diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2015-12-06 04:14:58 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2015-12-06 04:14:58 -0500 |
| commit | 00011c59dc27a3b5c8a147cd36b11aa969f76b42 (patch) | |
| tree | cd058f11b86a22bee9bb9608a573f21f22227d80 | |
| parent | grsecurity-3.1-4.2.6-201511282239 (diff) | |
| download | hardened-patchset-00011c59dc27a3b5c8a147cd36b11aa969f76b42.tar.gz hardened-patchset-00011c59dc27a3b5c8a147cd36b11aa969f76b42.tar.bz2 hardened-patchset-00011c59dc27a3b5c8a147cd36b11aa969f76b42.zip | |
grsecurity-3.1-4.2.6-20151205191820151205
| -rw-r--r-- | 4.2.6/0000_README | 2 | ||||
| -rw-r--r-- | 4.2.6/4420_grsecurity-3.1-4.2.6-201512051918.patch (renamed from 4.2.6/4420_grsecurity-3.1-4.2.6-201511282239.patch) | 750 |
2 files changed, 689 insertions, 63 deletions
diff --git a/4.2.6/0000_README b/4.2.6/0000_README index ef0e3e5..ec4db38 100644 --- a/4.2.6/0000_README +++ b/4.2.6/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.2.6-201511282239.patch +Patch: 4420_grsecurity-3.1-4.2.6-201512051918.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.2.6/4420_grsecurity-3.1-4.2.6-201511282239.patch b/4.2.6/4420_grsecurity-3.1-4.2.6-201512051918.patch index 3903e3d..9b88420 100644 --- a/4.2.6/4420_grsecurity-3.1-4.2.6-201511282239.patch +++ b/4.2.6/4420_grsecurity-3.1-4.2.6-201512051918.patch @@ -406,7 +406,7 @@ index 6fccb69..60c7c7a 100644 A toggle value indicating if modules are allowed to be loaded diff --git a/Makefile b/Makefile -index 9ef3739..20b7716 100644 +index 9ef3739..df5234b 100644 --- a/Makefile +++ b/Makefile @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -431,7 +431,7 @@ index 9ef3739..20b7716 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -615,6 +617,74 @@ endif +@@ -615,6 +617,79 @@ endif # Tell gcc to never replace conditional load with a non-conditional one KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) @@ -496,6 +496,11 @@ index 9ef3739..20b7716 100644 +gcc-plugins: +ifeq ($(call cc-ifversion, -ge, 0405, y), y) + $(error Your gcc installation does not support plugins. If the necessary headers for plugin support are missing, they should be installed. On Debian, apt-get install gcc-<ver>-plugin-dev. If you choose to ignore this error and lessen the improvements provided by this patch, re-run make with the DISABLE_PAX_PLUGINS=y argument.)) ++ifeq ($(call cc-ifversion, -ge, 0408, y), y) ++ $(CONFIG_SHELL) -x $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)" ++else ++ $(CONFIG_SHELL) -x $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(HOSTCXX)" "$(CC)" ++endif +else + $(Q)echo "warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least" +endif @@ -506,7 +511,7 @@ index 9ef3739..20b7716 100644 ifdef CONFIG_READABLE_ASM # Disable optimizations that make assembler listings hard to read. # reorder blocks reorders the control in the function -@@ -714,7 +784,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g) +@@ -714,7 +789,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g) else KBUILD_CFLAGS += -g endif @@ -515,7 +520,7 @@ index 9ef3739..20b7716 100644 endif ifdef CONFIG_DEBUG_INFO_DWARF4 KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,) -@@ -886,7 +956,7 @@ export mod_sign_cmd +@@ -886,7 +961,7 @@ export mod_sign_cmd ifeq ($(KBUILD_EXTMOD),) @@ -524,7 +529,7 @@ index 9ef3739..20b7716 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -936,6 +1006,8 @@ endif +@@ -936,6 +1011,8 @@ endif # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -533,7 +538,7 @@ index 9ef3739..20b7716 100644 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -945,7 +1017,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; +@@ -945,7 +1022,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -542,7 +547,7 @@ index 9ef3739..20b7716 100644 $(Q)$(MAKE) $(build)=$@ define filechk_kernel.release -@@ -988,10 +1060,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ +@@ -988,10 +1065,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ archprepare: archheaders archscripts prepare1 scripts_basic @@ -556,7 +561,7 @@ index 9ef3739..20b7716 100644 prepare: prepare0 # Generate some files -@@ -1099,6 +1174,8 @@ all: modules +@@ -1099,6 +1179,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -565,7 +570,7 @@ index 9ef3739..20b7716 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1114,7 +1191,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1114,7 +1196,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -574,7 +579,7 @@ index 9ef3739..20b7716 100644 # Target to install modules PHONY += modules_install -@@ -1180,7 +1257,10 @@ MRPROPER_FILES += .config .config.old .version .old_version \ +@@ -1180,7 +1262,10 @@ MRPROPER_FILES += .config .config.old .version .old_version \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ signing_key.priv signing_key.x509 x509.genkey \ extra_certificates signing_key.x509.keyid \ @@ -586,7 +591,7 @@ index 9ef3739..20b7716 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1219,7 +1299,7 @@ distclean: mrproper +@@ -1219,7 +1304,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -595,7 +600,7 @@ index 9ef3739..20b7716 100644 -type f -print | xargs rm -f -@@ -1385,6 +1465,8 @@ PHONY += $(module-dirs) modules +@@ -1385,6 +1470,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -604,7 +609,7 @@ index 9ef3739..20b7716 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1525,17 +1607,21 @@ else +@@ -1525,17 +1612,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -630,7 +635,7 @@ index 9ef3739..20b7716 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1547,11 +1633,15 @@ endif +@@ -1547,11 +1638,15 @@ endif $(build)=$(build-dir) # Make sure the latest headers are built for Documentation Documentation/: headers_install @@ -22034,7 +22039,7 @@ index cd79194..6a9956f 100644 } diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index a8df874..43b72d3 100644 +index a8df874..3dcbd7c 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -7,6 +7,7 @@ @@ -22215,9 +22220,12 @@ index a8df874..43b72d3 100644 "2:\n" \ _ASM_EXTABLE_EX(1b, 2b) \ : ltype(x) : "m" (__m(addr))) -@@ -409,13 +461,24 @@ do { \ +@@ -407,15 +459,26 @@ do { \ + #define __get_user_nocheck(x, ptr, size) \ + ({ \ int __gu_err; \ - unsigned long __gu_val; \ +- unsigned long __gu_val; \ ++ __inttype(*(ptr)) __gu_val; \ __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ - (x) = (__force __typeof__(*(ptr)))__gu_val; \ + (x) = (__typeof__(*(ptr)))__gu_val; \ @@ -41354,6 +41362,47 @@ index 8d2a772..33826c9 100644 err = pci_request_regions(pdev, name); if (err) +diff --git a/drivers/crypto/nx/nx-aes-ccm.c b/drivers/crypto/nx/nx-aes-ccm.c +index e4311ce..a1d0848 100644 +--- a/drivers/crypto/nx/nx-aes-ccm.c ++++ b/drivers/crypto/nx/nx-aes-ccm.c +@@ -412,7 +412,7 @@ static int ccm_nx_decrypt(struct aead_request *req, + processed += to_process; + } while (processed < nbytes); + +- rc = memcmp(csbcpb->cpb.aes_ccm.out_pat_or_mac, priv->oauth_tag, ++ rc = crypto_memneq(csbcpb->cpb.aes_ccm.out_pat_or_mac, priv->oauth_tag, + authsize) ? -EBADMSG : 0; + out: + spin_unlock_irqrestore(&nx_ctx->lock, irq_flags); +diff --git a/drivers/crypto/nx/nx-aes-gcm.c b/drivers/crypto/nx/nx-aes-gcm.c +index 92c993f..1c478bc 100644 +--- a/drivers/crypto/nx/nx-aes-gcm.c ++++ b/drivers/crypto/nx/nx-aes-gcm.c +@@ -414,7 +414,7 @@ mac: + itag, req->src, req->assoclen + nbytes, + crypto_aead_authsize(crypto_aead_reqtfm(req)), + SCATTERWALK_FROM_SG); +- rc = memcmp(itag, otag, ++ rc = crypto_memneq(itag, otag, + crypto_aead_authsize(crypto_aead_reqtfm(req))) ? + -EBADMSG : 0; + } +diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c +index 83aca95..4e6d4ea 100644 +--- a/drivers/crypto/talitos.c ++++ b/drivers/crypto/talitos.c +@@ -1025,8 +1025,8 @@ static void ipsec_esp_decrypt_swauth_done(struct device *dev, + icvdata = &edesc->link_tbl[0]; + + sg = sg_last(req->dst, edesc->dst_nents ? : 1); +- err = memcmp(icvdata, (char *)sg_virt(sg) + sg->length - +- ctx->authsize, ctx->authsize) ? -EBADMSG : 0; ++ err = crypto_memneq(icvdata, (char *)sg_virt(sg) + sg->length - ++ ctx->authsize, ctx->authsize) ? -EBADMSG : 0; + } + + kfree(edesc); diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c index ca1b362..01cae6a 100644 --- a/drivers/devfreq/devfreq.c @@ -47789,7 +47838,7 @@ index 3e32f4e..01e0a7f 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 95e7b72..11002b9 100644 +index 95e7b72..3d67ca6 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -197,10 +197,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev); @@ -47861,7 +47910,20 @@ index 95e7b72..11002b9 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -7256,7 +7256,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -5723,9 +5723,10 @@ static int get_array_info(struct mddev *mddev, void __user *arg) + info.patch_version = MD_PATCHLEVEL_VERSION; + info.ctime = mddev->ctime; + info.level = mddev->level; +- info.size = mddev->dev_sectors / 2; +- if (info.size != mddev->dev_sectors / 2) /* overflow */ ++ if (2 * (sector_t)INT_MAX < mddev->dev_sectors) /* overflow */ + info.size = -1; ++ else ++ info.size = mddev->dev_sectors / 2; + info.nr_disks = nr; + info.raid_disks = mddev->raid_disks; + info.md_minor = mddev->md_minor; +@@ -7256,7 +7257,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -47870,7 +47932,7 @@ index 95e7b72..11002b9 100644 return 0; } if (v == (void*)2) { -@@ -7359,7 +7359,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -7359,7 +7360,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -47879,7 +47941,7 @@ index 95e7b72..11002b9 100644 return error; } -@@ -7376,7 +7376,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -7376,7 +7377,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -47888,7 +47950,7 @@ index 95e7b72..11002b9 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -7472,7 +7472,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -7472,7 +7473,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -47961,9 +48023,18 @@ index 3e6d115..ffecdeb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index d10d300..6169233 100644 +index d10d300..dbdcf89 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c +@@ -1095,7 +1095,7 @@ static void make_request(struct mddev *mddev, struct bio * bio) + struct blk_plug_cb *cb; + struct raid1_plug_cb *plug = NULL; + int first_clone; +- int sectors_handled; ++ sector_t sectors_handled; + int max_sectors; + sector_t start_next_window; + @@ -1937,7 +1937,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, @@ -51790,6 +51861,45 @@ index 487be20..f4c87bc 100644 break; err = 0; break; +diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c +index 2ed7506..cf82b13 100644 +--- a/drivers/net/ppp/pppoe.c ++++ b/drivers/net/ppp/pppoe.c +@@ -568,6 +568,9 @@ static int pppoe_create(struct net *net, struct socket *sock, int kern) + sk->sk_family = PF_PPPOX; + sk->sk_protocol = PX_PROTO_OE; + ++ INIT_WORK(&pppox_sk(sk)->proto.pppoe.padt_work, ++ pppoe_unbind_sock_work); ++ + return 0; + } + +@@ -632,8 +635,6 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr, + + lock_sock(sk); + +- INIT_WORK(&po->proto.pppoe.padt_work, pppoe_unbind_sock_work); +- + error = -EINVAL; + if (sp->sa_protocol != PX_PROTO_OE) + goto end; +@@ -663,8 +664,13 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr, + po->pppoe_dev = NULL; + } + +- memset(sk_pppox(po) + 1, 0, +- sizeof(struct pppox_sock) - sizeof(struct sock)); ++ po->pppoe_ifindex = 0; ++ memset(&po->pppoe_pa, 0, sizeof(po->pppoe_pa)); ++ memset(&po->pppoe_relay, 0, sizeof(po->pppoe_relay)); ++ memset(&po->chan, 0, sizeof(po->chan)); ++ po->next = NULL; ++ po->num = 0; ++ + sk->sk_state = PPPOX_NONE; + } + diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c index 079f7ad..7e59810 100644 --- a/drivers/net/slip/slhc.c @@ -52144,6 +52254,28 @@ index 5920c99..ff2e4a5 100644 }; static void +diff --git a/drivers/net/wan/x25_asy.c b/drivers/net/wan/x25_asy.c +index 5c47b01..cd39025 100644 +--- a/drivers/net/wan/x25_asy.c ++++ b/drivers/net/wan/x25_asy.c +@@ -549,16 +549,12 @@ static void x25_asy_receive_buf(struct tty_struct *tty, + + static int x25_asy_open_tty(struct tty_struct *tty) + { +- struct x25_asy *sl = tty->disc_data; ++ struct x25_asy *sl; + int err; + + if (tty->ops->write == NULL) + return -EOPNOTSUPP; + +- /* First make sure we're not already connected. */ +- if (sl && sl->magic == X25_ASY_MAGIC) +- return -EEXIST; +- + /* OK. Find a free X.25 channel to use. */ + sl = x25_asy_alloc(); + if (sl == NULL) diff --git a/drivers/net/wan/z85230.c b/drivers/net/wan/z85230.c index 2f0bd69..e46ed7b 100644 --- a/drivers/net/wan/z85230.c @@ -56230,8 +56362,68 @@ index 8f1cd19..ba7a8f1 100644 INIT_LIST_HEAD(&dev->t10_wwn.t10_vpd_list); spin_lock_init(&dev->t10_wwn.t10_vpd_lock); INIT_LIST_HEAD(&dev->t10_pr.registration_list); +diff --git a/drivers/target/target_core_sbc.c b/drivers/target/target_core_sbc.c +index e318ddb..9444c7b 100644 +--- a/drivers/target/target_core_sbc.c ++++ b/drivers/target/target_core_sbc.c +@@ -339,7 +339,8 @@ sbc_setup_write_same(struct se_cmd *cmd, unsigned char *flags, struct sbc_ops *o + return 0; + } + +-static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd, bool success) ++static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd, bool success, ++ int *post_ret) + { + unsigned char *buf, *addr; + struct scatterlist *sg; +@@ -405,7 +406,8 @@ sbc_execute_rw(struct se_cmd *cmd) + cmd->data_direction); + } + +-static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success) ++static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success, ++ int *post_ret) + { + struct se_device *dev = cmd->se_dev; + +@@ -415,8 +417,10 @@ static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success) + * sent to the backend driver. + */ + spin_lock_irq(&cmd->t_state_lock); +- if ((cmd->transport_state & CMD_T_SENT) && !cmd->scsi_status) ++ if ((cmd->transport_state & CMD_T_SENT) && !cmd->scsi_status) { + cmd->se_cmd_flags |= SCF_COMPARE_AND_WRITE_POST; ++ *post_ret = 1; ++ } + spin_unlock_irq(&cmd->t_state_lock); + + /* +@@ -428,7 +432,8 @@ static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success) + return TCM_NO_SENSE; + } + +-static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool success) ++static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool success, ++ int *post_ret) + { + struct se_device *dev = cmd->se_dev; + struct scatterlist *write_sg = NULL, *sg; +@@ -524,11 +529,11 @@ static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool succes + + if (block_size < PAGE_SIZE) { + sg_set_page(&write_sg[i], m.page, block_size, +- block_size); ++ m.piter.sg->offset + block_size); + } else { + sg_miter_next(&m); + sg_set_page(&write_sg[i], m.page, block_size, +- 0); ++ m.piter.sg->offset); + } + len -= block_size; + i++; diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index ce8574b..98d6199 100644 +index ce8574b..0634ccb 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -1181,7 +1181,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) @@ -56243,6 +56435,42 @@ index ce8574b..98d6199 100644 pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n", cmd->se_ordered_id, cmd->sam_task_attr, dev->transport->name); +@@ -1610,7 +1610,7 @@ bool target_stop_cmd(struct se_cmd *cmd, unsigned long *flags) + void transport_generic_request_failure(struct se_cmd *cmd, + sense_reason_t sense_reason) + { +- int ret = 0; ++ int ret = 0, post_ret = 0; + + pr_debug("-----[ Storage Engine Exception for cmd: %p ITT: 0x%08llx" + " CDB: 0x%02x\n", cmd, cmd->tag, cmd->t_task_cdb[0]); +@@ -1632,7 +1632,7 @@ void transport_generic_request_failure(struct se_cmd *cmd, + */ + if ((cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE) && + cmd->transport_complete_callback) +- cmd->transport_complete_callback(cmd, false); ++ cmd->transport_complete_callback(cmd, false, &post_ret); + + switch (sense_reason) { + case TCM_NON_EXISTENT_LUN: +@@ -2027,11 +2027,13 @@ static void target_complete_ok_work(struct work_struct *work) + */ + if (cmd->transport_complete_callback) { + sense_reason_t rc; ++ bool caw = (cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE); ++ bool zero_dl = !(cmd->data_length); ++ int post_ret = 0; + +- rc = cmd->transport_complete_callback(cmd, true); +- if (!rc && !(cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE_POST)) { +- if ((cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE) && +- !cmd->data_length) ++ rc = cmd->transport_complete_callback(cmd, true, &post_ret); ++ if (!rc && !post_ret) { ++ if (caw && zero_dl) + goto queue_rsp; + + return; diff --git a/drivers/thermal/cpu_cooling.c b/drivers/thermal/cpu_cooling.c index 42c6f71..1c64309 100644 --- a/drivers/thermal/cpu_cooling.c @@ -83985,7 +84213,7 @@ index 510413eb..34d9a8c 100644 seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq); diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index ca1e091..a048795 100644 +index ca1e091..12dd9f1 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -13,12 +13,19 @@ @@ -84110,7 +84338,17 @@ index ca1e091..a048795 100644 show_map_vma(m, v, is_pid); m_cache_vma(m, v); return 0; -@@ -620,9 +655,18 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) +@@ -585,6 +620,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma) + [ilog2(VM_RAND_READ)] = "rr", + [ilog2(VM_DONTCOPY)] = "dc", + [ilog2(VM_DONTEXPAND)] = "de", ++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) ++ [ilog2(VM_PAGEEXEC)] = "px", ++#endif + [ilog2(VM_ACCOUNT)] = "ac", + [ilog2(VM_NORESERVE)] = "nr", + [ilog2(VM_HUGETLB)] = "ht", +@@ -620,9 +658,18 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) .private = &mss, }; @@ -84131,7 +84369,7 @@ index ca1e091..a048795 100644 show_map_vma(m, vma, is_pid); -@@ -641,7 +685,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) +@@ -641,7 +688,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) "KernelPageSize: %8lu kB\n" "MMUPageSize: %8lu kB\n" "Locked: %8lu kB\n", @@ -84143,7 +84381,7 @@ index ca1e091..a048795 100644 mss.resident >> 10, (unsigned long)(mss.pss >> (10 + PSS_SHIFT)), mss.shared_clean >> 10, -@@ -1491,6 +1539,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1491,6 +1542,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) char buffer[64]; int nid; @@ -84157,7 +84395,7 @@ index ca1e091..a048795 100644 if (!mm) return 0; -@@ -1505,11 +1560,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1505,11 +1563,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) mpol_to_str(buffer, sizeof(buffer), proc_priv->task_mempolicy); } @@ -104300,6 +104538,20 @@ index 343d922..7959cde 100644 int __rtnl_link_register(struct rtnl_link_ops *ops); void __rtnl_link_unregister(struct rtnl_link_ops *ops); +diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h +index 2738f6f..49dda38 100644 +--- a/include/net/sch_generic.h ++++ b/include/net/sch_generic.h +@@ -61,6 +61,9 @@ struct Qdisc { + */ + #define TCQ_F_WARN_NONWC (1 << 16) + #define TCQ_F_CPUSTATS 0x20 /* run using percpu statistics */ ++#define TCQ_F_NOPARENT 0x40 /* root of its hierarchy : ++ * qdisc_tree_decrease_qlen() should stop. ++ */ + u32 limit; + const struct Qdisc_ops *ops; + struct qdisc_size_table __rcu *stab; diff --git a/include/net/sctp/checksum.h b/include/net/sctp/checksum.h index 4a5b9a3..ca27d73 100644 --- a/include/net/sctp/checksum.h @@ -104643,9 +104895,18 @@ index 334d0d2..a4327ba 100644 struct snd_soc_dai_link_component { const char *name; diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index 17ae2d6..2c06382 100644 +index 17ae2d6..24974e9 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h +@@ -480,7 +480,7 @@ struct se_cmd { + struct kref cmd_kref; + const struct target_core_fabric_ops *se_tfo; + sense_reason_t (*execute_cmd)(struct se_cmd *); +- sense_reason_t (*transport_complete_callback)(struct se_cmd *, bool); ++ sense_reason_t (*transport_complete_callback)(struct se_cmd *, bool, int *); + void *protocol_data; + + unsigned char *t_task_cdb; @@ -751,7 +751,7 @@ struct se_device { atomic_long_t write_bytes; /* Active commands on this virtual SE device */ @@ -121145,7 +121406,7 @@ index 0330ab2..4745d2c 100644 goto err_reg; diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index 728f5b3..dc51cbe 100644 +index 728f5b3..ab3c61c 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -767,7 +767,7 @@ static void tcp_update_pacing_rate(struct sock *sk) @@ -121174,7 +121435,15 @@ index 728f5b3..dc51cbe 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5653,6 +5654,7 @@ discard: +@@ -5620,6 +5621,7 @@ discard: + } + + tp->rcv_nxt = TCP_SKB_CB(skb)->seq + 1; ++ tp->copied_seq = tp->rcv_nxt; + tp->rcv_wup = TCP_SKB_CB(skb)->seq + 1; + + /* RFC1323: The window in SYN & SYN/ACK segments is +@@ -5653,6 +5655,7 @@ discard: goto discard; #endif } @@ -121182,7 +121451,7 @@ index 728f5b3..dc51cbe 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5699,7 +5701,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5699,7 +5702,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -121191,7 +121460,7 @@ index 728f5b3..dc51cbe 100644 goto discard; if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; -@@ -6026,7 +6028,7 @@ struct request_sock *inet_reqsk_alloc(const struct request_sock_ops *ops, +@@ -6026,7 +6029,7 @@ struct request_sock *inet_reqsk_alloc(const struct request_sock_ops *ops, kmemcheck_annotate_bitfield(ireq, flags); ireq->opt = NULL; @@ -124037,8 +124306,92 @@ index f226709..0e735a8 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); +diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c +index f06aa01..1a0aa2a 100644 +--- a/net/sched/sch_api.c ++++ b/net/sched/sch_api.c +@@ -253,7 +253,8 @@ int qdisc_set_default(const char *name) + } + + /* We know handle. Find qdisc among all qdisc's attached to device +- (root qdisc, all its children, children of children etc.) ++ * (root qdisc, all its children, children of children etc.) ++ * Note: caller either uses rtnl or rcu_read_lock() + */ + + static struct Qdisc *qdisc_match_from_root(struct Qdisc *root, u32 handle) +@@ -264,7 +265,7 @@ static struct Qdisc *qdisc_match_from_root(struct Qdisc *root, u32 handle) + root->handle == handle) + return root; + +- list_for_each_entry(q, &root->list, list) { ++ list_for_each_entry_rcu(q, &root->list, list) { + if (q->handle == handle) + return q; + } +@@ -277,15 +278,18 @@ void qdisc_list_add(struct Qdisc *q) + struct Qdisc *root = qdisc_dev(q)->qdisc; + + WARN_ON_ONCE(root == &noop_qdisc); +- list_add_tail(&q->list, &root->list); ++ ASSERT_RTNL(); ++ list_add_tail_rcu(&q->list, &root->list); + } + } + EXPORT_SYMBOL(qdisc_list_add); + + void qdisc_list_del(struct Qdisc *q) + { +- if ((q->parent != TC_H_ROOT) && !(q->flags & TCQ_F_INGRESS)) +- list_del(&q->list); ++ if ((q->parent != TC_H_ROOT) && !(q->flags & TCQ_F_INGRESS)) { ++ ASSERT_RTNL(); ++ list_del_rcu(&q->list); ++ } + } + EXPORT_SYMBOL(qdisc_list_del); + +@@ -750,14 +754,18 @@ void qdisc_tree_decrease_qlen(struct Qdisc *sch, unsigned int n) + if (n == 0) + return; + drops = max_t(int, n, 0); ++ rcu_read_lock(); + while ((parentid = sch->parent)) { + if (TC_H_MAJ(parentid) == TC_H_MAJ(TC_H_INGRESS)) +- return; ++ break; + ++ if (sch->flags & TCQ_F_NOPARENT) ++ break; ++ /* TODO: perform the search on a per txq basis */ + sch = qdisc_lookup(qdisc_dev(sch), TC_H_MAJ(parentid)); + if (sch == NULL) { +- WARN_ON(parentid != TC_H_ROOT); +- return; ++ WARN_ON_ONCE(parentid != TC_H_ROOT); ++ break; + } + cops = sch->ops->cl_ops; + if (cops->qlen_notify) { +@@ -768,6 +776,7 @@ void qdisc_tree_decrease_qlen(struct Qdisc *sch, unsigned int n) + sch->q.qlen -= n; + __qdisc_qstats_drop(sch, drops); + } ++ rcu_read_unlock(); + } + EXPORT_SYMBOL(qdisc_tree_decrease_qlen); + +@@ -941,7 +950,7 @@ qdisc_create(struct net_device *dev, struct netdev_queue *dev_queue, + } + lockdep_set_class(qdisc_lock(sch), &qdisc_tx_lock); + if (!netif_is_multiqueue(dev)) +- sch->flags |= TCQ_F_ONETXQUEUE; ++ sch->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT; + } + + sch->handle = handle; diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c -index 6efca30..1259f82 100644 +index 6efca30..166495a 100644 --- a/net/sched/sch_generic.c +++ b/net/sched/sch_generic.c @@ -349,7 +349,7 @@ void netif_carrier_on(struct net_device *dev) @@ -124059,6 +124412,59 @@ index 6efca30..1259f82 100644 linkwatch_fire_event(dev); } } +@@ -743,7 +743,7 @@ static void attach_one_default_qdisc(struct net_device *dev, + return; + } + if (!netif_is_multiqueue(dev)) +- qdisc->flags |= TCQ_F_ONETXQUEUE; ++ qdisc->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT; + } + dev_queue->qdisc_sleeping = qdisc; + } +diff --git a/net/sched/sch_mq.c b/net/sched/sch_mq.c +index f3cbaec..3e82f04 100644 +--- a/net/sched/sch_mq.c ++++ b/net/sched/sch_mq.c +@@ -63,7 +63,7 @@ static int mq_init(struct Qdisc *sch, struct nlattr *opt) + if (qdisc == NULL) + goto err; + priv->qdiscs[ntx] = qdisc; +- qdisc->flags |= TCQ_F_ONETXQUEUE; ++ qdisc->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT; + } + + sch->flags |= TCQ_F_MQROOT; +@@ -156,7 +156,7 @@ static int mq_graft(struct Qdisc *sch, unsigned long cl, struct Qdisc *new, + + *old = dev_graft_qdisc(dev_queue, new); + if (new) +- new->flags |= TCQ_F_ONETXQUEUE; ++ new->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT; + if (dev->flags & IFF_UP) + dev_activate(dev); + return 0; +diff --git a/net/sched/sch_mqprio.c b/net/sched/sch_mqprio.c +index 3811a74..ad70ecf 100644 +--- a/net/sched/sch_mqprio.c ++++ b/net/sched/sch_mqprio.c +@@ -132,7 +132,7 @@ static int mqprio_init(struct Qdisc *sch, struct nlattr *opt) + goto err; + } + priv->qdiscs[i] = qdisc; +- qdisc->flags |= TCQ_F_ONETXQUEUE; ++ qdisc->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT; + } + + /* If the mqprio options indicate that hardware should own +@@ -209,7 +209,7 @@ static int mqprio_graft(struct Qdisc *sch, unsigned long cl, struct Qdisc *new, + *old = dev_graft_qdisc(dev_queue, new); + + if (new) +- new->flags |= TCQ_F_ONETXQUEUE; ++ new->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT; + + if (dev->flags & IFF_UP) + dev_activate(dev); diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index e917d27..13e2a4c 100644 --- a/net/sctp/ipv6.c @@ -124147,9 +124553,18 @@ index 85e6f03..d41c1ad 100644 sctp_generate_t1_cookie_event, sctp_generate_t1_init_event, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 17bef01..46f1473 100644 +index 17bef01..eaadf73 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c +@@ -972,7 +972,7 @@ static int sctp_setsockopt_bindx(struct sock *sk, + return -EFAULT; + + /* Alloc space for the address array in kernel memory. */ +- kaddrs = kmalloc(addrs_size, GFP_KERNEL); ++ kaddrs = kmalloc(addrs_size, GFP_USER | __GFP_NOWARN); + if (unlikely(!kaddrs)) + return -ENOMEM; + @@ -2194,11 +2194,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, { struct sctp_association *asoc; @@ -124228,6 +124643,38 @@ index 17bef01..46f1473 100644 if (copy_to_user(to, &temp, addrlen)) return -EFAULT; to += addrlen; +@@ -4928,7 +4941,7 @@ static int sctp_getsockopt_local_addrs(struct sock *sk, int len, + to = optval + offsetof(struct sctp_getaddrs, addrs); + space_left = len - offsetof(struct sctp_getaddrs, addrs); + +- addrs = kmalloc(space_left, GFP_KERNEL); ++ addrs = kmalloc(space_left, GFP_USER | __GFP_NOWARN); + if (!addrs) + return -ENOMEM; + +@@ -7375,6 +7388,13 @@ struct proto sctp_prot = { + + #if IS_ENABLED(CONFIG_IPV6) + ++#include <net/transp_v6.h> ++static void sctp_v6_destroy_sock(struct sock *sk) ++{ ++ sctp_destroy_sock(sk); ++ inet6_destroy_sock(sk); ++} ++ + struct proto sctpv6_prot = { + .name = "SCTPv6", + .owner = THIS_MODULE, +@@ -7384,7 +7404,7 @@ struct proto sctpv6_prot = { + .accept = sctp_accept, + .ioctl = sctp_ioctl, + .init = sctp_init_sock, +- .destroy = sctp_destroy_sock, ++ .destroy = sctp_v6_destroy_sock, + .shutdown = sctp_shutdown, + .setsockopt = sctp_setsockopt, + .getsockopt = sctp_getsockopt, diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index 26d50c5..dfae665 100644 --- a/net/sctp/sysctl.c @@ -124936,7 +125383,7 @@ index 350cca3..a108fc5 100644 sub->evt.event = htohl(event, sub->swap); sub->evt.found_lower = htohl(found_lower, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index 94f6582..0883e68 100644 +index 94f6582..5c2e78b 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -420,6 +420,8 @@ static void unix_release_sock(struct sock *sk, int embrion) @@ -125080,7 +125527,67 @@ index 94f6582..0883e68 100644 init_peercred(ska); init_peercred(skb); -@@ -1565,6 +1613,7 @@ restart: +@@ -1432,6 +1480,14 @@ static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool sen + return err; + } + ++static bool unix_passcred_enabled(const struct socket *sock, ++ const struct sock *other) ++{ ++ return test_bit(SOCK_PASSCRED, &sock->flags) || ++ !other->sk_socket || ++ test_bit(SOCK_PASSCRED, &other->sk_socket->flags); ++} ++ + /* + * Some apps rely on write() giving SCM_CREDENTIALS + * We include credentials if source or destination socket +@@ -1442,14 +1498,41 @@ static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock, + { + if (UNIXCB(skb).pid) + return; +- if (test_bit(SOCK_PASSCRED, &sock->flags) || +- !other->sk_socket || +- test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) { ++ if (unix_passcred_enabled(sock, other)) { + UNIXCB(skb).pid = get_pid(task_tgid(current)); + current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid); + } + } + ++static int maybe_init_creds(struct scm_cookie *scm, ++ struct socket *socket, ++ const struct sock *other) ++{ ++ int err; ++ struct msghdr msg = { .msg_controllen = 0 }; ++ ++ err = scm_send(socket, &msg, scm, false); ++ if (err) ++ return err; ++ ++ if (unix_passcred_enabled(socket, other)) { ++ scm->pid = get_pid(task_tgid(current)); ++ current_uid_gid(&scm->creds.uid, &scm->creds.gid); ++ } ++ return err; ++} ++ ++static bool unix_skb_scm_eq(struct sk_buff *skb, ++ struct scm_cookie *scm) ++{ ++ const struct unix_skb_parms *u = &UNIXCB(skb); ++ ++ return u->pid == scm->pid && ++ uid_eq(u->uid, scm->creds.uid) && ++ gid_eq(u->gid, scm->creds.gid) && ++ unix_secdata_eq(scm, skb); ++} ++ + /* + * Send AF_UNIX data. + */ +@@ -1565,6 +1648,7 @@ restart: unix_state_lock(sk); if (unix_peer(sk) == other) { unix_peer(sk) = NULL; @@ -125088,7 +125595,73 @@ index 94f6582..0883e68 100644 unix_state_unlock(sk); unix_dgram_disconnected(sk, other); -@@ -1798,6 +1847,7 @@ alloc_skb: +@@ -1739,8 +1823,10 @@ out_err: + static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page, + int offset, size_t size, int flags) + { +- int err = 0; +- bool send_sigpipe = true; ++ int err; ++ bool send_sigpipe = false; ++ bool init_scm = true; ++ struct scm_cookie scm; + struct sock *other, *sk = socket->sk; + struct sk_buff *skb, *newskb = NULL, *tail = NULL; + +@@ -1758,7 +1844,7 @@ alloc_skb: + newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT, + &err, 0); + if (!newskb) +- return err; ++ goto err; + } + + /* we must acquire readlock as we modify already present +@@ -1767,12 +1853,12 @@ alloc_skb: + err = mutex_lock_interruptible(&unix_sk(other)->readlock); + if (err) { + err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS; +- send_sigpipe = false; + goto err; + } + + if (sk->sk_shutdown & SEND_SHUTDOWN) { + err = -EPIPE; ++ send_sigpipe = true; + goto err_unlock; + } + +@@ -1781,23 +1867,34 @@ alloc_skb: + if (sock_flag(other, SOCK_DEAD) || + other->sk_shutdown & RCV_SHUTDOWN) { + err = -EPIPE; ++ send_sigpipe = true; + goto err_state_unlock; + } + ++ if (init_scm) { ++ err = maybe_init_creds(&scm, socket, other); ++ if (err) ++ goto err_state_unlock; ++ init_scm = false; ++ } ++ + skb = skb_peek_tail(&other->sk_receive_queue); + if (tail && tail == skb) { + skb = newskb; +- } else if (!skb) { +- if (newskb) ++ } else if (!skb || !unix_skb_scm_eq(skb, &scm)) { ++ if (newskb) { + skb = newskb; +- else ++ } else { ++ tail = skb; + goto alloc_skb; ++ } + } else if (newskb) { + /* this is fast path, we don't necessarily need to + * call to kfree_skb even though with newskb == NULL * this - does no harm */ consume_skb(newskb); @@ -125096,12 +125669,15 @@ index 94f6582..0883e68 100644 } if (skb_append_pagefrags(skb, page, offset, size)) { -@@ -1810,8 +1860,11 @@ alloc_skb: +@@ -1810,14 +1907,20 @@ alloc_skb: skb->truesize += size; atomic_add(size, &sk->sk_wmem_alloc); - if (newskb) + if (newskb) { ++ err = unix_scm_to_skb(&scm, skb, false); ++ if (err) ++ goto err_state_unlock; + spin_lock(&other->sk_receive_queue.lock); __skb_queue_tail(&other->sk_receive_queue, newskb); + spin_unlock(&other->sk_receive_queue.lock); @@ -125109,7 +125685,23 @@ index 94f6582..0883e68 100644 unix_state_unlock(other); mutex_unlock(&unix_sk(other)->readlock); -@@ -2071,6 +2124,7 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state) + + other->sk_data_ready(other); +- ++ scm_destroy(&scm); + return size; + + err_state_unlock: +@@ -1828,6 +1931,8 @@ err: + kfree_skb(newskb); + if (send_sigpipe && !(flags & MSG_NOSIGNAL)) + send_sig(SIGPIPE, current, 0); ++ if (!init_scm) ++ scm_destroy(&scm); + return err; + } + +@@ -2071,6 +2176,7 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state) do { int chunk; @@ -125117,7 +125709,19 @@ index 94f6582..0883e68 100644 struct sk_buff *skb, *last; unix_state_lock(sk); -@@ -2151,7 +2205,11 @@ unlock: +@@ -2130,10 +2236,7 @@ unlock: + + if (check_creds) { + /* Never glue messages from different writers */ +- if ((UNIXCB(skb).pid != scm.pid) || +- !uid_eq(UNIXCB(skb).uid, scm.creds.uid) || +- !gid_eq(UNIXCB(skb).gid, scm.creds.gid) || +- !unix_secdata_eq(&scm, skb)) ++ if (!unix_skb_scm_eq(skb, &scm)) + break; + } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { + /* Copy credentials */ +@@ -2151,7 +2254,11 @@ unlock: } chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size); @@ -125129,7 +125733,7 @@ index 94f6582..0883e68 100644 if (chunk < 0) { if (copied == 0) copied = -EFAULT; -@@ -2160,6 +2218,18 @@ unlock: +@@ -2160,6 +2267,18 @@ unlock: copied += chunk; size -= chunk; @@ -125148,7 +125752,7 @@ index 94f6582..0883e68 100644 /* Mark read part of skb as used */ if (!(flags & MSG_PEEK)) { UNIXCB(skb).consumed += chunk; -@@ -2456,7 +2526,6 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock, +@@ -2456,7 +2575,6 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock, other = unix_peer_get(sk); if (other) { if (unix_peer(other) != sk) { @@ -125156,7 +125760,7 @@ index 94f6582..0883e68 100644 if (unix_recvq_full(other)) writable = 0; } -@@ -2556,9 +2625,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2556,9 +2674,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); else { @@ -125171,7 +125775,7 @@ index 94f6582..0883e68 100644 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", s, -@@ -2583,10 +2656,29 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2583,10 +2705,29 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_putc(seq, '@'); i++; } @@ -133195,10 +133799,10 @@ index 0000000..f74d85a +targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data new file mode 100644 -index 0000000..8ce9ec1 +index 0000000..07f2628 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data -@@ -0,0 +1,12422 @@ +@@ -0,0 +1,12424 @@ +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL +disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray @@ -136504,7 +137108,8 @@ index 0000000..8ce9ec1 +disable_so_cir_addr_nvt_dev_17619 cir_addr nvt_dev 0 17619 NULL +disable_so_plink_timeout_mesh_config_17621 plink_timeout mesh_config 0 17621 NULL +disable_so_numaddr_mwl8k_cmd_mac_multicast_adr_17633 numaddr mwl8k_cmd_mac_multicast_adr 0 17633 NULL -+disable_so_addr_nvbios_extdev_func_17635 addr nvbios_extdev_func 0 17635 NULL nohasharray ++enable_so_last_used_idx_vringh_17635 last_used_idx vringh 0 17635 NULL nohasharray ++disable_so_addr_nvbios_extdev_func_17635 addr nvbios_extdev_func 0 17635 &enable_so_last_used_idx_vringh_17635 nohasharray +disable_so_xfs_btree_set_numrecs_fndecl_17635 xfs_btree_set_numrecs fndecl 2 17635 &disable_so_addr_nvbios_extdev_func_17635 +disable_so_pll_clkdiv_adau1701_17652 pll_clkdiv adau1701 0 17652 NULL +disable_so_btree_insert_raw_fndecl_17655 btree_insert_raw fndecl 0-2 17655 NULL @@ -145621,6 +146226,7 @@ index 0000000..8ce9ec1 +enable_so_i_size_lo_ext4_inode_40153 i_size_lo ext4_inode 0 40153 NULL +enable_so_i_size_high_ext4_inode_18545 i_size_high ext4_inode 0 18545 NULL +enable_so_nr_kvm_queued_interrupt_34927 nr kvm_queued_interrupt 0 34927 NULL ++enable_so_last_used_idx_vhost_virtqueue_40059 last_used_idx vhost_virtqueue 0 40059 NULL diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh new file mode 100644 index 0000000..be9724d @@ -146154,10 +146760,10 @@ index 0000000..cc20d48 +#endif diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c new file mode 100644 -index 0000000..3bf5a4e +index 0000000..7d9135d --- /dev/null +++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c -@@ -0,0 +1,1010 @@ +@@ -0,0 +1,1032 @@ +/* + * Copyright 2011-2015 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -147119,7 +147725,7 @@ index 0000000..3bf5a4e + * _141 = -_140; + * _154 = (short unsigned int) _141; + * _155 = (size_overflow_type_SI) _154; -+ * _156 = _154 + _155; ++ * _156 = _154 + _155; // 2x + * _157 = (short unsigned int) _156; + */ +static bool is_short_cast_neg(const_tree rhs) @@ -147145,11 +147751,28 @@ index 0000000..3bf5a4e + return gimple_assign_rhs_code(neg_stmt) == NEGATE_EXPR; +} + ++static bool check_add_stmt(const_tree node) ++{ ++ const_gimple add_stmt; ++ const_tree add_rhs1, add_rhs2; ++ ++ if (node == NULL_TREE) ++ return false; ++ ++ add_stmt = get_def_stmt(node); ++ if (!add_stmt || !is_gimple_assign(add_stmt) || gimple_assign_rhs_code(add_stmt) != PLUS_EXPR) ++ return false; ++ ++ add_rhs1 = gimple_assign_rhs1(add_stmt); ++ add_rhs2 = gimple_assign_rhs2(add_stmt); ++ return is_short_cast_neg(add_rhs1) || is_short_cast_neg(add_rhs2); ++} ++ +bool neg_short_add_intentional_overflow(gassign *unary_stmt) +{ + const_tree rhs1, add_rhs1, add_rhs2, cast_rhs; -+ const_gimple add_stmt; + gimple cast_stmt; ++ const_gimple add_stmt; + + rhs1 = gimple_assign_rhs1(unary_stmt); + @@ -147160,13 +147783,18 @@ index 0000000..3bf5a4e + if (GET_MODE_BITSIZE(TYPE_MODE(TREE_TYPE(cast_rhs))) <= GET_MODE_BITSIZE(TYPE_MODE(TREE_TYPE(rhs1)))) + return false; + ++ // one or two plus expressions ++ if (check_add_stmt(cast_rhs)) ++ return true; ++ + add_stmt = get_def_stmt(cast_rhs); -+ if (!add_stmt || !is_gimple_assign(add_stmt) || gimple_assign_rhs_code(add_stmt) != PLUS_EXPR) ++ if (!add_stmt || !is_gimple_assign(add_stmt)) + return false; -+ + add_rhs1 = gimple_assign_rhs1(add_stmt); ++ if (check_add_stmt(add_rhs1)) ++ return true; + add_rhs2 = gimple_assign_rhs2(add_stmt); -+ return is_short_cast_neg(add_rhs1) || is_short_cast_neg(add_rhs2); ++ return check_add_stmt(add_rhs2); +} diff --git a/tools/gcc/size_overflow_plugin/remove_unnecessary_dup.c b/tools/gcc/size_overflow_plugin/remove_unnecessary_dup.c new file mode 100644 @@ -147842,10 +148470,10 @@ index 0000000..fc58e16 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..2d4a6ed +index 0000000..a907202 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,20735 @@ +@@ -0,0 +1,20733 @@ +enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL +enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL +enable_so_size_ttm_mem_reg_8 size ttm_mem_reg 0 8 NULL @@ -153340,7 +153968,6 @@ index 0000000..2d4a6ed +enable_so_min_alloc_order_gen_pool_17628 min_alloc_order gen_pool 0 17628 NULL +enable_so_num_peri_pl330_config_17630 num_peri pl330_config 0 17630 NULL +enable_so_ctxts_extrabuf_qib_devdata_17634 ctxts_extrabuf qib_devdata 0 17634 NULL -+enable_so_last_used_idx_vringh_17635 last_used_idx vringh 0 17635 NULL +enable_so_video_linelength_sis_video_info_17642 video_linelength sis_video_info 0 17642 NULL +enable_so_wl12xx_sdio_raw_read_fndecl_17648 wl12xx_sdio_raw_read fndecl 4 17648 NULL +enable_so_buf_len_ceph_none_authorizer_17652 buf_len ceph_none_authorizer 0 17652 NULL nohasharray @@ -160564,7 +161191,6 @@ index 0000000..2d4a6ed +enable_so_memdiff_vardecl_tridentfb_c_40043 memdiff vardecl_tridentfb.c 0 40043 NULL nohasharray +enable_so_read_partial_fndecl_40043 read_partial fndecl 2 40043 &enable_so_memdiff_vardecl_tridentfb_c_40043 +enable_so_add_nested_action_start_fndecl_40044 add_nested_action_start fndecl 0 40044 NULL -+enable_so_last_used_idx_vhost_virtqueue_40059 last_used_idx vhost_virtqueue 0 40059 NULL +enable_so_SyS_listxattr_fndecl_40060 SyS_listxattr fndecl 3 40060 NULL +enable_so_smp_execute_task_fndecl_40062 smp_execute_task fndecl 3-5-0 40062 NULL nohasharray +enable_so_iwl_dbgfs_disable_power_off_read_fndecl_40062 iwl_dbgfs_disable_power_off_read fndecl 3 40062 &enable_so_smp_execute_task_fndecl_40062 @@ -170424,7 +171050,7 @@ index 0000000..6075e8f + diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c new file mode 100644 -index 0000000..29a5c26 +index 0000000..f1cc040 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c @@ -0,0 +1,318 @@ @@ -170459,7 +171085,7 @@ index 0000000..29a5c26 +tree size_overflow_type_TI; + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20151128", ++ .version = "20151201", + .help = "no-size-overflow\tturn off size overflow checking\n", +}; + |