diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2016-01-20 04:26:30 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2016-01-20 04:26:30 -0500 |
| commit | c1427968c417e8fd39dac067208595ecd483e716 (patch) | |
| tree | 19439607574c86ef8bc999f3e70681a5796f8efe | |
| parent | grsecurity-3.1-4.3.3-201601171913 (diff) | |
| download | hardened-patchset-20160119.tar.gz hardened-patchset-20160119.tar.bz2 hardened-patchset-20160119.zip | |
grsecurity-3.1-4.3.3-20160119222620160119
| -rw-r--r-- | 4.3.3/0000_README | 2 | ||||
| -rw-r--r-- | 4.3.3/4420_grsecurity-3.1-4.3.3-201601192226.patch (renamed from 4.3.3/4420_grsecurity-3.1-4.3.3-201601171913.patch) | 939 |
2 files changed, 916 insertions, 25 deletions
diff --git a/4.3.3/0000_README b/4.3.3/0000_README index 737c59b..a2a51bf 100644 --- a/4.3.3/0000_README +++ b/4.3.3/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.3.3-201601171913.patch +Patch: 4420_grsecurity-3.1-4.3.3-201601192226.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.3.3/4420_grsecurity-3.1-4.3.3-201601171913.patch b/4.3.3/4420_grsecurity-3.1-4.3.3-201601192226.patch index c47605c..e9f29bb 100644 --- a/4.3.3/4420_grsecurity-3.1-4.3.3-201601171913.patch +++ b/4.3.3/4420_grsecurity-3.1-4.3.3-201601192226.patch @@ -78014,19 +78014,386 @@ index 4d24d17..4f8c09e 100644 /* diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c -index 48851f6..6c79d32 100644 +index 48851f6..d6c96e5 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c -@@ -622,7 +622,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd, +@@ -58,6 +58,8 @@ + #include <linux/atalk.h> + #include <linux/gfp.h> + ++#include "internal.h" ++ + #include <net/bluetooth/bluetooth.h> + #include <net/bluetooth/hci_sock.h> + #include <net/bluetooth/rfcomm.h> +@@ -115,19 +117,38 @@ + #include <asm/fbio.h> + #endif + +-static int w_long(unsigned int fd, unsigned int cmd, +- compat_ulong_t __user *argp) ++#define convert_in_user(srcptr, dstptr) \ ++({ \ ++ typeof(*srcptr) val; \ ++ \ ++ get_user(val, srcptr) || put_user(val, dstptr); \ ++}) ++ ++static int do_ioctl(struct file *file, unsigned int cmd, unsigned long arg) + { +- mm_segment_t old_fs = get_fs(); + int err; +- unsigned long val; + +- set_fs (KERNEL_DS); +- err = sys_ioctl(fd, cmd, (unsigned long)&val); +- set_fs (old_fs); +- if (!err && put_user(val, argp)) ++ err = security_file_ioctl(file, cmd, arg); ++ if (err) ++ return err; ++ ++ return vfs_ioctl(file, cmd, arg); ++} ++ ++static int w_long(struct file *file, ++ unsigned int cmd, compat_ulong_t __user *argp) ++{ ++ int err; ++ unsigned long __user *valp = compat_alloc_user_space(sizeof(*valp)); ++ ++ if (valp == NULL) ++ return -EFAULT; ++ err = do_ioctl(file, cmd, (unsigned long)valp); ++ if (err) ++ return err; ++ if (convert_in_user(valp, argp)) + return -EFAULT; +- return err; ++ return 0; + } + + struct compat_video_event { +@@ -139,23 +160,23 @@ struct compat_video_event { + } u; + }; + +-static int do_video_get_event(unsigned int fd, unsigned int cmd, +- struct compat_video_event __user *up) ++static int do_video_get_event(struct file *file, ++ unsigned int cmd, struct compat_video_event __user *up) + { +- struct video_event kevent; +- mm_segment_t old_fs = get_fs(); ++ struct video_event __user *kevent = ++ compat_alloc_user_space(sizeof(*kevent)); + int err; + +- set_fs(KERNEL_DS); +- err = sys_ioctl(fd, cmd, (unsigned long) &kevent); +- set_fs(old_fs); ++ if (kevent == NULL) ++ return -EFAULT; + ++ err = do_ioctl(file, cmd, (unsigned long)kevent); + if (!err) { +- err = put_user(kevent.type, &up->type); +- err |= put_user(kevent.timestamp, &up->timestamp); +- err |= put_user(kevent.u.size.w, &up->u.size.w); +- err |= put_user(kevent.u.size.h, &up->u.size.h); +- err |= put_user(kevent.u.size.aspect_ratio, ++ err = convert_in_user(&kevent->type, &up->type); ++ err |= convert_in_user(&kevent->timestamp, &up->timestamp); ++ err |= convert_in_user(&kevent->u.size.w, &up->u.size.w); ++ err |= convert_in_user(&kevent->u.size.h, &up->u.size.h); ++ err |= convert_in_user(&kevent->u.size.aspect_ratio, + &up->u.size.aspect_ratio); + if (err) + err = -EFAULT; +@@ -169,8 +190,8 @@ struct compat_video_still_picture { + int32_t size; + }; + +-static int do_video_stillpicture(unsigned int fd, unsigned int cmd, +- struct compat_video_still_picture __user *up) ++static int do_video_stillpicture(struct file *file, ++ unsigned int cmd, struct compat_video_still_picture __user *up) + { + struct video_still_picture __user *up_native; + compat_uptr_t fp; +@@ -190,7 +211,7 @@ static int do_video_stillpicture(unsigned int fd, unsigned int cmd, + if (err) + return -EFAULT; + +- err = sys_ioctl(fd, cmd, (unsigned long) up_native); ++ err = do_ioctl(file, cmd, (unsigned long) up_native); + + return err; + } +@@ -200,8 +221,8 @@ struct compat_video_spu_palette { + compat_uptr_t palette; + }; + +-static int do_video_set_spu_palette(unsigned int fd, unsigned int cmd, +- struct compat_video_spu_palette __user *up) ++static int do_video_set_spu_palette(struct file *file, ++ unsigned int cmd, struct compat_video_spu_palette __user *up) + { + struct video_spu_palette __user *up_native; + compat_uptr_t palp; +@@ -218,7 +239,7 @@ static int do_video_set_spu_palette(unsigned int fd, unsigned int cmd, + if (err) + return -EFAULT; + +- err = sys_ioctl(fd, cmd, (unsigned long) up_native); ++ err = do_ioctl(file, cmd, (unsigned long) up_native); + + return err; + } +@@ -276,7 +297,7 @@ static int sg_build_iovec(sg_io_hdr_t __user *sgio, void __user *dxferp, u16 iov + return 0; + } + +-static int sg_ioctl_trans(unsigned int fd, unsigned int cmd, ++static int sg_ioctl_trans(struct file *file, unsigned int cmd, + sg_io_hdr32_t __user *sgio32) + { + sg_io_hdr_t __user *sgio; +@@ -289,7 +310,7 @@ static int sg_ioctl_trans(unsigned int fd, unsigned int cmd, + if (get_user(interface_id, &sgio32->interface_id)) + return -EFAULT; + if (interface_id != 'S') +- return sys_ioctl(fd, cmd, (unsigned long)sgio32); ++ return do_ioctl(file, cmd, (unsigned long)sgio32); + + if (get_user(iovec_count, &sgio32->iovec_count)) + return -EFAULT; +@@ -349,7 +370,7 @@ static int sg_ioctl_trans(unsigned int fd, unsigned int cmd, + if (put_user(compat_ptr(data), &sgio->usr_ptr)) + return -EFAULT; + +- err = sys_ioctl(fd, cmd, (unsigned long) sgio); ++ err = do_ioctl(file, cmd, (unsigned long) sgio); + + if (err >= 0) { + void __user *datap; +@@ -380,13 +401,13 @@ struct compat_sg_req_info { /* used by SG_GET_REQUEST_TABLE ioctl() */ + int unused; + }; + +-static int sg_grt_trans(unsigned int fd, unsigned int cmd, struct +- compat_sg_req_info __user *o) ++static int sg_grt_trans(struct file *file, ++ unsigned int cmd, struct compat_sg_req_info __user *o) + { + int err, i; + sg_req_info_t __user *r; + r = compat_alloc_user_space(sizeof(sg_req_info_t)*SG_MAX_QUEUE); +- err = sys_ioctl(fd,cmd,(unsigned long)r); ++ err = do_ioctl(file, cmd, (unsigned long)r); + if (err < 0) + return err; + for (i = 0; i < SG_MAX_QUEUE; i++) { +@@ -412,8 +433,8 @@ struct sock_fprog32 { + #define PPPIOCSPASS32 _IOW('t', 71, struct sock_fprog32) + #define PPPIOCSACTIVE32 _IOW('t', 70, struct sock_fprog32) + +-static int ppp_sock_fprog_ioctl_trans(unsigned int fd, unsigned int cmd, +- struct sock_fprog32 __user *u_fprog32) ++static int ppp_sock_fprog_ioctl_trans(struct file *file, ++ unsigned int cmd, struct sock_fprog32 __user *u_fprog32) + { + struct sock_fprog __user *u_fprog64 = compat_alloc_user_space(sizeof(struct sock_fprog)); + void __user *fptr64; +@@ -435,7 +456,7 @@ static int ppp_sock_fprog_ioctl_trans(unsigned int fd, unsigned int cmd, + else + cmd = PPPIOCSACTIVE; + +- return sys_ioctl(fd, cmd, (unsigned long) u_fprog64); ++ return do_ioctl(file, cmd, (unsigned long) u_fprog64); + } + + struct ppp_option_data32 { +@@ -451,7 +472,7 @@ struct ppp_idle32 { + }; + #define PPPIOCGIDLE32 _IOR('t', 63, struct ppp_idle32) + +-static int ppp_gidle(unsigned int fd, unsigned int cmd, ++static int ppp_gidle(struct file *file, unsigned int cmd, + struct ppp_idle32 __user *idle32) + { + struct ppp_idle __user *idle; +@@ -460,7 +481,7 @@ static int ppp_gidle(unsigned int fd, unsigned int cmd, + + idle = compat_alloc_user_space(sizeof(*idle)); + +- err = sys_ioctl(fd, PPPIOCGIDLE, (unsigned long) idle); ++ err = do_ioctl(file, PPPIOCGIDLE, (unsigned long) idle); + + if (!err) { + if (get_user(xmit, &idle->xmit_idle) || +@@ -472,7 +493,7 @@ static int ppp_gidle(unsigned int fd, unsigned int cmd, + return err; + } + +-static int ppp_scompress(unsigned int fd, unsigned int cmd, ++static int ppp_scompress(struct file *file, unsigned int cmd, + struct ppp_option_data32 __user *odata32) + { + struct ppp_option_data __user *odata; +@@ -492,7 +513,7 @@ static int ppp_scompress(unsigned int fd, unsigned int cmd, + sizeof(__u32) + sizeof(int))) + return -EFAULT; + +- return sys_ioctl(fd, PPPIOCSCOMPRESS, (unsigned long) odata); ++ return do_ioctl(file, PPPIOCSCOMPRESS, (unsigned long) odata); + } + + #ifdef CONFIG_BLOCK +@@ -512,12 +533,13 @@ struct mtpos32 { + }; + #define MTIOCPOS32 _IOR('m', 3, struct mtpos32) + +-static int mt_ioctl_trans(unsigned int fd, unsigned int cmd, void __user *argp) ++static int mt_ioctl_trans(struct file *file, ++ unsigned int cmd, void __user *argp) + { +- mm_segment_t old_fs = get_fs(); +- struct mtget get; ++ /* NULL initialization to make gcc shut up */ ++ struct mtget __user *get = NULL; + struct mtget32 __user *umget32; +- struct mtpos pos; ++ struct mtpos __user *pos = NULL; + struct mtpos32 __user *upos32; + unsigned long kcmd; + void *karg; +@@ -526,32 +548,34 @@ static int mt_ioctl_trans(unsigned int fd, unsigned int cmd, void __user *argp) + switch(cmd) { + case MTIOCPOS32: + kcmd = MTIOCPOS; +- karg = &pos; ++ pos = compat_alloc_user_space(sizeof(*pos)); ++ karg = pos; + break; + default: /* MTIOCGET32 */ + kcmd = MTIOCGET; +- karg = &get; ++ get = compat_alloc_user_space(sizeof(*get)); ++ karg = get; + break; + } +- set_fs (KERNEL_DS); +- err = sys_ioctl (fd, kcmd, (unsigned long)karg); +- set_fs (old_fs); ++ if (karg == NULL) ++ return -EFAULT; ++ err = do_ioctl(file, kcmd, (unsigned long)karg); + if (err) + return err; + switch (cmd) { + case MTIOCPOS32: + upos32 = argp; +- err = __put_user(pos.mt_blkno, &upos32->mt_blkno); ++ err = convert_in_user(&pos->mt_blkno, &upos32->mt_blkno); + break; + case MTIOCGET32: + umget32 = argp; +- err = __put_user(get.mt_type, &umget32->mt_type); +- err |= __put_user(get.mt_resid, &umget32->mt_resid); +- err |= __put_user(get.mt_dsreg, &umget32->mt_dsreg); +- err |= __put_user(get.mt_gstat, &umget32->mt_gstat); +- err |= __put_user(get.mt_erreg, &umget32->mt_erreg); +- err |= __put_user(get.mt_fileno, &umget32->mt_fileno); +- err |= __put_user(get.mt_blkno, &umget32->mt_blkno); ++ err = convert_in_user(&get->mt_type, &umget32->mt_type); ++ err |= convert_in_user(&get->mt_resid, &umget32->mt_resid); ++ err |= convert_in_user(&get->mt_dsreg, &umget32->mt_dsreg); ++ err |= convert_in_user(&get->mt_gstat, &umget32->mt_gstat); ++ err |= convert_in_user(&get->mt_erreg, &umget32->mt_erreg); ++ err |= convert_in_user(&get->mt_fileno, &umget32->mt_fileno); ++ err |= convert_in_user(&get->mt_blkno, &umget32->mt_blkno); + break; + } + return err ? -EFAULT: 0; +@@ -605,42 +629,41 @@ struct serial_struct32 { + compat_int_t reserved[1]; + }; + +-static int serial_struct_ioctl(unsigned fd, unsigned cmd, +- struct serial_struct32 __user *ss32) ++static int serial_struct_ioctl(struct file *file, ++ unsigned cmd, struct serial_struct32 __user *ss32) + { + typedef struct serial_struct32 SS32; + int err; +- struct serial_struct ss; +- mm_segment_t oldseg = get_fs(); ++ struct serial_struct __user *ss = compat_alloc_user_space(sizeof(*ss)); + __u32 udata; + unsigned int base; ++ unsigned char *iomem_base; + ++ if (ss == NULL) ++ return -EFAULT; + if (cmd == TIOCSSERIAL) { +- if (!access_ok(VERIFY_READ, ss32, sizeof(SS32))) +- return -EFAULT; +- if (__copy_from_user(&ss, ss32, offsetof(SS32, iomem_base))) ++ if (copy_in_user(ss, ss32, offsetof(SS32, iomem_base)) || ++ get_user(udata, &ss32->iomem_base)) return -EFAULT; - if (__get_user(udata, &ss32->iomem_base)) +- if (__get_user(udata, &ss32->iomem_base)) ++ iomem_base = compat_ptr(udata); ++ if (put_user(iomem_base, &ss->iomem_base) || ++ convert_in_user(&ss32->iomem_reg_shift, ++ &ss->iomem_reg_shift) || ++ convert_in_user(&ss32->port_high, &ss->port_high) || ++ put_user(0UL, &ss->iomap_base)) return -EFAULT; - ss.iomem_base = compat_ptr(udata); -+ ss.iomem_base = (unsigned char __force_kernel *)compat_ptr(udata); - if (__get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) || - __get_user(ss.port_high, &ss32->port_high)) +- if (__get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) || +- __get_user(ss.port_high, &ss32->port_high)) +- return -EFAULT; +- ss.iomap_base = 0UL; + } +- set_fs(KERNEL_DS); +- err = sys_ioctl(fd,cmd,(unsigned long)(&ss)); +- set_fs(oldseg); ++ err = do_ioctl(file, cmd, (unsigned long)ss); + if (cmd == TIOCGSERIAL && err >= 0) { +- if (!access_ok(VERIFY_WRITE, ss32, sizeof(SS32))) +- return -EFAULT; +- if (__copy_to_user(ss32,&ss,offsetof(SS32,iomem_base))) ++ if (copy_in_user(ss32, ss, offsetof(SS32, iomem_base)) || ++ get_user(iomem_base, &ss->iomem_base)) + return -EFAULT; +- base = (unsigned long)ss.iomem_base >> 32 ? +- 0xffffffff : (unsigned)(unsigned long)ss.iomem_base; +- if (__put_user(base, &ss32->iomem_base) || +- __put_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) || +- __put_user(ss.port_high, &ss32->port_high)) ++ base = (unsigned long)iomem_base >> 32 ? ++ 0xffffffff : (unsigned)(unsigned long)iomem_base; ++ if (put_user(base, &ss32->iomem_base) || ++ convert_in_user(&ss->iomem_reg_shift, ++ &ss32->iomem_reg_shift) || ++ convert_in_user(&ss->port_high, &ss32->port_high)) return -EFAULT; -@@ -704,8 +704,8 @@ static int do_i2c_rdwr_ioctl(unsigned int fd, unsigned int cmd, + } + return err; +@@ -674,8 +697,8 @@ struct i2c_rdwr_aligned { + struct i2c_msg msgs[0]; + }; + +-static int do_i2c_rdwr_ioctl(unsigned int fd, unsigned int cmd, +- struct i2c_rdwr_ioctl_data32 __user *udata) ++static int do_i2c_rdwr_ioctl(struct file *file, ++ unsigned int cmd, struct i2c_rdwr_ioctl_data32 __user *udata) + { + struct i2c_rdwr_aligned __user *tdata; + struct i2c_msg __user *tmsgs; +@@ -704,15 +727,15 @@ static int do_i2c_rdwr_ioctl(unsigned int fd, unsigned int cmd, for (i = 0; i < nmsgs; i++) { if (copy_in_user(&tmsgs[i].addr, &umsgs[i].addr, 3*sizeof(u16))) return -EFAULT; @@ -78036,8 +78403,67 @@ index 48851f6..6c79d32 100644 + put_user(compat_ptr(datap), (u8 __user * __user *)&tmsgs[i].buf)) return -EFAULT; } - return sys_ioctl(fd, cmd, (unsigned long)tdata); -@@ -798,7 +798,7 @@ static int compat_ioctl_preallocate(struct file *file, +- return sys_ioctl(fd, cmd, (unsigned long)tdata); ++ return do_ioctl(file, cmd, (unsigned long)tdata); + } + +-static int do_i2c_smbus_ioctl(unsigned int fd, unsigned int cmd, +- struct i2c_smbus_ioctl_data32 __user *udata) ++static int do_i2c_smbus_ioctl(struct file *file, ++ unsigned int cmd, struct i2c_smbus_ioctl_data32 __user *udata) + { + struct i2c_smbus_ioctl_data __user *tdata; + compat_caddr_t datap; +@@ -734,7 +757,7 @@ static int do_i2c_smbus_ioctl(unsigned int fd, unsigned int cmd, + __put_user(compat_ptr(datap), &tdata->data)) + return -EFAULT; + +- return sys_ioctl(fd, cmd, (unsigned long)tdata); ++ return do_ioctl(file, cmd, (unsigned long)tdata); + } + + #define RTC_IRQP_READ32 _IOR('p', 0x0b, compat_ulong_t) +@@ -742,29 +765,27 @@ static int do_i2c_smbus_ioctl(unsigned int fd, unsigned int cmd, + #define RTC_EPOCH_READ32 _IOR('p', 0x0d, compat_ulong_t) + #define RTC_EPOCH_SET32 _IOW('p', 0x0e, compat_ulong_t) + +-static int rtc_ioctl(unsigned fd, unsigned cmd, void __user *argp) ++static int rtc_ioctl(struct file *file, ++ unsigned cmd, void __user *argp) + { +- mm_segment_t oldfs = get_fs(); +- compat_ulong_t val32; +- unsigned long kval; ++ unsigned long __user *valp = compat_alloc_user_space(sizeof(*valp)); + int ret; + ++ if (valp == NULL) ++ return -EFAULT; + switch (cmd) { + case RTC_IRQP_READ32: + case RTC_EPOCH_READ32: +- set_fs(KERNEL_DS); +- ret = sys_ioctl(fd, (cmd == RTC_IRQP_READ32) ? ++ ret = do_ioctl(file, (cmd == RTC_IRQP_READ32) ? + RTC_IRQP_READ : RTC_EPOCH_READ, +- (unsigned long)&kval); +- set_fs(oldfs); ++ (unsigned long)valp); + if (ret) + return ret; +- val32 = kval; +- return put_user(val32, (unsigned int __user *)argp); ++ return convert_in_user(valp, (unsigned int __user *)argp); + case RTC_IRQP_SET32: +- return sys_ioctl(fd, RTC_IRQP_SET, (unsigned long)argp); ++ return do_ioctl(file, RTC_IRQP_SET, (unsigned long)argp); + case RTC_EPOCH_SET32: +- return sys_ioctl(fd, RTC_EPOCH_SET, (unsigned long)argp); ++ return do_ioctl(file, RTC_EPOCH_SET, (unsigned long)argp); + } + + return -ENOIOCTLCMD; +@@ -798,7 +819,7 @@ static int compat_ioctl_preallocate(struct file *file, copy_in_user(&p->l_len, &p32->l_len, sizeof(s64)) || copy_in_user(&p->l_sysid, &p32->l_sysid, sizeof(s32)) || copy_in_user(&p->l_pid, &p32->l_pid, sizeof(u32)) || @@ -78046,7 +78472,94 @@ index 48851f6..6c79d32 100644 return -EFAULT; return ioctl_preallocate(file, p); -@@ -1621,8 +1621,8 @@ COMPAT_SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd, +@@ -1436,53 +1457,53 @@ IGNORE_IOCTL(FBIOGCURSOR32) + * a compat_ioctl operation in the place that handleѕ the + * ioctl for the native case. + */ +-static long do_ioctl_trans(int fd, unsigned int cmd, ++static long do_ioctl_trans(unsigned int cmd, + unsigned long arg, struct file *file) + { + void __user *argp = compat_ptr(arg); + + switch (cmd) { + case PPPIOCGIDLE32: +- return ppp_gidle(fd, cmd, argp); ++ return ppp_gidle(file, cmd, argp); + case PPPIOCSCOMPRESS32: +- return ppp_scompress(fd, cmd, argp); ++ return ppp_scompress(file, cmd, argp); + case PPPIOCSPASS32: + case PPPIOCSACTIVE32: +- return ppp_sock_fprog_ioctl_trans(fd, cmd, argp); ++ return ppp_sock_fprog_ioctl_trans(file, cmd, argp); + #ifdef CONFIG_BLOCK + case SG_IO: +- return sg_ioctl_trans(fd, cmd, argp); ++ return sg_ioctl_trans(file, cmd, argp); + case SG_GET_REQUEST_TABLE: +- return sg_grt_trans(fd, cmd, argp); ++ return sg_grt_trans(file, cmd, argp); + case MTIOCGET32: + case MTIOCPOS32: +- return mt_ioctl_trans(fd, cmd, argp); ++ return mt_ioctl_trans(file, cmd, argp); + #endif + /* Serial */ + case TIOCGSERIAL: + case TIOCSSERIAL: +- return serial_struct_ioctl(fd, cmd, argp); ++ return serial_struct_ioctl(file, cmd, argp); + /* i2c */ + case I2C_FUNCS: +- return w_long(fd, cmd, argp); ++ return w_long(file, cmd, argp); + case I2C_RDWR: +- return do_i2c_rdwr_ioctl(fd, cmd, argp); ++ return do_i2c_rdwr_ioctl(file, cmd, argp); + case I2C_SMBUS: +- return do_i2c_smbus_ioctl(fd, cmd, argp); ++ return do_i2c_smbus_ioctl(file, cmd, argp); + /* Not implemented in the native kernel */ + case RTC_IRQP_READ32: + case RTC_IRQP_SET32: + case RTC_EPOCH_READ32: + case RTC_EPOCH_SET32: +- return rtc_ioctl(fd, cmd, argp); ++ return rtc_ioctl(file, cmd, argp); + + /* dvb */ + case VIDEO_GET_EVENT: +- return do_video_get_event(fd, cmd, argp); ++ return do_video_get_event(file, cmd, argp); + case VIDEO_STILLPICTURE: +- return do_video_stillpicture(fd, cmd, argp); ++ return do_video_stillpicture(file, cmd, argp); + case VIDEO_SET_SPU_PALETTE: +- return do_video_set_spu_palette(fd, cmd, argp); ++ return do_video_set_spu_palette(file, cmd, argp); + } + + /* +@@ -1513,7 +1534,7 @@ static long do_ioctl_trans(int fd, unsigned int cmd, + case NBD_SET_BLKSIZE: + case NBD_SET_SIZE: + case NBD_SET_SIZE_BLOCKS: +- return do_vfs_ioctl(file, fd, cmd, arg); ++ return vfs_ioctl(file, cmd, arg); + } + + return -ENOIOCTLCMD; +@@ -1602,7 +1623,7 @@ COMPAT_SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd, + if (compat_ioctl_check_table(XFORM(cmd))) + goto found_handler; + +- error = do_ioctl_trans(fd, cmd, arg, f.file); ++ error = do_ioctl_trans(cmd, arg, f.file); + if (error == -ENOIOCTLCMD) + error = -ENOTTY; + +@@ -1621,8 +1642,8 @@ COMPAT_SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd, static int __init init_sys32_ioctl_cmp(const void *p, const void *q) { unsigned int a, b; @@ -79437,6 +79950,19 @@ index fd1f28b..eb832cf 100644 atomic_t s_lock_busy; /* locality groups */ +diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c +index 7f486e3..2d61649 100644 +--- a/fs/ext4/extents.c ++++ b/fs/ext4/extents.c +@@ -862,7 +862,7 @@ ext4_find_extent(struct inode *inode, ext4_lblk_t block, + struct ext4_extent_header *eh; + struct buffer_head *bh; + struct ext4_ext_path *path = orig_path ? *orig_path : NULL; +- short int depth, i, ppos = 0; ++ int depth, i, ppos = 0; + int ret; + + eh = ext_inode_hdr(inode); diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 34b610e..ecc47cb 100644 --- a/fs/ext4/mballoc.c @@ -81629,6 +82155,43 @@ index 78a17b8..fb43210 100644 *p = res; put_cpu_var(last_ino); return res; +diff --git a/fs/internal.h b/fs/internal.h +index 71859c4d..e38c08c 100644 +--- a/fs/internal.h ++++ b/fs/internal.h +@@ -151,3 +151,10 @@ extern void mnt_pin_kill(struct mount *m); + * fs/nsfs.c + */ + extern struct dentry_operations ns_dentry_operations; ++ ++/* ++ * fs/ioctl.c ++ */ ++extern int do_vfs_ioctl(struct file *file, unsigned int fd, unsigned int cmd, ++ unsigned long arg); ++extern long vfs_ioctl(struct file *file, unsigned int cmd, unsigned long arg); +diff --git a/fs/ioctl.c b/fs/ioctl.c +index 5d01d26..41c352e 100644 +--- a/fs/ioctl.c ++++ b/fs/ioctl.c +@@ -15,6 +15,7 @@ + #include <linux/writeback.h> + #include <linux/buffer_head.h> + #include <linux/falloc.h> ++#include "internal.h" + + #include <asm/ioctls.h> + +@@ -32,8 +33,7 @@ + * + * Returns 0 on success, -errno on error. + */ +-static long vfs_ioctl(struct file *filp, unsigned int cmd, +- unsigned long arg) ++long vfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) + { + int error = -ENOTTY; + diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c index 4a6cf28..d3a29d3 100644 --- a/fs/jffs2/erase.c @@ -96438,10 +97001,10 @@ index 0000000..304c518 +} diff --git a/grsecurity/grsec_sig.c b/grsecurity/grsec_sig.c new file mode 100644 -index 0000000..528fd00 +index 0000000..f50742d --- /dev/null +++ b/grsecurity/grsec_sig.c -@@ -0,0 +1,244 @@ +@@ -0,0 +1,245 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/fs.h> @@ -96449,6 +97012,7 @@ index 0000000..528fd00 +#include <linux/grsecurity.h> +#include <linux/grinternal.h> +#include <linux/hardirq.h> ++#include <asm/pgtable.h> + +char *signames[] = { + [SIGSEGV] = "Segmentation fault", @@ -99523,7 +100087,7 @@ index fa2cab9..d42a5b8 100644 { BUG_ON(ftest->code & BPF_ANC); diff --git a/include/linux/fs.h b/include/linux/fs.h -index 72d8a84..4027250 100644 +index 72d8a84..d67bd25 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -439,7 +439,7 @@ struct address_space { @@ -99599,7 +100163,16 @@ index 72d8a84..4027250 100644 unsigned int count, const char *name); extern void unregister_chrdev_region(dev_t, unsigned); extern void chrdev_show(struct seq_file *,off_t); -@@ -3040,4 +3041,14 @@ static inline bool dir_relax(struct inode *inode) +@@ -2778,8 +2779,6 @@ extern int vfs_lstat(const char __user *, struct kstat *); + extern int vfs_fstat(unsigned int, struct kstat *); + extern int vfs_fstatat(int , const char __user *, struct kstat *, int); + +-extern int do_vfs_ioctl(struct file *filp, unsigned int fd, unsigned int cmd, +- unsigned long arg); + extern int __generic_block_fiemap(struct inode *inode, + struct fiemap_extent_info *fieinfo, + loff_t start, loff_t len, +@@ -3040,4 +3039,14 @@ static inline bool dir_relax(struct inode *inode) extern bool path_noexec(const struct path *path); @@ -101451,15 +102024,24 @@ index 6883e19..e854fcb 100644 /* This macro allows us to keep printk typechecking */ static __printf(1, 2) diff --git a/include/linux/key-type.h b/include/linux/key-type.h -index ff9f1d3..6712be5 100644 +index ff9f1d3..77627d8 100644 --- a/include/linux/key-type.h +++ b/include/linux/key-type.h +@@ -47,7 +47,7 @@ struct key_preparsed_payload { + size_t quotalen; /* Quota length for proposed payload */ + time_t expiry; /* Expiry time of key */ + bool trusted; /* True if key is trusted */ +-}; ++} __randomize_layout; + + typedef int (*request_key_actor_t)(struct key_construction *key, + const char *op, void *aux); @@ -152,7 +152,7 @@ struct key_type { /* internal fields */ struct list_head link; /* link in types list */ struct lock_class_key lock_class; /* key->sem lock class */ -}; -+} __do_const; ++} __do_const __randomize_layout; extern struct key_type key_type_keyring; @@ -102798,10 +103380,10 @@ index 5df733b..d55f252 100644 /* config parameters */ #define PNP_CONFIG_NORMAL 0x0001 diff --git a/include/linux/poison.h b/include/linux/poison.h -index 317e16d..924c034 100644 +index 317e16d..c5701ff 100644 --- a/include/linux/poison.h +++ b/include/linux/poison.h -@@ -19,8 +19,8 @@ +@@ -19,15 +19,15 @@ * under normal circumstances, used to verify that nobody uses * non-initialized list entries. */ @@ -102812,6 +103394,14 @@ index 317e16d..924c034 100644 /********** include/linux/timer.h **********/ /* + * Magic number "tsta" to indicate a static timer initializer + * for the object debugging code. + */ +-#define TIMER_ENTRY_STATIC ((void *) 0x74737461) ++#define TIMER_ENTRY_STATIC ((void *) 0x300 + POISON_POINTER_DELTA) + + /********** mm/debug-pagealloc.c **********/ + #define PAGE_POISON 0xaa diff --git a/include/linux/power/smartreflex.h b/include/linux/power/smartreflex.h index d8b187c3..9a9257a 100644 --- a/include/linux/power/smartreflex.h @@ -107280,6 +107870,28 @@ index 1471db9..dbdcf7f 100644 seq_printf(s, "%10d %10d %4o %10lu %10lu %5u %5u %5u %5u %5u %5u %10lu %10lu %10lu\n", +diff --git a/ipc/msgutil.c b/ipc/msgutil.c +index 71f448e..5cb11f3 100644 +--- a/ipc/msgutil.c ++++ b/ipc/msgutil.c +@@ -55,7 +55,7 @@ static struct msg_msg *alloc_msg(size_t len) + size_t alen; + + alen = min(len, DATALEN_MSG); +- msg = kmalloc(sizeof(*msg) + alen, GFP_KERNEL); ++ msg = kmalloc(sizeof(*msg) + alen, GFP_KERNEL|GFP_USERCOPY); + if (msg == NULL) + return NULL; + +@@ -67,7 +67,7 @@ static struct msg_msg *alloc_msg(size_t len) + while (len > 0) { + struct msg_msgseg *seg; + alen = min(len, DATALEN_SEG); +- seg = kmalloc(sizeof(*seg) + alen, GFP_KERNEL); ++ seg = kmalloc(sizeof(*seg) + alen, GFP_KERNEL|GFP_USERCOPY); + if (seg == NULL) + goto out_err; + *pseg = seg; diff --git a/ipc/sem.c b/ipc/sem.c index b471e5a..cb0c603 100644 --- a/ipc/sem.c @@ -124347,7 +124959,7 @@ index b9ac598..f88cc56 100644 return; diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index 918151c..5bbe95a 100644 +index 918151c..2186df8 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -686,10 +686,10 @@ static void __iucv_auto_name(struct iucv_sock *iucv) @@ -124363,6 +124975,16 @@ index 918151c..5bbe95a 100644 } memcpy(iucv->src_name, name, 8); } +@@ -709,6 +709,9 @@ static int iucv_sock_bind(struct socket *sock, struct sockaddr *addr, + if (!addr || addr->sa_family != AF_IUCV) + return -EINVAL; + ++ if (addr_len < sizeof(struct sockaddr_iucv)) ++ return -EINVAL; ++ + lock_sock(sk); + if (sk->sk_state != IUCV_OPEN) { + err = -EBADFD; diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c index 2a6a1fd..6c112b0 100644 --- a/net/iucv/iucv.c @@ -125371,6 +125993,42 @@ index fafe33b..8896912 100644 sock_i_ino(s) ); +diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c +index dba635d..0d2884b 100644 +--- a/net/openvswitch/actions.c ++++ b/net/openvswitch/actions.c +@@ -1159,17 +1159,26 @@ int ovs_execute_actions(struct datapath *dp, struct sk_buff *skb, + const struct sw_flow_actions *acts, + struct sw_flow_key *key) + { +- int level = this_cpu_read(exec_actions_level); +- int err; ++ static const int ovs_recursion_limit = 5; ++ int err, level; ++ ++ level = __this_cpu_inc_return(exec_actions_level); ++ if (unlikely(level > ovs_recursion_limit)) { ++ net_crit_ratelimited("ovs: recursion limit reached on datapath %s, probable configuration error\n", ++ ovs_dp_name(dp)); ++ kfree_skb(skb); ++ err = -ENETDOWN; ++ goto out; ++ } + +- this_cpu_inc(exec_actions_level); + err = do_execute_actions(dp, skb, key, + acts->actions, acts->actions_len); + +- if (!level) ++ if (level == 1) + process_deferred_actions(dp); + +- this_cpu_dec(exec_actions_level); ++out: ++ __this_cpu_dec(exec_actions_level); + return err; + } + diff --git a/net/openvswitch/vport-internal_dev.c b/net/openvswitch/vport-internal_dev.c index b393412..3b2f7eb 100644 --- a/net/openvswitch/vport-internal_dev.c @@ -129759,7 +130417,7 @@ index 552705d..9920f4fb 100644 hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]); return 0; diff --git a/security/keys/internal.h b/security/keys/internal.h -index 5105c2c..fd59e52 100644 +index 5105c2c..a5010e6 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -90,12 +90,16 @@ extern void key_type_put(struct key_type *ktype); @@ -129781,6 +130439,15 @@ index 5105c2c..fd59e52 100644 extern key_ref_t find_key_to_update(key_ref_t keyring_ref, const struct keyring_index_key *index_key); +@@ -191,7 +195,7 @@ struct request_key_auth { + void *callout_info; + size_t callout_len; + pid_t pid; +-}; ++} __randomize_layout; + + extern struct key_type key_type_request_key_auth; + extern struct key *request_key_auth_new(struct key *target, diff --git a/security/keys/key.c b/security/keys/key.c index aee2ec5..c276071 100644 --- a/security/keys/key.c @@ -129890,6 +130557,18 @@ index d334370..b03e5a8 100644 { BUG_ON(index_key->type == NULL); kenter("%d,%s,", keyring->serial, index_key->type->name); +diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c +index 43b4cdd..7877e5c 100644 +--- a/security/keys/process_keys.c ++++ b/security/keys/process_keys.c +@@ -794,6 +794,7 @@ long join_session_keyring(const char *name) + ret = PTR_ERR(keyring); + goto error2; + } else if (keyring == new->session_keyring) { ++ key_put(keyring); + ret = 0; + goto error2; + } diff --git a/security/min_addr.c b/security/min_addr.c index f728728..6457a0c 100644 --- a/security/min_addr.c @@ -130207,6 +130886,27 @@ index ffd2025..df062c9 100644 /* PCM3052 register definitions */ +diff --git a/sound/core/hrtimer.c b/sound/core/hrtimer.c +index f845ecf..656d9a9 100644 +--- a/sound/core/hrtimer.c ++++ b/sound/core/hrtimer.c +@@ -90,7 +90,7 @@ static int snd_hrtimer_start(struct snd_timer *t) + struct snd_hrtimer *stime = t->private_data; + + atomic_set(&stime->running, 0); +- hrtimer_cancel(&stime->hrt); ++ hrtimer_try_to_cancel(&stime->hrt); + hrtimer_start(&stime->hrt, ns_to_ktime(t->sticks * resolution), + HRTIMER_MODE_REL); + atomic_set(&stime->running, 1); +@@ -101,6 +101,7 @@ static int snd_hrtimer_stop(struct snd_timer *t) + { + struct snd_hrtimer *stime = t->private_data; + atomic_set(&stime->running, 0); ++ hrtimer_try_to_cancel(&stime->hrt); + return 0; + } + diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c index 58550cc..4687a93 100644 --- a/sound/core/oss/pcm_oss.c @@ -130314,7 +131014,7 @@ index 75888dd..c940854 100644 default: result = -EINVAL; diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c -index b64f20d..aff6c32 100644 +index b64f20d..a68addd 100644 --- a/sound/core/seq/seq_clientmgr.c +++ b/sound/core/seq/seq_clientmgr.c @@ -446,7 +446,7 @@ static ssize_t snd_seq_read(struct file *file, char __user *buf, size_t count, @@ -130342,6 +131042,15 @@ index b64f20d..aff6c32 100644 event.data.ext.ptr = ptr; } #endif +@@ -1962,7 +1962,7 @@ static int snd_seq_ioctl_remove_events(struct snd_seq_client *client, + * No restrictions so for a user client we can clear + * the whole fifo + */ +- if (client->type == USER_CLIENT) ++ if (client->type == USER_CLIENT && client->data.user.fifo) + snd_seq_fifo_clear(client->data.user.fifo); + } + @@ -2420,7 +2420,7 @@ int snd_seq_kernel_client_ctl(int clientid, unsigned int cmd, void *arg) if (client == NULL) return -ENXIO; @@ -130395,6 +131104,21 @@ index 8010766..4bd361f 100644 err = -EFAULT; goto __error; } +diff --git a/sound/core/seq/seq_queue.c b/sound/core/seq/seq_queue.c +index 7dfd0f4..0bec02e 100644 +--- a/sound/core/seq/seq_queue.c ++++ b/sound/core/seq/seq_queue.c +@@ -142,8 +142,10 @@ static struct snd_seq_queue *queue_new(int owner, int locked) + static void queue_delete(struct snd_seq_queue *q) + { + /* stop and release the timer */ ++ mutex_lock(&q->timer_mutex); + snd_seq_timer_stop(q->timer); + snd_seq_timer_close(q); ++ mutex_unlock(&q->timer_mutex); + /* wait until access free */ + snd_use_lock_sync(&q->use_lock); + /* release resources... */ diff --git a/sound/core/sound.c b/sound/core/sound.c index 175f9e4..3518d31 100644 --- a/sound/core/sound.c @@ -130408,6 +131132,171 @@ index 175f9e4..3518d31 100644 } #endif /* modular kernel */ +diff --git a/sound/core/timer.c b/sound/core/timer.c +index 31f40f0..4e8d7bf 100644 +--- a/sound/core/timer.c ++++ b/sound/core/timer.c +@@ -73,7 +73,7 @@ struct snd_timer_user { + struct timespec tstamp; /* trigger tstamp */ + wait_queue_head_t qchange_sleep; + struct fasync_struct *fasync; +- struct mutex tread_sem; ++ struct mutex ioctl_lock; + }; + + /* list of timers */ +@@ -215,11 +215,13 @@ static void snd_timer_check_master(struct snd_timer_instance *master) + slave->slave_id == master->slave_id) { + list_move_tail(&slave->open_list, &master->slave_list_head); + spin_lock_irq(&slave_active_lock); ++ spin_lock(&master->timer->lock); + slave->master = master; + slave->timer = master->timer; + if (slave->flags & SNDRV_TIMER_IFLG_RUNNING) + list_add_tail(&slave->active_list, + &master->slave_active_head); ++ spin_unlock(&master->timer->lock); + spin_unlock_irq(&slave_active_lock); + } + } +@@ -346,15 +348,18 @@ int snd_timer_close(struct snd_timer_instance *timeri) + timer->hw.close) + timer->hw.close(timer); + /* remove slave links */ ++ spin_lock_irq(&slave_active_lock); ++ spin_lock(&timer->lock); + list_for_each_entry_safe(slave, tmp, &timeri->slave_list_head, + open_list) { +- spin_lock_irq(&slave_active_lock); +- _snd_timer_stop(slave, 1, SNDRV_TIMER_EVENT_RESOLUTION); + list_move_tail(&slave->open_list, &snd_timer_slave_list); + slave->master = NULL; + slave->timer = NULL; +- spin_unlock_irq(&slave_active_lock); ++ list_del_init(&slave->ack_list); ++ list_del_init(&slave->active_list); + } ++ spin_unlock(&timer->lock); ++ spin_unlock_irq(&slave_active_lock); + mutex_unlock(®ister_mutex); + } + out: +@@ -441,9 +446,12 @@ static int snd_timer_start_slave(struct snd_timer_instance *timeri) + + spin_lock_irqsave(&slave_active_lock, flags); + timeri->flags |= SNDRV_TIMER_IFLG_RUNNING; +- if (timeri->master) ++ if (timeri->master && timeri->timer) { ++ spin_lock(&timeri->timer->lock); + list_add_tail(&timeri->active_list, + &timeri->master->slave_active_head); ++ spin_unlock(&timeri->timer->lock); ++ } + spin_unlock_irqrestore(&slave_active_lock, flags); + return 1; /* delayed start */ + } +@@ -489,6 +497,8 @@ static int _snd_timer_stop(struct snd_timer_instance * timeri, + if (!keep_flag) { + spin_lock_irqsave(&slave_active_lock, flags); + timeri->flags &= ~SNDRV_TIMER_IFLG_RUNNING; ++ list_del_init(&timeri->ack_list); ++ list_del_init(&timeri->active_list); + spin_unlock_irqrestore(&slave_active_lock, flags); + } + goto __end; +@@ -694,7 +704,7 @@ void snd_timer_interrupt(struct snd_timer * timer, unsigned long ticks_left) + } else { + ti->flags &= ~SNDRV_TIMER_IFLG_RUNNING; + if (--timer->running) +- list_del(&ti->active_list); ++ list_del_init(&ti->active_list); + } + if ((timer->hw.flags & SNDRV_TIMER_HW_TASKLET) || + (ti->flags & SNDRV_TIMER_IFLG_FAST)) +@@ -1253,7 +1263,7 @@ static int snd_timer_user_open(struct inode *inode, struct file *file) + return -ENOMEM; + spin_lock_init(&tu->qlock); + init_waitqueue_head(&tu->qchange_sleep); +- mutex_init(&tu->tread_sem); ++ mutex_init(&tu->ioctl_lock); + tu->ticks = 1; + tu->queue_size = 128; + tu->queue = kmalloc(tu->queue_size * sizeof(struct snd_timer_read), +@@ -1273,8 +1283,10 @@ static int snd_timer_user_release(struct inode *inode, struct file *file) + if (file->private_data) { + tu = file->private_data; + file->private_data = NULL; ++ mutex_lock(&tu->ioctl_lock); + if (tu->timeri) + snd_timer_close(tu->timeri); ++ mutex_unlock(&tu->ioctl_lock); + kfree(tu->queue); + kfree(tu->tqueue); + kfree(tu); +@@ -1512,7 +1524,6 @@ static int snd_timer_user_tselect(struct file *file, + int err = 0; + + tu = file->private_data; +- mutex_lock(&tu->tread_sem); + if (tu->timeri) { + snd_timer_close(tu->timeri); + tu->timeri = NULL; +@@ -1556,7 +1567,6 @@ static int snd_timer_user_tselect(struct file *file, + } + + __err: +- mutex_unlock(&tu->tread_sem); + return err; + } + +@@ -1769,7 +1779,7 @@ enum { + SNDRV_TIMER_IOCTL_PAUSE_OLD = _IO('T', 0x23), + }; + +-static long snd_timer_user_ioctl(struct file *file, unsigned int cmd, ++static long __snd_timer_user_ioctl(struct file *file, unsigned int cmd, + unsigned long arg) + { + struct snd_timer_user *tu; +@@ -1786,17 +1796,11 @@ static long snd_timer_user_ioctl(struct file *file, unsigned int cmd, + { + int xarg; + +- mutex_lock(&tu->tread_sem); +- if (tu->timeri) { /* too late */ +- mutex_unlock(&tu->tread_sem); ++ if (tu->timeri) /* too late */ + return -EBUSY; +- } +- if (get_user(xarg, p)) { +- mutex_unlock(&tu->tread_sem); ++ if (get_user(xarg, p)) + return -EFAULT; +- } + tu->tread = xarg ? 1 : 0; +- mutex_unlock(&tu->tread_sem); + return 0; + } + case SNDRV_TIMER_IOCTL_GINFO: +@@ -1829,6 +1833,18 @@ static long snd_timer_user_ioctl(struct file *file, unsigned int cmd, + return -ENOTTY; + } + ++static long snd_timer_user_ioctl(struct file *file, unsigned int cmd, ++ unsigned long arg) ++{ ++ struct snd_timer_user *tu = file->private_data; ++ long ret; ++ ++ mutex_lock(&tu->ioctl_lock); ++ ret = __snd_timer_user_ioctl(file, cmd, arg); ++ mutex_unlock(&tu->ioctl_lock); ++ return ret; ++} ++ + static int snd_timer_user_fasync(int fd, struct file * file, int on) + { + struct snd_timer_user *tu; diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c index 2a008a9..a1efb3f 100644 --- a/sound/drivers/mts64.c @@ -150708,10 +151597,10 @@ index 0000000..fc58e16 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..0a36c4a +index 0000000..9da833a --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,21743 @@ +@@ -0,0 +1,21745 @@ +enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL +enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL +enable_so_size_ttm_mem_reg_8 size ttm_mem_reg 0 8 NULL @@ -163535,7 +164424,8 @@ index 0000000..0a36c4a +enable_so_prism2_ap_translate_scan_fndecl_38540 prism2_ap_translate_scan fndecl 0 38540 NULL +enable_so_cx18_av_read_fndecl_38542 cx18_av_read fndecl 0 38542 NULL +enable_so_hw_channels_sh_cmt_device_38544 hw_channels sh_cmt_device 0 38544 NULL -+enable_so_clk_fd_set_rate_fndecl_38545 clk_fd_set_rate fndecl 2-3 38545 NULL ++enable_so_clk_fd_set_rate_fndecl_38545 clk_fd_set_rate fndecl 2-3 38545 NULL nohasharray ++enable_so_snd_timer_user_tselect_fndecl_38545 snd_timer_user_tselect fndecl 0 38545 &enable_so_clk_fd_set_rate_fndecl_38545 +enable_so_ulist_add_merge_fndecl_38547 ulist_add_merge fndecl 0-2 38547 NULL nohasharray +enable_so_krb5_encrypt_fndecl_38547 krb5_encrypt fndecl 5 38547 &enable_so_ulist_add_merge_fndecl_38547 +enable_so_fb_base_phys_radeonfb_info_38551 fb_base_phys radeonfb_info 0 38551 NULL @@ -168363,6 +169253,7 @@ index 0000000..0a36c4a +enable_so_real_vram_size_radeon_mc_53132 real_vram_size radeon_mc 0 53132 NULL +enable_so_fault_inject_read_fndecl_53133 fault_inject_read fndecl 3 53133 NULL +enable_so_data_dma_td_53137 data_dma td 0 53137 NULL ++enable_so_snd_timer_user_params_fndecl_53139 snd_timer_user_params fndecl 0 53139 NULL +enable_so_log_rq_size_mlx5e_params_53140 log_rq_size mlx5e_params 0 53140 NULL +enable_so_mmc_spi_readbytes_fndecl_53146 mmc_spi_readbytes fndecl 2-0 53146 NULL +enable_so_zlib_tr_stored_block_fndecl_53147 zlib_tr_stored_block fndecl 3 53147 NULL |