endif |
2884 |
+ |
2885 |
+#if BUILDING_GCC_VERSION >= 4009 |
2886 |
@@ -116600,16 +116734,16 @@ index 0000000..14ec226 |
2887 |
+ |
2888 |
+#define INSN_DELETED_P(insn) (insn)->deleted() |
2889 |
+ |
2890 |
-+extern bool is_simple_builtin(tree); |
2891 |
-+ |
2892 |
+// symtab/cgraph related |
2893 |
+#define debug_cgraph_node(node) (node)->debug() |
2894 |
+#define cgraph_get_node(decl) cgraph_node::get(decl) |
2895 |
+#define cgraph_n_nodes symtab->cgraph_count |
2896 |
+#define cgraph_max_uid symtab->cgraph_max_uid |
2897 |
++#define varpool_get_node(decl) varpool_node::get(decl) |
2898 |
+ |
2899 |
+typedef struct cgraph_node *cgraph_node_ptr; |
2900 |
+typedef struct cgraph_edge *cgraph_edge_p; |
2901 |
++typedef struct varpool_node *varpool_node_ptr; |
2902 |
+ |
2903 |
+static inline void change_decl_assembler_name(tree decl, tree name) |
2904 |
+{ |
2905 |
@@ -116687,11 +116821,21 @@ index 0000000..14ec226 |
2906 |
+ return as_a<gasm *>(stmt); |
2907 |
+} |
2908 |
+ |
2909 |
++static inline const gasm *as_a_gasm(const_gimple stmt) |
2910 |
++{ |
2911 |
++ return as_a<const gasm *>(stmt); |
2912 |
++} |
2913 |
++ |
2914 |
+static inline gcall *as_a_gcall(gimple stmt) |
2915 |
+{ |
2916 |
+ return as_a<gcall *>(stmt); |
2917 |
+} |
2918 |
+ |
2919 |
++static inline greturn *as_a_greturn(gimple stmt) |
2920 |
++{ |
2921 |
++ return as_a<greturn *>(stmt); |
2922 |
++} |
2923 |
++ |
2924 |
+// IPA/LTO related |
2925 |
+#define ipa_ref_list_referring_iterate(L,I,P) (L)->referring.iterate((I), &(P)) |
2926 |
+#define ipa_ref_list_reference_iterate(L,I,P) (L)->reference.iterate((I), &(P)) |
2927 |
@@ -116719,12 +116863,12 @@ index 0000000..7514850 |
2928 |
+fi |
2929 |
diff --git a/tools/gcc/kallocstat_plugin.c b/tools/gcc/kallocstat_plugin.c |
2930 |
new file mode 100644 |
2931 |
-index 0000000..d81c094 |
2932 |
+index 0000000..457d54e |
2933 |
--- /dev/null |
2934 |
+++ b/tools/gcc/kallocstat_plugin.c |
2935 |
-@@ -0,0 +1,183 @@ |
2936 |
+@@ -0,0 +1,188 @@ |
2937 |
+/* |
2938 |
-+ * Copyright 2011-2014 by the PaX Team <pageexec@××××××××.hu> |
2939 |
++ * Copyright 2011-2015 by the PaX Team <pageexec@××××××××.hu> |
2940 |
+ * Licensed under the GPL v2 |
2941 |
+ * |
2942 |
+ * Note: the choice of the license means that the compilation process is |
2943 |
@@ -116835,6 +116979,7 @@ index 0000000..d81c094 |
2944 |
+} |
2945 |
+ |
2946 |
+#if BUILDING_GCC_VERSION >= 4009 |
2947 |
++namespace { |
2948 |
+static const struct pass_data kallocstat_pass_data = { |
2949 |
+#else |
2950 |
+static struct gimple_opt_pass kallocstat_pass = { |
2951 |
@@ -116845,7 +116990,8 @@ index 0000000..d81c094 |
2952 |
+#if BUILDING_GCC_VERSION >= 4008 |
2953 |
+ .optinfo_flags = OPTGROUP_NONE, |
2954 |
+#endif |
2955 |
-+#if BUILDING_GCC_VERSION >= 4009 |
2956 |
++#if BUILDING_GCC_VERSION >= 5000 |
2957 |
++#elif BUILDING_GCC_VERSION == 4009 |
2958 |
+ .has_gate = false, |
2959 |
+ .has_execute = true, |
2960 |
+#else |
2961 |
@@ -116867,11 +117013,14 @@ index 0000000..d81c094 |
2962 |
+}; |
2963 |
+ |
2964 |
+#if BUILDING_GCC_VERSION >= 4009 |
2965 |
-+namespace { |
2966 |
+class kallocstat_pass : public gimple_opt_pass { |
2967 |
+public: |
2968 |
+ kallocstat_pass() : gimple_opt_pass(kallocstat_pass_data, g) {} |
2969 |
++#if BUILDING_GCC_VERSION >= 5000 |
2970 |
++ virtual unsigned int execute(function *) { return execute_kallocstat(); } |
2971 |
++#else |
2972 |
+ unsigned int execute() { return execute_kallocstat(); } |
2973 |
++#endif |
2974 |
+}; |
2975 |
+} |
2976 |
+ |
2977 |
@@ -116908,12 +117057,12 @@ index 0000000..d81c094 |
2978 |
+} |
2979 |
diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c |
2980 |
new file mode 100644 |
2981 |
-index 0000000..89f256d |
2982 |
+index 0000000..71716e7 |
2983 |
--- /dev/null |
2984 |
+++ b/tools/gcc/kernexec_plugin.c |
2985 |
-@@ -0,0 +1,522 @@ |
2986 |
+@@ -0,0 +1,547 @@ |
2987 |
+/* |
2988 |
-+ * Copyright 2011-2014 by the PaX Team <pageexec@××××××××.hu> |
2989 |
++ * Copyright 2011-2015 by the PaX Team <pageexec@××××××××.hu> |
2990 |
+ * Licensed under the GPL v2 |
2991 |
+ * |
2992 |
+ * Note: the choice of the license means that the compilation process is |
2993 |
@@ -116946,7 +117095,7 @@ index 0000000..89f256d |
2994 |
+ */ |
2995 |
+static void kernexec_reload_fptr_mask(gimple_stmt_iterator *gsi) |
2996 |
+{ |
2997 |
-+ gimple asm_movabs_stmt; |
2998 |
++ gasm *asm_movabs_stmt; |
2999 |
+ |
3000 |
+ // build asm volatile("movabs $0x8000000000000000, %%r12\n\t" : : : ); |
3001 |
+ asm_movabs_stmt = gimple_build_asm_vec("movabs $0x8000000000000000, %%r12\n\t", NULL, NULL, NULL, NULL); |
3002 |
@@ -116968,14 +117117,17 @@ index 0000000..89f256d |
3003 |
+ |
3004 |
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { |
3005 |
+ // gimple match: __asm__ ("" : : : "r12"); |
3006 |
-+ gimple asm_stmt; |
3007 |
++ gimple stmt; |
3008 |
++ gasm *asm_stmt; |
3009 |
+ size_t nclobbers; |
3010 |
+ |
3011 |
+ // is it an asm ... |
3012 |
-+ asm_stmt = gsi_stmt(gsi); |
3013 |
-+ if (gimple_code(asm_stmt) != GIMPLE_ASM) |
3014 |
++ stmt = gsi_stmt(gsi); |
3015 |
++ if (gimple_code(stmt) != GIMPLE_ASM) |
3016 |
+ continue; |
3017 |
+ |
3018 |
++ asm_stmt = as_a_gasm(stmt); |
3019 |
++ |
3020 |
+ // ... clobbering r12 |
3021 |
+ nclobbers = gimple_asm_nclobbers(asm_stmt); |
3022 |
+ while (nclobbers--) { |
3023 |
@@ -116998,10 +117150,11 @@ index 0000000..89f256d |
3024 |
+ */ |
3025 |
+static void kernexec_instrument_fptr_bts(gimple_stmt_iterator *gsi) |
3026 |
+{ |
3027 |
-+ gimple assign_intptr, assign_new_fptr, call_stmt; |
3028 |
++ gimple assign_intptr, assign_new_fptr; |
3029 |
++ gcall *call_stmt; |
3030 |
+ tree intptr, orptr, old_fptr, new_fptr, kernexec_mask; |
3031 |
+ |
3032 |
-+ call_stmt = gsi_stmt(*gsi); |
3033 |
++ call_stmt = as_a_gcall(gsi_stmt(*gsi)); |
3034 |
+ old_fptr = gimple_call_fn(call_stmt); |
3035 |
+ |
3036 |
+ // create temporary unsigned long variable used for bitops and cast fptr to it |
3037 |
@@ -117039,7 +117192,8 @@ index 0000000..89f256d |
3038 |
+ |
3039 |
+static void kernexec_instrument_fptr_or(gimple_stmt_iterator *gsi) |
3040 |
+{ |
3041 |
-+ gimple asm_or_stmt, call_stmt; |
3042 |
++ gasm *asm_or_stmt; |
3043 |
++ gcall *call_stmt; |
3044 |
+ tree old_fptr, new_fptr, input, output; |
3045 |
+#if BUILDING_GCC_VERSION <= 4007 |
3046 |
+ VEC(tree, gc) *inputs = NULL; |
3047 |
@@ -117049,7 +117203,7 @@ index 0000000..89f256d |
3048 |
+ vec<tree, va_gc> *outputs = NULL; |
3049 |
+#endif |
3050 |
+ |
3051 |
-+ call_stmt = gsi_stmt(*gsi); |
3052 |
++ call_stmt = as_a_gcall(gsi_stmt(*gsi)); |
3053 |
+ old_fptr = gimple_call_fn(call_stmt); |
3054 |
+ |
3055 |
+ // create temporary fptr variable |
3056 |
@@ -117094,12 +117248,14 @@ index 0000000..89f256d |
3057 |
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { |
3058 |
+ // gimple match: h_1 = get_fptr (); D.2709_3 = h_1 (x_2(D)); |
3059 |
+ tree fn; |
3060 |
-+ gimple call_stmt; |
3061 |
++ gimple stmt; |
3062 |
++ gcall *call_stmt; |
3063 |
+ |
3064 |
+ // is it a call ... |
3065 |
-+ call_stmt = gsi_stmt(gsi); |
3066 |
-+ if (!is_gimple_call(call_stmt)) |
3067 |
++ stmt = gsi_stmt(gsi); |
3068 |
++ if (!is_gimple_call(stmt)) |
3069 |
+ continue; |
3070 |
++ call_stmt = as_a_gcall(stmt); |
3071 |
+ fn = gimple_call_fn(call_stmt); |
3072 |
+ if (TREE_CODE(fn) == ADDR_EXPR) |
3073 |
+ continue; |
3074 |
@@ -117172,7 +117328,7 @@ index 0000000..89f256d |
3075 |
+ */ |
3076 |
+static unsigned int execute_kernexec_retaddr(void) |
3077 |
+{ |
3078 |
-+ rtx insn; |
3079 |
++ rtx_insn *insn; |
3080 |
+ |
3081 |
+// if (stack_realign_drap) |
3082 |
+// inform(DECL_SOURCE_LOCATION(current_function_decl), "drap detected in %s\n", IDENTIFIER_POINTER(DECL_NAME(current_function_decl))); |
3083 |
@@ -117220,6 +117376,7 @@ index 0000000..89f256d |
3084 |
+} |
3085 |
+ |
3086 |
+#if BUILDING_GCC_VERSION >= 4009 |
3087 |
++namespace { |
3088 |
+static const struct pass_data kernexec_reload_pass_data = { |
3089 |
+#else |
3090 |
+static struct gimple_opt_pass kernexec_reload_pass = { |
3091 |
@@ -117230,7 +117387,8 @@ index 0000000..89f256d |
3092 |
+#if BUILDING_GCC_VERSION >= 4008 |
3093 |
+ .optinfo_flags = OPTGROUP_NONE, |
3094 |
+#endif |
3095 |
-+#if BUILDING_GCC_VERSION >= 4009 |
3096 |
++#if BUILDING_GCC_VERSION >= 5000 |
3097 |
++#elif BUILDING_GCC_VERSION == 4009 |
3098 |
+ .has_gate = true, |
3099 |
+ .has_execute = true, |
3100 |
+#else |
3101 |
@@ -117262,7 +117420,8 @@ index 0000000..89f256d |
3102 |
+#if BUILDING_GCC_VERSION >= 4008 |
3103 |
+ .optinfo_flags = OPTGROUP_NONE, |
3104 |
+#endif |
3105 |
-+#if BUILDING_GCC_VERSION >= 4009 |
3106 |
++#if BUILDING_GCC_VERSION >= 5000 |
3107 |
++#elif BUILDING_GCC_VERSION == 4009 |
3108 |
+ .has_gate = true, |
3109 |
+ .has_execute = true, |
3110 |
+#else |
3111 |
@@ -117294,7 +117453,8 @@ index 0000000..89f256d |
3112 |
+#if BUILDING_GCC_VERSION >= 4008 |
3113 |
+ .optinfo_flags = OPTGROUP_NONE, |
3114 |
+#endif |
3115 |
-+#if BUILDING_GCC_VERSION >= 4009 |
3116 |
++#if BUILDING_GCC_VERSION >= 5000 |
3117 |
++#elif BUILDING_GCC_VERSION == 4009 |
3118 |
+ .has_gate = true, |
3119 |
+ .has_execute = true, |
3120 |
+#else |
3121 |
@@ -117316,26 +117476,40 @@ index 0000000..89f256d |
3122 |
+}; |
3123 |
+ |
3124 |
+#if BUILDING_GCC_VERSION >= 4009 |
3125 |
-+namespace { |
3126 |
+class kernexec_reload_pass : public gimple_opt_pass { |
3127 |
+public: |
3128 |
+ kernexec_reload_pass() : gimple_opt_pass(kernexec_reload_pass_data, g) {} |
3129 |
++#if BUILDING_GCC_VERSION >= 5000 |
3130 |
++ virtual bool gate(function *) { return kernexec_cmodel_check(); } |
3131 |
++ virtual unsigned int execute(function *) { return execute_kernexec_reload(); } |
3132 |
++#else |
3133 |
+ bool gate() { return kernexec_cmodel_check(); } |
3134 |
+ unsigned int execute() { return execute_kernexec_reload(); } |
3135 |
++#endif |
3136 |
+}; |
3137 |
+ |
3138 |
+class kernexec_fptr_pass : public gimple_opt_pass { |
3139 |
+public: |
3140 |
+ kernexec_fptr_pass() : gimple_opt_pass(kernexec_fptr_pass_data, g) {} |
3141 |
++#if BUILDING_GCC_VERSION >= 5000 |
3142 |
++ virtual bool gate(function *) { return kernexec_cmodel_check(); } |
3143 |
++ virtual unsigned int execute(function *) { return execute_kernexec_fptr(); } |
3144 |
++#else |
3145 |
+ bool gate() { return kernexec_cmodel_check(); } |
3146 |
+ unsigned int execute() { return execute_kernexec_fptr(); } |
3147 |
++#endif |
3148 |
+}; |
3149 |
+ |
3150 |
+class kernexec_retaddr_pass : public rtl_opt_pass { |
3151 |
+public: |
3152 |
+ kernexec_retaddr_pass() : rtl_opt_pass(kernexec_retaddr_pass_data, g) {} |
3153 |
++#if BUILDING_GCC_VERSION >= 5000 |
3154 |
++ virtual bool gate(function *) { return kernexec_cmodel_check(); } |
3155 |
++ virtual unsigned int execute(function *) { return execute_kernexec_retaddr(); } |
3156 |
++#else |
3157 |
+ bool gate() { return kernexec_cmodel_check(); } |
3158 |
+ unsigned int execute() { return execute_kernexec_retaddr(); } |
3159 |
++#endif |
3160 |
+}; |
3161 |
+} |
3162 |
+ |
3163 |
@@ -117436,12 +117610,12 @@ index 0000000..89f256d |
3164 |
+} |
3165 |
diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c |
3166 |
new file mode 100644 |
3167 |
-index 0000000..2a39357 |
3168 |
+index 0000000..d383708 |
3169 |
--- /dev/null |
3170 |
+++ b/tools/gcc/latent_entropy_plugin.c |
3171 |
-@@ -0,0 +1,467 @@ |
3172 |
+@@ -0,0 +1,473 @@ |
3173 |
+/* |
3174 |
-+ * Copyright 2012-2014 by the PaX Team <pageexec@××××××××.hu> |
3175 |
++ * Copyright 2012-2015 by the PaX Team <pageexec@××××××××.hu> |
3176 |
+ * Licensed under the GPL v2 |
3177 |
+ * |
3178 |
+ * Note: the choice of the license means that the compilation process is |
3179 |
@@ -117821,6 +117995,7 @@ index 0000000..2a39357 |
3180 |
+} |
3181 |
+ |
3182 |
+#if BUILDING_GCC_VERSION >= 4009 |
3183 |
++namespace { |
3184 |
+static const struct pass_data latent_entropy_pass_data = { |
3185 |
+#else |
3186 |
+static struct gimple_opt_pass latent_entropy_pass = { |
3187 |
@@ -117831,7 +118006,8 @@ index 0000000..2a39357 |
3188 |
+#if BUILDING_GCC_VERSION >= 4008 |
3189 |
+ .optinfo_flags = OPTGROUP_NONE, |
3190 |
+#endif |
3191 |
-+#if BUILDING_GCC_VERSION >= 4009 |
3192 |
++#if BUILDING_GCC_VERSION >= 5000 |
3193 |
++#elif BUILDING_GCC_VERSION == 4009 |
3194 |
+ .has_gate = true, |
3195 |
+ .has_execute = true, |
3196 |
+#else |
3197 |
@@ -117853,12 +118029,16 @@ index 0000000..2a39357 |
3198 |
+}; |
3199 |
+ |
3200 |
+#if BUILDING_GCC_VERSION >= 4009 |
3201 |
-+namespace { |
3202 |
+class latent_entropy_pass : public gimple_opt_pass { |
3203 |
+public: |
3204 |
+ latent_entropy_pass() : gimple_opt_pass(latent_entropy_pass_data, g) {} |
3205 |
++#if BUILDING_GCC_VERSION >= 5000 |
3206 |
++ virtual bool gate(function *) { return gate_latent_entropy(); } |
3207 |
++ virtual unsigned int execute(function *) { return execute_latent_entropy(); } |
3208 |
++#else |
3209 |
+ bool gate() { return gate_latent_entropy(); } |
3210 |
+ unsigned int execute() { return execute_latent_entropy(); } |
3211 |
++#endif |
3212 |
+}; |
3213 |
+} |
3214 |
+ |
3215 |
@@ -117909,12 +118089,12 @@ index 0000000..2a39357 |
3216 |
+} |
3217 |
diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c |
3218 |
new file mode 100644 |
3219 |
-index 0000000..a5cb46b |
3220 |
+index 0000000..e1983c0 |
3221 |
--- /dev/null |
3222 |
+++ b/tools/gcc/randomize_layout_plugin.c |
3223 |
-@@ -0,0 +1,915 @@ |
3224 |
+@@ -0,0 +1,917 @@ |
3225 |
+/* |
3226 |
-+ * Copyright 2014 by Open Source Security, Inc., Brad Spengler <spender@××××××××××.net> |
3227 |
++ * Copyright 2014,2015 by Open Source Security, Inc., Brad Spengler <spender@××××××××××.net> |
3228 |
+ * and PaX Team <pageexec@××××××××.hu> |
3229 |
+ * Licensed under the GPL v2 |
3230 |
+ * |
3231 |
@@ -117929,7 +118109,8 @@ index 0000000..a5cb46b |
3232 |
+#include "gcc-common.h" |
3233 |
+#include "randomize_layout_seed.h" |
3234 |
+ |
3235 |
-+#if BUILDING_GCC_MAJOR < 4 || BUILDING_GCC_MINOR < 6 || (BUILDING_GCC_MINOR == 6 && BUILDING_GCC_PATCHLEVEL < 4) |
3236 |
++#if BUILDING_GCC_MAJOR < 4 || (BUILDING_GCC_MAJOR == 4 && BUILDING_GCC_MINOR < 6) || \ |
3237 |
++ (BUILDING_GCC_MAJOR == 4 && BUILDING_GCC_MINOR == 6 && BUILDING_GCC_PATCHLEVEL < 4) |
3238 |
+#error "The RANDSTRUCT plugin requires GCC 4.6.4 or newer." |
3239 |
+#endif |
3240 |
+ |
3241 |
@@ -118729,7 +118910,8 @@ index 0000000..a5cb46b |
3242 |
+#if BUILDING_GCC_VERSION >= 4008 |
3243 |
+ .optinfo_flags = OPTGROUP_NONE, |
3244 |
+#endif |
3245 |
-+#if BUILDING_GCC_VERSION >= 4009 |
3246 |
++#if BUILDING_GCC_VERSION >= 5000 |
3247 |
++#elif BUILDING_GCC_VERSION >= 4009 |
3248 |
+ .has_gate = false, |
3249 |
+ .has_execute = true, |
3250 |
+#else |
3251 |
@@ -118789,8 +118971,8 @@ index 0000000..a5cb46b |
3252 |
+ return 1; |
3253 |
+ } |
3254 |
+ |
3255 |
-+ if (strcmp(lang_hooks.name, "GNU C")) { |
3256 |
-+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name); |
3257 |
++ if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) { |
3258 |
++ inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name); |
3259 |
+ enable = false; |
3260 |
+ } |
3261 |
+ |
3262 |
@@ -129043,12 +129225,12 @@ index 0000000..0888f6c |
3263 |
+ |
3264 |
diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c |
3265 |
new file mode 100644 |
3266 |
-index 0000000..90125d6 |
3267 |
+index 0000000..51dc09d |
3268 |
--- /dev/null |
3269 |
+++ b/tools/gcc/stackleak_plugin.c |
3270 |
-@@ -0,0 +1,396 @@ |
3271 |
+@@ -0,0 +1,408 @@ |
3272 |
+/* |
3273 |
-+ * Copyright 2011-2014 by the PaX Team <pageexec@××××××××.hu> |
3274 |
++ * Copyright 2011-2015 by the PaX Team <pageexec@××××××××.hu> |
3275 |
+ * Licensed under the GPL v2 |
3276 |
+ * |
3277 |
+ * Note: the choice of the license means that the compilation process is |
3278 |
@@ -129175,7 +129357,7 @@ index 0000000..90125d6 |
3279 |
+ |
3280 |
+static unsigned int execute_stackleak_final(void) |
3281 |
+{ |
3282 |
-+ rtx insn, next; |
3283 |
++ rtx_insn *insn, *next; |
3284 |
+ |
3285 |
+ if (cfun->calls_alloca) |
3286 |
+ return 0; |
3287 |
@@ -129269,6 +129451,7 @@ index 0000000..90125d6 |
3288 |
+} |
3289 |
+ |
3290 |
+#if BUILDING_GCC_VERSION >= 4009 |
3291 |
++namespace { |
3292 |
+static const struct pass_data stackleak_tree_instrument_pass_data = { |
3293 |
+#else |
3294 |
+static struct gimple_opt_pass stackleak_tree_instrument_pass = { |
3295 |
@@ -129279,7 +129462,8 @@ index 0000000..90125d6 |
3296 |
+#if BUILDING_GCC_VERSION >= 4008 |
3297 |
+ .optinfo_flags = OPTGROUP_NONE, |
3298 |
+#endif |
3299 |
-+#if BUILDING_GCC_VERSION >= 4009 |
3300 |
++#if BUILDING_GCC_VERSION >= 5000 |
3301 |
++#elif BUILDING_GCC_VERSION == 4009 |
3302 |
+ .has_gate = true, |
3303 |
+ .has_execute = true, |
3304 |
+#else |
3305 |
@@ -129311,7 +129495,8 @@ index 0000000..90125d6 |
3306 |
+#if BUILDING_GCC_VERSION >= 4008 |
3307 |
+ .optinfo_flags = OPTGROUP_NONE, |
3308 |
+#endif |
3309 |
-+#if BUILDING_GCC_VERSION >= 4009 |
3310 |
++#if BUILDING_GCC_VERSION >= 5000 |
3311 |
++#elif BUILDING_GCC_VERSION == 4009 |
3312 |
+ .has_gate = true, |
3313 |
+ .has_execute = true, |
3314 |
+#else |
3315 |
@@ -129333,19 +129518,28 @@ index 0000000..90125d6 |
3316 |
+}; |
3317 |
+ |
3318 |
+#if BUILDING_GCC_VERSION >= 4009 |
3319 |
-+namespace { |
3320 |
+class stackleak_tree_instrument_pass : public gimple_opt_pass { |
3321 |
+public: |
3322 |
+ stackleak_tree_instrument_pass() : gimple_opt_pass(stackleak_tree_instrument_pass_data, g) {} |
3323 |
++#if BUILDING_GCC_VERSION >= 5000 |
3324 |
++ virtual bool gate(function *) { return gate_stackleak_track_stack(); } |
3325 |
++ virtual unsigned int execute(function *) { return execute_stackleak_tree_instrument(); } |
3326 |
++#else |
3327 |
+ bool gate() { return gate_stackleak_track_stack(); } |
3328 |
+ unsigned int execute() { return execute_stackleak_tree_instrument(); } |
3329 |
++#endif |
3330 |
+}; |
3331 |
+ |
3332 |
+class stackleak_final_rtl_opt_pass : public rtl_opt_pass { |
3333 |
+public: |
3334 |
+ stackleak_final_rtl_opt_pass() : rtl_opt_pass(stackleak_final_rtl_opt_pass_data, g) {} |
3335 |
++#if BUILDING_GCC_VERSION >= 5000 |
3336 |
++ virtual bool gate(function *) { return gate_stackleak_track_stack(); } |
3337 |
++ virtual unsigned int execute(function *) { return execute_stackleak_final(); } |
3338 |
++#else |
3339 |
+ bool gate() { return gate_stackleak_track_stack(); } |
3340 |
+ unsigned int execute() { return execute_stackleak_final(); } |
3341 |
++#endif |
3342 |
+}; |
3343 |
+} |
3344 |
+ |
3345 |
@@ -129445,12 +129639,12 @@ index 0000000..90125d6 |
3346 |
+} |
3347 |
diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c |
3348 |
new file mode 100644 |
3349 |
-index 0000000..4ee2231 |
3350 |
+index 0000000..4436cbe |
3351 |
--- /dev/null |
3352 |
+++ b/tools/gcc/structleak_plugin.c |
3353 |
-@@ -0,0 +1,274 @@ |
3354 |
+@@ -0,0 +1,287 @@ |
3355 |
+/* |
3356 |
-+ * Copyright 2013-2014 by PaX Team <pageexec@××××××××.hu> |
3357 |
++ * Copyright 2013-2015 by PaX Team <pageexec@××××××××.hu> |
3358 |
+ * Licensed under the GPL v2 |
3359 |
+ * |
3360 |
+ * Note: the choice of the license means that the compilation process is |
3361 |
@@ -129477,8 +129671,8 @@ index 0000000..4ee2231 |
3362 |
+ |
3363 |
+#include "gcc-common.h" |
3364 |
+ |
3365 |
-+// unused C type flag in all versions 4.5-4.9 |
3366 |
-+#define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_3(TYPE) |
3367 |
++// unused C type flag in all versions 4.5-5.0 |
3368 |
++#define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_5(TYPE) |
3369 |
+ |
3370 |
+int plugin_is_GPL_compatible; |
3371 |
+ |
3372 |
@@ -129545,6 +129739,14 @@ index 0000000..4ee2231 |
3373 |
+{ |
3374 |
+ tree type = (tree)event_data; |
3375 |
+ |
3376 |
++ if (type == NULL_TREE || type == error_mark_node) |
3377 |
++ return; |
3378 |
++ |
3379 |
++#if BUILDING_GCC_VERSION >= 5000 |
3380 |
++ if (TREE_CODE(type) == ENUMERAL_TYPE) |
3381 |
++ return; |
3382 |
++#endif |
3383 |
++ |
3384 |
+ if (TYPE_USERSPACE(type)) |
3385 |
+ return; |
3386 |
+ |
3387 |
@@ -129631,6 +129833,7 @@ index 0000000..4ee2231 |
3388 |
+} |
3389 |
+ |
3390 |
+#if BUILDING_GCC_VERSION >= 4009 |
3391 |
++namespace { |
3392 |
+static const struct pass_data structleak_pass_data = { |
3393 |
+#else |
3394 |
+static struct gimple_opt_pass structleak_pass = { |
3395 |
@@ -129641,7 +129844,8 @@ index 0000000..4ee2231 |
3396 |
+#if BUILDING_GCC_VERSION >= 4008 |
3397 |
+ .optinfo_flags = OPTGROUP_NONE, |
3398 |
+#endif |
3399 |
-+#if BUILDING_GCC_VERSION >= 4009 |
3400 |
++#if BUILDING_GCC_VERSION >= 5000 |
3401 |
++#elif BUILDING_GCC_VERSION == 4009 |
3402 |
+ .has_gate = false, |
3403 |
+ .has_execute = true, |
3404 |
+#else |
3405 |
@@ -129663,11 +129867,14 @@ index 0000000..4ee2231 |
3406 |
+}; |
3407 |
+ |
3408 |
+#if BUILDING_GCC_VERSION >= 4009 |
3409 |
-+namespace { |
3410 |
+class structleak_pass : public gimple_opt_pass { |
3411 |
+public: |
3412 |
+ structleak_pass() : gimple_opt_pass(structleak_pass_data, g) {} |
3413 |
++#if BUILDING_GCC_VERSION >= 5000 |
3414 |
++ virtual unsigned int execute(function *) { return handle_function(); } |
3415 |
++#else |
3416 |
+ unsigned int execute() { return handle_function(); } |
3417 |
++#endif |
3418 |
+}; |
3419 |
+} |
3420 |
+ |
3421 |
@@ -129701,7 +129908,7 @@ index 0000000..4ee2231 |
3422 |
+ return 1; |
3423 |
+ } |
3424 |
+ |
3425 |
-+ if (strcmp(lang_hooks.name, "GNU C")) { |
3426 |
++ if (strncmp(lang_hooks.name, "GNU C", 5) || !strncmp(lang_hooks.name, "GNU C+", 6)) { |
3427 |
+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name); |
3428 |
+ enable = false; |
3429 |
+ } |