Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.52/, 3.11.9/
Date: Mon, 25 Nov 2013 21:23:11
Message-Id: 1385414603.ad78e98f9915054d3fd826482ebccc7021634c26.blueness@gentoo
1 commit: ad78e98f9915054d3fd826482ebccc7021634c26
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Mon Nov 25 21:23:23 2013 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Mon Nov 25 21:23:23 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=ad78e98f
7
8 Grsec/PaX: 3.0-{3.2.52,3.11.9}-201311242031
9
10 ---
11 3.11.9/0000_README | 2 +-
12 ... 4420_grsecurity-3.0-3.11.9-201311242034.patch} | 8806 ++++-----
13 3.2.52/0000_README | 2 +-
14 ... 4420_grsecurity-3.0-3.2.52-201311242031.patch} | 18323 +++++++++++--------
15 4 files changed, 15508 insertions(+), 11625 deletions(-)
16
17 diff --git a/3.11.9/0000_README b/3.11.9/0000_README
18 index f24611c..2d88c58 100644
19 --- a/3.11.9/0000_README
20 +++ b/3.11.9/0000_README
21 @@ -2,7 +2,7 @@ README
22 -----------------------------------------------------------------------------
23 Individual Patch Descriptions:
24 -----------------------------------------------------------------------------
25 -Patch: 4420_grsecurity-2.9.1-3.11.9-201311222137.patch
26 +Patch: 4420_grsecurity-3.0-3.11.9-201311242034.patch
27 From: http://www.grsecurity.net
28 Desc: hardened-sources base patch from upstream grsecurity
29
30
31 diff --git a/3.11.9/4420_grsecurity-2.9.1-3.11.9-201311222137.patch b/3.11.9/4420_grsecurity-3.0-3.11.9-201311242034.patch
32 similarity index 99%
33 rename from 3.11.9/4420_grsecurity-2.9.1-3.11.9-201311222137.patch
34 rename to 3.11.9/4420_grsecurity-3.0-3.11.9-201311242034.patch
35 index 0fbfd44..e9cd387 100644
36 --- a/3.11.9/4420_grsecurity-2.9.1-3.11.9-201311222137.patch
37 +++ b/3.11.9/4420_grsecurity-3.0-3.11.9-201311242034.patch
38 @@ -3782,7 +3782,7 @@ index 4a05444..d21968c 100644
39 atomic64_set(&mm->context.id, asid);
40 }
41 diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
42 -index c97f794..6461880 100644
43 +index c97f794..3e603c4 100644
44 --- a/arch/arm/mm/fault.c
45 +++ b/arch/arm/mm/fault.c
46 @@ -25,6 +25,7 @@
47 @@ -3793,10 +3793,21 @@ index c97f794..6461880 100644
48
49 #include "fault.h"
50
51 -@@ -138,6 +139,20 @@ __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr,
52 +@@ -138,6 +139,31 @@ __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr,
53 if (fixup_exception(regs))
54 return;
55
56 ++#ifdef CONFIG_PAX_MEMORY_UDEREF
57 ++ if (addr < TASK_SIZE) {
58 ++ if (current->signal->curr_ip)
59 ++ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
60 ++ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
61 ++ else
62 ++ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
63 ++ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
64 ++ }
65 ++#endif
66 ++
67 +#ifdef CONFIG_PAX_KERNEXEC
68 + if ((fsr & FSR_WRITE) &&
69 + (((unsigned long)_stext <= addr && addr < init_mm.end_code) ||
70 @@ -3814,7 +3825,7 @@ index c97f794..6461880 100644
71 /*
72 * No handler, we'll have to terminate things with extreme prejudice.
73 */
74 -@@ -174,6 +189,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr,
75 +@@ -174,6 +200,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr,
76 }
77 #endif
78
79 @@ -3828,7 +3839,7 @@ index c97f794..6461880 100644
80 tsk->thread.address = addr;
81 tsk->thread.error_code = fsr;
82 tsk->thread.trap_no = 14;
83 -@@ -398,6 +420,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
84 +@@ -398,6 +431,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
85 }
86 #endif /* CONFIG_MMU */
87
88 @@ -3862,7 +3873,7 @@ index c97f794..6461880 100644
89 /*
90 * First Level Translation Fault Handler
91 *
92 -@@ -545,9 +594,22 @@ do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
93 +@@ -545,9 +605,22 @@ do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
94 const struct fsr_info *inf = fsr_info + fsr_fs(fsr);
95 struct siginfo info;
96
97 @@ -3885,7 +3896,7 @@ index c97f794..6461880 100644
98 printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n",
99 inf->name, fsr, addr);
100
101 -@@ -571,15 +633,92 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *
102 +@@ -571,15 +644,92 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *
103 ifsr_info[nr].name = name;
104 }
105
106 @@ -54573,7 +54584,7 @@ index e4141f2..d8263e8 100644
107 i += packet_length_size;
108 if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
109 diff --git a/fs/exec.c b/fs/exec.c
110 -index fd774c7..1c6a7bf 100644
111 +index fd774c7..d08c9ec 100644
112 --- a/fs/exec.c
113 +++ b/fs/exec.c
114 @@ -55,8 +55,20 @@
115 @@ -55054,7 +55065,7 @@ index fd774c7..1c6a7bf 100644
116 out:
117 if (bprm->mm) {
118 acct_arg_size(bprm, 0);
119 -@@ -1702,3 +1876,287 @@ asmlinkage long compat_sys_execve(const char __user * filename,
120 +@@ -1702,3 +1876,295 @@ asmlinkage long compat_sys_execve(const char __user * filename,
121 return error;
122 }
123 #endif
124 @@ -55284,6 +55295,14 @@ index fd774c7..1c6a7bf 100644
125 +#else
126 + unsigned long textlow = (unsigned long)_stext;
127 + unsigned long texthigh = (unsigned long)_etext;
128 ++
129 ++#ifdef CONFIG_X86_64
130 ++ /* check against linear mapping as well */
131 ++ if (high > (unsigned long)__va(__pa(textlow)) &&
132 ++ low <= (unsigned long)__va(__pa(texthigh)))
133 ++ return true;
134 ++#endif
135 ++
136 +#endif
137 +
138 + if (high <= textlow || low > texthigh)
139 @@ -61042,7 +61061,7 @@ index 96dda62..d6c6a52 100644
140 kfree(s);
141 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
142 new file mode 100644
143 -index 0000000..a326c8d
144 +index 0000000..6d22fbe
145 --- /dev/null
146 +++ b/grsecurity/Kconfig
147 @@ -0,0 +1,1112 @@
148 @@ -61651,7 +61670,7 @@ index 0000000..a326c8d
149 +config GRKERNSEC_CHROOT_INITRD
150 + bool "Exempt initrd tasks from restrictions"
151 + default y if GRKERNSEC_CONFIG_AUTO
152 -+ depends on GRKERNSEC_CHROOT && BLK_DEV_RAM
153 ++ depends on GRKERNSEC_CHROOT && BLK_DEV_INITRD
154 + help
155 + If you say Y here, tasks started prior to init will be exempted from
156 + grsecurity's chroot restrictions. This option is mainly meant to
157 @@ -62160,7 +62179,7 @@ index 0000000..a326c8d
158 +endmenu
159 diff --git a/grsecurity/Makefile b/grsecurity/Makefile
160 new file mode 100644
161 -index 0000000..0bc0a5c
162 +index 0000000..85beb79
163 --- /dev/null
164 +++ b/grsecurity/Makefile
165 @@ -0,0 +1,43 @@
166 @@ -62181,7 +62200,7 @@ index 0000000..0bc0a5c
167 +
168 +obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \
169 + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
170 -+ gracl_learn.o grsec_log.o
171 ++ gracl_learn.o grsec_log.o gracl_policy.o
172 +ifdef CONFIG_COMPAT
173 +obj-$(CONFIG_GRKERNSEC) += gracl_compat.o
174 +endif
175 @@ -62209,10 +62228,10 @@ index 0000000..0bc0a5c
176 +endif
177 diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
178 new file mode 100644
179 -index 0000000..c0793fd
180 +index 0000000..857c960
181 --- /dev/null
182 +++ b/grsecurity/gracl.c
183 -@@ -0,0 +1,4178 @@
184 +@@ -0,0 +1,2623 @@
185 +#include <linux/kernel.h>
186 +#include <linux/module.h>
187 +#include <linux/sched.h>
188 @@ -62254,48 +62273,27 @@ index 0000000..c0793fd
189 +#include <asm/errno.h>
190 +#include <asm/mman.h>
191 +
192 -+extern struct lglock vfsmount_lock;
193 -+
194 -+static struct acl_role_db acl_role_set;
195 -+static struct name_db name_set;
196 -+static struct inodev_db inodev_set;
197 -+
198 -+/* for keeping track of userspace pointers used for subjects, so we
199 -+ can share references in the kernel as well
200 -+*/
201 -+
202 -+static struct path real_root;
203 ++#define FOR_EACH_ROLE_START(role) \
204 ++ role = running_polstate.role_list; \
205 ++ while (role) {
206 +
207 -+static struct acl_subj_map_db subj_map_set;
208 ++#define FOR_EACH_ROLE_END(role) \
209 ++ role = role->prev; \
210 ++ }
211 +
212 -+static struct acl_role_label *default_role;
213 ++extern struct lglock vfsmount_lock;
214 +
215 -+static struct acl_role_label *role_list;
216 ++extern struct path gr_real_root;
217 +
218 -+static u16 acl_sp_role_value;
219 ++static struct gr_policy_state running_polstate;
220 ++struct gr_policy_state *polstate = &running_polstate;
221 ++extern struct gr_alloc_state *current_alloc_state;
222 +
223 +extern char *gr_shared_page[4];
224 -+static DEFINE_MUTEX(gr_dev_mutex);
225 +DEFINE_RWLOCK(gr_inode_lock);
226 +
227 -+struct gr_arg *gr_usermode;
228 -+
229 +static unsigned int gr_status __read_only = GR_STATUS_INIT;
230 +
231 -+extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
232 -+extern void gr_clear_learn_entries(void);
233 -+
234 -+unsigned char *gr_system_salt;
235 -+unsigned char *gr_system_sum;
236 -+
237 -+static struct sprole_pw **acl_special_roles = NULL;
238 -+static __u16 num_sprole_pws = 0;
239 -+
240 -+static struct acl_role_label *kernel_role = NULL;
241 -+
242 -+static unsigned int gr_auth_attempts = 0;
243 -+static unsigned long gr_auth_expires = 0UL;
244 -+
245 +#ifdef CONFIG_NET
246 +extern struct vfsmount *sock_mnt;
247 +#endif
248 @@ -62307,156 +62305,29 @@ index 0000000..c0793fd
249 +extern struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE];
250 +#endif
251 +
252 -+static struct acl_object_label *fakefs_obj_rw;
253 -+static struct acl_object_label *fakefs_obj_rwx;
254 -+
255 -+extern int gr_init_uidset(void);
256 -+extern void gr_free_uidset(void);
257 -+extern void gr_remove_uid(uid_t uid);
258 -+extern int gr_find_uid(uid_t uid);
259 -+
260 -+static int copy_acl_object_label_normal(struct acl_object_label *obj, const struct acl_object_label *userp)
261 -+{
262 -+ if (copy_from_user(obj, userp, sizeof(struct acl_object_label)))
263 -+ return -EFAULT;
264 -+
265 -+ return 0;
266 -+}
267 -+
268 -+static int copy_acl_ip_label_normal(struct acl_ip_label *ip, const struct acl_ip_label *userp)
269 -+{
270 -+ if (copy_from_user(ip, userp, sizeof(struct acl_ip_label)))
271 -+ return -EFAULT;
272 -+
273 -+ return 0;
274 -+}
275 -+
276 -+static int copy_acl_subject_label_normal(struct acl_subject_label *subj, const struct acl_subject_label *userp)
277 -+{
278 -+ if (copy_from_user(subj, userp, sizeof(struct acl_subject_label)))
279 -+ return -EFAULT;
280 -+
281 -+ return 0;
282 -+}
283 -+
284 -+static int copy_acl_role_label_normal(struct acl_role_label *role, const struct acl_role_label *userp)
285 -+{
286 -+ if (copy_from_user(role, userp, sizeof(struct acl_role_label)))
287 -+ return -EFAULT;
288 -+
289 -+ return 0;
290 -+}
291 -+
292 -+static int copy_role_allowed_ip_normal(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp)
293 -+{
294 -+ if (copy_from_user(roleip, userp, sizeof(struct role_allowed_ip)))
295 -+ return -EFAULT;
296 -+
297 -+ return 0;
298 -+}
299 -+
300 -+static int copy_sprole_pw_normal(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp)
301 -+{
302 -+ if (copy_from_user(pw, userp + idx, sizeof(struct sprole_pw)))
303 -+ return -EFAULT;
304 -+
305 -+ return 0;
306 -+}
307 -+
308 -+static int copy_gr_hash_struct_normal(struct gr_hash_struct *hash, const struct gr_hash_struct *userp)
309 -+{
310 -+ if (copy_from_user(hash, userp, sizeof(struct gr_hash_struct)))
311 -+ return -EFAULT;
312 -+
313 -+ return 0;
314 -+}
315 -+
316 -+static int copy_role_transition_normal(struct role_transition *trans, const struct role_transition *userp)
317 -+{
318 -+ if (copy_from_user(trans, userp, sizeof(struct role_transition)))
319 -+ return -EFAULT;
320 -+
321 -+ return 0;
322 -+}
323 -+
324 -+int copy_pointer_from_array_normal(void *ptr, unsigned long idx, const void *userp)
325 -+{
326 -+ if (copy_from_user(ptr, userp + (idx * sizeof(void *)), sizeof(void *)))
327 -+ return -EFAULT;
328 -+
329 -+ return 0;
330 -+}
331 ++extern u16 acl_sp_role_value;
332 ++extern struct acl_object_label *fakefs_obj_rw;
333 ++extern struct acl_object_label *fakefs_obj_rwx;
334 +
335 -+static int copy_gr_arg_wrapper_normal(const char __user *buf, struct gr_arg_wrapper *uwrap)
336 ++int gr_acl_is_enabled(void)
337 +{
338 -+ if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper)))
339 -+ return -EFAULT;
340 -+
341 -+ if ((uwrap->version != GRSECURITY_VERSION) || (uwrap->size != sizeof(struct gr_arg)))
342 -+ return -EINVAL;
343 -+
344 -+ return 0;
345 ++ return (gr_status & GR_READY);
346 +}
347 +
348 -+static int copy_gr_arg_normal(const struct gr_arg __user *buf, struct gr_arg *arg)
349 ++void gr_enable_rbac_system(void)
350 +{
351 -+ if (copy_from_user(arg, buf, sizeof (struct gr_arg)))
352 -+ return -EFAULT;
353 -+
354 -+ return 0;
355 ++ pax_open_kernel();
356 ++ gr_status |= GR_READY;
357 ++ pax_close_kernel();
358 +}
359 +
360 -+static size_t get_gr_arg_wrapper_size_normal(void)
361 ++int gr_rbac_disable(void *unused)
362 +{
363 -+ return sizeof(struct gr_arg_wrapper);
364 -+}
365 -+
366 -+#ifdef CONFIG_COMPAT
367 -+extern int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap);
368 -+extern int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg);
369 -+extern int copy_acl_object_label_compat(struct acl_object_label *obj, const struct acl_object_label *userp);
370 -+extern int copy_acl_subject_label_compat(struct acl_subject_label *subj, const struct acl_subject_label *userp);
371 -+extern int copy_acl_role_label_compat(struct acl_role_label *role, const struct acl_role_label *userp);
372 -+extern int copy_role_allowed_ip_compat(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp);
373 -+extern int copy_role_transition_compat(struct role_transition *trans, const struct role_transition *userp);
374 -+extern int copy_gr_hash_struct_compat(struct gr_hash_struct *hash, const struct gr_hash_struct *userp);
375 -+extern int copy_pointer_from_array_compat(void *ptr, unsigned long idx, const void *userp);
376 -+extern int copy_acl_ip_label_compat(struct acl_ip_label *ip, const struct acl_ip_label *userp);
377 -+extern int copy_sprole_pw_compat(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp);
378 -+extern size_t get_gr_arg_wrapper_size_compat(void);
379 -+
380 -+int (* copy_gr_arg_wrapper)(const char *buf, struct gr_arg_wrapper *uwrap) __read_only;
381 -+int (* copy_gr_arg)(const struct gr_arg *buf, struct gr_arg *arg) __read_only;
382 -+int (* copy_acl_object_label)(struct acl_object_label *obj, const struct acl_object_label *userp) __read_only;
383 -+int (* copy_acl_subject_label)(struct acl_subject_label *subj, const struct acl_subject_label *userp) __read_only;
384 -+int (* copy_acl_role_label)(struct acl_role_label *role, const struct acl_role_label *userp) __read_only;
385 -+int (* copy_acl_ip_label)(struct acl_ip_label *ip, const struct acl_ip_label *userp) __read_only;
386 -+int (* copy_pointer_from_array)(void *ptr, unsigned long idx, const void *userp) __read_only;
387 -+int (* copy_sprole_pw)(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp) __read_only;
388 -+int (* copy_gr_hash_struct)(struct gr_hash_struct *hash, const struct gr_hash_struct *userp) __read_only;
389 -+int (* copy_role_transition)(struct role_transition *trans, const struct role_transition *userp) __read_only;
390 -+int (* copy_role_allowed_ip)(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp) __read_only;
391 -+size_t (* get_gr_arg_wrapper_size)(void) __read_only;
392 ++ pax_open_kernel();
393 ++ gr_status &= ~GR_READY;
394 ++ pax_close_kernel();
395 +
396 -+#else
397 -+#define copy_gr_arg_wrapper copy_gr_arg_wrapper_normal
398 -+#define copy_gr_arg copy_gr_arg_normal
399 -+#define copy_gr_hash_struct copy_gr_hash_struct_normal
400 -+#define copy_acl_object_label copy_acl_object_label_normal
401 -+#define copy_acl_subject_label copy_acl_subject_label_normal
402 -+#define copy_acl_role_label copy_acl_role_label_normal
403 -+#define copy_acl_ip_label copy_acl_ip_label_normal
404 -+#define copy_pointer_from_array copy_pointer_from_array_normal
405 -+#define copy_sprole_pw copy_sprole_pw_normal
406 -+#define copy_role_transition copy_role_transition_normal
407 -+#define copy_role_allowed_ip copy_role_allowed_ip_normal
408 -+#define get_gr_arg_wrapper_size get_gr_arg_wrapper_size_normal
409 -+#endif
410 -+
411 -+__inline__ int
412 -+gr_acl_is_enabled(void)
413 -+{
414 -+ return (gr_status & GR_READY);
415 ++ return 0;
416 +}
417 +
418 +static inline dev_t __get_dev(const struct dentry *dentry)
419 @@ -62520,7 +62391,7 @@ index 0000000..c0793fd
420 + return 0;
421 +}
422 +
423 -+static int
424 ++int
425 +gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb)
426 +{
427 + if (likely(lena != lenb))
428 @@ -62627,9 +62498,9 @@ index 0000000..c0793fd
429 + path.dentry = (struct dentry *)dentry;
430 + path.mnt = (struct vfsmount *)vfsmnt;
431 +
432 -+ /* we can use real_root.dentry, real_root.mnt, because this is only called
433 ++ /* we can use gr_real_root.dentry, gr_real_root.mnt, because this is only called
434 + by the RBAC system */
435 -+ res = gen_full_path(&path, &real_root, buf, buflen);
436 ++ res = gen_full_path(&path, &gr_real_root, buf, buflen);
437 +
438 + return res;
439 +}
440 @@ -62646,7 +62517,7 @@ index 0000000..c0793fd
441 + path.dentry = (struct dentry *)dentry;
442 + path.mnt = (struct vfsmount *)vfsmnt;
443 +
444 -+ /* we can't use real_root.dentry, real_root.mnt, because they belong only to the RBAC system */
445 ++ /* we can't use gr_real_root.dentry, gr_real_root.mnt, because they belong only to the RBAC system */
446 + get_fs_root(reaper->fs, &root);
447 +
448 + br_read_lock(&vfsmount_lock);
449 @@ -62659,7 +62530,7 @@ index 0000000..c0793fd
450 + return res;
451 +}
452 +
453 -+static char *
454 ++char *
455 +gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt)
456 +{
457 + char *ret;
458 @@ -62737,54 +62608,17 @@ index 0000000..c0793fd
459 + return (((reqmode & ~GR_AUDITS) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0));
460 +}
461 +
462 -+struct acl_subject_label *
463 -+lookup_subject_map(const struct acl_subject_label *userp)
464 -+{
465 -+ unsigned int index = gr_shash(userp, subj_map_set.s_size);
466 -+ struct subject_map *match;
467 -+
468 -+ match = subj_map_set.s_hash[index];
469 -+
470 -+ while (match && match->user != userp)
471 -+ match = match->next;
472 -+
473 -+ if (match != NULL)
474 -+ return match->kernel;
475 -+ else
476 -+ return NULL;
477 -+}
478 -+
479 -+static void
480 -+insert_subj_map_entry(struct subject_map *subjmap)
481 -+{
482 -+ unsigned int index = gr_shash(subjmap->user, subj_map_set.s_size);
483 -+ struct subject_map **curr;
484 -+
485 -+ subjmap->prev = NULL;
486 -+
487 -+ curr = &subj_map_set.s_hash[index];
488 -+ if (*curr != NULL)
489 -+ (*curr)->prev = subjmap;
490 -+
491 -+ subjmap->next = *curr;
492 -+ *curr = subjmap;
493 -+
494 -+ return;
495 -+}
496 -+
497 -+static struct acl_role_label *
498 -+lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
499 ++struct acl_role_label *
500 ++__lookup_acl_role_label(const struct gr_policy_state *state, const struct task_struct *task, const uid_t uid,
501 + const gid_t gid)
502 +{
503 -+ unsigned int index = gr_rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
504 ++ unsigned int index = gr_rhash(uid, GR_ROLE_USER, state->acl_role_set.r_size);
505 + struct acl_role_label *match;
506 + struct role_allowed_ip *ipp;
507 + unsigned int x;
508 -+ u32 curr_ip = task->signal->curr_ip;
509 -+
510 -+ task->signal->saved_ip = curr_ip;
511 ++ u32 curr_ip = task->signal->saved_ip;
512 +
513 -+ match = acl_role_set.r_hash[index];
514 ++ match = state->acl_role_set.r_hash[index];
515 +
516 + while (match) {
517 + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_USER)) == (GR_ROLE_DOMAIN | GR_ROLE_USER)) {
518 @@ -62799,8 +62633,8 @@ index 0000000..c0793fd
519 +found:
520 + if (match == NULL) {
521 + try_group:
522 -+ index = gr_rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
523 -+ match = acl_role_set.r_hash[index];
524 ++ index = gr_rhash(gid, GR_ROLE_GROUP, state->acl_role_set.r_size);
525 ++ match = state->acl_role_set.r_hash[index];
526 +
527 + while (match) {
528 + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) == (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) {
529 @@ -62814,7 +62648,7 @@ index 0000000..c0793fd
530 + }
531 +found2:
532 + if (match == NULL)
533 -+ match = default_role;
534 ++ match = state->default_role;
535 + if (match->allowed_ips == NULL)
536 + return match;
537 + else {
538 @@ -62824,7 +62658,7 @@ index 0000000..c0793fd
539 + (ntohl(ipp->addr) & ipp->netmask)))
540 + return match;
541 + }
542 -+ match = default_role;
543 ++ match = state->default_role;
544 + }
545 + } else if (match->allowed_ips == NULL) {
546 + return match;
547 @@ -62841,6 +62675,13 @@ index 0000000..c0793fd
548 + return match;
549 +}
550 +
551 ++static struct acl_role_label *
552 ++lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
553 ++ const gid_t gid)
554 ++{
555 ++ return __lookup_acl_role_label(&running_polstate, task, uid, gid);
556 ++}
557 ++
558 +struct acl_subject_label *
559 +lookup_acl_subj_label(const ino_t ino, const dev_t dev,
560 + const struct acl_role_label *role)
561 @@ -62931,15 +62772,15 @@ index 0000000..c0793fd
562 + return NULL;
563 +}
564 +
565 -+static struct name_entry *
566 -+lookup_name_entry(const char *name)
567 ++struct name_entry *
568 ++__lookup_name_entry(const struct gr_policy_state *state, const char *name)
569 +{
570 + unsigned int len = strlen(name);
571 + unsigned int key = full_name_hash(name, len);
572 -+ unsigned int index = key % name_set.n_size;
573 ++ unsigned int index = key % state->name_set.n_size;
574 + struct name_entry *match;
575 +
576 -+ match = name_set.n_hash[index];
577 ++ match = state->name_set.n_hash[index];
578 +
579 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len)))
580 + match = match->next;
581 @@ -62948,14 +62789,20 @@ index 0000000..c0793fd
582 +}
583 +
584 +static struct name_entry *
585 ++lookup_name_entry(const char *name)
586 ++{
587 ++ return __lookup_name_entry(&running_polstate, name);
588 ++}
589 ++
590 ++static struct name_entry *
591 +lookup_name_entry_create(const char *name)
592 +{
593 + unsigned int len = strlen(name);
594 + unsigned int key = full_name_hash(name, len);
595 -+ unsigned int index = key % name_set.n_size;
596 ++ unsigned int index = key % running_polstate.name_set.n_size;
597 + struct name_entry *match;
598 +
599 -+ match = name_set.n_hash[index];
600 ++ match = running_polstate.name_set.n_hash[index];
601 +
602 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
603 + !match->deleted))
604 @@ -62964,7 +62811,7 @@ index 0000000..c0793fd
605 + if (match && match->deleted)
606 + return match;
607 +
608 -+ match = name_set.n_hash[index];
609 ++ match = running_polstate.name_set.n_hash[index];
610 +
611 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
612 + match->deleted))
613 @@ -62979,10 +62826,10 @@ index 0000000..c0793fd
614 +static struct inodev_entry *
615 +lookup_inodev_entry(const ino_t ino, const dev_t dev)
616 +{
617 -+ unsigned int index = gr_fhash(ino, dev, inodev_set.i_size);
618 ++ unsigned int index = gr_fhash(ino, dev, running_polstate.inodev_set.i_size);
619 + struct inodev_entry *match;
620 +
621 -+ match = inodev_set.i_hash[index];
622 ++ match = running_polstate.inodev_set.i_hash[index];
623 +
624 + while (match && (match->nentry->inode != ino || match->nentry->device != dev))
625 + match = match->next;
626 @@ -62990,16 +62837,16 @@ index 0000000..c0793fd
627 + return match;
628 +}
629 +
630 -+static void
631 -+insert_inodev_entry(struct inodev_entry *entry)
632 ++void
633 ++__insert_inodev_entry(const struct gr_policy_state *state, struct inodev_entry *entry)
634 +{
635 + unsigned int index = gr_fhash(entry->nentry->inode, entry->nentry->device,
636 -+ inodev_set.i_size);
637 ++ state->inodev_set.i_size);
638 + struct inodev_entry **curr;
639 +
640 + entry->prev = NULL;
641 +
642 -+ curr = &inodev_set.i_hash[index];
643 ++ curr = &state->inodev_set.i_hash[index];
644 + if (*curr != NULL)
645 + (*curr)->prev = entry;
646 +
647 @@ -63010,138 +62857,12 @@ index 0000000..c0793fd
648 +}
649 +
650 +static void
651 -+__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
652 -+{
653 -+ unsigned int index =
654 -+ gr_rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
655 -+ struct acl_role_label **curr;
656 -+ struct acl_role_label *tmp, *tmp2;
657 -+
658 -+ curr = &acl_role_set.r_hash[index];
659 -+
660 -+ /* simple case, slot is empty, just set it to our role */
661 -+ if (*curr == NULL) {
662 -+ *curr = role;
663 -+ } else {
664 -+ /* example:
665 -+ 1 -> 2 -> 3 (adding 2 -> 3 to here)
666 -+ 2 -> 3
667 -+ */
668 -+ /* first check to see if we can already be reached via this slot */
669 -+ tmp = *curr;
670 -+ while (tmp && tmp != role)
671 -+ tmp = tmp->next;
672 -+ if (tmp == role) {
673 -+ /* we don't need to add ourselves to this slot's chain */
674 -+ return;
675 -+ }
676 -+ /* we need to add ourselves to this chain, two cases */
677 -+ if (role->next == NULL) {
678 -+ /* simple case, append the current chain to our role */
679 -+ role->next = *curr;
680 -+ *curr = role;
681 -+ } else {
682 -+ /* 1 -> 2 -> 3 -> 4
683 -+ 2 -> 3 -> 4
684 -+ 3 -> 4 (adding 1 -> 2 -> 3 -> 4 to here)
685 -+ */
686 -+ /* trickier case: walk our role's chain until we find
687 -+ the role for the start of the current slot's chain */
688 -+ tmp = role;
689 -+ tmp2 = *curr;
690 -+ while (tmp->next && tmp->next != tmp2)
691 -+ tmp = tmp->next;
692 -+ if (tmp->next == tmp2) {
693 -+ /* from example above, we found 3, so just
694 -+ replace this slot's chain with ours */
695 -+ *curr = role;
696 -+ } else {
697 -+ /* we didn't find a subset of our role's chain
698 -+ in the current slot's chain, so append their
699 -+ chain to ours, and set us as the first role in
700 -+ the slot's chain
701 -+
702 -+ we could fold this case with the case above,
703 -+ but making it explicit for clarity
704 -+ */
705 -+ tmp->next = tmp2;
706 -+ *curr = role;
707 -+ }
708 -+ }
709 -+ }
710 -+
711 -+ return;
712 -+}
713 -+
714 -+static void
715 -+insert_acl_role_label(struct acl_role_label *role)
716 -+{
717 -+ int i;
718 -+
719 -+ if (role_list == NULL) {
720 -+ role_list = role;
721 -+ role->prev = NULL;
722 -+ } else {
723 -+ role->prev = role_list;
724 -+ role_list = role;
725 -+ }
726 -+
727 -+ /* used for hash chains */
728 -+ role->next = NULL;
729 -+
730 -+ if (role->roletype & GR_ROLE_DOMAIN) {
731 -+ for (i = 0; i < role->domain_child_num; i++)
732 -+ __insert_acl_role_label(role, role->domain_children[i]);
733 -+ } else
734 -+ __insert_acl_role_label(role, role->uidgid);
735 -+}
736 -+
737 -+static int
738 -+insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted)
739 ++insert_inodev_entry(struct inodev_entry *entry)
740 +{
741 -+ struct name_entry **curr, *nentry;
742 -+ struct inodev_entry *ientry;
743 -+ unsigned int len = strlen(name);
744 -+ unsigned int key = full_name_hash(name, len);
745 -+ unsigned int index = key % name_set.n_size;
746 -+
747 -+ curr = &name_set.n_hash[index];
748 -+
749 -+ while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len)))
750 -+ curr = &((*curr)->next);
751 -+
752 -+ if (*curr != NULL)
753 -+ return 1;
754 -+
755 -+ nentry = acl_alloc(sizeof (struct name_entry));
756 -+ if (nentry == NULL)
757 -+ return 0;
758 -+ ientry = acl_alloc(sizeof (struct inodev_entry));
759 -+ if (ientry == NULL)
760 -+ return 0;
761 -+ ientry->nentry = nentry;
762 -+
763 -+ nentry->key = key;
764 -+ nentry->name = name;
765 -+ nentry->inode = inode;
766 -+ nentry->device = device;
767 -+ nentry->len = len;
768 -+ nentry->deleted = deleted;
769 -+
770 -+ nentry->prev = NULL;
771 -+ curr = &name_set.n_hash[index];
772 -+ if (*curr != NULL)
773 -+ (*curr)->prev = nentry;
774 -+ nentry->next = *curr;
775 -+ *curr = nentry;
776 -+
777 -+ /* insert us into the table searchable by inode/dev */
778 -+ insert_inodev_entry(ientry);
779 -+
780 -+ return 1;
781 ++ __insert_inodev_entry(&running_polstate, entry);
782 +}
783 +
784 -+static void
785 ++void
786 +insert_acl_obj_label(struct acl_object_label *obj,
787 + struct acl_subject_label *subj)
788 +{
789 @@ -63149,7 +62870,6 @@ index 0000000..c0793fd
790 + gr_fhash(obj->inode, obj->device, subj->obj_hash_size);
791 + struct acl_object_label **curr;
792 +
793 -+
794 + obj->prev = NULL;
795 +
796 + curr = &subj->obj_hash[index];
797 @@ -63162,7 +62882,7 @@ index 0000000..c0793fd
798 + return;
799 +}
800 +
801 -+static void
802 ++void
803 +insert_acl_subj_label(struct acl_subject_label *obj,
804 + struct acl_role_label *role)
805 +{
806 @@ -63181,4760 +62901,5336 @@ index 0000000..c0793fd
807 + return;
808 +}
809 +
810 -+/* allocating chained hash tables, so optimal size is where lambda ~ 1 */
811 -+
812 -+static void *
813 -+create_table(__u32 * len, int elementsize)
814 -+{
815 -+ unsigned int table_sizes[] = {
816 -+ 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
817 -+ 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
818 -+ 4194301, 8388593, 16777213, 33554393, 67108859
819 -+ };
820 -+ void *newtable = NULL;
821 -+ unsigned int pwr = 0;
822 -+
823 -+ while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
824 -+ table_sizes[pwr] <= *len)
825 -+ pwr++;
826 -+
827 -+ if (table_sizes[pwr] <= *len || (table_sizes[pwr] > ULONG_MAX / elementsize))
828 -+ return newtable;
829 -+
830 -+ if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE)
831 -+ newtable =
832 -+ kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL);
833 -+ else
834 -+ newtable = vmalloc(table_sizes[pwr] * elementsize);
835 -+
836 -+ *len = table_sizes[pwr];
837 -+
838 -+ return newtable;
839 -+}
840 ++/* derived from glibc fnmatch() 0: match, 1: no match*/
841 +
842 +static int
843 -+init_variables(const struct gr_arg *arg)
844 ++glob_match(const char *p, const char *n)
845 +{
846 -+ struct task_struct *reaper = init_pid_ns.child_reaper;
847 -+ unsigned int stacksize;
848 ++ char c;
849 +
850 -+ subj_map_set.s_size = arg->role_db.num_subjects;
851 -+ acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children;
852 -+ name_set.n_size = arg->role_db.num_objects;
853 -+ inodev_set.i_size = arg->role_db.num_objects;
854 ++ while ((c = *p++) != '\0') {
855 ++ switch (c) {
856 ++ case '?':
857 ++ if (*n == '\0')
858 ++ return 1;
859 ++ else if (*n == '/')
860 ++ return 1;
861 ++ break;
862 ++ case '\\':
863 ++ if (*n != c)
864 ++ return 1;
865 ++ break;
866 ++ case '*':
867 ++ for (c = *p++; c == '?' || c == '*'; c = *p++) {
868 ++ if (*n == '/')
869 ++ return 1;
870 ++ else if (c == '?') {
871 ++ if (*n == '\0')
872 ++ return 1;
873 ++ else
874 ++ ++n;
875 ++ }
876 ++ }
877 ++ if (c == '\0') {
878 ++ return 0;
879 ++ } else {
880 ++ const char *endp;
881 +
882 -+ if (!subj_map_set.s_size || !acl_role_set.r_size ||
883 -+ !name_set.n_size || !inodev_set.i_size)
884 -+ return 1;
885 ++ if ((endp = strchr(n, '/')) == NULL)
886 ++ endp = n + strlen(n);
887 +
888 -+ if (!gr_init_uidset())
889 -+ return 1;
890 ++ if (c == '[') {
891 ++ for (--p; n < endp; ++n)
892 ++ if (!glob_match(p, n))
893 ++ return 0;
894 ++ } else if (c == '/') {
895 ++ while (*n != '\0' && *n != '/')
896 ++ ++n;
897 ++ if (*n == '/' && !glob_match(p, n + 1))
898 ++ return 0;
899 ++ } else {
900 ++ for (--p; n < endp; ++n)
901 ++ if (*n == c && !glob_match(p, n))
902 ++ return 0;
903 ++ }
904 +
905 -+ /* set up the stack that holds allocation info */
906 ++ return 1;
907 ++ }
908 ++ case '[':
909 ++ {
910 ++ int not;
911 ++ char cold;
912 +
913 -+ stacksize = arg->role_db.num_pointers + 5;
914 ++ if (*n == '\0' || *n == '/')
915 ++ return 1;
916 +
917 -+ if (!acl_alloc_stack_init(stacksize))
918 -+ return 1;
919 ++ not = (*p == '!' || *p == '^');
920 ++ if (not)
921 ++ ++p;
922 +
923 -+ /* grab reference for the real root dentry and vfsmount */
924 -+ get_fs_root(reaper->fs, &real_root);
925 -+
926 -+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
927 -+ printk(KERN_ALERT "Obtained real root device=%d, inode=%lu\n", __get_dev(real_root.dentry), real_root.dentry->d_inode->i_ino);
928 -+#endif
929 ++ c = *p++;
930 ++ for (;;) {
931 ++ unsigned char fn = (unsigned char)*n;
932 +
933 -+ fakefs_obj_rw = acl_alloc(sizeof(struct acl_object_label));
934 -+ if (fakefs_obj_rw == NULL)
935 -+ return 1;
936 -+ fakefs_obj_rw->mode = GR_FIND | GR_READ | GR_WRITE;
937 ++ if (c == '\0')
938 ++ return 1;
939 ++ else {
940 ++ if (c == fn)
941 ++ goto matched;
942 ++ cold = c;
943 ++ c = *p++;
944 +
945 -+ fakefs_obj_rwx = acl_alloc(sizeof(struct acl_object_label));
946 -+ if (fakefs_obj_rwx == NULL)
947 -+ return 1;
948 -+ fakefs_obj_rwx->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC;
949 -+
950 -+ subj_map_set.s_hash =
951 -+ (struct subject_map **) create_table(&subj_map_set.s_size, sizeof(void *));
952 -+ acl_role_set.r_hash =
953 -+ (struct acl_role_label **) create_table(&acl_role_set.r_size, sizeof(void *));
954 -+ name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size, sizeof(void *));
955 -+ inodev_set.i_hash =
956 -+ (struct inodev_entry **) create_table(&inodev_set.i_size, sizeof(void *));
957 -+
958 -+ if (!subj_map_set.s_hash || !acl_role_set.r_hash ||
959 -+ !name_set.n_hash || !inodev_set.i_hash)
960 -+ return 1;
961 ++ if (c == '-' && *p != ']') {
962 ++ unsigned char cend = *p++;
963 +
964 -+ memset(subj_map_set.s_hash, 0,
965 -+ sizeof(struct subject_map *) * subj_map_set.s_size);
966 -+ memset(acl_role_set.r_hash, 0,
967 -+ sizeof (struct acl_role_label *) * acl_role_set.r_size);
968 -+ memset(name_set.n_hash, 0,
969 -+ sizeof (struct name_entry *) * name_set.n_size);
970 -+ memset(inodev_set.i_hash, 0,
971 -+ sizeof (struct inodev_entry *) * inodev_set.i_size);
972 ++ if (cend == '\0')
973 ++ return 1;
974 +
975 -+ return 0;
976 -+}
977 ++ if (cold <= fn && fn <= cend)
978 ++ goto matched;
979 +
980 -+/* free information not needed after startup
981 -+ currently contains user->kernel pointer mappings for subjects
982 -+*/
983 ++ c = *p++;
984 ++ }
985 ++ }
986 +
987 -+static void
988 -+free_init_variables(void)
989 -+{
990 -+ __u32 i;
991 ++ if (c == ']')
992 ++ break;
993 ++ }
994 ++ if (!not)
995 ++ return 1;
996 ++ break;
997 ++ matched:
998 ++ while (c != ']') {
999 ++ if (c == '\0')
1000 ++ return 1;
1001 +
1002 -+ if (subj_map_set.s_hash) {
1003 -+ for (i = 0; i < subj_map_set.s_size; i++) {
1004 -+ if (subj_map_set.s_hash[i]) {
1005 -+ kfree(subj_map_set.s_hash[i]);
1006 -+ subj_map_set.s_hash[i] = NULL;
1007 ++ c = *p++;
1008 + }
1009 ++ if (not)
1010 ++ return 1;
1011 + }
1012 ++ break;
1013 ++ default:
1014 ++ if (c != *n)
1015 ++ return 1;
1016 ++ }
1017 +
1018 -+ if ((subj_map_set.s_size * sizeof (struct subject_map *)) <=
1019 -+ PAGE_SIZE)
1020 -+ kfree(subj_map_set.s_hash);
1021 -+ else
1022 -+ vfree(subj_map_set.s_hash);
1023 ++ ++n;
1024 + }
1025 +
1026 -+ return;
1027 -+}
1028 ++ if (*n == '\0')
1029 ++ return 0;
1030 +
1031 -+static void
1032 -+free_variables(void)
1033 -+{
1034 -+ struct acl_subject_label *s;
1035 -+ struct acl_role_label *r;
1036 -+ struct task_struct *task, *task2;
1037 -+ unsigned int x;
1038 -+
1039 -+ gr_clear_learn_entries();
1040 -+
1041 -+ read_lock(&tasklist_lock);
1042 -+ do_each_thread(task2, task) {
1043 -+ task->acl_sp_role = 0;
1044 -+ task->acl_role_id = 0;
1045 -+ task->acl = NULL;
1046 -+ task->role = NULL;
1047 -+ } while_each_thread(task2, task);
1048 -+ read_unlock(&tasklist_lock);
1049 -+
1050 -+ /* release the reference to the real root dentry and vfsmount */
1051 -+ path_put(&real_root);
1052 -+ memset(&real_root, 0, sizeof(real_root));
1053 ++ if (*n == '/')
1054 ++ return 0;
1055 +
1056 -+ /* free all object hash tables */
1057 ++ return 1;
1058 ++}
1059 +
1060 -+ FOR_EACH_ROLE_START(r)
1061 -+ if (r->subj_hash == NULL)
1062 -+ goto next_role;
1063 -+ FOR_EACH_SUBJECT_START(r, s, x)
1064 -+ if (s->obj_hash == NULL)
1065 -+ break;
1066 -+ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
1067 -+ kfree(s->obj_hash);
1068 -+ else
1069 -+ vfree(s->obj_hash);
1070 -+ FOR_EACH_SUBJECT_END(s, x)
1071 -+ FOR_EACH_NESTED_SUBJECT_START(r, s)
1072 -+ if (s->obj_hash == NULL)
1073 -+ break;
1074 -+ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
1075 -+ kfree(s->obj_hash);
1076 -+ else
1077 -+ vfree(s->obj_hash);
1078 -+ FOR_EACH_NESTED_SUBJECT_END(s)
1079 -+ if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
1080 -+ kfree(r->subj_hash);
1081 -+ else
1082 -+ vfree(r->subj_hash);
1083 -+ r->subj_hash = NULL;
1084 -+next_role:
1085 -+ FOR_EACH_ROLE_END(r)
1086 ++static struct acl_object_label *
1087 ++chk_glob_label(struct acl_object_label *globbed,
1088 ++ const struct dentry *dentry, const struct vfsmount *mnt, char **path)
1089 ++{
1090 ++ struct acl_object_label *tmp;
1091 +
1092 -+ acl_free_all();
1093 ++ if (*path == NULL)
1094 ++ *path = gr_to_filename_nolock(dentry, mnt);
1095 +
1096 -+ if (acl_role_set.r_hash) {
1097 -+ if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
1098 -+ PAGE_SIZE)
1099 -+ kfree(acl_role_set.r_hash);
1100 -+ else
1101 -+ vfree(acl_role_set.r_hash);
1102 -+ }
1103 -+ if (name_set.n_hash) {
1104 -+ if ((name_set.n_size * sizeof (struct name_entry *)) <=
1105 -+ PAGE_SIZE)
1106 -+ kfree(name_set.n_hash);
1107 -+ else
1108 -+ vfree(name_set.n_hash);
1109 -+ }
1110 ++ tmp = globbed;
1111 +
1112 -+ if (inodev_set.i_hash) {
1113 -+ if ((inodev_set.i_size * sizeof (struct inodev_entry *)) <=
1114 -+ PAGE_SIZE)
1115 -+ kfree(inodev_set.i_hash);
1116 -+ else
1117 -+ vfree(inodev_set.i_hash);
1118 ++ while (tmp) {
1119 ++ if (!glob_match(tmp->filename, *path))
1120 ++ return tmp;
1121 ++ tmp = tmp->next;
1122 + }
1123 +
1124 -+ gr_free_uidset();
1125 -+
1126 -+ memset(&name_set, 0, sizeof (struct name_db));
1127 -+ memset(&inodev_set, 0, sizeof (struct inodev_db));
1128 -+ memset(&acl_role_set, 0, sizeof (struct acl_role_db));
1129 -+ memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db));
1130 -+
1131 -+ default_role = NULL;
1132 -+ kernel_role = NULL;
1133 -+ role_list = NULL;
1134 -+
1135 -+ return;
1136 ++ return NULL;
1137 +}
1138 +
1139 -+static struct acl_subject_label *
1140 -+do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied);
1141 -+
1142 -+static int alloc_and_copy_string(char **name, unsigned int maxlen)
1143 ++static struct acl_object_label *
1144 ++__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
1145 ++ const ino_t curr_ino, const dev_t curr_dev,
1146 ++ const struct acl_subject_label *subj, char **path, const int checkglob)
1147 +{
1148 -+ unsigned int len = strnlen_user(*name, maxlen);
1149 -+ char *tmp;
1150 -+
1151 -+ if (!len || len >= maxlen)
1152 -+ return -EINVAL;
1153 -+
1154 -+ if ((tmp = (char *) acl_alloc(len)) == NULL)
1155 -+ return -ENOMEM;
1156 -+
1157 -+ if (copy_from_user(tmp, *name, len))
1158 -+ return -EFAULT;
1159 ++ struct acl_subject_label *tmpsubj;
1160 ++ struct acl_object_label *retval;
1161 ++ struct acl_object_label *retval2;
1162 +
1163 -+ tmp[len-1] = '\0';
1164 -+ *name = tmp;
1165 ++ tmpsubj = (struct acl_subject_label *) subj;
1166 ++ read_lock(&gr_inode_lock);
1167 ++ do {
1168 ++ retval = lookup_acl_obj_label(curr_ino, curr_dev, tmpsubj);
1169 ++ if (retval) {
1170 ++ if (checkglob && retval->globbed) {
1171 ++ retval2 = chk_glob_label(retval->globbed, orig_dentry, orig_mnt, path);
1172 ++ if (retval2)
1173 ++ retval = retval2;
1174 ++ }
1175 ++ break;
1176 ++ }
1177 ++ } while ((tmpsubj = tmpsubj->parent_subject));
1178 ++ read_unlock(&gr_inode_lock);
1179 +
1180 -+ return 0;
1181 ++ return retval;
1182 +}
1183 +
1184 -+static int
1185 -+copy_user_glob(struct acl_object_label *obj)
1186 ++static __inline__ struct acl_object_label *
1187 ++full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
1188 ++ struct dentry *curr_dentry,
1189 ++ const struct acl_subject_label *subj, char **path, const int checkglob)
1190 +{
1191 -+ struct acl_object_label *g_tmp, **guser;
1192 -+ int error;
1193 -+
1194 -+ if (obj->globbed == NULL)
1195 -+ return 0;
1196 ++ int newglob = checkglob;
1197 ++ ino_t inode;
1198 ++ dev_t device;
1199 +
1200 -+ guser = &obj->globbed;
1201 -+ while (*guser) {
1202 -+ g_tmp = (struct acl_object_label *)
1203 -+ acl_alloc(sizeof (struct acl_object_label));
1204 -+ if (g_tmp == NULL)
1205 -+ return -ENOMEM;
1206 ++ /* if we aren't checking a subdirectory of the original path yet, don't do glob checking
1207 ++ as we don't want a / * rule to match instead of the / object
1208 ++ don't do this for create lookups that call this function though, since they're looking up
1209 ++ on the parent and thus need globbing checks on all paths
1210 ++ */
1211 ++ if (orig_dentry == curr_dentry && newglob != GR_CREATE_GLOB)
1212 ++ newglob = GR_NO_GLOB;
1213 +
1214 -+ if (copy_acl_object_label(g_tmp, *guser))
1215 -+ return -EFAULT;
1216 ++ spin_lock(&curr_dentry->d_lock);
1217 ++ inode = curr_dentry->d_inode->i_ino;
1218 ++ device = __get_dev(curr_dentry);
1219 ++ spin_unlock(&curr_dentry->d_lock);
1220 +
1221 -+ error = alloc_and_copy_string(&g_tmp->filename, PATH_MAX);
1222 -+ if (error)
1223 -+ return error;
1224 ++ return __full_lookup(orig_dentry, orig_mnt, inode, device, subj, path, newglob);
1225 ++}
1226 +
1227 -+ *guser = g_tmp;
1228 -+ guser = &(g_tmp->next);
1229 ++#ifdef CONFIG_HUGETLBFS
1230 ++static inline bool
1231 ++is_hugetlbfs_mnt(const struct vfsmount *mnt)
1232 ++{
1233 ++ int i;
1234 ++ for (i = 0; i < HUGE_MAX_HSTATE; i++) {
1235 ++ if (unlikely(hugetlbfs_vfsmount[i] == mnt))
1236 ++ return true;
1237 + }
1238 +
1239 -+ return 0;
1240 ++ return false;
1241 +}
1242 ++#endif
1243 +
1244 -+static int
1245 -+copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
1246 -+ struct acl_role_label *role)
1247 ++static struct acl_object_label *
1248 ++__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
1249 ++ const struct acl_subject_label *subj, char *path, const int checkglob)
1250 +{
1251 -+ struct acl_object_label *o_tmp;
1252 -+ int ret;
1253 -+
1254 -+ while (userp) {
1255 -+ if ((o_tmp = (struct acl_object_label *)
1256 -+ acl_alloc(sizeof (struct acl_object_label))) == NULL)
1257 -+ return -ENOMEM;
1258 ++ struct dentry *dentry = (struct dentry *) l_dentry;
1259 ++ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
1260 ++ struct mount *real_mnt = real_mount(mnt);
1261 ++ struct acl_object_label *retval;
1262 ++ struct dentry *parent;
1263 +
1264 -+ if (copy_acl_object_label(o_tmp, userp))
1265 -+ return -EFAULT;
1266 ++ br_read_lock(&vfsmount_lock);
1267 ++ write_seqlock(&rename_lock);
1268 +
1269 -+ userp = o_tmp->prev;
1270 ++ if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt ||
1271 ++#ifdef CONFIG_NET
1272 ++ mnt == sock_mnt ||
1273 ++#endif
1274 ++#ifdef CONFIG_HUGETLBFS
1275 ++ (is_hugetlbfs_mnt(mnt) && dentry->d_inode->i_nlink == 0) ||
1276 ++#endif
1277 ++ /* ignore Eric Biederman */
1278 ++ IS_PRIVATE(l_dentry->d_inode))) {
1279 ++ retval = (subj->mode & GR_SHMEXEC) ? fakefs_obj_rwx : fakefs_obj_rw;
1280 ++ goto out;
1281 ++ }
1282 +
1283 -+ ret = alloc_and_copy_string(&o_tmp->filename, PATH_MAX);
1284 -+ if (ret)
1285 -+ return ret;
1286 ++ for (;;) {
1287 ++ if (dentry == gr_real_root.dentry && mnt == gr_real_root.mnt)
1288 ++ break;
1289 +
1290 -+ insert_acl_obj_label(o_tmp, subj);
1291 -+ if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
1292 -+ o_tmp->device, (o_tmp->mode & GR_DELETED) ? 1 : 0))
1293 -+ return -ENOMEM;
1294 ++ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
1295 ++ if (!mnt_has_parent(real_mnt))
1296 ++ break;
1297 +
1298 -+ ret = copy_user_glob(o_tmp);
1299 -+ if (ret)
1300 -+ return ret;
1301 ++ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
1302 ++ if (retval != NULL)
1303 ++ goto out;
1304 +
1305 -+ if (o_tmp->nested) {
1306 -+ int already_copied;
1307 ++ dentry = real_mnt->mnt_mountpoint;
1308 ++ real_mnt = real_mnt->mnt_parent;
1309 ++ mnt = &real_mnt->mnt;
1310 ++ continue;
1311 ++ }
1312 +
1313 -+ o_tmp->nested = do_copy_user_subj(o_tmp->nested, role, &already_copied);
1314 -+ if (IS_ERR(o_tmp->nested))
1315 -+ return PTR_ERR(o_tmp->nested);
1316 ++ parent = dentry->d_parent;
1317 ++ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
1318 ++ if (retval != NULL)
1319 ++ goto out;
1320 +
1321 -+ /* insert into nested subject list if we haven't copied this one yet
1322 -+ to prevent duplicate entries */
1323 -+ if (!already_copied) {
1324 -+ o_tmp->nested->next = role->hash->first;
1325 -+ role->hash->first = o_tmp->nested;
1326 -+ }
1327 -+ }
1328 ++ dentry = parent;
1329 + }
1330 +
1331 -+ return 0;
1332 -+}
1333 ++ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
1334 +
1335 -+static __u32
1336 -+count_user_subjs(struct acl_subject_label *userp)
1337 -+{
1338 -+ struct acl_subject_label s_tmp;
1339 -+ __u32 num = 0;
1340 ++ /* gr_real_root is pinned so we don't have to hold a reference */
1341 ++ if (retval == NULL)
1342 ++ retval = full_lookup(l_dentry, l_mnt, gr_real_root.dentry, subj, &path, checkglob);
1343 ++out:
1344 ++ write_sequnlock(&rename_lock);
1345 ++ br_read_unlock(&vfsmount_lock);
1346 +
1347 -+ while (userp) {
1348 -+ if (copy_acl_subject_label(&s_tmp, userp))
1349 -+ break;
1350 ++ BUG_ON(retval == NULL);
1351 +
1352 -+ userp = s_tmp.prev;
1353 -+ }
1354 ++ return retval;
1355 ++}
1356 +
1357 -+ return num;
1358 ++static __inline__ struct acl_object_label *
1359 ++chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
1360 ++ const struct acl_subject_label *subj)
1361 ++{
1362 ++ char *path = NULL;
1363 ++ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_REG_GLOB);
1364 +}
1365 +
1366 -+static int
1367 -+copy_user_allowedips(struct acl_role_label *rolep)
1368 ++static __inline__ struct acl_object_label *
1369 ++chk_obj_label_noglob(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
1370 ++ const struct acl_subject_label *subj)
1371 +{
1372 -+ struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast;
1373 ++ char *path = NULL;
1374 ++ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_NO_GLOB);
1375 ++}
1376 +
1377 -+ ruserip = rolep->allowed_ips;
1378 ++static __inline__ struct acl_object_label *
1379 ++chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
1380 ++ const struct acl_subject_label *subj, char *path)
1381 ++{
1382 ++ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_CREATE_GLOB);
1383 ++}
1384 +
1385 -+ while (ruserip) {
1386 -+ rlast = rtmp;
1387 ++struct acl_subject_label *
1388 ++chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
1389 ++ const struct acl_role_label *role)
1390 ++{
1391 ++ struct dentry *dentry = (struct dentry *) l_dentry;
1392 ++ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
1393 ++ struct mount *real_mnt = real_mount(mnt);
1394 ++ struct acl_subject_label *retval;
1395 ++ struct dentry *parent;
1396 +
1397 -+ if ((rtmp = (struct role_allowed_ip *)
1398 -+ acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
1399 -+ return -ENOMEM;
1400 ++ br_read_lock(&vfsmount_lock);
1401 ++ write_seqlock(&rename_lock);
1402 +
1403 -+ if (copy_role_allowed_ip(rtmp, ruserip))
1404 -+ return -EFAULT;
1405 ++ for (;;) {
1406 ++ if (dentry == gr_real_root.dentry && mnt == gr_real_root.mnt)
1407 ++ break;
1408 ++ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
1409 ++ if (!mnt_has_parent(real_mnt))
1410 ++ break;
1411 +
1412 -+ ruserip = rtmp->prev;
1413 ++ spin_lock(&dentry->d_lock);
1414 ++ read_lock(&gr_inode_lock);
1415 ++ retval =
1416 ++ lookup_acl_subj_label(dentry->d_inode->i_ino,
1417 ++ __get_dev(dentry), role);
1418 ++ read_unlock(&gr_inode_lock);
1419 ++ spin_unlock(&dentry->d_lock);
1420 ++ if (retval != NULL)
1421 ++ goto out;
1422 +
1423 -+ if (!rlast) {
1424 -+ rtmp->prev = NULL;
1425 -+ rolep->allowed_ips = rtmp;
1426 -+ } else {
1427 -+ rlast->next = rtmp;
1428 -+ rtmp->prev = rlast;
1429 ++ dentry = real_mnt->mnt_mountpoint;
1430 ++ real_mnt = real_mnt->mnt_parent;
1431 ++ mnt = &real_mnt->mnt;
1432 ++ continue;
1433 + }
1434 +
1435 -+ if (!ruserip)
1436 -+ rtmp->next = NULL;
1437 ++ spin_lock(&dentry->d_lock);
1438 ++ read_lock(&gr_inode_lock);
1439 ++ retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
1440 ++ __get_dev(dentry), role);
1441 ++ read_unlock(&gr_inode_lock);
1442 ++ parent = dentry->d_parent;
1443 ++ spin_unlock(&dentry->d_lock);
1444 ++
1445 ++ if (retval != NULL)
1446 ++ goto out;
1447 ++
1448 ++ dentry = parent;
1449 + }
1450 +
1451 -+ return 0;
1452 ++ spin_lock(&dentry->d_lock);
1453 ++ read_lock(&gr_inode_lock);
1454 ++ retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
1455 ++ __get_dev(dentry), role);
1456 ++ read_unlock(&gr_inode_lock);
1457 ++ spin_unlock(&dentry->d_lock);
1458 ++
1459 ++ if (unlikely(retval == NULL)) {
1460 ++ /* gr_real_root is pinned, we don't need to hold a reference */
1461 ++ read_lock(&gr_inode_lock);
1462 ++ retval = lookup_acl_subj_label(gr_real_root.dentry->d_inode->i_ino,
1463 ++ __get_dev(gr_real_root.dentry), role);
1464 ++ read_unlock(&gr_inode_lock);
1465 ++ }
1466 ++out:
1467 ++ write_sequnlock(&rename_lock);
1468 ++ br_read_unlock(&vfsmount_lock);
1469 ++
1470 ++ BUG_ON(retval == NULL);
1471 ++
1472 ++ return retval;
1473 +}
1474 +
1475 -+static int
1476 -+copy_user_transitions(struct acl_role_label *rolep)
1477 ++void
1478 ++assign_special_role(const char *rolename)
1479 +{
1480 -+ struct role_transition *rusertp, *rtmp = NULL, *rlast;
1481 -+ int error;
1482 ++ struct acl_object_label *obj;
1483 ++ struct acl_role_label *r;
1484 ++ struct acl_role_label *assigned = NULL;
1485 ++ struct task_struct *tsk;
1486 ++ struct file *filp;
1487 +
1488 -+ rusertp = rolep->transitions;
1489 ++ FOR_EACH_ROLE_START(r)
1490 ++ if (!strcmp(rolename, r->rolename) &&
1491 ++ (r->roletype & GR_ROLE_SPECIAL)) {
1492 ++ assigned = r;
1493 ++ break;
1494 ++ }
1495 ++ FOR_EACH_ROLE_END(r)
1496 +
1497 -+ while (rusertp) {
1498 -+ rlast = rtmp;
1499 ++ if (!assigned)
1500 ++ return;
1501 +
1502 -+ if ((rtmp = (struct role_transition *)
1503 -+ acl_alloc(sizeof (struct role_transition))) == NULL)
1504 -+ return -ENOMEM;
1505 ++ read_lock(&tasklist_lock);
1506 ++ read_lock(&grsec_exec_file_lock);
1507 +
1508 -+ if (copy_role_transition(rtmp, rusertp))
1509 -+ return -EFAULT;
1510 ++ tsk = current->real_parent;
1511 ++ if (tsk == NULL)
1512 ++ goto out_unlock;
1513 +
1514 -+ rusertp = rtmp->prev;
1515 ++ filp = tsk->exec_file;
1516 ++ if (filp == NULL)
1517 ++ goto out_unlock;
1518 +
1519 -+ error = alloc_and_copy_string(&rtmp->rolename, GR_SPROLE_LEN);
1520 -+ if (error)
1521 -+ return error;
1522 ++ tsk->is_writable = 0;
1523 ++ tsk->inherited = 0;
1524 +
1525 -+ if (!rlast) {
1526 -+ rtmp->prev = NULL;
1527 -+ rolep->transitions = rtmp;
1528 -+ } else {
1529 -+ rlast->next = rtmp;
1530 -+ rtmp->prev = rlast;
1531 -+ }
1532 ++ tsk->acl_sp_role = 1;
1533 ++ tsk->acl_role_id = ++acl_sp_role_value;
1534 ++ tsk->role = assigned;
1535 ++ tsk->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role);
1536 +
1537 -+ if (!rusertp)
1538 -+ rtmp->next = NULL;
1539 -+ }
1540 ++ /* ignore additional mmap checks for processes that are writable
1541 ++ by the default ACL */
1542 ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, running_polstate.default_role->root_label);
1543 ++ if (unlikely(obj->mode & GR_WRITE))
1544 ++ tsk->is_writable = 1;
1545 ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role->root_label);
1546 ++ if (unlikely(obj->mode & GR_WRITE))
1547 ++ tsk->is_writable = 1;
1548 +
1549 -+ return 0;
1550 ++#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
1551 ++ printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename,
1552 ++ tsk->acl->filename, tsk->comm, task_pid_nr(tsk));
1553 ++#endif
1554 ++
1555 ++out_unlock:
1556 ++ read_unlock(&grsec_exec_file_lock);
1557 ++ read_unlock(&tasklist_lock);
1558 ++ return;
1559 +}
1560 +
1561 -+static __u32 count_user_objs(const struct acl_object_label __user *userp)
1562 -+{
1563 -+ struct acl_object_label o_tmp;
1564 -+ __u32 num = 0;
1565 +
1566 -+ while (userp) {
1567 -+ if (copy_acl_object_label(&o_tmp, userp))
1568 -+ break;
1569 ++static void
1570 ++gr_log_learn(const struct dentry *dentry, const struct vfsmount *mnt, const __u32 mode)
1571 ++{
1572 ++ struct task_struct *task = current;
1573 ++ const struct cred *cred = current_cred();
1574 +
1575 -+ userp = o_tmp.prev;
1576 -+ num++;
1577 -+ }
1578 ++ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
1579 ++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
1580 ++ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
1581 ++ 1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, &task->signal->saved_ip);
1582 +
1583 -+ return num;
1584 ++ return;
1585 +}
1586 +
1587 -+static struct acl_subject_label *
1588 -+do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied)
1589 ++static void
1590 ++gr_log_learn_uid_change(const kuid_t real, const kuid_t effective, const kuid_t fs)
1591 +{
1592 -+ struct acl_subject_label *s_tmp = NULL, *s_tmp2;
1593 -+ __u32 num_objs;
1594 -+ struct acl_ip_label **i_tmp, *i_utmp2;
1595 -+ struct gr_hash_struct ghash;
1596 -+ struct subject_map *subjmap;
1597 -+ unsigned int i_num;
1598 -+ int err;
1599 -+
1600 -+ if (already_copied != NULL)
1601 -+ *already_copied = 0;
1602 ++ struct task_struct *task = current;
1603 ++ const struct cred *cred = current_cred();
1604 +
1605 -+ s_tmp = lookup_subject_map(userp);
1606 ++ security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
1607 ++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
1608 ++ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
1609 ++ 'u', GR_GLOBAL_UID(real), GR_GLOBAL_UID(effective), GR_GLOBAL_UID(fs), &task->signal->saved_ip);
1610 +
1611 -+ /* we've already copied this subject into the kernel, just return
1612 -+ the reference to it, and don't copy it over again
1613 -+ */
1614 -+ if (s_tmp) {
1615 -+ if (already_copied != NULL)
1616 -+ *already_copied = 1;
1617 -+ return(s_tmp);
1618 -+ }
1619 ++ return;
1620 ++}
1621 +
1622 -+ if ((s_tmp = (struct acl_subject_label *)
1623 -+ acl_alloc(sizeof (struct acl_subject_label))) == NULL)
1624 -+ return ERR_PTR(-ENOMEM);
1625 ++static void
1626 ++gr_log_learn_gid_change(const kgid_t real, const kgid_t effective, const kgid_t fs)
1627 ++{
1628 ++ struct task_struct *task = current;
1629 ++ const struct cred *cred = current_cred();
1630 +
1631 -+ subjmap = (struct subject_map *)kmalloc(sizeof (struct subject_map), GFP_KERNEL);
1632 -+ if (subjmap == NULL)
1633 -+ return ERR_PTR(-ENOMEM);
1634 ++ security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
1635 ++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
1636 ++ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
1637 ++ 'g', GR_GLOBAL_GID(real), GR_GLOBAL_GID(effective), GR_GLOBAL_GID(fs), &task->signal->saved_ip);
1638 +
1639 -+ subjmap->user = userp;
1640 -+ subjmap->kernel = s_tmp;
1641 -+ insert_subj_map_entry(subjmap);
1642 ++ return;
1643 ++}
1644 +
1645 -+ if (copy_acl_subject_label(s_tmp, userp))
1646 -+ return ERR_PTR(-EFAULT);
1647 ++static void
1648 ++gr_set_proc_res(struct task_struct *task)
1649 ++{
1650 ++ struct acl_subject_label *proc;
1651 ++ unsigned short i;
1652 +
1653 -+ err = alloc_and_copy_string(&s_tmp->filename, PATH_MAX);
1654 -+ if (err)
1655 -+ return ERR_PTR(err);
1656 ++ proc = task->acl;
1657 +
1658 -+ if (!strcmp(s_tmp->filename, "/"))
1659 -+ role->root_label = s_tmp;
1660 ++ if (proc->mode & (GR_LEARN | GR_INHERITLEARN))
1661 ++ return;
1662 +
1663 -+ if (copy_gr_hash_struct(&ghash, s_tmp->hash))
1664 -+ return ERR_PTR(-EFAULT);
1665 ++ for (i = 0; i < RLIM_NLIMITS; i++) {
1666 ++ if (!(proc->resmask & (1U << i)))
1667 ++ continue;
1668 +
1669 -+ /* copy user and group transition tables */
1670 ++ task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur;
1671 ++ task->signal->rlim[i].rlim_max = proc->res[i].rlim_max;
1672 +
1673 -+ if (s_tmp->user_trans_num) {
1674 -+ uid_t *uidlist;
1675 ++ if (i == RLIMIT_CPU)
1676 ++ update_rlimit_cpu(task, proc->res[i].rlim_cur);
1677 ++ }
1678 +
1679 -+ uidlist = (uid_t *)acl_alloc_num(s_tmp->user_trans_num, sizeof(uid_t));
1680 -+ if (uidlist == NULL)
1681 -+ return ERR_PTR(-ENOMEM);
1682 -+ if (copy_from_user(uidlist, s_tmp->user_transitions, s_tmp->user_trans_num * sizeof(uid_t)))
1683 -+ return ERR_PTR(-EFAULT);
1684 ++ return;
1685 ++}
1686 +
1687 -+ s_tmp->user_transitions = uidlist;
1688 -+ }
1689 ++/* both of the below must be called with
1690 ++ rcu_read_lock();
1691 ++ read_lock(&tasklist_lock);
1692 ++ read_lock(&grsec_exec_file_lock);
1693 ++*/
1694 +
1695 -+ if (s_tmp->group_trans_num) {
1696 -+ gid_t *gidlist;
1697 ++void __gr_apply_subject_to_task(const struct gr_policy_state *state, struct task_struct *task, struct acl_subject_label *subj)
1698 ++{
1699 ++ struct acl_object_label *obj;
1700 ++ struct file *filp;
1701 +
1702 -+ gidlist = (gid_t *)acl_alloc_num(s_tmp->group_trans_num, sizeof(gid_t));
1703 -+ if (gidlist == NULL)
1704 -+ return ERR_PTR(-ENOMEM);
1705 -+ if (copy_from_user(gidlist, s_tmp->group_transitions, s_tmp->group_trans_num * sizeof(gid_t)))
1706 -+ return ERR_PTR(-EFAULT);
1707 ++ filp = task->exec_file;
1708 +
1709 -+ s_tmp->group_transitions = gidlist;
1710 -+ }
1711 ++ task->acl = subj;
1712 ++ task->is_writable = 0;
1713 ++ /* ignore additional mmap checks for processes that are writable
1714 ++ by the default ACL */
1715 ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, state->default_role->root_label);
1716 ++ if (unlikely(obj->mode & GR_WRITE))
1717 ++ task->is_writable = 1;
1718 ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
1719 ++ if (unlikely(obj->mode & GR_WRITE))
1720 ++ task->is_writable = 1;
1721 +
1722 -+ /* set up object hash table */
1723 -+ num_objs = count_user_objs(ghash.first);
1724 ++ gr_set_proc_res(task);
1725 +
1726 -+ s_tmp->obj_hash_size = num_objs;
1727 -+ s_tmp->obj_hash =
1728 -+ (struct acl_object_label **)
1729 -+ create_table(&(s_tmp->obj_hash_size), sizeof(void *));
1730 ++#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
1731 ++ printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename);
1732 ++#endif
1733 ++}
1734 +
1735 -+ if (!s_tmp->obj_hash)
1736 -+ return ERR_PTR(-ENOMEM);
1737 ++static void gr_apply_subject_to_task(struct task_struct *task, struct acl_subject_label *subj)
1738 ++{
1739 ++ __gr_apply_subject_to_task(&running_polstate, task, subj);
1740 ++}
1741 +
1742 -+ memset(s_tmp->obj_hash, 0,
1743 -+ s_tmp->obj_hash_size *
1744 -+ sizeof (struct acl_object_label *));
1745 ++__u32
1746 ++gr_search_file(const struct dentry * dentry, const __u32 mode,
1747 ++ const struct vfsmount * mnt)
1748 ++{
1749 ++ __u32 retval = mode;
1750 ++ struct acl_subject_label *curracl;
1751 ++ struct acl_object_label *currobj;
1752 +
1753 -+ /* add in objects */
1754 -+ err = copy_user_objs(ghash.first, s_tmp, role);
1755 ++ if (unlikely(!(gr_status & GR_READY)))
1756 ++ return (mode & ~GR_AUDITS);
1757 +
1758 -+ if (err)
1759 -+ return ERR_PTR(err);
1760 ++ curracl = current->acl;
1761 +
1762 -+ /* set pointer for parent subject */
1763 -+ if (s_tmp->parent_subject) {
1764 -+ s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role, NULL);
1765 ++ currobj = chk_obj_label(dentry, mnt, curracl);
1766 ++ retval = currobj->mode & mode;
1767 +
1768 -+ if (IS_ERR(s_tmp2))
1769 -+ return s_tmp2;
1770 ++ /* if we're opening a specified transfer file for writing
1771 ++ (e.g. /dev/initctl), then transfer our role to init
1772 ++ */
1773 ++ if (unlikely(currobj->mode & GR_INIT_TRANSFER && retval & GR_WRITE &&
1774 ++ current->role->roletype & GR_ROLE_PERSIST)) {
1775 ++ struct task_struct *task = init_pid_ns.child_reaper;
1776 +
1777 -+ s_tmp->parent_subject = s_tmp2;
1778 ++ if (task->role != current->role) {
1779 ++ task->acl_sp_role = 0;
1780 ++ task->acl_role_id = current->acl_role_id;
1781 ++ task->role = current->role;
1782 ++ rcu_read_lock();
1783 ++ read_lock(&grsec_exec_file_lock);
1784 ++ gr_apply_subject_to_task(task, NULL);
1785 ++ read_unlock(&grsec_exec_file_lock);
1786 ++ rcu_read_unlock();
1787 ++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_INIT_TRANSFER_MSG);
1788 ++ }
1789 + }
1790 +
1791 -+ /* add in ip acls */
1792 ++ if (unlikely
1793 ++ ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) && !(mode & GR_NOPTRACE)
1794 ++ && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) {
1795 ++ __u32 new_mode = mode;
1796 +
1797 -+ if (!s_tmp->ip_num) {
1798 -+ s_tmp->ips = NULL;
1799 -+ goto insert;
1800 ++ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
1801 ++
1802 ++ retval = new_mode;
1803 ++
1804 ++ if (new_mode & GR_EXEC && curracl->mode & GR_INHERITLEARN)
1805 ++ new_mode |= GR_INHERIT;
1806 ++
1807 ++ if (!(mode & GR_NOLEARN))
1808 ++ gr_log_learn(dentry, mnt, new_mode);
1809 + }
1810 +
1811 -+ i_tmp =
1812 -+ (struct acl_ip_label **) acl_alloc_num(s_tmp->ip_num,
1813 -+ sizeof (struct acl_ip_label *));
1814 ++ return retval;
1815 ++}
1816 +
1817 -+ if (!i_tmp)
1818 -+ return ERR_PTR(-ENOMEM);
1819 ++struct acl_object_label *gr_get_create_object(const struct dentry *new_dentry,
1820 ++ const struct dentry *parent,
1821 ++ const struct vfsmount *mnt)
1822 ++{
1823 ++ struct name_entry *match;
1824 ++ struct acl_object_label *matchpo;
1825 ++ struct acl_subject_label *curracl;
1826 ++ char *path;
1827 +
1828 -+ for (i_num = 0; i_num < s_tmp->ip_num; i_num++) {
1829 -+ *(i_tmp + i_num) =
1830 -+ (struct acl_ip_label *)
1831 -+ acl_alloc(sizeof (struct acl_ip_label));
1832 -+ if (!*(i_tmp + i_num))
1833 -+ return ERR_PTR(-ENOMEM);
1834 ++ if (unlikely(!(gr_status & GR_READY)))
1835 ++ return NULL;
1836 +
1837 -+ if (copy_pointer_from_array(&i_utmp2, i_num, s_tmp->ips))
1838 -+ return ERR_PTR(-EFAULT);
1839 ++ preempt_disable();
1840 ++ path = gr_to_filename_rbac(new_dentry, mnt);
1841 ++ match = lookup_name_entry_create(path);
1842 +
1843 -+ if (copy_acl_ip_label(*(i_tmp + i_num), i_utmp2))
1844 -+ return ERR_PTR(-EFAULT);
1845 -+
1846 -+ if ((*(i_tmp + i_num))->iface == NULL)
1847 -+ continue;
1848 ++ curracl = current->acl;
1849 +
1850 -+ err = alloc_and_copy_string(&(*(i_tmp + i_num))->iface, IFNAMSIZ);
1851 -+ if (err)
1852 -+ return ERR_PTR(err);
1853 ++ if (match) {
1854 ++ read_lock(&gr_inode_lock);
1855 ++ matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl);
1856 ++ read_unlock(&gr_inode_lock);
1857 ++
1858 ++ if (matchpo) {
1859 ++ preempt_enable();
1860 ++ return matchpo;
1861 ++ }
1862 + }
1863 +
1864 -+ s_tmp->ips = i_tmp;
1865 ++ // lookup parent
1866 +
1867 -+insert:
1868 -+ if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
1869 -+ s_tmp->device, (s_tmp->mode & GR_DELETED) ? 1 : 0))
1870 -+ return ERR_PTR(-ENOMEM);
1871 ++ matchpo = chk_obj_create_label(parent, mnt, curracl, path);
1872 +
1873 -+ return s_tmp;
1874 ++ preempt_enable();
1875 ++ return matchpo;
1876 +}
1877 +
1878 -+static int
1879 -+copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role)
1880 ++__u32
1881 ++gr_check_create(const struct dentry * new_dentry, const struct dentry * parent,
1882 ++ const struct vfsmount * mnt, const __u32 mode)
1883 +{
1884 -+ struct acl_subject_label s_pre;
1885 -+ struct acl_subject_label * ret;
1886 -+ int err;
1887 ++ struct acl_object_label *matchpo;
1888 ++ __u32 retval;
1889 +
1890 -+ while (userp) {
1891 -+ if (copy_acl_subject_label(&s_pre, userp))
1892 -+ return -EFAULT;
1893 -+
1894 -+ ret = do_copy_user_subj(userp, role, NULL);
1895 ++ if (unlikely(!(gr_status & GR_READY)))
1896 ++ return (mode & ~GR_AUDITS);
1897 +
1898 -+ err = PTR_ERR(ret);
1899 -+ if (IS_ERR(ret))
1900 -+ return err;
1901 ++ matchpo = gr_get_create_object(new_dentry, parent, mnt);
1902 +
1903 -+ insert_acl_subj_label(ret, role);
1904 ++ retval = matchpo->mode & mode;
1905 +
1906 -+ userp = s_pre.prev;
1907 ++ if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS)))
1908 ++ && (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))) {
1909 ++ __u32 new_mode = mode;
1910 ++
1911 ++ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
1912 ++
1913 ++ gr_log_learn(new_dentry, mnt, new_mode);
1914 ++ return new_mode;
1915 + }
1916 +
1917 -+ return 0;
1918 ++ return retval;
1919 +}
1920 +
1921 -+static int
1922 -+copy_user_acl(struct gr_arg *arg)
1923 ++__u32
1924 ++gr_check_link(const struct dentry * new_dentry,
1925 ++ const struct dentry * parent_dentry,
1926 ++ const struct vfsmount * parent_mnt,
1927 ++ const struct dentry * old_dentry, const struct vfsmount * old_mnt)
1928 +{
1929 -+ struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2;
1930 -+ struct acl_subject_label *subj_list;
1931 -+ struct sprole_pw *sptmp;
1932 -+ struct gr_hash_struct *ghash;
1933 -+ uid_t *domainlist;
1934 -+ unsigned int r_num;
1935 -+ int err = 0;
1936 -+ __u16 i;
1937 -+ __u32 num_subjs;
1938 ++ struct acl_object_label *obj;
1939 ++ __u32 oldmode, newmode;
1940 ++ __u32 needmode;
1941 ++ __u32 checkmodes = GR_FIND | GR_APPEND | GR_WRITE | GR_EXEC | GR_SETID | GR_READ |
1942 ++ GR_DELETE | GR_INHERIT;
1943 +
1944 -+ /* we need a default and kernel role */
1945 -+ if (arg->role_db.num_roles < 2)
1946 -+ return -EINVAL;
1947 ++ if (unlikely(!(gr_status & GR_READY)))
1948 ++ return (GR_CREATE | GR_LINK);
1949 +
1950 -+ /* copy special role authentication info from userspace */
1951 ++ obj = chk_obj_label(old_dentry, old_mnt, current->acl);
1952 ++ oldmode = obj->mode;
1953 +
1954 -+ num_sprole_pws = arg->num_sprole_pws;
1955 -+ acl_special_roles = (struct sprole_pw **) acl_alloc_num(num_sprole_pws, sizeof(struct sprole_pw *));
1956 ++ obj = gr_get_create_object(new_dentry, parent_dentry, parent_mnt);
1957 ++ newmode = obj->mode;
1958 +
1959 -+ if (!acl_special_roles && num_sprole_pws)
1960 -+ return -ENOMEM;
1961 ++ needmode = newmode & checkmodes;
1962 +
1963 -+ for (i = 0; i < num_sprole_pws; i++) {
1964 -+ sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
1965 -+ if (!sptmp)
1966 -+ return -ENOMEM;
1967 -+ if (copy_sprole_pw(sptmp, i, arg->sprole_pws))
1968 -+ return -EFAULT;
1969 ++ // old name for hardlink must have at least the permissions of the new name
1970 ++ if ((oldmode & needmode) != needmode)
1971 ++ goto bad;
1972 +
1973 -+ err = alloc_and_copy_string((char **)&sptmp->rolename, GR_SPROLE_LEN);
1974 -+ if (err)
1975 -+ return err;
1976 ++ // if old name had restrictions/auditing, make sure the new name does as well
1977 ++ needmode = oldmode & (GR_NOPTRACE | GR_PTRACERD | GR_INHERIT | GR_AUDITS);
1978 +
1979 -+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
1980 -+ printk(KERN_ALERT "Copying special role %s\n", sptmp->rolename);
1981 -+#endif
1982 ++ // don't allow hardlinking of suid/sgid/fcapped files without permission
1983 ++ if (is_privileged_binary(old_dentry))
1984 ++ needmode |= GR_SETID;
1985 +
1986 -+ acl_special_roles[i] = sptmp;
1987 -+ }
1988 ++ if ((newmode & needmode) != needmode)
1989 ++ goto bad;
1990 +
1991 -+ r_utmp = (struct acl_role_label **) arg->role_db.r_table;
1992 ++ // enforce minimum permissions
1993 ++ if ((newmode & (GR_CREATE | GR_LINK)) == (GR_CREATE | GR_LINK))
1994 ++ return newmode;
1995 ++bad:
1996 ++ needmode = oldmode;
1997 ++ if (is_privileged_binary(old_dentry))
1998 ++ needmode |= GR_SETID;
1999 ++
2000 ++ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) {
2001 ++ gr_log_learn(old_dentry, old_mnt, needmode | GR_CREATE | GR_LINK);
2002 ++ return (GR_CREATE | GR_LINK);
2003 ++ } else if (newmode & GR_SUPPRESS)
2004 ++ return GR_SUPPRESS;
2005 ++ else
2006 ++ return 0;
2007 ++}
2008 +
2009 -+ for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) {
2010 -+ r_tmp = acl_alloc(sizeof (struct acl_role_label));
2011 ++int
2012 ++gr_check_hidden_task(const struct task_struct *task)
2013 ++{
2014 ++ if (unlikely(!(gr_status & GR_READY)))
2015 ++ return 0;
2016 +
2017 -+ if (!r_tmp)
2018 -+ return -ENOMEM;
2019 ++ if (!(task->acl->mode & GR_PROCFIND) && !(current->acl->mode & GR_VIEW))
2020 ++ return 1;
2021 +
2022 -+ if (copy_pointer_from_array(&r_utmp2, r_num, r_utmp))
2023 -+ return -EFAULT;
2024 ++ return 0;
2025 ++}
2026 +
2027 -+ if (copy_acl_role_label(r_tmp, r_utmp2))
2028 -+ return -EFAULT;
2029 ++int
2030 ++gr_check_protected_task(const struct task_struct *task)
2031 ++{
2032 ++ if (unlikely(!(gr_status & GR_READY) || !task))
2033 ++ return 0;
2034 +
2035 -+ err = alloc_and_copy_string(&r_tmp->rolename, GR_SPROLE_LEN);
2036 -+ if (err)
2037 -+ return err;
2038 ++ if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
2039 ++ task->acl != current->acl)
2040 ++ return 1;
2041 +
2042 -+ if (!strcmp(r_tmp->rolename, "default")
2043 -+ && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
2044 -+ default_role = r_tmp;
2045 -+ } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) {
2046 -+ kernel_role = r_tmp;
2047 -+ }
2048 ++ return 0;
2049 ++}
2050 +
2051 -+ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL)
2052 -+ return -ENOMEM;
2053 ++int
2054 ++gr_check_protected_task_fowner(struct pid *pid, enum pid_type type)
2055 ++{
2056 ++ struct task_struct *p;
2057 ++ int ret = 0;
2058 +
2059 -+ if (copy_gr_hash_struct(ghash, r_tmp->hash))
2060 -+ return -EFAULT;
2061 ++ if (unlikely(!(gr_status & GR_READY) || !pid))
2062 ++ return ret;
2063 +
2064 -+ r_tmp->hash = ghash;
2065 ++ read_lock(&tasklist_lock);
2066 ++ do_each_pid_task(pid, type, p) {
2067 ++ if ((p->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
2068 ++ p->acl != current->acl) {
2069 ++ ret = 1;
2070 ++ goto out;
2071 ++ }
2072 ++ } while_each_pid_task(pid, type, p);
2073 ++out:
2074 ++ read_unlock(&tasklist_lock);
2075 +
2076 -+ num_subjs = count_user_subjs(r_tmp->hash->first);
2077 ++ return ret;
2078 ++}
2079 +
2080 -+ r_tmp->subj_hash_size = num_subjs;
2081 -+ r_tmp->subj_hash =
2082 -+ (struct acl_subject_label **)
2083 -+ create_table(&(r_tmp->subj_hash_size), sizeof(void *));
2084 ++void
2085 ++gr_copy_label(struct task_struct *tsk)
2086 ++{
2087 ++ struct task_struct *p = current;
2088 +
2089 -+ if (!r_tmp->subj_hash)
2090 -+ return -ENOMEM;
2091 ++ tsk->inherited = p->inherited;
2092 ++ tsk->acl_sp_role = 0;
2093 ++ tsk->acl_role_id = p->acl_role_id;
2094 ++ tsk->acl = p->acl;
2095 ++ tsk->role = p->role;
2096 ++ tsk->signal->used_accept = 0;
2097 ++ tsk->signal->curr_ip = p->signal->curr_ip;
2098 ++ tsk->signal->saved_ip = p->signal->saved_ip;
2099 ++ if (p->exec_file)
2100 ++ get_file(p->exec_file);
2101 ++ tsk->exec_file = p->exec_file;
2102 ++ tsk->is_writable = p->is_writable;
2103 ++ if (unlikely(p->signal->used_accept)) {
2104 ++ p->signal->curr_ip = 0;
2105 ++ p->signal->saved_ip = 0;
2106 ++ }
2107 +
2108 -+ err = copy_user_allowedips(r_tmp);
2109 -+ if (err)
2110 -+ return err;
2111 ++ return;
2112 ++}
2113 +
2114 -+ /* copy domain info */
2115 -+ if (r_tmp->domain_children != NULL) {
2116 -+ domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t));
2117 -+ if (domainlist == NULL)
2118 -+ return -ENOMEM;
2119 ++extern int gr_process_kernel_setuid_ban(struct user_struct *user);
2120 +
2121 -+ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t)))
2122 -+ return -EFAULT;
2123 ++int
2124 ++gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs)
2125 ++{
2126 ++ unsigned int i;
2127 ++ __u16 num;
2128 ++ uid_t *uidlist;
2129 ++ uid_t curuid;
2130 ++ int realok = 0;
2131 ++ int effectiveok = 0;
2132 ++ int fsok = 0;
2133 ++ uid_t globalreal, globaleffective, globalfs;
2134 +
2135 -+ r_tmp->domain_children = domainlist;
2136 -+ }
2137 ++#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT)
2138 ++ struct user_struct *user;
2139 +
2140 -+ err = copy_user_transitions(r_tmp);
2141 -+ if (err)
2142 -+ return err;
2143 ++ if (!uid_valid(real))
2144 ++ goto skipit;
2145 +
2146 -+ memset(r_tmp->subj_hash, 0,
2147 -+ r_tmp->subj_hash_size *
2148 -+ sizeof (struct acl_subject_label *));
2149 ++ /* find user based on global namespace */
2150 +
2151 -+ /* acquire the list of subjects, then NULL out
2152 -+ the list prior to parsing the subjects for this role,
2153 -+ as during this parsing the list is replaced with a list
2154 -+ of *nested* subjects for the role
2155 -+ */
2156 -+ subj_list = r_tmp->hash->first;
2157 ++ globalreal = GR_GLOBAL_UID(real);
2158 +
2159 -+ /* set nested subject list to null */
2160 -+ r_tmp->hash->first = NULL;
2161 ++ user = find_user(make_kuid(&init_user_ns, globalreal));
2162 ++ if (user == NULL)
2163 ++ goto skipit;
2164 +
2165 -+ err = copy_user_subjs(subj_list, r_tmp);
2166 ++ if (gr_process_kernel_setuid_ban(user)) {
2167 ++ /* for find_user */
2168 ++ free_uid(user);
2169 ++ return 1;
2170 ++ }
2171 +
2172 -+ if (err)
2173 -+ return err;
2174 ++ /* for find_user */
2175 ++ free_uid(user);
2176 +
2177 -+ insert_acl_role_label(r_tmp);
2178 -+ }
2179 ++skipit:
2180 ++#endif
2181 +
2182 -+ if (default_role == NULL || kernel_role == NULL)
2183 -+ return -EINVAL;
2184 ++ if (unlikely(!(gr_status & GR_READY)))
2185 ++ return 0;
2186 +
2187 -+ return err;
2188 -+}
2189 ++ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
2190 ++ gr_log_learn_uid_change(real, effective, fs);
2191 +
2192 -+static int
2193 -+gracl_init(struct gr_arg *args)
2194 -+{
2195 -+ int error = 0;
2196 ++ num = current->acl->user_trans_num;
2197 ++ uidlist = current->acl->user_transitions;
2198 +
2199 -+ memcpy(gr_system_salt, args->salt, GR_SALT_LEN);
2200 -+ memcpy(gr_system_sum, args->sum, GR_SHA_LEN);
2201 ++ if (uidlist == NULL)
2202 ++ return 0;
2203 +
2204 -+ if (init_variables(args)) {
2205 -+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
2206 -+ error = -ENOMEM;
2207 -+ free_variables();
2208 -+ goto out;
2209 ++ if (!uid_valid(real)) {
2210 ++ realok = 1;
2211 ++ globalreal = (uid_t)-1;
2212 ++ } else {
2213 ++ globalreal = GR_GLOBAL_UID(real);
2214 + }
2215 -+
2216 -+ error = copy_user_acl(args);
2217 -+ free_init_variables();
2218 -+ if (error) {
2219 -+ free_variables();
2220 -+ goto out;
2221 ++ if (!uid_valid(effective)) {
2222 ++ effectiveok = 1;
2223 ++ globaleffective = (uid_t)-1;
2224 ++ } else {
2225 ++ globaleffective = GR_GLOBAL_UID(effective);
2226 + }
2227 -+
2228 -+ if ((error = gr_set_acls(0))) {
2229 -+ free_variables();
2230 -+ goto out;
2231 ++ if (!uid_valid(fs)) {
2232 ++ fsok = 1;
2233 ++ globalfs = (uid_t)-1;
2234 ++ } else {
2235 ++ globalfs = GR_GLOBAL_UID(fs);
2236 + }
2237 +
2238 -+ pax_open_kernel();
2239 -+ gr_status |= GR_READY;
2240 -+ pax_close_kernel();
2241 ++ if (current->acl->user_trans_type & GR_ID_ALLOW) {
2242 ++ for (i = 0; i < num; i++) {
2243 ++ curuid = uidlist[i];
2244 ++ if (globalreal == curuid)
2245 ++ realok = 1;
2246 ++ if (globaleffective == curuid)
2247 ++ effectiveok = 1;
2248 ++ if (globalfs == curuid)
2249 ++ fsok = 1;
2250 ++ }
2251 ++ } else if (current->acl->user_trans_type & GR_ID_DENY) {
2252 ++ for (i = 0; i < num; i++) {
2253 ++ curuid = uidlist[i];
2254 ++ if (globalreal == curuid)
2255 ++ break;
2256 ++ if (globaleffective == curuid)
2257 ++ break;
2258 ++ if (globalfs == curuid)
2259 ++ break;
2260 ++ }
2261 ++ /* not in deny list */
2262 ++ if (i == num) {
2263 ++ realok = 1;
2264 ++ effectiveok = 1;
2265 ++ fsok = 1;
2266 ++ }
2267 ++ }
2268 +
2269 -+ out:
2270 -+ return error;
2271 ++ if (realok && effectiveok && fsok)
2272 ++ return 0;
2273 ++ else {
2274 ++ gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : globalfs) : globaleffective) : globalreal);
2275 ++ return 1;
2276 ++ }
2277 +}
2278 +
2279 -+/* derived from glibc fnmatch() 0: match, 1: no match*/
2280 -+
2281 -+static int
2282 -+glob_match(const char *p, const char *n)
2283 ++int
2284 ++gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs)
2285 +{
2286 -+ char c;
2287 ++ unsigned int i;
2288 ++ __u16 num;
2289 ++ gid_t *gidlist;
2290 ++ gid_t curgid;
2291 ++ int realok = 0;
2292 ++ int effectiveok = 0;
2293 ++ int fsok = 0;
2294 ++ gid_t globalreal, globaleffective, globalfs;
2295 +
2296 -+ while ((c = *p++) != '\0') {
2297 -+ switch (c) {
2298 -+ case '?':
2299 -+ if (*n == '\0')
2300 -+ return 1;
2301 -+ else if (*n == '/')
2302 -+ return 1;
2303 -+ break;
2304 -+ case '\\':
2305 -+ if (*n != c)
2306 -+ return 1;
2307 -+ break;
2308 -+ case '*':
2309 -+ for (c = *p++; c == '?' || c == '*'; c = *p++) {
2310 -+ if (*n == '/')
2311 -+ return 1;
2312 -+ else if (c == '?') {
2313 -+ if (*n == '\0')
2314 -+ return 1;
2315 -+ else
2316 -+ ++n;
2317 -+ }
2318 -+ }
2319 -+ if (c == '\0') {
2320 -+ return 0;
2321 -+ } else {
2322 -+ const char *endp;
2323 -+
2324 -+ if ((endp = strchr(n, '/')) == NULL)
2325 -+ endp = n + strlen(n);
2326 -+
2327 -+ if (c == '[') {
2328 -+ for (--p; n < endp; ++n)
2329 -+ if (!glob_match(p, n))
2330 -+ return 0;
2331 -+ } else if (c == '/') {
2332 -+ while (*n != '\0' && *n != '/')
2333 -+ ++n;
2334 -+ if (*n == '/' && !glob_match(p, n + 1))
2335 -+ return 0;
2336 -+ } else {
2337 -+ for (--p; n < endp; ++n)
2338 -+ if (*n == c && !glob_match(p, n))
2339 -+ return 0;
2340 -+ }
2341 -+
2342 -+ return 1;
2343 -+ }
2344 -+ case '[':
2345 -+ {
2346 -+ int not;
2347 -+ char cold;
2348 -+
2349 -+ if (*n == '\0' || *n == '/')
2350 -+ return 1;
2351 -+
2352 -+ not = (*p == '!' || *p == '^');
2353 -+ if (not)
2354 -+ ++p;
2355 -+
2356 -+ c = *p++;
2357 -+ for (;;) {
2358 -+ unsigned char fn = (unsigned char)*n;
2359 -+
2360 -+ if (c == '\0')
2361 -+ return 1;
2362 -+ else {
2363 -+ if (c == fn)
2364 -+ goto matched;
2365 -+ cold = c;
2366 -+ c = *p++;
2367 -+
2368 -+ if (c == '-' && *p != ']') {
2369 -+ unsigned char cend = *p++;
2370 -+
2371 -+ if (cend == '\0')
2372 -+ return 1;
2373 ++ if (unlikely(!(gr_status & GR_READY)))
2374 ++ return 0;
2375 +
2376 -+ if (cold <= fn && fn <= cend)
2377 -+ goto matched;
2378 ++ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
2379 ++ gr_log_learn_gid_change(real, effective, fs);
2380 +
2381 -+ c = *p++;
2382 -+ }
2383 -+ }
2384 ++ num = current->acl->group_trans_num;
2385 ++ gidlist = current->acl->group_transitions;
2386 +
2387 -+ if (c == ']')
2388 -+ break;
2389 -+ }
2390 -+ if (!not)
2391 -+ return 1;
2392 -+ break;
2393 -+ matched:
2394 -+ while (c != ']') {
2395 -+ if (c == '\0')
2396 -+ return 1;
2397 ++ if (gidlist == NULL)
2398 ++ return 0;
2399 +
2400 -+ c = *p++;
2401 -+ }
2402 -+ if (not)
2403 -+ return 1;
2404 -+ }
2405 -+ break;
2406 -+ default:
2407 -+ if (c != *n)
2408 -+ return 1;
2409 ++ if (!gid_valid(real)) {
2410 ++ realok = 1;
2411 ++ globalreal = (gid_t)-1;
2412 ++ } else {
2413 ++ globalreal = GR_GLOBAL_GID(real);
2414 + }
2415 -+
2416 -+ ++n;
2417 ++ if (!gid_valid(effective)) {
2418 ++ effectiveok = 1;
2419 ++ globaleffective = (gid_t)-1;
2420 ++ } else {
2421 ++ globaleffective = GR_GLOBAL_GID(effective);
2422 ++ }
2423 ++ if (!gid_valid(fs)) {
2424 ++ fsok = 1;
2425 ++ globalfs = (gid_t)-1;
2426 ++ } else {
2427 ++ globalfs = GR_GLOBAL_GID(fs);
2428 + }
2429 +
2430 -+ if (*n == '\0')
2431 -+ return 0;
2432 ++ if (current->acl->group_trans_type & GR_ID_ALLOW) {
2433 ++ for (i = 0; i < num; i++) {
2434 ++ curgid = gidlist[i];
2435 ++ if (globalreal == curgid)
2436 ++ realok = 1;
2437 ++ if (globaleffective == curgid)
2438 ++ effectiveok = 1;
2439 ++ if (globalfs == curgid)
2440 ++ fsok = 1;
2441 ++ }
2442 ++ } else if (current->acl->group_trans_type & GR_ID_DENY) {
2443 ++ for (i = 0; i < num; i++) {
2444 ++ curgid = gidlist[i];
2445 ++ if (globalreal == curgid)
2446 ++ break;
2447 ++ if (globaleffective == curgid)
2448 ++ break;
2449 ++ if (globalfs == curgid)
2450 ++ break;
2451 ++ }
2452 ++ /* not in deny list */
2453 ++ if (i == num) {
2454 ++ realok = 1;
2455 ++ effectiveok = 1;
2456 ++ fsok = 1;
2457 ++ }
2458 ++ }
2459 +
2460 -+ if (*n == '/')
2461 ++ if (realok && effectiveok && fsok)
2462 + return 0;
2463 -+
2464 -+ return 1;
2465 ++ else {
2466 ++ gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : globalfs) : globaleffective) : globalreal);
2467 ++ return 1;
2468 ++ }
2469 +}
2470 +
2471 -+static struct acl_object_label *
2472 -+chk_glob_label(struct acl_object_label *globbed,
2473 -+ const struct dentry *dentry, const struct vfsmount *mnt, char **path)
2474 ++extern int gr_acl_is_capable(const int cap);
2475 ++
2476 ++void
2477 ++gr_set_role_label(struct task_struct *task, const kuid_t kuid, const kgid_t kgid)
2478 +{
2479 -+ struct acl_object_label *tmp;
2480 ++ struct acl_role_label *role = task->role;
2481 ++ struct acl_subject_label *subj = NULL;
2482 ++ struct acl_object_label *obj;
2483 ++ struct file *filp;
2484 ++ uid_t uid;
2485 ++ gid_t gid;
2486 +
2487 -+ if (*path == NULL)
2488 -+ *path = gr_to_filename_nolock(dentry, mnt);
2489 ++ if (unlikely(!(gr_status & GR_READY)))
2490 ++ return;
2491 +
2492 -+ tmp = globbed;
2493 ++ uid = GR_GLOBAL_UID(kuid);
2494 ++ gid = GR_GLOBAL_GID(kgid);
2495 +
2496 -+ while (tmp) {
2497 -+ if (!glob_match(tmp->filename, *path))
2498 -+ return tmp;
2499 -+ tmp = tmp->next;
2500 ++ filp = task->exec_file;
2501 ++
2502 ++ /* kernel process, we'll give them the kernel role */
2503 ++ if (unlikely(!filp)) {
2504 ++ task->role = running_polstate.kernel_role;
2505 ++ task->acl = running_polstate.kernel_role->root_label;
2506 ++ return;
2507 ++ } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL)) {
2508 ++ /* save the current ip at time of role lookup so that the proper
2509 ++ IP will be learned for role_allowed_ip */
2510 ++ task->signal->saved_ip = task->signal->curr_ip;
2511 ++ role = lookup_acl_role_label(task, uid, gid);
2512 + }
2513 +
2514 -+ return NULL;
2515 -+}
2516 ++ /* don't change the role if we're not a privileged process */
2517 ++ if (role && task->role != role &&
2518 ++ (((role->roletype & GR_ROLE_USER) && !gr_acl_is_capable(CAP_SETUID)) ||
2519 ++ ((role->roletype & GR_ROLE_GROUP) && !gr_acl_is_capable(CAP_SETGID))))
2520 ++ return;
2521 +
2522 -+static struct acl_object_label *
2523 -+__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
2524 -+ const ino_t curr_ino, const dev_t curr_dev,
2525 -+ const struct acl_subject_label *subj, char **path, const int checkglob)
2526 -+{
2527 -+ struct acl_subject_label *tmpsubj;
2528 -+ struct acl_object_label *retval;
2529 -+ struct acl_object_label *retval2;
2530 ++ /* perform subject lookup in possibly new role
2531 ++ we can use this result below in the case where role == task->role
2532 ++ */
2533 ++ subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role);
2534 +
2535 -+ tmpsubj = (struct acl_subject_label *) subj;
2536 -+ read_lock(&gr_inode_lock);
2537 -+ do {
2538 -+ retval = lookup_acl_obj_label(curr_ino, curr_dev, tmpsubj);
2539 -+ if (retval) {
2540 -+ if (checkglob && retval->globbed) {
2541 -+ retval2 = chk_glob_label(retval->globbed, orig_dentry, orig_mnt, path);
2542 -+ if (retval2)
2543 -+ retval = retval2;
2544 -+ }
2545 -+ break;
2546 -+ }
2547 -+ } while ((tmpsubj = tmpsubj->parent_subject));
2548 -+ read_unlock(&gr_inode_lock);
2549 ++ /* if we changed uid/gid, but result in the same role
2550 ++ and are using inheritance, don't lose the inherited subject
2551 ++ if current subject is other than what normal lookup
2552 ++ would result in, we arrived via inheritance, don't
2553 ++ lose subject
2554 ++ */
2555 ++ if (role != task->role || (!(task->acl->mode & GR_INHERITLEARN) &&
2556 ++ (subj == task->acl)))
2557 ++ task->acl = subj;
2558 +
2559 -+ return retval;
2560 -+}
2561 ++ /* leave task->inherited unaffected */
2562 +
2563 -+static __inline__ struct acl_object_label *
2564 -+full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
2565 -+ struct dentry *curr_dentry,
2566 -+ const struct acl_subject_label *subj, char **path, const int checkglob)
2567 -+{
2568 -+ int newglob = checkglob;
2569 -+ ino_t inode;
2570 -+ dev_t device;
2571 ++ task->role = role;
2572 +
2573 -+ /* if we aren't checking a subdirectory of the original path yet, don't do glob checking
2574 -+ as we don't want a / * rule to match instead of the / object
2575 -+ don't do this for create lookups that call this function though, since they're looking up
2576 -+ on the parent and thus need globbing checks on all paths
2577 -+ */
2578 -+ if (orig_dentry == curr_dentry && newglob != GR_CREATE_GLOB)
2579 -+ newglob = GR_NO_GLOB;
2580 ++ task->is_writable = 0;
2581 +
2582 -+ spin_lock(&curr_dentry->d_lock);
2583 -+ inode = curr_dentry->d_inode->i_ino;
2584 -+ device = __get_dev(curr_dentry);
2585 -+ spin_unlock(&curr_dentry->d_lock);
2586 ++ /* ignore additional mmap checks for processes that are writable
2587 ++ by the default ACL */
2588 ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, running_polstate.default_role->root_label);
2589 ++ if (unlikely(obj->mode & GR_WRITE))
2590 ++ task->is_writable = 1;
2591 ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
2592 ++ if (unlikely(obj->mode & GR_WRITE))
2593 ++ task->is_writable = 1;
2594 +
2595 -+ return __full_lookup(orig_dentry, orig_mnt, inode, device, subj, path, newglob);
2596 -+}
2597 ++#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
2598 ++ printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename);
2599 ++#endif
2600 +
2601 -+#ifdef CONFIG_HUGETLBFS
2602 -+static inline bool
2603 -+is_hugetlbfs_mnt(const struct vfsmount *mnt)
2604 -+{
2605 -+ int i;
2606 -+ for (i = 0; i < HUGE_MAX_HSTATE; i++) {
2607 -+ if (unlikely(hugetlbfs_vfsmount[i] == mnt))
2608 -+ return true;
2609 -+ }
2610 ++ gr_set_proc_res(task);
2611 +
2612 -+ return false;
2613 ++ return;
2614 +}
2615 -+#endif
2616 +
2617 -+static struct acl_object_label *
2618 -+__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
2619 -+ const struct acl_subject_label *subj, char *path, const int checkglob)
2620 ++int
2621 ++gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
2622 ++ const int unsafe_flags)
2623 +{
2624 -+ struct dentry *dentry = (struct dentry *) l_dentry;
2625 -+ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
2626 -+ struct mount *real_mnt = real_mount(mnt);
2627 -+ struct acl_object_label *retval;
2628 -+ struct dentry *parent;
2629 -+
2630 -+ br_read_lock(&vfsmount_lock);
2631 -+ write_seqlock(&rename_lock);
2632 ++ struct task_struct *task = current;
2633 ++ struct acl_subject_label *newacl;
2634 ++ struct acl_object_label *obj;
2635 ++ __u32 retmode;
2636 +
2637 -+ if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt ||
2638 -+#ifdef CONFIG_NET
2639 -+ mnt == sock_mnt ||
2640 -+#endif
2641 -+#ifdef CONFIG_HUGETLBFS
2642 -+ (is_hugetlbfs_mnt(mnt) && dentry->d_inode->i_nlink == 0) ||
2643 -+#endif
2644 -+ /* ignore Eric Biederman */
2645 -+ IS_PRIVATE(l_dentry->d_inode))) {
2646 -+ retval = (subj->mode & GR_SHMEXEC) ? fakefs_obj_rwx : fakefs_obj_rw;
2647 -+ goto out;
2648 -+ }
2649 ++ if (unlikely(!(gr_status & GR_READY)))
2650 ++ return 0;
2651 +
2652 -+ for (;;) {
2653 -+ if (dentry == real_root.dentry && mnt == real_root.mnt)
2654 -+ break;
2655 ++ newacl = chk_subj_label(dentry, mnt, task->role);
2656 +
2657 -+ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
2658 -+ if (!mnt_has_parent(real_mnt))
2659 -+ break;
2660 ++ /* special handling for if we did an strace -f -p <pid> from an admin role, where pid then
2661 ++ did an exec
2662 ++ */
2663 ++ rcu_read_lock();
2664 ++ read_lock(&tasklist_lock);
2665 ++ if (task->ptrace && task->parent && ((task->parent->role->roletype & GR_ROLE_GOD) ||
2666 ++ (task->parent->acl->mode & GR_POVERRIDE))) {
2667 ++ read_unlock(&tasklist_lock);
2668 ++ rcu_read_unlock();
2669 ++ goto skip_check;
2670 ++ }
2671 ++ read_unlock(&tasklist_lock);
2672 ++ rcu_read_unlock();
2673 +
2674 -+ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
2675 -+ if (retval != NULL)
2676 -+ goto out;
2677 ++ if (unsafe_flags && !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) &&
2678 ++ !(task->role->roletype & GR_ROLE_GOD) &&
2679 ++ !gr_search_file(dentry, GR_PTRACERD, mnt) &&
2680 ++ !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN))) {
2681 ++ if (unsafe_flags & LSM_UNSAFE_SHARE)
2682 ++ gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt);
2683 ++ else
2684 ++ gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt);
2685 ++ return -EACCES;
2686 ++ }
2687 +
2688 -+ dentry = real_mnt->mnt_mountpoint;
2689 -+ real_mnt = real_mnt->mnt_parent;
2690 -+ mnt = &real_mnt->mnt;
2691 -+ continue;
2692 -+ }
2693 ++skip_check:
2694 +
2695 -+ parent = dentry->d_parent;
2696 -+ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
2697 -+ if (retval != NULL)
2698 -+ goto out;
2699 ++ obj = chk_obj_label(dentry, mnt, task->acl);
2700 ++ retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
2701 +
2702 -+ dentry = parent;
2703 ++ if (!(task->acl->mode & GR_INHERITLEARN) &&
2704 ++ ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT))) {
2705 ++ if (obj->nested)
2706 ++ task->acl = obj->nested;
2707 ++ else
2708 ++ task->acl = newacl;
2709 ++ task->inherited = 0;
2710 ++ } else {
2711 ++ task->inherited = 1;
2712 ++ if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT)
2713 ++ gr_log_str_fs(GR_DO_AUDIT, GR_INHERIT_ACL_MSG, task->acl->filename, dentry, mnt);
2714 + }
2715 +
2716 -+ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
2717 ++ task->is_writable = 0;
2718 +
2719 -+ /* real_root is pinned so we don't have to hold a reference */
2720 -+ if (retval == NULL)
2721 -+ retval = full_lookup(l_dentry, l_mnt, real_root.dentry, subj, &path, checkglob);
2722 -+out:
2723 -+ write_sequnlock(&rename_lock);
2724 -+ br_read_unlock(&vfsmount_lock);
2725 ++ /* ignore additional mmap checks for processes that are writable
2726 ++ by the default ACL */
2727 ++ obj = chk_obj_label(dentry, mnt, running_polstate.default_role->root_label);
2728 ++ if (unlikely(obj->mode & GR_WRITE))
2729 ++ task->is_writable = 1;
2730 ++ obj = chk_obj_label(dentry, mnt, task->role->root_label);
2731 ++ if (unlikely(obj->mode & GR_WRITE))
2732 ++ task->is_writable = 1;
2733 +
2734 -+ BUG_ON(retval == NULL);
2735 ++ gr_set_proc_res(task);
2736 +
2737 -+ return retval;
2738 ++#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
2739 ++ printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename);
2740 ++#endif
2741 ++ return 0;
2742 +}
2743 +
2744 -+static __inline__ struct acl_object_label *
2745 -+chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
2746 -+ const struct acl_subject_label *subj)
2747 ++/* always called with valid inodev ptr */
2748 ++static void
2749 ++do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev)
2750 +{
2751 -+ char *path = NULL;
2752 -+ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_REG_GLOB);
2753 -+}
2754 ++ struct acl_object_label *matchpo;
2755 ++ struct acl_subject_label *matchps;
2756 ++ struct acl_subject_label *subj;
2757 ++ struct acl_role_label *role;
2758 ++ unsigned int x;
2759 +
2760 -+static __inline__ struct acl_object_label *
2761 -+chk_obj_label_noglob(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
2762 -+ const struct acl_subject_label *subj)
2763 -+{
2764 -+ char *path = NULL;
2765 -+ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_NO_GLOB);
2766 -+}
2767 ++ FOR_EACH_ROLE_START(role)
2768 ++ FOR_EACH_SUBJECT_START(role, subj, x)
2769 ++ if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
2770 ++ matchpo->mode |= GR_DELETED;
2771 ++ FOR_EACH_SUBJECT_END(subj,x)
2772 ++ FOR_EACH_NESTED_SUBJECT_START(role, subj)
2773 ++ /* nested subjects aren't in the role's subj_hash table */
2774 ++ if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
2775 ++ matchpo->mode |= GR_DELETED;
2776 ++ FOR_EACH_NESTED_SUBJECT_END(subj)
2777 ++ if ((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL)
2778 ++ matchps->mode |= GR_DELETED;
2779 ++ FOR_EACH_ROLE_END(role)
2780 +
2781 -+static __inline__ struct acl_object_label *
2782 -+chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
2783 -+ const struct acl_subject_label *subj, char *path)
2784 -+{
2785 -+ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_CREATE_GLOB);
2786 ++ inodev->nentry->deleted = 1;
2787 ++
2788 ++ return;
2789 +}
2790 +
2791 -+static struct acl_subject_label *
2792 -+chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
2793 -+ const struct acl_role_label *role)
2794 ++void
2795 ++gr_handle_delete(const ino_t ino, const dev_t dev)
2796 +{
2797 -+ struct dentry *dentry = (struct dentry *) l_dentry;
2798 -+ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
2799 -+ struct mount *real_mnt = real_mount(mnt);
2800 -+ struct acl_subject_label *retval;
2801 -+ struct dentry *parent;
2802 ++ struct inodev_entry *inodev;
2803 +
2804 -+ br_read_lock(&vfsmount_lock);
2805 -+ write_seqlock(&rename_lock);
2806 ++ if (unlikely(!(gr_status & GR_READY)))
2807 ++ return;
2808 +
2809 -+ for (;;) {
2810 -+ if (dentry == real_root.dentry && mnt == real_root.mnt)
2811 -+ break;
2812 -+ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
2813 -+ if (!mnt_has_parent(real_mnt))
2814 -+ break;
2815 ++ write_lock(&gr_inode_lock);
2816 ++ inodev = lookup_inodev_entry(ino, dev);
2817 ++ if (inodev != NULL)
2818 ++ do_handle_delete(inodev, ino, dev);
2819 ++ write_unlock(&gr_inode_lock);
2820 +
2821 -+ spin_lock(&dentry->d_lock);
2822 -+ read_lock(&gr_inode_lock);
2823 -+ retval =
2824 -+ lookup_acl_subj_label(dentry->d_inode->i_ino,
2825 -+ __get_dev(dentry), role);
2826 -+ read_unlock(&gr_inode_lock);
2827 -+ spin_unlock(&dentry->d_lock);
2828 -+ if (retval != NULL)
2829 -+ goto out;
2830 ++ return;
2831 ++}
2832 +
2833 -+ dentry = real_mnt->mnt_mountpoint;
2834 -+ real_mnt = real_mnt->mnt_parent;
2835 -+ mnt = &real_mnt->mnt;
2836 -+ continue;
2837 -+ }
2838 ++static void
2839 ++update_acl_obj_label(const ino_t oldinode, const dev_t olddevice,
2840 ++ const ino_t newinode, const dev_t newdevice,
2841 ++ struct acl_subject_label *subj)
2842 ++{
2843 ++ unsigned int index = gr_fhash(oldinode, olddevice, subj->obj_hash_size);
2844 ++ struct acl_object_label *match;
2845 +
2846 -+ spin_lock(&dentry->d_lock);
2847 -+ read_lock(&gr_inode_lock);
2848 -+ retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
2849 -+ __get_dev(dentry), role);
2850 -+ read_unlock(&gr_inode_lock);
2851 -+ parent = dentry->d_parent;
2852 -+ spin_unlock(&dentry->d_lock);
2853 ++ match = subj->obj_hash[index];
2854 +
2855 -+ if (retval != NULL)
2856 -+ goto out;
2857 ++ while (match && (match->inode != oldinode ||
2858 ++ match->device != olddevice ||
2859 ++ !(match->mode & GR_DELETED)))
2860 ++ match = match->next;
2861 +
2862 -+ dentry = parent;
2863 ++ if (match && (match->inode == oldinode)
2864 ++ && (match->device == olddevice)
2865 ++ && (match->mode & GR_DELETED)) {
2866 ++ if (match->prev == NULL) {
2867 ++ subj->obj_hash[index] = match->next;
2868 ++ if (match->next != NULL)
2869 ++ match->next->prev = NULL;
2870 ++ } else {
2871 ++ match->prev->next = match->next;
2872 ++ if (match->next != NULL)
2873 ++ match->next->prev = match->prev;
2874 ++ }
2875 ++ match->prev = NULL;
2876 ++ match->next = NULL;
2877 ++ match->inode = newinode;
2878 ++ match->device = newdevice;
2879 ++ match->mode &= ~GR_DELETED;
2880 ++
2881 ++ insert_acl_obj_label(match, subj);
2882 + }
2883 +
2884 -+ spin_lock(&dentry->d_lock);
2885 -+ read_lock(&gr_inode_lock);
2886 -+ retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
2887 -+ __get_dev(dentry), role);
2888 -+ read_unlock(&gr_inode_lock);
2889 -+ spin_unlock(&dentry->d_lock);
2890 ++ return;
2891 ++}
2892 +
2893 -+ if (unlikely(retval == NULL)) {
2894 -+ /* real_root is pinned, we don't need to hold a reference */
2895 -+ read_lock(&gr_inode_lock);
2896 -+ retval = lookup_acl_subj_label(real_root.dentry->d_inode->i_ino,
2897 -+ __get_dev(real_root.dentry), role);
2898 -+ read_unlock(&gr_inode_lock);
2899 -+ }
2900 -+out:
2901 -+ write_sequnlock(&rename_lock);
2902 -+ br_read_unlock(&vfsmount_lock);
2903 ++static void
2904 ++update_acl_subj_label(const ino_t oldinode, const dev_t olddevice,
2905 ++ const ino_t newinode, const dev_t newdevice,
2906 ++ struct acl_role_label *role)
2907 ++{
2908 ++ unsigned int index = gr_fhash(oldinode, olddevice, role->subj_hash_size);
2909 ++ struct acl_subject_label *match;
2910 +
2911 -+ BUG_ON(retval == NULL);
2912 ++ match = role->subj_hash[index];
2913 +
2914 -+ return retval;
2915 ++ while (match && (match->inode != oldinode ||
2916 ++ match->device != olddevice ||
2917 ++ !(match->mode & GR_DELETED)))
2918 ++ match = match->next;
2919 ++
2920 ++ if (match && (match->inode == oldinode)
2921 ++ && (match->device == olddevice)
2922 ++ && (match->mode & GR_DELETED)) {
2923 ++ if (match->prev == NULL) {
2924 ++ role->subj_hash[index] = match->next;
2925 ++ if (match->next != NULL)
2926 ++ match->next->prev = NULL;
2927 ++ } else {
2928 ++ match->prev->next = match->next;
2929 ++ if (match->next != NULL)
2930 ++ match->next->prev = match->prev;
2931 ++ }
2932 ++ match->prev = NULL;
2933 ++ match->next = NULL;
2934 ++ match->inode = newinode;
2935 ++ match->device = newdevice;
2936 ++ match->mode &= ~GR_DELETED;
2937 ++
2938 ++ insert_acl_subj_label(match, role);
2939 ++ }
2940 ++
2941 ++ return;
2942 +}
2943 +
2944 +static void
2945 -+gr_log_learn(const struct dentry *dentry, const struct vfsmount *mnt, const __u32 mode)
2946 ++update_inodev_entry(const ino_t oldinode, const dev_t olddevice,
2947 ++ const ino_t newinode, const dev_t newdevice)
2948 +{
2949 -+ struct task_struct *task = current;
2950 -+ const struct cred *cred = current_cred();
2951 ++ unsigned int index = gr_fhash(oldinode, olddevice, running_polstate.inodev_set.i_size);
2952 ++ struct inodev_entry *match;
2953 +
2954 -+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
2955 -+ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
2956 -+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
2957 -+ 1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, &task->signal->saved_ip);
2958 ++ match = running_polstate.inodev_set.i_hash[index];
2959 ++
2960 ++ while (match && (match->nentry->inode != oldinode ||
2961 ++ match->nentry->device != olddevice || !match->nentry->deleted))
2962 ++ match = match->next;
2963 ++
2964 ++ if (match && (match->nentry->inode == oldinode)
2965 ++ && (match->nentry->device == olddevice) &&
2966 ++ match->nentry->deleted) {
2967 ++ if (match->prev == NULL) {
2968 ++ running_polstate.inodev_set.i_hash[index] = match->next;
2969 ++ if (match->next != NULL)
2970 ++ match->next->prev = NULL;
2971 ++ } else {
2972 ++ match->prev->next = match->next;
2973 ++ if (match->next != NULL)
2974 ++ match->next->prev = match->prev;
2975 ++ }
2976 ++ match->prev = NULL;
2977 ++ match->next = NULL;
2978 ++ match->nentry->inode = newinode;
2979 ++ match->nentry->device = newdevice;
2980 ++ match->nentry->deleted = 0;
2981 ++
2982 ++ insert_inodev_entry(match);
2983 ++ }
2984 +
2985 + return;
2986 +}
2987 +
2988 +static void
2989 -+gr_log_learn_uid_change(const kuid_t real, const kuid_t effective, const kuid_t fs)
2990 ++__do_handle_create(const struct name_entry *matchn, ino_t ino, dev_t dev)
2991 +{
2992 -+ struct task_struct *task = current;
2993 -+ const struct cred *cred = current_cred();
2994 ++ struct acl_subject_label *subj;
2995 ++ struct acl_role_label *role;
2996 ++ unsigned int x;
2997 +
2998 -+ security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
2999 -+ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
3000 -+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
3001 -+ 'u', GR_GLOBAL_UID(real), GR_GLOBAL_UID(effective), GR_GLOBAL_UID(fs), &task->signal->saved_ip);
3002 ++ FOR_EACH_ROLE_START(role)
3003 ++ update_acl_subj_label(matchn->inode, matchn->device, ino, dev, role);
3004 ++
3005 ++ FOR_EACH_NESTED_SUBJECT_START(role, subj)
3006 ++ if ((subj->inode == ino) && (subj->device == dev)) {
3007 ++ subj->inode = ino;
3008 ++ subj->device = dev;
3009 ++ }
3010 ++ /* nested subjects aren't in the role's subj_hash table */
3011 ++ update_acl_obj_label(matchn->inode, matchn->device,
3012 ++ ino, dev, subj);
3013 ++ FOR_EACH_NESTED_SUBJECT_END(subj)
3014 ++ FOR_EACH_SUBJECT_START(role, subj, x)
3015 ++ update_acl_obj_label(matchn->inode, matchn->device,
3016 ++ ino, dev, subj);
3017 ++ FOR_EACH_SUBJECT_END(subj,x)
3018 ++ FOR_EACH_ROLE_END(role)
3019 ++
3020 ++ update_inodev_entry(matchn->inode, matchn->device, ino, dev);
3021 +
3022 + return;
3023 +}
3024 +
3025 +static void
3026 -+gr_log_learn_gid_change(const kgid_t real, const kgid_t effective, const kgid_t fs)
3027 ++do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
3028 ++ const struct vfsmount *mnt)
3029 +{
3030 -+ struct task_struct *task = current;
3031 -+ const struct cred *cred = current_cred();
3032 ++ ino_t ino = dentry->d_inode->i_ino;
3033 ++ dev_t dev = __get_dev(dentry);
3034 +
3035 -+ security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
3036 -+ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
3037 -+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
3038 -+ 'g', GR_GLOBAL_GID(real), GR_GLOBAL_GID(effective), GR_GLOBAL_GID(fs), &task->signal->saved_ip);
3039 ++ __do_handle_create(matchn, ino, dev);
3040 +
3041 + return;
3042 +}
3043 +
3044 -+__u32
3045 -+gr_search_file(const struct dentry * dentry, const __u32 mode,
3046 -+ const struct vfsmount * mnt)
3047 ++void
3048 ++gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
3049 +{
3050 -+ __u32 retval = mode;
3051 -+ struct acl_subject_label *curracl;
3052 -+ struct acl_object_label *currobj;
3053 ++ struct name_entry *matchn;
3054 +
3055 + if (unlikely(!(gr_status & GR_READY)))
3056 -+ return (mode & ~GR_AUDITS);
3057 -+
3058 -+ curracl = current->acl;
3059 -+
3060 -+ currobj = chk_obj_label(dentry, mnt, curracl);
3061 -+ retval = currobj->mode & mode;
3062 ++ return;
3063 +
3064 -+ /* if we're opening a specified transfer file for writing
3065 -+ (e.g. /dev/initctl), then transfer our role to init
3066 -+ */
3067 -+ if (unlikely(currobj->mode & GR_INIT_TRANSFER && retval & GR_WRITE &&
3068 -+ current->role->roletype & GR_ROLE_PERSIST)) {
3069 -+ struct task_struct *task = init_pid_ns.child_reaper;
3070 ++ preempt_disable();
3071 ++ matchn = lookup_name_entry(gr_to_filename_rbac(dentry, mnt));
3072 +
3073 -+ if (task->role != current->role) {
3074 -+ task->acl_sp_role = 0;
3075 -+ task->acl_role_id = current->acl_role_id;
3076 -+ task->role = current->role;
3077 -+ rcu_read_lock();
3078 -+ read_lock(&grsec_exec_file_lock);
3079 -+ gr_apply_subject_to_task(task);
3080 -+ read_unlock(&grsec_exec_file_lock);
3081 -+ rcu_read_unlock();
3082 -+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_INIT_TRANSFER_MSG);
3083 -+ }
3084 ++ if (unlikely((unsigned long)matchn)) {
3085 ++ write_lock(&gr_inode_lock);
3086 ++ do_handle_create(matchn, dentry, mnt);
3087 ++ write_unlock(&gr_inode_lock);
3088 + }
3089 ++ preempt_enable();
3090 +
3091 -+ if (unlikely
3092 -+ ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) && !(mode & GR_NOPTRACE)
3093 -+ && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) {
3094 -+ __u32 new_mode = mode;
3095 ++ return;
3096 ++}
3097 +
3098 -+ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
3099 ++void
3100 ++gr_handle_proc_create(const struct dentry *dentry, const struct inode *inode)
3101 ++{
3102 ++ struct name_entry *matchn;
3103 +
3104 -+ retval = new_mode;
3105 ++ if (unlikely(!(gr_status & GR_READY)))
3106 ++ return;
3107 +
3108 -+ if (new_mode & GR_EXEC && curracl->mode & GR_INHERITLEARN)
3109 -+ new_mode |= GR_INHERIT;
3110 ++ preempt_disable();
3111 ++ matchn = lookup_name_entry(gr_to_proc_filename_rbac(dentry, init_pid_ns.proc_mnt));
3112 +
3113 -+ if (!(mode & GR_NOLEARN))
3114 -+ gr_log_learn(dentry, mnt, new_mode);
3115 ++ if (unlikely((unsigned long)matchn)) {
3116 ++ write_lock(&gr_inode_lock);
3117 ++ __do_handle_create(matchn, inode->i_ino, inode->i_sb->s_dev);
3118 ++ write_unlock(&gr_inode_lock);
3119 + }
3120 ++ preempt_enable();
3121 +
3122 -+ return retval;
3123 ++ return;
3124 +}
3125 +
3126 -+struct acl_object_label *gr_get_create_object(const struct dentry *new_dentry,
3127 -+ const struct dentry *parent,
3128 -+ const struct vfsmount *mnt)
3129 ++void
3130 ++gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
3131 ++ struct dentry *old_dentry,
3132 ++ struct dentry *new_dentry,
3133 ++ struct vfsmount *mnt, const __u8 replace)
3134 +{
3135 -+ struct name_entry *match;
3136 -+ struct acl_object_label *matchpo;
3137 -+ struct acl_subject_label *curracl;
3138 -+ char *path;
3139 ++ struct name_entry *matchn;
3140 ++ struct inodev_entry *inodev;
3141 ++ struct inode *inode = new_dentry->d_inode;
3142 ++ ino_t old_ino = old_dentry->d_inode->i_ino;
3143 ++ dev_t old_dev = __get_dev(old_dentry);
3144 ++
3145 ++ /* vfs_rename swaps the name and parent link for old_dentry and
3146 ++ new_dentry
3147 ++ at this point, old_dentry has the new name, parent link, and inode
3148 ++ for the renamed file
3149 ++ if a file is being replaced by a rename, new_dentry has the inode
3150 ++ and name for the replaced file
3151 ++ */
3152 +
3153 + if (unlikely(!(gr_status & GR_READY)))
3154 -+ return NULL;
3155 ++ return;
3156 +
3157 + preempt_disable();
3158 -+ path = gr_to_filename_rbac(new_dentry, mnt);
3159 -+ match = lookup_name_entry_create(path);
3160 ++ matchn = lookup_name_entry(gr_to_filename_rbac(old_dentry, mnt));
3161 +
3162 -+ curracl = current->acl;
3163 ++ /* we wouldn't have to check d_inode if it weren't for
3164 ++ NFS silly-renaming
3165 ++ */
3166 +
3167 -+ if (match) {
3168 -+ read_lock(&gr_inode_lock);
3169 -+ matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl);
3170 -+ read_unlock(&gr_inode_lock);
3171 ++ write_lock(&gr_inode_lock);
3172 ++ if (unlikely(replace && inode)) {
3173 ++ ino_t new_ino = inode->i_ino;
3174 ++ dev_t new_dev = __get_dev(new_dentry);
3175 +
3176 -+ if (matchpo) {
3177 -+ preempt_enable();
3178 -+ return matchpo;
3179 -+ }
3180 ++ inodev = lookup_inodev_entry(new_ino, new_dev);
3181 ++ if (inodev != NULL && ((inode->i_nlink <= 1) || S_ISDIR(inode->i_mode)))
3182 ++ do_handle_delete(inodev, new_ino, new_dev);
3183 + }
3184 +
3185 -+ // lookup parent
3186 ++ inodev = lookup_inodev_entry(old_ino, old_dev);
3187 ++ if (inodev != NULL && ((old_dentry->d_inode->i_nlink <= 1) || S_ISDIR(old_dentry->d_inode->i_mode)))
3188 ++ do_handle_delete(inodev, old_ino, old_dev);
3189 +
3190 -+ matchpo = chk_obj_create_label(parent, mnt, curracl, path);
3191 ++ if (unlikely((unsigned long)matchn))
3192 ++ do_handle_create(matchn, old_dentry, mnt);
3193 +
3194 ++ write_unlock(&gr_inode_lock);
3195 + preempt_enable();
3196 -+ return matchpo;
3197 ++
3198 ++ return;
3199 +}
3200 +
3201 -+__u32
3202 -+gr_check_create(const struct dentry * new_dentry, const struct dentry * parent,
3203 -+ const struct vfsmount * mnt, const __u32 mode)
3204 ++#if defined(CONFIG_GRKERNSEC_RESLOG) || !defined(CONFIG_GRKERNSEC_NO_RBAC)
3205 ++static const unsigned long res_learn_bumps[GR_NLIMITS] = {
3206 ++ [RLIMIT_CPU] = GR_RLIM_CPU_BUMP,
3207 ++ [RLIMIT_FSIZE] = GR_RLIM_FSIZE_BUMP,
3208 ++ [RLIMIT_DATA] = GR_RLIM_DATA_BUMP,
3209 ++ [RLIMIT_STACK] = GR_RLIM_STACK_BUMP,
3210 ++ [RLIMIT_CORE] = GR_RLIM_CORE_BUMP,
3211 ++ [RLIMIT_RSS] = GR_RLIM_RSS_BUMP,
3212 ++ [RLIMIT_NPROC] = GR_RLIM_NPROC_BUMP,
3213 ++ [RLIMIT_NOFILE] = GR_RLIM_NOFILE_BUMP,
3214 ++ [RLIMIT_MEMLOCK] = GR_RLIM_MEMLOCK_BUMP,
3215 ++ [RLIMIT_AS] = GR_RLIM_AS_BUMP,
3216 ++ [RLIMIT_LOCKS] = GR_RLIM_LOCKS_BUMP,
3217 ++ [RLIMIT_SIGPENDING] = GR_RLIM_SIGPENDING_BUMP,
3218 ++ [RLIMIT_MSGQUEUE] = GR_RLIM_MSGQUEUE_BUMP,
3219 ++ [RLIMIT_NICE] = GR_RLIM_NICE_BUMP,
3220 ++ [RLIMIT_RTPRIO] = GR_RLIM_RTPRIO_BUMP,
3221 ++ [RLIMIT_RTTIME] = GR_RLIM_RTTIME_BUMP
3222 ++};
3223 ++
3224 ++void
3225 ++gr_learn_resource(const struct task_struct *task,
3226 ++ const int res, const unsigned long wanted, const int gt)
3227 +{
3228 -+ struct acl_object_label *matchpo;
3229 -+ __u32 retval;
3230 ++ struct acl_subject_label *acl;
3231 ++ const struct cred *cred;
3232 +
3233 -+ if (unlikely(!(gr_status & GR_READY)))
3234 -+ return (mode & ~GR_AUDITS);
3235 ++ if (unlikely((gr_status & GR_READY) &&
3236 ++ task->acl && (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))))
3237 ++ goto skip_reslog;
3238 +
3239 -+ matchpo = gr_get_create_object(new_dentry, parent, mnt);
3240 ++ gr_log_resource(task, res, wanted, gt);
3241 ++skip_reslog:
3242 +
3243 -+ retval = matchpo->mode & mode;
3244 ++ if (unlikely(!(gr_status & GR_READY) || !wanted || res >= GR_NLIMITS))
3245 ++ return;
3246 +
3247 -+ if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS)))
3248 -+ && (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))) {
3249 -+ __u32 new_mode = mode;
3250 ++ acl = task->acl;
3251 +
3252 -+ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
3253 ++ if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) ||
3254 ++ !(acl->resmask & (1U << (unsigned short) res))))
3255 ++ return;
3256 +
3257 -+ gr_log_learn(new_dentry, mnt, new_mode);
3258 -+ return new_mode;
3259 ++ if (wanted >= acl->res[res].rlim_cur) {
3260 ++ unsigned long res_add;
3261 ++
3262 ++ res_add = wanted + res_learn_bumps[res];
3263 ++
3264 ++ acl->res[res].rlim_cur = res_add;
3265 ++
3266 ++ if (wanted > acl->res[res].rlim_max)
3267 ++ acl->res[res].rlim_max = res_add;
3268 ++
3269 ++ /* only log the subject filename, since resource logging is supported for
3270 ++ single-subject learning only */
3271 ++ rcu_read_lock();
3272 ++ cred = __task_cred(task);
3273 ++ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
3274 ++ task->role->roletype, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), acl->filename,
3275 ++ acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max,
3276 ++ "", (unsigned long) res, &task->signal->saved_ip);
3277 ++ rcu_read_unlock();
3278 + }
3279 +
3280 -+ return retval;
3281 ++ return;
3282 +}
3283 ++EXPORT_SYMBOL(gr_learn_resource);
3284 ++#endif
3285 +
3286 -+__u32
3287 -+gr_check_link(const struct dentry * new_dentry,
3288 -+ const struct dentry * parent_dentry,
3289 -+ const struct vfsmount * parent_mnt,
3290 -+ const struct dentry * old_dentry, const struct vfsmount * old_mnt)
3291 ++#if defined(CONFIG_PAX_HAVE_ACL_FLAGS) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
3292 ++void
3293 ++pax_set_initial_flags(struct linux_binprm *bprm)
3294 +{
3295 -+ struct acl_object_label *obj;
3296 -+ __u32 oldmode, newmode;
3297 -+ __u32 needmode;
3298 -+ __u32 checkmodes = GR_FIND | GR_APPEND | GR_WRITE | GR_EXEC | GR_SETID | GR_READ |
3299 -+ GR_DELETE | GR_INHERIT;
3300 -+
3301 -+ if (unlikely(!(gr_status & GR_READY)))
3302 -+ return (GR_CREATE | GR_LINK);
3303 -+
3304 -+ obj = chk_obj_label(old_dentry, old_mnt, current->acl);
3305 -+ oldmode = obj->mode;
3306 ++ struct task_struct *task = current;
3307 ++ struct acl_subject_label *proc;
3308 ++ unsigned long flags;
3309 +
3310 -+ obj = gr_get_create_object(new_dentry, parent_dentry, parent_mnt);
3311 -+ newmode = obj->mode;
3312 ++ if (unlikely(!(gr_status & GR_READY)))
3313 ++ return;
3314 +
3315 -+ needmode = newmode & checkmodes;
3316 ++ flags = pax_get_flags(task);
3317 +
3318 -+ // old name for hardlink must have at least the permissions of the new name
3319 -+ if ((oldmode & needmode) != needmode)
3320 -+ goto bad;
3321 ++ proc = task->acl;
3322 +
3323 -+ // if old name had restrictions/auditing, make sure the new name does as well
3324 -+ needmode = oldmode & (GR_NOPTRACE | GR_PTRACERD | GR_INHERIT | GR_AUDITS);
3325 ++ if (proc->pax_flags & GR_PAX_DISABLE_PAGEEXEC)
3326 ++ flags &= ~MF_PAX_PAGEEXEC;
3327 ++ if (proc->pax_flags & GR_PAX_DISABLE_SEGMEXEC)
3328 ++ flags &= ~MF_PAX_SEGMEXEC;
3329 ++ if (proc->pax_flags & GR_PAX_DISABLE_RANDMMAP)
3330 ++ flags &= ~MF_PAX_RANDMMAP;
3331 ++ if (proc->pax_flags & GR_PAX_DISABLE_EMUTRAMP)
3332 ++ flags &= ~MF_PAX_EMUTRAMP;
3333 ++ if (proc->pax_flags & GR_PAX_DISABLE_MPROTECT)
3334 ++ flags &= ~MF_PAX_MPROTECT;
3335 +
3336 -+ // don't allow hardlinking of suid/sgid/fcapped files without permission
3337 -+ if (is_privileged_binary(old_dentry))
3338 -+ needmode |= GR_SETID;
3339 ++ if (proc->pax_flags & GR_PAX_ENABLE_PAGEEXEC)
3340 ++ flags |= MF_PAX_PAGEEXEC;
3341 ++ if (proc->pax_flags & GR_PAX_ENABLE_SEGMEXEC)
3342 ++ flags |= MF_PAX_SEGMEXEC;
3343 ++ if (proc->pax_flags & GR_PAX_ENABLE_RANDMMAP)
3344 ++ flags |= MF_PAX_RANDMMAP;
3345 ++ if (proc->pax_flags & GR_PAX_ENABLE_EMUTRAMP)
3346 ++ flags |= MF_PAX_EMUTRAMP;
3347 ++ if (proc->pax_flags & GR_PAX_ENABLE_MPROTECT)
3348 ++ flags |= MF_PAX_MPROTECT;
3349 +
3350 -+ if ((newmode & needmode) != needmode)
3351 -+ goto bad;
3352 ++ pax_set_flags(task, flags);
3353 +
3354 -+ // enforce minimum permissions
3355 -+ if ((newmode & (GR_CREATE | GR_LINK)) == (GR_CREATE | GR_LINK))
3356 -+ return newmode;
3357 -+bad:
3358 -+ needmode = oldmode;
3359 -+ if (is_privileged_binary(old_dentry))
3360 -+ needmode |= GR_SETID;
3361 -+
3362 -+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) {
3363 -+ gr_log_learn(old_dentry, old_mnt, needmode | GR_CREATE | GR_LINK);
3364 -+ return (GR_CREATE | GR_LINK);
3365 -+ } else if (newmode & GR_SUPPRESS)
3366 -+ return GR_SUPPRESS;
3367 -+ else
3368 -+ return 0;
3369 ++ return;
3370 +}
3371 ++#endif
3372 +
3373 +int
3374 -+gr_check_hidden_task(const struct task_struct *task)
3375 ++gr_handle_proc_ptrace(struct task_struct *task)
3376 +{
3377 ++ struct file *filp;
3378 ++ struct task_struct *tmp = task;
3379 ++ struct task_struct *curtemp = current;
3380 ++ __u32 retmode;
3381 ++
3382 ++#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
3383 + if (unlikely(!(gr_status & GR_READY)))
3384 + return 0;
3385 ++#endif
3386 +
3387 -+ if (!(task->acl->mode & GR_PROCFIND) && !(current->acl->mode & GR_VIEW))
3388 -+ return 1;
3389 -+
3390 -+ return 0;
3391 -+}
3392 ++ read_lock(&tasklist_lock);
3393 ++ read_lock(&grsec_exec_file_lock);
3394 ++ filp = task->exec_file;
3395 +
3396 -+int
3397 -+gr_check_protected_task(const struct task_struct *task)
3398 -+{
3399 -+ if (unlikely(!(gr_status & GR_READY) || !task))
3400 -+ return 0;
3401 ++ while (task_pid_nr(tmp) > 0) {
3402 ++ if (tmp == curtemp)
3403 ++ break;
3404 ++ tmp = tmp->real_parent;
3405 ++ }
3406 +
3407 -+ if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
3408 -+ task->acl != current->acl)
3409 ++ if (!filp || (task_pid_nr(tmp) == 0 && ((grsec_enable_harden_ptrace && gr_is_global_nonroot(current_uid()) && !(gr_status & GR_READY)) ||
3410 ++ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE))))) {
3411 ++ read_unlock(&grsec_exec_file_lock);
3412 ++ read_unlock(&tasklist_lock);
3413 + return 1;
3414 ++ }
3415 +
3416 -+ return 0;
3417 -+}
3418 -+
3419 -+int
3420 -+gr_check_protected_task_fowner(struct pid *pid, enum pid_type type)
3421 -+{
3422 -+ struct task_struct *p;
3423 -+ int ret = 0;
3424 -+
3425 -+ if (unlikely(!(gr_status & GR_READY) || !pid))
3426 -+ return ret;
3427 ++#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
3428 ++ if (!(gr_status & GR_READY)) {
3429 ++ read_unlock(&grsec_exec_file_lock);
3430 ++ read_unlock(&tasklist_lock);
3431 ++ return 0;
3432 ++ }
3433 ++#endif
3434 +
3435 -+ read_lock(&tasklist_lock);
3436 -+ do_each_pid_task(pid, type, p) {
3437 -+ if ((p->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
3438 -+ p->acl != current->acl) {
3439 -+ ret = 1;
3440 -+ goto out;
3441 -+ }
3442 -+ } while_each_pid_task(pid, type, p);
3443 -+out:
3444 ++ retmode = gr_search_file(filp->f_path.dentry, GR_NOPTRACE, filp->f_path.mnt);
3445 ++ read_unlock(&grsec_exec_file_lock);
3446 + read_unlock(&tasklist_lock);
3447 +
3448 -+ return ret;
3449 -+}
3450 ++ if (retmode & GR_NOPTRACE)
3451 ++ return 1;
3452 +
3453 -+void
3454 -+gr_copy_label(struct task_struct *tsk)
3455 -+{
3456 -+ tsk->signal->used_accept = 0;
3457 -+ tsk->acl_sp_role = 0;
3458 -+ tsk->acl_role_id = current->acl_role_id;
3459 -+ tsk->acl = current->acl;
3460 -+ tsk->role = current->role;
3461 -+ tsk->signal->curr_ip = current->signal->curr_ip;
3462 -+ tsk->signal->saved_ip = current->signal->saved_ip;
3463 -+ if (current->exec_file)
3464 -+ get_file(current->exec_file);
3465 -+ tsk->exec_file = current->exec_file;
3466 -+ tsk->is_writable = current->is_writable;
3467 -+ if (unlikely(current->signal->used_accept)) {
3468 -+ current->signal->curr_ip = 0;
3469 -+ current->signal->saved_ip = 0;
3470 -+ }
3471 ++ if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD)
3472 ++ && (current->acl != task->acl || (current->acl != current->role->root_label
3473 ++ && task_pid_nr(current) != task_pid_nr(task))))
3474 ++ return 1;
3475 +
3476 -+ return;
3477 ++ return 0;
3478 +}
3479 +
3480 -+static void
3481 -+gr_set_proc_res(struct task_struct *task)
3482 ++void task_grsec_rbac(struct seq_file *m, struct task_struct *p)
3483 +{
3484 -+ struct acl_subject_label *proc;
3485 -+ unsigned short i;
3486 -+
3487 -+ proc = task->acl;
3488 -+
3489 -+ if (proc->mode & (GR_LEARN | GR_INHERITLEARN))
3490 ++ if (unlikely(!(gr_status & GR_READY)))
3491 + return;
3492 +
3493 -+ for (i = 0; i < RLIM_NLIMITS; i++) {
3494 -+ if (!(proc->resmask & (1U << i)))
3495 -+ continue;
3496 -+
3497 -+ task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur;
3498 -+ task->signal->rlim[i].rlim_max = proc->res[i].rlim_max;
3499 -+
3500 -+ if (i == RLIMIT_CPU)
3501 -+ update_rlimit_cpu(task, proc->res[i].rlim_cur);
3502 -+ }
3503 ++ if (!(current->role->roletype & GR_ROLE_GOD))
3504 ++ return;
3505 +
3506 -+ return;
3507 ++ seq_printf(m, "RBAC:\t%.64s:%c:%.950s\n",
3508 ++ p->role->rolename, gr_task_roletype_to_char(p),
3509 ++ p->acl->filename);
3510 +}
3511 +
3512 -+extern int gr_process_kernel_setuid_ban(struct user_struct *user);
3513 -+
3514 +int
3515 -+gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs)
3516 ++gr_handle_ptrace(struct task_struct *task, const long request)
3517 +{
3518 -+ unsigned int i;
3519 -+ __u16 num;
3520 -+ uid_t *uidlist;
3521 -+ uid_t curuid;
3522 -+ int realok = 0;
3523 -+ int effectiveok = 0;
3524 -+ int fsok = 0;
3525 -+ uid_t globalreal, globaleffective, globalfs;
3526 ++ struct task_struct *tmp = task;
3527 ++ struct task_struct *curtemp = current;
3528 ++ __u32 retmode;
3529 +
3530 -+#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT)
3531 -+ struct user_struct *user;
3532 ++#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
3533 ++ if (unlikely(!(gr_status & GR_READY)))
3534 ++ return 0;
3535 ++#endif
3536 ++ if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
3537 ++ read_lock(&tasklist_lock);
3538 ++ while (task_pid_nr(tmp) > 0) {
3539 ++ if (tmp == curtemp)
3540 ++ break;
3541 ++ tmp = tmp->real_parent;
3542 ++ }
3543 +
3544 -+ if (!uid_valid(real))
3545 -+ goto skipit;
3546 ++ if (task_pid_nr(tmp) == 0 && ((grsec_enable_harden_ptrace && gr_is_global_nonroot(current_uid()) && !(gr_status & GR_READY)) ||
3547 ++ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) {
3548 ++ read_unlock(&tasklist_lock);
3549 ++ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
3550 ++ return 1;
3551 ++ }
3552 ++ read_unlock(&tasklist_lock);
3553 ++ }
3554 +
3555 -+ /* find user based on global namespace */
3556 ++#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
3557 ++ if (!(gr_status & GR_READY))
3558 ++ return 0;
3559 ++#endif
3560 +
3561 -+ globalreal = GR_GLOBAL_UID(real);
3562 ++ read_lock(&grsec_exec_file_lock);
3563 ++ if (unlikely(!task->exec_file)) {
3564 ++ read_unlock(&grsec_exec_file_lock);
3565 ++ return 0;
3566 ++ }
3567 +
3568 -+ user = find_user(make_kuid(&init_user_ns, globalreal));
3569 -+ if (user == NULL)
3570 -+ goto skipit;
3571 ++ retmode = gr_search_file(task->exec_file->f_path.dentry, GR_PTRACERD | GR_NOPTRACE, task->exec_file->f_path.mnt);
3572 ++ read_unlock(&grsec_exec_file_lock);
3573 +
3574 -+ if (gr_process_kernel_setuid_ban(user)) {
3575 -+ /* for find_user */
3576 -+ free_uid(user);
3577 ++ if (retmode & GR_NOPTRACE) {
3578 ++ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
3579 ++ return 1;
3580 ++ }
3581 ++
3582 ++ if (retmode & GR_PTRACERD) {
3583 ++ switch (request) {
3584 ++ case PTRACE_SEIZE:
3585 ++ case PTRACE_POKETEXT:
3586 ++ case PTRACE_POKEDATA:
3587 ++ case PTRACE_POKEUSR:
3588 ++#if !defined(CONFIG_PPC32) && !defined(CONFIG_PPC64) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA) && !defined(CONFIG_IA64)
3589 ++ case PTRACE_SETREGS:
3590 ++ case PTRACE_SETFPREGS:
3591 ++#endif
3592 ++#ifdef CONFIG_X86
3593 ++ case PTRACE_SETFPXREGS:
3594 ++#endif
3595 ++#ifdef CONFIG_ALTIVEC
3596 ++ case PTRACE_SETVRREGS:
3597 ++#endif
3598 ++ return 1;
3599 ++ default:
3600 ++ return 0;
3601 ++ }
3602 ++ } else if (!(current->acl->mode & GR_POVERRIDE) &&
3603 ++ !(current->role->roletype & GR_ROLE_GOD) &&
3604 ++ (current->acl != task->acl)) {
3605 ++ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
3606 + return 1;
3607 + }
3608 +
3609 -+ /* for find_user */
3610 -+ free_uid(user);
3611 ++ return 0;
3612 ++}
3613 +
3614 -+skipit:
3615 -+#endif
3616 ++static int is_writable_mmap(const struct file *filp)
3617 ++{
3618 ++ struct task_struct *task = current;
3619 ++ struct acl_object_label *obj, *obj2;
3620 +
3621 -+ if (unlikely(!(gr_status & GR_READY)))
3622 -+ return 0;
3623 ++ if (gr_status & GR_READY && !(task->acl->mode & GR_OVERRIDE) &&
3624 ++ !task->is_writable && S_ISREG(filp->f_path.dentry->d_inode->i_mode) && (filp->f_path.mnt != shm_mnt || (filp->f_path.dentry->d_inode->i_nlink > 0))) {
3625 ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, running_polstate.default_role->root_label);
3626 ++ obj2 = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt,
3627 ++ task->role->root_label);
3628 ++ if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) {
3629 ++ gr_log_fs_generic(GR_DONT_AUDIT, GR_WRITLIB_ACL_MSG, filp->f_path.dentry, filp->f_path.mnt);
3630 ++ return 1;
3631 ++ }
3632 ++ }
3633 ++ return 0;
3634 ++}
3635 +
3636 -+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
3637 -+ gr_log_learn_uid_change(real, effective, fs);
3638 ++int
3639 ++gr_acl_handle_mmap(const struct file *file, const unsigned long prot)
3640 ++{
3641 ++ __u32 mode;
3642 +
3643 -+ num = current->acl->user_trans_num;
3644 -+ uidlist = current->acl->user_transitions;
3645 ++ if (unlikely(!file || !(prot & PROT_EXEC)))
3646 ++ return 1;
3647 +
3648 -+ if (uidlist == NULL)
3649 ++ if (is_writable_mmap(file))
3650 + return 0;
3651 +
3652 -+ if (!uid_valid(real)) {
3653 -+ realok = 1;
3654 -+ globalreal = (uid_t)-1;
3655 -+ } else {
3656 -+ globalreal = GR_GLOBAL_UID(real);
3657 -+ }
3658 -+ if (!uid_valid(effective)) {
3659 -+ effectiveok = 1;
3660 -+ globaleffective = (uid_t)-1;
3661 -+ } else {
3662 -+ globaleffective = GR_GLOBAL_UID(effective);
3663 -+ }
3664 -+ if (!uid_valid(fs)) {
3665 -+ fsok = 1;
3666 -+ globalfs = (uid_t)-1;
3667 -+ } else {
3668 -+ globalfs = GR_GLOBAL_UID(fs);
3669 -+ }
3670 ++ mode =
3671 ++ gr_search_file(file->f_path.dentry,
3672 ++ GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
3673 ++ file->f_path.mnt);
3674 +
3675 -+ if (current->acl->user_trans_type & GR_ID_ALLOW) {
3676 -+ for (i = 0; i < num; i++) {
3677 -+ curuid = uidlist[i];
3678 -+ if (globalreal == curuid)
3679 -+ realok = 1;
3680 -+ if (globaleffective == curuid)
3681 -+ effectiveok = 1;
3682 -+ if (globalfs == curuid)
3683 -+ fsok = 1;
3684 -+ }
3685 -+ } else if (current->acl->user_trans_type & GR_ID_DENY) {
3686 -+ for (i = 0; i < num; i++) {
3687 -+ curuid = uidlist[i];
3688 -+ if (globalreal == curuid)
3689 -+ break;
3690 -+ if (globaleffective == curuid)
3691 -+ break;
3692 -+ if (globalfs == curuid)
3693 -+ break;
3694 -+ }
3695 -+ /* not in deny list */
3696 -+ if (i == num) {
3697 -+ realok = 1;
3698 -+ effectiveok = 1;
3699 -+ fsok = 1;
3700 -+ }
3701 -+ }
3702 ++ if (!gr_tpe_allow(file))
3703 ++ return 0;
3704 +
3705 -+ if (realok && effectiveok && fsok)
3706 ++ if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
3707 ++ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
3708 + return 0;
3709 -+ else {
3710 -+ gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : globalfs) : globaleffective) : globalreal);
3711 ++ } else if (unlikely(!(mode & GR_EXEC))) {
3712 ++ return 0;
3713 ++ } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
3714 ++ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
3715 + return 1;
3716 + }
3717 ++
3718 ++ return 1;
3719 +}
3720 +
3721 +int
3722 -+gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs)
3723 ++gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
3724 +{
3725 -+ unsigned int i;
3726 -+ __u16 num;
3727 -+ gid_t *gidlist;
3728 -+ gid_t curgid;
3729 -+ int realok = 0;
3730 -+ int effectiveok = 0;
3731 -+ int fsok = 0;
3732 -+ gid_t globalreal, globaleffective, globalfs;
3733 -+
3734 -+ if (unlikely(!(gr_status & GR_READY)))
3735 -+ return 0;
3736 -+
3737 -+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
3738 -+ gr_log_learn_gid_change(real, effective, fs);
3739 ++ __u32 mode;
3740 +
3741 -+ num = current->acl->group_trans_num;
3742 -+ gidlist = current->acl->group_transitions;
3743 ++ if (unlikely(!file || !(prot & PROT_EXEC)))
3744 ++ return 1;
3745 +
3746 -+ if (gidlist == NULL)
3747 ++ if (is_writable_mmap(file))
3748 + return 0;
3749 +
3750 -+ if (!gid_valid(real)) {
3751 -+ realok = 1;
3752 -+ globalreal = (gid_t)-1;
3753 -+ } else {
3754 -+ globalreal = GR_GLOBAL_GID(real);
3755 -+ }
3756 -+ if (!gid_valid(effective)) {
3757 -+ effectiveok = 1;
3758 -+ globaleffective = (gid_t)-1;
3759 -+ } else {
3760 -+ globaleffective = GR_GLOBAL_GID(effective);
3761 -+ }
3762 -+ if (!gid_valid(fs)) {
3763 -+ fsok = 1;
3764 -+ globalfs = (gid_t)-1;
3765 -+ } else {
3766 -+ globalfs = GR_GLOBAL_GID(fs);
3767 -+ }
3768 ++ mode =
3769 ++ gr_search_file(file->f_path.dentry,
3770 ++ GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
3771 ++ file->f_path.mnt);
3772 +
3773 -+ if (current->acl->group_trans_type & GR_ID_ALLOW) {
3774 -+ for (i = 0; i < num; i++) {
3775 -+ curgid = gidlist[i];
3776 -+ if (globalreal == curgid)
3777 -+ realok = 1;
3778 -+ if (globaleffective == curgid)
3779 -+ effectiveok = 1;
3780 -+ if (globalfs == curgid)
3781 -+ fsok = 1;
3782 -+ }
3783 -+ } else if (current->acl->group_trans_type & GR_ID_DENY) {
3784 -+ for (i = 0; i < num; i++) {
3785 -+ curgid = gidlist[i];
3786 -+ if (globalreal == curgid)
3787 -+ break;
3788 -+ if (globaleffective == curgid)
3789 -+ break;
3790 -+ if (globalfs == curgid)
3791 -+ break;
3792 -+ }
3793 -+ /* not in deny list */
3794 -+ if (i == num) {
3795 -+ realok = 1;
3796 -+ effectiveok = 1;
3797 -+ fsok = 1;
3798 -+ }
3799 -+ }
3800 ++ if (!gr_tpe_allow(file))
3801 ++ return 0;
3802 +
3803 -+ if (realok && effectiveok && fsok)
3804 ++ if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
3805 ++ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
3806 + return 0;
3807 -+ else {
3808 -+ gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : globalfs) : globaleffective) : globalreal);
3809 ++ } else if (unlikely(!(mode & GR_EXEC))) {
3810 ++ return 0;
3811 ++ } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
3812 ++ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
3813 + return 1;
3814 + }
3815 -+}
3816 +
3817 -+extern int gr_acl_is_capable(const int cap);
3818 ++ return 1;
3819 ++}
3820 +
3821 +void
3822 -+gr_set_role_label(struct task_struct *task, const kuid_t kuid, const kgid_t kgid)
3823 ++gr_acl_handle_psacct(struct task_struct *task, const long code)
3824 +{
3825 -+ struct acl_role_label *role = task->role;
3826 -+ struct acl_subject_label *subj = NULL;
3827 -+ struct acl_object_label *obj;
3828 -+ struct file *filp;
3829 -+ uid_t uid;
3830 -+ gid_t gid;
3831 ++ unsigned long runtime;
3832 ++ unsigned long cputime;
3833 ++ unsigned int wday, cday;
3834 ++ __u8 whr, chr;
3835 ++ __u8 wmin, cmin;
3836 ++ __u8 wsec, csec;
3837 ++ struct timespec timeval;
3838 +
3839 -+ if (unlikely(!(gr_status & GR_READY)))
3840 ++ if (unlikely(!(gr_status & GR_READY) || !task->acl ||
3841 ++ !(task->acl->mode & GR_PROCACCT)))
3842 + return;
3843 +
3844 -+ uid = GR_GLOBAL_UID(kuid);
3845 -+ gid = GR_GLOBAL_GID(kgid);
3846 ++ do_posix_clock_monotonic_gettime(&timeval);
3847 ++ runtime = timeval.tv_sec - task->start_time.tv_sec;
3848 ++ wday = runtime / (3600 * 24);
3849 ++ runtime -= wday * (3600 * 24);
3850 ++ whr = runtime / 3600;
3851 ++ runtime -= whr * 3600;
3852 ++ wmin = runtime / 60;
3853 ++ runtime -= wmin * 60;
3854 ++ wsec = runtime;
3855 +
3856 -+ filp = task->exec_file;
3857 ++ cputime = (task->utime + task->stime) / HZ;
3858 ++ cday = cputime / (3600 * 24);
3859 ++ cputime -= cday * (3600 * 24);
3860 ++ chr = cputime / 3600;
3861 ++ cputime -= chr * 3600;
3862 ++ cmin = cputime / 60;
3863 ++ cputime -= cmin * 60;
3864 ++ csec = cputime;
3865 +
3866 -+ /* kernel process, we'll give them the kernel role */
3867 -+ if (unlikely(!filp)) {
3868 -+ task->role = kernel_role;
3869 -+ task->acl = kernel_role->root_label;
3870 -+ return;
3871 -+ } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL))
3872 -+ role = lookup_acl_role_label(task, uid, gid);
3873 ++ gr_log_procacct(GR_DO_AUDIT, GR_ACL_PROCACCT_MSG, task, wday, whr, wmin, wsec, cday, chr, cmin, csec, code);
3874 +
3875 -+ /* don't change the role if we're not a privileged process */
3876 -+ if (role && task->role != role &&
3877 -+ (((role->roletype & GR_ROLE_USER) && !gr_acl_is_capable(CAP_SETUID)) ||
3878 -+ ((role->roletype & GR_ROLE_GROUP) && !gr_acl_is_capable(CAP_SETGID))))
3879 -+ return;
3880 ++ return;
3881 ++}
3882 +
3883 -+ /* perform subject lookup in possibly new role
3884 -+ we can use this result below in the case where role == task->role
3885 -+ */
3886 -+ subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role);
3887 ++#ifdef CONFIG_TASKSTATS
3888 ++int gr_is_taskstats_denied(int pid)
3889 ++{
3890 ++ struct task_struct *task;
3891 ++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
3892 ++ const struct cred *cred;
3893 ++#endif
3894 ++ int ret = 0;
3895 +
3896 -+ /* if we changed uid/gid, but result in the same role
3897 -+ and are using inheritance, don't lose the inherited subject
3898 -+ if current subject is other than what normal lookup
3899 -+ would result in, we arrived via inheritance, don't
3900 -+ lose subject
3901 ++ /* restrict taskstats viewing to un-chrooted root users
3902 ++ who have the 'view' subject flag if the RBAC system is enabled
3903 + */
3904 -+ if (role != task->role || (!(task->acl->mode & GR_INHERITLEARN) &&
3905 -+ (subj == task->acl)))
3906 -+ task->acl = subj;
3907 -+
3908 -+ task->role = role;
3909 +
3910 -+ task->is_writable = 0;
3911 ++ rcu_read_lock();
3912 ++ read_lock(&tasklist_lock);
3913 ++ task = find_task_by_vpid(pid);
3914 ++ if (task) {
3915 ++#ifdef CONFIG_GRKERNSEC_CHROOT
3916 ++ if (proc_is_chrooted(task))
3917 ++ ret = -EACCES;
3918 ++#endif
3919 ++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
3920 ++ cred = __task_cred(task);
3921 ++#ifdef CONFIG_GRKERNSEC_PROC_USER
3922 ++ if (gr_is_global_nonroot(cred->uid))
3923 ++ ret = -EACCES;
3924 ++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
3925 ++ if (gr_is_global_nonroot(cred->uid) && !groups_search(cred->group_info, grsec_proc_gid))
3926 ++ ret = -EACCES;
3927 ++#endif
3928 ++#endif
3929 ++ if (gr_status & GR_READY) {
3930 ++ if (!(task->acl->mode & GR_VIEW))
3931 ++ ret = -EACCES;
3932 ++ }
3933 ++ } else
3934 ++ ret = -ENOENT;
3935 +
3936 -+ /* ignore additional mmap checks for processes that are writable
3937 -+ by the default ACL */
3938 -+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
3939 -+ if (unlikely(obj->mode & GR_WRITE))
3940 -+ task->is_writable = 1;
3941 -+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
3942 -+ if (unlikely(obj->mode & GR_WRITE))
3943 -+ task->is_writable = 1;
3944 ++ read_unlock(&tasklist_lock);
3945 ++ rcu_read_unlock();
3946 +
3947 -+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
3948 -+ printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename);
3949 ++ return ret;
3950 ++}
3951 +#endif
3952 +
3953 -+ gr_set_proc_res(task);
3954 ++/* AUXV entries are filled via a descendant of search_binary_handler
3955 ++ after we've already applied the subject for the target
3956 ++*/
3957 ++int gr_acl_enable_at_secure(void)
3958 ++{
3959 ++ if (unlikely(!(gr_status & GR_READY)))
3960 ++ return 0;
3961 +
3962 -+ return;
3963 -+}
3964 ++ if (current->acl->mode & GR_ATSECURE)
3965 ++ return 1;
3966 +
3967 -+int
3968 -+gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
3969 -+ const int unsafe_flags)
3970 ++ return 0;
3971 ++}
3972 ++
3973 ++int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino)
3974 +{
3975 + struct task_struct *task = current;
3976 -+ struct acl_subject_label *newacl;
3977 -+ struct acl_object_label *obj;
3978 -+ __u32 retmode;
3979 ++ struct dentry *dentry = file->f_path.dentry;
3980 ++ struct vfsmount *mnt = file->f_path.mnt;
3981 ++ struct acl_object_label *obj, *tmp;
3982 ++ struct acl_subject_label *subj;
3983 ++ unsigned int bufsize;
3984 ++ int is_not_root;
3985 ++ char *path;
3986 ++ dev_t dev = __get_dev(dentry);
3987 +
3988 + if (unlikely(!(gr_status & GR_READY)))
3989 -+ return 0;
3990 -+
3991 -+ newacl = chk_subj_label(dentry, mnt, task->role);
3992 ++ return 1;
3993 +
3994 -+ /* special handling for if we did an strace -f -p <pid> from an admin role, where pid then
3995 -+ did an exec
3996 -+ */
3997 -+ rcu_read_lock();
3998 -+ read_lock(&tasklist_lock);
3999 -+ if (task->ptrace && task->parent && ((task->parent->role->roletype & GR_ROLE_GOD) ||
4000 -+ (task->parent->acl->mode & GR_POVERRIDE))) {
4001 -+ read_unlock(&tasklist_lock);
4002 -+ rcu_read_unlock();
4003 -+ goto skip_check;
4004 -+ }
4005 -+ read_unlock(&tasklist_lock);
4006 -+ rcu_read_unlock();
4007 ++ if (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))
4008 ++ return 1;
4009 +
4010 -+ if (unsafe_flags && !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) &&
4011 -+ !(task->role->roletype & GR_ROLE_GOD) &&
4012 -+ !gr_search_file(dentry, GR_PTRACERD, mnt) &&
4013 -+ !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN))) {
4014 -+ if (unsafe_flags & LSM_UNSAFE_SHARE)
4015 -+ gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt);
4016 -+ else
4017 -+ gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt);
4018 -+ return -EACCES;
4019 -+ }
4020 ++ /* ignore Eric Biederman */
4021 ++ if (IS_PRIVATE(dentry->d_inode))
4022 ++ return 1;
4023 +
4024 -+skip_check:
4025 ++ subj = task->acl;
4026 ++ read_lock(&gr_inode_lock);
4027 ++ do {
4028 ++ obj = lookup_acl_obj_label(ino, dev, subj);
4029 ++ if (obj != NULL) {
4030 ++ read_unlock(&gr_inode_lock);
4031 ++ return (obj->mode & GR_FIND) ? 1 : 0;
4032 ++ }
4033 ++ } while ((subj = subj->parent_subject));
4034 ++ read_unlock(&gr_inode_lock);
4035 ++
4036 ++ /* this is purely an optimization since we're looking for an object
4037 ++ for the directory we're doing a readdir on
4038 ++ if it's possible for any globbed object to match the entry we're
4039 ++ filling into the directory, then the object we find here will be
4040 ++ an anchor point with attached globbed objects
4041 ++ */
4042 ++ obj = chk_obj_label_noglob(dentry, mnt, task->acl);
4043 ++ if (obj->globbed == NULL)
4044 ++ return (obj->mode & GR_FIND) ? 1 : 0;
4045 +
4046 -+ obj = chk_obj_label(dentry, mnt, task->acl);
4047 -+ retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
4048 ++ is_not_root = ((obj->filename[0] == '/') &&
4049 ++ (obj->filename[1] == '\0')) ? 0 : 1;
4050 ++ bufsize = PAGE_SIZE - namelen - is_not_root;
4051 +
4052 -+ if (!(task->acl->mode & GR_INHERITLEARN) &&
4053 -+ ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT))) {
4054 -+ if (obj->nested)
4055 -+ task->acl = obj->nested;
4056 -+ else
4057 -+ task->acl = newacl;
4058 -+ } else if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT)
4059 -+ gr_log_str_fs(GR_DO_AUDIT, GR_INHERIT_ACL_MSG, task->acl->filename, dentry, mnt);
4060 ++ /* check bufsize > PAGE_SIZE || bufsize == 0 */
4061 ++ if (unlikely((bufsize - 1) > (PAGE_SIZE - 1)))
4062 ++ return 1;
4063 +
4064 -+ task->is_writable = 0;
4065 ++ preempt_disable();
4066 ++ path = d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
4067 ++ bufsize);
4068 +
4069 -+ /* ignore additional mmap checks for processes that are writable
4070 -+ by the default ACL */
4071 -+ obj = chk_obj_label(dentry, mnt, default_role->root_label);
4072 -+ if (unlikely(obj->mode & GR_WRITE))
4073 -+ task->is_writable = 1;
4074 -+ obj = chk_obj_label(dentry, mnt, task->role->root_label);
4075 -+ if (unlikely(obj->mode & GR_WRITE))
4076 -+ task->is_writable = 1;
4077 ++ bufsize = strlen(path);
4078 +
4079 -+ gr_set_proc_res(task);
4080 ++ /* if base is "/", don't append an additional slash */
4081 ++ if (is_not_root)
4082 ++ *(path + bufsize) = '/';
4083 ++ memcpy(path + bufsize + is_not_root, name, namelen);
4084 ++ *(path + bufsize + namelen + is_not_root) = '\0';
4085 +
4086 -+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
4087 -+ printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename);
4088 -+#endif
4089 -+ return 0;
4090 ++ tmp = obj->globbed;
4091 ++ while (tmp) {
4092 ++ if (!glob_match(tmp->filename, path)) {
4093 ++ preempt_enable();
4094 ++ return (tmp->mode & GR_FIND) ? 1 : 0;
4095 ++ }
4096 ++ tmp = tmp->next;
4097 ++ }
4098 ++ preempt_enable();
4099 ++ return (obj->mode & GR_FIND) ? 1 : 0;
4100 +}
4101 +
4102 -+/* always called with valid inodev ptr */
4103 -+static void
4104 -+do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev)
4105 ++void gr_put_exec_file(struct task_struct *task)
4106 +{
4107 -+ struct acl_object_label *matchpo;
4108 -+ struct acl_subject_label *matchps;
4109 -+ struct acl_subject_label *subj;
4110 -+ struct acl_role_label *role;
4111 -+ unsigned int x;
4112 ++ struct file *filp;
4113 +
4114 -+ FOR_EACH_ROLE_START(role)
4115 -+ FOR_EACH_SUBJECT_START(role, subj, x)
4116 -+ if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
4117 -+ matchpo->mode |= GR_DELETED;
4118 -+ FOR_EACH_SUBJECT_END(subj,x)
4119 -+ FOR_EACH_NESTED_SUBJECT_START(role, subj)
4120 -+ /* nested subjects aren't in the role's subj_hash table */
4121 -+ if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
4122 -+ matchpo->mode |= GR_DELETED;
4123 -+ FOR_EACH_NESTED_SUBJECT_END(subj)
4124 -+ if ((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL)
4125 -+ matchps->mode |= GR_DELETED;
4126 -+ FOR_EACH_ROLE_END(role)
4127 ++ write_lock(&grsec_exec_file_lock);
4128 ++ filp = task->exec_file;
4129 ++ task->exec_file = NULL;
4130 ++ write_unlock(&grsec_exec_file_lock);
4131 +
4132 -+ inodev->nentry->deleted = 1;
4133 ++ if (filp)
4134 ++ fput(filp);
4135 +
4136 + return;
4137 +}
4138 +
4139 -+void
4140 -+gr_handle_delete(const ino_t ino, const dev_t dev)
4141 -+{
4142 -+ struct inodev_entry *inodev;
4143 +
4144 -+ if (unlikely(!(gr_status & GR_READY)))
4145 -+ return;
4146 ++#ifdef CONFIG_NETFILTER_XT_MATCH_GRADM_MODULE
4147 ++EXPORT_SYMBOL(gr_acl_is_enabled);
4148 ++#endif
4149 ++#ifdef CONFIG_SECURITY
4150 ++EXPORT_SYMBOL(gr_check_user_change);
4151 ++EXPORT_SYMBOL(gr_check_group_change);
4152 ++#endif
4153 +
4154 -+ write_lock(&gr_inode_lock);
4155 -+ inodev = lookup_inodev_entry(ino, dev);
4156 -+ if (inodev != NULL)
4157 -+ do_handle_delete(inodev, ino, dev);
4158 -+ write_unlock(&gr_inode_lock);
4159 +diff --git a/grsecurity/gracl_alloc.c b/grsecurity/gracl_alloc.c
4160 +new file mode 100644
4161 +index 0000000..18ffbbd
4162 +--- /dev/null
4163 ++++ b/grsecurity/gracl_alloc.c
4164 +@@ -0,0 +1,105 @@
4165 ++#include <linux/kernel.h>
4166 ++#include <linux/mm.h>
4167 ++#include <linux/slab.h>
4168 ++#include <linux/vmalloc.h>
4169 ++#include <linux/gracl.h>
4170 ++#include <linux/grsecurity.h>
4171 +
4172 -+ return;
4173 -+}
4174 ++static struct gr_alloc_state __current_alloc_state = { 1, 1, NULL };
4175 ++struct gr_alloc_state *current_alloc_state = &__current_alloc_state;
4176 +
4177 -+static void
4178 -+update_acl_obj_label(const ino_t oldinode, const dev_t olddevice,
4179 -+ const ino_t newinode, const dev_t newdevice,
4180 -+ struct acl_subject_label *subj)
4181 ++static __inline__ int
4182 ++alloc_pop(void)
4183 +{
4184 -+ unsigned int index = gr_fhash(oldinode, olddevice, subj->obj_hash_size);
4185 -+ struct acl_object_label *match;
4186 -+
4187 -+ match = subj->obj_hash[index];
4188 -+
4189 -+ while (match && (match->inode != oldinode ||
4190 -+ match->device != olddevice ||
4191 -+ !(match->mode & GR_DELETED)))
4192 -+ match = match->next;
4193 ++ if (current_alloc_state->alloc_stack_next == 1)
4194 ++ return 0;
4195 +
4196 -+ if (match && (match->inode == oldinode)
4197 -+ && (match->device == olddevice)
4198 -+ && (match->mode & GR_DELETED)) {
4199 -+ if (match->prev == NULL) {
4200 -+ subj->obj_hash[index] = match->next;
4201 -+ if (match->next != NULL)
4202 -+ match->next->prev = NULL;
4203 -+ } else {
4204 -+ match->prev->next = match->next;
4205 -+ if (match->next != NULL)
4206 -+ match->next->prev = match->prev;
4207 -+ }
4208 -+ match->prev = NULL;
4209 -+ match->next = NULL;
4210 -+ match->inode = newinode;
4211 -+ match->device = newdevice;
4212 -+ match->mode &= ~GR_DELETED;
4213 ++ kfree(current_alloc_state->alloc_stack[current_alloc_state->alloc_stack_next - 2]);
4214 +
4215 -+ insert_acl_obj_label(match, subj);
4216 -+ }
4217 ++ current_alloc_state->alloc_stack_next--;
4218 +
4219 -+ return;
4220 ++ return 1;
4221 +}
4222 +
4223 -+static void
4224 -+update_acl_subj_label(const ino_t oldinode, const dev_t olddevice,
4225 -+ const ino_t newinode, const dev_t newdevice,
4226 -+ struct acl_role_label *role)
4227 ++static __inline__ int
4228 ++alloc_push(void *buf)
4229 +{
4230 -+ unsigned int index = gr_fhash(oldinode, olddevice, role->subj_hash_size);
4231 -+ struct acl_subject_label *match;
4232 -+
4233 -+ match = role->subj_hash[index];
4234 -+
4235 -+ while (match && (match->inode != oldinode ||
4236 -+ match->device != olddevice ||
4237 -+ !(match->mode & GR_DELETED)))
4238 -+ match = match->next;
4239 ++ if (current_alloc_state->alloc_stack_next >= current_alloc_state->alloc_stack_size)
4240 ++ return 1;
4241 +
4242 -+ if (match && (match->inode == oldinode)
4243 -+ && (match->device == olddevice)
4244 -+ && (match->mode & GR_DELETED)) {
4245 -+ if (match->prev == NULL) {
4246 -+ role->subj_hash[index] = match->next;
4247 -+ if (match->next != NULL)
4248 -+ match->next->prev = NULL;
4249 -+ } else {
4250 -+ match->prev->next = match->next;
4251 -+ if (match->next != NULL)
4252 -+ match->next->prev = match->prev;
4253 -+ }
4254 -+ match->prev = NULL;
4255 -+ match->next = NULL;
4256 -+ match->inode = newinode;
4257 -+ match->device = newdevice;
4258 -+ match->mode &= ~GR_DELETED;
4259 ++ current_alloc_state->alloc_stack[current_alloc_state->alloc_stack_next - 1] = buf;
4260 +
4261 -+ insert_acl_subj_label(match, role);
4262 -+ }
4263 ++ current_alloc_state->alloc_stack_next++;
4264 +
4265 -+ return;
4266 ++ return 0;
4267 +}
4268 +
4269 -+static void
4270 -+update_inodev_entry(const ino_t oldinode, const dev_t olddevice,
4271 -+ const ino_t newinode, const dev_t newdevice)
4272 ++void *
4273 ++acl_alloc(unsigned long len)
4274 +{
4275 -+ unsigned int index = gr_fhash(oldinode, olddevice, inodev_set.i_size);
4276 -+ struct inodev_entry *match;
4277 ++ void *ret = NULL;
4278 +
4279 -+ match = inodev_set.i_hash[index];
4280 ++ if (!len || len > PAGE_SIZE)
4281 ++ goto out;
4282 +
4283 -+ while (match && (match->nentry->inode != oldinode ||
4284 -+ match->nentry->device != olddevice || !match->nentry->deleted))
4285 -+ match = match->next;
4286 ++ ret = kmalloc(len, GFP_KERNEL);
4287 +
4288 -+ if (match && (match->nentry->inode == oldinode)
4289 -+ && (match->nentry->device == olddevice) &&
4290 -+ match->nentry->deleted) {
4291 -+ if (match->prev == NULL) {
4292 -+ inodev_set.i_hash[index] = match->next;
4293 -+ if (match->next != NULL)
4294 -+ match->next->prev = NULL;
4295 -+ } else {
4296 -+ match->prev->next = match->next;
4297 -+ if (match->next != NULL)
4298 -+ match->next->prev = match->prev;
4299 ++ if (ret) {
4300 ++ if (alloc_push(ret)) {
4301 ++ kfree(ret);
4302 ++ ret = NULL;
4303 + }
4304 -+ match->prev = NULL;
4305 -+ match->next = NULL;
4306 -+ match->nentry->inode = newinode;
4307 -+ match->nentry->device = newdevice;
4308 -+ match->nentry->deleted = 0;
4309 -+
4310 -+ insert_inodev_entry(match);
4311 + }
4312 +
4313 -+ return;
4314 -+}
4315 -+
4316 -+static void
4317 -+__do_handle_create(const struct name_entry *matchn, ino_t ino, dev_t dev)
4318 -+{
4319 -+ struct acl_subject_label *subj;
4320 -+ struct acl_role_label *role;
4321 -+ unsigned int x;
4322 -+
4323 -+ FOR_EACH_ROLE_START(role)
4324 -+ update_acl_subj_label(matchn->inode, matchn->device, ino, dev, role);
4325 -+
4326 -+ FOR_EACH_NESTED_SUBJECT_START(role, subj)
4327 -+ if ((subj->inode == ino) && (subj->device == dev)) {
4328 -+ subj->inode = ino;
4329 -+ subj->device = dev;
4330 -+ }
4331 -+ /* nested subjects aren't in the role's subj_hash table */
4332 -+ update_acl_obj_label(matchn->inode, matchn->device,
4333 -+ ino, dev, subj);
4334 -+ FOR_EACH_NESTED_SUBJECT_END(subj)
4335 -+ FOR_EACH_SUBJECT_START(role, subj, x)
4336 -+ update_acl_obj_label(matchn->inode, matchn->device,
4337 -+ ino, dev, subj);
4338 -+ FOR_EACH_SUBJECT_END(subj,x)
4339 -+ FOR_EACH_ROLE_END(role)
4340 -+
4341 -+ update_inodev_entry(matchn->inode, matchn->device, ino, dev);
4342 -+
4343 -+ return;
4344 ++out:
4345 ++ return ret;
4346 +}
4347 +
4348 -+static void
4349 -+do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
4350 -+ const struct vfsmount *mnt)
4351 ++void *
4352 ++acl_alloc_num(unsigned long num, unsigned long len)
4353 +{
4354 -+ ino_t ino = dentry->d_inode->i_ino;
4355 -+ dev_t dev = __get_dev(dentry);
4356 -+
4357 -+ __do_handle_create(matchn, ino, dev);
4358 ++ if (!len || (num > (PAGE_SIZE / len)))
4359 ++ return NULL;
4360 +
4361 -+ return;
4362 ++ return acl_alloc(num * len);
4363 +}
4364 +
4365 +void
4366 -+gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
4367 ++acl_free_all(void)
4368 +{
4369 -+ struct name_entry *matchn;
4370 -+
4371 -+ if (unlikely(!(gr_status & GR_READY)))
4372 ++ if (!current_alloc_state->alloc_stack)
4373 + return;
4374 +
4375 -+ preempt_disable();
4376 -+ matchn = lookup_name_entry(gr_to_filename_rbac(dentry, mnt));
4377 ++ while (alloc_pop()) ;
4378 +
4379 -+ if (unlikely((unsigned long)matchn)) {
4380 -+ write_lock(&gr_inode_lock);
4381 -+ do_handle_create(matchn, dentry, mnt);
4382 -+ write_unlock(&gr_inode_lock);
4383 ++ if (current_alloc_state->alloc_stack) {
4384 ++ if ((current_alloc_state->alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
4385 ++ kfree(current_alloc_state->alloc_stack);
4386 ++ else
4387 ++ vfree(current_alloc_state->alloc_stack);
4388 + }
4389 -+ preempt_enable();
4390 ++
4391 ++ current_alloc_state->alloc_stack = NULL;
4392 ++ current_alloc_state->alloc_stack_size = 1;
4393 ++ current_alloc_state->alloc_stack_next = 1;
4394 +
4395 + return;
4396 +}
4397 +
4398 -+void
4399 -+gr_handle_proc_create(const struct dentry *dentry, const struct inode *inode)
4400 ++int
4401 ++acl_alloc_stack_init(unsigned long size)
4402 +{
4403 -+ struct name_entry *matchn;
4404 -+
4405 -+ if (unlikely(!(gr_status & GR_READY)))
4406 -+ return;
4407 -+
4408 -+ preempt_disable();
4409 -+ matchn = lookup_name_entry(gr_to_proc_filename_rbac(dentry, init_pid_ns.proc_mnt));
4410 ++ if ((size * sizeof (void *)) <= PAGE_SIZE)
4411 ++ current_alloc_state->alloc_stack =
4412 ++ (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
4413 ++ else
4414 ++ current_alloc_state->alloc_stack = (void **) vmalloc(size * sizeof (void *));
4415 +
4416 -+ if (unlikely((unsigned long)matchn)) {
4417 -+ write_lock(&gr_inode_lock);
4418 -+ __do_handle_create(matchn, inode->i_ino, inode->i_sb->s_dev);
4419 -+ write_unlock(&gr_inode_lock);
4420 -+ }
4421 -+ preempt_enable();
4422 ++ current_alloc_state->alloc_stack_size = size;
4423 ++ current_alloc_state->alloc_stack_next = 1;
4424 +
4425 -+ return;
4426 ++ if (!current_alloc_state->alloc_stack)
4427 ++ return 0;
4428 ++ else
4429 ++ return 1;
4430 +}
4431 +diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c
4432 +new file mode 100644
4433 +index 0000000..bdd51ea
4434 +--- /dev/null
4435 ++++ b/grsecurity/gracl_cap.c
4436 +@@ -0,0 +1,110 @@
4437 ++#include <linux/kernel.h>
4438 ++#include <linux/module.h>
4439 ++#include <linux/sched.h>
4440 ++#include <linux/gracl.h>
4441 ++#include <linux/grsecurity.h>
4442 ++#include <linux/grinternal.h>
4443 +
4444 -+void
4445 -+gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
4446 -+ struct dentry *old_dentry,
4447 -+ struct dentry *new_dentry,
4448 -+ struct vfsmount *mnt, const __u8 replace)
4449 -+{
4450 -+ struct name_entry *matchn;
4451 -+ struct inodev_entry *inodev;
4452 -+ struct inode *inode = new_dentry->d_inode;
4453 -+ ino_t old_ino = old_dentry->d_inode->i_ino;
4454 -+ dev_t old_dev = __get_dev(old_dentry);
4455 ++extern const char *captab_log[];
4456 ++extern int captab_log_entries;
4457 +
4458 -+ /* vfs_rename swaps the name and parent link for old_dentry and
4459 -+ new_dentry
4460 -+ at this point, old_dentry has the new name, parent link, and inode
4461 -+ for the renamed file
4462 -+ if a file is being replaced by a rename, new_dentry has the inode
4463 -+ and name for the replaced file
4464 -+ */
4465 ++int gr_task_acl_is_capable(const struct task_struct *task, const struct cred *cred, const int cap)
4466 ++{
4467 ++ struct acl_subject_label *curracl;
4468 ++ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
4469 ++ kernel_cap_t cap_audit = __cap_empty_set;
4470 +
4471 -+ if (unlikely(!(gr_status & GR_READY)))
4472 -+ return;
4473 ++ if (!gr_acl_is_enabled())
4474 ++ return 1;
4475 +
4476 -+ preempt_disable();
4477 -+ matchn = lookup_name_entry(gr_to_filename_rbac(old_dentry, mnt));
4478 ++ curracl = task->acl;
4479 +
4480 -+ /* we wouldn't have to check d_inode if it weren't for
4481 -+ NFS silly-renaming
4482 -+ */
4483 ++ cap_drop = curracl->cap_lower;
4484 ++ cap_mask = curracl->cap_mask;
4485 ++ cap_audit = curracl->cap_invert_audit;
4486 +
4487 -+ write_lock(&gr_inode_lock);
4488 -+ if (unlikely(replace && inode)) {
4489 -+ ino_t new_ino = inode->i_ino;
4490 -+ dev_t new_dev = __get_dev(new_dentry);
4491 ++ while ((curracl = curracl->parent_subject)) {
4492 ++ /* if the cap isn't specified in the current computed mask but is specified in the
4493 ++ current level subject, and is lowered in the current level subject, then add
4494 ++ it to the set of dropped capabilities
4495 ++ otherwise, add the current level subject's mask to the current computed mask
4496 ++ */
4497 ++ if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
4498 ++ cap_raise(cap_mask, cap);
4499 ++ if (cap_raised(curracl->cap_lower, cap))
4500 ++ cap_raise(cap_drop, cap);
4501 ++ if (cap_raised(curracl->cap_invert_audit, cap))
4502 ++ cap_raise(cap_audit, cap);
4503 ++ }
4504 ++ }
4505 +
4506 -+ inodev = lookup_inodev_entry(new_ino, new_dev);
4507 -+ if (inodev != NULL && ((inode->i_nlink <= 1) || S_ISDIR(inode->i_mode)))
4508 -+ do_handle_delete(inodev, new_ino, new_dev);
4509 ++ if (!cap_raised(cap_drop, cap)) {
4510 ++ if (cap_raised(cap_audit, cap))
4511 ++ gr_log_cap(GR_DO_AUDIT, GR_CAP_ACL_MSG2, task, captab_log[cap]);
4512 ++ return 1;
4513 + }
4514 +
4515 -+ inodev = lookup_inodev_entry(old_ino, old_dev);
4516 -+ if (inodev != NULL && ((old_dentry->d_inode->i_nlink <= 1) || S_ISDIR(old_dentry->d_inode->i_mode)))
4517 -+ do_handle_delete(inodev, old_ino, old_dev);
4518 ++ curracl = task->acl;
4519 +
4520 -+ if (unlikely((unsigned long)matchn))
4521 -+ do_handle_create(matchn, old_dentry, mnt);
4522 ++ if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN))
4523 ++ && cap_raised(cred->cap_effective, cap)) {
4524 ++ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
4525 ++ task->role->roletype, GR_GLOBAL_UID(cred->uid),
4526 ++ GR_GLOBAL_GID(cred->gid), task->exec_file ?
4527 ++ gr_to_filename(task->exec_file->f_path.dentry,
4528 ++ task->exec_file->f_path.mnt) : curracl->filename,
4529 ++ curracl->filename, 0UL,
4530 ++ 0UL, "", (unsigned long) cap, &task->signal->saved_ip);
4531 ++ return 1;
4532 ++ }
4533 +
4534 -+ write_unlock(&gr_inode_lock);
4535 -+ preempt_enable();
4536 ++ if ((cap >= 0) && (cap < captab_log_entries) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
4537 ++ gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
4538 +
4539 -+ return;
4540 ++ return 0;
4541 +}
4542 +
4543 -+static int
4544 -+lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt,
4545 -+ unsigned char **sum)
4546 ++int
4547 ++gr_acl_is_capable(const int cap)
4548 +{
4549 -+ struct acl_role_label *r;
4550 -+ struct role_allowed_ip *ipp;
4551 -+ struct role_transition *trans;
4552 -+ unsigned int i;
4553 -+ int found = 0;
4554 -+ u32 curr_ip = current->signal->curr_ip;
4555 -+
4556 -+ current->signal->saved_ip = curr_ip;
4557 -+
4558 -+ /* check transition table */
4559 -+
4560 -+ for (trans = current->role->transitions; trans; trans = trans->next) {
4561 -+ if (!strcmp(rolename, trans->rolename)) {
4562 -+ found = 1;
4563 -+ break;
4564 -+ }
4565 -+ }
4566 ++ return gr_task_acl_is_capable(current, current_cred(), cap);
4567 ++}
4568 +
4569 -+ if (!found)
4570 -+ return 0;
4571 ++int gr_task_acl_is_capable_nolog(const struct task_struct *task, const int cap)
4572 ++{
4573 ++ struct acl_subject_label *curracl;
4574 ++ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
4575 +
4576 -+ /* handle special roles that do not require authentication
4577 -+ and check ip */
4578 ++ if (!gr_acl_is_enabled())
4579 ++ return 1;
4580 +
4581 -+ FOR_EACH_ROLE_START(r)
4582 -+ if (!strcmp(rolename, r->rolename) &&
4583 -+ (r->roletype & GR_ROLE_SPECIAL)) {
4584 -+ found = 0;
4585 -+ if (r->allowed_ips != NULL) {
4586 -+ for (ipp = r->allowed_ips; ipp; ipp = ipp->next) {
4587 -+ if ((ntohl(curr_ip) & ipp->netmask) ==
4588 -+ (ntohl(ipp->addr) & ipp->netmask))
4589 -+ found = 1;
4590 -+ }
4591 -+ } else
4592 -+ found = 2;
4593 -+ if (!found)
4594 -+ return 0;
4595 ++ curracl = task->acl;
4596 +
4597 -+ if (((mode == GR_SPROLE) && (r->roletype & GR_ROLE_NOPW)) ||
4598 -+ ((mode == GR_SPROLEPAM) && (r->roletype & GR_ROLE_PAM))) {
4599 -+ *salt = NULL;
4600 -+ *sum = NULL;
4601 -+ return 1;
4602 -+ }
4603 -+ }
4604 -+ FOR_EACH_ROLE_END(r)
4605 ++ cap_drop = curracl->cap_lower;
4606 ++ cap_mask = curracl->cap_mask;
4607 +
4608 -+ for (i = 0; i < num_sprole_pws; i++) {
4609 -+ if (!strcmp(rolename, acl_special_roles[i]->rolename)) {
4610 -+ *salt = acl_special_roles[i]->salt;
4611 -+ *sum = acl_special_roles[i]->sum;
4612 -+ return 1;
4613 ++ while ((curracl = curracl->parent_subject)) {
4614 ++ /* if the cap isn't specified in the current computed mask but is specified in the
4615 ++ current level subject, and is lowered in the current level subject, then add
4616 ++ it to the set of dropped capabilities
4617 ++ otherwise, add the current level subject's mask to the current computed mask
4618 ++ */
4619 ++ if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
4620 ++ cap_raise(cap_mask, cap);
4621 ++ if (cap_raised(curracl->cap_lower, cap))
4622 ++ cap_raise(cap_drop, cap);
4623 + }
4624 + }
4625 +
4626 ++ if (!cap_raised(cap_drop, cap))
4627 ++ return 1;
4628 ++
4629 + return 0;
4630 +}
4631 +
4632 -+static void
4633 -+assign_special_role(char *rolename)
4634 ++int
4635 ++gr_acl_is_capable_nolog(const int cap)
4636 +{
4637 -+ struct acl_object_label *obj;
4638 -+ struct acl_role_label *r;
4639 -+ struct acl_role_label *assigned = NULL;
4640 -+ struct task_struct *tsk;
4641 -+ struct file *filp;
4642 ++ return gr_task_acl_is_capable_nolog(current, cap);
4643 ++}
4644 +
4645 -+ FOR_EACH_ROLE_START(r)
4646 -+ if (!strcmp(rolename, r->rolename) &&
4647 -+ (r->roletype & GR_ROLE_SPECIAL)) {
4648 -+ assigned = r;
4649 -+ break;
4650 -+ }
4651 -+ FOR_EACH_ROLE_END(r)
4652 +diff --git a/grsecurity/gracl_compat.c b/grsecurity/gracl_compat.c
4653 +new file mode 100644
4654 +index 0000000..ca25605
4655 +--- /dev/null
4656 ++++ b/grsecurity/gracl_compat.c
4657 +@@ -0,0 +1,270 @@
4658 ++#include <linux/kernel.h>
4659 ++#include <linux/gracl.h>
4660 ++#include <linux/compat.h>
4661 ++#include <linux/gracl_compat.h>
4662 +
4663 -+ if (!assigned)
4664 -+ return;
4665 ++#include <asm/uaccess.h>
4666 +
4667 -+ read_lock(&tasklist_lock);
4668 -+ read_lock(&grsec_exec_file_lock);
4669 ++int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap)
4670 ++{
4671 ++ struct gr_arg_wrapper_compat uwrapcompat;
4672 +
4673 -+ tsk = current->real_parent;
4674 -+ if (tsk == NULL)
4675 -+ goto out_unlock;
4676 ++ if (copy_from_user(&uwrapcompat, buf, sizeof(uwrapcompat)))
4677 ++ return -EFAULT;
4678 +
4679 -+ filp = tsk->exec_file;
4680 -+ if (filp == NULL)
4681 -+ goto out_unlock;
4682 ++ if (((uwrapcompat.version != GRSECURITY_VERSION) &&
4683 ++ (uwrapcompat.version != 0x2901)) ||
4684 ++ (uwrapcompat.size != sizeof(struct gr_arg_compat)))
4685 ++ return -EINVAL;
4686 +
4687 -+ tsk->is_writable = 0;
4688 ++ uwrap->arg = compat_ptr(uwrapcompat.arg);
4689 ++ uwrap->version = uwrapcompat.version;
4690 ++ uwrap->size = sizeof(struct gr_arg);
4691 +
4692 -+ tsk->acl_sp_role = 1;
4693 -+ tsk->acl_role_id = ++acl_sp_role_value;
4694 -+ tsk->role = assigned;
4695 -+ tsk->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role);
4696 ++ return 0;
4697 ++}
4698 +
4699 -+ /* ignore additional mmap checks for processes that are writable
4700 -+ by the default ACL */
4701 -+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
4702 -+ if (unlikely(obj->mode & GR_WRITE))
4703 -+ tsk->is_writable = 1;
4704 -+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role->root_label);
4705 -+ if (unlikely(obj->mode & GR_WRITE))
4706 -+ tsk->is_writable = 1;
4707 ++int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg)
4708 ++{
4709 ++ struct gr_arg_compat argcompat;
4710 +
4711 -+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
4712 -+ printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, task_pid_nr(tsk));
4713 -+#endif
4714 ++ if (copy_from_user(&argcompat, buf, sizeof(argcompat)))
4715 ++ return -EFAULT;
4716 +
4717 -+out_unlock:
4718 -+ read_unlock(&grsec_exec_file_lock);
4719 -+ read_unlock(&tasklist_lock);
4720 -+ return;
4721 ++ arg->role_db.r_table = compat_ptr(argcompat.role_db.r_table);
4722 ++ arg->role_db.num_pointers = argcompat.role_db.num_pointers;
4723 ++ arg->role_db.num_roles = argcompat.role_db.num_roles;
4724 ++ arg->role_db.num_domain_children = argcompat.role_db.num_domain_children;
4725 ++ arg->role_db.num_subjects = argcompat.role_db.num_subjects;
4726 ++ arg->role_db.num_objects = argcompat.role_db.num_objects;
4727 ++
4728 ++ memcpy(&arg->pw, &argcompat.pw, sizeof(arg->pw));
4729 ++ memcpy(&arg->salt, &argcompat.salt, sizeof(arg->salt));
4730 ++ memcpy(&arg->sum, &argcompat.sum, sizeof(arg->sum));
4731 ++ memcpy(&arg->sp_role, &argcompat.sp_role, sizeof(arg->sp_role));
4732 ++ arg->sprole_pws = compat_ptr(argcompat.sprole_pws);
4733 ++ arg->segv_device = argcompat.segv_device;
4734 ++ arg->segv_inode = argcompat.segv_inode;
4735 ++ arg->segv_uid = argcompat.segv_uid;
4736 ++ arg->num_sprole_pws = argcompat.num_sprole_pws;
4737 ++ arg->mode = argcompat.mode;
4738 ++
4739 ++ return 0;
4740 +}
4741 +
4742 -+int gr_check_secure_terminal(struct task_struct *task)
4743 ++int copy_acl_object_label_compat(struct acl_object_label *obj, const struct acl_object_label *userp)
4744 +{
4745 -+ struct task_struct *p, *p2, *p3;
4746 -+ struct files_struct *files;
4747 -+ struct fdtable *fdt;
4748 -+ struct file *our_file = NULL, *file;
4749 -+ int i;
4750 -+
4751 -+ if (task->signal->tty == NULL)
4752 -+ return 1;
4753 -+
4754 -+ files = get_files_struct(task);
4755 -+ if (files != NULL) {
4756 -+ rcu_read_lock();
4757 -+ fdt = files_fdtable(files);
4758 -+ for (i=0; i < fdt->max_fds; i++) {
4759 -+ file = fcheck_files(files, i);
4760 -+ if (file && (our_file == NULL) && (file->private_data == task->signal->tty)) {
4761 -+ get_file(file);
4762 -+ our_file = file;
4763 -+ }
4764 -+ }
4765 -+ rcu_read_unlock();
4766 -+ put_files_struct(files);
4767 -+ }
4768 ++ struct acl_object_label_compat objcompat;
4769 +
4770 -+ if (our_file == NULL)
4771 -+ return 1;
4772 ++ if (copy_from_user(&objcompat, userp, sizeof(objcompat)))
4773 ++ return -EFAULT;
4774 +
4775 -+ read_lock(&tasklist_lock);
4776 -+ do_each_thread(p2, p) {
4777 -+ files = get_files_struct(p);
4778 -+ if (files == NULL ||
4779 -+ (p->signal && p->signal->tty == task->signal->tty)) {
4780 -+ if (files != NULL)
4781 -+ put_files_struct(files);
4782 -+ continue;
4783 -+ }
4784 -+ rcu_read_lock();
4785 -+ fdt = files_fdtable(files);
4786 -+ for (i=0; i < fdt->max_fds; i++) {
4787 -+ file = fcheck_files(files, i);
4788 -+ if (file && S_ISCHR(file->f_path.dentry->d_inode->i_mode) &&
4789 -+ file->f_path.dentry->d_inode->i_rdev == our_file->f_path.dentry->d_inode->i_rdev) {
4790 -+ p3 = task;
4791 -+ while (task_pid_nr(p3) > 0) {
4792 -+ if (p3 == p)
4793 -+ break;
4794 -+ p3 = p3->real_parent;
4795 -+ }
4796 -+ if (p3 == p)
4797 -+ break;
4798 -+ gr_log_ttysniff(GR_DONT_AUDIT_GOOD, GR_TTYSNIFF_ACL_MSG, p);
4799 -+ gr_handle_alertkill(p);
4800 -+ rcu_read_unlock();
4801 -+ put_files_struct(files);
4802 -+ read_unlock(&tasklist_lock);
4803 -+ fput(our_file);
4804 -+ return 0;
4805 -+ }
4806 -+ }
4807 -+ rcu_read_unlock();
4808 -+ put_files_struct(files);
4809 -+ } while_each_thread(p2, p);
4810 -+ read_unlock(&tasklist_lock);
4811 ++ obj->filename = compat_ptr(objcompat.filename);
4812 ++ obj->inode = objcompat.inode;
4813 ++ obj->device = objcompat.device;
4814 ++ obj->mode = objcompat.mode;
4815 +
4816 -+ fput(our_file);
4817 -+ return 1;
4818 -+}
4819 ++ obj->nested = compat_ptr(objcompat.nested);
4820 ++ obj->globbed = compat_ptr(objcompat.globbed);
4821 +
4822 -+static int gr_rbac_disable(void *unused)
4823 -+{
4824 -+ pax_open_kernel();
4825 -+ gr_status &= ~GR_READY;
4826 -+ pax_close_kernel();
4827 ++ obj->prev = compat_ptr(objcompat.prev);
4828 ++ obj->next = compat_ptr(objcompat.next);
4829 +
4830 + return 0;
4831 +}
4832 +
4833 -+ssize_t
4834 -+write_grsec_handler(struct file *file, const char __user * buf, size_t count, loff_t *ppos)
4835 ++int copy_acl_subject_label_compat(struct acl_subject_label *subj, const struct acl_subject_label *userp)
4836 +{
4837 -+ struct gr_arg_wrapper uwrap;
4838 -+ unsigned char *sprole_salt = NULL;
4839 -+ unsigned char *sprole_sum = NULL;
4840 -+ int error = 0;
4841 -+ int error2 = 0;
4842 -+ size_t req_count = 0;
4843 -+
4844 -+ mutex_lock(&gr_dev_mutex);
4845 -+
4846 -+ if ((gr_status & GR_READY) && !(current->acl->mode & GR_KERNELAUTH)) {
4847 -+ error = -EPERM;
4848 -+ goto out;
4849 -+ }
4850 -+
4851 -+#ifdef CONFIG_COMPAT
4852 -+ pax_open_kernel();
4853 -+ if (is_compat_task()) {
4854 -+ copy_gr_arg_wrapper = &copy_gr_arg_wrapper_compat;
4855 -+ copy_gr_arg = &copy_gr_arg_compat;
4856 -+ copy_acl_object_label = &copy_acl_object_label_compat;
4857 -+ copy_acl_subject_label = &copy_acl_subject_label_compat;
4858 -+ copy_acl_role_label = &copy_acl_role_label_compat;
4859 -+ copy_acl_ip_label = &copy_acl_ip_label_compat;
4860 -+ copy_role_allowed_ip = &copy_role_allowed_ip_compat;
4861 -+ copy_role_transition = &copy_role_transition_compat;
4862 -+ copy_sprole_pw = &copy_sprole_pw_compat;
4863 -+ copy_gr_hash_struct = &copy_gr_hash_struct_compat;
4864 -+ copy_pointer_from_array = &copy_pointer_from_array_compat;
4865 -+ get_gr_arg_wrapper_size = &get_gr_arg_wrapper_size_compat;
4866 -+ } else {
4867 -+ copy_gr_arg_wrapper = &copy_gr_arg_wrapper_normal;
4868 -+ copy_gr_arg = &copy_gr_arg_normal;
4869 -+ copy_acl_object_label = &copy_acl_object_label_normal;
4870 -+ copy_acl_subject_label = &copy_acl_subject_label_normal;
4871 -+ copy_acl_role_label = &copy_acl_role_label_normal;
4872 -+ copy_acl_ip_label = &copy_acl_ip_label_normal;
4873 -+ copy_role_allowed_ip = &copy_role_allowed_ip_normal;
4874 -+ copy_role_transition = &copy_role_transition_normal;
4875 -+ copy_sprole_pw = &copy_sprole_pw_normal;
4876 -+ copy_gr_hash_struct = &copy_gr_hash_struct_normal;
4877 -+ copy_pointer_from_array = &copy_pointer_from_array_normal;
4878 -+ get_gr_arg_wrapper_size = &get_gr_arg_wrapper_size_normal;
4879 -+ }
4880 -+ pax_close_kernel();
4881 -+#endif
4882 ++ unsigned int i;
4883 ++ struct acl_subject_label_compat subjcompat;
4884 +
4885 -+ req_count = get_gr_arg_wrapper_size();
4886 ++ if (copy_from_user(&subjcompat, userp, sizeof(subjcompat)))
4887 ++ return -EFAULT;
4888 +
4889 -+ if (count != req_count) {
4890 -+ gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)req_count);
4891 -+ error = -EINVAL;
4892 -+ goto out;
4893 -+ }
4894 ++ subj->filename = compat_ptr(subjcompat.filename);
4895 ++ subj->inode = subjcompat.inode;
4896 ++ subj->device = subjcompat.device;
4897 ++ subj->mode = subjcompat.mode;
4898 ++ subj->cap_mask = subjcompat.cap_mask;
4899 ++ subj->cap_lower = subjcompat.cap_lower;
4900 ++ subj->cap_invert_audit = subjcompat.cap_invert_audit;
4901 +
4902 -+
4903 -+ if (gr_auth_expires && time_after_eq(get_seconds(), gr_auth_expires)) {
4904 -+ gr_auth_expires = 0;
4905 -+ gr_auth_attempts = 0;
4906 ++ for (i = 0; i < GR_NLIMITS; i++) {
4907 ++ if (subjcompat.res[i].rlim_cur == COMPAT_RLIM_INFINITY)
4908 ++ subj->res[i].rlim_cur = RLIM_INFINITY;
4909 ++ else
4910 ++ subj->res[i].rlim_cur = subjcompat.res[i].rlim_cur;
4911 ++ if (subjcompat.res[i].rlim_max == COMPAT_RLIM_INFINITY)
4912 ++ subj->res[i].rlim_max = RLIM_INFINITY;
4913 ++ else
4914 ++ subj->res[i].rlim_max = subjcompat.res[i].rlim_max;
4915 + }
4916 ++ subj->resmask = subjcompat.resmask;
4917 +
4918 -+ error = copy_gr_arg_wrapper(buf, &uwrap);
4919 -+ if (error)
4920 -+ goto out;
4921 -+
4922 -+ error = copy_gr_arg(uwrap.arg, gr_usermode);
4923 -+ if (error)
4924 -+ goto out;
4925 ++ subj->user_trans_type = subjcompat.user_trans_type;
4926 ++ subj->group_trans_type = subjcompat.group_trans_type;
4927 ++ subj->user_transitions = compat_ptr(subjcompat.user_transitions);
4928 ++ subj->group_transitions = compat_ptr(subjcompat.group_transitions);
4929 ++ subj->user_trans_num = subjcompat.user_trans_num;
4930 ++ subj->group_trans_num = subjcompat.group_trans_num;
4931 +
4932 -+ if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_SPROLEPAM &&
4933 -+ gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
4934 -+ time_after(gr_auth_expires, get_seconds())) {
4935 -+ error = -EBUSY;
4936 -+ goto out;
4937 -+ }
4938 ++ memcpy(&subj->sock_families, &subjcompat.sock_families, sizeof(subj->sock_families));
4939 ++ memcpy(&subj->ip_proto, &subjcompat.ip_proto, sizeof(subj->ip_proto));
4940 ++ subj->ip_type = subjcompat.ip_type;
4941 ++ subj->ips = compat_ptr(subjcompat.ips);
4942 ++ subj->ip_num = subjcompat.ip_num;
4943 ++ subj->inaddr_any_override = subjcompat.inaddr_any_override;
4944 +
4945 -+ /* if non-root trying to do anything other than use a special role,
4946 -+ do not attempt authentication, do not count towards authentication
4947 -+ locking
4948 -+ */
4949 ++ subj->crashes = subjcompat.crashes;
4950 ++ subj->expires = subjcompat.expires;
4951 +
4952 -+ if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS &&
4953 -+ gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM &&
4954 -+ gr_is_global_nonroot(current_uid())) {
4955 -+ error = -EPERM;
4956 -+ goto out;
4957 -+ }
4958 ++ subj->parent_subject = compat_ptr(subjcompat.parent_subject);
4959 ++ subj->hash = compat_ptr(subjcompat.hash);
4960 ++ subj->prev = compat_ptr(subjcompat.prev);
4961 ++ subj->next = compat_ptr(subjcompat.next);
4962 +
4963 -+ /* ensure pw and special role name are null terminated */
4964 ++ subj->obj_hash = compat_ptr(subjcompat.obj_hash);
4965 ++ subj->obj_hash_size = subjcompat.obj_hash_size;
4966 ++ subj->pax_flags = subjcompat.pax_flags;
4967 +
4968 -+ gr_usermode->pw[GR_PW_LEN - 1] = '\0';
4969 -+ gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0';
4970 ++ return 0;
4971 ++}
4972 +
4973 -+ /* Okay.
4974 -+ * We have our enough of the argument structure..(we have yet
4975 -+ * to copy_from_user the tables themselves) . Copy the tables
4976 -+ * only if we need them, i.e. for loading operations. */
4977 ++int copy_acl_role_label_compat(struct acl_role_label *role, const struct acl_role_label *userp)
4978 ++{
4979 ++ struct acl_role_label_compat rolecompat;
4980 +
4981 -+ switch (gr_usermode->mode) {
4982 -+ case GR_STATUS:
4983 -+ if (gr_status & GR_READY) {
4984 -+ error = 1;
4985 -+ if (!gr_check_secure_terminal(current))
4986 -+ error = 3;
4987 -+ } else
4988 -+ error = 2;
4989 -+ goto out;
4990 -+ case GR_SHUTDOWN:
4991 -+ if ((gr_status & GR_READY)
4992 -+ && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
4993 -+ stop_machine(gr_rbac_disable, NULL, NULL);
4994 -+ free_variables();
4995 -+ memset(gr_usermode, 0, sizeof (struct gr_arg));
4996 -+ memset(gr_system_salt, 0, GR_SALT_LEN);
4997 -+ memset(gr_system_sum, 0, GR_SHA_LEN);
4998 -+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG);
4999 -+ } else if (gr_status & GR_READY) {
5000 -+ gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG);
5001 -+ error = -EPERM;
5002 -+ } else {
5003 -+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTI_ACL_MSG);
5004 -+ error = -EAGAIN;
5005 -+ }
5006 -+ break;
5007 -+ case GR_ENABLE:
5008 -+ if (!(gr_status & GR_READY) && !(error2 = gracl_init(gr_usermode)))
5009 -+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION);
5010 -+ else {
5011 -+ if (gr_status & GR_READY)
5012 -+ error = -EAGAIN;
5013 -+ else
5014 -+ error = error2;
5015 -+ gr_log_str(GR_DONT_AUDIT, GR_ENABLEF_ACL_MSG, GR_VERSION);
5016 -+ }
5017 -+ break;
5018 -+ case GR_RELOAD:
5019 -+ if (!(gr_status & GR_READY)) {
5020 -+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION);
5021 -+ error = -EAGAIN;
5022 -+ } else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
5023 -+ stop_machine(gr_rbac_disable, NULL, NULL);
5024 -+ free_variables();
5025 -+ error2 = gracl_init(gr_usermode);
5026 -+ if (!error2)
5027 -+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION);
5028 -+ else {
5029 -+ gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
5030 -+ error = error2;
5031 -+ }
5032 -+ } else {
5033 -+ gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
5034 -+ error = -EPERM;
5035 -+ }
5036 -+ break;
5037 -+ case GR_SEGVMOD:
5038 -+ if (unlikely(!(gr_status & GR_READY))) {
5039 -+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODI_ACL_MSG);
5040 -+ error = -EAGAIN;
5041 -+ break;
5042 -+ }
5043 ++ if (copy_from_user(&rolecompat, userp, sizeof(rolecompat)))
5044 ++ return -EFAULT;
5045 +
5046 -+ if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
5047 -+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG);
5048 -+ if (gr_usermode->segv_device && gr_usermode->segv_inode) {
5049 -+ struct acl_subject_label *segvacl;
5050 -+ segvacl =
5051 -+ lookup_acl_subj_label(gr_usermode->segv_inode,
5052 -+ gr_usermode->segv_device,
5053 -+ current->role);
5054 -+ if (segvacl) {
5055 -+ segvacl->crashes = 0;
5056 -+ segvacl->expires = 0;
5057 -+ }
5058 -+ } else if (gr_find_uid(gr_usermode->segv_uid) >= 0) {
5059 -+ gr_remove_uid(gr_usermode->segv_uid);
5060 -+ }
5061 -+ } else {
5062 -+ gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG);
5063 -+ error = -EPERM;
5064 -+ }
5065 -+ break;
5066 -+ case GR_SPROLE:
5067 -+ case GR_SPROLEPAM:
5068 -+ if (unlikely(!(gr_status & GR_READY))) {
5069 -+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SPROLEI_ACL_MSG);
5070 -+ error = -EAGAIN;
5071 -+ break;
5072 -+ }
5073 ++ role->rolename = compat_ptr(rolecompat.rolename);
5074 ++ role->uidgid = rolecompat.uidgid;
5075 ++ role->roletype = rolecompat.roletype;
5076 +
5077 -+ if (current->role->expires && time_after_eq(get_seconds(), current->role->expires)) {
5078 -+ current->role->expires = 0;
5079 -+ current->role->auth_attempts = 0;
5080 -+ }
5081 ++ role->auth_attempts = rolecompat.auth_attempts;
5082 ++ role->expires = rolecompat.expires;
5083 +
5084 -+ if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
5085 -+ time_after(current->role->expires, get_seconds())) {
5086 -+ error = -EBUSY;
5087 -+ goto out;
5088 -+ }
5089 ++ role->root_label = compat_ptr(rolecompat.root_label);
5090 ++ role->hash = compat_ptr(rolecompat.hash);
5091 +
5092 -+ if (lookup_special_role_auth
5093 -+ (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum)
5094 -+ && ((!sprole_salt && !sprole_sum)
5095 -+ || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
5096 -+ char *p = "";
5097 -+ assign_special_role(gr_usermode->sp_role);
5098 -+ read_lock(&tasklist_lock);
5099 -+ if (current->real_parent)
5100 -+ p = current->real_parent->role->rolename;
5101 -+ read_unlock(&tasklist_lock);
5102 -+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG,
5103 -+ p, acl_sp_role_value);
5104 -+ } else {
5105 -+ gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode->sp_role);
5106 -+ error = -EPERM;
5107 -+ if(!(current->role->auth_attempts++))
5108 -+ current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
5109 ++ role->prev = compat_ptr(rolecompat.prev);
5110 ++ role->next = compat_ptr(rolecompat.next);
5111 +
5112 -+ goto out;
5113 -+ }
5114 -+ break;
5115 -+ case GR_UNSPROLE:
5116 -+ if (unlikely(!(gr_status & GR_READY))) {
5117 -+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_UNSPROLEI_ACL_MSG);
5118 -+ error = -EAGAIN;
5119 -+ break;
5120 -+ }
5121 ++ role->transitions = compat_ptr(rolecompat.transitions);
5122 ++ role->allowed_ips = compat_ptr(rolecompat.allowed_ips);
5123 ++ role->domain_children = compat_ptr(rolecompat.domain_children);
5124 ++ role->domain_child_num = rolecompat.domain_child_num;
5125 +
5126 -+ if (current->role->roletype & GR_ROLE_SPECIAL) {
5127 -+ char *p = "";
5128 -+ int i = 0;
5129 ++ role->umask = rolecompat.umask;
5130 +
5131 -+ read_lock(&tasklist_lock);
5132 -+ if (current->real_parent) {
5133 -+ p = current->real_parent->role->rolename;
5134 -+ i = current->real_parent->acl_role_id;
5135 -+ }
5136 -+ read_unlock(&tasklist_lock);
5137 ++ role->subj_hash = compat_ptr(rolecompat.subj_hash);
5138 ++ role->subj_hash_size = rolecompat.subj_hash_size;
5139 +
5140 -+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_UNSPROLES_ACL_MSG, p, i);
5141 -+ gr_set_acls(1);
5142 -+ } else {
5143 -+ error = -EPERM;
5144 -+ goto out;
5145 -+ }
5146 -+ break;
5147 -+ default:
5148 -+ gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode->mode);
5149 -+ error = -EINVAL;
5150 -+ break;
5151 -+ }
5152 ++ return 0;
5153 ++}
5154 +
5155 -+ if (error != -EPERM)
5156 -+ goto out;
5157 ++int copy_role_allowed_ip_compat(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp)
5158 ++{
5159 ++ struct role_allowed_ip_compat roleip_compat;
5160 +
5161 -+ if(!(gr_auth_attempts++))
5162 -+ gr_auth_expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
5163 ++ if (copy_from_user(&roleip_compat, userp, sizeof(roleip_compat)))
5164 ++ return -EFAULT;
5165 +
5166 -+ out:
5167 -+ mutex_unlock(&gr_dev_mutex);
5168 ++ roleip->addr = roleip_compat.addr;
5169 ++ roleip->netmask = roleip_compat.netmask;
5170 +
5171 -+ if (!error)
5172 -+ error = req_count;
5173 ++ roleip->prev = compat_ptr(roleip_compat.prev);
5174 ++ roleip->next = compat_ptr(roleip_compat.next);
5175 +
5176 -+ return error;
5177 ++ return 0;
5178 +}
5179 +
5180 -+/* must be called with
5181 -+ rcu_read_lock();
5182 -+ read_lock(&tasklist_lock);
5183 -+ read_lock(&grsec_exec_file_lock);
5184 -+*/
5185 -+int gr_apply_subject_to_task(struct task_struct *task)
5186 ++int copy_role_transition_compat(struct role_transition *trans, const struct role_transition *userp)
5187 +{
5188 -+ struct acl_object_label *obj;
5189 -+ char *tmpname;
5190 -+ struct acl_subject_label *tmpsubj;
5191 -+ struct file *filp;
5192 -+ struct name_entry *nmatch;
5193 ++ struct role_transition_compat trans_compat;
5194 +
5195 -+ filp = task->exec_file;
5196 -+ if (filp == NULL)
5197 -+ return 0;
5198 ++ if (copy_from_user(&trans_compat, userp, sizeof(trans_compat)))
5199 ++ return -EFAULT;
5200 +
5201 -+ /* the following is to apply the correct subject
5202 -+ on binaries running when the RBAC system
5203 -+ is enabled, when the binaries have been
5204 -+ replaced or deleted since their execution
5205 -+ -----
5206 -+ when the RBAC system starts, the inode/dev
5207 -+ from exec_file will be one the RBAC system
5208 -+ is unaware of. It only knows the inode/dev
5209 -+ of the present file on disk, or the absence
5210 -+ of it.
5211 -+ */
5212 -+ preempt_disable();
5213 -+ tmpname = gr_to_filename_rbac(filp->f_path.dentry, filp->f_path.mnt);
5214 -+
5215 -+ nmatch = lookup_name_entry(tmpname);
5216 -+ preempt_enable();
5217 -+ tmpsubj = NULL;
5218 -+ if (nmatch) {
5219 -+ if (nmatch->deleted)
5220 -+ tmpsubj = lookup_acl_subj_label_deleted(nmatch->inode, nmatch->device, task->role);
5221 -+ else
5222 -+ tmpsubj = lookup_acl_subj_label(nmatch->inode, nmatch->device, task->role);
5223 -+ if (tmpsubj != NULL)
5224 -+ task->acl = tmpsubj;
5225 -+ }
5226 -+ if (tmpsubj == NULL)
5227 -+ task->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt,
5228 -+ task->role);
5229 -+ if (task->acl) {
5230 -+ task->is_writable = 0;
5231 -+ /* ignore additional mmap checks for processes that are writable
5232 -+ by the default ACL */
5233 -+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
5234 -+ if (unlikely(obj->mode & GR_WRITE))
5235 -+ task->is_writable = 1;
5236 -+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
5237 -+ if (unlikely(obj->mode & GR_WRITE))
5238 -+ task->is_writable = 1;
5239 -+
5240 -+ gr_set_proc_res(task);
5241 ++ trans->rolename = compat_ptr(trans_compat.rolename);
5242 +
5243 -+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
5244 -+ printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename);
5245 -+#endif
5246 -+ } else {
5247 -+ return 1;
5248 -+ }
5249 ++ trans->prev = compat_ptr(trans_compat.prev);
5250 ++ trans->next = compat_ptr(trans_compat.next);
5251 +
5252 + return 0;
5253 ++
5254 +}
5255 +
5256 -+int
5257 -+gr_set_acls(const int type)
5258 ++int copy_gr_hash_struct_compat(struct gr_hash_struct *hash, const struct gr_hash_struct *userp)
5259 +{
5260 -+ struct task_struct *task, *task2;
5261 -+ struct acl_role_label *role = current->role;
5262 -+ __u16 acl_role_id = current->acl_role_id;
5263 -+ const struct cred *cred;
5264 -+ int ret;
5265 ++ struct gr_hash_struct_compat hash_compat;
5266 +
5267 -+ rcu_read_lock();
5268 -+ read_lock(&tasklist_lock);
5269 -+ read_lock(&grsec_exec_file_lock);
5270 -+ do_each_thread(task2, task) {
5271 -+ /* check to see if we're called from the exit handler,
5272 -+ if so, only replace ACLs that have inherited the admin
5273 -+ ACL */
5274 ++ if (copy_from_user(&hash_compat, userp, sizeof(hash_compat)))
5275 ++ return -EFAULT;
5276 +
5277 -+ if (type && (task->role != role ||
5278 -+ task->acl_role_id != acl_role_id))
5279 -+ continue;
5280 ++ hash->table = compat_ptr(hash_compat.table);
5281 ++ hash->nametable = compat_ptr(hash_compat.nametable);
5282 ++ hash->first = compat_ptr(hash_compat.first);
5283 +
5284 -+ task->acl_role_id = 0;
5285 -+ task->acl_sp_role = 0;
5286 ++ hash->table_size = hash_compat.table_size;
5287 ++ hash->used_size = hash_compat.used_size;
5288 +
5289 -+ if (task->exec_file) {
5290 -+ cred = __task_cred(task);
5291 -+ task->role = lookup_acl_role_label(task, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid));
5292 -+ ret = gr_apply_subject_to_task(task);
5293 -+ if (ret) {
5294 -+ read_unlock(&grsec_exec_file_lock);
5295 -+ read_unlock(&tasklist_lock);
5296 -+ rcu_read_unlock();
5297 -+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task_pid_nr(task));
5298 -+ return ret;
5299 -+ }
5300 -+ } else {
5301 -+ // it's a kernel process
5302 -+ task->role = kernel_role;
5303 -+ task->acl = kernel_role->root_label;
5304 -+#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
5305 -+ task->acl->mode &= ~GR_PROCFIND;
5306 -+#endif
5307 -+ }
5308 -+ } while_each_thread(task2, task);
5309 -+ read_unlock(&grsec_exec_file_lock);
5310 -+ read_unlock(&tasklist_lock);
5311 -+ rcu_read_unlock();
5312 ++ hash->type = hash_compat.type;
5313 +
5314 + return 0;
5315 +}
5316 +
5317 -+#if defined(CONFIG_GRKERNSEC_RESLOG) || !defined(CONFIG_GRKERNSEC_NO_RBAC)
5318 -+static const unsigned long res_learn_bumps[GR_NLIMITS] = {
5319 -+ [RLIMIT_CPU] = GR_RLIM_CPU_BUMP,
5320 -+ [RLIMIT_FSIZE] = GR_RLIM_FSIZE_BUMP,
5321 -+ [RLIMIT_DATA] = GR_RLIM_DATA_BUMP,
5322 -+ [RLIMIT_STACK] = GR_RLIM_STACK_BUMP,
5323 -+ [RLIMIT_CORE] = GR_RLIM_CORE_BUMP,
5324 -+ [RLIMIT_RSS] = GR_RLIM_RSS_BUMP,
5325 -+ [RLIMIT_NPROC] = GR_RLIM_NPROC_BUMP,
5326 -+ [RLIMIT_NOFILE] = GR_RLIM_NOFILE_BUMP,
5327 -+ [RLIMIT_MEMLOCK] = GR_RLIM_MEMLOCK_BUMP,
5328 -+ [RLIMIT_AS] = GR_RLIM_AS_BUMP,
5329 -+ [RLIMIT_LOCKS] = GR_RLIM_LOCKS_BUMP,
5330 -+ [RLIMIT_SIGPENDING] = GR_RLIM_SIGPENDING_BUMP,
5331 -+ [RLIMIT_MSGQUEUE] = GR_RLIM_MSGQUEUE_BUMP,
5332 -+ [RLIMIT_NICE] = GR_RLIM_NICE_BUMP,
5333 -+ [RLIMIT_RTPRIO] = GR_RLIM_RTPRIO_BUMP,
5334 -+ [RLIMIT_RTTIME] = GR_RLIM_RTTIME_BUMP
5335 -+};
5336 -+
5337 -+void
5338 -+gr_learn_resource(const struct task_struct *task,
5339 -+ const int res, const unsigned long wanted, const int gt)
5340 ++int copy_pointer_from_array_compat(void *ptr, unsigned long idx, const void *userp)
5341 +{
5342 -+ struct acl_subject_label *acl;
5343 -+ const struct cred *cred;
5344 ++ compat_uptr_t ptrcompat;
5345 +
5346 -+ if (unlikely((gr_status & GR_READY) &&
5347 -+ task->acl && (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))))
5348 -+ goto skip_reslog;
5349 ++ if (copy_from_user(&ptrcompat, userp + (idx * sizeof(ptrcompat)), sizeof(ptrcompat)))
5350 ++ return -EFAULT;
5351 +
5352 -+ gr_log_resource(task, res, wanted, gt);
5353 -+skip_reslog:
5354 ++ *(void **)ptr = compat_ptr(ptrcompat);
5355 +
5356 -+ if (unlikely(!(gr_status & GR_READY) || !wanted || res >= GR_NLIMITS))
5357 -+ return;
5358 ++ return 0;
5359 ++}
5360 +
5361 -+ acl = task->acl;
5362 ++int copy_acl_ip_label_compat(struct acl_ip_label *ip, const struct acl_ip_label *userp)
5363 ++{
5364 ++ struct acl_ip_label_compat ip_compat;
5365 +
5366 -+ if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) ||
5367 -+ !(acl->resmask & (1U << (unsigned short) res))))
5368 -+ return;
5369 ++ if (copy_from_user(&ip_compat, userp, sizeof(ip_compat)))
5370 ++ return -EFAULT;
5371 +
5372 -+ if (wanted >= acl->res[res].rlim_cur) {
5373 -+ unsigned long res_add;
5374 ++ ip->iface = compat_ptr(ip_compat.iface);
5375 ++ ip->addr = ip_compat.addr;
5376 ++ ip->netmask = ip_compat.netmask;
5377 ++ ip->low = ip_compat.low;
5378 ++ ip->high = ip_compat.high;
5379 ++ ip->mode = ip_compat.mode;
5380 ++ ip->type = ip_compat.type;
5381 +
5382 -+ res_add = wanted + res_learn_bumps[res];
5383 ++ memcpy(&ip->proto, &ip_compat.proto, sizeof(ip->proto));
5384 +
5385 -+ acl->res[res].rlim_cur = res_add;
5386 ++ ip->prev = compat_ptr(ip_compat.prev);
5387 ++ ip->next = compat_ptr(ip_compat.next);
5388 +
5389 -+ if (wanted > acl->res[res].rlim_max)
5390 -+ acl->res[res].rlim_max = res_add;
5391 ++ return 0;
5392 ++}
5393 +
5394 -+ /* only log the subject filename, since resource logging is supported for
5395 -+ single-subject learning only */
5396 -+ rcu_read_lock();
5397 -+ cred = __task_cred(task);
5398 -+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
5399 -+ task->role->roletype, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), acl->filename,
5400 -+ acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max,
5401 -+ "", (unsigned long) res, &task->signal->saved_ip);
5402 -+ rcu_read_unlock();
5403 -+ }
5404 ++int copy_sprole_pw_compat(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp)
5405 ++{
5406 ++ struct sprole_pw_compat pw_compat;
5407 +
5408 -+ return;
5409 ++ if (copy_from_user(&pw_compat, (const void *)userp + (sizeof(pw_compat) * idx), sizeof(pw_compat)))
5410 ++ return -EFAULT;
5411 ++
5412 ++ pw->rolename = compat_ptr(pw_compat.rolename);
5413 ++ memcpy(&pw->salt, pw_compat.salt, sizeof(pw->salt));
5414 ++ memcpy(&pw->sum, pw_compat.sum, sizeof(pw->sum));
5415 ++
5416 ++ return 0;
5417 +}
5418 -+EXPORT_SYMBOL(gr_learn_resource);
5419 -+#endif
5420 +
5421 -+#if defined(CONFIG_PAX_HAVE_ACL_FLAGS) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
5422 -+void
5423 -+pax_set_initial_flags(struct linux_binprm *bprm)
5424 ++size_t get_gr_arg_wrapper_size_compat(void)
5425 +{
5426 -+ struct task_struct *task = current;
5427 -+ struct acl_subject_label *proc;
5428 -+ unsigned long flags;
5429 ++ return sizeof(struct gr_arg_wrapper_compat);
5430 ++}
5431 +
5432 -+ if (unlikely(!(gr_status & GR_READY)))
5433 -+ return;
5434 +diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
5435 +new file mode 100644
5436 +index 0000000..a340c17
5437 +--- /dev/null
5438 ++++ b/grsecurity/gracl_fs.c
5439 +@@ -0,0 +1,431 @@
5440 ++#include <linux/kernel.h>
5441 ++#include <linux/sched.h>
5442 ++#include <linux/types.h>
5443 ++#include <linux/fs.h>
5444 ++#include <linux/file.h>
5445 ++#include <linux/stat.h>
5446 ++#include <linux/grsecurity.h>
5447 ++#include <linux/grinternal.h>
5448 ++#include <linux/gracl.h>
5449 +
5450 -+ flags = pax_get_flags(task);
5451 ++umode_t
5452 ++gr_acl_umask(void)
5453 ++{
5454 ++ if (unlikely(!gr_acl_is_enabled()))
5455 ++ return 0;
5456 +
5457 -+ proc = task->acl;
5458 ++ return current->role->umask;
5459 ++}
5460 +
5461 -+ if (proc->pax_flags & GR_PAX_DISABLE_PAGEEXEC)
5462 -+ flags &= ~MF_PAX_PAGEEXEC;
5463 -+ if (proc->pax_flags & GR_PAX_DISABLE_SEGMEXEC)
5464 -+ flags &= ~MF_PAX_SEGMEXEC;
5465 -+ if (proc->pax_flags & GR_PAX_DISABLE_RANDMMAP)
5466 -+ flags &= ~MF_PAX_RANDMMAP;
5467 -+ if (proc->pax_flags & GR_PAX_DISABLE_EMUTRAMP)
5468 -+ flags &= ~MF_PAX_EMUTRAMP;
5469 -+ if (proc->pax_flags & GR_PAX_DISABLE_MPROTECT)
5470 -+ flags &= ~MF_PAX_MPROTECT;
5471 ++__u32
5472 ++gr_acl_handle_hidden_file(const struct dentry * dentry,
5473 ++ const struct vfsmount * mnt)
5474 ++{
5475 ++ __u32 mode;
5476 +
5477 -+ if (proc->pax_flags & GR_PAX_ENABLE_PAGEEXEC)
5478 -+ flags |= MF_PAX_PAGEEXEC;
5479 -+ if (proc->pax_flags & GR_PAX_ENABLE_SEGMEXEC)
5480 -+ flags |= MF_PAX_SEGMEXEC;
5481 -+ if (proc->pax_flags & GR_PAX_ENABLE_RANDMMAP)
5482 -+ flags |= MF_PAX_RANDMMAP;
5483 -+ if (proc->pax_flags & GR_PAX_ENABLE_EMUTRAMP)
5484 -+ flags |= MF_PAX_EMUTRAMP;
5485 -+ if (proc->pax_flags & GR_PAX_ENABLE_MPROTECT)
5486 -+ flags |= MF_PAX_MPROTECT;
5487 ++ if (unlikely(!dentry->d_inode))
5488 ++ return GR_FIND;
5489 +
5490 -+ pax_set_flags(task, flags);
5491 ++ mode =
5492 ++ gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt);
5493 +
5494 -+ return;
5495 ++ if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) {
5496 ++ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
5497 ++ return mode;
5498 ++ } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) {
5499 ++ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
5500 ++ return 0;
5501 ++ } else if (unlikely(!(mode & GR_FIND)))
5502 ++ return 0;
5503 ++
5504 ++ return GR_FIND;
5505 +}
5506 -+#endif
5507 +
5508 -+int
5509 -+gr_handle_proc_ptrace(struct task_struct *task)
5510 ++__u32
5511 ++gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
5512 ++ int acc_mode)
5513 +{
5514 -+ struct file *filp;
5515 -+ struct task_struct *tmp = task;
5516 -+ struct task_struct *curtemp = current;
5517 -+ __u32 retmode;
5518 ++ __u32 reqmode = GR_FIND;
5519 ++ __u32 mode;
5520 +
5521 -+#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
5522 -+ if (unlikely(!(gr_status & GR_READY)))
5523 ++ if (unlikely(!dentry->d_inode))
5524 ++ return reqmode;
5525 ++
5526 ++ if (acc_mode & MAY_APPEND)
5527 ++ reqmode |= GR_APPEND;
5528 ++ else if (acc_mode & MAY_WRITE)
5529 ++ reqmode |= GR_WRITE;
5530 ++ if ((acc_mode & MAY_READ) && !S_ISDIR(dentry->d_inode->i_mode))
5531 ++ reqmode |= GR_READ;
5532 ++
5533 ++ mode =
5534 ++ gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
5535 ++ mnt);
5536 ++
5537 ++ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
5538 ++ gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
5539 ++ reqmode & GR_READ ? " reading" : "",
5540 ++ reqmode & GR_WRITE ? " writing" : reqmode &
5541 ++ GR_APPEND ? " appending" : "");
5542 ++ return reqmode;
5543 ++ } else
5544 ++ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
5545 ++ {
5546 ++ gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
5547 ++ reqmode & GR_READ ? " reading" : "",
5548 ++ reqmode & GR_WRITE ? " writing" : reqmode &
5549 ++ GR_APPEND ? " appending" : "");
5550 ++ return 0;
5551 ++ } else if (unlikely((mode & reqmode) != reqmode))
5552 + return 0;
5553 -+#endif
5554 +
5555 -+ read_lock(&tasklist_lock);
5556 -+ read_lock(&grsec_exec_file_lock);
5557 -+ filp = task->exec_file;
5558 ++ return reqmode;
5559 ++}
5560 +
5561 -+ while (task_pid_nr(tmp) > 0) {
5562 -+ if (tmp == curtemp)
5563 -+ break;
5564 -+ tmp = tmp->real_parent;
5565 -+ }
5566 ++__u32
5567 ++gr_acl_handle_creat(const struct dentry * dentry,
5568 ++ const struct dentry * p_dentry,
5569 ++ const struct vfsmount * p_mnt, int open_flags, int acc_mode,
5570 ++ const int imode)
5571 ++{
5572 ++ __u32 reqmode = GR_WRITE | GR_CREATE;
5573 ++ __u32 mode;
5574 +
5575 -+ if (!filp || (task_pid_nr(tmp) == 0 && ((grsec_enable_harden_ptrace && gr_is_global_nonroot(current_uid()) && !(gr_status & GR_READY)) ||
5576 -+ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE))))) {
5577 -+ read_unlock(&grsec_exec_file_lock);
5578 -+ read_unlock(&tasklist_lock);
5579 -+ return 1;
5580 -+ }
5581 ++ if (acc_mode & MAY_APPEND)
5582 ++ reqmode |= GR_APPEND;
5583 ++ // if a directory was required or the directory already exists, then
5584 ++ // don't count this open as a read
5585 ++ if ((acc_mode & MAY_READ) &&
5586 ++ !((open_flags & O_DIRECTORY) || (dentry->d_inode && S_ISDIR(dentry->d_inode->i_mode))))
5587 ++ reqmode |= GR_READ;
5588 ++ if ((open_flags & O_CREAT) &&
5589 ++ ((imode & S_ISUID) || ((imode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))
5590 ++ reqmode |= GR_SETID;
5591 +
5592 -+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
5593 -+ if (!(gr_status & GR_READY)) {
5594 -+ read_unlock(&grsec_exec_file_lock);
5595 -+ read_unlock(&tasklist_lock);
5596 ++ mode =
5597 ++ gr_check_create(dentry, p_dentry, p_mnt,
5598 ++ reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
5599 ++
5600 ++ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
5601 ++ gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
5602 ++ reqmode & GR_READ ? " reading" : "",
5603 ++ reqmode & GR_WRITE ? " writing" : reqmode &
5604 ++ GR_APPEND ? " appending" : "");
5605 ++ return reqmode;
5606 ++ } else
5607 ++ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
5608 ++ {
5609 ++ gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
5610 ++ reqmode & GR_READ ? " reading" : "",
5611 ++ reqmode & GR_WRITE ? " writing" : reqmode &
5612 ++ GR_APPEND ? " appending" : "");
5613 ++ return 0;
5614 ++ } else if (unlikely((mode & reqmode) != reqmode))
5615 + return 0;
5616 -+ }
5617 -+#endif
5618 +
5619 -+ retmode = gr_search_file(filp->f_path.dentry, GR_NOPTRACE, filp->f_path.mnt);
5620 -+ read_unlock(&grsec_exec_file_lock);
5621 -+ read_unlock(&tasklist_lock);
5622 ++ return reqmode;
5623 ++}
5624 +
5625 -+ if (retmode & GR_NOPTRACE)
5626 -+ return 1;
5627 ++__u32
5628 ++gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
5629 ++ const int fmode)
5630 ++{
5631 ++ __u32 mode, reqmode = GR_FIND;
5632 +
5633 -+ if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD)
5634 -+ && (current->acl != task->acl || (current->acl != current->role->root_label
5635 -+ && task_pid_nr(current) != task_pid_nr(task))))
5636 -+ return 1;
5637 ++ if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode))
5638 ++ reqmode |= GR_EXEC;
5639 ++ if (fmode & S_IWOTH)
5640 ++ reqmode |= GR_WRITE;
5641 ++ if (fmode & S_IROTH)
5642 ++ reqmode |= GR_READ;
5643 +
5644 -+ return 0;
5645 ++ mode =
5646 ++ gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
5647 ++ mnt);
5648 ++
5649 ++ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
5650 ++ gr_log_fs_rbac_mode3(GR_DO_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
5651 ++ reqmode & GR_READ ? " reading" : "",
5652 ++ reqmode & GR_WRITE ? " writing" : "",
5653 ++ reqmode & GR_EXEC ? " executing" : "");
5654 ++ return reqmode;
5655 ++ } else
5656 ++ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
5657 ++ {
5658 ++ gr_log_fs_rbac_mode3(GR_DONT_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
5659 ++ reqmode & GR_READ ? " reading" : "",
5660 ++ reqmode & GR_WRITE ? " writing" : "",
5661 ++ reqmode & GR_EXEC ? " executing" : "");
5662 ++ return 0;
5663 ++ } else if (unlikely((mode & reqmode) != reqmode))
5664 ++ return 0;
5665 ++
5666 ++ return reqmode;
5667 +}
5668 +
5669 -+void task_grsec_rbac(struct seq_file *m, struct task_struct *p)
5670 ++static __u32 generic_fs_handler(const struct dentry *dentry, const struct vfsmount *mnt, __u32 reqmode, const char *fmt)
5671 +{
5672 -+ if (unlikely(!(gr_status & GR_READY)))
5673 -+ return;
5674 ++ __u32 mode;
5675 +
5676 -+ if (!(current->role->roletype & GR_ROLE_GOD))
5677 -+ return;
5678 ++ mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt);
5679 +
5680 -+ seq_printf(m, "RBAC:\t%.64s:%c:%.950s\n",
5681 -+ p->role->rolename, gr_task_roletype_to_char(p),
5682 -+ p->acl->filename);
5683 ++ if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
5684 ++ gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, dentry, mnt);
5685 ++ return mode;
5686 ++ } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
5687 ++ gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, dentry, mnt);
5688 ++ return 0;
5689 ++ } else if (unlikely((mode & (reqmode)) != (reqmode)))
5690 ++ return 0;
5691 ++
5692 ++ return (reqmode);
5693 +}
5694 +
5695 -+int
5696 -+gr_handle_ptrace(struct task_struct *task, const long request)
5697 ++__u32
5698 ++gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
5699 +{
5700 -+ struct task_struct *tmp = task;
5701 -+ struct task_struct *curtemp = current;
5702 -+ __u32 retmode;
5703 ++ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG);
5704 ++}
5705 +
5706 -+#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
5707 -+ if (unlikely(!(gr_status & GR_READY)))
5708 -+ return 0;
5709 -+#endif
5710 -+ if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
5711 -+ read_lock(&tasklist_lock);
5712 -+ while (task_pid_nr(tmp) > 0) {
5713 -+ if (tmp == curtemp)
5714 -+ break;
5715 -+ tmp = tmp->real_parent;
5716 -+ }
5717 ++__u32
5718 ++gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt)
5719 ++{
5720 ++ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG);
5721 ++}
5722 +
5723 -+ if (task_pid_nr(tmp) == 0 && ((grsec_enable_harden_ptrace && gr_is_global_nonroot(current_uid()) && !(gr_status & GR_READY)) ||
5724 -+ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) {
5725 -+ read_unlock(&tasklist_lock);
5726 -+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
5727 -+ return 1;
5728 -+ }
5729 -+ read_unlock(&tasklist_lock);
5730 -+ }
5731 ++__u32
5732 ++gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt)
5733 ++{
5734 ++ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG);
5735 ++}
5736 +
5737 -+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
5738 -+ if (!(gr_status & GR_READY))
5739 -+ return 0;
5740 -+#endif
5741 ++__u32
5742 ++gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt)
5743 ++{
5744 ++ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG);
5745 ++}
5746 +
5747 -+ read_lock(&grsec_exec_file_lock);
5748 -+ if (unlikely(!task->exec_file)) {
5749 -+ read_unlock(&grsec_exec_file_lock);
5750 -+ return 0;
5751 -+ }
5752 ++__u32
5753 ++gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt,
5754 ++ umode_t *modeptr)
5755 ++{
5756 ++ umode_t mode;
5757 +
5758 -+ retmode = gr_search_file(task->exec_file->f_path.dentry, GR_PTRACERD | GR_NOPTRACE, task->exec_file->f_path.mnt);
5759 -+ read_unlock(&grsec_exec_file_lock);
5760 ++ *modeptr &= ~gr_acl_umask();
5761 ++ mode = *modeptr;
5762 +
5763 -+ if (retmode & GR_NOPTRACE) {
5764 -+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
5765 -+ return 1;
5766 -+ }
5767 -+
5768 -+ if (retmode & GR_PTRACERD) {
5769 -+ switch (request) {
5770 -+ case PTRACE_SEIZE:
5771 -+ case PTRACE_POKETEXT:
5772 -+ case PTRACE_POKEDATA:
5773 -+ case PTRACE_POKEUSR:
5774 -+#if !defined(CONFIG_PPC32) && !defined(CONFIG_PPC64) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA) && !defined(CONFIG_IA64)
5775 -+ case PTRACE_SETREGS:
5776 -+ case PTRACE_SETFPREGS:
5777 -+#endif
5778 -+#ifdef CONFIG_X86
5779 -+ case PTRACE_SETFPXREGS:
5780 -+#endif
5781 -+#ifdef CONFIG_ALTIVEC
5782 -+ case PTRACE_SETVRREGS:
5783 -+#endif
5784 -+ return 1;
5785 -+ default:
5786 -+ return 0;
5787 -+ }
5788 -+ } else if (!(current->acl->mode & GR_POVERRIDE) &&
5789 -+ !(current->role->roletype & GR_ROLE_GOD) &&
5790 -+ (current->acl != task->acl)) {
5791 -+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
5792 ++ if (unlikely(dentry->d_inode && S_ISSOCK(dentry->d_inode->i_mode)))
5793 + return 1;
5794 -+ }
5795 +
5796 -+ return 0;
5797 ++ if (unlikely(dentry->d_inode && !S_ISDIR(dentry->d_inode->i_mode) &&
5798 ++ ((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))) {
5799 ++ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
5800 ++ GR_CHMOD_ACL_MSG);
5801 ++ } else {
5802 ++ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG);
5803 ++ }
5804 +}
5805 +
5806 -+static int is_writable_mmap(const struct file *filp)
5807 ++__u32
5808 ++gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt)
5809 +{
5810 -+ struct task_struct *task = current;
5811 -+ struct acl_object_label *obj, *obj2;
5812 ++ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG);
5813 ++}
5814 +
5815 -+ if (gr_status & GR_READY && !(task->acl->mode & GR_OVERRIDE) &&
5816 -+ !task->is_writable && S_ISREG(filp->f_path.dentry->d_inode->i_mode) && (filp->f_path.mnt != shm_mnt || (filp->f_path.dentry->d_inode->i_nlink > 0))) {
5817 -+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
5818 -+ obj2 = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt,
5819 -+ task->role->root_label);
5820 -+ if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) {
5821 -+ gr_log_fs_generic(GR_DONT_AUDIT, GR_WRITLIB_ACL_MSG, filp->f_path.dentry, filp->f_path.mnt);
5822 -+ return 1;
5823 -+ }
5824 -+ }
5825 -+ return 0;
5826 ++__u32
5827 ++gr_acl_handle_setxattr(const struct dentry *dentry, const struct vfsmount *mnt)
5828 ++{
5829 ++ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_SETXATTR_ACL_MSG);
5830 +}
5831 +
5832 -+int
5833 -+gr_acl_handle_mmap(const struct file *file, const unsigned long prot)
5834 ++__u32
5835 ++gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
5836 +{
5837 -+ __u32 mode;
5838 ++ return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
5839 ++}
5840 +
5841 -+ if (unlikely(!file || !(prot & PROT_EXEC)))
5842 -+ return 1;
5843 ++__u32
5844 ++gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt)
5845 ++{
5846 ++ return generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE,
5847 ++ GR_UNIXCONNECT_ACL_MSG);
5848 ++}
5849 +
5850 -+ if (is_writable_mmap(file))
5851 -+ return 0;
5852 ++/* hardlinks require at minimum create and link permission,
5853 ++ any additional privilege required is based on the
5854 ++ privilege of the file being linked to
5855 ++*/
5856 ++__u32
5857 ++gr_acl_handle_link(const struct dentry * new_dentry,
5858 ++ const struct dentry * parent_dentry,
5859 ++ const struct vfsmount * parent_mnt,
5860 ++ const struct dentry * old_dentry,
5861 ++ const struct vfsmount * old_mnt, const struct filename *to)
5862 ++{
5863 ++ __u32 mode;
5864 ++ __u32 needmode = GR_CREATE | GR_LINK;
5865 ++ __u32 needaudit = GR_AUDIT_CREATE | GR_AUDIT_LINK;
5866 +
5867 + mode =
5868 -+ gr_search_file(file->f_path.dentry,
5869 -+ GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
5870 -+ file->f_path.mnt);
5871 -+
5872 -+ if (!gr_tpe_allow(file))
5873 -+ return 0;
5874 ++ gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry,
5875 ++ old_mnt);
5876 +
5877 -+ if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
5878 -+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
5879 ++ if (unlikely(((mode & needmode) == needmode) && (mode & needaudit))) {
5880 ++ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to->name);
5881 ++ return mode;
5882 ++ } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
5883 ++ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to->name);
5884 + return 0;
5885 -+ } else if (unlikely(!(mode & GR_EXEC))) {
5886 ++ } else if (unlikely((mode & needmode) != needmode))
5887 + return 0;
5888 -+ } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
5889 -+ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
5890 -+ return 1;
5891 -+ }
5892 +
5893 + return 1;
5894 +}
5895 +
5896 -+int
5897 -+gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
5898 ++__u32
5899 ++gr_acl_handle_symlink(const struct dentry * new_dentry,
5900 ++ const struct dentry * parent_dentry,
5901 ++ const struct vfsmount * parent_mnt, const struct filename *from)
5902 +{
5903 ++ __u32 needmode = GR_WRITE | GR_CREATE;
5904 + __u32 mode;
5905 +
5906 -+ if (unlikely(!file || !(prot & PROT_EXEC)))
5907 -+ return 1;
5908 ++ mode =
5909 ++ gr_check_create(new_dentry, parent_dentry, parent_mnt,
5910 ++ GR_CREATE | GR_AUDIT_CREATE |
5911 ++ GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS);
5912 +
5913 -+ if (is_writable_mmap(file))
5914 ++ if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) {
5915 ++ gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from->name, new_dentry, parent_mnt);
5916 ++ return mode;
5917 ++ } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
5918 ++ gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from->name, new_dentry, parent_mnt);
5919 ++ return 0;
5920 ++ } else if (unlikely((mode & needmode) != needmode))
5921 + return 0;
5922 +
5923 -+ mode =
5924 -+ gr_search_file(file->f_path.dentry,
5925 -+ GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
5926 -+ file->f_path.mnt);
5927 ++ return (GR_WRITE | GR_CREATE);
5928 ++}
5929 +
5930 -+ if (!gr_tpe_allow(file))
5931 -+ return 0;
5932 ++static __u32 generic_fs_create_handler(const struct dentry *new_dentry, const struct dentry *parent_dentry, const struct vfsmount *parent_mnt, __u32 reqmode, const char *fmt)
5933 ++{
5934 ++ __u32 mode;
5935 +
5936 -+ if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
5937 -+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
5938 ++ mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
5939 ++
5940 ++ if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
5941 ++ gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, new_dentry, parent_mnt);
5942 ++ return mode;
5943 ++ } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
5944 ++ gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, new_dentry, parent_mnt);
5945 + return 0;
5946 -+ } else if (unlikely(!(mode & GR_EXEC))) {
5947 ++ } else if (unlikely((mode & (reqmode)) != (reqmode)))
5948 + return 0;
5949 -+ } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
5950 -+ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
5951 -+ return 1;
5952 -+ }
5953 +
5954 -+ return 1;
5955 ++ return (reqmode);
5956 +}
5957 +
5958 -+void
5959 -+gr_acl_handle_psacct(struct task_struct *task, const long code)
5960 ++__u32
5961 ++gr_acl_handle_mknod(const struct dentry * new_dentry,
5962 ++ const struct dentry * parent_dentry,
5963 ++ const struct vfsmount * parent_mnt,
5964 ++ const int mode)
5965 +{
5966 -+ unsigned long runtime;
5967 -+ unsigned long cputime;
5968 -+ unsigned int wday, cday;
5969 -+ __u8 whr, chr;
5970 -+ __u8 wmin, cmin;
5971 -+ __u8 wsec, csec;
5972 -+ struct timespec timeval;
5973 -+
5974 -+ if (unlikely(!(gr_status & GR_READY) || !task->acl ||
5975 -+ !(task->acl->mode & GR_PROCACCT)))
5976 -+ return;
5977 -+
5978 -+ do_posix_clock_monotonic_gettime(&timeval);
5979 -+ runtime = timeval.tv_sec - task->start_time.tv_sec;
5980 -+ wday = runtime / (3600 * 24);
5981 -+ runtime -= wday * (3600 * 24);
5982 -+ whr = runtime / 3600;
5983 -+ runtime -= whr * 3600;
5984 -+ wmin = runtime / 60;
5985 -+ runtime -= wmin * 60;
5986 -+ wsec = runtime;
5987 -+
5988 -+ cputime = (task->utime + task->stime) / HZ;
5989 -+ cday = cputime / (3600 * 24);
5990 -+ cputime -= cday * (3600 * 24);
5991 -+ chr = cputime / 3600;
5992 -+ cputime -= chr * 3600;
5993 -+ cmin = cputime / 60;
5994 -+ cputime -= cmin * 60;
5995 -+ csec = cputime;
5996 -+
5997 -+ gr_log_procacct(GR_DO_AUDIT, GR_ACL_PROCACCT_MSG, task, wday, whr, wmin, wsec, cday, chr, cmin, csec, code);
5998 -+
5999 -+ return;
6000 -+}
6001 ++ __u32 reqmode = GR_WRITE | GR_CREATE;
6002 ++ if (unlikely((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))
6003 ++ reqmode |= GR_SETID;
6004 +
6005 -+void gr_set_kernel_label(struct task_struct *task)
6006 -+{
6007 -+ if (gr_status & GR_READY) {
6008 -+ task->role = kernel_role;
6009 -+ task->acl = kernel_role->root_label;
6010 -+ }
6011 -+ return;
6012 ++ return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
6013 ++ reqmode, GR_MKNOD_ACL_MSG);
6014 +}
6015 +
6016 -+#ifdef CONFIG_TASKSTATS
6017 -+int gr_is_taskstats_denied(int pid)
6018 ++__u32
6019 ++gr_acl_handle_mkdir(const struct dentry *new_dentry,
6020 ++ const struct dentry *parent_dentry,
6021 ++ const struct vfsmount *parent_mnt)
6022 +{
6023 -+ struct task_struct *task;
6024 -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
6025 -+ const struct cred *cred;
6026 -+#endif
6027 -+ int ret = 0;
6028 -+
6029 -+ /* restrict taskstats viewing to un-chrooted root users
6030 -+ who have the 'view' subject flag if the RBAC system is enabled
6031 -+ */
6032 -+
6033 -+ rcu_read_lock();
6034 -+ read_lock(&tasklist_lock);
6035 -+ task = find_task_by_vpid(pid);
6036 -+ if (task) {
6037 -+#ifdef CONFIG_GRKERNSEC_CHROOT
6038 -+ if (proc_is_chrooted(task))
6039 -+ ret = -EACCES;
6040 -+#endif
6041 -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
6042 -+ cred = __task_cred(task);
6043 -+#ifdef CONFIG_GRKERNSEC_PROC_USER
6044 -+ if (gr_is_global_nonroot(cred->uid))
6045 -+ ret = -EACCES;
6046 -+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
6047 -+ if (gr_is_global_nonroot(cred->uid) && !groups_search(cred->group_info, grsec_proc_gid))
6048 -+ ret = -EACCES;
6049 -+#endif
6050 -+#endif
6051 -+ if (gr_status & GR_READY) {
6052 -+ if (!(task->acl->mode & GR_VIEW))
6053 -+ ret = -EACCES;
6054 -+ }
6055 -+ } else
6056 -+ ret = -ENOENT;
6057 -+
6058 -+ read_unlock(&tasklist_lock);
6059 -+ rcu_read_unlock();
6060 -+
6061 -+ return ret;
6062 ++ return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
6063 ++ GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG);
6064 +}
6065 -+#endif
6066 -+
6067 -+/* AUXV entries are filled via a descendant of search_binary_handler
6068 -+ after we've already applied the subject for the target
6069 -+*/
6070 -+int gr_acl_enable_at_secure(void)
6071 -+{
6072 -+ if (unlikely(!(gr_status & GR_READY)))
6073 -+ return 0;
6074 +
6075 -+ if (current->acl->mode & GR_ATSECURE)
6076 -+ return 1;
6077 ++#define RENAME_CHECK_SUCCESS(old, new) \
6078 ++ (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \
6079 ++ ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)))
6080 +
6081 -+ return 0;
6082 -+}
6083 -+
6084 -+int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino)
6085 ++int
6086 ++gr_acl_handle_rename(struct dentry *new_dentry,
6087 ++ struct dentry *parent_dentry,
6088 ++ const struct vfsmount *parent_mnt,
6089 ++ struct dentry *old_dentry,
6090 ++ struct inode *old_parent_inode,
6091 ++ struct vfsmount *old_mnt, const struct filename *newname)
6092 +{
6093 -+ struct task_struct *task = current;
6094 -+ struct dentry *dentry = file->f_path.dentry;
6095 -+ struct vfsmount *mnt = file->f_path.mnt;
6096 -+ struct acl_object_label *obj, *tmp;
6097 -+ struct acl_subject_label *subj;
6098 -+ unsigned int bufsize;
6099 -+ int is_not_root;
6100 -+ char *path;
6101 -+ dev_t dev = __get_dev(dentry);
6102 -+
6103 -+ if (unlikely(!(gr_status & GR_READY)))
6104 -+ return 1;
6105 -+
6106 -+ if (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))
6107 -+ return 1;
6108 -+
6109 -+ /* ignore Eric Biederman */
6110 -+ if (IS_PRIVATE(dentry->d_inode))
6111 -+ return 1;
6112 -+
6113 -+ subj = task->acl;
6114 -+ read_lock(&gr_inode_lock);
6115 -+ do {
6116 -+ obj = lookup_acl_obj_label(ino, dev, subj);
6117 -+ if (obj != NULL) {
6118 -+ read_unlock(&gr_inode_lock);
6119 -+ return (obj->mode & GR_FIND) ? 1 : 0;
6120 -+ }
6121 -+ } while ((subj = subj->parent_subject));
6122 -+ read_unlock(&gr_inode_lock);
6123 -+
6124 -+ /* this is purely an optimization since we're looking for an object
6125 -+ for the directory we're doing a readdir on
6126 -+ if it's possible for any globbed object to match the entry we're
6127 -+ filling into the directory, then the object we find here will be
6128 -+ an anchor point with attached globbed objects
6129 -+ */
6130 -+ obj = chk_obj_label_noglob(dentry, mnt, task->acl);
6131 -+ if (obj->globbed == NULL)
6132 -+ return (obj->mode & GR_FIND) ? 1 : 0;
6133 -+
6134 -+ is_not_root = ((obj->filename[0] == '/') &&
6135 -+ (obj->filename[1] == '\0')) ? 0 : 1;
6136 -+ bufsize = PAGE_SIZE - namelen - is_not_root;
6137 -+
6138 -+ /* check bufsize > PAGE_SIZE || bufsize == 0 */
6139 -+ if (unlikely((bufsize - 1) > (PAGE_SIZE - 1)))
6140 -+ return 1;
6141 ++ __u32 comp1, comp2;
6142 ++ int error = 0;
6143 +
6144 -+ preempt_disable();
6145 -+ path = d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
6146 -+ bufsize);
6147 ++ if (unlikely(!gr_acl_is_enabled()))
6148 ++ return 0;
6149 +
6150 -+ bufsize = strlen(path);
6151 ++ if (!new_dentry->d_inode) {
6152 ++ comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt,
6153 ++ GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ |
6154 ++ GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS);
6155 ++ comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE |
6156 ++ GR_DELETE | GR_AUDIT_DELETE |
6157 ++ GR_AUDIT_READ | GR_AUDIT_WRITE |
6158 ++ GR_SUPPRESS, old_mnt);
6159 ++ } else {
6160 ++ comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
6161 ++ GR_CREATE | GR_DELETE |
6162 ++ GR_AUDIT_CREATE | GR_AUDIT_DELETE |
6163 ++ GR_AUDIT_READ | GR_AUDIT_WRITE |
6164 ++ GR_SUPPRESS, parent_mnt);
6165 ++ comp2 =
6166 ++ gr_search_file(old_dentry,
6167 ++ GR_READ | GR_WRITE | GR_AUDIT_READ |
6168 ++ GR_DELETE | GR_AUDIT_DELETE |
6169 ++ GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
6170 ++ }
6171 +
6172 -+ /* if base is "/", don't append an additional slash */
6173 -+ if (is_not_root)
6174 -+ *(path + bufsize) = '/';
6175 -+ memcpy(path + bufsize + is_not_root, name, namelen);
6176 -+ *(path + bufsize + namelen + is_not_root) = '\0';
6177 ++ if (RENAME_CHECK_SUCCESS(comp1, comp2) &&
6178 ++ ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS)))
6179 ++ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname->name);
6180 ++ else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS)
6181 ++ && !(comp2 & GR_SUPPRESS)) {
6182 ++ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname->name);
6183 ++ error = -EACCES;
6184 ++ } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2)))
6185 ++ error = -EACCES;
6186 +
6187 -+ tmp = obj->globbed;
6188 -+ while (tmp) {
6189 -+ if (!glob_match(tmp->filename, path)) {
6190 -+ preempt_enable();
6191 -+ return (tmp->mode & GR_FIND) ? 1 : 0;
6192 -+ }
6193 -+ tmp = tmp->next;
6194 -+ }
6195 -+ preempt_enable();
6196 -+ return (obj->mode & GR_FIND) ? 1 : 0;
6197 ++ return error;
6198 +}
6199 +
6200 -+void gr_put_exec_file(struct task_struct *task)
6201 ++void
6202 ++gr_acl_handle_exit(void)
6203 +{
6204 -+ struct file *filp;
6205 -+
6206 -+ write_lock(&grsec_exec_file_lock);
6207 -+ filp = task->exec_file;
6208 -+ task->exec_file = NULL;
6209 -+ write_unlock(&grsec_exec_file_lock);
6210 ++ u16 id;
6211 ++ char *rolename;
6212 +
6213 -+ if (filp)
6214 -+ fput(filp);
6215 ++ if (unlikely(current->acl_sp_role && gr_acl_is_enabled() &&
6216 ++ !(current->role->roletype & GR_ROLE_PERSIST))) {
6217 ++ id = current->acl_role_id;
6218 ++ rolename = current->role->rolename;
6219 ++ gr_set_acls(1);
6220 ++ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id);
6221 ++ }
6222 +
6223 ++ gr_put_exec_file(current);
6224 + return;
6225 +}
6226 +
6227 ++int
6228 ++gr_acl_handle_procpidmem(const struct task_struct *task)
6229 ++{
6230 ++ if (unlikely(!gr_acl_is_enabled()))
6231 ++ return 0;
6232 +
6233 -+#ifdef CONFIG_NETFILTER_XT_MATCH_GRADM_MODULE
6234 -+EXPORT_SYMBOL(gr_acl_is_enabled);
6235 -+#endif
6236 -+EXPORT_SYMBOL(gr_set_kernel_label);
6237 -+#ifdef CONFIG_SECURITY
6238 -+EXPORT_SYMBOL(gr_check_user_change);
6239 -+EXPORT_SYMBOL(gr_check_group_change);
6240 -+#endif
6241 ++ if (task != current && task->acl->mode & GR_PROTPROCFD)
6242 ++ return -EACCES;
6243 +
6244 -diff --git a/grsecurity/gracl_alloc.c b/grsecurity/gracl_alloc.c
6245 ++ return 0;
6246 ++}
6247 +diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
6248 new file mode 100644
6249 -index 0000000..34fefda
6250 +index 0000000..f056b81
6251 --- /dev/null
6252 -+++ b/grsecurity/gracl_alloc.c
6253 -@@ -0,0 +1,105 @@
6254 ++++ b/grsecurity/gracl_ip.c
6255 +@@ -0,0 +1,386 @@
6256 +#include <linux/kernel.h>
6257 -+#include <linux/mm.h>
6258 -+#include <linux/slab.h>
6259 -+#include <linux/vmalloc.h>
6260 ++#include <asm/uaccess.h>
6261 ++#include <asm/errno.h>
6262 ++#include <net/sock.h>
6263 ++#include <linux/file.h>
6264 ++#include <linux/fs.h>
6265 ++#include <linux/net.h>
6266 ++#include <linux/in.h>
6267 ++#include <linux/skbuff.h>
6268 ++#include <linux/ip.h>
6269 ++#include <linux/udp.h>
6270 ++#include <linux/types.h>
6271 ++#include <linux/sched.h>
6272 ++#include <linux/netdevice.h>
6273 ++#include <linux/inetdevice.h>
6274 +#include <linux/gracl.h>
6275 +#include <linux/grsecurity.h>
6276 ++#include <linux/grinternal.h>
6277 +
6278 -+static unsigned long alloc_stack_next = 1;
6279 -+static unsigned long alloc_stack_size = 1;
6280 -+static void **alloc_stack;
6281 ++#define GR_BIND 0x01
6282 ++#define GR_CONNECT 0x02
6283 ++#define GR_INVERT 0x04
6284 ++#define GR_BINDOVERRIDE 0x08
6285 ++#define GR_CONNECTOVERRIDE 0x10
6286 ++#define GR_SOCK_FAMILY 0x20
6287 +
6288 -+static __inline__ int
6289 -+alloc_pop(void)
6290 -+{
6291 -+ if (alloc_stack_next == 1)
6292 -+ return 0;
6293 ++static const char * gr_protocols[IPPROTO_MAX] = {
6294 ++ "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt",
6295 ++ "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet",
6296 ++ "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1",
6297 ++ "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp",
6298 ++ "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++",
6299 ++ "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre",
6300 ++ "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile",
6301 ++ "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63",
6302 ++ "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv",
6303 ++ "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak",
6304 ++ "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf",
6305 ++ "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp",
6306 ++ "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim",
6307 ++ "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip",
6308 ++ "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp",
6309 ++ "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup",
6310 ++ "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135",
6311 ++ "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143",
6312 ++ "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151",
6313 ++ "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159",
6314 ++ "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167",
6315 ++ "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175",
6316 ++ "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183",
6317 ++ "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191",
6318 ++ "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199",
6319 ++ "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207",
6320 ++ "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215",
6321 ++ "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223",
6322 ++ "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231",
6323 ++ "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239",
6324 ++ "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247",
6325 ++ "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255",
6326 ++ };
6327 +
6328 -+ kfree(alloc_stack[alloc_stack_next - 2]);
6329 ++static const char * gr_socktypes[SOCK_MAX] = {
6330 ++ "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6",
6331 ++ "unknown:7", "unknown:8", "unknown:9", "packet"
6332 ++ };
6333 +
6334 -+ alloc_stack_next--;
6335 ++static const char * gr_sockfamilies[AF_MAX+1] = {
6336 ++ "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25",
6337 ++ "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash",
6338 ++ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28",
6339 ++ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf"
6340 ++ };
6341 +
6342 -+ return 1;
6343 ++const char *
6344 ++gr_proto_to_name(unsigned char proto)
6345 ++{
6346 ++ return gr_protocols[proto];
6347 +}
6348 +
6349 -+static __inline__ int
6350 -+alloc_push(void *buf)
6351 ++const char *
6352 ++gr_socktype_to_name(unsigned char type)
6353 +{
6354 -+ if (alloc_stack_next >= alloc_stack_size)
6355 -+ return 1;
6356 -+
6357 -+ alloc_stack[alloc_stack_next - 1] = buf;
6358 -+
6359 -+ alloc_stack_next++;
6360 ++ return gr_socktypes[type];
6361 ++}
6362 +
6363 -+ return 0;
6364 ++const char *
6365 ++gr_sockfamily_to_name(unsigned char family)
6366 ++{
6367 ++ return gr_sockfamilies[family];
6368 +}
6369 +
6370 -+void *
6371 -+acl_alloc(unsigned long len)
6372 ++extern const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
6373 ++
6374 ++int
6375 ++gr_search_socket(const int domain, const int type, const int protocol)
6376 +{
6377 -+ void *ret = NULL;
6378 ++ struct acl_subject_label *curr;
6379 ++ const struct cred *cred = current_cred();
6380 +
6381 -+ if (!len || len > PAGE_SIZE)
6382 -+ goto out;
6383 ++ if (unlikely(!gr_acl_is_enabled()))
6384 ++ goto exit;
6385 +
6386 -+ ret = kmalloc(len, GFP_KERNEL);
6387 ++ if ((domain < 0) || (type < 0) || (protocol < 0) ||
6388 ++ (domain >= AF_MAX) || (type >= SOCK_MAX) || (protocol >= IPPROTO_MAX))
6389 ++ goto exit; // let the kernel handle it
6390 +
6391 -+ if (ret) {
6392 -+ if (alloc_push(ret)) {
6393 -+ kfree(ret);
6394 -+ ret = NULL;
6395 ++ curr = current->acl;
6396 ++
6397 ++ if (curr->sock_families[domain / 32] & (1U << (domain % 32))) {
6398 ++ /* the family is allowed, if this is PF_INET allow it only if
6399 ++ the extra sock type/protocol checks pass */
6400 ++ if (domain == PF_INET)
6401 ++ goto inet_check;
6402 ++ goto exit;
6403 ++ } else {
6404 ++ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
6405 ++ __u32 fakeip = 0;
6406 ++ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
6407 ++ current->role->roletype, GR_GLOBAL_UID(cred->uid),
6408 ++ GR_GLOBAL_GID(cred->gid), current->exec_file ?
6409 ++ gr_to_filename(current->exec_file->f_path.dentry,
6410 ++ current->exec_file->f_path.mnt) :
6411 ++ curr->filename, curr->filename,
6412 ++ &fakeip, domain, 0, 0, GR_SOCK_FAMILY,
6413 ++ &current->signal->saved_ip);
6414 ++ goto exit;
6415 + }
6416 ++ goto exit_fail;
6417 + }
6418 +
6419 -+out:
6420 -+ return ret;
6421 -+}
6422 ++inet_check:
6423 ++ /* the rest of this checking is for IPv4 only */
6424 ++ if (!curr->ips)
6425 ++ goto exit;
6426 +
6427 -+void *
6428 -+acl_alloc_num(unsigned long num, unsigned long len)
6429 -+{
6430 -+ if (!len || (num > (PAGE_SIZE / len)))
6431 -+ return NULL;
6432 ++ if ((curr->ip_type & (1U << type)) &&
6433 ++ (curr->ip_proto[protocol / 32] & (1U << (protocol % 32))))
6434 ++ goto exit;
6435 +
6436 -+ return acl_alloc(num * len);
6437 -+}
6438 ++ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
6439 ++ /* we don't place acls on raw sockets , and sometimes
6440 ++ dgram/ip sockets are opened for ioctl and not
6441 ++ bind/connect, so we'll fake a bind learn log */
6442 ++ if (type == SOCK_RAW || type == SOCK_PACKET) {
6443 ++ __u32 fakeip = 0;
6444 ++ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
6445 ++ current->role->roletype, GR_GLOBAL_UID(cred->uid),
6446 ++ GR_GLOBAL_GID(cred->gid), current->exec_file ?
6447 ++ gr_to_filename(current->exec_file->f_path.dentry,
6448 ++ current->exec_file->f_path.mnt) :
6449 ++ curr->filename, curr->filename,
6450 ++ &fakeip, 0, type,
6451 ++ protocol, GR_CONNECT, &current->signal->saved_ip);
6452 ++ } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
6453 ++ __u32 fakeip = 0;
6454 ++ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
6455 ++ current->role->roletype, GR_GLOBAL_UID(cred->uid),
6456 ++ GR_GLOBAL_GID(cred->gid), current->exec_file ?
6457 ++ gr_to_filename(current->exec_file->f_path.dentry,
6458 ++ current->exec_file->f_path.mnt) :
6459 ++ curr->filename, curr->filename,
6460 ++ &fakeip, 0, type,
6461 ++ protocol, GR_BIND, &current->signal->saved_ip);
6462 ++ }
6463 ++ /* we'll log when they use connect or bind */
6464 ++ goto exit;
6465 ++ }
6466 +
6467 -+void
6468 -+acl_free_all(void)
6469 -+{
6470 -+ if (gr_acl_is_enabled() || !alloc_stack)
6471 -+ return;
6472 ++exit_fail:
6473 ++ if (domain == PF_INET)
6474 ++ gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(domain),
6475 ++ gr_socktype_to_name(type), gr_proto_to_name(protocol));
6476 ++ else if (rcu_access_pointer(net_families[domain]) != NULL)
6477 ++ gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(domain),
6478 ++ gr_socktype_to_name(type), protocol);
6479 +
6480 -+ while (alloc_pop()) ;
6481 ++ return 0;
6482 ++exit:
6483 ++ return 1;
6484 ++}
6485 +
6486 -+ if (alloc_stack) {
6487 -+ if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
6488 -+ kfree(alloc_stack);
6489 ++int check_ip_policy(struct acl_ip_label *ip, __u32 ip_addr, __u16 ip_port, __u8 protocol, const int mode, const int type, __u32 our_addr, __u32 our_netmask)
6490 ++{
6491 ++ if ((ip->mode & mode) &&
6492 ++ (ip_port >= ip->low) &&
6493 ++ (ip_port <= ip->high) &&
6494 ++ ((ntohl(ip_addr) & our_netmask) ==
6495 ++ (ntohl(our_addr) & our_netmask))
6496 ++ && (ip->proto[protocol / 32] & (1U << (protocol % 32)))
6497 ++ && (ip->type & (1U << type))) {
6498 ++ if (ip->mode & GR_INVERT)
6499 ++ return 2; // specifically denied
6500 + else
6501 -+ vfree(alloc_stack);
6502 ++ return 1; // allowed
6503 + }
6504 +
6505 -+ alloc_stack = NULL;
6506 -+ alloc_stack_size = 1;
6507 -+ alloc_stack_next = 1;
6508 -+
6509 -+ return;
6510 ++ return 0; // not specifically allowed, may continue parsing
6511 +}
6512 +
6513 -+int
6514 -+acl_alloc_stack_init(unsigned long size)
6515 ++static int
6516 ++gr_search_connectbind(const int full_mode, struct sock *sk,
6517 ++ struct sockaddr_in *addr, const int type)
6518 +{
6519 -+ if ((size * sizeof (void *)) <= PAGE_SIZE)
6520 -+ alloc_stack =
6521 -+ (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
6522 -+ else
6523 -+ alloc_stack = (void **) vmalloc(size * sizeof (void *));
6524 -+
6525 -+ alloc_stack_size = size;
6526 ++ char iface[IFNAMSIZ] = {0};
6527 ++ struct acl_subject_label *curr;
6528 ++ struct acl_ip_label *ip;
6529 ++ struct inet_sock *isk;
6530 ++ struct net_device *dev;
6531 ++ struct in_device *idev;
6532 ++ unsigned long i;
6533 ++ int ret;
6534 ++ int mode = full_mode & (GR_BIND | GR_CONNECT);
6535 ++ __u32 ip_addr = 0;
6536 ++ __u32 our_addr;
6537 ++ __u32 our_netmask;
6538 ++ char *p;
6539 ++ __u16 ip_port = 0;
6540 ++ const struct cred *cred = current_cred();
6541 +
6542 -+ if (!alloc_stack)
6543 ++ if (unlikely(!gr_acl_is_enabled() || sk->sk_family != PF_INET))
6544 + return 0;
6545 -+ else
6546 -+ return 1;
6547 -+}
6548 -diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c
6549 -new file mode 100644
6550 -index 0000000..bdd51ea
6551 ---- /dev/null
6552 -+++ b/grsecurity/gracl_cap.c
6553 -@@ -0,0 +1,110 @@
6554 -+#include <linux/kernel.h>
6555 -+#include <linux/module.h>
6556 -+#include <linux/sched.h>
6557 -+#include <linux/gracl.h>
6558 -+#include <linux/grsecurity.h>
6559 -+#include <linux/grinternal.h>
6560 +
6561 -+extern const char *captab_log[];
6562 -+extern int captab_log_entries;
6563 ++ curr = current->acl;
6564 ++ isk = inet_sk(sk);
6565 +
6566 -+int gr_task_acl_is_capable(const struct task_struct *task, const struct cred *cred, const int cap)
6567 -+{
6568 -+ struct acl_subject_label *curracl;
6569 -+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
6570 -+ kernel_cap_t cap_audit = __cap_empty_set;
6571 -+
6572 -+ if (!gr_acl_is_enabled())
6573 -+ return 1;
6574 ++ /* INADDR_ANY overriding for binds, inaddr_any_override is already in network order */
6575 ++ if ((full_mode & GR_BINDOVERRIDE) && addr->sin_addr.s_addr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0)
6576 ++ addr->sin_addr.s_addr = curr->inaddr_any_override;
6577 ++ if ((full_mode & GR_CONNECT) && isk->inet_saddr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0) {
6578 ++ struct sockaddr_in saddr;
6579 ++ int err;
6580 +
6581 -+ curracl = task->acl;
6582 ++ saddr.sin_family = AF_INET;
6583 ++ saddr.sin_addr.s_addr = curr->inaddr_any_override;
6584 ++ saddr.sin_port = isk->inet_sport;
6585 +
6586 -+ cap_drop = curracl->cap_lower;
6587 -+ cap_mask = curracl->cap_mask;
6588 -+ cap_audit = curracl->cap_invert_audit;
6589 ++ err = security_socket_bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
6590 ++ if (err)
6591 ++ return err;
6592 +
6593 -+ while ((curracl = curracl->parent_subject)) {
6594 -+ /* if the cap isn't specified in the current computed mask but is specified in the
6595 -+ current level subject, and is lowered in the current level subject, then add
6596 -+ it to the set of dropped capabilities
6597 -+ otherwise, add the current level subject's mask to the current computed mask
6598 -+ */
6599 -+ if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
6600 -+ cap_raise(cap_mask, cap);
6601 -+ if (cap_raised(curracl->cap_lower, cap))
6602 -+ cap_raise(cap_drop, cap);
6603 -+ if (cap_raised(curracl->cap_invert_audit, cap))
6604 -+ cap_raise(cap_audit, cap);
6605 -+ }
6606 ++ err = sk->sk_socket->ops->bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
6607 ++ if (err)
6608 ++ return err;
6609 + }
6610 +
6611 -+ if (!cap_raised(cap_drop, cap)) {
6612 -+ if (cap_raised(cap_audit, cap))
6613 -+ gr_log_cap(GR_DO_AUDIT, GR_CAP_ACL_MSG2, task, captab_log[cap]);
6614 -+ return 1;
6615 -+ }
6616 ++ if (!curr->ips)
6617 ++ return 0;
6618 +
6619 -+ curracl = task->acl;
6620 ++ ip_addr = addr->sin_addr.s_addr;
6621 ++ ip_port = ntohs(addr->sin_port);
6622 +
6623 -+ if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN))
6624 -+ && cap_raised(cred->cap_effective, cap)) {
6625 -+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
6626 -+ task->role->roletype, GR_GLOBAL_UID(cred->uid),
6627 -+ GR_GLOBAL_GID(cred->gid), task->exec_file ?
6628 -+ gr_to_filename(task->exec_file->f_path.dentry,
6629 -+ task->exec_file->f_path.mnt) : curracl->filename,
6630 -+ curracl->filename, 0UL,
6631 -+ 0UL, "", (unsigned long) cap, &task->signal->saved_ip);
6632 -+ return 1;
6633 ++ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
6634 ++ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
6635 ++ current->role->roletype, GR_GLOBAL_UID(cred->uid),
6636 ++ GR_GLOBAL_GID(cred->gid), current->exec_file ?
6637 ++ gr_to_filename(current->exec_file->f_path.dentry,
6638 ++ current->exec_file->f_path.mnt) :
6639 ++ curr->filename, curr->filename,
6640 ++ &ip_addr, ip_port, type,
6641 ++ sk->sk_protocol, mode, &current->signal->saved_ip);
6642 ++ return 0;
6643 + }
6644 +
6645 -+ if ((cap >= 0) && (cap < captab_log_entries) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
6646 -+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
6647 -+
6648 -+ return 0;
6649 -+}
6650 -+
6651 -+int
6652 -+gr_acl_is_capable(const int cap)
6653 -+{
6654 -+ return gr_task_acl_is_capable(current, current_cred(), cap);
6655 -+}
6656 -+
6657 -+int gr_task_acl_is_capable_nolog(const struct task_struct *task, const int cap)
6658 -+{
6659 -+ struct acl_subject_label *curracl;
6660 -+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
6661 -+
6662 -+ if (!gr_acl_is_enabled())
6663 -+ return 1;
6664 -+
6665 -+ curracl = task->acl;
6666 -+
6667 -+ cap_drop = curracl->cap_lower;
6668 -+ cap_mask = curracl->cap_mask;
6669 -+
6670 -+ while ((curracl = curracl->parent_subject)) {
6671 -+ /* if the cap isn't specified in the current computed mask but is specified in the
6672 -+ current level subject, and is lowered in the current level subject, then add
6673 -+ it to the set of dropped capabilities
6674 -+ otherwise, add the current level subject's mask to the current computed mask
6675 -+ */
6676 -+ if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
6677 -+ cap_raise(cap_mask, cap);
6678 -+ if (cap_raised(curracl->cap_lower, cap))
6679 -+ cap_raise(cap_drop, cap);
6680 ++ for (i = 0; i < curr->ip_num; i++) {
6681 ++ ip = *(curr->ips + i);
6682 ++ if (ip->iface != NULL) {
6683 ++ strncpy(iface, ip->iface, IFNAMSIZ - 1);
6684 ++ p = strchr(iface, ':');
6685 ++ if (p != NULL)
6686 ++ *p = '\0';
6687 ++ dev = dev_get_by_name(sock_net(sk), iface);
6688 ++ if (dev == NULL)
6689 ++ continue;
6690 ++ idev = in_dev_get(dev);
6691 ++ if (idev == NULL) {
6692 ++ dev_put(dev);
6693 ++ continue;
6694 ++ }
6695 ++ rcu_read_lock();
6696 ++ for_ifa(idev) {
6697 ++ if (!strcmp(ip->iface, ifa->ifa_label)) {
6698 ++ our_addr = ifa->ifa_address;
6699 ++ our_netmask = 0xffffffff;
6700 ++ ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
6701 ++ if (ret == 1) {
6702 ++ rcu_read_unlock();
6703 ++ in_dev_put(idev);
6704 ++ dev_put(dev);
6705 ++ return 0;
6706 ++ } else if (ret == 2) {
6707 ++ rcu_read_unlock();
6708 ++ in_dev_put(idev);
6709 ++ dev_put(dev);
6710 ++ goto denied;
6711 ++ }
6712 ++ }
6713 ++ } endfor_ifa(idev);
6714 ++ rcu_read_unlock();
6715 ++ in_dev_put(idev);
6716 ++ dev_put(dev);
6717 ++ } else {
6718 ++ our_addr = ip->addr;
6719 ++ our_netmask = ip->netmask;
6720 ++ ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
6721 ++ if (ret == 1)
6722 ++ return 0;
6723 ++ else if (ret == 2)
6724 ++ goto denied;
6725 + }
6726 + }
6727 +
6728 -+ if (!cap_raised(cap_drop, cap))
6729 -+ return 1;
6730 ++denied:
6731 ++ if (mode == GR_BIND)
6732 ++ gr_log_int5_str2(GR_DONT_AUDIT, GR_BIND_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
6733 ++ else if (mode == GR_CONNECT)
6734 ++ gr_log_int5_str2(GR_DONT_AUDIT, GR_CONNECT_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
6735 +
6736 -+ return 0;
6737 ++ return -EACCES;
6738 +}
6739 +
6740 +int
6741 -+gr_acl_is_capable_nolog(const int cap)
6742 ++gr_search_connect(struct socket *sock, struct sockaddr_in *addr)
6743 +{
6744 -+ return gr_task_acl_is_capable_nolog(current, cap);
6745 ++ /* always allow disconnection of dgram sockets with connect */
6746 ++ if (addr->sin_family == AF_UNSPEC)
6747 ++ return 0;
6748 ++ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type);
6749 +}
6750 +
6751 -diff --git a/grsecurity/gracl_compat.c b/grsecurity/gracl_compat.c
6752 -new file mode 100644
6753 -index 0000000..a43dd06
6754 ---- /dev/null
6755 -+++ b/grsecurity/gracl_compat.c
6756 -@@ -0,0 +1,269 @@
6757 -+#include <linux/kernel.h>
6758 -+#include <linux/gracl.h>
6759 -+#include <linux/compat.h>
6760 -+#include <linux/gracl_compat.h>
6761 -+
6762 -+#include <asm/uaccess.h>
6763 -+
6764 -+int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap)
6765 ++int
6766 ++gr_search_bind(struct socket *sock, struct sockaddr_in *addr)
6767 +{
6768 -+ struct gr_arg_wrapper_compat uwrapcompat;
6769 -+
6770 -+ if (copy_from_user(&uwrapcompat, buf, sizeof(uwrapcompat)))
6771 -+ return -EFAULT;
6772 -+
6773 -+ if ((uwrapcompat.version != GRSECURITY_VERSION) ||
6774 -+ (uwrapcompat.size != sizeof(struct gr_arg_compat)))
6775 -+ return -EINVAL;
6776 -+
6777 -+ uwrap->arg = compat_ptr(uwrapcompat.arg);
6778 -+ uwrap->version = uwrapcompat.version;
6779 -+ uwrap->size = sizeof(struct gr_arg);
6780 -+
6781 -+ return 0;
6782 ++ return gr_search_connectbind(GR_BIND | GR_BINDOVERRIDE, sock->sk, addr, sock->type);
6783 +}
6784 +
6785 -+int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg)
6786 ++int gr_search_listen(struct socket *sock)
6787 +{
6788 -+ struct gr_arg_compat argcompat;
6789 -+
6790 -+ if (copy_from_user(&argcompat, buf, sizeof(argcompat)))
6791 -+ return -EFAULT;
6792 -+
6793 -+ arg->role_db.r_table = compat_ptr(argcompat.role_db.r_table);
6794 -+ arg->role_db.num_pointers = argcompat.role_db.num_pointers;
6795 -+ arg->role_db.num_roles = argcompat.role_db.num_roles;
6796 -+ arg->role_db.num_domain_children = argcompat.role_db.num_domain_children;
6797 -+ arg->role_db.num_subjects = argcompat.role_db.num_subjects;
6798 -+ arg->role_db.num_objects = argcompat.role_db.num_objects;
6799 ++ struct sock *sk = sock->sk;
6800 ++ struct sockaddr_in addr;
6801 +
6802 -+ memcpy(&arg->pw, &argcompat.pw, sizeof(arg->pw));
6803 -+ memcpy(&arg->salt, &argcompat.salt, sizeof(arg->salt));
6804 -+ memcpy(&arg->sum, &argcompat.sum, sizeof(arg->sum));
6805 -+ memcpy(&arg->sp_role, &argcompat.sp_role, sizeof(arg->sp_role));
6806 -+ arg->sprole_pws = compat_ptr(argcompat.sprole_pws);
6807 -+ arg->segv_device = argcompat.segv_device;
6808 -+ arg->segv_inode = argcompat.segv_inode;
6809 -+ arg->segv_uid = argcompat.segv_uid;
6810 -+ arg->num_sprole_pws = argcompat.num_sprole_pws;
6811 -+ arg->mode = argcompat.mode;
6812 ++ addr.sin_addr.s_addr = inet_sk(sk)->inet_saddr;
6813 ++ addr.sin_port = inet_sk(sk)->inet_sport;
6814 +
6815 -+ return 0;
6816 ++ return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
6817 +}
6818 +
6819 -+int copy_acl_object_label_compat(struct acl_object_label *obj, const struct acl_object_label *userp)
6820 ++int gr_search_accept(struct socket *sock)
6821 +{
6822 -+ struct acl_object_label_compat objcompat;
6823 -+
6824 -+ if (copy_from_user(&objcompat, userp, sizeof(objcompat)))
6825 -+ return -EFAULT;
6826 -+
6827 -+ obj->filename = compat_ptr(objcompat.filename);
6828 -+ obj->inode = objcompat.inode;
6829 -+ obj->device = objcompat.device;
6830 -+ obj->mode = objcompat.mode;
6831 -+
6832 -+ obj->nested = compat_ptr(objcompat.nested);
6833 -+ obj->globbed = compat_ptr(objcompat.globbed);
6834 ++ struct sock *sk = sock->sk;
6835 ++ struct sockaddr_in addr;
6836 +
6837 -+ obj->prev = compat_ptr(objcompat.prev);
6838 -+ obj->next = compat_ptr(objcompat.next);
6839 ++ addr.sin_addr.s_addr = inet_sk(sk)->inet_saddr;
6840 ++ addr.sin_port = inet_sk(sk)->inet_sport;
6841 +
6842 -+ return 0;
6843 ++ return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
6844 +}
6845 +
6846 -+int copy_acl_subject_label_compat(struct acl_subject_label *subj, const struct acl_subject_label *userp)
6847 ++int
6848 ++gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr)
6849 +{
6850 -+ unsigned int i;
6851 -+ struct acl_subject_label_compat subjcompat;
6852 -+
6853 -+ if (copy_from_user(&subjcompat, userp, sizeof(subjcompat)))
6854 -+ return -EFAULT;
6855 ++ if (addr)
6856 ++ return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM);
6857 ++ else {
6858 ++ struct sockaddr_in sin;
6859 ++ const struct inet_sock *inet = inet_sk(sk);
6860 +
6861 -+ subj->filename = compat_ptr(subjcompat.filename);
6862 -+ subj->inode = subjcompat.inode;
6863 -+ subj->device = subjcompat.device;
6864 -+ subj->mode = subjcompat.mode;
6865 -+ subj->cap_mask = subjcompat.cap_mask;
6866 -+ subj->cap_lower = subjcompat.cap_lower;
6867 -+ subj->cap_invert_audit = subjcompat.cap_invert_audit;
6868 ++ sin.sin_addr.s_addr = inet->inet_daddr;
6869 ++ sin.sin_port = inet->inet_dport;
6870 +
6871 -+ for (i = 0; i < GR_NLIMITS; i++) {
6872 -+ if (subjcompat.res[i].rlim_cur == COMPAT_RLIM_INFINITY)
6873 -+ subj->res[i].rlim_cur = RLIM_INFINITY;
6874 -+ else
6875 -+ subj->res[i].rlim_cur = subjcompat.res[i].rlim_cur;
6876 -+ if (subjcompat.res[i].rlim_max == COMPAT_RLIM_INFINITY)
6877 -+ subj->res[i].rlim_max = RLIM_INFINITY;
6878 -+ else
6879 -+ subj->res[i].rlim_max = subjcompat.res[i].rlim_max;
6880 ++ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
6881 + }
6882 -+ subj->resmask = subjcompat.resmask;
6883 -+
6884 -+ subj->user_trans_type = subjcompat.user_trans_type;
6885 -+ subj->group_trans_type = subjcompat.group_trans_type;
6886 -+ subj->user_transitions = compat_ptr(subjcompat.user_transitions);
6887 -+ subj->group_transitions = compat_ptr(subjcompat.group_transitions);
6888 -+ subj->user_trans_num = subjcompat.user_trans_num;
6889 -+ subj->group_trans_num = subjcompat.group_trans_num;
6890 -+
6891 -+ memcpy(&subj->sock_families, &subjcompat.sock_families, sizeof(subj->sock_families));
6892 -+ memcpy(&subj->ip_proto, &subjcompat.ip_proto, sizeof(subj->ip_proto));
6893 -+ subj->ip_type = subjcompat.ip_type;
6894 -+ subj->ips = compat_ptr(subjcompat.ips);
6895 -+ subj->ip_num = subjcompat.ip_num;
6896 -+ subj->inaddr_any_override = subjcompat.inaddr_any_override;
6897 -+
6898 -+ subj->crashes = subjcompat.crashes;
6899 -+ subj->expires = subjcompat.expires;
6900 -+
6901 -+ subj->parent_subject = compat_ptr(subjcompat.parent_subject);
6902 -+ subj->hash = compat_ptr(subjcompat.hash);
6903 -+ subj->prev = compat_ptr(subjcompat.prev);
6904 -+ subj->next = compat_ptr(subjcompat.next);
6905 -+
6906 -+ subj->obj_hash = compat_ptr(subjcompat.obj_hash);
6907 -+ subj->obj_hash_size = subjcompat.obj_hash_size;
6908 -+ subj->pax_flags = subjcompat.pax_flags;
6909 -+
6910 -+ return 0;
6911 +}
6912 +
6913 -+int copy_acl_role_label_compat(struct acl_role_label *role, const struct acl_role_label *userp)
6914 ++int
6915 ++gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb)
6916 +{
6917 -+ struct acl_role_label_compat rolecompat;
6918 -+
6919 -+ if (copy_from_user(&rolecompat, userp, sizeof(rolecompat)))
6920 -+ return -EFAULT;
6921 -+
6922 -+ role->rolename = compat_ptr(rolecompat.rolename);
6923 -+ role->uidgid = rolecompat.uidgid;
6924 -+ role->roletype = rolecompat.roletype;
6925 -+
6926 -+ role->auth_attempts = rolecompat.auth_attempts;
6927 -+ role->expires = rolecompat.expires;
6928 -+
6929 -+ role->root_label = compat_ptr(rolecompat.root_label);
6930 -+ role->hash = compat_ptr(rolecompat.hash);
6931 -+
6932 -+ role->prev = compat_ptr(rolecompat.prev);
6933 -+ role->next = compat_ptr(rolecompat.next);
6934 -+
6935 -+ role->transitions = compat_ptr(rolecompat.transitions);
6936 -+ role->allowed_ips = compat_ptr(rolecompat.allowed_ips);
6937 -+ role->domain_children = compat_ptr(rolecompat.domain_children);
6938 -+ role->domain_child_num = rolecompat.domain_child_num;
6939 ++ struct sockaddr_in sin;
6940 +
6941 -+ role->umask = rolecompat.umask;
6942 ++ if (unlikely(skb->len < sizeof (struct udphdr)))
6943 ++ return 0; // skip this packet
6944 +
6945 -+ role->subj_hash = compat_ptr(rolecompat.subj_hash);
6946 -+ role->subj_hash_size = rolecompat.subj_hash_size;
6947 ++ sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
6948 ++ sin.sin_port = udp_hdr(skb)->source;
6949 +
6950 -+ return 0;
6951 ++ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
6952 +}
6953 +diff --git a/grsecurity/gracl_learn.c b/grsecurity/gracl_learn.c
6954 +new file mode 100644
6955 +index 0000000..25f54ef
6956 +--- /dev/null
6957 ++++ b/grsecurity/gracl_learn.c
6958 +@@ -0,0 +1,207 @@
6959 ++#include <linux/kernel.h>
6960 ++#include <linux/mm.h>
6961 ++#include <linux/sched.h>
6962 ++#include <linux/poll.h>
6963 ++#include <linux/string.h>
6964 ++#include <linux/file.h>
6965 ++#include <linux/types.h>
6966 ++#include <linux/vmalloc.h>
6967 ++#include <linux/grinternal.h>
6968 +
6969 -+int copy_role_allowed_ip_compat(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp)
6970 -+{
6971 -+ struct role_allowed_ip_compat roleip_compat;
6972 ++extern ssize_t write_grsec_handler(struct file * file, const char __user * buf,
6973 ++ size_t count, loff_t *ppos);
6974 ++extern int gr_acl_is_enabled(void);
6975 +
6976 -+ if (copy_from_user(&roleip_compat, userp, sizeof(roleip_compat)))
6977 -+ return -EFAULT;
6978 ++static DECLARE_WAIT_QUEUE_HEAD(learn_wait);
6979 ++static int gr_learn_attached;
6980 +
6981 -+ roleip->addr = roleip_compat.addr;
6982 -+ roleip->netmask = roleip_compat.netmask;
6983 ++/* use a 512k buffer */
6984 ++#define LEARN_BUFFER_SIZE (512 * 1024)
6985 +
6986 -+ roleip->prev = compat_ptr(roleip_compat.prev);
6987 -+ roleip->next = compat_ptr(roleip_compat.next);
6988 ++static DEFINE_SPINLOCK(gr_learn_lock);
6989 ++static DEFINE_MUTEX(gr_learn_user_mutex);
6990 +
6991 -+ return 0;
6992 -+}
6993 ++/* we need to maintain two buffers, so that the kernel context of grlearn
6994 ++ uses a semaphore around the userspace copying, and the other kernel contexts
6995 ++ use a spinlock when copying into the buffer, since they cannot sleep
6996 ++*/
6997 ++static char *learn_buffer;
6998 ++static char *learn_buffer_user;
6999 ++static int learn_buffer_len;
7000 ++static int learn_buffer_user_len;
7001 +
7002 -+int copy_role_transition_compat(struct role_transition *trans, const struct role_transition *userp)
7003 ++static ssize_t
7004 ++read_learn(struct file *file, char __user * buf, size_t count, loff_t * ppos)
7005 +{
7006 -+ struct role_transition_compat trans_compat;
7007 ++ DECLARE_WAITQUEUE(wait, current);
7008 ++ ssize_t retval = 0;
7009 +
7010 -+ if (copy_from_user(&trans_compat, userp, sizeof(trans_compat)))
7011 -+ return -EFAULT;
7012 ++ add_wait_queue(&learn_wait, &wait);
7013 ++ set_current_state(TASK_INTERRUPTIBLE);
7014 ++ do {
7015 ++ mutex_lock(&gr_learn_user_mutex);
7016 ++ spin_lock(&gr_learn_lock);
7017 ++ if (learn_buffer_len)
7018 ++ break;
7019 ++ spin_unlock(&gr_learn_lock);
7020 ++ mutex_unlock(&gr_learn_user_mutex);
7021 ++ if (file->f_flags & O_NONBLOCK) {
7022 ++ retval = -EAGAIN;
7023 ++ goto out;
7024 ++ }
7025 ++ if (signal_pending(current)) {
7026 ++ retval = -ERESTARTSYS;
7027 ++ goto out;
7028 ++ }
7029 +
7030 -+ trans->rolename = compat_ptr(trans_compat.rolename);
7031 ++ schedule();
7032 ++ } while (1);
7033 +
7034 -+ trans->prev = compat_ptr(trans_compat.prev);
7035 -+ trans->next = compat_ptr(trans_compat.next);
7036 ++ memcpy(learn_buffer_user, learn_buffer, learn_buffer_len);
7037 ++ learn_buffer_user_len = learn_buffer_len;
7038 ++ retval = learn_buffer_len;
7039 ++ learn_buffer_len = 0;
7040 +
7041 -+ return 0;
7042 ++ spin_unlock(&gr_learn_lock);
7043 +
7044 ++ if (copy_to_user(buf, learn_buffer_user, learn_buffer_user_len))
7045 ++ retval = -EFAULT;
7046 ++
7047 ++ mutex_unlock(&gr_learn_user_mutex);
7048 ++out:
7049 ++ set_current_state(TASK_RUNNING);
7050 ++ remove_wait_queue(&learn_wait, &wait);
7051 ++ return retval;
7052 +}
7053 +
7054 -+int copy_gr_hash_struct_compat(struct gr_hash_struct *hash, const struct gr_hash_struct *userp)
7055 ++static unsigned int
7056 ++poll_learn(struct file * file, poll_table * wait)
7057 +{
7058 -+ struct gr_hash_struct_compat hash_compat;
7059 -+
7060 -+ if (copy_from_user(&hash_compat, userp, sizeof(hash_compat)))
7061 -+ return -EFAULT;
7062 -+
7063 -+ hash->table = compat_ptr(hash_compat.table);
7064 -+ hash->nametable = compat_ptr(hash_compat.nametable);
7065 -+ hash->first = compat_ptr(hash_compat.first);
7066 -+
7067 -+ hash->table_size = hash_compat.table_size;
7068 -+ hash->used_size = hash_compat.used_size;
7069 ++ poll_wait(file, &learn_wait, wait);
7070 +
7071 -+ hash->type = hash_compat.type;
7072 ++ if (learn_buffer_len)
7073 ++ return (POLLIN | POLLRDNORM);
7074 +
7075 + return 0;
7076 +}
7077 +
7078 -+int copy_pointer_from_array_compat(void *ptr, unsigned long idx, const void *userp)
7079 ++void
7080 ++gr_clear_learn_entries(void)
7081 +{
7082 -+ compat_uptr_t ptrcompat;
7083 -+
7084 -+ if (copy_from_user(&ptrcompat, userp + (idx * sizeof(ptrcompat)), sizeof(ptrcompat)))
7085 -+ return -EFAULT;
7086 ++ char *tmp;
7087 +
7088 -+ *(void **)ptr = compat_ptr(ptrcompat);
7089 ++ mutex_lock(&gr_learn_user_mutex);
7090 ++ spin_lock(&gr_learn_lock);
7091 ++ tmp = learn_buffer;
7092 ++ learn_buffer = NULL;
7093 ++ spin_unlock(&gr_learn_lock);
7094 ++ if (tmp)
7095 ++ vfree(tmp);
7096 ++ if (learn_buffer_user != NULL) {
7097 ++ vfree(learn_buffer_user);
7098 ++ learn_buffer_user = NULL;
7099 ++ }
7100 ++ learn_buffer_len = 0;
7101 ++ mutex_unlock(&gr_learn_user_mutex);
7102 +
7103 -+ return 0;
7104 ++ return;
7105 +}
7106 +
7107 -+int copy_acl_ip_label_compat(struct acl_ip_label *ip, const struct acl_ip_label *userp)
7108 ++void
7109 ++gr_add_learn_entry(const char *fmt, ...)
7110 +{
7111 -+ struct acl_ip_label_compat ip_compat;
7112 ++ va_list args;
7113 ++ unsigned int len;
7114 +
7115 -+ if (copy_from_user(&ip_compat, userp, sizeof(ip_compat)))
7116 -+ return -EFAULT;
7117 ++ if (!gr_learn_attached)
7118 ++ return;
7119 +
7120 -+ ip->iface = compat_ptr(ip_compat.iface);
7121 -+ ip->addr = ip_compat.addr;
7122 -+ ip->netmask = ip_compat.netmask;
7123 -+ ip->low = ip_compat.low;
7124 -+ ip->high = ip_compat.high;
7125 -+ ip->mode = ip_compat.mode;
7126 -+ ip->type = ip_compat.type;
7127 ++ spin_lock(&gr_learn_lock);
7128 +
7129 -+ memcpy(&ip->proto, &ip_compat.proto, sizeof(ip->proto));
7130 ++ /* leave a gap at the end so we know when it's "full" but don't have to
7131 ++ compute the exact length of the string we're trying to append
7132 ++ */
7133 ++ if (learn_buffer_len > LEARN_BUFFER_SIZE - 16384) {
7134 ++ spin_unlock(&gr_learn_lock);
7135 ++ wake_up_interruptible(&learn_wait);
7136 ++ return;
7137 ++ }
7138 ++ if (learn_buffer == NULL) {
7139 ++ spin_unlock(&gr_learn_lock);
7140 ++ return;
7141 ++ }
7142 +
7143 -+ ip->prev = compat_ptr(ip_compat.prev);
7144 -+ ip->next = compat_ptr(ip_compat.next);
7145 ++ va_start(args, fmt);
7146 ++ len = vsnprintf(learn_buffer + learn_buffer_len, LEARN_BUFFER_SIZE - learn_buffer_len, fmt, args);
7147 ++ va_end(args);
7148 +
7149 -+ return 0;
7150 ++ learn_buffer_len += len + 1;
7151 ++
7152 ++ spin_unlock(&gr_learn_lock);
7153 ++ wake_up_interruptible(&learn_wait);
7154 ++
7155 ++ return;
7156 +}
7157 +
7158 -+int copy_sprole_pw_compat(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp)
7159 ++static int
7160 ++open_learn(struct inode *inode, struct file *file)
7161 +{
7162 -+ struct sprole_pw_compat pw_compat;
7163 -+
7164 -+ if (copy_from_user(&pw_compat, (const void *)userp + (sizeof(pw_compat) * idx), sizeof(pw_compat)))
7165 -+ return -EFAULT;
7166 -+
7167 -+ pw->rolename = compat_ptr(pw_compat.rolename);
7168 -+ memcpy(&pw->salt, pw_compat.salt, sizeof(pw->salt));
7169 -+ memcpy(&pw->sum, pw_compat.sum, sizeof(pw->sum));
7170 -+
7171 ++ if (file->f_mode & FMODE_READ && gr_learn_attached)
7172 ++ return -EBUSY;
7173 ++ if (file->f_mode & FMODE_READ) {
7174 ++ int retval = 0;
7175 ++ mutex_lock(&gr_learn_user_mutex);
7176 ++ if (learn_buffer == NULL)
7177 ++ learn_buffer = vmalloc(LEARN_BUFFER_SIZE);
7178 ++ if (learn_buffer_user == NULL)
7179 ++ learn_buffer_user = vmalloc(LEARN_BUFFER_SIZE);
7180 ++ if (learn_buffer == NULL) {
7181 ++ retval = -ENOMEM;
7182 ++ goto out_error;
7183 ++ }
7184 ++ if (learn_buffer_user == NULL) {
7185 ++ retval = -ENOMEM;
7186 ++ goto out_error;
7187 ++ }
7188 ++ learn_buffer_len = 0;
7189 ++ learn_buffer_user_len = 0;
7190 ++ gr_learn_attached = 1;
7191 ++out_error:
7192 ++ mutex_unlock(&gr_learn_user_mutex);
7193 ++ return retval;
7194 ++ }
7195 + return 0;
7196 +}
7197 +
7198 -+size_t get_gr_arg_wrapper_size_compat(void)
7199 ++static int
7200 ++close_learn(struct inode *inode, struct file *file)
7201 +{
7202 -+ return sizeof(struct gr_arg_wrapper_compat);
7203 -+}
7204 ++ if (file->f_mode & FMODE_READ) {
7205 ++ char *tmp = NULL;
7206 ++ mutex_lock(&gr_learn_user_mutex);
7207 ++ spin_lock(&gr_learn_lock);
7208 ++ tmp = learn_buffer;
7209 ++ learn_buffer = NULL;
7210 ++ spin_unlock(&gr_learn_lock);
7211 ++ if (tmp)
7212 ++ vfree(tmp);
7213 ++ if (learn_buffer_user != NULL) {
7214 ++ vfree(learn_buffer_user);
7215 ++ learn_buffer_user = NULL;
7216 ++ }
7217 ++ learn_buffer_len = 0;
7218 ++ learn_buffer_user_len = 0;
7219 ++ gr_learn_attached = 0;
7220 ++ mutex_unlock(&gr_learn_user_mutex);
7221 ++ }
7222 +
7223 -diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
7224 ++ return 0;
7225 ++}
7226 ++
7227 ++const struct file_operations grsec_fops = {
7228 ++ .read = read_learn,
7229 ++ .write = write_grsec_handler,
7230 ++ .open = open_learn,
7231 ++ .release = close_learn,
7232 ++ .poll = poll_learn,
7233 ++};
7234 +diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c
7235 new file mode 100644
7236 -index 0000000..a340c17
7237 +index 0000000..d409f33
7238 --- /dev/null
7239 -+++ b/grsecurity/gracl_fs.c
7240 -@@ -0,0 +1,431 @@
7241 ++++ b/grsecurity/gracl_policy.c
7242 +@@ -0,0 +1,1825 @@
7243 +#include <linux/kernel.h>
7244 ++#include <linux/module.h>
7245 +#include <linux/sched.h>
7246 -+#include <linux/types.h>
7247 -+#include <linux/fs.h>
7248 ++#include <linux/mm.h>
7249 +#include <linux/file.h>
7250 -+#include <linux/stat.h>
7251 -+#include <linux/grsecurity.h>
7252 -+#include <linux/grinternal.h>
7253 ++#include <linux/fs.h>
7254 ++#include <linux/namei.h>
7255 ++#include <linux/mount.h>
7256 ++#include <linux/tty.h>
7257 ++#include <linux/proc_fs.h>
7258 ++#include <linux/lglock.h>
7259 ++#include <linux/slab.h>
7260 ++#include <linux/vmalloc.h>
7261 ++#include <linux/types.h>
7262 ++#include <linux/sysctl.h>
7263 ++#include <linux/netdevice.h>
7264 ++#include <linux/ptrace.h>
7265 +#include <linux/gracl.h>
7266 ++#include <linux/gralloc.h>
7267 ++#include <linux/security.h>
7268 ++#include <linux/grinternal.h>
7269 ++#include <linux/pid_namespace.h>
7270 ++#include <linux/stop_machine.h>
7271 ++#include <linux/fdtable.h>
7272 ++#include <linux/percpu.h>
7273 ++#include <linux/lglock.h>
7274 ++#include <linux/hugetlb.h>
7275 ++#include <linux/posix-timers.h>
7276 ++#include "../fs/mount.h"
7277 +
7278 -+umode_t
7279 -+gr_acl_umask(void)
7280 -+{
7281 -+ if (unlikely(!gr_acl_is_enabled()))
7282 -+ return 0;
7283 -+
7284 -+ return current->role->umask;
7285 -+}
7286 -+
7287 -+__u32
7288 -+gr_acl_handle_hidden_file(const struct dentry * dentry,
7289 -+ const struct vfsmount * mnt)
7290 -+{
7291 -+ __u32 mode;
7292 ++#include <asm/uaccess.h>
7293 ++#include <asm/errno.h>
7294 ++#include <asm/mman.h>
7295 +
7296 -+ if (unlikely(!dentry->d_inode))
7297 -+ return GR_FIND;
7298 ++extern struct gr_policy_state *polstate;
7299 +
7300 -+ mode =
7301 -+ gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt);
7302 ++#define FOR_EACH_ROLE_START(role) \
7303 ++ role = polstate->role_list; \
7304 ++ while (role) {
7305 +
7306 -+ if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) {
7307 -+ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
7308 -+ return mode;
7309 -+ } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) {
7310 -+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
7311 -+ return 0;
7312 -+ } else if (unlikely(!(mode & GR_FIND)))
7313 -+ return 0;
7314 ++#define FOR_EACH_ROLE_END(role) \
7315 ++ role = role->prev; \
7316 ++ }
7317 +
7318 -+ return GR_FIND;
7319 -+}
7320 ++struct path gr_real_root;
7321 +
7322 -+__u32
7323 -+gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
7324 -+ int acc_mode)
7325 -+{
7326 -+ __u32 reqmode = GR_FIND;
7327 -+ __u32 mode;
7328 ++extern struct gr_alloc_state *current_alloc_state;
7329 +
7330 -+ if (unlikely(!dentry->d_inode))
7331 -+ return reqmode;
7332 ++u16 acl_sp_role_value;
7333 +
7334 -+ if (acc_mode & MAY_APPEND)
7335 -+ reqmode |= GR_APPEND;
7336 -+ else if (acc_mode & MAY_WRITE)
7337 -+ reqmode |= GR_WRITE;
7338 -+ if ((acc_mode & MAY_READ) && !S_ISDIR(dentry->d_inode->i_mode))
7339 -+ reqmode |= GR_READ;
7340 ++static DEFINE_MUTEX(gr_dev_mutex);
7341 +
7342 -+ mode =
7343 -+ gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
7344 -+ mnt);
7345 ++extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
7346 ++extern void gr_clear_learn_entries(void);
7347 +
7348 -+ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
7349 -+ gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
7350 -+ reqmode & GR_READ ? " reading" : "",
7351 -+ reqmode & GR_WRITE ? " writing" : reqmode &
7352 -+ GR_APPEND ? " appending" : "");
7353 -+ return reqmode;
7354 -+ } else
7355 -+ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
7356 -+ {
7357 -+ gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
7358 -+ reqmode & GR_READ ? " reading" : "",
7359 -+ reqmode & GR_WRITE ? " writing" : reqmode &
7360 -+ GR_APPEND ? " appending" : "");
7361 -+ return 0;
7362 -+ } else if (unlikely((mode & reqmode) != reqmode))
7363 -+ return 0;
7364 ++static struct gr_arg gr_usermode;
7365 ++static unsigned char gr_system_salt[GR_SALT_LEN];
7366 ++static unsigned char gr_system_sum[GR_SHA_LEN];
7367 +
7368 -+ return reqmode;
7369 -+}
7370 ++static unsigned int gr_auth_attempts = 0;
7371 ++static unsigned long gr_auth_expires = 0UL;
7372 +
7373 -+__u32
7374 -+gr_acl_handle_creat(const struct dentry * dentry,
7375 -+ const struct dentry * p_dentry,
7376 -+ const struct vfsmount * p_mnt, int open_flags, int acc_mode,
7377 -+ const int imode)
7378 -+{
7379 -+ __u32 reqmode = GR_WRITE | GR_CREATE;
7380 -+ __u32 mode;
7381 ++struct acl_object_label *fakefs_obj_rw;
7382 ++struct acl_object_label *fakefs_obj_rwx;
7383 +
7384 -+ if (acc_mode & MAY_APPEND)
7385 -+ reqmode |= GR_APPEND;
7386 -+ // if a directory was required or the directory already exists, then
7387 -+ // don't count this open as a read
7388 -+ if ((acc_mode & MAY_READ) &&
7389 -+ !((open_flags & O_DIRECTORY) || (dentry->d_inode && S_ISDIR(dentry->d_inode->i_mode))))
7390 -+ reqmode |= GR_READ;
7391 -+ if ((open_flags & O_CREAT) &&
7392 -+ ((imode & S_ISUID) || ((imode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))
7393 -+ reqmode |= GR_SETID;
7394 ++extern int gr_init_uidset(void);
7395 ++extern void gr_free_uidset(void);
7396 ++extern void gr_remove_uid(uid_t uid);
7397 ++extern int gr_find_uid(uid_t uid);
7398 +
7399 -+ mode =
7400 -+ gr_check_create(dentry, p_dentry, p_mnt,
7401 -+ reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
7402 ++extern void __gr_apply_subject_to_task(struct gr_policy_state *state, struct task_struct *task, struct acl_subject_label *subj);
7403 ++extern int gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb);
7404 ++extern void __insert_inodev_entry(const struct gr_policy_state *state, struct inodev_entry *entry);
7405 ++extern struct acl_role_label *__lookup_acl_role_label(const struct gr_policy_state *state, const struct task_struct *task, const uid_t uid, const gid_t gid);
7406 ++extern void insert_acl_obj_label(struct acl_object_label *obj, struct acl_subject_label *subj);
7407 ++extern void insert_acl_subj_label(struct acl_subject_label *obj, struct acl_role_label *role);
7408 ++extern struct name_entry * __lookup_name_entry(const struct gr_policy_state *state, const char *name);
7409 ++extern char *gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt);
7410 ++extern struct acl_subject_label *lookup_acl_subj_label(const ino_t ino, const dev_t dev, const struct acl_role_label *role);
7411 ++extern struct acl_subject_label *lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev, const struct acl_role_label *role);
7412 ++extern void assign_special_role(const char *rolename);
7413 ++extern struct acl_subject_label *chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, const struct acl_role_label *role);
7414 ++extern int gr_rbac_disable(void *unused);
7415 ++extern void gr_enable_rbac_system(void);
7416 +
7417 -+ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
7418 -+ gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
7419 -+ reqmode & GR_READ ? " reading" : "",
7420 -+ reqmode & GR_WRITE ? " writing" : reqmode &
7421 -+ GR_APPEND ? " appending" : "");
7422 -+ return reqmode;
7423 -+ } else
7424 -+ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
7425 -+ {
7426 -+ gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
7427 -+ reqmode & GR_READ ? " reading" : "",
7428 -+ reqmode & GR_WRITE ? " writing" : reqmode &
7429 -+ GR_APPEND ? " appending" : "");
7430 -+ return 0;
7431 -+ } else if (unlikely((mode & reqmode) != reqmode))
7432 -+ return 0;
7433 ++static int copy_acl_object_label_normal(struct acl_object_label *obj, const struct acl_object_label *userp)
7434 ++{
7435 ++ if (copy_from_user(obj, userp, sizeof(struct acl_object_label)))
7436 ++ return -EFAULT;
7437 +
7438 -+ return reqmode;
7439 ++ return 0;
7440 +}
7441 +
7442 -+__u32
7443 -+gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
7444 -+ const int fmode)
7445 ++static int copy_acl_ip_label_normal(struct acl_ip_label *ip, const struct acl_ip_label *userp)
7446 +{
7447 -+ __u32 mode, reqmode = GR_FIND;
7448 -+
7449 -+ if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode))
7450 -+ reqmode |= GR_EXEC;
7451 -+ if (fmode & S_IWOTH)
7452 -+ reqmode |= GR_WRITE;
7453 -+ if (fmode & S_IROTH)
7454 -+ reqmode |= GR_READ;
7455 -+
7456 -+ mode =
7457 -+ gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
7458 -+ mnt);
7459 -+
7460 -+ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
7461 -+ gr_log_fs_rbac_mode3(GR_DO_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
7462 -+ reqmode & GR_READ ? " reading" : "",
7463 -+ reqmode & GR_WRITE ? " writing" : "",
7464 -+ reqmode & GR_EXEC ? " executing" : "");
7465 -+ return reqmode;
7466 -+ } else
7467 -+ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
7468 -+ {
7469 -+ gr_log_fs_rbac_mode3(GR_DONT_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
7470 -+ reqmode & GR_READ ? " reading" : "",
7471 -+ reqmode & GR_WRITE ? " writing" : "",
7472 -+ reqmode & GR_EXEC ? " executing" : "");
7473 -+ return 0;
7474 -+ } else if (unlikely((mode & reqmode) != reqmode))
7475 -+ return 0;
7476 ++ if (copy_from_user(ip, userp, sizeof(struct acl_ip_label)))
7477 ++ return -EFAULT;
7478 +
7479 -+ return reqmode;
7480 ++ return 0;
7481 +}
7482 +
7483 -+static __u32 generic_fs_handler(const struct dentry *dentry, const struct vfsmount *mnt, __u32 reqmode, const char *fmt)
7484 ++static int copy_acl_subject_label_normal(struct acl_subject_label *subj, const struct acl_subject_label *userp)
7485 +{
7486 -+ __u32 mode;
7487 -+
7488 -+ mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt);
7489 -+
7490 -+ if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
7491 -+ gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, dentry, mnt);
7492 -+ return mode;
7493 -+ } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
7494 -+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, dentry, mnt);
7495 -+ return 0;
7496 -+ } else if (unlikely((mode & (reqmode)) != (reqmode)))
7497 -+ return 0;
7498 ++ if (copy_from_user(subj, userp, sizeof(struct acl_subject_label)))
7499 ++ return -EFAULT;
7500 +
7501 -+ return (reqmode);
7502 ++ return 0;
7503 +}
7504 +
7505 -+__u32
7506 -+gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
7507 ++static int copy_acl_role_label_normal(struct acl_role_label *role, const struct acl_role_label *userp)
7508 +{
7509 -+ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG);
7510 -+}
7511 ++ if (copy_from_user(role, userp, sizeof(struct acl_role_label)))
7512 ++ return -EFAULT;
7513 +
7514 -+__u32
7515 -+gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt)
7516 -+{
7517 -+ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG);
7518 ++ return 0;
7519 +}
7520 +
7521 -+__u32
7522 -+gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt)
7523 ++static int copy_role_allowed_ip_normal(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp)
7524 +{
7525 -+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG);
7526 -+}
7527 ++ if (copy_from_user(roleip, userp, sizeof(struct role_allowed_ip)))
7528 ++ return -EFAULT;
7529 +
7530 -+__u32
7531 -+gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt)
7532 -+{
7533 -+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG);
7534 ++ return 0;
7535 +}
7536 +
7537 -+__u32
7538 -+gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt,
7539 -+ umode_t *modeptr)
7540 ++static int copy_sprole_pw_normal(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp)
7541 +{
7542 -+ umode_t mode;
7543 ++ if (copy_from_user(pw, userp + idx, sizeof(struct sprole_pw)))
7544 ++ return -EFAULT;
7545 +
7546 -+ *modeptr &= ~gr_acl_umask();
7547 -+ mode = *modeptr;
7548 ++ return 0;
7549 ++}
7550 +
7551 -+ if (unlikely(dentry->d_inode && S_ISSOCK(dentry->d_inode->i_mode)))
7552 -+ return 1;
7553 ++static int copy_gr_hash_struct_normal(struct gr_hash_struct *hash, const struct gr_hash_struct *userp)
7554 ++{
7555 ++ if (copy_from_user(hash, userp, sizeof(struct gr_hash_struct)))
7556 ++ return -EFAULT;
7557 +
7558 -+ if (unlikely(dentry->d_inode && !S_ISDIR(dentry->d_inode->i_mode) &&
7559 -+ ((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))) {
7560 -+ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
7561 -+ GR_CHMOD_ACL_MSG);
7562 -+ } else {
7563 -+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG);
7564 -+ }
7565 ++ return 0;
7566 +}
7567 +
7568 -+__u32
7569 -+gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt)
7570 ++static int copy_role_transition_normal(struct role_transition *trans, const struct role_transition *userp)
7571 +{
7572 -+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG);
7573 ++ if (copy_from_user(trans, userp, sizeof(struct role_transition)))
7574 ++ return -EFAULT;
7575 ++
7576 ++ return 0;
7577 +}
7578 +
7579 -+__u32
7580 -+gr_acl_handle_setxattr(const struct dentry *dentry, const struct vfsmount *mnt)
7581 ++int copy_pointer_from_array_normal(void *ptr, unsigned long idx, const void *userp)
7582 +{
7583 -+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_SETXATTR_ACL_MSG);
7584 ++ if (copy_from_user(ptr, userp + (idx * sizeof(void *)), sizeof(void *)))
7585 ++ return -EFAULT;
7586 ++
7587 ++ return 0;
7588 +}
7589 +
7590 -+__u32
7591 -+gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
7592 ++static int copy_gr_arg_wrapper_normal(const char __user *buf, struct gr_arg_wrapper *uwrap)
7593 +{
7594 -+ return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
7595 ++ if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper)))
7596 ++ return -EFAULT;
7597 ++
7598 ++ if (((uwrap->version != GRSECURITY_VERSION) &&
7599 ++ (uwrap->version != 0x2901)) ||
7600 ++ (uwrap->size != sizeof(struct gr_arg)))
7601 ++ return -EINVAL;
7602 ++
7603 ++ return 0;
7604 +}
7605 +
7606 -+__u32
7607 -+gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt)
7608 ++static int copy_gr_arg_normal(const struct gr_arg __user *buf, struct gr_arg *arg)
7609 +{
7610 -+ return generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE,
7611 -+ GR_UNIXCONNECT_ACL_MSG);
7612 ++ if (copy_from_user(arg, buf, sizeof (struct gr_arg)))
7613 ++ return -EFAULT;
7614 ++
7615 ++ return 0;
7616 +}
7617 +
7618 -+/* hardlinks require at minimum create and link permission,
7619 -+ any additional privilege required is based on the
7620 -+ privilege of the file being linked to
7621 -+*/
7622 -+__u32
7623 -+gr_acl_handle_link(const struct dentry * new_dentry,
7624 -+ const struct dentry * parent_dentry,
7625 -+ const struct vfsmount * parent_mnt,
7626 -+ const struct dentry * old_dentry,
7627 -+ const struct vfsmount * old_mnt, const struct filename *to)
7628 ++static size_t get_gr_arg_wrapper_size_normal(void)
7629 +{
7630 -+ __u32 mode;
7631 -+ __u32 needmode = GR_CREATE | GR_LINK;
7632 -+ __u32 needaudit = GR_AUDIT_CREATE | GR_AUDIT_LINK;
7633 ++ return sizeof(struct gr_arg_wrapper);
7634 ++}
7635 +
7636 -+ mode =
7637 -+ gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry,
7638 -+ old_mnt);
7639 ++#ifdef CONFIG_COMPAT
7640 ++extern int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap);
7641 ++extern int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg);
7642 ++extern int copy_acl_object_label_compat(struct acl_object_label *obj, const struct acl_object_label *userp);
7643 ++extern int copy_acl_subject_label_compat(struct acl_subject_label *subj, const struct acl_subject_label *userp);
7644 ++extern int copy_acl_role_label_compat(struct acl_role_label *role, const struct acl_role_label *userp);
7645 ++extern int copy_role_allowed_ip_compat(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp);
7646 ++extern int copy_role_transition_compat(struct role_transition *trans, const struct role_transition *userp);
7647 ++extern int copy_gr_hash_struct_compat(struct gr_hash_struct *hash, const struct gr_hash_struct *userp);
7648 ++extern int copy_pointer_from_array_compat(void *ptr, unsigned long idx, const void *userp);
7649 ++extern int copy_acl_ip_label_compat(struct acl_ip_label *ip, const struct acl_ip_label *userp);
7650 ++extern int copy_sprole_pw_compat(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp);
7651 ++extern size_t get_gr_arg_wrapper_size_compat(void);
7652 +
7653 -+ if (unlikely(((mode & needmode) == needmode) && (mode & needaudit))) {
7654 -+ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to->name);
7655 -+ return mode;
7656 -+ } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
7657 -+ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to->name);
7658 -+ return 0;
7659 -+ } else if (unlikely((mode & needmode) != needmode))
7660 -+ return 0;
7661 ++int (* copy_gr_arg_wrapper)(const char *buf, struct gr_arg_wrapper *uwrap) __read_only;
7662 ++int (* copy_gr_arg)(const struct gr_arg *buf, struct gr_arg *arg) __read_only;
7663 ++int (* copy_acl_object_label)(struct acl_object_label *obj, const struct acl_object_label *userp) __read_only;
7664 ++int (* copy_acl_subject_label)(struct acl_subject_label *subj, const struct acl_subject_label *userp) __read_only;
7665 ++int (* copy_acl_role_label)(struct acl_role_label *role, const struct acl_role_label *userp) __read_only;
7666 ++int (* copy_acl_ip_label)(struct acl_ip_label *ip, const struct acl_ip_label *userp) __read_only;
7667 ++int (* copy_pointer_from_array)(void *ptr, unsigned long idx, const void *userp) __read_only;
7668 ++int (* copy_sprole_pw)(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp) __read_only;
7669 ++int (* copy_gr_hash_struct)(struct gr_hash_struct *hash, const struct gr_hash_struct *userp) __read_only;
7670 ++int (* copy_role_transition)(struct role_transition *trans, const struct role_transition *userp) __read_only;
7671 ++int (* copy_role_allowed_ip)(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp) __read_only;
7672 ++size_t (* get_gr_arg_wrapper_size)(void) __read_only;
7673 +
7674 -+ return 1;
7675 -+}
7676 ++#else
7677 ++#define copy_gr_arg_wrapper copy_gr_arg_wrapper_normal
7678 ++#define copy_gr_arg copy_gr_arg_normal
7679 ++#define copy_gr_hash_struct copy_gr_hash_struct_normal
7680 ++#define copy_acl_object_label copy_acl_object_label_normal
7681 ++#define copy_acl_subject_label copy_acl_subject_label_normal
7682 ++#define copy_acl_role_label copy_acl_role_label_normal
7683 ++#define copy_acl_ip_label copy_acl_ip_label_normal
7684 ++#define copy_pointer_from_array copy_pointer_from_array_normal
7685 ++#define copy_sprole_pw copy_sprole_pw_normal
7686 ++#define copy_role_transition copy_role_transition_normal
7687 ++#define copy_role_allowed_ip copy_role_allowed_ip_normal
7688 ++#define get_gr_arg_wrapper_size get_gr_arg_wrapper_size_normal
7689 ++#endif
7690 +
7691 -+__u32
7692 -+gr_acl_handle_symlink(const struct dentry * new_dentry,
7693 -+ const struct dentry * parent_dentry,
7694 -+ const struct vfsmount * parent_mnt, const struct filename *from)
7695 ++static struct acl_subject_label *
7696 ++lookup_subject_map(const struct acl_subject_label *userp)
7697 +{
7698 -+ __u32 needmode = GR_WRITE | GR_CREATE;
7699 -+ __u32 mode;
7700 ++ unsigned int index = gr_shash(userp, polstate->subj_map_set.s_size);
7701 ++ struct subject_map *match;
7702 +
7703 -+ mode =
7704 -+ gr_check_create(new_dentry, parent_dentry, parent_mnt,
7705 -+ GR_CREATE | GR_AUDIT_CREATE |
7706 -+ GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS);
7707 ++ match = polstate->subj_map_set.s_hash[index];
7708 +
7709 -+ if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) {
7710 -+ gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from->name, new_dentry, parent_mnt);
7711 -+ return mode;
7712 -+ } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
7713 -+ gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from->name, new_dentry, parent_mnt);
7714 -+ return 0;
7715 -+ } else if (unlikely((mode & needmode) != needmode))
7716 -+ return 0;
7717 ++ while (match && match->user != userp)
7718 ++ match = match->next;
7719 +
7720 -+ return (GR_WRITE | GR_CREATE);
7721 ++ if (match != NULL)
7722 ++ return match->kernel;
7723 ++ else
7724 ++ return NULL;
7725 +}
7726 +
7727 -+static __u32 generic_fs_create_handler(const struct dentry *new_dentry, const struct dentry *parent_dentry, const struct vfsmount *parent_mnt, __u32 reqmode, const char *fmt)
7728 ++static void
7729 ++insert_subj_map_entry(struct subject_map *subjmap)
7730 +{
7731 -+ __u32 mode;
7732 -+
7733 -+ mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
7734 ++ unsigned int index = gr_shash(subjmap->user, polstate->subj_map_set.s_size);
7735 ++ struct subject_map **curr;
7736 +
7737 -+ if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
7738 -+ gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, new_dentry, parent_mnt);
7739 -+ return mode;
7740 -+ } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
7741 -+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, new_dentry, parent_mnt);
7742 -+ return 0;
7743 -+ } else if (unlikely((mode & (reqmode)) != (reqmode)))
7744 -+ return 0;
7745 ++ subjmap->prev = NULL;
7746 +
7747 -+ return (reqmode);
7748 -+}
7749 ++ curr = &polstate->subj_map_set.s_hash[index];
7750 ++ if (*curr != NULL)
7751 ++ (*curr)->prev = subjmap;
7752 +
7753 -+__u32
7754 -+gr_acl_handle_mknod(const struct dentry * new_dentry,
7755 -+ const struct dentry * parent_dentry,
7756 -+ const struct vfsmount * parent_mnt,
7757 -+ const int mode)
7758 -+{
7759 -+ __u32 reqmode = GR_WRITE | GR_CREATE;
7760 -+ if (unlikely((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))
7761 -+ reqmode |= GR_SETID;
7762 ++ subjmap->next = *curr;
7763 ++ *curr = subjmap;
7764 +
7765 -+ return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
7766 -+ reqmode, GR_MKNOD_ACL_MSG);
7767 ++ return;
7768 +}
7769 +
7770 -+__u32
7771 -+gr_acl_handle_mkdir(const struct dentry *new_dentry,
7772 -+ const struct dentry *parent_dentry,
7773 -+ const struct vfsmount *parent_mnt)
7774 ++static void
7775 ++__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
7776 +{
7777 -+ return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
7778 -+ GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG);
7779 -+}
7780 ++ unsigned int index =
7781 ++ gr_rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), polstate->acl_role_set.r_size);
7782 ++ struct acl_role_label **curr;
7783 ++ struct acl_role_label *tmp, *tmp2;
7784 +
7785 -+#define RENAME_CHECK_SUCCESS(old, new) \
7786 -+ (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \
7787 -+ ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)))
7788 ++ curr = &polstate->acl_role_set.r_hash[index];
7789 +
7790 -+int
7791 -+gr_acl_handle_rename(struct dentry *new_dentry,
7792 -+ struct dentry *parent_dentry,
7793 -+ const struct vfsmount *parent_mnt,
7794 -+ struct dentry *old_dentry,
7795 -+ struct inode *old_parent_inode,
7796 -+ struct vfsmount *old_mnt, const struct filename *newname)
7797 -+{
7798 -+ __u32 comp1, comp2;
7799 -+ int error = 0;
7800 -+
7801 -+ if (unlikely(!gr_acl_is_enabled()))
7802 -+ return 0;
7803 -+
7804 -+ if (!new_dentry->d_inode) {
7805 -+ comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt,
7806 -+ GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ |
7807 -+ GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS);
7808 -+ comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE |
7809 -+ GR_DELETE | GR_AUDIT_DELETE |
7810 -+ GR_AUDIT_READ | GR_AUDIT_WRITE |
7811 -+ GR_SUPPRESS, old_mnt);
7812 ++ /* simple case, slot is empty, just set it to our role */
7813 ++ if (*curr == NULL) {
7814 ++ *curr = role;
7815 + } else {
7816 -+ comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
7817 -+ GR_CREATE | GR_DELETE |
7818 -+ GR_AUDIT_CREATE | GR_AUDIT_DELETE |
7819 -+ GR_AUDIT_READ | GR_AUDIT_WRITE |
7820 -+ GR_SUPPRESS, parent_mnt);
7821 -+ comp2 =
7822 -+ gr_search_file(old_dentry,
7823 -+ GR_READ | GR_WRITE | GR_AUDIT_READ |
7824 -+ GR_DELETE | GR_AUDIT_DELETE |
7825 -+ GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
7826 -+ }
7827 ++ /* example:
7828 ++ 1 -> 2 -> 3 (adding 2 -> 3 to here)
7829 ++ 2 -> 3
7830 ++ */
7831 ++ /* first check to see if we can already be reached via this slot */
7832 ++ tmp = *curr;
7833 ++ while (tmp && tmp != role)
7834 ++ tmp = tmp->next;
7835 ++ if (tmp == role) {
7836 ++ /* we don't need to add ourselves to this slot's chain */
7837 ++ return;
7838 ++ }
7839 ++ /* we need to add ourselves to this chain, two cases */
7840 ++ if (role->next == NULL) {
7841 ++ /* simple case, append the current chain to our role */
7842 ++ role->next = *curr;
7843 ++ *curr = role;
7844 ++ } else {
7845 ++ /* 1 -> 2 -> 3 -> 4
7846 ++ 2 -> 3 -> 4
7847 ++ 3 -> 4 (adding 1 -> 2 -> 3 -> 4 to here)
7848 ++ */
7849 ++ /* trickier case: walk our role's chain until we find
7850 ++ the role for the start of the current slot's chain */
7851 ++ tmp = role;
7852 ++ tmp2 = *curr;
7853 ++ while (tmp->next && tmp->next != tmp2)
7854 ++ tmp = tmp->next;
7855 ++ if (tmp->next == tmp2) {
7856 ++ /* from example above, we found 3, so just
7857 ++ replace this slot's chain with ours */
7858 ++ *curr = role;
7859 ++ } else {
7860 ++ /* we didn't find a subset of our role's chain
7861 ++ in the current slot's chain, so append their
7862 ++ chain to ours, and set us as the first role in
7863 ++ the slot's chain
7864 +
7865 -+ if (RENAME_CHECK_SUCCESS(comp1, comp2) &&
7866 -+ ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS)))
7867 -+ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname->name);
7868 -+ else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS)
7869 -+ && !(comp2 & GR_SUPPRESS)) {
7870 -+ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname->name);
7871 -+ error = -EACCES;
7872 -+ } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2)))
7873 -+ error = -EACCES;
7874 ++ we could fold this case with the case above,
7875 ++ but making it explicit for clarity
7876 ++ */
7877 ++ tmp->next = tmp2;
7878 ++ *curr = role;
7879 ++ }
7880 ++ }
7881 ++ }
7882 +
7883 -+ return error;
7884 ++ return;
7885 +}
7886 +
7887 -+void
7888 -+gr_acl_handle_exit(void)
7889 ++static void
7890 ++insert_acl_role_label(struct acl_role_label *role)
7891 +{
7892 -+ u16 id;
7893 -+ char *rolename;
7894 ++ int i;
7895 +
7896 -+ if (unlikely(current->acl_sp_role && gr_acl_is_enabled() &&
7897 -+ !(current->role->roletype & GR_ROLE_PERSIST))) {
7898 -+ id = current->acl_role_id;
7899 -+ rolename = current->role->rolename;
7900 -+ gr_set_acls(1);
7901 -+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id);
7902 ++ if (polstate->role_list == NULL) {
7903 ++ polstate->role_list = role;
7904 ++ role->prev = NULL;
7905 ++ } else {
7906 ++ role->prev = polstate->role_list;
7907 ++ polstate->role_list = role;
7908 + }
7909 ++
7910 ++ /* used for hash chains */
7911 ++ role->next = NULL;
7912 +
7913 -+ gr_put_exec_file(current);
7914 -+ return;
7915 ++ if (role->roletype & GR_ROLE_DOMAIN) {
7916 ++ for (i = 0; i < role->domain_child_num; i++)
7917 ++ __insert_acl_role_label(role, role->domain_children[i]);
7918 ++ } else
7919 ++ __insert_acl_role_label(role, role->uidgid);
7920 +}
7921 -+
7922 -+int
7923 -+gr_acl_handle_procpidmem(const struct task_struct *task)
7924 ++
7925 ++static int
7926 ++insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted)
7927 +{
7928 -+ if (unlikely(!gr_acl_is_enabled()))
7929 ++ struct name_entry **curr, *nentry;
7930 ++ struct inodev_entry *ientry;
7931 ++ unsigned int len = strlen(name);
7932 ++ unsigned int key = full_name_hash(name, len);
7933 ++ unsigned int index = key % polstate->name_set.n_size;
7934 ++
7935 ++ curr = &polstate->name_set.n_hash[index];
7936 ++
7937 ++ while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len)))
7938 ++ curr = &((*curr)->next);
7939 ++
7940 ++ if (*curr != NULL)
7941 ++ return 1;
7942 ++
7943 ++ nentry = acl_alloc(sizeof (struct name_entry));
7944 ++ if (nentry == NULL)
7945 ++ return 0;
7946 ++ ientry = acl_alloc(sizeof (struct inodev_entry));
7947 ++ if (ientry == NULL)
7948 + return 0;
7949 ++ ientry->nentry = nentry;
7950 +
7951 -+ if (task != current && task->acl->mode & GR_PROTPROCFD)
7952 -+ return -EACCES;
7953 ++ nentry->key = key;
7954 ++ nentry->name = name;
7955 ++ nentry->inode = inode;
7956 ++ nentry->device = device;
7957 ++ nentry->len = len;
7958 ++ nentry->deleted = deleted;
7959 +
7960 -+ return 0;
7961 ++ nentry->prev = NULL;
7962 ++ curr = &polstate->name_set.n_hash[index];
7963 ++ if (*curr != NULL)
7964 ++ (*curr)->prev = nentry;
7965 ++ nentry->next = *curr;
7966 ++ *curr = nentry;
7967 ++
7968 ++ /* insert us into the table searchable by inode/dev */
7969 ++ __insert_inodev_entry(polstate, ientry);
7970 ++
7971 ++ return 1;
7972 +}
7973 -diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
7974 -new file mode 100644
7975 -index 0000000..f056b81
7976 ---- /dev/null
7977 -+++ b/grsecurity/gracl_ip.c
7978 -@@ -0,0 +1,386 @@
7979 -+#include <linux/kernel.h>
7980 -+#include <asm/uaccess.h>
7981 -+#include <asm/errno.h>
7982 -+#include <net/sock.h>
7983 -+#include <linux/file.h>
7984 -+#include <linux/fs.h>
7985 -+#include <linux/net.h>
7986 -+#include <linux/in.h>
7987 -+#include <linux/skbuff.h>
7988 -+#include <linux/ip.h>
7989 -+#include <linux/udp.h>
7990 -+#include <linux/types.h>
7991 -+#include <linux/sched.h>
7992 -+#include <linux/netdevice.h>
7993 -+#include <linux/inetdevice.h>
7994 -+#include <linux/gracl.h>
7995 -+#include <linux/grsecurity.h>
7996 -+#include <linux/grinternal.h>
7997 +
7998 -+#define GR_BIND 0x01
7999 -+#define GR_CONNECT 0x02
8000 -+#define GR_INVERT 0x04
8001 -+#define GR_BINDOVERRIDE 0x08
8002 -+#define GR_CONNECTOVERRIDE 0x10
8003 -+#define GR_SOCK_FAMILY 0x20
8004 ++/* allocating chained hash tables, so optimal size is where lambda ~ 1 */
8005 +
8006 -+static const char * gr_protocols[IPPROTO_MAX] = {
8007 -+ "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt",
8008 -+ "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet",
8009 -+ "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1",
8010 -+ "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp",
8011 -+ "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++",
8012 -+ "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre",
8013 -+ "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile",
8014 -+ "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63",
8015 -+ "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv",
8016 -+ "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak",
8017 -+ "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf",
8018 -+ "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp",
8019 -+ "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim",
8020 -+ "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip",
8021 -+ "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp",
8022 -+ "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup",
8023 -+ "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135",
8024 -+ "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143",
8025 -+ "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151",
8026 -+ "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159",
8027 -+ "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167",
8028 -+ "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175",
8029 -+ "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183",
8030 -+ "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191",
8031 -+ "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199",
8032 -+ "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207",
8033 -+ "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215",
8034 -+ "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223",
8035 -+ "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231",
8036 -+ "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239",
8037 -+ "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247",
8038 -+ "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255",
8039 ++static void *
8040 ++create_table(__u32 * len, int elementsize)
8041 ++{
8042 ++ unsigned int table_sizes[] = {
8043 ++ 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
8044 ++ 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
8045 ++ 4194301, 8388593, 16777213, 33554393, 67108859
8046 + };
8047 ++ void *newtable = NULL;
8048 ++ unsigned int pwr = 0;
8049 +
8050 -+static const char * gr_socktypes[SOCK_MAX] = {
8051 -+ "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6",
8052 -+ "unknown:7", "unknown:8", "unknown:9", "packet"
8053 -+ };
8054 ++ while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
8055 ++ table_sizes[pwr] <= *len)
8056 ++ pwr++;
8057 +
8058 -+static const char * gr_sockfamilies[AF_MAX+1] = {
8059 -+ "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25",
8060 -+ "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash",
8061 -+ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28",
8062 -+ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf"
8063 -+ };
8064 ++ if (table_sizes[pwr] <= *len || (table_sizes[pwr] > ULONG_MAX / elementsize))
8065 ++ return newtable;
8066 +
8067 -+const char *
8068 -+gr_proto_to_name(unsigned char proto)
8069 -+{
8070 -+ return gr_protocols[proto];
8071 -+}
8072 ++ if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE)
8073 ++ newtable =
8074 ++ kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL);
8075 ++ else
8076 ++ newtable = vmalloc(table_sizes[pwr] * elementsize);
8077 +
8078 -+const char *
8079 -+gr_socktype_to_name(unsigned char type)
8080 -+{
8081 -+ return gr_socktypes[type];
8082 -+}
8083 ++ *len = table_sizes[pwr];
8084 +
8085 -+const char *
8086 -+gr_sockfamily_to_name(unsigned char family)
8087 -+{
8088 -+ return gr_sockfamilies[family];
8089 ++ return newtable;
8090 +}
8091 +
8092 -+extern const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
8093 -+
8094 -+int
8095 -+gr_search_socket(const int domain, const int type, const int protocol)
8096 ++static int
8097 ++init_variables(const struct gr_arg *arg, bool reload)
8098 +{
8099 -+ struct acl_subject_label *curr;
8100 -+ const struct cred *cred = current_cred();
8101 -+
8102 -+ if (unlikely(!gr_acl_is_enabled()))
8103 -+ goto exit;
8104 ++ struct task_struct *reaper = init_pid_ns.child_reaper;
8105 ++ unsigned int stacksize;
8106 +
8107 -+ if ((domain < 0) || (type < 0) || (protocol < 0) ||
8108 -+ (domain >= AF_MAX) || (type >= SOCK_MAX) || (protocol >= IPPROTO_MAX))
8109 -+ goto exit; // let the kernel handle it
8110 ++ polstate->subj_map_set.s_size = arg->role_db.num_subjects;
8111 ++ polstate->acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children;
8112 ++ polstate->name_set.n_size = arg->role_db.num_objects;
8113 ++ polstate->inodev_set.i_size = arg->role_db.num_objects;
8114 +
8115 -+ curr = current->acl;
8116 ++ if (!polstate->subj_map_set.s_size || !polstate->acl_role_set.r_size ||
8117 ++ !polstate->name_set.n_size || !polstate->inodev_set.i_size)
8118 ++ return 1;
8119 +
8120 -+ if (curr->sock_families[domain / 32] & (1U << (domain % 32))) {
8121 -+ /* the family is allowed, if this is PF_INET allow it only if
8122 -+ the extra sock type/protocol checks pass */
8123 -+ if (domain == PF_INET)
8124 -+ goto inet_check;
8125 -+ goto exit;
8126 -+ } else {
8127 -+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
8128 -+ __u32 fakeip = 0;
8129 -+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
8130 -+ current->role->roletype, GR_GLOBAL_UID(cred->uid),
8131 -+ GR_GLOBAL_GID(cred->gid), current->exec_file ?
8132 -+ gr_to_filename(current->exec_file->f_path.dentry,
8133 -+ current->exec_file->f_path.mnt) :
8134 -+ curr->filename, curr->filename,
8135 -+ &fakeip, domain, 0, 0, GR_SOCK_FAMILY,
8136 -+ &current->signal->saved_ip);
8137 -+ goto exit;
8138 -+ }
8139 -+ goto exit_fail;
8140 ++ if (!reload) {
8141 ++ if (!gr_init_uidset())
8142 ++ return 1;
8143 + }
8144 +
8145 -+inet_check:
8146 -+ /* the rest of this checking is for IPv4 only */
8147 -+ if (!curr->ips)
8148 -+ goto exit;
8149 ++ /* set up the stack that holds allocation info */
8150 +
8151 -+ if ((curr->ip_type & (1U << type)) &&
8152 -+ (curr->ip_proto[protocol / 32] & (1U << (protocol % 32))))
8153 -+ goto exit;
8154 ++ stacksize = arg->role_db.num_pointers + 5;
8155 +
8156 -+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
8157 -+ /* we don't place acls on raw sockets , and sometimes
8158 -+ dgram/ip sockets are opened for ioctl and not
8159 -+ bind/connect, so we'll fake a bind learn log */
8160 -+ if (type == SOCK_RAW || type == SOCK_PACKET) {
8161 -+ __u32 fakeip = 0;
8162 -+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
8163 -+ current->role->roletype, GR_GLOBAL_UID(cred->uid),
8164 -+ GR_GLOBAL_GID(cred->gid), current->exec_file ?
8165 -+ gr_to_filename(current->exec_file->f_path.dentry,
8166 -+ current->exec_file->f_path.mnt) :
8167 -+ curr->filename, curr->filename,
8168 -+ &fakeip, 0, type,
8169 -+ protocol, GR_CONNECT, &current->signal->saved_ip);
8170 -+ } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
8171 -+ __u32 fakeip = 0;
8172 -+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
8173 -+ current->role->roletype, GR_GLOBAL_UID(cred->uid),
8174 -+ GR_GLOBAL_GID(cred->gid), current->exec_file ?
8175 -+ gr_to_filename(current->exec_file->f_path.dentry,
8176 -+ current->exec_file->f_path.mnt) :
8177 -+ curr->filename, curr->filename,
8178 -+ &fakeip, 0, type,
8179 -+ protocol, GR_BIND, &current->signal->saved_ip);
8180 -+ }
8181 -+ /* we'll log when they use connect or bind */
8182 -+ goto exit;
8183 ++ if (!acl_alloc_stack_init(stacksize))
8184 ++ return 1;
8185 ++
8186 ++ if (!reload) {
8187 ++ /* grab reference for the real root dentry and vfsmount */
8188 ++ get_fs_root(reaper->fs, &gr_real_root);
8189 ++
8190 ++#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
8191 ++ printk(KERN_ALERT "Obtained real root device=%d, inode=%lu\n", __get_dev(gr_real_root.dentry), gr_real_root.dentry->d_inode->i_ino);
8192 ++#endif
8193 ++
8194 ++ fakefs_obj_rw = acl_alloc(sizeof(struct acl_object_label));
8195 ++ if (fakefs_obj_rw == NULL)
8196 ++ return 1;
8197 ++ fakefs_obj_rw->mode = GR_FIND | GR_READ | GR_WRITE;
8198 ++
8199 ++ fakefs_obj_rwx = acl_alloc(sizeof(struct acl_object_label));
8200 ++ if (fakefs_obj_rwx == NULL)
8201 ++ return 1;
8202 ++ fakefs_obj_rwx->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC;
8203 + }
8204 +
8205 -+exit_fail:
8206 -+ if (domain == PF_INET)
8207 -+ gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(domain),
8208 -+ gr_socktype_to_name(type), gr_proto_to_name(protocol));
8209 -+ else if (rcu_access_pointer(net_families[domain]) != NULL)
8210 -+ gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(domain),
8211 -+ gr_socktype_to_name(type), protocol);
8212 ++ polstate->subj_map_set.s_hash =
8213 ++ (struct subject_map **) create_table(&polstate->subj_map_set.s_size, sizeof(void *));
8214 ++ polstate->acl_role_set.r_hash =
8215 ++ (struct acl_role_label **) create_table(&polstate->acl_role_set.r_size, sizeof(void *));
8216 ++ polstate->name_set.n_hash = (struct name_entry **) create_table(&polstate->name_set.n_size, sizeof(void *));
8217 ++ polstate->inodev_set.i_hash =
8218 ++ (struct inodev_entry **) create_table(&polstate->inodev_set.i_size, sizeof(void *));
8219 ++
8220 ++ if (!polstate->subj_map_set.s_hash || !polstate->acl_role_set.r_hash ||
8221 ++ !polstate->name_set.n_hash || !polstate->inodev_set.i_hash)
8222 ++ return 1;
8223 ++
8224 ++ memset(polstate->subj_map_set.s_hash, 0,
8225 ++ sizeof(struct subject_map *) * polstate->subj_map_set.s_size);
8226 ++ memset(polstate->acl_role_set.r_hash, 0,
8227 ++ sizeof (struct acl_role_label *) * polstate->acl_role_set.r_size);
8228 ++ memset(polstate->name_set.n_hash, 0,
8229 ++ sizeof (struct name_entry *) * polstate->name_set.n_size);
8230 ++ memset(polstate->inodev_set.i_hash, 0,
8231 ++ sizeof (struct inodev_entry *) * polstate->inodev_set.i_size);
8232 +
8233 + return 0;
8234 -+exit:
8235 -+ return 1;
8236 +}
8237 +
8238 -+int check_ip_policy(struct acl_ip_label *ip, __u32 ip_addr, __u16 ip_port, __u8 protocol, const int mode, const int type, __u32 our_addr, __u32 our_netmask)
8239 ++/* free information not needed after startup
8240 ++ currently contains user->kernel pointer mappings for subjects
8241 ++*/
8242 ++
8243 ++static void
8244 ++free_init_variables(void)
8245 +{
8246 -+ if ((ip->mode & mode) &&
8247 -+ (ip_port >= ip->low) &&
8248 -+ (ip_port <= ip->high) &&
8249 -+ ((ntohl(ip_addr) & our_netmask) ==
8250 -+ (ntohl(our_addr) & our_netmask))
8251 -+ && (ip->proto[protocol / 32] & (1U << (protocol % 32)))
8252 -+ && (ip->type & (1U << type))) {
8253 -+ if (ip->mode & GR_INVERT)
8254 -+ return 2; // specifically denied
8255 ++ __u32 i;
8256 ++
8257 ++ if (polstate->subj_map_set.s_hash) {
8258 ++ for (i = 0; i < polstate->subj_map_set.s_size; i++) {
8259 ++ if (polstate->subj_map_set.s_hash[i]) {
8260 ++ kfree(polstate->subj_map_set.s_hash[i]);
8261 ++ polstate->subj_map_set.s_hash[i] = NULL;
8262 ++ }
8263 ++ }
8264 ++
8265 ++ if ((polstate->subj_map_set.s_size * sizeof (struct subject_map *)) <=
8266 ++ PAGE_SIZE)
8267 ++ kfree(polstate->subj_map_set.s_hash);
8268 + else
8269 -+ return 1; // allowed
8270 ++ vfree(polstate->subj_map_set.s_hash);
8271 + }
8272 +
8273 -+ return 0; // not specifically allowed, may continue parsing
8274 ++ return;
8275 +}
8276 +
8277 -+static int
8278 -+gr_search_connectbind(const int full_mode, struct sock *sk,
8279 -+ struct sockaddr_in *addr, const int type)
8280 ++static void
8281 ++free_variables(bool reload)
8282 +{
8283 -+ char iface[IFNAMSIZ] = {0};
8284 -+ struct acl_subject_label *curr;
8285 -+ struct acl_ip_label *ip;
8286 -+ struct inet_sock *isk;
8287 -+ struct net_device *dev;
8288 -+ struct in_device *idev;
8289 -+ unsigned long i;
8290 -+ int ret;
8291 -+ int mode = full_mode & (GR_BIND | GR_CONNECT);
8292 -+ __u32 ip_addr = 0;
8293 -+ __u32 our_addr;
8294 -+ __u32 our_netmask;
8295 -+ char *p;
8296 -+ __u16 ip_port = 0;
8297 -+ const struct cred *cred = current_cred();
8298 ++ struct acl_subject_label *s;
8299 ++ struct acl_role_label *r;
8300 ++ struct task_struct *task, *task2;
8301 ++ unsigned int x;
8302 +
8303 -+ if (unlikely(!gr_acl_is_enabled() || sk->sk_family != PF_INET))
8304 -+ return 0;
8305 ++ if (!reload) {
8306 ++ gr_clear_learn_entries();
8307 +
8308 -+ curr = current->acl;
8309 -+ isk = inet_sk(sk);
8310 ++ read_lock(&tasklist_lock);
8311 ++ do_each_thread(task2, task) {
8312 ++ task->acl_sp_role = 0;
8313 ++ task->acl_role_id = 0;
8314 ++ task->inherited = 0;
8315 ++ task->acl = NULL;
8316 ++ task->role = NULL;
8317 ++ } while_each_thread(task2, task);
8318 ++ read_unlock(&tasklist_lock);
8319 +
8320 -+ /* INADDR_ANY overriding for binds, inaddr_any_override is already in network order */
8321 -+ if ((full_mode & GR_BINDOVERRIDE) && addr->sin_addr.s_addr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0)
8322 -+ addr->sin_addr.s_addr = curr->inaddr_any_override;
8323 -+ if ((full_mode & GR_CONNECT) && isk->inet_saddr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0) {
8324 -+ struct sockaddr_in saddr;
8325 -+ int err;
8326 ++ /* release the reference to the real root dentry and vfsmount */
8327 ++ path_put(&gr_real_root);
8328 ++ memset(&gr_real_root, 0, sizeof(gr_real_root));
8329 ++ }
8330 +
8331 -+ saddr.sin_family = AF_INET;
8332 -+ saddr.sin_addr.s_addr = curr->inaddr_any_override;
8333 -+ saddr.sin_port = isk->inet_sport;
8334 ++ /* free all object hash tables */
8335 +
8336 -+ err = security_socket_bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
8337 -+ if (err)
8338 -+ return err;
8339 ++ FOR_EACH_ROLE_START(r)
8340 ++ if (r->subj_hash == NULL)
8341 ++ goto next_role;
8342 ++ FOR_EACH_SUBJECT_START(r, s, x)
8343 ++ if (s->obj_hash == NULL)
8344 ++ break;
8345 ++ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
8346 ++ kfree(s->obj_hash);
8347 ++ else
8348 ++ vfree(s->obj_hash);
8349 ++ FOR_EACH_SUBJECT_END(s, x)
8350 ++ FOR_EACH_NESTED_SUBJECT_START(r, s)
8351 ++ if (s->obj_hash == NULL)
8352 ++ break;
8353 ++ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
8354 ++ kfree(s->obj_hash);
8355 ++ else
8356 ++ vfree(s->obj_hash);
8357 ++ FOR_EACH_NESTED_SUBJECT_END(s)
8358 ++ if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
8359 ++ kfree(r->subj_hash);
8360 ++ else
8361 ++ vfree(r->subj_hash);
8362 ++ r->subj_hash = NULL;
8363 ++next_role:
8364 ++ FOR_EACH_ROLE_END(r)
8365 +
8366 -+ err = sk->sk_socket->ops->bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
8367 -+ if (err)
8368 -+ return err;
8369 ++ acl_free_all();
8370 ++
8371 ++ if (polstate->acl_role_set.r_hash) {
8372 ++ if ((polstate->acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
8373 ++ PAGE_SIZE)
8374 ++ kfree(polstate->acl_role_set.r_hash);
8375 ++ else
8376 ++ vfree(polstate->acl_role_set.r_hash);
8377 ++ }
8378 ++ if (polstate->name_set.n_hash) {
8379 ++ if ((polstate->name_set.n_size * sizeof (struct name_entry *)) <=
8380 ++ PAGE_SIZE)
8381 ++ kfree(polstate->name_set.n_hash);
8382 ++ else
8383 ++ vfree(polstate->name_set.n_hash);
8384 + }
8385 +
8386 -+ if (!curr->ips)
8387 -+ return 0;
8388 ++ if (polstate->inodev_set.i_hash) {
8389 ++ if ((polstate->inodev_set.i_size * sizeof (struct inodev_entry *)) <=
8390 ++ PAGE_SIZE)
8391 ++ kfree(polstate->inodev_set.i_hash);
8392 ++ else
8393 ++ vfree(polstate->inodev_set.i_hash);
8394 ++ }
8395 +
8396 -+ ip_addr = addr->sin_addr.s_addr;
8397 -+ ip_port = ntohs(addr->sin_port);
8398 ++ if (!reload)
8399 ++ gr_free_uidset();
8400 +
8401 -+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
8402 -+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
8403 -+ current->role->roletype, GR_GLOBAL_UID(cred->uid),
8404 -+ GR_GLOBAL_GID(cred->gid), current->exec_file ?
8405 -+ gr_to_filename(current->exec_file->f_path.dentry,
8406 -+ current->exec_file->f_path.mnt) :
8407 -+ curr->filename, curr->filename,
8408 -+ &ip_addr, ip_port, type,
8409 -+ sk->sk_protocol, mode, &current->signal->saved_ip);
8410 -+ return 0;
8411 -+ }
8412 ++ memset(&polstate->name_set, 0, sizeof (struct name_db));
8413 ++ memset(&polstate->inodev_set, 0, sizeof (struct inodev_db));
8414 ++ memset(&polstate->acl_role_set, 0, sizeof (struct acl_role_db));
8415 ++ memset(&polstate->subj_map_set, 0, sizeof (struct acl_subj_map_db));
8416 +
8417 -+ for (i = 0; i < curr->ip_num; i++) {
8418 -+ ip = *(curr->ips + i);
8419 -+ if (ip->iface != NULL) {
8420 -+ strncpy(iface, ip->iface, IFNAMSIZ - 1);
8421 -+ p = strchr(iface, ':');
8422 -+ if (p != NULL)
8423 -+ *p = '\0';
8424 -+ dev = dev_get_by_name(sock_net(sk), iface);
8425 -+ if (dev == NULL)
8426 -+ continue;
8427 -+ idev = in_dev_get(dev);
8428 -+ if (idev == NULL) {
8429 -+ dev_put(dev);
8430 -+ continue;
8431 -+ }
8432 -+ rcu_read_lock();
8433 -+ for_ifa(idev) {
8434 -+ if (!strcmp(ip->iface, ifa->ifa_label)) {
8435 -+ our_addr = ifa->ifa_address;
8436 -+ our_netmask = 0xffffffff;
8437 -+ ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
8438 -+ if (ret == 1) {
8439 -+ rcu_read_unlock();
8440 -+ in_dev_put(idev);
8441 -+ dev_put(dev);
8442 -+ return 0;
8443 -+ } else if (ret == 2) {
8444 -+ rcu_read_unlock();
8445 -+ in_dev_put(idev);
8446 -+ dev_put(dev);
8447 -+ goto denied;
8448 -+ }
8449 ++ polstate->default_role = NULL;
8450 ++ polstate->kernel_role = NULL;
8451 ++ polstate->role_list = NULL;
8452 ++
8453 ++ return;
8454 ++}
8455 ++
8456 ++static struct acl_subject_label *
8457 ++do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied);
8458 ++
8459 ++static int alloc_and_copy_string(char **name, unsigned int maxlen)
8460 ++{
8461 ++ unsigned int len = strnlen_user(*name, maxlen);
8462 ++ char *tmp;
8463 ++
8464 ++ if (!len || len >= maxlen)
8465 ++ return -EINVAL;
8466 ++
8467 ++ if ((tmp = (char *) acl_alloc(len)) == NULL)
8468 ++ return -ENOMEM;
8469 ++
8470 ++ if (copy_from_user(tmp, *name, len))
8471 ++ return -EFAULT;
8472 ++
8473 ++ tmp[len-1] = '\0';
8474 ++ *name = tmp;
8475 ++
8476 ++ return 0;
8477 ++}
8478 ++
8479 ++static int
8480 ++copy_user_glob(struct acl_object_label *obj)
8481 ++{
8482 ++ struct acl_object_label *g_tmp, **guser;
8483 ++ int error;
8484 ++
8485 ++ if (obj->globbed == NULL)
8486 ++ return 0;
8487 ++
8488 ++ guser = &obj->globbed;
8489 ++ while (*guser) {
8490 ++ g_tmp = (struct acl_object_label *)
8491 ++ acl_alloc(sizeof (struct acl_object_label));
8492 ++ if (g_tmp == NULL)
8493 ++ return -ENOMEM;
8494 ++
8495 ++ if (copy_acl_object_label(g_tmp, *guser))
8496 ++ return -EFAULT;
8497 ++
8498 ++ error = alloc_and_copy_string(&g_tmp->filename, PATH_MAX);
8499 ++ if (error)
8500 ++ return error;
8501 ++
8502 ++ *guser = g_tmp;
8503 ++ guser = &(g_tmp->next);
8504 ++ }
8505 ++
8506 ++ return 0;
8507 ++}
8508 ++
8509 ++static int
8510 ++copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
8511 ++ struct acl_role_label *role)
8512 ++{
8513 ++ struct acl_object_label *o_tmp;
8514 ++ int ret;
8515 ++
8516 ++ while (userp) {
8517 ++ if ((o_tmp = (struct acl_object_label *)
8518 ++ acl_alloc(sizeof (struct acl_object_label))) == NULL)
8519 ++ return -ENOMEM;
8520 ++
8521 ++ if (copy_acl_object_label(o_tmp, userp))
8522 ++ return -EFAULT;
8523 ++
8524 ++ userp = o_tmp->prev;
8525 ++
8526 ++ ret = alloc_and_copy_string(&o_tmp->filename, PATH_MAX);
8527 ++ if (ret)
8528 ++ return ret;
8529 ++
8530 ++ insert_acl_obj_label(o_tmp, subj);
8531 ++ if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
8532 ++ o_tmp->device, (o_tmp->mode & GR_DELETED) ? 1 : 0))
8533 ++ return -ENOMEM;
8534 ++
8535 ++ ret = copy_user_glob(o_tmp);
8536 ++ if (ret)
8537 ++ return ret;
8538 ++
8539 ++ if (o_tmp->nested) {
8540 ++ int already_copied;
8541 ++
8542 ++ o_tmp->nested = do_copy_user_subj(o_tmp->nested, role, &already_copied);
8543 ++ if (IS_ERR(o_tmp->nested))
8544 ++ return PTR_ERR(o_tmp->nested);
8545 ++
8546 ++ /* insert into nested subject list if we haven't copied this one yet
8547 ++ to prevent duplicate entries */
8548 ++ if (!already_copied) {
8549 ++ o_tmp->nested->next = role->hash->first;
8550 ++ role->hash->first = o_tmp->nested;
8551 ++ }
8552 ++ }
8553 ++ }
8554 ++
8555 ++ return 0;
8556 ++}
8557 ++
8558 ++static __u32
8559 ++count_user_subjs(struct acl_subject_label *userp)
8560 ++{
8561 ++ struct acl_subject_label s_tmp;
8562 ++ __u32 num = 0;
8563 ++
8564 ++ while (userp) {
8565 ++ if (copy_acl_subject_label(&s_tmp, userp))
8566 ++ break;
8567 ++
8568 ++ userp = s_tmp.prev;
8569 ++ }
8570 ++
8571 ++ return num;
8572 ++}
8573 ++
8574 ++static int
8575 ++copy_user_allowedips(struct acl_role_label *rolep)
8576 ++{
8577 ++ struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast;
8578 ++
8579 ++ ruserip = rolep->allowed_ips;
8580 ++
8581 ++ while (ruserip) {
8582 ++ rlast = rtmp;
8583 ++
8584 ++ if ((rtmp = (struct role_allowed_ip *)
8585 ++ acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
8586 ++ return -ENOMEM;
8587 ++
8588 ++ if (copy_role_allowed_ip(rtmp, ruserip))
8589 ++ return -EFAULT;
8590 ++
8591 ++ ruserip = rtmp->prev;
8592 ++
8593 ++ if (!rlast) {
8594 ++ rtmp->prev = NULL;
8595 ++ rolep->allowed_ips = rtmp;
8596 ++ } else {
8597 ++ rlast->next = rtmp;
8598 ++ rtmp->prev = rlast;
8599 ++ }
8600 ++
8601 ++ if (!ruserip)
8602 ++ rtmp->next = NULL;
8603 ++ }
8604 ++
8605 ++ return 0;
8606 ++}
8607 ++
8608 ++static int
8609 ++copy_user_transitions(struct acl_role_label *rolep)
8610 ++{
8611 ++ struct role_transition *rusertp, *rtmp = NULL, *rlast;
8612 ++ int error;
8613 ++
8614 ++ rusertp = rolep->transitions;
8615 ++
8616 ++ while (rusertp) {
8617 ++ rlast = rtmp;
8618 ++
8619 ++ if ((rtmp = (struct role_transition *)
8620 ++ acl_alloc(sizeof (struct role_transition))) == NULL)
8621 ++ return -ENOMEM;
8622 ++
8623 ++ if (copy_role_transition(rtmp, rusertp))
8624 ++ return -EFAULT;
8625 ++
8626 ++ rusertp = rtmp->prev;
8627 ++
8628 ++ error = alloc_and_copy_string(&rtmp->rolename, GR_SPROLE_LEN);
8629 ++ if (error)
8630 ++ return error;
8631 ++
8632 ++ if (!rlast) {
8633 ++ rtmp->prev = NULL;
8634 ++ rolep->transitions = rtmp;
8635 ++ } else {
8636 ++ rlast->next = rtmp;
8637 ++ rtmp->prev = rlast;
8638 ++ }
8639 ++
8640 ++ if (!rusertp)
8641 ++ rtmp->next = NULL;
8642 ++ }
8643 ++
8644 ++ return 0;
8645 ++}
8646 ++
8647 ++static __u32 count_user_objs(const struct acl_object_label __user *userp)
8648 ++{
8649 ++ struct acl_object_label o_tmp;
8650 ++ __u32 num = 0;
8651 ++
8652 ++ while (userp) {
8653 ++ if (copy_acl_object_label(&o_tmp, userp))
8654 ++ break;
8655 ++
8656 ++ userp = o_tmp.prev;
8657 ++ num++;
8658 ++ }
8659 ++
8660 ++ return num;
8661 ++}
8662 ++
8663 ++static struct acl_subject_label *
8664 ++do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied)
8665 ++{
8666 ++ struct acl_subject_label *s_tmp = NULL, *s_tmp2;
8667 ++ __u32 num_objs;
8668 ++ struct acl_ip_label **i_tmp, *i_utmp2;
8669 ++ struct gr_hash_struct ghash;
8670 ++ struct subject_map *subjmap;
8671 ++ unsigned int i_num;
8672 ++ int err;
8673 ++
8674 ++ if (already_copied != NULL)
8675 ++ *already_copied = 0;
8676 ++
8677 ++ s_tmp = lookup_subject_map(userp);
8678 ++
8679 ++ /* we've already copied this subject into the kernel, just return
8680 ++ the reference to it, and don't copy it over again
8681 ++ */
8682 ++ if (s_tmp) {
8683 ++ if (already_copied != NULL)
8684 ++ *already_copied = 1;
8685 ++ return(s_tmp);
8686 ++ }
8687 ++
8688 ++ if ((s_tmp = (struct acl_subject_label *)
8689 ++ acl_alloc(sizeof (struct acl_subject_label))) == NULL)
8690 ++ return ERR_PTR(-ENOMEM);
8691 ++
8692 ++ subjmap = (struct subject_map *)kmalloc(sizeof (struct subject_map), GFP_KERNEL);
8693 ++ if (subjmap == NULL)
8694 ++ return ERR_PTR(-ENOMEM);
8695 ++
8696 ++ subjmap->user = userp;
8697 ++ subjmap->kernel = s_tmp;
8698 ++ insert_subj_map_entry(subjmap);
8699 ++
8700 ++ if (copy_acl_subject_label(s_tmp, userp))
8701 ++ return ERR_PTR(-EFAULT);
8702 ++
8703 ++ err = alloc_and_copy_string(&s_tmp->filename, PATH_MAX);
8704 ++ if (err)
8705 ++ return ERR_PTR(err);
8706 ++
8707 ++ if (!strcmp(s_tmp->filename, "/"))
8708 ++ role->root_label = s_tmp;
8709 ++
8710 ++ if (copy_gr_hash_struct(&ghash, s_tmp->hash))
8711 ++ return ERR_PTR(-EFAULT);
8712 ++
8713 ++ /* copy user and group transition tables */
8714 ++
8715 ++ if (s_tmp->user_trans_num) {
8716 ++ uid_t *uidlist;
8717 ++
8718 ++ uidlist = (uid_t *)acl_alloc_num(s_tmp->user_trans_num, sizeof(uid_t));
8719 ++ if (uidlist == NULL)
8720 ++ return ERR_PTR(-ENOMEM);
8721 ++ if (copy_from_user(uidlist, s_tmp->user_transitions, s_tmp->user_trans_num * sizeof(uid_t)))
8722 ++ return ERR_PTR(-EFAULT);
8723 ++
8724 ++ s_tmp->user_transitions = uidlist;
8725 ++ }
8726 ++
8727 ++ if (s_tmp->group_trans_num) {
8728 ++ gid_t *gidlist;
8729 ++
8730 ++ gidlist = (gid_t *)acl_alloc_num(s_tmp->group_trans_num, sizeof(gid_t));
8731 ++ if (gidlist == NULL)
8732 ++ return ERR_PTR(-ENOMEM);
8733 ++ if (copy_from_user(gidlist, s_tmp->group_transitions, s_tmp->group_trans_num * sizeof(gid_t)))
8734 ++ return ERR_PTR(-EFAULT);
8735 ++
8736 ++ s_tmp->group_transitions = gidlist;
8737 ++ }
8738 ++
8739 ++ /* set up object hash table */
8740 ++ num_objs = count_user_objs(ghash.first);
8741 ++
8742 ++ s_tmp->obj_hash_size = num_objs;
8743 ++ s_tmp->obj_hash =
8744 ++ (struct acl_object_label **)
8745 ++ create_table(&(s_tmp->obj_hash_size), sizeof(void *));
8746 ++
8747 ++ if (!s_tmp->obj_hash)
8748 ++ return ERR_PTR(-ENOMEM);
8749 ++
8750 ++ memset(s_tmp->obj_hash, 0,
8751 ++ s_tmp->obj_hash_size *
8752 ++ sizeof (struct acl_object_label *));
8753 ++
8754 ++ /* add in objects */
8755 ++ err = copy_user_objs(ghash.first, s_tmp, role);
8756 ++
8757 ++ if (err)
8758 ++ return ERR_PTR(err);
8759 ++
8760 ++ /* set pointer for parent subject */
8761 ++ if (s_tmp->parent_subject) {
8762 ++ s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role, NULL);
8763 ++
8764 ++ if (IS_ERR(s_tmp2))
8765 ++ return s_tmp2;
8766 ++
8767 ++ s_tmp->parent_subject = s_tmp2;
8768 ++ }
8769 ++
8770 ++ /* add in ip acls */
8771 ++
8772 ++ if (!s_tmp->ip_num) {
8773 ++ s_tmp->ips = NULL;
8774 ++ goto insert;
8775 ++ }
8776 ++
8777 ++ i_tmp =
8778 ++ (struct acl_ip_label **) acl_alloc_num(s_tmp->ip_num,
8779 ++ sizeof (struct acl_ip_label *));
8780 ++
8781 ++ if (!i_tmp)
8782 ++ return ERR_PTR(-ENOMEM);
8783 ++
8784 ++ for (i_num = 0; i_num < s_tmp->ip_num; i_num++) {
8785 ++ *(i_tmp + i_num) =
8786 ++ (struct acl_ip_label *)
8787 ++ acl_alloc(sizeof (struct acl_ip_label));
8788 ++ if (!*(i_tmp + i_num))
8789 ++ return ERR_PTR(-ENOMEM);
8790 ++
8791 ++ if (copy_pointer_from_array(&i_utmp2, i_num, s_tmp->ips))
8792 ++ return ERR_PTR(-EFAULT);
8793 ++
8794 ++ if (copy_acl_ip_label(*(i_tmp + i_num), i_utmp2))
8795 ++ return ERR_PTR(-EFAULT);
8796 ++
8797 ++ if ((*(i_tmp + i_num))->iface == NULL)
8798 ++ continue;
8799 ++
8800 ++ err = alloc_and_copy_string(&(*(i_tmp + i_num))->iface, IFNAMSIZ);
8801 ++ if (err)
8802 ++ return ERR_PTR(err);
8803 ++ }
8804 ++
8805 ++ s_tmp->ips = i_tmp;
8806 ++
8807 ++insert:
8808 ++ if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
8809 ++ s_tmp->device, (s_tmp->mode & GR_DELETED) ? 1 : 0))
8810 ++ return ERR_PTR(-ENOMEM);
8811 ++
8812 ++ return s_tmp;
8813 ++}
8814 ++
8815 ++static int
8816 ++copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role)
8817 ++{
8818 ++ struct acl_subject_label s_pre;
8819 ++ struct acl_subject_label * ret;
8820 ++ int err;
8821 ++
8822 ++ while (userp) {
8823 ++ if (copy_acl_subject_label(&s_pre, userp))
8824 ++ return -EFAULT;
8825 ++
8826 ++ ret = do_copy_user_subj(userp, role, NULL);
8827 ++
8828 ++ err = PTR_ERR(ret);
8829 ++ if (IS_ERR(ret))
8830 ++ return err;
8831 ++
8832 ++ insert_acl_subj_label(ret, role);
8833 ++
8834 ++ userp = s_pre.prev;
8835 ++ }
8836 ++
8837 ++ return 0;
8838 ++}
8839 ++
8840 ++static int
8841 ++copy_user_acl(struct gr_arg *arg)
8842 ++{
8843 ++ struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2;
8844 ++ struct acl_subject_label *subj_list;
8845 ++ struct sprole_pw *sptmp;
8846 ++ struct gr_hash_struct *ghash;
8847 ++ uid_t *domainlist;
8848 ++ unsigned int r_num;
8849 ++ int err = 0;
8850 ++ __u16 i;
8851 ++ __u32 num_subjs;
8852 ++
8853 ++ /* we need a default and kernel role */
8854 ++ if (arg->role_db.num_roles < 2)
8855 ++ return -EINVAL;
8856 ++
8857 ++ /* copy special role authentication info from userspace */
8858 ++
8859 ++ polstate->num_sprole_pws = arg->num_sprole_pws;
8860 ++ polstate->acl_special_roles = (struct sprole_pw **) acl_alloc_num(polstate->num_sprole_pws, sizeof(struct sprole_pw *));
8861 ++
8862 ++ if (!polstate->acl_special_roles && polstate->num_sprole_pws)
8863 ++ return -ENOMEM;
8864 ++
8865 ++ for (i = 0; i < polstate->num_sprole_pws; i++) {
8866 ++ sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
8867 ++ if (!sptmp)
8868 ++ return -ENOMEM;
8869 ++ if (copy_sprole_pw(sptmp, i, arg->sprole_pws))
8870 ++ return -EFAULT;
8871 ++
8872 ++ err = alloc_and_copy_string((char **)&sptmp->rolename, GR_SPROLE_LEN);
8873 ++ if (err)
8874 ++ return err;
8875 ++
8876 ++#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
8877 ++ printk(KERN_ALERT "Copying special role %s\n", sptmp->rolename);
8878 ++#endif
8879 ++
8880 ++ polstate->acl_special_roles[i] = sptmp;
8881 ++ }
8882 ++
8883 ++ r_utmp = (struct acl_role_label **) arg->role_db.r_table;
8884 ++
8885 ++ for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) {
8886 ++ r_tmp = acl_alloc(sizeof (struct acl_role_label));
8887 ++
8888 ++ if (!r_tmp)
8889 ++ return -ENOMEM;
8890 ++
8891 ++ if (copy_pointer_from_array(&r_utmp2, r_num, r_utmp))
8892 ++ return -EFAULT;
8893 ++
8894 ++ if (copy_acl_role_label(r_tmp, r_utmp2))
8895 ++ return -EFAULT;
8896 ++
8897 ++ err = alloc_and_copy_string(&r_tmp->rolename, GR_SPROLE_LEN);
8898 ++ if (err)
8899 ++ return err;
8900 ++
8901 ++ if (!strcmp(r_tmp->rolename, "default")
8902 ++ && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
8903 ++ polstate->default_role = r_tmp;
8904 ++ } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) {
8905 ++ polstate->kernel_role = r_tmp;
8906 ++ }
8907 ++
8908 ++ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL)
8909 ++ return -ENOMEM;
8910 ++
8911 ++ if (copy_gr_hash_struct(ghash, r_tmp->hash))
8912 ++ return -EFAULT;
8913 ++
8914 ++ r_tmp->hash = ghash;
8915 ++
8916 ++ num_subjs = count_user_subjs(r_tmp->hash->first);
8917 ++
8918 ++ r_tmp->subj_hash_size = num_subjs;
8919 ++ r_tmp->subj_hash =
8920 ++ (struct acl_subject_label **)
8921 ++ create_table(&(r_tmp->subj_hash_size), sizeof(void *));
8922 ++
8923 ++ if (!r_tmp->subj_hash)
8924 ++ return -ENOMEM;
8925 ++
8926 ++ err = copy_user_allowedips(r_tmp);
8927 ++ if (err)
8928 ++ return err;
8929 ++
8930 ++ /* copy domain info */
8931 ++ if (r_tmp->domain_children != NULL) {
8932 ++ domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t));
8933 ++ if (domainlist == NULL)
8934 ++ return -ENOMEM;
8935 ++
8936 ++ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t)))
8937 ++ return -EFAULT;
8938 ++
8939 ++ r_tmp->domain_children = domainlist;
8940 ++ }
8941 ++
8942 ++ err = copy_user_transitions(r_tmp);
8943 ++ if (err)
8944 ++ return err;
8945 ++
8946 ++ memset(r_tmp->subj_hash, 0,
8947 ++ r_tmp->subj_hash_size *
8948 ++ sizeof (struct acl_subject_label *));
8949 ++
8950 ++ /* acquire the list of subjects, then NULL out
8951 ++ the list prior to parsing the subjects for this role,
8952 ++ as during this parsing the list is replaced with a list
8953 ++ of *nested* subjects for the role
8954 ++ */
8955 ++ subj_list = r_tmp->hash->first;
8956 ++
8957 ++ /* set nested subject list to null */
8958 ++ r_tmp->hash->first = NULL;
8959 ++
8960 ++ err = copy_user_subjs(subj_list, r_tmp);
8961 ++
8962 ++ if (err)
8963 ++ return err;
8964 ++
8965 ++ insert_acl_role_label(r_tmp);
8966 ++ }
8967 ++
8968 ++ if (polstate->default_role == NULL || polstate->kernel_role == NULL)
8969 ++ return -EINVAL;
8970 ++
8971 ++ return err;
8972 ++}
8973 ++
8974 ++static struct acl_subject_label *gr_get_subject_for_task(struct task_struct *task, const char *filename)
8975 ++{
8976 ++ char *tmpname;
8977 ++ struct acl_subject_label *tmpsubj;
8978 ++ struct file *filp;
8979 ++ struct name_entry *nmatch;
8980 ++
8981 ++ filp = task->exec_file;
8982 ++ if (filp == NULL)
8983 ++ return NULL;
8984 ++
8985 ++ /* the following is to apply the correct subject
8986 ++ on binaries running when the RBAC system
8987 ++ is enabled, when the binaries have been
8988 ++ replaced or deleted since their execution
8989 ++ -----
8990 ++ when the RBAC system starts, the inode/dev
8991 ++ from exec_file will be one the RBAC system
8992 ++ is unaware of. It only knows the inode/dev
8993 ++ of the present file on disk, or the absence
8994 ++ of it.
8995 ++ */
8996 ++
8997 ++ if (filename)
8998 ++ nmatch = __lookup_name_entry(polstate, filename);
8999 ++ else {
9000 ++ preempt_disable();
9001 ++ tmpname = gr_to_filename_rbac(filp->f_path.dentry, filp->f_path.mnt);
9002 ++
9003 ++ nmatch = __lookup_name_entry(polstate, tmpname);
9004 ++ preempt_enable();
9005 ++ }
9006 ++ tmpsubj = NULL;
9007 ++ if (nmatch) {
9008 ++ if (nmatch->deleted)
9009 ++ tmpsubj = lookup_acl_subj_label_deleted(nmatch->inode, nmatch->device, task->role);
9010 ++ else
9011 ++ tmpsubj = lookup_acl_subj_label(nmatch->inode, nmatch->device, task->role);
9012 ++ }
9013 ++ /* this also works for the reload case -- if we don't match a potentially inherited subject
9014 ++ then we fall back to a normal lookup based on the binary's ino/dev
9015 ++ */
9016 ++ if (tmpsubj == NULL)
9017 ++ tmpsubj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt,
9018 ++ task->role);
9019 ++
9020 ++ return tmpsubj;
9021 ++}
9022 ++
9023 ++static int gracl_reload_apply_policies(void *reload)
9024 ++{
9025 ++ struct gr_reload_state *reload_state = (struct gr_reload_state *)reload;
9026 ++ struct task_struct *task, *task2;
9027 ++ struct acl_role_label *role, *rtmp;
9028 ++ struct acl_subject_label *subj;
9029 ++ const struct cred *cred;
9030 ++ int role_applied;
9031 ++ int ret = 0;
9032 ++
9033 ++ memcpy(&reload_state->oldpolicy, reload_state->oldpolicy_ptr, sizeof(struct gr_reload_state));
9034 ++ memcpy(&reload_state->oldalloc, reload_state->oldalloc_ptr, sizeof(struct gr_alloc_state));
9035 ++
9036 ++ /* first make sure we'll be able to apply the new policy cleanly */
9037 ++ do_each_thread(task2, task) {
9038 ++ if (task->exec_file == NULL)
9039 ++ continue;
9040 ++ role_applied = 0;
9041 ++ if (!reload_state->oldmode && task->role->roletype & GR_ROLE_SPECIAL) {
9042 ++ /* preserve special roles */
9043 ++ FOR_EACH_ROLE_START(role)
9044 ++ if ((role->roletype & GR_ROLE_SPECIAL) && !strcmp(task->role->rolename, role->rolename)) {
9045 ++ rtmp = task->role;
9046 ++ task->role = role;
9047 ++ role_applied = 1;
9048 ++ break;
9049 + }
9050 -+ } endfor_ifa(idev);
9051 -+ rcu_read_unlock();
9052 -+ in_dev_put(idev);
9053 -+ dev_put(dev);
9054 ++ FOR_EACH_ROLE_END(role)
9055 ++ }
9056 ++ if (!role_applied) {
9057 ++ cred = __task_cred(task);
9058 ++ rtmp = task->role;
9059 ++ task->role = __lookup_acl_role_label(polstate, task, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid));
9060 ++ }
9061 ++ /* this handles non-nested inherited subjects, nested subjects will still
9062 ++ be dropped currently */
9063 ++ subj = gr_get_subject_for_task(task, task->acl->filename);
9064 ++ task->tmpacl = gr_get_subject_for_task(task, NULL);
9065 ++ /* change the role back so that we've made no modifications to the policy */
9066 ++ task->role = rtmp;
9067 ++
9068 ++ if (subj == NULL || task->tmpacl == NULL) {
9069 ++ ret = -EINVAL;
9070 ++ goto out;
9071 ++ }
9072 ++ } while_each_thread(task2, task);
9073 ++
9074 ++ /* now actually apply the policy */
9075 ++
9076 ++ do_each_thread(task2, task) {
9077 ++ if (task->exec_file) {
9078 ++ role_applied = 0;
9079 ++ if (!reload_state->oldmode && task->role->roletype & GR_ROLE_SPECIAL) {
9080 ++ /* preserve special roles */
9081 ++ FOR_EACH_ROLE_START(role)
9082 ++ if ((role->roletype & GR_ROLE_SPECIAL) && !strcmp(task->role->rolename, role->rolename)) {
9083 ++ task->role = role;
9084 ++ role_applied = 1;
9085 ++ break;
9086 ++ }
9087 ++ FOR_EACH_ROLE_END(role)
9088 ++ }
9089 ++ if (!role_applied) {
9090 ++ cred = __task_cred(task);
9091 ++ task->role = __lookup_acl_role_label(polstate, task, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid));
9092 ++ }
9093 ++ /* this handles non-nested inherited subjects, nested subjects will still
9094 ++ be dropped currently */
9095 ++ if (!reload_state->oldmode && task->inherited)
9096 ++ subj = gr_get_subject_for_task(task, task->acl->filename);
9097 ++ else {
9098 ++ /* looked up and tagged to the task previously */
9099 ++ subj = task->tmpacl;
9100 ++ }
9101 ++ /* subj will be non-null */
9102 ++ __gr_apply_subject_to_task(polstate, task, subj);
9103 ++ if (reload_state->oldmode) {
9104 ++ task->acl_role_id = 0;
9105 ++ task->acl_sp_role = 0;
9106 ++ task->inherited = 0;
9107 ++ }
9108 + } else {
9109 -+ our_addr = ip->addr;
9110 -+ our_netmask = ip->netmask;
9111 -+ ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
9112 -+ if (ret == 1)
9113 -+ return 0;
9114 -+ else if (ret == 2)
9115 -+ goto denied;
9116 ++ // it's a kernel process
9117 ++ task->role = polstate->kernel_role;
9118 ++ task->acl = polstate->kernel_role->root_label;
9119 ++#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
9120 ++ task->acl->mode &= ~GR_PROCFIND;
9121 ++#endif
9122 + }
9123 ++ } while_each_thread(task2, task);
9124 ++
9125 ++ memcpy(reload_state->oldpolicy_ptr, &reload_state->newpolicy, sizeof(struct gr_policy_state));
9126 ++ memcpy(reload_state->oldalloc_ptr, &reload_state->newalloc, sizeof(struct gr_alloc_state));
9127 ++
9128 ++out:
9129 ++
9130 ++ return ret;
9131 ++}
9132 ++
9133 ++static int gracl_reload(struct gr_arg *args, unsigned char oldmode)
9134 ++{
9135 ++ struct gr_reload_state new_reload_state = { };
9136 ++ int err;
9137 ++
9138 ++ new_reload_state.oldpolicy_ptr = polstate;
9139 ++ new_reload_state.oldalloc_ptr = current_alloc_state;
9140 ++ new_reload_state.oldmode = oldmode;
9141 ++
9142 ++ current_alloc_state = &new_reload_state.newalloc;
9143 ++ polstate = &new_reload_state.newpolicy;
9144 ++
9145 ++ /* everything relevant is now saved off, copy in the new policy */
9146 ++ if (init_variables(args, true)) {
9147 ++ gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
9148 ++ err = -ENOMEM;
9149 ++ goto error;
9150 + }
9151 +
9152 -+denied:
9153 -+ if (mode == GR_BIND)
9154 -+ gr_log_int5_str2(GR_DONT_AUDIT, GR_BIND_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
9155 -+ else if (mode == GR_CONNECT)
9156 -+ gr_log_int5_str2(GR_DONT_AUDIT, GR_CONNECT_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
9157 ++ err = copy_user_acl(args);
9158 ++ free_init_variables();
9159 ++ if (err)
9160 ++ goto error;
9161 ++ /* the new policy is copied in, with the old policy available via saved_state
9162 ++ first go through applying roles, making sure to preserve special roles
9163 ++ then apply new subjects, making sure to preserve inherited and nested subjects,
9164 ++ though currently only inherited subjects will be preserved
9165 ++ */
9166 ++ err = stop_machine(gracl_reload_apply_policies, &new_reload_state, NULL);
9167 ++ if (err)
9168 ++ goto error;
9169 +
9170 -+ return -EACCES;
9171 ++ /* we've now applied the new policy, so restore the old policy state to free it */
9172 ++ polstate = &new_reload_state.oldpolicy;
9173 ++ current_alloc_state = &new_reload_state.oldalloc;
9174 ++ free_variables(true);
9175 ++
9176 ++ /* oldpolicy/oldalloc_ptr point to the new policy/alloc states as they were copied
9177 ++ to running_polstate/current_alloc_state inside stop_machine
9178 ++ */
9179 ++ err = 0;
9180 ++ goto out;
9181 ++error:
9182 ++ /* on error of loading the new policy, we'll just keep the previous
9183 ++ policy set around
9184 ++ */
9185 ++ free_variables(true);
9186 ++
9187 ++ /* doesn't affect runtime, but maintains consistent state */
9188 ++out:
9189 ++ polstate = new_reload_state.oldpolicy_ptr;
9190 ++ current_alloc_state = new_reload_state.oldalloc_ptr;
9191 ++
9192 ++ return err;
9193 +}
9194 +
9195 -+int
9196 -+gr_search_connect(struct socket *sock, struct sockaddr_in *addr)
9197 ++static int
9198 ++gracl_init(struct gr_arg *args)
9199 +{
9200 -+ /* always allow disconnection of dgram sockets with connect */
9201 -+ if (addr->sin_family == AF_UNSPEC)
9202 -+ return 0;
9203 -+ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type);
9204 ++ int error = 0;
9205 ++
9206 ++ memcpy(&gr_system_salt, args->salt, sizeof(gr_system_salt));
9207 ++ memcpy(&gr_system_sum, args->sum, sizeof(gr_system_sum));
9208 ++
9209 ++ if (init_variables(args, false)) {
9210 ++ gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
9211 ++ error = -ENOMEM;
9212 ++ goto out;
9213 ++ }
9214 ++
9215 ++ error = copy_user_acl(args);
9216 ++ free_init_variables();
9217 ++ if (error)
9218 ++ goto out;
9219 ++
9220 ++ error = gr_set_acls(0);
9221 ++ if (error)
9222 ++ goto out;
9223 ++
9224 ++ gr_enable_rbac_system();
9225 ++
9226 ++ return 0;
9227 ++
9228 ++out:
9229 ++ free_variables(false);
9230 ++ return error;
9231 +}
9232 +
9233 -+int
9234 -+gr_search_bind(struct socket *sock, struct sockaddr_in *addr)
9235 ++static int
9236 ++lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt,
9237 ++ unsigned char **sum)
9238 +{
9239 -+ return gr_search_connectbind(GR_BIND | GR_BINDOVERRIDE, sock->sk, addr, sock->type);
9240 ++ struct acl_role_label *r;
9241 ++ struct role_allowed_ip *ipp;
9242 ++ struct role_transition *trans;
9243 ++ unsigned int i;
9244 ++ int found = 0;
9245 ++ u32 curr_ip = current->signal->curr_ip;
9246 ++
9247 ++ current->signal->saved_ip = curr_ip;
9248 ++
9249 ++ /* check transition table */
9250 ++
9251 ++ for (trans = current->role->transitions; trans; trans = trans->next) {
9252 ++ if (!strcmp(rolename, trans->rolename)) {
9253 ++ found = 1;
9254 ++ break;
9255 ++ }
9256 ++ }
9257 ++
9258 ++ if (!found)
9259 ++ return 0;
9260 ++
9261 ++ /* handle special roles that do not require authentication
9262 ++ and check ip */
9263 ++
9264 ++ FOR_EACH_ROLE_START(r)
9265 ++ if (!strcmp(rolename, r->rolename) &&
9266 ++ (r->roletype & GR_ROLE_SPECIAL)) {
9267 ++ found = 0;
9268 ++ if (r->allowed_ips != NULL) {
9269 ++ for (ipp = r->allowed_ips; ipp; ipp = ipp->next) {
9270 ++ if ((ntohl(curr_ip) & ipp->netmask) ==
9271 ++ (ntohl(ipp->addr) & ipp->netmask))
9272 ++ found = 1;
9273 ++ }
9274 ++ } else
9275 ++ found = 2;
9276 ++ if (!found)
9277 ++ return 0;
9278 ++
9279 ++ if (((mode == GR_SPROLE) && (r->roletype & GR_ROLE_NOPW)) ||
9280 ++ ((mode == GR_SPROLEPAM) && (r->roletype & GR_ROLE_PAM))) {
9281 ++ *salt = NULL;
9282 ++ *sum = NULL;
9283 ++ return 1;
9284 ++ }
9285 ++ }
9286 ++ FOR_EACH_ROLE_END(r)
9287 ++
9288 ++ for (i = 0; i < polstate->num_sprole_pws; i++) {
9289 ++ if (!strcmp(rolename, polstate->acl_special_roles[i]->rolename)) {
9290 ++ *salt = polstate->acl_special_roles[i]->salt;
9291 ++ *sum = polstate->acl_special_roles[i]->sum;
9292 ++ return 1;
9293 ++ }
9294 ++ }
9295 ++
9296 ++ return 0;
9297 +}
9298 +
9299 -+int gr_search_listen(struct socket *sock)
9300 ++int gr_check_secure_terminal(struct task_struct *task)
9301 +{
9302 -+ struct sock *sk = sock->sk;
9303 -+ struct sockaddr_in addr;
9304 ++ struct task_struct *p, *p2, *p3;
9305 ++ struct files_struct *files;
9306 ++ struct fdtable *fdt;
9307 ++ struct file *our_file = NULL, *file;
9308 ++ int i;
9309 +
9310 -+ addr.sin_addr.s_addr = inet_sk(sk)->inet_saddr;
9311 -+ addr.sin_port = inet_sk(sk)->inet_sport;
9312 ++ if (task->signal->tty == NULL)
9313 ++ return 1;
9314 ++
9315 ++ files = get_files_struct(task);
9316 ++ if (files != NULL) {
9317 ++ rcu_read_lock();
9318 ++ fdt = files_fdtable(files);
9319 ++ for (i=0; i < fdt->max_fds; i++) {
9320 ++ file = fcheck_files(files, i);
9321 ++ if (file && (our_file == NULL) && (file->private_data == task->signal->tty)) {
9322 ++ get_file(file);
9323 ++ our_file = file;
9324 ++ }
9325 ++ }
9326 ++ rcu_read_unlock();
9327 ++ put_files_struct(files);
9328 ++ }
9329 ++
9330 ++ if (our_file == NULL)
9331 ++ return 1;
9332 ++
9333 ++ read_lock(&tasklist_lock);
9334 ++ do_each_thread(p2, p) {
9335 ++ files = get_files_struct(p);
9336 ++ if (files == NULL ||
9337 ++ (p->signal && p->signal->tty == task->signal->tty)) {
9338 ++ if (files != NULL)
9339 ++ put_files_struct(files);
9340 ++ continue;
9341 ++ }
9342 ++ rcu_read_lock();
9343 ++ fdt = files_fdtable(files);
9344 ++ for (i=0; i < fdt->max_fds; i++) {
9345 ++ file = fcheck_files(files, i);
9346 ++ if (file && S_ISCHR(file->f_path.dentry->d_inode->i_mode) &&
9347 ++ file->f_path.dentry->d_inode->i_rdev == our_file->f_path.dentry->d_inode->i_rdev) {
9348 ++ p3 = task;
9349 ++ while (task_pid_nr(p3) > 0) {
9350 ++ if (p3 == p)
9351 ++ break;
9352 ++ p3 = p3->real_parent;
9353 ++ }
9354 ++ if (p3 == p)
9355 ++ break;
9356 ++ gr_log_ttysniff(GR_DONT_AUDIT_GOOD, GR_TTYSNIFF_ACL_MSG, p);
9357 ++ gr_handle_alertkill(p);
9358 ++ rcu_read_unlock();
9359 ++ put_files_struct(files);
9360 ++ read_unlock(&tasklist_lock);
9361 ++ fput(our_file);
9362 ++ return 0;
9363 ++ }
9364 ++ }
9365 ++ rcu_read_unlock();
9366 ++ put_files_struct(files);
9367 ++ } while_each_thread(p2, p);
9368 ++ read_unlock(&tasklist_lock);
9369 +
9370 -+ return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
9371 ++ fput(our_file);
9372 ++ return 1;
9373 +}
9374 +
9375 -+int gr_search_accept(struct socket *sock)
9376 ++ssize_t
9377 ++write_grsec_handler(struct file *file, const char __user * buf, size_t count, loff_t *ppos)
9378 +{
9379 -+ struct sock *sk = sock->sk;
9380 -+ struct sockaddr_in addr;
9381 ++ struct gr_arg_wrapper uwrap;
9382 ++ unsigned char *sprole_salt = NULL;
9383 ++ unsigned char *sprole_sum = NULL;
9384 ++ int error = 0;
9385 ++ int error2 = 0;
9386 ++ size_t req_count = 0;
9387 ++ unsigned char oldmode = 0;
9388 +
9389 -+ addr.sin_addr.s_addr = inet_sk(sk)->inet_saddr;
9390 -+ addr.sin_port = inet_sk(sk)->inet_sport;
9391 ++ mutex_lock(&gr_dev_mutex);
9392 +
9393 -+ return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
9394 -+}
9395 ++ if (gr_acl_is_enabled() && !(current->acl->mode & GR_KERNELAUTH)) {
9396 ++ error = -EPERM;
9397 ++ goto out;
9398 ++ }
9399 +
9400 -+int
9401 -+gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr)
9402 -+{
9403 -+ if (addr)
9404 -+ return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM);
9405 -+ else {
9406 -+ struct sockaddr_in sin;
9407 -+ const struct inet_sock *inet = inet_sk(sk);
9408 ++#ifdef CONFIG_COMPAT
9409 ++ pax_open_kernel();
9410 ++ if (is_compat_task()) {
9411 ++ copy_gr_arg_wrapper = &copy_gr_arg_wrapper_compat;
9412 ++ copy_gr_arg = &copy_gr_arg_compat;
9413 ++ copy_acl_object_label = &copy_acl_object_label_compat;
9414 ++ copy_acl_subject_label = &copy_acl_subject_label_compat;
9415 ++ copy_acl_role_label = &copy_acl_role_label_compat;
9416 ++ copy_acl_ip_label = &copy_acl_ip_label_compat;
9417 ++ copy_role_allowed_ip = &copy_role_allowed_ip_compat;
9418 ++ copy_role_transition = &copy_role_transition_compat;
9419 ++ copy_sprole_pw = &copy_sprole_pw_compat;
9420 ++ copy_gr_hash_struct = &copy_gr_hash_struct_compat;
9421 ++ copy_pointer_from_array = &copy_pointer_from_array_compat;
9422 ++ get_gr_arg_wrapper_size = &get_gr_arg_wrapper_size_compat;
9423 ++ } else {
9424 ++ copy_gr_arg_wrapper = &copy_gr_arg_wrapper_normal;
9425 ++ copy_gr_arg = &copy_gr_arg_normal;
9426 ++ copy_acl_object_label = &copy_acl_object_label_normal;
9427 ++ copy_acl_subject_label = &copy_acl_subject_label_normal;
9428 ++ copy_acl_role_label = &copy_acl_role_label_normal;
9429 ++ copy_acl_ip_label = &copy_acl_ip_label_normal;
9430 ++ copy_role_allowed_ip = &copy_role_allowed_ip_normal;
9431 ++ copy_role_transition = &copy_role_transition_normal;
9432 ++ copy_sprole_pw = &copy_sprole_pw_normal;
9433 ++ copy_gr_hash_struct = &copy_gr_hash_struct_normal;
9434 ++ copy_pointer_from_array = &copy_pointer_from_array_normal;
9435 ++ get_gr_arg_wrapper_size = &get_gr_arg_wrapper_size_normal;
9436 ++ }
9437 ++ pax_close_kernel();
9438 ++#endif
9439 +
9440 -+ sin.sin_addr.s_addr = inet->inet_daddr;
9441 -+ sin.sin_port = inet->inet_dport;
9442 ++ req_count = get_gr_arg_wrapper_size();
9443 +
9444 -+ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
9445 ++ if (count != req_count) {
9446 ++ gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)req_count);
9447 ++ error = -EINVAL;
9448 ++ goto out;
9449 + }
9450 -+}
9451 -+
9452 -+int
9453 -+gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb)
9454 -+{
9455 -+ struct sockaddr_in sin;
9456 +
9457 -+ if (unlikely(skb->len < sizeof (struct udphdr)))
9458 -+ return 0; // skip this packet
9459 ++
9460 ++ if (gr_auth_expires && time_after_eq(get_seconds(), gr_auth_expires)) {
9461 ++ gr_auth_expires = 0;
9462 ++ gr_auth_attempts = 0;
9463 ++ }
9464 +
9465 -+ sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
9466 -+ sin.sin_port = udp_hdr(skb)->source;
9467 ++ error = copy_gr_arg_wrapper(buf, &uwrap);
9468 ++ if (error)
9469 ++ goto out;
9470 +
9471 -+ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
9472 -+}
9473 -diff --git a/grsecurity/gracl_learn.c b/grsecurity/gracl_learn.c
9474 -new file mode 100644
9475 -index 0000000..25f54ef
9476 ---- /dev/null
9477 -+++ b/grsecurity/gracl_learn.c
9478 -@@ -0,0 +1,207 @@
9479 -+#include <linux/kernel.h>
9480 -+#include <linux/mm.h>
9481 -+#include <linux/sched.h>
9482 -+#include <linux/poll.h>
9483 -+#include <linux/string.h>
9484 -+#include <linux/file.h>
9485 -+#include <linux/types.h>
9486 -+#include <linux/vmalloc.h>
9487 -+#include <linux/grinternal.h>
9488 ++ error = copy_gr_arg(uwrap.arg, &gr_usermode);
9489 ++ if (error)
9490 ++ goto out;
9491 +
9492 -+extern ssize_t write_grsec_handler(struct file * file, const char __user * buf,
9493 -+ size_t count, loff_t *ppos);
9494 -+extern int gr_acl_is_enabled(void);
9495 ++ if (gr_usermode.mode != GR_SPROLE && gr_usermode.mode != GR_SPROLEPAM &&
9496 ++ gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
9497 ++ time_after(gr_auth_expires, get_seconds())) {
9498 ++ error = -EBUSY;
9499 ++ goto out;
9500 ++ }
9501 +
9502 -+static DECLARE_WAIT_QUEUE_HEAD(learn_wait);
9503 -+static int gr_learn_attached;
9504 ++ /* if non-root trying to do anything other than use a special role,
9505 ++ do not attempt authentication, do not count towards authentication
9506 ++ locking
9507 ++ */
9508 +
9509 -+/* use a 512k buffer */
9510 -+#define LEARN_BUFFER_SIZE (512 * 1024)
9511 ++ if (gr_usermode.mode != GR_SPROLE && gr_usermode.mode != GR_STATUS &&
9512 ++ gr_usermode.mode != GR_UNSPROLE && gr_usermode.mode != GR_SPROLEPAM &&
9513 ++ gr_is_global_nonroot(current_uid())) {
9514 ++ error = -EPERM;
9515 ++ goto out;
9516 ++ }
9517 +
9518 -+static DEFINE_SPINLOCK(gr_learn_lock);
9519 -+static DEFINE_MUTEX(gr_learn_user_mutex);
9520 ++ /* ensure pw and special role name are null terminated */
9521 +
9522 -+/* we need to maintain two buffers, so that the kernel context of grlearn
9523 -+ uses a semaphore around the userspace copying, and the other kernel contexts
9524 -+ use a spinlock when copying into the buffer, since they cannot sleep
9525 -+*/
9526 -+static char *learn_buffer;
9527 -+static char *learn_buffer_user;
9528 -+static int learn_buffer_len;
9529 -+static int learn_buffer_user_len;
9530 ++ gr_usermode.pw[GR_PW_LEN - 1] = '\0';
9531 ++ gr_usermode.sp_role[GR_SPROLE_LEN - 1] = '\0';
9532 +
9533 -+static ssize_t
9534 -+read_learn(struct file *file, char __user * buf, size_t count, loff_t * ppos)
9535 -+{
9536 -+ DECLARE_WAITQUEUE(wait, current);
9537 -+ ssize_t retval = 0;
9538 ++ /* Okay.
9539 ++ * We have our enough of the argument structure..(we have yet
9540 ++ * to copy_from_user the tables themselves) . Copy the tables
9541 ++ * only if we need them, i.e. for loading operations. */
9542 +
9543 -+ add_wait_queue(&learn_wait, &wait);
9544 -+ set_current_state(TASK_INTERRUPTIBLE);
9545 -+ do {
9546 -+ mutex_lock(&gr_learn_user_mutex);
9547 -+ spin_lock(&gr_learn_lock);
9548 -+ if (learn_buffer_len)
9549 -+ break;
9550 -+ spin_unlock(&gr_learn_lock);
9551 -+ mutex_unlock(&gr_learn_user_mutex);
9552 -+ if (file->f_flags & O_NONBLOCK) {
9553 -+ retval = -EAGAIN;
9554 ++ switch (gr_usermode.mode) {
9555 ++ case GR_STATUS:
9556 ++ if (gr_acl_is_enabled()) {
9557 ++ error = 1;
9558 ++ if (!gr_check_secure_terminal(current))
9559 ++ error = 3;
9560 ++ } else
9561 ++ error = 2;
9562 + goto out;
9563 ++ case GR_SHUTDOWN:
9564 ++ if (gr_acl_is_enabled() && !(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) {
9565 ++ stop_machine(gr_rbac_disable, NULL, NULL);
9566 ++ free_variables(false);
9567 ++ memset(&gr_usermode, 0, sizeof(gr_usermode));
9568 ++ memset(&gr_system_salt, 0, sizeof(gr_system_salt));
9569 ++ memset(&gr_system_sum, 0, sizeof(gr_system_sum));
9570 ++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG);
9571 ++ } else if (gr_acl_is_enabled()) {
9572 ++ gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG);
9573 ++ error = -EPERM;
9574 ++ } else {
9575 ++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTI_ACL_MSG);
9576 ++ error = -EAGAIN;
9577 + }
9578 -+ if (signal_pending(current)) {
9579 -+ retval = -ERESTARTSYS;
9580 -+ goto out;
9581 ++ break;
9582 ++ case GR_ENABLE:
9583 ++ if (!gr_acl_is_enabled() && !(error2 = gracl_init(&gr_usermode)))
9584 ++ gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION);
9585 ++ else {
9586 ++ if (gr_acl_is_enabled())
9587 ++ error = -EAGAIN;
9588 ++ else
9589 ++ error = error2;
9590 ++ gr_log_str(GR_DONT_AUDIT, GR_ENABLEF_ACL_MSG, GR_VERSION);
9591 ++ }
9592 ++ break;
9593 ++ case GR_OLDRELOAD:
9594 ++ oldmode = 1;
9595 ++ case GR_RELOAD:
9596 ++ if (!gr_acl_is_enabled()) {
9597 ++ gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION);
9598 ++ error = -EAGAIN;
9599 ++ } else if (!(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) {
9600 ++ error2 = gracl_reload(&gr_usermode, oldmode);
9601 ++ if (!error2)
9602 ++ gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION);
9603 ++ else {
9604 ++ gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
9605 ++ error = error2;
9606 ++ }
9607 ++ } else {
9608 ++ gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
9609 ++ error = -EPERM;
9610 ++ }
9611 ++ break;
9612 ++ case GR_SEGVMOD:
9613 ++ if (unlikely(!gr_acl_is_enabled())) {
9614 ++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODI_ACL_MSG);
9615 ++ error = -EAGAIN;
9616 ++ break;
9617 + }
9618 +
9619 -+ schedule();
9620 -+ } while (1);
9621 -+
9622 -+ memcpy(learn_buffer_user, learn_buffer, learn_buffer_len);
9623 -+ learn_buffer_user_len = learn_buffer_len;
9624 -+ retval = learn_buffer_len;
9625 -+ learn_buffer_len = 0;
9626 -+
9627 -+ spin_unlock(&gr_learn_lock);
9628 ++ if (!(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) {
9629 ++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG);
9630 ++ if (gr_usermode.segv_device && gr_usermode.segv_inode) {
9631 ++ struct acl_subject_label *segvacl;
9632 ++ segvacl =
9633 ++ lookup_acl_subj_label(gr_usermode.segv_inode,
9634 ++ gr_usermode.segv_device,
9635 ++ current->role);
9636 ++ if (segvacl) {
9637 ++ segvacl->crashes = 0;
9638 ++ segvacl->expires = 0;
9639 ++ }
9640 ++ } else if (gr_find_uid(gr_usermode.segv_uid) >= 0) {
9641 ++ gr_remove_uid(gr_usermode.segv_uid);
9642 ++ }
9643 ++ } else {
9644 ++ gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG);
9645 ++ error = -EPERM;
9646 ++ }
9647 ++ break;
9648 ++ case GR_SPROLE:
9649 ++ case GR_SPROLEPAM:
9650 ++ if (unlikely(!gr_acl_is_enabled())) {
9651 ++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SPROLEI_ACL_MSG);
9652 ++ error = -EAGAIN;
9653 ++ break;
9654 ++ }
9655 +
9656 -+ if (copy_to_user(buf, learn_buffer_user, learn_buffer_user_len))
9657 -+ retval = -EFAULT;
9658 ++ if (current->role->expires && time_after_eq(get_seconds(), current->role->expires)) {
9659 ++ current->role->expires = 0;
9660 ++ current->role->auth_attempts = 0;
9661 ++ }
9662 +
9663 -+ mutex_unlock(&gr_learn_user_mutex);
9664 -+out:
9665 -+ set_current_state(TASK_RUNNING);
9666 -+ remove_wait_queue(&learn_wait, &wait);
9667 -+ return retval;
9668 -+}
9669 ++ if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
9670 ++ time_after(current->role->expires, get_seconds())) {
9671 ++ error = -EBUSY;
9672 ++ goto out;
9673 ++ }
9674 +
9675 -+static unsigned int
9676 -+poll_learn(struct file * file, poll_table * wait)
9677 -+{
9678 -+ poll_wait(file, &learn_wait, wait);
9679 ++ if (lookup_special_role_auth
9680 ++ (gr_usermode.mode, gr_usermode.sp_role, &sprole_salt, &sprole_sum)
9681 ++ && ((!sprole_salt && !sprole_sum)
9682 ++ || !(chkpw(&gr_usermode, sprole_salt, sprole_sum)))) {
9683 ++ char *p = "";
9684 ++ assign_special_role(gr_usermode.sp_role);
9685 ++ read_lock(&tasklist_lock);
9686 ++ if (current->real_parent)
9687 ++ p = current->real_parent->role->rolename;
9688 ++ read_unlock(&tasklist_lock);
9689 ++ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG,
9690 ++ p, acl_sp_role_value);
9691 ++ } else {
9692 ++ gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode.sp_role);
9693 ++ error = -EPERM;
9694 ++ if(!(current->role->auth_attempts++))
9695 ++ current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
9696 +
9697 -+ if (learn_buffer_len)
9698 -+ return (POLLIN | POLLRDNORM);
9699 ++ goto out;
9700 ++ }
9701 ++ break;
9702 ++ case GR_UNSPROLE:
9703 ++ if (unlikely(!gr_acl_is_enabled())) {
9704 ++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_UNSPROLEI_ACL_MSG);
9705 ++ error = -EAGAIN;
9706 ++ break;
9707 ++ }
9708 +
9709 -+ return 0;
9710 -+}
9711 ++ if (current->role->roletype & GR_ROLE_SPECIAL) {
9712 ++ char *p = "";
9713 ++ int i = 0;
9714 +
9715 -+void
9716 -+gr_clear_learn_entries(void)
9717 -+{
9718 -+ char *tmp;
9719 ++ read_lock(&tasklist_lock);
9720 ++ if (current->real_parent) {
9721 ++ p = current->real_parent->role->rolename;
9722 ++ i = current->real_parent->acl_role_id;
9723 ++ }
9724 ++ read_unlock(&tasklist_lock);
9725 +
9726 -+ mutex_lock(&gr_learn_user_mutex);
9727 -+ spin_lock(&gr_learn_lock);
9728 -+ tmp = learn_buffer;
9729 -+ learn_buffer = NULL;
9730 -+ spin_unlock(&gr_learn_lock);
9731 -+ if (tmp)
9732 -+ vfree(tmp);
9733 -+ if (learn_buffer_user != NULL) {
9734 -+ vfree(learn_buffer_user);
9735 -+ learn_buffer_user = NULL;
9736 ++ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_UNSPROLES_ACL_MSG, p, i);
9737 ++ gr_set_acls(1);
9738 ++ } else {
9739 ++ error = -EPERM;
9740 ++ goto out;
9741 ++ }
9742 ++ break;
9743 ++ default:
9744 ++ gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode.mode);
9745 ++ error = -EINVAL;
9746 ++ break;
9747 + }
9748 -+ learn_buffer_len = 0;
9749 -+ mutex_unlock(&gr_learn_user_mutex);
9750 -+
9751 -+ return;
9752 -+}
9753 +
9754 -+void
9755 -+gr_add_learn_entry(const char *fmt, ...)
9756 -+{
9757 -+ va_list args;
9758 -+ unsigned int len;
9759 ++ if (error != -EPERM)
9760 ++ goto out;
9761 +
9762 -+ if (!gr_learn_attached)
9763 -+ return;
9764 ++ if(!(gr_auth_attempts++))
9765 ++ gr_auth_expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
9766 +
9767 -+ spin_lock(&gr_learn_lock);
9768 ++ out:
9769 ++ mutex_unlock(&gr_dev_mutex);
9770 +
9771 -+ /* leave a gap at the end so we know when it's "full" but don't have to
9772 -+ compute the exact length of the string we're trying to append
9773 -+ */
9774 -+ if (learn_buffer_len > LEARN_BUFFER_SIZE - 16384) {
9775 -+ spin_unlock(&gr_learn_lock);
9776 -+ wake_up_interruptible(&learn_wait);
9777 -+ return;
9778 -+ }
9779 -+ if (learn_buffer == NULL) {
9780 -+ spin_unlock(&gr_learn_lock);
9781 -+ return;
9782 -+ }
9783 ++ if (!error)
9784 ++ error = req_count;
9785 +
9786 -+ va_start(args, fmt);
9787 -+ len = vsnprintf(learn_buffer + learn_buffer_len, LEARN_BUFFER_SIZE - learn_buffer_len, fmt, args);
9788 -+ va_end(args);
9789 ++ return error;
9790 ++}
9791 +
9792 -+ learn_buffer_len += len + 1;
9793 ++int
9794 ++gr_set_acls(const int type)
9795 ++{
9796 ++ struct task_struct *task, *task2;
9797 ++ struct acl_role_label *role = current->role;
9798 ++ struct acl_subject_label *subj;
9799 ++ __u16 acl_role_id = current->acl_role_id;
9800 ++ const struct cred *cred;
9801 ++ int ret;
9802 +
9803 -+ spin_unlock(&gr_learn_lock);
9804 -+ wake_up_interruptible(&learn_wait);
9805 ++ rcu_read_lock();
9806 ++ read_lock(&tasklist_lock);
9807 ++ read_lock(&grsec_exec_file_lock);
9808 ++ do_each_thread(task2, task) {
9809 ++ /* check to see if we're called from the exit handler,
9810 ++ if so, only replace ACLs that have inherited the admin
9811 ++ ACL */
9812 +
9813 -+ return;
9814 -+}
9815 ++ if (type && (task->role != role ||
9816 ++ task->acl_role_id != acl_role_id))
9817 ++ continue;
9818 +
9819 -+static int
9820 -+open_learn(struct inode *inode, struct file *file)
9821 -+{
9822 -+ if (file->f_mode & FMODE_READ && gr_learn_attached)
9823 -+ return -EBUSY;
9824 -+ if (file->f_mode & FMODE_READ) {
9825 -+ int retval = 0;
9826 -+ mutex_lock(&gr_learn_user_mutex);
9827 -+ if (learn_buffer == NULL)
9828 -+ learn_buffer = vmalloc(LEARN_BUFFER_SIZE);
9829 -+ if (learn_buffer_user == NULL)
9830 -+ learn_buffer_user = vmalloc(LEARN_BUFFER_SIZE);
9831 -+ if (learn_buffer == NULL) {
9832 -+ retval = -ENOMEM;
9833 -+ goto out_error;
9834 -+ }
9835 -+ if (learn_buffer_user == NULL) {
9836 -+ retval = -ENOMEM;
9837 -+ goto out_error;
9838 -+ }
9839 -+ learn_buffer_len = 0;
9840 -+ learn_buffer_user_len = 0;
9841 -+ gr_learn_attached = 1;
9842 -+out_error:
9843 -+ mutex_unlock(&gr_learn_user_mutex);
9844 -+ return retval;
9845 -+ }
9846 -+ return 0;
9847 -+}
9848 ++ task->acl_role_id = 0;
9849 ++ task->acl_sp_role = 0;
9850 ++ task->inherited = 0;
9851 +
9852 -+static int
9853 -+close_learn(struct inode *inode, struct file *file)
9854 -+{
9855 -+ if (file->f_mode & FMODE_READ) {
9856 -+ char *tmp = NULL;
9857 -+ mutex_lock(&gr_learn_user_mutex);
9858 -+ spin_lock(&gr_learn_lock);
9859 -+ tmp = learn_buffer;
9860 -+ learn_buffer = NULL;
9861 -+ spin_unlock(&gr_learn_lock);
9862 -+ if (tmp)
9863 -+ vfree(tmp);
9864 -+ if (learn_buffer_user != NULL) {
9865 -+ vfree(learn_buffer_user);
9866 -+ learn_buffer_user = NULL;
9867 ++ if (task->exec_file) {
9868 ++ cred = __task_cred(task);
9869 ++ task->role = __lookup_acl_role_label(polstate, task, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid));
9870 ++ subj = gr_get_subject_for_task(task, NULL);
9871 ++ if (subj == NULL) {
9872 ++ ret = -EINVAL;
9873 ++ read_unlock(&grsec_exec_file_lock);
9874 ++ read_unlock(&tasklist_lock);
9875 ++ rcu_read_unlock();
9876 ++ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task_pid_nr(task));
9877 ++ return ret;
9878 ++ }
9879 ++ __gr_apply_subject_to_task(polstate, task, subj);
9880 ++ } else {
9881 ++ // it's a kernel process
9882 ++ task->role = polstate->kernel_role;
9883 ++ task->acl = polstate->kernel_role->root_label;
9884 ++#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
9885 ++ task->acl->mode &= ~GR_PROCFIND;
9886 ++#endif
9887 + }
9888 -+ learn_buffer_len = 0;
9889 -+ learn_buffer_user_len = 0;
9890 -+ gr_learn_attached = 0;
9891 -+ mutex_unlock(&gr_learn_user_mutex);
9892 -+ }
9893 ++ } while_each_thread(task2, task);
9894 ++ read_unlock(&grsec_exec_file_lock);
9895 ++ read_unlock(&tasklist_lock);
9896 ++ rcu_read_unlock();
9897 +
9898 + return 0;
9899 +}
9900 -+
9901 -+const struct file_operations grsec_fops = {
9902 -+ .read = read_learn,
9903 -+ .write = write_grsec_handler,
9904 -+ .open = open_learn,
9905 -+ .release = close_learn,
9906 -+ .poll = poll_learn,
9907 -+};
9908 diff --git a/grsecurity/gracl_res.c b/grsecurity/gracl_res.c
9909 new file mode 100644
9910 index 0000000..39645c9
9911 @@ -68011,10 +68307,10 @@ index 0000000..39645c9
9912 +}
9913 diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
9914 new file mode 100644
9915 -index 0000000..3c38bfe
9916 +index 0000000..2040e61
9917 --- /dev/null
9918 +++ b/grsecurity/gracl_segv.c
9919 -@@ -0,0 +1,305 @@
9920 +@@ -0,0 +1,313 @@
9921 +#include <linux/kernel.h>
9922 +#include <linux/mm.h>
9923 +#include <asm/uaccess.h>
9924 @@ -68071,8 +68367,16 @@ index 0000000..3c38bfe
9925 +void
9926 +gr_free_uidset(void)
9927 +{
9928 -+ if (uid_set)
9929 -+ kfree(uid_set);
9930 ++ if (uid_set) {
9931 ++ struct crash_uid *tmpset;
9932 ++ spin_lock(&gr_uid_lock);
9933 ++ tmpset = uid_set;
9934 ++ uid_set = NULL;
9935 ++ uid_used = 0;
9936 ++ spin_unlock(&gr_uid_lock);
9937 ++ if (tmpset)
9938 ++ kfree(tmpset);
9939 ++ }
9940 +
9941 + return;
9942 +}
9943 @@ -68393,7 +68697,7 @@ index 0000000..bc0be01
9944 +}
9945 diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c
9946 new file mode 100644
9947 -index 0000000..bd6e105
9948 +index 0000000..e10b319
9949 --- /dev/null
9950 +++ b/grsecurity/grsec_chroot.c
9951 @@ -0,0 +1,370 @@
9952 @@ -68409,7 +68713,7 @@ index 0000000..bd6e105
9953 +#include <linux/grinternal.h>
9954 +
9955 +#ifdef CONFIG_GRKERNSEC_CHROOT_INITRD
9956 -+static int gr_init_ran;
9957 ++int gr_init_ran;
9958 +#endif
9959 +
9960 +void gr_set_chroot_entries(struct task_struct *task, const struct path *path)
9961 @@ -68769,10 +69073,10 @@ index 0000000..bd6e105
9962 +}
9963 diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c
9964 new file mode 100644
9965 -index 0000000..ce65ceb
9966 +index 0000000..0866ab2
9967 --- /dev/null
9968 +++ b/grsecurity/grsec_disabled.c
9969 -@@ -0,0 +1,434 @@
9970 +@@ -0,0 +1,427 @@
9971 +#include <linux/kernel.h>
9972 +#include <linux/module.h>
9973 +#include <linux/sched.h>
9974 @@ -69169,12 +69473,6 @@ index 0000000..ce65ceb
9975 + return 0;
9976 +}
9977 +
9978 -+void
9979 -+gr_set_kernel_label(struct task_struct *task)
9980 -+{
9981 -+ return;
9982 -+}
9983 -+
9984 +int
9985 +gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs)
9986 +{
9987 @@ -69202,7 +69500,6 @@ index 0000000..ce65ceb
9988 + return;
9989 +}
9990 +
9991 -+EXPORT_SYMBOL(gr_set_kernel_label);
9992 +#ifdef CONFIG_SECURITY
9993 +EXPORT_SYMBOL(gr_check_user_change);
9994 +EXPORT_SYMBOL(gr_check_group_change);
9995 @@ -69461,10 +69758,10 @@ index 0000000..8ca18bf
9996 +}
9997 diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c
9998 new file mode 100644
9999 -index 0000000..087cf30
10000 +index 0000000..a88e901
10001 --- /dev/null
10002 +++ b/grsecurity/grsec_init.c
10003 -@@ -0,0 +1,287 @@
10004 +@@ -0,0 +1,272 @@
10005 +#include <linux/kernel.h>
10006 +#include <linux/sched.h>
10007 +#include <linux/mm.h>
10008 @@ -69544,10 +69841,6 @@ index 0000000..087cf30
10009 +char *gr_alert_log_buf;
10010 +char *gr_audit_log_buf;
10011 +
10012 -+extern struct gr_arg *gr_usermode;
10013 -+extern unsigned char *gr_system_salt;
10014 -+extern unsigned char *gr_system_sum;
10015 -+
10016 +void __init
10017 +grsecurity_init(void)
10018 +{
10019 @@ -69588,17 +69881,6 @@ index 0000000..087cf30
10020 + return;
10021 + }
10022 +
10023 -+ /* allocate memory for authentication structure */
10024 -+ gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL);
10025 -+ gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL);
10026 -+ gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL);
10027 -+
10028 -+ if (!gr_usermode || !gr_system_salt || !gr_system_sum) {
10029 -+ panic("Unable to allocate grsecurity authentication structure");
10030 -+ return;
10031 -+ }
10032 -+
10033 -+
10034 +#ifdef CONFIG_GRKERNSEC_IO
10035 +#if !defined(CONFIG_GRKERNSEC_SYSCTL_DISTRO)
10036 + grsec_disable_privio = 1;
10037 @@ -73238,10 +73520,10 @@ index 9b4dd49..61fd41d 100644
10038 {
10039 diff --git a/include/linux/gracl.h b/include/linux/gracl.h
10040 new file mode 100644
10041 -index 0000000..ebe6d72
10042 +index 0000000..edb2cb6
10043 --- /dev/null
10044 +++ b/include/linux/gracl.h
10045 -@@ -0,0 +1,319 @@
10046 +@@ -0,0 +1,340 @@
10047 +#ifndef GR_ACL_H
10048 +#define GR_ACL_H
10049 +
10050 @@ -73253,19 +73535,20 @@ index 0000000..ebe6d72
10051 +
10052 +/* Major status information */
10053 +
10054 -+#define GR_VERSION "grsecurity 2.9.1"
10055 -+#define GRSECURITY_VERSION 0x2901
10056 ++#define GR_VERSION "grsecurity 3.0"
10057 ++#define GRSECURITY_VERSION 0x3000
10058 +
10059 +enum {
10060 + GR_SHUTDOWN = 0,
10061 + GR_ENABLE = 1,
10062 + GR_SPROLE = 2,
10063 -+ GR_RELOAD = 3,
10064 ++ GR_OLDRELOAD = 3,
10065 + GR_SEGVMOD = 4,
10066 + GR_STATUS = 5,
10067 + GR_UNSPROLE = 6,
10068 + GR_PASSSET = 7,
10069 + GR_SPROLEPAM = 8,
10070 ++ GR_RELOAD = 9,
10071 +};
10072 +
10073 +/* Password setup definitions
10074 @@ -73494,6 +73777,34 @@ index 0000000..ebe6d72
10075 + __u32 s_size;
10076 +};
10077 +
10078 ++struct gr_policy_state {
10079 ++ struct sprole_pw **acl_special_roles;
10080 ++ __u16 num_sprole_pws;
10081 ++ struct acl_role_label *kernel_role;
10082 ++ struct acl_role_label *role_list;
10083 ++ struct acl_role_label *default_role;
10084 ++ struct acl_role_db acl_role_set;
10085 ++ struct acl_subj_map_db subj_map_set;
10086 ++ struct name_db name_set;
10087 ++ struct inodev_db inodev_set;
10088 ++};
10089 ++
10090 ++struct gr_alloc_state {
10091 ++ unsigned long alloc_stack_next;
10092 ++ unsigned long alloc_stack_size;
10093 ++ void **alloc_stack;
10094 ++};
10095 ++
10096 ++struct gr_reload_state {
10097 ++ struct gr_policy_state oldpolicy;
10098 ++ struct gr_alloc_state oldalloc;
10099 ++ struct gr_policy_state newpolicy;
10100 ++ struct gr_alloc_state newalloc;
10101 ++ struct gr_policy_state *oldpolicy_ptr;
10102 ++ struct gr_alloc_state *oldalloc_ptr;
10103 ++ unsigned char oldmode;
10104 ++};
10105 ++
10106 +/* End Data Structures Section */
10107 +
10108 +/* Hash functions generated by empirical testing by Brad Spengler
10109 @@ -73525,14 +73836,6 @@ index 0000000..ebe6d72
10110 + return full_name_hash((const unsigned char *)name, len) % sz;
10111 +}
10112 +
10113 -+#define FOR_EACH_ROLE_START(role) \
10114 -+ role = role_list; \
10115 -+ while (role) {
10116 -+
10117 -+#define FOR_EACH_ROLE_END(role) \
10118 -+ role = role->prev; \
10119 -+ }
10120 -+
10121 +#define FOR_EACH_SUBJECT_START(role,subj,iter) \
10122 + subj = NULL; \
10123 + iter = 0; \
10124 @@ -73886,10 +74189,10 @@ index 0000000..be66033
10125 +#endif
10126 diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h
10127 new file mode 100644
10128 -index 0000000..a5625be
10129 +index 0000000..d25522e
10130 --- /dev/null
10131 +++ b/include/linux/grinternal.h
10132 -@@ -0,0 +1,230 @@
10133 +@@ -0,0 +1,229 @@
10134 +#ifndef __GRINTERNAL_H
10135 +#define __GRINTERNAL_H
10136 +
10137 @@ -73912,7 +74215,6 @@ index 0000000..a5625be
10138 +int gr_check_protected_task(const struct task_struct *task);
10139 +__u32 to_gr_audit(const __u32 reqmode);
10140 +int gr_set_acls(const int type);
10141 -+int gr_apply_subject_to_task(struct task_struct *task);
10142 +int gr_acl_is_enabled(void);
10143 +char gr_roletype_to_char(void);
10144 +
10145 @@ -74242,10 +74544,10 @@ index 0000000..378a81a
10146 +#define GR_IPC_DENIED_MSG "denied %s of globally-%sable IPC with creator uid %u by "
10147 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
10148 new file mode 100644
10149 -index 0000000..d6f5a21
10150 +index 0000000..b2edfb1
10151 --- /dev/null
10152 +++ b/include/linux/grsecurity.h
10153 -@@ -0,0 +1,244 @@
10154 +@@ -0,0 +1,243 @@
10155 +#ifndef GR_SECURITY_H
10156 +#define GR_SECURITY_H
10157 +#include <linux/fs.h>
10158 @@ -74376,7 +74678,6 @@ index 0000000..d6f5a21
10159 + const struct vfsmount *mnt);
10160 +int gr_check_crash_exec(const struct file *filp);
10161 +int gr_acl_is_enabled(void);
10162 -+void gr_set_kernel_label(struct task_struct *task);
10163 +void gr_set_role_label(struct task_struct *task, const kuid_t uid,
10164 + const kgid_t gid);
10165 +int gr_set_proc_label(const struct dentry *dentry,
10166 @@ -74823,7 +75124,7 @@ index c6e091b..a940adf 100644
10167 extern struct kgdb_arch arch_kgdb_ops;
10168
10169 diff --git a/include/linux/kmod.h b/include/linux/kmod.h
10170 -index 0555cc6..b16a7a4 100644
10171 +index 0555cc6..40116ce 100644
10172 --- a/include/linux/kmod.h
10173 +++ b/include/linux/kmod.h
10174 @@ -34,6 +34,8 @@ extern char modprobe_path[]; /* for sysctl */
10175 @@ -74835,6 +75136,16 @@ index 0555cc6..b16a7a4 100644
10176 #define request_module(mod...) __request_module(true, mod)
10177 #define request_module_nowait(mod...) __request_module(false, mod)
10178 #define try_then_request_module(x, mod...) \
10179 +@@ -57,6 +59,9 @@ struct subprocess_info {
10180 + struct work_struct work;
10181 + struct completion *complete;
10182 + char *path;
10183 ++#ifdef CONFIG_GRKERNSEC
10184 ++ char *origpath;
10185 ++#endif
10186 + char **argv;
10187 + char **envp;
10188 + int wait;
10189 diff --git a/include/linux/kobject.h b/include/linux/kobject.h
10190 index 939b112..ed6ed51 100644
10191 --- a/include/linux/kobject.h
10192 @@ -76221,7 +76532,7 @@ index 6dacb93..6174423 100644
10193 static inline void anon_vma_merge(struct vm_area_struct *vma,
10194 struct vm_area_struct *next)
10195 diff --git a/include/linux/sched.h b/include/linux/sched.h
10196 -index 078066d..4090b3b 100644
10197 +index 078066d..d09659d 100644
10198 --- a/include/linux/sched.h
10199 +++ b/include/linux/sched.h
10200 @@ -62,6 +62,7 @@ struct bio_list;
10201 @@ -76350,7 +76661,7 @@ index 078066d..4090b3b 100644
10202 #ifdef CONFIG_FUTEX
10203 struct robust_list_head __user *robust_list;
10204 #ifdef CONFIG_COMPAT
10205 -@@ -1406,8 +1446,76 @@ struct task_struct {
10206 +@@ -1406,8 +1446,78 @@ struct task_struct {
10207 unsigned int sequential_io;
10208 unsigned int sequential_io_avg;
10209 #endif
10210 @@ -76365,10 +76676,12 @@ index 078066d..4090b3b 100644
10211 +#endif
10212 + struct dentry *gr_chroot_dentry;
10213 + struct acl_subject_label *acl;
10214 ++ struct acl_subject_label *tmpacl;
10215 + struct acl_role_label *role;
10216 + struct file *exec_file;
10217 + unsigned long brute_expires;
10218 + u16 acl_role_id;
10219 ++ u8 inherited;
10220 + /* is this the task that authenticated to the special role */
10221 + u8 acl_sp_role;
10222 + u8 is_writable;
10223 @@ -76427,7 +76740,7 @@ index 078066d..4090b3b 100644
10224 /* Future-safe accessor for struct task_struct's cpus_allowed. */
10225 #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
10226
10227 -@@ -1466,7 +1574,7 @@ struct pid_namespace;
10228 +@@ -1466,7 +1576,7 @@ struct pid_namespace;
10229 pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type,
10230 struct pid_namespace *ns);
10231
10232 @@ -76436,7 +76749,7 @@ index 078066d..4090b3b 100644
10233 {
10234 return tsk->pid;
10235 }
10236 -@@ -1916,7 +2024,9 @@ void yield(void);
10237 +@@ -1916,7 +2026,9 @@ void yield(void);
10238 extern struct exec_domain default_exec_domain;
10239
10240 union thread_union {
10241 @@ -76446,7 +76759,7 @@ index 078066d..4090b3b 100644
10242 unsigned long stack[THREAD_SIZE/sizeof(long)];
10243 };
10244
10245 -@@ -1949,6 +2059,7 @@ extern struct pid_namespace init_pid_ns;
10246 +@@ -1949,6 +2061,7 @@ extern struct pid_namespace init_pid_ns;
10247 */
10248
10249 extern struct task_struct *find_task_by_vpid(pid_t nr);
10250 @@ -76454,7 +76767,7 @@ index 078066d..4090b3b 100644
10251 extern struct task_struct *find_task_by_pid_ns(pid_t nr,
10252 struct pid_namespace *ns);
10253
10254 -@@ -2113,7 +2224,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
10255 +@@ -2113,7 +2226,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
10256 extern void exit_itimers(struct signal_struct *);
10257 extern void flush_itimer_signals(void);
10258
10259 @@ -76463,7 +76776,7 @@ index 078066d..4090b3b 100644
10260
10261 extern int allow_signal(int);
10262 extern int disallow_signal(int);
10263 -@@ -2304,9 +2415,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
10264 +@@ -2304,9 +2417,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
10265
10266 #endif
10267
10268 @@ -79117,7 +79430,7 @@ index a67ef9d..2d17ed9 100644
10269 #ifdef CONFIG_BLK_DEV_RAM
10270 int fd;
10271 diff --git a/init/main.c b/init/main.c
10272 -index 586cd33..f1af30f 100644
10273 +index 586cd33..c054108 100644
10274 --- a/init/main.c
10275 +++ b/init/main.c
10276 @@ -102,6 +102,8 @@ static inline void mark_rodata_ro(void) { }
10277 @@ -79235,7 +79548,7 @@ index 586cd33..f1af30f 100644
10278 return ret;
10279 }
10280
10281 -@@ -805,8 +874,8 @@ static int run_init_process(const char *init_filename)
10282 +@@ -805,10 +874,14 @@ static int run_init_process(const char *init_filename)
10283 {
10284 argv_init[0] = init_filename;
10285 return do_execve(init_filename,
10286 @@ -79245,8 +79558,26 @@ index 586cd33..f1af30f 100644
10287 + (const char __user *const __force_user *)envp_init);
10288 }
10289
10290 ++#ifdef CONFIG_GRKERNSEC_CHROOT_INITRD
10291 ++extern int gr_init_ran;
10292 ++#endif
10293 ++
10294 static noinline void __init kernel_init_freeable(void);
10295 -@@ -883,7 +952,7 @@ static noinline void __init kernel_init_freeable(void)
10296 +
10297 + static int __ref kernel_init(void *unused)
10298 +@@ -829,6 +902,11 @@ static int __ref kernel_init(void *unused)
10299 + pr_err("Failed to execute %s\n", ramdisk_execute_command);
10300 + }
10301 +
10302 ++#ifdef CONFIG_GRKERNSEC_CHROOT_INITRD
10303 ++ /* if no initrd was used, be extra sure we enforce chroot restrictions */
10304 ++ gr_init_ran = 1;
10305 ++#endif
10306 ++
10307 + /*
10308 + * We try each of these until one succeeds.
10309 + *
10310 +@@ -883,7 +961,7 @@ static noinline void __init kernel_init_freeable(void)
10311 do_basic_setup();
10312
10313 /* Open the /dev/console on the rootfs, this should never fail */
10314 @@ -79255,7 +79586,7 @@ index 586cd33..f1af30f 100644
10315 pr_err("Warning: unable to open an initial console.\n");
10316
10317 (void) sys_dup(0);
10318 -@@ -896,11 +965,13 @@ static noinline void __init kernel_init_freeable(void)
10319 +@@ -896,11 +974,13 @@ static noinline void __init kernel_init_freeable(void)
10320 if (!ramdisk_execute_command)
10321 ramdisk_execute_command = "/init";
10322
10323 @@ -81018,7 +81349,7 @@ index 59f7b55..4022f65 100644
10324
10325 /* Don't allow clients that don't understand the native
10326 diff --git a/kernel/kmod.c b/kernel/kmod.c
10327 -index b086006..a27913b 100644
10328 +index b086006..ae5736e 100644
10329 --- a/kernel/kmod.c
10330 +++ b/kernel/kmod.c
10331 @@ -75,7 +75,7 @@ static void free_modprobe_argv(struct subprocess_info *info)
10332 @@ -81146,7 +81477,37 @@ index b086006..a27913b 100644
10333 EXPORT_SYMBOL(__request_module);
10334 #endif /* CONFIG_MODULES */
10335
10336 -@@ -303,7 +356,7 @@ static int wait_for_helper(void *data)
10337 +@@ -218,6 +271,18 @@ static int ____call_usermodehelper(void *data)
10338 + */
10339 + set_user_nice(current, 0);
10340 +
10341 ++#ifdef CONFIG_GRKERNSEC
10342 ++ /* this is race-free as far as userland is concerned as we copied
10343 ++ out the path to be used prior to this point and are now operating
10344 ++ on that copy
10345 ++ */
10346 ++ if (strncmp(sub_info->path, "/sbin/", 6) || strstr(sub_info->path, "..")) {
10347 ++ printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of /sbin\n", sub_info->path);
10348 ++ retval = -EPERM;
10349 ++ goto fail;
10350 ++ }
10351 ++#endif
10352 ++
10353 + retval = -ENOMEM;
10354 + new = prepare_kernel_cred(current);
10355 + if (!new)
10356 +@@ -260,6 +325,10 @@ static int call_helper(void *data)
10357 +
10358 + static void call_usermodehelper_freeinfo(struct subprocess_info *info)
10359 + {
10360 ++#ifdef CONFIG_GRKERNSEC
10361 ++ kfree(info->path);
10362 ++ info->path = info->origpath;
10363 ++#endif
10364 + if (info->cleanup)
10365 + (*info->cleanup)(info);
10366 + kfree(info);
10367 +@@ -303,7 +372,7 @@ static int wait_for_helper(void *data)
10368 *
10369 * Thus the __user pointer cast is valid here.
10370 */
10371 @@ -81155,7 +81516,20 @@ index b086006..a27913b 100644
10372
10373 /*
10374 * If ret is 0, either ____call_usermodehelper failed and the
10375 -@@ -650,7 +703,7 @@ EXPORT_SYMBOL(call_usermodehelper);
10376 +@@ -542,7 +611,12 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv,
10377 + goto out;
10378 +
10379 + INIT_WORK(&sub_info->work, __call_usermodehelper);
10380 ++#ifdef CONFIG_GRKERNSEC
10381 ++ sub_info->origpath = path;
10382 ++ sub_info->path = kstrdup(path, gfp_mask);
10383 ++#else
10384 + sub_info->path = path;
10385 ++#endif
10386 + sub_info->argv = argv;
10387 + sub_info->envp = envp;
10388 +
10389 +@@ -650,7 +724,7 @@ EXPORT_SYMBOL(call_usermodehelper);
10390 static int proc_cap_handler(struct ctl_table *table, int write,
10391 void __user *buffer, size_t *lenp, loff_t *ppos)
10392 {
10393
10394 diff --git a/3.2.52/0000_README b/3.2.52/0000_README
10395 index 18cef6b..ae435e7 100644
10396 --- a/3.2.52/0000_README
10397 +++ b/3.2.52/0000_README
10398 @@ -126,7 +126,7 @@ Patch: 1051_linux-3.2.52.patch
10399 From: http://www.kernel.org
10400 Desc: Linux 3.2.52
10401
10402 -Patch: 4420_grsecurity-2.9.1-3.2.52-201311222106.patch
10403 +Patch: 4420_grsecurity-3.0-3.2.52-201311242031.patch
10404 From: http://www.grsecurity.net
10405 Desc: hardened-sources base patch from upstream grsecurity
10406
10407
10408 diff --git a/3.2.52/4420_grsecurity-2.9.1-3.2.52-201311222106.patch b/3.2.52/4420_grsecurity-3.0-3.2.52-201311242031.patch
10409 similarity index 93%
10410 rename from 3.2.52/4420_grsecurity-2.9.1-3.2.52-201311222106.patch
10411 rename to 3.2.52/4420_grsecurity-3.0-3.2.52-201311242031.patch
10412 index 1102a6d..42d71bf 100644
10413 --- a/3.2.52/4420_grsecurity-2.9.1-3.2.52-201311222106.patch
10414 +++ b/3.2.52/4420_grsecurity-3.0-3.2.52-201311242031.patch
10415 @@ -9705,10 +9705,16 @@ index bf56e17..91465a1 100644
10416 Enabling this option turns a certain set of sanity checks for user
10417 copy operations into compile time failures.
10418 diff --git a/arch/x86/Makefile b/arch/x86/Makefile
10419 -index 03dbc7f5b..4d12eea 100644
10420 +index 03dbc7f5b..e1aa479 100644
10421 --- a/arch/x86/Makefile
10422 +++ b/arch/x86/Makefile
10423 -@@ -46,6 +46,7 @@ else
10424 +@@ -40,12 +40,12 @@ ifeq ($(CONFIG_X86_32),y)
10425 + KBUILD_CFLAGS += $(cflags-y)
10426 +
10427 + # temporary until string.h is fixed
10428 +- KBUILD_CFLAGS += -ffreestanding
10429 + else
10430 + BITS := 64
10431 UTS_MACHINE := x86_64
10432 CHECKFLAGS += -D__x86_64__ -m64
10433
10434 @@ -9716,7 +9722,16 @@ index 03dbc7f5b..4d12eea 100644
10435 KBUILD_AFLAGS += -m64
10436 KBUILD_CFLAGS += -m64
10437
10438 -@@ -199,3 +200,12 @@ define archhelp
10439 +@@ -72,6 +72,8 @@ else
10440 + KBUILD_CFLAGS += -maccumulate-outgoing-args
10441 + endif
10442 +
10443 ++KBUILD_CFLAGS += -ffreestanding
10444 ++
10445 + ifdef CONFIG_CC_STACKPROTECTOR
10446 + cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh
10447 + ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y)
10448 +@@ -199,3 +201,12 @@ define archhelp
10449 echo ' FDARGS="..." arguments for the booted kernel'
10450 echo ' FDINITRD=file initrd for the booted kernel'
10451 endef
10452 @@ -11982,7 +11997,7 @@ index 0e1cbfc..5623683 100644
10453
10454 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
10455 diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
10456 -index 1775d6e..b65017f 100644
10457 +index 1775d6e..c312a36 100644
10458 --- a/arch/x86/include/asm/bitops.h
10459 +++ b/arch/x86/include/asm/bitops.h
10460 @@ -38,7 +38,7 @@
10461 @@ -11994,6 +12009,24 @@ index 1775d6e..b65017f 100644
10462 #define CONST_MASK(nr) (1 << ((nr) & 7))
10463
10464 /**
10465 +@@ -344,7 +344,7 @@ static int test_bit(int nr, const volatile unsigned long *addr);
10466 + *
10467 + * Undefined if no bit exists, so code should check against 0 first.
10468 + */
10469 +-static inline unsigned long __ffs(unsigned long word)
10470 ++static inline unsigned long __intentional_overflow(-1) __ffs(unsigned long word)
10471 + {
10472 + asm("bsf %1,%0"
10473 + : "=r" (word)
10474 +@@ -358,7 +358,7 @@ static inline unsigned long __ffs(unsigned long word)
10475 + *
10476 + * Undefined if no zero exists, so code should check against ~0UL first.
10477 + */
10478 +-static inline unsigned long ffz(unsigned long word)
10479 ++static inline unsigned long __intentional_overflow(-1) ffz(unsigned long word)
10480 + {
10481 + asm("bsf %1,%0"
10482 + : "=r" (word)
10483 diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h
10484 index 5e1a2ee..c9f9533 100644
10485 --- a/arch/x86/include/asm/boot.h
10486 @@ -13966,7 +13999,7 @@ index 2dddb31..100c638 100644
10487 /*
10488 * x86-64 Task Priority Register, CR8
10489 diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
10490 -index f7c89e2..cd4bff6 100644
10491 +index f7c89e2..9962bae 100644
10492 --- a/arch/x86/include/asm/processor.h
10493 +++ b/arch/x86/include/asm/processor.h
10494 @@ -266,7 +266,7 @@ struct tss_struct {
10495 @@ -14076,8 +14109,8 @@ index f7c89e2..cd4bff6 100644
10496
10497 struct aperfmperf {
10498 - u64 aperf, mperf;
10499 -+ u64 aperf __intentional_overflow(0);
10500 -+ u64 mperf __intentional_overflow(0);
10501 ++ u64 aperf __intentional_overflow(-1);
10502 ++ u64 mperf __intentional_overflow(-1);
10503 };
10504
10505 static inline void get_aperfmperf(struct aperfmperf *am)
10506 @@ -15064,30 +15097,9 @@ index 36361bf..4252f11 100644
10507
10508 #ifdef CONFIG_X86_WP_WORKS_OK
10509 diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
10510 -index 566e803..86f1302 100644
10511 +index 566e803..9540707 100644
10512 --- a/arch/x86/include/asm/uaccess_32.h
10513 +++ b/arch/x86/include/asm/uaccess_32.h
10514 -@@ -11,15 +11,15 @@
10515 - #include <asm/page.h>
10516 -
10517 - unsigned long __must_check __copy_to_user_ll
10518 -- (void __user *to, const void *from, unsigned long n);
10519 -+ (void __user *to, const void *from, unsigned long n) __size_overflow(3);
10520 - unsigned long __must_check __copy_from_user_ll
10521 -- (void *to, const void __user *from, unsigned long n);
10522 -+ (void *to, const void __user *from, unsigned long n) __size_overflow(3);
10523 - unsigned long __must_check __copy_from_user_ll_nozero
10524 -- (void *to, const void __user *from, unsigned long n);
10525 -+ (void *to, const void __user *from, unsigned long n) __size_overflow(3);
10526 - unsigned long __must_check __copy_from_user_ll_nocache
10527 -- (void *to, const void __user *from, unsigned long n);
10528 -+ (void *to, const void __user *from, unsigned long n) __size_overflow(3);
10529 - unsigned long __must_check __copy_from_user_ll_nocache_nozero
10530 -- (void *to, const void __user *from, unsigned long n);
10531 -+ (void *to, const void __user *from, unsigned long n) __size_overflow(3);
10532 -
10533 - /**
10534 - * __copy_to_user_inatomic: - Copy a block of data into user space, with less checking.
10535 @@ -43,6 +43,11 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero
10536 static __always_inline unsigned long __must_check
10537 __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
10538 @@ -15238,7 +15250,7 @@ index 566e803..86f1302 100644
10539 }
10540
10541 diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
10542 -index 1c66d30..c815e61 100644
10543 +index 1c66d30..9d90f2c 100644
10544 --- a/arch/x86/include/asm/uaccess_64.h
10545 +++ b/arch/x86/include/asm/uaccess_64.h
10546 @@ -10,6 +10,9 @@
10547 @@ -15261,9 +15273,8 @@ index 1c66d30..c815e61 100644
10548 -copy_user_generic_unrolled(void *to, const void *from, unsigned len);
10549 +copy_user_generic_unrolled(void *to, const void *from, unsigned long len) __size_overflow(3);
10550
10551 --static __always_inline __must_check unsigned long
10552 + static __always_inline __must_check unsigned long
10553 -copy_user_generic(void *to, const void *from, unsigned len)
10554 -+static __always_inline __must_check __size_overflow(3) unsigned long
10555 +copy_user_generic(void *to, const void *from, unsigned long len)
10556 {
10557 unsigned ret;
10558 @@ -15551,14 +15562,9 @@ index 1c66d30..c815e61 100644
10559 }
10560 }
10561
10562 -@@ -215,39 +280,60 @@ __strncpy_from_user(char *dst, const char __user *src, long count);
10563 - __must_check long strnlen_user(const char __user *str, long n);
10564 - __must_check long __strnlen_user(const char __user *str, long n);
10565 - __must_check long strlen_user(const char __user *str);
10566 --__must_check unsigned long clear_user(void __user *mem, unsigned long len);
10567 --__must_check unsigned long __clear_user(void __user *mem, unsigned long len);
10568 -+__must_check unsigned long clear_user(void __user *mem, unsigned long len) __size_overflow(2);
10569 -+__must_check unsigned long __clear_user(void __user *mem, unsigned long len) __size_overflow(2);
10570 +@@ -218,36 +283,57 @@ __must_check long strlen_user(const char __user *str);
10571 + __must_check unsigned long clear_user(void __user *mem, unsigned long len);
10572 + __must_check unsigned long __clear_user(void __user *mem, unsigned long len);
10573
10574 -static __must_check __always_inline int
10575 -__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size)
10576 @@ -15587,7 +15593,7 @@ index 1c66d30..c815e61 100644
10577 -extern long __copy_user_nocache(void *dst, const void __user *src,
10578 - unsigned size, int zerorest);
10579 +extern unsigned long __copy_user_nocache(void *dst, const void __user *src,
10580 -+ unsigned long size, int zerorest) __size_overflow(3);
10581 ++ unsigned long size, int zerorest);
10582
10583 -static inline int
10584 -__copy_from_user_nocache(void *dst, const void __user *src, unsigned size)
10585 @@ -15682,6 +15688,19 @@ index 1971e65..1e07354 100644
10586
10587 extern struct x86_init_ops x86_init;
10588 extern struct x86_cpuinit_ops x86_cpuinit;
10589 +diff --git a/arch/x86/include/asm/xen/page.h b/arch/x86/include/asm/xen/page.h
10590 +index c34f96c..e26f052 100644
10591 +--- a/arch/x86/include/asm/xen/page.h
10592 ++++ b/arch/x86/include/asm/xen/page.h
10593 +@@ -54,7 +54,7 @@ extern int m2p_remove_override(struct page *page, bool clear_pte);
10594 + extern struct page *m2p_find_override(unsigned long mfn);
10595 + extern unsigned long m2p_find_override_pfn(unsigned long mfn, unsigned long pfn);
10596 +
10597 +-static inline unsigned long pfn_to_mfn(unsigned long pfn)
10598 ++static inline unsigned long __intentional_overflow(-1) pfn_to_mfn(unsigned long pfn)
10599 + {
10600 + unsigned long mfn;
10601 +
10602 diff --git a/arch/x86/include/asm/xsave.h b/arch/x86/include/asm/xsave.h
10603 index c6ce245..aab6adb 100644
10604 --- a/arch/x86/include/asm/xsave.h
10605 @@ -19139,7 +19158,7 @@ index 6274f5f..9337430 100644
10606 /*
10607 * End of kprobes section
10608 diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
10609 -index c9a281f..7316164 100644
10610 +index c9a281f..3645760 100644
10611 --- a/arch/x86/kernel/ftrace.c
10612 +++ b/arch/x86/kernel/ftrace.c
10613 @@ -126,7 +126,7 @@ static void *mod_code_ip; /* holds the IP to write to */
10614 @@ -19160,19 +19179,16 @@ index c9a281f..7316164 100644
10615 return r;
10616 }
10617
10618 -@@ -177,8 +177,10 @@ void ftrace_nmi_enter(void)
10619 -
10620 +@@ -178,7 +178,7 @@ void ftrace_nmi_enter(void)
10621 if (atomic_inc_return(&nmi_running) & MOD_CODE_WRITE_FLAG) {
10622 smp_rmb();
10623 -+ pax_open_kernel();
10624 ftrace_mod_code();
10625 - atomic_inc(&nmi_update_count);
10626 -+ pax_close_kernel();
10627 + atomic_inc_unchecked(&nmi_update_count);
10628 }
10629 /* Must have previous changes seen before executions */
10630 smp_mb();
10631 -@@ -271,6 +273,8 @@ ftrace_modify_code(unsigned long ip, unsigned const char *old_code,
10632 +@@ -271,6 +271,8 @@ ftrace_modify_code(unsigned long ip, unsigned const char *old_code,
10633 {
10634 unsigned char replaced[MCOUNT_INSN_SIZE];
10635
10636 @@ -19181,7 +19197,7 @@ index c9a281f..7316164 100644
10637 /*
10638 * Note: Due to modules and __init, code can
10639 * disappear and change, we need to protect against faulting
10640 -@@ -327,7 +331,7 @@ int ftrace_update_ftrace_func(ftrace_func_t func)
10641 +@@ -327,7 +329,7 @@ int ftrace_update_ftrace_func(ftrace_func_t func)
10642 unsigned char old[MCOUNT_INSN_SIZE], *new;
10643 int ret;
10644
10645 @@ -19190,7 +19206,7 @@ index c9a281f..7316164 100644
10646 new = ftrace_call_replace(ip, (unsigned long)func);
10647 ret = ftrace_modify_code(ip, old, new);
10648
10649 -@@ -353,6 +357,8 @@ static int ftrace_mod_jmp(unsigned long ip,
10650 +@@ -353,6 +355,8 @@ static int ftrace_mod_jmp(unsigned long ip,
10651 {
10652 unsigned char code[MCOUNT_INSN_SIZE];
10653
10654 @@ -20292,19 +20308,6 @@ index 69bca46..0bac999 100644
10655 return;
10656
10657 WARN_ONCE(regs->sp >= curbase &&
10658 -diff --git a/arch/x86/kernel/kdebugfs.c b/arch/x86/kernel/kdebugfs.c
10659 -index 90fcf62..738e356 100644
10660 ---- a/arch/x86/kernel/kdebugfs.c
10661 -+++ b/arch/x86/kernel/kdebugfs.c
10662 -@@ -27,7 +27,7 @@ struct setup_data_node {
10663 - u32 len;
10664 - };
10665 -
10666 --static ssize_t setup_data_read(struct file *file, char __user *user_buf,
10667 -+static ssize_t __size_overflow(3) setup_data_read(struct file *file, char __user *user_buf,
10668 - size_t count, loff_t *ppos)
10669 - {
10670 - struct setup_data_node *node = file->private_data;
10671 diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c
10672 index 2f45c4c..3f51a0c 100644
10673 --- a/arch/x86/kernel/kgdb.c
10674 @@ -20769,10 +20772,10 @@ index 3ca42d0..7cff8cc 100644
10675
10676 static void microcode_fini_cpu(int cpu)
10677 diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c
10678 -index 925179f..6794bbb 100644
10679 +index 925179f..b151b74 100644
10680 --- a/arch/x86/kernel/module.c
10681 +++ b/arch/x86/kernel/module.c
10682 -@@ -36,15 +36,63 @@
10683 +@@ -36,15 +36,62 @@
10684 #define DEBUGP(fmt...)
10685 #endif
10686
10687 @@ -20827,7 +20830,6 @@ index 925179f..6794bbb 100644
10688 +}
10689 +EXPORT_SYMBOL(module_free_exec);
10690 +
10691 -+void *module_alloc_exec(unsigned long size) __size_overflow(1);
10692 +void *module_alloc_exec(unsigned long size)
10693 +{
10694 + return __module_alloc(size, PAGE_KERNEL_RX);
10695 @@ -20839,7 +20841,7 @@ index 925179f..6794bbb 100644
10696 #ifdef CONFIG_X86_32
10697 int apply_relocate(Elf32_Shdr *sechdrs,
10698 const char *strtab,
10699 -@@ -55,14 +103,16 @@ int apply_relocate(Elf32_Shdr *sechdrs,
10700 +@@ -55,14 +102,16 @@ int apply_relocate(Elf32_Shdr *sechdrs,
10701 unsigned int i;
10702 Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr;
10703 Elf32_Sym *sym;
10704 @@ -20859,7 +20861,7 @@ index 925179f..6794bbb 100644
10705 /* This is the symbol it is referring to. Note that all
10706 undefined symbols have been resolved. */
10707 sym = (Elf32_Sym *)sechdrs[symindex].sh_addr
10708 -@@ -71,11 +121,15 @@ int apply_relocate(Elf32_Shdr *sechdrs,
10709 +@@ -71,11 +120,15 @@ int apply_relocate(Elf32_Shdr *sechdrs,
10710 switch (ELF32_R_TYPE(rel[i].r_info)) {
10711 case R_386_32:
10712 /* We add the value into the location given */
10713 @@ -20877,7 +20879,7 @@ index 925179f..6794bbb 100644
10714 break;
10715 default:
10716 printk(KERN_ERR "module %s: Unknown relocation: %u\n",
10717 -@@ -120,21 +174,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
10718 +@@ -120,21 +173,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
10719 case R_X86_64_NONE:
10720 break;
10721 case R_X86_64_64:
10722 @@ -25902,7 +25904,7 @@ index a63efd6..ccecad8 100644
10723 ret
10724 CFI_ENDPROC
10725 diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
10726 -index e218d5d..f655ced 100644
10727 +index e218d5d..3966c85 100644
10728 --- a/arch/x86/lib/usercopy_32.c
10729 +++ b/arch/x86/lib/usercopy_32.c
10730 @@ -43,7 +43,7 @@ do { \
10731 @@ -26005,7 +26007,7 @@ index e218d5d..f655ced 100644
10732 " addl $-64, %0\n"
10733 " addl $64, %4\n"
10734 " addl $64, %3\n"
10735 -@@ -278,10 +282,12 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size)
10736 +@@ -278,10 +282,119 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size)
10737 " shrl $2, %0\n"
10738 " andl $3, %%eax\n"
10739 " cld\n"
10740 @@ -26015,13 +26017,58 @@ index e218d5d..f655ced 100644
10741 "37: rep; movsb\n"
10742 "100:\n"
10743 + __COPYUSER_RESTORE_ES
10744 - ".section .fixup,\"ax\"\n"
10745 - "101: lea 0(%%eax,%0,4),%0\n"
10746 - " jmp 100b\n"
10747 -@@ -334,46 +340,153 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size)
10748 - }
10749 -
10750 - static unsigned long
10751 ++ ".section .fixup,\"ax\"\n"
10752 ++ "101: lea 0(%%eax,%0,4),%0\n"
10753 ++ " jmp 100b\n"
10754 ++ ".previous\n"
10755 ++ ".section __ex_table,\"a\"\n"
10756 ++ " .align 4\n"
10757 ++ " .long 1b,100b\n"
10758 ++ " .long 2b,100b\n"
10759 ++ " .long 3b,100b\n"
10760 ++ " .long 4b,100b\n"
10761 ++ " .long 5b,100b\n"
10762 ++ " .long 6b,100b\n"
10763 ++ " .long 7b,100b\n"
10764 ++ " .long 8b,100b\n"
10765 ++ " .long 9b,100b\n"
10766 ++ " .long 10b,100b\n"
10767 ++ " .long 11b,100b\n"
10768 ++ " .long 12b,100b\n"
10769 ++ " .long 13b,100b\n"
10770 ++ " .long 14b,100b\n"
10771 ++ " .long 15b,100b\n"
10772 ++ " .long 16b,100b\n"
10773 ++ " .long 17b,100b\n"
10774 ++ " .long 18b,100b\n"
10775 ++ " .long 19b,100b\n"
10776 ++ " .long 20b,100b\n"
10777 ++ " .long 21b,100b\n"
10778 ++ " .long 22b,100b\n"
10779 ++ " .long 23b,100b\n"
10780 ++ " .long 24b,100b\n"
10781 ++ " .long 25b,100b\n"
10782 ++ " .long 26b,100b\n"
10783 ++ " .long 27b,100b\n"
10784 ++ " .long 28b,100b\n"
10785 ++ " .long 29b,100b\n"
10786 ++ " .long 30b,100b\n"
10787 ++ " .long 31b,100b\n"
10788 ++ " .long 32b,100b\n"
10789 ++ " .long 33b,100b\n"
10790 ++ " .long 34b,100b\n"
10791 ++ " .long 35b,100b\n"
10792 ++ " .long 36b,100b\n"
10793 ++ " .long 37b,100b\n"
10794 ++ " .long 99b,101b\n"
10795 ++ ".previous"
10796 ++ : "=&c"(size), "=&D" (d0), "=&S" (d1)
10797 ++ : "1"(to), "2"(from), "0"(size)
10798 ++ : "eax", "edx", "memory");
10799 ++ return size;
10800 ++}
10801 ++
10802 ++static unsigned long
10803 +__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size)
10804 +{
10805 + int d0, d1;
10806 @@ -26077,60 +26124,10 @@ index e218d5d..f655ced 100644
10807 + "36: movl %%eax, %0\n"
10808 + "37: rep; "__copyuser_seg" movsb\n"
10809 + "100:\n"
10810 -+ ".section .fixup,\"ax\"\n"
10811 -+ "101: lea 0(%%eax,%0,4),%0\n"
10812 -+ " jmp 100b\n"
10813 -+ ".previous\n"
10814 -+ ".section __ex_table,\"a\"\n"
10815 -+ " .align 4\n"
10816 -+ " .long 1b,100b\n"
10817 -+ " .long 2b,100b\n"
10818 -+ " .long 3b,100b\n"
10819 -+ " .long 4b,100b\n"
10820 -+ " .long 5b,100b\n"
10821 -+ " .long 6b,100b\n"
10822 -+ " .long 7b,100b\n"
10823 -+ " .long 8b,100b\n"
10824 -+ " .long 9b,100b\n"
10825 -+ " .long 10b,100b\n"
10826 -+ " .long 11b,100b\n"
10827 -+ " .long 12b,100b\n"
10828 -+ " .long 13b,100b\n"
10829 -+ " .long 14b,100b\n"
10830 -+ " .long 15b,100b\n"
10831 -+ " .long 16b,100b\n"
10832 -+ " .long 17b,100b\n"
10833 -+ " .long 18b,100b\n"
10834 -+ " .long 19b,100b\n"
10835 -+ " .long 20b,100b\n"
10836 -+ " .long 21b,100b\n"
10837 -+ " .long 22b,100b\n"
10838 -+ " .long 23b,100b\n"
10839 -+ " .long 24b,100b\n"
10840 -+ " .long 25b,100b\n"
10841 -+ " .long 26b,100b\n"
10842 -+ " .long 27b,100b\n"
10843 -+ " .long 28b,100b\n"
10844 -+ " .long 29b,100b\n"
10845 -+ " .long 30b,100b\n"
10846 -+ " .long 31b,100b\n"
10847 -+ " .long 32b,100b\n"
10848 -+ " .long 33b,100b\n"
10849 -+ " .long 34b,100b\n"
10850 -+ " .long 35b,100b\n"
10851 -+ " .long 36b,100b\n"
10852 -+ " .long 37b,100b\n"
10853 -+ " .long 99b,101b\n"
10854 -+ ".previous"
10855 -+ : "=&c"(size), "=&D" (d0), "=&S" (d1)
10856 -+ : "1"(to), "2"(from), "0"(size)
10857 -+ : "eax", "edx", "memory");
10858 -+ return size;
10859 -+}
10860 -+
10861 -+static unsigned long __size_overflow(3)
10862 - __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
10863 - {
10864 + ".section .fixup,\"ax\"\n"
10865 + "101: lea 0(%%eax,%0,4),%0\n"
10866 + " jmp 100b\n"
10867 +@@ -339,41 +452,41 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
10868 int d0, d1;
10869 __asm__ __volatile__(
10870 " .align 2,0x90\n"
10871 @@ -26202,15 +26199,7 @@ index e218d5d..f655ced 100644
10872 "8:\n"
10873 ".section .fixup,\"ax\"\n"
10874 "9: lea 0(%%eax,%0,4),%0\n"
10875 -@@ -433,48 +546,48 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
10876 - * hyoshiok@××××××××××××.com
10877 - */
10878 -
10879 --static unsigned long __copy_user_zeroing_intel_nocache(void *to,
10880 -+static unsigned long __size_overflow(3) __copy_user_zeroing_intel_nocache(void *to,
10881 - const void __user *from, unsigned long size)
10882 - {
10883 - int d0, d1;
10884 +@@ -440,41 +553,41 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to,
10885
10886 __asm__ __volatile__(
10887 " .align 2,0x90\n"
10888 @@ -26282,15 +26271,7 @@ index e218d5d..f655ced 100644
10889 "8:\n"
10890 ".section .fixup,\"ax\"\n"
10891 "9: lea 0(%%eax,%0,4),%0\n"
10892 -@@ -530,48 +643,48 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to,
10893 - return size;
10894 - }
10895 -
10896 --static unsigned long __copy_user_intel_nocache(void *to,
10897 -+static unsigned long __size_overflow(3) __copy_user_intel_nocache(void *to,
10898 - const void __user *from, unsigned long size)
10899 - {
10900 - int d0, d1;
10901 +@@ -537,41 +650,41 @@ static unsigned long __copy_user_intel_nocache(void *to,
10902
10903 __asm__ __volatile__(
10904 " .align 2,0x90\n"
10905 @@ -30756,9 +30737,18 @@ index 5189fe8..d937469 100644
10906 };
10907
10908 diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
10909 -index fe00be69..d2c142a 100644
10910 +index fe00be69..c51170f 100644
10911 --- a/arch/x86/xen/mmu.c
10912 +++ b/arch/x86/xen/mmu.c
10913 +@@ -365,7 +365,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
10914 + return val;
10915 + }
10916 +
10917 +-static pteval_t pte_pfn_to_mfn(pteval_t val)
10918 ++static pteval_t __intentional_overflow(-1) pte_pfn_to_mfn(pteval_t val)
10919 + {
10920 + if (val & _PAGE_PRESENT) {
10921 + unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
10922 @@ -1757,6 +1757,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd,
10923 convert_pfn_mfn(init_level4_pgt);
10924 convert_pfn_mfn(level3_ident_pgt);
10925 @@ -31109,9 +31099,18 @@ index 8bd4ef2..078f68b9 100644
10926
10927 EXPORT_SYMBOL(blk_unregister_region);
10928 diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
10929 -index 9e76a32..48d7145 100644
10930 +index 9e76a32..a220c64 100644
10931 --- a/block/scsi_ioctl.c
10932 +++ b/block/scsi_ioctl.c
10933 +@@ -66,7 +66,7 @@ static int scsi_get_bus(struct request_queue *q, int __user *p)
10934 + return put_user(0, p);
10935 + }
10936 +
10937 +-static int sg_get_timeout(struct request_queue *q)
10938 ++static int __intentional_overflow(-1) sg_get_timeout(struct request_queue *q)
10939 + {
10940 + return jiffies_to_clock_t(q->sg_timeout);
10941 + }
10942 @@ -223,8 +223,20 @@ EXPORT_SYMBOL(blk_verify_command);
10943 static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq,
10944 struct sg_io_hdr *hdr, fmode_t mode)
10945 @@ -37055,6 +37054,19 @@ index 378fcb5..5e91fa8 100644
10946
10947 /* Wrapper access functions for multiplexed SMBus */
10948 static DEFINE_MUTEX(amd756_lock);
10949 +diff --git a/drivers/i2c/busses/i2c-diolan-u2c.c b/drivers/i2c/busses/i2c-diolan-u2c.c
10950 +index 7636671..53a2cab 100644
10951 +--- a/drivers/i2c/busses/i2c-diolan-u2c.c
10952 ++++ b/drivers/i2c/busses/i2c-diolan-u2c.c
10953 +@@ -99,7 +99,7 @@ MODULE_PARM_DESC(frequency, "I2C clock frequency in hertz");
10954 + /* usb layer */
10955 +
10956 + /* Send command to device, and get response. */
10957 +-static int diolan_usb_transfer(struct i2c_diolan_u2c *dev)
10958 ++static int __intentional_overflow(-1) diolan_usb_transfer(struct i2c_diolan_u2c *dev)
10959 + {
10960 + int ret = 0;
10961 + int actual;
10962 diff --git a/drivers/i2c/busses/i2c-nforce2-s4985.c b/drivers/i2c/busses/i2c-nforce2-s4985.c
10963 index 29015eb..af2d8e9 100644
10964 --- a/drivers/i2c/busses/i2c-nforce2-s4985.c
10965 @@ -37938,7 +37950,7 @@ index 1f95bba..9530f87 100644
10966 sdata, wqe->wr.wr.atomic.swap);
10967 goto send_comp;
10968 diff --git a/drivers/infiniband/hw/mthca/mthca_cmd.c b/drivers/infiniband/hw/mthca/mthca_cmd.c
10969 -index 9d3e5c1..d9afe4a 100644
10970 +index 9d3e5c1..6f166df 100644
10971 --- a/drivers/infiniband/hw/mthca/mthca_cmd.c
10972 +++ b/drivers/infiniband/hw/mthca/mthca_cmd.c
10973 @@ -772,7 +772,7 @@ static void mthca_setup_cmd_doorbells(struct mthca_dev *dev, u64 base)
10974 @@ -37950,10 +37962,59 @@ index 9d3e5c1..d9afe4a 100644
10975 {
10976 struct mthca_mailbox *mailbox;
10977 u32 *outbox;
10978 +@@ -1612,7 +1612,7 @@ int mthca_HW2SW_MPT(struct mthca_dev *dev, struct mthca_mailbox *mailbox,
10979 + CMD_TIME_CLASS_B);
10980 + }
10981 +
10982 +-int mthca_WRITE_MTT(struct mthca_dev *dev, struct mthca_mailbox *mailbox,
10983 ++int __intentional_overflow(-1) mthca_WRITE_MTT(struct mthca_dev *dev, struct mthca_mailbox *mailbox,
10984 + int num_mtt)
10985 + {
10986 + return mthca_cmd(dev, mailbox->dma, num_mtt, 0, CMD_WRITE_MTT,
10987 +@@ -1634,7 +1634,7 @@ int mthca_MAP_EQ(struct mthca_dev *dev, u64 event_mask, int unmap,
10988 + 0, CMD_MAP_EQ, CMD_TIME_CLASS_B);
10989 + }
10990 +
10991 +-int mthca_SW2HW_EQ(struct mthca_dev *dev, struct mthca_mailbox *mailbox,
10992 ++int __intentional_overflow(-1) mthca_SW2HW_EQ(struct mthca_dev *dev, struct mthca_mailbox *mailbox,
10993 + int eq_num)
10994 + {
10995 + return mthca_cmd(dev, mailbox->dma, eq_num, 0, CMD_SW2HW_EQ,
10996 +@@ -1857,7 +1857,7 @@ int mthca_CONF_SPECIAL_QP(struct mthca_dev *dev, int type, u32 qpn)
10997 + CMD_TIME_CLASS_B);
10998 + }
10999 +
11000 +-int mthca_MAD_IFC(struct mthca_dev *dev, int ignore_mkey, int ignore_bkey,
11001 ++int __intentional_overflow(-1) mthca_MAD_IFC(struct mthca_dev *dev, int ignore_mkey, int ignore_bkey,
11002 + int port, struct ib_wc *in_wc, struct ib_grh *in_grh,
11003 + void *in_mad, void *response_mad)
11004 + {
11005 +diff --git a/drivers/infiniband/hw/mthca/mthca_main.c b/drivers/infiniband/hw/mthca/mthca_main.c
11006 +index aa12a53..c145bc2 100644
11007 +--- a/drivers/infiniband/hw/mthca/mthca_main.c
11008 ++++ b/drivers/infiniband/hw/mthca/mthca_main.c
11009 +@@ -692,7 +692,7 @@ err_close:
11010 + return err;
11011 + }
11012 +
11013 +-static int mthca_setup_hca(struct mthca_dev *dev)
11014 ++static int __intentional_overflow(-1) mthca_setup_hca(struct mthca_dev *dev)
11015 + {
11016 + int err;
11017 +
11018 diff --git a/drivers/infiniband/hw/mthca/mthca_mr.c b/drivers/infiniband/hw/mthca/mthca_mr.c
11019 -index ed9a989..e0c5871 100644
11020 +index ed9a989..6aa5dc2 100644
11021 --- a/drivers/infiniband/hw/mthca/mthca_mr.c
11022 +++ b/drivers/infiniband/hw/mthca/mthca_mr.c
11023 +@@ -81,7 +81,7 @@ struct mthca_mpt_entry {
11024 + * through the bitmaps)
11025 + */
11026 +
11027 +-static u32 mthca_buddy_alloc(struct mthca_buddy *buddy, int order)
11028 ++static u32 __intentional_overflow(-1) mthca_buddy_alloc(struct mthca_buddy *buddy, int order)
11029 + {
11030 + int o;
11031 + int m;
11032 @@ -426,7 +426,7 @@ static inline u32 adjust_key(struct mthca_dev *dev, u32 key)
11033 return key;
11034 }
11035 @@ -37963,6 +38024,28 @@ index ed9a989..e0c5871 100644
11036 u64 iova, u64 total_size, u32 access, struct mthca_mr *mr)
11037 {
11038 struct mthca_mailbox *mailbox;
11039 +@@ -516,7 +516,7 @@ int mthca_mr_alloc_notrans(struct mthca_dev *dev, u32 pd,
11040 + return mthca_mr_alloc(dev, pd, 12, 0, ~0ULL, access, mr);
11041 + }
11042 +
11043 +-int mthca_mr_alloc_phys(struct mthca_dev *dev, u32 pd,
11044 ++int __intentional_overflow(-1) mthca_mr_alloc_phys(struct mthca_dev *dev, u32 pd,
11045 + u64 *buffer_list, int buffer_size_shift,
11046 + int list_len, u64 iova, u64 total_size,
11047 + u32 access, struct mthca_mr *mr)
11048 +diff --git a/drivers/infiniband/hw/mthca/mthca_provider.c b/drivers/infiniband/hw/mthca/mthca_provider.c
11049 +index 5b71d43..35a9e14 100644
11050 +--- a/drivers/infiniband/hw/mthca/mthca_provider.c
11051 ++++ b/drivers/infiniband/hw/mthca/mthca_provider.c
11052 +@@ -763,7 +763,7 @@ unlock:
11053 + return 0;
11054 + }
11055 +
11056 +-static int mthca_resize_cq(struct ib_cq *ibcq, int entries, struct ib_udata *udata)
11057 ++static int __intentional_overflow(-1) mthca_resize_cq(struct ib_cq *ibcq, int entries, struct ib_udata *udata)
11058 + {
11059 + struct mthca_dev *dev = to_mdev(ibcq->device);
11060 + struct mthca_cq *cq = to_mcq(ibcq);
11061 diff --git a/drivers/infiniband/hw/nes/nes.c b/drivers/infiniband/hw/nes/nes.c
11062 index 5965b3d..16817fb 100644
11063 --- a/drivers/infiniband/hw/nes/nes.c
11064 @@ -38840,6 +38923,19 @@ index 509135f..c8645eb 100644
11065 card->s0num[1][0] = '\0';
11066 card->s0num[2][0] = '\0';
11067 break;
11068 +diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c
11069 +index 4d395de..c504763 100644
11070 +--- a/drivers/isdn/mISDN/dsp_cmx.c
11071 ++++ b/drivers/isdn/mISDN/dsp_cmx.c
11072 +@@ -1623,7 +1623,7 @@ u32 dsp_spl_jiffies; /* calculate the next time to fire */
11073 + static u16 dsp_count; /* last sample count */
11074 + static int dsp_count_valid ; /* if we have last sample count */
11075 +
11076 +-void
11077 ++void __intentional_overflow(-1)
11078 + dsp_cmx_send(void *arg)
11079 + {
11080 + struct dsp_conf *conf;
11081 diff --git a/drivers/leds/leds-clevo-mail.c b/drivers/leds/leds-clevo-mail.c
11082 index a498135..6a39f48 100644
11083 --- a/drivers/leds/leds-clevo-mail.c
11084 @@ -39810,32 +39906,6 @@ index d345215..b607565 100644
11085 spin_lock_init(&vout->vbq_lock);
11086
11087 videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev,
11088 -diff --git a/drivers/media/video/saa7164/saa7164-encoder.c b/drivers/media/video/saa7164/saa7164-encoder.c
11089 -index 2fd38a0..ddec3c4 100644
11090 ---- a/drivers/media/video/saa7164/saa7164-encoder.c
11091 -+++ b/drivers/media/video/saa7164/saa7164-encoder.c
11092 -@@ -1136,6 +1136,8 @@ struct saa7164_user_buffer *saa7164_enc_next_buf(struct saa7164_port *port)
11093 - }
11094 -
11095 - static ssize_t fops_read(struct file *file, char __user *buffer,
11096 -+ size_t count, loff_t *pos) __size_overflow(3);
11097 -+static ssize_t fops_read(struct file *file, char __user *buffer,
11098 - size_t count, loff_t *pos)
11099 - {
11100 - struct saa7164_encoder_fh *fh = file->private_data;
11101 -diff --git a/drivers/media/video/saa7164/saa7164-vbi.c b/drivers/media/video/saa7164/saa7164-vbi.c
11102 -index e2e0341..b80056c 100644
11103 ---- a/drivers/media/video/saa7164/saa7164-vbi.c
11104 -+++ b/drivers/media/video/saa7164/saa7164-vbi.c
11105 -@@ -1081,6 +1081,8 @@ struct saa7164_user_buffer *saa7164_vbi_next_buf(struct saa7164_port *port)
11106 - }
11107 -
11108 - static ssize_t fops_read(struct file *file, char __user *buffer,
11109 -+ size_t count, loff_t *pos) __size_overflow(3);
11110 -+static ssize_t fops_read(struct file *file, char __user *buffer,
11111 - size_t count, loff_t *pos)
11112 - {
11113 - struct saa7164_vbi_fh *fh = file->private_data;
11114 diff --git a/drivers/media/video/timblogiw.c b/drivers/media/video/timblogiw.c
11115 index a0895bf..b451f5b 100644
11116 --- a/drivers/media/video/timblogiw.c
11117 @@ -46089,7 +46159,7 @@ index a5ea85f..6530989 100644
11118
11119 /* reallocate for each attempt, since references
11120 diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
11121 -index ab11ca3c..e9bb990 100644
11122 +index ab11ca3c..2df783d 100644
11123 --- a/drivers/usb/core/message.c
11124 +++ b/drivers/usb/core/message.c
11125 @@ -129,7 +129,7 @@ static int usb_internal_control_msg(struct usb_device *usb_dev,
11126 @@ -46101,6 +46171,24 @@ index ab11ca3c..e9bb990 100644
11127 __u8 requesttype, __u16 value, __u16 index, void *data,
11128 __u16 size, int timeout)
11129 {
11130 +@@ -182,7 +182,7 @@ EXPORT_SYMBOL_GPL(usb_control_msg);
11131 + * complete. Since you don't have a handle on the URB used, you can't cancel
11132 + * the request.
11133 + */
11134 +-int usb_interrupt_msg(struct usb_device *usb_dev, unsigned int pipe,
11135 ++int __intentional_overflow(-1) usb_interrupt_msg(struct usb_device *usb_dev, unsigned int pipe,
11136 + void *data, int len, int *actual_length, int timeout)
11137 + {
11138 + return usb_bulk_msg(usb_dev, pipe, data, len, actual_length, timeout);
11139 +@@ -220,7 +220,7 @@ EXPORT_SYMBOL_GPL(usb_interrupt_msg);
11140 + * interrupt endpoints. We will take the liberty of creating an interrupt URB
11141 + * (with the default interval) if the target is an interrupt endpoint.
11142 + */
11143 +-int usb_bulk_msg(struct usb_device *usb_dev, unsigned int pipe,
11144 ++int __intentional_overflow(-1) usb_bulk_msg(struct usb_device *usb_dev, unsigned int pipe,
11145 + void *data, int len, int *actual_length, int timeout)
11146 + {
11147 + struct urb *urb;
11148 diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c
11149 index 662c0cf..6880fbb 100644
11150 --- a/drivers/usb/core/sysfs.c
11151 @@ -52525,7 +52613,7 @@ index 451b9b8..12e5a03 100644
11152
11153 out_free_fd:
11154 diff --git a/fs/exec.c b/fs/exec.c
11155 -index a2d0e51..0d1143c 100644
11156 +index a2d0e51..8ece03f 100644
11157 --- a/fs/exec.c
11158 +++ b/fs/exec.c
11159 @@ -55,12 +55,35 @@
11160 @@ -53129,7 +53217,7 @@ index a2d0e51..0d1143c 100644
11161 cn->corename = kmalloc(cn->size, GFP_KERNEL);
11162 cn->used = 0;
11163
11164 -@@ -1833,6 +2016,284 @@ out:
11165 +@@ -1833,6 +2016,292 @@ out:
11166 return ispipe;
11167 }
11168
11169 @@ -53350,8 +53438,16 @@ index a2d0e51..0d1143c 100644
11170 +#endif
11171 +
11172 +#else
11173 -+ unsigned long textlow = _stext;
11174 -+ unsigned long texthigh = _etext;
11175 ++ unsigned long textlow = (unsigned long)_stext;
11176 ++ unsigned long texthigh = (unsigned long)_etext;
11177 ++
11178 ++#ifdef CONFIG_X86_64
11179 ++ /* check against linear mapping as well */
11180 ++ if (high > (unsigned long)__va(__pa(textlow)) &&
11181 ++ low <= (unsigned long)__va(__pa(texthigh)))
11182 ++ return true;
11183 ++#endif
11184 ++
11185 +#endif
11186 +
11187 + if (high <= textlow || low > texthigh)
11188 @@ -53414,7 +53510,7 @@ index a2d0e51..0d1143c 100644
11189 static int zap_process(struct task_struct *start, int exit_code)
11190 {
11191 struct task_struct *t;
11192 -@@ -2006,17 +2467,17 @@ static void coredump_finish(struct mm_struct *mm)
11193 +@@ -2006,17 +2475,17 @@ static void coredump_finish(struct mm_struct *mm)
11194 void set_dumpable(struct mm_struct *mm, int value)
11195 {
11196 switch (value) {
11197 @@ -53435,7 +53531,7 @@ index a2d0e51..0d1143c 100644
11198 set_bit(MMF_DUMP_SECURELY, &mm->flags);
11199 smp_wmb();
11200 set_bit(MMF_DUMPABLE, &mm->flags);
11201 -@@ -2029,7 +2490,7 @@ static int __get_dumpable(unsigned long mm_flags)
11202 +@@ -2029,7 +2498,7 @@ static int __get_dumpable(unsigned long mm_flags)
11203 int ret;
11204
11205 ret = mm_flags & MMF_DUMPABLE_MASK;
11206 @@ -53444,7 +53540,7 @@ index a2d0e51..0d1143c 100644
11207 }
11208
11209 int get_dumpable(struct mm_struct *mm)
11210 -@@ -2044,17 +2505,17 @@ static void wait_for_dump_helpers(struct file *file)
11211 +@@ -2044,17 +2513,17 @@ static void wait_for_dump_helpers(struct file *file)
11212 pipe = file->f_path.dentry->d_inode->i_pipe;
11213
11214 pipe_lock(pipe);
11215 @@ -53467,7 +53563,7 @@ index a2d0e51..0d1143c 100644
11216 pipe_unlock(pipe);
11217
11218 }
11219 -@@ -2115,7 +2576,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
11220 +@@ -2115,7 +2584,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
11221 int retval = 0;
11222 int flag = 0;
11223 int ispipe;
11224 @@ -53477,7 +53573,7 @@ index a2d0e51..0d1143c 100644
11225 struct coredump_params cprm = {
11226 .signr = signr,
11227 .regs = regs,
11228 -@@ -2130,6 +2592,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
11229 +@@ -2130,6 +2600,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
11230
11231 audit_core_dumps(signr);
11232
11233 @@ -53487,7 +53583,7 @@ index a2d0e51..0d1143c 100644
11234 binfmt = mm->binfmt;
11235 if (!binfmt || !binfmt->core_dump)
11236 goto fail;
11237 -@@ -2140,14 +2605,16 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
11238 +@@ -2140,14 +2613,16 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
11239 if (!cred)
11240 goto fail;
11241 /*
11242 @@ -53508,7 +53604,7 @@ index a2d0e51..0d1143c 100644
11243 }
11244
11245 retval = coredump_wait(exit_code, &core_state);
11246 -@@ -2197,7 +2664,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
11247 +@@ -2197,7 +2672,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
11248 }
11249 cprm.limit = RLIM_INFINITY;
11250
11251 @@ -53517,7 +53613,7 @@ index a2d0e51..0d1143c 100644
11252 if (core_pipe_limit && (core_pipe_limit < dump_count)) {
11253 printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
11254 task_tgid_vnr(current), current->comm);
11255 -@@ -2224,9 +2691,19 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
11256 +@@ -2224,9 +2699,19 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
11257 } else {
11258 struct inode *inode;
11259
11260 @@ -53537,7 +53633,7 @@ index a2d0e51..0d1143c 100644
11261 cprm.file = filp_open(cn.corename,
11262 O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag,
11263 0600);
11264 -@@ -2267,7 +2744,7 @@ close_fail:
11265 +@@ -2267,7 +2752,7 @@ close_fail:
11266 filp_close(cprm.file, NULL);
11267 fail_dropcount:
11268 if (ispipe)
11269 @@ -53546,7 +53642,7 @@ index a2d0e51..0d1143c 100644
11270 fail_unlock:
11271 kfree(cn.corename);
11272 fail_corename:
11273 -@@ -2286,7 +2763,7 @@ fail:
11274 +@@ -2286,7 +2771,7 @@ fail:
11275 */
11276 int dump_write(struct file *file, const void *addr, int nr)
11277 {
11278 @@ -53592,6 +53688,31 @@ index bd8ac16..43811b9 100644
11279
11280 static int __init init_ext2_fs(void)
11281 {
11282 +diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c
11283 +index d27b71f..071b0e1 100644
11284 +--- a/fs/ext2/xattr.c
11285 ++++ b/fs/ext2/xattr.c
11286 +@@ -248,7 +248,7 @@ ext2_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size)
11287 + struct buffer_head *bh = NULL;
11288 + struct ext2_xattr_entry *entry;
11289 + char *end;
11290 +- size_t rest = buffer_size;
11291 ++ size_t rest = buffer_size, total_size = 0;
11292 + int error;
11293 +
11294 + ea_idebug(inode, "buffer=%p, buffer_size=%ld",
11295 +@@ -306,9 +306,10 @@ bad_block: ext2_error(inode->i_sb, "ext2_xattr_list",
11296 + buffer += size;
11297 + }
11298 + rest -= size;
11299 ++ total_size += size;
11300 + }
11301 + }
11302 +- error = buffer_size - rest; /* total size */
11303 ++ error = total_size;
11304 +
11305 + cleanup:
11306 + brelse(bh);
11307 diff --git a/fs/ext3/balloc.c b/fs/ext3/balloc.c
11308 index a203892..4e64db5 100644
11309 --- a/fs/ext3/balloc.c
11310 @@ -53621,6 +53742,31 @@ index b7f314f..ef3b16c 100644
11311
11312 static int __init init_ext3_fs(void)
11313 {
11314 +diff --git a/fs/ext3/xattr.c b/fs/ext3/xattr.c
11315 +index d565759..a1315f2 100644
11316 +--- a/fs/ext3/xattr.c
11317 ++++ b/fs/ext3/xattr.c
11318 +@@ -335,7 +335,7 @@ static int
11319 + ext3_xattr_list_entries(struct dentry *dentry, struct ext3_xattr_entry *entry,
11320 + char *buffer, size_t buffer_size)
11321 + {
11322 +- size_t rest = buffer_size;
11323 ++ size_t rest = buffer_size, total_size = 0;
11324 +
11325 + for (; !IS_LAST_ENTRY(entry); entry = EXT3_XATTR_NEXT(entry)) {
11326 + const struct xattr_handler *handler =
11327 +@@ -352,9 +352,10 @@ ext3_xattr_list_entries(struct dentry *dentry, struct ext3_xattr_entry *entry,
11328 + buffer += size;
11329 + }
11330 + rest -= size;
11331 ++ total_size += size;
11332 + }
11333 + }
11334 +- return buffer_size - rest;
11335 ++ return total_size;
11336 + }
11337 +
11338 + static int
11339 diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
11340 index 2845a1f..f29de63 100644
11341 --- a/fs/ext4/balloc.c
11342 @@ -53873,10 +54019,31 @@ index 84f84bf..a8770cd 100644
11343 static int __init ext4_init_feat_adverts(void)
11344 {
11345 diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
11346 -index d5498b2..b4e9f3f 100644
11347 +index d5498b2..14a9eca 100644
11348 --- a/fs/ext4/xattr.c
11349 +++ b/fs/ext4/xattr.c
11350 -@@ -1269,6 +1269,8 @@ retry:
11351 +@@ -328,7 +328,7 @@ static int
11352 + ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry,
11353 + char *buffer, size_t buffer_size)
11354 + {
11355 +- size_t rest = buffer_size;
11356 ++ size_t rest = buffer_size, total_size = 0;
11357 +
11358 + for (; !IS_LAST_ENTRY(entry); entry = EXT4_XATTR_NEXT(entry)) {
11359 + const struct xattr_handler *handler =
11360 +@@ -345,9 +345,10 @@ ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry,
11361 + buffer += size;
11362 + }
11363 + rest -= size;
11364 ++ total_size += size;
11365 + }
11366 + }
11367 +- return buffer_size - rest;
11368 ++ return total_size;
11369 + }
11370 +
11371 + static int
11372 +@@ -1269,6 +1270,8 @@ retry:
11373 s_min_extra_isize) {
11374 tried_min_extra_isize++;
11375 new_extra_isize = s_min_extra_isize;
11376 @@ -59308,7 +59475,7 @@ index d33418f..2a5345e 100644
11377 return -EINVAL;
11378
11379 diff --git a/fs/seq_file.c b/fs/seq_file.c
11380 -index dba43c3..7511af2 100644
11381 +index dba43c3..4e25536 100644
11382 --- a/fs/seq_file.c
11383 +++ b/fs/seq_file.c
11384 @@ -9,6 +9,7 @@
11385 @@ -59353,6 +59520,15 @@ index dba43c3..7511af2 100644
11386 return !m->buf ? -ENOMEM : -EAGAIN;
11387 }
11388
11389 +@@ -132,7 +144,7 @@ Eoverflow:
11390 + ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
11391 + {
11392 + struct seq_file *m = file->private_data;
11393 +- size_t copied = 0;
11394 ++ ssize_t copied = 0;
11395 + loff_t pos;
11396 + size_t n;
11397 + void *p;
11398 @@ -169,7 +181,11 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
11399 m->version = file->f_version;
11400 /* grab buffer if we didn't have one */
11401 @@ -59851,7 +60027,7 @@ index 3915ade..00fcbf4 100644
11402 static int __init init_ufs_fs(void)
11403 {
11404 diff --git a/fs/ufs/swab.h b/fs/ufs/swab.h
11405 -index 8d974c4..b82f6ec 100644
11406 +index 8d974c4..4c19a7b 100644
11407 --- a/fs/ufs/swab.h
11408 +++ b/fs/ufs/swab.h
11409 @@ -22,7 +22,7 @@ enum {
11410 @@ -59872,6 +60048,15 @@ index 8d974c4..b82f6ec 100644
11411 fs32_to_cpu(struct super_block *sbp, __fs32 n)
11412 {
11413 if (UFS_SB(sbp)->s_bytesex == BYTESEX_LE)
11414 +@@ -76,7 +76,7 @@ fs32_sub(struct super_block *sbp, __fs32 *n, int d)
11415 + be32_add_cpu((__be32 *)n, -d);
11416 + }
11417 +
11418 +-static inline u16
11419 ++static inline u16 __intentional_overflow(-1)
11420 + fs16_to_cpu(struct super_block *sbp, __fs16 n)
11421 + {
11422 + if (UFS_SB(sbp)->s_bytesex == BYTESEX_LE)
11423 diff --git a/fs/utimes.c b/fs/utimes.c
11424 index ba653f3..06ea4b1 100644
11425 --- a/fs/utimes.c
11426 @@ -60093,7 +60278,7 @@ index 8a89949..6776861 100644
11427 xfs_init_zones(void)
11428 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
11429 new file mode 100644
11430 -index 0000000..138a59d
11431 +index 0000000..7e54fd7
11432 --- /dev/null
11433 +++ b/grsecurity/Kconfig
11434 @@ -0,0 +1,1080 @@
11435 @@ -60688,7 +60873,7 @@ index 0000000..138a59d
11436 +config GRKERNSEC_CHROOT_INITRD
11437 + bool "Exempt initrd tasks from restrictions"
11438 + default y if GRKERNSEC_CONFIG_AUTO
11439 -+ depends on GRKERNSEC_CHROOT && BLK_DEV_RAM
11440 ++ depends on GRKERNSEC_CHROOT && BLK_DEV_INITRD
11441 + help
11442 + If you say Y here, tasks started prior to init will be exempted from
11443 + grsecurity's chroot restrictions. This option is mainly meant to
11444 @@ -61179,7 +61364,7 @@ index 0000000..138a59d
11445 +endmenu
11446 diff --git a/grsecurity/Makefile b/grsecurity/Makefile
11447 new file mode 100644
11448 -index 0000000..b0b77d5
11449 +index 0000000..2f8793f
11450 --- /dev/null
11451 +++ b/grsecurity/Makefile
11452 @@ -0,0 +1,43 @@
11453 @@ -61200,7 +61385,7 @@ index 0000000..b0b77d5
11454 +
11455 +obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \
11456 + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
11457 -+ gracl_learn.o grsec_log.o
11458 ++ gracl_learn.o grsec_log.o gracl_policy.o
11459 +ifdef CONFIG_COMPAT
11460 +obj-$(CONFIG_GRKERNSEC) += gracl_compat.o
11461 +endif
11462 @@ -61228,10 +61413,10 @@ index 0000000..b0b77d5
11463 +endif
11464 diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
11465 new file mode 100644
11466 -index 0000000..35b85f2
11467 +index 0000000..02c6217
11468 --- /dev/null
11469 +++ b/grsecurity/gracl.c
11470 -@@ -0,0 +1,4323 @@
11471 +@@ -0,0 +1,2769 @@
11472 +#include <linux/kernel.h>
11473 +#include <linux/module.h>
11474 +#include <linux/sched.h>
11475 @@ -61270,51 +61455,31 @@ index 0000000..35b85f2
11476 +#include <asm/errno.h>
11477 +#include <asm/mman.h>
11478 +
11479 -+static struct acl_role_db acl_role_set;
11480 -+static struct name_db name_set;
11481 -+static struct inodev_db inodev_set;
11482 -+
11483 -+/* for keeping track of userspace pointers used for subjects, so we
11484 -+ can share references in the kernel as well
11485 -+*/
11486 -+
11487 -+static struct path real_root;
11488 -+
11489 -+static struct acl_subj_map_db subj_map_set;
11490 ++#define FOR_EACH_ROLE_START(role) \
11491 ++ role = running_polstate.role_list; \
11492 ++ while (role) {
11493 +
11494 -+static struct acl_role_label *default_role;
11495 ++#define FOR_EACH_ROLE_END(role) \
11496 ++ role = role->prev; \
11497 ++ }
11498 +
11499 -+static struct acl_role_label *role_list;
11500 ++extern struct path gr_real_root;
11501 +
11502 -+static u16 acl_sp_role_value;
11503 ++static struct gr_policy_state running_polstate;
11504 ++struct gr_policy_state *polstate = &running_polstate;
11505 ++extern struct gr_alloc_state *current_alloc_state;
11506 +
11507 +extern char *gr_shared_page[4];
11508 +static DEFINE_MUTEX(gr_dev_mutex);
11509 +DEFINE_RWLOCK(gr_inode_lock);
11510 +
11511 -+struct gr_arg *gr_usermode;
11512 -+
11513 +static unsigned int gr_status __read_only = GR_STATUS_INIT;
11514 +
11515 -+extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
11516 -+extern void gr_clear_learn_entries(void);
11517 -+
11518 +#ifdef CONFIG_GRKERNSEC_RESLOG
11519 +extern void gr_log_resource(const struct task_struct *task,
11520 + const int res, const unsigned long wanted, const int gt);
11521 +#endif
11522 +
11523 -+unsigned char *gr_system_salt;
11524 -+unsigned char *gr_system_sum;
11525 -+
11526 -+static struct sprole_pw **acl_special_roles = NULL;
11527 -+static __u16 num_sprole_pws = 0;
11528 -+
11529 -+static struct acl_role_label *kernel_role = NULL;
11530 -+
11531 -+static unsigned int gr_auth_attempts = 0;
11532 -+static unsigned long gr_auth_expires = 0UL;
11533 -+
11534 +#ifdef CONFIG_NET
11535 +extern struct vfsmount *sock_mnt;
11536 +#endif
11537 @@ -61325,160 +61490,33 @@ index 0000000..35b85f2
11538 +extern struct vfsmount *hugetlbfs_vfsmount;
11539 +#endif
11540 +
11541 -+static struct acl_object_label *fakefs_obj_rw;
11542 -+static struct acl_object_label *fakefs_obj_rwx;
11543 -+
11544 -+extern int gr_init_uidset(void);
11545 -+extern void gr_free_uidset(void);
11546 -+extern void gr_remove_uid(uid_t uid);
11547 -+extern int gr_find_uid(uid_t uid);
11548 -+
11549 +DECLARE_BRLOCK(vfsmount_lock);
11550 +
11551 -+static int copy_acl_object_label_normal(struct acl_object_label *obj, const struct acl_object_label *userp)
11552 -+{
11553 -+ if (copy_from_user(obj, userp, sizeof(struct acl_object_label)))
11554 -+ return -EFAULT;
11555 -+
11556 -+ return 0;
11557 -+}
11558 -+
11559 -+static int copy_acl_ip_label_normal(struct acl_ip_label *ip, const struct acl_ip_label *userp)
11560 -+{
11561 -+ if (copy_from_user(ip, userp, sizeof(struct acl_ip_label)))
11562 -+ return -EFAULT;
11563 -+
11564 -+ return 0;
11565 -+}
11566 -+
11567 -+static int copy_acl_subject_label_normal(struct acl_subject_label *subj, const struct acl_subject_label *userp)
11568 -+{
11569 -+ if (copy_from_user(subj, userp, sizeof(struct acl_subject_label)))
11570 -+ return -EFAULT;
11571 -+
11572 -+ return 0;
11573 -+}
11574 -+
11575 -+static int copy_acl_role_label_normal(struct acl_role_label *role, const struct acl_role_label *userp)
11576 -+{
11577 -+ if (copy_from_user(role, userp, sizeof(struct acl_role_label)))
11578 -+ return -EFAULT;
11579 -+
11580 -+ return 0;
11581 -+}
11582 -+
11583 -+static int copy_role_allowed_ip_normal(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp)
11584 -+{
11585 -+ if (copy_from_user(roleip, userp, sizeof(struct role_allowed_ip)))
11586 -+ return -EFAULT;
11587 -+
11588 -+ return 0;
11589 -+}
11590 ++extern u16 acl_sp_role_value;
11591 ++extern struct acl_object_label *fakefs_obj_rw;
11592 ++extern struct acl_object_label *fakefs_obj_rwx;
11593 +
11594 -+static int copy_sprole_pw_normal(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp)
11595 ++int gr_acl_is_enabled(void)
11596 +{
11597 -+ if (copy_from_user(pw, userp + idx, sizeof(struct sprole_pw)))
11598 -+ return -EFAULT;
11599 -+
11600 -+ return 0;
11601 -+}
11602 -+
11603 -+static int copy_gr_hash_struct_normal(struct gr_hash_struct *hash, const struct gr_hash_struct *userp)
11604 -+{
11605 -+ if (copy_from_user(hash, userp, sizeof(struct gr_hash_struct)))
11606 -+ return -EFAULT;
11607 -+
11608 -+ return 0;
11609 -+}
11610 -+
11611 -+static int copy_role_transition_normal(struct role_transition *trans, const struct role_transition *userp)
11612 -+{
11613 -+ if (copy_from_user(trans, userp, sizeof(struct role_transition)))
11614 -+ return -EFAULT;
11615 -+
11616 -+ return 0;
11617 -+}
11618 -+
11619 -+int copy_pointer_from_array_normal(void *ptr, unsigned long idx, const void *userp)
11620 -+{
11621 -+ if (copy_from_user(ptr, userp + (idx * sizeof(void *)), sizeof(void *)))
11622 -+ return -EFAULT;
11623 -+
11624 -+ return 0;
11625 ++ return (gr_status & GR_READY);
11626 +}
11627 +
11628 -+static int copy_gr_arg_wrapper_normal(const char __user *buf, struct gr_arg_wrapper *uwrap)
11629 ++void gr_enable_rbac_system(void)
11630 +{
11631 -+ if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper)))
11632 -+ return -EFAULT;
11633 -+
11634 -+ if ((uwrap->version != GRSECURITY_VERSION) || (uwrap->size != sizeof(struct gr_arg)))
11635 -+ return -EINVAL;
11636 -+
11637 -+ return 0;
11638 ++ pax_open_kernel();
11639 ++ gr_status |= GR_READY;
11640 ++ pax_close_kernel();
11641 +}
11642 +
11643 -+static int copy_gr_arg_normal(const struct gr_arg __user *buf, struct gr_arg *arg)
11644 ++int gr_rbac_disable(void *unused)
11645 +{
11646 -+ if (copy_from_user(arg, buf, sizeof (struct gr_arg)))
11647 -+ return -EFAULT;
11648 ++ pax_open_kernel();
11649 ++ gr_status &= ~GR_READY;
11650 ++ pax_close_kernel();
11651 +
11652 + return 0;
11653 +}
11654 +
11655 -+static size_t get_gr_arg_wrapper_size_normal(void)
11656 -+{
11657 -+ return sizeof(struct gr_arg_wrapper);
11658 -+}
11659 -+
11660 -+#ifdef CONFIG_COMPAT
11661 -+extern int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap);
11662 -+extern int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg);
11663 -+extern int copy_acl_object_label_compat(struct acl_object_label *obj, const struct acl_object_label *userp);
11664 -+extern int copy_acl_subject_label_compat(struct acl_subject_label *subj, const struct acl_subject_label *userp);
11665 -+extern int copy_acl_role_label_compat(struct acl_role_label *role, const struct acl_role_label *userp);
11666 -+extern int copy_role_allowed_ip_compat(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp);
11667 -+extern int copy_role_transition_compat(struct role_transition *trans, const struct role_transition *userp);
11668 -+extern int copy_gr_hash_struct_compat(struct gr_hash_struct *hash, const struct gr_hash_struct *userp);
11669 -+extern int copy_pointer_from_array_compat(void *ptr, unsigned long idx, const void *userp);
11670 -+extern int copy_acl_ip_label_compat(struct acl_ip_label *ip, const struct acl_ip_label *userp);
11671 -+extern int copy_sprole_pw_compat(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp);
11672 -+extern size_t get_gr_arg_wrapper_size_compat(void);
11673 -+
11674 -+int (* copy_gr_arg_wrapper)(const char *buf, struct gr_arg_wrapper *uwrap) __read_only;
11675 -+int (* copy_gr_arg)(const struct gr_arg *buf, struct gr_arg *arg) __read_only;
11676 -+int (* copy_acl_object_label)(struct acl_object_label *obj, const struct acl_object_label *userp) __read_only;
11677 -+int (* copy_acl_subject_label)(struct acl_subject_label *subj, const struct acl_subject_label *userp) __read_only;
11678 -+int (* copy_acl_role_label)(struct acl_role_label *role, const struct acl_role_label *userp) __read_only;
11679 -+int (* copy_acl_ip_label)(struct acl_ip_label *ip, const struct acl_ip_label *userp) __read_only;
11680 -+int (* copy_pointer_from_array)(void *ptr, unsigned long idx, const void *userp) __read_only;
11681 -+int (* copy_sprole_pw)(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp) __read_only;
11682 -+int (* copy_gr_hash_struct)(struct gr_hash_struct *hash, const struct gr_hash_struct *userp) __read_only;
11683 -+int (* copy_role_transition)(struct role_transition *trans, const struct role_transition *userp) __read_only;
11684 -+int (* copy_role_allowed_ip)(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp) __read_only;
11685 -+size_t (* get_gr_arg_wrapper_size)(void) __read_only;
11686 -+
11687 -+#else
11688 -+#define copy_gr_arg_wrapper copy_gr_arg_wrapper_normal
11689 -+#define copy_gr_arg copy_gr_arg_normal
11690 -+#define copy_gr_hash_struct copy_gr_hash_struct_normal
11691 -+#define copy_acl_object_label copy_acl_object_label_normal
11692 -+#define copy_acl_subject_label copy_acl_subject_label_normal
11693 -+#define copy_acl_role_label copy_acl_role_label_normal
11694 -+#define copy_acl_ip_label copy_acl_ip_label_normal
11695 -+#define copy_pointer_from_array copy_pointer_from_array_normal
11696 -+#define copy_sprole_pw copy_sprole_pw_normal
11697 -+#define copy_role_transition copy_role_transition_normal
11698 -+#define copy_role_allowed_ip copy_role_allowed_ip_normal
11699 -+#define get_gr_arg_wrapper_size get_gr_arg_wrapper_size_normal
11700 -+#endif
11701 -+
11702 -+__inline__ int
11703 -+gr_acl_is_enabled(void)
11704 -+{
11705 -+ return (gr_status & GR_READY);
11706 -+}
11707 -+
11708 +static inline dev_t __get_dev(const struct dentry *dentry)
11709 +{
11710 +#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
11711 @@ -61540,7 +61578,7 @@ index 0000000..35b85f2
11712 + return 0;
11713 +}
11714 +
11715 -+static int
11716 ++int
11717 +gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb)
11718 +{
11719 + if (likely(lena != lenb))
11720 @@ -61645,9 +61683,9 @@ index 0000000..35b85f2
11721 + path.dentry = (struct dentry *)dentry;
11722 + path.mnt = (struct vfsmount *)vfsmnt;
11723 +
11724 -+ /* we can use real_root.dentry, real_root.mnt, because this is only called
11725 ++ /* we can use gr_real_root.dentry, gr_real_root.mnt, because this is only called
11726 + by the RBAC system */
11727 -+ res = gen_full_path(&path, &real_root, buf, buflen);
11728 ++ res = gen_full_path(&path, &gr_real_root, buf, buflen);
11729 +
11730 + return res;
11731 +}
11732 @@ -61664,7 +61702,7 @@ index 0000000..35b85f2
11733 + path.dentry = (struct dentry *)dentry;
11734 + path.mnt = (struct vfsmount *)vfsmnt;
11735 +
11736 -+ /* we can't use real_root.dentry, real_root.mnt, because they belong only to the RBAC system */
11737 ++ /* we can't use gr_real_root.dentry, gr_real_root.mnt, because they belong only to the RBAC system */
11738 + get_fs_root(reaper->fs, &root);
11739 +
11740 + br_read_lock(vfsmount_lock);
11741 @@ -61677,7 +61715,7 @@ index 0000000..35b85f2
11742 + return res;
11743 +}
11744 +
11745 -+static char *
11746 ++char *
11747 +gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt)
11748 +{
11749 + char *ret;
11750 @@ -61755,54 +61793,17 @@ index 0000000..35b85f2
11751 + return (((reqmode & ~GR_AUDITS) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0));
11752 +}
11753 +
11754 -+struct acl_subject_label *
11755 -+lookup_subject_map(const struct acl_subject_label *userp)
11756 -+{
11757 -+ unsigned int index = gr_shash(userp, subj_map_set.s_size);
11758 -+ struct subject_map *match;
11759 -+
11760 -+ match = subj_map_set.s_hash[index];
11761 -+
11762 -+ while (match && match->user != userp)
11763 -+ match = match->next;
11764 -+
11765 -+ if (match != NULL)
11766 -+ return match->kernel;
11767 -+ else
11768 -+ return NULL;
11769 -+}
11770 -+
11771 -+static void
11772 -+insert_subj_map_entry(struct subject_map *subjmap)
11773 -+{
11774 -+ unsigned int index = gr_shash(subjmap->user, subj_map_set.s_size);
11775 -+ struct subject_map **curr;
11776 -+
11777 -+ subjmap->prev = NULL;
11778 -+
11779 -+ curr = &subj_map_set.s_hash[index];
11780 -+ if (*curr != NULL)
11781 -+ (*curr)->prev = subjmap;
11782 -+
11783 -+ subjmap->next = *curr;
11784 -+ *curr = subjmap;
11785 -+
11786 -+ return;
11787 -+}
11788 -+
11789 -+static struct acl_role_label *
11790 -+lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
11791 ++struct acl_role_label *
11792 ++__lookup_acl_role_label(const struct gr_policy_state *state, const struct task_struct *task, const uid_t uid,
11793 + const gid_t gid)
11794 +{
11795 -+ unsigned int index = gr_rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
11796 ++ unsigned int index = gr_rhash(uid, GR_ROLE_USER, state->acl_role_set.r_size);
11797 + struct acl_role_label *match;
11798 + struct role_allowed_ip *ipp;
11799 + unsigned int x;
11800 -+ u32 curr_ip = task->signal->curr_ip;
11801 -+
11802 -+ task->signal->saved_ip = curr_ip;
11803 ++ u32 curr_ip = task->signal->saved_ip;
11804 +
11805 -+ match = acl_role_set.r_hash[index];
11806 ++ match = state->acl_role_set.r_hash[index];
11807 +
11808 + while (match) {
11809 + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_USER)) == (GR_ROLE_DOMAIN | GR_ROLE_USER)) {
11810 @@ -61817,8 +61818,8 @@ index 0000000..35b85f2
11811 +found:
11812 + if (match == NULL) {
11813 + try_group:
11814 -+ index = gr_rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
11815 -+ match = acl_role_set.r_hash[index];
11816 ++ index = gr_rhash(gid, GR_ROLE_GROUP, state->acl_role_set.r_size);
11817 ++ match = state->acl_role_set.r_hash[index];
11818 +
11819 + while (match) {
11820 + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) == (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) {
11821 @@ -61832,7 +61833,7 @@ index 0000000..35b85f2
11822 + }
11823 +found2:
11824 + if (match == NULL)
11825 -+ match = default_role;
11826 ++ match = state->default_role;
11827 + if (match->allowed_ips == NULL)
11828 + return match;
11829 + else {
11830 @@ -61842,7 +61843,7 @@ index 0000000..35b85f2
11831 + (ntohl(ipp->addr) & ipp->netmask)))
11832 + return match;
11833 + }
11834 -+ match = default_role;
11835 ++ match = state->default_role;
11836 + }
11837 + } else if (match->allowed_ips == NULL) {
11838 + return match;
11839 @@ -61859,6 +61860,13 @@ index 0000000..35b85f2
11840 + return match;
11841 +}
11842 +
11843 ++static struct acl_role_label *
11844 ++lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
11845 ++ const gid_t gid)
11846 ++{
11847 ++ return __lookup_acl_role_label(&running_polstate, task, uid, gid);
11848 ++}
11849 ++
11850 +struct acl_subject_label *
11851 +lookup_acl_subj_label(const ino_t ino, const dev_t dev,
11852 + const struct acl_role_label *role)
11853 @@ -61949,15 +61957,15 @@ index 0000000..35b85f2
11854 + return NULL;
11855 +}
11856 +
11857 -+static struct name_entry *
11858 -+lookup_name_entry(const char *name)
11859 ++struct name_entry *
11860 ++__lookup_name_entry(const struct gr_policy_state *state, const char *name)
11861 +{
11862 + unsigned int len = strlen(name);
11863 + unsigned int key = full_name_hash(name, len);
11864 -+ unsigned int index = key % name_set.n_size;
11865 ++ unsigned int index = key % state->name_set.n_size;
11866 + struct name_entry *match;
11867 +
11868 -+ match = name_set.n_hash[index];
11869 ++ match = state->name_set.n_hash[index];
11870 +
11871 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len)))
11872 + match = match->next;
11873 @@ -61966,14 +61974,20 @@ index 0000000..35b85f2
11874 +}
11875 +
11876 +static struct name_entry *
11877 ++lookup_name_entry(const char *name)
11878 ++{
11879 ++ return __lookup_name_entry(&running_polstate, name);
11880 ++}
11881 ++
11882 ++static struct name_entry *
11883 +lookup_name_entry_create(const char *name)
11884 +{
11885 + unsigned int len = strlen(name);
11886 + unsigned int key = full_name_hash(name, len);
11887 -+ unsigned int index = key % name_set.n_size;
11888 ++ unsigned int index = key % running_polstate.name_set.n_size;
11889 + struct name_entry *match;
11890 +
11891 -+ match = name_set.n_hash[index];
11892 ++ match = running_polstate.name_set.n_hash[index];
11893 +
11894 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
11895 + !match->deleted))
11896 @@ -61982,7 +61996,7 @@ index 0000000..35b85f2
11897 + if (match && match->deleted)
11898 + return match;
11899 +
11900 -+ match = name_set.n_hash[index];
11901 ++ match = running_polstate.name_set.n_hash[index];
11902 +
11903 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
11904 + match->deleted))
11905 @@ -61997,10 +62011,10 @@ index 0000000..35b85f2
11906 +static struct inodev_entry *
11907 +lookup_inodev_entry(const ino_t ino, const dev_t dev)
11908 +{
11909 -+ unsigned int index = gr_fhash(ino, dev, inodev_set.i_size);
11910 ++ unsigned int index = gr_fhash(ino, dev, running_polstate.inodev_set.i_size);
11911 + struct inodev_entry *match;
11912 +
11913 -+ match = inodev_set.i_hash[index];
11914 ++ match = running_polstate.inodev_set.i_hash[index];
11915 +
11916 + while (match && (match->nentry->inode != ino || match->nentry->device != dev))
11917 + match = match->next;
11918 @@ -62008,16 +62022,16 @@ index 0000000..35b85f2
11919 + return match;
11920 +}
11921 +
11922 -+static void
11923 -+insert_inodev_entry(struct inodev_entry *entry)
11924 ++void
11925 ++__insert_inodev_entry(const struct gr_policy_state *state, struct inodev_entry *entry)
11926 +{
11927 + unsigned int index = gr_fhash(entry->nentry->inode, entry->nentry->device,
11928 -+ inodev_set.i_size);
11929 ++ state->inodev_set.i_size);
11930 + struct inodev_entry **curr;
11931 +
11932 + entry->prev = NULL;
11933 +
11934 -+ curr = &inodev_set.i_hash[index];
11935 ++ curr = &state->inodev_set.i_hash[index];
11936 + if (*curr != NULL)
11937 + (*curr)->prev = entry;
11938 +
11939 @@ -62028,138 +62042,12 @@ index 0000000..35b85f2
11940 +}
11941 +
11942 +static void
11943 -+__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
11944 -+{
11945 -+ unsigned int index =
11946 -+ gr_rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
11947 -+ struct acl_role_label **curr;
11948 -+ struct acl_role_label *tmp, *tmp2;
11949 -+
11950 -+ curr = &acl_role_set.r_hash[index];
11951 -+
11952 -+ /* simple case, slot is empty, just set it to our role */
11953 -+ if (*curr == NULL) {
11954 -+ *curr = role;
11955 -+ } else {
11956 -+ /* example:
11957 -+ 1 -> 2 -> 3 (adding 2 -> 3 to here)
11958 -+ 2 -> 3
11959 -+ */
11960 -+ /* first check to see if we can already be reached via this slot */
11961 -+ tmp = *curr;
11962 -+ while (tmp && tmp != role)
11963 -+ tmp = tmp->next;
11964 -+ if (tmp == role) {
11965 -+ /* we don't need to add ourselves to this slot's chain */
11966 -+ return;
11967 -+ }
11968 -+ /* we need to add ourselves to this chain, two cases */
11969 -+ if (role->next == NULL) {
11970 -+ /* simple case, append the current chain to our role */
11971 -+ role->next = *curr;
11972 -+ *curr = role;
11973 -+ } else {
11974 -+ /* 1 -> 2 -> 3 -> 4
11975 -+ 2 -> 3 -> 4
11976 -+ 3 -> 4 (adding 1 -> 2 -> 3 -> 4 to here)
11977 -+ */
11978 -+ /* trickier case: walk our role's chain until we find
11979 -+ the role for the start of the current slot's chain */
11980 -+ tmp = role;
11981 -+ tmp2 = *curr;
11982 -+ while (tmp->next && tmp->next != tmp2)
11983 -+ tmp = tmp->next;
11984 -+ if (tmp->next == tmp2) {
11985 -+ /* from example above, we found 3, so just
11986 -+ replace this slot's chain with ours */
11987 -+ *curr = role;
11988 -+ } else {
11989 -+ /* we didn't find a subset of our role's chain
11990 -+ in the current slot's chain, so append their
11991 -+ chain to ours, and set us as the first role in
11992 -+ the slot's chain
11993 -+
11994 -+ we could fold this case with the case above,
11995 -+ but making it explicit for clarity
11996 -+ */
11997 -+ tmp->next = tmp2;
11998 -+ *curr = role;
11999 -+ }
12000 -+ }
12001 -+ }
12002 -+
12003 -+ return;
12004 -+}
12005 -+
12006 -+static void
12007 -+insert_acl_role_label(struct acl_role_label *role)
12008 -+{
12009 -+ int i;
12010 -+
12011 -+ if (role_list == NULL) {
12012 -+ role_list = role;
12013 -+ role->prev = NULL;
12014 -+ } else {
12015 -+ role->prev = role_list;
12016 -+ role_list = role;
12017 -+ }
12018 -+
12019 -+ /* used for hash chains */
12020 -+ role->next = NULL;
12021 -+
12022 -+ if (role->roletype & GR_ROLE_DOMAIN) {
12023 -+ for (i = 0; i < role->domain_child_num; i++)
12024 -+ __insert_acl_role_label(role, role->domain_children[i]);
12025 -+ } else
12026 -+ __insert_acl_role_label(role, role->uidgid);
12027 -+}
12028 -+
12029 -+static int
12030 -+insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted)
12031 ++insert_inodev_entry(struct inodev_entry *entry)
12032 +{
12033 -+ struct name_entry **curr, *nentry;
12034 -+ struct inodev_entry *ientry;
12035 -+ unsigned int len = strlen(name);
12036 -+ unsigned int key = full_name_hash(name, len);
12037 -+ unsigned int index = key % name_set.n_size;
12038 -+
12039 -+ curr = &name_set.n_hash[index];
12040 -+
12041 -+ while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len)))
12042 -+ curr = &((*curr)->next);
12043 -+
12044 -+ if (*curr != NULL)
12045 -+ return 1;
12046 -+
12047 -+ nentry = acl_alloc(sizeof (struct name_entry));
12048 -+ if (nentry == NULL)
12049 -+ return 0;
12050 -+ ientry = acl_alloc(sizeof (struct inodev_entry));
12051 -+ if (ientry == NULL)
12052 -+ return 0;
12053 -+ ientry->nentry = nentry;
12054 -+
12055 -+ nentry->key = key;
12056 -+ nentry->name = name;
12057 -+ nentry->inode = inode;
12058 -+ nentry->device = device;
12059 -+ nentry->len = len;
12060 -+ nentry->deleted = deleted;
12061 -+
12062 -+ nentry->prev = NULL;
12063 -+ curr = &name_set.n_hash[index];
12064 -+ if (*curr != NULL)
12065 -+ (*curr)->prev = nentry;
12066 -+ nentry->next = *curr;
12067 -+ *curr = nentry;
12068 -+
12069 -+ /* insert us into the table searchable by inode/dev */
12070 -+ insert_inodev_entry(ientry);
12071 -+
12072 -+ return 1;
12073 ++ __insert_inodev_entry(&running_polstate, entry);
12074 +}
12075 +
12076 -+static void
12077 ++void
12078 +insert_acl_obj_label(struct acl_object_label *obj,
12079 + struct acl_subject_label *subj)
12080 +{
12081 @@ -62167,7 +62055,6 @@ index 0000000..35b85f2
12082 + gr_fhash(obj->inode, obj->device, subj->obj_hash_size);
12083 + struct acl_object_label **curr;
12084 +
12085 -+
12086 + obj->prev = NULL;
12087 +
12088 + curr = &subj->obj_hash[index];
12089 @@ -62180,7 +62067,7 @@ index 0000000..35b85f2
12090 + return;
12091 +}
12092 +
12093 -+static void
12094 ++void
12095 +insert_acl_subj_label(struct acl_subject_label *obj,
12096 + struct acl_role_label *role)
12097 +{
12098 @@ -62199,5352 +62086,5935 @@ index 0000000..35b85f2
12099 + return;
12100 +}
12101 +
12102 -+/* allocating chained hash tables, so optimal size is where lambda ~ 1 */
12103 ++/* derived from glibc fnmatch() 0: match, 1: no match*/
12104 +
12105 -+static void *
12106 -+create_table(__u32 * len, int elementsize)
12107 ++static int
12108 ++glob_match(const char *p, const char *n)
12109 +{
12110 -+ unsigned int table_sizes[] = {
12111 -+ 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
12112 -+ 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
12113 -+ 4194301, 8388593, 16777213, 33554393, 67108859
12114 -+ };
12115 -+ void *newtable = NULL;
12116 -+ unsigned int pwr = 0;
12117 ++ char c;
12118 +
12119 -+ while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
12120 -+ table_sizes[pwr] <= *len)
12121 -+ pwr++;
12122 ++ while ((c = *p++) != '\0') {
12123 ++ switch (c) {
12124 ++ case '?':
12125 ++ if (*n == '\0')
12126 ++ return 1;
12127 ++ else if (*n == '/')
12128 ++ return 1;
12129 ++ break;
12130 ++ case '\\':
12131 ++ if (*n != c)
12132 ++ return 1;
12133 ++ break;
12134 ++ case '*':
12135 ++ for (c = *p++; c == '?' || c == '*'; c = *p++) {
12136 ++ if (*n == '/')
12137 ++ return 1;
12138 ++ else if (c == '?') {
12139 ++ if (*n == '\0')
12140 ++ return 1;
12141 ++ else
12142 ++ ++n;
12143 ++ }
12144 ++ }
12145 ++ if (c == '\0') {
12146 ++ return 0;
12147 ++ } else {
12148 ++ const char *endp;
12149 +
12150 -+ if (table_sizes[pwr] <= *len || (table_sizes[pwr] > ULONG_MAX / elementsize))
12151 -+ return newtable;
12152 ++ if ((endp = strchr(n, '/')) == NULL)
12153 ++ endp = n + strlen(n);
12154 +
12155 -+ if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE)
12156 -+ newtable =
12157 -+ kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL);
12158 -+ else
12159 -+ newtable = vmalloc(table_sizes[pwr] * elementsize);
12160 ++ if (c == '[') {
12161 ++ for (--p; n < endp; ++n)
12162 ++ if (!glob_match(p, n))
12163 ++ return 0;
12164 ++ } else if (c == '/') {
12165 ++ while (*n != '\0' && *n != '/')
12166 ++ ++n;
12167 ++ if (*n == '/' && !glob_match(p, n + 1))
12168 ++ return 0;
12169 ++ } else {
12170 ++ for (--p; n < endp; ++n)
12171 ++ if (*n == c && !glob_match(p, n))
12172 ++ return 0;
12173 ++ }
12174 +
12175 -+ *len = table_sizes[pwr];
12176 ++ return 1;
12177 ++ }
12178 ++ case '[':
12179 ++ {
12180 ++ int not;
12181 ++ char cold;
12182 +
12183 -+ return newtable;
12184 -+}
12185 ++ if (*n == '\0' || *n == '/')
12186 ++ return 1;
12187 +
12188 -+static int
12189 -+init_variables(const struct gr_arg *arg)
12190 -+{
12191 -+ struct task_struct *reaper = &init_task;
12192 -+ unsigned int stacksize;
12193 ++ not = (*p == '!' || *p == '^');
12194 ++ if (not)
12195 ++ ++p;
12196 +
12197 -+ subj_map_set.s_size = arg->role_db.num_subjects;
12198 -+ acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children;
12199 -+ name_set.n_size = arg->role_db.num_objects;
12200 -+ inodev_set.i_size = arg->role_db.num_objects;
12201 ++ c = *p++;
12202 ++ for (;;) {
12203 ++ unsigned char fn = (unsigned char)*n;
12204 +
12205 -+ if (!subj_map_set.s_size || !acl_role_set.r_size ||
12206 -+ !name_set.n_size || !inodev_set.i_size)
12207 -+ return 1;
12208 ++ if (c == '\0')
12209 ++ return 1;
12210 ++ else {
12211 ++ if (c == fn)
12212 ++ goto matched;
12213 ++ cold = c;
12214 ++ c = *p++;
12215 +
12216 -+ if (!gr_init_uidset())
12217 -+ return 1;
12218 ++ if (c == '-' && *p != ']') {
12219 ++ unsigned char cend = *p++;
12220 +
12221 -+ /* set up the stack that holds allocation info */
12222 ++ if (cend == '\0')
12223 ++ return 1;
12224 +
12225 -+ stacksize = arg->role_db.num_pointers + 5;
12226 ++ if (cold <= fn && fn <= cend)
12227 ++ goto matched;
12228 +
12229 -+ if (!acl_alloc_stack_init(stacksize))
12230 -+ return 1;
12231 ++ c = *p++;
12232 ++ }
12233 ++ }
12234 +
12235 -+ /* grab reference for the real root dentry and vfsmount */
12236 -+ get_fs_root(reaper->fs, &real_root);
12237 -+
12238 -+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
12239 -+ printk(KERN_ALERT "Obtained real root device=%d, inode=%lu\n", __get_dev(real_root.dentry), real_root.dentry->d_inode->i_ino);
12240 -+#endif
12241 ++ if (c == ']')
12242 ++ break;
12243 ++ }
12244 ++ if (!not)
12245 ++ return 1;
12246 ++ break;
12247 ++ matched:
12248 ++ while (c != ']') {
12249 ++ if (c == '\0')
12250 ++ return 1;
12251 +
12252 -+ fakefs_obj_rw = acl_alloc(sizeof(struct acl_object_label));
12253 -+ if (fakefs_obj_rw == NULL)
12254 -+ return 1;
12255 -+ fakefs_obj_rw->mode = GR_FIND | GR_READ | GR_WRITE;
12256 ++ c = *p++;
12257 ++ }
12258 ++ if (not)
12259 ++ return 1;
12260 ++ }
12261 ++ break;
12262 ++ default:
12263 ++ if (c != *n)
12264 ++ return 1;
12265 ++ }
12266 +
12267 -+ fakefs_obj_rwx = acl_alloc(sizeof(struct acl_object_label));
12268 -+ if (fakefs_obj_rwx == NULL)
12269 -+ return 1;
12270 -+ fakefs_obj_rwx->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC;
12271 -+
12272 -+ subj_map_set.s_hash =
12273 -+ (struct subject_map **) create_table(&subj_map_set.s_size, sizeof(void *));
12274 -+ acl_role_set.r_hash =
12275 -+ (struct acl_role_label **) create_table(&acl_role_set.r_size, sizeof(void *));
12276 -+ name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size, sizeof(void *));
12277 -+ inodev_set.i_hash =
12278 -+ (struct inodev_entry **) create_table(&inodev_set.i_size, sizeof(void *));
12279 -+
12280 -+ if (!subj_map_set.s_hash || !acl_role_set.r_hash ||
12281 -+ !name_set.n_hash || !inodev_set.i_hash)
12282 -+ return 1;
12283 ++ ++n;
12284 ++ }
12285 +
12286 -+ memset(subj_map_set.s_hash, 0,
12287 -+ sizeof(struct subject_map *) * subj_map_set.s_size);
12288 -+ memset(acl_role_set.r_hash, 0,
12289 -+ sizeof (struct acl_role_label *) * acl_role_set.r_size);
12290 -+ memset(name_set.n_hash, 0,
12291 -+ sizeof (struct name_entry *) * name_set.n_size);
12292 -+ memset(inodev_set.i_hash, 0,
12293 -+ sizeof (struct inodev_entry *) * inodev_set.i_size);
12294 ++ if (*n == '\0')
12295 ++ return 0;
12296 +
12297 -+ return 0;
12298 -+}
12299 ++ if (*n == '/')
12300 ++ return 0;
12301 +
12302 -+/* free information not needed after startup
12303 -+ currently contains user->kernel pointer mappings for subjects
12304 -+*/
12305 ++ return 1;
12306 ++}
12307 +
12308 -+static void
12309 -+free_init_variables(void)
12310 ++static struct acl_object_label *
12311 ++chk_glob_label(struct acl_object_label *globbed,
12312 ++ const struct dentry *dentry, const struct vfsmount *mnt, char **path)
12313 +{
12314 -+ __u32 i;
12315 ++ struct acl_object_label *tmp;
12316 +
12317 -+ if (subj_map_set.s_hash) {
12318 -+ for (i = 0; i < subj_map_set.s_size; i++) {
12319 -+ if (subj_map_set.s_hash[i]) {
12320 -+ kfree(subj_map_set.s_hash[i]);
12321 -+ subj_map_set.s_hash[i] = NULL;
12322 -+ }
12323 -+ }
12324 ++ if (*path == NULL)
12325 ++ *path = gr_to_filename_nolock(dentry, mnt);
12326 +
12327 -+ if ((subj_map_set.s_size * sizeof (struct subject_map *)) <=
12328 -+ PAGE_SIZE)
12329 -+ kfree(subj_map_set.s_hash);
12330 -+ else
12331 -+ vfree(subj_map_set.s_hash);
12332 ++ tmp = globbed;
12333 ++
12334 ++ while (tmp) {
12335 ++ if (!glob_match(tmp->filename, *path))
12336 ++ return tmp;
12337 ++ tmp = tmp->next;
12338 + }
12339 +
12340 -+ return;
12341 ++ return NULL;
12342 +}
12343 +
12344 -+static void
12345 -+free_variables(void)
12346 ++static struct acl_object_label *
12347 ++__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
12348 ++ const ino_t curr_ino, const dev_t curr_dev,
12349 ++ const struct acl_subject_label *subj, char **path, const int checkglob)
12350 +{
12351 -+ struct acl_subject_label *s;
12352 -+ struct acl_role_label *r;
12353 -+ struct task_struct *task, *task2;
12354 -+ unsigned int x;
12355 ++ struct acl_subject_label *tmpsubj;
12356 ++ struct acl_object_label *retval;
12357 ++ struct acl_object_label *retval2;
12358 ++
12359 ++ tmpsubj = (struct acl_subject_label *) subj;
12360 ++ read_lock(&gr_inode_lock);
12361 ++ do {
12362 ++ retval = lookup_acl_obj_label(curr_ino, curr_dev, tmpsubj);
12363 ++ if (retval) {
12364 ++ if (checkglob && retval->globbed) {
12365 ++ retval2 = chk_glob_label(retval->globbed, orig_dentry, orig_mnt, path);
12366 ++ if (retval2)
12367 ++ retval = retval2;
12368 ++ }
12369 ++ break;
12370 ++ }
12371 ++ } while ((tmpsubj = tmpsubj->parent_subject));
12372 ++ read_unlock(&gr_inode_lock);
12373 +
12374 -+ gr_clear_learn_entries();
12375 ++ return retval;
12376 ++}
12377 +
12378 -+ read_lock(&tasklist_lock);
12379 -+ do_each_thread(task2, task) {
12380 -+ task->acl_sp_role = 0;
12381 -+ task->acl_role_id = 0;
12382 -+ task->acl = NULL;
12383 -+ task->role = NULL;
12384 -+ } while_each_thread(task2, task);
12385 -+ read_unlock(&tasklist_lock);
12386 ++static __inline__ struct acl_object_label *
12387 ++full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
12388 ++ struct dentry *curr_dentry,
12389 ++ const struct acl_subject_label *subj, char **path, const int checkglob)
12390 ++{
12391 ++ int newglob = checkglob;
12392 ++ ino_t inode;
12393 ++ dev_t device;
12394 +
12395 -+ /* release the reference to the real root dentry and vfsmount */
12396 -+ path_put(&real_root);
12397 -+ memset(&real_root, 0, sizeof(real_root));
12398 ++ /* if we aren't checking a subdirectory of the original path yet, don't do glob checking
12399 ++ as we don't want a / * rule to match instead of the / object
12400 ++ don't do this for create lookups that call this function though, since they're looking up
12401 ++ on the parent and thus need globbing checks on all paths
12402 ++ */
12403 ++ if (orig_dentry == curr_dentry && newglob != GR_CREATE_GLOB)
12404 ++ newglob = GR_NO_GLOB;
12405 +
12406 -+ /* free all object hash tables */
12407 ++ spin_lock(&curr_dentry->d_lock);
12408 ++ inode = curr_dentry->d_inode->i_ino;
12409 ++ device = __get_dev(curr_dentry);
12410 ++ spin_unlock(&curr_dentry->d_lock);
12411 +
12412 -+ FOR_EACH_ROLE_START(r)
12413 -+ if (r->subj_hash == NULL)
12414 -+ goto next_role;
12415 -+ FOR_EACH_SUBJECT_START(r, s, x)
12416 -+ if (s->obj_hash == NULL)
12417 -+ break;
12418 -+ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
12419 -+ kfree(s->obj_hash);
12420 -+ else
12421 -+ vfree(s->obj_hash);
12422 -+ FOR_EACH_SUBJECT_END(s, x)
12423 -+ FOR_EACH_NESTED_SUBJECT_START(r, s)
12424 -+ if (s->obj_hash == NULL)
12425 -+ break;
12426 -+ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
12427 -+ kfree(s->obj_hash);
12428 -+ else
12429 -+ vfree(s->obj_hash);
12430 -+ FOR_EACH_NESTED_SUBJECT_END(s)
12431 -+ if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
12432 -+ kfree(r->subj_hash);
12433 -+ else
12434 -+ vfree(r->subj_hash);
12435 -+ r->subj_hash = NULL;
12436 -+next_role:
12437 -+ FOR_EACH_ROLE_END(r)
12438 ++ return __full_lookup(orig_dentry, orig_mnt, inode, device, subj, path, newglob);
12439 ++}
12440 +
12441 -+ acl_free_all();
12442 ++static struct acl_object_label *
12443 ++__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
12444 ++ const struct acl_subject_label *subj, char *path, const int checkglob)
12445 ++{
12446 ++ struct dentry *dentry = (struct dentry *) l_dentry;
12447 ++ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
12448 ++ struct acl_object_label *retval;
12449 ++ struct dentry *parent;
12450 +
12451 -+ if (acl_role_set.r_hash) {
12452 -+ if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
12453 -+ PAGE_SIZE)
12454 -+ kfree(acl_role_set.r_hash);
12455 -+ else
12456 -+ vfree(acl_role_set.r_hash);
12457 -+ }
12458 -+ if (name_set.n_hash) {
12459 -+ if ((name_set.n_size * sizeof (struct name_entry *)) <=
12460 -+ PAGE_SIZE)
12461 -+ kfree(name_set.n_hash);
12462 -+ else
12463 -+ vfree(name_set.n_hash);
12464 -+ }
12465 ++ br_read_lock(vfsmount_lock);
12466 ++ write_seqlock(&rename_lock);
12467 +
12468 -+ if (inodev_set.i_hash) {
12469 -+ if ((inodev_set.i_size * sizeof (struct inodev_entry *)) <=
12470 -+ PAGE_SIZE)
12471 -+ kfree(inodev_set.i_hash);
12472 -+ else
12473 -+ vfree(inodev_set.i_hash);
12474 ++ if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt ||
12475 ++#ifdef CONFIG_NET
12476 ++ mnt == sock_mnt ||
12477 ++#endif
12478 ++#ifdef CONFIG_HUGETLBFS
12479 ++ (mnt == hugetlbfs_vfsmount && dentry->d_inode->i_nlink == 0) ||
12480 ++#endif
12481 ++ /* ignore Eric Biederman */
12482 ++ IS_PRIVATE(l_dentry->d_inode))) {
12483 ++ retval = (subj->mode & GR_SHMEXEC) ? fakefs_obj_rwx : fakefs_obj_rw;
12484 ++ goto out;
12485 + }
12486 +
12487 -+ gr_free_uidset();
12488 -+
12489 -+ memset(&name_set, 0, sizeof (struct name_db));
12490 -+ memset(&inodev_set, 0, sizeof (struct inodev_db));
12491 -+ memset(&acl_role_set, 0, sizeof (struct acl_role_db));
12492 -+ memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db));
12493 ++ for (;;) {
12494 ++ if (dentry == gr_real_root.dentry && mnt == gr_real_root.mnt)
12495 ++ break;
12496 +
12497 -+ default_role = NULL;
12498 -+ kernel_role = NULL;
12499 -+ role_list = NULL;
12500 ++ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
12501 ++ if (mnt->mnt_parent == mnt)
12502 ++ break;
12503 +
12504 -+ return;
12505 -+}
12506 ++ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
12507 ++ if (retval != NULL)
12508 ++ goto out;
12509 +
12510 -+static struct acl_subject_label *
12511 -+do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied);
12512 ++ dentry = mnt->mnt_mountpoint;
12513 ++ mnt = mnt->mnt_parent;
12514 ++ continue;
12515 ++ }
12516 +
12517 -+static int alloc_and_copy_string(char **name, unsigned int maxlen)
12518 -+{
12519 -+ unsigned int len = strnlen_user(*name, maxlen);
12520 -+ char *tmp;
12521 ++ parent = dentry->d_parent;
12522 ++ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
12523 ++ if (retval != NULL)
12524 ++ goto out;
12525 +
12526 -+ if (!len || len >= maxlen)
12527 -+ return -EINVAL;
12528 ++ dentry = parent;
12529 ++ }
12530 +
12531 -+ if ((tmp = (char *) acl_alloc(len)) == NULL)
12532 -+ return -ENOMEM;
12533 ++ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
12534 +
12535 -+ if (copy_from_user(tmp, *name, len))
12536 -+ return -EFAULT;
12537 ++ /* gr_real_root is pinned so we don't have to hold a reference */
12538 ++ if (retval == NULL)
12539 ++ retval = full_lookup(l_dentry, l_mnt, gr_real_root.dentry, subj, &path, checkglob);
12540 ++out:
12541 ++ write_sequnlock(&rename_lock);
12542 ++ br_read_unlock(vfsmount_lock);
12543 +
12544 -+ tmp[len-1] = '\0';
12545 -+ *name = tmp;
12546 ++ BUG_ON(retval == NULL);
12547 +
12548 -+ return 0;
12549 ++ return retval;
12550 +}
12551 +
12552 -+static int
12553 -+copy_user_glob(struct acl_object_label *obj)
12554 ++static __inline__ struct acl_object_label *
12555 ++chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
12556 ++ const struct acl_subject_label *subj)
12557 +{
12558 -+ struct acl_object_label *g_tmp, **guser;
12559 -+ int error;
12560 -+
12561 -+ if (obj->globbed == NULL)
12562 -+ return 0;
12563 -+
12564 -+ guser = &obj->globbed;
12565 -+ while (*guser) {
12566 -+ g_tmp = (struct acl_object_label *)
12567 -+ acl_alloc(sizeof (struct acl_object_label));
12568 -+ if (g_tmp == NULL)
12569 -+ return -ENOMEM;
12570 -+
12571 -+ if (copy_acl_object_label(g_tmp, *guser))
12572 -+ return -EFAULT;
12573 -+
12574 -+ error = alloc_and_copy_string(&g_tmp->filename, PATH_MAX);
12575 -+ if (error)
12576 -+ return error;
12577 ++ char *path = NULL;
12578 ++ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_REG_GLOB);
12579 ++}
12580 +
12581 -+ *guser = g_tmp;
12582 -+ guser = &(g_tmp->next);
12583 -+ }
12584 ++static __inline__ struct acl_object_label *
12585 ++chk_obj_label_noglob(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
12586 ++ const struct acl_subject_label *subj)
12587 ++{
12588 ++ char *path = NULL;
12589 ++ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_NO_GLOB);
12590 ++}
12591 +
12592 -+ return 0;
12593 ++static __inline__ struct acl_object_label *
12594 ++chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
12595 ++ const struct acl_subject_label *subj, char *path)
12596 ++{
12597 ++ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_CREATE_GLOB);
12598 +}
12599 +
12600 -+static int
12601 -+copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
12602 -+ struct acl_role_label *role)
12603 ++struct acl_subject_label *
12604 ++chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
12605 ++ const struct acl_role_label *role)
12606 +{
12607 -+ struct acl_object_label *o_tmp;
12608 -+ int ret;
12609 ++ struct dentry *dentry = (struct dentry *) l_dentry;
12610 ++ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
12611 ++ struct acl_subject_label *retval;
12612 ++ struct dentry *parent;
12613 +
12614 -+ while (userp) {
12615 -+ if ((o_tmp = (struct acl_object_label *)
12616 -+ acl_alloc(sizeof (struct acl_object_label))) == NULL)
12617 -+ return -ENOMEM;
12618 ++ br_read_lock(vfsmount_lock);
12619 ++ write_seqlock(&rename_lock);
12620 +
12621 -+ if (copy_acl_object_label(o_tmp, userp))
12622 -+ return -EFAULT;
12623 ++ for (;;) {
12624 ++ if (dentry == gr_real_root.dentry && mnt == gr_real_root.mnt)
12625 ++ break;
12626 ++ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
12627 ++ if (mnt->mnt_parent == mnt)
12628 ++ break;
12629 +
12630 -+ userp = o_tmp->prev;
12631 ++ spin_lock(&dentry->d_lock);
12632 ++ read_lock(&gr_inode_lock);
12633 ++ retval =
12634 ++ lookup_acl_subj_label(dentry->d_inode->i_ino,
12635 ++ __get_dev(dentry), role);
12636 ++ read_unlock(&gr_inode_lock);
12637 ++ spin_unlock(&dentry->d_lock);
12638 ++ if (retval != NULL)
12639 ++ goto out;
12640 +
12641 -+ ret = alloc_and_copy_string(&o_tmp->filename, PATH_MAX);
12642 -+ if (ret)
12643 -+ return ret;
12644 ++ dentry = mnt->mnt_mountpoint;
12645 ++ mnt = mnt->mnt_parent;
12646 ++ continue;
12647 ++ }
12648 +
12649 -+ insert_acl_obj_label(o_tmp, subj);
12650 -+ if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
12651 -+ o_tmp->device, (o_tmp->mode & GR_DELETED) ? 1 : 0))
12652 -+ return -ENOMEM;
12653 ++ spin_lock(&dentry->d_lock);
12654 ++ read_lock(&gr_inode_lock);
12655 ++ retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
12656 ++ __get_dev(dentry), role);
12657 ++ read_unlock(&gr_inode_lock);
12658 ++ parent = dentry->d_parent;
12659 ++ spin_unlock(&dentry->d_lock);
12660 +
12661 -+ ret = copy_user_glob(o_tmp);
12662 -+ if (ret)
12663 -+ return ret;
12664 ++ if (retval != NULL)
12665 ++ goto out;
12666 +
12667 -+ if (o_tmp->nested) {
12668 -+ int already_copied;
12669 ++ dentry = parent;
12670 ++ }
12671 +
12672 -+ o_tmp->nested = do_copy_user_subj(o_tmp->nested, role, &already_copied);
12673 -+ if (IS_ERR(o_tmp->nested))
12674 -+ return PTR_ERR(o_tmp->nested);
12675 ++ spin_lock(&dentry->d_lock);
12676 ++ read_lock(&gr_inode_lock);
12677 ++ retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
12678 ++ __get_dev(dentry), role);
12679 ++ read_unlock(&gr_inode_lock);
12680 ++ spin_unlock(&dentry->d_lock);
12681 +
12682 -+ /* insert into nested subject list if we haven't copied this one yet
12683 -+ to prevent duplicate entries */
12684 -+ if (!already_copied) {
12685 -+ o_tmp->nested->next = role->hash->first;
12686 -+ role->hash->first = o_tmp->nested;
12687 -+ }
12688 -+ }
12689 ++ if (unlikely(retval == NULL)) {
12690 ++ /* gr_real_root is pinned, we don't need to hold a reference */
12691 ++ read_lock(&gr_inode_lock);
12692 ++ retval = lookup_acl_subj_label(gr_real_root.dentry->d_inode->i_ino,
12693 ++ __get_dev(gr_real_root.dentry), role);
12694 ++ read_unlock(&gr_inode_lock);
12695 + }
12696 ++out:
12697 ++ write_sequnlock(&rename_lock);
12698 ++ br_read_unlock(vfsmount_lock);
12699 +
12700 -+ return 0;
12701 ++ BUG_ON(retval == NULL);
12702 ++
12703 ++ return retval;
12704 +}
12705 +
12706 -+static __u32
12707 -+count_user_subjs(struct acl_subject_label *userp)
12708 ++void
12709 ++assign_special_role(const char *rolename)
12710 +{
12711 -+ struct acl_subject_label s_tmp;
12712 -+ __u32 num = 0;
12713 ++ struct acl_object_label *obj;
12714 ++ struct acl_role_label *r;
12715 ++ struct acl_role_label *assigned = NULL;
12716 ++ struct task_struct *tsk;
12717 ++ struct file *filp;
12718 +
12719 -+ while (userp) {
12720 -+ if (copy_acl_subject_label(&s_tmp, userp))
12721 ++ FOR_EACH_ROLE_START(r)
12722 ++ if (!strcmp(rolename, r->rolename) &&
12723 ++ (r->roletype & GR_ROLE_SPECIAL)) {
12724 ++ assigned = r;
12725 + break;
12726 ++ }
12727 ++ FOR_EACH_ROLE_END(r)
12728 +
12729 -+ userp = s_tmp.prev;
12730 -+ }
12731 -+
12732 -+ return num;
12733 -+}
12734 -+
12735 -+static int
12736 -+copy_user_allowedips(struct acl_role_label *rolep)
12737 -+{
12738 -+ struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast;
12739 ++ if (!assigned)
12740 ++ return;
12741 +
12742 -+ ruserip = rolep->allowed_ips;
12743 ++ read_lock(&tasklist_lock);
12744 ++ read_lock(&grsec_exec_file_lock);
12745 +
12746 -+ while (ruserip) {
12747 -+ rlast = rtmp;
12748 ++ tsk = current->real_parent;
12749 ++ if (tsk == NULL)
12750 ++ goto out_unlock;
12751 +
12752 -+ if ((rtmp = (struct role_allowed_ip *)
12753 -+ acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
12754 -+ return -ENOMEM;
12755 ++ filp = tsk->exec_file;
12756 ++ if (filp == NULL)
12757 ++ goto out_unlock;
12758 +
12759 -+ if (copy_role_allowed_ip(rtmp, ruserip))
12760 -+ return -EFAULT;
12761 ++ tsk->is_writable = 0;
12762 ++ tsk->inherited = 0;
12763 +
12764 -+ ruserip = rtmp->prev;
12765 ++ tsk->acl_sp_role = 1;
12766 ++ tsk->acl_role_id = ++acl_sp_role_value;
12767 ++ tsk->role = assigned;
12768 ++ tsk->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role);
12769 +
12770 -+ if (!rlast) {
12771 -+ rtmp->prev = NULL;
12772 -+ rolep->allowed_ips = rtmp;
12773 -+ } else {
12774 -+ rlast->next = rtmp;
12775 -+ rtmp->prev = rlast;
12776 -+ }
12777 ++ /* ignore additional mmap checks for processes that are writable
12778 ++ by the default ACL */
12779 ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, running_polstate.default_role->root_label);
12780 ++ if (unlikely(obj->mode & GR_WRITE))
12781 ++ tsk->is_writable = 1;
12782 ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role->root_label);
12783 ++ if (unlikely(obj->mode & GR_WRITE))
12784 ++ tsk->is_writable = 1;
12785 +
12786 -+ if (!ruserip)
12787 -+ rtmp->next = NULL;
12788 -+ }
12789 ++#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
12790 ++ printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename,
12791 ++ tsk->acl->filename, tsk->comm, task_pid_nr(tsk));
12792 ++#endif
12793 +
12794 -+ return 0;
12795 ++out_unlock:
12796 ++ read_unlock(&grsec_exec_file_lock);
12797 ++ read_unlock(&tasklist_lock);
12798 ++ return;
12799 +}
12800 +
12801 -+static int
12802 -+copy_user_transitions(struct acl_role_label *rolep)
12803 -+{
12804 -+ struct role_transition *rusertp, *rtmp = NULL, *rlast;
12805 -+ int error;
12806 +
12807 -+ rusertp = rolep->transitions;
12808 ++static void
12809 ++gr_log_learn(const struct dentry *dentry, const struct vfsmount *mnt, const __u32 mode)
12810 ++{
12811 ++ struct task_struct *task = current;
12812 ++ const struct cred *cred = current_cred();
12813 +
12814 -+ while (rusertp) {
12815 -+ rlast = rtmp;
12816 ++ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
12817 ++ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
12818 ++ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
12819 ++ 1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, &task->signal->saved_ip);
12820 +
12821 -+ if ((rtmp = (struct role_transition *)
12822 -+ acl_alloc(sizeof (struct role_transition))) == NULL)
12823 -+ return -ENOMEM;
12824 ++ return;
12825 ++}
12826 +
12827 -+ if (copy_role_transition(rtmp, rusertp))
12828 -+ return -EFAULT;
12829 ++static void
12830 ++gr_log_learn_sysctl(const char *path, const __u32 mode)
12831 ++{
12832 ++ struct task_struct *task = current;
12833 ++ const struct cred *cred = current_cred();
12834 +
12835 -+ rusertp = rtmp->prev;
12836 ++ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
12837 ++ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
12838 ++ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
12839 ++ 1UL, 1UL, path, (unsigned long) mode, &task->signal->saved_ip);
12840 +
12841 -+ error = alloc_and_copy_string(&rtmp->rolename, GR_SPROLE_LEN);
12842 -+ if (error)
12843 -+ return error;
12844 ++ return;
12845 ++}
12846 +
12847 -+ if (!rlast) {
12848 -+ rtmp->prev = NULL;
12849 -+ rolep->transitions = rtmp;
12850 -+ } else {
12851 -+ rlast->next = rtmp;
12852 -+ rtmp->prev = rlast;
12853 -+ }
12854 ++static void
12855 ++gr_log_learn_id_change(const char type, const unsigned int real,
12856 ++ const unsigned int effective, const unsigned int fs)
12857 ++{
12858 ++ struct task_struct *task = current;
12859 ++ const struct cred *cred = current_cred();
12860 +
12861 -+ if (!rusertp)
12862 -+ rtmp->next = NULL;
12863 -+ }
12864 ++ security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
12865 ++ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
12866 ++ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
12867 ++ type, real, effective, fs, &task->signal->saved_ip);
12868 +
12869 -+ return 0;
12870 ++ return;
12871 +}
12872 +
12873 -+static __u32 count_user_objs(const struct acl_object_label __user *userp)
12874 ++static void
12875 ++gr_set_proc_res(struct task_struct *task)
12876 +{
12877 -+ struct acl_object_label o_tmp;
12878 -+ __u32 num = 0;
12879 ++ struct acl_subject_label *proc;
12880 ++ unsigned short i;
12881 +
12882 -+ while (userp) {
12883 -+ if (copy_acl_object_label(&o_tmp, userp))
12884 -+ break;
12885 ++ proc = task->acl;
12886 +
12887 -+ userp = o_tmp.prev;
12888 -+ num++;
12889 -+ }
12890 ++ if (proc->mode & (GR_LEARN | GR_INHERITLEARN))
12891 ++ return;
12892 +
12893 -+ return num;
12894 -+}
12895 ++ for (i = 0; i < RLIM_NLIMITS; i++) {
12896 ++ if (!(proc->resmask & (1U << i)))
12897 ++ continue;
12898 +
12899 -+static struct acl_subject_label *
12900 -+do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied)
12901 -+{
12902 -+ struct acl_subject_label *s_tmp = NULL, *s_tmp2;
12903 -+ __u32 num_objs;
12904 -+ struct acl_ip_label **i_tmp, *i_utmp2;
12905 -+ struct gr_hash_struct ghash;
12906 -+ struct subject_map *subjmap;
12907 -+ unsigned int i_num;
12908 -+ int err;
12909 ++ task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur;
12910 ++ task->signal->rlim[i].rlim_max = proc->res[i].rlim_max;
12911 +
12912 -+ if (already_copied != NULL)
12913 -+ *already_copied = 0;
12914 ++ if (i == RLIMIT_CPU)
12915 ++ update_rlimit_cpu(task, proc->res[i].rlim_cur);
12916 ++ }
12917 +
12918 -+ s_tmp = lookup_subject_map(userp);
12919 ++ return;
12920 ++}
12921 +
12922 -+ /* we've already copied this subject into the kernel, just return
12923 -+ the reference to it, and don't copy it over again
12924 -+ */
12925 -+ if (s_tmp) {
12926 -+ if (already_copied != NULL)
12927 -+ *already_copied = 1;
12928 -+ return(s_tmp);
12929 -+ }
12930 ++/* both of the below must be called with
12931 ++ rcu_read_lock();
12932 ++ read_lock(&tasklist_lock);
12933 ++ read_lock(&grsec_exec_file_lock);
12934 ++*/
12935 +
12936 -+ if ((s_tmp = (struct acl_subject_label *)
12937 -+ acl_alloc(sizeof (struct acl_subject_label))) == NULL)
12938 -+ return ERR_PTR(-ENOMEM);
12939 ++void __gr_apply_subject_to_task(const struct gr_policy_state *state, struct task_struct *task, struct acl_subject_label *subj)
12940 ++{
12941 ++ struct acl_object_label *obj;
12942 ++ struct file *filp;
12943 +
12944 -+ subjmap = (struct subject_map *)kmalloc(sizeof (struct subject_map), GFP_KERNEL);
12945 -+ if (subjmap == NULL)
12946 -+ return ERR_PTR(-ENOMEM);
12947 ++ filp = task->exec_file;
12948 +
12949 -+ subjmap->user = userp;
12950 -+ subjmap->kernel = s_tmp;
12951 -+ insert_subj_map_entry(subjmap);
12952 ++ task->acl = subj;
12953 ++ task->is_writable = 0;
12954 ++ /* ignore additional mmap checks for processes that are writable
12955 ++ by the default ACL */
12956 ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, state->default_role->root_label);
12957 ++ if (unlikely(obj->mode & GR_WRITE))
12958 ++ task->is_writable = 1;
12959 ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
12960 ++ if (unlikely(obj->mode & GR_WRITE))
12961 ++ task->is_writable = 1;
12962 +
12963 -+ if (copy_acl_subject_label(s_tmp, userp))
12964 -+ return ERR_PTR(-EFAULT);
12965 ++ gr_set_proc_res(task);
12966 +
12967 -+ err = alloc_and_copy_string(&s_tmp->filename, PATH_MAX);
12968 -+ if (err)
12969 -+ return ERR_PTR(err);
12970 ++#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
12971 ++ printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename);
12972 ++#endif
12973 ++}
12974 +
12975 -+ if (!strcmp(s_tmp->filename, "/"))
12976 -+ role->root_label = s_tmp;
12977 ++static void gr_apply_subject_to_task(struct task_struct *task, struct acl_subject_label *subj)
12978 ++{
12979 ++ __gr_apply_subject_to_task(&running_polstate, task, subj);
12980 ++}
12981 +
12982 -+ if (copy_gr_hash_struct(&ghash, s_tmp->hash))
12983 -+ return ERR_PTR(-EFAULT);
12984 ++__u32
12985 ++gr_search_file(const struct dentry * dentry, const __u32 mode,
12986 ++ const struct vfsmount * mnt)
12987 ++{
12988 ++ __u32 retval = mode;
12989 ++ struct acl_subject_label *curracl;
12990 ++ struct acl_object_label *currobj;
12991 +
12992 -+ /* copy user and group transition tables */
12993 ++ if (unlikely(!(gr_status & GR_READY)))
12994 ++ return (mode & ~GR_AUDITS);
12995 +
12996 -+ if (s_tmp->user_trans_num) {
12997 -+ uid_t *uidlist;
12998 ++ curracl = current->acl;
12999 +
13000 -+ uidlist = (uid_t *)acl_alloc_num(s_tmp->user_trans_num, sizeof(uid_t));
13001 -+ if (uidlist == NULL)
13002 -+ return ERR_PTR(-ENOMEM);
13003 -+ if (copy_from_user(uidlist, s_tmp->user_transitions, s_tmp->user_trans_num * sizeof(uid_t)))
13004 -+ return ERR_PTR(-EFAULT);
13005 ++ currobj = chk_obj_label(dentry, mnt, curracl);
13006 ++ retval = currobj->mode & mode;
13007 +
13008 -+ s_tmp->user_transitions = uidlist;
13009 ++ /* if we're opening a specified transfer file for writing
13010 ++ (e.g. /dev/initctl), then transfer our role to init
13011 ++ */
13012 ++ if (unlikely(currobj->mode & GR_INIT_TRANSFER && retval & GR_WRITE &&
13013 ++ current->role->roletype & GR_ROLE_PERSIST)) {
13014 ++ struct task_struct *task = init_pid_ns.child_reaper;
13015 ++
13016 ++ if (task->role != current->role) {
13017 ++ task->acl_sp_role = 0;
13018 ++ task->acl_role_id = current->acl_role_id;
13019 ++ task->role = current->role;
13020 ++ rcu_read_lock();
13021 ++ read_lock(&grsec_exec_file_lock);
13022 ++ gr_apply_subject_to_task(task, NULL);
13023 ++ read_unlock(&grsec_exec_file_lock);
13024 ++ rcu_read_unlock();
13025 ++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_INIT_TRANSFER_MSG);
13026 ++ }
13027 + }
13028 +
13029 -+ if (s_tmp->group_trans_num) {
13030 -+ gid_t *gidlist;
13031 ++ if (unlikely
13032 ++ ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) && !(mode & GR_NOPTRACE)
13033 ++ && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) {
13034 ++ __u32 new_mode = mode;
13035 +
13036 -+ gidlist = (gid_t *)acl_alloc_num(s_tmp->group_trans_num, sizeof(gid_t));
13037 -+ if (gidlist == NULL)
13038 -+ return ERR_PTR(-ENOMEM);
13039 -+ if (copy_from_user(gidlist, s_tmp->group_transitions, s_tmp->group_trans_num * sizeof(gid_t)))
13040 -+ return ERR_PTR(-EFAULT);
13041 ++ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
13042 +
13043 -+ s_tmp->group_transitions = gidlist;
13044 -+ }
13045 ++ retval = new_mode;
13046 +
13047 -+ /* set up object hash table */
13048 -+ num_objs = count_user_objs(ghash.first);
13049 ++ if (new_mode & GR_EXEC && curracl->mode & GR_INHERITLEARN)
13050 ++ new_mode |= GR_INHERIT;
13051 +
13052 -+ s_tmp->obj_hash_size = num_objs;
13053 -+ s_tmp->obj_hash =
13054 -+ (struct acl_object_label **)
13055 -+ create_table(&(s_tmp->obj_hash_size), sizeof(void *));
13056 ++ if (!(mode & GR_NOLEARN))
13057 ++ gr_log_learn(dentry, mnt, new_mode);
13058 ++ }
13059 +
13060 -+ if (!s_tmp->obj_hash)
13061 -+ return ERR_PTR(-ENOMEM);
13062 ++ return retval;
13063 ++}
13064 +
13065 -+ memset(s_tmp->obj_hash, 0,
13066 -+ s_tmp->obj_hash_size *
13067 -+ sizeof (struct acl_object_label *));
13068 ++struct acl_object_label *gr_get_create_object(const struct dentry *new_dentry,
13069 ++ const struct dentry *parent,
13070 ++ const struct vfsmount *mnt)
13071 ++{
13072 ++ struct name_entry *match;
13073 ++ struct acl_object_label *matchpo;
13074 ++ struct acl_subject_label *curracl;
13075 ++ char *path;
13076 +
13077 -+ /* add in objects */
13078 -+ err = copy_user_objs(ghash.first, s_tmp, role);
13079 ++ if (unlikely(!(gr_status & GR_READY)))
13080 ++ return NULL;
13081 +
13082 -+ if (err)
13083 -+ return ERR_PTR(err);
13084 ++ preempt_disable();
13085 ++ path = gr_to_filename_rbac(new_dentry, mnt);
13086 ++ match = lookup_name_entry_create(path);
13087 +
13088 -+ /* set pointer for parent subject */
13089 -+ if (s_tmp->parent_subject) {
13090 -+ s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role, NULL);
13091 ++ curracl = current->acl;
13092 +
13093 -+ if (IS_ERR(s_tmp2))
13094 -+ return s_tmp2;
13095 ++ if (match) {
13096 ++ read_lock(&gr_inode_lock);
13097 ++ matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl);
13098 ++ read_unlock(&gr_inode_lock);
13099 +
13100 -+ s_tmp->parent_subject = s_tmp2;
13101 ++ if (matchpo) {
13102 ++ preempt_enable();
13103 ++ return matchpo;
13104 ++ }
13105 + }
13106 +
13107 -+ /* add in ip acls */
13108 ++ // lookup parent
13109 +
13110 -+ if (!s_tmp->ip_num) {
13111 -+ s_tmp->ips = NULL;
13112 -+ goto insert;
13113 -+ }
13114 ++ matchpo = chk_obj_create_label(parent, mnt, curracl, path);
13115 +
13116 -+ i_tmp =
13117 -+ (struct acl_ip_label **) acl_alloc_num(s_tmp->ip_num,
13118 -+ sizeof (struct acl_ip_label *));
13119 ++ preempt_enable();
13120 ++ return matchpo;
13121 ++}
13122 +
13123 -+ if (!i_tmp)
13124 -+ return ERR_PTR(-ENOMEM);
13125 ++__u32
13126 ++gr_check_create(const struct dentry * new_dentry, const struct dentry * parent,
13127 ++ const struct vfsmount * mnt, const __u32 mode)
13128 ++{
13129 ++ struct acl_object_label *matchpo;
13130 ++ __u32 retval;
13131 +
13132 -+ for (i_num = 0; i_num < s_tmp->ip_num; i_num++) {
13133 -+ *(i_tmp + i_num) =
13134 -+ (struct acl_ip_label *)
13135 -+ acl_alloc(sizeof (struct acl_ip_label));
13136 -+ if (!*(i_tmp + i_num))
13137 -+ return ERR_PTR(-ENOMEM);
13138 ++ if (unlikely(!(gr_status & GR_READY)))
13139 ++ return (mode & ~GR_AUDITS);
13140 +
13141 -+ if (copy_pointer_from_array(&i_utmp2, i_num, s_tmp->ips))
13142 -+ return ERR_PTR(-EFAULT);
13143 ++ matchpo = gr_get_create_object(new_dentry, parent, mnt);
13144 +
13145 -+ if (copy_acl_ip_label(*(i_tmp + i_num), i_utmp2))
13146 -+ return ERR_PTR(-EFAULT);
13147 -+
13148 -+ if ((*(i_tmp + i_num))->iface == NULL)
13149 -+ continue;
13150 ++ retval = matchpo->mode & mode;
13151 +
13152 -+ err = alloc_and_copy_string(&(*(i_tmp + i_num))->iface, IFNAMSIZ);
13153 -+ if (err)
13154 -+ return ERR_PTR(err);
13155 -+ }
13156 ++ if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS)))
13157 ++ && (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))) {
13158 ++ __u32 new_mode = mode;
13159 +
13160 -+ s_tmp->ips = i_tmp;
13161 ++ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
13162 +
13163 -+insert:
13164 -+ if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
13165 -+ s_tmp->device, (s_tmp->mode & GR_DELETED) ? 1 : 0))
13166 -+ return ERR_PTR(-ENOMEM);
13167 ++ gr_log_learn(new_dentry, mnt, new_mode);
13168 ++ return new_mode;
13169 ++ }
13170 +
13171 -+ return s_tmp;
13172 ++ return retval;
13173 +}
13174 +
13175 -+static int
13176 -+copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role)
13177 -+{
13178 -+ struct acl_subject_label s_pre;
13179 -+ struct acl_subject_label * ret;
13180 -+ int err;
13181 -+
13182 -+ while (userp) {
13183 -+ if (copy_acl_subject_label(&s_pre, userp))
13184 -+ return -EFAULT;
13185 -+
13186 -+ ret = do_copy_user_subj(userp, role, NULL);
13187 -+
13188 -+ err = PTR_ERR(ret);
13189 -+ if (IS_ERR(ret))
13190 -+ return err;
13191 -+
13192 -+ insert_acl_subj_label(ret, role);
13193 ++__u32
13194 ++gr_check_link(const struct dentry * new_dentry,
13195 ++ const struct dentry * parent_dentry,
13196 ++ const struct vfsmount * parent_mnt,
13197 ++ const struct dentry * old_dentry, const struct vfsmount * old_mnt)
13198 ++{
13199 ++ struct acl_object_label *obj;
13200 ++ __u32 oldmode, newmode;
13201 ++ __u32 needmode;
13202 ++ __u32 checkmodes = GR_FIND | GR_APPEND | GR_WRITE | GR_EXEC | GR_SETID | GR_READ |
13203 ++ GR_DELETE | GR_INHERIT;
13204 +
13205 -+ userp = s_pre.prev;
13206 -+ }
13207 ++ if (unlikely(!(gr_status & GR_READY)))
13208 ++ return (GR_CREATE | GR_LINK);
13209 +
13210 -+ return 0;
13211 -+}
13212 ++ obj = chk_obj_label(old_dentry, old_mnt, current->acl);
13213 ++ oldmode = obj->mode;
13214 +
13215 -+static int
13216 -+copy_user_acl(struct gr_arg *arg)
13217 -+{
13218 -+ struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2;
13219 -+ struct acl_subject_label *subj_list;
13220 -+ struct sprole_pw *sptmp;
13221 -+ struct gr_hash_struct *ghash;
13222 -+ uid_t *domainlist;
13223 -+ unsigned int r_num;
13224 -+ int err = 0;
13225 -+ __u16 i;
13226 -+ __u32 num_subjs;
13227 ++ obj = gr_get_create_object(new_dentry, parent_dentry, parent_mnt);
13228 ++ newmode = obj->mode;
13229 +
13230 -+ /* we need a default and kernel role */
13231 -+ if (arg->role_db.num_roles < 2)
13232 -+ return -EINVAL;
13233 ++ needmode = newmode & checkmodes;
13234 +
13235 -+ /* copy special role authentication info from userspace */
13236 ++ // old name for hardlink must have at least the permissions of the new name
13237 ++ if ((oldmode & needmode) != needmode)
13238 ++ goto bad;
13239 +
13240 -+ num_sprole_pws = arg->num_sprole_pws;
13241 -+ acl_special_roles = (struct sprole_pw **) acl_alloc_num(num_sprole_pws, sizeof(struct sprole_pw *));
13242 ++ // if old name had restrictions/auditing, make sure the new name does as well
13243 ++ needmode = oldmode & (GR_NOPTRACE | GR_PTRACERD | GR_INHERIT | GR_AUDITS);
13244 +
13245 -+ if (!acl_special_roles && num_sprole_pws)
13246 -+ return -ENOMEM;
13247 ++ // don't allow hardlinking of suid/sgid/fcapped files without permission
13248 ++ if (is_privileged_binary(old_dentry))
13249 ++ needmode |= GR_SETID;
13250 +
13251 -+ for (i = 0; i < num_sprole_pws; i++) {
13252 -+ sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
13253 -+ if (!sptmp)
13254 -+ return -ENOMEM;
13255 -+ if (copy_sprole_pw(sptmp, i, arg->sprole_pws))
13256 -+ return -EFAULT;
13257 ++ if ((newmode & needmode) != needmode)
13258 ++ goto bad;
13259 +
13260 -+ err = alloc_and_copy_string((char **)&sptmp->rolename, GR_SPROLE_LEN);
13261 -+ if (err)
13262 -+ return err;
13263 ++ // enforce minimum permissions
13264 ++ if ((newmode & (GR_CREATE | GR_LINK)) == (GR_CREATE | GR_LINK))
13265 ++ return newmode;
13266 ++bad:
13267 ++ needmode = oldmode;
13268 ++ if (is_privileged_binary(old_dentry))
13269 ++ needmode |= GR_SETID;
13270 ++
13271 ++ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) {
13272 ++ gr_log_learn(old_dentry, old_mnt, needmode | GR_CREATE | GR_LINK);
13273 ++ return (GR_CREATE | GR_LINK);
13274 ++ } else if (newmode & GR_SUPPRESS)
13275 ++ return GR_SUPPRESS;
13276 ++ else
13277 ++ return 0;
13278 ++}
13279 +
13280 -+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
13281 -+ printk(KERN_ALERT "Copying special role %s\n", sptmp->rolename);
13282 -+#endif
13283 ++int
13284 ++gr_check_hidden_task(const struct task_struct *task)
13285 ++{
13286 ++ if (unlikely(!(gr_status & GR_READY)))
13287 ++ return 0;
13288 +
13289 -+ acl_special_roles[i] = sptmp;
13290 -+ }
13291 ++ if (!(task->acl->mode & GR_PROCFIND) && !(current->acl->mode & GR_VIEW))
13292 ++ return 1;
13293 +
13294 -+ r_utmp = (struct acl_role_label **) arg->role_db.r_table;
13295 ++ return 0;
13296 ++}
13297 +
13298 -+ for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) {
13299 -+ r_tmp = acl_alloc(sizeof (struct acl_role_label));
13300 ++int
13301 ++gr_check_protected_task(const struct task_struct *task)
13302 ++{
13303 ++ if (unlikely(!(gr_status & GR_READY) || !task))
13304 ++ return 0;
13305 +
13306 -+ if (!r_tmp)
13307 -+ return -ENOMEM;
13308 ++ if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
13309 ++ task->acl != current->acl)
13310 ++ return 1;
13311 +
13312 -+ if (copy_pointer_from_array(&r_utmp2, r_num, r_utmp))
13313 -+ return -EFAULT;
13314 ++ return 0;
13315 ++}
13316 +
13317 -+ if (copy_acl_role_label(r_tmp, r_utmp2))
13318 -+ return -EFAULT;
13319 ++int
13320 ++gr_check_protected_task_fowner(struct pid *pid, enum pid_type type)
13321 ++{
13322 ++ struct task_struct *p;
13323 ++ int ret = 0;
13324 +
13325 -+ err = alloc_and_copy_string(&r_tmp->rolename, GR_SPROLE_LEN);
13326 -+ if (err)
13327 -+ return err;
13328 ++ if (unlikely(!(gr_status & GR_READY) || !pid))
13329 ++ return ret;
13330 +
13331 -+ if (!strcmp(r_tmp->rolename, "default")
13332 -+ && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
13333 -+ default_role = r_tmp;
13334 -+ } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) {
13335 -+ kernel_role = r_tmp;
13336 ++ read_lock(&tasklist_lock);
13337 ++ do_each_pid_task(pid, type, p) {
13338 ++ if ((p->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
13339 ++ p->acl != current->acl) {
13340 ++ ret = 1;
13341 ++ goto out;
13342 + }
13343 ++ } while_each_pid_task(pid, type, p);
13344 ++out:
13345 ++ read_unlock(&tasklist_lock);
13346 +
13347 -+ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL)
13348 -+ return -ENOMEM;
13349 ++ return ret;
13350 ++}
13351 +
13352 -+ if (copy_gr_hash_struct(ghash, r_tmp->hash))
13353 -+ return -EFAULT;
13354 ++void
13355 ++gr_copy_label(struct task_struct *tsk)
13356 ++{
13357 ++ struct task_struct *p = current;
13358 +
13359 -+ r_tmp->hash = ghash;
13360 ++ tsk->inherited = p->inherited;
13361 ++ tsk->acl_sp_role = 0;
13362 ++ tsk->acl_role_id = p->acl_role_id;
13363 ++ tsk->acl = p->acl;
13364 ++ tsk->role = p->role;
13365 ++ tsk->signal->used_accept = 0;
13366 ++ tsk->signal->curr_ip = p->signal->curr_ip;
13367 ++ tsk->signal->saved_ip = p->signal->saved_ip;
13368 ++ if (p->exec_file)
13369 ++ get_file(p->exec_file);
13370 ++ tsk->exec_file = p->exec_file;
13371 ++ tsk->is_writable = p->is_writable;
13372 ++ if (unlikely(p->signal->used_accept)) {
13373 ++ p->signal->curr_ip = 0;
13374 ++ p->signal->saved_ip = 0;
13375 ++ }
13376 +
13377 -+ num_subjs = count_user_subjs(r_tmp->hash->first);
13378 ++ return;
13379 ++}
13380 +
13381 -+ r_tmp->subj_hash_size = num_subjs;
13382 -+ r_tmp->subj_hash =
13383 -+ (struct acl_subject_label **)
13384 -+ create_table(&(r_tmp->subj_hash_size), sizeof(void *));
13385 ++extern int gr_process_kernel_setuid_ban(struct user_struct *user);
13386 +
13387 -+ if (!r_tmp->subj_hash)
13388 -+ return -ENOMEM;
13389 ++int
13390 ++gr_check_user_change(int real, int effective, int fs)
13391 ++{
13392 ++ unsigned int i;
13393 ++ __u16 num;
13394 ++ uid_t *uidlist;
13395 ++ int curuid;
13396 ++ int realok = 0;
13397 ++ int effectiveok = 0;
13398 ++ int fsok = 0;
13399 +
13400 -+ err = copy_user_allowedips(r_tmp);
13401 -+ if (err)
13402 -+ return err;
13403 ++#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT)
13404 ++ struct user_struct *user;
13405 +
13406 -+ /* copy domain info */
13407 -+ if (r_tmp->domain_children != NULL) {
13408 -+ domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t));
13409 -+ if (domainlist == NULL)
13410 -+ return -ENOMEM;
13411 ++ if (real == -1)
13412 ++ goto skipit;
13413 +
13414 -+ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t)))
13415 -+ return -EFAULT;
13416 ++ user = find_user(real);
13417 ++ if (user == NULL)
13418 ++ goto skipit;
13419 +
13420 -+ r_tmp->domain_children = domainlist;
13421 -+ }
13422 ++ if (gr_process_kernel_setuid_ban(user)) {
13423 ++ /* for find_user */
13424 ++ free_uid(user);
13425 ++ return 1;
13426 ++ }
13427 +
13428 -+ err = copy_user_transitions(r_tmp);
13429 -+ if (err)
13430 -+ return err;
13431 ++ /* for find_user */
13432 ++ free_uid(user);
13433 +
13434 -+ memset(r_tmp->subj_hash, 0,
13435 -+ r_tmp->subj_hash_size *
13436 -+ sizeof (struct acl_subject_label *));
13437 ++skipit:
13438 ++#endif
13439 +
13440 -+ /* acquire the list of subjects, then NULL out
13441 -+ the list prior to parsing the subjects for this role,
13442 -+ as during this parsing the list is replaced with a list
13443 -+ of *nested* subjects for the role
13444 -+ */
13445 -+ subj_list = r_tmp->hash->first;
13446 ++ if (unlikely(!(gr_status & GR_READY)))
13447 ++ return 0;
13448 +
13449 -+ /* set nested subject list to null */
13450 -+ r_tmp->hash->first = NULL;
13451 ++ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
13452 ++ gr_log_learn_id_change('u', real, effective, fs);
13453 +
13454 -+ err = copy_user_subjs(subj_list, r_tmp);
13455 ++ num = current->acl->user_trans_num;
13456 ++ uidlist = current->acl->user_transitions;
13457 +
13458 -+ if (err)
13459 -+ return err;
13460 ++ if (uidlist == NULL)
13461 ++ return 0;
13462 +
13463 -+ insert_acl_role_label(r_tmp);
13464 -+ }
13465 ++ if (real == -1)
13466 ++ realok = 1;
13467 ++ if (effective == -1)
13468 ++ effectiveok = 1;
13469 ++ if (fs == -1)
13470 ++ fsok = 1;
13471 +
13472 -+ if (default_role == NULL || kernel_role == NULL)
13473 -+ return -EINVAL;
13474 ++ if (current->acl->user_trans_type & GR_ID_ALLOW) {
13475 ++ for (i = 0; i < num; i++) {
13476 ++ curuid = (int)uidlist[i];
13477 ++ if (real == curuid)
13478 ++ realok = 1;
13479 ++ if (effective == curuid)
13480 ++ effectiveok = 1;
13481 ++ if (fs == curuid)
13482 ++ fsok = 1;
13483 ++ }
13484 ++ } else if (current->acl->user_trans_type & GR_ID_DENY) {
13485 ++ for (i = 0; i < num; i++) {
13486 ++ curuid = (int)uidlist[i];
13487 ++ if (real == curuid)
13488 ++ break;
13489 ++ if (effective == curuid)
13490 ++ break;
13491 ++ if (fs == curuid)
13492 ++ break;
13493 ++ }
13494 ++ /* not in deny list */
13495 ++ if (i == num) {
13496 ++ realok = 1;
13497 ++ effectiveok = 1;
13498 ++ fsok = 1;
13499 ++ }
13500 ++ }
13501 +
13502 -+ return err;
13503 ++ if (realok && effectiveok && fsok)
13504 ++ return 0;
13505 ++ else {
13506 ++ gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
13507 ++ return 1;
13508 ++ }
13509 +}
13510 +
13511 -+static int
13512 -+gracl_init(struct gr_arg *args)
13513 ++int
13514 ++gr_check_group_change(int real, int effective, int fs)
13515 +{
13516 -+ int error = 0;
13517 ++ unsigned int i;
13518 ++ __u16 num;
13519 ++ gid_t *gidlist;
13520 ++ int curgid;
13521 ++ int realok = 0;
13522 ++ int effectiveok = 0;
13523 ++ int fsok = 0;
13524 +
13525 -+ memcpy(gr_system_salt, args->salt, GR_SALT_LEN);
13526 -+ memcpy(gr_system_sum, args->sum, GR_SHA_LEN);
13527 ++ if (unlikely(!(gr_status & GR_READY)))
13528 ++ return 0;
13529 +
13530 -+ if (init_variables(args)) {
13531 -+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
13532 -+ error = -ENOMEM;
13533 -+ free_variables();
13534 -+ goto out;
13535 -+ }
13536 ++ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
13537 ++ gr_log_learn_id_change('g', real, effective, fs);
13538 +
13539 -+ error = copy_user_acl(args);
13540 -+ free_init_variables();
13541 -+ if (error) {
13542 -+ free_variables();
13543 -+ goto out;
13544 -+ }
13545 ++ num = current->acl->group_trans_num;
13546 ++ gidlist = current->acl->group_transitions;
13547 +
13548 -+ if ((error = gr_set_acls(0))) {
13549 -+ free_variables();
13550 -+ goto out;
13551 -+ }
13552 ++ if (gidlist == NULL)
13553 ++ return 0;
13554 +
13555 -+ pax_open_kernel();
13556 -+ gr_status |= GR_READY;
13557 -+ pax_close_kernel();
13558 ++ if (real == -1)
13559 ++ realok = 1;
13560 ++ if (effective == -1)
13561 ++ effectiveok = 1;
13562 ++ if (fs == -1)
13563 ++ fsok = 1;
13564 +
13565 -+ out:
13566 -+ return error;
13567 ++ if (current->acl->group_trans_type & GR_ID_ALLOW) {
13568 ++ for (i = 0; i < num; i++) {
13569 ++ curgid = (int)gidlist[i];
13570 ++ if (real == curgid)
13571 ++ realok = 1;
13572 ++ if (effective == curgid)
13573 ++ effectiveok = 1;
13574 ++ if (fs == curgid)
13575 ++ fsok = 1;
13576 ++ }
13577 ++ } else if (current->acl->group_trans_type & GR_ID_DENY) {
13578 ++ for (i = 0; i < num; i++) {
13579 ++ curgid = (int)gidlist[i];
13580 ++ if (real == curgid)
13581 ++ break;
13582 ++ if (effective == curgid)
13583 ++ break;
13584 ++ if (fs == curgid)
13585 ++ break;
13586 ++ }
13587 ++ /* not in deny list */
13588 ++ if (i == num) {
13589 ++ realok = 1;
13590 ++ effectiveok = 1;
13591 ++ fsok = 1;
13592 ++ }
13593 ++ }
13594 ++
13595 ++ if (realok && effectiveok && fsok)
13596 ++ return 0;
13597 ++ else {
13598 ++ gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
13599 ++ return 1;
13600 ++ }
13601 +}
13602 +
13603 -+/* derived from glibc fnmatch() 0: match, 1: no match*/
13604 ++extern int gr_acl_is_capable(const int cap);
13605 +
13606 -+static int
13607 -+glob_match(const char *p, const char *n)
13608 ++void
13609 ++gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid)
13610 +{
13611 -+ char c;
13612 -+
13613 -+ while ((c = *p++) != '\0') {
13614 -+ switch (c) {
13615 -+ case '?':
13616 -+ if (*n == '\0')
13617 -+ return 1;
13618 -+ else if (*n == '/')
13619 -+ return 1;
13620 -+ break;
13621 -+ case '\\':
13622 -+ if (*n != c)
13623 -+ return 1;
13624 -+ break;
13625 -+ case '*':
13626 -+ for (c = *p++; c == '?' || c == '*'; c = *p++) {
13627 -+ if (*n == '/')
13628 -+ return 1;
13629 -+ else if (c == '?') {
13630 -+ if (*n == '\0')
13631 -+ return 1;
13632 -+ else
13633 -+ ++n;
13634 -+ }
13635 -+ }
13636 -+ if (c == '\0') {
13637 -+ return 0;
13638 -+ } else {
13639 -+ const char *endp;
13640 -+
13641 -+ if ((endp = strchr(n, '/')) == NULL)
13642 -+ endp = n + strlen(n);
13643 ++ struct acl_role_label *role = task->role;
13644 ++ struct acl_subject_label *subj = NULL;
13645 ++ struct acl_object_label *obj;
13646 ++ struct file *filp;
13647 +
13648 -+ if (c == '[') {
13649 -+ for (--p; n < endp; ++n)
13650 -+ if (!glob_match(p, n))
13651 -+ return 0;
13652 -+ } else if (c == '/') {
13653 -+ while (*n != '\0' && *n != '/')
13654 -+ ++n;
13655 -+ if (*n == '/' && !glob_match(p, n + 1))
13656 -+ return 0;
13657 -+ } else {
13658 -+ for (--p; n < endp; ++n)
13659 -+ if (*n == c && !glob_match(p, n))
13660 -+ return 0;
13661 -+ }
13662 ++ if (unlikely(!(gr_status & GR_READY)))
13663 ++ return;
13664 +
13665 -+ return 1;
13666 -+ }
13667 -+ case '[':
13668 -+ {
13669 -+ int not;
13670 -+ char cold;
13671 ++ filp = task->exec_file;
13672 +
13673 -+ if (*n == '\0' || *n == '/')
13674 -+ return 1;
13675 ++ /* kernel process, we'll give them the kernel role */
13676 ++ if (unlikely(!filp)) {
13677 ++ task->role = running_polstate.kernel_role;
13678 ++ task->acl = running_polstate.kernel_role->root_label;
13679 ++ return;
13680 ++ } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL)) {
13681 ++ /* save the current ip at time of role lookup so that the proper
13682 ++ IP will be learned for role_allowed_ip */
13683 ++ task->signal->saved_ip = task->signal->curr_ip;
13684 ++ role = lookup_acl_role_label(task, uid, gid);
13685 ++ }
13686 +
13687 -+ not = (*p == '!' || *p == '^');
13688 -+ if (not)
13689 -+ ++p;
13690 ++ /* don't change the role if we're not a privileged process */
13691 ++ if (role && task->role != role &&
13692 ++ (((role->roletype & GR_ROLE_USER) && !gr_acl_is_capable(CAP_SETUID)) ||
13693 ++ ((role->roletype & GR_ROLE_GROUP) && !gr_acl_is_capable(CAP_SETGID))))
13694 ++ return;
13695 +
13696 -+ c = *p++;
13697 -+ for (;;) {
13698 -+ unsigned char fn = (unsigned char)*n;
13699 ++ /* perform subject lookup in possibly new role
13700 ++ we can use this result below in the case where role == task->role
13701 ++ */
13702 ++ subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role);
13703 +
13704 -+ if (c == '\0')
13705 -+ return 1;
13706 -+ else {
13707 -+ if (c == fn)
13708 -+ goto matched;
13709 -+ cold = c;
13710 -+ c = *p++;
13711 ++ /* if we changed uid/gid, but result in the same role
13712 ++ and are using inheritance, don't lose the inherited subject
13713 ++ if current subject is other than what normal lookup
13714 ++ would result in, we arrived via inheritance, don't
13715 ++ lose subject
13716 ++ */
13717 ++ if (role != task->role || (!(task->acl->mode & GR_INHERITLEARN) &&
13718 ++ (subj == task->acl)))
13719 ++ task->acl = subj;
13720 +
13721 -+ if (c == '-' && *p != ']') {
13722 -+ unsigned char cend = *p++;
13723 ++ /* leave task->inherited unaffected */
13724 +
13725 -+ if (cend == '\0')
13726 -+ return 1;
13727 ++ task->role = role;
13728 +
13729 -+ if (cold <= fn && fn <= cend)
13730 -+ goto matched;
13731 ++ task->is_writable = 0;
13732 +
13733 -+ c = *p++;
13734 -+ }
13735 -+ }
13736 ++ /* ignore additional mmap checks for processes that are writable
13737 ++ by the default ACL */
13738 ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, running_polstate.default_role->root_label);
13739 ++ if (unlikely(obj->mode & GR_WRITE))
13740 ++ task->is_writable = 1;
13741 ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
13742 ++ if (unlikely(obj->mode & GR_WRITE))
13743 ++ task->is_writable = 1;
13744 +
13745 -+ if (c == ']')
13746 -+ break;
13747 -+ }
13748 -+ if (!not)
13749 -+ return 1;
13750 -+ break;
13751 -+ matched:
13752 -+ while (c != ']') {
13753 -+ if (c == '\0')
13754 -+ return 1;
13755 ++#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
13756 ++ printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
13757 ++#endif
13758 +
13759 -+ c = *p++;
13760 -+ }
13761 -+ if (not)
13762 -+ return 1;
13763 -+ }
13764 -+ break;
13765 -+ default:
13766 -+ if (c != *n)
13767 -+ return 1;
13768 -+ }
13769 ++ gr_set_proc_res(task);
13770 +
13771 -+ ++n;
13772 -+ }
13773 ++ return;
13774 ++}
13775 +
13776 -+ if (*n == '\0')
13777 -+ return 0;
13778 ++int
13779 ++gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
13780 ++ const int unsafe_flags)
13781 ++{
13782 ++ struct task_struct *task = current;
13783 ++ struct acl_subject_label *newacl;
13784 ++ struct acl_object_label *obj;
13785 ++ __u32 retmode;
13786 +
13787 -+ if (*n == '/')
13788 ++ if (unlikely(!(gr_status & GR_READY)))
13789 + return 0;
13790 +
13791 -+ return 1;
13792 -+}
13793 ++ newacl = chk_subj_label(dentry, mnt, task->role);
13794 +
13795 -+static struct acl_object_label *
13796 -+chk_glob_label(struct acl_object_label *globbed,
13797 -+ const struct dentry *dentry, const struct vfsmount *mnt, char **path)
13798 -+{
13799 -+ struct acl_object_label *tmp;
13800 ++ /* special handling for if we did an strace -f -p <pid> from an admin role, where pid then
13801 ++ did an exec
13802 ++ */
13803 ++ rcu_read_lock();
13804 ++ read_lock(&tasklist_lock);
13805 ++ if (task->ptrace && task->parent && ((task->parent->role->roletype & GR_ROLE_GOD) ||
13806 ++ (task->parent->acl->mode & GR_POVERRIDE))) {
13807 ++ read_unlock(&tasklist_lock);
13808 ++ rcu_read_unlock();
13809 ++ goto skip_check;
13810 ++ }
13811 ++ read_unlock(&tasklist_lock);
13812 ++ rcu_read_unlock();
13813 +
13814 -+ if (*path == NULL)
13815 -+ *path = gr_to_filename_nolock(dentry, mnt);
13816 ++ if (unsafe_flags && !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) &&
13817 ++ !(task->role->roletype & GR_ROLE_GOD) &&
13818 ++ !gr_search_file(dentry, GR_PTRACERD, mnt) &&
13819 ++ !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN))) {
13820 ++ if (unsafe_flags & LSM_UNSAFE_SHARE)
13821 ++ gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt);
13822 ++ else
13823 ++ gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt);
13824 ++ return -EACCES;
13825 ++ }
13826 +
13827 -+ tmp = globbed;
13828 ++skip_check:
13829 +
13830 -+ while (tmp) {
13831 -+ if (!glob_match(tmp->filename, *path))
13832 -+ return tmp;
13833 -+ tmp = tmp->next;
13834 ++ obj = chk_obj_label(dentry, mnt, task->acl);
13835 ++ retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
13836 ++
13837 ++ if (!(task->acl->mode & GR_INHERITLEARN) &&
13838 ++ ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT))) {
13839 ++ if (obj->nested)
13840 ++ task->acl = obj->nested;
13841 ++ else
13842 ++ task->acl = newacl;
13843 ++ task->inherited = 0;
13844 ++ } else {
13845 ++ task->inherited = 1;
13846 ++ if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT)
13847 ++ gr_log_str_fs(GR_DO_AUDIT, GR_INHERIT_ACL_MSG, task->acl->filename, dentry, mnt);
13848 + }
13849 +
13850 -+ return NULL;
13851 -+}
13852 ++ task->is_writable = 0;
13853 +
13854 -+static struct acl_object_label *
13855 -+__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
13856 -+ const ino_t curr_ino, const dev_t curr_dev,
13857 -+ const struct acl_subject_label *subj, char **path, const int checkglob)
13858 -+{
13859 -+ struct acl_subject_label *tmpsubj;
13860 -+ struct acl_object_label *retval;
13861 -+ struct acl_object_label *retval2;
13862 ++ /* ignore additional mmap checks for processes that are writable
13863 ++ by the default ACL */
13864 ++ obj = chk_obj_label(dentry, mnt, running_polstate.default_role->root_label);
13865 ++ if (unlikely(obj->mode & GR_WRITE))
13866 ++ task->is_writable = 1;
13867 ++ obj = chk_obj_label(dentry, mnt, task->role->root_label);
13868 ++ if (unlikely(obj->mode & GR_WRITE))
13869 ++ task->is_writable = 1;
13870 +
13871 -+ tmpsubj = (struct acl_subject_label *) subj;
13872 -+ read_lock(&gr_inode_lock);
13873 -+ do {
13874 -+ retval = lookup_acl_obj_label(curr_ino, curr_dev, tmpsubj);
13875 -+ if (retval) {
13876 -+ if (checkglob && retval->globbed) {
13877 -+ retval2 = chk_glob_label(retval->globbed, orig_dentry, orig_mnt, path);
13878 -+ if (retval2)
13879 -+ retval = retval2;
13880 -+ }
13881 -+ break;
13882 -+ }
13883 -+ } while ((tmpsubj = tmpsubj->parent_subject));
13884 -+ read_unlock(&gr_inode_lock);
13885 ++ gr_set_proc_res(task);
13886 +
13887 -+ return retval;
13888 ++#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
13889 ++ printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
13890 ++#endif
13891 ++ return 0;
13892 +}
13893 +
13894 -+static __inline__ struct acl_object_label *
13895 -+full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
13896 -+ struct dentry *curr_dentry,
13897 -+ const struct acl_subject_label *subj, char **path, const int checkglob)
13898 ++/* always called with valid inodev ptr */
13899 ++static void
13900 ++do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev)
13901 +{
13902 -+ int newglob = checkglob;
13903 -+ ino_t inode;
13904 -+ dev_t device;
13905 ++ struct acl_object_label *matchpo;
13906 ++ struct acl_subject_label *matchps;
13907 ++ struct acl_subject_label *subj;
13908 ++ struct acl_role_label *role;
13909 ++ unsigned int x;
13910 +
13911 -+ /* if we aren't checking a subdirectory of the original path yet, don't do glob checking
13912 -+ as we don't want a / * rule to match instead of the / object
13913 -+ don't do this for create lookups that call this function though, since they're looking up
13914 -+ on the parent and thus need globbing checks on all paths
13915 -+ */
13916 -+ if (orig_dentry == curr_dentry && newglob != GR_CREATE_GLOB)
13917 -+ newglob = GR_NO_GLOB;
13918 ++ FOR_EACH_ROLE_START(role)
13919 ++ FOR_EACH_SUBJECT_START(role, subj, x)
13920 ++ if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
13921 ++ matchpo->mode |= GR_DELETED;
13922 ++ FOR_EACH_SUBJECT_END(subj,x)
13923 ++ FOR_EACH_NESTED_SUBJECT_START(role, subj)
13924 ++ /* nested subjects aren't in the role's subj_hash table */
13925 ++ if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
13926 ++ matchpo->mode |= GR_DELETED;
13927 ++ FOR_EACH_NESTED_SUBJECT_END(subj)
13928 ++ if ((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL)
13929 ++ matchps->mode |= GR_DELETED;
13930 ++ FOR_EACH_ROLE_END(role)
13931 +
13932 -+ spin_lock(&curr_dentry->d_lock);
13933 -+ inode = curr_dentry->d_inode->i_ino;
13934 -+ device = __get_dev(curr_dentry);
13935 -+ spin_unlock(&curr_dentry->d_lock);
13936 ++ inodev->nentry->deleted = 1;
13937 +
13938 -+ return __full_lookup(orig_dentry, orig_mnt, inode, device, subj, path, newglob);
13939 ++ return;
13940 +}
13941 +
13942 -+static struct acl_object_label *
13943 -+__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
13944 -+ const struct acl_subject_label *subj, char *path, const int checkglob)
13945 ++void
13946 ++gr_handle_delete(const ino_t ino, const dev_t dev)
13947 +{
13948 -+ struct dentry *dentry = (struct dentry *) l_dentry;
13949 -+ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
13950 -+ struct acl_object_label *retval;
13951 -+ struct dentry *parent;
13952 ++ struct inodev_entry *inodev;
13953 +
13954 -+ br_read_lock(vfsmount_lock);
13955 -+ write_seqlock(&rename_lock);
13956 ++ if (unlikely(!(gr_status & GR_READY)))
13957 ++ return;
13958 +
13959 -+ if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt ||
13960 -+#ifdef CONFIG_NET
13961 -+ mnt == sock_mnt ||
13962 -+#endif
13963 -+#ifdef CONFIG_HUGETLBFS
13964 -+ (mnt == hugetlbfs_vfsmount && dentry->d_inode->i_nlink == 0) ||
13965 -+#endif
13966 -+ /* ignore Eric Biederman */
13967 -+ IS_PRIVATE(l_dentry->d_inode))) {
13968 -+ retval = (subj->mode & GR_SHMEXEC) ? fakefs_obj_rwx : fakefs_obj_rw;
13969 -+ goto out;
13970 -+ }
13971 ++ write_lock(&gr_inode_lock);
13972 ++ inodev = lookup_inodev_entry(ino, dev);
13973 ++ if (inodev != NULL)
13974 ++ do_handle_delete(inodev, ino, dev);
13975 ++ write_unlock(&gr_inode_lock);
13976 +
13977 -+ for (;;) {
13978 -+ if (dentry == real_root.dentry && mnt == real_root.mnt)
13979 -+ break;
13980 ++ return;
13981 ++}
13982 +
13983 -+ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
13984 -+ if (mnt->mnt_parent == mnt)
13985 -+ break;
13986 ++static void
13987 ++update_acl_obj_label(const ino_t oldinode, const dev_t olddevice,
13988 ++ const ino_t newinode, const dev_t newdevice,
13989 ++ struct acl_subject_label *subj)
13990 ++{
13991 ++ unsigned int index = gr_fhash(oldinode, olddevice, subj->obj_hash_size);
13992 ++ struct acl_object_label *match;
13993 +
13994 -+ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
13995 -+ if (retval != NULL)
13996 -+ goto out;
13997 ++ match = subj->obj_hash[index];
13998 +
13999 -+ dentry = mnt->mnt_mountpoint;
14000 -+ mnt = mnt->mnt_parent;
14001 -+ continue;
14002 -+ }
14003 ++ while (match && (match->inode != oldinode ||
14004 ++ match->device != olddevice ||
14005 ++ !(match->mode & GR_DELETED)))
14006 ++ match = match->next;
14007 +
14008 -+ parent = dentry->d_parent;
14009 -+ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
14010 -+ if (retval != NULL)
14011 -+ goto out;
14012 ++ if (match && (match->inode == oldinode)
14013 ++ && (match->device == olddevice)
14014 ++ && (match->mode & GR_DELETED)) {
14015 ++ if (match->prev == NULL) {
14016 ++ subj->obj_hash[index] = match->next;
14017 ++ if (match->next != NULL)
14018 ++ match->next->prev = NULL;
14019 ++ } else {
14020 ++ match->prev->next = match->next;
14021 ++ if (match->next != NULL)
14022 ++ match->next->prev = match->prev;
14023 ++ }
14024 ++ match->prev = NULL;
14025 ++ match->next = NULL;
14026 ++ match->inode = newinode;
14027 ++ match->device = newdevice;
14028 ++ match->mode &= ~GR_DELETED;
14029 +
14030 -+ dentry = parent;
14031 ++ insert_acl_obj_label(match, subj);
14032 + }
14033 +
14034 -+ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
14035 ++ return;
14036 ++}
14037 +
14038 -+ /* real_root is pinned so we don't have to hold a reference */
14039 -+ if (retval == NULL)
14040 -+ retval = full_lookup(l_dentry, l_mnt, real_root.dentry, subj, &path, checkglob);
14041 -+out:
14042 -+ write_sequnlock(&rename_lock);
14043 -+ br_read_unlock(vfsmount_lock);
14044 ++static void
14045 ++update_acl_subj_label(const ino_t oldinode, const dev_t olddevice,
14046 ++ const ino_t newinode, const dev_t newdevice,
14047 ++ struct acl_role_label *role)
14048 ++{
14049 ++ unsigned int index = gr_fhash(oldinode, olddevice, role->subj_hash_size);
14050 ++ struct acl_subject_label *match;
14051 +
14052 -+ BUG_ON(retval == NULL);
14053 ++ match = role->subj_hash[index];
14054 +
14055 -+ return retval;
14056 -+}
14057 ++ while (match && (match->inode != oldinode ||
14058 ++ match->device != olddevice ||
14059 ++ !(match->mode & GR_DELETED)))
14060 ++ match = match->next;
14061 +
14062 -+static __inline__ struct acl_object_label *
14063 -+chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
14064 -+ const struct acl_subject_label *subj)
14065 -+{
14066 -+ char *path = NULL;
14067 -+ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_REG_GLOB);
14068 -+}
14069 ++ if (match && (match->inode == oldinode)
14070 ++ && (match->device == olddevice)
14071 ++ && (match->mode & GR_DELETED)) {
14072 ++ if (match->prev == NULL) {
14073 ++ role->subj_hash[index] = match->next;
14074 ++ if (match->next != NULL)
14075 ++ match->next->prev = NULL;
14076 ++ } else {
14077 ++ match->prev->next = match->next;
14078 ++ if (match->next != NULL)
14079 ++ match->next->prev = match->prev;
14080 ++ }
14081 ++ match->prev = NULL;
14082 ++ match->next = NULL;
14083 ++ match->inode = newinode;
14084 ++ match->device = newdevice;
14085 ++ match->mode &= ~GR_DELETED;
14086 +
14087 -+static __inline__ struct acl_object_label *
14088 -+chk_obj_label_noglob(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
14089 -+ const struct acl_subject_label *subj)
14090 -+{
14091 -+ char *path = NULL;
14092 -+ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_NO_GLOB);
14093 -+}
14094 ++ insert_acl_subj_label(match, role);
14095 ++ }
14096 +
14097 -+static __inline__ struct acl_object_label *
14098 -+chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
14099 -+ const struct acl_subject_label *subj, char *path)
14100 -+{
14101 -+ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_CREATE_GLOB);
14102 ++ return;
14103 +}
14104 +
14105 -+static struct acl_subject_label *
14106 -+chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
14107 -+ const struct acl_role_label *role)
14108 ++static void
14109 ++update_inodev_entry(const ino_t oldinode, const dev_t olddevice,
14110 ++ const ino_t newinode, const dev_t newdevice)
14111 +{
14112 -+ struct dentry *dentry = (struct dentry *) l_dentry;
14113 -+ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
14114 -+ struct acl_subject_label *retval;
14115 -+ struct dentry *parent;
14116 -+
14117 -+ br_read_lock(vfsmount_lock);
14118 -+ write_seqlock(&rename_lock);
14119 ++ unsigned int index = gr_fhash(oldinode, olddevice, running_polstate.inodev_set.i_size);
14120 ++ struct inodev_entry *match;
14121 +
14122 -+ for (;;) {
14123 -+ if (dentry == real_root.dentry && mnt == real_root.mnt)
14124 -+ break;
14125 -+ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
14126 -+ if (mnt->mnt_parent == mnt)
14127 -+ break;
14128 ++ match = running_polstate.inodev_set.i_hash[index];
14129 +
14130 -+ spin_lock(&dentry->d_lock);
14131 -+ read_lock(&gr_inode_lock);
14132 -+ retval =
14133 -+ lookup_acl_subj_label(dentry->d_inode->i_ino,
14134 -+ __get_dev(dentry), role);
14135 -+ read_unlock(&gr_inode_lock);
14136 -+ spin_unlock(&dentry->d_lock);
14137 -+ if (retval != NULL)
14138 -+ goto out;
14139 ++ while (match && (match->nentry->inode != oldinode ||
14140 ++ match->nentry->device != olddevice || !match->nentry->deleted))
14141 ++ match = match->next;
14142 +
14143 -+ dentry = mnt->mnt_mountpoint;
14144 -+ mnt = mnt->mnt_parent;
14145 -+ continue;
14146 ++ if (match && (match->nentry->inode == oldinode)
14147 ++ && (match->nentry->device == olddevice) &&
14148 ++ match->nentry->deleted) {
14149 ++ if (match->prev == NULL) {
14150 ++ running_polstate.inodev_set.i_hash[index] = match->next;
14151 ++ if (match->next != NULL)
14152 ++ match->next->prev = NULL;
14153 ++ } else {
14154 ++ match->prev->next = match->next;
14155 ++ if (match->next != NULL)
14156 ++ match->next->prev = match->prev;
14157 + }
14158 ++ match->prev = NULL;
14159 ++ match->next = NULL;
14160 ++ match->nentry->inode = newinode;
14161 ++ match->nentry->device = newdevice;
14162 ++ match->nentry->deleted = 0;
14163 +
14164 -+ spin_lock(&dentry->d_lock);
14165 -+ read_lock(&gr_inode_lock);
14166 -+ retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
14167 -+ __get_dev(dentry), role);
14168 -+ read_unlock(&gr_inode_lock);
14169 -+ parent = dentry->d_parent;
14170 -+ spin_unlock(&dentry->d_lock);
14171 -+
14172 -+ if (retval != NULL)
14173 -+ goto out;
14174 -+
14175 -+ dentry = parent;
14176 -+ }
14177 -+
14178 -+ spin_lock(&dentry->d_lock);
14179 -+ read_lock(&gr_inode_lock);
14180 -+ retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
14181 -+ __get_dev(dentry), role);
14182 -+ read_unlock(&gr_inode_lock);
14183 -+ spin_unlock(&dentry->d_lock);
14184 -+
14185 -+ if (unlikely(retval == NULL)) {
14186 -+ /* real_root is pinned, we don't need to hold a reference */
14187 -+ read_lock(&gr_inode_lock);
14188 -+ retval = lookup_acl_subj_label(real_root.dentry->d_inode->i_ino,
14189 -+ __get_dev(real_root.dentry), role);
14190 -+ read_unlock(&gr_inode_lock);
14191 ++ insert_inodev_entry(match);
14192 + }
14193 -+out:
14194 -+ write_sequnlock(&rename_lock);
14195 -+ br_read_unlock(vfsmount_lock);
14196 -+
14197 -+ BUG_ON(retval == NULL);
14198 +
14199 -+ return retval;
14200 ++ return;
14201 +}
14202 +
14203 +static void
14204 -+gr_log_learn(const struct dentry *dentry, const struct vfsmount *mnt, const __u32 mode)
14205 ++__do_handle_create(const struct name_entry *matchn, ino_t ino, dev_t dev)
14206 +{
14207 -+ struct task_struct *task = current;
14208 -+ const struct cred *cred = current_cred();
14209 -+
14210 -+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
14211 -+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
14212 -+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
14213 -+ 1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, &task->signal->saved_ip);
14214 ++ struct acl_subject_label *subj;
14215 ++ struct acl_role_label *role;
14216 ++ unsigned int x;
14217 +
14218 -+ return;
14219 -+}
14220 ++ FOR_EACH_ROLE_START(role)
14221 ++ update_acl_subj_label(matchn->inode, matchn->device, ino, dev, role);
14222 +
14223 -+static void
14224 -+gr_log_learn_sysctl(const char *path, const __u32 mode)
14225 -+{
14226 -+ struct task_struct *task = current;
14227 -+ const struct cred *cred = current_cred();
14228 ++ FOR_EACH_NESTED_SUBJECT_START(role, subj)
14229 ++ if ((subj->inode == ino) && (subj->device == dev)) {
14230 ++ subj->inode = ino;
14231 ++ subj->device = dev;
14232 ++ }
14233 ++ /* nested subjects aren't in the role's subj_hash table */
14234 ++ update_acl_obj_label(matchn->inode, matchn->device,
14235 ++ ino, dev, subj);
14236 ++ FOR_EACH_NESTED_SUBJECT_END(subj)
14237 ++ FOR_EACH_SUBJECT_START(role, subj, x)
14238 ++ update_acl_obj_label(matchn->inode, matchn->device,
14239 ++ ino, dev, subj);
14240 ++ FOR_EACH_SUBJECT_END(subj,x)
14241 ++ FOR_EACH_ROLE_END(role)
14242 +
14243 -+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
14244 -+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
14245 -+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
14246 -+ 1UL, 1UL, path, (unsigned long) mode, &task->signal->saved_ip);
14247 ++ update_inodev_entry(matchn->inode, matchn->device, ino, dev);
14248 +
14249 + return;
14250 +}
14251 +
14252 +static void
14253 -+gr_log_learn_id_change(const char type, const unsigned int real,
14254 -+ const unsigned int effective, const unsigned int fs)
14255 ++do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
14256 ++ const struct vfsmount *mnt)
14257 +{
14258 -+ struct task_struct *task = current;
14259 -+ const struct cred *cred = current_cred();
14260 ++ ino_t ino = dentry->d_inode->i_ino;
14261 ++ dev_t dev = __get_dev(dentry);
14262 +
14263 -+ security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
14264 -+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
14265 -+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
14266 -+ type, real, effective, fs, &task->signal->saved_ip);
14267 ++ __do_handle_create(matchn, ino, dev);
14268 +
14269 + return;
14270 +}
14271 +
14272 -+__u32
14273 -+gr_search_file(const struct dentry * dentry, const __u32 mode,
14274 -+ const struct vfsmount * mnt)
14275 ++void
14276 ++gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
14277 +{
14278 -+ __u32 retval = mode;
14279 -+ struct acl_subject_label *curracl;
14280 -+ struct acl_object_label *currobj;
14281 ++ struct name_entry *matchn;
14282 +
14283 + if (unlikely(!(gr_status & GR_READY)))
14284 -+ return (mode & ~GR_AUDITS);
14285 -+
14286 -+ curracl = current->acl;
14287 -+
14288 -+ currobj = chk_obj_label(dentry, mnt, curracl);
14289 -+ retval = currobj->mode & mode;
14290 ++ return;
14291 +
14292 -+ /* if we're opening a specified transfer file for writing
14293 -+ (e.g. /dev/initctl), then transfer our role to init
14294 -+ */
14295 -+ if (unlikely(currobj->mode & GR_INIT_TRANSFER && retval & GR_WRITE &&
14296 -+ current->role->roletype & GR_ROLE_PERSIST)) {
14297 -+ struct task_struct *task = init_pid_ns.child_reaper;
14298 ++ preempt_disable();
14299 ++ matchn = lookup_name_entry(gr_to_filename_rbac(dentry, mnt));
14300 +
14301 -+ if (task->role != current->role) {
14302 -+ task->acl_sp_role = 0;
14303 -+ task->acl_role_id = current->acl_role_id;
14304 -+ task->role = current->role;
14305 -+ rcu_read_lock();
14306 -+ read_lock(&grsec_exec_file_lock);
14307 -+ gr_apply_subject_to_task(task);
14308 -+ read_unlock(&grsec_exec_file_lock);
14309 -+ rcu_read_unlock();
14310 -+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_INIT_TRANSFER_MSG);
14311 -+ }
14312 ++ if (unlikely((unsigned long)matchn)) {
14313 ++ write_lock(&gr_inode_lock);
14314 ++ do_handle_create(matchn, dentry, mnt);
14315 ++ write_unlock(&gr_inode_lock);
14316 + }
14317 ++ preempt_enable();
14318 +
14319 -+ if (unlikely
14320 -+ ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) && !(mode & GR_NOPTRACE)
14321 -+ && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) {
14322 -+ __u32 new_mode = mode;
14323 ++ return;
14324 ++}
14325 +
14326 -+ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
14327 ++void
14328 ++gr_handle_proc_create(const struct dentry *dentry, const struct inode *inode)
14329 ++{
14330 ++ struct name_entry *matchn;
14331 +
14332 -+ retval = new_mode;
14333 ++ if (unlikely(!(gr_status & GR_READY)))
14334 ++ return;
14335 +
14336 -+ if (new_mode & GR_EXEC && curracl->mode & GR_INHERITLEARN)
14337 -+ new_mode |= GR_INHERIT;
14338 ++ preempt_disable();
14339 ++ matchn = lookup_name_entry(gr_to_proc_filename_rbac(dentry, init_pid_ns.proc_mnt));
14340 +
14341 -+ if (!(mode & GR_NOLEARN))
14342 -+ gr_log_learn(dentry, mnt, new_mode);
14343 ++ if (unlikely((unsigned long)matchn)) {
14344 ++ write_lock(&gr_inode_lock);
14345 ++ __do_handle_create(matchn, inode->i_ino, inode->i_sb->s_dev);
14346 ++ write_unlock(&gr_inode_lock);
14347 + }
14348 ++ preempt_enable();
14349 +
14350 -+ return retval;
14351 ++ return;
14352 +}
14353 +
14354 -+struct acl_object_label *gr_get_create_object(const struct dentry *new_dentry,
14355 -+ const struct dentry *parent,
14356 -+ const struct vfsmount *mnt)
14357 ++void
14358 ++gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
14359 ++ struct dentry *old_dentry,
14360 ++ struct dentry *new_dentry,
14361 ++ struct vfsmount *mnt, const __u8 replace)
14362 +{
14363 -+ struct name_entry *match;
14364 -+ struct acl_object_label *matchpo;
14365 -+ struct acl_subject_label *curracl;
14366 -+ char *path;
14367 ++ struct name_entry *matchn;
14368 ++ struct inodev_entry *inodev;
14369 ++ struct inode *inode = new_dentry->d_inode;
14370 ++ ino_t old_ino = old_dentry->d_inode->i_ino;
14371 ++ dev_t old_dev = __get_dev(old_dentry);
14372 ++
14373 ++ /* vfs_rename swaps the name and parent link for old_dentry and
14374 ++ new_dentry
14375 ++ at this point, old_dentry has the new name, parent link, and inode
14376 ++ for the renamed file
14377 ++ if a file is being replaced by a rename, new_dentry has the inode
14378 ++ and name for the replaced file
14379 ++ */
14380 +
14381 + if (unlikely(!(gr_status & GR_READY)))
14382 -+ return NULL;
14383 ++ return;
14384 +
14385 + preempt_disable();
14386 -+ path = gr_to_filename_rbac(new_dentry, mnt);
14387 -+ match = lookup_name_entry_create(path);
14388 -+
14389 -+ curracl = current->acl;
14390 ++ matchn = lookup_name_entry(gr_to_filename_rbac(old_dentry, mnt));
14391 +
14392 -+ if (match) {
14393 -+ read_lock(&gr_inode_lock);
14394 -+ matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl);
14395 -+ read_unlock(&gr_inode_lock);
14396 ++ /* we wouldn't have to check d_inode if it weren't for
14397 ++ NFS silly-renaming
14398 ++ */
14399 +
14400 -+ if (matchpo) {
14401 -+ preempt_enable();
14402 -+ return matchpo;
14403 -+ }
14404 -+ }
14405 ++ write_lock(&gr_inode_lock);
14406 ++ if (unlikely(replace && inode)) {
14407 ++ ino_t new_ino = inode->i_ino;
14408 ++ dev_t new_dev = __get_dev(new_dentry);
14409 +
14410 -+ // lookup parent
14411 ++ inodev = lookup_inodev_entry(new_ino, new_dev);
14412 ++ if (inodev != NULL && ((inode->i_nlink <= 1) || S_ISDIR(inode->i_mode)))
14413 ++ do_handle_delete(inodev, new_ino, new_dev);
14414 ++ }
14415 +
14416 -+ matchpo = chk_obj_create_label(parent, mnt, curracl, path);
14417 ++ inodev = lookup_inodev_entry(old_ino, old_dev);
14418 ++ if (inodev != NULL && ((old_dentry->d_inode->i_nlink <= 1) || S_ISDIR(old_dentry->d_inode->i_mode)))
14419 ++ do_handle_delete(inodev, old_ino, old_dev);
14420 ++
14421 ++ if (unlikely((unsigned long)matchn))
14422 ++ do_handle_create(matchn, old_dentry, mnt);
14423 +
14424 ++ write_unlock(&gr_inode_lock);
14425 + preempt_enable();
14426 -+ return matchpo;
14427 ++
14428 ++ return;
14429 +}
14430 +
14431 -+__u32
14432 -+gr_check_create(const struct dentry * new_dentry, const struct dentry * parent,
14433 -+ const struct vfsmount * mnt, const __u32 mode)
14434 ++void
14435 ++gr_learn_resource(const struct task_struct *task,
14436 ++ const int res, const unsigned long wanted, const int gt)
14437 +{
14438 -+ struct acl_object_label *matchpo;
14439 -+ __u32 retval;
14440 ++ struct acl_subject_label *acl;
14441 ++ const struct cred *cred;
14442 +
14443 -+ if (unlikely(!(gr_status & GR_READY)))
14444 -+ return (mode & ~GR_AUDITS);
14445 ++ if (unlikely((gr_status & GR_READY) &&
14446 ++ task->acl && (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))))
14447 ++ goto skip_reslog;
14448 +
14449 -+ matchpo = gr_get_create_object(new_dentry, parent, mnt);
14450 ++#ifdef CONFIG_GRKERNSEC_RESLOG
14451 ++ gr_log_resource(task, res, wanted, gt);
14452 ++#endif
14453 ++ skip_reslog:
14454 +
14455 -+ retval = matchpo->mode & mode;
14456 ++ if (unlikely(!(gr_status & GR_READY) || !wanted || res >= GR_NLIMITS))
14457 ++ return;
14458 +
14459 -+ if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS)))
14460 -+ && (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))) {
14461 -+ __u32 new_mode = mode;
14462 ++ acl = task->acl;
14463 +
14464 -+ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
14465 ++ if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) ||
14466 ++ !(acl->resmask & (1U << (unsigned short) res))))
14467 ++ return;
14468 +
14469 -+ gr_log_learn(new_dentry, mnt, new_mode);
14470 -+ return new_mode;
14471 ++ if (wanted >= acl->res[res].rlim_cur) {
14472 ++ unsigned long res_add;
14473 ++
14474 ++ res_add = wanted;
14475 ++ switch (res) {
14476 ++ case RLIMIT_CPU:
14477 ++ res_add += GR_RLIM_CPU_BUMP;
14478 ++ break;
14479 ++ case RLIMIT_FSIZE:
14480 ++ res_add += GR_RLIM_FSIZE_BUMP;
14481 ++ break;
14482 ++ case RLIMIT_DATA:
14483 ++ res_add += GR_RLIM_DATA_BUMP;
14484 ++ break;
14485 ++ case RLIMIT_STACK:
14486 ++ res_add += GR_RLIM_STACK_BUMP;
14487 ++ break;
14488 ++ case RLIMIT_CORE:
14489 ++ res_add += GR_RLIM_CORE_BUMP;
14490 ++ break;
14491 ++ case RLIMIT_RSS:
14492 ++ res_add += GR_RLIM_RSS_BUMP;
14493 ++ break;
14494 ++ case RLIMIT_NPROC:
14495 ++ res_add += GR_RLIM_NPROC_BUMP;
14496 ++ break;
14497 ++ case RLIMIT_NOFILE:
14498 ++ res_add += GR_RLIM_NOFILE_BUMP;
14499 ++ break;
14500 ++ case RLIMIT_MEMLOCK:
14501 ++ res_add += GR_RLIM_MEMLOCK_BUMP;
14502 ++ break;
14503 ++ case RLIMIT_AS:
14504 ++ res_add += GR_RLIM_AS_BUMP;
14505 ++ break;
14506 ++ case RLIMIT_LOCKS:
14507 ++ res_add += GR_RLIM_LOCKS_BUMP;
14508 ++ break;
14509 ++ case RLIMIT_SIGPENDING:
14510 ++ res_add += GR_RLIM_SIGPENDING_BUMP;
14511 ++ break;
14512 ++ case RLIMIT_MSGQUEUE:
14513 ++ res_add += GR_RLIM_MSGQUEUE_BUMP;
14514 ++ break;
14515 ++ case RLIMIT_NICE:
14516 ++ res_add += GR_RLIM_NICE_BUMP;
14517 ++ break;
14518 ++ case RLIMIT_RTPRIO:
14519 ++ res_add += GR_RLIM_RTPRIO_BUMP;
14520 ++ break;
14521 ++ case RLIMIT_RTTIME:
14522 ++ res_add += GR_RLIM_RTTIME_BUMP;
14523 ++ break;
14524 ++ }
14525 ++
14526 ++ acl->res[res].rlim_cur = res_add;
14527 ++
14528 ++ if (wanted > acl->res[res].rlim_max)
14529 ++ acl->res[res].rlim_max = res_add;
14530 ++
14531 ++ /* only log the subject filename, since resource logging is supported for
14532 ++ single-subject learning only */
14533 ++ rcu_read_lock();
14534 ++ cred = __task_cred(task);
14535 ++ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
14536 ++ task->role->roletype, cred->uid, cred->gid, acl->filename,
14537 ++ acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max,
14538 ++ "", (unsigned long) res, &task->signal->saved_ip);
14539 ++ rcu_read_unlock();
14540 + }
14541 +
14542 -+ return retval;
14543 ++ return;
14544 +}
14545 +
14546 -+__u32
14547 -+gr_check_link(const struct dentry * new_dentry,
14548 -+ const struct dentry * parent_dentry,
14549 -+ const struct vfsmount * parent_mnt,
14550 -+ const struct dentry * old_dentry, const struct vfsmount * old_mnt)
14551 ++#if defined(CONFIG_PAX_HAVE_ACL_FLAGS) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
14552 ++void
14553 ++pax_set_initial_flags(struct linux_binprm *bprm)
14554 +{
14555 -+ struct acl_object_label *obj;
14556 -+ __u32 oldmode, newmode;
14557 -+ __u32 needmode;
14558 -+ __u32 checkmodes = GR_FIND | GR_APPEND | GR_WRITE | GR_EXEC | GR_SETID | GR_READ |
14559 -+ GR_DELETE | GR_INHERIT;
14560 -+
14561 -+ if (unlikely(!(gr_status & GR_READY)))
14562 -+ return (GR_CREATE | GR_LINK);
14563 -+
14564 -+ obj = chk_obj_label(old_dentry, old_mnt, current->acl);
14565 -+ oldmode = obj->mode;
14566 ++ struct task_struct *task = current;
14567 ++ struct acl_subject_label *proc;
14568 ++ unsigned long flags;
14569 +
14570 -+ obj = gr_get_create_object(new_dentry, parent_dentry, parent_mnt);
14571 -+ newmode = obj->mode;
14572 ++ if (unlikely(!(gr_status & GR_READY)))
14573 ++ return;
14574 +
14575 -+ needmode = newmode & checkmodes;
14576 ++ flags = pax_get_flags(task);
14577 +
14578 -+ // old name for hardlink must have at least the permissions of the new name
14579 -+ if ((oldmode & needmode) != needmode)
14580 -+ goto bad;
14581 ++ proc = task->acl;
14582 +
14583 -+ // if old name had restrictions/auditing, make sure the new name does as well
14584 -+ needmode = oldmode & (GR_NOPTRACE | GR_PTRACERD | GR_INHERIT | GR_AUDITS);
14585 ++ if (proc->pax_flags & GR_PAX_DISABLE_PAGEEXEC)
14586 ++ flags &= ~MF_PAX_PAGEEXEC;
14587 ++ if (proc->pax_flags & GR_PAX_DISABLE_SEGMEXEC)
14588 ++ flags &= ~MF_PAX_SEGMEXEC;
14589 ++ if (proc->pax_flags & GR_PAX_DISABLE_RANDMMAP)
14590 ++ flags &= ~MF_PAX_RANDMMAP;
14591 ++ if (proc->pax_flags & GR_PAX_DISABLE_EMUTRAMP)
14592 ++ flags &= ~MF_PAX_EMUTRAMP;
14593 ++ if (proc->pax_flags & GR_PAX_DISABLE_MPROTECT)
14594 ++ flags &= ~MF_PAX_MPROTECT;
14595 +
14596 -+ // don't allow hardlinking of suid/sgid/fcapped files without permission
14597 -+ if (is_privileged_binary(old_dentry))
14598 -+ needmode |= GR_SETID;
14599 ++ if (proc->pax_flags & GR_PAX_ENABLE_PAGEEXEC)
14600 ++ flags |= MF_PAX_PAGEEXEC;
14601 ++ if (proc->pax_flags & GR_PAX_ENABLE_SEGMEXEC)
14602 ++ flags |= MF_PAX_SEGMEXEC;
14603 ++ if (proc->pax_flags & GR_PAX_ENABLE_RANDMMAP)
14604 ++ flags |= MF_PAX_RANDMMAP;
14605 ++ if (proc->pax_flags & GR_PAX_ENABLE_EMUTRAMP)
14606 ++ flags |= MF_PAX_EMUTRAMP;
14607 ++ if (proc->pax_flags & GR_PAX_ENABLE_MPROTECT)
14608 ++ flags |= MF_PAX_MPROTECT;
14609 +
14610 -+ if ((newmode & needmode) != needmode)
14611 -+ goto bad;
14612 ++ pax_set_flags(task, flags);
14613 +
14614 -+ // enforce minimum permissions
14615 -+ if ((newmode & (GR_CREATE | GR_LINK)) == (GR_CREATE | GR_LINK))
14616 -+ return newmode;
14617 -+bad:
14618 -+ needmode = oldmode;
14619 -+ if (is_privileged_binary(old_dentry))
14620 -+ needmode |= GR_SETID;
14621 -+
14622 -+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) {
14623 -+ gr_log_learn(old_dentry, old_mnt, needmode | GR_CREATE | GR_LINK);
14624 -+ return (GR_CREATE | GR_LINK);
14625 -+ } else if (newmode & GR_SUPPRESS)
14626 -+ return GR_SUPPRESS;
14627 -+ else
14628 -+ return 0;
14629 ++ return;
14630 +}
14631 ++#endif
14632 +
14633 -+int
14634 -+gr_check_hidden_task(const struct task_struct *task)
14635 ++#ifdef CONFIG_SYSCTL
14636 ++/* Eric Biederman likes breaking userland ABI and every inode-based security
14637 ++ system to save 35kb of memory */
14638 ++
14639 ++/* we modify the passed in filename, but adjust it back before returning */
14640 ++static struct acl_object_label *gr_lookup_by_name(char *name, unsigned int len)
14641 +{
14642 -+ if (unlikely(!(gr_status & GR_READY)))
14643 -+ return 0;
14644 ++ struct name_entry *nmatch;
14645 ++ char *p, *lastp = NULL;
14646 ++ struct acl_object_label *obj = NULL, *tmp;
14647 ++ struct acl_subject_label *tmpsubj;
14648 ++ char c = '\0';
14649 +
14650 -+ if (!(task->acl->mode & GR_PROCFIND) && !(current->acl->mode & GR_VIEW))
14651 -+ return 1;
14652 ++ read_lock(&gr_inode_lock);
14653 +
14654 -+ return 0;
14655 ++ p = name + len - 1;
14656 ++ do {
14657 ++ nmatch = lookup_name_entry(name);
14658 ++ if (lastp != NULL)
14659 ++ *lastp = c;
14660 ++
14661 ++ if (nmatch == NULL)
14662 ++ goto next_component;
14663 ++ tmpsubj = current->acl;
14664 ++ do {
14665 ++ obj = lookup_acl_obj_label(nmatch->inode, nmatch->device, tmpsubj);
14666 ++ if (obj != NULL) {
14667 ++ tmp = obj->globbed;
14668 ++ while (tmp) {
14669 ++ if (!glob_match(tmp->filename, name)) {
14670 ++ obj = tmp;
14671 ++ goto found_obj;
14672 ++ }
14673 ++ tmp = tmp->next;
14674 ++ }
14675 ++ goto found_obj;
14676 ++ }
14677 ++ } while ((tmpsubj = tmpsubj->parent_subject));
14678 ++next_component:
14679 ++ /* end case */
14680 ++ if (p == name)
14681 ++ break;
14682 ++
14683 ++ while (*p != '/')
14684 ++ p--;
14685 ++ if (p == name)
14686 ++ lastp = p + 1;
14687 ++ else {
14688 ++ lastp = p;
14689 ++ p--;
14690 ++ }
14691 ++ c = *lastp;
14692 ++ *lastp = '\0';
14693 ++ } while (1);
14694 ++found_obj:
14695 ++ read_unlock(&gr_inode_lock);
14696 ++ /* obj returned will always be non-null */
14697 ++ return obj;
14698 +}
14699 +
14700 -+int
14701 -+gr_check_protected_task(const struct task_struct *task)
14702 ++/* returns 0 when allowing, non-zero on error
14703 ++ op of 0 is used for readdir, so we don't log the names of hidden files
14704 ++*/
14705 ++__u32
14706 ++gr_handle_sysctl(const struct ctl_table *table, const int op)
14707 +{
14708 -+ if (unlikely(!(gr_status & GR_READY) || !task))
14709 ++ struct ctl_table *tmp;
14710 ++ const char *proc_sys = "/proc/sys";
14711 ++ char *path;
14712 ++ struct acl_object_label *obj;
14713 ++ unsigned short len = 0, pos = 0, depth = 0, i;
14714 ++ __u32 err = 0;
14715 ++ __u32 mode = 0;
14716 ++
14717 ++ if (unlikely(!(gr_status & GR_READY)))
14718 + return 0;
14719 +
14720 -+ if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
14721 -+ task->acl != current->acl)
14722 -+ return 1;
14723 ++ /* for now, ignore operations on non-sysctl entries if it's not a
14724 ++ readdir*/
14725 ++ if (table->child != NULL && op != 0)
14726 ++ return 0;
14727 +
14728 -+ return 0;
14729 -+}
14730 ++ mode |= GR_FIND;
14731 ++ /* it's only a read if it's an entry, read on dirs is for readdir */
14732 ++ if (op & MAY_READ)
14733 ++ mode |= GR_READ;
14734 ++ if (op & MAY_WRITE)
14735 ++ mode |= GR_WRITE;
14736 +
14737 -+int
14738 -+gr_check_protected_task_fowner(struct pid *pid, enum pid_type type)
14739 -+{
14740 -+ struct task_struct *p;
14741 -+ int ret = 0;
14742 ++ preempt_disable();
14743 +
14744 -+ if (unlikely(!(gr_status & GR_READY) || !pid))
14745 -+ return ret;
14746 ++ path = per_cpu_ptr(gr_shared_page[0], smp_processor_id());
14747 +
14748 -+ read_lock(&tasklist_lock);
14749 -+ do_each_pid_task(pid, type, p) {
14750 -+ if ((p->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
14751 -+ p->acl != current->acl) {
14752 -+ ret = 1;
14753 -+ goto out;
14754 -+ }
14755 -+ } while_each_pid_task(pid, type, p);
14756 -+out:
14757 -+ read_unlock(&tasklist_lock);
14758 ++ /* it's only a read/write if it's an actual entry, not a dir
14759 ++ (which are opened for readdir)
14760 ++ */
14761 +
14762 -+ return ret;
14763 -+}
14764 ++ /* convert the requested sysctl entry into a pathname */
14765 +
14766 -+void
14767 -+gr_copy_label(struct task_struct *tsk)
14768 -+{
14769 -+ tsk->signal->used_accept = 0;
14770 -+ tsk->acl_sp_role = 0;
14771 -+ tsk->acl_role_id = current->acl_role_id;
14772 -+ tsk->acl = current->acl;
14773 -+ tsk->role = current->role;
14774 -+ tsk->signal->curr_ip = current->signal->curr_ip;
14775 -+ tsk->signal->saved_ip = current->signal->saved_ip;
14776 -+ if (current->exec_file)
14777 -+ get_file(current->exec_file);
14778 -+ tsk->exec_file = current->exec_file;
14779 -+ tsk->is_writable = current->is_writable;
14780 -+ if (unlikely(current->signal->used_accept)) {
14781 -+ current->signal->curr_ip = 0;
14782 -+ current->signal->saved_ip = 0;
14783 ++ for (tmp = (struct ctl_table *)table; tmp != NULL; tmp = tmp->parent) {
14784 ++ len += strlen(tmp->procname);
14785 ++ len++;
14786 ++ depth++;
14787 + }
14788 +
14789 -+ return;
14790 -+}
14791 ++ if ((len + depth + strlen(proc_sys) + 1) > PAGE_SIZE) {
14792 ++ /* deny */
14793 ++ goto out;
14794 ++ }
14795 +
14796 -+static void
14797 -+gr_set_proc_res(struct task_struct *task)
14798 -+{
14799 -+ struct acl_subject_label *proc;
14800 -+ unsigned short i;
14801 ++ memset(path, 0, PAGE_SIZE);
14802 +
14803 -+ proc = task->acl;
14804 ++ memcpy(path, proc_sys, strlen(proc_sys));
14805 +
14806 -+ if (proc->mode & (GR_LEARN | GR_INHERITLEARN))
14807 -+ return;
14808 ++ pos += strlen(proc_sys);
14809 +
14810 -+ for (i = 0; i < RLIM_NLIMITS; i++) {
14811 -+ if (!(proc->resmask & (1U << i)))
14812 -+ continue;
14813 ++ for (; depth > 0; depth--) {
14814 ++ path[pos] = '/';
14815 ++ pos++;
14816 ++ for (i = 1, tmp = (struct ctl_table *)table; tmp != NULL; tmp = tmp->parent) {
14817 ++ if (depth == i) {
14818 ++ memcpy(path + pos, tmp->procname,
14819 ++ strlen(tmp->procname));
14820 ++ pos += strlen(tmp->procname);
14821 ++ }
14822 ++ i++;
14823 ++ }
14824 ++ }
14825 +
14826 -+ task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur;
14827 -+ task->signal->rlim[i].rlim_max = proc->res[i].rlim_max;
14828 ++ obj = gr_lookup_by_name(path, pos);
14829 ++ err = obj->mode & (mode | to_gr_audit(mode) | GR_SUPPRESS);
14830 +
14831 -+ if (i == RLIMIT_CPU)
14832 -+ update_rlimit_cpu(task, proc->res[i].rlim_cur);
14833 -+ }
14834 ++ if (unlikely((current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) &&
14835 ++ ((err & mode) != mode))) {
14836 ++ __u32 new_mode = mode;
14837 +
14838 -+ return;
14839 -+}
14840 ++ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
14841 +
14842 -+extern int gr_process_kernel_setuid_ban(struct user_struct *user);
14843 ++ err = 0;
14844 ++ gr_log_learn_sysctl(path, new_mode);
14845 ++ } else if (!(err & GR_FIND) && !(err & GR_SUPPRESS) && op != 0) {
14846 ++ gr_log_hidden_sysctl(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, path);
14847 ++ err = -ENOENT;
14848 ++ } else if (!(err & GR_FIND)) {
14849 ++ err = -ENOENT;
14850 ++ } else if (((err & mode) & ~GR_FIND) != (mode & ~GR_FIND) && !(err & GR_SUPPRESS)) {
14851 ++ gr_log_str4(GR_DONT_AUDIT, GR_SYSCTL_ACL_MSG, "denied",
14852 ++ path, (mode & GR_READ) ? " reading" : "",
14853 ++ (mode & GR_WRITE) ? " writing" : "");
14854 ++ err = -EACCES;
14855 ++ } else if ((err & mode) != mode) {
14856 ++ err = -EACCES;
14857 ++ } else if ((((err & mode) & ~GR_FIND) == (mode & ~GR_FIND)) && (err & GR_AUDITS)) {
14858 ++ gr_log_str4(GR_DO_AUDIT, GR_SYSCTL_ACL_MSG, "successful",
14859 ++ path, (mode & GR_READ) ? " reading" : "",
14860 ++ (mode & GR_WRITE) ? " writing" : "");
14861 ++ err = 0;
14862 ++ } else
14863 ++ err = 0;
14864 ++
14865 ++ out:
14866 ++ preempt_enable();
14867 ++
14868 ++ return err;
14869 ++}
14870 ++#endif
14871 +
14872 +int
14873 -+gr_check_user_change(int real, int effective, int fs)
14874 ++gr_handle_proc_ptrace(struct task_struct *task)
14875 +{
14876 -+ unsigned int i;
14877 -+ __u16 num;
14878 -+ uid_t *uidlist;
14879 -+ int curuid;
14880 -+ int realok = 0;
14881 -+ int effectiveok = 0;
14882 -+ int fsok = 0;
14883 ++ struct file *filp;
14884 ++ struct task_struct *tmp = task;
14885 ++ struct task_struct *curtemp = current;
14886 ++ __u32 retmode;
14887 +
14888 -+#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT)
14889 -+ struct user_struct *user;
14890 ++#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
14891 ++ if (unlikely(!(gr_status & GR_READY)))
14892 ++ return 0;
14893 ++#endif
14894 +
14895 -+ if (real == -1)
14896 -+ goto skipit;
14897 ++ read_lock(&tasklist_lock);
14898 ++ read_lock(&grsec_exec_file_lock);
14899 ++ filp = task->exec_file;
14900 +
14901 -+ user = find_user(real);
14902 -+ if (user == NULL)
14903 -+ goto skipit;
14904 ++ while (tmp->pid > 0) {
14905 ++ if (tmp == curtemp)
14906 ++ break;
14907 ++ tmp = tmp->real_parent;
14908 ++ }
14909 +
14910 -+ if (gr_process_kernel_setuid_ban(user)) {
14911 -+ /* for find_user */
14912 -+ free_uid(user);
14913 ++ if (!filp || (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) ||
14914 ++ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE))))) {
14915 ++ read_unlock(&grsec_exec_file_lock);
14916 ++ read_unlock(&tasklist_lock);
14917 + return 1;
14918 + }
14919 +
14920 -+ /* for find_user */
14921 -+ free_uid(user);
14922 -+
14923 -+skipit:
14924 ++#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
14925 ++ if (!(gr_status & GR_READY)) {
14926 ++ read_unlock(&grsec_exec_file_lock);
14927 ++ read_unlock(&tasklist_lock);
14928 ++ return 0;
14929 ++ }
14930 +#endif
14931 +
14932 ++ retmode = gr_search_file(filp->f_path.dentry, GR_NOPTRACE, filp->f_path.mnt);
14933 ++ read_unlock(&grsec_exec_file_lock);
14934 ++ read_unlock(&tasklist_lock);
14935 ++
14936 ++ if (retmode & GR_NOPTRACE)
14937 ++ return 1;
14938 ++
14939 ++ if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD)
14940 ++ && (current->acl != task->acl || (current->acl != current->role->root_label
14941 ++ && current->pid != task->pid)))
14942 ++ return 1;
14943 ++
14944 ++ return 0;
14945 ++}
14946 ++
14947 ++void task_grsec_rbac(struct seq_file *m, struct task_struct *p)
14948 ++{
14949 + if (unlikely(!(gr_status & GR_READY)))
14950 -+ return 0;
14951 ++ return;
14952 +
14953 -+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
14954 -+ gr_log_learn_id_change('u', real, effective, fs);
14955 ++ if (!(current->role->roletype & GR_ROLE_GOD))
14956 ++ return;
14957 +
14958 -+ num = current->acl->user_trans_num;
14959 -+ uidlist = current->acl->user_transitions;
14960 ++ seq_printf(m, "RBAC:\t%.64s:%c:%.950s\n",
14961 ++ p->role->rolename, gr_task_roletype_to_char(p),
14962 ++ p->acl->filename);
14963 ++}
14964 +
14965 -+ if (uidlist == NULL)
14966 ++int
14967 ++gr_handle_ptrace(struct task_struct *task, const long request)
14968 ++{
14969 ++ struct task_struct *tmp = task;
14970 ++ struct task_struct *curtemp = current;
14971 ++ __u32 retmode;
14972 ++
14973 ++#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
14974 ++ if (unlikely(!(gr_status & GR_READY)))
14975 + return 0;
14976 ++#endif
14977 ++ if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
14978 ++ read_lock(&tasklist_lock);
14979 ++ while (tmp->pid > 0) {
14980 ++ if (tmp == curtemp)
14981 ++ break;
14982 ++ tmp = tmp->real_parent;
14983 ++ }
14984 +
14985 -+ if (real == -1)
14986 -+ realok = 1;
14987 -+ if (effective == -1)
14988 -+ effectiveok = 1;
14989 -+ if (fs == -1)
14990 -+ fsok = 1;
14991 ++ if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) ||
14992 ++ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) {
14993 ++ read_unlock(&tasklist_lock);
14994 ++ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
14995 ++ return 1;
14996 ++ }
14997 ++ read_unlock(&tasklist_lock);
14998 ++ }
14999 +
15000 -+ if (current->acl->user_trans_type & GR_ID_ALLOW) {
15001 -+ for (i = 0; i < num; i++) {
15002 -+ curuid = (int)uidlist[i];
15003 -+ if (real == curuid)
15004 -+ realok = 1;
15005 -+ if (effective == curuid)
15006 -+ effectiveok = 1;
15007 -+ if (fs == curuid)
15008 -+ fsok = 1;
15009 -+ }
15010 -+ } else if (current->acl->user_trans_type & GR_ID_DENY) {
15011 -+ for (i = 0; i < num; i++) {
15012 -+ curuid = (int)uidlist[i];
15013 -+ if (real == curuid)
15014 -+ break;
15015 -+ if (effective == curuid)
15016 -+ break;
15017 -+ if (fs == curuid)
15018 -+ break;
15019 -+ }
15020 -+ /* not in deny list */
15021 -+ if (i == num) {
15022 -+ realok = 1;
15023 -+ effectiveok = 1;
15024 -+ fsok = 1;
15025 -+ }
15026 -+ }
15027 ++#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
15028 ++ if (!(gr_status & GR_READY))
15029 ++ return 0;
15030 ++#endif
15031 +
15032 -+ if (realok && effectiveok && fsok)
15033 ++ read_lock(&grsec_exec_file_lock);
15034 ++ if (unlikely(!task->exec_file)) {
15035 ++ read_unlock(&grsec_exec_file_lock);
15036 + return 0;
15037 -+ else {
15038 -+ gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
15039 ++ }
15040 ++
15041 ++ retmode = gr_search_file(task->exec_file->f_path.dentry, GR_PTRACERD | GR_NOPTRACE, task->exec_file->f_path.mnt);
15042 ++ read_unlock(&grsec_exec_file_lock);
15043 ++
15044 ++ if (retmode & GR_NOPTRACE) {
15045 ++ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
15046 ++ return 1;
15047 ++ }
15048 ++
15049 ++ if (retmode & GR_PTRACERD) {
15050 ++ switch (request) {
15051 ++ case PTRACE_SEIZE:
15052 ++ case PTRACE_POKETEXT:
15053 ++ case PTRACE_POKEDATA:
15054 ++ case PTRACE_POKEUSR:
15055 ++#if !defined(CONFIG_PPC32) && !defined(CONFIG_PPC64) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA) && !defined(CONFIG_IA64)
15056 ++ case PTRACE_SETREGS:
15057 ++ case PTRACE_SETFPREGS:
15058 ++#endif
15059 ++#ifdef CONFIG_X86
15060 ++ case PTRACE_SETFPXREGS:
15061 ++#endif
15062 ++#ifdef CONFIG_ALTIVEC
15063 ++ case PTRACE_SETVRREGS:
15064 ++#endif
15065 ++ return 1;
15066 ++ default:
15067 ++ return 0;
15068 ++ }
15069 ++ } else if (!(current->acl->mode & GR_POVERRIDE) &&
15070 ++ !(current->role->roletype & GR_ROLE_GOD) &&
15071 ++ (current->acl != task->acl)) {
15072 ++ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
15073 + return 1;
15074 + }
15075 ++
15076 ++ return 0;
15077 ++}
15078 ++
15079 ++static int is_writable_mmap(const struct file *filp)
15080 ++{
15081 ++ struct task_struct *task = current;
15082 ++ struct acl_object_label *obj, *obj2;
15083 ++
15084 ++ if (gr_status & GR_READY && !(task->acl->mode & GR_OVERRIDE) &&
15085 ++ !task->is_writable && S_ISREG(filp->f_path.dentry->d_inode->i_mode) && (filp->f_path.mnt != shm_mnt || (filp->f_path.dentry->d_inode->i_nlink > 0))) {
15086 ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, running_polstate.default_role->root_label);
15087 ++ obj2 = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt,
15088 ++ task->role->root_label);
15089 ++ if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) {
15090 ++ gr_log_fs_generic(GR_DONT_AUDIT, GR_WRITLIB_ACL_MSG, filp->f_path.dentry, filp->f_path.mnt);
15091 ++ return 1;
15092 ++ }
15093 ++ }
15094 ++ return 0;
15095 +}
15096 +
15097 +int
15098 -+gr_check_group_change(int real, int effective, int fs)
15099 ++gr_acl_handle_mmap(const struct file *file, const unsigned long prot)
15100 +{
15101 -+ unsigned int i;
15102 -+ __u16 num;
15103 -+ gid_t *gidlist;
15104 -+ int curgid;
15105 -+ int realok = 0;
15106 -+ int effectiveok = 0;
15107 -+ int fsok = 0;
15108 ++ __u32 mode;
15109 +
15110 -+ if (unlikely(!(gr_status & GR_READY)))
15111 ++ if (unlikely(!file || !(prot & PROT_EXEC)))
15112 ++ return 1;
15113 ++
15114 ++ if (is_writable_mmap(file))
15115 + return 0;
15116 +
15117 -+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
15118 -+ gr_log_learn_id_change('g', real, effective, fs);
15119 ++ mode =
15120 ++ gr_search_file(file->f_path.dentry,
15121 ++ GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
15122 ++ file->f_path.mnt);
15123 +
15124 -+ num = current->acl->group_trans_num;
15125 -+ gidlist = current->acl->group_transitions;
15126 ++ if (!gr_tpe_allow(file))
15127 ++ return 0;
15128 +
15129 -+ if (gidlist == NULL)
15130 ++ if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
15131 ++ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
15132 ++ return 0;
15133 ++ } else if (unlikely(!(mode & GR_EXEC))) {
15134 + return 0;
15135 ++ } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
15136 ++ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
15137 ++ return 1;
15138 ++ }
15139 +
15140 -+ if (real == -1)
15141 -+ realok = 1;
15142 -+ if (effective == -1)
15143 -+ effectiveok = 1;
15144 -+ if (fs == -1)
15145 -+ fsok = 1;
15146 ++ return 1;
15147 ++}
15148 +
15149 -+ if (current->acl->group_trans_type & GR_ID_ALLOW) {
15150 -+ for (i = 0; i < num; i++) {
15151 -+ curgid = (int)gidlist[i];
15152 -+ if (real == curgid)
15153 -+ realok = 1;
15154 -+ if (effective == curgid)
15155 -+ effectiveok = 1;
15156 -+ if (fs == curgid)
15157 -+ fsok = 1;
15158 -+ }
15159 -+ } else if (current->acl->group_trans_type & GR_ID_DENY) {
15160 -+ for (i = 0; i < num; i++) {
15161 -+ curgid = (int)gidlist[i];
15162 -+ if (real == curgid)
15163 -+ break;
15164 -+ if (effective == curgid)
15165 -+ break;
15166 -+ if (fs == curgid)
15167 -+ break;
15168 -+ }
15169 -+ /* not in deny list */
15170 -+ if (i == num) {
15171 -+ realok = 1;
15172 -+ effectiveok = 1;
15173 -+ fsok = 1;
15174 -+ }
15175 -+ }
15176 ++int
15177 ++gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
15178 ++{
15179 ++ __u32 mode;
15180 +
15181 -+ if (realok && effectiveok && fsok)
15182 ++ if (unlikely(!file || !(prot & PROT_EXEC)))
15183 ++ return 1;
15184 ++
15185 ++ if (is_writable_mmap(file))
15186 + return 0;
15187 -+ else {
15188 -+ gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
15189 ++
15190 ++ mode =
15191 ++ gr_search_file(file->f_path.dentry,
15192 ++ GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
15193 ++ file->f_path.mnt);
15194 ++
15195 ++ if (!gr_tpe_allow(file))
15196 ++ return 0;
15197 ++
15198 ++ if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
15199 ++ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
15200 ++ return 0;
15201 ++ } else if (unlikely(!(mode & GR_EXEC))) {
15202 ++ return 0;
15203 ++ } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
15204 ++ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
15205 + return 1;
15206 + }
15207 -+}
15208 +
15209 -+extern int gr_acl_is_capable(const int cap);
15210 ++ return 1;
15211 ++}
15212 +
15213 +void
15214 -+gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid)
15215 ++gr_acl_handle_psacct(struct task_struct *task, const long code)
15216 +{
15217 -+ struct acl_role_label *role = task->role;
15218 -+ struct acl_subject_label *subj = NULL;
15219 -+ struct acl_object_label *obj;
15220 -+ struct file *filp;
15221 ++ unsigned long runtime;
15222 ++ unsigned long cputime;
15223 ++ unsigned int wday, cday;
15224 ++ __u8 whr, chr;
15225 ++ __u8 wmin, cmin;
15226 ++ __u8 wsec, csec;
15227 ++ struct timespec timeval;
15228 +
15229 -+ if (unlikely(!(gr_status & GR_READY)))
15230 ++ if (unlikely(!(gr_status & GR_READY) || !task->acl ||
15231 ++ !(task->acl->mode & GR_PROCACCT)))
15232 + return;
15233 +
15234 -+ filp = task->exec_file;
15235 ++ do_posix_clock_monotonic_gettime(&timeval);
15236 ++ runtime = timeval.tv_sec - task->start_time.tv_sec;
15237 ++ wday = runtime / (3600 * 24);
15238 ++ runtime -= wday * (3600 * 24);
15239 ++ whr = runtime / 3600;
15240 ++ runtime -= whr * 3600;
15241 ++ wmin = runtime / 60;
15242 ++ runtime -= wmin * 60;
15243 ++ wsec = runtime;
15244 +
15245 -+ /* kernel process, we'll give them the kernel role */
15246 -+ if (unlikely(!filp)) {
15247 -+ task->role = kernel_role;
15248 -+ task->acl = kernel_role->root_label;
15249 -+ return;
15250 -+ } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL))
15251 -+ role = lookup_acl_role_label(task, uid, gid);
15252 ++ cputime = (task->utime + task->stime) / HZ;
15253 ++ cday = cputime / (3600 * 24);
15254 ++ cputime -= cday * (3600 * 24);
15255 ++ chr = cputime / 3600;
15256 ++ cputime -= chr * 3600;
15257 ++ cmin = cputime / 60;
15258 ++ cputime -= cmin * 60;
15259 ++ csec = cputime;
15260 +
15261 -+ /* don't change the role if we're not a privileged process */
15262 -+ if (role && task->role != role &&
15263 -+ (((role->roletype & GR_ROLE_USER) && !gr_acl_is_capable(CAP_SETUID)) ||
15264 -+ ((role->roletype & GR_ROLE_GROUP) && !gr_acl_is_capable(CAP_SETGID))))
15265 -+ return;
15266 ++ gr_log_procacct(GR_DO_AUDIT, GR_ACL_PROCACCT_MSG, task, wday, whr, wmin, wsec, cday, chr, cmin, csec, code);
15267 +
15268 -+ /* perform subject lookup in possibly new role
15269 -+ we can use this result below in the case where role == task->role
15270 -+ */
15271 -+ subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role);
15272 ++ return;
15273 ++}
15274 +
15275 -+ /* if we changed uid/gid, but result in the same role
15276 -+ and are using inheritance, don't lose the inherited subject
15277 -+ if current subject is other than what normal lookup
15278 -+ would result in, we arrived via inheritance, don't
15279 -+ lose subject
15280 -+ */
15281 -+ if (role != task->role || (!(task->acl->mode & GR_INHERITLEARN) &&
15282 -+ (subj == task->acl)))
15283 -+ task->acl = subj;
15284 ++#ifdef CONFIG_TASKSTATS
15285 ++int gr_is_taskstats_denied(int pid)
15286 ++{
15287 ++ struct task_struct *task;
15288 ++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
15289 ++ const struct cred *cred;
15290 ++#endif
15291 ++ int ret = 0;
15292 +
15293 -+ task->role = role;
15294 ++ /* restrict taskstats viewing to un-chrooted root users
15295 ++ who have the 'view' subject flag if the RBAC system is enabled
15296 ++ */
15297 +
15298 -+ task->is_writable = 0;
15299 ++ rcu_read_lock();
15300 ++ read_lock(&tasklist_lock);
15301 ++ task = find_task_by_vpid(pid);
15302 ++ if (task) {
15303 ++#ifdef CONFIG_GRKERNSEC_CHROOT
15304 ++ if (proc_is_chrooted(task))
15305 ++ ret = -EACCES;
15306 ++#endif
15307 ++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
15308 ++ cred = __task_cred(task);
15309 ++#ifdef CONFIG_GRKERNSEC_PROC_USER
15310 ++ if (cred->uid != 0)
15311 ++ ret = -EACCES;
15312 ++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
15313 ++ if (cred->uid != 0 && !groups_search(cred->group_info, grsec_proc_gid))
15314 ++ ret = -EACCES;
15315 ++#endif
15316 ++#endif
15317 ++ if (gr_status & GR_READY) {
15318 ++ if (!(task->acl->mode & GR_VIEW))
15319 ++ ret = -EACCES;
15320 ++ }
15321 ++ } else
15322 ++ ret = -ENOENT;
15323 +
15324 -+ /* ignore additional mmap checks for processes that are writable
15325 -+ by the default ACL */
15326 -+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
15327 -+ if (unlikely(obj->mode & GR_WRITE))
15328 -+ task->is_writable = 1;
15329 -+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
15330 -+ if (unlikely(obj->mode & GR_WRITE))
15331 -+ task->is_writable = 1;
15332 ++ read_unlock(&tasklist_lock);
15333 ++ rcu_read_unlock();
15334 +
15335 -+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
15336 -+ printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
15337 ++ return ret;
15338 ++}
15339 +#endif
15340 +
15341 -+ gr_set_proc_res(task);
15342 ++/* AUXV entries are filled via a descendant of search_binary_handler
15343 ++ after we've already applied the subject for the target
15344 ++*/
15345 ++int gr_acl_enable_at_secure(void)
15346 ++{
15347 ++ if (unlikely(!(gr_status & GR_READY)))
15348 ++ return 0;
15349 +
15350 -+ return;
15351 -+}
15352 ++ if (current->acl->mode & GR_ATSECURE)
15353 ++ return 1;
15354 +
15355 -+int
15356 -+gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
15357 -+ const int unsafe_flags)
15358 ++ return 0;
15359 ++}
15360 ++
15361 ++int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino)
15362 +{
15363 + struct task_struct *task = current;
15364 -+ struct acl_subject_label *newacl;
15365 -+ struct acl_object_label *obj;
15366 -+ __u32 retmode;
15367 ++ struct dentry *dentry = file->f_path.dentry;
15368 ++ struct vfsmount *mnt = file->f_path.mnt;
15369 ++ struct acl_object_label *obj, *tmp;
15370 ++ struct acl_subject_label *subj;
15371 ++ unsigned int bufsize;
15372 ++ int is_not_root;
15373 ++ char *path;
15374 ++ dev_t dev = __get_dev(dentry);
15375 +
15376 + if (unlikely(!(gr_status & GR_READY)))
15377 -+ return 0;
15378 -+
15379 -+ newacl = chk_subj_label(dentry, mnt, task->role);
15380 ++ return 1;
15381 +
15382 -+ /* special handling for if we did an strace -f -p <pid> from an admin role, where pid then
15383 -+ did an exec
15384 -+ */
15385 -+ rcu_read_lock();
15386 -+ read_lock(&tasklist_lock);
15387 -+ if (task->ptrace && task->parent && ((task->parent->role->roletype & GR_ROLE_GOD) ||
15388 -+ (task->parent->acl->mode & GR_POVERRIDE))) {
15389 -+ read_unlock(&tasklist_lock);
15390 -+ rcu_read_unlock();
15391 -+ goto skip_check;
15392 -+ }
15393 -+ read_unlock(&tasklist_lock);
15394 -+ rcu_read_unlock();
15395 ++ if (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))
15396 ++ return 1;
15397 +
15398 -+ if (unsafe_flags && !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) &&
15399 -+ !(task->role->roletype & GR_ROLE_GOD) &&
15400 -+ !gr_search_file(dentry, GR_PTRACERD, mnt) &&
15401 -+ !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN))) {
15402 -+ if (unsafe_flags & LSM_UNSAFE_SHARE)
15403 -+ gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt);
15404 -+ else
15405 -+ gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt);
15406 -+ return -EACCES;
15407 -+ }
15408 ++ /* ignore Eric Biederman */
15409 ++ if (IS_PRIVATE(dentry->d_inode))
15410 ++ return 1;
15411 +
15412 -+skip_check:
15413 ++ subj = task->acl;
15414 ++ read_lock(&gr_inode_lock);
15415 ++ do {
15416 ++ obj = lookup_acl_obj_label(ino, dev, subj);
15417 ++ if (obj != NULL) {
15418 ++ read_unlock(&gr_inode_lock);
15419 ++ return (obj->mode & GR_FIND) ? 1 : 0;
15420 ++ }
15421 ++ } while ((subj = subj->parent_subject));
15422 ++ read_unlock(&gr_inode_lock);
15423 ++
15424 ++ /* this is purely an optimization since we're looking for an object
15425 ++ for the directory we're doing a readdir on
15426 ++ if it's possible for any globbed object to match the entry we're
15427 ++ filling into the directory, then the object we find here will be
15428 ++ an anchor point with attached globbed objects
15429 ++ */
15430 ++ obj = chk_obj_label_noglob(dentry, mnt, task->acl);
15431 ++ if (obj->globbed == NULL)
15432 ++ return (obj->mode & GR_FIND) ? 1 : 0;
15433 +
15434 -+ obj = chk_obj_label(dentry, mnt, task->acl);
15435 -+ retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
15436 ++ is_not_root = ((obj->filename[0] == '/') &&
15437 ++ (obj->filename[1] == '\0')) ? 0 : 1;
15438 ++ bufsize = PAGE_SIZE - namelen - is_not_root;
15439 +
15440 -+ if (!(task->acl->mode & GR_INHERITLEARN) &&
15441 -+ ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT))) {
15442 -+ if (obj->nested)
15443 -+ task->acl = obj->nested;
15444 -+ else
15445 -+ task->acl = newacl;
15446 -+ } else if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT)
15447 -+ gr_log_str_fs(GR_DO_AUDIT, GR_INHERIT_ACL_MSG, task->acl->filename, dentry, mnt);
15448 ++ /* check bufsize > PAGE_SIZE || bufsize == 0 */
15449 ++ if (unlikely((bufsize - 1) > (PAGE_SIZE - 1)))
15450 ++ return 1;
15451 +
15452 -+ task->is_writable = 0;
15453 ++ preempt_disable();
15454 ++ path = d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
15455 ++ bufsize);
15456 +
15457 -+ /* ignore additional mmap checks for processes that are writable
15458 -+ by the default ACL */
15459 -+ obj = chk_obj_label(dentry, mnt, default_role->root_label);
15460 -+ if (unlikely(obj->mode & GR_WRITE))
15461 -+ task->is_writable = 1;
15462 -+ obj = chk_obj_label(dentry, mnt, task->role->root_label);
15463 -+ if (unlikely(obj->mode & GR_WRITE))
15464 -+ task->is_writable = 1;
15465 ++ bufsize = strlen(path);
15466 +
15467 -+ gr_set_proc_res(task);
15468 ++ /* if base is "/", don't append an additional slash */
15469 ++ if (is_not_root)
15470 ++ *(path + bufsize) = '/';
15471 ++ memcpy(path + bufsize + is_not_root, name, namelen);
15472 ++ *(path + bufsize + namelen + is_not_root) = '\0';
15473 +
15474 -+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
15475 -+ printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
15476 -+#endif
15477 -+ return 0;
15478 ++ tmp = obj->globbed;
15479 ++ while (tmp) {
15480 ++ if (!glob_match(tmp->filename, path)) {
15481 ++ preempt_enable();
15482 ++ return (tmp->mode & GR_FIND) ? 1 : 0;
15483 ++ }
15484 ++ tmp = tmp->next;
15485 ++ }
15486 ++ preempt_enable();
15487 ++ return (obj->mode & GR_FIND) ? 1 : 0;
15488 +}
15489 +
15490 -+/* always called with valid inodev ptr */
15491 -+static void
15492 -+do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev)
15493 ++void gr_put_exec_file(struct task_struct *task)
15494 +{
15495 -+ struct acl_object_label *matchpo;
15496 -+ struct acl_subject_label *matchps;
15497 -+ struct acl_subject_label *subj;
15498 -+ struct acl_role_label *role;
15499 -+ unsigned int x;
15500 ++ struct file *filp;
15501 +
15502 -+ FOR_EACH_ROLE_START(role)
15503 -+ FOR_EACH_SUBJECT_START(role, subj, x)
15504 -+ if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
15505 -+ matchpo->mode |= GR_DELETED;
15506 -+ FOR_EACH_SUBJECT_END(subj,x)
15507 -+ FOR_EACH_NESTED_SUBJECT_START(role, subj)
15508 -+ /* nested subjects aren't in the role's subj_hash table */
15509 -+ if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
15510 -+ matchpo->mode |= GR_DELETED;
15511 -+ FOR_EACH_NESTED_SUBJECT_END(subj)
15512 -+ if ((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL)
15513 -+ matchps->mode |= GR_DELETED;
15514 -+ FOR_EACH_ROLE_END(role)
15515 ++ write_lock(&grsec_exec_file_lock);
15516 ++ filp = task->exec_file;
15517 ++ task->exec_file = NULL;
15518 ++ write_unlock(&grsec_exec_file_lock);
15519 +
15520 -+ inodev->nentry->deleted = 1;
15521 ++ if (filp)
15522 ++ fput(filp);
15523 +
15524 + return;
15525 +}
15526 +
15527 -+void
15528 -+gr_handle_delete(const ino_t ino, const dev_t dev)
15529 ++
15530 ++#ifdef CONFIG_NETFILTER_XT_MATCH_GRADM_MODULE
15531 ++EXPORT_SYMBOL(gr_acl_is_enabled);
15532 ++#endif
15533 ++EXPORT_SYMBOL(gr_learn_resource);
15534 ++#ifdef CONFIG_SECURITY
15535 ++EXPORT_SYMBOL(gr_check_user_change);
15536 ++EXPORT_SYMBOL(gr_check_group_change);
15537 ++#endif
15538 ++
15539 +diff --git a/grsecurity/gracl_alloc.c b/grsecurity/gracl_alloc.c
15540 +new file mode 100644
15541 +index 0000000..18ffbbd
15542 +--- /dev/null
15543 ++++ b/grsecurity/gracl_alloc.c
15544 +@@ -0,0 +1,105 @@
15545 ++#include <linux/kernel.h>
15546 ++#include <linux/mm.h>
15547 ++#include <linux/slab.h>
15548 ++#include <linux/vmalloc.h>
15549 ++#include <linux/gracl.h>
15550 ++#include <linux/grsecurity.h>
15551 ++
15552 ++static struct gr_alloc_state __current_alloc_state = { 1, 1, NULL };
15553 ++struct gr_alloc_state *current_alloc_state = &__current_alloc_state;
15554 ++
15555 ++static __inline__ int
15556 ++alloc_pop(void)
15557 +{
15558 -+ struct inodev_entry *inodev;
15559 ++ if (current_alloc_state->alloc_stack_next == 1)
15560 ++ return 0;
15561 +
15562 -+ if (unlikely(!(gr_status & GR_READY)))
15563 -+ return;
15564 ++ kfree(current_alloc_state->alloc_stack[current_alloc_state->alloc_stack_next - 2]);
15565 +
15566 -+ write_lock(&gr_inode_lock);
15567 -+ inodev = lookup_inodev_entry(ino, dev);
15568 -+ if (inodev != NULL)
15569 -+ do_handle_delete(inodev, ino, dev);
15570 -+ write_unlock(&gr_inode_lock);
15571 ++ current_alloc_state->alloc_stack_next--;
15572 +
15573 -+ return;
15574 ++ return 1;
15575 +}
15576 +
15577 -+static void
15578 -+update_acl_obj_label(const ino_t oldinode, const dev_t olddevice,
15579 -+ const ino_t newinode, const dev_t newdevice,
15580 -+ struct acl_subject_label *subj)
15581 ++static __inline__ int
15582 ++alloc_push(void *buf)
15583 +{
15584 -+ unsigned int index = gr_fhash(oldinode, olddevice, subj->obj_hash_size);
15585 -+ struct acl_object_label *match;
15586 ++ if (current_alloc_state->alloc_stack_next >= current_alloc_state->alloc_stack_size)
15587 ++ return 1;
15588 +
15589 -+ match = subj->obj_hash[index];
15590 ++ current_alloc_state->alloc_stack[current_alloc_state->alloc_stack_next - 1] = buf;
15591 +
15592 -+ while (match && (match->inode != oldinode ||
15593 -+ match->device != olddevice ||
15594 -+ !(match->mode & GR_DELETED)))
15595 -+ match = match->next;
15596 ++ current_alloc_state->alloc_stack_next++;
15597 +
15598 -+ if (match && (match->inode == oldinode)
15599 -+ && (match->device == olddevice)
15600 -+ && (match->mode & GR_DELETED)) {
15601 -+ if (match->prev == NULL) {
15602 -+ subj->obj_hash[index] = match->next;
15603 -+ if (match->next != NULL)
15604 -+ match->next->prev = NULL;
15605 -+ } else {
15606 -+ match->prev->next = match->next;
15607 -+ if (match->next != NULL)
15608 -+ match->next->prev = match->prev;
15609 -+ }
15610 -+ match->prev = NULL;
15611 -+ match->next = NULL;
15612 -+ match->inode = newinode;
15613 -+ match->device = newdevice;
15614 -+ match->mode &= ~GR_DELETED;
15615 -+
15616 -+ insert_acl_obj_label(match, subj);
15617 -+ }
15618 -+
15619 -+ return;
15620 ++ return 0;
15621 +}
15622 +
15623 -+static void
15624 -+update_acl_subj_label(const ino_t oldinode, const dev_t olddevice,
15625 -+ const ino_t newinode, const dev_t newdevice,
15626 -+ struct acl_role_label *role)
15627 ++void *
15628 ++acl_alloc(unsigned long len)
15629 +{
15630 -+ unsigned int index = gr_fhash(oldinode, olddevice, role->subj_hash_size);
15631 -+ struct acl_subject_label *match;
15632 ++ void *ret = NULL;
15633 +
15634 -+ match = role->subj_hash[index];
15635 ++ if (!len || len > PAGE_SIZE)
15636 ++ goto out;
15637 +
15638 -+ while (match && (match->inode != oldinode ||
15639 -+ match->device != olddevice ||
15640 -+ !(match->mode & GR_DELETED)))
15641 -+ match = match->next;
15642 ++ ret = kmalloc(len, GFP_KERNEL);
15643 +
15644 -+ if (match && (match->inode == oldinode)
15645 -+ && (match->device == olddevice)
15646 -+ && (match->mode & GR_DELETED)) {
15647 -+ if (match->prev == NULL) {
15648 -+ role->subj_hash[index] = match->next;
15649 -+ if (match->next != NULL)
15650 -+ match->next->prev = NULL;
15651 -+ } else {
15652 -+ match->prev->next = match->next;
15653 -+ if (match->next != NULL)
15654 -+ match->next->prev = match->prev;
15655 ++ if (ret) {
15656 ++ if (alloc_push(ret)) {
15657 ++ kfree(ret);
15658 ++ ret = NULL;
15659 + }
15660 -+ match->prev = NULL;
15661 -+ match->next = NULL;
15662 -+ match->inode = newinode;
15663 -+ match->device = newdevice;
15664 -+ match->mode &= ~GR_DELETED;
15665 -+
15666 -+ insert_acl_subj_label(match, role);
15667 + }
15668 +
15669 -+ return;
15670 ++out:
15671 ++ return ret;
15672 +}
15673 +
15674 -+static void
15675 -+update_inodev_entry(const ino_t oldinode, const dev_t olddevice,
15676 -+ const ino_t newinode, const dev_t newdevice)
15677 ++void *
15678 ++acl_alloc_num(unsigned long num, unsigned long len)
15679 +{
15680 -+ unsigned int index = gr_fhash(oldinode, olddevice, inodev_set.i_size);
15681 -+ struct inodev_entry *match;
15682 ++ if (!len || (num > (PAGE_SIZE / len)))
15683 ++ return NULL;
15684 +
15685 -+ match = inodev_set.i_hash[index];
15686 ++ return acl_alloc(num * len);
15687 ++}
15688 +
15689 -+ while (match && (match->nentry->inode != oldinode ||
15690 -+ match->nentry->device != olddevice || !match->nentry->deleted))
15691 -+ match = match->next;
15692 ++void
15693 ++acl_free_all(void)
15694 ++{
15695 ++ if (!current_alloc_state->alloc_stack)
15696 ++ return;
15697 +
15698 -+ if (match && (match->nentry->inode == oldinode)
15699 -+ && (match->nentry->device == olddevice) &&
15700 -+ match->nentry->deleted) {
15701 -+ if (match->prev == NULL) {
15702 -+ inodev_set.i_hash[index] = match->next;
15703 -+ if (match->next != NULL)
15704 -+ match->next->prev = NULL;
15705 -+ } else {
15706 -+ match->prev->next = match->next;
15707 -+ if (match->next != NULL)
15708 -+ match->next->prev = match->prev;
15709 -+ }
15710 -+ match->prev = NULL;
15711 -+ match->next = NULL;
15712 -+ match->nentry->inode = newinode;
15713 -+ match->nentry->device = newdevice;
15714 -+ match->nentry->deleted = 0;
15715 ++ while (alloc_pop()) ;
15716 +
15717 -+ insert_inodev_entry(match);
15718 ++ if (current_alloc_state->alloc_stack) {
15719 ++ if ((current_alloc_state->alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
15720 ++ kfree(current_alloc_state->alloc_stack);
15721 ++ else
15722 ++ vfree(current_alloc_state->alloc_stack);
15723 + }
15724 +
15725 ++ current_alloc_state->alloc_stack = NULL;
15726 ++ current_alloc_state->alloc_stack_size = 1;
15727 ++ current_alloc_state->alloc_stack_next = 1;
15728 ++
15729 + return;
15730 +}
15731 +
15732 -+static void
15733 -+__do_handle_create(const struct name_entry *matchn, ino_t ino, dev_t dev)
15734 ++int
15735 ++acl_alloc_stack_init(unsigned long size)
15736 +{
15737 -+ struct acl_subject_label *subj;
15738 -+ struct acl_role_label *role;
15739 -+ unsigned int x;
15740 -+
15741 -+ FOR_EACH_ROLE_START(role)
15742 -+ update_acl_subj_label(matchn->inode, matchn->device, ino, dev, role);
15743 -+
15744 -+ FOR_EACH_NESTED_SUBJECT_START(role, subj)
15745 -+ if ((subj->inode == ino) && (subj->device == dev)) {
15746 -+ subj->inode = ino;
15747 -+ subj->device = dev;
15748 -+ }
15749 -+ /* nested subjects aren't in the role's subj_hash table */
15750 -+ update_acl_obj_label(matchn->inode, matchn->device,
15751 -+ ino, dev, subj);
15752 -+ FOR_EACH_NESTED_SUBJECT_END(subj)
15753 -+ FOR_EACH_SUBJECT_START(role, subj, x)
15754 -+ update_acl_obj_label(matchn->inode, matchn->device,
15755 -+ ino, dev, subj);
15756 -+ FOR_EACH_SUBJECT_END(subj,x)
15757 -+ FOR_EACH_ROLE_END(role)
15758 ++ if ((size * sizeof (void *)) <= PAGE_SIZE)
15759 ++ current_alloc_state->alloc_stack =
15760 ++ (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
15761 ++ else
15762 ++ current_alloc_state->alloc_stack = (void **) vmalloc(size * sizeof (void *));
15763 +
15764 -+ update_inodev_entry(matchn->inode, matchn->device, ino, dev);
15765 ++ current_alloc_state->alloc_stack_size = size;
15766 ++ current_alloc_state->alloc_stack_next = 1;
15767 +
15768 -+ return;
15769 ++ if (!current_alloc_state->alloc_stack)
15770 ++ return 0;
15771 ++ else
15772 ++ return 1;
15773 +}
15774 +diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c
15775 +new file mode 100644
15776 +index 0000000..955ddfb
15777 +--- /dev/null
15778 ++++ b/grsecurity/gracl_cap.c
15779 +@@ -0,0 +1,101 @@
15780 ++#include <linux/kernel.h>
15781 ++#include <linux/module.h>
15782 ++#include <linux/sched.h>
15783 ++#include <linux/gracl.h>
15784 ++#include <linux/grsecurity.h>
15785 ++#include <linux/grinternal.h>
15786 +
15787 -+static void
15788 -+do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
15789 -+ const struct vfsmount *mnt)
15790 ++extern const char *captab_log[];
15791 ++extern int captab_log_entries;
15792 ++
15793 ++int
15794 ++gr_acl_is_capable(const int cap)
15795 +{
15796 -+ ino_t ino = dentry->d_inode->i_ino;
15797 -+ dev_t dev = __get_dev(dentry);
15798 ++ struct task_struct *task = current;
15799 ++ const struct cred *cred = current_cred();
15800 ++ struct acl_subject_label *curracl;
15801 ++ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
15802 ++ kernel_cap_t cap_audit = __cap_empty_set;
15803 +
15804 -+ __do_handle_create(matchn, ino, dev);
15805 ++ if (!gr_acl_is_enabled())
15806 ++ return 1;
15807 +
15808 -+ return;
15809 ++ curracl = task->acl;
15810 ++
15811 ++ cap_drop = curracl->cap_lower;
15812 ++ cap_mask = curracl->cap_mask;
15813 ++ cap_audit = curracl->cap_invert_audit;
15814 ++
15815 ++ while ((curracl = curracl->parent_subject)) {
15816 ++ /* if the cap isn't specified in the current computed mask but is specified in the
15817 ++ current level subject, and is lowered in the current level subject, then add
15818 ++ it to the set of dropped capabilities
15819 ++ otherwise, add the current level subject's mask to the current computed mask
15820 ++ */
15821 ++ if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
15822 ++ cap_raise(cap_mask, cap);
15823 ++ if (cap_raised(curracl->cap_lower, cap))
15824 ++ cap_raise(cap_drop, cap);
15825 ++ if (cap_raised(curracl->cap_invert_audit, cap))
15826 ++ cap_raise(cap_audit, cap);
15827 ++ }
15828 ++ }
15829 ++
15830 ++ if (!cap_raised(cap_drop, cap)) {
15831 ++ if (cap_raised(cap_audit, cap))
15832 ++ gr_log_cap(GR_DO_AUDIT, GR_CAP_ACL_MSG2, task, captab_log[cap]);
15833 ++ return 1;
15834 ++ }
15835 ++
15836 ++ curracl = task->acl;
15837 ++
15838 ++ if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN))
15839 ++ && cap_raised(cred->cap_effective, cap)) {
15840 ++ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
15841 ++ task->role->roletype, cred->uid,
15842 ++ cred->gid, task->exec_file ?
15843 ++ gr_to_filename(task->exec_file->f_path.dentry,
15844 ++ task->exec_file->f_path.mnt) : curracl->filename,
15845 ++ curracl->filename, 0UL,
15846 ++ 0UL, "", (unsigned long) cap, &task->signal->saved_ip);
15847 ++ return 1;
15848 ++ }
15849 ++
15850 ++ if ((cap >= 0) && (cap < captab_log_entries) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
15851 ++ gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
15852 ++ return 0;
15853 +}
15854 +
15855 -+void
15856 -+gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
15857 ++int
15858 ++gr_acl_is_capable_nolog(const int cap)
15859 +{
15860 -+ struct name_entry *matchn;
15861 ++ struct acl_subject_label *curracl;
15862 ++ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
15863 +
15864 -+ if (unlikely(!(gr_status & GR_READY)))
15865 -+ return;
15866 ++ if (!gr_acl_is_enabled())
15867 ++ return 1;
15868 +
15869 -+ preempt_disable();
15870 -+ matchn = lookup_name_entry(gr_to_filename_rbac(dentry, mnt));
15871 ++ curracl = current->acl;
15872 +
15873 -+ if (unlikely((unsigned long)matchn)) {
15874 -+ write_lock(&gr_inode_lock);
15875 -+ do_handle_create(matchn, dentry, mnt);
15876 -+ write_unlock(&gr_inode_lock);
15877 ++ cap_drop = curracl->cap_lower;
15878 ++ cap_mask = curracl->cap_mask;
15879 ++
15880 ++ while ((curracl = curracl->parent_subject)) {
15881 ++ /* if the cap isn't specified in the current computed mask but is specified in the
15882 ++ current level subject, and is lowered in the current level subject, then add
15883 ++ it to the set of dropped capabilities
15884 ++ otherwise, add the current level subject's mask to the current computed mask
15885 ++ */
15886 ++ if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
15887 ++ cap_raise(cap_mask, cap);
15888 ++ if (cap_raised(curracl->cap_lower, cap))
15889 ++ cap_raise(cap_drop, cap);
15890 ++ }
15891 + }
15892 -+ preempt_enable();
15893 +
15894 -+ return;
15895 ++ if (!cap_raised(cap_drop, cap))
15896 ++ return 1;
15897 ++
15898 ++ return 0;
15899 +}
15900 +
15901 -+void
15902 -+gr_handle_proc_create(const struct dentry *dentry, const struct inode *inode)
15903 +diff --git a/grsecurity/gracl_compat.c b/grsecurity/gracl_compat.c
15904 +new file mode 100644
15905 +index 0000000..ca25605
15906 +--- /dev/null
15907 ++++ b/grsecurity/gracl_compat.c
15908 +@@ -0,0 +1,270 @@
15909 ++#include <linux/kernel.h>
15910 ++#include <linux/gracl.h>
15911 ++#include <linux/compat.h>
15912 ++#include <linux/gracl_compat.h>
15913 ++
15914 ++#include <asm/uaccess.h>
15915 ++
15916 ++int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap)
15917 +{
15918 -+ struct name_entry *matchn;
15919 ++ struct gr_arg_wrapper_compat uwrapcompat;
15920 +
15921 -+ if (unlikely(!(gr_status & GR_READY)))
15922 -+ return;
15923 ++ if (copy_from_user(&uwrapcompat, buf, sizeof(uwrapcompat)))
15924 ++ return -EFAULT;
15925 +
15926 -+ preempt_disable();
15927 -+ matchn = lookup_name_entry(gr_to_proc_filename_rbac(dentry, init_pid_ns.proc_mnt));
15928 ++ if (((uwrapcompat.version != GRSECURITY_VERSION) &&
15929 ++ (uwrapcompat.version != 0x2901)) ||
15930 ++ (uwrapcompat.size != sizeof(struct gr_arg_compat)))
15931 ++ return -EINVAL;
15932 +
15933 -+ if (unlikely((unsigned long)matchn)) {
15934 -+ write_lock(&gr_inode_lock);
15935 -+ __do_handle_create(matchn, inode->i_ino, inode->i_sb->s_dev);
15936 -+ write_unlock(&gr_inode_lock);
15937 -+ }
15938 -+ preempt_enable();
15939 ++ uwrap->arg = compat_ptr(uwrapcompat.arg);
15940 ++ uwrap->version = uwrapcompat.version;
15941 ++ uwrap->size = sizeof(struct gr_arg);
15942 +
15943 -+ return;
15944 ++ return 0;
15945 +}
15946 +
15947 -+void
15948 -+gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
15949 -+ struct dentry *old_dentry,
15950 -+ struct dentry *new_dentry,
15951 -+ struct vfsmount *mnt, const __u8 replace)
15952 ++int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg)
15953 +{
15954 -+ struct name_entry *matchn;
15955 -+ struct inodev_entry *inodev;
15956 -+ struct inode *inode = new_dentry->d_inode;
15957 -+ ino_t old_ino = old_dentry->d_inode->i_ino;
15958 -+ dev_t old_dev = __get_dev(old_dentry);
15959 ++ struct gr_arg_compat argcompat;
15960 +
15961 -+ /* vfs_rename swaps the name and parent link for old_dentry and
15962 -+ new_dentry
15963 -+ at this point, old_dentry has the new name, parent link, and inode
15964 -+ for the renamed file
15965 -+ if a file is being replaced by a rename, new_dentry has the inode
15966 -+ and name for the replaced file
15967 -+ */
15968 ++ if (copy_from_user(&argcompat, buf, sizeof(argcompat)))
15969 ++ return -EFAULT;
15970 +
15971 -+ if (unlikely(!(gr_status & GR_READY)))
15972 -+ return;
15973 ++ arg->role_db.r_table = compat_ptr(argcompat.role_db.r_table);
15974 ++ arg->role_db.num_pointers = argcompat.role_db.num_pointers;
15975 ++ arg->role_db.num_roles = argcompat.role_db.num_roles;
15976 ++ arg->role_db.num_domain_children = argcompat.role_db.num_domain_children;
15977 ++ arg->role_db.num_subjects = argcompat.role_db.num_subjects;
15978 ++ arg->role_db.num_objects = argcompat.role_db.num_objects;
15979 +
15980 -+ preempt_disable();
15981 -+ matchn = lookup_name_entry(gr_to_filename_rbac(old_dentry, mnt));
15982 ++ memcpy(&arg->pw, &argcompat.pw, sizeof(arg->pw));
15983 ++ memcpy(&arg->salt, &argcompat.salt, sizeof(arg->salt));
15984 ++ memcpy(&arg->sum, &argcompat.sum, sizeof(arg->sum));
15985 ++ memcpy(&arg->sp_role, &argcompat.sp_role, sizeof(arg->sp_role));
15986 ++ arg->sprole_pws = compat_ptr(argcompat.sprole_pws);
15987 ++ arg->segv_device = argcompat.segv_device;
15988 ++ arg->segv_inode = argcompat.segv_inode;
15989 ++ arg->segv_uid = argcompat.segv_uid;
15990 ++ arg->num_sprole_pws = argcompat.num_sprole_pws;
15991 ++ arg->mode = argcompat.mode;
15992 +
15993 -+ /* we wouldn't have to check d_inode if it weren't for
15994 -+ NFS silly-renaming
15995 -+ */
15996 ++ return 0;
15997 ++}
15998 +
15999 -+ write_lock(&gr_inode_lock);
16000 -+ if (unlikely(replace && inode)) {
16001 -+ ino_t new_ino = inode->i_ino;
16002 -+ dev_t new_dev = __get_dev(new_dentry);
16003 ++int copy_acl_object_label_compat(struct acl_object_label *obj, const struct acl_object_label *userp)
16004 ++{
16005 ++ struct acl_object_label_compat objcompat;
16006 +
16007 -+ inodev = lookup_inodev_entry(new_ino, new_dev);
16008 -+ if (inodev != NULL && ((inode->i_nlink <= 1) || S_ISDIR(inode->i_mode)))
16009 -+ do_handle_delete(inodev, new_ino, new_dev);
16010 -+ }
16011 ++ if (copy_from_user(&objcompat, userp, sizeof(objcompat)))
16012 ++ return -EFAULT;
16013 +
16014 -+ inodev = lookup_inodev_entry(old_ino, old_dev);
16015 -+ if (inodev != NULL && ((old_dentry->d_inode->i_nlink <= 1) || S_ISDIR(old_dentry->d_inode->i_mode)))
16016 -+ do_handle_delete(inodev, old_ino, old_dev);
16017 ++ obj->filename = compat_ptr(objcompat.filename);
16018 ++ obj->inode = objcompat.inode;
16019 ++ obj->device = objcompat.device;
16020 ++ obj->mode = objcompat.mode;
16021 +
16022 -+ if (unlikely((unsigned long)matchn))
16023 -+ do_handle_create(matchn, old_dentry, mnt);
16024 ++ obj->nested = compat_ptr(objcompat.nested);
16025 ++ obj->globbed = compat_ptr(objcompat.globbed);
16026 +
16027 -+ write_unlock(&gr_inode_lock);
16028 -+ preempt_enable();
16029 ++ obj->prev = compat_ptr(objcompat.prev);
16030 ++ obj->next = compat_ptr(objcompat.next);
16031 +
16032 -+ return;
16033 ++ return 0;
16034 +}
16035 +
16036 -+static int
16037 -+lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt,
16038 -+ unsigned char **sum)
16039 ++int copy_acl_subject_label_compat(struct acl_subject_label *subj, const struct acl_subject_label *userp)
16040 +{
16041 -+ struct acl_role_label *r;
16042 -+ struct role_allowed_ip *ipp;
16043 -+ struct role_transition *trans;
16044 + unsigned int i;
16045 -+ int found = 0;
16046 -+ u32 curr_ip = current->signal->curr_ip;
16047 ++ struct acl_subject_label_compat subjcompat;
16048 +
16049 -+ current->signal->saved_ip = curr_ip;
16050 ++ if (copy_from_user(&subjcompat, userp, sizeof(subjcompat)))
16051 ++ return -EFAULT;
16052 +
16053 -+ /* check transition table */
16054 ++ subj->filename = compat_ptr(subjcompat.filename);
16055 ++ subj->inode = subjcompat.inode;
16056 ++ subj->device = subjcompat.device;
16057 ++ subj->mode = subjcompat.mode;
16058 ++ subj->cap_mask = subjcompat.cap_mask;
16059 ++ subj->cap_lower = subjcompat.cap_lower;
16060 ++ subj->cap_invert_audit = subjcompat.cap_invert_audit;
16061 +
16062 -+ for (trans = current->role->transitions; trans; trans = trans->next) {
16063 -+ if (!strcmp(rolename, trans->rolename)) {
16064 -+ found = 1;
16065 -+ break;
16066 -+ }
16067 ++ for (i = 0; i < GR_NLIMITS; i++) {
16068 ++ if (subjcompat.res[i].rlim_cur == COMPAT_RLIM_INFINITY)
16069 ++ subj->res[i].rlim_cur = RLIM_INFINITY;
16070 ++ else
16071 ++ subj->res[i].rlim_cur = subjcompat.res[i].rlim_cur;
16072 ++ if (subjcompat.res[i].rlim_max == COMPAT_RLIM_INFINITY)
16073 ++ subj->res[i].rlim_max = RLIM_INFINITY;
16074 ++ else
16075 ++ subj->res[i].rlim_max = subjcompat.res[i].rlim_max;
16076 + }
16077 ++ subj->resmask = subjcompat.resmask;
16078 +
16079 -+ if (!found)
16080 -+ return 0;
16081 ++ subj->user_trans_type = subjcompat.user_trans_type;
16082 ++ subj->group_trans_type = subjcompat.group_trans_type;
16083 ++ subj->user_transitions = compat_ptr(subjcompat.user_transitions);
16084 ++ subj->group_transitions = compat_ptr(subjcompat.group_transitions);
16085 ++ subj->user_trans_num = subjcompat.user_trans_num;
16086 ++ subj->group_trans_num = subjcompat.group_trans_num;
16087 +
16088 -+ /* handle special roles that do not require authentication
16089 -+ and check ip */
16090 ++ memcpy(&subj->sock_families, &subjcompat.sock_families, sizeof(subj->sock_families));
16091 ++ memcpy(&subj->ip_proto, &subjcompat.ip_proto, sizeof(subj->ip_proto));
16092 ++ subj->ip_type = subjcompat.ip_type;
16093 ++ subj->ips = compat_ptr(subjcompat.ips);
16094 ++ subj->ip_num = subjcompat.ip_num;
16095 ++ subj->inaddr_any_override = subjcompat.inaddr_any_override;
16096 +
16097 -+ FOR_EACH_ROLE_START(r)
16098 -+ if (!strcmp(rolename, r->rolename) &&
16099 -+ (r->roletype & GR_ROLE_SPECIAL)) {
16100 -+ found = 0;
16101 -+ if (r->allowed_ips != NULL) {
16102 -+ for (ipp = r->allowed_ips; ipp; ipp = ipp->next) {
16103 -+ if ((ntohl(curr_ip) & ipp->netmask) ==
16104 -+ (ntohl(ipp->addr) & ipp->netmask))
16105 -+ found = 1;
16106 -+ }
16107 -+ } else
16108 -+ found = 2;
16109 -+ if (!found)
16110 -+ return 0;
16111 ++ subj->crashes = subjcompat.crashes;
16112 ++ subj->expires = subjcompat.expires;
16113 +
16114 -+ if (((mode == GR_SPROLE) && (r->roletype & GR_ROLE_NOPW)) ||
16115 -+ ((mode == GR_SPROLEPAM) && (r->roletype & GR_ROLE_PAM))) {
16116 -+ *salt = NULL;
16117 -+ *sum = NULL;
16118 -+ return 1;
16119 -+ }
16120 -+ }
16121 -+ FOR_EACH_ROLE_END(r)
16122 ++ subj->parent_subject = compat_ptr(subjcompat.parent_subject);
16123 ++ subj->hash = compat_ptr(subjcompat.hash);
16124 ++ subj->prev = compat_ptr(subjcompat.prev);
16125 ++ subj->next = compat_ptr(subjcompat.next);
16126 +
16127 -+ for (i = 0; i < num_sprole_pws; i++) {
16128 -+ if (!strcmp(rolename, acl_special_roles[i]->rolename)) {
16129 -+ *salt = acl_special_roles[i]->salt;
16130 -+ *sum = acl_special_roles[i]->sum;
16131 -+ return 1;
16132 -+ }
16133 -+ }
16134 ++ subj->obj_hash = compat_ptr(subjcompat.obj_hash);
16135 ++ subj->obj_hash_size = subjcompat.obj_hash_size;
16136 ++ subj->pax_flags = subjcompat.pax_flags;
16137 +
16138 + return 0;
16139 +}
16140 +
16141 -+static void
16142 -+assign_special_role(char *rolename)
16143 ++int copy_acl_role_label_compat(struct acl_role_label *role, const struct acl_role_label *userp)
16144 +{
16145 -+ struct acl_object_label *obj;
16146 -+ struct acl_role_label *r;
16147 -+ struct acl_role_label *assigned = NULL;
16148 -+ struct task_struct *tsk;
16149 -+ struct file *filp;
16150 -+
16151 -+ FOR_EACH_ROLE_START(r)
16152 -+ if (!strcmp(rolename, r->rolename) &&
16153 -+ (r->roletype & GR_ROLE_SPECIAL)) {
16154 -+ assigned = r;
16155 -+ break;
16156 -+ }
16157 -+ FOR_EACH_ROLE_END(r)
16158 ++ struct acl_role_label_compat rolecompat;
16159 +
16160 -+ if (!assigned)
16161 -+ return;
16162 ++ if (copy_from_user(&rolecompat, userp, sizeof(rolecompat)))
16163 ++ return -EFAULT;
16164 +
16165 -+ read_lock(&tasklist_lock);
16166 -+ read_lock(&grsec_exec_file_lock);
16167 ++ role->rolename = compat_ptr(rolecompat.rolename);
16168 ++ role->uidgid = rolecompat.uidgid;
16169 ++ role->roletype = rolecompat.roletype;
16170 +
16171 -+ tsk = current->real_parent;
16172 -+ if (tsk == NULL)
16173 -+ goto out_unlock;
16174 ++ role->auth_attempts = rolecompat.auth_attempts;
16175 ++ role->expires = rolecompat.expires;
16176 +
16177 -+ filp = tsk->exec_file;
16178 -+ if (filp == NULL)
16179 -+ goto out_unlock;
16180 ++ role->root_label = compat_ptr(rolecompat.root_label);
16181 ++ role->hash = compat_ptr(rolecompat.hash);
16182 +
16183 -+ tsk->is_writable = 0;
16184 ++ role->prev = compat_ptr(rolecompat.prev);
16185 ++ role->next = compat_ptr(rolecompat.next);
16186 +
16187 -+ tsk->acl_sp_role = 1;
16188 -+ tsk->acl_role_id = ++acl_sp_role_value;
16189 -+ tsk->role = assigned;
16190 -+ tsk->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role);
16191 ++ role->transitions = compat_ptr(rolecompat.transitions);
16192 ++ role->allowed_ips = compat_ptr(rolecompat.allowed_ips);
16193 ++ role->domain_children = compat_ptr(rolecompat.domain_children);
16194 ++ role->domain_child_num = rolecompat.domain_child_num;
16195 +
16196 -+ /* ignore additional mmap checks for processes that are writable
16197 -+ by the default ACL */
16198 -+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
16199 -+ if (unlikely(obj->mode & GR_WRITE))
16200 -+ tsk->is_writable = 1;
16201 -+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role->root_label);
16202 -+ if (unlikely(obj->mode & GR_WRITE))
16203 -+ tsk->is_writable = 1;
16204 ++ role->umask = rolecompat.umask;
16205 +
16206 -+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
16207 -+ printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid);
16208 -+#endif
16209 ++ role->subj_hash = compat_ptr(rolecompat.subj_hash);
16210 ++ role->subj_hash_size = rolecompat.subj_hash_size;
16211 +
16212 -+out_unlock:
16213 -+ read_unlock(&grsec_exec_file_lock);
16214 -+ read_unlock(&tasklist_lock);
16215 -+ return;
16216 ++ return 0;
16217 +}
16218 +
16219 -+int gr_check_secure_terminal(struct task_struct *task)
16220 ++int copy_role_allowed_ip_compat(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp)
16221 +{
16222 -+ struct task_struct *p, *p2, *p3;
16223 -+ struct files_struct *files;
16224 -+ struct fdtable *fdt;
16225 -+ struct file *our_file = NULL, *file;
16226 -+ int i;
16227 ++ struct role_allowed_ip_compat roleip_compat;
16228 +
16229 -+ if (task->signal->tty == NULL)
16230 -+ return 1;
16231 -+
16232 -+ files = get_files_struct(task);
16233 -+ if (files != NULL) {
16234 -+ rcu_read_lock();
16235 -+ fdt = files_fdtable(files);
16236 -+ for (i=0; i < fdt->max_fds; i++) {
16237 -+ file = fcheck_files(files, i);
16238 -+ if (file && (our_file == NULL) && (file->private_data == task->signal->tty)) {
16239 -+ get_file(file);
16240 -+ our_file = file;
16241 -+ }
16242 -+ }
16243 -+ rcu_read_unlock();
16244 -+ put_files_struct(files);
16245 -+ }
16246 -+
16247 -+ if (our_file == NULL)
16248 -+ return 1;
16249 -+
16250 -+ read_lock(&tasklist_lock);
16251 -+ do_each_thread(p2, p) {
16252 -+ files = get_files_struct(p);
16253 -+ if (files == NULL ||
16254 -+ (p->signal && p->signal->tty == task->signal->tty)) {
16255 -+ if (files != NULL)
16256 -+ put_files_struct(files);
16257 -+ continue;
16258 -+ }
16259 -+ rcu_read_lock();
16260 -+ fdt = files_fdtable(files);
16261 -+ for (i=0; i < fdt->max_fds; i++) {
16262 -+ file = fcheck_files(files, i);
16263 -+ if (file && S_ISCHR(file->f_path.dentry->d_inode->i_mode) &&
16264 -+ file->f_path.dentry->d_inode->i_rdev == our_file->f_path.dentry->d_inode->i_rdev) {
16265 -+ p3 = task;
16266 -+ while (p3->pid > 0) {
16267 -+ if (p3 == p)
16268 -+ break;
16269 -+ p3 = p3->real_parent;
16270 -+ }
16271 -+ if (p3 == p)
16272 -+ break;
16273 -+ gr_log_ttysniff(GR_DONT_AUDIT_GOOD, GR_TTYSNIFF_ACL_MSG, p);
16274 -+ gr_handle_alertkill(p);
16275 -+ rcu_read_unlock();
16276 -+ put_files_struct(files);
16277 -+ read_unlock(&tasklist_lock);
16278 -+ fput(our_file);
16279 -+ return 0;
16280 -+ }
16281 -+ }
16282 -+ rcu_read_unlock();
16283 -+ put_files_struct(files);
16284 -+ } while_each_thread(p2, p);
16285 -+ read_unlock(&tasklist_lock);
16286 ++ if (copy_from_user(&roleip_compat, userp, sizeof(roleip_compat)))
16287 ++ return -EFAULT;
16288 +
16289 -+ fput(our_file);
16290 -+ return 1;
16291 -+}
16292 ++ roleip->addr = roleip_compat.addr;
16293 ++ roleip->netmask = roleip_compat.netmask;
16294 +
16295 -+static int gr_rbac_disable(void *unused)
16296 -+{
16297 -+ pax_open_kernel();
16298 -+ gr_status &= ~GR_READY;
16299 -+ pax_close_kernel();
16300 ++ roleip->prev = compat_ptr(roleip_compat.prev);
16301 ++ roleip->next = compat_ptr(roleip_compat.next);
16302 +
16303 + return 0;
16304 +}
16305 +
16306 -+ssize_t
16307 -+write_grsec_handler(struct file *file, const char __user * buf, size_t count, loff_t *ppos)
16308 ++int copy_role_transition_compat(struct role_transition *trans, const struct role_transition *userp)
16309 +{
16310 -+ struct gr_arg_wrapper uwrap;
16311 -+ unsigned char *sprole_salt = NULL;
16312 -+ unsigned char *sprole_sum = NULL;
16313 -+ int error = 0;
16314 -+ int error2 = 0;
16315 -+ size_t req_count = 0;
16316 -+
16317 -+ mutex_lock(&gr_dev_mutex);
16318 -+
16319 -+ if ((gr_status & GR_READY) && !(current->acl->mode & GR_KERNELAUTH)) {
16320 -+ error = -EPERM;
16321 -+ goto out;
16322 -+ }
16323 -+
16324 -+#ifdef CONFIG_COMPAT
16325 -+ pax_open_kernel();
16326 -+ if (is_compat_task()) {
16327 -+ copy_gr_arg_wrapper = &copy_gr_arg_wrapper_compat;
16328 -+ copy_gr_arg = &copy_gr_arg_compat;
16329 -+ copy_acl_object_label = &copy_acl_object_label_compat;
16330 -+ copy_acl_subject_label = &copy_acl_subject_label_compat;
16331 -+ copy_acl_role_label = &copy_acl_role_label_compat;
16332 -+ copy_acl_ip_label = &copy_acl_ip_label_compat;
16333 -+ copy_role_allowed_ip = &copy_role_allowed_ip_compat;
16334 -+ copy_role_transition = &copy_role_transition_compat;
16335 -+ copy_sprole_pw = &copy_sprole_pw_compat;
16336 -+ copy_gr_hash_struct = &copy_gr_hash_struct_compat;
16337 -+ copy_pointer_from_array = &copy_pointer_from_array_compat;
16338 -+ get_gr_arg_wrapper_size = &get_gr_arg_wrapper_size_compat;
16339 -+ } else {
16340 -+ copy_gr_arg_wrapper = &copy_gr_arg_wrapper_normal;
16341 -+ copy_gr_arg = &copy_gr_arg_normal;
16342 -+ copy_acl_object_label = &copy_acl_object_label_normal;
16343 -+ copy_acl_subject_label = &copy_acl_subject_label_normal;
16344 -+ copy_acl_role_label = &copy_acl_role_label_normal;
16345 -+ copy_acl_ip_label = &copy_acl_ip_label_normal;
16346 -+ copy_role_allowed_ip = &copy_role_allowed_ip_normal;
16347 -+ copy_role_transition = &copy_role_transition_normal;
16348 -+ copy_sprole_pw = &copy_sprole_pw_normal;
16349 -+ copy_gr_hash_struct = &copy_gr_hash_struct_normal;
16350 -+ copy_pointer_from_array = &copy_pointer_from_array_normal;
16351 -+ get_gr_arg_wrapper_size = &get_gr_arg_wrapper_size_normal;
16352 -+ }
16353 -+ pax_close_kernel();
16354 -+#endif
16355 ++ struct role_transition_compat trans_compat;
16356 +
16357 -+ req_count = get_gr_arg_wrapper_size();
16358 ++ if (copy_from_user(&trans_compat, userp, sizeof(trans_compat)))
16359 ++ return -EFAULT;
16360 +
16361 -+ if (count != req_count) {
16362 -+ gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)req_count);
16363 -+ error = -EINVAL;
16364 -+ goto out;
16365 -+ }
16366 ++ trans->rolename = compat_ptr(trans_compat.rolename);
16367 +
16368 -+
16369 -+ if (gr_auth_expires && time_after_eq(get_seconds(), gr_auth_expires)) {
16370 -+ gr_auth_expires = 0;
16371 -+ gr_auth_attempts = 0;
16372 -+ }
16373 ++ trans->prev = compat_ptr(trans_compat.prev);
16374 ++ trans->next = compat_ptr(trans_compat.next);
16375 +
16376 -+ error = copy_gr_arg_wrapper(buf, &uwrap);
16377 -+ if (error)
16378 -+ goto out;
16379 ++ return 0;
16380 +
16381 -+ error = copy_gr_arg(uwrap.arg, gr_usermode);
16382 -+ if (error)
16383 -+ goto out;
16384 ++}
16385 +
16386 -+ if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_SPROLEPAM &&
16387 -+ gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
16388 -+ time_after(gr_auth_expires, get_seconds())) {
16389 -+ error = -EBUSY;
16390 -+ goto out;
16391 -+ }
16392 ++int copy_gr_hash_struct_compat(struct gr_hash_struct *hash, const struct gr_hash_struct *userp)
16393 ++{
16394 ++ struct gr_hash_struct_compat hash_compat;
16395 +
16396 -+ /* if non-root trying to do anything other than use a special role,
16397 -+ do not attempt authentication, do not count towards authentication
16398 -+ locking
16399 -+ */
16400 ++ if (copy_from_user(&hash_compat, userp, sizeof(hash_compat)))
16401 ++ return -EFAULT;
16402 +
16403 -+ if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS &&
16404 -+ gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM &&
16405 -+ current_uid()) {
16406 -+ error = -EPERM;
16407 -+ goto out;
16408 -+ }
16409 ++ hash->table = compat_ptr(hash_compat.table);
16410 ++ hash->nametable = compat_ptr(hash_compat.nametable);
16411 ++ hash->first = compat_ptr(hash_compat.first);
16412 +
16413 -+ /* ensure pw and special role name are null terminated */
16414 ++ hash->table_size = hash_compat.table_size;
16415 ++ hash->used_size = hash_compat.used_size;
16416 +
16417 -+ gr_usermode->pw[GR_PW_LEN - 1] = '\0';
16418 -+ gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0';
16419 ++ hash->type = hash_compat.type;
16420 +
16421 -+ /* Okay.
16422 -+ * We have our enough of the argument structure..(we have yet
16423 -+ * to copy_from_user the tables themselves) . Copy the tables
16424 -+ * only if we need them, i.e. for loading operations. */
16425 ++ return 0;
16426 ++}
16427 +
16428 -+ switch (gr_usermode->mode) {
16429 -+ case GR_STATUS:
16430 -+ if (gr_status & GR_READY) {
16431 -+ error = 1;
16432 -+ if (!gr_check_secure_terminal(current))
16433 -+ error = 3;
16434 -+ } else
16435 -+ error = 2;
16436 -+ goto out;
16437 -+ case GR_SHUTDOWN:
16438 -+ if ((gr_status & GR_READY)
16439 -+ && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
16440 -+ stop_machine(gr_rbac_disable, NULL, NULL);
16441 -+ free_variables();
16442 -+ memset(gr_usermode, 0, sizeof (struct gr_arg));
16443 -+ memset(gr_system_salt, 0, GR_SALT_LEN);
16444 -+ memset(gr_system_sum, 0, GR_SHA_LEN);
16445 -+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG);
16446 -+ } else if (gr_status & GR_READY) {
16447 -+ gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG);
16448 -+ error = -EPERM;
16449 -+ } else {
16450 -+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTI_ACL_MSG);
16451 -+ error = -EAGAIN;
16452 -+ }
16453 -+ break;
16454 -+ case GR_ENABLE:
16455 -+ if (!(gr_status & GR_READY) && !(error2 = gracl_init(gr_usermode)))
16456 -+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION);
16457 -+ else {
16458 -+ if (gr_status & GR_READY)
16459 -+ error = -EAGAIN;
16460 -+ else
16461 -+ error = error2;
16462 -+ gr_log_str(GR_DONT_AUDIT, GR_ENABLEF_ACL_MSG, GR_VERSION);
16463 -+ }
16464 -+ break;
16465 -+ case GR_RELOAD:
16466 -+ if (!(gr_status & GR_READY)) {
16467 -+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION);
16468 -+ error = -EAGAIN;
16469 -+ } else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
16470 -+ stop_machine(gr_rbac_disable, NULL, NULL);
16471 -+ free_variables();
16472 -+ error2 = gracl_init(gr_usermode);
16473 -+ if (!error2)
16474 -+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION);
16475 -+ else {
16476 -+ gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
16477 -+ error = error2;
16478 -+ }
16479 -+ } else {
16480 -+ gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
16481 -+ error = -EPERM;
16482 -+ }
16483 -+ break;
16484 -+ case GR_SEGVMOD:
16485 -+ if (unlikely(!(gr_status & GR_READY))) {
16486 -+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODI_ACL_MSG);
16487 -+ error = -EAGAIN;
16488 -+ break;
16489 -+ }
16490 ++int copy_pointer_from_array_compat(void *ptr, unsigned long idx, const void *userp)
16491 ++{
16492 ++ compat_uptr_t ptrcompat;
16493 +
16494 -+ if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
16495 -+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG);
16496 -+ if (gr_usermode->segv_device && gr_usermode->segv_inode) {
16497 -+ struct acl_subject_label *segvacl;
16498 -+ segvacl =
16499 -+ lookup_acl_subj_label(gr_usermode->segv_inode,
16500 -+ gr_usermode->segv_device,
16501 -+ current->role);
16502 -+ if (segvacl) {
16503 -+ segvacl->crashes = 0;
16504 -+ segvacl->expires = 0;
16505 -+ }
16506 -+ } else if (gr_find_uid(gr_usermode->segv_uid) >= 0) {
16507 -+ gr_remove_uid(gr_usermode->segv_uid);
16508 -+ }
16509 -+ } else {
16510 -+ gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG);
16511 -+ error = -EPERM;
16512 -+ }
16513 -+ break;
16514 -+ case GR_SPROLE:
16515 -+ case GR_SPROLEPAM:
16516 -+ if (unlikely(!(gr_status & GR_READY))) {
16517 -+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SPROLEI_ACL_MSG);
16518 -+ error = -EAGAIN;
16519 -+ break;
16520 -+ }
16521 ++ if (copy_from_user(&ptrcompat, userp + (idx * sizeof(ptrcompat)), sizeof(ptrcompat)))
16522 ++ return -EFAULT;
16523 +
16524 -+ if (current->role->expires && time_after_eq(get_seconds(), current->role->expires)) {
16525 -+ current->role->expires = 0;
16526 -+ current->role->auth_attempts = 0;
16527 -+ }
16528 ++ *(void **)ptr = compat_ptr(ptrcompat);
16529 +
16530 -+ if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
16531 -+ time_after(current->role->expires, get_seconds())) {
16532 -+ error = -EBUSY;
16533 -+ goto out;
16534 -+ }
16535 ++ return 0;
16536 ++}
16537 +
16538 -+ if (lookup_special_role_auth
16539 -+ (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum)
16540 -+ && ((!sprole_salt && !sprole_sum)
16541 -+ || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
16542 -+ char *p = "";
16543 -+ assign_special_role(gr_usermode->sp_role);
16544 -+ read_lock(&tasklist_lock);
16545 -+ if (current->real_parent)
16546 -+ p = current->real_parent->role->rolename;
16547 -+ read_unlock(&tasklist_lock);
16548 -+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG,
16549 -+ p, acl_sp_role_value);
16550 -+ } else {
16551 -+ gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode->sp_role);
16552 -+ error = -EPERM;
16553 -+ if(!(current->role->auth_attempts++))
16554 -+ current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
16555 ++int copy_acl_ip_label_compat(struct acl_ip_label *ip, const struct acl_ip_label *userp)
16556 ++{
16557 ++ struct acl_ip_label_compat ip_compat;
16558 +
16559 -+ goto out;
16560 -+ }
16561 -+ break;
16562 -+ case GR_UNSPROLE:
16563 -+ if (unlikely(!(gr_status & GR_READY))) {
16564 -+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_UNSPROLEI_ACL_MSG);
16565 -+ error = -EAGAIN;
16566 -+ break;
16567 -+ }
16568 ++ if (copy_from_user(&ip_compat, userp, sizeof(ip_compat)))
16569 ++ return -EFAULT;
16570 +
16571 -+ if (current->role->roletype & GR_ROLE_SPECIAL) {
16572 -+ char *p = "";
16573 -+ int i = 0;
16574 ++ ip->iface = compat_ptr(ip_compat.iface);
16575 ++ ip->addr = ip_compat.addr;
16576 ++ ip->netmask = ip_compat.netmask;
16577 ++ ip->low = ip_compat.low;
16578 ++ ip->high = ip_compat.high;
16579 ++ ip->mode = ip_compat.mode;
16580 ++ ip->type = ip_compat.type;
16581 +
16582 -+ read_lock(&tasklist_lock);
16583 -+ if (current->real_parent) {
16584 -+ p = current->real_parent->role->rolename;
16585 -+ i = current->real_parent->acl_role_id;
16586 -+ }
16587 -+ read_unlock(&tasklist_lock);
16588 ++ memcpy(&ip->proto, &ip_compat.proto, sizeof(ip->proto));
16589 +
16590 -+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_UNSPROLES_ACL_MSG, p, i);
16591 -+ gr_set_acls(1);
16592 -+ } else {
16593 -+ error = -EPERM;
16594 -+ goto out;
16595 -+ }
16596 -+ break;
16597 -+ default:
16598 -+ gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode->mode);
16599 -+ error = -EINVAL;
16600 -+ break;
16601 -+ }
16602 ++ ip->prev = compat_ptr(ip_compat.prev);
16603 ++ ip->next = compat_ptr(ip_compat.next);
16604 +
16605 -+ if (error != -EPERM)
16606 -+ goto out;
16607 ++ return 0;
16608 ++}
16609 +
16610 -+ if(!(gr_auth_attempts++))
16611 -+ gr_auth_expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
16612 ++int copy_sprole_pw_compat(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp)
16613 ++{
16614 ++ struct sprole_pw_compat pw_compat;
16615 +
16616 -+ out:
16617 -+ mutex_unlock(&gr_dev_mutex);
16618 ++ if (copy_from_user(&pw_compat, (const void *)userp + (sizeof(pw_compat) * idx), sizeof(pw_compat)))
16619 ++ return -EFAULT;
16620 +
16621 -+ if (!error)
16622 -+ error = req_count;
16623 ++ pw->rolename = compat_ptr(pw_compat.rolename);
16624 ++ memcpy(&pw->salt, pw_compat.salt, sizeof(pw->salt));
16625 ++ memcpy(&pw->sum, pw_compat.sum, sizeof(pw->sum));
16626 +
16627 -+ return error;
16628 ++ return 0;
16629 +}
16630 +
16631 -+/* must be called with
16632 -+ rcu_read_lock();
16633 -+ read_lock(&tasklist_lock);
16634 -+ read_lock(&grsec_exec_file_lock);
16635 -+*/
16636 -+int gr_apply_subject_to_task(struct task_struct *task)
16637 ++size_t get_gr_arg_wrapper_size_compat(void)
16638 +{
16639 -+ struct acl_object_label *obj;
16640 -+ char *tmpname;
16641 -+ struct acl_subject_label *tmpsubj;
16642 -+ struct file *filp;
16643 -+ struct name_entry *nmatch;
16644 -+
16645 -+ filp = task->exec_file;
16646 -+ if (filp == NULL)
16647 -+ return 0;
16648 ++ return sizeof(struct gr_arg_wrapper_compat);
16649 ++}
16650 +
16651 -+ /* the following is to apply the correct subject
16652 -+ on binaries running when the RBAC system
16653 -+ is enabled, when the binaries have been
16654 -+ replaced or deleted since their execution
16655 -+ -----
16656 -+ when the RBAC system starts, the inode/dev
16657 -+ from exec_file will be one the RBAC system
16658 -+ is unaware of. It only knows the inode/dev
16659 -+ of the present file on disk, or the absence
16660 -+ of it.
16661 -+ */
16662 -+ preempt_disable();
16663 -+ tmpname = gr_to_filename_rbac(filp->f_path.dentry, filp->f_path.mnt);
16664 -+
16665 -+ nmatch = lookup_name_entry(tmpname);
16666 -+ preempt_enable();
16667 -+ tmpsubj = NULL;
16668 -+ if (nmatch) {
16669 -+ if (nmatch->deleted)
16670 -+ tmpsubj = lookup_acl_subj_label_deleted(nmatch->inode, nmatch->device, task->role);
16671 -+ else
16672 -+ tmpsubj = lookup_acl_subj_label(nmatch->inode, nmatch->device, task->role);
16673 -+ if (tmpsubj != NULL)
16674 -+ task->acl = tmpsubj;
16675 -+ }
16676 -+ if (tmpsubj == NULL)
16677 -+ task->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt,
16678 -+ task->role);
16679 -+ if (task->acl) {
16680 -+ task->is_writable = 0;
16681 -+ /* ignore additional mmap checks for processes that are writable
16682 -+ by the default ACL */
16683 -+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
16684 -+ if (unlikely(obj->mode & GR_WRITE))
16685 -+ task->is_writable = 1;
16686 -+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
16687 -+ if (unlikely(obj->mode & GR_WRITE))
16688 -+ task->is_writable = 1;
16689 -+
16690 -+ gr_set_proc_res(task);
16691 +diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
16692 +new file mode 100644
16693 +index 0000000..b20f6e9
16694 +--- /dev/null
16695 ++++ b/grsecurity/gracl_fs.c
16696 +@@ -0,0 +1,431 @@
16697 ++#include <linux/kernel.h>
16698 ++#include <linux/sched.h>
16699 ++#include <linux/types.h>
16700 ++#include <linux/fs.h>
16701 ++#include <linux/file.h>
16702 ++#include <linux/stat.h>
16703 ++#include <linux/grsecurity.h>
16704 ++#include <linux/grinternal.h>
16705 ++#include <linux/gracl.h>
16706 +
16707 -+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
16708 -+ printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
16709 -+#endif
16710 -+ } else {
16711 -+ return 1;
16712 -+ }
16713 ++umode_t
16714 ++gr_acl_umask(void)
16715 ++{
16716 ++ if (unlikely(!gr_acl_is_enabled()))
16717 ++ return 0;
16718 +
16719 -+ return 0;
16720 ++ return current->role->umask;
16721 +}
16722 +
16723 -+int
16724 -+gr_set_acls(const int type)
16725 ++__u32
16726 ++gr_acl_handle_hidden_file(const struct dentry * dentry,
16727 ++ const struct vfsmount * mnt)
16728 +{
16729 -+ struct task_struct *task, *task2;
16730 -+ struct acl_role_label *role = current->role;
16731 -+ __u16 acl_role_id = current->acl_role_id;
16732 -+ const struct cred *cred;
16733 -+ int ret;
16734 -+
16735 -+ rcu_read_lock();
16736 -+ read_lock(&tasklist_lock);
16737 -+ read_lock(&grsec_exec_file_lock);
16738 -+ do_each_thread(task2, task) {
16739 -+ /* check to see if we're called from the exit handler,
16740 -+ if so, only replace ACLs that have inherited the admin
16741 -+ ACL */
16742 ++ __u32 mode;
16743 +
16744 -+ if (type && (task->role != role ||
16745 -+ task->acl_role_id != acl_role_id))
16746 -+ continue;
16747 ++ if (unlikely(!dentry->d_inode))
16748 ++ return GR_FIND;
16749 +
16750 -+ task->acl_role_id = 0;
16751 -+ task->acl_sp_role = 0;
16752 ++ mode =
16753 ++ gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt);
16754 +
16755 -+ if (task->exec_file) {
16756 -+ cred = __task_cred(task);
16757 -+ task->role = lookup_acl_role_label(task, cred->uid, cred->gid);
16758 -+ ret = gr_apply_subject_to_task(task);
16759 -+ if (ret) {
16760 -+ read_unlock(&grsec_exec_file_lock);
16761 -+ read_unlock(&tasklist_lock);
16762 -+ rcu_read_unlock();
16763 -+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task->pid);
16764 -+ return ret;
16765 -+ }
16766 -+ } else {
16767 -+ // it's a kernel process
16768 -+ task->role = kernel_role;
16769 -+ task->acl = kernel_role->root_label;
16770 -+#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
16771 -+ task->acl->mode &= ~GR_PROCFIND;
16772 -+#endif
16773 -+ }
16774 -+ } while_each_thread(task2, task);
16775 -+ read_unlock(&grsec_exec_file_lock);
16776 -+ read_unlock(&tasklist_lock);
16777 -+ rcu_read_unlock();
16778 ++ if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) {
16779 ++ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
16780 ++ return mode;
16781 ++ } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) {
16782 ++ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
16783 ++ return 0;
16784 ++ } else if (unlikely(!(mode & GR_FIND)))
16785 ++ return 0;
16786 +
16787 -+ return 0;
16788 ++ return GR_FIND;
16789 +}
16790 +
16791 -+void
16792 -+gr_learn_resource(const struct task_struct *task,
16793 -+ const int res, const unsigned long wanted, const int gt)
16794 ++__u32
16795 ++gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
16796 ++ int acc_mode)
16797 +{
16798 -+ struct acl_subject_label *acl;
16799 -+ const struct cred *cred;
16800 ++ __u32 reqmode = GR_FIND;
16801 ++ __u32 mode;
16802 +
16803 -+ if (unlikely((gr_status & GR_READY) &&
16804 -+ task->acl && (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))))
16805 -+ goto skip_reslog;
16806 ++ if (unlikely(!dentry->d_inode))
16807 ++ return reqmode;
16808 +
16809 -+#ifdef CONFIG_GRKERNSEC_RESLOG
16810 -+ gr_log_resource(task, res, wanted, gt);
16811 -+#endif
16812 -+ skip_reslog:
16813 ++ if (acc_mode & MAY_APPEND)
16814 ++ reqmode |= GR_APPEND;
16815 ++ else if (acc_mode & MAY_WRITE)
16816 ++ reqmode |= GR_WRITE;
16817 ++ if ((acc_mode & MAY_READ) && !S_ISDIR(dentry->d_inode->i_mode))
16818 ++ reqmode |= GR_READ;
16819 +
16820 -+ if (unlikely(!(gr_status & GR_READY) || !wanted || res >= GR_NLIMITS))
16821 -+ return;
16822 ++ mode =
16823 ++ gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
16824 ++ mnt);
16825 +
16826 -+ acl = task->acl;
16827 ++ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
16828 ++ gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
16829 ++ reqmode & GR_READ ? " reading" : "",
16830 ++ reqmode & GR_WRITE ? " writing" : reqmode &
16831 ++ GR_APPEND ? " appending" : "");
16832 ++ return reqmode;
16833 ++ } else
16834 ++ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
16835 ++ {
16836 ++ gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
16837 ++ reqmode & GR_READ ? " reading" : "",
16838 ++ reqmode & GR_WRITE ? " writing" : reqmode &
16839 ++ GR_APPEND ? " appending" : "");
16840 ++ return 0;
16841 ++ } else if (unlikely((mode & reqmode) != reqmode))
16842 ++ return 0;
16843 +
16844 -+ if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) ||
16845 -+ !(acl->resmask & (1U << (unsigned short) res))))
16846 -+ return;
16847 ++ return reqmode;
16848 ++}
16849 +
16850 -+ if (wanted >= acl->res[res].rlim_cur) {
16851 -+ unsigned long res_add;
16852 ++__u32
16853 ++gr_acl_handle_creat(const struct dentry * dentry,
16854 ++ const struct dentry * p_dentry,
16855 ++ const struct vfsmount * p_mnt, int open_flags, int acc_mode,
16856 ++ const int imode)
16857 ++{
16858 ++ __u32 reqmode = GR_WRITE | GR_CREATE;
16859 ++ __u32 mode;
16860 +
16861 -+ res_add = wanted;
16862 -+ switch (res) {
16863 -+ case RLIMIT_CPU:
16864 -+ res_add += GR_RLIM_CPU_BUMP;
16865 -+ break;
16866 -+ case RLIMIT_FSIZE:
16867 -+ res_add += GR_RLIM_FSIZE_BUMP;
16868 -+ break;
16869 -+ case RLIMIT_DATA:
16870 -+ res_add += GR_RLIM_DATA_BUMP;
16871 -+ break;
16872 -+ case RLIMIT_STACK:
16873 -+ res_add += GR_RLIM_STACK_BUMP;
16874 -+ break;
16875 -+ case RLIMIT_CORE:
16876 -+ res_add += GR_RLIM_CORE_BUMP;
16877 -+ break;
16878 -+ case RLIMIT_RSS:
16879 -+ res_add += GR_RLIM_RSS_BUMP;
16880 -+ break;
16881 -+ case RLIMIT_NPROC:
16882 -+ res_add += GR_RLIM_NPROC_BUMP;
16883 -+ break;
16884 -+ case RLIMIT_NOFILE:
16885 -+ res_add += GR_RLIM_NOFILE_BUMP;
16886 -+ break;
16887 -+ case RLIMIT_MEMLOCK:
16888 -+ res_add += GR_RLIM_MEMLOCK_BUMP;
16889 -+ break;
16890 -+ case RLIMIT_AS:
16891 -+ res_add += GR_RLIM_AS_BUMP;
16892 -+ break;
16893 -+ case RLIMIT_LOCKS:
16894 -+ res_add += GR_RLIM_LOCKS_BUMP;
16895 -+ break;
16896 -+ case RLIMIT_SIGPENDING:
16897 -+ res_add += GR_RLIM_SIGPENDING_BUMP;
16898 -+ break;
16899 -+ case RLIMIT_MSGQUEUE:
16900 -+ res_add += GR_RLIM_MSGQUEUE_BUMP;
16901 -+ break;
16902 -+ case RLIMIT_NICE:
16903 -+ res_add += GR_RLIM_NICE_BUMP;
16904 -+ break;
16905 -+ case RLIMIT_RTPRIO:
16906 -+ res_add += GR_RLIM_RTPRIO_BUMP;
16907 -+ break;
16908 -+ case RLIMIT_RTTIME:
16909 -+ res_add += GR_RLIM_RTTIME_BUMP;
16910 -+ break;
16911 -+ }
16912 -+
16913 -+ acl->res[res].rlim_cur = res_add;
16914 ++ if (acc_mode & MAY_APPEND)
16915 ++ reqmode |= GR_APPEND;
16916 ++ // if a directory was required or the directory already exists, then
16917 ++ // don't count this open as a read
16918 ++ if ((acc_mode & MAY_READ) &&
16919 ++ !((open_flags & O_DIRECTORY) || (dentry->d_inode && S_ISDIR(dentry->d_inode->i_mode))))
16920 ++ reqmode |= GR_READ;
16921 ++ if ((open_flags & O_CREAT) &&
16922 ++ ((imode & S_ISUID) || ((imode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))
16923 ++ reqmode |= GR_SETID;
16924 +
16925 -+ if (wanted > acl->res[res].rlim_max)
16926 -+ acl->res[res].rlim_max = res_add;
16927 ++ mode =
16928 ++ gr_check_create(dentry, p_dentry, p_mnt,
16929 ++ reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
16930 +
16931 -+ /* only log the subject filename, since resource logging is supported for
16932 -+ single-subject learning only */
16933 -+ rcu_read_lock();
16934 -+ cred = __task_cred(task);
16935 -+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
16936 -+ task->role->roletype, cred->uid, cred->gid, acl->filename,
16937 -+ acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max,
16938 -+ "", (unsigned long) res, &task->signal->saved_ip);
16939 -+ rcu_read_unlock();
16940 -+ }
16941 ++ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
16942 ++ gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
16943 ++ reqmode & GR_READ ? " reading" : "",
16944 ++ reqmode & GR_WRITE ? " writing" : reqmode &
16945 ++ GR_APPEND ? " appending" : "");
16946 ++ return reqmode;
16947 ++ } else
16948 ++ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
16949 ++ {
16950 ++ gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
16951 ++ reqmode & GR_READ ? " reading" : "",
16952 ++ reqmode & GR_WRITE ? " writing" : reqmode &
16953 ++ GR_APPEND ? " appending" : "");
16954 ++ return 0;
16955 ++ } else if (unlikely((mode & reqmode) != reqmode))
16956 ++ return 0;
16957 +
16958 -+ return;
16959 ++ return reqmode;
16960 +}
16961 +
16962 -+#if defined(CONFIG_PAX_HAVE_ACL_FLAGS) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
16963 -+void
16964 -+pax_set_initial_flags(struct linux_binprm *bprm)
16965 ++__u32
16966 ++gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
16967 ++ const int fmode)
16968 +{
16969 -+ struct task_struct *task = current;
16970 -+ struct acl_subject_label *proc;
16971 -+ unsigned long flags;
16972 -+
16973 -+ if (unlikely(!(gr_status & GR_READY)))
16974 -+ return;
16975 -+
16976 -+ flags = pax_get_flags(task);
16977 -+
16978 -+ proc = task->acl;
16979 ++ __u32 mode, reqmode = GR_FIND;
16980 +
16981 -+ if (proc->pax_flags & GR_PAX_DISABLE_PAGEEXEC)
16982 -+ flags &= ~MF_PAX_PAGEEXEC;
16983 -+ if (proc->pax_flags & GR_PAX_DISABLE_SEGMEXEC)
16984 -+ flags &= ~MF_PAX_SEGMEXEC;
16985 -+ if (proc->pax_flags & GR_PAX_DISABLE_RANDMMAP)
16986 -+ flags &= ~MF_PAX_RANDMMAP;
16987 -+ if (proc->pax_flags & GR_PAX_DISABLE_EMUTRAMP)
16988 -+ flags &= ~MF_PAX_EMUTRAMP;
16989 -+ if (proc->pax_flags & GR_PAX_DISABLE_MPROTECT)
16990 -+ flags &= ~MF_PAX_MPROTECT;
16991 ++ if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode))
16992 ++ reqmode |= GR_EXEC;
16993 ++ if (fmode & S_IWOTH)
16994 ++ reqmode |= GR_WRITE;
16995 ++ if (fmode & S_IROTH)
16996 ++ reqmode |= GR_READ;
16997 +
16998 -+ if (proc->pax_flags & GR_PAX_ENABLE_PAGEEXEC)
16999 -+ flags |= MF_PAX_PAGEEXEC;
17000 -+ if (proc->pax_flags & GR_PAX_ENABLE_SEGMEXEC)
17001 -+ flags |= MF_PAX_SEGMEXEC;
17002 -+ if (proc->pax_flags & GR_PAX_ENABLE_RANDMMAP)
17003 -+ flags |= MF_PAX_RANDMMAP;
17004 -+ if (proc->pax_flags & GR_PAX_ENABLE_EMUTRAMP)
17005 -+ flags |= MF_PAX_EMUTRAMP;
17006 -+ if (proc->pax_flags & GR_PAX_ENABLE_MPROTECT)
17007 -+ flags |= MF_PAX_MPROTECT;
17008 ++ mode =
17009 ++ gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
17010 ++ mnt);
17011 +
17012 -+ pax_set_flags(task, flags);
17013 ++ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
17014 ++ gr_log_fs_rbac_mode3(GR_DO_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
17015 ++ reqmode & GR_READ ? " reading" : "",
17016 ++ reqmode & GR_WRITE ? " writing" : "",
17017 ++ reqmode & GR_EXEC ? " executing" : "");
17018 ++ return reqmode;
17019 ++ } else
17020 ++ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
17021 ++ {
17022 ++ gr_log_fs_rbac_mode3(GR_DONT_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
17023 ++ reqmode & GR_READ ? " reading" : "",
17024 ++ reqmode & GR_WRITE ? " writing" : "",
17025 ++ reqmode & GR_EXEC ? " executing" : "");
17026 ++ return 0;
17027 ++ } else if (unlikely((mode & reqmode) != reqmode))
17028 ++ return 0;
17029 +
17030 -+ return;
17031 ++ return reqmode;
17032 +}
17033 -+#endif
17034 -+
17035 -+#ifdef CONFIG_SYSCTL
17036 -+/* Eric Biederman likes breaking userland ABI and every inode-based security
17037 -+ system to save 35kb of memory */
17038 +
17039 -+/* we modify the passed in filename, but adjust it back before returning */
17040 -+static struct acl_object_label *gr_lookup_by_name(char *name, unsigned int len)
17041 ++static __u32 generic_fs_handler(const struct dentry *dentry, const struct vfsmount *mnt, __u32 reqmode, const char *fmt)
17042 +{
17043 -+ struct name_entry *nmatch;
17044 -+ char *p, *lastp = NULL;
17045 -+ struct acl_object_label *obj = NULL, *tmp;
17046 -+ struct acl_subject_label *tmpsubj;
17047 -+ char c = '\0';
17048 -+
17049 -+ read_lock(&gr_inode_lock);
17050 ++ __u32 mode;
17051 +
17052 -+ p = name + len - 1;
17053 -+ do {
17054 -+ nmatch = lookup_name_entry(name);
17055 -+ if (lastp != NULL)
17056 -+ *lastp = c;
17057 ++ mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt);
17058 +
17059 -+ if (nmatch == NULL)
17060 -+ goto next_component;
17061 -+ tmpsubj = current->acl;
17062 -+ do {
17063 -+ obj = lookup_acl_obj_label(nmatch->inode, nmatch->device, tmpsubj);
17064 -+ if (obj != NULL) {
17065 -+ tmp = obj->globbed;
17066 -+ while (tmp) {
17067 -+ if (!glob_match(tmp->filename, name)) {
17068 -+ obj = tmp;
17069 -+ goto found_obj;
17070 -+ }
17071 -+ tmp = tmp->next;
17072 -+ }
17073 -+ goto found_obj;
17074 -+ }
17075 -+ } while ((tmpsubj = tmpsubj->parent_subject));
17076 -+next_component:
17077 -+ /* end case */
17078 -+ if (p == name)
17079 -+ break;
17080 ++ if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
17081 ++ gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, dentry, mnt);
17082 ++ return mode;
17083 ++ } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
17084 ++ gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, dentry, mnt);
17085 ++ return 0;
17086 ++ } else if (unlikely((mode & (reqmode)) != (reqmode)))
17087 ++ return 0;
17088 +
17089 -+ while (*p != '/')
17090 -+ p--;
17091 -+ if (p == name)
17092 -+ lastp = p + 1;
17093 -+ else {
17094 -+ lastp = p;
17095 -+ p--;
17096 -+ }
17097 -+ c = *lastp;
17098 -+ *lastp = '\0';
17099 -+ } while (1);
17100 -+found_obj:
17101 -+ read_unlock(&gr_inode_lock);
17102 -+ /* obj returned will always be non-null */
17103 -+ return obj;
17104 ++ return (reqmode);
17105 +}
17106 +
17107 -+/* returns 0 when allowing, non-zero on error
17108 -+ op of 0 is used for readdir, so we don't log the names of hidden files
17109 -+*/
17110 +__u32
17111 -+gr_handle_sysctl(const struct ctl_table *table, const int op)
17112 ++gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
17113 +{
17114 -+ struct ctl_table *tmp;
17115 -+ const char *proc_sys = "/proc/sys";
17116 -+ char *path;
17117 -+ struct acl_object_label *obj;
17118 -+ unsigned short len = 0, pos = 0, depth = 0, i;
17119 -+ __u32 err = 0;
17120 -+ __u32 mode = 0;
17121 -+
17122 -+ if (unlikely(!(gr_status & GR_READY)))
17123 -+ return 0;
17124 -+
17125 -+ /* for now, ignore operations on non-sysctl entries if it's not a
17126 -+ readdir*/
17127 -+ if (table->child != NULL && op != 0)
17128 -+ return 0;
17129 ++ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG);
17130 ++}
17131 +
17132 -+ mode |= GR_FIND;
17133 -+ /* it's only a read if it's an entry, read on dirs is for readdir */
17134 -+ if (op & MAY_READ)
17135 -+ mode |= GR_READ;
17136 -+ if (op & MAY_WRITE)
17137 -+ mode |= GR_WRITE;
17138 ++__u32
17139 ++gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt)
17140 ++{
17141 ++ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG);
17142 ++}
17143 +
17144 -+ preempt_disable();
17145 ++__u32
17146 ++gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt)
17147 ++{
17148 ++ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG);
17149 ++}
17150 +
17151 -+ path = per_cpu_ptr(gr_shared_page[0], smp_processor_id());
17152 ++__u32
17153 ++gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt)
17154 ++{
17155 ++ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG);
17156 ++}
17157 +
17158 -+ /* it's only a read/write if it's an actual entry, not a dir
17159 -+ (which are opened for readdir)
17160 -+ */
17161 ++__u32
17162 ++gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt,
17163 ++ umode_t *modeptr)
17164 ++{
17165 ++ umode_t mode;
17166 +
17167 -+ /* convert the requested sysctl entry into a pathname */
17168 ++ *modeptr &= ~gr_acl_umask();
17169 ++ mode = *modeptr;
17170 +
17171 -+ for (tmp = (struct ctl_table *)table; tmp != NULL; tmp = tmp->parent) {
17172 -+ len += strlen(tmp->procname);
17173 -+ len++;
17174 -+ depth++;
17175 -+ }
17176 ++ if (unlikely(dentry->d_inode && S_ISSOCK(dentry->d_inode->i_mode)))
17177 ++ return 1;
17178 +
17179 -+ if ((len + depth + strlen(proc_sys) + 1) > PAGE_SIZE) {
17180 -+ /* deny */
17181 -+ goto out;
17182 ++ if (unlikely(dentry->d_inode && !S_ISDIR(dentry->d_inode->i_mode) &&
17183 ++ ((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))) {
17184 ++ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
17185 ++ GR_CHMOD_ACL_MSG);
17186 ++ } else {
17187 ++ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG);
17188 + }
17189 ++}
17190 +
17191 -+ memset(path, 0, PAGE_SIZE);
17192 -+
17193 -+ memcpy(path, proc_sys, strlen(proc_sys));
17194 -+
17195 -+ pos += strlen(proc_sys);
17196 ++__u32
17197 ++gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt)
17198 ++{
17199 ++ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG);
17200 ++}
17201 +
17202 -+ for (; depth > 0; depth--) {
17203 -+ path[pos] = '/';
17204 -+ pos++;
17205 -+ for (i = 1, tmp = (struct ctl_table *)table; tmp != NULL; tmp = tmp->parent) {
17206 -+ if (depth == i) {
17207 -+ memcpy(path + pos, tmp->procname,
17208 -+ strlen(tmp->procname));
17209 -+ pos += strlen(tmp->procname);
17210 -+ }
17211 -+ i++;
17212 -+ }
17213 -+ }
17214 ++__u32
17215 ++gr_acl_handle_setxattr(const struct dentry *dentry, const struct vfsmount *mnt)
17216 ++{
17217 ++ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_SETXATTR_ACL_MSG);
17218 ++}
17219 +
17220 -+ obj = gr_lookup_by_name(path, pos);
17221 -+ err = obj->mode & (mode | to_gr_audit(mode) | GR_SUPPRESS);
17222 ++__u32
17223 ++gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
17224 ++{
17225 ++ return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
17226 ++}
17227 +
17228 -+ if (unlikely((current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) &&
17229 -+ ((err & mode) != mode))) {
17230 -+ __u32 new_mode = mode;
17231 ++__u32
17232 ++gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt)
17233 ++{
17234 ++ return generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE,
17235 ++ GR_UNIXCONNECT_ACL_MSG);
17236 ++}
17237 +
17238 -+ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
17239 ++/* hardlinks require at minimum create and link permission,
17240 ++ any additional privilege required is based on the
17241 ++ privilege of the file being linked to
17242 ++*/
17243 ++__u32
17244 ++gr_acl_handle_link(const struct dentry * new_dentry,
17245 ++ const struct dentry * parent_dentry,
17246 ++ const struct vfsmount * parent_mnt,
17247 ++ const struct dentry * old_dentry,
17248 ++ const struct vfsmount * old_mnt, const char *to)
17249 ++{
17250 ++ __u32 mode;
17251 ++ __u32 needmode = GR_CREATE | GR_LINK;
17252 ++ __u32 needaudit = GR_AUDIT_CREATE | GR_AUDIT_LINK;
17253 +
17254 -+ err = 0;
17255 -+ gr_log_learn_sysctl(path, new_mode);
17256 -+ } else if (!(err & GR_FIND) && !(err & GR_SUPPRESS) && op != 0) {
17257 -+ gr_log_hidden_sysctl(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, path);
17258 -+ err = -ENOENT;
17259 -+ } else if (!(err & GR_FIND)) {
17260 -+ err = -ENOENT;
17261 -+ } else if (((err & mode) & ~GR_FIND) != (mode & ~GR_FIND) && !(err & GR_SUPPRESS)) {
17262 -+ gr_log_str4(GR_DONT_AUDIT, GR_SYSCTL_ACL_MSG, "denied",
17263 -+ path, (mode & GR_READ) ? " reading" : "",
17264 -+ (mode & GR_WRITE) ? " writing" : "");
17265 -+ err = -EACCES;
17266 -+ } else if ((err & mode) != mode) {
17267 -+ err = -EACCES;
17268 -+ } else if ((((err & mode) & ~GR_FIND) == (mode & ~GR_FIND)) && (err & GR_AUDITS)) {
17269 -+ gr_log_str4(GR_DO_AUDIT, GR_SYSCTL_ACL_MSG, "successful",
17270 -+ path, (mode & GR_READ) ? " reading" : "",
17271 -+ (mode & GR_WRITE) ? " writing" : "");
17272 -+ err = 0;
17273 -+ } else
17274 -+ err = 0;
17275 ++ mode =
17276 ++ gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry,
17277 ++ old_mnt);
17278 +
17279 -+ out:
17280 -+ preempt_enable();
17281 ++ if (unlikely(((mode & needmode) == needmode) && (mode & needaudit))) {
17282 ++ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
17283 ++ return mode;
17284 ++ } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
17285 ++ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
17286 ++ return 0;
17287 ++ } else if (unlikely((mode & needmode) != needmode))
17288 ++ return 0;
17289 +
17290 -+ return err;
17291 ++ return 1;
17292 +}
17293 -+#endif
17294 +
17295 -+int
17296 -+gr_handle_proc_ptrace(struct task_struct *task)
17297 ++__u32
17298 ++gr_acl_handle_symlink(const struct dentry * new_dentry,
17299 ++ const struct dentry * parent_dentry,
17300 ++ const struct vfsmount * parent_mnt, const char *from)
17301 +{
17302 -+ struct file *filp;
17303 -+ struct task_struct *tmp = task;
17304 -+ struct task_struct *curtemp = current;
17305 -+ __u32 retmode;
17306 ++ __u32 needmode = GR_WRITE | GR_CREATE;
17307 ++ __u32 mode;
17308 +
17309 -+#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
17310 -+ if (unlikely(!(gr_status & GR_READY)))
17311 ++ mode =
17312 ++ gr_check_create(new_dentry, parent_dentry, parent_mnt,
17313 ++ GR_CREATE | GR_AUDIT_CREATE |
17314 ++ GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS);
17315 ++
17316 ++ if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) {
17317 ++ gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
17318 ++ return mode;
17319 ++ } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
17320 ++ gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
17321 ++ return 0;
17322 ++ } else if (unlikely((mode & needmode) != needmode))
17323 + return 0;
17324 -+#endif
17325 +
17326 -+ read_lock(&tasklist_lock);
17327 -+ read_lock(&grsec_exec_file_lock);
17328 -+ filp = task->exec_file;
17329 ++ return (GR_WRITE | GR_CREATE);
17330 ++}
17331 +
17332 -+ while (tmp->pid > 0) {
17333 -+ if (tmp == curtemp)
17334 -+ break;
17335 -+ tmp = tmp->real_parent;
17336 -+ }
17337 ++static __u32 generic_fs_create_handler(const struct dentry *new_dentry, const struct dentry *parent_dentry, const struct vfsmount *parent_mnt, __u32 reqmode, const char *fmt)
17338 ++{
17339 ++ __u32 mode;
17340 +
17341 -+ if (!filp || (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) ||
17342 -+ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE))))) {
17343 -+ read_unlock(&grsec_exec_file_lock);
17344 -+ read_unlock(&tasklist_lock);
17345 -+ return 1;
17346 -+ }
17347 ++ mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
17348 +
17349 -+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
17350 -+ if (!(gr_status & GR_READY)) {
17351 -+ read_unlock(&grsec_exec_file_lock);
17352 -+ read_unlock(&tasklist_lock);
17353 ++ if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
17354 ++ gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, new_dentry, parent_mnt);
17355 ++ return mode;
17356 ++ } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
17357 ++ gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, new_dentry, parent_mnt);
17358 ++ return 0;
17359 ++ } else if (unlikely((mode & (reqmode)) != (reqmode)))
17360 + return 0;
17361 -+ }
17362 -+#endif
17363 -+
17364 -+ retmode = gr_search_file(filp->f_path.dentry, GR_NOPTRACE, filp->f_path.mnt);
17365 -+ read_unlock(&grsec_exec_file_lock);
17366 -+ read_unlock(&tasklist_lock);
17367 -+
17368 -+ if (retmode & GR_NOPTRACE)
17369 -+ return 1;
17370 -+
17371 -+ if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD)
17372 -+ && (current->acl != task->acl || (current->acl != current->role->root_label
17373 -+ && current->pid != task->pid)))
17374 -+ return 1;
17375 +
17376 -+ return 0;
17377 ++ return (reqmode);
17378 +}
17379 +
17380 -+void task_grsec_rbac(struct seq_file *m, struct task_struct *p)
17381 ++__u32
17382 ++gr_acl_handle_mknod(const struct dentry * new_dentry,
17383 ++ const struct dentry * parent_dentry,
17384 ++ const struct vfsmount * parent_mnt,
17385 ++ const int mode)
17386 +{
17387 -+ if (unlikely(!(gr_status & GR_READY)))
17388 -+ return;
17389 ++ __u32 reqmode = GR_WRITE | GR_CREATE;
17390 ++ if (unlikely((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))
17391 ++ reqmode |= GR_SETID;
17392 +
17393 -+ if (!(current->role->roletype & GR_ROLE_GOD))
17394 -+ return;
17395 ++ return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
17396 ++ reqmode, GR_MKNOD_ACL_MSG);
17397 ++}
17398 +
17399 -+ seq_printf(m, "RBAC:\t%.64s:%c:%.950s\n",
17400 -+ p->role->rolename, gr_task_roletype_to_char(p),
17401 -+ p->acl->filename);
17402 ++__u32
17403 ++gr_acl_handle_mkdir(const struct dentry *new_dentry,
17404 ++ const struct dentry *parent_dentry,
17405 ++ const struct vfsmount *parent_mnt)
17406 ++{
17407 ++ return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
17408 ++ GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG);
17409 +}
17410 +
17411 ++#define RENAME_CHECK_SUCCESS(old, new) \
17412 ++ (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \
17413 ++ ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)))
17414 ++
17415 +int
17416 -+gr_handle_ptrace(struct task_struct *task, const long request)
17417 ++gr_acl_handle_rename(struct dentry *new_dentry,
17418 ++ struct dentry *parent_dentry,
17419 ++ const struct vfsmount *parent_mnt,
17420 ++ struct dentry *old_dentry,
17421 ++ struct inode *old_parent_inode,
17422 ++ struct vfsmount *old_mnt, const char *newname)
17423 +{
17424 -+ struct task_struct *tmp = task;
17425 -+ struct task_struct *curtemp = current;
17426 -+ __u32 retmode;
17427 ++ __u32 comp1, comp2;
17428 ++ int error = 0;
17429 +
17430 -+#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
17431 -+ if (unlikely(!(gr_status & GR_READY)))
17432 ++ if (unlikely(!gr_acl_is_enabled()))
17433 + return 0;
17434 -+#endif
17435 -+ if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
17436 -+ read_lock(&tasklist_lock);
17437 -+ while (tmp->pid > 0) {
17438 -+ if (tmp == curtemp)
17439 -+ break;
17440 -+ tmp = tmp->real_parent;
17441 -+ }
17442 +
17443 -+ if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) ||
17444 -+ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) {
17445 -+ read_unlock(&tasklist_lock);
17446 -+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
17447 -+ return 1;
17448 -+ }
17449 -+ read_unlock(&tasklist_lock);
17450 ++ if (!new_dentry->d_inode) {
17451 ++ comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt,
17452 ++ GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ |
17453 ++ GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS);
17454 ++ comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE |
17455 ++ GR_DELETE | GR_AUDIT_DELETE |
17456 ++ GR_AUDIT_READ | GR_AUDIT_WRITE |
17457 ++ GR_SUPPRESS, old_mnt);
17458 ++ } else {
17459 ++ comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
17460 ++ GR_CREATE | GR_DELETE |
17461 ++ GR_AUDIT_CREATE | GR_AUDIT_DELETE |
17462 ++ GR_AUDIT_READ | GR_AUDIT_WRITE |
17463 ++ GR_SUPPRESS, parent_mnt);
17464 ++ comp2 =
17465 ++ gr_search_file(old_dentry,
17466 ++ GR_READ | GR_WRITE | GR_AUDIT_READ |
17467 ++ GR_DELETE | GR_AUDIT_DELETE |
17468 ++ GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
17469 + }
17470 +
17471 -+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
17472 -+ if (!(gr_status & GR_READY))
17473 -+ return 0;
17474 -+#endif
17475 ++ if (RENAME_CHECK_SUCCESS(comp1, comp2) &&
17476 ++ ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS)))
17477 ++ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
17478 ++ else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS)
17479 ++ && !(comp2 & GR_SUPPRESS)) {
17480 ++ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
17481 ++ error = -EACCES;
17482 ++ } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2)))
17483 ++ error = -EACCES;
17484 +
17485 -+ read_lock(&grsec_exec_file_lock);
17486 -+ if (unlikely(!task->exec_file)) {
17487 -+ read_unlock(&grsec_exec_file_lock);
17488 -+ return 0;
17489 -+ }
17490 ++ return error;
17491 ++}
17492 +
17493 -+ retmode = gr_search_file(task->exec_file->f_path.dentry, GR_PTRACERD | GR_NOPTRACE, task->exec_file->f_path.mnt);
17494 -+ read_unlock(&grsec_exec_file_lock);
17495 ++void
17496 ++gr_acl_handle_exit(void)
17497 ++{
17498 ++ u16 id;
17499 ++ char *rolename;
17500 +
17501 -+ if (retmode & GR_NOPTRACE) {
17502 -+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
17503 -+ return 1;
17504 -+ }
17505 -+
17506 -+ if (retmode & GR_PTRACERD) {
17507 -+ switch (request) {
17508 -+ case PTRACE_SEIZE:
17509 -+ case PTRACE_POKETEXT:
17510 -+ case PTRACE_POKEDATA:
17511 -+ case PTRACE_POKEUSR:
17512 -+#if !defined(CONFIG_PPC32) && !defined(CONFIG_PPC64) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA) && !defined(CONFIG_IA64)
17513 -+ case PTRACE_SETREGS:
17514 -+ case PTRACE_SETFPREGS:
17515 -+#endif
17516 -+#ifdef CONFIG_X86
17517 -+ case PTRACE_SETFPXREGS:
17518 -+#endif
17519 -+#ifdef CONFIG_ALTIVEC
17520 -+ case PTRACE_SETVRREGS:
17521 -+#endif
17522 -+ return 1;
17523 -+ default:
17524 -+ return 0;
17525 -+ }
17526 -+ } else if (!(current->acl->mode & GR_POVERRIDE) &&
17527 -+ !(current->role->roletype & GR_ROLE_GOD) &&
17528 -+ (current->acl != task->acl)) {
17529 -+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
17530 -+ return 1;
17531 ++ if (unlikely(current->acl_sp_role && gr_acl_is_enabled() &&
17532 ++ !(current->role->roletype & GR_ROLE_PERSIST))) {
17533 ++ id = current->acl_role_id;
17534 ++ rolename = current->role->rolename;
17535 ++ gr_set_acls(1);
17536 ++ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id);
17537 + }
17538 +
17539 -+ return 0;
17540 ++ gr_put_exec_file(current);
17541 ++ return;
17542 +}
17543 +
17544 -+static int is_writable_mmap(const struct file *filp)
17545 ++int
17546 ++gr_acl_handle_procpidmem(const struct task_struct *task)
17547 +{
17548 -+ struct task_struct *task = current;
17549 -+ struct acl_object_label *obj, *obj2;
17550 ++ if (unlikely(!gr_acl_is_enabled()))
17551 ++ return 0;
17552 ++
17553 ++ if (task != current && task->acl->mode & GR_PROTPROCFD)
17554 ++ return -EACCES;
17555 +
17556 -+ if (gr_status & GR_READY && !(task->acl->mode & GR_OVERRIDE) &&
17557 -+ !task->is_writable && S_ISREG(filp->f_path.dentry->d_inode->i_mode) && (filp->f_path.mnt != shm_mnt || (filp->f_path.dentry->d_inode->i_nlink > 0))) {
17558 -+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
17559 -+ obj2 = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt,
17560 -+ task->role->root_label);
17561 -+ if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) {
17562 -+ gr_log_fs_generic(GR_DONT_AUDIT, GR_WRITLIB_ACL_MSG, filp->f_path.dentry, filp->f_path.mnt);
17563 -+ return 1;
17564 -+ }
17565 -+ }
17566 + return 0;
17567 +}
17568 +diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
17569 +new file mode 100644
17570 +index 0000000..35f8064
17571 +--- /dev/null
17572 ++++ b/grsecurity/gracl_ip.c
17573 +@@ -0,0 +1,386 @@
17574 ++#include <linux/kernel.h>
17575 ++#include <asm/uaccess.h>
17576 ++#include <asm/errno.h>
17577 ++#include <net/sock.h>
17578 ++#include <linux/file.h>
17579 ++#include <linux/fs.h>
17580 ++#include <linux/net.h>
17581 ++#include <linux/in.h>
17582 ++#include <linux/skbuff.h>
17583 ++#include <linux/ip.h>
17584 ++#include <linux/udp.h>
17585 ++#include <linux/types.h>
17586 ++#include <linux/sched.h>
17587 ++#include <linux/netdevice.h>
17588 ++#include <linux/inetdevice.h>
17589 ++#include <linux/gracl.h>
17590 ++#include <linux/grsecurity.h>
17591 ++#include <linux/grinternal.h>
17592 +
17593 -+int
17594 -+gr_acl_handle_mmap(const struct file *file, const unsigned long prot)
17595 -+{
17596 -+ __u32 mode;
17597 ++#define GR_BIND 0x01
17598 ++#define GR_CONNECT 0x02
17599 ++#define GR_INVERT 0x04
17600 ++#define GR_BINDOVERRIDE 0x08
17601 ++#define GR_CONNECTOVERRIDE 0x10
17602 ++#define GR_SOCK_FAMILY 0x20
17603 +
17604 -+ if (unlikely(!file || !(prot & PROT_EXEC)))
17605 -+ return 1;
17606 ++static const char * gr_protocols[IPPROTO_MAX] = {
17607 ++ "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt",
17608 ++ "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet",
17609 ++ "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1",
17610 ++ "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp",
17611 ++ "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++",
17612 ++ "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre",
17613 ++ "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile",
17614 ++ "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63",
17615 ++ "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv",
17616 ++ "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak",
17617 ++ "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf",
17618 ++ "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp",
17619 ++ "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim",
17620 ++ "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip",
17621 ++ "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp",
17622 ++ "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup",
17623 ++ "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135",
17624 ++ "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143",
17625 ++ "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151",
17626 ++ "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159",
17627 ++ "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167",
17628 ++ "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175",
17629 ++ "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183",
17630 ++ "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191",
17631 ++ "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199",
17632 ++ "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207",
17633 ++ "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215",
17634 ++ "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223",
17635 ++ "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231",
17636 ++ "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239",
17637 ++ "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247",
17638 ++ "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255",
17639 ++ };
17640 +
17641 -+ if (is_writable_mmap(file))
17642 -+ return 0;
17643 ++static const char * gr_socktypes[SOCK_MAX] = {
17644 ++ "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6",
17645 ++ "unknown:7", "unknown:8", "unknown:9", "packet"
17646 ++ };
17647 +
17648 -+ mode =
17649 -+ gr_search_file(file->f_path.dentry,
17650 -+ GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
17651 -+ file->f_path.mnt);
17652 ++static const char * gr_sockfamilies[AF_MAX+1] = {
17653 ++ "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25",
17654 ++ "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash",
17655 ++ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28",
17656 ++ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf"
17657 ++ };
17658 +
17659 -+ if (!gr_tpe_allow(file))
17660 -+ return 0;
17661 ++const char *
17662 ++gr_proto_to_name(unsigned char proto)
17663 ++{
17664 ++ return gr_protocols[proto];
17665 ++}
17666 +
17667 -+ if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
17668 -+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
17669 -+ return 0;
17670 -+ } else if (unlikely(!(mode & GR_EXEC))) {
17671 -+ return 0;
17672 -+ } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
17673 -+ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
17674 -+ return 1;
17675 -+ }
17676 ++const char *
17677 ++gr_socktype_to_name(unsigned char type)
17678 ++{
17679 ++ return gr_socktypes[type];
17680 ++}
17681 +
17682 -+ return 1;
17683 ++const char *
17684 ++gr_sockfamily_to_name(unsigned char family)
17685 ++{
17686 ++ return gr_sockfamilies[family];
17687 +}
17688 +
17689 ++extern const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
17690 ++
17691 +int
17692 -+gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
17693 ++gr_search_socket(const int domain, const int type, const int protocol)
17694 +{
17695 -+ __u32 mode;
17696 -+
17697 -+ if (unlikely(!file || !(prot & PROT_EXEC)))
17698 -+ return 1;
17699 ++ struct acl_subject_label *curr;
17700 ++ const struct cred *cred = current_cred();
17701 +
17702 -+ if (is_writable_mmap(file))
17703 -+ return 0;
17704 ++ if (unlikely(!gr_acl_is_enabled()))
17705 ++ goto exit;
17706 +
17707 -+ mode =
17708 -+ gr_search_file(file->f_path.dentry,
17709 -+ GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
17710 -+ file->f_path.mnt);
17711 ++ if ((domain < 0) || (type < 0) || (protocol < 0) ||
17712 ++ (domain >= AF_MAX) || (type >= SOCK_MAX) || (protocol >= IPPROTO_MAX))
17713 ++ goto exit; // let the kernel handle it
17714 +
17715 -+ if (!gr_tpe_allow(file))
17716 -+ return 0;
17717 ++ curr = current->acl;
17718 +
17719 -+ if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
17720 -+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
17721 -+ return 0;
17722 -+ } else if (unlikely(!(mode & GR_EXEC))) {
17723 -+ return 0;
17724 -+ } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
17725 -+ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
17726 -+ return 1;
17727 ++ if (curr->sock_families[domain / 32] & (1U << (domain % 32))) {
17728 ++ /* the family is allowed, if this is PF_INET allow it only if
17729 ++ the extra sock type/protocol checks pass */
17730 ++ if (domain == PF_INET)
17731 ++ goto inet_check;
17732 ++ goto exit;
17733 ++ } else {
17734 ++ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
17735 ++ __u32 fakeip = 0;
17736 ++ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
17737 ++ current->role->roletype, cred->uid,
17738 ++ cred->gid, current->exec_file ?
17739 ++ gr_to_filename(current->exec_file->f_path.dentry,
17740 ++ current->exec_file->f_path.mnt) :
17741 ++ curr->filename, curr->filename,
17742 ++ &fakeip, domain, 0, 0, GR_SOCK_FAMILY,
17743 ++ &current->signal->saved_ip);
17744 ++ goto exit;
17745 ++ }
17746 ++ goto exit_fail;
17747 + }
17748 +
17749 -+ return 1;
17750 -+}
17751 -+
17752 -+void
17753 -+gr_acl_handle_psacct(struct task_struct *task, const long code)
17754 -+{
17755 -+ unsigned long runtime;
17756 -+ unsigned long cputime;
17757 -+ unsigned int wday, cday;
17758 -+ __u8 whr, chr;
17759 -+ __u8 wmin, cmin;
17760 -+ __u8 wsec, csec;
17761 -+ struct timespec timeval;
17762 -+
17763 -+ if (unlikely(!(gr_status & GR_READY) || !task->acl ||
17764 -+ !(task->acl->mode & GR_PROCACCT)))
17765 -+ return;
17766 ++inet_check:
17767 ++ /* the rest of this checking is for IPv4 only */
17768 ++ if (!curr->ips)
17769 ++ goto exit;
17770 +
17771 -+ do_posix_clock_monotonic_gettime(&timeval);
17772 -+ runtime = timeval.tv_sec - task->start_time.tv_sec;
17773 -+ wday = runtime / (3600 * 24);
17774 -+ runtime -= wday * (3600 * 24);
17775 -+ whr = runtime / 3600;
17776 -+ runtime -= whr * 3600;
17777 -+ wmin = runtime / 60;
17778 -+ runtime -= wmin * 60;
17779 -+ wsec = runtime;
17780 ++ if ((curr->ip_type & (1U << type)) &&
17781 ++ (curr->ip_proto[protocol / 32] & (1U << (protocol % 32))))
17782 ++ goto exit;
17783 +
17784 -+ cputime = (task->utime + task->stime) / HZ;
17785 -+ cday = cputime / (3600 * 24);
17786 -+ cputime -= cday * (3600 * 24);
17787 -+ chr = cputime / 3600;
17788 -+ cputime -= chr * 3600;
17789 -+ cmin = cputime / 60;
17790 -+ cputime -= cmin * 60;
17791 -+ csec = cputime;
17792 ++ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
17793 ++ /* we don't place acls on raw sockets , and sometimes
17794 ++ dgram/ip sockets are opened for ioctl and not
17795 ++ bind/connect, so we'll fake a bind learn log */
17796 ++ if (type == SOCK_RAW || type == SOCK_PACKET) {
17797 ++ __u32 fakeip = 0;
17798 ++ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
17799 ++ current->role->roletype, cred->uid,
17800 ++ cred->gid, current->exec_file ?
17801 ++ gr_to_filename(current->exec_file->f_path.dentry,
17802 ++ current->exec_file->f_path.mnt) :
17803 ++ curr->filename, curr->filename,
17804 ++ &fakeip, 0, type,
17805 ++ protocol, GR_CONNECT, &current->signal->saved_ip);
17806 ++ } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
17807 ++ __u32 fakeip = 0;
17808 ++ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
17809 ++ current->role->roletype, cred->uid,
17810 ++ cred->gid, current->exec_file ?
17811 ++ gr_to_filename(current->exec_file->f_path.dentry,
17812 ++ current->exec_file->f_path.mnt) :
17813 ++ curr->filename, curr->filename,
17814 ++ &fakeip, 0, type,
17815 ++ protocol, GR_BIND, &current->signal->saved_ip);
17816 ++ }
17817 ++ /* we'll log when they use connect or bind */
17818 ++ goto exit;
17819 ++ }
17820 +
17821 -+ gr_log_procacct(GR_DO_AUDIT, GR_ACL_PROCACCT_MSG, task, wday, whr, wmin, wsec, cday, chr, cmin, csec, code);
17822 ++exit_fail:
17823 ++ if (domain == PF_INET)
17824 ++ gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(domain),
17825 ++ gr_socktype_to_name(type), gr_proto_to_name(protocol));
17826 ++ else if (rcu_access_pointer(net_families[domain]) != NULL)
17827 ++ gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(domain),
17828 ++ gr_socktype_to_name(type), protocol);
17829 +
17830 -+ return;
17831 ++ return 0;
17832 ++exit:
17833 ++ return 1;
17834 +}
17835 +
17836 -+void gr_set_kernel_label(struct task_struct *task)
17837 ++int check_ip_policy(struct acl_ip_label *ip, __u32 ip_addr, __u16 ip_port, __u8 protocol, const int mode, const int type, __u32 our_addr, __u32 our_netmask)
17838 +{
17839 -+ if (gr_status & GR_READY) {
17840 -+ task->role = kernel_role;
17841 -+ task->acl = kernel_role->root_label;
17842 ++ if ((ip->mode & mode) &&
17843 ++ (ip_port >= ip->low) &&
17844 ++ (ip_port <= ip->high) &&
17845 ++ ((ntohl(ip_addr) & our_netmask) ==
17846 ++ (ntohl(our_addr) & our_netmask))
17847 ++ && (ip->proto[protocol / 32] & (1U << (protocol % 32)))
17848 ++ && (ip->type & (1U << type))) {
17849 ++ if (ip->mode & GR_INVERT)
17850 ++ return 2; // specifically denied
17851 ++ else
17852 ++ return 1; // allowed
17853 + }
17854 -+ return;
17855 ++
17856 ++ return 0; // not specifically allowed, may continue parsing
17857 +}
17858 +
17859 -+#ifdef CONFIG_TASKSTATS
17860 -+int gr_is_taskstats_denied(int pid)
17861 ++static int
17862 ++gr_search_connectbind(const int full_mode, struct sock *sk,
17863 ++ struct sockaddr_in *addr, const int type)
17864 +{
17865 -+ struct task_struct *task;
17866 -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
17867 -+ const struct cred *cred;
17868 -+#endif
17869 -+ int ret = 0;
17870 -+
17871 -+ /* restrict taskstats viewing to un-chrooted root users
17872 -+ who have the 'view' subject flag if the RBAC system is enabled
17873 -+ */
17874 ++ char iface[IFNAMSIZ] = {0};
17875 ++ struct acl_subject_label *curr;
17876 ++ struct acl_ip_label *ip;
17877 ++ struct inet_sock *isk;
17878 ++ struct net_device *dev;
17879 ++ struct in_device *idev;
17880 ++ unsigned long i;
17881 ++ int ret;
17882 ++ int mode = full_mode & (GR_BIND | GR_CONNECT);
17883 ++ __u32 ip_addr = 0;
17884 ++ __u32 our_addr;
17885 ++ __u32 our_netmask;
17886 ++ char *p;
17887 ++ __u16 ip_port = 0;
17888 ++ const struct cred *cred = current_cred();
17889 +
17890 -+ rcu_read_lock();
17891 -+ read_lock(&tasklist_lock);
17892 -+ task = find_task_by_vpid(pid);
17893 -+ if (task) {
17894 -+#ifdef CONFIG_GRKERNSEC_CHROOT
17895 -+ if (proc_is_chrooted(task))
17896 -+ ret = -EACCES;
17897 -+#endif
17898 -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
17899 -+ cred = __task_cred(task);
17900 -+#ifdef CONFIG_GRKERNSEC_PROC_USER
17901 -+ if (cred->uid != 0)
17902 -+ ret = -EACCES;
17903 -+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
17904 -+ if (cred->uid != 0 && !groups_search(cred->group_info, grsec_proc_gid))
17905 -+ ret = -EACCES;
17906 -+#endif
17907 -+#endif
17908 -+ if (gr_status & GR_READY) {
17909 -+ if (!(task->acl->mode & GR_VIEW))
17910 -+ ret = -EACCES;
17911 -+ }
17912 -+ } else
17913 -+ ret = -ENOENT;
17914 ++ if (unlikely(!gr_acl_is_enabled() || sk->sk_family != PF_INET))
17915 ++ return 0;
17916 +
17917 -+ read_unlock(&tasklist_lock);
17918 -+ rcu_read_unlock();
17919 ++ curr = current->acl;
17920 ++ isk = inet_sk(sk);
17921 +
17922 -+ return ret;
17923 -+}
17924 -+#endif
17925 ++ /* INADDR_ANY overriding for binds, inaddr_any_override is already in network order */
17926 ++ if ((full_mode & GR_BINDOVERRIDE) && addr->sin_addr.s_addr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0)
17927 ++ addr->sin_addr.s_addr = curr->inaddr_any_override;
17928 ++ if ((full_mode & GR_CONNECT) && isk->inet_saddr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0) {
17929 ++ struct sockaddr_in saddr;
17930 ++ int err;
17931 +
17932 -+/* AUXV entries are filled via a descendant of search_binary_handler
17933 -+ after we've already applied the subject for the target
17934 -+*/
17935 -+int gr_acl_enable_at_secure(void)
17936 -+{
17937 -+ if (unlikely(!(gr_status & GR_READY)))
17938 -+ return 0;
17939 ++ saddr.sin_family = AF_INET;
17940 ++ saddr.sin_addr.s_addr = curr->inaddr_any_override;
17941 ++ saddr.sin_port = isk->inet_sport;
17942 +
17943 -+ if (current->acl->mode & GR_ATSECURE)
17944 -+ return 1;
17945 ++ err = security_socket_bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
17946 ++ if (err)
17947 ++ return err;
17948 +
17949 -+ return 0;
17950 -+}
17951 -+
17952 -+int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino)
17953 -+{
17954 -+ struct task_struct *task = current;
17955 -+ struct dentry *dentry = file->f_path.dentry;
17956 -+ struct vfsmount *mnt = file->f_path.mnt;
17957 -+ struct acl_object_label *obj, *tmp;
17958 -+ struct acl_subject_label *subj;
17959 -+ unsigned int bufsize;
17960 -+ int is_not_root;
17961 -+ char *path;
17962 -+ dev_t dev = __get_dev(dentry);
17963 ++ err = sk->sk_socket->ops->bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
17964 ++ if (err)
17965 ++ return err;
17966 ++ }
17967 +
17968 -+ if (unlikely(!(gr_status & GR_READY)))
17969 -+ return 1;
17970 ++ if (!curr->ips)
17971 ++ return 0;
17972 +
17973 -+ if (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))
17974 -+ return 1;
17975 ++ ip_addr = addr->sin_addr.s_addr;
17976 ++ ip_port = ntohs(addr->sin_port);
17977 +
17978 -+ /* ignore Eric Biederman */
17979 -+ if (IS_PRIVATE(dentry->d_inode))
17980 -+ return 1;
17981 ++ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
17982 ++ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
17983 ++ current->role->roletype, cred->uid,
17984 ++ cred->gid, current->exec_file ?
17985 ++ gr_to_filename(current->exec_file->f_path.dentry,
17986 ++ current->exec_file->f_path.mnt) :
17987 ++ curr->filename, curr->filename,
17988 ++ &ip_addr, ip_port, type,
17989 ++ sk->sk_protocol, mode, &current->signal->saved_ip);
17990 ++ return 0;
17991 ++ }
17992 +
17993 -+ subj = task->acl;
17994 -+ read_lock(&gr_inode_lock);
17995 -+ do {
17996 -+ obj = lookup_acl_obj_label(ino, dev, subj);
17997 -+ if (obj != NULL) {
17998 -+ read_unlock(&gr_inode_lock);
17999 -+ return (obj->mode & GR_FIND) ? 1 : 0;
18000 ++ for (i = 0; i < curr->ip_num; i++) {
18001 ++ ip = *(curr->ips + i);
18002 ++ if (ip->iface != NULL) {
18003 ++ strncpy(iface, ip->iface, IFNAMSIZ - 1);
18004 ++ p = strchr(iface, ':');
18005 ++ if (p != NULL)
18006 ++ *p = '\0';
18007 ++ dev = dev_get_by_name(sock_net(sk), iface);
18008 ++ if (dev == NULL)
18009 ++ continue;
18010 ++ idev = in_dev_get(dev);
18011 ++ if (idev == NULL) {
18012 ++ dev_put(dev);
18013 ++ continue;
18014 ++ }
18015 ++ rcu_read_lock();
18016 ++ for_ifa(idev) {
18017 ++ if (!strcmp(ip->iface, ifa->ifa_label)) {
18018 ++ our_addr = ifa->ifa_address;
18019 ++ our_netmask = 0xffffffff;
18020 ++ ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
18021 ++ if (ret == 1) {
18022 ++ rcu_read_unlock();
18023 ++ in_dev_put(idev);
18024 ++ dev_put(dev);
18025 ++ return 0;
18026 ++ } else if (ret == 2) {
18027 ++ rcu_read_unlock();
18028 ++ in_dev_put(idev);
18029 ++ dev_put(dev);
18030 ++ goto denied;
18031 ++ }
18032 ++ }
18033 ++ } endfor_ifa(idev);
18034 ++ rcu_read_unlock();
18035 ++ in_dev_put(idev);
18036 ++ dev_put(dev);
18037 ++ } else {
18038 ++ our_addr = ip->addr;
18039 ++ our_netmask = ip->netmask;
18040 ++ ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
18041 ++ if (ret == 1)
18042 ++ return 0;
18043 ++ else if (ret == 2)
18044 ++ goto denied;
18045 + }
18046 -+ } while ((subj = subj->parent_subject));
18047 -+ read_unlock(&gr_inode_lock);
18048 -+
18049 -+ /* this is purely an optimization since we're looking for an object
18050 -+ for the directory we're doing a readdir on
18051 -+ if it's possible for any globbed object to match the entry we're
18052 -+ filling into the directory, then the object we find here will be
18053 -+ an anchor point with attached globbed objects
18054 -+ */
18055 -+ obj = chk_obj_label_noglob(dentry, mnt, task->acl);
18056 -+ if (obj->globbed == NULL)
18057 -+ return (obj->mode & GR_FIND) ? 1 : 0;
18058 ++ }
18059 +
18060 -+ is_not_root = ((obj->filename[0] == '/') &&
18061 -+ (obj->filename[1] == '\0')) ? 0 : 1;
18062 -+ bufsize = PAGE_SIZE - namelen - is_not_root;
18063 ++denied:
18064 ++ if (mode == GR_BIND)
18065 ++ gr_log_int5_str2(GR_DONT_AUDIT, GR_BIND_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
18066 ++ else if (mode == GR_CONNECT)
18067 ++ gr_log_int5_str2(GR_DONT_AUDIT, GR_CONNECT_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
18068 +
18069 -+ /* check bufsize > PAGE_SIZE || bufsize == 0 */
18070 -+ if (unlikely((bufsize - 1) > (PAGE_SIZE - 1)))
18071 -+ return 1;
18072 ++ return -EACCES;
18073 ++}
18074 +
18075 -+ preempt_disable();
18076 -+ path = d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
18077 -+ bufsize);
18078 ++int
18079 ++gr_search_connect(struct socket *sock, struct sockaddr_in *addr)
18080 ++{
18081 ++ /* always allow disconnection of dgram sockets with connect */
18082 ++ if (addr->sin_family == AF_UNSPEC)
18083 ++ return 0;
18084 ++ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type);
18085 ++}
18086 +
18087 -+ bufsize = strlen(path);
18088 ++int
18089 ++gr_search_bind(struct socket *sock, struct sockaddr_in *addr)
18090 ++{
18091 ++ return gr_search_connectbind(GR_BIND | GR_BINDOVERRIDE, sock->sk, addr, sock->type);
18092 ++}
18093 +
18094 -+ /* if base is "/", don't append an additional slash */
18095 -+ if (is_not_root)
18096 -+ *(path + bufsize) = '/';
18097 -+ memcpy(path + bufsize + is_not_root, name, namelen);
18098 -+ *(path + bufsize + namelen + is_not_root) = '\0';
18099 ++int gr_search_listen(struct socket *sock)
18100 ++{
18101 ++ struct sock *sk = sock->sk;
18102 ++ struct sockaddr_in addr;
18103 +
18104 -+ tmp = obj->globbed;
18105 -+ while (tmp) {
18106 -+ if (!glob_match(tmp->filename, path)) {
18107 -+ preempt_enable();
18108 -+ return (tmp->mode & GR_FIND) ? 1 : 0;
18109 -+ }
18110 -+ tmp = tmp->next;
18111 -+ }
18112 -+ preempt_enable();
18113 -+ return (obj->mode & GR_FIND) ? 1 : 0;
18114 ++ addr.sin_addr.s_addr = inet_sk(sk)->inet_saddr;
18115 ++ addr.sin_port = inet_sk(sk)->inet_sport;
18116 ++
18117 ++ return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
18118 +}
18119 +
18120 -+void gr_put_exec_file(struct task_struct *task)
18121 ++int gr_search_accept(struct socket *sock)
18122 +{
18123 -+ struct file *filp;
18124 ++ struct sock *sk = sock->sk;
18125 ++ struct sockaddr_in addr;
18126 +
18127 -+ write_lock(&grsec_exec_file_lock);
18128 -+ filp = task->exec_file;
18129 -+ task->exec_file = NULL;
18130 -+ write_unlock(&grsec_exec_file_lock);
18131 ++ addr.sin_addr.s_addr = inet_sk(sk)->inet_saddr;
18132 ++ addr.sin_port = inet_sk(sk)->inet_sport;
18133 +
18134 -+ if (filp)
18135 -+ fput(filp);
18136 ++ return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
18137 ++}
18138 +
18139 -+ return;
18140 ++int
18141 ++gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr)
18142 ++{
18143 ++ if (addr)
18144 ++ return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM);
18145 ++ else {
18146 ++ struct sockaddr_in sin;
18147 ++ const struct inet_sock *inet = inet_sk(sk);
18148 ++
18149 ++ sin.sin_addr.s_addr = inet->inet_daddr;
18150 ++ sin.sin_port = inet->inet_dport;
18151 ++
18152 ++ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
18153 ++ }
18154 +}
18155 +
18156 ++int
18157 ++gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb)
18158 ++{
18159 ++ struct sockaddr_in sin;
18160 ++
18161 ++ if (unlikely(skb->len < sizeof (struct udphdr)))
18162 ++ return 0; // skip this packet
18163 +
18164 -+#ifdef CONFIG_NETFILTER_XT_MATCH_GRADM_MODULE
18165 -+EXPORT_SYMBOL(gr_acl_is_enabled);
18166 -+#endif
18167 -+EXPORT_SYMBOL(gr_learn_resource);
18168 -+EXPORT_SYMBOL(gr_set_kernel_label);
18169 -+#ifdef CONFIG_SECURITY
18170 -+EXPORT_SYMBOL(gr_check_user_change);
18171 -+EXPORT_SYMBOL(gr_check_group_change);
18172 -+#endif
18173 ++ sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
18174 ++ sin.sin_port = udp_hdr(skb)->source;
18175 +
18176 -diff --git a/grsecurity/gracl_alloc.c b/grsecurity/gracl_alloc.c
18177 ++ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
18178 ++}
18179 +diff --git a/grsecurity/gracl_learn.c b/grsecurity/gracl_learn.c
18180 new file mode 100644
18181 -index 0000000..34fefda
18182 +index 0000000..25f54ef
18183 --- /dev/null
18184 -+++ b/grsecurity/gracl_alloc.c
18185 -@@ -0,0 +1,105 @@
18186 ++++ b/grsecurity/gracl_learn.c
18187 +@@ -0,0 +1,207 @@
18188 +#include <linux/kernel.h>
18189 +#include <linux/mm.h>
18190 -+#include <linux/slab.h>
18191 ++#include <linux/sched.h>
18192 ++#include <linux/poll.h>
18193 ++#include <linux/string.h>
18194 ++#include <linux/file.h>
18195 ++#include <linux/types.h>
18196 +#include <linux/vmalloc.h>
18197 -+#include <linux/gracl.h>
18198 -+#include <linux/grsecurity.h>
18199 ++#include <linux/grinternal.h>
18200 +
18201 -+static unsigned long alloc_stack_next = 1;
18202 -+static unsigned long alloc_stack_size = 1;
18203 -+static void **alloc_stack;
18204 ++extern ssize_t write_grsec_handler(struct file * file, const char __user * buf,
18205 ++ size_t count, loff_t *ppos);
18206 ++extern int gr_acl_is_enabled(void);
18207 +
18208 -+static __inline__ int
18209 -+alloc_pop(void)
18210 -+{
18211 -+ if (alloc_stack_next == 1)
18212 -+ return 0;
18213 ++static DECLARE_WAIT_QUEUE_HEAD(learn_wait);
18214 ++static int gr_learn_attached;
18215 +
18216 -+ kfree(alloc_stack[alloc_stack_next - 2]);
18217 ++/* use a 512k buffer */
18218 ++#define LEARN_BUFFER_SIZE (512 * 1024)
18219 +
18220 -+ alloc_stack_next--;
18221 ++static DEFINE_SPINLOCK(gr_learn_lock);
18222 ++static DEFINE_MUTEX(gr_learn_user_mutex);
18223 +
18224 -+ return 1;
18225 -+}
18226 ++/* we need to maintain two buffers, so that the kernel context of grlearn
18227 ++ uses a semaphore around the userspace copying, and the other kernel contexts
18228 ++ use a spinlock when copying into the buffer, since they cannot sleep
18229 ++*/
18230 ++static char *learn_buffer;
18231 ++static char *learn_buffer_user;
18232 ++static int learn_buffer_len;
18233 ++static int learn_buffer_user_len;
18234 +
18235 -+static __inline__ int
18236 -+alloc_push(void *buf)
18237 ++static ssize_t
18238 ++read_learn(struct file *file, char __user * buf, size_t count, loff_t * ppos)
18239 +{
18240 -+ if (alloc_stack_next >= alloc_stack_size)
18241 -+ return 1;
18242 ++ DECLARE_WAITQUEUE(wait, current);
18243 ++ ssize_t retval = 0;
18244 +
18245 -+ alloc_stack[alloc_stack_next - 1] = buf;
18246 ++ add_wait_queue(&learn_wait, &wait);
18247 ++ set_current_state(TASK_INTERRUPTIBLE);
18248 ++ do {
18249 ++ mutex_lock(&gr_learn_user_mutex);
18250 ++ spin_lock(&gr_learn_lock);
18251 ++ if (learn_buffer_len)
18252 ++ break;
18253 ++ spin_unlock(&gr_learn_lock);
18254 ++ mutex_unlock(&gr_learn_user_mutex);
18255 ++ if (file->f_flags & O_NONBLOCK) {
18256 ++ retval = -EAGAIN;
18257 ++ goto out;
18258 ++ }
18259 ++ if (signal_pending(current)) {
18260 ++ retval = -ERESTARTSYS;
18261 ++ goto out;
18262 ++ }
18263 +
18264 -+ alloc_stack_next++;
18265 ++ schedule();
18266 ++ } while (1);
18267 +
18268 -+ return 0;
18269 -+}
18270 ++ memcpy(learn_buffer_user, learn_buffer, learn_buffer_len);
18271 ++ learn_buffer_user_len = learn_buffer_len;
18272 ++ retval = learn_buffer_len;
18273 ++ learn_buffer_len = 0;
18274 +
18275 -+void *
18276 -+acl_alloc(unsigned long len)
18277 -+{
18278 -+ void *ret = NULL;
18279 ++ spin_unlock(&gr_learn_lock);
18280 +
18281 -+ if (!len || len > PAGE_SIZE)
18282 -+ goto out;
18283 ++ if (copy_to_user(buf, learn_buffer_user, learn_buffer_user_len))
18284 ++ retval = -EFAULT;
18285 +
18286 -+ ret = kmalloc(len, GFP_KERNEL);
18287 ++ mutex_unlock(&gr_learn_user_mutex);
18288 ++out:
18289 ++ set_current_state(TASK_RUNNING);
18290 ++ remove_wait_queue(&learn_wait, &wait);
18291 ++ return retval;
18292 ++}
18293 +
18294 -+ if (ret) {
18295 -+ if (alloc_push(ret)) {
18296 -+ kfree(ret);
18297 -+ ret = NULL;
18298 -+ }
18299 -+ }
18300 ++static unsigned int
18301 ++poll_learn(struct file * file, poll_table * wait)
18302 ++{
18303 ++ poll_wait(file, &learn_wait, wait);
18304 +
18305 -+out:
18306 -+ return ret;
18307 ++ if (learn_buffer_len)
18308 ++ return (POLLIN | POLLRDNORM);
18309 ++
18310 ++ return 0;
18311 +}
18312 +
18313 -+void *
18314 -+acl_alloc_num(unsigned long num, unsigned long len)
18315 ++void
18316 ++gr_clear_learn_entries(void)
18317 +{
18318 -+ if (!len || (num > (PAGE_SIZE / len)))
18319 -+ return NULL;
18320 ++ char *tmp;
18321 +
18322 -+ return acl_alloc(num * len);
18323 ++ mutex_lock(&gr_learn_user_mutex);
18324 ++ spin_lock(&gr_learn_lock);
18325 ++ tmp = learn_buffer;
18326 ++ learn_buffer = NULL;
18327 ++ spin_unlock(&gr_learn_lock);
18328 ++ if (tmp)
18329 ++ vfree(tmp);
18330 ++ if (learn_buffer_user != NULL) {
18331 ++ vfree(learn_buffer_user);
18332 ++ learn_buffer_user = NULL;
18333 ++ }
18334 ++ learn_buffer_len = 0;
18335 ++ mutex_unlock(&gr_learn_user_mutex);
18336 ++
18337 ++ return;
18338 +}
18339 +
18340 +void
18341 -+acl_free_all(void)
18342 ++gr_add_learn_entry(const char *fmt, ...)
18343 +{
18344 -+ if (gr_acl_is_enabled() || !alloc_stack)
18345 ++ va_list args;
18346 ++ unsigned int len;
18347 ++
18348 ++ if (!gr_learn_attached)
18349 + return;
18350 +
18351 -+ while (alloc_pop()) ;
18352 ++ spin_lock(&gr_learn_lock);
18353 +
18354 -+ if (alloc_stack) {
18355 -+ if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
18356 -+ kfree(alloc_stack);
18357 -+ else
18358 -+ vfree(alloc_stack);
18359 ++ /* leave a gap at the end so we know when it's "full" but don't have to
18360 ++ compute the exact length of the string we're trying to append
18361 ++ */
18362 ++ if (learn_buffer_len > LEARN_BUFFER_SIZE - 16384) {
18363 ++ spin_unlock(&gr_learn_lock);
18364 ++ wake_up_interruptible(&learn_wait);
18365 ++ return;
18366 ++ }
18367 ++ if (learn_buffer == NULL) {
18368 ++ spin_unlock(&gr_learn_lock);
18369 ++ return;
18370 + }
18371 +
18372 -+ alloc_stack = NULL;
18373 -+ alloc_stack_size = 1;
18374 -+ alloc_stack_next = 1;
18375 ++ va_start(args, fmt);
18376 ++ len = vsnprintf(learn_buffer + learn_buffer_len, LEARN_BUFFER_SIZE - learn_buffer_len, fmt, args);
18377 ++ va_end(args);
18378 ++
18379 ++ learn_buffer_len += len + 1;
18380 ++
18381 ++ spin_unlock(&gr_learn_lock);
18382 ++ wake_up_interruptible(&learn_wait);
18383 +
18384 + return;
18385 +}
18386 +
18387 -+int
18388 -+acl_alloc_stack_init(unsigned long size)
18389 ++static int
18390 ++open_learn(struct inode *inode, struct file *file)
18391 +{
18392 -+ if ((size * sizeof (void *)) <= PAGE_SIZE)
18393 -+ alloc_stack =
18394 -+ (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
18395 -+ else
18396 -+ alloc_stack = (void **) vmalloc(size * sizeof (void *));
18397 ++ if (file->f_mode & FMODE_READ && gr_learn_attached)
18398 ++ return -EBUSY;
18399 ++ if (file->f_mode & FMODE_READ) {
18400 ++ int retval = 0;
18401 ++ mutex_lock(&gr_learn_user_mutex);
18402 ++ if (learn_buffer == NULL)
18403 ++ learn_buffer = vmalloc(LEARN_BUFFER_SIZE);
18404 ++ if (learn_buffer_user == NULL)
18405 ++ learn_buffer_user = vmalloc(LEARN_BUFFER_SIZE);
18406 ++ if (learn_buffer == NULL) {
18407 ++ retval = -ENOMEM;
18408 ++ goto out_error;
18409 ++ }
18410 ++ if (learn_buffer_user == NULL) {
18411 ++ retval = -ENOMEM;
18412 ++ goto out_error;
18413 ++ }
18414 ++ learn_buffer_len = 0;
18415 ++ learn_buffer_user_len = 0;
18416 ++ gr_learn_attached = 1;
18417 ++out_error:
18418 ++ mutex_unlock(&gr_learn_user_mutex);
18419 ++ return retval;
18420 ++ }
18421 ++ return 0;
18422 ++}
18423 +
18424 -+ alloc_stack_size = size;
18425 ++static int
18426 ++close_learn(struct inode *inode, struct file *file)
18427 ++{
18428 ++ if (file->f_mode & FMODE_READ) {
18429 ++ char *tmp = NULL;
18430 ++ mutex_lock(&gr_learn_user_mutex);
18431 ++ spin_lock(&gr_learn_lock);
18432 ++ tmp = learn_buffer;
18433 ++ learn_buffer = NULL;
18434 ++ spin_unlock(&gr_learn_lock);
18435 ++ if (tmp)
18436 ++ vfree(tmp);
18437 ++ if (learn_buffer_user != NULL) {
18438 ++ vfree(learn_buffer_user);
18439 ++ learn_buffer_user = NULL;
18440 ++ }
18441 ++ learn_buffer_len = 0;
18442 ++ learn_buffer_user_len = 0;
18443 ++ gr_learn_attached = 0;
18444 ++ mutex_unlock(&gr_learn_user_mutex);
18445 ++ }
18446 +
18447 -+ if (!alloc_stack)
18448 -+ return 0;
18449 -+ else
18450 -+ return 1;
18451 ++ return 0;
18452 +}
18453 -diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c
18454 ++
18455 ++const struct file_operations grsec_fops = {
18456 ++ .read = read_learn,
18457 ++ .write = write_grsec_handler,
18458 ++ .open = open_learn,
18459 ++ .release = close_learn,
18460 ++ .poll = poll_learn,
18461 ++};
18462 +diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c
18463 new file mode 100644
18464 -index 0000000..955ddfb
18465 +index 0000000..dbe4f3a
18466 --- /dev/null
18467 -+++ b/grsecurity/gracl_cap.c
18468 -@@ -0,0 +1,101 @@
18469 ++++ b/grsecurity/gracl_policy.c
18470 +@@ -0,0 +1,1824 @@
18471 +#include <linux/kernel.h>
18472 +#include <linux/module.h>
18473 +#include <linux/sched.h>
18474 ++#include <linux/mm.h>
18475 ++#include <linux/file.h>
18476 ++#include <linux/fs.h>
18477 ++#include <linux/namei.h>
18478 ++#include <linux/mount.h>
18479 ++#include <linux/tty.h>
18480 ++#include <linux/proc_fs.h>
18481 ++#include <linux/lglock.h>
18482 ++#include <linux/slab.h>
18483 ++#include <linux/vmalloc.h>
18484 ++#include <linux/types.h>
18485 ++#include <linux/sysctl.h>
18486 ++#include <linux/netdevice.h>
18487 ++#include <linux/ptrace.h>
18488 +#include <linux/gracl.h>
18489 -+#include <linux/grsecurity.h>
18490 ++#include <linux/gralloc.h>
18491 ++#include <linux/security.h>
18492 +#include <linux/grinternal.h>
18493 ++#include <linux/pid_namespace.h>
18494 ++#include <linux/stop_machine.h>
18495 ++#include <linux/fdtable.h>
18496 ++#include <linux/percpu.h>
18497 ++#include <linux/lglock.h>
18498 ++#include <linux/hugetlb.h>
18499 ++#include <linux/posix-timers.h>
18500 +
18501 -+extern const char *captab_log[];
18502 -+extern int captab_log_entries;
18503 ++#include <asm/uaccess.h>
18504 ++#include <asm/errno.h>
18505 ++#include <asm/mman.h>
18506 +
18507 -+int
18508 -+gr_acl_is_capable(const int cap)
18509 -+{
18510 -+ struct task_struct *task = current;
18511 -+ const struct cred *cred = current_cred();
18512 -+ struct acl_subject_label *curracl;
18513 -+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
18514 -+ kernel_cap_t cap_audit = __cap_empty_set;
18515 ++extern struct gr_policy_state *polstate;
18516 +
18517 -+ if (!gr_acl_is_enabled())
18518 -+ return 1;
18519 ++#define FOR_EACH_ROLE_START(role) \
18520 ++ role = polstate->role_list; \
18521 ++ while (role) {
18522 +
18523 -+ curracl = task->acl;
18524 ++#define FOR_EACH_ROLE_END(role) \
18525 ++ role = role->prev; \
18526 ++ }
18527 +
18528 -+ cap_drop = curracl->cap_lower;
18529 -+ cap_mask = curracl->cap_mask;
18530 -+ cap_audit = curracl->cap_invert_audit;
18531 ++struct path gr_real_root;
18532 +
18533 -+ while ((curracl = curracl->parent_subject)) {
18534 -+ /* if the cap isn't specified in the current computed mask but is specified in the
18535 -+ current level subject, and is lowered in the current level subject, then add
18536 -+ it to the set of dropped capabilities
18537 -+ otherwise, add the current level subject's mask to the current computed mask
18538 -+ */
18539 -+ if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
18540 -+ cap_raise(cap_mask, cap);
18541 -+ if (cap_raised(curracl->cap_lower, cap))
18542 -+ cap_raise(cap_drop, cap);
18543 -+ if (cap_raised(curracl->cap_invert_audit, cap))
18544 -+ cap_raise(cap_audit, cap);
18545 -+ }
18546 -+ }
18547 ++extern struct gr_alloc_state *current_alloc_state;
18548 +
18549 -+ if (!cap_raised(cap_drop, cap)) {
18550 -+ if (cap_raised(cap_audit, cap))
18551 -+ gr_log_cap(GR_DO_AUDIT, GR_CAP_ACL_MSG2, task, captab_log[cap]);
18552 -+ return 1;
18553 -+ }
18554 ++u16 acl_sp_role_value;
18555 +
18556 -+ curracl = task->acl;
18557 ++static DEFINE_MUTEX(gr_dev_mutex);
18558 +
18559 -+ if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN))
18560 -+ && cap_raised(cred->cap_effective, cap)) {
18561 -+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
18562 -+ task->role->roletype, cred->uid,
18563 -+ cred->gid, task->exec_file ?
18564 -+ gr_to_filename(task->exec_file->f_path.dentry,
18565 -+ task->exec_file->f_path.mnt) : curracl->filename,
18566 -+ curracl->filename, 0UL,
18567 -+ 0UL, "", (unsigned long) cap, &task->signal->saved_ip);
18568 -+ return 1;
18569 -+ }
18570 ++extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
18571 ++extern void gr_clear_learn_entries(void);
18572 +
18573 -+ if ((cap >= 0) && (cap < captab_log_entries) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
18574 -+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
18575 -+ return 0;
18576 -+}
18577 ++static struct gr_arg gr_usermode;
18578 ++static unsigned char gr_system_salt[GR_SALT_LEN];
18579 ++static unsigned char gr_system_sum[GR_SHA_LEN];
18580 +
18581 -+int
18582 -+gr_acl_is_capable_nolog(const int cap)
18583 -+{
18584 -+ struct acl_subject_label *curracl;
18585 -+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
18586 ++static unsigned int gr_auth_attempts = 0;
18587 ++static unsigned long gr_auth_expires = 0UL;
18588 +
18589 -+ if (!gr_acl_is_enabled())
18590 -+ return 1;
18591 ++struct acl_object_label *fakefs_obj_rw;
18592 ++struct acl_object_label *fakefs_obj_rwx;
18593 +
18594 -+ curracl = current->acl;
18595 ++extern int gr_init_uidset(void);
18596 ++extern void gr_free_uidset(void);
18597 ++extern void gr_remove_uid(uid_t uid);
18598 ++extern int gr_find_uid(uid_t uid);
18599 +
18600 -+ cap_drop = curracl->cap_lower;
18601 -+ cap_mask = curracl->cap_mask;
18602 ++extern void __gr_apply_subject_to_task(struct gr_policy_state *state, struct task_struct *task, struct acl_subject_label *subj);
18603 ++extern int gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb);
18604 ++extern void __insert_inodev_entry(const struct gr_policy_state *state, struct inodev_entry *entry);
18605 ++extern struct acl_role_label *__lookup_acl_role_label(const struct gr_policy_state *state, const struct task_struct *task, const uid_t uid, const gid_t gid);
18606 ++extern void insert_acl_obj_label(struct acl_object_label *obj, struct acl_subject_label *subj);
18607 ++extern void insert_acl_subj_label(struct acl_subject_label *obj, struct acl_role_label *role);
18608 ++extern struct name_entry * __lookup_name_entry(const struct gr_policy_state *state, const char *name);
18609 ++extern char *gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt);
18610 ++extern struct acl_subject_label *lookup_acl_subj_label(const ino_t ino, const dev_t dev, const struct acl_role_label *role);
18611 ++extern struct acl_subject_label *lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev, const struct acl_role_label *role);
18612 ++extern void assign_special_role(const char *rolename);
18613 ++extern struct acl_subject_label *chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, const struct acl_role_label *role);
18614 ++extern int gr_rbac_disable(void *unused);
18615 ++extern void gr_enable_rbac_system(void);
18616 +
18617 -+ while ((curracl = curracl->parent_subject)) {
18618 -+ /* if the cap isn't specified in the current computed mask but is specified in the
18619 -+ current level subject, and is lowered in the current level subject, then add
18620 -+ it to the set of dropped capabilities
18621 -+ otherwise, add the current level subject's mask to the current computed mask
18622 -+ */
18623 -+ if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
18624 -+ cap_raise(cap_mask, cap);
18625 -+ if (cap_raised(curracl->cap_lower, cap))
18626 -+ cap_raise(cap_drop, cap);
18627 -+ }
18628 -+ }
18629 ++static int copy_acl_object_label_normal(struct acl_object_label *obj, const struct acl_object_label *userp)
18630 ++{
18631 ++ if (copy_from_user(obj, userp, sizeof(struct acl_object_label)))
18632 ++ return -EFAULT;
18633 +
18634 -+ if (!cap_raised(cap_drop, cap))
18635 -+ return 1;
18636 ++ return 0;
18637 ++}
18638 ++
18639 ++static int copy_acl_ip_label_normal(struct acl_ip_label *ip, const struct acl_ip_label *userp)
18640 ++{
18641 ++ if (copy_from_user(ip, userp, sizeof(struct acl_ip_label)))
18642 ++ return -EFAULT;
18643 +
18644 + return 0;
18645 +}
18646 +
18647 -diff --git a/grsecurity/gracl_compat.c b/grsecurity/gracl_compat.c
18648 -new file mode 100644
18649 -index 0000000..a43dd06
18650 ---- /dev/null
18651 -+++ b/grsecurity/gracl_compat.c
18652 -@@ -0,0 +1,269 @@
18653 -+#include <linux/kernel.h>
18654 -+#include <linux/gracl.h>
18655 -+#include <linux/compat.h>
18656 -+#include <linux/gracl_compat.h>
18657 ++static int copy_acl_subject_label_normal(struct acl_subject_label *subj, const struct acl_subject_label *userp)
18658 ++{
18659 ++ if (copy_from_user(subj, userp, sizeof(struct acl_subject_label)))
18660 ++ return -EFAULT;
18661 +
18662 -+#include <asm/uaccess.h>
18663 ++ return 0;
18664 ++}
18665 +
18666 -+int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap)
18667 ++static int copy_acl_role_label_normal(struct acl_role_label *role, const struct acl_role_label *userp)
18668 +{
18669 -+ struct gr_arg_wrapper_compat uwrapcompat;
18670 -+
18671 -+ if (copy_from_user(&uwrapcompat, buf, sizeof(uwrapcompat)))
18672 -+ return -EFAULT;
18673 ++ if (copy_from_user(role, userp, sizeof(struct acl_role_label)))
18674 ++ return -EFAULT;
18675 +
18676 -+ if ((uwrapcompat.version != GRSECURITY_VERSION) ||
18677 -+ (uwrapcompat.size != sizeof(struct gr_arg_compat)))
18678 -+ return -EINVAL;
18679 ++ return 0;
18680 ++}
18681 +
18682 -+ uwrap->arg = compat_ptr(uwrapcompat.arg);
18683 -+ uwrap->version = uwrapcompat.version;
18684 -+ uwrap->size = sizeof(struct gr_arg);
18685 ++static int copy_role_allowed_ip_normal(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp)
18686 ++{
18687 ++ if (copy_from_user(roleip, userp, sizeof(struct role_allowed_ip)))
18688 ++ return -EFAULT;
18689 +
18690 -+ return 0;
18691 ++ return 0;
18692 +}
18693 +
18694 -+int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg)
18695 ++static int copy_sprole_pw_normal(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp)
18696 +{
18697 -+ struct gr_arg_compat argcompat;
18698 -+
18699 -+ if (copy_from_user(&argcompat, buf, sizeof(argcompat)))
18700 -+ return -EFAULT;
18701 ++ if (copy_from_user(pw, userp + idx, sizeof(struct sprole_pw)))
18702 ++ return -EFAULT;
18703 +
18704 -+ arg->role_db.r_table = compat_ptr(argcompat.role_db.r_table);
18705 -+ arg->role_db.num_pointers = argcompat.role_db.num_pointers;
18706 -+ arg->role_db.num_roles = argcompat.role_db.num_roles;
18707 -+ arg->role_db.num_domain_children = argcompat.role_db.num_domain_children;
18708 -+ arg->role_db.num_subjects = argcompat.role_db.num_subjects;
18709 -+ arg->role_db.num_objects = argcompat.role_db.num_objects;
18710 ++ return 0;
18711 ++}
18712 +
18713 -+ memcpy(&arg->pw, &argcompat.pw, sizeof(arg->pw));
18714 -+ memcpy(&arg->salt, &argcompat.salt, sizeof(arg->salt));
18715 -+ memcpy(&arg->sum, &argcompat.sum, sizeof(arg->sum));
18716 -+ memcpy(&arg->sp_role, &argcompat.sp_role, sizeof(arg->sp_role));
18717 -+ arg->sprole_pws = compat_ptr(argcompat.sprole_pws);
18718 -+ arg->segv_device = argcompat.segv_device;
18719 -+ arg->segv_inode = argcompat.segv_inode;
18720 -+ arg->segv_uid = argcompat.segv_uid;
18721 -+ arg->num_sprole_pws = argcompat.num_sprole_pws;
18722 -+ arg->mode = argcompat.mode;
18723 ++static int copy_gr_hash_struct_normal(struct gr_hash_struct *hash, const struct gr_hash_struct *userp)
18724 ++{
18725 ++ if (copy_from_user(hash, userp, sizeof(struct gr_hash_struct)))
18726 ++ return -EFAULT;
18727 +
18728 + return 0;
18729 +}
18730 +
18731 -+int copy_acl_object_label_compat(struct acl_object_label *obj, const struct acl_object_label *userp)
18732 ++static int copy_role_transition_normal(struct role_transition *trans, const struct role_transition *userp)
18733 +{
18734 -+ struct acl_object_label_compat objcompat;
18735 ++ if (copy_from_user(trans, userp, sizeof(struct role_transition)))
18736 ++ return -EFAULT;
18737 +
18738 -+ if (copy_from_user(&objcompat, userp, sizeof(objcompat)))
18739 -+ return -EFAULT;
18740 ++ return 0;
18741 ++}
18742 +
18743 -+ obj->filename = compat_ptr(objcompat.filename);
18744 -+ obj->inode = objcompat.inode;
18745 -+ obj->device = objcompat.device;
18746 -+ obj->mode = objcompat.mode;
18747 ++int copy_pointer_from_array_normal(void *ptr, unsigned long idx, const void *userp)
18748 ++{
18749 ++ if (copy_from_user(ptr, userp + (idx * sizeof(void *)), sizeof(void *)))
18750 ++ return -EFAULT;
18751 +
18752 -+ obj->nested = compat_ptr(objcompat.nested);
18753 -+ obj->globbed = compat_ptr(objcompat.globbed);
18754 ++ return 0;
18755 ++}
18756 +
18757 -+ obj->prev = compat_ptr(objcompat.prev);
18758 -+ obj->next = compat_ptr(objcompat.next);
18759 ++static int copy_gr_arg_wrapper_normal(const char __user *buf, struct gr_arg_wrapper *uwrap)
18760 ++{
18761 ++ if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper)))
18762 ++ return -EFAULT;
18763 ++
18764 ++ if (((uwrap->version != GRSECURITY_VERSION) &&
18765 ++ (uwrap->version != 0x2901)) ||
18766 ++ (uwrap->size != sizeof(struct gr_arg)))
18767 ++ return -EINVAL;
18768 +
18769 + return 0;
18770 +}
18771 +
18772 -+int copy_acl_subject_label_compat(struct acl_subject_label *subj, const struct acl_subject_label *userp)
18773 ++static int copy_gr_arg_normal(const struct gr_arg __user *buf, struct gr_arg *arg)
18774 +{
18775 -+ unsigned int i;
18776 -+ struct acl_subject_label_compat subjcompat;
18777 ++ if (copy_from_user(arg, buf, sizeof (struct gr_arg)))
18778 ++ return -EFAULT;
18779 +
18780 -+ if (copy_from_user(&subjcompat, userp, sizeof(subjcompat)))
18781 -+ return -EFAULT;
18782 ++ return 0;
18783 ++}
18784 +
18785 -+ subj->filename = compat_ptr(subjcompat.filename);
18786 -+ subj->inode = subjcompat.inode;
18787 -+ subj->device = subjcompat.device;
18788 -+ subj->mode = subjcompat.mode;
18789 -+ subj->cap_mask = subjcompat.cap_mask;
18790 -+ subj->cap_lower = subjcompat.cap_lower;
18791 -+ subj->cap_invert_audit = subjcompat.cap_invert_audit;
18792 ++static size_t get_gr_arg_wrapper_size_normal(void)
18793 ++{
18794 ++ return sizeof(struct gr_arg_wrapper);
18795 ++}
18796 +
18797 -+ for (i = 0; i < GR_NLIMITS; i++) {
18798 -+ if (subjcompat.res[i].rlim_cur == COMPAT_RLIM_INFINITY)
18799 -+ subj->res[i].rlim_cur = RLIM_INFINITY;
18800 -+ else
18801 -+ subj->res[i].rlim_cur = subjcompat.res[i].rlim_cur;
18802 -+ if (subjcompat.res[i].rlim_max == COMPAT_RLIM_INFINITY)
18803 -+ subj->res[i].rlim_max = RLIM_INFINITY;
18804 -+ else
18805 -+ subj->res[i].rlim_max = subjcompat.res[i].rlim_max;
18806 -+ }
18807 -+ subj->resmask = subjcompat.resmask;
18808 ++#ifdef CONFIG_COMPAT
18809 ++extern int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap);
18810 ++extern int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg);
18811 ++extern int copy_acl_object_label_compat(struct acl_object_label *obj, const struct acl_object_label *userp);
18812 ++extern int copy_acl_subject_label_compat(struct acl_subject_label *subj, const struct acl_subject_label *userp);
18813 ++extern int copy_acl_role_label_compat(struct acl_role_label *role, const struct acl_role_label *userp);
18814 ++extern int copy_role_allowed_ip_compat(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp);
18815 ++extern int copy_role_transition_compat(struct role_transition *trans, const struct role_transition *userp);
18816 ++extern int copy_gr_hash_struct_compat(struct gr_hash_struct *hash, const struct gr_hash_struct *userp);
18817 ++extern int copy_pointer_from_array_compat(void *ptr, unsigned long idx, const void *userp);
18818 ++extern int copy_acl_ip_label_compat(struct acl_ip_label *ip, const struct acl_ip_label *userp);
18819 ++extern int copy_sprole_pw_compat(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp);
18820 ++extern size_t get_gr_arg_wrapper_size_compat(void);
18821 +
18822 -+ subj->user_trans_type = subjcompat.user_trans_type;
18823 -+ subj->group_trans_type = subjcompat.group_trans_type;
18824 -+ subj->user_transitions = compat_ptr(subjcompat.user_transitions);
18825 -+ subj->group_transitions = compat_ptr(subjcompat.group_transitions);
18826 -+ subj->user_trans_num = subjcompat.user_trans_num;
18827 -+ subj->group_trans_num = subjcompat.group_trans_num;
18828 ++int (* copy_gr_arg_wrapper)(const char *buf, struct gr_arg_wrapper *uwrap) __read_only;
18829 ++int (* copy_gr_arg)(const struct gr_arg *buf, struct gr_arg *arg) __read_only;
18830 ++int (* copy_acl_object_label)(struct acl_object_label *obj, const struct acl_object_label *userp) __read_only;
18831 ++int (* copy_acl_subject_label)(struct acl_subject_label *subj, const struct acl_subject_label *userp) __read_only;
18832 ++int (* copy_acl_role_label)(struct acl_role_label *role, const struct acl_role_label *userp) __read_only;
18833 ++int (* copy_acl_ip_label)(struct acl_ip_label *ip, const struct acl_ip_label *userp) __read_only;
18834 ++int (* copy_pointer_from_array)(void *ptr, unsigned long idx, const void *userp) __read_only;
18835 ++int (* copy_sprole_pw)(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp) __read_only;
18836 ++int (* copy_gr_hash_struct)(struct gr_hash_struct *hash, const struct gr_hash_struct *userp) __read_only;
18837 ++int (* copy_role_transition)(struct role_transition *trans, const struct role_transition *userp) __read_only;
18838 ++int (* copy_role_allowed_ip)(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp) __read_only;
18839 ++size_t (* get_gr_arg_wrapper_size)(void) __read_only;
18840 +
18841 -+ memcpy(&subj->sock_families, &subjcompat.sock_families, sizeof(subj->sock_families));
18842 -+ memcpy(&subj->ip_proto, &subjcompat.ip_proto, sizeof(subj->ip_proto));
18843 -+ subj->ip_type = subjcompat.ip_type;
18844 -+ subj->ips = compat_ptr(subjcompat.ips);
18845 -+ subj->ip_num = subjcompat.ip_num;
18846 -+ subj->inaddr_any_override = subjcompat.inaddr_any_override;
18847 ++#else
18848 ++#define copy_gr_arg_wrapper copy_gr_arg_wrapper_normal
18849 ++#define copy_gr_arg copy_gr_arg_normal
18850 ++#define copy_gr_hash_struct copy_gr_hash_struct_normal
18851 ++#define copy_acl_object_label copy_acl_object_label_normal
18852 ++#define copy_acl_subject_label copy_acl_subject_label_normal
18853 ++#define copy_acl_role_label copy_acl_role_label_normal
18854 ++#define copy_acl_ip_label copy_acl_ip_label_normal
18855 ++#define copy_pointer_from_array copy_pointer_from_array_normal
18856 ++#define copy_sprole_pw copy_sprole_pw_normal
18857 ++#define copy_role_transition copy_role_transition_normal
18858 ++#define copy_role_allowed_ip copy_role_allowed_ip_normal
18859 ++#define get_gr_arg_wrapper_size get_gr_arg_wrapper_size_normal
18860 ++#endif
18861 +
18862 -+ subj->crashes = subjcompat.crashes;
18863 -+ subj->expires = subjcompat.expires;
18864 ++static struct acl_subject_label *
18865 ++lookup_subject_map(const struct acl_subject_label *userp)
18866 ++{
18867 ++ unsigned int index = gr_shash(userp, polstate->subj_map_set.s_size);
18868 ++ struct subject_map *match;
18869 +
18870 -+ subj->parent_subject = compat_ptr(subjcompat.parent_subject);
18871 -+ subj->hash = compat_ptr(subjcompat.hash);
18872 -+ subj->prev = compat_ptr(subjcompat.prev);
18873 -+ subj->next = compat_ptr(subjcompat.next);
18874 ++ match = polstate->subj_map_set.s_hash[index];
18875 +
18876 -+ subj->obj_hash = compat_ptr(subjcompat.obj_hash);
18877 -+ subj->obj_hash_size = subjcompat.obj_hash_size;
18878 -+ subj->pax_flags = subjcompat.pax_flags;
18879 ++ while (match && match->user != userp)
18880 ++ match = match->next;
18881 +
18882 -+ return 0;
18883 ++ if (match != NULL)
18884 ++ return match->kernel;
18885 ++ else
18886 ++ return NULL;
18887 +}
18888 +
18889 -+int copy_acl_role_label_compat(struct acl_role_label *role, const struct acl_role_label *userp)
18890 ++static void
18891 ++insert_subj_map_entry(struct subject_map *subjmap)
18892 +{
18893 -+ struct acl_role_label_compat rolecompat;
18894 ++ unsigned int index = gr_shash(subjmap->user, polstate->subj_map_set.s_size);
18895 ++ struct subject_map **curr;
18896 +
18897 -+ if (copy_from_user(&rolecompat, userp, sizeof(rolecompat)))
18898 -+ return -EFAULT;
18899 ++ subjmap->prev = NULL;
18900 +
18901 -+ role->rolename = compat_ptr(rolecompat.rolename);
18902 -+ role->uidgid = rolecompat.uidgid;
18903 -+ role->roletype = rolecompat.roletype;
18904 ++ curr = &polstate->subj_map_set.s_hash[index];
18905 ++ if (*curr != NULL)
18906 ++ (*curr)->prev = subjmap;
18907 +
18908 -+ role->auth_attempts = rolecompat.auth_attempts;
18909 -+ role->expires = rolecompat.expires;
18910 ++ subjmap->next = *curr;
18911 ++ *curr = subjmap;
18912 +
18913 -+ role->root_label = compat_ptr(rolecompat.root_label);
18914 -+ role->hash = compat_ptr(rolecompat.hash);
18915 ++ return;
18916 ++}
18917 +
18918 -+ role->prev = compat_ptr(rolecompat.prev);
18919 -+ role->next = compat_ptr(rolecompat.next);
18920 ++static void
18921 ++__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
18922 ++{
18923 ++ unsigned int index =
18924 ++ gr_rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), polstate->acl_role_set.r_size);
18925 ++ struct acl_role_label **curr;
18926 ++ struct acl_role_label *tmp, *tmp2;
18927 +
18928 -+ role->transitions = compat_ptr(rolecompat.transitions);
18929 -+ role->allowed_ips = compat_ptr(rolecompat.allowed_ips);
18930 -+ role->domain_children = compat_ptr(rolecompat.domain_children);
18931 -+ role->domain_child_num = rolecompat.domain_child_num;
18932 ++ curr = &polstate->acl_role_set.r_hash[index];
18933 +
18934 -+ role->umask = rolecompat.umask;
18935 ++ /* simple case, slot is empty, just set it to our role */
18936 ++ if (*curr == NULL) {
18937 ++ *curr = role;
18938 ++ } else {
18939 ++ /* example:
18940 ++ 1 -> 2 -> 3 (adding 2 -> 3 to here)
18941 ++ 2 -> 3
18942 ++ */
18943 ++ /* first check to see if we can already be reached via this slot */
18944 ++ tmp = *curr;
18945 ++ while (tmp && tmp != role)
18946 ++ tmp = tmp->next;
18947 ++ if (tmp == role) {
18948 ++ /* we don't need to add ourselves to this slot's chain */
18949 ++ return;
18950 ++ }
18951 ++ /* we need to add ourselves to this chain, two cases */
18952 ++ if (role->next == NULL) {
18953 ++ /* simple case, append the current chain to our role */
18954 ++ role->next = *curr;
18955 ++ *curr = role;
18956 ++ } else {
18957 ++ /* 1 -> 2 -> 3 -> 4
18958 ++ 2 -> 3 -> 4
18959 ++ 3 -> 4 (adding 1 -> 2 -> 3 -> 4 to here)
18960 ++ */
18961 ++ /* trickier case: walk our role's chain until we find
18962 ++ the role for the start of the current slot's chain */
18963 ++ tmp = role;
18964 ++ tmp2 = *curr;
18965 ++ while (tmp->next && tmp->next != tmp2)
18966 ++ tmp = tmp->next;
18967 ++ if (tmp->next == tmp2) {
18968 ++ /* from example above, we found 3, so just
18969 ++ replace this slot's chain with ours */
18970 ++ *curr = role;
18971 ++ } else {
18972 ++ /* we didn't find a subset of our role's chain
18973 ++ in the current slot's chain, so append their
18974 ++ chain to ours, and set us as the first role in
18975 ++ the slot's chain
18976 +
18977 -+ role->subj_hash = compat_ptr(rolecompat.subj_hash);
18978 -+ role->subj_hash_size = rolecompat.subj_hash_size;
18979 ++ we could fold this case with the case above,
18980 ++ but making it explicit for clarity
18981 ++ */
18982 ++ tmp->next = tmp2;
18983 ++ *curr = role;
18984 ++ }
18985 ++ }
18986 ++ }
18987 +
18988 -+ return 0;
18989 ++ return;
18990 +}
18991 +
18992 -+int copy_role_allowed_ip_compat(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp)
18993 ++static void
18994 ++insert_acl_role_label(struct acl_role_label *role)
18995 +{
18996 -+ struct role_allowed_ip_compat roleip_compat;
18997 ++ int i;
18998 +
18999 -+ if (copy_from_user(&roleip_compat, userp, sizeof(roleip_compat)))
19000 -+ return -EFAULT;
19001 ++ if (polstate->role_list == NULL) {
19002 ++ polstate->role_list = role;
19003 ++ role->prev = NULL;
19004 ++ } else {
19005 ++ role->prev = polstate->role_list;
19006 ++ polstate->role_list = role;
19007 ++ }
19008 ++
19009 ++ /* used for hash chains */
19010 ++ role->next = NULL;
19011 +
19012 -+ roleip->addr = roleip_compat.addr;
19013 -+ roleip->netmask = roleip_compat.netmask;
19014 ++ if (role->roletype & GR_ROLE_DOMAIN) {
19015 ++ for (i = 0; i < role->domain_child_num; i++)
19016 ++ __insert_acl_role_label(role, role->domain_children[i]);
19017 ++ } else
19018 ++ __insert_acl_role_label(role, role->uidgid);
19019 ++}
19020 ++
19021 ++static int
19022 ++insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted)
19023 ++{
19024 ++ struct name_entry **curr, *nentry;
19025 ++ struct inodev_entry *ientry;
19026 ++ unsigned int len = strlen(name);
19027 ++ unsigned int key = full_name_hash(name, len);
19028 ++ unsigned int index = key % polstate->name_set.n_size;
19029 +
19030 -+ roleip->prev = compat_ptr(roleip_compat.prev);
19031 -+ roleip->next = compat_ptr(roleip_compat.next);
19032 ++ curr = &polstate->name_set.n_hash[index];
19033 +
19034 -+ return 0;
19035 -+}
19036 ++ while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len)))
19037 ++ curr = &((*curr)->next);
19038 +
19039 -+int copy_role_transition_compat(struct role_transition *trans, const struct role_transition *userp)
19040 -+{
19041 -+ struct role_transition_compat trans_compat;
19042 ++ if (*curr != NULL)
19043 ++ return 1;
19044 +
19045 -+ if (copy_from_user(&trans_compat, userp, sizeof(trans_compat)))
19046 -+ return -EFAULT;
19047 ++ nentry = acl_alloc(sizeof (struct name_entry));
19048 ++ if (nentry == NULL)
19049 ++ return 0;
19050 ++ ientry = acl_alloc(sizeof (struct inodev_entry));
19051 ++ if (ientry == NULL)
19052 ++ return 0;
19053 ++ ientry->nentry = nentry;
19054 +
19055 -+ trans->rolename = compat_ptr(trans_compat.rolename);
19056 ++ nentry->key = key;
19057 ++ nentry->name = name;
19058 ++ nentry->inode = inode;
19059 ++ nentry->device = device;
19060 ++ nentry->len = len;
19061 ++ nentry->deleted = deleted;
19062 +
19063 -+ trans->prev = compat_ptr(trans_compat.prev);
19064 -+ trans->next = compat_ptr(trans_compat.next);
19065 ++ nentry->prev = NULL;
19066 ++ curr = &polstate->name_set.n_hash[index];
19067 ++ if (*curr != NULL)
19068 ++ (*curr)->prev = nentry;
19069 ++ nentry->next = *curr;
19070 ++ *curr = nentry;
19071 +
19072 -+ return 0;
19073 ++ /* insert us into the table searchable by inode/dev */
19074 ++ __insert_inodev_entry(polstate, ientry);
19075 +
19076 ++ return 1;
19077 +}
19078 +
19079 -+int copy_gr_hash_struct_compat(struct gr_hash_struct *hash, const struct gr_hash_struct *userp)
19080 ++/* allocating chained hash tables, so optimal size is where lambda ~ 1 */
19081 ++
19082 ++static void *
19083 ++create_table(__u32 * len, int elementsize)
19084 +{
19085 -+ struct gr_hash_struct_compat hash_compat;
19086 ++ unsigned int table_sizes[] = {
19087 ++ 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
19088 ++ 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
19089 ++ 4194301, 8388593, 16777213, 33554393, 67108859
19090 ++ };
19091 ++ void *newtable = NULL;
19092 ++ unsigned int pwr = 0;
19093 +
19094 -+ if (copy_from_user(&hash_compat, userp, sizeof(hash_compat)))
19095 -+ return -EFAULT;
19096 ++ while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
19097 ++ table_sizes[pwr] <= *len)
19098 ++ pwr++;
19099 +
19100 -+ hash->table = compat_ptr(hash_compat.table);
19101 -+ hash->nametable = compat_ptr(hash_compat.nametable);
19102 -+ hash->first = compat_ptr(hash_compat.first);
19103 ++ if (table_sizes[pwr] <= *len || (table_sizes[pwr] > ULONG_MAX / elementsize))
19104 ++ return newtable;
19105 +
19106 -+ hash->table_size = hash_compat.table_size;
19107 -+ hash->used_size = hash_compat.used_size;
19108 ++ if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE)
19109 ++ newtable =
19110 ++ kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL);
19111 ++ else
19112 ++ newtable = vmalloc(table_sizes[pwr] * elementsize);
19113 +
19114 -+ hash->type = hash_compat.type;
19115 ++ *len = table_sizes[pwr];
19116 +
19117 -+ return 0;
19118 ++ return newtable;
19119 +}
19120 +
19121 -+int copy_pointer_from_array_compat(void *ptr, unsigned long idx, const void *userp)
19122 ++static int
19123 ++init_variables(const struct gr_arg *arg, bool reload)
19124 +{
19125 -+ compat_uptr_t ptrcompat;
19126 -+
19127 -+ if (copy_from_user(&ptrcompat, userp + (idx * sizeof(ptrcompat)), sizeof(ptrcompat)))
19128 -+ return -EFAULT;
19129 ++ struct task_struct *reaper = init_pid_ns.child_reaper;
19130 ++ unsigned int stacksize;
19131 +
19132 -+ *(void **)ptr = compat_ptr(ptrcompat);
19133 ++ polstate->subj_map_set.s_size = arg->role_db.num_subjects;
19134 ++ polstate->acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children;
19135 ++ polstate->name_set.n_size = arg->role_db.num_objects;
19136 ++ polstate->inodev_set.i_size = arg->role_db.num_objects;
19137 +
19138 -+ return 0;
19139 -+}
19140 ++ if (!polstate->subj_map_set.s_size || !polstate->acl_role_set.r_size ||
19141 ++ !polstate->name_set.n_size || !polstate->inodev_set.i_size)
19142 ++ return 1;
19143 +
19144 -+int copy_acl_ip_label_compat(struct acl_ip_label *ip, const struct acl_ip_label *userp)
19145 -+{
19146 -+ struct acl_ip_label_compat ip_compat;
19147 ++ if (!reload) {
19148 ++ if (!gr_init_uidset())
19149 ++ return 1;
19150 ++ }
19151 +
19152 -+ if (copy_from_user(&ip_compat, userp, sizeof(ip_compat)))
19153 -+ return -EFAULT;
19154 ++ /* set up the stack that holds allocation info */
19155 +
19156 -+ ip->iface = compat_ptr(ip_compat.iface);
19157 -+ ip->addr = ip_compat.addr;
19158 -+ ip->netmask = ip_compat.netmask;
19159 -+ ip->low = ip_compat.low;
19160 -+ ip->high = ip_compat.high;
19161 -+ ip->mode = ip_compat.mode;
19162 -+ ip->type = ip_compat.type;
19163 ++ stacksize = arg->role_db.num_pointers + 5;
19164 +
19165 -+ memcpy(&ip->proto, &ip_compat.proto, sizeof(ip->proto));
19166 ++ if (!acl_alloc_stack_init(stacksize))
19167 ++ return 1;
19168 +
19169 -+ ip->prev = compat_ptr(ip_compat.prev);
19170 -+ ip->next = compat_ptr(ip_compat.next);
19171 ++ if (!reload) {
19172 ++ /* grab reference for the real root dentry and vfsmount */
19173 ++ get_fs_root(reaper->fs, &gr_real_root);
19174 ++
19175 ++#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
19176 ++ printk(KERN_ALERT "Obtained real root device=%d, inode=%lu\n", __get_dev(gr_real_root.dentry), gr_real_root.dentry->d_inode->i_ino);
19177 ++#endif
19178 +
19179 -+ return 0;
19180 -+}
19181 ++ fakefs_obj_rw = acl_alloc(sizeof(struct acl_object_label));
19182 ++ if (fakefs_obj_rw == NULL)
19183 ++ return 1;
19184 ++ fakefs_obj_rw->mode = GR_FIND | GR_READ | GR_WRITE;
19185 ++
19186 ++ fakefs_obj_rwx = acl_alloc(sizeof(struct acl_object_label));
19187 ++ if (fakefs_obj_rwx == NULL)
19188 ++ return 1;
19189 ++ fakefs_obj_rwx->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC;
19190 ++ }
19191 +
19192 -+int copy_sprole_pw_compat(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp)
19193 -+{
19194 -+ struct sprole_pw_compat pw_compat;
19195 ++ polstate->subj_map_set.s_hash =
19196 ++ (struct subject_map **) create_table(&polstate->subj_map_set.s_size, sizeof(void *));
19197 ++ polstate->acl_role_set.r_hash =
19198 ++ (struct acl_role_label **) create_table(&polstate->acl_role_set.r_size, sizeof(void *));
19199 ++ polstate->name_set.n_hash = (struct name_entry **) create_table(&polstate->name_set.n_size, sizeof(void *));
19200 ++ polstate->inodev_set.i_hash =
19201 ++ (struct inodev_entry **) create_table(&polstate->inodev_set.i_size, sizeof(void *));
19202 +
19203 -+ if (copy_from_user(&pw_compat, (const void *)userp + (sizeof(pw_compat) * idx), sizeof(pw_compat)))
19204 -+ return -EFAULT;
19205 ++ if (!polstate->subj_map_set.s_hash || !polstate->acl_role_set.r_hash ||
19206 ++ !polstate->name_set.n_hash || !polstate->inodev_set.i_hash)
19207 ++ return 1;
19208 +
19209 -+ pw->rolename = compat_ptr(pw_compat.rolename);
19210 -+ memcpy(&pw->salt, pw_compat.salt, sizeof(pw->salt));
19211 -+ memcpy(&pw->sum, pw_compat.sum, sizeof(pw->sum));
19212 ++ memset(polstate->subj_map_set.s_hash, 0,
19213 ++ sizeof(struct subject_map *) * polstate->subj_map_set.s_size);
19214 ++ memset(polstate->acl_role_set.r_hash, 0,
19215 ++ sizeof (struct acl_role_label *) * polstate->acl_role_set.r_size);
19216 ++ memset(polstate->name_set.n_hash, 0,
19217 ++ sizeof (struct name_entry *) * polstate->name_set.n_size);
19218 ++ memset(polstate->inodev_set.i_hash, 0,
19219 ++ sizeof (struct inodev_entry *) * polstate->inodev_set.i_size);
19220 +
19221 + return 0;
19222 +}
19223 +
19224 -+size_t get_gr_arg_wrapper_size_compat(void)
19225 ++/* free information not needed after startup
19226 ++ currently contains user->kernel pointer mappings for subjects
19227 ++*/
19228 ++
19229 ++static void
19230 ++free_init_variables(void)
19231 +{
19232 -+ return sizeof(struct gr_arg_wrapper_compat);
19233 -+}
19234 ++ __u32 i;
19235 +
19236 -diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
19237 -new file mode 100644
19238 -index 0000000..b20f6e9
19239 ---- /dev/null
19240 -+++ b/grsecurity/gracl_fs.c
19241 -@@ -0,0 +1,431 @@
19242 -+#include <linux/kernel.h>
19243 -+#include <linux/sched.h>
19244 -+#include <linux/types.h>
19245 -+#include <linux/fs.h>
19246 -+#include <linux/file.h>
19247 -+#include <linux/stat.h>
19248 -+#include <linux/grsecurity.h>
19249 -+#include <linux/grinternal.h>
19250 -+#include <linux/gracl.h>
19251 ++ if (polstate->subj_map_set.s_hash) {
19252 ++ for (i = 0; i < polstate->subj_map_set.s_size; i++) {
19253 ++ if (polstate->subj_map_set.s_hash[i]) {
19254 ++ kfree(polstate->subj_map_set.s_hash[i]);
19255 ++ polstate->subj_map_set.s_hash[i] = NULL;
19256 ++ }
19257 ++ }
19258 +
19259 -+umode_t
19260 -+gr_acl_umask(void)
19261 -+{
19262 -+ if (unlikely(!gr_acl_is_enabled()))
19263 -+ return 0;
19264 ++ if ((polstate->subj_map_set.s_size * sizeof (struct subject_map *)) <=
19265 ++ PAGE_SIZE)
19266 ++ kfree(polstate->subj_map_set.s_hash);
19267 ++ else
19268 ++ vfree(polstate->subj_map_set.s_hash);
19269 ++ }
19270 +
19271 -+ return current->role->umask;
19272 ++ return;
19273 +}
19274 +
19275 -+__u32
19276 -+gr_acl_handle_hidden_file(const struct dentry * dentry,
19277 -+ const struct vfsmount * mnt)
19278 ++static void
19279 ++free_variables(bool reload)
19280 +{
19281 -+ __u32 mode;
19282 -+
19283 -+ if (unlikely(!dentry->d_inode))
19284 -+ return GR_FIND;
19285 -+
19286 -+ mode =
19287 -+ gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt);
19288 ++ struct acl_subject_label *s;
19289 ++ struct acl_role_label *r;
19290 ++ struct task_struct *task, *task2;
19291 ++ unsigned int x;
19292 +
19293 -+ if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) {
19294 -+ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
19295 -+ return mode;
19296 -+ } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) {
19297 -+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
19298 -+ return 0;
19299 -+ } else if (unlikely(!(mode & GR_FIND)))
19300 -+ return 0;
19301 ++ if (!reload) {
19302 ++ gr_clear_learn_entries();
19303 +
19304 -+ return GR_FIND;
19305 -+}
19306 ++ read_lock(&tasklist_lock);
19307 ++ do_each_thread(task2, task) {
19308 ++ task->acl_sp_role = 0;
19309 ++ task->acl_role_id = 0;
19310 ++ task->inherited = 0;
19311 ++ task->acl = NULL;
19312 ++ task->role = NULL;
19313 ++ } while_each_thread(task2, task);
19314 ++ read_unlock(&tasklist_lock);
19315 +
19316 -+__u32
19317 -+gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
19318 -+ int acc_mode)
19319 -+{
19320 -+ __u32 reqmode = GR_FIND;
19321 -+ __u32 mode;
19322 ++ /* release the reference to the real root dentry and vfsmount */
19323 ++ path_put(&gr_real_root);
19324 ++ memset(&gr_real_root, 0, sizeof(gr_real_root));
19325 ++ }
19326 +
19327 -+ if (unlikely(!dentry->d_inode))
19328 -+ return reqmode;
19329 ++ /* free all object hash tables */
19330 +
19331 -+ if (acc_mode & MAY_APPEND)
19332 -+ reqmode |= GR_APPEND;
19333 -+ else if (acc_mode & MAY_WRITE)
19334 -+ reqmode |= GR_WRITE;
19335 -+ if ((acc_mode & MAY_READ) && !S_ISDIR(dentry->d_inode->i_mode))
19336 -+ reqmode |= GR_READ;
19337 -+
19338 -+ mode =
19339 -+ gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
19340 -+ mnt);
19341 ++ FOR_EACH_ROLE_START(r)
19342 ++ if (r->subj_hash == NULL)
19343 ++ goto next_role;
19344 ++ FOR_EACH_SUBJECT_START(r, s, x)
19345 ++ if (s->obj_hash == NULL)
19346 ++ break;
19347 ++ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
19348 ++ kfree(s->obj_hash);
19349 ++ else
19350 ++ vfree(s->obj_hash);
19351 ++ FOR_EACH_SUBJECT_END(s, x)
19352 ++ FOR_EACH_NESTED_SUBJECT_START(r, s)
19353 ++ if (s->obj_hash == NULL)
19354 ++ break;
19355 ++ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
19356 ++ kfree(s->obj_hash);
19357 ++ else
19358 ++ vfree(s->obj_hash);
19359 ++ FOR_EACH_NESTED_SUBJECT_END(s)
19360 ++ if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
19361 ++ kfree(r->subj_hash);
19362 ++ else
19363 ++ vfree(r->subj_hash);
19364 ++ r->subj_hash = NULL;
19365 ++next_role:
19366 ++ FOR_EACH_ROLE_END(r)
19367 +
19368 -+ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
19369 -+ gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
19370 -+ reqmode & GR_READ ? " reading" : "",
19371 -+ reqmode & GR_WRITE ? " writing" : reqmode &
19372 -+ GR_APPEND ? " appending" : "");
19373 -+ return reqmode;
19374 -+ } else
19375 -+ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
19376 -+ {
19377 -+ gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
19378 -+ reqmode & GR_READ ? " reading" : "",
19379 -+ reqmode & GR_WRITE ? " writing" : reqmode &
19380 -+ GR_APPEND ? " appending" : "");
19381 -+ return 0;
19382 -+ } else if (unlikely((mode & reqmode) != reqmode))
19383 -+ return 0;
19384 ++ acl_free_all();
19385 +
19386 -+ return reqmode;
19387 -+}
19388 ++ if (polstate->acl_role_set.r_hash) {
19389 ++ if ((polstate->acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
19390 ++ PAGE_SIZE)
19391 ++ kfree(polstate->acl_role_set.r_hash);
19392 ++ else
19393 ++ vfree(polstate->acl_role_set.r_hash);
19394 ++ }
19395 ++ if (polstate->name_set.n_hash) {
19396 ++ if ((polstate->name_set.n_size * sizeof (struct name_entry *)) <=
19397 ++ PAGE_SIZE)
19398 ++ kfree(polstate->name_set.n_hash);
19399 ++ else
19400 ++ vfree(polstate->name_set.n_hash);
19401 ++ }
19402 +
19403 -+__u32
19404 -+gr_acl_handle_creat(const struct dentry * dentry,
19405 -+ const struct dentry * p_dentry,
19406 -+ const struct vfsmount * p_mnt, int open_flags, int acc_mode,
19407 -+ const int imode)
19408 -+{
19409 -+ __u32 reqmode = GR_WRITE | GR_CREATE;
19410 -+ __u32 mode;
19411 ++ if (polstate->inodev_set.i_hash) {
19412 ++ if ((polstate->inodev_set.i_size * sizeof (struct inodev_entry *)) <=
19413 ++ PAGE_SIZE)
19414 ++ kfree(polstate->inodev_set.i_hash);
19415 ++ else
19416 ++ vfree(polstate->inodev_set.i_hash);
19417 ++ }
19418 +
19419 -+ if (acc_mode & MAY_APPEND)
19420 -+ reqmode |= GR_APPEND;
19421 -+ // if a directory was required or the directory already exists, then
19422 -+ // don't count this open as a read
19423 -+ if ((acc_mode & MAY_READ) &&
19424 -+ !((open_flags & O_DIRECTORY) || (dentry->d_inode && S_ISDIR(dentry->d_inode->i_mode))))
19425 -+ reqmode |= GR_READ;
19426 -+ if ((open_flags & O_CREAT) &&
19427 -+ ((imode & S_ISUID) || ((imode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))
19428 -+ reqmode |= GR_SETID;
19429 ++ if (!reload)
19430 ++ gr_free_uidset();
19431 +
19432 -+ mode =
19433 -+ gr_check_create(dentry, p_dentry, p_mnt,
19434 -+ reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
19435 ++ memset(&polstate->name_set, 0, sizeof (struct name_db));
19436 ++ memset(&polstate->inodev_set, 0, sizeof (struct inodev_db));
19437 ++ memset(&polstate->acl_role_set, 0, sizeof (struct acl_role_db));
19438 ++ memset(&polstate->subj_map_set, 0, sizeof (struct acl_subj_map_db));
19439 +
19440 -+ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
19441 -+ gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
19442 -+ reqmode & GR_READ ? " reading" : "",
19443 -+ reqmode & GR_WRITE ? " writing" : reqmode &
19444 -+ GR_APPEND ? " appending" : "");
19445 -+ return reqmode;
19446 -+ } else
19447 -+ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
19448 -+ {
19449 -+ gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
19450 -+ reqmode & GR_READ ? " reading" : "",
19451 -+ reqmode & GR_WRITE ? " writing" : reqmode &
19452 -+ GR_APPEND ? " appending" : "");
19453 -+ return 0;
19454 -+ } else if (unlikely((mode & reqmode) != reqmode))
19455 -+ return 0;
19456 ++ polstate->default_role = NULL;
19457 ++ polstate->kernel_role = NULL;
19458 ++ polstate->role_list = NULL;
19459 +
19460 -+ return reqmode;
19461 ++ return;
19462 +}
19463 +
19464 -+__u32
19465 -+gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
19466 -+ const int fmode)
19467 ++static struct acl_subject_label *
19468 ++do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied);
19469 ++
19470 ++static int alloc_and_copy_string(char **name, unsigned int maxlen)
19471 +{
19472 -+ __u32 mode, reqmode = GR_FIND;
19473 ++ unsigned int len = strnlen_user(*name, maxlen);
19474 ++ char *tmp;
19475 +
19476 -+ if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode))
19477 -+ reqmode |= GR_EXEC;
19478 -+ if (fmode & S_IWOTH)
19479 -+ reqmode |= GR_WRITE;
19480 -+ if (fmode & S_IROTH)
19481 -+ reqmode |= GR_READ;
19482 ++ if (!len || len >= maxlen)
19483 ++ return -EINVAL;
19484 +
19485 -+ mode =
19486 -+ gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
19487 -+ mnt);
19488 ++ if ((tmp = (char *) acl_alloc(len)) == NULL)
19489 ++ return -ENOMEM;
19490 +
19491 -+ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
19492 -+ gr_log_fs_rbac_mode3(GR_DO_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
19493 -+ reqmode & GR_READ ? " reading" : "",
19494 -+ reqmode & GR_WRITE ? " writing" : "",
19495 -+ reqmode & GR_EXEC ? " executing" : "");
19496 -+ return reqmode;
19497 -+ } else
19498 -+ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
19499 -+ {
19500 -+ gr_log_fs_rbac_mode3(GR_DONT_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
19501 -+ reqmode & GR_READ ? " reading" : "",
19502 -+ reqmode & GR_WRITE ? " writing" : "",
19503 -+ reqmode & GR_EXEC ? " executing" : "");
19504 -+ return 0;
19505 -+ } else if (unlikely((mode & reqmode) != reqmode))
19506 -+ return 0;
19507 ++ if (copy_from_user(tmp, *name, len))
19508 ++ return -EFAULT;
19509 +
19510 -+ return reqmode;
19511 ++ tmp[len-1] = '\0';
19512 ++ *name = tmp;
19513 ++
19514 ++ return 0;
19515 +}
19516 +
19517 -+static __u32 generic_fs_handler(const struct dentry *dentry, const struct vfsmount *mnt, __u32 reqmode, const char *fmt)
19518 ++static int
19519 ++copy_user_glob(struct acl_object_label *obj)
19520 +{
19521 -+ __u32 mode;
19522 -+
19523 -+ mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt);
19524 ++ struct acl_object_label *g_tmp, **guser;
19525 ++ int error;
19526 +
19527 -+ if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
19528 -+ gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, dentry, mnt);
19529 -+ return mode;
19530 -+ } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
19531 -+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, dentry, mnt);
19532 -+ return 0;
19533 -+ } else if (unlikely((mode & (reqmode)) != (reqmode)))
19534 ++ if (obj->globbed == NULL)
19535 + return 0;
19536 +
19537 -+ return (reqmode);
19538 -+}
19539 ++ guser = &obj->globbed;
19540 ++ while (*guser) {
19541 ++ g_tmp = (struct acl_object_label *)
19542 ++ acl_alloc(sizeof (struct acl_object_label));
19543 ++ if (g_tmp == NULL)
19544 ++ return -ENOMEM;
19545 +
19546 -+__u32
19547 -+gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
19548 -+{
19549 -+ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG);
19550 -+}
19551 ++ if (copy_acl_object_label(g_tmp, *guser))
19552 ++ return -EFAULT;
19553 +
19554 -+__u32
19555 -+gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt)
19556 -+{
19557 -+ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG);
19558 -+}
19559 ++ error = alloc_and_copy_string(&g_tmp->filename, PATH_MAX);
19560 ++ if (error)
19561 ++ return error;
19562 +
19563 -+__u32
19564 -+gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt)
19565 -+{
19566 -+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG);
19567 -+}
19568 ++ *guser = g_tmp;
19569 ++ guser = &(g_tmp->next);
19570 ++ }
19571 +
19572 -+__u32
19573 -+gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt)
19574 -+{
19575 -+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG);
19576 ++ return 0;
19577 +}
19578 +
19579 -+__u32
19580 -+gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt,
19581 -+ umode_t *modeptr)
19582 ++static int
19583 ++copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
19584 ++ struct acl_role_label *role)
19585 +{
19586 -+ umode_t mode;
19587 ++ struct acl_object_label *o_tmp;
19588 ++ int ret;
19589 +
19590 -+ *modeptr &= ~gr_acl_umask();
19591 -+ mode = *modeptr;
19592 ++ while (userp) {
19593 ++ if ((o_tmp = (struct acl_object_label *)
19594 ++ acl_alloc(sizeof (struct acl_object_label))) == NULL)
19595 ++ return -ENOMEM;
19596 +
19597 -+ if (unlikely(dentry->d_inode && S_ISSOCK(dentry->d_inode->i_mode)))
19598 -+ return 1;
19599 ++ if (copy_acl_object_label(o_tmp, userp))
19600 ++ return -EFAULT;
19601 +
19602 -+ if (unlikely(dentry->d_inode && !S_ISDIR(dentry->d_inode->i_mode) &&
19603 -+ ((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))) {
19604 -+ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
19605 -+ GR_CHMOD_ACL_MSG);
19606 -+ } else {
19607 -+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG);
19608 -+ }
19609 -+}
19610 ++ userp = o_tmp->prev;
19611 +
19612 -+__u32
19613 -+gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt)
19614 -+{
19615 -+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG);
19616 -+}
19617 ++ ret = alloc_and_copy_string(&o_tmp->filename, PATH_MAX);
19618 ++ if (ret)
19619 ++ return ret;
19620 +
19621 -+__u32
19622 -+gr_acl_handle_setxattr(const struct dentry *dentry, const struct vfsmount *mnt)
19623 -+{
19624 -+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_SETXATTR_ACL_MSG);
19625 -+}
19626 ++ insert_acl_obj_label(o_tmp, subj);
19627 ++ if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
19628 ++ o_tmp->device, (o_tmp->mode & GR_DELETED) ? 1 : 0))
19629 ++ return -ENOMEM;
19630 +
19631 -+__u32
19632 -+gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
19633 -+{
19634 -+ return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
19635 -+}
19636 ++ ret = copy_user_glob(o_tmp);
19637 ++ if (ret)
19638 ++ return ret;
19639 +
19640 -+__u32
19641 -+gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt)
19642 -+{
19643 -+ return generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE,
19644 -+ GR_UNIXCONNECT_ACL_MSG);
19645 ++ if (o_tmp->nested) {
19646 ++ int already_copied;
19647 ++
19648 ++ o_tmp->nested = do_copy_user_subj(o_tmp->nested, role, &already_copied);
19649 ++ if (IS_ERR(o_tmp->nested))
19650 ++ return PTR_ERR(o_tmp->nested);
19651 ++
19652 ++ /* insert into nested subject list if we haven't copied this one yet
19653 ++ to prevent duplicate entries */
19654 ++ if (!already_copied) {
19655 ++ o_tmp->nested->next = role->hash->first;
19656 ++ role->hash->first = o_tmp->nested;
19657 ++ }
19658 ++ }
19659 ++ }
19660 ++
19661 ++ return 0;
19662 +}
19663 +
19664 -+/* hardlinks require at minimum create and link permission,
19665 -+ any additional privilege required is based on the
19666 -+ privilege of the file being linked to
19667 -+*/
19668 -+__u32
19669 -+gr_acl_handle_link(const struct dentry * new_dentry,
19670 -+ const struct dentry * parent_dentry,
19671 -+ const struct vfsmount * parent_mnt,
19672 -+ const struct dentry * old_dentry,
19673 -+ const struct vfsmount * old_mnt, const char *to)
19674 ++static __u32
19675 ++count_user_subjs(struct acl_subject_label *userp)
19676 +{
19677 -+ __u32 mode;
19678 -+ __u32 needmode = GR_CREATE | GR_LINK;
19679 -+ __u32 needaudit = GR_AUDIT_CREATE | GR_AUDIT_LINK;
19680 ++ struct acl_subject_label s_tmp;
19681 ++ __u32 num = 0;
19682 +
19683 -+ mode =
19684 -+ gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry,
19685 -+ old_mnt);
19686 ++ while (userp) {
19687 ++ if (copy_acl_subject_label(&s_tmp, userp))
19688 ++ break;
19689 +
19690 -+ if (unlikely(((mode & needmode) == needmode) && (mode & needaudit))) {
19691 -+ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
19692 -+ return mode;
19693 -+ } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
19694 -+ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
19695 -+ return 0;
19696 -+ } else if (unlikely((mode & needmode) != needmode))
19697 -+ return 0;
19698 ++ userp = s_tmp.prev;
19699 ++ }
19700 +
19701 -+ return 1;
19702 ++ return num;
19703 +}
19704 +
19705 -+__u32
19706 -+gr_acl_handle_symlink(const struct dentry * new_dentry,
19707 -+ const struct dentry * parent_dentry,
19708 -+ const struct vfsmount * parent_mnt, const char *from)
19709 ++static int
19710 ++copy_user_allowedips(struct acl_role_label *rolep)
19711 +{
19712 -+ __u32 needmode = GR_WRITE | GR_CREATE;
19713 -+ __u32 mode;
19714 ++ struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast;
19715 +
19716 -+ mode =
19717 -+ gr_check_create(new_dentry, parent_dentry, parent_mnt,
19718 -+ GR_CREATE | GR_AUDIT_CREATE |
19719 -+ GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS);
19720 ++ ruserip = rolep->allowed_ips;
19721 +
19722 -+ if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) {
19723 -+ gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
19724 -+ return mode;
19725 -+ } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
19726 -+ gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
19727 -+ return 0;
19728 -+ } else if (unlikely((mode & needmode) != needmode))
19729 -+ return 0;
19730 ++ while (ruserip) {
19731 ++ rlast = rtmp;
19732 +
19733 -+ return (GR_WRITE | GR_CREATE);
19734 -+}
19735 ++ if ((rtmp = (struct role_allowed_ip *)
19736 ++ acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
19737 ++ return -ENOMEM;
19738 +
19739 -+static __u32 generic_fs_create_handler(const struct dentry *new_dentry, const struct dentry *parent_dentry, const struct vfsmount *parent_mnt, __u32 reqmode, const char *fmt)
19740 -+{
19741 -+ __u32 mode;
19742 ++ if (copy_role_allowed_ip(rtmp, ruserip))
19743 ++ return -EFAULT;
19744 +
19745 -+ mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
19746 ++ ruserip = rtmp->prev;
19747 +
19748 -+ if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
19749 -+ gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, new_dentry, parent_mnt);
19750 -+ return mode;
19751 -+ } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
19752 -+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, new_dentry, parent_mnt);
19753 -+ return 0;
19754 -+ } else if (unlikely((mode & (reqmode)) != (reqmode)))
19755 -+ return 0;
19756 ++ if (!rlast) {
19757 ++ rtmp->prev = NULL;
19758 ++ rolep->allowed_ips = rtmp;
19759 ++ } else {
19760 ++ rlast->next = rtmp;
19761 ++ rtmp->prev = rlast;
19762 ++ }
19763 +
19764 -+ return (reqmode);
19765 ++ if (!ruserip)
19766 ++ rtmp->next = NULL;
19767 ++ }
19768 ++
19769 ++ return 0;
19770 +}
19771 +
19772 -+__u32
19773 -+gr_acl_handle_mknod(const struct dentry * new_dentry,
19774 -+ const struct dentry * parent_dentry,
19775 -+ const struct vfsmount * parent_mnt,
19776 -+ const int mode)
19777 ++static int
19778 ++copy_user_transitions(struct acl_role_label *rolep)
19779 +{
19780 -+ __u32 reqmode = GR_WRITE | GR_CREATE;
19781 -+ if (unlikely((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))
19782 -+ reqmode |= GR_SETID;
19783 ++ struct role_transition *rusertp, *rtmp = NULL, *rlast;
19784 ++ int error;
19785 +
19786 -+ return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
19787 -+ reqmode, GR_MKNOD_ACL_MSG);
19788 -+}
19789 ++ rusertp = rolep->transitions;
19790 +
19791 -+__u32
19792 -+gr_acl_handle_mkdir(const struct dentry *new_dentry,
19793 -+ const struct dentry *parent_dentry,
19794 -+ const struct vfsmount *parent_mnt)
19795 -+{
19796 -+ return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
19797 -+ GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG);
19798 -+}
19799 ++ while (rusertp) {
19800 ++ rlast = rtmp;
19801 +
19802 -+#define RENAME_CHECK_SUCCESS(old, new) \
19803 -+ (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \
19804 -+ ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)))
19805 ++ if ((rtmp = (struct role_transition *)
19806 ++ acl_alloc(sizeof (struct role_transition))) == NULL)
19807 ++ return -ENOMEM;
19808 +
19809 -+int
19810 -+gr_acl_handle_rename(struct dentry *new_dentry,
19811 -+ struct dentry *parent_dentry,
19812 -+ const struct vfsmount *parent_mnt,
19813 -+ struct dentry *old_dentry,
19814 -+ struct inode *old_parent_inode,
19815 -+ struct vfsmount *old_mnt, const char *newname)
19816 -+{
19817 -+ __u32 comp1, comp2;
19818 -+ int error = 0;
19819 ++ if (copy_role_transition(rtmp, rusertp))
19820 ++ return -EFAULT;
19821 +
19822 -+ if (unlikely(!gr_acl_is_enabled()))
19823 -+ return 0;
19824 ++ rusertp = rtmp->prev;
19825 +
19826 -+ if (!new_dentry->d_inode) {
19827 -+ comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt,
19828 -+ GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ |
19829 -+ GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS);
19830 -+ comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE |
19831 -+ GR_DELETE | GR_AUDIT_DELETE |
19832 -+ GR_AUDIT_READ | GR_AUDIT_WRITE |
19833 -+ GR_SUPPRESS, old_mnt);
19834 -+ } else {
19835 -+ comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
19836 -+ GR_CREATE | GR_DELETE |
19837 -+ GR_AUDIT_CREATE | GR_AUDIT_DELETE |
19838 -+ GR_AUDIT_READ | GR_AUDIT_WRITE |
19839 -+ GR_SUPPRESS, parent_mnt);
19840 -+ comp2 =
19841 -+ gr_search_file(old_dentry,
19842 -+ GR_READ | GR_WRITE | GR_AUDIT_READ |
19843 -+ GR_DELETE | GR_AUDIT_DELETE |
19844 -+ GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
19845 -+ }
19846 ++ error = alloc_and_copy_string(&rtmp->rolename, GR_SPROLE_LEN);
19847 ++ if (error)
19848 ++ return error;
19849 +
19850 -+ if (RENAME_CHECK_SUCCESS(comp1, comp2) &&
19851 -+ ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS)))
19852 -+ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
19853 -+ else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS)
19854 -+ && !(comp2 & GR_SUPPRESS)) {
19855 -+ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
19856 -+ error = -EACCES;
19857 -+ } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2)))
19858 -+ error = -EACCES;
19859 ++ if (!rlast) {
19860 ++ rtmp->prev = NULL;
19861 ++ rolep->transitions = rtmp;
19862 ++ } else {
19863 ++ rlast->next = rtmp;
19864 ++ rtmp->prev = rlast;
19865 ++ }
19866 +
19867 -+ return error;
19868 ++ if (!rusertp)
19869 ++ rtmp->next = NULL;
19870 ++ }
19871 ++
19872 ++ return 0;
19873 +}
19874 +
19875 -+void
19876 -+gr_acl_handle_exit(void)
19877 ++static __u32 count_user_objs(const struct acl_object_label __user *userp)
19878 +{
19879 -+ u16 id;
19880 -+ char *rolename;
19881 ++ struct acl_object_label o_tmp;
19882 ++ __u32 num = 0;
19883 +
19884 -+ if (unlikely(current->acl_sp_role && gr_acl_is_enabled() &&
19885 -+ !(current->role->roletype & GR_ROLE_PERSIST))) {
19886 -+ id = current->acl_role_id;
19887 -+ rolename = current->role->rolename;
19888 -+ gr_set_acls(1);
19889 -+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id);
19890 ++ while (userp) {
19891 ++ if (copy_acl_object_label(&o_tmp, userp))
19892 ++ break;
19893 ++
19894 ++ userp = o_tmp.prev;
19895 ++ num++;
19896 + }
19897 +
19898 -+ gr_put_exec_file(current);
19899 -+ return;
19900 ++ return num;
19901 +}
19902 +
19903 -+int
19904 -+gr_acl_handle_procpidmem(const struct task_struct *task)
19905 ++static struct acl_subject_label *
19906 ++do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied)
19907 +{
19908 -+ if (unlikely(!gr_acl_is_enabled()))
19909 -+ return 0;
19910 ++ struct acl_subject_label *s_tmp = NULL, *s_tmp2;
19911 ++ __u32 num_objs;
19912 ++ struct acl_ip_label **i_tmp, *i_utmp2;
19913 ++ struct gr_hash_struct ghash;
19914 ++ struct subject_map *subjmap;
19915 ++ unsigned int i_num;
19916 ++ int err;
19917 +
19918 -+ if (task != current && task->acl->mode & GR_PROTPROCFD)
19919 -+ return -EACCES;
19920 ++ if (already_copied != NULL)
19921 ++ *already_copied = 0;
19922 +
19923 -+ return 0;
19924 -+}
19925 -diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
19926 -new file mode 100644
19927 -index 0000000..35f8064
19928 ---- /dev/null
19929 -+++ b/grsecurity/gracl_ip.c
19930 -@@ -0,0 +1,386 @@
19931 -+#include <linux/kernel.h>
19932 -+#include <asm/uaccess.h>
19933 -+#include <asm/errno.h>
19934 -+#include <net/sock.h>
19935 -+#include <linux/file.h>
19936 -+#include <linux/fs.h>
19937 -+#include <linux/net.h>
19938 -+#include <linux/in.h>
19939 -+#include <linux/skbuff.h>
19940 -+#include <linux/ip.h>
19941 -+#include <linux/udp.h>
19942 -+#include <linux/types.h>
19943 -+#include <linux/sched.h>
19944 -+#include <linux/netdevice.h>
19945 -+#include <linux/inetdevice.h>
19946 -+#include <linux/gracl.h>
19947 -+#include <linux/grsecurity.h>
19948 -+#include <linux/grinternal.h>
19949 -+
19950 -+#define GR_BIND 0x01
19951 -+#define GR_CONNECT 0x02
19952 -+#define GR_INVERT 0x04
19953 -+#define GR_BINDOVERRIDE 0x08
19954 -+#define GR_CONNECTOVERRIDE 0x10
19955 -+#define GR_SOCK_FAMILY 0x20
19956 ++ s_tmp = lookup_subject_map(userp);
19957 +
19958 -+static const char * gr_protocols[IPPROTO_MAX] = {
19959 -+ "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt",
19960 -+ "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet",
19961 -+ "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1",
19962 -+ "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp",
19963 -+ "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++",
19964 -+ "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre",
19965 -+ "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile",
19966 -+ "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63",
19967 -+ "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv",
19968 -+ "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak",
19969 -+ "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf",
19970 -+ "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp",
19971 -+ "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim",
19972 -+ "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip",
19973 -+ "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp",
19974 -+ "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup",
19975 -+ "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135",
19976 -+ "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143",
19977 -+ "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151",
19978 -+ "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159",
19979 -+ "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167",
19980 -+ "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175",
19981 -+ "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183",
19982 -+ "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191",
19983 -+ "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199",
19984 -+ "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207",
19985 -+ "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215",
19986 -+ "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223",
19987 -+ "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231",
19988 -+ "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239",
19989 -+ "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247",
19990 -+ "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255",
19991 -+ };
19992 ++ /* we've already copied this subject into the kernel, just return
19993 ++ the reference to it, and don't copy it over again
19994 ++ */
19995 ++ if (s_tmp) {
19996 ++ if (already_copied != NULL)
19997 ++ *already_copied = 1;
19998 ++ return(s_tmp);
19999 ++ }
20000 +
20001 -+static const char * gr_socktypes[SOCK_MAX] = {
20002 -+ "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6",
20003 -+ "unknown:7", "unknown:8", "unknown:9", "packet"
20004 -+ };
20005 ++ if ((s_tmp = (struct acl_subject_label *)
20006 ++ acl_alloc(sizeof (struct acl_subject_label))) == NULL)
20007 ++ return ERR_PTR(-ENOMEM);
20008 +
20009 -+static const char * gr_sockfamilies[AF_MAX+1] = {
20010 -+ "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25",
20011 -+ "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash",
20012 -+ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28",
20013 -+ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf"
20014 -+ };
20015 ++ subjmap = (struct subject_map *)kmalloc(sizeof (struct subject_map), GFP_KERNEL);
20016 ++ if (subjmap == NULL)
20017 ++ return ERR_PTR(-ENOMEM);
20018 +
20019 -+const char *
20020 -+gr_proto_to_name(unsigned char proto)
20021 -+{
20022 -+ return gr_protocols[proto];
20023 -+}
20024 ++ subjmap->user = userp;
20025 ++ subjmap->kernel = s_tmp;
20026 ++ insert_subj_map_entry(subjmap);
20027 +
20028 -+const char *
20029 -+gr_socktype_to_name(unsigned char type)
20030 -+{
20031 -+ return gr_socktypes[type];
20032 -+}
20033 ++ if (copy_acl_subject_label(s_tmp, userp))
20034 ++ return ERR_PTR(-EFAULT);
20035 +
20036 -+const char *
20037 -+gr_sockfamily_to_name(unsigned char family)
20038 -+{
20039 -+ return gr_sockfamilies[family];
20040 -+}
20041 ++ err = alloc_and_copy_string(&s_tmp->filename, PATH_MAX);
20042 ++ if (err)
20043 ++ return ERR_PTR(err);
20044 +
20045 -+extern const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
20046 ++ if (!strcmp(s_tmp->filename, "/"))
20047 ++ role->root_label = s_tmp;
20048 +
20049 -+int
20050 -+gr_search_socket(const int domain, const int type, const int protocol)
20051 -+{
20052 -+ struct acl_subject_label *curr;
20053 -+ const struct cred *cred = current_cred();
20054 ++ if (copy_gr_hash_struct(&ghash, s_tmp->hash))
20055 ++ return ERR_PTR(-EFAULT);
20056 +
20057 -+ if (unlikely(!gr_acl_is_enabled()))
20058 -+ goto exit;
20059 ++ /* copy user and group transition tables */
20060 +
20061 -+ if ((domain < 0) || (type < 0) || (protocol < 0) ||
20062 -+ (domain >= AF_MAX) || (type >= SOCK_MAX) || (protocol >= IPPROTO_MAX))
20063 -+ goto exit; // let the kernel handle it
20064 ++ if (s_tmp->user_trans_num) {
20065 ++ uid_t *uidlist;
20066 +
20067 -+ curr = current->acl;
20068 ++ uidlist = (uid_t *)acl_alloc_num(s_tmp->user_trans_num, sizeof(uid_t));
20069 ++ if (uidlist == NULL)
20070 ++ return ERR_PTR(-ENOMEM);
20071 ++ if (copy_from_user(uidlist, s_tmp->user_transitions, s_tmp->user_trans_num * sizeof(uid_t)))
20072 ++ return ERR_PTR(-EFAULT);
20073 +
20074 -+ if (curr->sock_families[domain / 32] & (1U << (domain % 32))) {
20075 -+ /* the family is allowed, if this is PF_INET allow it only if
20076 -+ the extra sock type/protocol checks pass */
20077 -+ if (domain == PF_INET)
20078 -+ goto inet_check;
20079 -+ goto exit;
20080 -+ } else {
20081 -+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
20082 -+ __u32 fakeip = 0;
20083 -+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
20084 -+ current->role->roletype, cred->uid,
20085 -+ cred->gid, current->exec_file ?
20086 -+ gr_to_filename(current->exec_file->f_path.dentry,
20087 -+ current->exec_file->f_path.mnt) :
20088 -+ curr->filename, curr->filename,
20089 -+ &fakeip, domain, 0, 0, GR_SOCK_FAMILY,
20090 -+ &current->signal->saved_ip);
20091 -+ goto exit;
20092 -+ }
20093 -+ goto exit_fail;
20094 ++ s_tmp->user_transitions = uidlist;
20095 + }
20096 +
20097 -+inet_check:
20098 -+ /* the rest of this checking is for IPv4 only */
20099 -+ if (!curr->ips)
20100 -+ goto exit;
20101 ++ if (s_tmp->group_trans_num) {
20102 ++ gid_t *gidlist;
20103 +
20104 -+ if ((curr->ip_type & (1U << type)) &&
20105 -+ (curr->ip_proto[protocol / 32] & (1U << (protocol % 32))))
20106 -+ goto exit;
20107 ++ gidlist = (gid_t *)acl_alloc_num(s_tmp->group_trans_num, sizeof(gid_t));
20108 ++ if (gidlist == NULL)
20109 ++ return ERR_PTR(-ENOMEM);
20110 ++ if (copy_from_user(gidlist, s_tmp->group_transitions, s_tmp->group_trans_num * sizeof(gid_t)))
20111 ++ return ERR_PTR(-EFAULT);
20112 +
20113 -+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
20114 -+ /* we don't place acls on raw sockets , and sometimes
20115 -+ dgram/ip sockets are opened for ioctl and not
20116 -+ bind/connect, so we'll fake a bind learn log */
20117 -+ if (type == SOCK_RAW || type == SOCK_PACKET) {
20118 -+ __u32 fakeip = 0;
20119 -+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
20120 -+ current->role->roletype, cred->uid,
20121 -+ cred->gid, current->exec_file ?
20122 -+ gr_to_filename(current->exec_file->f_path.dentry,
20123 -+ current->exec_file->f_path.mnt) :
20124 -+ curr->filename, curr->filename,
20125 -+ &fakeip, 0, type,
20126 -+ protocol, GR_CONNECT, &current->signal->saved_ip);
20127 -+ } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
20128 -+ __u32 fakeip = 0;
20129 -+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
20130 -+ current->role->roletype, cred->uid,
20131 -+ cred->gid, current->exec_file ?
20132 -+ gr_to_filename(current->exec_file->f_path.dentry,
20133 -+ current->exec_file->f_path.mnt) :
20134 -+ curr->filename, curr->filename,
20135 -+ &fakeip, 0, type,
20136 -+ protocol, GR_BIND, &current->signal->saved_ip);
20137 -+ }
20138 -+ /* we'll log when they use connect or bind */
20139 -+ goto exit;
20140 ++ s_tmp->group_transitions = gidlist;
20141 + }
20142 +
20143 -+exit_fail:
20144 -+ if (domain == PF_INET)
20145 -+ gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(domain),
20146 -+ gr_socktype_to_name(type), gr_proto_to_name(protocol));
20147 -+ else if (rcu_access_pointer(net_families[domain]) != NULL)
20148 -+ gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(domain),
20149 -+ gr_socktype_to_name(type), protocol);
20150 ++ /* set up object hash table */
20151 ++ num_objs = count_user_objs(ghash.first);
20152 +
20153 -+ return 0;
20154 -+exit:
20155 -+ return 1;
20156 -+}
20157 ++ s_tmp->obj_hash_size = num_objs;
20158 ++ s_tmp->obj_hash =
20159 ++ (struct acl_object_label **)
20160 ++ create_table(&(s_tmp->obj_hash_size), sizeof(void *));
20161 +
20162 -+int check_ip_policy(struct acl_ip_label *ip, __u32 ip_addr, __u16 ip_port, __u8 protocol, const int mode, const int type, __u32 our_addr, __u32 our_netmask)
20163 -+{
20164 -+ if ((ip->mode & mode) &&
20165 -+ (ip_port >= ip->low) &&
20166 -+ (ip_port <= ip->high) &&
20167 -+ ((ntohl(ip_addr) & our_netmask) ==
20168 -+ (ntohl(our_addr) & our_netmask))
20169 -+ && (ip->proto[protocol / 32] & (1U << (protocol % 32)))
20170 -+ && (ip->type & (1U << type))) {
20171 -+ if (ip->mode & GR_INVERT)
20172 -+ return 2; // specifically denied
20173 -+ else
20174 -+ return 1; // allowed
20175 -+ }
20176 ++ if (!s_tmp->obj_hash)
20177 ++ return ERR_PTR(-ENOMEM);
20178 +
20179 -+ return 0; // not specifically allowed, may continue parsing
20180 -+}
20181 ++ memset(s_tmp->obj_hash, 0,
20182 ++ s_tmp->obj_hash_size *
20183 ++ sizeof (struct acl_object_label *));
20184 +
20185 -+static int
20186 -+gr_search_connectbind(const int full_mode, struct sock *sk,
20187 -+ struct sockaddr_in *addr, const int type)
20188 -+{
20189 -+ char iface[IFNAMSIZ] = {0};
20190 -+ struct acl_subject_label *curr;
20191 -+ struct acl_ip_label *ip;
20192 -+ struct inet_sock *isk;
20193 -+ struct net_device *dev;
20194 -+ struct in_device *idev;
20195 -+ unsigned long i;
20196 -+ int ret;
20197 -+ int mode = full_mode & (GR_BIND | GR_CONNECT);
20198 -+ __u32 ip_addr = 0;
20199 -+ __u32 our_addr;
20200 -+ __u32 our_netmask;
20201 -+ char *p;
20202 -+ __u16 ip_port = 0;
20203 -+ const struct cred *cred = current_cred();
20204 ++ /* add in objects */
20205 ++ err = copy_user_objs(ghash.first, s_tmp, role);
20206 +
20207 -+ if (unlikely(!gr_acl_is_enabled() || sk->sk_family != PF_INET))
20208 -+ return 0;
20209 ++ if (err)
20210 ++ return ERR_PTR(err);
20211 +
20212 -+ curr = current->acl;
20213 -+ isk = inet_sk(sk);
20214 ++ /* set pointer for parent subject */
20215 ++ if (s_tmp->parent_subject) {
20216 ++ s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role, NULL);
20217 +
20218 -+ /* INADDR_ANY overriding for binds, inaddr_any_override is already in network order */
20219 -+ if ((full_mode & GR_BINDOVERRIDE) && addr->sin_addr.s_addr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0)
20220 -+ addr->sin_addr.s_addr = curr->inaddr_any_override;
20221 -+ if ((full_mode & GR_CONNECT) && isk->inet_saddr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0) {
20222 -+ struct sockaddr_in saddr;
20223 -+ int err;
20224 ++ if (IS_ERR(s_tmp2))
20225 ++ return s_tmp2;
20226 +
20227 -+ saddr.sin_family = AF_INET;
20228 -+ saddr.sin_addr.s_addr = curr->inaddr_any_override;
20229 -+ saddr.sin_port = isk->inet_sport;
20230 ++ s_tmp->parent_subject = s_tmp2;
20231 ++ }
20232 +
20233 -+ err = security_socket_bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
20234 -+ if (err)
20235 -+ return err;
20236 ++ /* add in ip acls */
20237 +
20238 -+ err = sk->sk_socket->ops->bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
20239 -+ if (err)
20240 -+ return err;
20241 ++ if (!s_tmp->ip_num) {
20242 ++ s_tmp->ips = NULL;
20243 ++ goto insert;
20244 + }
20245 +
20246 -+ if (!curr->ips)
20247 -+ return 0;
20248 ++ i_tmp =
20249 ++ (struct acl_ip_label **) acl_alloc_num(s_tmp->ip_num,
20250 ++ sizeof (struct acl_ip_label *));
20251 +
20252 -+ ip_addr = addr->sin_addr.s_addr;
20253 -+ ip_port = ntohs(addr->sin_port);
20254 ++ if (!i_tmp)
20255 ++ return ERR_PTR(-ENOMEM);
20256 +
20257 -+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
20258 -+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
20259 -+ current->role->roletype, cred->uid,
20260 -+ cred->gid, current->exec_file ?
20261 -+ gr_to_filename(current->exec_file->f_path.dentry,
20262 -+ current->exec_file->f_path.mnt) :
20263 -+ curr->filename, curr->filename,
20264 -+ &ip_addr, ip_port, type,
20265 -+ sk->sk_protocol, mode, &current->signal->saved_ip);
20266 -+ return 0;
20267 -+ }
20268 ++ for (i_num = 0; i_num < s_tmp->ip_num; i_num++) {
20269 ++ *(i_tmp + i_num) =
20270 ++ (struct acl_ip_label *)
20271 ++ acl_alloc(sizeof (struct acl_ip_label));
20272 ++ if (!*(i_tmp + i_num))
20273 ++ return ERR_PTR(-ENOMEM);
20274 +
20275 -+ for (i = 0; i < curr->ip_num; i++) {
20276 -+ ip = *(curr->ips + i);
20277 -+ if (ip->iface != NULL) {
20278 -+ strncpy(iface, ip->iface, IFNAMSIZ - 1);
20279 -+ p = strchr(iface, ':');
20280 -+ if (p != NULL)
20281 -+ *p = '\0';
20282 -+ dev = dev_get_by_name(sock_net(sk), iface);
20283 -+ if (dev == NULL)
20284 -+ continue;
20285 -+ idev = in_dev_get(dev);
20286 -+ if (idev == NULL) {
20287 -+ dev_put(dev);
20288 -+ continue;
20289 -+ }
20290 -+ rcu_read_lock();
20291 -+ for_ifa(idev) {
20292 -+ if (!strcmp(ip->iface, ifa->ifa_label)) {
20293 -+ our_addr = ifa->ifa_address;
20294 -+ our_netmask = 0xffffffff;
20295 -+ ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
20296 -+ if (ret == 1) {
20297 -+ rcu_read_unlock();
20298 -+ in_dev_put(idev);
20299 -+ dev_put(dev);
20300 -+ return 0;
20301 -+ } else if (ret == 2) {
20302 -+ rcu_read_unlock();
20303 -+ in_dev_put(idev);
20304 -+ dev_put(dev);
20305 -+ goto denied;
20306 -+ }
20307 -+ }
20308 -+ } endfor_ifa(idev);
20309 -+ rcu_read_unlock();
20310 -+ in_dev_put(idev);
20311 -+ dev_put(dev);
20312 -+ } else {
20313 -+ our_addr = ip->addr;
20314 -+ our_netmask = ip->netmask;
20315 -+ ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
20316 -+ if (ret == 1)
20317 -+ return 0;
20318 -+ else if (ret == 2)
20319 -+ goto denied;
20320 -+ }
20321 -+ }
20322 ++ if (copy_pointer_from_array(&i_utmp2, i_num, s_tmp->ips))
20323 ++ return ERR_PTR(-EFAULT);
20324 +
20325 -+denied:
20326 -+ if (mode == GR_BIND)
20327 -+ gr_log_int5_str2(GR_DONT_AUDIT, GR_BIND_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
20328 -+ else if (mode == GR_CONNECT)
20329 -+ gr_log_int5_str2(GR_DONT_AUDIT, GR_CONNECT_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
20330 ++ if (copy_acl_ip_label(*(i_tmp + i_num), i_utmp2))
20331 ++ return ERR_PTR(-EFAULT);
20332 ++
20333 ++ if ((*(i_tmp + i_num))->iface == NULL)
20334 ++ continue;
20335 +
20336 -+ return -EACCES;
20337 -+}
20338 ++ err = alloc_and_copy_string(&(*(i_tmp + i_num))->iface, IFNAMSIZ);
20339 ++ if (err)
20340 ++ return ERR_PTR(err);
20341 ++ }
20342 +
20343 -+int
20344 -+gr_search_connect(struct socket *sock, struct sockaddr_in *addr)
20345 -+{
20346 -+ /* always allow disconnection of dgram sockets with connect */
20347 -+ if (addr->sin_family == AF_UNSPEC)
20348 -+ return 0;
20349 -+ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type);
20350 -+}
20351 ++ s_tmp->ips = i_tmp;
20352 +
20353 -+int
20354 -+gr_search_bind(struct socket *sock, struct sockaddr_in *addr)
20355 -+{
20356 -+ return gr_search_connectbind(GR_BIND | GR_BINDOVERRIDE, sock->sk, addr, sock->type);
20357 ++insert:
20358 ++ if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
20359 ++ s_tmp->device, (s_tmp->mode & GR_DELETED) ? 1 : 0))
20360 ++ return ERR_PTR(-ENOMEM);
20361 ++
20362 ++ return s_tmp;
20363 +}
20364 +
20365 -+int gr_search_listen(struct socket *sock)
20366 ++static int
20367 ++copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role)
20368 +{
20369 -+ struct sock *sk = sock->sk;
20370 -+ struct sockaddr_in addr;
20371 ++ struct acl_subject_label s_pre;
20372 ++ struct acl_subject_label * ret;
20373 ++ int err;
20374 +
20375 -+ addr.sin_addr.s_addr = inet_sk(sk)->inet_saddr;
20376 -+ addr.sin_port = inet_sk(sk)->inet_sport;
20377 ++ while (userp) {
20378 ++ if (copy_acl_subject_label(&s_pre, userp))
20379 ++ return -EFAULT;
20380 ++
20381 ++ ret = do_copy_user_subj(userp, role, NULL);
20382 +
20383 -+ return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
20384 -+}
20385 ++ err = PTR_ERR(ret);
20386 ++ if (IS_ERR(ret))
20387 ++ return err;
20388 +
20389 -+int gr_search_accept(struct socket *sock)
20390 -+{
20391 -+ struct sock *sk = sock->sk;
20392 -+ struct sockaddr_in addr;
20393 ++ insert_acl_subj_label(ret, role);
20394 +
20395 -+ addr.sin_addr.s_addr = inet_sk(sk)->inet_saddr;
20396 -+ addr.sin_port = inet_sk(sk)->inet_sport;
20397 ++ userp = s_pre.prev;
20398 ++ }
20399 +
20400 -+ return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
20401 ++ return 0;
20402 +}
20403 +
20404 -+int
20405 -+gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr)
20406 ++static int
20407 ++copy_user_acl(struct gr_arg *arg)
20408 +{
20409 -+ if (addr)
20410 -+ return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM);
20411 -+ else {
20412 -+ struct sockaddr_in sin;
20413 -+ const struct inet_sock *inet = inet_sk(sk);
20414 ++ struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2;
20415 ++ struct acl_subject_label *subj_list;
20416 ++ struct sprole_pw *sptmp;
20417 ++ struct gr_hash_struct *ghash;
20418 ++ uid_t *domainlist;
20419 ++ unsigned int r_num;
20420 ++ int err = 0;
20421 ++ __u16 i;
20422 ++ __u32 num_subjs;
20423 +
20424 -+ sin.sin_addr.s_addr = inet->inet_daddr;
20425 -+ sin.sin_port = inet->inet_dport;
20426 ++ /* we need a default and kernel role */
20427 ++ if (arg->role_db.num_roles < 2)
20428 ++ return -EINVAL;
20429 +
20430 -+ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
20431 -+ }
20432 -+}
20433 ++ /* copy special role authentication info from userspace */
20434 +
20435 -+int
20436 -+gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb)
20437 -+{
20438 -+ struct sockaddr_in sin;
20439 ++ polstate->num_sprole_pws = arg->num_sprole_pws;
20440 ++ polstate->acl_special_roles = (struct sprole_pw **) acl_alloc_num(polstate->num_sprole_pws, sizeof(struct sprole_pw *));
20441 +
20442 -+ if (unlikely(skb->len < sizeof (struct udphdr)))
20443 -+ return 0; // skip this packet
20444 ++ if (!polstate->acl_special_roles && polstate->num_sprole_pws)
20445 ++ return -ENOMEM;
20446 +
20447 -+ sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
20448 -+ sin.sin_port = udp_hdr(skb)->source;
20449 ++ for (i = 0; i < polstate->num_sprole_pws; i++) {
20450 ++ sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
20451 ++ if (!sptmp)
20452 ++ return -ENOMEM;
20453 ++ if (copy_sprole_pw(sptmp, i, arg->sprole_pws))
20454 ++ return -EFAULT;
20455 +
20456 -+ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
20457 -+}
20458 -diff --git a/grsecurity/gracl_learn.c b/grsecurity/gracl_learn.c
20459 -new file mode 100644
20460 -index 0000000..25f54ef
20461 ---- /dev/null
20462 -+++ b/grsecurity/gracl_learn.c
20463 -@@ -0,0 +1,207 @@
20464 -+#include <linux/kernel.h>
20465 -+#include <linux/mm.h>
20466 -+#include <linux/sched.h>
20467 -+#include <linux/poll.h>
20468 -+#include <linux/string.h>
20469 -+#include <linux/file.h>
20470 -+#include <linux/types.h>
20471 -+#include <linux/vmalloc.h>
20472 -+#include <linux/grinternal.h>
20473 ++ err = alloc_and_copy_string((char **)&sptmp->rolename, GR_SPROLE_LEN);
20474 ++ if (err)
20475 ++ return err;
20476 +
20477 -+extern ssize_t write_grsec_handler(struct file * file, const char __user * buf,
20478 -+ size_t count, loff_t *ppos);
20479 -+extern int gr_acl_is_enabled(void);
20480 ++#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
20481 ++ printk(KERN_ALERT "Copying special role %s\n", sptmp->rolename);
20482 ++#endif
20483 +
20484 -+static DECLARE_WAIT_QUEUE_HEAD(learn_wait);
20485 -+static int gr_learn_attached;
20486 ++ polstate->acl_special_roles[i] = sptmp;
20487 ++ }
20488 +
20489 -+/* use a 512k buffer */
20490 -+#define LEARN_BUFFER_SIZE (512 * 1024)
20491 ++ r_utmp = (struct acl_role_label **) arg->role_db.r_table;
20492 +
20493 -+static DEFINE_SPINLOCK(gr_learn_lock);
20494 -+static DEFINE_MUTEX(gr_learn_user_mutex);
20495 ++ for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) {
20496 ++ r_tmp = acl_alloc(sizeof (struct acl_role_label));
20497 +
20498 -+/* we need to maintain two buffers, so that the kernel context of grlearn
20499 -+ uses a semaphore around the userspace copying, and the other kernel contexts
20500 -+ use a spinlock when copying into the buffer, since they cannot sleep
20501 -+*/
20502 -+static char *learn_buffer;
20503 -+static char *learn_buffer_user;
20504 -+static int learn_buffer_len;
20505 -+static int learn_buffer_user_len;
20506 ++ if (!r_tmp)
20507 ++ return -ENOMEM;
20508 +
20509 -+static ssize_t
20510 -+read_learn(struct file *file, char __user * buf, size_t count, loff_t * ppos)
20511 -+{
20512 -+ DECLARE_WAITQUEUE(wait, current);
20513 -+ ssize_t retval = 0;
20514 ++ if (copy_pointer_from_array(&r_utmp2, r_num, r_utmp))
20515 ++ return -EFAULT;
20516 +
20517 -+ add_wait_queue(&learn_wait, &wait);
20518 -+ set_current_state(TASK_INTERRUPTIBLE);
20519 -+ do {
20520 -+ mutex_lock(&gr_learn_user_mutex);
20521 -+ spin_lock(&gr_learn_lock);
20522 -+ if (learn_buffer_len)
20523 -+ break;
20524 -+ spin_unlock(&gr_learn_lock);
20525 -+ mutex_unlock(&gr_learn_user_mutex);
20526 -+ if (file->f_flags & O_NONBLOCK) {
20527 -+ retval = -EAGAIN;
20528 -+ goto out;
20529 -+ }
20530 -+ if (signal_pending(current)) {
20531 -+ retval = -ERESTARTSYS;
20532 -+ goto out;
20533 ++ if (copy_acl_role_label(r_tmp, r_utmp2))
20534 ++ return -EFAULT;
20535 ++
20536 ++ err = alloc_and_copy_string(&r_tmp->rolename, GR_SPROLE_LEN);
20537 ++ if (err)
20538 ++ return err;
20539 ++
20540 ++ if (!strcmp(r_tmp->rolename, "default")
20541 ++ && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
20542 ++ polstate->default_role = r_tmp;
20543 ++ } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) {
20544 ++ polstate->kernel_role = r_tmp;
20545 + }
20546 +
20547 -+ schedule();
20548 -+ } while (1);
20549 ++ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL)
20550 ++ return -ENOMEM;
20551 +
20552 -+ memcpy(learn_buffer_user, learn_buffer, learn_buffer_len);
20553 -+ learn_buffer_user_len = learn_buffer_len;
20554 -+ retval = learn_buffer_len;
20555 -+ learn_buffer_len = 0;
20556 ++ if (copy_gr_hash_struct(ghash, r_tmp->hash))
20557 ++ return -EFAULT;
20558 +
20559 -+ spin_unlock(&gr_learn_lock);
20560 ++ r_tmp->hash = ghash;
20561 +
20562 -+ if (copy_to_user(buf, learn_buffer_user, learn_buffer_user_len))
20563 -+ retval = -EFAULT;
20564 ++ num_subjs = count_user_subjs(r_tmp->hash->first);
20565 +
20566 -+ mutex_unlock(&gr_learn_user_mutex);
20567 -+out:
20568 -+ set_current_state(TASK_RUNNING);
20569 -+ remove_wait_queue(&learn_wait, &wait);
20570 -+ return retval;
20571 -+}
20572 ++ r_tmp->subj_hash_size = num_subjs;
20573 ++ r_tmp->subj_hash =
20574 ++ (struct acl_subject_label **)
20575 ++ create_table(&(r_tmp->subj_hash_size), sizeof(void *));
20576 +
20577 -+static unsigned int
20578 -+poll_learn(struct file * file, poll_table * wait)
20579 -+{
20580 -+ poll_wait(file, &learn_wait, wait);
20581 ++ if (!r_tmp->subj_hash)
20582 ++ return -ENOMEM;
20583 +
20584 -+ if (learn_buffer_len)
20585 -+ return (POLLIN | POLLRDNORM);
20586 ++ err = copy_user_allowedips(r_tmp);
20587 ++ if (err)
20588 ++ return err;
20589 +
20590 -+ return 0;
20591 -+}
20592 ++ /* copy domain info */
20593 ++ if (r_tmp->domain_children != NULL) {
20594 ++ domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t));
20595 ++ if (domainlist == NULL)
20596 ++ return -ENOMEM;
20597 +
20598 -+void
20599 -+gr_clear_learn_entries(void)
20600 -+{
20601 -+ char *tmp;
20602 ++ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t)))
20603 ++ return -EFAULT;
20604 +
20605 -+ mutex_lock(&gr_learn_user_mutex);
20606 -+ spin_lock(&gr_learn_lock);
20607 -+ tmp = learn_buffer;
20608 -+ learn_buffer = NULL;
20609 -+ spin_unlock(&gr_learn_lock);
20610 -+ if (tmp)
20611 -+ vfree(tmp);
20612 -+ if (learn_buffer_user != NULL) {
20613 -+ vfree(learn_buffer_user);
20614 -+ learn_buffer_user = NULL;
20615 -+ }
20616 -+ learn_buffer_len = 0;
20617 -+ mutex_unlock(&gr_learn_user_mutex);
20618 ++ r_tmp->domain_children = domainlist;
20619 ++ }
20620 +
20621 -+ return;
20622 -+}
20623 ++ err = copy_user_transitions(r_tmp);
20624 ++ if (err)
20625 ++ return err;
20626 +
20627 -+void
20628 -+gr_add_learn_entry(const char *fmt, ...)
20629 -+{
20630 -+ va_list args;
20631 -+ unsigned int len;
20632 ++ memset(r_tmp->subj_hash, 0,
20633 ++ r_tmp->subj_hash_size *
20634 ++ sizeof (struct acl_subject_label *));
20635 +
20636 -+ if (!gr_learn_attached)
20637 -+ return;
20638 ++ /* acquire the list of subjects, then NULL out
20639 ++ the list prior to parsing the subjects for this role,
20640 ++ as during this parsing the list is replaced with a list
20641 ++ of *nested* subjects for the role
20642 ++ */
20643 ++ subj_list = r_tmp->hash->first;
20644 +
20645 -+ spin_lock(&gr_learn_lock);
20646 ++ /* set nested subject list to null */
20647 ++ r_tmp->hash->first = NULL;
20648 +
20649 -+ /* leave a gap at the end so we know when it's "full" but don't have to
20650 -+ compute the exact length of the string we're trying to append
20651 -+ */
20652 -+ if (learn_buffer_len > LEARN_BUFFER_SIZE - 16384) {
20653 -+ spin_unlock(&gr_learn_lock);
20654 -+ wake_up_interruptible(&learn_wait);
20655 -+ return;
20656 -+ }
20657 -+ if (learn_buffer == NULL) {
20658 -+ spin_unlock(&gr_learn_lock);
20659 -+ return;
20660 -+ }
20661 ++ err = copy_user_subjs(subj_list, r_tmp);
20662 +
20663 -+ va_start(args, fmt);
20664 -+ len = vsnprintf(learn_buffer + learn_buffer_len, LEARN_BUFFER_SIZE - learn_buffer_len, fmt, args);
20665 -+ va_end(args);
20666 ++ if (err)
20667 ++ return err;
20668 +
20669 -+ learn_buffer_len += len + 1;
20670 ++ insert_acl_role_label(r_tmp);
20671 ++ }
20672 +
20673 -+ spin_unlock(&gr_learn_lock);
20674 -+ wake_up_interruptible(&learn_wait);
20675 ++ if (polstate->default_role == NULL || polstate->kernel_role == NULL)
20676 ++ return -EINVAL;
20677 +
20678 -+ return;
20679 ++ return err;
20680 +}
20681 +
20682 -+static int
20683 -+open_learn(struct inode *inode, struct file *file)
20684 ++static struct acl_subject_label *gr_get_subject_for_task(struct task_struct *task, const char *filename)
20685 +{
20686 -+ if (file->f_mode & FMODE_READ && gr_learn_attached)
20687 -+ return -EBUSY;
20688 -+ if (file->f_mode & FMODE_READ) {
20689 -+ int retval = 0;
20690 -+ mutex_lock(&gr_learn_user_mutex);
20691 -+ if (learn_buffer == NULL)
20692 -+ learn_buffer = vmalloc(LEARN_BUFFER_SIZE);
20693 -+ if (learn_buffer_user == NULL)
20694 -+ learn_buffer_user = vmalloc(LEARN_BUFFER_SIZE);
20695 -+ if (learn_buffer == NULL) {
20696 -+ retval = -ENOMEM;
20697 -+ goto out_error;
20698 -+ }
20699 -+ if (learn_buffer_user == NULL) {
20700 -+ retval = -ENOMEM;
20701 -+ goto out_error;
20702 -+ }
20703 -+ learn_buffer_len = 0;
20704 -+ learn_buffer_user_len = 0;
20705 -+ gr_learn_attached = 1;
20706 -+out_error:
20707 -+ mutex_unlock(&gr_learn_user_mutex);
20708 -+ return retval;
20709 -+ }
20710 -+ return 0;
20711 -+}
20712 ++ char *tmpname;
20713 ++ struct acl_subject_label *tmpsubj;
20714 ++ struct file *filp;
20715 ++ struct name_entry *nmatch;
20716 +
20717 -+static int
20718 -+close_learn(struct inode *inode, struct file *file)
20719 -+{
20720 -+ if (file->f_mode & FMODE_READ) {
20721 -+ char *tmp = NULL;
20722 -+ mutex_lock(&gr_learn_user_mutex);
20723 -+ spin_lock(&gr_learn_lock);
20724 -+ tmp = learn_buffer;
20725 -+ learn_buffer = NULL;
20726 -+ spin_unlock(&gr_learn_lock);
20727 -+ if (tmp)
20728 -+ vfree(tmp);
20729 -+ if (learn_buffer_user != NULL) {
20730 -+ vfree(learn_buffer_user);
20731 -+ learn_buffer_user = NULL;
20732 -+ }
20733 -+ learn_buffer_len = 0;
20734 -+ learn_buffer_user_len = 0;
20735 -+ gr_learn_attached = 0;
20736 -+ mutex_unlock(&gr_learn_user_mutex);
20737 ++ filp = task->exec_file;
20738 ++ if (filp == NULL)
20739 ++ return NULL;
20740 ++
20741 ++ /* the following is to apply the correct subject
20742 ++ on binaries running when the RBAC system
20743 ++ is enabled, when the binaries have been
20744 ++ replaced or deleted since their execution
20745 ++ -----
20746 ++ when the RBAC system starts, the inode/dev
20747 ++ from exec_file will be one the RBAC system
20748 ++ is unaware of. It only knows the inode/dev
20749 ++ of the present file on disk, or the absence
20750 ++ of it.
20751 ++ */
20752 ++
20753 ++ if (filename)
20754 ++ nmatch = __lookup_name_entry(polstate, filename);
20755 ++ else {
20756 ++ preempt_disable();
20757 ++ tmpname = gr_to_filename_rbac(filp->f_path.dentry, filp->f_path.mnt);
20758 ++
20759 ++ nmatch = __lookup_name_entry(polstate, tmpname);
20760 ++ preempt_enable();
20761 ++ }
20762 ++ tmpsubj = NULL;
20763 ++ if (nmatch) {
20764 ++ if (nmatch->deleted)
20765 ++ tmpsubj = lookup_acl_subj_label_deleted(nmatch->inode, nmatch->device, task->role);
20766 ++ else
20767 ++ tmpsubj = lookup_acl_subj_label(nmatch->inode, nmatch->device, task->role);
20768 + }
20769 ++ /* this also works for the reload case -- if we don't match a potentially inherited subject
20770 ++ then we fall back to a normal lookup based on the binary's ino/dev
20771 ++ */
20772 ++ if (tmpsubj == NULL)
20773 ++ tmpsubj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt,
20774 ++ task->role);
20775 +
20776 -+ return 0;
20777 ++ return tmpsubj;
20778 +}
20779 -+
20780 -+const struct file_operations grsec_fops = {
20781 -+ .read = read_learn,
20782 -+ .write = write_grsec_handler,
20783 -+ .open = open_learn,
20784 -+ .release = close_learn,
20785 -+ .poll = poll_learn,
20786 -+};
20787 -diff --git a/grsecurity/gracl_res.c b/grsecurity/gracl_res.c
20788 -new file mode 100644
20789 -index 0000000..39645c9
20790 ---- /dev/null
20791 -+++ b/grsecurity/gracl_res.c
20792 -@@ -0,0 +1,68 @@
20793 -+#include <linux/kernel.h>
20794 -+#include <linux/sched.h>
20795 -+#include <linux/gracl.h>
20796 -+#include <linux/grinternal.h>
20797 -+
20798 -+static const char *restab_log[] = {
20799 -+ [RLIMIT_CPU] = "RLIMIT_CPU",
20800 -+ [RLIMIT_FSIZE] = "RLIMIT_FSIZE",
20801 -+ [RLIMIT_DATA] = "RLIMIT_DATA",
20802 -+ [RLIMIT_STACK] = "RLIMIT_STACK",
20803 -+ [RLIMIT_CORE] = "RLIMIT_CORE",
20804 -+ [RLIMIT_RSS] = "RLIMIT_RSS",
20805 -+ [RLIMIT_NPROC] = "RLIMIT_NPROC",
20806 -+ [RLIMIT_NOFILE] = "RLIMIT_NOFILE",
20807 -+ [RLIMIT_MEMLOCK] = "RLIMIT_MEMLOCK",
20808 -+ [RLIMIT_AS] = "RLIMIT_AS",
20809 -+ [RLIMIT_LOCKS] = "RLIMIT_LOCKS",
20810 -+ [RLIMIT_SIGPENDING] = "RLIMIT_SIGPENDING",
20811 -+ [RLIMIT_MSGQUEUE] = "RLIMIT_MSGQUEUE",
20812 -+ [RLIMIT_NICE] = "RLIMIT_NICE",
20813 -+ [RLIMIT_RTPRIO] = "RLIMIT_RTPRIO",
20814 -+ [RLIMIT_RTTIME] = "RLIMIT_RTTIME",
20815 -+ [GR_CRASH_RES] = "RLIMIT_CRASH"
20816 -+};
20817 +
20818 -+void
20819 -+gr_log_resource(const struct task_struct *task,
20820 -+ const int res, const unsigned long wanted, const int gt)
20821 ++static int gracl_reload_apply_policies(void *reload)
20822 +{
20823 ++ struct gr_reload_state *reload_state = (struct gr_reload_state *)reload;
20824 ++ struct task_struct *task, *task2;
20825 ++ struct acl_role_label *role, *rtmp;
20826 ++ struct acl_subject_label *subj;
20827 + const struct cred *cred;
20828 -+ unsigned long rlim;
20829 -+
20830 -+ if (!gr_acl_is_enabled() && !grsec_resource_logging)
20831 -+ return;
20832 -+
20833 -+ // not yet supported resource
20834 -+ if (unlikely(!restab_log[res]))
20835 -+ return;
20836 -+
20837 -+ if (res == RLIMIT_CPU || res == RLIMIT_RTTIME)
20838 -+ rlim = task_rlimit_max(task, res);
20839 -+ else
20840 -+ rlim = task_rlimit(task, res);
20841 -+
20842 -+ if (likely((rlim == RLIM_INFINITY) || (gt && wanted <= rlim) || (!gt && wanted < rlim)))
20843 -+ return;
20844 ++ int role_applied;
20845 ++ int ret = 0;
20846 +
20847 -+ rcu_read_lock();
20848 -+ cred = __task_cred(task);
20849 ++ memcpy(&reload_state->oldpolicy, reload_state->oldpolicy_ptr, sizeof(struct gr_reload_state));
20850 ++ memcpy(&reload_state->oldalloc, reload_state->oldalloc_ptr, sizeof(struct gr_alloc_state));
20851 +
20852 -+ if (res == RLIMIT_NPROC &&
20853 -+ (cap_raised(cred->cap_effective, CAP_SYS_ADMIN) ||
20854 -+ cap_raised(cred->cap_effective, CAP_SYS_RESOURCE)))
20855 -+ goto out_rcu_unlock;
20856 -+ else if (res == RLIMIT_MEMLOCK &&
20857 -+ cap_raised(cred->cap_effective, CAP_IPC_LOCK))
20858 -+ goto out_rcu_unlock;
20859 -+ else if (res == RLIMIT_NICE && cap_raised(cred->cap_effective, CAP_SYS_NICE))
20860 -+ goto out_rcu_unlock;
20861 -+ rcu_read_unlock();
20862 ++ /* first make sure we'll be able to apply the new policy cleanly */
20863 ++ do_each_thread(task2, task) {
20864 ++ if (task->exec_file == NULL)
20865 ++ continue;
20866 ++ role_applied = 0;
20867 ++ if (!reload_state->oldmode && task->role->roletype & GR_ROLE_SPECIAL) {
20868 ++ /* preserve special roles */
20869 ++ FOR_EACH_ROLE_START(role)
20870 ++ if ((role->roletype & GR_ROLE_SPECIAL) && !strcmp(task->role->rolename, role->rolename)) {
20871 ++ rtmp = task->role;
20872 ++ task->role = role;
20873 ++ role_applied = 1;
20874 ++ break;
20875 ++ }
20876 ++ FOR_EACH_ROLE_END(role)
20877 ++ }
20878 ++ if (!role_applied) {
20879 ++ cred = __task_cred(task);
20880 ++ rtmp = task->role;
20881 ++ task->role = __lookup_acl_role_label(polstate, task, cred->uid, cred->gid);
20882 ++ }
20883 ++ /* this handles non-nested inherited subjects, nested subjects will still
20884 ++ be dropped currently */
20885 ++ subj = gr_get_subject_for_task(task, task->acl->filename);
20886 ++ task->tmpacl = gr_get_subject_for_task(task, NULL);
20887 ++ /* change the role back so that we've made no modifications to the policy */
20888 ++ task->role = rtmp;
20889 ++
20890 ++ if (subj == NULL || task->tmpacl == NULL) {
20891 ++ ret = -EINVAL;
20892 ++ goto out;
20893 ++ }
20894 ++ } while_each_thread(task2, task);
20895 +
20896 -+ gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], rlim);
20897 ++ /* now actually apply the policy */
20898 +
20899 -+ return;
20900 -+out_rcu_unlock:
20901 -+ rcu_read_unlock();
20902 -+ return;
20903 -+}
20904 -diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
20905 -new file mode 100644
20906 -index 0000000..1117026
20907 ---- /dev/null
20908 -+++ b/grsecurity/gracl_segv.c
20909 -@@ -0,0 +1,301 @@
20910 -+#include <linux/kernel.h>
20911 -+#include <linux/mm.h>
20912 -+#include <asm/uaccess.h>
20913 -+#include <asm/errno.h>
20914 -+#include <asm/mman.h>
20915 -+#include <net/sock.h>
20916 -+#include <linux/file.h>
20917 -+#include <linux/fs.h>
20918 -+#include <linux/net.h>
20919 -+#include <linux/in.h>
20920 -+#include <linux/slab.h>
20921 -+#include <linux/types.h>
20922 -+#include <linux/sched.h>
20923 -+#include <linux/timer.h>
20924 -+#include <linux/gracl.h>
20925 -+#include <linux/grsecurity.h>
20926 -+#include <linux/grinternal.h>
20927 -+#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
20928 -+#include <linux/magic.h>
20929 -+#include <linux/pagemap.h>
20930 -+#include "../fs/btrfs/async-thread.h"
20931 -+#include "../fs/btrfs/ctree.h"
20932 -+#include "../fs/btrfs/btrfs_inode.h"
20933 ++ do_each_thread(task2, task) {
20934 ++ if (task->exec_file) {
20935 ++ role_applied = 0;
20936 ++ if (!reload_state->oldmode && task->role->roletype & GR_ROLE_SPECIAL) {
20937 ++ /* preserve special roles */
20938 ++ FOR_EACH_ROLE_START(role)
20939 ++ if ((role->roletype & GR_ROLE_SPECIAL) && !strcmp(task->role->rolename, role->rolename)) {
20940 ++ task->role = role;
20941 ++ role_applied = 1;
20942 ++ break;
20943 ++ }
20944 ++ FOR_EACH_ROLE_END(role)
20945 ++ }
20946 ++ if (!role_applied) {
20947 ++ cred = __task_cred(task);
20948 ++ task->role = __lookup_acl_role_label(polstate, task, cred->uid, cred->gid);
20949 ++ }
20950 ++ /* this handles non-nested inherited subjects, nested subjects will still
20951 ++ be dropped currently */
20952 ++ if (!reload_state->oldmode && task->inherited)
20953 ++ subj = gr_get_subject_for_task(task, task->acl->filename);
20954 ++ else {
20955 ++ /* looked up and tagged to the task previously */
20956 ++ subj = task->tmpacl;
20957 ++ }
20958 ++ /* subj will be non-null */
20959 ++ __gr_apply_subject_to_task(polstate, task, subj);
20960 ++ if (reload_state->oldmode) {
20961 ++ task->acl_role_id = 0;
20962 ++ task->acl_sp_role = 0;
20963 ++ task->inherited = 0;
20964 ++ }
20965 ++ } else {
20966 ++ // it's a kernel process
20967 ++ task->role = polstate->kernel_role;
20968 ++ task->acl = polstate->kernel_role->root_label;
20969 ++#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
20970 ++ task->acl->mode &= ~GR_PROCFIND;
20971 +#endif
20972 ++ }
20973 ++ } while_each_thread(task2, task);
20974 +
20975 -+static struct crash_uid *uid_set;
20976 -+static unsigned short uid_used;
20977 -+static DEFINE_SPINLOCK(gr_uid_lock);
20978 -+extern rwlock_t gr_inode_lock;
20979 -+extern struct acl_subject_label *
20980 -+ lookup_acl_subj_label(const ino_t inode, const dev_t dev,
20981 -+ struct acl_role_label *role);
20982 -+
20983 -+static inline dev_t __get_dev(const struct dentry *dentry)
20984 -+{
20985 -+#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
20986 -+ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
20987 -+ return BTRFS_I(dentry->d_inode)->root->anon_dev;
20988 -+ else
20989 -+#endif
20990 -+ return dentry->d_sb->s_dev;
20991 -+}
20992 ++ memcpy(reload_state->oldpolicy_ptr, &reload_state->newpolicy, sizeof(struct gr_policy_state));
20993 ++ memcpy(reload_state->oldalloc_ptr, &reload_state->newalloc, sizeof(struct gr_alloc_state));
20994 +
20995 -+int
20996 -+gr_init_uidset(void)
20997 -+{
20998 -+ uid_set =
20999 -+ kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL);
21000 -+ uid_used = 0;
21001 ++out:
21002 +
21003 -+ return uid_set ? 1 : 0;
21004 ++ return ret;
21005 +}
21006 +
21007 -+void
21008 -+gr_free_uidset(void)
21009 ++static int gracl_reload(struct gr_arg *args, unsigned char oldmode)
21010 +{
21011 -+ if (uid_set)
21012 -+ kfree(uid_set);
21013 ++ struct gr_reload_state new_reload_state = { };
21014 ++ int err;
21015 +
21016 -+ return;
21017 -+}
21018 ++ new_reload_state.oldpolicy_ptr = polstate;
21019 ++ new_reload_state.oldalloc_ptr = current_alloc_state;
21020 ++ new_reload_state.oldmode = oldmode;
21021 +
21022 -+int
21023 -+gr_find_uid(const uid_t uid)
21024 -+{
21025 -+ struct crash_uid *tmp = uid_set;
21026 -+ uid_t buid;
21027 -+ int low = 0, high = uid_used - 1, mid;
21028 ++ current_alloc_state = &new_reload_state.newalloc;
21029 ++ polstate = &new_reload_state.newpolicy;
21030 +
21031 -+ while (high >= low) {
21032 -+ mid = (low + high) >> 1;
21033 -+ buid = tmp[mid].uid;
21034 -+ if (buid == uid)
21035 -+ return mid;
21036 -+ if (buid > uid)
21037 -+ high = mid - 1;
21038 -+ if (buid < uid)
21039 -+ low = mid + 1;
21040 ++ /* everything relevant is now saved off, copy in the new policy */
21041 ++ if (init_variables(args, true)) {
21042 ++ gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
21043 ++ err = -ENOMEM;
21044 ++ goto error;
21045 + }
21046 +
21047 -+ return -1;
21048 -+}
21049 ++ err = copy_user_acl(args);
21050 ++ free_init_variables();
21051 ++ if (err)
21052 ++ goto error;
21053 ++ /* the new policy is copied in, with the old policy available via saved_state
21054 ++ first go through applying roles, making sure to preserve special roles
21055 ++ then apply new subjects, making sure to preserve inherited and nested subjects,
21056 ++ though currently only inherited subjects will be preserved
21057 ++ */
21058 ++ err = stop_machine(gracl_reload_apply_policies, &new_reload_state, NULL);
21059 ++ if (err)
21060 ++ goto error;
21061 +
21062 -+static __inline__ void
21063 -+gr_insertsort(void)
21064 -+{
21065 -+ unsigned short i, j;
21066 -+ struct crash_uid index;
21067 ++ /* we've now applied the new policy, so restore the old policy state to free it */
21068 ++ polstate = &new_reload_state.oldpolicy;
21069 ++ current_alloc_state = &new_reload_state.oldalloc;
21070 ++ free_variables(true);
21071 +
21072 -+ for (i = 1; i < uid_used; i++) {
21073 -+ index = uid_set[i];
21074 -+ j = i;
21075 -+ while ((j > 0) && uid_set[j - 1].uid > index.uid) {
21076 -+ uid_set[j] = uid_set[j - 1];
21077 -+ j--;
21078 -+ }
21079 -+ uid_set[j] = index;
21080 -+ }
21081 ++ /* oldpolicy/oldalloc_ptr point to the new policy/alloc states as they were copied
21082 ++ to running_polstate/current_alloc_state inside stop_machine
21083 ++ */
21084 ++ err = 0;
21085 ++ goto out;
21086 ++error:
21087 ++ /* on error of loading the new policy, we'll just keep the previous
21088 ++ policy set around
21089 ++ */
21090 ++ free_variables(true);
21091 +
21092 -+ return;
21093 ++ /* doesn't affect runtime, but maintains consistent state */
21094 ++out:
21095 ++ polstate = new_reload_state.oldpolicy_ptr;
21096 ++ current_alloc_state = new_reload_state.oldalloc_ptr;
21097 ++
21098 ++ return err;
21099 +}
21100 +
21101 -+static __inline__ void
21102 -+gr_insert_uid(const uid_t uid, const unsigned long expires)
21103 ++static int
21104 ++gracl_init(struct gr_arg *args)
21105 +{
21106 -+ int loc;
21107 -+
21108 -+ if (uid_used == GR_UIDTABLE_MAX)
21109 -+ return;
21110 ++ int error = 0;
21111 +
21112 -+ loc = gr_find_uid(uid);
21113 ++ memcpy(&gr_system_salt, args->salt, sizeof(gr_system_salt));
21114 ++ memcpy(&gr_system_sum, args->sum, sizeof(gr_system_sum));
21115 +
21116 -+ if (loc >= 0) {
21117 -+ uid_set[loc].expires = expires;
21118 -+ return;
21119 ++ if (init_variables(args, false)) {
21120 ++ gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
21121 ++ error = -ENOMEM;
21122 ++ goto out;
21123 + }
21124 +
21125 -+ uid_set[uid_used].uid = uid;
21126 -+ uid_set[uid_used].expires = expires;
21127 -+ uid_used++;
21128 -+
21129 -+ gr_insertsort();
21130 -+
21131 -+ return;
21132 -+}
21133 ++ error = copy_user_acl(args);
21134 ++ free_init_variables();
21135 ++ if (error)
21136 ++ goto out;
21137 +
21138 -+void
21139 -+gr_remove_uid(const unsigned short loc)
21140 -+{
21141 -+ unsigned short i;
21142 ++ error = gr_set_acls(0);
21143 ++ if (error)
21144 ++ goto out;
21145 +
21146 -+ for (i = loc + 1; i < uid_used; i++)
21147 -+ uid_set[i - 1] = uid_set[i];
21148 ++ gr_enable_rbac_system();
21149 +
21150 -+ uid_used--;
21151 ++ return 0;
21152 +
21153 -+ return;
21154 ++out:
21155 ++ free_variables(false);
21156 ++ return error;
21157 +}
21158 +
21159 -+int
21160 -+gr_check_crash_uid(const uid_t uid)
21161 ++static int
21162 ++lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt,
21163 ++ unsigned char **sum)
21164 +{
21165 -+ int loc;
21166 -+ int ret = 0;
21167 ++ struct acl_role_label *r;
21168 ++ struct role_allowed_ip *ipp;
21169 ++ struct role_transition *trans;
21170 ++ unsigned int i;
21171 ++ int found = 0;
21172 ++ u32 curr_ip = current->signal->curr_ip;
21173 +
21174 -+ if (unlikely(!gr_acl_is_enabled()))
21175 -+ return 0;
21176 ++ current->signal->saved_ip = curr_ip;
21177 +
21178 -+ spin_lock(&gr_uid_lock);
21179 -+ loc = gr_find_uid(uid);
21180 ++ /* check transition table */
21181 +
21182 -+ if (loc < 0)
21183 -+ goto out_unlock;
21184 ++ for (trans = current->role->transitions; trans; trans = trans->next) {
21185 ++ if (!strcmp(rolename, trans->rolename)) {
21186 ++ found = 1;
21187 ++ break;
21188 ++ }
21189 ++ }
21190 +
21191 -+ if (time_before_eq(uid_set[loc].expires, get_seconds()))
21192 -+ gr_remove_uid(loc);
21193 -+ else
21194 -+ ret = 1;
21195 ++ if (!found)
21196 ++ return 0;
21197 +
21198 -+out_unlock:
21199 -+ spin_unlock(&gr_uid_lock);
21200 -+ return ret;
21201 -+}
21202 ++ /* handle special roles that do not require authentication
21203 ++ and check ip */
21204 +
21205 -+static __inline__ int
21206 -+proc_is_setxid(const struct cred *cred)
21207 -+{
21208 -+ if (cred->uid != cred->euid || cred->uid != cred->suid ||
21209 -+ cred->uid != cred->fsuid)
21210 -+ return 1;
21211 -+ if (cred->gid != cred->egid || cred->gid != cred->sgid ||
21212 -+ cred->gid != cred->fsgid)
21213 -+ return 1;
21214 ++ FOR_EACH_ROLE_START(r)
21215 ++ if (!strcmp(rolename, r->rolename) &&
21216 ++ (r->roletype & GR_ROLE_SPECIAL)) {
21217 ++ found = 0;
21218 ++ if (r->allowed_ips != NULL) {
21219 ++ for (ipp = r->allowed_ips; ipp; ipp = ipp->next) {
21220 ++ if ((ntohl(curr_ip) & ipp->netmask) ==
21221 ++ (ntohl(ipp->addr) & ipp->netmask))
21222 ++ found = 1;
21223 ++ }
21224 ++ } else
21225 ++ found = 2;
21226 ++ if (!found)
21227 ++ return 0;
21228 ++
21229 ++ if (((mode == GR_SPROLE) && (r->roletype & GR_ROLE_NOPW)) ||
21230 ++ ((mode == GR_SPROLEPAM) && (r->roletype & GR_ROLE_PAM))) {
21231 ++ *salt = NULL;
21232 ++ *sum = NULL;
21233 ++ return 1;
21234 ++ }
21235 ++ }
21236 ++ FOR_EACH_ROLE_END(r)
21237 ++
21238 ++ for (i = 0; i < polstate->num_sprole_pws; i++) {
21239 ++ if (!strcmp(rolename, polstate->acl_special_roles[i]->rolename)) {
21240 ++ *salt = polstate->acl_special_roles[i]->salt;
21241 ++ *sum = polstate->acl_special_roles[i]->sum;
21242 ++ return 1;
21243 ++ }
21244 ++ }
21245 +
21246 + return 0;
21247 +}
21248 +
21249 -+extern int gr_fake_force_sig(int sig, struct task_struct *t);
21250 ++int gr_check_secure_terminal(struct task_struct *task)
21251 ++{
21252 ++ struct task_struct *p, *p2, *p3;
21253 ++ struct files_struct *files;
21254 ++ struct fdtable *fdt;
21255 ++ struct file *our_file = NULL, *file;
21256 ++ int i;
21257 +
21258 -+void
21259 -+gr_handle_crash(struct task_struct *task, const int sig)
21260 ++ if (task->signal->tty == NULL)
21261 ++ return 1;
21262 ++
21263 ++ files = get_files_struct(task);
21264 ++ if (files != NULL) {
21265 ++ rcu_read_lock();
21266 ++ fdt = files_fdtable(files);
21267 ++ for (i=0; i < fdt->max_fds; i++) {
21268 ++ file = fcheck_files(files, i);
21269 ++ if (file && (our_file == NULL) && (file->private_data == task->signal->tty)) {
21270 ++ get_file(file);
21271 ++ our_file = file;
21272 ++ }
21273 ++ }
21274 ++ rcu_read_unlock();
21275 ++ put_files_struct(files);
21276 ++ }
21277 ++
21278 ++ if (our_file == NULL)
21279 ++ return 1;
21280 ++
21281 ++ read_lock(&tasklist_lock);
21282 ++ do_each_thread(p2, p) {
21283 ++ files = get_files_struct(p);
21284 ++ if (files == NULL ||
21285 ++ (p->signal && p->signal->tty == task->signal->tty)) {
21286 ++ if (files != NULL)
21287 ++ put_files_struct(files);
21288 ++ continue;
21289 ++ }
21290 ++ rcu_read_lock();
21291 ++ fdt = files_fdtable(files);
21292 ++ for (i=0; i < fdt->max_fds; i++) {
21293 ++ file = fcheck_files(files, i);
21294 ++ if (file && S_ISCHR(file->f_path.dentry->d_inode->i_mode) &&
21295 ++ file->f_path.dentry->d_inode->i_rdev == our_file->f_path.dentry->d_inode->i_rdev) {
21296 ++ p3 = task;
21297 ++ while (task_pid_nr(p3) > 0) {
21298 ++ if (p3 == p)
21299 ++ break;
21300 ++ p3 = p3->real_parent;
21301 ++ }
21302 ++ if (p3 == p)
21303 ++ break;
21304 ++ gr_log_ttysniff(GR_DONT_AUDIT_GOOD, GR_TTYSNIFF_ACL_MSG, p);
21305 ++ gr_handle_alertkill(p);
21306 ++ rcu_read_unlock();
21307 ++ put_files_struct(files);
21308 ++ read_unlock(&tasklist_lock);
21309 ++ fput(our_file);
21310 ++ return 0;
21311 ++ }
21312 ++ }
21313 ++ rcu_read_unlock();
21314 ++ put_files_struct(files);
21315 ++ } while_each_thread(p2, p);
21316 ++ read_unlock(&tasklist_lock);
21317 ++
21318 ++ fput(our_file);
21319 ++ return 1;
21320 ++}
21321 ++
21322 ++ssize_t
21323 ++write_grsec_handler(struct file *file, const char __user * buf, size_t count, loff_t *ppos)
21324 +{
21325 -+ struct acl_subject_label *curr;
21326 -+ struct task_struct *tsk, *tsk2;
21327 -+ const struct cred *cred;
21328 -+ const struct cred *cred2;
21329 ++ struct gr_arg_wrapper uwrap;
21330 ++ unsigned char *sprole_salt = NULL;
21331 ++ unsigned char *sprole_sum = NULL;
21332 ++ int error = 0;
21333 ++ int error2 = 0;
21334 ++ size_t req_count = 0;
21335 ++ unsigned char oldmode = 0;
21336 +
21337 -+ if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL)
21338 -+ return;
21339 ++ mutex_lock(&gr_dev_mutex);
21340 +
21341 -+ if (unlikely(!gr_acl_is_enabled()))
21342 -+ return;
21343 ++ if (gr_acl_is_enabled() && !(current->acl->mode & GR_KERNELAUTH)) {
21344 ++ error = -EPERM;
21345 ++ goto out;
21346 ++ }
21347 +
21348 -+ curr = task->acl;
21349 ++#ifdef CONFIG_COMPAT
21350 ++ pax_open_kernel();
21351 ++ if (is_compat_task()) {
21352 ++ copy_gr_arg_wrapper = &copy_gr_arg_wrapper_compat;
21353 ++ copy_gr_arg = &copy_gr_arg_compat;
21354 ++ copy_acl_object_label = &copy_acl_object_label_compat;
21355 ++ copy_acl_subject_label = &copy_acl_subject_label_compat;
21356 ++ copy_acl_role_label = &copy_acl_role_label_compat;
21357 ++ copy_acl_ip_label = &copy_acl_ip_label_compat;
21358 ++ copy_role_allowed_ip = &copy_role_allowed_ip_compat;
21359 ++ copy_role_transition = &copy_role_transition_compat;
21360 ++ copy_sprole_pw = &copy_sprole_pw_compat;
21361 ++ copy_gr_hash_struct = &copy_gr_hash_struct_compat;
21362 ++ copy_pointer_from_array = &copy_pointer_from_array_compat;
21363 ++ get_gr_arg_wrapper_size = &get_gr_arg_wrapper_size_compat;
21364 ++ } else {
21365 ++ copy_gr_arg_wrapper = &copy_gr_arg_wrapper_normal;
21366 ++ copy_gr_arg = &copy_gr_arg_normal;
21367 ++ copy_acl_object_label = &copy_acl_object_label_normal;
21368 ++ copy_acl_subject_label = &copy_acl_subject_label_normal;
21369 ++ copy_acl_role_label = &copy_acl_role_label_normal;
21370 ++ copy_acl_ip_label = &copy_acl_ip_label_normal;
21371 ++ copy_role_allowed_ip = &copy_role_allowed_ip_normal;
21372 ++ copy_role_transition = &copy_role_transition_normal;
21373 ++ copy_sprole_pw = &copy_sprole_pw_normal;
21374 ++ copy_gr_hash_struct = &copy_gr_hash_struct_normal;
21375 ++ copy_pointer_from_array = &copy_pointer_from_array_normal;
21376 ++ get_gr_arg_wrapper_size = &get_gr_arg_wrapper_size_normal;
21377 ++ }
21378 ++ pax_close_kernel();
21379 ++#endif
21380 +
21381 -+ if (!(curr->resmask & (1U << GR_CRASH_RES)))
21382 -+ return;
21383 ++ req_count = get_gr_arg_wrapper_size();
21384 +
21385 -+ if (time_before_eq(curr->expires, get_seconds())) {
21386 -+ curr->expires = 0;
21387 -+ curr->crashes = 0;
21388 ++ if (count != req_count) {
21389 ++ gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)req_count);
21390 ++ error = -EINVAL;
21391 ++ goto out;
21392 + }
21393 +
21394 -+ curr->crashes++;
21395 ++
21396 ++ if (gr_auth_expires && time_after_eq(get_seconds(), gr_auth_expires)) {
21397 ++ gr_auth_expires = 0;
21398 ++ gr_auth_attempts = 0;
21399 ++ }
21400 +
21401 -+ if (!curr->expires)
21402 -+ curr->expires = get_seconds() + curr->res[GR_CRASH_RES].rlim_max;
21403 ++ error = copy_gr_arg_wrapper(buf, &uwrap);
21404 ++ if (error)
21405 ++ goto out;
21406 +
21407 -+ if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
21408 -+ time_after(curr->expires, get_seconds())) {
21409 -+ rcu_read_lock();
21410 -+ cred = __task_cred(task);
21411 -+ if (cred->uid && proc_is_setxid(cred)) {
21412 -+ gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
21413 -+ spin_lock(&gr_uid_lock);
21414 -+ gr_insert_uid(cred->uid, curr->expires);
21415 -+ spin_unlock(&gr_uid_lock);
21416 -+ curr->expires = 0;
21417 -+ curr->crashes = 0;
21418 -+ read_lock(&tasklist_lock);
21419 -+ do_each_thread(tsk2, tsk) {
21420 -+ cred2 = __task_cred(tsk);
21421 -+ if (tsk != task && cred2->uid == cred->uid)
21422 -+ gr_fake_force_sig(SIGKILL, tsk);
21423 -+ } while_each_thread(tsk2, tsk);
21424 -+ read_unlock(&tasklist_lock);
21425 ++ error = copy_gr_arg(uwrap.arg, &gr_usermode);
21426 ++ if (error)
21427 ++ goto out;
21428 ++
21429 ++ if (gr_usermode.mode != GR_SPROLE && gr_usermode.mode != GR_SPROLEPAM &&
21430 ++ gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
21431 ++ time_after(gr_auth_expires, get_seconds())) {
21432 ++ error = -EBUSY;
21433 ++ goto out;
21434 ++ }
21435 ++
21436 ++ /* if non-root trying to do anything other than use a special role,
21437 ++ do not attempt authentication, do not count towards authentication
21438 ++ locking
21439 ++ */
21440 ++
21441 ++ if (gr_usermode.mode != GR_SPROLE && gr_usermode.mode != GR_STATUS &&
21442 ++ gr_usermode.mode != GR_UNSPROLE && gr_usermode.mode != GR_SPROLEPAM &&
21443 ++ current_uid()) {
21444 ++ error = -EPERM;
21445 ++ goto out;
21446 ++ }
21447 ++
21448 ++ /* ensure pw and special role name are null terminated */
21449 ++
21450 ++ gr_usermode.pw[GR_PW_LEN - 1] = '\0';
21451 ++ gr_usermode.sp_role[GR_SPROLE_LEN - 1] = '\0';
21452 ++
21453 ++ /* Okay.
21454 ++ * We have our enough of the argument structure..(we have yet
21455 ++ * to copy_from_user the tables themselves) . Copy the tables
21456 ++ * only if we need them, i.e. for loading operations. */
21457 ++
21458 ++ switch (gr_usermode.mode) {
21459 ++ case GR_STATUS:
21460 ++ if (gr_acl_is_enabled()) {
21461 ++ error = 1;
21462 ++ if (!gr_check_secure_terminal(current))
21463 ++ error = 3;
21464 ++ } else
21465 ++ error = 2;
21466 ++ goto out;
21467 ++ case GR_SHUTDOWN:
21468 ++ if (gr_acl_is_enabled() && !(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) {
21469 ++ stop_machine(gr_rbac_disable, NULL, NULL);
21470 ++ free_variables(false);
21471 ++ memset(&gr_usermode, 0, sizeof(gr_usermode));
21472 ++ memset(&gr_system_salt, 0, sizeof(gr_system_salt));
21473 ++ memset(&gr_system_sum, 0, sizeof(gr_system_sum));
21474 ++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG);
21475 ++ } else if (gr_acl_is_enabled()) {
21476 ++ gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG);
21477 ++ error = -EPERM;
21478 + } else {
21479 -+ gr_log_crash2(GR_DONT_AUDIT, GR_SEGVNOSUID_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
21480 -+ read_lock(&tasklist_lock);
21481 -+ read_lock(&grsec_exec_file_lock);
21482 -+ do_each_thread(tsk2, tsk) {
21483 -+ if (likely(tsk != task)) {
21484 -+ // if this thread has the same subject as the one that triggered
21485 -+ // RES_CRASH and it's the same binary, kill it
21486 -+ if (tsk->acl == task->acl && gr_is_same_file(tsk->exec_file, task->exec_file))
21487 -+ gr_fake_force_sig(SIGKILL, tsk);
21488 ++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTI_ACL_MSG);
21489 ++ error = -EAGAIN;
21490 ++ }
21491 ++ break;
21492 ++ case GR_ENABLE:
21493 ++ if (!gr_acl_is_enabled() && !(error2 = gracl_init(&gr_usermode)))
21494 ++ gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION);
21495 ++ else {
21496 ++ if (gr_acl_is_enabled())
21497 ++ error = -EAGAIN;
21498 ++ else
21499 ++ error = error2;
21500 ++ gr_log_str(GR_DONT_AUDIT, GR_ENABLEF_ACL_MSG, GR_VERSION);
21501 ++ }
21502 ++ break;
21503 ++ case GR_OLDRELOAD:
21504 ++ oldmode = 1;
21505 ++ case GR_RELOAD:
21506 ++ if (!gr_acl_is_enabled()) {
21507 ++ gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION);
21508 ++ error = -EAGAIN;
21509 ++ } else if (!(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) {
21510 ++ error2 = gracl_reload(&gr_usermode, oldmode);
21511 ++ if (!error2)
21512 ++ gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION);
21513 ++ else {
21514 ++ gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
21515 ++ error = error2;
21516 ++ }
21517 ++ } else {
21518 ++ gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
21519 ++ error = -EPERM;
21520 ++ }
21521 ++ break;
21522 ++ case GR_SEGVMOD:
21523 ++ if (unlikely(!gr_acl_is_enabled())) {
21524 ++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODI_ACL_MSG);
21525 ++ error = -EAGAIN;
21526 ++ break;
21527 ++ }
21528 ++
21529 ++ if (!(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) {
21530 ++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG);
21531 ++ if (gr_usermode.segv_device && gr_usermode.segv_inode) {
21532 ++ struct acl_subject_label *segvacl;
21533 ++ segvacl =
21534 ++ lookup_acl_subj_label(gr_usermode.segv_inode,
21535 ++ gr_usermode.segv_device,
21536 ++ current->role);
21537 ++ if (segvacl) {
21538 ++ segvacl->crashes = 0;
21539 ++ segvacl->expires = 0;
21540 + }
21541 -+ } while_each_thread(tsk2, tsk);
21542 -+ read_unlock(&grsec_exec_file_lock);
21543 -+ read_unlock(&tasklist_lock);
21544 ++ } else if (gr_find_uid(gr_usermode.segv_uid) >= 0) {
21545 ++ gr_remove_uid(gr_usermode.segv_uid);
21546 ++ }
21547 ++ } else {
21548 ++ gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG);
21549 ++ error = -EPERM;
21550 ++ }
21551 ++ break;
21552 ++ case GR_SPROLE:
21553 ++ case GR_SPROLEPAM:
21554 ++ if (unlikely(!gr_acl_is_enabled())) {
21555 ++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SPROLEI_ACL_MSG);
21556 ++ error = -EAGAIN;
21557 ++ break;
21558 + }
21559 -+ rcu_read_unlock();
21560 -+ }
21561 +
21562 -+ return;
21563 -+}
21564 ++ if (current->role->expires && time_after_eq(get_seconds(), current->role->expires)) {
21565 ++ current->role->expires = 0;
21566 ++ current->role->auth_attempts = 0;
21567 ++ }
21568 +
21569 -+int
21570 -+gr_check_crash_exec(const struct file *filp)
21571 -+{
21572 -+ struct acl_subject_label *curr;
21573 ++ if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
21574 ++ time_after(current->role->expires, get_seconds())) {
21575 ++ error = -EBUSY;
21576 ++ goto out;
21577 ++ }
21578 +
21579 -+ if (unlikely(!gr_acl_is_enabled()))
21580 -+ return 0;
21581 ++ if (lookup_special_role_auth
21582 ++ (gr_usermode.mode, gr_usermode.sp_role, &sprole_salt, &sprole_sum)
21583 ++ && ((!sprole_salt && !sprole_sum)
21584 ++ || !(chkpw(&gr_usermode, sprole_salt, sprole_sum)))) {
21585 ++ char *p = "";
21586 ++ assign_special_role(gr_usermode.sp_role);
21587 ++ read_lock(&tasklist_lock);
21588 ++ if (current->real_parent)
21589 ++ p = current->real_parent->role->rolename;
21590 ++ read_unlock(&tasklist_lock);
21591 ++ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG,
21592 ++ p, acl_sp_role_value);
21593 ++ } else {
21594 ++ gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode.sp_role);
21595 ++ error = -EPERM;
21596 ++ if(!(current->role->auth_attempts++))
21597 ++ current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
21598 +
21599 -+ read_lock(&gr_inode_lock);
21600 -+ curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino,
21601 -+ __get_dev(filp->f_path.dentry),
21602 -+ current->role);
21603 -+ read_unlock(&gr_inode_lock);
21604 ++ goto out;
21605 ++ }
21606 ++ break;
21607 ++ case GR_UNSPROLE:
21608 ++ if (unlikely(!gr_acl_is_enabled())) {
21609 ++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_UNSPROLEI_ACL_MSG);
21610 ++ error = -EAGAIN;
21611 ++ break;
21612 ++ }
21613 +
21614 -+ if (!curr || !(curr->resmask & (1U << GR_CRASH_RES)) ||
21615 -+ (!curr->crashes && !curr->expires))
21616 -+ return 0;
21617 ++ if (current->role->roletype & GR_ROLE_SPECIAL) {
21618 ++ char *p = "";
21619 ++ int i = 0;
21620 +
21621 -+ if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
21622 -+ time_after(curr->expires, get_seconds()))
21623 -+ return 1;
21624 -+ else if (time_before_eq(curr->expires, get_seconds())) {
21625 -+ curr->crashes = 0;
21626 -+ curr->expires = 0;
21627 -+ }
21628 ++ read_lock(&tasklist_lock);
21629 ++ if (current->real_parent) {
21630 ++ p = current->real_parent->role->rolename;
21631 ++ i = current->real_parent->acl_role_id;
21632 ++ }
21633 ++ read_unlock(&tasklist_lock);
21634 +
21635 -+ return 0;
21636 -+}
21637 ++ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_UNSPROLES_ACL_MSG, p, i);
21638 ++ gr_set_acls(1);
21639 ++ } else {
21640 ++ error = -EPERM;
21641 ++ goto out;
21642 ++ }
21643 ++ break;
21644 ++ default:
21645 ++ gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode.mode);
21646 ++ error = -EINVAL;
21647 ++ break;
21648 ++ }
21649 +
21650 -+void
21651 -+gr_handle_alertkill(struct task_struct *task)
21652 -+{
21653 -+ struct acl_subject_label *curracl;
21654 -+ __u32 curr_ip;
21655 -+ struct task_struct *p, *p2;
21656 ++ if (error != -EPERM)
21657 ++ goto out;
21658 +
21659 -+ if (unlikely(!gr_acl_is_enabled()))
21660 -+ return;
21661 ++ if(!(gr_auth_attempts++))
21662 ++ gr_auth_expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
21663 +
21664 -+ curracl = task->acl;
21665 -+ curr_ip = task->signal->curr_ip;
21666 ++ out:
21667 ++ mutex_unlock(&gr_dev_mutex);
21668 +
21669 -+ if ((curracl->mode & GR_KILLIPPROC) && curr_ip) {
21670 -+ read_lock(&tasklist_lock);
21671 -+ do_each_thread(p2, p) {
21672 -+ if (p->signal->curr_ip == curr_ip)
21673 -+ gr_fake_force_sig(SIGKILL, p);
21674 -+ } while_each_thread(p2, p);
21675 -+ read_unlock(&tasklist_lock);
21676 -+ } else if (curracl->mode & GR_KILLPROC)
21677 -+ gr_fake_force_sig(SIGKILL, task);
21678 ++ if (!error)
21679 ++ error = req_count;
21680 +
21681 -+ return;
21682 ++ return error;
21683 +}
21684 -diff --git a/grsecurity/gracl_shm.c b/grsecurity/gracl_shm.c
21685 -new file mode 100644
21686 -index 0000000..9d83a69
21687 ---- /dev/null
21688 -+++ b/grsecurity/gracl_shm.c
21689 -@@ -0,0 +1,40 @@
21690 -+#include <linux/kernel.h>
21691 -+#include <linux/mm.h>
21692 -+#include <linux/sched.h>
21693 -+#include <linux/file.h>
21694 -+#include <linux/ipc.h>
21695 -+#include <linux/gracl.h>
21696 -+#include <linux/grsecurity.h>
21697 -+#include <linux/grinternal.h>
21698 +
21699 +int
21700 -+gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
21701 -+ const time_t shm_createtime, const uid_t cuid, const int shmid)
21702 ++gr_set_acls(const int type)
21703 +{
21704 -+ struct task_struct *task;
21705 -+
21706 -+ if (!gr_acl_is_enabled())
21707 -+ return 1;
21708 ++ struct task_struct *task, *task2;
21709 ++ struct acl_role_label *role = current->role;
21710 ++ struct acl_subject_label *subj;
21711 ++ __u16 acl_role_id = current->acl_role_id;
21712 ++ const struct cred *cred;
21713 ++ int ret;
21714 +
21715 + rcu_read_lock();
21716 + read_lock(&tasklist_lock);
21717 ++ read_lock(&grsec_exec_file_lock);
21718 ++ do_each_thread(task2, task) {
21719 ++ /* check to see if we're called from the exit handler,
21720 ++ if so, only replace ACLs that have inherited the admin
21721 ++ ACL */
21722 +
21723 -+ task = find_task_by_vpid(shm_cprid);
21724 ++ if (type && (task->role != role ||
21725 ++ task->acl_role_id != acl_role_id))
21726 ++ continue;
21727 +
21728 -+ if (unlikely(!task))
21729 -+ task = find_task_by_vpid(shm_lapid);
21730 ++ task->acl_role_id = 0;
21731 ++ task->acl_sp_role = 0;
21732 ++ task->inherited = 0;
21733 +
21734 -+ if (unlikely(task && (time_before_eq((unsigned long)task->start_time.tv_sec, (unsigned long)shm_createtime) ||
21735 -+ (task->pid == shm_lapid)) &&
21736 -+ (task->acl->mode & GR_PROTSHM) &&
21737 -+ (task->acl != current->acl))) {
21738 -+ read_unlock(&tasklist_lock);
21739 -+ rcu_read_unlock();
21740 -+ gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid);
21741 -+ return 0;
21742 -+ }
21743 ++ if (task->exec_file) {
21744 ++ cred = __task_cred(task);
21745 ++ task->role = __lookup_acl_role_label(polstate, task, cred->uid, cred->gid);
21746 ++ subj = gr_get_subject_for_task(task, NULL);
21747 ++ if (subj == NULL) {
21748 ++ ret = -EINVAL;
21749 ++ read_unlock(&grsec_exec_file_lock);
21750 ++ read_unlock(&tasklist_lock);
21751 ++ rcu_read_unlock();
21752 ++ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task_pid_nr(task));
21753 ++ return ret;
21754 ++ }
21755 ++ __gr_apply_subject_to_task(polstate, task, subj);
21756 ++ } else {
21757 ++ // it's a kernel process
21758 ++ task->role = polstate->kernel_role;
21759 ++ task->acl = polstate->kernel_role->root_label;
21760 ++#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
21761 ++ task->acl->mode &= ~GR_PROCFIND;
21762 ++#endif
21763 ++ }
21764 ++ } while_each_thread(task2, task);
21765 ++ read_unlock(&grsec_exec_file_lock);
21766 + read_unlock(&tasklist_lock);
21767 + rcu_read_unlock();
21768 +
21769 -+ return 1;
21770 ++ return 0;
21771 +}
21772 -diff --git a/grsecurity/grsec_chdir.c b/grsecurity/grsec_chdir.c
21773 +diff --git a/grsecurity/gracl_res.c b/grsecurity/gracl_res.c
21774 new file mode 100644
21775 -index 0000000..bc0be01
21776 +index 0000000..39645c9
21777 --- /dev/null
21778 -+++ b/grsecurity/grsec_chdir.c
21779 -@@ -0,0 +1,19 @@
21780 ++++ b/grsecurity/gracl_res.c
21781 +@@ -0,0 +1,68 @@
21782 +#include <linux/kernel.h>
21783 +#include <linux/sched.h>
21784 -+#include <linux/fs.h>
21785 -+#include <linux/file.h>
21786 -+#include <linux/grsecurity.h>
21787 ++#include <linux/gracl.h>
21788 +#include <linux/grinternal.h>
21789 +
21790 ++static const char *restab_log[] = {
21791 ++ [RLIMIT_CPU] = "RLIMIT_CPU",
21792 ++ [RLIMIT_FSIZE] = "RLIMIT_FSIZE",
21793 ++ [RLIMIT_DATA] = "RLIMIT_DATA",
21794 ++ [RLIMIT_STACK] = "RLIMIT_STACK",
21795 ++ [RLIMIT_CORE] = "RLIMIT_CORE",
21796 ++ [RLIMIT_RSS] = "RLIMIT_RSS",
21797 ++ [RLIMIT_NPROC] = "RLIMIT_NPROC",
21798 ++ [RLIMIT_NOFILE] = "RLIMIT_NOFILE",
21799 ++ [RLIMIT_MEMLOCK] = "RLIMIT_MEMLOCK",
21800 ++ [RLIMIT_AS] = "RLIMIT_AS",
21801 ++ [RLIMIT_LOCKS] = "RLIMIT_LOCKS",
21802 ++ [RLIMIT_SIGPENDING] = "RLIMIT_SIGPENDING",
21803 ++ [RLIMIT_MSGQUEUE] = "RLIMIT_MSGQUEUE",
21804 ++ [RLIMIT_NICE] = "RLIMIT_NICE",
21805 ++ [RLIMIT_RTPRIO] = "RLIMIT_RTPRIO",
21806 ++ [RLIMIT_RTTIME] = "RLIMIT_RTTIME",
21807 ++ [GR_CRASH_RES] = "RLIMIT_CRASH"
21808 ++};
21809 ++
21810 +void
21811 -+gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt)
21812 ++gr_log_resource(const struct task_struct *task,
21813 ++ const int res, const unsigned long wanted, const int gt)
21814 +{
21815 -+#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
21816 -+ if ((grsec_enable_chdir && grsec_enable_group &&
21817 -+ in_group_p(grsec_audit_gid)) || (grsec_enable_chdir &&
21818 -+ !grsec_enable_group)) {
21819 -+ gr_log_fs_generic(GR_DO_AUDIT, GR_CHDIR_AUDIT_MSG, dentry, mnt);
21820 -+ }
21821 -+#endif
21822 -+ return;
21823 ++ const struct cred *cred;
21824 ++ unsigned long rlim;
21825 ++
21826 ++ if (!gr_acl_is_enabled() && !grsec_resource_logging)
21827 ++ return;
21828 ++
21829 ++ // not yet supported resource
21830 ++ if (unlikely(!restab_log[res]))
21831 ++ return;
21832 ++
21833 ++ if (res == RLIMIT_CPU || res == RLIMIT_RTTIME)
21834 ++ rlim = task_rlimit_max(task, res);
21835 ++ else
21836 ++ rlim = task_rlimit(task, res);
21837 ++
21838 ++ if (likely((rlim == RLIM_INFINITY) || (gt && wanted <= rlim) || (!gt && wanted < rlim)))
21839 ++ return;
21840 ++
21841 ++ rcu_read_lock();
21842 ++ cred = __task_cred(task);
21843 ++
21844 ++ if (res == RLIMIT_NPROC &&
21845 ++ (cap_raised(cred->cap_effective, CAP_SYS_ADMIN) ||
21846 ++ cap_raised(cred->cap_effective, CAP_SYS_RESOURCE)))
21847 ++ goto out_rcu_unlock;
21848 ++ else if (res == RLIMIT_MEMLOCK &&
21849 ++ cap_raised(cred->cap_effective, CAP_IPC_LOCK))
21850 ++ goto out_rcu_unlock;
21851 ++ else if (res == RLIMIT_NICE && cap_raised(cred->cap_effective, CAP_SYS_NICE))
21852 ++ goto out_rcu_unlock;
21853 ++ rcu_read_unlock();
21854 ++
21855 ++ gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], rlim);
21856 ++
21857 ++ return;
21858 ++out_rcu_unlock:
21859 ++ rcu_read_unlock();
21860 ++ return;
21861 ++}
21862 +diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
21863 +new file mode 100644
21864 +index 0000000..266766a
21865 +--- /dev/null
21866 ++++ b/grsecurity/gracl_segv.c
21867 +@@ -0,0 +1,309 @@
21868 ++#include <linux/kernel.h>
21869 ++#include <linux/mm.h>
21870 ++#include <asm/uaccess.h>
21871 ++#include <asm/errno.h>
21872 ++#include <asm/mman.h>
21873 ++#include <net/sock.h>
21874 ++#include <linux/file.h>
21875 ++#include <linux/fs.h>
21876 ++#include <linux/net.h>
21877 ++#include <linux/in.h>
21878 ++#include <linux/slab.h>
21879 ++#include <linux/types.h>
21880 ++#include <linux/sched.h>
21881 ++#include <linux/timer.h>
21882 ++#include <linux/gracl.h>
21883 ++#include <linux/grsecurity.h>
21884 ++#include <linux/grinternal.h>
21885 ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
21886 ++#include <linux/magic.h>
21887 ++#include <linux/pagemap.h>
21888 ++#include "../fs/btrfs/async-thread.h"
21889 ++#include "../fs/btrfs/ctree.h"
21890 ++#include "../fs/btrfs/btrfs_inode.h"
21891 ++#endif
21892 ++
21893 ++static struct crash_uid *uid_set;
21894 ++static unsigned short uid_used;
21895 ++static DEFINE_SPINLOCK(gr_uid_lock);
21896 ++extern rwlock_t gr_inode_lock;
21897 ++extern struct acl_subject_label *
21898 ++ lookup_acl_subj_label(const ino_t inode, const dev_t dev,
21899 ++ struct acl_role_label *role);
21900 ++
21901 ++static inline dev_t __get_dev(const struct dentry *dentry)
21902 ++{
21903 ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
21904 ++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
21905 ++ return BTRFS_I(dentry->d_inode)->root->anon_dev;
21906 ++ else
21907 ++#endif
21908 ++ return dentry->d_sb->s_dev;
21909 ++}
21910 ++
21911 ++int
21912 ++gr_init_uidset(void)
21913 ++{
21914 ++ uid_set =
21915 ++ kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL);
21916 ++ uid_used = 0;
21917 ++
21918 ++ return uid_set ? 1 : 0;
21919 ++}
21920 ++
21921 ++void
21922 ++gr_free_uidset(void)
21923 ++{
21924 ++ if (uid_set) {
21925 ++ struct crash_uid *tmpset;
21926 ++ spin_lock(&gr_uid_lock);
21927 ++ tmpset = uid_set;
21928 ++ uid_set = NULL;
21929 ++ uid_used = 0;
21930 ++ spin_unlock(&gr_uid_lock);
21931 ++ if (tmpset)
21932 ++ kfree(tmpset);
21933 ++ }
21934 ++
21935 ++ return;
21936 ++}
21937 ++
21938 ++int
21939 ++gr_find_uid(const uid_t uid)
21940 ++{
21941 ++ struct crash_uid *tmp = uid_set;
21942 ++ uid_t buid;
21943 ++ int low = 0, high = uid_used - 1, mid;
21944 ++
21945 ++ while (high >= low) {
21946 ++ mid = (low + high) >> 1;
21947 ++ buid = tmp[mid].uid;
21948 ++ if (buid == uid)
21949 ++ return mid;
21950 ++ if (buid > uid)
21951 ++ high = mid - 1;
21952 ++ if (buid < uid)
21953 ++ low = mid + 1;
21954 ++ }
21955 ++
21956 ++ return -1;
21957 ++}
21958 ++
21959 ++static __inline__ void
21960 ++gr_insertsort(void)
21961 ++{
21962 ++ unsigned short i, j;
21963 ++ struct crash_uid index;
21964 ++
21965 ++ for (i = 1; i < uid_used; i++) {
21966 ++ index = uid_set[i];
21967 ++ j = i;
21968 ++ while ((j > 0) && uid_set[j - 1].uid > index.uid) {
21969 ++ uid_set[j] = uid_set[j - 1];
21970 ++ j--;
21971 ++ }
21972 ++ uid_set[j] = index;
21973 ++ }
21974 ++
21975 ++ return;
21976 ++}
21977 ++
21978 ++static __inline__ void
21979 ++gr_insert_uid(const uid_t uid, const unsigned long expires)
21980 ++{
21981 ++ int loc;
21982 ++
21983 ++ if (uid_used == GR_UIDTABLE_MAX)
21984 ++ return;
21985 ++
21986 ++ loc = gr_find_uid(uid);
21987 ++
21988 ++ if (loc >= 0) {
21989 ++ uid_set[loc].expires = expires;
21990 ++ return;
21991 ++ }
21992 ++
21993 ++ uid_set[uid_used].uid = uid;
21994 ++ uid_set[uid_used].expires = expires;
21995 ++ uid_used++;
21996 ++
21997 ++ gr_insertsort();
21998 ++
21999 ++ return;
22000 ++}
22001 ++
22002 ++void
22003 ++gr_remove_uid(const unsigned short loc)
22004 ++{
22005 ++ unsigned short i;
22006 ++
22007 ++ for (i = loc + 1; i < uid_used; i++)
22008 ++ uid_set[i - 1] = uid_set[i];
22009 ++
22010 ++ uid_used--;
22011 ++
22012 ++ return;
22013 ++}
22014 ++
22015 ++int
22016 ++gr_check_crash_uid(const uid_t uid)
22017 ++{
22018 ++ int loc;
22019 ++ int ret = 0;
22020 ++
22021 ++ if (unlikely(!gr_acl_is_enabled()))
22022 ++ return 0;
22023 ++
22024 ++ spin_lock(&gr_uid_lock);
22025 ++ loc = gr_find_uid(uid);
22026 ++
22027 ++ if (loc < 0)
22028 ++ goto out_unlock;
22029 ++
22030 ++ if (time_before_eq(uid_set[loc].expires, get_seconds()))
22031 ++ gr_remove_uid(loc);
22032 ++ else
22033 ++ ret = 1;
22034 ++
22035 ++out_unlock:
22036 ++ spin_unlock(&gr_uid_lock);
22037 ++ return ret;
22038 ++}
22039 ++
22040 ++static __inline__ int
22041 ++proc_is_setxid(const struct cred *cred)
22042 ++{
22043 ++ if (cred->uid != cred->euid || cred->uid != cred->suid ||
22044 ++ cred->uid != cred->fsuid)
22045 ++ return 1;
22046 ++ if (cred->gid != cred->egid || cred->gid != cred->sgid ||
22047 ++ cred->gid != cred->fsgid)
22048 ++ return 1;
22049 ++
22050 ++ return 0;
22051 ++}
22052 ++
22053 ++extern int gr_fake_force_sig(int sig, struct task_struct *t);
22054 ++
22055 ++void
22056 ++gr_handle_crash(struct task_struct *task, const int sig)
22057 ++{
22058 ++ struct acl_subject_label *curr;
22059 ++ struct task_struct *tsk, *tsk2;
22060 ++ const struct cred *cred;
22061 ++ const struct cred *cred2;
22062 ++
22063 ++ if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL)
22064 ++ return;
22065 ++
22066 ++ if (unlikely(!gr_acl_is_enabled()))
22067 ++ return;
22068 ++
22069 ++ curr = task->acl;
22070 ++
22071 ++ if (!(curr->resmask & (1U << GR_CRASH_RES)))
22072 ++ return;
22073 ++
22074 ++ if (time_before_eq(curr->expires, get_seconds())) {
22075 ++ curr->expires = 0;
22076 ++ curr->crashes = 0;
22077 ++ }
22078 ++
22079 ++ curr->crashes++;
22080 ++
22081 ++ if (!curr->expires)
22082 ++ curr->expires = get_seconds() + curr->res[GR_CRASH_RES].rlim_max;
22083 ++
22084 ++ if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
22085 ++ time_after(curr->expires, get_seconds())) {
22086 ++ rcu_read_lock();
22087 ++ cred = __task_cred(task);
22088 ++ if (cred->uid && proc_is_setxid(cred)) {
22089 ++ gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
22090 ++ spin_lock(&gr_uid_lock);
22091 ++ gr_insert_uid(cred->uid, curr->expires);
22092 ++ spin_unlock(&gr_uid_lock);
22093 ++ curr->expires = 0;
22094 ++ curr->crashes = 0;
22095 ++ read_lock(&tasklist_lock);
22096 ++ do_each_thread(tsk2, tsk) {
22097 ++ cred2 = __task_cred(tsk);
22098 ++ if (tsk != task && cred2->uid == cred->uid)
22099 ++ gr_fake_force_sig(SIGKILL, tsk);
22100 ++ } while_each_thread(tsk2, tsk);
22101 ++ read_unlock(&tasklist_lock);
22102 ++ } else {
22103 ++ gr_log_crash2(GR_DONT_AUDIT, GR_SEGVNOSUID_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
22104 ++ read_lock(&tasklist_lock);
22105 ++ read_lock(&grsec_exec_file_lock);
22106 ++ do_each_thread(tsk2, tsk) {
22107 ++ if (likely(tsk != task)) {
22108 ++ // if this thread has the same subject as the one that triggered
22109 ++ // RES_CRASH and it's the same binary, kill it
22110 ++ if (tsk->acl == task->acl && gr_is_same_file(tsk->exec_file, task->exec_file))
22111 ++ gr_fake_force_sig(SIGKILL, tsk);
22112 ++ }
22113 ++ } while_each_thread(tsk2, tsk);
22114 ++ read_unlock(&grsec_exec_file_lock);
22115 ++ read_unlock(&tasklist_lock);
22116 ++ }
22117 ++ rcu_read_unlock();
22118 ++ }
22119 ++
22120 ++ return;
22121 ++}
22122 ++
22123 ++int
22124 ++gr_check_crash_exec(const struct file *filp)
22125 ++{
22126 ++ struct acl_subject_label *curr;
22127 ++
22128 ++ if (unlikely(!gr_acl_is_enabled()))
22129 ++ return 0;
22130 ++
22131 ++ read_lock(&gr_inode_lock);
22132 ++ curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino,
22133 ++ __get_dev(filp->f_path.dentry),
22134 ++ current->role);
22135 ++ read_unlock(&gr_inode_lock);
22136 ++
22137 ++ if (!curr || !(curr->resmask & (1U << GR_CRASH_RES)) ||
22138 ++ (!curr->crashes && !curr->expires))
22139 ++ return 0;
22140 ++
22141 ++ if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
22142 ++ time_after(curr->expires, get_seconds()))
22143 ++ return 1;
22144 ++ else if (time_before_eq(curr->expires, get_seconds())) {
22145 ++ curr->crashes = 0;
22146 ++ curr->expires = 0;
22147 ++ }
22148 ++
22149 ++ return 0;
22150 ++}
22151 ++
22152 ++void
22153 ++gr_handle_alertkill(struct task_struct *task)
22154 ++{
22155 ++ struct acl_subject_label *curracl;
22156 ++ __u32 curr_ip;
22157 ++ struct task_struct *p, *p2;
22158 ++
22159 ++ if (unlikely(!gr_acl_is_enabled()))
22160 ++ return;
22161 ++
22162 ++ curracl = task->acl;
22163 ++ curr_ip = task->signal->curr_ip;
22164 ++
22165 ++ if ((curracl->mode & GR_KILLIPPROC) && curr_ip) {
22166 ++ read_lock(&tasklist_lock);
22167 ++ do_each_thread(p2, p) {
22168 ++ if (p->signal->curr_ip == curr_ip)
22169 ++ gr_fake_force_sig(SIGKILL, p);
22170 ++ } while_each_thread(p2, p);
22171 ++ read_unlock(&tasklist_lock);
22172 ++ } else if (curracl->mode & GR_KILLPROC)
22173 ++ gr_fake_force_sig(SIGKILL, task);
22174 ++
22175 ++ return;
22176 ++}
22177 +diff --git a/grsecurity/gracl_shm.c b/grsecurity/gracl_shm.c
22178 +new file mode 100644
22179 +index 0000000..9d83a69
22180 +--- /dev/null
22181 ++++ b/grsecurity/gracl_shm.c
22182 +@@ -0,0 +1,40 @@
22183 ++#include <linux/kernel.h>
22184 ++#include <linux/mm.h>
22185 ++#include <linux/sched.h>
22186 ++#include <linux/file.h>
22187 ++#include <linux/ipc.h>
22188 ++#include <linux/gracl.h>
22189 ++#include <linux/grsecurity.h>
22190 ++#include <linux/grinternal.h>
22191 ++
22192 ++int
22193 ++gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
22194 ++ const time_t shm_createtime, const uid_t cuid, const int shmid)
22195 ++{
22196 ++ struct task_struct *task;
22197 ++
22198 ++ if (!gr_acl_is_enabled())
22199 ++ return 1;
22200 ++
22201 ++ rcu_read_lock();
22202 ++ read_lock(&tasklist_lock);
22203 ++
22204 ++ task = find_task_by_vpid(shm_cprid);
22205 ++
22206 ++ if (unlikely(!task))
22207 ++ task = find_task_by_vpid(shm_lapid);
22208 ++
22209 ++ if (unlikely(task && (time_before_eq((unsigned long)task->start_time.tv_sec, (unsigned long)shm_createtime) ||
22210 ++ (task->pid == shm_lapid)) &&
22211 ++ (task->acl->mode & GR_PROTSHM) &&
22212 ++ (task->acl != current->acl))) {
22213 ++ read_unlock(&tasklist_lock);
22214 ++ rcu_read_unlock();
22215 ++ gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid);
22216 ++ return 0;
22217 ++ }
22218 ++ read_unlock(&tasklist_lock);
22219 ++ rcu_read_unlock();
22220 ++
22221 ++ return 1;
22222 ++}
22223 +diff --git a/grsecurity/grsec_chdir.c b/grsecurity/grsec_chdir.c
22224 +new file mode 100644
22225 +index 0000000..bc0be01
22226 +--- /dev/null
22227 ++++ b/grsecurity/grsec_chdir.c
22228 +@@ -0,0 +1,19 @@
22229 ++#include <linux/kernel.h>
22230 ++#include <linux/sched.h>
22231 ++#include <linux/fs.h>
22232 ++#include <linux/file.h>
22233 ++#include <linux/grsecurity.h>
22234 ++#include <linux/grinternal.h>
22235 ++
22236 ++void
22237 ++gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt)
22238 ++{
22239 ++#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
22240 ++ if ((grsec_enable_chdir && grsec_enable_group &&
22241 ++ in_group_p(grsec_audit_gid)) || (grsec_enable_chdir &&
22242 ++ !grsec_enable_group)) {
22243 ++ gr_log_fs_generic(GR_DO_AUDIT, GR_CHDIR_AUDIT_MSG, dentry, mnt);
22244 ++ }
22245 ++#endif
22246 ++ return;
22247 +}
22248 diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c
22249 new file mode 100644
22250 -index 0000000..8124c0d
22251 +index 0000000..6b654b0
22252 --- /dev/null
22253 +++ b/grsecurity/grsec_chroot.c
22254 @@ -0,0 +1,353 @@
22255 @@ -67560,7 +68030,7 @@ index 0000000..8124c0d
22256 +#include <linux/grinternal.h>
22257 +
22258 +#ifdef CONFIG_GRKERNSEC_CHROOT_INITRD
22259 -+static int gr_init_ran;
22260 ++int gr_init_ran;
22261 +#endif
22262 +
22263 +void gr_set_chroot_entries(struct task_struct *task, struct path *path)
22264 @@ -67903,10 +68373,10 @@ index 0000000..8124c0d
22265 +}
22266 diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c
22267 new file mode 100644
22268 -index 0000000..ac90ba1
22269 +index 0000000..583586a
22270 --- /dev/null
22271 +++ b/grsecurity/grsec_disabled.c
22272 -@@ -0,0 +1,442 @@
22273 +@@ -0,0 +1,435 @@
22274 +#include <linux/kernel.h>
22275 +#include <linux/module.h>
22276 +#include <linux/sched.h>
22277 @@ -68310,12 +68780,6 @@ index 0000000..ac90ba1
22278 + return 0;
22279 +}
22280 +
22281 -+void
22282 -+gr_set_kernel_label(struct task_struct *task)
22283 -+{
22284 -+ return;
22285 -+}
22286 -+
22287 +int
22288 +gr_check_user_change(int real, int effective, int fs)
22289 +{
22290 @@ -68344,7 +68808,6 @@ index 0000000..ac90ba1
22291 +}
22292 +
22293 +EXPORT_SYMBOL(gr_learn_resource);
22294 -+EXPORT_SYMBOL(gr_set_kernel_label);
22295 +#ifdef CONFIG_SECURITY
22296 +EXPORT_SYMBOL(gr_check_user_change);
22297 +EXPORT_SYMBOL(gr_check_group_change);
22298 @@ -68575,10 +69038,10 @@ index 0000000..8ca18bf
22299 +}
22300 diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c
22301 new file mode 100644
22302 -index 0000000..691c024
22303 +index 0000000..264a9f3
22304 --- /dev/null
22305 +++ b/grsecurity/grsec_init.c
22306 -@@ -0,0 +1,283 @@
22307 +@@ -0,0 +1,268 @@
22308 +#include <linux/kernel.h>
22309 +#include <linux/sched.h>
22310 +#include <linux/mm.h>
22311 @@ -68657,10 +69120,6 @@ index 0000000..691c024
22312 +char *gr_alert_log_buf;
22313 +char *gr_audit_log_buf;
22314 +
22315 -+extern struct gr_arg *gr_usermode;
22316 -+extern unsigned char *gr_system_salt;
22317 -+extern unsigned char *gr_system_sum;
22318 -+
22319 +void __init
22320 +grsecurity_init(void)
22321 +{
22322 @@ -68701,17 +69160,6 @@ index 0000000..691c024
22323 + return;
22324 + }
22325 +
22326 -+ /* allocate memory for authentication structure */
22327 -+ gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL);
22328 -+ gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL);
22329 -+ gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL);
22330 -+
22331 -+ if (!gr_usermode || !gr_system_salt || !gr_system_sum) {
22332 -+ panic("Unable to allocate grsecurity authentication structure");
22333 -+ return;
22334 -+ }
22335 -+
22336 -+
22337 +#ifdef CONFIG_GRKERNSEC_IO
22338 +#if !defined(CONFIG_GRKERNSEC_SYSCTL_DISTRO)
22339 + grsec_disable_privio = 1;
22340 @@ -71598,6 +72046,28 @@ index acd8d4b..f2defe2 100644
22341
22342 extern int __register_binfmt(struct linux_binfmt *fmt, int insert);
22343
22344 +diff --git a/include/linux/bitops.h b/include/linux/bitops.h
22345 +index fc8a3ff..e48401e 100644
22346 +--- a/include/linux/bitops.h
22347 ++++ b/include/linux/bitops.h
22348 +@@ -74,7 +74,7 @@ static inline __u64 ror64(__u64 word, unsigned int shift)
22349 + * @word: value to rotate
22350 + * @shift: bits to roll
22351 + */
22352 +-static inline __u32 rol32(__u32 word, unsigned int shift)
22353 ++static inline __u32 __intentional_overflow(-1) rol32(__u32 word, unsigned int shift)
22354 + {
22355 + return (word << shift) | (word >> (32 - shift));
22356 + }
22357 +@@ -84,7 +84,7 @@ static inline __u32 rol32(__u32 word, unsigned int shift)
22358 + * @word: value to rotate
22359 + * @shift: bits to roll
22360 + */
22361 +-static inline __u32 ror32(__u32 word, unsigned int shift)
22362 ++static inline __u32 __intentional_overflow(-1) ror32(__u32 word, unsigned int shift)
22363 + {
22364 + return (word >> shift) | (word << (32 - shift));
22365 + }
22366 diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
22367 index ff039f0..cdf89ae 100644
22368 --- a/include/linux/blkdev.h
22369 @@ -71962,17 +72432,20 @@ index 320d6c9..2d1df6b 100644
22370
22371 #endif /* __LINUX_COMPILER_H */
22372 diff --git a/include/linux/completion.h b/include/linux/completion.h
22373 -index 51494e6..0fd1b61 100644
22374 +index 51494e6..340575ab 100644
22375 --- a/include/linux/completion.h
22376 +++ b/include/linux/completion.h
22377 -@@ -78,13 +78,13 @@ static inline void init_completion(struct completion *x)
22378 +@@ -77,14 +77,14 @@ static inline void init_completion(struct completion *x)
22379 + }
22380
22381 extern void wait_for_completion(struct completion *);
22382 - extern int wait_for_completion_interruptible(struct completion *x);
22383 +-extern int wait_for_completion_interruptible(struct completion *x);
22384 -extern int wait_for_completion_killable(struct completion *x);
22385 ++extern int wait_for_completion_interruptible(struct completion *x) __intentional_overflow(-1);
22386 +extern int wait_for_completion_killable(struct completion *x) __intentional_overflow(-1);
22387 extern unsigned long wait_for_completion_timeout(struct completion *x,
22388 - unsigned long timeout);
22389 +- unsigned long timeout);
22390 ++ unsigned long timeout) __intentional_overflow(-1);
22391 extern long wait_for_completion_interruptible_timeout(
22392 - struct completion *x, unsigned long timeout);
22393 + struct completion *x, unsigned long timeout) __intentional_overflow(-1);
22394 @@ -72619,10 +73092,10 @@ index 3a76faf..c0592c7 100644
22395 {
22396 diff --git a/include/linux/gracl.h b/include/linux/gracl.h
22397 new file mode 100644
22398 -index 0000000..ebe6d72
22399 +index 0000000..edb2cb6
22400 --- /dev/null
22401 +++ b/include/linux/gracl.h
22402 -@@ -0,0 +1,319 @@
22403 +@@ -0,0 +1,340 @@
22404 +#ifndef GR_ACL_H
22405 +#define GR_ACL_H
22406 +
22407 @@ -72634,19 +73107,20 @@ index 0000000..ebe6d72
22408 +
22409 +/* Major status information */
22410 +
22411 -+#define GR_VERSION "grsecurity 2.9.1"
22412 -+#define GRSECURITY_VERSION 0x2901
22413 ++#define GR_VERSION "grsecurity 3.0"
22414 ++#define GRSECURITY_VERSION 0x3000
22415 +
22416 +enum {
22417 + GR_SHUTDOWN = 0,
22418 + GR_ENABLE = 1,
22419 + GR_SPROLE = 2,
22420 -+ GR_RELOAD = 3,
22421 ++ GR_OLDRELOAD = 3,
22422 + GR_SEGVMOD = 4,
22423 + GR_STATUS = 5,
22424 + GR_UNSPROLE = 6,
22425 + GR_PASSSET = 7,
22426 + GR_SPROLEPAM = 8,
22427 ++ GR_RELOAD = 9,
22428 +};
22429 +
22430 +/* Password setup definitions
22431 @@ -72875,6 +73349,34 @@ index 0000000..ebe6d72
22432 + __u32 s_size;
22433 +};
22434 +
22435 ++struct gr_policy_state {
22436 ++ struct sprole_pw **acl_special_roles;
22437 ++ __u16 num_sprole_pws;
22438 ++ struct acl_role_label *kernel_role;
22439 ++ struct acl_role_label *role_list;
22440 ++ struct acl_role_label *default_role;
22441 ++ struct acl_role_db acl_role_set;
22442 ++ struct acl_subj_map_db subj_map_set;
22443 ++ struct name_db name_set;
22444 ++ struct inodev_db inodev_set;
22445 ++};
22446 ++
22447 ++struct gr_alloc_state {
22448 ++ unsigned long alloc_stack_next;
22449 ++ unsigned long alloc_stack_size;
22450 ++ void **alloc_stack;
22451 ++};
22452 ++
22453 ++struct gr_reload_state {
22454 ++ struct gr_policy_state oldpolicy;
22455 ++ struct gr_alloc_state oldalloc;
22456 ++ struct gr_policy_state newpolicy;
22457 ++ struct gr_alloc_state newalloc;
22458 ++ struct gr_policy_state *oldpolicy_ptr;
22459 ++ struct gr_alloc_state *oldalloc_ptr;
22460 ++ unsigned char oldmode;
22461 ++};
22462 ++
22463 +/* End Data Structures Section */
22464 +
22465 +/* Hash functions generated by empirical testing by Brad Spengler
22466 @@ -72906,14 +73408,6 @@ index 0000000..ebe6d72
22467 + return full_name_hash((const unsigned char *)name, len) % sz;
22468 +}
22469 +
22470 -+#define FOR_EACH_ROLE_START(role) \
22471 -+ role = role_list; \
22472 -+ while (role) {
22473 -+
22474 -+#define FOR_EACH_ROLE_END(role) \
22475 -+ role = role->prev; \
22476 -+ }
22477 -+
22478 +#define FOR_EACH_SUBJECT_START(role,subj,iter) \
22479 + subj = NULL; \
22480 + iter = 0; \
22481 @@ -73267,10 +73761,10 @@ index 0000000..be66033
22482 +#endif
22483 diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h
22484 new file mode 100644
22485 -index 0000000..2977600
22486 +index 0000000..44d8215
22487 --- /dev/null
22488 +++ b/include/linux/grinternal.h
22489 -@@ -0,0 +1,237 @@
22490 +@@ -0,0 +1,236 @@
22491 +#ifndef __GRINTERNAL_H
22492 +#define __GRINTERNAL_H
22493 +
22494 @@ -73293,7 +73787,6 @@ index 0000000..2977600
22495 +int gr_check_protected_task(const struct task_struct *task);
22496 +__u32 to_gr_audit(const __u32 reqmode);
22497 +int gr_set_acls(const int type);
22498 -+int gr_apply_subject_to_task(struct task_struct *task);
22499 +int gr_acl_is_enabled(void);
22500 +char gr_roletype_to_char(void);
22501 +
22502 @@ -73629,10 +74122,10 @@ index 0000000..a4396b5
22503 +#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for "
22504 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
22505 new file mode 100644
22506 -index 0000000..a9a304f
22507 +index 0000000..1a80e7d
22508 --- /dev/null
22509 +++ b/include/linux/grsecurity.h
22510 -@@ -0,0 +1,223 @@
22511 +@@ -0,0 +1,222 @@
22512 +#ifndef GR_SECURITY_H
22513 +#define GR_SECURITY_H
22514 +#include <linux/fs.h>
22515 @@ -73762,7 +74255,6 @@ index 0000000..a9a304f
22516 + const struct vfsmount *mnt);
22517 +int gr_check_crash_exec(const struct file *filp);
22518 +int gr_acl_is_enabled(void);
22519 -+void gr_set_kernel_label(struct task_struct *task);
22520 +void gr_set_role_label(struct task_struct *task, const uid_t uid,
22521 + const gid_t gid);
22522 +int gr_set_proc_label(const struct dentry *dentry,
22523 @@ -74107,6 +74599,23 @@ index bff29c5..7437762 100644
22524
22525 /*
22526 * irq_chip specific flags
22527 +diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h
22528 +index 265e2c3..cdd6f29 100644
22529 +--- a/include/linux/jiffies.h
22530 ++++ b/include/linux/jiffies.h
22531 +@@ -295,9 +295,9 @@ extern unsigned long preset_lpj;
22532 + */
22533 + extern unsigned int jiffies_to_msecs(const unsigned long j);
22534 + extern unsigned int jiffies_to_usecs(const unsigned long j);
22535 +-extern unsigned long msecs_to_jiffies(const unsigned int m);
22536 +-extern unsigned long usecs_to_jiffies(const unsigned int u);
22537 +-extern unsigned long timespec_to_jiffies(const struct timespec *value);
22538 ++extern unsigned long msecs_to_jiffies(const unsigned int m) __intentional_overflow(-1);
22539 ++extern unsigned long usecs_to_jiffies(const unsigned int u) __intentional_overflow(-1);
22540 ++extern unsigned long timespec_to_jiffies(const struct timespec *value) __intentional_overflow(-1);
22541 + extern void jiffies_to_timespec(const unsigned long jiffies,
22542 + struct timespec *value);
22543 + extern unsigned long timeval_to_jiffies(const struct timeval *value);
22544 diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h
22545 index 3875719..4663bc3 100644
22546 --- a/include/linux/kallsyms.h
22547 @@ -74242,7 +74751,7 @@ index c4d2fc1..5df9c19 100644
22548 extern struct kgdb_arch arch_kgdb_ops;
22549
22550 diff --git a/include/linux/kmod.h b/include/linux/kmod.h
22551 -index f8d4b27..269f55a 100644
22552 +index f8d4b27..8560882 100644
22553 --- a/include/linux/kmod.h
22554 +++ b/include/linux/kmod.h
22555 @@ -34,6 +34,8 @@ extern char modprobe_path[]; /* for sysctl */
22556 @@ -74254,6 +74763,16 @@ index f8d4b27..269f55a 100644
22557 #define request_module(mod...) __request_module(true, mod)
22558 #define request_module_nowait(mod...) __request_module(false, mod)
22559 #define try_then_request_module(x, mod...) \
22560 +@@ -60,6 +62,9 @@ struct subprocess_info {
22561 + struct work_struct work;
22562 + struct completion *complete;
22563 + char *path;
22564 ++#ifdef CONFIG_GRKERNSEC
22565 ++ char *origpath;
22566 ++#endif
22567 + char **argv;
22568 + char **envp;
22569 + enum umh_wait wait;
22570 diff --git a/include/linux/kobject.h b/include/linux/kobject.h
22571 index 445f978..3a02264 100644
22572 --- a/include/linux/kobject.h
22573 @@ -74372,7 +74891,7 @@ index 88e78de..c63979a 100644
22574 } apparmor_audit_data;
22575 #endif
22576 diff --git a/include/linux/math64.h b/include/linux/math64.h
22577 -index b8ba855..4382e1f 100644
22578 +index b8ba855..bfdffd0 100644
22579 --- a/include/linux/math64.h
22580 +++ b/include/linux/math64.h
22581 @@ -14,7 +14,7 @@
22582 @@ -74389,7 +74908,7 @@ index b8ba855..4382e1f 100644
22583 * div64_u64 - unsigned 64bit divide with 64bit divisor
22584 */
22585 -static inline u64 div64_u64(u64 dividend, u64 divisor)
22586 -+static inline u64 __intentional_overflow(0) div64_u64(u64 dividend, u64 divisor)
22587 ++static inline u64 __intentional_overflow(-1) div64_u64(u64 dividend, u64 divisor)
22588 {
22589 return dividend / divisor;
22590 }
22591 @@ -74402,6 +74921,15 @@ index b8ba855..4382e1f 100644
22592 {
22593 *remainder = do_div(dividend, divisor);
22594 return dividend;
22595 +@@ -62,7 +62,7 @@ extern s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder);
22596 + #endif
22597 +
22598 + #ifndef div64_u64
22599 +-extern u64 div64_u64(u64 dividend, u64 divisor);
22600 ++extern u64 __intentional_overflow(-1) div64_u64(u64 dividend, u64 divisor);
22601 + #endif
22602 +
22603 + #ifndef div64_s64
22604 @@ -79,7 +79,7 @@ extern s64 div64_s64(s64 dividend, s64 divisor);
22605 * divide.
22606 */
22607 @@ -74425,7 +74953,7 @@ index 3797270..7765ede 100644
22608 struct mca_bus {
22609 u64 default_dma_mask;
22610 diff --git a/include/linux/mm.h b/include/linux/mm.h
22611 -index 305fd75..f0db13d 100644
22612 +index 305fd75..cdbfb05 100644
22613 --- a/include/linux/mm.h
22614 +++ b/include/linux/mm.h
22615 @@ -115,7 +115,14 @@ extern unsigned int kobjsize(const void *objp);
22616 @@ -74595,6 +75123,15 @@ index 305fd75..f0db13d 100644
22617 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */
22618
22619 #if USE_SPLIT_PTLOCKS
22620 +@@ -1397,7 +1412,7 @@ extern int install_special_mapping(struct mm_struct *mm,
22621 + unsigned long addr, unsigned long len,
22622 + unsigned long flags, struct page **pages);
22623 +
22624 +-extern unsigned long get_unmapped_area(struct file *, unsigned long, unsigned long, unsigned long, unsigned long);
22625 ++extern unsigned long get_unmapped_area(struct file *, unsigned long, unsigned long, unsigned long, unsigned long) __intentional_overflow(-1);
22626 +
22627 + extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
22628 + unsigned long len, unsigned long prot,
22629 @@ -1420,6 +1435,7 @@ out:
22630 }
22631
22632 @@ -75666,7 +76203,7 @@ index 2148b12..519b820 100644
22633
22634 static inline void anon_vma_merge(struct vm_area_struct *vma,
22635 diff --git a/include/linux/sched.h b/include/linux/sched.h
22636 -index 8204898..070429f 100644
22637 +index 8204898..d17b99e 100644
22638 --- a/include/linux/sched.h
22639 +++ b/include/linux/sched.h
22640 @@ -101,6 +101,7 @@ struct bio_list;
22641 @@ -75836,7 +76373,7 @@ index 8204898..070429f 100644
22642 #ifdef CONFIG_DEBUG_MUTEXES
22643 /* mutex deadlock detection */
22644 struct mutex_waiter *blocked_on;
22645 -@@ -1544,6 +1590,28 @@ struct task_struct {
22646 +@@ -1544,6 +1590,30 @@ struct task_struct {
22647 unsigned long default_timer_slack_ns;
22648
22649 struct list_head *scm_work_list;
22650 @@ -75851,10 +76388,12 @@ index 8204898..070429f 100644
22651 +#endif
22652 + struct dentry *gr_chroot_dentry;
22653 + struct acl_subject_label *acl;
22654 ++ struct acl_subject_label *tmpacl;
22655 + struct acl_role_label *role;
22656 + struct file *exec_file;
22657 + unsigned long brute_expires;
22658 + u16 acl_role_id;
22659 ++ u8 inherited;
22660 + /* is this the task that authenticated to the special role */
22661 + u8 acl_sp_role;
22662 + u8 is_writable;
22663 @@ -75865,7 +76404,7 @@ index 8204898..070429f 100644
22664 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
22665 /* Index of current stored address in ret_stack */
22666 int curr_ret_stack;
22667 -@@ -1578,6 +1646,52 @@ struct task_struct {
22668 +@@ -1578,6 +1648,52 @@ struct task_struct {
22669 #endif
22670 };
22671
22672 @@ -75918,7 +76457,7 @@ index 8204898..070429f 100644
22673 /* Future-safe accessor for struct task_struct's cpus_allowed. */
22674 #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
22675
22676 -@@ -2093,7 +2207,9 @@ void yield(void);
22677 +@@ -2093,7 +2209,9 @@ void yield(void);
22678 extern struct exec_domain default_exec_domain;
22679
22680 union thread_union {
22681 @@ -75928,7 +76467,7 @@ index 8204898..070429f 100644
22682 unsigned long stack[THREAD_SIZE/sizeof(long)];
22683 };
22684
22685 -@@ -2126,6 +2242,7 @@ extern struct pid_namespace init_pid_ns;
22686 +@@ -2126,6 +2244,7 @@ extern struct pid_namespace init_pid_ns;
22687 */
22688
22689 extern struct task_struct *find_task_by_vpid(pid_t nr);
22690 @@ -75936,7 +76475,7 @@ index 8204898..070429f 100644
22691 extern struct task_struct *find_task_by_pid_ns(pid_t nr,
22692 struct pid_namespace *ns);
22693
22694 -@@ -2247,6 +2364,12 @@ static inline void mmdrop(struct mm_struct * mm)
22695 +@@ -2247,6 +2366,12 @@ static inline void mmdrop(struct mm_struct * mm)
22696 extern void mmput(struct mm_struct *);
22697 /* Grab a reference to a task's mm, if it is not already going away */
22698 extern struct mm_struct *get_task_mm(struct task_struct *task);
22699 @@ -75949,16 +76488,18 @@ index 8204898..070429f 100644
22700 /* Remove the current tasks stale references to the old mm_struct */
22701 extern void mm_release(struct task_struct *, struct mm_struct *);
22702 /* Allocate a new mm structure and copy contents from tsk->mm */
22703 -@@ -2263,7 +2386,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
22704 +@@ -2263,9 +2388,8 @@ extern void __cleanup_sighand(struct sighand_struct *);
22705 extern void exit_itimers(struct signal_struct *);
22706 extern void flush_itimer_signals(void);
22707
22708 -extern NORET_TYPE void do_group_exit(int);
22709 +extern __noreturn void do_group_exit(int);
22710
22711 - extern void daemonize(const char *, ...);
22712 +-extern void daemonize(const char *, ...);
22713 extern int allow_signal(int);
22714 -@@ -2428,9 +2551,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
22715 + extern int disallow_signal(int);
22716 +
22717 +@@ -2428,9 +2552,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
22718
22719 #endif
22720
22721 @@ -76181,6 +76722,19 @@ index e8c619d..99d0f1f 100644
22722 static inline int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, int cap)
22723 {
22724 int ret;
22725 +diff --git a/include/linux/semaphore.h b/include/linux/semaphore.h
22726 +index dc368b8..e895209 100644
22727 +--- a/include/linux/semaphore.h
22728 ++++ b/include/linux/semaphore.h
22729 +@@ -37,7 +37,7 @@ static inline void sema_init(struct semaphore *sem, int val)
22730 + }
22731 +
22732 + extern void down(struct semaphore *sem);
22733 +-extern int __must_check down_interruptible(struct semaphore *sem);
22734 ++extern int __must_check down_interruptible(struct semaphore *sem) __intentional_overflow(-1);
22735 + extern int __must_check down_killable(struct semaphore *sem);
22736 + extern int __must_check down_trylock(struct semaphore *sem);
22737 + extern int __must_check down_timeout(struct semaphore *sem, long jiffies);
22738 diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h
22739 index 0b69a46..b2ffa4c 100644
22740 --- a/include/linux/seq_file.h
22741 @@ -76299,7 +76853,7 @@ index efe50af..9a039e5 100644
22742
22743 static inline void nf_reset_trace(struct sk_buff *skb)
22744 diff --git a/include/linux/slab.h b/include/linux/slab.h
22745 -index a595dce..f8a18ee 100644
22746 +index a595dce..e710d26 100644
22747 --- a/include/linux/slab.h
22748 +++ b/include/linux/slab.h
22749 @@ -11,14 +11,29 @@
22750 @@ -76367,26 +76921,8 @@ index a595dce..f8a18ee 100644
22751
22752 /*
22753 * Allocator specific definitions. These are mainly used to establish optimized
22754 -@@ -298,7 +327,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep,
22755 - */
22756 - #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \
22757 - (defined(CONFIG_SLAB) && defined(CONFIG_TRACING))
22758 --extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
22759 -+extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long) __size_overflow(1);
22760 - #define kmalloc_track_caller(size, flags) \
22761 - __kmalloc_track_caller(size, flags, _RET_IP_)
22762 - #else
22763 -@@ -317,7 +346,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
22764 - */
22765 - #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \
22766 - (defined(CONFIG_SLAB) && defined(CONFIG_TRACING))
22767 --extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned long);
22768 -+extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned long) __size_overflow(1);
22769 - #define kmalloc_node_track_caller(size, flags, node) \
22770 - __kmalloc_node_track_caller(size, flags, node, \
22771 - _RET_IP_)
22772 diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h
22773 -index d00e0ba..a443aff 100644
22774 +index d00e0ba..e075bd20 100644
22775 --- a/include/linux/slab_def.h
22776 +++ b/include/linux/slab_def.h
22777 @@ -68,10 +68,14 @@ struct kmem_cache {
22778 @@ -76408,7 +76944,7 @@ index d00e0ba..a443aff 100644
22779
22780 /*
22781 * If debugging is enabled, then the allocator can add additional
22782 -@@ -105,11 +109,16 @@ struct cache_sizes {
22783 +@@ -105,6 +109,11 @@ struct cache_sizes {
22784 #ifdef CONFIG_ZONE_DMA
22785 struct kmem_cache *cs_dmacachep;
22786 #endif
22787 @@ -76420,12 +76956,6 @@ index d00e0ba..a443aff 100644
22788 };
22789 extern struct cache_sizes malloc_sizes[];
22790
22791 - void *kmem_cache_alloc(struct kmem_cache *, gfp_t);
22792 --void *__kmalloc(size_t size, gfp_t flags);
22793 -+void *__kmalloc(size_t size, gfp_t flags) __size_overflow(1);
22794 -
22795 - #ifdef CONFIG_TRACING
22796 - extern void *kmem_cache_alloc_trace(size_t size,
22797 @@ -152,6 +161,13 @@ found:
22798 cachep = malloc_sizes[i].cs_dmacachep;
22799 else
22800 @@ -76440,15 +76970,6 @@ index d00e0ba..a443aff 100644
22801 cachep = malloc_sizes[i].cs_cachep;
22802
22803 ret = kmem_cache_alloc_trace(size, cachep, flags);
22804 -@@ -162,7 +178,7 @@ found:
22805 - }
22806 -
22807 - #ifdef CONFIG_NUMA
22808 --extern void *__kmalloc_node(size_t size, gfp_t flags, int node);
22809 -+extern void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
22810 - extern void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node);
22811 -
22812 - #ifdef CONFIG_TRACING
22813 @@ -181,6 +197,7 @@ kmem_cache_alloc_node_trace(size_t size,
22814 }
22815 #endif
22816 @@ -76471,30 +76992,8 @@ index d00e0ba..a443aff 100644
22817 cachep = malloc_sizes[i].cs_cachep;
22818
22819 return kmem_cache_alloc_node_trace(size, cachep, flags, node);
22820 -diff --git a/include/linux/slob_def.h b/include/linux/slob_def.h
22821 -index 0ec00b3..22b4715 100644
22822 ---- a/include/linux/slob_def.h
22823 -+++ b/include/linux/slob_def.h
22824 -@@ -9,7 +9,7 @@ static __always_inline void *kmem_cache_alloc(struct kmem_cache *cachep,
22825 - return kmem_cache_alloc_node(cachep, flags, -1);
22826 - }
22827 -
22828 --void *__kmalloc_node(size_t size, gfp_t flags, int node);
22829 -+void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
22830 -
22831 - static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node)
22832 - {
22833 -@@ -29,7 +29,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags)
22834 - return __kmalloc_node(size, flags, -1);
22835 - }
22836 -
22837 --static __always_inline void *__kmalloc(size_t size, gfp_t flags)
22838 -+static __always_inline __size_overflow(1) void *__kmalloc(size_t size, gfp_t flags)
22839 - {
22840 - return kmalloc(size, flags);
22841 - }
22842 diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h
22843 -index a32bcfd..4a77b17 100644
22844 +index a32bcfd..f0246c3 100644
22845 --- a/include/linux/slub_def.h
22846 +++ b/include/linux/slub_def.h
22847 @@ -89,7 +89,7 @@ struct kmem_cache {
22848 @@ -76520,39 +77019,13 @@ index a32bcfd..4a77b17 100644
22849
22850 void *kmem_cache_alloc(struct kmem_cache *, gfp_t);
22851 -void *__kmalloc(size_t size, gfp_t flags);
22852 -+void *__kmalloc(size_t size, gfp_t flags) __alloc_size(1) __size_overflow(1);
22853 ++void *__kmalloc(size_t size, gfp_t flags) __alloc_size(1);
22854
22855 -static __always_inline void *
22856 +static __always_inline __size_overflow(1) void *
22857 kmalloc_order(size_t size, gfp_t flags, unsigned int order)
22858 {
22859 void *ret = (void *) __get_free_pages(flags | __GFP_COMP, order);
22860 -@@ -256,7 +256,7 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order)
22861 - }
22862 - #endif
22863 -
22864 --static __always_inline void *kmalloc_large(size_t size, gfp_t flags)
22865 -+static __always_inline __size_overflow(1) void *kmalloc_large(size_t size, gfp_t flags)
22866 - {
22867 - unsigned int order = get_order(size);
22868 - return kmalloc_order_trace(size, flags, order);
22869 -@@ -281,7 +281,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags)
22870 - }
22871 -
22872 - #ifdef CONFIG_NUMA
22873 --void *__kmalloc_node(size_t size, gfp_t flags, int node);
22874 -+void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
22875 - void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node);
22876 -
22877 - #ifdef CONFIG_TRACING
22878 -@@ -298,6 +298,7 @@ kmem_cache_alloc_node_trace(struct kmem_cache *s,
22879 - }
22880 - #endif
22881 -
22882 -+static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
22883 - static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node)
22884 - {
22885 - if (__builtin_constant_p(size) &&
22886 diff --git a/include/linux/sonet.h b/include/linux/sonet.h
22887 index de8832d..0147b46 100644
22888 --- a/include/linux/sonet.h
22889 @@ -77021,7 +77494,7 @@ index 57a9723..dbe234a 100644
22890
22891 struct list_head {
22892 diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
22893 -index 5ca0951..53a2fff 100644
22894 +index 5ca0951..ab496a5 100644
22895 --- a/include/linux/uaccess.h
22896 +++ b/include/linux/uaccess.h
22897 @@ -76,11 +76,11 @@ static inline unsigned long __copy_from_user_nocache(void *to,
22898 @@ -77039,15 +77512,6 @@ index 5ca0951..53a2fff 100644
22899 ret; \
22900 })
22901
22902 -@@ -105,7 +105,7 @@ extern long __probe_kernel_read(void *dst, const void *src, size_t size);
22903 - * Safely write to address @dst from the buffer at @src. If a kernel fault
22904 - * happens, handle that and return -EFAULT.
22905 - */
22906 --extern long notrace probe_kernel_write(void *dst, const void *src, size_t size);
22907 -+extern long notrace probe_kernel_write(void *dst, const void *src, size_t size) __size_overflow(3);
22908 - extern long notrace __probe_kernel_write(void *dst, const void *src, size_t size);
22909 -
22910 - #endif /* __LINUX_UACCESS_H__ */
22911 diff --git a/include/linux/unaligned/access_ok.h b/include/linux/unaligned/access_ok.h
22912 index 99c1b4d..562e6f3 100644
22913 --- a/include/linux/unaligned/access_ok.h
22914 @@ -77197,7 +77661,7 @@ index 6f8fbcf..8259001 100644
22915 + MODULE_GRSEC
22916
22917 diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
22918 -index 4bde182..dff01df 100644
22919 +index 4bde182..943f335 100644
22920 --- a/include/linux/vmalloc.h
22921 +++ b/include/linux/vmalloc.h
22922 @@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */
22923 @@ -77212,22 +77676,11 @@ index 4bde182..dff01df 100644
22924 /* bits [20..32] reserved for arch specific ioremap internals */
22925
22926 /*
22927 -@@ -62,7 +67,7 @@ extern void *vmalloc_32_user(unsigned long size);
22928 - extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot);
22929 - extern void *__vmalloc_node_range(unsigned long size, unsigned long align,
22930 - unsigned long start, unsigned long end, gfp_t gfp_mask,
22931 -- pgprot_t prot, int node, void *caller);
22932 -+ pgprot_t prot, int node, void *caller) __size_overflow(1);
22933 - extern void vfree(const void *addr);
22934 -
22935 - extern void *vmap(struct page **pages, unsigned int count,
22936 -@@ -123,8 +128,8 @@ extern struct vm_struct *alloc_vm_area(size_t size, pte_t **ptes);
22937 - extern void free_vm_area(struct vm_struct *area);
22938 +@@ -124,7 +129,7 @@ extern void free_vm_area(struct vm_struct *area);
22939
22940 /* for /dev/kmem */
22941 --extern long vread(char *buf, char *addr, unsigned long count);
22942 + extern long vread(char *buf, char *addr, unsigned long count);
22943 -extern long vwrite(char *buf, char *addr, unsigned long count);
22944 -+extern long vread(char *buf, char *addr, unsigned long count) __size_overflow(3);
22945 +extern long vwrite(char *buf, char *addr, unsigned long count) __size_overflow(3);
22946
22947 /*
22948 @@ -78604,7 +79057,7 @@ index 2531811..4f036c4 100644
22949 #ifdef CONFIG_BLK_DEV_RAM
22950 int fd;
22951 diff --git a/init/main.c b/init/main.c
22952 -index 5d0eb1d..8255113 100644
22953 +index 5d0eb1d..83506bb 100644
22954 --- a/init/main.c
22955 +++ b/init/main.c
22956 @@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { }
22957 @@ -78712,7 +79165,30 @@ index 5d0eb1d..8255113 100644
22958 return ret;
22959 }
22960
22961 -@@ -821,7 +883,7 @@ static int __init kernel_init(void * unused)
22962 +@@ -748,6 +810,10 @@ static void run_init_process(const char *init_filename)
22963 + kernel_execve(init_filename, argv_init, envp_init);
22964 + }
22965 +
22966 ++#ifdef CONFIG_GRKERNSEC_CHROOT_INITRD
22967 ++extern int gr_init_ran;
22968 ++#endif
22969 ++
22970 + /* This is a non __init function. Force it to be noinline otherwise gcc
22971 + * makes it inline to init() and it becomes part of init.text section
22972 + */
22973 +@@ -769,6 +835,11 @@ static noinline int init_post(void)
22974 + ramdisk_execute_command);
22975 + }
22976 +
22977 ++#ifdef CONFIG_GRKERNSEC_CHROOT_INITRD
22978 ++ /* if no initrd was used, be extra sure we enforce chroot restrictions */
22979 ++ gr_init_ran = 1;
22980 ++#endif
22981 ++
22982 + /*
22983 + * We try each of these until one succeeds.
22984 + *
22985 +@@ -821,7 +892,7 @@ static int __init kernel_init(void * unused)
22986 do_basic_setup();
22987
22988 /* Open the /dev/console on the rootfs, this should never fail */
22989 @@ -78721,7 +79197,7 @@ index 5d0eb1d..8255113 100644
22990 printk(KERN_WARNING "Warning: unable to open an initial console.\n");
22991
22992 (void) sys_dup(0);
22993 -@@ -834,11 +896,13 @@ static int __init kernel_init(void * unused)
22994 +@@ -834,11 +905,13 @@ static int __init kernel_init(void * unused)
22995 if (!ramdisk_execute_command)
22996 ramdisk_execute_command = "/init";
22997
22998 @@ -79075,7 +79551,7 @@ index d4bc594..b26065d 100644
22999 if (!ab)
23000 return;
23001 diff --git a/kernel/auditsc.c b/kernel/auditsc.c
23002 -index 47b7fc1..9af0605 100644
23003 +index 47b7fc1..b8e1e47 100644
23004 --- a/kernel/auditsc.c
23005 +++ b/kernel/auditsc.c
23006 @@ -67,6 +67,7 @@
23007 @@ -79106,9 +79582,12 @@ index 47b7fc1..9af0605 100644
23008
23009 /**
23010 * audit_set_loginuid - set a task's audit_context loginuid
23011 -@@ -2131,7 +2132,7 @@ static atomic_t session_id = ATOMIC_INIT(0);
23012 +@@ -2129,9 +2130,9 @@ static atomic_t session_id = ATOMIC_INIT(0);
23013 + *
23014 + * Called (set) from fs/proc/base.c::proc_loginuid_write().
23015 */
23016 - int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
23017 +-int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
23018 ++int __intentional_overflow(-1) audit_set_loginuid(struct task_struct *task, uid_t loginuid)
23019 {
23020 - unsigned int sessionid = atomic_inc_return(&session_id);
23021 + unsigned int sessionid = atomic_inc_return_unchecked(&session_id);
23022 @@ -79833,7 +80312,7 @@ index a2101bb..f2e0354 100644
23023 do {
23024 unsigned long size = min_t(unsigned long, handle->size, len);
23025 diff --git a/kernel/exit.c b/kernel/exit.c
23026 -index 234e152..0ae0243 100644
23027 +index 234e152..4c61aa3 100644
23028 --- a/kernel/exit.c
23029 +++ b/kernel/exit.c
23030 @@ -168,6 +168,10 @@ void release_task(struct task_struct * p)
23031 @@ -79856,17 +80335,64 @@ index 234e152..0ae0243 100644
23032 recalc_sigpending();
23033 spin_unlock_irq(&current->sighand->siglock);
23034 return 0;
23035 -@@ -416,6 +420,9 @@ void daemonize(const char *name, ...)
23036 - vsnprintf(current->comm, sizeof(current->comm), name, args);
23037 - va_end(args);
23038 +@@ -402,56 +406,6 @@ int disallow_signal(int sig)
23039
23040 -+ gr_put_exec_file(current);
23041 -+ gr_set_kernel_label(current);
23042 -+
23043 - /*
23044 - * If we were started as result of loading a module, close all of the
23045 - * user space pages. We don't need them, and if we didn't close them
23046 -@@ -874,6 +881,8 @@ NORET_TYPE void do_exit(long code)
23047 + EXPORT_SYMBOL(disallow_signal);
23048 +
23049 +-/*
23050 +- * Put all the gunge required to become a kernel thread without
23051 +- * attached user resources in one place where it belongs.
23052 +- */
23053 +-
23054 +-void daemonize(const char *name, ...)
23055 +-{
23056 +- va_list args;
23057 +- sigset_t blocked;
23058 +-
23059 +- va_start(args, name);
23060 +- vsnprintf(current->comm, sizeof(current->comm), name, args);
23061 +- va_end(args);
23062 +-
23063 +- /*
23064 +- * If we were started as result of loading a module, close all of the
23065 +- * user space pages. We don't need them, and if we didn't close them
23066 +- * they would be locked into memory.
23067 +- */
23068 +- exit_mm(current);
23069 +- /*
23070 +- * We don't want to have TIF_FREEZE set if the system-wide hibernation
23071 +- * or suspend transition begins right now.
23072 +- */
23073 +- current->flags |= (PF_NOFREEZE | PF_KTHREAD);
23074 +-
23075 +- if (current->nsproxy != &init_nsproxy) {
23076 +- get_nsproxy(&init_nsproxy);
23077 +- switch_task_namespaces(current, &init_nsproxy);
23078 +- }
23079 +- set_special_pids(&init_struct_pid);
23080 +- proc_clear_tty(current);
23081 +-
23082 +- /* Block and flush all signals */
23083 +- sigfillset(&blocked);
23084 +- sigprocmask(SIG_BLOCK, &blocked, NULL);
23085 +- flush_signals(current);
23086 +-
23087 +- /* Become as one with the init task */
23088 +-
23089 +- daemonize_fs_struct();
23090 +- exit_files(current);
23091 +- current->files = init_task.files;
23092 +- atomic_inc(&current->files->count);
23093 +-
23094 +- reparent_to_kthreadd();
23095 +-}
23096 +-
23097 +-EXPORT_SYMBOL(daemonize);
23098 +-
23099 + static void close_files(struct files_struct * files)
23100 + {
23101 + int i, j;
23102 +@@ -874,6 +828,8 @@ NORET_TYPE void do_exit(long code)
23103 struct task_struct *tsk = current;
23104 int group_dead;
23105
23106 @@ -79875,7 +80401,7 @@ index 234e152..0ae0243 100644
23107 profile_task_exit(tsk);
23108
23109 WARN_ON(blk_needs_flush_plug(tsk));
23110 -@@ -890,7 +899,6 @@ NORET_TYPE void do_exit(long code)
23111 +@@ -890,7 +846,6 @@ NORET_TYPE void do_exit(long code)
23112 * mm_release()->clear_child_tid() from writing to a user-controlled
23113 * kernel address.
23114 */
23115 @@ -79883,7 +80409,7 @@ index 234e152..0ae0243 100644
23116
23117 ptrace_event(PTRACE_EVENT_EXIT, code);
23118
23119 -@@ -952,6 +960,9 @@ NORET_TYPE void do_exit(long code)
23120 +@@ -952,6 +907,9 @@ NORET_TYPE void do_exit(long code)
23121 tsk->exit_code = code;
23122 taskstats_exit(tsk, group_dead);
23123
23124 @@ -79893,7 +80419,7 @@ index 234e152..0ae0243 100644
23125 exit_mm(tsk);
23126
23127 if (group_dead)
23128 -@@ -1065,7 +1076,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
23129 +@@ -1065,7 +1023,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
23130 * Take down every thread in the group. This is called by fatal signals
23131 * as well as by sys_exit_group (below).
23132 */
23133 @@ -80586,7 +81112,7 @@ index dc7bc08..4601964 100644
23134
23135 /* Don't allow clients that don't understand the native
23136 diff --git a/kernel/kmod.c b/kernel/kmod.c
23137 -index a16dac1..a1ac7cb 100644
23138 +index a16dac1..97aeff5 100644
23139 --- a/kernel/kmod.c
23140 +++ b/kernel/kmod.c
23141 @@ -64,7 +64,7 @@ static void free_modprobe_argv(struct subprocess_info *info)
23142 @@ -80714,7 +81240,37 @@ index a16dac1..a1ac7cb 100644
23143 EXPORT_SYMBOL(__request_module);
23144 #endif /* CONFIG_MODULES */
23145
23146 -@@ -265,7 +318,7 @@ static int wait_for_helper(void *data)
23147 +@@ -188,6 +241,18 @@ static int ____call_usermodehelper(void *data)
23148 + */
23149 + set_user_nice(current, 0);
23150 +
23151 ++#ifdef CONFIG_GRKERNSEC
23152 ++ /* this is race-free as far as userland is concerned as we copied
23153 ++ out the path to be used prior to this point and are now operating
23154 ++ on that copy
23155 ++ */
23156 ++ if (strncmp(sub_info->path, "/sbin/", 6) || strstr(sub_info->path, "..")) {
23157 ++ printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of /sbin\n", sub_info->path);
23158 ++ retval = -EPERM;
23159 ++ goto fail;
23160 ++ }
23161 ++#endif
23162 ++
23163 + retval = -ENOMEM;
23164 + new = prepare_kernel_cred(current);
23165 + if (!new)
23166 +@@ -221,6 +286,10 @@ fail:
23167 +
23168 + void call_usermodehelper_freeinfo(struct subprocess_info *info)
23169 + {
23170 ++#ifdef CONFIG_GRKERNSEC
23171 ++ kfree(info->path);
23172 ++ info->path = info->origpath;
23173 ++#endif
23174 + if (info->cleanup)
23175 + (*info->cleanup)(info);
23176 + kfree(info);
23177 +@@ -265,7 +334,7 @@ static int wait_for_helper(void *data)
23178 *
23179 * Thus the __user pointer cast is valid here.
23180 */
23181 @@ -80723,7 +81279,20 @@ index a16dac1..a1ac7cb 100644
23182
23183 /*
23184 * If ret is 0, either ____call_usermodehelper failed and the
23185 -@@ -512,7 +565,7 @@ EXPORT_SYMBOL(call_usermodehelper_exec);
23186 +@@ -413,7 +482,12 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv,
23187 + goto out;
23188 +
23189 + INIT_WORK(&sub_info->work, __call_usermodehelper);
23190 ++#ifdef CONFIG_GRKERNSEC
23191 ++ sub_info->origpath = path;
23192 ++ sub_info->path = kstrdup(path, gfp_mask);
23193 ++#else
23194 + sub_info->path = path;
23195 ++#endif
23196 + sub_info->argv = argv;
23197 + sub_info->envp = envp;
23198 + out:
23199 +@@ -512,7 +586,7 @@ EXPORT_SYMBOL(call_usermodehelper_exec);
23200 static int proc_cap_handler(struct ctl_table *table, int write,
23201 void __user *buffer, size_t *lenp, loff_t *ppos)
23202 {
23203 @@ -84592,7 +85161,7 @@ index e660464..c8b9e67 100644
23204 return cmd_attr_register_cpumask(info);
23205 else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK])
23206 diff --git a/kernel/time.c b/kernel/time.c
23207 -index 73e416d..71905c5 100644
23208 +index 73e416d..cfc6f69 100644
23209 --- a/kernel/time.c
23210 +++ b/kernel/time.c
23211 @@ -163,6 +163,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz)
23212 @@ -84607,15 +85176,6 @@ index 73e416d..71905c5 100644
23213 /* SMP safe, global irq locking makes it work. */
23214 sys_tz = *tz;
23215 update_vsyscall_tz();
23216 -@@ -499,7 +504,7 @@ EXPORT_SYMBOL(usecs_to_jiffies);
23217 - * The >> (NSEC_JIFFIE_SC - SEC_JIFFIE_SC) converts the scaled nsec
23218 - * value to a scaled second value.
23219 - */
23220 --unsigned long
23221 -+unsigned long __intentional_overflow(-1)
23222 - timespec_to_jiffies(const struct timespec *value)
23223 - {
23224 - unsigned long sec = value->tv_sec;
23225 diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
23226 index 8a46f5d..bbe6f9c 100644
23227 --- a/kernel/time/alarmtimer.c
23228 @@ -91057,7 +91617,7 @@ index 136ac4f..f917fa9 100644
23229 mm->unmap_area = arch_unmap_area;
23230 }
23231 diff --git a/mm/vmalloc.c b/mm/vmalloc.c
23232 -index eeba3bb..5ebaf67 100644
23233 +index eeba3bb..a22618a 100644
23234 --- a/mm/vmalloc.c
23235 +++ b/mm/vmalloc.c
23236 @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
23237 @@ -91160,15 +91720,6 @@ index eeba3bb..5ebaf67 100644
23238 if (!pmd_none(*pmd)) {
23239 pte_t *ptep, pte;
23240
23241 -@@ -329,7 +365,7 @@ static void purge_vmap_area_lazy(void);
23242 - * Allocate a region of KVA of the specified size and alignment, within the
23243 - * vstart and vend.
23244 - */
23245 --static struct vmap_area *alloc_vmap_area(unsigned long size,
23246 -+static __size_overflow(1) struct vmap_area *alloc_vmap_area(unsigned long size,
23247 - unsigned long align,
23248 - unsigned long vstart, unsigned long vend,
23249 - int node, gfp_t gfp_mask)
23250 @@ -1295,6 +1331,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
23251 struct vm_struct *area;
23252
23253 @@ -94225,6 +94776,19 @@ index 66363b6..b0654a3 100644
23254 if (!(flg & TCP_FLAG_RST))
23255 req->rsk_ops->send_reset(sk, skb);
23256
23257 +diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
23258 +index 3add486..a5df757 100644
23259 +--- a/net/ipv4/tcp_output.c
23260 ++++ b/net/ipv4/tcp_output.c
23261 +@@ -1318,7 +1318,7 @@ static void tcp_cwnd_validate(struct sock *sk)
23262 + * modulo only when the receiver window alone is the limiting factor or
23263 + * when we would be allowed to send the split-due-to-Nagle skb fully.
23264 + */
23265 +-static unsigned int tcp_mss_split_point(const struct sock *sk, const struct sk_buff *skb,
23266 ++static unsigned int __intentional_overflow(0) tcp_mss_split_point(const struct sock *sk, const struct sk_buff *skb,
23267 + unsigned int mss_now, unsigned int max_segs)
23268 + {
23269 + const struct tcp_sock *tp = tcp_sk(sk);
23270 diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c
23271 index 85ee7eb..53277ab 100644
23272 --- a/net/ipv4/tcp_probe.c
23273 @@ -97477,6 +98041,19 @@ index c80c162..83a1e28 100644
23274
23275 /* Initialize storage for argp and resp */
23276 memset(rqstp->rq_argp, 0, procp->pc_argsize);
23277 +diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
23278 +index ce13632..144987d 100644
23279 +--- a/net/sunrpc/svcauth_unix.c
23280 ++++ b/net/sunrpc/svcauth_unix.c
23281 +@@ -602,7 +602,7 @@ struct cache_detail unix_gid_cache = {
23282 + .alloc = unix_gid_alloc,
23283 + };
23284 +
23285 +-static struct unix_gid *unix_gid_lookup(uid_t uid)
23286 ++static struct unix_gid * __intentional_overflow(-1) unix_gid_lookup(uid_t uid)
23287 + {
23288 + struct unix_gid ug;
23289 + struct cache_head *ch;
23290 diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
23291 index 296192c..5a95b93 100644
23292 --- a/net/sunrpc/svcsock.c
23293 @@ -104166,11 +104743,12 @@ index 0000000..679b9ef
23294 +}
23295 diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data
23296 new file mode 100644
23297 -index 0000000..6fcc08d
23298 +index 0000000..05e26dd
23299 --- /dev/null
23300 +++ b/tools/gcc/size_overflow_hash.data
23301 -@@ -0,0 +1,4784 @@
23302 +@@ -0,0 +1,5989 @@
23303 +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
23304 ++ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
23305 +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
23306 +compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL
23307 +carl9170_alloc_27 carl9170_alloc 1 27 NULL
23308 @@ -104178,84 +104756,115 @@ index 0000000..6fcc08d
23309 +padzero_55 padzero 1 55 &sel_read_policyvers_55
23310 +cfg80211_disconnected_57 cfg80211_disconnected 4 57 NULL
23311 +vis_data_count_prim_sec_64 vis_data_count_prim_sec 0 64 NULL
23312 -+DepcaSignature_80 DepcaSignature 2 80 NULL nohasharray
23313 -+crypto_authenc_setkey_80 crypto_authenc_setkey 3 80 &DepcaSignature_80
23314 ++__skb_to_sgvec_72 __skb_to_sgvec 0 72 NULL
23315 ++crypto_authenc_setkey_80 crypto_authenc_setkey 3 80 NULL
23316 +snd_korg1212_copy_to_92 snd_korg1212_copy_to 6 92 NULL
23317 +load_msg_95 load_msg 2 95 NULL
23318 +device_flush_iotlb_115 device_flush_iotlb 2-3 115 NULL
23319 ++ipath_verbs_send_117 ipath_verbs_send 5-3 117 NULL
23320 +init_q_132 init_q 4 132 NULL
23321 ++ocfs2_local_alloc_slide_window_134 ocfs2_local_alloc_slide_window 0 134 NULL
23322 +memstick_alloc_host_142 memstick_alloc_host 1 142 NULL
23323 -+tracing_trace_options_write_153 tracing_trace_options_write 3 153 NULL
23324 -+iscsi_session_setup_196 iscsi_session_setup 4-5 196 NULL
23325 ++ext4_ext_get_actual_len_153 ext4_ext_get_actual_len 0 153 NULL nohasharray
23326 ++tracing_trace_options_write_153 tracing_trace_options_write 3 153 &ext4_ext_get_actual_len_153
23327 ++pci_request_selected_regions_169 pci_request_selected_regions 0 169 NULL
23328 ++iscsi_session_setup_196 iscsi_session_setup 4-5-3 196 NULL
23329 ++device_add_bin_attributes_205 device_add_bin_attributes 0 205 NULL
23330 +store_cpufv_215 store_cpufv 4 215 NULL
23331 -+flex_array_clear_251 flex_array_clear 2 251 NULL
23332 +proc_scsi_write_proc_267 proc_scsi_write_proc 3 267 NULL
23333 +generic_file_direct_write_291 generic_file_direct_write 0 291 NULL
23334 +read_file_war_stats_292 read_file_war_stats 3 292 NULL
23335 +platform_device_add_data_310 platform_device_add_data 3 310 NULL
23336 +iwl_dbgfs_tx_statistics_read_314 iwl_dbgfs_tx_statistics_read 3 314 NULL nohasharray
23337 +dn_setsockopt_314 dn_setsockopt 5 314 &iwl_dbgfs_tx_statistics_read_314
23338 -+next_node_allowed_318 next_node_allowed 1 318 NULL
23339 -+compat_sys_ioctl_333 compat_sys_ioctl 3 333 NULL
23340 ++next_node_allowed_318 next_node_allowed 1-0 318 NULL
23341 ++ath9k_wmi_cmd_327 ath9k_wmi_cmd 4 327 NULL
23342 ++map_urb_for_dma_332 map_urb_for_dma 0 332 NULL
23343 ++cmtp_send_interopmsg_376 cmtp_send_interopmsg 7 376 NULL
23344 ++sysfs_create_dir_398 sysfs_create_dir 0 398 NULL
23345 +btmrvl_txdnldready_read_413 btmrvl_txdnldready_read 3 413 NULL
23346 +lbs_rdmac_read_418 lbs_rdmac_read 3 418 NULL
23347 ++insert_vm_struct_428 insert_vm_struct 0 428 NULL
23348 +snd_ca0106_ptr_read_467 snd_ca0106_ptr_read 0 467 NULL
23349 +_alloc_get_attr_desc_470 _alloc_get_attr_desc 2 470 NULL
23350 +pidlist_resize_496 pidlist_resize 2 496 NULL
23351 ++iwl_dbgfs_protection_mode_write_502 iwl_dbgfs_protection_mode_write 3 502 NULL
23352 ++smp_send_cmd_512 smp_send_cmd 3 512 NULL
23353 ++_snd_pcm_hw_param_first_516 _snd_pcm_hw_param_first 0 516 NULL
23354 +ocfs2_validate_meta_ecc_bhs_527 ocfs2_validate_meta_ecc_bhs 0 527 NULL
23355 +ipv6_skip_exthdr_536 ipv6_skip_exthdr 0-2 536 NULL
23356 -+zlib_deflate_workspacesize_537 zlib_deflate_workspacesize 0-1-2 537 NULL
23357 +iwl_dbgfs_wowlan_sram_read_540 iwl_dbgfs_wowlan_sram_read 3 540 NULL
23358 ++dle_count_543 dle_count 0 543 NULL
23359 +devres_alloc_551 devres_alloc 2 551 NULL
23360 ++lpfc_nlp_state_name_556 lpfc_nlp_state_name 2 556 NULL
23361 +snd_aw2_saa7146_get_hw_ptr_playback_558 snd_aw2_saa7146_get_hw_ptr_playback 0 558 NULL
23362 +dev_hard_header_565 dev_hard_header 0 565 NULL nohasharray
23363 +start_isoc_chain_565 start_isoc_chain 2 565 &dev_hard_header_565
23364 +compat_sys_preadv_583 compat_sys_preadv 3 583 NULL
23365 ++ocfs2_refcounted_xattr_delete_need_584 ocfs2_refcounted_xattr_delete_need 0 584 NULL
23366 +ni_gpct_device_construct_610 ni_gpct_device_construct 5 610 NULL
23367 -+compat_sys_shmat_620 compat_sys_shmat 3 620 NULL
23368 +sysfs_acpi_set_625 sysfs_acpi_set 3 625 NULL
23369 +viafb_dfpl_proc_write_627 viafb_dfpl_proc_write 3 627 NULL
23370 -+isp1760_register_628 isp1760_register 1-2 628 NULL
23371 ++ocfs2_num_free_extents_632 ocfs2_num_free_extents 0 632 NULL
23372 +drbd_bm_find_next_643 drbd_bm_find_next 2 643 NULL
23373 -+unlink_queued_645 unlink_queued 3-4 645 NULL
23374 ++unlink_queued_645 unlink_queued 4-3 645 NULL
23375 +iwl_legacy_dbgfs_force_reset_read_649 iwl_legacy_dbgfs_force_reset_read 3 649 NULL
23376 +dtim_interval_read_654 dtim_interval_read 3 654 NULL
23377 -+ceph_copy_user_to_page_vector_656 ceph_copy_user_to_page_vector 4-3 656 NULL
23378 ++ceph_copy_user_to_page_vector_656 ceph_copy_user_to_page_vector 3-4 656 NULL
23379 ++div_u64_rem_672 div_u64_rem 0 672 NULL
23380 ++xfrm_aevent_msgsize_674 xfrm_aevent_msgsize 0 674 NULL
23381 +rtl8169_try_rx_copy_705 rtl8169_try_rx_copy 3 705 NULL
23382 -+ipath_resize_cq_712 ipath_resize_cq 2 712 NULL
23383 -+context_struct_compute_av_722 context_struct_compute_av 3 722 NULL
23384 +sctp_setsockopt_peer_addr_params_734 sctp_setsockopt_peer_addr_params 3 734 NULL
23385 ++ddp_set_map_751 ddp_set_map 4 751 NULL
23386 +dvb_video_write_754 dvb_video_write 3 754 NULL
23387 +iwl_read_targ_mem_772 iwl_read_targ_mem 0 772 NULL
23388 ++jbd2_journal_dirty_metadata_784 jbd2_journal_dirty_metadata 0 784 NULL
23389 ++snd_pcm_drain_811 snd_pcm_drain 0 811 NULL
23390 +if_writecmd_815 if_writecmd 2 815 NULL
23391 +aac_change_queue_depth_825 aac_change_queue_depth 2 825 NULL
23392 -+um_idi_read_850 um_idi_read 3 850 NULL
23393 ++read_fifo_826 read_fifo 3 826 NULL
23394 +o2net_send_message_vec_879 o2net_send_message_vec 4 879 NULL nohasharray
23395 +iwl_dbgfs_fh_reg_read_879 iwl_dbgfs_fh_reg_read 3 879 &o2net_send_message_vec_879
23396 ++intel_alloc_iova_883 intel_alloc_iova 3 883 NULL
23397 +snd_pcm_action_single_905 snd_pcm_action_single 0 905 NULL
23398 +btmrvl_hsstate_read_920 btmrvl_hsstate_read 3 920 NULL
23399 ++v4l2_ctrl_handler_init_928 v4l2_ctrl_handler_init 2 928 NULL
23400 ++readw_931 readw 0 931 NULL
23401 +carl9170_cmd_buf_950 carl9170_cmd_buf 3 950 NULL
23402 -+__nodes_weight_956 __nodes_weight 2 956 NULL
23403 ++__nodes_weight_956 __nodes_weight 2-0 956 NULL
23404 +sys_msgrcv_959 sys_msgrcv 3 959 NULL
23405 ++memcmp_990 memcmp 0 990 NULL
23406 ++hdlcdev_rx_997 hdlcdev_rx 3 997 NULL
23407 ++free_ind_block_999 free_ind_block 0 999 NULL
23408 ++readreg_1017 readreg 0-1 1017 NULL
23409 +pohmelfs_name_alloc_1036 pohmelfs_name_alloc 1 1036 NULL
23410 +gigaset_initdriver_1060 gigaset_initdriver 2 1060 NULL
23411 -+mce_request_packet_1073 mce_request_packet 3 1073 NULL
23412 ++Read_hfc16_1070 Read_hfc16 0 1070 NULL
23413 ++mce_request_packet_1073 mce_request_packet 3 1073 NULL nohasharray
23414 ++mlx4_create_eq_1073 mlx4_create_eq 2 1073 &mce_request_packet_1073
23415 +agp_create_memory_1075 agp_create_memory 1 1075 NULL
23416 +_scsih_adjust_queue_depth_1083 _scsih_adjust_queue_depth 2 1083 NULL
23417 ++inode_ref_info_1094 inode_ref_info 0 1094 NULL nohasharray
23418 ++llc_mac_hdr_init_1094 llc_mac_hdr_init 0 1094 &inode_ref_info_1094
23419 +__arch_hweight8_1105 __arch_hweight8 0 1105 NULL
23420 -+vmalloc_32_1135 vmalloc_32 1 1135 NULL
23421 ++__btrfs_cow_block_1125 __btrfs_cow_block 0-7 1125 NULL nohasharray
23422 ++__ext4_journal_stop_1125 __ext4_journal_stop 0 1125 &__btrfs_cow_block_1125
23423 +i2400m_rx_ctl_1157 i2400m_rx_ctl 4 1157 NULL
23424 ++pfkey_xfrm_policy2msg_size_1176 pfkey_xfrm_policy2msg_size 0 1176 NULL
23425 +ipc_alloc_1192 ipc_alloc 1 1192 NULL
23426 +ib_create_send_mad_1196 ib_create_send_mad 5 1196 NULL
23427 +i2400m_rx_ctl_ack_1199 i2400m_rx_ctl_ack 3 1199 NULL
23428 +i2cdev_read_1206 i2cdev_read 3 1206 NULL
23429 ++generic_file_splice_read_1220 generic_file_splice_read 4 1220 NULL
23430 ++ipw_packet_received_skb_1230 ipw_packet_received_skb 2 1230 NULL
23431 +acpi_battery_write_alarm_1240 acpi_battery_write_alarm 3 1240 NULL
23432 +ocfs2_extend_file_1266 ocfs2_extend_file 3 1266 NULL
23433 +ioctl_private_iw_point_1273 ioctl_private_iw_point 7 1273 NULL
23434 -+compat_put_u64_1319 compat_put_u64 1 1319 NULL
23435 ++ocfs2_append_rec_to_path_1321 ocfs2_append_rec_to_path 0 1321 NULL
23436 +ffs_1322 ffs 0 1322 NULL
23437 ++push_node_left_1327 push_node_left 0 1327 NULL
23438 ++carl9170_rx_stream_1334 carl9170_rx_stream 3 1334 NULL
23439 +btrfs_submit_compressed_write_1347 btrfs_submit_compressed_write 5 1347 NULL
23440 -+io_mapping_create_wc_1354 io_mapping_create_wc 1-2 1354 NULL
23441 +snd_pcm_lib_write1_1358 snd_pcm_lib_write1 0-3 1358 NULL
23442 +ipx_sendmsg_1362 ipx_sendmsg 4 1362 NULL
23443 +ocfs2_prepare_inode_for_write_1372 ocfs2_prepare_inode_for_write 3 1372 NULL
23444 @@ -104263,277 +104872,349 @@ index 0000000..6fcc08d
23445 +do_msgsnd_1387 do_msgsnd 4 1387 NULL
23446 +zone_page_state_1393 zone_page_state 0 1393 NULL
23447 +file_read_actor_1401 file_read_actor 4 1401 NULL
23448 ++hci_si_event_1404 hci_si_event 3 1404 NULL
23449 ++init_rs_internal_1436 init_rs_internal 1 1436 NULL
23450 +stack_max_size_read_1445 stack_max_size_read 3 1445 NULL
23451 +tx_queue_len_read_1463 tx_queue_len_read 3 1463 NULL
23452 +xprt_alloc_1475 xprt_alloc 2 1475 NULL
23453 +sta_num_ps_buf_frames_read_1488 sta_num_ps_buf_frames_read 3 1488 NULL
23454 +posix_acl_permission_1495 posix_acl_permission 0 1495 NULL
23455 ++fpregs_set_1497 fpregs_set 4 1497 NULL
23456 ++ocfs2_alloc_dinode_update_counts_1507 ocfs2_alloc_dinode_update_counts 0 1507 NULL
23457 +tomoyo_round2_1518 tomoyo_round2 0 1518 NULL
23458 -+sym_name_1571 sym_name 3 1571 NULL
23459 ++vp_request_intx_1578 vp_request_intx 0 1578 NULL
23460 +ieee80211_if_read_dot11MeshHWMPnetDiameterTraversalTime_1589 ieee80211_if_read_dot11MeshHWMPnetDiameterTraversalTime 3 1589 NULL
23461 ++ipath_ht_handle_hwerrors_1592 ipath_ht_handle_hwerrors 3 1592 NULL
23462 +fc_frame_alloc_1596 fc_frame_alloc 2 1596 NULL
23463 +packet_buffer_init_1607 packet_buffer_init 2 1607 NULL
23464 ++i915_gem_execbuffer_wait_for_flips_1612 i915_gem_execbuffer_wait_for_flips 0 1612 NULL
23465 +btmrvl_hscmd_read_1614 btmrvl_hscmd_read 3 1614 NULL
23466 +v9fs_fid_xattr_get_1618 v9fs_fid_xattr_get 0 1618 NULL
23467 +bluetooth_proc_write_1630 bluetooth_proc_write 3 1630 NULL
23468 +btmrvl_hsmode_read_1647 btmrvl_hsmode_read 3 1647 NULL
23469 +ikconfig_read_current_1658 ikconfig_read_current 3 1658 NULL
23470 -+compat_x25_ioctl_1674 compat_x25_ioctl 3 1674 NULL
23471 +configfs_read_file_1683 configfs_read_file 3 1683 NULL
23472 ++pdu_write_u_1710 pdu_write_u 3 1710 NULL
23473 +coda_psdev_write_1711 coda_psdev_write 3 1711 NULL
23474 ++wl1271_rx_handle_data_1714 wl1271_rx_handle_data 3 1714 NULL nohasharray
23475 ++btrfs_dir_data_len_1714 btrfs_dir_data_len 0 1714 &wl1271_rx_handle_data_1714
23476 +dma_memcpy_pg_to_iovec_1725 dma_memcpy_pg_to_iovec 6 1725 NULL
23477 -+compat_cdrom_generic_command_1756 compat_cdrom_generic_command 4 1756 NULL
23478 ++internal_create_group_1733 internal_create_group 0 1733 NULL
23479 +ieee80211_new_mesh_header_1761 ieee80211_new_mesh_header 0 1761 NULL
23480 -+ebt_size_mwt_1768 ebt_size_mwt 0 1768 NULL
23481 +cosa_write_1774 cosa_write 3 1774 NULL
23482 -+__nodelist_scnprintf_1815 __nodelist_scnprintf 0-4-2 1815 NULL
23483 ++__nodelist_scnprintf_1815 __nodelist_scnprintf 2-4-0 1815 NULL
23484 ++hidp_queue_report_1881 hidp_queue_report 3 1881 NULL
23485 ++sb_issue_zeroout_1884 sb_issue_zeroout 0 1884 NULL
23486 +iwl_legacy_dbgfs_rxon_flags_read_1894 iwl_legacy_dbgfs_rxon_flags_read 3 1894 NULL
23487 ++ext3_fiemap_1936 ext3_fiemap 4 1936 NULL
23488 +ieee80211_if_fmt_dot11MeshConfirmTimeout_1945 ieee80211_if_fmt_dot11MeshConfirmTimeout 3 1945 NULL
23489 -+read_swap_header_1957 read_swap_header 0 1957 NULL
23490 ++__assign_irq_vector_1961 __assign_irq_vector 0 1961 NULL
23491 +ivtv_v4l2_read_1964 ivtv_v4l2_read 3 1964 NULL
23492 +store_iwmct_log_level_fw_1974 store_iwmct_log_level_fw 4 1974 NULL
23493 +sel_read_avc_hash_stats_1984 sel_read_avc_hash_stats 3 1984 NULL
23494 -+xfs_trans_count_vecs_1991 xfs_trans_count_vecs 0 1991 NULL
23495 ++xfs_trans_count_vecs_1991 xfs_trans_count_vecs 0 1991 NULL nohasharray
23496 ++gpio_power_write_1991 gpio_power_write 3 1991 &xfs_trans_count_vecs_1991
23497 +__alloc_bootmem_node_1992 __alloc_bootmem_node 2 1992 NULL
23498 +atomic_read_unchecked_1995 atomic_read_unchecked 0 1995 NULL
23499 +ocfs2_global_qinit_alloc_2018 ocfs2_global_qinit_alloc 0 2018 NULL
23500 +write_flush_pipefs_2021 write_flush_pipefs 3 2021 NULL
23501 -+BcmCopySection_2035 BcmCopySection 5 2035 NULL
23502 -+devm_ioremap_nocache_2036 devm_ioremap_nocache 2-3 2036 NULL
23503 ++BcmCopySection_2035 BcmCopySection 0-5 2035 NULL
23504 +ath6kl_fwlog_mask_read_2050 ath6kl_fwlog_mask_read 3 2050 NULL
23505 +ocfs2_expand_inline_dir_2063 ocfs2_expand_inline_dir 3 2063 NULL
23506 +subbuf_read_actor_2071 subbuf_read_actor 3 2071 NULL
23507 ++__generic_copy_from_user_intel_2073 __generic_copy_from_user_intel 0-3 2073 NULL
23508 ++diva_set_driver_dbg_mask_2077 diva_set_driver_dbg_mask 0 2077 NULL nohasharray
23509 ++alloc_retstack_tasklist_2077 alloc_retstack_tasklist 0 2077 &diva_set_driver_dbg_mask_2077
23510 +iwl_dbgfs_current_sleep_command_read_2081 iwl_dbgfs_current_sleep_command_read 3 2081 NULL
23511 ++get_unaligned_le32_2092 get_unaligned_le32 0 2092 NULL
23512 +idetape_chrdev_read_2097 idetape_chrdev_read 3 2097 NULL
23513 -+audit_expand_2098 audit_expand 2 2098 NULL
23514 ++audit_expand_2098 audit_expand 2-0 2098 NULL
23515 +num_pages_spanned_2105 num_pages_spanned 0 2105 NULL
23516 +iwl_dbgfs_log_event_read_2107 iwl_dbgfs_log_event_read 3 2107 NULL
23517 +ecryptfs_encrypt_and_encode_filename_2109 ecryptfs_encrypt_and_encode_filename 6 2109 NULL
23518 +enable_read_2117 enable_read 3 2117 NULL
23519 +pcf50633_write_block_2124 pcf50633_write_block 3 2124 NULL
23520 ++snd_interval_refine_last_2127 snd_interval_refine_last 0 2127 NULL
23521 +check_load_and_stores_2143 check_load_and_stores 2 2143 NULL
23522 -+mlx4_init_icm_table_2151 mlx4_init_icm_table 5-4 2151 NULL
23523 ++mlx4_init_icm_table_2151 mlx4_init_icm_table 4-5 2151 NULL
23524 +iov_iter_count_2152 iov_iter_count 0 2152 NULL
23525 -+_ore_get_io_state_2166 _ore_get_io_state 3-4-5 2166 NULL
23526 -+ssb_bus_ssbbus_register_2217 ssb_bus_ssbbus_register 2 2217 NULL
23527 -+u32_array_read_2219 u32_array_read 3 2219 NULL
23528 ++__copy_to_user_ll_2157 __copy_to_user_ll 0-3 2157 NULL
23529 ++ocfs2_et_sanity_check_2164 ocfs2_et_sanity_check 0 2164 NULL
23530 ++_ore_get_io_state_2166 _ore_get_io_state 5-3-4 2166 NULL
23531 ++picolcd_debug_reset_write_2195 picolcd_debug_reset_write 3 2195 NULL
23532 ++page_cache_async_readahead_2219 page_cache_async_readahead 6-5 2219 NULL nohasharray
23533 ++u32_array_read_2219 u32_array_read 3 2219 &page_cache_async_readahead_2219
23534 +vhci_write_2224 vhci_write 3 2224 NULL
23535 ++__ocfs2_journal_access_2241 __ocfs2_journal_access 0 2241 NULL
23536 ++mlx4_buddy_init_2244 mlx4_buddy_init 2 2244 NULL
23537 +ieee80211_if_read_dot11MeshHWMPRannInterval_2249 ieee80211_if_read_dot11MeshHWMPRannInterval 3 2249 NULL
23538 +netlbl_secattr_catmap_walk_2255 netlbl_secattr_catmap_walk 0-2 2255 NULL
23539 -+au_fidir_sz_2256 au_fidir_sz 0-1 2256 NULL nohasharray
23540 -+sel_write_avc_cache_threshold_2256 sel_write_avc_cache_threshold 3 2256 &au_fidir_sz_2256
23541 ++sel_write_avc_cache_threshold_2256 sel_write_avc_cache_threshold 3 2256 NULL
23542 +do_update_counters_2259 do_update_counters 4 2259 NULL
23543 ++ocfs2_shift_tree_depth_2292 ocfs2_shift_tree_depth 0 2292 NULL
23544 +kvm_clear_guest_page_2308 kvm_clear_guest_page 4 2308 NULL
23545 +picolcd_fb_write_2318 picolcd_fb_write 3 2318 NULL
23546 -+gart_map_page_2325 gart_map_page 3-4 2325 NULL
23547 ++gart_map_page_2325 gart_map_page 4-3 2325 NULL
23548 +__erst_read_to_erange_2341 __erst_read_to_erange 0 2341 NULL
23549 +create_subvol_2347 create_subvol 4 2347 NULL
23550 +zr364xx_read_2354 zr364xx_read 3 2354 NULL
23551 +viafb_iga2_odev_proc_write_2363 viafb_iga2_odev_proc_write 3 2363 NULL
23552 -+rtl_port_map_2385 rtl_port_map 1-2 2385 NULL
23553 ++rose_recvmsg_2368 rose_recvmsg 4 2368 NULL
23554 +rxpipe_rx_prep_beacon_drop_read_2403 rxpipe_rx_prep_beacon_drop_read 3 2403 NULL
23555 +isdn_v110_open_2418 isdn_v110_open 3 2418 NULL
23556 -+ioremap_nocache_2439 ioremap_nocache 1-2 2439 NULL
23557 ++hfcpci_empty_fifo_2427 hfcpci_empty_fifo 4 2427 NULL
23558 +tty_buffer_find_2443 tty_buffer_find 2 2443 NULL
23559 ++arch_msi_check_device_2449 arch_msi_check_device 0 2449 NULL
23560 ++__sock_recvmsg_2467 __sock_recvmsg 0 2467 NULL
23561 +b43legacy_debugfs_read_2473 b43legacy_debugfs_read 3 2473 NULL
23562 ++xfrm_spdinfo_msgsize_2474 xfrm_spdinfo_msgsize 0 2474 NULL
23563 ++fc_fcp_send_data_2479 fc_fcp_send_data 4-3 2479 NULL
23564 +update_pmkid_2481 update_pmkid 4 2481 NULL
23565 +wiphy_new_2482 wiphy_new 2 2482 NULL
23566 +squashfs_read_fragment_index_table_2506 squashfs_read_fragment_index_table 4 2506 NULL
23567 +dm_write_2513 dm_write 3 2513 NULL
23568 +v9fs_cached_file_read_2514 v9fs_cached_file_read 3 2514 NULL
23569 +ext4_get_inode_loc_2516 ext4_get_inode_loc 0 2516 NULL
23570 ++ata_host_start_2545 ata_host_start 0 2545 NULL
23571 +gspca_dev_probe_2570 gspca_dev_probe 4 2570 NULL
23572 +pcm_sanity_check_2574 pcm_sanity_check 0 2574 NULL
23573 +store_pwm1_enable_2577 store_pwm1_enable 4 2577 NULL
23574 +smk_write_logging_2618 smk_write_logging 3 2618 NULL
23575 ++nlmsg_msg_size_2623 nlmsg_msg_size 0-1 2623 NULL
23576 +iwl4965_ucode_general_stats_read_2639 iwl4965_ucode_general_stats_read 3 2639 NULL
23577 +lro_gen_skb_2644 lro_gen_skb 6 2644 NULL
23578 -+memcpy_fromiovecend_2707 memcpy_fromiovecend 3-4 2707 NULL
23579 -+__xip_file_write_2733 __xip_file_write 4-3 2733 NULL
23580 ++ffs_ep0_read_2672 ffs_ep0_read 3 2672 NULL
23581 ++ocfs2_rotate_subtree_right_2674 ocfs2_rotate_subtree_right 0 2674 NULL
23582 ++oti6858_write_2692 oti6858_write 4 2692 NULL
23583 ++memcpy_fromiovecend_2707 memcpy_fromiovecend 4-3 2707 NULL
23584 +hid_report_raw_event_2762 hid_report_raw_event 4 2762 NULL
23585 -+mon_bin_ioctl_2771 mon_bin_ioctl 3 2771 NULL
23586 ++mon_bin_ioctl_2771 mon_bin_ioctl 3 2771 NULL nohasharray
23587 ++bictcp_update_2771 bictcp_update 2 2771 &mon_bin_ioctl_2771
23588 +__next_cpu_2782 __next_cpu 1 2782 NULL
23589 ++usbatm_pdu_length_2786 usbatm_pdu_length 0-1 2786 NULL
23590 ++device_add_attrs_2789 device_add_attrs 0 2789 NULL
23591 ++iwl_dbgfs_clear_ucode_statistics_write_2804 iwl_dbgfs_clear_ucode_statistics_write 3 2804 NULL
23592 +sel_read_enforce_2828 sel_read_enforce 3 2828 NULL
23593 ++snd_pcm_reset_2829 snd_pcm_reset 0 2829 NULL
23594 +wait_for_avail_2847 wait_for_avail 0 2847 NULL
23595 +ufs_free_fragments_2857 ufs_free_fragments 2 2857 NULL
23596 +move_addr_to_user_2868 move_addr_to_user 2 2868 NULL
23597 +nla_padlen_2883 nla_padlen 1 2883 NULL
23598 +cmm_write_2896 cmm_write 3 2896 NULL
23599 -+alloc_page_cgroup_2919 alloc_page_cgroup 1 2919 NULL
23600 ++count_esp_combs_2926 count_esp_combs 0 2926 NULL
23601 +nes_read_indexed_2946 nes_read_indexed 0 2946 NULL
23602 +tm6000_i2c_recv_regs16_2949 tm6000_i2c_recv_regs16 5 2949 NULL
23603 ++ppp_cp_event_2965 ppp_cp_event 6 2965 NULL
23604 ++ocfs2_find_branch_target_2989 ocfs2_find_branch_target 0 2989 NULL
23605 +p9_nr_pages_2992 p9_nr_pages 0-2 2992 NULL
23606 +store_cardr_2997 store_cardr 4 2997 NULL
23607 -+do_dmabuf_dirty_sou_3017 do_dmabuf_dirty_sou 7 3017 NULL
23608 ++spin_time_accum_spinning_3020 spin_time_accum_spinning 1 3020 NULL
23609 +depth_write_3021 depth_write 3 3021 NULL
23610 +snd_azf3328_codec_inl_3022 snd_azf3328_codec_inl 0 3022 NULL
23611 +xfrm_dst_alloc_copy_3034 xfrm_dst_alloc_copy 3 3034 NULL
23612 -+iwl_dbgfs_sleep_level_override_read_3038 iwl_dbgfs_sleep_level_override_read 3 3038 NULL
23613 ++lpfc_idiag_mbxacc_write_3038 lpfc_idiag_mbxacc_write 3 3038 NULL nohasharray
23614 ++iwl_dbgfs_sleep_level_override_read_3038 iwl_dbgfs_sleep_level_override_read 3 3038 &lpfc_idiag_mbxacc_write_3038
23615 +nr_free_buffer_pages_3044 nr_free_buffer_pages 0 3044 NULL
23616 -+__blk_end_bidi_request_3070 __blk_end_bidi_request 3-4 3070 NULL
23617 ++calculate_min_size_3053 calculate_min_size 0 3053 NULL
23618 ++__blk_end_bidi_request_3070 __blk_end_bidi_request 4-3 3070 NULL
23619 +dac960_user_command_proc_write_3071 dac960_user_command_proc_write 3 3071 NULL
23620 ++ocfs2_get_right_path_3097 ocfs2_get_right_path 0 3097 NULL
23621 +rb_alloc_3102 rb_alloc 1 3102 NULL
23622 -+simple_write_to_buffer_3122 simple_write_to_buffer 5-2 3122 NULL
23623 ++simple_write_to_buffer_3122 simple_write_to_buffer 2-5 3122 NULL
23624 +fill_write_buffer_3142 fill_write_buffer 3 3142 NULL
23625 ++b1_get_slice_3145 b1_get_slice 0 3145 NULL
23626 +CIFSSMBSetPosixACL_3154 CIFSSMBSetPosixACL 5 3154 NULL
23627 +compat_sys_migrate_pages_3157 compat_sys_migrate_pages 2 3157 NULL
23628 +encrypted_instantiate_3168 encrypted_instantiate 3 3168 NULL
23629 +uv_num_possible_blades_3177 uv_num_possible_blades 0 3177 NULL
23630 ++find_free_extent_3178 find_free_extent 5-7 3178 NULL
23631 +compat_do_ip6t_set_ctl_3184 compat_do_ip6t_set_ctl 4 3184 NULL
23632 +alloc_context_3194 alloc_context 1 3194 NULL
23633 ++codec_reg_write_file_3204 codec_reg_write_file 3 3204 NULL
23634 +ath6kl_mgmt_tx_3230 ath6kl_mgmt_tx 9 3230 NULL
23635 ++btrfs_next_leaf_3232 btrfs_next_leaf 0 3232 NULL
23636 +kimage_crash_alloc_3233 kimage_crash_alloc 3 3233 NULL
23637 ++write_adapter_mem_3234 write_adapter_mem 3 3234 NULL
23638 +ext3_xattr_find_entry_3237 ext3_xattr_find_entry 0 3237 NULL
23639 +key_key_read_3241 key_key_read 3 3241 NULL
23640 -+number_3243 number 0 3243 NULL
23641 -+__ilog2_u64_3284 __ilog2_u64 0 3284 NULL
23642 ++shrink_delalloc_3250 shrink_delalloc 0 3250 NULL
23643 ++__ilog2_u64_3284 __ilog2_u64 0-1 3284 NULL
23644 ++iwl_legacy_dbgfs_traffic_log_write_3296 iwl_legacy_dbgfs_traffic_log_write 3 3296 NULL
23645 +arvo_sysfs_write_3311 arvo_sysfs_write 6 3311 NULL
23646 ++__iovec_copy_from_user_inatomic_3314 __iovec_copy_from_user_inatomic 0-4-3 3314 NULL
23647 ++i915_gem_gtt_bind_object_3319 i915_gem_gtt_bind_object 0 3319 NULL
23648 +compat_sys_setsockopt_3326 compat_sys_setsockopt 5 3326 NULL
23649 -+aac_rkt_ioremap_3333 aac_rkt_ioremap 2 3333 NULL
23650 ++de600_read_byte_3332 de600_read_byte 0 3332 NULL
23651 ++sctp_make_init_ack_3335 sctp_make_init_ack 4 3335 NULL
23652 +read_from_oldmem_3337 read_from_oldmem 2 3337 NULL
23653 ++sysfs_create_group_3339 sysfs_create_group 0 3339 NULL
23654 ++noack_write_3343 noack_write 3 3343 NULL
23655 +gsm_control_rls_3353 gsm_control_rls 3 3353 NULL
23656 +scnprintf_3360 scnprintf 0-2 3360 NULL
23657 ++ReadByteAmd7930_3365 ReadByteAmd7930 0 3365 NULL
23658 +send_stream_3397 send_stream 4 3397 NULL
23659 +isdn_readbchan_3401 isdn_readbchan 0-5 3401 NULL
23660 -+msix_map_region_3411 msix_map_region 3 3411 NULL
23661 +pci_add_cap_save_buffer_3426 pci_add_cap_save_buffer 3 3426 NULL
23662 +crystalhd_create_dio_pool_3427 crystalhd_create_dio_pool 2 3427 NULL
23663 +pipe_iov_copy_to_user_3447 pipe_iov_copy_to_user 3 3447 NULL
23664 +percpu_modalloc_3448 percpu_modalloc 2-3 3448 NULL
23665 ++s3fb_ddc_read_3451 s3fb_ddc_read 0 3451 NULL
23666 ++softsynth_write_3455 softsynth_write 3 3455 NULL
23667 +jffs2_acl_setxattr_3464 jffs2_acl_setxattr 4 3464 NULL nohasharray
23668 -+snd_pcm_lib_readv_transfer_3464 snd_pcm_lib_readv_transfer 4-2-5 3464 &jffs2_acl_setxattr_3464
23669 ++snd_pcm_lib_readv_transfer_3464 snd_pcm_lib_readv_transfer 5-4-2 3464 &jffs2_acl_setxattr_3464
23670 +alloc_skb_fclone_3467 alloc_skb_fclone 1 3467 NULL
23671 -+security_context_to_sid_default_3492 security_context_to_sid_default 2 3492 NULL nohasharray
23672 -+efi_ioremap_3492 efi_ioremap 1-2 3492 &security_context_to_sid_default_3492
23673 -+xfrm_migrate_msgsize_3496 xfrm_migrate_msgsize 1 3496 NULL
23674 ++security_context_to_sid_default_3492 security_context_to_sid_default 2 3492 NULL
23675 ++xfrm_migrate_msgsize_3496 xfrm_migrate_msgsize 1-0 3496 NULL
23676 +ieee80211_wx_set_gen_ie_rsl_3521 ieee80211_wx_set_gen_ie_rsl 3 3521 NULL
23677 +btrfs_dir_name_len_3549 btrfs_dir_name_len 0 3549 NULL
23678 ++b43legacy_read16_3561 b43legacy_read16 0 3561 NULL
23679 ++get_interface_3562 get_interface 0 3562 NULL
23680 +alloc_smp_resp_3566 alloc_smp_resp 1 3566 NULL
23681 +evtchn_read_3569 evtchn_read 3 3569 NULL
23682 -+vc_resize_3585 vc_resize 2-3 3585 NULL
23683 ++vc_resize_3585 vc_resize 3-2 3585 NULL
23684 +compat_sys_semtimedop_3606 compat_sys_semtimedop 3 3606 NULL
23685 +sctp_getsockopt_events_3607 sctp_getsockopt_events 2 3607 NULL
23686 +aligned_kmalloc_3628 aligned_kmalloc 1 3628 NULL
23687 +cm_copy_private_data_3649 cm_copy_private_data 2 3649 NULL
23688 +i915_compat_ioctl_3656 i915_compat_ioctl 2 3656 NULL
23689 -+kmem_cache_alloc_3690 kmem_cache_alloc 0 3690 NULL
23690 ++ntfs_attr_make_non_resident_3694 ntfs_attr_make_non_resident 0 3694 NULL
23691 +btmrvl_psmode_write_3703 btmrvl_psmode_write 3 3703 NULL nohasharray
23692 +snd_m3_assp_read_3703 snd_m3_assp_read 0 3703 &btmrvl_psmode_write_3703 nohasharray
23693 +create_irq_3703 create_irq 0 3703 &snd_m3_assp_read_3703
23694 -+videobuf_pages_to_sg_3708 videobuf_pages_to_sg 2 3708 NULL
23695 +ci_ll_write_3740 ci_ll_write 4 3740 NULL
23696 ++ping_sendmsg_3782 ping_sendmsg 4 3782 NULL
23697 +sctp_setsockopt_auth_key_3793 sctp_setsockopt_auth_key 3 3793 NULL
23698 ++btrfs_alloc_chunk_3808 btrfs_alloc_chunk 0 3808 NULL
23699 +ncp_file_write_3813 ncp_file_write 3 3813 NULL
23700 ++llc_ui_recvmsg_3826 llc_ui_recvmsg 4 3826 NULL
23701 +read_file_tx_chainmask_3829 read_file_tx_chainmask 3 3829 NULL
23702 +stringify_nodemap_3842 stringify_nodemap 2 3842 NULL
23703 ++__buf_prepare_3846 __buf_prepare 0 3846 NULL
23704 +ubi_eba_read_leb_3847 ubi_eba_read_leb 0 3847 NULL
23705 +smk_read_onlycap_3855 smk_read_onlycap 3 3855 NULL
23706 +get_fd_set_3866 get_fd_set 1 3866 NULL
23707 -+ubi_dbg_dump_flash_3870 ubi_dbg_dump_flash 4 3870 NULL
23708 ++apei_res_sub_3873 apei_res_sub 0 3873 NULL
23709 +garp_attr_create_3883 garp_attr_create 3 3883 NULL
23710 +uea_send_modem_cmd_3888 uea_send_modem_cmd 3 3888 NULL
23711 +nvram_write_3894 nvram_write 3 3894 NULL
23712 +comedi_buf_read_n_available_3899 comedi_buf_read_n_available 0 3899 NULL
23713 +vcs_write_3910 vcs_write 3 3910 NULL
23714 +pm860x_read_device_3958 pm860x_read_device 3 3958 NULL
23715 -+atalk_compat_ioctl_3991 atalk_compat_ioctl 3 3991 NULL
23716 ++i915_gem_object_get_fence_3981 i915_gem_object_get_fence 0 3981 NULL
23717 +do_add_counters_3992 do_add_counters 3 3992 NULL
23718 +userspace_status_4004 userspace_status 4 4004 NULL
23719 +mei_write_4005 mei_write 3 4005 NULL nohasharray
23720 +xfs_check_block_4005 xfs_check_block 4 4005 &mei_write_4005
23721 +snd_hdsp_capture_copy_4011 snd_hdsp_capture_copy 5 4011 NULL
23722 ++i915_gem_object_unbind_4016 i915_gem_object_unbind 0 4016 NULL
23723 +blk_end_request_4024 blk_end_request 3 4024 NULL
23724 +ext4_xattr_find_entry_4025 ext4_xattr_find_entry 0 4025 NULL
23725 ++b1_get_word_4035 b1_get_word 0 4035 NULL
23726 ++i915_gpu_idle_4062 i915_gpu_idle 0 4062 NULL
23727 ++get_dmabuf_4065 get_dmabuf 2 4065 NULL
23728 ++sctp_make_asconf_4078 sctp_make_asconf 3 4078 NULL
23729 +fbcon_do_set_font_4079 fbcon_do_set_font 2-3 4079 NULL
23730 ++ab8500_address_write_4099 ab8500_address_write 3 4099 NULL
23731 +tm6000_read_4151 tm6000_read 3 4151 NULL
23732 +mpt_raid_phys_disk_get_num_paths_4155 mpt_raid_phys_disk_get_num_paths 0 4155 NULL
23733 +msg_bits_4158 msg_bits 0-3-4 4158 NULL
23734 +get_alua_req_4166 get_alua_req 3 4166 NULL
23735 +blk_dropped_read_4168 blk_dropped_read 3 4168 NULL
23736 +read_file_bool_4180 read_file_bool 3 4180 NULL
23737 ++ocfs2_find_cpos_for_right_leaf_4194 ocfs2_find_cpos_for_right_leaf 0 4194 NULL
23738 +f1x_determine_channel_4202 f1x_determine_channel 2 4202 NULL
23739 +_osd_req_list_objects_4204 _osd_req_list_objects 6 4204 NULL
23740 +__snd_gf1_read_addr_4210 __snd_gf1_read_addr 0 4210 NULL
23741 +ext4_new_inode_4247 ext4_new_inode 5 4247 NULL
23742 -+xt_compat_add_offset_4289 xt_compat_add_offset 0 4289 NULL
23743 +dvb_ringbuffer_pkt_read_user_4303 dvb_ringbuffer_pkt_read_user 2-3-5 4303 NULL
23744 +ath6kl_wmi_tcmd_test_report_rx_4314 ath6kl_wmi_tcmd_test_report_rx 3 4314 NULL
23745 ++count_strings_4315 count_strings 0 4315 NULL
23746 +snd_rawmidi_kernel_read_4328 snd_rawmidi_kernel_read 3 4328 NULL
23747 -+__copy_from_user_inatomic_4365 __copy_from_user_inatomic 3 4365 NULL
23748 ++__copy_from_user_inatomic_4365 __copy_from_user_inatomic 0-3 4365 NULL nohasharray
23749 ++lookup_string_4365 lookup_string 0 4365 &__copy_from_user_inatomic_4365
23750 +sys_setdomainname_4373 sys_setdomainname 2 4373 NULL
23751 +irda_sendmsg_4388 irda_sendmsg 4 4388 NULL
23752 -+access_process_vm_4412 access_process_vm 0-2-4 4412 NULL nohasharray
23753 ++access_process_vm_4412 access_process_vm 0 4412 NULL nohasharray
23754 +cxacru_cm_get_array_4412 cxacru_cm_get_array 4 4412 &access_process_vm_4412
23755 +libfc_vport_create_4415 libfc_vport_create 2 4415 NULL
23756 +do_pages_stat_4437 do_pages_stat 2 4437 NULL
23757 ++memparse_4444 memparse 0 4444 NULL
23758 ++dn_alloc_send_pskb_4465 dn_alloc_send_pskb 2 4465 NULL
23759 +at76_set_card_command_4471 at76_set_card_command 4 4471 NULL
23760 +recv_control_msg_4476 recv_control_msg 5 4476 NULL
23761 -+snd_seq_expand_var_event_4481 snd_seq_expand_var_event 0-5 4481 NULL
23762 ++snd_seq_expand_var_event_4481 snd_seq_expand_var_event 5-0 4481 NULL
23763 +sys_semtimedop_4486 sys_semtimedop 3 4486 NULL
23764 ++ocfs2_grow_tree_4492 ocfs2_grow_tree 0 4492 NULL nohasharray
23765 ++udp_sendmsg_4492 udp_sendmsg 4 4492 &ocfs2_grow_tree_4492
23766 +vmbus_establish_gpadl_4495 vmbus_establish_gpadl 3 4495 NULL
23767 ++l1oip_socket_parse_4507 l1oip_socket_parse 4 4507 NULL
23768 +sys_llistxattr_4532 sys_llistxattr 3 4532 NULL
23769 -+videobuf_vmalloc_to_sg_4548 videobuf_vmalloc_to_sg 2 4548 NULL
23770 ++Read_4560 Read 0 4560 NULL
23771 +btrfs_file_extent_inline_item_len_4575 btrfs_file_extent_inline_item_len 0 4575 NULL
23772 +bch_alloc_4593 bch_alloc 1 4593 NULL
23773 ++ocfs2_refcount_lock_4595 ocfs2_refcount_lock 0 4595 NULL
23774 +rbd_create_rw_ops_4605 rbd_create_rw_ops 2 4605 NULL
23775 +iwl_dbgfs_tx_queue_read_4635 iwl_dbgfs_tx_queue_read 3 4635 NULL
23776 -+virtqueue_add_buf_gfp_4662 virtqueue_add_buf_gfp 3-4 4662 NULL
23777 ++virtqueue_add_buf_gfp_4662 virtqueue_add_buf_gfp 4-3 4662 NULL
23778 +map_addr_4666 map_addr 6 4666 NULL
23779 +skb_add_data_nocache_4682 skb_add_data_nocache 4 4682 NULL
23780 +cx18_read_pos_4683 cx18_read_pos 3 4683 NULL
23781 +short_retry_limit_read_4687 short_retry_limit_read 3 4687 NULL
23782 +kone_receive_4690 kone_receive 4 4690 NULL
23783 -+round_pipe_size_4701 round_pipe_size 0 4701 NULL
23784 ++round_pipe_size_4701 round_pipe_size 1-0 4701 NULL
23785 +cxgbi_alloc_big_mem_4707 cxgbi_alloc_big_mem 1 4707 NULL
23786 +trusted_instantiate_4710 trusted_instantiate 3 4710 NULL
23787 +btmrvl_gpiogap_read_4718 btmrvl_gpiogap_read 3 4718 NULL
23788 +ati_create_gatt_pages_4722 ati_create_gatt_pages 1 4722 NULL nohasharray
23789 +show_header_4722 show_header 3 4722 &ati_create_gatt_pages_4722
23790 ++find_next_best_node_4774 find_next_best_node 1-0 4774 NULL
23791 ++ip6_ufo_append_data_4780 ip6_ufo_append_data 5-6-7 4780 NULL
23792 +ncp__vol2io_4804 ncp__vol2io 5 4804 NULL
23793 -+__iio_allocate_sw_ring_buffer_4843 __iio_allocate_sw_ring_buffer 3 4843 NULL
23794 ++__iio_allocate_sw_ring_buffer_4843 __iio_allocate_sw_ring_buffer 3-2 4843 NULL
23795 +gigaset_if_receive_4861 gigaset_if_receive 3 4861 NULL
23796 +key_tx_spec_read_4862 key_tx_spec_read 3 4862 NULL
23797 -+ocfs2_defrag_extent_4873 ocfs2_defrag_extent 3 4873 NULL
23798 ++ocfs2_defrag_extent_4873 ocfs2_defrag_extent 2-3 4873 NULL
23799 +hid_register_field_4874 hid_register_field 2-3 4874 NULL
23800 +vga_arb_read_4886 vga_arb_read 3 4886 NULL
23801 +sys_ipc_4889 sys_ipc 3 4889 NULL
23802 -+sys_process_vm_writev_4928 sys_process_vm_writev 3-5 4928 NULL
23803 -+ntfs_rl_insert_4931 ntfs_rl_insert 2-4 4931 NULL
23804 ++del_ptr_4894 del_ptr 0 4894 NULL
23805 ++sys_process_vm_writev_4928 sys_process_vm_writev 5-3 4928 NULL
23806 ++ocfs2_readahead_for_cow_4932 ocfs2_readahead_for_cow 4-3 4932 NULL
23807 +ieee80211_if_fmt_ave_beacon_4941 ieee80211_if_fmt_ave_beacon 3 4941 NULL
23808 +devm_kzalloc_4966 devm_kzalloc 2 4966 NULL
23809 +compat_rawv6_setsockopt_4967 compat_rawv6_setsockopt 5 4967 NULL
23810 +skb_network_header_len_4971 skb_network_header_len 0 4971 NULL
23811 -+vmw_surface_define_size_4993 vmw_surface_define_size 0 4993 NULL
23812 -+qla82xx_pci_mem_write_direct_5008 qla82xx_pci_mem_write_direct 2 5008 NULL
23813 -+do_mincore_5018 do_mincore 0-1 5018 NULL
23814 ++do_mincore_5018 do_mincore 0-2-1 5018 NULL
23815 +mtd_device_parse_register_5024 mtd_device_parse_register 5 5024 NULL
23816 -+ocfs2_check_range_for_holes_5066 ocfs2_check_range_for_holes 2-3 5066 NULL
23817 ++ocfs2_check_range_for_holes_5066 ocfs2_check_range_for_holes 3-2 5066 NULL
23818 ++__kmalloc_track_caller_5071 __kmalloc_track_caller 1 5071 NULL
23819 +snd_mixart_BA1_read_5082 snd_mixart_BA1_read 5 5082 NULL
23820 +snd_emu10k1_ptr20_read_5087 snd_emu10k1_ptr20_read 0 5087 NULL
23821 +get_random_bytes_5091 get_random_bytes 2 5091 NULL nohasharray
23822 -+kfifo_copy_from_user_5091 kfifo_copy_from_user 3 5091 &get_random_bytes_5091 nohasharray
23823 ++kfifo_copy_from_user_5091 kfifo_copy_from_user 4-3-0 5091 &get_random_bytes_5091 nohasharray
23824 +blk_rq_sectors_5091 blk_rq_sectors 0 5091 &kfifo_copy_from_user_5091
23825 +sound_write_5102 sound_write 3 5102 NULL
23826 ++qib_7220_handle_hwerrors_5142 qib_7220_handle_hwerrors 3 5142 NULL
23827 +ufs_add_fragments_5144 ufs_add_fragments 2 5144 NULL
23828 -+compat_ptr_5159 compat_ptr 0-1 5159 NULL
23829 ++ocfs2_inode_lock_full_nested_5148 ocfs2_inode_lock_full_nested 0 5148 NULL
23830 +__uwb_addr_print_5161 __uwb_addr_print 2 5161 NULL
23831 +iwl_dbgfs_status_read_5171 iwl_dbgfs_status_read 3 5171 NULL
23832 +acpi_pcc_get_sqty_5176 acpi_pcc_get_sqty 0 5176 NULL
23833 -+sfi_map_memory_5183 sfi_map_memory 1-2 5183 NULL
23834 -+skb_network_header_5203 skb_network_header 0 5203 NULL
23835 ++ds1wm_read_5200 ds1wm_read 0 5200 NULL
23836 +pipe_set_size_5204 pipe_set_size 2 5204 NULL
23837 +ppp_cp_parse_cr_5214 ppp_cp_parse_cr 4 5214 NULL
23838 -+ssb_ioremap_5228 ssb_ioremap 2 5228 NULL
23839 +isdn_ppp_skb_push_5236 isdn_ppp_skb_push 2 5236 NULL
23840 -+do_atmif_sioc_5247 do_atmif_sioc 3 5247 NULL
23841 ++iommu_domain_identity_map_5284 iommu_domain_identity_map 2-3 5284 NULL
23842 ++usb_descriptor_fillbuf_5302 usb_descriptor_fillbuf 0 5302 NULL
23843 ++r592_write_fifo_pio_5315 r592_write_fifo_pio 3 5315 NULL
23844 +pwr_elp_enter_read_5324 pwr_elp_enter_read 3 5324 NULL
23845 -+allocate_cnodes_5329 allocate_cnodes 1 5329 NULL
23846 +ad714x_i2c_read_5345 ad714x_i2c_read 4 5345 NULL
23847 ++ata_tlink_add_5349 ata_tlink_add 0 5349 NULL
23848 +ps_pspoll_utilization_read_5361 ps_pspoll_utilization_read 3 5361 NULL
23849 -+cciss_allocate_sg_chain_blocks_5368 cciss_allocate_sg_chain_blocks 3-2 5368 NULL
23850 ++cciss_allocate_sg_chain_blocks_5368 cciss_allocate_sg_chain_blocks 2-3 5368 NULL
23851 +bitmap_fold_5396 bitmap_fold 4 5396 NULL
23852 ++perf_adjust_period_5408 perf_adjust_period 2-3 5408 NULL
23853 +nilfs_palloc_entries_per_group_5418 nilfs_palloc_entries_per_group 0 5418 NULL
23854 -+sfi_map_table_5462 sfi_map_table 1 5462 NULL
23855 +xfs_efd_init_5463 xfs_efd_init 3 5463 NULL
23856 +xfs_efi_init_5476 xfs_efi_init 2 5476 NULL
23857 +cifs_security_flags_proc_write_5484 cifs_security_flags_proc_write 3 5484 NULL
23858 @@ -104542,96 +105223,115 @@ index 0000000..6fcc08d
23859 +ieee80211_if_fmt_last_beacon_5498 ieee80211_if_fmt_last_beacon 3 5498 &tomoyo_update_domain_5498
23860 +__max_nr_grant_frames_5505 __max_nr_grant_frames 0 5505 NULL
23861 +spidev_message_5518 spidev_message 3 5518 NULL
23862 ++sctp_make_op_error_space_5528 sctp_make_op_error_space 3 5528 NULL
23863 +ieee80211_if_fmt_auto_open_plinks_5534 ieee80211_if_fmt_auto_open_plinks 3 5534 NULL
23864 ++iommu_prepare_identity_map_5540 iommu_prepare_identity_map 2-3 5540 NULL
23865 ++brcmu_pkt_buf_get_skb_5556 brcmu_pkt_buf_get_skb 1 5556 NULL
23866 +le_readq_5557 le_readq 0 5557 NULL
23867 +inw_5558 inw 0 5558 NULL
23868 +__first_dma_cap_5560 __first_dma_cap 0 5560 NULL
23869 +fir16_create_5574 fir16_create 3 5574 NULL
23870 +bioset_create_5580 bioset_create 1 5580 NULL
23871 ++domain_sg_mapping_5586 domain_sg_mapping 4 5586 NULL
23872 +do_msgrcv_5590 do_msgrcv 4 5590 NULL
23873 -+usb_dump_device_descriptor_5599 usb_dump_device_descriptor 0 5599 NULL
23874 +ldm_frag_add_5611 ldm_frag_add 2 5611 NULL
23875 -+compat_copy_entries_5617 compat_copy_entries 0 5617 NULL
23876 ++hidp_output_raw_report_5629 hidp_output_raw_report 3 5629 NULL
23877 +parse_arg_5657 parse_arg 2 5657 NULL
23878 +ext4_xattr_get_5661 ext4_xattr_get 0 5661 NULL
23879 +posix_clock_register_5662 posix_clock_register 2 5662 NULL
23880 -+mthca_map_reg_5664 mthca_map_reg 2-3 5664 NULL
23881 +get_arg_5694 get_arg 3 5694 NULL
23882 ++ntfs_attr_record_resize_5720 ntfs_attr_record_resize 0 5720 NULL
23883 +vmw_kms_readback_5727 vmw_kms_readback 6 5727 NULL
23884 +rts51x_transfer_data_partial_5735 rts51x_transfer_data_partial 6 5735 NULL
23885 -+ubi_cdev_compat_ioctl_5746 ubi_cdev_compat_ioctl 3 5746 NULL
23886 ++get_packet_5747 get_packet 3 5747 NULL
23887 +sctp_setsockopt_autoclose_5775 sctp_setsockopt_autoclose 3 5775 NULL
23888 ++mlx4_alloc_resize_buf_5778 mlx4_alloc_resize_buf 3 5778 NULL
23889 +compat_sys_writev_5784 compat_sys_writev 3 5784 NULL
23890 +__vxge_hw_blockpool_malloc_5786 __vxge_hw_blockpool_malloc 2 5786 NULL
23891 ++lpfc_sli_issue_mbox_5792 lpfc_sli_issue_mbox 0 5792 NULL
23892 +skb_copy_datagram_iovec_5806 skb_copy_datagram_iovec 2-4 5806 NULL
23893 +ceph_x_encrypt_buflen_5829 ceph_x_encrypt_buflen 0-1 5829 NULL
23894 -+autofs4_root_compat_ioctl_5838 autofs4_root_compat_ioctl 3 5838 NULL
23895 -+xen_request_microcode_user_5840 xen_request_microcode_user 3 5840 NULL
23896 +ceph_msg_new_5846 ceph_msg_new 2 5846 NULL
23897 +ixgb_check_copybreak_5847 ixgb_check_copybreak 3 5847 NULL
23898 +setup_req_5848 setup_req 3 5848 NULL
23899 -+compat_sys_move_pages_5861 compat_sys_move_pages 2 5861 NULL nohasharray
23900 -+uinput_compat_ioctl_5861 uinput_compat_ioctl 3 5861 &compat_sys_move_pages_5861
23901 ++rx_q_entry_to_length_5855 rx_q_entry_to_length 0-1 5855 NULL
23902 ++compat_sys_move_pages_5861 compat_sys_move_pages 2 5861 NULL
23903 ++config_buf_5862 config_buf 0 5862 NULL
23904 ++ext4_ext_correct_indexes_5865 ext4_ext_correct_indexes 0 5865 NULL
23905 +port_show_regs_5904 port_show_regs 3 5904 NULL
23906 +uhci_debug_read_5911 uhci_debug_read 3 5911 NULL
23907 -+qla82xx_pci_mem_read_2M_5912 qla82xx_pci_mem_read_2M 2 5912 NULL
23908 -+ttm_bo_kmap_ttm_5922 ttm_bo_kmap_ttm 3 5922 NULL
23909 +lbs_highsnr_read_5931 lbs_highsnr_read 3 5931 NULL
23910 +edac_device_alloc_ctl_info_5941 edac_device_alloc_ctl_info 1 5941 NULL
23911 +tipc_subseq_alloc_5957 tipc_subseq_alloc 1 5957 NULL
23912 +__apu_get_register_5967 __apu_get_register 0 5967 NULL
23913 +ieee80211_if_fmt_rc_rateidx_mask_5ghz_5971 ieee80211_if_fmt_rc_rateidx_mask_5ghz 3 5971 NULL
23914 -+ntfs_rl_append_6037 ntfs_rl_append 2-4 6037 NULL
23915 ++jbd2_journal_stop_5979 jbd2_journal_stop 0 5979 NULL
23916 ++device_add_attributes_6058 device_add_attributes 0 6058 NULL
23917 +send_video_command_6073 send_video_command 4 6073 NULL nohasharray
23918 +sctp_setsockopt_connectx_6073 sctp_setsockopt_connectx 3 6073 &send_video_command_6073
23919 ++logarithmic_accumulation_6094 logarithmic_accumulation 0-2-1 6094 NULL
23920 +ipmi_addr_length_6110 ipmi_addr_length 0 6110 NULL
23921 +dfs_global_file_write_6112 dfs_global_file_write 3 6112 NULL
23922 +netfs_trans_alloc_6136 netfs_trans_alloc 2-4 6136 NULL
23923 -+skb_end_pointer_6144 skb_end_pointer 0 6144 NULL
23924 +ivtv_copy_buf_to_user_6159 ivtv_copy_buf_to_user 4 6159 NULL
23925 -+vdma_mem_alloc_6171 vdma_mem_alloc 1 6171 NULL
23926 +wl1251_cmd_template_set_6172 wl1251_cmd_template_set 4 6172 NULL
23927 ++i915_gem_execbuffer_move_to_gpu_6197 i915_gem_execbuffer_move_to_gpu 0 6197 NULL
23928 ++nfc_alloc_skb_6216 nfc_alloc_skb 1 6216 NULL
23929 +v4l2_ctrl_new_std_menu_6221 v4l2_ctrl_new_std_menu 4 6221 NULL
23930 +mqueue_read_file_6228 mqueue_read_file 3 6228 NULL
23931 -+au_br_do_del_brp_6232 au_br_do_del_brp 3 6232 NULL
23932 ++ata_host_register_6229 ata_host_register 0 6229 NULL
23933 +f_hidg_read_6238 f_hidg_read 3 6238 NULL
23934 +fbcon_prepare_logo_6246 fbcon_prepare_logo 5 6246 NULL
23935 ++ext4_ext_split_6249 ext4_ext_split 0 6249 NULL
23936 +pcpu_next_pop_6277 pcpu_next_pop 4 6277 NULL
23937 +snd_hda_override_conn_list_6282 snd_hda_override_conn_list 0 6282 NULL nohasharray
23938 +xenbus_file_write_6282 xenbus_file_write 3 6282 &snd_hda_override_conn_list_6282
23939 +iwl4965_rs_sta_dbgfs_stats_table_read_6289 iwl4965_rs_sta_dbgfs_stats_table_read 3 6289 NULL
23940 +set_local_name_6310 set_local_name 4 6310 NULL
23941 ++hfa384x_inw_6329 hfa384x_inw 0 6329 NULL
23942 +_proc_do_string_6376 _proc_do_string 2 6376 NULL
23943 -+osd_req_read_sg_kern_6378 osd_req_read_sg_kern 5 6378 NULL
23944 ++global_reclaimable_pages_6378 global_reclaimable_pages 0 6378 NULL nohasharray
23945 ++osd_req_read_sg_kern_6378 osd_req_read_sg_kern 5 6378 &global_reclaimable_pages_6378
23946 ++BcmFlash2xBulkRead_6395 BcmFlash2xBulkRead 0 6395 NULL
23947 ++bt_skb_alloc_6404 bt_skb_alloc 1 6404 NULL
23948 ++l2up_create_6430 l2up_create 3 6430 NULL
23949 +ipr_change_queue_depth_6431 ipr_change_queue_depth 2 6431 NULL
23950 +__alloc_bootmem_node_nopanic_6432 __alloc_bootmem_node_nopanic 2 6432 NULL
23951 -+ext4_compat_ioctl_6471 ext4_compat_ioctl 3 6471 NULL
23952 ++ceph_sync_write_6466 ceph_sync_write 3 6466 NULL
23953 +ieee80211_if_fmt_dot11MeshMaxRetries_6476 ieee80211_if_fmt_dot11MeshMaxRetries 3 6476 NULL
23954 +cipso_v4_map_lvl_hton_6490 cipso_v4_map_lvl_hton 0 6490 NULL
23955 +dbg_intr_buf_6501 dbg_intr_buf 2 6501 NULL
23956 ++ttm_get_pages_6504 ttm_get_pages 4 6504 NULL
23957 +mei_read_6507 mei_read 3 6507 NULL
23958 +read_file_disable_ani_6536 read_file_disable_ani 3 6536 NULL
23959 +rndis_set_oid_6547 rndis_set_oid 4 6547 NULL
23960 +wdm_read_6549 wdm_read 3 6549 NULL
23961 +fb_alloc_cmap_6554 fb_alloc_cmap 2 6554 NULL
23962 -+usb_dump_config_descriptor_6572 usb_dump_config_descriptor 0 6572 NULL
23963 -+usemap_size_6601 usemap_size 0 6601 NULL
23964 ++bt_skb_send_alloc_6581 bt_skb_send_alloc 2 6581 NULL
23965 ++snd_pcm_hw_refine_old_user_6586 snd_pcm_hw_refine_old_user 0 6586 NULL
23966 +snmp_mib_init_6604 snmp_mib_init 2-3 6604 NULL
23967 +ecryptfs_filldir_6622 ecryptfs_filldir 3 6622 NULL
23968 -+virtscsi_alloc_tgt_6643 virtscsi_alloc_tgt 2 6643 NULL
23969 ++dn_alloc_skb_6631 dn_alloc_skb 2 6631 NULL
23970 +process_rcvd_data_6679 process_rcvd_data 3 6679 NULL
23971 -+ql_process_mac_rx_skb_6689 ql_process_mac_rx_skb 4 6689 NULL
23972 -+btrfs_lookup_csums_range_6696 btrfs_lookup_csums_range 2 6696 NULL
23973 ++iwl_dbgfs_clear_traffic_statistics_write_6681 iwl_dbgfs_clear_traffic_statistics_write 3 6681 NULL
23974 ++ql_process_mac_rx_skb_6689 ql_process_mac_rx_skb 4 6689 NULL nohasharray
23975 ++pvscsi_allocate_rings_6689 pvscsi_allocate_rings 0 6689 &ql_process_mac_rx_skb_6689
23976 ++ieee80211_build_preq_ies_6691 ieee80211_build_preq_ies 0 6691 NULL
23977 ++btrfs_lookup_csums_range_6696 btrfs_lookup_csums_range 2-3 6696 NULL
23978 +ps_pspoll_max_apturn_read_6699 ps_pspoll_max_apturn_read 3 6699 NULL
23979 +mpeg_read_6708 mpeg_read 3 6708 NULL
23980 ++ibmpex_query_sensor_count_6709 ibmpex_query_sensor_count 0 6709 NULL
23981 +video_proc_write_6724 video_proc_write 3 6724 NULL
23982 +posix_acl_xattr_count_6725 posix_acl_xattr_count 0-1 6725 NULL
23983 +rds_rdma_pages_6735 rds_rdma_pages 0 6735 NULL
23984 ++ocfs2_insert_extent_6737 ocfs2_insert_extent 0 6737 NULL
23985 +device_queue_depth_6771 device_queue_depth 0 6771 NULL
23986 -+sfi_check_table_6772 sfi_check_table 1 6772 NULL
23987 ++kobject_add_varg_6781 kobject_add_varg 0 6781 NULL
23988 +iwl_dbgfs_channels_read_6784 iwl_dbgfs_channels_read 3 6784 NULL
23989 +ieee80211_if_read_6785 ieee80211_if_read 3 6785 NULL
23990 +hdlcdrv_register_6792 hdlcdrv_register 2 6792 NULL
23991 ++ocfs2_calc_refcount_meta_credits_6802 ocfs2_calc_refcount_meta_credits 0 6802 NULL
23992 ++lbs_rdrf_write_6826 lbs_rdrf_write 3 6826 NULL
23993 +make_8259A_irq_6828 make_8259A_irq 1 6828 NULL
23994 +calc_pages_for_6838 calc_pages_for 0-1-2 6838 NULL
23995 +mon_bin_read_6841 mon_bin_read 3 6841 NULL
23996 @@ -104643,63 +105343,89 @@ index 0000000..6fcc08d
23997 +proc_sessionid_read_6911 proc_sessionid_read 3 6911 &spi_show_regs_6911
23998 +__kfifo_dma_in_finish_r_6913 __kfifo_dma_in_finish_r 2-3 6913 NULL
23999 +ieee80211_rx_mgmt_probe_resp_6918 ieee80211_rx_mgmt_probe_resp 3 6918 NULL
24000 -+ieee80211_send_probe_req_6924 ieee80211_send_probe_req 6 6924 NULL
24001 ++ieee80211_send_probe_req_6924 ieee80211_send_probe_req 6-4 6924 NULL
24002 +cache_do_downcall_6926 cache_do_downcall 3 6926 NULL
24003 -+qsfp_cks_6945 qsfp_cks 0-2 6945 NULL
24004 ++ipath_verbs_send_dma_6929 ipath_verbs_send_dma 6 6929 NULL
24005 ++qsfp_cks_6945 qsfp_cks 2-0 6945 NULL
24006 +ab3100_get_register_page_interruptible_6951 ab3100_get_register_page_interruptible 4 6951 NULL
24007 ++dn_ifaddr_nlmsg_size_6955 dn_ifaddr_nlmsg_size 0 6955 NULL nohasharray
24008 ++tg3_nvram_write_block_unbuffered_6955 tg3_nvram_write_block_unbuffered 3 6955 &dn_ifaddr_nlmsg_size_6955
24009 +pch_uart_hal_read_6961 pch_uart_hal_read 0 6961 NULL
24010 -+videobuf_dma_init_kernel_6963 videobuf_dma_init_kernel 3 6963 NULL
24011 +crypto_authenc_esn_setkey_6985 crypto_authenc_esn_setkey 3 6985 NULL
24012 +request_key_async_6990 request_key_async 4 6990 NULL
24013 +r871x_set_wpa_ie_7000 r871x_set_wpa_ie 3 7000 NULL
24014 +cipso_v4_gentag_enum_7006 cipso_v4_gentag_enum 0 7006 NULL
24015 +tracing_cpumask_read_7010 tracing_cpumask_read 3 7010 NULL
24016 ++ld_usb_write_7022 ld_usb_write 3 7022 NULL
24017 +wimax_msg_7030 wimax_msg 4 7030 NULL
24018 +ipath_get_base_info_7043 ipath_get_base_info 3 7043 NULL
24019 +snd_pcm_oss_bytes_7051 snd_pcm_oss_bytes 2 7051 NULL
24020 ++sctp_make_op_error_7057 sctp_make_op_error 6-5 7057 NULL
24021 ++hci_sock_recvmsg_7072 hci_sock_recvmsg 4 7072 NULL
24022 +event_enable_read_7074 event_enable_read 3 7074 NULL
24023 +beacon_interval_read_7091 beacon_interval_read 3 7091 NULL
24024 -+lp_compat_ioctl_7098 lp_compat_ioctl 3 7098 NULL
24025 +check_header_7108 check_header 0 7108 NULL
24026 ++do_async_mmap_readahead_7123 do_async_mmap_readahead 5 7123 NULL
24027 ++qib_format_hwerrors_7133 qib_format_hwerrors 5 7133 NULL
24028 ++send_mpa_reject_7135 send_mpa_reject 3 7135 NULL
24029 ++ipv6_recv_rxpmtu_7142 ipv6_recv_rxpmtu 3 7142 NULL
24030 ++ocfs2_get_left_path_7159 ocfs2_get_left_path 0 7159 NULL
24031 +__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 NULL nohasharray
24032 +utf16_strsize_7203 utf16_strsize 0 7203 &__alloc_objio_seg_7203
24033 -+sys32_ipc_7238 sys32_ipc 3-5-6 7238 NULL
24034 -+dma_ops_alloc_addresses_7272 dma_ops_alloc_addresses 3-4-5 7272 NULL
24035 ++sys32_ipc_7238 sys32_ipc 3 7238 NULL
24036 ++hdlc_loop_7255 hdlc_loop 0 7255 NULL
24037 ++snd_mask_refine_7267 snd_mask_refine 0 7267 NULL
24038 ++f_midi_start_ep_7270 f_midi_start_ep 0 7270 NULL
24039 ++dma_ops_alloc_addresses_7272 dma_ops_alloc_addresses 3-4-5-0 7272 NULL
24040 ++get_string_7302 get_string 0 7302 NULL
24041 ++ieee80211_compatible_rates_7318 ieee80211_compatible_rates 0 7318 NULL
24042 ++wait_on_sync_kiocb_7327 wait_on_sync_kiocb 0 7327 NULL
24043 +mgmt_control_7349 mgmt_control 3 7349 NULL
24044 ++t1_get_slice_7350 t1_get_slice 0 7350 NULL
24045 +ext3_free_blocks_7362 ext3_free_blocks 3-4 7362 NULL
24046 +ieee80211_if_read_dot11MeshHWMPactivePathTimeout_7368 ieee80211_if_read_dot11MeshHWMPactivePathTimeout 3 7368 NULL
24047 -+hweight_long_7388 hweight_long 0-1 7388 NULL
24048 ++schedule_timeout_7371 schedule_timeout 0 7371 NULL
24049 ++hweight_long_7388 hweight_long 1-0 7388 NULL
24050 +sl_change_mtu_7396 sl_change_mtu 2 7396 NULL
24051 +readb_7401 readb 0 7401 NULL
24052 +drm_property_create_blob_7414 drm_property_create_blob 2 7414 NULL
24053 -+kvm_pv_mmu_op_7436 kvm_pv_mmu_op 3 7436 NULL
24054 ++kvm_pv_mmu_op_7436 kvm_pv_mmu_op 3-2 7436 NULL
24055 +ip_options_get_alloc_7448 ip_options_get_alloc 1 7448 NULL
24056 ++rt2x00debug_read_queue_stats_7455 rt2x00debug_read_queue_stats 3 7455 NULL
24057 +ms_rw_multi_sector_7459 ms_rw_multi_sector 3-4 7459 NULL
24058 +__mutex_lock_common_7469 __mutex_lock_common 0 7469 NULL
24059 +garp_request_join_7471 garp_request_join 4 7471 NULL
24060 +compat_sys_msgrcv_7482 compat_sys_msgrcv 2 7482 NULL
24061 ++get_stats_7483 get_stats 0 7483 NULL
24062 +snd_pcm_lib_read1_7491 snd_pcm_lib_read1 0-3 7491 NULL
24063 +sdhci_alloc_host_7509 sdhci_alloc_host 2 7509 NULL nohasharray
24064 +ahash_instance_headroom_7509 ahash_instance_headroom 0 7509 &sdhci_alloc_host_7509
24065 +goal_in_my_reservation_7553 goal_in_my_reservation 3 7553 NULL
24066 -+ext3_try_to_allocate_7590 ext3_try_to_allocate 5-3 7590 NULL
24067 -+groups_alloc_7614 groups_alloc 1 7614 NULL
24068 -+sg_virt_7616 sg_virt 0 7616 NULL
24069 ++ext4_ext_insert_extent_7576 ext4_ext_insert_extent 0 7576 NULL
24070 ++ext3_try_to_allocate_7590 ext3_try_to_allocate 3-5-0 7590 NULL
24071 ++create_dir_7614 create_dir 0 7614 NULL nohasharray
24072 ++groups_alloc_7614 groups_alloc 1 7614 &create_dir_7614
24073 +set_connectable_7649 set_connectable 4 7649 NULL
24074 -+acpi_ex_allocate_name_string_7685 acpi_ex_allocate_name_string 2-1 7685 NULL
24075 ++skb_copy_expand_7685 skb_copy_expand 3-2 7685 NULL nohasharray
24076 ++acpi_ex_allocate_name_string_7685 acpi_ex_allocate_name_string 1-2 7685 &skb_copy_expand_7685
24077 +acpi_ns_get_pathname_length_7699 acpi_ns_get_pathname_length 0 7699 NULL
24078 +dev_write_7708 dev_write 3 7708 NULL
24079 -+brcms_attach_7709 brcms_attach 3 7709 NULL
24080 ++dbg_check_cats_7713 dbg_check_cats 0 7713 NULL
24081 ++pci_raw_set_power_state_7729 pci_raw_set_power_state 0 7729 NULL
24082 +manip_pkt_7741 manip_pkt 3 7741 NULL
24083 +vxge_device_register_7752 vxge_device_register 4 7752 NULL
24084 +pohmelfs_path_length_7758 pohmelfs_path_length 0 7758 NULL
24085 ++btrfs_force_ra_7761 btrfs_force_ra 5-4 7761 NULL
24086 +osdv2_attr_list_elem_size_7763 osdv2_attr_list_elem_size 0-1 7763 NULL
24087 +ubi_io_read_vid_hdr_7766 ubi_io_read_vid_hdr 0 7766 NULL
24088 ++paths_from_inode_7774 paths_from_inode 0 7774 NULL
24089 +alloc_candev_7776 alloc_candev 1-2 7776 NULL
24090 +dfs_global_file_read_7787 dfs_global_file_read 3 7787 NULL
24091 -+bnx2_nvram_write_7790 bnx2_nvram_write 4-2 7790 NULL
24092 ++bnx2_nvram_write_7790 bnx2_nvram_write 2-4 7790 NULL
24093 +diva_os_copy_from_user_7792 diva_os_copy_from_user 4 7792 NULL
24094 +ubifs_leb_read_7828 ubifs_leb_read 0 7828 NULL
24095 ++btrfs_find_space_for_alloc_7876 btrfs_find_space_for_alloc 2 7876 NULL
24096 ++config_desc_7878 config_desc 0 7878 NULL
24097 +dvb_dmxdev_read_sec_7892 dvb_dmxdev_read_sec 4 7892 NULL
24098 +xfs_trans_get_efi_7898 xfs_trans_get_efi 2 7898 NULL
24099 +gfs2_tune_get_i_7903 gfs2_tune_get_i 0 7903 NULL
24100 @@ -104709,52 +105435,63 @@ index 0000000..6fcc08d
24101 +f_hidg_write_7932 f_hidg_write 3 7932 NULL
24102 +io_apic_setup_irq_pin_once_7934 io_apic_setup_irq_pin_once 1 7934 NULL
24103 +smk_write_load_self_7958 smk_write_load_self 3 7958 NULL
24104 -+arch_gnttab_map_shared_7970 arch_gnttab_map_shared 3 7970 NULL
24105 +sys_mbind_7990 sys_mbind 5 7990 NULL
24106 +sep_lock_user_pages_8000 sep_lock_user_pages 2-3 8000 NULL
24107 ++extend_or_restart_transaction_8008 extend_or_restart_transaction 0 8008 NULL
24108 +vcs_read_8017 vcs_read 3 8017 NULL
24109 -+normalize_up_8037 normalize_up 0-1-2 8037 NULL
24110 ++normalize_up_8037 normalize_up 0-2-1 8037 NULL
24111 +vhost_add_used_and_signal_n_8038 vhost_add_used_and_signal_n 4 8038 NULL
24112 ++iser_rcv_completion_8048 iser_rcv_completion 2 8048 NULL
24113 +ms_read_multiple_pages_8052 ms_read_multiple_pages 5-4 8052 NULL
24114 +leb_read_lock_8070 leb_read_lock 0 8070 NULL
24115 -+alloc_targets_8074 alloc_targets 2 8074 NULL
24116 ++ext4_ext_map_blocks_8078 ext4_ext_map_blocks 0 8078 NULL
24117 +venus_lookup_8121 venus_lookup 4 8121 NULL
24118 +ieee80211_if_fmt_num_buffered_multicast_8127 ieee80211_if_fmt_num_buffered_multicast 3 8127 NULL
24119 ++CalcCalPLL_8136 CalcCalPLL 0 8136 NULL
24120 +ext_sd_execute_write_data_8175 ext_sd_execute_write_data 9 8175 NULL
24121 -+dma_map_area_8178 dma_map_area 5-2-3 8178 NULL
24122 ++dma_map_area_8178 dma_map_area 3-2-5-0 8178 NULL
24123 +__sk_mem_schedule_8185 __sk_mem_schedule 2 8185 NULL
24124 +ieee80211_if_fmt_dot11MeshHoldingTimeout_8187 ieee80211_if_fmt_dot11MeshHoldingTimeout 3 8187 NULL
24125 -+__nf_nat_mangle_tcp_packet_8190 __nf_nat_mangle_tcp_packet 7-5 8190 NULL
24126 ++__nf_nat_mangle_tcp_packet_8190 __nf_nat_mangle_tcp_packet 5-7 8190 NULL
24127 +recent_mt_proc_write_8206 recent_mt_proc_write 3 8206 NULL
24128 ++__ocfs2_lock_refcount_tree_8207 __ocfs2_lock_refcount_tree 0 8207 NULL
24129 +rt2x00debug_write_bbp_8212 rt2x00debug_write_bbp 3 8212 NULL
24130 +ad7879_spi_multi_read_8218 ad7879_spi_multi_read 3 8218 NULL
24131 +play_iframe_8219 play_iframe 3 8219 NULL
24132 +sctp_ssnmap_size_8228 sctp_ssnmap_size 0-1-2 8228 NULL
24133 +check_xattr_ref_inode_8244 check_xattr_ref_inode 0 8244 NULL
24134 ++add_rx_skb_8257 add_rx_skb 3 8257 NULL
24135 +t3_init_l2t_8261 t3_init_l2t 1 8261 NULL
24136 +init_cdev_8274 init_cdev 1 8274 NULL
24137 +qib_decode_7220_err_8315 qib_decode_7220_err 3 8315 NULL
24138 ++snd_pcm_update_state_8320 snd_pcm_update_state 0 8320 NULL
24139 +construct_key_and_link_8321 construct_key_and_link 4 8321 NULL
24140 +ipwireless_send_packet_8328 ipwireless_send_packet 4 8328 NULL
24141 +__c4iw_init_resource_fifo_8334 __c4iw_init_resource_fifo 3 8334 NULL
24142 +tracing_entries_read_8345 tracing_entries_read 3 8345 NULL
24143 +ping_getfrag_8360 ping_getfrag 4-3 8360 NULL
24144 ++ath6kl_lrssi_roam_write_8362 ath6kl_lrssi_roam_write 3 8362 NULL
24145 ++ocfs2_decrease_refcount_rec_8385 ocfs2_decrease_refcount_rec 0 8385 NULL
24146 +xdi_copy_from_user_8395 xdi_copy_from_user 4 8395 NULL
24147 +zd_rf_scnprint_id_8406 zd_rf_scnprint_id 0-3 8406 NULL
24148 +uvc_v4l2_ioctl_8411 uvc_v4l2_ioctl 2 8411 NULL
24149 +snd_usb_ctl_msg_8436 snd_usb_ctl_msg 8 8436 NULL
24150 ++generic_bin_search_8440 generic_bin_search 0 8440 NULL
24151 +afs_cell_lookup_8482 afs_cell_lookup 2 8482 NULL
24152 ++fore200e_chunk_alloc_8501 fore200e_chunk_alloc 4-3 8501 NULL
24153 +dev_config_8506 dev_config 3 8506 NULL
24154 +ACL_to_cifs_posix_8509 ACL_to_cifs_posix 3 8509 NULL
24155 +utf16_strnlen_8513 utf16_strnlen 0 8513 NULL
24156 -+pnp_resource_len_8532 pnp_resource_len 0 8532 NULL
24157 -+alloc_pg_vec_8533 alloc_pg_vec 2 8533 NULL
24158 ++snd_malloc_sgbuf_pages_8532 snd_malloc_sgbuf_pages 2 8532 NULL
24159 +ocfs2_read_virt_blocks_8538 ocfs2_read_virt_blocks 2-3 8538 NULL
24160 +profile_remove_8556 profile_remove 3 8556 NULL
24161 -+cache_slow_downcall_8570 cache_slow_downcall 2 8570 NULL
24162 -+mga_ioremap_8571 mga_ioremap 1-2 8571 NULL
24163 ++pci_msi_check_device_8570 pci_msi_check_device 0 8570 NULL nohasharray
24164 ++cache_slow_downcall_8570 cache_slow_downcall 2 8570 &pci_msi_check_device_8570
24165 +isr_dma0_done_read_8574 isr_dma0_done_read 3 8574 NULL
24166 +tower_write_8580 tower_write 3 8580 NULL
24167 ++ocfs2_reserve_local_alloc_bits_8581 ocfs2_reserve_local_alloc_bits 0 8581 NULL
24168 ++tsi721_open_inb_mbox_8598 tsi721_open_inb_mbox 4 8598 NULL
24169 ++rtllib_MFIE_rate_len_8606 rtllib_MFIE_rate_len 0 8606 NULL
24170 +shash_setkey_unaligned_8620 shash_setkey_unaligned 3 8620 NULL
24171 +it821x_firmware_command_8628 it821x_firmware_command 3 8628 NULL
24172 +scsi_dma_map_8632 scsi_dma_map 0 8632 NULL
24173 @@ -104768,12 +105505,18 @@ index 0000000..6fcc08d
24174 +i_size_read_8703 i_size_read 0 8703 NULL nohasharray
24175 +init_header_8703 init_header 0 8703 &i_size_read_8703
24176 +cifs_writedata_alloc_8710 cifs_writedata_alloc 1 8710 NULL
24177 -+ctrl_out_8712 ctrl_out 3-5 8712 NULL
24178 ++ctrl_out_8712 ctrl_out 5-3 8712 NULL
24179 ++tracing_max_lat_write_8728 tracing_max_lat_write 3 8728 NULL
24180 +jffs2_acl_count_8729 jffs2_acl_count 0-1 8729 NULL
24181 -+em28xx_init_isoc_8755 em28xx_init_isoc 3-2 8755 NULL
24182 ++ocfs2_find_path_8754 ocfs2_find_path 0 8754 NULL
24183 ++em28xx_init_isoc_8755 em28xx_init_isoc 3-2-4-0 8755 NULL
24184 ++yurex_write_8761 yurex_write 3 8761 NULL
24185 +joydev_compat_ioctl_8765 joydev_compat_ioctl 2 8765 NULL
24186 -+__bitmap_weight_8796 __bitmap_weight 0-2 8796 NULL
24187 ++kstrtoint_from_user_8778 kstrtoint_from_user 2 8778 NULL
24188 ++aligned_nrpages_8791 aligned_nrpages 0-1-2 8791 NULL
24189 ++__bitmap_weight_8796 __bitmap_weight 2-0 8796 NULL
24190 +cpuset_common_file_read_8800 cpuset_common_file_read 5 8800 NULL
24191 ++intel_ring_begin_8808 intel_ring_begin 0 8808 NULL
24192 +metronomefb_write_8823 metronomefb_write 3 8823 NULL
24193 +get_queue_depth_8833 get_queue_depth 0 8833 NULL
24194 +dvb_ringbuffer_pkt_next_8834 dvb_ringbuffer_pkt_next 0-2 8834 NULL
24195 @@ -104781,8 +105524,11 @@ index 0000000..6fcc08d
24196 +wa_nep_queue_8858 wa_nep_queue 2 8858 NULL
24197 +iwl_dbgfs_debug_level_write_8871 iwl_dbgfs_debug_level_write 3 8871 NULL
24198 +compressed_bio_size_8887 compressed_bio_size 0-2 8887 NULL
24199 -+tracing_max_lat_read_8890 tracing_max_lat_read 3 8890 NULL
24200 ++ab3100_get_set_reg_8890 ab3100_get_set_reg 3 8890 NULL nohasharray
24201 ++tracing_max_lat_read_8890 tracing_max_lat_read 3 8890 &ab3100_get_set_reg_8890
24202 +sdio_max_byte_size_8907 sdio_max_byte_size 0 8907 NULL
24203 ++sysfs_merge_group_8917 sysfs_merge_group 0 8917 NULL
24204 ++write_file_ani_8918 write_file_ani 3 8918 NULL
24205 +layout_commit_8926 layout_commit 3 8926 NULL
24206 +adjust_priv_size_8935 adjust_priv_size 0-1 8935 NULL
24207 +driver_stats_read_8944 driver_stats_read 3 8944 NULL
24208 @@ -104793,213 +105539,265 @@ index 0000000..6fcc08d
24209 +venus_mkdir_8967 venus_mkdir 4 8967 NULL
24210 +vol_cdev_read_8968 vol_cdev_read 3 8968 NULL nohasharray
24211 +seq_open_net_8968 seq_open_net 4 8968 &vol_cdev_read_8968
24212 -+bio_integrity_get_tag_8974 bio_integrity_get_tag 3 8974 NULL nohasharray
24213 -+selinux_proc_get_sid_8974 selinux_proc_get_sid 2 8974 &bio_integrity_get_tag_8974
24214 ++bio_integrity_get_tag_8974 bio_integrity_get_tag 3 8974 NULL
24215 ++btrfs_alloc_free_block_8986 btrfs_alloc_free_block 8 8986 NULL
24216 ++get_pipes_9008 get_pipes 0 9008 NULL
24217 +snd_emu10k1_ptr_read_9026 snd_emu10k1_ptr_read 0-2 9026 NULL
24218 ++fd_ioctl_9028 fd_ioctl 3 9028 NULL
24219 +nla_put_9042 nla_put 3 9042 NULL
24220 -+snd_emu10k1_synth_copy_from_user_9061 snd_emu10k1_synth_copy_from_user 3-5 9061 NULL
24221 ++snd_emu10k1_synth_copy_from_user_9061 snd_emu10k1_synth_copy_from_user 5-3 9061 NULL
24222 +snd_gus_dram_peek_9062 snd_gus_dram_peek 4 9062 NULL
24223 +fib_info_hash_alloc_9075 fib_info_hash_alloc 1 9075 NULL
24224 -+string_9080 string 0 9080 NULL
24225 -+create_queues_9088 create_queues 2-3 9088 NULL
24226 ++create_queues_9088 create_queues 3-2 9088 NULL
24227 +ftdi_prepare_write_buffer_9093 ftdi_prepare_write_buffer 3 9093 NULL
24228 +caif_stream_sendmsg_9110 caif_stream_sendmsg 4 9110 NULL
24229 +pmcraid_change_queue_depth_9116 pmcraid_change_queue_depth 2 9116 NULL
24230 ++brcmf_sdbrcm_send_buf_9129 brcmf_sdbrcm_send_buf 6 9129 NULL
24231 ++apei_resources_merge_9149 apei_resources_merge 0 9149 NULL
24232 +dbg_command_buf_9165 dbg_command_buf 2 9165 NULL
24233 +isr_irqs_read_9181 isr_irqs_read 3 9181 NULL
24234 +alloc_group_attrs_9194 alloc_group_attrs 2 9194 NULL nohasharray
24235 +altera_swap_ir_9194 altera_swap_ir 2 9194 &alloc_group_attrs_9194
24236 -+gx1_gx_base_9198 gx1_gx_base 0 9198 NULL
24237 -+sep_prepare_input_output_dma_table_9200 sep_prepare_input_output_dma_table 2-4-3 9200 NULL
24238 ++sep_prepare_input_output_dma_table_9200 sep_prepare_input_output_dma_table 4-3-2 9200 NULL
24239 +snd_m3_get_pointer_9206 snd_m3_get_pointer 0 9206 NULL
24240 +l2cap_create_connless_pdu_9222 l2cap_create_connless_pdu 3 9222 NULL
24241 +sctp_getsockopt_delayed_ack_9232 sctp_getsockopt_delayed_ack 2 9232 NULL
24242 -+ocfs2_clear_ext_refcount_9256 ocfs2_clear_ext_refcount 4 9256 NULL
24243 ++ext4_mark_iloc_dirty_9239 ext4_mark_iloc_dirty 0 9239 NULL
24244 ++schedule_erase_9240 schedule_erase 0 9240 NULL
24245 ++cmtp_add_msgpart_9252 cmtp_add_msgpart 4 9252 NULL
24246 ++ocfs2_clear_ext_refcount_9256 ocfs2_clear_ext_refcount 0-4 9256 NULL
24247 +tcf_csum_ipv4_icmp_9258 tcf_csum_ipv4_icmp 3 9258 NULL
24248 ++btrfs_search_slot_9264 btrfs_search_slot 0 9264 NULL
24249 ++ocfs2_merge_rec_right_9267 ocfs2_merge_rec_right 0 9267 NULL
24250 +sparse_early_usemaps_alloc_node_9269 sparse_early_usemaps_alloc_node 4 9269 NULL
24251 +hdpvr_read_9273 hdpvr_read 3 9273 NULL
24252 -+qla82xx_pci_set_window_9303 qla82xx_pci_set_window 0-2 9303 NULL
24253 +iwl_dbgfs_stations_read_9309 iwl_dbgfs_stations_read 3 9309 NULL
24254 +ceph_sync_setxattr_9310 ceph_sync_setxattr 4 9310 NULL
24255 +sk_rmem_schedule_9331 sk_rmem_schedule 2 9331 NULL
24256 +ocfs2_orphan_for_truncate_9342 ocfs2_orphan_for_truncate 4 9342 NULL
24257 ++get_request_type_9393 get_request_type 0 9393 NULL nohasharray
24258 ++mlx4_bitmap_init_9393 mlx4_bitmap_init 5-2 9393 &get_request_type_9393
24259 +read_9397 read 3 9397 NULL
24260 ++set_gpio_9412 set_gpio 0 9412 NULL
24261 +bm_realloc_pages_9431 bm_realloc_pages 2 9431 NULL
24262 +ffs_ep0_write_9438 ffs_ep0_write 3 9438 NULL
24263 +kmalloc_array_9444 kmalloc_array 1-2 9444 NULL
24264 +ieee80211_if_fmt_fwded_unicast_9454 ieee80211_if_fmt_fwded_unicast 3 9454 NULL
24265 ++mcs_unwrap_mir_9455 mcs_unwrap_mir 3 9455 NULL
24266 +ext3_xattr_set_acl_9467 ext3_xattr_set_acl 4 9467 NULL
24267 +agp_generic_alloc_user_9470 agp_generic_alloc_user 1 9470 NULL
24268 +rbd_coll_end_req_9472 rbd_coll_end_req 3 9472 NULL
24269 +__alloc_preds_9492 __alloc_preds 2 9492 NULL
24270 ++sock_recvmsg_9500 sock_recvmsg 0 9500 NULL
24271 ++lbs_threshold_write_9502 lbs_threshold_write 5 9502 NULL
24272 +lp_write_9511 lp_write 3 9511 NULL
24273 ++mext_calc_swap_extents_9517 mext_calc_swap_extents 4 9517 NULL
24274 +scsi_tgt_kspace_exec_9522 scsi_tgt_kspace_exec 8 9522 NULL
24275 +read_file_dma_9530 read_file_dma 3 9530 NULL
24276 +ext3_alloc_branch_9534 ext3_alloc_branch 5 9534 NULL
24277 ++nlmsg_parse_9536 nlmsg_parse 2 9536 NULL
24278 +pohmelfs_send_readpages_9537 pohmelfs_send_readpages 3 9537 NULL
24279 +audit_log_n_untrustedstring_9548 audit_log_n_untrustedstring 3 9548 NULL
24280 ++readl_9557 readl 0 9557 NULL
24281 +fw_node_create_9559 fw_node_create 2 9559 NULL
24282 -+kobj_map_9566 kobj_map 2-3 9566 NULL
24283 ++kobj_map_9566 kobj_map 3-2 9566 NULL
24284 +biovec_create_pools_9575 biovec_create_pools 2 9575 NULL
24285 ++ieee80211_tdls_mgmt_9581 ieee80211_tdls_mgmt 8 9581 NULL
24286 +lguest_setup_irq_9587 lguest_setup_irq 1 9587 NULL
24287 +do_sync_9604 do_sync 1 9604 NULL
24288 +snd_emu10k1_fx8010_read_9605 snd_emu10k1_fx8010_read 5-6 9605 NULL
24289 ++ocfs2_claim_suballoc_bits_9615 ocfs2_claim_suballoc_bits 0 9615 NULL
24290 +saa7164_buffer_alloc_user_9627 saa7164_buffer_alloc_user 2 9627 NULL
24291 -+compat_sys_keyctl_9639 compat_sys_keyctl 4-2-3 9639 NULL
24292 ++acpi_ex_insert_into_field_9638 acpi_ex_insert_into_field 3 9638 NULL
24293 ++compat_sys_keyctl_9639 compat_sys_keyctl 4 9639 NULL
24294 +ocfs2_xattr_get_rec_9652 ocfs2_xattr_get_rec 0 9652 NULL
24295 -+snd_intelmad_register_irq_9654 snd_intelmad_register_irq 2-3 9654 NULL
24296 -+uvc_alloc_buffers_9656 uvc_alloc_buffers 2-3 9656 NULL
24297 +queue_received_packet_9657 queue_received_packet 5 9657 NULL
24298 +snd_opl4_mem_proc_write_9670 snd_opl4_mem_proc_write 5 9670 NULL
24299 +ks8842_read16_9676 ks8842_read16 0 9676 NULL nohasharray
24300 -+dns_query_9676 dns_query 3 9676 &ks8842_read16_9676
24301 ++dns_query_9676 dns_query 3-0 9676 &ks8842_read16_9676
24302 ++ea_get_unstuffed_9677 ea_get_unstuffed 0 9677 NULL
24303 +qib_7322_handle_hwerrors_9678 qib_7322_handle_hwerrors 3 9678 NULL
24304 +__erst_read_from_storage_9690 __erst_read_from_storage 0 9690 NULL
24305 -+is_hole_9694 is_hole 2 9694 NULL nohasharray
24306 -+x25_asy_compat_ioctl_9694 x25_asy_compat_ioctl 4 9694 &is_hole_9694
24307 -+fnb_9703 fnb 2-3 9703 NULL
24308 ++is_hole_9694 is_hole 2 9694 NULL
24309 ++vx_transfer_end_9701 vx_transfer_end 0 9701 NULL
24310 ++fnb_9703 fnb 2-3-0 9703 NULL
24311 +ieee80211_if_read_aid_9705 ieee80211_if_read_aid 3 9705 NULL
24312 -+ddb_input_read_9743 ddb_input_read 3 9743 NULL
24313 -+__alloc_percpu_9764 __alloc_percpu 1-2 9764 NULL
24314 ++ddb_input_read_9743 ddb_input_read 3-0 9743 NULL
24315 ++__alloc_percpu_9764 __alloc_percpu 2-1 9764 NULL
24316 +do_sigpending_9766 do_sigpending 2 9766 NULL
24317 ++btrfs_write_and_wait_transaction_9768 btrfs_write_and_wait_transaction 0 9768 NULL
24318 +__blk_queue_init_tags_9778 __blk_queue_init_tags 2 9778 NULL
24319 +snd_mem_proc_write_9786 snd_mem_proc_write 3 9786 NULL
24320 ++qlcnic_validate_ringparam_9794 qlcnic_validate_ringparam 1-2-3 9794 NULL
24321 ++parse_uac2_sample_rate_range_9801 parse_uac2_sample_rate_range 0 9801 NULL
24322 ++tpm_data_in_9802 tpm_data_in 0 9802 NULL
24323 +ttm_bo_fbdev_io_9805 ttm_bo_fbdev_io 4 9805 NULL
24324 -+ieee80211_if_read_state_9813 ieee80211_if_read_state 3 9813 NULL
24325 -+pnp_mem_start_9817 pnp_mem_start 0 9817 NULL
24326 -+kernel_physical_mapping_init_9818 kernel_physical_mapping_init 0-2-1 9818 NULL
24327 -+dvb_dvr_set_buffer_size_9840 dvb_dvr_set_buffer_size 2 9840 NULL
24328 ++udpv6_recvmsg_9813 udpv6_recvmsg 4 9813 NULL nohasharray
24329 ++ieee80211_if_read_state_9813 ieee80211_if_read_state 3 9813 &udpv6_recvmsg_9813
24330 +cfg80211_send_deauth_9862 cfg80211_send_deauth 3 9862 NULL
24331 +get_blk_table_len_9863 get_blk_table_len 0 9863 NULL
24332 +pmcraid_alloc_sglist_9864 pmcraid_alloc_sglist 1 9864 NULL
24333 +mlx4_bitmap_alloc_range_9876 mlx4_bitmap_alloc_range 2-3 9876 NULL
24334 +bm_register_write_9893 bm_register_write 3 9893 NULL nohasharray
24335 +snd_midi_event_new_9893 snd_midi_event_new 1 9893 &bm_register_write_9893
24336 -+snd_gf1_pcm_playback_copy_9895 snd_gf1_pcm_playback_copy 3-5 9895 NULL
24337 ++snd_gf1_pcm_playback_copy_9895 snd_gf1_pcm_playback_copy 5-3 9895 NULL
24338 ++iwm_rx_packet_alloc_9898 iwm_rx_packet_alloc 3 9898 NULL
24339 +receive_DataRequest_9904 receive_DataRequest 3 9904 NULL
24340 ++norm_maxw_9907 norm_maxw 0 9907 NULL
24341 ++ext4_map_blocks_9916 ext4_map_blocks 0 9916 NULL
24342 ++root_nfs_parse_options_9937 root_nfs_parse_options 3 9937 NULL
24343 +read_file_misc_9948 read_file_misc 3 9948 NULL
24344 -+ext2_new_blocks_9954 ext2_new_blocks 2 9954 NULL
24345 -+csum_partial_copy_fromiovecend_9957 csum_partial_copy_fromiovecend 3-4 9957 NULL
24346 ++set_rxd_buffer_pointer_9950 set_rxd_buffer_pointer 8 9950 NULL
24347 ++ext2_new_blocks_9954 ext2_new_blocks 2-0 9954 NULL
24348 ++csum_partial_copy_fromiovecend_9957 csum_partial_copy_fromiovecend 4-3 9957 NULL
24349 +btrfs_add_link_9973 btrfs_add_link 5 9973 NULL
24350 +nfs_readdata_alloc_9990 nfs_readdata_alloc 1 9990 NULL
24351 +kovaplus_send_10009 kovaplus_send 4 10009 NULL
24352 +aat2870_dump_reg_10019 aat2870_dump_reg 0 10019 NULL
24353 +handle_request_10024 handle_request 9 10024 NULL
24354 +rbd_coll_end_req_index_10041 rbd_coll_end_req_index 5 10041 NULL
24355 ++userpolicy_type_attrsize_10067 userpolicy_type_attrsize 0 10067 NULL
24356 ++cifs_llseek_10091 cifs_llseek 2 10091 NULL
24357 +ufs_bitmap_search_10105 ufs_bitmap_search 0-3 10105 NULL
24358 +get_elem_size_10110 get_elem_size 0-2 10110 NULL
24359 +gfs2_meta_read_10112 gfs2_meta_read 0 10112 NULL
24360 +offset_to_bit_10134 offset_to_bit 0 10134 NULL
24361 -+au_sbr_realloc_10150 au_sbr_realloc 2 10150 NULL
24362 +aes_decrypt_packets_read_10155 aes_decrypt_packets_read 3 10155 NULL
24363 +rx_out_of_mem_read_10157 rx_out_of_mem_read 3 10157 NULL
24364 +ol_chunk_entries_10159 ol_chunk_entries 0 10159 NULL
24365 +asd_store_update_bios_10165 asd_store_update_bios 4 10165 NULL
24366 ++kstrtol_from_user_10168 kstrtol_from_user 2 10168 NULL
24367 +proc_pid_attr_read_10173 proc_pid_attr_read 3 10173 NULL
24368 ++mlx4_ib_create_cq_10177 mlx4_ib_create_cq 2 10177 NULL
24369 +jffs2_user_setxattr_10182 jffs2_user_setxattr 4 10182 NULL
24370 -+do_ioctl_trans_10194 do_ioctl_trans 3 10194 NULL
24371 ++register_ftrace_function_10218 register_ftrace_function 0 10218 NULL
24372 +cciss_proc_write_10259 cciss_proc_write 3 10259 NULL
24373 ++snd_pcm_lib_preallocate_pages1_10273 snd_pcm_lib_preallocate_pages1 2 10273 NULL
24374 +snd_rme9652_capture_copy_10287 snd_rme9652_capture_copy 5 10287 NULL
24375 ++highmem_dirtyable_memory_10301 highmem_dirtyable_memory 0-1 10301 NULL
24376 +read_emulate_10310 read_emulate 2-4 10310 NULL
24377 +ttm_object_device_init_10321 ttm_object_device_init 2 10321 NULL
24378 +ubi_leb_read_10328 ubi_leb_read 0 10328 NULL
24379 +tun_sendmsg_10337 tun_sendmsg 4 10337 NULL
24380 ++em28xx_read_reg_req_len_10340 em28xx_read_reg_req_len 0 10340 NULL
24381 +ufx_alloc_urb_list_10349 ufx_alloc_urb_list 3 10349 NULL
24382 ++whci_add_cap_10350 whci_add_cap 0 10350 NULL
24383 +dbAllocAny_10354 dbAllocAny 0 10354 NULL
24384 +ms_write_multiple_pages_10362 ms_write_multiple_pages 6-5 10362 NULL
24385 +sta_ht_capa_read_10366 sta_ht_capa_read 3 10366 NULL
24386 +ecryptfs_decode_and_decrypt_filename_10379 ecryptfs_decode_and_decrypt_filename 5 10379 NULL
24387 ++led_classdev_register_10384 led_classdev_register 0 10384 NULL
24388 +do_compat_pselect_10398 do_compat_pselect 1 10398 NULL
24389 -+mirror_status_10435 mirror_status 4 10435 NULL
24390 +event_phy_transmit_error_read_10471 event_phy_transmit_error_read 3 10471 NULL
24391 -+ca91cx42_alloc_resource_10502 ca91cx42_alloc_resource 2 10502 NULL
24392 +qib_alloc_fast_reg_page_list_10507 qib_alloc_fast_reg_page_list 2 10507 NULL
24393 -+rbd_get_segment_10511 rbd_get_segment 0-3-4 10511 NULL nohasharray
24394 -+sel_write_disable_10511 sel_write_disable 3 10511 &rbd_get_segment_10511
24395 ++sel_write_disable_10511 sel_write_disable 3 10511 NULL nohasharray
24396 ++rbd_get_segment_10511 rbd_get_segment 0-3-4 10511 &sel_write_disable_10511
24397 +osd_req_write_sg_kern_10514 osd_req_write_sg_kern 5 10514 NULL
24398 +rds_message_alloc_10517 rds_message_alloc 1 10517 NULL
24399 ++snd_pcm_hw_params_user_10520 snd_pcm_hw_params_user 0 10520 NULL
24400 +ocfs2_add_refcounted_extent_10526 ocfs2_add_refcounted_extent 6 10526 NULL
24401 -+get_vm_area_caller_10527 get_vm_area_caller 1 10527 NULL
24402 -+snd_pcm_lib_read_10536 snd_pcm_lib_read 0-3 10536 NULL
24403 -+otp_read_10594 otp_read 2-4-5 10594 NULL
24404 ++snd_pcm_lib_read_10536 snd_pcm_lib_read 0-3 10536 NULL nohasharray
24405 ++kstrtouint_from_user_10536 kstrtouint_from_user 2 10536 &snd_pcm_lib_read_10536
24406 ++bcm_ioctl_fw_download_10548 bcm_ioctl_fw_download 0 10548 NULL
24407 ++i915_write_fence_reg_10551 i915_write_fence_reg 0 10551 NULL
24408 ++otp_read_10594 otp_read 5-4-2 10594 NULL
24409 +supply_map_read_file_10608 supply_map_read_file 3 10608 NULL
24410 +ima_show_htable_violations_10619 ima_show_htable_violations 3 10619 NULL
24411 ++cxgb3_get_cpl_reply_skb_10620 cxgb3_get_cpl_reply_skb 2 10620 NULL
24412 +nes_alloc_resource_10624 nes_alloc_resource 3 10624 NULL
24413 ++write_file_rx_chainmask_10636 write_file_rx_chainmask 3 10636 NULL
24414 ++devm_request_irq_10640 devm_request_irq 0 10640 NULL
24415 ++__qbuf_mmap_10642 __qbuf_mmap 0 10642 NULL
24416 ++br_nlmsg_size_10645 br_nlmsg_size 0 10645 NULL
24417 ++ubi_io_write_vid_hdr_10660 ubi_io_write_vid_hdr 0 10660 NULL
24418 ++efx_max_tx_len_10662 efx_max_tx_len 0-2 10662 NULL
24419 ++ni65_alloc_mem_10664 ni65_alloc_mem 3 10664 NULL
24420 +parport_write_10669 parport_write 0 10669 NULL
24421 ++tcp_push_10680 tcp_push 3 10680 NULL
24422 ++edge_write_10692 edge_write 4 10692 NULL
24423 +inl_10708 inl 0 10708 NULL nohasharray
24424 +selinux_inode_setxattr_10708 selinux_inode_setxattr 4 10708 &inl_10708
24425 +pvr2_ioread_read_10720 pvr2_ioread_read 3 10720 NULL nohasharray
24426 +shash_async_setkey_10720 shash_async_setkey 3 10720 &pvr2_ioread_read_10720
24427 ++__iscsi_complete_pdu_10726 __iscsi_complete_pdu 4 10726 NULL
24428 +spi_sync_10731 spi_sync 0 10731 NULL
24429 +sctp_getsockopt_maxseg_10737 sctp_getsockopt_maxseg 2 10737 NULL nohasharray
24430 +apu_get_register_10737 apu_get_register 0 10737 &sctp_getsockopt_maxseg_10737
24431 +compat_sys_msgsnd_10738 compat_sys_msgsnd 2 10738 NULL
24432 -+alloc_one_pg_vec_page_10747 alloc_one_pg_vec_page 1 10747 NULL
24433 ++ttm_ref_object_add_10748 ttm_ref_object_add 0 10748 NULL
24434 +vhost_add_used_n_10760 vhost_add_used_n 3 10760 NULL
24435 +kvm_read_guest_atomic_10765 kvm_read_guest_atomic 4 10765 NULL
24436 +posix_acl_to_xattr_10767 posix_acl_to_xattr 0 10767 NULL
24437 ++loopback_bytepos_update_10776 loopback_bytepos_update 2 10776 NULL
24438 ++i915_gem_wait_for_error_10791 i915_gem_wait_for_error 0 10791 NULL
24439 ++snd_mask_value_10794 snd_mask_value 0 10794 NULL
24440 +sys_bind_10799 sys_bind 3 10799 NULL
24441 -+compat_put_int_10828 compat_put_int 1 10828 NULL
24442 ++aun_incoming_10814 aun_incoming 3 10814 NULL
24443 ++diva_set_trace_filter_10820 diva_set_trace_filter 0-1 10820 NULL
24444 ++send_command_10832 send_command 4 10832 NULL
24445 +lbs_sleepparams_read_10840 lbs_sleepparams_read 3 10840 NULL
24446 +ida_get_new_above_10853 ida_get_new_above 2 10853 NULL
24447 +fuse_conn_max_background_read_10855 fuse_conn_max_background_read 3 10855 NULL
24448 +ol_chunk_blocks_10864 ol_chunk_blocks 0 10864 NULL
24449 +snd_pcm_oss_write1_10872 snd_pcm_oss_write1 3 10872 NULL
24450 ++drm_ht_insert_item_10877 drm_ht_insert_item 0 10877 NULL
24451 +get_scq_10897 get_scq 2 10897 NULL
24452 +cgroup_write_string_10900 cgroup_write_string 5 10900 NULL
24453 +tifm_alloc_adapter_10903 tifm_alloc_adapter 1 10903 NULL
24454 -+__copy_from_user_10918 __copy_from_user 3 10918 NULL
24455 ++__copy_from_user_10918 __copy_from_user 3-0 10918 NULL
24456 ++kobject_add_10919 kobject_add 0 10919 NULL
24457 +iwl_calib_set_10944 iwl_calib_set 3 10944 NULL
24458 +bm_entry_read_10976 bm_entry_read 3 10976 NULL
24459 +sched_autogroup_write_10984 sched_autogroup_write 3 10984 NULL
24460 +xfrm_hash_alloc_10997 xfrm_hash_alloc 1 10997 NULL
24461 -+mb_find_next_bit_11037 mb_find_next_bit 2-3-0 11037 NULL
24462 ++mb_find_next_bit_11037 mb_find_next_bit 0-2-3 11037 NULL
24463 +tda10048_writeregbulk_11050 tda10048_writeregbulk 4 11050 NULL
24464 ++carl9170_handle_mpdu_11056 carl9170_handle_mpdu 3 11056 NULL
24465 +tcp_send_mss_11079 tcp_send_mss 0 11079 NULL
24466 ++snd_pcm_delay_11081 snd_pcm_delay 0 11081 NULL
24467 +count_argc_11083 count_argc 0 11083 NULL
24468 +kvm_write_guest_cached_11106 kvm_write_guest_cached 4 11106 NULL
24469 +tw_change_queue_depth_11116 tw_change_queue_depth 2 11116 NULL
24470 +page_offset_11120 page_offset 0 11120 NULL
24471 +tracing_buffers_read_11124 tracing_buffers_read 3 11124 NULL
24472 +alloc_alien_cache_11127 alloc_alien_cache 2 11127 NULL
24473 -+acpi_os_map_memory_11161 acpi_os_map_memory 1-2 11161 NULL
24474 +ioat2_alloc_ring_11172 ioat2_alloc_ring 2 11172 NULL nohasharray
24475 -+snd_gf1_pcm_playback_silence_11172 snd_gf1_pcm_playback_silence 3-4 11172 &ioat2_alloc_ring_11172
24476 ++snd_gf1_pcm_playback_silence_11172 snd_gf1_pcm_playback_silence 4-3 11172 &ioat2_alloc_ring_11172
24477 ++__swab16p_11220 __swab16p 0 11220 NULL
24478 +hugetlbfs_read_11268 hugetlbfs_read 3 11268 NULL
24479 -+cru_detect_11272 cru_detect 1 11272 NULL
24480 +ext4_xattr_check_names_11314 ext4_xattr_check_names 0 11314 NULL
24481 +construct_key_11329 construct_key 3 11329 NULL nohasharray
24482 +__kfifo_out_peek_11329 __kfifo_out_peek 0-3 11329 &construct_key_11329
24483 +next_segment_11330 next_segment 0-2-1 11330 NULL
24484 +i915_max_freq_write_11350 i915_max_freq_write 3 11350 NULL
24485 +sel_write_create_11353 sel_write_create 3 11353 NULL
24486 -+handle_unit_11355 handle_unit 0-1 11355 NULL
24487 +drm_vblank_init_11362 drm_vblank_init 2 11362 NULL
24488 +qib_get_base_info_11369 qib_get_base_info 3 11369 NULL
24489 +dev_irnet_write_11398 dev_irnet_write 3 11398 NULL
24490 +___alloc_bootmem_11410 ___alloc_bootmem 1 11410 NULL
24491 +str_to_user_11411 str_to_user 2 11411 NULL
24492 +trace_options_read_11419 trace_options_read 3 11419 NULL
24493 -+xd_read_multiple_pages_11422 xd_read_multiple_pages 5-4 11422 NULL
24494 ++__irq_set_trigger_11422 __irq_set_trigger 0 11422 NULL nohasharray
24495 ++xd_read_multiple_pages_11422 xd_read_multiple_pages 5-4 11422 &__irq_set_trigger_11422
24496 +prepare_image_11424 prepare_image 0 11424 NULL
24497 -+vring_size_11426 vring_size 0-1-2 11426 NULL
24498 +bttv_read_11432 bttv_read 3 11432 NULL
24499 +__bm_find_next_11447 __bm_find_next 2 11447 NULL
24500 -+swp_offset_11475 swp_offset 0 11475 NULL
24501 -+sca3000_read_first_n_hw_rb_11479 sca3000_read_first_n_hw_rb 2 11479 NULL
24502 ++pci_set_power_state_11479 pci_set_power_state 0 11479 NULL nohasharray
24503 ++sca3000_read_first_n_hw_rb_11479 sca3000_read_first_n_hw_rb 2 11479 &pci_set_power_state_11479
24504 +sd_do_mode_sense_11507 sd_do_mode_sense 5 11507 NULL
24505 +kmem_zalloc_11510 kmem_zalloc 1 11510 NULL
24506 +setup_IO_APIC_irq_extra_11537 setup_IO_APIC_irq_extra 1 11537 NULL
24507 +skb_cow_data_11565 skb_cow_data 0-2 11565 NULL
24508 +mlx4_init_cmpt_table_11569 mlx4_init_cmpt_table 3 11569 NULL
24509 ++lpfc_idiag_ctlacc_write_11576 lpfc_idiag_ctlacc_write 3 11576 NULL
24510 +oprofilefs_ulong_to_user_11582 oprofilefs_ulong_to_user 3 11582 NULL
24511 +snd_pcm_action_11589 snd_pcm_action 0 11589 NULL
24512 +fw_device_op_ioctl_11595 fw_device_op_ioctl 2 11595 NULL
24513 ++hycapi_rx_capipkt_11602 hycapi_rx_capipkt 3 11602 NULL
24514 +sisusb_send_bridge_packet_11649 sisusb_send_bridge_packet 2 11649 NULL
24515 +nla_total_size_11658 nla_total_size 0-1 11658 NULL
24516 +ide_queue_pc_tail_11673 ide_queue_pc_tail 5 11673 NULL
24517 +btrfs_alloc_delayed_item_11678 btrfs_alloc_delayed_item 1 11678 NULL
24518 -+dsp_buffer_alloc_11684 dsp_buffer_alloc 2 11684 NULL
24519 +iwm_ntf_calib_res_11686 iwm_ntf_calib_res 3 11686 NULL
24520 +sctp_setsockopt_hmac_ident_11687 sctp_setsockopt_hmac_ident 3 11687 NULL
24521 +split_11691 split 2 11691 NULL
24522 @@ -105009,17 +105807,23 @@ index 0000000..6fcc08d
24523 +tcf_csum_ipv6_icmp_11738 tcf_csum_ipv6_icmp 4 11738 NULL
24524 +nfsd4_get_drc_mem_11748 nfsd4_get_drc_mem 0-1-2 11748 NULL
24525 +iwl_dbgfs_qos_read_11753 iwl_dbgfs_qos_read 3 11753 NULL
24526 ++intel_map_page_11762 intel_map_page 4-3 11762 NULL
24527 ++rd_regl_11767 rd_regl 0 11767 NULL
24528 ++ocfs2_relink_block_group_11769 ocfs2_relink_block_group 0 11769 NULL
24529 +ps_pspoll_timeouts_read_11776 ps_pspoll_timeouts_read 3 11776 NULL
24530 -+ebt_buf_add_11779 ebt_buf_add 0 11779 NULL
24531 ++btrfs_key_blockptr_11786 btrfs_key_blockptr 0 11786 NULL
24532 +pcpu_fc_alloc_11818 pcpu_fc_alloc 2 11818 NULL
24533 ++umc_device_register_11824 umc_device_register 0 11824 NULL
24534 +zerocopy_sg_from_iovec_11828 zerocopy_sg_from_iovec 3 11828 NULL
24535 +sctp_setsockopt_maxseg_11829 sctp_setsockopt_maxseg 3 11829 NULL
24536 +rts51x_read_status_11830 rts51x_read_status 4 11830 NULL
24537 -+avc_has_perm_11840 avc_has_perm 3 11840 NULL
24538 +shmem_xattr_set_11843 shmem_xattr_set 4 11843 NULL
24539 +unix_stream_connect_11844 unix_stream_connect 3 11844 NULL
24540 +ecryptfs_copy_filename_11868 ecryptfs_copy_filename 4 11868 NULL
24541 +l2cap_chan_send_11878 l2cap_chan_send 3 11878 NULL
24542 ++_l2_alloc_skb_11883 _l2_alloc_skb 1 11883 NULL
24543 ++xstateregs_get_11906 xstateregs_get 4 11906 NULL
24544 ++ti_write_11916 ti_write 4 11916 NULL
24545 +kmalloc_slab_11917 kmalloc_slab 1 11917 NULL
24546 +fs_devrw_entry_11924 fs_devrw_entry 3 11924 NULL
24547 +bitmap_remap_11929 bitmap_remap 5 11929 NULL
24548 @@ -105027,17 +105831,23 @@ index 0000000..6fcc08d
24549 +dccp_feat_clone_sp_val_11942 dccp_feat_clone_sp_val 3 11942 NULL
24550 +kvm_set_msr_common_11953 kvm_set_msr_common 3 11953 NULL
24551 +f1x_swap_interleaved_region_11970 f1x_swap_interleaved_region 0-2 11970 NULL
24552 ++usc_InReg_11976 usc_InReg 0 11976 NULL nohasharray
24553 ++split_node_11976 split_node 0 11976 &usc_InReg_11976
24554 ++BeceemFlashBulkRead_11979 BeceemFlashBulkRead 0 11979 NULL
24555 ++atmel_read16_11981 atmel_read16 0 11981 NULL
24556 +ftdi_elan_total_command_size_12045 ftdi_elan_total_command_size 0 12045 NULL
24557 +pyra_send_12061 pyra_send 4 12061 NULL
24558 +ptc_proc_write_12076 ptc_proc_write 3 12076 NULL
24559 -+ubifs_recover_log_leb_12079 ubifs_recover_log_leb 3 12079 NULL
24560 ++i915_gem_object_pin_12083 i915_gem_object_pin 0 12083 NULL
24561 +alloc_bulk_urbs_generic_12127 alloc_bulk_urbs_generic 5 12127 NULL
24562 +xfs_handle_to_dentry_12135 xfs_handle_to_dentry 3 12135 NULL
24563 +rawv6_seticmpfilter_12137 rawv6_seticmpfilter 5 12137 NULL
24564 -+vmw_fifo_reserve_12141 vmw_fifo_reserve 2 12141 NULL
24565 ++generic_file_llseek_12139 generic_file_llseek 2 12139 NULL
24566 +iwl4965_ucode_tx_stats_read_12143 iwl4965_ucode_tx_stats_read 3 12143 NULL
24567 ++rawsock_recvmsg_12144 rawsock_recvmsg 4 12144 NULL
24568 +get_idx_gc_leb_12148 get_idx_gc_leb 0 12148 NULL
24569 +btmrvl_sdio_host_to_card_12152 btmrvl_sdio_host_to_card 3 12152 NULL
24570 ++ocfs2_local_alloc_new_window_12153 ocfs2_local_alloc_new_window 0 12153 NULL
24571 +vmbus_open_12154 vmbus_open 2-3 12154 NULL
24572 +tt_update_changes_12155 tt_update_changes 3 12155 NULL
24573 +dma_memcpy_to_iovec_12173 dma_memcpy_to_iovec 5 12173 NULL
24574 @@ -105058,159 +105868,205 @@ index 0000000..6fcc08d
24575 +note_last_dentry_12285 note_last_dentry 3 12285 NULL
24576 +roundup_to_multiple_of_64_12288 roundup_to_multiple_of_64 0-1 12288 NULL
24577 +iwm_notif_send_12295 iwm_notif_send 6 12295 NULL
24578 -+vxge_get_num_vfs_12302 vxge_get_num_vfs 0 12302 NULL
24579 -+__einj_error_trigger_12304 __einj_error_trigger 1 12304 NULL
24580 ++wrap_min_12303 wrap_min 0-1-2 12303 NULL
24581 ++__einj_error_trigger_12304 __einj_error_trigger 0 12304 NULL
24582 ++bt_sock_recvmsg_12316 bt_sock_recvmsg 4 12316 NULL
24583 +alloc_trace_probe_12323 alloc_trace_probe 6 12323 NULL
24584 +tipc_msg_build_12326 tipc_msg_build 4 12326 NULL
24585 +pcbit_writecmd_12332 pcbit_writecmd 2 12332 NULL
24586 +mptctl_ioctl_12355 mptctl_ioctl 2 12355 NULL
24587 ++receive_packet_12367 receive_packet 2 12367 NULL
24588 +xfs_iext_inline_to_direct_12384 xfs_iext_inline_to_direct 2 12384 NULL
24589 -+btrfs_file_extent_ram_bytes_12391 btrfs_file_extent_ram_bytes 0 12391 NULL
24590 ++btrfs_file_extent_ram_bytes_12391 btrfs_file_extent_ram_bytes 0 12391 NULL nohasharray
24591 ++populate_dir_12391 populate_dir 0 12391 &btrfs_file_extent_ram_bytes_12391
24592 ++ntfs_get_size_for_mapping_pairs_12413 ntfs_get_size_for_mapping_pairs 0 12413 NULL
24593 ++gfs2_llseek_12464 gfs2_llseek 2 12464 NULL
24594 +skb_do_copy_data_nocache_12465 skb_do_copy_data_nocache 5 12465 NULL
24595 +x25_sendmsg_12487 x25_sendmsg 4 12487 NULL
24596 ++rtllib_auth_challenge_12493 rtllib_auth_challenge 3 12493 NULL
24597 +nfs_readdir_make_qstr_12509 nfs_readdir_make_qstr 3 12509 NULL
24598 +qib_alloc_fast_reg_mr_12526 qib_alloc_fast_reg_mr 2 12526 NULL
24599 ++xfs_get_extsz_hint_12531 xfs_get_extsz_hint 0 12531 NULL
24600 +iwl_legacy_dbgfs_rx_statistics_read_12545 iwl_legacy_dbgfs_rx_statistics_read 3 12545 NULL
24601 ++WriteRegs_12569 WriteRegs 0 12569 NULL
24602 ++ceph_osdc_wait_request_12572 ceph_osdc_wait_request 0 12572 NULL
24603 +hvc_alloc_12579 hvc_alloc 4 12579 NULL
24604 -+snd_pcm_plugin_alloc_12580 snd_pcm_plugin_alloc 2 12580 NULL
24605 -+macvtap_compat_ioctl_12587 macvtap_compat_ioctl 3 12587 NULL
24606 +pcpu_extend_area_map_12589 pcpu_extend_area_map 2 12589 NULL
24607 +vhci_put_user_12604 vhci_put_user 4 12604 NULL
24608 +fc_fcp_frame_alloc_12624 fc_fcp_frame_alloc 2 12624 NULL
24609 -+ctrl_cdev_compat_ioctl_12634 ctrl_cdev_compat_ioctl 3 12634 NULL
24610 +pn_sendmsg_12640 pn_sendmsg 4 12640 NULL
24611 ++nr_recvmsg_12649 nr_recvmsg 4 12649 NULL
24612 +ocfs2_read_block_12659 ocfs2_read_block 0 12659 NULL
24613 +trusted_update_12664 trusted_update 3 12664 NULL
24614 +sel_read_class_12669 sel_read_class 3 12669 NULL nohasharray
24615 +sparse_mem_maps_populate_node_12669 sparse_mem_maps_populate_node 4 12669 &sel_read_class_12669
24616 +ieee80211_if_read_num_buffered_multicast_12716 ieee80211_if_read_num_buffered_multicast 3 12716 NULL
24617 ++inet6_prefix_nlmsg_size_12722 inet6_prefix_nlmsg_size 0 12722 NULL
24618 +key_rx_spec_read_12736 key_rx_spec_read 3 12736 NULL
24619 +ieee80211_if_read_dot11MeshMaxRetries_12756 ieee80211_if_read_dot11MeshMaxRetries 3 12756 NULL
24620 +listxattr_12769 listxattr 3 12769 NULL
24621 +sctp_ssnmap_init_12772 sctp_ssnmap_init 2-3 12772 NULL
24622 ++ip_ufo_append_data_12775 ip_ufo_append_data 6-7-8 12775 NULL
24623 +platform_create_bundle_12785 platform_create_bundle 4-6 12785 NULL
24624 +scsi_adjust_queue_depth_12802 scsi_adjust_queue_depth 3 12802 NULL
24625 +xfs_inumbers_fmt_12817 xfs_inumbers_fmt 3 12817 NULL
24626 ++v4l_bound_align_image_12833 v4l_bound_align_image 2-3-6-7 12833 NULL
24627 +TSS_authhmac_12839 TSS_authhmac 3 12839 NULL
24628 +spidev_sync_12842 spidev_sync 0 12842 NULL
24629 +twl4030_init_irq_12843 twl4030_init_irq 2 12843 NULL
24630 +spidev_ioctl_12846 spidev_ioctl 2 12846 NULL
24631 -+crypt_status_12876 crypt_status 4 12876 NULL
24632 ++xfs_rtallocate_extent_exact_12865 xfs_rtallocate_extent_exact 3-5-9 12865 NULL
24633 +get_leb_cnt_12892 get_leb_cnt 0-2 12892 NULL
24634 +ocfs2_hamming_encode_block_12904 ocfs2_hamming_encode_block 2 12904 NULL
24635 +get_virtual_node_size_12908 get_virtual_node_size 0 12908 NULL
24636 -+rds_pages_in_vec_12922 rds_pages_in_vec 0 12922 NULL
24637 -+ci_ll_init_12930 ci_ll_init 3 12930 NULL
24638 ++cxgbi_create_session_12922 cxgbi_create_session 2 12922 NULL nohasharray
24639 ++rds_pages_in_vec_12922 rds_pages_in_vec 0 12922 &cxgbi_create_session_12922
24640 ++free_tind_blocks_12926 free_tind_blocks 0 12926 NULL
24641 ++iwl_legacy_dbgfs_sram_write_12932 iwl_legacy_dbgfs_sram_write 3 12932 NULL
24642 +do_inode_permission_12946 do_inode_permission 0 12946 NULL
24643 ++bcsp_prepare_pkt_12961 bcsp_prepare_pkt 3 12961 NULL
24644 +bm_status_write_12964 bm_status_write 3 12964 NULL
24645 -+acpi_tb_install_table_12988 acpi_tb_install_table 1 12988 NULL
24646 ++sctp_make_chunk_12986 sctp_make_chunk 4 12986 NULL
24647 +TransmitTcb_12989 TransmitTcb 4 12989 NULL
24648 ++__get_extent_inline_ref_13021 __get_extent_inline_ref 0 13021 NULL
24649 +subsystem_filter_write_13022 subsystem_filter_write 3 13022 NULL
24650 +generic_segment_checks_13041 generic_segment_checks 0 13041 NULL nohasharray
24651 -+ubi_eba_atomic_leb_change_13041 ubi_eba_atomic_leb_change 5 13041 &generic_segment_checks_13041
24652 ++ubi_eba_atomic_leb_change_13041 ubi_eba_atomic_leb_change 0 13041 &generic_segment_checks_13041
24653 +ocfs2_write_begin_13045 ocfs2_write_begin 3-4 13045 NULL
24654 -+__dn_setsockopt_13060 __dn_setsockopt 5 13060 NULL
24655 ++ctnetlink_timestamp_size_13060 ctnetlink_timestamp_size 0 13060 NULL nohasharray
24656 ++__dn_setsockopt_13060 __dn_setsockopt 5 13060 &ctnetlink_timestamp_size_13060
24657 ++sandybridge_write_fence_reg_13080 sandybridge_write_fence_reg 0 13080 NULL
24658 ++_ocfs2_free_suballoc_bits_13085 _ocfs2_free_suballoc_bits 0 13085 NULL
24659 +irq_set_chip_and_handler_13088 irq_set_chip_and_handler 1 13088 NULL
24660 +xattr_getsecurity_13090 xattr_getsecurity 0 13090 NULL
24661 +blk_rq_map_sg_13092 blk_rq_map_sg 0 13092 NULL
24662 -+mb_find_next_zero_bit_13100 mb_find_next_zero_bit 2-3 13100 NULL
24663 -+ubifs_compat_ioctl_13108 ubifs_compat_ioctl 3 13108 NULL
24664 ++mb_find_next_zero_bit_13100 mb_find_next_zero_bit 2-3-0 13100 NULL
24665 +snd_rme96_playback_copy_13111 snd_rme96_playback_copy 5 13111 NULL
24666 ++snd_pcm_lib_preallocate_pages_for_all_13112 snd_pcm_lib_preallocate_pages_for_all 4 13112 NULL
24667 +xen_allocate_irq_dynamic_13116 xen_allocate_irq_dynamic 0 13116 NULL
24668 +bfad_debugfs_read_13119 bfad_debugfs_read 3 13119 NULL
24669 ++ip_make_skb_13129 ip_make_skb 5-6 13129 NULL
24670 +blk_update_request_13146 blk_update_request 3 13146 NULL
24671 -+flakey_status_13154 flakey_status 4 13154 NULL
24672 +caif_stream_recvmsg_13173 caif_stream_recvmsg 4 13173 NULL
24673 +pwr_disable_ps_read_13176 pwr_disable_ps_read 3 13176 NULL
24674 -+compat_put_ulong_13186 compat_put_ulong 1 13186 NULL
24675 ++__cmpxchg64_13187 __cmpxchg64 0 13187 NULL
24676 +comedi_read_13199 comedi_read 3 13199 NULL
24677 +mmc_ext_csd_read_13205 mmc_ext_csd_read 3 13205 NULL
24678 +__nodes_fold_13215 __nodes_fold 4 13215 NULL
24679 +svm_msrpm_offset_13220 svm_msrpm_offset 0-1 13220 NULL
24680 ++wait_events_13243 wait_events 0 13243 NULL
24681 +asix_read_cmd_13245 asix_read_cmd 5 13245 NULL
24682 ++snd_emu10k1_fx8010_tram_setup_13248 snd_emu10k1_fx8010_tram_setup 2 13248 NULL
24683 ++fw_download_code_13249 fw_download_code 3 13249 NULL
24684 +init_tid_tabs_13252 init_tid_tabs 2-3-4 13252 NULL
24685 ++hostap_80211_get_hdrlen_13255 hostap_80211_get_hdrlen 0 13255 NULL
24686 +bio_integrity_trim_13259 bio_integrity_trim 3 13259 NULL
24687 ++simple_attr_write_13260 simple_attr_write 3 13260 NULL
24688 ++smctr_process_rx_packet_13270 smctr_process_rx_packet 2 13270 NULL
24689 ++carl9170_rx_13272 carl9170_rx 3 13272 NULL
24690 +pmcraid_notify_aen_13274 pmcraid_notify_aen 3 13274 NULL
24691 +lpfc_idiag_mbxacc_get_setup_13282 lpfc_idiag_mbxacc_get_setup 0 13282 NULL
24692 +platform_device_add_resources_13289 platform_device_add_resources 3 13289 NULL
24693 -+nf_nat_mangle_udp_packet_13321 nf_nat_mangle_udp_packet 7-5 13321 NULL
24694 ++find_get_pages_contig_13317 find_get_pages_contig 0 13317 NULL
24695 ++nf_nat_mangle_udp_packet_13321 nf_nat_mangle_udp_packet 5-7 13321 NULL
24696 +us122l_ctl_msg_13330 us122l_ctl_msg 8 13330 NULL
24697 +kvm_read_nested_guest_page_13337 kvm_read_nested_guest_page 5 13337 NULL
24698 -+mthca_alloc_mtt_range_13371 mthca_alloc_mtt_range 2 13371 NULL
24699 +iso_sched_alloc_13377 iso_sched_alloc 1 13377 NULL nohasharray
24700 +wep_key_not_found_read_13377 wep_key_not_found_read 3 13377 &iso_sched_alloc_13377
24701 ++BcmSetActiveSection_13389 BcmSetActiveSection 0 13389 NULL
24702 +sky2_receive_13407 sky2_receive 2 13407 NULL
24703 -+encrypted_update_13414 encrypted_update 3 13414 NULL
24704 -+netxen_alloc_sds_rings_13417 netxen_alloc_sds_rings 2 13417 NULL
24705 ++encrypted_update_13414 encrypted_update 3 13414 NULL nohasharray
24706 ++ocfs2_inode_lock_update_13414 ocfs2_inode_lock_update 0 13414 &encrypted_update_13414
24707 ++netxen_alloc_sds_rings_13417 netxen_alloc_sds_rings 2 13417 NULL nohasharray
24708 ++i915_gem_execbuffer_sync_rings_13417 i915_gem_execbuffer_sync_rings 0 13417 &netxen_alloc_sds_rings_13417
24709 +keyring_read_13438 keyring_read 3 13438 NULL
24710 +sctp_setsockopt_peer_primary_addr_13440 sctp_setsockopt_peer_primary_addr 3 13440 NULL
24711 +ath6kl_cfg80211_connect_event_13443 ath6kl_cfg80211_connect_event 7-8-9 13443 NULL
24712 -+mthca_buddy_alloc_13454 mthca_buddy_alloc 2 13454 NULL
24713 +ocfs2_align_bytes_to_blocks_13512 ocfs2_align_bytes_to_blocks 2 13512 NULL
24714 +core_status_13515 core_status 4 13515 NULL
24715 +sctp_tsnmap_mark_13527 sctp_tsnmap_mark 2 13527 NULL
24716 +bm_init_13529 bm_init 2 13529 NULL
24717 ++request_any_context_irq_13530 request_any_context_irq 0 13530 NULL
24718 ++usb_hcd_link_urb_to_ep_13560 usb_hcd_link_urb_to_ep 0 13560 NULL
24719 +ubifs_get_idx_gc_leb_13566 ubifs_get_idx_gc_leb 0 13566 NULL
24720 +read_file_antenna_13574 read_file_antenna 3 13574 NULL
24721 +cache_write_13589 cache_write 3 13589 NULL
24722 -+aac_sa_ioremap_13596 aac_sa_ioremap 2 13596 NULL nohasharray
24723 -+irias_new_octseq_value_13596 irias_new_octseq_value 2 13596 &aac_sa_ioremap_13596
24724 -+usb_dump_interface_descriptor_13603 usb_dump_interface_descriptor 0 13603 NULL
24725 -+swap_cgroup_swapon_13614 swap_cgroup_swapon 2 13614 NULL
24726 ++mpt_lan_receive_post_turbo_13592 mpt_lan_receive_post_turbo 2 13592 NULL
24727 ++irias_new_octseq_value_13596 irias_new_octseq_value 2 13596 NULL
24728 ++Rd_Indx_13602 Rd_Indx 3-2 13602 NULL
24729 +wm8994_bulk_write_13615 wm8994_bulk_write 3 13615 NULL
24730 +pmcraid_get_minor_13619 pmcraid_get_minor 0 13619 NULL
24731 +iio_device_add_event_sysfs_13627 iio_device_add_event_sysfs 0 13627 NULL
24732 +packet_snd_13634 packet_snd 3 13634 NULL
24733 ++__qbuf_userptr_13636 __qbuf_userptr 0 13636 NULL
24734 +blk_msg_write_13655 blk_msg_write 3 13655 NULL
24735 +nfs_idmap_lookup_id_13665 nfs_idmap_lookup_id 2 13665 NULL
24736 +cache_downcall_13666 cache_downcall 3 13666 NULL
24737 ++ext3_xattr_list_entries_13682 ext3_xattr_list_entries 0 13682 NULL
24738 ++usb_get_string_13693 usb_get_string 0 13693 NULL
24739 ++atomic_cmpxchg_13700 atomic_cmpxchg 0 13700 NULL
24740 ++ocfs2_cache_block_dealloc_13731 ocfs2_cache_block_dealloc 0 13731 NULL
24741 ++cfg80211_testmode_alloc_event_skb_13739 cfg80211_testmode_alloc_event_skb 2 13739 NULL
24742 +audit_unpack_string_13748 audit_unpack_string 3 13748 NULL
24743 +ufs_dtog_13750 ufs_dtog 0-2 13750 NULL
24744 +fb_sys_read_13778 fb_sys_read 3 13778 NULL
24745 ++CalcMainPLL_13811 CalcMainPLL 0 13811 NULL
24746 ++bat_ogm_aggregate_new_13813 bat_ogm_aggregate_new 2 13813 NULL
24747 +random_read_13815 random_read 3 13815 NULL
24748 ++mutex_lock_interruptible_nested_13817 mutex_lock_interruptible_nested 0 13817 NULL
24749 +mtd_do_readoob_13850 mtd_do_readoob 4 13850 NULL
24750 -+evdev_ioctl_compat_13851 evdev_ioctl_compat 2-3 13851 NULL
24751 ++evdev_ioctl_compat_13851 evdev_ioctl_compat 2 13851 NULL
24752 +compat_ip_setsockopt_13870 compat_ip_setsockopt 5 13870 NULL
24753 +snd_pcm_aio_read_13900 snd_pcm_aio_read 3 13900 NULL
24754 +qla2x00_get_ctx_sp_13912 qla2x00_get_ctx_sp 3 13912 NULL
24755 +ext3_xattr_block_get_13936 ext3_xattr_block_get 0 13936 NULL
24756 +ocfs2_xa_value_truncate_13940 ocfs2_xa_value_truncate 2 13940 NULL
24757 +iwl_dbgfs_protection_mode_read_13943 iwl_dbgfs_protection_mode_read 3 13943 NULL
24758 -+compat_chaninfo_13945 compat_chaninfo 2 13945 NULL
24759 +ieee80211_if_read_min_discovery_timeout_13946 ieee80211_if_read_min_discovery_timeout 3 13946 NULL
24760 +lpfc_idiag_queacc_read_13950 lpfc_idiag_queacc_read 3 13950 NULL
24761 +snd_pcm_plug_slave_size_13967 snd_pcm_plug_slave_size 0-2 13967 NULL
24762 -+com90xx_found_13974 com90xx_found 3 13974 NULL
24763 ++ext4_ind_calc_metadata_amount_13975 ext4_ind_calc_metadata_amount 2 13975 NULL
24764 +qcam_read_13977 qcam_read 3 13977 NULL
24765 +dsp_read_13980 dsp_read 2 13980 NULL
24766 +bm_block_bits_13981 bm_block_bits 0 13981 NULL nohasharray
24767 +dvb_demux_read_13981 dvb_demux_read 3 13981 &bm_block_bits_13981
24768 +ieee80211_bss_info_update_13991 ieee80211_bss_info_update 4 13991 NULL
24769 ++create_files_14003 create_files 0 14003 NULL
24770 ++sddr09_write_data_14014 sddr09_write_data 3 14014 NULL
24771 +btrfs_get_blocks_direct_14016 btrfs_get_blocks_direct 2 14016 NULL
24772 ++_rtl92s_firmware_downloadcode_14021 _rtl92s_firmware_downloadcode 3 14021 NULL
24773 +dvb_usercopy_14036 dvb_usercopy 2 14036 NULL
24774 +read_def_modal_eeprom_14041 read_def_modal_eeprom 3 14041 NULL
24775 +ieee80211_if_fmt_aid_14055 ieee80211_if_fmt_aid 3 14055 NULL
24776 ++utf8_to_utf16le_14057 utf8_to_utf16le 0 14057 NULL
24777 +sta_agg_status_read_14058 sta_agg_status_read 3 14058 NULL
24778 -+do_tcp_sendpages_14083 do_tcp_sendpages 3-4 14083 NULL
24779 ++do_tcp_sendpages_14083 do_tcp_sendpages 4-3 14083 NULL
24780 +do_proc_readlink_14096 do_proc_readlink 3 14096 NULL
24781 +compat_sys_pselect6_14105 compat_sys_pselect6 1 14105 NULL
24782 +nlmsg_len_14115 nlmsg_len 0 14115 NULL
24783 -+ntfs_rl_replace_14136 ntfs_rl_replace 2-4 14136 NULL
24784 +gsm_dlci_data_14155 gsm_dlci_data 3 14155 NULL
24785 +print_input_mask_14168 print_input_mask 3-0 14168 NULL
24786 ++ocfs2_split_and_insert_14171 ocfs2_split_and_insert 0 14171 NULL
24787 +ocfs2_xattr_value_truncate_14183 ocfs2_xattr_value_truncate 3 14183 NULL
24788 ++datafab_read_data_14186 datafab_read_data 4 14186 NULL
24789 +tcp_manip_pkt_14202 tcp_manip_pkt 2 14202 NULL
24790 +alloc_async_14208 alloc_async 1 14208 NULL
24791 ++ath6kl_regread_write_14220 ath6kl_regread_write 3 14220 NULL
24792 +sys_kexec_load_14222 sys_kexec_load 2 14222 NULL
24793 -+dma_declare_coherent_memory_14244 dma_declare_coherent_memory 4-2 14244 NULL
24794 ++dma_declare_coherent_memory_14244 dma_declare_coherent_memory 4 14244 NULL
24795 +snd_soc_hw_bulk_write_raw_14245 snd_soc_hw_bulk_write_raw 4 14245 NULL
24796 -+reiserfs_compat_ioctl_14265 reiserfs_compat_ioctl 3 14265 NULL
24797 ++ext4_journal_restart_14251 ext4_journal_restart 0 14251 NULL
24798 ++radix_tree_prev_hole_14252 radix_tree_prev_hole 0-2 14252 NULL
24799 +ath6kl_connect_event_14267 ath6kl_connect_event 7-8-9 14267 NULL
24800 +add_numbered_child_14273 add_numbered_child 5 14273 NULL
24801 ++OS_mem_token_alloc_14276 OS_mem_token_alloc 1 14276 NULL
24802 +em28xx_i2c_eeprom_14280 em28xx_i2c_eeprom 3 14280 NULL
24803 +snd_seq_oss_readq_new_14283 snd_seq_oss_readq_new 2 14283 NULL
24804 ++audit_send_reply_14292 audit_send_reply 7 14292 NULL
24805 +rr_status_14293 rr_status 5 14293 NULL
24806 +read_default_ldt_14302 read_default_ldt 2 14302 NULL
24807 ++xfs_qm_qino_alloc_14309 xfs_qm_qino_alloc 3 14309 NULL
24808 ++i915_gem_object_finish_gpu_14312 i915_gem_object_finish_gpu 0 14312 NULL
24809 +oo_objects_14319 oo_objects 0 14319 NULL
24810 +iwl_legacy_dbgfs_interrupt_read_14324 iwl_legacy_dbgfs_interrupt_read 3 14324 NULL
24811 +p9_client_zc_rpc_14345 p9_client_zc_rpc 7 14345 NULL
24812 @@ -105218,149 +106074,168 @@ index 0000000..6fcc08d
24813 +acpi_get_override_irq_14381 acpi_get_override_irq 1 14381 NULL
24814 +ath6kl_regdump_read_14393 ath6kl_regdump_read 3 14393 NULL
24815 +smk_write_onlycap_14400 smk_write_onlycap 3 14400 NULL
24816 ++first_logical_byte_14403 first_logical_byte 0 14403 NULL
24817 +mtd_concat_create_14416 mtd_concat_create 2 14416 NULL
24818 +get_kcore_size_14425 get_kcore_size 0 14425 NULL
24819 -+easycap_alsa_vmalloc_14426 easycap_alsa_vmalloc 2 14426 NULL
24820 +gart_alloc_coherent_14437 gart_alloc_coherent 2 14437 NULL
24821 +check_lpt_crc_14442 check_lpt_crc 0 14442 NULL
24822 +block_size_14443 block_size 0 14443 NULL
24823 +snd_emu10k1_proc_spdif_status_14457 snd_emu10k1_proc_spdif_status 4-5 14457 NULL
24824 +udplite_getfrag_14479 udplite_getfrag 3-4 14479 NULL
24825 +ieee80211_if_read_dot11MeshGateAnnouncementProtocol_14486 ieee80211_if_read_dot11MeshGateAnnouncementProtocol 3 14486 NULL
24826 ++cmd_complete_14502 cmd_complete 5 14502 NULL
24827 +ocfs2_debug_read_14507 ocfs2_debug_read 3 14507 NULL
24828 -+ep0_write_14536 ep0_write 3 14536 NULL nohasharray
24829 -+dataflash_read_user_otp_14536 dataflash_read_user_otp 2-3 14536 &ep0_write_14536
24830 ++prepare_data_14536 prepare_data 3 14536 NULL nohasharray
24831 ++ep0_write_14536 ep0_write 3 14536 &prepare_data_14536 nohasharray
24832 ++dataflash_read_user_otp_14536 dataflash_read_user_otp 3-2 14536 &ep0_write_14536
24833 ++register_trace_sched_switch_14545 register_trace_sched_switch 0 14545 NULL
24834 ++l2cap_send_cmd_14548 l2cap_send_cmd 4 14548 NULL
24835 +picolcd_debug_eeprom_read_14549 picolcd_debug_eeprom_read 3 14549 NULL
24836 -+drm_vmalloc_dma_14550 drm_vmalloc_dma 1 14550 NULL
24837 -+usb_dump_desc_14553 usb_dump_desc 0 14553 NULL
24838 +nfqnl_mangle_14583 nfqnl_mangle 2 14583 NULL
24839 +idmap_pipe_downcall_14591 idmap_pipe_downcall 3 14591 NULL
24840 ++ocfs2_steal_meta_14602 ocfs2_steal_meta 0 14602 NULL
24841 +ocfs2_trim_group_14641 ocfs2_trim_group 4-3 14641 NULL
24842 +dbJoin_14644 dbJoin 0 14644 NULL
24843 +profile_replace_14652 profile_replace 3 14652 NULL
24844 ++min_bytes_needed_14675 min_bytes_needed 0 14675 NULL
24845 +ieee80211_if_fmt_rc_rateidx_mask_2ghz_14683 ieee80211_if_fmt_rc_rateidx_mask_2ghz 3 14683 NULL
24846 -+tsi148_master_set_14685 tsi148_master_set 4 14685 NULL
24847 +u_audio_playback_14709 u_audio_playback 3 14709 NULL
24848 +vfd_write_14717 vfd_write 3 14717 NULL
24849 ++ext4_da_map_blocks_14723 ext4_da_map_blocks 2 14723 NULL nohasharray
24850 ++inet_listen_14723 inet_listen 2 14723 &ext4_da_map_blocks_14723
24851 +__blk_end_request_14729 __blk_end_request 3 14729 NULL nohasharray
24852 +do_mmap_14729 do_mmap 0 14729 &__blk_end_request_14729
24853 ++rh_urb_enqueue_14733 rh_urb_enqueue 0 14733 NULL
24854 +store_camera_14751 store_camera 4 14751 NULL
24855 -+qla82xx_pci_mem_write_2M_14765 qla82xx_pci_mem_write_2M 2 14765 NULL
24856 +sta_dev_read_14782 sta_dev_read 3 14782 NULL
24857 -+cp_tm1217_read_14792 cp_tm1217_read 3 14792 NULL
24858 ++keys_proc_write_14792 keys_proc_write 3 14792 NULL nohasharray
24859 ++cp_tm1217_read_14792 cp_tm1217_read 3 14792 &keys_proc_write_14792
24860 +ext4_kvmalloc_14796 ext4_kvmalloc 1 14796 NULL
24861 -+nfs_parse_server_name_14800 nfs_parse_server_name 2 14800 NULL
24862 -+hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray
24863 -+snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801
24864 -+bcma_scan_read32_14802 bcma_scan_read32 0 14802 NULL
24865 ++__kfifo_in_14797 __kfifo_in 3-0 14797 NULL
24866 ++snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 NULL nohasharray
24867 ++hpet_readl_14801 hpet_readl 0 14801 &snd_als300_gcr_read_14801
24868 ++__i2400ms_rx_get_size_14826 __i2400ms_rx_get_size 0 14826 NULL
24869 +do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL
24870 +__mutex_fastpath_lock_retval_14844 __mutex_fastpath_lock_retval 0 14844 NULL
24871 +lcd_write_14857 lcd_write 3 14857 NULL nohasharray
24872 +__krealloc_14857 __krealloc 2 14857 &lcd_write_14857
24873 +get_user_cpu_mask_14861 get_user_cpu_mask 2 14861 NULL
24874 -+sriov_enable_migration_14889 sriov_enable_migration 2 14889 NULL
24875 +acpi_os_allocate_14892 acpi_os_allocate 1 14892 NULL
24876 -+ubi_leb_change_14899 ubi_leb_change 4 14899 NULL
24877 ++ubi_leb_change_14899 ubi_leb_change 0 14899 NULL
24878 +krealloc_14908 krealloc 2 14908 NULL
24879 +__arch_hweight64_14923 __arch_hweight64 0 14923 NULL
24880 +store_sys_wmi_14934 store_sys_wmi 4 14934 NULL
24881 +ocfs2_expand_nonsparse_inode_14936 ocfs2_expand_nonsparse_inode 3-4 14936 NULL
24882 +queue_cnt_14951 queue_cnt 0 14951 NULL
24883 ++unix_dgram_recvmsg_14952 unix_dgram_recvmsg 4 14952 NULL
24884 +videobuf_read_stream_14956 videobuf_read_stream 3 14956 NULL
24885 +help_14971 help 4 14971 NULL
24886 +mce_flush_rx_buffer_14976 mce_flush_rx_buffer 2 14976 NULL
24887 +setkey_14987 setkey 3 14987 NULL
24888 +store_touchpad_15003 store_touchpad 4 15003 NULL
24889 -+vmap_15025 vmap 2 15025 NULL
24890 +blk_integrity_tuple_size_15027 blk_integrity_tuple_size 0 15027 NULL
24891 -+irq_get_next_irq_15053 irq_get_next_irq 1 15053 NULL
24892 ++irq_get_next_irq_15053 irq_get_next_irq 1-0 15053 NULL
24893 +store_lslvl_15059 store_lslvl 4 15059 NULL
24894 +nfs4_write_cached_acl_15070 nfs4_write_cached_acl 4 15070 NULL
24895 -+ntfs_copy_from_user_15072 ntfs_copy_from_user 3-5 15072 NULL
24896 -+ubifs_write_node_15088 ubifs_write_node 5-3 15088 NULL
24897 ++ntfs_copy_from_user_15072 ntfs_copy_from_user 3-5-0 15072 NULL
24898 ++pppoe_recvmsg_15073 pppoe_recvmsg 4 15073 NULL
24899 +hex_dump_to_buffer_15121 hex_dump_to_buffer 6 15121 NULL
24900 +start_port_15124 start_port 0 15124 NULL
24901 -+memchr_15126 memchr 0 15126 NULL
24902 ++perf_ctx_adjust_freq_15133 perf_ctx_adjust_freq 2 15133 NULL
24903 +ipwireless_ppp_mru_15153 ipwireless_ppp_mru 0 15153 NULL
24904 +iscsi_create_endpoint_15193 iscsi_create_endpoint 1 15193 NULL
24905 +reserve_resources_15194 reserve_resources 3 15194 NULL
24906 +bfad_debugfs_write_regrd_15218 bfad_debugfs_write_regrd 3 15218 NULL
24907 -+udf_bitmap_new_block_15230 udf_bitmap_new_block 5 15230 NULL
24908 ++udf_bitmap_new_block_15230 udf_bitmap_new_block 5 15230 NULL nohasharray
24909 ++nlmsg_total_size_15230 nlmsg_total_size 0-1 15230 &udf_bitmap_new_block_15230
24910 +variax_alloc_sysex_buffer_15237 variax_alloc_sysex_buffer 3 15237 NULL
24911 -+compat_raw_ioctl_15290 compat_raw_ioctl 3 15290 NULL
24912 -+sys_connect_15291 sys_connect 3 15291 NULL nohasharray
24913 -+xlate_dev_mem_ptr_15291 xlate_dev_mem_ptr 1 15291 &sys_connect_15291
24914 ++iwl_dbgfs_sram_write_15239 iwl_dbgfs_sram_write 3 15239 NULL
24915 ++simple_strtol_15273 simple_strtol 0 15273 NULL
24916 ++fw_realloc_buffer_15280 fw_realloc_buffer 2 15280 NULL
24917 ++sys_connect_15291 sys_connect 3 15291 NULL
24918 +arch_enable_uv_irq_15294 arch_enable_uv_irq 2 15294 NULL
24919 +acpi_ev_create_gpe_block_15297 acpi_ev_create_gpe_block 5 15297 NULL
24920 -+tpm_tis_init_15304 tpm_tis_init 2-3 15304 NULL
24921 -+__ocfs2_remove_xattr_range_15330 __ocfs2_remove_xattr_range 4-5-3 15330 NULL
24922 ++ocfs2_read_refcount_block_15305 ocfs2_read_refcount_block 0 15305 NULL
24923 ++fcoe_ctlr_send_keep_alive_15308 fcoe_ctlr_send_keep_alive 3 15308 NULL
24924 ++__ocfs2_remove_xattr_range_15330 __ocfs2_remove_xattr_range 4-3-5 15330 NULL
24925 +ioread16_15342 ioread16 0 15342 NULL
24926 -+alloc_ring_15345 alloc_ring 2-4 15345 NULL
24927 ++alloc_ring_15345 alloc_ring 4-2 15345 NULL
24928 +acpi_ut_create_string_object_15360 acpi_ut_create_string_object 1 15360 NULL
24929 +compat_sys_process_vm_readv_15374 compat_sys_process_vm_readv 3-5 15374 NULL
24930 -+fq_codel_zalloc_15378 fq_codel_zalloc 1 15378 NULL
24931 +domain_flush_pages_15379 domain_flush_pages 2-3 15379 NULL
24932 +alloc_fddidev_15382 alloc_fddidev 1 15382 NULL
24933 -+btrfs_level_size_15392 btrfs_level_size 0 15392 NULL
24934 +get_modalias_15406 get_modalias 2 15406 NULL
24935 -+__videobuf_copy_to_user_15423 __videobuf_copy_to_user 4 15423 NULL
24936 ++__videobuf_copy_to_user_15423 __videobuf_copy_to_user 4-0 15423 NULL
24937 +tcp_mtu_to_mss_15438 tcp_mtu_to_mss 0-2 15438 NULL
24938 +hpsa_change_queue_depth_15449 hpsa_change_queue_depth 2 15449 NULL
24939 -+vmalloc_15464 vmalloc 1 15464 NULL
24940 ++__mutex_lock_killable_slowpath_15472 __mutex_lock_killable_slowpath 0 15472 NULL
24941 ++iwl_legacy_dbgfs_wd_timeout_write_15478 iwl_legacy_dbgfs_wd_timeout_write 3 15478 NULL
24942 ++insert_old_idx_znode_15500 insert_old_idx_znode 0 15500 NULL
24943 +zd_chip_is_zd1211b_15518 zd_chip_is_zd1211b 0 15518 NULL
24944 ++ifx_spi_write_15531 ifx_spi_write 3 15531 NULL
24945 +p9_check_zc_errors_15534 p9_check_zc_errors 4 15534 NULL
24946 +ql_process_mac_rx_page_15543 ql_process_mac_rx_page 4 15543 NULL
24947 ++xfrm_state_mtu_15548 xfrm_state_mtu 0-2 15548 NULL
24948 ++ieee80211_amsdu_to_8023s_15561 ieee80211_amsdu_to_8023s 5 15561 NULL
24949 ++mlx4_buf_alloc_15572 mlx4_buf_alloc 2 15572 NULL nohasharray
24950 ++snd_pcm_channel_info_15572 snd_pcm_channel_info 0 15572 &mlx4_buf_alloc_15572
24951 +persistent_status_15574 persistent_status 4 15574 NULL
24952 +bnx2fc_process_unsol_compl_15576 bnx2fc_process_unsol_compl 2 15576 NULL
24953 +vme_user_write_15587 vme_user_write 3 15587 NULL
24954 -+ocfs2_truncate_rec_15595 ocfs2_truncate_rec 7 15595 NULL
24955 ++ocfs2_truncate_rec_15595 ocfs2_truncate_rec 0-7 15595 NULL
24956 +get_event_length_15598 get_event_length 0 15598 NULL
24957 +sx150x_install_irq_chip_15609 sx150x_install_irq_chip 3 15609 NULL
24958 +iommu_device_max_index_15620 iommu_device_max_index 0-3-2-1 15620 NULL nohasharray
24959 +compat_fillonedir_15620 compat_fillonedir 3 15620 &iommu_device_max_index_15620
24960 ++dsp_cmx_send_member_15625 dsp_cmx_send_member 2 15625 NULL
24961 +proc_loginuid_read_15631 proc_loginuid_read 3 15631 NULL
24962 -+tomoyo_scan_bprm_15642 tomoyo_scan_bprm 2-4 15642 NULL
24963 ++tomoyo_scan_bprm_15642 tomoyo_scan_bprm 4-2 15642 NULL
24964 ++joydev_handle_JSIOCSBTNMAP_15643 joydev_handle_JSIOCSBTNMAP 3 15643 NULL
24965 +xsd_read_15653 xsd_read 3 15653 NULL
24966 +compat_sys_fcntl_15654 compat_sys_fcntl 3 15654 NULL
24967 +unix_bind_15668 unix_bind 3 15668 NULL
24968 +dm_read_15674 dm_read 3 15674 NULL
24969 -+ocfs2_split_tree_15716 ocfs2_split_tree 5 15716 NULL
24970 ++i915_gem_object_set_to_cpu_domain_15705 i915_gem_object_set_to_cpu_domain 0 15705 NULL
24971 ++inet6_if_nlmsg_size_15711 inet6_if_nlmsg_size 0 15711 NULL
24972 ++ocfs2_split_tree_15716 ocfs2_split_tree 0-5 15716 NULL
24973 +HiSax_readstatus_15752 HiSax_readstatus 2 15752 NULL
24974 +sk_wmem_schedule_15759 sk_wmem_schedule 2 15759 NULL
24975 -+bitmap_search_next_usable_block_15762 bitmap_search_next_usable_block 3-1 15762 NULL
24976 -+do_test_15766 do_test 1 15766 NULL
24977 ++ftrace_profile_init_cpu_15761 ftrace_profile_init_cpu 0 15761 NULL
24978 ++bitmap_search_next_usable_block_15762 bitmap_search_next_usable_block 3-1-0 15762 NULL
24979 ++msi_alloc_irte_15798 msi_alloc_irte 3 15798 NULL
24980 +smk_read_direct_15803 smk_read_direct 3 15803 NULL
24981 -+snd_pcm_ioctl_compat_15804 snd_pcm_ioctl_compat 3 15804 NULL
24982 -+gx1_read_conf_reg_15817 gx1_read_conf_reg 0 15817 NULL nohasharray
24983 -+gnttab_expand_15817 gnttab_expand 1 15817 &gx1_read_conf_reg_15817
24984 -+afs_proc_rootcell_write_15822 afs_proc_rootcell_write 3 15822 NULL nohasharray
24985 -+random_N_15822 random_N 1 15822 &afs_proc_rootcell_write_15822
24986 ++gnttab_expand_15817 gnttab_expand 1 15817 NULL
24987 ++afs_proc_rootcell_write_15822 afs_proc_rootcell_write 3 15822 NULL
24988 +table_size_15851 table_size 0-1-2 15851 NULL
24989 -+ubi_io_write_15870 ubi_io_write 5-4 15870 NULL nohasharray
24990 ++ubi_io_write_15870 ubi_io_write 0 15870 NULL nohasharray
24991 +media_entity_init_15870 media_entity_init 2-4 15870 &ubi_io_write_15870
24992 ++ddr_init_15874 ddr_init 0 15874 NULL
24993 +__mptctl_ioctl_15875 __mptctl_ioctl 2 15875 NULL
24994 +nfs_map_group_to_gid_15892 nfs_map_group_to_gid 3 15892 NULL
24995 +native_read_msr_15905 native_read_msr 0 15905 NULL
24996 +parse_audio_stream_data_15937 parse_audio_stream_data 3 15937 NULL
24997 +power_read_15939 power_read 3 15939 NULL
24998 -+lpfc_idiag_drbacc_read_15948 lpfc_idiag_drbacc_read 3 15948 NULL
24999 -+snd_pcm_lib_read_transfer_15952 snd_pcm_lib_read_transfer 4-2-5 15952 NULL
25000 -+process_vm_rw_pages_15954 process_vm_rw_pages 6-5 15954 NULL
25001 -+remap_pci_mem_15966 remap_pci_mem 1-2 15966 NULL
25002 -+frame_alloc_15981 frame_alloc 4 15981 NULL
25003 -+alloc_vm_area_15989 alloc_vm_area 1 15989 NULL
25004 ++lpfc_idiag_drbacc_read_15948 lpfc_idiag_drbacc_read 3 15948 NULL nohasharray
25005 ++i2c_write_15948 i2c_write 0 15948 &lpfc_idiag_drbacc_read_15948
25006 ++snd_pcm_lib_read_transfer_15952 snd_pcm_lib_read_transfer 5-2-4 15952 NULL
25007 ++calculate_max_size_15977 calculate_max_size 0 15977 NULL
25008 +get_entry_16003 get_entry 4 16003 NULL
25009 +hdpvr_register_videodev_16010 hdpvr_register_videodev 3 16010 NULL
25010 +viafb_vt1636_proc_write_16018 viafb_vt1636_proc_write 3 16018 NULL
25011 ++got_frame_16028 got_frame 2 16028 NULL
25012 ++dccp_recvmsg_16056 dccp_recvmsg 4 16056 NULL
25013 ++snd_sgbuf_aligned_pages_16063 snd_sgbuf_aligned_pages 0-1 16063 NULL
25014 ++ocfs2_sync_local_to_main_16076 ocfs2_sync_local_to_main 0 16076 NULL
25015 +isr_tx_exch_complete_read_16103 isr_tx_exch_complete_read 3 16103 NULL
25016 +dma_tx_requested_read_16110 dma_tx_requested_read 3 16110 NULL nohasharray
25017 +isr_hw_pm_mode_changes_read_16110 isr_hw_pm_mode_changes_read 3 16110 &dma_tx_requested_read_16110
25018 +irq_set_chip_and_handler_name_16111 irq_set_chip_and_handler_name 1 16111 NULL
25019 ++rd_mem_16117 rd_mem 0 16117 NULL
25020 +snd_dma_pointer_16126 snd_dma_pointer 0-2 16126 NULL
25021 +compat_sys_select_16131 compat_sys_select 1 16131 NULL
25022 +fsm_init_16134 fsm_init 2 16134 NULL
25023 ++hysdn_rx_netpkt_16136 hysdn_rx_netpkt 3 16136 NULL
25024 +ext4_xattr_block_get_16148 ext4_xattr_block_get 0 16148 NULL
25025 -+bnx2i_get_cid_num_16166 bnx2i_get_cid_num 0 16166 NULL
25026 +cipso_v4_map_cat_rng_hton_16203 cipso_v4_map_cat_rng_hton 0 16203 NULL
25027 +create_table_16213 create_table 2 16213 NULL
25028 +atomic_read_file_16227 atomic_read_file 3 16227 NULL
25029 @@ -105370,163 +106245,206 @@ index 0000000..6fcc08d
25030 +reiserfs_acl_count_16265 reiserfs_acl_count 0-1 16265 NULL
25031 +ocfs2_xattr_bucket_value_truncate_16279 ocfs2_xattr_bucket_value_truncate 4 16279 NULL
25032 +drbd_setsockopt_16280 drbd_setsockopt 5 16280 NULL nohasharray
25033 -+nand_bch_init_16280 nand_bch_init 3-2 16280 &drbd_setsockopt_16280
25034 -+account_16283 account 0-2-4 16283 NULL
25035 ++nand_bch_init_16280 nand_bch_init 2-3 16280 &drbd_setsockopt_16280
25036 ++account_16283 account 0-4-2 16283 NULL
25037 ++jumpshot_read_data_16287 jumpshot_read_data 4 16287 NULL
25038 +stk_allocate_buffers_16291 stk_allocate_buffers 2 16291 NULL
25039 +rsc_mgr_init_16299 rsc_mgr_init 3 16299 NULL
25040 -+vmw_cursor_update_image_16332 vmw_cursor_update_image 3-4 16332 NULL
25041 ++sst_allocate_decode_buf_16349 sst_allocate_decode_buf 3 16349 NULL
25042 +total_ps_buffered_read_16365 total_ps_buffered_read 3 16365 NULL
25043 +iscsi_tcp_conn_setup_16376 iscsi_tcp_conn_setup 2 16376 NULL
25044 +nl80211_send_unprot_deauth_16378 nl80211_send_unprot_deauth 4 16378 NULL
25045 ++i8042_create_kbd_port_16379 i8042_create_kbd_port 0 16379 NULL
25046 ++scsi_nl_send_vendor_msg_16394 scsi_nl_send_vendor_msg 5 16394 NULL
25047 +alloc_trdev_16399 alloc_trdev 1 16399 NULL
25048 -+diva_os_malloc_16406 diva_os_malloc 2 16406 NULL
25049 +ieee80211_if_read_tsf_16420 ieee80211_if_read_tsf 3 16420 NULL
25050 +rxrpc_server_keyring_16431 rxrpc_server_keyring 3 16431 NULL
25051 ++calculate_inocache_hashsize_16449 calculate_inocache_hashsize 0-1 16449 NULL
25052 ++ocfs2_expand_refcount_tree_16455 ocfs2_expand_refcount_tree 0 16455 NULL
25053 +netlink_change_ngroups_16457 netlink_change_ngroups 2 16457 NULL
25054 ++sock_wmalloc_16472 sock_wmalloc 2 16472 NULL
25055 ++ab8500_val_write_16473 ab8500_val_write 3 16473 NULL
25056 ++ocfs2_block_group_set_bits_16488 ocfs2_block_group_set_bits 0 16488 NULL
25057 +tracing_readme_read_16493 tracing_readme_read 3 16493 NULL
25058 ++filemap_write_and_wait_16506 filemap_write_and_wait 0 16506 NULL
25059 ++start_this_handle_16519 start_this_handle 0 16519 NULL
25060 +snd_interval_max_16529 snd_interval_max 0 16529 NULL
25061 +lpfc_debugfs_read_16566 lpfc_debugfs_read 3 16566 NULL
25062 +agp_allocate_memory_wrap_16576 agp_allocate_memory_wrap 1 16576 NULL
25063 ++__cfg80211_testmode_alloc_skb_16611 __cfg80211_testmode_alloc_skb 2 16611 NULL
25064 ++btrfs_wait_marked_extents_16615 btrfs_wait_marked_extents 0 16615 NULL
25065 ++bnx2i_session_create_16624 bnx2i_session_create 2 16624 NULL
25066 ++packet_recv_error_16669 packet_recv_error 3 16669 NULL
25067 +dlm_new_lockspace_16688 dlm_new_lockspace 2 16688 NULL
25068 +calc_layout_16690 calc_layout 4 16690 NULL
25069 +em28xx_v4l2_read_16701 em28xx_v4l2_read 3 16701 NULL
25070 ++iscsi_recv_pdu_16755 iscsi_recv_pdu 4 16755 NULL
25071 +arcmsr_adjust_disk_queue_depth_16756 arcmsr_adjust_disk_queue_depth 2 16756 NULL
25072 -+compat_blkdev_driver_ioctl_16769 compat_blkdev_driver_ioctl 4 16769 NULL
25073 +blk_rq_map_user_iov_16772 blk_rq_map_user_iov 5 16772 NULL
25074 +i2o_parm_issue_16790 i2o_parm_issue 0 16790 NULL
25075 +get_server_iovec_16804 get_server_iovec 2 16804 NULL
25076 +tipc_send2name_16809 tipc_send2name 6 16809 NULL
25077 -+dm_vcalloc_16814 dm_vcalloc 1-2 16814 NULL
25078 +mled_proc_write_16831 mled_proc_write 3 16831 NULL nohasharray
25079 +drm_malloc_ab_16831 drm_malloc_ab 1-2 16831 &mled_proc_write_16831
25080 +scsi_mode_sense_16835 scsi_mode_sense 5 16835 NULL
25081 -+avc_has_perm_noaudit_16837 avc_has_perm_noaudit 3 16837 NULL
25082 +hfsplus_min_io_size_16859 hfsplus_min_io_size 0 16859 NULL
25083 +alloc_idx_lebs_16872 alloc_idx_lebs 2 16872 NULL
25084 +carl9170_debugfs_ampdu_state_read_16873 carl9170_debugfs_ampdu_state_read 3 16873 NULL
25085 +st_write_16874 st_write 3 16874 NULL
25086 +__kfifo_peek_n_16877 __kfifo_peek_n 0 16877 NULL
25087 -+edac_align_ptr_16901 edac_align_ptr 0-2 16901 NULL
25088 ++ext4_ext_zeroout_16895 ext4_ext_zeroout 0 16895 NULL
25089 +mwifiex_update_curr_bss_params_16908 mwifiex_update_curr_bss_params 5 16908 NULL
25090 +ivtv_v4l2_ioctl_16915 ivtv_v4l2_ioctl 2 16915 NULL
25091 +psb_unlocked_ioctl_16926 psb_unlocked_ioctl 2 16926 NULL nohasharray
25092 +snd_gf1_mem_proc_dump_16926 snd_gf1_mem_proc_dump 5 16926 &psb_unlocked_ioctl_16926
25093 ++paranoid_check_vid_hdr_16932 paranoid_check_vid_hdr 0 16932 NULL
25094 +random32_16937 random32 0 16937 NULL
25095 -+_sp2d_alloc_16944 _sp2d_alloc 1-2-3 16944 NULL
25096 ++ip_append_data_16942 ip_append_data 5-6 16942 NULL
25097 ++_sp2d_alloc_16944 _sp2d_alloc 3-2-1 16944 NULL
25098 +squashfs_read_table_16945 squashfs_read_table 3 16945 NULL
25099 +cfg80211_send_unprot_disassoc_16951 cfg80211_send_unprot_disassoc 3 16951 NULL
25100 ++wrm_16966 wrm 0 16966 NULL
25101 +keyctl_instantiate_key_iov_16969 keyctl_instantiate_key_iov 3 16969 NULL
25102 +ceph_read_dir_17005 ceph_read_dir 3 17005 NULL
25103 ++snd_mask_refine_first_17026 snd_mask_refine_first 0 17026 NULL
25104 +copy_counters_to_user_17027 copy_counters_to_user 5 17027 NULL nohasharray
25105 +iwm_if_alloc_17027 iwm_if_alloc 1 17027 &copy_counters_to_user_17027
25106 +jffs2_trusted_setxattr_17048 jffs2_trusted_setxattr 4 17048 NULL
25107 +__arch_hweight32_17060 __arch_hweight32 0 17060 NULL
25108 ++sddr55_read_data_17072 sddr55_read_data 4 17072 NULL
25109 +dvb_dvr_read_17073 dvb_dvr_read 3 17073 NULL
25110 +simple_transaction_read_17076 simple_transaction_read 3 17076 NULL
25111 ++expand_files_17080 expand_files 2 17080 NULL
25112 +carl9170_debugfs_mem_usage_read_17084 carl9170_debugfs_mem_usage_read 3 17084 NULL
25113 -+mac_address_string_17091 mac_address_string 0 17091 NULL
25114 +entry_length_17093 entry_length 0 17093 NULL
25115 +sys_preadv_17100 sys_preadv 3 17100 NULL
25116 ++ocfs2_get_refcount_cpos_end_17113 ocfs2_get_refcount_cpos_end 0 17113 NULL
25117 ++write_mem_17114 write_mem 3 17114 NULL
25118 +pvr2_hdw_state_report_17121 pvr2_hdw_state_report 3 17121 NULL
25119 +mwifiex_get_common_rates_17131 mwifiex_get_common_rates 3 17131 NULL
25120 ++wrmaltWithLock_17139 wrmaltWithLock 0 17139 NULL
25121 ++jumpshot_write_data_17151 jumpshot_write_data 4 17151 NULL
25122 +befs_nls2utf_17163 befs_nls2utf 3 17163 NULL
25123 +pm860x_page_bulk_read_17174 pm860x_page_bulk_read 3 17174 NULL
25124 -+access_remote_vm_17189 access_remote_vm 0-2-4 17189 NULL
25125 ++access_remote_vm_17189 access_remote_vm 0 17189 NULL nohasharray
25126 ++iwl_dbgfs_txfifo_flush_write_17189 iwl_dbgfs_txfifo_flush_write 3 17189 &access_remote_vm_17189
25127 +driver_state_read_17194 driver_state_read 3 17194 NULL nohasharray
25128 +iscsit_find_cmd_from_itt_or_dump_17194 iscsit_find_cmd_from_itt_or_dump 3 17194 &driver_state_read_17194
25129 +dn_recvmsg_17213 dn_recvmsg 4 17213 NULL
25130 +ms_rw_17220 ms_rw 3-4 17220 NULL
25131 ++__be16_to_cpup_17261 __be16_to_cpup 0 17261 NULL
25132 +alloc_ep_17269 alloc_ep 1 17269 NULL
25133 +pg_read_17276 pg_read 3 17276 NULL
25134 +raw_recvmsg_17277 raw_recvmsg 4 17277 NULL
25135 +neigh_hash_grow_17283 neigh_hash_grow 2 17283 NULL
25136 +minstrel_stats_read_17290 minstrel_stats_read 3 17290 NULL
25137 -+qla4_8xxx_pci_mem_read_direct_17301 qla4_8xxx_pci_mem_read_direct 2 17301 NULL
25138 +skb_pad_17302 skb_pad 2 17302 NULL
25139 +mb_cache_create_17307 mb_cache_create 2 17307 NULL
25140 +iwm_umac_set_config_var_17320 iwm_umac_set_config_var 4 17320 NULL
25141 +ata_host_alloc_pinfo_17325 ata_host_alloc_pinfo 3 17325 NULL
25142 ++alloc_fdtable_17389 alloc_fdtable 1 17389 NULL
25143 +lpfc_debugfs_dif_err_write_17424 lpfc_debugfs_dif_err_write 3 17424 NULL
25144 ++compat_sys_ppoll_17430 compat_sys_ppoll 2 17430 NULL
25145 +sta_connected_time_read_17435 sta_connected_time_read 3 17435 NULL
25146 ++snd_hammerfall_get_buffer_17441 snd_hammerfall_get_buffer 3 17441 NULL
25147 +nla_get_u32_17455 nla_get_u32 0 17455 NULL
25148 -+__ref_totlen_17461 __ref_totlen 0 17461 NULL
25149 -+compat_cmd_17465 compat_cmd 2 17465 NULL
25150 -+probe_bios_17467 probe_bios 1 17467 NULL
25151 ++__send_request_17461 __send_request 0 17461 NULL nohasharray
25152 ++__ref_totlen_17461 __ref_totlen 0 17461 &__send_request_17461
25153 ++probe_kernel_write_17481 probe_kernel_write 3 17481 NULL
25154 +TSS_rawhmac_17486 TSS_rawhmac 3 17486 NULL
25155 +bitmap_pos_to_ord_17503 bitmap_pos_to_ord 3 17503 NULL
25156 ++lbs_highrssi_write_17515 lbs_highrssi_write 3 17515 NULL
25157 +restore_i387_fxsave_17528 restore_i387_fxsave 2 17528 NULL
25158 +__cfg80211_roamed_17529 __cfg80211_roamed 5-7 17529 NULL
25159 -+__copy_to_user_17551 __copy_to_user 3 17551 NULL
25160 -+copy_from_user_17559 copy_from_user 3 17559 NULL
25161 ++xlog_do_log_recovery_17550 xlog_do_log_recovery 3 17550 NULL
25162 ++__copy_to_user_17551 __copy_to_user 3-0 17551 NULL
25163 ++copy_from_user_17559 copy_from_user 3-0 17559 NULL
25164 ++snd_pcm_action_lock_irq_17569 snd_pcm_action_lock_irq 0 17569 NULL
25165 +acpi_ut_create_package_object_17594 acpi_ut_create_package_object 1 17594 NULL
25166 +neigh_hash_alloc_17595 neigh_hash_alloc 1 17595 NULL
25167 +rts51x_write_mem_17598 rts51x_write_mem 4 17598 NULL
25168 +brcmf_process_nvram_vars_17601 brcmf_process_nvram_vars 0 17601 NULL nohasharray
25169 +iwl_dump_nic_event_log_17601 iwl_dump_nic_event_log 0 17601 &brcmf_process_nvram_vars_17601
25170 ++__inode_info_17603 __inode_info 0 17603 NULL
25171 +osst_execute_17607 osst_execute 7-6 17607 NULL
25172 +ocfs2_mark_extent_written_17615 ocfs2_mark_extent_written 6 17615 NULL
25173 ++dma_map_page_17628 dma_map_page 0 17628 NULL
25174 ++ocfs2_rotate_subtree_left_17634 ocfs2_rotate_subtree_left 0 17634 NULL
25175 +packet_setsockopt_17662 packet_setsockopt 5 17662 NULL nohasharray
25176 +ubi_io_read_data_17662 ubi_io_read_data 0 17662 &packet_setsockopt_17662
25177 ++dsp_tone_hw_message_17678 dsp_tone_hw_message 3 17678 NULL
25178 +pwr_enable_ps_read_17686 pwr_enable_ps_read 3 17686 NULL
25179 -+venus_rename_17707 venus_rename 5-4 17707 NULL
25180 -+multipath_status_17726 multipath_status 4 17726 NULL
25181 ++filemap_fdatawait_17688 filemap_fdatawait 0 17688 NULL
25182 ++venus_rename_17707 venus_rename 4-5 17707 NULL
25183 ++intel_wait_ring_buffer_17727 intel_wait_ring_buffer 0 17727 NULL
25184 +exofs_read_lookup_dev_table_17733 exofs_read_lookup_dev_table 3 17733 NULL
25185 +sctpprobe_read_17741 sctpprobe_read 3 17741 NULL
25186 +mark_unsafe_pages_17759 mark_unsafe_pages 0 17759 NULL
25187 -+_snd_pcm_lib_alloc_vmalloc_buffer_17820 _snd_pcm_lib_alloc_vmalloc_buffer 2 17820 NULL
25188 ++perf_clock_17787 perf_clock 0 17787 NULL
25189 ++get_unaligned_be64_17794 get_unaligned_be64 0 17794 NULL
25190 +gnet_stats_copy_app_17821 gnet_stats_copy_app 3 17821 NULL
25191 +cipso_v4_gentag_rbm_17836 cipso_v4_gentag_rbm 0 17836 NULL
25192 +count_leafs_17842 count_leafs 0 17842 NULL
25193 ++tcp_left_out_17860 tcp_left_out 0 17860 NULL
25194 +sisusb_send_bulk_msg_17864 sisusb_send_bulk_msg 3 17864 NULL
25195 +alloc_sja1000dev_17868 alloc_sja1000dev 1 17868 NULL
25196 +ray_cs_essid_proc_write_17875 ray_cs_essid_proc_write 3 17875 NULL
25197 -+orinoco_set_key_17878 orinoco_set_key 5-7 17878 NULL
25198 ++orinoco_set_key_17878 orinoco_set_key 7-5 17878 NULL
25199 +init_per_cpu_17880 init_per_cpu 1 17880 NULL
25200 +ieee80211_if_fmt_dot11MeshMaxPeerLinks_17883 ieee80211_if_fmt_dot11MeshMaxPeerLinks 3 17883 NULL
25201 +compat_sys_pwritev_17886 compat_sys_pwritev 3 17886 NULL
25202 +ieee80211_if_fmt_dot11MeshHWMPRootMode_17890 ieee80211_if_fmt_dot11MeshHWMPRootMode 3 17890 NULL
25203 +ocfs2_clusters_to_blocks_17896 ocfs2_clusters_to_blocks 0-2 17896 NULL
25204 -+recover_head_17904 recover_head 3 17904 NULL
25205 +dccp_feat_register_sp_17914 dccp_feat_register_sp 5 17914 NULL
25206 +xfs_buf_associate_memory_17915 xfs_buf_associate_memory 3 17915 NULL
25207 ++xfs_rtallocate_extent_near_17916 xfs_rtallocate_extent_near 3-5-9 17916 NULL
25208 +srp_iu_pool_alloc_17920 srp_iu_pool_alloc 2 17920 NULL
25209 +scsi_bufflen_17933 scsi_bufflen 0 17933 NULL
25210 -+ufs_free_blocks_17963 ufs_free_blocks 2-3 17963 NULL
25211 ++beacon_interval_write_17952 beacon_interval_write 3 17952 NULL
25212 ++ufs_free_blocks_17963 ufs_free_blocks 3-2 17963 NULL
25213 +calc_nr_buckets_17976 calc_nr_buckets 0 17976 NULL
25214 +smk_write_cipso_17989 smk_write_cipso 3 17989 NULL
25215 -+gnttab_max_grant_frames_17993 gnttab_max_grant_frames 0 17993 NULL
25216 +ext4_num_overhead_clusters_18001 ext4_num_overhead_clusters 2 18001 NULL
25217 +pvr2_v4l2_read_18006 pvr2_v4l2_read 3 18006 NULL
25218 +prandom32_18007 prandom32 0 18007 NULL
25219 +alloc_rx_desc_ring_18016 alloc_rx_desc_ring 2 18016 NULL
25220 +fill_read_18019 fill_read 0 18019 NULL
25221 +o2hb_highest_node_18034 o2hb_highest_node 2 18034 NULL
25222 -+cryptd_alloc_instance_18048 cryptd_alloc_instance 2-3 18048 NULL
25223 ++ocfs2_cache_cluster_dealloc_18043 ocfs2_cache_cluster_dealloc 0 18043 NULL
25224 ++cryptd_alloc_instance_18048 cryptd_alloc_instance 3-2 18048 NULL
25225 +ddebug_proc_write_18055 ddebug_proc_write 3 18055 NULL
25226 ++fpregs_get_18066 fpregs_get 4 18066 NULL
25227 ++packet_came_18072 packet_came 3 18072 NULL
25228 +kvm_read_guest_page_18074 kvm_read_guest_page 5 18074 NULL
25229 -+get_vm_area_18080 get_vm_area 1 18080 NULL
25230 ++pvclock_get_nsec_offset_18104 pvclock_get_nsec_offset 0 18104 NULL
25231 +netlink_kernel_create_18110 netlink_kernel_create 3 18110 NULL
25232 ++iwch_create_cq_18115 iwch_create_cq 2 18115 NULL
25233 +dfs_file_read_18116 dfs_file_read 3 18116 NULL
25234 +svc_getnl_18120 svc_getnl 0 18120 NULL
25235 -+vmw_surface_dma_size_18132 vmw_surface_dma_size 0 18132 NULL
25236 +selinux_inode_setsecurity_18148 selinux_inode_setsecurity 4 18148 NULL
25237 ++is_idx_node_in_use_18165 is_idx_node_in_use 0 18165 NULL
25238 +_has_tag_18169 _has_tag 2 18169 NULL
25239 +pccard_store_cis_18176 pccard_store_cis 6 18176 NULL
25240 ++cfpkt_create_18197 cfpkt_create 1 18197 NULL
25241 ++snd_pcm_hw_refine_user_18204 snd_pcm_hw_refine_user 0 18204 NULL
25242 +orinoco_add_extscan_result_18207 orinoco_add_extscan_result 3 18207 NULL
25243 +gsm_control_message_18209 gsm_control_message 4 18209 NULL
25244 ++ocfs2_divide_leaf_refcount_block_18214 ocfs2_divide_leaf_refcount_block 0 18214 NULL
25245 +do_ipv6_setsockopt_18215 do_ipv6_setsockopt 5 18215 NULL
25246 +koneplus_send_18226 koneplus_send 4 18226 NULL
25247 +gnttab_alloc_grant_references_18240 gnttab_alloc_grant_references 1 18240 NULL
25248 -+snd_ctl_ioctl_compat_18250 snd_ctl_ioctl_compat 3 18250 NULL
25249 +rfcomm_sock_setsockopt_18254 rfcomm_sock_setsockopt 5 18254 NULL
25250 ++__sysfs_add_one_18258 __sysfs_add_one 0 18258 NULL
25251 +qdisc_class_hash_alloc_18262 qdisc_class_hash_alloc 1 18262 NULL
25252 ++call_usermodehelper_18268 call_usermodehelper 0 18268 NULL
25253 +gfs2_alloc_sort_buffer_18275 gfs2_alloc_sort_buffer 1 18275 NULL
25254 -+alloc_ring_18278 alloc_ring 2-4 18278 NULL
25255 ++alloc_ring_18278 alloc_ring 4-2 18278 NULL
25256 +find_dirty_idx_leb_18280 find_dirty_idx_leb 0 18280 NULL
25257 +mmc_send_bus_test_18285 mmc_send_bus_test 4 18285 NULL
25258 +um_idi_write_18293 um_idi_write 3 18293 NULL
25259 +ip6ip6_err_18308 ip6ip6_err 5 18308 NULL
25260 +vga_r_18310 vga_r 0 18310 NULL
25261 ++alloc_and_copy_string_18321 alloc_and_copy_string 2 18321 NULL
25262 +ecryptfs_send_message_18322 ecryptfs_send_message 2 18322 NULL
25263 +bio_integrity_advance_18324 bio_integrity_advance 2 18324 NULL
25264 +lcd_proc_write_18351 lcd_proc_write 3 18351 NULL
25265 @@ -105538,11 +106456,15 @@ index 0000000..6fcc08d
25266 +snd_hda_get_connections_18437 snd_hda_get_connections 0 18437 NULL
25267 +fuse_perform_write_18457 fuse_perform_write 4 18457 NULL
25268 +regset_tls_set_18459 regset_tls_set 4 18459 NULL
25269 -+udpv6_setsockopt_18487 udpv6_setsockopt 5 18487 NULL
25270 ++write_file_tx_chainmask_18487 write_file_tx_chainmask 3 18487 NULL nohasharray
25271 ++udpv6_setsockopt_18487 udpv6_setsockopt 5 18487 &write_file_tx_chainmask_18487
25272 ++__copy_user_zeroing_intel_18510 __copy_user_zeroing_intel 0-3 18510 NULL
25273 ++snd_vx_inb_18514 snd_vx_inb 0 18514 NULL
25274 +snd_gus_dram_poke_18525 snd_gus_dram_poke 4 18525 NULL
25275 +seq_copy_in_user_18543 seq_copy_in_user 3 18543 NULL
25276 +acpi_register_gsi_ioapic_18550 acpi_register_gsi_ioapic 2 18550 NULL
25277 +sas_change_queue_depth_18555 sas_change_queue_depth 2 18555 NULL
25278 ++vb2_streamon_18562 vb2_streamon 0 18562 NULL
25279 +debug_output_18575 debug_output 3 18575 NULL
25280 +check_lpt_type_18577 check_lpt_type 0 18577 NULL
25281 +__netdev_alloc_skb_18595 __netdev_alloc_skb 2 18595 NULL
25282 @@ -105556,25 +106478,21 @@ index 0000000..6fcc08d
25283 +unmap_page_18665 unmap_page 2-3 18665 NULL
25284 +edge_tty_recv_18667 edge_tty_recv 4 18667 NULL nohasharray
25285 +xfs_iext_insert_18667 xfs_iext_insert 3 18667 &edge_tty_recv_18667
25286 -+replay_log_leb_18704 replay_log_leb 3 18704 NULL
25287 +iwl_dbgfs_rx_handlers_read_18708 iwl_dbgfs_rx_handlers_read 3 18708 NULL
25288 +ceph_alloc_page_vector_18710 ceph_alloc_page_vector 1 18710 NULL
25289 -+ocfs2_trim_extent_18711 ocfs2_trim_extent 4-3 18711 NULL
25290 ++ocfs2_trim_extent_18711 ocfs2_trim_extent 3-4 18711 NULL
25291 +blk_rq_bytes_18715 blk_rq_bytes 0 18715 NULL
25292 +snd_als4k_gcr_read_addr_18741 snd_als4k_gcr_read_addr 0 18741 NULL
25293 +o2hb_debug_create_18744 o2hb_debug_create 4 18744 NULL
25294 +__erst_read_to_erange_from_nvram_18748 __erst_read_to_erange_from_nvram 0 18748 NULL
25295 +wep_packets_read_18751 wep_packets_read 3 18751 NULL
25296 -+md_compat_ioctl_18764 md_compat_ioctl 4 18764 NULL
25297 +read_file_dump_nfcal_18766 read_file_dump_nfcal 3 18766 NULL
25298 +ffs_epfile_read_18775 ffs_epfile_read 3 18775 NULL
25299 +alloc_fcdev_18780 alloc_fcdev 1 18780 NULL
25300 -+fat_compat_dir_ioctl_18800 fat_compat_dir_ioctl 3 18800 NULL
25301 -+__do_kmalloc_18808 __do_kmalloc 0 18808 NULL
25302 ++ieee80211_auth_challenge_18810 ieee80211_auth_challenge 3 18810 NULL
25303 +setup_ioapic_irq_18813 setup_ioapic_irq 1 18813 NULL
25304 +iio_allocate_device_18821 iio_allocate_device 1 18821 NULL
25305 +sys_modify_ldt_18824 sys_modify_ldt 3 18824 NULL
25306 -+thin_status_18830 thin_status 4 18830 NULL
25307 +mtf_test_write_18844 mtf_test_write 3 18844 NULL
25308 +drm_ht_create_18853 drm_ht_create 2 18853 NULL
25309 +sctp_setsockopt_events_18862 sctp_setsockopt_events 3 18862 NULL
25310 @@ -105583,78 +106501,94 @@ index 0000000..6fcc08d
25311 +width_to_agaw_18883 width_to_agaw 0-1 18883 NULL
25312 +ceph_setxattr_18913 ceph_setxattr 4 18913 NULL
25313 +snapshot_write_next_18937 snapshot_write_next 0 18937 NULL
25314 ++sctp_tsnmap_num_gabs_18952 sctp_tsnmap_num_gabs 0 18952 NULL
25315 ++fdb_nlmsg_size_18957 fdb_nlmsg_size 0 18957 NULL
25316 +__nla_reserve_18974 __nla_reserve 3 18974 NULL
25317 +alc_auto_create_extra_outs_18975 alc_auto_create_extra_outs 2 18975 NULL
25318 +find_dirtiest_idx_leb_19001 find_dirtiest_idx_leb 0 19001 NULL
25319 +layout_in_gaps_19006 layout_in_gaps 2 19006 NULL
25320 +huge_page_size_19008 huge_page_size 0 19008 NULL
25321 -+usbdev_compat_ioctl_19026 usbdev_compat_ioctl 3 19026 NULL
25322 ++push_leaf_right_19017 push_leaf_right 0 19017 NULL
25323 +prepare_highmem_image_19028 prepare_highmem_image 0 19028 NULL
25324 ++ocfs2_steal_resource_19036 ocfs2_steal_resource 0 19036 NULL
25325 +revalidate_19043 revalidate 2 19043 NULL
25326 -+drm_fb_helper_init_19044 drm_fb_helper_init 3-4 19044 NULL
25327 ++drm_fb_helper_init_19044 drm_fb_helper_init 4-3 19044 NULL
25328 ++afs_vnode_store_data_19048 afs_vnode_store_data 2-3-4-5 19048 NULL
25329 ++do_vm86_irq_handling_19056 do_vm86_irq_handling 2 19056 NULL
25330 +create_gpadl_header_19064 create_gpadl_header 2 19064 NULL
25331 +ieee80211_key_alloc_19065 ieee80211_key_alloc 3 19065 NULL
25332 +alloc_pbl_19075 alloc_pbl 2 19075 NULL
25333 -+au_procfs_plm_write_19086 au_procfs_plm_write 3 19086 NULL
25334 +copy_and_check_19089 copy_and_check 3 19089 NULL
25335 -+sys_process_vm_readv_19090 sys_process_vm_readv 3-5 19090 NULL
25336 ++sys_process_vm_readv_19090 sys_process_vm_readv 5-3 19090 NULL
25337 +sta_last_seq_ctrl_read_19106 sta_last_seq_ctrl_read 3 19106 NULL
25338 +cifs_readv_from_socket_19109 cifs_readv_from_socket 3 19109 NULL
25339 +skb_gro_offset_19123 skb_gro_offset 0 19123 NULL
25340 +ext4_inode_table_19125 ext4_inode_table 0 19125 NULL
25341 +snd_als4k_iobase_readl_19136 snd_als4k_iobase_readl 0 19136 NULL
25342 +alloc_irdadev_19140 alloc_irdadev 1 19140 NULL
25343 ++count_history_pages_19171 count_history_pages 0-3 19171 NULL
25344 +iwl_dbgfs_reply_tx_error_read_19205 iwl_dbgfs_reply_tx_error_read 3 19205 NULL
25345 +vmw_unlocked_ioctl_19212 vmw_unlocked_ioctl 2 19212 NULL
25346 -+__copy_to_user_inatomic_19214 __copy_to_user_inatomic 3 19214 NULL
25347 ++__copy_to_user_inatomic_19214 __copy_to_user_inatomic 3-0 19214 NULL
25348 +dev_counters_read_19216 dev_counters_read 3 19216 NULL
25349 +gsi_to_irq_19220 gsi_to_irq 0-1 19220 NULL
25350 +snd_mask_max_19224 snd_mask_max 0 19224 NULL
25351 ++snd_pcm_capture_rewind_19229 snd_pcm_capture_rewind 0-2 19229 NULL
25352 +sys_fcntl_19267 sys_fcntl 3 19267 NULL
25353 -+io_mapping_map_wc_19284 io_mapping_map_wc 2 19284 NULL
25354 -+____cache_alloc_node_19297 ____cache_alloc_node 0 19297 NULL
25355 ++setup_shmem_window_19292 setup_shmem_window 2-3 19292 NULL
25356 +qc_capture_19298 qc_capture 3 19298 NULL
25357 -+ocfs2_prepare_inode_for_refcount_19303 ocfs2_prepare_inode_for_refcount 3-4 19303 NULL
25358 ++ocfs2_prepare_inode_for_refcount_19303 ocfs2_prepare_inode_for_refcount 4-3 19303 NULL
25359 +event_tx_stuck_read_19305 event_tx_stuck_read 3 19305 NULL
25360 +debug_read_19322 debug_read 3 19322 NULL
25361 -+cfg80211_inform_bss_19332 cfg80211_inform_bss 8 19332 NULL
25362 ++cfg80211_inform_bss_19332 cfg80211_inform_bss 8 19332 NULL nohasharray
25363 ++lbs_host_sleep_write_19332 lbs_host_sleep_write 3 19332 &cfg80211_inform_bss_19332
25364 ++firmware_data_write_19360 firmware_data_write 6-5 19360 NULL
25365 +read_zero_19366 read_zero 3 19366 NULL
25366 +interpret_user_input_19393 interpret_user_input 2 19393 NULL
25367 ++get_unaligned_be16_19400 get_unaligned_be16 0 19400 NULL
25368 +get_n_events_by_type_19401 get_n_events_by_type 0 19401 NULL
25369 ++pep_recvmsg_19402 pep_recvmsg 4 19402 NULL
25370 +dvbdmx_write_19423 dvbdmx_write 3 19423 NULL
25371 +__phys_addr_19434 __phys_addr 0 19434 NULL
25372 +xfrm_alg_auth_len_19454 xfrm_alg_auth_len 0 19454 NULL
25373 -+hpet_compat_ioctl_19455 hpet_compat_ioctl 3 19455 NULL
25374 +gnet_stats_copy_19458 gnet_stats_copy 4 19458 NULL
25375 +sky2_read16_19475 sky2_read16 0 19475 NULL
25376 ++refill_pool_19477 refill_pool 2 19477 NULL
25377 +efivar_create_sysfs_entry_19485 efivar_create_sysfs_entry 2 19485 NULL
25378 ++__read_status_pciv2_19492 __read_status_pciv2 0 19492 NULL
25379 ++kstrtoll_from_user_19500 kstrtoll_from_user 2 19500 NULL
25380 +v4l2_event_subscribe_19510 v4l2_event_subscribe 3 19510 NULL
25381 +skb_realloc_headroom_19516 skb_realloc_headroom 2 19516 NULL
25382 ++atm_alloc_charge_19517 atm_alloc_charge 2 19517 NULL nohasharray
25383 ++dev_alloc_skb_19517 dev_alloc_skb 1 19517 &atm_alloc_charge_19517
25384 ++apei_exec_pre_map_gars_19529 apei_exec_pre_map_gars 0 19529 NULL
25385 +ocfs2_control_message_19564 ocfs2_control_message 3 19564 NULL
25386 +ieee80211_if_read_tkip_mic_test_19565 ieee80211_if_read_tkip_mic_test 3 19565 NULL
25387 +nfsd_read_19568 nfsd_read 5 19568 NULL
25388 +cgroup_read_s64_19570 cgroup_read_s64 5 19570 NULL
25389 +bm_status_read_19583 bm_status_read 3 19583 NULL
25390 +load_xattr_datum_19594 load_xattr_datum 0 19594 NULL
25391 ++buffRdbkVerify_19644 buffRdbkVerify 0 19644 NULL
25392 +alloc_coherent_19649 alloc_coherent 2 19649 NULL
25393 -+usbvision_rvmalloc_19655 usbvision_rvmalloc 1 19655 NULL
25394 +LoadBitmap_19658 LoadBitmap 2 19658 NULL
25395 +rbd_snap_add_19678 rbd_snap_add 4 19678 NULL
25396 +delay_status_19685 delay_status 4 19685 NULL
25397 -+au_ibusy_compat_ioctl_19723 au_ibusy_compat_ioctl 2 19723 NULL nohasharray
25398 -+read_reg_19723 read_reg 0 19723 &au_ibusy_compat_ioctl_19723
25399 -+memcpy_toiovecend_19736 memcpy_toiovecend 4-3 19736 NULL
25400 ++btrfs_write_marked_extents_19720 btrfs_write_marked_extents 0 19720 NULL
25401 ++read_reg_19723 read_reg 0 19723 NULL
25402 ++memcpy_toiovecend_19736 memcpy_toiovecend 3-4 19736 NULL
25403 +snd_es1968_get_dma_ptr_19747 snd_es1968_get_dma_ptr 0 19747 NULL
25404 -+p9_client_read_19750 p9_client_read 5 19750 NULL
25405 ++p9_client_read_19750 p9_client_read 0-5 19750 NULL
25406 +pnpbios_proc_write_19758 pnpbios_proc_write 3 19758 NULL
25407 +jffs2_acl_from_medium_19762 jffs2_acl_from_medium 2 19762 NULL
25408 -+slow_kernel_write_19764 slow_kernel_write 2 19764 NULL
25409 ++ocfs2_read_group_descriptor_19771 ocfs2_read_group_descriptor 0 19771 NULL
25410 +__set_print_fmt_19776 __set_print_fmt 0 19776 NULL
25411 +saa7146_vmalloc_build_pgtable_19780 saa7146_vmalloc_build_pgtable 2 19780 NULL
25412 ++madgemc_sifreadw_19811 madgemc_sifreadw 0 19811 NULL
25413 +irda_setsockopt_19824 irda_setsockopt 5 19824 NULL
25414 -+ubi_eba_write_leb_19826 ubi_eba_write_leb 5-6 19826 NULL
25415 ++ubi_eba_write_leb_19826 ubi_eba_write_leb 0 19826 NULL
25416 +pcpu_next_unpop_19831 pcpu_next_unpop 4 19831 NULL
25417 +vfs_getxattr_19832 vfs_getxattr 0 19832 NULL
25418 ++key_validate_19834 key_validate 0 19834 NULL
25419 +security_context_to_sid_19839 security_context_to_sid 2 19839 NULL
25420 +cfg80211_mlme_register_mgmt_19852 cfg80211_mlme_register_mgmt 5 19852 NULL
25421 +__nla_put_19857 __nla_put 3 19857 NULL
25422 @@ -105662,67 +106596,80 @@ index 0000000..6fcc08d
25423 +ps_upsd_max_apturn_read_19918 ps_upsd_max_apturn_read 3 19918 NULL
25424 +cgroup_task_count_19930 cgroup_task_count 0 19930 NULL
25425 +iwl_dbgfs_rx_queue_read_19943 iwl_dbgfs_rx_queue_read 3 19943 NULL
25426 -+dbg_leb_change_19969 dbg_leb_change 4 19969 NULL
25427 ++ax25_send_frame_19964 ax25_send_frame 2 19964 NULL
25428 ++dbg_leb_change_19969 dbg_leb_change 0 19969 NULL
25429 +attach_hdlc_protocol_19986 attach_hdlc_protocol 3 19986 NULL
25430 ++ip_send_reply_19987 ip_send_reply 5 19987 NULL
25431 +diva_um_idi_read_20003 diva_um_idi_read 0 20003 NULL
25432 ++jbd2_journal_create_slab_20043 jbd2_journal_create_slab 1 20043 NULL
25433 ++__be32_to_cpup_20056 __be32_to_cpup 0 20056 NULL
25434 +alloc_ieee80211_20063 alloc_ieee80211 1 20063 NULL
25435 +rawv6_sendmsg_20080 rawv6_sendmsg 4 20080 NULL
25436 +fuse_conn_limit_read_20084 fuse_conn_limit_read 3 20084 NULL
25437 ++aat2870_reg_write_file_20086 aat2870_reg_write_file 3 20086 NULL
25438 +qla2x00_adjust_sdev_qdepth_up_20097 qla2x00_adjust_sdev_qdepth_up 2 20097 NULL
25439 ++root_nfs_copy_20111 root_nfs_copy 3 20111 NULL
25440 +hptiop_adjust_disk_queue_depth_20122 hptiop_adjust_disk_queue_depth 2 20122 NULL
25441 +tomoyo_commit_ok_20167 tomoyo_commit_ok 2 20167 NULL
25442 +read_flush_pipefs_20171 read_flush_pipefs 3 20171 NULL
25443 +wep_addr_key_count_read_20174 wep_addr_key_count_read 3 20174 NULL
25444 +create_trace_probe_20175 create_trace_probe 1 20175 NULL
25445 ++crystalhd_map_dio_20181 crystalhd_map_dio 3 20181 NULL
25446 ++ext4_llseek_20183 ext4_llseek 2 20183 NULL
25447 +pvr2_ctrl_value_to_sym_20229 pvr2_ctrl_value_to_sym 5 20229 NULL
25448 +rose_sendmsg_20249 rose_sendmsg 4 20249 NULL
25449 +tm6000_i2c_send_regs_20250 tm6000_i2c_send_regs 5 20250 NULL
25450 +pcpu_alloc_20255 pcpu_alloc 1-2 20255 NULL
25451 +resource_size_20256 resource_size 0 20256 NULL
25452 ++_rtl92s_get_h2c_cmdlen_20312 _rtl92s_get_h2c_cmdlen 0 20312 NULL
25453 ++vx_send_msg_nolock_20322 vx_send_msg_nolock 0 20322 NULL
25454 +snd_cs4281_BA1_read_20323 snd_cs4281_BA1_read 5 20323 NULL
25455 ++ocfs2_et_insert_check_20341 ocfs2_et_insert_check 0 20341 NULL
25456 +gfs2_glock_nq_m_20347 gfs2_glock_nq_m 1 20347 NULL
25457 -+qla82xx_pci_mem_read_direct_20368 qla82xx_pci_mem_read_direct 2 20368 NULL
25458 -+u64_to_uptr_20384 u64_to_uptr 1 20384 NULL
25459 ++snd_pcm_stop_20376 snd_pcm_stop 0 20376 NULL
25460 ++block_read_full_page_20380 block_read_full_page 0 20380 NULL
25461 +snd_nm256_readl_20394 snd_nm256_readl 0 20394 NULL
25462 +__kfifo_from_user_20399 __kfifo_from_user 3 20399 NULL
25463 +interface_rx_20404 interface_rx 4 20404 NULL
25464 -+au_di_realloc_20412 au_di_realloc 2 20412 NULL
25465 ++find_skb_20431 find_skb 2 20431 NULL
25466 ++fmc_send_cmd_20435 fmc_send_cmd 5 20435 NULL
25467 ++tcp_fragment_20436 tcp_fragment 3 20436 NULL
25468 +nfs3_setxattr_20458 nfs3_setxattr 4 20458 NULL
25469 +ip_vs_icmp_xmit_v6_20464 ip_vs_icmp_xmit_v6 4 20464 NULL
25470 +compat_ipv6_setsockopt_20468 compat_ipv6_setsockopt 5 20468 NULL
25471 +read_buf_20469 read_buf 2 20469 NULL
25472 -+dbg_leb_write_20478 dbg_leb_write 4-5 20478 NULL
25473 -+fast_user_write_20494 fast_user_write 5 20494 NULL
25474 +ocfs2_db_frozen_trigger_20503 ocfs2_db_frozen_trigger 4 20503 NULL nohasharray
25475 +hidraw_report_event_20503 hidraw_report_event 3 20503 &ocfs2_db_frozen_trigger_20503
25476 +pcpu_alloc_area_20511 pcpu_alloc_area 0-3 20511 NULL
25477 -+pcpu_depopulate_chunk_20517 pcpu_depopulate_chunk 2-3 20517 NULL
25478 ++pcpu_depopulate_chunk_20517 pcpu_depopulate_chunk 3-2 20517 NULL
25479 +xfs_iext_realloc_direct_20521 xfs_iext_realloc_direct 2 20521 NULL
25480 +drbd_bm_resize_20522 drbd_bm_resize 2 20522 NULL
25481 +amd_create_gatt_pages_20537 amd_create_gatt_pages 1 20537 NULL
25482 +venus_create_20555 venus_create 4 20555 NULL
25483 +crypto_ahash_reqsize_20569 crypto_ahash_reqsize 0 20569 NULL
25484 +i915_max_freq_read_20581 i915_max_freq_read 3 20581 NULL
25485 ++ocfs2_cluster_lock_20588 ocfs2_cluster_lock 0 20588 NULL
25486 +lirc_write_20604 lirc_write 3 20604 NULL
25487 -+qib_qsfp_write_20614 qib_qsfp_write 0-4-2 20614 NULL
25488 ++qib_qsfp_write_20614 qib_qsfp_write 0-2-4 20614 NULL
25489 +regcache_lzo_block_count_20628 regcache_lzo_block_count 0 20628 NULL
25490 +snd_pcm_oss_prepare_20641 snd_pcm_oss_prepare 0 20641 NULL
25491 -+kfifo_copy_to_user_20646 kfifo_copy_to_user 3 20646 NULL
25492 -+cpulist_scnprintf_20648 cpulist_scnprintf 0-2 20648 NULL
25493 -+__cache_alloc_20649 __cache_alloc 0 20649 NULL
25494 ++kfifo_copy_to_user_20646 kfifo_copy_to_user 4-3 20646 NULL
25495 ++cpulist_scnprintf_20648 cpulist_scnprintf 2-0 20648 NULL
25496 +ceph_osdc_new_request_20654 ceph_osdc_new_request 15-4 20654 NULL
25497 +snd_hdsp_playback_copy_20676 snd_hdsp_playback_copy 5 20676 NULL
25498 -+qla4_8xxx_pci_mem_read_2M_20680 qla4_8xxx_pci_mem_read_2M 2 20680 NULL
25499 +dvb_dmxdev_buffer_read_20682 dvb_dmxdev_buffer_read 0-4 20682 NULL
25500 +cpumask_size_20683 cpumask_size 0 20683 NULL
25501 ++btrfs_node_blockptr_20685 btrfs_node_blockptr 0 20685 NULL
25502 +read_file_tgt_int_stats_20697 read_file_tgt_int_stats 3 20697 NULL
25503 +__maestro_read_20700 __maestro_read 0 20700 NULL
25504 +cipso_v4_gentag_rng_20703 cipso_v4_gentag_rng 0 20703 NULL
25505 ++page_cache_sync_readahead_20706 page_cache_sync_readahead 5-4 20706 NULL
25506 +pcpu_page_first_chunk_20712 pcpu_page_first_chunk 1 20712 NULL
25507 +ocfs2_read_xattr_bucket_20722 ocfs2_read_xattr_bucket 0 20722 NULL
25508 +security_context_to_sid_force_20724 security_context_to_sid_force 2 20724 NULL
25509 -+vring_add_indirect_20737 vring_add_indirect 3-4 20737 NULL
25510 ++vring_add_indirect_20737 vring_add_indirect 4-3 20737 NULL
25511 +io_apic_set_pci_routing_20740 io_apic_set_pci_routing 2 20740 NULL
25512 ++fb_prepare_logo_20743 fb_prepare_logo 0 20743 NULL
25513 +vol_cdev_direct_write_20751 vol_cdev_direct_write 3 20751 NULL
25514 +ocfs2_align_bytes_to_clusters_20754 ocfs2_align_bytes_to_clusters 2 20754 NULL
25515 +ubi_io_read_20767 ubi_io_read 0 20767 NULL
25516 @@ -105730,47 +106677,60 @@ index 0000000..6fcc08d
25517 +iommu_range_alloc_20794 iommu_range_alloc 3 20794 NULL
25518 +iwl_dbgfs_rxon_flags_read_20795 iwl_dbgfs_rxon_flags_read 3 20795 NULL
25519 +sys_sendto_20809 sys_sendto 6 20809 NULL
25520 ++ext4_convert_unwritten_extents_endio_20812 ext4_convert_unwritten_extents_endio 0 20812 NULL
25521 +strndup_user_20819 strndup_user 2 20819 NULL
25522 +iwl_legacy_dbgfs_qos_read_20825 iwl_legacy_dbgfs_qos_read 3 20825 NULL
25523 +wl1271_format_buffer_20834 wl1271_format_buffer 2 20834 NULL
25524 -+uvc_alloc_entity_20836 uvc_alloc_entity 4-3 20836 NULL
25525 ++uvc_alloc_entity_20836 uvc_alloc_entity 3-4 20836 NULL
25526 ++p9_tag_alloc_20845 p9_tag_alloc 3 20845 NULL
25527 +snd_pcm_capture_avail_20867 snd_pcm_capture_avail 0 20867 NULL
25528 +ocfs2_bmap_20874 ocfs2_bmap 2 20874 NULL
25529 +iwl3945_ucode_tx_stats_read_20879 iwl3945_ucode_tx_stats_read 3 20879 NULL
25530 ++rb_simple_write_20890 rb_simple_write 3 20890 NULL
25531 +sisusb_send_packet_20891 sisusb_send_packet 2 20891 NULL
25532 +key_icverrors_read_20895 key_icverrors_read 3 20895 NULL
25533 ++ext4_calc_metadata_amount_20905 ext4_calc_metadata_amount 2 20905 NULL
25534 +compat_sys_readv_20911 compat_sys_readv 3 20911 NULL
25535 ++ixj_write_20912 ixj_write 3 20912 NULL
25536 ++lbs_rdbbp_write_20918 lbs_rdbbp_write 3 20918 NULL
25537 +htable_bits_20933 htable_bits 0 20933 NULL
25538 ++check_eofblocks_fl_20942 check_eofblocks_fl 0 20942 NULL
25539 +altera_set_ir_post_20948 altera_set_ir_post 2 20948 NULL
25540 ++get_init_ra_size_20955 get_init_ra_size 1 20955 NULL
25541 ++insert_ptr_20961 insert_ptr 0 20961 NULL
25542 +snd_rme9652_playback_copy_20970 snd_rme9652_playback_copy 5 20970 NULL
25543 ++brcmf_tx_frame_20978 brcmf_tx_frame 3 20978 NULL
25544 +alg_setsockopt_20985 alg_setsockopt 5 20985 NULL
25545 ++qib_verbs_send_20999 qib_verbs_send 5-3 20999 NULL
25546 +ocfs2_free_clusters_21001 ocfs2_free_clusters 4 21001 NULL
25547 +btrfs_inode_ref_name_len_21024 btrfs_inode_ref_name_len 0 21024 NULL
25548 ++snd_pcm_lib_preallocate_pages_21031 snd_pcm_lib_preallocate_pages 4 21031 NULL
25549 +lbs_threshold_read_21046 lbs_threshold_read 5 21046 NULL
25550 +proc_fault_inject_write_21058 proc_fault_inject_write 3 21058 NULL
25551 ++rose_create_facilities_21067 rose_create_facilities 0 21067 NULL
25552 +event_calibration_read_21083 event_calibration_read 3 21083 NULL
25553 -+compat_sock_ioctl_trans_21092 compat_sock_ioctl_trans 4 21092 NULL
25554 +__cfg80211_send_disassoc_21096 __cfg80211_send_disassoc 3 21096 NULL
25555 +ext2_valid_block_bitmap_21101 ext2_valid_block_bitmap 3 21101 NULL
25556 +ath6kl_send_go_probe_resp_21113 ath6kl_send_go_probe_resp 3 21113 NULL
25557 +i2400m_rx_trace_21127 i2400m_rx_trace 3 21127 NULL
25558 ++new_skb_21148 new_skb 1 21148 NULL
25559 +ocfs2_block_check_validate_21149 ocfs2_block_check_validate 2 21149 NULL
25560 +setup_msi_irq_21169 setup_msi_irq 3 21169 NULL
25561 +cx18_v4l2_read_21196 cx18_v4l2_read 3 21196 NULL
25562 +ipc_rcu_alloc_21208 ipc_rcu_alloc 1 21208 NULL
25563 -+_ocfs2_free_clusters_21220 _ocfs2_free_clusters 4 21220 NULL
25564 ++_ocfs2_free_clusters_21220 _ocfs2_free_clusters 0-4 21220 NULL
25565 +get_numpages_21227 get_numpages 0-1-2 21227 NULL
25566 -+flex_array_get_21228 flex_array_get 2 21228 NULL
25567 +input_ff_create_21240 input_ff_create 2 21240 NULL
25568 +cfg80211_notify_new_peer_candidate_21242 cfg80211_notify_new_peer_candidate 4 21242 NULL
25569 ++sock_alloc_send_pskb_21246 sock_alloc_send_pskb 2 21246 NULL
25570 +ocfs2_blocks_for_bytes_21268 ocfs2_blocks_for_bytes 0-2 21268 NULL
25571 -+vmw_gmr2_bind_21305 vmw_gmr2_bind 3 21305 NULL
25572 +store_bluetooth_21320 store_bluetooth 4 21320 NULL
25573 +get_zeroed_page_21322 get_zeroed_page 0 21322 NULL
25574 +ftrace_profile_read_21327 ftrace_profile_read 3 21327 NULL
25575 +iwl_legacy_tx_queue_init_21332 iwl_legacy_tx_queue_init 3 21332 NULL
25576 +gfs2_ea_get_copy_21353 gfs2_ea_get_copy 0 21353 NULL
25577 +alloc_orinocodev_21371 alloc_orinocodev 1 21371 NULL
25578 ++split_leaf_21378 split_leaf 0 21378 NULL
25579 +video_ioctl2_21380 video_ioctl2 2 21380 NULL
25580 +diva_get_driver_dbg_mask_21399 diva_get_driver_dbg_mask 0 21399 NULL
25581 +snd_m3_inw_21406 snd_m3_inw 0 21406 NULL
25582 @@ -105778,184 +106738,225 @@ index 0000000..6fcc08d
25583 +tcp_bound_to_half_wnd_21429 tcp_bound_to_half_wnd 0-2 21429 NULL
25584 +tracing_saved_cmdlines_read_21434 tracing_saved_cmdlines_read 3 21434 NULL
25585 +concat_writev_21451 concat_writev 3 21451 NULL
25586 ++ReadISAR_21453 ReadISAR 0 21453 NULL
25587 +read_file_xmit_21487 read_file_xmit 3 21487 NULL
25588 +mmc_alloc_sg_21504 mmc_alloc_sg 1 21504 NULL
25589 ++dma_skb_copy_datagram_iovec_21516 dma_skb_copy_datagram_iovec 3-5 21516 NULL
25590 +btrfs_file_aio_write_21520 btrfs_file_aio_write 4 21520 NULL
25591 +cipso_v4_map_cat_enum_hton_21540 cipso_v4_map_cat_enum_hton 0 21540 NULL
25592 +rxrpc_send_data_21553 rxrpc_send_data 5 21553 NULL
25593 ++snd_es18xx_mixer_read_21586 snd_es18xx_mixer_read 0 21586 NULL
25594 +ocfs2_acl_from_xattr_21604 ocfs2_acl_from_xattr 2 21604 NULL
25595 ++xlog_do_recovery_pass_21618 xlog_do_recovery_pass 3 21618 NULL
25596 ++ndisc_addr_option_pad_21630 ndisc_addr_option_pad 0 21630 NULL
25597 +__jfs_getxattr_21631 __jfs_getxattr 0 21631 NULL
25598 +validate_nnode_21638 validate_nnode 0 21638 NULL
25599 -+__irq_alloc_descs_21639 __irq_alloc_descs 2-1-3 21639 NULL
25600 ++__irq_alloc_descs_21639 __irq_alloc_descs 2-1-3-0 21639 NULL
25601 ++ocfs2_lock_refcount_allocators_21646 ocfs2_lock_refcount_allocators 0 21646 NULL
25602 ++carl9170_rx_copy_data_21656 carl9170_rx_copy_data 2 21656 NULL
25603 +hpet_setup_msi_irq_21662 hpet_setup_msi_irq 1 21662 NULL
25604 +atalk_sendmsg_21677 atalk_sendmsg 4 21677 NULL
25605 +ocfs2_xattr_get_nolock_21678 ocfs2_xattr_get_nolock 0 21678 NULL
25606 -+rtllib_alloc_txb_21687 rtllib_alloc_txb 1 21687 NULL
25607 ++rtllib_alloc_txb_21687 rtllib_alloc_txb 1-2 21687 NULL
25608 ++kobject_uevent_env_21703 kobject_uevent_env 0 21703 NULL
25609 +evdev_ioctl_handler_21705 evdev_ioctl_handler 2 21705 NULL
25610 +drm_sman_init_21710 drm_sman_init 2-4-3 21710 NULL
25611 -+reiserfs_allocate_list_bitmaps_21732 reiserfs_allocate_list_bitmaps 3 21732 NULL
25612 ++ocfs2_remove_rightmost_path_21729 ocfs2_remove_rightmost_path 0 21729 NULL
25613 ++ext4_split_extent_at_21732 ext4_split_extent_at 0 21732 NULL
25614 +mthca_alloc_init_21754 mthca_alloc_init 2 21754 NULL
25615 ++l2down_create_21755 l2down_create 4 21755 NULL
25616 ++usbat_flash_read_data_21762 usbat_flash_read_data 4 21762 NULL
25617 +gen_pool_add_21776 gen_pool_add 3 21776 NULL
25618 ++atomic64_cmpxchg_21782 atomic64_cmpxchg 0 21782 NULL
25619 +xfs_da_grow_inode_int_21785 xfs_da_grow_inode_int 3 21785 NULL
25620 -+kmalloc_order_trace_21788 kmalloc_order_trace 0-1 21788 NULL
25621 -+__ioremap_caller_21800 __ioremap_caller 1-2 21800 NULL
25622 ++kmalloc_order_trace_21788 kmalloc_order_trace 1 21788 NULL
25623 ++libipw_get_hdrlen_21792 libipw_get_hdrlen 0 21792 NULL
25624 +dvb_generic_ioctl_21810 dvb_generic_ioctl 2 21810 NULL
25625 -+acpi_tb_check_xsdt_21862 acpi_tb_check_xsdt 1 21862 NULL
25626 ++__ocfs2_cluster_lock_21812 __ocfs2_cluster_lock 0 21812 NULL
25627 +lpfc_idiag_extacc_avail_get_21865 lpfc_idiag_extacc_avail_get 0-3 21865 NULL
25628 ++msix_capability_init_21870 msix_capability_init 0 21870 NULL
25629 +sisusbcon_bmove_21873 sisusbcon_bmove 6-5-7 21873 NULL nohasharray
25630 +tcp_cookie_size_check_21873 tcp_cookie_size_check 0-1 21873 &sisusbcon_bmove_21873
25631 -+security_compute_sid_21874 security_compute_sid 3 21874 NULL
25632 -+__alloc_reserved_percpu_21895 __alloc_reserved_percpu 1-2 21895 NULL
25633 ++__alloc_reserved_percpu_21895 __alloc_reserved_percpu 2-1 21895 NULL
25634 +dbAllocCtl_21911 dbAllocCtl 0 21911 NULL
25635 +qsfp_1_read_21915 qsfp_1_read 3 21915 NULL
25636 ++__ocfs2_claim_clusters_21936 __ocfs2_claim_clusters 0 21936 NULL
25637 +rbd_req_read_21952 rbd_req_read 4-5 21952 NULL
25638 -+alloc_ldt_21972 alloc_ldt 2 21972 NULL
25639 +rxpipe_descr_host_int_trig_rx_data_read_22001 rxpipe_descr_host_int_trig_rx_data_read 3 22001 NULL
25640 ++ocfs2_reserve_cluster_bitmap_bits_22016 ocfs2_reserve_cluster_bitmap_bits 0 22016 NULL
25641 +ti_recv_22027 ti_recv 4 22027 NULL
25642 +zd_usb_read_fw_22049 zd_usb_read_fw 4 22049 NULL
25643 ++atalk_recvmsg_22053 atalk_recvmsg 4 22053 NULL
25644 +ieee80211_if_fmt_dropped_frames_ttl_22054 ieee80211_if_fmt_dropped_frames_ttl 3 22054 NULL
25645 -+btrfs_reloc_clone_csums_22077 btrfs_reloc_clone_csums 2 22077 NULL
25646 ++iwl_legacy_dbgfs_clear_ucode_statistics_write_22072 iwl_legacy_dbgfs_clear_ucode_statistics_write 3 22072 NULL
25647 ++btrfs_reloc_clone_csums_22077 btrfs_reloc_clone_csums 2-3 22077 NULL
25648 +mem_rw_22085 mem_rw 3 22085 NULL
25649 ++snd_pcm_xrun_22088 snd_pcm_xrun 0 22088 NULL
25650 ++sched_clock_cpu_22098 sched_clock_cpu 0 22098 NULL
25651 ++rt2x00debug_read_crypto_stats_22109 rt2x00debug_read_crypto_stats 3 22109 NULL
25652 +sys_remap_file_pages_22124 sys_remap_file_pages 1 22124 NULL
25653 -+compat_insn_22142 compat_insn 2 22142 NULL
25654 -+__kfifo_alloc_22173 __kfifo_alloc 2-3 22173 NULL
25655 ++snd_hda_codec_read_22130 snd_hda_codec_read 0 22130 NULL
25656 ++__kfifo_alloc_22173 __kfifo_alloc 3-2 22173 NULL
25657 +fls_22210 fls 0 22210 NULL nohasharray
25658 +snd_soc_lzo_block_count_22210 snd_soc_lzo_block_count 0 22210 &fls_22210
25659 -+bio_chain_clone_22227 bio_chain_clone 4 22227 NULL
25660 ++bio_chain_clone_22227 bio_chain_clone 4 22227 NULL nohasharray
25661 ++do_sync_mmap_readahead_22227 do_sync_mmap_readahead 4 22227 &bio_chain_clone_22227 nohasharray
25662 ++rfcomm_sock_recvmsg_22227 rfcomm_sock_recvmsg 4 22227 &do_sync_mmap_readahead_22227 nohasharray
25663 ++bitmap_clear_bits_22227 bitmap_clear_bits 3 22227 &rfcomm_sock_recvmsg_22227
25664 +mem_write_22232 mem_write 3 22232 NULL
25665 +p9_virtio_zc_request_22240 p9_virtio_zc_request 6-5 22240 NULL
25666 +atomic64_xchg_22246 atomic64_xchg 0 22246 NULL
25667 +compat_process_vm_rw_22254 compat_process_vm_rw 3-5 22254 NULL
25668 +__btrfs_direct_write_22273 __btrfs_direct_write 4 22273 NULL
25669 -+index_to_obj_22280 index_to_obj 0-3 22280 NULL
25670 +__tun_chr_ioctl_22300 __tun_chr_ioctl 4 22300 NULL
25671 +mesh_table_alloc_22305 mesh_table_alloc 1 22305 NULL
25672 ++udpv6_sendmsg_22316 udpv6_sendmsg 4 22316 NULL
25673 +atomic_read_22342 atomic_read 0 22342 NULL
25674 +mlx4_db_alloc_22358 mlx4_db_alloc 3 22358 NULL
25675 +irq_reserve_irq_22360 irq_reserve_irq 1 22360 NULL
25676 +snd_pcm_alsa_frames_22363 snd_pcm_alsa_frames 2 22363 NULL
25677 +iwch_alloc_fast_reg_mr_22368 iwch_alloc_fast_reg_mr 2 22368 NULL
25678 +evdev_ioctl_22371 evdev_ioctl 2 22371 NULL
25679 ++ocfs2_assign_bh_22392 ocfs2_assign_bh 0 22392 NULL
25680 +btmrvl_psmode_read_22395 btmrvl_psmode_read 3 22395 NULL
25681 -+alloc_private_22399 alloc_private 2 22399 NULL nohasharray
25682 -+ubifs_leb_change_22399 ubifs_leb_change 4 22399 &alloc_private_22399
25683 ++ubifs_leb_change_22399 ubifs_leb_change 0 22399 NULL nohasharray
25684 ++alloc_private_22399 alloc_private 2 22399 &ubifs_leb_change_22399
25685 +zoran_write_22404 zoran_write 3 22404 NULL
25686 +queue_reply_22416 queue_reply 3 22416 NULL
25687 +__set_enter_print_fmt_22431 __set_enter_print_fmt 0 22431 NULL
25688 +queue_max_segments_22441 queue_max_segments 0 22441 NULL
25689 +handle_received_packet_22457 handle_received_packet 3 22457 NULL
25690 ++rt6_nlmsg_size_22473 rt6_nlmsg_size 0 22473 NULL
25691 ++ecryptfs_write_22488 ecryptfs_write 4-3 22488 NULL
25692 +cache_write_procfs_22491 cache_write_procfs 3 22491 NULL
25693 +mp_find_ioapic_pin_22499 mp_find_ioapic_pin 0-2 22499 NULL
25694 +mutex_lock_interruptible_22505 mutex_lock_interruptible 0 22505 NULL
25695 -+ip4_addr_string_22511 ip4_addr_string 0 22511 NULL
25696 +pskb_may_pull_22546 pskb_may_pull 2 22546 NULL
25697 +ocfs2_read_extent_block_22550 ocfs2_read_extent_block 0 22550 NULL
25698 +atomic_long_read_unchecked_22551 atomic_long_read_unchecked 0 22551 NULL
25699 +agp_alloc_page_array_22554 agp_alloc_page_array 1 22554 NULL
25700 ++snd_pcm_hw_params_choose_22560 snd_pcm_hw_params_choose 0 22560 NULL
25701 +dbFindCtl_22587 dbFindCtl 0 22587 NULL
25702 +snapshot_read_22601 snapshot_read 3 22601 NULL
25703 ++ocfs2_get_refcount_block_22610 ocfs2_get_refcount_block 0 22610 NULL
25704 ++btrfs_delalloc_reserve_space_22617 btrfs_delalloc_reserve_space 0 22617 NULL
25705 +sctp_setsockopt_connectx_old_22631 sctp_setsockopt_connectx_old 3 22631 NULL
25706 +ide_core_cp_entry_22636 ide_core_cp_entry 3 22636 NULL
25707 +pwr_wake_on_timer_exp_read_22640 pwr_wake_on_timer_exp_read 3 22640 NULL
25708 ++sysfs_attr_ns_22645 sysfs_attr_ns 0 22645 NULL
25709 ++fill_gap_22681 fill_gap 0 22681 NULL nohasharray
25710 ++l2tp_ip_recvmsg_22681 l2tp_ip_recvmsg 4 22681 &fill_gap_22681
25711 +ocfs2_get_block_22687 ocfs2_get_block 2 22687 NULL
25712 -+compat_fd_ioctl_22694 compat_fd_ioctl 4 22694 NULL
25713 ++sys_ppoll_22688 sys_ppoll 2 22688 NULL
25714 +alloc_libipw_22708 alloc_libipw 1 22708 NULL
25715 -+cache_alloc_refill_22713 cache_alloc_refill 0 22713 NULL
25716 ++brcmf_sdbrcm_read_control_22721 brcmf_sdbrcm_read_control 3 22721 NULL
25717 +aa_features_read_22730 aa_features_read 3 22730 NULL
25718 -+cx18_copy_buf_to_user_22735 cx18_copy_buf_to_user 4 22735 NULL
25719 ++cx18_copy_buf_to_user_22735 cx18_copy_buf_to_user 4-0 22735 NULL
25720 ++ax25_output_22736 ax25_output 2 22736 NULL
25721 +ceph_decode_32_22738 ceph_decode_32 0 22738 NULL
25722 +print_frame_22769 print_frame 0 22769 NULL
25723 +ftrace_arch_read_dyn_info_22773 ftrace_arch_read_dyn_info 0 22773 NULL
25724 -+compat_blkdev_ioctl_22841 compat_blkdev_ioctl 3 22841 NULL
25725 -+can_nocow_odirect_22854 can_nocow_odirect 3 22854 NULL nohasharray
25726 ++ocfs2_block_group_alloc_22774 ocfs2_block_group_alloc 0 22774 NULL
25727 ++__generic_copy_to_user_intel_22806 __generic_copy_to_user_intel 0-3 22806 NULL
25728 ++can_nocow_odirect_22854 can_nocow_odirect 3-4 22854 NULL nohasharray
25729 +read_file_rcstat_22854 read_file_rcstat 3 22854 &can_nocow_odirect_22854
25730 -+do_atm_iobuf_22857 do_atm_iobuf 3 22857 NULL
25731 +create_attr_set_22861 create_attr_set 1 22861 NULL
25732 -+vmw_execbuf_process_22885 vmw_execbuf_process 5 22885 NULL
25733 +usblp_new_writeurb_22894 usblp_new_writeurb 2 22894 NULL
25734 +mdc800_device_read_22896 mdc800_device_read 3 22896 NULL
25735 +virtqueue_add_buf_22924 virtqueue_add_buf 3-4 22924 NULL
25736 ++xstateregs_set_22932 xstateregs_set 4 22932 NULL
25737 +pcpu_mem_zalloc_22948 pcpu_mem_zalloc 1 22948 NULL
25738 -+alloc_sglist_22960 alloc_sglist 1-2-3 22960 NULL
25739 ++alloc_sglist_22960 alloc_sglist 1-3-2 22960 NULL
25740 +caif_seqpkt_sendmsg_22961 caif_seqpkt_sendmsg 4 22961 NULL
25741 +vme_get_size_22964 vme_get_size 0 22964 NULL
25742 +usb_get_langid_22983 usb_get_langid 0 22983 NULL
25743 +remote_settings_file_write_22987 remote_settings_file_write 3 22987 NULL
25744 +viafb_dvp0_proc_write_23023 viafb_dvp0_proc_write 3 23023 NULL
25745 ++ocfs2_refcount_cow_xattr_23029 ocfs2_refcount_cow_xattr 0 23029 NULL
25746 +st_status_23032 st_status 5 23032 NULL
25747 -+reiserfs_add_entry_23062 reiserfs_add_entry 4 23062 NULL
25748 ++xfs_qm_write_sb_changes_23039 xfs_qm_write_sb_changes 2 23039 NULL
25749 ++reiserfs_add_entry_23062 reiserfs_add_entry 4 23062 NULL nohasharray
25750 ++unix_seqpacket_recvmsg_23062 unix_seqpacket_recvmsg 4 23062 &reiserfs_add_entry_23062
25751 +vivi_read_23073 vivi_read 3 23073 NULL
25752 +kvm_mmu_gva_to_gpa_write_23075 kvm_mmu_gva_to_gpa_write 0 23075 NULL
25753 -+vm_map_ram_23078 vm_map_ram 2 23078 NULL nohasharray
25754 -+raw_sendmsg_23078 raw_sendmsg 4 23078 &vm_map_ram_23078
25755 ++raw_sendmsg_23078 raw_sendmsg 4 23078 NULL
25756 +isr_tx_procs_read_23084 isr_tx_procs_read 3 23084 NULL
25757 +rt2x00debug_write_eeprom_23091 rt2x00debug_write_eeprom 3 23091 NULL
25758 -+fls_long_23096 fls_long 0 23096 NULL
25759 -+ntfs_ucstonls_23097 ntfs_ucstonls 3-5 23097 NULL
25760 ++fls_long_23096 fls_long 0-1 23096 NULL
25761 ++ntfs_ucstonls_23097 ntfs_ucstonls 5-3 23097 NULL
25762 +pipe_iov_copy_from_user_23102 pipe_iov_copy_from_user 3 23102 NULL
25763 -+mwl8k_cmd_set_beacon_23110 mwl8k_cmd_set_beacon 4 23110 NULL
25764 ++dgram_recvmsg_23104 dgram_recvmsg 4 23104 NULL
25765 ++ip_recv_error_23109 ip_recv_error 3 23109 NULL
25766 ++msix_setup_entries_23110 msix_setup_entries 0 23110 NULL nohasharray
25767 ++mwl8k_cmd_set_beacon_23110 mwl8k_cmd_set_beacon 4 23110 &msix_setup_entries_23110
25768 +nl80211_send_rx_auth_23111 nl80211_send_rx_auth 4 23111 NULL
25769 -+__clear_user_23118 __clear_user 0 23118 NULL
25770 -+drm_mode_create_tv_properties_23122 drm_mode_create_tv_properties 2 23122 NULL
25771 -+cfg80211_rx_mgmt_23138 cfg80211_rx_mgmt 4 23138 NULL
25772 -+ca91cx42_master_set_23146 ca91cx42_master_set 4 23146 NULL
25773 ++__clear_user_23118 __clear_user 0-2 23118 NULL
25774 ++iwl_legacy_dbgfs_interrupt_write_23122 iwl_legacy_dbgfs_interrupt_write 3 23122 NULL nohasharray
25775 ++drm_mode_create_tv_properties_23122 drm_mode_create_tv_properties 2 23122 &iwl_legacy_dbgfs_interrupt_write_23122
25776 ++ata_scsi_change_queue_depth_23126 ata_scsi_change_queue_depth 2 23126 NULL
25777 ++cfg80211_rx_mgmt_23138 cfg80211_rx_mgmt 4 23138 NULL nohasharray
25778 ++em28xx_write_regs_req_23138 em28xx_write_regs_req 0 23138 &cfg80211_rx_mgmt_23138
25779 +read_file_ani_23161 read_file_ani 3 23161 NULL
25780 -+ioremap_23172 ioremap 1-2 23172 NULL
25781 +usblp_write_23178 usblp_write 3 23178 NULL
25782 -+msnd_fifo_alloc_23179 msnd_fifo_alloc 2 23179 NULL
25783 +gss_pipe_downcall_23182 gss_pipe_downcall 3 23182 NULL
25784 +ieee80211_get_mesh_hdrlen_23183 ieee80211_get_mesh_hdrlen 0 23183 NULL
25785 -+fix_unclean_leb_23188 fix_unclean_leb 3 23188 NULL
25786 -+__next_dma_cap_23195 __next_dma_cap 1 23195 NULL
25787 -+convert_ip_to_linear_23198 convert_ip_to_linear 0 23198 NULL
25788 -+compat_rawv6_ioctl_23210 compat_rawv6_ioctl 3 23210 NULL
25789 -+tty_buffer_request_room_23228 tty_buffer_request_room 2 23228 NULL
25790 -+xlog_get_bp_23229 xlog_get_bp 2 23229 NULL
25791 -+__kmalloc_23231 __kmalloc 0 23231 NULL
25792 ++__next_dma_cap_23195 __next_dma_cap 1-0 23195 NULL
25793 ++tty_buffer_request_room_23228 tty_buffer_request_room 2-0 23228 NULL
25794 ++__read_status_pci_23229 __read_status_pci 0 23229 NULL nohasharray
25795 ++xlog_get_bp_23229 xlog_get_bp 2 23229 &__read_status_pci_23229
25796 ++__kmalloc_23231 __kmalloc 1 23231 NULL
25797 ++ft1000_read_dpram_mag_32_23232 ft1000_read_dpram_mag_32 0 23232 NULL
25798 +rxrpc_client_sendmsg_23236 rxrpc_client_sendmsg 5 23236 NULL
25799 -+ad799x_single_channel_from_ring_23265 ad799x_single_channel_from_ring 2 23265 NULL
25800 ++sctp_recvmsg_23265 sctp_recvmsg 4 23265 NULL nohasharray
25801 ++ad799x_single_channel_from_ring_23265 ad799x_single_channel_from_ring 2 23265 &sctp_recvmsg_23265
25802 +uwb_dev_addr_print_23282 uwb_dev_addr_print 2 23282 NULL
25803 -+doc_probe_23285 doc_probe 1 23285 NULL
25804 +diva_get_trace_filter_23286 diva_get_trace_filter 0 23286 NULL
25805 +i2cdev_write_23310 i2cdev_write 3 23310 NULL
25806 +nl_pid_hash_zalloc_23314 nl_pid_hash_zalloc 1 23314 NULL
25807 ++try_context_readahead_23342 try_context_readahead 4-3 23342 NULL
25808 +page_readlink_23346 page_readlink 3 23346 NULL
25809 +get_dst_timing_23358 get_dst_timing 0 23358 NULL
25810 +ip_nat_sdp_media_23386 ip_nat_sdp_media 8 23386 NULL
25811 +iscsi_change_queue_depth_23416 iscsi_change_queue_depth 2 23416 NULL
25812 +vga_mm_r_23419 vga_mm_r 0 23419 NULL
25813 -+vzalloc_node_23424 vzalloc_node 1 23424 NULL
25814 ++ulog_alloc_skb_23427 ulog_alloc_skb 1 23427 NULL
25815 +__cxio_init_resource_fifo_23447 __cxio_init_resource_fifo 3 23447 NULL nohasharray
25816 +ocfs2_zero_tail_23447 ocfs2_zero_tail 3 23447 &__cxio_init_resource_fifo_23447
25817 +hidraw_send_report_23449 hidraw_send_report 3 23449 NULL
25818 -+linear_conf_23485 linear_conf 2 23485 NULL nohasharray
25819 -+divasa_remap_pci_bar_23485 divasa_remap_pci_bar 3-4 23485 &linear_conf_23485
25820 ++__ata_change_queue_depth_23484 __ata_change_queue_depth 3-0 23484 NULL
25821 ++linear_conf_23485 linear_conf 2 23485 NULL
25822 +si4713_send_command_23493 si4713_send_command 6 23493 NULL
25823 +event_filter_read_23494 event_filter_read 3 23494 NULL
25824 ++ext4_remove_blocks_23497 ext4_remove_blocks 0 23497 NULL
25825 +write_led_23517 write_led 2 23517 NULL
25826 ++__fill_vb2_buffer_23521 __fill_vb2_buffer 0 23521 NULL
25827 +ima_show_measurements_count_23536 ima_show_measurements_count 3 23536 NULL
25828 +xen_allocate_irq_gsi_23546 xen_allocate_irq_gsi 1-0 23546 NULL
25829 +tcp_current_mss_23552 tcp_current_mss 0 23552 NULL
25830 -+venus_symlink_23570 venus_symlink 4-6 23570 NULL
25831 ++tcp_match_skb_to_sack_23568 tcp_match_skb_to_sack 4-3 23568 NULL
25832 ++venus_symlink_23570 venus_symlink 6-4 23570 NULL
25833 +iwl_dbgfs_interrupt_read_23574 iwl_dbgfs_interrupt_read 3 23574 NULL
25834 ++l2cap_parse_conf_req_23575 l2cap_parse_conf_req 0 23575 NULL
25835 ++xfpregs_get_23586 xfpregs_get 4 23586 NULL
25836 +cifs_spnego_key_instantiate_23588 cifs_spnego_key_instantiate 3 23588 NULL
25837 +snd_interval_min_23590 snd_interval_min 0 23590 NULL
25838 ++cfpkt_create_pfx_23594 cfpkt_create_pfx 2-1 23594 NULL
25839 +_alloc_cdb_cont_23609 _alloc_cdb_cont 2 23609 NULL
25840 +islpci_mgt_transaction_23610 islpci_mgt_transaction 5 23610 NULL
25841 -+sm_checker_extend_23615 sm_checker_extend 2 23615 NULL
25842 ++ocfs2_journal_access_23616 ocfs2_journal_access 0 23616 NULL
25843 +__i2400mu_send_barker_23652 __i2400mu_send_barker 3 23652 NULL
25844 -+ext3_compat_ioctl_23659 ext3_compat_ioctl 3 23659 NULL
25845 +sInW_23663 sInW 0 23663 NULL
25846 -+proc_ioctl_compat_23682 proc_ioctl_compat 2 23682 NULL
25847 +nftl_partscan_23688 nftl_partscan 0 23688 NULL
25848 +cx18_read_23699 cx18_read 3 23699 NULL
25849 ++sock_alloc_send_skb_23720 sock_alloc_send_skb 2 23720 NULL
25850 ++snd_pcm_hw_refine_23721 snd_pcm_hw_refine 0 23721 NULL
25851 +mp_config_acpi_gsi_23728 mp_config_acpi_gsi 2 23728 NULL
25852 +pack_sg_list_p_23739 pack_sg_list_p 0-2 23739 NULL
25853 +__kfifo_max_r_23768 __kfifo_max_r 0-2-1 23768 NULL
25854 +tt_save_orig_buffer_23779 tt_save_orig_buffer 4 23779 NULL
25855 +security_inode_getxattr_23781 security_inode_getxattr 0 23781 NULL
25856 -+diva_alloc_dma_map_23798 diva_alloc_dma_map 2 23798 NULL
25857 +rx_path_reset_read_23801 rx_path_reset_read 3 23801 NULL
25858 ++ocfs2_replace_cow_23803 ocfs2_replace_cow 0 23803 NULL
25859 +__earlyonly_bootmem_alloc_23824 __earlyonly_bootmem_alloc 2 23824 NULL
25860 +xfs_dir2_leaf_getdents_23841 xfs_dir2_leaf_getdents 3 23841 NULL
25861 +iwl_dbgfs_nvm_read_23845 iwl_dbgfs_nvm_read 3 23845 NULL
25862 @@ -105963,32 +106964,42 @@ index 0000000..6fcc08d
25863 +ocfs2_xattr_get_clusters_23857 ocfs2_xattr_get_clusters 0 23857 NULL
25864 +ieee80211_if_read_dot11MeshMaxPeerLinks_23878 ieee80211_if_read_dot11MeshMaxPeerLinks 3 23878 NULL
25865 +ieee80211_if_read_channel_type_23884 ieee80211_if_read_channel_type 3 23884 NULL
25866 ++iwch_reject_cr_23901 iwch_reject_cr 3 23901 NULL
25867 ++device_create_bin_file_23914 device_create_bin_file 0 23914 NULL
25868 +ipath_reg_phys_mr_23918 ipath_reg_phys_mr 3 23918 NULL
25869 ++i915_gem_object_bind_to_gtt_23921 i915_gem_object_bind_to_gtt 0 23921 NULL
25870 +kvm_read_guest_23928 kvm_read_guest 4-2 23928 NULL
25871 +__alloc_skb_23940 __alloc_skb 1 23940 NULL
25872 +cifs_setxattr_23957 cifs_setxattr 4 23957 NULL
25873 ++ixj_enhanced_write_23973 ixj_enhanced_write 3 23973 NULL
25874 ++sddr55_write_data_23983 sddr55_write_data 4 23983 NULL
25875 +zd_usb_iowrite16v_async_23984 zd_usb_iowrite16v_async 3 23984 NULL
25876 ++brcmf_sdcard_recv_buf_24006 brcmf_sdcard_recv_buf 6 24006 NULL
25877 +cxgb_alloc_mem_24007 cxgb_alloc_mem 1 24007 NULL
25878 +ocfs2_mark_extent_refcounted_24035 ocfs2_mark_extent_refcounted 6 24035 NULL
25879 -+au_nhash_append_wh_24044 au_nhash_append_wh 3 24044 NULL
25880 +afs_cell_alloc_24052 afs_cell_alloc 2 24052 NULL
25881 +blkcipher_copy_iv_24075 blkcipher_copy_iv 3 24075 NULL
25882 +request_key_auth_read_24109 request_key_auth_read 3 24109 NULL
25883 +iwl_legacy_dbgfs_stations_read_24121 iwl_legacy_dbgfs_stations_read 3 24121 NULL
25884 -+mpu401_read_24126 mpu401_read 3 24126 NULL
25885 ++mpu401_read_24126 mpu401_read 3-0 24126 NULL
25886 ++_picolcd_flash_write_24134 _picolcd_flash_write 4 24134 NULL
25887 +irnet_ctrl_write_24139 irnet_ctrl_write 3 24139 NULL
25888 ++UpdateReg_24148 UpdateReg 0 24148 NULL
25889 +adu_read_24177 adu_read 3 24177 NULL
25890 +safe_prepare_write_buffer_24187 safe_prepare_write_buffer 3 24187 NULL
25891 ++shrink_tnc_24190 shrink_tnc 0 24190 NULL
25892 +get_order_24203 get_order 0 24203 NULL
25893 +ieee80211_if_read_dot11MeshHWMPpreqMinInterval_24208 ieee80211_if_read_dot11MeshHWMPpreqMinInterval 3 24208 NULL
25894 +tcpprobe_sprint_24222 tcpprobe_sprint 0-2 24222 NULL
25895 -+pcpu_embed_first_chunk_24224 pcpu_embed_first_chunk 1-2-3 24224 NULL
25896 ++pcpu_embed_first_chunk_24224 pcpu_embed_first_chunk 3-2-1 24224 NULL
25897 +pci_num_vf_24235 pci_num_vf 0 24235 NULL
25898 +sel_read_bool_24236 sel_read_bool 3 24236 NULL
25899 ++esp6_get_mtu_24264 esp6_get_mtu 0-2 24264 NULL
25900 ++calculate_sizes_24273 calculate_sizes 2 24273 NULL
25901 +msg_size_24288 msg_size 0 24288 NULL
25902 -+fa_element_to_part_nr_24291 fa_element_to_part_nr 2 24291 NULL
25903 -+ext2_free_blocks_24292 ext2_free_blocks 2-3 24292 NULL
25904 ++ext2_free_blocks_24292 ext2_free_blocks 3-2 24292 NULL
25905 +map_page_24298 map_page 3-4 24298 NULL
25906 ++gserial_connect_24302 gserial_connect 0 24302 NULL
25907 +btmrvl_pscmd_read_24308 btmrvl_pscmd_read 3 24308 NULL
25908 +ocfs2_direct_IO_get_blocks_24333 ocfs2_direct_IO_get_blocks 2 24333 NULL
25909 +kzalloc_node_24352 kzalloc_node 1 24352 NULL
25910 @@ -105996,198 +107007,242 @@ index 0000000..6fcc08d
25911 +cfi_read_pri_24366 cfi_read_pri 3 24366 NULL
25912 +btrfs_item_size_nr_24367 btrfs_item_size_nr 0 24367 NULL
25913 +igetword_24373 igetword 0 24373 NULL
25914 ++max_io_len_24384 max_io_len 0-1 24384 NULL
25915 +pvr2_v4l2_ioctl_24398 pvr2_v4l2_ioctl 2 24398 NULL nohasharray
25916 +getxattr_24398 getxattr 4 24398 &pvr2_v4l2_ioctl_24398
25917 +blk_update_bidi_request_24415 blk_update_bidi_request 3-4 24415 NULL
25918 +b43_debugfs_read_24425 b43_debugfs_read 3 24425 NULL
25919 ++xenbus_file_read_24427 xenbus_file_read 3 24427 NULL
25920 +ieee80211_rx_mgmt_beacon_24430 ieee80211_rx_mgmt_beacon 3 24430 NULL
25921 -+page_address_24444 page_address 0 24444 NULL
25922 ++__push_leaf_left_24456 __push_leaf_left 0 24456 NULL
25923 +evdev_do_ioctl_24459 evdev_do_ioctl 2 24459 NULL
25924 -+ocfs2_write_cluster_by_desc_24466 ocfs2_write_cluster_by_desc 5-6 24466 NULL
25925 ++lbs_highsnr_write_24460 lbs_highsnr_write 3 24460 NULL
25926 ++skb_copy_and_csum_datagram_iovec_24466 skb_copy_and_csum_datagram_iovec 2 24466 NULL nohasharray
25927 ++ocfs2_write_cluster_by_desc_24466 ocfs2_write_cluster_by_desc 6-5 24466 &skb_copy_and_csum_datagram_iovec_24466
25928 ++snd_pcm_hw_param_first_24487 snd_pcm_hw_param_first 0 24487 NULL
25929 ++push_nodes_for_insert_24496 push_nodes_for_insert 0 24496 NULL
25930 +pd_video_read_24510 pd_video_read 3 24510 NULL
25931 +request_key_with_auxdata_24515 request_key_with_auxdata 4 24515 NULL
25932 +named_prepare_buf_24532 named_prepare_buf 2 24532 NULL
25933 ++rtnl_port_size_24537 rtnl_port_size 0 24537 NULL
25934 +write_cache_pages_24562 write_cache_pages 0 24562 NULL
25935 -+tsi148_alloc_resource_24563 tsi148_alloc_resource 2 24563 NULL
25936 ++printer_set_config_24568 printer_set_config 0 24568 NULL
25937 ++netlbl_domhsh_init_24576 netlbl_domhsh_init 1 24576 NULL
25938 ++ath6kl_wmi_startscan_cmd_24580 ath6kl_wmi_startscan_cmd 7 24580 NULL
25939 +udf_compute_nr_groups_24594 udf_compute_nr_groups 0 24594 NULL
25940 ++ip6addrlbl_msgsize_24595 ip6addrlbl_msgsize 0 24595 NULL
25941 +count_preds_24600 count_preds 0 24600 NULL
25942 ++alloc_wr_24635 alloc_wr 2-1 24635 NULL
25943 +context_alloc_24645 context_alloc 3 24645 NULL
25944 +blk_rq_err_bytes_24650 blk_rq_err_bytes 0 24650 NULL
25945 ++btrfs_check_data_free_space_24692 btrfs_check_data_free_space 0 24692 NULL
25946 ++datafab_write_data_24696 datafab_write_data 4 24696 NULL
25947 ++ext4_da_reserve_space_24702 ext4_da_reserve_space 2 24702 NULL
25948 +simple_attr_read_24738 simple_attr_read 3 24738 NULL
25949 -+au_rdhash_est_24740 au_rdhash_est 0-1 24740 NULL
25950 +qla2x00_change_queue_depth_24742 qla2x00_change_queue_depth 2 24742 NULL
25951 ++ath_rxbuf_alloc_24745 ath_rxbuf_alloc 2 24745 NULL
25952 +get_dma_residue_24749 get_dma_residue 0 24749 NULL
25953 +kgdb_hex2mem_24755 kgdb_hex2mem 3 24755 NULL
25954 +nfsd4_sanitize_slot_size_24756 nfsd4_sanitize_slot_size 0-1 24756 NULL
25955 ++mI_alloc_skb_24770 mI_alloc_skb 1 24770 NULL
25956 +i915_cache_sharing_read_24775 i915_cache_sharing_read 3 24775 NULL
25957 +ocfs2_read_blocks_24777 ocfs2_read_blocks 0 24777 NULL
25958 +skb_make_writable_24783 skb_make_writable 2 24783 NULL
25959 +datablob_hmac_verify_24786 datablob_hmac_verify 4 24786 NULL
25960 +cache_read_24790 cache_read 3 24790 NULL
25961 ++user_regset_copyout_24796 user_regset_copyout 7 24796 NULL
25962 +unpack_str_24798 unpack_str 0 24798 NULL
25963 ++kvm_read_guest_virt_helper_24804 kvm_read_guest_virt_helper 3-1 24804 NULL
25964 +__next_cpu_nr_24805 __next_cpu_nr 1 24805 NULL
25965 -+comedi_buf_alloc_24822 comedi_buf_alloc 3 24822 NULL
25966 ++ath6kl_fwlog_mask_write_24810 ath6kl_fwlog_mask_write 3 24810 NULL
25967 ++net2272_read_24825 net2272_read 0 24825 NULL
25968 ++copy_for_split_24826 copy_for_split 0 24826 NULL
25969 +c4iw_alloc_fast_reg_mr_24838 c4iw_alloc_fast_reg_mr 2 24838 NULL nohasharray
25970 +free_coherent_24838 free_coherent 4-2 24838 &c4iw_alloc_fast_reg_mr_24838
25971 +snd_als4k_gcr_read_24840 snd_als4k_gcr_read 0 24840 NULL
25972 +snd_pcm_lib_buffer_bytes_24865 snd_pcm_lib_buffer_bytes 0 24865 NULL
25973 +pnp_alloc_24869 pnp_alloc 1 24869 NULL nohasharray
25974 +put_data_to_circ_buf_24869 put_data_to_circ_buf 3 24869 &pnp_alloc_24869
25975 -+bnx2fc_cmd_mgr_alloc_24873 bnx2fc_cmd_mgr_alloc 3-2 24873 NULL
25976 ++bnx2fc_cmd_mgr_alloc_24873 bnx2fc_cmd_mgr_alloc 2-3 24873 NULL
25977 +queues_read_24877 queues_read 3 24877 NULL
25978 +iwm_rx_handle_24899 iwm_rx_handle 3 24899 NULL
25979 +codec_list_read_file_24910 codec_list_read_file 3 24910 NULL
25980 -+ocfs2_fiemap_24949 ocfs2_fiemap 3-4 24949 NULL
25981 ++ocfs2_fiemap_24949 ocfs2_fiemap 4-3 24949 NULL
25982 +packet_sendmsg_24954 packet_sendmsg 4 24954 NULL
25983 +sys_rt_sigpending_24961 sys_rt_sigpending 2 24961 NULL
25984 +llc_ui_sendmsg_24987 llc_ui_sendmsg 4 24987 NULL
25985 +key_conf_hw_key_idx_read_25003 key_conf_hw_key_idx_read 3 25003 NULL
25986 +iwl3945_ucode_general_stats_read_25009 iwl3945_ucode_general_stats_read 3 25009 NULL
25987 +ni_660x_num_counters_25031 ni_660x_num_counters 0 25031 NULL
25988 -+kmem_getpages_25058 kmem_getpages 0 25058 NULL
25989 +gs_buf_alloc_25067 gs_buf_alloc 2 25067 NULL
25990 +cxio_hal_init_rhdl_resource_25104 cxio_hal_init_rhdl_resource 1 25104 NULL
25991 -+snd_rawmidi_kernel_write_25106 snd_rawmidi_kernel_write 3 25106 NULL
25992 ++ubifs_dir_llseek_25106 ubifs_dir_llseek 2 25106 NULL nohasharray
25993 ++snd_rawmidi_kernel_write_25106 snd_rawmidi_kernel_write 3 25106 &ubifs_dir_llseek_25106
25994 +oom_adjust_read_25127 oom_adjust_read 3 25127 NULL
25995 ++fs32_to_cpu_25143 fs32_to_cpu 0 25143 NULL
25996 +sys_fgetxattr_25166 sys_fgetxattr 4 25166 NULL
25997 -+ipath_init_qp_table_25167 ipath_init_qp_table 2 25167 NULL
25998 ++ipath_init_qp_table_25167 ipath_init_qp_table 2 25167 NULL nohasharray
25999 ++sethdraddr_25167 sethdraddr 0 25167 &ipath_init_qp_table_25167
26000 +sctp_getsockopt_local_addrs_25178 sctp_getsockopt_local_addrs 2 25178 NULL
26001 +ks8851_rdreg32_25187 ks8851_rdreg32 0 25187 NULL
26002 +ocfs2_block_check_compute_25223 ocfs2_block_check_compute 2 25223 NULL
26003 +mon_stat_read_25238 mon_stat_read 3 25238 NULL
26004 +tcf_csum_ipv6_udp_25241 tcf_csum_ipv6_udp 4 25241 NULL
26005 +compat_rw_copy_check_uvector_25242 compat_rw_copy_check_uvector 0-3 25242 NULL
26006 -+nilfs_palloc_find_available_slot_25245 nilfs_palloc_find_available_slot 3-5 25245 NULL
26007 ++nilfs_palloc_find_available_slot_25245 nilfs_palloc_find_available_slot 5-3 25245 NULL
26008 +snd_pcm_start_25273 snd_pcm_start 0 25273 NULL
26009 +crypto_alloc_instance2_25277 crypto_alloc_instance2 3 25277 NULL
26010 +vfs_writev_25278 vfs_writev 3 25278 NULL
26011 ++sys_dup2_25284 sys_dup2 2 25284 NULL
26012 +l2tp_session_create_25286 l2tp_session_create 1 25286 NULL
26013 -+snd_seq_ioctl_compat_25307 snd_seq_ioctl_compat 3 25307 NULL
26014 ++ceph_calc_object_layout_25305 ceph_calc_object_layout 0 25305 NULL
26015 +ath9k_debugfs_read_buf_25316 ath9k_debugfs_read_buf 3 25316 NULL
26016 +rng_buffer_size_25348 rng_buffer_size 0 25348 NULL
26017 -+i915_gem_execbuffer_relocate_slow_25355 i915_gem_execbuffer_relocate_slow 7 25355 NULL
26018 ++wait_for_completion_killable_25352 wait_for_completion_killable 0 25352 NULL
26019 ++i915_gem_execbuffer_relocate_slow_25355 i915_gem_execbuffer_relocate_slow 7-0 25355 NULL
26020 +unix_mkname_25368 unix_mkname 0-2 25368 NULL
26021 +sel_read_mls_25369 sel_read_mls 3 25369 NULL
26022 -+ebt_buf_add_pad_25413 ebt_buf_add_pad 0 25413 NULL
26023 ++rh_queue_status_25378 rh_queue_status 0 25378 NULL
26024 ++ThermometerRead_25393 ThermometerRead 0 25393 NULL
26025 +et61x251_read_25420 et61x251_read 3 25420 NULL
26026 +dai_list_read_file_25421 dai_list_read_file 3 25421 NULL
26027 +generic_file_buffered_write_25464 generic_file_buffered_write 4 25464 NULL
26028 ++ipath_decode_err_25468 ipath_decode_err 3 25468 NULL
26029 +crypto_hash_digestsize_25469 crypto_hash_digestsize 0 25469 NULL
26030 +ocfs2_hamming_encode_25501 ocfs2_hamming_encode 3 25501 NULL
26031 -+ivtv_buf_copy_from_user_25502 ivtv_buf_copy_from_user 4 25502 NULL
26032 ++ivtv_buf_copy_from_user_25502 ivtv_buf_copy_from_user 4-0 25502 NULL
26033 +snd_pcm_plugin_build_25505 snd_pcm_plugin_build 5 25505 NULL
26034 +ext3_get_inode_loc_25542 ext3_get_inode_loc 0 25542 NULL
26035 +ieee80211_if_read_path_refresh_time_25545 ieee80211_if_read_path_refresh_time 3 25545 NULL
26036 +c4iw_init_resource_fifo_random_25547 c4iw_init_resource_fifo_random 3 25547 NULL
26037 +wimax_addr_scnprint_25548 wimax_addr_scnprint 2 25548 NULL
26038 ++taskstats_packet_size_25553 taskstats_packet_size 0 25553 NULL
26039 +ht_print_chan_25556 ht_print_chan 0 25556 NULL
26040 +skb_tailroom_25567 skb_tailroom 0 25567 NULL
26041 +realloc_packet_buffer_25569 realloc_packet_buffer 2 25569 NULL
26042 ++ping_recvmsg_25597 ping_recvmsg 4 25597 NULL
26043 +__devres_alloc_25598 __devres_alloc 2 25598 NULL
26044 ++ddp_ppod_write_idata_25610 ddp_ppod_write_idata 5 25610 NULL
26045 ++copy_user_generic_25611 copy_user_generic 0 25611 NULL
26046 +proc_coredump_filter_write_25625 proc_coredump_filter_write 3 25625 NULL
26047 +__get_user_pages_25628 __get_user_pages 0 25628 NULL nohasharray
26048 +befs_utf2nls_25628 befs_utf2nls 3 25628 &__get_user_pages_25628
26049 -+ext2_try_to_allocate_25667 ext2_try_to_allocate 4-2 25667 NULL
26050 ++ext2_try_to_allocate_25667 ext2_try_to_allocate 2-4-0 25667 NULL
26051 +aircable_prepare_write_buffer_25669 aircable_prepare_write_buffer 3 25669 NULL
26052 ++lpfc_idiag_cmd_get_25672 lpfc_idiag_cmd_get 2 25672 NULL
26053 +sta_inactive_ms_read_25690 sta_inactive_ms_read 3 25690 NULL
26054 +ebitmap_start_positive_25703 ebitmap_start_positive 0 25703 NULL
26055 +ibmasm_new_command_25714 ibmasm_new_command 2 25714 NULL
26056 ++rx_queue_entry_next_25715 rx_queue_entry_next 0 25715 NULL
26057 +sel_write_context_25726 sel_write_context 3 25726 NULL nohasharray
26058 +__alloc_bootmem_low_node_25726 __alloc_bootmem_low_node 2 25726 &sel_write_context_25726
26059 ++mcs_unwrap_fir_25733 mcs_unwrap_fir 3 25733 NULL
26060 +ext2_find_near_25734 ext2_find_near 0 25734 NULL
26061 +cxgbi_device_portmap_create_25747 cxgbi_device_portmap_create 3 25747 NULL
26062 ++iommu_flush_iotlb_psi_25780 iommu_flush_iotlb_psi 4 25780 NULL
26063 +event_rx_pool_read_25792 event_rx_pool_read 3 25792 NULL
26064 +sg_read_25799 sg_read 3 25799 NULL
26065 +sys32_rt_sigpending_25814 sys32_rt_sigpending 2 25814 NULL
26066 +system_enable_read_25815 system_enable_read 3 25815 NULL
26067 +realloc_buffer_25816 realloc_buffer 2 25816 NULL
26068 ++ftrace_profile_init_25821 ftrace_profile_init 0 25821 NULL
26069 +pwr_missing_bcns_read_25824 pwr_missing_bcns_read 3 25824 NULL
26070 +parport_read_25855 parport_read 0 25855 NULL
26071 +xfs_dir2_sf_hdr_size_25858 xfs_dir2_sf_hdr_size 0 25858 NULL
26072 +ath6kl_regread_read_25884 ath6kl_regread_read 3 25884 NULL
26073 -+run_delalloc_nocow_25896 run_delalloc_nocow 3 25896 NULL
26074 ++run_delalloc_nocow_25896 run_delalloc_nocow 3-4 25896 NULL
26075 +sisusbcon_scroll_area_25899 sisusbcon_scroll_area 4-3 25899 NULL
26076 +lpfc_change_queue_depth_25905 lpfc_change_queue_depth 2 25905 NULL
26077 +do_jffs2_setxattr_25910 do_jffs2_setxattr 5 25910 NULL
26078 +rcname_read_25919 rcname_read 3 25919 NULL
26079 ++_get_word_25929 _get_word 0 25929 NULL
26080 +snd_es1938_capture_copy_25930 snd_es1938_capture_copy 5 25930 NULL
26081 +key_flags_read_25931 key_flags_read 3 25931 NULL
26082 +copy_play_buf_25932 copy_play_buf 3 25932 NULL
26083 -+security_compute_av_user_25950 security_compute_av_user 3 25950 NULL
26084 +video_register_device_25971 video_register_device 3 25971 NULL
26085 +udp_setsockopt_25985 udp_setsockopt 5 25985 NULL
26086 -+ebt_compat_entry_padsize_26001 ebt_compat_entry_padsize 0 26001 NULL
26087 -+lpfc_sli_probe_sriov_nr_virtfn_26004 lpfc_sli_probe_sriov_nr_virtfn 2 26004 NULL
26088 +cap_file_mmap_26018 cap_file_mmap 0 26018 NULL
26089 +xfs_xattr_acl_set_26028 xfs_xattr_acl_set 4 26028 NULL
26090 -+skb_mac_header_26034 skb_mac_header 0 26034 NULL
26091 +mptscsih_change_queue_depth_26036 mptscsih_change_queue_depth 2 26036 NULL
26092 +selinux_inode_post_setxattr_26037 selinux_inode_post_setxattr 4 26037 NULL
26093 +security_file_mmap_26056 security_file_mmap 0 26056 NULL
26094 +keyctl_update_key_26061 keyctl_update_key 3 26061 NULL
26095 -+__strnlen_user_26117 __strnlen_user 0-2 26117 NULL
26096 ++intel_wrap_ring_buffer_26117 intel_wrap_ring_buffer 0 26117 NULL nohasharray
26097 ++__strnlen_user_26117 __strnlen_user 0-2 26117 &intel_wrap_ring_buffer_26117
26098 +user_instantiate_26131 user_instantiate 3 26131 NULL
26099 +skb_cow_26138 skb_cow 2 26138 NULL
26100 -+usb_dump_device_strings_26146 usb_dump_device_strings 0 26146 NULL
26101 -+copy_oldmem_page_26164 copy_oldmem_page 1-3 26164 NULL
26102 ++__fswab64_26155 __fswab64 0 26155 NULL
26103 ++copy_oldmem_page_26164 copy_oldmem_page 3 26164 NULL
26104 +gfs2_xattr_acl_get_26166 gfs2_xattr_acl_get 0 26166 NULL
26105 +disk_devt_26180 disk_devt 0 26180 NULL
26106 +get_registers_26187 get_registers 3 26187 NULL
26107 +ieee80211_if_fmt_dot11MeshTTL_26198 ieee80211_if_fmt_dot11MeshTTL 3 26198 NULL
26108 +xfs_idata_realloc_26199 xfs_idata_realloc 2 26199 NULL
26109 +mce_write_26201 mce_write 3 26201 NULL
26110 -+process_vm_rw_single_vec_26213 process_vm_rw_single_vec 1-2 26213 NULL
26111 -+store_sys_hwmon_26225 store_sys_hwmon 3 26225 NULL
26112 ++mwifiex_regrdwr_write_26225 mwifiex_regrdwr_write 3 26225 NULL nohasharray
26113 ++store_sys_hwmon_26225 store_sys_hwmon 3 26225 &mwifiex_regrdwr_write_26225
26114 +_scsih_change_queue_depth_26230 _scsih_change_queue_depth 2 26230 NULL
26115 -+cxio_num_stags_26233 cxio_num_stags 0 26233 NULL
26116 ++cxio_num_stags_26233 cxio_num_stags 0 26233 NULL nohasharray
26117 ++rxrpc_recvmsg_26233 rxrpc_recvmsg 4 26233 &cxio_num_stags_26233
26118 +bio_split_26235 bio_split 2 26235 NULL
26119 +crypto_ctxsize_26278 crypto_ctxsize 0 26278 NULL
26120 ++apei_resources_request_26279 apei_resources_request 0 26279 NULL
26121 +ext2_find_goal_26306 ext2_find_goal 0 26306 NULL
26122 +snd_pcm_plug_client_channels_buf_26309 snd_pcm_plug_client_channels_buf 0-3 26309 NULL nohasharray
26123 +pax_get_random_long_26309 pax_get_random_long 0 26309 &snd_pcm_plug_client_channels_buf_26309
26124 +tled_proc_write_26315 tled_proc_write 3 26315 NULL
26125 +pwr_wake_on_host_read_26321 pwr_wake_on_host_read 3 26321 NULL
26126 -+ocfs2_duplicate_clusters_by_page_26357 ocfs2_duplicate_clusters_by_page 5 26357 NULL
26127 ++tcp_sacktag_walk_26339 tcp_sacktag_walk 5-6 26339 NULL
26128 ++snd_vx_check_reg_bit_26344 snd_vx_check_reg_bit 0 26344 NULL
26129 ++ocfs2_duplicate_clusters_by_page_26357 ocfs2_duplicate_clusters_by_page 0-6-3-5 26357 NULL
26130 +dup_to_netobj_26363 dup_to_netobj 3 26363 NULL
26131 +invalidate_inode_pages2_range_26403 invalidate_inode_pages2_range 0 26403 NULL
26132 ++ntty_write_26404 ntty_write 3 26404 NULL
26133 ++tcp_shift_skb_data_26405 tcp_shift_skb_data 5 26405 NULL
26134 +iwl_legacy_dbgfs_sram_read_26419 iwl_legacy_dbgfs_sram_read 3 26419 NULL
26135 ++__vb2_get_done_vb_26426 __vb2_get_done_vb 0 26426 NULL
26136 ++pagemap_read_26441 pagemap_read 3 26441 NULL
26137 ++tower_read_26461 tower_read 3 26461 NULL
26138 +ib_alloc_device_26483 ib_alloc_device 1 26483 NULL
26139 +ulong_write_file_26485 ulong_write_file 3 26485 NULL
26140 +dvb_ca_en50221_io_ioctl_26490 dvb_ca_en50221_io_ioctl 2 26490 NULL
26141 +read_vmcore_26501 read_vmcore 3 26501 NULL
26142 ++l2cap_build_conf_req_26513 l2cap_build_conf_req 0 26513 NULL
26143 ++rds_message_inc_copy_to_user_26540 rds_message_inc_copy_to_user 3 26540 NULL
26144 +__vhost_add_used_n_26554 __vhost_add_used_n 3 26554 NULL
26145 -+ip6_addr_string_26568 ip6_addr_string 0 26568 NULL
26146 +rts51x_read_mem_26577 rts51x_read_mem 4 26577 NULL
26147 -+cirrusfb_get_memsize_26597 cirrusfb_get_memsize 0 26597 NULL
26148 +__unmap_single_26604 __unmap_single 2-3 26604 NULL
26149 +iommu_alloc_26621 iommu_alloc 4 26621 NULL
26150 +pwr_fix_tsf_ps_read_26627 pwr_fix_tsf_ps_read 3 26627 NULL
26151 ++drm_ht_find_item_26637 drm_ht_find_item 0 26637 NULL
26152 +mmap_region_26649 mmap_region 0-2 26649 NULL
26153 +irq_alloc_generic_chip_26650 irq_alloc_generic_chip 2 26650 NULL nohasharray
26154 +inb_p_26650 inb_p 0 26650 &irq_alloc_generic_chip_26650
26155 ++usb_reset_device_26661 usb_reset_device 0 26661 NULL
26156 +cipso_v4_map_cat_rbm_hton_26680 cipso_v4_map_cat_rbm_hton 0 26680 NULL
26157 +__alloc_pred_stack_26687 __alloc_pred_stack 2 26687 NULL
26158 -+aty_ld_le32_26720 aty_ld_le32 0 26720 NULL
26159 ++rtllib_authentication_req_26713 rtllib_authentication_req 3 26713 NULL
26160 ++bos_desc_26752 bos_desc 0 26752 NULL
26161 +srp_ring_alloc_26760 srp_ring_alloc 2 26760 NULL
26162 +snd_hda_get_raw_connections_26762 snd_hda_get_raw_connections 0 26762 NULL
26163 ++dma_map_single_attrs_26779 dma_map_single_attrs 0 26779 NULL
26164 +qlcnic_alloc_sds_rings_26795 qlcnic_alloc_sds_rings 2 26795 NULL
26165 +cipso_v4_genopt_26812 cipso_v4_genopt 0 26812 NULL
26166 +smk_write_load_26829 smk_write_load 3 26829 NULL
26167 -+slgt_compat_ioctl_26834 slgt_compat_ioctl 3 26834 NULL
26168 +__nodes_onto_26838 __nodes_onto 4 26838 NULL
26169 -+scnprint_id_26842 scnprint_id 3 26842 NULL
26170 ++scnprint_id_26842 scnprint_id 3-0 26842 NULL
26171 +ecryptfs_miscdev_write_26847 ecryptfs_miscdev_write 3 26847 NULL
26172 -+netxen_nic_hw_read_wx_128M_26858 netxen_nic_hw_read_wx_128M 2 26858 NULL
26173 +svc_print_xprts_26881 svc_print_xprts 0 26881 NULL
26174 -+ext2_compat_ioctl_26883 ext2_compat_ioctl 3 26883 NULL
26175 ++ctnetlink_counters_size_26898 ctnetlink_counters_size 0 26898 NULL
26176 ++slhc_uncompress_26905 slhc_uncompress 0-3 26905 NULL
26177 +x25_asy_change_mtu_26928 x25_asy_change_mtu 2 26928 NULL
26178 -+compat_mtw_from_user_26932 compat_mtw_from_user 0 26932 NULL
26179 +scsi_tgt_copy_sense_26933 scsi_tgt_copy_sense 3 26933 NULL
26180 +pwr_ps_enter_read_26935 pwr_ps_enter_read 3 26935 NULL nohasharray
26181 +sctp_setsockopt_adaptation_layer_26935 sctp_setsockopt_adaptation_layer 3 26935 &pwr_ps_enter_read_26935
26182 +create_bm_block_list_26940 create_bm_block_list 0 26940 NULL
26183 +hecubafb_write_26942 hecubafb_write 3 26942 NULL
26184 +extract_entropy_user_26952 extract_entropy_user 3 26952 NULL
26185 ++omfs_allocate_range_27034 omfs_allocate_range 3 27034 NULL
26186 +ufs_alloc_fragments_27059 ufs_alloc_fragments 3-0-2 27059 NULL
26187 +__videobuf_alloc_vb_27062 __videobuf_alloc_vb 1 27062 NULL
26188 +snd_pcm_lib_period_bytes_27071 snd_pcm_lib_period_bytes 0 27071 NULL
26189 @@ -106196,44 +107251,53 @@ index 0000000..6fcc08d
26190 +find_first_bit_27088 find_first_bit 0-2 27088 NULL
26191 +btmrvl_hscmd_write_27089 btmrvl_hscmd_write 3 27089 NULL
26192 +__devcgroup_inode_permission_27108 __devcgroup_inode_permission 0 27108 NULL
26193 ++spin_time_accum_total_27131 spin_time_accum_total 1 27131 NULL
26194 ++__ext4_handle_dirty_metadata_27137 __ext4_handle_dirty_metadata 0 27137 NULL
26195 +drbd_get_capacity_27141 drbd_get_capacity 0 27141 NULL
26196 +pms_capture_27142 pms_capture 4 27142 NULL
26197 +btmrvl_hscfgcmd_write_27143 btmrvl_hscfgcmd_write 3 27143 NULL
26198 -+au_br_do_del_hip_27168 au_br_do_del_hip 3 27168 NULL
26199 +i2400m_net_rx_27170 i2400m_net_rx 5 27170 NULL
26200 +ieee80211_if_read_rc_rateidx_mask_5ghz_27183 ieee80211_if_read_rc_rateidx_mask_5ghz 3 27183 NULL
26201 -+mmc_blk_compat_ioctl_27194 mmc_blk_compat_ioctl 4 27194 NULL
26202 ++get_unaligned_be32_27184 get_unaligned_be32 0 27184 NULL
26203 ++ocfs2_read_blocks_sync_27210 ocfs2_read_blocks_sync 0 27210 NULL
26204 ++write_kmem_27225 write_kmem 3 27225 NULL
26205 +dbAllocAG_27228 dbAllocAG 0 27228 NULL
26206 +rxrpc_request_key_27235 rxrpc_request_key 3 27235 NULL
26207 ++ocfs2_journal_access_path_27243 ocfs2_journal_access_path 0 27243 NULL
26208 +cfpkt_add_trail_27260 cfpkt_add_trail 3 27260 NULL
26209 ++nlmsg_new_27263 nlmsg_new 1 27263 NULL
26210 ++usb_submit_urb_27278 usb_submit_urb 0 27278 NULL
26211 +__dma_map_cont_27289 __dma_map_cont 5 27289 NULL
26212 +hpi_read_reg_27302 hpi_read_reg 0 27302 NULL
26213 -+copy_from_buf_27308 copy_from_buf 4-2 27308 NULL
26214 ++copy_from_buf_27308 copy_from_buf 2-4 27308 NULL
26215 ++ath6kl_wmi_test_cmd_27312 ath6kl_wmi_test_cmd 3 27312 NULL
26216 +ocfs2_blocks_to_clusters_27327 ocfs2_blocks_to_clusters 0-2 27327 NULL
26217 +snd_pcm_oss_write2_27332 snd_pcm_oss_write2 3-0 27332 NULL
26218 +afs_cell_create_27346 afs_cell_create 2 27346 NULL
26219 ++iwl_dbgfs_csr_write_27363 iwl_dbgfs_csr_write 3 27363 NULL
26220 +pcbit_stat_27364 pcbit_stat 2 27364 NULL
26221 -+init_memory_mapping_27395 init_memory_mapping 0 27395 NULL
26222 -+phys_pte_init_27411 phys_pte_init 0-3-2 27411 NULL
26223 -+acpi_os_get_root_pointer_27416 acpi_os_get_root_pointer 0 27416 NULL nohasharray
26224 -+ieee80211_if_read_smps_27416 ieee80211_if_read_smps 3 27416 &acpi_os_get_root_pointer_27416
26225 ++if_nlmsg_size_27404 if_nlmsg_size 0 27404 NULL
26226 ++seq_read_27411 seq_read 3 27411 NULL
26227 ++ieee80211_if_read_smps_27416 ieee80211_if_read_smps 3 27416 NULL
26228 ++ocfs2_refcount_cal_cow_clusters_27422 ocfs2_refcount_cal_cow_clusters 0 27422 NULL
26229 ++cypress_write_27423 cypress_write 4 27423 NULL
26230 +pack_sg_list_27425 pack_sg_list 0-2 27425 NULL
26231 -+rtsx_write_cfg_seq_27485 rtsx_write_cfg_seq 5-3 27485 NULL
26232 ++sddr09_read_data_27447 sddr09_read_data 3 27447 NULL
26233 +hcd_buffer_alloc_27495 hcd_buffer_alloc 2 27495 NULL
26234 -+qib_create_cq_27497 qib_create_cq 2 27497 NULL
26235 +ip_set_get_h32_27498 ip_set_get_h32 0 27498 NULL
26236 +garmin_read_process_27509 garmin_read_process 3 27509 NULL
26237 +xfs_buf_read_uncached_27519 xfs_buf_read_uncached 4 27519 NULL
26238 +ib_copy_to_udata_27525 ib_copy_to_udata 3 27525 NULL
26239 ++intel_gtt_map_memory_27539 intel_gtt_map_memory 0 27539 NULL
26240 +snd_sonicvibes_getdmaa_27552 snd_sonicvibes_getdmaa 0 27552 NULL
26241 -+libipw_alloc_txb_27579 libipw_alloc_txb 1 27579 NULL
26242 -+reciprocal_divide_27596 reciprocal_divide 0-1-2 27596 NULL
26243 ++libipw_alloc_txb_27579 libipw_alloc_txb 1-3-2 27579 NULL
26244 ++tipc_cfg_reply_alloc_27606 tipc_cfg_reply_alloc 1 27606 NULL
26245 +iwl4965_rs_sta_dbgfs_rate_scale_data_read_27619 iwl4965_rs_sta_dbgfs_rate_scale_data_read 3 27619 NULL
26246 +read_flush_procfs_27642 read_flush_procfs 3 27642 NULL nohasharray
26247 +nl80211_send_connect_result_27642 nl80211_send_connect_result 5-7 27642 &read_flush_procfs_27642 nohasharray
26248 +ocfs2_xattr_ibody_get_27642 ocfs2_xattr_ibody_get 0 27642 &nl80211_send_connect_result_27642
26249 +add_new_gdb_27643 add_new_gdb 3 27643 NULL
26250 -+ieee80211_build_probe_req_27660 ieee80211_build_probe_req 7 27660 NULL
26251 ++ieee80211_build_probe_req_27660 ieee80211_build_probe_req 7-5 27660 NULL
26252 +cdrom_read_cdda_old_27664 cdrom_read_cdda_old 4 27664 NULL
26253 +qword_get_27670 qword_get 0 27670 NULL
26254 +ocfs2_extend_dir_27695 ocfs2_extend_dir 4 27695 NULL
26255 @@ -106242,173 +107306,211 @@ index 0000000..6fcc08d
26256 +evm_write_key_27715 evm_write_key 3 27715 NULL
26257 +ieee80211_if_fmt_dot11MeshGateAnnouncementProtocol_27722 ieee80211_if_fmt_dot11MeshGateAnnouncementProtocol 3 27722 NULL
26258 +pstore_write_27724 pstore_write 3 27724 NULL nohasharray
26259 -+reg_w_buf_27724 reg_w_buf 3 27724 &pstore_write_27724
26260 ++iwl_dbgfs_traffic_log_write_27724 iwl_dbgfs_traffic_log_write 3 27724 &pstore_write_27724 nohasharray
26261 ++reg_w_buf_27724 reg_w_buf 3 27724 &iwl_dbgfs_traffic_log_write_27724
26262 +xfs_dir2_block_sfsize_27727 xfs_dir2_block_sfsize 0 27727 NULL
26263 -+a4t_cs_init_27734 a4t_cs_init 3 27734 NULL
26264 -+kcalloc_27770 kcalloc 1-2 27770 NULL
26265 -+DivaSTraceGetMemotyRequirement_27797 DivaSTraceGetMemotyRequirement 0-1 27797 NULL
26266 ++kcalloc_27770 kcalloc 2-1 27770 NULL
26267 +ttm_object_file_init_27804 ttm_object_file_init 2 27804 NULL
26268 ++hpt374_read_freq_27828 hpt374_read_freq 0 27828 NULL
26269 +init_header_complete_27833 init_header_complete 0 27833 NULL nohasharray
26270 +sys_listxattr_27833 sys_listxattr 3 27833 &init_header_complete_27833
26271 +read_profile_27859 read_profile 3 27859 NULL
26272 +sky2_pci_read16_27863 sky2_pci_read16 0 27863 NULL
26273 +mangle_packet_27864 mangle_packet 6-8 27864 NULL
26274 ++ocfs2_file_splice_read_27870 ocfs2_file_splice_read 4 27870 NULL
26275 ++paranoid_check_ec_hdr_27872 paranoid_check_ec_hdr 0 27872 NULL
26276 +unix_seqpacket_sendmsg_27893 unix_seqpacket_sendmsg 4 27893 NULL
26277 -+ubi_eba_write_leb_st_27896 ubi_eba_write_leb_st 5 27896 NULL
26278 -+gluebi_write_27905 gluebi_write 3 27905 NULL
26279 ++ubi_eba_write_leb_st_27896 ubi_eba_write_leb_st 0 27896 NULL
26280 +bm_find_next_27929 bm_find_next 2 27929 NULL
26281 ++check_mapped_name_27943 check_mapped_name 3 27943 NULL
26282 ++sctp_make_abort_violation_27959 sctp_make_abort_violation 4 27959 NULL
26283 +tracing_clock_write_27961 tracing_clock_write 3 27961 NULL
26284 -+mic_rx_pkts_read_27972 mic_rx_pkts_read 3 27972 NULL
26285 ++device_register_27972 device_register 0 27972 NULL nohasharray
26286 ++mic_rx_pkts_read_27972 mic_rx_pkts_read 3 27972 &device_register_27972
26287 +snd_rawmidi_write_28008 snd_rawmidi_write 3 28008 NULL
26288 -+serial8250_port_size_28019 serial8250_port_size 0 28019 NULL
26289 ++get_packet_pg_28023 get_packet_pg 4 28023 NULL
26290 +raid_status_28025 raid_status 4 28025 NULL
26291 +sctp_setsockopt_maxburst_28041 sctp_setsockopt_maxburst 3 28041 NULL
26292 -+cx231xx_init_vbi_isoc_28053 cx231xx_init_vbi_isoc 3-2 28053 NULL
26293 ++cx231xx_init_vbi_isoc_28053 cx231xx_init_vbi_isoc 3-2-4 28053 NULL
26294 ++init_rs_non_canonical_28059 init_rs_non_canonical 1 28059 NULL
26295 +lpfc_idiag_mbxacc_read_28061 lpfc_idiag_mbxacc_read 3 28061 NULL
26296 -+gdth_init_isa_28091 gdth_init_isa 1 28091 NULL
26297 -+mmc_test_alloc_mem_28102 mmc_test_alloc_mem 3-2 28102 NULL
26298 ++GetRecvByte_28082 GetRecvByte 0 28082 NULL
26299 ++mmc_test_alloc_mem_28102 mmc_test_alloc_mem 2-3 28102 NULL
26300 +vgacon_adjust_height_28124 vgacon_adjust_height 2 28124 NULL
26301 ++tipc_msg_init_28128 tipc_msg_init 4-2 28128 NULL
26302 +video_read_28148 video_read 3 28148 NULL
26303 +snd_midi_channel_alloc_set_28153 snd_midi_channel_alloc_set 1 28153 NULL
26304 +stats_dot11FCSErrorCount_read_28154 stats_dot11FCSErrorCount_read 3 28154 NULL
26305 -+vread_28173 vread 0 28173 NULL
26306 ++vread_28173 vread 0-3 28173 NULL
26307 ++c4iw_reject_cr_28174 c4iw_reject_cr 3 28174 NULL
26308 ++pipe_fcntl_28181 pipe_fcntl 3 28181 NULL
26309 +macvtap_get_user_28185 macvtap_get_user 4 28185 NULL
26310 -+d_path_28198 d_path 0 28198 NULL
26311 ++ocfs2_cow_sync_writeback_28221 ocfs2_cow_sync_writeback 0 28221 NULL
26312 +line6_alloc_sysex_buffer_28225 line6_alloc_sysex_buffer 4 28225 NULL
26313 +amd_nb_num_28228 amd_nb_num 0 28228 NULL
26314 +c4iw_rqtpool_alloc_28271 c4iw_rqtpool_alloc 2 28271 NULL
26315 +usemap_size_28281 usemap_size 0 28281 NULL
26316 +dma_map_sg_attrs_28289 dma_map_sg_attrs 0 28289 NULL
26317 ++kstrtos16_from_user_28300 kstrtos16_from_user 2 28300 NULL
26318 ++__hidp_send_ctrl_message_28303 __hidp_send_ctrl_message 4 28303 NULL
26319 +acpi_register_gsi_xen_28305 acpi_register_gsi_xen 2 28305 NULL nohasharray
26320 +nouveau_compat_ioctl_28305 nouveau_compat_ioctl 2 28305 &acpi_register_gsi_xen_28305
26321 +snd_pcm_oss_read_28317 snd_pcm_oss_read 3 28317 NULL
26322 +bm_entry_write_28338 bm_entry_write 3 28338 NULL
26323 ++tcp_copy_to_iovec_28344 tcp_copy_to_iovec 3 28344 NULL
26324 +snapshot_write_28351 snapshot_write 3 28351 NULL
26325 +orig_node_del_if_28371 orig_node_del_if 2 28371 NULL
26326 +sys_writev_28384 sys_writev 3 28384 NULL
26327 +dlmfs_file_read_28385 dlmfs_file_read 3 28385 NULL
26328 +subdev_ioctl_28417 subdev_ioctl 2 28417 NULL
26329 ++get_extent_allocation_hint_28423 get_extent_allocation_hint 0 28423 NULL
26330 +snd_emu10k1_efx_read_28452 snd_emu10k1_efx_read 2 28452 NULL
26331 +alloc_irq_cpu_rmap_28459 alloc_irq_cpu_rmap 1 28459 NULL
26332 -+vmw_du_crtc_cursor_set_28479 vmw_du_crtc_cursor_set 4-5 28479 NULL
26333 -+snapshot_status_28480 snapshot_status 4 28480 NULL
26334 +ocfs2_backup_super_blkno_28484 ocfs2_backup_super_blkno 0-2 28484 NULL
26335 ++__filemap_fdatawrite_28485 __filemap_fdatawrite 0 28485 NULL
26336 +max_response_pages_28492 max_response_pages 0 28492 NULL
26337 -+__next_node_28521 __next_node 1 28521 NULL
26338 ++__next_node_28521 __next_node 1-0 28521 NULL
26339 +i2400m_tx_stats_read_28527 i2400m_tx_stats_read 3 28527 NULL
26340 ++capinc_tty_write_28539 capinc_tty_write 3 28539 NULL
26341 +sel_read_policycap_28544 sel_read_policycap 3 28544 NULL
26342 -+run_delalloc_range_28545 run_delalloc_range 3 28545 NULL nohasharray
26343 ++run_delalloc_range_28545 run_delalloc_range 3-4 28545 NULL nohasharray
26344 +mptctl_getiocinfo_28545 mptctl_getiocinfo 2 28545 &run_delalloc_range_28545
26345 ++sysfs_create_bin_file_28551 sysfs_create_bin_file 0 28551 NULL
26346 +b43legacy_debugfs_write_28556 b43legacy_debugfs_write 3 28556 NULL
26347 -+phys_pud_init_28574 phys_pud_init 0-3-2 28574 NULL
26348 ++i2o_msg_post_wait_mem_28558 i2o_msg_post_wait_mem 0 28558 NULL
26349 ++inet_dccp_listen_28565 inet_dccp_listen 2 28565 NULL
26350 +cfg80211_send_rx_auth_28580 cfg80211_send_rx_auth 3 28580 NULL
26351 +oxygen_read32_28582 oxygen_read32 0 28582 NULL
26352 +ocfs2_read_dir_block_28587 ocfs2_read_dir_block 2 28587 NULL
26353 -+extract_entropy_28604 extract_entropy 3-5 28604 NULL
26354 ++extract_entropy_28604 extract_entropy 5-3 28604 NULL
26355 +kfifo_unused_28612 kfifo_unused 0 28612 NULL
26356 +mp_override_legacy_irq_28618 mp_override_legacy_irq 4 28618 NULL
26357 +snd_nm256_capture_copy_28622 snd_nm256_capture_copy 5-3 28622 NULL
26358 +_set_range_28627 _set_range 3 28627 NULL
26359 -+v4l2_compat_ioctl32_28630 v4l2_compat_ioctl32 3 28630 NULL
26360 +setup_usemap_28636 setup_usemap 3-4 28636 NULL
26361 ++qib_handle_6120_hwerrors_28642 qib_handle_6120_hwerrors 3 28642 NULL
26362 ++btrfs_previous_item_28667 btrfs_previous_item 0 28667 NULL
26363 +blk_queue_resize_tags_28670 blk_queue_resize_tags 2 28670 NULL
26364 +posix_acl_from_xattr_28675 posix_acl_from_xattr 2 28675 NULL
26365 ++__dev_alloc_skb_28681 __dev_alloc_skb 1 28681 NULL
26366 +nl80211_send_new_peer_candidate_28692 nl80211_send_new_peer_candidate 5 28692 NULL
26367 -+drm_plane_init_28731 drm_plane_init 6 28731 NULL
26368 ++balance_level_28707 balance_level 0 28707 NULL
26369 +spi_execute_28736 spi_execute 5 28736 NULL
26370 -+snd_pcm_aio_write_28738 snd_pcm_aio_write 3 28738 NULL nohasharray
26371 -+phantom_compat_ioctl_28738 phantom_compat_ioctl 3 28738 &snd_pcm_aio_write_28738
26372 ++snd_pcm_aio_write_28738 snd_pcm_aio_write 3 28738 NULL
26373 +cxio_init_resource_fifo_28764 cxio_init_resource_fifo 3 28764 NULL
26374 ++rpc_pipe_generic_upcall_28766 rpc_pipe_generic_upcall 4 28766 NULL
26375 ++atomic_inc_return_unchecked_28778 atomic_inc_return_unchecked 0 28778 NULL
26376 +ath6kl_get_num_reg_28780 ath6kl_get_num_reg 0 28780 NULL
26377 ++dvb_net_sec_callback_28786 dvb_net_sec_callback 2 28786 NULL
26378 +sel_write_member_28800 sel_write_member 3 28800 NULL
26379 ++ocfs2_cow_contig_clusters_28803 ocfs2_cow_contig_clusters 0 28803 NULL
26380 +cgroup_file_read_28804 cgroup_file_read 3 28804 NULL
26381 +memory_bm_create_28814 memory_bm_create 0 28814 NULL
26382 +iwl_dbgfs_rxon_filter_flags_read_28832 iwl_dbgfs_rxon_filter_flags_read 3 28832 NULL
26383 -+vp_request_msix_vectors_28849 vp_request_msix_vectors 2 28849 NULL
26384 ++vp_request_msix_vectors_28849 vp_request_msix_vectors 2-0 28849 NULL
26385 ++paranoid_check_peb_vid_hdr_28866 paranoid_check_peb_vid_hdr 0 28866 NULL
26386 +ipv6_renew_options_28867 ipv6_renew_options 5 28867 NULL
26387 ++max_io_len_target_boundary_28879 max_io_len_target_boundary 0-1 28879 NULL
26388 +iwl3945_sta_dbgfs_stats_table_read_28882 iwl3945_sta_dbgfs_stats_table_read 3 28882 NULL
26389 +packet_sendmsg_spkt_28885 packet_sendmsg_spkt 4 28885 NULL
26390 +ps_upsd_timeouts_read_28924 ps_upsd_timeouts_read 3 28924 NULL
26391 ++iwl_dbgfs_sleep_level_override_write_28925 iwl_dbgfs_sleep_level_override_write 3 28925 NULL
26392 +ocfs2_frozen_trigger_28929 ocfs2_frozen_trigger 4 28929 NULL
26393 +push_rx_28939 push_rx 3 28939 NULL
26394 ++btrfs_trim_block_group_28963 btrfs_trim_block_group 3 28963 NULL
26395 +alloc_sched_domains_28972 alloc_sched_domains 1 28972 NULL
26396 +ext4_mb_add_groupinfo_28988 ext4_mb_add_groupinfo 2 28988 NULL
26397 +hci_sock_setsockopt_28993 hci_sock_setsockopt 5 28993 NULL
26398 +bin_uuid_28999 bin_uuid 3 28999 NULL
26399 -+xz_dec_init_29029 xz_dec_init 2 29029 NULL
26400 +sys_fcntl64_29031 sys_fcntl64 3 29031 NULL
26401 -+rxrpc_sendmsg_29049 rxrpc_sendmsg 4 29049 NULL
26402 ++rxrpc_sendmsg_29049 rxrpc_sendmsg 4 29049 NULL nohasharray
26403 ++ProcessGetHostMibs_29049 ProcessGetHostMibs 0 29049 &rxrpc_sendmsg_29049
26404 ++tso_fragment_29050 tso_fragment 3 29050 NULL
26405 +split_bvec_29058 split_bvec 5 29058 NULL
26406 +iso_packets_buffer_init_29061 iso_packets_buffer_init 3-4 29061 NULL
26407 +lpfc_idiag_extacc_drivr_get_29067 lpfc_idiag_extacc_drivr_get 0-3 29067 NULL
26408 -+mark_extents_written_29082 mark_extents_written 2 29082 NULL
26409 ++ieee80211_probereq_get_29069 ieee80211_probereq_get 4-6 29069 NULL
26410 ++mark_extents_written_29082 mark_extents_written 2-3 29082 NULL
26411 ++iwl_dbgfs_log_event_write_29088 iwl_dbgfs_log_event_write 3 29088 NULL
26412 +isdn_ppp_write_29109 isdn_ppp_write 4 29109 NULL
26413 -+rbd_req_sync_op_29115 rbd_req_sync_op 9-10 29115 NULL
26414 ++rbd_req_sync_op_29115 rbd_req_sync_op 10-9 29115 NULL
26415 +snprintf_29125 snprintf 0 29125 NULL
26416 +iov_shorten_29130 iov_shorten 0 29130 NULL
26417 +proc_scsi_write_29142 proc_scsi_write 3 29142 NULL
26418 +reshape_ring_29147 reshape_ring 2 29147 NULL
26419 -+drm_property_create_enum_29201 drm_property_create_enum 5 29201 NULL
26420 +wusb_prf_256_29203 wusb_prf_256 7 29203 NULL
26421 +do_shrinker_shrink_29208 do_shrinker_shrink 0 29208 NULL
26422 -+iwl_dbgfs_temperature_read_29224 iwl_dbgfs_temperature_read 3 29224 NULL
26423 -+devm_ioremap_29235 devm_ioremap 2-3 29235 NULL
26424 -+recover_peb_29238 recover_peb 6-7 29238 NULL
26425 ++rds_iw_inc_copy_to_user_29214 rds_iw_inc_copy_to_user 3 29214 NULL
26426 ++iwl_dbgfs_temperature_read_29224 iwl_dbgfs_temperature_read 3 29224 NULL nohasharray
26427 ++security_socket_recvmsg_29224 security_socket_recvmsg 0 29224 &iwl_dbgfs_temperature_read_29224
26428 ++recover_peb_29238 recover_peb 0 29238 NULL
26429 +security_context_to_sid_core_29248 security_context_to_sid_core 2 29248 NULL
26430 +prism2_set_genericelement_29277 prism2_set_genericelement 3 29277 NULL
26431 +bitmap_ord_to_pos_29279 bitmap_ord_to_pos 3 29279 NULL
26432 ++ext4_fiemap_29296 ext4_fiemap 4 29296 NULL
26433 +sn9c102_read_29305 sn9c102_read 3 29305 NULL
26434 -+lo_compat_ioctl_29336 lo_compat_ioctl 4 29336 NULL
26435 +__alloc_ei_netdev_29338 __alloc_ei_netdev 1 29338 NULL
26436 ++ide_read_altstatus_29343 ide_read_altstatus 0 29343 NULL
26437 +l2cap_sock_setsockopt_old_29346 l2cap_sock_setsockopt_old 4 29346 NULL
26438 +alloc_and_copy_ftrace_hash_29368 alloc_and_copy_ftrace_hash 1 29368 NULL
26439 +pca953x_irq_setup_29407 pca953x_irq_setup 3 29407 NULL
26440 +mempool_create_29437 mempool_create 1 29437 NULL
26441 ++iscsi_sw_tcp_session_create_29443 iscsi_sw_tcp_session_create 2 29443 NULL
26442 +crypto_ahash_alignmask_29445 crypto_ahash_alignmask 0 29445 NULL
26443 -+apei_exec_ctx_get_output_29457 apei_exec_ctx_get_output 0 29457 NULL
26444 ++p9_client_prepare_req_29448 p9_client_prepare_req 3 29448 NULL
26445 +validate_scan_freqs_29462 validate_scan_freqs 0 29462 NULL
26446 ++ubi_scan_add_used_29468 ubi_scan_add_used 0 29468 NULL
26447 +do_register_entry_29478 do_register_entry 4 29478 NULL
26448 +simple_strtoul_29480 simple_strtoul 0 29480 NULL
26449 ++sched_clock_local_29498 sched_clock_local 0 29498 NULL
26450 +btmrvl_pscmd_write_29504 btmrvl_pscmd_write 3 29504 NULL
26451 +btrfs_file_extent_disk_bytenr_29505 btrfs_file_extent_disk_bytenr 0 29505 NULL
26452 ++write_file_regidx_29517 write_file_regidx 3 29517 NULL
26453 +atk_debugfs_ggrp_read_29522 atk_debugfs_ggrp_read 3 29522 NULL
26454 ++pci_enable_msix_29524 pci_enable_msix 0 29524 NULL
26455 +idetape_queue_rw_tail_29562 idetape_queue_rw_tail 3 29562 NULL
26456 +leaf_dealloc_29566 leaf_dealloc 3 29566 NULL
26457 ++kvm_read_guest_virt_system_29569 kvm_read_guest_virt_system 4-2 29569 NULL
26458 +lbs_lowsnr_read_29571 lbs_lowsnr_read 3 29571 NULL
26459 -+pvr2_hdw_report_unlocked_29589 pvr2_hdw_report_unlocked 4 29589 NULL
26460 ++iwl_dbgfs_missed_beacon_write_29586 iwl_dbgfs_missed_beacon_write 3 29586 NULL
26461 ++pvr2_hdw_report_unlocked_29589 pvr2_hdw_report_unlocked 4-0 29589 NULL
26462 +slots_per_page_29601 slots_per_page 0 29601 NULL
26463 +nla_get_u16_29624 nla_get_u16 0 29624 NULL
26464 -+lowmem_page_address_29649 lowmem_page_address 0 29649 NULL
26465 +sctp_make_abort_user_29654 sctp_make_abort_user 3 29654 NULL
26466 ++br_send_bpdu_29669 br_send_bpdu 3 29669 NULL
26467 +new_lockspace_29674 new_lockspace 2 29674 NULL
26468 +sisusb_write_mem_bulk_29678 sisusb_write_mem_bulk 4 29678 NULL
26469 ++tracepoint_probe_register_29688 tracepoint_probe_register 0 29688 NULL
26470 ++jbd2_journal_restart_29692 jbd2_journal_restart 0 29692 NULL
26471 +sd_alloc_ctl_entry_29708 sd_alloc_ctl_entry 1 29708 NULL
26472 +probes_write_29711 probes_write 3 29711 NULL
26473 +emi62_writememory_29731 emi62_writememory 4 29731 NULL
26474 +read_cis_cache_29735 read_cis_cache 4 29735 NULL
26475 -+cxio_hal_init_resource_29771 cxio_hal_init_resource 2-6-7 29771 NULL nohasharray
26476 ++cxio_hal_init_resource_29771 cxio_hal_init_resource 7-6-2 29771 NULL nohasharray
26477 +ip_vs_conn_fill_param_sync_29771 ip_vs_conn_fill_param_sync 6 29771 &cxio_hal_init_resource_29771
26478 +cifs_ucs2_bytes_29790 cifs_ucs2_bytes 0 29790 NULL
26479 +dbAlloc_29794 dbAlloc 0 29794 NULL
26480 +ext4_trim_all_free_29806 ext4_trim_all_free 4-3-2 29806 NULL
26481 -+tcp_sendpage_29829 tcp_sendpage 3-4 29829 NULL
26482 ++efx_wanted_channels_29813 efx_wanted_channels 0 29813 NULL
26483 ++tcp_sendpage_29829 tcp_sendpage 4-3 29829 NULL
26484 +scan_bitmap_block_29840 scan_bitmap_block 4 29840 NULL
26485 +__probe_kernel_write_29842 __probe_kernel_write 3 29842 NULL
26486 ++count_partial_29850 count_partial 0 29850 NULL
26487 +ipv6_setsockopt_29871 ipv6_setsockopt 5 29871 NULL
26488 +scsi_end_request_29876 scsi_end_request 3 29876 NULL
26489 +crypto_aead_alignmask_29885 crypto_aead_alignmask 0 29885 NULL
26490 +nfc_targets_found_29886 nfc_targets_found 3 29886 NULL
26491 +pin_code_reply_29893 pin_code_reply 4 29893 NULL
26492 -+check586_29914 check586 2 29914 NULL
26493 ++write_file_queue_29922 write_file_queue 3 29922 NULL
26494 +ext4_xattr_set_acl_29930 ext4_xattr_set_acl 4 29930 NULL
26495 -+security_transition_sid_29940 security_transition_sid 3 29940 NULL
26496 +__btrfs_getxattr_29947 __btrfs_getxattr 0 29947 NULL
26497 -+irias_add_octseq_attrib_29983 irias_add_octseq_attrib 4 29983 NULL nohasharray
26498 -+diva_os_get_context_size_29983 diva_os_get_context_size 0 29983 &irias_add_octseq_attrib_29983
26499 -+arch_setup_dmar_msi_29992 arch_setup_dmar_msi 1 29992 NULL
26500 -+utf32_to_utf8_30028 utf32_to_utf8 0 30028 NULL
26501 ++xfrm_count_auth_supported_29957 xfrm_count_auth_supported 0 29957 NULL
26502 ++irias_add_octseq_attrib_29983 irias_add_octseq_attrib 4 29983 NULL
26503 ++arch_setup_dmar_msi_29992 arch_setup_dmar_msi 1-0 29992 NULL
26504 +alloc_netdev_mqs_30030 alloc_netdev_mqs 1 30030 NULL
26505 +scsi_vpd_inquiry_30040 scsi_vpd_inquiry 4 30040 NULL
26506 ++wrmalt_30043 wrmalt 0 30043 NULL
26507 ++__pci_request_selected_regions_30058 __pci_request_selected_regions 0 30058 NULL
26508 +cxgbi_ddp_reserve_30091 cxgbi_ddp_reserve 4 30091 NULL
26509 +snd_midi_channel_init_set_30092 snd_midi_channel_init_set 1 30092 NULL
26510 +tg3_run_loopback_30093 tg3_run_loopback 2 30093 NULL
26511 @@ -106416,121 +107518,145 @@ index 0000000..6fcc08d
26512 +spi_async_locked_30117 spi_async_locked 0 30117 NULL
26513 +calgary_unmap_page_30130 calgary_unmap_page 2-3 30130 NULL
26514 +_osd_req_sizeof_alist_header_30134 _osd_req_sizeof_alist_header 0 30134 NULL
26515 ++recv_stream_30138 recv_stream 4 30138 NULL
26516 +u_memcpya_30139 u_memcpya 2-3 30139 NULL
26517 ++i915_gem_object_get_pages_gtt_30154 i915_gem_object_get_pages_gtt 0 30154 NULL
26518 ++i915_gem_object_wait_rendering_30173 i915_gem_object_wait_rendering 0 30173 NULL
26519 +cx25821_video_ioctl_30188 cx25821_video_ioctl 2 30188 NULL
26520 +mempool_create_page_pool_30189 mempool_create_page_pool 1 30189 NULL
26521 -+stripe_status_30195 stripe_status 4 30195 NULL
26522 ++snd_pcm_playback_forward_30201 snd_pcm_playback_forward 0-2 30201 NULL
26523 +usblp_ioctl_30203 usblp_ioctl 2 30203 NULL
26524 ++preallocate_pcm_pages_30209 preallocate_pcm_pages 2 30209 NULL
26525 +read_4k_modal_eeprom_30212 read_4k_modal_eeprom 3 30212 NULL
26526 +snd_ac97_pcm_assign_30218 snd_ac97_pcm_assign 2 30218 NULL
26527 +dccp_manip_pkt_30229 dccp_manip_pkt 2 30229 NULL
26528 ++rawv6_recvmsg_30265 rawv6_recvmsg 4 30265 NULL
26529 +isr_pci_pm_read_30271 isr_pci_pm_read 3 30271 NULL
26530 +compat_readv_30273 compat_readv 3 30273 NULL
26531 +lapic_register_intr_30279 lapic_register_intr 1 30279 NULL
26532 +skcipher_sendmsg_30290 skcipher_sendmsg 4 30290 NULL
26533 ++ir_create_table_30303 ir_create_table 4 30303 NULL
26534 +ext4_acl_from_disk_30320 ext4_acl_from_disk 2 30320 NULL
26535 -+generic_ptrace_pokedata_30338 generic_ptrace_pokedata 2 30338 NULL
26536 +resource_from_user_30341 resource_from_user 3 30341 NULL
26537 -+__vmalloc_node_flags_30352 __vmalloc_node_flags 1 30352 NULL
26538 ++kstrtou32_from_user_30361 kstrtou32_from_user 2 30361 NULL
26539 ++inet_getid_30365 inet_getid 2 30365 NULL
26540 +sys_get_mempolicy_30379 sys_get_mempolicy 3 30379 NULL
26541 -+c4iw_init_resource_30393 c4iw_init_resource 2-3 30393 NULL
26542 ++blkdev_issue_zeroout_30392 blkdev_issue_zeroout 0 30392 NULL
26543 ++c4iw_init_resource_30393 c4iw_init_resource 3-2 30393 NULL
26544 +_drbd_bm_find_next_zero_30415 _drbd_bm_find_next_zero 2 30415 NULL
26545 ++ext4_ext_create_new_leaf_30428 ext4_ext_create_new_leaf 0 30428 NULL
26546 +enable_write_30456 enable_write 3 30456 NULL
26547 +urandom_read_30462 urandom_read 3 30462 NULL
26548 +zoran_ioctl_30465 zoran_ioctl 2 30465 NULL
26549 -+write_head_30481 write_head 4 30481 NULL
26550 ++i2c_ctrl_read_30467 i2c_ctrl_read 0 30467 NULL
26551 ++i915_mutex_lock_interruptible_30474 i915_mutex_lock_interruptible 0 30474 NULL
26552 +adu_write_30487 adu_write 3 30487 NULL
26553 ++dtim_interval_write_30489 dtim_interval_write 3 30489 NULL
26554 ++nouveau_vm_new_30495 nouveau_vm_new 3-2 30495 NULL
26555 ++set_config_30526 set_config 0 30526 NULL
26556 +disk_expand_part_tbl_30561 disk_expand_part_tbl 2 30561 NULL
26557 +blk_init_tags_30592 blk_init_tags 1 30592 NULL
26558 +sgl_map_user_pages_30610 sgl_map_user_pages 2 30610 NULL
26559 +macvtap_sendmsg_30629 macvtap_sendmsg 4 30629 NULL
26560 +compat_raw_setsockopt_30634 compat_raw_setsockopt 5 30634 NULL
26561 +nfsd_nrpools_30651 nfsd_nrpools 0 30651 NULL
26562 -+agp_remap_30665 agp_remap 2 30665 NULL
26563 +jffs2_flash_read_30667 jffs2_flash_read 0 30667 NULL
26564 +dccp_setsockopt_ccid_30701 dccp_setsockopt_ccid 4 30701 NULL
26565 +wled_proc_write_30709 wled_proc_write 3 30709 NULL
26566 ++lbs_wrbbp_write_30712 lbs_wrbbp_write 3 30712 NULL
26567 ++ocfs2_find_cpos_for_left_leaf_30713 ocfs2_find_cpos_for_left_leaf 0 30713 NULL
26568 ++l2cap_build_conf_rsp_30719 l2cap_build_conf_rsp 0 30719 NULL
26569 +lbs_debugfs_read_30721 lbs_debugfs_read 3 30721 NULL
26570 +snd_nm256_playback_silence_30727 snd_nm256_playback_silence 4-3 30727 NULL
26571 +ath6kl_wmi_send_action_cmd_30735 ath6kl_wmi_send_action_cmd 6 30735 NULL
26572 +fuse_conn_limit_write_30777 fuse_conn_limit_write 3 30777 NULL nohasharray
26573 +tcf_csum_ipv4_udp_30777 tcf_csum_ipv4_udp 4 30777 &fuse_conn_limit_write_30777
26574 -+ubi_write_30809 ubi_write 4-5 30809 NULL
26575 +smk_read_doi_30813 smk_read_doi 3 30813 NULL
26576 +get_kobj_path_length_30831 get_kobj_path_length 0 30831 NULL
26577 +sctp_setsockopt_auth_chunk_30843 sctp_setsockopt_auth_chunk 3 30843 NULL
26578 -+hda_hwdep_ioctl_compat_30847 hda_hwdep_ioctl_compat 4 30847 NULL
26579 +ieee80211_if_fmt_dropped_frames_no_route_30884 ieee80211_if_fmt_dropped_frames_no_route 3 30884 NULL
26580 ++pn_recvmsg_30887 pn_recvmsg 4 30887 NULL
26581 +f1x_match_to_this_node_30888 f1x_match_to_this_node 3 30888 NULL
26582 -+iommu_map_mmio_space_30919 iommu_map_mmio_space 1 30919 NULL
26583 ++get_params_30899 get_params 0 30899 NULL
26584 ++fc_host_post_vendor_event_30903 fc_host_post_vendor_event 3 30903 NULL
26585 +sctp_setsockopt_rtoinfo_30941 sctp_setsockopt_rtoinfo 3 30941 NULL
26586 ++find_free_dev_extent_30963 find_free_dev_extent 0 30963 NULL
26587 +tty_insert_flip_string_flags_30969 tty_insert_flip_string_flags 4 30969 NULL
26588 +huge_page_mask_30981 huge_page_mask 0 30981 NULL
26589 ++nlmsg_put_answer_30988 nlmsg_put_answer 4 30988 NULL
26590 ++i2400mu_rx_size_grow_30989 i2400mu_rx_size_grow 0 30989 NULL
26591 +lbs_host_sleep_read_31013 lbs_host_sleep_read 3 31013 NULL
26592 -+phys_pmd_init_31024 phys_pmd_init 0-3-2 31024 NULL
26593 +compat_sys_mq_timedsend_31060 compat_sys_mq_timedsend 3 31060 NULL
26594 +lbs_failcount_read_31063 lbs_failcount_read 3 31063 NULL
26595 +find_next_bit_le_31064 find_next_bit_le 0-2-3 31064 NULL
26596 -+sys_mincore_31079 sys_mincore 1 31079 NULL
26597 -+ttm_bo_ioremap_31082 ttm_bo_ioremap 2-3 31082 NULL
26598 ++sys_mincore_31079 sys_mincore 2-1 31079 NULL
26599 +sctp_setsockopt_context_31091 sctp_setsockopt_context 3 31091 NULL
26600 +compat_sys_get_mempolicy_31109 compat_sys_get_mempolicy 3 31109 NULL
26601 +depth_read_31112 depth_read 3 31112 NULL
26602 -+kvm_mmu_pte_write_31120 kvm_mmu_pte_write 2 31120 NULL
26603 ++kvm_mmu_pte_write_31120 kvm_mmu_pte_write 2-4 31120 NULL
26604 ++ssb_read16_31139 ssb_read16 0 31139 NULL
26605 +kimage_normal_alloc_31140 kimage_normal_alloc 3 31140 NULL
26606 -+size_inside_page_31141 size_inside_page 0 31141 NULL
26607 ++size_inside_page_31141 size_inside_page 0-1-2 31141 NULL
26608 +w9966_v4l_read_31148 w9966_v4l_read 3 31148 NULL
26609 +ch_do_scsi_31171 ch_do_scsi 4 31171 NULL
26610 +input_mt_init_slots_31183 input_mt_init_slots 2 31183 NULL
26611 -+acpi_ex_system_memory_space_handler_31192 acpi_ex_system_memory_space_handler 2 31192 NULL
26612 -+crypto_rng_seedsize_31196 crypto_rng_seedsize 0 31196 NULL
26613 +r592_read_fifo_pio_31198 r592_read_fifo_pio 3 31198 NULL
26614 +cpumask_weight_31215 cpumask_weight 0 31215 NULL
26615 +__read_reg_31216 __read_reg 0 31216 NULL
26616 +atm_get_addr_31221 atm_get_addr 3 31221 NULL
26617 ++tcp_recvmsg_31238 tcp_recvmsg 4 31238 NULL
26618 +cyy_readb_31240 cyy_readb 0 31240 NULL
26619 +_create_sg_bios_31244 _create_sg_bios 4 31244 NULL
26620 +ieee80211_if_read_last_beacon_31257 ieee80211_if_read_last_beacon 3 31257 NULL
26621 -+ceph_copy_page_vector_to_user_31270 ceph_copy_page_vector_to_user 3-4 31270 NULL
26622 ++ceph_copy_page_vector_to_user_31270 ceph_copy_page_vector_to_user 0-4-3 31270 NULL
26623 +sctp_tsnmap_find_gap_ack_31272 sctp_tsnmap_find_gap_ack 3-2 31272 NULL
26624 +uvc_simplify_fraction_31303 uvc_simplify_fraction 3 31303 NULL
26625 ++push_leaf_left_31306 push_leaf_left 0 31306 NULL
26626 +sisusbcon_scroll_31315 sisusbcon_scroll 5-2-3 31315 NULL
26627 -+futex_uaddr_31316 futex_uaddr 2 31316 NULL
26628 +command_file_write_31318 command_file_write 3 31318 NULL
26629 ++hwerr_crcbits_31334 hwerr_crcbits 4 31334 NULL
26630 +__cpu_to_node_31345 __cpu_to_node 0 31345 NULL
26631 +rbd_do_op_31366 rbd_do_op 8-9 31366 NULL
26632 -+xprt_rdma_allocate_31372 xprt_rdma_allocate 2 31372 NULL
26633 ++native_setup_msi_irqs_31367 native_setup_msi_irqs 2 31367 NULL
26634 ++buffDnld_31372 buffDnld 0 31372 NULL nohasharray
26635 ++xprt_rdma_allocate_31372 xprt_rdma_allocate 2 31372 &buffDnld_31372
26636 +trace_parser_get_init_31379 trace_parser_get_init 2 31379 NULL
26637 +inb_31388 inb 0 31388 NULL
26638 +key_ifindex_read_31411 key_ifindex_read 3 31411 NULL
26639 -+mcs7830_set_reg_31413 mcs7830_set_reg 3 31413 NULL
26640 ++i915_gem_object_put_fence_31413 i915_gem_object_put_fence 0 31413 NULL nohasharray
26641 ++mcs7830_set_reg_31413 mcs7830_set_reg 3 31413 &i915_gem_object_put_fence_31413
26642 +TSS_checkhmac1_31429 TSS_checkhmac1 5 31429 NULL
26643 +snd_aw2_saa7146_get_hw_ptr_capture_31431 snd_aw2_saa7146_get_hw_ptr_capture 0 31431 NULL
26644 -+pool_status_31439 pool_status 4 31439 NULL
26645 +acpi_sci_ioapic_setup_31445 acpi_sci_ioapic_setup 4 31445 NULL
26646 +opera1_xilinx_rw_31453 opera1_xilinx_rw 5 31453 NULL
26647 ++register_ftrace_graph_31456 register_ftrace_graph 0 31456 NULL
26648 +do_fcntl_31468 do_fcntl 3 31468 NULL
26649 +xfs_btree_get_numrecs_31477 xfs_btree_get_numrecs 0 31477 NULL
26650 ++__ext4_journal_get_write_access_31482 __ext4_journal_get_write_access 0 31482 NULL
26651 +alg_setkey_31485 alg_setkey 3 31485 NULL
26652 +rds_message_map_pages_31487 rds_message_map_pages 2 31487 NULL
26653 +qsfp_2_read_31491 qsfp_2_read 3 31491 NULL
26654 +__alloc_bootmem_31498 __alloc_bootmem 1 31498 NULL
26655 +hidraw_write_31536 hidraw_write 3 31536 NULL
26656 -+mtd_div_by_eb_31543 mtd_div_by_eb 0-1 31543 NULL
26657 +normalize_31566 normalize 0-1-2 31566 NULL
26658 ++inet6_ifaddr_msgsize_31568 inet6_ifaddr_msgsize 0 31568 NULL
26659 +osst_write_31581 osst_write 3 31581 NULL
26660 +iwl_dbgfs_ucode_tx_stats_read_31611 iwl_dbgfs_ucode_tx_stats_read 3 31611 NULL
26661 +arvo_sysfs_read_31617 arvo_sysfs_read 6 31617 NULL
26662 +iwl_legacy_dbgfs_traffic_log_read_31625 iwl_legacy_dbgfs_traffic_log_read 3 31625 NULL
26663 ++xfs_log_move_tail_31628 xfs_log_move_tail 2 31628 NULL
26664 +videobuf_read_one_31637 videobuf_read_one 3 31637 NULL
26665 +pod_alloc_sysex_buffer_31651 pod_alloc_sysex_buffer 3 31651 NULL
26666 +xfer_secondary_pool_31661 xfer_secondary_pool 2 31661 NULL
26667 +__lgread_31668 __lgread 4 31668 NULL
26668 -+symbol_string_31670 symbol_string 0 31670 NULL
26669 ++xfs_ail_min_lsn_31684 xfs_ail_min_lsn 0 31684 NULL
26670 ++fst_recover_rx_error_31687 fst_recover_rx_error 3 31687 NULL
26671 +handle_interrupt_31689 handle_interrupt 0 31689 NULL nohasharray
26672 +reiserfs_in_journal_31689 reiserfs_in_journal 3 31689 &handle_interrupt_31689
26673 +iwl_legacy_dbgfs_chain_noise_read_31692 iwl_legacy_dbgfs_chain_noise_read 3 31692 NULL
26674 +audit_log_n_string_31705 audit_log_n_string 3 31705 NULL
26675 ++sctp_make_asconf_ack_31726 sctp_make_asconf_ack 3 31726 NULL
26676 ++ata_tport_add_31733 ata_tport_add 0 31733 NULL
26677 +utf16s_to_utf8s_31735 utf16s_to_utf8s 0 31735 NULL
26678 +NCR_700_change_queue_depth_31742 NCR_700_change_queue_depth 2 31742 NULL nohasharray
26679 +input_abs_get_max_31742 input_abs_get_max 0 31742 &NCR_700_change_queue_depth_31742
26680 @@ -106542,122 +107668,149 @@ index 0000000..6fcc08d
26681 +isr_rx_procs_read_31804 isr_rx_procs_read 3 31804 NULL
26682 +strnlen_user_31815 strnlen_user 0-2 31815 NULL
26683 +sta_last_signal_read_31818 sta_last_signal_read 3 31818 NULL
26684 -+drm_mode_crtc_set_gamma_size_31881 drm_mode_crtc_set_gamma_size 2 31881 NULL
26685 -+ddb_output_write_31902 ddb_output_write 3 31902 NULL
26686 ++iwl_dbgfs_disable_ht40_write_31876 iwl_dbgfs_disable_ht40_write 3 31876 NULL
26687 ++ddb_output_write_31902 ddb_output_write 3-0 31902 NULL
26688 +xattr_permission_31907 xattr_permission 0 31907 NULL
26689 +kmem_alloc_31920 kmem_alloc 1 31920 NULL
26690 +guestwidth_to_adjustwidth_31937 guestwidth_to_adjustwidth 0-1 31937 NULL
26691 -+iov_iter_copy_from_user_31942 iov_iter_copy_from_user 4 31942 NULL
26692 ++iov_iter_copy_from_user_31942 iov_iter_copy_from_user 4-0 31942 NULL nohasharray
26693 ++read_mem_31942 read_mem 3 31942 &iov_iter_copy_from_user_31942
26694 +vb2_write_31948 vb2_write 3 31948 NULL
26695 +pvr2_ctrl_get_valname_31951 pvr2_ctrl_get_valname 4 31951 NULL
26696 +copy_from_user_toio_31966 copy_from_user_toio 3 31966 NULL
26697 -+mtd_add_partition_31971 mtd_add_partition 3 31971 NULL
26698 ++vx_read_status_31982 vx_read_status 0 31982 NULL
26699 +find_next_zero_bit_31990 find_next_zero_bit 0-2-3 31990 NULL
26700 ++sysfs_create_file_31996 sysfs_create_file 0 31996 NULL
26701 +calc_hmac_32010 calc_hmac 3 32010 NULL
26702 -+aead_len_32021 aead_len 0 32021 NULL
26703 -+ocfs2_remove_extent_32032 ocfs2_remove_extent 4-3 32032 NULL
26704 ++aer_init_32021 aer_init 0 32021 NULL nohasharray
26705 ++aead_len_32021 aead_len 0 32021 &aer_init_32021
26706 ++ocfs2_remove_extent_32032 ocfs2_remove_extent 0-4-3 32032 NULL
26707 +posix_acl_set_32037 posix_acl_set 4 32037 NULL
26708 -+vmw_cursor_update_dmabuf_32045 vmw_cursor_update_dmabuf 3-4 32045 NULL
26709 -+sys_sched_setaffinity_32046 sys_sched_setaffinity 2 32046 NULL
26710 ++ocfs2_update_edge_lengths_32046 ocfs2_update_edge_lengths 0 32046 NULL nohasharray
26711 ++sys_sched_setaffinity_32046 sys_sched_setaffinity 2 32046 &ocfs2_update_edge_lengths_32046
26712 +proc_scsi_devinfo_write_32064 proc_scsi_devinfo_write 3 32064 NULL
26713 ++nlmsg_put_32069 nlmsg_put 5 32069 NULL
26714 +cfg80211_send_unprot_deauth_32080 cfg80211_send_unprot_deauth 3 32080 NULL
26715 +ath6kl_fwlog_read_32101 ath6kl_fwlog_read 3 32101 NULL
26716 +set_discoverable_32102 set_discoverable 4 32102 NULL
26717 +disk_status_32120 disk_status 4 32120 NULL
26718 ++kobject_add_internal_32133 kobject_add_internal 0 32133 NULL
26719 ++alloc_tx_32143 alloc_tx 2 32143 NULL
26720 ++norm_maxh_32151 norm_maxh 0 32151 NULL
26721 +venus_link_32165 venus_link 5 32165 NULL
26722 +drbd_new_dev_size_32171 drbd_new_dev_size 0 32171 NULL
26723 -+do_writepages_32173 do_writepages 0 32173 NULL nohasharray
26724 -+ntfs_rl_realloc_nofail_32173 ntfs_rl_realloc_nofail 3 32173 &do_writepages_32173
26725 ++do_writepages_32173 do_writepages 0 32173 NULL
26726 +load_header_32183 load_header 0 32183 NULL
26727 +ubi_wl_scrub_peb_32196 ubi_wl_scrub_peb 0 32196 NULL
26728 +wusb_ccm_mac_32199 wusb_ccm_mac 7 32199 NULL
26729 +riva_get_cmap_len_32218 riva_get_cmap_len 0 32218 NULL
26730 ++caif_seqpkt_recvmsg_32241 caif_seqpkt_recvmsg 4 32241 NULL
26731 +lbs_lowrssi_read_32242 lbs_lowrssi_read 3 32242 NULL
26732 +ocfs2_xattr_find_entry_32260 ocfs2_xattr_find_entry 0 32260 NULL
26733 -+fb_compat_ioctl_32265 fb_compat_ioctl 3 32265 NULL
26734 -+vmalloc_user_32308 vmalloc_user 1 32308 NULL
26735 ++l3_alloc_skb_32289 l3_alloc_skb 1 32289 NULL
26736 ++cas_calc_tabort_32316 cas_calc_tabort 0 32316 NULL
26737 +nl80211_send_mlme_event_32337 nl80211_send_mlme_event 4 32337 NULL
26738 +t4_alloc_mem_32342 t4_alloc_mem 1 32342 NULL
26739 -+dispatch_ioctl_32357 dispatch_ioctl 2 32357 NULL
26740 ++dispatch_ioctl_32357 dispatch_ioctl 2 32357 NULL nohasharray
26741 ++rx_streaming_always_write_32357 rx_streaming_always_write 3 32357 &dispatch_ioctl_32357
26742 +f1x_translate_sysaddr_to_cs_32359 f1x_translate_sysaddr_to_cs 2 32359 NULL
26743 +sel_read_initcon_32362 sel_read_initcon 3 32362 NULL
26744 -+_drbd_bm_find_next_32372 _drbd_bm_find_next 2 32372 NULL
26745 ++send_mpa_reply_32372 send_mpa_reply 3 32372 NULL nohasharray
26746 ++_drbd_bm_find_next_32372 _drbd_bm_find_next 2 32372 &send_mpa_reply_32372
26747 +variax_set_raw2_32374 variax_set_raw2 4 32374 NULL
26748 +usbtmc_read_32377 usbtmc_read 3 32377 NULL
26749 ++intel_iommu_map_32384 intel_iommu_map 4-3 32384 NULL
26750 ++local_clock_32385 local_clock 0 32385 NULL
26751 +xfs_iext_add_indirect_multi_32400 xfs_iext_add_indirect_multi 3 32400 NULL
26752 +hid_input_report_32458 hid_input_report 4 32458 NULL
26753 ++snd_pcm_sync_ptr_32461 snd_pcm_sync_ptr 0 32461 NULL
26754 ++fill_readbuf_32464 fill_readbuf 3 32464 NULL
26755 +ieee80211_fill_mesh_addresses_32465 ieee80211_fill_mesh_addresses 0 32465 NULL
26756 +ide_driver_proc_write_32493 ide_driver_proc_write 3 32493 NULL
26757 +ctrl_std_val_to_sym_32516 ctrl_std_val_to_sym 5 32516 NULL
26758 -+qsfp_read_32522 qsfp_read 0-4-2 32522 NULL
26759 ++ocfs2_local_alloc_reserve_for_window_32518 ocfs2_local_alloc_reserve_for_window 0 32518 NULL
26760 ++qsfp_read_32522 qsfp_read 0-2-4 32522 NULL
26761 +ilo_read_32531 ilo_read 3 32531 NULL
26762 +ieee80211_if_read_estab_plinks_32533 ieee80211_if_read_estab_plinks 3 32533 NULL
26763 +format_devstat_counter_32550 format_devstat_counter 3 32550 NULL
26764 +__first_node_32558 __first_node 0 32558 NULL
26765 +aes_encrypt_fail_read_32562 aes_encrypt_fail_read 3 32562 NULL
26766 -+pnp_mem_len_32584 pnp_mem_len 0 32584 NULL
26767 +mem_swapout_entry_32586 mem_swapout_entry 3 32586 NULL
26768 +read_file_beacon_32595 read_file_beacon 3 32595 NULL
26769 +ieee80211_if_read_dropped_frames_congestion_32603 ieee80211_if_read_dropped_frames_congestion 3 32603 NULL
26770 +sys_set_mempolicy_32608 sys_set_mempolicy 3 32608 NULL
26771 -+cfg80211_roamed_32632 cfg80211_roamed 5-7 32632 NULL
26772 ++__iter_shared_inline_ref_32610 __iter_shared_inline_ref 0 32610 NULL
26773 ++irda_recvmsg_dgram_32631 irda_recvmsg_dgram 4 32631 NULL
26774 ++cfg80211_roamed_32632 cfg80211_roamed 7-5 32632 NULL
26775 +ieee80211_hdrlen_32637 ieee80211_hdrlen 0 32637 NULL
26776 +ite_decode_bytes_32642 ite_decode_bytes 3 32642 NULL
26777 +kvmalloc_32646 kvmalloc 1 32646 NULL
26778 +ib_sg_dma_len_32649 ib_sg_dma_len 0 32649 NULL
26779 -+__kmalloc_section_memmap_32651 __kmalloc_section_memmap 1 32651 NULL
26780 -+generic_readlink_32654 generic_readlink 3 32654 NULL
26781 ++generic_readlink_32654 generic_readlink 3 32654 NULL nohasharray
26782 ++ftrace_startup_32654 ftrace_startup 0 32654 &generic_readlink_32654
26783 +move_addr_to_kernel_32673 move_addr_to_kernel 2 32673 NULL
26784 -+snd_hwdep_ioctl_compat_32736 snd_hwdep_ioctl_compat 3 32736 NULL
26785 ++apei_res_add_32674 apei_res_add 0 32674 NULL
26786 ++rt2x00debug_read_queue_dump_32712 rt2x00debug_read_queue_dump 3 32712 NULL
26787 ++slhc_remember_32741 slhc_remember 3-0 32741 NULL
26788 +megasas_change_queue_depth_32747 megasas_change_queue_depth 2 32747 NULL
26789 +stats_read_ul_32751 stats_read_ul 3 32751 NULL
26790 -+tty_compat_ioctl_32761 tty_compat_ioctl 3 32761 NULL
26791 ++write_file_disable_ani_32761 write_file_disable_ani 3 32761 NULL
26792 +sctp_tsnmap_grow_32784 sctp_tsnmap_grow 2 32784 NULL
26793 ++ocfs2_read_inode_block_full_32790 ocfs2_read_inode_block_full 0 32790 NULL
26794 +firmwareUpload_32794 firmwareUpload 3 32794 NULL
26795 +get_register_page_interruptible_32809 get_register_page_interruptible 5 32809 NULL
26796 +orig_node_add_if_32833 orig_node_add_if 2 32833 NULL
26797 -+vga_rseq_32848 vga_rseq 0 32848 NULL
26798 ++nlmsg_validate_32861 nlmsg_validate 2 32861 NULL
26799 +new_tape_buffer_32866 new_tape_buffer 2 32866 NULL
26800 +io_apic_setup_irq_pin_32868 io_apic_setup_irq_pin 1 32868 NULL
26801 ++blkio_fill_stat_32874 blkio_fill_stat 2 32874 NULL
26802 ++vp702x_usb_inout_cmd_32884 vp702x_usb_inout_cmd 4-6 32884 NULL
26803 +zlib_inflate_workspacesize_32927 zlib_inflate_workspacesize 0 32927 NULL
26804 +irq_reserve_irqs_32946 irq_reserve_irqs 1-2 32946 NULL
26805 +ext4_valid_block_bitmap_32958 ext4_valid_block_bitmap 3 32958 NULL
26806 -+arch_ptrace_32981 arch_ptrace 3 32981 NULL
26807 +compat_filldir_32999 compat_filldir 3 32999 NULL
26808 -+ext3_alloc_blocks_33007 ext3_alloc_blocks 3 33007 NULL
26809 ++ext3_alloc_blocks_33007 ext3_alloc_blocks 3-0 33007 NULL
26810 ++br_multicast_set_hash_max_33012 br_multicast_set_hash_max 2 33012 NULL
26811 ++snd_pcm_prepare_33036 snd_pcm_prepare 0 33036 NULL
26812 ++xfrm_mapping_msgsize_33044 xfrm_mapping_msgsize 0 33044 NULL
26813 +ebt_compat_match_offset_33053 ebt_compat_match_offset 0-2 33053 NULL
26814 +stats_dot11RTSSuccessCount_read_33065 stats_dot11RTSSuccessCount_read 3 33065 NULL
26815 +sel_read_checkreqprot_33068 sel_read_checkreqprot 3 33068 NULL
26816 +acl_permission_check_33083 acl_permission_check 0 33083 NULL
26817 -+write_node_33121 write_node 4 33121 NULL
26818 ++ieee80211_fragment_33112 ieee80211_fragment 4 33112 NULL
26819 +fb_sys_write_33130 fb_sys_write 3 33130 NULL
26820 +nfs4_init_slot_table_33152 nfs4_init_slot_table 2 33152 NULL
26821 +tun_get_user_33178 tun_get_user 3 33178 NULL
26822 -+dataflash_read_fact_otp_33204 dataflash_read_fact_otp 2-3 33204 NULL
26823 ++dataflash_read_fact_otp_33204 dataflash_read_fact_otp 3-2 33204 NULL
26824 +pp_read_33210 pp_read 3 33210 NULL
26825 +xfs_file_aio_write_33234 xfs_file_aio_write 4 33234 NULL
26826 ++__vb2_wait_for_done_vb_33246 __vb2_wait_for_done_vb 0 33246 NULL
26827 +snd_pcm_plug_client_size_33267 snd_pcm_plug_client_size 0-2 33267 NULL
26828 +sched_find_first_bit_33270 sched_find_first_bit 0 33270 NULL
26829 +cachefiles_cook_key_33274 cachefiles_cook_key 2 33274 NULL
26830 -+mei_compat_ioctl_33275 mei_compat_ioctl 3 33275 NULL
26831 -+security_genfs_sid_33277 security_genfs_sid 3 33277 NULL
26832 ++i915_gem_object_flush_fence_33304 i915_gem_object_flush_fence 0 33304 NULL
26833 +mcs7830_get_reg_33308 mcs7830_get_reg 3 33308 NULL
26834 +ceph_msgpool_init_33312 ceph_msgpool_init 3 33312 NULL
26835 ++vx_send_irq_dsp_33329 vx_send_irq_dsp 0 33329 NULL
26836 ++gsm_mux_rx_netchar_33336 gsm_mux_rx_netchar 3 33336 NULL
26837 +joydev_ioctl_33343 joydev_ioctl 2 33343 NULL
26838 +create_xattr_datum_33356 create_xattr_datum 5 33356 NULL
26839 ++pvscsi_allocate_sg_33357 pvscsi_allocate_sg 0 33357 NULL
26840 +read_file_regidx_33370 read_file_regidx 3 33370 NULL
26841 +ceph_osdc_writepages_33375 ceph_osdc_writepages 5 33375 NULL
26842 ++sctp_ulpevent_new_33377 sctp_ulpevent_new 1 33377 NULL
26843 +ocfs2_quota_read_33382 ocfs2_quota_read 5 33382 NULL
26844 +ieee80211_if_read_dropped_frames_no_route_33383 ieee80211_if_read_dropped_frames_no_route 3 33383 NULL
26845 +scsi_varlen_cdb_length_33385 scsi_varlen_cdb_length 0 33385 NULL
26846 -+ocfs2_allocate_unwritten_extents_33394 ocfs2_allocate_unwritten_extents 2-3 33394 NULL
26847 ++ocfs2_allocate_unwritten_extents_33394 ocfs2_allocate_unwritten_extents 3-2 33394 NULL
26848 +snd_pcm_capture_ioctl1_33408 snd_pcm_capture_ioctl1 0 33408 NULL
26849 +ufs_getfrag_block_33409 ufs_getfrag_block 2 33409 NULL
26850 -+ubh_scanc_33436 ubh_scanc 0-4-3 33436 NULL
26851 ++filemap_fdatawrite_33415 filemap_fdatawrite 0 33415 NULL
26852 ++sys_dup3_33421 sys_dup3 2 33421 NULL
26853 ++ubh_scanc_33436 ubh_scanc 0-3-4 33436 NULL
26854 +create_entry_33479 create_entry 2 33479 NULL
26855 +ip_setsockopt_33487 ip_setsockopt 5 33487 NULL nohasharray
26856 +elf_map_33487 elf_map 0-2 33487 &ip_setsockopt_33487
26857 -+netxen_nic_hw_write_wx_128M_33488 netxen_nic_hw_write_wx_128M 2 33488 NULL
26858 +ol_dqblk_chunk_off_33489 ol_dqblk_chunk_off 2 33489 NULL
26859 +res_counter_read_33499 res_counter_read 4 33499 NULL
26860 +fb_read_33506 fb_read 3 33506 NULL
26861 @@ -106674,64 +107827,83 @@ index 0000000..6fcc08d
26862 +inw_p_33668 inw_p 0 33668 NULL
26863 +arp_hdr_len_33671 arp_hdr_len 0 33671 NULL
26864 +rbd_alloc_coll_33678 rbd_alloc_coll 1 33678 NULL
26865 -+compat_insnlist_33706 compat_insnlist 2 33706 NULL
26866 +sys_keyctl_33708 sys_keyctl 4 33708 NULL nohasharray
26867 +netlink_sendmsg_33708 netlink_sendmsg 4 33708 &sys_keyctl_33708
26868 +get_free_de_33714 get_free_de 2 33714 NULL
26869 +pvr2_stream_buffer_count_33719 pvr2_stream_buffer_count 2 33719 NULL
26870 +ocfs2_extent_map_get_blocks_33720 ocfs2_extent_map_get_blocks 2 33720 NULL
26871 ++ocfs2_lock_allocators_move_extents_33723 ocfs2_lock_allocators_move_extents 0 33723 NULL
26872 +__mutex_lock_interruptible_slowpath_33735 __mutex_lock_interruptible_slowpath 0 33735 NULL
26873 ++Read_hfc_33755 Read_hfc 0 33755 NULL
26874 +hashtab_create_33769 hashtab_create 3 33769 NULL
26875 +midibuf_message_length_33770 midibuf_message_length 0 33770 NULL
26876 ++i8042_create_aux_port_33777 i8042_create_aux_port 0 33777 NULL
26877 +if_sdio_read_rx_len_33800 if_sdio_read_rx_len 0 33800 NULL
26878 -+find_next_offset_33804 find_next_offset 3 33804 NULL nohasharray
26879 ++find_next_offset_33804 find_next_offset 3-0 33804 NULL nohasharray
26880 +apei_estatus_len_33804 apei_estatus_len 0 33804 &find_next_offset_33804
26881 -+sky2_rx_pad_33819 sky2_rx_pad 0 33819 NULL
26882 -+usb_dump_endpoint_descriptor_33849 usb_dump_endpoint_descriptor 0 33849 NULL
26883 ++sky2_rx_pad_33819 sky2_rx_pad 0 33819 NULL nohasharray
26884 ++filter_write_33819 filter_write 3 33819 &sky2_rx_pad_33819
26885 ++ext4_journal_extend_33835 ext4_journal_extend 0 33835 NULL
26886 ++snd_pcm_action_nonatomic_33844 snd_pcm_action_nonatomic 0 33844 NULL
26887 +get_user_pages_33908 get_user_pages 0 33908 NULL
26888 +queue_logical_block_size_33918 queue_logical_block_size 0 33918 NULL
26889 +max8649_read_device_33930 max8649_read_device 3 33930 NULL
26890 +sel_read_avc_cache_threshold_33942 sel_read_avc_cache_threshold 3 33942 NULL
26891 +lpfc_idiag_ctlacc_read_33943 lpfc_idiag_ctlacc_read 3 33943 NULL
26892 +read_file_tgt_rx_stats_33944 read_file_tgt_rx_stats 3 33944 NULL
26893 ++ocfs2_create_new_meta_bhs_33955 ocfs2_create_new_meta_bhs 0 33955 NULL
26894 ++btrfs_delalloc_reserve_metadata_33963 btrfs_delalloc_reserve_metadata 0 33963 NULL
26895 +vga_switcheroo_debugfs_write_33984 vga_switcheroo_debugfs_write 3 33984 NULL
26896 -+__ntfs_malloc_34022 __ntfs_malloc 1 34022 NULL
26897 ++snd_interval_refine_33987 snd_interval_refine 0 33987 NULL
26898 ++uio_dev_add_attributes_34003 uio_dev_add_attributes 0 34003 NULL
26899 ++select_size_34004 select_size 0 34004 NULL
26900 ++lbs_lowrssi_write_34025 lbs_lowrssi_write 3 34025 NULL
26901 +ppp_write_34034 ppp_write 3 34034 NULL
26902 -+tty_insert_flip_string_34042 tty_insert_flip_string 3 34042 NULL
26903 ++tty_insert_flip_string_34042 tty_insert_flip_string 3-0 34042 NULL
26904 +__domain_flush_pages_34045 __domain_flush_pages 2-3 34045 NULL
26905 -+compat_hdio_ioctl_34088 compat_hdio_ioctl 4 34088 NULL
26906 +islpci_mgt_transmit_34133 islpci_mgt_transmit 5 34133 NULL
26907 -+ttm_dma_page_pool_free_34135 ttm_dma_page_pool_free 2 34135 NULL
26908 ++mtu2blksize_34139 mtu2blksize 0 34139 NULL
26909 ++ocfs2_xattr_list_entry_34165 ocfs2_xattr_list_entry 0 34165 NULL
26910 ++skb_to_sgvec_34171 skb_to_sgvec 0 34171 NULL
26911 +iwl_legacy_dbgfs_tx_queue_read_34192 iwl_legacy_dbgfs_tx_queue_read 3 34192 NULL
26912 +mtd_write_34207 mtd_write 3 34207 NULL
26913 ++setup_nodes_for_search_34248 setup_nodes_for_search 0 34248 NULL
26914 +bl_pipe_downcall_34264 bl_pipe_downcall 3 34264 NULL
26915 -+rw_copy_check_uvector_34271 rw_copy_check_uvector 3 34271 NULL
26916 ++ocfs2_dlm_lock_34265 ocfs2_dlm_lock 0 34265 NULL
26917 ++rw_copy_check_uvector_34271 rw_copy_check_uvector 3-0 34271 NULL
26918 ++device_private_init_34279 device_private_init 0 34279 NULL
26919 +zone_spanned_pages_in_node_34299 zone_spanned_pages_in_node 0 34299 NULL
26920 +iov_iter_single_seg_count_34326 iov_iter_single_seg_count 0 34326 NULL nohasharray
26921 +pcpu_need_to_extend_34326 pcpu_need_to_extend 0 34326 &iov_iter_single_seg_count_34326
26922 +crypto_ablkcipher_ivsize_34363 crypto_ablkcipher_ivsize 0 34363 NULL
26923 -+rngapi_reset_34366 rngapi_reset 3 34366 NULL
26924 -+reiserfs_resize_34377 reiserfs_resize 2 34377 NULL
26925 ++rngapi_reset_34366 rngapi_reset 3 34366 NULL nohasharray
26926 ++p54_alloc_skb_34366 p54_alloc_skb 3 34366 &rngapi_reset_34366
26927 +ea_read_34378 ea_read 0 34378 NULL
26928 +av7110_vbi_write_34384 av7110_vbi_write 3 34384 NULL
26929 +usbvision_v4l2_read_34386 usbvision_v4l2_read 3 34386 NULL
26930 +read_rbu_image_type_34387 read_rbu_image_type 6 34387 NULL
26931 +ivtv_read_pos_34400 ivtv_read_pos 3 34400 NULL
26932 ++sctp_make_heartbeat_ack_34411 sctp_make_heartbeat_ack 4 34411 NULL
26933 +nl80211_send_disassoc_34424 nl80211_send_disassoc 4 34424 NULL
26934 -+usbtest_alloc_urb_34446 usbtest_alloc_urb 3-5 34446 NULL
26935 ++usbtest_alloc_urb_34446 usbtest_alloc_urb 5-3 34446 NULL
26936 ++sctp_make_abort_34459 sctp_make_abort 3 34459 NULL
26937 +mwifiex_regrdwr_read_34472 mwifiex_regrdwr_read 3 34472 NULL
26938 +line6_dumpreq_init_34473 line6_dumpreq_init 3 34473 NULL
26939 +skcipher_sndbuf_34476 skcipher_sndbuf 0 34476 NULL
26940 +i2o_parm_field_get_34477 i2o_parm_field_get 5 34477 NULL
26941 ++ocfs2_block_group_clear_bits_34484 ocfs2_block_group_clear_bits 0 34484 NULL
26942 +security_inode_permission_34488 security_inode_permission 0 34488 NULL
26943 ++snd_pcm_hw_param_value_34525 snd_pcm_hw_param_value 0 34525 NULL
26944 +alloc_buf_34532 alloc_buf 1 34532 NULL
26945 +tracing_stats_read_34537 tracing_stats_read 3 34537 NULL
26946 -+hugetlbfs_read_actor_34547 hugetlbfs_read_actor 2-5-4 34547 NULL
26947 ++hugetlbfs_read_actor_34547 hugetlbfs_read_actor 4-5-2-0 34547 NULL
26948 ++intel_alloc_coherent_34551 intel_alloc_coherent 2 34551 NULL
26949 +dbBackSplit_34561 dbBackSplit 0 34561 NULL
26950 +alloc_ieee80211_rsl_34564 alloc_ieee80211_rsl 1 34564 NULL
26951 +velocity_rx_copy_34583 velocity_rx_copy 2 34583 NULL
26952 +init_send_hfcd_34586 init_send_hfcd 1 34586 NULL
26953 +inet6_ifla6_size_34591 inet6_ifla6_size 0 34591 NULL
26954 ++iwl_legacy_dbgfs_disable_ht40_write_34605 iwl_legacy_dbgfs_disable_ht40_write 3 34605 NULL
26955 +__jffs2_ref_totlen_34609 __jffs2_ref_totlen 0 34609 NULL
26956 +__cfg80211_disconnected_34622 __cfg80211_disconnected 3 34622 NULL
26957 +cnic_alloc_dma_34641 cnic_alloc_dma 3 34641 NULL
26958 @@ -106739,41 +107911,55 @@ index 0000000..6fcc08d
26959 +alloc_irq_and_cfg_at_34706 alloc_irq_and_cfg_at 1 34706 NULL
26960 +ieee80211_if_read_num_sta_ps_34722 ieee80211_if_read_num_sta_ps 3 34722 NULL
26961 +platform_list_read_file_34734 platform_list_read_file 3 34734 NULL
26962 -+reg_w_ixbuf_34736 reg_w_ixbuf 4 34736 NULL
26963 ++reg_w_ixbuf_34736 reg_w_ixbuf 4 34736 NULL nohasharray
26964 ++fib_rule_nlmsg_size_34736 fib_rule_nlmsg_size 0 34736 &reg_w_ixbuf_34736
26965 ++sctp_make_datafrag_empty_34737 sctp_make_datafrag_empty 3 34737 NULL
26966 ++solos_param_store_34755 solos_param_store 4 34755 NULL
26967 ++device_add_34766 device_add 0 34766 NULL
26968 +qib_cdev_init_34778 qib_cdev_init 1 34778 NULL
26969 -+__copy_in_user_34790 __copy_in_user 3 34790 NULL
26970 +tipc_log_resize_34803 tipc_log_resize 1 34803 NULL
26971 +drbd_get_max_capacity_34804 drbd_get_max_capacity 0 34804 NULL
26972 -+sep_prepare_input_dma_table_34832 sep_prepare_input_dma_table 2-3 34832 NULL
26973 ++sep_prepare_input_dma_table_34832 sep_prepare_input_dma_table 3-2 34832 NULL
26974 ++ext4_groupinfo_create_slab_34837 ext4_groupinfo_create_slab 1 34837 NULL
26975 +b43_debugfs_write_34838 b43_debugfs_write 3 34838 NULL
26976 -+bl_mark_for_commit_34852 bl_mark_for_commit 2-3 34852 NULL
26977 ++bl_mark_for_commit_34852 bl_mark_for_commit 3-2 34852 NULL
26978 +acpi_system_write_wakeup_device_34853 acpi_system_write_wakeup_device 3 34853 NULL
26979 +usb_serial_generic_prepare_write_buffer_34857 usb_serial_generic_prepare_write_buffer 3 34857 NULL
26980 +ieee80211_if_write_34894 ieee80211_if_write 3 34894 NULL
26981 -+compat_put_uint_34905 compat_put_uint 1 34905 NULL
26982 ++write_msg_34916 write_msg 3 34916 NULL
26983 ++iwl_dbgfs_force_reset_write_34930 iwl_dbgfs_force_reset_write 3 34930 NULL
26984 ++snd_info_entry_read_34938 snd_info_entry_read 3 34938 NULL
26985 +skb_gro_header_slow_34958 skb_gro_header_slow 2 34958 NULL nohasharray
26986 +i2c_transfer_34958 i2c_transfer 0 34958 &skb_gro_header_slow_34958
26987 +Realloc_34961 Realloc 2 34961 NULL
26988 ++iwl_legacy_dbgfs_missed_beacon_write_34966 iwl_legacy_dbgfs_missed_beacon_write 3 34966 NULL
26989 +l2cap_skbuff_fromiovec_35003 l2cap_skbuff_fromiovec 4-3 35003 NULL
26990 +sisusb_copy_memory_35016 sisusb_copy_memory 4 35016 NULL
26991 ++snd_pcm_hw_params_35020 snd_pcm_hw_params 0 35020 NULL
26992 ++generic_file_llseek_size_35024 generic_file_llseek_size 2 35024 NULL
26993 ++paranoid_check_peb_ec_hdr_35027 paranoid_check_peb_ec_hdr 0 35027 NULL
26994 +coda_psdev_read_35029 coda_psdev_read 3 35029 NULL
26995 ++xfs_rtallocate_extent_35052 xfs_rtallocate_extent 2-4-8 35052 NULL
26996 +btmrvl_gpiogap_write_35053 btmrvl_gpiogap_write 3 35053 NULL
26997 ++ext4_split_unwritten_extents_35063 ext4_split_unwritten_extents 0 35063 NULL
26998 +store_ifalias_35088 store_ifalias 4 35088 NULL
26999 +__kfifo_uint_must_check_helper_35097 __kfifo_uint_must_check_helper 0-1 35097 NULL
27000 +capi_write_35104 capi_write 3 35104 NULL
27001 +ide_settings_proc_write_35110 ide_settings_proc_write 3 35110 NULL
27002 -+pointer_35138 pointer 0 35138 NULL
27003 ++ceph_osdc_start_request_35122 ceph_osdc_start_request 0 35122 NULL
27004 +gntdev_alloc_map_35145 gntdev_alloc_map 2 35145 NULL
27005 +iscsi_conn_setup_35159 iscsi_conn_setup 2 35159 NULL
27006 +ieee80211_if_read_bssid_35161 ieee80211_if_read_bssid 3 35161 NULL
27007 +bat_ogm_aggr_packet_35202 bat_ogm_aggr_packet 3 35202 NULL
27008 +unix_stream_recvmsg_35210 unix_stream_recvmsg 4 35210 NULL
27009 +_osd_req_alist_elem_size_35216 _osd_req_alist_elem_size 0-2 35216 NULL
27010 -+striped_read_35218 striped_read 2-8-0-3 35218 NULL nohasharray
27011 ++striped_read_35218 striped_read 0-3-2-8 35218 NULL nohasharray
27012 +security_key_getsecurity_35218 security_key_getsecurity 0 35218 &striped_read_35218
27013 +video_register_device_no_warn_35226 video_register_device_no_warn 3 35226 NULL
27014 ++may_commit_transaction_35234 may_commit_transaction 0 35234 NULL
27015 +set_fd_set_35249 set_fd_set 1 35249 NULL
27016 +ioapic_setup_resources_35255 ioapic_setup_resources 1 35255 NULL
27017 ++jbd2_journal_get_write_access_35263 jbd2_journal_get_write_access 0 35263 NULL
27018 +dma_show_regs_35266 dma_show_regs 3 35266 NULL
27019 +irda_recvmsg_stream_35280 irda_recvmsg_stream 4 35280 NULL
27020 +i2o_block_end_request_35282 i2o_block_end_request 3 35282 NULL
27021 @@ -106782,117 +107968,146 @@ index 0000000..6fcc08d
27022 +tracing_read_pipe_35312 tracing_read_pipe 3 35312 NULL
27023 +sys_setsockopt_35320 sys_setsockopt 5 35320 NULL
27024 +new_bind_ctl_35324 new_bind_ctl 2 35324 NULL
27025 -+fallback_on_nodma_alloc_35332 fallback_on_nodma_alloc 2 35332 NULL
27026 +pskb_network_may_pull_35336 pskb_network_may_pull 2 35336 NULL
27027 ++mlx4_alloc_hwq_res_35339 mlx4_alloc_hwq_res 3 35339 NULL
27028 +hpi_alloc_control_cache_35351 hpi_alloc_control_cache 1 35351 NULL
27029 +compat_filldir64_35354 compat_filldir64 3 35354 NULL
27030 +tt_update_orig_35361 tt_update_orig 4 35361 NULL
27031 -+test_empty_cb_35410 test_empty_cb 3 35410 NULL
27032 ++read_kmem_35372 read_kmem 3 35372 NULL
27033 ++ocfs2_journal_access_di_35393 ocfs2_journal_access_di 0 35393 NULL
27034 +rawv6_send_hdrinc_35425 rawv6_send_hdrinc 3 35425 NULL
27035 +buffer_to_user_35439 buffer_to_user 3 35439 NULL
27036 +i915_wedged_read_35474 i915_wedged_read 3 35474 NULL
27037 -+do_atm_ioctl_35519 do_atm_ioctl 3 35519 NULL
27038 +async_setkey_35521 async_setkey 3 35521 NULL
27039 +__filemap_fdatawrite_range_35528 __filemap_fdatawrite_range 0 35528 NULL
27040 +iwl_dbgfs_bt_traffic_read_35534 iwl_dbgfs_bt_traffic_read 3 35534 NULL
27041 +rxpipe_tx_xfr_host_int_trig_rx_data_read_35538 rxpipe_tx_xfr_host_int_trig_rx_data_read 3 35538 NULL
27042 +ibnl_put_attr_35541 ibnl_put_attr 3 35541 NULL
27043 +ieee80211_if_write_smps_35550 ieee80211_if_write_smps 3 35550 NULL
27044 ++vb2_dqbuf_35559 vb2_dqbuf 0 35559 NULL
27045 ++sysfs_create_subdir_35567 sysfs_create_subdir 0 35567 NULL
27046 ++xfs_mount_log_sb_35576 xfs_mount_log_sb 2 35576 NULL
27047 +ext2_acl_from_disk_35580 ext2_acl_from_disk 2 35580 NULL
27048 -+security_compute_av_35608 security_compute_av 3 35608 NULL
27049 -+rbd_req_sync_read_35615 rbd_req_sync_read 5-6 35615 NULL
27050 ++ReadZReg_35604 ReadZReg 0 35604 NULL
27051 ++rbd_req_sync_read_35615 rbd_req_sync_read 6-5 35615 NULL
27052 +kernel_readv_35617 kernel_readv 3 35617 NULL
27053 ++pci_request_regions_35635 pci_request_regions 0 35635 NULL
27054 +scrub_stripe_35637 scrub_stripe 4-3 35637 NULL
27055 +spi_register_board_info_35651 spi_register_board_info 2 35651 NULL
27056 +store_debug_level_35652 store_debug_level 3 35652 NULL
27057 ++rdmaltWithLock_35669 rdmaltWithLock 0 35669 NULL
27058 +compat_sys_kexec_load_35674 compat_sys_kexec_load 2 35674 NULL
27059 -+dm_table_create_35687 dm_table_create 3 35687 NULL
27060 +rds_page_copy_user_35691 rds_page_copy_user 4 35691 NULL
27061 -+pci_enable_sriov_35745 pci_enable_sriov 2 35745 NULL
27062 ++btrfs_commit_transaction_35725 btrfs_commit_transaction 0 35725 NULL
27063 ++fixup_low_keys_35734 fixup_low_keys 0 35734 NULL
27064 ++ext4_truncate_restart_trans_35750 ext4_truncate_restart_trans 0 35750 NULL
27065 +iwl_dbgfs_disable_ht40_read_35761 iwl_dbgfs_disable_ht40_read 3 35761 NULL
27066 ++send_wqe_overhead_35780 send_wqe_overhead 0 35780 NULL
27067 +udf_alloc_i_data_35786 udf_alloc_i_data 2 35786 NULL
27068 +store_fan1_input_35793 store_fan1_input 4 35793 NULL
27069 +read_file_stations_35795 read_file_stations 3 35795 NULL
27070 +pvr2_hdw_cpufw_get_35824 pvr2_hdw_cpufw_get 0-4-2 35824 NULL
27071 ++vx_query_hbuffer_size_35859 vx_query_hbuffer_size 0 35859 NULL
27072 +mthca_buf_alloc_35861 mthca_buf_alloc 2 35861 NULL
27073 -+fls64_35862 fls64 0 35862 NULL
27074 ++fls64_35862 fls64 0-1 35862 NULL
27075 ++wait_mgsl_event_35872 wait_mgsl_event 0 35872 NULL
27076 +kvm_dirty_bitmap_bytes_35886 kvm_dirty_bitmap_bytes 0 35886 NULL
27077 +ieee80211_if_fmt_dot11MeshRetryTimeout_35890 ieee80211_if_fmt_dot11MeshRetryTimeout 3 35890 NULL
27078 +uwb_rc_cmd_done_35892 uwb_rc_cmd_done 4 35892 NULL
27079 ++tcp_mark_head_lost_35895 tcp_mark_head_lost 2 35895 NULL
27080 ++igmpv3_newpack_35912 igmpv3_newpack 2 35912 NULL
27081 +kernel_setsockopt_35913 kernel_setsockopt 5 35913 NULL
27082 -+vol_cdev_compat_ioctl_35923 vol_cdev_compat_ioctl 3 35923 NULL
27083 -+au_kzrealloc_35935 au_kzrealloc 3 35935 NULL
27084 ++dccp_listen_start_35918 dccp_listen_start 2 35918 NULL
27085 ++balance_node_right_35920 balance_node_right 0 35920 NULL
27086 +put_cmsg_compat_35937 put_cmsg_compat 4 35937 NULL
27087 +ceph_buffer_new_35974 ceph_buffer_new 1 35974 NULL
27088 +acl_alloc_35979 acl_alloc 1 35979 NULL
27089 ++device_add_class_symlinks_35985 device_add_class_symlinks 0 35985 NULL
27090 +generic_file_aio_read_35987 generic_file_aio_read 0 35987 NULL
27091 +koneplus_sysfs_write_35993 koneplus_sysfs_write 6 35993 NULL
27092 ++write_file_antenna_35998 write_file_antenna 3 35998 NULL
27093 ++console_store_36007 console_store 4 36007 NULL
27094 ++i965_write_fence_reg_36017 i965_write_fence_reg 0 36017 NULL
27095 +sys_init_module_36047 sys_init_module 2 36047 NULL
27096 +gpio_power_read_36059 gpio_power_read 3 36059 NULL
27097 ++snd_pcm_playback_hw_avail_36061 snd_pcm_playback_hw_avail 0 36061 NULL
27098 +write_emulate_36065 write_emulate 2-4 36065 NULL
27099 ++stack_max_size_write_36068 stack_max_size_write 3 36068 NULL
27100 +ieee80211_if_fmt_peer_36071 ieee80211_if_fmt_peer 3 36071 NULL
27101 -+ext3_new_blocks_36073 ext3_new_blocks 3 36073 NULL
27102 ++ext3_new_blocks_36073 ext3_new_blocks 3-0 36073 NULL
27103 +ieee80211_if_write_tsf_36077 ieee80211_if_write_tsf 3 36077 NULL
27104 +snd_pcm_plug_read_transfer_36080 snd_pcm_plug_read_transfer 0-3 36080 NULL
27105 ++genlmsg_new_36094 genlmsg_new 1 36094 NULL
27106 +vga_arb_write_36112 vga_arb_write 3 36112 NULL
27107 -+compat_ptrace_request_36131 compat_ptrace_request 3-4 36131 NULL
27108 -+vmalloc_exec_36132 vmalloc_exec 1 36132 NULL
27109 ++rx_enable_36125 rx_enable 0 36125 NULL
27110 +iwl_trans_txq_alloc_36147 iwl_trans_txq_alloc 3 36147 NULL
27111 -+alloc_vm_area_36149 alloc_vm_area 1 36149 NULL
27112 +b1_alloc_card_36155 b1_alloc_card 1 36155 NULL
27113 +btrfs_file_extent_inline_len_36158 btrfs_file_extent_inline_len 0 36158 NULL
27114 +snd_korg1212_copy_from_36169 snd_korg1212_copy_from 6 36169 NULL
27115 +FTL_Get_Block_Table_Flash_Size_Bytes_36187 FTL_Get_Block_Table_Flash_Size_Bytes 0 36187 NULL
27116 ++__ip_append_data_36191 __ip_append_data 7-8 36191 NULL
27117 +ubifs_read_nnode_36221 ubifs_read_nnode 0 36221 NULL
27118 +atomic_stats_read_36228 atomic_stats_read 3 36228 NULL
27119 +viafb_iga1_odev_proc_write_36241 viafb_iga1_odev_proc_write 3 36241 NULL
27120 +compat_sys_mbind_36256 compat_sys_mbind 5 36256 NULL
27121 +usb_buffer_alloc_36276 usb_buffer_alloc 2 36276 NULL
27122 ++modem_input_wait_36278 modem_input_wait 0 36278 NULL
27123 +mangle_sdp_packet_36279 mangle_sdp_packet 9 36279 NULL
27124 +codec_reg_read_file_36280 codec_reg_read_file 3 36280 NULL
27125 +lpfc_debugfs_dif_err_read_36303 lpfc_debugfs_dif_err_read 3 36303 NULL
27126 +ad7879_spi_xfer_36311 ad7879_spi_xfer 3 36311 NULL
27127 +fat_compat_ioctl_filldir_36328 fat_compat_ioctl_filldir 3 36328 NULL
27128 +jbd2_journal_init_revoke_table_36336 jbd2_journal_init_revoke_table 1 36336 NULL
27129 -+v9fs_file_readn_36353 v9fs_file_readn 4 36353 NULL nohasharray
27130 -+xz_dec_lzma2_create_36353 xz_dec_lzma2_create 2 36353 &v9fs_file_readn_36353
27131 ++qla4xxx_session_create_36350 qla4xxx_session_create 2 36350 NULL
27132 ++ath6kl_regwrite_write_36351 ath6kl_regwrite_write 3 36351 NULL
27133 ++v9fs_file_readn_36353 v9fs_file_readn 4 36353 NULL
27134 +to_sector_36361 to_sector 0-1 36361 NULL
27135 +mtd_do_writeoob_36373 mtd_do_writeoob 4 36373 NULL
27136 +vring_new_virtqueue_36374 vring_new_virtqueue 1 36374 NULL
27137 +tunables_read_36385 tunables_read 3 36385 NULL
27138 -+afs_alloc_flat_call_36399 afs_alloc_flat_call 2-3 36399 NULL
27139 ++afs_alloc_flat_call_36399 afs_alloc_flat_call 3-2 36399 NULL
27140 ++sierra_write_36402 sierra_write 4 36402 NULL
27141 ++sys_vm86_36421 sys_vm86 2 36421 NULL
27142 ++rtnl_link_get_size_36436 rtnl_link_get_size 0 36436 NULL
27143 +sctp_tsnmap_init_36446 sctp_tsnmap_init 2 36446 NULL
27144 +alloc_etherdev_mqs_36450 alloc_etherdev_mqs 1 36450 NULL
27145 +b43_nphy_load_samples_36481 b43_nphy_load_samples 3 36481 NULL
27146 ++ip6_append_data_36490 ip6_append_data 4-5 36490 NULL
27147 ++cmd_loop_36491 cmd_loop 0 36491 NULL
27148 +iwl_legacy_dbgfs_power_save_status_read_36492 iwl_legacy_dbgfs_power_save_status_read 3 36492 NULL
27149 +__hwahc_op_set_ptk_36510 __hwahc_op_set_ptk 5 36510 NULL
27150 +mcam_v4l_read_36513 mcam_v4l_read 3 36513 NULL
27151 +ieee80211_if_read_fwded_frames_36520 ieee80211_if_read_fwded_frames 3 36520 NULL
27152 +crypto_aead_authsize_36537 crypto_aead_authsize 0 36537 NULL
27153 +cpu_type_read_36540 cpu_type_read 3 36540 NULL
27154 -+__kfifo_to_user_36555 __kfifo_to_user 3 36555 NULL nohasharray
27155 ++__kfifo_to_user_36555 __kfifo_to_user 3-0 36555 NULL nohasharray
27156 +macvtap_do_read_36555 macvtap_do_read 4 36555 &__kfifo_to_user_36555
27157 -+ssb_bus_scan_36578 ssb_bus_scan 2 36578 NULL
27158 +__erst_read_36579 __erst_read 0 36579 NULL
27159 +put_cmsg_36589 put_cmsg 4 36589 NULL
27160 +pcnet32_realloc_rx_ring_36598 pcnet32_realloc_rx_ring 3 36598 NULL
27161 +fat_ioctl_filldir_36621 fat_ioctl_filldir 3 36621 NULL
27162 +vxge_config_vpaths_36636 vxge_config_vpaths 0 36636 NULL
27163 -+format_decode_36638 format_decode 0 36638 NULL
27164 +cxio_hal_rqtpool_alloc_36648 cxio_hal_rqtpool_alloc 2 36648 NULL nohasharray
27165 +lpfc_idiag_extacc_alloc_get_36648 lpfc_idiag_extacc_alloc_get 0-3 36648 &cxio_hal_rqtpool_alloc_36648
27166 ++perf_calculate_period_36662 perf_calculate_period 2-3 36662 NULL
27167 +osd_req_list_collection_objects_36664 osd_req_list_collection_objects 5 36664 NULL
27168 +iscsi_host_alloc_36671 iscsi_host_alloc 2 36671 NULL
27169 -+ptr_to_compat_36680 ptr_to_compat 0 36680 NULL
27170 +ext4_mb_discard_group_preallocations_36685 ext4_mb_discard_group_preallocations 2 36685 NULL
27171 ++get_txidle_36698 get_txidle 0 36698 NULL
27172 ++gsmtty_write_36702 gsmtty_write 3 36702 NULL
27173 ++sched_clock_36717 sched_clock 0 36717 NULL
27174 ++ocfs2_rotate_tree_right_36723 ocfs2_rotate_tree_right 0 36723 NULL
27175 +saa7134_i2c_eeprom_36729 saa7134_i2c_eeprom 3 36729 NULL
27176 +extract_icmp6_fields_36732 extract_icmp6_fields 2 36732 NULL
27177 -+snd_rawmidi_kernel_read1_36740 snd_rawmidi_kernel_read1 4 36740 NULL
27178 -+cxgbi_device_register_36746 cxgbi_device_register 1-2 36746 NULL
27179 ++snd_rawmidi_kernel_read1_36740 snd_rawmidi_kernel_read1 4-0 36740 NULL
27180 ++cxgbi_device_register_36746 cxgbi_device_register 2-1 36746 NULL
27181 ++i915_gem_evict_inactive_36767 i915_gem_evict_inactive 0 36767 NULL
27182 +ip4ip6_err_36772 ip4ip6_err 5 36772 NULL
27183 ++llc_mac_header_len_36776 llc_mac_header_len 0 36776 NULL
27184 +proc_fault_inject_read_36802 proc_fault_inject_read 3 36802 NULL
27185 +do_dmabuf_dirty_sou_36807 do_dmabuf_dirty_sou 7 36807 NULL
27186 +hiddev_ioctl_36816 hiddev_ioctl 2 36816 NULL
27187 ++ocfs2_journal_access_rb_36823 ocfs2_journal_access_rb 0 36823 NULL
27188 +int_hardware_entry_36833 int_hardware_entry 3 36833 NULL
27189 +fc_change_queue_depth_36841 fc_change_queue_depth 2 36841 NULL
27190 +keyctl_describe_key_36853 keyctl_describe_key 3 36853 NULL
27191 @@ -106901,182 +108116,236 @@ index 0000000..6fcc08d
27192 +ib_ucm_alloc_data_36885 ib_ucm_alloc_data 3 36885 NULL
27193 +selinux_inode_notifysecctx_36896 selinux_inode_notifysecctx 3 36896 NULL
27194 +OS_kmalloc_36909 OS_kmalloc 1 36909 NULL
27195 ++genlmsg_total_size_36938 genlmsg_total_size 0-1 36938 NULL
27196 +crypto_blkcipher_ivsize_36944 crypto_blkcipher_ivsize 0 36944 NULL
27197 -+write_leb_36957 write_leb 5 36957 NULL
27198 -+_copy_from_user_36959 _copy_from_user 3 36959 NULL
27199 ++div_u64_36951 div_u64 0 36951 NULL
27200 ++write_leb_36957 write_leb 0 36957 NULL
27201 ++call_usermodehelper_exec_36960 call_usermodehelper_exec 0 36960 NULL
27202 +ntfs_external_attr_find_36963 ntfs_external_attr_find 0 36963 NULL
27203 +sparse_early_mem_maps_alloc_node_36971 sparse_early_mem_maps_alloc_node 4 36971 NULL
27204 +setxattr_37006 setxattr 4 37006 NULL
27205 ++ondemand_readahead_37015 ondemand_readahead 6-5 37015 NULL
27206 ++command_file_read_37038 command_file_read 3 37038 NULL
27207 ++em28xx_gpio_set_37040 em28xx_gpio_set 0 37040 NULL
27208 +ieee80211_if_read_drop_unencrypted_37053 ieee80211_if_read_drop_unencrypted 3 37053 NULL
27209 ++find_next_chunk_37067 find_next_chunk 0 37067 NULL
27210 +parse_command_37079 parse_command 2 37079 NULL
27211 +snd_hda_get_conn_list_37132 snd_hda_get_conn_list 0 37132 NULL
27212 ++xfrm_expire_msgsize_37133 xfrm_expire_msgsize 0 37133 NULL
27213 +msg_word_37164 msg_word 0 37164 NULL
27214 ++BeceemNVMRead_37166 BeceemNVMRead 0 37166 NULL
27215 +can_set_xattr_37182 can_set_xattr 4 37182 NULL
27216 +store_wimax_37196 store_wimax 4 37196 NULL
27217 ++vcc_recvmsg_37198 vcc_recvmsg 4 37198 NULL
27218 ++sysfs_add_file_37200 sysfs_add_file 0 37200 NULL
27219 +crypto_shash_descsize_37212 crypto_shash_descsize 0 37212 NULL
27220 +uapsd_queues_read_37217 uapsd_queues_read 3 37217 NULL
27221 +regmap_access_read_file_37223 regmap_access_read_file 3 37223 NULL
27222 +__do_replace_37227 __do_replace 5 37227 NULL
27223 ++produce_free_peb_37232 produce_free_peb 0 37232 NULL
27224 ++ctnetlink_secctx_size_37236 ctnetlink_secctx_size 0 37236 NULL
27225 ++ReadLEDInformationFromEEPROM_37247 ReadLEDInformationFromEEPROM 0 37247 NULL
27226 ++BeceemFlashBulkWrite_37255 BeceemFlashBulkWrite 0 37255 NULL
27227 +prot_queue_del_37258 prot_queue_del 0 37258 NULL
27228 +exofs_max_io_pages_37263 exofs_max_io_pages 0-2 37263 NULL
27229 -+c101_run_37279 c101_run 2 37279 NULL
27230 +srp_target_alloc_37288 srp_target_alloc 3 37288 NULL
27231 ++request_threaded_irq_37303 request_threaded_irq 0 37303 NULL
27232 +jffs2_write_dirent_37311 jffs2_write_dirent 5 37311 NULL
27233 +send_msg_37323 send_msg 4 37323 NULL
27234 ++brcmf_sdbrcm_membytes_37324 brcmf_sdbrcm_membytes 3-5 37324 NULL
27235 +scsi_mode_select_37330 scsi_mode_select 6 37330 NULL
27236 +rxrpc_server_sendmsg_37331 rxrpc_server_sendmsg 4 37331 NULL
27237 -+flex_array_put_37350 flex_array_put 2 37350 NULL
27238 ++nf_bridge_pad_37351 nf_bridge_pad 0 37351 NULL
27239 +security_inode_getsecurity_37354 security_inode_getsecurity 0 37354 NULL
27240 -+iommu_num_pages_37391 iommu_num_pages 0-1-3-2 37391 NULL
27241 ++iommu_num_pages_37391 iommu_num_pages 0-2-3-1 37391 NULL
27242 +sys_getxattr_37418 sys_getxattr 4 37418 NULL
27243 +hci_sock_sendmsg_37420 hci_sock_sendmsg 4 37420 NULL
27244 +acpi_os_allocate_zeroed_37422 acpi_os_allocate_zeroed 1 37422 NULL nohasharray
27245 +find_next_bit_37422 find_next_bit 0-2-3 37422 &acpi_os_allocate_zeroed_37422
27246 -+tty_insert_flip_string_fixed_flag_37428 tty_insert_flip_string_fixed_flag 4 37428 NULL
27247 -+iwl_print_last_event_logs_37433 iwl_print_last_event_logs 0-7-9 37433 NULL
27248 ++ocfs2_insert_path_37425 ocfs2_insert_path 0 37425 NULL
27249 ++tty_insert_flip_string_fixed_flag_37428 tty_insert_flip_string_fixed_flag 4-0 37428 NULL
27250 ++iwl_print_last_event_logs_37433 iwl_print_last_event_logs 7-9-0 37433 NULL
27251 +tcp_established_options_37450 tcp_established_options 0 37450 NULL
27252 +cmd_input_size_37457 cmd_input_size 0-1 37457 NULL
27253 +ufs_data_ptr_to_cpu_37475 ufs_data_ptr_to_cpu 0 37475 NULL
27254 +get_est_timing_37484 get_est_timing 0 37484 NULL
27255 +kmem_realloc_37489 kmem_realloc 2 37489 NULL
27256 -+security_validate_transition_37494 security_validate_transition 4 37494 NULL
27257 -+kvm_vcpu_compat_ioctl_37500 kvm_vcpu_compat_ioctl 3 37500 NULL
27258 -+vmalloc_32_user_37519 vmalloc_32_user 1 37519 NULL
27259 ++xz_dec_test_write_37527 xz_dec_test_write 3 37527 NULL
27260 +hdr_size_37536 hdr_size 0 37536 NULL
27261 +xhci_alloc_streams_37586 xhci_alloc_streams 5 37586 NULL
27262 ++ocfs2_add_branch_37588 ocfs2_add_branch 0 37588 NULL
27263 ++alloc_descs_37593 alloc_descs 0-1 37593 NULL
27264 ++qla2x00_debounce_register_37597 qla2x00_debounce_register 0 37597 NULL
27265 ++btrfs_write_and_wait_marked_extents_37604 btrfs_write_and_wait_marked_extents 0 37604 NULL
27266 +kvm_read_guest_page_mmu_37611 kvm_read_guest_page_mmu 6 37611 NULL
27267 ++ocfs2_split_refcount_rec_37622 ocfs2_split_refcount_rec 0 37622 NULL
27268 +alloc_fd_37637 alloc_fd 1 37637 NULL
27269 ++tcp_dma_try_early_copy_37651 tcp_dma_try_early_copy 3 37651 NULL
27270 +bio_copy_user_iov_37660 bio_copy_user_iov 4 37660 NULL
27271 +rfcomm_sock_sendmsg_37661 rfcomm_sock_sendmsg 4 37661 NULL nohasharray
27272 +vmw_framebuffer_dmabuf_dirty_37661 vmw_framebuffer_dmabuf_dirty 6 37661 &rfcomm_sock_sendmsg_37661
27273 +iwl_legacy_dbgfs_rxon_filter_flags_read_37666 iwl_legacy_dbgfs_rxon_filter_flags_read 3 37666 NULL
27274 +regmap_map_read_file_37685 regmap_map_read_file 3 37685 NULL
27275 +__le32_to_cpup_37702 __le32_to_cpup 0 37702 NULL
27276 ++netxen_validate_ringparam_37740 netxen_validate_ringparam 1-2-3 37740 NULL
27277 +read_enabled_file_bool_37744 read_enabled_file_bool 3 37744 NULL
27278 -+ocfs2_duplicate_clusters_by_jbd_37749 ocfs2_duplicate_clusters_by_jbd 6-4-5 37749 NULL
27279 ++ocfs2_duplicate_clusters_by_jbd_37749 ocfs2_duplicate_clusters_by_jbd 5-4-6 37749 NULL
27280 +ocfs2_control_cfu_37750 ocfs2_control_cfu 2 37750 NULL
27281 +ipath_cdev_init_37752 ipath_cdev_init 1 37752 NULL
27282 +dccp_setsockopt_cscov_37766 dccp_setsockopt_cscov 2 37766 NULL
27283 +smk_read_logging_37804 smk_read_logging 3 37804 NULL
27284 +deny_write_access_37813 deny_write_access 0 37813 NULL
27285 -+fallback_alloc_37821 fallback_alloc 0 37821 NULL
27286 -+slab_get_obj_37825 slab_get_obj 0 37825 NULL
27287 -+bitmap_find_next_zero_area_37827 bitmap_find_next_zero_area 2-3-5-4 37827 NULL
27288 ++bitmap_find_next_zero_area_37827 bitmap_find_next_zero_area 2-3-0-5-4 37827 NULL
27289 ++jbd2_journal_get_undo_access_37837 jbd2_journal_get_undo_access 0 37837 NULL
27290 +o2hb_debug_read_37851 o2hb_debug_read 3 37851 NULL
27291 +xfs_dir2_block_to_sf_37868 xfs_dir2_block_to_sf 3 37868 NULL
27292 +iwmct_fw_parser_init_37876 iwmct_fw_parser_init 4 37876 NULL
27293 +sys_setxattr_37880 sys_setxattr 4 37880 NULL
27294 ++dvb_net_sec_37884 dvb_net_sec 3 37884 NULL
27295 +tipc_link_send_sections_fast_37920 tipc_link_send_sections_fast 4 37920 NULL
27296 ++xfs_highbit32_37921 xfs_highbit32 0 37921 NULL
27297 +pkt_alloc_packet_data_37928 pkt_alloc_packet_data 1 37928 NULL
27298 +read_rbu_packet_size_37939 read_rbu_packet_size 6 37939 NULL
27299 -+ext3_free_blocks_sb_37967 ext3_free_blocks_sb 3-4 37967 NULL
27300 ++write_file_bool_37957 write_file_bool 3 37957 NULL
27301 ++ext3_free_blocks_sb_37967 ext3_free_blocks_sb 4-3 37967 NULL
27302 +rds_rdma_extra_size_37990 rds_rdma_extra_size 0 37990 NULL
27303 +vfs_readv_38011 vfs_readv 3 38011 NULL
27304 +aggr_recv_addba_req_evt_38037 aggr_recv_addba_req_evt 4 38037 NULL
27305 +store_wlan_38040 store_wlan 4 38040 NULL
27306 +klsi_105_prepare_write_buffer_38044 klsi_105_prepare_write_buffer 3 38044 NULL
27307 ++sysfs_do_create_link_38051 sysfs_do_create_link 0 38051 NULL
27308 +nsm_create_handle_38060 nsm_create_handle 4 38060 NULL
27309 +alloc_ltalkdev_38071 alloc_ltalkdev 1 38071 NULL
27310 +uwb_mac_addr_print_38085 uwb_mac_addr_print 2 38085 NULL
27311 ++em28xx_set_mode_38088 em28xx_set_mode 0 38088 NULL
27312 +request_key_auth_new_38092 request_key_auth_new 3 38092 NULL
27313 +proc_self_readlink_38094 proc_self_readlink 3 38094 NULL
27314 +ep0_read_38095 ep0_read 3 38095 NULL
27315 +snd_pcm_oss_write_38108 snd_pcm_oss_write 3 38108 NULL
27316 +vmw_kms_present_38130 vmw_kms_present 9 38130 NULL
27317 -+__ntfs_copy_from_user_iovec_inatomic_38153 __ntfs_copy_from_user_iovec_inatomic 3-4 38153 NULL
27318 ++__ntfs_copy_from_user_iovec_inatomic_38153 __ntfs_copy_from_user_iovec_inatomic 0-4-3 38153 NULL
27319 +kvm_clear_guest_38164 kvm_clear_guest 3-2 38164 NULL
27320 +cdev_add_38176 cdev_add 2-3 38176 NULL
27321 +rt2x00debug_write_rf_38195 rt2x00debug_write_rf 3 38195 NULL
27322 +get_ucode_user_38202 get_ucode_user 3 38202 NULL
27323 -+ext3_new_block_38208 ext3_new_block 3 38208 NULL
27324 -+osd_req_list_partition_collections_38223 osd_req_list_partition_collections 5 38223 NULL
27325 -+vhost_net_compat_ioctl_38237 vhost_net_compat_ioctl 3 38237 NULL
27326 ++ext3_new_block_38208 ext3_new_block 3-0 38208 NULL
27327 ++osd_req_list_partition_collections_38223 osd_req_list_partition_collections 5 38223 NULL nohasharray
27328 ++xfs_rtallocate_range_38223 xfs_rtallocate_range 4-3 38223 &osd_req_list_partition_collections_38223
27329 ++inet_csk_listen_start_38233 inet_csk_listen_start 2 38233 NULL
27330 ++ceph_decode_16_38239 ceph_decode_16 0 38239 NULL
27331 +_ipw_read_reg32_38245 _ipw_read_reg32 0 38245 NULL
27332 ++snd_pcm_playback_rewind_38249 snd_pcm_playback_rewind 0-2 38249 NULL
27333 +ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 NULL nohasharray
27334 -+mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 &ieee80211_if_read_auto_open_plinks_38268
27335 -+xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 NULL nohasharray
27336 -+xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 &xfs_bmdr_to_bmbt_38275
27337 ++mthca_alloc_icm_table_38268 mthca_alloc_icm_table 3-4 38268 &ieee80211_if_read_auto_open_plinks_38268
27338 ++xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray
27339 ++xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 &xfs_bmbt_to_bmdr_38275
27340 ++zd_mac_rx_38296 zd_mac_rx 3 38296 NULL
27341 +isr_rx_headers_read_38325 isr_rx_headers_read 3 38325 NULL
27342 +ida_simple_get_38326 ida_simple_get 2 38326 NULL
27343 ++ocfs2_rotate_rightmost_leaf_left_38330 ocfs2_rotate_rightmost_leaf_left 0 38330 NULL
27344 +__snd_gf1_look8_38333 __snd_gf1_look8 0 38333 NULL
27345 ++ocfs2_replace_extent_rec_38357 ocfs2_replace_extent_rec 0 38357 NULL
27346 ++btrfs_file_extent_disk_num_bytes_38363 btrfs_file_extent_disk_num_bytes 0 38363 NULL
27347 ++sctp_sf_abort_violation_38380 sctp_sf_abort_violation 6 38380 NULL
27348 ++norm_maxh_38387 norm_maxh 0 38387 NULL
27349 +dn_sendmsg_38390 dn_sendmsg 4 38390 NULL
27350 ++ttm_put_pages_38411 ttm_put_pages 2 38411 NULL
27351 +get_valid_node_allowed_38412 get_valid_node_allowed 1-0 38412 NULL
27352 -+ocfs2_which_cluster_group_38413 ocfs2_which_cluster_group 2 38413 NULL
27353 ++ocfs2_which_cluster_group_38413 ocfs2_which_cluster_group 0-2 38413 NULL
27354 +iwm_wdev_alloc_38415 iwm_wdev_alloc 1 38415 NULL
27355 +ht_destroy_irq_38418 ht_destroy_irq 1 38418 NULL
27356 +ieee80211_if_read_dtim_count_38419 ieee80211_if_read_dtim_count 3 38419 NULL
27357 +pcnet32_realloc_tx_ring_38428 pcnet32_realloc_tx_ring 3 38428 NULL
27358 +pmcraid_copy_sglist_38431 pmcraid_copy_sglist 3 38431 NULL
27359 ++var_name_strnsize_38447 var_name_strnsize 0-2 38447 NULL
27360 +kvm_write_guest_38454 kvm_write_guest 4-2 38454 NULL
27361 -+blk_end_bidi_request_38482 blk_end_bidi_request 3-4 38482 NULL
27362 ++blk_end_bidi_request_38482 blk_end_bidi_request 4-3 38482 NULL
27363 +cpu_to_mem_38501 cpu_to_mem 0 38501 NULL
27364 +dev_names_read_38509 dev_names_read 3 38509 NULL
27365 +iscsi_create_iface_38510 iscsi_create_iface 5 38510 NULL
27366 ++sdhci_resume_host_38512 sdhci_resume_host 0 38512 NULL
27367 +event_rx_mismatch_read_38518 event_rx_mismatch_read 3 38518 NULL
27368 +ubifs_idx_node_sz_38546 ubifs_idx_node_sz 0-2 38546 NULL
27369 +cpu_to_node_38561 cpu_to_node 0 38561 NULL
27370 ++si_domain_work_fn_38562 si_domain_work_fn 1-2 38562 NULL
27371 +irda_sendmsg_dgram_38563 irda_sendmsg_dgram 4 38563 NULL
27372 +_ipw_read32_38565 _ipw_read32 0 38565 NULL
27373 +snd_nm256_playback_copy_38567 snd_nm256_playback_copy 5-3 38567 NULL
27374 ++sctp_tsnmap_num_dups_38578 sctp_tsnmap_num_dups 0 38578 NULL
27375 +copy_ctl_value_to_user_38587 copy_ctl_value_to_user 4 38587 NULL
27376 -+compat_sys_ptrace_38595 compat_sys_ptrace 3-4 38595 NULL
27377 ++cosa_net_setup_rx_38594 cosa_net_setup_rx 2 38594 NULL
27378 +reportdesc_callback_38603 reportdesc_callback 3 38603 NULL
27379 ++pep_indicate_38611 pep_indicate 5 38611 NULL
27380 +__css_put_38613 __css_put 2 38613 NULL
27381 +icn_writecmd_38629 icn_writecmd 2 38629 NULL
27382 ++write_enabled_file_bool_38630 write_enabled_file_bool 3 38630 NULL
27383 +receive_extralen_38634 receive_extralen 0 38634 NULL
27384 +audit_init_entry_38644 audit_init_entry 1 38644 NULL
27385 +mmc_send_cxd_data_38655 mmc_send_cxd_data 5 38655 NULL
27386 -+nfs_dns_resolve_name_38670 nfs_dns_resolve_name 2 38670 NULL
27387 ++snd_es1371_wait_src_ready_38673 snd_es1371_wait_src_ready 0 38673 NULL
27388 +cfg80211_send_disassoc_38678 cfg80211_send_disassoc 3 38678 NULL
27389 +iscsit_dump_data_payload_38683 iscsit_dump_data_payload 2 38683 NULL
27390 -+find_next_usable_block_38716 find_next_usable_block 1-3 38716 NULL
27391 ++validate_vid_hdr_38699 validate_vid_hdr 0 38699 NULL
27392 ++find_next_usable_block_38716 find_next_usable_block 3-1-0 38716 NULL
27393 +v4l2_ctrl_new_38725 v4l2_ctrl_new 7 38725 NULL
27394 ++w83977af_sir_interrupt_38738 w83977af_sir_interrupt 0 38738 NULL
27395 +iwl_dbgfs_thermal_throttling_read_38779 iwl_dbgfs_thermal_throttling_read 3 38779 NULL
27396 +snd_gus_dram_write_38784 snd_gus_dram_write 4 38784 NULL
27397 +gre_manip_pkt_38785 gre_manip_pkt 2 38785 NULL
27398 ++do_pci_enable_device_38802 do_pci_enable_device 0 38802 NULL
27399 +err_decode_38804 err_decode 2 38804 NULL
27400 +ipv6_renew_option_38813 ipv6_renew_option 3 38813 NULL
27401 +sys_select_38827 sys_select 1 38827 NULL
27402 +b43_txhdr_size_38832 b43_txhdr_size 0 38832 NULL
27403 +direct_entry_38836 direct_entry 3 38836 NULL
27404 +compat_udp_setsockopt_38840 compat_udp_setsockopt 5 38840 NULL
27405 ++read_nic_io_word_38853 read_nic_io_word 0 38853 NULL
27406 +interfaces_38859 interfaces 2 38859 NULL
27407 +pci_msix_table_size_38867 pci_msix_table_size 0 38867 NULL
27408 +sizeof_gpio_leds_priv_38882 sizeof_gpio_leds_priv 0-1 38882 NULL
27409 ++reserve_metadata_bytes_38886 reserve_metadata_bytes 0 38886 NULL
27410 +dbgfs_state_38894 dbgfs_state 3 38894 NULL
27411 -+ext3_trim_all_free_38929 ext3_trim_all_free 3-4-2 38929 NULL
27412 ++traverse_38897 traverse 0 38897 NULL
27413 ++__fswab16_38898 __fswab16 0 38898 NULL
27414 ++ext3_trim_all_free_38929 ext3_trim_all_free 2-4-3 38929 NULL
27415 +usb_maxpacket_38977 usb_maxpacket 0 38977 NULL
27416 -+OSDSetBlock_38986 OSDSetBlock 4-2 38986 NULL
27417 ++OSDSetBlock_38986 OSDSetBlock 2-4 38986 NULL
27418 ++lpfc_idiag_extacc_write_38998 lpfc_idiag_extacc_write 3 38998 NULL
27419 +udf_new_block_38999 udf_new_block 4 38999 NULL
27420 ++t4vf_pktgl_to_skb_39005 t4vf_pktgl_to_skb 2 39005 NULL
27421 +get_nodes_39012 get_nodes 3 39012 NULL
27422 +disp_proc_write_39024 disp_proc_write 3 39024 NULL
27423 +acpi_install_gpe_block_39031 acpi_install_gpe_block 4 39031 NULL
27424 +_zd_iowrite32v_async_locked_39034 _zd_iowrite32v_async_locked 3 39034 NULL
27425 ++do_write_kmem_39051 do_write_kmem 1-3-0 39051 NULL
27426 +line6_midibuf_read_39067 line6_midibuf_read 0-3 39067 NULL
27427 +ext4_init_block_bitmap_39071 ext4_init_block_bitmap 3 39071 NULL
27428 ++ReadHFC_39104 ReadHFC 0 39104 NULL
27429 +tomoyo_truncate_39105 tomoyo_truncate 0 39105 NULL
27430 -+__kfifo_to_user_r_39123 __kfifo_to_user_r 3 39123 NULL
27431 ++leb_write_lock_39111 leb_write_lock 0 39111 NULL
27432 ++__kfifo_to_user_r_39123 __kfifo_to_user_r 5-3 39123 NULL
27433 ++ttm_mem_global_alloc_zone_39125 ttm_mem_global_alloc_zone 0 39125 NULL
27434 ++i915_gem_evict_something_39130 i915_gem_evict_something 0 39130 NULL
27435 +ea_foreach_39133 ea_foreach 0 39133 NULL
27436 +generic_permission_39150 generic_permission 0 39150 NULL
27437 -+alloc_ring_39151 alloc_ring 2-4 39151 NULL
27438 ++alloc_ring_39151 alloc_ring 4-2 39151 NULL
27439 +proc_coredump_filter_read_39153 proc_coredump_filter_read 3 39153 NULL
27440 -+create_bounce_buffer_39155 create_bounce_buffer 3 39155 NULL
27441 +ext3_xattr_check_names_39174 ext3_xattr_check_names 0 39174 NULL
27442 -+init_list_set_39188 init_list_set 2-3 39188 NULL
27443 -+ubi_more_update_data_39189 ubi_more_update_data 4 39189 NULL
27444 ++init_list_set_39188 init_list_set 3-2 39188 NULL
27445 ++ubi_more_update_data_39189 ubi_more_update_data 4-0 39189 NULL
27446 +qcam_read_bytes_39205 qcam_read_bytes 0 39205 NULL
27447 +ivtv_v4l2_write_39226 ivtv_v4l2_write 3 39226 NULL
27448 +drm_order_39244 drm_order 0 39244 NULL
27449 ++snd_pcm_capture_forward_39248 snd_pcm_capture_forward 0-2 39248 NULL
27450 +r128_compat_ioctl_39250 r128_compat_ioctl 2 39250 NULL
27451 +__skb_cow_39254 __skb_cow 2 39254 NULL
27452 ++bitmap_set_bits_39272 bitmap_set_bits 3 39272 NULL
27453 ++expand_fdtable_39273 expand_fdtable 2 39273 NULL
27454 +pohmelfs_setxattr_39281 pohmelfs_setxattr 4 39281 NULL
27455 +mei_registration_cdev_39284 mei_registration_cdev 2 39284 NULL
27456 -+__vmalloc_node_39308 __vmalloc_node 1 39308 NULL
27457 +__cfg80211_connect_result_39326 __cfg80211_connect_result 4-6 39326 NULL
27458 -+flex_array_prealloc_39330 flex_array_prealloc 2-3 39330 NULL
27459 +wimax_msg_alloc_39343 wimax_msg_alloc 4 39343 NULL
27460 +__cfg80211_send_deauth_39344 __cfg80211_send_deauth 3 39344 NULL
27461 -+__copy_from_user_nocache_39351 __copy_from_user_nocache 3 39351 NULL
27462 +ide_complete_rq_39354 ide_complete_rq 3 39354 NULL
27463 +vortex_wtdma_getlinearpos_39371 vortex_wtdma_getlinearpos 0 39371 NULL
27464 +user_power_read_39414 user_power_read 3 39414 NULL
27465 @@ -107089,44 +108358,55 @@ index 0000000..6fcc08d
27466 +wm8350_i2c_read_device_39542 wm8350_i2c_read_device 3 39542 NULL nohasharray
27467 +int_proc_write_39542 int_proc_write 3 39542 &wm8350_i2c_read_device_39542
27468 +pp_write_39554 pp_write 3 39554 NULL
27469 -+ol_dqblk_block_39558 ol_dqblk_block 0-3-2 39558 NULL
27470 ++ol_dqblk_block_39558 ol_dqblk_block 2-0-3 39558 NULL
27471 +datablob_format_39571 datablob_format 2 39571 NULL nohasharray
27472 +ieee80211_if_read_fwded_mcast_39571 ieee80211_if_read_fwded_mcast 3 39571 &datablob_format_39571
27473 +handle_response_icmp_39574 handle_response_icmp 7 39574 NULL
27474 -+n_tty_compat_ioctl_helper_39605 n_tty_compat_ioctl_helper 4 39605 NULL
27475 +ext_depth_39607 ext_depth 0 39607 NULL
27476 +sdio_readb_39618 sdio_readb 0 39618 NULL
27477 -+dm_exception_table_init_39645 dm_exception_table_init 2 39645 NULL
27478 ++fm_send_cmd_39639 fm_send_cmd 5 39639 NULL
27479 +snd_rme32_capture_copy_39653 snd_rme32_capture_copy 5 39653 NULL
27480 +prism2_info_hostscanresults_39657 prism2_info_hostscanresults 3 39657 NULL
27481 ++pfkey_sockaddr_size_39661 pfkey_sockaddr_size 0 39661 NULL
27482 +kvm_read_guest_cached_39666 kvm_read_guest_cached 4 39666 NULL
27483 +v4l_stk_read_39672 v4l_stk_read 3 39672 NULL
27484 -+do_surface_dirty_sou_39678 do_surface_dirty_sou 7 39678 NULL
27485 ++sd_completed_bytes_39705 sd_completed_bytes 0 39705 NULL
27486 +ftrace_pid_write_39710 ftrace_pid_write 3 39710 NULL
27487 +tcf_csum_ipv4_tcp_39713 tcf_csum_ipv4_tcp 4 39713 NULL
27488 ++mlx4_ib_resize_cq_39744 mlx4_ib_resize_cq 2 39744 NULL
27489 ++tcp_write_xmit_39755 tcp_write_xmit 2 39755 NULL
27490 ++usb_hcd_map_urb_for_dma_39774 usb_hcd_map_urb_for_dma 0 39774 NULL
27491 +ocfs2_pages_per_cluster_39790 ocfs2_pages_per_cluster 0 39790 NULL
27492 +security_inode_listsecurity_39812 security_inode_listsecurity 0 39812 NULL
27493 +snd_pcm_oss_writev3_39818 snd_pcm_oss_writev3 3 39818 NULL
27494 +sys_migrate_pages_39825 sys_migrate_pages 2 39825 NULL
27495 +get_priv_size_39828 get_priv_size 0-1 39828 NULL
27496 ++beiscsi_process_async_pdu_39834 beiscsi_process_async_pdu 7 39834 NULL
27497 +pkt_add_39897 pkt_add 3 39897 NULL
27498 +read_file_modal_eeprom_39909 read_file_modal_eeprom 3 39909 NULL
27499 +gen_pool_add_virt_39913 gen_pool_add_virt 4 39913 NULL
27500 +dw210x_op_rw_39915 dw210x_op_rw 6 39915 NULL
27501 ++dma_to_mm_pfn_39916 dma_to_mm_pfn 0-1 39916 NULL
27502 +aes_encrypt_interrupt_read_39919 aes_encrypt_interrupt_read 3 39919 NULL
27503 +exofs_read_kern_39921 exofs_read_kern 6 39921 NULL nohasharray
27504 +oom_score_adj_read_39921 oom_score_adj_read 3 39921 &exofs_read_kern_39921
27505 +__spi_async_39932 __spi_async 0 39932 NULL
27506 +iwl_legacy_dbgfs_missed_beacon_read_39939 iwl_legacy_dbgfs_missed_beacon_read 3 39939 NULL
27507 -+tty_prepare_flip_string_39955 tty_prepare_flip_string 3 39955 NULL
27508 ++fwnet_pd_new_39947 fwnet_pd_new 4 39947 NULL
27509 ++tty_prepare_flip_string_39955 tty_prepare_flip_string 3-0 39955 NULL
27510 +dma_push_rx_39973 dma_push_rx 2 39973 NULL
27511 +broadsheetfb_write_39976 broadsheetfb_write 3 39976 NULL
27512 +mthca_array_init_39987 mthca_array_init 2 39987 NULL
27513 ++fw_device_op_read_39990 fw_device_op_read 3 39990 NULL
27514 ++i2c_readn_40001 i2c_readn 0 40001 NULL
27515 +xen_hvm_config_40018 xen_hvm_config 2 40018 NULL
27516 +ivtvfb_write_40023 ivtvfb_write 3 40023 NULL
27517 +ea_foreach_i_40028 ea_foreach_i 0 40028 NULL
27518 +datablob_hmac_append_40038 datablob_hmac_append 3 40038 NULL
27519 ++ocfs2_claim_clusters_40050 ocfs2_claim_clusters 0 40050 NULL
27520 +atomic_xchg_40070 atomic_xchg 0 40070 NULL
27521 ++snd_pcm_sw_params_user_40095 snd_pcm_sw_params_user 0 40095 NULL
27522 ++netlink_broadcast_filtered_40105 netlink_broadcast_filtered 0 40105 NULL
27523 +sctp_setsockopt_delayed_ack_40129 sctp_setsockopt_delayed_ack 3 40129 NULL
27524 +iwch_alloc_fastreg_pbl_40153 iwch_alloc_fastreg_pbl 2 40153 NULL
27525 +pt_write_40159 pt_write 3 40159 NULL
27526 @@ -107134,48 +108414,70 @@ index 0000000..6fcc08d
27527 +ipr_alloc_ucode_buffer_40199 ipr_alloc_ucode_buffer 1 40199 NULL nohasharray
27528 +devnode_find_40199 devnode_find 3-2 40199 &ipr_alloc_ucode_buffer_40199
27529 +allocate_probes_40204 allocate_probes 1 40204 NULL
27530 -+compat_put_long_40214 compat_put_long 1 40214 NULL
27531 +au0828_v4l2_read_40220 au0828_v4l2_read 3 40220 NULL
27532 ++compress_file_range_40225 compress_file_range 3-4 40225 NULL
27533 +osst_read_40237 osst_read 3 40237 NULL
27534 ++brcmf_sdioh_request_buffer_40239 brcmf_sdioh_request_buffer 7 40239 NULL
27535 +ocfs2_zero_extend_get_range_40248 ocfs2_zero_extend_get_range 4 40248 NULL
27536 -+rs_sta_dbgfs_scale_table_read_40262 rs_sta_dbgfs_scale_table_read 3 40262 NULL
27537 ++rs_sta_dbgfs_scale_table_read_40262 rs_sta_dbgfs_scale_table_read 3 40262 NULL nohasharray
27538 ++fuse_update_attributes_40262 fuse_update_attributes 0 40262 &rs_sta_dbgfs_scale_table_read_40262
27539 ++ext2_fiemap_40271 ext2_fiemap 4 40271 NULL
27540 ++reqsk_queue_alloc_40272 reqsk_queue_alloc 2 40272 NULL
27541 +rx_xfr_hint_trig_read_40283 rx_xfr_hint_trig_read 3 40283 NULL
27542 -+ubi_io_write_data_40305 ubi_io_write_data 4-5 40305 NULL
27543 ++ubi_io_write_data_40305 ubi_io_write_data 0 40305 NULL
27544 ++nfs_file_llseek_40306 nfs_file_llseek 2 40306 NULL
27545 +ib_get_mad_data_offset_40336 ib_get_mad_data_offset 0 40336 NULL
27546 ++bat_ogm_queue_add_40337 bat_ogm_queue_add 3 40337 NULL
27547 +mmio_read_40348 mmio_read 4 40348 NULL
27548 -+usb_dump_interface_40353 usb_dump_interface 0 40353 NULL
27549 -+ocfs2_release_clusters_40355 ocfs2_release_clusters 4 40355 NULL
27550 ++ocfs2_release_clusters_40355 ocfs2_release_clusters 0-4 40355 NULL
27551 +event_rx_mem_empty_read_40363 event_rx_mem_empty_read 3 40363 NULL
27552 -+ocfs2_check_range_for_refcount_40365 ocfs2_check_range_for_refcount 2-3 40365 NULL
27553 ++ocfs2_check_range_for_refcount_40365 ocfs2_check_range_for_refcount 3-2 40365 NULL
27554 ++get_chars_40373 get_chars 3 40373 NULL
27555 ++usb_gadget_config_buf_40374 usb_gadget_config_buf 0 40374 NULL
27556 ++fwnet_incoming_packet_40380 fwnet_incoming_packet 3 40380 NULL
27557 ++brcmf_sdbrcm_get_image_40397 brcmf_sdbrcm_get_image 0-2 40397 NULL
27558 ++fb_prepare_extra_logos_40429 fb_prepare_extra_logos 0-2 40429 NULL
27559 ++atmel_rmem16_40450 atmel_rmem16 0 40450 NULL
27560 +tomoyo_update_policy_40458 tomoyo_update_policy 2 40458 NULL
27561 +zd_usb_scnprint_id_40459 zd_usb_scnprint_id 0-3 40459 NULL
27562 ++afs_fs_store_data_40484 afs_fs_store_data 3-4-5-6 40484 NULL
27563 +devcgroup_inode_permission_40492 devcgroup_inode_permission 0 40492 NULL
27564 +tty_write_room_40495 tty_write_room 0 40495 NULL
27565 +sg_phys_40507 sg_phys 0 40507 NULL
27566 -+TSS_checkhmac2_40520 TSS_checkhmac2 5-7 40520 NULL
27567 ++__ethtool_get_sset_count_40511 __ethtool_get_sset_count 0 40511 NULL
27568 ++TSS_checkhmac2_40520 TSS_checkhmac2 7-5 40520 NULL
27569 ++i915_gem_execbuffer_relocate_object_slow_40546 i915_gem_execbuffer_relocate_object_slow 0 40546 NULL
27570 +ima_write_policy_40548 ima_write_policy 3 40548 NULL
27571 -+esp_alloc_tmp_40558 esp_alloc_tmp 3-2 40558 NULL
27572 ++esp_alloc_tmp_40558 esp_alloc_tmp 2-3 40558 NULL
27573 +ufs_inode_getfrag_40560 ufs_inode_getfrag 2-4 40560 NULL
27574 +arch_setup_hpet_msi_40584 arch_setup_hpet_msi 1 40584 NULL
27575 ++b1_get_byte_40597 b1_get_byte 0 40597 NULL
27576 +skge_rx_get_40598 skge_rx_get 3 40598 NULL
27577 +get_priv_descr_and_size_40612 get_priv_descr_and_size 0 40612 NULL
27578 +sctp_manip_pkt_40620 sctp_manip_pkt 2 40620 NULL
27579 -+cpuset_sprintf_cpulist_40627 cpuset_sprintf_cpulist 0 40627 NULL
27580 ++pid_nr_ns_40654 pid_nr_ns 0 40654 NULL
27581 +fops_read_40672 fops_read 3 40672 NULL
27582 ++ext4_mark_inode_dirty_40673 ext4_mark_inode_dirty 0 40673 NULL
27583 ++videobuf_dma_init_user_locked_40678 videobuf_dma_init_user_locked 4-3 40678 NULL
27584 ++pci_enable_resources_40680 pci_enable_resources 0 40680 NULL
27585 ++regulator_enable_40689 regulator_enable 0 40689 NULL
27586 +__seq_open_private_40715 __seq_open_private 3 40715 NULL
27587 +xfs_iext_remove_direct_40744 xfs_iext_remove_direct 3 40744 NULL nohasharray
27588 -+find_next_zero_bit_le_40744 find_next_zero_bit_le 0-2-3 40744 &xfs_iext_remove_direct_40744
27589 ++find_next_zero_bit_le_40744 find_next_zero_bit_le 2-3-0 40744 &xfs_iext_remove_direct_40744
27590 +security_inode_listxattr_40752 security_inode_listxattr 0 40752 NULL
27591 -+fat_generic_compat_ioctl_40755 fat_generic_compat_ioctl 3 40755 NULL
27592 +card_send_command_40757 card_send_command 3 40757 NULL
27593 +ad1889_readl_40765 ad1889_readl 0 40765 NULL
27594 +pg_write_40766 pg_write 3 40766 NULL
27595 +ecryptfs_readlink_40775 ecryptfs_readlink 3 40775 NULL nohasharray
27596 -+show_list_40775 show_list 3 40775 &ecryptfs_readlink_40775
27597 ++show_list_40775 show_list 3-0 40775 &ecryptfs_readlink_40775
27598 ++kfifo_out_copy_r_40784 kfifo_out_copy_r 3 40784 NULL
27599 +bitmap_weight_40791 bitmap_weight 0-2 40791 NULL
27600 ++idr_get_new_40797 idr_get_new 0 40797 NULL
27601 +netdev_alloc_skb_ip_align_40811 netdev_alloc_skb_ip_align 2 40811 NULL nohasharray
27602 +paranoid_check_not_bad_40811 paranoid_check_not_bad 0 40811 &netdev_alloc_skb_ip_align_40811
27603 +nl80211_send_roamed_40825 nl80211_send_roamed 5-7 40825 NULL
27604 ++nilfs_mdt_init_40849 nilfs_mdt_init 3 40849 NULL
27605 ++__shared_list_add_40850 __shared_list_add 0 40850 NULL
27606 +ocfs2_zero_partial_clusters_40856 ocfs2_zero_partial_clusters 2-3 40856 NULL
27607 +v9fs_file_read_40858 v9fs_file_read 3 40858 NULL
27608 +iwch_alloc_pbl_40885 iwch_alloc_pbl 2 40885 NULL
27609 @@ -107185,87 +108487,114 @@ index 0000000..6fcc08d
27610 +iwl_legacy_dbgfs_disable_ht40_read_40910 iwl_legacy_dbgfs_disable_ht40_read 3 40910 NULL
27611 +gfs2_ea_find_40913 gfs2_ea_find 0 40913 NULL
27612 +vol_cdev_write_40915 vol_cdev_write 3 40915 NULL
27613 ++__kfifo_init_40918 __kfifo_init 4-3 40918 NULL
27614 ++iterate_extent_inodes_40923 iterate_extent_inodes 0 40923 NULL
27615 ++btrfs_setsize_40931 btrfs_setsize 2 40931 NULL
27616 +snd_vx_create_40948 snd_vx_create 4 40948 NULL
27617 ++tcp_skb_mss_40964 tcp_skb_mss 0 40964 NULL
27618 +rds_sendmsg_40976 rds_sendmsg 4 40976 NULL
27619 +econet_recvmsg_40978 econet_recvmsg 4 40978 NULL
27620 ++insert_old_idx_40987 insert_old_idx 0 40987 NULL
27621 +mac80211_format_buffer_41010 mac80211_format_buffer 2 41010 NULL
27622 +_req_append_segment_41031 _req_append_segment 2 41031 NULL
27623 +mISDN_sock_sendmsg_41035 mISDN_sock_sendmsg 4 41035 NULL
27624 +ocfs2_xattr_index_block_find_41040 ocfs2_xattr_index_block_find 0 41040 NULL
27625 -+vfs_listxattr_41062 vfs_listxattr 0 41062 NULL
27626 ++BcmFlash2xBulkWrite_41054 BcmFlash2xBulkWrite 0 41054 NULL
27627 ++vfs_listxattr_41062 vfs_listxattr 0 41062 NULL nohasharray
27628 ++beacon_filtering_write_41062 beacon_filtering_write 3 41062 &vfs_listxattr_41062
27629 +cfg80211_inform_bss_frame_41078 cfg80211_inform_bss_frame 4 41078 NULL
27630 +roccat_read_41093 roccat_read 3 41093 NULL
27631 +provide_user_output_41105 provide_user_output 3 41105 NULL
27632 +f_audio_buffer_alloc_41110 f_audio_buffer_alloc 1 41110 NULL
27633 -+oom_adjust_write_41116 oom_adjust_write 3 41116 NULL
27634 ++ocfs2_extend_trans_41116 ocfs2_extend_trans 0 41116 NULL nohasharray
27635 ++oom_adjust_write_41116 oom_adjust_write 3 41116 &ocfs2_extend_trans_41116
27636 +dvb_ca_write_41171 dvb_ca_write 3 41171 NULL
27637 +ol_quota_chunk_block_41177 ol_quota_chunk_block 0-2 41177 NULL
27638 ++request_irq_41192 request_irq 0 41192 NULL
27639 +compat_sys_process_vm_writev_41194 compat_sys_process_vm_writev 3-5 41194 NULL
27640 +dfs_file_write_41196 dfs_file_write 3 41196 NULL
27641 -+xfs_readdir_41200 xfs_readdir 3 41200 NULL
27642 ++UpdateRegs_41200 UpdateRegs 0 41200 NULL nohasharray
27643 ++xfs_readdir_41200 xfs_readdir 3 41200 &UpdateRegs_41200
27644 +ocfs2_read_quota_block_41207 ocfs2_read_quota_block 2 41207 NULL
27645 +ceph_calc_raw_layout_41212 ceph_calc_raw_layout 4 41212 NULL
27646 ++tun_alloc_skb_41216 tun_alloc_skb 2-4-3 41216 NULL
27647 +nfs_page_array_len_41219 nfs_page_array_len 0-2-1 41219 NULL
27648 -+hiddev_compat_ioctl_41255 hiddev_compat_ioctl 2-3 41255 NULL
27649 ++hiddev_compat_ioctl_41255 hiddev_compat_ioctl 2 41255 NULL
27650 ++create_dir_41256 create_dir 0 41256 NULL
27651 +erst_read_41260 erst_read 0 41260 NULL
27652 +alloc_context_41283 alloc_context 1 41283 NULL
27653 ++ewma_init_41305 ewma_init 2-3 41305 NULL
27654 ++objio_alloc_io_state_41316 objio_alloc_io_state 7 41316 NULL
27655 +create_bounce_buffer_41330 create_bounce_buffer 3 41330 NULL
27656 +user_update_41332 user_update 3 41332 NULL
27657 +twl_change_queue_depth_41342 twl_change_queue_depth 2 41342 NULL
27658 ++irq_expand_nr_irqs_41351 irq_expand_nr_irqs 0 41351 NULL
27659 +cnic_init_id_tbl_41354 cnic_init_id_tbl 2 41354 NULL
27660 +jbd2_alloc_41359 jbd2_alloc 1 41359 NULL
27661 +kmp_init_41373 kmp_init 2 41373 NULL
27662 ++tifm_add_adapter_41390 tifm_add_adapter 0 41390 NULL
27663 +isr_commands_read_41398 isr_commands_read 3 41398 NULL
27664 +sys_flistxattr_41407 sys_flistxattr 3 41407 NULL
27665 +xfs_iext_add_41422 xfs_iext_add 3 41422 NULL
27666 +isdn_ppp_fill_rq_41428 isdn_ppp_fill_rq 2 41428 NULL
27667 +lbs_rdrf_read_41431 lbs_rdrf_read 3 41431 NULL
27668 +ext4_trim_extent_41436 ext4_trim_extent 4 41436 NULL
27669 -+ntfs_file_buffered_write_41442 ntfs_file_buffered_write 4-6 41442 NULL
27670 ++ntfs_file_buffered_write_41442 ntfs_file_buffered_write 6-4 41442 NULL
27671 +pcpu_build_alloc_info_41443 pcpu_build_alloc_info 1-2-3 41443 NULL
27672 +layout_leb_in_gaps_41470 layout_leb_in_gaps 0 41470 NULL
27673 ++snd_pcm_status_41472 snd_pcm_status 0 41472 NULL
27674 +wep_interrupt_read_41492 wep_interrupt_read 3 41492 NULL
27675 +hpfs_translate_name_41497 hpfs_translate_name 3 41497 NULL
27676 +xfrm_hash_new_size_41505 xfrm_hash_new_size 0-1 41505 NULL
27677 +ldisc_receive_41516 ldisc_receive 4 41516 NULL
27678 -+slab_alloc_41538 slab_alloc 0 41538 NULL
27679 +rng_dev_read_41581 rng_dev_read 3 41581 NULL
27680 ++map_offset_to_paddr_41592 map_offset_to_paddr 0-1 41592 NULL
27681 +read_file_rx_chainmask_41605 read_file_rx_chainmask 3 41605 NULL
27682 +vga_io_r_41609 vga_io_r 0 41609 NULL
27683 -+usb_endpoint_maxp_41613 usb_endpoint_maxp 0 41613 NULL
27684 ++tcp_hdrlen_41610 tcp_hdrlen 0 41610 NULL
27685 ++lbs_bcnmiss_write_41613 lbs_bcnmiss_write 3 41613 NULL nohasharray
27686 ++usb_endpoint_maxp_41613 usb_endpoint_maxp 0 41613 &lbs_bcnmiss_write_41613
27687 +lis3l02dq_read_accel_from_buffer_41615 lis3l02dq_read_accel_from_buffer 2 41615 NULL
27688 +mempool_create_kmalloc_pool_41650 mempool_create_kmalloc_pool 1 41650 NULL
27689 +get_std_timing_41654 get_std_timing 0 41654 NULL
27690 -+squashfs_cache_init_41656 squashfs_cache_init 2 41656 NULL
27691 -+au_nhash_alloc_41670 au_nhash_alloc 2 41670 NULL
27692 ++start_graph_tracing_41656 start_graph_tracing 0 41656 NULL nohasharray
27693 ++squashfs_cache_init_41656 squashfs_cache_init 2 41656 &start_graph_tracing_41656
27694 +ieee80211_if_fmt_bssid_41677 ieee80211_if_fmt_bssid 3 41677 NULL
27695 -+params_period_bytes_41683 params_period_bytes 0 41683 NULL
27696 -+aac_src_ioremap_41688 aac_src_ioremap 2 41688 NULL
27697 -+ubi_leb_write_41691 ubi_leb_write 4-5 41691 NULL
27698 -+bdx_tx_db_init_41719 bdx_tx_db_init 2 41719 NULL
27699 ++uapsd_max_sp_len_write_41683 uapsd_max_sp_len_write 3 41683 NULL
27700 ++apei_exec_for_each_entry_41717 apei_exec_for_each_entry 0 41717 NULL
27701 +sys_pwritev_41722 sys_pwritev 3 41722 NULL
27702 -+get_bios_ebda_41730 get_bios_ebda 0 41730 NULL
27703 +hc_gpa_41744 hc_gpa 0-2-3 41744 NULL
27704 +fillonedir_41746 fillonedir 3 41746 NULL
27705 -+sparse_add_one_section_41778 sparse_add_one_section 3 41778 NULL
27706 ++get_slab_41770 get_slab 1 41770 NULL
27707 +ocfs2_dx_dir_rebalance_41793 ocfs2_dx_dir_rebalance 7 41793 NULL
27708 ++bat_socket_read_41813 bat_socket_read 3 41813 NULL
27709 +sco_send_frame_41815 sco_send_frame 3 41815 NULL
27710 +do_ip_setsockopt_41852 do_ip_setsockopt 5 41852 NULL
27711 ++tcp_packets_in_flight_41853 tcp_packets_in_flight 0 41853 NULL
27712 +keyctl_instantiate_key_41855 keyctl_instantiate_key 3 41855 NULL
27713 ++spin_time_start_41857 spin_time_start 0 41857 NULL
27714 ++pci_map_single_41869 pci_map_single 0 41869 NULL
27715 ++usb_gadget_get_string_41871 usb_gadget_get_string 0 41871 NULL
27716 ++get_packet_41914 get_packet 3 41914 NULL
27717 +get_fdb_entries_41916 get_fdb_entries 3 41916 NULL
27718 +ceph_get_direct_page_vector_41917 ceph_get_direct_page_vector 2 41917 NULL
27719 +find_ge_pid_41918 find_ge_pid 1 41918 NULL
27720 +build_inv_iotlb_pages_41922 build_inv_iotlb_pages 4-5 41922 NULL
27721 ++ReadConfigFileStructure_41929 ReadConfigFileStructure 0 41929 NULL
27722 +nfsd_getxattr_41934 nfsd_getxattr 0 41934 NULL
27723 ++iscsi_iser_recv_41948 iscsi_iser_recv 4 41948 NULL
27724 +ocfs2_xattr_bucket_get_name_value_41949 ocfs2_xattr_bucket_get_name_value 0 41949 NULL
27725 ++efx_tx_queue_insert_41955 efx_tx_queue_insert 2 41955 NULL
27726 +portnames_read_41958 portnames_read 3 41958 NULL
27727 +dst_mtu_41969 dst_mtu 0 41969 NULL
27728 +cx24116_writeregN_41975 cx24116_writeregN 4 41975 NULL
27729 +ubi_io_is_bad_41983 ubi_io_is_bad 0 41983 NULL
27730 ++_get_slice_41991 _get_slice 0 41991 NULL
27731 ++em28xx_write_regs_41996 em28xx_write_regs 0 41996 NULL
27732 +flakey_status_42000 flakey_status 4 42000 NULL
27733 -+lguest_map_42008 lguest_map 1-2 42008 NULL
27734 +pool_allocate_42012 pool_allocate 3 42012 NULL
27735 +spidev_sync_read_42014 spidev_sync_read 0 42014 NULL
27736 ++rs_sta_dbgfs_scale_table_write_42017 rs_sta_dbgfs_scale_table_write 3 42017 NULL
27737 +ensure_wear_leveling_42029 ensure_wear_leveling 0 42029 NULL
27738 +acpi_ut_create_buffer_object_42030 acpi_ut_create_buffer_object 1 42030 NULL
27739 +__hwahc_op_set_gtk_42038 __hwahc_op_set_gtk 4 42038 NULL
27740 @@ -107278,22 +108607,31 @@ index 0000000..6fcc08d
27741 +submit_inquiry_42108 submit_inquiry 3 42108 NULL
27742 +sysfs_read_file_42113 sysfs_read_file 3 42113 NULL
27743 +store_gps_42118 store_gps 4 42118 NULL
27744 ++ext4_do_update_inode_42127 ext4_do_update_inode 0 42127 NULL
27745 ++tipc_createport_raw_42129 tipc_createport_raw 4 42129 NULL
27746 ++Read_hfc16_stable_42131 Read_hfc16_stable 0 42131 NULL
27747 +ttm_agp_populate_42144 ttm_agp_populate 2 42144 NULL
27748 +v9fs_alloc_rdir_buf_42150 v9fs_alloc_rdir_buf 2 42150 NULL
27749 +mmc_align_data_size_42161 mmc_align_data_size 0-2 42161 NULL
27750 +read_file_base_eeprom_42168 read_file_base_eeprom 3 42168 NULL
27751 +oprofilefs_str_to_user_42182 oprofilefs_str_to_user 3 42182 NULL
27752 ++write_file_beacon_42185 write_file_beacon 3 42185 NULL
27753 +get_znodes_to_commit_42201 get_znodes_to_commit 0 42201 NULL
27754 ++xfs_rtfree_range_42244 xfs_rtfree_range 4-3 42244 NULL
27755 +btmrvl_hsmode_write_42252 btmrvl_hsmode_write 3 42252 NULL
27756 -+netxen_nic_map_indirect_address_128M_42257 netxen_nic_map_indirect_address_128M 2 42257 NULL
27757 ++find_last_bit_42260 find_last_bit 2 42260 NULL
27758 ++ctnetlink_proto_size_42270 ctnetlink_proto_size 0 42270 NULL
27759 ++__pcpu_size_to_slot_42271 __pcpu_size_to_slot 0 42271 NULL
27760 +snd_pcm_hw_param_value_max_42280 snd_pcm_hw_param_value_max 0 42280 NULL
27761 ++rtnl_link_get_af_size_42296 rtnl_link_get_af_size 0 42296 NULL
27762 +sel_read_perm_42302 sel_read_perm 3 42302 NULL nohasharray
27763 +crypt_status_42302 crypt_status 4 42302 &sel_read_perm_42302
27764 +sctp_setsockopt_del_key_42304 sctp_setsockopt_del_key 3 42304 NULL nohasharray
27765 +ulong_read_file_42304 ulong_read_file 3 42304 &sctp_setsockopt_del_key_42304
27766 -+hysdn_conf_read_42324 hysdn_conf_read 3 42324 NULL
27767 ++tracing_ctrl_write_42324 tracing_ctrl_write 3 42324 NULL nohasharray
27768 ++hysdn_conf_read_42324 hysdn_conf_read 3 42324 &tracing_ctrl_write_42324 nohasharray
27769 ++lpfc_config_msi_42324 lpfc_config_msi 0 42324 &hysdn_conf_read_42324
27770 +tcp_sync_mss_42330 tcp_sync_mss 0-2 42330 NULL
27771 -+snd_pcm_plug_alloc_42339 snd_pcm_plug_alloc 2 42339 NULL
27772 +ide_raw_taskfile_42355 ide_raw_taskfile 4 42355 NULL
27773 +msnd_fifo_read_42406 msnd_fifo_read 0-3 42406 NULL
27774 +brn_proc_write_42407 brn_proc_write 3 42407 NULL
27775 @@ -107303,12 +108641,19 @@ index 0000000..6fcc08d
27776 +snd_pcm_action_group_42452 snd_pcm_action_group 0 42452 NULL
27777 +tcm_loop_change_queue_depth_42454 tcm_loop_change_queue_depth 2 42454 NULL
27778 +ext3_valid_block_bitmap_42459 ext3_valid_block_bitmap 3 42459 NULL
27779 ++neigh_nlmsg_size_42464 neigh_nlmsg_size 0 42464 NULL
27780 ++kernel_recvmsg_42482 kernel_recvmsg 0 42482 NULL
27781 +follow_hugetlb_page_42486 follow_hugetlb_page 0-7 42486 NULL
27782 ++brcmf_sdbrcm_bus_txctl_42492 brcmf_sdbrcm_bus_txctl 3 42492 NULL
27783 ++jbd2_log_wait_commit_42519 jbd2_log_wait_commit 0 42519 NULL
27784 +kvm_write_wall_clock_42520 kvm_write_wall_clock 2 42520 NULL
27785 +smk_write_netlbladdr_42525 smk_write_netlbladdr 3 42525 NULL
27786 +snd_emux_create_port_42533 snd_emux_create_port 3 42533 NULL
27787 ++__register_ftrace_function_42543 __register_ftrace_function 0 42543 NULL
27788 +dbAllocNear_42546 dbAllocNear 0 42546 NULL
27789 -+iwl_print_event_log_42566 iwl_print_event_log 0-5-7 42566 NULL
27790 ++udp_recvmsg_42558 udp_recvmsg 4 42558 NULL
27791 ++iwl_print_event_log_42566 iwl_print_event_log 7-5-0 42566 NULL
27792 ++ocfs2_reserve_suballoc_bits_42569 ocfs2_reserve_suballoc_bits 0 42569 NULL
27793 +xfrm_new_hash_mask_42579 xfrm_new_hash_mask 0-1 42579 NULL
27794 +oom_score_adj_write_42594 oom_score_adj_write 3 42594 NULL
27795 +map_state_42602 map_state 1 42602 NULL nohasharray
27796 @@ -107317,117 +108662,146 @@ index 0000000..6fcc08d
27797 +ieee80211_if_fmt_dot11MeshHWMPactivePathTimeout_42635 ieee80211_if_fmt_dot11MeshHWMPactivePathTimeout 3 42635 NULL
27798 +scsi_activate_tcq_42640 scsi_activate_tcq 2 42640 NULL
27799 +br_mdb_rehash_42643 br_mdb_rehash 2 42643 NULL
27800 ++parport_pc_compat_write_block_pio_42644 parport_pc_compat_write_block_pio 3 42644 NULL
27801 +_regmap_raw_write_42652 _regmap_raw_write 4 42652 NULL
27802 ++ocfs2_search_chain_42655 ocfs2_search_chain 0 42655 NULL
27803 +l2tp_xmit_skb_42672 l2tp_xmit_skb 3 42672 NULL
27804 +request_key_and_link_42693 request_key_and_link 4 42693 NULL
27805 +vb2_read_42703 vb2_read 3 42703 NULL
27806 -+__ocfs2_decrease_refcount_42717 __ocfs2_decrease_refcount 4 42717 NULL
27807 ++__ocfs2_decrease_refcount_42717 __ocfs2_decrease_refcount 0-5-4 42717 NULL
27808 ++read_status_42722 read_status 0 42722 NULL
27809 +dvb_demux_ioctl_42733 dvb_demux_ioctl 2 42733 NULL
27810 +set_aoe_iflist_42737 set_aoe_iflist 2 42737 NULL
27811 +ax25_setsockopt_42740 ax25_setsockopt 5 42740 NULL
27812 +xen_bind_pirq_gsi_to_irq_42750 xen_bind_pirq_gsi_to_irq 1 42750 NULL
27813 ++dpm_sysfs_add_42756 dpm_sysfs_add 0 42756 NULL
27814 +qla2x00_get_ctx_bsg_sp_42768 qla2x00_get_ctx_bsg_sp 3 42768 NULL
27815 ++x25_recvmsg_42777 x25_recvmsg 4 42777 NULL
27816 +snd_midi_event_decode_42780 snd_midi_event_decode 0 42780 NULL
27817 +cryptd_hash_setkey_42781 cryptd_hash_setkey 3 42781 NULL
27818 +koneplus_sysfs_read_42792 koneplus_sysfs_read 6 42792 NULL
27819 +ntfs_attr_extend_allocation_42796 ntfs_attr_extend_allocation 0-2 42796 NULL
27820 -+fw_device_op_compat_ioctl_42804 fw_device_op_compat_ioctl 2-3 42804 NULL
27821 ++fw_device_op_compat_ioctl_42804 fw_device_op_compat_ioctl 2 42804 NULL
27822 +drm_ioctl_42813 drm_ioctl 2 42813 NULL
27823 +iwl_dbgfs_ucode_bt_stats_read_42820 iwl_dbgfs_ucode_bt_stats_read 3 42820 NULL
27824 +set_arg_42824 set_arg 3 42824 NULL
27825 +ocfs2_desc_bitmap_to_cluster_off_42831 ocfs2_desc_bitmap_to_cluster_off 2 42831 NULL
27826 ++ntfs_mapping_pairs_build_42859 ntfs_mapping_pairs_build 0 42859 NULL
27827 +ocfs2_clusters_for_bytes_42872 ocfs2_clusters_for_bytes 0-2 42872 NULL
27828 -+pskb_expand_head_42881 pskb_expand_head 2-3 42881 NULL
27829 -+vt_compat_ioctl_42887 vt_compat_ioctl 3 42887 NULL
27830 ++pskb_expand_head_42881 pskb_expand_head 3-2 42881 NULL
27831 +tipc_port_recv_sections_42890 tipc_port_recv_sections 4 42890 NULL
27832 +xpc_kmalloc_cacheline_aligned_42895 xpc_kmalloc_cacheline_aligned 1 42895 NULL
27833 ++SendTxCommandPacket_42901 SendTxCommandPacket 3 42901 NULL
27834 +hd_end_request_42904 hd_end_request 2 42904 NULL
27835 +sctp_getsockopt_maxburst_42941 sctp_getsockopt_maxburst 2 42941 NULL
27836 +get_unmapped_area_42944 get_unmapped_area 0 42944 NULL
27837 ++vx_reset_chk_42946 vx_reset_chk 0 42946 NULL
27838 +sys_sethostname_42962 sys_sethostname 2 42962 NULL
27839 -+compat_udpv6_setsockopt_42981 compat_udpv6_setsockopt 5 42981 NULL
27840 -+snd_timer_user_ioctl_compat_42985 snd_timer_user_ioctl_compat 3 42985 NULL
27841 ++ixj_enhanced_read_42980 ixj_enhanced_read 3 42980 NULL
27842 ++compat_udpv6_setsockopt_42981 compat_udpv6_setsockopt 5 42981 NULL nohasharray
27843 ++pfkey_xfrm_policy2sec_ctx_size_42981 pfkey_xfrm_policy2sec_ctx_size 0 42981 &compat_udpv6_setsockopt_42981
27844 +nfs_idmap_get_desc_42990 nfs_idmap_get_desc 4-2 42990 NULL
27845 +mlx4_qp_reserve_range_43000 mlx4_qp_reserve_range 2-3 43000 NULL
27846 +isr_rx_mem_overflow_read_43025 isr_rx_mem_overflow_read 3 43025 NULL
27847 ++add_bytes_to_bitmap_43026 add_bytes_to_bitmap 3-0-4 43026 NULL
27848 +store_lssw_43035 store_lssw 4 43035 NULL nohasharray
27849 +wep_default_key_count_read_43035 wep_default_key_count_read 3 43035 &store_lssw_43035
27850 -+sep_prepare_input_output_dma_table_in_dcb_43064 sep_prepare_input_output_dma_table_in_dcb 4-5-2-3 43064 NULL
27851 -+cpuset_sprintf_memlist_43088 cpuset_sprintf_memlist 0 43088 NULL
27852 ++uapsd_queues_write_43040 uapsd_queues_write 3 43040 NULL
27853 ++sep_prepare_input_output_dma_table_in_dcb_43064 sep_prepare_input_output_dma_table_in_dcb 4-5-3-2 43064 NULL
27854 +ieee80211_if_fmt_drop_unencrypted_43107 ieee80211_if_fmt_drop_unencrypted 3 43107 NULL
27855 -+uuid_string_43154 uuid_string 0 43154 NULL
27856 ++e1000_request_msix_43134 e1000_request_msix 0 43134 NULL
27857 +usb_string_sub_43164 usb_string_sub 0 43164 NULL
27858 +ext4_xattr_ibody_get_43200 ext4_xattr_ibody_get 0 43200 NULL
27859 ++teiup_create_43201 teiup_create 3 43201 NULL
27860 +uio_write_43202 uio_write 3 43202 NULL
27861 +iso_callback_43208 iso_callback 3 43208 NULL
27862 +atomic_long_add_return_43217 atomic_long_add_return 1 43217 NULL
27863 -+comedi_compat_ioctl_43218 comedi_compat_ioctl 3 43218 NULL
27864 +vmemmap_alloc_block_43245 vmemmap_alloc_block 1 43245 NULL
27865 -+fixup_leb_43256 fixup_leb 3 43256 NULL
27866 +store_wwan_43264 store_wwan 4 43264 NULL
27867 +ide_end_rq_43269 ide_end_rq 4 43269 NULL
27868 -+evtchn_write_43278 evtchn_write 3 43278 NULL
27869 ++parport_pc_ecp_write_block_pio_43278 parport_pc_ecp_write_block_pio 3 43278 NULL nohasharray
27870 ++evtchn_write_43278 evtchn_write 3 43278 &parport_pc_ecp_write_block_pio_43278
27871 +filemap_write_and_wait_range_43279 filemap_write_and_wait_range 0 43279 NULL
27872 +alloc_subdevices_43300 alloc_subdevices 2 43300 NULL
27873 +store_ledd_43312 store_ledd 4 43312 NULL
27874 +get_nr_irqs_gsi_43315 get_nr_irqs_gsi 0 43315 NULL
27875 +__ext4_get_inode_loc_43332 __ext4_get_inode_loc 0 43332 NULL
27876 ++svc_pool_map_get_43386 svc_pool_map_get 0 43386 NULL
27877 +xenfb_write_43412 xenfb_write 3 43412 NULL
27878 -+__alloc_bootmem_low_43423 __alloc_bootmem_low 1 43423 NULL
27879 ++__alloc_bootmem_low_43423 __alloc_bootmem_low 1 43423 NULL nohasharray
27880 ++msi_capability_init_43423 msi_capability_init 0 43423 &__alloc_bootmem_low_43423
27881 +usb_alloc_urb_43436 usb_alloc_urb 1 43436 NULL
27882 ++ocfs2_rotate_tree_left_43442 ocfs2_rotate_tree_left 0 43442 NULL
27883 +usb_string_43443 usb_string 0 43443 NULL nohasharray
27884 +usemap_size_43443 usemap_size 0-2-1 43443 &usb_string_43443
27885 -+alloc_new_reservation_43480 alloc_new_reservation 4 43480 NULL
27886 ++__data_list_add_eb_43472 __data_list_add_eb 0 43472 NULL
27887 ++alloc_new_reservation_43480 alloc_new_reservation 4-0-2 43480 NULL
27888 +nf_nat_ftp_fmt_cmd_43495 nf_nat_ftp_fmt_cmd 0 43495 NULL
27889 +ieee80211_if_fmt_dot11MeshHWMPnetDiameterTraversalTime_43505 ieee80211_if_fmt_dot11MeshHWMPnetDiameterTraversalTime 3 43505 NULL
27890 +do_readlink_43518 do_readlink 2 43518 NULL
27891 +dvb_ca_en50221_io_write_43533 dvb_ca_en50221_io_write 3 43533 NULL
27892 +cachefiles_daemon_write_43535 cachefiles_daemon_write 3 43535 NULL
27893 +ufs_alloccg_block_43540 ufs_alloccg_block 3-0 43540 NULL
27894 ++request_resource_43548 request_resource 0 43548 NULL
27895 +ath_rx_init_43564 ath_rx_init 2 43564 NULL nohasharray
27896 +_send_control_msg_43564 _send_control_msg 6 43564 &ath_rx_init_43564
27897 +_fc_frame_alloc_43568 _fc_frame_alloc 1 43568 NULL
27898 +rpc_malloc_43573 rpc_malloc 2 43573 NULL
27899 ++handle_frequent_errors_43599 handle_frequent_errors 4 43599 NULL
27900 +lpfc_idiag_drbacc_read_reg_43606 lpfc_idiag_drbacc_read_reg 0-3 43606 NULL
27901 +proc_read_43614 proc_read 3 43614 NULL
27902 +prison_create_43623 prison_create 1 43623 NULL
27903 ++random_write_43656 random_write 3 43656 NULL
27904 +bio_integrity_tag_43658 bio_integrity_tag 3 43658 NULL
27905 +ext4_acl_count_43659 ext4_acl_count 0-1 43659 NULL
27906 -+dmam_declare_coherent_memory_43679 dmam_declare_coherent_memory 4-2 43679 NULL
27907 -+calgary_map_page_43686 calgary_map_page 3-4 43686 NULL
27908 ++dmam_declare_coherent_memory_43679 dmam_declare_coherent_memory 4 43679 NULL
27909 ++calgary_map_page_43686 calgary_map_page 4 43686 NULL
27910 ++hidp_send_ctrl_message_43702 hidp_send_ctrl_message 4 43702 NULL
27911 +user_confirm_reply_43708 user_confirm_reply 4 43708 NULL
27912 ++wait_for_completion_interruptible_43723 wait_for_completion_interruptible 0 43723 NULL
27913 +drbd_md_first_sector_43729 drbd_md_first_sector 0 43729 NULL
27914 ++reset_card_proc_43731 reset_card_proc 0 43731 NULL
27915 +snd_rme32_playback_copy_43732 snd_rme32_playback_copy 5 43732 NULL
27916 -+ocfs2_replace_clusters_43733 ocfs2_replace_clusters 5 43733 NULL
27917 ++ocfs2_replace_clusters_43733 ocfs2_replace_clusters 0-5 43733 NULL
27918 +fuse_conn_congestion_threshold_write_43736 fuse_conn_congestion_threshold_write 3 43736 NULL
27919 -+einj_get_parameter_address_43743 einj_get_parameter_address 0 43743 NULL
27920 +osdv1_attr_list_elem_size_43747 osdv1_attr_list_elem_size 0-1 43747 NULL
27921 +gigaset_initcs_43753 gigaset_initcs 2 43753 NULL
27922 +sctp_setsockopt_active_key_43755 sctp_setsockopt_active_key 3 43755 NULL
27923 +ocfs2_xattr_get_value_outside_43787 ocfs2_xattr_get_value_outside 0 43787 NULL nohasharray
27924 -+byte_pos_43787 byte_pos 0-2 43787 &ocfs2_xattr_get_value_outside_43787
27925 -+btrfs_copy_from_user_43806 btrfs_copy_from_user 3-1 43806 NULL
27926 ++byte_pos_43787 byte_pos 0-2 43787 &ocfs2_xattr_get_value_outside_43787 nohasharray
27927 ++xfs_highbit64_43787 xfs_highbit64 1 43787 &byte_pos_43787
27928 ++btrfs_copy_from_user_43806 btrfs_copy_from_user 3-1-0 43806 NULL
27929 +store_cpufv_disabled_43809 store_cpufv_disabled 4 43809 NULL
27930 ++hci_send_cmd_43810 hci_send_cmd 3 43810 NULL
27931 +ext4_read_block_bitmap_43814 ext4_read_block_bitmap 2 43814 NULL
27932 ++ext4_split_extent_43818 ext4_split_extent 0 43818 NULL
27933 ++i915_gem_execbuffer_relocate_entry_43822 i915_gem_execbuffer_relocate_entry 0 43822 NULL
27934 +ieee80211_if_fmt_element_ttl_43825 ieee80211_if_fmt_element_ttl 3 43825 NULL
27935 +ieee80211_alloc_hw_43829 ieee80211_alloc_hw 1 43829 NULL
27936 ++atomic64_cmpxchg_unchecked_43840 atomic64_cmpxchg_unchecked 0 43840 NULL
27937 ++p54_download_eeprom_43842 p54_download_eeprom 4 43842 NULL
27938 +read_flush_43851 read_flush 3 43851 NULL
27939 +ocfs2_block_group_find_clear_bits_43874 ocfs2_block_group_find_clear_bits 4 43874 NULL
27940 +idmap_update_entry_43885 idmap_update_entry 3 43885 NULL
27941 -+xen_register_gsi_43946 xen_register_gsi 1-2 43946 NULL
27942 ++prism2_sta_send_mgmt_43916 prism2_sta_send_mgmt 5 43916 NULL
27943 ++xen_register_gsi_43946 xen_register_gsi 2-1 43946 NULL
27944 +stats_dot11RTSFailureCount_read_43948 stats_dot11RTSFailureCount_read 3 43948 NULL
27945 -+__get_required_blob_size_43980 __get_required_blob_size 0-2-3 43980 NULL
27946 ++i915_ring_idle_43969 i915_ring_idle 0 43969 NULL
27947 ++__get_required_blob_size_43980 __get_required_blob_size 0-3-2 43980 NULL
27948 +nla_reserve_43984 nla_reserve 3 43984 NULL
27949 +scsi_command_size_43992 scsi_command_size 0 43992 NULL nohasharray
27950 -+bcm_recvmsg_43992 bcm_recvmsg 4 43992 &scsi_command_size_43992
27951 ++kvm_read_guest_virt_43992 kvm_read_guest_virt 4-2 43992 &scsi_command_size_43992 nohasharray
27952 ++bcm_recvmsg_43992 bcm_recvmsg 4 43992 &kvm_read_guest_virt_43992
27953 +write_flush_procfs_44011 write_flush_procfs 3 44011 NULL
27954 -+socket_sockcreate_sid_44074 socket_sockcreate_sid 2 44074 NULL
27955 ++btrfs_prev_leaf_44083 btrfs_prev_leaf 0 44083 NULL
27956 +xlog_recover_add_to_cont_trans_44102 xlog_recover_add_to_cont_trans 4 44102 NULL
27957 ++skb_frag_dma_map_44112 skb_frag_dma_map 0 44112 NULL
27958 +tracing_set_trace_read_44122 tracing_set_trace_read 3 44122 NULL
27959 -+vmw_gmr_bind_44130 vmw_gmr_bind 3 44130 NULL
27960 ++em28xx_read_reg_req_44130 em28xx_read_reg_req 0 44130 NULL
27961 +scsi_get_resid_44147 scsi_get_resid 0 44147 NULL
27962 +ubifs_find_dirty_idx_leb_44169 ubifs_find_dirty_idx_leb 0 44169 NULL
27963 +ocfs2_xattr_bucket_find_44174 ocfs2_xattr_bucket_find 0 44174 NULL
27964 ++readreg_ipac_44186 readreg_ipac 0 44186 NULL
27965 +handle_eviocgbit_44193 handle_eviocgbit 3 44193 NULL
27966 +IO_APIC_get_PCI_irq_vector_44198 IO_APIC_get_PCI_irq_vector 0 44198 NULL
27967 +claim_ptd_buffers_44213 claim_ptd_buffers 3 44213 NULL
27968 @@ -107435,31 +108809,45 @@ index 0000000..6fcc08d
27969 +ioapic_register_intr_44238 ioapic_register_intr 1 44238 NULL
27970 +scsi_track_queue_full_44239 scsi_track_queue_full 2 44239 NULL
27971 +enlarge_skb_44248 enlarge_skb 2 44248 NULL
27972 ++apei_resources_sub_44252 apei_resources_sub 0 44252 NULL
27973 ++device_create_file_44285 device_create_file 0 44285 NULL
27974 +ufs_clusteracct_44293 ufs_clusteracct 3 44293 NULL
27975 +ocfs2_zero_range_for_truncate_44294 ocfs2_zero_range_for_truncate 3 44294 NULL
27976 +iwl3945_statistics_flag_44310 iwl3945_statistics_flag 3-0 44310 NULL
27977 -+bitmap_scnprintf_44318 bitmap_scnprintf 0-2 44318 NULL
27978 ++bitmap_scnprintf_44318 bitmap_scnprintf 2-0 44318 NULL
27979 +dispatch_proc_write_44320 dispatch_proc_write 3 44320 NULL
27980 ++rs_init_44327 rs_init 1 44327 NULL
27981 ++count_ah_combs_44334 count_ah_combs 0 44334 NULL
27982 +blk_queue_init_tags_44355 blk_queue_init_tags 2 44355 NULL
27983 ++ipx_recvmsg_44366 ipx_recvmsg 4 44366 NULL
27984 +rts_threshold_read_44384 rts_threshold_read 3 44384 NULL
27985 +aoedev_flush_44398 aoedev_flush 2 44398 NULL
27986 ++strlcpy_44400 strlcpy 3 44400 NULL
27987 +drm_buffer_alloc_44405 drm_buffer_alloc 2 44405 NULL
27988 +osst_do_scsi_44410 osst_do_scsi 4 44410 NULL
27989 ++write_file_debug_44476 write_file_debug 3 44476 NULL
27990 +btrfs_chunk_item_size_44478 btrfs_chunk_item_size 0-1 44478 NULL
27991 +sdio_align_size_44489 sdio_align_size 0-2 44489 NULL
27992 ++ath6kl_tm_rx_report_44494 ath6kl_tm_rx_report 3 44494 NULL
27993 +ieee80211_if_read_dropped_frames_ttl_44500 ieee80211_if_read_dropped_frames_ttl 3 44500 NULL
27994 ++xfrm_sa_len_44502 xfrm_sa_len 0 44502 NULL
27995 ++ac_register_board_44504 ac_register_board 3 44504 NULL
27996 +security_getprocattr_44505 security_getprocattr 0 44505 NULL nohasharray
27997 +iwl_dbgfs_sram_read_44505 iwl_dbgfs_sram_read 3 44505 &security_getprocattr_44505
27998 +spidev_write_44510 spidev_write 3 44510 NULL
27999 +sys_msgsnd_44537 sys_msgsnd 3 44537 NULL nohasharray
28000 +comm_write_44537 comm_write 3 44537 &sys_msgsnd_44537
28001 -+snd_pcm_alloc_vmalloc_buffer_44595 snd_pcm_alloc_vmalloc_buffer 2 44595 NULL
28002 -+slip_compat_ioctl_44599 slip_compat_ioctl 4 44599 NULL
28003 ++snd_pcm_drop_44542 snd_pcm_drop 0 44542 NULL
28004 ++dbg_chk_pnode_44555 dbg_chk_pnode 0 44555 NULL
28005 ++sysfs_add_one_44629 sysfs_add_one 0 44629 NULL
28006 +cfpkt_add_body_44630 cfpkt_add_body 3 44630 NULL
28007 -+ext2_new_block_44645 ext2_new_block 2 44645 NULL
28008 ++ext2_new_block_44645 ext2_new_block 2-0 44645 NULL
28009 +alloc_ctrl_packet_44667 alloc_ctrl_packet 1 44667 NULL
28010 ++sysfs_create_link_44685 sysfs_create_link 0 44685 NULL
28011 +ts_read_44687 ts_read 3 44687 NULL
28012 -+security_member_sid_44712 security_member_sid 3 44712 NULL
28013 ++i915_wait_request_44703 i915_wait_request 0 44703 NULL
28014 ++__ocfs2_rotate_tree_left_44705 __ocfs2_rotate_tree_left 0 44705 NULL
28015 ++__generic_block_fiemap_44713 __generic_block_fiemap 4 44713 NULL
28016 +mempool_create_node_44715 mempool_create_node 1 44715 NULL
28017 +_zd_iowrite32v_locked_44725 _zd_iowrite32v_locked 3 44725 NULL
28018 +clusterip_proc_write_44729 clusterip_proc_write 3 44729 NULL
28019 @@ -107467,25 +108855,30 @@ index 0000000..6fcc08d
28020 +key_tx_rx_count_read_44742 key_tx_rx_count_read 3 44742 NULL
28021 +tnode_new_44757 tnode_new 3 44757 NULL nohasharray
28022 +pty_write_44757 pty_write 3 44757 &tnode_new_44757
28023 -+__videobuf_copy_stream_44769 __videobuf_copy_stream 4 44769 NULL
28024 ++__videobuf_copy_stream_44769 __videobuf_copy_stream 4-0 44769 NULL
28025 +sctp_setsockopt_44788 sctp_setsockopt 5 44788 NULL
28026 +rx_dropped_read_44799 rx_dropped_read 3 44799 NULL
28027 ++x25_pacsize_to_bytes_44812 x25_pacsize_to_bytes 0 44812 NULL
28028 +sisusb_write_44834 sisusb_write 3 44834 NULL
28029 +nl80211_send_unprot_disassoc_44846 nl80211_send_unprot_disassoc 4 44846 NULL
28030 ++cubic_root_44848 cubic_root 1 44848 NULL
28031 ++qib_verbs_send_dma_44850 qib_verbs_send_dma 6 44850 NULL
28032 ++init_rs_44873 init_rs 1 44873 NULL
28033 +skb_availroom_44883 skb_availroom 0 44883 NULL
28034 +nf_bridge_encap_header_len_44890 nf_bridge_encap_header_len 0 44890 NULL
28035 ++ocfs2_wait_for_mask_44893 ocfs2_wait_for_mask 0 44893 NULL
28036 +do_tty_write_44896 do_tty_write 5 44896 NULL
28037 ++_snd_pcm_hw_param_last_44947 _snd_pcm_hw_param_last 0 44947 NULL
28038 +tx_queue_status_read_44978 tx_queue_status_read 3 44978 NULL
28039 +ftdi_process_packet_45005 ftdi_process_packet 5 45005 NULL
28040 ++i915_gem_do_execbuffer_45012 i915_gem_do_execbuffer 0 45012 NULL
28041 +read_block_bitmap_45021 read_block_bitmap 2 45021 NULL nohasharray
28042 -+ptrace_writedata_45021 ptrace_writedata 4-3 45021 &read_block_bitmap_45021
28043 ++ptrace_writedata_45021 ptrace_writedata 4 45021 &read_block_bitmap_45021
28044 +vhci_get_user_45039 vhci_get_user 3 45039 NULL
28045 +sel_write_user_45060 sel_write_user 3 45060 NULL
28046 -+snd_mixart_BA0_read_45069 snd_mixart_BA0_read 5 45069 NULL nohasharray
28047 -+do_video_ioctl_45069 do_video_ioctl 3 45069 &snd_mixart_BA0_read_45069
28048 ++snd_mixart_BA0_read_45069 snd_mixart_BA0_read 5 45069 NULL
28049 ++ata_tdev_add_45079 ata_tdev_add 0 45079 NULL
28050 +orig_hash_del_if_45080 orig_hash_del_if 2 45080 NULL
28051 -+au_sbend_45097 au_sbend 0 45097 NULL
28052 -+alternate_node_alloc_45100 alternate_node_alloc 0 45100 NULL
28053 +usbdev_read_45114 usbdev_read 3 45114 NULL
28054 +send_to_tty_45141 send_to_tty 3 45141 NULL
28055 +crypto_aead_blocksize_45148 crypto_aead_blocksize 0 45148 NULL
28056 @@ -107495,22 +108888,28 @@ index 0000000..6fcc08d
28057 +ocfs2_dq_frozen_trigger_45159 ocfs2_dq_frozen_trigger 4 45159 NULL
28058 +tomoyo_write_self_45161 tomoyo_write_self 3 45161 NULL
28059 +sta_agg_status_write_45164 sta_agg_status_write 3 45164 NULL
28060 -+snd_sb_csp_load_user_45190 snd_sb_csp_load_user 3 45190 NULL
28061 ++sctp_pack_cookie_45190 sctp_pack_cookie 6 45190 NULL nohasharray
28062 ++snd_sb_csp_load_user_45190 snd_sb_csp_load_user 3 45190 &sctp_pack_cookie_45190
28063 +num_clusters_in_group_45194 num_clusters_in_group 2 45194 NULL
28064 +add_child_45201 add_child 4 45201 NULL
28065 +iso_alloc_urb_45206 iso_alloc_urb 4-5 45206 NULL
28066 +spi_alloc_master_45223 spi_alloc_master 2 45223 NULL
28067 +ieee80211_if_read_peer_45233 ieee80211_if_read_peer 3 45233 NULL
28068 -+vcc_compat_ioctl_45291 vcc_compat_ioctl 3 45291 NULL
28069 ++event_enable_write_45238 event_enable_write 3 45238 NULL
28070 ++gfs2_fiemap_45282 gfs2_fiemap 4 45282 NULL
28071 +snd_pcm_oss_sync1_45298 snd_pcm_oss_sync1 2 45298 NULL
28072 ++e1000_tx_map_45309 e1000_tx_map 5 45309 NULL
28073 +copy_vm86_regs_from_user_45340 copy_vm86_regs_from_user 3 45340 NULL
28074 +lane2_associate_req_45398 lane2_associate_req 4 45398 NULL
28075 ++__data_list_add_45403 __data_list_add 0 45403 NULL
28076 +keymap_store_45406 keymap_store 4 45406 NULL
28077 ++ath6kl_wmi_send_probe_response_cmd_45422 ath6kl_wmi_send_probe_response_cmd 5 45422 NULL
28078 +tty_buffer_alloc_45437 tty_buffer_alloc 2 45437 NULL
28079 +do_mmap_pgoff_45441 do_mmap_pgoff 0 45441 NULL
28080 +__node_remap_45458 __node_remap 4 45458 NULL
28081 +rds_ib_set_wr_signal_state_45463 rds_ib_set_wr_signal_state 0 45463 NULL
28082 +tracing_read_dyn_info_45468 tracing_read_dyn_info 3 45468 NULL
28083 ++snd_pcm_hwsync_45479 snd_pcm_hwsync 0 45479 NULL
28084 +rds_message_copy_from_user_45510 rds_message_copy_from_user 3 45510 NULL
28085 +sys_lgetxattr_45531 sys_lgetxattr 4 45531 NULL
28086 +cgroup_read_u64_45532 cgroup_read_u64 5 45532 NULL
28087 @@ -107522,100 +108921,129 @@ index 0000000..6fcc08d
28088 +stats_dot11ACKFailureCount_read_45558 stats_dot11ACKFailureCount_read 3 45558 NULL
28089 +posix_acl_xattr_size_45561 posix_acl_xattr_size 0-1 45561 NULL
28090 +venus_rmdir_45564 venus_rmdir 4 45564 NULL
28091 -+ipath_create_cq_45586 ipath_create_cq 2 45586 NULL
28092 +rdma_set_ib_paths_45592 rdma_set_ib_paths 3 45592 NULL
28093 +hidraw_get_report_45609 hidraw_get_report 3 45609 NULL
28094 +audit_log_n_hex_45617 audit_log_n_hex 3 45617 NULL
28095 -+ebitmap_next_positive_45651 ebitmap_next_positive 3 45651 NULL
28096 ++i915_gem_evict_everything_45629 i915_gem_evict_everything 0 45629 NULL
28097 ++ebitmap_next_positive_45651 ebitmap_next_positive 3-0 45651 NULL
28098 ++ext4_reserve_inode_write_45654 ext4_reserve_inode_write 0 45654 NULL
28099 +dma_map_cont_45668 dma_map_cont 5 45668 NULL
28100 +compat_mpctl_ioctl_45671 compat_mpctl_ioctl 2 45671 NULL
28101 +dgram_sendmsg_45679 dgram_sendmsg 4 45679 NULL
28102 +smk_write_ambient_45691 smk_write_ambient 3 45691 NULL
28103 -+dm_compat_ctl_ioctl_45692 dm_compat_ctl_ioctl 3 45692 NULL
28104 +ip_nat_sip_expect_45693 ip_nat_sip_expect 7 45693 NULL
28105 +unix_dgram_sendmsg_45699 unix_dgram_sendmsg 4 45699 NULL nohasharray
28106 -+bscnl_emit_45699 bscnl_emit 2-5-0 45699 &unix_dgram_sendmsg_45699
28107 ++bscnl_emit_45699 bscnl_emit 2-5-0 45699 &unix_dgram_sendmsg_45699 nohasharray
28108 ++__spin_time_accum_45699 __spin_time_accum 1 45699 &bscnl_emit_45699
28109 +sg_proc_write_adio_45704 sg_proc_write_adio 3 45704 NULL
28110 +dvb_ca_en50221_init_45718 dvb_ca_en50221_init 4 45718 NULL
28111 +snd_cs46xx_io_read_45734 snd_cs46xx_io_read 5 45734 NULL
28112 +v4l2_ctrl_new_std_45748 v4l2_ctrl_new_std 5 45748 NULL
28113 +lkdtm_debugfs_read_45752 lkdtm_debugfs_read 3 45752 NULL
28114 -+nilfs_compat_ioctl_45769 nilfs_compat_ioctl 3 45769 NULL
28115 ++i915_gem_object_flush_gpu_write_domain_45755 i915_gem_object_flush_gpu_write_domain 0 45755 NULL
28116 +alloc_ts_config_45775 alloc_ts_config 1 45775 NULL
28117 ++dma_alloc_coherent_mask_45787 dma_alloc_coherent_mask 0 45787 NULL
28118 +nfs_idmap_request_key_45791 nfs_idmap_request_key 2 45791 NULL
28119 +raw_setsockopt_45800 raw_setsockopt 5 45800 NULL
28120 ++rds_tcp_inc_copy_to_user_45804 rds_tcp_inc_copy_to_user 3 45804 NULL
28121 +lbs_rdbbp_read_45805 lbs_rdbbp_read 3 45805 NULL
28122 +pcpu_alloc_alloc_info_45813 pcpu_alloc_alloc_info 1-2 45813 NULL
28123 +fm_v4l2_init_video_device_45821 fm_v4l2_init_video_device 2 45821 NULL
28124 ++r600_texture_size_45823 r600_texture_size 6-5-4 45823 NULL
28125 +amthi_read_45831 amthi_read 4 45831 NULL
28126 ++audit_make_reply_45835 audit_make_reply 7 45835 NULL
28127 ++__ip_select_ident_45851 __ip_select_ident 3 45851 NULL
28128 ++smp_build_cmd_45853 smp_build_cmd 3 45853 NULL
28129 +isdn_write_45863 isdn_write 3 45863 NULL
28130 +rbd_get_num_segments_45864 rbd_get_num_segments 0-2-3 45864 NULL
28131 +unpack_orig_pfns_45867 unpack_orig_pfns 0 45867 NULL
28132 ++tpm_config_in_45880 tpm_config_in 0 45880 NULL
28133 +get_rdac_req_45882 get_rdac_req 3 45882 NULL
28134 +ocfs2_xattr_block_find_45891 ocfs2_xattr_block_find 0 45891 NULL
28135 -+qla4_8xxx_pci_mem_write_2M_45906 qla4_8xxx_pci_mem_write_2M 2 45906 NULL
28136 ++__svc_create_45903 __svc_create 3 45903 NULL
28137 +dbgfs_frame_45917 dbgfs_frame 3 45917 NULL
28138 +alloc_mr_45935 alloc_mr 1 45935 NULL
28139 ++cma_user_data_offset_45954 cma_user_data_offset 0 45954 NULL
28140 ++ndisc_opt_addr_space_45959 ndisc_opt_addr_space 0 45959 NULL
28141 +rb_simple_read_45972 rb_simple_read 3 45972 NULL
28142 +ezusb_writememory_45976 ezusb_writememory 4 45976 NULL
28143 +ioat2_dca_count_dca_slots_45984 ioat2_dca_count_dca_slots 0 45984 NULL
28144 +sierra_setup_urb_46029 sierra_setup_urb 5 46029 NULL
28145 +get_free_entries_46030 get_free_entries 1 46030 NULL
28146 -+__access_remote_vm_46031 __access_remote_vm 0-5-3 46031 NULL
28147 ++__access_remote_vm_46031 __access_remote_vm 0 46031 NULL
28148 +snd_emu10k1x_ptr_read_46049 snd_emu10k1x_ptr_read 0 46049 NULL
28149 +acpi_register_gsi_xen_hvm_46052 acpi_register_gsi_xen_hvm 2 46052 NULL
28150 ++run_card_proc_46057 run_card_proc 0 46057 NULL
28151 +line6_midibuf_bytes_used_46059 line6_midibuf_bytes_used 0 46059 NULL
28152 -+__ocfs2_move_extent_46060 __ocfs2_move_extent 5-6 46060 NULL nohasharray
28153 ++__ocfs2_move_extent_46060 __ocfs2_move_extent 0-3-4-6-5 46060 NULL nohasharray
28154 +dma_tx_errors_read_46060 dma_tx_errors_read 3 46060 &__ocfs2_move_extent_46060
28155 ++slhc_toss_46066 slhc_toss 0 46066 NULL
28156 ++mgmt_event_46069 mgmt_event 4 46069 NULL
28157 ++xfrm_sadinfo_msgsize_46073 xfrm_sadinfo_msgsize 0 46073 NULL
28158 +sel_commit_bools_write_46077 sel_commit_bools_write 3 46077 NULL
28159 +ata_host_alloc_46094 ata_host_alloc 2 46094 NULL
28160 -+pkt_ctl_compat_ioctl_46110 pkt_ctl_compat_ioctl 3 46110 NULL
28161 +mlx4_ib_alloc_fast_reg_page_list_46119 mlx4_ib_alloc_fast_reg_page_list 2 46119 NULL
28162 ++ddp_clear_map_46152 ddp_clear_map 4 46152 NULL
28163 +__netlink_change_ngroups_46156 __netlink_change_ngroups 2 46156 NULL
28164 -+qlcnic_alloc_msix_entries_46160 qlcnic_alloc_msix_entries 2 46160 NULL
28165 -+kmalloc_section_memmap_46168 kmalloc_section_memmap 3 46168 NULL
28166 ++qlcnic_alloc_msix_entries_46160 qlcnic_alloc_msix_entries 2 46160 NULL nohasharray
28167 ++alloc_iova_46160 alloc_iova 2 46160 &qlcnic_alloc_msix_entries_46160
28168 +vxge_os_dma_malloc_46184 vxge_os_dma_malloc 2 46184 NULL
28169 -+fillvdir_46193 fillvdir 3 46193 NULL
28170 +i2400m_op_msg_from_user_46213 i2400m_op_msg_from_user 4 46213 NULL
28171 +tm6000_i2c_recv_regs_46215 tm6000_i2c_recv_regs 5 46215 NULL
28172 +dsp_write_46218 dsp_write 2 46218 NULL
28173 ++tx_abort_46232 tx_abort 0 46232 NULL
28174 ++xen_setup_msi_irqs_46245 xen_setup_msi_irqs 2 46245 NULL
28175 ++__le64_to_cpup_46257 __le64_to_cpup 0 46257 NULL
28176 ++ReadReg_46277 ReadReg 0 46277 NULL
28177 ++pep_alloc_skb_46303 pep_alloc_skb 3 46303 NULL
28178 ++pvclock_clocksource_read_46308 pvclock_clocksource_read 0 46308 NULL
28179 +sg_proc_write_dressz_46316 sg_proc_write_dressz 3 46316 NULL
28180 +__hwahc_dev_set_key_46328 __hwahc_dev_set_key 5 46328 NULL
28181 +iwl_dbgfs_chain_noise_read_46355 iwl_dbgfs_chain_noise_read 3 46355 NULL
28182 +smk_write_direct_46363 smk_write_direct 3 46363 NULL
28183 +__iommu_calculate_agaw_46366 __iommu_calculate_agaw 2 46366 NULL
28184 ++fib_nlmsg_size_46383 fib_nlmsg_size 0 46383 NULL
28185 +fuse_file_aio_write_46399 fuse_file_aio_write 4 46399 NULL
28186 +crypto_ablkcipher_reqsize_46411 crypto_ablkcipher_reqsize 0 46411 NULL
28187 ++ttm_page_pool_get_pages_46431 ttm_page_pool_get_pages 0-5 46431 NULL
28188 +cp210x_set_config_46447 cp210x_set_config 4 46447 NULL
28189 ++parport_pc_fifo_write_block_46455 parport_pc_fifo_write_block 3 46455 NULL
28190 +filldir64_46469 filldir64 3 46469 NULL
28191 ++ocfs2_reserve_clusters_with_limit_46479 ocfs2_reserve_clusters_with_limit 0 46479 NULL
28192 ++p9pdu_vreadf_46500 p9pdu_vreadf 0 46500 NULL
28193 +mthca_alloc_cq_buf_46512 mthca_alloc_cq_buf 3 46512 NULL
28194 -+bdx_rxdb_create_46525 bdx_rxdb_create 1 46525 NULL
28195 ++uio_get_minor_46522 uio_get_minor 0 46522 NULL
28196 +nl80211_send_rx_assoc_46538 nl80211_send_rx_assoc 4 46538 NULL
28197 +mv_get_hc_count_46554 mv_get_hc_count 0 46554 NULL
28198 +link_send_sections_long_46556 link_send_sections_long 4 46556 NULL
28199 ++ubi_wl_put_peb_46565 ubi_wl_put_peb 0 46565 NULL
28200 +dn_current_mss_46574 dn_current_mss 0 46574 NULL
28201 +serverworks_create_gatt_pages_46582 serverworks_create_gatt_pages 1 46582 NULL
28202 +vscnprintf_46617 vscnprintf 0-2 46617 NULL
28203 ++__kfifo_out_r_46623 __kfifo_out_r 3 46623 NULL
28204 +request_key_async_with_auxdata_46624 request_key_async_with_auxdata 4 46624 NULL
28205 +aircable_process_packet_46639 aircable_process_packet 5 46639 NULL
28206 ++pci_enable_device_46642 pci_enable_device 0 46642 NULL
28207 +cx18_v4l2_ioctl_46647 cx18_v4l2_ioctl 2 46647 NULL
28208 -+av7110_ipack_init_46655 av7110_ipack_init 2 46655 NULL
28209 ++e1000_tx_map_46672 e1000_tx_map 4 46672 NULL
28210 +iwl4965_ucode_rx_stats_read_46676 iwl4965_ucode_rx_stats_read 3 46676 NULL
28211 ++l2cap_parse_conf_rsp_46683 l2cap_parse_conf_rsp 0 46683 NULL
28212 +alloc_data_packet_46698 alloc_data_packet 1 46698 NULL
28213 +__ilog2_u32_46706 __ilog2_u32 0 46706 NULL
28214 +erst_dbg_write_46715 erst_dbg_write 3 46715 NULL
28215 ++ide_read_status_46719 ide_read_status 0 46719 NULL
28216 ++ctnetlink_nlmsg_size_46736 ctnetlink_nlmsg_size 0 46736 NULL
28217 ++snd_ymfpci_readl_46738 snd_ymfpci_readl 0 46738 NULL
28218 +hest_ghes_dev_register_46766 hest_ghes_dev_register 1 46766 NULL
28219 +int_hw_irq_en_46776 int_hw_irq_en 3 46776 NULL
28220 +_xfs_buf_get_pages_46811 _xfs_buf_get_pages 2 46811 NULL
28221 +xfs_iroot_realloc_46826 xfs_iroot_realloc 2 46826 NULL
28222 -+security_validtrans_handle_fail_46843 security_validtrans_handle_fail 4 46843 NULL
28223 +ieee80211_rx_radiotap_len_46846 ieee80211_rx_radiotap_len 0 46846 NULL
28224 +spi_async_46857 spi_async 0 46857 NULL
28225 +vsnprintf_46863 vsnprintf 0 46863 NULL
28226 -+rvmalloc_46873 rvmalloc 1 46873 NULL
28227 +hpi_read_word_nolock_46881 hpi_read_word_nolock 0 46881 NULL
28228 +sk_mem_pages_46896 sk_mem_pages 0-1 46896 NULL
28229 -+ol_dqblk_off_46904 ol_dqblk_off 3-2 46904 NULL
28230 ++ol_dqblk_off_46904 ol_dqblk_off 2-3 46904 NULL
28231 +tracing_ctrl_read_46922 tracing_ctrl_read 3 46922 NULL
28232 +fb_write_46924 fb_write 3 46924 NULL
28233 +btmrvl_curpsmode_read_46939 btmrvl_curpsmode_read 3 46939 NULL
28234 @@ -107623,29 +109051,29 @@ index 0000000..6fcc08d
28235 +__sctp_setsockopt_connectx_46949 __sctp_setsockopt_connectx 3 46949 NULL
28236 +crypto_tfm_alg_alignmask_46971 crypto_tfm_alg_alignmask 0 46971 NULL
28237 +ath6kl_add_bss_if_needed_46978 ath6kl_add_bss_if_needed 5 46978 NULL
28238 ++strlcat_46985 strlcat 3 46985 NULL
28239 +gfs2_xattr_system_set_46996 gfs2_xattr_system_set 4 46996 NULL nohasharray
28240 +sel_write_bool_46996 sel_write_bool 3 46996 &gfs2_xattr_system_set_46996
28241 +ttm_bo_io_47000 ttm_bo_io 5 47000 NULL
28242 +blk_rq_map_kern_47004 blk_rq_map_kern 4 47004 NULL
28243 -+__map_single_47020 __map_single 3-4-7 47020 NULL
28244 -+cx231xx_init_bulk_47024 cx231xx_init_bulk 3-2 47024 NULL
28245 -+ufs_new_fragments_47070 ufs_new_fragments 3-5-4 47070 NULL
28246 -+unmap_class_47076 unmap_class 0-1 47076 NULL
28247 ++__map_single_47020 __map_single 3-4-7-0 47020 NULL
28248 ++cx231xx_init_bulk_47024 cx231xx_init_bulk 3-2-4 47024 NULL
28249 ++ufs_new_fragments_47070 ufs_new_fragments 4-3-5 47070 NULL nohasharray
28250 ++ext4_xattr_list_entries_47070 ext4_xattr_list_entries 0 47070 &ufs_new_fragments_47070
28251 ++xfrm_report_msgsize_47077 xfrm_report_msgsize 0 47077 NULL
28252 +scsi_deactivate_tcq_47086 scsi_deactivate_tcq 2 47086 NULL
28253 ++set_params_47113 set_params 0 47113 NULL
28254 +mousedev_read_47123 mousedev_read 3 47123 NULL
28255 +ses_recv_diag_47143 ses_recv_diag 4 47143 NULL nohasharray
28256 +acpi_ut_initialize_buffer_47143 acpi_ut_initialize_buffer 2 47143 &ses_recv_diag_47143
28257 +cxio_init_resource_fifo_random_47151 cxio_init_resource_fifo_random 3 47151 NULL
28258 -+mxms_headerlen_47161 mxms_headerlen 0 47161 NULL
28259 +rs_sta_dbgfs_rate_scale_data_read_47165 rs_sta_dbgfs_rate_scale_data_read 3 47165 NULL
28260 +svc_pool_map_alloc_arrays_47181 svc_pool_map_alloc_arrays 2 47181 NULL
28261 +can_set_system_xattr_47182 can_set_system_xattr 4 47182 NULL
28262 -+ioremap_cache_47189 ioremap_cache 1-2 47189 NULL
28263 -+security_change_sid_47202 security_change_sid 3 47202 NULL
28264 -+module_alloc_update_bounds_47205 module_alloc_update_bounds 1 47205 NULL
28265 +l2headersize_47238 l2headersize 0 47238 NULL
28266 +options_write_47243 options_write 3 47243 NULL
28267 +portcntrs_1_read_47253 portcntrs_1_read 3 47253 NULL
28268 ++p9pdu_readf_47269 p9pdu_readf 0 47269 NULL
28269 +ablkcipher_next_slow_47274 ablkcipher_next_slow 4-3 47274 NULL
28270 +tty_audit_log_47280 tty_audit_log 8 47280 NULL
28271 +vsnprintf_47291 vsnprintf 0 47291 NULL
28272 @@ -107657,33 +109085,37 @@ index 0000000..6fcc08d
28273 +__bio_map_kern_47379 __bio_map_kern 3 47379 NULL
28274 +trace_options_core_read_47390 trace_options_core_read 3 47390 NULL
28275 +pfkey_sendmsg_47394 pfkey_sendmsg 4 47394 NULL
28276 ++lbs_wrmac_write_47400 lbs_wrmac_write 3 47400 NULL
28277 +ocfs2_resv_end_47408 ocfs2_resv_end 0 47408 NULL
28278 +crypto_ablkcipher_alignmask_47410 crypto_ablkcipher_alignmask 0 47410 NULL
28279 -+vzalloc_47421 vzalloc 1 47421 NULL
28280 ++lbs_wrrf_write_47418 lbs_wrrf_write 3 47418 NULL
28281 +posix_acl_from_disk_47445 posix_acl_from_disk 2 47445 NULL
28282 -+environ_read_47451 environ_read 3 47451 NULL
28283 -+newpart_47485 newpart 6 47485 NULL
28284 ++newpart_47485 newpart 6-4 47485 NULL
28285 +core_sys_select_47494 core_sys_select 1 47494 NULL
28286 +alloc_arraycache_47505 alloc_arraycache 2 47505 NULL
28287 +unlink_simple_47506 unlink_simple 3 47506 NULL
28288 +ufs_inode_getblock_47512 ufs_inode_getblock 4 47512 NULL
28289 ++snd_pcm_resume_47530 snd_pcm_resume 0 47530 NULL
28290 +vscnprintf_47533 vscnprintf 0-2 47533 NULL nohasharray
28291 +process_vm_rw_47533 process_vm_rw 3-5 47533 &vscnprintf_47533
28292 ++einj_check_trigger_header_47534 einj_check_trigger_header 0 47534 NULL
28293 +ieee80211_if_fmt_min_discovery_timeout_47539 ieee80211_if_fmt_min_discovery_timeout 3 47539 NULL
28294 -+cycx_setup_47562 cycx_setup 4 47562 NULL
28295 ++set_printer_interface_47551 set_printer_interface 0 47551 NULL
28296 +read_ldt_47570 read_ldt 2 47570 NULL
28297 -+pci_iomap_47575 pci_iomap 3 47575 NULL
28298 -+rpipe_get_idx_47579 rpipe_get_idx 2 47579 NULL
28299 ++rpipe_get_idx_47579 rpipe_get_idx 2-0 47579 NULL
28300 ++vendorextnReadSection_47583 vendorextnReadSection 0 47583 NULL
28301 +ext4_kvzalloc_47605 ext4_kvzalloc 1 47605 NULL
28302 -+sctp_ssnmap_new_47608 sctp_ssnmap_new 1-2 47608 NULL
28303 ++sctp_ssnmap_new_47608 sctp_ssnmap_new 2-1 47608 NULL
28304 +uea_request_47613 uea_request 4 47613 NULL
28305 +cache_read_pipefs_47615 cache_read_pipefs 3 47615 NULL
28306 +kvm_pv_mmu_write_47630 kvm_pv_mmu_write 2 47630 NULL
28307 +ivtv_serialized_ioctl_47632 ivtv_serialized_ioctl 3 47632 NULL
28308 +irq_set_chip_47638 irq_set_chip 1 47638 NULL
28309 +__build_packet_message_47643 __build_packet_message 3-9 47643 NULL
28310 -+compute_sid_handle_invalid_context_47647 compute_sid_handle_invalid_context 3 47647 NULL
28311 -+bits_to_user_47733 bits_to_user 2-3 47733 NULL
28312 ++snd_pcm_info_47699 snd_pcm_info 0 47699 NULL
28313 ++packet_recvmsg_47700 packet_recvmsg 4 47700 NULL nohasharray
28314 ++ipath_format_hwmsg_47700 ipath_format_hwmsg 2 47700 &packet_recvmsg_47700
28315 ++bits_to_user_47733 bits_to_user 3-2 47733 NULL
28316 +carl9170_debugfs_read_47738 carl9170_debugfs_read 3 47738 NULL
28317 +ir_prepare_write_buffer_47747 ir_prepare_write_buffer 3 47747 NULL
28318 +mvumi_alloc_mem_resource_47750 mvumi_alloc_mem_resource 3 47750 NULL
28319 @@ -107694,29 +109126,33 @@ index 0000000..6fcc08d
28320 +sst_prepare_output_buffers_47781 sst_prepare_output_buffers 4 47781 NULL
28321 +tt_len_47789 tt_len 0-1 47789 NULL
28322 +stmmac_set_bfsize_47834 stmmac_set_bfsize 0 47834 NULL
28323 ++ath6kl_wmi_set_appie_cmd_47855 ath6kl_wmi_set_appie_cmd 4 47855 NULL
28324 +ubifs_unpack_nnode_47866 ubifs_unpack_nnode 0 47866 NULL
28325 +vhci_read_47878 vhci_read 3 47878 NULL
28326 +keyctl_instantiate_key_common_47889 keyctl_instantiate_key_common 4 47889 NULL
28327 +osd_req_read_sg_47905 osd_req_read_sg 5 47905 NULL
28328 +comedi_write_47926 comedi_write 3 47926 NULL
28329 +nf_nat_ftp_47948 nf_nat_ftp 5 47948 NULL
28330 ++cfg80211_testmode_alloc_reply_skb_47966 cfg80211_testmode_alloc_reply_skb 2 47966 NULL
28331 +iwl_dbgfs_ucode_tracing_read_47983 iwl_dbgfs_ucode_tracing_read 3 47983 NULL nohasharray
28332 +mempool_resize_47983 mempool_resize 2 47983 &iwl_dbgfs_ucode_tracing_read_47983
28333 +pnpacpi_parse_allocated_irqresource_47986 pnpacpi_parse_allocated_irqresource 2 47986 NULL
28334 -+dbg_port_buf_47990 dbg_port_buf 2 47990 NULL nohasharray
28335 -+mgmt_pending_add_47990 mgmt_pending_add 5 47990 &dbg_port_buf_47990
28336 ++mgmt_pending_add_47990 mgmt_pending_add 5 47990 NULL nohasharray
28337 ++dbg_port_buf_47990 dbg_port_buf 2 47990 &mgmt_pending_add_47990
28338 +ib_umad_write_47993 ib_umad_write 3 47993 NULL
28339 ++ocfs2_find_refcount_split_pos_48001 ocfs2_find_refcount_split_pos 0 48001 NULL
28340 +ffs_epfile_write_48014 ffs_epfile_write 3 48014 NULL
28341 +bio_integrity_set_tag_48035 bio_integrity_set_tag 3 48035 NULL
28342 +pppoe_sendmsg_48039 pppoe_sendmsg 4 48039 NULL
28343 +wpan_phy_alloc_48056 wpan_phy_alloc 1 48056 NULL
28344 ++ocfs2_change_refcount_rec_48059 ocfs2_change_refcount_rec 0 48059 NULL
28345 +posix_acl_alloc_48063 posix_acl_alloc 1 48063 NULL
28346 +c4iw_init_resource_fifo_48090 c4iw_init_resource_fifo 3 48090 NULL
28347 +mmc_alloc_host_48097 mmc_alloc_host 1 48097 NULL
28348 +skb_copy_datagram_const_iovec_48102 skb_copy_datagram_const_iovec 4-2-5 48102 NULL
28349 +vmw_framebuffer_surface_dirty_48132 vmw_framebuffer_surface_dirty 6 48132 NULL
28350 -+rtsx_read_cfg_seq_48139 rtsx_read_cfg_seq 5-3 48139 NULL
28351 +dn_fib_count_nhs_48145 dn_fib_count_nhs 0 48145 NULL
28352 ++__tcp_push_pending_frames_48148 __tcp_push_pending_frames 2 48148 NULL
28353 +bitmap_onto_48152 bitmap_onto 4 48152 NULL
28354 +isr_dma1_done_read_48159 isr_dma1_done_read 3 48159 NULL
28355 +ocfs2_find_next_zero_bit_unaligned_48170 ocfs2_find_next_zero_bit_unaligned 2-3 48170 NULL
28356 @@ -107727,83 +109163,107 @@ index 0000000..6fcc08d
28357 +read_file_recv_48232 read_file_recv 3 48232 NULL
28358 +blk_rq_pos_48233 blk_rq_pos 0 48233 NULL
28359 +nfsctl_transaction_read_48250 nfsctl_transaction_read 3 48250 NULL
28360 ++usb_hcd_submit_urb_48256 usb_hcd_submit_urb 0 48256 NULL
28361 +cache_write_pipefs_48270 cache_write_pipefs 3 48270 NULL
28362 ++trace_options_write_48275 trace_options_write 3 48275 NULL
28363 +pkt_bio_alloc_48284 pkt_bio_alloc 1 48284 NULL
28364 +lpfc_idiag_extacc_read_48301 lpfc_idiag_extacc_read 3 48301 NULL
28365 +timblogiw_read_48305 timblogiw_read 3 48305 NULL
28366 +hash_setkey_48310 hash_setkey 3 48310 NULL
28367 ++bcm_download_config_file_48313 bcm_download_config_file 0 48313 NULL
28368 +skb_add_data_48363 skb_add_data 3 48363 NULL
28369 ++iscsi_complete_pdu_48372 iscsi_complete_pdu 4 48372 NULL
28370 +lbs_debugfs_write_48413 lbs_debugfs_write 3 48413 NULL
28371 -+aufs_compat_ioctl_dir_48420 aufs_compat_ioctl_dir 3 48420 NULL
28372 ++snd_power_wait_48422 snd_power_wait 0 48422 NULL
28373 +pwr_tx_without_ps_read_48423 pwr_tx_without_ps_read 3 48423 NULL
28374 +nfs4_alloc_pages_48426 nfs4_alloc_pages 1 48426 NULL
28375 +wm8994_write_48439 wm8994_write 3 48439 NULL
28376 +tun_recvmsg_48463 tun_recvmsg 4 48463 NULL
28377 ++ipath_format_hwerrors_48487 ipath_format_hwerrors 5 48487 NULL
28378 +r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL
28379 +send_control_msg_48498 send_control_msg 6 48498 NULL
28380 +mlx4_en_create_tx_ring_48501 mlx4_en_create_tx_ring 4 48501 NULL
28381 -+iwl_legacy_dbgfs_status_read_48508 iwl_legacy_dbgfs_status_read 3 48508 NULL nohasharray
28382 -+diva_os_copy_to_user_48508 diva_os_copy_to_user 4 48508 &iwl_legacy_dbgfs_status_read_48508
28383 ++diva_os_copy_to_user_48508 diva_os_copy_to_user 4 48508 NULL nohasharray
28384 ++iwl_legacy_dbgfs_status_read_48508 iwl_legacy_dbgfs_status_read 3 48508 &diva_os_copy_to_user_48508
28385 +phantom_get_free_48514 phantom_get_free 0 48514 NULL
28386 -+ubi_dbg_check_write_48525 ubi_dbg_check_write 5 48525 NULL
28387 ++ubi_dbg_check_write_48525 ubi_dbg_check_write 0 48525 NULL
28388 +wiimote_hid_send_48528 wiimote_hid_send 3 48528 NULL
28389 ++drbd_bm_capacity_48530 drbd_bm_capacity 0 48530 NULL
28390 +ext3_splice_branch_48531 ext3_splice_branch 6 48531 NULL
28391 +ext_sd_execute_read_data_48589 ext_sd_execute_read_data 9 48589 NULL
28392 +ufs_dtogd_48616 ufs_dtogd 0-2 48616 NULL
28393 +do_ip_vs_set_ctl_48641 do_ip_vs_set_ctl 4 48641 NULL
28394 +lc_create_48662 lc_create 3 48662 NULL
28395 +aes_encrypt_packets_read_48666 aes_encrypt_packets_read 3 48666 NULL
28396 -+sm501_create_subdev_48668 sm501_create_subdev 3-4 48668 NULL nohasharray
28397 ++ore_get_rw_state_48667 ore_get_rw_state 5 48667 NULL
28398 ++sm501_create_subdev_48668 sm501_create_subdev 4-3 48668 NULL nohasharray
28399 +sys_setgroups_48668 sys_setgroups 1 48668 &sm501_create_subdev_48668
28400 ++ubi_eba_unmap_leb_48671 ubi_eba_unmap_leb 0 48671 NULL
28401 ++l2cap_build_cmd_48676 l2cap_build_cmd 4 48676 NULL
28402 +hysdn_log_write_48694 hysdn_log_write 3 48694 NULL
28403 +altera_drscan_48698 altera_drscan 2 48698 NULL
28404 +kvm_set_irq_routing_48704 kvm_set_irq_routing 3 48704 NULL
28405 ++recv_msg_48709 recv_msg 4 48709 NULL
28406 ++lpfc_idiag_drbacc_write_48712 lpfc_idiag_drbacc_write 3 48712 NULL
28407 ++RFTrackingFiltersCorrection_48722 RFTrackingFiltersCorrection 0 48722 NULL
28408 +disconnect_48738 disconnect 4 48738 NULL
28409 +ath6kl_regwrite_read_48747 ath6kl_regwrite_read 3 48747 NULL
28410 ++event_buffer_read_48772 event_buffer_read 3 48772 NULL
28411 +icmp_manip_pkt_48801 icmp_manip_pkt 2 48801 NULL
28412 +twa_change_queue_depth_48808 twa_change_queue_depth 2 48808 NULL
28413 ++register_ftrace_profiler_48816 register_ftrace_profiler 0 48816 NULL nohasharray
28414 ++tcp_push_one_48816 tcp_push_one 2 48816 &register_ftrace_profiler_48816
28415 +atomic_counters_read_48827 atomic_counters_read 3 48827 NULL
28416 +azx_get_position_48841 azx_get_position 0 48841 NULL
28417 -+vc_do_resize_48842 vc_do_resize 3-4 48842 NULL
28418 ++vc_do_resize_48842 vc_do_resize 4-3 48842 NULL
28419 +viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 NULL
28420 +__ffs_ep0_read_events_48868 __ffs_ep0_read_events 3 48868 NULL
28421 +sys_setgroups16_48882 sys_setgroups16 1 48882 NULL
28422 +get_num_ops_48886 get_num_ops 0 48886 NULL
28423 +ext2_alloc_branch_48889 ext2_alloc_branch 4 48889 NULL
28424 +crypto_cipher_ctxsize_48890 crypto_cipher_ctxsize 0 48890 NULL
28425 ++mac_drv_rx_init_48898 mac_drv_rx_init 2 48898 NULL nohasharray
28426 ++joydev_handle_JSIOCSAXMAP_48898 joydev_handle_JSIOCSAXMAP 3 48898 &mac_drv_rx_init_48898
28427 +xdi_copy_to_user_48900 xdi_copy_to_user 4 48900 NULL
28428 +msg_hdr_sz_48908 msg_hdr_sz 0 48908 NULL
28429 -+gdth_isa_probe_one_48925 gdth_isa_probe_one 1 48925 NULL
28430 ++snd_pcm_update_hw_ptr_48925 snd_pcm_update_hw_ptr 0 48925 NULL
28431 +lpfc_sli4_get_els_iocb_cnt_48926 lpfc_sli4_get_els_iocb_cnt 0 48926 NULL
28432 +event_heart_beat_read_48961 event_heart_beat_read 3 48961 NULL
28433 +_alloc_set_attr_list_48991 _alloc_set_attr_list 4 48991 NULL
28434 +rds_rm_size_48996 rds_rm_size 0-2 48996 NULL
28435 +sel_write_enforce_48998 sel_write_enforce 3 48998 NULL
28436 +xd_rw_49020 xd_rw 3-4 49020 NULL
28437 ++aic_inb_49023 aic_inb 0 49023 NULL
28438 +transient_status_49027 transient_status 4 49027 NULL
28439 +ubi_read_49061 ubi_read 0 49061 NULL
28440 ++l2cap_bredr_sig_cmd_49065 l2cap_bredr_sig_cmd 3 49065 NULL
28441 +mirror_status_49073 mirror_status 4 49073 NULL
28442 +vmx_set_msr_49090 vmx_set_msr 3 49090 NULL
28443 +scsi_register_49094 scsi_register 2 49094 NULL
28444 +compat_do_readv_writev_49102 compat_do_readv_writev 4 49102 NULL
28445 ++receive_client_update_packet_49104 receive_client_update_packet 3 49104 NULL
28446 +xfrm_replay_state_esn_len_49119 xfrm_replay_state_esn_len 0 49119 NULL
28447 +pt_read_49136 pt_read 3 49136 NULL
28448 +iwl_legacy_dbgfs_fh_reg_read_49144 iwl_legacy_dbgfs_fh_reg_read 3 49144 NULL nohasharray
28449 +tipc_multicast_49144 tipc_multicast 5 49144 &iwl_legacy_dbgfs_fh_reg_read_49144
28450 -+atyfb_setup_generic_49151 atyfb_setup_generic 3 49151 NULL
28451 +ipwireless_tty_received_49154 ipwireless_tty_received 3 49154 NULL
28452 +ipw_queue_tx_init_49161 ipw_queue_tx_init 3 49161 NULL
28453 +ext4_free_clusters_after_init_49174 ext4_free_clusters_after_init 2 49174 NULL
28454 ++__jfs_setxattr_49175 __jfs_setxattr 5 49175 NULL
28455 +dvb_dvr_ioctl_49182 dvb_dvr_ioctl 2 49182 NULL
28456 ++root_nfs_cat_49192 root_nfs_cat 3 49192 NULL
28457 +iwl_dbgfs_ucode_general_stats_read_49199 iwl_dbgfs_ucode_general_stats_read 3 49199 NULL
28458 +do_jffs2_getxattr_49210 do_jffs2_getxattr 0 49210 NULL
28459 +osd_req_add_get_attr_list_49278 osd_req_add_get_attr_list 3 49278 NULL
28460 ++__ext4_ext_dirty_49284 __ext4_ext_dirty 0 49284 NULL
28461 +viafb_dfph_proc_write_49288 viafb_dfph_proc_write 3 49288 NULL
28462 +uio_read_49300 uio_read 3 49300 NULL
28463 +ocfs2_resmap_find_free_bits_49301 ocfs2_resmap_find_free_bits 3 49301 NULL
28464 ++beiscsi_session_create_49304 beiscsi_session_create 2 49304 NULL
28465 ++__intel_map_single_49338 __intel_map_single 3-2 49338 NULL
28466 +cfpkt_setlen_49343 cfpkt_setlen 2 49343 NULL
28467 +joydev_ioctl_common_49359 joydev_ioctl_common 2 49359 NULL
28468 -+ocfs2_remove_btree_range_49370 ocfs2_remove_btree_range 4-5-3 49370 NULL
28469 ++ocfs2_remove_btree_range_49370 ocfs2_remove_btree_range 4-3-5 49370 NULL
28470 +px_raw_event_49371 px_raw_event 4 49371 NULL
28471 +iscsi_alloc_session_49390 iscsi_alloc_session 3 49390 NULL
28472 +applesmc_create_nodes_49392 applesmc_create_nodes 2 49392 NULL
28473 @@ -107812,102 +109272,141 @@ index 0000000..6fcc08d
28474 +tnode_alloc_49407 tnode_alloc 1 49407 NULL
28475 +samples_to_bytes_49426 samples_to_bytes 0-2 49426 NULL
28476 +md_domain_init_49432 md_domain_init 2 49432 NULL
28477 ++i915_gem_object_set_to_gtt_domain_49450 i915_gem_object_set_to_gtt_domain 0 49450 NULL
28478 ++ocfs2_merge_rec_left_49455 ocfs2_merge_rec_left 0 49455 NULL
28479 +agp_3_5_isochronous_node_enable_49465 agp_3_5_isochronous_node_enable 3 49465 NULL
28480 +xfs_iformat_local_49472 xfs_iformat_local 4 49472 NULL
28481 ++dn_nsp_do_disc_49474 dn_nsp_do_disc 6 49474 NULL
28482 ++esp4_get_mtu_49483 esp4_get_mtu 0-2 49483 NULL
28483 +isr_decrypt_done_read_49490 isr_decrypt_done_read 3 49490 NULL
28484 -+emulator_write_phys_49520 emulator_write_phys 2-4 49520 NULL
28485 -+acpi_os_ioremap_49523 acpi_os_ioremap 1-2 49523 NULL
28486 ++emulator_write_phys_49520 emulator_write_phys 2-4 49520 NULL nohasharray
28487 ++__sock_recvmsg_nosec_49520 __sock_recvmsg_nosec 0 49520 &emulator_write_phys_49520
28488 +smk_write_access_49561 smk_write_access 3 49561 NULL
28489 -+ntfs_malloc_nofs_49572 ntfs_malloc_nofs 1 49572 NULL
28490 +alloc_chunk_49575 alloc_chunk 1 49575 NULL
28491 +sctp_setsockopt_default_send_param_49578 sctp_setsockopt_default_send_param 3 49578 NULL
28492 ++readfifo_49583 readfifo 1 49583 NULL
28493 +isr_wakeups_read_49607 isr_wakeups_read 3 49607 NULL
28494 +heap_init_49617 heap_init 2 49617 NULL
28495 +smk_write_doi_49621 smk_write_doi 3 49621 NULL
28496 ++port_fops_read_49626 port_fops_read 3 49626 NULL
28497 +svm_set_msr_49643 svm_set_msr 3 49643 NULL
28498 -+____cache_alloc_49656 ____cache_alloc 0 49656 NULL
28499 +aa_simple_write_to_buffer_49683 aa_simple_write_to_buffer 3-4 49683 NULL
28500 ++__setup_irq_49696 __setup_irq 0 49696 NULL
28501 +sys_gethostname_49698 sys_gethostname 2 49698 NULL
28502 +cx2341x_ctrl_new_menu_49700 cx2341x_ctrl_new_menu 3 49700 NULL
28503 +get_key_haup_common_49709 get_key_haup_common 4 49709 NULL
28504 ++write_pool_49718 write_pool 3 49718 NULL
28505 +sys_fsetxattr_49736 sys_fsetxattr 4 49736 NULL
28506 ++check_frame_49741 check_frame 0 49741 NULL
28507 +zd_usb_iowrite16v_49744 zd_usb_iowrite16v 3 49744 NULL
28508 +btrfs_chunk_num_stripes_49751 btrfs_chunk_num_stripes 0 49751 NULL
28509 ++nci_skb_alloc_49757 nci_skb_alloc 2 49757 NULL
28510 +key_conf_keylen_read_49758 key_conf_keylen_read 3 49758 NULL
28511 +fuse_conn_waiting_read_49762 fuse_conn_waiting_read 3 49762 NULL
28512 ++w83977af_fir_interrupt_49775 w83977af_fir_interrupt 0 49775 NULL
28513 +pohmelfs_send_xattr_req_49783 pohmelfs_send_xattr_req 6 49783 NULL
28514 -+ceph_osdc_readpages_49789 ceph_osdc_readpages 10-4 49789 NULL
28515 ++ceph_osdc_readpages_49789 ceph_osdc_readpages 0-10-4 49789 NULL
28516 ++be_num_rxqs_want_49794 be_num_rxqs_want 0 49794 NULL
28517 +nfs4_acl_new_49806 nfs4_acl_new 1 49806 NULL
28518 +ntfs_copy_from_user_iovec_49829 ntfs_copy_from_user_iovec 3-6-0 49829 NULL
28519 ++b1dma_tolink_49834 b1dma_tolink 0 49834 NULL
28520 ++iraw_loop_49842 iraw_loop 0-1 49842 NULL
28521 +vmw_execbuf_process_49845 vmw_execbuf_process 5 49845 NULL
28522 +scsi_dispatch_cmd_entry_49848 scsi_dispatch_cmd_entry 3 49848 NULL
28523 +timeradd_entry_49850 timeradd_entry 3 49850 NULL
28524 ++ubifs_destroy_tnc_subtree_49853 ubifs_destroy_tnc_subtree 0 49853 NULL
28525 +sctp_setsockopt_bindx_49870 sctp_setsockopt_bindx 3 49870 NULL
28526 ++snd_mask_eq_49889 snd_mask_eq 0 49889 NULL
28527 +ceph_get_caps_49890 ceph_get_caps 0 49890 NULL
28528 -+__copy_from_user_inatomic_nocache_49921 __copy_from_user_inatomic_nocache 3 49921 NULL
28529 ++config_ep_by_speed_49939 config_ep_by_speed 0 49939 NULL
28530 ++hpi_stream_estimate_buffer_size_49965 hpi_stream_estimate_buffer_size 2 49965 NULL
28531 ++b43legacy_pio_read_49978 b43legacy_pio_read 0 49978 NULL
28532 +ieee80211_if_fmt_dtim_count_49987 ieee80211_if_fmt_dtim_count 3 49987 NULL
28533 ++drm_buffer_copy_from_user_49990 drm_buffer_copy_from_user 3 49990 NULL
28534 +dn_mss_from_pmtu_50011 dn_mss_from_pmtu 0-2 50011 NULL
28535 -+ptrace_readdata_50020 ptrace_readdata 2-4 50020 NULL
28536 +isdn_read_50021 isdn_read 3 50021 NULL
28537 +rbd_req_write_50041 rbd_req_write 4-5 50041 NULL
28538 -+alloc_ebda_hpc_50046 alloc_ebda_hpc 1-2 50046 NULL
28539 ++alloc_ebda_hpc_50046 alloc_ebda_hpc 2-1 50046 NULL
28540 +fuse_conn_max_background_write_50061 fuse_conn_max_background_write 3 50061 NULL
28541 -+vmw_surface_destroy_size_50072 vmw_surface_destroy_size 0 50072 NULL
28542 +arch_setup_ht_irq_50073 arch_setup_ht_irq 1 50073 NULL
28543 ++call_usermodehelper_fns_50078 call_usermodehelper_fns 0 50078 NULL
28544 ++__kfifo_dma_in_prepare_50081 __kfifo_dma_in_prepare 4 50081 NULL
28545 +dev_set_alias_50084 dev_set_alias 3 50084 NULL
28546 +pcpu_get_vm_areas_50085 pcpu_get_vm_areas 3 50085 NULL
28547 +sock_setsockopt_50088 sock_setsockopt 5 50088 NULL
28548 +altera_swap_dr_50090 altera_swap_dr 2 50090 NULL
28549 +read_file_slot_50111 read_file_slot 3 50111 NULL
28550 +pn544_fw_read_50112 pn544_fw_read 0 50112 NULL
28551 ++rx_streaming_interval_write_50120 rx_streaming_interval_write 3 50120 NULL
28552 ++ocfs2_search_one_group_50125 ocfs2_search_one_group 0 50125 NULL
28553 +copy_items_50140 copy_items 6 50140 NULL
28554 -+reiserfs_bmap_count_50160 reiserfs_bmap_count 0 50160 NULL
28555 -+aac_nark_ioremap_50163 aac_nark_ioremap 2 50163 NULL nohasharray
28556 -+kmalloc_node_50163 kmalloc_node 1 50163 &aac_nark_ioremap_50163
28557 ++kmalloc_node_50163 kmalloc_node 1 50163 NULL
28558 ++ahd_probe_stack_size_50168 ahd_probe_stack_size 0 50168 NULL
28559 +odev_update_50169 odev_update 2 50169 NULL
28560 +ieee80211_if_fmt_dot11MeshHWMPRannInterval_50172 ieee80211_if_fmt_dot11MeshHWMPRannInterval 3 50172 NULL nohasharray
28561 +ubi_resize_volume_50172 ubi_resize_volume 2 50172 &ieee80211_if_fmt_dot11MeshHWMPRannInterval_50172
28562 +ib_send_cm_drep_50186 ib_send_cm_drep 3 50186 NULL
28563 ++mthca_buddy_init_50206 mthca_buddy_init 2 50206 NULL
28564 +l2cap_sock_setsockopt_50207 l2cap_sock_setsockopt 5 50207 NULL
28565 +ieee80211_skb_resize_50211 ieee80211_skb_resize 3 50211 NULL
28566 +mon_bin_compat_ioctl_50234 mon_bin_compat_ioctl 3 50234 NULL
28567 +sg_kmalloc_50240 sg_kmalloc 1 50240 NULL
28568 +afs_extract_data_50261 afs_extract_data 5 50261 NULL
28569 ++qfq_calc_index_50263 qfq_calc_index 2-1 50263 NULL
28570 +rxrpc_setsockopt_50286 rxrpc_setsockopt 5 50286 NULL nohasharray
28571 +gart_free_coherent_50286 gart_free_coherent 4-2 50286 &rxrpc_setsockopt_50286
28572 -+soc_codec_reg_show_50302 soc_codec_reg_show 0 50302 NULL
28573 ++soc_codec_reg_show_50302 soc_codec_reg_show 0-3 50302 NULL
28574 ++iterate_irefs_50313 iterate_irefs 0 50313 NULL
28575 +cifs_readdata_alloc_50318 cifs_readdata_alloc 1 50318 NULL
28576 +do_launder_page_50329 do_launder_page 0 50329 NULL
28577 +lpfc_idiag_pcicfg_read_50334 lpfc_idiag_pcicfg_read 3 50334 NULL
28578 +ocfs2_block_to_cluster_group_50337 ocfs2_block_to_cluster_group 2 50337 NULL nohasharray
28579 -+snd_pcm_lib_writev_50337 snd_pcm_lib_writev 0-3 50337 &ocfs2_block_to_cluster_group_50337 nohasharray
28580 -+au_br_alloc_50337 au_br_alloc 2 50337 &snd_pcm_lib_writev_50337
28581 ++snd_pcm_lib_writev_50337 snd_pcm_lib_writev 0-3 50337 &ocfs2_block_to_cluster_group_50337
28582 +tpm_read_50344 tpm_read 3 50344 NULL
28583 ++sched_clock_remote_50347 sched_clock_remote 0 50347 NULL
28584 +isdn_ppp_read_50356 isdn_ppp_read 4 50356 NULL
28585 +unpack_u16_chunk_50357 unpack_u16_chunk 0 50357 NULL
28586 ++ocfs2_figure_insert_type_50362 ocfs2_figure_insert_type 0 50362 NULL nohasharray
28587 ++iwl_dbgfs_echo_test_write_50362 iwl_dbgfs_echo_test_write 3 50362 &ocfs2_figure_insert_type_50362
28588 +xfrm_send_migrate_50365 xfrm_send_migrate 5 50365 NULL
28589 +sl_alloc_bufs_50380 sl_alloc_bufs 2 50380 NULL
28590 ++inet_nlmsg_size_50399 inet_nlmsg_size 0 50399 NULL
28591 ++snd_mask_refine_last_50406 snd_mask_refine_last 0 50406 NULL
28592 +l2tp_ip_sendmsg_50411 l2tp_ip_sendmsg 4 50411 NULL
28593 +iscsi_create_conn_50425 iscsi_create_conn 2 50425 NULL
28594 +pgctrl_write_50453 pgctrl_write 3 50453 NULL
28595 ++device_create_sys_dev_entry_50458 device_create_sys_dev_entry 0 50458 NULL
28596 +cdrom_read_cdda_50478 cdrom_read_cdda 4 50478 NULL
28597 +pwr_rcvd_awake_beacons_read_50505 pwr_rcvd_awake_beacons_read 3 50505 NULL
28598 ++fwnet_receive_packet_50537 fwnet_receive_packet 9 50537 NULL
28599 +ath6kl_set_ap_probe_resp_ies_50539 ath6kl_set_ap_probe_resp_ies 3 50539 NULL
28600 ++usbat_flash_write_data_50553 usbat_flash_write_data 4 50553 NULL
28601 ++hme_read_desc32_50574 hme_read_desc32 0 50574 NULL
28602 ++pep_reply_50582 pep_reply 5 50582 NULL
28603 +iwl_dbgfs_missed_beacon_read_50584 iwl_dbgfs_missed_beacon_read 3 50584 NULL
28604 +build_inv_iommu_pages_50589 build_inv_iommu_pages 2-3 50589 NULL
28605 ++sge_rx_50594 sge_rx 3 50594 NULL
28606 ++ocfs2_split_extent_50618 ocfs2_split_extent 0 50618 NULL
28607 ++add_uevent_var_50620 add_uevent_var 0 50620 NULL
28608 ++GET_WORD_50624 GET_WORD 0 50624 NULL
28609 +__ffs_50625 __ffs 0 50625 NULL
28610 ++macvtap_alloc_skb_50629 macvtap_alloc_skb 2-4-3 50629 NULL
28611 +simple_transaction_get_50633 simple_transaction_get 3 50633 NULL
28612 +ocfs2_readlink_50656 ocfs2_readlink 3 50656 NULL
28613 ++ocfs2_do_insert_extent_50658 ocfs2_do_insert_extent 0 50658 NULL
28614 +sys_readv_50664 sys_readv 3 50664 NULL
28615 -+ext2_try_to_allocate_with_rsv_50669 ext2_try_to_allocate_with_rsv 4-2 50669 NULL
28616 ++ext2_try_to_allocate_with_rsv_50669 ext2_try_to_allocate_with_rsv 2-4-0 50669 NULL
28617 +btmrvl_psstate_read_50683 btmrvl_psstate_read 3 50683 NULL
28618 ++prism2_read_fid_reg_50689 prism2_read_fid_reg 0 50689 NULL
28619 +get_wear_leveling_table_len_50712 get_wear_leveling_table_len 0 50712 NULL
28620 +__ext3_get_inode_loc_50744 __ext3_get_inode_loc 0 50744 NULL
28621 +skb_padto_50759 skb_padto 2 50759 NULL
28622 +udp_manip_pkt_50770 udp_manip_pkt 2 50770 NULL
28623 +ocfs2_xattr_block_get_50773 ocfs2_xattr_block_get 0 50773 NULL
28624 -+tm6000_read_write_usb_50774 tm6000_read_write_usb 7 50774 NULL
28625 -+bio_alloc_map_data_50782 bio_alloc_map_data 1-2 50782 NULL
28626 ++tm6000_read_write_usb_50774 tm6000_read_write_usb 7 50774 NULL nohasharray
28627 ++pipe_handler_request_50774 pipe_handler_request 5 50774 &tm6000_read_write_usb_50774
28628 ++bio_alloc_map_data_50782 bio_alloc_map_data 2-1 50782 NULL
28629 ++ixgbe_acquire_msix_vectors_50789 ixgbe_acquire_msix_vectors 2 50789 NULL
28630 +tpm_write_50798 tpm_write 3 50798 NULL
28631 +tun_do_read_50800 tun_do_read 4 50800 NULL
28632 +write_flush_50803 write_flush 3 50803 NULL
28633 @@ -107915,6 +109414,8 @@ index 0000000..6fcc08d
28634 +acpi_ev_install_gpe_block_50829 acpi_ev_install_gpe_block 2 50829 NULL
28635 +pstore_mkfile_50830 pstore_mkfile 5 50830 NULL
28636 +create_mem_extents_50835 create_mem_extents 0 50835 NULL
28637 ++videobuf_dma_init_user_50839 videobuf_dma_init_user 4-3 50839 NULL
28638 ++ChannelConfiguration_50853 ChannelConfiguration 0 50853 NULL
28639 +carl9170_debugfs_write_50857 carl9170_debugfs_write 3 50857 NULL
28640 +netlbl_secattr_catmap_walk_rng_50894 netlbl_secattr_catmap_walk_rng 0-2 50894 NULL
28641 +osd_req_write_sg_50908 osd_req_write_sg 5 50908 NULL
28642 @@ -107923,24 +109424,32 @@ index 0000000..6fcc08d
28643 +hash_recvmsg_50924 hash_recvmsg 4 50924 NULL
28644 +chd_dec_fetch_cdata_50926 chd_dec_fetch_cdata 3 50926 NULL
28645 +sock_bindtodevice_50942 sock_bindtodevice 3 50942 NULL
28646 ++mld_newpack_50950 mld_newpack 2 50950 NULL
28647 +ocfs2_add_refcount_flag_50952 ocfs2_add_refcount_flag 6 50952 NULL
28648 -+iwl_statistics_flag_50981 iwl_statistics_flag 0-3 50981 NULL
28649 ++sdio_uart_write_50954 sdio_uart_write 3 50954 NULL
28650 ++iwl_statistics_flag_50981 iwl_statistics_flag 3-0 50981 NULL
28651 +timeout_write_50991 timeout_write 3 50991 NULL
28652 +proc_write_51003 proc_write 3 51003 NULL
28653 ++jbd2_journal_extend_51012 jbd2_journal_extend 0 51012 NULL
28654 +lbs_dev_info_51023 lbs_dev_info 3 51023 NULL
28655 +ntfs_attr_find_51028 ntfs_attr_find 0 51028 NULL nohasharray
28656 +fuse_conn_congestion_threshold_read_51028 fuse_conn_congestion_threshold_read 3 51028 &ntfs_attr_find_51028
28657 +BcmGetSectionValEndOffset_51039 BcmGetSectionValEndOffset 0 51039 NULL
28658 +dump_midi_51040 dump_midi 3 51040 NULL
28659 ++usb_get_descriptor_51041 usb_get_descriptor 0 51041 NULL
28660 +do_arpt_set_ctl_51053 do_arpt_set_ctl 4 51053 NULL
28661 +wusb_prf_64_51065 wusb_prf_64 7 51065 NULL
28662 -+qla4_8xxx_pci_mem_write_direct_51079 qla4_8xxx_pci_mem_write_direct 2 51079 NULL
28663 +jbd2_journal_init_revoke_51088 jbd2_journal_init_revoke 2 51088 NULL
28664 +__ocfs2_find_path_51096 __ocfs2_find_path 0 51096 NULL
28665 +read_file_wiphy_51103 read_file_wiphy 3 51103 NULL
28666 ++iscsi_nop_out_rsp_51117 iscsi_nop_out_rsp 4 51117 NULL
28667 ++xfs_file_splice_read_51121 xfs_file_splice_read 4 51121 NULL
28668 +nfs_map_name_to_uid_51132 nfs_map_name_to_uid 3 51132 NULL
28669 +alloc_rtllib_51136 alloc_rtllib 1 51136 NULL
28670 ++wl1271_cmd_build_probe_req_51141 wl1271_cmd_build_probe_req 3-5 51141 NULL
28671 +xfs_trans_get_efd_51148 xfs_trans_get_efd 3 51148 NULL
28672 ++walk_page_buffers_51170 walk_page_buffers 0 51170 NULL
28673 ++snd_pcm_unlink_51210 snd_pcm_unlink 0 51210 NULL
28674 +snd_pcm_write_51235 snd_pcm_write 3 51235 NULL
28675 +tipc_send_51238 tipc_send 4 51238 NULL
28676 +drm_property_create_51239 drm_property_create 4 51239 NULL
28677 @@ -107950,15 +109459,17 @@ index 0000000..6fcc08d
28678 +ipwireless_network_packet_received_51277 ipwireless_network_packet_received 4 51277 NULL
28679 +zone_reclaimable_pages_51283 zone_reclaimable_pages 0 51283 NULL
28680 +pvr2_std_id_to_str_51288 pvr2_std_id_to_str 2 51288 NULL
28681 ++xfrm_count_enc_supported_51290 xfrm_count_enc_supported 0 51290 NULL
28682 ++buffDnldVerify_51297 buffDnldVerify 0 51297 NULL
28683 ++ocfs2_read_inode_block_51319 ocfs2_read_inode_block 0 51319 NULL
28684 +alloc_hippi_dev_51320 alloc_hippi_dev 1 51320 NULL
28685 +ext2_xattr_get_51327 ext2_xattr_get 0 51327 NULL
28686 -+alloc_smp_req_51337 alloc_smp_req 1 51337 NULL nohasharray
28687 -+compat_arch_ptrace_51337 compat_arch_ptrace 3-4 51337 &alloc_smp_req_51337
28688 ++alloc_smp_req_51337 alloc_smp_req 1 51337 NULL
28689 +ipw_get_event_log_len_51341 ipw_get_event_log_len 0 51341 NULL
28690 +ieee80211_if_fmt_estab_plinks_51370 ieee80211_if_fmt_estab_plinks 3 51370 NULL
28691 +radeon_kms_compat_ioctl_51371 radeon_kms_compat_ioctl 2 51371 NULL
28692 +ieee80211_wx_set_gen_ie_51399 ieee80211_wx_set_gen_ie 3 51399 NULL
28693 -+ceph_sync_read_51410 ceph_sync_read 3 51410 NULL
28694 ++ceph_sync_read_51410 ceph_sync_read 3-0 51410 NULL
28695 +blk_register_region_51424 blk_register_region 1-2 51424 NULL
28696 +mwifiex_rdeeprom_read_51429 mwifiex_rdeeprom_read 3 51429 NULL
28697 +econet_sendmsg_51430 econet_sendmsg 4 51430 NULL
28698 @@ -107966,34 +109477,38 @@ index 0000000..6fcc08d
28699 +print_devstats_dot11ACKFailureCount_51443 print_devstats_dot11ACKFailureCount 3 51443 NULL
28700 +____alloc_ei_netdev_51475 ____alloc_ei_netdev 1 51475 NULL
28701 +xfs_buf_get_uncached_51477 xfs_buf_get_uncached 2 51477 NULL
28702 -+acpi_pre_map_51532 acpi_pre_map 1-2 51532 NULL
28703 ++btrfs_find_space_cluster_51482 btrfs_find_space_cluster 5 51482 NULL
28704 ++kvm_fetch_guest_virt_51493 kvm_fetch_guest_virt 4-2 51493 NULL
28705 +__alloc_eip_netdev_51549 __alloc_eip_netdev 1 51549 NULL
28706 +ixgb_get_eeprom_len_51586 ixgb_get_eeprom_len 0 51586 NULL
28707 -+raw_ioctl_51607 raw_ioctl 3 51607 NULL
28708 ++snd_interval_refine_first_51589 snd_interval_refine_first 0 51589 NULL
28709 ++rfcomm_tty_write_51603 rfcomm_tty_write 3 51603 NULL
28710 +table_size_to_number_of_entries_51613 table_size_to_number_of_entries 0-1 51613 NULL
28711 +dns_resolve_server_name_to_ip_51632 dns_resolve_server_name_to_ip 0 51632 NULL
28712 +sctp_auth_create_key_51641 sctp_auth_create_key 1 51641 NULL
28713 +iscsi_create_session_51647 iscsi_create_session 3 51647 NULL
28714 -+au_fidir_realloc_51650 au_fidir_realloc 2 51650 NULL
28715 +get_new_cssid_51665 get_new_cssid 2 51665 NULL
28716 +ps_upsd_utilization_read_51669 ps_upsd_utilization_read 3 51669 NULL
28717 +sctp_setsockopt_associnfo_51684 sctp_setsockopt_associnfo 3 51684 NULL
28718 -+sfi_sysfs_install_table_51688 sfi_sysfs_install_table 1 51688 NULL
28719 +sel_write_access_51704 sel_write_access 3 51704 NULL
28720 ++gem_alloc_skb_51715 gem_alloc_skb 2 51715 NULL
28721 +drm_compat_ioctl_51717 drm_compat_ioctl 2 51717 NULL
28722 +sg_read_oxfer_51724 sg_read_oxfer 3 51724 NULL
28723 +msg_set_51725 msg_set 3 51725 NULL
28724 ++dbg_check_lpt_nodes_51727 dbg_check_lpt_nodes 0 51727 NULL
28725 ++cm4040_read_51732 cm4040_read 3 51732 NULL
28726 +pwc_video_read_51735 pwc_video_read 3 51735 NULL
28727 +hid_parse_report_51737 hid_parse_report 3 51737 NULL
28728 +get_user_pages_fast_51751 get_user_pages_fast 0 51751 NULL
28729 +ifx_spi_insert_flip_string_51752 ifx_spi_insert_flip_string 3 51752 NULL
28730 +if_write_51756 if_write 3 51756 NULL
28731 -+ioremap_prot_51764 ioremap_prot 1-2 51764 NULL
28732 +iio_buffer_add_channel_sysfs_51766 iio_buffer_add_channel_sysfs 0 51766 NULL
28733 ++spin_time_accum_blocked_51769 spin_time_accum_blocked 1 51769 NULL
28734 ++swiotlb_init_with_tbl_51770 swiotlb_init_with_tbl 2 51770 NULL
28735 ++__fswab32_51781 __fswab32 0 51781 NULL
28736 +l2cap_create_iframe_pdu_51801 l2cap_create_iframe_pdu 3 51801 NULL
28737 +qib_alloc_devdata_51819 qib_alloc_devdata 2 51819 NULL
28738 +buffer_from_user_51826 buffer_from_user 3 51826 NULL
28739 -+type_attribute_bounds_av_51837 type_attribute_bounds_av 3 51837 NULL
28740 +ioread32_51847 ioread32 0 51847 NULL nohasharray
28741 +read_file_tgt_tx_stats_51847 read_file_tgt_tx_stats 3 51847 &ioread32_51847
28742 +do_readv_writev_51849 do_readv_writev 4 51849 NULL
28743 @@ -108003,13 +109518,19 @@ index 0000000..6fcc08d
28744 +user_read_51881 user_read 3 51881 NULL
28745 +dbAdjCtl_51888 dbAdjCtl 0 51888 NULL
28746 +virt_to_phys_51896 virt_to_phys 0 51896 NULL
28747 ++iio_read_first_n_sw_rb_51911 iio_read_first_n_sw_rb 2 51911 NULL
28748 ++tipc_createport_51914 tipc_createport 2 51914 NULL
28749 +dbg_status_buf_51930 dbg_status_buf 2 51930 NULL
28750 +xfrm_alg_len_51940 xfrm_alg_len 0 51940 NULL
28751 +scsi_get_vpd_page_51951 scsi_get_vpd_page 4 51951 NULL
28752 ++ab8500_bank_write_51960 ab8500_bank_write 3 51960 NULL
28753 +snd_mask_min_51969 snd_mask_min 0 51969 NULL
28754 ++__blkdev_get_51972 __blkdev_get 0 51972 NULL
28755 +twl6030_init_irq_51979 twl6030_init_irq 2 51979 NULL
28756 +ath6kl_sdio_alloc_prep_scat_req_51986 ath6kl_sdio_alloc_prep_scat_req 2 51986 NULL
28757 ++scsi_sysfs_add_host_52010 scsi_sysfs_add_host 0 52010 NULL
28758 +skb_copy_datagram_from_iovec_52014 skb_copy_datagram_from_iovec 4-2-5 52014 NULL
28759 ++rdmalt_52022 rdmalt 0 52022 NULL
28760 +vxge_rx_alloc_52024 vxge_rx_alloc 3 52024 NULL
28761 +override_release_52032 override_release 2 52032 NULL
28762 +end_port_52042 end_port 0 52042 NULL
28763 @@ -108018,92 +109539,137 @@ index 0000000..6fcc08d
28764 +dvb_ringbuffer_avail_52057 dvb_ringbuffer_avail 0 52057 NULL
28765 +nsm_get_handle_52089 nsm_get_handle 4 52089 NULL
28766 +o2net_debug_read_52105 o2net_debug_read 3 52105 NULL
28767 ++bcm_compare_buff_contents_52124 bcm_compare_buff_contents 0 52124 NULL
28768 +retry_count_read_52129 retry_count_read 3 52129 NULL
28769 ++snd_pcm_channel_info_user_52135 snd_pcm_channel_info_user 0 52135 NULL
28770 +hysdn_conf_write_52145 hysdn_conf_write 3 52145 NULL nohasharray
28771 +ext2_alloc_blocks_52145 ext2_alloc_blocks 2 52145 &hysdn_conf_write_52145
28772 ++wait_gpio_52146 wait_gpio 0 52146 NULL
28773 ++__le16_to_cpup_52155 __le16_to_cpup 0 52155 NULL
28774 +ieee80211_if_read_dot11MeshRetryTimeout_52168 ieee80211_if_read_dot11MeshRetryTimeout 3 52168 NULL
28775 +mga_compat_ioctl_52170 mga_compat_ioctl 2 52170 NULL
28776 +proc_pid_readlink_52186 proc_pid_readlink 3 52186 NULL
28777 -+do_dmabuf_dirty_ldu_52241 do_dmabuf_dirty_ldu 6 52241 NULL
28778 ++iscsi_if_send_reply_52219 iscsi_if_send_reply 7 52219 NULL nohasharray
28779 ++iwl_dbgfs_wd_timeout_write_52219 iwl_dbgfs_wd_timeout_write 3 52219 &iscsi_if_send_reply_52219
28780 ++_alloc_mISDN_skb_52232 _alloc_mISDN_skb 3 52232 NULL
28781 ++ocfs2_try_to_merge_extent_52244 ocfs2_try_to_merge_extent 0 52244 NULL
28782 +shrink_slab_52261 shrink_slab 2-3 52261 NULL
28783 +sisusbcon_do_font_op_52271 sisusbcon_do_font_op 9 52271 NULL
28784 +smk_write_load_list_52280 smk_write_load_list 3 52280 NULL
28785 -+mpol_to_str_52293 mpol_to_str 2 52293 NULL
28786 ++handle_supp_msgs_52284 handle_supp_msgs 4 52284 NULL
28787 +atomic64_read_52300 atomic64_read 0 52300 NULL
28788 ++ath6kl_wmi_get_new_buf_52304 ath6kl_wmi_get_new_buf 1 52304 NULL
28789 ++jbd2_free_52306 jbd2_free 2 52306 NULL
28790 ++kobject_set_name_vargs_52309 kobject_set_name_vargs 0 52309 NULL
28791 +hwflags_read_52318 hwflags_read 3 52318 NULL
28792 -+ntfs_rl_split_52328 ntfs_rl_split 2-4 52328 NULL
28793 ++snd_pcm_hw_free_52327 snd_pcm_hw_free 0 52327 NULL
28794 +test_unaligned_bulk_52333 test_unaligned_bulk 3 52333 NULL
28795 +iwl3945_ucode_rx_stats_read_52340 iwl3945_ucode_rx_stats_read 3 52340 NULL
28796 +bytes_to_frames_52362 bytes_to_frames 0-2 52362 NULL
28797 +copy_entries_to_user_52367 copy_entries_to_user 1 52367 NULL
28798 +iwl_dump_fh_52371 iwl_dump_fh 0 52371 NULL
28799 ++ocfs2_journal_access_eb_52377 ocfs2_journal_access_eb 0 52377 NULL
28800 ++pfkey_sockaddr_pair_size_52378 pfkey_sockaddr_pair_size 0 52378 NULL
28801 +isdn_writebuf_stub_52383 isdn_writebuf_stub 4 52383 NULL
28802 +jfs_setxattr_52389 jfs_setxattr 4 52389 NULL
28803 +aer_inject_write_52399 aer_inject_write 3 52399 NULL
28804 -+aac_rx_ioremap_52410 aac_rx_ioremap 2 52410 NULL
28805 +cgroup_file_write_52417 cgroup_file_write 3 52417 NULL
28806 +line6_midibuf_init_52425 line6_midibuf_init 2 52425 NULL
28807 ++hso_serial_common_create_52428 hso_serial_common_create 4 52428 NULL
28808 +ieee80211_if_fmt_num_sta_ps_52438 ieee80211_if_fmt_num_sta_ps 3 52438 NULL
28809 +nl80211_send_mgmt_tx_status_52445 nl80211_send_mgmt_tx_status 5 52445 NULL
28810 -+ieee80211_alloc_txb_52477 ieee80211_alloc_txb 1 52477 NULL
28811 ++alauda_read_data_52452 alauda_read_data 3 52452 NULL
28812 ++ip6_skb_dst_mtu_52457 ip6_skb_dst_mtu 0 52457 NULL
28813 ++ieee80211_alloc_txb_52477 ieee80211_alloc_txb 1-2 52477 NULL
28814 ++usb_tranzport_write_52479 usb_tranzport_write 3 52479 NULL
28815 +ocfs2_extend_no_holes_52483 ocfs2_extend_no_holes 3-4 52483 NULL
28816 +skb_cow_head_52495 skb_cow_head 2 52495 NULL
28817 +int_tasklet_entry_52500 int_tasklet_entry 3 52500 NULL
28818 ++netlbl_unlabel_init_52506 netlbl_unlabel_init 1 52506 NULL
28819 +pm_qos_power_write_52513 pm_qos_power_write 3 52513 NULL
28820 ++bt_sock_stream_recvmsg_52518 bt_sock_stream_recvmsg 4 52518 NULL
28821 +dup_variable_bug_52525 dup_variable_bug 3 52525 NULL
28822 ++raw_recvmsg_52529 raw_recvmsg 4 52529 NULL
28823 ++x86_setup_msi_irqs_52535 x86_setup_msi_irqs 0 52535 NULL
28824 +dccpprobe_read_52549 dccpprobe_read 3 52549 NULL
28825 +ocfs2_make_right_split_rec_52562 ocfs2_make_right_split_rec 3 52562 NULL
28826 -+emit_code_52583 emit_code 0-3 52583 NULL
28827 ++debug_level_proc_write_52572 debug_level_proc_write 3 52572 NULL
28828 ++snd_pcm_sw_params_52594 snd_pcm_sw_params 0 52594 NULL
28829 +xfs_file_buffered_aio_write_52609 xfs_file_buffered_aio_write 4 52609 NULL
28830 +iwl_legacy_dbgfs_channels_read_52619 iwl_legacy_dbgfs_channels_read 3 52619 NULL
28831 ++__iter_shared_inline_ref_inodes_52668 __iter_shared_inline_ref_inodes 0 52668 NULL
28832 ++dirty_poll_interval_52669 dirty_poll_interval 1-2 52669 NULL
28833 ++ntfs_get_nr_significant_bytes_52688 ntfs_get_nr_significant_bytes 0 52688 NULL
28834 ++vendorextnWriteSection_52698 vendorextnWriteSection 0 52698 NULL
28835 +cx25840_ir_rx_read_52724 cx25840_ir_rx_read 3 52724 NULL
28836 +blkcipher_next_slow_52733 blkcipher_next_slow 3-4 52733 NULL
28837 +relay_alloc_page_array_52735 relay_alloc_page_array 1 52735 NULL
28838 -+__do_cache_alloc_52738 __do_cache_alloc 0 52738 NULL
28839 ++alloc_irte_52741 alloc_irte 3 52741 NULL
28840 +carl9170_debugfs_vif_dump_read_52755 carl9170_debugfs_vif_dump_read 3 52755 NULL
28841 ++radeon_get_ib_value_52757 radeon_get_ib_value 0 52757 NULL
28842 ++debug_lpm_write_52830 debug_lpm_write 3 52830 NULL
28843 +bl_mark_sectors_init_52831 bl_mark_sectors_init 2-3 52831 NULL
28844 +pwr_rcvd_beacons_read_52836 pwr_rcvd_beacons_read 3 52836 NULL
28845 +ext2_xattr_set_acl_52857 ext2_xattr_set_acl 4 52857 NULL
28846 -+mon_bin_get_event_52863 mon_bin_get_event 4 52863 NULL
28847 ++mon_bin_get_event_52863 mon_bin_get_event 6-4 52863 NULL
28848 ++iwl_legacy_dbgfs_clear_traffic_statistics_write_52866 iwl_legacy_dbgfs_clear_traffic_statistics_write 3 52866 NULL
28849 ++qib_decode_6120_err_52876 qib_decode_6120_err 3 52876 NULL
28850 +pvr2_ctrl_value_to_sym_internal_52881 pvr2_ctrl_value_to_sym_internal 5 52881 NULL
28851 +cache_read_procfs_52882 cache_read_procfs 3 52882 NULL
28852 ++ubi_wl_flush_52900 ubi_wl_flush 0 52900 NULL
28853 ++create_vtbl_52909 create_vtbl 0 52909 NULL
28854 ++__kfifo_out_peek_r_52919 __kfifo_out_peek_r 3 52919 NULL
28855 +__iio_device_attr_init_52936 __iio_device_attr_init 0 52936 NULL
28856 +ip_nat_sdp_port_52938 ip_nat_sdp_port 6 52938 NULL
28857 -+__nodes_remap_52951 __nodes_remap 5 52951 NULL
28858 ++norm_maxw_52951 norm_maxw 0 52951 NULL nohasharray
28859 ++__nodes_remap_52951 __nodes_remap 5 52951 &norm_maxw_52951
28860 +store_disp_52952 store_disp 4 52952 NULL
28861 +send_packet_52960 send_packet 4 52960 NULL
28862 +ieee80211_if_fmt_fwded_mcast_52961 ieee80211_if_fmt_fwded_mcast 3 52961 NULL
28863 -+compat_sock_ioctl_52964 compat_sock_ioctl 3 52964 NULL
28864 +num_node_state_52989 num_node_state 0 52989 NULL
28865 ++xfs_rtfree_extent_53024 xfs_rtfree_extent 2-3 53024 NULL
28866 ++ocfs2_new_leaf_refcount_block_53036 ocfs2_new_leaf_refcount_block 0 53036 NULL
28867 +bio_cur_bytes_53037 bio_cur_bytes 0 53037 NULL
28868 ++ValidateHWParmStructure_53048 ValidateHWParmStructure 0 53048 NULL
28869 ++kobject_uevent_53065 kobject_uevent 0 53065 NULL
28870 +cfi_read_query_53066 cfi_read_query 0 53066 NULL
28871 ++iwl_dbgfs_interrupt_write_53069 iwl_dbgfs_interrupt_write 3 53069 NULL
28872 +mwifiex_debug_read_53074 mwifiex_debug_read 3 53074 NULL
28873 -+security_transition_sid_user_53075 security_transition_sid_user 3 53075 NULL
28874 -+qib_resize_cq_53090 qib_resize_cq 2 53090 NULL
28875 ++pcbit_readw_53084 pcbit_readw 0 53084 NULL
28876 ++insert_new_root_53097 insert_new_root 0 53097 NULL
28877 +line6_dumpreq_initbuf_53123 line6_dumpreq_initbuf 3 53123 NULL
28878 +clear_capture_buf_53192 clear_capture_buf 2 53192 NULL
28879 -+mtdoops_erase_block_53206 mtdoops_erase_block 2 53206 NULL
28880 ++__pci_enable_device_flags_53213 __pci_enable_device_flags 0 53213 NULL
28881 ++sctp_make_fwdtsn_53265 sctp_make_fwdtsn 3 53265 NULL
28882 +btrfs_file_extent_num_bytes_53269 btrfs_file_extent_num_bytes 0 53269 NULL
28883 +pn544_i2c_read_53270 pn544_i2c_read 0 53270 NULL
28884 +lirc_buffer_init_53282 lirc_buffer_init 3-2 53282 NULL
28885 ++determine_dirtyable_memory_53290 determine_dirtyable_memory 0 53290 NULL
28886 ++ftrace_profile_write_53327 ftrace_profile_write 3 53327 NULL
28887 +gsm_control_reply_53333 gsm_control_reply 4 53333 NULL
28888 ++vendorextnIoctl_53350 vendorextnIoctl 0 53350 NULL
28889 ++mmc_resume_host_53353 mmc_resume_host 0 53353 NULL nohasharray
28890 ++bnx2i_send_nl_mesg_53353 bnx2i_send_nl_mesg 4 53353 &mmc_resume_host_53353
28891 +get_random_bytes_arch_53370 get_random_bytes_arch 2 53370 NULL
28892 ++tsi721_open_outb_mbox_53397 tsi721_open_outb_mbox 4 53397 NULL
28893 +roccat_common_receive_53407 roccat_common_receive 4 53407 NULL
28894 ++i915_gem_execbuffer_relocate_object_53435 i915_gem_execbuffer_relocate_object 0 53435 NULL
28895 +isr_cmd_cmplt_read_53439 isr_cmd_cmplt_read 3 53439 NULL
28896 -+mwifiex_info_read_53447 mwifiex_info_read 3 53447 NULL
28897 ++mwifiex_info_read_53447 mwifiex_info_read 3 53447 NULL nohasharray
28898 ++snd_dma_alloc_pages_53447 snd_dma_alloc_pages 3 53447 &mwifiex_info_read_53447
28899 +apei_exec_run_optional_53452 apei_exec_run_optional 0 53452 NULL
28900 -+acpi_tb_parse_root_table_53455 acpi_tb_parse_root_table 1 53455 NULL
28901 -+n2_run_53459 n2_run 3 53459 NULL
28902 -+rds_tcp_data_recv_53476 rds_tcp_data_recv 3 53476 NULL
28903 ++rds_tcp_data_recv_53476 rds_tcp_data_recv 3-4 53476 NULL
28904 +iowarrior_read_53483 iowarrior_read 3 53483 NULL
28905 +osd_req_write_kern_53486 osd_req_write_kern 5 53486 NULL
28906 +do_verify_xattr_datum_53499 do_verify_xattr_datum 0 53499 NULL
28907 ++ext4_ext_grow_indepth_53503 ext4_ext_grow_indepth 0 53503 NULL
28908 +snd_pcm_format_physical_width_53505 snd_pcm_format_physical_width 0 53505 NULL
28909 +dbAllocNext_53506 dbAllocNext 0 53506 NULL
28910 +ocfs2_xattr_set_acl_53508 ocfs2_xattr_set_acl 4 53508 NULL
28911 +check_acl_53512 check_acl 0 53512 NULL
28912 +set_registers_53582 set_registers 3 53582 NULL
28913 -+obj_to_index_53614 obj_to_index 0 53614 NULL
28914 ++__readw_53594 __readw 0 53594 NULL
28915 ++pfkey_recvmsg_53604 pfkey_recvmsg 4 53604 NULL
28916 +___alloc_bootmem_nopanic_53626 ___alloc_bootmem_nopanic 1 53626 NULL
28917 +xd_write_multiple_pages_53633 xd_write_multiple_pages 6-5 53633 NULL
28918 +ccid_getsockopt_builtin_ccids_53634 ccid_getsockopt_builtin_ccids 2 53634 NULL
28919 @@ -108113,11 +109679,14 @@ index 0000000..6fcc08d
28920 +_preload_range_53676 _preload_range 2-3 53676 &orig_hash_add_if_53676
28921 +fuse_fill_write_pages_53682 fuse_fill_write_pages 4 53682 NULL
28922 +bdev_logical_block_size_53690 bdev_logical_block_size 0 53690 NULL
28923 ++i830_write_fence_reg_53695 i830_write_fence_reg 0 53695 NULL
28924 ++phy_read_1bit_53708 phy_read_1bit 0 53708 NULL
28925 +find_overflow_devnum_53711 find_overflow_devnum 0 53711 NULL
28926 +bio_integrity_split_53714 bio_integrity_split 3 53714 NULL
28927 +__ocfs2_resv_find_window_53721 __ocfs2_resv_find_window 3 53721 NULL
28928 ++subscr_named_msg_event_53723 subscr_named_msg_event 6 53723 NULL
28929 +wdm_write_53735 wdm_write 3 53735 NULL
28930 -+ext3_try_to_allocate_with_rsv_53737 ext3_try_to_allocate_with_rsv 5-3 53737 NULL
28931 ++ext3_try_to_allocate_with_rsv_53737 ext3_try_to_allocate_with_rsv 3-5-0 53737 NULL
28932 +lpfc_idiag_queacc_read_qe_53755 lpfc_idiag_queacc_read_qe 0-2 53755 NULL nohasharray
28933 +amdtp_out_stream_get_max_payload_53755 amdtp_out_stream_get_max_payload 0 53755 &lpfc_idiag_queacc_read_qe_53755
28934 +ext2_acl_count_53773 ext2_acl_count 0-1 53773 NULL
28935 @@ -108125,18 +109694,26 @@ index 0000000..6fcc08d
28936 +regmap_raw_write_53803 regmap_raw_write 4 53803 NULL
28937 +lpfc_idiag_ctlacc_read_reg_53809 lpfc_idiag_ctlacc_read_reg 0-3 53809 NULL
28938 +nls_nullsize_53815 nls_nullsize 0 53815 NULL
28939 ++setup_data_read_53822 setup_data_read 3 53822 NULL
28940 +multipath_status_53836 multipath_status 4 53836 NULL
28941 ++i915_gem_flush_ring_53843 i915_gem_flush_ring 0 53843 NULL
28942 ++pms_read_53873 pms_read 3 53873 NULL
28943 +ieee80211_if_fmt_dropped_frames_congestion_53883 ieee80211_if_fmt_dropped_frames_congestion 3 53883 NULL
28944 -+ocfs2_rm_xattr_cluster_53900 ocfs2_rm_xattr_cluster 5-4-3 53900 NULL
28945 ++ocfs2_rm_xattr_cluster_53900 ocfs2_rm_xattr_cluster 4-5-3 53900 NULL
28946 +proc_file_read_53905 proc_file_read 3 53905 NULL
28947 -+ocfs2_make_clusters_writable_53938 ocfs2_make_clusters_writable 4 53938 NULL
28948 -+mthca_setup_cmd_doorbells_53954 mthca_setup_cmd_doorbells 2 53954 NULL
28949 ++azx_via_get_position_53916 azx_via_get_position 0 53916 NULL
28950 ++tcp_mss_split_point_53925 tcp_mss_split_point 0-4-3 53925 NULL
28951 ++usb_serial_generic_write_53927 usb_serial_generic_write 4 53927 NULL
28952 ++ocfs2_make_clusters_writable_53938 ocfs2_make_clusters_writable 0-5-4 53938 NULL
28953 ++xfs_mod_sb_53960 xfs_mod_sb 2 53960 NULL
28954 +mlx4_num_eq_uar_53965 mlx4_num_eq_uar 0 53965 NULL
28955 +idetape_chrdev_write_53976 idetape_chrdev_write 3 53976 NULL
28956 +__ocfs2_xattr_set_value_outside_53981 __ocfs2_xattr_set_value_outside 5 53981 NULL
28957 -+snd_pcm_lib_write_transfer_54018 snd_pcm_lib_write_transfer 4-2-5 54018 NULL
28958 ++snd_pcm_lib_write_transfer_54018 snd_pcm_lib_write_transfer 5-2-4 54018 NULL
28959 ++cmpk_message_handle_tx_54024 cmpk_message_handle_tx 4 54024 NULL
28960 +ipxrtr_route_packet_54036 ipxrtr_route_packet 4 54036 NULL
28961 +nl80211_send_disconnected_54056 nl80211_send_disconnected 5 54056 NULL
28962 ++wl12xx_rx_get_buf_size_54070 wl12xx_rx_get_buf_size 0 54070 NULL
28963 +_malloc_54077 _malloc 1 54077 NULL
28964 +bitmap_bitremap_54096 bitmap_bitremap 4 54096 NULL
28965 +altera_set_ir_pre_54103 altera_set_ir_pre 2 54103 NULL
28966 @@ -108147,32 +109724,40 @@ index 0000000..6fcc08d
28967 +c4iw_pblpool_alloc_54148 c4iw_pblpool_alloc 2 54148 NULL
28968 +i2400m_zrealloc_2x_54166 i2400m_zrealloc_2x 3 54166 NULL nohasharray
28969 +memcpy_toiovec_54166 memcpy_toiovec 3 54166 &i2400m_zrealloc_2x_54166
28970 -+acpi_os_read_memory_54186 acpi_os_read_memory 1-3 54186 NULL
28971 ++p9_client_prepare_req_54175 p9_client_prepare_req 3 54175 NULL
28972 ++devm_request_threaded_irq_54215 devm_request_threaded_irq 0 54215 NULL
28973 ++do_sys_poll_54221 do_sys_poll 2 54221 NULL
28974 +__register_chrdev_54223 __register_chrdev 2-3 54223 NULL
28975 +_format_mac_addr_54229 _format_mac_addr 2-0 54229 NULL
28976 +pi_read_regr_54231 pi_read_regr 0 54231 NULL
28977 ++jbd2__journal_restart_54249 jbd2__journal_restart 0 54249 NULL
28978 +xfs_dir2_sf_addname_hard_54254 xfs_dir2_sf_addname_hard 3 54254 NULL
28979 +ceph_msgpool_get_54258 ceph_msgpool_get 2 54258 NULL
28980 +wusb_prf_54261 wusb_prf 7 54261 NULL nohasharray
28981 +audio_write_54261 audio_write 4 54261 &wusb_prf_54261
28982 +mwifiex_getlog_read_54269 mwifiex_getlog_read 3 54269 NULL
28983 -+ubi_calc_data_len_54279 ubi_calc_data_len 0-3 54279 NULL
28984 ++kstrtou16_from_user_54274 kstrtou16_from_user 2 54274 NULL
28985 +altera_set_dr_post_54291 altera_set_dr_post 2 54291 NULL
28986 +dlm_alloc_pagevec_54296 dlm_alloc_pagevec 1 54296 NULL
28987 ++ttm_mem_global_alloc_54299 ttm_mem_global_alloc 0 54299 NULL
28988 +sprintf_54306 sprintf 0 54306 NULL
28989 ++pn_raw_send_54330 pn_raw_send 2 54330 NULL
28990 +br_fdb_fillbuf_54339 br_fdb_fillbuf 0 54339 NULL
28991 +__alloc_dev_table_54343 __alloc_dev_table 2 54343 NULL
28992 -+__get_free_pages_54352 __get_free_pages 0 54352 NULL nohasharray
28993 -+_osd_realloc_seg_54352 _osd_realloc_seg 3 54352 &__get_free_pages_54352
28994 ++_osd_realloc_seg_54352 _osd_realloc_seg 3 54352 NULL nohasharray
28995 ++__get_free_pages_54352 __get_free_pages 0 54352 &_osd_realloc_seg_54352
28996 +tcf_hash_create_54360 tcf_hash_create 4 54360 NULL
28997 +read_file_credit_dist_stats_54367 read_file_credit_dist_stats 3 54367 NULL
28998 +vfs_readlink_54368 vfs_readlink 3 54368 NULL
28999 +do_dccp_setsockopt_54377 do_dccp_setsockopt 5 54377 NULL
29000 -+ah_alloc_tmp_54378 ah_alloc_tmp 3-2 54378 NULL
29001 -+gart_unmap_page_54379 gart_unmap_page 2-3 54379 NULL
29002 -+snd_pcm_oss_read2_54387 snd_pcm_oss_read2 0-3 54387 NULL
29003 -+i386_mmap_check_54388 i386_mmap_check 0 54388 NULL
29004 ++ah_alloc_tmp_54378 ah_alloc_tmp 2-3 54378 NULL
29005 ++gart_unmap_page_54379 gart_unmap_page 3-2 54379 NULL
29006 ++sysfs_dir_llseek_54385 sysfs_dir_llseek 2 54385 NULL
29007 ++snd_pcm_oss_read2_54387 snd_pcm_oss_read2 3-0 54387 NULL
29008 +iwl_dbgfs_power_save_status_read_54392 iwl_dbgfs_power_save_status_read 3 54392 NULL
29009 ++add_packet_54433 add_packet 3 54433 NULL
29010 ++__btrfs_alloc_chunk_54445 __btrfs_alloc_chunk 0 54445 NULL
29011 ++do_chunk_alloc_54457 do_chunk_alloc 0 54457 NULL
29012 +simple_strtoull_54493 simple_strtoull 0 54493 NULL
29013 +cifs_idmap_key_instantiate_54503 cifs_idmap_key_instantiate 3 54503 NULL
29014 +l2cap_create_basic_pdu_54508 l2cap_create_basic_pdu 3 54508 NULL
29015 @@ -108182,12 +109767,18 @@ index 0000000..6fcc08d
29016 +viacam_read_54526 viacam_read 3 54526 NULL
29017 +unix_dgram_connect_54535 unix_dgram_connect 3 54535 NULL
29018 +setsockopt_54539 setsockopt 5 54539 NULL
29019 ++lbs_lowsnr_write_54549 lbs_lowsnr_write 3 54549 NULL
29020 +nfsd_vfs_write_54577 nfsd_vfs_write 6 54577 NULL
29021 +fw_iso_buffer_init_54582 fw_iso_buffer_init 3 54582 NULL
29022 ++xfrm_polexpire_msgsize_54589 xfrm_polexpire_msgsize 0 54589 NULL
29023 ++fwSendNullPacket_54618 fwSendNullPacket 2 54618 NULL
29024 ++port_fops_write_54627 port_fops_write 3 54627 NULL
29025 ++setup_cluster_bitmap_54649 setup_cluster_bitmap 4 54649 NULL
29026 ++_regulator_enable_54655 _regulator_enable 0 54655 NULL
29027 +dns_resolver_read_54658 dns_resolver_read 3 54658 NULL
29028 ++bus_add_device_54665 bus_add_device 0 54665 NULL
29029 +bio_kmalloc_54672 bio_kmalloc 2 54672 NULL
29030 +evm_read_key_54674 evm_read_key 3 54674 NULL
29031 -+resource_string_54699 resource_string 0 54699 NULL
29032 +addtgt_54703 addtgt 3 54703 NULL
29033 +rfkill_fop_read_54711 rfkill_fop_read 3 54711 NULL
29034 +_add_sg_continuation_descriptor_54721 _add_sg_continuation_descriptor 3 54721 NULL
29035 @@ -108195,11 +109786,12 @@ index 0000000..6fcc08d
29036 +kzalloc_54740 kzalloc 1 54740 NULL
29037 +drm_mode_crtc_set_gamma_size_54742 drm_mode_crtc_set_gamma_size 2 54742 NULL
29038 +wep_iv_read_54744 wep_iv_read 3 54744 NULL
29039 -+qla4_8xxx_pci_set_window_54766 qla4_8xxx_pci_set_window 0-2 54766 NULL
29040 ++lpfc_idiag_pcicfg_write_54749 lpfc_idiag_pcicfg_write 3 54749 NULL
29041 ++xfs_rtallocate_extent_block_54791 xfs_rtallocate_extent_block 5 54791 NULL
29042 +flexcop_device_kmalloc_54793 flexcop_device_kmalloc 1 54793 NULL
29043 +domain_init_54797 domain_init 2 54797 NULL
29044 +ext3_find_goal_54801 ext3_find_goal 0 54801 NULL
29045 -+avc_has_perm_flags_54802 avc_has_perm_flags 3 54802 NULL
29046 ++get_dev_size_54807 get_dev_size 0 54807 NULL
29047 +nfsd_write_54809 nfsd_write 6 54809 NULL
29048 +aes_decrypt_fail_read_54815 aes_decrypt_fail_read 3 54815 NULL nohasharray
29049 +crypto_tfm_ctx_alignment_54815 crypto_tfm_ctx_alignment 0 54815 &aes_decrypt_fail_read_54815
29050 @@ -108207,125 +109799,153 @@ index 0000000..6fcc08d
29051 +write_rio_54837 write_rio 3 54837 NULL
29052 +ext3_acl_from_disk_54839 ext3_acl_from_disk 2 54839 NULL
29053 +edac_mc_alloc_54846 edac_mc_alloc 1 54846 NULL
29054 ++scsi_add_host_54847 scsi_add_host 0 54847 NULL
29055 +ufx_ops_write_54848 ufx_ops_write 3 54848 NULL
29056 +printer_read_54851 printer_read 3 54851 NULL
29057 ++assign_irq_vector_54852 assign_irq_vector 0 54852 NULL
29058 ++em28xx_isoc_dvb_max_packetsize_54854 em28xx_isoc_dvb_max_packetsize 0 54854 NULL
29059 +alloc_ep_req_54860 alloc_ep_req 2 54860 NULL
29060 +broadsheet_spiflash_rewrite_sector_54864 broadsheet_spiflash_rewrite_sector 2 54864 NULL
29061 +prism_build_supp_rates_54865 prism_build_supp_rates 0 54865 NULL
29062 +tcf_csum_ipv6_tcp_54877 tcf_csum_ipv6_tcp 4 54877 NULL
29063 -+iscsi_pool_init_54913 iscsi_pool_init 2-4 54913 NULL
29064 ++iscsi_pool_init_54913 iscsi_pool_init 4-2 54913 NULL nohasharray
29065 ++kobject_set_name_vargs_54913 kobject_set_name_vargs 0 54913 &iscsi_pool_init_54913
29066 +btrfs_stack_chunk_num_stripes_54923 btrfs_stack_chunk_num_stripes 0 54923 NULL
29067 -+mxms_structlen_54939 mxms_structlen 0 54939 NULL
29068 +add_port_54941 add_port 2 54941 NULL
29069 ++alauda_write_data_54967 alauda_write_data 3 54967 NULL
29070 +c4_add_card_54968 c4_add_card 3 54968 NULL
29071 +__proc_file_read_54978 __proc_file_read 3 54978 NULL
29072 ++ubi_change_vtbl_record_54979 ubi_change_vtbl_record 0 54979 NULL
29073 ++brcmf_sdcard_send_buf_54980 brcmf_sdcard_send_buf 6 54980 NULL
29074 ++_queue_data_54983 _queue_data 4 54983 NULL
29075 +ext3_xattr_get_54989 ext3_xattr_get 0 54989 NULL
29076 ++rds_ib_inc_copy_to_user_55007 rds_ib_inc_copy_to_user 3 55007 NULL
29077 +cx231xx_v4l2_read_55014 cx231xx_v4l2_read 3 55014 NULL
29078 ++ext4_ext_handle_uninitialized_extents_55059 ext4_ext_handle_uninitialized_extents 0-6 55059 NULL
29079 +__netdev_alloc_skb_ip_align_55067 __netdev_alloc_skb_ip_align 2 55067 NULL
29080 +apei_exec_run_55075 apei_exec_run 0 55075 NULL
29081 ++set_interface_55085 set_interface 0 55085 NULL
29082 ++snd_pcm_capture_hw_avail_55086 snd_pcm_capture_hw_avail 0 55086 NULL
29083 ++PropagateCalParamsFromFlashToMemory_55099 PropagateCalParamsFromFlashToMemory 0 55099 NULL
29084 +rxpipe_beacon_buffer_thres_host_int_trig_rx_data_read_55106 rxpipe_beacon_buffer_thres_host_int_trig_rx_data_read 3 55106 NULL
29085 -+kmalloc_large_55111 kmalloc_large 0 55111 NULL
29086 ++kmalloc_large_55111 kmalloc_large 1 55111 NULL
29087 +crypto_ahash_setkey_55134 crypto_ahash_setkey 3 55134 NULL
29088 -+ocfs2_prepare_refcount_change_for_del_55137 ocfs2_prepare_refcount_change_for_del 3 55137 NULL nohasharray
29089 ++ocfs2_prepare_refcount_change_for_del_55137 ocfs2_prepare_refcount_change_for_del 0-3 55137 NULL nohasharray
29090 +filldir_55137 filldir 3 55137 &ocfs2_prepare_refcount_change_for_del_55137
29091 ++validate_vid_hdr_55145 validate_vid_hdr 0 55145 NULL
29092 +ocfs2_truncate_file_55148 ocfs2_truncate_file 3 55148 NULL
29093 +sel_write_relabel_55195 sel_write_relabel 3 55195 NULL
29094 +sched_feat_write_55202 sched_feat_write 3 55202 NULL
29095 -+ht40allow_map_read_55209 ht40allow_map_read 3 55209 NULL
29096 ++ht40allow_map_read_55209 ht40allow_map_read 3 55209 NULL nohasharray
29097 ++isdn_net_ciscohdlck_alloc_skb_55209 isdn_net_ciscohdlck_alloc_skb 2 55209 &ht40allow_map_read_55209
29098 +__kfifo_dma_out_prepare_r_55211 __kfifo_dma_out_prepare_r 4-5 55211 NULL
29099 +do_raw_setsockopt_55215 do_raw_setsockopt 5 55215 NULL
29100 ++sctp_abort_pkt_new_55218 sctp_abort_pkt_new 5 55218 NULL
29101 +dbAllocDmap_55227 dbAllocDmap 0 55227 NULL
29102 +tipc_port_reject_sections_55229 tipc_port_reject_sections 5 55229 NULL
29103 -+get_nr_threads_55242 get_nr_threads 0 55242 NULL
29104 ++ext4_ext_convert_to_initialized_55235 ext4_ext_convert_to_initialized 0 55235 NULL
29105 +memcpy_fromiovec_55247 memcpy_fromiovec 3 55247 NULL
29106 -+ptrace_request_55288 ptrace_request 3 55288 NULL
29107 ++lbs_failcount_write_55276 lbs_failcount_write 3 55276 NULL
29108 +rx_streaming_interval_read_55291 rx_streaming_interval_read 3 55291 NULL
29109 +gsm_control_modem_55303 gsm_control_modem 3 55303 NULL
29110 -+__get_vm_area_node_55305 __get_vm_area_node 1 55305 NULL
29111 ++wimax_msg_len_55304 wimax_msg_len 0 55304 NULL
29112 +vme_user_read_55338 vme_user_read 3 55338 NULL
29113 +sctp_datamsg_from_user_55342 sctp_datamsg_from_user 4 55342 NULL nohasharray
29114 +__wa_xfer_setup_sizes_55342 __wa_xfer_setup_sizes 0 55342 &sctp_datamsg_from_user_55342
29115 +acpi_system_read_event_55362 acpi_system_read_event 3 55362 NULL
29116 ++__domain_mapping_55393 __domain_mapping 5 55393 NULL
29117 ++mm_to_dma_pfn_55394 mm_to_dma_pfn 0-1 55394 NULL
29118 +iwl_dbgfs_plcp_delta_read_55407 iwl_dbgfs_plcp_delta_read 3 55407 NULL
29119 +alloc_skb_55439 alloc_skb 1 55439 NULL
29120 -+security_dump_masked_av_55447 security_dump_masked_av 3 55447 NULL
29121 +__vxge_hw_channel_allocate_55462 __vxge_hw_channel_allocate 3 55462 NULL
29122 ++isdnhdlc_decode_55466 isdnhdlc_decode 0 55466 NULL
29123 +cx23888_ir_rx_read_55473 cx23888_ir_rx_read 3 55473 NULL
29124 +snd_pcm_lib_write_55483 snd_pcm_lib_write 0-3 55483 NULL
29125 +i2o_pool_alloc_55485 i2o_pool_alloc 4 55485 NULL
29126 +ocfs2_rec_clusters_55501 ocfs2_rec_clusters 0 55501 NULL
29127 +ext4_flex_bg_size_55502 ext4_flex_bg_size 0 55502 NULL
29128 +cfpkt_pad_trail_55511 cfpkt_pad_trail 2 55511 NULL
29129 -+ea_get_55522 ea_get 0 55522 NULL
29130 ++ea_get_55522 ea_get 3-0 55522 NULL
29131 +set_msr_interception_55538 set_msr_interception 2 55538 NULL
29132 ++_regulator_is_enabled_55550 _regulator_is_enabled 0 55550 NULL
29133 +add_partition_55588 add_partition 2 55588 NULL
29134 ++kstrtou8_from_user_55599 kstrtou8_from_user 2 55599 NULL
29135 +macvtap_put_user_55609 macvtap_put_user 4 55609 NULL
29136 +selinux_setprocattr_55611 selinux_setprocattr 4 55611 NULL
29137 ++snd_pcm_hw_param_last_55624 snd_pcm_hw_param_last 0 55624 NULL
29138 +reiserfs_xattr_get_55628 reiserfs_xattr_get 0 55628 NULL nohasharray
29139 +pktgen_if_write_55628 pktgen_if_write 3 55628 &reiserfs_xattr_get_55628
29140 -+dvb_dmxdev_set_buffer_size_55643 dvb_dmxdev_set_buffer_size 2 55643 NULL
29141 +mlx4_buddy_alloc_55647 mlx4_buddy_alloc 2 55647 NULL
29142 +xfs_bmbt_maxrecs_55649 xfs_bmbt_maxrecs 0-2 55649 NULL
29143 -+ib_umad_compat_ioctl_55650 ib_umad_compat_ioctl 3 55650 NULL
29144 +read_oldmem_55658 read_oldmem 3 55658 NULL
29145 +lpfc_idiag_queinfo_read_55662 lpfc_idiag_queinfo_read 3 55662 NULL
29146 +get_info_55681 get_info 3 55681 NULL
29147 ++iwl_dbgfs_plcp_delta_write_55682 iwl_dbgfs_plcp_delta_write 3 55682 NULL
29148 +pm8001_store_update_fw_55716 pm8001_store_update_fw 4 55716 NULL
29149 -+mtdswap_init_55719 mtdswap_init 2 55719 NULL
29150 ++ocfs2_lock_refcount_tree_55719 ocfs2_lock_refcount_tree 0 55719 NULL
29151 ++prepare_reply_55734 prepare_reply 4 55734 NULL
29152 +__iio_allocate_kfifo_55738 __iio_allocate_kfifo 2-3 55738 NULL
29153 -+strlen_55778 strlen 0 55778 NULL
29154 ++strlen_55778 strlen 0 55778 NULL nohasharray
29155 ++is_idx_node_in_tnc_55778 is_idx_node_in_tnc 0 55778 &strlen_55778
29156 +req_bio_endio_55786 req_bio_endio 3 55786 NULL
29157 ++rtnl_vfinfo_size_55794 rtnl_vfinfo_size 0 55794 NULL
29158 +uwb_rc_neh_grok_event_55799 uwb_rc_neh_grok_event 3 55799 NULL
29159 +iwl_legacy_dbgfs_sensitivity_read_55816 iwl_legacy_dbgfs_sensitivity_read 3 55816 NULL
29160 -+sb16_copy_from_user_55836 sb16_copy_from_user 10-6-7 55836 NULL
29161 ++sb16_copy_from_user_55836 sb16_copy_from_user 7-6-10 55836 NULL
29162 +xfs_da_buf_make_55845 xfs_da_buf_make 1 55845 NULL
29163 +ip_hdrlen_55849 ip_hdrlen 0 55849 NULL
29164 -+hcd_alloc_coherent_55862 hcd_alloc_coherent 5 55862 NULL
29165 ++hcd_alloc_coherent_55862 hcd_alloc_coherent 5-0 55862 NULL
29166 +shmem_setxattr_55867 shmem_setxattr 4 55867 NULL
29167 ++__check_block_validity_55869 __check_block_validity 0 55869 NULL
29168 +pm_qos_power_read_55891 pm_qos_power_read 3 55891 NULL
29169 +snd_pcm_hw_param_value_min_55917 snd_pcm_hw_param_value_min 0 55917 NULL
29170 ++kvm_write_guest_virt_system_55944 kvm_write_guest_virt_system 4-2 55944 NULL
29171 +sel_read_policy_55947 sel_read_policy 3 55947 NULL
29172 +handle_response_55951 handle_response 5 55951 NULL
29173 -+simple_read_from_buffer_55957 simple_read_from_buffer 2-5 55957 NULL
29174 -+ssb_bus_pcmciabus_register_56020 ssb_bus_pcmciabus_register 3 56020 NULL
29175 ++simple_read_from_buffer_55957 simple_read_from_buffer 5-2 55957 NULL
29176 ++acct_stack_growth_56023 acct_stack_growth 0 56023 NULL
29177 +dccp_sendmsg_56058 dccp_sendmsg 4 56058 NULL
29178 +pscsi_get_bio_56103 pscsi_get_bio 1 56103 NULL
29179 -+kmem_zalloc_large_56128 kmem_zalloc_large 1 56128 NULL
29180 ++em28xx_write_reg_bits_56107 em28xx_write_reg_bits 0 56107 NULL
29181 +sel_read_handle_status_56139 sel_read_handle_status 3 56139 NULL
29182 ++write_file_frameerrors_56145 write_file_frameerrors 3 56145 NULL
29183 +ath6kl_wmi_bssinfo_event_rx_56146 ath6kl_wmi_bssinfo_event_rx 3 56146 NULL
29184 +rawv6_setsockopt_56165 rawv6_setsockopt 5 56165 NULL
29185 -+create_irq_nr_56180 create_irq_nr 1 56180 NULL
29186 ++create_irq_nr_56180 create_irq_nr 1-0 56180 NULL
29187 +skb_headroom_56200 skb_headroom 0 56200 NULL
29188 -+usb_dump_iad_descriptor_56204 usb_dump_iad_descriptor 0 56204 NULL
29189 -+delay_status_56215 delay_status 4 56215 NULL
29190 -+ncp_read_bounce_size_56221 ncp_read_bounce_size 0-1 56221 NULL
29191 ++ocfs2_journal_access_gd_56209 ocfs2_journal_access_gd 0 56209 NULL
29192 +ocfs2_find_xe_in_bucket_56224 ocfs2_find_xe_in_bucket 0 56224 NULL
29193 +cp210x_get_config_56229 cp210x_get_config 4 56229 NULL
29194 +do_ipt_set_ctl_56238 do_ipt_set_ctl 4 56238 NULL
29195 +fd_copyin_56247 fd_copyin 3 56247 NULL
29196 ++p9pdu_vreadf_56271 p9pdu_vreadf 0 56271 NULL
29197 +dvb_aplay_56296 dvb_aplay 3 56296 NULL
29198 +btmrvl_hscfgcmd_read_56303 btmrvl_hscfgcmd_read 3 56303 NULL
29199 -+compat_cdrom_read_audio_56304 compat_cdrom_read_audio 4 56304 NULL
29200 ++speakup_file_write_56310 speakup_file_write 3 56310 NULL
29201 +journal_init_revoke_table_56331 journal_init_revoke_table 1 56331 NULL
29202 +snd_rawmidi_read_56337 snd_rawmidi_read 3 56337 NULL
29203 -+sixpack_compat_ioctl_56346 sixpack_compat_ioctl 4 56346 NULL
29204 ++ipv6_recv_error_56347 ipv6_recv_error 3 56347 NULL
29205 +vxge_os_dma_malloc_async_56348 vxge_os_dma_malloc_async 3 56348 NULL
29206 -+iov_iter_copy_from_user_atomic_56368 iov_iter_copy_from_user_atomic 4 56368 NULL
29207 ++iov_iter_copy_from_user_atomic_56368 iov_iter_copy_from_user_atomic 4-0 56368 NULL
29208 +dev_read_56369 dev_read 3 56369 NULL
29209 ++snd_pcm_common_ioctl1_56382 snd_pcm_common_ioctl1 0 56382 NULL
29210 +ocfs2_control_read_56405 ocfs2_control_read 3 56405 NULL
29211 -+__get_vm_area_caller_56416 __get_vm_area_caller 1 56416 NULL nohasharray
29212 -+acpi_os_write_memory_56416 acpi_os_write_memory 1-3 56416 &__get_vm_area_caller_56416
29213 ++do_get_write_access_56410 do_get_write_access 0 56410 NULL
29214 +store_msg_56417 store_msg 3 56417 NULL
29215 +pppol2tp_sendmsg_56420 pppol2tp_sendmsg 4 56420 NULL
29216 +fl_create_56435 fl_create 5 56435 NULL
29217 +gnttab_map_56439 gnttab_map 2 56439 NULL
29218 -+cx231xx_init_isoc_56453 cx231xx_init_isoc 3-2 56453 NULL
29219 ++ata_scsi_add_hosts_56448 ata_scsi_add_hosts 0 56448 NULL
29220 ++cx231xx_init_isoc_56453 cx231xx_init_isoc 3-2-4 56453 NULL
29221 +osd_req_list_partition_objects_56464 osd_req_list_partition_objects 5 56464 NULL
29222 ++lbs_rdmac_write_56471 lbs_rdmac_write 3 56471 NULL
29223 +calc_linear_pos_56472 calc_linear_pos 0-3 56472 NULL
29224 +crypto_shash_alignmask_56486 crypto_shash_alignmask 0 56486 NULL
29225 -+cfg80211_connect_result_56515 cfg80211_connect_result 4-6 56515 NULL
29226 ++cfg80211_connect_result_56515 cfg80211_connect_result 6-4 56515 NULL
29227 +iwl_legacy_dbgfs_rx_queue_read_56533 iwl_legacy_dbgfs_rx_queue_read 3 56533 NULL
29228 ++l1oip_socket_recv_56537 l1oip_socket_recv 6 56537 NULL
29229 +ip_options_get_56538 ip_options_get 4 56538 NULL
29230 ++tcp_cwnd_test_56547 tcp_cwnd_test 0 56547 NULL
29231 +ocfs2_change_extent_flag_56549 ocfs2_change_extent_flag 5 56549 NULL
29232 +alloc_apertures_56561 alloc_apertures 1 56561 NULL
29233 +rs_sta_dbgfs_stats_table_read_56573 rs_sta_dbgfs_stats_table_read 3 56573 NULL
29234 @@ -108333,35 +109953,43 @@ index 0000000..6fcc08d
29235 +event_filter_write_56609 event_filter_write 3 56609 NULL
29236 +gather_array_56641 gather_array 3 56641 NULL
29237 +dlm_dir_lookup_56662 dlm_dir_lookup 4 56662 NULL
29238 ++tg3_nvram_write_block_56666 tg3_nvram_write_block 3 56666 NULL
29239 ++btrfs_cow_block_56678 btrfs_cow_block 0 56678 NULL
29240 +snd_gus_dram_read_56686 snd_gus_dram_read 4 56686 NULL
29241 -+dvb_ringbuffer_read_user_56702 dvb_ringbuffer_read_user 3 56702 NULL
29242 ++dvb_ringbuffer_read_user_56702 dvb_ringbuffer_read_user 3-0 56702 NULL
29243 +sta_flags_read_56710 sta_flags_read 3 56710 NULL
29244 +ipv6_getsockopt_sticky_56711 ipv6_getsockopt_sticky 5 56711 NULL
29245 +__wa_xfer_setup_segs_56725 __wa_xfer_setup_segs 2 56725 NULL
29246 -+pcpu_populate_chunk_56741 pcpu_populate_chunk 2-3 56741 NULL
29247 ++__copy_from_user_ll_56738 __copy_from_user_ll 0-3 56738 NULL
29248 ++pcpu_populate_chunk_56741 pcpu_populate_chunk 3-2 56741 NULL
29249 +drm_agp_bind_pages_56748 drm_agp_bind_pages 3 56748 NULL
29250 +mfd_add_devices_56753 mfd_add_devices 4 56753 NULL
29251 -+dbgaufs_xi_read_56759 dbgaufs_xi_read 3 56759 NULL
29252 -+alloc_iommu_56778 alloc_iommu 2-3 56778 NULL
29253 -+ntfs_rl_realloc_56831 ntfs_rl_realloc 3 56831 NULL
29254 -+snd_rawmidi_kernel_write1_56847 snd_rawmidi_kernel_write1 4 56847 NULL
29255 ++alloc_iommu_56778 alloc_iommu 2-3-0 56778 NULL
29256 ++__carl9170_rx_56784 __carl9170_rx 3 56784 NULL
29257 ++ttm_alloc_new_pages_56792 ttm_alloc_new_pages 5 56792 NULL
29258 ++ext4_ext_rm_idx_56827 ext4_ext_rm_idx 0 56827 NULL
29259 ++snd_rawmidi_kernel_write1_56847 snd_rawmidi_kernel_write1 4-0 56847 NULL
29260 +ext3_xattr_ibody_get_56880 ext3_xattr_ibody_get 0 56880 NULL
29261 +pvr2_debugifc_print_status_56890 pvr2_debugifc_print_status 3 56890 NULL
29262 ++__bitmap_clear_bits_56912 __bitmap_clear_bits 3 56912 NULL
29263 +__kfifo_out_56927 __kfifo_out 0-3 56927 NULL
29264 -+journal_init_revoke_56933 journal_init_revoke 2 56933 NULL
29265 ++journal_init_revoke_56933 journal_init_revoke 2 56933 NULL nohasharray
29266 ++CopyBufferToControlPacket_56933 CopyBufferToControlPacket 0 56933 &journal_init_revoke_56933
29267 +diva_get_driver_info_56967 diva_get_driver_info 0 56967 NULL
29268 +vlsi_alloc_ring_57003 vlsi_alloc_ring 3-4 57003 NULL
29269 +btrfs_super_csum_size_57004 btrfs_super_csum_size 0 57004 NULL
29270 ++snd_dma_alloc_pages_fallback_57029 snd_dma_alloc_pages_fallback 3 57029 NULL
29271 +skb_network_offset_57043 skb_network_offset 0 57043 NULL nohasharray
29272 +ieee80211_if_fmt_state_57043 ieee80211_if_fmt_state 3 57043 &skb_network_offset_57043
29273 +bytes_to_samples_57049 bytes_to_samples 0-2 57049 NULL
29274 -+autofs_dev_ioctl_compat_57059 autofs_dev_ioctl_compat 3 57059 NULL
29275 +cx2341x_ctrl_new_std_57061 cx2341x_ctrl_new_std 4 57061 NULL
29276 +sca3000_read_data_57064 sca3000_read_data 4 57064 NULL
29277 +pcmcia_replace_cis_57066 pcmcia_replace_cis 3 57066 NULL
29278 +sis190_try_rx_copy_57069 sis190_try_rx_copy 3 57069 NULL
29279 +thin_status_57084 thin_status 4 57084 NULL
29280 +tracing_set_trace_write_57096 tracing_set_trace_write 3 57096 NULL
29281 ++altera_get_note_57099 altera_get_note 6 57099 NULL
29282 ++snd_pcm_hw_params_old_user_57108 snd_pcm_hw_params_old_user 0 57108 NULL
29283 +crypto_compress_ctxsize_57109 crypto_compress_ctxsize 0 57109 NULL
29284 +sysfs_write_file_57116 sysfs_write_file 3 57116 NULL
29285 +cipso_v4_gentag_loc_57119 cipso_v4_gentag_loc 0 57119 NULL
29286 @@ -108370,15 +109998,20 @@ index 0000000..6fcc08d
29287 +ima_show_htable_value_57136 ima_show_htable_value 2 57136 &rds_ib_sub_signaled_57136
29288 +snd_sonicvibes_getdmac_57140 snd_sonicvibes_getdmac 0 57140 NULL
29289 +stk_prepare_sio_buffers_57168 stk_prepare_sio_buffers 2 57168 NULL
29290 -+rx_hw_stuck_read_57179 rx_hw_stuck_read 3 57179 NULL
29291 ++extent_from_logical_57179 extent_from_logical 0 57179 NULL nohasharray
29292 ++rx_hw_stuck_read_57179 rx_hw_stuck_read 3 57179 &extent_from_logical_57179
29293 ++sys_poll_57190 sys_poll 2 57190 NULL
29294 ++ocfs2_claim_metadata_57192 ocfs2_claim_metadata 0 57192 NULL
29295 +ieee80211_if_fmt_tsf_57249 ieee80211_if_fmt_tsf 3 57249 NULL
29296 +oprofilefs_ulong_from_user_57251 oprofilefs_ulong_from_user 3 57251 NULL
29297 ++lbs_sleepparams_write_57283 lbs_sleepparams_write 3 57283 NULL
29298 +pstore_file_read_57288 pstore_file_read 3 57288 NULL
29299 +snd_pcm_read_57289 snd_pcm_read 3 57289 NULL
29300 ++ath6kl_buf_alloc_57304 ath6kl_buf_alloc 1 57304 NULL
29301 +ftdi_elan_write_57309 ftdi_elan_write 3 57309 NULL
29302 ++write_file_regval_57313 write_file_regval 3 57313 NULL
29303 +ocfs2_xattr_shrink_size_57328 ocfs2_xattr_shrink_size 3 57328 NULL
29304 -+check_mirror_57342 check_mirror 1-2 57342 NULL nohasharray
29305 -+usblp_read_57342 usblp_read 3 57342 &check_mirror_57342
29306 ++usblp_read_57342 usblp_read 3 57342 NULL
29307 +print_devstats_dot11RTSFailureCount_57347 print_devstats_dot11RTSFailureCount 3 57347 NULL
29308 +read_file_blob_57406 read_file_blob 3 57406 NULL
29309 +enclosure_register_57412 enclosure_register 3 57412 NULL
29310 @@ -108386,51 +110019,66 @@ index 0000000..6fcc08d
29311 +alloc_ftrace_hash_57431 alloc_ftrace_hash 1 57431 &compat_keyctl_instantiate_key_iov_57431
29312 +copy_to_user_fromio_57432 copy_to_user_fromio 3 57432 NULL
29313 +sys_pselect6_57449 sys_pselect6 1 57449 NULL
29314 -+__roundup_pow_of_two_57461 __roundup_pow_of_two 0 57461 NULL
29315 ++ReadReg_57453 ReadReg 0 57453 NULL
29316 ++__roundup_pow_of_two_57461 __roundup_pow_of_two 0-1 57461 NULL
29317 +crypto_tfm_alg_blocksize_57463 crypto_tfm_alg_blocksize 0 57463 NULL nohasharray
29318 +send_midi_async_57463 send_midi_async 3 57463 &crypto_tfm_alg_blocksize_57463
29319 +iwl4965_statistics_flag_57466 iwl4965_statistics_flag 3-0 57466 NULL nohasharray
29320 -+sisusb_clear_vram_57466 sisusb_clear_vram 3-2 57466 &iwl4965_statistics_flag_57466
29321 ++sisusb_clear_vram_57466 sisusb_clear_vram 2-3 57466 &iwl4965_statistics_flag_57466
29322 +ieee80211_if_read_flags_57470 ieee80211_if_read_flags 3 57470 NULL
29323 -+ocfs2_write_cluster_57483 ocfs2_write_cluster 8-2-9 57483 NULL
29324 ++ocfs2_write_cluster_57483 ocfs2_write_cluster 8-9-2 57483 NULL
29325 +nl80211_send_mgmt_57497 nl80211_send_mgmt 6 57497 NULL
29326 +skb_headlen_57501 skb_headlen 0 57501 NULL
29327 +copy_in_user_57502 copy_in_user 3 57502 NULL
29328 +ks8842_read32_57505 ks8842_read32 0 57505 NULL nohasharray
29329 +ckhdid_printf_57505 ckhdid_printf 2 57505 &ks8842_read32_57505
29330 +init_tag_map_57515 init_tag_map 3 57515 NULL
29331 ++cmm_read_57520 cmm_read 3 57520 NULL
29332 +inode_permission_57531 inode_permission 0 57531 NULL
29333 -+DoC_Probe_57534 DoC_Probe 1 57534 NULL
29334 -+ext4_group_first_block_no_57559 ext4_group_first_block_no 0-2 57559 NULL
29335 ++ReadHDLCPnP_57559 ReadHDLCPnP 0 57559 NULL nohasharray
29336 ++ext4_group_first_block_no_57559 ext4_group_first_block_no 0-2 57559 &ReadHDLCPnP_57559
29337 +snd_pcm_playback_ioctl1_57569 snd_pcm_playback_ioctl1 0 57569 NULL
29338 ++get_bridge_ifindices_57579 get_bridge_ifindices 0 57579 NULL
29339 ++iwl4965_rs_sta_dbgfs_scale_table_write_57595 iwl4965_rs_sta_dbgfs_scale_table_write 3 57595 NULL
29340 +sk_stream_alloc_skb_57622 sk_stream_alloc_skb 2 57622 NULL
29341 +osdmap_set_max_osd_57630 osdmap_set_max_osd 2 57630 NULL nohasharray
29342 +sisusbcon_putcs_57630 sisusbcon_putcs 3 57630 &osdmap_set_max_osd_57630
29343 +mem_read_57631 mem_read 3 57631 NULL
29344 ++pci_enable_msi_block_57632 pci_enable_msi_block 0 57632 NULL
29345 ++msi_compose_msg_57637 msi_compose_msg 0 57637 NULL
29346 +sys_mq_timedsend_57661 sys_mq_timedsend 3 57661 NULL
29347 +r3964_write_57662 r3964_write 4 57662 NULL
29348 +__lgwrite_57669 __lgwrite 4 57669 NULL
29349 ++ieee80211_MFIE_rate_len_57692 ieee80211_MFIE_rate_len 0 57692 NULL
29350 +i2400m_rx_stats_read_57706 i2400m_rx_stats_read 3 57706 NULL
29351 ++snd_interval_value_57713 snd_interval_value 0 57713 NULL
29352 +calgary_alloc_coherent_57714 calgary_alloc_coherent 2 57714 NULL
29353 +aa_matching_read_57720 aa_matching_read 3 57720 NULL
29354 -+compat_sys_set_mempolicy_57742 compat_sys_set_mempolicy 3 57742 NULL
29355 ++vm_find_vqs_57729 vm_find_vqs 0 57729 NULL
29356 ++compat_sys_set_mempolicy_57742 compat_sys_set_mempolicy 3 57742 NULL nohasharray
29357 ++pppol2tp_recvmsg_57742 pppol2tp_recvmsg 4 57742 &compat_sys_set_mempolicy_57742
29358 +ieee80211_if_fmt_dot11MeshHWMPpreqMinInterval_57762 ieee80211_if_fmt_dot11MeshHWMPpreqMinInterval 3 57762 NULL
29359 ++read_block_for_search_57781 read_block_for_search 0 57781 NULL
29360 ++apei_exec_collect_resources_57788 apei_exec_collect_resources 0 57788 NULL
29361 +ld2_57794 ld2 0 57794 NULL
29362 +ivtv_read_57796 ivtv_read 3 57796 NULL
29363 -+generic_ptrace_peekdata_57806 generic_ptrace_peekdata 2 57806 NULL
29364 -+usb_dump_config_57817 usb_dump_config 0 57817 NULL
29365 +bfad_debugfs_read_regrd_57830 bfad_debugfs_read_regrd 3 57830 NULL
29366 -+copy_to_user_57835 copy_to_user 3 57835 NULL
29367 ++copy_to_user_57835 copy_to_user 3-0 57835 NULL
29368 +flash_read_57843 flash_read 3 57843 NULL
29369 ++tt_response_fill_table_57902 tt_response_fill_table 1 57902 NULL
29370 +xt_alloc_table_info_57903 xt_alloc_table_info 1 57903 NULL
29371 +emi26_writememory_57908 emi26_writememory 4 57908 NULL
29372 -+iio_read_first_n_kfifo_57910 iio_read_first_n_kfifo 2 57910 NULL
29373 ++atomic_add_return_unchecked_57910 atomic_add_return_unchecked 0-1 57910 NULL nohasharray
29374 ++iio_read_first_n_kfifo_57910 iio_read_first_n_kfifo 2 57910 &atomic_add_return_unchecked_57910
29375 +__snd_gf1_look16_57925 __snd_gf1_look16 0 57925 NULL
29376 +sel_read_handle_unknown_57933 sel_read_handle_unknown 3 57933 NULL
29377 ++xfs_mru_cache_create_57943 xfs_mru_cache_create 3 57943 NULL
29378 ++rx_57944 rx 4 57944 NULL
29379 +key_algorithm_read_57946 key_algorithm_read 3 57946 NULL
29380 +ip_set_alloc_57953 ip_set_alloc 1 57953 NULL nohasharray
29381 +ioat3_dca_count_dca_slots_57953 ioat3_dca_count_dca_slots 0 57953 &ip_set_alloc_57953
29382 +i915_cache_sharing_write_57961 i915_cache_sharing_write 3 57961 NULL
29383 ++hfc_empty_fifo_57972 hfc_empty_fifo 2 57972 NULL
29384 +stripe_status_57985 stripe_status 4 57985 NULL
29385 +rx_reset_counter_read_58001 rx_reset_counter_read 3 58001 NULL
29386 +regcache_rbtree_insert_to_block_58009 regcache_rbtree_insert_to_block 5 58009 NULL
29387 @@ -108438,26 +110086,33 @@ index 0000000..6fcc08d
29388 +io_playback_transfer_58030 io_playback_transfer 4 58030 NULL
29389 +mce_async_out_58056 mce_async_out 3 58056 NULL
29390 +ocfs2_find_leaf_58065 ocfs2_find_leaf 0 58065 NULL
29391 -+cm4040_write_58079 cm4040_write 3 58079 NULL
29392 -+socket_type_to_security_class_58118 socket_type_to_security_class 0 58118 NULL
29393 ++cm4040_write_58079 cm4040_write 3 58079 NULL nohasharray
29394 ++usb_stor_acquire_resources_58079 usb_stor_acquire_resources 0 58079 &cm4040_write_58079
29395 ++rfcomm_wmalloc_58090 rfcomm_wmalloc 2 58090 NULL
29396 ++i915_add_request_58096 i915_add_request 0 58096 NULL
29397 +savemem_58129 savemem 3 58129 NULL
29398 +ipv6_flowlabel_opt_58135 ipv6_flowlabel_opt 3 58135 NULL nohasharray
29399 -+slhc_init_58135 slhc_init 1-2 58135 &ipv6_flowlabel_opt_58135
29400 ++slhc_init_58135 slhc_init 2-1 58135 &ipv6_flowlabel_opt_58135
29401 ++ocfs2_reserve_clusters_58164 ocfs2_reserve_clusters 0 58164 NULL
29402 +garmin_write_bulk_58191 garmin_write_bulk 3 58191 NULL
29403 +asix_write_cmd_58192 asix_write_cmd 5 58192 NULL
29404 +ieee80211_if_fmt_flags_58205 ieee80211_if_fmt_flags 3 58205 NULL
29405 ++nci_send_cmd_58206 nci_send_cmd 3 58206 NULL
29406 ++sysfs_add_file_mode_58222 sysfs_add_file_mode 0 58222 NULL
29407 +read_file_debug_58256 read_file_debug 3 58256 NULL
29408 +cfg80211_mgmt_tx_status_58266 cfg80211_mgmt_tx_status 4 58266 NULL
29409 +profile_load_58267 profile_load 3 58267 NULL
29410 ++kstrtos8_from_user_58268 kstrtos8_from_user 2 58268 NULL
29411 +acpi_ds_build_internal_package_obj_58271 acpi_ds_build_internal_package_obj 3 58271 NULL
29412 +iscsi_decode_text_input_58292 iscsi_decode_text_input 4 58292 NULL
29413 +my_skb_head_push_58297 my_skb_head_push 2 58297 NULL
29414 +ieee80211_if_read_dot11MeshTTL_58307 ieee80211_if_read_dot11MeshTTL 3 58307 NULL
29415 -+pcim_iomap_58334 pcim_iomap 3 58334 NULL
29416 -+diva_init_dma_map_58336 diva_init_dma_map 3 58336 NULL
29417 -+next_pidmap_58347 next_pidmap 2 58347 NULL
29418 ++next_pidmap_58347 next_pidmap 2-0 58347 NULL
29419 +vmalloc_to_sg_58354 vmalloc_to_sg 2 58354 NULL
29420 ++sctp_make_init_58401 sctp_make_init 4 58401 NULL
29421 ++idetape_pad_zeros_58406 idetape_pad_zeros 2 58406 NULL
29422 +i2400m_pld_size_58415 i2400m_pld_size 0 58415 NULL
29423 ++iscsi_offload_mesg_58425 iscsi_offload_mesg 5 58425 NULL
29424 +__iio_add_chan_devattr_58451 __iio_add_chan_devattr 0 58451 NULL
29425 +capabilities_read_58457 capabilities_read 3 58457 NULL
29426 +lpfc_idiag_baracc_read_58466 lpfc_idiag_baracc_read 3 58466 NULL nohasharray
29427 @@ -108466,19 +110121,25 @@ index 0000000..6fcc08d
29428 +snd_rme96_capture_copy_58484 snd_rme96_capture_copy 5 58484 NULL
29429 +rndis_add_response_58544 rndis_add_response 2 58544 NULL
29430 +efx_tsoh_heap_alloc_58545 efx_tsoh_heap_alloc 2 58545 NULL
29431 ++wrap_max_58548 wrap_max 0-1-2 58548 NULL
29432 +gen_pool_alloc_58558 gen_pool_alloc 2 58558 NULL
29433 +wep_decrypt_fail_read_58567 wep_decrypt_fail_read 3 58567 NULL
29434 +scnprint_mac_oui_58578 scnprint_mac_oui 3-0 58578 NULL
29435 ++get_rhf_errstring_58582 get_rhf_errstring 3 58582 NULL
29436 +ea_read_inline_58589 ea_read_inline 0 58589 NULL
29437 +xip_file_read_58592 xip_file_read 3 58592 NULL
29438 -+gdth_search_isa_58595 gdth_search_isa 1 58595 NULL
29439 -+ebt_buf_count_58607 ebt_buf_count 0 58607 NULL
29440 ++ecryptfs_write_end_58594 ecryptfs_write_end 5-3 58594 NULL
29441 ++ixj_read_58615 ixj_read 3 58615 NULL
29442 +skb_copy_to_page_nocache_58624 skb_copy_to_page_nocache 6 58624 NULL
29443 ++filemap_fdatawrite_range_58630 filemap_fdatawrite_range 0 58630 NULL
29444 ++vb2_qbuf_58631 vb2_qbuf 0 58631 NULL
29445 +module_alloc_update_bounds_rx_58634 module_alloc_update_bounds_rx 1 58634 NULL
29446 +ocfs2_block_to_cluster_start_58653 ocfs2_block_to_cluster_start 2 58653 NULL
29447 ++iwl_dbgfs_rx_handlers_write_58655 iwl_dbgfs_rx_handlers_write 3 58655 NULL
29448 +uwb_bce_print_IEs_58686 uwb_bce_print_IEs 4 58686 NULL
29449 -+vmalloc_node_58700 vmalloc_node 1 58700 NULL
29450 -+csum_exist_in_range_58730 csum_exist_in_range 2 58730 NULL
29451 ++scsi_setup_command_freelist_58703 scsi_setup_command_freelist 0 58703 NULL
29452 ++vx_send_msg_58711 vx_send_msg 0 58711 NULL
29453 ++csum_exist_in_range_58730 csum_exist_in_range 2-3 58730 NULL
29454 +frames_to_bytes_58741 frames_to_bytes 0-2 58741 NULL
29455 +ieee80211_if_write_tkip_mic_test_58748 ieee80211_if_write_tkip_mic_test 3 58748 NULL
29456 +agp_allocate_memory_58761 agp_allocate_memory 2 58761 NULL
29457 @@ -108487,88 +110148,115 @@ index 0000000..6fcc08d
29458 +raw_send_hdrinc_58803 raw_send_hdrinc 4 58803 NULL
29459 +ep_read_58813 ep_read 3 58813 NULL
29460 +command_write_58841 command_write 3 58841 NULL
29461 -+ocfs2_truncate_log_append_58850 ocfs2_truncate_log_append 3 58850 NULL
29462 ++ocfs2_truncate_log_append_58850 ocfs2_truncate_log_append 0-3 58850 NULL
29463 +iwl_dbgfs_traffic_log_read_58870 iwl_dbgfs_traffic_log_read 3 58870 NULL
29464 +gs_alloc_req_58883 gs_alloc_req 2 58883 NULL
29465 -+cs553x_init_one_58886 cs553x_init_one 3 58886 NULL
29466 -+raw_ctl_compat_ioctl_58905 raw_ctl_compat_ioctl 3 58905 NULL
29467 +print_devstats_dot11FCSErrorCount_58919 print_devstats_dot11FCSErrorCount 3 58919 NULL
29468 -+tun_chr_compat_ioctl_58921 tun_chr_compat_ioctl 3 58921 NULL
29469 ++st5481_isoc_flatten_58952 st5481_isoc_flatten 0 58952 NULL
29470 ++netpoll_send_udp_58955 netpoll_send_udp 3 58955 NULL
29471 ++wait_table_hash_nr_entries_58962 wait_table_hash_nr_entries 0 58962 NULL
29472 +crypto_aead_ivsize_58970 crypto_aead_ivsize 0 58970 NULL
29473 +max3107_handlerx_58978 max3107_handlerx 2 58978 NULL
29474 ++handle_rx_packet_58993 handle_rx_packet 3 58993 NULL
29475 +ep_write_59008 ep_write 3 59008 NULL
29476 ++lpfc_idiag_baracc_write_59014 lpfc_idiag_baracc_write 3 59014 NULL
29477 ++receive_server_sync_packet_59021 receive_server_sync_packet 3 59021 NULL
29478 +selinux_transaction_write_59038 selinux_transaction_write 3 59038 NULL
29479 +crypto_aead_reqsize_59039 crypto_aead_reqsize 0 59039 NULL
29480 ++i8042_enable_kbd_port_59049 i8042_enable_kbd_port 0 59049 NULL
29481 +mmc_sd_num_wr_blocks_59112 mmc_sd_num_wr_blocks 0 59112 NULL
29482 +scsi_io_completion_59122 scsi_io_completion 2 59122 NULL
29483 +__iio_add_event_config_attrs_59136 __iio_add_event_config_attrs 0 59136 NULL
29484 +print_devstats_dot11RTSSuccessCount_59145 print_devstats_dot11RTSSuccessCount 3 59145 NULL nohasharray
29485 +framebuffer_alloc_59145 framebuffer_alloc 1 59145 &print_devstats_dot11RTSSuccessCount_59145
29486 ++ocfs2_claim_local_alloc_bits_59147 ocfs2_claim_local_alloc_bits 0 59147 NULL
29487 +radeon_compat_ioctl_59150 radeon_compat_ioctl 2 59150 NULL
29488 +pvr2_hdw_report_clients_59152 pvr2_hdw_report_clients 3 59152 NULL
29489 ++mthca_create_eq_59157 mthca_create_eq 2 59157 NULL
29490 +setup_window_59178 setup_window 4-2-5-7 59178 NULL
29491 -+ocfs2_move_extent_59187 ocfs2_move_extent 3 59187 NULL
29492 ++ocfs2_move_extent_59187 ocfs2_move_extent 2-5-3 59187 NULL
29493 ++InitLedSettings_59192 InitLedSettings 0 59192 NULL
29494 ++validate_exec_list_59204 validate_exec_list 0 59204 NULL
29495 +xfs_iext_realloc_indirect_59211 xfs_iext_realloc_indirect 2 59211 NULL
29496 -+inftl_partscan_59216 inftl_partscan 0 59216 NULL
29497 -+skb_transport_header_59223 skb_transport_header 0 59223 NULL
29498 ++fast_rx_path_59214 fast_rx_path 3 59214 NULL
29499 ++check_mapped_selector_name_59216 check_mapped_selector_name 5 59216 NULL nohasharray
29500 ++inftl_partscan_59216 inftl_partscan 0 59216 &check_mapped_selector_name_59216
29501 +dt3155_read_59226 dt3155_read 3 59226 NULL
29502 +tcp_try_rmem_schedule_59231 tcp_try_rmem_schedule 2 59231 NULL
29503 +tty_prepare_flip_string_flags_59240 tty_prepare_flip_string_flags 4 59240 NULL
29504 +solo_v4l2_read_59247 solo_v4l2_read 3 59247 NULL
29505 +nla_len_59258 nla_len 0 59258 NULL
29506 ++__push_leaf_right_59302 __push_leaf_right 0 59302 NULL
29507 +btrfs_insert_dir_item_59304 btrfs_insert_dir_item 4 59304 NULL
29508 +fd_copyout_59323 fd_copyout 3 59323 NULL
29509 +read_9287_modal_eeprom_59327 read_9287_modal_eeprom 3 59327 NULL
29510 +xfs_attrmulti_attr_set_59346 xfs_attrmulti_attr_set 4 59346 NULL
29511 ++__map_request_59350 __map_request 0 59350 NULL
29512 +xfs_dir2_sf_entsize_59366 xfs_dir2_sf_entsize 0-2 59366 NULL
29513 +pvr2_debugifc_print_info_59380 pvr2_debugifc_print_info 3 59380 NULL
29514 ++journal_init_dev_59384 journal_init_dev 5 59384 NULL
29515 +fc_frame_alloc_fill_59394 fc_frame_alloc_fill 2 59394 NULL
29516 ++pci_ctrl_read_59424 pci_ctrl_read 0 59424 NULL
29517 +vxge_hw_ring_rxds_per_block_get_59425 vxge_hw_ring_rxds_per_block_get 0 59425 NULL
29518 ++snd_pcm_tstamp_59431 snd_pcm_tstamp 0 59431 NULL
29519 +squashfs_read_data_59440 squashfs_read_data 6 59440 NULL
29520 +descriptor_loc_59446 descriptor_loc 3 59446 NULL
29521 -+dma_attach_59495 dma_attach 5-6 59495 NULL
29522 ++shrink_tnc_trees_59481 shrink_tnc_trees 0 59481 NULL
29523 +ib_copy_from_udata_59502 ib_copy_from_udata 3 59502 NULL
29524 +rds_pin_pages_59507 rds_pin_pages 0 59507 NULL
29525 +tunables_write_59563 tunables_write 3 59563 NULL
29526 ++__copy_from_user_ll_nozero_59571 __copy_from_user_ll_nozero 0-3 59571 NULL
29527 ++write_pbl_59583 write_pbl 4 59583 NULL
29528 +memdup_user_59590 memdup_user 2 59590 NULL
29529 ++fcoe_ctlr_vn_send_59607 fcoe_ctlr_vn_send 4 59607 NULL
29530 +mtrr_write_59622 mtrr_write 3 59622 NULL
29531 ++ocfs2_adjust_rightmost_branch_59623 ocfs2_adjust_rightmost_branch 0 59623 NULL
29532 +ip_vs_icmp_xmit_59624 ip_vs_icmp_xmit 4 59624 NULL
29533 +find_first_zero_bit_59636 find_first_zero_bit 0-2 59636 NULL
29534 ++dn_fib_nlmsg_size_59643 dn_fib_nlmsg_size 0 59643 NULL
29535 +ubifs_setxattr_59650 ubifs_setxattr 4 59650 NULL nohasharray
29536 +hidraw_read_59650 hidraw_read 3 59650 &ubifs_setxattr_59650
29537 +v9fs_xattr_set_acl_59651 v9fs_xattr_set_acl 4 59651 NULL
29538 ++paravirt_sched_clock_59660 paravirt_sched_clock 0 59660 NULL
29539 ++tcp_skb_pcount_59664 tcp_skb_pcount 0 59664 NULL
29540 +alloc_dca_provider_59670 alloc_dca_provider 2 59670 NULL
29541 -+sriov_enable_59689 sriov_enable 2 59689 NULL
29542 +ieee80211_mgmt_tx_59699 ieee80211_mgmt_tx 9 59699 NULL
29543 +mic_calc_failure_read_59700 mic_calc_failure_read 3 59700 NULL
29544 ++ioperm_get_59701 ioperm_get 4-3 59701 NULL
29545 ++snd_pcm_info_user_59711 snd_pcm_info_user 0 59711 NULL
29546 +prism2_info_scanresults_59729 prism2_info_scanresults 3 59729 NULL
29547 -+ieee80211_if_read_fwded_unicast_59740 ieee80211_if_read_fwded_unicast 3 59740 NULL
29548 ++nfs_file_splice_read_59735 nfs_file_splice_read 4 59735 NULL
29549 ++sock_rmalloc_59740 sock_rmalloc 2 59740 NULL nohasharray
29550 ++ieee80211_if_read_fwded_unicast_59740 ieee80211_if_read_fwded_unicast 3 59740 &sock_rmalloc_59740
29551 +qib_decode_7220_sdma_errs_59745 qib_decode_7220_sdma_errs 4 59745 NULL
29552 -+strnlen_59746 strnlen 0 59746 NULL
29553 ++strnlen_59746 strnlen 0 59746 NULL nohasharray
29554 ++fuse_file_llseek_59746 fuse_file_llseek 2 59746 &strnlen_59746
29555 +ext3_acl_count_59754 ext3_acl_count 0-1 59754 NULL
29556 +long_retry_limit_read_59766 long_retry_limit_read 3 59766 NULL
29557 +venus_remove_59781 venus_remove 4 59781 NULL
29558 ++xlog_do_recover_59789 xlog_do_recover 3 59789 NULL
29559 +ipw_write_59807 ipw_write 3 59807 NULL
29560 +rtllib_wx_set_gen_ie_59808 rtllib_wx_set_gen_ie 3 59808 NULL
29561 -+ubi_dbg_check_all_ff_59810 ubi_dbg_check_all_ff 4 59810 NULL
29562 ++ubi_dbg_check_all_ff_59810 ubi_dbg_check_all_ff 0 59810 NULL
29563 +scsi_init_shared_tag_map_59812 scsi_init_shared_tag_map 2 59812 NULL
29564 +ieee80211_if_read_dot11MeshHWMPmaxPREQretries_59829 ieee80211_if_read_dot11MeshHWMPmaxPREQretries 3 59829 NULL
29565 +gspca_dev_probe2_59833 gspca_dev_probe2 4 59833 NULL
29566 -+may_create_59843 may_create 3 59843 NULL
29567 ++fs64_to_cpu_59845 fs64_to_cpu 0 59845 NULL
29568 +tun_put_user_59849 tun_put_user 4 59849 NULL
29569 +format_array_59854 format_array 0 59854 NULL
29570 +pvr2_ioread_set_sync_key_59882 pvr2_ioread_set_sync_key 3 59882 NULL
29571 +shmem_zero_setup_59885 shmem_zero_setup 0 59885 NULL
29572 ++l2cap_sock_recvmsg_59886 l2cap_sock_recvmsg 4 59886 NULL
29573 +ffs_prepare_buffer_59892 ffs_prepare_buffer 2 59892 NULL
29574 ++ocfs2_extend_rotate_transaction_59894 ocfs2_extend_rotate_transaction 0 59894 NULL
29575 ++swiotlb_map_page_59909 swiotlb_map_page 3 59909 NULL
29576 ++ocfs2_expand_inline_ref_root_59945 ocfs2_expand_inline_ref_root 0 59945 NULL
29577 +dapm_widget_power_read_file_59950 dapm_widget_power_read_file 3 59950 NULL
29578 -+compat_ipmi_ioctl_59956 compat_ipmi_ioctl 3 59956 NULL
29579 -+fb_getput_cmap_59971 fb_getput_cmap 3 59971 NULL
29580 +__arch_hweight16_59975 __arch_hweight16 0 59975 NULL
29581 +osd_req_read_kern_59990 osd_req_read_kern 5 59990 NULL
29582 +ghash_async_setkey_60001 ghash_async_setkey 3 60001 NULL
29583 +rawsock_sendmsg_60010 rawsock_sendmsg 4 60010 NULL
29584 +mthca_init_cq_60011 mthca_init_cq 2 60011 NULL
29585 -+register_device_60015 register_device 2-3 60015 NULL
29586 +osd_req_list_dev_partitions_60027 osd_req_list_dev_partitions 4 60027 NULL
29587 +xlog_bread_offset_60030 xlog_bread_offset 3 60030 NULL
29588 +sys_sched_getaffinity_60033 sys_sched_getaffinity 2 60033 NULL
29589 @@ -108583,24 +110271,24 @@ index 0000000..6fcc08d
29590 +mp_register_gsi_60079 mp_register_gsi 2 60079 NULL
29591 +rxrpc_kernel_send_data_60083 rxrpc_kernel_send_data 3 60083 NULL
29592 +ieee80211_if_fmt_fwded_frames_60103 ieee80211_if_fmt_fwded_frames 3 60103 NULL
29593 -+ttm_bo_kmap_60118 ttm_bo_kmap 3-2 60118 NULL
29594 -+kmem_cache_alloc_trace_60152 kmem_cache_alloc_trace 0 60152 NULL
29595 ++ld_usb_read_60156 ld_usb_read 3 60156 NULL
29596 +jmb38x_ms_count_slots_60164 jmb38x_ms_count_slots 0 60164 NULL
29597 +init_state_60165 init_state 2 60165 NULL
29598 +sg_build_sgat_60179 sg_build_sgat 3 60179 NULL nohasharray
29599 +jffs2_alloc_full_dirent_60179 jffs2_alloc_full_dirent 1 60179 &sg_build_sgat_60179
29600 -+svc_compat_ioctl_60194 svc_compat_ioctl 3 60194 NULL
29601 +ib_send_cm_mra_60202 ib_send_cm_mra 4 60202 NULL nohasharray
29602 +qib_reg_phys_mr_60202 qib_reg_phys_mr 3 60202 &ib_send_cm_mra_60202
29603 +store_iwmct_log_level_60209 store_iwmct_log_level 4 60209 NULL
29604 ++pvclock_scale_delta_60231 pvclock_scale_delta 0 60231 NULL
29605 +compat_sys_fcntl64_60256 compat_sys_fcntl64 3 60256 NULL
29606 +printer_write_60276 printer_write 3 60276 NULL
29607 +__pskb_pull_tail_60287 __pskb_pull_tail 2 60287 NULL
29608 +do_xip_mapping_read_60297 do_xip_mapping_read 5 60297 NULL
29609 +getDataLength_60301 getDataLength 0 60301 NULL
29610 -+ceph_parse_server_name_60318 ceph_parse_server_name 2 60318 NULL
29611 -+__kfifo_from_user_r_60345 __kfifo_from_user_r 3-5 60345 NULL
29612 ++usb_alphatrack_write_60341 usb_alphatrack_write 3 60341 NULL
29613 ++__kfifo_from_user_r_60345 __kfifo_from_user_r 5-3 60345 NULL
29614 +brcmf_alloc_wdev_60347 brcmf_alloc_wdev 1 60347 NULL
29615 ++rh_call_control_60349 rh_call_control 0 60349 NULL
29616 +dccp_setsockopt_60367 dccp_setsockopt 5 60367 NULL
29617 +mthca_alloc_resize_buf_60394 mthca_alloc_resize_buf 3 60394 NULL
29618 +ocfs2_zero_extend_60396 ocfs2_zero_extend 3 60396 NULL
29619 @@ -108609,185 +110297,247 @@ index 0000000..6fcc08d
29620 +simple_alloc_urb_60420 simple_alloc_urb 3 60420 NULL
29621 +excessive_retries_read_60425 excessive_retries_read 3 60425 NULL
29622 +tstats_write_60432 tstats_write 3 60432 NULL nohasharray
29623 -+kmalloc_60432 kmalloc 0-1 60432 &tstats_write_60432
29624 ++kmalloc_60432 kmalloc 1 60432 &tstats_write_60432
29625 +tipc_buf_acquire_60437 tipc_buf_acquire 1 60437 NULL
29626 ++rx_data_60442 rx_data 4 60442 NULL
29627 +tcf_csum_ipv4_igmp_60446 tcf_csum_ipv4_igmp 3 60446 NULL
29628 ++iwm_ntf_rx_packet_60452 iwm_ntf_rx_packet 3 60452 NULL
29629 +crypto_shash_setkey_60483 crypto_shash_setkey 3 60483 NULL
29630 +ath_tx_init_60515 ath_tx_init 2 60515 NULL
29631 ++ubi_wl_get_peb_60525 ubi_wl_get_peb 0 60525 NULL
29632 ++hysdn_sched_rx_60533 hysdn_sched_rx 3 60533 NULL
29633 +v9fs_fid_readn_60544 v9fs_fid_readn 4 60544 NULL
29634 ++tracing_entries_write_60563 tracing_entries_write 3 60563 NULL
29635 +skb_transport_offset_60619 skb_transport_offset 0 60619 NULL
29636 +wl1273_fm_fops_write_60621 wl1273_fm_fops_write 3 60621 NULL
29637 ++usb_control_msg_60624 usb_control_msg 0 60624 NULL
29638 +acl_alloc_stack_init_60630 acl_alloc_stack_init 1 60630 NULL
29639 -+ubifs_recover_leb_60639 ubifs_recover_leb 3 60639 NULL
29640 -+fb_get_fscreeninfo_60640 fb_get_fscreeninfo 3 60640 NULL
29641 ++free_dind_blocks_60635 free_dind_blocks 0 60635 NULL
29642 +if_sdio_host_to_card_60666 if_sdio_host_to_card 4 60666 NULL
29643 +ieee80211_if_read_dot11MeshConfirmTimeout_60670 ieee80211_if_read_dot11MeshConfirmTimeout 3 60670 NULL
29644 +init_data_container_60709 init_data_container 1 60709 NULL
29645 ++vga_rcrt_60731 vga_rcrt 0 60731 NULL
29646 ++add_to_list_60744 add_to_list 0 60744 NULL
29647 +snd_ice1712_ds_read_60754 snd_ice1712_ds_read 0 60754 NULL
29648 +sel_write_checkreqprot_60774 sel_write_checkreqprot 3 60774 NULL
29649 +opticon_write_60775 opticon_write 4 60775 NULL
29650 +acl_alloc_num_60778 acl_alloc_num 1-2 60778 NULL
29651 +snd_pcm_oss_readv3_60792 snd_pcm_oss_readv3 3 60792 NULL
29652 -+mtd_compat_ioctl_60850 mtd_compat_ioctl 3 60850 NULL
29653 +pwr_tx_with_ps_read_60851 pwr_tx_with_ps_read 3 60851 NULL
29654 +pool_status_60861 pool_status 4 60861 NULL
29655 -+alloc_irq_from_60868 alloc_irq_from 1 60868 NULL
29656 ++ieee80211_send_auth_60865 ieee80211_send_auth 5 60865 NULL
29657 ++alloc_irq_from_60868 alloc_irq_from 1-0 60868 NULL
29658 +generic_writepages_60871 generic_writepages 0 60871 NULL
29659 ++ubifs_read_one_lp_60882 ubifs_read_one_lp 0 60882 NULL
29660 +mgt_set_varlen_60916 mgt_set_varlen 4 60916 NULL
29661 ++xen_clocksource_read_60918 xen_clocksource_read 0 60918 NULL
29662 +set_powered_60938 set_powered 4 60938 NULL
29663 ++xfs_rtallocate_extent_size_60939 xfs_rtallocate_extent_size 4 60939 NULL
29664 +pti_char_write_60960 pti_char_write 3 60960 NULL
29665 +mwifiex_alloc_sdio_mpa_buffers_60961 mwifiex_alloc_sdio_mpa_buffers 2-3 60961 NULL
29666 ++blkio_get_key_name_61014 blkio_get_key_name 4 61014 NULL
29667 +ath6kl_lrssi_roam_read_61022 ath6kl_lrssi_roam_read 3 61022 NULL
29668 ++lpfc_idiag_queacc_write_61043 lpfc_idiag_queacc_write 3 61043 NULL
29669 +symtab_init_61050 symtab_init 2 61050 NULL
29670 +fuse_send_write_61053 fuse_send_write 0 61053 NULL
29671 -+bitmap_scnlistprintf_61062 bitmap_scnlistprintf 0-4-2 61062 NULL
29672 ++snd_pcm_pause_61054 snd_pcm_pause 0 61054 NULL
29673 ++bitmap_scnlistprintf_61062 bitmap_scnlistprintf 2-4-0 61062 NULL
29674 +ahash_align_buffer_size_61070 ahash_align_buffer_size 0-1-2 61070 NULL
29675 ++snd_pcm_update_hw_ptr0_61084 snd_pcm_update_hw_ptr0 0 61084 NULL
29676 +get_derived_key_61100 get_derived_key 4 61100 NULL
29677 +alloc_chrdev_region_61112 alloc_chrdev_region 0 61112 NULL
29678 -+__probe_kernel_read_61119 __probe_kernel_read 3 61119 NULL
29679 ++p80211_headerlen_61119 p80211_headerlen 0 61119 NULL nohasharray
29680 ++__probe_kernel_read_61119 __probe_kernel_read 3 61119 &p80211_headerlen_61119
29681 +proto_ports_offset_61125 proto_ports_offset 0 61125 NULL
29682 +vmemmap_alloc_block_buf_61126 vmemmap_alloc_block_buf 1 61126 NULL
29683 +afs_proc_cells_write_61139 afs_proc_cells_write 3 61139 NULL
29684 -+__vmalloc_61168 __vmalloc 1 61168 NULL
29685 +event_oom_late_read_61175 event_oom_late_read 3 61175 NULL
29686 +sys_lsetxattr_61177 sys_lsetxattr 4 61177 NULL
29687 ++cfpkt_append_61206 cfpkt_append 3 61206 NULL
29688 +arch_hibernation_header_save_61212 arch_hibernation_header_save 0 61212 NULL
29689 ++pn544_write_61215 pn544_write 3 61215 NULL
29690 +smk_read_ambient_61220 smk_read_ambient 3 61220 NULL
29691 -+ubifs_leb_write_61226 ubifs_leb_write 4-5 61226 NULL
29692 ++__verify_planes_array_61249 __verify_planes_array 0 61249 NULL
29693 ++find_get_pages_tag_61270 find_get_pages_tag 0 61270 NULL
29694 ++kick_a_thread_61273 kick_a_thread 0 61273 NULL
29695 +vortex_adbdma_getlinearpos_61283 vortex_adbdma_getlinearpos 0 61283 NULL
29696 +sys_add_key_61288 sys_add_key 4 61288 NULL
29697 +ext4_issue_discard_61305 ext4_issue_discard 2 61305 NULL
29698 +xfrm_user_sec_ctx_size_61320 xfrm_user_sec_ctx_size 0 61320 NULL
29699 -+__fls_61340 __fls 0 61340 NULL nohasharray
29700 ++__fls_61340 __fls 0-1 61340 NULL nohasharray
29701 +st5481_setup_isocpipes_61340 st5481_setup_isocpipes 6-4 61340 &__fls_61340
29702 -+sys_ptrace_61369 sys_ptrace 3 61369 NULL
29703 ++set_params_61373 set_params 0 61373 NULL
29704 +change_xattr_61390 change_xattr 5 61390 NULL
29705 -+size_entry_mwt_61400 size_entry_mwt 0 61400 NULL
29706 ++system_enable_write_61396 system_enable_write 3 61396 NULL
29707 +pm860x_bulk_read_61415 pm860x_bulk_read 3 61415 NULL
29708 -+dma_ops_area_alloc_61440 dma_ops_area_alloc 3-4-5 61440 NULL
29709 ++i915_emit_box_61436 i915_emit_box 0 61436 NULL
29710 ++dma_ops_area_alloc_61440 dma_ops_area_alloc 3-4-5-0 61440 NULL
29711 +unix_stream_sendmsg_61455 unix_stream_sendmsg 4 61455 NULL
29712 -+snd_pcm_lib_writev_transfer_61483 snd_pcm_lib_writev_transfer 4-2-5 61483 NULL
29713 ++snd_pcm_lib_writev_transfer_61483 snd_pcm_lib_writev_transfer 5-4-2 61483 NULL
29714 +btrfs_item_size_61485 btrfs_item_size 0 61485 NULL
29715 -+choke_len_61491 choke_len 0 61491 NULL
29716 ++ocfs2_get_refcount_rec_61514 ocfs2_get_refcount_rec 0 61514 NULL
29717 +clone_bio_61526 clone_bio 5 61526 NULL nohasharray
29718 +erst_errno_61526 erst_errno 0 61526 &clone_bio_61526
29719 +ntfs_attr_lookup_61539 ntfs_attr_lookup 0 61539 NULL
29720 ++trace_options_core_write_61551 trace_options_core_write 3 61551 NULL
29721 +o2hb_pop_count_61553 o2hb_pop_count 2 61553 NULL
29722 +dvb_net_ioctl_61559 dvb_net_ioctl 2 61559 NULL
29723 +rbd_do_request_61561 rbd_do_request 6-7 61561 NULL
29724 ++parport_pc_fifo_write_block_dma_61568 parport_pc_fifo_write_block_dma 3 61568 NULL
29725 ++fan_proc_write_61569 fan_proc_write 3 61569 NULL
29726 +ieee80211_if_read_rc_rateidx_mask_2ghz_61570 ieee80211_if_read_rc_rateidx_mask_2ghz 3 61570 NULL
29727 ++mip_minify_61584 mip_minify 2-1-0 61584 NULL
29728 +seq_open_private_61589 seq_open_private 3 61589 NULL
29729 -+__get_vm_area_61599 __get_vm_area 1 61599 NULL
29730 -+ncp_compat_ioctl_61608 ncp_compat_ioctl 3 61608 NULL
29731 ++netlink_recvmsg_61600 netlink_recvmsg 4 61600 NULL
29732 ++cx2341x_handler_init_61601 cx2341x_handler_init 2 61601 NULL
29733 +configfs_write_file_61621 configfs_write_file 3 61621 NULL
29734 +ieee80211_rx_bss_info_61630 ieee80211_rx_bss_info 3 61630 NULL
29735 +i2o_parm_table_get_61635 i2o_parm_table_get 6 61635 NULL
29736 +snd_pcm_oss_read3_61643 snd_pcm_oss_read3 0-3 61643 NULL
29737 +resize_stripes_61650 resize_stripes 2 61650 NULL
29738 -+ttm_page_pool_free_61661 ttm_page_pool_free 2 61661 NULL
29739 ++ttm_page_pool_free_61661 ttm_page_pool_free 2-0 61661 NULL
29740 +insert_one_name_61668 insert_one_name 7 61668 NULL
29741 ++snd_pcm_playback_avail_61671 snd_pcm_playback_avail 0 61671 NULL
29742 ++qib_format_hwmsg_61679 qib_format_hwmsg 2 61679 NULL
29743 +lock_loop_61681 lock_loop 1 61681 NULL
29744 +filter_read_61692 filter_read 3 61692 NULL
29745 +iov_length_61716 iov_length 0 61716 NULL
29746 +fragmentation_threshold_read_61718 fragmentation_threshold_read 3 61718 NULL
29747 +read_file_interrupt_61742 read_file_interrupt 3 61742 NULL nohasharray
29748 +read_file_regval_61742 read_file_regval 3 61742 &read_file_interrupt_61742
29749 ++gfs2_meta_wait_61773 gfs2_meta_wait 0 61773 NULL
29750 ++mls_compute_context_len_61812 mls_compute_context_len 0 61812 NULL
29751 ++btrfs_file_llseek_61838 btrfs_file_llseek 2 61838 NULL
29752 +bfad_debugfs_write_regwr_61841 bfad_debugfs_write_regwr 3 61841 NULL
29753 ++btrfs_bitmap_cluster_61854 btrfs_bitmap_cluster 4 61854 NULL
29754 +evdev_compute_buffer_size_61863 evdev_compute_buffer_size 0 61863 NULL
29755 +get_fw_name_61874 get_fw_name 3 61874 NULL
29756 -+ax25_addr_size_61899 ax25_addr_size 0 61899 NULL
29757 ++ieee80211_rtl_auth_challenge_61897 ieee80211_rtl_auth_challenge 3 61897 NULL
29758 ++ax25_addr_size_61899 ax25_addr_size 0 61899 NULL nohasharray
29759 ++cxgb4_pktgl_to_skb_61899 cxgb4_pktgl_to_skb 2 61899 &ax25_addr_size_61899
29760 ++roundup_ring_size_61901 roundup_ring_size 1 61901 NULL
29761 +clear_refs_write_61904 clear_refs_write 3 61904 NULL
29762 -+au0828_init_isoc_61917 au0828_init_isoc 3-2 61917 NULL
29763 ++au0828_init_isoc_61917 au0828_init_isoc 3-2-4 61917 NULL
29764 +sctp_sendmsg_61919 sctp_sendmsg 4 61919 NULL
29765 ++ocfs2_reserve_new_metadata_blocks_61926 ocfs2_reserve_new_metadata_blocks 0 61926 NULL
29766 +send_bulk_static_data_61932 send_bulk_static_data 3 61932 NULL
29767 ++cluster_pages_for_defrag_61956 cluster_pages_for_defrag 0 61956 NULL
29768 +squashfs_read_id_index_table_61961 squashfs_read_id_index_table 4 61961 NULL
29769 +mlx4_alloc_mtt_range_61966 mlx4_alloc_mtt_range 2 61966 NULL
29770 +ocfs2_quota_write_61972 ocfs2_quota_write 5-4 61972 NULL
29771 ++fd_locked_ioctl_61978 fd_locked_ioctl 3 61978 NULL
29772 +cow_file_range_61979 cow_file_range 3 61979 NULL
29773 ++ext4_da_get_block_prep_61987 ext4_da_get_block_prep 2 61987 NULL
29774 ++module_alloc_exec_61991 module_alloc_exec 1 61991 NULL
29775 +virtnet_send_command_61993 virtnet_send_command 5-6 61993 NULL
29776 ++dequeue_event_62000 dequeue_event 3 62000 NULL
29777 +xt_compat_match_offset_62011 xt_compat_match_offset 0 62011 NULL
29778 +jffs2_do_unlink_62020 jffs2_do_unlink 4 62020 NULL
29779 +pmcraid_build_passthrough_ioadls_62034 pmcraid_build_passthrough_ioadls 2 62034 NULL
29780 +proc_fdinfo_read_62043 proc_fdinfo_read 3 62043 NULL
29781 ++ppp_tx_cp_62044 ppp_tx_cp 5 62044 NULL
29782 +sctp_user_addto_chunk_62047 sctp_user_addto_chunk 2-3 62047 NULL
29783 +do_pselect_62061 do_pselect 1 62061 NULL
29784 +pcpu_alloc_bootmem_62074 pcpu_alloc_bootmem 2 62074 NULL
29785 +get_domain_for_dev_62099 get_domain_for_dev 2 62099 NULL
29786 +jffs2_security_setxattr_62107 jffs2_security_setxattr 4 62107 NULL
29787 ++generic_block_fiemap_62122 generic_block_fiemap 4 62122 NULL
29788 +llc_ui_header_len_62131 llc_ui_header_len 0 62131 NULL
29789 -+qib_diag_write_62133 qib_diag_write 3 62133 NULL
29790 -+ql_status_62135 ql_status 5 62135 NULL
29791 ++qib_diag_write_62133 qib_diag_write 3 62133 NULL nohasharray
29792 ++kobject_add_varg_62133 kobject_add_varg 0 62133 &qib_diag_write_62133
29793 ++ql_status_62135 ql_status 5 62135 NULL nohasharray
29794 ++device_add_attrs_62135 device_add_attrs 0 62135 &ql_status_62135
29795 +video_usercopy_62151 video_usercopy 2 62151 NULL
29796 ++wrmWithLock_62164 wrmWithLock 0 62164 NULL
29797 +prism54_wpa_bss_ie_get_62173 prism54_wpa_bss_ie_get 0 62173 NULL
29798 +alloc_upcall_62186 alloc_upcall 2 62186 NULL
29799 ++global_page_state_62202 global_page_state 0 62202 NULL
29800 +btrfs_xattr_acl_set_62203 btrfs_xattr_acl_set 4 62203 NULL
29801 +sock_kmalloc_62205 sock_kmalloc 2 62205 NULL
29802 +check_unicast_packet_62217 check_unicast_packet 2 62217 NULL
29803 +hash_new_62224 hash_new 1 62224 NULL
29804 +nfsd_read_file_62241 nfsd_read_file 6 62241 NULL
29805 -+allocate_partition_62245 allocate_partition 4 62245 NULL
29806 +send_control_msg_62261 send_control_msg 5 62261 NULL
29807 ++ocfs2_find_victim_alloc_group_62306 ocfs2_find_victim_alloc_group 0 62306 NULL
29808 +subsystem_filter_read_62310 subsystem_filter_read 3 62310 NULL
29809 +udf_sb_alloc_partition_maps_62313 udf_sb_alloc_partition_maps 2 62313 NULL
29810 ++hfcpci_empty_bfifo_62323 hfcpci_empty_bfifo 4 62323 NULL
29811 +Wb35Reg_BurstWrite_62327 Wb35Reg_BurstWrite 4 62327 NULL
29812 +flash_write_62354 flash_write 3 62354 NULL
29813 -+kmalloc_order_62372 kmalloc_order 0 62372 NULL
29814 ++xfpregs_set_62363 xfpregs_set 4 62363 NULL
29815 +altera_irscan_62396 altera_irscan 2 62396 NULL
29816 +udplite_manip_pkt_62433 udplite_manip_pkt 2 62433 NULL
29817 +netdev_alloc_skb_62437 netdev_alloc_skb 2 62437 NULL
29818 +e1000_check_copybreak_62448 e1000_check_copybreak 3 62448 NULL
29819 -+ceph_dns_resolve_name_62488 ceph_dns_resolve_name 2 62488 NULL
29820 -+mlx4_en_create_rx_ring_62498 mlx4_en_create_rx_ring 3 62498 NULL
29821 -+pep_sendmsg_62524 pep_sendmsg 4 62524 NULL
29822 ++ocfs2_path_bh_journal_access_62504 ocfs2_path_bh_journal_access 0 62504 NULL
29823 ++count_open_files_62524 count_open_files 0 62524 NULL nohasharray
29824 ++pep_sendmsg_62524 pep_sendmsg 4 62524 &count_open_files_62524
29825 +store_pwm1_62529 store_pwm1 4 62529 NULL
29826 +test_iso_queue_62534 test_iso_queue 5 62534 NULL
29827 +debugfs_read_62535 debugfs_read 3 62535 NULL
29828 +sco_sock_sendmsg_62542 sco_sock_sendmsg 4 62542 NULL
29829 +qib_refresh_qsfp_cache_62547 qib_refresh_qsfp_cache 0 62547 NULL
29830 +xfrm_user_policy_62573 xfrm_user_policy 4 62573 NULL
29831 -+flex_array_get_ptr_62579 flex_array_get_ptr 2 62579 NULL
29832 -+nfsd_vfs_read_62605 nfsd_vfs_read 6 62605 NULL
29833 -+iommu_area_alloc_62619 iommu_area_alloc 2-3-4-7 62619 NULL
29834 -+ems_pcmcia_add_card_62627 ems_pcmcia_add_card 2 62627 NULL
29835 ++packet_alloc_skb_62602 packet_alloc_skb 2-5-4 62602 NULL
29836 ++prism2_send_mgmt_62605 prism2_send_mgmt 4 62605 NULL nohasharray
29837 ++nfsd_vfs_read_62605 nfsd_vfs_read 6 62605 &prism2_send_mgmt_62605
29838 ++iommu_area_alloc_62619 iommu_area_alloc 2-3-4-7-0 62619 NULL
29839 +iwl_dbgfs_force_reset_read_62628 iwl_dbgfs_force_reset_read 3 62628 NULL
29840 -+compat_rangeinfo_62630 compat_rangeinfo 2 62630 NULL
29841 +lpfc_sli4_queue_alloc_62646 lpfc_sli4_queue_alloc 3 62646 NULL
29842 +tt_changes_fill_buffer_62649 tt_changes_fill_buffer 3 62649 NULL
29843 +ima_file_mmap_62663 ima_file_mmap 0 62663 NULL
29844 +write_62671 write 3 62671 NULL
29845 +printer_req_alloc_62687 printer_req_alloc 2 62687 NULL nohasharray
29846 +iwl_dbgfs_rx_statistics_read_62687 iwl_dbgfs_rx_statistics_read 3 62687 &printer_req_alloc_62687
29847 ++ext4_ind_map_blocks_62690 ext4_ind_map_blocks 0 62690 NULL
29848 +adxl34x_i2c_read_block_62691 adxl34x_i2c_read_block 3 62691 NULL
29849 -+ioremap_wc_62695 ioremap_wc 1-2 62695 NULL
29850 +bioset_integrity_create_62708 bioset_integrity_create 2 62708 NULL
29851 ++rdm_62719 rdm 0 62719 NULL
29852 +key_replays_read_62746 key_replays_read 3 62746 NULL
29853 -+init_chip_wc_pat_62768 init_chip_wc_pat 2 62768 NULL
29854 ++mwifiex_rdeeprom_write_62754 mwifiex_rdeeprom_write 3 62754 NULL
29855 +ax25_sendmsg_62770 ax25_sendmsg 4 62770 NULL
29856 +scrub_chunk_62771 scrub_chunk 4 62771 NULL nohasharray
29857 +page_key_alloc_62771 page_key_alloc 0 62771 &scrub_chunk_62771
29858 +tracing_total_entries_read_62817 tracing_total_entries_read 3 62817 NULL
29859 -+__rounddown_pow_of_two_62836 __rounddown_pow_of_two 0 62836 NULL
29860 ++__generic_file_splice_read_62834 __generic_file_splice_read 4 62834 NULL
29861 ++BeceemEEPROMBulkRead_62835 BeceemEEPROMBulkRead 0 62835 NULL
29862 ++__rounddown_pow_of_two_62836 __rounddown_pow_of_two 0-1 62836 NULL
29863 +xlog_recover_add_to_trans_62839 xlog_recover_add_to_trans 4 62839 NULL
29864 +rx_fcs_err_read_62844 rx_fcs_err_read 3 62844 NULL
29865 ++genlmsg_msg_size_62845 genlmsg_msg_size 0-1 62845 NULL
29866 ++read_nic_io_dword_62859 read_nic_io_dword 0 62859 NULL
29867 +hpi_read_word_62862 hpi_read_word 0 62862 NULL
29868 +nfs_writedata_alloc_62868 nfs_writedata_alloc 1 62868 NULL
29869 +aoechr_write_62883 aoechr_write 3 62883 NULL
29870 -+inode_mode_to_security_class_62886 inode_mode_to_security_class 0 62886 NULL
29871 +resize_info_buffer_62889 resize_info_buffer 2 62889 NULL
29872 +if_spi_host_to_card_62890 if_spi_host_to_card 4 62890 NULL
29873 ++ocfs2_validate_gd_parent_62905 ocfs2_validate_gd_parent 0 62905 NULL
29874 +mempool_create_slab_pool_62907 mempool_create_slab_pool 1 62907 NULL
29875 +getdqbuf_62908 getdqbuf 1 62908 NULL
29876 +agp_create_user_memory_62955 agp_create_user_memory 1 62955 NULL
29877 -+__vb2_perform_fileio_63033 __vb2_perform_fileio 3 63033 NULL
29878 ++get_skb_63008 get_skb 2 63008 NULL
29879 ++kstrtoull_from_user_63026 kstrtoull_from_user 2 63026 NULL
29880 ++PTR_ERR_63033 PTR_ERR 0 63033 NULL nohasharray
29881 ++__vb2_perform_fileio_63033 __vb2_perform_fileio 3 63033 &PTR_ERR_63033
29882 +scsi_host_alloc_63041 scsi_host_alloc 2 63041 NULL
29883 -+au_dir_size_63057 au_dir_size 0 63057 NULL
29884 +unlink1_63059 unlink1 3 63059 NULL
29885 -+ocfs2_decrease_refcount_63078 ocfs2_decrease_refcount 3 63078 NULL
29886 -+iwl_dbgfs_sensitivity_read_63116 iwl_dbgfs_sensitivity_read 3 63116 NULL
29887 ++ocfs2_decrease_refcount_63078 ocfs2_decrease_refcount 0-4-3 63078 NULL
29888 ++compare_lebs_63098 compare_lebs 0 63098 NULL
29889 ++brcmf_alloc_pkt_and_read_63116 brcmf_alloc_pkt_and_read 2 63116 NULL nohasharray
29890 ++iwl_dbgfs_sensitivity_read_63116 iwl_dbgfs_sensitivity_read 3 63116 &brcmf_alloc_pkt_and_read_63116
29891 +ib_send_cm_rtu_63138 ib_send_cm_rtu 3 63138 NULL
29892 ++snd_pcm_status_user_63140 snd_pcm_status_user 0 63140 NULL
29893 ++ubifs_change_one_lp_63157 ubifs_change_one_lp 0 63157 NULL
29894 ++dma_set_mask_63172 dma_set_mask 0 63172 NULL
29895 ++snd_pcm_lib_malloc_pages_63182 snd_pcm_lib_malloc_pages 2 63182 NULL
29896 +vme_master_read_63221 vme_master_read 0 63221 NULL
29897 +module_alloc_update_bounds_rw_63233 module_alloc_update_bounds_rw 1 63233 NULL
29898 ++sched_domain_node_span_63234 sched_domain_node_span 1 63234 NULL
29899 +ptp_read_63251 ptp_read 4 63251 NULL
29900 ++ntfs_attr_can_be_non_resident_63267 ntfs_attr_can_be_non_resident 0 63267 NULL
29901 ++readword_63288 readword 0 63288 NULL
29902 ++tcp_collapse_63294 tcp_collapse 5-6 63294 NULL
29903 ++isdn_ppp_ccp_xmit_reset_63297 isdn_ppp_ccp_xmit_reset 6 63297 NULL
29904 +dns_resolver_instantiate_63314 dns_resolver_instantiate 3 63314 NULL
29905 +proc_info_read_63344 proc_info_read 3 63344 NULL
29906 +ps_upsd_max_sptime_read_63362 ps_upsd_max_sptime_read 3 63362 NULL
29907 @@ -108797,127 +110547,152 @@ index 0000000..6fcc08d
29908 +noack_read_63419 noack_read 3 63419 NULL
29909 +l2cap_sock_sendmsg_63427 l2cap_sock_sendmsg 4 63427 NULL
29910 +iwl_dbgfs_debug_level_read_63430 iwl_dbgfs_debug_level_read 3 63430 NULL
29911 ++brcmu_pkttotlen_63431 brcmu_pkttotlen 0 63431 NULL
29912 +kone_send_63435 kone_send 4 63435 NULL
29913 +nfsd_symlink_63442 nfsd_symlink 6 63442 NULL
29914 +snd_info_entry_write_63474 snd_info_entry_write 3 63474 NULL
29915 -+read_kcore_63488 read_kcore 3 63488 NULL
29916 ++do_work_63483 do_work 0 63483 NULL
29917 ++read_kcore_63488 read_kcore 3 63488 NULL nohasharray
29918 ++get_gpio_63488 get_gpio 0 63488 &read_kcore_63488
29919 +snd_pcm_plug_write_transfer_63503 snd_pcm_plug_write_transfer 0-3 63503 NULL
29920 -+ubi_more_leb_change_data_63534 ubi_more_leb_change_data 4 63534 NULL
29921 ++ubi_more_leb_change_data_63534 ubi_more_leb_change_data 4-0 63534 NULL
29922 +snapshot_status_63538 snapshot_status 4 63538 NULL
29923 +if_sdio_read_scratch_63540 if_sdio_read_scratch 0 63540 NULL
29924 +append_to_buffer_63550 append_to_buffer 3 63550 NULL
29925 +kvm_write_guest_page_63555 kvm_write_guest_page 5 63555 NULL
29926 -+au_br_do_del_hdp_63561 au_br_do_del_hdp 3 63561 NULL
29927 +ubifs_lpt_scan_nolock_63572 ubifs_lpt_scan_nolock 0 63572 NULL
29928 +ocfs2_calc_trunc_pos_63576 ocfs2_calc_trunc_pos 4 63576 NULL
29929 +ext3_clear_blocks_63597 ext3_clear_blocks 4-5 63597 NULL
29930 ++mlx4_ib_alloc_cq_buf_63610 mlx4_ib_alloc_cq_buf 3 63610 NULL
29931 +module_alloc_63630 module_alloc 1 63630 NULL
29932 -+ntfs_malloc_nofs_nofail_63631 ntfs_malloc_nofs_nofail 1 63631 NULL
29933 +symbol_build_supp_rates_63634 symbol_build_supp_rates 0 63634 NULL
29934 -+_ubh_find_next_zero_bit__63640 _ubh_find_next_zero_bit_ 4-5-3 63640 NULL
29935 ++_ubh_find_next_zero_bit__63640 _ubh_find_next_zero_bit_ 3-5-4 63640 NULL
29936 ++ext4_ext_get_access_63642 ext4_ext_get_access 0 63642 NULL
29937 +proc_loginuid_write_63648 proc_loginuid_write 3 63648 NULL
29938 +nand_ecc_test_63654 nand_ecc_test 1 63654 NULL nohasharray
29939 -+ValidateDSDParamsChecksum_63654 ValidateDSDParamsChecksum 3 63654 &nand_ecc_test_63654
29940 ++ValidateDSDParamsChecksum_63654 ValidateDSDParamsChecksum 3-0 63654 &nand_ecc_test_63654
29941 +hidraw_ioctl_63658 hidraw_ioctl 2 63658 NULL
29942 +iwl4965_rs_sta_dbgfs_scale_table_read_63672 iwl4965_rs_sta_dbgfs_scale_table_read 3 63672 NULL
29943 +vbi_read_63673 vbi_read 3 63673 NULL nohasharray
29944 +xen_register_pirq_63673 xen_register_pirq 1-2 63673 &vbi_read_63673
29945 -+mkiss_compat_ioctl_63686 mkiss_compat_ioctl 4 63686 NULL
29946 ++bin_search_63697 bin_search 0 63697 NULL
29947 ++ocfs2_et_root_journal_access_63713 ocfs2_et_root_journal_access 0 63713 NULL
29948 +btrfs_insert_delayed_dir_index_63720 btrfs_insert_delayed_dir_index 4 63720 NULL
29949 +nfs4_reset_slot_table_63721 nfs4_reset_slot_table 2 63721 NULL
29950 -+au_ii_realloc_63728 au_ii_realloc 2 63728 NULL
29951 ++i915_gem_execbuffer_relocate_63728 i915_gem_execbuffer_relocate 0 63728 NULL
29952 +selinux_secctx_to_secid_63744 selinux_secctx_to_secid 2 63744 NULL
29953 ++i915_gem_execbuffer_flush_63749 i915_gem_execbuffer_flush 0 63749 NULL
29954 +snd_pcm_oss_read1_63771 snd_pcm_oss_read1 3 63771 NULL
29955 ++snd_pcm_link_63772 snd_pcm_link 0 63772 NULL
29956 +snd_opl4_mem_proc_read_63774 snd_opl4_mem_proc_read 5 63774 NULL
29957 -+spidev_compat_ioctl_63778 spidev_compat_ioctl 2-3 63778 NULL
29958 -+snapshot_compat_ioctl_63792 snapshot_compat_ioctl 3 63792 NULL
29959 ++spidev_compat_ioctl_63778 spidev_compat_ioctl 2 63778 NULL
29960 +mwifiex_11n_create_rx_reorder_tbl_63806 mwifiex_11n_create_rx_reorder_tbl 4 63806 NULL
29961 +copy_nodes_to_user_63807 copy_nodes_to_user 2 63807 NULL
29962 +sel_write_load_63830 sel_write_load 3 63830 NULL
29963 ++IsSectionWritable_63842 IsSectionWritable 0 63842 NULL
29964 +proc_pid_attr_write_63845 proc_pid_attr_write 3 63845 NULL
29965 +ieee80211_if_fmt_channel_type_63855 ieee80211_if_fmt_channel_type 3 63855 NULL
29966 +init_map_ipmac_63896 init_map_ipmac 4-3 63896 NULL
29967 -+divas_write_63901 divas_write 3 63901 NULL
29968 -+xhci_alloc_stream_info_63902 xhci_alloc_stream_info 3 63902 NULL
29969 ++IsOffsetWritable_63902 IsOffsetWritable 0 63902 NULL nohasharray
29970 ++xhci_alloc_stream_info_63902 xhci_alloc_stream_info 3 63902 &IsOffsetWritable_63902
29971 +pohmelfs_readpages_trans_complete_63912 pohmelfs_readpages_trans_complete 2 63912 NULL
29972 -+uvc_alloc_urb_buffers_63922 uvc_alloc_urb_buffers 0-3-2 63922 NULL
29973 ++uvc_alloc_urb_buffers_63922 uvc_alloc_urb_buffers 0-2-3 63922 NULL
29974 +acpi_ev_get_gpe_xrupt_block_63924 acpi_ev_get_gpe_xrupt_block 1 63924 NULL
29975 +ledd_proc_write_63928 ledd_proc_write 3 63928 NULL
29976 +tipc_send2port_63935 tipc_send2port 5 63935 NULL
29977 +afs_send_simple_reply_63940 afs_send_simple_reply 3 63940 NULL
29978 +macvtap_recvmsg_63949 macvtap_recvmsg 4 63949 NULL
29979 -+diva_xdi_write_63975 diva_xdi_write 4 63975 NULL
29980 ++domain_pfn_mapping_63957 domain_pfn_mapping 4 63957 NULL
29981 ++ieee80211_authentication_req_63973 ieee80211_authentication_req 3 63973 NULL
29982 +iwl_legacy_dbgfs_tx_statistics_read_63987 iwl_legacy_dbgfs_tx_statistics_read 3 63987 NULL
29983 +read_file_frameerrors_64001 read_file_frameerrors 3 64001 NULL
29984 -+raid_status_64011 raid_status 4 64011 NULL
29985 +kmemdup_64015 kmemdup 2 64015 NULL
29986 +tcf_csum_skb_nextlayer_64025 tcf_csum_skb_nextlayer 3 64025 NULL
29987 +dbAllocDmapLev_64030 dbAllocDmapLev 0 64030 NULL
29988 -+frequency_read_64031 frequency_read 3 64031 NULL nohasharray
29989 -+resize_async_buffer_64031 resize_async_buffer 4 64031 &frequency_read_64031
29990 ++frequency_read_64031 frequency_read 3 64031 NULL
29991 +get_u8_64076 get_u8 0 64076 NULL
29992 +sl_realloc_bufs_64086 sl_realloc_bufs 2 64086 NULL
29993 ++clear_update_marker_64088 clear_update_marker 0 64088 NULL
29994 +lbs_highrssi_read_64089 lbs_highrssi_read 3 64089 NULL
29995 +do_load_xattr_datum_64118 do_load_xattr_datum 0 64118 NULL
29996 +ol_quota_entries_per_block_64122 ol_quota_entries_per_block 0 64122 NULL
29997 -+init_bch_64130 init_bch 1-2 64130 NULL
29998 ++i915_gem_execbuffer_reserve_64127 i915_gem_execbuffer_reserve 0 64127 NULL
29999 ++init_bch_64130 init_bch 2-1 64130 NULL
30000 +uea_idma_write_64139 uea_idma_write 3 64139 NULL
30001 +ablkcipher_copy_iv_64140 ablkcipher_copy_iv 3 64140 NULL
30002 +dlfb_ops_write_64150 dlfb_ops_write 3 64150 NULL
30003 ++WriteReg_64163 WriteReg 0 64163 NULL
30004 +cpumask_scnprintf_64170 cpumask_scnprintf 2 64170 NULL
30005 +alloc_session_64171 alloc_session 2-1 64171 NULL
30006 ++ea_len_64229 ea_len 0 64229 NULL
30007 ++header_len_64232 header_len 0 64232 NULL
30008 ++xfrm_acquire_msgsize_64239 xfrm_acquire_msgsize 0 64239 NULL
30009 +redrat3_transmit_ir_64244 redrat3_transmit_ir 3 64244 NULL
30010 -+verify_ucode_size_64266 verify_ucode_size 0 64266 NULL
30011 ++fuse_do_getattr_64245 fuse_do_getattr 0 64245 NULL
30012 +io_capture_transfer_64276 io_capture_transfer 4 64276 NULL
30013 +btrfs_file_extent_offset_64278 btrfs_file_extent_offset 0 64278 NULL
30014 +event_id_read_64288 event_id_read 3 64288 NULL nohasharray
30015 +xfs_dir_cilookup_result_64288 xfs_dir_cilookup_result 3 64288 &event_id_read_64288
30016 ++btrfs_reserve_extent_64293 btrfs_reserve_extent 6 64293 NULL
30017 +ocfs2_block_check_validate_bhs_64302 ocfs2_block_check_validate_bhs 0 64302 NULL
30018 ++snd_hda_get_sub_nodes_64304 snd_hda_get_sub_nodes 0 64304 NULL
30019 +ffz_64324 ffz 0 64324 NULL
30020 +sisusbcon_clear_64329 sisusbcon_clear 4-3-5 64329 NULL
30021 -+kmem_cache_alloc_trace_64334 kmem_cache_alloc_trace 0 64334 NULL
30022 +ts_write_64336 ts_write 3 64336 NULL
30023 +usbtmc_write_64340 usbtmc_write 3 64340 NULL
30024 -+do_write_orph_node_64343 do_write_orph_node 2 64343 NULL
30025 -+wlc_phy_loadsampletable_nphy_64367 wlc_phy_loadsampletable_nphy 3 64367 NULL
30026 ++ft1000_read_reg_64352 ft1000_read_reg 0 64352 NULL
30027 ++user_regset_copyin_64360 user_regset_copyin 7 64360 NULL
30028 ++llc_alloc_frame_64366 llc_alloc_frame 4 64366 NULL
30029 ++bnx2_enable_msix_64372 bnx2_enable_msix 2 64372 NULL
30030 +ilo_write_64378 ilo_write 3 64378 NULL
30031 +ir_lirc_transmit_ir_64403 ir_lirc_transmit_ir 3 64403 NULL
30032 +pidlist_allocate_64404 pidlist_allocate 1 64404 NULL
30033 +rx_hdr_overflow_read_64407 rx_hdr_overflow_read 3 64407 NULL
30034 +snd_card_create_64418 snd_card_create 4 64418 NULL nohasharray
30035 +keyctl_get_security_64418 keyctl_get_security 3 64418 &snd_card_create_64418
30036 ++ax25_recvmsg_64441 ax25_recvmsg 4 64441 NULL
30037 ++pfkey_sockaddr_len_64453 pfkey_sockaddr_len 0 64453 NULL
30038 +ip_vs_create_timeout_table_64478 ip_vs_create_timeout_table 2 64478 NULL
30039 -+alloc_large_system_hash_64490 alloc_large_system_hash 2 64490 NULL
30040 ++alloc_large_system_hash_64490 alloc_large_system_hash 2-8-4-3 64490 NULL
30041 +p54_parse_rssical_64493 p54_parse_rssical 3 64493 NULL
30042 ++emulator_cmpxchg_emulated_64501 emulator_cmpxchg_emulated 5 64501 NULL
30043 +msg_data_sz_64503 msg_data_sz 0 64503 NULL
30044 +crypto_blkcipher_alignmask_64520 crypto_blkcipher_alignmask 0 64520 NULL
30045 +opera1_usb_i2c_msgxfer_64521 opera1_usb_i2c_msgxfer 4 64521 NULL
30046 ++iwl_dbgfs_ucode_tracing_write_64524 iwl_dbgfs_ucode_tracing_write 3 64524 NULL
30047 +ses_send_diag_64527 ses_send_diag 4 64527 NULL
30048 -+ca_extend_64541 ca_extend 2 64541 NULL
30049 +lm8323_read_64547 lm8323_read 4 64547 NULL
30050 +__spi_sync_64561 __spi_sync 0 64561 NULL
30051 +__apei_exec_run_64563 __apei_exec_run 0 64563 NULL
30052 ++diva_os_alloc_message_buffer_64568 diva_os_alloc_message_buffer 1 64568 NULL
30053 ++kstrtoul_from_user_64569 kstrtoul_from_user 2 64569 NULL
30054 ++use_pool_64607 use_pool 2 64607 NULL
30055 +fanotify_write_64623 fanotify_write 3 64623 NULL
30056 ++ocfs2_remove_refcount_extent_64631 ocfs2_remove_refcount_extent 0 64631 NULL
30057 +ocfs2_read_xattr_block_64661 ocfs2_read_xattr_block 0 64661 NULL
30058 +nr_free_zone_pages_64680 nr_free_zone_pages 0 64680 NULL
30059 ++ip_select_ident_more_64707 ip_select_ident_more 4 64707 NULL
30060 +__feat_register_sp_64712 __feat_register_sp 6 64712 NULL
30061 +snd_pcm_oss_capture_position_fixup_64713 snd_pcm_oss_capture_position_fixup 0 64713 NULL
30062 +dapm_bias_read_file_64715 dapm_bias_read_file 3 64715 NULL
30063 +atomic_add_return_64720 atomic_add_return 0-1 64720 NULL
30064 +i2400m_msg_to_dev_64722 i2400m_msg_to_dev 3 64722 NULL
30065 ++AscGetChipVersion_64737 AscGetChipVersion 0 64737 NULL
30066 +squashfs_read_inode_lookup_table_64739 squashfs_read_inode_lookup_table 4 64739 NULL
30067 +bio_map_kern_64751 bio_map_kern 3 64751 NULL
30068 +rt2x00debug_write_csr_64753 rt2x00debug_write_csr 3 64753 NULL
30069 +isr_low_rssi_read_64789 isr_low_rssi_read 3 64789 NULL
30070 +nfsctl_transaction_write_64800 nfsctl_transaction_write 3 64800 NULL
30071 ++rfkill_fop_write_64808 rfkill_fop_write 3 64808 NULL
30072 +megaraid_change_queue_depth_64815 megaraid_change_queue_depth 2 64815 NULL
30073 +ecryptfs_send_miscdev_64816 ecryptfs_send_miscdev 2 64816 NULL
30074 +do_kimage_alloc_64827 do_kimage_alloc 3 64827 NULL
30075 ++em28xx_read_reg_64839 em28xx_read_reg 0 64839 NULL
30076 +altera_set_dr_pre_64862 altera_set_dr_pre 2 64862 NULL
30077 +ffs_epfile_io_64886 ffs_epfile_io 3 64886 NULL
30078 ++mk_pid_64894 mk_pid 0-3 64894 NULL
30079 +ieee80211_if_read_ave_beacon_64924 ieee80211_if_read_ave_beacon 3 64924 NULL
30080 -+ubifs_wbuf_write_nolock_64946 ubifs_wbuf_write_nolock 3 64946 NULL
30081 -+snd_rawmidi_ioctl_compat_64954 snd_rawmidi_ioctl_compat 3 64954 NULL
30082 ++usb_reset_and_verify_device_64933 usb_reset_and_verify_device 0 64933 NULL
30083 +ip_options_get_from_user_64958 ip_options_get_from_user 4 64958 NULL
30084 +acpi_os_install_interrupt_handler_64968 acpi_os_install_interrupt_handler 1 64968 NULL
30085 +ext2_group_first_block_no_64972 ext2_group_first_block_no 0-2 64972 NULL
30086 @@ -108925,41 +110700,48 @@ index 0000000..6fcc08d
30087 +crypto_ahash_digestsize_65014 crypto_ahash_digestsize 0 65014 NULL
30088 +c4iw_ocqp_pool_alloc_65023 c4iw_ocqp_pool_alloc 2 65023 NULL
30089 +insert_dent_65034 insert_dent 7 65034 NULL
30090 -+compat_put_ushort_65040 compat_put_ushort 1 65040 NULL
30091 -+compat_cmdtest_65064 compat_cmdtest 2 65064 NULL
30092 -+count_run_65072 count_run 0-2-4 65072 NULL nohasharray
30093 ++brcmf_sdcard_rwdata_65041 brcmf_sdcard_rwdata 5 65041 NULL
30094 ++ath9k_multi_regread_65056 ath9k_multi_regread 4 65056 NULL
30095 ++pcibios_enable_device_65059 pcibios_enable_device 0 65059 NULL
30096 ++make_idx_node_65068 make_idx_node 0 65068 NULL
30097 ++count_run_65072 count_run 0-4-5-2 65072 NULL nohasharray
30098 +bnx2fc_process_l2_frame_compl_65072 bnx2fc_process_l2_frame_compl 3 65072 &count_run_65072
30099 +__alloc_bootmem_node_high_65076 __alloc_bootmem_node_high 2 65076 NULL
30100 +ocfs2_truncate_cluster_pages_65086 ocfs2_truncate_cluster_pages 2 65086 NULL
30101 -+ssb_bus_register_65183 ssb_bus_register 3 65183 NULL
30102 ++scsi_add_host_with_dma_65093 scsi_add_host_with_dma 0 65093 NULL
30103 ++nf_bridge_mtu_reduction_65192 nf_bridge_mtu_reduction 0 65192 NULL
30104 ++nfulnl_alloc_skb_65207 nfulnl_alloc_skb 2-1 65207 NULL
30105 +whci_n_caps_65247 whci_n_caps 0 65247 NULL
30106 +atomic_long_read_65263 atomic_long_read 0 65263 NULL
30107 -+kmem_zalloc_greedy_65268 kmem_zalloc_greedy 3-2 65268 NULL
30108 +kmalloc_parameter_65279 kmalloc_parameter 1 65279 NULL
30109 +compat_core_sys_select_65285 compat_core_sys_select 1 65285 NULL
30110 ++get_unaligned_le16_65293 get_unaligned_le16 0 65293 NULL
30111 +redirected_tty_write_65297 redirected_tty_write 3 65297 NULL
30112 +get_var_len_65304 get_var_len 0 65304 NULL
30113 +unpack_array_65318 unpack_array 0 65318 NULL
30114 +dccp_setsockopt_service_65336 dccp_setsockopt_service 4 65336 NULL
30115 +dma_rx_requested_read_65354 dma_rx_requested_read 3 65354 NULL
30116 +alloc_cpu_rmap_65363 alloc_cpu_rmap 1 65363 NULL
30117 -+strchr_65372 strchr 0 65372 NULL
30118 +__alloc_bootmem_nopanic_65397 __alloc_bootmem_nopanic 1 65397 NULL
30119 +trace_seq_to_user_65398 trace_seq_to_user 3 65398 NULL
30120 ++usb_ep_enable_65405 usb_ep_enable 0 65405 NULL
30121 +iio_device_add_channel_sysfs_65406 iio_device_add_channel_sysfs 0 65406 NULL
30122 +ocfs2_write_begin_nolock_65410 ocfs2_write_begin_nolock 3-4 65410 NULL
30123 -+drm_calloc_large_65421 drm_calloc_large 1-2 65421 NULL
30124 ++drm_calloc_large_65421 drm_calloc_large 2-1 65421 NULL
30125 ++device_add_groups_65423 device_add_groups 0 65423 NULL
30126 +cap_capable_65430 cap_capable 0 65430 NULL
30127 +xpc_kzalloc_cacheline_aligned_65433 xpc_kzalloc_cacheline_aligned 1 65433 NULL
30128 +usb_alloc_coherent_65444 usb_alloc_coherent 2 65444 NULL
30129 ++clear_user_65470 clear_user 2 65470 NULL
30130 +ath_rx_edma_init_65483 ath_rx_edma_init 2 65483 NULL
30131 +alloc_dr_65495 alloc_dr 2 65495 NULL
30132 ++selnl_msglen_65499 selnl_msglen 0 65499 NULL
30133 diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
30134 new file mode 100644
30135 -index 0000000..03d0c84
30136 +index 0000000..87dd5e2
30137 --- /dev/null
30138 +++ b/tools/gcc/size_overflow_plugin.c
30139 -@@ -0,0 +1,2113 @@
30140 +@@ -0,0 +1,3840 @@
30141 +/*
30142 + * Copyright 2011, 2012, 2013 by Emese Revfy <re.emese@×××××.com>
30143 + * Licensed under the GPL v2, or (at your option) v3
30144 @@ -108996,1790 +110778,3343 @@ index 0000000..03d0c84
30145 +#include "diagnostic.h"
30146 +#include "cfgloop.h"
30147 +
30148 -+#if BUILDING_GCC_VERSION >= 4008
30149 -+#define TODO_dump_func 0
30150 ++#if BUILDING_GCC_VERSION >= 4008
30151 ++#define TODO_dump_func 0
30152 ++#define TODO_dump_cgraph 0
30153 ++#endif
30154 ++
30155 ++#define __unused __attribute__((__unused__))
30156 ++#define ASM_NAME(node) IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(node))
30157 ++#define NAME(node) IDENTIFIER_POINTER(DECL_NAME(node))
30158 ++#define NAME_LEN(node) IDENTIFIER_LENGTH(DECL_NAME(node))
30159 ++#define BEFORE_STMT true
30160 ++#define AFTER_STMT false
30161 ++#define CREATE_NEW_VAR NULL_TREE
30162 ++#define CODES_LIMIT 32
30163 ++#define MAX_PARAM 31
30164 ++#define VEC_LEN 128
30165 ++#define MY_STMT GF_PLF_1
30166 ++#define NO_CAST_CHECK GF_PLF_2
30167 ++#define RET_CHECK NULL_TREE
30168 ++#define CANNOT_FIND_ARG 32
30169 ++#define WRONG_NODE 32
30170 ++#define NOT_INTENTIONAL_ASM NULL
30171 ++#define MIN_CHECK true
30172 ++#define MAX_CHECK false
30173 ++
30174 ++#if BUILDING_GCC_VERSION == 4005
30175 ++#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
30176 ++#endif
30177 ++
30178 ++struct size_overflow_hash {
30179 ++ const struct size_overflow_hash * const next;
30180 ++ const char * const name;
30181 ++ const unsigned int param;
30182 ++};
30183 ++
30184 ++#include "size_overflow_hash.h"
30185 ++
30186 ++enum mark {
30187 ++ MARK_NO, MARK_YES, MARK_NOT_INTENTIONAL, MARK_TURN_OFF
30188 ++};
30189 ++
30190 ++static unsigned int call_count;
30191 ++
30192 ++struct visited {
30193 ++ struct visited *next;
30194 ++ const_tree fndecl;
30195 ++ unsigned int num;
30196 ++ const_gimple first_stmt;
30197 ++};
30198 ++
30199 ++struct next_cgraph_node {
30200 ++ struct next_cgraph_node *next;
30201 ++ struct cgraph_node *current_function;
30202 ++ tree callee_fndecl;
30203 ++ unsigned int num;
30204 ++};
30205 ++
30206 ++struct interesting_node {
30207 ++ struct interesting_node *next;
30208 ++ gimple first_stmt;
30209 ++ const_tree fndecl;
30210 ++ tree node;
30211 ++#if BUILDING_GCC_VERSION <= 4007
30212 ++ VEC(tree, gc) *last_nodes;
30213 ++#else
30214 ++ vec<tree, va_gc> *last_nodes;
30215 ++#endif
30216 ++ unsigned int num;
30217 ++ enum mark intentional_attr_decl;
30218 ++ enum mark intentional_attr_cur_fndecl;
30219 ++ gimple intentional_mark_from_gimple;
30220 ++};
30221 ++
30222 ++int plugin_is_GPL_compatible;
30223 ++void debug_gimple_stmt(gimple gs);
30224 ++
30225 ++static tree report_size_overflow_decl;
30226 ++static const_tree const_char_ptr_type_node;
30227 ++
30228 ++static tree expand(struct pointer_set_t *visited, struct cgraph_node *caller_node, tree lhs);
30229 ++static void set_conditions(struct pointer_set_t *visited, bool *interesting_conditions, const_tree lhs);
30230 ++static void walk_use_def(struct pointer_set_t *visited, struct interesting_node *cur_node, tree lhs);
30231 ++static enum mark search_intentional(struct pointer_set_t *visited, const_tree lhs);
30232 ++static void search_size_overflow_attribute(struct pointer_set_t *visited, tree lhs);
30233 ++
30234 ++static void check_size_overflow(struct cgraph_node *caller_node, gimple stmt, tree size_overflow_type, tree cast_rhs, tree rhs, bool before);
30235 ++static tree get_size_overflow_type(gimple stmt, const_tree node);
30236 ++static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, const_tree node, tree rhs1, tree rhs2, tree __unused rhs3);
30237 ++
30238 ++static struct plugin_info size_overflow_plugin_info = {
30239 ++ .version = "20131120beta",
30240 ++ .help = "no-size-overflow\tturn off size overflow checking\n",
30241 ++};
30242 ++
30243 ++static tree handle_size_overflow_attribute(tree *node, tree __unused name, tree args, int __unused flags, bool *no_add_attrs)
30244 ++{
30245 ++ unsigned int arg_count;
30246 ++ enum tree_code code = TREE_CODE(*node);
30247 ++
30248 ++ switch (code) {
30249 ++ case FUNCTION_DECL:
30250 ++ arg_count = type_num_arguments(TREE_TYPE(*node));
30251 ++ break;
30252 ++ case FUNCTION_TYPE:
30253 ++ case METHOD_TYPE:
30254 ++ arg_count = type_num_arguments(*node);
30255 ++ break;
30256 ++ default:
30257 ++ *no_add_attrs = true;
30258 ++ error("%s: %qE attribute only applies to functions", __func__, name);
30259 ++ return NULL_TREE;
30260 ++ }
30261 ++
30262 ++ for (; args; args = TREE_CHAIN(args)) {
30263 ++ tree position = TREE_VALUE(args);
30264 ++ if (TREE_CODE(position) != INTEGER_CST || TREE_INT_CST_LOW(position) > arg_count ) {
30265 ++ error("%s: parameter %u is outside range.", __func__, (unsigned int)TREE_INT_CST_LOW(position));
30266 ++ *no_add_attrs = true;
30267 ++ }
30268 ++ }
30269 ++ return NULL_TREE;
30270 ++}
30271 ++
30272 ++static tree handle_intentional_overflow_attribute(tree *node, tree __unused name, tree args, int __unused flags, bool *no_add_attrs)
30273 ++{
30274 ++ unsigned int arg_count;
30275 ++ enum tree_code code = TREE_CODE(*node);
30276 ++
30277 ++ switch (code) {
30278 ++ case FUNCTION_DECL:
30279 ++ arg_count = type_num_arguments(TREE_TYPE(*node));
30280 ++ break;
30281 ++ case FUNCTION_TYPE:
30282 ++ case METHOD_TYPE:
30283 ++ arg_count = type_num_arguments(*node);
30284 ++ break;
30285 ++ case FIELD_DECL:
30286 ++ return NULL_TREE;
30287 ++ default:
30288 ++ *no_add_attrs = true;
30289 ++ error("%qE attribute only applies to functions", name);
30290 ++ return NULL_TREE;
30291 ++ }
30292 ++
30293 ++ if (TREE_INT_CST_HIGH(TREE_VALUE(args)) != 0)
30294 ++ return NULL_TREE;
30295 ++
30296 ++ for (; args; args = TREE_CHAIN(args)) {
30297 ++ tree position = TREE_VALUE(args);
30298 ++ if (TREE_CODE(position) != INTEGER_CST || TREE_INT_CST_LOW(position) > arg_count ) {
30299 ++ error("%s: parameter %u is outside range.", __func__, (unsigned int)TREE_INT_CST_LOW(position));
30300 ++ *no_add_attrs = true;
30301 ++ }
30302 ++ }
30303 ++ return NULL_TREE;
30304 ++}
30305 ++
30306 ++static struct attribute_spec size_overflow_attr = {
30307 ++ .name = "size_overflow",
30308 ++ .min_length = 1,
30309 ++ .max_length = -1,
30310 ++ .decl_required = true,
30311 ++ .type_required = false,
30312 ++ .function_type_required = false,
30313 ++ .handler = handle_size_overflow_attribute,
30314 ++#if BUILDING_GCC_VERSION >= 4007
30315 ++ .affects_type_identity = false
30316 ++#endif
30317 ++};
30318 ++
30319 ++static struct attribute_spec intentional_overflow_attr = {
30320 ++ .name = "intentional_overflow",
30321 ++ .min_length = 1,
30322 ++ .max_length = -1,
30323 ++ .decl_required = true,
30324 ++ .type_required = false,
30325 ++ .function_type_required = false,
30326 ++ .handler = handle_intentional_overflow_attribute,
30327 ++#if BUILDING_GCC_VERSION >= 4007
30328 ++ .affects_type_identity = false
30329 ++#endif
30330 ++};
30331 ++
30332 ++static void register_attributes(void __unused *event_data, void __unused *data)
30333 ++{
30334 ++ register_attribute(&size_overflow_attr);
30335 ++ register_attribute(&intentional_overflow_attr);
30336 ++}
30337 ++
30338 ++static bool is_bool(const_tree node)
30339 ++{
30340 ++ const_tree type;
30341 ++
30342 ++ if (node == NULL_TREE)
30343 ++ return false;
30344 ++
30345 ++ type = TREE_TYPE(node);
30346 ++ if (!INTEGRAL_TYPE_P(type))
30347 ++ return false;
30348 ++ if (TREE_CODE(type) == BOOLEAN_TYPE)
30349 ++ return true;
30350 ++ if (TYPE_PRECISION(type) == 1)
30351 ++ return true;
30352 ++ return false;
30353 ++}
30354 ++
30355 ++static bool skip_types(const_tree var)
30356 ++{
30357 ++ tree type;
30358 ++ enum tree_code code;
30359 ++
30360 ++ if (is_gimple_constant(var))
30361 ++ return true;
30362 ++
30363 ++ switch (TREE_CODE(var)) {
30364 ++ case ADDR_EXPR:
30365 ++#if BUILDING_GCC_VERSION >= 4006
30366 ++ case MEM_REF:
30367 ++#endif
30368 ++ case ARRAY_REF:
30369 ++ case BIT_FIELD_REF:
30370 ++ case INDIRECT_REF:
30371 ++ case TARGET_MEM_REF:
30372 ++ case COMPONENT_REF:
30373 ++ case VAR_DECL:
30374 ++ case VIEW_CONVERT_EXPR:
30375 ++ return true;
30376 ++ default:
30377 ++ break;
30378 ++ }
30379 ++
30380 ++ code = TREE_CODE(var);
30381 ++ gcc_assert(code == SSA_NAME || code == PARM_DECL);
30382 ++
30383 ++ type = TREE_TYPE(var);
30384 ++ switch (TREE_CODE(type)) {
30385 ++ case INTEGER_TYPE:
30386 ++ case ENUMERAL_TYPE:
30387 ++ return false;
30388 ++ case BOOLEAN_TYPE:
30389 ++ return is_bool(var);
30390 ++ default:
30391 ++ return true;
30392 ++ }
30393 ++}
30394 ++
30395 ++static inline gimple get_def_stmt(const_tree node)
30396 ++{
30397 ++ gcc_assert(node != NULL_TREE);
30398 ++
30399 ++ if (skip_types(node))
30400 ++ return NULL;
30401 ++
30402 ++ if (TREE_CODE(node) != SSA_NAME)
30403 ++ return NULL;
30404 ++ return SSA_NAME_DEF_STMT(node);
30405 ++}
30406 ++
30407 ++static unsigned char get_tree_code(const_tree type)
30408 ++{
30409 ++ switch (TREE_CODE(type)) {
30410 ++ case ARRAY_TYPE:
30411 ++ return 0;
30412 ++ case BOOLEAN_TYPE:
30413 ++ return 1;
30414 ++ case ENUMERAL_TYPE:
30415 ++ return 2;
30416 ++ case FUNCTION_TYPE:
30417 ++ return 3;
30418 ++ case INTEGER_TYPE:
30419 ++ return 4;
30420 ++ case POINTER_TYPE:
30421 ++ return 5;
30422 ++ case RECORD_TYPE:
30423 ++ return 6;
30424 ++ case UNION_TYPE:
30425 ++ return 7;
30426 ++ case VOID_TYPE:
30427 ++ return 8;
30428 ++ case REAL_TYPE:
30429 ++ return 9;
30430 ++ case VECTOR_TYPE:
30431 ++ return 10;
30432 ++ case REFERENCE_TYPE:
30433 ++ return 11;
30434 ++ case OFFSET_TYPE:
30435 ++ return 12;
30436 ++ case COMPLEX_TYPE:
30437 ++ return 13;
30438 ++ default:
30439 ++ debug_tree((tree)type);
30440 ++ gcc_unreachable();
30441 ++ }
30442 ++}
30443 ++
30444 ++struct function_hash {
30445 ++ size_t tree_codes_len;
30446 ++ unsigned char tree_codes[CODES_LIMIT];
30447 ++ tree fndecl;
30448 ++ unsigned int hash;
30449 ++};
30450 ++
30451 ++// http://www.team5150.com/~andrew/noncryptohashzoo2~/CrapWow.html
30452 ++static unsigned int CrapWow(const char *key, unsigned int len, unsigned int seed)
30453 ++{
30454 ++#define cwfold( a, b, lo, hi ) { p = (unsigned int)(a) * (unsigned long long)(b); lo ^= (unsigned int)p; hi ^= (unsigned int)(p >> 32); }
30455 ++#define cwmixa( in ) { cwfold( in, m, k, h ); }
30456 ++#define cwmixb( in ) { cwfold( in, n, h, k ); }
30457 ++
30458 ++ unsigned int m = 0x57559429;
30459 ++ unsigned int n = 0x5052acdb;
30460 ++ const unsigned int *key4 = (const unsigned int *)key;
30461 ++ unsigned int h = len;
30462 ++ unsigned int k = len + seed + n;
30463 ++ unsigned long long p;
30464 ++
30465 ++ while (len >= 8) {
30466 ++ cwmixb(key4[0]) cwmixa(key4[1]) key4 += 2;
30467 ++ len -= 8;
30468 ++ }
30469 ++ if (len >= 4) {
30470 ++ cwmixb(key4[0]) key4 += 1;
30471 ++ len -= 4;
30472 ++ }
30473 ++ if (len)
30474 ++ cwmixa(key4[0] & ((1 << (len * 8)) - 1 ));
30475 ++ cwmixb(h ^ (k + n));
30476 ++ return k ^ h;
30477 ++
30478 ++#undef cwfold
30479 ++#undef cwmixa
30480 ++#undef cwmixb
30481 ++}
30482 ++
30483 ++static void set_hash(const char *fn_name, struct function_hash *fn_hash_data)
30484 ++{
30485 ++ unsigned int fn, codes, seed = 0;
30486 ++
30487 ++ fn = CrapWow(fn_name, strlen(fn_name), seed) & 0xffff;
30488 ++ codes = CrapWow((const char*)fn_hash_data->tree_codes, fn_hash_data->tree_codes_len, seed) & 0xffff;
30489 ++
30490 ++ fn_hash_data->hash = fn ^ codes;
30491 ++}
30492 ++
30493 ++static void set_node_codes(const_tree type, struct function_hash *fn_hash_data)
30494 ++{
30495 ++ gcc_assert(type != NULL_TREE);
30496 ++ gcc_assert(TREE_CODE_CLASS(TREE_CODE(type)) == tcc_type);
30497 ++
30498 ++ while (type && fn_hash_data->tree_codes_len < CODES_LIMIT) {
30499 ++ fn_hash_data->tree_codes[fn_hash_data->tree_codes_len] = get_tree_code(type);
30500 ++ fn_hash_data->tree_codes_len++;
30501 ++ type = TREE_TYPE(type);
30502 ++ }
30503 ++}
30504 ++
30505 ++static void set_result_codes(const_tree node, struct function_hash *fn_hash_data)
30506 ++{
30507 ++ const_tree result;
30508 ++
30509 ++ gcc_assert(node != NULL_TREE);
30510 ++
30511 ++ if (DECL_P(node)) {
30512 ++ result = DECL_RESULT(node);
30513 ++ if (result != NULL_TREE)
30514 ++ return set_node_codes(TREE_TYPE(result), fn_hash_data);
30515 ++ return set_result_codes(TREE_TYPE(node), fn_hash_data);
30516 ++ }
30517 ++
30518 ++ gcc_assert(TYPE_P(node));
30519 ++
30520 ++ if (TREE_CODE(node) == FUNCTION_TYPE)
30521 ++ return set_result_codes(TREE_TYPE(node), fn_hash_data);
30522 ++
30523 ++ return set_node_codes(node, fn_hash_data);
30524 ++}
30525 ++
30526 ++static void set_function_codes(struct function_hash *fn_hash_data)
30527 ++{
30528 ++ const_tree arg, type = TREE_TYPE(fn_hash_data->fndecl);
30529 ++ enum tree_code code = TREE_CODE(type);
30530 ++
30531 ++ gcc_assert(code == FUNCTION_TYPE || code == METHOD_TYPE);
30532 ++
30533 ++ set_result_codes(fn_hash_data->fndecl, fn_hash_data);
30534 ++
30535 ++ for (arg = TYPE_ARG_TYPES(type); arg != NULL_TREE && fn_hash_data->tree_codes_len < CODES_LIMIT; arg = TREE_CHAIN(arg))
30536 ++ set_node_codes(TREE_VALUE(arg), fn_hash_data);
30537 ++}
30538 ++
30539 ++static const struct size_overflow_hash *get_function_hash(tree fndecl)
30540 ++{
30541 ++ const struct size_overflow_hash *entry;
30542 ++ struct function_hash fn_hash_data;
30543 ++ const char *func_name;
30544 ++
30545 ++ // skip builtins __builtin_constant_p
30546 ++ if (DECL_BUILT_IN(fndecl))
30547 ++ return NULL;
30548 ++
30549 ++ fn_hash_data.fndecl = fndecl;
30550 ++ fn_hash_data.tree_codes_len = 0;
30551 ++
30552 ++ set_function_codes(&fn_hash_data);
30553 ++ gcc_assert(fn_hash_data.tree_codes_len != 0);
30554 ++
30555 ++ func_name = ASM_NAME(fn_hash_data.fndecl);
30556 ++ set_hash(func_name, &fn_hash_data);
30557 ++
30558 ++ entry = size_overflow_hash[fn_hash_data.hash];
30559 ++
30560 ++ while (entry) {
30561 ++ if (!strcmp(entry->name, func_name))
30562 ++ return entry;
30563 ++ entry = entry->next;
30564 ++ }
30565 ++ return NULL;
30566 ++}
30567 ++
30568 ++static void print_missing_msg(tree func, unsigned int argnum)
30569 ++{
30570 ++ location_t loc;
30571 ++ const char *curfunc;
30572 ++ struct function_hash fn_hash_data;
30573 ++
30574 ++ fn_hash_data.fndecl = DECL_ORIGIN(func);
30575 ++ fn_hash_data.tree_codes_len = 0;
30576 ++
30577 ++ loc = DECL_SOURCE_LOCATION(fn_hash_data.fndecl);
30578 ++ curfunc = ASM_NAME(fn_hash_data.fndecl);
30579 ++
30580 ++ set_function_codes(&fn_hash_data);
30581 ++ set_hash(curfunc, &fn_hash_data);
30582 ++
30583 ++ inform(loc, "Function %s is missing from the size_overflow hash table +%s+%u+%u+", curfunc, curfunc, argnum, fn_hash_data.hash);
30584 ++}
30585 ++
30586 ++static unsigned int find_arg_number_tree(const_tree arg, const_tree func)
30587 ++{
30588 ++ tree var;
30589 ++ unsigned int argnum = 1;
30590 ++
30591 ++ if (TREE_CODE(arg) == SSA_NAME)
30592 ++ arg = SSA_NAME_VAR(arg);
30593 ++
30594 ++ for (var = DECL_ARGUMENTS(func); var; var = TREE_CHAIN(var), argnum++) {
30595 ++ if (!operand_equal_p(arg, var, 0) && strcmp(NAME(var), NAME(arg)))
30596 ++ continue;
30597 ++ if (!skip_types(var))
30598 ++ return argnum;
30599 ++ }
30600 ++
30601 ++ return CANNOT_FIND_ARG;
30602 ++}
30603 ++
30604 ++static tree create_new_var(tree type)
30605 ++{
30606 ++ tree new_var = create_tmp_var(type, "cicus");
30607 ++
30608 ++#if BUILDING_GCC_VERSION <= 4007
30609 ++ add_referenced_var(new_var);
30610 ++#endif
30611 ++ return new_var;
30612 ++}
30613 ++
30614 ++static gimple create_binary_assign(enum tree_code code, gimple stmt, tree rhs1, tree rhs2)
30615 ++{
30616 ++ gimple assign;
30617 ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
30618 ++ tree type = TREE_TYPE(rhs1);
30619 ++ tree lhs = create_new_var(type);
30620 ++
30621 ++ gcc_assert(types_compatible_p(type, TREE_TYPE(rhs2)));
30622 ++ assign = gimple_build_assign_with_ops(code, lhs, rhs1, rhs2);
30623 ++ gimple_assign_set_lhs(assign, make_ssa_name(lhs, assign));
30624 ++
30625 ++ gsi_insert_before(&gsi, assign, GSI_NEW_STMT);
30626 ++ update_stmt(assign);
30627 ++ gimple_set_plf(assign, MY_STMT, true);
30628 ++ return assign;
30629 ++}
30630 ++
30631 ++static tree cast_a_tree(tree type, tree var)
30632 ++{
30633 ++ gcc_assert(type != NULL_TREE);
30634 ++ gcc_assert(var != NULL_TREE);
30635 ++ gcc_assert(fold_convertible_p(type, var));
30636 ++
30637 ++ return fold_convert(type, var);
30638 ++}
30639 ++
30640 ++static tree get_lhs(const_gimple stmt)
30641 ++{
30642 ++ switch (gimple_code(stmt)) {
30643 ++ case GIMPLE_ASSIGN:
30644 ++ case GIMPLE_CALL:
30645 ++ return gimple_get_lhs(stmt);
30646 ++ case GIMPLE_PHI:
30647 ++ return gimple_phi_result(stmt);
30648 ++ default:
30649 ++ return NULL_TREE;
30650 ++ }
30651 ++}
30652 ++
30653 ++static bool skip_cast(tree dst_type, const_tree rhs, bool force)
30654 ++{
30655 ++ const_gimple def_stmt = get_def_stmt(rhs);
30656 ++
30657 ++ if (force)
30658 ++ return false;
30659 ++
30660 ++ if (is_gimple_constant(rhs))
30661 ++ return false;
30662 ++
30663 ++ if (!def_stmt || gimple_code(def_stmt) == GIMPLE_NOP)
30664 ++ return false;
30665 ++
30666 ++ if (!types_compatible_p(dst_type, TREE_TYPE(rhs)))
30667 ++ return false;
30668 ++
30669 ++ // DI type can be on 32 bit (from create_assign) but overflow type stays DI
30670 ++ if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode))
30671 ++ return false;
30672 ++
30673 ++ return true;
30674 ++}
30675 ++
30676 ++static gimple build_cast_stmt(tree dst_type, tree rhs, tree lhs, gimple_stmt_iterator *gsi, bool before, bool force)
30677 ++{
30678 ++ gimple assign, def_stmt;
30679 ++
30680 ++ gcc_assert(dst_type != NULL_TREE && rhs != NULL_TREE);
30681 ++ if (gsi_end_p(*gsi) && before == AFTER_STMT)
30682 ++ gcc_unreachable();
30683 ++
30684 ++ def_stmt = get_def_stmt(rhs);
30685 ++ if (def_stmt && gimple_code(def_stmt) != GIMPLE_NOP && skip_cast(dst_type, rhs, force) && gimple_plf(def_stmt, MY_STMT))
30686 ++ return def_stmt;
30687 ++
30688 ++ if (lhs == CREATE_NEW_VAR)
30689 ++ lhs = create_new_var(dst_type);
30690 ++
30691 ++ assign = gimple_build_assign(lhs, cast_a_tree(dst_type, rhs));
30692 ++
30693 ++ if (!gsi_end_p(*gsi)) {
30694 ++ location_t loc = gimple_location(gsi_stmt(*gsi));
30695 ++ gimple_set_location(assign, loc);
30696 ++ }
30697 ++
30698 ++ gimple_assign_set_lhs(assign, make_ssa_name(lhs, assign));
30699 ++
30700 ++ if (before)
30701 ++ gsi_insert_before(gsi, assign, GSI_NEW_STMT);
30702 ++ else
30703 ++ gsi_insert_after(gsi, assign, GSI_NEW_STMT);
30704 ++ update_stmt(assign);
30705 ++ return assign;
30706 ++}
30707 ++
30708 ++static tree cast_to_new_size_overflow_type(gimple stmt, tree rhs, tree size_overflow_type, bool before)
30709 ++{
30710 ++ gimple_stmt_iterator gsi;
30711 ++ tree lhs;
30712 ++ gimple new_stmt;
30713 ++
30714 ++ if (rhs == NULL_TREE)
30715 ++ return NULL_TREE;
30716 ++
30717 ++ gsi = gsi_for_stmt(stmt);
30718 ++ new_stmt = build_cast_stmt(size_overflow_type, rhs, CREATE_NEW_VAR, &gsi, before, false);
30719 ++ gimple_set_plf(new_stmt, MY_STMT, true);
30720 ++
30721 ++ lhs = get_lhs(new_stmt);
30722 ++ gcc_assert(lhs != NULL_TREE);
30723 ++ return lhs;
30724 ++}
30725 ++
30726 ++static tree cast_to_TI_type(gimple stmt, tree node)
30727 ++{
30728 ++ gimple_stmt_iterator gsi;
30729 ++ gimple cast_stmt;
30730 ++ tree type = TREE_TYPE(node);
30731 ++
30732 ++ if (types_compatible_p(type, intTI_type_node))
30733 ++ return node;
30734 ++
30735 ++ gsi = gsi_for_stmt(stmt);
30736 ++ cast_stmt = build_cast_stmt(intTI_type_node, node, CREATE_NEW_VAR, &gsi, BEFORE_STMT, false);
30737 ++ gimple_set_plf(cast_stmt, MY_STMT, true);
30738 ++ return gimple_assign_lhs(cast_stmt);
30739 ++}
30740 ++
30741 ++static tree create_assign(struct pointer_set_t *visited, gimple oldstmt, tree rhs1, bool before)
30742 ++{
30743 ++ tree lhs, new_lhs;
30744 ++ gimple_stmt_iterator gsi;
30745 ++
30746 ++ if (rhs1 == NULL_TREE) {
30747 ++ debug_gimple_stmt(oldstmt);
30748 ++ error("%s: rhs1 is NULL_TREE", __func__);
30749 ++ gcc_unreachable();
30750 ++ }
30751 ++
30752 ++ switch (gimple_code(oldstmt)) {
30753 ++ case GIMPLE_ASM:
30754 ++ lhs = rhs1;
30755 ++ break;
30756 ++ case GIMPLE_CALL:
30757 ++ case GIMPLE_ASSIGN:
30758 ++ lhs = gimple_get_lhs(oldstmt);
30759 ++ break;
30760 ++ default:
30761 ++ debug_gimple_stmt(oldstmt);
30762 ++ gcc_unreachable();
30763 ++ }
30764 ++
30765 ++ gsi = gsi_for_stmt(oldstmt);
30766 ++ pointer_set_insert(visited, oldstmt);
30767 ++ if (lookup_stmt_eh_lp(oldstmt) != 0) {
30768 ++ basic_block next_bb, cur_bb;
30769 ++ const_edge e;
30770 ++
30771 ++ gcc_assert(before == false);
30772 ++ gcc_assert(stmt_can_throw_internal(oldstmt));
30773 ++ gcc_assert(gimple_code(oldstmt) == GIMPLE_CALL);
30774 ++ gcc_assert(!gsi_end_p(gsi));
30775 ++
30776 ++ cur_bb = gimple_bb(oldstmt);
30777 ++ next_bb = cur_bb->next_bb;
30778 ++ e = find_edge(cur_bb, next_bb);
30779 ++ gcc_assert(e != NULL);
30780 ++ gcc_assert(e->flags & EDGE_FALLTHRU);
30781 ++
30782 ++ gsi = gsi_after_labels(next_bb);
30783 ++ gcc_assert(!gsi_end_p(gsi));
30784 ++
30785 ++ before = true;
30786 ++ oldstmt = gsi_stmt(gsi);
30787 ++ }
30788 ++
30789 ++ new_lhs = cast_to_new_size_overflow_type(oldstmt, rhs1, get_size_overflow_type(oldstmt, lhs), before);
30790 ++ return new_lhs;
30791 ++}
30792 ++
30793 ++static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, const_tree node, tree rhs1, tree rhs2, tree __unused rhs3)
30794 ++{
30795 ++ gimple stmt;
30796 ++ gimple_stmt_iterator gsi;
30797 ++ tree size_overflow_type, new_var, lhs = gimple_assign_lhs(oldstmt);
30798 ++
30799 ++ if (gimple_plf(oldstmt, MY_STMT))
30800 ++ return lhs;
30801 ++
30802 ++ if (gimple_num_ops(oldstmt) != 4 && rhs1 == NULL_TREE) {
30803 ++ rhs1 = gimple_assign_rhs1(oldstmt);
30804 ++ rhs1 = create_assign(visited, oldstmt, rhs1, BEFORE_STMT);
30805 ++ }
30806 ++ if (gimple_num_ops(oldstmt) == 3 && rhs2 == NULL_TREE) {
30807 ++ rhs2 = gimple_assign_rhs2(oldstmt);
30808 ++ rhs2 = create_assign(visited, oldstmt, rhs2, BEFORE_STMT);
30809 ++ }
30810 ++
30811 ++ stmt = gimple_copy(oldstmt);
30812 ++ gimple_set_location(stmt, gimple_location(oldstmt));
30813 ++ gimple_set_plf(stmt, MY_STMT, true);
30814 ++
30815 ++ if (gimple_assign_rhs_code(oldstmt) == WIDEN_MULT_EXPR)
30816 ++ gimple_assign_set_rhs_code(stmt, MULT_EXPR);
30817 ++
30818 ++ size_overflow_type = get_size_overflow_type(oldstmt, node);
30819 ++
30820 ++ new_var = create_new_var(size_overflow_type);
30821 ++ new_var = make_ssa_name(new_var, stmt);
30822 ++ gimple_assign_set_lhs(stmt, new_var);
30823 ++
30824 ++ if (rhs1 != NULL_TREE)
30825 ++ gimple_assign_set_rhs1(stmt, rhs1);
30826 ++
30827 ++ if (rhs2 != NULL_TREE)
30828 ++ gimple_assign_set_rhs2(stmt, rhs2);
30829 ++#if BUILDING_GCC_VERSION >= 4007
30830 ++ if (rhs3 != NULL_TREE)
30831 ++ gimple_assign_set_rhs3(stmt, rhs3);
30832 ++#endif
30833 ++ gimple_set_vuse(stmt, gimple_vuse(oldstmt));
30834 ++ gimple_set_vdef(stmt, gimple_vdef(oldstmt));
30835 ++
30836 ++ gsi = gsi_for_stmt(oldstmt);
30837 ++ gsi_insert_after(&gsi, stmt, GSI_SAME_STMT);
30838 ++ update_stmt(stmt);
30839 ++ pointer_set_insert(visited, oldstmt);
30840 ++ return gimple_assign_lhs(stmt);
30841 ++}
30842 ++
30843 ++static tree cast_parm_decl(tree phi_ssa_name, tree arg, tree size_overflow_type, basic_block bb)
30844 ++{
30845 ++ gimple assign;
30846 ++ gimple_stmt_iterator gsi;
30847 ++ basic_block first_bb;
30848 ++
30849 ++ gcc_assert(SSA_NAME_IS_DEFAULT_DEF(arg));
30850 ++
30851 ++ if (bb->index == 0) {
30852 ++ first_bb = split_block_after_labels(ENTRY_BLOCK_PTR)->dest;
30853 ++ gcc_assert(dom_info_available_p(CDI_DOMINATORS));
30854 ++ set_immediate_dominator(CDI_DOMINATORS, first_bb, ENTRY_BLOCK_PTR);
30855 ++ bb = first_bb;
30856 ++ }
30857 ++
30858 ++ gsi = gsi_after_labels(bb);
30859 ++ assign = build_cast_stmt(size_overflow_type, arg, phi_ssa_name, &gsi, BEFORE_STMT, false);
30860 ++ gimple_set_plf(assign, MY_STMT, true);
30861 ++
30862 ++ return gimple_assign_lhs(assign);
30863 ++}
30864 ++
30865 ++static tree use_phi_ssa_name(tree ssa_name_var, tree new_arg)
30866 ++{
30867 ++ gimple_stmt_iterator gsi;
30868 ++ gimple assign, def_stmt = get_def_stmt(new_arg);
30869 ++
30870 ++ if (gimple_code(def_stmt) == GIMPLE_PHI) {
30871 ++ gsi = gsi_after_labels(gimple_bb(def_stmt));
30872 ++ assign = build_cast_stmt(TREE_TYPE(new_arg), new_arg, ssa_name_var, &gsi, BEFORE_STMT, true);
30873 ++ } else {
30874 ++ gsi = gsi_for_stmt(def_stmt);
30875 ++ assign = build_cast_stmt(TREE_TYPE(new_arg), new_arg, ssa_name_var, &gsi, AFTER_STMT, true);
30876 ++ }
30877 ++
30878 ++ gimple_set_plf(assign, MY_STMT, true);
30879 ++ return gimple_assign_lhs(assign);
30880 ++}
30881 ++
30882 ++static tree cast_visited_phi_arg(tree ssa_name_var, tree arg, tree size_overflow_type)
30883 ++{
30884 ++ basic_block bb;
30885 ++ gimple_stmt_iterator gsi;
30886 ++ const_gimple def_stmt;
30887 ++ gimple assign;
30888 ++
30889 ++ def_stmt = get_def_stmt(arg);
30890 ++ bb = gimple_bb(def_stmt);
30891 ++ gcc_assert(bb->index != 0);
30892 ++ gsi = gsi_after_labels(bb);
30893 ++
30894 ++ assign = build_cast_stmt(size_overflow_type, arg, ssa_name_var, &gsi, BEFORE_STMT, false);
30895 ++ gimple_set_plf(assign, MY_STMT, true);
30896 ++ return gimple_assign_lhs(assign);
30897 ++}
30898 ++
30899 ++static tree create_new_phi_arg(tree ssa_name_var, tree new_arg, gimple oldstmt, unsigned int i)
30900 ++{
30901 ++ tree size_overflow_type;
30902 ++ tree arg;
30903 ++ const_gimple def_stmt;
30904 ++
30905 ++ if (new_arg != NULL_TREE && is_gimple_constant(new_arg))
30906 ++ return new_arg;
30907 ++
30908 ++ arg = gimple_phi_arg_def(oldstmt, i);
30909 ++ def_stmt = get_def_stmt(arg);
30910 ++ gcc_assert(def_stmt != NULL);
30911 ++ size_overflow_type = get_size_overflow_type(oldstmt, arg);
30912 ++
30913 ++ switch (gimple_code(def_stmt)) {
30914 ++ case GIMPLE_PHI:
30915 ++ return cast_visited_phi_arg(ssa_name_var, arg, size_overflow_type);
30916 ++ case GIMPLE_NOP: {
30917 ++ basic_block bb;
30918 ++
30919 ++ bb = gimple_phi_arg_edge(oldstmt, i)->src;
30920 ++ return cast_parm_decl(ssa_name_var, arg, size_overflow_type, bb);
30921 ++ }
30922 ++ case GIMPLE_ASM: {
30923 ++ gimple_stmt_iterator gsi;
30924 ++ gimple assign, stmt = get_def_stmt(arg);
30925 ++
30926 ++ gsi = gsi_for_stmt(stmt);
30927 ++ assign = build_cast_stmt(size_overflow_type, arg, ssa_name_var, &gsi, AFTER_STMT, false);
30928 ++ gimple_set_plf(assign, MY_STMT, true);
30929 ++ return gimple_assign_lhs(assign);
30930 ++ }
30931 ++ default:
30932 ++ gcc_assert(new_arg != NULL_TREE);
30933 ++ gcc_assert(types_compatible_p(TREE_TYPE(new_arg), size_overflow_type));
30934 ++ return use_phi_ssa_name(ssa_name_var, new_arg);
30935 ++ }
30936 ++}
30937 ++
30938 ++static gimple overflow_create_phi_node(gimple oldstmt, tree result)
30939 ++{
30940 ++ basic_block bb;
30941 ++ gimple phi;
30942 ++ gimple_seq seq;
30943 ++ gimple_stmt_iterator gsi = gsi_for_stmt(oldstmt);
30944 ++
30945 ++ bb = gsi_bb(gsi);
30946 ++
30947 ++ if (result == NULL_TREE) {
30948 ++ tree old_result = gimple_phi_result(oldstmt);
30949 ++ tree size_overflow_type = get_size_overflow_type(oldstmt, old_result);
30950 ++
30951 ++ result = create_new_var(size_overflow_type);
30952 ++ }
30953 ++
30954 ++ phi = create_phi_node(result, bb);
30955 ++ gimple_phi_set_result(phi, make_ssa_name(result, phi));
30956 ++ seq = phi_nodes(bb);
30957 ++ gsi = gsi_last(seq);
30958 ++ gsi_remove(&gsi, false);
30959 ++
30960 ++ gsi = gsi_for_stmt(oldstmt);
30961 ++ gsi_insert_after(&gsi, phi, GSI_NEW_STMT);
30962 ++ gimple_set_bb(phi, bb);
30963 ++ gimple_set_plf(phi, MY_STMT, true);
30964 ++ return phi;
30965 ++}
30966 ++
30967 ++#if BUILDING_GCC_VERSION <= 4007
30968 ++static tree create_new_phi_node(VEC(tree, gc) *args, tree ssa_name_var, gimple oldstmt)
30969 ++#else
30970 ++static tree create_new_phi_node(vec<tree, va_gc> *args, tree ssa_name_var, gimple oldstmt)
30971 ++#endif
30972 ++{
30973 ++ gimple new_phi;
30974 ++ unsigned int i;
30975 ++ tree arg, result;
30976 ++ location_t loc = gimple_location(oldstmt);
30977 ++
30978 ++#if BUILDING_GCC_VERSION <= 4007
30979 ++ gcc_assert(!VEC_empty(tree, args));
30980 ++#else
30981 ++ gcc_assert(!args->is_empty());
30982 ++#endif
30983 ++
30984 ++ new_phi = overflow_create_phi_node(oldstmt, ssa_name_var);
30985 ++ result = gimple_phi_result(new_phi);
30986 ++ ssa_name_var = SSA_NAME_VAR(result);
30987 ++
30988 ++
30989 ++#if BUILDING_GCC_VERSION == 4005
30990 ++ for (i = 0; i < VEC_length(tree, args); i++) {
30991 ++ arg = VEC_index(tree, args, i);
30992 ++#elif BUILDING_GCC_VERSION <= 4007
30993 ++ FOR_EACH_VEC_ELT(tree, args, i, arg) {
30994 ++#else
30995 ++ FOR_EACH_VEC_ELT(*args, i, arg) {
30996 ++#endif
30997 ++ arg = create_new_phi_arg(ssa_name_var, arg, oldstmt, i);
30998 ++ add_phi_arg(new_phi, arg, gimple_phi_arg_edge(oldstmt, i), loc);
30999 ++ }
31000 ++
31001 ++#if BUILDING_GCC_VERSION <= 4007
31002 ++ VEC_free(tree, gc, args);
31003 ++#else
31004 ++ vec_free(args);
31005 ++#endif
31006 ++ update_stmt(new_phi);
31007 ++ return result;
31008 ++}
31009 ++
31010 ++static tree handle_phi(struct pointer_set_t *visited, struct cgraph_node *caller_node, tree orig_result)
31011 ++{
31012 ++ tree ssa_name_var = NULL_TREE;
31013 ++#if BUILDING_GCC_VERSION <= 4007
31014 ++ VEC(tree, gc) *args;
31015 ++#else
31016 ++ vec<tree, va_gc> *args;
31017 ++#endif
31018 ++ gimple oldstmt = get_def_stmt(orig_result);
31019 ++ unsigned int i, len = gimple_phi_num_args(oldstmt);
31020 ++
31021 ++ pointer_set_insert(visited, oldstmt);
31022 ++#if BUILDING_GCC_VERSION <= 4007
31023 ++ args = VEC_alloc(tree, gc, len);
31024 ++#else
31025 ++ vec_alloc(args, len);
31026 ++#endif
31027 ++ for (i = 0; i < len; i++) {
31028 ++ tree arg, new_arg;
31029 ++
31030 ++ arg = gimple_phi_arg_def(oldstmt, i);
31031 ++ new_arg = expand(visited, caller_node, arg);
31032 ++
31033 ++ if (ssa_name_var == NULL_TREE && new_arg != NULL_TREE)
31034 ++ ssa_name_var = SSA_NAME_VAR(new_arg);
31035 ++
31036 ++ if (is_gimple_constant(arg)) {
31037 ++ tree size_overflow_type = get_size_overflow_type(oldstmt, arg);
31038 ++
31039 ++ new_arg = cast_a_tree(size_overflow_type, arg);
31040 ++ }
31041 ++
31042 ++#if BUILDING_GCC_VERSION <= 4007
31043 ++ VEC_safe_push(tree, gc, args, new_arg);
31044 ++#else
31045 ++ vec_safe_push(args, new_arg);
31046 ++#endif
31047 ++ }
31048 ++
31049 ++ return create_new_phi_node(args, ssa_name_var, oldstmt);
31050 ++}
31051 ++
31052 ++static tree change_assign_rhs(gimple stmt, const_tree orig_rhs, tree new_rhs)
31053 ++{
31054 ++ gimple assign;
31055 ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
31056 ++ tree origtype = TREE_TYPE(orig_rhs);
31057 ++
31058 ++ gcc_assert(is_gimple_assign(stmt));
31059 ++
31060 ++ assign = build_cast_stmt(origtype, new_rhs, CREATE_NEW_VAR, &gsi, BEFORE_STMT, false);
31061 ++ gimple_set_plf(assign, MY_STMT, true);
31062 ++ return gimple_assign_lhs(assign);
31063 ++}
31064 ++
31065 ++static bool is_a_cast_and_const_overflow(const_tree no_const_rhs)
31066 ++{
31067 ++ const_tree rhs1, lhs, rhs1_type, lhs_type;
31068 ++ enum machine_mode lhs_mode, rhs_mode;
31069 ++ gimple def_stmt = get_def_stmt(no_const_rhs);
31070 ++
31071 ++ if (!def_stmt || !gimple_assign_cast_p(def_stmt))
31072 ++ return false;
31073 ++
31074 ++ rhs1 = gimple_assign_rhs1(def_stmt);
31075 ++ lhs = gimple_assign_lhs(def_stmt);
31076 ++ rhs1_type = TREE_TYPE(rhs1);
31077 ++ lhs_type = TREE_TYPE(lhs);
31078 ++ rhs_mode = TYPE_MODE(rhs1_type);
31079 ++ lhs_mode = TYPE_MODE(lhs_type);
31080 ++ if (TYPE_UNSIGNED(lhs_type) == TYPE_UNSIGNED(rhs1_type) || lhs_mode != rhs_mode)
31081 ++ return false;
31082 ++
31083 ++ return true;
31084 ++}
31085 ++
31086 ++static tree create_cast_assign(struct pointer_set_t *visited, gimple stmt)
31087 ++{
31088 ++ tree rhs1 = gimple_assign_rhs1(stmt);
31089 ++ tree lhs = gimple_assign_lhs(stmt);
31090 ++ const_tree rhs1_type = TREE_TYPE(rhs1);
31091 ++ const_tree lhs_type = TREE_TYPE(lhs);
31092 ++
31093 ++ if (TYPE_UNSIGNED(rhs1_type) == TYPE_UNSIGNED(lhs_type))
31094 ++ return create_assign(visited, stmt, lhs, AFTER_STMT);
31095 ++
31096 ++ return create_assign(visited, stmt, rhs1, AFTER_STMT);
31097 ++}
31098 ++
31099 ++static bool no_uses(tree node)
31100 ++{
31101 ++ imm_use_iterator imm_iter;
31102 ++ use_operand_p use_p;
31103 ++
31104 ++ FOR_EACH_IMM_USE_FAST(use_p, imm_iter, node) {
31105 ++ const_gimple use_stmt = USE_STMT(use_p);
31106 ++
31107 ++ if (use_stmt == NULL)
31108 ++ return true;
31109 ++ if (is_gimple_debug(use_stmt))
31110 ++ continue;
31111 ++ return false;
31112 ++ }
31113 ++ return true;
31114 ++}
31115 ++
31116 ++// 3.8.5 mm/page-writeback.c __ilog2_u64(): ret, uint + uintmax; uint -> int; int max
31117 ++static bool is_const_plus_unsigned_signed_truncation(const_tree lhs)
31118 ++{
31119 ++ tree rhs1, lhs_type, rhs_type, rhs2, not_const_rhs;
31120 ++ gimple def_stmt = get_def_stmt(lhs);
31121 ++
31122 ++ if (!def_stmt || !gimple_assign_cast_p(def_stmt))
31123 ++ return false;
31124 ++
31125 ++ rhs1 = gimple_assign_rhs1(def_stmt);
31126 ++ rhs_type = TREE_TYPE(rhs1);
31127 ++ lhs_type = TREE_TYPE(lhs);
31128 ++ if (TYPE_UNSIGNED(lhs_type) || !TYPE_UNSIGNED(rhs_type))
31129 ++ return false;
31130 ++ if (TYPE_MODE(lhs_type) != TYPE_MODE(rhs_type))
31131 ++ return false;
31132 ++
31133 ++ def_stmt = get_def_stmt(rhs1);
31134 ++ if (!def_stmt || !is_gimple_assign(def_stmt) || gimple_num_ops(def_stmt) != 3)
31135 ++ return false;
31136 ++
31137 ++ if (gimple_assign_rhs_code(def_stmt) != PLUS_EXPR)
31138 ++ return false;
31139 ++
31140 ++ rhs1 = gimple_assign_rhs1(def_stmt);
31141 ++ rhs2 = gimple_assign_rhs2(def_stmt);
31142 ++ if (!is_gimple_constant(rhs1) && !is_gimple_constant(rhs2))
31143 ++ return false;
31144 ++
31145 ++ if (is_gimple_constant(rhs2))
31146 ++ not_const_rhs = rhs1;
31147 ++ else
31148 ++ not_const_rhs = rhs2;
31149 ++
31150 ++ return no_uses(not_const_rhs);
31151 ++}
31152 ++
31153 ++static bool skip_lhs_cast_check(const_gimple stmt)
31154 ++{
31155 ++ const_tree rhs = gimple_assign_rhs1(stmt);
31156 ++ const_gimple def_stmt = get_def_stmt(rhs);
31157 ++
31158 ++ // 3.8.2 kernel/futex_compat.c compat_exit_robust_list(): get_user() 64 ulong -> int (compat_long_t), int max
31159 ++ if (gimple_code(def_stmt) == GIMPLE_ASM)
31160 ++ return true;
31161 ++
31162 ++ if (is_const_plus_unsigned_signed_truncation(rhs))
31163 ++ return true;
31164 ++
31165 ++ return false;
31166 ++}
31167 ++
31168 ++static tree create_cast_overflow_check(struct pointer_set_t *visited, struct cgraph_node *caller_node, tree new_rhs1, gimple stmt)
31169 ++{
31170 ++ bool cast_lhs, cast_rhs;
31171 ++ tree lhs = gimple_assign_lhs(stmt);
31172 ++ tree rhs = gimple_assign_rhs1(stmt);
31173 ++ const_tree lhs_type = TREE_TYPE(lhs);
31174 ++ const_tree rhs_type = TREE_TYPE(rhs);
31175 ++ enum machine_mode lhs_mode = TYPE_MODE(lhs_type);
31176 ++ enum machine_mode rhs_mode = TYPE_MODE(rhs_type);
31177 ++ unsigned int lhs_size = GET_MODE_BITSIZE(lhs_mode);
31178 ++ unsigned int rhs_size = GET_MODE_BITSIZE(rhs_mode);
31179 ++
31180 ++ static bool check_lhs[3][4] = {
31181 ++ // ss su us uu
31182 ++ { false, true, true, false }, // lhs > rhs
31183 ++ { false, false, false, false }, // lhs = rhs
31184 ++ { true, true, true, true }, // lhs < rhs
31185 ++ };
31186 ++
31187 ++ static bool check_rhs[3][4] = {
31188 ++ // ss su us uu
31189 ++ { true, false, true, true }, // lhs > rhs
31190 ++ { true, false, true, true }, // lhs = rhs
31191 ++ { true, false, true, true }, // lhs < rhs
31192 ++ };
31193 ++
31194 ++ // skip lhs check on signed SI -> HI cast or signed SI -> QI cast !!!!
31195 ++ if (rhs_mode == SImode && !TYPE_UNSIGNED(rhs_type) && (lhs_mode == HImode || lhs_mode == QImode))
31196 ++ return create_assign(visited, stmt, lhs, AFTER_STMT);
31197 ++
31198 ++ if (lhs_size > rhs_size) {
31199 ++ cast_lhs = check_lhs[0][TYPE_UNSIGNED(rhs_type) + 2 * TYPE_UNSIGNED(lhs_type)];
31200 ++ cast_rhs = check_rhs[0][TYPE_UNSIGNED(rhs_type) + 2 * TYPE_UNSIGNED(lhs_type)];
31201 ++ } else if (lhs_size == rhs_size) {
31202 ++ cast_lhs = check_lhs[1][TYPE_UNSIGNED(rhs_type) + 2 * TYPE_UNSIGNED(lhs_type)];
31203 ++ cast_rhs = check_rhs[1][TYPE_UNSIGNED(rhs_type) + 2 * TYPE_UNSIGNED(lhs_type)];
31204 ++ } else {
31205 ++ cast_lhs = check_lhs[2][TYPE_UNSIGNED(rhs_type) + 2 * TYPE_UNSIGNED(lhs_type)];
31206 ++ cast_rhs = check_rhs[2][TYPE_UNSIGNED(rhs_type) + 2 * TYPE_UNSIGNED(lhs_type)];
31207 ++ }
31208 ++
31209 ++ if (!cast_lhs && !cast_rhs)
31210 ++ return dup_assign(visited, stmt, lhs, new_rhs1, NULL_TREE, NULL_TREE);
31211 ++
31212 ++ if (cast_lhs && !skip_lhs_cast_check(stmt))
31213 ++ check_size_overflow(caller_node, stmt, TREE_TYPE(new_rhs1), new_rhs1, lhs, BEFORE_STMT);
31214 ++
31215 ++ if (cast_rhs)
31216 ++ check_size_overflow(caller_node, stmt, TREE_TYPE(new_rhs1), new_rhs1, rhs, BEFORE_STMT);
31217 ++
31218 ++ return dup_assign(visited, stmt, lhs, new_rhs1, NULL_TREE, NULL_TREE);
31219 ++}
31220 ++
31221 ++static tree handle_unary_rhs(struct pointer_set_t *visited, struct cgraph_node *caller_node, gimple stmt)
31222 ++{
31223 ++ tree rhs1, new_rhs1, lhs = gimple_assign_lhs(stmt);
31224 ++
31225 ++ if (gimple_plf(stmt, MY_STMT))
31226 ++ return lhs;
31227 ++
31228 ++ rhs1 = gimple_assign_rhs1(stmt);
31229 ++ if (TREE_CODE(TREE_TYPE(rhs1)) == POINTER_TYPE)
31230 ++ return create_assign(visited, stmt, lhs, AFTER_STMT);
31231 ++
31232 ++ new_rhs1 = expand(visited, caller_node, rhs1);
31233 ++
31234 ++ if (new_rhs1 == NULL_TREE)
31235 ++ return create_cast_assign(visited, stmt);
31236 ++
31237 ++ if (gimple_plf(stmt, NO_CAST_CHECK))
31238 ++ return dup_assign(visited, stmt, lhs, new_rhs1, NULL_TREE, NULL_TREE);
31239 ++
31240 ++ if (gimple_assign_rhs_code(stmt) == BIT_NOT_EXPR) {
31241 ++ tree size_overflow_type = get_size_overflow_type(stmt, rhs1);
31242 ++
31243 ++ new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT);
31244 ++ check_size_overflow(caller_node, stmt, size_overflow_type, new_rhs1, rhs1, BEFORE_STMT);
31245 ++ return create_assign(visited, stmt, lhs, AFTER_STMT);
31246 ++ }
31247 ++
31248 ++ if (!gimple_assign_cast_p(stmt))
31249 ++ return dup_assign(visited, stmt, lhs, new_rhs1, NULL_TREE, NULL_TREE);
31250 ++
31251 ++ return create_cast_overflow_check(visited, caller_node, new_rhs1, stmt);
31252 ++}
31253 ++
31254 ++static tree handle_unary_ops(struct pointer_set_t *visited, struct cgraph_node *caller_node, gimple stmt)
31255 ++{
31256 ++ tree rhs1, lhs = gimple_assign_lhs(stmt);
31257 ++ gimple def_stmt = get_def_stmt(lhs);
31258 ++
31259 ++ gcc_assert(gimple_code(def_stmt) != GIMPLE_NOP);
31260 ++ rhs1 = gimple_assign_rhs1(def_stmt);
31261 ++
31262 ++ if (is_gimple_constant(rhs1))
31263 ++ return create_assign(visited, def_stmt, lhs, AFTER_STMT);
31264 ++
31265 ++ switch (TREE_CODE(rhs1)) {
31266 ++ case SSA_NAME:
31267 ++ return handle_unary_rhs(visited, caller_node, def_stmt);
31268 ++ case ARRAY_REF:
31269 ++ case BIT_FIELD_REF:
31270 ++ case ADDR_EXPR:
31271 ++ case COMPONENT_REF:
31272 ++ case INDIRECT_REF:
31273 ++#if BUILDING_GCC_VERSION >= 4006
31274 ++ case MEM_REF:
31275 ++#endif
31276 ++ case TARGET_MEM_REF:
31277 ++ case VIEW_CONVERT_EXPR:
31278 ++ return create_assign(visited, def_stmt, lhs, AFTER_STMT);
31279 ++ case PARM_DECL:
31280 ++ case VAR_DECL:
31281 ++ return create_assign(visited, stmt, lhs, AFTER_STMT);
31282 ++
31283 ++ default:
31284 ++ debug_gimple_stmt(def_stmt);
31285 ++ debug_tree(rhs1);
31286 ++ gcc_unreachable();
31287 ++ }
31288 ++}
31289 ++
31290 ++static void insert_cond(basic_block cond_bb, tree arg, enum tree_code cond_code, tree type_value)
31291 ++{
31292 ++ gimple cond_stmt;
31293 ++ gimple_stmt_iterator gsi = gsi_last_bb(cond_bb);
31294 ++
31295 ++ cond_stmt = gimple_build_cond(cond_code, arg, type_value, NULL_TREE, NULL_TREE);
31296 ++ gsi_insert_after(&gsi, cond_stmt, GSI_CONTINUE_LINKING);
31297 ++ update_stmt(cond_stmt);
31298 ++}
31299 ++
31300 ++static tree create_string_param(tree string)
31301 ++{
31302 ++ tree i_type, a_type;
31303 ++ const int length = TREE_STRING_LENGTH(string);
31304 ++
31305 ++ gcc_assert(length > 0);
31306 ++
31307 ++ i_type = build_index_type(build_int_cst(NULL_TREE, length - 1));
31308 ++ a_type = build_array_type(char_type_node, i_type);
31309 ++
31310 ++ TREE_TYPE(string) = a_type;
31311 ++ TREE_CONSTANT(string) = 1;
31312 ++ TREE_READONLY(string) = 1;
31313 ++
31314 ++ return build1(ADDR_EXPR, ptr_type_node, string);
31315 ++}
31316 ++
31317 ++#if BUILDING_GCC_VERSION <= 4006
31318 ++struct cgraph_node *cgraph_get_create_node(tree decl);
31319 ++
31320 ++struct cgraph_node *cgraph_get_create_node(tree decl)
31321 ++{
31322 ++ struct cgraph_node *node;
31323 ++
31324 ++ node = cgraph_get_node(decl);
31325 ++ if (node)
31326 ++ return node;
31327 ++ return cgraph_node(decl);
31328 ++}
31329 ++#endif
31330 ++
31331 ++static void insert_cond_result(struct cgraph_node *caller_node, basic_block bb_true, const_gimple stmt, const_tree arg, bool min)
31332 ++{
31333 ++ gimple func_stmt;
31334 ++ const_gimple def_stmt;
31335 ++ const_tree loc_line;
31336 ++ tree loc_file, ssa_name, current_func;
31337 ++ expanded_location xloc;
31338 ++ char *ssa_name_buf;
31339 ++ int len;
31340 ++ struct cgraph_edge *edge;
31341 ++ struct cgraph_node *callee_node;
31342 ++ int frequency;
31343 ++ gimple_stmt_iterator gsi = gsi_start_bb(bb_true);
31344 ++
31345 ++ def_stmt = get_def_stmt(arg);
31346 ++ xloc = expand_location(gimple_location(def_stmt));
31347 ++
31348 ++ if (!gimple_has_location(def_stmt)) {
31349 ++ xloc = expand_location(gimple_location(stmt));
31350 ++ if (!gimple_has_location(stmt))
31351 ++ xloc = expand_location(DECL_SOURCE_LOCATION(current_function_decl));
31352 ++ }
31353 ++
31354 ++ loc_line = build_int_cstu(unsigned_type_node, xloc.line);
31355 ++
31356 ++ loc_file = build_string(strlen(xloc.file) + 1, xloc.file);
31357 ++ loc_file = create_string_param(loc_file);
31358 ++
31359 ++ current_func = build_string(NAME_LEN(current_function_decl) + 1, NAME(current_function_decl));
31360 ++ current_func = create_string_param(current_func);
31361 ++
31362 ++ gcc_assert(DECL_NAME(SSA_NAME_VAR(arg)) != NULL);
31363 ++ call_count++;
31364 ++ len = asprintf(&ssa_name_buf, "%s_%u %s, count: %u\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg), min ? "min" : "max", call_count);
31365 ++ gcc_assert(len > 0);
31366 ++ ssa_name = build_string(len + 1, ssa_name_buf);
31367 ++ free(ssa_name_buf);
31368 ++ ssa_name = create_string_param(ssa_name);
31369 ++
31370 ++ // void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
31371 ++ func_stmt = gimple_build_call(report_size_overflow_decl, 4, loc_file, loc_line, current_func, ssa_name);
31372 ++ gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING);
31373 ++
31374 ++ callee_node = cgraph_get_create_node(report_size_overflow_decl);
31375 ++ frequency = compute_call_stmt_bb_frequency(current_function_decl, bb_true);
31376 ++
31377 ++#if BUILDING_GCC_VERSION <= 4006
31378 ++ edge = cgraph_create_edge(caller_node, callee_node, func_stmt, bb_true->count, frequency, bb_true->loop_depth);
31379 ++#else
31380 ++ edge = cgraph_create_edge(caller_node, callee_node, func_stmt, bb_true->count, frequency);
31381 +#endif
31382 ++ gcc_assert(edge != NULL);
31383 ++}
31384 +
31385 -+struct size_overflow_hash {
31386 -+ const struct size_overflow_hash * const next;
31387 -+ const char * const name;
31388 -+ const unsigned int param;
31389 -+};
31390 ++static void __unused print_the_code_insertions(const_gimple stmt)
31391 ++{
31392 ++ location_t loc = gimple_location(stmt);
31393 +
31394 -+#include "size_overflow_hash.h"
31395 ++ inform(loc, "Integer size_overflow check applied here.");
31396 ++}
31397 +
31398 -+enum mark {
31399 -+ MARK_NO, MARK_YES, MARK_NOT_INTENTIONAL, MARK_TURN_OFF
31400 -+};
31401 ++static void insert_check_size_overflow(struct cgraph_node *caller_node, gimple stmt, enum tree_code cond_code, tree arg, tree type_value, bool before, bool min)
31402 ++{
31403 ++ basic_block cond_bb, join_bb, bb_true;
31404 ++ edge e;
31405 ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
31406 +
31407 -+enum err_code_conditions {
31408 -+ CAST_ONLY, FROM_CONST
31409 -+};
31410 ++ cond_bb = gimple_bb(stmt);
31411 ++ if (before)
31412 ++ gsi_prev(&gsi);
31413 ++ if (gsi_end_p(gsi))
31414 ++ e = split_block_after_labels(cond_bb);
31415 ++ else
31416 ++ e = split_block(cond_bb, gsi_stmt(gsi));
31417 ++ cond_bb = e->src;
31418 ++ join_bb = e->dest;
31419 ++ e->flags = EDGE_FALSE_VALUE;
31420 ++ e->probability = REG_BR_PROB_BASE;
31421 +
31422 -+static unsigned int call_count = 0;
31423 ++ bb_true = create_empty_bb(cond_bb);
31424 ++ make_edge(cond_bb, bb_true, EDGE_TRUE_VALUE);
31425 ++ make_edge(cond_bb, join_bb, EDGE_FALSE_VALUE);
31426 ++ make_edge(bb_true, join_bb, EDGE_FALLTHRU);
31427 +
31428 -+#define __unused __attribute__((__unused__))
31429 -+#define NAME(node) IDENTIFIER_POINTER(DECL_NAME(node))
31430 -+#define NAME_LEN(node) IDENTIFIER_LENGTH(DECL_NAME(node))
31431 -+#define BEFORE_STMT true
31432 -+#define AFTER_STMT false
31433 -+#define CREATE_NEW_VAR NULL_TREE
31434 -+#define CODES_LIMIT 32
31435 -+#define MAX_PARAM 31
31436 -+#define MY_STMT GF_PLF_1
31437 -+#define NO_CAST_CHECK GF_PLF_2
31438 -+#define FROM_ARG true
31439 -+#define FROM_RET false
31440 ++ gcc_assert(dom_info_available_p(CDI_DOMINATORS));
31441 ++ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb);
31442 ++ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb);
31443 +
31444 -+#if BUILDING_GCC_VERSION == 4005
31445 -+#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
31446 -+#endif
31447 ++ if (current_loops != NULL) {
31448 ++ gcc_assert(cond_bb->loop_father == join_bb->loop_father);
31449 ++ add_bb_to_loop(bb_true, cond_bb->loop_father);
31450 ++ }
31451 +
31452 -+int plugin_is_GPL_compatible;
31453 -+void debug_gimple_stmt(gimple gs);
31454 ++ insert_cond(cond_bb, arg, cond_code, type_value);
31455 ++ insert_cond_result(caller_node, bb_true, stmt, arg, min);
31456 +
31457 -+static tree expand(struct pointer_set_t *visited, tree lhs);
31458 -+static enum mark pre_expand(struct pointer_set_t *visited, bool *search_err_code, const_tree lhs);
31459 -+static tree report_size_overflow_decl;
31460 -+static const_tree const_char_ptr_type_node;
31461 -+static unsigned int handle_function(void);
31462 -+static void check_size_overflow(gimple stmt, tree size_overflow_type, tree cast_rhs, tree rhs, bool before);
31463 -+static tree get_size_overflow_type(gimple stmt, const_tree node);
31464 -+static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, const_tree node, tree rhs1, tree rhs2, tree __unused rhs3);
31465 -+static void print_missing_msg(tree func, unsigned int argnum);
31466 ++// print_the_code_insertions(stmt);
31467 ++}
31468 +
31469 -+static struct plugin_info size_overflow_plugin_info = {
31470 -+ .version = "20130822beta",
31471 -+ .help = "no-size-overflow\tturn off size overflow checking\n",
31472 -+};
31473 ++static void check_size_overflow(struct cgraph_node *caller_node, gimple stmt, tree size_overflow_type, tree cast_rhs, tree rhs, bool before)
31474 ++{
31475 ++ const_tree rhs_type = TREE_TYPE(rhs);
31476 ++ tree cast_rhs_type, type_max_type, type_min_type, type_max, type_min;
31477 +
31478 -+static tree handle_size_overflow_attribute(tree *node, tree __unused name, tree args, int __unused flags, bool *no_add_attrs)
31479 ++ gcc_assert(rhs_type != NULL_TREE);
31480 ++ if (TREE_CODE(rhs_type) == POINTER_TYPE)
31481 ++ return;
31482 ++
31483 ++ gcc_assert(TREE_CODE(rhs_type) == INTEGER_TYPE || TREE_CODE(rhs_type) == ENUMERAL_TYPE);
31484 ++
31485 ++ if (is_const_plus_unsigned_signed_truncation(rhs))
31486 ++ return;
31487 ++
31488 ++ type_max = cast_a_tree(size_overflow_type, TYPE_MAX_VALUE(rhs_type));
31489 ++ // typemax (-1) < typemin (0)
31490 ++ if (TREE_OVERFLOW(type_max))
31491 ++ return;
31492 ++
31493 ++ type_min = cast_a_tree(size_overflow_type, TYPE_MIN_VALUE(rhs_type));
31494 ++
31495 ++ cast_rhs_type = TREE_TYPE(cast_rhs);
31496 ++ type_max_type = TREE_TYPE(type_max);
31497 ++ type_min_type = TREE_TYPE(type_min);
31498 ++ gcc_assert(types_compatible_p(cast_rhs_type, type_max_type));
31499 ++ gcc_assert(types_compatible_p(type_max_type, type_min_type));
31500 ++
31501 ++ insert_check_size_overflow(caller_node, stmt, GT_EXPR, cast_rhs, type_max, before, MAX_CHECK);
31502 ++ insert_check_size_overflow(caller_node, stmt, LT_EXPR, cast_rhs, type_min, before, MIN_CHECK);
31503 ++}
31504 ++
31505 ++static bool is_a_constant_overflow(const_gimple stmt, const_tree rhs)
31506 +{
31507 -+ unsigned int arg_count;
31508 -+ enum tree_code code = TREE_CODE(*node);
31509 ++ if (gimple_assign_rhs_code(stmt) == MIN_EXPR)
31510 ++ return false;
31511 ++ if (!is_gimple_constant(rhs))
31512 ++ return false;
31513 ++ return true;
31514 ++}
31515 +
31516 -+ switch (code) {
31517 -+ case FUNCTION_DECL:
31518 -+ arg_count = type_num_arguments(TREE_TYPE(*node));
31519 -+ break;
31520 -+ case FUNCTION_TYPE:
31521 -+ case METHOD_TYPE:
31522 -+ arg_count = type_num_arguments(*node);
31523 -+ break;
31524 -+ default:
31525 -+ *no_add_attrs = true;
31526 -+ error("%s: %qE attribute only applies to functions", __func__, name);
31527 ++static tree get_def_stmt_rhs(const_tree var)
31528 ++{
31529 ++ tree rhs1, def_stmt_rhs1;
31530 ++ gimple rhs1_def_stmt, def_stmt_rhs1_def_stmt, def_stmt;
31531 ++
31532 ++ def_stmt = get_def_stmt(var);
31533 ++ if (!gimple_assign_cast_p(def_stmt))
31534 + return NULL_TREE;
31535 ++ gcc_assert(gimple_code(def_stmt) != GIMPLE_NOP && gimple_plf(def_stmt, MY_STMT) && gimple_assign_cast_p(def_stmt));
31536 ++
31537 ++ rhs1 = gimple_assign_rhs1(def_stmt);
31538 ++ rhs1_def_stmt = get_def_stmt(rhs1);
31539 ++ if (!gimple_assign_cast_p(rhs1_def_stmt))
31540 ++ return rhs1;
31541 ++
31542 ++ def_stmt_rhs1 = gimple_assign_rhs1(rhs1_def_stmt);
31543 ++ def_stmt_rhs1_def_stmt = get_def_stmt(def_stmt_rhs1);
31544 ++
31545 ++ switch (gimple_code(def_stmt_rhs1_def_stmt)) {
31546 ++ case GIMPLE_CALL:
31547 ++ case GIMPLE_NOP:
31548 ++ case GIMPLE_ASM:
31549 ++ case GIMPLE_PHI:
31550 ++ return def_stmt_rhs1;
31551 ++ case GIMPLE_ASSIGN:
31552 ++ return rhs1;
31553 ++ default:
31554 ++ debug_gimple_stmt(def_stmt_rhs1_def_stmt);
31555 ++ gcc_unreachable();
31556 + }
31557 ++}
31558 +
31559 -+ for (; args; args = TREE_CHAIN(args)) {
31560 -+ tree position = TREE_VALUE(args);
31561 -+ if (TREE_CODE(position) != INTEGER_CST || TREE_INT_CST_LOW(position) > arg_count ) {
31562 -+ error("%s: parameter %u is outside range.", __func__, (unsigned int)TREE_INT_CST_LOW(position));
31563 -+ *no_add_attrs = true;
31564 -+ }
31565 ++static tree handle_intentional_overflow(struct pointer_set_t *visited, struct cgraph_node *caller_node, bool check_overflow, gimple stmt, tree change_rhs, tree new_rhs2)
31566 ++{
31567 ++ tree new_rhs, orig_rhs;
31568 ++ void (*gimple_assign_set_rhs)(gimple, tree);
31569 ++ tree rhs1 = gimple_assign_rhs1(stmt);
31570 ++ tree rhs2 = gimple_assign_rhs2(stmt);
31571 ++ tree lhs = gimple_assign_lhs(stmt);
31572 ++
31573 ++ if (!check_overflow)
31574 ++ return create_assign(visited, stmt, lhs, AFTER_STMT);
31575 ++
31576 ++ if (change_rhs == NULL_TREE)
31577 ++ return create_assign(visited, stmt, lhs, AFTER_STMT);
31578 ++
31579 ++ if (new_rhs2 == NULL_TREE) {
31580 ++ orig_rhs = rhs1;
31581 ++ gimple_assign_set_rhs = &gimple_assign_set_rhs1;
31582 ++ } else {
31583 ++ orig_rhs = rhs2;
31584 ++ gimple_assign_set_rhs = &gimple_assign_set_rhs2;
31585 + }
31586 -+ return NULL_TREE;
31587 ++
31588 ++ check_size_overflow(caller_node, stmt, TREE_TYPE(change_rhs), change_rhs, orig_rhs, BEFORE_STMT);
31589 ++
31590 ++ new_rhs = change_assign_rhs(stmt, orig_rhs, change_rhs);
31591 ++ gimple_assign_set_rhs(stmt, new_rhs);
31592 ++ update_stmt(stmt);
31593 ++
31594 ++ return create_assign(visited, stmt, lhs, AFTER_STMT);
31595 +}
31596 +
31597 -+static const char* get_asm_name(tree node)
31598 ++static bool is_subtraction_special(const_gimple stmt)
31599 +{
31600 -+ return IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(node));
31601 ++ gimple rhs1_def_stmt, rhs2_def_stmt;
31602 ++ const_tree rhs1_def_stmt_rhs1, rhs2_def_stmt_rhs1, rhs1_def_stmt_lhs, rhs2_def_stmt_lhs;
31603 ++ enum machine_mode rhs1_def_stmt_rhs1_mode, rhs2_def_stmt_rhs1_mode, rhs1_def_stmt_lhs_mode, rhs2_def_stmt_lhs_mode;
31604 ++ const_tree rhs1 = gimple_assign_rhs1(stmt);
31605 ++ const_tree rhs2 = gimple_assign_rhs2(stmt);
31606 ++
31607 ++ if (is_gimple_constant(rhs1) || is_gimple_constant(rhs2))
31608 ++ return false;
31609 ++
31610 ++ gcc_assert(TREE_CODE(rhs1) == SSA_NAME && TREE_CODE(rhs2) == SSA_NAME);
31611 ++
31612 ++ if (gimple_assign_rhs_code(stmt) != MINUS_EXPR)
31613 ++ return false;
31614 ++
31615 ++ rhs1_def_stmt = get_def_stmt(rhs1);
31616 ++ rhs2_def_stmt = get_def_stmt(rhs2);
31617 ++ if (!gimple_assign_cast_p(rhs1_def_stmt) || !gimple_assign_cast_p(rhs2_def_stmt))
31618 ++ return false;
31619 ++
31620 ++ rhs1_def_stmt_rhs1 = gimple_assign_rhs1(rhs1_def_stmt);
31621 ++ rhs2_def_stmt_rhs1 = gimple_assign_rhs1(rhs2_def_stmt);
31622 ++ rhs1_def_stmt_lhs = gimple_assign_lhs(rhs1_def_stmt);
31623 ++ rhs2_def_stmt_lhs = gimple_assign_lhs(rhs2_def_stmt);
31624 ++ rhs1_def_stmt_rhs1_mode = TYPE_MODE(TREE_TYPE(rhs1_def_stmt_rhs1));
31625 ++ rhs2_def_stmt_rhs1_mode = TYPE_MODE(TREE_TYPE(rhs2_def_stmt_rhs1));
31626 ++ rhs1_def_stmt_lhs_mode = TYPE_MODE(TREE_TYPE(rhs1_def_stmt_lhs));
31627 ++ rhs2_def_stmt_lhs_mode = TYPE_MODE(TREE_TYPE(rhs2_def_stmt_lhs));
31628 ++ if (GET_MODE_BITSIZE(rhs1_def_stmt_rhs1_mode) <= GET_MODE_BITSIZE(rhs1_def_stmt_lhs_mode))
31629 ++ return false;
31630 ++ if (GET_MODE_BITSIZE(rhs2_def_stmt_rhs1_mode) <= GET_MODE_BITSIZE(rhs2_def_stmt_lhs_mode))
31631 ++ return false;
31632 ++
31633 ++ gimple_set_plf(rhs1_def_stmt, NO_CAST_CHECK, true);
31634 ++ gimple_set_plf(rhs2_def_stmt, NO_CAST_CHECK, true);
31635 ++ return true;
31636 +}
31637 +
31638 -+static tree handle_intentional_overflow_attribute(tree *node, tree __unused name, tree args, int __unused flags, bool *no_add_attrs)
31639 ++static tree handle_integer_truncation(struct pointer_set_t *visited, struct cgraph_node *caller_node, const_tree lhs)
31640 +{
31641 -+ unsigned int arg_count, arg_num;
31642 -+ enum tree_code code = TREE_CODE(*node);
31643 ++ tree new_rhs1, new_rhs2;
31644 ++ tree new_rhs1_def_stmt_rhs1, new_rhs2_def_stmt_rhs1, new_lhs;
31645 ++ gimple assign, stmt = get_def_stmt(lhs);
31646 ++ tree rhs1 = gimple_assign_rhs1(stmt);
31647 ++ tree rhs2 = gimple_assign_rhs2(stmt);
31648 +
31649 -+ switch (code) {
31650 -+ case FUNCTION_DECL:
31651 -+ arg_count = type_num_arguments(TREE_TYPE(*node));
31652 -+ break;
31653 -+ case FUNCTION_TYPE:
31654 -+ case METHOD_TYPE:
31655 -+ arg_count = type_num_arguments(*node);
31656 -+ break;
31657 -+ case FIELD_DECL:
31658 -+ arg_num = TREE_INT_CST_LOW(TREE_VALUE(args));
31659 -+ if (arg_num != 0) {
31660 -+ *no_add_attrs = true;
31661 -+ error("%s: %qE attribute parameter can only be 0 in structure fields", __func__, name);
31662 -+ }
31663 -+ return NULL_TREE;
31664 -+ default:
31665 -+ *no_add_attrs = true;
31666 -+ error("%qE attribute only applies to functions", name);
31667 ++ if (!is_subtraction_special(stmt))
31668 + return NULL_TREE;
31669 -+ }
31670 +
31671 -+ if (TREE_INT_CST_HIGH(TREE_VALUE(args)) != 0)
31672 ++ new_rhs1 = expand(visited, caller_node, rhs1);
31673 ++ new_rhs2 = expand(visited, caller_node, rhs2);
31674 ++
31675 ++ new_rhs1_def_stmt_rhs1 = get_def_stmt_rhs(new_rhs1);
31676 ++ new_rhs2_def_stmt_rhs1 = get_def_stmt_rhs(new_rhs2);
31677 ++
31678 ++ if (new_rhs1_def_stmt_rhs1 == NULL_TREE || new_rhs2_def_stmt_rhs1 == NULL_TREE)
31679 + return NULL_TREE;
31680 +
31681 -+ for (; args; args = TREE_CHAIN(args)) {
31682 -+ tree position = TREE_VALUE(args);
31683 -+ if (TREE_CODE(position) != INTEGER_CST || TREE_INT_CST_LOW(position) > arg_count ) {
31684 -+ error("%s: parameter %u is outside range.", __func__, (unsigned int)TREE_INT_CST_LOW(position));
31685 -+ *no_add_attrs = true;
31686 -+ }
31687 ++ if (!types_compatible_p(TREE_TYPE(new_rhs1_def_stmt_rhs1), TREE_TYPE(new_rhs2_def_stmt_rhs1))) {
31688 ++ new_rhs1_def_stmt_rhs1 = cast_to_TI_type(stmt, new_rhs1_def_stmt_rhs1);
31689 ++ new_rhs2_def_stmt_rhs1 = cast_to_TI_type(stmt, new_rhs2_def_stmt_rhs1);
31690 + }
31691 -+ return NULL_TREE;
31692 -+}
31693 +
31694 -+static struct attribute_spec size_overflow_attr = {
31695 -+ .name = "size_overflow",
31696 -+ .min_length = 1,
31697 -+ .max_length = -1,
31698 -+ .decl_required = true,
31699 -+ .type_required = false,
31700 -+ .function_type_required = false,
31701 -+ .handler = handle_size_overflow_attribute,
31702 -+#if BUILDING_GCC_VERSION >= 4007
31703 -+ .affects_type_identity = false
31704 -+#endif
31705 -+};
31706 ++ assign = create_binary_assign(MINUS_EXPR, stmt, new_rhs1_def_stmt_rhs1, new_rhs2_def_stmt_rhs1);
31707 ++ new_lhs = gimple_assign_lhs(assign);
31708 ++ check_size_overflow(caller_node, assign, TREE_TYPE(new_lhs), new_lhs, rhs1, AFTER_STMT);
31709 +
31710 -+static struct attribute_spec intentional_overflow_attr = {
31711 -+ .name = "intentional_overflow",
31712 -+ .min_length = 1,
31713 -+ .max_length = -1,
31714 -+ .decl_required = true,
31715 -+ .type_required = false,
31716 -+ .function_type_required = false,
31717 -+ .handler = handle_intentional_overflow_attribute,
31718 -+#if BUILDING_GCC_VERSION >= 4007
31719 -+ .affects_type_identity = false
31720 -+#endif
31721 -+};
31722 ++ return dup_assign(visited, stmt, lhs, new_rhs1, new_rhs2, NULL_TREE);
31723 ++}
31724 +
31725 -+static void register_attributes(void __unused *event_data, void __unused *data)
31726 ++static bool is_a_neg_overflow(const_gimple stmt, const_tree rhs)
31727 +{
31728 -+ register_attribute(&size_overflow_attr);
31729 -+ register_attribute(&intentional_overflow_attr);
31730 ++ const_gimple def_stmt;
31731 ++
31732 ++ if (TREE_CODE(rhs) != SSA_NAME)
31733 ++ return false;
31734 ++
31735 ++ if (gimple_assign_rhs_code(stmt) != PLUS_EXPR)
31736 ++ return false;
31737 ++
31738 ++ def_stmt = get_def_stmt(rhs);
31739 ++ if (!is_gimple_assign(def_stmt) || gimple_assign_rhs_code(def_stmt) != BIT_NOT_EXPR)
31740 ++ return false;
31741 ++
31742 ++ return true;
31743 +}
31744 +
31745 -+// http://www.team5150.com/~andrew/noncryptohashzoo2~/CrapWow.html
31746 -+static unsigned int CrapWow(const char *key, unsigned int len, unsigned int seed)
31747 ++static tree handle_binary_ops(struct pointer_set_t *visited, struct cgraph_node *caller_node, tree lhs)
31748 +{
31749 -+#define cwfold( a, b, lo, hi ) { p = (unsigned int)(a) * (unsigned long long)(b); lo ^= (unsigned int)p; hi ^= (unsigned int)(p >> 32); }
31750 -+#define cwmixa( in ) { cwfold( in, m, k, h ); }
31751 -+#define cwmixb( in ) { cwfold( in, n, h, k ); }
31752 ++ tree rhs1, rhs2, new_lhs;
31753 ++ gimple def_stmt = get_def_stmt(lhs);
31754 ++ tree new_rhs1 = NULL_TREE;
31755 ++ tree new_rhs2 = NULL_TREE;
31756 +
31757 -+ unsigned int m = 0x57559429;
31758 -+ unsigned int n = 0x5052acdb;
31759 -+ const unsigned int *key4 = (const unsigned int *)key;
31760 -+ unsigned int h = len;
31761 -+ unsigned int k = len + seed + n;
31762 -+ unsigned long long p;
31763 ++ rhs1 = gimple_assign_rhs1(def_stmt);
31764 ++ rhs2 = gimple_assign_rhs2(def_stmt);
31765 +
31766 -+ while (len >= 8) {
31767 -+ cwmixb(key4[0]) cwmixa(key4[1]) key4 += 2;
31768 -+ len -= 8;
31769 -+ }
31770 -+ if (len >= 4) {
31771 -+ cwmixb(key4[0]) key4 += 1;
31772 -+ len -= 4;
31773 ++ /* no DImode/TImode division in the 32/64 bit kernel */
31774 ++ switch (gimple_assign_rhs_code(def_stmt)) {
31775 ++ case RDIV_EXPR:
31776 ++ case TRUNC_DIV_EXPR:
31777 ++ case CEIL_DIV_EXPR:
31778 ++ case FLOOR_DIV_EXPR:
31779 ++ case ROUND_DIV_EXPR:
31780 ++ case TRUNC_MOD_EXPR:
31781 ++ case CEIL_MOD_EXPR:
31782 ++ case FLOOR_MOD_EXPR:
31783 ++ case ROUND_MOD_EXPR:
31784 ++ case EXACT_DIV_EXPR:
31785 ++ case POINTER_PLUS_EXPR:
31786 ++ case BIT_AND_EXPR:
31787 ++ return create_assign(visited, def_stmt, lhs, AFTER_STMT);
31788 ++ default:
31789 ++ break;
31790 + }
31791 -+ if (len)
31792 -+ cwmixa(key4[0] & ((1 << (len * 8)) - 1 ));
31793 -+ cwmixb(h ^ (k + n));
31794 -+ return k ^ h;
31795 +
31796 -+#undef cwfold
31797 -+#undef cwmixa
31798 -+#undef cwmixb
31799 ++ new_lhs = handle_integer_truncation(visited, caller_node, lhs);
31800 ++ if (new_lhs != NULL_TREE)
31801 ++ return new_lhs;
31802 ++
31803 ++ if (TREE_CODE(rhs1) == SSA_NAME)
31804 ++ new_rhs1 = expand(visited, caller_node, rhs1);
31805 ++ if (TREE_CODE(rhs2) == SSA_NAME)
31806 ++ new_rhs2 = expand(visited, caller_node, rhs2);
31807 ++
31808 ++ if (is_a_neg_overflow(def_stmt, rhs2))
31809 ++ return handle_intentional_overflow(visited, caller_node, true, def_stmt, new_rhs1, NULL_TREE);
31810 ++ if (is_a_neg_overflow(def_stmt, rhs1))
31811 ++ return handle_intentional_overflow(visited, caller_node, true, def_stmt, new_rhs2, new_rhs2);
31812 ++
31813 ++
31814 ++ if (is_a_constant_overflow(def_stmt, rhs2))
31815 ++ return handle_intentional_overflow(visited, caller_node, !is_a_cast_and_const_overflow(rhs1), def_stmt, new_rhs1, NULL_TREE);
31816 ++ if (is_a_constant_overflow(def_stmt, rhs1))
31817 ++ return handle_intentional_overflow(visited, caller_node, !is_a_cast_and_const_overflow(rhs2), def_stmt, new_rhs2, new_rhs2);
31818 ++
31819 ++ return dup_assign(visited, def_stmt, lhs, new_rhs1, new_rhs2, NULL_TREE);
31820 +}
31821 +
31822 -+static inline unsigned int get_hash_num(const char *fndecl, const char *tree_codes, unsigned int len, unsigned int seed)
31823 ++#if BUILDING_GCC_VERSION >= 4007
31824 ++static tree get_new_rhs(struct pointer_set_t *visited, struct cgraph_node *caller_node, tree size_overflow_type, tree rhs)
31825 +{
31826 -+ unsigned int fn = CrapWow(fndecl, strlen(fndecl), seed) & 0xffff;
31827 -+ unsigned int codes = CrapWow(tree_codes, len, seed) & 0xffff;
31828 -+ return fn ^ codes;
31829 ++ if (is_gimple_constant(rhs))
31830 ++ return cast_a_tree(size_overflow_type, rhs);
31831 ++ if (TREE_CODE(rhs) != SSA_NAME)
31832 ++ return NULL_TREE;
31833 ++ return expand(visited, caller_node, rhs);
31834 +}
31835 +
31836 -+static inline tree get_original_function_decl(tree fndecl)
31837 ++static tree handle_ternary_ops(struct pointer_set_t *visited, struct cgraph_node *caller_node, tree lhs)
31838 +{
31839 -+ if (DECL_ABSTRACT_ORIGIN(fndecl))
31840 -+ return DECL_ABSTRACT_ORIGIN(fndecl);
31841 -+ return fndecl;
31842 ++ tree rhs1, rhs2, rhs3, new_rhs1, new_rhs2, new_rhs3, size_overflow_type;
31843 ++ gimple def_stmt = get_def_stmt(lhs);
31844 ++
31845 ++ size_overflow_type = get_size_overflow_type(def_stmt, lhs);
31846 ++
31847 ++ rhs1 = gimple_assign_rhs1(def_stmt);
31848 ++ rhs2 = gimple_assign_rhs2(def_stmt);
31849 ++ rhs3 = gimple_assign_rhs3(def_stmt);
31850 ++ new_rhs1 = get_new_rhs(visited, caller_node, size_overflow_type, rhs1);
31851 ++ new_rhs2 = get_new_rhs(visited, caller_node, size_overflow_type, rhs2);
31852 ++ new_rhs3 = get_new_rhs(visited, caller_node, size_overflow_type, rhs3);
31853 ++
31854 ++ return dup_assign(visited, def_stmt, lhs, new_rhs1, new_rhs2, new_rhs3);
31855 +}
31856 ++#endif
31857 +
31858 -+static inline gimple get_def_stmt(const_tree node)
31859 ++static tree get_size_overflow_type(gimple stmt, const_tree node)
31860 +{
31861 ++ const_tree type;
31862 ++ tree new_type;
31863 ++
31864 + gcc_assert(node != NULL_TREE);
31865 -+ if (TREE_CODE(node) != SSA_NAME)
31866 -+ return NULL;
31867 -+ return SSA_NAME_DEF_STMT(node);
31868 -+}
31869 +
31870 -+static unsigned char get_tree_code(const_tree type)
31871 -+{
31872 -+ switch (TREE_CODE(type)) {
31873 -+ case ARRAY_TYPE:
31874 -+ return 0;
31875 -+ case BOOLEAN_TYPE:
31876 -+ return 1;
31877 -+ case ENUMERAL_TYPE:
31878 -+ return 2;
31879 -+ case FUNCTION_TYPE:
31880 -+ return 3;
31881 -+ case INTEGER_TYPE:
31882 -+ return 4;
31883 -+ case POINTER_TYPE:
31884 -+ return 5;
31885 -+ case RECORD_TYPE:
31886 -+ return 6;
31887 -+ case UNION_TYPE:
31888 -+ return 7;
31889 -+ case VOID_TYPE:
31890 -+ return 8;
31891 -+ case REAL_TYPE:
31892 -+ return 9;
31893 -+ case VECTOR_TYPE:
31894 -+ return 10;
31895 -+ case REFERENCE_TYPE:
31896 -+ return 11;
31897 -+ case OFFSET_TYPE:
31898 -+ return 12;
31899 -+ case COMPLEX_TYPE:
31900 -+ return 13;
31901 ++ type = TREE_TYPE(node);
31902 ++
31903 ++ if (gimple_plf(stmt, MY_STMT))
31904 ++ return TREE_TYPE(node);
31905 ++
31906 ++ switch (TYPE_MODE(type)) {
31907 ++ case QImode:
31908 ++ new_type = intHI_type_node;
31909 ++ break;
31910 ++ case HImode:
31911 ++ new_type = intSI_type_node;
31912 ++ break;
31913 ++ case SImode:
31914 ++ new_type = intDI_type_node;
31915 ++ break;
31916 ++ case DImode:
31917 ++ if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode))
31918 ++ new_type = intDI_type_node;
31919 ++ else
31920 ++ new_type = intTI_type_node;
31921 ++ break;
31922 ++ case TImode:
31923 ++ gcc_assert(!TYPE_UNSIGNED(type));
31924 ++ new_type = intTI_type_node;
31925 ++ break;
31926 + default:
31927 -+ debug_tree((tree)type);
31928 ++ debug_tree((tree)node);
31929 ++ error("%s: unsupported gcc configuration (%qE).", __func__, current_function_decl);
31930 + gcc_unreachable();
31931 + }
31932 -+}
31933 +
31934 -+static size_t add_type_codes(const_tree type, unsigned char *tree_codes, size_t len)
31935 -+{
31936 -+ gcc_assert(type != NULL_TREE);
31937 -+
31938 -+ while (type && len < CODES_LIMIT) {
31939 -+ tree_codes[len] = get_tree_code(type);
31940 -+ len++;
31941 -+ type = TREE_TYPE(type);
31942 -+ }
31943 -+ return len;
31944 ++ if (TYPE_QUALS(type) != 0)
31945 ++ return build_qualified_type(new_type, TYPE_QUALS(type));
31946 ++ return new_type;
31947 +}
31948 +
31949 -+static unsigned int get_function_decl(const_tree fndecl, unsigned char *tree_codes)
31950 ++static tree expand_visited(gimple def_stmt)
31951 +{
31952 -+ const_tree arg, result, arg_field, type = TREE_TYPE(fndecl);
31953 -+ enum tree_code code = TREE_CODE(type);
31954 -+ size_t len = 0;
31955 -+
31956 -+ gcc_assert(code == FUNCTION_TYPE || code == METHOD_TYPE);
31957 -+
31958 -+ arg = TYPE_ARG_TYPES(type);
31959 -+ // skip builtins __builtin_constant_p
31960 -+ if (!arg && DECL_BUILT_IN(fndecl))
31961 -+ return 0;
31962 ++ const_gimple next_stmt;
31963 ++ gimple_stmt_iterator gsi;
31964 ++ enum gimple_code code = gimple_code(def_stmt);
31965 +
31966 -+ if (TREE_CODE_CLASS(code) == tcc_type)
31967 -+ result = type;
31968 -+ else
31969 -+ result = DECL_RESULT(fndecl);
31970 ++ if (code == GIMPLE_ASM)
31971 ++ return NULL_TREE;
31972 +
31973 -+ gcc_assert(result != NULL_TREE);
31974 -+ len = add_type_codes(TREE_TYPE(result), tree_codes, len);
31975 ++ gsi = gsi_for_stmt(def_stmt);
31976 ++ gsi_next(&gsi);
31977 +
31978 -+ if (arg == NULL_TREE) {
31979 -+ gcc_assert(CODE_CONTAINS_STRUCT(TREE_CODE(fndecl), TS_DECL_NON_COMMON));
31980 -+ arg_field = DECL_ARGUMENT_FLD(fndecl);
31981 -+ if (arg_field == NULL_TREE)
31982 -+ return 0;
31983 -+ arg = TREE_TYPE(arg_field);
31984 -+ len = add_type_codes(arg, tree_codes, len);
31985 -+ gcc_assert(len != 0);
31986 -+ return len;
31987 -+ }
31988 ++ if (gimple_code(def_stmt) == GIMPLE_PHI && gsi_end_p(gsi))
31989 ++ return NULL_TREE;
31990 ++ gcc_assert(!gsi_end_p(gsi));
31991 ++ next_stmt = gsi_stmt(gsi);
31992 +
31993 -+ gcc_assert(arg != NULL_TREE && TREE_CODE(arg) == TREE_LIST);
31994 -+ while (arg && len < CODES_LIMIT) {
31995 -+ len = add_type_codes(TREE_VALUE(arg), tree_codes, len);
31996 -+ arg = TREE_CHAIN(arg);
31997 -+ }
31998 ++ if (gimple_code(def_stmt) == GIMPLE_PHI && !gimple_plf((gimple)next_stmt, MY_STMT))
31999 ++ return NULL_TREE;
32000 ++ gcc_assert(gimple_plf((gimple)next_stmt, MY_STMT));
32001 +
32002 -+ gcc_assert(len != 0);
32003 -+ return len;
32004 ++ return get_lhs(next_stmt);
32005 +}
32006 +
32007 -+static const struct size_overflow_hash *get_function_hash(tree fndecl)
32008 ++static tree expand(struct pointer_set_t *visited, struct cgraph_node *caller_node, tree lhs)
32009 +{
32010 -+ unsigned int hash;
32011 -+ const struct size_overflow_hash *entry;
32012 -+ unsigned char tree_codes[CODES_LIMIT];
32013 -+ size_t len;
32014 -+ const char *func_name;
32015 ++ gimple def_stmt;
32016 +
32017 -+ fndecl = get_original_function_decl(fndecl);
32018 -+ len = get_function_decl(fndecl, tree_codes);
32019 -+ if (len == 0)
32020 -+ return NULL;
32021 ++ def_stmt = get_def_stmt(lhs);
32022 ++
32023 ++ if (!def_stmt || gimple_code(def_stmt) == GIMPLE_NOP)
32024 ++ return NULL_TREE;
32025 +
32026 -+ func_name = get_asm_name(fndecl);
32027 -+ hash = get_hash_num(func_name, (const char*) tree_codes, len, 0);
32028 ++ if (gimple_plf(def_stmt, MY_STMT))
32029 ++ return lhs;
32030 +
32031 -+ entry = size_overflow_hash[hash];
32032 -+ while (entry) {
32033 -+ if (!strcmp(entry->name, func_name))
32034 -+ return entry;
32035 -+ entry = entry->next;
32036 ++ if (pointer_set_contains(visited, def_stmt))
32037 ++ return expand_visited(def_stmt);
32038 ++
32039 ++ switch (gimple_code(def_stmt)) {
32040 ++ case GIMPLE_PHI:
32041 ++ return handle_phi(visited, caller_node, lhs);
32042 ++ case GIMPLE_CALL:
32043 ++ case GIMPLE_ASM:
32044 ++ return create_assign(visited, def_stmt, lhs, AFTER_STMT);
32045 ++ case GIMPLE_ASSIGN:
32046 ++ switch (gimple_num_ops(def_stmt)) {
32047 ++ case 2:
32048 ++ return handle_unary_ops(visited, caller_node, def_stmt);
32049 ++ case 3:
32050 ++ return handle_binary_ops(visited, caller_node, lhs);
32051 ++#if BUILDING_GCC_VERSION >= 4007
32052 ++ case 4:
32053 ++ return handle_ternary_ops(visited, caller_node, lhs);
32054 ++#endif
32055 ++ }
32056 ++ default:
32057 ++ debug_gimple_stmt(def_stmt);
32058 ++ error("%s: unknown gimple code", __func__);
32059 ++ gcc_unreachable();
32060 + }
32061 -+
32062 -+ return NULL;
32063 +}
32064 +
32065 -+static bool is_bool(const_tree node)
32066 ++static tree cast_to_orig_type(gimple stmt, const_tree orig_node, tree new_node)
32067 +{
32068 -+ const_tree type;
32069 -+
32070 -+ if (node == NULL_TREE)
32071 -+ return false;
32072 ++ const_gimple assign;
32073 ++ tree orig_type = TREE_TYPE(orig_node);
32074 ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
32075 +
32076 -+ type = TREE_TYPE(node);
32077 -+ if (!INTEGRAL_TYPE_P(type))
32078 -+ return false;
32079 -+ if (TREE_CODE(type) == BOOLEAN_TYPE)
32080 -+ return true;
32081 -+ if (TYPE_PRECISION(type) == 1)
32082 -+ return true;
32083 -+ return false;
32084 ++ assign = build_cast_stmt(orig_type, new_node, CREATE_NEW_VAR, &gsi, BEFORE_STMT, false);
32085 ++ return gimple_assign_lhs(assign);
32086 +}
32087 +
32088 -+static bool skip_types(const_tree var)
32089 ++static void change_orig_node(struct interesting_node *cur_node, tree new_node)
32090 +{
32091 -+ tree type;
32092 ++ void (*set_rhs)(gimple, tree);
32093 ++ gimple stmt = cur_node->first_stmt;
32094 ++ const_tree orig_node = cur_node->node;
32095 +
32096 -+ if (is_gimple_constant(var))
32097 -+ return true;
32098 -+
32099 -+ switch (TREE_CODE(var)) {
32100 -+ case ADDR_EXPR:
32101 -+#if BUILDING_GCC_VERSION >= 4006
32102 -+ case MEM_REF:
32103 ++ switch (gimple_code(stmt)) {
32104 ++ case GIMPLE_RETURN:
32105 ++ gimple_return_set_retval(stmt, cast_to_orig_type(stmt, orig_node, new_node));
32106 ++ break;
32107 ++ case GIMPLE_CALL:
32108 ++ gimple_call_set_arg(stmt, cur_node->num - 1, cast_to_orig_type(stmt, orig_node, new_node));
32109 ++ break;
32110 ++ case GIMPLE_ASSIGN:
32111 ++ switch (cur_node->num) {
32112 ++ case 1:
32113 ++ set_rhs = &gimple_assign_set_rhs1;
32114 ++ break;
32115 ++ case 2:
32116 ++ set_rhs = &gimple_assign_set_rhs2;
32117 ++ break;
32118 ++#if BUILDING_GCC_VERSION > 4005
32119 ++ case 3:
32120 ++ set_rhs = &gimple_assign_set_rhs3;
32121 ++ break;
32122 +#endif
32123 -+ case ARRAY_REF:
32124 -+ case BIT_FIELD_REF:
32125 -+ case INDIRECT_REF:
32126 -+ case TARGET_MEM_REF:
32127 -+ return true;
32128 -+ case PARM_DECL:
32129 -+ case VAR_DECL:
32130 -+ case COMPONENT_REF:
32131 -+ return false;
32132 + default:
32133 -+ break;
32134 ++ gcc_unreachable();
32135 ++ }
32136 ++
32137 ++ set_rhs(stmt, cast_to_orig_type(stmt, orig_node, new_node));
32138 ++ break;
32139 ++ default:
32140 ++ debug_gimple_stmt(stmt);
32141 ++ gcc_unreachable();
32142 + }
32143 +
32144 -+ gcc_assert(TREE_CODE(var) == SSA_NAME);
32145 ++ update_stmt(stmt);
32146 ++}
32147 +
32148 -+ type = TREE_TYPE(var);
32149 -+ switch (TREE_CODE(type)) {
32150 -+ case INTEGER_TYPE:
32151 -+ case ENUMERAL_TYPE:
32152 -+ return false;
32153 -+ case BOOLEAN_TYPE:
32154 -+ return is_bool(var);
32155 -+ default:
32156 -+ break;
32157 -+ }
32158 ++static unsigned int get_correct_arg_count(unsigned int argnum, tree fndecl)
32159 ++{
32160 ++ const struct size_overflow_hash *hash;
32161 ++ unsigned int new_argnum;
32162 ++ tree arg;
32163 ++ const_tree origarg;
32164 +
32165 -+ gcc_assert(TREE_CODE(type) == POINTER_TYPE);
32166 ++ if (argnum == 0)
32167 ++ return argnum;
32168 +
32169 -+ type = TREE_TYPE(type);
32170 -+ gcc_assert(type != NULL_TREE);
32171 -+ switch (TREE_CODE(type)) {
32172 -+ case RECORD_TYPE:
32173 -+ case POINTER_TYPE:
32174 -+ case ARRAY_TYPE:
32175 -+ return true;
32176 -+ case VOID_TYPE:
32177 -+ case INTEGER_TYPE:
32178 -+ case UNION_TYPE:
32179 -+ return false;
32180 -+ default:
32181 -+ break;
32182 ++ hash = get_function_hash(fndecl);
32183 ++ if (hash && hash->param & (1U << argnum))
32184 ++ return argnum;
32185 ++
32186 ++ if (DECL_EXTERNAL(fndecl))
32187 ++ return argnum;
32188 ++
32189 ++ origarg = DECL_ARGUMENTS(DECL_ORIGIN(fndecl));
32190 ++ argnum--;
32191 ++ while (origarg && argnum) {
32192 ++ origarg = TREE_CHAIN(origarg);
32193 ++ argnum--;
32194 + }
32195 ++ gcc_assert(argnum == 0);
32196 ++ gcc_assert(origarg != NULL_TREE);
32197 ++
32198 ++ for (arg = DECL_ARGUMENTS(fndecl), new_argnum = 1; arg; arg = TREE_CHAIN(arg), new_argnum++)
32199 ++ if (operand_equal_p(origarg, arg, 0) || !strcmp(NAME(origarg), NAME(arg)))
32200 ++ return new_argnum;
32201 +
32202 -+ debug_tree((tree)var);
32203 -+ gcc_unreachable();
32204 ++ return CANNOT_FIND_ARG;
32205 +}
32206 +
32207 -+static unsigned int find_arg_number(const_tree arg, tree func)
32208 ++// Don't want to duplicate entries in next_cgraph_node
32209 ++static bool is_in_next_cgraph_node(struct next_cgraph_node *head, struct cgraph_node *node, const_tree fndecl, unsigned int num)
32210 +{
32211 -+ tree var;
32212 -+ unsigned int argnum = 1;
32213 ++ const_tree new_callee_fndecl;
32214 ++ struct next_cgraph_node *cur_node;
32215 +
32216 -+ if (TREE_CODE(arg) == SSA_NAME)
32217 -+ arg = SSA_NAME_VAR(arg);
32218 ++ if (fndecl == RET_CHECK)
32219 ++#if BUILDING_GCC_VERSION <= 4007
32220 ++ new_callee_fndecl = node->decl;
32221 ++#else
32222 ++ new_callee_fndecl = node->symbol.decl;
32223 ++#endif
32224 ++ else
32225 ++ new_callee_fndecl = fndecl;
32226 +
32227 -+ for (var = DECL_ARGUMENTS(func); var; var = TREE_CHAIN(var), argnum++) {
32228 -+ if (!operand_equal_p(arg, var, 0) && strcmp(NAME(var), NAME(arg)))
32229 ++ for (cur_node = head; cur_node; cur_node = cur_node->next) {
32230 ++#if BUILDING_GCC_VERSION <= 4007
32231 ++ if (!operand_equal_p(cur_node->current_function->decl, node->decl, 0))
32232 ++#else
32233 ++ if (!operand_equal_p(cur_node->current_function->symbol.decl, node->symbol.decl, 0))
32234 ++#endif
32235 + continue;
32236 -+ if (!skip_types(var))
32237 -+ return argnum;
32238 ++ if (!operand_equal_p(cur_node->callee_fndecl, new_callee_fndecl, 0))
32239 ++ continue;
32240 ++ if (num == cur_node->num)
32241 ++ return true;
32242 + }
32243 -+
32244 -+ return 0;
32245 ++ return false;
32246 +}
32247 +
32248 -+static tree create_new_var(tree type)
32249 ++/* Add a next_cgraph_node into the list for handle_function().
32250 ++ * handle_function() iterates over all the next cgraph nodes and
32251 ++ * starts the overflow check insertion process.
32252 ++ */
32253 ++static struct next_cgraph_node *create_new_next_cgraph_node(struct next_cgraph_node *head, struct cgraph_node *node, tree fndecl, unsigned int num)
32254 +{
32255 -+ tree new_var = create_tmp_var(type, "cicus");
32256 ++ struct next_cgraph_node *new_node;
32257 +
32258 ++ if (is_in_next_cgraph_node(head, node, fndecl, num))
32259 ++ return head;
32260 ++
32261 ++ new_node = (struct next_cgraph_node *)xmalloc(sizeof(*new_node));
32262 ++ new_node->current_function = node;
32263 ++ new_node->next = NULL;
32264 ++ new_node->num = num;
32265 ++ if (fndecl == RET_CHECK)
32266 +#if BUILDING_GCC_VERSION <= 4007
32267 -+ add_referenced_var(new_var);
32268 ++ new_node->callee_fndecl = node->decl;
32269 ++#else
32270 ++ new_node->callee_fndecl = node->symbol.decl;
32271 +#endif
32272 -+ return new_var;
32273 ++ else
32274 ++ new_node->callee_fndecl = fndecl;
32275 ++
32276 ++ if (!head)
32277 ++ return new_node;
32278 ++
32279 ++ new_node->next = head;
32280 ++ return new_node;
32281 +}
32282 +
32283 -+static gimple create_binary_assign(enum tree_code code, gimple stmt, tree rhs1, tree rhs2)
32284 ++static struct next_cgraph_node *create_new_next_cgraph_nodes(struct next_cgraph_node *head, struct cgraph_node *node, unsigned int num)
32285 +{
32286 -+ gimple assign;
32287 -+ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
32288 -+ tree type = TREE_TYPE(rhs1);
32289 -+ tree lhs = create_new_var(type);
32290 ++ struct cgraph_edge *e;
32291 +
32292 -+ gcc_assert(types_compatible_p(type, TREE_TYPE(rhs2)));
32293 -+ assign = gimple_build_assign_with_ops(code, lhs, rhs1, rhs2);
32294 -+ gimple_set_lhs(assign, make_ssa_name(lhs, assign));
32295 ++ if (num == 0)
32296 ++ return create_new_next_cgraph_node(head, node, RET_CHECK, num);
32297 +
32298 -+ gsi_insert_before(&gsi, assign, GSI_NEW_STMT);
32299 -+ update_stmt(assign);
32300 -+ gimple_set_plf(assign, MY_STMT, true);
32301 -+ return assign;
32302 ++ for (e = node->callers; e; e = e->next_caller) {
32303 ++ tree fndecl = gimple_call_fndecl(e->call_stmt);
32304 ++
32305 ++ gcc_assert(fndecl != NULL_TREE);
32306 ++ head = create_new_next_cgraph_node(head, e->caller, fndecl, num);
32307 ++ }
32308 ++
32309 ++ return head;
32310 +}
32311 +
32312 -+static tree cast_a_tree(tree type, tree var)
32313 ++static bool is_a_return_check(const_tree node)
32314 +{
32315 -+ gcc_assert(type != NULL_TREE);
32316 -+ gcc_assert(var != NULL_TREE);
32317 -+ gcc_assert(fold_convertible_p(type, var));
32318 ++ if (TREE_CODE(node) == FUNCTION_DECL)
32319 ++ return true;
32320 +
32321 -+ return fold_convert(type, var);
32322 ++ gcc_assert(TREE_CODE(node) == PARM_DECL);
32323 ++ return false;
32324 +}
32325 +
32326 -+static tree get_lhs(const_gimple stmt)
32327 ++static bool is_in_hash_table(tree fndecl, unsigned int num)
32328 +{
32329 -+ switch (gimple_code(stmt)) {
32330 -+ case GIMPLE_ASSIGN:
32331 -+ return gimple_get_lhs(stmt);
32332 -+ case GIMPLE_PHI:
32333 -+ return gimple_phi_result(stmt);
32334 -+ case GIMPLE_CALL:
32335 -+ return gimple_call_lhs(stmt);
32336 -+ default:
32337 -+ return NULL_TREE;
32338 -+ }
32339 ++ const struct size_overflow_hash *hash;
32340 ++
32341 ++ hash = get_function_hash(fndecl);
32342 ++ if (hash && (hash->param & (1U << num)))
32343 ++ return true;
32344 ++ return false;
32345 +}
32346 +
32347 -+static bool skip_cast(tree dst_type, const_tree rhs, bool force)
32348 ++struct missing_functions {
32349 ++ struct missing_functions *next;
32350 ++ const_tree node;
32351 ++ tree fndecl;
32352 ++};
32353 ++
32354 ++static struct missing_functions *create_new_missing_function(struct missing_functions *missing_fn_head, tree node)
32355 +{
32356 -+ const_gimple def_stmt = get_def_stmt(rhs);
32357 ++ struct missing_functions *new_function;
32358 +
32359 -+ if (force)
32360 -+ return false;
32361 ++ new_function = (struct missing_functions *)xmalloc(sizeof(*new_function));
32362 ++ new_function->node = node;
32363 ++ new_function->next = NULL;
32364 +
32365 -+ if (is_gimple_constant(rhs))
32366 -+ return false;
32367 ++ if (TREE_CODE(node) == FUNCTION_DECL)
32368 ++ new_function->fndecl = node;
32369 ++ else
32370 ++ new_function->fndecl = current_function_decl;
32371 ++ gcc_assert(new_function->fndecl);
32372 +
32373 -+ if (!def_stmt || gimple_code(def_stmt) == GIMPLE_NOP)
32374 -+ return false;
32375 ++ if (!missing_fn_head)
32376 ++ return new_function;
32377 +
32378 -+ if (!types_compatible_p(dst_type, TREE_TYPE(rhs)))
32379 ++ new_function->next = missing_fn_head;
32380 ++ return new_function;
32381 ++}
32382 ++
32383 ++/* Check if the function has a size_overflow attribute or it is in the size_overflow hash table.
32384 ++ * If the function is missing everywhere then print the missing message into stderr.
32385 ++ */
32386 ++static bool is_missing_function(tree orig_fndecl, unsigned int num)
32387 ++{
32388 ++ switch (DECL_FUNCTION_CODE(orig_fndecl)) {
32389 ++#if BUILDING_GCC_VERSION >= 4008
32390 ++ case BUILT_IN_BSWAP16:
32391 ++#endif
32392 ++ case BUILT_IN_BSWAP32:
32393 ++ case BUILT_IN_BSWAP64:
32394 ++ case BUILT_IN_EXPECT:
32395 ++ case BUILT_IN_MEMCMP:
32396 + return false;
32397 ++ default:
32398 ++ break;
32399 ++ }
32400 +
32401 -+ // DI type can be on 32 bit (from create_assign) but overflow type stays DI
32402 -+ if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode))
32403 ++ // skip test.c
32404 ++ if (strcmp(NAME(current_function_decl), "coolmalloc")) {
32405 ++ if (lookup_attribute("size_overflow", DECL_ATTRIBUTES(orig_fndecl)))
32406 ++ warning(0, "unnecessary size_overflow attribute on: %s\n", NAME(orig_fndecl));
32407 ++ }
32408 ++
32409 ++ if (is_in_hash_table(orig_fndecl, num))
32410 + return false;
32411 +
32412 ++ print_missing_msg(orig_fndecl, num);
32413 + return true;
32414 +}
32415 +
32416 -+static gimple build_cast_stmt(tree dst_type, tree rhs, tree lhs, gimple_stmt_iterator *gsi, bool before, bool force)
32417 ++// Get the argnum of a function decl, if node is a return then the argnum is 0
32418 ++static unsigned int get_function_num(const_tree node, const_tree orig_fndecl)
32419 +{
32420 -+ gimple assign, def_stmt;
32421 -+
32422 -+ gcc_assert(dst_type != NULL_TREE && rhs != NULL_TREE);
32423 -+ if (gsi_end_p(*gsi) && before == AFTER_STMT)
32424 -+ gcc_unreachable();
32425 -+
32426 -+ def_stmt = get_def_stmt(rhs);
32427 -+ if (skip_cast(dst_type, rhs, force) && gimple_plf(def_stmt, MY_STMT))
32428 -+ return def_stmt;
32429 -+
32430 -+ if (lhs == CREATE_NEW_VAR)
32431 -+ lhs = create_new_var(dst_type);
32432 ++ if (is_a_return_check(node))
32433 ++ return 0;
32434 ++ else
32435 ++ return find_arg_number_tree(node, orig_fndecl);
32436 ++}
32437 +
32438 -+ assign = gimple_build_assign(lhs, cast_a_tree(dst_type, rhs));
32439 ++/* If the function is missing from the hash table and it is a static function
32440 ++ * then create a next_cgraph_node from it for handle_function()
32441 ++ */
32442 ++static struct next_cgraph_node *check_missing_overflow_attribute_and_create_next_node(struct next_cgraph_node *cnodes, struct missing_functions *missing_fn_head)
32443 ++{
32444 ++ unsigned int num;
32445 ++ tree orig_fndecl;
32446 ++ struct cgraph_node *next_node = NULL;
32447 +
32448 -+ if (!gsi_end_p(*gsi)) {
32449 -+ location_t loc = gimple_location(gsi_stmt(*gsi));
32450 -+ gimple_set_location(assign, loc);
32451 -+ }
32452 ++ orig_fndecl = DECL_ORIGIN(missing_fn_head->fndecl);
32453 +
32454 -+ gimple_set_lhs(assign, make_ssa_name(lhs, assign));
32455 ++ num = get_function_num(missing_fn_head->node, orig_fndecl);
32456 ++ if (num == CANNOT_FIND_ARG)
32457 ++ return cnodes;
32458 +
32459 -+ if (before)
32460 -+ gsi_insert_before(gsi, assign, GSI_NEW_STMT);
32461 -+ else
32462 -+ gsi_insert_after(gsi, assign, GSI_NEW_STMT);
32463 -+ update_stmt(assign);
32464 -+ gimple_set_plf(assign, MY_STMT, true);
32465 ++ if (!is_missing_function(orig_fndecl, num))
32466 ++ return cnodes;
32467 +
32468 -+ return assign;
32469 ++ next_node = cgraph_get_node(missing_fn_head->fndecl);
32470 ++ if (next_node && next_node->local.local)
32471 ++ cnodes = create_new_next_cgraph_nodes(cnodes, next_node, num);
32472 ++ return cnodes;
32473 +}
32474 +
32475 -+static tree cast_to_new_size_overflow_type(gimple stmt, tree rhs, tree size_overflow_type, bool before)
32476 ++/* Search for missing size_overflow attributes on the last nodes in ipa and collect them
32477 ++ * into the next_cgraph_node list. They will be the next interesting returns or callees.
32478 ++ */
32479 ++static struct next_cgraph_node *search_overflow_attribute(struct next_cgraph_node *cnodes, struct interesting_node *cur_node)
32480 +{
32481 -+ gimple_stmt_iterator gsi;
32482 -+ tree lhs;
32483 -+ const_gimple new_stmt;
32484 ++ unsigned int i;
32485 ++ tree node;
32486 ++ struct missing_functions *cur, *missing_fn_head = NULL;
32487 +
32488 -+ if (rhs == NULL_TREE)
32489 -+ return NULL_TREE;
32490 ++#if BUILDING_GCC_VERSION == 4005
32491 ++ for (i = 0; i < VEC_length(tree, cur_node->last_nodes); i++) {
32492 ++ node = VEC_index(tree, cur_node->last_nodes, i);
32493 ++#elif BUILDING_GCC_VERSION <= 4007
32494 ++ FOR_EACH_VEC_ELT(tree, cur_node->last_nodes, i, node) {
32495 ++#else
32496 ++ FOR_EACH_VEC_ELT(*cur_node->last_nodes, i, node) {
32497 ++#endif
32498 ++ switch (TREE_CODE(node)) {
32499 ++ case PARM_DECL:
32500 ++ if (TREE_CODE(TREE_TYPE(node)) != INTEGER_TYPE)
32501 ++ break;
32502 ++ case FUNCTION_DECL:
32503 ++ missing_fn_head = create_new_missing_function(missing_fn_head, node);
32504 ++ break;
32505 ++ default:
32506 ++ break;
32507 ++ }
32508 ++ }
32509 +
32510 -+ gsi = gsi_for_stmt(stmt);
32511 -+ new_stmt = build_cast_stmt(size_overflow_type, rhs, CREATE_NEW_VAR, &gsi, before, false);
32512 ++ while (missing_fn_head) {
32513 ++ cnodes = check_missing_overflow_attribute_and_create_next_node(cnodes, missing_fn_head);
32514 +
32515 -+ lhs = get_lhs(new_stmt);
32516 -+ gcc_assert(lhs != NULL_TREE);
32517 -+ return lhs;
32518 ++ cur = missing_fn_head->next;
32519 ++ free(missing_fn_head);
32520 ++ missing_fn_head = cur;
32521 ++ }
32522 ++
32523 ++ return cnodes;
32524 +}
32525 +
32526 -+static tree cast_to_TI_type(gimple stmt, tree node)
32527 ++static void walk_phi_set_conditions(struct pointer_set_t *visited, bool *interesting_conditions, const_tree result)
32528 +{
32529 -+ gimple_stmt_iterator gsi;
32530 -+ gimple cast_stmt;
32531 -+ tree type = TREE_TYPE(node);
32532 ++ gimple phi = get_def_stmt(result);
32533 ++ unsigned int i, n = gimple_phi_num_args(phi);
32534 +
32535 -+ if (types_compatible_p(type, intTI_type_node))
32536 -+ return node;
32537 ++ pointer_set_insert(visited, phi);
32538 ++ for (i = 0; i < n; i++) {
32539 ++ const_tree arg = gimple_phi_arg_def(phi, i);
32540 +
32541 -+ gsi = gsi_for_stmt(stmt);
32542 -+ cast_stmt = build_cast_stmt(intTI_type_node, node, CREATE_NEW_VAR, &gsi, BEFORE_STMT, false);
32543 -+ return gimple_get_lhs(cast_stmt);
32544 ++ set_conditions(visited, interesting_conditions, arg);
32545 ++ }
32546 +}
32547 +
32548 -+static void check_function_hash(const_gimple stmt)
32549 ++enum conditions {
32550 ++ FROM_CONST, NOT_UNARY, CAST
32551 ++};
32552 ++
32553 ++// Search for constants, cast assignments and binary/ternary assignments
32554 ++static void set_conditions(struct pointer_set_t *visited, bool *interesting_conditions, const_tree lhs)
32555 +{
32556 -+ tree func;
32557 -+ const struct size_overflow_hash *hash;
32558 ++ gimple def_stmt = get_def_stmt(lhs);
32559 +
32560 -+ if (gimple_code(stmt) != GIMPLE_CALL)
32561 ++ if (is_gimple_constant(lhs)) {
32562 ++ interesting_conditions[FROM_CONST] = true;
32563 + return;
32564 ++ }
32565 +
32566 -+ func = gimple_call_fndecl(stmt);
32567 -+ //fs/xattr.c D.34222_15 = D.34219_14 (dentry_3(D), name_7(D), 0B, 0);
32568 -+ if (func == NULL_TREE)
32569 ++ if (!def_stmt)
32570 + return;
32571 +
32572 -+ hash = get_function_hash(func);
32573 -+ if (!hash)
32574 -+ print_missing_msg(func, 0);
32575 -+}
32576 -+
32577 -+static tree create_assign(struct pointer_set_t *visited, gimple oldstmt, tree rhs1, bool before)
32578 -+{
32579 -+ tree lhs, new_lhs;
32580 -+ gimple_stmt_iterator gsi;
32581 -+
32582 -+ if (rhs1 == NULL_TREE) {
32583 -+ debug_gimple_stmt(oldstmt);
32584 -+ error("%s: rhs1 is NULL_TREE", __func__);
32585 -+ gcc_unreachable();
32586 -+ }
32587 ++ if (pointer_set_contains(visited, def_stmt))
32588 ++ return;
32589 +
32590 -+ switch (gimple_code(oldstmt)) {
32591 -+ case GIMPLE_ASM:
32592 -+ lhs = rhs1;
32593 -+ break;
32594 ++ switch (gimple_code(def_stmt)) {
32595 ++ case GIMPLE_NOP:
32596 + case GIMPLE_CALL:
32597 -+ lhs = gimple_call_lhs(oldstmt);
32598 -+ break;
32599 ++ case GIMPLE_ASM:
32600 ++ return;
32601 ++ case GIMPLE_PHI:
32602 ++ return walk_phi_set_conditions(visited, interesting_conditions, lhs);
32603 + case GIMPLE_ASSIGN:
32604 -+ lhs = gimple_get_lhs(oldstmt);
32605 -+ break;
32606 ++ if (gimple_num_ops(def_stmt) == 2) {
32607 ++ const_tree rhs = gimple_assign_rhs1(def_stmt);
32608 ++
32609 ++ if (gimple_assign_cast_p(def_stmt))
32610 ++ interesting_conditions[CAST] = true;
32611 ++
32612 ++ return set_conditions(visited, interesting_conditions, rhs);
32613 ++ } else {
32614 ++ interesting_conditions[NOT_UNARY] = true;
32615 ++ return;
32616 ++ }
32617 + default:
32618 -+ debug_gimple_stmt(oldstmt);
32619 ++ debug_gimple_stmt(def_stmt);
32620 + gcc_unreachable();
32621 + }
32622 ++}
32623 +
32624 -+ gsi = gsi_for_stmt(oldstmt);
32625 -+ pointer_set_insert(visited, oldstmt);
32626 -+ if (lookup_stmt_eh_lp(oldstmt) != 0) {
32627 -+ basic_block next_bb, cur_bb;
32628 -+ const_edge e;
32629 -+
32630 -+ gcc_assert(before == false);
32631 -+ gcc_assert(stmt_can_throw_internal(oldstmt));
32632 -+ gcc_assert(gimple_code(oldstmt) == GIMPLE_CALL);
32633 -+ gcc_assert(!gsi_end_p(gsi));
32634 -+
32635 -+ cur_bb = gimple_bb(oldstmt);
32636 -+ next_bb = cur_bb->next_bb;
32637 -+ e = find_edge(cur_bb, next_bb);
32638 -+ gcc_assert(e != NULL);
32639 -+ gcc_assert(e->flags & EDGE_FALLTHRU);
32640 -+
32641 -+ gsi = gsi_after_labels(next_bb);
32642 -+ gcc_assert(!gsi_end_p(gsi));
32643 -+
32644 -+ before = true;
32645 -+ oldstmt = gsi_stmt(gsi);
32646 -+ }
32647 ++// determine whether duplication will be necessary or not.
32648 ++static void search_interesting_conditions(const_tree arg, bool *interesting_conditions)
32649 ++{
32650 ++ struct pointer_set_t *visited;
32651 +
32652 -+ new_lhs = cast_to_new_size_overflow_type(oldstmt, rhs1, get_size_overflow_type(oldstmt, lhs), before);
32653 -+ return new_lhs;
32654 ++ visited = pointer_set_create();
32655 ++ set_conditions(visited, interesting_conditions, arg);
32656 ++ pointer_set_destroy(visited);
32657 +}
32658 +
32659 -+static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, const_tree node, tree rhs1, tree rhs2, tree __unused rhs3)
32660 ++// Remove the size_overflow asm stmt and create an assignment from the input and output of the asm
32661 ++static void replace_size_overflow_asm_with_assign(gimple asm_stmt, tree lhs, tree rhs)
32662 +{
32663 -+ gimple stmt;
32664 ++ gimple assign;
32665 + gimple_stmt_iterator gsi;
32666 -+ tree size_overflow_type, new_var, lhs = gimple_get_lhs(oldstmt);
32667 -+
32668 -+ if (gimple_plf(oldstmt, MY_STMT))
32669 -+ return lhs;
32670 -+
32671 -+ if (gimple_num_ops(oldstmt) != 4 && rhs1 == NULL_TREE) {
32672 -+ rhs1 = gimple_assign_rhs1(oldstmt);
32673 -+ rhs1 = create_assign(visited, oldstmt, rhs1, BEFORE_STMT);
32674 -+ }
32675 -+ if (gimple_num_ops(oldstmt) == 3 && rhs2 == NULL_TREE) {
32676 -+ rhs2 = gimple_assign_rhs2(oldstmt);
32677 -+ rhs2 = create_assign(visited, oldstmt, rhs2, BEFORE_STMT);
32678 -+ }
32679 +
32680 -+ stmt = gimple_copy(oldstmt);
32681 -+ gimple_set_location(stmt, gimple_location(oldstmt));
32682 -+ gimple_set_plf(stmt, MY_STMT, true);
32683 -+
32684 -+ if (gimple_assign_rhs_code(oldstmt) == WIDEN_MULT_EXPR)
32685 -+ gimple_assign_set_rhs_code(stmt, MULT_EXPR);
32686 -+
32687 -+ size_overflow_type = get_size_overflow_type(oldstmt, node);
32688 ++ // already removed
32689 ++ if (gimple_bb(asm_stmt) == NULL)
32690 ++ return;
32691 ++ gsi = gsi_for_stmt(asm_stmt);
32692 +
32693 -+ new_var = create_new_var(size_overflow_type);
32694 -+ new_var = make_ssa_name(new_var, stmt);
32695 -+ gimple_set_lhs(stmt, new_var);
32696 ++ assign = gimple_build_assign(lhs, rhs);
32697 ++ gsi_insert_before(&gsi, assign, GSI_SAME_STMT);
32698 ++ SSA_NAME_DEF_STMT(lhs) = assign;
32699 +
32700 -+ if (rhs1 != NULL_TREE)
32701 -+ gimple_assign_set_rhs1(stmt, rhs1);
32702 ++ gsi_remove(&gsi, true);
32703 ++}
32704 +
32705 -+ if (rhs2 != NULL_TREE)
32706 -+ gimple_assign_set_rhs2(stmt, rhs2);
32707 -+#if BUILDING_GCC_VERSION >= 4007
32708 -+ if (rhs3 != NULL_TREE)
32709 -+ gimple_assign_set_rhs3(stmt, rhs3);
32710 -+#endif
32711 -+ gimple_set_vuse(stmt, gimple_vuse(oldstmt));
32712 -+ gimple_set_vdef(stmt, gimple_vdef(oldstmt));
32713 ++// Get the field decl of a component ref for intentional_overflow checking
32714 ++static const_tree search_field_decl(const_tree comp_ref)
32715 ++{
32716 ++ const_tree field = NULL_TREE;
32717 ++ unsigned int i, len = TREE_OPERAND_LENGTH(comp_ref);
32718 +
32719 -+ gsi = gsi_for_stmt(oldstmt);
32720 -+ gsi_insert_after(&gsi, stmt, GSI_SAME_STMT);
32721 -+ update_stmt(stmt);
32722 -+ pointer_set_insert(visited, oldstmt);
32723 -+ return gimple_get_lhs(stmt);
32724 ++ for (i = 0; i < len; i++) {
32725 ++ field = TREE_OPERAND(comp_ref, i);
32726 ++ if (TREE_CODE(field) == FIELD_DECL)
32727 ++ break;
32728 ++ }
32729 ++ gcc_assert(TREE_CODE(field) == FIELD_DECL);
32730 ++ return field;
32731 +}
32732 +
32733 -+static tree cast_parm_decl(tree phi_ssa_name, tree arg, tree size_overflow_type)
32734 ++/* Get the fndecl of an interesting stmt, the fndecl is the caller function if the interesting
32735 ++ * stmt is a return otherwise it is the callee function.
32736 ++ */
32737 ++static const_tree get_interesting_orig_fndecl(const_gimple stmt, unsigned int argnum)
32738 +{
32739 -+ basic_block first_bb;
32740 -+ gimple assign;
32741 -+ gimple_stmt_iterator gsi;
32742 ++ const_tree fndecl;
32743 +
32744 -+ first_bb = split_block_after_labels(ENTRY_BLOCK_PTR)->dest;
32745 -+ gcc_assert(dom_info_available_p(CDI_DOMINATORS));
32746 -+ set_immediate_dominator(CDI_DOMINATORS, first_bb, ENTRY_BLOCK_PTR);
32747 ++ if (argnum == 0)
32748 ++ fndecl = current_function_decl;
32749 ++ else
32750 ++ fndecl = gimple_call_fndecl(stmt);
32751 +
32752 -+ gsi = gsi_start_bb(first_bb);
32753 -+ assign = build_cast_stmt(size_overflow_type, arg, phi_ssa_name, &gsi, BEFORE_STMT, false);
32754 -+ return gimple_get_lhs(assign);
32755 ++ if (fndecl == NULL_TREE)
32756 ++ return NULL_TREE;
32757 ++
32758 ++ return DECL_ORIGIN(fndecl);
32759 +}
32760 +
32761 -+static tree use_phi_ssa_name(tree phi_ssa_name, tree new_arg)
32762 ++/* Get the param of the intentional_overflow attribute.
32763 ++ * * 0: MARK_NOT_INTENTIONAL
32764 ++ * * 1..MAX_PARAM: MARK_YES
32765 ++ * * -1: MARK_TURN_OFF
32766 ++ */
32767 ++static tree get_attribute_param(const_tree decl)
32768 +{
32769 -+ gimple_stmt_iterator gsi;
32770 -+ const_gimple assign;
32771 -+ gimple def_stmt = get_def_stmt(new_arg);
32772 ++ const_tree attr;
32773 +
32774 -+ if (gimple_code(def_stmt) == GIMPLE_PHI) {
32775 -+ gsi = gsi_after_labels(gimple_bb(def_stmt));
32776 -+ assign = build_cast_stmt(TREE_TYPE(new_arg), new_arg, phi_ssa_name, &gsi, BEFORE_STMT, true);
32777 -+ } else {
32778 -+ gsi = gsi_for_stmt(def_stmt);
32779 -+ assign = build_cast_stmt(TREE_TYPE(new_arg), new_arg, phi_ssa_name, &gsi, AFTER_STMT, true);
32780 -+ }
32781 ++ if (decl == NULL_TREE)
32782 ++ return NULL_TREE;
32783 ++
32784 ++ attr = lookup_attribute("intentional_overflow", DECL_ATTRIBUTES(decl));
32785 ++ if (!attr || !TREE_VALUE(attr))
32786 ++ return NULL_TREE;
32787 +
32788 -+ return gimple_get_lhs(assign);
32789 ++ return TREE_VALUE(attr);
32790 +}
32791 +
32792 -+static tree cast_visited_phi_arg(tree phi_ssa_name, tree arg, tree size_overflow_type)
32793 ++// MARK_TURN_OFF
32794 ++static bool is_turn_off_intentional_attr(const_tree decl)
32795 +{
32796 -+ basic_block bb;
32797 -+ gimple_stmt_iterator gsi;
32798 -+ const_gimple assign, def_stmt;
32799 ++ const_tree param_head;
32800 +
32801 -+ def_stmt = get_def_stmt(arg);
32802 -+ bb = gimple_bb(def_stmt);
32803 -+ gcc_assert(bb->index != 0);
32804 -+ gsi = gsi_after_labels(bb);
32805 ++ param_head = get_attribute_param(decl);
32806 ++ if (param_head == NULL_TREE)
32807 ++ return false;
32808 +
32809 -+ assign = build_cast_stmt(size_overflow_type, arg, phi_ssa_name, &gsi, BEFORE_STMT, false);
32810 -+ return gimple_get_lhs(assign);
32811 ++ if (TREE_INT_CST_HIGH(TREE_VALUE(param_head)) == -1)
32812 ++ return true;
32813 ++ return false;
32814 +}
32815 +
32816 -+static tree create_new_phi_arg(tree phi_ssa_name, tree new_arg, tree arg, gimple oldstmt)
32817 ++// MARK_NOT_INTENTIONAL
32818 ++static bool is_end_intentional_intentional_attr(const_tree decl, unsigned int argnum)
32819 +{
32820 -+ tree size_overflow_type;
32821 -+ const_gimple def_stmt = get_def_stmt(arg);
32822 ++ const_tree param_head;
32823 +
32824 -+ if (phi_ssa_name != NULL_TREE)
32825 -+ phi_ssa_name = SSA_NAME_VAR(phi_ssa_name);
32826 -+
32827 -+ size_overflow_type = get_size_overflow_type(oldstmt, arg);
32828 ++ if (argnum == 0)
32829 ++ return false;
32830 +
32831 -+ if (new_arg != NULL_TREE) {
32832 -+ gcc_assert(types_compatible_p(TREE_TYPE(new_arg), size_overflow_type));
32833 -+ return use_phi_ssa_name(phi_ssa_name, new_arg);
32834 -+ }
32835 ++ param_head = get_attribute_param(decl);
32836 ++ if (param_head == NULL_TREE)
32837 ++ return false;
32838 +
32839 -+ switch(gimple_code(def_stmt)) {
32840 -+ case GIMPLE_PHI:
32841 -+ return cast_visited_phi_arg(phi_ssa_name, arg, size_overflow_type);
32842 -+ case GIMPLE_NOP:
32843 -+ return cast_parm_decl(phi_ssa_name, arg, size_overflow_type);
32844 -+ default:
32845 -+ debug_gimple_stmt((gimple)def_stmt);
32846 -+ gcc_unreachable();
32847 -+ }
32848 ++ if (!TREE_INT_CST_LOW(TREE_VALUE(param_head)))
32849 ++ return true;
32850 ++ return false;
32851 +}
32852 +
32853 -+static gimple overflow_create_phi_node(gimple oldstmt, tree result)
32854 ++// MARK_YES
32855 ++static bool is_yes_intentional_attr(const_tree decl, unsigned int argnum)
32856 +{
32857 -+ basic_block bb;
32858 -+ gimple phi;
32859 -+ gimple_seq seq;
32860 -+ gimple_stmt_iterator gsi = gsi_for_stmt(oldstmt);
32861 ++ tree param, param_head;
32862 +
32863 -+ bb = gsi_bb(gsi);
32864 -+
32865 -+ phi = create_phi_node(result, bb);
32866 -+ gimple_phi_set_result(phi, make_ssa_name(result, phi));
32867 -+ seq = phi_nodes(bb);
32868 -+ gsi = gsi_last(seq);
32869 -+ gsi_remove(&gsi, false);
32870 ++ if (argnum == 0)
32871 ++ return false;
32872 +
32873 -+ gsi = gsi_for_stmt(oldstmt);
32874 -+ gsi_insert_after(&gsi, phi, GSI_NEW_STMT);
32875 -+ gimple_set_bb(phi, bb);
32876 -+ gimple_set_plf(phi, MY_STMT, true);
32877 -+ return phi;
32878 ++ param_head = get_attribute_param(decl);
32879 ++ for (param = param_head; param; param = TREE_CHAIN(param))
32880 ++ if (argnum == TREE_INT_CST_LOW(TREE_VALUE(param)))
32881 ++ return true;
32882 ++ return false;
32883 +}
32884 +
32885 -+static tree handle_phi(struct pointer_set_t *visited, tree orig_result)
32886 ++static bool is_size_overflow_intentional_asm_turn_off(const_gimple stmt)
32887 +{
32888 -+ gimple new_phi = NULL;
32889 -+ gimple oldstmt = get_def_stmt(orig_result);
32890 -+ tree phi_ssa_name = NULL_TREE;
32891 -+ unsigned int i;
32892 ++ const char *str;
32893 +
32894 -+ pointer_set_insert(visited, oldstmt);
32895 -+ for (i = 0; i < gimple_phi_num_args(oldstmt); i++) {
32896 -+ tree arg, new_arg;
32897 ++ if (!stmt)
32898 ++ return false;
32899 +
32900 -+ arg = gimple_phi_arg_def(oldstmt, i);
32901 ++ str = gimple_asm_string(stmt);
32902 ++ return !strcmp(str, "# size_overflow MARK_TURN_OFF\n\t");
32903 ++}
32904 +
32905 -+ new_arg = expand(visited, arg);
32906 -+ new_arg = create_new_phi_arg(phi_ssa_name, new_arg, arg, oldstmt);
32907 -+ if (i == 0) {
32908 -+ phi_ssa_name = new_arg;
32909 -+ new_phi = overflow_create_phi_node(oldstmt, SSA_NAME_VAR(phi_ssa_name));
32910 -+ }
32911 ++static bool is_size_overflow_intentional_asm_yes(const_gimple stmt)
32912 ++{
32913 ++ const char *str;
32914 +
32915 -+ gcc_assert(new_phi != NULL);
32916 -+ add_phi_arg(new_phi, new_arg, gimple_phi_arg_edge(oldstmt, i), gimple_location(oldstmt));
32917 -+ }
32918 ++ if (!stmt)
32919 ++ return false;
32920 +
32921 -+ gcc_assert(new_phi != NULL);
32922 -+ update_stmt(new_phi);
32923 -+ return gimple_phi_result(new_phi);
32924 ++ str = gimple_asm_string(stmt);
32925 ++ return !strcmp(str, "# size_overflow MARK_YES\n\t");
32926 +}
32927 +
32928 -+static tree change_assign_rhs(gimple stmt, const_tree orig_rhs, tree new_rhs)
32929 ++static bool is_size_overflow_asm(const_gimple stmt)
32930 +{
32931 -+ const_gimple assign;
32932 -+ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
32933 -+ tree origtype = TREE_TYPE(orig_rhs);
32934 ++ const char *str;
32935 +
32936 -+ gcc_assert(gimple_code(stmt) == GIMPLE_ASSIGN);
32937 ++ if (!stmt)
32938 ++ return false;
32939 +
32940 -+ assign = build_cast_stmt(origtype, new_rhs, CREATE_NEW_VAR, &gsi, BEFORE_STMT, false);
32941 -+ return gimple_get_lhs(assign);
32942 ++ str = gimple_asm_string(stmt);
32943 ++ return !strncmp(str, "# size_overflow", 15);
32944 +}
32945 +
32946 -+static bool is_a_cast_and_const_overflow(const_tree no_const_rhs)
32947 ++static void print_missing_intentional(enum mark callee_attr, enum mark caller_attr, const_tree decl, unsigned int argnum)
32948 +{
32949 -+ const_tree rhs1, lhs, rhs1_type, lhs_type;
32950 -+ enum machine_mode lhs_mode, rhs_mode;
32951 -+ gimple def_stmt = get_def_stmt(no_const_rhs);
32952 ++ location_t loc;
32953 +
32954 -+ if (!gimple_assign_cast_p(def_stmt))
32955 -+ return false;
32956 ++ if (caller_attr == MARK_NO || caller_attr == MARK_NOT_INTENTIONAL || caller_attr == MARK_TURN_OFF)
32957 ++ return;
32958 +
32959 -+ rhs1 = gimple_assign_rhs1(def_stmt);
32960 -+ lhs = gimple_get_lhs(def_stmt);
32961 -+ rhs1_type = TREE_TYPE(rhs1);
32962 -+ lhs_type = TREE_TYPE(lhs);
32963 -+ rhs_mode = TYPE_MODE(rhs1_type);
32964 -+ lhs_mode = TYPE_MODE(lhs_type);
32965 -+ if (TYPE_UNSIGNED(lhs_type) == TYPE_UNSIGNED(rhs1_type) || lhs_mode != rhs_mode)
32966 -+ return false;
32967 ++ if (callee_attr == MARK_NOT_INTENTIONAL || callee_attr == MARK_YES)
32968 ++ return;
32969 +
32970 -+ return true;
32971 ++ loc = DECL_SOURCE_LOCATION(decl);
32972 ++ inform(loc, "The intentional_overflow attribute is missing from +%s+%u+", NAME(decl), argnum);
32973 +}
32974 +
32975 -+static tree create_cast_assign(struct pointer_set_t *visited, gimple stmt)
32976 ++/* Get the type of the intentional_overflow attribute of a node
32977 ++ * * MARK_TURN_OFF
32978 ++ * * MARK_YES
32979 ++ * * MARK_NO
32980 ++ * * MARK_NOT_INTENTIONAL
32981 ++ */
32982 ++static enum mark get_intentional_attr_type(const_tree node)
32983 +{
32984 -+ tree rhs1 = gimple_assign_rhs1(stmt);
32985 -+ tree lhs = gimple_get_lhs(stmt);
32986 -+ const_tree rhs1_type = TREE_TYPE(rhs1);
32987 -+ const_tree lhs_type = TREE_TYPE(lhs);
32988 ++ const_tree cur_decl;
32989 ++
32990 ++ if (node == NULL_TREE)
32991 ++ return MARK_NO;
32992 ++
32993 ++ switch (TREE_CODE(node)) {
32994 ++ case COMPONENT_REF:
32995 ++ cur_decl = search_field_decl(node);
32996 ++ if (is_turn_off_intentional_attr(cur_decl))
32997 ++ return MARK_TURN_OFF;
32998 ++ if (is_end_intentional_intentional_attr(cur_decl, 1))
32999 ++ return MARK_YES;
33000 ++ break;
33001 ++ case PARM_DECL: {
33002 ++ unsigned int argnum;
33003 ++
33004 ++ cur_decl = DECL_ORIGIN(current_function_decl);
33005 ++ argnum = find_arg_number_tree(node, cur_decl);
33006 ++ if (argnum == CANNOT_FIND_ARG)
33007 ++ return MARK_NO;
33008 ++ if (is_yes_intentional_attr(cur_decl, argnum))
33009 ++ return MARK_YES;
33010 ++ if (is_end_intentional_intentional_attr(cur_decl, argnum))
33011 ++ return MARK_NOT_INTENTIONAL;
33012 ++ break;
33013 ++ }
33014 ++ case FUNCTION_DECL:
33015 ++ if (is_turn_off_intentional_attr(DECL_ORIGIN(node)))
33016 ++ return MARK_TURN_OFF;
33017 ++ break;
33018 ++ default:
33019 ++ break;
33020 ++ }
33021 ++ return MARK_NO;
33022 ++}
33023 +
33024 -+ if (TYPE_UNSIGNED(rhs1_type) == TYPE_UNSIGNED(lhs_type))
33025 -+ return create_assign(visited, stmt, lhs, AFTER_STMT);
33026 ++// Search for the intentional_overflow attribute on the last nodes
33027 ++static enum mark search_last_nodes_intentional(struct interesting_node *cur_node)
33028 ++{
33029 ++ unsigned int i;
33030 ++ tree last_node;
33031 ++ enum mark mark = MARK_NO;
33032 +
33033 -+ return create_assign(visited, stmt, rhs1, AFTER_STMT);
33034 ++#if BUILDING_GCC_VERSION == 4005
33035 ++ for (i = 0; i < VEC_length(tree, cur_node->last_nodes); i++) {
33036 ++ last_node = VEC_index(tree, cur_node->last_nodes, i);
33037 ++#elif BUILDING_GCC_VERSION <= 4007
33038 ++ FOR_EACH_VEC_ELT(tree, cur_node->last_nodes, i, last_node) {
33039 ++#else
33040 ++ FOR_EACH_VEC_ELT(*cur_node->last_nodes, i, last_node) {
33041 ++#endif
33042 ++ mark = get_intentional_attr_type(last_node);
33043 ++ if (mark != MARK_NO)
33044 ++ break;
33045 ++ }
33046 ++ return mark;
33047 +}
33048 +
33049 -+static bool no_uses(tree node)
33050 ++/* Check the intentional kind of size_overflow asm stmt (created by the gimple pass) and
33051 ++ * set the appropriate intentional_overflow type. Delete the asm stmt in the end.
33052 ++ */
33053 ++static bool is_intentional_attribute_from_gimple(struct interesting_node *cur_node)
33054 +{
33055 -+ imm_use_iterator imm_iter;
33056 -+ use_operand_p use_p;
33057 ++ const_tree input, output;
33058 +
33059 -+ FOR_EACH_IMM_USE_FAST(use_p, imm_iter, node) {
33060 -+ const_gimple use_stmt = USE_STMT(use_p);
33061 -+ if (use_stmt == NULL)
33062 -+ return true;
33063 -+ if (is_gimple_debug(use_stmt))
33064 -+ continue;
33065 -+ if (!(gimple_bb(use_stmt)->flags & BB_REACHABLE))
33066 -+ continue;
33067 ++ if (!cur_node->intentional_mark_from_gimple)
33068 + return false;
33069 -+ }
33070 ++
33071 ++ if (is_size_overflow_intentional_asm_yes(cur_node->intentional_mark_from_gimple))
33072 ++ cur_node->intentional_attr_cur_fndecl = MARK_YES;
33073 ++ else
33074 ++ cur_node->intentional_attr_cur_fndecl = MARK_TURN_OFF;
33075 ++
33076 ++ // skip param decls
33077 ++ if (gimple_asm_noutputs(cur_node->intentional_mark_from_gimple) == 0)
33078 ++ return true;
33079 ++ input = gimple_asm_input_op(cur_node->intentional_mark_from_gimple, 0);
33080 ++ output = gimple_asm_output_op(cur_node->intentional_mark_from_gimple, 0);
33081 ++
33082 ++ replace_size_overflow_asm_with_assign(cur_node->intentional_mark_from_gimple, TREE_VALUE(output), TREE_VALUE(input));
33083 + return true;
33084 +}
33085 +
33086 -+// 3.8.5 mm/page-writeback.c __ilog2_u64(): ret, uint + uintmax; uint -> int; int max
33087 -+static bool is_const_plus_unsigned_signed_truncation(const_tree lhs)
33088 ++/* Search intentional_overflow attribute on caller and on callee too.
33089 ++ * 0</MARK_YES: no dup, search size_overflow and intentional_overflow attributes
33090 ++ * 0/MARK_NOT_INTENTIONAL: no dup, search size_overflow attribute (int)
33091 ++ * -1/MARK_TURN_OFF: no dup, no search, current_function_decl -> no dup
33092 ++*/
33093 ++static void check_intentional_attribute_ipa(struct interesting_node *cur_node)
33094 +{
33095 -+ tree rhs1, lhs_type, rhs_type, rhs2, not_const_rhs;
33096 -+ gimple def_stmt = get_def_stmt(lhs);
33097 ++ const_tree fndecl;
33098 +
33099 -+ if (!def_stmt || !gimple_assign_cast_p(def_stmt))
33100 -+ return false;
33101 ++ if (is_turn_off_intentional_attr(DECL_ORIGIN(current_function_decl))) {
33102 ++ cur_node->intentional_attr_cur_fndecl = MARK_TURN_OFF;
33103 ++ return;
33104 ++ }
33105 +
33106 -+ rhs1 = gimple_assign_rhs1(def_stmt);
33107 -+ rhs_type = TREE_TYPE(rhs1);
33108 -+ lhs_type = TREE_TYPE(lhs);
33109 -+ if (TYPE_UNSIGNED(lhs_type) || !TYPE_UNSIGNED(rhs_type))
33110 -+ return false;
33111 -+ if (TYPE_MODE(lhs_type) != TYPE_MODE(rhs_type))
33112 -+ return false;
33113 ++ if (gimple_code(cur_node->first_stmt) == GIMPLE_ASM) {
33114 ++ cur_node->intentional_attr_cur_fndecl = MARK_NOT_INTENTIONAL;
33115 ++ return;
33116 ++ }
33117 +
33118 -+ def_stmt = get_def_stmt(rhs1);
33119 -+ if (!def_stmt || gimple_code(def_stmt) != GIMPLE_ASSIGN || gimple_num_ops(def_stmt) != 3)
33120 -+ return false;
33121 ++ if (gimple_code(cur_node->first_stmt) == GIMPLE_ASSIGN)
33122 ++ return;
33123 +
33124 -+ if (gimple_assign_rhs_code(def_stmt) != PLUS_EXPR)
33125 -+ return false;
33126 ++ fndecl = get_interesting_orig_fndecl(cur_node->first_stmt, cur_node->num);
33127 ++ if (is_turn_off_intentional_attr(fndecl)) {
33128 ++ cur_node->intentional_attr_decl = MARK_TURN_OFF;
33129 ++ return;
33130 ++ }
33131 +
33132 -+ rhs1 = gimple_assign_rhs1(def_stmt);
33133 -+ rhs2 = gimple_assign_rhs2(def_stmt);
33134 -+ if (!is_gimple_constant(rhs1) && !is_gimple_constant(rhs2))
33135 -+ return false;
33136 ++ if (is_end_intentional_intentional_attr(fndecl, cur_node->num))
33137 ++ cur_node->intentional_attr_decl = MARK_NOT_INTENTIONAL;
33138 ++ else if (is_yes_intentional_attr(fndecl, cur_node->num))
33139 ++ cur_node->intentional_attr_decl = MARK_YES;
33140 +
33141 -+ if (is_gimple_constant(rhs2))
33142 -+ not_const_rhs = rhs1;
33143 -+ else
33144 -+ not_const_rhs = rhs2;
33145 ++ if (is_intentional_attribute_from_gimple(cur_node))
33146 ++ return;
33147 +
33148 -+ return no_uses(not_const_rhs);
33149 ++ cur_node->intentional_attr_cur_fndecl = search_last_nodes_intentional(cur_node);
33150 ++ print_missing_intentional(cur_node->intentional_attr_decl, cur_node->intentional_attr_cur_fndecl, cur_node->fndecl, cur_node->num);
33151 +}
33152 +
33153 -+static bool skip_lhs_cast_check(const_gimple stmt)
33154 ++// e.g., 3.8.2, 64, arch/x86/ia32/ia32_signal.c copy_siginfo_from_user32(): compat_ptr() u32 max
33155 ++static bool skip_asm(const_tree arg)
33156 +{
33157 -+ const_tree rhs = gimple_assign_rhs1(stmt);
33158 -+ const_gimple def_stmt = get_def_stmt(rhs);
33159 -+
33160 -+ // 3.8.2 kernel/futex_compat.c compat_exit_robust_list(): get_user() 64 ulong -> int (compat_long_t), int max
33161 -+ if (gimple_code(def_stmt) == GIMPLE_ASM)
33162 -+ return true;
33163 ++ gimple def_stmt = get_def_stmt(arg);
33164 +
33165 -+ if (is_const_plus_unsigned_signed_truncation(rhs))
33166 -+ return true;
33167 ++ if (!def_stmt || !gimple_assign_cast_p(def_stmt))
33168 ++ return false;
33169 +
33170 -+ return false;
33171 ++ def_stmt = get_def_stmt(gimple_assign_rhs1(def_stmt));
33172 ++ return def_stmt && gimple_code(def_stmt) == GIMPLE_ASM;
33173 +}
33174 +
33175 -+static tree create_cast_overflow_check(struct pointer_set_t *visited, tree new_rhs1, gimple stmt)
33176 ++static void walk_use_def_phi(struct pointer_set_t *visited, struct interesting_node *cur_node, tree result)
33177 +{
33178 -+ bool cast_lhs, cast_rhs;
33179 -+ tree lhs = gimple_get_lhs(stmt);
33180 -+ tree rhs = gimple_assign_rhs1(stmt);
33181 -+ const_tree lhs_type = TREE_TYPE(lhs);
33182 -+ const_tree rhs_type = TREE_TYPE(rhs);
33183 -+ enum machine_mode lhs_mode = TYPE_MODE(lhs_type);
33184 -+ enum machine_mode rhs_mode = TYPE_MODE(rhs_type);
33185 -+ unsigned int lhs_size = GET_MODE_BITSIZE(lhs_mode);
33186 -+ unsigned int rhs_size = GET_MODE_BITSIZE(rhs_mode);
33187 -+
33188 -+ static bool check_lhs[3][4] = {
33189 -+ // ss su us uu
33190 -+ { false, true, true, false }, // lhs > rhs
33191 -+ { false, false, false, false }, // lhs = rhs
33192 -+ { true, true, true, true }, // lhs < rhs
33193 -+ };
33194 -+
33195 -+ static bool check_rhs[3][4] = {
33196 -+ // ss su us uu
33197 -+ { true, false, true, true }, // lhs > rhs
33198 -+ { true, false, true, true }, // lhs = rhs
33199 -+ { true, false, true, true }, // lhs < rhs
33200 -+ };
33201 ++ gimple phi = get_def_stmt(result);
33202 ++ unsigned int i, n = gimple_phi_num_args(phi);
33203 +
33204 -+ // skip lhs check on signed SI -> HI cast or signed SI -> QI cast !!!!
33205 -+ if (rhs_mode == SImode && !TYPE_UNSIGNED(rhs_type) && (lhs_mode == HImode || lhs_mode == QImode))
33206 -+ return create_assign(visited, stmt, lhs, AFTER_STMT);
33207 ++ pointer_set_insert(visited, phi);
33208 ++ for (i = 0; i < n; i++) {
33209 ++ tree arg = gimple_phi_arg_def(phi, i);
33210 +
33211 -+ if (lhs_size > rhs_size) {
33212 -+ cast_lhs = check_lhs[0][TYPE_UNSIGNED(rhs_type) + 2 * TYPE_UNSIGNED(lhs_type)];
33213 -+ cast_rhs = check_rhs[0][TYPE_UNSIGNED(rhs_type) + 2 * TYPE_UNSIGNED(lhs_type)];
33214 -+ } else if (lhs_size == rhs_size) {
33215 -+ cast_lhs = check_lhs[1][TYPE_UNSIGNED(rhs_type) + 2 * TYPE_UNSIGNED(lhs_type)];
33216 -+ cast_rhs = check_rhs[1][TYPE_UNSIGNED(rhs_type) + 2 * TYPE_UNSIGNED(lhs_type)];
33217 -+ } else {
33218 -+ cast_lhs = check_lhs[2][TYPE_UNSIGNED(rhs_type) + 2 * TYPE_UNSIGNED(lhs_type)];
33219 -+ cast_rhs = check_rhs[2][TYPE_UNSIGNED(rhs_type) + 2 * TYPE_UNSIGNED(lhs_type)];
33220 ++ walk_use_def(visited, cur_node, arg);
33221 + }
33222 ++}
33223 +
33224 -+ if (!cast_lhs && !cast_rhs)
33225 -+ return dup_assign(visited, stmt, lhs, new_rhs1, NULL_TREE, NULL_TREE);
33226 -+
33227 -+ if (cast_lhs && !skip_lhs_cast_check(stmt))
33228 -+ check_size_overflow(stmt, TREE_TYPE(new_rhs1), new_rhs1, lhs, BEFORE_STMT);
33229 ++static void walk_use_def_binary(struct pointer_set_t *visited, struct interesting_node *cur_node, tree lhs)
33230 ++{
33231 ++ gimple def_stmt = get_def_stmt(lhs);
33232 ++ tree rhs1, rhs2;
33233 +
33234 -+ if (cast_rhs)
33235 -+ check_size_overflow(stmt, TREE_TYPE(new_rhs1), new_rhs1, rhs, BEFORE_STMT);
33236 ++ rhs1 = gimple_assign_rhs1(def_stmt);
33237 ++ rhs2 = gimple_assign_rhs2(def_stmt);
33238 +
33239 -+ return dup_assign(visited, stmt, lhs, new_rhs1, NULL_TREE, NULL_TREE);
33240 ++ walk_use_def(visited, cur_node, rhs1);
33241 ++ walk_use_def(visited, cur_node, rhs2);
33242 +}
33243 +
33244 -+static tree handle_unary_rhs(struct pointer_set_t *visited, gimple stmt)
33245 ++static void insert_last_node(struct interesting_node *cur_node, tree node)
33246 +{
33247 -+ tree rhs1, new_rhs1, lhs = gimple_get_lhs(stmt);
33248 ++ unsigned int i;
33249 ++ tree element;
33250 ++ enum tree_code code;
33251 +
33252 -+ if (gimple_plf(stmt, MY_STMT))
33253 -+ return lhs;
33254 ++ gcc_assert(node != NULL_TREE);
33255 +
33256 -+ rhs1 = gimple_assign_rhs1(stmt);
33257 -+ if (TREE_CODE(TREE_TYPE(rhs1)) == POINTER_TYPE)
33258 -+ return create_assign(visited, stmt, lhs, AFTER_STMT);
33259 ++ if (is_gimple_constant(node))
33260 ++ return;
33261 +
33262 -+ new_rhs1 = expand(visited, rhs1);
33263 ++ code = TREE_CODE(node);
33264 ++ if (code == VAR_DECL) {
33265 ++ node = DECL_ORIGIN(node);
33266 ++ code = TREE_CODE(node);
33267 ++ }
33268 +
33269 -+ if (new_rhs1 == NULL_TREE)
33270 -+ return create_cast_assign(visited, stmt);
33271 ++ if (code != PARM_DECL && code != FUNCTION_DECL && code != COMPONENT_REF)
33272 ++ return;
33273 +
33274 -+ if (gimple_plf(stmt, NO_CAST_CHECK))
33275 -+ return dup_assign(visited, stmt, lhs, new_rhs1, NULL_TREE, NULL_TREE);
33276 ++#if BUILDING_GCC_VERSION == 4005
33277 ++ for (i = 0; i < VEC_length(tree, cur_node->last_nodes); i++) {
33278 ++ element = VEC_index(tree, cur_node->last_nodes, i);
33279 ++#elif BUILDING_GCC_VERSION <= 4007
33280 ++ FOR_EACH_VEC_ELT(tree, cur_node->last_nodes, i, element) {
33281 ++#else
33282 ++ FOR_EACH_VEC_ELT(*cur_node->last_nodes, i, element) {
33283 ++#endif
33284 ++ if (operand_equal_p(node, element, 0))
33285 ++ return;
33286 ++ }
33287 +
33288 -+ if (gimple_assign_rhs_code(stmt) == BIT_NOT_EXPR) {
33289 -+ tree size_overflow_type = get_size_overflow_type(stmt, rhs1);
33290 ++#if BUILDING_GCC_VERSION <= 4007
33291 ++ gcc_assert(VEC_length(tree, cur_node->last_nodes) < VEC_LEN);
33292 ++ VEC_safe_push(tree, gc, cur_node->last_nodes, node);
33293 ++#else
33294 ++ gcc_assert(cur_node->last_nodes->length() < VEC_LEN);
33295 ++ vec_safe_push(cur_node->last_nodes, node);
33296 ++#endif
33297 ++}
33298 +
33299 -+ new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT);
33300 -+ check_size_overflow(stmt, size_overflow_type, new_rhs1, rhs1, BEFORE_STMT);
33301 -+ return create_assign(visited, stmt, lhs, AFTER_STMT);
33302 -+ }
33303 ++// a size_overflow asm stmt in the control flow doesn't stop the recursion
33304 ++static void handle_asm_stmt(struct pointer_set_t *visited, struct interesting_node *cur_node, tree lhs, const_gimple stmt)
33305 ++{
33306 ++ const_tree asm_lhs;
33307 +
33308 -+ if (!gimple_assign_cast_p(stmt))
33309 -+ return dup_assign(visited, stmt, lhs, new_rhs1, NULL_TREE, NULL_TREE);
33310 ++ if (!is_size_overflow_asm(stmt))
33311 ++ return walk_use_def(visited, cur_node, SSA_NAME_VAR(lhs));
33312 +
33313 -+ return create_cast_overflow_check(visited, new_rhs1, stmt);
33314 ++ asm_lhs = gimple_asm_input_op(stmt, 0);
33315 ++ walk_use_def(visited, cur_node, TREE_VALUE(asm_lhs));
33316 +}
33317 +
33318 -+static tree handle_unary_ops(struct pointer_set_t *visited, gimple stmt)
33319 ++/* collect the parm_decls and fndecls (for checking a missing size_overflow attribute (ret or arg) or intentional_overflow)
33320 ++ * and component refs (for checking the intentional_overflow attribute).
33321 ++ */
33322 ++static void walk_use_def(struct pointer_set_t *visited, struct interesting_node *cur_node, tree lhs)
33323 +{
33324 -+ tree rhs1, lhs = gimple_get_lhs(stmt);
33325 -+ gimple def_stmt = get_def_stmt(lhs);
33326 ++ const_gimple def_stmt;
33327 +
33328 -+ gcc_assert(gimple_code(def_stmt) != GIMPLE_NOP);
33329 -+ rhs1 = gimple_assign_rhs1(def_stmt);
33330 ++ if (TREE_CODE(lhs) != SSA_NAME) {
33331 ++ insert_last_node(cur_node, lhs);
33332 ++ return;
33333 ++ }
33334 +
33335 -+ if (is_gimple_constant(rhs1))
33336 -+ return create_assign(visited, def_stmt, lhs, AFTER_STMT);
33337 ++ def_stmt = get_def_stmt(lhs);
33338 ++ if (!def_stmt)
33339 ++ return;
33340 +
33341 -+ switch (TREE_CODE(rhs1)) {
33342 -+ case SSA_NAME:
33343 -+ return handle_unary_rhs(visited, def_stmt);
33344 -+ case ARRAY_REF:
33345 -+ case BIT_FIELD_REF:
33346 -+ case ADDR_EXPR:
33347 -+ case COMPONENT_REF:
33348 -+ case INDIRECT_REF:
33349 -+#if BUILDING_GCC_VERSION >= 4006
33350 -+ case MEM_REF:
33351 -+#endif
33352 -+ case TARGET_MEM_REF:
33353 -+ return create_assign(visited, def_stmt, lhs, AFTER_STMT);
33354 -+ case PARM_DECL:
33355 -+ case VAR_DECL:
33356 -+ return create_assign(visited, stmt, lhs, AFTER_STMT);
33357 ++ if (pointer_set_insert(visited, def_stmt))
33358 ++ return;
33359 ++
33360 ++ switch (gimple_code(def_stmt)) {
33361 ++ case GIMPLE_NOP:
33362 ++ return walk_use_def(visited, cur_node, SSA_NAME_VAR(lhs));
33363 ++ case GIMPLE_ASM:
33364 ++ return handle_asm_stmt(visited, cur_node, lhs, def_stmt);
33365 ++ case GIMPLE_CALL: {
33366 ++ tree fndecl = gimple_call_fndecl(def_stmt);
33367 +
33368 ++ if (fndecl == NULL_TREE)
33369 ++ return;
33370 ++ insert_last_node(cur_node, fndecl);
33371 ++ return;
33372 ++ }
33373 ++ case GIMPLE_PHI:
33374 ++ return walk_use_def_phi(visited, cur_node, lhs);
33375 ++ case GIMPLE_ASSIGN:
33376 ++ switch (gimple_num_ops(def_stmt)) {
33377 ++ case 2:
33378 ++ return walk_use_def(visited, cur_node, gimple_assign_rhs1(def_stmt));
33379 ++ case 3:
33380 ++ return walk_use_def_binary(visited, cur_node, lhs);
33381 ++ }
33382 + default:
33383 -+ debug_gimple_stmt(def_stmt);
33384 -+ debug_tree(rhs1);
33385 ++ debug_gimple_stmt((gimple)def_stmt);
33386 ++ error("%s: unknown gimple code", __func__);
33387 + gcc_unreachable();
33388 + }
33389 +}
33390 +
33391 -+static void insert_cond(basic_block cond_bb, tree arg, enum tree_code cond_code, tree type_value)
33392 ++// Collect all the last nodes for checking the intentional_overflow and size_overflow attributes
33393 ++static void set_last_nodes(struct interesting_node *cur_node)
33394 +{
33395 -+ gimple cond_stmt;
33396 -+ gimple_stmt_iterator gsi = gsi_last_bb(cond_bb);
33397 ++ struct pointer_set_t *visited;
33398 +
33399 -+ cond_stmt = gimple_build_cond(cond_code, arg, type_value, NULL_TREE, NULL_TREE);
33400 -+ gsi_insert_after(&gsi, cond_stmt, GSI_CONTINUE_LINKING);
33401 -+ update_stmt(cond_stmt);
33402 ++ visited = pointer_set_create();
33403 ++ walk_use_def(visited, cur_node, cur_node->node);
33404 ++ pointer_set_destroy(visited);
33405 +}
33406 +
33407 -+static tree create_string_param(tree string)
33408 ++/* This function calls the main recursion function (expand) that duplicates the stmts. Before that it checks the intentional_overflow attribute and asm stmts,
33409 ++ * it decides whether the duplication is necessary or not and it searches for missing size_overflow attributes. After expand() it changes the orig node to the duplicated node
33410 ++ * in the original stmt (first stmt) and it inserts the overflow check for the arg of the callee or for the return value.
33411 ++ * If there is a mark_turn_off intentional attribute on the caller or the callee then there is no duplication and missing size_overflow attribute check anywhere.
33412 ++ * There is only missing size_overflow attribute checking if the intentional_overflow attribute is the mark_no type.
33413 ++ * Stmt duplication is unnecessary if there are no binary/ternary assignements or if the unary assignment isn't a cast.
33414 ++ * It skips the possible error codes too. If the def_stmts trace back to a constant and there are no binary/ternary assigments then we assume that it is some kind of error code.
33415 ++ */
33416 ++static struct next_cgraph_node *handle_interesting_stmt(struct next_cgraph_node *cnodes, struct interesting_node *cur_node, struct cgraph_node *caller_node)
33417 +{
33418 -+ tree i_type, a_type;
33419 -+ const int length = TREE_STRING_LENGTH(string);
33420 -+
33421 -+ gcc_assert(length > 0);
33422 -+
33423 -+ i_type = build_index_type(build_int_cst(NULL_TREE, length - 1));
33424 -+ a_type = build_array_type(char_type_node, i_type);
33425 ++ struct pointer_set_t *visited;
33426 ++ bool interesting_conditions[3] = {false, false, false};
33427 ++ tree new_node, orig_node = cur_node->node;
33428 +
33429 -+ TREE_TYPE(string) = a_type;
33430 -+ TREE_CONSTANT(string) = 1;
33431 -+ TREE_READONLY(string) = 1;
33432 ++ set_last_nodes(cur_node);
33433 +
33434 -+ return build1(ADDR_EXPR, ptr_type_node, string);
33435 -+}
33436 ++ check_intentional_attribute_ipa(cur_node);
33437 ++ if (cur_node->intentional_attr_decl == MARK_TURN_OFF || cur_node->intentional_attr_cur_fndecl == MARK_TURN_OFF)
33438 ++ return cnodes;
33439 +
33440 -+static void insert_cond_result(basic_block bb_true, const_gimple stmt, const_tree arg, bool min)
33441 -+{
33442 -+ gimple func_stmt;
33443 -+ const_gimple def_stmt;
33444 -+ const_tree loc_line;
33445 -+ tree loc_file, ssa_name, current_func;
33446 -+ expanded_location xloc;
33447 -+ char *ssa_name_buf;
33448 -+ int len;
33449 -+ gimple_stmt_iterator gsi = gsi_start_bb(bb_true);
33450 ++ search_interesting_conditions(orig_node, interesting_conditions);
33451 +
33452 -+ def_stmt = get_def_stmt(arg);
33453 -+ xloc = expand_location(gimple_location(def_stmt));
33454 ++ // error code
33455 ++ if (interesting_conditions[CAST] && interesting_conditions[FROM_CONST] && !interesting_conditions[NOT_UNARY])
33456 ++ return cnodes;
33457 +
33458 -+ if (!gimple_has_location(def_stmt)) {
33459 -+ xloc = expand_location(gimple_location(stmt));
33460 -+ if (!gimple_has_location(stmt))
33461 -+ xloc = expand_location(DECL_SOURCE_LOCATION(current_function_decl));
33462 -+ }
33463 ++ cnodes = search_overflow_attribute(cnodes, cur_node);
33464 +
33465 -+ loc_line = build_int_cstu(unsigned_type_node, xloc.line);
33466 ++ if (cur_node->intentional_attr_cur_fndecl != MARK_NO)
33467 ++ return cnodes;
33468 +
33469 -+ loc_file = build_string(strlen(xloc.file) + 1, xloc.file);
33470 -+ loc_file = create_string_param(loc_file);
33471 ++ // unnecessary overflow check
33472 ++ if (!interesting_conditions[CAST] && !interesting_conditions[NOT_UNARY])
33473 ++ return cnodes;
33474 +
33475 -+ current_func = build_string(NAME_LEN(current_function_decl) + 1, NAME(current_function_decl));
33476 -+ current_func = create_string_param(current_func);
33477 ++ visited = pointer_set_create();
33478 ++ new_node = expand(visited, caller_node, orig_node);
33479 ++ pointer_set_destroy(visited);
33480 +
33481 -+ gcc_assert(DECL_NAME(SSA_NAME_VAR(arg)) != NULL);
33482 -+ call_count++;
33483 -+ len = asprintf(&ssa_name_buf, "%s_%u %s, count: %u\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg), min ? "min" : "max", call_count);
33484 -+ gcc_assert(len > 0);
33485 -+ ssa_name = build_string(len + 1, ssa_name_buf);
33486 -+ free(ssa_name_buf);
33487 -+ ssa_name = create_string_param(ssa_name);
33488 ++ if (new_node == NULL_TREE)
33489 ++ return cnodes;
33490 +
33491 -+ // void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
33492 -+ func_stmt = gimple_build_call(report_size_overflow_decl, 4, loc_file, loc_line, current_func, ssa_name);
33493 ++ change_orig_node(cur_node, new_node);
33494 ++ check_size_overflow(caller_node, cur_node->first_stmt, TREE_TYPE(new_node), new_node, orig_node, BEFORE_STMT);
33495 +
33496 -+ gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING);
33497 ++ return cnodes;
33498 +}
33499 +
33500 -+static void __unused print_the_code_insertions(const_gimple stmt)
33501 ++// Check visited interesting nodes.
33502 ++static bool is_in_interesting_node(struct interesting_node *head, const_gimple first_stmt, const_tree node, unsigned int num)
33503 +{
33504 -+ location_t loc = gimple_location(stmt);
33505 ++ struct interesting_node *cur;
33506 +
33507 -+ inform(loc, "Integer size_overflow check applied here.");
33508 ++ for (cur = head; cur; cur = cur->next) {
33509 ++ if (!operand_equal_p(node, cur->node, 0))
33510 ++ continue;
33511 ++ if (num != cur->num)
33512 ++ continue;
33513 ++ if (first_stmt == cur->first_stmt)
33514 ++ return true;
33515 ++ }
33516 ++ return false;
33517 +}
33518 +
33519 -+static void insert_check_size_overflow(gimple stmt, enum tree_code cond_code, tree arg, tree type_value, bool before, bool min)
33520 ++/* Create an interesting node. The ipa pass starts to duplicate from these stmts.
33521 ++ first_stmt: it is the call or assignment or ret stmt, change_orig_node() will change the original node (retval, or function arg) in this
33522 ++ last_nodes: they are the last stmts in the recursion (they haven't a def_stmt). They are useful in the missing size_overflow attribute check and
33523 ++ the intentional_overflow attribute check. They are collected by set_last_nodes().
33524 ++ num: arg count of a call stmt or 0 when it is a ret
33525 ++ node: the recursion starts from here, it is a call arg or a return value
33526 ++ fndecl: the fndecl of the interesting node when the node is an arg. it is the fndecl of the callee function otherwise it is the fndecl of the caller (current_function_fndecl) function.
33527 ++ intentional_attr_decl: intentional_overflow attribute of the callee function
33528 ++ intentional_attr_cur_fndecl: intentional_overflow attribute of the caller function
33529 ++ intentional_mark_from_gimple: the intentional overflow type of size_overflow asm stmt from gimple if it exists
33530 ++ */
33531 ++static struct interesting_node *create_new_interesting_node(struct interesting_node *head, gimple first_stmt, tree node, unsigned int num, gimple asm_stmt)
33532 +{
33533 -+ basic_block cond_bb, join_bb, bb_true;
33534 -+ edge e;
33535 -+ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
33536 ++ struct interesting_node *new_node;
33537 ++ tree fndecl;
33538 ++ enum gimple_code code;
33539 +
33540 -+ cond_bb = gimple_bb(stmt);
33541 -+ if (before)
33542 -+ gsi_prev(&gsi);
33543 -+ if (gsi_end_p(gsi))
33544 -+ e = split_block_after_labels(cond_bb);
33545 ++ gcc_assert(node != NULL_TREE);
33546 ++ code = gimple_code(first_stmt);
33547 ++ gcc_assert(code == GIMPLE_CALL || code == GIMPLE_ASM || code == GIMPLE_ASSIGN || code == GIMPLE_RETURN);
33548 ++
33549 ++ if (num == CANNOT_FIND_ARG)
33550 ++ return head;
33551 ++
33552 ++ if (skip_types(node))
33553 ++ return head;
33554 ++
33555 ++ if (skip_asm(node))
33556 ++ return head;
33557 ++
33558 ++ if (is_gimple_call(first_stmt))
33559 ++ fndecl = gimple_call_fndecl(first_stmt);
33560 + else
33561 -+ e = split_block(cond_bb, gsi_stmt(gsi));
33562 -+ cond_bb = e->src;
33563 -+ join_bb = e->dest;
33564 -+ e->flags = EDGE_FALSE_VALUE;
33565 -+ e->probability = REG_BR_PROB_BASE;
33566 ++ fndecl = current_function_decl;
33567 +
33568 -+ bb_true = create_empty_bb(cond_bb);
33569 -+ make_edge(cond_bb, bb_true, EDGE_TRUE_VALUE);
33570 -+ make_edge(cond_bb, join_bb, EDGE_FALSE_VALUE);
33571 -+ make_edge(bb_true, join_bb, EDGE_FALLTHRU);
33572 ++ if (fndecl == NULL_TREE)
33573 ++ return head;
33574 +
33575 -+ gcc_assert(dom_info_available_p(CDI_DOMINATORS));
33576 -+ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb);
33577 -+ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb);
33578 ++ if (is_in_interesting_node(head, first_stmt, node, num))
33579 ++ return head;
33580 +
33581 -+ if (current_loops != NULL) {
33582 -+ gcc_assert(cond_bb->loop_father == join_bb->loop_father);
33583 -+ add_bb_to_loop(bb_true, cond_bb->loop_father);
33584 -+ }
33585 ++ new_node = (struct interesting_node *)xmalloc(sizeof(*new_node));
33586 +
33587 -+ insert_cond(cond_bb, arg, cond_code, type_value);
33588 -+ insert_cond_result(bb_true, stmt, arg, min);
33589 ++ new_node->next = NULL;
33590 ++ new_node->first_stmt = first_stmt;
33591 ++#if BUILDING_GCC_VERSION <= 4007
33592 ++ new_node->last_nodes = VEC_alloc(tree, gc, VEC_LEN);
33593 ++#else
33594 ++ vec_alloc(new_node->last_nodes, VEC_LEN);
33595 ++#endif
33596 ++ new_node->num = num;
33597 ++ new_node->node = node;
33598 ++ new_node->fndecl = fndecl;
33599 ++ new_node->intentional_attr_decl = MARK_NO;
33600 ++ new_node->intentional_attr_cur_fndecl = MARK_NO;
33601 ++ new_node->intentional_mark_from_gimple = asm_stmt;
33602 +
33603 -+// print_the_code_insertions(stmt);
33604 ++ if (!head)
33605 ++ return new_node;
33606 ++
33607 ++ new_node->next = head;
33608 ++ return new_node;
33609 +}
33610 +
33611 -+static void check_size_overflow(gimple stmt, tree size_overflow_type, tree cast_rhs, tree rhs, bool before)
33612 ++/* Check the ret stmts in the functions on the next cgraph node list (these functions will be in the hash table and they are reachable from ipa).
33613 ++ * If the ret stmt is in the next cgraph node list then it's an interesting ret.
33614 ++ */
33615 ++static struct interesting_node *handle_stmt_by_cgraph_nodes_ret(struct interesting_node *head, gimple stmt, struct next_cgraph_node *next_node)
33616 +{
33617 -+ const_tree rhs_type = TREE_TYPE(rhs);
33618 -+ tree cast_rhs_type, type_max_type, type_min_type, type_max, type_min;
33619 ++ struct next_cgraph_node *cur_node;
33620 ++ tree ret = gimple_return_retval(stmt);
33621 +
33622 -+ gcc_assert(rhs_type != NULL_TREE);
33623 -+ if (TREE_CODE(rhs_type) == POINTER_TYPE)
33624 -+ return;
33625 ++ if (ret == NULL_TREE)
33626 ++ return head;
33627 +
33628 -+ gcc_assert(TREE_CODE(rhs_type) == INTEGER_TYPE || TREE_CODE(rhs_type) == ENUMERAL_TYPE);
33629 ++ for (cur_node = next_node; cur_node; cur_node = cur_node->next) {
33630 ++ if (!operand_equal_p(cur_node->callee_fndecl, DECL_ORIGIN(current_function_decl), 0))
33631 ++ continue;
33632 ++ if (cur_node->num == 0)
33633 ++ head = create_new_interesting_node(head, stmt, ret, 0, NOT_INTENTIONAL_ASM);
33634 ++ }
33635 +
33636 -+ if (is_const_plus_unsigned_signed_truncation(rhs))
33637 -+ return;
33638 ++ return head;
33639 ++}
33640 +
33641 -+ type_max = cast_a_tree(size_overflow_type, TYPE_MAX_VALUE(rhs_type));
33642 -+ // typemax (-1) < typemin (0)
33643 -+ if (TREE_OVERFLOW(type_max))
33644 -+ return;
33645 ++/* Check the call stmts in the functions on the next cgraph node list (these functions will be in the hash table and they are reachable from ipa).
33646 ++ * If the call stmt is in the next cgraph node list then it's an interesting call.
33647 ++ */
33648 ++static struct interesting_node *handle_stmt_by_cgraph_nodes_call(struct interesting_node *head, gimple stmt, struct next_cgraph_node *next_node)
33649 ++{
33650 ++ unsigned int argnum;
33651 ++ tree fndecl, arg;
33652 ++ struct next_cgraph_node *cur_node;
33653 +
33654 -+ type_min = cast_a_tree(size_overflow_type, TYPE_MIN_VALUE(rhs_type));
33655 ++ fndecl = gimple_call_fndecl(stmt);
33656 ++ if (fndecl == NULL_TREE)
33657 ++ return head;
33658 +
33659 -+ cast_rhs_type = TREE_TYPE(cast_rhs);
33660 -+ type_max_type = TREE_TYPE(type_max);
33661 -+ type_min_type = TREE_TYPE(type_min);
33662 -+ gcc_assert(types_compatible_p(cast_rhs_type, type_max_type));
33663 -+ gcc_assert(types_compatible_p(type_max_type, type_min_type));
33664 ++ for (cur_node = next_node; cur_node; cur_node = cur_node->next) {
33665 ++ if (!operand_equal_p(cur_node->callee_fndecl, fndecl, 0))
33666 ++ continue;
33667 ++ argnum = get_correct_arg_count(cur_node->num, fndecl);
33668 ++ gcc_assert(argnum != CANNOT_FIND_ARG);
33669 ++ if (argnum == 0)
33670 ++ continue;
33671 ++
33672 ++ arg = gimple_call_arg(stmt, argnum - 1);
33673 ++ head = create_new_interesting_node(head, stmt, arg, argnum, NOT_INTENTIONAL_ASM);
33674 ++ }
33675 +
33676 -+ insert_check_size_overflow(stmt, GT_EXPR, cast_rhs, type_max, before, false);
33677 -+ insert_check_size_overflow(stmt, LT_EXPR, cast_rhs, type_min, before, true);
33678 ++ return head;
33679 +}
33680 +
33681 -+static bool is_a_constant_overflow(const_gimple stmt, const_tree rhs)
33682 ++static unsigned int check_ops(const_tree orig_node, const_tree node, unsigned int ret_count)
33683 +{
33684 -+ if (gimple_assign_rhs_code(stmt) == MIN_EXPR)
33685 -+ return false;
33686 -+ if (!is_gimple_constant(rhs))
33687 -+ return false;
33688 -+ return true;
33689 ++ if (!operand_equal_p(orig_node, node, 0))
33690 ++ return WRONG_NODE;
33691 ++ if (skip_types(node))
33692 ++ return WRONG_NODE;
33693 ++ return ret_count;
33694 +}
33695 +
33696 -+static tree get_def_stmt_rhs(const_tree var)
33697 ++// Get the index of the rhs node in an assignment
33698 ++static unsigned int get_assign_ops_count(const_gimple stmt, tree node)
33699 +{
33700 -+ tree rhs1, def_stmt_rhs1;
33701 -+ gimple rhs1_def_stmt, def_stmt_rhs1_def_stmt, def_stmt;
33702 -+
33703 -+ def_stmt = get_def_stmt(var);
33704 -+ gcc_assert(gimple_code(def_stmt) != GIMPLE_NOP && gimple_plf(def_stmt, MY_STMT) && gimple_assign_cast_p(def_stmt));
33705 ++ const_tree rhs1, rhs2;
33706 ++ unsigned int ret;
33707 +
33708 -+ rhs1 = gimple_assign_rhs1(def_stmt);
33709 -+ rhs1_def_stmt = get_def_stmt(rhs1);
33710 -+ if (!gimple_assign_cast_p(rhs1_def_stmt))
33711 -+ return rhs1;
33712 ++ gcc_assert(stmt);
33713 ++ gcc_assert(is_gimple_assign(stmt));
33714 +
33715 -+ def_stmt_rhs1 = gimple_assign_rhs1(rhs1_def_stmt);
33716 -+ def_stmt_rhs1_def_stmt = get_def_stmt(def_stmt_rhs1);
33717 ++ rhs1 = gimple_assign_rhs1(stmt);
33718 ++ gcc_assert(rhs1 != NULL_TREE);
33719 ++
33720 ++ switch (gimple_num_ops(stmt)) {
33721 ++ case 2:
33722 ++ return check_ops(node, rhs1, 1);
33723 ++ case 3:
33724 ++ ret = check_ops(node, rhs1, 1);
33725 ++ if (ret != WRONG_NODE)
33726 ++ return ret;
33727 +
33728 -+ switch (gimple_code(def_stmt_rhs1_def_stmt)) {
33729 -+ case GIMPLE_CALL:
33730 -+ case GIMPLE_NOP:
33731 -+ case GIMPLE_ASM:
33732 -+ case GIMPLE_PHI:
33733 -+ return def_stmt_rhs1;
33734 -+ case GIMPLE_ASSIGN:
33735 -+ return rhs1;
33736 ++ rhs2 = gimple_assign_rhs2(stmt);
33737 ++ gcc_assert(rhs2 != NULL_TREE);
33738 ++ return check_ops(node, rhs2, 2);
33739 + default:
33740 -+ debug_gimple_stmt(def_stmt_rhs1_def_stmt);
33741 + gcc_unreachable();
33742 + }
33743 +}
33744 +
33745 -+static tree handle_intentional_overflow(struct pointer_set_t *visited, bool check_overflow, gimple stmt, tree change_rhs, tree new_rhs2)
33746 ++// Find the correct arg number of a call stmt. It is needed when the interesting function is a cloned function.
33747 ++static unsigned int find_arg_number_gimple(const_tree arg, const_gimple stmt)
33748 +{
33749 -+ tree new_rhs, orig_rhs;
33750 -+ void (*gimple_assign_set_rhs)(gimple, tree);
33751 -+ tree rhs1 = gimple_assign_rhs1(stmt);
33752 -+ tree rhs2 = gimple_assign_rhs2(stmt);
33753 -+ tree lhs = gimple_get_lhs(stmt);
33754 ++ unsigned int i;
33755 +
33756 -+ if (!check_overflow)
33757 -+ return create_assign(visited, stmt, lhs, AFTER_STMT);
33758 ++ if (gimple_call_fndecl(stmt) == NULL_TREE)
33759 ++ return CANNOT_FIND_ARG;
33760 +
33761 -+ if (change_rhs == NULL_TREE)
33762 -+ return create_assign(visited, stmt, lhs, AFTER_STMT);
33763 ++ for (i = 0; i < gimple_call_num_args(stmt); i++) {
33764 ++ tree node;
33765 +
33766 -+ if (new_rhs2 == NULL_TREE) {
33767 -+ orig_rhs = rhs1;
33768 -+ gimple_assign_set_rhs = &gimple_assign_set_rhs1;
33769 -+ } else {
33770 -+ orig_rhs = rhs2;
33771 -+ gimple_assign_set_rhs = &gimple_assign_set_rhs2;
33772 ++ node = gimple_call_arg(stmt, i);
33773 ++ if (!operand_equal_p(arg, node, 0))
33774 ++ continue;
33775 ++ if (!skip_types(node))
33776 ++ return i + 1;
33777 + }
33778 +
33779 -+ check_size_overflow(stmt, TREE_TYPE(change_rhs), change_rhs, orig_rhs, BEFORE_STMT);
33780 -+
33781 -+ new_rhs = change_assign_rhs(stmt, orig_rhs, change_rhs);
33782 -+ gimple_assign_set_rhs(stmt, new_rhs);
33783 -+ update_stmt(stmt);
33784 -+
33785 -+ return create_assign(visited, stmt, lhs, AFTER_STMT);
33786 ++ return CANNOT_FIND_ARG;
33787 +}
33788 +
33789 -+static bool is_subtraction_special(const_gimple stmt)
33790 ++/* starting from the size_overflow asm stmt collect interesting stmts. They can be
33791 ++ * any of return, call or assignment stmts (because of inlining).
33792 ++ */
33793 ++static struct interesting_node *get_interesting_ret_or_call(struct pointer_set_t *visited, struct interesting_node *head, tree node, gimple intentional_asm)
33794 +{
33795 -+ gimple rhs1_def_stmt, rhs2_def_stmt;
33796 -+ const_tree rhs1_def_stmt_rhs1, rhs2_def_stmt_rhs1, rhs1_def_stmt_lhs, rhs2_def_stmt_lhs;
33797 -+ enum machine_mode rhs1_def_stmt_rhs1_mode, rhs2_def_stmt_rhs1_mode, rhs1_def_stmt_lhs_mode, rhs2_def_stmt_lhs_mode;
33798 -+ const_tree rhs1 = gimple_assign_rhs1(stmt);
33799 -+ const_tree rhs2 = gimple_assign_rhs2(stmt);
33800 ++ use_operand_p use_p;
33801 ++ imm_use_iterator imm_iter;
33802 ++ unsigned int argnum;
33803 +
33804 -+ if (is_gimple_constant(rhs1) || is_gimple_constant(rhs2))
33805 -+ return false;
33806 ++ if (is_size_overflow_intentional_asm_turn_off(intentional_asm))
33807 ++ return head;
33808 +
33809 -+ gcc_assert(TREE_CODE(rhs1) == SSA_NAME && TREE_CODE(rhs2) == SSA_NAME);
33810 ++ gcc_assert(TREE_CODE(node) == SSA_NAME);
33811 +
33812 -+ if (gimple_assign_rhs_code(stmt) != MINUS_EXPR)
33813 -+ return false;
33814 ++ if (pointer_set_insert(visited, node))
33815 ++ return head;
33816 +
33817 -+ rhs1_def_stmt = get_def_stmt(rhs1);
33818 -+ rhs2_def_stmt = get_def_stmt(rhs2);
33819 -+ if (!gimple_assign_cast_p(rhs1_def_stmt) || !gimple_assign_cast_p(rhs2_def_stmt))
33820 -+ return false;
33821 ++ FOR_EACH_IMM_USE_FAST(use_p, imm_iter, node) {
33822 ++ gimple stmt = USE_STMT(use_p);
33823 +
33824 -+ rhs1_def_stmt_rhs1 = gimple_assign_rhs1(rhs1_def_stmt);
33825 -+ rhs2_def_stmt_rhs1 = gimple_assign_rhs1(rhs2_def_stmt);
33826 -+ rhs1_def_stmt_lhs = gimple_get_lhs(rhs1_def_stmt);
33827 -+ rhs2_def_stmt_lhs = gimple_get_lhs(rhs2_def_stmt);
33828 -+ rhs1_def_stmt_rhs1_mode = TYPE_MODE(TREE_TYPE(rhs1_def_stmt_rhs1));
33829 -+ rhs2_def_stmt_rhs1_mode = TYPE_MODE(TREE_TYPE(rhs2_def_stmt_rhs1));
33830 -+ rhs1_def_stmt_lhs_mode = TYPE_MODE(TREE_TYPE(rhs1_def_stmt_lhs));
33831 -+ rhs2_def_stmt_lhs_mode = TYPE_MODE(TREE_TYPE(rhs2_def_stmt_lhs));
33832 -+ if (GET_MODE_BITSIZE(rhs1_def_stmt_rhs1_mode) <= GET_MODE_BITSIZE(rhs1_def_stmt_lhs_mode))
33833 -+ return false;
33834 -+ if (GET_MODE_BITSIZE(rhs2_def_stmt_rhs1_mode) <= GET_MODE_BITSIZE(rhs2_def_stmt_lhs_mode))
33835 -+ return false;
33836 ++ if (stmt == NULL)
33837 ++ return head;
33838 ++ if (is_gimple_debug(stmt))
33839 ++ continue;
33840 +
33841 -+ gimple_set_plf(rhs1_def_stmt, NO_CAST_CHECK, true);
33842 -+ gimple_set_plf(rhs2_def_stmt, NO_CAST_CHECK, true);
33843 -+ return true;
33844 ++ switch (gimple_code(stmt)) {
33845 ++ case GIMPLE_CALL:
33846 ++ argnum = find_arg_number_gimple(node, stmt);
33847 ++ head = create_new_interesting_node(head, stmt, node, argnum, intentional_asm);
33848 ++ break;
33849 ++ case GIMPLE_RETURN:
33850 ++ head = create_new_interesting_node(head, stmt, node, 0, intentional_asm);
33851 ++ break;
33852 ++ case GIMPLE_ASSIGN:
33853 ++ argnum = get_assign_ops_count(stmt, node);
33854 ++ head = create_new_interesting_node(head, stmt, node, argnum, intentional_asm);
33855 ++ break;
33856 ++ case GIMPLE_PHI: {
33857 ++ tree result = gimple_phi_result(stmt);
33858 ++ head = get_interesting_ret_or_call(visited, head, result, intentional_asm);
33859 ++ break;
33860 ++ }
33861 ++ case GIMPLE_ASM:
33862 ++ if (gimple_asm_noutputs(stmt) != 0)
33863 ++ break;
33864 ++ if (!is_size_overflow_asm(stmt))
33865 ++ break;
33866 ++ head = create_new_interesting_node(head, stmt, node, 1, intentional_asm);
33867 ++ break;
33868 ++ case GIMPLE_COND:
33869 ++ case GIMPLE_SWITCH:
33870 ++ break;
33871 ++ default:
33872 ++ debug_gimple_stmt(stmt);
33873 ++ gcc_unreachable();
33874 ++ break;
33875 ++ }
33876 ++ }
33877 ++ return head;
33878 +}
33879 +
33880 -+static tree handle_integer_truncation(struct pointer_set_t *visited, const_tree lhs)
33881 ++static void remove_size_overflow_asm(gimple stmt)
33882 +{
33883 -+ tree new_rhs1, new_rhs2;
33884 -+ tree new_rhs1_def_stmt_rhs1, new_rhs2_def_stmt_rhs1, new_lhs;
33885 -+ gimple assign, stmt = get_def_stmt(lhs);
33886 -+ tree rhs1 = gimple_assign_rhs1(stmt);
33887 -+ tree rhs2 = gimple_assign_rhs2(stmt);
33888 -+
33889 -+ if (!is_subtraction_special(stmt))
33890 -+ return NULL_TREE;
33891 ++ gimple_stmt_iterator gsi;
33892 +
33893 -+ new_rhs1 = expand(visited, rhs1);
33894 -+ new_rhs2 = expand(visited, rhs2);
33895 ++ gcc_assert(gimple_code(stmt) == GIMPLE_ASM);
33896 ++ gsi = gsi_for_stmt(stmt);
33897 ++ gsi_remove(&gsi, true);
33898 ++}
33899 +
33900 -+ new_rhs1_def_stmt_rhs1 = get_def_stmt_rhs(new_rhs1);
33901 -+ new_rhs2_def_stmt_rhs1 = get_def_stmt_rhs(new_rhs2);
33902 ++/* handle the size_overflow asm stmts from the gimple pass and collect the interesting stmts.
33903 ++ * If the asm stmt is a parm_decl kind (noutputs == 0) then remove it.
33904 ++ * If it is a simple asm stmt then replace it with an assignment from the asm input to the asm output.
33905 ++ */
33906 ++static struct interesting_node *handle_stmt_by_size_overflow_asm(gimple stmt, struct interesting_node *head)
33907 ++{
33908 ++ const_tree output, input;
33909 ++ struct pointer_set_t *visited;
33910 ++ gimple intentional_asm = NOT_INTENTIONAL_ASM;
33911 +
33912 -+ if (!types_compatible_p(TREE_TYPE(new_rhs1_def_stmt_rhs1), TREE_TYPE(new_rhs2_def_stmt_rhs1))) {
33913 -+ new_rhs1_def_stmt_rhs1 = cast_to_TI_type(stmt, new_rhs1_def_stmt_rhs1);
33914 -+ new_rhs2_def_stmt_rhs1 = cast_to_TI_type(stmt, new_rhs2_def_stmt_rhs1);
33915 -+ }
33916 ++ if (!is_size_overflow_asm(stmt))
33917 ++ return head;
33918 +
33919 -+ assign = create_binary_assign(MINUS_EXPR, stmt, new_rhs1_def_stmt_rhs1, new_rhs2_def_stmt_rhs1);
33920 -+ new_lhs = gimple_get_lhs(assign);
33921 -+ check_size_overflow(assign, TREE_TYPE(new_lhs), new_lhs, rhs1, AFTER_STMT);
33922 ++ if (is_size_overflow_intentional_asm_yes(stmt) || is_size_overflow_intentional_asm_turn_off(stmt))
33923 ++ intentional_asm = stmt;
33924 +
33925 -+ return dup_assign(visited, stmt, lhs, new_rhs1, new_rhs2, NULL_TREE);
33926 -+}
33927 ++ gcc_assert(gimple_asm_ninputs(stmt) == 1);
33928 ++ input = gimple_asm_input_op(stmt, 0);
33929 +
33930 -+static bool is_a_neg_overflow(const_gimple stmt, const_tree rhs)
33931 -+{
33932 -+ const_gimple def_stmt;
33933 ++ if (gimple_asm_noutputs(stmt) == 0) {
33934 ++ remove_size_overflow_asm(stmt);
33935 ++ if (is_gimple_constant(TREE_VALUE(input)))
33936 ++ return head;
33937 +
33938 -+ if (TREE_CODE(rhs) != SSA_NAME)
33939 -+ return false;
33940 ++ visited = pointer_set_create();
33941 ++ head = get_interesting_ret_or_call(visited, head, TREE_VALUE(input), intentional_asm);
33942 ++ pointer_set_destroy(visited);
33943 ++ return head;
33944 ++ }
33945 +
33946 -+ if (gimple_assign_rhs_code(stmt) != PLUS_EXPR)
33947 -+ return false;
33948 ++ output = gimple_asm_output_op(stmt, 0);
33949 +
33950 -+ def_stmt = get_def_stmt(rhs);
33951 -+ if (gimple_code(def_stmt) != GIMPLE_ASSIGN || gimple_assign_rhs_code(def_stmt) != BIT_NOT_EXPR)
33952 -+ return false;
33953 ++ if (!is_size_overflow_intentional_asm_yes(stmt) && !is_size_overflow_intentional_asm_turn_off(stmt))
33954 ++ replace_size_overflow_asm_with_assign(stmt, TREE_VALUE(output), TREE_VALUE(input));
33955 +
33956 -+ return true;
33957 ++ visited = pointer_set_create();
33958 ++ head = get_interesting_ret_or_call(visited, head, TREE_VALUE(output), intentional_asm);
33959 ++ pointer_set_destroy(visited);
33960 ++ return head;
33961 +}
33962 +
33963 -+static tree handle_binary_ops(struct pointer_set_t *visited, tree lhs)
33964 ++/* Iterate over all the stmts of a function and look for the size_overflow asm stmts (they were created in the gimple pass)
33965 ++ * or a call stmt or a return stmt and store them in the interesting_node list
33966 ++ */
33967 ++static struct interesting_node *collect_interesting_stmts(struct next_cgraph_node *next_node)
33968 +{
33969 -+ tree rhs1, rhs2, new_lhs;
33970 -+ gimple def_stmt = get_def_stmt(lhs);
33971 -+ tree new_rhs1 = NULL_TREE;
33972 -+ tree new_rhs2 = NULL_TREE;
33973 ++ basic_block bb;
33974 ++ struct interesting_node *head = NULL;
33975 +
33976 -+ rhs1 = gimple_assign_rhs1(def_stmt);
33977 -+ rhs2 = gimple_assign_rhs2(def_stmt);
33978 ++ FOR_ALL_BB(bb) {
33979 ++ gimple_stmt_iterator gsi;
33980 +
33981 -+ /* no DImode/TImode division in the 32/64 bit kernel */
33982 -+ switch (gimple_assign_rhs_code(def_stmt)) {
33983 -+ case RDIV_EXPR:
33984 -+ case TRUNC_DIV_EXPR:
33985 -+ case CEIL_DIV_EXPR:
33986 -+ case FLOOR_DIV_EXPR:
33987 -+ case ROUND_DIV_EXPR:
33988 -+ case TRUNC_MOD_EXPR:
33989 -+ case CEIL_MOD_EXPR:
33990 -+ case FLOOR_MOD_EXPR:
33991 -+ case ROUND_MOD_EXPR:
33992 -+ case EXACT_DIV_EXPR:
33993 -+ case POINTER_PLUS_EXPR:
33994 -+ case BIT_AND_EXPR:
33995 -+ return create_assign(visited, def_stmt, lhs, AFTER_STMT);
33996 -+ default:
33997 -+ break;
33998 -+ }
33999 ++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
34000 ++ enum gimple_code code;
34001 ++ gimple stmt = gsi_stmt(gsi);
34002 +
34003 -+ new_lhs = handle_integer_truncation(visited, lhs);
34004 -+ if (new_lhs != NULL_TREE)
34005 -+ return new_lhs;
34006 ++ code = gimple_code(stmt);
34007 +
34008 -+ if (TREE_CODE(rhs1) == SSA_NAME)
34009 -+ new_rhs1 = expand(visited, rhs1);
34010 -+ if (TREE_CODE(rhs2) == SSA_NAME)
34011 -+ new_rhs2 = expand(visited, rhs2);
34012 ++ if (code == GIMPLE_ASM)
34013 ++ head = handle_stmt_by_size_overflow_asm(stmt, head);
34014 +
34015 -+ if (is_a_neg_overflow(def_stmt, rhs2))
34016 -+ return handle_intentional_overflow(visited, true, def_stmt, new_rhs1, NULL_TREE);
34017 -+ if (is_a_neg_overflow(def_stmt, rhs1))
34018 -+ return handle_intentional_overflow(visited, true, def_stmt, new_rhs2, new_rhs2);
34019 ++ if (!next_node)
34020 ++ continue;
34021 ++ if (code == GIMPLE_CALL)
34022 ++ head = handle_stmt_by_cgraph_nodes_call(head, stmt, next_node);
34023 ++ if (code == GIMPLE_RETURN)
34024 ++ head = handle_stmt_by_cgraph_nodes_ret(head, stmt, next_node);
34025 ++ }
34026 ++ }
34027 ++ return head;
34028 ++}
34029 +
34030 ++static void set_current_function_decl(tree fndecl)
34031 ++{
34032 ++ gcc_assert(fndecl != NULL_TREE);
34033 +
34034 -+ if (is_a_constant_overflow(def_stmt, rhs2))
34035 -+ return handle_intentional_overflow(visited, !is_a_cast_and_const_overflow(rhs1), def_stmt, new_rhs1, NULL_TREE);
34036 -+ if (is_a_constant_overflow(def_stmt, rhs1))
34037 -+ return handle_intentional_overflow(visited, !is_a_cast_and_const_overflow(rhs2), def_stmt, new_rhs2, new_rhs2);
34038 ++ push_cfun(DECL_STRUCT_FUNCTION(fndecl));
34039 ++ calculate_dominance_info(CDI_DOMINATORS);
34040 ++ current_function_decl = fndecl;
34041 ++}
34042 +
34043 -+ return dup_assign(visited, def_stmt, lhs, new_rhs1, new_rhs2, NULL_TREE);
34044 ++static void unset_current_function_decl(void)
34045 ++{
34046 ++ free_dominance_info(CDI_DOMINATORS);
34047 ++ pop_cfun();
34048 ++ current_function_decl = NULL_TREE;
34049 +}
34050 +
34051 -+#if BUILDING_GCC_VERSION >= 4007
34052 -+static tree get_new_rhs(struct pointer_set_t *visited, tree size_overflow_type, tree rhs)
34053 ++static void free_interesting_node(struct interesting_node *head)
34054 +{
34055 -+ if (is_gimple_constant(rhs))
34056 -+ return cast_a_tree(size_overflow_type, rhs);
34057 -+ if (TREE_CODE(rhs) != SSA_NAME)
34058 -+ return NULL_TREE;
34059 -+ return expand(visited, rhs);
34060 ++ struct interesting_node *cur;
34061 ++
34062 ++ while (head) {
34063 ++ cur = head->next;
34064 ++#if BUILDING_GCC_VERSION <= 4007
34065 ++ VEC_free(tree, gc, head->last_nodes);
34066 ++#else
34067 ++ vec_free(head->last_nodes);
34068 ++#endif
34069 ++ free(head);
34070 ++ head = cur;
34071 ++ }
34072 +}
34073 +
34074 -+static tree handle_ternary_ops(struct pointer_set_t *visited, tree lhs)
34075 ++static struct visited *insert_visited_function(struct visited *head, struct interesting_node *cur_node)
34076 +{
34077 -+ tree rhs1, rhs2, rhs3, new_rhs1, new_rhs2, new_rhs3, size_overflow_type;
34078 -+ gimple def_stmt = get_def_stmt(lhs);
34079 ++ struct visited *new_visited;
34080 +
34081 -+ size_overflow_type = get_size_overflow_type(def_stmt, lhs);
34082 ++ new_visited = (struct visited *)xmalloc(sizeof(*new_visited));
34083 ++ new_visited->fndecl = cur_node->fndecl;
34084 ++ new_visited->num = cur_node->num;
34085 ++ new_visited->first_stmt = cur_node->first_stmt;
34086 ++ new_visited->next = NULL;
34087 +
34088 -+ rhs1 = gimple_assign_rhs1(def_stmt);
34089 -+ rhs2 = gimple_assign_rhs2(def_stmt);
34090 -+ rhs3 = gimple_assign_rhs3(def_stmt);
34091 -+ new_rhs1 = get_new_rhs(visited, size_overflow_type, rhs1);
34092 -+ new_rhs2 = get_new_rhs(visited, size_overflow_type, rhs2);
34093 -+ new_rhs3 = get_new_rhs(visited, size_overflow_type, rhs3);
34094 ++ if (!head)
34095 ++ return new_visited;
34096 +
34097 -+ return dup_assign(visited, def_stmt, lhs, new_rhs1, new_rhs2, new_rhs3);
34098 ++ new_visited->next = head;
34099 ++ return new_visited;
34100 +}
34101 -+#endif
34102 +
34103 -+static tree get_size_overflow_type(gimple stmt, const_tree node)
34104 ++/* Check whether the function was already visited. If the fndecl, the arg count of the fndecl and the first_stmt (call or return) are same then
34105 ++ * it is a visited function.
34106 ++ */
34107 ++static bool is_visited_function(struct visited *head, struct interesting_node *cur_node)
34108 +{
34109 -+ const_tree type;
34110 -+ tree new_type;
34111 ++ struct visited *cur;
34112 +
34113 -+ gcc_assert(node != NULL_TREE);
34114 ++ if (!head)
34115 ++ return false;
34116 +
34117 -+ type = TREE_TYPE(node);
34118 ++ for (cur = head; cur; cur = cur->next) {
34119 ++ if (!operand_equal_p(cur_node->fndecl, cur->fndecl, 0))
34120 ++ continue;
34121 ++ if (cur_node->num != cur->num)
34122 ++ continue;
34123 ++ if (cur_node->first_stmt == cur->first_stmt)
34124 ++ return true;
34125 ++ }
34126 ++ return false;
34127 ++}
34128 +
34129 -+ if (gimple_plf(stmt, MY_STMT))
34130 -+ return TREE_TYPE(node);
34131 ++static void free_next_cgraph_node(struct next_cgraph_node *head)
34132 ++{
34133 ++ struct next_cgraph_node *cur;
34134 +
34135 -+ switch (TYPE_MODE(type)) {
34136 -+ case QImode:
34137 -+ new_type = intHI_type_node;
34138 -+ break;
34139 -+ case HImode:
34140 -+ new_type = intSI_type_node;
34141 -+ break;
34142 -+ case SImode:
34143 -+ new_type = intDI_type_node;
34144 -+ break;
34145 -+ case DImode:
34146 -+ if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode))
34147 -+ new_type = intDI_type_node;
34148 -+ else
34149 -+ new_type = intTI_type_node;
34150 -+ break;
34151 -+ default:
34152 -+ debug_tree((tree)node);
34153 -+ error("%s: unsupported gcc configuration.", __func__);
34154 -+ gcc_unreachable();
34155 ++ while (head) {
34156 ++ cur = head->next;
34157 ++ free(head);
34158 ++ head = cur;
34159 + }
34160 -+
34161 -+ if (TYPE_QUALS(type) != 0)
34162 -+ return build_qualified_type(new_type, TYPE_QUALS(type));
34163 -+ return new_type;
34164 +}
34165 +
34166 -+static tree expand_visited(gimple def_stmt)
34167 ++/* Main recursive walk of the ipa pass: iterate over the collected interesting stmts in a function
34168 ++ * (they are interesting if they have an associated size_overflow asm stmt) and recursively walk
34169 ++ * the newly collected interesting functions (they are interesting if there is control flow between
34170 ++ * the interesting stmts and them).
34171 ++ */
34172 ++static struct visited *handle_function(struct cgraph_node *node, struct next_cgraph_node *next_node, struct visited *visited)
34173 +{
34174 -+ const_gimple next_stmt;
34175 -+ gimple_stmt_iterator gsi;
34176 -+ enum gimple_code code = gimple_code(def_stmt);
34177 ++ struct interesting_node *head, *cur_node;
34178 ++ struct next_cgraph_node *cur_cnodes, *cnodes_head = NULL;
34179 +
34180 -+ if (code == GIMPLE_ASM)
34181 -+ return NULL_TREE;
34182 ++#if BUILDING_GCC_VERSION <= 4007
34183 ++ set_current_function_decl(node->decl);
34184 ++#else
34185 ++ set_current_function_decl(node->symbol.decl);
34186 ++#endif
34187 ++ call_count = 0;
34188 +
34189 -+ gsi = gsi_for_stmt(def_stmt);
34190 -+ gsi_next(&gsi);
34191 ++ head = collect_interesting_stmts(next_node);
34192 ++ for (cur_node = head; cur_node; cur_node = cur_node->next) {
34193 ++ if (is_visited_function(visited, cur_node))
34194 ++ continue;
34195 ++ cnodes_head = handle_interesting_stmt(cnodes_head, cur_node, node);
34196 ++ visited = insert_visited_function(visited, cur_node);
34197 ++ }
34198 +
34199 -+ if (gimple_code(def_stmt) == GIMPLE_PHI && gsi_end_p(gsi))
34200 -+ return NULL_TREE;
34201 -+ gcc_assert(!gsi_end_p(gsi));
34202 -+ next_stmt = gsi_stmt(gsi);
34203 ++ free_interesting_node(head);
34204 ++ unset_current_function_decl();
34205 +
34206 -+ if (gimple_code(def_stmt) == GIMPLE_PHI && !gimple_plf((gimple)next_stmt, MY_STMT))
34207 -+ return NULL_TREE;
34208 -+ gcc_assert(gimple_plf((gimple)next_stmt, MY_STMT));
34209 ++ for (cur_cnodes = cnodes_head; cur_cnodes; cur_cnodes = cur_cnodes->next)
34210 ++ visited = handle_function(cur_cnodes->current_function, cur_cnodes, visited);
34211 +
34212 -+ return get_lhs(next_stmt);
34213 ++ free_next_cgraph_node(cnodes_head);
34214 ++ return visited;
34215 +}
34216 +
34217 -+static tree expand(struct pointer_set_t *visited, tree lhs)
34218 ++static void free_visited(struct visited *head)
34219 +{
34220 -+ gimple def_stmt;
34221 ++ struct visited *cur;
34222 +
34223 -+ if (skip_types(lhs))
34224 -+ return NULL_TREE;
34225 ++ while (head) {
34226 ++ cur = head->next;
34227 ++ free(head);
34228 ++ head = cur;
34229 ++ }
34230 ++}
34231 +
34232 -+ def_stmt = get_def_stmt(lhs);
34233 ++// erase the local flag
34234 ++static void set_plf_false(void)
34235 ++{
34236 ++ basic_block bb;
34237 +
34238 -+ if (!def_stmt || gimple_code(def_stmt) == GIMPLE_NOP)
34239 -+ return NULL_TREE;
34240 ++ FOR_ALL_BB(bb) {
34241 ++ gimple_stmt_iterator si;
34242 +
34243 -+ if (gimple_plf(def_stmt, MY_STMT))
34244 -+ return lhs;
34245 ++ for (si = gsi_start_bb(bb); !gsi_end_p(si); gsi_next(&si))
34246 ++ gimple_set_plf(gsi_stmt(si), MY_STMT, false);
34247 ++ for (si = gsi_start_phis(bb); !gsi_end_p(si); gsi_next(&si))
34248 ++ gimple_set_plf(gsi_stmt(si), MY_STMT, false);
34249 ++ }
34250 ++}
34251 +
34252 -+ if (pointer_set_contains(visited, def_stmt))
34253 -+ return expand_visited(def_stmt);
34254 ++#if BUILDING_GCC_VERSION <= 4006
34255 ++static bool cgraph_function_with_gimple_body_p(struct cgraph_node *node)
34256 ++{
34257 ++ return node->analyzed && !node->thunk.thunk_p && !node->alias;
34258 ++}
34259 +
34260 -+ switch (gimple_code(def_stmt)) {
34261 -+ case GIMPLE_PHI:
34262 -+ return handle_phi(visited, lhs);
34263 -+ case GIMPLE_CALL:
34264 -+ case GIMPLE_ASM:
34265 -+ return create_assign(visited, def_stmt, lhs, AFTER_STMT);
34266 -+ case GIMPLE_ASSIGN:
34267 -+ switch (gimple_num_ops(def_stmt)) {
34268 -+ case 2:
34269 -+ return handle_unary_ops(visited, def_stmt);
34270 -+ case 3:
34271 -+ return handle_binary_ops(visited, lhs);
34272 -+#if BUILDING_GCC_VERSION >= 4007
34273 -+ case 4:
34274 -+ return handle_ternary_ops(visited, lhs);
34275 -+#endif
34276 -+ }
34277 -+ default:
34278 -+ debug_gimple_stmt(def_stmt);
34279 -+ error("%s: unknown gimple code", __func__);
34280 -+ gcc_unreachable();
34281 ++static struct cgraph_node *cgraph_first_function_with_gimple_body(void)
34282 ++{
34283 ++ struct cgraph_node *node;
34284 ++
34285 ++ for (node = cgraph_nodes; node; node = node->next) {
34286 ++ if (cgraph_function_with_gimple_body_p(node))
34287 ++ return node;
34288 + }
34289 ++ return NULL;
34290 +}
34291 +
34292 -+static tree get_new_tree(gimple stmt, const_tree orig_node, tree new_node)
34293 ++static inline struct cgraph_node *cgraph_next_function_with_gimple_body(struct cgraph_node *node)
34294 +{
34295 -+ const_gimple assign;
34296 -+ tree orig_type = TREE_TYPE(orig_node);
34297 -+ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
34298 -+
34299 -+ assign = build_cast_stmt(orig_type, new_node, CREATE_NEW_VAR, &gsi, BEFORE_STMT, false);
34300 -+ return gimple_get_lhs(assign);
34301 ++ for (node = node->next; node; node = node->next) {
34302 ++ if (cgraph_function_with_gimple_body_p(node))
34303 ++ return node;
34304 ++ }
34305 ++ return NULL;
34306 +}
34307 +
34308 -+static void change_function_arg(gimple stmt, const_tree orig_arg, unsigned int argnum, tree new_arg)
34309 ++#define FOR_EACH_FUNCTION_WITH_GIMPLE_BODY(node) \
34310 ++ for ((node) = cgraph_first_function_with_gimple_body (); (node); \
34311 ++ (node) = cgraph_next_function_with_gimple_body (node))
34312 ++
34313 ++#endif
34314 ++
34315 ++// Main entry point of the ipa pass: erases the plf flag of all stmts and iterates over all the functions
34316 ++static unsigned int search_function(void)
34317 +{
34318 -+ gimple_call_set_arg(stmt, argnum, get_new_tree(stmt, orig_arg, new_arg));
34319 -+ update_stmt(stmt);
34320 ++ struct cgraph_node *node;
34321 ++ struct visited *visited = NULL;
34322 ++
34323 ++ FOR_EACH_FUNCTION_WITH_GIMPLE_BODY(node) {
34324 ++#if BUILDING_GCC_VERSION <= 4007
34325 ++ set_current_function_decl(node->decl);
34326 ++#else
34327 ++ set_current_function_decl(node->symbol.decl);
34328 ++#endif
34329 ++ set_plf_false();
34330 ++ unset_current_function_decl();
34331 ++ }
34332 ++
34333 ++ FOR_EACH_FUNCTION_WITH_GIMPLE_BODY(node) {
34334 ++ gcc_assert(cgraph_function_flags_ready);
34335 ++#if BUILDING_GCC_VERSION <= 4007
34336 ++ gcc_assert(node->reachable);
34337 ++#endif
34338 ++
34339 ++ visited = handle_function(node, NULL, visited);
34340 ++ }
34341 ++
34342 ++ free_visited(visited);
34343 ++ return 0;
34344 +}
34345 +
34346 -+static void change_function_return(gimple stmt, const_tree orig_ret, tree new_ret)
34347 ++static struct ipa_opt_pass_d pass_ipa = {
34348 ++ .pass = {
34349 ++ .type = SIMPLE_IPA_PASS,
34350 ++ .name = "size_overflow",
34351 ++#if BUILDING_GCC_VERSION >= 4008
34352 ++ .optinfo_flags = OPTGROUP_NONE,
34353 ++#endif
34354 ++ .gate = NULL,
34355 ++ .execute = search_function,
34356 ++ .sub = NULL,
34357 ++ .next = NULL,
34358 ++ .static_pass_number = 0,
34359 ++ .tv_id = TV_NONE,
34360 ++ .properties_required = 0,
34361 ++ .properties_provided = 0,
34362 ++ .properties_destroyed = 0,
34363 ++ .todo_flags_start = 0,
34364 ++ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_remove_unused_locals | TODO_ggc_collect | TODO_verify_flow | TODO_dump_cgraph | TODO_dump_func | TODO_update_ssa_no_phi,
34365 ++ },
34366 ++ .generate_summary = NULL,
34367 ++ .write_summary = NULL,
34368 ++ .read_summary = NULL,
34369 ++#if BUILDING_GCC_VERSION >= 4006
34370 ++ .write_optimization_summary = NULL,
34371 ++ .read_optimization_summary = NULL,
34372 ++#endif
34373 ++ .stmt_fixup = NULL,
34374 ++ .function_transform_todo_flags_start = 0,
34375 ++ .function_transform = NULL,
34376 ++ .variable_transform = NULL,
34377 ++};
34378 ++
34379 ++// data for the size_overflow asm stmt
34380 ++struct asm_data {
34381 ++ gimple def_stmt;
34382 ++ tree input;
34383 ++ tree output;
34384 ++};
34385 ++
34386 ++#if BUILDING_GCC_VERSION <= 4007
34387 ++static VEC(tree, gc) *create_asm_io_list(tree string, tree io)
34388 ++#else
34389 ++static vec<tree, va_gc> *create_asm_io_list(tree string, tree io)
34390 ++#endif
34391 +{
34392 -+ gimple_return_set_retval(stmt, get_new_tree(stmt, orig_ret, new_ret));
34393 -+ update_stmt(stmt);
34394 ++ tree list;
34395 ++#if BUILDING_GCC_VERSION <= 4007
34396 ++ VEC(tree, gc) *vec_list = NULL;
34397 ++#else
34398 ++ vec<tree, va_gc> *vec_list = NULL;
34399 ++#endif
34400 ++
34401 ++ list = build_tree_list(NULL_TREE, string);
34402 ++ list = chainon(NULL_TREE, build_tree_list(list, io));
34403 ++#if BUILDING_GCC_VERSION <= 4007
34404 ++ VEC_safe_push(tree, gc, vec_list, list);
34405 ++#else
34406 ++ vec_safe_push(vec_list, list);
34407 ++#endif
34408 ++ return vec_list;
34409 +}
34410 +
34411 -+static bool get_function_arg(unsigned int* argnum, const_tree fndecl)
34412 ++static void create_asm_stmt(const char *str, tree str_input, tree str_output, struct asm_data *asm_data)
34413 +{
34414 -+ tree arg;
34415 -+ const_tree origarg;
34416 ++ gimple asm_stmt;
34417 ++ gimple_stmt_iterator gsi;
34418 ++#if BUILDING_GCC_VERSION <= 4007
34419 ++ VEC(tree, gc) *input, *output = NULL;
34420 ++#else
34421 ++ vec<tree, va_gc> *input, *output = NULL;
34422 ++#endif
34423 +
34424 -+ if (!DECL_ABSTRACT_ORIGIN(fndecl))
34425 -+ return true;
34426 ++ input = create_asm_io_list(str_input, asm_data->input);
34427 +
34428 -+ origarg = DECL_ARGUMENTS(DECL_ABSTRACT_ORIGIN(fndecl));
34429 -+ while (origarg && *argnum) {
34430 -+ (*argnum)--;
34431 -+ origarg = TREE_CHAIN(origarg);
34432 -+ }
34433 ++ if (asm_data->output)
34434 ++ output = create_asm_io_list(str_output, asm_data->output);
34435 +
34436 -+ gcc_assert(*argnum == 0);
34437 ++ asm_stmt = gimple_build_asm_vec(str, input, output, NULL, NULL);
34438 ++ gsi = gsi_for_stmt(asm_data->def_stmt);
34439 ++ gsi_insert_after(&gsi, asm_stmt, GSI_NEW_STMT);
34440 +
34441 -+ gcc_assert(origarg != NULL_TREE);
34442 -+ *argnum = 0;
34443 -+ for (arg = DECL_ARGUMENTS(fndecl); arg; arg = TREE_CHAIN(arg), (*argnum)++)
34444 -+ if (operand_equal_p(origarg, arg, 0) || !strcmp(NAME(origarg), NAME(arg)))
34445 -+ return true;
34446 -+ return false;
34447 ++ if (asm_data->output)
34448 ++ SSA_NAME_DEF_STMT(asm_data->output) = asm_stmt;
34449 ++}
34450 ++
34451 ++static void replace_call_lhs(const struct asm_data *asm_data)
34452 ++{
34453 ++ gimple_set_lhs(asm_data->def_stmt, asm_data->input);
34454 ++ update_stmt(asm_data->def_stmt);
34455 ++ SSA_NAME_DEF_STMT(asm_data->input) = asm_data->def_stmt;
34456 +}
34457 +
34458 -+static enum mark walk_phi(struct pointer_set_t *visited, bool *search_err_code, const_tree result)
34459 ++static enum mark search_intentional_phi(struct pointer_set_t *visited, const_tree result)
34460 +{
34461 ++ enum mark cur_fndecl_attr;
34462 + gimple phi = get_def_stmt(result);
34463 + unsigned int i, n = gimple_phi_num_args(phi);
34464 +
34465 -+ if (!phi)
34466 -+ return MARK_NO;
34467 -+
34468 + pointer_set_insert(visited, phi);
34469 + for (i = 0; i < n; i++) {
34470 -+ enum mark marked;
34471 -+ const_tree arg = gimple_phi_arg_def(phi, i);
34472 -+ marked = pre_expand(visited, search_err_code, arg);
34473 -+ if (marked != MARK_NO)
34474 -+ return marked;
34475 ++ tree arg = gimple_phi_arg_def(phi, i);
34476 ++
34477 ++ cur_fndecl_attr = search_intentional(visited, arg);
34478 ++ if (cur_fndecl_attr != MARK_NO)
34479 ++ return cur_fndecl_attr;
34480 + }
34481 + return MARK_NO;
34482 +}
34483 +
34484 -+static enum mark walk_unary_ops(struct pointer_set_t *visited, bool *search_err_code, const_tree lhs)
34485 ++static enum mark search_intentional_binary(struct pointer_set_t *visited, const_tree lhs)
34486 +{
34487 ++ enum mark cur_fndecl_attr;
34488 ++ const_tree rhs1, rhs2;
34489 + gimple def_stmt = get_def_stmt(lhs);
34490 -+ const_tree rhs;
34491 -+
34492 -+ if (!def_stmt)
34493 -+ return MARK_NO;
34494 +
34495 -+ rhs = gimple_assign_rhs1(def_stmt);
34496 -+
34497 -+ def_stmt = get_def_stmt(rhs);
34498 -+ if (is_gimple_constant(rhs))
34499 -+ search_err_code[FROM_CONST] = true;
34500 ++ rhs1 = gimple_assign_rhs1(def_stmt);
34501 ++ rhs2 = gimple_assign_rhs2(def_stmt);
34502 +
34503 -+ return pre_expand(visited, search_err_code, rhs);
34504 ++ cur_fndecl_attr = search_intentional(visited, rhs1);
34505 ++ if (cur_fndecl_attr != MARK_NO)
34506 ++ return cur_fndecl_attr;
34507 ++ return search_intentional(visited, rhs2);
34508 +}
34509 +
34510 -+static enum mark walk_binary_ops(struct pointer_set_t *visited, bool *search_err_code, const_tree lhs)
34511 ++// Look up the intentional_overflow attribute on the caller and the callee functions.
34512 ++static enum mark search_intentional(struct pointer_set_t *visited, const_tree lhs)
34513 +{
34514 -+ gimple def_stmt = get_def_stmt(lhs);
34515 -+ const_tree rhs1, rhs2;
34516 -+ enum mark marked;
34517 ++ const_gimple def_stmt;
34518 +
34519 ++ if (TREE_CODE(lhs) != SSA_NAME)
34520 ++ return get_intentional_attr_type(lhs);
34521 ++
34522 ++ def_stmt = get_def_stmt(lhs);
34523 + if (!def_stmt)
34524 + return MARK_NO;
34525 +
34526 -+ search_err_code[CAST_ONLY] = false;
34527 -+
34528 -+ rhs1 = gimple_assign_rhs1(def_stmt);
34529 -+ rhs2 = gimple_assign_rhs2(def_stmt);
34530 -+ marked = pre_expand(visited, search_err_code, rhs1);
34531 -+ if (marked != MARK_NO)
34532 -+ return marked;
34533 -+ return pre_expand(visited, search_err_code, rhs2);
34534 -+}
34535 -+
34536 -+static const_tree search_field_decl(const_tree comp_ref)
34537 -+{
34538 -+ const_tree field = NULL_TREE;
34539 -+ unsigned int i, len = TREE_OPERAND_LENGTH(comp_ref);
34540 ++ if (pointer_set_contains(visited, def_stmt))
34541 ++ return MARK_NO;
34542 +
34543 -+ for (i = 0; i < len; i++) {
34544 -+ field = TREE_OPERAND(comp_ref, i);
34545 -+ if (TREE_CODE(field) == FIELD_DECL)
34546 -+ break;
34547 ++ switch (gimple_code(def_stmt)) {
34548 ++ case GIMPLE_NOP:
34549 ++ return search_intentional(visited, SSA_NAME_VAR(lhs));
34550 ++ case GIMPLE_ASM:
34551 ++ case GIMPLE_CALL:
34552 ++ return MARK_NO;
34553 ++ case GIMPLE_PHI:
34554 ++ return search_intentional_phi(visited, lhs);
34555 ++ case GIMPLE_ASSIGN:
34556 ++ switch (gimple_num_ops(def_stmt)) {
34557 ++ case 2:
34558 ++ return search_intentional(visited, gimple_assign_rhs1(def_stmt));
34559 ++ case 3:
34560 ++ return search_intentional_binary(visited, lhs);
34561 ++ }
34562 ++ case GIMPLE_RETURN:
34563 ++ return MARK_NO;
34564 ++ default:
34565 ++ debug_gimple_stmt((gimple)def_stmt);
34566 ++ error("%s: unknown gimple code", __func__);
34567 ++ gcc_unreachable();
34568 + }
34569 -+ gcc_assert(TREE_CODE(field) == FIELD_DECL);
34570 -+ return field;
34571 +}
34572 +
34573 -+static enum mark mark_status(const_tree fndecl, unsigned int argnum)
34574 ++// Check the intentional_overflow attribute and create the asm comment string for the size_overflow asm stmt.
34575 ++static const char *check_intentional_attribute_gimple(const_tree arg, const_gimple stmt, unsigned int argnum)
34576 +{
34577 -+ const_tree attr, p;
34578 ++ const_tree fndecl;
34579 ++ const char *asm_str;
34580 ++ struct pointer_set_t *visited;
34581 ++ enum mark cur_fndecl_attr, decl_attr = MARK_NO;
34582 +
34583 -+ // mm/filemap.c D.35286_51 = D.35283_46 (file_10(D), mapping_11, pos_1, D.35273_50, D.35285_49, page.14_48, fsdata.15_47);
34584 -+ if (fndecl == NULL_TREE)
34585 -+ return MARK_NO;
34586 ++ fndecl = get_interesting_orig_fndecl(stmt, argnum);
34587 ++ if (is_end_intentional_intentional_attr(fndecl, argnum))
34588 ++ decl_attr = MARK_NOT_INTENTIONAL;
34589 ++ else if (is_yes_intentional_attr(fndecl, argnum))
34590 ++ decl_attr = MARK_YES;
34591 ++ else if (is_turn_off_intentional_attr(fndecl) || is_turn_off_intentional_attr(DECL_ORIGIN(current_function_decl))) {
34592 ++ return "# size_overflow MARK_TURN_OFF\n\t";
34593 ++ }
34594 +
34595 -+ attr = lookup_attribute("intentional_overflow", DECL_ATTRIBUTES(fndecl));
34596 -+ if (!attr || !TREE_VALUE(attr))
34597 -+ return MARK_NO;
34598 ++ visited = pointer_set_create();
34599 ++ cur_fndecl_attr = search_intentional(visited, arg);
34600 ++ pointer_set_destroy(visited);
34601 +
34602 -+ p = TREE_VALUE(attr);
34603 -+ if (TREE_INT_CST_HIGH(TREE_VALUE(p)) == -1)
34604 -+ return MARK_TURN_OFF;
34605 -+ if (!TREE_INT_CST_LOW(TREE_VALUE(p)))
34606 -+ return MARK_NOT_INTENTIONAL;
34607 -+ if (argnum == 0) {
34608 -+ gcc_assert(current_function_decl == fndecl);
34609 -+ return MARK_NO;
34610 ++ switch (cur_fndecl_attr) {
34611 ++ case MARK_NO:
34612 ++ asm_str = "# size_overflow\n\t";
34613 ++ break;
34614 ++ case MARK_TURN_OFF:
34615 ++ asm_str = "# size_overflow MARK_TURN_OFF\n\t";
34616 ++ break;
34617 ++ default:
34618 ++ asm_str = "# size_overflow MARK_YES\n\t";
34619 ++ print_missing_intentional(decl_attr, cur_fndecl_attr, fndecl, argnum);
34620 ++ break;
34621 + }
34622 +
34623 -+ do {
34624 -+ if (argnum == TREE_INT_CST_LOW(TREE_VALUE(p)))
34625 -+ return MARK_YES;
34626 -+ p = TREE_CHAIN(p);
34627 -+ } while (p);
34628 -+
34629 -+ return MARK_NO;
34630 ++ return asm_str;
34631 +}
34632 +
34633 -+static void print_missing_msg(tree func, unsigned int argnum)
34634 ++static void check_missing_size_overflow_attribute(tree var)
34635 +{
34636 -+ unsigned int new_hash;
34637 -+ size_t len;
34638 -+ unsigned char tree_codes[CODES_LIMIT];
34639 -+ location_t loc;
34640 -+ const char *curfunc;
34641 ++ tree orig_fndecl;
34642 ++ unsigned int num;
34643 ++
34644 ++ if (is_a_return_check(var))
34645 ++ orig_fndecl = DECL_ORIGIN(var);
34646 ++ else
34647 ++ orig_fndecl = DECL_ORIGIN(current_function_decl);
34648 +
34649 -+ func = get_original_function_decl(func);
34650 -+ loc = DECL_SOURCE_LOCATION(func);
34651 -+ curfunc = get_asm_name(func);
34652 ++ num = get_function_num(var, orig_fndecl);
34653 ++ if (num == CANNOT_FIND_ARG)
34654 ++ return;
34655 +
34656 -+ len = get_function_decl(func, tree_codes);
34657 -+ new_hash = get_hash_num(curfunc, (const char *) tree_codes, len, 0);
34658 -+ inform(loc, "Function %s is missing from the size_overflow hash table +%s+%u+%u+", curfunc, curfunc, argnum, new_hash);
34659 ++ is_missing_function(orig_fndecl, num);
34660 +}
34661 +
34662 -+static unsigned int search_missing_attribute(const_tree arg)
34663 ++static void search_size_overflow_attribute_phi(struct pointer_set_t *visited, const_tree result)
34664 +{
34665 -+ unsigned int argnum;
34666 -+ const struct size_overflow_hash *hash;
34667 -+ const_tree type = TREE_TYPE(arg);
34668 -+ tree func = get_original_function_decl(current_function_decl);
34669 -+
34670 -+ gcc_assert(TREE_CODE(arg) != COMPONENT_REF);
34671 -+
34672 -+ if (TREE_CODE(type) == POINTER_TYPE)
34673 -+ return 0;
34674 -+
34675 -+ argnum = find_arg_number(arg, func);
34676 -+ if (argnum == 0)
34677 -+ return 0;
34678 ++ gimple phi = get_def_stmt(result);
34679 ++ unsigned int i, n = gimple_phi_num_args(phi);
34680 +
34681 -+ if (lookup_attribute("size_overflow", DECL_ATTRIBUTES(func)))
34682 -+ return argnum;
34683 ++ pointer_set_insert(visited, phi);
34684 ++ for (i = 0; i < n; i++) {
34685 ++ tree arg = gimple_phi_arg_def(phi, i);
34686 +
34687 -+ hash = get_function_hash(func);
34688 -+ if (!hash || !(hash->param & (1U << argnum))) {
34689 -+ print_missing_msg(func, argnum);
34690 -+ return 0;
34691 ++ search_size_overflow_attribute(visited, arg);
34692 + }
34693 -+ return argnum;
34694 +}
34695 +
34696 -+static enum mark is_already_marked(const_tree lhs)
34697 ++static void search_size_overflow_attribute_binary(struct pointer_set_t *visited, const_tree lhs)
34698 +{
34699 -+ unsigned int argnum;
34700 -+ const_tree fndecl;
34701 ++ const_gimple def_stmt = get_def_stmt(lhs);
34702 ++ tree rhs1, rhs2;
34703 +
34704 -+ argnum = search_missing_attribute(lhs);
34705 -+ fndecl = get_original_function_decl(current_function_decl);
34706 -+ if (argnum && mark_status(fndecl, argnum) == MARK_YES)
34707 -+ return MARK_YES;
34708 -+ return MARK_NO;
34709 ++ rhs1 = gimple_assign_rhs1(def_stmt);
34710 ++ rhs2 = gimple_assign_rhs2(def_stmt);
34711 ++
34712 ++ search_size_overflow_attribute(visited, rhs1);
34713 ++ search_size_overflow_attribute(visited, rhs2);
34714 +}
34715 +
34716 -+static enum mark pre_expand(struct pointer_set_t *visited, bool *search_err_code, const_tree lhs)
34717 ++static void search_size_overflow_attribute(struct pointer_set_t *visited, tree lhs)
34718 +{
34719 + const_gimple def_stmt;
34720 +
34721 -+ if (skip_types(lhs))
34722 -+ return MARK_NO;
34723 -+
34724 -+ if (TREE_CODE(lhs) == PARM_DECL)
34725 -+ return is_already_marked(lhs);
34726 -+
34727 -+ if (TREE_CODE(lhs) == COMPONENT_REF) {
34728 -+ const_tree field, attr;
34729 -+
34730 -+ field = search_field_decl(lhs);
34731 -+ attr = lookup_attribute("intentional_overflow", DECL_ATTRIBUTES(field));
34732 -+ if (!attr || !TREE_VALUE(attr))
34733 -+ return MARK_NO;
34734 -+ return MARK_YES;
34735 ++ if (TREE_CODE(lhs) == PARM_DECL) {
34736 ++ check_missing_size_overflow_attribute(lhs);
34737 ++ return;
34738 + }
34739 +
34740 + def_stmt = get_def_stmt(lhs);
34741 -+
34742 + if (!def_stmt)
34743 -+ return MARK_NO;
34744 ++ return;
34745 +
34746 -+ if (pointer_set_contains(visited, def_stmt))
34747 -+ return MARK_NO;
34748 ++ if (pointer_set_insert(visited, def_stmt))
34749 ++ return;
34750 +
34751 + switch (gimple_code(def_stmt)) {
34752 + case GIMPLE_NOP:
34753 -+ if (TREE_CODE(SSA_NAME_VAR(lhs)) == PARM_DECL)
34754 -+ return is_already_marked(lhs);
34755 -+ return MARK_NO;
34756 -+ case GIMPLE_PHI:
34757 -+ return walk_phi(visited, search_err_code, lhs);
34758 -+ case GIMPLE_CALL:
34759 -+ if (mark_status((gimple_call_fndecl(def_stmt)), 0) == MARK_TURN_OFF)
34760 -+ return MARK_TURN_OFF;
34761 -+ check_function_hash(def_stmt);
34762 -+ return MARK_NO;
34763 ++ return search_size_overflow_attribute(visited, SSA_NAME_VAR(lhs));
34764 + case GIMPLE_ASM:
34765 -+ search_err_code[CAST_ONLY] = false;
34766 -+ return MARK_NO;
34767 ++ return;
34768 ++ case GIMPLE_CALL: {
34769 ++ tree fndecl = gimple_call_fndecl(def_stmt);
34770 ++
34771 ++ if (fndecl == NULL_TREE)
34772 ++ return;
34773 ++ check_missing_size_overflow_attribute(fndecl);
34774 ++ return;
34775 ++ }
34776 ++ case GIMPLE_PHI:
34777 ++ return search_size_overflow_attribute_phi(visited, lhs);
34778 + case GIMPLE_ASSIGN:
34779 + switch (gimple_num_ops(def_stmt)) {
34780 + case 2:
34781 -+ return walk_unary_ops(visited, search_err_code, lhs);
34782 ++ return search_size_overflow_attribute(visited, gimple_assign_rhs1(def_stmt));
34783 + case 3:
34784 -+ return walk_binary_ops(visited, search_err_code, lhs);
34785 ++ return search_size_overflow_attribute_binary(visited, lhs);
34786 + }
34787 + default:
34788 + debug_gimple_stmt((gimple)def_stmt);
34789 @@ -110788,220 +114123,298 @@ index 0000000..03d0c84
34790 + }
34791 +}
34792 +
34793 -+// e.g., 3.8.2, 64, arch/x86/ia32/ia32_signal.c copy_siginfo_from_user32(): compat_ptr() u32 max
34794 -+static bool skip_asm(const_tree arg)
34795 ++// Search missing entries in the hash table (invoked from the gimple pass)
34796 ++static void search_missing_size_overflow_attribute_gimple(const_gimple stmt, unsigned int num)
34797 +{
34798 -+ gimple def_stmt = get_def_stmt(arg);
34799 ++ tree fndecl = NULL_TREE;
34800 ++ tree lhs;
34801 ++ struct pointer_set_t *visited;
34802 +
34803 -+ if (!def_stmt || !gimple_assign_cast_p(def_stmt))
34804 -+ return false;
34805 ++ if (is_turn_off_intentional_attr(DECL_ORIGIN(current_function_decl)))
34806 ++ return;
34807 +
34808 -+ def_stmt = get_def_stmt(gimple_assign_rhs1(def_stmt));
34809 -+ return def_stmt && gimple_code(def_stmt) == GIMPLE_ASM;
34810 -+}
34811 ++ if (num == 0) {
34812 ++ gcc_assert(gimple_code(stmt) == GIMPLE_RETURN);
34813 ++ lhs = gimple_return_retval(stmt);
34814 ++ } else {
34815 ++ gcc_assert(is_gimple_call(stmt));
34816 ++ lhs = gimple_call_arg(stmt, num - 1);
34817 ++ fndecl = gimple_call_fndecl(stmt);
34818 ++ }
34819 +
34820 -+/*
34821 -+0</MARK_YES: no dup, search attributes (so, int)
34822 -+0/MARK_NOT_INTENTIONAL: no dup, search attribute (int)
34823 -+-1/MARK_TURN_OFF: no dup, no search, current_function_decl -> no dup
34824 -+*/
34825 ++ if (fndecl != NULL_TREE && is_turn_off_intentional_attr(DECL_ORIGIN(fndecl)))
34826 ++ return;
34827 +
34828 -+static bool search_attributes(tree fndecl, const_tree arg, unsigned int argnum, bool where)
34829 -+{
34830 -+ struct pointer_set_t *visited;
34831 -+ enum mark is_marked, is_found;
34832 -+ location_t loc;
34833 -+ bool search_err_code[2] = {true, false};
34834 ++ visited = pointer_set_create();
34835 ++ search_size_overflow_attribute(visited, lhs);
34836 ++ pointer_set_destroy(visited);
34837 ++}
34838 +
34839 -+ is_marked = mark_status(current_function_decl, 0);
34840 -+ if (is_marked == MARK_TURN_OFF)
34841 -+ return true;
34842 ++static void create_output_from_phi(gimple stmt, unsigned int argnum, struct asm_data *asm_data)
34843 ++{
34844 ++ gimple_stmt_iterator gsi;
34845 ++ gimple assign;
34846 +
34847 -+ is_marked = mark_status(fndecl, argnum + 1);
34848 -+ if (is_marked == MARK_TURN_OFF || is_marked == MARK_NOT_INTENTIONAL)
34849 -+ return true;
34850 ++ assign = gimple_build_assign(asm_data->input, asm_data->output);
34851 ++ gsi = gsi_for_stmt(stmt);
34852 ++ gsi_insert_before(&gsi, assign, GSI_NEW_STMT);
34853 ++ asm_data->def_stmt = assign;
34854 +
34855 -+ visited = pointer_set_create();
34856 -+ is_found = pre_expand(visited, search_err_code, arg);
34857 -+ pointer_set_destroy(visited);
34858 ++ asm_data->output = create_new_var(TREE_TYPE(asm_data->output));
34859 ++ asm_data->output = make_ssa_name(asm_data->output, stmt);
34860 ++ if (gimple_code(stmt) == GIMPLE_RETURN)
34861 ++ gimple_return_set_retval(stmt, asm_data->output);
34862 ++ else
34863 ++ gimple_call_set_arg(stmt, argnum - 1, asm_data->output);
34864 ++ update_stmt(stmt);
34865 ++}
34866 +
34867 -+ if (where == FROM_RET && search_err_code[CAST_ONLY] && search_err_code[FROM_CONST])
34868 -+ return true;
34869 ++/* Create the input of the size_overflow asm stmt.
34870 ++ * When the arg of the callee function is a parm_decl it creates this kind of size_overflow asm stmt:
34871 ++ * __asm__("# size_overflow MARK_YES" : : "rm" size_1(D));
34872 ++ * The input field in asm_data will be empty if there is no need for further size_overflow asm stmt insertion.
34873 ++ * otherwise create the input (for a phi stmt the output too) of the asm stmt.
34874 ++ */
34875 ++static void create_asm_input(gimple stmt, unsigned int argnum, struct asm_data *asm_data)
34876 ++{
34877 ++ if (!asm_data->def_stmt) {
34878 ++ asm_data->input = NULL_TREE;
34879 ++ return;
34880 ++ }
34881 +
34882 -+ if (where == FROM_ARG && skip_asm(arg))
34883 -+ return true;
34884 ++ asm_data->input = create_new_var(TREE_TYPE(asm_data->output));
34885 ++ asm_data->input = make_ssa_name(asm_data->input, asm_data->def_stmt);
34886 +
34887 -+ if (is_found == MARK_TURN_OFF)
34888 -+ return true;
34889 ++ switch (gimple_code(asm_data->def_stmt)) {
34890 ++ case GIMPLE_ASSIGN:
34891 ++ case GIMPLE_CALL:
34892 ++ replace_call_lhs(asm_data);
34893 ++ break;
34894 ++ case GIMPLE_PHI:
34895 ++ create_output_from_phi(stmt, argnum, asm_data);
34896 ++ break;
34897 ++ case GIMPLE_NOP: {
34898 ++ const char *str = check_intentional_attribute_gimple(asm_data->output, stmt, argnum);
34899 +
34900 -+ if ((is_found == MARK_YES && is_marked == MARK_YES))
34901 -+ return true;
34902 ++ asm_data->input = asm_data->output;
34903 ++ asm_data->output = NULL;
34904 ++ asm_data->def_stmt = stmt;
34905 +
34906 -+ if (is_found == MARK_YES) {
34907 -+ loc = DECL_SOURCE_LOCATION(fndecl);
34908 -+ inform(loc, "The intentional_overflow attribute is missing from +%s+%u+", get_asm_name(fndecl), argnum + 1);
34909 -+ return true;
34910 ++ create_asm_stmt(str, build_string(2, "rm"), NULL, asm_data);
34911 ++ asm_data->input = NULL_TREE;
34912 ++ break;
34913 ++ }
34914 ++ case GIMPLE_ASM:
34915 ++ if (is_size_overflow_asm(asm_data->def_stmt)) {
34916 ++ asm_data->input = NULL_TREE;
34917 ++ break;
34918 ++ }
34919 ++ default:
34920 ++ debug_gimple_stmt(asm_data->def_stmt);
34921 ++ gcc_unreachable();
34922 + }
34923 -+ return false;
34924 +}
34925 +
34926 -+static void handle_function_arg(gimple stmt, tree fndecl, unsigned int argnum)
34927 ++/* This is the gimple part of searching for a missing size_overflow attribute. If the intentional_overflow attribute type
34928 ++ * is of the right kind create the appropriate size_overflow asm stmts:
34929 ++ * __asm__("# size_overflow" : =rm" D.3344_8 : "0" cicus.4_16);
34930 ++ * __asm__("# size_overflow MARK_YES" : : "rm" size_1(D));
34931 ++ */
34932 ++static void create_size_overflow_asm(gimple stmt, tree output_node, unsigned int argnum)
34933 +{
34934 -+ struct pointer_set_t *visited;
34935 -+ tree arg, new_arg;
34936 -+ bool match;
34937 ++ struct asm_data asm_data;
34938 ++ const char *str;
34939 +
34940 -+ if (argnum == 0)
34941 ++ if (is_gimple_constant(output_node))
34942 + return;
34943 +
34944 -+ argnum--;
34945 ++ search_missing_size_overflow_attribute_gimple(stmt, argnum);
34946 +
34947 -+ match = get_function_arg(&argnum, fndecl);
34948 -+ if (!match)
34949 -+ return;
34950 -+ gcc_assert(gimple_call_num_args(stmt) > argnum);
34951 -+ arg = gimple_call_arg(stmt, argnum);
34952 -+ if (arg == NULL_TREE)
34953 ++ asm_data.output = output_node;
34954 ++ asm_data.def_stmt = get_def_stmt(asm_data.output);
34955 ++ create_asm_input(stmt, argnum, &asm_data);
34956 ++ if (asm_data.input == NULL_TREE)
34957 + return;
34958 +
34959 -+ if (skip_types(arg))
34960 -+ return;
34961 ++ str = check_intentional_attribute_gimple(asm_data.output, stmt, argnum);
34962 ++ create_asm_stmt(str, build_string(1, "0"), build_string(3, "=rm"), &asm_data);
34963 ++}
34964 +
34965 -+ if (search_attributes(fndecl, arg, argnum, FROM_ARG))
34966 -+ return;
34967 ++// Determine the return value and insert the asm stmt to mark the return stmt.
34968 ++static void insert_asm_ret(gimple stmt)
34969 ++{
34970 ++ tree ret;
34971 +
34972 -+ visited = pointer_set_create();
34973 -+ new_arg = expand(visited, arg);
34974 -+ pointer_set_destroy(visited);
34975 ++ ret = gimple_return_retval(stmt);
34976 ++ create_size_overflow_asm(stmt, ret, 0);
34977 ++}
34978 ++
34979 ++// Determine the correct arg index and arg and insert the asm stmt to mark the stmt.
34980 ++static void insert_asm_arg(gimple stmt, unsigned int orig_argnum)
34981 ++{
34982 ++ tree arg;
34983 ++ unsigned int argnum;
34984 +
34985 -+ if (new_arg == NULL_TREE)
34986 ++ argnum = get_correct_arg_count(orig_argnum, gimple_call_fndecl(stmt));
34987 ++ gcc_assert(argnum != 0);
34988 ++ if (argnum == CANNOT_FIND_ARG)
34989 + return;
34990 +
34991 -+ change_function_arg(stmt, arg, argnum, new_arg);
34992 -+ check_size_overflow(stmt, TREE_TYPE(new_arg), new_arg, arg, BEFORE_STMT);
34993 ++ arg = gimple_call_arg(stmt, argnum - 1);
34994 ++ gcc_assert(arg != NULL_TREE);
34995 ++ create_size_overflow_asm(stmt, arg, argnum);
34996 +}
34997 +
34998 -+static void handle_function_by_attribute(gimple stmt, const_tree attr, tree fndecl)
34999 ++// If a function arg or the return value is marked by the size_overflow attribute then set its index in the array.
35000 ++static void set_argnum_attribute(const_tree attr, bool *argnums)
35001 +{
35002 -+ tree p = TREE_VALUE(attr);
35003 -+ do {
35004 -+ handle_function_arg(stmt, fndecl, TREE_INT_CST_LOW(TREE_VALUE(p)));
35005 -+ p = TREE_CHAIN(p);
35006 -+ } while (p);
35007 ++ unsigned int argnum;
35008 ++ tree attr_value;
35009 ++
35010 ++ for (attr_value = TREE_VALUE(attr); attr_value; attr_value = TREE_CHAIN(attr_value)) {
35011 ++ argnum = TREE_INT_CST_LOW(TREE_VALUE(attr_value));
35012 ++ argnums[argnum] = true;
35013 ++ }
35014 +}
35015 +
35016 -+static void handle_function_by_hash(gimple stmt, tree fndecl)
35017 ++// If a function arg or the return value is in the hash table then set its index in the array.
35018 ++static void set_argnum_hash(tree fndecl, bool *argnums)
35019 +{
35020 + unsigned int num;
35021 + const struct size_overflow_hash *hash;
35022 +
35023 -+ hash = get_function_hash(fndecl);
35024 ++ hash = get_function_hash(DECL_ORIGIN(fndecl));
35025 + if (!hash)
35026 + return;
35027 +
35028 -+ for (num = 0; num <= MAX_PARAM; num++)
35029 -+ if (hash->param & (1U << num))
35030 -+ handle_function_arg(stmt, fndecl, num);
35031 ++ for (num = 0; num <= MAX_PARAM; num++) {
35032 ++ if (!(hash->param & (1U << num)))
35033 ++ continue;
35034 ++
35035 ++ argnums[num] = true;
35036 ++ }
35037 +}
35038 +
35039 -+static bool check_return_value(void)
35040 ++static bool is_all_the_argnums_empty(bool *argnums)
35041 +{
35042 -+ const struct size_overflow_hash *hash;
35043 -+
35044 -+ hash = get_function_hash(current_function_decl);
35045 -+ if (!hash || !(hash->param & 1U << 0))
35046 -+ return false;
35047 ++ unsigned int i;
35048 +
35049 ++ for (i = 0; i <= MAX_PARAM; i++)
35050 ++ if (argnums[i])
35051 ++ return false;
35052 + return true;
35053 +}
35054 +
35055 -+static void handle_return_value(gimple ret_stmt)
35056 ++// Check whether the arguments or the return value of the function are in the hash table or are marked by the size_overflow attribute.
35057 ++static void search_interesting_args(tree fndecl, bool *argnums)
35058 +{
35059 -+ struct pointer_set_t *visited;
35060 -+ tree ret, new_ret;
35061 ++ const_tree attr;
35062 +
35063 -+ if (gimple_code(ret_stmt) != GIMPLE_RETURN)
35064 ++ set_argnum_hash(fndecl, argnums);
35065 ++ if (!is_all_the_argnums_empty(argnums))
35066 + return;
35067 +
35068 -+ ret = gimple_return_retval(ret_stmt);
35069 ++ attr = lookup_attribute("size_overflow", DECL_ATTRIBUTES(fndecl));
35070 ++ if (attr && TREE_VALUE(attr))
35071 ++ set_argnum_attribute(attr, argnums);
35072 ++}
35073 +
35074 -+ if (skip_types(ret))
35075 -+ return;
35076 ++/*
35077 ++ * Look up the intentional_overflow attribute that turns off ipa based duplication
35078 ++ * on the callee function, if found insert an asm stmt with "MARK_TURN_OFF".
35079 ++ */
35080 ++static bool create_mark_turn_off_asm(gimple stmt)
35081 ++{
35082 ++ enum mark mark;
35083 ++ struct asm_data asm_data;
35084 ++ const_tree fndecl = gimple_call_fndecl(stmt);
35085 +
35086 -+ if (search_attributes(current_function_decl, ret, 0, FROM_RET))
35087 -+ return;
35088 ++ mark = get_intentional_attr_type(DECL_ORIGIN(fndecl));
35089 ++ if (mark != MARK_TURN_OFF)
35090 ++ return false;
35091 +
35092 -+ visited = pointer_set_create();
35093 -+ new_ret = expand(visited, ret);
35094 -+ pointer_set_destroy(visited);
35095 ++ asm_data.input = gimple_call_lhs(stmt);
35096 ++ if (asm_data.input == NULL_TREE) {
35097 ++ asm_data.input = gimple_call_arg(stmt, 0);
35098 ++ if (is_gimple_constant(asm_data.input))
35099 ++ return false;
35100 ++ }
35101 +
35102 -+ change_function_return(ret_stmt, ret, new_ret);
35103 -+ check_size_overflow(ret_stmt, TREE_TYPE(new_ret), new_ret, ret, BEFORE_STMT);
35104 ++ asm_data.output = NULL;
35105 ++ asm_data.def_stmt = stmt;
35106 ++ create_asm_stmt("# size_overflow MARK_TURN_OFF\n\t", build_string(2, "rm"), NULL, &asm_data);
35107 ++ return true;
35108 +}
35109 +
35110 -+static void set_plf_false(void)
35111 ++// If the argument(s) of the callee function is/are in the hash table or are marked by an attribute then mark the call stmt with an asm stmt
35112 ++static void handle_interesting_function(gimple stmt)
35113 +{
35114 -+ basic_block bb;
35115 ++ unsigned int argnum;
35116 ++ tree fndecl;
35117 ++ bool orig_argnums[MAX_PARAM + 1] = {false};
35118 +
35119 -+ FOR_ALL_BB(bb) {
35120 -+ gimple_stmt_iterator si;
35121 ++ if (gimple_call_num_args(stmt) == 0)
35122 ++ return;
35123 ++ fndecl = gimple_call_fndecl(stmt);
35124 ++ if (fndecl == NULL_TREE)
35125 ++ return;
35126 ++ fndecl = DECL_ORIGIN(fndecl);
35127 +
35128 -+ for (si = gsi_start_bb(bb); !gsi_end_p(si); gsi_next(&si))
35129 -+ gimple_set_plf(gsi_stmt(si), MY_STMT, false);
35130 -+ for (si = gsi_start_phis(bb); !gsi_end_p(si); gsi_next(&si))
35131 -+ gimple_set_plf(gsi_stmt(si), MY_STMT, false);
35132 -+ }
35133 ++ if (create_mark_turn_off_asm(stmt))
35134 ++ return;
35135 ++
35136 ++ search_interesting_args(fndecl, orig_argnums);
35137 ++
35138 ++ for (argnum = 1; argnum < MAX_PARAM; argnum++)
35139 ++ if (orig_argnums[argnum])
35140 ++ insert_asm_arg(stmt, argnum);
35141 +}
35142 +
35143 -+static unsigned int handle_function(void)
35144 ++// If the return value of the caller function is in hash table (its index is 0) then mark the return stmt with an asm stmt
35145 ++static void handle_interesting_ret(gimple stmt)
35146 +{
35147 -+ basic_block next, bb = ENTRY_BLOCK_PTR->next_bb;
35148 -+ bool check_ret;
35149 ++ bool orig_argnums[MAX_PARAM + 1] = {false};
35150 +
35151 -+ set_plf_false();
35152 ++ search_interesting_args(current_function_decl, orig_argnums);
35153 +
35154 -+ check_ret = check_return_value();
35155 ++ if (orig_argnums[0])
35156 ++ insert_asm_ret(stmt);
35157 ++}
35158 +
35159 -+ do {
35160 ++// Iterate over all the stmts and search for call and return stmts and mark them if they're in the hash table
35161 ++static unsigned int search_interesting_functions(void)
35162 ++{
35163 ++ basic_block bb;
35164 ++
35165 ++ FOR_ALL_BB(bb) {
35166 + gimple_stmt_iterator gsi;
35167 -+ next = bb->next_bb;
35168 +
35169 + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
35170 -+ tree fndecl, attr;
35171 + gimple stmt = gsi_stmt(gsi);
35172 +
35173 -+ if (check_ret)
35174 -+ handle_return_value(stmt);
35175 -+
35176 -+ if (!(is_gimple_call(stmt)))
35177 -+ continue;
35178 -+ fndecl = gimple_call_fndecl(stmt);
35179 -+ if (fndecl == NULL_TREE)
35180 -+ continue;
35181 -+ if (gimple_call_num_args(stmt) == 0)
35182 -+ continue;
35183 -+ attr = lookup_attribute("size_overflow", DECL_ATTRIBUTES(fndecl));
35184 -+ if (!attr || !TREE_VALUE(attr))
35185 -+ handle_function_by_hash(stmt, fndecl);
35186 -+ else
35187 -+ handle_function_by_attribute(stmt, attr, fndecl);
35188 -+ gsi = gsi_for_stmt(stmt);
35189 -+ next = gimple_bb(stmt)->next_bb;
35190 ++ if (is_gimple_call(stmt))
35191 ++ handle_interesting_function(stmt);
35192 ++ else if (gimple_code(stmt) == GIMPLE_RETURN)
35193 ++ handle_interesting_ret(stmt);
35194 + }
35195 -+ bb = next;
35196 -+ } while (bb);
35197 ++ }
35198 + return 0;
35199 +}
35200 +
35201 -+static struct gimple_opt_pass size_overflow_pass = {
35202 ++/*
35203 ++ * A lot of functions get inlined before the ipa passes so after the build_ssa gimple pass
35204 ++ * this pass inserts asm stmts to mark the interesting args
35205 ++ * that the ipa pass will detect and insert the size overflow checks for.
35206 ++ */
35207 ++static struct gimple_opt_pass insert_size_overflow_asm_pass = {
35208 + .pass = {
35209 + .type = GIMPLE_PASS,
35210 -+ .name = "size_overflow",
35211 ++ .name = "insert_size_overflow_asm",
35212 +#if BUILDING_GCC_VERSION >= 4008
35213 + .optinfo_flags = OPTGROUP_NONE,
35214 +#endif
35215 + .gate = NULL,
35216 -+ .execute = handle_function,
35217 ++ .execute = search_interesting_functions,
35218 + .sub = NULL,
35219 + .next = NULL,
35220 + .static_pass_number = 0,
35221 @@ -111014,6 +114427,7 @@ index 0000000..03d0c84
35222 + }
35223 +};
35224 +
35225 ++// Create the noreturn report_size_overflow() function decl.
35226 +static void start_unit_callback(void __unused *gcc_data, void __unused *user_data)
35227 +{
35228 + tree fntype;
35229 @@ -111036,6 +114450,77 @@ index 0000000..03d0c84
35230 + TREE_THIS_VOLATILE(report_size_overflow_decl) = 1;
35231 +}
35232 +
35233 ++static unsigned int dump_functions(void)
35234 ++{
35235 ++ struct cgraph_node *node;
35236 ++
35237 ++ FOR_EACH_FUNCTION_WITH_GIMPLE_BODY(node) {
35238 ++ basic_block bb;
35239 ++
35240 ++#if BUILDING_GCC_VERSION <= 4007
35241 ++ push_cfun(DECL_STRUCT_FUNCTION(node->decl));
35242 ++ current_function_decl = node->decl;
35243 ++#else
35244 ++ push_cfun(DECL_STRUCT_FUNCTION(node->symbol.decl));
35245 ++ current_function_decl = node->symbol.decl;
35246 ++#endif
35247 ++
35248 ++ fprintf(stderr, "-----------------------------------------\n%s\n-----------------------------------------\n", NAME(current_function_decl));
35249 ++
35250 ++ FOR_ALL_BB(bb) {
35251 ++ gimple_stmt_iterator si;
35252 ++
35253 ++ fprintf(stderr, "<bb %u>:\n", bb->index);
35254 ++ for (si = gsi_start_phis(bb); !gsi_end_p(si); gsi_next(&si))
35255 ++ debug_gimple_stmt(gsi_stmt(si));
35256 ++ for (si = gsi_start_bb(bb); !gsi_end_p(si); gsi_next(&si))
35257 ++ debug_gimple_stmt(gsi_stmt(si));
35258 ++ fprintf(stderr, "\n");
35259 ++ }
35260 ++
35261 ++ fprintf(stderr, "-------------------------------------------------------------------------\n");
35262 ++
35263 ++ pop_cfun();
35264 ++ current_function_decl = NULL_TREE;
35265 ++ }
35266 ++
35267 ++ fprintf(stderr, "###############################################################################\n");
35268 ++
35269 ++ return 0;
35270 ++}
35271 ++
35272 ++static struct ipa_opt_pass_d pass_dump = {
35273 ++ .pass = {
35274 ++ .type = SIMPLE_IPA_PASS,
35275 ++ .name = "dump",
35276 ++#if BUILDING_GCC_VERSION >= 4008
35277 ++ .optinfo_flags = OPTGROUP_NONE,
35278 ++#endif
35279 ++ .gate = NULL,
35280 ++ .execute = dump_functions,
35281 ++ .sub = NULL,
35282 ++ .next = NULL,
35283 ++ .static_pass_number = 0,
35284 ++ .tv_id = TV_NONE,
35285 ++ .properties_required = 0,
35286 ++ .properties_provided = 0,
35287 ++ .properties_destroyed = 0,
35288 ++ .todo_flags_start = 0,
35289 ++ .todo_flags_finish = 0,
35290 ++ },
35291 ++ .generate_summary = NULL,
35292 ++ .write_summary = NULL,
35293 ++ .read_summary = NULL,
35294 ++#if BUILDING_GCC_VERSION >= 4006
35295 ++ .write_optimization_summary = NULL,
35296 ++ .read_optimization_summary = NULL,
35297 ++#endif
35298 ++ .stmt_fixup = NULL,
35299 ++ .function_transform_todo_flags_start = 0,
35300 ++ .function_transform = NULL,
35301 ++ .variable_transform = NULL,
35302 ++};
35303 ++
35304 +int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
35305 +{
35306 + int i;
35307 @@ -111044,13 +114529,34 @@ index 0000000..03d0c84
35308 + const struct plugin_argument * const argv = plugin_info->argv;
35309 + bool enable = true;
35310 +
35311 -+ struct register_pass_info size_overflow_pass_info = {
35312 -+ .pass = &size_overflow_pass.pass,
35313 ++ struct register_pass_info insert_size_overflow_asm_pass_info = {
35314 ++ .pass = &insert_size_overflow_asm_pass.pass,
35315 + .reference_pass_name = "ssa",
35316 + .ref_pass_instance_number = 1,
35317 + .pos_op = PASS_POS_INSERT_AFTER
35318 + };
35319 +
35320 ++ struct register_pass_info __unused dump_before_pass_info = {
35321 ++ .pass = &pass_dump.pass,
35322 ++ .reference_pass_name = "increase_alignment",
35323 ++ .ref_pass_instance_number = 1,
35324 ++ .pos_op = PASS_POS_INSERT_BEFORE
35325 ++ };
35326 ++
35327 ++ struct register_pass_info ipa_pass_info = {
35328 ++ .pass = &pass_ipa.pass,
35329 ++ .reference_pass_name = "increase_alignment",
35330 ++ .ref_pass_instance_number = 1,
35331 ++ .pos_op = PASS_POS_INSERT_BEFORE
35332 ++ };
35333 ++
35334 ++ struct register_pass_info __unused dump_after_pass_info = {
35335 ++ .pass = &pass_dump.pass,
35336 ++ .reference_pass_name = "increase_alignment",
35337 ++ .ref_pass_instance_number = 1,
35338 ++ .pos_op = PASS_POS_INSERT_BEFORE
35339 ++ };
35340 ++
35341 + if (!plugin_default_version_check(version, &gcc_version)) {
35342 + error(G_("incompatible gcc/plugin versions"));
35343 + return 1;
35344 @@ -111067,7 +114573,10 @@ index 0000000..03d0c84
35345 + register_callback(plugin_name, PLUGIN_INFO, NULL, &size_overflow_plugin_info);
35346 + if (enable) {
35347 + register_callback("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL);
35348 -+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &size_overflow_pass_info);
35349 ++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &insert_size_overflow_asm_pass_info);
35350 ++// register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &dump_before_pass_info);
35351 ++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &ipa_pass_info);
35352 ++// register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &dump_after_pass_info);
35353 + }
35354 + register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL);
35355 +
Report Message
Find on MARC Find on Google Groups