1 |
commit: 00426f28651cd1f5b3fd44116c5f09b629d064c2 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Feb 9 15:23:54 2014 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Feb 9 15:23:54 2014 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=00426f28 |
7 |
|
8 |
Grsec/PaX: 3.0-{3.2.54,3.13.2}-201402090002 |
9 |
|
10 |
--- |
11 |
3.13.2/0000_README | 2 +- |
12 |
... 4420_grsecurity-3.0-3.13.2-201402090002.patch} | 39 +- |
13 |
3.2.54/0000_README | 2 +- |
14 |
... 4420_grsecurity-3.0-3.2.54-201402090000.patch} | 3062 ++++++++++++++++++-- |
15 |
3.2.54/4450_grsec-kconfig-default-gids.patch | 12 +- |
16 |
3.2.54/4465_selinux-avc_audit-log-curr_ip.patch | 2 +- |
17 |
3.2.54/4470_disable-compat_vdso.patch | 2 +- |
18 |
7 files changed, 2907 insertions(+), 214 deletions(-) |
19 |
|
20 |
diff --git a/3.13.2/0000_README b/3.13.2/0000_README |
21 |
index 850ef1e..a01567b 100644 |
22 |
--- a/3.13.2/0000_README |
23 |
+++ b/3.13.2/0000_README |
24 |
@@ -2,7 +2,7 @@ README |
25 |
----------------------------------------------------------------------------- |
26 |
Individual Patch Descriptions: |
27 |
----------------------------------------------------------------------------- |
28 |
-Patch: 4420_grsecurity-3.0-3.13.2-201402062224.patch |
29 |
+Patch: 4420_grsecurity-3.0-3.13.2-201402090002.patch |
30 |
From: http://www.grsecurity.net |
31 |
Desc: hardened-sources base patch from upstream grsecurity |
32 |
|
33 |
|
34 |
diff --git a/3.13.2/4420_grsecurity-3.0-3.13.2-201402062224.patch b/3.13.2/4420_grsecurity-3.0-3.13.2-201402090002.patch |
35 |
similarity index 99% |
36 |
rename from 3.13.2/4420_grsecurity-3.0-3.13.2-201402062224.patch |
37 |
rename to 3.13.2/4420_grsecurity-3.0-3.13.2-201402090002.patch |
38 |
index 824a474..76aaa29 100644 |
39 |
--- a/3.13.2/4420_grsecurity-3.0-3.13.2-201402062224.patch |
40 |
+++ b/3.13.2/4420_grsecurity-3.0-3.13.2-201402090002.patch |
41 |
@@ -1,5 +1,5 @@ |
42 |
diff --git a/Documentation/dontdiff b/Documentation/dontdiff |
43 |
-index b89a739..31509cb 100644 |
44 |
+index b89a739..9aa2627 100644 |
45 |
--- a/Documentation/dontdiff |
46 |
+++ b/Documentation/dontdiff |
47 |
@@ -2,9 +2,11 @@ |
48 |
@@ -173,8 +173,8 @@ index b89a739..31509cb 100644 |
49 |
r300_reg_safe.h |
50 |
r420_reg_safe.h |
51 |
r600_reg_safe.h |
52 |
-+randstruct.seed |
53 |
-+randstruct.hashed_seed |
54 |
++randomize_layout_hash.data |
55 |
++randomize_layout_seed.h |
56 |
+realmode.lds |
57 |
+realmode.relocs |
58 |
recordmcount |
59 |
@@ -65436,10 +65436,10 @@ index 0000000..5307c8a |
60 |
+endif |
61 |
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c |
62 |
new file mode 100644 |
63 |
-index 0000000..7232a45 |
64 |
+index 0000000..19a5b7c |
65 |
--- /dev/null |
66 |
+++ b/grsecurity/gracl.c |
67 |
-@@ -0,0 +1,2677 @@ |
68 |
+@@ -0,0 +1,2678 @@ |
69 |
+#include <linux/kernel.h> |
70 |
+#include <linux/module.h> |
71 |
+#include <linux/sched.h> |
72 |
@@ -67923,8 +67923,8 @@ index 0000000..7232a45 |
73 |
+void |
74 |
+gr_acl_handle_psacct(struct task_struct *task, const long code) |
75 |
+{ |
76 |
-+ unsigned long runtime; |
77 |
-+ unsigned long cputime; |
78 |
++ unsigned long runtime, cputime; |
79 |
++ cputime_t utime, stime; |
80 |
+ unsigned int wday, cday; |
81 |
+ __u8 whr, chr; |
82 |
+ __u8 wmin, cmin; |
83 |
@@ -67937,19 +67937,20 @@ index 0000000..7232a45 |
84 |
+ |
85 |
+ do_posix_clock_monotonic_gettime(&timeval); |
86 |
+ runtime = timeval.tv_sec - task->start_time.tv_sec; |
87 |
-+ wday = runtime / (3600 * 24); |
88 |
-+ runtime -= wday * (3600 * 24); |
89 |
-+ whr = runtime / 3600; |
90 |
-+ runtime -= whr * 3600; |
91 |
++ wday = runtime / (60 * 60 * 24); |
92 |
++ runtime -= wday * (60 * 60 * 24); |
93 |
++ whr = runtime / (60 * 60); |
94 |
++ runtime -= whr * (60 * 60); |
95 |
+ wmin = runtime / 60; |
96 |
+ runtime -= wmin * 60; |
97 |
+ wsec = runtime; |
98 |
+ |
99 |
-+ cputime = (task->utime + task->stime) / HZ; |
100 |
-+ cday = cputime / (3600 * 24); |
101 |
-+ cputime -= cday * (3600 * 24); |
102 |
-+ chr = cputime / 3600; |
103 |
-+ cputime -= chr * 3600; |
104 |
++ task_cputime(task, &utime, &stime); |
105 |
++ cputime = cputime_to_secs(utime + stime); |
106 |
++ cday = cputime / (60 * 60 * 24); |
107 |
++ cputime -= cday * (60 * 60 * 24); |
108 |
++ chr = cputime / (60 * 60); |
109 |
++ cputime -= chr * (60 * 60); |
110 |
+ cmin = cputime / 60; |
111 |
+ cputime -= cmin * 60; |
112 |
+ csec = cputime; |
113 |
@@ -103825,13 +103826,13 @@ index 7778b8e..3d619fc 100644 |
114 |
|
115 |
diff --git a/tools/gcc/.gitignore b/tools/gcc/.gitignore |
116 |
new file mode 100644 |
117 |
-index 0000000..8eb55ca |
118 |
+index 0000000..54052c3 |
119 |
--- /dev/null |
120 |
+++ b/tools/gcc/.gitignore |
121 |
@@ -0,0 +1,3 @@ |
122 |
+size_overflow_hash.h |
123 |
-+randstruct.seed |
124 |
-+randstruct.hashed_seed |
125 |
++randomize_layout_seed.h |
126 |
++randomize_layout_hash.data |
127 |
diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile |
128 |
new file mode 100644 |
129 |
index 0000000..51a2ba2 |
130 |
|
131 |
diff --git a/3.2.54/0000_README b/3.2.54/0000_README |
132 |
index 61f72a8..2e1f77c 100644 |
133 |
--- a/3.2.54/0000_README |
134 |
+++ b/3.2.54/0000_README |
135 |
@@ -134,7 +134,7 @@ Patch: 1053_linux-3.2.54.patch |
136 |
From: http://www.kernel.org |
137 |
Desc: Linux 3.2.54 |
138 |
|
139 |
-Patch: 4420_grsecurity-3.0-3.2.54-201402062221.patch |
140 |
+Patch: 4420_grsecurity-3.0-3.2.54-201402090000.patch |
141 |
From: http://www.grsecurity.net |
142 |
Desc: hardened-sources base patch from upstream grsecurity |
143 |
|
144 |
|
145 |
diff --git a/3.2.54/4420_grsecurity-3.0-3.2.54-201402062221.patch b/3.2.54/4420_grsecurity-3.0-3.2.54-201402090000.patch |
146 |
similarity index 97% |
147 |
rename from 3.2.54/4420_grsecurity-3.0-3.2.54-201402062221.patch |
148 |
rename to 3.2.54/4420_grsecurity-3.0-3.2.54-201402090000.patch |
149 |
index 88feed1..f378eea 100644 |
150 |
--- a/3.2.54/4420_grsecurity-3.0-3.2.54-201402062221.patch |
151 |
+++ b/3.2.54/4420_grsecurity-3.0-3.2.54-201402090000.patch |
152 |
@@ -1,5 +1,5 @@ |
153 |
diff --git a/Documentation/dontdiff b/Documentation/dontdiff |
154 |
-index dfa6fc6..be27ac3 100644 |
155 |
+index dfa6fc6..58798e8 100644 |
156 |
--- a/Documentation/dontdiff |
157 |
+++ b/Documentation/dontdiff |
158 |
@@ -2,9 +2,11 @@ |
159 |
@@ -149,15 +149,18 @@ index dfa6fc6..be27ac3 100644 |
160 |
mkprep |
161 |
mkregtable |
162 |
mktables |
163 |
-@@ -209,6 +229,7 @@ r300_reg_safe.h |
164 |
+@@ -208,7 +228,10 @@ r200_reg_safe.h |
165 |
+ r300_reg_safe.h |
166 |
r420_reg_safe.h |
167 |
r600_reg_safe.h |
168 |
++randomize_layout_hash.data |
169 |
++randomize_layout_seed.h |
170 |
recordmcount |
171 |
+regdb.c |
172 |
relocs |
173 |
rlim_names.h |
174 |
rn50_reg_safe.h |
175 |
-@@ -218,7 +239,10 @@ series |
176 |
+@@ -218,7 +241,10 @@ series |
177 |
setup |
178 |
setup.bin |
179 |
setup.elf |
180 |
@@ -168,7 +171,7 @@ index dfa6fc6..be27ac3 100644 |
181 |
sm_tbl* |
182 |
split-include |
183 |
syscalltab.h |
184 |
-@@ -229,6 +253,7 @@ tftpboot.img |
185 |
+@@ -229,6 +255,7 @@ tftpboot.img |
186 |
timeconst.h |
187 |
times.h* |
188 |
trix_boot.h |
189 |
@@ -176,7 +179,7 @@ index dfa6fc6..be27ac3 100644 |
190 |
utsrelease.h* |
191 |
vdso-syms.lds |
192 |
vdso.lds |
193 |
-@@ -246,7 +271,9 @@ vmlinux |
194 |
+@@ -246,7 +273,9 @@ vmlinux |
195 |
vmlinux-* |
196 |
vmlinux.aout |
197 |
vmlinux.bin.all |
198 |
@@ -186,7 +189,7 @@ index dfa6fc6..be27ac3 100644 |
199 |
vmlinuz |
200 |
voffset.h |
201 |
vsyscall.lds |
202 |
-@@ -254,9 +281,12 @@ vsyscall_32.lds |
203 |
+@@ -254,9 +283,12 @@ vsyscall_32.lds |
204 |
wanxlfw.inc |
205 |
uImage |
206 |
unifdef |
207 |
@@ -270,7 +273,7 @@ index 88fd7f5..b318a78 100644 |
208 |
============================================================== |
209 |
|
210 |
diff --git a/Makefile b/Makefile |
211 |
-index 848be26..67efb38f 100644 |
212 |
+index 848be26..a460525 100644 |
213 |
--- a/Makefile |
214 |
+++ b/Makefile |
215 |
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
216 |
@@ -285,7 +288,23 @@ index 848be26..67efb38f 100644 |
217 |
|
218 |
# Decide whether to build built-in, modular, or both. |
219 |
# Normally, just do built-in. |
220 |
-@@ -407,8 +408,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn --exc |
221 |
+@@ -312,9 +313,15 @@ endif |
222 |
+ # If the user is running make -s (silent mode), suppress echoing of |
223 |
+ # commands |
224 |
+ |
225 |
++ifneq ($(filter 4.%,$(MAKE_VERSION)),) # make-4 |
226 |
++ifneq ($(filter %s ,$(firstword x$(MAKEFLAGS))),) |
227 |
++ quiet=silent_ |
228 |
++endif |
229 |
++else # make-3.8x |
230 |
+ ifneq ($(findstring s,$(MAKEFLAGS)),) |
231 |
+ quiet=silent_ |
232 |
+ endif |
233 |
++endif |
234 |
+ |
235 |
+ export quiet Q KBUILD_VERBOSE |
236 |
+ |
237 |
+@@ -407,8 +414,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn --exc |
238 |
# Rules shared between *config targets and build targets |
239 |
|
240 |
# Basic helpers built in scripts/ |
241 |
@@ -296,7 +315,7 @@ index 848be26..67efb38f 100644 |
242 |
$(Q)$(MAKE) $(build)=scripts/basic |
243 |
$(Q)rm -f .tmp_quiet_recordmcount |
244 |
|
245 |
-@@ -564,6 +565,65 @@ else |
246 |
+@@ -564,6 +571,74 @@ else |
247 |
KBUILD_CFLAGS += -O2 |
248 |
endif |
249 |
|
250 |
@@ -322,6 +341,14 @@ index 848be26..67efb38f 100644 |
251 |
+KERNEXEC_PLUGIN_CFLAGS += -fplugin-arg-kernexec_plugin-method=$(CONFIG_PAX_KERNEXEC_PLUGIN_METHOD) -DKERNEXEC_PLUGIN |
252 |
+KERNEXEC_PLUGIN_AFLAGS := -DKERNEXEC_PLUGIN |
253 |
+endif |
254 |
++ifdef CONFIG_GRKERNSEC_RANDSTRUCT |
255 |
++RANDSTRUCT_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/randomize_layout_plugin.so -DRANDSTRUCT_PLUGIN |
256 |
++RANDSTRUCT_HASHED_SEED := $(shell cat "$(objtree)/tools/gcc/randomize_layout_hash.data") |
257 |
++RANDSTRUCT_PLUGIN_CFLAGS += -DRANDSTRUCT_HASHED_SEED="\"$(RANDSTRUCT_HASHED_SEED)\"" |
258 |
++ifdef CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE |
259 |
++RANDSTRUCT_PLUGIN_CFLAGS += -fplugin-arg-randomize_layout_plugin-performance-mode |
260 |
++endif |
261 |
++endif |
262 |
+ifdef CONFIG_CHECKER_PLUGIN |
263 |
+ifeq ($(call cc-ifversion, -ge, 0406, y), y) |
264 |
+CHECKER_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN |
265 |
@@ -340,6 +367,7 @@ index 848be26..67efb38f 100644 |
266 |
+GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS) |
267 |
+GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) |
268 |
+GCC_PLUGINS_CFLAGS += $(SIZE_OVERFLOW_PLUGIN_CFLAGS) $(LATENT_ENTROPY_PLUGIN_CFLAGS) $(STRUCTLEAK_PLUGIN_CFLAGS) |
269 |
++GCC_PLUGINS_CFLAGS += $(RANDSTRUCT_PLUGIN_CFLAGS) |
270 |
+GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS) |
271 |
+export PLUGINCC CONSTIFY_PLUGIN |
272 |
+ifeq ($(KBUILD_EXTMOD),) |
273 |
@@ -362,7 +390,16 @@ index 848be26..67efb38f 100644 |
274 |
include $(srctree)/arch/$(SRCARCH)/Makefile |
275 |
|
276 |
ifneq ($(CONFIG_FRAME_WARN),0) |
277 |
-@@ -708,7 +768,7 @@ export mod_strip_cmd |
278 |
+@@ -594,7 +669,7 @@ endif |
279 |
+ |
280 |
+ ifdef CONFIG_DEBUG_INFO |
281 |
+ KBUILD_CFLAGS += -g |
282 |
+-KBUILD_AFLAGS += -gdwarf-2 |
283 |
++KBUILD_AFLAGS += -Wa,--gdwarf-2 |
284 |
+ endif |
285 |
+ |
286 |
+ ifdef CONFIG_DEBUG_INFO_REDUCED |
287 |
+@@ -708,7 +783,7 @@ export mod_strip_cmd |
288 |
|
289 |
|
290 |
ifeq ($(KBUILD_EXTMOD),) |
291 |
@@ -371,7 +408,7 @@ index 848be26..67efb38f 100644 |
292 |
|
293 |
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ |
294 |
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \ |
295 |
-@@ -932,6 +992,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE |
296 |
+@@ -932,6 +1007,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE |
297 |
|
298 |
# The actual objects are generated when descending, |
299 |
# make sure no implicit rule kicks in |
300 |
@@ -380,7 +417,7 @@ index 848be26..67efb38f 100644 |
301 |
$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; |
302 |
|
303 |
# Handle descending into subdirectories listed in $(vmlinux-dirs) |
304 |
-@@ -941,7 +1003,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; |
305 |
+@@ -941,7 +1018,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; |
306 |
# Error messages still appears in the original language |
307 |
|
308 |
PHONY += $(vmlinux-dirs) |
309 |
@@ -389,7 +426,7 @@ index 848be26..67efb38f 100644 |
310 |
$(Q)$(MAKE) $(build)=$@ |
311 |
|
312 |
# Store (new) KERNELRELASE string in include/config/kernel.release |
313 |
-@@ -981,10 +1043,13 @@ prepare1: prepare2 include/linux/version.h include/generated/utsrelease.h \ |
314 |
+@@ -981,10 +1058,13 @@ prepare1: prepare2 include/linux/version.h include/generated/utsrelease.h \ |
315 |
|
316 |
archprepare: archscripts prepare1 scripts_basic |
317 |
|
318 |
@@ -403,7 +440,7 @@ index 848be26..67efb38f 100644 |
319 |
prepare: prepare0 |
320 |
|
321 |
# Generate some files |
322 |
-@@ -1089,6 +1154,8 @@ all: modules |
323 |
+@@ -1089,6 +1169,8 @@ all: modules |
324 |
# using awk while concatenating to the final file. |
325 |
|
326 |
PHONY += modules |
327 |
@@ -412,7 +449,7 @@ index 848be26..67efb38f 100644 |
328 |
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin |
329 |
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order |
330 |
@$(kecho) ' Building modules, stage 2.'; |
331 |
-@@ -1104,7 +1171,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) |
332 |
+@@ -1104,7 +1186,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) |
333 |
|
334 |
# Target to prepare building external modules |
335 |
PHONY += modules_prepare |
336 |
@@ -421,16 +458,19 @@ index 848be26..67efb38f 100644 |
337 |
|
338 |
# Target to install modules |
339 |
PHONY += modules_install |
340 |
-@@ -1163,7 +1230,7 @@ CLEAN_FILES += vmlinux System.map \ |
341 |
+@@ -1163,8 +1245,9 @@ CLEAN_FILES += vmlinux System.map \ |
342 |
MRPROPER_DIRS += include/config usr/include include/generated \ |
343 |
arch/*/include/generated |
344 |
MRPROPER_FILES += .config .config.old .version .old_version \ |
345 |
- include/linux/version.h \ |
346 |
+- Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS |
347 |
+ include/linux/version.h tools/gcc/size_overflow_hash.h\ |
348 |
- Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS |
349 |
++ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ |
350 |
++ tools/gcc/randomize_layout_seed.h tools/gcc/randomize_layout_hash.data |
351 |
|
352 |
# clean - Delete most, but leave enough to build external modules |
353 |
-@@ -1201,6 +1268,7 @@ distclean: mrproper |
354 |
+ # |
355 |
+@@ -1201,6 +1284,7 @@ distclean: mrproper |
356 |
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \ |
357 |
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ |
358 |
-o -name '.*.rej' \ |
359 |
@@ -438,7 +478,7 @@ index 848be26..67efb38f 100644 |
360 |
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ |
361 |
-type f -print | xargs rm -f |
362 |
|
363 |
-@@ -1361,6 +1429,8 @@ PHONY += $(module-dirs) modules |
364 |
+@@ -1361,6 +1445,8 @@ PHONY += $(module-dirs) modules |
365 |
$(module-dirs): crmodverdir $(objtree)/Module.symvers |
366 |
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) |
367 |
|
368 |
@@ -447,7 +487,7 @@ index 848be26..67efb38f 100644 |
369 |
modules: $(module-dirs) |
370 |
@$(kecho) ' Building modules, stage 2.'; |
371 |
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost |
372 |
-@@ -1487,17 +1557,21 @@ else |
373 |
+@@ -1487,17 +1573,21 @@ else |
374 |
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) |
375 |
endif |
376 |
|
377 |
@@ -473,7 +513,7 @@ index 848be26..67efb38f 100644 |
378 |
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) |
379 |
%.symtypes: %.c prepare scripts FORCE |
380 |
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) |
381 |
-@@ -1507,11 +1581,15 @@ endif |
382 |
+@@ -1507,11 +1597,15 @@ endif |
383 |
$(cmd_crmodverdir) |
384 |
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ |
385 |
$(build)=$(build-dir) |
386 |
@@ -855,6 +895,18 @@ index fadd5f8..904e73a 100644 |
387 |
} else if (!cause) { |
388 |
/* Allow reads even for write-only mappings */ |
389 |
if (!(vma->vm_flags & (VM_READ | VM_WRITE))) |
390 |
+diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig |
391 |
+index 790ea68..e8c6879 100644 |
392 |
+--- a/arch/arm/Kconfig |
393 |
++++ b/arch/arm/Kconfig |
394 |
+@@ -2012,6 +2012,7 @@ config XIP_PHYS_ADDR |
395 |
+ config KEXEC |
396 |
+ bool "Kexec system call (EXPERIMENTAL)" |
397 |
+ depends on EXPERIMENTAL |
398 |
++ depends on !GRKERNSEC_KMEM |
399 |
+ help |
400 |
+ kexec is a system call that implements the ability to shutdown your |
401 |
+ current kernel, and to start another kernel. It is like a reboot |
402 |
diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h |
403 |
index b7c5d5d..4b0c4ed 100644 |
404 |
--- a/arch/arm/include/asm/assembler.h |
405 |
@@ -3009,6 +3061,18 @@ index 0f01de2..d37d309 100644 |
406 |
|
407 |
#define __cacheline_aligned __aligned(L1_CACHE_BYTES) |
408 |
#define ____cacheline_aligned __aligned(L1_CACHE_BYTES) |
409 |
+diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig |
410 |
+index 27489b6..45ab736 100644 |
411 |
+--- a/arch/ia64/Kconfig |
412 |
++++ b/arch/ia64/Kconfig |
413 |
+@@ -570,6 +570,7 @@ source "drivers/sn/Kconfig" |
414 |
+ config KEXEC |
415 |
+ bool "kexec system call (EXPERIMENTAL)" |
416 |
+ depends on EXPERIMENTAL && !IA64_HP_SIM && (!SMP || HOTPLUG_CPU) |
417 |
++ depends on !GRKERNSEC_KMEM |
418 |
+ help |
419 |
+ kexec is a system call that implements the ability to shutdown your |
420 |
+ current kernel, and to start another kernel. It is like a reboot |
421 |
diff --git a/arch/ia64/include/asm/atomic.h b/arch/ia64/include/asm/atomic.h |
422 |
index 2fc214b..7597423 100644 |
423 |
--- a/arch/ia64/include/asm/atomic.h |
424 |
@@ -3646,6 +3710,18 @@ index 4efe96a..60e8699 100644 |
425 |
|
426 |
#define SMP_CACHE_BYTES L1_CACHE_BYTES |
427 |
|
428 |
+diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig |
429 |
+index d46f1da..d72dc10 100644 |
430 |
+--- a/arch/mips/Kconfig |
431 |
++++ b/arch/mips/Kconfig |
432 |
+@@ -2254,6 +2254,7 @@ source "kernel/Kconfig.preempt" |
433 |
+ config KEXEC |
434 |
+ bool "Kexec system call (EXPERIMENTAL)" |
435 |
+ depends on EXPERIMENTAL |
436 |
++ depends on !GRKERNSEC_KMEM |
437 |
+ help |
438 |
+ kexec is a system call that implements the ability to shutdown your |
439 |
+ current kernel, and to start another kernel. It is like a reboot |
440 |
diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h |
441 |
index 1d93f81..67794d0 100644 |
442 |
--- a/arch/mips/include/asm/atomic.h |
443 |
@@ -4799,6 +4875,18 @@ index 18162ce..94de376 100644 |
444 |
|
445 |
/* |
446 |
* If for any reason at all we couldn't handle the fault, make |
447 |
+diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig |
448 |
+index 16ef838..4eac98f 100644 |
449 |
+--- a/arch/powerpc/Kconfig |
450 |
++++ b/arch/powerpc/Kconfig |
451 |
+@@ -346,6 +346,7 @@ config ARCH_ENABLE_MEMORY_HOTREMOVE |
452 |
+ config KEXEC |
453 |
+ bool "kexec system call (EXPERIMENTAL)" |
454 |
+ depends on (PPC_BOOK3S || FSL_BOOKE || (44x && !SMP && !PPC_47x)) && EXPERIMENTAL |
455 |
++ depends on !GRKERNSEC_KMEM |
456 |
+ help |
457 |
+ kexec is a system call that implements the ability to shutdown your |
458 |
+ current kernel, and to start another kernel. It is like a reboot |
459 |
diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h |
460 |
index 02e41b5..ec6e26c 100644 |
461 |
--- a/arch/powerpc/include/asm/atomic.h |
462 |
@@ -9247,6 +9335,18 @@ index cbef74e..c38fead 100644 |
463 |
BTFIXUPSET_INT(page_kernel, pgprot_val(SRMMU_PAGE_KERNEL)); |
464 |
page_kernel = pgprot_val(SRMMU_PAGE_KERNEL); |
465 |
|
466 |
+diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig |
467 |
+index 6cb8319..ee12bac 100644 |
468 |
+--- a/arch/tile/Kconfig |
469 |
++++ b/arch/tile/Kconfig |
470 |
+@@ -142,6 +142,7 @@ source "kernel/Kconfig.hz" |
471 |
+ |
472 |
+ config KEXEC |
473 |
+ bool "kexec system call" |
474 |
++ depends on !GRKERNSEC_KMEM |
475 |
+ ---help--- |
476 |
+ kexec is a system call that implements the ability to shutdown your |
477 |
+ current kernel, and to start another kernel. It is like a reboot |
478 |
diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h |
479 |
index 27fe667..36d474c 100644 |
480 |
--- a/arch/tile/include/asm/atomic_64.h |
481 |
@@ -9420,7 +9520,7 @@ index ad8f795..2c7eec6 100644 |
482 |
/* |
483 |
* Memory returned by kmalloc() may be used for DMA, so we must make |
484 |
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig |
485 |
-index fb2e69d..27ff8ca 100644 |
486 |
+index fb2e69d..200616a 100644 |
487 |
--- a/arch/x86/Kconfig |
488 |
+++ b/arch/x86/Kconfig |
489 |
@@ -75,6 +75,7 @@ config X86 |
490 |
@@ -9483,7 +9583,15 @@ index fb2e69d..27ff8ca 100644 |
491 |
---help--- |
492 |
This option turns on the -fstack-protector GCC feature. This |
493 |
feature puts, at the beginning of functions, a canary value on |
494 |
-@@ -1616,6 +1619,8 @@ config X86_NEED_RELOCS |
495 |
+@@ -1514,6 +1517,7 @@ source kernel/Kconfig.hz |
496 |
+ |
497 |
+ config KEXEC |
498 |
+ bool "kexec system call" |
499 |
++ depends on !GRKERNSEC_KMEM |
500 |
+ ---help--- |
501 |
+ kexec is a system call that implements the ability to shutdown your |
502 |
+ current kernel, and to start another kernel. It is like a reboot |
503 |
+@@ -1616,6 +1620,8 @@ config X86_NEED_RELOCS |
504 |
config PHYSICAL_ALIGN |
505 |
hex "Alignment value to which kernel should be aligned" if X86_32 |
506 |
default "0x1000000" |
507 |
@@ -9492,7 +9600,7 @@ index fb2e69d..27ff8ca 100644 |
508 |
range 0x2000 0x1000000 |
509 |
---help--- |
510 |
This value puts the alignment restrictions on physical address |
511 |
-@@ -1647,9 +1652,10 @@ config HOTPLUG_CPU |
512 |
+@@ -1647,9 +1653,10 @@ config HOTPLUG_CPU |
513 |
Say N if you want to disable CPU hotplug. |
514 |
|
515 |
config COMPAT_VDSO |
516 |
@@ -12850,6 +12958,39 @@ index cc70c1c..d96d011 100644 |
517 |
+extern void machine_emergency_restart(void) __noreturn; |
518 |
|
519 |
#endif /* _ASM_X86_EMERGENCY_RESTART_H */ |
520 |
+diff --git a/arch/x86/include/asm/floppy.h b/arch/x86/include/asm/floppy.h |
521 |
+index dbe82a5..459eb0b 100644 |
522 |
+--- a/arch/x86/include/asm/floppy.h |
523 |
++++ b/arch/x86/include/asm/floppy.h |
524 |
+@@ -229,18 +229,18 @@ static struct fd_routine_l { |
525 |
+ int (*_dma_setup)(char *addr, unsigned long size, int mode, int io); |
526 |
+ } fd_routine[] = { |
527 |
+ { |
528 |
+- request_dma, |
529 |
+- free_dma, |
530 |
+- get_dma_residue, |
531 |
+- dma_mem_alloc, |
532 |
+- hard_dma_setup |
533 |
++ ._request_dma = request_dma, |
534 |
++ ._free_dma = free_dma, |
535 |
++ ._get_dma_residue = get_dma_residue, |
536 |
++ ._dma_mem_alloc = dma_mem_alloc, |
537 |
++ ._dma_setup = hard_dma_setup |
538 |
+ }, |
539 |
+ { |
540 |
+- vdma_request_dma, |
541 |
+- vdma_nop, |
542 |
+- vdma_get_dma_residue, |
543 |
+- vdma_mem_alloc, |
544 |
+- vdma_dma_setup |
545 |
++ ._request_dma = vdma_request_dma, |
546 |
++ ._free_dma = vdma_nop, |
547 |
++ ._get_dma_residue = vdma_get_dma_residue, |
548 |
++ ._dma_mem_alloc = vdma_mem_alloc, |
549 |
++ ._dma_setup = vdma_dma_setup |
550 |
+ } |
551 |
+ }; |
552 |
+ |
553 |
diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h |
554 |
index d09bb03..0a3629b 100644 |
555 |
--- a/arch/x86/include/asm/futex.h |
556 |
@@ -13684,7 +13825,7 @@ index 91e758b..cac1cd6 100644 |
557 |
|
558 |
#endif /* __ASSEMBLY__ */ |
559 |
diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h |
560 |
-index faf2c04..5724dcd 100644 |
561 |
+index faf2c04..055c010 100644 |
562 |
--- a/arch/x86/include/asm/paravirt_types.h |
563 |
+++ b/arch/x86/include/asm/paravirt_types.h |
564 |
@@ -84,7 +84,7 @@ struct pv_init_ops { |
565 |
@@ -13692,16 +13833,23 @@ index faf2c04..5724dcd 100644 |
566 |
unsigned (*patch)(u8 type, u16 clobber, void *insnbuf, |
567 |
unsigned long addr, unsigned len); |
568 |
-}; |
569 |
-+} __no_const; |
570 |
++} __no_const __no_randomize_layout; |
571 |
|
572 |
|
573 |
struct pv_lazy_ops { |
574 |
-@@ -98,7 +98,7 @@ struct pv_time_ops { |
575 |
+@@ -92,13 +92,13 @@ struct pv_lazy_ops { |
576 |
+ void (*enter)(void); |
577 |
+ void (*leave)(void); |
578 |
+ void (*flush)(void); |
579 |
+-}; |
580 |
++} __no_randomize_layout; |
581 |
+ |
582 |
+ struct pv_time_ops { |
583 |
unsigned long long (*sched_clock)(void); |
584 |
unsigned long long (*steal_clock)(int cpu); |
585 |
unsigned long (*get_tsc_khz)(void); |
586 |
-}; |
587 |
-+} __no_const; |
588 |
++} __no_const __no_randomize_layout; |
589 |
|
590 |
struct pv_cpu_ops { |
591 |
/* hooks for various privileged instructions */ |
592 |
@@ -13710,16 +13858,25 @@ index faf2c04..5724dcd 100644 |
593 |
void (*start_context_switch)(struct task_struct *prev); |
594 |
void (*end_context_switch)(struct task_struct *next); |
595 |
-}; |
596 |
-+} __no_const; |
597 |
++} __no_const __no_randomize_layout; |
598 |
|
599 |
struct pv_irq_ops { |
600 |
/* |
601 |
+@@ -217,7 +217,7 @@ struct pv_irq_ops { |
602 |
+ #ifdef CONFIG_X86_64 |
603 |
+ void (*adjust_exception_frame)(void); |
604 |
+ #endif |
605 |
+-}; |
606 |
++} __no_randomize_layout; |
607 |
+ |
608 |
+ struct pv_apic_ops { |
609 |
+ #ifdef CONFIG_X86_LOCAL_APIC |
610 |
@@ -225,7 +225,7 @@ struct pv_apic_ops { |
611 |
unsigned long start_eip, |
612 |
unsigned long start_esp); |
613 |
#endif |
614 |
-}; |
615 |
-+} __no_const; |
616 |
++} __no_const __no_randomize_layout; |
617 |
|
618 |
struct pv_mmu_ops { |
619 |
unsigned long (*read_cr2)(void); |
620 |
@@ -13731,28 +13888,47 @@ index faf2c04..5724dcd 100644 |
621 |
#endif /* PAGETABLE_LEVELS == 4 */ |
622 |
#endif /* PAGETABLE_LEVELS >= 3 */ |
623 |
|
624 |
-@@ -325,6 +326,12 @@ struct pv_mmu_ops { |
625 |
+@@ -325,7 +326,13 @@ struct pv_mmu_ops { |
626 |
an mfn. We can tell which is which from the index. */ |
627 |
void (*set_fixmap)(unsigned /* enum fixed_addresses */ idx, |
628 |
phys_addr_t phys, pgprot_t flags); |
629 |
+-}; |
630 |
+ |
631 |
+#ifdef CONFIG_PAX_KERNEXEC |
632 |
+ unsigned long (*pax_open_kernel)(void); |
633 |
+ unsigned long (*pax_close_kernel)(void); |
634 |
+#endif |
635 |
+ |
636 |
- }; |
637 |
++} __no_randomize_layout; |
638 |
|
639 |
struct arch_spinlock; |
640 |
-@@ -335,7 +342,7 @@ struct pv_lock_ops { |
641 |
+ struct pv_lock_ops { |
642 |
+@@ -335,11 +342,14 @@ struct pv_lock_ops { |
643 |
void (*spin_lock_flags)(struct arch_spinlock *lock, unsigned long flags); |
644 |
int (*spin_trylock)(struct arch_spinlock *lock); |
645 |
void (*spin_unlock)(struct arch_spinlock *lock); |
646 |
-}; |
647 |
-+} __no_const; |
648 |
++} __no_const __no_randomize_layout; |
649 |
|
650 |
/* This contains all the paravirt structures: we get a convenient |
651 |
* number for each function using the offset which we use to indicate |
652 |
+- * what to patch. */ |
653 |
++ * what to patch. |
654 |
++ * shouldn't be randomized due to the "NEAT TRICK" in paravirt.c |
655 |
++ */ |
656 |
++ |
657 |
+ struct paravirt_patch_template { |
658 |
+ struct pv_init_ops pv_init_ops; |
659 |
+ struct pv_time_ops pv_time_ops; |
660 |
+@@ -348,7 +358,7 @@ struct paravirt_patch_template { |
661 |
+ struct pv_apic_ops pv_apic_ops; |
662 |
+ struct pv_mmu_ops pv_mmu_ops; |
663 |
+ struct pv_lock_ops pv_lock_ops; |
664 |
+-}; |
665 |
++} __no_randomize_layout; |
666 |
+ |
667 |
+ extern struct pv_info pv_info; |
668 |
+ extern struct pv_init_ops pv_init_ops; |
669 |
diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h |
670 |
index b4389a4..7024269 100644 |
671 |
--- a/arch/x86/include/asm/pgalloc.h |
672 |
@@ -14333,9 +14509,18 @@ index 2dddb31..100c638 100644 |
673 |
/* |
674 |
* x86-64 Task Priority Register, CR8 |
675 |
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h |
676 |
-index f7c89e2..9962bae 100644 |
677 |
+index f7c89e2..553040d 100644 |
678 |
--- a/arch/x86/include/asm/processor.h |
679 |
+++ b/arch/x86/include/asm/processor.h |
680 |
+@@ -110,7 +110,7 @@ struct cpuinfo_x86 { |
681 |
+ /* Index into per_cpu list: */ |
682 |
+ u16 cpu_index; |
683 |
+ u32 microcode; |
684 |
+-} __attribute__((__aligned__(SMP_CACHE_BYTES))); |
685 |
++} __attribute__((__aligned__(SMP_CACHE_BYTES))) __randomize_layout; |
686 |
+ |
687 |
+ #define X86_VENDOR_INTEL 0 |
688 |
+ #define X86_VENDOR_CYRIX 1 |
689 |
@@ -266,7 +266,7 @@ struct tss_struct { |
690 |
|
691 |
} ____cacheline_aligned; |
692 |
@@ -20416,7 +20601,7 @@ index a979b5b..1d6db75 100644 |
693 |
.callback = dmi_io_delay_0xed_port, |
694 |
.ident = "Compaq Presario V6000", |
695 |
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c |
696 |
-index 8c96897..be66bfa 100644 |
697 |
+index 8c96897..060ff2d 100644 |
698 |
--- a/arch/x86/kernel/ioport.c |
699 |
+++ b/arch/x86/kernel/ioport.c |
700 |
@@ -6,6 +6,7 @@ |
701 |
@@ -20427,19 +20612,19 @@ index 8c96897..be66bfa 100644 |
702 |
#include <linux/errno.h> |
703 |
#include <linux/types.h> |
704 |
#include <linux/ioport.h> |
705 |
-@@ -28,6 +29,12 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) |
706 |
- |
707 |
- if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) |
708 |
+@@ -30,6 +31,12 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) |
709 |
return -EINVAL; |
710 |
+ if (turn_on && !capable(CAP_SYS_RAWIO)) |
711 |
+ return -EPERM; |
712 |
+#ifdef CONFIG_GRKERNSEC_IO |
713 |
+ if (turn_on && grsec_disable_privio) { |
714 |
+ gr_handle_ioperm(); |
715 |
-+ return -EPERM; |
716 |
++ return -ENODEV; |
717 |
+ } |
718 |
+#endif |
719 |
- if (turn_on && !capable(CAP_SYS_RAWIO)) |
720 |
- return -EPERM; |
721 |
|
722 |
+ /* |
723 |
+ * If it's the first ioperm() call in this thread's lifetime, set the |
724 |
@@ -54,7 +61,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) |
725 |
* because the ->io_bitmap_max value must match the bitmap |
726 |
* contents: |
727 |
@@ -20449,19 +20634,19 @@ index 8c96897..be66bfa 100644 |
728 |
|
729 |
if (turn_on) |
730 |
bitmap_clear(t->io_bitmap_ptr, from, num); |
731 |
-@@ -102,6 +109,12 @@ long sys_iopl(unsigned int level, struct pt_regs *regs) |
732 |
- return -EINVAL; |
733 |
- /* Trying to gain more privileges? */ |
734 |
+@@ -104,6 +111,12 @@ long sys_iopl(unsigned int level, struct pt_regs *regs) |
735 |
if (level > old) { |
736 |
+ if (!capable(CAP_SYS_RAWIO)) |
737 |
+ return -EPERM; |
738 |
+#ifdef CONFIG_GRKERNSEC_IO |
739 |
+ if (grsec_disable_privio) { |
740 |
+ gr_handle_iopl(); |
741 |
-+ return -EPERM; |
742 |
++ return -ENODEV; |
743 |
+ } |
744 |
+#endif |
745 |
- if (!capable(CAP_SYS_RAWIO)) |
746 |
- return -EPERM; |
747 |
} |
748 |
+ regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); |
749 |
+ t->iopl = level << 12; |
750 |
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c |
751 |
index fb2eb32..62793bd 100644 |
752 |
--- a/arch/x86/kernel/irq.c |
753 |
@@ -22147,10 +22332,30 @@ index f2bb9c9..bed145d7 100644 |
754 |
|
755 |
1: |
756 |
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c |
757 |
-index b506f41..33e9995 100644 |
758 |
+index b506f41..c954434 100644 |
759 |
--- a/arch/x86/kernel/setup.c |
760 |
+++ b/arch/x86/kernel/setup.c |
761 |
-@@ -447,7 +447,7 @@ static void __init parse_setup_data(void) |
762 |
+@@ -176,9 +176,17 @@ static struct resource bss_resource = { |
763 |
+ |
764 |
+ #ifdef CONFIG_X86_32 |
765 |
+ /* cpu data as detected by the assembly code in head.S */ |
766 |
+-struct cpuinfo_x86 new_cpu_data __cpuinitdata = {0, 0, 0, 0, -1, 1, 0, 0, -1}; |
767 |
++struct cpuinfo_x86 new_cpu_data __cpuinitdata = { |
768 |
++ .wp_works_ok = -1, |
769 |
++ .hlt_works_ok = 1, |
770 |
++ .fdiv_bug = -1, |
771 |
++}; |
772 |
+ /* common cpu data for all cpus */ |
773 |
+-struct cpuinfo_x86 boot_cpu_data __read_mostly = {0, 0, 0, 0, -1, 1, 0, 0, -1}; |
774 |
++struct cpuinfo_x86 boot_cpu_data __read_mostly = { |
775 |
++ .wp_works_ok = -1, |
776 |
++ .hlt_works_ok = 1, |
777 |
++ .fdiv_bug = -1, |
778 |
++}; |
779 |
+ EXPORT_SYMBOL(boot_cpu_data); |
780 |
+ static void set_mca_bus(int x) |
781 |
+ { |
782 |
+@@ -447,7 +455,7 @@ static void __init parse_setup_data(void) |
783 |
|
784 |
switch (data->type) { |
785 |
case SETUP_E820_EXT: |
786 |
@@ -22159,7 +22364,7 @@ index b506f41..33e9995 100644 |
787 |
break; |
788 |
case SETUP_DTB: |
789 |
add_dtb(pa_data); |
790 |
-@@ -727,7 +727,7 @@ static void __init trim_bios_range(void) |
791 |
+@@ -727,7 +735,7 @@ static void __init trim_bios_range(void) |
792 |
* area (640->1Mb) as ram even though it is not. |
793 |
* take them out. |
794 |
*/ |
795 |
@@ -22168,7 +22373,7 @@ index b506f41..33e9995 100644 |
796 |
|
797 |
sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); |
798 |
} |
799 |
-@@ -852,14 +852,14 @@ void __init setup_arch(char **cmdline_p) |
800 |
+@@ -852,14 +860,14 @@ void __init setup_arch(char **cmdline_p) |
801 |
|
802 |
if (!boot_params.hdr.root_flags) |
803 |
root_mountflags &= ~MS_RDONLY; |
804 |
@@ -33019,7 +33224,7 @@ index d7ad865..61ddf2c 100644 |
805 |
} |
806 |
|
807 |
diff --git a/drivers/block/cciss.h b/drivers/block/cciss.h |
808 |
-index 7fda30e..eb5dfe0 100644 |
809 |
+index 7fda30e..2f27946 100644 |
810 |
--- a/drivers/block/cciss.h |
811 |
+++ b/drivers/block/cciss.h |
812 |
@@ -101,7 +101,7 @@ struct ctlr_info |
813 |
@@ -33031,6 +33236,49 @@ index 7fda30e..eb5dfe0 100644 |
814 |
|
815 |
/* queue and queue Info */ |
816 |
struct list_head reqQ; |
817 |
+@@ -402,27 +402,27 @@ static bool SA5_performant_intr_pending(ctlr_info_t *h) |
818 |
+ } |
819 |
+ |
820 |
+ static struct access_method SA5_access = { |
821 |
+- SA5_submit_command, |
822 |
+- SA5_intr_mask, |
823 |
+- SA5_fifo_full, |
824 |
+- SA5_intr_pending, |
825 |
+- SA5_completed, |
826 |
++ .submit_command = SA5_submit_command, |
827 |
++ .set_intr_mask = SA5_intr_mask, |
828 |
++ .fifo_full = SA5_fifo_full, |
829 |
++ .intr_pending = SA5_intr_pending, |
830 |
++ .command_completed = SA5_completed, |
831 |
+ }; |
832 |
+ |
833 |
+ static struct access_method SA5B_access = { |
834 |
+- SA5_submit_command, |
835 |
+- SA5B_intr_mask, |
836 |
+- SA5_fifo_full, |
837 |
+- SA5B_intr_pending, |
838 |
+- SA5_completed, |
839 |
++ .submit_command = SA5_submit_command, |
840 |
++ .set_intr_mask = SA5B_intr_mask, |
841 |
++ .fifo_full = SA5_fifo_full, |
842 |
++ .intr_pending = SA5B_intr_pending, |
843 |
++ .command_completed = SA5_completed, |
844 |
+ }; |
845 |
+ |
846 |
+ static struct access_method SA5_performant_access = { |
847 |
+- SA5_submit_command, |
848 |
+- SA5_performant_intr_mask, |
849 |
+- SA5_fifo_full, |
850 |
+- SA5_performant_intr_pending, |
851 |
+- SA5_performant_completed, |
852 |
++ .submit_command = SA5_submit_command, |
853 |
++ .set_intr_mask = SA5_performant_intr_mask, |
854 |
++ .fifo_full = SA5_fifo_full, |
855 |
++ .intr_pending = SA5_performant_intr_pending, |
856 |
++ .command_completed = SA5_performant_completed, |
857 |
+ }; |
858 |
+ |
859 |
+ struct board_type { |
860 |
diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c |
861 |
index 504bc16..e13b631 100644 |
862 |
--- a/drivers/block/cpqarray.c |
863 |
@@ -33458,6 +33706,76 @@ index a63b0a2..30228d1 100644 |
864 |
|
865 |
static DEFINE_MUTEX(pktcdvd_mutex); |
866 |
static struct pktcdvd_device *pkt_devs[MAX_WRITERS]; |
867 |
+diff --git a/drivers/block/smart1,2.h b/drivers/block/smart1,2.h |
868 |
+index e5565fb..71be10b4 100644 |
869 |
+--- a/drivers/block/smart1,2.h |
870 |
++++ b/drivers/block/smart1,2.h |
871 |
+@@ -108,11 +108,11 @@ static unsigned long smart4_intr_pending(ctlr_info_t *h) |
872 |
+ } |
873 |
+ |
874 |
+ static struct access_method smart4_access = { |
875 |
+- smart4_submit_command, |
876 |
+- smart4_intr_mask, |
877 |
+- smart4_fifo_full, |
878 |
+- smart4_intr_pending, |
879 |
+- smart4_completed, |
880 |
++ .submit_command = smart4_submit_command, |
881 |
++ .set_intr_mask = smart4_intr_mask, |
882 |
++ .fifo_full = smart4_fifo_full, |
883 |
++ .intr_pending = smart4_intr_pending, |
884 |
++ .command_completed = smart4_completed, |
885 |
+ }; |
886 |
+ |
887 |
+ /* |
888 |
+@@ -144,11 +144,11 @@ static unsigned long smart2_intr_pending(ctlr_info_t *h) |
889 |
+ } |
890 |
+ |
891 |
+ static struct access_method smart2_access = { |
892 |
+- smart2_submit_command, |
893 |
+- smart2_intr_mask, |
894 |
+- smart2_fifo_full, |
895 |
+- smart2_intr_pending, |
896 |
+- smart2_completed, |
897 |
++ .submit_command = smart2_submit_command, |
898 |
++ .set_intr_mask = smart2_intr_mask, |
899 |
++ .fifo_full = smart2_fifo_full, |
900 |
++ .intr_pending = smart2_intr_pending, |
901 |
++ .command_completed = smart2_completed, |
902 |
+ }; |
903 |
+ |
904 |
+ /* |
905 |
+@@ -180,11 +180,11 @@ static unsigned long smart2e_intr_pending(ctlr_info_t *h) |
906 |
+ } |
907 |
+ |
908 |
+ static struct access_method smart2e_access = { |
909 |
+- smart2e_submit_command, |
910 |
+- smart2e_intr_mask, |
911 |
+- smart2e_fifo_full, |
912 |
+- smart2e_intr_pending, |
913 |
+- smart2e_completed, |
914 |
++ .submit_command = smart2e_submit_command, |
915 |
++ .set_intr_mask = smart2e_intr_mask, |
916 |
++ .fifo_full = smart2e_fifo_full, |
917 |
++ .intr_pending = smart2e_intr_pending, |
918 |
++ .command_completed = smart2e_completed, |
919 |
+ }; |
920 |
+ |
921 |
+ /* |
922 |
+@@ -270,9 +270,9 @@ static unsigned long smart1_intr_pending(ctlr_info_t *h) |
923 |
+ } |
924 |
+ |
925 |
+ static struct access_method smart1_access = { |
926 |
+- smart1_submit_command, |
927 |
+- smart1_intr_mask, |
928 |
+- smart1_fifo_full, |
929 |
+- smart1_intr_pending, |
930 |
+- smart1_completed, |
931 |
++ .submit_command = smart1_submit_command, |
932 |
++ .set_intr_mask = smart1_intr_mask, |
933 |
++ .fifo_full = smart1_fifo_full, |
934 |
++ .intr_pending = smart1_intr_pending, |
935 |
++ .command_completed = smart1_completed, |
936 |
+ }; |
937 |
diff --git a/drivers/bluetooth/btwilink.c b/drivers/bluetooth/btwilink.c |
938 |
index b5f83b4..2f49d18 100644 |
939 |
--- a/drivers/bluetooth/btwilink.c |
940 |
@@ -37191,6 +37509,42 @@ index 475ba81..a6c530c 100644 |
941 |
int ret; |
942 |
|
943 |
if (nr < DRM_COMMAND_BASE) |
944 |
+diff --git a/drivers/gpu/drm/nouveau/nouveau_mem.c b/drivers/gpu/drm/nouveau/nouveau_mem.c |
945 |
+index 36bec48..3a128f3 100644 |
946 |
+--- a/drivers/gpu/drm/nouveau/nouveau_mem.c |
947 |
++++ b/drivers/gpu/drm/nouveau/nouveau_mem.c |
948 |
+@@ -812,11 +812,11 @@ nouveau_vram_manager_debug(struct ttm_mem_type_manager *man, const char *prefix) |
949 |
+ } |
950 |
+ |
951 |
+ const struct ttm_mem_type_manager_func nouveau_vram_manager = { |
952 |
+- nouveau_vram_manager_init, |
953 |
+- nouveau_vram_manager_fini, |
954 |
+- nouveau_vram_manager_new, |
955 |
+- nouveau_vram_manager_del, |
956 |
+- nouveau_vram_manager_debug |
957 |
++ .init = nouveau_vram_manager_init, |
958 |
++ .takedown = nouveau_vram_manager_fini, |
959 |
++ .get_node = nouveau_vram_manager_new, |
960 |
++ .put_node = nouveau_vram_manager_del, |
961 |
++ .debug = nouveau_vram_manager_debug |
962 |
+ }; |
963 |
+ |
964 |
+ static int |
965 |
+@@ -869,9 +869,9 @@ nouveau_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix) |
966 |
+ } |
967 |
+ |
968 |
+ const struct ttm_mem_type_manager_func nouveau_gart_manager = { |
969 |
+- nouveau_gart_manager_init, |
970 |
+- nouveau_gart_manager_fini, |
971 |
+- nouveau_gart_manager_new, |
972 |
+- nouveau_gart_manager_del, |
973 |
+- nouveau_gart_manager_debug |
974 |
++ .init = nouveau_gart_manager_init, |
975 |
++ .takedown = nouveau_gart_manager_fini, |
976 |
++ .get_node = nouveau_gart_manager_new, |
977 |
++ .put_node = nouveau_gart_manager_del, |
978 |
++ .debug = nouveau_gart_manager_debug |
979 |
+ }; |
980 |
diff --git a/drivers/gpu/drm/nouveau/nouveau_state.c b/drivers/gpu/drm/nouveau/nouveau_state.c |
981 |
index 01adcfb..c6726fe 100644 |
982 |
--- a/drivers/gpu/drm/nouveau/nouveau_state.c |
983 |
@@ -37779,6 +38133,26 @@ index 3e72074..9fbe45b 100644 |
984 |
dev_warn(rdev->dev, "failed blitter (%d) falling back to memcpy\n", r); |
985 |
} |
986 |
|
987 |
+diff --git a/drivers/gpu/drm/ttm/ttm_bo_manager.c b/drivers/gpu/drm/ttm/ttm_bo_manager.c |
988 |
+index 038e947..4ae87f0 100644 |
989 |
+--- a/drivers/gpu/drm/ttm/ttm_bo_manager.c |
990 |
++++ b/drivers/gpu/drm/ttm/ttm_bo_manager.c |
991 |
+@@ -148,10 +148,10 @@ static void ttm_bo_man_debug(struct ttm_mem_type_manager *man, |
992 |
+ } |
993 |
+ |
994 |
+ const struct ttm_mem_type_manager_func ttm_bo_manager_func = { |
995 |
+- ttm_bo_man_init, |
996 |
+- ttm_bo_man_takedown, |
997 |
+- ttm_bo_man_get_node, |
998 |
+- ttm_bo_man_put_node, |
999 |
+- ttm_bo_man_debug |
1000 |
++ .init = ttm_bo_man_init, |
1001 |
++ .takedown = ttm_bo_man_takedown, |
1002 |
++ .get_node = ttm_bo_man_get_node, |
1003 |
++ .put_node = ttm_bo_man_put_node, |
1004 |
++ .debug = ttm_bo_man_debug |
1005 |
+ }; |
1006 |
+ EXPORT_SYMBOL(ttm_bo_manager_func); |
1007 |
diff --git a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c |
1008 |
index e70ddd8..ddfa1cd 100644 |
1009 |
--- a/drivers/gpu/drm/ttm/ttm_memory.c |
1010 |
@@ -37966,6 +38340,25 @@ index a0c2f12..68ae6cb 100644 |
1011 |
} while (*seqno == 0); |
1012 |
|
1013 |
if (!(fifo_state->capabilities & SVGA_FIFO_CAP_FENCE)) { |
1014 |
+diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c b/drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c |
1015 |
+index 5f71715..e40c528 100644 |
1016 |
+--- a/drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c |
1017 |
++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c |
1018 |
+@@ -153,9 +153,9 @@ static void vmw_gmrid_man_debug(struct ttm_mem_type_manager *man, |
1019 |
+ } |
1020 |
+ |
1021 |
+ const struct ttm_mem_type_manager_func vmw_gmrid_manager_func = { |
1022 |
+- vmw_gmrid_man_init, |
1023 |
+- vmw_gmrid_man_takedown, |
1024 |
+- vmw_gmrid_man_get_node, |
1025 |
+- vmw_gmrid_man_put_node, |
1026 |
+- vmw_gmrid_man_debug |
1027 |
++ .init = vmw_gmrid_man_init, |
1028 |
++ .takedown = vmw_gmrid_man_takedown, |
1029 |
++ .get_node = vmw_gmrid_man_get_node, |
1030 |
++ .put_node = vmw_gmrid_man_put_node, |
1031 |
++ .debug = vmw_gmrid_man_debug |
1032 |
+ }; |
1033 |
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c |
1034 |
index 66917c6..2dcc8ae 100644 |
1035 |
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c |
1036 |
@@ -39165,6 +39558,41 @@ index e571e60..523c505 100644 |
1037 |
.notifier_call = comp_pool_callback, |
1038 |
.priority = 0, |
1039 |
}; |
1040 |
+diff --git a/drivers/infiniband/hw/ipath/ipath_dma.c b/drivers/infiniband/hw/ipath/ipath_dma.c |
1041 |
+index 644c2c7..ecf0879 100644 |
1042 |
+--- a/drivers/infiniband/hw/ipath/ipath_dma.c |
1043 |
++++ b/drivers/infiniband/hw/ipath/ipath_dma.c |
1044 |
+@@ -176,17 +176,17 @@ static void ipath_dma_free_coherent(struct ib_device *dev, size_t size, |
1045 |
+ } |
1046 |
+ |
1047 |
+ struct ib_dma_mapping_ops ipath_dma_mapping_ops = { |
1048 |
+- ipath_mapping_error, |
1049 |
+- ipath_dma_map_single, |
1050 |
+- ipath_dma_unmap_single, |
1051 |
+- ipath_dma_map_page, |
1052 |
+- ipath_dma_unmap_page, |
1053 |
+- ipath_map_sg, |
1054 |
+- ipath_unmap_sg, |
1055 |
+- ipath_sg_dma_address, |
1056 |
+- ipath_sg_dma_len, |
1057 |
+- ipath_sync_single_for_cpu, |
1058 |
+- ipath_sync_single_for_device, |
1059 |
+- ipath_dma_alloc_coherent, |
1060 |
+- ipath_dma_free_coherent |
1061 |
++ .mapping_error = ipath_mapping_error, |
1062 |
++ .map_single = ipath_dma_map_single, |
1063 |
++ .unmap_single = ipath_dma_unmap_single, |
1064 |
++ .map_page = ipath_dma_map_page, |
1065 |
++ .unmap_page = ipath_dma_unmap_page, |
1066 |
++ .map_sg = ipath_map_sg, |
1067 |
++ .unmap_sg = ipath_unmap_sg, |
1068 |
++ .dma_address = ipath_sg_dma_address, |
1069 |
++ .dma_len = ipath_sg_dma_len, |
1070 |
++ .sync_single_for_cpu = ipath_sync_single_for_cpu, |
1071 |
++ .sync_single_for_device = ipath_sync_single_for_device, |
1072 |
++ .alloc_coherent = ipath_dma_alloc_coherent, |
1073 |
++ .free_coherent = ipath_dma_free_coherent |
1074 |
+ }; |
1075 |
diff --git a/drivers/infiniband/hw/ipath/ipath_fs.c b/drivers/infiniband/hw/ipath/ipath_fs.c |
1076 |
index 31ae1b1..fe606ac 100644 |
1077 |
--- a/drivers/infiniband/hw/ipath/ipath_fs.c |
1078 |
@@ -39410,7 +39838,7 @@ index 3ade373..f3b68b7 100644 |
1079 |
extern u32 int_mod_timer_init; |
1080 |
extern u32 int_mod_cq_depth_256; |
1081 |
diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c |
1082 |
-index 0a52d72..0642f36 100644 |
1083 |
+index 0a52d72..23edf25 100644 |
1084 |
--- a/drivers/infiniband/hw/nes/nes_cm.c |
1085 |
+++ b/drivers/infiniband/hw/nes/nes_cm.c |
1086 |
@@ -68,14 +68,14 @@ u32 cm_packets_dropped; |
1087 |
@@ -39435,7 +39863,33 @@ index 0a52d72..0642f36 100644 |
1088 |
|
1089 |
static inline int mini_cm_accelerated(struct nes_cm_core *, struct nes_cm_node *); |
1090 |
static struct nes_cm_listener *mini_cm_listen(struct nes_cm_core *, struct nes_vnic *, struct nes_cm_info *); |
1091 |
-@@ -148,13 +148,13 @@ static struct nes_cm_ops nes_cm_api = { |
1092 |
+@@ -133,28 +133,28 @@ static void print_core(struct nes_cm_core *core); |
1093 |
+ /* instance of function pointers for client API */ |
1094 |
+ /* set address of this instance to cm_core->cm_ops at cm_core alloc */ |
1095 |
+ static struct nes_cm_ops nes_cm_api = { |
1096 |
+- mini_cm_accelerated, |
1097 |
+- mini_cm_listen, |
1098 |
+- mini_cm_del_listen, |
1099 |
+- mini_cm_connect, |
1100 |
+- mini_cm_close, |
1101 |
+- mini_cm_accept, |
1102 |
+- mini_cm_reject, |
1103 |
+- mini_cm_recv_pkt, |
1104 |
+- mini_cm_dealloc_core, |
1105 |
+- mini_cm_get, |
1106 |
+- mini_cm_set |
1107 |
++ .accelerated = mini_cm_accelerated, |
1108 |
++ .listen = mini_cm_listen, |
1109 |
++ .stop_listener = mini_cm_del_listen, |
1110 |
++ .connect = mini_cm_connect, |
1111 |
++ .close = mini_cm_close, |
1112 |
++ .accept = mini_cm_accept, |
1113 |
++ .reject = mini_cm_reject, |
1114 |
++ .recv_pkt = mini_cm_recv_pkt, |
1115 |
++ .destroy_cm_core = mini_cm_dealloc_core, |
1116 |
++ .get = mini_cm_get, |
1117 |
++ .set = mini_cm_set |
1118 |
+ }; |
1119 |
|
1120 |
static struct nes_cm_core *g_cm_core; |
1121 |
|
1122 |
@@ -39984,6 +40438,49 @@ index 2b33b26..a9c638b 100644 |
1123 |
return NULL; |
1124 |
|
1125 |
return rcu_dereference(capi_applications[applid - 1]); |
1126 |
+diff --git a/drivers/isdn/gigaset/bas-gigaset.c b/drivers/isdn/gigaset/bas-gigaset.c |
1127 |
+index 492aa52..fe79ae4 100644 |
1128 |
+--- a/drivers/isdn/gigaset/bas-gigaset.c |
1129 |
++++ b/drivers/isdn/gigaset/bas-gigaset.c |
1130 |
+@@ -2559,22 +2559,22 @@ static int gigaset_post_reset(struct usb_interface *intf) |
1131 |
+ |
1132 |
+ |
1133 |
+ static const struct gigaset_ops gigops = { |
1134 |
+- gigaset_write_cmd, |
1135 |
+- gigaset_write_room, |
1136 |
+- gigaset_chars_in_buffer, |
1137 |
+- gigaset_brkchars, |
1138 |
+- gigaset_init_bchannel, |
1139 |
+- gigaset_close_bchannel, |
1140 |
+- gigaset_initbcshw, |
1141 |
+- gigaset_freebcshw, |
1142 |
+- gigaset_reinitbcshw, |
1143 |
+- gigaset_initcshw, |
1144 |
+- gigaset_freecshw, |
1145 |
+- gigaset_set_modem_ctrl, |
1146 |
+- gigaset_baud_rate, |
1147 |
+- gigaset_set_line_ctrl, |
1148 |
+- gigaset_isoc_send_skb, |
1149 |
+- gigaset_isoc_input, |
1150 |
++ .write_cmd = gigaset_write_cmd, |
1151 |
++ .write_room = gigaset_write_room, |
1152 |
++ .chars_in_buffer = gigaset_chars_in_buffer, |
1153 |
++ .brkchars = gigaset_brkchars, |
1154 |
++ .init_bchannel = gigaset_init_bchannel, |
1155 |
++ .close_bchannel = gigaset_close_bchannel, |
1156 |
++ .initbcshw = gigaset_initbcshw, |
1157 |
++ .freebcshw = gigaset_freebcshw, |
1158 |
++ .reinitbcshw = gigaset_reinitbcshw, |
1159 |
++ .initcshw = gigaset_initcshw, |
1160 |
++ .freecshw = gigaset_freecshw, |
1161 |
++ .set_modem_ctrl = gigaset_set_modem_ctrl, |
1162 |
++ .baud_rate = gigaset_baud_rate, |
1163 |
++ .set_line_ctrl = gigaset_set_line_ctrl, |
1164 |
++ .send_skb = gigaset_isoc_send_skb, |
1165 |
++ .handle_input = gigaset_isoc_input, |
1166 |
+ }; |
1167 |
+ |
1168 |
+ /* bas_gigaset_init |
1169 |
diff --git a/drivers/isdn/gigaset/common.c b/drivers/isdn/gigaset/common.c |
1170 |
index db621db..825ea1a 100644 |
1171 |
--- a/drivers/isdn/gigaset/common.c |
1172 |
@@ -40109,8 +40606,51 @@ index ee0a549..a7c9798 100644 |
1173 |
dev_warn(cs->dev, "%s: device not opened\n", __func__); |
1174 |
goto out; |
1175 |
} |
1176 |
+diff --git a/drivers/isdn/gigaset/ser-gigaset.c b/drivers/isdn/gigaset/ser-gigaset.c |
1177 |
+index 86a5c4f..5a564c2 100644 |
1178 |
+--- a/drivers/isdn/gigaset/ser-gigaset.c |
1179 |
++++ b/drivers/isdn/gigaset/ser-gigaset.c |
1180 |
+@@ -454,22 +454,22 @@ static int gigaset_set_line_ctrl(struct cardstate *cs, unsigned cflag) |
1181 |
+ } |
1182 |
+ |
1183 |
+ static const struct gigaset_ops ops = { |
1184 |
+- gigaset_write_cmd, |
1185 |
+- gigaset_write_room, |
1186 |
+- gigaset_chars_in_buffer, |
1187 |
+- gigaset_brkchars, |
1188 |
+- gigaset_init_bchannel, |
1189 |
+- gigaset_close_bchannel, |
1190 |
+- gigaset_initbcshw, |
1191 |
+- gigaset_freebcshw, |
1192 |
+- gigaset_reinitbcshw, |
1193 |
+- gigaset_initcshw, |
1194 |
+- gigaset_freecshw, |
1195 |
+- gigaset_set_modem_ctrl, |
1196 |
+- gigaset_baud_rate, |
1197 |
+- gigaset_set_line_ctrl, |
1198 |
+- gigaset_m10x_send_skb, /* asyncdata.c */ |
1199 |
+- gigaset_m10x_input, /* asyncdata.c */ |
1200 |
++ .write_cmd = gigaset_write_cmd, |
1201 |
++ .write_room = gigaset_write_room, |
1202 |
++ .chars_in_buffer = gigaset_chars_in_buffer, |
1203 |
++ .brkchars = gigaset_brkchars, |
1204 |
++ .init_bchannel = gigaset_init_bchannel, |
1205 |
++ .close_bchannel = gigaset_close_bchannel, |
1206 |
++ .initbcshw = gigaset_initbcshw, |
1207 |
++ .freebcshw = gigaset_freebcshw, |
1208 |
++ .reinitbcshw = gigaset_reinitbcshw, |
1209 |
++ .initcshw = gigaset_initcshw, |
1210 |
++ .freecshw = gigaset_freecshw, |
1211 |
++ .set_modem_ctrl = gigaset_set_modem_ctrl, |
1212 |
++ .baud_rate = gigaset_baud_rate, |
1213 |
++ .set_line_ctrl = gigaset_set_line_ctrl, |
1214 |
++ .send_skb = gigaset_m10x_send_skb, /* asyncdata.c */ |
1215 |
++ .handle_input = gigaset_m10x_input, /* asyncdata.c */ |
1216 |
+ }; |
1217 |
+ |
1218 |
+ |
1219 |
diff --git a/drivers/isdn/gigaset/usb-gigaset.c b/drivers/isdn/gigaset/usb-gigaset.c |
1220 |
-index 5e3300d..dc7d752 100644 |
1221 |
+index 5e3300d..b187acf 100644 |
1222 |
--- a/drivers/isdn/gigaset/usb-gigaset.c |
1223 |
+++ b/drivers/isdn/gigaset/usb-gigaset.c |
1224 |
@@ -546,7 +546,7 @@ static int gigaset_brkchars(struct cardstate *cs, const unsigned char buf[6]) |
1225 |
@@ -40122,6 +40662,45 @@ index 5e3300d..dc7d752 100644 |
1226 |
} |
1227 |
|
1228 |
static int gigaset_freebcshw(struct bc_state *bcs) |
1229 |
+@@ -869,22 +869,22 @@ static int gigaset_pre_reset(struct usb_interface *intf) |
1230 |
+ } |
1231 |
+ |
1232 |
+ static const struct gigaset_ops ops = { |
1233 |
+- gigaset_write_cmd, |
1234 |
+- gigaset_write_room, |
1235 |
+- gigaset_chars_in_buffer, |
1236 |
+- gigaset_brkchars, |
1237 |
+- gigaset_init_bchannel, |
1238 |
+- gigaset_close_bchannel, |
1239 |
+- gigaset_initbcshw, |
1240 |
+- gigaset_freebcshw, |
1241 |
+- gigaset_reinitbcshw, |
1242 |
+- gigaset_initcshw, |
1243 |
+- gigaset_freecshw, |
1244 |
+- gigaset_set_modem_ctrl, |
1245 |
+- gigaset_baud_rate, |
1246 |
+- gigaset_set_line_ctrl, |
1247 |
+- gigaset_m10x_send_skb, |
1248 |
+- gigaset_m10x_input, |
1249 |
++ .write_cmd = gigaset_write_cmd, |
1250 |
++ .write_room = gigaset_write_room, |
1251 |
++ .chars_in_buffer = gigaset_chars_in_buffer, |
1252 |
++ .brkchars = gigaset_brkchars, |
1253 |
++ .init_bchannel = gigaset_init_bchannel, |
1254 |
++ .close_bchannel = gigaset_close_bchannel, |
1255 |
++ .initbcshw = gigaset_initbcshw, |
1256 |
++ .freebcshw = gigaset_freebcshw, |
1257 |
++ .reinitbcshw = gigaset_reinitbcshw, |
1258 |
++ .initcshw = gigaset_initcshw, |
1259 |
++ .freecshw = gigaset_freecshw, |
1260 |
++ .set_modem_ctrl = gigaset_set_modem_ctrl, |
1261 |
++ .baud_rate = gigaset_baud_rate, |
1262 |
++ .set_line_ctrl = gigaset_set_line_ctrl, |
1263 |
++ .send_skb = gigaset_m10x_send_skb, |
1264 |
++ .handle_input = gigaset_m10x_input, |
1265 |
+ }; |
1266 |
+ |
1267 |
+ /* |
1268 |
diff --git a/drivers/isdn/hardware/avm/b1.c b/drivers/isdn/hardware/avm/b1.c |
1269 |
index 2a57da59..e7a12ed 100644 |
1270 |
--- a/drivers/isdn/hardware/avm/b1.c |
1271 |
@@ -40157,6 +40736,23 @@ index 6ddb795e..bd2e875 100644 |
1272 |
if (arg) { |
1273 |
if (copy_to_user(argp, &dev, sizeof(ulong))) |
1274 |
return -EFAULT; |
1275 |
+diff --git a/drivers/isdn/i4l/isdn_concap.c b/drivers/isdn/i4l/isdn_concap.c |
1276 |
+index d568689..a53b90a 100644 |
1277 |
+--- a/drivers/isdn/i4l/isdn_concap.c |
1278 |
++++ b/drivers/isdn/i4l/isdn_concap.c |
1279 |
+@@ -80,9 +80,9 @@ static int isdn_concap_dl_disconn_req(struct concap_proto *concap) |
1280 |
+ } |
1281 |
+ |
1282 |
+ struct concap_device_ops isdn_concap_reliable_dl_dops = { |
1283 |
+- &isdn_concap_dl_data_req, |
1284 |
+- &isdn_concap_dl_connect_req, |
1285 |
+- &isdn_concap_dl_disconn_req |
1286 |
++ .data_req = &isdn_concap_dl_data_req, |
1287 |
++ .connect_req = &isdn_concap_dl_connect_req, |
1288 |
++ .disconn_req = &isdn_concap_dl_disconn_req |
1289 |
+ }; |
1290 |
+ |
1291 |
+ /* The following should better go into a dedicated source file such that |
1292 |
diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c |
1293 |
index 2339d73..802ab87a 100644 |
1294 |
--- a/drivers/isdn/i4l/isdn_net.c |
1295 |
@@ -40170,6 +40766,33 @@ index 2339d73..802ab87a 100644 |
1296 |
|
1297 |
switch (lp->p_encap) { |
1298 |
case ISDN_NET_ENCAP_ETHER: |
1299 |
+diff --git a/drivers/isdn/i4l/isdn_x25iface.c b/drivers/isdn/i4l/isdn_x25iface.c |
1300 |
+index fd10d7c..1eaf1f4 100644 |
1301 |
+--- a/drivers/isdn/i4l/isdn_x25iface.c |
1302 |
++++ b/drivers/isdn/i4l/isdn_x25iface.c |
1303 |
+@@ -53,14 +53,14 @@ static int isdn_x25iface_disconn_ind( struct concap_proto * ); |
1304 |
+ |
1305 |
+ |
1306 |
+ static struct concap_proto_ops ix25_pops = { |
1307 |
+- &isdn_x25iface_proto_new, |
1308 |
+- &isdn_x25iface_proto_del, |
1309 |
+- &isdn_x25iface_proto_restart, |
1310 |
+- &isdn_x25iface_proto_close, |
1311 |
+- &isdn_x25iface_xmit, |
1312 |
+- &isdn_x25iface_receive, |
1313 |
+- &isdn_x25iface_connect_ind, |
1314 |
+- &isdn_x25iface_disconn_ind |
1315 |
++ .proto_new = &isdn_x25iface_proto_new, |
1316 |
++ .proto_del = &isdn_x25iface_proto_del, |
1317 |
++ .restart = &isdn_x25iface_proto_restart, |
1318 |
++ .close = &isdn_x25iface_proto_close, |
1319 |
++ .encap_and_xmit = &isdn_x25iface_xmit, |
1320 |
++ .data_ind = &isdn_x25iface_receive, |
1321 |
++ .connect_ind = &isdn_x25iface_connect_ind, |
1322 |
++ .disconn_ind = &isdn_x25iface_disconn_ind |
1323 |
+ }; |
1324 |
+ |
1325 |
+ /* error message helper function */ |
1326 |
diff --git a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c |
1327 |
index 1f355bb..43f1fea 100644 |
1328 |
--- a/drivers/isdn/icn/icn.c |
1329 |
@@ -42120,6 +42743,30 @@ index 851b2f2..a4ec097 100644 |
1330 |
|
1331 |
extern struct xpc_interface xpc_interface; |
1332 |
|
1333 |
+diff --git a/drivers/misc/sgi-xp/xp_main.c b/drivers/misc/sgi-xp/xp_main.c |
1334 |
+index 01be66d..e3a0c7e 100644 |
1335 |
+--- a/drivers/misc/sgi-xp/xp_main.c |
1336 |
++++ b/drivers/misc/sgi-xp/xp_main.c |
1337 |
+@@ -78,13 +78,13 @@ xpc_notloaded(void) |
1338 |
+ } |
1339 |
+ |
1340 |
+ struct xpc_interface xpc_interface = { |
1341 |
+- (void (*)(int))xpc_notloaded, |
1342 |
+- (void (*)(int))xpc_notloaded, |
1343 |
+- (enum xp_retval(*)(short, int, u32, void *, u16))xpc_notloaded, |
1344 |
+- (enum xp_retval(*)(short, int, u32, void *, u16, xpc_notify_func, |
1345 |
++ .connect = (void (*)(int))xpc_notloaded, |
1346 |
++ .disconnect = (void (*)(int))xpc_notloaded, |
1347 |
++ .send = (enum xp_retval(*)(short, int, u32, void *, u16))xpc_notloaded, |
1348 |
++ .send_notify = (enum xp_retval(*)(short, int, u32, void *, u16, xpc_notify_func, |
1349 |
+ void *))xpc_notloaded, |
1350 |
+- (void (*)(short, int, void *))xpc_notloaded, |
1351 |
+- (enum xp_retval(*)(short, void *))xpc_notloaded |
1352 |
++ .received = (void (*)(short, int, void *))xpc_notloaded, |
1353 |
++ .partid_to_nasids = (enum xp_retval(*)(short, void *))xpc_notloaded |
1354 |
+ }; |
1355 |
+ EXPORT_SYMBOL_GPL(xpc_interface); |
1356 |
+ |
1357 |
diff --git a/drivers/misc/sgi-xp/xpc.h b/drivers/misc/sgi-xp/xpc.h |
1358 |
index b94d5f7..7f494c5 100644 |
1359 |
--- a/drivers/misc/sgi-xp/xpc.h |
1360 |
@@ -42432,6 +43079,25 @@ index da90ba5..dcba1fd 100644 |
1361 |
#define CHIPREV_ID_5750_C2 0x4202 |
1362 |
#define CHIPREV_ID_5752_A0_HW 0x5000 |
1363 |
#define CHIPREV_ID_5752_A0 0x6000 |
1364 |
+diff --git a/drivers/net/ethernet/brocade/bna/bna_enet.c b/drivers/net/ethernet/brocade/bna/bna_enet.c |
1365 |
+index 26f5c5a..9482b63 100644 |
1366 |
+--- a/drivers/net/ethernet/brocade/bna/bna_enet.c |
1367 |
++++ b/drivers/net/ethernet/brocade/bna/bna_enet.c |
1368 |
+@@ -1688,10 +1688,10 @@ bna_cb_ioceth_reset(void *arg) |
1369 |
+ } |
1370 |
+ |
1371 |
+ static struct bfa_ioc_cbfn bna_ioceth_cbfn = { |
1372 |
+- bna_cb_ioceth_enable, |
1373 |
+- bna_cb_ioceth_disable, |
1374 |
+- bna_cb_ioceth_hbfail, |
1375 |
+- bna_cb_ioceth_reset |
1376 |
++ .enable_cbfn = bna_cb_ioceth_enable, |
1377 |
++ .disable_cbfn = bna_cb_ioceth_disable, |
1378 |
++ .hbfail_cbfn = bna_cb_ioceth_hbfail, |
1379 |
++ .reset_cbfn = bna_cb_ioceth_reset |
1380 |
+ }; |
1381 |
+ |
1382 |
+ static void bna_attr_init(struct bna_ioceth *ioceth) |
1383 |
diff --git a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c |
1384 |
index 4d15c8f..1bc7689 100644 |
1385 |
--- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c |
1386 |
@@ -43425,6 +44091,174 @@ index e662cbc..8d4a102 100644 |
1387 |
return -EINVAL; |
1388 |
} |
1389 |
|
1390 |
+diff --git a/drivers/net/wan/lmc/lmc_media.c b/drivers/net/wan/lmc/lmc_media.c |
1391 |
+index 5920c99..ff2e4a5 100644 |
1392 |
+--- a/drivers/net/wan/lmc/lmc_media.c |
1393 |
++++ b/drivers/net/wan/lmc/lmc_media.c |
1394 |
+@@ -95,62 +95,63 @@ static inline void write_av9110_bit (lmc_softc_t *, int); |
1395 |
+ static void write_av9110(lmc_softc_t *, u32, u32, u32, u32, u32); |
1396 |
+ |
1397 |
+ lmc_media_t lmc_ds3_media = { |
1398 |
+- lmc_ds3_init, /* special media init stuff */ |
1399 |
+- lmc_ds3_default, /* reset to default state */ |
1400 |
+- lmc_ds3_set_status, /* reset status to state provided */ |
1401 |
+- lmc_dummy_set_1, /* set clock source */ |
1402 |
+- lmc_dummy_set2_1, /* set line speed */ |
1403 |
+- lmc_ds3_set_100ft, /* set cable length */ |
1404 |
+- lmc_ds3_set_scram, /* set scrambler */ |
1405 |
+- lmc_ds3_get_link_status, /* get link status */ |
1406 |
+- lmc_dummy_set_1, /* set link status */ |
1407 |
+- lmc_ds3_set_crc_length, /* set CRC length */ |
1408 |
+- lmc_dummy_set_1, /* set T1 or E1 circuit type */ |
1409 |
+- lmc_ds3_watchdog |
1410 |
++ .init = lmc_ds3_init, /* special media init stuff */ |
1411 |
++ .defaults = lmc_ds3_default, /* reset to default state */ |
1412 |
++ .set_status = lmc_ds3_set_status, /* reset status to state provided */ |
1413 |
++ .set_clock_source = lmc_dummy_set_1, /* set clock source */ |
1414 |
++ .set_speed = lmc_dummy_set2_1, /* set line speed */ |
1415 |
++ .set_cable_length = lmc_ds3_set_100ft, /* set cable length */ |
1416 |
++ .set_scrambler = lmc_ds3_set_scram, /* set scrambler */ |
1417 |
++ .get_link_status = lmc_ds3_get_link_status, /* get link status */ |
1418 |
++ .set_link_status = lmc_dummy_set_1, /* set link status */ |
1419 |
++ .set_crc_length = lmc_ds3_set_crc_length, /* set CRC length */ |
1420 |
++ .set_circuit_type = lmc_dummy_set_1, /* set T1 or E1 circuit type */ |
1421 |
++ .watchdog = lmc_ds3_watchdog |
1422 |
+ }; |
1423 |
+ |
1424 |
+ lmc_media_t lmc_hssi_media = { |
1425 |
+- lmc_hssi_init, /* special media init stuff */ |
1426 |
+- lmc_hssi_default, /* reset to default state */ |
1427 |
+- lmc_hssi_set_status, /* reset status to state provided */ |
1428 |
+- lmc_hssi_set_clock, /* set clock source */ |
1429 |
+- lmc_dummy_set2_1, /* set line speed */ |
1430 |
+- lmc_dummy_set_1, /* set cable length */ |
1431 |
+- lmc_dummy_set_1, /* set scrambler */ |
1432 |
+- lmc_hssi_get_link_status, /* get link status */ |
1433 |
+- lmc_hssi_set_link_status, /* set link status */ |
1434 |
+- lmc_hssi_set_crc_length, /* set CRC length */ |
1435 |
+- lmc_dummy_set_1, /* set T1 or E1 circuit type */ |
1436 |
+- lmc_hssi_watchdog |
1437 |
++ .init = lmc_hssi_init, /* special media init stuff */ |
1438 |
++ .defaults = lmc_hssi_default, /* reset to default state */ |
1439 |
++ .set_status = lmc_hssi_set_status, /* reset status to state provided */ |
1440 |
++ .set_clock_source = lmc_hssi_set_clock, /* set clock source */ |
1441 |
++ .set_speed = lmc_dummy_set2_1, /* set line speed */ |
1442 |
++ .set_cable_length = lmc_dummy_set_1, /* set cable length */ |
1443 |
++ .set_scrambler = lmc_dummy_set_1, /* set scrambler */ |
1444 |
++ .get_link_status = lmc_hssi_get_link_status, /* get link status */ |
1445 |
++ .set_link_status = lmc_hssi_set_link_status, /* set link status */ |
1446 |
++ .set_crc_length = lmc_hssi_set_crc_length, /* set CRC length */ |
1447 |
++ .set_circuit_type = lmc_dummy_set_1, /* set T1 or E1 circuit type */ |
1448 |
++ .watchdog = lmc_hssi_watchdog |
1449 |
+ }; |
1450 |
+ |
1451 |
+-lmc_media_t lmc_ssi_media = { lmc_ssi_init, /* special media init stuff */ |
1452 |
+- lmc_ssi_default, /* reset to default state */ |
1453 |
+- lmc_ssi_set_status, /* reset status to state provided */ |
1454 |
+- lmc_ssi_set_clock, /* set clock source */ |
1455 |
+- lmc_ssi_set_speed, /* set line speed */ |
1456 |
+- lmc_dummy_set_1, /* set cable length */ |
1457 |
+- lmc_dummy_set_1, /* set scrambler */ |
1458 |
+- lmc_ssi_get_link_status, /* get link status */ |
1459 |
+- lmc_ssi_set_link_status, /* set link status */ |
1460 |
+- lmc_ssi_set_crc_length, /* set CRC length */ |
1461 |
+- lmc_dummy_set_1, /* set T1 or E1 circuit type */ |
1462 |
+- lmc_ssi_watchdog |
1463 |
++lmc_media_t lmc_ssi_media = { |
1464 |
++ .init = lmc_ssi_init, /* special media init stuff */ |
1465 |
++ .defaults = lmc_ssi_default, /* reset to default state */ |
1466 |
++ .set_status = lmc_ssi_set_status, /* reset status to state provided */ |
1467 |
++ .set_clock_source = lmc_ssi_set_clock, /* set clock source */ |
1468 |
++ .set_speed = lmc_ssi_set_speed, /* set line speed */ |
1469 |
++ .set_cable_length = lmc_dummy_set_1, /* set cable length */ |
1470 |
++ .set_scrambler = lmc_dummy_set_1, /* set scrambler */ |
1471 |
++ .get_link_status = lmc_ssi_get_link_status, /* get link status */ |
1472 |
++ .set_link_status = lmc_ssi_set_link_status, /* set link status */ |
1473 |
++ .set_crc_length = lmc_ssi_set_crc_length, /* set CRC length */ |
1474 |
++ .set_circuit_type = lmc_dummy_set_1, /* set T1 or E1 circuit type */ |
1475 |
++ .watchdog = lmc_ssi_watchdog |
1476 |
+ }; |
1477 |
+ |
1478 |
+ lmc_media_t lmc_t1_media = { |
1479 |
+- lmc_t1_init, /* special media init stuff */ |
1480 |
+- lmc_t1_default, /* reset to default state */ |
1481 |
+- lmc_t1_set_status, /* reset status to state provided */ |
1482 |
+- lmc_t1_set_clock, /* set clock source */ |
1483 |
+- lmc_dummy_set2_1, /* set line speed */ |
1484 |
+- lmc_dummy_set_1, /* set cable length */ |
1485 |
+- lmc_dummy_set_1, /* set scrambler */ |
1486 |
+- lmc_t1_get_link_status, /* get link status */ |
1487 |
+- lmc_dummy_set_1, /* set link status */ |
1488 |
+- lmc_t1_set_crc_length, /* set CRC length */ |
1489 |
+- lmc_t1_set_circuit_type, /* set T1 or E1 circuit type */ |
1490 |
+- lmc_t1_watchdog |
1491 |
++ .init = lmc_t1_init, /* special media init stuff */ |
1492 |
++ .defaults = lmc_t1_default, /* reset to default state */ |
1493 |
++ .set_status = lmc_t1_set_status, /* reset status to state provided */ |
1494 |
++ .set_clock_source = lmc_t1_set_clock, /* set clock source */ |
1495 |
++ .set_speed = lmc_dummy_set2_1, /* set line speed */ |
1496 |
++ .set_cable_length = lmc_dummy_set_1, /* set cable length */ |
1497 |
++ .set_scrambler = lmc_dummy_set_1, /* set scrambler */ |
1498 |
++ .get_link_status = lmc_t1_get_link_status, /* get link status */ |
1499 |
++ .set_link_status = lmc_dummy_set_1, /* set link status */ |
1500 |
++ .set_crc_length = lmc_t1_set_crc_length, /* set CRC length */ |
1501 |
++ .set_circuit_type = lmc_t1_set_circuit_type, /* set T1 or E1 circuit type */ |
1502 |
++ .watchdog = lmc_t1_watchdog |
1503 |
+ }; |
1504 |
+ |
1505 |
+ static void |
1506 |
+diff --git a/drivers/net/wan/z85230.c b/drivers/net/wan/z85230.c |
1507 |
+index 0e57690..ad698bb 100644 |
1508 |
+--- a/drivers/net/wan/z85230.c |
1509 |
++++ b/drivers/net/wan/z85230.c |
1510 |
+@@ -485,9 +485,9 @@ static void z8530_status(struct z8530_channel *chan) |
1511 |
+ |
1512 |
+ struct z8530_irqhandler z8530_sync = |
1513 |
+ { |
1514 |
+- z8530_rx, |
1515 |
+- z8530_tx, |
1516 |
+- z8530_status |
1517 |
++ .rx = z8530_rx, |
1518 |
++ .tx = z8530_tx, |
1519 |
++ .status = z8530_status |
1520 |
+ }; |
1521 |
+ |
1522 |
+ EXPORT_SYMBOL(z8530_sync); |
1523 |
+@@ -605,15 +605,15 @@ static void z8530_dma_status(struct z8530_channel *chan) |
1524 |
+ } |
1525 |
+ |
1526 |
+ static struct z8530_irqhandler z8530_dma_sync = { |
1527 |
+- z8530_dma_rx, |
1528 |
+- z8530_dma_tx, |
1529 |
+- z8530_dma_status |
1530 |
++ .rx = z8530_dma_rx, |
1531 |
++ .tx = z8530_dma_tx, |
1532 |
++ .status = z8530_dma_status |
1533 |
+ }; |
1534 |
+ |
1535 |
+ static struct z8530_irqhandler z8530_txdma_sync = { |
1536 |
+- z8530_rx, |
1537 |
+- z8530_dma_tx, |
1538 |
+- z8530_dma_status |
1539 |
++ .rx = z8530_rx, |
1540 |
++ .tx = z8530_dma_tx, |
1541 |
++ .status = z8530_dma_status |
1542 |
+ }; |
1543 |
+ |
1544 |
+ /** |
1545 |
+@@ -680,9 +680,9 @@ static void z8530_status_clear(struct z8530_channel *chan) |
1546 |
+ |
1547 |
+ struct z8530_irqhandler z8530_nop= |
1548 |
+ { |
1549 |
+- z8530_rx_clear, |
1550 |
+- z8530_tx_clear, |
1551 |
+- z8530_status_clear |
1552 |
++ .rx = z8530_rx_clear, |
1553 |
++ .tx = z8530_tx_clear, |
1554 |
++ .status = z8530_status_clear |
1555 |
+ }; |
1556 |
+ |
1557 |
+ |
1558 |
diff --git a/drivers/net/wireless/airo.c b/drivers/net/wireless/airo.c |
1559 |
index ac1176a..79e93d4 100644 |
1560 |
--- a/drivers/net/wireless/airo.c |
1561 |
@@ -45033,6 +45867,69 @@ index 1080bcb..4a8ddd9 100644 |
1562 |
|
1563 |
void bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport, |
1564 |
void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m)); |
1565 |
+diff --git a/drivers/scsi/bfa/bfa_fcs.c b/drivers/scsi/bfa/bfa_fcs.c |
1566 |
+index eaac57e..4b3fc1c 100644 |
1567 |
+--- a/drivers/scsi/bfa/bfa_fcs.c |
1568 |
++++ b/drivers/scsi/bfa/bfa_fcs.c |
1569 |
+@@ -38,10 +38,21 @@ struct bfa_fcs_mod_s { |
1570 |
+ #define BFA_FCS_MODULE(_mod) { _mod ## _modinit, _mod ## _modexit } |
1571 |
+ |
1572 |
+ static struct bfa_fcs_mod_s fcs_modules[] = { |
1573 |
+- { bfa_fcs_port_attach, NULL, NULL }, |
1574 |
+- { bfa_fcs_uf_attach, NULL, NULL }, |
1575 |
+- { bfa_fcs_fabric_attach, bfa_fcs_fabric_modinit, |
1576 |
+- bfa_fcs_fabric_modexit }, |
1577 |
++ { |
1578 |
++ .attach = bfa_fcs_port_attach, |
1579 |
++ .modinit = NULL, |
1580 |
++ .modexit = NULL |
1581 |
++ }, |
1582 |
++ { |
1583 |
++ .attach = bfa_fcs_uf_attach, |
1584 |
++ .modinit = NULL, |
1585 |
++ .modexit = NULL |
1586 |
++ }, |
1587 |
++ { |
1588 |
++ .attach = bfa_fcs_fabric_attach, |
1589 |
++ .modinit = bfa_fcs_fabric_modinit, |
1590 |
++ .modexit = bfa_fcs_fabric_modexit |
1591 |
++ }, |
1592 |
+ }; |
1593 |
+ |
1594 |
+ /* |
1595 |
+diff --git a/drivers/scsi/bfa/bfa_fcs_lport.c b/drivers/scsi/bfa/bfa_fcs_lport.c |
1596 |
+index d4f951f..6081753 100644 |
1597 |
+--- a/drivers/scsi/bfa/bfa_fcs_lport.c |
1598 |
++++ b/drivers/scsi/bfa/bfa_fcs_lport.c |
1599 |
+@@ -57,13 +57,21 @@ static struct { |
1600 |
+ void (*offline) (struct bfa_fcs_lport_s *port); |
1601 |
+ } __port_action[] = { |
1602 |
+ { |
1603 |
+- bfa_fcs_lport_unknown_init, bfa_fcs_lport_unknown_online, |
1604 |
+- bfa_fcs_lport_unknown_offline}, { |
1605 |
+- bfa_fcs_lport_fab_init, bfa_fcs_lport_fab_online, |
1606 |
+- bfa_fcs_lport_fab_offline}, { |
1607 |
+- bfa_fcs_lport_n2n_init, bfa_fcs_lport_n2n_online, |
1608 |
+- bfa_fcs_lport_n2n_offline}, |
1609 |
+- }; |
1610 |
++ .init = bfa_fcs_lport_unknown_init, |
1611 |
++ .online = bfa_fcs_lport_unknown_online, |
1612 |
++ .offline = bfa_fcs_lport_unknown_offline |
1613 |
++ }, |
1614 |
++ { |
1615 |
++ .init = bfa_fcs_lport_fab_init, |
1616 |
++ .online = bfa_fcs_lport_fab_online, |
1617 |
++ .offline = bfa_fcs_lport_fab_offline |
1618 |
++ }, |
1619 |
++ { |
1620 |
++ .init = bfa_fcs_lport_n2n_init, |
1621 |
++ .online = bfa_fcs_lport_n2n_online, |
1622 |
++ .offline = bfa_fcs_lport_n2n_offline |
1623 |
++ }, |
1624 |
++}; |
1625 |
+ |
1626 |
+ /* |
1627 |
+ * fcs_port_sm FCS logical port state machine |
1628 |
diff --git a/drivers/scsi/bfa/bfa_ioc.h b/drivers/scsi/bfa/bfa_ioc.h |
1629 |
index 546d46b..642fa5b 100644 |
1630 |
--- a/drivers/scsi/bfa/bfa_ioc.h |
1631 |
@@ -45055,6 +45952,29 @@ index 546d46b..642fa5b 100644 |
1632 |
|
1633 |
/* |
1634 |
* Queue element to wait for room in request queue. FIFO order is |
1635 |
+diff --git a/drivers/scsi/bfa/bfa_modules.h b/drivers/scsi/bfa/bfa_modules.h |
1636 |
+index 2d36e48..5818d72 100644 |
1637 |
+--- a/drivers/scsi/bfa/bfa_modules.h |
1638 |
++++ b/drivers/scsi/bfa/bfa_modules.h |
1639 |
+@@ -77,12 +77,12 @@ enum { |
1640 |
+ \ |
1641 |
+ extern struct bfa_module_s hal_mod_ ## __mod; \ |
1642 |
+ struct bfa_module_s hal_mod_ ## __mod = { \ |
1643 |
+- bfa_ ## __mod ## _meminfo, \ |
1644 |
+- bfa_ ## __mod ## _attach, \ |
1645 |
+- bfa_ ## __mod ## _detach, \ |
1646 |
+- bfa_ ## __mod ## _start, \ |
1647 |
+- bfa_ ## __mod ## _stop, \ |
1648 |
+- bfa_ ## __mod ## _iocdisable, \ |
1649 |
++ .meminfo = bfa_ ## __mod ## _meminfo, \ |
1650 |
++ .attach = bfa_ ## __mod ## _attach, \ |
1651 |
++ .detach = bfa_ ## __mod ## _detach, \ |
1652 |
++ .start = bfa_ ## __mod ## _start, \ |
1653 |
++ .stop = bfa_ ## __mod ## _stop, \ |
1654 |
++ .iocdisable = bfa_ ## __mod ## _iocdisable, \ |
1655 |
+ } |
1656 |
+ |
1657 |
+ #define BFA_CACHELINE_SZ (256) |
1658 |
diff --git a/drivers/scsi/bfa/bfad_debugfs.c b/drivers/scsi/bfa/bfad_debugfs.c |
1659 |
index dee1a09..24adab6 100644 |
1660 |
--- a/drivers/scsi/bfa/bfad_debugfs.c |
1661 |
@@ -45240,7 +46160,7 @@ index 5b7e1bf..6e5521a 100644 |
1662 |
} |
1663 |
|
1664 |
diff --git a/drivers/scsi/hpsa.h b/drivers/scsi/hpsa.h |
1665 |
-index c721509..8be5717 100644 |
1666 |
+index c721509..3a9df95 100644 |
1667 |
--- a/drivers/scsi/hpsa.h |
1668 |
+++ b/drivers/scsi/hpsa.h |
1669 |
@@ -73,7 +73,7 @@ struct ctlr_info { |
1670 |
@@ -45252,6 +46172,36 @@ index c721509..8be5717 100644 |
1671 |
|
1672 |
/* queue and queue Info */ |
1673 |
struct list_head reqQ; |
1674 |
+@@ -351,19 +351,19 @@ static bool SA5_performant_intr_pending(struct ctlr_info *h) |
1675 |
+ } |
1676 |
+ |
1677 |
+ static struct access_method SA5_access = { |
1678 |
+- SA5_submit_command, |
1679 |
+- SA5_intr_mask, |
1680 |
+- SA5_fifo_full, |
1681 |
+- SA5_intr_pending, |
1682 |
+- SA5_completed, |
1683 |
++ .submit_command = SA5_submit_command, |
1684 |
++ .set_intr_mask = SA5_intr_mask, |
1685 |
++ .fifo_full = SA5_fifo_full, |
1686 |
++ .intr_pending = SA5_intr_pending, |
1687 |
++ .command_completed = SA5_completed, |
1688 |
+ }; |
1689 |
+ |
1690 |
+ static struct access_method SA5_performant_access = { |
1691 |
+- SA5_submit_command, |
1692 |
+- SA5_performant_intr_mask, |
1693 |
+- SA5_fifo_full, |
1694 |
+- SA5_performant_intr_pending, |
1695 |
+- SA5_performant_completed, |
1696 |
++ .submit_command = SA5_submit_command, |
1697 |
++ .set_intr_mask = SA5_performant_intr_mask, |
1698 |
++ .fifo_full = SA5_fifo_full, |
1699 |
++ .intr_pending = SA5_performant_intr_pending, |
1700 |
++ .command_completed = SA5_performant_completed, |
1701 |
+ }; |
1702 |
+ |
1703 |
+ struct board_type { |
1704 |
diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c |
1705 |
index 9de9db2..1e09660 100644 |
1706 |
--- a/drivers/scsi/libfc/fc_exch.c |
1707 |
@@ -46126,6 +47076,19 @@ index 66a34ad..65f6aea 100644 |
1708 |
|
1709 |
/* A userspace program has probably made an error if it tries to |
1710 |
* read something that is not a whole number of bpds. |
1711 |
+diff --git a/drivers/staging/media/solo6x10/g723.c b/drivers/staging/media/solo6x10/g723.c |
1712 |
+index 2cd0de2..0169c04 100644 |
1713 |
+--- a/drivers/staging/media/solo6x10/g723.c |
1714 |
++++ b/drivers/staging/media/solo6x10/g723.c |
1715 |
+@@ -336,7 +336,7 @@ static int solo_snd_pcm_init(struct solo_dev *solo_dev) |
1716 |
+ |
1717 |
+ int solo_g723_init(struct solo_dev *solo_dev) |
1718 |
+ { |
1719 |
+- static struct snd_device_ops ops = { NULL }; |
1720 |
++ static struct snd_device_ops ops = { }; |
1721 |
+ struct snd_card *card; |
1722 |
+ struct snd_kcontrol_new kctl; |
1723 |
+ char name[32]; |
1724 |
diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c |
1725 |
index 8b307b4..a97ac91 100644 |
1726 |
--- a/drivers/staging/octeon/ethernet-rx.c |
1727 |
@@ -50861,6 +51824,49 @@ index 3c14e43..eafa544 100644 |
1728 |
+4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 |
1729 |
+4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 |
1730 |
+4 4 4 4 4 4 |
1731 |
+diff --git a/drivers/video/matrox/matroxfb_DAC1064.c b/drivers/video/matrox/matroxfb_DAC1064.c |
1732 |
+index 1717623..25907782 100644 |
1733 |
+--- a/drivers/video/matrox/matroxfb_DAC1064.c |
1734 |
++++ b/drivers/video/matrox/matroxfb_DAC1064.c |
1735 |
+@@ -1088,14 +1088,20 @@ static void MGAG100_restore(struct matrox_fb_info *minfo) |
1736 |
+ |
1737 |
+ #ifdef CONFIG_FB_MATROX_MYSTIQUE |
1738 |
+ struct matrox_switch matrox_mystique = { |
1739 |
+- MGA1064_preinit, MGA1064_reset, MGA1064_init, MGA1064_restore, |
1740 |
++ .preinit = MGA1064_preinit, |
1741 |
++ .reset = MGA1064_reset, |
1742 |
++ .init = MGA1064_init, |
1743 |
++ .restore = MGA1064_restore, |
1744 |
+ }; |
1745 |
+ EXPORT_SYMBOL(matrox_mystique); |
1746 |
+ #endif |
1747 |
+ |
1748 |
+ #ifdef CONFIG_FB_MATROX_G |
1749 |
+ struct matrox_switch matrox_G100 = { |
1750 |
+- MGAG100_preinit, MGAG100_reset, MGAG100_init, MGAG100_restore, |
1751 |
++ .preinit = MGAG100_preinit, |
1752 |
++ .reset = MGAG100_reset, |
1753 |
++ .init = MGAG100_init, |
1754 |
++ .restore = MGAG100_restore, |
1755 |
+ }; |
1756 |
+ EXPORT_SYMBOL(matrox_G100); |
1757 |
+ #endif |
1758 |
+diff --git a/drivers/video/matrox/matroxfb_Ti3026.c b/drivers/video/matrox/matroxfb_Ti3026.c |
1759 |
+index 9a44cec..07e3b43 100644 |
1760 |
+--- a/drivers/video/matrox/matroxfb_Ti3026.c |
1761 |
++++ b/drivers/video/matrox/matroxfb_Ti3026.c |
1762 |
+@@ -738,7 +738,10 @@ static int Ti3026_preinit(struct matrox_fb_info *minfo) |
1763 |
+ } |
1764 |
+ |
1765 |
+ struct matrox_switch matrox_millennium = { |
1766 |
+- Ti3026_preinit, Ti3026_reset, Ti3026_init, Ti3026_restore |
1767 |
++ .preinit = Ti3026_preinit, |
1768 |
++ .reset = Ti3026_reset, |
1769 |
++ .init = Ti3026_init, |
1770 |
++ .restore = Ti3026_restore |
1771 |
+ }; |
1772 |
+ EXPORT_SYMBOL(matrox_millennium); |
1773 |
+ #endif |
1774 |
diff --git a/drivers/video/mb862xx/mb862xxfb_accel.c b/drivers/video/mb862xx/mb862xxfb_accel.c |
1775 |
index fe92eed..106e085 100644 |
1776 |
--- a/drivers/video/mb862xx/mb862xxfb_accel.c |
1777 |
@@ -60805,6 +61811,40 @@ index fe677c0..2a15fb2 100644 |
1778 |
if (old_format_only(sb)) |
1779 |
/* not a perfect generation count, as object ids can be reused, but |
1780 |
** this is as good as reiserfs can do right now. |
1781 |
+diff --git a/fs/reiserfs/item_ops.c b/fs/reiserfs/item_ops.c |
1782 |
+index 72cb1cc..a7d36d3 100644 |
1783 |
+--- a/fs/reiserfs/item_ops.c |
1784 |
++++ b/fs/reiserfs/item_ops.c |
1785 |
+@@ -725,18 +725,18 @@ static void errcatch_print_vi(struct virtual_item *vi) |
1786 |
+ } |
1787 |
+ |
1788 |
+ static struct item_operations errcatch_ops = { |
1789 |
+- errcatch_bytes_number, |
1790 |
+- errcatch_decrement_key, |
1791 |
+- errcatch_is_left_mergeable, |
1792 |
+- errcatch_print_item, |
1793 |
+- errcatch_check_item, |
1794 |
++ .bytes_number = errcatch_bytes_number, |
1795 |
++ .decrement_key = errcatch_decrement_key, |
1796 |
++ .is_left_mergeable = errcatch_is_left_mergeable, |
1797 |
++ .print_item = errcatch_print_item, |
1798 |
++ .check_item = errcatch_check_item, |
1799 |
+ |
1800 |
+- errcatch_create_vi, |
1801 |
+- errcatch_check_left, |
1802 |
+- errcatch_check_right, |
1803 |
+- errcatch_part_size, |
1804 |
+- errcatch_unit_num, |
1805 |
+- errcatch_print_vi |
1806 |
++ .create_vi = errcatch_create_vi, |
1807 |
++ .check_left = errcatch_check_left, |
1808 |
++ .check_right = errcatch_check_right, |
1809 |
++ .part_size = errcatch_part_size, |
1810 |
++ .unit_num = errcatch_unit_num, |
1811 |
++ .print_vi = errcatch_print_vi |
1812 |
+ }; |
1813 |
+ |
1814 |
+ ////////////////////////////////////////////////////////////////////////////// |
1815 |
diff --git a/fs/reiserfs/procfs.c b/fs/reiserfs/procfs.c |
1816 |
index 7a99811..a7c96c4 100644 |
1817 |
--- a/fs/reiserfs/procfs.c |
1818 |
@@ -61766,10 +62806,10 @@ index 8a89949..6776861 100644 |
1819 |
xfs_init_zones(void) |
1820 |
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig |
1821 |
new file mode 100644 |
1822 |
-index 0000000..c4717f9 |
1823 |
+index 0000000..058b9e2 |
1824 |
--- /dev/null |
1825 |
+++ b/grsecurity/Kconfig |
1826 |
-@@ -0,0 +1,1085 @@ |
1827 |
+@@ -0,0 +1,1133 @@ |
1828 |
+# |
1829 |
+# grecurity configuration |
1830 |
+# |
1831 |
@@ -61783,21 +62823,15 @@ index 0000000..c4717f9 |
1832 |
+ help |
1833 |
+ If you say Y here, /dev/kmem and /dev/mem won't be allowed to |
1834 |
+ be written to or read from to modify or leak the contents of the running |
1835 |
-+ kernel. /dev/port will also not be allowed to be opened and support |
1836 |
-+ for /dev/cpu/*/msr will be removed. If you have module |
1837 |
-+ support disabled, enabling this will close up five ways that are |
1838 |
-+ currently used to insert malicious code into the running kernel. |
1839 |
++ kernel. /dev/port will also not be allowed to be opened, and support |
1840 |
++ for /dev/cpu/*/msr and kexec will be removed. If you have module |
1841 |
++ support disabled, enabling this will close up six ways that are |
1842 |
++ currently used to insert malicious code into the running kernel. |
1843 |
+ |
1844 |
-+ Even with all these features enabled, we still highly recommend that |
1845 |
++ Even with this feature enabled, we still highly recommend that |
1846 |
+ you use the RBAC system, as it is still possible for an attacker to |
1847 |
-+ modify the running kernel through privileged I/O granted by ioperm/iopl. |
1848 |
-+ |
1849 |
-+ If you are not using XFree86, you may be able to stop this additional |
1850 |
-+ case by enabling the 'Disable privileged I/O' option. Though nothing |
1851 |
-+ legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem, |
1852 |
-+ but only to video memory, which is the only writing we allow in this |
1853 |
-+ case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will |
1854 |
-+ not be allowed to mprotect it with PROT_WRITE later. |
1855 |
++ modify the running kernel through other more obscure methods. |
1856 |
++ |
1857 |
+ Enabling this feature will prevent the "cpupower" and "powertop" tools |
1858 |
+ from working. |
1859 |
+ |
1860 |
@@ -61833,15 +62867,16 @@ index 0000000..c4717f9 |
1861 |
+ the most notable of which are XFree86 and hwclock. hwclock can be |
1862 |
+ remedied by having RTC support in the kernel, so real-time |
1863 |
+ clock support is enabled if this option is enabled, to ensure |
1864 |
-+ that hwclock operates correctly. XFree86 still will not |
1865 |
-+ operate correctly with this option enabled, so DO NOT CHOOSE Y |
1866 |
-+ IF YOU USE XFree86. If you use XFree86 and you still want to |
1867 |
-+ protect your kernel against modification, use the RBAC system. |
1868 |
++ that hwclock operates correctly. |
1869 |
++ |
1870 |
++ If you're using XFree86 or a version of Xorg from 2012 or earlier, |
1871 |
++ you may not be able to boot into a graphical environment with this |
1872 |
++ option enabled. In this case, you should use the RBAC system instead. |
1873 |
+ |
1874 |
+config GRKERNSEC_JIT_HARDEN |
1875 |
+ bool "Harden BPF JIT against spray attacks" |
1876 |
+ default y if GRKERNSEC_CONFIG_AUTO |
1877 |
-+ depends on BPF_JIT |
1878 |
++ depends on BPF_JIT && X86 |
1879 |
+ help |
1880 |
+ If you say Y here, the native code generated by the kernel's Berkeley |
1881 |
+ Packet Filter (BPF) JIT engine will be hardened against JIT-spraying |
1882 |
@@ -61935,7 +62970,6 @@ index 0000000..c4717f9 |
1883 |
+ If the sysctl option is enabled, a sysctl option with name |
1884 |
+ "deter_bruteforce" is created. |
1885 |
+ |
1886 |
-+ |
1887 |
+config GRKERNSEC_MODHARDEN |
1888 |
+ bool "Harden module auto-loading" |
1889 |
+ default y if GRKERNSEC_CONFIG_AUTO |
1890 |
@@ -61988,6 +63022,38 @@ index 0000000..c4717f9 |
1891 |
+ It is highly recommended that you enable GRKERNSEC_PERF_HARDEN |
1892 |
+ in addition to this feature. |
1893 |
+ |
1894 |
++config GRKERNSEC_RANDSTRUCT |
1895 |
++ bool "Randomize layout of sensitive kernel structures" |
1896 |
++ default y if GRKERNSEC_CONFIG_AUTO |
1897 |
++ select GRKERNSEC_HIDESYM |
1898 |
++ select MODVERSIONS if MODULES |
1899 |
++ help |
1900 |
++ If you say Y here, the layouts of a number of sensitive kernel |
1901 |
++ structures (task, fs, cred, etc) and all structures composed entirely |
1902 |
++ of function pointers (aka "ops" structs) will be randomized at compile-time. |
1903 |
++ This can introduce the requirement of an additional infoleak |
1904 |
++ vulnerability for exploits targeting these structure types. |
1905 |
++ |
1906 |
++ Enabling this feature will introduce some performance impact, slightly |
1907 |
++ increase memory usage, and prevent the use of forensic tools like |
1908 |
++ Volatility against the system (unless the kernel source tree isn't |
1909 |
++ cleaned after kernel installation). |
1910 |
++ |
1911 |
++ The seed used for compilation is located at tools/gcc/randomize_layout_seed.h. |
1912 |
++ It remains after a make clean to allow for external modules to be compiled |
1913 |
++ with the existing seed and will be removed by a make mrproper or |
1914 |
++ make distclean. |
1915 |
++ |
1916 |
++config GRKERNSEC_RANDSTRUCT_PERFORMANCE |
1917 |
++ bool "Use cacheline-aware structure randomization" |
1918 |
++ depends on GRKERNSEC_RANDSTRUCT |
1919 |
++ default y if GRKERNSEC_CONFIG_PRIORITY_PERF |
1920 |
++ help |
1921 |
++ If you say Y here, the RANDSTRUCT randomization will make a best effort |
1922 |
++ at restricting randomization to cacheline-sized groups of elements. It |
1923 |
++ will further not randomize bitfields in structures. This reduces the |
1924 |
++ performance hit of RANDSTRUCT at the cost of weakened randomization. |
1925 |
++ |
1926 |
+config GRKERNSEC_KERN_LOCKOUT |
1927 |
+ bool "Active kernel exploit response" |
1928 |
+ default y if GRKERNSEC_CONFIG_AUTO |
1929 |
@@ -62555,6 +63621,28 @@ index 0000000..c4717f9 |
1930 |
+ running with root privileges. If the sysctl option is enabled, |
1931 |
+ a sysctl option with name "consistent_setxid" is created. |
1932 |
+ |
1933 |
++config GRKERNSEC_HARDEN_IPC |
1934 |
++ bool "Disallow access to overly-permissive IPC objects" |
1935 |
++ default y if GRKERNSEC_CONFIG_AUTO |
1936 |
++ depends on SYSVIPC |
1937 |
++ help |
1938 |
++ If you say Y here, access to overly-permissive IPC objects (shared |
1939 |
++ memory, message queues, and semaphores) will be denied for processes |
1940 |
++ given the following criteria beyond normal permission checks: |
1941 |
++ 1) If the IPC object is world-accessible and the euid doesn't match |
1942 |
++ that of the creator or current uid for the IPC object |
1943 |
++ 2) If the IPC object is group-accessible and the egid doesn't |
1944 |
++ match that of the creator or current gid for the IPC object |
1945 |
++ It's a common error to grant too much permission to these objects, |
1946 |
++ with impact ranging from denial of service and information leaking to |
1947 |
++ privilege escalation. This feature was developed in response to |
1948 |
++ research by Tim Brown: |
1949 |
++ http://labs.portcullis.co.uk/whitepapers/memory-squatting-attacks-on-system-v-shared-memory/ |
1950 |
++ who found hundreds of such insecure usages. Processes with |
1951 |
++ CAP_IPC_OWNER are still permitted to access these IPC objects. |
1952 |
++ If the sysctl option is enabled, a sysctl option with name |
1953 |
++ "harden_ipc" is created. |
1954 |
++ |
1955 |
+config GRKERNSEC_TPE |
1956 |
+ bool "Trusted Path Execution (TPE)" |
1957 |
+ default y if GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER |
1958 |
@@ -62857,7 +63945,7 @@ index 0000000..c4717f9 |
1959 |
+endmenu |
1960 |
diff --git a/grsecurity/Makefile b/grsecurity/Makefile |
1961 |
new file mode 100644 |
1962 |
-index 0000000..f96524e |
1963 |
+index 0000000..5307c8a |
1964 |
--- /dev/null |
1965 |
+++ b/grsecurity/Makefile |
1966 |
@@ -0,0 +1,54 @@ |
1967 |
@@ -62884,7 +63972,7 @@ index 0000000..f96524e |
1968 |
+obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \ |
1969 |
+ grsec_mount.o grsec_sig.o grsec_sysctl.o \ |
1970 |
+ grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o \ |
1971 |
-+ grsec_usb.o |
1972 |
++ grsec_usb.o grsec_ipc.o |
1973 |
+ |
1974 |
+obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \ |
1975 |
+ gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \ |
1976 |
@@ -62917,10 +64005,10 @@ index 0000000..f96524e |
1977 |
+endif |
1978 |
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c |
1979 |
new file mode 100644 |
1980 |
-index 0000000..180140a |
1981 |
+index 0000000..bd57acb |
1982 |
--- /dev/null |
1983 |
+++ b/grsecurity/gracl.c |
1984 |
-@@ -0,0 +1,2825 @@ |
1985 |
+@@ -0,0 +1,2826 @@ |
1986 |
+#include <linux/kernel.h> |
1987 |
+#include <linux/module.h> |
1988 |
+#include <linux/sched.h> |
1989 |
@@ -65551,8 +66639,8 @@ index 0000000..180140a |
1990 |
+void |
1991 |
+gr_acl_handle_psacct(struct task_struct *task, const long code) |
1992 |
+{ |
1993 |
-+ unsigned long runtime; |
1994 |
-+ unsigned long cputime; |
1995 |
++ unsigned long runtime, cputime; |
1996 |
++ cputime_t utime, stime; |
1997 |
+ unsigned int wday, cday; |
1998 |
+ __u8 whr, chr; |
1999 |
+ __u8 wmin, cmin; |
2000 |
@@ -65565,19 +66653,20 @@ index 0000000..180140a |
2001 |
+ |
2002 |
+ do_posix_clock_monotonic_gettime(&timeval); |
2003 |
+ runtime = timeval.tv_sec - task->start_time.tv_sec; |
2004 |
-+ wday = runtime / (3600 * 24); |
2005 |
-+ runtime -= wday * (3600 * 24); |
2006 |
-+ whr = runtime / 3600; |
2007 |
-+ runtime -= whr * 3600; |
2008 |
++ wday = runtime / (60 * 60 * 24); |
2009 |
++ runtime -= wday * (60 * 60 * 24); |
2010 |
++ whr = runtime / (60 * 60); |
2011 |
++ runtime -= whr * (60 * 60); |
2012 |
+ wmin = runtime / 60; |
2013 |
+ runtime -= wmin * 60; |
2014 |
+ wsec = runtime; |
2015 |
+ |
2016 |
-+ cputime = (task->utime + task->stime) / HZ; |
2017 |
-+ cday = cputime / (3600 * 24); |
2018 |
-+ cputime -= cday * (3600 * 24); |
2019 |
-+ chr = cputime / 3600; |
2020 |
-+ cputime -= chr * 3600; |
2021 |
++ task_times(task, &utime, &stime); |
2022 |
++ cputime = cputime_to_secs(utime + stime); |
2023 |
++ cday = cputime / (60 * 60 * 24); |
2024 |
++ cputime -= cday * (60 * 60 * 24); |
2025 |
++ chr = cputime / (60 * 60); |
2026 |
++ cputime -= chr * (60 * 60); |
2027 |
+ cmin = cputime / 60; |
2028 |
+ cputime -= cmin * 60; |
2029 |
+ csec = cputime; |
2030 |
@@ -70567,10 +71656,10 @@ index 0000000..8ca18bf |
2031 |
+} |
2032 |
diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c |
2033 |
new file mode 100644 |
2034 |
-index 0000000..264a9f3 |
2035 |
+index 0000000..454a98e |
2036 |
--- /dev/null |
2037 |
+++ b/grsecurity/grsec_init.c |
2038 |
-@@ -0,0 +1,268 @@ |
2039 |
+@@ -0,0 +1,272 @@ |
2040 |
+#include <linux/kernel.h> |
2041 |
+#include <linux/sched.h> |
2042 |
+#include <linux/mm.h> |
2043 |
@@ -70588,6 +71677,7 @@ index 0000000..264a9f3 |
2044 |
+int grsec_enable_link; |
2045 |
+int grsec_enable_dmesg; |
2046 |
+int grsec_enable_harden_ptrace; |
2047 |
++int grsec_enable_harden_ipc; |
2048 |
+int grsec_enable_fifo; |
2049 |
+int grsec_enable_execlog; |
2050 |
+int grsec_enable_signal; |
2051 |
@@ -70727,6 +71817,9 @@ index 0000000..264a9f3 |
2052 |
+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE |
2053 |
+ grsec_enable_harden_ptrace = 1; |
2054 |
+#endif |
2055 |
++#ifdef CONFIG_GRKERNSEC_HARDEN_IPC |
2056 |
++ grsec_enable_harden_ipc = 1; |
2057 |
++#endif |
2058 |
+#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT |
2059 |
+ grsec_enable_mount = 1; |
2060 |
+#endif |
2061 |
@@ -70839,6 +71932,60 @@ index 0000000..264a9f3 |
2062 |
+ |
2063 |
+ return; |
2064 |
+} |
2065 |
+diff --git a/grsecurity/grsec_ipc.c b/grsecurity/grsec_ipc.c |
2066 |
+new file mode 100644 |
2067 |
+index 0000000..5377493 |
2068 |
+--- /dev/null |
2069 |
++++ b/grsecurity/grsec_ipc.c |
2070 |
+@@ -0,0 +1,48 @@ |
2071 |
++#include <linux/kernel.h> |
2072 |
++#include <linux/mm.h> |
2073 |
++#include <linux/sched.h> |
2074 |
++#include <linux/file.h> |
2075 |
++#include <linux/ipc.h> |
2076 |
++#include <linux/ipc_namespace.h> |
2077 |
++#include <linux/grsecurity.h> |
2078 |
++#include <linux/grinternal.h> |
2079 |
++ |
2080 |
++int |
2081 |
++gr_ipc_permitted(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, int requested_mode, int granted_mode) |
2082 |
++{ |
2083 |
++#ifdef CONFIG_GRKERNSEC_HARDEN_IPC |
2084 |
++ int write; |
2085 |
++ int orig_granted_mode; |
2086 |
++ uid_t euid; |
2087 |
++ gid_t egid; |
2088 |
++ |
2089 |
++ if (!grsec_enable_harden_ipc) |
2090 |
++ return 0; |
2091 |
++ |
2092 |
++ euid = current_euid(); |
2093 |
++ egid = current_egid(); |
2094 |
++ |
2095 |
++ write = requested_mode & 00002; |
2096 |
++ orig_granted_mode = ipcp->mode; |
2097 |
++ |
2098 |
++ if ((euid == ipcp->cuid) || (euid == ipcp->uid)) |
2099 |
++ orig_granted_mode >>= 6; |
2100 |
++ else { |
2101 |
++ /* if likely wrong permissions, lock to user */ |
2102 |
++ if (orig_granted_mode & 0007) |
2103 |
++ orig_granted_mode = 0; |
2104 |
++ /* otherwise do a egid-only check */ |
2105 |
++ else if ((egid == ipcp->cgid) || (egid == ipcp->gid)) |
2106 |
++ orig_granted_mode >>= 3; |
2107 |
++ /* otherwise, no access */ |
2108 |
++ else |
2109 |
++ orig_granted_mode = 0; |
2110 |
++ } |
2111 |
++ if (!(requested_mode & ~granted_mode & 0007) && (requested_mode & ~orig_granted_mode & 0007) && |
2112 |
++ !ns_capable_nolog(ns->user_ns, CAP_IPC_OWNER)) { |
2113 |
++ gr_log_str_int(GR_DONT_AUDIT, GR_IPC_DENIED_MSG, write ? "write" : "read", ipcp->cuid); |
2114 |
++ return 0; |
2115 |
++ } |
2116 |
++#endif |
2117 |
++ return 1; |
2118 |
++} |
2119 |
diff --git a/grsecurity/grsec_link.c b/grsecurity/grsec_link.c |
2120 |
new file mode 100644 |
2121 |
index 0000000..8598e7f |
2122 |
@@ -71953,10 +73100,10 @@ index 0000000..4030d57 |
2123 |
+} |
2124 |
diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c |
2125 |
new file mode 100644 |
2126 |
-index 0000000..6314062 |
2127 |
+index 0000000..0d4723d |
2128 |
--- /dev/null |
2129 |
+++ b/grsecurity/grsec_sysctl.c |
2130 |
-@@ -0,0 +1,468 @@ |
2131 |
+@@ -0,0 +1,477 @@ |
2132 |
+#include <linux/kernel.h> |
2133 |
+#include <linux/sched.h> |
2134 |
+#include <linux/sysctl.h> |
2135 |
@@ -72394,6 +73541,15 @@ index 0000000..6314062 |
2136 |
+ .proc_handler = &proc_dointvec, |
2137 |
+ }, |
2138 |
+#endif |
2139 |
++#ifdef CONFIG_GRKERNSEC_HARDEN_IPC |
2140 |
++ { |
2141 |
++ .procname = "harden_ipc", |
2142 |
++ .data = &grsec_enable_harden_ipc, |
2143 |
++ .maxlen = sizeof(int), |
2144 |
++ .mode = 0600, |
2145 |
++ .proc_handler = &proc_dointvec, |
2146 |
++ }, |
2147 |
++#endif |
2148 |
+ { |
2149 |
+ .procname = "grsec_lock", |
2150 |
+ .data = &grsec_lock, |
2151 |
@@ -73850,14 +75006,19 @@ index d42bd48..554dcd5 100644 |
2152 |
/* |
2153 |
* epoll (fs/eventpoll.c) compat bits follow ... |
2154 |
diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h |
2155 |
-index 643d6c4..3e46a17 100644 |
2156 |
+index 643d6c4..289dbb3 100644 |
2157 |
--- a/include/linux/compiler-gcc4.h |
2158 |
+++ b/include/linux/compiler-gcc4.h |
2159 |
-@@ -46,6 +46,21 @@ |
2160 |
+@@ -46,6 +46,26 @@ |
2161 |
#endif |
2162 |
|
2163 |
#if __GNUC_MINOR__ >= 5 |
2164 |
+ |
2165 |
++#ifdef RANDSTRUCT_PLUGIN |
2166 |
++#define __randomize_layout __attribute__((randomize_layout)) |
2167 |
++#define __no_randomize_layout __attribute__((no_randomize_layout)) |
2168 |
++#endif |
2169 |
++ |
2170 |
+#ifdef CONSTIFY_PLUGIN |
2171 |
+#define __no_const __attribute__((no_const)) |
2172 |
+#define __do_const __attribute__((do_const)) |
2173 |
@@ -73875,7 +75036,7 @@ index 643d6c4..3e46a17 100644 |
2174 |
/* |
2175 |
* Mark a position in code as unreachable. This can be used to |
2176 |
* suppress control flow warnings after asm blocks that transfer |
2177 |
-@@ -61,6 +76,11 @@ |
2178 |
+@@ -61,6 +81,11 @@ |
2179 |
#define __noclone __attribute__((__noclone__)) |
2180 |
|
2181 |
#endif |
2182 |
@@ -73888,7 +75049,7 @@ index 643d6c4..3e46a17 100644 |
2183 |
|
2184 |
#if __GNUC_MINOR__ > 0 |
2185 |
diff --git a/include/linux/compiler.h b/include/linux/compiler.h |
2186 |
-index 320d6c9..2d1df6b 100644 |
2187 |
+index 320d6c9..f4c24bf 100644 |
2188 |
--- a/include/linux/compiler.h |
2189 |
+++ b/include/linux/compiler.h |
2190 |
@@ -5,31 +5,51 @@ |
2191 |
@@ -73955,10 +75116,18 @@ index 320d6c9..2d1df6b 100644 |
2192 |
#endif |
2193 |
|
2194 |
#ifdef __KERNEL__ |
2195 |
-@@ -264,6 +286,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); |
2196 |
+@@ -264,6 +286,30 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); |
2197 |
# define __attribute_const__ /* unimplemented */ |
2198 |
#endif |
2199 |
|
2200 |
++#ifndef __randomize_layout |
2201 |
++# define __randomize_layout |
2202 |
++#endif |
2203 |
++ |
2204 |
++#ifndef __no_randomize_layout |
2205 |
++# define __no_randomize_layout |
2206 |
++#endif |
2207 |
++ |
2208 |
+#ifndef __no_const |
2209 |
+# define __no_const |
2210 |
+#endif |
2211 |
@@ -73978,7 +75147,7 @@ index 320d6c9..2d1df6b 100644 |
2212 |
/* |
2213 |
* Tell gcc if a function is cold. The compiler will assume any path |
2214 |
* directly leading to the call is unlikely. |
2215 |
-@@ -273,6 +311,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); |
2216 |
+@@ -273,6 +319,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); |
2217 |
#define __cold |
2218 |
#endif |
2219 |
|
2220 |
@@ -74001,7 +75170,7 @@ index 320d6c9..2d1df6b 100644 |
2221 |
/* Simple shorthand for a section definition */ |
2222 |
#ifndef __section |
2223 |
# define __section(S) __attribute__ ((__section__(#S))) |
2224 |
-@@ -292,6 +346,18 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); |
2225 |
+@@ -292,6 +354,18 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); |
2226 |
#endif |
2227 |
#ifndef __compiletime_error |
2228 |
# define __compiletime_error(message) |
2229 |
@@ -74020,7 +75189,7 @@ index 320d6c9..2d1df6b 100644 |
2230 |
#endif |
2231 |
|
2232 |
/* |
2233 |
-@@ -306,6 +372,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); |
2234 |
+@@ -306,6 +380,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); |
2235 |
* use is to mediate communication between process-level code and irq/NMI |
2236 |
* handlers, all running on the same CPU. |
2237 |
*/ |
2238 |
@@ -74176,9 +75345,27 @@ index 4f7a632..b9e6f95 100644 |
2239 |
|
2240 |
/** |
2241 |
diff --git a/include/linux/cred.h b/include/linux/cred.h |
2242 |
-index 4030896..8d6f342 100644 |
2243 |
+index 4030896..65aefc8 100644 |
2244 |
--- a/include/linux/cred.h |
2245 |
+++ b/include/linux/cred.h |
2246 |
+@@ -34,7 +34,7 @@ struct group_info { |
2247 |
+ int nblocks; |
2248 |
+ gid_t small_block[NGROUPS_SMALL]; |
2249 |
+ gid_t *blocks[0]; |
2250 |
+-}; |
2251 |
++} __randomize_layout; |
2252 |
+ |
2253 |
+ /** |
2254 |
+ * get_group_info - Get a reference to a group info structure |
2255 |
+@@ -149,7 +149,7 @@ struct cred { |
2256 |
+ struct user_namespace *user_ns; /* cached user->user_ns */ |
2257 |
+ struct group_info *group_info; /* supplementary groups for euid/fsgid */ |
2258 |
+ struct rcu_head rcu; /* RCU deletion hook */ |
2259 |
+-}; |
2260 |
++} __randomize_layout; |
2261 |
+ |
2262 |
+ extern void __put_cred(struct cred *); |
2263 |
+ extern void exit_creds(struct task_struct *); |
2264 |
@@ -207,6 +207,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk) |
2265 |
static inline void validate_process_creds(void) |
2266 |
{ |
2267 |
@@ -74231,6 +75418,19 @@ index 8acfe31..6ffccd63 100644 |
2268 |
{ |
2269 |
return c | 0x20; |
2270 |
} |
2271 |
+diff --git a/include/linux/dcache.h b/include/linux/dcache.h |
2272 |
+index 1dfe974..3811bc2 100644 |
2273 |
+--- a/include/linux/dcache.h |
2274 |
++++ b/include/linux/dcache.h |
2275 |
+@@ -142,7 +142,7 @@ struct dentry { |
2276 |
+ } d_u; |
2277 |
+ struct list_head d_subdirs; /* our children */ |
2278 |
+ struct list_head d_alias; /* inode alias list */ |
2279 |
+-}; |
2280 |
++} __randomize_layout; |
2281 |
+ |
2282 |
+ /* |
2283 |
+ * dentry->d_lock spinlock nesting subclasses: |
2284 |
diff --git a/include/linux/decompress/mm.h b/include/linux/decompress/mm.h |
2285 |
index 7925bf0..d5143d2 100644 |
2286 |
--- a/include/linux/decompress/mm.h |
2287 |
@@ -74487,15 +75687,69 @@ index 8eeb205..13d571c 100644 |
2288 |
|
2289 |
#endif /* __KERNEL__ */ |
2290 |
diff --git a/include/linux/fs.h b/include/linux/fs.h |
2291 |
-index dd74385..c745e49 100644 |
2292 |
+index dd74385..1388ed4 100644 |
2293 |
--- a/include/linux/fs.h |
2294 |
+++ b/include/linux/fs.h |
2295 |
+@@ -658,7 +658,7 @@ struct address_space { |
2296 |
+ spinlock_t private_lock; /* for use by the address_space */ |
2297 |
+ struct list_head private_list; /* ditto */ |
2298 |
+ struct address_space *assoc_mapping; /* ditto */ |
2299 |
+-} __attribute__((aligned(sizeof(long)))); |
2300 |
++} __attribute__((aligned(sizeof(long)))) __randomize_layout; |
2301 |
+ /* |
2302 |
+ * On most architectures that alignment is already the case; but |
2303 |
+ * must be enforced here for CRIS, to let the least significant bit |
2304 |
+@@ -699,7 +699,7 @@ struct block_device { |
2305 |
+ int bd_fsfreeze_count; |
2306 |
+ /* Mutex for freeze */ |
2307 |
+ struct mutex bd_fsfreeze_mutex; |
2308 |
+-}; |
2309 |
++} __randomize_layout; |
2310 |
+ |
2311 |
+ /* |
2312 |
+ * Radix-tree tags, for tagging dirty and writeback pages within the pagecache |
2313 |
+@@ -843,7 +843,7 @@ struct inode { |
2314 |
+ atomic_t i_readcount; /* struct files open RO */ |
2315 |
+ #endif |
2316 |
+ void *i_private; /* fs or device private pointer */ |
2317 |
+-}; |
2318 |
++} __randomize_layout; |
2319 |
+ |
2320 |
+ static inline int inode_unhashed(struct inode *inode) |
2321 |
+ { |
2322 |
+@@ -1017,7 +1017,7 @@ struct file { |
2323 |
+ #ifdef CONFIG_DEBUG_WRITECOUNT |
2324 |
+ unsigned long f_mnt_write_state; |
2325 |
+ #endif |
2326 |
+-}; |
2327 |
++} __randomize_layout; |
2328 |
+ |
2329 |
+ struct file_handle { |
2330 |
+ __u32 handle_bytes; |
2331 |
+@@ -1162,7 +1162,7 @@ struct file_lock { |
2332 |
+ int state; /* state of grant or error if -ve */ |
2333 |
+ } afs; |
2334 |
+ } fl_u; |
2335 |
+-}; |
2336 |
++} __randomize_layout; |
2337 |
+ |
2338 |
+ /* The following constant reflects the upper bound of the file/locking space */ |
2339 |
+ #ifndef OFFSET_MAX |
2340 |
+@@ -1497,7 +1497,7 @@ struct super_block { |
2341 |
+ int cleancache_poolid; |
2342 |
+ |
2343 |
+ struct shrinker s_shrink; /* per-sb shrinker handle */ |
2344 |
+-}; |
2345 |
++} __randomize_layout; |
2346 |
+ |
2347 |
+ /* superblock cache pruning functions */ |
2348 |
+ extern void prune_icache_sb(struct super_block *sb, int nr_to_scan); |
2349 |
@@ -1624,7 +1624,8 @@ struct file_operations { |
2350 |
int (*setlease)(struct file *, long, struct file_lock **); |
2351 |
long (*fallocate)(struct file *file, int mode, loff_t offset, |
2352 |
loff_t len); |
2353 |
-}; |
2354 |
-+} __do_const; |
2355 |
++} __do_const __randomize_layout; |
2356 |
+typedef struct file_operations __no_const file_operations_no_const; |
2357 |
|
2358 |
struct inode_operations { |
2359 |
@@ -74526,10 +75780,10 @@ index dd74385..c745e49 100644 |
2360 |
#endif /* __KERNEL__ */ |
2361 |
#endif /* _LINUX_FS_H */ |
2362 |
diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h |
2363 |
-index 003dc0f..3c4ea97 100644 |
2364 |
+index 003dc0f..82513b5 100644 |
2365 |
--- a/include/linux/fs_struct.h |
2366 |
+++ b/include/linux/fs_struct.h |
2367 |
-@@ -6,7 +6,7 @@ |
2368 |
+@@ -6,13 +6,13 @@ |
2369 |
#include <linux/seqlock.h> |
2370 |
|
2371 |
struct fs_struct { |
2372 |
@@ -74538,6 +75792,13 @@ index 003dc0f..3c4ea97 100644 |
2373 |
spinlock_t lock; |
2374 |
seqcount_t seq; |
2375 |
int umask; |
2376 |
+ int in_exec; |
2377 |
+ struct path root, pwd; |
2378 |
+-}; |
2379 |
++} __randomize_layout; |
2380 |
+ |
2381 |
+ extern struct kmem_cache *fs_cachep; |
2382 |
+ |
2383 |
diff --git a/include/linux/fscache-cache.h b/include/linux/fscache-cache.h |
2384 |
index ce31408..b1ad003 100644 |
2385 |
--- a/include/linux/fscache-cache.h |
2386 |
@@ -75355,10 +76616,10 @@ index 0000000..be66033 |
2387 |
+#endif |
2388 |
diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h |
2389 |
new file mode 100644 |
2390 |
-index 0000000..44d8215 |
2391 |
+index 0000000..7dc4203 |
2392 |
--- /dev/null |
2393 |
+++ b/include/linux/grinternal.h |
2394 |
-@@ -0,0 +1,236 @@ |
2395 |
+@@ -0,0 +1,237 @@ |
2396 |
+#ifndef __GRINTERNAL_H |
2397 |
+#define __GRINTERNAL_H |
2398 |
+ |
2399 |
@@ -75441,6 +76702,7 @@ index 0000000..44d8215 |
2400 |
+extern int grsec_enable_blackhole; |
2401 |
+extern int grsec_lastack_retries; |
2402 |
+extern int grsec_enable_brute; |
2403 |
++extern int grsec_enable_harden_ipc; |
2404 |
+extern int grsec_lock; |
2405 |
+ |
2406 |
+extern spinlock_t grsec_alert_lock; |
2407 |
@@ -75597,10 +76859,10 @@ index 0000000..44d8215 |
2408 |
+#endif |
2409 |
diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h |
2410 |
new file mode 100644 |
2411 |
-index 0000000..1357a24 |
2412 |
+index 0000000..195cbe4 |
2413 |
--- /dev/null |
2414 |
+++ b/include/linux/grmsg.h |
2415 |
-@@ -0,0 +1,114 @@ |
2416 |
+@@ -0,0 +1,115 @@ |
2417 |
+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" |
2418 |
+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" |
2419 |
+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " |
2420 |
@@ -75715,6 +76977,7 @@ index 0000000..1357a24 |
2421 |
+#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by " |
2422 |
+#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for " |
2423 |
+#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for " |
2424 |
++#define GR_IPC_DENIED_MSG "denied %s of overly-permissive IPC object with creator uid %u by " |
2425 |
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h |
2426 |
new file mode 100644 |
2427 |
index 0000000..8996115 |
2428 |
@@ -76183,6 +77446,19 @@ index 9d57a71..8d0f701 100644 |
2429 |
{ |
2430 |
return res->end - res->start + 1; |
2431 |
} |
2432 |
+diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h |
2433 |
+index 497c6cc..0c785f8 100644 |
2434 |
+--- a/include/linux/ipc_namespace.h |
2435 |
++++ b/include/linux/ipc_namespace.h |
2436 |
+@@ -65,7 +65,7 @@ struct ipc_namespace { |
2437 |
+ |
2438 |
+ /* user_ns which owns the ipc ns */ |
2439 |
+ struct user_namespace *user_ns; |
2440 |
+-}; |
2441 |
++} __randomize_layout; |
2442 |
+ |
2443 |
+ extern struct ipc_namespace init_ipc_ns; |
2444 |
+ extern atomic_t nr_ipc_ns; |
2445 |
diff --git a/include/linux/irq.h b/include/linux/irq.h |
2446 |
index bff29c5..7437762 100644 |
2447 |
--- a/include/linux/irq.h |
2448 |
@@ -76383,7 +77659,7 @@ index f8d4b27..8560882 100644 |
2449 |
char **envp; |
2450 |
enum umh_wait wait; |
2451 |
diff --git a/include/linux/kobject.h b/include/linux/kobject.h |
2452 |
-index 445f978..3a02264 100644 |
2453 |
+index 445f978..24e427c 100644 |
2454 |
--- a/include/linux/kobject.h |
2455 |
+++ b/include/linux/kobject.h |
2456 |
@@ -111,7 +111,7 @@ struct kobj_type { |
2457 |
@@ -76403,6 +77679,15 @@ index 445f978..3a02264 100644 |
2458 |
|
2459 |
extern const struct sysfs_ops kobj_sysfs_ops; |
2460 |
|
2461 |
+@@ -161,7 +162,7 @@ struct kset { |
2462 |
+ spinlock_t list_lock; |
2463 |
+ struct kobject kobj; |
2464 |
+ const struct kset_uevent_ops *uevent_ops; |
2465 |
+-}; |
2466 |
++} __randomize_layout; |
2467 |
+ |
2468 |
+ extern void kset_init(struct kset *kset); |
2469 |
+ extern int __must_check kset_register(struct kset *kset); |
2470 |
diff --git a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h |
2471 |
index f66b065..c2c29b4 100644 |
2472 |
--- a/include/linux/kobject_ns.h |
2473 |
@@ -76811,22 +78096,25 @@ index 305fd75..cdbfb05 100644 |
2474 |
#endif /* __KERNEL__ */ |
2475 |
#endif /* _LINUX_MM_H */ |
2476 |
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h |
2477 |
-index de3a321..8761f4a 100644 |
2478 |
+index de3a321..8fb84fc 100644 |
2479 |
--- a/include/linux/mm_types.h |
2480 |
+++ b/include/linux/mm_types.h |
2481 |
-@@ -253,6 +253,8 @@ struct vm_area_struct { |
2482 |
+@@ -253,7 +253,9 @@ struct vm_area_struct { |
2483 |
#ifdef CONFIG_NUMA |
2484 |
struct mempolicy *vm_policy; /* NUMA policy for the VMA */ |
2485 |
#endif |
2486 |
+-}; |
2487 |
+ |
2488 |
+ struct vm_area_struct *vm_mirror;/* PaX: mirror vma or NULL */ |
2489 |
- }; |
2490 |
++} __randomize_layout; |
2491 |
|
2492 |
struct core_thread { |
2493 |
-@@ -390,6 +392,24 @@ struct mm_struct { |
2494 |
+ struct task_struct *task; |
2495 |
+@@ -390,7 +392,25 @@ struct mm_struct { |
2496 |
#ifdef CONFIG_CPUMASK_OFFSTACK |
2497 |
struct cpumask cpumask_allocation; |
2498 |
#endif |
2499 |
+-}; |
2500 |
+ |
2501 |
+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) |
2502 |
+ unsigned long pax_flags; |
2503 |
@@ -76845,9 +78133,10 @@ index de3a321..8761f4a 100644 |
2504 |
+ unsigned long delta_stack; /* randomized offset */ |
2505 |
+#endif |
2506 |
+ |
2507 |
- }; |
2508 |
++} __randomize_layout; |
2509 |
|
2510 |
static inline void mm_init_cpumask(struct mm_struct *mm) |
2511 |
+ { |
2512 |
diff --git a/include/linux/mmiotrace.h b/include/linux/mmiotrace.h |
2513 |
index c5d5278..f0b68c8 100644 |
2514 |
--- a/include/linux/mmiotrace.h |
2515 |
@@ -76935,7 +78224,7 @@ index 468819c..c02b63b 100644 |
2516 |
* struct dmi_device_id appears during expansion of |
2517 |
* "MODULE_DEVICE_TABLE(dmi, x)". Compiler doesn't look inside it |
2518 |
diff --git a/include/linux/module.h b/include/linux/module.h |
2519 |
-index 3cb7839..56d41ff 100644 |
2520 |
+index 3cb7839..2e0d4ee4 100644 |
2521 |
--- a/include/linux/module.h |
2522 |
+++ b/include/linux/module.h |
2523 |
@@ -17,9 +17,11 @@ |
2524 |
@@ -76950,6 +78239,15 @@ index 3cb7839..56d41ff 100644 |
2525 |
|
2526 |
#include <trace/events/module.h> |
2527 |
|
2528 |
+@@ -41,7 +43,7 @@ struct module_kobject { |
2529 |
+ struct module *mod; |
2530 |
+ struct kobject *drivers_dir; |
2531 |
+ struct module_param_attrs *mp; |
2532 |
+-}; |
2533 |
++} __randomize_layout; |
2534 |
+ |
2535 |
+ struct module_attribute { |
2536 |
+ struct attribute attr; |
2537 |
@@ -53,12 +55,13 @@ struct module_attribute { |
2538 |
int (*test)(struct module *); |
2539 |
void (*free)(struct module *); |
2540 |
@@ -77009,6 +78307,15 @@ index 3cb7839..56d41ff 100644 |
2541 |
#endif |
2542 |
#ifdef CONFIG_FTRACE_MCOUNT_RECORD |
2543 |
unsigned int num_ftrace_callsites; |
2544 |
+@@ -358,7 +362,7 @@ struct module |
2545 |
+ ctor_fn_t *ctors; |
2546 |
+ unsigned int num_ctors; |
2547 |
+ #endif |
2548 |
+-}; |
2549 |
++} __randomize_layout; |
2550 |
+ #ifndef MODULE_ARCH_INIT |
2551 |
+ #define MODULE_ARCH_INIT {} |
2552 |
+ #endif |
2553 |
@@ -379,16 +383,46 @@ bool is_module_address(unsigned long addr); |
2554 |
bool is_module_percpu_address(unsigned long addr); |
2555 |
bool is_module_text_address(unsigned long addr); |
2556 |
@@ -77087,9 +78394,26 @@ index b2be02e..6a9fdb1 100644 |
2557 |
or 0. */ |
2558 |
int apply_relocate(Elf_Shdr *sechdrs, |
2559 |
diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h |
2560 |
-index 7939f63..ec6df57 100644 |
2561 |
+index 7939f63..c573d38 100644 |
2562 |
--- a/include/linux/moduleparam.h |
2563 |
+++ b/include/linux/moduleparam.h |
2564 |
+@@ -159,13 +159,13 @@ struct kparam_array |
2565 |
+ { arg } } |
2566 |
+ |
2567 |
+ /* Obsolete - use module_param_cb() */ |
2568 |
+-#define module_param_call(name, set, get, arg, perm) \ |
2569 |
++#define module_param_call(name, _set, _get, arg, perm) \ |
2570 |
+ static struct kernel_param_ops __param_ops_##name = \ |
2571 |
+- { (void *)set, (void *)get }; \ |
2572 |
++ { .set = (void *)_set, .get = (void *)_get }; \ |
2573 |
+ __module_param_call(MODULE_PARAM_PREFIX, \ |
2574 |
+ name, &__param_ops_##name, arg, \ |
2575 |
+ __same_type(arg, bool *), \ |
2576 |
+- (perm) + sizeof(__check_old_set_param(set))*0) |
2577 |
++ (perm) + sizeof(__check_old_set_param(_set))*0) |
2578 |
+ |
2579 |
+ /* We don't get oldget: it's often a new-style param_get_uint, etc. */ |
2580 |
+ static inline int |
2581 |
@@ -260,7 +260,7 @@ static inline void __kernel_param_unlock(void) |
2582 |
* @len is usually just sizeof(string). |
2583 |
*/ |
2584 |
@@ -77108,6 +78432,19 @@ index 7939f63..ec6df57 100644 |
2585 |
= { .max = ARRAY_SIZE(array), .num = nump, \ |
2586 |
.ops = ¶m_ops_##type, \ |
2587 |
.elemsize = sizeof(array[0]), .elem = array }; \ |
2588 |
+diff --git a/include/linux/mount.h b/include/linux/mount.h |
2589 |
+index 33fe53d..c54903f 100644 |
2590 |
+--- a/include/linux/mount.h |
2591 |
++++ b/include/linux/mount.h |
2592 |
+@@ -86,7 +86,7 @@ struct vfsmount { |
2593 |
+ int mnt_expiry_mark; /* true if marked for expiry */ |
2594 |
+ int mnt_pinned; |
2595 |
+ int mnt_ghosts; |
2596 |
+-}; |
2597 |
++} __randomize_layout; |
2598 |
+ |
2599 |
+ struct file; /* forward dec */ |
2600 |
+ |
2601 |
diff --git a/include/linux/namei.h b/include/linux/namei.h |
2602 |
index ffc0213..2c1f2cb 100644 |
2603 |
--- a/include/linux/namei.h |
2604 |
@@ -77374,6 +78711,19 @@ index 8fc7dd1a..c19d89e 100644 |
2605 |
MMAP_PAGE_ZERO) |
2606 |
|
2607 |
/* |
2608 |
+diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h |
2609 |
+index 38d1032..d3f6744 100644 |
2610 |
+--- a/include/linux/pid_namespace.h |
2611 |
++++ b/include/linux/pid_namespace.h |
2612 |
+@@ -30,7 +30,7 @@ struct pid_namespace { |
2613 |
+ #ifdef CONFIG_BSD_PROCESS_ACCT |
2614 |
+ struct bsd_acct_struct *bacct; |
2615 |
+ #endif |
2616 |
+-}; |
2617 |
++} __randomize_layout; |
2618 |
+ |
2619 |
+ extern struct pid_namespace init_pid_ns; |
2620 |
+ |
2621 |
diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h |
2622 |
index 0072a53..c5dcca5 100644 |
2623 |
--- a/include/linux/pipe_fs_i.h |
2624 |
@@ -77491,9 +78841,18 @@ index f0e22f7..82dd544 100644 |
2625 |
void log_buf_kexec_setup(void); |
2626 |
void __init setup_log_buf(int early); |
2627 |
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h |
2628 |
-index 643b96c..9544c71 100644 |
2629 |
+index 643b96c..1bd456a 100644 |
2630 |
--- a/include/linux/proc_fs.h |
2631 |
+++ b/include/linux/proc_fs.h |
2632 |
+@@ -76,7 +76,7 @@ struct proc_dir_entry { |
2633 |
+ spinlock_t pde_unload_lock; /* proc_fops checks and pde_users bumps */ |
2634 |
+ u8 namelen; |
2635 |
+ char name[]; |
2636 |
+-}; |
2637 |
++} __randomize_layout; |
2638 |
+ |
2639 |
+ enum kcore_type { |
2640 |
+ KCORE_TEXT, |
2641 |
@@ -155,6 +155,19 @@ static inline struct proc_dir_entry *proc_create(const char *name, mode_t mode, |
2642 |
return proc_create_data(name, mode, parent, proc_fops, NULL); |
2643 |
} |
2644 |
@@ -77523,6 +78882,15 @@ index 643b96c..9544c71 100644 |
2645 |
extern const struct proc_ns_operations netns_operations; |
2646 |
extern const struct proc_ns_operations utsns_operations; |
2647 |
extern const struct proc_ns_operations ipcns_operations; |
2648 |
+@@ -273,7 +286,7 @@ struct proc_inode { |
2649 |
+ void *ns; |
2650 |
+ const struct proc_ns_operations *ns_ops; |
2651 |
+ struct inode vfs_inode; |
2652 |
+-}; |
2653 |
++} __randomize_layout; |
2654 |
+ |
2655 |
+ static inline struct proc_inode *PROC_I(const struct inode *inode) |
2656 |
+ { |
2657 |
diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h |
2658 |
index 800f113..13b3715 100644 |
2659 |
--- a/include/linux/ptrace.h |
2660 |
@@ -77856,7 +79224,7 @@ index 2148b12..519b820 100644 |
2661 |
|
2662 |
static inline void anon_vma_merge(struct vm_area_struct *vma, |
2663 |
diff --git a/include/linux/sched.h b/include/linux/sched.h |
2664 |
-index 312d047..a4bff08 100644 |
2665 |
+index 312d047..a357e91 100644 |
2666 |
--- a/include/linux/sched.h |
2667 |
+++ b/include/linux/sched.h |
2668 |
@@ -101,6 +101,7 @@ struct bio_list; |
2669 |
@@ -77930,6 +79298,15 @@ index 312d047..a4bff08 100644 |
2670 |
#ifdef CONFIG_AUDIT |
2671 |
unsigned audit_tty; |
2672 |
struct tty_audit_buf *tty_audit_buf; |
2673 |
+@@ -657,7 +687,7 @@ struct signal_struct { |
2674 |
+ struct mutex cred_guard_mutex; /* guard against foreign influences on |
2675 |
+ * credential calculations |
2676 |
+ * (notably. ptrace) */ |
2677 |
+-}; |
2678 |
++} __randomize_layout; |
2679 |
+ |
2680 |
+ /* Context switch must be unlocked if interrupts are to be enabled */ |
2681 |
+ #ifdef __ARCH_WANT_INTERRUPTS_ON_CTXSW |
2682 |
@@ -715,6 +745,14 @@ struct user_struct { |
2683 |
struct key *session_keyring; /* UID's default session keyring */ |
2684 |
#endif |
2685 |
@@ -77945,6 +79322,15 @@ index 312d047..a4bff08 100644 |
2686 |
/* Hash table maintenance information */ |
2687 |
struct hlist_node uidhash_node; |
2688 |
uid_t uid; |
2689 |
+@@ -723,7 +761,7 @@ struct user_struct { |
2690 |
+ #ifdef CONFIG_PERF_EVENTS |
2691 |
+ atomic_long_t locked_vm; |
2692 |
+ #endif |
2693 |
+-}; |
2694 |
++} __randomize_layout; |
2695 |
+ |
2696 |
+ extern int uids_sysfs_init(void); |
2697 |
+ |
2698 |
@@ -1129,7 +1167,7 @@ struct sched_class { |
2699 |
#ifdef CONFIG_FAIR_GROUP_SCHED |
2700 |
void (*task_move_group) (struct task_struct *p, int on_rq); |
2701 |
@@ -78057,10 +79443,13 @@ index 312d047..a4bff08 100644 |
2702 |
#ifdef CONFIG_FUNCTION_GRAPH_TRACER |
2703 |
/* Index of current stored address in ret_stack */ |
2704 |
int curr_ret_stack; |
2705 |
-@@ -1582,6 +1652,53 @@ struct task_struct { |
2706 |
+@@ -1580,7 +1650,54 @@ struct task_struct { |
2707 |
+ #ifdef CONFIG_HAVE_HW_BREAKPOINT |
2708 |
+ atomic_t ptrace_bp_refcnt; |
2709 |
#endif |
2710 |
- }; |
2711 |
- |
2712 |
+-}; |
2713 |
++} __randomize_layout; |
2714 |
++ |
2715 |
+#define MF_PAX_PAGEEXEC 0x01000000 /* Paging based non-executable pages */ |
2716 |
+#define MF_PAX_EMUTRAMP 0x02000000 /* Emulate trampolines */ |
2717 |
+#define MF_PAX_MPROTECT 0x04000000 /* Restrict mprotect() */ |
2718 |
@@ -78107,10 +79496,9 @@ index 312d047..a4bff08 100644 |
2719 |
+extern void pax_report_fault(struct pt_regs *regs, void *pc, void *sp); |
2720 |
+extern void pax_report_insns(struct pt_regs *regs, void *pc, void *sp); |
2721 |
+extern void pax_report_refcount_overflow(struct pt_regs *regs); |
2722 |
-+ |
2723 |
+ |
2724 |
/* Future-safe accessor for struct task_struct's cpus_allowed. */ |
2725 |
#define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) |
2726 |
- |
2727 |
@@ -2097,7 +2214,9 @@ void yield(void); |
2728 |
extern struct exec_domain default_exec_domain; |
2729 |
|
2730 |
@@ -78919,7 +80307,7 @@ index 27b3b0b..e093dd9 100644 |
2731 |
extern void register_syscore_ops(struct syscore_ops *ops); |
2732 |
extern void unregister_syscore_ops(struct syscore_ops *ops); |
2733 |
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h |
2734 |
-index 703cfa33..04ef3d7 100644 |
2735 |
+index 703cfa33..305427e 100644 |
2736 |
--- a/include/linux/sysctl.h |
2737 |
+++ b/include/linux/sysctl.h |
2738 |
@@ -155,8 +155,6 @@ enum |
2739 |
@@ -78952,7 +80340,7 @@ index 703cfa33..04ef3d7 100644 |
2740 |
void *extra1; |
2741 |
void *extra2; |
2742 |
-}; |
2743 |
-+} __do_const; |
2744 |
++} __do_const __randomize_layout; |
2745 |
+typedef struct ctl_table __no_const ctl_table_no_const; |
2746 |
+typedef struct ctl_table ctl_table; |
2747 |
|
2748 |
@@ -79083,8 +80471,21 @@ index a71a292..51bd91d 100644 |
2749 |
} |
2750 |
|
2751 |
/** |
2752 |
+diff --git a/include/linux/tty.h b/include/linux/tty.h |
2753 |
+index 5dbb3cb..a192962 100644 |
2754 |
+--- a/include/linux/tty.h |
2755 |
++++ b/include/linux/tty.h |
2756 |
+@@ -331,7 +331,7 @@ struct tty_struct { |
2757 |
+ /* If the tty has a pending do_SAK, queue it here - akpm */ |
2758 |
+ struct work_struct SAK_work; |
2759 |
+ struct tty_port *port; |
2760 |
+-}; |
2761 |
++} __randomize_layout; |
2762 |
+ |
2763 |
+ /* Each of a tty's open files has private_data pointing to tty_file_private */ |
2764 |
+ struct tty_file_private { |
2765 |
diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h |
2766 |
-index ecdaeb9..8d27e20 100644 |
2767 |
+index ecdaeb9..a7e29ec 100644 |
2768 |
--- a/include/linux/tty_driver.h |
2769 |
+++ b/include/linux/tty_driver.h |
2770 |
@@ -286,7 +286,7 @@ struct tty_operations { |
2771 |
@@ -79096,6 +80497,15 @@ index ecdaeb9..8d27e20 100644 |
2772 |
|
2773 |
struct tty_driver { |
2774 |
int magic; /* magic number for this structure */ |
2775 |
+@@ -321,7 +321,7 @@ struct tty_driver { |
2776 |
+ |
2777 |
+ const struct tty_operations *ops; |
2778 |
+ struct list_head tty_drivers; |
2779 |
+-}; |
2780 |
++} __randomize_layout; |
2781 |
+ |
2782 |
+ extern struct list_head tty_drivers; |
2783 |
+ |
2784 |
diff --git a/include/linux/tty_ldisc.h b/include/linux/tty_ldisc.h |
2785 |
index ff7dc08..893e1bd 100644 |
2786 |
--- a/include/linux/tty_ldisc.h |
2787 |
@@ -79266,11 +80676,37 @@ index 76f4396..3e0a4a8 100644 |
2788 |
}; |
2789 |
|
2790 |
static inline struct usb_driver *driver_of(struct usb_interface *intf) |
2791 |
+diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h |
2792 |
+index faf4679..f4819bf 100644 |
2793 |
+--- a/include/linux/user_namespace.h |
2794 |
++++ b/include/linux/user_namespace.h |
2795 |
+@@ -14,7 +14,7 @@ struct user_namespace { |
2796 |
+ struct hlist_head uidhash_table[UIDHASH_SZ]; |
2797 |
+ struct user_struct *creator; |
2798 |
+ struct work_struct destroyer; |
2799 |
+-}; |
2800 |
++} __randomize_layout; |
2801 |
+ |
2802 |
+ extern struct user_namespace init_user_ns; |
2803 |
+ |
2804 |
+diff --git a/include/linux/utsname.h b/include/linux/utsname.h |
2805 |
+index c714ed7..fb6d16c 100644 |
2806 |
+--- a/include/linux/utsname.h |
2807 |
++++ b/include/linux/utsname.h |
2808 |
+@@ -52,7 +52,7 @@ struct uts_namespace { |
2809 |
+ struct kref kref; |
2810 |
+ struct new_utsname name; |
2811 |
+ struct user_namespace *user_ns; |
2812 |
+-}; |
2813 |
++} __randomize_layout; |
2814 |
+ extern struct uts_namespace init_uts_ns; |
2815 |
+ |
2816 |
+ #ifdef CONFIG_UTS_NS |
2817 |
diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h |
2818 |
-index 6f8fbcf..8259001 100644 |
2819 |
+index 6f8fbcf..e2a0e61 100644 |
2820 |
--- a/include/linux/vermagic.h |
2821 |
+++ b/include/linux/vermagic.h |
2822 |
-@@ -25,9 +25,35 @@ |
2823 |
+@@ -25,9 +25,41 @@ |
2824 |
#define MODULE_ARCH_VERMAGIC "" |
2825 |
#endif |
2826 |
|
2827 |
@@ -79292,6 +80728,12 @@ index 6f8fbcf..8259001 100644 |
2828 |
+#define MODULE_STACKLEAK_PLUGIN "" |
2829 |
+#endif |
2830 |
+ |
2831 |
++#ifdef RANDSTRUCT_PLUGIN |
2832 |
++#define MODULE_RANDSTRUCT_PLUGIN "RANDSTRUCT_PLUGIN_" RANDSTRUCT_HASHED_SEED |
2833 |
++#else |
2834 |
++#define MODULE_RANDSTRUCT_PLUGIN |
2835 |
++#endif |
2836 |
++ |
2837 |
+#ifdef CONFIG_GRKERNSEC |
2838 |
+#define MODULE_GRSEC "GRSEC " |
2839 |
+#else |
2840 |
@@ -79305,7 +80747,7 @@ index 6f8fbcf..8259001 100644 |
2841 |
- MODULE_ARCH_VERMAGIC |
2842 |
+ MODULE_ARCH_VERMAGIC \ |
2843 |
+ MODULE_PAX_REFCOUNT MODULE_CONSTIFY_PLUGIN MODULE_STACKLEAK_PLUGIN \ |
2844 |
-+ MODULE_GRSEC |
2845 |
++ MODULE_GRSEC MODULE_RANDSTRUCT_PLUGIN |
2846 |
|
2847 |
diff --git a/include/linux/videodev2.h b/include/linux/videodev2.h |
2848 |
index 45a7698..76e6993 100644 |
2849 |
@@ -79827,7 +81269,7 @@ index 1a6201a..66d9531 100644 |
2850 |
static inline int rate_supported(struct ieee80211_sta *sta, |
2851 |
enum ieee80211_band band, |
2852 |
diff --git a/include/net/neighbour.h b/include/net/neighbour.h |
2853 |
-index 2720884..3aa5c25 100644 |
2854 |
+index 2720884..bbc0141 100644 |
2855 |
--- a/include/net/neighbour.h |
2856 |
+++ b/include/net/neighbour.h |
2857 |
@@ -122,7 +122,7 @@ struct neigh_ops { |
2858 |
@@ -79839,10 +81281,28 @@ index 2720884..3aa5c25 100644 |
2859 |
|
2860 |
struct pneigh_entry { |
2861 |
struct pneigh_entry *next; |
2862 |
+@@ -176,7 +176,7 @@ struct neigh_table { |
2863 |
+ struct neigh_statistics __percpu *stats; |
2864 |
+ struct neigh_hash_table __rcu *nht; |
2865 |
+ struct pneigh_entry **phash_buckets; |
2866 |
+-}; |
2867 |
++} __randomize_layout; |
2868 |
+ |
2869 |
+ /* flags for neigh_update() */ |
2870 |
+ #define NEIGH_UPDATE_F_OVERRIDE 0x00000001 |
2871 |
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h |
2872 |
-index 3bb6fa0..3af7393 100644 |
2873 |
+index 3bb6fa0..4ea5d1c 100644 |
2874 |
--- a/include/net/net_namespace.h |
2875 |
+++ b/include/net/net_namespace.h |
2876 |
+@@ -101,7 +101,7 @@ struct net { |
2877 |
+ struct netns_xfrm xfrm; |
2878 |
+ #endif |
2879 |
+ struct netns_ipvs *ipvs; |
2880 |
+-}; |
2881 |
++} __randomize_layout; |
2882 |
+ |
2883 |
+ |
2884 |
+ #include <linux/seq_file_net.h> |
2885 |
@@ -240,10 +240,16 @@ static inline struct net *read_pnet(struct net * const *pnet) |
2886 |
#define __net_init |
2887 |
#define __net_exit |
2888 |
@@ -81436,6 +82896,30 @@ index 326a20b..62e6b7e 100644 |
2889 |
size = i_size_read(path.dentry->d_inode); |
2890 |
shm_unlock(shp); |
2891 |
|
2892 |
+diff --git a/ipc/util.c b/ipc/util.c |
2893 |
+index 75261a3..7060953 100644 |
2894 |
+--- a/ipc/util.c |
2895 |
++++ b/ipc/util.c |
2896 |
+@@ -47,6 +47,8 @@ struct ipc_proc_iface { |
2897 |
+ int (*show)(struct seq_file *, void *); |
2898 |
+ }; |
2899 |
+ |
2900 |
++extern int gr_ipc_permitted(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, int requested_mode, int granted_mode); |
2901 |
++ |
2902 |
+ #ifdef CONFIG_MEMORY_HOTPLUG |
2903 |
+ |
2904 |
+ static void ipc_memory_notifier(struct work_struct *work) |
2905 |
+@@ -617,6 +619,10 @@ int ipcperms(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, short flag) |
2906 |
+ granted_mode >>= 6; |
2907 |
+ else if (in_group_p(ipcp->cgid) || in_group_p(ipcp->gid)) |
2908 |
+ granted_mode >>= 3; |
2909 |
++ |
2910 |
++ if (!gr_ipc_permitted(ns, ipcp, requested_mode, granted_mode)) |
2911 |
++ return -1; |
2912 |
++ |
2913 |
+ /* is there some bit set in requested_mode but not in granted_mode? */ |
2914 |
+ if ((requested_mode & ~granted_mode & 0007) && |
2915 |
+ !ns_capable(ns->user_ns, CAP_IPC_OWNER)) |
2916 |
diff --git a/kernel/acct.c b/kernel/acct.c |
2917 |
index fa7eb3d..7faf116 100644 |
2918 |
--- a/kernel/acct.c |
2919 |
@@ -83487,7 +84971,7 @@ index 91c32a0..7b88d63 100644 |
2920 |
seq_printf(m, "%40s %14lu %29s %pS\n", |
2921 |
name, stats->contending_point[i], |
2922 |
diff --git a/kernel/module.c b/kernel/module.c |
2923 |
-index 65362d9..96ac6ba 100644 |
2924 |
+index 65362d9..4226e37 100644 |
2925 |
--- a/kernel/module.c |
2926 |
+++ b/kernel/module.c |
2927 |
@@ -58,6 +58,7 @@ |
2928 |
@@ -83535,7 +85019,39 @@ index 65362d9..96ac6ba 100644 |
2929 |
printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n", |
2930 |
mod->name, align, PAGE_SIZE); |
2931 |
align = PAGE_SIZE; |
2932 |
-@@ -1183,7 +1185,7 @@ resolve_symbol_wait(struct module *mod, |
2933 |
+@@ -1062,13 +1064,29 @@ static int check_version(Elf_Shdr *sechdrs, |
2934 |
+ goto bad_version; |
2935 |
+ } |
2936 |
+ |
2937 |
+- printk(KERN_WARNING "%s: no symbol version for %s\n", |
2938 |
+- mod->name, symname); |
2939 |
++#ifdef CONFIG_GRKERNSEC_RANDSTRUCT |
2940 |
++ /* |
2941 |
++ * avoid potentially printing jibberish on attempted load |
2942 |
++ * of a module randomized with a different seed |
2943 |
++ */ |
2944 |
++ pr_warn("no symbol version for %s\n", symname); |
2945 |
++#else |
2946 |
++ pr_warn("%s: no symbol version for %s\n", mod->name, symname); |
2947 |
++#endif |
2948 |
+ return 0; |
2949 |
+ |
2950 |
+ bad_version: |
2951 |
++#ifdef CONFIG_GRKERNSEC_RANDSTRUCT |
2952 |
++ /* |
2953 |
++ * avoid potentially printing jibberish on attempted load |
2954 |
++ * of a module randomized with a different seed |
2955 |
++ */ |
2956 |
++ printk("attempted module disagrees about version of symbol %s\n", |
2957 |
++ symname); |
2958 |
++#else |
2959 |
+ printk("%s: disagrees about version of symbol %s\n", |
2960 |
+ mod->name, symname); |
2961 |
++#endif |
2962 |
+ return 0; |
2963 |
+ } |
2964 |
+ |
2965 |
+@@ -1183,7 +1201,7 @@ resolve_symbol_wait(struct module *mod, |
2966 |
*/ |
2967 |
#ifdef CONFIG_SYSFS |
2968 |
|
2969 |
@@ -83544,7 +85060,7 @@ index 65362d9..96ac6ba 100644 |
2970 |
static inline bool sect_empty(const Elf_Shdr *sect) |
2971 |
{ |
2972 |
return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0; |
2973 |
-@@ -1323,7 +1325,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info) |
2974 |
+@@ -1323,7 +1341,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info) |
2975 |
{ |
2976 |
unsigned int notes, loaded, i; |
2977 |
struct module_notes_attrs *notes_attrs; |
2978 |
@@ -83553,7 +85069,7 @@ index 65362d9..96ac6ba 100644 |
2979 |
|
2980 |
/* failed to create section attributes, so can't create notes */ |
2981 |
if (!mod->sect_attrs) |
2982 |
-@@ -1435,7 +1437,7 @@ static void del_usage_links(struct module *mod) |
2983 |
+@@ -1435,7 +1453,7 @@ static void del_usage_links(struct module *mod) |
2984 |
static int module_add_modinfo_attrs(struct module *mod) |
2985 |
{ |
2986 |
struct module_attribute *attr; |
2987 |
@@ -83562,7 +85078,7 @@ index 65362d9..96ac6ba 100644 |
2988 |
int error = 0; |
2989 |
int i; |
2990 |
|
2991 |
-@@ -1649,21 +1651,21 @@ static void set_section_ro_nx(void *base, |
2992 |
+@@ -1649,21 +1667,21 @@ static void set_section_ro_nx(void *base, |
2993 |
|
2994 |
static void unset_module_core_ro_nx(struct module *mod) |
2995 |
{ |
2996 |
@@ -83592,7 +85108,7 @@ index 65362d9..96ac6ba 100644 |
2997 |
set_memory_rw); |
2998 |
} |
2999 |
|
3000 |
-@@ -1674,14 +1676,14 @@ void set_all_modules_text_rw(void) |
3001 |
+@@ -1674,14 +1692,14 @@ void set_all_modules_text_rw(void) |
3002 |
|
3003 |
mutex_lock(&module_mutex); |
3004 |
list_for_each_entry_rcu(mod, &modules, list) { |
3005 |
@@ -83613,7 +85129,7 @@ index 65362d9..96ac6ba 100644 |
3006 |
set_memory_rw); |
3007 |
} |
3008 |
} |
3009 |
-@@ -1695,14 +1697,14 @@ void set_all_modules_text_ro(void) |
3010 |
+@@ -1695,14 +1713,14 @@ void set_all_modules_text_ro(void) |
3011 |
|
3012 |
mutex_lock(&module_mutex); |
3013 |
list_for_each_entry_rcu(mod, &modules, list) { |
3014 |
@@ -83634,7 +85150,7 @@ index 65362d9..96ac6ba 100644 |
3015 |
set_memory_ro); |
3016 |
} |
3017 |
} |
3018 |
-@@ -1748,16 +1750,19 @@ static void free_module(struct module *mod) |
3019 |
+@@ -1748,16 +1766,19 @@ static void free_module(struct module *mod) |
3020 |
|
3021 |
/* This may be NULL, but that's OK */ |
3022 |
unset_module_init_ro_nx(mod); |
3023 |
@@ -83657,7 +85173,7 @@ index 65362d9..96ac6ba 100644 |
3024 |
|
3025 |
#ifdef CONFIG_MPU |
3026 |
update_protections(current->mm); |
3027 |
-@@ -1826,10 +1831,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) |
3028 |
+@@ -1826,10 +1847,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) |
3029 |
unsigned int i; |
3030 |
int ret = 0; |
3031 |
const struct kernel_symbol *ksym; |
3032 |
@@ -83689,7 +85205,7 @@ index 65362d9..96ac6ba 100644 |
3033 |
switch (sym[i].st_shndx) { |
3034 |
case SHN_COMMON: |
3035 |
/* We compiled with -fno-common. These are not |
3036 |
-@@ -1850,7 +1876,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) |
3037 |
+@@ -1850,7 +1892,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) |
3038 |
ksym = resolve_symbol_wait(mod, info, name); |
3039 |
/* Ok if resolved. */ |
3040 |
if (ksym && !IS_ERR(ksym)) { |
3041 |
@@ -83699,7 +85215,7 @@ index 65362d9..96ac6ba 100644 |
3042 |
break; |
3043 |
} |
3044 |
|
3045 |
-@@ -1869,11 +1897,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) |
3046 |
+@@ -1869,11 +1913,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) |
3047 |
secbase = (unsigned long)mod_percpu(mod); |
3048 |
else |
3049 |
secbase = info->sechdrs[sym[i].st_shndx].sh_addr; |
3050 |
@@ -83720,7 +85236,7 @@ index 65362d9..96ac6ba 100644 |
3051 |
return ret; |
3052 |
} |
3053 |
|
3054 |
-@@ -1977,22 +2014,12 @@ static void layout_sections(struct module *mod, struct load_info *info) |
3055 |
+@@ -1977,22 +2030,12 @@ static void layout_sections(struct module *mod, struct load_info *info) |
3056 |
|| s->sh_entsize != ~0UL |
3057 |
|| strstarts(sname, ".init")) |
3058 |
continue; |
3059 |
@@ -83747,7 +85263,7 @@ index 65362d9..96ac6ba 100644 |
3060 |
} |
3061 |
|
3062 |
DEBUGP("Init section allocation order:\n"); |
3063 |
-@@ -2006,23 +2033,13 @@ static void layout_sections(struct module *mod, struct load_info *info) |
3064 |
+@@ -2006,23 +2049,13 @@ static void layout_sections(struct module *mod, struct load_info *info) |
3065 |
|| s->sh_entsize != ~0UL |
3066 |
|| !strstarts(sname, ".init")) |
3067 |
continue; |
3068 |
@@ -83776,7 +85292,7 @@ index 65362d9..96ac6ba 100644 |
3069 |
} |
3070 |
} |
3071 |
|
3072 |
-@@ -2187,7 +2204,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) |
3073 |
+@@ -2187,7 +2220,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) |
3074 |
|
3075 |
/* Put symbol section at end of init part of module. */ |
3076 |
symsect->sh_flags |= SHF_ALLOC; |
3077 |
@@ -83785,7 +85301,7 @@ index 65362d9..96ac6ba 100644 |
3078 |
info->index.sym) | INIT_OFFSET_MASK; |
3079 |
DEBUGP("\t%s\n", info->secstrings + symsect->sh_name); |
3080 |
|
3081 |
-@@ -2206,19 +2223,19 @@ static void layout_symtab(struct module *mod, struct load_info *info) |
3082 |
+@@ -2206,19 +2239,19 @@ static void layout_symtab(struct module *mod, struct load_info *info) |
3083 |
} |
3084 |
|
3085 |
/* Append room for core symbols at end of core part. */ |
3086 |
@@ -83810,7 +85326,7 @@ index 65362d9..96ac6ba 100644 |
3087 |
} |
3088 |
|
3089 |
static void add_kallsyms(struct module *mod, const struct load_info *info) |
3090 |
-@@ -2234,11 +2251,13 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) |
3091 |
+@@ -2234,11 +2267,13 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) |
3092 |
/* Make sure we get permanent strtab: don't use info->strtab. */ |
3093 |
mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; |
3094 |
|
3095 |
@@ -83825,7 +85341,7 @@ index 65362d9..96ac6ba 100644 |
3096 |
src = mod->symtab; |
3097 |
for (ndst = i = 0; i < mod->num_symtab; i++) { |
3098 |
if (i == 0 || |
3099 |
-@@ -2251,10 +2270,12 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) |
3100 |
+@@ -2251,10 +2286,12 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) |
3101 |
} |
3102 |
mod->core_num_syms = ndst; |
3103 |
|
3104 |
@@ -83839,7 +85355,7 @@ index 65362d9..96ac6ba 100644 |
3105 |
} |
3106 |
#else |
3107 |
static inline void layout_symtab(struct module *mod, struct load_info *info) |
3108 |
-@@ -2288,17 +2309,33 @@ void * __weak module_alloc(unsigned long size) |
3109 |
+@@ -2288,17 +2325,33 @@ void * __weak module_alloc(unsigned long size) |
3110 |
return size == 0 ? NULL : vmalloc_exec(size); |
3111 |
} |
3112 |
|
3113 |
@@ -83878,7 +85394,25 @@ index 65362d9..96ac6ba 100644 |
3114 |
mutex_unlock(&module_mutex); |
3115 |
} |
3116 |
return ret; |
3117 |
-@@ -2475,8 +2512,14 @@ static struct module *setup_load_info(struct load_info *info) |
3118 |
+@@ -2458,8 +2511,15 @@ static struct module *setup_load_info(struct load_info *info) |
3119 |
+ mod = (void *)info->sechdrs[info->index.mod].sh_addr; |
3120 |
+ |
3121 |
+ if (info->index.sym == 0) { |
3122 |
+- printk(KERN_WARNING "%s: module has no symbols (stripped?)\n", |
3123 |
+- mod->name); |
3124 |
++#ifdef CONFIG_GRKERNSEC_RANDSTRUCT |
3125 |
++ /* |
3126 |
++ * avoid potentially printing jibberish on attempted load |
3127 |
++ * of a module randomized with a different seed |
3128 |
++ */ |
3129 |
++ pr_warn("module has no symbols (stripped?)\n"); |
3130 |
++#else |
3131 |
++ pr_warn("%s: module has no symbols (stripped?)\n", mod->name); |
3132 |
++#endif |
3133 |
+ return ERR_PTR(-ENOEXEC); |
3134 |
+ } |
3135 |
+ |
3136 |
+@@ -2475,8 +2535,14 @@ static struct module *setup_load_info(struct load_info *info) |
3137 |
static int check_modinfo(struct module *mod, struct load_info *info) |
3138 |
{ |
3139 |
const char *modmagic = get_modinfo(info, "vermagic"); |
3140 |
@@ -83893,7 +85427,7 @@ index 65362d9..96ac6ba 100644 |
3141 |
/* This is allowed: modprobe --force will invalidate it. */ |
3142 |
if (!modmagic) { |
3143 |
err = try_to_force_load(mod, "bad vermagic"); |
3144 |
-@@ -2499,7 +2542,7 @@ static int check_modinfo(struct module *mod, struct load_info *info) |
3145 |
+@@ -2499,7 +2565,7 @@ static int check_modinfo(struct module *mod, struct load_info *info) |
3146 |
} |
3147 |
|
3148 |
/* Set up license info based on the info section */ |
3149 |
@@ -83902,7 +85436,7 @@ index 65362d9..96ac6ba 100644 |
3150 |
|
3151 |
return 0; |
3152 |
} |
3153 |
-@@ -2593,7 +2636,7 @@ static int move_module(struct module *mod, struct load_info *info) |
3154 |
+@@ -2593,7 +2659,7 @@ static int move_module(struct module *mod, struct load_info *info) |
3155 |
void *ptr; |
3156 |
|
3157 |
/* Do the allocs. */ |
3158 |
@@ -83911,7 +85445,7 @@ index 65362d9..96ac6ba 100644 |
3159 |
/* |
3160 |
* The pointer to this block is stored in the module structure |
3161 |
* which is inside the block. Just mark it as not being a |
3162 |
-@@ -2603,10 +2646,10 @@ static int move_module(struct module *mod, struct load_info *info) |
3163 |
+@@ -2603,10 +2669,10 @@ static int move_module(struct module *mod, struct load_info *info) |
3164 |
if (!ptr) |
3165 |
return -ENOMEM; |
3166 |
|
3167 |
@@ -83925,7 +85459,7 @@ index 65362d9..96ac6ba 100644 |
3168 |
/* |
3169 |
* The pointer to this block is stored in the module structure |
3170 |
* which is inside the block. This block doesn't need to be |
3171 |
-@@ -2614,12 +2657,39 @@ static int move_module(struct module *mod, struct load_info *info) |
3172 |
+@@ -2614,12 +2680,39 @@ static int move_module(struct module *mod, struct load_info *info) |
3173 |
* after the module is initialized. |
3174 |
*/ |
3175 |
kmemleak_ignore(ptr); |
3176 |
@@ -83969,7 +85503,7 @@ index 65362d9..96ac6ba 100644 |
3177 |
|
3178 |
/* Transfer each section which specifies SHF_ALLOC */ |
3179 |
DEBUGP("final section addresses:\n"); |
3180 |
-@@ -2630,16 +2700,45 @@ static int move_module(struct module *mod, struct load_info *info) |
3181 |
+@@ -2630,16 +2723,45 @@ static int move_module(struct module *mod, struct load_info *info) |
3182 |
if (!(shdr->sh_flags & SHF_ALLOC)) |
3183 |
continue; |
3184 |
|
3185 |
@@ -84022,7 +85556,7 @@ index 65362d9..96ac6ba 100644 |
3186 |
DEBUGP("\t0x%lx %s\n", |
3187 |
shdr->sh_addr, info->secstrings + shdr->sh_name); |
3188 |
} |
3189 |
-@@ -2694,12 +2793,12 @@ static void flush_module_icache(const struct module *mod) |
3190 |
+@@ -2694,12 +2816,12 @@ static void flush_module_icache(const struct module *mod) |
3191 |
* Do it before processing of module parameters, so the module |
3192 |
* can provide parameter accessor functions of its own. |
3193 |
*/ |
3194 |
@@ -84041,7 +85575,7 @@ index 65362d9..96ac6ba 100644 |
3195 |
|
3196 |
set_fs(old_fs); |
3197 |
} |
3198 |
-@@ -2779,8 +2878,10 @@ static void module_deallocate(struct module *mod, struct load_info *info) |
3199 |
+@@ -2779,8 +2901,10 @@ static void module_deallocate(struct module *mod, struct load_info *info) |
3200 |
{ |
3201 |
kfree(info->strmap); |
3202 |
percpu_modfree(mod); |
3203 |
@@ -84054,7 +85588,7 @@ index 65362d9..96ac6ba 100644 |
3204 |
} |
3205 |
|
3206 |
int __weak module_finalize(const Elf_Ehdr *hdr, |
3207 |
-@@ -2844,9 +2945,38 @@ static struct module *load_module(void __user *umod, |
3208 |
+@@ -2844,9 +2968,38 @@ static struct module *load_module(void __user *umod, |
3209 |
if (err) |
3210 |
goto free_unload; |
3211 |
|
3212 |
@@ -84093,7 +85627,7 @@ index 65362d9..96ac6ba 100644 |
3213 |
/* Fix up syms, so that st_value is a pointer to location. */ |
3214 |
err = simplify_symbols(mod, &info); |
3215 |
if (err < 0) |
3216 |
-@@ -2862,13 +2992,6 @@ static struct module *load_module(void __user *umod, |
3217 |
+@@ -2862,13 +3015,6 @@ static struct module *load_module(void __user *umod, |
3218 |
|
3219 |
flush_module_icache(mod); |
3220 |
|
3221 |
@@ -84107,7 +85641,7 @@ index 65362d9..96ac6ba 100644 |
3222 |
/* Mark state as coming so strong_try_module_get() ignores us. */ |
3223 |
mod->state = MODULE_STATE_COMING; |
3224 |
|
3225 |
-@@ -2926,11 +3049,10 @@ static struct module *load_module(void __user *umod, |
3226 |
+@@ -2926,11 +3072,10 @@ static struct module *load_module(void __user *umod, |
3227 |
unlock: |
3228 |
mutex_unlock(&module_mutex); |
3229 |
synchronize_sched(); |
3230 |
@@ -84120,7 +85654,7 @@ index 65362d9..96ac6ba 100644 |
3231 |
free_unload: |
3232 |
module_unload_free(mod); |
3233 |
free_module: |
3234 |
-@@ -2971,16 +3093,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, |
3235 |
+@@ -2971,16 +3116,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, |
3236 |
MODULE_STATE_COMING, mod); |
3237 |
|
3238 |
/* Set RO and NX regions for core */ |
3239 |
@@ -84145,7 +85679,7 @@ index 65362d9..96ac6ba 100644 |
3240 |
|
3241 |
do_mod_ctors(mod); |
3242 |
/* Start the module */ |
3243 |
-@@ -3026,11 +3148,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, |
3244 |
+@@ -3026,11 +3171,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, |
3245 |
mod->strtab = mod->core_strtab; |
3246 |
#endif |
3247 |
unset_module_init_ro_nx(mod); |
3248 |
@@ -84163,7 +85697,7 @@ index 65362d9..96ac6ba 100644 |
3249 |
mutex_unlock(&module_mutex); |
3250 |
|
3251 |
return 0; |
3252 |
-@@ -3061,10 +3184,16 @@ static const char *get_ksymbol(struct module *mod, |
3253 |
+@@ -3061,10 +3207,16 @@ static const char *get_ksymbol(struct module *mod, |
3254 |
unsigned long nextval; |
3255 |
|
3256 |
/* At worse, next value is at end of module */ |
3257 |
@@ -84183,7 +85717,7 @@ index 65362d9..96ac6ba 100644 |
3258 |
|
3259 |
/* Scan for closest preceding symbol, and next symbol. (ELF |
3260 |
starts real symbols at 1). */ |
3261 |
-@@ -3312,7 +3441,7 @@ static int m_show(struct seq_file *m, void *p) |
3262 |
+@@ -3312,7 +3464,7 @@ static int m_show(struct seq_file *m, void *p) |
3263 |
char buf[8]; |
3264 |
|
3265 |
seq_printf(m, "%s %u", |
3266 |
@@ -84192,7 +85726,7 @@ index 65362d9..96ac6ba 100644 |
3267 |
print_unload_info(m, mod); |
3268 |
|
3269 |
/* Informative for users. */ |
3270 |
-@@ -3321,7 +3450,7 @@ static int m_show(struct seq_file *m, void *p) |
3271 |
+@@ -3321,7 +3473,7 @@ static int m_show(struct seq_file *m, void *p) |
3272 |
mod->state == MODULE_STATE_COMING ? "Loading": |
3273 |
"Live"); |
3274 |
/* Used by oprofile and other similar tools. */ |
3275 |
@@ -84201,7 +85735,7 @@ index 65362d9..96ac6ba 100644 |
3276 |
|
3277 |
/* Taints info */ |
3278 |
if (mod->taints) |
3279 |
-@@ -3357,7 +3486,17 @@ static const struct file_operations proc_modules_operations = { |
3280 |
+@@ -3357,7 +3509,17 @@ static const struct file_operations proc_modules_operations = { |
3281 |
|
3282 |
static int __init proc_modules_init(void) |
3283 |
{ |
3284 |
@@ -84219,7 +85753,7 @@ index 65362d9..96ac6ba 100644 |
3285 |
return 0; |
3286 |
} |
3287 |
module_init(proc_modules_init); |
3288 |
-@@ -3416,12 +3555,12 @@ struct module *__module_address(unsigned long addr) |
3289 |
+@@ -3416,12 +3578,12 @@ struct module *__module_address(unsigned long addr) |
3290 |
{ |
3291 |
struct module *mod; |
3292 |
|
3293 |
@@ -84235,7 +85769,7 @@ index 65362d9..96ac6ba 100644 |
3294 |
return mod; |
3295 |
return NULL; |
3296 |
} |
3297 |
-@@ -3455,11 +3594,20 @@ bool is_module_text_address(unsigned long addr) |
3298 |
+@@ -3455,11 +3617,20 @@ bool is_module_text_address(unsigned long addr) |
3299 |
*/ |
3300 |
struct module *__module_text_address(unsigned long addr) |
3301 |
{ |
3302 |
@@ -94518,6 +96052,23 @@ index f41f026..fe76ea8 100644 |
3303 |
__SONET_ITEMS |
3304 |
#undef __HANDLE_ITEM |
3305 |
} |
3306 |
+diff --git a/net/atm/lec.c b/net/atm/lec.c |
3307 |
+index f1964ca..f309d61 100644 |
3308 |
+--- a/net/atm/lec.c |
3309 |
++++ b/net/atm/lec.c |
3310 |
+@@ -116,9 +116,9 @@ static inline void lec_arp_put(struct lec_arp_table *entry) |
3311 |
+ } |
3312 |
+ |
3313 |
+ static struct lane2_ops lane2_ops = { |
3314 |
+- lane2_resolve, /* resolve, spec 3.1.3 */ |
3315 |
+- lane2_associate_req, /* associate_req, spec 3.1.4 */ |
3316 |
+- NULL /* associate indicator, spec 3.1.5 */ |
3317 |
++ .resolve = lane2_resolve, |
3318 |
++ .associate_req = lane2_associate_req, |
3319 |
++ .associate_indicator = NULL |
3320 |
+ }; |
3321 |
+ |
3322 |
+ static unsigned char bus_mac[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; |
3323 |
diff --git a/net/atm/lec.h b/net/atm/lec.h |
3324 |
index dfc0719..47c5322 100644 |
3325 |
--- a/net/atm/lec.h |
3326 |
@@ -94531,6 +96082,62 @@ index dfc0719..47c5322 100644 |
3327 |
|
3328 |
/* |
3329 |
* ATM LAN Emulation supports both LLC & Dix Ethernet EtherType |
3330 |
+diff --git a/net/atm/mpoa_caches.c b/net/atm/mpoa_caches.c |
3331 |
+index d1b2d9a..d549f7f 100644 |
3332 |
+--- a/net/atm/mpoa_caches.c |
3333 |
++++ b/net/atm/mpoa_caches.c |
3334 |
+@@ -535,30 +535,30 @@ static void eg_destroy_cache(struct mpoa_client *mpc) |
3335 |
+ |
3336 |
+ |
3337 |
+ static struct in_cache_ops ingress_ops = { |
3338 |
+- in_cache_add_entry, /* add_entry */ |
3339 |
+- in_cache_get, /* get */ |
3340 |
+- in_cache_get_with_mask, /* get_with_mask */ |
3341 |
+- in_cache_get_by_vcc, /* get_by_vcc */ |
3342 |
+- in_cache_put, /* put */ |
3343 |
+- in_cache_remove_entry, /* remove_entry */ |
3344 |
+- cache_hit, /* cache_hit */ |
3345 |
+- clear_count_and_expired, /* clear_count */ |
3346 |
+- check_resolving_entries, /* check_resolving */ |
3347 |
+- refresh_entries, /* refresh */ |
3348 |
+- in_destroy_cache /* destroy_cache */ |
3349 |
++ .add_entry = in_cache_add_entry, |
3350 |
++ .get = in_cache_get, |
3351 |
++ .get_with_mask = in_cache_get_with_mask, |
3352 |
++ .get_by_vcc = in_cache_get_by_vcc, |
3353 |
++ .put = in_cache_put, |
3354 |
++ .remove_entry = in_cache_remove_entry, |
3355 |
++ .cache_hit = cache_hit, |
3356 |
++ .clear_count = clear_count_and_expired, |
3357 |
++ .check_resolving = check_resolving_entries, |
3358 |
++ .refresh = refresh_entries, |
3359 |
++ .destroy_cache = in_destroy_cache |
3360 |
+ }; |
3361 |
+ |
3362 |
+ static struct eg_cache_ops egress_ops = { |
3363 |
+- eg_cache_add_entry, /* add_entry */ |
3364 |
+- eg_cache_get_by_cache_id, /* get_by_cache_id */ |
3365 |
+- eg_cache_get_by_tag, /* get_by_tag */ |
3366 |
+- eg_cache_get_by_vcc, /* get_by_vcc */ |
3367 |
+- eg_cache_get_by_src_ip, /* get_by_src_ip */ |
3368 |
+- eg_cache_put, /* put */ |
3369 |
+- eg_cache_remove_entry, /* remove_entry */ |
3370 |
+- update_eg_cache_entry, /* update */ |
3371 |
+- clear_expired, /* clear_expired */ |
3372 |
+- eg_destroy_cache /* destroy_cache */ |
3373 |
++ .add_entry = eg_cache_add_entry, |
3374 |
++ .get_by_cache_id = eg_cache_get_by_cache_id, |
3375 |
++ .get_by_tag = eg_cache_get_by_tag, |
3376 |
++ .get_by_vcc = eg_cache_get_by_vcc, |
3377 |
++ .get_by_src_ip = eg_cache_get_by_src_ip, |
3378 |
++ .put = eg_cache_put, |
3379 |
++ .remove_entry = eg_cache_remove_entry, |
3380 |
++ .update = update_eg_cache_entry, |
3381 |
++ .clear_expired = clear_expired, |
3382 |
++ .destroy_cache = eg_destroy_cache |
3383 |
+ }; |
3384 |
+ |
3385 |
+ |
3386 |
diff --git a/net/atm/proc.c b/net/atm/proc.c |
3387 |
index 0d020de..011c7bb 100644 |
3388 |
--- a/net/atm/proc.c |
3389 |
@@ -96036,6 +97643,19 @@ index 16fbf8c..ff4b0fc 100644 |
3390 |
}; |
3391 |
|
3392 |
static struct sock *dn_alloc_sock(struct net *net, struct socket *sock, gfp_t gfp) |
3393 |
+diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c |
3394 |
+index 74d321a..3314f68 100644 |
3395 |
+--- a/net/decnet/dn_dev.c |
3396 |
++++ b/net/decnet/dn_dev.c |
3397 |
+@@ -201,7 +201,7 @@ static struct dn_dev_sysctl_table { |
3398 |
+ .extra1 = &min_t3, |
3399 |
+ .extra2 = &max_t3 |
3400 |
+ }, |
3401 |
+- {0} |
3402 |
++ { } |
3403 |
+ }, |
3404 |
+ }; |
3405 |
+ |
3406 |
diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c |
3407 |
index d50a13c..1f612ff 100644 |
3408 |
--- a/net/decnet/sysctl_net_decnet.c |
3409 |
@@ -101378,6 +102998,19 @@ index 0af7f54..c916d2f 100644 |
3410 |
err = handler(dev, info, (union iwreq_data *) iwp, extra); |
3411 |
|
3412 |
iwp->length += essid_compat; |
3413 |
+diff --git a/net/x25/sysctl_net_x25.c b/net/x25/sysctl_net_x25.c |
3414 |
+index d2efd29..ffeadf5 100644 |
3415 |
+--- a/net/x25/sysctl_net_x25.c |
3416 |
++++ b/net/x25/sysctl_net_x25.c |
3417 |
+@@ -70,7 +70,7 @@ static struct ctl_table x25_table[] = { |
3418 |
+ .mode = 0644, |
3419 |
+ .proc_handler = proc_dointvec, |
3420 |
+ }, |
3421 |
+- { 0, }, |
3422 |
++ { }, |
3423 |
+ }; |
3424 |
+ |
3425 |
+ static struct ctl_path x25_path[] = { |
3426 |
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c |
3427 |
index 113d20e..2bb5a4e 100644 |
3428 |
--- a/net/xfrm/xfrm_policy.c |
3429 |
@@ -101661,6 +103294,16 @@ index ede01a8..756e6bd 100644 |
3430 |
if (err) |
3431 |
goto out; |
3432 |
|
3433 |
+diff --git a/scripts/Makefile b/scripts/Makefile |
3434 |
+index 3626666..4d873cd 100644 |
3435 |
+--- a/scripts/Makefile |
3436 |
++++ b/scripts/Makefile |
3437 |
+@@ -35,3 +35,5 @@ subdir-$(CONFIG_DTC) += dtc |
3438 |
+ |
3439 |
+ # Let clean descend into subdirs |
3440 |
+ subdir- += basic kconfig package selinux |
3441 |
++ |
3442 |
++clean-files := randstruct.seed |
3443 |
diff --git a/scripts/Makefile.build b/scripts/Makefile.build |
3444 |
index d2b366c..2d5a6f8 100644 |
3445 |
--- a/scripts/Makefile.build |
3446 |
@@ -104865,6 +106508,21 @@ index 638600b..2e6b1fd 100644 |
3447 |
break; |
3448 |
default: |
3449 |
result = -EINVAL; |
3450 |
+diff --git a/sound/core/seq/oss/seq_oss.c b/sound/core/seq/oss/seq_oss.c |
3451 |
+index 8d4d5e8..fdd0826 100644 |
3452 |
+--- a/sound/core/seq/oss/seq_oss.c |
3453 |
++++ b/sound/core/seq/oss/seq_oss.c |
3454 |
+@@ -75,8 +75,8 @@ static int __init alsa_seq_oss_init(void) |
3455 |
+ { |
3456 |
+ int rc; |
3457 |
+ static struct snd_seq_dev_ops ops = { |
3458 |
+- snd_seq_oss_synth_register, |
3459 |
+- snd_seq_oss_synth_unregister, |
3460 |
++ .init_device = snd_seq_oss_synth_register, |
3461 |
++ .free_device = snd_seq_oss_synth_unregister, |
3462 |
+ }; |
3463 |
+ |
3464 |
+ snd_seq_autoload_lock(); |
3465 |
diff --git a/sound/core/seq/seq_device.c b/sound/core/seq/seq_device.c |
3466 |
index 5cf8d65..912a79c 100644 |
3467 |
--- a/sound/core/seq/seq_device.c |
3468 |
@@ -104905,6 +106563,21 @@ index 5cf8d65..912a79c 100644 |
3469 |
dev->status = SNDRV_SEQ_DEVICE_FREE; |
3470 |
dev->driver_data = NULL; |
3471 |
ops->num_init_devices--; |
3472 |
+diff --git a/sound/core/seq/seq_midi.c b/sound/core/seq/seq_midi.c |
3473 |
+index 64069db..3c6d392 100644 |
3474 |
+--- a/sound/core/seq/seq_midi.c |
3475 |
++++ b/sound/core/seq/seq_midi.c |
3476 |
+@@ -462,8 +462,8 @@ snd_seq_midisynth_unregister_port(struct snd_seq_device *dev) |
3477 |
+ static int __init alsa_seq_midi_init(void) |
3478 |
+ { |
3479 |
+ static struct snd_seq_dev_ops ops = { |
3480 |
+- snd_seq_midisynth_register_port, |
3481 |
+- snd_seq_midisynth_unregister_port, |
3482 |
++ .init_device = snd_seq_midisynth_register_port, |
3483 |
++ .free_device = snd_seq_midisynth_unregister_port, |
3484 |
+ }; |
3485 |
+ memset(&synths, 0, sizeof(synths)); |
3486 |
+ snd_seq_autoload_lock(); |
3487 |
diff --git a/sound/core/sound.c b/sound/core/sound.c |
3488 |
index 8e17b4d..6819e80 100644 |
3489 |
--- a/sound/core/sound.c |
3490 |
@@ -104978,6 +106651,21 @@ index f24bf9a..1f7b67c 100644 |
3491 |
|
3492 |
return 0; |
3493 |
} |
3494 |
+diff --git a/sound/drivers/opl3/opl3_seq.c b/sound/drivers/opl3/opl3_seq.c |
3495 |
+index 723562e..c3ff2f5 100644 |
3496 |
+--- a/sound/drivers/opl3/opl3_seq.c |
3497 |
++++ b/sound/drivers/opl3/opl3_seq.c |
3498 |
+@@ -281,8 +281,8 @@ static int __init alsa_opl3_seq_init(void) |
3499 |
+ { |
3500 |
+ static struct snd_seq_dev_ops ops = |
3501 |
+ { |
3502 |
+- snd_opl3_seq_new_device, |
3503 |
+- snd_opl3_seq_delete_device |
3504 |
++ .init_device = snd_opl3_seq_new_device, |
3505 |
++ .free_device = snd_opl3_seq_delete_device |
3506 |
+ }; |
3507 |
+ |
3508 |
+ return snd_seq_device_register_driver(SNDRV_SEQ_DEV_ID_OPL3, &ops, |
3509 |
diff --git a/sound/drivers/opl4/opl4_lib.c b/sound/drivers/opl4/opl4_lib.c |
3510 |
index b953fb4..1999c01 100644 |
3511 |
--- a/sound/drivers/opl4/opl4_lib.c |
3512 |
@@ -104991,6 +106679,21 @@ index b953fb4..1999c01 100644 |
3513 |
{ |
3514 |
int timeout = 10; |
3515 |
while ((inb(opl4->fm_port) & OPL4_STATUS_BUSY) && --timeout > 0) |
3516 |
+diff --git a/sound/drivers/opl4/opl4_seq.c b/sound/drivers/opl4/opl4_seq.c |
3517 |
+index 9919769..d7de36c 100644 |
3518 |
+--- a/sound/drivers/opl4/opl4_seq.c |
3519 |
++++ b/sound/drivers/opl4/opl4_seq.c |
3520 |
+@@ -198,8 +198,8 @@ static int snd_opl4_seq_delete_device(struct snd_seq_device *dev) |
3521 |
+ static int __init alsa_opl4_synth_init(void) |
3522 |
+ { |
3523 |
+ static struct snd_seq_dev_ops ops = { |
3524 |
+- snd_opl4_seq_new_device, |
3525 |
+- snd_opl4_seq_delete_device |
3526 |
++ .init_device = snd_opl4_seq_new_device, |
3527 |
++ .free_device = snd_opl4_seq_delete_device |
3528 |
+ }; |
3529 |
+ |
3530 |
+ return snd_seq_device_register_driver(SNDRV_SEQ_DEV_ID_OPL4, &ops, |
3531 |
diff --git a/sound/drivers/portman2x4.c b/sound/drivers/portman2x4.c |
3532 |
index f664823..590c745 100644 |
3533 |
--- a/sound/drivers/portman2x4.c |
3534 |
@@ -105091,6 +106794,21 @@ index cd094ec..eca1277 100644 |
3535 |
break; |
3536 |
default: |
3537 |
return -EINVAL; |
3538 |
+diff --git a/sound/isa/sb/emu8000_synth.c b/sound/isa/sb/emu8000_synth.c |
3539 |
+index 4e3fcfb..ab45a9d 100644 |
3540 |
+--- a/sound/isa/sb/emu8000_synth.c |
3541 |
++++ b/sound/isa/sb/emu8000_synth.c |
3542 |
+@@ -120,8 +120,8 @@ static int __init alsa_emu8000_init(void) |
3543 |
+ { |
3544 |
+ |
3545 |
+ static struct snd_seq_dev_ops ops = { |
3546 |
+- snd_emu8000_new_device, |
3547 |
+- snd_emu8000_delete_device, |
3548 |
++ .init_device = snd_emu8000_new_device, |
3549 |
++ .free_device = snd_emu8000_delete_device, |
3550 |
+ }; |
3551 |
+ return snd_seq_device_register_driver(SNDRV_SEQ_DEV_ID_EMU8000, &ops, |
3552 |
+ sizeof(struct snd_emu8000*)); |
3553 |
diff --git a/sound/oss/sb_audio.c b/sound/oss/sb_audio.c |
3554 |
index 733b014..56ce96f 100644 |
3555 |
--- a/sound/oss/sb_audio.c |
3556 |
@@ -105142,6 +106860,21 @@ index 09d4648..cf234c7 100644 |
3557 |
|
3558 |
list_add(&s->list, &cs4297a_devs); |
3559 |
|
3560 |
+diff --git a/sound/pci/emu10k1/emu10k1_synth.c b/sound/pci/emu10k1/emu10k1_synth.c |
3561 |
+index 4c41c90..37f3631 100644 |
3562 |
+--- a/sound/pci/emu10k1/emu10k1_synth.c |
3563 |
++++ b/sound/pci/emu10k1/emu10k1_synth.c |
3564 |
+@@ -108,8 +108,8 @@ static int __init alsa_emu10k1_synth_init(void) |
3565 |
+ { |
3566 |
+ |
3567 |
+ static struct snd_seq_dev_ops ops = { |
3568 |
+- snd_emu10k1_synth_new_device, |
3569 |
+- snd_emu10k1_synth_delete_device, |
3570 |
++ .init_device = snd_emu10k1_synth_new_device, |
3571 |
++ .free_device = snd_emu10k1_synth_delete_device, |
3572 |
+ }; |
3573 |
+ return snd_seq_device_register_driver(SNDRV_SEQ_DEV_ID_EMU10K1_SYNTH, &ops, |
3574 |
+ sizeof(struct snd_emu10k1_synth_arg)); |
3575 |
diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c |
3576 |
index faabaa5..9888f8b 100644 |
3577 |
--- a/sound/pci/hda/hda_codec.c |
3578 |
@@ -105260,6 +106993,31 @@ index 6ce2778..f25c378 100644 |
3579 |
return s->unit_minor; |
3580 |
|
3581 |
fail: |
3582 |
+diff --git a/sound/synth/emux/emux_seq.c b/sound/synth/emux/emux_seq.c |
3583 |
+index 7778b8e..3d619fc 100644 |
3584 |
+--- a/sound/synth/emux/emux_seq.c |
3585 |
++++ b/sound/synth/emux/emux_seq.c |
3586 |
+@@ -33,13 +33,13 @@ static int snd_emux_unuse(void *private_data, struct snd_seq_port_subscribe *inf |
3587 |
+ * MIDI emulation operators |
3588 |
+ */ |
3589 |
+ static struct snd_midi_op emux_ops = { |
3590 |
+- snd_emux_note_on, |
3591 |
+- snd_emux_note_off, |
3592 |
+- snd_emux_key_press, |
3593 |
+- snd_emux_terminate_note, |
3594 |
+- snd_emux_control, |
3595 |
+- snd_emux_nrpn, |
3596 |
+- snd_emux_sysex, |
3597 |
++ .note_on = snd_emux_note_on, |
3598 |
++ .note_off = snd_emux_note_off, |
3599 |
++ .key_press = snd_emux_key_press, |
3600 |
++ .note_terminate = snd_emux_terminate_note, |
3601 |
++ .control = snd_emux_control, |
3602 |
++ .nrpn = snd_emux_nrpn, |
3603 |
++ .sysex = snd_emux_sysex, |
3604 |
+ }; |
3605 |
+ |
3606 |
+ |
3607 |
diff --git a/sound/usb/card.h b/sound/usb/card.h |
3608 |
index 0a7ca6c..f4b948c 100644 |
3609 |
--- a/sound/usb/card.h |
3610 |
@@ -105283,17 +107041,19 @@ index 0a7ca6c..f4b948c 100644 |
3611 |
}; |
3612 |
diff --git a/tools/gcc/.gitignore b/tools/gcc/.gitignore |
3613 |
new file mode 100644 |
3614 |
-index 0000000..50f2f2f |
3615 |
+index 0000000..54052c3 |
3616 |
--- /dev/null |
3617 |
+++ b/tools/gcc/.gitignore |
3618 |
-@@ -0,0 +1 @@ |
3619 |
+@@ -0,0 +1,3 @@ |
3620 |
+size_overflow_hash.h |
3621 |
++randomize_layout_seed.h |
3622 |
++randomize_layout_hash.data |
3623 |
diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile |
3624 |
new file mode 100644 |
3625 |
-index 0000000..270a5bc |
3626 |
+index 0000000..51a2ba2 |
3627 |
--- /dev/null |
3628 |
+++ b/tools/gcc/Makefile |
3629 |
-@@ -0,0 +1,45 @@ |
3630 |
+@@ -0,0 +1,55 @@ |
3631 |
+#CC := gcc |
3632 |
+#PLUGIN_SOURCE_FILES := pax_plugin.c |
3633 |
+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) |
3634 |
@@ -105317,6 +107077,7 @@ index 0000000..270a5bc |
3635 |
+$(HOSTLIBS)-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so |
3636 |
+$(HOSTLIBS)-$(CONFIG_PAX_LATENT_ENTROPY) += latent_entropy_plugin.so |
3637 |
+$(HOSTLIBS)-$(CONFIG_PAX_MEMORY_STRUCTLEAK) += structleak_plugin.so |
3638 |
++$(HOSTLIBS)-$(CONFIG_GRKERNSEC_RANDSTRUCT) += randomize_layout_plugin.so |
3639 |
+ |
3640 |
+always := $($(HOSTLIBS)-y) |
3641 |
+ |
3642 |
@@ -105329,8 +107090,11 @@ index 0000000..270a5bc |
3643 |
+size_overflow_plugin-objs := size_overflow_plugin.o |
3644 |
+latent_entropy_plugin-objs := latent_entropy_plugin.o |
3645 |
+structleak_plugin-objs := structleak_plugin.o |
3646 |
++randomize_layout_plugin-objs := randomize_layout_plugin.o |
3647 |
+ |
3648 |
+$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h |
3649 |
++$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h \ |
3650 |
++ $(objtree)/$(obj)/randomize_layout_hash.data |
3651 |
+ |
3652 |
+quiet_cmd_build_size_overflow_hash = GENHASH $@ |
3653 |
+ cmd_build_size_overflow_hash = \ |
3654 |
@@ -105338,7 +107102,13 @@ index 0000000..270a5bc |
3655 |
+$(objtree)/$(obj)/size_overflow_hash.h: $(src)/size_overflow_hash.data FORCE |
3656 |
+ $(call if_changed,build_size_overflow_hash) |
3657 |
+ |
3658 |
-+targets += size_overflow_hash.h |
3659 |
++quiet_cmd_create_randomize_layout_seed = GENSEED $@ |
3660 |
++ cmd_create_randomize_layout_seed = \ |
3661 |
++ $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/$(obj)/randomize_layout_hash.data |
3662 |
++$(objtree)/$(obj)/randomize_layout_seed.h $(objtree)/$(obj)/randomize_layout_hash.data: FORCE |
3663 |
++ $(call if_changed,create_randomize_layout_seed) |
3664 |
++ |
3665 |
++targets += size_overflow_hash.h randomize_layout_seed.h randomize_layout_hash.data |
3666 |
diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c |
3667 |
new file mode 100644 |
3668 |
index 0000000..5452feea |
3669 |
@@ -106230,10 +108000,10 @@ index 0000000..4f67ac1 |
3670 |
+} |
3671 |
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h |
3672 |
new file mode 100644 |
3673 |
-index 0000000..986f39b |
3674 |
+index 0000000..312d3b6 |
3675 |
--- /dev/null |
3676 |
+++ b/tools/gcc/gcc-common.h |
3677 |
-@@ -0,0 +1,267 @@ |
3678 |
+@@ -0,0 +1,268 @@ |
3679 |
+#ifndef GCC_COMMON_H_INCLUDED |
3680 |
+#define GCC_COMMON_H_INCLUDED |
3681 |
+ |
3682 |
@@ -106324,6 +108094,7 @@ index 0000000..986f39b |
3683 |
+#if BUILDING_GCC_VERSION >= 4009 |
3684 |
+#include "tree-ssa-operands.h" |
3685 |
+#include "tree-phinodes.h" |
3686 |
++#include "tree-cfg.h" |
3687 |
+#include "gimple-iterator.h" |
3688 |
+#include "gimple-ssa.h" |
3689 |
+#include "ssa-iterators.h" |
3690 |
@@ -106501,6 +108272,19 @@ index 0000000..986f39b |
3691 |
+#endif |
3692 |
+ |
3693 |
+#endif |
3694 |
+diff --git a/tools/gcc/gen-random-seed.sh b/tools/gcc/gen-random-seed.sh |
3695 |
+new file mode 100644 |
3696 |
+index 0000000..8030e6e |
3697 |
+--- /dev/null |
3698 |
++++ b/tools/gcc/gen-random-seed.sh |
3699 |
+@@ -0,0 +1,7 @@ |
3700 |
++#!/bin/sh |
3701 |
++ |
3702 |
++if [ ! -f "$1" ]; then |
3703 |
++ SEED=`od -A n -t x8 -N 32 /dev/urandom | tr -d ' \n'` |
3704 |
++ echo "const char *randstruct_seed = \"$SEED\";" > "$1" |
3705 |
++ echo -n "$SEED" | sha256sum | cut -d" " -f1 | tr -d "\n" > "$2" |
3706 |
++fi |
3707 |
diff --git a/tools/gcc/generate_size_overflow_hash.sh b/tools/gcc/generate_size_overflow_hash.sh |
3708 |
new file mode 100644 |
3709 |
index 0000000..e518932 |
3710 |
@@ -107316,7 +109100,7 @@ index 0000000..dd73713 |
3711 |
+} |
3712 |
diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c |
3713 |
new file mode 100644 |
3714 |
-index 0000000..f04b680 |
3715 |
+index 0000000..592b923 |
3716 |
--- /dev/null |
3717 |
+++ b/tools/gcc/latent_entropy_plugin.c |
3718 |
@@ -0,0 +1,325 @@ |
3719 |
@@ -107639,12 +109423,920 @@ index 0000000..f04b680 |
3720 |
+ } |
3721 |
+ |
3722 |
+ register_callback(plugin_name, PLUGIN_INFO, NULL, &latent_entropy_plugin_info); |
3723 |
-+ register_callback ("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL); |
3724 |
++ register_callback(plugin_name, PLUGIN_START_UNIT, &start_unit_callback, NULL); |
3725 |
+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &latent_entropy_pass_info); |
3726 |
+ register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL); |
3727 |
+ |
3728 |
+ return 0; |
3729 |
+} |
3730 |
+diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c |
3731 |
+new file mode 100644 |
3732 |
+index 0000000..fed12bf |
3733 |
+--- /dev/null |
3734 |
++++ b/tools/gcc/randomize_layout_plugin.c |
3735 |
+@@ -0,0 +1,902 @@ |
3736 |
++/* |
3737 |
++ * Copyright 2014 by Open Source Security, Inc., Brad Spengler <spender@××××××××××.net> |
3738 |
++ * and PaX Team <pageexec@××××××××.hu> |
3739 |
++ * Licensed under the GPL v2 |
3740 |
++ * |
3741 |
++ * Usage: |
3742 |
++ * $ # for 4.5/4.6/C based 4.7 |
3743 |
++ * $ gcc -I`gcc -print-file-name=plugin`/include -I`gcc -print-file-name=plugin`/include/c-family -fPIC -shared -O2 -o randomize_layout_plugin.so randomize_layout_plugin.c |
3744 |
++ * $ # for C++ based 4.7/4.8+ |
3745 |
++ * $ g++ -I`g++ -print-file-name=plugin`/include -I`g++ -print-file-name=plugin`/include/c-family -fPIC -shared -O2 -o randomize_layout_plugin.so randomize_layout_plugin.c |
3746 |
++ * $ gcc -fplugin=./randomize_layout_plugin.so test.c -O2 |
3747 |
++ */ |
3748 |
++ |
3749 |
++#include "gcc-common.h" |
3750 |
++#include "randomize_layout_seed.h" |
3751 |
++ |
3752 |
++#define ORIG_TYPE_NAME(node) \ |
3753 |
++ (TYPE_NAME(TYPE_MAIN_VARIANT(node)) != NULL_TREE ? ((const unsigned char *)IDENTIFIER_POINTER(TYPE_NAME(TYPE_MAIN_VARIANT(node)))) : (const unsigned char *)"anonymous") |
3754 |
++ |
3755 |
++int plugin_is_GPL_compatible; |
3756 |
++ |
3757 |
++static int performance_mode; |
3758 |
++ |
3759 |
++static struct plugin_info randomize_layout_plugin_info = { |
3760 |
++ .version = "201402061950", |
3761 |
++ .help = "disable\t\t\tdo not activate plugin\n" |
3762 |
++ "performance-mode\tenable cacheline-aware layout randomization\n" |
3763 |
++}; |
3764 |
++ |
3765 |
++/* from old Linux dcache.h */ |
3766 |
++static inline unsigned long |
3767 |
++partial_name_hash(unsigned long c, unsigned long prevhash) |
3768 |
++{ |
3769 |
++ return (prevhash + (c << 4) + (c >> 4)) * 11; |
3770 |
++} |
3771 |
++static inline unsigned int |
3772 |
++name_hash(const unsigned char *name) |
3773 |
++{ |
3774 |
++ unsigned long hash = 0; |
3775 |
++ unsigned int len = strlen((const char *)name); |
3776 |
++ while (len--) |
3777 |
++ hash = partial_name_hash(*name++, hash); |
3778 |
++ return (unsigned int)hash; |
3779 |
++} |
3780 |
++ |
3781 |
++static tree handle_randomize_layout_attr(tree *node, tree name, tree args, int flags, bool *no_add_attrs) |
3782 |
++{ |
3783 |
++ tree type; |
3784 |
++ |
3785 |
++ *no_add_attrs = true; |
3786 |
++ if (TREE_CODE(*node) == FUNCTION_DECL) { |
3787 |
++ error("%qE attribute does not apply to functions (%qF)", name, *node); |
3788 |
++ return NULL_TREE; |
3789 |
++ } |
3790 |
++ |
3791 |
++ if (TREE_CODE(*node) == PARM_DECL) { |
3792 |
++ error("%qE attribute does not apply to function parameters (%qD)", name, *node); |
3793 |
++ return NULL_TREE; |
3794 |
++ } |
3795 |
++ |
3796 |
++ if (TREE_CODE(*node) == VAR_DECL) { |
3797 |
++ error("%qE attribute does not apply to variables (%qD)", name, *node); |
3798 |
++ return NULL_TREE; |
3799 |
++ } |
3800 |
++ |
3801 |
++ if (TYPE_P(*node)) { |
3802 |
++ type = *node; |
3803 |
++ } else { |
3804 |
++ gcc_assert(TREE_CODE(*node) == TYPE_DECL); |
3805 |
++ type = TREE_TYPE(*node); |
3806 |
++ } |
3807 |
++ |
3808 |
++ if (TREE_CODE(type) != RECORD_TYPE) { |
3809 |
++ error("%qE attribute used on %qT applies to struct types only", name, type); |
3810 |
++ return NULL_TREE; |
3811 |
++ } |
3812 |
++ |
3813 |
++ if (lookup_attribute(IDENTIFIER_POINTER(name), TYPE_ATTRIBUTES(type))) { |
3814 |
++ error("%qE attribute is already applied to the type %qT", name, type); |
3815 |
++ return NULL_TREE; |
3816 |
++ } |
3817 |
++ |
3818 |
++ *no_add_attrs = false; |
3819 |
++ |
3820 |
++ return NULL_TREE; |
3821 |
++} |
3822 |
++ |
3823 |
++/* set on complete types that we don't need to inspect further at all */ |
3824 |
++static tree handle_randomize_considered_attr(tree *node, tree name, tree args, int flags, bool *no_add_attrs) |
3825 |
++{ |
3826 |
++ *no_add_attrs = false; |
3827 |
++ return NULL_TREE; |
3828 |
++} |
3829 |
++ |
3830 |
++/* |
3831 |
++ * set on types that we've performed a shuffle on, to prevent re-shuffling |
3832 |
++ * this does not preclude us from inspecting its fields for potential shuffles |
3833 |
++ */ |
3834 |
++static tree handle_randomize_performed_attr(tree *node, tree name, tree args, int flags, bool *no_add_attrs) |
3835 |
++{ |
3836 |
++ *no_add_attrs = false; |
3837 |
++ return NULL_TREE; |
3838 |
++} |
3839 |
++ |
3840 |
++/* |
3841 |
++ * 64bit variant of Bob Jenkins' public domain PRNG |
3842 |
++ * 256 bits of internal state |
3843 |
++ */ |
3844 |
++ |
3845 |
++typedef unsigned long long u64; |
3846 |
++ |
3847 |
++typedef struct ranctx { u64 a; u64 b; u64 c; u64 d; } ranctx; |
3848 |
++ |
3849 |
++#define rot(x,k) (((x)<<(k))|((x)>>(64-(k)))) |
3850 |
++static u64 ranval(ranctx *x) { |
3851 |
++ u64 e = x->a - rot(x->b, 7); |
3852 |
++ x->a = x->b ^ rot(x->c, 13); |
3853 |
++ x->b = x->c + rot(x->d, 37); |
3854 |
++ x->c = x->d + e; |
3855 |
++ x->d = e + x->a; |
3856 |
++ return x->d; |
3857 |
++} |
3858 |
++ |
3859 |
++static void raninit(ranctx *x, u64 *seed) { |
3860 |
++ int i; |
3861 |
++ |
3862 |
++ x->a = seed[0]; |
3863 |
++ x->b = seed[1]; |
3864 |
++ x->c = seed[2]; |
3865 |
++ x->d = seed[3]; |
3866 |
++ |
3867 |
++ for (i=0; i < 30; ++i) |
3868 |
++ (void)ranval(x); |
3869 |
++} |
3870 |
++ |
3871 |
++static u64 shuffle_seed[4]; |
3872 |
++ |
3873 |
++struct partition_group { |
3874 |
++ tree tree_start; |
3875 |
++ unsigned long start; |
3876 |
++ unsigned long length; |
3877 |
++}; |
3878 |
++ |
3879 |
++static void partition_struct(tree *fields, unsigned long length, struct partition_group *size_groups, unsigned long *num_groups) |
3880 |
++{ |
3881 |
++ unsigned long i; |
3882 |
++ unsigned long accum_size = 0; |
3883 |
++ unsigned long accum_length = 0; |
3884 |
++ unsigned long group_idx = 0; |
3885 |
++ |
3886 |
++ gcc_assert(length < INT_MAX); |
3887 |
++ |
3888 |
++ memset(size_groups, 0, sizeof(struct partition_group) * length); |
3889 |
++ |
3890 |
++ for (i = 0; i < length; i++) { |
3891 |
++ if (size_groups[group_idx].tree_start == NULL_TREE) { |
3892 |
++ size_groups[group_idx].tree_start = fields[i]; |
3893 |
++ size_groups[group_idx].start = i; |
3894 |
++ accum_length = 0; |
3895 |
++ accum_size = 0; |
3896 |
++ } |
3897 |
++ accum_size += (unsigned long)int_size_in_bytes(TREE_TYPE(fields[i])); |
3898 |
++ accum_length++; |
3899 |
++ if (accum_size >= 64) { |
3900 |
++ size_groups[group_idx].length = accum_length; |
3901 |
++ accum_length = 0; |
3902 |
++ group_idx++; |
3903 |
++ } |
3904 |
++ } |
3905 |
++ |
3906 |
++ if (size_groups[group_idx].tree_start != NULL_TREE && |
3907 |
++ !size_groups[group_idx].length) { |
3908 |
++ size_groups[group_idx].length = accum_length; |
3909 |
++ group_idx++; |
3910 |
++ } |
3911 |
++ |
3912 |
++ *num_groups = group_idx; |
3913 |
++} |
3914 |
++ |
3915 |
++static void performance_shuffle(tree *newtree, unsigned long length, ranctx *prng_state) |
3916 |
++{ |
3917 |
++ unsigned long i, x; |
3918 |
++ struct partition_group size_group[length]; |
3919 |
++ unsigned long num_groups = 0; |
3920 |
++ unsigned long randnum; |
3921 |
++ |
3922 |
++ partition_struct(newtree, length, (struct partition_group *)&size_group, &num_groups); |
3923 |
++ for (i = num_groups - 1; i > 0; i--) { |
3924 |
++ struct partition_group tmp; |
3925 |
++ randnum = ranval(prng_state) % (i + 1); |
3926 |
++ tmp = size_group[i]; |
3927 |
++ size_group[i] = size_group[randnum]; |
3928 |
++ size_group[randnum] = tmp; |
3929 |
++ } |
3930 |
++ |
3931 |
++ for (x = 0; x < num_groups; x++) { |
3932 |
++ for (i = size_group[x].start + size_group[x].length - 1; i > size_group[x].start; i--) { |
3933 |
++ tree tmp; |
3934 |
++ if (DECL_BIT_FIELD_TYPE(newtree[i])) |
3935 |
++ continue; |
3936 |
++ randnum = ranval(prng_state) % (i + 1); |
3937 |
++ // we could handle this case differently if desired |
3938 |
++ if (DECL_BIT_FIELD_TYPE(newtree[randnum])) |
3939 |
++ continue; |
3940 |
++ tmp = newtree[i]; |
3941 |
++ newtree[i] = newtree[randnum]; |
3942 |
++ newtree[randnum] = tmp; |
3943 |
++ } |
3944 |
++ } |
3945 |
++} |
3946 |
++ |
3947 |
++static void full_shuffle(tree *newtree, unsigned long length, ranctx *prng_state) |
3948 |
++{ |
3949 |
++ unsigned long i, randnum; |
3950 |
++ |
3951 |
++ for (i = length - 1; i > 0; i--) { |
3952 |
++ tree tmp; |
3953 |
++ randnum = ranval(prng_state) % (i + 1); |
3954 |
++ tmp = newtree[i]; |
3955 |
++ newtree[i] = newtree[randnum]; |
3956 |
++ newtree[randnum] = tmp; |
3957 |
++ } |
3958 |
++} |
3959 |
++ |
3960 |
++/* modern in-place Fisher-Yates shuffle */ |
3961 |
++static void shuffle(const_tree type, tree *newtree, unsigned long length) |
3962 |
++{ |
3963 |
++ unsigned long i; |
3964 |
++ u64 seed[4]; |
3965 |
++ ranctx prng_state; |
3966 |
++ const unsigned char *structname; |
3967 |
++ |
3968 |
++ if (length == 0) |
3969 |
++ return; |
3970 |
++ |
3971 |
++ gcc_assert(TREE_CODE(type) == RECORD_TYPE); |
3972 |
++ |
3973 |
++ structname = ORIG_TYPE_NAME(type); |
3974 |
++ |
3975 |
++#ifdef __DEBUG_PLUGIN |
3976 |
++ fprintf(stderr, "Shuffling struct %s %p\n", (const char *)structname, type); |
3977 |
++#ifdef __DEBUG_VERBOSE |
3978 |
++ debug_tree((tree)type); |
3979 |
++#endif |
3980 |
++#endif |
3981 |
++ |
3982 |
++ for (i = 0; i < 4; i++) { |
3983 |
++ seed[i] = shuffle_seed[i]; |
3984 |
++ seed[i] ^= name_hash(structname); |
3985 |
++ } |
3986 |
++ |
3987 |
++ raninit(&prng_state, (u64 *)&seed); |
3988 |
++ |
3989 |
++ if (performance_mode) |
3990 |
++ performance_shuffle(newtree, length, &prng_state); |
3991 |
++ else |
3992 |
++ full_shuffle(newtree, length, &prng_state); |
3993 |
++} |
3994 |
++ |
3995 |
++static bool is_flexible_array(const_tree field) |
3996 |
++{ |
3997 |
++ const_tree fieldtype; |
3998 |
++ const_tree typesize; |
3999 |
++ const_tree elemtype; |
4000 |
++ const_tree elemsize; |
4001 |
++ |
4002 |
++ fieldtype = TREE_TYPE(field); |
4003 |
++ typesize = TYPE_SIZE(fieldtype); |
4004 |
++ |
4005 |
++ if (TREE_CODE(fieldtype) != ARRAY_TYPE) |
4006 |
++ return false; |
4007 |
++ |
4008 |
++ elemtype = TREE_TYPE(fieldtype); |
4009 |
++ elemsize = TYPE_SIZE(elemtype); |
4010 |
++ |
4011 |
++ /* size of type is represented in bits */ |
4012 |
++ |
4013 |
++ if (typesize == NULL_TREE && TYPE_DOMAIN(fieldtype) != NULL_TREE && |
4014 |
++ TYPE_MAX_VALUE(TYPE_DOMAIN(fieldtype)) == NULL_TREE) |
4015 |
++ return true; |
4016 |
++ |
4017 |
++ if (typesize != NULL_TREE && |
4018 |
++ (TREE_CONSTANT(typesize) && (!TREE_INT_CST_LOW(typesize) || |
4019 |
++ TREE_INT_CST_LOW(typesize) == TREE_INT_CST_LOW(elemsize)))) |
4020 |
++ return true; |
4021 |
++ |
4022 |
++ return false; |
4023 |
++} |
4024 |
++ |
4025 |
++static int relayout_struct(tree type) |
4026 |
++{ |
4027 |
++ unsigned long num_fields = (unsigned long)list_length(TYPE_FIELDS(type)); |
4028 |
++ unsigned long shuffle_length = num_fields; |
4029 |
++ tree field; |
4030 |
++ tree newtree[num_fields]; |
4031 |
++ unsigned long i; |
4032 |
++ tree list; |
4033 |
++ tree variant; |
4034 |
++ expanded_location xloc; |
4035 |
++ |
4036 |
++ if (TYPE_FIELDS(type) == NULL_TREE) |
4037 |
++ return 0; |
4038 |
++ |
4039 |
++ if (num_fields < 2) |
4040 |
++ return 0; |
4041 |
++ |
4042 |
++ gcc_assert(TREE_CODE(type) == RECORD_TYPE); |
4043 |
++ |
4044 |
++ gcc_assert(num_fields < INT_MAX); |
4045 |
++ |
4046 |
++ if (lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(type)) || |
4047 |
++ lookup_attribute("no_randomize_layout", TYPE_ATTRIBUTES(TYPE_MAIN_VARIANT(type)))) |
4048 |
++ return 0; |
4049 |
++ |
4050 |
++ /* throw out any structs in uapi */ |
4051 |
++ xloc = expand_location(DECL_SOURCE_LOCATION(TYPE_FIELDS(type))); |
4052 |
++ |
4053 |
++ if (strstr(xloc.file, "/uapi/")) |
4054 |
++ error(G_("attempted to randomize userland API struct %s"), ORIG_TYPE_NAME(type)); |
4055 |
++ |
4056 |
++ for (field = TYPE_FIELDS(type), i = 0; field; field = TREE_CHAIN(field), i++) { |
4057 |
++ gcc_assert(TREE_CODE(field) == FIELD_DECL); |
4058 |
++ newtree[i] = field; |
4059 |
++ } |
4060 |
++ |
4061 |
++ /* |
4062 |
++ * enforce that we don't randomize the layout of the last |
4063 |
++ * element of a struct if it's a 0 or 1-length array |
4064 |
++ * or a proper flexible array |
4065 |
++ */ |
4066 |
++ if (is_flexible_array(newtree[num_fields - 1])) |
4067 |
++ shuffle_length--; |
4068 |
++ |
4069 |
++ shuffle(type, (tree *)newtree, shuffle_length); |
4070 |
++ |
4071 |
++ /* |
4072 |
++ * set up a bogus anonymous struct field designed to error out on unnamed struct initializers |
4073 |
++ * as gcc provides no other way to detect such code |
4074 |
++ */ |
4075 |
++ list = make_node(FIELD_DECL); |
4076 |
++ TREE_CHAIN(list) = newtree[0]; |
4077 |
++ TREE_TYPE(list) = void_type_node; |
4078 |
++ DECL_SIZE(list) = bitsize_zero_node; |
4079 |
++ DECL_NONADDRESSABLE_P(list) = 1; |
4080 |
++ DECL_FIELD_BIT_OFFSET(list) = bitsize_zero_node; |
4081 |
++ DECL_SIZE_UNIT(list) = size_zero_node; |
4082 |
++ DECL_FIELD_OFFSET(list) = size_zero_node; |
4083 |
++ // to satisfy the constify plugin |
4084 |
++ TREE_READONLY(list) = 1; |
4085 |
++ |
4086 |
++ for (i = 0; i < num_fields - 1; i++) |
4087 |
++ TREE_CHAIN(newtree[i]) = newtree[i+1]; |
4088 |
++ TREE_CHAIN(newtree[num_fields - 1]) = NULL_TREE; |
4089 |
++ |
4090 |
++ for (variant = TYPE_MAIN_VARIANT(type); variant; variant = TYPE_NEXT_VARIANT(variant)) { |
4091 |
++ TYPE_FIELDS(variant) = list; |
4092 |
++ TYPE_ATTRIBUTES(variant) = copy_list(TYPE_ATTRIBUTES(variant)); |
4093 |
++ TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("randomize_performed"), NULL_TREE, TYPE_ATTRIBUTES(variant)); |
4094 |
++ // force a re-layout |
4095 |
++ TYPE_SIZE(variant) = NULL_TREE; |
4096 |
++ layout_type(variant); |
4097 |
++ } |
4098 |
++ |
4099 |
++ return 1; |
4100 |
++} |
4101 |
++ |
4102 |
++/* from constify plugin */ |
4103 |
++static const_tree get_field_type(const_tree field) |
4104 |
++{ |
4105 |
++ return strip_array_types(TREE_TYPE(field)); |
4106 |
++} |
4107 |
++ |
4108 |
++/* from constify plugin */ |
4109 |
++static bool is_fptr(const_tree fieldtype) |
4110 |
++{ |
4111 |
++ if (TREE_CODE(fieldtype) != POINTER_TYPE) |
4112 |
++ return false; |
4113 |
++ |
4114 |
++ return TREE_CODE(TREE_TYPE(fieldtype)) == FUNCTION_TYPE; |
4115 |
++} |
4116 |
++ |
4117 |
++/* derived from constify plugin */ |
4118 |
++static int is_pure_ops_struct(const_tree node) |
4119 |
++{ |
4120 |
++ const_tree field; |
4121 |
++ |
4122 |
++ gcc_assert(TREE_CODE(node) == RECORD_TYPE || TREE_CODE(node) == UNION_TYPE); |
4123 |
++ |
4124 |
++ for (field = TYPE_FIELDS(node); field; field = TREE_CHAIN(field)) { |
4125 |
++ const_tree fieldtype = get_field_type(field); |
4126 |
++ enum tree_code code = TREE_CODE(fieldtype); |
4127 |
++ |
4128 |
++ if (node == fieldtype) |
4129 |
++ continue; |
4130 |
++ |
4131 |
++ if (!is_fptr(fieldtype)) |
4132 |
++ return 0; |
4133 |
++ |
4134 |
++ if (code != RECORD_TYPE && code != UNION_TYPE) |
4135 |
++ continue; |
4136 |
++ |
4137 |
++ if (!is_pure_ops_struct(fieldtype)) |
4138 |
++ return 0; |
4139 |
++ } |
4140 |
++ |
4141 |
++ return 1; |
4142 |
++} |
4143 |
++ |
4144 |
++static void randomize_type(tree type) |
4145 |
++{ |
4146 |
++ tree variant; |
4147 |
++ |
4148 |
++ gcc_assert(TREE_CODE(type) == RECORD_TYPE); |
4149 |
++ |
4150 |
++ if (lookup_attribute("randomize_considered", TYPE_ATTRIBUTES(type))) |
4151 |
++ return; |
4152 |
++ |
4153 |
++ if (lookup_attribute("randomize_layout", TYPE_ATTRIBUTES(TYPE_MAIN_VARIANT(type))) || is_pure_ops_struct(type)) |
4154 |
++ relayout_struct(type); |
4155 |
++ |
4156 |
++ for (variant = TYPE_MAIN_VARIANT(type); variant; variant = TYPE_NEXT_VARIANT(variant)) { |
4157 |
++ TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); |
4158 |
++ TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("randomize_considered"), NULL_TREE, TYPE_ATTRIBUTES(type)); |
4159 |
++ } |
4160 |
++#ifdef __DEBUG_PLUGIN |
4161 |
++ fprintf(stderr, "Marking randomize_considered on struct %s\n", ORIG_TYPE_NAME(type)); |
4162 |
++#ifdef __DEBUG_VERBOSE |
4163 |
++ debug_tree(type); |
4164 |
++#endif |
4165 |
++#endif |
4166 |
++} |
4167 |
++ |
4168 |
++static void finish_decl(void *event_data, void *data) |
4169 |
++{ |
4170 |
++ tree decl = (tree)event_data; |
4171 |
++ tree type; |
4172 |
++ |
4173 |
++ if (decl == NULL_TREE || decl == error_mark_node) |
4174 |
++ return; |
4175 |
++ |
4176 |
++ type = TREE_TYPE(decl); |
4177 |
++ |
4178 |
++ if (TREE_CODE(decl) != VAR_DECL) |
4179 |
++ return; |
4180 |
++ |
4181 |
++ if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE) |
4182 |
++ return; |
4183 |
++ |
4184 |
++ if (!lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(type))) |
4185 |
++ return; |
4186 |
++ |
4187 |
++ relayout_decl(decl); |
4188 |
++} |
4189 |
++ |
4190 |
++static void finish_type(void *event_data, void *data) |
4191 |
++{ |
4192 |
++ tree type = (tree)event_data; |
4193 |
++ |
4194 |
++ if (type == NULL_TREE || type == error_mark_node) |
4195 |
++ return; |
4196 |
++ |
4197 |
++ if (TREE_CODE(type) != RECORD_TYPE) |
4198 |
++ return; |
4199 |
++ |
4200 |
++ if (TYPE_FIELDS(type) == NULL_TREE) |
4201 |
++ return; |
4202 |
++ |
4203 |
++ if (lookup_attribute("randomize_considered", TYPE_ATTRIBUTES(type))) |
4204 |
++ return; |
4205 |
++ |
4206 |
++#ifdef __DEBUG_PLUGIN |
4207 |
++ fprintf(stderr, "Calling randomize_type on %s\n", ORIG_TYPE_NAME(type)); |
4208 |
++#endif |
4209 |
++#ifdef __DEBUG_VERBOSE |
4210 |
++ debug_tree(type); |
4211 |
++#endif |
4212 |
++ randomize_type(type); |
4213 |
++ |
4214 |
++ return; |
4215 |
++} |
4216 |
++ |
4217 |
++static struct attribute_spec randomize_layout_attr = { |
4218 |
++ .name = "randomize_layout", |
4219 |
++ // related to args |
4220 |
++ .min_length = 0, |
4221 |
++ .max_length = 0, |
4222 |
++ .decl_required = false, |
4223 |
++ // need type declaration |
4224 |
++ .type_required = true, |
4225 |
++ .function_type_required = false, |
4226 |
++ .handler = handle_randomize_layout_attr, |
4227 |
++#if BUILDING_GCC_VERSION >= 4007 |
4228 |
++ .affects_type_identity = true |
4229 |
++#endif |
4230 |
++}; |
4231 |
++ |
4232 |
++static struct attribute_spec no_randomize_layout_attr = { |
4233 |
++ .name = "no_randomize_layout", |
4234 |
++ // related to args |
4235 |
++ .min_length = 0, |
4236 |
++ .max_length = 0, |
4237 |
++ .decl_required = false, |
4238 |
++ // need type declaration |
4239 |
++ .type_required = true, |
4240 |
++ .function_type_required = false, |
4241 |
++ .handler = handle_randomize_layout_attr, |
4242 |
++#if BUILDING_GCC_VERSION >= 4007 |
4243 |
++ .affects_type_identity = true |
4244 |
++#endif |
4245 |
++}; |
4246 |
++ |
4247 |
++static struct attribute_spec randomize_considered_attr = { |
4248 |
++ .name = "randomize_considered", |
4249 |
++ // related to args |
4250 |
++ .min_length = 0, |
4251 |
++ .max_length = 0, |
4252 |
++ .decl_required = false, |
4253 |
++ // need type declaration |
4254 |
++ .type_required = true, |
4255 |
++ .function_type_required = false, |
4256 |
++ .handler = handle_randomize_considered_attr, |
4257 |
++#if BUILDING_GCC_VERSION >= 4007 |
4258 |
++ .affects_type_identity = false |
4259 |
++#endif |
4260 |
++}; |
4261 |
++ |
4262 |
++static struct attribute_spec randomize_performed_attr = { |
4263 |
++ .name = "randomize_performed", |
4264 |
++ // related to args |
4265 |
++ .min_length = 0, |
4266 |
++ .max_length = 0, |
4267 |
++ .decl_required = false, |
4268 |
++ // need type declaration |
4269 |
++ .type_required = true, |
4270 |
++ .function_type_required = false, |
4271 |
++ .handler = handle_randomize_performed_attr, |
4272 |
++#if BUILDING_GCC_VERSION >= 4007 |
4273 |
++ .affects_type_identity = false |
4274 |
++#endif |
4275 |
++}; |
4276 |
++ |
4277 |
++static void register_attributes(void *event_data, void *data) |
4278 |
++{ |
4279 |
++ register_attribute(&randomize_layout_attr); |
4280 |
++ register_attribute(&no_randomize_layout_attr); |
4281 |
++ register_attribute(&randomize_considered_attr); |
4282 |
++ register_attribute(&randomize_performed_attr); |
4283 |
++} |
4284 |
++ |
4285 |
++static void check_bad_casts_in_constructor(tree var, tree init) |
4286 |
++{ |
4287 |
++ unsigned HOST_WIDE_INT idx; |
4288 |
++ tree field, val; |
4289 |
++ tree field_type, val_type; |
4290 |
++ |
4291 |
++ FOR_EACH_CONSTRUCTOR_ELT(CONSTRUCTOR_ELTS(init), idx, field, val) { |
4292 |
++ if (TREE_CODE(val) == CONSTRUCTOR) { |
4293 |
++ check_bad_casts_in_constructor(var, val); |
4294 |
++ continue; |
4295 |
++ } |
4296 |
++ |
4297 |
++ field_type = TREE_TYPE(field); |
4298 |
++ val_type = TREE_TYPE(val); |
4299 |
++ |
4300 |
++ if (TREE_CODE(field_type) != POINTER_TYPE || TREE_CODE(val_type) != POINTER_TYPE) |
4301 |
++ continue; |
4302 |
++ |
4303 |
++ if (field_type == val_type) |
4304 |
++ continue; |
4305 |
++ |
4306 |
++ field_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(field_type)))); |
4307 |
++ val_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(val_type)))); |
4308 |
++ |
4309 |
++ if (field_type == void_type_node) |
4310 |
++ continue; |
4311 |
++ if (field_type == val_type) |
4312 |
++ continue; |
4313 |
++ if (TREE_CODE(val_type) != RECORD_TYPE) |
4314 |
++ continue; |
4315 |
++ |
4316 |
++ if (!lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(val_type))) |
4317 |
++ continue; |
4318 |
++ inform(DECL_SOURCE_LOCATION(var), "found mismatched struct pointer types: %qT and %qT\n", TYPE_MAIN_VARIANT(field_type), TYPE_MAIN_VARIANT(val_type)); |
4319 |
++ } |
4320 |
++} |
4321 |
++ |
4322 |
++/* derived from the constify plugin */ |
4323 |
++static void check_global_variables(void *event_data, void *data) |
4324 |
++{ |
4325 |
++ struct varpool_node *node; |
4326 |
++ tree init; |
4327 |
++ |
4328 |
++ FOR_EACH_VARIABLE(node) { |
4329 |
++ tree var = NODE_DECL(node); |
4330 |
++ init = DECL_INITIAL(var); |
4331 |
++ if (init == NULL_TREE) |
4332 |
++ continue; |
4333 |
++ |
4334 |
++ if (TREE_CODE(init) != CONSTRUCTOR) |
4335 |
++ continue; |
4336 |
++ |
4337 |
++ check_bad_casts_in_constructor(var, init); |
4338 |
++ } |
4339 |
++} |
4340 |
++ |
4341 |
++static bool dominated_by_is_err(const_tree rhs, basic_block bb) |
4342 |
++{ |
4343 |
++ basic_block dom; |
4344 |
++ gimple dom_stmt; |
4345 |
++ gimple call_stmt; |
4346 |
++ const_tree dom_lhs; |
4347 |
++ const_tree poss_is_err_cond; |
4348 |
++ const_tree poss_is_err_func; |
4349 |
++ const_tree is_err_arg; |
4350 |
++ |
4351 |
++ dom = get_immediate_dominator(CDI_DOMINATORS, bb); |
4352 |
++ if (!dom) |
4353 |
++ return false; |
4354 |
++ |
4355 |
++ dom_stmt = last_stmt(dom); |
4356 |
++ if (!dom_stmt) |
4357 |
++ return false; |
4358 |
++ |
4359 |
++ if (gimple_code(dom_stmt) != GIMPLE_COND) |
4360 |
++ return false; |
4361 |
++ |
4362 |
++ if (gimple_cond_code(dom_stmt) != NE_EXPR) |
4363 |
++ return false; |
4364 |
++ |
4365 |
++ if (!integer_zerop(gimple_cond_rhs(dom_stmt))) |
4366 |
++ return false; |
4367 |
++ |
4368 |
++ poss_is_err_cond = gimple_cond_lhs(dom_stmt); |
4369 |
++ |
4370 |
++ if (TREE_CODE(poss_is_err_cond) != SSA_NAME) |
4371 |
++ return false; |
4372 |
++ |
4373 |
++ call_stmt = SSA_NAME_DEF_STMT(poss_is_err_cond); |
4374 |
++ |
4375 |
++ if (gimple_code(call_stmt) != GIMPLE_CALL) |
4376 |
++ return false; |
4377 |
++ |
4378 |
++ dom_lhs = gimple_get_lhs(call_stmt); |
4379 |
++ poss_is_err_func = gimple_call_fndecl(call_stmt); |
4380 |
++ if (!poss_is_err_func) |
4381 |
++ return false; |
4382 |
++ if (dom_lhs != poss_is_err_cond) |
4383 |
++ return false; |
4384 |
++ if (strcmp(DECL_NAME_POINTER(poss_is_err_func), "IS_ERR")) |
4385 |
++ return false; |
4386 |
++ |
4387 |
++ is_err_arg = gimple_call_arg(call_stmt, 0); |
4388 |
++ if (!is_err_arg) |
4389 |
++ return false; |
4390 |
++ |
4391 |
++ if (is_err_arg != rhs) |
4392 |
++ return false; |
4393 |
++ |
4394 |
++ return true; |
4395 |
++} |
4396 |
++ |
4397 |
++static void handle_local_var_initializers(void) |
4398 |
++{ |
4399 |
++ tree var; |
4400 |
++ unsigned int i; |
4401 |
++ |
4402 |
++ FOR_EACH_LOCAL_DECL(cfun, i, var) { |
4403 |
++ tree init = DECL_INITIAL(var); |
4404 |
++ if (!init) |
4405 |
++ continue; |
4406 |
++ if (TREE_CODE(init) != CONSTRUCTOR) |
4407 |
++ continue; |
4408 |
++ check_bad_casts_in_constructor(var, init); |
4409 |
++ } |
4410 |
++} |
4411 |
++ |
4412 |
++/* |
4413 |
++ * iterate over all statements to find "bad" casts: |
4414 |
++ * those where the address of the start of a structure is cast |
4415 |
++ * to a pointer of a structure of a different type, or a |
4416 |
++ * structure pointer type is cast to a different structure pointer type |
4417 |
++ */ |
4418 |
++static unsigned int find_bad_casts(void) |
4419 |
++{ |
4420 |
++ basic_block bb; |
4421 |
++ |
4422 |
++ handle_local_var_initializers(); |
4423 |
++ |
4424 |
++ FOR_ALL_BB_FN(bb, cfun) { |
4425 |
++ gimple_stmt_iterator gsi; |
4426 |
++ |
4427 |
++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { |
4428 |
++ gimple stmt; |
4429 |
++ const_tree lhs; |
4430 |
++ const_tree lhs_type; |
4431 |
++ const_tree rhs1; |
4432 |
++ const_tree rhs_type; |
4433 |
++ const_tree ptr_lhs_type; |
4434 |
++ const_tree ptr_rhs_type; |
4435 |
++ const_tree op0; |
4436 |
++ const_tree op0_type; |
4437 |
++ enum tree_code rhs_code; |
4438 |
++ |
4439 |
++ stmt = gsi_stmt(gsi); |
4440 |
++ |
4441 |
++#ifdef __DEBUG_PLUGIN |
4442 |
++#ifdef __DEBUG_VERBOSE |
4443 |
++ debug_gimple_stmt(stmt); |
4444 |
++ debug_tree(gimple_get_lhs(stmt)); |
4445 |
++#endif |
4446 |
++#endif |
4447 |
++ |
4448 |
++ if (gimple_code(stmt) != GIMPLE_ASSIGN) |
4449 |
++ continue; |
4450 |
++ |
4451 |
++#ifdef __DEBUG_PLUGIN |
4452 |
++#ifdef __DEBUG_VERBOSE |
4453 |
++ debug_tree(gimple_assign_rhs1(stmt)); |
4454 |
++#endif |
4455 |
++#endif |
4456 |
++ |
4457 |
++ rhs_code = gimple_assign_rhs_code(stmt); |
4458 |
++ |
4459 |
++ if (rhs_code != ADDR_EXPR && rhs_code != SSA_NAME) |
4460 |
++ continue; |
4461 |
++ |
4462 |
++ lhs = gimple_get_lhs(stmt); |
4463 |
++ lhs_type = TREE_TYPE(lhs); |
4464 |
++ rhs1 = gimple_assign_rhs1(stmt); |
4465 |
++ rhs_type = TREE_TYPE(rhs1); |
4466 |
++ |
4467 |
++ if (TREE_CODE(rhs_type) != POINTER_TYPE || |
4468 |
++ TREE_CODE(lhs_type) != POINTER_TYPE) |
4469 |
++ continue; |
4470 |
++ |
4471 |
++ ptr_lhs_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(lhs_type)))); |
4472 |
++ ptr_rhs_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(rhs_type)))); |
4473 |
++ |
4474 |
++ if (ptr_rhs_type == void_type_node) |
4475 |
++ continue; |
4476 |
++ |
4477 |
++ if (ptr_lhs_type == void_type_node) |
4478 |
++ continue; |
4479 |
++ |
4480 |
++ if (dominated_by_is_err(rhs1, bb)) |
4481 |
++ continue; |
4482 |
++ |
4483 |
++ if (TREE_CODE(ptr_rhs_type) != RECORD_TYPE) { |
4484 |
++#ifndef __DEBUG_PLUGIN |
4485 |
++ if (lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(ptr_lhs_type))) |
4486 |
++#endif |
4487 |
++ inform(gimple_location(stmt), "found mismatched struct pointer types: %qT and %qT\n", ptr_lhs_type, ptr_rhs_type); |
4488 |
++ continue; |
4489 |
++ } |
4490 |
++ |
4491 |
++ if (rhs_code == SSA_NAME && ptr_lhs_type == ptr_rhs_type) |
4492 |
++ continue; |
4493 |
++ |
4494 |
++ if (rhs_code == ADDR_EXPR) { |
4495 |
++ op0 = TREE_OPERAND(rhs1, 0); |
4496 |
++ |
4497 |
++ if (op0 == NULL_TREE) |
4498 |
++ continue; |
4499 |
++ |
4500 |
++ if (TREE_CODE(op0) != VAR_DECL) |
4501 |
++ continue; |
4502 |
++ |
4503 |
++ op0_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(op0)))); |
4504 |
++ if (op0_type == ptr_lhs_type) |
4505 |
++ continue; |
4506 |
++ |
4507 |
++#ifndef __DEBUG_PLUGIN |
4508 |
++ if (lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(op0_type))) |
4509 |
++#endif |
4510 |
++ inform(gimple_location(stmt), "found mismatched struct pointer types: %qT and %qT\n", ptr_lhs_type, op0_type); |
4511 |
++ } else { |
4512 |
++ const_tree ssa_name_var = SSA_NAME_VAR(rhs1); |
4513 |
++ /* skip bogus type casts introduced by container_of */ |
4514 |
++ if (ssa_name_var != NULL_TREE && DECL_NAME(ssa_name_var) && |
4515 |
++ !strcmp((const char *)DECL_NAME_POINTER(ssa_name_var), "__mptr")) |
4516 |
++ continue; |
4517 |
++#ifndef __DEBUG_PLUGIN |
4518 |
++ if (lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(ptr_rhs_type))) |
4519 |
++#endif |
4520 |
++ inform(gimple_location(stmt), "found mismatched struct pointer types: %qT and %qT\n", ptr_lhs_type, ptr_rhs_type); |
4521 |
++ } |
4522 |
++ |
4523 |
++ } |
4524 |
++ } |
4525 |
++ return 0; |
4526 |
++} |
4527 |
++ |
4528 |
++#if BUILDING_GCC_VERSION >= 4009 |
4529 |
++static const struct pass_data randomize_layout_bad_cast_data = { |
4530 |
++#else |
4531 |
++static struct gimple_opt_pass randomize_layout_bad_cast = { |
4532 |
++ .pass = { |
4533 |
++#endif |
4534 |
++ .type = GIMPLE_PASS, |
4535 |
++ .name = "randomize_layout_bad_cast", |
4536 |
++#if BUILDING_GCC_VERSION >= 4008 |
4537 |
++ .optinfo_flags = OPTGROUP_NONE, |
4538 |
++#endif |
4539 |
++#if BUILDING_GCC_VERSION >= 4009 |
4540 |
++ .has_gate = false, |
4541 |
++ .has_execute = true, |
4542 |
++#else |
4543 |
++ .gate = NULL, |
4544 |
++ .execute = find_bad_casts, |
4545 |
++ .sub = NULL, |
4546 |
++ .next = NULL, |
4547 |
++ .static_pass_number = 0, |
4548 |
++#endif |
4549 |
++ .tv_id = TV_NONE, |
4550 |
++ .properties_required = PROP_cfg, |
4551 |
++ .properties_provided = 0, |
4552 |
++ .properties_destroyed = 0, |
4553 |
++ .todo_flags_start = 0, |
4554 |
++ .todo_flags_finish = TODO_dump_func |
4555 |
++#if BUILDING_GCC_VERSION < 4009 |
4556 |
++ } |
4557 |
++#endif |
4558 |
++}; |
4559 |
++ |
4560 |
++#if BUILDING_GCC_VERSION >= 4009 |
4561 |
++namespace { |
4562 |
++class randomize_layout_bad_cast : public gimple_opt_pass { |
4563 |
++public: |
4564 |
++ randomize_layout_bad_cast() : gimple_opt_pass(randomize_layout_bad_cast_data, g) {} |
4565 |
++ unsigned int execute() { return find_bad_casts(); } |
4566 |
++}; |
4567 |
++} |
4568 |
++#endif |
4569 |
++ |
4570 |
++static struct opt_pass *make_randomize_layout_bad_cast(void) |
4571 |
++{ |
4572 |
++#if BUILDING_GCC_VERSION >= 4009 |
4573 |
++ return new randomize_layout_bad_cast(); |
4574 |
++#else |
4575 |
++ return &randomize_layout_bad_cast.pass; |
4576 |
++#endif |
4577 |
++} |
4578 |
++ |
4579 |
++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) |
4580 |
++{ |
4581 |
++ int i; |
4582 |
++ const char * const plugin_name = plugin_info->base_name; |
4583 |
++ const int argc = plugin_info->argc; |
4584 |
++ const struct plugin_argument * const argv = plugin_info->argv; |
4585 |
++ bool enable = true; |
4586 |
++ int obtained_seed = 0; |
4587 |
++ struct register_pass_info randomize_layout_bad_cast_info; |
4588 |
++ |
4589 |
++ randomize_layout_bad_cast_info.pass = make_randomize_layout_bad_cast(); |
4590 |
++ randomize_layout_bad_cast_info.reference_pass_name = "ssa"; |
4591 |
++ randomize_layout_bad_cast_info.ref_pass_instance_number = 1; |
4592 |
++ randomize_layout_bad_cast_info.pos_op = PASS_POS_INSERT_AFTER; |
4593 |
++ |
4594 |
++ if (!plugin_default_version_check(version, &gcc_version)) { |
4595 |
++ error(G_("incompatible gcc/plugin versions")); |
4596 |
++ return 1; |
4597 |
++ } |
4598 |
++ |
4599 |
++ if (strcmp(lang_hooks.name, "GNU C")) { |
4600 |
++ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name); |
4601 |
++ enable = false; |
4602 |
++ } |
4603 |
++ |
4604 |
++ for (i = 0; i < argc; ++i) { |
4605 |
++ if (!strcmp(argv[i].key, "disable")) { |
4606 |
++ enable = false; |
4607 |
++ continue; |
4608 |
++ } |
4609 |
++ if (!strcmp(argv[i].key, "performance-mode")) { |
4610 |
++ performance_mode = 1; |
4611 |
++ continue; |
4612 |
++ } |
4613 |
++ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); |
4614 |
++ } |
4615 |
++ |
4616 |
++ if (strlen(randstruct_seed) != 64) { |
4617 |
++ error(G_("invalid seed value supplied for %s plugin"), plugin_name); |
4618 |
++ return 1; |
4619 |
++ } |
4620 |
++ obtained_seed = sscanf(randstruct_seed, "%016llx%016llx%016llx%016llx", |
4621 |
++ &shuffle_seed[0], &shuffle_seed[1], &shuffle_seed[2], &shuffle_seed[3]); |
4622 |
++ if (obtained_seed != 4) { |
4623 |
++ error(G_("Invalid seed supplied for %s plugin"), plugin_name); |
4624 |
++ return 1; |
4625 |
++ } |
4626 |
++ |
4627 |
++ register_callback(plugin_name, PLUGIN_INFO, NULL, &randomize_layout_plugin_info); |
4628 |
++ if (enable) { |
4629 |
++ register_callback(plugin_name, PLUGIN_ALL_IPA_PASSES_START, check_global_variables, NULL); |
4630 |
++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &randomize_layout_bad_cast_info); |
4631 |
++ register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL); |
4632 |
++ register_callback(plugin_name, PLUGIN_FINISH_DECL, finish_decl, NULL); |
4633 |
++ } |
4634 |
++ register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL); |
4635 |
++ |
4636 |
++ return 0; |
4637 |
++} |
4638 |
diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data |
4639 |
new file mode 100644 |
4640 |
index 0000000..7b67f2b |
4641 |
@@ -113654,7 +116346,7 @@ index 0000000..7b67f2b |
4642 |
+selnl_msglen_65499 selnl_msglen 0 65499 NULL |
4643 |
diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c |
4644 |
new file mode 100644 |
4645 |
-index 0000000..94aa56d |
4646 |
+index 0000000..4a637ab |
4647 |
--- /dev/null |
4648 |
+++ b/tools/gcc/size_overflow_plugin.c |
4649 |
@@ -0,0 +1,4040 @@ |
4650 |
@@ -117688,7 +120380,7 @@ index 0000000..94aa56d |
4651 |
+ |
4652 |
+ register_callback(plugin_name, PLUGIN_INFO, NULL, &size_overflow_plugin_info); |
4653 |
+ if (enable) { |
4654 |
-+ register_callback("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL); |
4655 |
++ register_callback(plugin_name, PLUGIN_START_UNIT, &start_unit_callback, NULL); |
4656 |
+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &insert_size_overflow_asm_pass_info); |
4657 |
+// register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &dump_before_pass_info); |
4658 |
+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &ipa_pass_info); |
4659 |
|
4660 |
diff --git a/3.2.54/4450_grsec-kconfig-default-gids.patch b/3.2.54/4450_grsec-kconfig-default-gids.patch |
4661 |
index 71f6231..4f345d6 100644 |
4662 |
--- a/3.2.54/4450_grsec-kconfig-default-gids.patch |
4663 |
+++ b/3.2.54/4450_grsec-kconfig-default-gids.patch |
4664 |
@@ -16,7 +16,7 @@ from shooting themselves in the foot. |
4665 |
diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig |
4666 |
--- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400 |
4667 |
+++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400 |
4668 |
-@@ -617,7 +617,7 @@ |
4669 |
+@@ -643,7 +643,7 @@ |
4670 |
config GRKERNSEC_AUDIT_GID |
4671 |
int "GID for auditing" |
4672 |
depends on GRKERNSEC_AUDIT_GROUP |
4673 |
@@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig |
4674 |
|
4675 |
config GRKERNSEC_EXECLOG |
4676 |
bool "Exec logging" |
4677 |
-@@ -826,7 +826,7 @@ |
4678 |
+@@ -874,7 +874,7 @@ |
4679 |
config GRKERNSEC_TPE_UNTRUSTED_GID |
4680 |
int "GID for TPE-untrusted users" |
4681 |
depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT |
4682 |
@@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig |
4683 |
help |
4684 |
Setting this GID determines what group TPE restrictions will be |
4685 |
*enabled* for. If the sysctl option is enabled, a sysctl option |
4686 |
-@@ -835,7 +835,7 @@ |
4687 |
+@@ -883,7 +883,7 @@ |
4688 |
config GRKERNSEC_TPE_TRUSTED_GID |
4689 |
int "GID for TPE-trusted users" |
4690 |
depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT |
4691 |
@@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig |
4692 |
help |
4693 |
Setting this GID determines what group TPE restrictions will be |
4694 |
*disabled* for. If the sysctl option is enabled, a sysctl option |
4695 |
-@@ -928,7 +928,7 @@ |
4696 |
+@@ -976,7 +976,7 @@ |
4697 |
config GRKERNSEC_SOCKET_ALL_GID |
4698 |
int "GID to deny all sockets for" |
4699 |
depends on GRKERNSEC_SOCKET_ALL |
4700 |
@@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig |
4701 |
help |
4702 |
Here you can choose the GID to disable socket access for. Remember to |
4703 |
add the users you want socket access disabled for to the GID |
4704 |
-@@ -949,7 +949,7 @@ |
4705 |
+@@ -997,7 +997,7 @@ |
4706 |
config GRKERNSEC_SOCKET_CLIENT_GID |
4707 |
int "GID to deny client sockets for" |
4708 |
depends on GRKERNSEC_SOCKET_CLIENT |
4709 |
@@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig |
4710 |
help |
4711 |
Here you can choose the GID to disable client socket access for. |
4712 |
Remember to add the users you want client socket access disabled for to |
4713 |
-@@ -967,7 +967,7 @@ |
4714 |
+@@ -1015,7 +1015,7 @@ |
4715 |
config GRKERNSEC_SOCKET_SERVER_GID |
4716 |
int "GID to deny server sockets for" |
4717 |
depends on GRKERNSEC_SOCKET_SERVER |
4718 |
|
4719 |
diff --git a/3.2.54/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.54/4465_selinux-avc_audit-log-curr_ip.patch |
4720 |
index a946b66..0545d51 100644 |
4721 |
--- a/3.2.54/4465_selinux-avc_audit-log-curr_ip.patch |
4722 |
+++ b/3.2.54/4465_selinux-avc_audit-log-curr_ip.patch |
4723 |
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@×××.org> |
4724 |
diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig |
4725 |
--- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 |
4726 |
+++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 |
4727 |
-@@ -1062,6 +1062,27 @@ |
4728 |
+@@ -1110,6 +1110,27 @@ |
4729 |
menu "Logging Options" |
4730 |
depends on GRKERNSEC |
4731 |
|
4732 |
|
4733 |
diff --git a/3.2.54/4470_disable-compat_vdso.patch b/3.2.54/4470_disable-compat_vdso.patch |
4734 |
index 6905571..f6eb9f7 100644 |
4735 |
--- a/3.2.54/4470_disable-compat_vdso.patch |
4736 |
+++ b/3.2.54/4470_disable-compat_vdso.patch |
4737 |
@@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 |
4738 |
diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig |
4739 |
--- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 |
4740 |
+++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 |
4741 |
-@@ -1653,17 +1653,8 @@ |
4742 |
+@@ -1654,17 +1654,8 @@ |
4743 |
|
4744 |
config COMPAT_VDSO |
4745 |
def_bool n |